extern "C" {
#endif
-#define NTKERNELAPI DECLSPEC_IMPORT
+#if !defined(_NTHALDLL_) && !defined(_BLDR_)
#define NTHALAPI DECLSPEC_IMPORT
+#else
+#define NTHALAPI
+#endif
+
+/* For ReactOS */
+#if !defined(_NTOSKRNL_) && !defined(_BLDR_)
+#define NTKERNELAPI DECLSPEC_IMPORT
+#else
+#define NTKERNELAPI
+#endif
+/* Dependencies */
#include <ntddk.h>
#include <excpt.h>
#include <ntdef.h>
#include <ntnls.h>
#include <ntstatus.h>
#include <bugcodes.h>
-#include <ntiologc.h>
+/* FIXME : #include <ntiologc.h> */
#ifndef FlagOn
#define FlagOn(_F,_SF) ((_F) & (_SF))
#define ClearFlag(_F,_SF) ((_F) &= ~(_SF))
#endif
-typedef struct _BUS_HANDLER *PBUS_HANDLER;
-typedef struct _CALLBACK_OBJECT *PCALLBACK_OBJECT;
-typedef struct _DEVICE_HANDLER_OBJECT *PDEVICE_HANDLER_OBJECT;
-typedef struct _IO_TIMER *PIO_TIMER;
-typedef struct _KINTERRUPT *PKINTERRUPT;
-typedef struct _KPROCESS *PKPROCESS ,*PRKPROCESS, *PEPROCESS;
-typedef struct _KTHREAD *PKTHREAD, *PRKTHREAD, *PETHREAD;
-typedef struct _OBJECT_TYPE *POBJECT_TYPE;
-typedef struct _PEB *PPEB;
-typedef struct _ACL *PACL;
-
#define PsGetCurrentProcess IoGetCurrentProcess
#if (NTDDI_VERSION >= NTDDI_VISTA)
ULONG Dacl;
} SECURITY_DESCRIPTOR_RELATIVE, *PISECURITY_DESCRIPTOR_RELATIVE;
-#pragma pack(push,4)
+typedef struct _SECURITY_DESCRIPTOR {
+ UCHAR Revision;
+ UCHAR Sbz1;
+ SECURITY_DESCRIPTOR_CONTROL Control;
+ PSID Owner;
+ PSID Group;
+ PACL Sacl;
+ PACL Dacl;
+} SECURITY_DESCRIPTOR, *PISECURITY_DESCRIPTOR;
-#ifndef VER_PRODUCTBUILD
-#define VER_PRODUCTBUILD 10000
-#endif
+typedef struct _OBJECT_TYPE_LIST {
+ USHORT Level;
+ USHORT Sbz;
+ GUID *ObjectType;
+} OBJECT_TYPE_LIST, *POBJECT_TYPE_LIST;
+
+#define ACCESS_OBJECT_GUID 0
+#define ACCESS_PROPERTY_SET_GUID 1
+#define ACCESS_PROPERTY_GUID 2
+#define ACCESS_MAX_LEVEL 4
+
+typedef enum _AUDIT_EVENT_TYPE {
+ AuditEventObjectAccess,
+ AuditEventDirectoryServiceAccess
+} AUDIT_EVENT_TYPE, *PAUDIT_EVENT_TYPE;
-#define EX_PUSH_LOCK ULONG_PTR
-#define PEX_PUSH_LOCK PULONG_PTR
+#define AUDIT_ALLOW_NO_PRIVILEGE 0x1
-#include "csq.h"
+#define ACCESS_DS_SOURCE_A "DS"
+#define ACCESS_DS_SOURCE_W L"DS"
+#define ACCESS_DS_OBJECT_TYPE_NAME_A "Directory Service Object"
+#define ACCESS_DS_OBJECT_TYPE_NAME_W L"Directory Service Object"
+
+#define ACCESS_REASON_TYPE_MASK 0xffff0000
+#define ACCESS_REASON_DATA_MASK 0x0000ffff
+
+typedef enum _ACCESS_REASON_TYPE {
+ AccessReasonNone = 0x00000000,
+ AccessReasonAllowedAce = 0x00010000,
+ AccessReasonDeniedAce = 0x00020000,
+ AccessReasonAllowedParentAce = 0x00030000,
+ AccessReasonDeniedParentAce = 0x00040000,
+ AccessReasonMissingPrivilege = 0x00100000,
+ AccessReasonFromPrivilege = 0x00200000,
+ AccessReasonIntegrityLevel = 0x00300000,
+ AccessReasonOwnership = 0x00400000,
+ AccessReasonNullDacl = 0x00500000,
+ AccessReasonEmptyDacl = 0x00600000,
+ AccessReasonNoSD = 0x00700000,
+ AccessReasonNoGrant = 0x00800000
+} ACCESS_REASON_TYPE;
+
+typedef ULONG ACCESS_REASON;
+
+typedef struct _ACCESS_REASONS {
+ ACCESS_REASON Data[32];
+} ACCESS_REASONS, *PACCESS_REASONS;
+
+#define SE_SECURITY_DESCRIPTOR_FLAG_NO_OWNER_ACE 0x00000001
+#define SE_SECURITY_DESCRIPTOR_FLAG_NO_LABEL_ACE 0x00000002
+#define SE_SECURITY_DESCRIPTOR_VALID_FLAGS 0x00000003
+
+typedef struct _SE_SECURITY_DESCRIPTOR {
+ ULONG Size;
+ ULONG Flags;
+ PSECURITY_DESCRIPTOR SecurityDescriptor;
+} SE_SECURITY_DESCRIPTOR, *PSE_SECURITY_DESCRIPTOR;
+
+typedef struct _SE_ACCESS_REQUEST {
+ ULONG Size;
+ PSE_SECURITY_DESCRIPTOR SeSecurityDescriptor;
+ ACCESS_MASK DesiredAccess;
+ ACCESS_MASK PreviouslyGrantedAccess;
+ PSID PrincipalSelfSid;
+ PGENERIC_MAPPING GenericMapping;
+ ULONG ObjectTypeListCount;
+ POBJECT_TYPE_LIST ObjectTypeList;
+} SE_ACCESS_REQUEST, *PSE_ACCESS_REQUEST;
+
+typedef struct _SE_ACCESS_REPLY {
+ ULONG Size;
+ ULONG ResultListCount;
+ PACCESS_MASK GrantedAccess;
+ PNTSTATUS AccessStatus;
+ PACCESS_REASONS AccessReason;
+ PPRIVILEGE_SET* Privileges;
+} SE_ACCESS_REPLY, *PSE_ACCESS_REPLY;
+
+typedef enum _SE_AUDIT_OPERATION {
+ AuditPrivilegeObject,
+ AuditPrivilegeService,
+ AuditAccessCheck,
+ AuditOpenObject,
+ AuditOpenObjectWithTransaction,
+ AuditCloseObject,
+ AuditDeleteObject,
+ AuditOpenObjectForDelete,
+ AuditOpenObjectForDeleteWithTransaction,
+ AuditCloseNonObject,
+ AuditOpenNonObject,
+ AuditObjectReference,
+ AuditHandleCreation,
+} SE_AUDIT_OPERATION, *PSE_AUDIT_OPERATION;
+
+typedef struct _SE_AUDIT_INFO {
+ ULONG Size;
+ AUDIT_EVENT_TYPE AuditType;
+ SE_AUDIT_OPERATION AuditOperation;
+ ULONG AuditFlags;
+ UNICODE_STRING SubsystemName;
+ UNICODE_STRING ObjectTypeName;
+ UNICODE_STRING ObjectName;
+ PVOID HandleId;
+ GUID* TransactionId;
+ LUID* OperationId;
+ BOOLEAN ObjectCreation;
+ BOOLEAN GenerateOnClose;
+} SE_AUDIT_INFO, *PSE_AUDIT_INFO;
-#ifdef _NTOSKRNL_
-extern PUCHAR FsRtlLegalAnsiCharacterArray;
+#define TOKEN_ASSIGN_PRIMARY (0x0001)
+#define TOKEN_DUPLICATE (0x0002)
+#define TOKEN_IMPERSONATE (0x0004)
+#define TOKEN_QUERY (0x0008)
+#define TOKEN_QUERY_SOURCE (0x0010)
+#define TOKEN_ADJUST_PRIVILEGES (0x0020)
+#define TOKEN_ADJUST_GROUPS (0x0040)
+#define TOKEN_ADJUST_DEFAULT (0x0080)
+#define TOKEN_ADJUST_SESSIONID (0x0100)
+
+#define TOKEN_ALL_ACCESS_P (STANDARD_RIGHTS_REQUIRED |\
+ TOKEN_ASSIGN_PRIMARY |\
+ TOKEN_DUPLICATE |\
+ TOKEN_IMPERSONATE |\
+ TOKEN_QUERY |\
+ TOKEN_QUERY_SOURCE |\
+ TOKEN_ADJUST_PRIVILEGES |\
+ TOKEN_ADJUST_GROUPS |\
+ TOKEN_ADJUST_DEFAULT )
+
+#if ((defined(_WIN32_WINNT) && (_WIN32_WINNT > 0x0400)) || (!defined(_WIN32_WINNT)))
+#define TOKEN_ALL_ACCESS (TOKEN_ALL_ACCESS_P |\
+ TOKEN_ADJUST_SESSIONID )
#else
-extern DECLSPEC_IMPORT PUCHAR FsRtlLegalAnsiCharacterArray;
+#define TOKEN_ALL_ACCESS (TOKEN_ALL_ACCESS_P)
#endif
-extern PACL SePublicDefaultDacl;
-extern PACL SeSystemDefaultDacl;
-
-extern KSPIN_LOCK IoStatisticsLock;
-extern ULONG IoReadOperationCount;
-extern ULONG IoWriteOperationCount;
-extern ULONG IoOtherOperationCount;
-extern LARGE_INTEGER IoReadTransferCount;
-extern LARGE_INTEGER IoWriteTransferCount;
-extern LARGE_INTEGER IoOtherTransferCount;
-
-typedef ULONG LSA_OPERATIONAL_MODE, *PLSA_OPERATIONAL_MODE;
-typedef enum _SECURITY_LOGON_TYPE
-{
- UndefinedLogonType = 0,
- Interactive = 2,
- Network,
- Batch,
- Service,
- Proxy,
- Unlock,
- NetworkCleartext,
- NewCredentials,
-#if (_WIN32_WINNT >= 0x0501)
- RemoteInteractive,
- CachedInteractive,
-#endif
-#if (_WIN32_WINNT >= 0x0502)
- CachedRemoteInteractive,
- CachedUnlock
-#endif
-} SECURITY_LOGON_TYPE, *PSECURITY_LOGON_TYPE;
+#define TOKEN_READ (STANDARD_RIGHTS_READ |\
+ TOKEN_QUERY)
-#define ANSI_DOS_STAR ('<')
-#define ANSI_DOS_QM ('>')
-#define ANSI_DOS_DOT ('"')
+#define TOKEN_WRITE (STANDARD_RIGHTS_WRITE |\
+ TOKEN_ADJUST_PRIVILEGES |\
+ TOKEN_ADJUST_GROUPS |\
+ TOKEN_ADJUST_DEFAULT)
-#define DOS_STAR (L'<')
-#define DOS_QM (L'>')
-#define DOS_DOT (L'"')
+#define TOKEN_EXECUTE (STANDARD_RIGHTS_EXECUTE)
-#define COMPRESSION_FORMAT_NONE (0x0000)
-#define COMPRESSION_FORMAT_DEFAULT (0x0001)
-#define COMPRESSION_FORMAT_LZNT1 (0x0002)
-#define COMPRESSION_ENGINE_STANDARD (0x0000)
-#define COMPRESSION_ENGINE_MAXIMUM (0x0100)
-#define COMPRESSION_ENGINE_HIBER (0x0200)
+typedef enum _TOKEN_TYPE {
+ TokenPrimary = 1,
+ TokenImpersonation
+} TOKEN_TYPE,*PTOKEN_TYPE;
-#define FILE_ACTION_ADDED 0x00000001
-#define FILE_ACTION_REMOVED 0x00000002
-#define FILE_ACTION_MODIFIED 0x00000003
-#define FILE_ACTION_RENAMED_OLD_NAME 0x00000004
-#define FILE_ACTION_RENAMED_NEW_NAME 0x00000005
-#define FILE_ACTION_ADDED_STREAM 0x00000006
-#define FILE_ACTION_REMOVED_STREAM 0x00000007
-#define FILE_ACTION_MODIFIED_STREAM 0x00000008
-#define FILE_ACTION_REMOVED_BY_DELETE 0x00000009
-#define FILE_ACTION_ID_NOT_TUNNELLED 0x0000000A
-#define FILE_ACTION_TUNNELLED_ID_COLLISION 0x0000000B
-/* end winnt.h */
+typedef enum _TOKEN_INFORMATION_CLASS {
+ TokenUser = 1,
+ TokenGroups,
+ TokenPrivileges,
+ TokenOwner,
+ TokenPrimaryGroup,
+ TokenDefaultDacl,
+ TokenSource,
+ TokenType,
+ TokenImpersonationLevel,
+ TokenStatistics,
+ TokenRestrictedSids,
+ TokenSessionId,
+ TokenGroupsAndPrivileges,
+ TokenSessionReference,
+ TokenSandBoxInert,
+ TokenAuditPolicy,
+ TokenOrigin,
+ TokenElevationType,
+ TokenLinkedToken,
+ TokenElevation,
+ TokenHasRestrictions,
+ TokenAccessInformation,
+ TokenVirtualizationAllowed,
+ TokenVirtualizationEnabled,
+ TokenIntegrityLevel,
+ TokenUIAccess,
+ TokenMandatoryPolicy,
+ TokenLogonSid,
+ MaxTokenInfoClass
+} TOKEN_INFORMATION_CLASS, *PTOKEN_INFORMATION_CLASS;
-#define FILE_EA_TYPE_BINARY 0xfffe
-#define FILE_EA_TYPE_ASCII 0xfffd
-#define FILE_EA_TYPE_BITMAP 0xfffb
-#define FILE_EA_TYPE_METAFILE 0xfffa
-#define FILE_EA_TYPE_ICON 0xfff9
-#define FILE_EA_TYPE_EA 0xffee
-#define FILE_EA_TYPE_MVMT 0xffdf
-#define FILE_EA_TYPE_MVST 0xffde
-#define FILE_EA_TYPE_ASN1 0xffdd
-#define FILE_EA_TYPE_FAMILY_IDS 0xff01
+typedef struct _TOKEN_USER {
+ SID_AND_ATTRIBUTES User;
+} TOKEN_USER, *PTOKEN_USER;
-#define FILE_NEED_EA 0x00000080
+typedef struct _TOKEN_GROUPS {
+ ULONG GroupCount;
+ SID_AND_ATTRIBUTES Groups[ANYSIZE_ARRAY];
+} TOKEN_GROUPS,*PTOKEN_GROUPS,*LPTOKEN_GROUPS;
-/* also in winnt.h */
-#define FILE_NOTIFY_CHANGE_FILE_NAME 0x00000001
-#define FILE_NOTIFY_CHANGE_DIR_NAME 0x00000002
-#define FILE_NOTIFY_CHANGE_NAME 0x00000003
-#define FILE_NOTIFY_CHANGE_ATTRIBUTES 0x00000004
-#define FILE_NOTIFY_CHANGE_SIZE 0x00000008
-#define FILE_NOTIFY_CHANGE_LAST_WRITE 0x00000010
-#define FILE_NOTIFY_CHANGE_LAST_ACCESS 0x00000020
-#define FILE_NOTIFY_CHANGE_CREATION 0x00000040
-#define FILE_NOTIFY_CHANGE_EA 0x00000080
-#define FILE_NOTIFY_CHANGE_SECURITY 0x00000100
-#define FILE_NOTIFY_CHANGE_STREAM_NAME 0x00000200
-#define FILE_NOTIFY_CHANGE_STREAM_SIZE 0x00000400
-#define FILE_NOTIFY_CHANGE_STREAM_WRITE 0x00000800
-#define FILE_NOTIFY_VALID_MASK 0x00000fff
-/* end winnt.h */
+typedef struct _TOKEN_PRIVILEGES {
+ ULONG PrivilegeCount;
+ LUID_AND_ATTRIBUTES Privileges[ANYSIZE_ARRAY];
+} TOKEN_PRIVILEGES,*PTOKEN_PRIVILEGES,*LPTOKEN_PRIVILEGES;
-#define FILE_OPLOCK_BROKEN_TO_LEVEL_2 0x00000007
-#define FILE_OPLOCK_BROKEN_TO_NONE 0x00000008
+typedef struct _TOKEN_OWNER {
+ PSID Owner;
+} TOKEN_OWNER,*PTOKEN_OWNER;
-#define FILE_OPBATCH_BREAK_UNDERWAY 0x00000009
+typedef struct _TOKEN_PRIMARY_GROUP {
+ PSID PrimaryGroup;
+} TOKEN_PRIMARY_GROUP,*PTOKEN_PRIMARY_GROUP;
-#define FILE_CASE_SENSITIVE_SEARCH 0x00000001
-#define FILE_CASE_PRESERVED_NAMES 0x00000002
-#define FILE_UNICODE_ON_DISK 0x00000004
-#define FILE_PERSISTENT_ACLS 0x00000008
-#define FILE_FILE_COMPRESSION 0x00000010
-#define FILE_VOLUME_QUOTAS 0x00000020
-#define FILE_SUPPORTS_SPARSE_FILES 0x00000040
-#define FILE_SUPPORTS_REPARSE_POINTS 0x00000080
-#define FILE_SUPPORTS_REMOTE_STORAGE 0x00000100
-#define FS_LFN_APIS 0x00004000
-#define FILE_VOLUME_IS_COMPRESSED 0x00008000
-#define FILE_SUPPORTS_OBJECT_IDS 0x00010000
-#define FILE_SUPPORTS_ENCRYPTION 0x00020000
-#define FILE_NAMED_STREAMS 0x00040000
-#define FILE_READ_ONLY_VOLUME 0x00080000
-#define FILE_SEQUENTIAL_WRITE_ONCE 0x00100000
-#define FILE_SUPPORTS_TRANSACTIONS 0x00200000
-
-#define FILE_PIPE_BYTE_STREAM_TYPE 0x00000000
-#define FILE_PIPE_MESSAGE_TYPE 0x00000001
+typedef struct _TOKEN_DEFAULT_DACL {
+ PACL DefaultDacl;
+} TOKEN_DEFAULT_DACL,*PTOKEN_DEFAULT_DACL;
-#define FILE_PIPE_BYTE_STREAM_MODE 0x00000000
-#define FILE_PIPE_MESSAGE_MODE 0x00000001
+typedef struct _TOKEN_GROUPS_AND_PRIVILEGES {
+ ULONG SidCount;
+ ULONG SidLength;
+ PSID_AND_ATTRIBUTES Sids;
+ ULONG RestrictedSidCount;
+ ULONG RestrictedSidLength;
+ PSID_AND_ATTRIBUTES RestrictedSids;
+ ULONG PrivilegeCount;
+ ULONG PrivilegeLength;
+ PLUID_AND_ATTRIBUTES Privileges;
+ LUID AuthenticationId;
+} TOKEN_GROUPS_AND_PRIVILEGES, *PTOKEN_GROUPS_AND_PRIVILEGES;
-#define FILE_PIPE_QUEUE_OPERATION 0x00000000
-#define FILE_PIPE_COMPLETE_OPERATION 0x00000001
+typedef struct _TOKEN_LINKED_TOKEN {
+ HANDLE LinkedToken;
+} TOKEN_LINKED_TOKEN, *PTOKEN_LINKED_TOKEN;
-#define FILE_PIPE_INBOUND 0x00000000
-#define FILE_PIPE_OUTBOUND 0x00000001
-#define FILE_PIPE_FULL_DUPLEX 0x00000002
+typedef struct _TOKEN_ELEVATION {
+ ULONG TokenIsElevated;
+} TOKEN_ELEVATION, *PTOKEN_ELEVATION;
-#define FILE_PIPE_DISCONNECTED_STATE 0x00000001
-#define FILE_PIPE_LISTENING_STATE 0x00000002
-#define FILE_PIPE_CONNECTED_STATE 0x00000003
-#define FILE_PIPE_CLOSING_STATE 0x00000004
+typedef struct _TOKEN_MANDATORY_LABEL {
+ SID_AND_ATTRIBUTES Label;
+} TOKEN_MANDATORY_LABEL, *PTOKEN_MANDATORY_LABEL;
-#define FILE_PIPE_CLIENT_END 0x00000000
-#define FILE_PIPE_SERVER_END 0x00000001
+#define TOKEN_MANDATORY_POLICY_OFF 0x0
+#define TOKEN_MANDATORY_POLICY_NO_WRITE_UP 0x1
+#define TOKEN_MANDATORY_POLICY_NEW_PROCESS_MIN 0x2
-#define FILE_PIPE_READ_DATA 0x00000000
-#define FILE_PIPE_WRITE_SPACE 0x00000001
+#define TOKEN_MANDATORY_POLICY_VALID_MASK (TOKEN_MANDATORY_POLICY_NO_WRITE_UP | \
+ TOKEN_MANDATORY_POLICY_NEW_PROCESS_MIN)
-#define FILE_STORAGE_TYPE_SPECIFIED 0x00000041 /* FILE_DIRECTORY_FILE | FILE_NON_DIRECTORY_FILE */
-#define FILE_STORAGE_TYPE_DEFAULT (StorageTypeDefault << FILE_STORAGE_TYPE_SHIFT)
-#define FILE_STORAGE_TYPE_DIRECTORY (StorageTypeDirectory << FILE_STORAGE_TYPE_SHIFT)
-#define FILE_STORAGE_TYPE_FILE (StorageTypeFile << FILE_STORAGE_TYPE_SHIFT)
-#define FILE_STORAGE_TYPE_DOCFILE (StorageTypeDocfile << FILE_STORAGE_TYPE_SHIFT)
-#define FILE_STORAGE_TYPE_JUNCTION_POINT (StorageTypeJunctionPoint << FILE_STORAGE_TYPE_SHIFT)
-#define FILE_STORAGE_TYPE_CATALOG (StorageTypeCatalog << FILE_STORAGE_TYPE_SHIFT)
-#define FILE_STORAGE_TYPE_STRUCTURED_STORAGE (StorageTypeStructuredStorage << FILE_STORAGE_TYPE_SHIFT)
-#define FILE_STORAGE_TYPE_EMBEDDING (StorageTypeEmbedding << FILE_STORAGE_TYPE_SHIFT)
-#define FILE_STORAGE_TYPE_STREAM (StorageTypeStream << FILE_STORAGE_TYPE_SHIFT)
-#define FILE_MINIMUM_STORAGE_TYPE FILE_STORAGE_TYPE_DEFAULT
-#define FILE_MAXIMUM_STORAGE_TYPE FILE_STORAGE_TYPE_STREAM
-#define FILE_STORAGE_TYPE_MASK 0x000f0000
-#define FILE_STORAGE_TYPE_SHIFT 16
+typedef struct _TOKEN_MANDATORY_POLICY {
+ ULONG Policy;
+} TOKEN_MANDATORY_POLICY, *PTOKEN_MANDATORY_POLICY;
-#define FILE_VC_QUOTA_NONE 0x00000000
-#define FILE_VC_QUOTA_TRACK 0x00000001
-#define FILE_VC_QUOTA_ENFORCE 0x00000002
-#define FILE_VC_QUOTA_MASK 0x00000003
+typedef struct _TOKEN_ACCESS_INFORMATION {
+ PSID_AND_ATTRIBUTES_HASH SidHash;
+ PSID_AND_ATTRIBUTES_HASH RestrictedSidHash;
+ PTOKEN_PRIVILEGES Privileges;
+ LUID AuthenticationId;
+ TOKEN_TYPE TokenType;
+ SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
+ TOKEN_MANDATORY_POLICY MandatoryPolicy;
+ ULONG Flags;
+} TOKEN_ACCESS_INFORMATION, *PTOKEN_ACCESS_INFORMATION;
-#define FILE_VC_QUOTAS_LOG_VIOLATIONS 0x00000004
-#define FILE_VC_CONTENT_INDEX_DISABLED 0x00000008
+#define POLICY_AUDIT_SUBCATEGORY_COUNT (53)
-#define FILE_VC_LOG_QUOTA_THRESHOLD 0x00000010
-#define FILE_VC_LOG_QUOTA_LIMIT 0x00000020
-#define FILE_VC_LOG_VOLUME_THRESHOLD 0x00000040
-#define FILE_VC_LOG_VOLUME_LIMIT 0x00000080
+typedef struct _TOKEN_AUDIT_POLICY {
+ UCHAR PerUserPolicy[((POLICY_AUDIT_SUBCATEGORY_COUNT) >> 1) + 1];
+} TOKEN_AUDIT_POLICY, *PTOKEN_AUDIT_POLICY;
-#define FILE_VC_QUOTAS_INCOMPLETE 0x00000100
-#define FILE_VC_QUOTAS_REBUILDING 0x00000200
+#define TOKEN_SOURCE_LENGTH 8
-#define FILE_VC_VALID_MASK 0x000003ff
+typedef struct _TOKEN_SOURCE {
+ CHAR SourceName[TOKEN_SOURCE_LENGTH];
+ LUID SourceIdentifier;
+} TOKEN_SOURCE,*PTOKEN_SOURCE;
-#define FSRTL_FLAG_FILE_MODIFIED (0x01)
-#define FSRTL_FLAG_FILE_LENGTH_CHANGED (0x02)
-#define FSRTL_FLAG_LIMIT_MODIFIED_PAGES (0x04)
-#define FSRTL_FLAG_ACQUIRE_MAIN_RSRC_EX (0x08)
-#define FSRTL_FLAG_ACQUIRE_MAIN_RSRC_SH (0x10)
-#define FSRTL_FLAG_USER_MAPPED_FILE (0x20)
-#define FSRTL_FLAG_ADVANCED_HEADER (0x40)
-#define FSRTL_FLAG_EOF_ADVANCE_ACTIVE (0x80)
+typedef struct _TOKEN_STATISTICS {
+ LUID TokenId;
+ LUID AuthenticationId;
+ LARGE_INTEGER ExpirationTime;
+ TOKEN_TYPE TokenType;
+ SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
+ ULONG DynamicCharged;
+ ULONG DynamicAvailable;
+ ULONG GroupCount;
+ ULONG PrivilegeCount;
+ LUID ModifiedId;
+} TOKEN_STATISTICS, *PTOKEN_STATISTICS;
-#define FSRTL_FLAG2_DO_MODIFIED_WRITE (0x01)
-#define FSRTL_FLAG2_SUPPORTS_FILTER_CONTEXTS (0x02)
-#define FSRTL_FLAG2_PURGE_WHEN_MAPPED (0x04)
-#define FSRTL_FLAG2_IS_PAGING_FILE (0x08)
+typedef struct _TOKEN_CONTROL {
+ LUID TokenId;
+ LUID AuthenticationId;
+ LUID ModifiedId;
+ TOKEN_SOURCE TokenSource;
+} TOKEN_CONTROL,*PTOKEN_CONTROL;
-#define FSRTL_FSP_TOP_LEVEL_IRP (0x01)
-#define FSRTL_CACHE_TOP_LEVEL_IRP (0x02)
-#define FSRTL_MOD_WRITE_TOP_LEVEL_IRP (0x03)
-#define FSRTL_FAST_IO_TOP_LEVEL_IRP (0x04)
-#define FSRTL_MAX_TOP_LEVEL_IRP_FLAG (0x04)
+typedef struct _TOKEN_ORIGIN {
+ LUID OriginatingLogonSession;
+} TOKEN_ORIGIN, *PTOKEN_ORIGIN;
-#define FSRTL_VOLUME_DISMOUNT 1
-#define FSRTL_VOLUME_DISMOUNT_FAILED 2
-#define FSRTL_VOLUME_LOCK 3
-#define FSRTL_VOLUME_LOCK_FAILED 4
-#define FSRTL_VOLUME_UNLOCK 5
-#define FSRTL_VOLUME_MOUNT 6
+typedef enum _MANDATORY_LEVEL {
+ MandatoryLevelUntrusted = 0,
+ MandatoryLevelLow,
+ MandatoryLevelMedium,
+ MandatoryLevelHigh,
+ MandatoryLevelSystem,
+ MandatoryLevelSecureProcess,
+ MandatoryLevelCount
+} MANDATORY_LEVEL, *PMANDATORY_LEVEL;
+
+typedef enum _OBJECT_INFORMATION_CLASS {
+ ObjectBasicInformation = 0,
+ ObjectNameInformation = 1, /* FIXME, not in WDK */
+ ObjectTypeInformation = 2,
+ ObjectTypesInformation = 3, /* FIXME, not in WDK */
+ ObjectHandleFlagInformation = 4, /* FIXME, not in WDK */
+ ObjectSessionInformation = 5, /* FIXME, not in WDK */
+ MaxObjectInfoClass /* FIXME, not in WDK */
+} OBJECT_INFORMATION_CLASS;
-#define FSRTL_WILD_CHARACTER 0x08
+#if (NTDDI_VERSION >= NTDDI_NT4)
-#define FSRTL_FAT_LEGAL 0x01
-#define FSRTL_HPFS_LEGAL 0x02
-#define FSRTL_NTFS_LEGAL 0x04
-#define FSRTL_WILD_CHARACTER 0x08
-#define FSRTL_OLE_LEGAL 0x10
-#define FSRTL_NTFS_STREAM_LEGAL 0x14
+NTSYSCALLAPI
+NTSTATUS
+NTAPI
+NtQueryObject(
+ IN HANDLE Handle OPTIONAL,
+ IN OBJECT_INFORMATION_CLASS ObjectInformationClass,
+ OUT PVOID ObjectInformation OPTIONAL,
+ IN ULONG ObjectInformationLength,
+ OUT PULONG ReturnLength OPTIONAL);
-#ifdef _X86_
-#define HARDWARE_PTE HARDWARE_PTE_X86
-#define PHARDWARE_PTE PHARDWARE_PTE_X86
#endif
-#define IO_CHECK_CREATE_PARAMETERS 0x0200
-#define IO_ATTACH_DEVICE 0x0400
-
-#define IO_ATTACH_DEVICE_API 0x80000000
-
-#define IO_FILE_OBJECT_NON_PAGED_POOL_CHARGE 64
-#define IO_FILE_OBJECT_PAGED_POOL_CHARGE 1024
-
-#define IO_TYPE_APC 18
-#define IO_TYPE_DPC 19
-#define IO_TYPE_DEVICE_QUEUE 20
-#define IO_TYPE_EVENT_PAIR 21
-#define IO_TYPE_INTERRUPT 22
-#define IO_TYPE_PROFILE 23
+#if (NTDDI_VERSION >= NTDDI_WIN2K)
-#define IRP_BEING_VERIFIED 0x10
+NTSYSCALLAPI
+NTSTATUS
+NTAPI
+NtOpenThreadToken(
+ IN HANDLE ThreadHandle,
+ IN ACCESS_MASK DesiredAccess,
+ IN BOOLEAN OpenAsSelf,
+ OUT PHANDLE TokenHandle);
-#define MAILSLOT_CLASS_FIRSTCLASS 1
-#define MAILSLOT_CLASS_SECONDCLASS 2
+NTSYSCALLAPI
+NTSTATUS
+NTAPI
+NtOpenProcessToken(
+ IN HANDLE ProcessHandle,
+ IN ACCESS_MASK DesiredAccess,
+ OUT PHANDLE TokenHandle);
-#define MAILSLOT_SIZE_AUTO 0
+NTSYSCALLAPI
+NTSTATUS
+NTAPI
+NtQueryInformationToken(
+ IN HANDLE TokenHandle,
+ IN TOKEN_INFORMATION_CLASS TokenInformationClass,
+ OUT PVOID TokenInformation OPTIONAL,
+ IN ULONG TokenInformationLength,
+ OUT PULONG ReturnLength);
-#define MEM_DOS_LIM 0x40000000
+NTSYSCALLAPI
+NTSTATUS
+NTAPI
+NtAdjustPrivilegesToken(
+ IN HANDLE TokenHandle,
+ IN BOOLEAN DisableAllPrivileges,
+ IN PTOKEN_PRIVILEGES NewState OPTIONAL,
+ IN ULONG BufferLength,
+ OUT PTOKEN_PRIVILEGES PreviousState,
+ OUT PULONG ReturnLength OPTIONAL);
-#define MCB_FLAG_RAISE_ON_ALLOCATION_FAILURE 1
+NTSYSCALLAPI
+NTSTATUS
+NTAPI
+NtCreateFile(
+ OUT PHANDLE FileHandle,
+ IN ACCESS_MASK DesiredAccess,
+ IN POBJECT_ATTRIBUTES ObjectAttributes,
+ OUT PIO_STATUS_BLOCK IoStatusBlock,
+ IN PLARGE_INTEGER AllocationSize OPTIONAL,
+ IN ULONG FileAttributes,
+ IN ULONG ShareAccess,
+ IN ULONG CreateDisposition,
+ IN ULONG CreateOptions,
+ IN PVOID EaBuffer,
+ IN ULONG EaLength);
-#define OB_TYPE_TYPE 1
-#define OB_TYPE_DIRECTORY 2
-#define OB_TYPE_SYMBOLIC_LINK 3
-#define OB_TYPE_TOKEN 4
-#define OB_TYPE_PROCESS 5
-#define OB_TYPE_THREAD 6
-#define OB_TYPE_EVENT 7
-#define OB_TYPE_EVENT_PAIR 8
-#define OB_TYPE_MUTANT 9
-#define OB_TYPE_SEMAPHORE 10
-#define OB_TYPE_TIMER 11
-#define OB_TYPE_PROFILE 12
-#define OB_TYPE_WINDOW_STATION 13
-#define OB_TYPE_DESKTOP 14
-#define OB_TYPE_SECTION 15
-#define OB_TYPE_KEY 16
-#define OB_TYPE_PORT 17
-#define OB_TYPE_ADAPTER 18
-#define OB_TYPE_CONTROLLER 19
-#define OB_TYPE_DEVICE 20
-#define OB_TYPE_DRIVER 21
-#define OB_TYPE_IO_COMPLETION 22
-#define OB_TYPE_FILE 23
+NTSYSCALLAPI
+NTSTATUS
+NTAPI
+NtDeviceIoControlFile(
+ IN HANDLE FileHandle,
+ IN HANDLE Event OPTIONAL,
+ IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
+ IN PVOID ApcContext OPTIONAL,
+ OUT PIO_STATUS_BLOCK IoStatusBlock,
+ IN ULONG IoControlCode,
+ IN PVOID InputBuffer OPTIONAL,
+ IN ULONG InputBufferLength,
+ OUT PVOID OutputBuffer OPTIONAL,
+ IN ULONG OutputBufferLength);
-#define PIN_WAIT (1)
-#define PIN_EXCLUSIVE (2)
-#define PIN_NO_READ (4)
-#define PIN_IF_BCB (8)
+NTSYSCALLAPI
+NTSTATUS
+NTAPI
+NtFsControlFile(
+ IN HANDLE FileHandle,
+ IN HANDLE Event OPTIONAL,
+ IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
+ IN PVOID ApcContext OPTIONAL,
+ OUT PIO_STATUS_BLOCK IoStatusBlock,
+ IN ULONG FsControlCode,
+ IN PVOID InputBuffer OPTIONAL,
+ IN ULONG InputBufferLength,
+ OUT PVOID OutputBuffer OPTIONAL,
+ IN ULONG OutputBufferLength);
-#define RTL_DUPLICATE_UNICODE_STRING_NULL_TERMINATE 1
-#define RTL_DUPLICATE_UNICODE_STRING_ALLOCATE_NULL_STRING 2
+NTSYSCALLAPI
+NTSTATUS
+NTAPI
+NtLockFile(
+ IN HANDLE FileHandle,
+ IN HANDLE Event OPTIONAL,
+ IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
+ IN PVOID ApcContext OPTIONAL,
+ OUT PIO_STATUS_BLOCK IoStatusBlock,
+ IN PLARGE_INTEGER ByteOffset,
+ IN PLARGE_INTEGER Length,
+ IN ULONG Key,
+ IN BOOLEAN FailImmediately,
+ IN BOOLEAN ExclusiveLock);
-#define SEC_BASED 0x00200000
+NTSYSCALLAPI
+NTSTATUS
+NTAPI
+NtOpenFile(
+ OUT PHANDLE FileHandle,
+ IN ACCESS_MASK DesiredAccess,
+ IN POBJECT_ATTRIBUTES ObjectAttributes,
+ OUT PIO_STATUS_BLOCK IoStatusBlock,
+ IN ULONG ShareAccess,
+ IN ULONG OpenOptions);
-#define SECURITY_WORLD_SID_AUTHORITY {0,0,0,0,0,1}
-#define SECURITY_WORLD_RID (0x00000000L)
+NTSYSCALLAPI
+NTSTATUS
+NTAPI
+NtQueryDirectoryFile(
+ IN HANDLE FileHandle,
+ IN HANDLE Event OPTIONAL,
+ IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
+ IN PVOID ApcContext OPTIONAL,
+ OUT PIO_STATUS_BLOCK IoStatusBlock,
+ OUT PVOID FileInformation,
+ IN ULONG Length,
+ IN FILE_INFORMATION_CLASS FileInformationClass,
+ IN BOOLEAN ReturnSingleEntry,
+ IN PUNICODE_STRING FileName OPTIONAL,
+ IN BOOLEAN RestartScan);
-#define TOKEN_ASSIGN_PRIMARY (0x0001)
-#define TOKEN_DUPLICATE (0x0002)
-#define TOKEN_IMPERSONATE (0x0004)
-#define TOKEN_QUERY (0x0008)
-#define TOKEN_QUERY_SOURCE (0x0010)
-#define TOKEN_ADJUST_PRIVILEGES (0x0020)
-#define TOKEN_ADJUST_GROUPS (0x0040)
-#define TOKEN_ADJUST_DEFAULT (0x0080)
-#define TOKEN_ADJUST_SESSIONID (0x0100)
+NTSYSCALLAPI
+NTSTATUS
+NTAPI
+NtQueryInformationFile(
+ IN HANDLE FileHandle,
+ OUT PIO_STATUS_BLOCK IoStatusBlock,
+ OUT PVOID FileInformation,
+ IN ULONG Length,
+ IN FILE_INFORMATION_CLASS FileInformationClass);
-#define TOKEN_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED |\
- TOKEN_ASSIGN_PRIMARY |\
- TOKEN_DUPLICATE |\
- TOKEN_IMPERSONATE |\
- TOKEN_QUERY |\
- TOKEN_QUERY_SOURCE |\
- TOKEN_ADJUST_PRIVILEGES |\
- TOKEN_ADJUST_GROUPS |\
- TOKEN_ADJUST_DEFAULT |\
- TOKEN_ADJUST_SESSIONID)
+NTSYSCALLAPI
+NTSTATUS
+NTAPI
+NtQueryQuotaInformationFile(
+ IN HANDLE FileHandle,
+ OUT PIO_STATUS_BLOCK IoStatusBlock,
+ OUT PVOID Buffer,
+ IN ULONG Length,
+ IN BOOLEAN ReturnSingleEntry,
+ IN PVOID SidList,
+ IN ULONG SidListLength,
+ IN PSID StartSid OPTIONAL,
+ IN BOOLEAN RestartScan);
-#define TOKEN_READ (STANDARD_RIGHTS_READ |\
- TOKEN_QUERY)
+NTSYSCALLAPI
+NTSTATUS
+NTAPI
+NtQueryVolumeInformationFile(
+ IN HANDLE FileHandle,
+ OUT PIO_STATUS_BLOCK IoStatusBlock,
+ OUT PVOID FsInformation,
+ IN ULONG Length,
+ IN FS_INFORMATION_CLASS FsInformationClass);
-#define TOKEN_WRITE (STANDARD_RIGHTS_WRITE |\
- TOKEN_ADJUST_PRIVILEGES |\
- TOKEN_ADJUST_GROUPS |\
- TOKEN_ADJUST_DEFAULT)
+NTSYSCALLAPI
+NTSTATUS
+NTAPI
+NtReadFile(
+ IN HANDLE FileHandle,
+ IN HANDLE Event OPTIONAL,
+ IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
+ IN PVOID ApcContext OPTIONAL,
+ OUT PIO_STATUS_BLOCK IoStatusBlock,
+ OUT PVOID Buffer,
+ IN ULONG Length,
+ IN PLARGE_INTEGER ByteOffset OPTIONAL,
+ IN PULONG Key OPTIONAL);
-#define TOKEN_EXECUTE (STANDARD_RIGHTS_EXECUTE)
+NTSYSCALLAPI
+NTSTATUS
+NTAPI
+NtSetInformationFile(
+ IN HANDLE FileHandle,
+ OUT PIO_STATUS_BLOCK IoStatusBlock,
+ IN PVOID FileInformation,
+ IN ULONG Length,
+ IN FILE_INFORMATION_CLASS FileInformationClass);
-#define TOKEN_SOURCE_LENGTH 8
-/* end winnt.h */
+NTSYSCALLAPI
+NTSTATUS
+NTAPI
+NtSetQuotaInformationFile(
+ IN HANDLE FileHandle,
+ OUT PIO_STATUS_BLOCK IoStatusBlock,
+ IN PVOID Buffer,
+ IN ULONG Length);
-#define TOKEN_HAS_TRAVERSE_PRIVILEGE 0x01
-#define TOKEN_HAS_BACKUP_PRIVILEGE 0x02
-#define TOKEN_HAS_RESTORE_PRIVILEGE 0x04
-#define TOKEN_HAS_ADMIN_GROUP 0x08
-#define TOKEN_WRITE_RESTRICTED 0x08
-#define TOKEN_IS_RESTRICTED 0x10
-#define SE_BACKUP_PRIVILEGES_CHECKED 0x0100
+NTSYSCALLAPI
+NTSTATUS
+NTAPI
+NtSetVolumeInformationFile(
+ IN HANDLE FileHandle,
+ OUT PIO_STATUS_BLOCK IoStatusBlock,
+ IN PVOID FsInformation,
+ IN ULONG Length,
+ IN FS_INFORMATION_CLASS FsInformationClass);
-#define VACB_MAPPING_GRANULARITY (0x40000)
-#define VACB_OFFSET_SHIFT (18)
+NTSYSCALLAPI
+NTSTATUS
+NTAPI
+NtWriteFile(
+ IN HANDLE FileHandle,
+ IN HANDLE Event OPTIONAL,
+ IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
+ IN PVOID ApcContext OPTIONAL,
+ OUT PIO_STATUS_BLOCK IoStatusBlock,
+ IN PVOID Buffer,
+ IN ULONG Length,
+ IN PLARGE_INTEGER ByteOffset OPTIONAL,
+ IN PULONG Key OPTIONAL);
-#ifndef _WINNT_H
-#define _AUDIT_EVENT_TYPE_HACK 0
-#endif
-#if (_AUDIT_EVENT_TYPE_HACK == 1)
+NTSYSCALLAPI
+NTSTATUS
+NTAPI
+NtUnlockFile(
+ IN HANDLE FileHandle,
+ OUT PIO_STATUS_BLOCK IoStatusBlock,
+ IN PLARGE_INTEGER ByteOffset,
+ IN PLARGE_INTEGER Length,
+ IN ULONG Key);
-#else
-typedef enum _AUDIT_EVENT_TYPE
-{
- AuditEventObjectAccess,
- AuditEventDirectoryServiceAccess
-} AUDIT_EVENT_TYPE, *PAUDIT_EVENT_TYPE;
-#endif
+NTSYSCALLAPI
+NTSTATUS
+NTAPI
+NtSetSecurityObject(
+ IN HANDLE Handle,
+ IN SECURITY_INFORMATION SecurityInformation,
+ IN PSECURITY_DESCRIPTOR SecurityDescriptor);
-#define AUDIT_ALLOW_NO_PRIVILEGE 0x1
+NTSYSCALLAPI
+NTSTATUS
+NTAPI
+NtQuerySecurityObject(
+ IN HANDLE Handle,
+ IN SECURITY_INFORMATION SecurityInformation,
+ OUT PSECURITY_DESCRIPTOR SecurityDescriptor,
+ IN ULONG Length,
+ OUT PULONG LengthNeeded);
-#define FSCTL_REQUEST_OPLOCK_LEVEL_1 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 0, METHOD_BUFFERED, FILE_ANY_ACCESS)
-#define FSCTL_REQUEST_OPLOCK_LEVEL_2 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 1, METHOD_BUFFERED, FILE_ANY_ACCESS)
-#define FSCTL_REQUEST_BATCH_OPLOCK CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 2, METHOD_BUFFERED, FILE_ANY_ACCESS)
-#define FSCTL_OPLOCK_BREAK_ACKNOWLEDGE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 3, METHOD_BUFFERED, FILE_ANY_ACCESS)
-#define FSCTL_OPBATCH_ACK_CLOSE_PENDING CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 4, METHOD_BUFFERED, FILE_ANY_ACCESS)
-#define FSCTL_OPLOCK_BREAK_NOTIFY CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 5, METHOD_BUFFERED, FILE_ANY_ACCESS)
-#define FSCTL_LOCK_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 6, METHOD_BUFFERED, FILE_ANY_ACCESS)
-#define FSCTL_UNLOCK_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 7, METHOD_BUFFERED, FILE_ANY_ACCESS)
-#define FSCTL_DISMOUNT_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 8, METHOD_BUFFERED, FILE_ANY_ACCESS)
+NTSYSCALLAPI
+NTSTATUS
+NTAPI
+NtClose(
+ IN HANDLE Handle);
-#define FSCTL_IS_VOLUME_MOUNTED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 10, METHOD_BUFFERED, FILE_ANY_ACCESS)
-#define FSCTL_IS_PATHNAME_VALID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 11, METHOD_BUFFERED, FILE_ANY_ACCESS)
-#define FSCTL_MARK_VOLUME_DIRTY CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 12, METHOD_BUFFERED, FILE_ANY_ACCESS)
+NTSYSCALLAPI
+NTSTATUS
+NTAPI
+NtAllocateVirtualMemory(
+ IN HANDLE ProcessHandle,
+ IN OUT PVOID *BaseAddress,
+ IN ULONG_PTR ZeroBits,
+ IN OUT PSIZE_T RegionSize,
+ IN ULONG AllocationType,
+ IN ULONG Protect);
-#define FSCTL_QUERY_RETRIEVAL_POINTERS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 14, METHOD_NEITHER, FILE_ANY_ACCESS)
-#define FSCTL_GET_COMPRESSION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 15, METHOD_BUFFERED, FILE_ANY_ACCESS)
-#define FSCTL_SET_COMPRESSION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 16, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA)
+NTSYSCALLAPI
+NTSTATUS
+NTAPI
+NtFreeVirtualMemory(
+ IN HANDLE ProcessHandle,
+ IN OUT PVOID *BaseAddress,
+ IN OUT PSIZE_T RegionSize,
+ IN ULONG FreeType);
+#endif
-#define FSCTL_MARK_AS_SYSTEM_HIVE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 19, METHOD_NEITHER, FILE_ANY_ACCESS)
-#define FSCTL_OPLOCK_BREAK_ACK_NO_2 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 20, METHOD_BUFFERED, FILE_ANY_ACCESS)
-#define FSCTL_INVALIDATE_VOLUMES CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 21, METHOD_BUFFERED, FILE_ANY_ACCESS)
-#define FSCTL_QUERY_FAT_BPB CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 22, METHOD_BUFFERED, FILE_ANY_ACCESS)
-#define FSCTL_REQUEST_FILTER_OPLOCK CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 23, METHOD_BUFFERED, FILE_ANY_ACCESS)
-#define FSCTL_FILESYSTEM_GET_STATISTICS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 24, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#if (NTDDI_VERSION >= NTDDI_WINXP)
-#if (VER_PRODUCTBUILD >= 1381)
+NTSYSCALLAPI
+NTSTATUS
+NTAPI
+NtOpenThreadTokenEx(
+ IN HANDLE ThreadHandle,
+ IN ACCESS_MASK DesiredAccess,
+ IN BOOLEAN OpenAsSelf,
+ IN ULONG HandleAttributes,
+ OUT PHANDLE TokenHandle);
-#define FSCTL_GET_NTFS_VOLUME_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 25, METHOD_BUFFERED, FILE_ANY_ACCESS)
-#define FSCTL_GET_NTFS_FILE_RECORD CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 26, METHOD_BUFFERED, FILE_ANY_ACCESS)
-#define FSCTL_GET_VOLUME_BITMAP CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 27, METHOD_NEITHER, FILE_ANY_ACCESS)
-#define FSCTL_GET_RETRIEVAL_POINTERS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 28, METHOD_NEITHER, FILE_ANY_ACCESS)
-#define FSCTL_MOVE_FILE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 29, METHOD_BUFFERED, FILE_ANY_ACCESS)
-#define FSCTL_IS_VOLUME_DIRTY CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 30, METHOD_BUFFERED, FILE_ANY_ACCESS)
-#define FSCTL_GET_HFS_INFORMATION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 31, METHOD_BUFFERED, FILE_ANY_ACCESS)
-#define FSCTL_ALLOW_EXTENDED_DASD_IO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 32, METHOD_NEITHER, FILE_ANY_ACCESS)
+NTSYSCALLAPI
+NTSTATUS
+NTAPI
+NtOpenProcessTokenEx(
+ IN HANDLE ProcessHandle,
+ IN ACCESS_MASK DesiredAccess,
+ IN ULONG HandleAttributes,
+ OUT PHANDLE TokenHandle);
-#endif /* (VER_PRODUCTBUILD >= 1381) */
+NTSYSAPI
+NTSTATUS
+NTAPI
+NtOpenJobObjectToken(
+ IN HANDLE JobHandle,
+ IN ACCESS_MASK DesiredAccess,
+ OUT PHANDLE TokenHandle);
-#if (VER_PRODUCTBUILD >= 2195)
+NTSYSCALLAPI
+NTSTATUS
+NTAPI
+NtDuplicateToken(
+ IN HANDLE ExistingTokenHandle,
+ IN ACCESS_MASK DesiredAccess,
+ IN POBJECT_ATTRIBUTES ObjectAttributes,
+ IN BOOLEAN EffectiveOnly,
+ IN TOKEN_TYPE TokenType,
+ OUT PHANDLE NewTokenHandle);
-#define FSCTL_READ_PROPERTY_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 33, METHOD_NEITHER, FILE_ANY_ACCESS)
-#define FSCTL_WRITE_PROPERTY_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 34, METHOD_NEITHER, FILE_ANY_ACCESS)
-#define FSCTL_FIND_FILES_BY_SID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 35, METHOD_NEITHER, FILE_ANY_ACCESS)
+NTSYSCALLAPI
+NTSTATUS
+NTAPI
+NtFilterToken(
+ IN HANDLE ExistingTokenHandle,
+ IN ULONG Flags,
+ IN PTOKEN_GROUPS SidsToDisable OPTIONAL,
+ IN PTOKEN_PRIVILEGES PrivilegesToDelete OPTIONAL,
+ IN PTOKEN_GROUPS RestrictedSids OPTIONAL,
+ OUT PHANDLE NewTokenHandle);
-#define FSCTL_DUMP_PROPERTY_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 37, METHOD_NEITHER, FILE_ANY_ACCESS)
-#define FSCTL_SET_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 38, METHOD_BUFFERED, FILE_WRITE_DATA)
-#define FSCTL_GET_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 39, METHOD_BUFFERED, FILE_ANY_ACCESS)
-#define FSCTL_DELETE_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 40, METHOD_BUFFERED, FILE_WRITE_DATA)
-#define FSCTL_SET_REPARSE_POINT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 41, METHOD_BUFFERED, FILE_WRITE_DATA)
-#define FSCTL_GET_REPARSE_POINT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 42, METHOD_BUFFERED, FILE_ANY_ACCESS)
-#define FSCTL_DELETE_REPARSE_POINT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 43, METHOD_BUFFERED, FILE_WRITE_DATA)
-#define FSCTL_ENUM_USN_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 44, METHOD_NEITHER, FILE_READ_DATA)
-#define FSCTL_SECURITY_ID_CHECK CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 45, METHOD_NEITHER, FILE_READ_DATA)
-#define FSCTL_READ_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 46, METHOD_NEITHER, FILE_READ_DATA)
-#define FSCTL_SET_OBJECT_ID_EXTENDED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 47, METHOD_BUFFERED, FILE_WRITE_DATA)
-#define FSCTL_CREATE_OR_GET_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 48, METHOD_BUFFERED, FILE_ANY_ACCESS)
-#define FSCTL_SET_SPARSE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 49, METHOD_BUFFERED, FILE_WRITE_DATA)
-#define FSCTL_SET_ZERO_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 50, METHOD_BUFFERED, FILE_WRITE_DATA)
-#define FSCTL_QUERY_ALLOCATED_RANGES CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 51, METHOD_NEITHER, FILE_READ_DATA)
-#define FSCTL_ENABLE_UPGRADE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 52, METHOD_BUFFERED, FILE_WRITE_DATA)
-#define FSCTL_SET_ENCRYPTION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 53, METHOD_BUFFERED, FILE_ANY_ACCESS)
-#define FSCTL_ENCRYPTION_FSCTL_IO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 54, METHOD_NEITHER, FILE_ANY_ACCESS)
-#define FSCTL_WRITE_RAW_ENCRYPTED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 55, METHOD_NEITHER, FILE_ANY_ACCESS)
-#define FSCTL_READ_RAW_ENCRYPTED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 56, METHOD_NEITHER, FILE_ANY_ACCESS)
-#define FSCTL_CREATE_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 57, METHOD_NEITHER, FILE_READ_DATA)
-#define FSCTL_READ_FILE_USN_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 58, METHOD_NEITHER, FILE_READ_DATA)
-#define FSCTL_WRITE_USN_CLOSE_RECORD CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 59, METHOD_NEITHER, FILE_READ_DATA)
-#define FSCTL_EXTEND_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 60, METHOD_BUFFERED, FILE_ANY_ACCESS)
-#define FSCTL_QUERY_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 61, METHOD_BUFFERED, FILE_ANY_ACCESS)
-#define FSCTL_DELETE_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 62, METHOD_BUFFERED, FILE_ANY_ACCESS)
-#define FSCTL_MARK_HANDLE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 63, METHOD_BUFFERED, FILE_ANY_ACCESS)
-#define FSCTL_SIS_COPYFILE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 64, METHOD_BUFFERED, FILE_ANY_ACCESS)
-#define FSCTL_SIS_LINK_FILES CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 65, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA)
-#define FSCTL_HSM_MSG CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 66, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA)
-#define FSCTL_NSS_CONTROL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 67, METHOD_BUFFERED, FILE_WRITE_DATA)
-#define FSCTL_HSM_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 68, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA)
-#define FSCTL_RECALL_FILE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 69, METHOD_NEITHER, FILE_ANY_ACCESS)
-#define FSCTL_NSS_RCONTROL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 70, METHOD_BUFFERED, FILE_READ_DATA)
-#define FSCTL_READ_FROM_PLEX CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 71, METHOD_OUT_DIRECT, FILE_READ_DATA)
-#define FSCTL_FILE_PREFETCH CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 72, METHOD_BUFFERED, FILE_SPECIAL_ACCESS)
+NTSYSCALLAPI
+NTSTATUS
+NTAPI
+NtImpersonateAnonymousToken(
+ IN HANDLE ThreadHandle);
-#endif /* (VER_PRODUCTBUILD >= 2195) */
+NTSYSCALLAPI
+NTSTATUS
+NTAPI
+NtSetInformationToken(
+ IN HANDLE TokenHandle,
+ IN TOKEN_INFORMATION_CLASS TokenInformationClass,
+ IN PVOID TokenInformation,
+ IN ULONG TokenInformationLength);
-#define FSCTL_MAILSLOT_PEEK CTL_CODE(FILE_DEVICE_MAILSLOT, 0, METHOD_NEITHER, FILE_READ_DATA)
+NTSYSCALLAPI
+NTSTATUS
+NTAPI
+NtAdjustGroupsToken(
+ IN HANDLE TokenHandle,
+ IN BOOLEAN ResetToDefault,
+ IN PTOKEN_GROUPS NewState OPTIONAL,
+ IN ULONG BufferLength OPTIONAL,
+ OUT PTOKEN_GROUPS PreviousState,
+ OUT PULONG ReturnLength);
-#define FSCTL_NETWORK_SET_CONFIGURATION_INFO CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 102, METHOD_IN_DIRECT, FILE_ANY_ACCESS)
-#define FSCTL_NETWORK_GET_CONFIGURATION_INFO CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 103, METHOD_OUT_DIRECT, FILE_ANY_ACCESS)
-#define FSCTL_NETWORK_GET_CONNECTION_INFO CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 104, METHOD_NEITHER, FILE_ANY_ACCESS)
-#define FSCTL_NETWORK_ENUMERATE_CONNECTIONS CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 105, METHOD_NEITHER, FILE_ANY_ACCESS)
-#define FSCTL_NETWORK_DELETE_CONNECTION CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 107, METHOD_BUFFERED, FILE_ANY_ACCESS)
-#define FSCTL_NETWORK_GET_STATISTICS CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 116, METHOD_BUFFERED, FILE_ANY_ACCESS)
-#define FSCTL_NETWORK_SET_DOMAIN_NAME CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 120, METHOD_BUFFERED, FILE_ANY_ACCESS)
-#define FSCTL_NETWORK_REMOTE_BOOT_INIT_SCRT CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 250, METHOD_BUFFERED, FILE_ANY_ACCESS)
+NTSYSCALLAPI
+NTSTATUS
+NTAPI
+NtPrivilegeCheck(
+ IN HANDLE ClientToken,
+ IN OUT PPRIVILEGE_SET RequiredPrivileges,
+ OUT PBOOLEAN Result);
-#define FSCTL_PIPE_ASSIGN_EVENT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 0, METHOD_BUFFERED, FILE_ANY_ACCESS)
-#define FSCTL_PIPE_DISCONNECT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 1, METHOD_BUFFERED, FILE_ANY_ACCESS)
-#define FSCTL_PIPE_LISTEN CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2, METHOD_BUFFERED, FILE_ANY_ACCESS)
-#define FSCTL_PIPE_PEEK CTL_CODE(FILE_DEVICE_NAMED_PIPE, 3, METHOD_BUFFERED, FILE_READ_DATA)
-#define FSCTL_PIPE_QUERY_EVENT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 4, METHOD_BUFFERED, FILE_ANY_ACCESS)
-#define FSCTL_PIPE_TRANSCEIVE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 5, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA)
-#define FSCTL_PIPE_WAIT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 6, METHOD_BUFFERED, FILE_ANY_ACCESS)
-#define FSCTL_PIPE_IMPERSONATE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 7, METHOD_BUFFERED, FILE_ANY_ACCESS)
-#define FSCTL_PIPE_SET_CLIENT_PROCESS CTL_CODE(FILE_DEVICE_NAMED_PIPE, 8, METHOD_BUFFERED, FILE_ANY_ACCESS)
-#define FSCTL_PIPE_QUERY_CLIENT_PROCESS CTL_CODE(FILE_DEVICE_NAMED_PIPE, 9, METHOD_BUFFERED, FILE_ANY_ACCESS)
-#define FSCTL_PIPE_INTERNAL_READ CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2045, METHOD_BUFFERED, FILE_READ_DATA)
-#define FSCTL_PIPE_INTERNAL_WRITE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2046, METHOD_BUFFERED, FILE_WRITE_DATA)
-#define FSCTL_PIPE_INTERNAL_TRANSCEIVE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2047, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA)
-#define FSCTL_PIPE_INTERNAL_READ_OVFLOW CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2048, METHOD_BUFFERED, FILE_READ_DATA)
+NTSYSCALLAPI
+NTSTATUS
+NTAPI
+NtAccessCheckAndAuditAlarm(
+ IN PUNICODE_STRING SubsystemName,
+ IN PVOID HandleId OPTIONAL,
+ IN PUNICODE_STRING ObjectTypeName,
+ IN PUNICODE_STRING ObjectName,
+ IN PSECURITY_DESCRIPTOR SecurityDescriptor,
+ IN ACCESS_MASK DesiredAccess,
+ IN PGENERIC_MAPPING GenericMapping,
+ IN BOOLEAN ObjectCreation,
+ OUT PACCESS_MASK GrantedAccess,
+ OUT PNTSTATUS AccessStatus,
+ OUT PBOOLEAN GenerateOnClose);
-#define IOCTL_REDIR_QUERY_PATH CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 99, METHOD_NEITHER, FILE_ANY_ACCESS)
+NTSYSCALLAPI
+NTSTATUS
+NTAPI
+NtAccessCheckByTypeAndAuditAlarm(
+ IN PUNICODE_STRING SubsystemName,
+ IN PVOID HandleId,
+ IN PUNICODE_STRING ObjectTypeName,
+ IN PUNICODE_STRING ObjectName,
+ IN PSECURITY_DESCRIPTOR SecurityDescriptor,
+ IN PSID PrincipalSelfSid OPTIONAL,
+ IN ACCESS_MASK DesiredAccess,
+ IN AUDIT_EVENT_TYPE AuditType,
+ IN ULONG Flags,
+ IN POBJECT_TYPE_LIST ObjectTypeList OPTIONAL,
+ IN ULONG ObjectTypeLength,
+ IN PGENERIC_MAPPING GenericMapping,
+ IN BOOLEAN ObjectCreation,
+ OUT PACCESS_MASK GrantedAccess,
+ OUT PNTSTATUS AccessStatus,
+ OUT PBOOLEAN GenerateOnClose);
-typedef PVOID OPLOCK, *POPLOCK;
+NTSYSCALLAPI
+NTSTATUS
+NTAPI
+NtAccessCheckByTypeResultListAndAuditAlarm(
+ IN PUNICODE_STRING SubsystemName,
+ IN PVOID HandleId OPTIONAL,
+ IN PUNICODE_STRING ObjectTypeName,
+ IN PUNICODE_STRING ObjectName,
+ IN PSECURITY_DESCRIPTOR SecurityDescriptor,
+ IN PSID PrincipalSelfSid OPTIONAL,
+ IN ACCESS_MASK DesiredAccess,
+ IN AUDIT_EVENT_TYPE AuditType,
+ IN ULONG Flags,
+ IN POBJECT_TYPE_LIST ObjectTypeList OPTIONAL,
+ IN ULONG ObjectTypeLength,
+ IN PGENERIC_MAPPING GenericMapping,
+ IN BOOLEAN ObjectCreation,
+ OUT PACCESS_MASK GrantedAccess,
+ OUT PNTSTATUS AccessStatus,
+ OUT PBOOLEAN GenerateOnClose);
-//
-// Forwarders
-//
-struct _RTL_AVL_TABLE;
-struct _RTL_GENERIC_TABLE;
+NTSTATUS
+NTAPI
+NtAccessCheckByTypeResultListAndAuditAlarmByHandle(
+ IN PUNICODE_STRING SubsystemName,
+ IN PVOID HandleId OPTIONAL,
+ IN HANDLE ClientToken,
+ IN PUNICODE_STRING ObjectTypeName,
+ IN PUNICODE_STRING ObjectName,
+ IN PSECURITY_DESCRIPTOR SecurityDescriptor,
+ IN PSID PrincipalSelfSid OPTIONAL,
+ IN ACCESS_MASK DesiredAccess,
+ IN AUDIT_EVENT_TYPE AuditType,
+ IN ULONG Flags,
+ IN POBJECT_TYPE_LIST ObjectTypeList OPTIONAL,
+ IN ULONG ObjectTypeLength,
+ IN PGENERIC_MAPPING GenericMapping,
+ IN BOOLEAN ObjectCreation,
+ OUT PACCESS_MASK GrantedAccess,
+ OUT PNTSTATUS AccessStatus,
+ OUT PBOOLEAN GenerateOnClose);
-typedef ULONG LBN;
-typedef LBN *PLBN;
+NTSYSCALLAPI
+NTSTATUS
+NTAPI
+NtOpenObjectAuditAlarm(
+ IN PUNICODE_STRING SubsystemName,
+ IN PVOID HandleId OPTIONAL,
+ IN PUNICODE_STRING ObjectTypeName,
+ IN PUNICODE_STRING ObjectName,
+ IN PSECURITY_DESCRIPTOR SecurityDescriptor OPTIONAL,
+ IN HANDLE ClientToken,
+ IN ACCESS_MASK DesiredAccess,
+ IN ACCESS_MASK GrantedAccess,
+ IN PPRIVILEGE_SET Privileges OPTIONAL,
+ IN BOOLEAN ObjectCreation,
+ IN BOOLEAN AccessGranted,
+ OUT PBOOLEAN GenerateOnClose);
-typedef ULONG VBN;
-typedef VBN *PVBN;
+NTSYSCALLAPI
+NTSTATUS
+NTAPI
+NtPrivilegeObjectAuditAlarm(
+ IN PUNICODE_STRING SubsystemName,
+ IN PVOID HandleId OPTIONAL,
+ IN HANDLE ClientToken,
+ IN ACCESS_MASK DesiredAccess,
+ IN PPRIVILEGE_SET Privileges,
+ IN BOOLEAN AccessGranted);
-typedef PVOID PNOTIFY_SYNC;
+NTSYSCALLAPI
+NTSTATUS
+NTAPI
+NtCloseObjectAuditAlarm(
+ IN PUNICODE_STRING SubsystemName,
+ IN PVOID HandleId OPTIONAL,
+ IN BOOLEAN GenerateOnClose);
-typedef enum _FAST_IO_POSSIBLE {
- FastIoIsNotPossible,
- FastIoIsPossible,
- FastIoIsQuestionable
-} FAST_IO_POSSIBLE;
+NTSYSCALLAPI
+NTSTATUS
+NTAPI
+NtDeleteObjectAuditAlarm(
+ IN PUNICODE_STRING SubsystemName,
+ IN PVOID HandleId OPTIONAL,
+ IN BOOLEAN GenerateOnClose);
-typedef enum _FILE_STORAGE_TYPE {
- StorageTypeDefault = 1,
- StorageTypeDirectory,
- StorageTypeFile,
- StorageTypeJunctionPoint,
- StorageTypeCatalog,
- StorageTypeStructuredStorage,
- StorageTypeEmbedding,
- StorageTypeStream
-} FILE_STORAGE_TYPE;
+NTSYSCALLAPI
+NTSTATUS
+NTAPI
+NtPrivilegedServiceAuditAlarm(
+ IN PUNICODE_STRING SubsystemName,
+ IN PUNICODE_STRING ServiceName,
+ IN HANDLE ClientToken,
+ IN PPRIVILEGE_SET Privileges,
+ IN BOOLEAN AccessGranted);
-typedef enum _OBJECT_INFORMATION_CLASS
-{
- ObjectBasicInformation,
- ObjectNameInformation,
- ObjectTypeInformation,
- ObjectTypesInformation,
- ObjectHandleFlagInformation,
- ObjectSessionInformation,
- MaxObjectInfoClass
-} OBJECT_INFORMATION_CLASS;
+NTSYSCALLAPI
+NTSTATUS
+NTAPI
+NtSetInformationThread(
+ IN HANDLE ThreadHandle,
+ IN THREADINFOCLASS ThreadInformationClass,
+ IN PVOID ThreadInformation,
+ IN ULONG ThreadInformationLength);
-typedef struct _OBJECT_BASIC_INFORMATION
-{
- ULONG Attributes;
- ACCESS_MASK GrantedAccess;
- ULONG HandleCount;
- ULONG PointerCount;
- ULONG PagedPoolCharge;
- ULONG NonPagedPoolCharge;
- ULONG Reserved[ 3 ];
- ULONG NameInfoSize;
- ULONG TypeInfoSize;
- ULONG SecurityDescriptorSize;
- LARGE_INTEGER CreationTime;
-} OBJECT_BASIC_INFORMATION, *POBJECT_BASIC_INFORMATION;
+NTSYSCALLAPI
+NTSTATUS
+NTAPI
+NtCreateSection(
+ OUT PHANDLE SectionHandle,
+ IN ACCESS_MASK DesiredAccess,
+ IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
+ IN PLARGE_INTEGER MaximumSize OPTIONAL,
+ IN ULONG SectionPageProtection,
+ IN ULONG AllocationAttributes,
+ IN HANDLE FileHandle OPTIONAL);
-typedef struct _KAPC_STATE {
- LIST_ENTRY ApcListHead[2];
- PKPROCESS Process;
- BOOLEAN KernelApcInProgress;
- BOOLEAN KernelApcPending;
- BOOLEAN UserApcPending;
-} KAPC_STATE, *PKAPC_STATE, *RESTRICTED_POINTER PRKAPC_STATE;
-#define KAPC_STATE_ACTUAL_LENGTH (FIELD_OFFSET(KAPC_STATE, UserApcPending) + sizeof(BOOLEAN))
+#endif
-typedef struct _BITMAP_RANGE {
- LIST_ENTRY Links;
- LONGLONG BasePage;
- ULONG FirstDirtyPage;
- ULONG LastDirtyPage;
- ULONG DirtyPages;
- PULONG Bitmap;
-} BITMAP_RANGE, *PBITMAP_RANGE;
+typedef NTSTATUS
+(NTAPI * PRTL_HEAP_COMMIT_ROUTINE) (
+ IN PVOID Base,
+ IN OUT PVOID *CommitAddress,
+ IN OUT PSIZE_T CommitSize);
-typedef struct _CACHE_UNINITIALIZE_EVENT {
- struct _CACHE_UNINITIALIZE_EVENT *Next;
- KEVENT Event;
-} CACHE_UNINITIALIZE_EVENT, *PCACHE_UNINITIALIZE_EVENT;
+typedef struct _RTL_HEAP_PARAMETERS {
+ ULONG Length;
+ SIZE_T SegmentReserve;
+ SIZE_T SegmentCommit;
+ SIZE_T DeCommitFreeBlockThreshold;
+ SIZE_T DeCommitTotalFreeThreshold;
+ SIZE_T MaximumAllocationSize;
+ SIZE_T VirtualMemoryThreshold;
+ SIZE_T InitialCommit;
+ SIZE_T InitialReserve;
+ PRTL_HEAP_COMMIT_ROUTINE CommitRoutine;
+ SIZE_T Reserved[2];
+} RTL_HEAP_PARAMETERS, *PRTL_HEAP_PARAMETERS;
-typedef struct _CC_FILE_SIZES {
- LARGE_INTEGER AllocationSize;
- LARGE_INTEGER FileSize;
- LARGE_INTEGER ValidDataLength;
-} CC_FILE_SIZES, *PCC_FILE_SIZES;
+#if (NTDDI_VERSION >= NTDDI_WIN2K)
-typedef struct _COMPRESSED_DATA_INFO {
- USHORT CompressionFormatAndEngine;
- UCHAR CompressionUnitShift;
- UCHAR ChunkShift;
- UCHAR ClusterShift;
- UCHAR Reserved;
- USHORT NumberOfChunks;
- ULONG CompressedChunkSizes[ANYSIZE_ARRAY];
-} COMPRESSED_DATA_INFO, *PCOMPRESSED_DATA_INFO;
+NTSYSAPI
+PVOID
+NTAPI
+RtlAllocateHeap(
+ IN HANDLE HeapHandle,
+ IN ULONG Flags OPTIONAL,
+ IN SIZE_T Size);
-typedef struct _TOKEN_SOURCE {
- CHAR SourceName[TOKEN_SOURCE_LENGTH];
- LUID SourceIdentifier;
-} TOKEN_SOURCE,*PTOKEN_SOURCE;
-typedef struct _TOKEN_CONTROL {
- LUID TokenId;
- LUID AuthenticationId;
- LUID ModifiedId;
- TOKEN_SOURCE TokenSource;
-} TOKEN_CONTROL,*PTOKEN_CONTROL;
-typedef struct _TOKEN_DEFAULT_DACL {
- PACL DefaultDacl;
-} TOKEN_DEFAULT_DACL,*PTOKEN_DEFAULT_DACL;
-typedef struct _TOKEN_GROUPS {
- ULONG GroupCount;
- SID_AND_ATTRIBUTES Groups[ANYSIZE_ARRAY];
-} TOKEN_GROUPS,*PTOKEN_GROUPS,*LPTOKEN_GROUPS;
-typedef struct _TOKEN_GROUPS_AND_PRIVILEGES {
- ULONG SidCount;
- ULONG SidLength;
- PSID_AND_ATTRIBUTES Sids;
- ULONG RestrictedSidCount;
- ULONG RestrictedSidLength;
- PSID_AND_ATTRIBUTES RestrictedSids;
- ULONG PrivilegeCount;
- ULONG PrivilegeLength;
- PLUID_AND_ATTRIBUTES Privileges;
- LUID AuthenticationId;
-} TOKEN_GROUPS_AND_PRIVILEGES, *PTOKEN_GROUPS_AND_PRIVILEGES;
-typedef struct _TOKEN_ORIGIN {
- LUID OriginatingLogonSession;
-} TOKEN_ORIGIN, *PTOKEN_ORIGIN;
-typedef struct _TOKEN_OWNER {
- PSID Owner;
-} TOKEN_OWNER,*PTOKEN_OWNER;
-typedef struct _TOKEN_PRIMARY_GROUP {
- PSID PrimaryGroup;
-} TOKEN_PRIMARY_GROUP,*PTOKEN_PRIMARY_GROUP;
-typedef struct _TOKEN_PRIVILEGES {
- ULONG PrivilegeCount;
- LUID_AND_ATTRIBUTES Privileges[ANYSIZE_ARRAY];
-} TOKEN_PRIVILEGES,*PTOKEN_PRIVILEGES,*LPTOKEN_PRIVILEGES;
-typedef enum tagTOKEN_TYPE {
- TokenPrimary = 1,
- TokenImpersonation
-} TOKEN_TYPE,*PTOKEN_TYPE;
-typedef struct _TOKEN_STATISTICS {
- LUID TokenId;
- LUID AuthenticationId;
- LARGE_INTEGER ExpirationTime;
- TOKEN_TYPE TokenType;
- SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
- ULONG DynamicCharged;
- ULONG DynamicAvailable;
- ULONG GroupCount;
- ULONG PrivilegeCount;
- LUID ModifiedId;
-} TOKEN_STATISTICS, *PTOKEN_STATISTICS;
-typedef struct _TOKEN_USER {
- SID_AND_ATTRIBUTES User;
-} TOKEN_USER, *PTOKEN_USER;
+NTSYSAPI
+BOOLEAN
+NTAPI
+RtlFreeHeap(
+ IN PVOID HeapHandle,
+ IN ULONG Flags OPTIONAL,
+ IN PVOID BaseAddress);
-typedef struct _SECURITY_DESCRIPTOR {
- UCHAR Revision;
- UCHAR Sbz1;
- SECURITY_DESCRIPTOR_CONTROL Control;
- PSID Owner;
- PSID Group;
- PACL Sacl;
- PACL Dacl;
-} SECURITY_DESCRIPTOR, *PISECURITY_DESCRIPTOR;
+NTSYSAPI
+VOID
+NTAPI
+RtlCaptureContext(
+ OUT PCONTEXT ContextRecord);
-typedef struct _OBJECT_TYPE_LIST {
- USHORT Level;
- USHORT Sbz;
- GUID *ObjectType;
- } OBJECT_TYPE_LIST, *POBJECT_TYPE_LIST;
+NTSYSAPI
+ULONG
+NTAPI
+RtlRandom(
+ IN OUT PULONG Seed);
-typedef enum _TOKEN_INFORMATION_CLASS {
- TokenUser=1,TokenGroups,TokenPrivileges,TokenOwner,
- TokenPrimaryGroup,TokenDefaultDacl,TokenSource,TokenType,
- TokenImpersonationLevel,TokenStatistics,TokenRestrictedSids,
- TokenSessionId,TokenGroupsAndPrivileges,TokenSessionReference,
- TokenSandBoxInert,TokenAuditPolicy,TokenOrigin,
-} TOKEN_INFORMATION_CLASS;
+NTSYSAPI
+BOOLEAN
+NTAPI
+RtlCreateUnicodeString(
+ OUT PUNICODE_STRING DestinationString,
+ IN PCWSTR SourceString);
-#define SYMLINK_FLAG_RELATIVE 1
+NTSYSAPI
+NTSTATUS
+NTAPI
+RtlAppendStringToString(
+ IN OUT PSTRING Destination,
+ IN const STRING *Source);
-typedef struct _REPARSE_DATA_BUFFER {
- ULONG ReparseTag;
- USHORT ReparseDataLength;
- USHORT Reserved;
- __GNU_EXTENSION union {
- struct {
- USHORT SubstituteNameOffset;
- USHORT SubstituteNameLength;
- USHORT PrintNameOffset;
- USHORT PrintNameLength;
- ULONG Flags;
- WCHAR PathBuffer[1];
- } SymbolicLinkReparseBuffer;
- struct {
- USHORT SubstituteNameOffset;
- USHORT SubstituteNameLength;
- USHORT PrintNameOffset;
- USHORT PrintNameLength;
- WCHAR PathBuffer[1];
- } MountPointReparseBuffer;
- struct {
- UCHAR DataBuffer[1];
- } GenericReparseBuffer;
- };
-} REPARSE_DATA_BUFFER, *PREPARSE_DATA_BUFFER;
+NTSYSAPI
+NTSTATUS
+NTAPI
+RtlOemStringToUnicodeString(
+ IN OUT PUNICODE_STRING DestinationString,
+ IN PCOEM_STRING SourceString,
+ IN BOOLEAN AllocateDestinationString);
+NTSYSAPI
+NTSTATUS
+NTAPI
+RtlUnicodeStringToOemString(
+ IN OUT POEM_STRING DestinationString,
+ IN PCUNICODE_STRING SourceString,
+ IN BOOLEAN AllocateDestinationString);
+NTSYSAPI
+NTSTATUS
+NTAPI
+RtlUpcaseUnicodeStringToOemString(
+ IN OUT POEM_STRING DestinationString,
+ IN PCUNICODE_STRING SourceString,
+ IN BOOLEAN AllocateDestinationString);
-//
-// MicroSoft reparse point tags
-//
-#define IO_REPARSE_TAG_MOUNT_POINT (0xA0000003L)
-#define IO_REPARSE_TAG_HSM (0xC0000004L)
-#define IO_REPARSE_TAG_DRIVE_EXTENDER (0x80000005L)
-#define IO_REPARSE_TAG_HSM2 (0x80000006L)
-#define IO_REPARSE_TAG_SIS (0x80000007L)
-#define IO_REPARSE_TAG_DFS (0x8000000AL)
-#define IO_REPARSE_TAG_FILTER_MANAGER (0x8000000BL)
-#define IO_REPARSE_TAG_SYMLINK (0xA000000CL)
-#define IO_REPARSE_TAG_IIS_CACHE (0xA0000010L)
-#define IO_REPARSE_TAG_DFSR (0x80000012L)
+NTSYSAPI
+NTSTATUS
+NTAPI
+RtlOemStringToCountedUnicodeString(
+ IN OUT PUNICODE_STRING DestinationString,
+ IN PCOEM_STRING SourceString,
+ IN BOOLEAN AllocateDestinationString);
-//
-// Reserved reparse tags
-//
-#define IO_REPARSE_TAG_RESERVED_ZERO (0)
-#define IO_REPARSE_TAG_RESERVED_ONE (1)
-#define IO_REPARSE_TAG_RESERVED_RANGE IO_REPARSE_TAG_RESERVED_ONE
+NTSYSAPI
+NTSTATUS
+NTAPI
+RtlUnicodeStringToCountedOemString(
+ IN OUT POEM_STRING DestinationString,
+ IN PCUNICODE_STRING SourceString,
+ IN BOOLEAN AllocateDestinationString);
+NTSYSAPI
+NTSTATUS
+NTAPI
+RtlUpcaseUnicodeStringToCountedOemString(
+ IN OUT POEM_STRING DestinationString,
+ IN PCUNICODE_STRING SourceString,
+ IN BOOLEAN AllocateDestinationString);
-#define REPARSE_DATA_BUFFER_HEADER_SIZE FIELD_OFFSET(REPARSE_DATA_BUFFER, GenericReparseBuffer)
+NTSYSAPI
+NTSTATUS
+NTAPI
+RtlDowncaseUnicodeString(
+ IN OUT PUNICODE_STRING UniDest,
+ IN PCUNICODE_STRING UniSource,
+ IN BOOLEAN AllocateDestinationString);
-typedef struct _FILE_ACCESS_INFORMATION {
- ACCESS_MASK AccessFlags;
-} FILE_ACCESS_INFORMATION, *PFILE_ACCESS_INFORMATION;
+NTSYSAPI
+VOID
+NTAPI
+RtlFreeOemString (
+ IN OUT POEM_STRING OemString);
-typedef struct _FILE_ALLOCATION_INFORMATION {
- LARGE_INTEGER AllocationSize;
-} FILE_ALLOCATION_INFORMATION, *PFILE_ALLOCATION_INFORMATION;
+NTSYSAPI
+ULONG
+NTAPI
+RtlxUnicodeStringToOemSize(
+ IN PCUNICODE_STRING UnicodeString);
-typedef struct _FILE_BOTH_DIR_INFORMATION {
- ULONG NextEntryOffset;
- ULONG FileIndex;
- LARGE_INTEGER CreationTime;
- LARGE_INTEGER LastAccessTime;
- LARGE_INTEGER LastWriteTime;
- LARGE_INTEGER ChangeTime;
- LARGE_INTEGER EndOfFile;
- LARGE_INTEGER AllocationSize;
- ULONG FileAttributes;
- ULONG FileNameLength;
- ULONG EaSize;
- CCHAR ShortNameLength;
- WCHAR ShortName[12];
- WCHAR FileName[1];
-} FILE_BOTH_DIR_INFORMATION, *PFILE_BOTH_DIR_INFORMATION;
+NTSYSAPI
+ULONG
+NTAPI
+RtlxOemStringToUnicodeSize(
+ IN PCOEM_STRING OemString);
-typedef struct _FILE_COMPLETION_INFORMATION {
- HANDLE Port;
- PVOID Key;
-} FILE_COMPLETION_INFORMATION, *PFILE_COMPLETION_INFORMATION;
+NTSYSAPI
+NTSTATUS
+NTAPI
+RtlMultiByteToUnicodeN(
+ OUT PWCH UnicodeString,
+ IN ULONG MaxBytesInUnicodeString,
+ OUT PULONG BytesInUnicodeString OPTIONAL,
+ IN const CHAR *MultiByteString,
+ IN ULONG BytesInMultiByteString);
-typedef struct _FILE_COMPRESSION_INFORMATION {
- LARGE_INTEGER CompressedFileSize;
- USHORT CompressionFormat;
- UCHAR CompressionUnitShift;
- UCHAR ChunkShift;
- UCHAR ClusterShift;
- UCHAR Reserved[3];
-} FILE_COMPRESSION_INFORMATION, *PFILE_COMPRESSION_INFORMATION;
+NTSYSAPI
+NTSTATUS
+NTAPI
+RtlMultiByteToUnicodeSize(
+ OUT PULONG BytesInUnicodeString,
+ IN const CHAR *MultiByteString,
+ IN ULONG BytesInMultiByteString);
-typedef struct _FILE_COPY_ON_WRITE_INFORMATION {
- BOOLEAN ReplaceIfExists;
- HANDLE RootDirectory;
- ULONG FileNameLength;
- WCHAR FileName[1];
-} FILE_COPY_ON_WRITE_INFORMATION, *PFILE_COPY_ON_WRITE_INFORMATION;
+NTSYSAPI
+NTSTATUS
+NTAPI
+RtlUnicodeToMultiByteSize(
+ OUT PULONG BytesInMultiByteString,
+ IN PCWCH UnicodeString,
+ IN ULONG BytesInUnicodeString);
-typedef struct _FILE_DIRECTORY_INFORMATION {
- ULONG NextEntryOffset;
- ULONG FileIndex;
- LARGE_INTEGER CreationTime;
- LARGE_INTEGER LastAccessTime;
- LARGE_INTEGER LastWriteTime;
- LARGE_INTEGER ChangeTime;
- LARGE_INTEGER EndOfFile;
- LARGE_INTEGER AllocationSize;
- ULONG FileAttributes;
- ULONG FileNameLength;
- WCHAR FileName[1];
-} FILE_DIRECTORY_INFORMATION, *PFILE_DIRECTORY_INFORMATION;
+NTSYSAPI
+NTSTATUS
+NTAPI
+RtlUnicodeToMultiByteN(
+ OUT PCHAR MultiByteString,
+ IN ULONG MaxBytesInMultiByteString,
+ OUT PULONG BytesInMultiByteString OPTIONAL,
+ IN PWCH UnicodeString,
+ IN ULONG BytesInUnicodeString);
-typedef struct _FILE_FULL_DIRECTORY_INFORMATION {
- ULONG NextEntryOffset;
- ULONG FileIndex;
- LARGE_INTEGER CreationTime;
- LARGE_INTEGER LastAccessTime;
- LARGE_INTEGER LastWriteTime;
- LARGE_INTEGER ChangeTime;
- LARGE_INTEGER EndOfFile;
- LARGE_INTEGER AllocationSize;
- ULONG FileAttributes;
- ULONG FileNameLength;
- ULONG EaSize;
- WCHAR FileName[ANYSIZE_ARRAY];
-} FILE_FULL_DIRECTORY_INFORMATION, *PFILE_FULL_DIRECTORY_INFORMATION;
-
-typedef struct _FILE_ID_FULL_DIR_INFORMATION {
- ULONG NextEntryOffset;
- ULONG FileIndex;
- LARGE_INTEGER CreationTime;
- LARGE_INTEGER LastAccessTime;
- LARGE_INTEGER LastWriteTime;
- LARGE_INTEGER ChangeTime;
- LARGE_INTEGER EndOfFile;
- LARGE_INTEGER AllocationSize;
- ULONG FileAttributes;
- ULONG FileNameLength;
- ULONG EaSize;
- LARGE_INTEGER FileId;
- WCHAR FileName[1];
-} FILE_ID_FULL_DIR_INFORMATION, *PFILE_ID_FULL_DIR_INFORMATION;
+NTSYSAPI
+NTSTATUS
+NTAPI
+RtlUpcaseUnicodeToMultiByteN(
+ OUT PCHAR MultiByteString,
+ IN ULONG MaxBytesInMultiByteString,
+ OUT PULONG BytesInMultiByteString OPTIONAL,
+ IN PCWCH UnicodeString,
+ IN ULONG BytesInUnicodeString);
-typedef struct _FILE_ID_BOTH_DIR_INFORMATION {
- ULONG NextEntryOffset;
- ULONG FileIndex;
- LARGE_INTEGER CreationTime;
- LARGE_INTEGER LastAccessTime;
- LARGE_INTEGER LastWriteTime;
- LARGE_INTEGER ChangeTime;
- LARGE_INTEGER EndOfFile;
- LARGE_INTEGER AllocationSize;
- ULONG FileAttributes;
- ULONG FileNameLength;
- ULONG EaSize;
- CCHAR ShortNameLength;
- WCHAR ShortName[12];
- LARGE_INTEGER FileId;
- WCHAR FileName[1];
-} FILE_ID_BOTH_DIR_INFORMATION, *PFILE_ID_BOTH_DIR_INFORMATION;
+NTSYSAPI
+NTSTATUS
+NTAPI
+RtlOemToUnicodeN(
+ OUT PWSTR UnicodeString,
+ IN ULONG MaxBytesInUnicodeString,
+ OUT PULONG BytesInUnicodeString OPTIONAL,
+ IN PCCH OemString,
+ IN ULONG BytesInOemString);
-typedef struct _FILE_EA_INFORMATION {
- ULONG EaSize;
-} FILE_EA_INFORMATION, *PFILE_EA_INFORMATION;
+NTSYSAPI
+NTSTATUS
+NTAPI
+RtlUnicodeToOemN(
+ OUT PCHAR OemString,
+ IN ULONG MaxBytesInOemString,
+ OUT PULONG BytesInOemString OPTIONAL,
+ IN PCWCH UnicodeString,
+ IN ULONG BytesInUnicodeString);
-typedef struct _FILE_FS_ATTRIBUTE_INFORMATION {
- ULONG FileSystemAttributes;
- ULONG MaximumComponentNameLength;
- ULONG FileSystemNameLength;
- WCHAR FileSystemName[1];
-} FILE_FS_ATTRIBUTE_INFORMATION, *PFILE_FS_ATTRIBUTE_INFORMATION;
+NTSYSAPI
+NTSTATUS
+NTAPI
+RtlUpcaseUnicodeToOemN(
+ OUT PCHAR OemString,
+ IN ULONG MaxBytesInOemString,
+ OUT PULONG BytesInOemString OPTIONAL,
+ IN PCWCH UnicodeString,
+ IN ULONG BytesInUnicodeString);
-typedef struct _FILE_FS_CONTROL_INFORMATION {
- LARGE_INTEGER FreeSpaceStartFiltering;
- LARGE_INTEGER FreeSpaceThreshold;
- LARGE_INTEGER FreeSpaceStopFiltering;
- LARGE_INTEGER DefaultQuotaThreshold;
- LARGE_INTEGER DefaultQuotaLimit;
- ULONG FileSystemControlFlags;
-} FILE_FS_CONTROL_INFORMATION, *PFILE_FS_CONTROL_INFORMATION;
+typedef struct _GENERATE_NAME_CONTEXT {
+ USHORT Checksum;
+ BOOLEAN CheckSumInserted;
+ UCHAR NameLength;
+ WCHAR NameBuffer[8];
+ ULONG ExtensionLength;
+ WCHAR ExtensionBuffer[4];
+ ULONG LastIndexValue;
+} GENERATE_NAME_CONTEXT, *PGENERATE_NAME_CONTEXT;
-typedef struct _FILE_FS_FULL_SIZE_INFORMATION {
- LARGE_INTEGER TotalAllocationUnits;
- LARGE_INTEGER CallerAvailableAllocationUnits;
- LARGE_INTEGER ActualAvailableAllocationUnits;
- ULONG SectorsPerAllocationUnit;
- ULONG BytesPerSector;
-} FILE_FS_FULL_SIZE_INFORMATION, *PFILE_FS_FULL_SIZE_INFORMATION;
+#if (NTDDI_VERSION >= NTDDI_VISTASP1)
+NTSYSAPI
+NTSTATUS
+NTAPI
+RtlGenerate8dot3Name(
+ IN PCUNICODE_STRING Name,
+ IN BOOLEAN AllowExtendedCharacters,
+ IN OUT PGENERATE_NAME_CONTEXT Context,
+ IN OUT PUNICODE_STRING Name8dot3);
+#else
+NTSYSAPI
+VOID
+NTAPI
+RtlGenerate8dot3Name(
+ IN PCUNICODE_STRING Name,
+ IN BOOLEAN AllowExtendedCharacters,
+ IN OUT PGENERATE_NAME_CONTEXT Context,
+ IN OUT PUNICODE_STRING Name8dot3);
+#endif
-typedef struct _FILE_FS_LABEL_INFORMATION {
- ULONG VolumeLabelLength;
- WCHAR VolumeLabel[1];
-} FILE_FS_LABEL_INFORMATION, *PFILE_FS_LABEL_INFORMATION;
+NTSYSAPI
+BOOLEAN
+NTAPI
+RtlIsNameLegalDOS8Dot3(
+ IN PCUNICODE_STRING Name,
+ IN OUT POEM_STRING OemName OPTIONAL,
+ IN OUT PBOOLEAN NameContainsSpaces OPTIONAL);
-#if (VER_PRODUCTBUILD >= 2195)
+NTSYSAPI
+BOOLEAN
+NTAPI
+RtlIsValidOemCharacter(
+ IN OUT PWCHAR Char);
-typedef struct _FILE_FS_OBJECT_ID_INFORMATION {
- UCHAR ObjectId[16];
- UCHAR ExtendedInfo[48];
-} FILE_FS_OBJECT_ID_INFORMATION, *PFILE_FS_OBJECT_ID_INFORMATION;
+typedef struct _PREFIX_TABLE_ENTRY {
+ CSHORT NodeTypeCode;
+ CSHORT NameLength;
+ struct _PREFIX_TABLE_ENTRY *NextPrefixTree;
+ RTL_SPLAY_LINKS Links;
+ PSTRING Prefix;
+} PREFIX_TABLE_ENTRY, *PPREFIX_TABLE_ENTRY;
-#endif /* (VER_PRODUCTBUILD >= 2195) */
+typedef struct _PREFIX_TABLE {
+ CSHORT NodeTypeCode;
+ CSHORT NameLength;
+ PPREFIX_TABLE_ENTRY NextPrefixTree;
+} PREFIX_TABLE, *PPREFIX_TABLE;
-typedef struct _FILE_FS_SIZE_INFORMATION {
- LARGE_INTEGER TotalAllocationUnits;
- LARGE_INTEGER AvailableAllocationUnits;
- ULONG SectorsPerAllocationUnit;
- ULONG BytesPerSector;
-} FILE_FS_SIZE_INFORMATION, *PFILE_FS_SIZE_INFORMATION;
+NTSYSAPI
+VOID
+NTAPI
+PfxInitialize(
+ OUT PPREFIX_TABLE PrefixTable);
-typedef struct _FILE_FS_VOLUME_INFORMATION {
- LARGE_INTEGER VolumeCreationTime;
- ULONG VolumeSerialNumber;
- ULONG VolumeLabelLength;
- BOOLEAN SupportsObjects;
- WCHAR VolumeLabel[1];
-} FILE_FS_VOLUME_INFORMATION, *PFILE_FS_VOLUME_INFORMATION;
+NTSYSAPI
+BOOLEAN
+NTAPI
+PfxInsertPrefix(
+ IN PPREFIX_TABLE PrefixTable,
+ IN PSTRING Prefix,
+ OUT PPREFIX_TABLE_ENTRY PrefixTableEntry);
-typedef struct _FILE_FS_OBJECTID_INFORMATION
-{
- UCHAR ObjectId[16];
- UCHAR ExtendedInfo[48];
-} FILE_FS_OBJECTID_INFORMATION, *PFILE_FS_OBJECTID_INFORMATION;
+NTSYSAPI
+VOID
+NTAPI
+PfxRemovePrefix(
+ IN PPREFIX_TABLE PrefixTable,
+ IN PPREFIX_TABLE_ENTRY PrefixTableEntry);
-typedef struct _FILE_FS_DRIVER_PATH_INFORMATION
-{
- BOOLEAN DriverInPath;
- ULONG DriverNameLength;
- WCHAR DriverName[1];
-} FILE_FS_DRIVER_PATH_INFORMATION, *PFILE_FS_DRIVER_PATH_INFORMATION;
+NTSYSAPI
+PPREFIX_TABLE_ENTRY
+NTAPI
+PfxFindPrefix(
+ IN PPREFIX_TABLE PrefixTable,
+ IN PSTRING FullName);
-typedef struct _FILE_FULL_DIR_INFORMATION {
- ULONG NextEntryOffset;
- ULONG FileIndex;
- LARGE_INTEGER CreationTime;
- LARGE_INTEGER LastAccessTime;
- LARGE_INTEGER LastWriteTime;
- LARGE_INTEGER ChangeTime;
- LARGE_INTEGER EndOfFile;
- LARGE_INTEGER AllocationSize;
- ULONG FileAttributes;
- ULONG FileNameLength;
- ULONG EaSize;
- WCHAR FileName[1];
-} FILE_FULL_DIR_INFORMATION, *PFILE_FULL_DIR_INFORMATION;
+typedef struct _UNICODE_PREFIX_TABLE_ENTRY {
+ CSHORT NodeTypeCode;
+ CSHORT NameLength;
+ struct _UNICODE_PREFIX_TABLE_ENTRY *NextPrefixTree;
+ struct _UNICODE_PREFIX_TABLE_ENTRY *CaseMatch;
+ RTL_SPLAY_LINKS Links;
+ PUNICODE_STRING Prefix;
+} UNICODE_PREFIX_TABLE_ENTRY, *PUNICODE_PREFIX_TABLE_ENTRY;
-typedef struct _FILE_GET_EA_INFORMATION {
- ULONG NextEntryOffset;
- UCHAR EaNameLength;
- CHAR EaName[1];
-} FILE_GET_EA_INFORMATION, *PFILE_GET_EA_INFORMATION;
+typedef struct _UNICODE_PREFIX_TABLE {
+ CSHORT NodeTypeCode;
+ CSHORT NameLength;
+ PUNICODE_PREFIX_TABLE_ENTRY NextPrefixTree;
+ PUNICODE_PREFIX_TABLE_ENTRY LastNextEntry;
+} UNICODE_PREFIX_TABLE, *PUNICODE_PREFIX_TABLE;
-typedef struct _FILE_GET_QUOTA_INFORMATION {
- ULONG NextEntryOffset;
- ULONG SidLength;
- SID Sid;
-} FILE_GET_QUOTA_INFORMATION, *PFILE_GET_QUOTA_INFORMATION;
+NTSYSAPI
+VOID
+NTAPI
+RtlInitializeUnicodePrefix(
+ OUT PUNICODE_PREFIX_TABLE PrefixTable);
-typedef struct _FILE_QUOTA_INFORMATION
-{
- ULONG NextEntryOffset;
- ULONG SidLength;
- LARGE_INTEGER ChangeTime;
- LARGE_INTEGER QuotaUsed;
- LARGE_INTEGER QuotaThreshold;
- LARGE_INTEGER QuotaLimit;
- SID Sid;
-} FILE_QUOTA_INFORMATION, *PFILE_QUOTA_INFORMATION;
+NTSYSAPI
+BOOLEAN
+NTAPI
+RtlInsertUnicodePrefix(
+ IN PUNICODE_PREFIX_TABLE PrefixTable,
+ IN PUNICODE_STRING Prefix,
+ OUT PUNICODE_PREFIX_TABLE_ENTRY PrefixTableEntry);
-typedef struct _FILE_INTERNAL_INFORMATION {
- LARGE_INTEGER IndexNumber;
-} FILE_INTERNAL_INFORMATION, *PFILE_INTERNAL_INFORMATION;
+NTSYSAPI
+VOID
+NTAPI
+RtlRemoveUnicodePrefix(
+ IN PUNICODE_PREFIX_TABLE PrefixTable,
+ IN PUNICODE_PREFIX_TABLE_ENTRY PrefixTableEntry);
-typedef struct _FILE_LINK_INFORMATION {
- BOOLEAN ReplaceIfExists;
- HANDLE RootDirectory;
- ULONG FileNameLength;
- WCHAR FileName[1];
-} FILE_LINK_INFORMATION, *PFILE_LINK_INFORMATION;
+NTSYSAPI
+PUNICODE_PREFIX_TABLE_ENTRY
+NTAPI
+RtlFindUnicodePrefix(
+ IN PUNICODE_PREFIX_TABLE PrefixTable,
+ IN PUNICODE_STRING FullName,
+ IN ULONG CaseInsensitiveIndex);
-typedef struct _FILE_LOCK_INFO
-{
- LARGE_INTEGER StartingByte;
- LARGE_INTEGER Length;
- BOOLEAN ExclusiveLock;
- ULONG Key;
- PFILE_OBJECT FileObject;
- PVOID ProcessId;
- LARGE_INTEGER EndingByte;
-} FILE_LOCK_INFO, *PFILE_LOCK_INFO;
+NTSYSAPI
+PUNICODE_PREFIX_TABLE_ENTRY
+NTAPI
+RtlNextUnicodePrefix(
+ IN PUNICODE_PREFIX_TABLE PrefixTable,
+ IN BOOLEAN Restart);
-typedef struct _FILE_REPARSE_POINT_INFORMATION
-{
- LONGLONG FileReference;
- ULONG Tag;
-} FILE_REPARSE_POINT_INFORMATION, *PFILE_REPARSE_POINT_INFORMATION;
+NTSYSAPI
+SIZE_T
+NTAPI
+RtlCompareMemoryUlong(
+ IN PVOID Source,
+ IN SIZE_T Length,
+ IN ULONG Pattern);
-typedef struct _FILE_MOVE_CLUSTER_INFORMATION
-{
- ULONG ClusterCount;
- HANDLE RootDirectory;
- ULONG FileNameLength;
- WCHAR FileName[1];
-} FILE_MOVE_CLUSTER_INFORMATION, *PFILE_MOVE_CLUSTER_INFORMATION;
+NTSYSAPI
+BOOLEAN
+NTAPI
+RtlTimeToSecondsSince1980(
+ IN PLARGE_INTEGER Time,
+ OUT PULONG ElapsedSeconds);
-typedef struct _FILE_NOTIFY_INFORMATION
-{
- ULONG NextEntryOffset;
- ULONG Action;
- ULONG FileNameLength;
- WCHAR FileName[1];
-} FILE_NOTIFY_INFORMATION, *PFILE_NOTIFY_INFORMATION;
+NTSYSAPI
+VOID
+NTAPI
+RtlSecondsSince1980ToTime(
+ IN ULONG ElapsedSeconds,
+ OUT PLARGE_INTEGER Time);
-/* raw internal file lock struct returned from FsRtlGetNextFileLock */
-typedef struct _FILE_SHARED_LOCK_ENTRY {
- PVOID Unknown1;
- PVOID Unknown2;
- FILE_LOCK_INFO FileLock;
-} FILE_SHARED_LOCK_ENTRY, *PFILE_SHARED_LOCK_ENTRY;
+NTSYSAPI
+BOOLEAN
+NTAPI
+RtlTimeToSecondsSince1970(
+ IN PLARGE_INTEGER Time,
+ OUT PULONG ElapsedSeconds);
-/* raw internal file lock struct returned from FsRtlGetNextFileLock */
-typedef struct _FILE_EXCLUSIVE_LOCK_ENTRY {
- LIST_ENTRY ListEntry;
- PVOID Unknown1;
- PVOID Unknown2;
- FILE_LOCK_INFO FileLock;
-} FILE_EXCLUSIVE_LOCK_ENTRY, *PFILE_EXCLUSIVE_LOCK_ENTRY;
+NTSYSAPI
+VOID
+NTAPI
+RtlSecondsSince1970ToTime(
+ IN ULONG ElapsedSeconds,
+ OUT PLARGE_INTEGER Time);
-typedef NTSTATUS (NTAPI *PCOMPLETE_LOCK_IRP_ROUTINE) (
- IN PVOID Context,
- IN PIRP Irp
-);
+NTSYSAPI
+BOOLEAN
+NTAPI
+RtlValidSid(
+ IN PSID Sid);
-typedef VOID (NTAPI *PUNLOCK_ROUTINE) (
- IN PVOID Context,
- IN PFILE_LOCK_INFO FileLockInfo
-);
+NTSYSAPI
+BOOLEAN
+NTAPI
+RtlEqualSid(
+ IN PSID Sid1,
+ IN PSID Sid2);
-typedef struct _FILE_LOCK {
- PCOMPLETE_LOCK_IRP_ROUTINE CompleteLockIrpRoutine;
- PUNLOCK_ROUTINE UnlockRoutine;
- BOOLEAN FastIoIsQuestionable;
- BOOLEAN Pad[3];
- PVOID LockInformation;
- FILE_LOCK_INFO LastReturnedLockInfo;
- PVOID LastReturnedLock;
-} FILE_LOCK, *PFILE_LOCK;
+NTSYSAPI
+BOOLEAN
+NTAPI
+RtlEqualPrefixSid(
+ IN PSID Sid1,
+ IN PSID Sid2);
-typedef struct _FILE_MAILSLOT_PEEK_BUFFER {
- ULONG ReadDataAvailable;
- ULONG NumberOfMessages;
- ULONG MessageLength;
-} FILE_MAILSLOT_PEEK_BUFFER, *PFILE_MAILSLOT_PEEK_BUFFER;
+NTSYSAPI
+ULONG
+NTAPI
+RtlLengthRequiredSid(
+ IN ULONG SubAuthorityCount);
-typedef struct _FILE_MAILSLOT_QUERY_INFORMATION {
- ULONG MaximumMessageSize;
- ULONG MailslotQuota;
- ULONG NextMessageSize;
- ULONG MessagesAvailable;
- LARGE_INTEGER ReadTimeout;
-} FILE_MAILSLOT_QUERY_INFORMATION, *PFILE_MAILSLOT_QUERY_INFORMATION;
+NTSYSAPI
+PVOID
+NTAPI
+RtlFreeSid(
+ IN PSID Sid);
-typedef struct _FILE_MAILSLOT_SET_INFORMATION {
- PLARGE_INTEGER ReadTimeout;
-} FILE_MAILSLOT_SET_INFORMATION, *PFILE_MAILSLOT_SET_INFORMATION;
+NTSYSAPI
+NTSTATUS
+NTAPI
+RtlAllocateAndInitializeSid(
+ IN PSID_IDENTIFIER_AUTHORITY IdentifierAuthority,
+ IN UCHAR SubAuthorityCount,
+ IN ULONG SubAuthority0,
+ IN ULONG SubAuthority1,
+ IN ULONG SubAuthority2,
+ IN ULONG SubAuthority3,
+ IN ULONG SubAuthority4,
+ IN ULONG SubAuthority5,
+ IN ULONG SubAuthority6,
+ IN ULONG SubAuthority7,
+ OUT PSID *Sid);
-typedef struct _FILE_MODE_INFORMATION {
- ULONG Mode;
-} FILE_MODE_INFORMATION, *PFILE_MODE_INFORMATION;
+NTSYSAPI
+NTSTATUS
+NTAPI
+RtlInitializeSid(
+ OUT PSID Sid,
+ IN PSID_IDENTIFIER_AUTHORITY IdentifierAuthority,
+ IN UCHAR SubAuthorityCount);
-typedef struct _FILE_ALL_INFORMATION {
- FILE_BASIC_INFORMATION BasicInformation;
- FILE_STANDARD_INFORMATION StandardInformation;
- FILE_INTERNAL_INFORMATION InternalInformation;
- FILE_EA_INFORMATION EaInformation;
- FILE_ACCESS_INFORMATION AccessInformation;
- FILE_POSITION_INFORMATION PositionInformation;
- FILE_MODE_INFORMATION ModeInformation;
- FILE_ALIGNMENT_INFORMATION AlignmentInformation;
- FILE_NAME_INFORMATION NameInformation;
-} FILE_ALL_INFORMATION, *PFILE_ALL_INFORMATION;
+NTSYSAPI
+PULONG
+NTAPI
+RtlSubAuthoritySid(
+ IN PSID Sid,
+ IN ULONG SubAuthority);
-typedef struct _FILE_NAMES_INFORMATION {
- ULONG NextEntryOffset;
- ULONG FileIndex;
- ULONG FileNameLength;
- WCHAR FileName[1];
-} FILE_NAMES_INFORMATION, *PFILE_NAMES_INFORMATION;
+NTSYSAPI
+ULONG
+NTAPI
+RtlLengthSid(
+ IN PSID Sid);
-typedef struct _FILE_OBJECTID_INFORMATION {
- LONGLONG FileReference;
- UCHAR ObjectId[16];
- _ANONYMOUS_UNION union {
- __GNU_EXTENSION struct {
- UCHAR BirthVolumeId[16];
- UCHAR BirthObjectId[16];
- UCHAR DomainId[16];
- };
- UCHAR ExtendedInfo[48];
- } DUMMYUNIONNAME;
-} FILE_OBJECTID_INFORMATION, *PFILE_OBJECTID_INFORMATION;
+NTSYSAPI
+NTSTATUS
+NTAPI
+RtlCopySid(
+ IN ULONG Length,
+ IN PSID Destination,
+ IN PSID Source);
-typedef struct _FILE_OLE_CLASSID_INFORMATION {
- GUID ClassId;
-} FILE_OLE_CLASSID_INFORMATION, *PFILE_OLE_CLASSID_INFORMATION;
+NTSYSAPI
+NTSTATUS
+NTAPI
+RtlConvertSidToUnicodeString(
+ IN OUT PUNICODE_STRING UnicodeString,
+ IN PSID Sid,
+ IN BOOLEAN AllocateDestinationString);
-typedef struct _FILE_OLE_ALL_INFORMATION {
- FILE_BASIC_INFORMATION BasicInformation;
- FILE_STANDARD_INFORMATION StandardInformation;
- FILE_INTERNAL_INFORMATION InternalInformation;
- FILE_EA_INFORMATION EaInformation;
- FILE_ACCESS_INFORMATION AccessInformation;
- FILE_POSITION_INFORMATION PositionInformation;
- FILE_MODE_INFORMATION ModeInformation;
- FILE_ALIGNMENT_INFORMATION AlignmentInformation;
- USN LastChangeUsn;
- USN ReplicationUsn;
- LARGE_INTEGER SecurityChangeTime;
- FILE_OLE_CLASSID_INFORMATION OleClassIdInformation;
- FILE_OBJECTID_INFORMATION ObjectIdInformation;
- FILE_STORAGE_TYPE StorageType;
- ULONG OleStateBits;
- ULONG OleId;
- ULONG NumberOfStreamReferences;
- ULONG StreamIndex;
- ULONG SecurityId;
- BOOLEAN ContentIndexDisable;
- BOOLEAN InheritContentIndexDisable;
- FILE_NAME_INFORMATION NameInformation;
-} FILE_OLE_ALL_INFORMATION, *PFILE_OLE_ALL_INFORMATION;
+NTSYSAPI
+VOID
+NTAPI
+RtlCopyLuid(
+ OUT PLUID DestinationLuid,
+ IN PLUID SourceLuid);
-typedef struct _FILE_OLE_DIR_INFORMATION {
- ULONG NextEntryOffset;
- ULONG FileIndex;
- LARGE_INTEGER CreationTime;
- LARGE_INTEGER LastAccessTime;
- LARGE_INTEGER LastWriteTime;
- LARGE_INTEGER ChangeTime;
- LARGE_INTEGER EndOfFile;
- LARGE_INTEGER AllocationSize;
- ULONG FileAttributes;
- ULONG FileNameLength;
- FILE_STORAGE_TYPE StorageType;
- GUID OleClassId;
- ULONG OleStateBits;
- BOOLEAN ContentIndexDisable;
- BOOLEAN InheritContentIndexDisable;
- WCHAR FileName[1];
-} FILE_OLE_DIR_INFORMATION, *PFILE_OLE_DIR_INFORMATION;
+NTSYSAPI
+NTSTATUS
+NTAPI
+RtlCreateAcl(
+ OUT PACL Acl,
+ IN ULONG AclLength,
+ IN ULONG AclRevision);
-typedef struct _FILE_OLE_INFORMATION {
- LARGE_INTEGER SecurityChangeTime;
- FILE_OLE_CLASSID_INFORMATION OleClassIdInformation;
- FILE_OBJECTID_INFORMATION ObjectIdInformation;
- FILE_STORAGE_TYPE StorageType;
- ULONG OleStateBits;
- BOOLEAN ContentIndexDisable;
- BOOLEAN InheritContentIndexDisable;
-} FILE_OLE_INFORMATION, *PFILE_OLE_INFORMATION;
+NTSYSAPI
+NTSTATUS
+NTAPI
+RtlAddAce(
+ IN OUT PACL Acl,
+ IN ULONG AceRevision,
+ IN ULONG StartingAceIndex,
+ IN PVOID AceList,
+ IN ULONG AceListLength);
-typedef struct _FILE_OLE_STATE_BITS_INFORMATION {
- ULONG StateBits;
- ULONG StateBitsMask;
-} FILE_OLE_STATE_BITS_INFORMATION, *PFILE_OLE_STATE_BITS_INFORMATION;
+NTSYSAPI
+NTSTATUS
+NTAPI
+RtlDeleteAce(
+ IN OUT PACL Acl,
+ IN ULONG AceIndex);
-typedef struct _FILE_PIPE_ASSIGN_EVENT_BUFFER {
- HANDLE EventHandle;
- ULONG KeyValue;
-} FILE_PIPE_ASSIGN_EVENT_BUFFER, *PFILE_PIPE_ASSIGN_EVENT_BUFFER;
+NTSYSAPI
+NTSTATUS
+NTAPI
+RtlGetAce(
+ IN PACL Acl,
+ IN ULONG AceIndex,
+ OUT PVOID *Ace);
-typedef struct _FILE_PIPE_CLIENT_PROCESS_BUFFER {
- PVOID ClientSession;
- PVOID ClientProcess;
-} FILE_PIPE_CLIENT_PROCESS_BUFFER, *PFILE_PIPE_CLIENT_PROCESS_BUFFER;
+NTSYSAPI
+NTSTATUS
+NTAPI
+RtlAddAccessAllowedAce(
+ IN OUT PACL Acl,
+ IN ULONG AceRevision,
+ IN ACCESS_MASK AccessMask,
+ IN PSID Sid);
-typedef struct _FILE_PIPE_EVENT_BUFFER {
- ULONG NamedPipeState;
- ULONG EntryType;
- ULONG ByteCount;
- ULONG KeyValue;
- ULONG NumberRequests;
-} FILE_PIPE_EVENT_BUFFER, *PFILE_PIPE_EVENT_BUFFER;
+NTSYSAPI
+NTSTATUS
+NTAPI
+RtlAddAccessAllowedAceEx(
+ IN OUT PACL Acl,
+ IN ULONG AceRevision,
+ IN ULONG AceFlags,
+ IN ACCESS_MASK AccessMask,
+ IN PSID Sid);
-typedef struct _FILE_PIPE_PEEK_BUFFER
-{
- ULONG NamedPipeState;
- ULONG ReadDataAvailable;
- ULONG NumberOfMessages;
- ULONG MessageLength;
- CHAR Data[1];
-} FILE_PIPE_PEEK_BUFFER, *PFILE_PIPE_PEEK_BUFFER;
+NTSYSAPI
+NTSTATUS
+NTAPI
+RtlCreateSecurityDescriptorRelative(
+ OUT PISECURITY_DESCRIPTOR_RELATIVE SecurityDescriptor,
+ IN ULONG Revision);
-typedef struct _FILE_PIPE_INFORMATION {
- ULONG ReadMode;
- ULONG CompletionMode;
-} FILE_PIPE_INFORMATION, *PFILE_PIPE_INFORMATION;
+NTSYSAPI
+NTSTATUS
+NTAPI
+RtlGetDaclSecurityDescriptor(
+ IN PSECURITY_DESCRIPTOR SecurityDescriptor,
+ OUT PBOOLEAN DaclPresent,
+ OUT PACL *Dacl,
+ OUT PBOOLEAN DaclDefaulted);
-typedef struct _FILE_PIPE_LOCAL_INFORMATION {
- ULONG NamedPipeType;
- ULONG NamedPipeConfiguration;
- ULONG MaximumInstances;
- ULONG CurrentInstances;
- ULONG InboundQuota;
- ULONG ReadDataAvailable;
- ULONG OutboundQuota;
- ULONG WriteQuotaAvailable;
- ULONG NamedPipeState;
- ULONG NamedPipeEnd;
-} FILE_PIPE_LOCAL_INFORMATION, *PFILE_PIPE_LOCAL_INFORMATION;
+NTSYSAPI
+NTSTATUS
+NTAPI
+RtlSetOwnerSecurityDescriptor(
+ IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor,
+ IN PSID Owner OPTIONAL,
+ IN BOOLEAN OwnerDefaulted);
-typedef struct _FILE_PIPE_REMOTE_INFORMATION {
- LARGE_INTEGER CollectDataTime;
- ULONG MaximumCollectionCount;
-} FILE_PIPE_REMOTE_INFORMATION, *PFILE_PIPE_REMOTE_INFORMATION;
+NTSYSAPI
+NTSTATUS
+NTAPI
+RtlGetOwnerSecurityDescriptor(
+ IN PSECURITY_DESCRIPTOR SecurityDescriptor,
+ OUT PSID *Owner,
+ OUT PBOOLEAN OwnerDefaulted);
-typedef struct _FILE_PIPE_WAIT_FOR_BUFFER {
- LARGE_INTEGER Timeout;
- ULONG NameLength;
- BOOLEAN TimeoutSpecified;
- WCHAR Name[1];
-} FILE_PIPE_WAIT_FOR_BUFFER, *PFILE_PIPE_WAIT_FOR_BUFFER;
+NTSYSAPI
+ULONG
+NTAPI
+RtlNtStatusToDosError(
+ IN NTSTATUS Status);
-typedef struct _FILE_RENAME_INFORMATION {
- BOOLEAN ReplaceIfExists;
- HANDLE RootDirectory;
- ULONG FileNameLength;
- WCHAR FileName[1];
-} FILE_RENAME_INFORMATION, *PFILE_RENAME_INFORMATION;
+NTSYSAPI
+NTSTATUS
+NTAPI
+RtlCustomCPToUnicodeN(
+ IN PCPTABLEINFO CustomCP,
+ OUT PWCH UnicodeString,
+ IN ULONG MaxBytesInUnicodeString,
+ OUT PULONG BytesInUnicodeString OPTIONAL,
+ IN PCH CustomCPString,
+ IN ULONG BytesInCustomCPString);
-typedef struct _FILE_STREAM_INFORMATION {
- ULONG NextEntryOffset;
- ULONG StreamNameLength;
- LARGE_INTEGER StreamSize;
- LARGE_INTEGER StreamAllocationSize;
- WCHAR StreamName[1];
-} FILE_STREAM_INFORMATION, *PFILE_STREAM_INFORMATION;
+NTSYSAPI
+NTSTATUS
+NTAPI
+RtlUnicodeToCustomCPN(
+ IN PCPTABLEINFO CustomCP,
+ OUT PCH CustomCPString,
+ IN ULONG MaxBytesInCustomCPString,
+ OUT PULONG BytesInCustomCPString OPTIONAL,
+ IN PWCH UnicodeString,
+ IN ULONG BytesInUnicodeString);
-typedef struct _FILE_TRACKING_INFORMATION {
- HANDLE DestinationFile;
- ULONG ObjectInformationLength;
- CHAR ObjectInformation[1];
-} FILE_TRACKING_INFORMATION, *PFILE_TRACKING_INFORMATION;
+NTSYSAPI
+NTSTATUS
+NTAPI
+RtlUpcaseUnicodeToCustomCPN(
+ IN PCPTABLEINFO CustomCP,
+ OUT PCH CustomCPString,
+ IN ULONG MaxBytesInCustomCPString,
+ OUT PULONG BytesInCustomCPString OPTIONAL,
+ IN PWCH UnicodeString,
+ IN ULONG BytesInUnicodeString);
-#if (VER_PRODUCTBUILD >= 2195)
-typedef struct _FILE_ZERO_DATA_INFORMATION {
- LARGE_INTEGER FileOffset;
- LARGE_INTEGER BeyondFinalZero;
-} FILE_ZERO_DATA_INFORMATION, *PFILE_ZERO_DATA_INFORMATION;
+NTSYSAPI
+VOID
+NTAPI
+RtlInitCodePageTable(
+ IN PUSHORT TableBase,
+ IN OUT PCPTABLEINFO CodePageTable);
-typedef struct FILE_ALLOCATED_RANGE_BUFFER {
- LARGE_INTEGER FileOffset;
- LARGE_INTEGER Length;
-} FILE_ALLOCATED_RANGE_BUFFER, *PFILE_ALLOCATED_RANGE_BUFFER;
-#endif /* (VER_PRODUCTBUILD >= 2195) */
+#endif
-#define FSRTL_FCB_HEADER_V0 (0x00)
-#define FSRTL_FCB_HEADER_V1 (0x01)
+#if (NTDDI_VERSION >= NTDDI_WINXP)
+NTSYSAPI
+PVOID
+NTAPI
+RtlCreateHeap(
+ IN ULONG Flags,
+ IN PVOID HeapBase OPTIONAL,
+ IN SIZE_T ReserveSize OPTIONAL,
+ IN SIZE_T CommitSize OPTIONAL,
+ IN PVOID Lock OPTIONAL,
+ IN PRTL_HEAP_PARAMETERS Parameters OPTIONAL);
-typedef struct _FSRTL_COMMON_FCB_HEADER {
- CSHORT NodeTypeCode;
- CSHORT NodeByteSize;
- UCHAR Flags;
- UCHAR IsFastIoPossible;
-#if (VER_PRODUCTBUILD >= 1381)
- UCHAR Flags2;
- UCHAR Reserved;
-#endif /* (VER_PRODUCTBUILD >= 1381) */
- PERESOURCE Resource;
- PERESOURCE PagingIoResource;
- LARGE_INTEGER AllocationSize;
- LARGE_INTEGER FileSize;
- LARGE_INTEGER ValidDataLength;
-} FSRTL_COMMON_FCB_HEADER, *PFSRTL_COMMON_FCB_HEADER;
+NTSYSAPI
+PVOID
+NTAPI
+RtlDestroyHeap(
+ IN PVOID HeapHandle);
-typedef enum _FSRTL_COMPARISON_RESULT
-{
- LessThan = -1,
- EqualTo = 0,
- GreaterThan = 1
-} FSRTL_COMPARISON_RESULT;
-
-#if (VER_PRODUCTBUILD >= 2600)
+NTSYSAPI
+USHORT
+NTAPI
+RtlCaptureStackBackTrace(
+ IN ULONG FramesToSkip,
+ IN ULONG FramesToCapture,
+ OUT PVOID *BackTrace,
+ OUT PULONG BackTraceHash OPTIONAL);
-typedef struct _FSRTL_ADVANCED_FCB_HEADER {
- CSHORT NodeTypeCode;
- CSHORT NodeByteSize;
- UCHAR Flags;
- UCHAR IsFastIoPossible;
- UCHAR Flags2;
- UCHAR Reserved: 4;
- UCHAR Version: 4;
- PERESOURCE Resource;
- PERESOURCE PagingIoResource;
- LARGE_INTEGER AllocationSize;
- LARGE_INTEGER FileSize;
- LARGE_INTEGER ValidDataLength;
- PFAST_MUTEX FastMutex;
- LIST_ENTRY FilterContexts;
- EX_PUSH_LOCK PushLock;
- PVOID *FileContextSupportPointer;
-} FSRTL_ADVANCED_FCB_HEADER, *PFSRTL_ADVANCED_FCB_HEADER;
+NTSYSAPI
+ULONG
+NTAPI
+RtlRandomEx(
+ IN OUT PULONG Seed);
-typedef struct _FSRTL_PER_STREAM_CONTEXT {
- LIST_ENTRY Links;
- PVOID OwnerId;
- PVOID InstanceId;
- PFREE_FUNCTION FreeCallback;
-} FSRTL_PER_STREAM_CONTEXT, *PFSRTL_PER_STREAM_CONTEXT;
+NTSYSAPI
+NTSTATUS
+NTAPI
+RtlInitUnicodeStringEx(
+ OUT PUNICODE_STRING DestinationString,
+ IN PCWSTR SourceString OPTIONAL);
-typedef struct _FSRTL_PER_FILEOBJECT_CONTEXT
-{
- LIST_ENTRY Links;
- PVOID OwnerId;
- PVOID InstanceId;
-} FSRTL_PER_FILEOBJECT_CONTEXT, *PFSRTL_PER_FILEOBJECT_CONTEXT;
+NTSYSAPI
+NTSTATUS
+NTAPI
+RtlValidateUnicodeString(
+ IN ULONG Flags,
+ IN PCUNICODE_STRING String);
-#endif /* (VER_PRODUCTBUILD >= 2600) */
+NTSYSAPI
+NTSTATUS
+NTAPI
+RtlDuplicateUnicodeString(
+ IN ULONG Flags,
+ IN PCUNICODE_STRING SourceString,
+ OUT PUNICODE_STRING DestinationString);
-typedef struct _BASE_MCB
-{
- ULONG MaximumPairCount;
- ULONG PairCount;
- USHORT PoolType;
- USHORT Flags;
- PVOID Mapping;
-} BASE_MCB, *PBASE_MCB;
+NTSYSAPI
+NTSTATUS
+NTAPI
+RtlGetCompressionWorkSpaceSize(
+ IN USHORT CompressionFormatAndEngine,
+ OUT PULONG CompressBufferWorkSpaceSize,
+ OUT PULONG CompressFragmentWorkSpaceSize);
-typedef struct _LARGE_MCB
-{
- PKGUARDED_MUTEX GuardedMutex;
- BASE_MCB BaseMcb;
-} LARGE_MCB, *PLARGE_MCB;
+NTSYSAPI
+NTSTATUS
+NTAPI
+RtlCompressBuffer(
+ IN USHORT CompressionFormatAndEngine,
+ IN PUCHAR UncompressedBuffer,
+ IN ULONG UncompressedBufferSize,
+ OUT PUCHAR CompressedBuffer,
+ IN ULONG CompressedBufferSize,
+ IN ULONG UncompressedChunkSize,
+ OUT PULONG FinalCompressedSize,
+ IN PVOID WorkSpace);
-typedef struct _MCB
-{
- LARGE_MCB DummyFieldThatSizesThisStructureCorrectly;
-} MCB, *PMCB;
+NTSYSAPI
+NTSTATUS
+NTAPI
+RtlDecompressBuffer(
+ IN USHORT CompressionFormat,
+ OUT PUCHAR UncompressedBuffer,
+ IN ULONG UncompressedBufferSize,
+ IN PUCHAR CompressedBuffer,
+ IN ULONG CompressedBufferSize,
+ OUT PULONG FinalUncompressedSize);
-typedef struct _GENERATE_NAME_CONTEXT {
- USHORT Checksum;
- BOOLEAN CheckSumInserted;
- UCHAR NameLength;
- WCHAR NameBuffer[8];
- ULONG ExtensionLength;
- WCHAR ExtensionBuffer[4];
- ULONG LastIndexValue;
-} GENERATE_NAME_CONTEXT, *PGENERATE_NAME_CONTEXT;
+NTSYSAPI
+NTSTATUS
+NTAPI
+RtlDecompressFragment(
+ IN USHORT CompressionFormat,
+ OUT PUCHAR UncompressedFragment,
+ IN ULONG UncompressedFragmentSize,
+ IN PUCHAR CompressedBuffer,
+ IN ULONG CompressedBufferSize,
+ IN ULONG FragmentOffset,
+ OUT PULONG FinalUncompressedSize,
+ IN PVOID WorkSpace);
-typedef struct _MAPPING_PAIR {
- ULONGLONG Vcn;
- ULONGLONG Lcn;
-} MAPPING_PAIR, *PMAPPING_PAIR;
+NTSYSAPI
+NTSTATUS
+NTAPI
+RtlDescribeChunk(
+ IN USHORT CompressionFormat,
+ IN OUT PUCHAR *CompressedBuffer,
+ IN PUCHAR EndOfCompressedBufferPlus1,
+ OUT PUCHAR *ChunkBuffer,
+ OUT PULONG ChunkSize);
-typedef struct _GET_RETRIEVAL_DESCRIPTOR {
- ULONG NumberOfPairs;
- ULONGLONG StartVcn;
- MAPPING_PAIR Pair[1];
-} GET_RETRIEVAL_DESCRIPTOR, *PGET_RETRIEVAL_DESCRIPTOR;
+NTSYSAPI
+NTSTATUS
+NTAPI
+RtlReserveChunk(
+ IN USHORT CompressionFormat,
+ IN OUT PUCHAR *CompressedBuffer,
+ IN PUCHAR EndOfCompressedBufferPlus1,
+ OUT PUCHAR *ChunkBuffer,
+ IN ULONG ChunkSize);
-typedef struct _KQUEUE {
- DISPATCHER_HEADER Header;
- LIST_ENTRY EntryListHead;
- ULONG CurrentCount;
- ULONG MaximumCount;
- LIST_ENTRY ThreadListHead;
-} KQUEUE, *PKQUEUE, *RESTRICTED_POINTER PRKQUEUE;
+typedef struct _COMPRESSED_DATA_INFO {
+ USHORT CompressionFormatAndEngine;
+ UCHAR CompressionUnitShift;
+ UCHAR ChunkShift;
+ UCHAR ClusterShift;
+ UCHAR Reserved;
+ USHORT NumberOfChunks;
+ ULONG CompressedChunkSizes[ANYSIZE_ARRAY];
+} COMPRESSED_DATA_INFO, *PCOMPRESSED_DATA_INFO;
-#define ASSERT_QUEUE(Q) ASSERT(((Q)->Header.Type & KOBJECT_TYPE_MASK) == QueueObject);
+NTSYSAPI
+NTSTATUS
+NTAPI
+RtlDecompressChunks(
+ OUT PUCHAR UncompressedBuffer,
+ IN ULONG UncompressedBufferSize,
+ IN PUCHAR CompressedBuffer,
+ IN ULONG CompressedBufferSize,
+ IN PUCHAR CompressedTail,
+ IN ULONG CompressedTailSize,
+ IN PCOMPRESSED_DATA_INFO CompressedDataInfo);
-typedef struct _MBCB {
- CSHORT NodeTypeCode;
- CSHORT NodeIsInZone;
- ULONG PagesToWrite;
- ULONG DirtyPages;
- ULONG Reserved;
- LIST_ENTRY BitmapRanges;
- LONGLONG ResumeWritePage;
- BITMAP_RANGE BitmapRange1;
- BITMAP_RANGE BitmapRange2;
- BITMAP_RANGE BitmapRange3;
-} MBCB, *PMBCB;
+NTSYSAPI
+NTSTATUS
+NTAPI
+RtlCompressChunks(
+ IN PUCHAR UncompressedBuffer,
+ IN ULONG UncompressedBufferSize,
+ OUT PUCHAR CompressedBuffer,
+ IN ULONG CompressedBufferSize,
+ IN OUT PCOMPRESSED_DATA_INFO CompressedDataInfo,
+ IN ULONG CompressedDataInfoLength,
+ IN PVOID WorkSpace);
-typedef enum _MMFLUSH_TYPE {
- MmFlushForDelete,
- MmFlushForWrite
-} MMFLUSH_TYPE;
+NTSYSAPI
+PSID_IDENTIFIER_AUTHORITY
+NTAPI
+RtlIdentifierAuthoritySid(
+ IN PSID Sid);
-typedef struct _MOVEFILE_DESCRIPTOR {
- HANDLE FileHandle;
- ULONG Reserved;
- LARGE_INTEGER StartVcn;
- LARGE_INTEGER TargetLcn;
- ULONG NumVcns;
- ULONG Reserved1;
-} MOVEFILE_DESCRIPTOR, *PMOVEFILE_DESCRIPTOR;
+NTSYSAPI
+PUCHAR
+NTAPI
+RtlSubAuthorityCountSid(
+ IN PSID Sid);
-typedef struct _OBJECT_BASIC_INFO {
- ULONG Attributes;
- ACCESS_MASK GrantedAccess;
- ULONG HandleCount;
- ULONG ReferenceCount;
- ULONG PagedPoolUsage;
- ULONG NonPagedPoolUsage;
- ULONG Reserved[3];
- ULONG NameInformationLength;
- ULONG TypeInformationLength;
- ULONG SecurityDescriptorLength;
- LARGE_INTEGER CreateTime;
-} OBJECT_BASIC_INFO, *POBJECT_BASIC_INFO;
+NTSYSAPI
+ULONG
+NTAPI
+RtlNtStatusToDosErrorNoTeb(
+ IN NTSTATUS Status);
-typedef struct _OBJECT_HANDLE_ATTRIBUTE_INFO {
- BOOLEAN Inherit;
- BOOLEAN ProtectFromClose;
-} OBJECT_HANDLE_ATTRIBUTE_INFO, *POBJECT_HANDLE_ATTRIBUTE_INFO;
+NTSYSAPI
+NTSTATUS
+NTAPI
+RtlCreateSystemVolumeInformationFolder(
+ IN PCUNICODE_STRING VolumeRootPath);
-typedef struct _OBJECT_NAME_INFO {
- UNICODE_STRING ObjectName;
- WCHAR ObjectNameBuffer[1];
-} OBJECT_NAME_INFO, *POBJECT_NAME_INFO;
+#endif
-typedef struct _OBJECT_PROTECTION_INFO {
- BOOLEAN Inherit;
- BOOLEAN ProtectHandle;
-} OBJECT_PROTECTION_INFO, *POBJECT_PROTECTION_INFO;
+#if defined(_M_AMD64)
-typedef struct _OBJECT_TYPE_INFO {
- UNICODE_STRING ObjectTypeName;
- UCHAR Unknown[0x58];
- WCHAR ObjectTypeNameBuffer[1];
-} OBJECT_TYPE_INFO, *POBJECT_TYPE_INFO;
+FORCEINLINE
+VOID
+RtlFillMemoryUlong (
+ OUT PVOID Destination,
+ IN SIZE_T Length,
+ IN ULONG Pattern)
+{
+ PULONG Address = (PULONG)Destination;
+ if ((Length /= 4) != 0) {
+ if (((ULONG64)Address & 4) != 0) {
+ *Address = Pattern;
+ if ((Length -= 1) == 0) {
+ return;
+ }
+ Address += 1;
+ }
+ __stosq((PULONG64)(Address), Pattern | ((ULONG64)Pattern << 32), Length / 2);
+ if ((Length & 1) != 0) Address[Length - 1] = Pattern;
+ }
+ return;
+}
-typedef struct _OBJECT_ALL_TYPES_INFO {
- ULONG NumberOfObjectTypes;
- OBJECT_TYPE_INFO ObjectsTypeInfo[1];
-} OBJECT_ALL_TYPES_INFO, *POBJECT_ALL_TYPES_INFO;
+#define RtlFillMemoryUlonglong(Destination, Length, Pattern) \
+ __stosq((PULONG64)(Destination), Pattern, (Length) / 8)
-typedef struct _PATHNAME_BUFFER {
- ULONG PathNameLength;
- WCHAR Name[1];
-} PATHNAME_BUFFER, *PPATHNAME_BUFFER;
+#else
-typedef enum _RTL_GENERIC_COMPARE_RESULTS
-{
- GenericLessThan,
- GenericGreaterThan,
- GenericEqual
-} RTL_GENERIC_COMPARE_RESULTS;
+#if (NTDDI_VERSION >= NTDDI_WINXP)
-typedef enum _TABLE_SEARCH_RESULT
-{
- TableEmptyTree,
- TableFoundNode,
- TableInsertAsLeft,
- TableInsertAsRight
-} TABLE_SEARCH_RESULT;
+NTSYSAPI
+VOID
+NTAPI
+RtlFillMemoryUlong(
+ OUT PVOID Destination,
+ IN SIZE_T Length,
+ IN ULONG Pattern);
-typedef NTSTATUS
-(NTAPI *PRTL_AVL_MATCH_FUNCTION)(
- struct _RTL_AVL_TABLE *Table,
- PVOID UserData,
- PVOID MatchData
-);
+NTSYSAPI
+VOID
+NTAPI
+RtlFillMemoryUlonglong(
+ OUT PVOID Destination,
+ IN SIZE_T Length,
+ IN ULONGLONG Pattern);
-typedef RTL_GENERIC_COMPARE_RESULTS
-(NTAPI *PRTL_AVL_COMPARE_ROUTINE) (
- struct _RTL_AVL_TABLE *Table,
- PVOID FirstStruct,
- PVOID SecondStruct
-);
+#endif
-typedef RTL_GENERIC_COMPARE_RESULTS
-(NTAPI *PRTL_GENERIC_COMPARE_ROUTINE) (
- struct _RTL_GENERIC_TABLE *Table,
- PVOID FirstStruct,
- PVOID SecondStruct
-);
+#endif // defined(_M_AMD64)
-typedef PVOID
-(NTAPI *PRTL_GENERIC_ALLOCATE_ROUTINE) (
- struct _RTL_GENERIC_TABLE *Table,
- CLONG ByteSize
-);
+#if (NTDDI_VERSION >= NTDDI_WS03)
-typedef VOID
-(NTAPI *PRTL_GENERIC_FREE_ROUTINE) (
- struct _RTL_GENERIC_TABLE *Table,
- PVOID Buffer
-);
+NTSYSAPI
+NTSTATUS
+NTAPI
+RtlInitAnsiStringEx(
+ OUT PANSI_STRING DestinationString,
+ IN PCSZ SourceString OPTIONAL);
-typedef PVOID
-(NTAPI *PRTL_AVL_ALLOCATE_ROUTINE) (
- struct _RTL_AVL_TABLE *Table,
- CLONG ByteSize
-);
+#endif
-typedef VOID
-(NTAPI *PRTL_AVL_FREE_ROUTINE) (
- struct _RTL_AVL_TABLE *Table,
- PVOID Buffer
-);
+#if (NTDDI_VERSION >= NTDDI_WS03SP1)
-typedef struct _PUBLIC_BCB {
- CSHORT NodeTypeCode;
- CSHORT NodeByteSize;
- ULONG MappedLength;
- LARGE_INTEGER MappedFileOffset;
-} PUBLIC_BCB, *PPUBLIC_BCB;
+NTSYSAPI
+NTSTATUS
+NTAPI
+RtlGetSaclSecurityDescriptor(
+ IN PSECURITY_DESCRIPTOR SecurityDescriptor,
+ OUT PBOOLEAN SaclPresent,
+ OUT PACL *Sacl,
+ OUT PBOOLEAN SaclDefaulted);
-typedef struct _QUERY_PATH_REQUEST {
- ULONG PathNameLength;
- PIO_SECURITY_CONTEXT SecurityContext;
- WCHAR FilePathName[1];
-} QUERY_PATH_REQUEST, *PQUERY_PATH_REQUEST;
+NTSYSAPI
+NTSTATUS
+NTAPI
+RtlSetGroupSecurityDescriptor(
+ IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor,
+ IN PSID Group OPTIONAL,
+ IN BOOLEAN GroupDefaulted OPTIONAL);
-typedef struct _QUERY_PATH_RESPONSE {
- ULONG LengthAccepted;
-} QUERY_PATH_RESPONSE, *PQUERY_PATH_RESPONSE;
+NTSYSAPI
+NTSTATUS
+NTAPI
+RtlGetGroupSecurityDescriptor(
+ IN PSECURITY_DESCRIPTOR SecurityDescriptor,
+ OUT PSID *Group,
+ OUT PBOOLEAN GroupDefaulted);
-typedef struct _RETRIEVAL_POINTERS_BUFFER {
- ULONG ExtentCount;
- LARGE_INTEGER StartingVcn;
- struct {
- LARGE_INTEGER NextVcn;
- LARGE_INTEGER Lcn;
- } Extents[1];
-} RETRIEVAL_POINTERS_BUFFER, *PRETRIEVAL_POINTERS_BUFFER;
+NTSYSAPI
+NTSTATUS
+NTAPI
+RtlAbsoluteToSelfRelativeSD(
+ IN PSECURITY_DESCRIPTOR AbsoluteSecurityDescriptor,
+ OUT PSECURITY_DESCRIPTOR SelfRelativeSecurityDescriptor OPTIONAL,
+ IN OUT PULONG BufferLength);
-typedef struct _RTL_SPLAY_LINKS {
- struct _RTL_SPLAY_LINKS *Parent;
- struct _RTL_SPLAY_LINKS *LeftChild;
- struct _RTL_SPLAY_LINKS *RightChild;
-} RTL_SPLAY_LINKS, *PRTL_SPLAY_LINKS;
+NTSYSAPI
+NTSTATUS
+NTAPI
+RtlSelfRelativeToAbsoluteSD(
+ IN PSECURITY_DESCRIPTOR SelfRelativeSecurityDescriptor,
+ OUT PSECURITY_DESCRIPTOR AbsoluteSecurityDescriptor OPTIONAL,
+ IN OUT PULONG AbsoluteSecurityDescriptorSize,
+ OUT PACL Dacl OPTIONAL,
+ IN OUT PULONG DaclSize,
+ OUT PACL Sacl OPTIONAL,
+ IN OUT PULONG SaclSize,
+ OUT PSID Owner OPTIONAL,
+ IN OUT PULONG OwnerSize,
+ OUT PSID PrimaryGroup OPTIONAL,
+ IN OUT PULONG PrimaryGroupSize);
-typedef struct _RTL_BALANCED_LINKS
-{
- struct _RTL_BALANCED_LINKS *Parent;
- struct _RTL_BALANCED_LINKS *LeftChild;
- struct _RTL_BALANCED_LINKS *RightChild;
- CHAR Balance;
- UCHAR Reserved[3];
-} RTL_BALANCED_LINKS, *PRTL_BALANCED_LINKS;
+#endif
-typedef struct _RTL_GENERIC_TABLE
-{
- PRTL_SPLAY_LINKS TableRoot;
- LIST_ENTRY InsertOrderList;
- PLIST_ENTRY OrderedPointer;
- ULONG WhichOrderedElement;
- ULONG NumberGenericTableElements;
- PRTL_GENERIC_COMPARE_ROUTINE CompareRoutine;
- PRTL_GENERIC_ALLOCATE_ROUTINE AllocateRoutine;
- PRTL_GENERIC_FREE_ROUTINE FreeRoutine;
- PVOID TableContext;
-} RTL_GENERIC_TABLE, *PRTL_GENERIC_TABLE;
+#if (NTDDI_VERSION >= NTDDI_VISTA)
-typedef struct _UNICODE_PREFIX_TABLE_ENTRY
-{
- CSHORT NodeTypeCode;
- CSHORT NameLength;
- struct _UNICODE_PREFIX_TABLE_ENTRY *NextPrefixTree;
- struct _UNICODE_PREFIX_TABLE_ENTRY *CaseMatch;
- RTL_SPLAY_LINKS Links;
- PUNICODE_STRING Prefix;
-} UNICODE_PREFIX_TABLE_ENTRY, *PUNICODE_PREFIX_TABLE_ENTRY;
-
-typedef struct _UNICODE_PREFIX_TABLE
-{
- CSHORT NodeTypeCode;
- CSHORT NameLength;
- PUNICODE_PREFIX_TABLE_ENTRY NextPrefixTree;
- PUNICODE_PREFIX_TABLE_ENTRY LastNextEntry;
-} UNICODE_PREFIX_TABLE, *PUNICODE_PREFIX_TABLE;
-
NTSYSAPI
-VOID
+NTSTATUS
NTAPI
-RtlInitializeUnicodePrefix (
- IN PUNICODE_PREFIX_TABLE PrefixTable
-);
-
+RtlNormalizeString(
+ IN ULONG NormForm,
+ IN PCWSTR SourceString,
+ IN LONG SourceStringLength,
+ OUT PWSTR DestinationString,
+ IN OUT PLONG DestinationStringLength);
+
NTSYSAPI
-BOOLEAN
+NTSTATUS
NTAPI
-RtlInsertUnicodePrefix (
- IN PUNICODE_PREFIX_TABLE PrefixTable,
- IN PUNICODE_STRING Prefix,
- IN PUNICODE_PREFIX_TABLE_ENTRY PrefixTableEntry
-);
-
+RtlIsNormalizedString(
+ IN ULONG NormForm,
+ IN PCWSTR SourceString,
+ IN LONG SourceStringLength,
+ OUT PBOOLEAN Normalized);
+
NTSYSAPI
-VOID
+NTSTATUS
NTAPI
-RtlRemoveUnicodePrefix (
- IN PUNICODE_PREFIX_TABLE PrefixTable,
- IN PUNICODE_PREFIX_TABLE_ENTRY PrefixTableEntry
-);
+RtlIdnToAscii(
+ IN ULONG Flags,
+ IN PCWSTR SourceString,
+ IN LONG SourceStringLength,
+ OUT PWSTR DestinationString,
+ IN OUT PLONG DestinationStringLength);
NTSYSAPI
-PUNICODE_PREFIX_TABLE_ENTRY
+NTSTATUS
NTAPI
-RtlFindUnicodePrefix (
- IN PUNICODE_PREFIX_TABLE PrefixTable,
- IN PUNICODE_STRING FullName,
- IN ULONG CaseInsensitiveIndex
-);
-
+RtlIdnToUnicode(
+ IN ULONG Flags,
+ IN PCWSTR SourceString,
+ IN LONG SourceStringLength,
+ OUT PWSTR DestinationString,
+ IN OUT PLONG DestinationStringLength);
+
NTSYSAPI
-PUNICODE_PREFIX_TABLE_ENTRY
+NTSTATUS
NTAPI
-RtlNextUnicodePrefix (
- IN PUNICODE_PREFIX_TABLE PrefixTable,
- IN BOOLEAN Restart
-);
+RtlIdnToNameprepUnicode(
+ IN ULONG Flags,
+ IN PCWSTR SourceString,
+ IN LONG SourceStringLength,
+ OUT PWSTR DestinationString,
+ IN OUT PLONG DestinationStringLength);
-#undef PRTL_GENERIC_COMPARE_ROUTINE
-#undef PRTL_GENERIC_ALLOCATE_ROUTINE
-#undef PRTL_GENERIC_FREE_ROUTINE
-#undef RTL_GENERIC_TABLE
-#undef PRTL_GENERIC_TABLE
+NTSYSAPI
+NTSTATUS
+NTAPI
+RtlCreateServiceSid(
+ IN PUNICODE_STRING ServiceName,
+ OUT PSID ServiceSid,
+ IN OUT PULONG ServiceSidLength);
-#define PRTL_GENERIC_COMPARE_ROUTINE PRTL_AVL_COMPARE_ROUTINE
-#define PRTL_GENERIC_ALLOCATE_ROUTINE PRTL_AVL_ALLOCATE_ROUTINE
-#define PRTL_GENERIC_FREE_ROUTINE PRTL_AVL_FREE_ROUTINE
-#define RTL_GENERIC_TABLE RTL_AVL_TABLE
-#define PRTL_GENERIC_TABLE PRTL_AVL_TABLE
+NTSYSAPI
+LONG
+NTAPI
+RtlCompareAltitudes(
+ IN PCUNICODE_STRING Altitude1,
+ IN PCUNICODE_STRING Altitude2);
-#define RtlInitializeGenericTable RtlInitializeGenericTableAvl
-#define RtlInsertElementGenericTable RtlInsertElementGenericTableAvl
-#define RtlInsertElementGenericTableFull RtlInsertElementGenericTableFullAvl
-#define RtlDeleteElementGenericTable RtlDeleteElementGenericTableAvl
-#define RtlLookupElementGenericTable RtlLookupElementGenericTableAvl
-#define RtlLookupElementGenericTableFull RtlLookupElementGenericTableFullAvl
-#define RtlEnumerateGenericTable RtlEnumerateGenericTableAvl
-#define RtlEnumerateGenericTableWithoutSplaying RtlEnumerateGenericTableWithoutSplayingAvl
-#define RtlGetElementGenericTable RtlGetElementGenericTableAvl
-#define RtlNumberGenericTableElements RtlNumberGenericTableElementsAvl
-#define RtlIsGenericTableEmpty RtlIsGenericTableEmptyAvl
+#endif
-typedef struct _RTL_AVL_TABLE
-{
- RTL_BALANCED_LINKS BalancedRoot;
- PVOID OrderedPointer;
- ULONG WhichOrderedElement;
- ULONG NumberGenericTableElements;
- ULONG DepthOfTree;
- PRTL_BALANCED_LINKS RestartKey;
- ULONG DeleteCount;
- PRTL_AVL_COMPARE_ROUTINE CompareRoutine;
- PRTL_AVL_ALLOCATE_ROUTINE AllocateRoutine;
- PRTL_AVL_FREE_ROUTINE FreeRoutine;
- PVOID TableContext;
-} RTL_AVL_TABLE, *PRTL_AVL_TABLE;
+#if (NTDDI_VERSION >= NTDDI_WIN7)
NTSYSAPI
-VOID
+NTSTATUS
NTAPI
-RtlInitializeGenericTableAvl(
- PRTL_AVL_TABLE Table,
- PRTL_AVL_COMPARE_ROUTINE CompareRoutine,
- PRTL_AVL_ALLOCATE_ROUTINE AllocateRoutine,
- PRTL_AVL_FREE_ROUTINE FreeRoutine,
- PVOID TableContext
-);
+RtlUnicodeToUTF8N(
+ OUT PCHAR UTF8StringDestination,
+ IN ULONG UTF8StringMaxByteCount,
+ OUT PULONG UTF8StringActualByteCount,
+ IN PCWCH UnicodeStringSource,
+ IN ULONG UnicodeStringByteCount);
NTSYSAPI
-PVOID
-NTAPI
-RtlInsertElementGenericTableAvl (
- PRTL_AVL_TABLE Table,
- PVOID Buffer,
- CLONG BufferSize,
- PBOOLEAN NewElement OPTIONAL
- );
-
-NTSYSAPI
-BOOLEAN
+NTSTATUS
NTAPI
-RtlDeleteElementGenericTableAvl (
- PRTL_AVL_TABLE Table,
- PVOID Buffer
- );
-
+RtlUTF8ToUnicodeN(
+ OUT PWSTR UnicodeStringDestination,
+ IN ULONG UnicodeStringMaxByteCount,
+ OUT PULONG UnicodeStringActualByteCount,
+ IN PCCH UTF8StringSource,
+ IN ULONG UTF8StringByteCount);
+
NTSYSAPI
-PVOID
+NTSTATUS
NTAPI
-RtlLookupElementGenericTableAvl (
- PRTL_AVL_TABLE Table,
- PVOID Buffer
- );
-
+RtlReplaceSidInSd(
+ IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor,
+ IN PSID OldSid,
+ IN PSID NewSid,
+ OUT ULONG *NumChanges);
+
NTSYSAPI
-PVOID
+NTSTATUS
NTAPI
-RtlEnumerateGenericTableWithoutSplayingAvl (
- PRTL_AVL_TABLE Table,
- PVOID *RestartKey
- );
+RtlCreateVirtualAccountSid(
+ IN PCUNICODE_STRING Name,
+ IN ULONG BaseSubAuthority,
+ OUT PSID Sid,
+ IN OUT PULONG SidLength);
-#if defined(USE_LPC6432)
-#define LPC_CLIENT_ID CLIENT_ID64
-#define LPC_SIZE_T ULONGLONG
-#define LPC_PVOID ULONGLONG
-#define LPC_HANDLE ULONGLONG
-#else
-#define LPC_CLIENT_ID CLIENT_ID
-#define LPC_SIZE_T SIZE_T
-#define LPC_PVOID PVOID
-#define LPC_HANDLE HANDLE
#endif
-typedef struct _PORT_MESSAGE
-{
- union
- {
- struct
- {
- CSHORT DataLength;
- CSHORT TotalLength;
- } s1;
- ULONG Length;
- } u1;
- union
- {
- struct
- {
- CSHORT Type;
- CSHORT DataInfoOffset;
- } s2;
- ULONG ZeroInit;
- } u2;
- __GNU_EXTENSION union
- {
- LPC_CLIENT_ID ClientId;
- double DoNotUseThisField;
- };
- ULONG MessageId;
- __GNU_EXTENSION union
- {
- LPC_SIZE_T ClientViewSize;
- ULONG CallbackId;
- };
-} PORT_MESSAGE, *PPORT_MESSAGE;
-
-#define LPC_KERNELMODE_MESSAGE (CSHORT)((USHORT)0x8000)
+#define HEAP_NO_SERIALIZE 0x00000001
+#define HEAP_GROWABLE 0x00000002
+#define HEAP_GENERATE_EXCEPTIONS 0x00000004
+#define HEAP_ZERO_MEMORY 0x00000008
+#define HEAP_REALLOC_IN_PLACE_ONLY 0x00000010
+#define HEAP_TAIL_CHECKING_ENABLED 0x00000020
+#define HEAP_FREE_CHECKING_ENABLED 0x00000040
+#define HEAP_DISABLE_COALESCE_ON_FREE 0x00000080
-typedef struct _PORT_VIEW
-{
- ULONG Length;
- LPC_HANDLE SectionHandle;
- ULONG SectionOffset;
- LPC_SIZE_T ViewSize;
- LPC_PVOID ViewBase;
- LPC_PVOID ViewRemoteBase;
-} PORT_VIEW, *PPORT_VIEW;
+#define HEAP_CREATE_ALIGN_16 0x00010000
+#define HEAP_CREATE_ENABLE_TRACING 0x00020000
+#define HEAP_CREATE_ENABLE_EXECUTE 0x00040000
-typedef struct _REMOTE_PORT_VIEW
+#define HEAP_SETTABLE_USER_VALUE 0x00000100
+#define HEAP_SETTABLE_USER_FLAG1 0x00000200
+#define HEAP_SETTABLE_USER_FLAG2 0x00000400
+#define HEAP_SETTABLE_USER_FLAG3 0x00000800
+#define HEAP_SETTABLE_USER_FLAGS 0x00000E00
+
+#define HEAP_CLASS_0 0x00000000
+#define HEAP_CLASS_1 0x00001000
+#define HEAP_CLASS_2 0x00002000
+#define HEAP_CLASS_3 0x00003000
+#define HEAP_CLASS_4 0x00004000
+#define HEAP_CLASS_5 0x00005000
+#define HEAP_CLASS_6 0x00006000
+#define HEAP_CLASS_7 0x00007000
+#define HEAP_CLASS_8 0x00008000
+#define HEAP_CLASS_MASK 0x0000F000
+
+#define HEAP_MAXIMUM_TAG 0x0FFF
+#define HEAP_GLOBAL_TAG 0x0800
+#define HEAP_PSEUDO_TAG_FLAG 0x8000
+#define HEAP_TAG_SHIFT 18
+#define HEAP_TAG_MASK (HEAP_MAXIMUM_TAG << HEAP_TAG_SHIFT)
+
+#define HEAP_CREATE_VALID_MASK (HEAP_NO_SERIALIZE | \
+ HEAP_GROWABLE | \
+ HEAP_GENERATE_EXCEPTIONS | \
+ HEAP_ZERO_MEMORY | \
+ HEAP_REALLOC_IN_PLACE_ONLY | \
+ HEAP_TAIL_CHECKING_ENABLED | \
+ HEAP_FREE_CHECKING_ENABLED | \
+ HEAP_DISABLE_COALESCE_ON_FREE | \
+ HEAP_CLASS_MASK | \
+ HEAP_CREATE_ALIGN_16 | \
+ HEAP_CREATE_ENABLE_TRACING | \
+ HEAP_CREATE_ENABLE_EXECUTE)
+
+FORCEINLINE
+ULONG
+HEAP_MAKE_TAG_FLAGS(
+ IN ULONG TagBase,
+ IN ULONG Tag)
{
- ULONG Length;
- LPC_SIZE_T ViewSize;
- LPC_PVOID ViewBase;
-} REMOTE_PORT_VIEW, *PREMOTE_PORT_VIEW;
+ //__assume_bound(TagBase); // FIXME
+ return ((ULONG)((TagBase) + ((Tag) << HEAP_TAG_SHIFT)));
+}
-typedef struct _SE_EXPORTS {
+#define RTL_DUPLICATE_UNICODE_STRING_NULL_TERMINATE 1
+#define RTL_DUPLICATE_UNICODE_STRING_ALLOCATE_NULL_STRING 2
- LUID SeCreateTokenPrivilege;
- LUID SeAssignPrimaryTokenPrivilege;
- LUID SeLockMemoryPrivilege;
- LUID SeIncreaseQuotaPrivilege;
- LUID SeUnsolicitedInputPrivilege;
- LUID SeTcbPrivilege;
- LUID SeSecurityPrivilege;
- LUID SeTakeOwnershipPrivilege;
- LUID SeLoadDriverPrivilege;
- LUID SeCreatePagefilePrivilege;
- LUID SeIncreaseBasePriorityPrivilege;
- LUID SeSystemProfilePrivilege;
- LUID SeSystemtimePrivilege;
- LUID SeProfileSingleProcessPrivilege;
- LUID SeCreatePermanentPrivilege;
- LUID SeBackupPrivilege;
- LUID SeRestorePrivilege;
- LUID SeShutdownPrivilege;
- LUID SeDebugPrivilege;
- LUID SeAuditPrivilege;
- LUID SeSystemEnvironmentPrivilege;
- LUID SeChangeNotifyPrivilege;
- LUID SeRemoteShutdownPrivilege;
-
- PSID SeNullSid;
- PSID SeWorldSid;
- PSID SeLocalSid;
- PSID SeCreatorOwnerSid;
- PSID SeCreatorGroupSid;
-
- PSID SeNtAuthoritySid;
- PSID SeDialupSid;
- PSID SeNetworkSid;
- PSID SeBatchSid;
- PSID SeInteractiveSid;
- PSID SeLocalSystemSid;
- PSID SeAliasAdminsSid;
- PSID SeAliasUsersSid;
- PSID SeAliasGuestsSid;
- PSID SeAliasPowerUsersSid;
- PSID SeAliasAccountOpsSid;
- PSID SeAliasSystemOpsSid;
- PSID SeAliasPrintOpsSid;
- PSID SeAliasBackupOpsSid;
-
- PSID SeAuthenticatedUsersSid;
-
- PSID SeRestrictedSid;
- PSID SeAnonymousLogonSid;
-
- LUID SeUndockPrivilege;
- LUID SeSyncAgentPrivilege;
- LUID SeEnableDelegationPrivilege;
+#define RtlUnicodeStringToOemSize(STRING) (NLS_MB_OEM_CODE_PAGE_TAG ? \
+ RtlxUnicodeStringToOemSize(STRING) : \
+ ((STRING)->Length + sizeof(UNICODE_NULL)) / sizeof(WCHAR) \
+)
-} SE_EXPORTS, *PSE_EXPORTS;
+#define RtlOemStringToUnicodeSize(STRING) ( \
+ NLS_MB_OEM_CODE_PAGE_TAG ? \
+ RtlxOemStringToUnicodeSize(STRING) : \
+ ((STRING)->Length + sizeof(ANSI_NULL)) * sizeof(WCHAR) \
+)
-extern PSE_EXPORTS SeExports;
+#define RtlOemStringToCountedUnicodeSize(STRING) ( \
+ (ULONG)(RtlOemStringToUnicodeSize(STRING) - sizeof(UNICODE_NULL)) \
+)
-typedef struct
-{
- LARGE_INTEGER StartingLcn;
-} STARTING_LCN_INPUT_BUFFER, *PSTARTING_LCN_INPUT_BUFFER;
+typedef PVOID
+(NTAPI *PRTL_ALLOCATE_STRING_ROUTINE)(
+ IN SIZE_T NumberOfBytes);
-typedef struct _STARTING_VCN_INPUT_BUFFER {
- LARGE_INTEGER StartingVcn;
-} STARTING_VCN_INPUT_BUFFER, *PSTARTING_VCN_INPUT_BUFFER;
+#if _WIN32_WINNT >= 0x0600
-typedef struct _SECURITY_CLIENT_CONTEXT {
- SECURITY_QUALITY_OF_SERVICE SecurityQos;
- PACCESS_TOKEN ClientToken;
- BOOLEAN DirectlyAccessClientToken;
- BOOLEAN DirectAccessEffectiveOnly;
- BOOLEAN ServerIsRemote;
- TOKEN_CONTROL ClientTokenControl;
-} SECURITY_CLIENT_CONTEXT, *PSECURITY_CLIENT_CONTEXT;
+typedef PVOID
+(NTAPI *PRTL_REALLOCATE_STRING_ROUTINE)(
+ IN SIZE_T NumberOfBytes,
+ IN PVOID Buffer);
-typedef struct _TUNNEL {
- FAST_MUTEX Mutex;
- PRTL_SPLAY_LINKS Cache;
- LIST_ENTRY TimerQueue;
- USHORT NumEntries;
-} TUNNEL, *PTUNNEL;
+#endif
-typedef struct _VAD_HEADER {
- PVOID StartVPN;
- PVOID EndVPN;
- struct _VAD_HEADER* ParentLink;
- struct _VAD_HEADER* LeftLink;
- struct _VAD_HEADER* RightLink;
- ULONG Flags; /* LSB = CommitCharge */
- PVOID ControlArea;
- PVOID FirstProtoPte;
- PVOID LastPTE;
- ULONG Unknown;
- LIST_ENTRY Secured;
-} VAD_HEADER, *PVAD_HEADER;
+typedef VOID
+(NTAPI *PRTL_FREE_STRING_ROUTINE)(
+ IN PVOID Buffer);
-typedef struct
-{
- LARGE_INTEGER StartingLcn;
- LARGE_INTEGER BitmapSize;
- UCHAR Buffer[1];
-} VOLUME_BITMAP_BUFFER, *PVOLUME_BITMAP_BUFFER;
+extern const PRTL_ALLOCATE_STRING_ROUTINE RtlAllocateStringRoutine;
+extern const PRTL_FREE_STRING_ROUTINE RtlFreeStringRoutine;
-#if (VER_PRODUCTBUILD >= 2600)
+#if _WIN32_WINNT >= 0x0600
+extern const PRTL_REALLOCATE_STRING_ROUTINE RtlReallocateStringRoutine;
+#endif
-typedef BOOLEAN
-(NTAPI *PFILTER_REPORT_CHANGE) (
- IN PVOID NotifyContext,
- IN PVOID FilterContext
-);
+#define COMPRESSION_FORMAT_NONE (0x0000)
+#define COMPRESSION_FORMAT_DEFAULT (0x0001)
+#define COMPRESSION_FORMAT_LZNT1 (0x0002)
+#define COMPRESSION_ENGINE_STANDARD (0x0000)
+#define COMPRESSION_ENGINE_MAXIMUM (0x0100)
+#define COMPRESSION_ENGINE_HIBER (0x0200)
-typedef enum _FS_FILTER_SECTION_SYNC_TYPE {
- SyncTypeOther = 0,
- SyncTypeCreateSection
-} FS_FILTER_SECTION_SYNC_TYPE, *PFS_FILTER_SECTION_SYNC_TYPE;
+#define RtlOffsetToPointer(B,O) ((PCHAR)( ((PCHAR)(B)) + ((ULONG_PTR)(O)) ))
+#define RtlPointerToOffset(B,P) ((ULONG)( ((PCHAR)(P)) - ((PCHAR)(B)) ))
-typedef enum _FS_FILTER_STREAM_FO_NOTIFICATION_TYPE {
- NotifyTypeCreate = 0,
- NotifyTypeRetired
-} FS_FILTER_STREAM_FO_NOTIFICATION_TYPE, *PFS_FILTER_STREAM_FO_NOTIFICATION_TYPE;
+#define MAX_UNICODE_STACK_BUFFER_LENGTH 256
-typedef union _FS_FILTER_PARAMETERS {
- struct {
- PLARGE_INTEGER EndingOffset;
- PERESOURCE *ResourceToRelease;
- } AcquireForModifiedPageWriter;
+#define RTL_SYSTEM_VOLUME_INFORMATION_FOLDER L"System Volume Information"
- struct {
- PERESOURCE ResourceToRelease;
- } ReleaseForModifiedPageWriter;
+#define DEVICE_TYPE ULONG
- struct {
- FS_FILTER_SECTION_SYNC_TYPE SyncType;
- ULONG PageProtection;
- } AcquireForSectionSynchronization;
+#define CTL_CODE(DeviceType, Function, Method, Access) \
+ (((DeviceType) << 16) | ((Access) << 14) | ((Function) << 2) | (Method))
- struct {
- FS_FILTER_STREAM_FO_NOTIFICATION_TYPE NotificationType;
- BOOLEAN POINTER_ALIGNMENT SafeToRecurse;
- } NotifyStreamFileObject;
+#define DEVICE_TYPE_FROM_CTL_CODE(ctl) (((ULONG) (ctl & 0xffff0000)) >> 16)
- struct {
- PVOID Argument1;
- PVOID Argument2;
- PVOID Argument3;
- PVOID Argument4;
- PVOID Argument5;
- } Others;
-} FS_FILTER_PARAMETERS, *PFS_FILTER_PARAMETERS;
+#define METHOD_FROM_CTL_CODE(ctrlCode) ((ULONG)(ctrlCode & 3))
-typedef struct _FS_FILTER_CALLBACK_DATA {
- ULONG SizeOfFsFilterCallbackData;
- UCHAR Operation;
- UCHAR Reserved;
- struct _DEVICE_OBJECT *DeviceObject;
- struct _FILE_OBJECT *FileObject;
- FS_FILTER_PARAMETERS Parameters;
-} FS_FILTER_CALLBACK_DATA, *PFS_FILTER_CALLBACK_DATA;
+#define METHOD_BUFFERED 0
+#define METHOD_IN_DIRECT 1
+#define METHOD_OUT_DIRECT 2
+#define METHOD_NEITHER 3
+#define METHOD_DIRECT_TO_HARDWARE METHOD_IN_DIRECT
+#define METHOD_DIRECT_FROM_HARDWARE METHOD_OUT_DIRECT
-typedef NTSTATUS
-(NTAPI *PFS_FILTER_CALLBACK) (
- IN PFS_FILTER_CALLBACK_DATA Data,
- OUT PVOID *CompletionContext
-);
+#define FILE_ANY_ACCESS 0x00000000
+#define FILE_SPECIAL_ACCESS FILE_ANY_ACCESS
+#define FILE_READ_ACCESS 0x00000001
+#define FILE_WRITE_ACCESS 0x00000002
-typedef VOID
-(NTAPI *PFS_FILTER_COMPLETION_CALLBACK) (
- IN PFS_FILTER_CALLBACK_DATA Data,
- IN NTSTATUS OperationStatus,
- IN PVOID CompletionContext
-);
+typedef ULONG LSA_OPERATIONAL_MODE, *PLSA_OPERATIONAL_MODE;
-typedef struct _FS_FILTER_CALLBACKS {
- ULONG SizeOfFsFilterCallbacks;
- ULONG Reserved;
- PFS_FILTER_CALLBACK PreAcquireForSectionSynchronization;
- PFS_FILTER_COMPLETION_CALLBACK PostAcquireForSectionSynchronization;
- PFS_FILTER_CALLBACK PreReleaseForSectionSynchronization;
- PFS_FILTER_COMPLETION_CALLBACK PostReleaseForSectionSynchronization;
- PFS_FILTER_CALLBACK PreAcquireForCcFlush;
- PFS_FILTER_COMPLETION_CALLBACK PostAcquireForCcFlush;
- PFS_FILTER_CALLBACK PreReleaseForCcFlush;
- PFS_FILTER_COMPLETION_CALLBACK PostReleaseForCcFlush;
- PFS_FILTER_CALLBACK PreAcquireForModifiedPageWriter;
- PFS_FILTER_COMPLETION_CALLBACK PostAcquireForModifiedPageWriter;
- PFS_FILTER_CALLBACK PreReleaseForModifiedPageWriter;
- PFS_FILTER_COMPLETION_CALLBACK PostReleaseForModifiedPageWriter;
-} FS_FILTER_CALLBACKS, *PFS_FILTER_CALLBACKS;
+typedef enum _SECURITY_LOGON_TYPE {
+ UndefinedLogonType = 0,
+ Interactive = 2,
+ Network,
+ Batch,
+ Service,
+ Proxy,
+ Unlock,
+ NetworkCleartext,
+ NewCredentials,
+#if (_WIN32_WINNT >= 0x0501)
+ RemoteInteractive,
+ CachedInteractive,
+#endif
+#if (_WIN32_WINNT >= 0x0502)
+ CachedRemoteInteractive,
+ CachedUnlock
+#endif
+} SECURITY_LOGON_TYPE, *PSECURITY_LOGON_TYPE;
-typedef struct _READ_LIST {
- PFILE_OBJECT FileObject;
- ULONG NumberOfEntries;
- LOGICAL IsImage;
- FILE_SEGMENT_ELEMENT List[ANYSIZE_ARRAY];
-} READ_LIST, *PREAD_LIST;
+#ifndef _NTLSA_AUDIT_
+#define _NTLSA_AUDIT_
+#ifndef GUID_DEFINED
+#include <guiddef.h>
#endif
-typedef NTSTATUS
-(NTAPI * PRTL_HEAP_COMMIT_ROUTINE) (
- IN PVOID Base,
- IN OUT PVOID *CommitAddress,
- IN OUT PSIZE_T CommitSize
-);
-
-typedef struct _RTL_HEAP_PARAMETERS {
- ULONG Length;
- SIZE_T SegmentReserve;
- SIZE_T SegmentCommit;
- SIZE_T DeCommitFreeBlockThreshold;
- SIZE_T DeCommitTotalFreeThreshold;
- SIZE_T MaximumAllocationSize;
- SIZE_T VirtualMemoryThreshold;
- SIZE_T InitialCommit;
- SIZE_T InitialReserve;
- PRTL_HEAP_COMMIT_ROUTINE CommitRoutine;
- SIZE_T Reserved[2];
-} RTL_HEAP_PARAMETERS, *PRTL_HEAP_PARAMETERS;
+#endif /* _NTLSA_AUDIT_ */
-NTKERNELAPI
-BOOLEAN
+NTSTATUS
NTAPI
-CcCanIWrite (
- IN PFILE_OBJECT FileObject,
- IN ULONG BytesToWrite,
- IN BOOLEAN Wait,
- IN BOOLEAN Retrying
-);
+LsaRegisterLogonProcess(
+ IN PLSA_STRING LogonProcessName,
+ OUT PHANDLE LsaHandle,
+ OUT PLSA_OPERATIONAL_MODE SecurityMode);
-NTKERNELAPI
-BOOLEAN
+NTSTATUS
NTAPI
-CcCopyRead (
- IN PFILE_OBJECT FileObject,
- IN PLARGE_INTEGER FileOffset,
- IN ULONG Length,
- IN BOOLEAN Wait,
- OUT PVOID Buffer,
- OUT PIO_STATUS_BLOCK IoStatus
-);
+LsaLogonUser(
+ IN HANDLE LsaHandle,
+ IN PLSA_STRING OriginName,
+ IN SECURITY_LOGON_TYPE LogonType,
+ IN ULONG AuthenticationPackage,
+ IN PVOID AuthenticationInformation,
+ IN ULONG AuthenticationInformationLength,
+ IN PTOKEN_GROUPS LocalGroups OPTIONAL,
+ IN PTOKEN_SOURCE SourceContext,
+ OUT PVOID *ProfileBuffer,
+ OUT PULONG ProfileBufferLength,
+ OUT PLUID LogonId,
+ OUT PHANDLE Token,
+ OUT PQUOTA_LIMITS Quotas,
+ OUT PNTSTATUS SubStatus);
-NTKERNELAPI
-BOOLEAN
+NTSTATUS
NTAPI
-CcCopyWrite (
- IN PFILE_OBJECT FileObject,
- IN PLARGE_INTEGER FileOffset,
- IN ULONG Length,
- IN BOOLEAN Wait,
- IN PVOID Buffer
-);
+LsaFreeReturnBuffer(
+ IN PVOID Buffer);
-#define CcCopyWriteWontFlush(FO, FOFF, LEN) ((LEN) <= 0x10000)
+#ifndef _NTLSA_IFS_
+#define _NTLSA_IFS_
+#endif
-typedef VOID (NTAPI *PCC_POST_DEFERRED_WRITE) (
- IN PVOID Context1,
- IN PVOID Context2
-);
+#define MSV1_0_PACKAGE_NAME "MICROSOFT_AUTHENTICATION_PACKAGE_V1_0"
+#define MSV1_0_PACKAGE_NAMEW L"MICROSOFT_AUTHENTICATION_PACKAGE_V1_0"
+#define MSV1_0_PACKAGE_NAMEW_LENGTH sizeof(MSV1_0_PACKAGE_NAMEW) - sizeof(WCHAR)
-NTKERNELAPI
-VOID
-NTAPI
-CcDeferWrite (
- IN PFILE_OBJECT FileObject,
- IN PCC_POST_DEFERRED_WRITE PostRoutine,
- IN PVOID Context1,
- IN PVOID Context2,
- IN ULONG BytesToWrite,
- IN BOOLEAN Retrying
-);
+#define MSV1_0_SUBAUTHENTICATION_KEY "SYSTEM\\CurrentControlSet\\Control\\Lsa\\MSV1_0"
+#define MSV1_0_SUBAUTHENTICATION_VALUE "Auth"
-NTKERNELAPI
-VOID
-NTAPI
-CcFastCopyRead (
- IN PFILE_OBJECT FileObject,
- IN ULONG FileOffset,
- IN ULONG Length,
- IN ULONG PageCount,
- OUT PVOID Buffer,
- OUT PIO_STATUS_BLOCK IoStatus
-);
+#define MSV1_0_CHALLENGE_LENGTH 8
+#define MSV1_0_USER_SESSION_KEY_LENGTH 16
+#define MSV1_0_LANMAN_SESSION_KEY_LENGTH 8
-NTKERNELAPI
-VOID
-NTAPI
-CcFastCopyWrite (
- IN PFILE_OBJECT FileObject,
- IN ULONG FileOffset,
- IN ULONG Length,
- IN PVOID Buffer
-);
+#define MSV1_0_CLEARTEXT_PASSWORD_ALLOWED 0x02
+#define MSV1_0_UPDATE_LOGON_STATISTICS 0x04
+#define MSV1_0_RETURN_USER_PARAMETERS 0x08
+#define MSV1_0_DONT_TRY_GUEST_ACCOUNT 0x10
+#define MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT 0x20
+#define MSV1_0_RETURN_PASSWORD_EXPIRY 0x40
+#define MSV1_0_USE_CLIENT_CHALLENGE 0x80
+#define MSV1_0_TRY_GUEST_ACCOUNT_ONLY 0x100
+#define MSV1_0_RETURN_PROFILE_PATH 0x200
+#define MSV1_0_TRY_SPECIFIED_DOMAIN_ONLY 0x400
+#define MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT 0x800
-NTKERNELAPI
-VOID
-NTAPI
-CcFlushCache (
- IN PSECTION_OBJECT_POINTERS SectionObjectPointer,
- IN PLARGE_INTEGER FileOffset OPTIONAL,
- IN ULONG Length,
- OUT PIO_STATUS_BLOCK IoStatus OPTIONAL
-);
+#define MSV1_0_DISABLE_PERSONAL_FALLBACK 0x00001000
+#define MSV1_0_ALLOW_FORCE_GUEST 0x00002000
-typedef VOID (NTAPI *PDIRTY_PAGE_ROUTINE) (
- IN PFILE_OBJECT FileObject,
- IN PLARGE_INTEGER FileOffset,
- IN ULONG Length,
- IN PLARGE_INTEGER OldestLsn,
- IN PLARGE_INTEGER NewestLsn,
- IN PVOID Context1,
- IN PVOID Context2
-);
+#if (_WIN32_WINNT >= 0x0502)
+#define MSV1_0_CLEARTEXT_PASSWORD_SUPPLIED 0x00004000
+#define MSV1_0_USE_DOMAIN_FOR_ROUTING_ONLY 0x00008000
+#endif
-NTKERNELAPI
-LARGE_INTEGER
-NTAPI
-CcGetDirtyPages (
- IN PVOID LogHandle,
- IN PDIRTY_PAGE_ROUTINE DirtyPageRoutine,
- IN PVOID Context1,
- IN PVOID Context2
-);
+#define MSV1_0_SUBAUTHENTICATION_DLL_EX 0x00100000
+#define MSV1_0_ALLOW_MSVCHAPV2 0x00010000
-NTKERNELAPI
-PFILE_OBJECT
-NTAPI
-CcGetFileObjectFromBcb (
- IN PVOID Bcb
-);
+#if (_WIN32_WINNT >= 0x0600)
+#define MSV1_0_S4U2SELF 0x00020000
+#define MSV1_0_CHECK_LOGONHOURS_FOR_S4U 0x00040000
+#endif
-NTKERNELAPI
-PFILE_OBJECT
-NTAPI
-CcGetFileObjectFromSectionPtrs (
- IN PSECTION_OBJECT_POINTERS SectionObjectPointer
-);
+#define MSV1_0_SUBAUTHENTICATION_DLL 0xFF000000
+#define MSV1_0_SUBAUTHENTICATION_DLL_SHIFT 24
+#define MSV1_0_MNS_LOGON 0x01000000
+
+#define MSV1_0_SUBAUTHENTICATION_DLL_RAS 2
+#define MSV1_0_SUBAUTHENTICATION_DLL_IIS 132
+
+#define LOGON_GUEST 0x01
+#define LOGON_NOENCRYPTION 0x02
+#define LOGON_CACHED_ACCOUNT 0x04
+#define LOGON_USED_LM_PASSWORD 0x08
+#define LOGON_EXTRA_SIDS 0x20
+#define LOGON_SUBAUTH_SESSION_KEY 0x40
+#define LOGON_SERVER_TRUST_ACCOUNT 0x80
+#define LOGON_NTLMV2_ENABLED 0x100
+#define LOGON_RESOURCE_GROUPS 0x200
+#define LOGON_PROFILE_PATH_RETURNED 0x400
+#define LOGON_NT_V2 0x800
+#define LOGON_LM_V2 0x1000
+#define LOGON_NTLM_V2 0x2000
+
+#if (_WIN32_WINNT >= 0x0600)
+
+#define LOGON_OPTIMIZED 0x4000
+#define LOGON_WINLOGON 0x8000
+#define LOGON_PKINIT 0x10000
+#define LOGON_NO_OPTIMIZED 0x20000
-#define CcGetFileSizePointer(FO) ( \
- ((PLARGE_INTEGER)((FO)->SectionObjectPointer->SharedCacheMap) + 1) \
-)
+#endif
-#if (VER_PRODUCTBUILD >= 2195)
+#define MSV1_0_SUBAUTHENTICATION_FLAGS 0xFF000000
-NTKERNELAPI
-LARGE_INTEGER
-NTAPI
-CcGetFlushedValidData (
- IN PSECTION_OBJECT_POINTERS SectionObjectPointer,
- IN BOOLEAN BcbListHeld
-);
+#define LOGON_GRACE_LOGON 0x01000000
-#endif /* (VER_PRODUCTBUILD >= 2195) */
+#define MSV1_0_OWF_PASSWORD_LENGTH 16
+#define MSV1_0_CRED_LM_PRESENT 0x1
+#define MSV1_0_CRED_NT_PRESENT 0x2
+#define MSV1_0_CRED_VERSION 0
-NTKERNELAPI
-LARGE_INTEGER
-NTAPI
-CcGetLsnForFileObject (
- IN PFILE_OBJECT FileObject,
- OUT PLARGE_INTEGER OldestLsn OPTIONAL
-);
+#define MSV1_0_NTLM3_RESPONSE_LENGTH 16
+#define MSV1_0_NTLM3_OWF_LENGTH 16
-typedef BOOLEAN (NTAPI *PACQUIRE_FOR_LAZY_WRITE) (
- IN PVOID Context,
- IN BOOLEAN Wait
-);
+#if (_WIN32_WINNT == 0x0500)
+#define MSV1_0_MAX_NTLM3_LIFE 1800
+#else
+#define MSV1_0_MAX_NTLM3_LIFE 129600
+#endif
+#define MSV1_0_MAX_AVL_SIZE 64000
-typedef VOID (NTAPI *PRELEASE_FROM_LAZY_WRITE) (
- IN PVOID Context
-);
+#if (_WIN32_WINNT >= 0x0501)
-typedef BOOLEAN (NTAPI *PACQUIRE_FOR_READ_AHEAD) (
- IN PVOID Context,
- IN BOOLEAN Wait
-);
+#define MSV1_0_AV_FLAG_FORCE_GUEST 0x00000001
-typedef VOID (NTAPI *PRELEASE_FROM_READ_AHEAD) (
- IN PVOID Context
-);
+#if (_WIN32_WINNT >= 0x0600)
+#define MSV1_0_AV_FLAG_MIC_HANDSHAKE_MESSAGES 0x00000002
+#endif
-typedef struct _CACHE_MANAGER_CALLBACKS {
- PACQUIRE_FOR_LAZY_WRITE AcquireForLazyWrite;
- PRELEASE_FROM_LAZY_WRITE ReleaseFromLazyWrite;
- PACQUIRE_FOR_READ_AHEAD AcquireForReadAhead;
- PRELEASE_FROM_READ_AHEAD ReleaseFromReadAhead;
-} CACHE_MANAGER_CALLBACKS, *PCACHE_MANAGER_CALLBACKS;
+#endif
-NTKERNELAPI
-VOID
-NTAPI
-CcInitializeCacheMap (
- IN PFILE_OBJECT FileObject,
- IN PCC_FILE_SIZES FileSizes,
- IN BOOLEAN PinAccess,
- IN PCACHE_MANAGER_CALLBACKS Callbacks,
- IN PVOID LazyWriteContext
-);
+#define MSV1_0_NTLM3_INPUT_LENGTH (sizeof(MSV1_0_NTLM3_RESPONSE) - MSV1_0_NTLM3_RESPONSE_LENGTH)
-#define CcIsFileCached(FO) ( \
- ((FO)->SectionObjectPointer != NULL) && \
- (((PSECTION_OBJECT_POINTERS)(FO)->SectionObjectPointer)->SharedCacheMap != NULL) \
-)
+#if(_WIN32_WINNT >= 0x0502)
+#define MSV1_0_NTLM3_MIN_NT_RESPONSE_LENGTH RTL_SIZEOF_THROUGH_FIELD(MSV1_0_NTLM3_RESPONSE, AvPairsOff)
+#endif
-extern ULONG CcFastMdlReadWait;
+#define USE_PRIMARY_PASSWORD 0x01
+#define RETURN_PRIMARY_USERNAME 0x02
+#define RETURN_PRIMARY_LOGON_DOMAINNAME 0x04
+#define RETURN_NON_NT_USER_SESSION_KEY 0x08
+#define GENERATE_CLIENT_CHALLENGE 0x10
+#define GCR_NTLM3_PARMS 0x20
+#define GCR_TARGET_INFO 0x40
+#define RETURN_RESERVED_PARAMETER 0x80
+#define GCR_ALLOW_NTLM 0x100
+#define GCR_USE_OEM_SET 0x200
+#define GCR_MACHINE_CREDENTIAL 0x400
+#define GCR_USE_OWF_PASSWORD 0x800
+#define GCR_ALLOW_LM 0x1000
+#define GCR_ALLOW_NO_TARGET 0x2000
+
+typedef enum _MSV1_0_LOGON_SUBMIT_TYPE {
+ MsV1_0InteractiveLogon = 2,
+ MsV1_0Lm20Logon,
+ MsV1_0NetworkLogon,
+ MsV1_0SubAuthLogon,
+ MsV1_0WorkstationUnlockLogon = 7,
+ MsV1_0S4ULogon = 12,
+ MsV1_0VirtualLogon = 82
+} MSV1_0_LOGON_SUBMIT_TYPE, *PMSV1_0_LOGON_SUBMIT_TYPE;
+
+typedef enum _MSV1_0_PROFILE_BUFFER_TYPE {
+ MsV1_0InteractiveProfile = 2,
+ MsV1_0Lm20LogonProfile,
+ MsV1_0SmartCardProfile
+} MSV1_0_PROFILE_BUFFER_TYPE, *PMSV1_0_PROFILE_BUFFER_TYPE;
+
+typedef struct _MSV1_0_INTERACTIVE_LOGON {
+ MSV1_0_LOGON_SUBMIT_TYPE MessageType;
+ UNICODE_STRING LogonDomainName;
+ UNICODE_STRING UserName;
+ UNICODE_STRING Password;
+} MSV1_0_INTERACTIVE_LOGON, *PMSV1_0_INTERACTIVE_LOGON;
+
+typedef struct _MSV1_0_INTERACTIVE_PROFILE {
+ MSV1_0_PROFILE_BUFFER_TYPE MessageType;
+ USHORT LogonCount;
+ USHORT BadPasswordCount;
+ LARGE_INTEGER LogonTime;
+ LARGE_INTEGER LogoffTime;
+ LARGE_INTEGER KickOffTime;
+ LARGE_INTEGER PasswordLastSet;
+ LARGE_INTEGER PasswordCanChange;
+ LARGE_INTEGER PasswordMustChange;
+ UNICODE_STRING LogonScript;
+ UNICODE_STRING HomeDirectory;
+ UNICODE_STRING FullName;
+ UNICODE_STRING ProfilePath;
+ UNICODE_STRING HomeDirectoryDrive;
+ UNICODE_STRING LogonServer;
+ ULONG UserFlags;
+} MSV1_0_INTERACTIVE_PROFILE, *PMSV1_0_INTERACTIVE_PROFILE;
+
+typedef struct _MSV1_0_LM20_LOGON {
+ MSV1_0_LOGON_SUBMIT_TYPE MessageType;
+ UNICODE_STRING LogonDomainName;
+ UNICODE_STRING UserName;
+ UNICODE_STRING Workstation;
+ UCHAR ChallengeToClient[MSV1_0_CHALLENGE_LENGTH];
+ STRING CaseSensitiveChallengeResponse;
+ STRING CaseInsensitiveChallengeResponse;
+ ULONG ParameterControl;
+} MSV1_0_LM20_LOGON, * PMSV1_0_LM20_LOGON;
+
+typedef struct _MSV1_0_SUBAUTH_LOGON {
+ MSV1_0_LOGON_SUBMIT_TYPE MessageType;
+ UNICODE_STRING LogonDomainName;
+ UNICODE_STRING UserName;
+ UNICODE_STRING Workstation;
+ UCHAR ChallengeToClient[MSV1_0_CHALLENGE_LENGTH];
+ STRING AuthenticationInfo1;
+ STRING AuthenticationInfo2;
+ ULONG ParameterControl;
+ ULONG SubAuthPackageId;
+} MSV1_0_SUBAUTH_LOGON, * PMSV1_0_SUBAUTH_LOGON;
+
+#if (_WIN32_WINNT >= 0x0600)
+
+#define MSV1_0_S4U_LOGON_FLAG_CHECK_LOGONHOURS 0x2
+
+typedef struct _MSV1_0_S4U_LOGON {
+ MSV1_0_LOGON_SUBMIT_TYPE MessageType;
+ ULONG Flags;
+ UNICODE_STRING UserPrincipalName;
+ UNICODE_STRING DomainName;
+} MSV1_0_S4U_LOGON, *PMSV1_0_S4U_LOGON;
-NTKERNELAPI
-BOOLEAN
-NTAPI
-CcIsThereDirtyData (
- IN PVPB Vpb
-);
+#endif
-NTKERNELAPI
-BOOLEAN
-NTAPI
-CcMapData (
- IN PFILE_OBJECT FileObject,
- IN PLARGE_INTEGER FileOffset,
- IN ULONG Length,
- IN ULONG Flags,
- OUT PVOID *Bcb,
- OUT PVOID *Buffer
-);
+typedef struct _MSV1_0_LM20_LOGON_PROFILE {
+ MSV1_0_PROFILE_BUFFER_TYPE MessageType;
+ LARGE_INTEGER KickOffTime;
+ LARGE_INTEGER LogoffTime;
+ ULONG UserFlags;
+ UCHAR UserSessionKey[MSV1_0_USER_SESSION_KEY_LENGTH];
+ UNICODE_STRING LogonDomainName;
+ UCHAR LanmanSessionKey[MSV1_0_LANMAN_SESSION_KEY_LENGTH];
+ UNICODE_STRING LogonServer;
+ UNICODE_STRING UserParameters;
+} MSV1_0_LM20_LOGON_PROFILE, * PMSV1_0_LM20_LOGON_PROFILE;
+
+typedef struct _MSV1_0_SUPPLEMENTAL_CREDENTIAL {
+ ULONG Version;
+ ULONG Flags;
+ UCHAR LmPassword[MSV1_0_OWF_PASSWORD_LENGTH];
+ UCHAR NtPassword[MSV1_0_OWF_PASSWORD_LENGTH];
+} MSV1_0_SUPPLEMENTAL_CREDENTIAL, *PMSV1_0_SUPPLEMENTAL_CREDENTIAL;
+
+typedef struct _MSV1_0_NTLM3_RESPONSE {
+ UCHAR Response[MSV1_0_NTLM3_RESPONSE_LENGTH];
+ UCHAR RespType;
+ UCHAR HiRespType;
+ USHORT Flags;
+ ULONG MsgWord;
+ ULONGLONG TimeStamp;
+ UCHAR ChallengeFromClient[MSV1_0_CHALLENGE_LENGTH];
+ ULONG AvPairsOff;
+ UCHAR Buffer[1];
+} MSV1_0_NTLM3_RESPONSE, *PMSV1_0_NTLM3_RESPONSE;
+
+typedef enum _MSV1_0_AVID {
+ MsvAvEOL,
+ MsvAvNbComputerName,
+ MsvAvNbDomainName,
+ MsvAvDnsComputerName,
+ MsvAvDnsDomainName,
+#if (_WIN32_WINNT >= 0x0501)
+ MsvAvDnsTreeName,
+ MsvAvFlags,
+#if (_WIN32_WINNT >= 0x0600)
+ MsvAvTimestamp,
+ MsvAvRestrictions,
+ MsvAvTargetName,
+ MsvAvChannelBindings,
+#endif
+#endif
+} MSV1_0_AVID;
+
+typedef struct _MSV1_0_AV_PAIR {
+ USHORT AvId;
+ USHORT AvLen;
+} MSV1_0_AV_PAIR, *PMSV1_0_AV_PAIR;
+
+typedef enum _MSV1_0_PROTOCOL_MESSAGE_TYPE {
+ MsV1_0Lm20ChallengeRequest = 0,
+ MsV1_0Lm20GetChallengeResponse,
+ MsV1_0EnumerateUsers,
+ MsV1_0GetUserInfo,
+ MsV1_0ReLogonUsers,
+ MsV1_0ChangePassword,
+ MsV1_0ChangeCachedPassword,
+ MsV1_0GenericPassthrough,
+ MsV1_0CacheLogon,
+ MsV1_0SubAuth,
+ MsV1_0DeriveCredential,
+ MsV1_0CacheLookup,
+#if (_WIN32_WINNT >= 0x0501)
+ MsV1_0SetProcessOption,
+#endif
+#if (_WIN32_WINNT >= 0x0600)
+ MsV1_0ConfigLocalAliases,
+ MsV1_0ClearCachedCredentials,
+#endif
+} MSV1_0_PROTOCOL_MESSAGE_TYPE, *PMSV1_0_PROTOCOL_MESSAGE_TYPE;
+
+typedef struct _MSV1_0_LM20_CHALLENGE_REQUEST {
+ MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType;
+} MSV1_0_LM20_CHALLENGE_REQUEST, *PMSV1_0_LM20_CHALLENGE_REQUEST;
+
+typedef struct _MSV1_0_LM20_CHALLENGE_RESPONSE {
+ MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType;
+ UCHAR ChallengeToClient[MSV1_0_CHALLENGE_LENGTH];
+} MSV1_0_LM20_CHALLENGE_RESPONSE, *PMSV1_0_LM20_CHALLENGE_RESPONSE;
+
+typedef struct _MSV1_0_GETCHALLENRESP_REQUEST_V1 {
+ MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType;
+ ULONG ParameterControl;
+ LUID LogonId;
+ UNICODE_STRING Password;
+ UCHAR ChallengeToClient[MSV1_0_CHALLENGE_LENGTH];
+} MSV1_0_GETCHALLENRESP_REQUEST_V1, *PMSV1_0_GETCHALLENRESP_REQUEST_V1;
+
+typedef struct _MSV1_0_GETCHALLENRESP_REQUEST {
+ MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType;
+ ULONG ParameterControl;
+ LUID LogonId;
+ UNICODE_STRING Password;
+ UCHAR ChallengeToClient[MSV1_0_CHALLENGE_LENGTH];
+ UNICODE_STRING UserName;
+ UNICODE_STRING LogonDomainName;
+ UNICODE_STRING ServerName;
+} MSV1_0_GETCHALLENRESP_REQUEST, *PMSV1_0_GETCHALLENRESP_REQUEST;
+
+typedef struct _MSV1_0_GETCHALLENRESP_RESPONSE {
+ MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType;
+ STRING CaseSensitiveChallengeResponse;
+ STRING CaseInsensitiveChallengeResponse;
+ UNICODE_STRING UserName;
+ UNICODE_STRING LogonDomainName;
+ UCHAR UserSessionKey[MSV1_0_USER_SESSION_KEY_LENGTH];
+ UCHAR LanmanSessionKey[MSV1_0_LANMAN_SESSION_KEY_LENGTH];
+} MSV1_0_GETCHALLENRESP_RESPONSE, *PMSV1_0_GETCHALLENRESP_RESPONSE;
+
+typedef struct _MSV1_0_ENUMUSERS_REQUEST {
+ MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType;
+} MSV1_0_ENUMUSERS_REQUEST, *PMSV1_0_ENUMUSERS_REQUEST;
+
+typedef struct _MSV1_0_ENUMUSERS_RESPONSE {
+ MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType;
+ ULONG NumberOfLoggedOnUsers;
+ PLUID LogonIds;
+ PULONG EnumHandles;
+} MSV1_0_ENUMUSERS_RESPONSE, *PMSV1_0_ENUMUSERS_RESPONSE;
+
+typedef struct _MSV1_0_GETUSERINFO_REQUEST {
+ MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType;
+ LUID LogonId;
+} MSV1_0_GETUSERINFO_REQUEST, *PMSV1_0_GETUSERINFO_REQUEST;
+
+typedef struct _MSV1_0_GETUSERINFO_RESPONSE {
+ MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType;
+ PSID UserSid;
+ UNICODE_STRING UserName;
+ UNICODE_STRING LogonDomainName;
+ UNICODE_STRING LogonServer;
+ SECURITY_LOGON_TYPE LogonType;
+} MSV1_0_GETUSERINFO_RESPONSE, *PMSV1_0_GETUSERINFO_RESPONSE;
-NTKERNELAPI
-VOID
-NTAPI
-CcMdlRead (
- IN PFILE_OBJECT FileObject,
- IN PLARGE_INTEGER FileOffset,
- IN ULONG Length,
- OUT PMDL *MdlChain,
- OUT PIO_STATUS_BLOCK IoStatus
-);
+#define FILE_OPLOCK_BROKEN_TO_LEVEL_2 0x00000007
+#define FILE_OPLOCK_BROKEN_TO_NONE 0x00000008
+#define FILE_OPBATCH_BREAK_UNDERWAY 0x00000009
-NTKERNELAPI
-VOID
-NTAPI
-CcMdlReadComplete (
- IN PFILE_OBJECT FileObject,
- IN PMDL MdlChain
-);
+/* also in winnt.h */
+#define FILE_NOTIFY_CHANGE_FILE_NAME 0x00000001
+#define FILE_NOTIFY_CHANGE_DIR_NAME 0x00000002
+#define FILE_NOTIFY_CHANGE_NAME 0x00000003
+#define FILE_NOTIFY_CHANGE_ATTRIBUTES 0x00000004
+#define FILE_NOTIFY_CHANGE_SIZE 0x00000008
+#define FILE_NOTIFY_CHANGE_LAST_WRITE 0x00000010
+#define FILE_NOTIFY_CHANGE_LAST_ACCESS 0x00000020
+#define FILE_NOTIFY_CHANGE_CREATION 0x00000040
+#define FILE_NOTIFY_CHANGE_EA 0x00000080
+#define FILE_NOTIFY_CHANGE_SECURITY 0x00000100
+#define FILE_NOTIFY_CHANGE_STREAM_NAME 0x00000200
+#define FILE_NOTIFY_CHANGE_STREAM_SIZE 0x00000400
+#define FILE_NOTIFY_CHANGE_STREAM_WRITE 0x00000800
+#define FILE_NOTIFY_VALID_MASK 0x00000fff
-NTKERNELAPI
-VOID
-NTAPI
-CcMdlWriteComplete (
- IN PFILE_OBJECT FileObject,
- IN PLARGE_INTEGER FileOffset,
- IN PMDL MdlChain
-);
+#define FILE_ACTION_ADDED 0x00000001
+#define FILE_ACTION_REMOVED 0x00000002
+#define FILE_ACTION_MODIFIED 0x00000003
+#define FILE_ACTION_RENAMED_OLD_NAME 0x00000004
+#define FILE_ACTION_RENAMED_NEW_NAME 0x00000005
+#define FILE_ACTION_ADDED_STREAM 0x00000006
+#define FILE_ACTION_REMOVED_STREAM 0x00000007
+#define FILE_ACTION_MODIFIED_STREAM 0x00000008
+#define FILE_ACTION_REMOVED_BY_DELETE 0x00000009
+#define FILE_ACTION_ID_NOT_TUNNELLED 0x0000000A
+#define FILE_ACTION_TUNNELLED_ID_COLLISION 0x0000000B
+/* end winnt.h */
-#define MAP_WAIT 1
+#define FILE_PIPE_BYTE_STREAM_TYPE 0x00000000
+#define FILE_PIPE_MESSAGE_TYPE 0x00000001
-NTKERNELAPI
-BOOLEAN
-NTAPI
-CcPinMappedData (
- IN PFILE_OBJECT FileObject,
- IN PLARGE_INTEGER FileOffset,
- IN ULONG Length,
- IN ULONG Flags,
- IN OUT PVOID *Bcb
-);
+#define FILE_PIPE_ACCEPT_REMOTE_CLIENTS 0x00000000
+#define FILE_PIPE_REJECT_REMOTE_CLIENTS 0x00000002
-NTKERNELAPI
-BOOLEAN
-NTAPI
-CcPinRead (
- IN PFILE_OBJECT FileObject,
- IN PLARGE_INTEGER FileOffset,
- IN ULONG Length,
- IN ULONG Flags,
- OUT PVOID *Bcb,
- OUT PVOID *Buffer
-);
+#define FILE_PIPE_ACCEPT_REMOTE_CLIENTS 0x00000000
+#define FILE_PIPE_REJECT_REMOTE_CLIENTS 0x00000002
+#define FILE_PIPE_TYPE_VALID_MASK 0x00000003
-NTKERNELAPI
-VOID
-NTAPI
-CcPrepareMdlWrite (
- IN PFILE_OBJECT FileObject,
- IN PLARGE_INTEGER FileOffset,
- IN ULONG Length,
- OUT PMDL *MdlChain,
- OUT PIO_STATUS_BLOCK IoStatus
-);
+#define FILE_PIPE_BYTE_STREAM_MODE 0x00000000
+#define FILE_PIPE_MESSAGE_MODE 0x00000001
-NTKERNELAPI
-BOOLEAN
-NTAPI
-CcPreparePinWrite (
- IN PFILE_OBJECT FileObject,
- IN PLARGE_INTEGER FileOffset,
- IN ULONG Length,
- IN BOOLEAN Zero,
- IN ULONG Flags,
- OUT PVOID *Bcb,
- OUT PVOID *Buffer
-);
+#define FILE_PIPE_QUEUE_OPERATION 0x00000000
+#define FILE_PIPE_COMPLETE_OPERATION 0x00000001
-NTKERNELAPI
-BOOLEAN
-NTAPI
-CcPurgeCacheSection (
- IN PSECTION_OBJECT_POINTERS SectionObjectPointer,
- IN PLARGE_INTEGER FileOffset OPTIONAL,
- IN ULONG Length,
- IN BOOLEAN UninitializeCacheMaps
-);
+#define FILE_PIPE_INBOUND 0x00000000
+#define FILE_PIPE_OUTBOUND 0x00000001
+#define FILE_PIPE_FULL_DUPLEX 0x00000002
-#define CcReadAhead(FO, FOFF, LEN) ( \
- if ((LEN) >= 256) { \
- CcScheduleReadAhead((FO), (FOFF), (LEN)); \
- } \
-)
+#define FILE_PIPE_DISCONNECTED_STATE 0x00000001
+#define FILE_PIPE_LISTENING_STATE 0x00000002
+#define FILE_PIPE_CONNECTED_STATE 0x00000003
+#define FILE_PIPE_CLOSING_STATE 0x00000004
-#if (VER_PRODUCTBUILD >= 2195)
+#define FILE_PIPE_CLIENT_END 0x00000000
+#define FILE_PIPE_SERVER_END 0x00000001
-NTKERNELAPI
-PVOID
-NTAPI
-CcRemapBcb (
- IN PVOID Bcb
-);
+#define FILE_CASE_SENSITIVE_SEARCH 0x00000001
+#define FILE_CASE_PRESERVED_NAMES 0x00000002
+#define FILE_UNICODE_ON_DISK 0x00000004
+#define FILE_PERSISTENT_ACLS 0x00000008
+#define FILE_FILE_COMPRESSION 0x00000010
+#define FILE_VOLUME_QUOTAS 0x00000020
+#define FILE_SUPPORTS_SPARSE_FILES 0x00000040
+#define FILE_SUPPORTS_REPARSE_POINTS 0x00000080
+#define FILE_SUPPORTS_REMOTE_STORAGE 0x00000100
+#define FILE_VOLUME_IS_COMPRESSED 0x00008000
+#define FILE_SUPPORTS_OBJECT_IDS 0x00010000
+#define FILE_SUPPORTS_ENCRYPTION 0x00020000
+#define FILE_NAMED_STREAMS 0x00040000
+#define FILE_READ_ONLY_VOLUME 0x00080000
+#define FILE_SEQUENTIAL_WRITE_ONCE 0x00100000
+#define FILE_SUPPORTS_TRANSACTIONS 0x00200000
+#define FILE_SUPPORTS_HARD_LINKS 0x00400000
+#define FILE_SUPPORTS_EXTENDED_ATTRIBUTES 0x00800000
+#define FILE_SUPPORTS_OPEN_BY_FILE_ID 0x01000000
+#define FILE_SUPPORTS_USN_JOURNAL 0x02000000
-#endif /* (VER_PRODUCTBUILD >= 2195) */
+#define FILE_NEED_EA 0x00000080
-NTKERNELAPI
-VOID
-NTAPI
-CcRepinBcb (
- IN PVOID Bcb
-);
+#define FILE_EA_TYPE_BINARY 0xfffe
+#define FILE_EA_TYPE_ASCII 0xfffd
+#define FILE_EA_TYPE_BITMAP 0xfffb
+#define FILE_EA_TYPE_METAFILE 0xfffa
+#define FILE_EA_TYPE_ICON 0xfff9
+#define FILE_EA_TYPE_EA 0xffee
+#define FILE_EA_TYPE_MVMT 0xffdf
+#define FILE_EA_TYPE_MVST 0xffde
+#define FILE_EA_TYPE_ASN1 0xffdd
+#define FILE_EA_TYPE_FAMILY_IDS 0xff01
-NTKERNELAPI
-VOID
-NTAPI
-CcScheduleReadAhead (
- IN PFILE_OBJECT FileObject,
- IN PLARGE_INTEGER FileOffset,
- IN ULONG Length
-);
+typedef struct _FILE_NOTIFY_INFORMATION {
+ ULONG NextEntryOffset;
+ ULONG Action;
+ ULONG FileNameLength;
+ WCHAR FileName[1];
+} FILE_NOTIFY_INFORMATION, *PFILE_NOTIFY_INFORMATION;
-NTKERNELAPI
-VOID
-NTAPI
-CcSetAdditionalCacheAttributes (
- IN PFILE_OBJECT FileObject,
- IN BOOLEAN DisableReadAhead,
- IN BOOLEAN DisableWriteBehind
-);
+typedef struct _FILE_DIRECTORY_INFORMATION {
+ ULONG NextEntryOffset;
+ ULONG FileIndex;
+ LARGE_INTEGER CreationTime;
+ LARGE_INTEGER LastAccessTime;
+ LARGE_INTEGER LastWriteTime;
+ LARGE_INTEGER ChangeTime;
+ LARGE_INTEGER EndOfFile;
+ LARGE_INTEGER AllocationSize;
+ ULONG FileAttributes;
+ ULONG FileNameLength;
+ WCHAR FileName[1];
+} FILE_DIRECTORY_INFORMATION, *PFILE_DIRECTORY_INFORMATION;
-NTKERNELAPI
-VOID
-NTAPI
-CcSetBcbOwnerPointer (
- IN PVOID Bcb,
- IN PVOID OwnerPointer
-);
+typedef struct _FILE_FULL_DIR_INFORMATION {
+ ULONG NextEntryOffset;
+ ULONG FileIndex;
+ LARGE_INTEGER CreationTime;
+ LARGE_INTEGER LastAccessTime;
+ LARGE_INTEGER LastWriteTime;
+ LARGE_INTEGER ChangeTime;
+ LARGE_INTEGER EndOfFile;
+ LARGE_INTEGER AllocationSize;
+ ULONG FileAttributes;
+ ULONG FileNameLength;
+ ULONG EaSize;
+ WCHAR FileName[1];
+} FILE_FULL_DIR_INFORMATION, *PFILE_FULL_DIR_INFORMATION;
-NTKERNELAPI
-VOID
-NTAPI
-CcSetDirtyPageThreshold (
- IN PFILE_OBJECT FileObject,
- IN ULONG DirtyPageThreshold
-);
+typedef struct _FILE_ID_FULL_DIR_INFORMATION {
+ ULONG NextEntryOffset;
+ ULONG FileIndex;
+ LARGE_INTEGER CreationTime;
+ LARGE_INTEGER LastAccessTime;
+ LARGE_INTEGER LastWriteTime;
+ LARGE_INTEGER ChangeTime;
+ LARGE_INTEGER EndOfFile;
+ LARGE_INTEGER AllocationSize;
+ ULONG FileAttributes;
+ ULONG FileNameLength;
+ ULONG EaSize;
+ LARGE_INTEGER FileId;
+ WCHAR FileName[1];
+} FILE_ID_FULL_DIR_INFORMATION, *PFILE_ID_FULL_DIR_INFORMATION;
-NTKERNELAPI
-VOID
-NTAPI
-CcSetDirtyPinnedData (
- IN PVOID BcbVoid,
- IN PLARGE_INTEGER Lsn OPTIONAL
-);
+typedef struct _FILE_BOTH_DIR_INFORMATION {
+ ULONG NextEntryOffset;
+ ULONG FileIndex;
+ LARGE_INTEGER CreationTime;
+ LARGE_INTEGER LastAccessTime;
+ LARGE_INTEGER LastWriteTime;
+ LARGE_INTEGER ChangeTime;
+ LARGE_INTEGER EndOfFile;
+ LARGE_INTEGER AllocationSize;
+ ULONG FileAttributes;
+ ULONG FileNameLength;
+ ULONG EaSize;
+ CCHAR ShortNameLength;
+ WCHAR ShortName[12];
+ WCHAR FileName[1];
+} FILE_BOTH_DIR_INFORMATION, *PFILE_BOTH_DIR_INFORMATION;
-NTKERNELAPI
-VOID
-NTAPI
-CcSetFileSizes (
- IN PFILE_OBJECT FileObject,
- IN PCC_FILE_SIZES FileSizes
-);
+typedef struct _FILE_ID_BOTH_DIR_INFORMATION {
+ ULONG NextEntryOffset;
+ ULONG FileIndex;
+ LARGE_INTEGER CreationTime;
+ LARGE_INTEGER LastAccessTime;
+ LARGE_INTEGER LastWriteTime;
+ LARGE_INTEGER ChangeTime;
+ LARGE_INTEGER EndOfFile;
+ LARGE_INTEGER AllocationSize;
+ ULONG FileAttributes;
+ ULONG FileNameLength;
+ ULONG EaSize;
+ CCHAR ShortNameLength;
+ WCHAR ShortName[12];
+ LARGE_INTEGER FileId;
+ WCHAR FileName[1];
+} FILE_ID_BOTH_DIR_INFORMATION, *PFILE_ID_BOTH_DIR_INFORMATION;
-typedef VOID (NTAPI *PFLUSH_TO_LSN) (
- IN PVOID LogHandle,
- IN LARGE_INTEGER Lsn
-);
+typedef struct _FILE_NAMES_INFORMATION {
+ ULONG NextEntryOffset;
+ ULONG FileIndex;
+ ULONG FileNameLength;
+ WCHAR FileName[1];
+} FILE_NAMES_INFORMATION, *PFILE_NAMES_INFORMATION;
-NTKERNELAPI
-VOID
-NTAPI
-CcSetLogHandleForFile (
- IN PFILE_OBJECT FileObject,
- IN PVOID LogHandle,
- IN PFLUSH_TO_LSN FlushToLsnRoutine
-);
+typedef struct _FILE_ID_GLOBAL_TX_DIR_INFORMATION {
+ ULONG NextEntryOffset;
+ ULONG FileIndex;
+ LARGE_INTEGER CreationTime;
+ LARGE_INTEGER LastAccessTime;
+ LARGE_INTEGER LastWriteTime;
+ LARGE_INTEGER ChangeTime;
+ LARGE_INTEGER EndOfFile;
+ LARGE_INTEGER AllocationSize;
+ ULONG FileAttributes;
+ ULONG FileNameLength;
+ LARGE_INTEGER FileId;
+ GUID LockingTransactionId;
+ ULONG TxInfoFlags;
+ WCHAR FileName[1];
+} FILE_ID_GLOBAL_TX_DIR_INFORMATION, *PFILE_ID_GLOBAL_TX_DIR_INFORMATION;
+
+#define FILE_ID_GLOBAL_TX_DIR_INFO_FLAG_WRITELOCKED 0x00000001
+#define FILE_ID_GLOBAL_TX_DIR_INFO_FLAG_VISIBLE_TO_TX 0x00000002
+#define FILE_ID_GLOBAL_TX_DIR_INFO_FLAG_VISIBLE_OUTSIDE_TX 0x00000004
-NTKERNELAPI
-VOID
-NTAPI
-CcSetReadAheadGranularity (
- IN PFILE_OBJECT FileObject,
- IN ULONG Granularity /* default: PAGE_SIZE */
- /* allowed: 2^n * PAGE_SIZE */
-);
+typedef struct _FILE_OBJECTID_INFORMATION {
+ LONGLONG FileReference;
+ UCHAR ObjectId[16];
+ _ANONYMOUS_UNION union {
+ __GNU_EXTENSION struct {
+ UCHAR BirthVolumeId[16];
+ UCHAR BirthObjectId[16];
+ UCHAR DomainId[16];
+ };
+ UCHAR ExtendedInfo[48];
+ } DUMMYUNIONNAME;
+} FILE_OBJECTID_INFORMATION, *PFILE_OBJECTID_INFORMATION;
-NTKERNELAPI
-BOOLEAN
-NTAPI
-CcUninitializeCacheMap (
- IN PFILE_OBJECT FileObject,
- IN PLARGE_INTEGER TruncateSize OPTIONAL,
- IN PCACHE_UNINITIALIZE_EVENT UninitializeCompleteEvent OPTIONAL
-);
+#define ANSI_DOS_STAR ('<')
+#define ANSI_DOS_QM ('>')
+#define ANSI_DOS_DOT ('"')
-NTKERNELAPI
-VOID
-NTAPI
-CcUnpinData (
- IN PVOID Bcb
-);
+#define DOS_STAR (L'<')
+#define DOS_QM (L'>')
+#define DOS_DOT (L'"')
-NTKERNELAPI
-VOID
-NTAPI
-CcUnpinDataForThread (
- IN PVOID Bcb,
- IN ERESOURCE_THREAD ResourceThreadId
-);
+typedef struct _FILE_INTERNAL_INFORMATION {
+ LARGE_INTEGER IndexNumber;
+} FILE_INTERNAL_INFORMATION, *PFILE_INTERNAL_INFORMATION;
-NTKERNELAPI
-VOID
-NTAPI
-CcUnpinRepinnedBcb (
- IN PVOID Bcb,
- IN BOOLEAN WriteThrough,
- OUT PIO_STATUS_BLOCK IoStatus
-);
+typedef struct _FILE_EA_INFORMATION {
+ ULONG EaSize;
+} FILE_EA_INFORMATION, *PFILE_EA_INFORMATION;
-#if (VER_PRODUCTBUILD >= 2195)
+typedef struct _FILE_ACCESS_INFORMATION {
+ ACCESS_MASK AccessFlags;
+} FILE_ACCESS_INFORMATION, *PFILE_ACCESS_INFORMATION;
-NTKERNELAPI
-NTSTATUS
-NTAPI
-CcWaitForCurrentLazyWriterActivity (
- VOID
-);
+typedef struct _FILE_MODE_INFORMATION {
+ ULONG Mode;
+} FILE_MODE_INFORMATION, *PFILE_MODE_INFORMATION;
-#endif /* (VER_PRODUCTBUILD >= 2195) */
+typedef struct _FILE_ALL_INFORMATION {
+ FILE_BASIC_INFORMATION BasicInformation;
+ FILE_STANDARD_INFORMATION StandardInformation;
+ FILE_INTERNAL_INFORMATION InternalInformation;
+ FILE_EA_INFORMATION EaInformation;
+ FILE_ACCESS_INFORMATION AccessInformation;
+ FILE_POSITION_INFORMATION PositionInformation;
+ FILE_MODE_INFORMATION ModeInformation;
+ FILE_ALIGNMENT_INFORMATION AlignmentInformation;
+ FILE_NAME_INFORMATION NameInformation;
+} FILE_ALL_INFORMATION, *PFILE_ALL_INFORMATION;
-NTKERNELAPI
-BOOLEAN
-NTAPI
-CcZeroData (
- IN PFILE_OBJECT FileObject,
- IN PLARGE_INTEGER StartOffset,
- IN PLARGE_INTEGER EndOffset,
- IN BOOLEAN Wait
-);
+typedef struct _FILE_ALLOCATION_INFORMATION {
+ LARGE_INTEGER AllocationSize;
+} FILE_ALLOCATION_INFORMATION, *PFILE_ALLOCATION_INFORMATION;
-NTKERNELAPI
-VOID
-NTAPI
-ExDisableResourceBoostLite (
- IN PERESOURCE Resource
-);
+typedef struct _FILE_COMPRESSION_INFORMATION {
+ LARGE_INTEGER CompressedFileSize;
+ USHORT CompressionFormat;
+ UCHAR CompressionUnitShift;
+ UCHAR ChunkShift;
+ UCHAR ClusterShift;
+ UCHAR Reserved[3];
+} FILE_COMPRESSION_INFORMATION, *PFILE_COMPRESSION_INFORMATION;
-NTKERNELAPI
-SIZE_T
-NTAPI
-ExQueryPoolBlockSize (
- IN PVOID PoolBlock,
- OUT PBOOLEAN QuotaCharged
-);
+typedef struct _FILE_LINK_INFORMATION {
+ BOOLEAN ReplaceIfExists;
+ HANDLE RootDirectory;
+ ULONG FileNameLength;
+ WCHAR FileName[1];
+} FILE_LINK_INFORMATION, *PFILE_LINK_INFORMATION;
-#if (VER_PRODUCTBUILD >= 2600)
+typedef struct _FILE_MOVE_CLUSTER_INFORMATION {
+ ULONG ClusterCount;
+ HANDLE RootDirectory;
+ ULONG FileNameLength;
+ WCHAR FileName[1];
+} FILE_MOVE_CLUSTER_INFORMATION, *PFILE_MOVE_CLUSTER_INFORMATION;
-#ifndef __NTOSKRNL__
-NTKERNELAPI
-VOID
-FASTCALL
-ExInitializeRundownProtection (
- IN PEX_RUNDOWN_REF RunRef
-);
+typedef struct _FILE_RENAME_INFORMATION {
+ BOOLEAN ReplaceIfExists;
+ HANDLE RootDirectory;
+ ULONG FileNameLength;
+ WCHAR FileName[1];
+} FILE_RENAME_INFORMATION, *PFILE_RENAME_INFORMATION;
-NTKERNELAPI
-VOID
-FASTCALL
-ExReInitializeRundownProtection (
- IN PEX_RUNDOWN_REF RunRef
-);
+typedef struct _FILE_STREAM_INFORMATION {
+ ULONG NextEntryOffset;
+ ULONG StreamNameLength;
+ LARGE_INTEGER StreamSize;
+ LARGE_INTEGER StreamAllocationSize;
+ WCHAR StreamName[1];
+} FILE_STREAM_INFORMATION, *PFILE_STREAM_INFORMATION;
-NTKERNELAPI
-BOOLEAN
-FASTCALL
-ExAcquireRundownProtection (
- IN PEX_RUNDOWN_REF RunRef
-);
+typedef struct _FILE_TRACKING_INFORMATION {
+ HANDLE DestinationFile;
+ ULONG ObjectInformationLength;
+ CHAR ObjectInformation[1];
+} FILE_TRACKING_INFORMATION, *PFILE_TRACKING_INFORMATION;
-NTKERNELAPI
-BOOLEAN
-FASTCALL
-ExAcquireRundownProtectionEx (
- IN PEX_RUNDOWN_REF RunRef,
- IN ULONG Count
-);
+typedef struct _FILE_COMPLETION_INFORMATION {
+ HANDLE Port;
+ PVOID Key;
+} FILE_COMPLETION_INFORMATION, *PFILE_COMPLETION_INFORMATION;
-NTKERNELAPI
-VOID
-FASTCALL
-ExReleaseRundownProtection (
- IN PEX_RUNDOWN_REF RunRef
-);
+typedef struct _FILE_PIPE_INFORMATION {
+ ULONG ReadMode;
+ ULONG CompletionMode;
+} FILE_PIPE_INFORMATION, *PFILE_PIPE_INFORMATION;
-NTKERNELAPI
-VOID
-FASTCALL
-ExReleaseRundownProtectionEx (
- IN PEX_RUNDOWN_REF RunRef,
- IN ULONG Count
-);
+typedef struct _FILE_PIPE_LOCAL_INFORMATION {
+ ULONG NamedPipeType;
+ ULONG NamedPipeConfiguration;
+ ULONG MaximumInstances;
+ ULONG CurrentInstances;
+ ULONG InboundQuota;
+ ULONG ReadDataAvailable;
+ ULONG OutboundQuota;
+ ULONG WriteQuotaAvailable;
+ ULONG NamedPipeState;
+ ULONG NamedPipeEnd;
+} FILE_PIPE_LOCAL_INFORMATION, *PFILE_PIPE_LOCAL_INFORMATION;
-NTKERNELAPI
-VOID
-FASTCALL
-ExRundownCompleted (
- IN PEX_RUNDOWN_REF RunRef
-);
+typedef struct _FILE_PIPE_REMOTE_INFORMATION {
+ LARGE_INTEGER CollectDataTime;
+ ULONG MaximumCollectionCount;
+} FILE_PIPE_REMOTE_INFORMATION, *PFILE_PIPE_REMOTE_INFORMATION;
-NTKERNELAPI
-VOID
-FASTCALL
-ExWaitForRundownProtectionRelease (
- IN PEX_RUNDOWN_REF RunRef
-);
+typedef struct _FILE_MAILSLOT_QUERY_INFORMATION {
+ ULONG MaximumMessageSize;
+ ULONG MailslotQuota;
+ ULONG NextMessageSize;
+ ULONG MessagesAvailable;
+ LARGE_INTEGER ReadTimeout;
+} FILE_MAILSLOT_QUERY_INFORMATION, *PFILE_MAILSLOT_QUERY_INFORMATION;
-#endif
-#endif /* (VER_PRODUCTBUILD >= 2600) */
+typedef struct _FILE_MAILSLOT_SET_INFORMATION {
+ PLARGE_INTEGER ReadTimeout;
+} FILE_MAILSLOT_SET_INFORMATION, *PFILE_MAILSLOT_SET_INFORMATION;
+typedef struct _FILE_REPARSE_POINT_INFORMATION {
+ LONGLONG FileReference;
+ ULONG Tag;
+} FILE_REPARSE_POINT_INFORMATION, *PFILE_REPARSE_POINT_INFORMATION;
-#define FsRtlSetupAdvancedHeader( _advhdr, _fmutx ) \
-{ \
- SetFlag( (_advhdr)->Flags, FSRTL_FLAG_ADVANCED_HEADER ); \
- SetFlag( (_advhdr)->Flags2, FSRTL_FLAG2_SUPPORTS_FILTER_CONTEXTS ); \
- (_advhdr)->Version = FSRTL_FCB_HEADER_V1; \
- InitializeListHead( &(_advhdr)->FilterContexts ); \
- if ((_fmutx) != NULL) { \
- (_advhdr)->FastMutex = (_fmutx); \
- } \
- *((PULONG_PTR)(&(_advhdr)->PushLock)) = 0; \
- /*ExInitializePushLock( &(_advhdr)->PushLock ); API Not avaliable downlevel*/\
- (_advhdr)->FileContextSupportPointer = NULL; \
-}
+typedef struct _FILE_LINK_ENTRY_INFORMATION {
+ ULONG NextEntryOffset;
+ LONGLONG ParentFileId;
+ ULONG FileNameLength;
+ WCHAR FileName[1];
+} FILE_LINK_ENTRY_INFORMATION, *PFILE_LINK_ENTRY_INFORMATION;
+
+typedef struct _FILE_LINKS_INFORMATION {
+ ULONG BytesNeeded;
+ ULONG EntriesReturned;
+ FILE_LINK_ENTRY_INFORMATION Entry;
+} FILE_LINKS_INFORMATION, *PFILE_LINKS_INFORMATION;
+
+typedef struct _FILE_NETWORK_PHYSICAL_NAME_INFORMATION {
+ ULONG FileNameLength;
+ WCHAR FileName[1];
+} FILE_NETWORK_PHYSICAL_NAME_INFORMATION, *PFILE_NETWORK_PHYSICAL_NAME_INFORMATION;
+
+typedef struct _FILE_STANDARD_LINK_INFORMATION {
+ ULONG NumberOfAccessibleLinks;
+ ULONG TotalNumberOfLinks;
+ BOOLEAN DeletePending;
+ BOOLEAN Directory;
+} FILE_STANDARD_LINK_INFORMATION, *PFILE_STANDARD_LINK_INFORMATION;
-NTKERNELAPI
-BOOLEAN
-NTAPI
-FsRtlAddBaseMcbEntry (
- IN PBASE_MCB Mcb,
- IN LONGLONG Vbn,
- IN LONGLONG Lbn,
- IN LONGLONG SectorCount
-);
+typedef struct _FILE_GET_EA_INFORMATION {
+ ULONG NextEntryOffset;
+ UCHAR EaNameLength;
+ CHAR EaName[1];
+} FILE_GET_EA_INFORMATION, *PFILE_GET_EA_INFORMATION;
-NTKERNELAPI
-BOOLEAN
-NTAPI
-FsRtlAddLargeMcbEntry (
- IN PLARGE_MCB Mcb,
- IN LONGLONG Vbn,
- IN LONGLONG Lbn,
- IN LONGLONG SectorCount
-);
+#define REMOTE_PROTOCOL_FLAG_LOOPBACK 0x00000001
+#define REMOTE_PROTOCOL_FLAG_OFFLINE 0x00000002
+
+typedef struct _FILE_REMOTE_PROTOCOL_INFORMATION {
+ USHORT StructureVersion;
+ USHORT StructureSize;
+ ULONG Protocol;
+ USHORT ProtocolMajorVersion;
+ USHORT ProtocolMinorVersion;
+ USHORT ProtocolRevision;
+ USHORT Reserved;
+ ULONG Flags;
+ struct {
+ ULONG Reserved[8];
+ } GenericReserved;
+ struct {
+ ULONG Reserved[16];
+ } ProtocolSpecificReserved;
+} FILE_REMOTE_PROTOCOL_INFORMATION, *PFILE_REMOTE_PROTOCOL_INFORMATION;
-NTKERNELAPI
-BOOLEAN
-NTAPI
-FsRtlAddMcbEntry (
- IN PMCB Mcb,
- IN VBN Vbn,
- IN LBN Lbn,
- IN ULONG SectorCount
-);
+typedef struct _FILE_GET_QUOTA_INFORMATION {
+ ULONG NextEntryOffset;
+ ULONG SidLength;
+ SID Sid;
+} FILE_GET_QUOTA_INFORMATION, *PFILE_GET_QUOTA_INFORMATION;
-NTKERNELAPI
-VOID
-NTAPI
-FsRtlAddToTunnelCache (
- IN PTUNNEL Cache,
- IN ULONGLONG DirectoryKey,
- IN PUNICODE_STRING ShortName,
- IN PUNICODE_STRING LongName,
- IN BOOLEAN KeyByShortName,
- IN ULONG DataLength,
- IN PVOID Data
-);
+typedef struct _FILE_QUOTA_INFORMATION {
+ ULONG NextEntryOffset;
+ ULONG SidLength;
+ LARGE_INTEGER ChangeTime;
+ LARGE_INTEGER QuotaUsed;
+ LARGE_INTEGER QuotaThreshold;
+ LARGE_INTEGER QuotaLimit;
+ SID Sid;
+} FILE_QUOTA_INFORMATION, *PFILE_QUOTA_INFORMATION;
-#if (VER_PRODUCTBUILD >= 2195)
+typedef struct _FILE_FS_ATTRIBUTE_INFORMATION {
+ ULONG FileSystemAttributes;
+ ULONG MaximumComponentNameLength;
+ ULONG FileSystemNameLength;
+ WCHAR FileSystemName[1];
+} FILE_FS_ATTRIBUTE_INFORMATION, *PFILE_FS_ATTRIBUTE_INFORMATION;
-PFILE_LOCK
-NTAPI
-FsRtlAllocateFileLock (
- IN PCOMPLETE_LOCK_IRP_ROUTINE CompleteLockIrpRoutine OPTIONAL,
- IN PUNLOCK_ROUTINE UnlockRoutine OPTIONAL
-);
+typedef struct _FILE_FS_DRIVER_PATH_INFORMATION {
+ BOOLEAN DriverInPath;
+ ULONG DriverNameLength;
+ WCHAR DriverName[1];
+} FILE_FS_DRIVER_PATH_INFORMATION, *PFILE_FS_DRIVER_PATH_INFORMATION;
-#endif /* (VER_PRODUCTBUILD >= 2195) */
+typedef struct _FILE_FS_VOLUME_FLAGS_INFORMATION {
+ ULONG Flags;
+} FILE_FS_VOLUME_FLAGS_INFORMATION, *PFILE_FS_VOLUME_FLAGS_INFORMATION;
-NTKERNELAPI
-PVOID
-NTAPI
-FsRtlAllocatePool (
- IN POOL_TYPE PoolType,
- IN ULONG NumberOfBytes
-);
+#define FILE_VC_QUOTA_NONE 0x00000000
+#define FILE_VC_QUOTA_TRACK 0x00000001
+#define FILE_VC_QUOTA_ENFORCE 0x00000002
+#define FILE_VC_QUOTA_MASK 0x00000003
+#define FILE_VC_CONTENT_INDEX_DISABLED 0x00000008
+#define FILE_VC_LOG_QUOTA_THRESHOLD 0x00000010
+#define FILE_VC_LOG_QUOTA_LIMIT 0x00000020
+#define FILE_VC_LOG_VOLUME_THRESHOLD 0x00000040
+#define FILE_VC_LOG_VOLUME_LIMIT 0x00000080
+#define FILE_VC_QUOTAS_INCOMPLETE 0x00000100
+#define FILE_VC_QUOTAS_REBUILDING 0x00000200
+#define FILE_VC_VALID_MASK 0x000003ff
-NTKERNELAPI
-PVOID
-NTAPI
-FsRtlAllocatePoolWithQuota (
- IN POOL_TYPE PoolType,
- IN ULONG NumberOfBytes
-);
+typedef struct _FILE_FS_CONTROL_INFORMATION {
+ LARGE_INTEGER FreeSpaceStartFiltering;
+ LARGE_INTEGER FreeSpaceThreshold;
+ LARGE_INTEGER FreeSpaceStopFiltering;
+ LARGE_INTEGER DefaultQuotaThreshold;
+ LARGE_INTEGER DefaultQuotaLimit;
+ ULONG FileSystemControlFlags;
+} FILE_FS_CONTROL_INFORMATION, *PFILE_FS_CONTROL_INFORMATION;
-NTKERNELAPI
-PVOID
-NTAPI
-FsRtlAllocatePoolWithQuotaTag (
- IN POOL_TYPE PoolType,
- IN ULONG NumberOfBytes,
- IN ULONG Tag
-);
+#ifndef _FILESYSTEMFSCTL_
+#define _FILESYSTEMFSCTL_
-NTKERNELAPI
-PVOID
-NTAPI
-FsRtlAllocatePoolWithTag (
- IN POOL_TYPE PoolType,
- IN ULONG NumberOfBytes,
- IN ULONG Tag
-);
+#define FSCTL_REQUEST_OPLOCK_LEVEL_1 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 0, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_REQUEST_OPLOCK_LEVEL_2 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 1, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_REQUEST_BATCH_OPLOCK CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 2, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_OPLOCK_BREAK_ACKNOWLEDGE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 3, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_OPBATCH_ACK_CLOSE_PENDING CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 4, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_OPLOCK_BREAK_NOTIFY CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 5, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_LOCK_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 6, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_UNLOCK_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 7, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_DISMOUNT_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 8, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_IS_VOLUME_MOUNTED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 10, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_IS_PATHNAME_VALID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 11, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_MARK_VOLUME_DIRTY CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 12, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_QUERY_RETRIEVAL_POINTERS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 14, METHOD_NEITHER, FILE_ANY_ACCESS)
+#define FSCTL_GET_COMPRESSION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 15, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_SET_COMPRESSION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 16, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA)
+#define FSCTL_SET_BOOTLOADER_ACCESSED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 19, METHOD_NEITHER, FILE_ANY_ACCESS)
-NTKERNELAPI
-BOOLEAN
-NTAPI
-FsRtlAreNamesEqual (
- IN PCUNICODE_STRING Name1,
- IN PCUNICODE_STRING Name2,
- IN BOOLEAN IgnoreCase,
- IN PCWCH UpcaseTable OPTIONAL
-);
+#define FSCTL_OPLOCK_BREAK_ACK_NO_2 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 20, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_INVALIDATE_VOLUMES CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 21, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_QUERY_FAT_BPB CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 22, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_REQUEST_FILTER_OPLOCK CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 23, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_FILESYSTEM_GET_STATISTICS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 24, METHOD_BUFFERED, FILE_ANY_ACCESS)
-#define FsRtlAreThereCurrentFileLocks(FL) ( \
- ((FL)->FastIoIsQuestionable) \
-)
+#if (_WIN32_WINNT >= 0x0400)
-/*
- FsRtlCheckLockForReadAccess:
+#define FSCTL_GET_NTFS_VOLUME_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 25, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_GET_NTFS_FILE_RECORD CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 26, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_GET_VOLUME_BITMAP CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 27, METHOD_NEITHER, FILE_ANY_ACCESS)
+#define FSCTL_GET_RETRIEVAL_POINTERS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 28, METHOD_NEITHER, FILE_ANY_ACCESS)
+#define FSCTL_MOVE_FILE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 29, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_IS_VOLUME_DIRTY CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 30, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_ALLOW_EXTENDED_DASD_IO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 32, METHOD_NEITHER, FILE_ANY_ACCESS)
- All this really does is pick out the lock parameters from the irp (io stack
- location?), get IoGetRequestorProcess, and pass values on to
- FsRtlFastCheckLockForRead.
-*/
-NTKERNELAPI
-BOOLEAN
-NTAPI
-FsRtlCheckLockForReadAccess (
- IN PFILE_LOCK FileLock,
- IN PIRP Irp
-);
+#endif
-/*
- FsRtlCheckLockForWriteAccess:
+#if (_WIN32_WINNT >= 0x0500)
- All this really does is pick out the lock parameters from the irp (io stack
- location?), get IoGetRequestorProcess, and pass values on to
- FsRtlFastCheckLockForWrite.
-*/
-NTKERNELAPI
-BOOLEAN
-NTAPI
-FsRtlCheckLockForWriteAccess (
- IN PFILE_LOCK FileLock,
- IN PIRP Irp
-);
+#define FSCTL_FIND_FILES_BY_SID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 35, METHOD_NEITHER, FILE_ANY_ACCESS)
+#define FSCTL_SET_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 38, METHOD_BUFFERED, FILE_WRITE_DATA)
+#define FSCTL_GET_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 39, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_DELETE_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 40, METHOD_BUFFERED, FILE_WRITE_DATA)
+#define FSCTL_SET_REPARSE_POINT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 41, METHOD_BUFFERED, FILE_WRITE_DATA)
+#define FSCTL_GET_REPARSE_POINT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 42, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_DELETE_REPARSE_POINT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 43, METHOD_BUFFERED, FILE_WRITE_DATA)
+#define FSCTL_ENUM_USN_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 44, METHOD_NEITHER, FILE_READ_DATA)
+#define FSCTL_SECURITY_ID_CHECK CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 45, METHOD_NEITHER, FILE_READ_DATA)
+#define FSCTL_READ_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 46, METHOD_NEITHER, FILE_READ_DATA)
+#define FSCTL_SET_OBJECT_ID_EXTENDED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 47, METHOD_BUFFERED, FILE_WRITE_DATA)
+#define FSCTL_CREATE_OR_GET_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 48, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_SET_SPARSE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 49, METHOD_BUFFERED, FILE_WRITE_DATA)
+#define FSCTL_SET_ZERO_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 50, METHOD_BUFFERED, FILE_WRITE_DATA)
+#define FSCTL_QUERY_ALLOCATED_RANGES CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 51, METHOD_NEITHER, FILE_READ_DATA)
+#define FSCTL_ENABLE_UPGRADE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 52, METHOD_BUFFERED, FILE_WRITE_DATA)
+#define FSCTL_SET_ENCRYPTION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 53, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_ENCRYPTION_FSCTL_IO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 54, METHOD_NEITHER, FILE_ANY_ACCESS)
+#define FSCTL_WRITE_RAW_ENCRYPTED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 55, METHOD_NEITHER, FILE_ANY_ACCESS)
+#define FSCTL_READ_RAW_ENCRYPTED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 56, METHOD_NEITHER, FILE_ANY_ACCESS)
+#define FSCTL_CREATE_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 57, METHOD_NEITHER, FILE_READ_DATA)
+#define FSCTL_READ_FILE_USN_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 58, METHOD_NEITHER, FILE_READ_DATA)
+#define FSCTL_WRITE_USN_CLOSE_RECORD CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 59, METHOD_NEITHER, FILE_READ_DATA)
+#define FSCTL_EXTEND_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 60, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_QUERY_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 61, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_DELETE_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 62, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_MARK_HANDLE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 63, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_SIS_COPYFILE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 64, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_SIS_LINK_FILES CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 65, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA)
+#define FSCTL_RECALL_FILE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 69, METHOD_NEITHER, FILE_ANY_ACCESS)
+#define FSCTL_READ_FROM_PLEX CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 71, METHOD_OUT_DIRECT, FILE_READ_DATA)
+#define FSCTL_FILE_PREFETCH CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 72, METHOD_BUFFERED, FILE_SPECIAL_ACCESS)
-typedef
-VOID
-(NTAPI*POPLOCK_WAIT_COMPLETE_ROUTINE) (
- IN PVOID Context,
- IN PIRP Irp
-);
+#endif
-typedef
-VOID
-(NTAPI*POPLOCK_FS_PREPOST_IRP) (
- IN PVOID Context,
- IN PIRP Irp
-);
+#if (_WIN32_WINNT >= 0x0600)
+
+#define FSCTL_MAKE_MEDIA_COMPATIBLE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 76, METHOD_BUFFERED, FILE_WRITE_DATA)
+#define FSCTL_SET_DEFECT_MANAGEMENT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 77, METHOD_BUFFERED, FILE_WRITE_DATA)
+#define FSCTL_QUERY_SPARING_INFO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 78, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_QUERY_ON_DISK_VOLUME_INFO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 79, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_SET_VOLUME_COMPRESSION_STATE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 80, METHOD_BUFFERED, FILE_SPECIAL_ACCESS)
+#define FSCTL_TXFS_MODIFY_RM CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 81, METHOD_BUFFERED, FILE_WRITE_DATA)
+#define FSCTL_TXFS_QUERY_RM_INFORMATION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 82, METHOD_BUFFERED, FILE_READ_DATA)
+#define FSCTL_TXFS_ROLLFORWARD_REDO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 84, METHOD_BUFFERED, FILE_WRITE_DATA)
+#define FSCTL_TXFS_ROLLFORWARD_UNDO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 85, METHOD_BUFFERED, FILE_WRITE_DATA)
+#define FSCTL_TXFS_START_RM CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 86, METHOD_BUFFERED, FILE_WRITE_DATA)
+#define FSCTL_TXFS_SHUTDOWN_RM CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 87, METHOD_BUFFERED, FILE_WRITE_DATA)
+#define FSCTL_TXFS_READ_BACKUP_INFORMATION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 88, METHOD_BUFFERED, FILE_READ_DATA)
+#define FSCTL_TXFS_WRITE_BACKUP_INFORMATION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 89, METHOD_BUFFERED, FILE_WRITE_DATA)
+#define FSCTL_TXFS_CREATE_SECONDARY_RM CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 90, METHOD_BUFFERED, FILE_WRITE_DATA)
+#define FSCTL_TXFS_GET_METADATA_INFO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 91, METHOD_BUFFERED, FILE_READ_DATA)
+#define FSCTL_TXFS_GET_TRANSACTED_VERSION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 92, METHOD_BUFFERED, FILE_READ_DATA)
+#define FSCTL_TXFS_SAVEPOINT_INFORMATION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 94, METHOD_BUFFERED, FILE_WRITE_DATA)
+#define FSCTL_TXFS_CREATE_MINIVERSION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 95, METHOD_BUFFERED, FILE_WRITE_DATA)
+#define FSCTL_TXFS_TRANSACTION_ACTIVE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 99, METHOD_BUFFERED, FILE_READ_DATA)
+#define FSCTL_SET_ZERO_ON_DEALLOCATION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 101, METHOD_BUFFERED, FILE_SPECIAL_ACCESS)
+#define FSCTL_SET_REPAIR CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 102, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_GET_REPAIR CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 103, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_WAIT_FOR_REPAIR CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 104, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_INITIATE_REPAIR CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 106, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_CSC_INTERNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 107, METHOD_NEITHER, FILE_ANY_ACCESS)
+#define FSCTL_SHRINK_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 108, METHOD_BUFFERED, FILE_SPECIAL_ACCESS)
+#define FSCTL_SET_SHORT_NAME_BEHAVIOR CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 109, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_DFSR_SET_GHOST_HANDLE_STATE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 110, METHOD_BUFFERED, FILE_ANY_ACCESS)
+
+#define FSCTL_TXFS_LIST_TRANSACTION_LOCKED_FILES \
+ CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 120, METHOD_BUFFERED, FILE_READ_DATA)
+#define FSCTL_TXFS_LIST_TRANSACTIONS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 121, METHOD_BUFFERED, FILE_READ_DATA)
+#define FSCTL_QUERY_PAGEFILE_ENCRYPTION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 122, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_RESET_VOLUME_ALLOCATION_HINTS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 123, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_TXFS_READ_BACKUP_INFORMATION2 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 126, METHOD_BUFFERED, FILE_ANY_ACCESS)
-NTKERNELAPI
-NTSTATUS
-NTAPI
-FsRtlCheckOplock (
- IN POPLOCK Oplock,
- IN PIRP Irp,
- IN PVOID Context,
- IN POPLOCK_WAIT_COMPLETE_ROUTINE CompletionRoutine OPTIONAL,
- IN POPLOCK_FS_PREPOST_IRP PostIrpRoutine OPTIONAL
-);
+#endif
-NTKERNELAPI
-BOOLEAN
-NTAPI
-FsRtlCopyRead (
- IN PFILE_OBJECT FileObject,
- IN PLARGE_INTEGER FileOffset,
- IN ULONG Length,
- IN BOOLEAN Wait,
- IN ULONG LockKey,
- OUT PVOID Buffer,
- OUT PIO_STATUS_BLOCK IoStatus,
- IN PDEVICE_OBJECT DeviceObject
-);
+#if (_WIN32_WINNT >= 0x0601)
-NTKERNELAPI
-BOOLEAN
-NTAPI
-FsRtlCopyWrite (
- IN PFILE_OBJECT FileObject,
- IN PLARGE_INTEGER FileOffset,
- IN ULONG Length,
- IN BOOLEAN Wait,
- IN ULONG LockKey,
- IN PVOID Buffer,
- OUT PIO_STATUS_BLOCK IoStatus,
- IN PDEVICE_OBJECT DeviceObject
-);
+#define FSCTL_QUERY_DEPENDENT_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 124, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_SD_GLOBAL_CHANGE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 125, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_LOOKUP_STREAM_FROM_CLUSTER CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 127, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_TXFS_WRITE_BACKUP_INFORMATION2 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 128, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_FILE_TYPE_NOTIFICATION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 129, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_GET_BOOT_AREA_INFO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 140, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_GET_RETRIEVAL_POINTER_BASE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 141, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_SET_PERSISTENT_VOLUME_STATE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 142, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_QUERY_PERSISTENT_VOLUME_STATE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 143, METHOD_BUFFERED, FILE_ANY_ACCESS)
-#define HEAP_NO_SERIALIZE 0x00000001
-#define HEAP_GROWABLE 0x00000002
-#define HEAP_GENERATE_EXCEPTIONS 0x00000004
-#define HEAP_ZERO_MEMORY 0x00000008
-#define HEAP_REALLOC_IN_PLACE_ONLY 0x00000010
-#define HEAP_TAIL_CHECKING_ENABLED 0x00000020
-#define HEAP_FREE_CHECKING_ENABLED 0x00000040
-#define HEAP_DISABLE_COALESCE_ON_FREE 0x00000080
+#define FSCTL_REQUEST_OPLOCK CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 144, METHOD_BUFFERED, FILE_ANY_ACCESS)
-#define HEAP_CREATE_ALIGN_16 0x00010000
-#define HEAP_CREATE_ENABLE_TRACING 0x00020000
-#define HEAP_CREATE_ENABLE_EXECUTE 0x00040000
+#define FSCTL_CSV_TUNNEL_REQUEST CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 145, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_IS_CSV_FILE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 146, METHOD_BUFFERED, FILE_ANY_ACCESS)
-NTSYSAPI
-PVOID
-NTAPI
-RtlCreateHeap (
- IN ULONG Flags,
- IN PVOID HeapBase OPTIONAL,
- IN SIZE_T ReserveSize OPTIONAL,
- IN SIZE_T CommitSize OPTIONAL,
- IN PVOID Lock OPTIONAL,
- IN PRTL_HEAP_PARAMETERS Parameters OPTIONAL
-);
+#define FSCTL_QUERY_FILE_SYSTEM_RECOGNITION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 147, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_CSV_GET_VOLUME_PATH_NAME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 148, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_CSV_GET_VOLUME_NAME_FOR_VOLUME_MOUNT_POINT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 149, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_CSV_GET_VOLUME_PATH_NAMES_FOR_VOLUME_NAME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 150, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_IS_FILE_ON_CSV_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 151, METHOD_BUFFERED, FILE_ANY_ACCESS)
-NTKERNELAPI
-BOOLEAN
-NTAPI
-FsRtlCurrentBatchOplock (
- IN POPLOCK Oplock
-);
+typedef struct _CSV_NAMESPACE_INFO {
+ ULONG Version;
+ ULONG DeviceNumber;
+ LARGE_INTEGER StartingOffset;
+ ULONG SectorSize;
+} CSV_NAMESPACE_INFO, *PCSV_NAMESPACE_INFO;
-NTKERNELAPI
-VOID
-NTAPI
-FsRtlDeleteKeyFromTunnelCache (
- IN PTUNNEL Cache,
- IN ULONGLONG DirectoryKey
-);
+#define CSV_NAMESPACE_INFO_V1 (sizeof(CSV_NAMESPACE_INFO))
+#define CSV_INVALID_DEVICE_NUMBER 0xFFFFFFFF
-NTKERNELAPI
-VOID
-NTAPI
-FsRtlDeleteTunnelCache (
- IN PTUNNEL Cache
-);
+#endif
-NTKERNELAPI
-VOID
-NTAPI
-FsRtlDeregisterUncProvider (
- IN HANDLE Handle
-);
+#define FSCTL_MARK_AS_SYSTEM_HIVE FSCTL_SET_BOOTLOADER_ACCESSED
-NTSYSAPI
-PVOID
-NTAPI
-RtlDestroyHeap(
- IN PVOID HeapHandle
-);
+typedef struct _PATHNAME_BUFFER {
+ ULONG PathNameLength;
+ WCHAR Name[1];
+} PATHNAME_BUFFER, *PPATHNAME_BUFFER;
-NTKERNELAPI
-VOID
-NTAPI
-FsRtlDissectDbcs (
- IN ANSI_STRING Name,
- OUT PANSI_STRING FirstPart,
- OUT PANSI_STRING RemainingPart
-);
+typedef struct _FSCTL_QUERY_FAT_BPB_BUFFER {
+ UCHAR First0x24BytesOfBootSector[0x24];
+} FSCTL_QUERY_FAT_BPB_BUFFER, *PFSCTL_QUERY_FAT_BPB_BUFFER;
+
+#if (_WIN32_WINNT >= 0x0400)
+
+typedef struct _NTFS_VOLUME_DATA_BUFFER {
+ LARGE_INTEGER VolumeSerialNumber;
+ LARGE_INTEGER NumberSectors;
+ LARGE_INTEGER TotalClusters;
+ LARGE_INTEGER FreeClusters;
+ LARGE_INTEGER TotalReserved;
+ ULONG BytesPerSector;
+ ULONG BytesPerCluster;
+ ULONG BytesPerFileRecordSegment;
+ ULONG ClustersPerFileRecordSegment;
+ LARGE_INTEGER MftValidDataLength;
+ LARGE_INTEGER MftStartLcn;
+ LARGE_INTEGER Mft2StartLcn;
+ LARGE_INTEGER MftZoneStart;
+ LARGE_INTEGER MftZoneEnd;
+} NTFS_VOLUME_DATA_BUFFER, *PNTFS_VOLUME_DATA_BUFFER;
+
+typedef struct _NTFS_EXTENDED_VOLUME_DATA {
+ ULONG ByteCount;
+ USHORT MajorVersion;
+ USHORT MinorVersion;
+} NTFS_EXTENDED_VOLUME_DATA, *PNTFS_EXTENDED_VOLUME_DATA;
+
+typedef struct _STARTING_LCN_INPUT_BUFFER {
+ LARGE_INTEGER StartingLcn;
+} STARTING_LCN_INPUT_BUFFER, *PSTARTING_LCN_INPUT_BUFFER;
-NTKERNELAPI
-VOID
-NTAPI
-FsRtlDissectName (
- IN UNICODE_STRING Name,
- OUT PUNICODE_STRING FirstPart,
- OUT PUNICODE_STRING RemainingPart
-);
+typedef struct _VOLUME_BITMAP_BUFFER {
+ LARGE_INTEGER StartingLcn;
+ LARGE_INTEGER BitmapSize;
+ UCHAR Buffer[1];
+} VOLUME_BITMAP_BUFFER, *PVOLUME_BITMAP_BUFFER;
-NTKERNELAPI
-BOOLEAN
-NTAPI
-FsRtlDoesDbcsContainWildCards (
- IN PANSI_STRING Name
-);
+typedef struct _STARTING_VCN_INPUT_BUFFER {
+ LARGE_INTEGER StartingVcn;
+} STARTING_VCN_INPUT_BUFFER, *PSTARTING_VCN_INPUT_BUFFER;
-NTKERNELAPI
-BOOLEAN
-NTAPI
-FsRtlDoesNameContainWildCards (
- IN PUNICODE_STRING Name
-);
+typedef struct _RETRIEVAL_POINTERS_BUFFER {
+ ULONG ExtentCount;
+ LARGE_INTEGER StartingVcn;
+ struct {
+ LARGE_INTEGER NextVcn;
+ LARGE_INTEGER Lcn;
+ } Extents[1];
+} RETRIEVAL_POINTERS_BUFFER, *PRETRIEVAL_POINTERS_BUFFER;
-NTKERNELAPI
-BOOLEAN
-NTAPI
-FsRtlIsFatDbcsLegal (
- IN ANSI_STRING DbcsName,
- IN BOOLEAN WildCardsPermissible,
- IN BOOLEAN PathNamePermissible,
- IN BOOLEAN LeadingBackslashPermissible
- );
+typedef struct _NTFS_FILE_RECORD_INPUT_BUFFER {
+ LARGE_INTEGER FileReferenceNumber;
+} NTFS_FILE_RECORD_INPUT_BUFFER, *PNTFS_FILE_RECORD_INPUT_BUFFER;
+typedef struct _NTFS_FILE_RECORD_OUTPUT_BUFFER {
+ LARGE_INTEGER FileReferenceNumber;
+ ULONG FileRecordLength;
+ UCHAR FileRecordBuffer[1];
+} NTFS_FILE_RECORD_OUTPUT_BUFFER, *PNTFS_FILE_RECORD_OUTPUT_BUFFER;
-#define FsRtlCompleteRequest(IRP,STATUS) { \
- (IRP)->IoStatus.Status = (STATUS); \
- IoCompleteRequest( (IRP), IO_DISK_INCREMENT ); \
-}
+typedef struct _MOVE_FILE_DATA {
+ HANDLE FileHandle;
+ LARGE_INTEGER StartingVcn;
+ LARGE_INTEGER StartingLcn;
+ ULONG ClusterCount;
+} MOVE_FILE_DATA, *PMOVE_FILE_DATA;
+
+typedef struct _MOVE_FILE_RECORD_DATA {
+ HANDLE FileHandle;
+ LARGE_INTEGER SourceFileRecord;
+ LARGE_INTEGER TargetFileRecord;
+} MOVE_FILE_RECORD_DATA, *PMOVE_FILE_RECORD_DATA;
+
+#if defined(_WIN64)
+typedef struct _MOVE_FILE_DATA32 {
+ UINT32 FileHandle;
+ LARGE_INTEGER StartingVcn;
+ LARGE_INTEGER StartingLcn;
+ ULONG ClusterCount;
+} MOVE_FILE_DATA32, *PMOVE_FILE_DATA32;
+#endif
-#define FsRtlEnterFileSystem KeEnterCriticalRegion
+#endif /* (_WIN32_WINNT >= 0x0400) */
+
+#if (_WIN32_WINNT >= 0x0500)
+
+typedef struct _FIND_BY_SID_DATA {
+ ULONG Restart;
+ SID Sid;
+} FIND_BY_SID_DATA, *PFIND_BY_SID_DATA;
+
+typedef struct _FIND_BY_SID_OUTPUT {
+ ULONG NextEntryOffset;
+ ULONG FileIndex;
+ ULONG FileNameLength;
+ WCHAR FileName[1];
+} FIND_BY_SID_OUTPUT, *PFIND_BY_SID_OUTPUT;
+
+typedef struct _MFT_ENUM_DATA {
+ ULONGLONG StartFileReferenceNumber;
+ USN LowUsn;
+ USN HighUsn;
+} MFT_ENUM_DATA, *PMFT_ENUM_DATA;
+
+typedef struct _CREATE_USN_JOURNAL_DATA {
+ ULONGLONG MaximumSize;
+ ULONGLONG AllocationDelta;
+} CREATE_USN_JOURNAL_DATA, *PCREATE_USN_JOURNAL_DATA;
+
+typedef struct _READ_USN_JOURNAL_DATA {
+ USN StartUsn;
+ ULONG ReasonMask;
+ ULONG ReturnOnlyOnClose;
+ ULONGLONG Timeout;
+ ULONGLONG BytesToWaitFor;
+ ULONGLONG UsnJournalID;
+} READ_USN_JOURNAL_DATA, *PREAD_USN_JOURNAL_DATA;
+
+typedef struct _USN_RECORD {
+ ULONG RecordLength;
+ USHORT MajorVersion;
+ USHORT MinorVersion;
+ ULONGLONG FileReferenceNumber;
+ ULONGLONG ParentFileReferenceNumber;
+ USN Usn;
+ LARGE_INTEGER TimeStamp;
+ ULONG Reason;
+ ULONG SourceInfo;
+ ULONG SecurityId;
+ ULONG FileAttributes;
+ USHORT FileNameLength;
+ USHORT FileNameOffset;
+ WCHAR FileName[1];
+} USN_RECORD, *PUSN_RECORD;
+
+#define USN_PAGE_SIZE (0x1000)
+
+#define USN_REASON_DATA_OVERWRITE (0x00000001)
+#define USN_REASON_DATA_EXTEND (0x00000002)
+#define USN_REASON_DATA_TRUNCATION (0x00000004)
+#define USN_REASON_NAMED_DATA_OVERWRITE (0x00000010)
+#define USN_REASON_NAMED_DATA_EXTEND (0x00000020)
+#define USN_REASON_NAMED_DATA_TRUNCATION (0x00000040)
+#define USN_REASON_FILE_CREATE (0x00000100)
+#define USN_REASON_FILE_DELETE (0x00000200)
+#define USN_REASON_EA_CHANGE (0x00000400)
+#define USN_REASON_SECURITY_CHANGE (0x00000800)
+#define USN_REASON_RENAME_OLD_NAME (0x00001000)
+#define USN_REASON_RENAME_NEW_NAME (0x00002000)
+#define USN_REASON_INDEXABLE_CHANGE (0x00004000)
+#define USN_REASON_BASIC_INFO_CHANGE (0x00008000)
+#define USN_REASON_HARD_LINK_CHANGE (0x00010000)
+#define USN_REASON_COMPRESSION_CHANGE (0x00020000)
+#define USN_REASON_ENCRYPTION_CHANGE (0x00040000)
+#define USN_REASON_OBJECT_ID_CHANGE (0x00080000)
+#define USN_REASON_REPARSE_POINT_CHANGE (0x00100000)
+#define USN_REASON_STREAM_CHANGE (0x00200000)
+#define USN_REASON_TRANSACTED_CHANGE (0x00400000)
+#define USN_REASON_CLOSE (0x80000000)
+
+typedef struct _USN_JOURNAL_DATA {
+ ULONGLONG UsnJournalID;
+ USN FirstUsn;
+ USN NextUsn;
+ USN LowestValidUsn;
+ USN MaxUsn;
+ ULONGLONG MaximumSize;
+ ULONGLONG AllocationDelta;
+} USN_JOURNAL_DATA, *PUSN_JOURNAL_DATA;
+
+typedef struct _DELETE_USN_JOURNAL_DATA {
+ ULONGLONG UsnJournalID;
+ ULONG DeleteFlags;
+} DELETE_USN_JOURNAL_DATA, *PDELETE_USN_JOURNAL_DATA;
+
+#define USN_DELETE_FLAG_DELETE (0x00000001)
+#define USN_DELETE_FLAG_NOTIFY (0x00000002)
+#define USN_DELETE_VALID_FLAGS (0x00000003)
+
+typedef struct _MARK_HANDLE_INFO {
+ ULONG UsnSourceInfo;
+ HANDLE VolumeHandle;
+ ULONG HandleInfo;
+} MARK_HANDLE_INFO, *PMARK_HANDLE_INFO;
+
+#if defined(_WIN64)
+typedef struct _MARK_HANDLE_INFO32 {
+ ULONG UsnSourceInfo;
+ UINT32 VolumeHandle;
+ ULONG HandleInfo;
+} MARK_HANDLE_INFO32, *PMARK_HANDLE_INFO32;
+#endif
-#define FsRtlExitFileSystem KeLeaveCriticalRegion
+#define USN_SOURCE_DATA_MANAGEMENT (0x00000001)
+#define USN_SOURCE_AUXILIARY_DATA (0x00000002)
+#define USN_SOURCE_REPLICATION_MANAGEMENT (0x00000004)
+
+#define MARK_HANDLE_PROTECT_CLUSTERS (0x00000001)
+#define MARK_HANDLE_TXF_SYSTEM_LOG (0x00000004)
+#define MARK_HANDLE_NOT_TXF_SYSTEM_LOG (0x00000008)
+
+typedef struct _BULK_SECURITY_TEST_DATA {
+ ACCESS_MASK DesiredAccess;
+ ULONG SecurityIds[1];
+} BULK_SECURITY_TEST_DATA, *PBULK_SECURITY_TEST_DATA;
+
+#define VOLUME_IS_DIRTY (0x00000001)
+#define VOLUME_UPGRADE_SCHEDULED (0x00000002)
+#define VOLUME_SESSION_OPEN (0x00000004)
+
+typedef struct _FILE_PREFETCH {
+ ULONG Type;
+ ULONG Count;
+ ULONGLONG Prefetch[1];
+} FILE_PREFETCH, *PFILE_PREFETCH;
+
+typedef struct _FILE_PREFETCH_EX {
+ ULONG Type;
+ ULONG Count;
+ PVOID Context;
+ ULONGLONG Prefetch[1];
+} FILE_PREFETCH_EX, *PFILE_PREFETCH_EX;
+
+#define FILE_PREFETCH_TYPE_FOR_CREATE 0x1
+#define FILE_PREFETCH_TYPE_FOR_DIRENUM 0x2
+#define FILE_PREFETCH_TYPE_FOR_CREATE_EX 0x3
+#define FILE_PREFETCH_TYPE_FOR_DIRENUM_EX 0x4
+
+#define FILE_PREFETCH_TYPE_MAX 0x4
+
+typedef struct _FILE_OBJECTID_BUFFER {
+ UCHAR ObjectId[16];
+ union {
+ struct {
+ UCHAR BirthVolumeId[16];
+ UCHAR BirthObjectId[16];
+ UCHAR DomainId[16];
+ } DUMMYSTRUCTNAME;
+ UCHAR ExtendedInfo[48];
+ } DUMMYUNIONNAME;
+} FILE_OBJECTID_BUFFER, *PFILE_OBJECTID_BUFFER;
-NTKERNELAPI
-BOOLEAN
-NTAPI
-FsRtlFastCheckLockForRead (
- IN PFILE_LOCK FileLock,
- IN PLARGE_INTEGER FileOffset,
- IN PLARGE_INTEGER Length,
- IN ULONG Key,
- IN PFILE_OBJECT FileObject,
- IN PVOID Process
-);
+typedef struct _FILE_SET_SPARSE_BUFFER {
+ BOOLEAN SetSparse;
+} FILE_SET_SPARSE_BUFFER, *PFILE_SET_SPARSE_BUFFER;
-NTKERNELAPI
-BOOLEAN
-NTAPI
-FsRtlFastCheckLockForWrite (
- IN PFILE_LOCK FileLock,
- IN PLARGE_INTEGER FileOffset,
- IN PLARGE_INTEGER Length,
- IN ULONG Key,
- IN PFILE_OBJECT FileObject,
- IN PVOID Process
-);
+typedef struct _FILE_ZERO_DATA_INFORMATION {
+ LARGE_INTEGER FileOffset;
+ LARGE_INTEGER BeyondFinalZero;
+} FILE_ZERO_DATA_INFORMATION, *PFILE_ZERO_DATA_INFORMATION;
-#define FsRtlFastLock(A1, A2, A3, A4, A5, A6, A7, A8, A9, A10, A11) ( \
- FsRtlPrivateLock(A1, A2, A3, A4, A5, A6, A7, A8, A9, NULL, A10, A11) \
-)
+typedef struct _FILE_ALLOCATED_RANGE_BUFFER {
+ LARGE_INTEGER FileOffset;
+ LARGE_INTEGER Length;
+} FILE_ALLOCATED_RANGE_BUFFER, *PFILE_ALLOCATED_RANGE_BUFFER;
-NTKERNELAPI
-NTSTATUS
-NTAPI
-FsRtlFastUnlockAll (
- IN PFILE_LOCK FileLock,
- IN PFILE_OBJECT FileObject,
- IN PEPROCESS Process,
- IN PVOID Context OPTIONAL
-);
-/* ret: STATUS_RANGE_NOT_LOCKED */
+typedef struct _ENCRYPTION_BUFFER {
+ ULONG EncryptionOperation;
+ UCHAR Private[1];
+} ENCRYPTION_BUFFER, *PENCRYPTION_BUFFER;
+
+#define FILE_SET_ENCRYPTION 0x00000001
+#define FILE_CLEAR_ENCRYPTION 0x00000002
+#define STREAM_SET_ENCRYPTION 0x00000003
+#define STREAM_CLEAR_ENCRYPTION 0x00000004
+
+#define MAXIMUM_ENCRYPTION_VALUE 0x00000004
+
+typedef struct _DECRYPTION_STATUS_BUFFER {
+ BOOLEAN NoEncryptedStreams;
+} DECRYPTION_STATUS_BUFFER, *PDECRYPTION_STATUS_BUFFER;
+
+#define ENCRYPTION_FORMAT_DEFAULT (0x01)
+
+#define COMPRESSION_FORMAT_SPARSE (0x4000)
+
+typedef struct _REQUEST_RAW_ENCRYPTED_DATA {
+ LONGLONG FileOffset;
+ ULONG Length;
+} REQUEST_RAW_ENCRYPTED_DATA, *PREQUEST_RAW_ENCRYPTED_DATA;
+
+typedef struct _ENCRYPTED_DATA_INFO {
+ ULONGLONG StartingFileOffset;
+ ULONG OutputBufferOffset;
+ ULONG BytesWithinFileSize;
+ ULONG BytesWithinValidDataLength;
+ USHORT CompressionFormat;
+ UCHAR DataUnitShift;
+ UCHAR ChunkShift;
+ UCHAR ClusterShift;
+ UCHAR EncryptionFormat;
+ USHORT NumberOfDataBlocks;
+ ULONG DataBlockSize[ANYSIZE_ARRAY];
+} ENCRYPTED_DATA_INFO, *PENCRYPTED_DATA_INFO;
+
+typedef struct _PLEX_READ_DATA_REQUEST {
+ LARGE_INTEGER ByteOffset;
+ ULONG ByteLength;
+ ULONG PlexNumber;
+} PLEX_READ_DATA_REQUEST, *PPLEX_READ_DATA_REQUEST;
+
+typedef struct _SI_COPYFILE {
+ ULONG SourceFileNameLength;
+ ULONG DestinationFileNameLength;
+ ULONG Flags;
+ WCHAR FileNameBuffer[1];
+} SI_COPYFILE, *PSI_COPYFILE;
+
+#define COPYFILE_SIS_LINK 0x0001
+#define COPYFILE_SIS_REPLACE 0x0002
+#define COPYFILE_SIS_FLAGS 0x0003
+
+#endif /* (_WIN32_WINNT >= 0x0500) */
+
+#if (_WIN32_WINNT >= 0x0600)
+
+typedef struct _FILE_MAKE_COMPATIBLE_BUFFER {
+ BOOLEAN CloseDisc;
+} FILE_MAKE_COMPATIBLE_BUFFER, *PFILE_MAKE_COMPATIBLE_BUFFER;
+
+typedef struct _FILE_SET_DEFECT_MGMT_BUFFER {
+ BOOLEAN Disable;
+} FILE_SET_DEFECT_MGMT_BUFFER, *PFILE_SET_DEFECT_MGMT_BUFFER;
+
+typedef struct _FILE_QUERY_SPARING_BUFFER {
+ ULONG SparingUnitBytes;
+ BOOLEAN SoftwareSparing;
+ ULONG TotalSpareBlocks;
+ ULONG FreeSpareBlocks;
+} FILE_QUERY_SPARING_BUFFER, *PFILE_QUERY_SPARING_BUFFER;
+
+typedef struct _FILE_QUERY_ON_DISK_VOL_INFO_BUFFER {
+ LARGE_INTEGER DirectoryCount;
+ LARGE_INTEGER FileCount;
+ USHORT FsFormatMajVersion;
+ USHORT FsFormatMinVersion;
+ WCHAR FsFormatName[12];
+ LARGE_INTEGER FormatTime;
+ LARGE_INTEGER LastUpdateTime;
+ WCHAR CopyrightInfo[34];
+ WCHAR AbstractInfo[34];
+ WCHAR FormattingImplementationInfo[34];
+ WCHAR LastModifyingImplementationInfo[34];
+} FILE_QUERY_ON_DISK_VOL_INFO_BUFFER, *PFILE_QUERY_ON_DISK_VOL_INFO_BUFFER;
+
+#define SET_REPAIR_ENABLED (0x00000001)
+#define SET_REPAIR_VOLUME_BITMAP_SCAN (0x00000002)
+#define SET_REPAIR_DELETE_CROSSLINK (0x00000004)
+#define SET_REPAIR_WARN_ABOUT_DATA_LOSS (0x00000008)
+#define SET_REPAIR_DISABLED_AND_BUGCHECK_ON_CORRUPT (0x00000010)
+#define SET_REPAIR_VALID_MASK (0x0000001F)
+
+typedef enum _SHRINK_VOLUME_REQUEST_TYPES {
+ ShrinkPrepare = 1,
+ ShrinkCommit,
+ ShrinkAbort
+} SHRINK_VOLUME_REQUEST_TYPES, *PSHRINK_VOLUME_REQUEST_TYPES;
+
+typedef struct _SHRINK_VOLUME_INFORMATION {
+ SHRINK_VOLUME_REQUEST_TYPES ShrinkRequestType;
+ ULONGLONG Flags;
+ LONGLONG NewNumberOfSectors;
+} SHRINK_VOLUME_INFORMATION, *PSHRINK_VOLUME_INFORMATION;
+
+#define TXFS_RM_FLAG_LOGGING_MODE 0x00000001
+#define TXFS_RM_FLAG_RENAME_RM 0x00000002
+#define TXFS_RM_FLAG_LOG_CONTAINER_COUNT_MAX 0x00000004
+#define TXFS_RM_FLAG_LOG_CONTAINER_COUNT_MIN 0x00000008
+#define TXFS_RM_FLAG_LOG_GROWTH_INCREMENT_NUM_CONTAINERS 0x00000010
+#define TXFS_RM_FLAG_LOG_GROWTH_INCREMENT_PERCENT 0x00000020
+#define TXFS_RM_FLAG_LOG_AUTO_SHRINK_PERCENTAGE 0x00000040
+#define TXFS_RM_FLAG_LOG_NO_CONTAINER_COUNT_MAX 0x00000080
+#define TXFS_RM_FLAG_LOG_NO_CONTAINER_COUNT_MIN 0x00000100
+#define TXFS_RM_FLAG_GROW_LOG 0x00000400
+#define TXFS_RM_FLAG_SHRINK_LOG 0x00000800
+#define TXFS_RM_FLAG_ENFORCE_MINIMUM_SIZE 0x00001000
+#define TXFS_RM_FLAG_PRESERVE_CHANGES 0x00002000
+#define TXFS_RM_FLAG_RESET_RM_AT_NEXT_START 0x00004000
+#define TXFS_RM_FLAG_DO_NOT_RESET_RM_AT_NEXT_START 0x00008000
+#define TXFS_RM_FLAG_PREFER_CONSISTENCY 0x00010000
+#define TXFS_RM_FLAG_PREFER_AVAILABILITY 0x00020000
+
+#define TXFS_LOGGING_MODE_SIMPLE (0x0001)
+#define TXFS_LOGGING_MODE_FULL (0x0002)
+
+#define TXFS_TRANSACTION_STATE_NONE 0x00
+#define TXFS_TRANSACTION_STATE_ACTIVE 0x01
+#define TXFS_TRANSACTION_STATE_PREPARED 0x02
+#define TXFS_TRANSACTION_STATE_NOTACTIVE 0x03
+
+#define TXFS_MODIFY_RM_VALID_FLAGS \
+ (TXFS_RM_FLAG_LOGGING_MODE | \
+ TXFS_RM_FLAG_RENAME_RM | \
+ TXFS_RM_FLAG_LOG_CONTAINER_COUNT_MAX | \
+ TXFS_RM_FLAG_LOG_CONTAINER_COUNT_MIN | \
+ TXFS_RM_FLAG_LOG_GROWTH_INCREMENT_NUM_CONTAINERS | \
+ TXFS_RM_FLAG_LOG_GROWTH_INCREMENT_PERCENT | \
+ TXFS_RM_FLAG_LOG_AUTO_SHRINK_PERCENTAGE | \
+ TXFS_RM_FLAG_LOG_NO_CONTAINER_COUNT_MAX | \
+ TXFS_RM_FLAG_LOG_NO_CONTAINER_COUNT_MIN | \
+ TXFS_RM_FLAG_SHRINK_LOG | \
+ TXFS_RM_FLAG_GROW_LOG | \
+ TXFS_RM_FLAG_ENFORCE_MINIMUM_SIZE | \
+ TXFS_RM_FLAG_PRESERVE_CHANGES | \
+ TXFS_RM_FLAG_RESET_RM_AT_NEXT_START | \
+ TXFS_RM_FLAG_DO_NOT_RESET_RM_AT_NEXT_START | \
+ TXFS_RM_FLAG_PREFER_CONSISTENCY | \
+ TXFS_RM_FLAG_PREFER_AVAILABILITY)
+
+typedef struct _TXFS_MODIFY_RM {
+ ULONG Flags;
+ ULONG LogContainerCountMax;
+ ULONG LogContainerCountMin;
+ ULONG LogContainerCount;
+ ULONG LogGrowthIncrement;
+ ULONG LogAutoShrinkPercentage;
+ ULONGLONG Reserved;
+ USHORT LoggingMode;
+} TXFS_MODIFY_RM, *PTXFS_MODIFY_RM;
+
+#define TXFS_RM_STATE_NOT_STARTED 0
+#define TXFS_RM_STATE_STARTING 1
+#define TXFS_RM_STATE_ACTIVE 2
+#define TXFS_RM_STATE_SHUTTING_DOWN 3
+
+#define TXFS_QUERY_RM_INFORMATION_VALID_FLAGS \
+ (TXFS_RM_FLAG_LOG_GROWTH_INCREMENT_NUM_CONTAINERS | \
+ TXFS_RM_FLAG_LOG_GROWTH_INCREMENT_PERCENT | \
+ TXFS_RM_FLAG_LOG_NO_CONTAINER_COUNT_MAX | \
+ TXFS_RM_FLAG_LOG_NO_CONTAINER_COUNT_MIN | \
+ TXFS_RM_FLAG_RESET_RM_AT_NEXT_START | \
+ TXFS_RM_FLAG_DO_NOT_RESET_RM_AT_NEXT_START | \
+ TXFS_RM_FLAG_PREFER_CONSISTENCY | \
+ TXFS_RM_FLAG_PREFER_AVAILABILITY)
+
+typedef struct _TXFS_QUERY_RM_INFORMATION {
+ ULONG BytesRequired;
+ ULONGLONG TailLsn;
+ ULONGLONG CurrentLsn;
+ ULONGLONG ArchiveTailLsn;
+ ULONGLONG LogContainerSize;
+ LARGE_INTEGER HighestVirtualClock;
+ ULONG LogContainerCount;
+ ULONG LogContainerCountMax;
+ ULONG LogContainerCountMin;
+ ULONG LogGrowthIncrement;
+ ULONG LogAutoShrinkPercentage;
+ ULONG Flags;
+ USHORT LoggingMode;
+ USHORT Reserved;
+ ULONG RmState;
+ ULONGLONG LogCapacity;
+ ULONGLONG LogFree;
+ ULONGLONG TopsSize;
+ ULONGLONG TopsUsed;
+ ULONGLONG TransactionCount;
+ ULONGLONG OnePCCount;
+ ULONGLONG TwoPCCount;
+ ULONGLONG NumberLogFileFull;
+ ULONGLONG OldestTransactionAge;
+ GUID RMName;
+ ULONG TmLogPathOffset;
+} TXFS_QUERY_RM_INFORMATION, *PTXFS_QUERY_RM_INFORMATION;
+
+#define TXFS_ROLLFORWARD_REDO_FLAG_USE_LAST_REDO_LSN 0x01
+#define TXFS_ROLLFORWARD_REDO_FLAG_USE_LAST_VIRTUAL_CLOCK 0x02
+
+#define TXFS_ROLLFORWARD_REDO_VALID_FLAGS \
+ (TXFS_ROLLFORWARD_REDO_FLAG_USE_LAST_REDO_LSN | \
+ TXFS_ROLLFORWARD_REDO_FLAG_USE_LAST_VIRTUAL_CLOCK)
+
+typedef struct _TXFS_ROLLFORWARD_REDO_INFORMATION {
+ LARGE_INTEGER LastVirtualClock;
+ ULONGLONG LastRedoLsn;
+ ULONGLONG HighestRecoveryLsn;
+ ULONG Flags;
+} TXFS_ROLLFORWARD_REDO_INFORMATION, *PTXFS_ROLLFORWARD_REDO_INFORMATION;
+
+#define TXFS_START_RM_FLAG_LOG_CONTAINER_COUNT_MAX 0x00000001
+#define TXFS_START_RM_FLAG_LOG_CONTAINER_COUNT_MIN 0x00000002
+#define TXFS_START_RM_FLAG_LOG_CONTAINER_SIZE 0x00000004
+#define TXFS_START_RM_FLAG_LOG_GROWTH_INCREMENT_NUM_CONTAINERS 0x00000008
+#define TXFS_START_RM_FLAG_LOG_GROWTH_INCREMENT_PERCENT 0x00000010
+#define TXFS_START_RM_FLAG_LOG_AUTO_SHRINK_PERCENTAGE 0x00000020
+#define TXFS_START_RM_FLAG_LOG_NO_CONTAINER_COUNT_MAX 0x00000040
+#define TXFS_START_RM_FLAG_LOG_NO_CONTAINER_COUNT_MIN 0x00000080
+
+#define TXFS_START_RM_FLAG_RECOVER_BEST_EFFORT 0x00000200
+#define TXFS_START_RM_FLAG_LOGGING_MODE 0x00000400
+#define TXFS_START_RM_FLAG_PRESERVE_CHANGES 0x00000800
+
+#define TXFS_START_RM_FLAG_PREFER_CONSISTENCY 0x00001000
+#define TXFS_START_RM_FLAG_PREFER_AVAILABILITY 0x00002000
+
+#define TXFS_START_RM_VALID_FLAGS \
+ (TXFS_START_RM_FLAG_LOG_CONTAINER_COUNT_MAX | \
+ TXFS_START_RM_FLAG_LOG_CONTAINER_COUNT_MIN | \
+ TXFS_START_RM_FLAG_LOG_CONTAINER_SIZE | \
+ TXFS_START_RM_FLAG_LOG_GROWTH_INCREMENT_NUM_CONTAINERS | \
+ TXFS_START_RM_FLAG_LOG_GROWTH_INCREMENT_PERCENT | \
+ TXFS_START_RM_FLAG_LOG_AUTO_SHRINK_PERCENTAGE | \
+ TXFS_START_RM_FLAG_RECOVER_BEST_EFFORT | \
+ TXFS_START_RM_FLAG_LOG_NO_CONTAINER_COUNT_MAX | \
+ TXFS_START_RM_FLAG_LOGGING_MODE | \
+ TXFS_START_RM_FLAG_PRESERVE_CHANGES | \
+ TXFS_START_RM_FLAG_PREFER_CONSISTENCY | \
+ TXFS_START_RM_FLAG_PREFER_AVAILABILITY)
+
+typedef struct _TXFS_START_RM_INFORMATION {
+ ULONG Flags;
+ ULONGLONG LogContainerSize;
+ ULONG LogContainerCountMin;
+ ULONG LogContainerCountMax;
+ ULONG LogGrowthIncrement;
+ ULONG LogAutoShrinkPercentage;
+ ULONG TmLogPathOffset;
+ USHORT TmLogPathLength;
+ USHORT LoggingMode;
+ USHORT LogPathLength;
+ USHORT Reserved;
+ WCHAR LogPath[1];
+} TXFS_START_RM_INFORMATION, *PTXFS_START_RM_INFORMATION;
+
+typedef struct _TXFS_GET_METADATA_INFO_OUT {
+ struct {
+ LONGLONG LowPart;
+ LONGLONG HighPart;
+ } TxfFileId;
+ GUID LockingTransaction;
+ ULONGLONG LastLsn;
+ ULONG TransactionState;
+} TXFS_GET_METADATA_INFO_OUT, *PTXFS_GET_METADATA_INFO_OUT;
+
+#define TXFS_LIST_TRANSACTION_LOCKED_FILES_ENTRY_FLAG_CREATED 0x00000001
+#define TXFS_LIST_TRANSACTION_LOCKED_FILES_ENTRY_FLAG_DELETED 0x00000002
+
+typedef struct _TXFS_LIST_TRANSACTION_LOCKED_FILES_ENTRY {
+ ULONGLONG Offset;
+ ULONG NameFlags;
+ LONGLONG FileId;
+ ULONG Reserved1;
+ ULONG Reserved2;
+ LONGLONG Reserved3;
+ WCHAR FileName[1];
+} TXFS_LIST_TRANSACTION_LOCKED_FILES_ENTRY, *PTXFS_LIST_TRANSACTION_LOCKED_FILES_ENTRY;
+
+typedef struct _TXFS_LIST_TRANSACTION_LOCKED_FILES {
+ GUID KtmTransaction;
+ ULONGLONG NumberOfFiles;
+ ULONGLONG BufferSizeRequired;
+ ULONGLONG Offset;
+} TXFS_LIST_TRANSACTION_LOCKED_FILES, *PTXFS_LIST_TRANSACTION_LOCKED_FILES;
+
+typedef struct _TXFS_LIST_TRANSACTIONS_ENTRY {
+ GUID TransactionId;
+ ULONG TransactionState;
+ ULONG Reserved1;
+ ULONG Reserved2;
+ LONGLONG Reserved3;
+} TXFS_LIST_TRANSACTIONS_ENTRY, *PTXFS_LIST_TRANSACTIONS_ENTRY;
+
+typedef struct _TXFS_LIST_TRANSACTIONS {
+ ULONGLONG NumberOfTransactions;
+ ULONGLONG BufferSizeRequired;
+} TXFS_LIST_TRANSACTIONS, *PTXFS_LIST_TRANSACTIONS;
+
+typedef struct _TXFS_READ_BACKUP_INFORMATION_OUT {
+ union {
+ ULONG BufferLength;
+ UCHAR Buffer[1];
+ } DUMMYUNIONNAME;
+} TXFS_READ_BACKUP_INFORMATION_OUT, *PTXFS_READ_BACKUP_INFORMATION_OUT;
+
+typedef struct _TXFS_WRITE_BACKUP_INFORMATION {
+ UCHAR Buffer[1];
+} TXFS_WRITE_BACKUP_INFORMATION, *PTXFS_WRITE_BACKUP_INFORMATION;
+
+#define TXFS_TRANSACTED_VERSION_NONTRANSACTED 0xFFFFFFFE
+#define TXFS_TRANSACTED_VERSION_UNCOMMITTED 0xFFFFFFFF
+
+typedef struct _TXFS_GET_TRANSACTED_VERSION {
+ ULONG ThisBaseVersion;
+ ULONG LatestVersion;
+ USHORT ThisMiniVersion;
+ USHORT FirstMiniVersion;
+ USHORT LatestMiniVersion;
+} TXFS_GET_TRANSACTED_VERSION, *PTXFS_GET_TRANSACTED_VERSION;
+
+#define TXFS_SAVEPOINT_SET 0x00000001
+#define TXFS_SAVEPOINT_ROLLBACK 0x00000002
+#define TXFS_SAVEPOINT_CLEAR 0x00000004
+#define TXFS_SAVEPOINT_CLEAR_ALL 0x00000010
+
+typedef struct _TXFS_SAVEPOINT_INFORMATION {
+ HANDLE KtmTransaction;
+ ULONG ActionCode;
+ ULONG SavepointId;
+} TXFS_SAVEPOINT_INFORMATION, *PTXFS_SAVEPOINT_INFORMATION;
+
+typedef struct _TXFS_CREATE_MINIVERSION_INFO {
+ USHORT StructureVersion;
+ USHORT StructureLength;
+ ULONG BaseVersion;
+ USHORT MiniVersion;
+} TXFS_CREATE_MINIVERSION_INFO, *PTXFS_CREATE_MINIVERSION_INFO;
+
+typedef struct _TXFS_TRANSACTION_ACTIVE_INFO {
+ BOOLEAN TransactionsActiveAtSnapshot;
+} TXFS_TRANSACTION_ACTIVE_INFO, *PTXFS_TRANSACTION_ACTIVE_INFO;
+
+#endif /* (_WIN32_WINNT >= 0x0600) */
+
+#if (_WIN32_WINNT >= 0x0601)
+
+#define MARK_HANDLE_REALTIME (0x00000020)
+#define MARK_HANDLE_NOT_REALTIME (0x00000040)
+
+#define NO_8DOT3_NAME_PRESENT (0x00000001)
+#define REMOVED_8DOT3_NAME (0x00000002)
+
+#define PERSISTENT_VOLUME_STATE_SHORT_NAME_CREATION_DISABLED (0x00000001)
+
+typedef struct _BOOT_AREA_INFO {
+ ULONG BootSectorCount;
+ struct {
+ LARGE_INTEGER Offset;
+ } BootSectors[2];
+} BOOT_AREA_INFO, *PBOOT_AREA_INFO;
+
+typedef struct _RETRIEVAL_POINTER_BASE {
+ LARGE_INTEGER FileAreaOffset;
+} RETRIEVAL_POINTER_BASE, *PRETRIEVAL_POINTER_BASE;
+
+typedef struct _FILE_FS_PERSISTENT_VOLUME_INFORMATION {
+ ULONG VolumeFlags;
+ ULONG FlagMask;
+ ULONG Version;
+ ULONG Reserved;
+} FILE_FS_PERSISTENT_VOLUME_INFORMATION, *PFILE_FS_PERSISTENT_VOLUME_INFORMATION;
+
+typedef struct _FILE_SYSTEM_RECOGNITION_INFORMATION {
+ CHAR FileSystem[9];
+} FILE_SYSTEM_RECOGNITION_INFORMATION, *PFILE_SYSTEM_RECOGNITION_INFORMATION;
+
+#define OPLOCK_LEVEL_CACHE_READ (0x00000001)
+#define OPLOCK_LEVEL_CACHE_HANDLE (0x00000002)
+#define OPLOCK_LEVEL_CACHE_WRITE (0x00000004)
+
+#define REQUEST_OPLOCK_INPUT_FLAG_REQUEST (0x00000001)
+#define REQUEST_OPLOCK_INPUT_FLAG_ACK (0x00000002)
+#define REQUEST_OPLOCK_INPUT_FLAG_COMPLETE_ACK_ON_CLOSE (0x00000004)
+
+#define REQUEST_OPLOCK_CURRENT_VERSION 1
+
+typedef struct _REQUEST_OPLOCK_INPUT_BUFFER {
+ USHORT StructureVersion;
+ USHORT StructureLength;
+ ULONG RequestedOplockLevel;
+ ULONG Flags;
+} REQUEST_OPLOCK_INPUT_BUFFER, *PREQUEST_OPLOCK_INPUT_BUFFER;
+
+#define REQUEST_OPLOCK_OUTPUT_FLAG_ACK_REQUIRED (0x00000001)
+#define REQUEST_OPLOCK_OUTPUT_FLAG_MODES_PROVIDED (0x00000002)
+
+typedef struct _REQUEST_OPLOCK_OUTPUT_BUFFER {
+ USHORT StructureVersion;
+ USHORT StructureLength;
+ ULONG OriginalOplockLevel;
+ ULONG NewOplockLevel;
+ ULONG Flags;
+ ACCESS_MASK AccessMode;
+ USHORT ShareMode;
+} REQUEST_OPLOCK_OUTPUT_BUFFER, *PREQUEST_OPLOCK_OUTPUT_BUFFER;
+
+#define SD_GLOBAL_CHANGE_TYPE_MACHINE_SID 1
+
+typedef struct _SD_CHANGE_MACHINE_SID_INPUT {
+ USHORT CurrentMachineSIDOffset;
+ USHORT CurrentMachineSIDLength;
+ USHORT NewMachineSIDOffset;
+ USHORT NewMachineSIDLength;
+} SD_CHANGE_MACHINE_SID_INPUT, *PSD_CHANGE_MACHINE_SID_INPUT;
+
+typedef struct _SD_CHANGE_MACHINE_SID_OUTPUT {
+ ULONGLONG NumSDChangedSuccess;
+ ULONGLONG NumSDChangedFail;
+ ULONGLONG NumSDUnused;
+ ULONGLONG NumSDTotal;
+ ULONGLONG NumMftSDChangedSuccess;
+ ULONGLONG NumMftSDChangedFail;
+ ULONGLONG NumMftSDTotal;
+} SD_CHANGE_MACHINE_SID_OUTPUT, *PSD_CHANGE_MACHINE_SID_OUTPUT;
+
+typedef struct _SD_GLOBAL_CHANGE_INPUT {
+ ULONG Flags;
+ ULONG ChangeType;
+ union {
+ SD_CHANGE_MACHINE_SID_INPUT SdChange;
+ };
+} SD_GLOBAL_CHANGE_INPUT, *PSD_GLOBAL_CHANGE_INPUT;
+
+typedef struct _SD_GLOBAL_CHANGE_OUTPUT {
+ ULONG Flags;
+ ULONG ChangeType;
+ union {
+ SD_CHANGE_MACHINE_SID_OUTPUT SdChange;
+ };
+} SD_GLOBAL_CHANGE_OUTPUT, *PSD_GLOBAL_CHANGE_OUTPUT;
+
+#define ENCRYPTED_DATA_INFO_SPARSE_FILE 1
+
+typedef struct _EXTENDED_ENCRYPTED_DATA_INFO {
+ ULONG ExtendedCode;
+ ULONG Length;
+ ULONG Flags;
+ ULONG Reserved;
+} EXTENDED_ENCRYPTED_DATA_INFO, *PEXTENDED_ENCRYPTED_DATA_INFO;
+
+typedef struct _LOOKUP_STREAM_FROM_CLUSTER_INPUT {
+ ULONG Flags;
+ ULONG NumberOfClusters;
+ LARGE_INTEGER Cluster[1];
+} LOOKUP_STREAM_FROM_CLUSTER_INPUT, *PLOOKUP_STREAM_FROM_CLUSTER_INPUT;
+
+typedef struct _LOOKUP_STREAM_FROM_CLUSTER_OUTPUT {
+ ULONG Offset;
+ ULONG NumberOfMatches;
+ ULONG BufferSizeRequired;
+} LOOKUP_STREAM_FROM_CLUSTER_OUTPUT, *PLOOKUP_STREAM_FROM_CLUSTER_OUTPUT;
+
+#define LOOKUP_STREAM_FROM_CLUSTER_ENTRY_FLAG_PAGE_FILE 0x00000001
+#define LOOKUP_STREAM_FROM_CLUSTER_ENTRY_FLAG_DENY_DEFRAG_SET 0x00000002
+#define LOOKUP_STREAM_FROM_CLUSTER_ENTRY_FLAG_FS_SYSTEM_FILE 0x00000004
+#define LOOKUP_STREAM_FROM_CLUSTER_ENTRY_FLAG_TXF_SYSTEM_FILE 0x00000008
+
+#define LOOKUP_STREAM_FROM_CLUSTER_ENTRY_ATTRIBUTE_MASK 0xff000000
+#define LOOKUP_STREAM_FROM_CLUSTER_ENTRY_ATTRIBUTE_DATA 0x01000000
+#define LOOKUP_STREAM_FROM_CLUSTER_ENTRY_ATTRIBUTE_INDEX 0x02000000
+#define LOOKUP_STREAM_FROM_CLUSTER_ENTRY_ATTRIBUTE_SYSTEM 0x03000000
+
+typedef struct _LOOKUP_STREAM_FROM_CLUSTER_ENTRY {
+ ULONG OffsetToNext;
+ ULONG Flags;
+ LARGE_INTEGER Reserved;
+ LARGE_INTEGER Cluster;
+ WCHAR FileName[1];
+} LOOKUP_STREAM_FROM_CLUSTER_ENTRY, *PLOOKUP_STREAM_FROM_CLUSTER_ENTRY;
+
+typedef struct _FILE_TYPE_NOTIFICATION_INPUT {
+ ULONG Flags;
+ ULONG NumFileTypeIDs;
+ GUID FileTypeID[1];
+} FILE_TYPE_NOTIFICATION_INPUT, *PFILE_TYPE_NOTIFICATION_INPUT;
+
+#define FILE_TYPE_NOTIFICATION_FLAG_USAGE_BEGIN 0x00000001
+#define FILE_TYPE_NOTIFICATION_FLAG_USAGE_END 0x00000002
+
+DEFINE_GUID( FILE_TYPE_NOTIFICATION_GUID_PAGE_FILE, 0x0d0a64a1, 0x38fc, 0x4db8, 0x9f, 0xe7, 0x3f, 0x43, 0x52, 0xcd, 0x7c, 0x5c );
+DEFINE_GUID( FILE_TYPE_NOTIFICATION_GUID_HIBERNATION_FILE, 0xb7624d64, 0xb9a3, 0x4cf8, 0x80, 0x11, 0x5b, 0x86, 0xc9, 0x40, 0xe7, 0xb7 );
+DEFINE_GUID( FILE_TYPE_NOTIFICATION_GUID_CRASHDUMP_FILE, 0x9d453eb7, 0xd2a6, 0x4dbd, 0xa2, 0xe3, 0xfb, 0xd0, 0xed, 0x91, 0x09, 0xa9 );
+
+#ifndef _VIRTUAL_STORAGE_TYPE_DEFINED
+#define _VIRTUAL_STORAGE_TYPE_DEFINED
+typedef struct _VIRTUAL_STORAGE_TYPE {
+ ULONG DeviceId;
+ GUID VendorId;
+} VIRTUAL_STORAGE_TYPE, *PVIRTUAL_STORAGE_TYPE;
+#endif
+
+typedef struct _STORAGE_QUERY_DEPENDENT_VOLUME_REQUEST {
+ ULONG RequestLevel;
+ ULONG RequestFlags;
+} STORAGE_QUERY_DEPENDENT_VOLUME_REQUEST, *PSTORAGE_QUERY_DEPENDENT_VOLUME_REQUEST;
+
+#define QUERY_DEPENDENT_VOLUME_REQUEST_FLAG_HOST_VOLUMES 0x1
+#define QUERY_DEPENDENT_VOLUME_REQUEST_FLAG_GUEST_VOLUMES 0x2
+
+typedef struct _STORAGE_QUERY_DEPENDENT_VOLUME_LEV1_ENTRY {
+ ULONG EntryLength;
+ ULONG DependencyTypeFlags;
+ ULONG ProviderSpecificFlags;
+ VIRTUAL_STORAGE_TYPE VirtualStorageType;
+} STORAGE_QUERY_DEPENDENT_VOLUME_LEV1_ENTRY, *PSTORAGE_QUERY_DEPENDENT_VOLUME_LEV1_ENTRY;
+
+typedef struct _STORAGE_QUERY_DEPENDENT_VOLUME_LEV2_ENTRY {
+ ULONG EntryLength;
+ ULONG DependencyTypeFlags;
+ ULONG ProviderSpecificFlags;
+ VIRTUAL_STORAGE_TYPE VirtualStorageType;
+ ULONG AncestorLevel;
+ ULONG HostVolumeNameOffset;
+ ULONG HostVolumeNameSize;
+ ULONG DependentVolumeNameOffset;
+ ULONG DependentVolumeNameSize;
+ ULONG RelativePathOffset;
+ ULONG RelativePathSize;
+ ULONG DependentDeviceNameOffset;
+ ULONG DependentDeviceNameSize;
+} STORAGE_QUERY_DEPENDENT_VOLUME_LEV2_ENTRY, *PSTORAGE_QUERY_DEPENDENT_VOLUME_LEV2_ENTRY;
+
+typedef struct _STORAGE_QUERY_DEPENDENT_VOLUME_RESPONSE {
+ ULONG ResponseLevel;
+ ULONG NumberEntries;
+ union {
+ STORAGE_QUERY_DEPENDENT_VOLUME_LEV1_ENTRY Lev1Depends[];
+ STORAGE_QUERY_DEPENDENT_VOLUME_LEV2_ENTRY Lev2Depends[];
+ };
+} STORAGE_QUERY_DEPENDENT_VOLUME_RESPONSE, *PSTORAGE_QUERY_DEPENDENT_VOLUME_RESPONSE;
+
+#endif /* (_WIN32_WINNT >= 0x0601) */
+
+typedef struct _FILESYSTEM_STATISTICS {
+ USHORT FileSystemType;
+ USHORT Version;
+ ULONG SizeOfCompleteStructure;
+ ULONG UserFileReads;
+ ULONG UserFileReadBytes;
+ ULONG UserDiskReads;
+ ULONG UserFileWrites;
+ ULONG UserFileWriteBytes;
+ ULONG UserDiskWrites;
+ ULONG MetaDataReads;
+ ULONG MetaDataReadBytes;
+ ULONG MetaDataDiskReads;
+ ULONG MetaDataWrites;
+ ULONG MetaDataWriteBytes;
+ ULONG MetaDataDiskWrites;
+} FILESYSTEM_STATISTICS, *PFILESYSTEM_STATISTICS;
+
+#define FILESYSTEM_STATISTICS_TYPE_NTFS 1
+#define FILESYSTEM_STATISTICS_TYPE_FAT 2
+#define FILESYSTEM_STATISTICS_TYPE_EXFAT 3
+
+typedef struct _FAT_STATISTICS {
+ ULONG CreateHits;
+ ULONG SuccessfulCreates;
+ ULONG FailedCreates;
+ ULONG NonCachedReads;
+ ULONG NonCachedReadBytes;
+ ULONG NonCachedWrites;
+ ULONG NonCachedWriteBytes;
+ ULONG NonCachedDiskReads;
+ ULONG NonCachedDiskWrites;
+} FAT_STATISTICS, *PFAT_STATISTICS;
+
+typedef struct _EXFAT_STATISTICS {
+ ULONG CreateHits;
+ ULONG SuccessfulCreates;
+ ULONG FailedCreates;
+ ULONG NonCachedReads;
+ ULONG NonCachedReadBytes;
+ ULONG NonCachedWrites;
+ ULONG NonCachedWriteBytes;
+ ULONG NonCachedDiskReads;
+ ULONG NonCachedDiskWrites;
+} EXFAT_STATISTICS, *PEXFAT_STATISTICS;
+
+typedef struct _NTFS_STATISTICS {
+ ULONG LogFileFullExceptions;
+ ULONG OtherExceptions;
+ ULONG MftReads;
+ ULONG MftReadBytes;
+ ULONG MftWrites;
+ ULONG MftWriteBytes;
+ struct {
+ USHORT Write;
+ USHORT Create;
+ USHORT SetInfo;
+ USHORT Flush;
+ } MftWritesUserLevel;
+ USHORT MftWritesFlushForLogFileFull;
+ USHORT MftWritesLazyWriter;
+ USHORT MftWritesUserRequest;
+ ULONG Mft2Writes;
+ ULONG Mft2WriteBytes;
+ struct {
+ USHORT Write;
+ USHORT Create;
+ USHORT SetInfo;
+ USHORT Flush;
+ } Mft2WritesUserLevel;
+ USHORT Mft2WritesFlushForLogFileFull;
+ USHORT Mft2WritesLazyWriter;
+ USHORT Mft2WritesUserRequest;
+ ULONG RootIndexReads;
+ ULONG RootIndexReadBytes;
+ ULONG RootIndexWrites;
+ ULONG RootIndexWriteBytes;
+ ULONG BitmapReads;
+ ULONG BitmapReadBytes;
+ ULONG BitmapWrites;
+ ULONG BitmapWriteBytes;
+ USHORT BitmapWritesFlushForLogFileFull;
+ USHORT BitmapWritesLazyWriter;
+ USHORT BitmapWritesUserRequest;
+ struct {
+ USHORT Write;
+ USHORT Create;
+ USHORT SetInfo;
+ } BitmapWritesUserLevel;
+ ULONG MftBitmapReads;
+ ULONG MftBitmapReadBytes;
+ ULONG MftBitmapWrites;
+ ULONG MftBitmapWriteBytes;
+ USHORT MftBitmapWritesFlushForLogFileFull;
+ USHORT MftBitmapWritesLazyWriter;
+ USHORT MftBitmapWritesUserRequest;
+ struct {
+ USHORT Write;
+ USHORT Create;
+ USHORT SetInfo;
+ USHORT Flush;
+ } MftBitmapWritesUserLevel;
+ ULONG UserIndexReads;
+ ULONG UserIndexReadBytes;
+ ULONG UserIndexWrites;
+ ULONG UserIndexWriteBytes;
+ ULONG LogFileReads;
+ ULONG LogFileReadBytes;
+ ULONG LogFileWrites;
+ ULONG LogFileWriteBytes;
+ struct {
+ ULONG Calls;
+ ULONG Clusters;
+ ULONG Hints;
+ ULONG RunsReturned;
+ ULONG HintsHonored;
+ ULONG HintsClusters;
+ ULONG Cache;
+ ULONG CacheClusters;
+ ULONG CacheMiss;
+ ULONG CacheMissClusters;
+ } Allocate;
+} NTFS_STATISTICS, *PNTFS_STATISTICS;
+
+#endif // _FILESYSTEMFSCTL_
+
+#define SYMLINK_FLAG_RELATIVE 1
+
+typedef struct _REPARSE_DATA_BUFFER {
+ ULONG ReparseTag;
+ USHORT ReparseDataLength;
+ USHORT Reserved;
+ __GNU_EXTENSION union {
+ struct {
+ USHORT SubstituteNameOffset;
+ USHORT SubstituteNameLength;
+ USHORT PrintNameOffset;
+ USHORT PrintNameLength;
+ ULONG Flags;
+ WCHAR PathBuffer[1];
+ } SymbolicLinkReparseBuffer;
+ struct {
+ USHORT SubstituteNameOffset;
+ USHORT SubstituteNameLength;
+ USHORT PrintNameOffset;
+ USHORT PrintNameLength;
+ WCHAR PathBuffer[1];
+ } MountPointReparseBuffer;
+ struct {
+ UCHAR DataBuffer[1];
+ } GenericReparseBuffer;
+ };
+} REPARSE_DATA_BUFFER, *PREPARSE_DATA_BUFFER;
+
+#define REPARSE_DATA_BUFFER_HEADER_SIZE FIELD_OFFSET(REPARSE_DATA_BUFFER, GenericReparseBuffer)
+
+typedef struct _REPARSE_GUID_DATA_BUFFER {
+ ULONG ReparseTag;
+ USHORT ReparseDataLength;
+ USHORT Reserved;
+ GUID ReparseGuid;
+ struct {
+ UCHAR DataBuffer[1];
+ } GenericReparseBuffer;
+} REPARSE_GUID_DATA_BUFFER, *PREPARSE_GUID_DATA_BUFFER;
+
+#define REPARSE_GUID_DATA_BUFFER_HEADER_SIZE FIELD_OFFSET(REPARSE_GUID_DATA_BUFFER, GenericReparseBuffer)
+
+#define MAXIMUM_REPARSE_DATA_BUFFER_SIZE ( 16 * 1024 )
+
+/* Reserved reparse tags */
+#define IO_REPARSE_TAG_RESERVED_ZERO (0)
+#define IO_REPARSE_TAG_RESERVED_ONE (1)
+#define IO_REPARSE_TAG_RESERVED_RANGE IO_REPARSE_TAG_RESERVED_ONE
+
+#define IsReparseTagMicrosoft(_tag) (((_tag) & 0x80000000))
+#define IsReparseTagNameSurrogate(_tag) (((_tag) & 0x20000000))
+
+#define IO_REPARSE_TAG_VALID_VALUES (0xF000FFFF)
+
+#define IsReparseTagValid(tag) ( \
+ !((tag) & ~IO_REPARSE_TAG_VALID_VALUES) && \
+ ((tag) > IO_REPARSE_TAG_RESERVED_RANGE) \
+ )
+
+/* MicroSoft reparse point tags */
+#define IO_REPARSE_TAG_MOUNT_POINT (0xA0000003L)
+#define IO_REPARSE_TAG_HSM (0xC0000004L)
+#define IO_REPARSE_TAG_DRIVE_EXTENDER (0x80000005L)
+#define IO_REPARSE_TAG_HSM2 (0x80000006L)
+#define IO_REPARSE_TAG_SIS (0x80000007L)
+#define IO_REPARSE_TAG_WIM (0x80000008L)
+#define IO_REPARSE_TAG_CSV (0x80000009L)
+#define IO_REPARSE_TAG_DFS (0x8000000AL)
+#define IO_REPARSE_TAG_FILTER_MANAGER (0x8000000BL)
+#define IO_REPARSE_TAG_SYMLINK (0xA000000CL)
+#define IO_REPARSE_TAG_IIS_CACHE (0xA0000010L)
+#define IO_REPARSE_TAG_DFSR (0x80000012L)
+
+#pragma pack(4)
+typedef struct _REPARSE_INDEX_KEY {
+ ULONG FileReparseTag;
+ LARGE_INTEGER FileId;
+} REPARSE_INDEX_KEY, *PREPARSE_INDEX_KEY;
+#pragma pack()
+
+#define FSCTL_LMR_GET_LINK_TRACKING_INFORMATION CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM,58,METHOD_BUFFERED,FILE_ANY_ACCESS)
+#define FSCTL_LMR_SET_LINK_TRACKING_INFORMATION CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM,59,METHOD_BUFFERED,FILE_ANY_ACCESS)
+#define IOCTL_LMR_ARE_FILE_OBJECTS_ON_SAME_SERVER CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM,60,METHOD_BUFFERED,FILE_ANY_ACCESS)
+
+#define FSCTL_PIPE_ASSIGN_EVENT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 0, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_PIPE_DISCONNECT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 1, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_PIPE_LISTEN CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_PIPE_PEEK CTL_CODE(FILE_DEVICE_NAMED_PIPE, 3, METHOD_BUFFERED, FILE_READ_DATA)
+#define FSCTL_PIPE_QUERY_EVENT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 4, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_PIPE_TRANSCEIVE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 5, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA)
+#define FSCTL_PIPE_WAIT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 6, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_PIPE_IMPERSONATE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 7, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_PIPE_SET_CLIENT_PROCESS CTL_CODE(FILE_DEVICE_NAMED_PIPE, 8, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_PIPE_QUERY_CLIENT_PROCESS CTL_CODE(FILE_DEVICE_NAMED_PIPE, 9, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_PIPE_GET_PIPE_ATTRIBUTE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 10, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_PIPE_SET_PIPE_ATTRIBUTE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 11, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_PIPE_GET_CONNECTION_ATTRIBUTE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 12, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_PIPE_SET_CONNECTION_ATTRIBUTE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 13, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_PIPE_GET_HANDLE_ATTRIBUTE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 14, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_PIPE_SET_HANDLE_ATTRIBUTE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 15, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_PIPE_FLUSH CTL_CODE(FILE_DEVICE_NAMED_PIPE, 16, METHOD_BUFFERED, FILE_WRITE_DATA)
+
+#define FSCTL_PIPE_INTERNAL_READ CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2045, METHOD_BUFFERED, FILE_READ_DATA)
+#define FSCTL_PIPE_INTERNAL_WRITE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2046, METHOD_BUFFERED, FILE_WRITE_DATA)
+#define FSCTL_PIPE_INTERNAL_TRANSCEIVE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2047, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA)
+#define FSCTL_PIPE_INTERNAL_READ_OVFLOW CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2048, METHOD_BUFFERED, FILE_READ_DATA)
+
+#define FILE_PIPE_READ_DATA 0x00000000
+#define FILE_PIPE_WRITE_SPACE 0x00000001
+
+typedef struct _FILE_PIPE_ASSIGN_EVENT_BUFFER {
+ HANDLE EventHandle;
+ ULONG KeyValue;
+} FILE_PIPE_ASSIGN_EVENT_BUFFER, *PFILE_PIPE_ASSIGN_EVENT_BUFFER;
+
+typedef struct _FILE_PIPE_EVENT_BUFFER {
+ ULONG NamedPipeState;
+ ULONG EntryType;
+ ULONG ByteCount;
+ ULONG KeyValue;
+ ULONG NumberRequests;
+} FILE_PIPE_EVENT_BUFFER, *PFILE_PIPE_EVENT_BUFFER;
+
+typedef struct _FILE_PIPE_PEEK_BUFFER {
+ ULONG NamedPipeState;
+ ULONG ReadDataAvailable;
+ ULONG NumberOfMessages;
+ ULONG MessageLength;
+ CHAR Data[1];
+} FILE_PIPE_PEEK_BUFFER, *PFILE_PIPE_PEEK_BUFFER;
+
+typedef struct _FILE_PIPE_WAIT_FOR_BUFFER {
+ LARGE_INTEGER Timeout;
+ ULONG NameLength;
+ BOOLEAN TimeoutSpecified;
+ WCHAR Name[1];
+} FILE_PIPE_WAIT_FOR_BUFFER, *PFILE_PIPE_WAIT_FOR_BUFFER;
+
+typedef struct _FILE_PIPE_CLIENT_PROCESS_BUFFER {
+#if !defined(BUILD_WOW6432)
+ PVOID ClientSession;
+ PVOID ClientProcess;
+#else
+ ULONGLONG ClientSession;
+ ULONGLONG ClientProcess;
+#endif
+} FILE_PIPE_CLIENT_PROCESS_BUFFER, *PFILE_PIPE_CLIENT_PROCESS_BUFFER;
+
+#define FILE_PIPE_COMPUTER_NAME_LENGTH 15
+
+typedef struct _FILE_PIPE_CLIENT_PROCESS_BUFFER_EX {
+#if !defined(BUILD_WOW6432)
+ PVOID ClientSession;
+ PVOID ClientProcess;
+#else
+ ULONGLONG ClientSession;
+ ULONGLONG ClientProcess;
+#endif
+ USHORT ClientComputerNameLength;
+ WCHAR ClientComputerBuffer[FILE_PIPE_COMPUTER_NAME_LENGTH+1];
+} FILE_PIPE_CLIENT_PROCESS_BUFFER_EX, *PFILE_PIPE_CLIENT_PROCESS_BUFFER_EX;
+
+#define FSCTL_MAILSLOT_PEEK CTL_CODE(FILE_DEVICE_MAILSLOT, 0, METHOD_NEITHER, FILE_READ_DATA)
+
+typedef enum _LINK_TRACKING_INFORMATION_TYPE {
+ NtfsLinkTrackingInformation,
+ DfsLinkTrackingInformation
+} LINK_TRACKING_INFORMATION_TYPE, *PLINK_TRACKING_INFORMATION_TYPE;
+
+typedef struct _LINK_TRACKING_INFORMATION {
+ LINK_TRACKING_INFORMATION_TYPE Type;
+ UCHAR VolumeId[16];
+} LINK_TRACKING_INFORMATION, *PLINK_TRACKING_INFORMATION;
+
+typedef struct _REMOTE_LINK_TRACKING_INFORMATION {
+ PVOID TargetFileObject;
+ ULONG TargetLinkTrackingInformationLength;
+ UCHAR TargetLinkTrackingInformationBuffer[1];
+} REMOTE_LINK_TRACKING_INFORMATION, *PREMOTE_LINK_TRACKING_INFORMATION;
+
+typedef struct _PUBLIC_OBJECT_BASIC_INFORMATION {
+ ULONG Attributes;
+ ACCESS_MASK GrantedAccess;
+ ULONG HandleCount;
+ ULONG PointerCount;
+ ULONG Reserved[10];
+} PUBLIC_OBJECT_BASIC_INFORMATION, *PPUBLIC_OBJECT_BASIC_INFORMATION;
+
+typedef struct _PUBLIC_OBJECT_TYPE_INFORMATION {
+ UNICODE_STRING TypeName;
+ ULONG Reserved [22];
+} PUBLIC_OBJECT_TYPE_INFORMATION, *PPUBLIC_OBJECT_TYPE_INFORMATION;
+
+typedef struct _SECURITY_CLIENT_CONTEXT {
+ SECURITY_QUALITY_OF_SERVICE SecurityQos;
+ PACCESS_TOKEN ClientToken;
+ BOOLEAN DirectlyAccessClientToken;
+ BOOLEAN DirectAccessEffectiveOnly;
+ BOOLEAN ServerIsRemote;
+ TOKEN_CONTROL ClientTokenControl;
+} SECURITY_CLIENT_CONTEXT, *PSECURITY_CLIENT_CONTEXT;
+
+#define SYSTEM_PAGE_PRIORITY_BITS 3
+#define SYSTEM_PAGE_PRIORITY_LEVELS (1 << SYSTEM_PAGE_PRIORITY_BITS)
+
+typedef struct _KAPC_STATE {
+ LIST_ENTRY ApcListHead[MaximumMode];
+ PKPROCESS Process;
+ BOOLEAN KernelApcInProgress;
+ BOOLEAN KernelApcPending;
+ BOOLEAN UserApcPending;
+} KAPC_STATE, *PKAPC_STATE, *RESTRICTED_POINTER PRKAPC_STATE;
+
+#define KAPC_STATE_ACTUAL_LENGTH (FIELD_OFFSET(KAPC_STATE, UserApcPending) + sizeof(BOOLEAN))
+
+typedef struct _KQUEUE {
+ DISPATCHER_HEADER Header;
+ LIST_ENTRY EntryListHead;
+ volatile ULONG CurrentCount;
+ ULONG MaximumCount;
+ LIST_ENTRY ThreadListHead;
+} KQUEUE, *PKQUEUE, *RESTRICTED_POINTER PRKQUEUE;
+
+#if (NTDDI_VERSION >= NTDDI_WIN2K)
NTKERNELAPI
-NTSTATUS
+VOID
NTAPI
-FsRtlFastUnlockAllByKey (
- IN PFILE_LOCK FileLock,
- IN PFILE_OBJECT FileObject,
- IN PEPROCESS Process,
- IN ULONG Key,
- IN PVOID Context OPTIONAL
-);
-/* ret: STATUS_RANGE_NOT_LOCKED */
+KeInitializeMutant(
+ OUT PRKMUTANT Mutant,
+ IN BOOLEAN InitialOwner);
NTKERNELAPI
-NTSTATUS
+LONG
NTAPI
-FsRtlFastUnlockSingle (
- IN PFILE_LOCK FileLock,
- IN PFILE_OBJECT FileObject,
- IN PLARGE_INTEGER FileOffset,
- IN PLARGE_INTEGER Length,
- IN PEPROCESS Process,
- IN ULONG Key,
- IN PVOID Context OPTIONAL,
- IN BOOLEAN AlreadySynchronized
-);
-/* ret: STATUS_RANGE_NOT_LOCKED */
+KeReadStateMutant(
+ IN PRKMUTANT Mutant);
NTKERNELAPI
-BOOLEAN
+LONG
NTAPI
-FsRtlFindInTunnelCache (
- IN PTUNNEL Cache,
- IN ULONGLONG DirectoryKey,
- IN PUNICODE_STRING Name,
- OUT PUNICODE_STRING ShortName,
- OUT PUNICODE_STRING LongName,
- IN OUT PULONG DataLength,
- OUT PVOID Data
-);
-
-#if (VER_PRODUCTBUILD >= 2195)
+KeReleaseMutant(
+ IN OUT PRKMUTANT Mutant,
+ IN KPRIORITY Increment,
+ IN BOOLEAN Abandoned,
+ IN BOOLEAN Wait);
NTKERNELAPI
VOID
NTAPI
-FsRtlFreeFileLock (
- IN PFILE_LOCK FileLock
-);
-
-#endif /* (VER_PRODUCTBUILD >= 2195) */
+KeInitializeQueue(
+ OUT PRKQUEUE Queue,
+ IN ULONG Count);
NTKERNELAPI
-NTSTATUS
+LONG
NTAPI
-FsRtlGetFileSize (
- IN PFILE_OBJECT FileObject,
- IN OUT PLARGE_INTEGER FileSize
-);
+KeReadStateQueue(
+ IN PRKQUEUE Queue);
NTKERNELAPI
-BOOLEAN
+LONG
NTAPI
-FsRtlGetNextBaseMcbEntry (
- IN PBASE_MCB Mcb,
- IN ULONG RunIndex,
- OUT PLONGLONG Vbn,
- OUT PLONGLONG Lbn,
- OUT PLONGLONG SectorCount
-);
-
-/*
- FsRtlGetNextFileLock:
+KeInsertQueue(
+ IN OUT PRKQUEUE Queue,
+ IN OUT PLIST_ENTRY Entry);
- ret: NULL if no more locks
-
- Internals:
- FsRtlGetNextFileLock uses FileLock->LastReturnedLockInfo and
- FileLock->LastReturnedLock as storage.
- LastReturnedLock is a pointer to the 'raw' lock inkl. double linked
- list, and FsRtlGetNextFileLock needs this to get next lock on subsequent
- calls with Restart = FALSE.
-*/
NTKERNELAPI
-PFILE_LOCK_INFO
+LONG
NTAPI
-FsRtlGetNextFileLock (
- IN PFILE_LOCK FileLock,
- IN BOOLEAN Restart
-);
+KeInsertHeadQueue(
+ IN OUT PRKQUEUE Queue,
+ IN OUT PLIST_ENTRY Entry);
NTKERNELAPI
-BOOLEAN
+PLIST_ENTRY
NTAPI
-FsRtlGetNextLargeMcbEntry (
- IN PLARGE_MCB Mcb,
- IN ULONG RunIndex,
- OUT PLONGLONG Vbn,
- OUT PLONGLONG Lbn,
- OUT PLONGLONG SectorCount
-);
+KeRemoveQueue(
+ IN OUT PRKQUEUE Queue,
+ IN KPROCESSOR_MODE WaitMode,
+ IN PLARGE_INTEGER Timeout OPTIONAL);
NTKERNELAPI
-BOOLEAN
+VOID
NTAPI
-FsRtlGetNextMcbEntry (
- IN PMCB Mcb,
- IN ULONG RunIndex,
- OUT PVBN Vbn,
- OUT PLBN Lbn,
- OUT PULONG SectorCount
-);
-
-#define FsRtlGetPerStreamContextPointer(FO) ( \
- (PFSRTL_ADVANCED_FCB_HEADER)(FO)->FsContext \
-)
+KeAttachProcess(
+ IN OUT PKPROCESS Process);
NTKERNELAPI
VOID
NTAPI
-FsRtlInitializeBaseMcb (
- IN PBASE_MCB Mcb,
- IN POOL_TYPE PoolType
-);
+KeDetachProcess(
+ VOID);
NTKERNELAPI
-VOID
+PLIST_ENTRY
NTAPI
-FsRtlInitializeFileLock (
- IN PFILE_LOCK FileLock,
- IN PCOMPLETE_LOCK_IRP_ROUTINE CompleteLockIrpRoutine OPTIONAL,
- IN PUNLOCK_ROUTINE UnlockRoutine OPTIONAL
-);
+KeRundownQueue(
+ IN OUT PRKQUEUE Queue);
NTKERNELAPI
VOID
NTAPI
-FsRtlInitializeLargeMcb (
- IN PLARGE_MCB Mcb,
- IN POOL_TYPE PoolType
-);
+KeStackAttachProcess(
+ IN OUT PKPROCESS Process,
+ OUT PKAPC_STATE ApcState);
NTKERNELAPI
VOID
NTAPI
-FsRtlInitializeMcb (
- IN PMCB Mcb,
- IN POOL_TYPE PoolType
-);
+KeUnstackDetachProcess(
+ IN PKAPC_STATE ApcState);
NTKERNELAPI
-VOID
+UCHAR
NTAPI
-FsRtlInitializeOplock (
- IN OUT POPLOCK Oplock
-);
+KeSetIdealProcessorThread(
+ IN OUT PKTHREAD Thread,
+ IN UCHAR Processor);
NTKERNELAPI
-VOID
+BOOLEAN
NTAPI
-FsRtlInitializeTunnelCache (
- IN PTUNNEL Cache
-);
-
-#define FsRtlInitPerStreamContext(PSC, O, I, FC) ( \
- (PSC)->OwnerId = (O), \
- (PSC)->InstanceId = (I), \
- (PSC)->FreeCallback = (FC) \
-)
+KeSetKernelStackSwapEnable(
+ IN BOOLEAN Enable);
+#if defined(_X86_)
+NTHALAPI
+KIRQL
+FASTCALL
+KeAcquireSpinLockRaiseToSynch(
+ IN OUT PKSPIN_LOCK SpinLock);
+#else
NTKERNELAPI
-NTSTATUS
-NTAPI
-FsRtlInsertPerStreamContext (
- IN PFSRTL_ADVANCED_FCB_HEADER PerStreamContext,
- IN PFSRTL_PER_STREAM_CONTEXT Ptr
-);
+KIRQL
+KeAcquireSpinLockRaiseToSynch(
+ IN OUT PKSPIN_LOCK SpinLock);
+#endif
-#define FsRtlIsAnsiCharacterLegalFat(C, WILD) ( \
- FlagOn(FsRtlLegalAnsiCharacterArray[(UCHAR)(C)], (FSRTL_FAT_LEGAL) | \
- ((WILD) ? FSRTL_WILD_CHARACTER : 0 )) \
-)
+#endif /* (NTDDI_VERSION >= NTDDI_WIN2K) */
-#define FsRtlIsAnsiCharacterLegalHpfs(C, WILD) ( \
- FlagOn(FsRtlLegalAnsiCharacterArray[(UCHAR)(C)], (FSRTL_HPFS_LEGAL) | \
- ((WILD) ? FSRTL_WILD_CHARACTER : 0 )) \
-)
+#if (NTDDI_VERSION >= NTDDI_WINXP)
-#define FsRtlIsAnsiCharacterLegalNtfs(C, WILD) ( \
- FlagOn(FsRtlLegalAnsiCharacterArray[(UCHAR)(C)], (FSRTL_NTFS_LEGAL) | \
- ((WILD) ? FSRTL_WILD_CHARACTER : 0 )) \
-)
+_DECL_HAL_KE_IMPORT
+KIRQL
+FASTCALL
+KeAcquireQueuedSpinLock(
+ IN OUT KSPIN_LOCK_QUEUE_NUMBER Number);
-#define FsRtlIsAnsiCharacterWild(C) ( \
- FlagOn(FsRtlLegalAnsiCharacterArray[(UCHAR)(C)], FSRTL_WILD_CHARACTER ) \
-)
+NTHALAPI
+VOID
+FASTCALL
+KeReleaseQueuedSpinLock(
+ IN OUT KSPIN_LOCK_QUEUE_NUMBER Number,
+ IN KIRQL OldIrql);
-NTKERNELAPI
-BOOLEAN
-NTAPI
-FsRtlIsFatDbcsLegal (
- IN ANSI_STRING DbcsName,
- IN BOOLEAN WildCardsPermissible,
- IN BOOLEAN PathNamePermissible,
- IN BOOLEAN LeadingBackslashPermissible
-);
+_DECL_HAL_KE_IMPORT
+LOGICAL
+FASTCALL
+KeTryToAcquireQueuedSpinLock(
+ IN KSPIN_LOCK_QUEUE_NUMBER Number,
+ OUT PKIRQL OldIrql);
-NTKERNELAPI
-BOOLEAN
-NTAPI
-FsRtlIsHpfsDbcsLegal (
- IN ANSI_STRING DbcsName,
- IN BOOLEAN WildCardsPermissible,
- IN BOOLEAN PathNamePermissible,
- IN BOOLEAN LeadingBackslashPermissible
-);
+#endif /* (NTDDI_VERSION >= NTDDI_WINXP) */
+
+#if (NTDDI_VERSION >= NTDDI_VISTA)
NTKERNELAPI
-BOOLEAN
-NTAPI
-FsRtlIsNameInExpression (
- IN PUNICODE_STRING Expression,
- IN PUNICODE_STRING Name,
- IN BOOLEAN IgnoreCase,
- IN PWCHAR UpcaseTable OPTIONAL
-);
+VOID
+KeQueryOwnerMutant(
+ IN PKMUTANT Mutant,
+ OUT PCLIENT_ID ClientId);
NTKERNELAPI
-BOOLEAN
-NTAPI
-FsRtlIsNtstatusExpected (
- IN NTSTATUS Ntstatus
-);
+ULONG
+KeRemoveQueueEx (
+ IN OUT PKQUEUE Queue,
+ IN KPROCESSOR_MODE WaitMode,
+ IN BOOLEAN Alertable,
+ IN PLARGE_INTEGER Timeout OPTIONAL,
+ OUT PLIST_ENTRY *EntryArray,
+ IN ULONG Count);
-#define NLS_OEM_LEAD_BYTE_INFO NlsOemLeadByteInfo
+#endif /* (NTDDI_VERSION >= NTDDI_VISTA) */
-extern PUSHORT NlsOemLeadByteInfo;
+#define INVALID_PROCESSOR_INDEX 0xffffffff
-#define FsRtlIsLeadDbcsCharacter(DBCS_CHAR) ( \
- (BOOLEAN)((UCHAR)(DBCS_CHAR) < 0x80 ? FALSE : \
- (NLS_MB_CODE_PAGE_TAG && \
- (NLS_OEM_LEAD_BYTE_INFO[(UCHAR)(DBCS_CHAR)] != 0))) \
-)
+NTSTATUS
+NTAPI
+KeGetProcessorNumberFromIndex(
+ IN ULONG ProcIndex,
+ OUT PPROCESSOR_NUMBER ProcNumber);
-#define FsRtlIsUnicodeCharacterWild(C) ( \
- (((C) >= 0x40) ? \
- FALSE : \
- FlagOn(FsRtlLegalAnsiCharacterArray[(C)], FSRTL_WILD_CHARACTER )) \
-)
+ULONG
+NTAPI
+KeGetProcessorIndexFromNumber(
+ IN PPROCESSOR_NUMBER ProcNumber);
+
+#if (NTDDI_VERSION >= NTDDI_WIN2K)
NTKERNELAPI
-BOOLEAN
+SIZE_T
NTAPI
-FsRtlLookupBaseMcbEntry (
- IN PBASE_MCB Mcb,
- IN LONGLONG Vbn,
- OUT PLONGLONG Lbn OPTIONAL,
- OUT PLONGLONG SectorCountFromLbn OPTIONAL,
- OUT PLONGLONG StartingLbn OPTIONAL,
- OUT PLONGLONG SectorCountFromStartingLbn OPTIONAL,
- OUT PULONG Index OPTIONAL
-);
+ExQueryPoolBlockSize(
+ IN PVOID PoolBlock,
+ OUT PBOOLEAN QuotaCharged);
+
+VOID
+ExAdjustLookasideDepth(
+ VOID);
NTKERNELAPI
-BOOLEAN
+VOID
NTAPI
-FsRtlLookupLargeMcbEntry (
- IN PLARGE_MCB Mcb,
- IN LONGLONG Vbn,
- OUT PLONGLONG Lbn OPTIONAL,
- OUT PLONGLONG SectorCountFromLbn OPTIONAL,
- OUT PLONGLONG StartingLbn OPTIONAL,
- OUT PLONGLONG SectorCountFromStartingLbn OPTIONAL,
- OUT PULONG Index OPTIONAL
-);
+ExDisableResourceBoostLite(
+ IN PERESOURCE Resource);
+
+#endif
+
+#define ExDisableResourceBoost ExDisableResourceBoostLite
+
+#define EX_PUSH_LOCK ULONG_PTR
+#define PEX_PUSH_LOCK PULONG_PTR
+
+VOID
+ExInitializePushLock (
+ OUT PEX_PUSH_LOCK PushLock);
+
+#if (NTDDI_VERSION >= NTDDI_WINXP)
+PSLIST_ENTRY
+FASTCALL
+InterlockedPushListSList(
+ IN OUT PSLIST_HEADER ListHead,
+ IN OUT PSLIST_ENTRY List,
+ IN OUT PSLIST_ENTRY ListEnd,
+ IN ULONG Count);
+
+#endif
+
+/* #if !defined(_X86AMD64_) FIXME : WHAT ?! */
+#if defined(_WIN64)
+
+C_ASSERT(sizeof(ERESOURCE) == 0x68);
+C_ASSERT(FIELD_OFFSET(ERESOURCE,ActiveCount) == 0x18);
+C_ASSERT(FIELD_OFFSET(ERESOURCE,Flag) == 0x1a);
+
+#else
+
+C_ASSERT(sizeof(ERESOURCE) == 0x38);
+C_ASSERT(FIELD_OFFSET(ERESOURCE,ActiveCount) == 0x0c);
+C_ASSERT(FIELD_OFFSET(ERESOURCE,Flag) == 0x0e);
+
+#endif
+/* #endif */
+
+#define TOKEN_HAS_TRAVERSE_PRIVILEGE 0x0001
+#define TOKEN_HAS_BACKUP_PRIVILEGE 0x0002
+#define TOKEN_HAS_RESTORE_PRIVILEGE 0x0004
+#define TOKEN_WRITE_RESTRICTED 0x0008
+#define TOKEN_IS_RESTRICTED 0x0010
+#define TOKEN_SESSION_NOT_REFERENCED 0x0020
+#define TOKEN_SANDBOX_INERT 0x0040
+#define TOKEN_HAS_IMPERSONATE_PRIVILEGE 0x0080
+#define SE_BACKUP_PRIVILEGES_CHECKED 0x0100
+#define TOKEN_VIRTUALIZE_ALLOWED 0x0200
+#define TOKEN_VIRTUALIZE_ENABLED 0x0400
+#define TOKEN_IS_FILTERED 0x0800
+#define TOKEN_UIACCESS 0x1000
+#define TOKEN_NOT_LOW 0x2000
+
+typedef struct _SE_EXPORTS {
+ LUID SeCreateTokenPrivilege;
+ LUID SeAssignPrimaryTokenPrivilege;
+ LUID SeLockMemoryPrivilege;
+ LUID SeIncreaseQuotaPrivilege;
+ LUID SeUnsolicitedInputPrivilege;
+ LUID SeTcbPrivilege;
+ LUID SeSecurityPrivilege;
+ LUID SeTakeOwnershipPrivilege;
+ LUID SeLoadDriverPrivilege;
+ LUID SeCreatePagefilePrivilege;
+ LUID SeIncreaseBasePriorityPrivilege;
+ LUID SeSystemProfilePrivilege;
+ LUID SeSystemtimePrivilege;
+ LUID SeProfileSingleProcessPrivilege;
+ LUID SeCreatePermanentPrivilege;
+ LUID SeBackupPrivilege;
+ LUID SeRestorePrivilege;
+ LUID SeShutdownPrivilege;
+ LUID SeDebugPrivilege;
+ LUID SeAuditPrivilege;
+ LUID SeSystemEnvironmentPrivilege;
+ LUID SeChangeNotifyPrivilege;
+ LUID SeRemoteShutdownPrivilege;
+ PSID SeNullSid;
+ PSID SeWorldSid;
+ PSID SeLocalSid;
+ PSID SeCreatorOwnerSid;
+ PSID SeCreatorGroupSid;
+ PSID SeNtAuthoritySid;
+ PSID SeDialupSid;
+ PSID SeNetworkSid;
+ PSID SeBatchSid;
+ PSID SeInteractiveSid;
+ PSID SeLocalSystemSid;
+ PSID SeAliasAdminsSid;
+ PSID SeAliasUsersSid;
+ PSID SeAliasGuestsSid;
+ PSID SeAliasPowerUsersSid;
+ PSID SeAliasAccountOpsSid;
+ PSID SeAliasSystemOpsSid;
+ PSID SeAliasPrintOpsSid;
+ PSID SeAliasBackupOpsSid;
+ PSID SeAuthenticatedUsersSid;
+ PSID SeRestrictedSid;
+ PSID SeAnonymousLogonSid;
+ LUID SeUndockPrivilege;
+ LUID SeSyncAgentPrivilege;
+ LUID SeEnableDelegationPrivilege;
+ PSID SeLocalServiceSid;
+ PSID SeNetworkServiceSid;
+ LUID SeManageVolumePrivilege;
+ LUID SeImpersonatePrivilege;
+ LUID SeCreateGlobalPrivilege;
+ LUID SeTrustedCredManAccessPrivilege;
+ LUID SeRelabelPrivilege;
+ LUID SeIncreaseWorkingSetPrivilege;
+ LUID SeTimeZonePrivilege;
+ LUID SeCreateSymbolicLinkPrivilege;
+ PSID SeIUserSid;
+ PSID SeUntrustedMandatorySid;
+ PSID SeLowMandatorySid;
+ PSID SeMediumMandatorySid;
+ PSID SeHighMandatorySid;
+ PSID SeSystemMandatorySid;
+ PSID SeOwnerRightsSid;
+} SE_EXPORTS, *PSE_EXPORTS;
+
+typedef NTSTATUS
+(NTAPI *PSE_LOGON_SESSION_TERMINATED_ROUTINE)(
+ IN PLUID LogonId);
+
+#define SeLengthSid( Sid ) \
+ (8 + (4 * ((SID *)Sid)->SubAuthorityCount))
+
+#define SeDeleteClientSecurity(C) { \
+ if (SeTokenType((C)->ClientToken) == TokenPrimary) { \
+ PsDereferencePrimaryToken( (C)->ClientToken ); \
+ } else { \
+ PsDereferenceImpersonationToken( (C)->ClientToken ); \
+ } \
+}
+
+#define SeStopImpersonatingClient() PsRevertToSelf()
+
+#define SeQuerySubjectContextToken( SubjectContext ) \
+ ( ARGUMENT_PRESENT( \
+ ((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->ClientToken \
+ ) ? \
+ ((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->ClientToken : \
+ ((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->PrimaryToken )
+
+#if (NTDDI_VERSION >= NTDDI_WIN2K)
NTKERNELAPI
-BOOLEAN
+VOID
NTAPI
-FsRtlLookupLastBaseMcbEntry (
- IN PBASE_MCB Mcb,
- OUT PLONGLONG Vbn,
- OUT PLONGLONG Lbn
-);
+SeCaptureSubjectContext(
+ OUT PSECURITY_SUBJECT_CONTEXT SubjectContext);
NTKERNELAPI
-BOOLEAN
+VOID
NTAPI
-FsRtlLookupLastLargeMcbEntry (
- IN PLARGE_MCB Mcb,
- OUT PLONGLONG Vbn,
- OUT PLONGLONG Lbn
-);
+SeLockSubjectContext(
+ IN PSECURITY_SUBJECT_CONTEXT SubjectContext);
NTKERNELAPI
-BOOLEAN
+VOID
NTAPI
-FsRtlLookupLastMcbEntry (
- IN PMCB Mcb,
- OUT PVBN Vbn,
- OUT PLBN Lbn
-);
+SeUnlockSubjectContext(
+ IN PSECURITY_SUBJECT_CONTEXT SubjectContext);
NTKERNELAPI
-BOOLEAN
+VOID
NTAPI
-FsRtlLookupLastBaseMcbEntryAndIndex (
- IN PBASE_MCB OpaqueMcb,
- IN OUT PLONGLONG LargeVbn,
- IN OUT PLONGLONG LargeLbn,
- IN OUT PULONG Index
-);
+SeReleaseSubjectContext(
+ IN PSECURITY_SUBJECT_CONTEXT SubjectContext);
NTKERNELAPI
BOOLEAN
NTAPI
-FsRtlLookupLastLargeMcbEntryAndIndex (
- IN PLARGE_MCB OpaqueMcb,
- OUT PLONGLONG LargeVbn,
- OUT PLONGLONG LargeLbn,
- OUT PULONG Index
-);
+SePrivilegeCheck(
+ IN OUT PPRIVILEGE_SET RequiredPrivileges,
+ IN PSECURITY_SUBJECT_CONTEXT SubjectContext,
+ IN KPROCESSOR_MODE AccessMode);
NTKERNELAPI
-BOOLEAN
+VOID
NTAPI
-FsRtlLookupMcbEntry (
- IN PMCB Mcb,
- IN VBN Vbn,
- OUT PLBN Lbn,
- OUT PULONG SectorCount OPTIONAL,
- OUT PULONG Index
-);
+SeOpenObjectAuditAlarm(
+ IN PUNICODE_STRING ObjectTypeName,
+ IN PVOID Object OPTIONAL,
+ IN PUNICODE_STRING AbsoluteObjectName OPTIONAL,
+ IN PSECURITY_DESCRIPTOR SecurityDescriptor,
+ IN PACCESS_STATE AccessState,
+ IN BOOLEAN ObjectCreated,
+ IN BOOLEAN AccessGranted,
+ IN KPROCESSOR_MODE AccessMode,
+ OUT PBOOLEAN GenerateOnClose);
NTKERNELAPI
-PFSRTL_PER_STREAM_CONTEXT
+VOID
NTAPI
-FsRtlLookupPerStreamContextInternal (
- IN PFSRTL_ADVANCED_FCB_HEADER StreamContext,
- IN PVOID OwnerId OPTIONAL,
- IN PVOID InstanceId OPTIONAL
-);
+SeOpenObjectForDeleteAuditAlarm(
+ IN PUNICODE_STRING ObjectTypeName,
+ IN PVOID Object OPTIONAL,
+ IN PUNICODE_STRING AbsoluteObjectName OPTIONAL,
+ IN PSECURITY_DESCRIPTOR SecurityDescriptor,
+ IN PACCESS_STATE AccessState,
+ IN BOOLEAN ObjectCreated,
+ IN BOOLEAN AccessGranted,
+ IN KPROCESSOR_MODE AccessMode,
+ OUT PBOOLEAN GenerateOnClose);
NTKERNELAPI
-BOOLEAN
+VOID
NTAPI
-FsRtlMdlReadDev (
- IN PFILE_OBJECT FileObject,
- IN PLARGE_INTEGER FileOffset,
- IN ULONG Length,
- IN ULONG LockKey,
- OUT PMDL *MdlChain,
- OUT PIO_STATUS_BLOCK IoStatus,
- IN PDEVICE_OBJECT DeviceObject
-);
+SeDeleteObjectAuditAlarm(
+ IN PVOID Object,
+ IN HANDLE Handle);
NTKERNELAPI
-BOOLEAN
+TOKEN_TYPE
NTAPI
-FsRtlMdlReadComplete (
- IN PFILE_OBJECT FileObject,
- IN PMDL MdlChain
-);
+SeTokenType(
+ IN PACCESS_TOKEN Token);
NTKERNELAPI
BOOLEAN
NTAPI
-FsRtlMdlReadCompleteDev (
- IN PFILE_OBJECT FileObject,
- IN PMDL MdlChain,
- IN PDEVICE_OBJECT DeviceObject
-);
+SeTokenIsAdmin(
+ IN PACCESS_TOKEN Token);
NTKERNELAPI
BOOLEAN
NTAPI
-FsRtlPrepareMdlWriteDev (
- IN PFILE_OBJECT FileObject,
- IN PLARGE_INTEGER FileOffset,
- IN ULONG Length,
- IN ULONG LockKey,
- OUT PMDL *MdlChain,
- OUT PIO_STATUS_BLOCK IoStatus,
- IN PDEVICE_OBJECT DeviceObject
-);
+SeTokenIsRestricted(
+ IN PACCESS_TOKEN Token);
NTKERNELAPI
-BOOLEAN
+NTSTATUS
NTAPI
-FsRtlMdlWriteComplete (
- IN PFILE_OBJECT FileObject,
- IN PLARGE_INTEGER FileOffset,
- IN PMDL MdlChain
-);
+SeQueryAuthenticationIdToken(
+ IN PACCESS_TOKEN Token,
+ OUT PLUID AuthenticationId);
NTKERNELAPI
-BOOLEAN
+NTSTATUS
NTAPI
-FsRtlMdlWriteCompleteDev (
- IN PFILE_OBJECT FileObject,
- IN PLARGE_INTEGER FileOffset,
- IN PMDL MdlChain,
- IN PDEVICE_OBJECT DeviceObject
-);
+SeQuerySessionIdToken(
+ IN PACCESS_TOKEN Token,
+ OUT PULONG SessionId);
NTKERNELAPI
NTSTATUS
NTAPI
-FsRtlNormalizeNtstatus (
- IN NTSTATUS Exception,
- IN NTSTATUS GenericException
-);
+SeCreateClientSecurity(
+ IN PETHREAD ClientThread,
+ IN PSECURITY_QUALITY_OF_SERVICE ClientSecurityQos,
+ IN BOOLEAN RemoteSession,
+ OUT PSECURITY_CLIENT_CONTEXT ClientContext);
NTKERNELAPI
VOID
NTAPI
-FsRtlNotifyChangeDirectory (
- IN PNOTIFY_SYNC NotifySync,
- IN PVOID FsContext,
- IN PSTRING FullDirectoryName,
- IN PLIST_ENTRY NotifyList,
- IN BOOLEAN WatchTree,
- IN ULONG CompletionFilter,
- IN PIRP NotifyIrp
-);
+SeImpersonateClient(
+ IN PSECURITY_CLIENT_CONTEXT ClientContext,
+ IN PETHREAD ServerThread OPTIONAL);
NTKERNELAPI
-VOID
+NTSTATUS
NTAPI
-FsRtlNotifyCleanup (
- IN PNOTIFY_SYNC NotifySync,
- IN PLIST_ENTRY NotifyList,
- IN PVOID FsContext
-);
-
-typedef BOOLEAN (NTAPI *PCHECK_FOR_TRAVERSE_ACCESS) (
- IN PVOID NotifyContext,
- IN PVOID TargetContext,
- IN PSECURITY_SUBJECT_CONTEXT SubjectContext
-);
+SeImpersonateClientEx(
+ IN PSECURITY_CLIENT_CONTEXT ClientContext,
+ IN PETHREAD ServerThread OPTIONAL);
NTKERNELAPI
-VOID
+NTSTATUS
NTAPI
-FsRtlNotifyFilterChangeDirectory (
- IN PNOTIFY_SYNC NotifySync,
- IN PLIST_ENTRY NotifyList,
- IN PVOID FsContext,
- IN PSTRING FullDirectoryName,
- IN BOOLEAN WatchTree,
- IN BOOLEAN IgnoreBuffer,
- IN ULONG CompletionFilter,
- IN PIRP NotifyIrp,
- IN PCHECK_FOR_TRAVERSE_ACCESS TraverseCallback OPTIONAL,
- IN PSECURITY_SUBJECT_CONTEXT SubjectContext OPTIONAL,
- IN PFILTER_REPORT_CHANGE FilterCallback OPTIONAL);
+SeCreateClientSecurityFromSubjectContext(
+ IN PSECURITY_SUBJECT_CONTEXT SubjectContext,
+ IN PSECURITY_QUALITY_OF_SERVICE ClientSecurityQos,
+ IN BOOLEAN ServerIsRemote,
+ OUT PSECURITY_CLIENT_CONTEXT ClientContext);
NTKERNELAPI
-VOID
+NTSTATUS
NTAPI
-FsRtlNotifyFilterReportChange (
- IN PNOTIFY_SYNC NotifySync,
- IN PLIST_ENTRY NotifyList,
- IN PSTRING FullTargetName,
- IN USHORT TargetNameOffset,
- IN PSTRING StreamName OPTIONAL,
- IN PSTRING NormalizedParentName OPTIONAL,
- IN ULONG FilterMatch,
- IN ULONG Action,
- IN PVOID TargetContext,
- IN PVOID FilterContext);
+SeQuerySecurityDescriptorInfo(
+ IN PSECURITY_INFORMATION SecurityInformation,
+ OUT PSECURITY_DESCRIPTOR SecurityDescriptor,
+ IN OUT PULONG Length,
+ IN OUT PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor);
NTKERNELAPI
-VOID
+NTSTATUS
NTAPI
-FsRtlNotifyFullChangeDirectory (
- IN PNOTIFY_SYNC NotifySync,
- IN PLIST_ENTRY NotifyList,
- IN PVOID FsContext,
- IN PSTRING FullDirectoryName,
- IN BOOLEAN WatchTree,
- IN BOOLEAN IgnoreBuffer,
- IN ULONG CompletionFilter,
- IN PIRP NotifyIrp,
- IN PCHECK_FOR_TRAVERSE_ACCESS TraverseCallback OPTIONAL,
- IN PSECURITY_SUBJECT_CONTEXT SubjectContext OPTIONAL
-);
+SeSetSecurityDescriptorInfo(
+ IN PVOID Object OPTIONAL,
+ IN PSECURITY_INFORMATION SecurityInformation,
+ IN PSECURITY_DESCRIPTOR SecurityDescriptor,
+ IN OUT PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor,
+ IN POOL_TYPE PoolType,
+ IN PGENERIC_MAPPING GenericMapping);
NTKERNELAPI
-VOID
+NTSTATUS
NTAPI
-FsRtlNotifyFullReportChange (
- IN PNOTIFY_SYNC NotifySync,
- IN PLIST_ENTRY NotifyList,
- IN PSTRING FullTargetName,
- IN USHORT TargetNameOffset,
- IN PSTRING StreamName OPTIONAL,
- IN PSTRING NormalizedParentName OPTIONAL,
- IN ULONG FilterMatch,
- IN ULONG Action,
- IN PVOID TargetContext
-);
+SeSetSecurityDescriptorInfoEx(
+ IN PVOID Object OPTIONAL,
+ IN PSECURITY_INFORMATION SecurityInformation,
+ IN PSECURITY_DESCRIPTOR ModificationDescriptor,
+ IN OUT PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor,
+ IN ULONG AutoInheritFlags,
+ IN POOL_TYPE PoolType,
+ IN PGENERIC_MAPPING GenericMapping);
NTKERNELAPI
-VOID
+NTSTATUS
NTAPI
-FsRtlNotifyInitializeSync (
- IN PNOTIFY_SYNC *NotifySync
-);
+SeAppendPrivileges(
+ IN OUT PACCESS_STATE AccessState,
+ IN PPRIVILEGE_SET Privileges);
NTKERNELAPI
-VOID
+BOOLEAN
NTAPI
-FsRtlNotifyUninitializeSync (
- IN PNOTIFY_SYNC *NotifySync
-);
-
-#if (VER_PRODUCTBUILD >= 2195)
+SeAuditingFileEvents(
+ IN BOOLEAN AccessGranted,
+ IN PSECURITY_DESCRIPTOR SecurityDescriptor);
NTKERNELAPI
-NTSTATUS
+BOOLEAN
NTAPI
-FsRtlNotifyVolumeEvent (
- IN PFILE_OBJECT FileObject,
- IN ULONG EventCode
-);
+SeAuditingFileOrGlobalEvents(
+ IN BOOLEAN AccessGranted,
+ IN PSECURITY_DESCRIPTOR SecurityDescriptor,
+ IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext);
-#endif /* (VER_PRODUCTBUILD >= 2195) */
+VOID
+NTAPI
+SeSetAccessStateGenericMapping(
+ IN OUT PACCESS_STATE AccessState,
+ IN PGENERIC_MAPPING GenericMapping);
NTKERNELAPI
-ULONG
+NTSTATUS
NTAPI
-FsRtlNumberOfRunsInBaseMcb (
- IN PBASE_MCB Mcb
-);
+SeRegisterLogonSessionTerminatedRoutine(
+ IN PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine);
NTKERNELAPI
-ULONG
+NTSTATUS
NTAPI
-FsRtlNumberOfRunsInLargeMcb (
- IN PLARGE_MCB Mcb
-);
+SeUnregisterLogonSessionTerminatedRoutine(
+ IN PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine);
NTKERNELAPI
-ULONG
+NTSTATUS
NTAPI
-FsRtlNumberOfRunsInMcb (
- IN PMCB Mcb
-);
+SeMarkLogonSessionForTerminationNotification(
+ IN PLUID LogonId);
NTKERNELAPI
NTSTATUS
NTAPI
-FsRtlOplockFsctrl (
- IN POPLOCK Oplock,
- IN PIRP Irp,
- IN ULONG OpenCount
-);
+SeQueryInformationToken(
+ IN PACCESS_TOKEN Token,
+ IN TOKEN_INFORMATION_CLASS TokenInformationClass,
+ OUT PVOID *TokenInformation);
+
+#endif /* (NTDDI_VERSION >= NTDDI_WIN2K) */
+#if (NTDDI_VERSION >= NTDDI_WIN2KSP3)
NTKERNELAPI
BOOLEAN
NTAPI
-FsRtlOplockIsFastIoPossible (
- IN POPLOCK Oplock
-);
+SeAuditingHardLinkEvents(
+ IN BOOLEAN AccessGranted,
+ IN PSECURITY_DESCRIPTOR SecurityDescriptor);
+#endif
-typedef VOID
-(NTAPI *PFSRTL_STACK_OVERFLOW_ROUTINE) (
- IN PVOID Context,
- IN PKEVENT Event
-);
+#if (NTDDI_VERSION >= NTDDI_WINXP)
NTKERNELAPI
-VOID
+NTSTATUS
NTAPI
-FsRtlPostPagingFileStackOverflow (
- IN PVOID Context,
- IN PKEVENT Event,
- IN PFSRTL_STACK_OVERFLOW_ROUTINE StackOverflowRoutine
-);
+SeFilterToken(
+ IN PACCESS_TOKEN ExistingToken,
+ IN ULONG Flags,
+ IN PTOKEN_GROUPS SidsToDisable OPTIONAL,
+ IN PTOKEN_PRIVILEGES PrivilegesToDelete OPTIONAL,
+ IN PTOKEN_GROUPS RestrictedSids OPTIONAL,
+ OUT PACCESS_TOKEN *FilteredToken);
NTKERNELAPI
VOID
NTAPI
-FsRtlPostStackOverflow (
- IN PVOID Context,
- IN PKEVENT Event,
- IN PFSRTL_STACK_OVERFLOW_ROUTINE StackOverflowRoutine
-);
+SeAuditHardLinkCreation(
+ IN PUNICODE_STRING FileName,
+ IN PUNICODE_STRING LinkName,
+ IN BOOLEAN bSuccess);
-/*
- FsRtlPrivateLock:
+#endif /* (NTDDI_VERSION >= NTDDI_WINXP) */
- ret: IoStatus->Status: STATUS_PENDING, STATUS_LOCK_NOT_GRANTED
+#if (NTDDI_VERSION >= NTDDI_WINXPSP2)
- Internals:
- -Calls IoCompleteRequest if Irp
- -Uses exception handling / ExRaiseStatus with STATUS_INSUFFICIENT_RESOURCES
-*/
NTKERNELAPI
BOOLEAN
NTAPI
-FsRtlPrivateLock (
- IN PFILE_LOCK FileLock,
- IN PFILE_OBJECT FileObject,
- IN PLARGE_INTEGER FileOffset,
- IN PLARGE_INTEGER Length,
- IN PEPROCESS Process,
- IN ULONG Key,
- IN BOOLEAN FailImmediately,
- IN BOOLEAN ExclusiveLock,
- OUT PIO_STATUS_BLOCK IoStatus,
- IN PIRP Irp OPTIONAL,
- IN PVOID Context,
- IN BOOLEAN AlreadySynchronized
-);
+SeAuditingFileEventsWithContext(
+ IN BOOLEAN AccessGranted,
+ IN PSECURITY_DESCRIPTOR SecurityDescriptor,
+ IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext OPTIONAL);
-/*
- FsRtlProcessFileLock:
+NTKERNELAPI
+BOOLEAN
+NTAPI
+SeAuditingHardLinkEventsWithContext(
+ IN BOOLEAN AccessGranted,
+ IN PSECURITY_DESCRIPTOR SecurityDescriptor,
+ IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext OPTIONAL);
- ret:
- -STATUS_INVALID_DEVICE_REQUEST
- -STATUS_RANGE_NOT_LOCKED from unlock routines.
- -STATUS_PENDING, STATUS_LOCK_NOT_GRANTED from FsRtlPrivateLock
- (redirected IoStatus->Status).
+#endif
- Internals:
- -switch ( Irp->CurrentStackLocation->MinorFunction )
- lock: return FsRtlPrivateLock;
- unlocksingle: return FsRtlFastUnlockSingle;
- unlockall: return FsRtlFastUnlockAll;
- unlockallbykey: return FsRtlFastUnlockAllByKey;
- default: IofCompleteRequest with STATUS_INVALID_DEVICE_REQUEST;
- return STATUS_INVALID_DEVICE_REQUEST;
+#if (NTDDI_VERSION >= NTDDI_VISTA)
- -'AllwaysZero' is passed thru as 'AllwaysZero' to lock / unlock routines.
- -'Irp' is passet thru as 'Irp' to FsRtlPrivateLock.
-*/
NTKERNELAPI
-NTSTATUS
+VOID
NTAPI
-FsRtlProcessFileLock (
- IN PFILE_LOCK FileLock,
- IN PIRP Irp,
- IN PVOID Context OPTIONAL
-);
+SeOpenObjectAuditAlarmWithTransaction(
+ IN PUNICODE_STRING ObjectTypeName,
+ IN PVOID Object OPTIONAL,
+ IN PUNICODE_STRING AbsoluteObjectName OPTIONAL,
+ IN PSECURITY_DESCRIPTOR SecurityDescriptor,
+ IN PACCESS_STATE AccessState,
+ IN BOOLEAN ObjectCreated,
+ IN BOOLEAN AccessGranted,
+ IN KPROCESSOR_MODE AccessMode,
+ IN GUID *TransactionId OPTIONAL,
+ OUT PBOOLEAN GenerateOnClose);
NTKERNELAPI
-NTSTATUS
+VOID
NTAPI
-FsRtlRegisterUncProvider (
- IN OUT PHANDLE MupHandle,
- IN PUNICODE_STRING RedirectorDeviceName,
- IN BOOLEAN MailslotsSupported
-);
+SeOpenObjectForDeleteAuditAlarmWithTransaction(
+ IN PUNICODE_STRING ObjectTypeName,
+ IN PVOID Object OPTIONAL,
+ IN PUNICODE_STRING AbsoluteObjectName OPTIONAL,
+ IN PSECURITY_DESCRIPTOR SecurityDescriptor,
+ IN PACCESS_STATE AccessState,
+ IN BOOLEAN ObjectCreated,
+ IN BOOLEAN AccessGranted,
+ IN KPROCESSOR_MODE AccessMode,
+ IN GUID *TransactionId OPTIONAL,
+ OUT PBOOLEAN GenerateOnClose);
NTKERNELAPI
VOID
NTAPI
-FsRtlRemoveBaseMcbEntry (
- IN PBASE_MCB Mcb,
- IN LONGLONG Vbn,
- IN LONGLONG SectorCount
-);
+SeExamineSacl(
+ IN PACL Sacl,
+ IN PACCESS_TOKEN Token,
+ IN ACCESS_MASK DesiredAccess,
+ IN BOOLEAN AccessGranted,
+ OUT PBOOLEAN GenerateAudit,
+ OUT PBOOLEAN GenerateAlarm);
NTKERNELAPI
VOID
NTAPI
-FsRtlRemoveLargeMcbEntry (
- IN PLARGE_MCB Mcb,
- IN LONGLONG Vbn,
- IN LONGLONG SectorCount
-);
-
+SeDeleteObjectAuditAlarmWithTransaction(
+ IN PVOID Object,
+ IN HANDLE Handle,
+ IN GUID *TransactionId OPTIONAL);
+
NTKERNELAPI
VOID
NTAPI
-FsRtlRemoveMcbEntry (
- IN PMCB Mcb,
- IN VBN Vbn,
- IN ULONG SectorCount
-);
+SeQueryTokenIntegrity(
+ IN PACCESS_TOKEN Token,
+ IN OUT PSID_AND_ATTRIBUTES IntegritySA);
NTKERNELAPI
-PFSRTL_PER_STREAM_CONTEXT
+NTSTATUS
NTAPI
-FsRtlRemovePerStreamContext (
- IN PFSRTL_ADVANCED_FCB_HEADER StreamContext,
- IN PVOID OwnerId OPTIONAL,
- IN PVOID InstanceId OPTIONAL
-);
+SeSetSessionIdToken(
+ IN PACCESS_TOKEN Token,
+ IN ULONG SessionId);
NTKERNELAPI
VOID
NTAPI
-FsRtlResetBaseMcb (
- IN PBASE_MCB Mcb
-);
+SeAuditHardLinkCreationWithTransaction(
+ IN PUNICODE_STRING FileName,
+ IN PUNICODE_STRING LinkName,
+ IN BOOLEAN bSuccess,
+ IN GUID *TransactionId OPTIONAL);
NTKERNELAPI
VOID
NTAPI
-FsRtlResetLargeMcb (
- IN PLARGE_MCB Mcb,
- IN BOOLEAN SelfSynchronized
-);
+SeAuditTransactionStateChange(
+ IN GUID *TransactionId,
+ IN GUID *ResourceManagerId,
+ IN ULONG NewTransactionState);
+
+#endif /* (NTDDI_VERSION >= NTDDI_VISTA) */
+#if (NTDDI_VERSION >= NTDDI_VISTA || (NTDDI_VERSION >= NTDDI_WINXPSP2 && NTDDI_VERSION < NTDDI_WS03))
NTKERNELAPI
BOOLEAN
NTAPI
-FsRtlSplitBaseMcb (
- IN PBASE_MCB Mcb,
- IN LONGLONG Vbn,
- IN LONGLONG Amount
-);
+SeTokenIsWriteRestricted(
+ IN PACCESS_TOKEN Token);
+#endif
+
+#if (NTDDI_VERSION >= NTDDI_WIN7)
NTKERNELAPI
BOOLEAN
NTAPI
-FsRtlSplitLargeMcb (
- IN PLARGE_MCB Mcb,
- IN LONGLONG Vbn,
- IN LONGLONG Amount
-);
-
-#define FsRtlSupportsPerStreamContexts(FO) ( \
- (BOOLEAN)((NULL != FsRtlGetPerStreamContextPointer(FO) && \
- FlagOn(FsRtlGetPerStreamContextPointer(FO)->Flags2, \
- FSRTL_FLAG2_SUPPORTS_FILTER_CONTEXTS)) \
-)
+SeAuditingAnyFileEventsWithContext(
+ IN PSECURITY_DESCRIPTOR SecurityDescriptor,
+ IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext OPTIONAL);
NTKERNELAPI
VOID
NTAPI
-FsRtlTruncateBaseMcb (
- IN PBASE_MCB Mcb,
- IN LONGLONG Vbn
-);
+SeExamineGlobalSacl(
+ IN PUNICODE_STRING ObjectType,
+ IN PACCESS_TOKEN Token,
+ IN ACCESS_MASK DesiredAccess,
+ IN BOOLEAN AccessGranted,
+ IN OUT PBOOLEAN GenerateAudit,
+ IN OUT PBOOLEAN GenerateAlarm OPTIONAL);
NTKERNELAPI
VOID
NTAPI
-FsRtlTruncateLargeMcb (
- IN PLARGE_MCB Mcb,
- IN LONGLONG Vbn
-);
+SeMaximumAuditMaskFromGlobalSacl(
+ IN PUNICODE_STRING ObjectTypeName OPTIONAL,
+ IN ACCESS_MASK GrantedAccess,
+ IN PACCESS_TOKEN Token,
+ IN OUT PACCESS_MASK AuditMask);
+
+#endif
+
+NTSTATUS
+NTAPI
+SeReportSecurityEventWithSubCategory(
+ IN ULONG Flags,
+ IN PUNICODE_STRING SourceName,
+ IN PSID UserSid OPTIONAL,
+ IN PSE_ADT_PARAMETER_ARRAY AuditParameters,
+ IN ULONG AuditSubcategoryId);
+
+BOOLEAN
+NTAPI
+SeAccessCheckFromState(
+ IN PSECURITY_DESCRIPTOR SecurityDescriptor,
+ IN PTOKEN_ACCESS_INFORMATION PrimaryTokenInformation,
+ IN PTOKEN_ACCESS_INFORMATION ClientTokenInformation OPTIONAL,
+ IN ACCESS_MASK DesiredAccess,
+ IN ACCESS_MASK PreviouslyGrantedAccess,
+ OUT PPRIVILEGE_SET *Privileges OPTIONAL,
+ IN PGENERIC_MAPPING GenericMapping,
+ IN KPROCESSOR_MODE AccessMode,
+ OUT PACCESS_MASK GrantedAccess,
+ OUT PNTSTATUS AccessStatus);
NTKERNELAPI
VOID
NTAPI
-FsRtlTruncateMcb (
- IN PMCB Mcb,
- IN VBN Vbn
-);
+SeFreePrivileges(
+ IN PPRIVILEGE_SET Privileges);
+
+NTSTATUS
+NTAPI
+SeLocateProcessImageName(
+ IN OUT PEPROCESS Process,
+ OUT PUNICODE_STRING *pImageFileName);
+
+extern NTKERNELAPI PSE_EXPORTS SeExports;
+
+#if !defined(_PSGETCURRENTTHREAD_)
+#define _PSGETCURRENTTHREAD_
+
+FORCEINLINE
+PETHREAD
+PsGetCurrentThread(
+ VOID)
+{
+ return (PETHREAD)KeGetCurrentThread();
+}
+#endif
+
+#if (NTDDI_VERSION >= NTDDI_WIN2K)
+
+NTKERNELAPI
+PACCESS_TOKEN
+NTAPI
+PsReferenceImpersonationToken(
+ IN OUT PETHREAD Thread,
+ OUT PBOOLEAN CopyOnOpen,
+ OUT PBOOLEAN EffectiveOnly,
+ OUT PSECURITY_IMPERSONATION_LEVEL ImpersonationLevel);
+
+NTKERNELAPI
+LARGE_INTEGER
+NTAPI
+PsGetProcessExitTime(
+ VOID);
+
+NTKERNELAPI
+BOOLEAN
+NTAPI
+PsIsThreadTerminating(
+ IN PETHREAD Thread);
+
+NTKERNELAPI
+NTSTATUS
+NTAPI
+PsImpersonateClient(
+ IN OUT PETHREAD Thread,
+ IN PACCESS_TOKEN Token,
+ IN BOOLEAN CopyOnOpen,
+ IN BOOLEAN EffectiveOnly,
+ IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel);
+
+NTKERNELAPI
+BOOLEAN
+NTAPI
+PsDisableImpersonation(
+ IN OUT PETHREAD Thread,
+ IN OUT PSE_IMPERSONATION_STATE ImpersonationState);
NTKERNELAPI
VOID
NTAPI
-FsRtlUninitializeBaseMcb (
- IN PBASE_MCB Mcb
-);
+PsRestoreImpersonation(
+ IN PETHREAD Thread,
+ IN PSE_IMPERSONATION_STATE ImpersonationState);
NTKERNELAPI
VOID
NTAPI
-FsRtlUninitializeFileLock (
- IN PFILE_LOCK FileLock
-);
+PsRevertToSelf(
+ VOID);
NTKERNELAPI
VOID
NTAPI
-FsRtlUninitializeLargeMcb (
- IN PLARGE_MCB Mcb
-);
+PsChargePoolQuota(
+ IN PEPROCESS Process,
+ IN POOL_TYPE PoolType,
+ IN ULONG_PTR Amount);
NTKERNELAPI
VOID
NTAPI
-FsRtlUninitializeMcb (
- IN PMCB Mcb
-);
+PsReturnPoolQuota(
+ IN PEPROCESS Process,
+ IN POOL_TYPE PoolType,
+ IN ULONG_PTR Amount);
+
+#endif
+
+#if (NTDDI_VERSION >= NTDDI_WINXP)
NTKERNELAPI
VOID
NTAPI
-FsRtlUninitializeOplock (
- IN OUT POPLOCK Oplock
-);
+PsDereferencePrimaryToken(
+ IN PACCESS_TOKEN PrimaryToken);
NTKERNELAPI
-UCHAR
+VOID
NTAPI
-KeSetIdealProcessorThread(
- IN OUT PKTHREAD Thread,
- IN UCHAR Processor
-);
+PsDereferenceImpersonationToken(
+ IN PACCESS_TOKEN ImpersonationToken);
NTKERNELAPI
NTSTATUS
NTAPI
-IoAttachDeviceToDeviceStackSafe(
- IN PDEVICE_OBJECT SourceDevice,
- IN PDEVICE_OBJECT TargetDevice,
- OUT PDEVICE_OBJECT *AttachedToDeviceObject
-);
+PsChargeProcessPoolQuota(
+ IN PEPROCESS Process,
+ IN POOL_TYPE PoolType,
+ IN ULONG_PTR Amount);
NTKERNELAPI
-VOID
+BOOLEAN
NTAPI
-IoAcquireVpbSpinLock (
- OUT PKIRQL Irql
-);
+PsIsSystemThread(
+ IN PETHREAD Thread);
+
+#endif
NTKERNELAPI
NTSTATUS
NTAPI
-IoCheckDesiredAccess (
- IN OUT PACCESS_MASK DesiredAccess,
- IN ACCESS_MASK GrantedAccess
-);
+PsLookupProcessByProcessId(
+ IN HANDLE ProcessId,
+ OUT PEPROCESS *Process);
NTKERNELAPI
NTSTATUS
NTAPI
-IoCheckEaBufferValidity (
- IN PFILE_FULL_EA_INFORMATION EaBuffer,
- IN ULONG EaLength,
- OUT PULONG ErrorOffset
-);
+PsLookupThreadByThreadId(
+ IN HANDLE UniqueThreadId,
+ OUT PETHREAD *Thread);
+
+#define IO_OPEN_PAGING_FILE 0x0002
+#define IO_OPEN_TARGET_DIRECTORY 0x0004
+#define IO_STOP_ON_SYMLINK 0x0008
+#define IO_MM_PAGING_FILE 0x0010
+
+typedef VOID
+(NTAPI *PDRIVER_FS_NOTIFICATION) (
+ IN PDEVICE_OBJECT DeviceObject,
+ IN BOOLEAN FsActive);
+
+typedef enum _FS_FILTER_SECTION_SYNC_TYPE {
+ SyncTypeOther = 0,
+ SyncTypeCreateSection
+} FS_FILTER_SECTION_SYNC_TYPE, *PFS_FILTER_SECTION_SYNC_TYPE;
+
+typedef enum _FS_FILTER_STREAM_FO_NOTIFICATION_TYPE {
+ NotifyTypeCreate = 0,
+ NotifyTypeRetired
+} FS_FILTER_STREAM_FO_NOTIFICATION_TYPE, *PFS_FILTER_STREAM_FO_NOTIFICATION_TYPE;
+
+typedef union _FS_FILTER_PARAMETERS {
+ struct {
+ PLARGE_INTEGER EndingOffset;
+ PERESOURCE *ResourceToRelease;
+ } AcquireForModifiedPageWriter;
+ struct {
+ PERESOURCE ResourceToRelease;
+ } ReleaseForModifiedPageWriter;
+ struct {
+ FS_FILTER_SECTION_SYNC_TYPE SyncType;
+ ULONG PageProtection;
+ } AcquireForSectionSynchronization;
+ struct {
+ FS_FILTER_STREAM_FO_NOTIFICATION_TYPE NotificationType;
+ BOOLEAN POINTER_ALIGNMENT SafeToRecurse;
+ } NotifyStreamFileObject;
+ struct {
+ PVOID Argument1;
+ PVOID Argument2;
+ PVOID Argument3;
+ PVOID Argument4;
+ PVOID Argument5;
+ } Others;
+} FS_FILTER_PARAMETERS, *PFS_FILTER_PARAMETERS;
+
+#define FS_FILTER_ACQUIRE_FOR_SECTION_SYNCHRONIZATION (UCHAR)-1
+#define FS_FILTER_RELEASE_FOR_SECTION_SYNCHRONIZATION (UCHAR)-2
+#define FS_FILTER_ACQUIRE_FOR_MOD_WRITE (UCHAR)-3
+#define FS_FILTER_RELEASE_FOR_MOD_WRITE (UCHAR)-4
+#define FS_FILTER_ACQUIRE_FOR_CC_FLUSH (UCHAR)-5
+#define FS_FILTER_RELEASE_FOR_CC_FLUSH (UCHAR)-6
+
+typedef struct _FS_FILTER_CALLBACK_DATA {
+ ULONG SizeOfFsFilterCallbackData;
+ UCHAR Operation;
+ UCHAR Reserved;
+ struct _DEVICE_OBJECT *DeviceObject;
+ struct _FILE_OBJECT *FileObject;
+ FS_FILTER_PARAMETERS Parameters;
+} FS_FILTER_CALLBACK_DATA, *PFS_FILTER_CALLBACK_DATA;
+
+typedef NTSTATUS
+(NTAPI *PFS_FILTER_CALLBACK) (
+ IN PFS_FILTER_CALLBACK_DATA Data,
+ OUT PVOID *CompletionContext);
+
+typedef VOID
+(NTAPI *PFS_FILTER_COMPLETION_CALLBACK) (
+ IN PFS_FILTER_CALLBACK_DATA Data,
+ IN NTSTATUS OperationStatus,
+ IN PVOID CompletionContext);
+
+typedef struct _FS_FILTER_CALLBACKS {
+ ULONG SizeOfFsFilterCallbacks;
+ ULONG Reserved;
+ PFS_FILTER_CALLBACK PreAcquireForSectionSynchronization;
+ PFS_FILTER_COMPLETION_CALLBACK PostAcquireForSectionSynchronization;
+ PFS_FILTER_CALLBACK PreReleaseForSectionSynchronization;
+ PFS_FILTER_COMPLETION_CALLBACK PostReleaseForSectionSynchronization;
+ PFS_FILTER_CALLBACK PreAcquireForCcFlush;
+ PFS_FILTER_COMPLETION_CALLBACK PostAcquireForCcFlush;
+ PFS_FILTER_CALLBACK PreReleaseForCcFlush;
+ PFS_FILTER_COMPLETION_CALLBACK PostReleaseForCcFlush;
+ PFS_FILTER_CALLBACK PreAcquireForModifiedPageWriter;
+ PFS_FILTER_COMPLETION_CALLBACK PostAcquireForModifiedPageWriter;
+ PFS_FILTER_CALLBACK PreReleaseForModifiedPageWriter;
+ PFS_FILTER_COMPLETION_CALLBACK PostReleaseForModifiedPageWriter;
+} FS_FILTER_CALLBACKS, *PFS_FILTER_CALLBACKS;
+#if (NTDDI_VERSION >= NTDDI_WINXP)
NTKERNELAPI
NTSTATUS
NTAPI
-IoCheckFunctionAccess (
- IN ACCESS_MASK GrantedAccess,
- IN UCHAR MajorFunction,
- IN UCHAR MinorFunction,
- IN ULONG IoControlCode,
- IN PVOID Argument1 OPTIONAL,
- IN PVOID Argument2 OPTIONAL
-);
+FsRtlRegisterFileSystemFilterCallbacks(
+ IN struct _DRIVER_OBJECT *FilterDriverObject,
+ IN PFS_FILTER_CALLBACKS Callbacks);
+#endif /* (NTDDI_VERSION >= NTDDI_WINXP) */
-#if (VER_PRODUCTBUILD >= 2195)
+#if (NTDDI_VERSION >= NTDDI_VISTA)
+NTKERNELAPI
+NTSTATUS
+NTAPI
+FsRtlNotifyStreamFileObject(
+ IN struct _FILE_OBJECT * StreamFileObject,
+ IN struct _DEVICE_OBJECT *DeviceObjectHint OPTIONAL,
+ IN FS_FILTER_STREAM_FO_NOTIFICATION_TYPE NotificationType,
+ IN BOOLEAN SafeToRecurse);
+#endif /* (NTDDI_VERSION >= NTDDI_VISTA) */
+
+#define DO_VERIFY_VOLUME 0x00000002
+#define DO_BUFFERED_IO 0x00000004
+#define DO_EXCLUSIVE 0x00000008
+#define DO_DIRECT_IO 0x00000010
+#define DO_MAP_IO_BUFFER 0x00000020
+#define DO_DEVICE_HAS_NAME 0x00000040
+#define DO_DEVICE_INITIALIZING 0x00000080
+#define DO_SYSTEM_BOOT_PARTITION 0x00000100
+#define DO_LONG_TERM_REQUESTS 0x00000200
+#define DO_NEVER_LAST_DEVICE 0x00000400
+#define DO_SHUTDOWN_REGISTERED 0x00000800
+#define DO_BUS_ENUMERATED_DEVICE 0x00001000
+#define DO_POWER_PAGABLE 0x00002000
+#define DO_POWER_INRUSH 0x00004000
+#define DO_LOW_PRIORITY_FILESYSTEM 0x00010000
+#define DO_SUPPORTS_TRANSACTIONS 0x00040000
+#define DO_FORCE_NEITHER_IO 0x00080000
+#define DO_VOLUME_DEVICE_OBJECT 0x00100000
+#define DO_SYSTEM_SYSTEM_PARTITION 0x00200000
+#define DO_SYSTEM_CRITICAL_PARTITION 0x00400000
+#define DO_DISALLOW_EXECUTE 0x00800000
+
+extern KSPIN_LOCK IoStatisticsLock;
+extern ULONG IoReadOperationCount;
+extern ULONG IoWriteOperationCount;
+extern ULONG IoOtherOperationCount;
+extern LARGE_INTEGER IoReadTransferCount;
+extern LARGE_INTEGER IoWriteTransferCount;
+extern LARGE_INTEGER IoOtherTransferCount;
+
+#define IO_FILE_OBJECT_NON_PAGED_POOL_CHARGE 64
+#define IO_FILE_OBJECT_PAGED_POOL_CHARGE 1024
+#if (NTDDI_VERSION == NTDDI_WIN2K)
NTKERNELAPI
NTSTATUS
NTAPI
-IoCheckQuotaBufferValidity (
- IN PFILE_QUOTA_INFORMATION QuotaBuffer,
- IN ULONG QuotaLength,
- OUT PULONG ErrorOffset
-);
+IoRegisterFsRegistrationChangeEx(
+ IN PDRIVER_OBJECT DriverObject,
+ IN PDRIVER_FS_NOTIFICATION DriverNotificationRoutine);
+#endif
-#endif /* (VER_PRODUCTBUILD >= 2195) */
+#if (NTDDI_VERSION >= NTDDI_WIN2K)
NTKERNELAPI
-PFILE_OBJECT
+VOID
NTAPI
-IoCreateStreamFileObject (
- IN PFILE_OBJECT FileObject OPTIONAL,
- IN PDEVICE_OBJECT DeviceObject OPTIONAL
-);
+IoAcquireVpbSpinLock(
+ OUT PKIRQL Irql);
-#if (VER_PRODUCTBUILD >= 2195)
+NTKERNELAPI
+NTSTATUS
+NTAPI
+IoCheckDesiredAccess(
+ IN OUT PACCESS_MASK DesiredAccess,
+ IN ACCESS_MASK GrantedAccess);
NTKERNELAPI
-PFILE_OBJECT
+NTSTATUS
NTAPI
-IoCreateStreamFileObjectLite (
- IN PFILE_OBJECT FileObject OPTIONAL,
- IN PDEVICE_OBJECT DeviceObject OPTIONAL
-);
+IoCheckEaBufferValidity(
+ IN PFILE_FULL_EA_INFORMATION EaBuffer,
+ IN ULONG EaLength,
+ OUT PULONG ErrorOffset);
-#endif /* (VER_PRODUCTBUILD >= 2195) */
+NTKERNELAPI
+NTSTATUS
+NTAPI
+IoCheckFunctionAccess(
+ IN ACCESS_MASK GrantedAccess,
+ IN UCHAR MajorFunction,
+ IN UCHAR MinorFunction,
+ IN ULONG IoControlCode,
+ IN PVOID Argument1 OPTIONAL,
+ IN PVOID Argument2 OPTIONAL);
NTKERNELAPI
-BOOLEAN
+NTSTATUS
NTAPI
-IoFastQueryNetworkAttributes (
- IN POBJECT_ATTRIBUTES ObjectAttributes,
- IN ACCESS_MASK DesiredAccess,
- IN ULONG OpenOptions,
- OUT PIO_STATUS_BLOCK IoStatus,
- OUT PFILE_NETWORK_OPEN_INFORMATION Buffer
-);
+IoCheckQuerySetFileInformation(
+ IN FILE_INFORMATION_CLASS FileInformationClass,
+ IN ULONG Length,
+ IN BOOLEAN SetOperation);
NTKERNELAPI
-PDEVICE_OBJECT
+NTSTATUS
NTAPI
-IoGetAttachedDevice (
- IN PDEVICE_OBJECT DeviceObject
-);
+IoCheckQuerySetVolumeInformation(
+ IN FS_INFORMATION_CLASS FsInformationClass,
+ IN ULONG Length,
+ IN BOOLEAN SetOperation);
NTKERNELAPI
-PDEVICE_OBJECT
+NTSTATUS
NTAPI
-IoGetBaseFileSystemDeviceObject (
- IN PFILE_OBJECT FileObject
-);
+IoCheckQuotaBufferValidity(
+ IN PFILE_QUOTA_INFORMATION QuotaBuffer,
+ IN ULONG QuotaLength,
+ OUT PULONG ErrorOffset);
-#if (VER_PRODUCTBUILD >= 2600)
+NTKERNELAPI
+PFILE_OBJECT
+NTAPI
+IoCreateStreamFileObject(
+ IN PFILE_OBJECT FileObject OPTIONAL,
+ IN PDEVICE_OBJECT DeviceObject OPTIONAL);
NTKERNELAPI
-PDEVICE_OBJECT
+PFILE_OBJECT
NTAPI
-IoGetDeviceAttachmentBaseRef (
- IN PDEVICE_OBJECT DeviceObject
-);
+IoCreateStreamFileObjectLite(
+ IN PFILE_OBJECT FileObject OPTIONAL,
+ IN PDEVICE_OBJECT DeviceObject OPTIONAL);
+
+NTKERNELAPI
+BOOLEAN
+NTAPI
+IoFastQueryNetworkAttributes(
+ IN POBJECT_ATTRIBUTES ObjectAttributes,
+ IN ACCESS_MASK DesiredAccess,
+ IN ULONG OpenOptions,
+ OUT PIO_STATUS_BLOCK IoStatus,
+ OUT PFILE_NETWORK_OPEN_INFORMATION Buffer);
NTKERNELAPI
NTSTATUS
NTAPI
-IoGetDiskDeviceObject (
- IN PDEVICE_OBJECT FileSystemDeviceObject,
- OUT PDEVICE_OBJECT *DiskDeviceObject
-);
+IoPageRead(
+ IN PFILE_OBJECT FileObject,
+ IN PMDL Mdl,
+ IN PLARGE_INTEGER Offset,
+ IN PKEVENT Event,
+ OUT PIO_STATUS_BLOCK IoStatusBlock);
NTKERNELAPI
PDEVICE_OBJECT
NTAPI
-IoGetLowerDeviceObject (
- IN PDEVICE_OBJECT DeviceObject
-);
+IoGetAttachedDevice(
+ IN PDEVICE_OBJECT DeviceObject);
-#endif /* (VER_PRODUCTBUILD >= 2600) */
+NTKERNELAPI
+PDEVICE_OBJECT
+NTAPI
+IoGetAttachedDeviceReference(
+ IN PDEVICE_OBJECT DeviceObject);
NTKERNELAPI
-PEPROCESS
+PDEVICE_OBJECT
NTAPI
-IoGetRequestorProcess (
- IN PIRP Irp
-);
+IoGetBaseFileSystemDeviceObject(
+ IN PFILE_OBJECT FileObject);
-#if (VER_PRODUCTBUILD >= 2195)
+NTKERNELAPI
+PCONFIGURATION_INFORMATION
+NTAPI
+IoGetConfigurationInformation(
+ VOID);
NTKERNELAPI
ULONG
NTAPI
-IoGetRequestorProcessId (
- IN PIRP Irp
-);
+IoGetRequestorProcessId(
+ IN PIRP Irp);
-#endif /* (VER_PRODUCTBUILD >= 2195) */
+NTKERNELAPI
+PEPROCESS
+NTAPI
+IoGetRequestorProcess(
+ IN PIRP Irp);
NTKERNELAPI
PIRP
NTAPI
-IoGetTopLevelIrp (
- VOID
-);
-
-#define IoIsFileOpenedExclusively(FileObject) ( \
- (BOOLEAN) !( \
- (FileObject)->SharedRead || \
- (FileObject)->SharedWrite || \
- (FileObject)->SharedDelete \
- ) \
-)
+IoGetTopLevelIrp(
+ VOID);
NTKERNELAPI
BOOLEAN
NTAPI
-IoIsOperationSynchronous (
- IN PIRP Irp
-);
+IoIsOperationSynchronous(
+ IN PIRP Irp);
NTKERNELAPI
BOOLEAN
NTAPI
-IoIsSystemThread (
- IN PETHREAD Thread
-);
-
-#if (VER_PRODUCTBUILD >= 2195)
+IoIsSystemThread(
+ IN PETHREAD Thread);
NTKERNELAPI
BOOLEAN
NTAPI
-IoIsValidNameGraftingBuffer (
- IN PIRP Irp,
- IN PREPARSE_DATA_BUFFER ReparseBuffer
-);
-
-#endif /* (VER_PRODUCTBUILD >= 2195) */
+IoIsValidNameGraftingBuffer(
+ IN PIRP Irp,
+ IN PREPARSE_DATA_BUFFER ReparseBuffer);
NTKERNELAPI
NTSTATUS
NTAPI
-IoPageRead (
- IN PFILE_OBJECT FileObject,
- IN PMDL Mdl,
- IN PLARGE_INTEGER Offset,
- IN PKEVENT Event,
- OUT PIO_STATUS_BLOCK IoStatusBlock
-);
+IoQueryFileInformation(
+ IN PFILE_OBJECT FileObject,
+ IN FILE_INFORMATION_CLASS FileInformationClass,
+ IN ULONG Length,
+ OUT PVOID FileInformation,
+ OUT PULONG ReturnedLength);
NTKERNELAPI
NTSTATUS
NTAPI
-IoQueryFileInformation (
- IN PFILE_OBJECT FileObject,
- IN FILE_INFORMATION_CLASS FileInformationClass,
- IN ULONG Length,
- OUT PVOID FileInformation,
- OUT PULONG ReturnedLength
-);
+IoQueryVolumeInformation(
+ IN PFILE_OBJECT FileObject,
+ IN FS_INFORMATION_CLASS FsInformationClass,
+ IN ULONG Length,
+ OUT PVOID FsInformation,
+ OUT PULONG ReturnedLength);
NTKERNELAPI
-NTSTATUS
+VOID
NTAPI
-IoQueryVolumeInformation (
- IN PFILE_OBJECT FileObject,
- IN FS_INFORMATION_CLASS FsInformationClass,
- IN ULONG Length,
- OUT PVOID FsInformation,
- OUT PULONG ReturnedLength
-);
+IoQueueThreadIrp(
+ IN PIRP Irp);
NTKERNELAPI
VOID
NTAPI
-IoQueueThreadIrp(
- IN PIRP Irp
-);
+IoRegisterFileSystem(
+ IN PDEVICE_OBJECT DeviceObject);
NTKERNELAPI
-VOID
+NTSTATUS
NTAPI
-IoRegisterFileSystem (
- IN OUT PDEVICE_OBJECT DeviceObject
-);
+IoRegisterFsRegistrationChange(
+ IN PDRIVER_OBJECT DriverObject,
+ IN PDRIVER_FS_NOTIFICATION DriverNotificationRoutine);
-#if (VER_PRODUCTBUILD >= 1381)
+NTKERNELAPI
+VOID
+NTAPI
+IoReleaseVpbSpinLock(
+ IN KIRQL Irql);
-typedef VOID (NTAPI *PDRIVER_FS_NOTIFICATION) (
- IN PDEVICE_OBJECT DeviceObject,
- IN BOOLEAN DriverActive
-);
+NTKERNELAPI
+VOID
+NTAPI
+IoSetDeviceToVerify(
+ IN PETHREAD Thread,
+ IN PDEVICE_OBJECT DeviceObject OPTIONAL);
NTKERNELAPI
NTSTATUS
NTAPI
-IoRegisterFsRegistrationChange (
- IN PDRIVER_OBJECT DriverObject,
- IN PDRIVER_FS_NOTIFICATION DriverNotificationRoutine
-);
+IoSetInformation(
+ IN PFILE_OBJECT FileObject,
+ IN FILE_INFORMATION_CLASS FileInformationClass,
+ IN ULONG Length,
+ IN PVOID FileInformation);
-#endif /* (VER_PRODUCTBUILD >= 1381) */
+NTKERNELAPI
+VOID
+NTAPI
+IoSetTopLevelIrp(
+ IN PIRP Irp OPTIONAL);
NTKERNELAPI
VOID
NTAPI
-IoReleaseVpbSpinLock (
- IN KIRQL Irql
-);
+IoStartNextPacket(
+ IN PDEVICE_OBJECT DeviceObject,
+ IN BOOLEAN Cancelable);
NTKERNELAPI
VOID
NTAPI
-IoSetDeviceToVerify (
- IN PETHREAD Thread,
- IN PDEVICE_OBJECT DeviceObject
-);
+IoStartNextPacketByKey(
+ IN PDEVICE_OBJECT DeviceObject,
+ IN BOOLEAN Cancelable,
+ IN ULONG Key);
NTKERNELAPI
-NTSTATUS
+VOID
NTAPI
-IoSetInformation (
- IN PFILE_OBJECT FileObject,
- IN FILE_INFORMATION_CLASS FileInformationClass,
- IN ULONG Length,
- IN PVOID FileInformation
-);
+IoStartPacket(
+ IN PDEVICE_OBJECT DeviceObject,
+ IN PIRP Irp,
+ IN PULONG Key OPTIONAL,
+ IN PDRIVER_CANCEL CancelFunction OPTIONAL);
NTKERNELAPI
VOID
NTAPI
-IoSetTopLevelIrp (
- IN PIRP Irp
-);
+IoStartTimer(
+ IN PDEVICE_OBJECT DeviceObject);
+
+NTKERNELAPI
+VOID
+NTAPI
+IoStopTimer(
+ IN PDEVICE_OBJECT DeviceObject);
NTKERNELAPI
NTSTATUS
NTAPI
-IoSynchronousPageWrite (
- IN PFILE_OBJECT FileObject,
- IN PMDL Mdl,
- IN PLARGE_INTEGER FileOffset,
- IN PKEVENT Event,
- OUT PIO_STATUS_BLOCK IoStatusBlock
-);
+IoSynchronousPageWrite(
+ IN PFILE_OBJECT FileObject,
+ IN PMDL Mdl,
+ IN PLARGE_INTEGER FileOffset,
+ IN PKEVENT Event,
+ OUT PIO_STATUS_BLOCK IoStatusBlock);
NTKERNELAPI
PEPROCESS
NTAPI
-IoThreadToProcess (
- IN PETHREAD Thread
-);
+IoThreadToProcess(
+ IN PETHREAD Thread);
NTKERNELAPI
VOID
NTAPI
-IoUnregisterFileSystem (
- IN OUT PDEVICE_OBJECT DeviceObject
-);
-
-#if (VER_PRODUCTBUILD >= 1381)
+IoUnregisterFileSystem(
+ IN PDEVICE_OBJECT DeviceObject);
NTKERNELAPI
VOID
NTAPI
-IoUnregisterFsRegistrationChange (
- IN PDRIVER_OBJECT DriverObject,
- IN PDRIVER_FS_NOTIFICATION DriverNotificationRoutine
-);
-
-#endif /* (VER_PRODUCTBUILD >= 1381) */
+IoUnregisterFsRegistrationChange(
+ IN PDRIVER_OBJECT DriverObject,
+ IN PDRIVER_FS_NOTIFICATION DriverNotificationRoutine);
NTKERNELAPI
NTSTATUS
NTAPI
-IoVerifyVolume (
- IN PDEVICE_OBJECT DeviceObject,
- IN BOOLEAN AllowRawMount
-);
+IoVerifyVolume(
+ IN PDEVICE_OBJECT DeviceObject,
+ IN BOOLEAN AllowRawMount);
-#if !defined (_M_AMD64)
+NTKERNELAPI
+VOID
+NTAPI
+IoWriteErrorLogEntry(
+ IN PVOID ElEntry);
-NTHALAPI
-KIRQL
-FASTCALL
-KeAcquireQueuedSpinLock (
- IN KSPIN_LOCK_QUEUE_NUMBER Number
-);
+NTKERNELAPI
+NTSTATUS
+NTAPI
+IoGetRequestorSessionId(
+ IN PIRP Irp,
+ OUT PULONG pSessionId);
-NTHALAPI
-VOID
-FASTCALL
-KeReleaseQueuedSpinLock (
- IN KSPIN_LOCK_QUEUE_NUMBER Number,
- IN KIRQL OldIrql
-);
+#endif /* (NTDDI_VERSION >= NTDDI_WIN2K) */
-NTHALAPI
-KIRQL
-FASTCALL
-KeAcquireSpinLockRaiseToSynch(
- IN OUT PKSPIN_LOCK SpinLock
-);
+#if (NTDDI_VERSION >= NTDDI_WINXP)
-NTHALAPI
-LOGICAL
-FASTCALL
-KeTryToAcquireQueuedSpinLock(
- KSPIN_LOCK_QUEUE_NUMBER Number,
- PKIRQL OldIrql);
+NTKERNELAPI
+PFILE_OBJECT
+NTAPI
+IoCreateStreamFileObjectEx(
+ IN PFILE_OBJECT FileObject OPTIONAL,
+ IN PDEVICE_OBJECT DeviceObject OPTIONAL,
+ OUT PHANDLE FileObjectHandle OPTIONAL);
-#else
+NTKERNELAPI
+NTSTATUS
+NTAPI
+IoQueryFileDosDeviceName(
+ IN PFILE_OBJECT FileObject,
+ OUT POBJECT_NAME_INFORMATION *ObjectNameInformation);
+
+VOID
+NTAPI
+IoSetStartIoAttributes(
+ IN PDEVICE_OBJECT DeviceObject,
+ IN BOOLEAN DeferredStartIo,
+ IN BOOLEAN NonCancelable);
NTKERNELAPI
-KIRQL
-FASTCALL
-KeAcquireQueuedSpinLock (
- IN KSPIN_LOCK_QUEUE_NUMBER Number
-);
+NTSTATUS
+NTAPI
+IoEnumerateDeviceObjectList(
+ IN PDRIVER_OBJECT DriverObject,
+ OUT PDEVICE_OBJECT *DeviceObjectList,
+ IN ULONG DeviceObjectListSize,
+ OUT PULONG ActualNumberDeviceObjects);
NTKERNELAPI
-VOID
-FASTCALL
-KeReleaseQueuedSpinLock (
- IN KSPIN_LOCK_QUEUE_NUMBER Number,
- IN KIRQL OldIrql
-);
+PDEVICE_OBJECT
+NTAPI
+IoGetLowerDeviceObject(
+ IN PDEVICE_OBJECT DeviceObject);
NTKERNELAPI
-KIRQL
-KeAcquireSpinLockRaiseToSynch(
- IN OUT PKSPIN_LOCK SpinLock
-);
+PDEVICE_OBJECT
+NTAPI
+IoGetDeviceAttachmentBaseRef(
+ IN PDEVICE_OBJECT DeviceObject);
NTKERNELAPI
-LOGICAL
-KeTryToAcquireQueuedSpinLock(
- KSPIN_LOCK_QUEUE_NUMBER Number,
- PKIRQL OldIrql);
+NTSTATUS
+NTAPI
+IoGetDiskDeviceObject(
+ IN PDEVICE_OBJECT FileSystemDeviceObject,
+ OUT PDEVICE_OBJECT *DiskDeviceObject);
#endif
+#if (NTDDI_VERSION >= NTDDI_WS03SP1)
NTKERNELAPI
+NTSTATUS
+NTAPI
+IoEnumerateRegisteredFiltersList(
+ OUT PDRIVER_OBJECT *DriverObjectList,
+ IN ULONG DriverObjectListSize,
+ OUT PULONG ActualNumberDriverObjects);
+#endif
+
+#if (NTDDI_VERSION >= NTDDI_VISTA)
VOID
+FORCEINLINE
NTAPI
-KeAttachProcess (
- IN PKPROCESS Process
-);
+IoInitializePriorityInfo(
+ IN PIO_PRIORITY_INFO PriorityInfo)
+{
+ PriorityInfo->Size = sizeof(IO_PRIORITY_INFO);
+ PriorityInfo->ThreadPriority = 0xffff;
+ PriorityInfo->IoPriority = IoPriorityNormal;
+ PriorityInfo->PagePriority = 0;
+}
+#endif
+
+#if (NTDDI_VERSION >= NTDDI_WIN7)
NTKERNELAPI
-VOID
+NTSTATUS
NTAPI
-KeDetachProcess (
- VOID
-);
+IoRegisterFsRegistrationChangeMountAware(
+ IN PDRIVER_OBJECT DriverObject,
+ IN PDRIVER_FS_NOTIFICATION DriverNotificationRoutine,
+ IN BOOLEAN SynchronizeWithMounts);
+
+NTKERNELAPI
+NTSTATUS
+NTAPI
+IoReplaceFileObjectName(
+ IN PFILE_OBJECT FileObject,
+ IN PWSTR NewFileName,
+ IN USHORT FileNameLength);
+
+#endif
+
+#define IoIsFileOpenedExclusively(FileObject) ( \
+ (BOOLEAN) !( \
+ (FileObject)->SharedRead || \
+ (FileObject)->SharedWrite || \
+ (FileObject)->SharedDelete \
+ ) \
+)
+
+#if (NTDDI_VERSION >= NTDDI_VISTA)
+typedef struct _IO_PRIORITY_INFO {
+ ULONG Size;
+ ULONG ThreadPriority;
+ ULONG PagePriority;
+ IO_PRIORITY_HINT IoPriority;
+} IO_PRIORITY_INFO, *PIO_PRIORITY_INFO;
+#endif
+
+#define PO_CB_SYSTEM_POWER_POLICY 0
+#define PO_CB_AC_STATUS 1
+#define PO_CB_BUTTON_COLLISION 2
+#define PO_CB_SYSTEM_STATE_LOCK 3
+#define PO_CB_LID_SWITCH_STATE 4
+#define PO_CB_PROCESSOR_POWER_POLICY 5
+
+#if (NTDDI_VERSION >= NTDDI_WIN2K)
+
+NTKERNELAPI
+PVOID
+NTAPI
+PoRegisterSystemState(
+ IN OUT PVOID StateHandle OPTIONAL,
+ IN EXECUTION_STATE Flags);
NTKERNELAPI
VOID
NTAPI
-KeInitializeQueue (
- IN PRKQUEUE Queue,
- IN ULONG Count OPTIONAL
-);
+PoUnregisterSystemState(
+ IN OUT PVOID StateHandle);
NTKERNELAPI
-LONG
+POWER_STATE
NTAPI
-KeInsertHeadQueue (
- IN PRKQUEUE Queue,
- IN PLIST_ENTRY Entry
-);
+PoSetPowerState(
+ IN PDEVICE_OBJECT DeviceObject,
+ IN POWER_STATE_TYPE Type,
+ IN POWER_STATE State);
NTKERNELAPI
-LONG
+NTSTATUS
NTAPI
-KeInsertQueue (
- IN PRKQUEUE Queue,
- IN PLIST_ENTRY Entry
-);
+PoCallDriver(
+ IN PDEVICE_OBJECT DeviceObject,
+ IN OUT PIRP Irp);
NTKERNELAPI
-LONG
+VOID
NTAPI
-KeReadStateQueue (
- IN PRKQUEUE Queue
-);
+PoStartNextPowerIrp(
+ IN OUT PIRP Irp);
NTKERNELAPI
-PLIST_ENTRY
+PULONG
NTAPI
-KeRemoveQueue (
- IN PRKQUEUE Queue,
- IN KPROCESSOR_MODE WaitMode,
- IN PLARGE_INTEGER Timeout OPTIONAL
-);
+PoRegisterDeviceForIdleDetection(
+ IN PDEVICE_OBJECT DeviceObject,
+ IN ULONG ConservationIdleTime,
+ IN ULONG PerformanceIdleTime,
+ IN DEVICE_POWER_STATE State);
+
+#endif /* (NTDDI_VERSION >= NTDDI_WIN2K) */
+#if (NTDDI_VERSION >= NTDDI_WINXP)
NTKERNELAPI
-PLIST_ENTRY
+NTSTATUS
NTAPI
-KeRundownQueue (
- IN PRKQUEUE Queue
-);
+PoQueueShutdownWorkItem(
+ IN OUT PWORK_QUEUE_ITEM WorkItem);
+#endif
+#if (NTDDI_VERSION >= NTDDI_WIN6SP1)
NTKERNELAPI
VOID
NTAPI
-KeInitializeMutant (
- IN PRKMUTANT Mutant,
- IN BOOLEAN InitialOwner
-);
+PoSetDeviceBusyEx(
+ IN OUT PULONG IdlePointer);
+#endif
+
+#if (NTDDI_VERSION >= NTDDI_WIN7)
NTKERNELAPI
-LONG
+NTSTATUS
NTAPI
-KeReadStateMutant (
- IN PRKMUTANT Mutant
-);
+PoCreatePowerRequest(
+ OUT PVOID *PowerRequest,
+ IN PDEVICE_OBJECT DeviceObject,
+ IN PCOUNTED_REASON_CONTEXT Context);
NTKERNELAPI
-LONG
+NTSTATUS
NTAPI
-KeReleaseMutant (
- IN PRKMUTANT Mutant,
- IN KPRIORITY Increment,
- IN BOOLEAN Abandoned,
- IN BOOLEAN Wait
-);
+PoSetPowerRequest(
+ IN OUT PVOID PowerRequest,
+ IN POWER_REQUEST_TYPE Type);
-#if (VER_PRODUCTBUILD >= 2195)
+NTKERNELAPI
+NTSTATUS
+NTAPI
+PoClearPowerRequest(
+ IN OUT PVOID PowerRequest,
+ IN POWER_REQUEST_TYPE Type);
NTKERNELAPI
VOID
NTAPI
-KeStackAttachProcess (
- IN PKPROCESS Process,
- OUT PKAPC_STATE ApcState
-);
+PoDeletePowerRequest(
+ IN OUT PVOID PowerRequest);
NTKERNELAPI
VOID
NTAPI
-KeUnstackDetachProcess (
- IN PKAPC_STATE ApcState
-);
+PoStartDeviceBusy(
+ IN OUT PULONG IdlePointer);
-#endif /* (VER_PRODUCTBUILD >= 2195) */
+NTKERNELAPI
+VOID
+NTAPI
+PoEndDeviceBusy(
+ IN OUT PULONG IdlePointer);
NTKERNELAPI
BOOLEAN
NTAPI
-KeSetKernelStackSwapEnable(
- IN BOOLEAN Enable
-);
+PoQueryWatchdogTime(
+ IN PDEVICE_OBJECT Pdo,
+ OUT PULONG SecondsRemaining);
+
+#endif /* (NTDDI_VERSION >= NTDDI_WIN7) */
+
+#if defined(_IA64_)
+#if (NTDDI_VERSION >= NTDDI_WIN2K)
+//DECLSPEC_DEPRECATED_DDK
+NTHALAPI
+ULONG
+NTAPI
+HalGetDmaAlignmentRequirement(
+ VOID);
+#endif
+#endif
+
+#if defined(_M_IX86) || defined(_M_AMD64)
+#define HalGetDmaAlignmentRequirement() 1L
+#endif
+
+typedef enum _MMFLUSH_TYPE {
+ MmFlushForDelete,
+ MmFlushForWrite
+} MMFLUSH_TYPE;
+
+#if (NTDDI_VERSION >= NTDDI_WIN2K)
NTKERNELAPI
BOOLEAN
NTAPI
-MmCanFileBeTruncated (
- IN PSECTION_OBJECT_POINTERS SectionObjectPointer,
- IN PLARGE_INTEGER NewFileSize
-);
+MmIsRecursiveIoFault(
+ VOID);
NTKERNELAPI
BOOLEAN
NTAPI
-MmFlushImageSection (
- IN PSECTION_OBJECT_POINTERS SectionObjectPointer,
- IN MMFLUSH_TYPE FlushType
-);
+MmForceSectionClosed(
+ IN PSECTION_OBJECT_POINTERS SectionObjectPointer,
+ IN BOOLEAN DelayClose);
NTKERNELAPI
BOOLEAN
NTAPI
-MmForceSectionClosed (
- IN PSECTION_OBJECT_POINTERS SectionObjectPointer,
- IN BOOLEAN DelayClose
-);
-
-#if (VER_PRODUCTBUILD >= 1381)
+MmFlushImageSection(
+ IN PSECTION_OBJECT_POINTERS SectionObjectPointer,
+ IN MMFLUSH_TYPE FlushType);
NTKERNELAPI
BOOLEAN
NTAPI
-MmIsRecursiveIoFault (
- VOID
-);
-
-#else
+MmCanFileBeTruncated(
+ IN PSECTION_OBJECT_POINTERS SectionObjectPointer,
+ IN PLARGE_INTEGER NewFileSize OPTIONAL);
-#define MmIsRecursiveIoFault() ( \
- (PsGetCurrentThread()->DisablePageFaultClustering) | \
- (PsGetCurrentThread()->ForwardClusterOnly) \
-)
+NTKERNELAPI
+BOOLEAN
+NTAPI
+MmSetAddressRangeModified(
+ IN PVOID Address,
+ IN SIZE_T Length);
#endif
+typedef struct _READ_LIST {
+ PFILE_OBJECT FileObject;
+ ULONG NumberOfEntries;
+ LOGICAL IsImage;
+ FILE_SEGMENT_ELEMENT List[ANYSIZE_ARRAY];
+} READ_LIST, *PREAD_LIST;
-NTKERNELAPI
-BOOLEAN
-NTAPI
-MmSetAddressRangeModified (
- IN PVOID Address,
- IN SIZE_T Length
-);
+#if (NTDDI_VERSION >= NTDDI_WINXP)
+typedef union _MM_PREFETCH_FLAGS {
+ struct {
+ ULONG Priority : SYSTEM_PAGE_PRIORITY_BITS;
+ ULONG RepurposePriority : SYSTEM_PAGE_PRIORITY_BITS;
+ } Flags;
+ ULONG AllFlags;
+} MM_PREFETCH_FLAGS, *PMM_PREFETCH_FLAGS;
+
+#define MM_PREFETCH_FLAGS_MASK ((1 << (2*SYSTEM_PAGE_PRIORITY_BITS)) - 1)
NTKERNELAPI
NTSTATUS
NTAPI
-ObCreateObject (
- IN KPROCESSOR_MODE ObjectAttributesAccessMode OPTIONAL,
- IN POBJECT_TYPE ObjectType,
- IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
- IN KPROCESSOR_MODE AccessMode,
- IN OUT PVOID ParseContext OPTIONAL,
- IN ULONG ObjectSize,
- IN ULONG PagedPoolCharge OPTIONAL,
- IN ULONG NonPagedPoolCharge OPTIONAL,
- OUT PVOID *Object
-);
+MmPrefetchPages(
+ IN ULONG NumberOfLists,
+ IN PREAD_LIST *ReadLists);
+#endif
+#if (NTDDI_VERSION >= NTDDI_VISTA)
NTKERNELAPI
ULONG
NTAPI
-ObGetObjectPointerCount (
- IN PVOID Object
-);
+MmDoesFileHaveUserWritableReferences(
+ IN PSECTION_OBJECT_POINTERS SectionPointer);
+#endif
#if (NTDDI_VERSION >= NTDDI_WIN2K)
NTKERNELAPI
NTSTATUS
NTAPI
-ObInsertObject (
+ObInsertObject(
IN PVOID Object,
- IN PACCESS_STATE PassedAccessState OPTIONAL,
+ IN OUT PACCESS_STATE PassedAccessState OPTIONAL,
IN ACCESS_MASK DesiredAccess OPTIONAL,
IN ULONG ObjectPointerBias,
OUT PVOID *NewObject OPTIONAL,
NTKERNELAPI
NTSTATUS
NTAPI
-ObOpenObjectByPointer (
+ObOpenObjectByPointer(
IN PVOID Object,
IN ULONG HandleAttributes,
IN PACCESS_STATE PassedAccessState OPTIONAL,
NTKERNELAPI
VOID
NTAPI
-ObMakeTemporaryObject (
+ObMakeTemporaryObject(
IN PVOID Object);
NTKERNELAPI
NTSTATUS
NTAPI
-ObQueryObjectAuditingByHandle (
- IN HANDLE Handle,
- OUT PBOOLEAN GenerateOnClose);
-
-#endif
+ObQueryNameString(
+ IN PVOID Object,
+ OUT POBJECT_NAME_INFORMATION ObjectNameInfo OPTIONAL,
+ IN ULONG Length,
+ OUT PULONG ReturnLength);
NTKERNELAPI
NTSTATUS
NTAPI
-ObQueryNameString (
- IN PVOID Object,
- OUT POBJECT_NAME_INFORMATION ObjectNameInfo,
- IN ULONG Length,
- OUT PULONG ReturnLength
-);
+ObQueryObjectAuditingByHandle(
+ IN HANDLE Handle,
+ OUT PBOOLEAN GenerateOnClose);
+#endif
+
+#if (NTDDI_VERSION >= NTDDI_VISTA)
NTKERNELAPI
-NTSTATUS
+BOOLEAN
NTAPI
-ObReferenceObjectByName (
- IN PUNICODE_STRING ObjectName,
- IN ULONG Attributes,
- IN PACCESS_STATE PassedAccessState OPTIONAL,
- IN ACCESS_MASK DesiredAccess OPTIONAL,
- IN POBJECT_TYPE ObjectType,
- IN KPROCESSOR_MODE AccessMode,
- IN OUT PVOID ParseContext OPTIONAL,
- OUT PVOID *Object
-);
+ObIsKernelHandle(
+ IN HANDLE Handle);
+#endif
+#if (NTDDI_VERSION >= NTDDI_WIN7)
NTKERNELAPI
NTSTATUS
NTAPI
-PsAssignImpersonationToken (
- IN PETHREAD Thread,
- IN HANDLE Token
-);
+ObOpenObjectByPointerWithTag(
+ IN PVOID Object,
+ IN ULONG HandleAttributes,
+ IN PACCESS_STATE PassedAccessState OPTIONAL,
+ IN ACCESS_MASK DesiredAccess,
+ IN POBJECT_TYPE ObjectType OPTIONAL,
+ IN KPROCESSOR_MODE AccessMode,
+ IN ULONG Tag,
+ OUT PHANDLE Handle);
+#endif
-NTKERNELAPI
-VOID
-NTAPI
-PsChargePoolQuota (
- IN PEPROCESS Process,
- IN POOL_TYPE PoolType,
- IN SIZE_T Amount
-);
+typedef ULONG LBN;
+typedef LBN *PLBN;
-NTKERNELAPI
-NTSTATUS
-NTAPI
-PsChargeProcessPoolQuota (
- IN PEPROCESS Process,
- IN POOL_TYPE PoolType,
- IN SIZE_T Amount
-);
+typedef ULONG VBN;
+typedef VBN *PVBN;
-#define PsDereferenceImpersonationToken(T) \
- {if (ARGUMENT_PRESENT(T)) { \
- (ObDereferenceObject((T))); \
- } else { \
- ; \
- } \
-}
+typedef enum _FAST_IO_POSSIBLE {
+ FastIoIsNotPossible = 0,
+ FastIoIsPossible,
+ FastIoIsQuestionable
+} FAST_IO_POSSIBLE;
-#define PsDereferencePrimaryToken(T) (ObDereferenceObject((T)))
+typedef struct _FSRTL_COMMON_FCB_HEADER {
+ CSHORT NodeTypeCode;
+ CSHORT NodeByteSize;
+ UCHAR Flags;
+ UCHAR IsFastIoPossible;
+ UCHAR Flags2;
+ UCHAR Reserved:4;
+ UCHAR Version:4;
+ PERESOURCE Resource;
+ PERESOURCE PagingIoResource;
+ LARGE_INTEGER AllocationSize;
+ LARGE_INTEGER FileSize;
+ LARGE_INTEGER ValidDataLength;
+} FSRTL_COMMON_FCB_HEADER, *PFSRTL_COMMON_FCB_HEADER;
-NTKERNELAPI
-BOOLEAN
-NTAPI
-PsDisableImpersonation(
- IN PETHREAD Thread,
- IN PSE_IMPERSONATION_STATE ImpersonationState
-);
+#ifdef __cplusplus
+typedef struct _FSRTL_ADVANCED_FCB_HEADER:FSRTL_COMMON_FCB_HEADER {
+#else /* __cplusplus */
+typedef struct _FSRTL_ADVANCED_FCB_HEADER {
+ FSRTL_COMMON_FCB_HEADER DUMMYSTRUCTNAME;
+#endif /* __cplusplus */
+ PFAST_MUTEX FastMutex;
+ LIST_ENTRY FilterContexts;
+#if (NTDDI_VERSION >= NTDDI_VISTA)
+ EX_PUSH_LOCK PushLock;
+ PVOID *FileContextSupportPointer;
+#endif
+} FSRTL_ADVANCED_FCB_HEADER, *PFSRTL_ADVANCED_FCB_HEADER;
-NTKERNELAPI
-LARGE_INTEGER
-NTAPI
-PsGetProcessExitTime (
- VOID
-);
+#define FSRTL_FCB_HEADER_V0 (0x00)
+#define FSRTL_FCB_HEADER_V1 (0x01)
-NTKERNELAPI
-NTSTATUS
-NTAPI
-PsImpersonateClient(
- IN PETHREAD Thread,
- IN PACCESS_TOKEN Token,
- IN BOOLEAN CopyOnOpen,
- IN BOOLEAN EffectiveOnly,
- IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
-);
+#define FSRTL_FLAG_FILE_MODIFIED (0x01)
+#define FSRTL_FLAG_FILE_LENGTH_CHANGED (0x02)
+#define FSRTL_FLAG_LIMIT_MODIFIED_PAGES (0x04)
+#define FSRTL_FLAG_ACQUIRE_MAIN_RSRC_EX (0x08)
+#define FSRTL_FLAG_ACQUIRE_MAIN_RSRC_SH (0x10)
+#define FSRTL_FLAG_USER_MAPPED_FILE (0x20)
+#define FSRTL_FLAG_ADVANCED_HEADER (0x40)
+#define FSRTL_FLAG_EOF_ADVANCE_ACTIVE (0x80)
+
+#define FSRTL_FLAG2_DO_MODIFIED_WRITE (0x01)
+#define FSRTL_FLAG2_SUPPORTS_FILTER_CONTEXTS (0x02)
+#define FSRTL_FLAG2_PURGE_WHEN_MAPPED (0x04)
+#define FSRTL_FLAG2_IS_PAGING_FILE (0x08)
+
+#define FSRTL_FSP_TOP_LEVEL_IRP (0x01)
+#define FSRTL_CACHE_TOP_LEVEL_IRP (0x02)
+#define FSRTL_MOD_WRITE_TOP_LEVEL_IRP (0x03)
+#define FSRTL_FAST_IO_TOP_LEVEL_IRP (0x04)
+#define FSRTL_NETWORK1_TOP_LEVEL_IRP ((LONG_PTR)0x05)
+#define FSRTL_NETWORK2_TOP_LEVEL_IRP ((LONG_PTR)0x06)
+#define FSRTL_MAX_TOP_LEVEL_IRP_FLAG ((LONG_PTR)0xFFFF)
+
+typedef struct _EOF_WAIT_BLOCK {
+ LIST_ENTRY EofWaitLinks;
+ KEVENT Event;
+} EOF_WAIT_BLOCK, *PEOF_WAIT_BLOCK;
+
+typedef struct _FSRTL_AUXILIARY_BUFFER {
+ PVOID Buffer;
+ ULONG Length;
+ ULONG Flags;
+ PMDL Mdl;
+} FSRTL_AUXILIARY_BUFFER, *PFSRTL_AUXILIARY_BUFFER;
+
+#define FSRTL_AUXILIARY_FLAG_DEALLOCATE 0x00000001
+
+typedef struct _FILE_LOCK_INFO {
+ LARGE_INTEGER StartingByte;
+ LARGE_INTEGER Length;
+ BOOLEAN ExclusiveLock;
+ ULONG Key;
+ PFILE_OBJECT FileObject;
+ PVOID ProcessId;
+ LARGE_INTEGER EndingByte;
+} FILE_LOCK_INFO, *PFILE_LOCK_INFO;
+
+typedef NTSTATUS
+(NTAPI *PCOMPLETE_LOCK_IRP_ROUTINE) (
+ IN PVOID Context,
+ IN PIRP Irp);
+
+typedef VOID
+(NTAPI *PUNLOCK_ROUTINE) (
+ IN PVOID Context,
+ IN PFILE_LOCK_INFO FileLockInfo);
+
+typedef struct _FILE_LOCK {
+ PCOMPLETE_LOCK_IRP_ROUTINE CompleteLockIrpRoutine;
+ PUNLOCK_ROUTINE UnlockRoutine;
+ BOOLEAN FastIoIsQuestionable;
+ BOOLEAN SpareC[3];
+ PVOID LockInformation;
+ FILE_LOCK_INFO LastReturnedLockInfo;
+ PVOID LastReturnedLock;
+ LONG volatile LockRequestsInProgress;
+} FILE_LOCK, *PFILE_LOCK;
+
+typedef struct _TUNNEL {
+ FAST_MUTEX Mutex;
+ PRTL_SPLAY_LINKS Cache;
+ LIST_ENTRY TimerQueue;
+ USHORT NumEntries;
+} TUNNEL, *PTUNNEL;
+
+typedef enum _FSRTL_COMPARISON_RESULT {
+ LessThan = -1,
+ EqualTo = 0,
+ GreaterThan = 1
+} FSRTL_COMPARISON_RESULT;
+
+#define FSRTL_FAT_LEGAL 0x01
+#define FSRTL_HPFS_LEGAL 0x02
+#define FSRTL_NTFS_LEGAL 0x04
+#define FSRTL_WILD_CHARACTER 0x08
+#define FSRTL_OLE_LEGAL 0x10
+#define FSRTL_NTFS_STREAM_LEGAL (FSRTL_NTFS_LEGAL | FSRTL_OLE_LEGAL)
+
+typedef struct _BASE_MCB {
+ ULONG MaximumPairCount;
+ ULONG PairCount;
+ USHORT PoolType;
+ USHORT Flags;
+ PVOID Mapping;
+} BASE_MCB, *PBASE_MCB;
+
+typedef struct _LARGE_MCB {
+ PKGUARDED_MUTEX GuardedMutex;
+ BASE_MCB BaseMcb;
+} LARGE_MCB, *PLARGE_MCB;
+
+#define MCB_FLAG_RAISE_ON_ALLOCATION_FAILURE 1
+
+typedef struct _MCB {
+ LARGE_MCB DummyFieldThatSizesThisStructureCorrectly;
+} MCB, *PMCB;
+
+typedef PVOID OPLOCK, *POPLOCK;
+
+typedef VOID
+(NTAPI *POPLOCK_WAIT_COMPLETE_ROUTINE) (
+ IN PVOID Context,
+ IN PIRP Irp);
+
+typedef VOID
+(NTAPI *POPLOCK_FS_PREPOST_IRP) (
+ IN PVOID Context,
+ IN PIRP Irp);
+
+#if (NTDDI_VERSION >= NTDDI_VISTASP1)
+#define OPLOCK_FLAG_COMPLETE_IF_OPLOCKED 0x00000001
+#endif
+
+#if (NTDDI_VERSION >= NTDDI_WIN7)
+#define OPLOCK_FLAG_OPLOCK_KEY_CHECK_ONLY 0x00000002
+#define OPLOCK_FLAG_BACK_OUT_ATOMIC_OPLOCK 0x00000004
+#define OPLOCK_FLAG_IGNORE_OPLOCK_KEYS 0x00000008
+#define OPLOCK_FSCTRL_FLAG_ALL_KEYS_MATCH 0x00000001
+#endif
+
+#if (NTDDI_VERSION >= NTDDI_WIN7)
+
+typedef struct _OPLOCK_KEY_ECP_CONTEXT {
+ GUID OplockKey;
+ ULONG Reserved;
+} OPLOCK_KEY_ECP_CONTEXT, *POPLOCK_KEY_ECP_CONTEXT;
+
+DEFINE_GUID( GUID_ECP_OPLOCK_KEY, 0x48850596, 0x3050, 0x4be7, 0x98, 0x63, 0xfe, 0xc3, 0x50, 0xce, 0x8d, 0x7f );
+
+#endif
+
+#define FSRTL_VOLUME_DISMOUNT 1
+#define FSRTL_VOLUME_DISMOUNT_FAILED 2
+#define FSRTL_VOLUME_LOCK 3
+#define FSRTL_VOLUME_LOCK_FAILED 4
+#define FSRTL_VOLUME_UNLOCK 5
+#define FSRTL_VOLUME_MOUNT 6
+#define FSRTL_VOLUME_NEEDS_CHKDSK 7
+#define FSRTL_VOLUME_WORM_NEAR_FULL 8
+#define FSRTL_VOLUME_WEARING_OUT 9
+#define FSRTL_VOLUME_FORCED_CLOSED 10
+#define FSRTL_VOLUME_INFO_MAKE_COMPAT 11
+#define FSRTL_VOLUME_PREPARING_EJECT 12
+#define FSRTL_VOLUME_CHANGE_SIZE 13
+#define FSRTL_VOLUME_BACKGROUND_FORMAT 14
+
+typedef PVOID PNOTIFY_SYNC;
+
+typedef BOOLEAN
+(NTAPI *PCHECK_FOR_TRAVERSE_ACCESS) (
+ IN PVOID NotifyContext,
+ IN PVOID TargetContext OPTIONAL,
+ IN PSECURITY_SUBJECT_CONTEXT SubjectContext);
+
+typedef BOOLEAN
+(NTAPI *PFILTER_REPORT_CHANGE) (
+ IN PVOID NotifyContext,
+ IN PVOID FilterContext);
+
+typedef VOID
+(NTAPI *PFSRTL_STACK_OVERFLOW_ROUTINE) (
+ IN PVOID Context,
+ IN PKEVENT Event);
+
+#if (NTDDI_VERSION >= NTDDI_VISTA)
+
+#define FSRTL_UNC_PROVIDER_FLAGS_MAILSLOTS_SUPPORTED 0x00000001
+#define FSRTL_UNC_PROVIDER_FLAGS_CSC_ENABLED 0x00000002
+#define FSRTL_UNC_PROVIDER_FLAGS_DOMAIN_SVC_AWARE 0x00000004
+
+#define FSRTL_ALLOCATE_ECPLIST_FLAG_CHARGE_QUOTA 0x00000001
+
+#define FSRTL_ALLOCATE_ECP_FLAG_CHARGE_QUOTA 0x00000001
+#define FSRTL_ALLOCATE_ECP_FLAG_NONPAGED_POOL 0x00000002
+
+#define FSRTL_ECP_LOOKASIDE_FLAG_NONPAGED_POOL 0x00000002
+
+#define FSRTL_VIRTDISK_FULLY_ALLOCATED 0x00000001
+#define FSRTL_VIRTDISK_NO_DRIVE_LETTER 0x00000002
+
+typedef struct _FSRTL_MUP_PROVIDER_INFO_LEVEL_1 {
+ ULONG32 ProviderId;
+} FSRTL_MUP_PROVIDER_INFO_LEVEL_1, *PFSRTL_MUP_PROVIDER_INFO_LEVEL_1;
+
+typedef struct _FSRTL_MUP_PROVIDER_INFO_LEVEL_2 {
+ ULONG32 ProviderId;
+ UNICODE_STRING ProviderName;
+} FSRTL_MUP_PROVIDER_INFO_LEVEL_2, *PFSRTL_MUP_PROVIDER_INFO_LEVEL_2;
+
+typedef VOID
+(*PFSRTL_EXTRA_CREATE_PARAMETER_CLEANUP_CALLBACK) (
+ IN OUT PVOID EcpContext,
+ IN LPCGUID EcpType);
+
+typedef struct _ECP_LIST ECP_LIST, *PECP_LIST;
+
+typedef ULONG FSRTL_ALLOCATE_ECPLIST_FLAGS;
+typedef ULONG FSRTL_ALLOCATE_ECP_FLAGS;
+typedef ULONG FSRTL_ECP_LOOKASIDE_FLAGS;
+
+typedef enum _FSRTL_CHANGE_BACKING_TYPE {
+ ChangeDataControlArea,
+ ChangeImageControlArea,
+ ChangeSharedCacheMap
+} FSRTL_CHANGE_BACKING_TYPE, *PFSRTL_CHANGE_BACKING_TYPE;
+
+#endif /* (NTDDI_VERSION >= NTDDI_VISTA) */
+
+typedef struct _FSRTL_PER_FILE_CONTEXT {
+ LIST_ENTRY Links;
+ PVOID OwnerId;
+ PVOID InstanceId;
+ PFREE_FUNCTION FreeCallback;
+} FSRTL_PER_FILE_CONTEXT, *PFSRTL_PER_FILE_CONTEXT;
+
+typedef struct _FSRTL_PER_STREAM_CONTEXT {
+ LIST_ENTRY Links;
+ PVOID OwnerId;
+ PVOID InstanceId;
+ PFREE_FUNCTION FreeCallback;
+} FSRTL_PER_STREAM_CONTEXT, *PFSRTL_PER_STREAM_CONTEXT;
+
+#if (NTDDI_VERSION >= NTDDI_WIN2K)
+typedef VOID
+(*PFN_FSRTLTEARDOWNPERSTREAMCONTEXTS) (
+ IN PFSRTL_ADVANCED_FCB_HEADER AdvancedHeader);
+#endif
+
+typedef struct _FSRTL_PER_FILEOBJECT_CONTEXT {
+ LIST_ENTRY Links;
+ PVOID OwnerId;
+ PVOID InstanceId;
+} FSRTL_PER_FILEOBJECT_CONTEXT, *PFSRTL_PER_FILEOBJECT_CONTEXT;
+
+#define FsRtlEnterFileSystem KeEnterCriticalRegion
+#define FsRtlExitFileSystem KeLeaveCriticalRegion
+
+#define FSRTL_CC_FLUSH_ERROR_FLAG_NO_HARD_ERROR 0x1
+#define FSRTL_CC_FLUSH_ERROR_FLAG_NO_LOG_ENTRY 0x2
+
+#if (NTDDI_VERSION >= NTDDI_WIN2K)
NTKERNELAPI
BOOLEAN
NTAPI
-PsIsSystemThread(
- IN PETHREAD Thread
-);
+FsRtlCopyRead(
+ IN PFILE_OBJECT FileObject,
+ IN PLARGE_INTEGER FileOffset,
+ IN ULONG Length,
+ IN BOOLEAN Wait,
+ IN ULONG LockKey,
+ OUT PVOID Buffer,
+ OUT PIO_STATUS_BLOCK IoStatus,
+ IN PDEVICE_OBJECT DeviceObject);
NTKERNELAPI
BOOLEAN
NTAPI
-PsIsThreadTerminating (
- IN PETHREAD Thread
-);
+FsRtlCopyWrite(
+ IN PFILE_OBJECT FileObject,
+ IN PLARGE_INTEGER FileOffset,
+ IN ULONG Length,
+ IN BOOLEAN Wait,
+ IN ULONG LockKey,
+ IN PVOID Buffer,
+ OUT PIO_STATUS_BLOCK IoStatus,
+ IN PDEVICE_OBJECT DeviceObject);
NTKERNELAPI
-NTSTATUS
+BOOLEAN
NTAPI
-PsLookupProcessByProcessId (
- IN HANDLE ProcessId,
- OUT PEPROCESS *Process
-);
+FsRtlMdlReadDev(
+ IN PFILE_OBJECT FileObject,
+ IN PLARGE_INTEGER FileOffset,
+ IN ULONG Length,
+ IN ULONG LockKey,
+ OUT PMDL *MdlChain,
+ OUT PIO_STATUS_BLOCK IoStatus,
+ IN PDEVICE_OBJECT DeviceObject OPTIONAL);
NTKERNELAPI
-NTSTATUS
+BOOLEAN
NTAPI
-PsLookupProcessThreadByCid (
- IN PCLIENT_ID Cid,
- OUT PEPROCESS *Process OPTIONAL,
- OUT PETHREAD *Thread
-);
+FsRtlMdlReadCompleteDev(
+ IN PFILE_OBJECT FileObject,
+ IN PMDL MdlChain,
+ IN PDEVICE_OBJECT DeviceObject OPTIONAL);
NTKERNELAPI
-NTSTATUS
+BOOLEAN
NTAPI
-PsLookupThreadByThreadId (
- IN HANDLE UniqueThreadId,
- OUT PETHREAD *Thread
-);
+FsRtlPrepareMdlWriteDev(
+ IN PFILE_OBJECT FileObject,
+ IN PLARGE_INTEGER FileOffset,
+ IN ULONG Length,
+ IN ULONG LockKey,
+ OUT PMDL *MdlChain,
+ OUT PIO_STATUS_BLOCK IoStatus,
+ IN PDEVICE_OBJECT DeviceObject);
NTKERNELAPI
-PACCESS_TOKEN
+BOOLEAN
NTAPI
-PsReferenceImpersonationToken (
- IN PETHREAD Thread,
- OUT PBOOLEAN CopyOnUse,
- OUT PBOOLEAN EffectiveOnly,
- OUT PSECURITY_IMPERSONATION_LEVEL Level
-);
+FsRtlMdlWriteCompleteDev(
+ IN PFILE_OBJECT FileObject,
+ IN PLARGE_INTEGER FileOffset,
+ IN PMDL MdlChain,
+ IN PDEVICE_OBJECT DeviceObject);
NTKERNELAPI
-HANDLE
+VOID
NTAPI
-PsReferencePrimaryToken (
- IN PEPROCESS Process
-);
+FsRtlAcquireFileExclusive(
+ IN PFILE_OBJECT FileObject);
NTKERNELAPI
VOID
NTAPI
-PsRestoreImpersonation(
- IN PETHREAD Thread,
- IN PSE_IMPERSONATION_STATE ImpersonationState
-);
+FsRtlReleaseFile(
+ IN PFILE_OBJECT FileObject);
NTKERNELAPI
-VOID
+NTSTATUS
NTAPI
-PsReturnPoolQuota (
- IN PEPROCESS Process,
- IN POOL_TYPE PoolType,
- IN SIZE_T Amount
-);
+FsRtlGetFileSize(
+ IN PFILE_OBJECT FileObject,
+ OUT PLARGE_INTEGER FileSize);
NTKERNELAPI
-VOID
+BOOLEAN
NTAPI
-PsRevertToSelf (
- VOID
-);
+FsRtlIsTotalDeviceFailure(
+ IN NTSTATUS Status);
-NTSYSAPI
-NTSTATUS
+NTKERNELAPI
+PFILE_LOCK
NTAPI
-RtlAbsoluteToSelfRelativeSD (
- IN PSECURITY_DESCRIPTOR AbsoluteSecurityDescriptor,
- IN OUT PSECURITY_DESCRIPTOR SelfRelativeSecurityDescriptor,
- IN PULONG BufferLength
-);
+FsRtlAllocateFileLock(
+ IN PCOMPLETE_LOCK_IRP_ROUTINE CompleteLockIrpRoutine OPTIONAL,
+ IN PUNLOCK_ROUTINE UnlockRoutine OPTIONAL);
-NTSYSAPI
-PVOID
+NTKERNELAPI
+VOID
NTAPI
-RtlAllocateHeap (
- IN HANDLE HeapHandle,
- IN ULONG Flags,
- IN SIZE_T Size
-);
+FsRtlFreeFileLock(
+ IN PFILE_LOCK FileLock);
-NTSYSAPI
-NTSTATUS
+NTKERNELAPI
+VOID
NTAPI
-RtlAppendStringToString(
- PSTRING Destination,
- const STRING *Source
-);
+FsRtlInitializeFileLock(
+ IN PFILE_LOCK FileLock,
+ IN PCOMPLETE_LOCK_IRP_ROUTINE CompleteLockIrpRoutine OPTIONAL,
+ IN PUNLOCK_ROUTINE UnlockRoutine OPTIONAL);
-NTSYSAPI
-USHORT
+NTKERNELAPI
+VOID
NTAPI
-RtlCaptureStackBackTrace (
- IN ULONG FramesToSkip,
- IN ULONG FramesToCapture,
- OUT PVOID *BackTrace,
- OUT PULONG BackTraceHash OPTIONAL
-);
+FsRtlUninitializeFileLock(
+ IN PFILE_LOCK FileLock);
-NTSYSAPI
-SIZE_T
-NTAPI
-RtlCompareMemoryUlong (
- PVOID Source,
- SIZE_T Length,
- ULONG Pattern
-);
+/*
+ FsRtlProcessFileLock:
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlCompressBuffer (
- IN USHORT CompressionFormatAndEngine,
- IN PUCHAR UncompressedBuffer,
- IN ULONG UncompressedBufferSize,
- OUT PUCHAR CompressedBuffer,
- IN ULONG CompressedBufferSize,
- IN ULONG UncompressedChunkSize,
- OUT PULONG FinalCompressedSize,
- IN PVOID WorkSpace
-);
+ ret:
+ -STATUS_INVALID_DEVICE_REQUEST
+ -STATUS_RANGE_NOT_LOCKED from unlock routines.
+ -STATUS_PENDING, STATUS_LOCK_NOT_GRANTED from FsRtlPrivateLock
+ (redirected IoStatus->Status).
-NTSYSAPI
+ Internals:
+ -switch ( Irp->CurrentStackLocation->MinorFunction )
+ lock: return FsRtlPrivateLock;
+ unlocksingle: return FsRtlFastUnlockSingle;
+ unlockall: return FsRtlFastUnlockAll;
+ unlockallbykey: return FsRtlFastUnlockAllByKey;
+ default: IofCompleteRequest with STATUS_INVALID_DEVICE_REQUEST;
+ return STATUS_INVALID_DEVICE_REQUEST;
+
+ -'AllwaysZero' is passed thru as 'AllwaysZero' to lock / unlock routines.
+ -'Irp' is passet thru as 'Irp' to FsRtlPrivateLock.
+*/
+NTKERNELAPI
NTSTATUS
NTAPI
-RtlCompressChunks (
- IN PUCHAR UncompressedBuffer,
- IN ULONG UncompressedBufferSize,
- OUT PUCHAR CompressedBuffer,
- IN ULONG CompressedBufferSize,
- IN OUT PCOMPRESSED_DATA_INFO CompressedDataInfo,
- IN ULONG CompressedDataInfoLength,
- IN PVOID WorkSpace
-);
+FsRtlProcessFileLock(
+ IN PFILE_LOCK FileLock,
+ IN PIRP Irp,
+ IN PVOID Context OPTIONAL);
-NTSYSAPI
-NTSTATUS
+/*
+ FsRtlCheckLockForReadAccess:
+
+ All this really does is pick out the lock parameters from the irp (io stack
+ location?), get IoGetRequestorProcess, and pass values on to
+ FsRtlFastCheckLockForRead.
+*/
+NTKERNELAPI
+BOOLEAN
NTAPI
-RtlConvertSidToUnicodeString (
- OUT PUNICODE_STRING DestinationString,
- IN PSID Sid,
- IN BOOLEAN AllocateDestinationString
-);
+FsRtlCheckLockForReadAccess(
+ IN PFILE_LOCK FileLock,
+ IN PIRP Irp);
-NTSYSAPI
-NTSTATUS
+/*
+ FsRtlCheckLockForWriteAccess:
+
+ All this really does is pick out the lock parameters from the irp (io stack
+ location?), get IoGetRequestorProcess, and pass values on to
+ FsRtlFastCheckLockForWrite.
+*/
+NTKERNELAPI
+BOOLEAN
NTAPI
-RtlCopySid (
- IN ULONG Length,
- IN PSID Destination,
- IN PSID Source
-);
+FsRtlCheckLockForWriteAccess(
+ IN PFILE_LOCK FileLock,
+ IN PIRP Irp);
-NTSYSAPI
+NTKERNELAPI
BOOLEAN
NTAPI
-RtlCreateUnicodeString(
- PUNICODE_STRING DestinationString,
- PCWSTR SourceString
-);
+FsRtlFastCheckLockForRead(
+ IN PFILE_LOCK FileLock,
+ IN PLARGE_INTEGER FileOffset,
+ IN PLARGE_INTEGER Length,
+ IN ULONG Key,
+ IN PFILE_OBJECT FileObject,
+ IN PVOID Process);
-NTSYSAPI
-NTSTATUS
+NTKERNELAPI
+BOOLEAN
NTAPI
-RtlDecompressBuffer (
- IN USHORT CompressionFormat,
- OUT PUCHAR UncompressedBuffer,
- IN ULONG UncompressedBufferSize,
- IN PUCHAR CompressedBuffer,
- IN ULONG CompressedBufferSize,
- OUT PULONG FinalUncompressedSize
-);
+FsRtlFastCheckLockForWrite(
+ IN PFILE_LOCK FileLock,
+ IN PLARGE_INTEGER FileOffset,
+ IN PLARGE_INTEGER Length,
+ IN ULONG Key,
+ IN PFILE_OBJECT FileObject,
+ IN PVOID Process);
-NTSYSAPI
-NTSTATUS
+/*
+ FsRtlGetNextFileLock:
+
+ ret: NULL if no more locks
+
+ Internals:
+ FsRtlGetNextFileLock uses FileLock->LastReturnedLockInfo and
+ FileLock->LastReturnedLock as storage.
+ LastReturnedLock is a pointer to the 'raw' lock inkl. double linked
+ list, and FsRtlGetNextFileLock needs this to get next lock on subsequent
+ calls with Restart = FALSE.
+*/
+NTKERNELAPI
+PFILE_LOCK_INFO
NTAPI
-RtlDecompressChunks (
- OUT PUCHAR UncompressedBuffer,
- IN ULONG UncompressedBufferSize,
- IN PUCHAR CompressedBuffer,
- IN ULONG CompressedBufferSize,
- IN PUCHAR CompressedTail,
- IN ULONG CompressedTailSize,
- IN PCOMPRESSED_DATA_INFO CompressedDataInfo
-);
+FsRtlGetNextFileLock(
+ IN PFILE_LOCK FileLock,
+ IN BOOLEAN Restart);
-NTSYSAPI
+NTKERNELAPI
NTSTATUS
NTAPI
-RtlDecompressFragment (
- IN USHORT CompressionFormat,
- OUT PUCHAR UncompressedFragment,
- IN ULONG UncompressedFragmentSize,
- IN PUCHAR CompressedBuffer,
- IN ULONG CompressedBufferSize,
- IN ULONG FragmentOffset,
- OUT PULONG FinalUncompressedSize,
- IN PVOID WorkSpace
-);
+FsRtlFastUnlockSingle(
+ IN PFILE_LOCK FileLock,
+ IN PFILE_OBJECT FileObject,
+ IN PLARGE_INTEGER FileOffset,
+ IN PLARGE_INTEGER Length,
+ IN PEPROCESS Process,
+ IN ULONG Key,
+ IN PVOID Context OPTIONAL,
+ IN BOOLEAN AlreadySynchronized);
-NTSYSAPI
+NTKERNELAPI
NTSTATUS
NTAPI
-RtlDescribeChunk (
- IN USHORT CompressionFormat,
- IN OUT PUCHAR *CompressedBuffer,
- IN PUCHAR EndOfCompressedBufferPlus1,
- OUT PUCHAR *ChunkBuffer,
- OUT PULONG ChunkSize
-);
+FsRtlFastUnlockAll(
+ IN PFILE_LOCK FileLock,
+ IN PFILE_OBJECT FileObject,
+ IN PEPROCESS Process,
+ IN PVOID Context OPTIONAL);
-NTSYSAPI
+NTKERNELAPI
NTSTATUS
NTAPI
-RtlDowncaseUnicodeString(
- IN OUT PUNICODE_STRING UniDest,
- IN PCUNICODE_STRING UniSource,
- IN BOOLEAN AllocateDestinationString
-);
+FsRtlFastUnlockAllByKey(
+ IN PFILE_LOCK FileLock,
+ IN PFILE_OBJECT FileObject,
+ IN PEPROCESS Process,
+ IN ULONG Key,
+ IN PVOID Context OPTIONAL);
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlDuplicateUnicodeString(
- IN ULONG Flags,
- IN PCUNICODE_STRING SourceString,
- OUT PUNICODE_STRING DestinationString
-);
+/*
+ FsRtlPrivateLock:
-NTSYSAPI
+ ret: IoStatus->Status: STATUS_PENDING, STATUS_LOCK_NOT_GRANTED
+
+ Internals:
+ -Calls IoCompleteRequest if Irp
+ -Uses exception handling / ExRaiseStatus with STATUS_INSUFFICIENT_RESOURCES
+*/
+NTKERNELAPI
BOOLEAN
NTAPI
-RtlEqualSid (
- IN PSID Sid1,
- IN PSID Sid2
-);
+FsRtlPrivateLock(
+ IN PFILE_LOCK FileLock,
+ IN PFILE_OBJECT FileObject,
+ IN PLARGE_INTEGER FileOffset,
+ IN PLARGE_INTEGER Length,
+ IN PEPROCESS Process,
+ IN ULONG Key,
+ IN BOOLEAN FailImmediately,
+ IN BOOLEAN ExclusiveLock,
+ OUT PIO_STATUS_BLOCK IoStatus,
+ IN PIRP Irp OPTIONAL,
+ IN PVOID Context,
+ IN BOOLEAN AlreadySynchronized);
-NTSYSAPI
+NTKERNELAPI
VOID
NTAPI
-RtlFillMemoryUlong (
- IN PVOID Destination,
- IN ULONG Length,
- IN ULONG Fill
-);
+FsRtlInitializeTunnelCache(
+ IN PTUNNEL Cache);
-NTSYSAPI
+NTKERNELAPI
+VOID
+NTAPI
+FsRtlAddToTunnelCache(
+ IN PTUNNEL Cache,
+ IN ULONGLONG DirectoryKey,
+ IN PUNICODE_STRING ShortName,
+ IN PUNICODE_STRING LongName,
+ IN BOOLEAN KeyByShortName,
+ IN ULONG DataLength,
+ IN PVOID Data);
+
+NTKERNELAPI
BOOLEAN
NTAPI
-RtlFreeHeap (
- IN HANDLE HeapHandle,
- IN ULONG Flags,
- IN PVOID P
-);
+FsRtlFindInTunnelCache(
+ IN PTUNNEL Cache,
+ IN ULONGLONG DirectoryKey,
+ IN PUNICODE_STRING Name,
+ OUT PUNICODE_STRING ShortName,
+ OUT PUNICODE_STRING LongName,
+ IN OUT PULONG DataLength,
+ OUT PVOID Data);
-NTSYSAPI
+NTKERNELAPI
VOID
NTAPI
-RtlFreeOemString (
- IN POEM_STRING OemString
-);
+FsRtlDeleteKeyFromTunnelCache(
+ IN PTUNNEL Cache,
+ IN ULONGLONG DirectoryKey);
-NTSYSAPI
+NTKERNELAPI
VOID
NTAPI
-RtlGenerate8dot3Name (
- IN PUNICODE_STRING Name,
- IN BOOLEAN AllowExtendedCharacters,
- IN OUT PGENERATE_NAME_CONTEXT Context,
- OUT PUNICODE_STRING Name8dot3
-);
+FsRtlDeleteTunnelCache(
+ IN PTUNNEL Cache);
-NTSYSAPI
-NTSTATUS
+NTKERNELAPI
+VOID
NTAPI
-RtlGetCompressionWorkSpaceSize (
- IN USHORT CompressionFormatAndEngine,
- OUT PULONG CompressBufferWorkSpaceSize,
- OUT PULONG CompressFragmentWorkSpaceSize
-);
+FsRtlDissectDbcs(
+ IN ANSI_STRING Name,
+ OUT PANSI_STRING FirstPart,
+ OUT PANSI_STRING RemainingPart);
-NTSYSAPI
-NTSTATUS
+NTKERNELAPI
+BOOLEAN
NTAPI
-RtlGetDaclSecurityDescriptor (
- IN PSECURITY_DESCRIPTOR SecurityDescriptor,
- OUT PBOOLEAN DaclPresent,
- OUT PACL *Dacl,
- OUT PBOOLEAN DaclDefaulted
-);
+FsRtlDoesDbcsContainWildCards(
+ IN PANSI_STRING Name);
-NTSYSAPI
-NTSTATUS
+NTKERNELAPI
+BOOLEAN
NTAPI
-RtlGetGroupSecurityDescriptor (
- IN PSECURITY_DESCRIPTOR SecurityDescriptor,
- OUT PSID *Group,
- OUT PBOOLEAN GroupDefaulted
-);
+FsRtlIsDbcsInExpression(
+ IN PANSI_STRING Expression,
+ IN PANSI_STRING Name);
-NTSYSAPI
-NTSTATUS
+NTKERNELAPI
+BOOLEAN
NTAPI
-RtlGetOwnerSecurityDescriptor (
- IN PSECURITY_DESCRIPTOR SecurityDescriptor,
- OUT PSID *Owner,
- OUT PBOOLEAN OwnerDefaulted
-);
+FsRtlIsFatDbcsLegal(
+ IN ANSI_STRING DbcsName,
+ IN BOOLEAN WildCardsPermissible,
+ IN BOOLEAN PathNamePermissible,
+ IN BOOLEAN LeadingBackslashPermissible);
-NTSYSAPI
+NTKERNELAPI
+BOOLEAN
+NTAPI
+FsRtlIsHpfsDbcsLegal(
+ IN ANSI_STRING DbcsName,
+ IN BOOLEAN WildCardsPermissible,
+ IN BOOLEAN PathNamePermissible,
+ IN BOOLEAN LeadingBackslashPermissible);
+
+NTKERNELAPI
NTSTATUS
NTAPI
-RtlInitializeSid (
- IN OUT PSID Sid,
- IN PSID_IDENTIFIER_AUTHORITY IdentifierAuthority,
- IN UCHAR SubAuthorityCount
-);
+FsRtlNormalizeNtstatus(
+ IN NTSTATUS Exception,
+ IN NTSTATUS GenericException);
-NTSYSAPI
+NTKERNELAPI
BOOLEAN
NTAPI
-RtlIsNameLegalDOS8Dot3(
- IN PCUNICODE_STRING Name,
- IN OUT POEM_STRING OemName OPTIONAL,
- IN OUT PBOOLEAN NameContainsSpaces OPTIONAL
-);
+FsRtlIsNtstatusExpected(
+ IN NTSTATUS Ntstatus);
-NTSYSAPI
-ULONG
+NTKERNELAPI
+PERESOURCE
NTAPI
-RtlLengthRequiredSid (
- IN ULONG SubAuthorityCount
-);
+FsRtlAllocateResource(
+ VOID);
-NTSYSAPI
-ULONG
+NTKERNELAPI
+VOID
NTAPI
-RtlLengthSid (
- IN PSID Sid
-);
+FsRtlInitializeLargeMcb(
+ IN PLARGE_MCB Mcb,
+ IN POOL_TYPE PoolType);
-NTSYSAPI
-ULONG
+NTKERNELAPI
+VOID
NTAPI
-RtlNtStatusToDosError (
- IN NTSTATUS Status
-);
+FsRtlUninitializeLargeMcb(
+ IN PLARGE_MCB Mcb);
-NTSYSAPI
-ULONG
+NTKERNELAPI
+VOID
NTAPI
-RtlxUnicodeStringToOemSize(
- PCUNICODE_STRING UnicodeString
- );
+FsRtlResetLargeMcb(
+ IN PLARGE_MCB Mcb,
+ IN BOOLEAN SelfSynchronized);
-NTSYSAPI
-ULONG
+NTKERNELAPI
+VOID
NTAPI
-RtlxOemStringToUnicodeSize(
- PCOEM_STRING OemString
-);
+FsRtlTruncateLargeMcb(
+ IN PLARGE_MCB Mcb,
+ IN LONGLONG Vbn);
-#define RtlOemStringToUnicodeSize(STRING) ( \
- NLS_MB_OEM_CODE_PAGE_TAG ? \
- RtlxOemStringToUnicodeSize(STRING) : \
- ((STRING)->Length + sizeof(ANSI_NULL)) * sizeof(WCHAR) \
-)
+NTKERNELAPI
+BOOLEAN
+NTAPI
+FsRtlAddLargeMcbEntry(
+ IN PLARGE_MCB Mcb,
+ IN LONGLONG Vbn,
+ IN LONGLONG Lbn,
+ IN LONGLONG SectorCount);
-#define RtlOemStringToCountedUnicodeSize(STRING) ( \
- (ULONG)(RtlOemStringToUnicodeSize(STRING) - sizeof(UNICODE_NULL)) \
-)
+NTKERNELAPI
+VOID
+NTAPI
+FsRtlRemoveLargeMcbEntry(
+ IN PLARGE_MCB Mcb,
+ IN LONGLONG Vbn,
+ IN LONGLONG SectorCount);
+NTKERNELAPI
+BOOLEAN
+NTAPI
+FsRtlLookupLargeMcbEntry(
+ IN PLARGE_MCB Mcb,
+ IN LONGLONG Vbn,
+ OUT PLONGLONG Lbn OPTIONAL,
+ OUT PLONGLONG SectorCountFromLbn OPTIONAL,
+ OUT PLONGLONG StartingLbn OPTIONAL,
+ OUT PLONGLONG SectorCountFromStartingLbn OPTIONAL,
+ OUT PULONG Index OPTIONAL);
-NTSYSAPI
-NTSTATUS
+NTKERNELAPI
+BOOLEAN
NTAPI
-RtlOemStringToUnicodeString(
- IN OUT PUNICODE_STRING DestinationString,
- IN PCOEM_STRING SourceString,
- IN BOOLEAN AllocateDestinationString
-);
+FsRtlLookupLastLargeMcbEntry(
+ IN PLARGE_MCB Mcb,
+ OUT PLONGLONG Vbn,
+ OUT PLONGLONG Lbn);
-NTSYSAPI
-NTSTATUS
+NTKERNELAPI
+BOOLEAN
NTAPI
-RtlUnicodeStringToOemString(
- IN OUT POEM_STRING DestinationString,
- IN PCUNICODE_STRING SourceString,
- IN BOOLEAN AllocateDestinationString
-);
+FsRtlLookupLastLargeMcbEntryAndIndex(
+ IN PLARGE_MCB OpaqueMcb,
+ OUT PLONGLONG LargeVbn,
+ OUT PLONGLONG LargeLbn,
+ OUT PULONG Index);
-NTSYSAPI
-NTSTATUS
+NTKERNELAPI
+ULONG
NTAPI
-RtlOemStringToCountedUnicodeString(
- IN OUT PUNICODE_STRING DestinationString,
- IN PCOEM_STRING SourceString,
- IN BOOLEAN AllocateDestinationString
-);
-
-NTSYSAPI
-NTSTATUS
+FsRtlNumberOfRunsInLargeMcb(
+ IN PLARGE_MCB Mcb);
+
+NTKERNELAPI
+BOOLEAN
NTAPI
-RtlUnicodeStringToCountedOemString(
- IN OUT POEM_STRING DestinationString,
- IN PCUNICODE_STRING SourceString,
- IN BOOLEAN AllocateDestinationString
-);
-
-NTSYSAPI
-NTSTATUS
+FsRtlGetNextLargeMcbEntry(
+ IN PLARGE_MCB Mcb,
+ IN ULONG RunIndex,
+ OUT PLONGLONG Vbn,
+ OUT PLONGLONG Lbn,
+ OUT PLONGLONG SectorCount);
+
+NTKERNELAPI
+BOOLEAN
NTAPI
-RtlReserveChunk (
- IN USHORT CompressionFormat,
- IN OUT PUCHAR *CompressedBuffer,
- IN PUCHAR EndOfCompressedBufferPlus1,
- OUT PUCHAR *ChunkBuffer,
- IN ULONG ChunkSize
-);
+FsRtlSplitLargeMcb(
+ IN PLARGE_MCB Mcb,
+ IN LONGLONG Vbn,
+ IN LONGLONG Amount);
-NTSYSAPI
+NTKERNELAPI
VOID
NTAPI
-RtlSecondsSince1970ToTime (
- IN ULONG SecondsSince1970,
- OUT PLARGE_INTEGER Time
-);
+FsRtlInitializeMcb(
+ IN PMCB Mcb,
+ IN POOL_TYPE PoolType);
-NTSYSAPI
-NTSTATUS
+NTKERNELAPI
+VOID
NTAPI
-RtlSetGroupSecurityDescriptor (
- IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor,
- IN PSID Group,
- IN BOOLEAN GroupDefaulted
-);
+FsRtlUninitializeMcb(
+ IN PMCB Mcb);
-NTSYSAPI
-NTSTATUS
+NTKERNELAPI
+VOID
NTAPI
-RtlSetOwnerSecurityDescriptor (
- IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor,
- IN PSID Owner,
- IN BOOLEAN OwnerDefaulted
-);
+FsRtlTruncateMcb(
+ IN PMCB Mcb,
+ IN VBN Vbn);
-NTSYSAPI
-NTSTATUS
+NTKERNELAPI
+BOOLEAN
NTAPI
-RtlSetSaclSecurityDescriptor (
- IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor,
- IN BOOLEAN SaclPresent,
- IN PACL Sacl,
- IN BOOLEAN SaclDefaulted
-);
+FsRtlAddMcbEntry(
+ IN PMCB Mcb,
+ IN VBN Vbn,
+ IN LBN Lbn,
+ IN ULONG SectorCount);
-NTSYSAPI
-PUCHAR
+NTKERNELAPI
+VOID
NTAPI
-RtlSubAuthorityCountSid (
- IN PSID Sid
-);
+FsRtlRemoveMcbEntry(
+ IN PMCB Mcb,
+ IN VBN Vbn,
+ IN ULONG SectorCount);
-NTSYSAPI
-PULONG
+NTKERNELAPI
+BOOLEAN
NTAPI
-RtlSubAuthoritySid (
- IN PSID Sid,
- IN ULONG SubAuthority
-);
+FsRtlLookupMcbEntry(
+ IN PMCB Mcb,
+ IN VBN Vbn,
+ OUT PLBN Lbn,
+ OUT PULONG SectorCount OPTIONAL,
+ OUT PULONG Index);
-NTSYSAPI
-NTSTATUS
+NTKERNELAPI
+BOOLEAN
NTAPI
-RtlUnicodeStringToCountedOemString (
- IN OUT POEM_STRING DestinationString,
- IN PCUNICODE_STRING SourceString,
- IN BOOLEAN AllocateDestinationString
-);
+FsRtlLookupLastMcbEntry(
+ IN PMCB Mcb,
+ OUT PVBN Vbn,
+ OUT PLBN Lbn);
-NTSYSAPI
-NTSTATUS
+NTKERNELAPI
+ULONG
NTAPI
-RtlUnicodeToMultiByteN(
- OUT PCHAR MultiByteString,
- IN ULONG MaxBytesInMultiByteString,
- OUT PULONG BytesInMultiByteString OPTIONAL,
- IN PWCH UnicodeString,
- IN ULONG BytesInUnicodeString
-);
+FsRtlNumberOfRunsInMcb(
+ IN PMCB Mcb);
-NTSYSAPI
-NTSTATUS
+NTKERNELAPI
+BOOLEAN
NTAPI
-RtlOemToUnicodeN(
- OUT PWSTR UnicodeString,
- IN ULONG MaxBytesInUnicodeString,
- OUT PULONG BytesInUnicodeString OPTIONAL,
- IN PCH OemString,
- IN ULONG BytesInOemString
-);
+FsRtlGetNextMcbEntry(
+ IN PMCB Mcb,
+ IN ULONG RunIndex,
+ OUT PVBN Vbn,
+ OUT PLBN Lbn,
+ OUT PULONG SectorCount);
-/* RTL Splay Tree Functions */
-NTSYSAPI
-PRTL_SPLAY_LINKS
+NTKERNELAPI
+NTSTATUS
NTAPI
-RtlSplay(PRTL_SPLAY_LINKS Links);
+FsRtlBalanceReads(
+ IN PDEVICE_OBJECT TargetDevice);
-NTSYSAPI
-PRTL_SPLAY_LINKS
+NTKERNELAPI
+VOID
NTAPI
-RtlDelete(PRTL_SPLAY_LINKS Links);
+FsRtlInitializeOplock(
+ IN OUT POPLOCK Oplock);
-NTSYSAPI
+NTKERNELAPI
VOID
NTAPI
-RtlDeleteNoSplay(
- PRTL_SPLAY_LINKS Links,
- PRTL_SPLAY_LINKS *Root
-);
+FsRtlUninitializeOplock(
+ IN OUT POPLOCK Oplock);
-NTSYSAPI
-PRTL_SPLAY_LINKS
+NTKERNELAPI
+NTSTATUS
NTAPI
-RtlSubtreeSuccessor(PRTL_SPLAY_LINKS Links);
+FsRtlOplockFsctrl(
+ IN POPLOCK Oplock,
+ IN PIRP Irp,
+ IN ULONG OpenCount);
-NTSYSAPI
-PRTL_SPLAY_LINKS
+NTKERNELAPI
+NTSTATUS
NTAPI
-RtlSubtreePredecessor(PRTL_SPLAY_LINKS Links);
+FsRtlCheckOplock(
+ IN POPLOCK Oplock,
+ IN PIRP Irp,
+ IN PVOID Context,
+ IN POPLOCK_WAIT_COMPLETE_ROUTINE CompletionRoutine OPTIONAL,
+ IN POPLOCK_FS_PREPOST_IRP PostIrpRoutine OPTIONAL);
-NTSYSAPI
-PRTL_SPLAY_LINKS
+NTKERNELAPI
+BOOLEAN
NTAPI
-RtlRealSuccessor(PRTL_SPLAY_LINKS Links);
+FsRtlOplockIsFastIoPossible(
+ IN POPLOCK Oplock);
-NTSYSAPI
-PRTL_SPLAY_LINKS
+NTKERNELAPI
+BOOLEAN
NTAPI
-RtlRealPredecessor(PRTL_SPLAY_LINKS Links);
+FsRtlCurrentBatchOplock(
+ IN POPLOCK Oplock);
-#define RtlIsLeftChild(Links) \
- (RtlLeftChild(RtlParent(Links)) == (PRTL_SPLAY_LINKS)(Links))
+NTKERNELAPI
+NTSTATUS
+NTAPI
+FsRtlNotifyVolumeEvent(
+ IN PFILE_OBJECT FileObject,
+ IN ULONG EventCode);
-#define RtlIsRightChild(Links) \
- (RtlRightChild(RtlParent(Links)) == (PRTL_SPLAY_LINKS)(Links))
+NTKERNELAPI
+VOID
+NTAPI
+FsRtlNotifyInitializeSync(
+ IN PNOTIFY_SYNC *NotifySync);
-#define RtlRightChild(Links) \
- ((PRTL_SPLAY_LINKS)(Links))->RightChild
+NTKERNELAPI
+VOID
+NTAPI
+FsRtlNotifyUninitializeSync(
+ IN PNOTIFY_SYNC *NotifySync);
-#define RtlIsRoot(Links) \
- (RtlParent(Links) == (PRTL_SPLAY_LINKS)(Links))
+NTKERNELAPI
+VOID
+NTAPI
+FsRtlNotifyFullChangeDirectory(
+ IN PNOTIFY_SYNC NotifySync,
+ IN PLIST_ENTRY NotifyList,
+ IN PVOID FsContext,
+ IN PSTRING FullDirectoryName,
+ IN BOOLEAN WatchTree,
+ IN BOOLEAN IgnoreBuffer,
+ IN ULONG CompletionFilter,
+ IN PIRP NotifyIrp OPTIONAL,
+ IN PCHECK_FOR_TRAVERSE_ACCESS TraverseCallback OPTIONAL,
+ IN PSECURITY_SUBJECT_CONTEXT SubjectContext OPTIONAL);
+
+NTKERNELAPI
+VOID
+NTAPI
+FsRtlNotifyFilterReportChange(
+ IN PNOTIFY_SYNC NotifySync,
+ IN PLIST_ENTRY NotifyList,
+ IN PSTRING FullTargetName,
+ IN USHORT TargetNameOffset,
+ IN PSTRING StreamName OPTIONAL,
+ IN PSTRING NormalizedParentName OPTIONAL,
+ IN ULONG FilterMatch,
+ IN ULONG Action,
+ IN PVOID TargetContext OPTIONAL,
+ IN PVOID FilterContext OPTIONAL);
+
+NTKERNELAPI
+VOID
+NTAPI
+FsRtlNotifyFullReportChange(
+ IN PNOTIFY_SYNC NotifySync,
+ IN PLIST_ENTRY NotifyList,
+ IN PSTRING FullTargetName,
+ IN USHORT TargetNameOffset,
+ IN PSTRING StreamName OPTIONAL,
+ IN PSTRING NormalizedParentName OPTIONAL,
+ IN ULONG FilterMatch,
+ IN ULONG Action,
+ IN PVOID TargetContext OPTIONAL);
+
+NTKERNELAPI
+VOID
+NTAPI
+FsRtlNotifyCleanup(
+ IN PNOTIFY_SYNC NotifySync,
+ IN PLIST_ENTRY NotifyList,
+ IN PVOID FsContext);
+
+NTKERNELAPI
+VOID
+NTAPI
+FsRtlDissectName(
+ IN UNICODE_STRING Name,
+ OUT PUNICODE_STRING FirstPart,
+ OUT PUNICODE_STRING RemainingPart);
+
+NTKERNELAPI
+BOOLEAN
+NTAPI
+FsRtlDoesNameContainWildCards(
+ IN PUNICODE_STRING Name);
+
+NTKERNELAPI
+BOOLEAN
+NTAPI
+FsRtlAreNamesEqual(
+ IN PCUNICODE_STRING Name1,
+ IN PCUNICODE_STRING Name2,
+ IN BOOLEAN IgnoreCase,
+ IN PCWCH UpcaseTable OPTIONAL);
+
+NTKERNELAPI
+BOOLEAN
+NTAPI
+FsRtlIsNameInExpression(
+ IN PUNICODE_STRING Expression,
+ IN PUNICODE_STRING Name,
+ IN BOOLEAN IgnoreCase,
+ IN PWCHAR UpcaseTable OPTIONAL);
+
+NTKERNELAPI
+VOID
+NTAPI
+FsRtlPostPagingFileStackOverflow(
+ IN PVOID Context,
+ IN PKEVENT Event,
+ IN PFSRTL_STACK_OVERFLOW_ROUTINE StackOverflowRoutine);
+
+NTKERNELAPI
+VOID
+NTAPI
+FsRtlPostStackOverflow (
+ IN PVOID Context,
+ IN PKEVENT Event,
+ IN PFSRTL_STACK_OVERFLOW_ROUTINE StackOverflowRoutine);
+
+NTKERNELAPI
+NTSTATUS
+NTAPI
+FsRtlRegisterUncProvider(
+ OUT PHANDLE MupHandle,
+ IN PUNICODE_STRING RedirectorDeviceName,
+ IN BOOLEAN MailslotsSupported);
+
+NTKERNELAPI
+VOID
+NTAPI
+FsRtlDeregisterUncProvider(
+ IN HANDLE Handle);
+
+NTKERNELAPI
+VOID
+NTAPI
+FsRtlTeardownPerStreamContexts(
+ IN PFSRTL_ADVANCED_FCB_HEADER AdvancedHeader);
+
+NTKERNELAPI
+NTSTATUS
+NTAPI
+FsRtlCreateSectionForDataScan(
+ OUT PHANDLE SectionHandle,
+ OUT PVOID *SectionObject,
+ OUT PLARGE_INTEGER SectionFileSize OPTIONAL,
+ IN PFILE_OBJECT FileObject,
+ IN ACCESS_MASK DesiredAccess,
+ IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
+ IN PLARGE_INTEGER MaximumSize OPTIONAL,
+ IN ULONG SectionPageProtection,
+ IN ULONG AllocationAttributes,
+ IN ULONG Flags);
+
+#endif /* (NTDDI_VERSION >= NTDDI_WIN2K) */
+
+#if (NTDDI_VERSION >= NTDDI_WINXP)
+
+NTKERNELAPI
+VOID
+NTAPI
+FsRtlNotifyFilterChangeDirectory(
+ IN PNOTIFY_SYNC NotifySync,
+ IN PLIST_ENTRY NotifyList,
+ IN PVOID FsContext,
+ IN PSTRING FullDirectoryName,
+ IN BOOLEAN WatchTree,
+ IN BOOLEAN IgnoreBuffer,
+ IN ULONG CompletionFilter,
+ IN PIRP NotifyIrp OPTIONAL,
+ IN PCHECK_FOR_TRAVERSE_ACCESS TraverseCallback OPTIONAL,
+ IN PSECURITY_SUBJECT_CONTEXT SubjectContext OPTIONAL,
+ IN PFILTER_REPORT_CHANGE FilterCallback OPTIONAL);
+
+NTKERNELAPI
+NTSTATUS
+NTAPI
+FsRtlInsertPerStreamContext(
+ IN PFSRTL_ADVANCED_FCB_HEADER PerStreamContext,
+ IN PFSRTL_PER_STREAM_CONTEXT Ptr);
+
+NTKERNELAPI
+PFSRTL_PER_STREAM_CONTEXT
+NTAPI
+FsRtlLookupPerStreamContextInternal(
+ IN PFSRTL_ADVANCED_FCB_HEADER StreamContext,
+ IN PVOID OwnerId OPTIONAL,
+ IN PVOID InstanceId OPTIONAL);
+
+NTKERNELAPI
+PFSRTL_PER_STREAM_CONTEXT
+NTAPI
+FsRtlRemovePerStreamContext(
+ IN PFSRTL_ADVANCED_FCB_HEADER StreamContext,
+ IN PVOID OwnerId OPTIONAL,
+ IN PVOID InstanceId OPTIONAL);
+
+NTKERNELAPI
+VOID
+NTAPI
+FsRtlIncrementCcFastReadNotPossible(
+ VOID);
+
+NTKERNELAPI
+VOID
+NTAPI
+FsRtlIncrementCcFastReadWait(
+ VOID);
+
+NTKERNELAPI
+VOID
+NTAPI
+FsRtlIncrementCcFastReadNoWait(
+ VOID);
+
+NTKERNELAPI
+VOID
+NTAPI
+FsRtlIncrementCcFastReadResourceMiss(
+ VOID);
+
+NTKERNELAPI
+LOGICAL
+NTAPI
+FsRtlIsPagingFile(
+ IN PFILE_OBJECT FileObject);
+
+#endif /* (NTDDI_VERSION >= NTDDI_WINXP) */
+
+#if (NTDDI_VERSION >= NTDDI_WS03)
+
+NTKERNELAPI
+VOID
+NTAPI
+FsRtlInitializeBaseMcb(
+ IN PBASE_MCB Mcb,
+ IN POOL_TYPE PoolType);
+
+NTKERNELAPI
+VOID
+NTAPI
+FsRtlUninitializeBaseMcb(
+ IN PBASE_MCB Mcb);
+
+NTKERNELAPI
+VOID
+NTAPI
+FsRtlResetBaseMcb(
+ IN PBASE_MCB Mcb);
+
+NTKERNELAPI
+VOID
+NTAPI
+FsRtlTruncateBaseMcb(
+ IN PBASE_MCB Mcb,
+ IN LONGLONG Vbn);
+
+NTKERNELAPI
+BOOLEAN
+NTAPI
+FsRtlAddBaseMcbEntry(
+ IN PBASE_MCB Mcb,
+ IN LONGLONG Vbn,
+ IN LONGLONG Lbn,
+ IN LONGLONG SectorCount);
+
+NTKERNELAPI
+BOOLEAN
+NTAPI
+FsRtlRemoveBaseMcbEntry(
+ IN PBASE_MCB Mcb,
+ IN LONGLONG Vbn,
+ IN LONGLONG SectorCount);
+
+NTKERNELAPI
+BOOLEAN
+NTAPI
+FsRtlLookupBaseMcbEntry(
+ IN PBASE_MCB Mcb,
+ IN LONGLONG Vbn,
+ OUT PLONGLONG Lbn OPTIONAL,
+ OUT PLONGLONG SectorCountFromLbn OPTIONAL,
+ OUT PLONGLONG StartingLbn OPTIONAL,
+ OUT PLONGLONG SectorCountFromStartingLbn OPTIONAL,
+ OUT PULONG Index OPTIONAL);
+
+NTKERNELAPI
+BOOLEAN
+NTAPI
+FsRtlLookupLastBaseMcbEntry(
+ IN PBASE_MCB Mcb,
+ OUT PLONGLONG Vbn,
+ OUT PLONGLONG Lbn);
+
+NTKERNELAPI
+BOOLEAN
+NTAPI
+FsRtlLookupLastBaseMcbEntryAndIndex(
+ IN PBASE_MCB OpaqueMcb,
+ IN OUT PLONGLONG LargeVbn,
+ IN OUT PLONGLONG LargeLbn,
+ IN OUT PULONG Index);
+
+NTKERNELAPI
+ULONG
+NTAPI
+FsRtlNumberOfRunsInBaseMcb(
+ IN PBASE_MCB Mcb);
+
+NTKERNELAPI
+BOOLEAN
+NTAPI
+FsRtlGetNextBaseMcbEntry(
+ IN PBASE_MCB Mcb,
+ IN ULONG RunIndex,
+ OUT PLONGLONG Vbn,
+ OUT PLONGLONG Lbn,
+ OUT PLONGLONG SectorCount);
+
+NTKERNELAPI
+BOOLEAN
+NTAPI
+FsRtlSplitBaseMcb(
+ IN PBASE_MCB Mcb,
+ IN LONGLONG Vbn,
+ IN LONGLONG Amount);
+
+#endif /* (NTDDI_VERSION >= NTDDI_WS03) */
+
+#if (NTDDI_VERSION >= NTDDI_VISTA)
+
+BOOLEAN
+NTAPI
+FsRtlInitializeBaseMcbEx(
+ IN PBASE_MCB Mcb,
+ IN POOL_TYPE PoolType,
+ IN USHORT Flags);
+
+NTSTATUS
+NTAPI
+FsRtlAddBaseMcbEntryEx(
+ IN PBASE_MCB Mcb,
+ IN LONGLONG Vbn,
+ IN LONGLONG Lbn,
+ IN LONGLONG SectorCount);
+
+NTKERNELAPI
+BOOLEAN
+NTAPI
+FsRtlCurrentOplock(
+ IN POPLOCK Oplock);
+
+NTKERNELAPI
+NTSTATUS
+NTAPI
+FsRtlOplockBreakToNone(
+ IN OUT POPLOCK Oplock,
+ IN PIO_STACK_LOCATION IrpSp OPTIONAL,
+ IN PIRP Irp,
+ IN PVOID Context OPTIONAL,
+ IN POPLOCK_WAIT_COMPLETE_ROUTINE CompletionRoutine OPTIONAL,
+ IN POPLOCK_FS_PREPOST_IRP PostIrpRoutine OPTIONAL);
+
+NTKERNELAPI
+NTSTATUS
+NTAPI
+FsRtlNotifyVolumeEventEx(
+ IN PFILE_OBJECT FileObject,
+ IN ULONG EventCode,
+ IN PTARGET_DEVICE_CUSTOM_NOTIFICATION Event);
+
+NTKERNELAPI
+VOID
+NTAPI
+FsRtlNotifyCleanupAll(
+ IN PNOTIFY_SYNC NotifySync,
+ IN PLIST_ENTRY NotifyList);
+
+NTSTATUS
+NTAPI
+FsRtlRegisterUncProviderEx(
+ OUT PHANDLE MupHandle,
+ IN PUNICODE_STRING RedirDevName,
+ IN PDEVICE_OBJECT DeviceObject,
+ IN ULONG Flags);
+
+NTKERNELAPI
+NTSTATUS
+NTAPI
+FsRtlCancellableWaitForSingleObject(
+ IN PVOID Object,
+ IN PLARGE_INTEGER Timeout OPTIONAL,
+ IN PIRP Irp OPTIONAL);
+
+NTKERNELAPI
+NTSTATUS
+NTAPI
+FsRtlCancellableWaitForMultipleObjects(
+ IN ULONG Count,
+ IN PVOID ObjectArray[],
+ IN WAIT_TYPE WaitType,
+ IN PLARGE_INTEGER Timeout OPTIONAL,
+ IN PKWAIT_BLOCK WaitBlockArray OPTIONAL,
+ IN PIRP Irp OPTIONAL);
+
+NTKERNELAPI
+NTSTATUS
+NTAPI
+FsRtlMupGetProviderInfoFromFileObject(
+ IN PFILE_OBJECT pFileObject,
+ IN ULONG Level,
+ OUT PVOID pBuffer,
+ IN OUT PULONG pBufferSize);
+
+NTKERNELAPI
+NTSTATUS
+NTAPI
+FsRtlMupGetProviderIdFromName(
+ IN PUNICODE_STRING pProviderName,
+ OUT PULONG32 pProviderId);
+
+NTKERNELAPI
+VOID
+NTAPI
+FsRtlIncrementCcFastMdlReadWait(
+ VOID);
+
+NTKERNELAPI
+NTSTATUS
+NTAPI
+FsRtlValidateReparsePointBuffer(
+ IN ULONG BufferLength,
+ IN PREPARSE_DATA_BUFFER ReparseBuffer);
+
+NTKERNELAPI
+NTSTATUS
+NTAPI
+FsRtlRemoveDotsFromPath(
+ IN OUT PWSTR OriginalString,
+ IN USHORT PathLength,
+ OUT USHORT *NewLength);
+
+NTKERNELAPI
+NTSTATUS
+NTAPI
+FsRtlAllocateExtraCreateParameterList(
+ IN FSRTL_ALLOCATE_ECPLIST_FLAGS Flags,
+ OUT PECP_LIST *EcpList);
+
+NTKERNELAPI
+VOID
+NTAPI
+FsRtlFreeExtraCreateParameterList(
+ IN PECP_LIST EcpList);
+
+NTKERNELAPI
+NTSTATUS
+NTAPI
+FsRtlAllocateExtraCreateParameter(
+ IN LPCGUID EcpType,
+ IN ULONG SizeOfContext,
+ IN FSRTL_ALLOCATE_ECP_FLAGS Flags,
+ IN PFSRTL_EXTRA_CREATE_PARAMETER_CLEANUP_CALLBACK CleanupCallback OPTIONAL,
+ IN ULONG PoolTag,
+ OUT PVOID *EcpContext);
+
+NTKERNELAPI
+VOID
+NTAPI
+FsRtlFreeExtraCreateParameter(
+ IN PVOID EcpContext);
+
+NTKERNELAPI
+VOID
+NTAPI
+FsRtlInitExtraCreateParameterLookasideList(
+ IN OUT PVOID Lookaside,
+ IN FSRTL_ECP_LOOKASIDE_FLAGS Flags,
+ IN SIZE_T Size,
+ IN ULONG Tag);
+
+VOID
+NTAPI
+FsRtlDeleteExtraCreateParameterLookasideList(
+ IN OUT PVOID Lookaside,
+ IN FSRTL_ECP_LOOKASIDE_FLAGS Flags);
+
+NTKERNELAPI
+NTSTATUS
+NTAPI
+FsRtlAllocateExtraCreateParameterFromLookasideList(
+ IN LPCGUID EcpType,
+ IN ULONG SizeOfContext,
+ IN FSRTL_ALLOCATE_ECP_FLAGS Flags,
+ IN PFSRTL_EXTRA_CREATE_PARAMETER_CLEANUP_CALLBACK CleanupCallback OPTIONAL,
+ IN OUT PVOID LookasideList,
+ OUT PVOID *EcpContext);
+
+NTKERNELAPI
+NTSTATUS
+NTAPI
+FsRtlInsertExtraCreateParameter(
+ IN OUT PECP_LIST EcpList,
+ IN OUT PVOID EcpContext);
+
+NTKERNELAPI
+NTSTATUS
+NTAPI
+FsRtlFindExtraCreateParameter(
+ IN PECP_LIST EcpList,
+ IN LPCGUID EcpType,
+ OUT PVOID *EcpContext OPTIONAL,
+ OUT ULONG *EcpContextSize OPTIONAL);
+
+NTKERNELAPI
+NTSTATUS
+NTAPI
+FsRtlRemoveExtraCreateParameter(
+ IN OUT PECP_LIST EcpList,
+ IN LPCGUID EcpType,
+ OUT PVOID *EcpContext,
+ OUT ULONG *EcpContextSize OPTIONAL);
+
+NTKERNELAPI
+NTSTATUS
+NTAPI
+FsRtlGetEcpListFromIrp(
+ IN PIRP Irp,
+ OUT PECP_LIST *EcpList OPTIONAL);
+
+NTKERNELAPI
+NTSTATUS
+NTAPI
+FsRtlSetEcpListIntoIrp(
+ IN OUT PIRP Irp,
+ IN PECP_LIST EcpList);
+
+NTKERNELAPI
+NTSTATUS
+NTAPI
+FsRtlGetNextExtraCreateParameter(
+ IN PECP_LIST EcpList,
+ IN PVOID CurrentEcpContext OPTIONAL,
+ OUT LPGUID NextEcpType OPTIONAL,
+ OUT PVOID *NextEcpContext OPTIONAL,
+ OUT ULONG *NextEcpContextSize OPTIONAL);
+
+NTKERNELAPI
+VOID
+NTAPI
+FsRtlAcknowledgeEcp(
+ IN PVOID EcpContext);
+
+NTKERNELAPI
+BOOLEAN
+NTAPI
+FsRtlIsEcpAcknowledged(
+ IN PVOID EcpContext);
+
+NTKERNELAPI
+BOOLEAN
+NTAPI
+FsRtlIsEcpFromUserMode(
+ IN PVOID EcpContext);
+
+NTKERNELAPI
+NTSTATUS
+NTAPI
+FsRtlChangeBackingFileObject(
+ IN PFILE_OBJECT CurrentFileObject OPTIONAL,
+ IN PFILE_OBJECT NewFileObject,
+ IN FSRTL_CHANGE_BACKING_TYPE ChangeBackingType,
+ IN ULONG Flags);
+
+NTKERNELAPI
+NTSTATUS
+NTAPI
+FsRtlLogCcFlushError(
+ IN PUNICODE_STRING FileName,
+ IN PDEVICE_OBJECT DeviceObject,
+ IN PSECTION_OBJECT_POINTERS SectionObjectPointer,
+ IN NTSTATUS FlushError,
+ IN ULONG Flags);
+
+NTKERNELAPI
+BOOLEAN
+NTAPI
+FsRtlAreVolumeStartupApplicationsComplete(
+ VOID);
+
+NTKERNELAPI
+ULONG
+NTAPI
+FsRtlQueryMaximumVirtualDiskNestingLevel(
+ VOID);
+
+NTKERNELAPI
+NTSTATUS
+NTAPI
+FsRtlGetVirtualDiskNestingLevel(
+ IN PDEVICE_OBJECT DeviceObject,
+ OUT PULONG NestingLevel,
+ OUT PULONG NestingFlags OPTIONAL);
+
+#endif /* (NTDDI_VERSION >= NTDDI_VISTA) */
+
+#if (NTDDI_VERSION >= NTDDI_VISTASP1)
+NTKERNELAPI
+NTSTATUS
+NTAPI
+FsRtlCheckOplockEx(
+ IN POPLOCK Oplock,
+ IN PIRP Irp,
+ IN ULONG Flags,
+ IN PVOID Context OPTIONAL,
+ IN POPLOCK_WAIT_COMPLETE_ROUTINE CompletionRoutine OPTIONAL,
+ IN POPLOCK_FS_PREPOST_IRP PostIrpRoutine OPTIONAL);
+
+#endif
+
+#if (NTDDI_VERSION >= NTDDI_WIN7)
+
+NTKERNELAPI
+BOOLEAN
+NTAPI
+FsRtlAreThereCurrentOrInProgressFileLocks(
+ IN PFILE_LOCK FileLock);
+
+NTKERNELAPI
+BOOLEAN
+NTAPI
+FsRtlOplockIsSharedRequest(
+ IN PIRP Irp);
+
+NTKERNELAPI
+NTSTATUS
+NTAPI
+FsRtlOplockBreakH(
+ IN POPLOCK Oplock,
+ IN PIRP Irp,
+ IN ULONG Flags,
+ IN PVOID Context OPTIONAL,
+ IN POPLOCK_WAIT_COMPLETE_ROUTINE CompletionRoutine OPTIONAL,
+ IN POPLOCK_FS_PREPOST_IRP PostIrpRoutine OPTIONAL);
+
+NTKERNELAPI
+BOOLEAN
+NTAPI
+FsRtlCurrentOplockH(
+ IN POPLOCK Oplock);
+
+NTKERNELAPI
+NTSTATUS
+NTAPI
+FsRtlOplockBreakToNoneEx(
+ IN OUT POPLOCK Oplock,
+ IN PIRP Irp,
+ IN ULONG Flags,
+ IN PVOID Context OPTIONAL,
+ IN POPLOCK_WAIT_COMPLETE_ROUTINE CompletionRoutine OPTIONAL,
+ IN POPLOCK_FS_PREPOST_IRP PostIrpRoutine OPTIONAL);
+
+NTKERNELAPI
+NTSTATUS
+NTAPI
+FsRtlOplockFsctrlEx(
+ IN POPLOCK Oplock,
+ IN PIRP Irp,
+ IN ULONG OpenCount,
+ IN ULONG Flags);
+
+NTKERNELAPI
+BOOLEAN
+NTAPI
+FsRtlOplockKeysEqual(
+ IN PFILE_OBJECT Fo1 OPTIONAL,
+ IN PFILE_OBJECT Fo2 OPTIONAL);
+
+NTKERNELAPI
+NTSTATUS
+NTAPI
+FsRtlInitializeExtraCreateParameterList(
+ IN OUT PECP_LIST EcpList);
+
+NTKERNELAPI
+VOID
+NTAPI
+FsRtlInitializeExtraCreateParameter(
+ IN PECP_HEADER Ecp,
+ IN ULONG EcpFlags,
+ IN PFSRTL_EXTRA_CREATE_PARAMETER_CLEANUP_CALLBACK CleanupCallback OPTIONAL,
+ IN ULONG TotalSize,
+ IN LPCGUID EcpType,
+ IN PVOID ListAllocatedFrom OPTIONAL);
+
+#endif /* (NTDDI_VERSION >= NTDDI_WIN7) */
+
+NTKERNELAPI
+NTSTATUS
+NTAPI
+FsRtlInsertPerFileContext(
+ IN PVOID* PerFileContextPointer,
+ IN PFSRTL_PER_FILE_CONTEXT Ptr);
+
+NTKERNELAPI
+PFSRTL_PER_FILE_CONTEXT
+NTAPI
+FsRtlLookupPerFileContext(
+ IN PVOID* PerFileContextPointer,
+ IN PVOID OwnerId OPTIONAL,
+ IN PVOID InstanceId OPTIONAL);
+
+NTKERNELAPI
+PFSRTL_PER_FILE_CONTEXT
+NTAPI
+FsRtlRemovePerFileContext(
+ IN PVOID* PerFileContextPointer,
+ IN PVOID OwnerId OPTIONAL,
+ IN PVOID InstanceId OPTIONAL);
+
+NTKERNELAPI
+VOID
+NTAPI
+FsRtlTeardownPerFileContexts(
+ IN PVOID* PerFileContextPointer);
+
+NTKERNELAPI
+NTSTATUS
+NTAPI
+FsRtlInsertPerFileObjectContext(
+ IN PFILE_OBJECT FileObject,
+ IN PFSRTL_PER_FILEOBJECT_CONTEXT Ptr);
+
+NTKERNELAPI
+PFSRTL_PER_FILEOBJECT_CONTEXT
+NTAPI
+FsRtlLookupPerFileObjectContext(
+ IN PFILE_OBJECT FileObject,
+ IN PVOID OwnerId OPTIONAL,
+ IN PVOID InstanceId OPTIONAL);
+
+NTKERNELAPI
+PFSRTL_PER_FILEOBJECT_CONTEXT
+NTAPI
+FsRtlRemovePerFileObjectContext(
+ IN PFILE_OBJECT FileObject,
+ IN PVOID OwnerId OPTIONAL,
+ IN PVOID InstanceId OPTIONAL);
+
+#define FsRtlFastLock(A1, A2, A3, A4, A5, A6, A7, A8, A9, A10, A11) ( \
+ FsRtlPrivateLock(A1, A2, A3, A4, A5, A6, A7, A8, A9, NULL, A10, A11) \
+)
+
+#define FsRtlAreThereCurrentFileLocks(FL) ( \
+ ((FL)->FastIoIsQuestionable) \
+)
+
+#define FsRtlIncrementLockRequestsInProgress(FL) { \
+ ASSERT( (FL)->LockRequestsInProgress >= 0 ); \
+ (void) \
+ (InterlockedIncrement((LONG volatile *)&((FL)->LockRequestsInProgress)));\
+}
+
+#define FsRtlDecrementLockRequestsInProgress(FL) { \
+ ASSERT( (FL)->LockRequestsInProgress > 0 ); \
+ (void) \
+ (InterlockedDecrement((LONG volatile *)&((FL)->LockRequestsInProgress)));\
+}
+
+#ifdef NLS_MB_CODE_PAGE_TAG
+#undef NLS_MB_CODE_PAGE_TAG
+#endif
+
+#define LEGAL_ANSI_CHARACTER_ARRAY FsRtlLegalAnsiCharacterArray
+#define NLS_MB_CODE_PAGE_TAG NlsMbOemCodePageTag
+#define NLS_OEM_LEAD_BYTE_INFO NlsOemLeadByteInfo
+
+extern UCHAR const* const LEGAL_ANSI_CHARACTER_ARRAY;
+extern PUSHORT NLS_OEM_LEAD_BYTE_INFO;
+
+#define FsRtlIsAnsiCharacterWild(C) ( \
+ FlagOn(FsRtlLegalAnsiCharacterArray[(UCHAR)(C)], FSRTL_WILD_CHARACTER ) \
+)
+
+#define FsRtlIsAnsiCharacterLegalFat(C, WILD) ( \
+ FlagOn(FsRtlLegalAnsiCharacterArray[(UCHAR)(C)], (FSRTL_FAT_LEGAL) | \
+ ((WILD) ? FSRTL_WILD_CHARACTER : 0 )) \
+)
+
+#define FsRtlIsAnsiCharacterLegalHpfs(C, WILD) ( \
+ FlagOn(FsRtlLegalAnsiCharacterArray[(UCHAR)(C)], (FSRTL_HPFS_LEGAL) | \
+ ((WILD) ? FSRTL_WILD_CHARACTER : 0 )) \
+)
+
+#define FsRtlIsAnsiCharacterLegalNtfs(C, WILD) ( \
+ FlagOn(FsRtlLegalAnsiCharacterArray[(UCHAR)(C)], (FSRTL_NTFS_LEGAL) | \
+ ((WILD) ? FSRTL_WILD_CHARACTER : 0 )) \
+)
+
+#define FsRtlIsAnsiCharacterLegalNtfsStream(C,WILD_OK) ( \
+ FsRtlTestAnsiCharacter((C), TRUE, (WILD_OK), FSRTL_NTFS_STREAM_LEGAL) \
+)
+
+#define FsRtlIsAnsiCharacterLegal(C,FLAGS) ( \
+ FsRtlTestAnsiCharacter((C), TRUE, FALSE, (FLAGS)) \
+)
+
+#define FsRtlTestAnsiCharacter(C, DEFAULT_RET, WILD_OK, FLAGS) ( \
+ ((SCHAR)(C) < 0) ? DEFAULT_RET : \
+ FlagOn( LEGAL_ANSI_CHARACTER_ARRAY[(C)], \
+ (FLAGS) | \
+ ((WILD_OK) ? FSRTL_WILD_CHARACTER : 0) ) \
+)
+
+#define FsRtlIsLeadDbcsCharacter(DBCS_CHAR) ( \
+ (BOOLEAN)((UCHAR)(DBCS_CHAR) < 0x80 ? FALSE : \
+ (NLS_MB_CODE_PAGE_TAG && \
+ (NLS_OEM_LEAD_BYTE_INFO[(UCHAR)(DBCS_CHAR)] != 0))) \
+)
+
+#define FsRtlIsUnicodeCharacterWild(C) ( \
+ (((C) >= 0x40) ? \
+ FALSE : \
+ FlagOn(FsRtlLegalAnsiCharacterArray[(C)], FSRTL_WILD_CHARACTER )) \
+)
+
+#define FsRtlInitPerFileContext( _fc, _owner, _inst, _cb) \
+ ((_fc)->OwnerId = (_owner), \
+ (_fc)->InstanceId = (_inst), \
+ (_fc)->FreeCallback = (_cb))
+
+#define FsRtlGetPerFileContextPointer(_fo) \
+ (FsRtlSupportsPerFileContexts(_fo) ? \
+ FsRtlGetPerStreamContextPointer(_fo)->FileContextSupportPointer : \
+ NULL)
+
+#define FsRtlSupportsPerFileContexts(_fo) \
+ ((FsRtlGetPerStreamContextPointer(_fo) != NULL) && \
+ (FsRtlGetPerStreamContextPointer(_fo)->Version >= FSRTL_FCB_HEADER_V1) && \
+ (FsRtlGetPerStreamContextPointer(_fo)->FileContextSupportPointer != NULL))
+
+#define FsRtlSetupAdvancedHeaderEx( _advhdr, _fmutx, _fctxptr ) \
+{ \
+ FsRtlSetupAdvancedHeader( _advhdr, _fmutx ); \
+ if ((_fctxptr) != NULL) { \
+ (_advhdr)->FileContextSupportPointer = (_fctxptr); \
+ } \
+}
+
+#define FsRtlGetPerStreamContextPointer(FO) ( \
+ (PFSRTL_ADVANCED_FCB_HEADER)(FO)->FsContext \
+)
+
+#define FsRtlInitPerStreamContext(PSC, O, I, FC) ( \
+ (PSC)->OwnerId = (O), \
+ (PSC)->InstanceId = (I), \
+ (PSC)->FreeCallback = (FC) \
+)
+
+#define FsRtlSupportsPerStreamContexts(FO) ( \
+ (BOOLEAN)((NULL != FsRtlGetPerStreamContextPointer(FO) && \
+ FlagOn(FsRtlGetPerStreamContextPointer(FO)->Flags2, \
+ FSRTL_FLAG2_SUPPORTS_FILTER_CONTEXTS)) \
+)
+
+#define FsRtlLookupPerStreamContext(_sc, _oid, _iid) \
+ (((NULL != (_sc)) && \
+ FlagOn((_sc)->Flags2,FSRTL_FLAG2_SUPPORTS_FILTER_CONTEXTS) && \
+ !IsListEmpty(&(_sc)->FilterContexts)) ? \
+ FsRtlLookupPerStreamContextInternal((_sc), (_oid), (_iid)) : \
+ NULL)
+
+VOID
+FORCEINLINE
+NTAPI
+FsRtlSetupAdvancedHeader(
+ IN PVOID AdvHdr,
+ IN PFAST_MUTEX FMutex )
+{
+ PFSRTL_ADVANCED_FCB_HEADER localAdvHdr = (PFSRTL_ADVANCED_FCB_HEADER)AdvHdr;
+
+ localAdvHdr->Flags |= FSRTL_FLAG_ADVANCED_HEADER;
+ localAdvHdr->Flags2 |= FSRTL_FLAG2_SUPPORTS_FILTER_CONTEXTS;
+#if (NTDDI_VERSION >= NTDDI_VISTA)
+ localAdvHdr->Version = FSRTL_FCB_HEADER_V1;
+#else
+ localAdvHdr->Version = FSRTL_FCB_HEADER_V0;
+#endif
+ InitializeListHead( &localAdvHdr->FilterContexts );
+ if (FMutex != NULL) {
+ localAdvHdr->FastMutex = FMutex;
+ }
+#if (NTDDI_VERSION >= NTDDI_VISTA)
+ *((PULONG_PTR)(&localAdvHdr->PushLock)) = 0;
+ localAdvHdr->FileContextSupportPointer = NULL;
+#endif
+}
+
+#define FsRtlInitPerFileObjectContext(_fc, _owner, _inst) \
+ ((_fc)->OwnerId = (_owner), (_fc)->InstanceId = (_inst))
+
+#define FsRtlCompleteRequest(IRP,STATUS) { \
+ (IRP)->IoStatus.Status = (STATUS); \
+ IoCompleteRequest( (IRP), IO_DISK_INCREMENT ); \
+}
+
+#if (NTDDI_VERSION >= NTDDI_WIN7)
+typedef struct _ECP_HEADER ECP_HEADER, *PECP_HEADER;
+#endif
+
+#if (NTDDI_VERSION >= NTDDI_VISTA)
+
+typedef enum _NETWORK_OPEN_LOCATION_QUALIFIER {
+ NetworkOpenLocationAny,
+ NetworkOpenLocationRemote,
+ NetworkOpenLocationLoopback
+} NETWORK_OPEN_LOCATION_QUALIFIER;
+
+typedef enum _NETWORK_OPEN_INTEGRITY_QUALIFIER {
+ NetworkOpenIntegrityAny,
+ NetworkOpenIntegrityNone,
+ NetworkOpenIntegritySigned,
+ NetworkOpenIntegrityEncrypted,
+ NetworkOpenIntegrityMaximum
+} NETWORK_OPEN_INTEGRITY_QUALIFIER;
+
+#if (NTDDI_VERSION >= NTDDI_WIN7)
+
+#define NETWORK_OPEN_ECP_IN_FLAG_DISABLE_HANDLE_COLLAPSING 0x1
+#define NETWORK_OPEN_ECP_IN_FLAG_DISABLE_HANDLE_DURABILITY 0x2
+#define NETWORK_OPEN_ECP_IN_FLAG_FORCE_BUFFERED_SYNCHRONOUS_IO_HACK 0x80000000
+
+typedef struct _NETWORK_OPEN_ECP_CONTEXT {
+ USHORT Size;
+ USHORT Reserved;
+ struct {
+ struct {
+ NETWORK_OPEN_LOCATION_QUALIFIER Location;
+ NETWORK_OPEN_INTEGRITY_QUALIFIER Integrity;
+ ULONG Flags;
+ } in;
+ struct {
+ NETWORK_OPEN_LOCATION_QUALIFIER Location;
+ NETWORK_OPEN_INTEGRITY_QUALIFIER Integrity;
+ ULONG Flags;
+ } out;
+ } DUMMYSTRUCTNAME;
+} NETWORK_OPEN_ECP_CONTEXT, *PNETWORK_OPEN_ECP_CONTEXT;
+
+typedef struct _NETWORK_OPEN_ECP_CONTEXT_V0 {
+ USHORT Size;
+ USHORT Reserved;
+ struct {
+ struct {
+ NETWORK_OPEN_LOCATION_QUALIFIER Location;
+ NETWORK_OPEN_INTEGRITY_QUALIFIER Integrity;
+ } in;
+ struct {
+ NETWORK_OPEN_LOCATION_QUALIFIER Location;
+ NETWORK_OPEN_INTEGRITY_QUALIFIER Integrity;
+ } out;
+ } DUMMYSTRUCTNAME;
+} NETWORK_OPEN_ECP_CONTEXT_V0, *PNETWORK_OPEN_ECP_CONTEXT_V0;
+
+#elif (NTDDI_VERSION >= NTDDI_VISTA)
+typedef struct _NETWORK_OPEN_ECP_CONTEXT {
+ USHORT Size;
+ USHORT Reserved;
+ struct {
+ struct {
+ NETWORK_OPEN_LOCATION_QUALIFIER Location;
+ NETWORK_OPEN_INTEGRITY_QUALIFIER Integrity;
+ } in;
+ struct {
+ NETWORK_OPEN_LOCATION_QUALIFIER Location;
+ NETWORK_OPEN_INTEGRITY_QUALIFIER Integrity;
+ } out;
+ } DUMMYSTRUCTNAME;
+} NETWORK_OPEN_ECP_CONTEXT, *PNETWORK_OPEN_ECP_CONTEXT;
+#endif
+
+DEFINE_GUID(GUID_ECP_NETWORK_OPEN_CONTEXT, 0xc584edbf, 0x00df, 0x4d28, 0xb8, 0x84, 0x35, 0xba, 0xca, 0x89, 0x11, 0xe8 );
+
+#endif /* (NTDDI_VERSION >= NTDDI_VISTA) */
+
+
+#if (NTDDI_VERSION >= NTDDI_VISTA)
+
+typedef struct _PREFETCH_OPEN_ECP_CONTEXT {
+ PVOID Context;
+} PREFETCH_OPEN_ECP_CONTEXT, *PPREFETCH_OPEN_ECP_CONTEXT;
+
+DEFINE_GUID(GUID_ECP_PREFETCH_OPEN, 0xe1777b21, 0x847e, 0x4837, 0xaa, 0x45, 0x64, 0x16, 0x1d, 0x28, 0x6, 0x55 );
+
+#endif /* (NTDDI_VERSION >= NTDDI_VISTA) */
+
+#if (NTDDI_VERSION >= NTDDI_WIN7)
+
+DEFINE_GUID (GUID_ECP_NFS_OPEN, 0xf326d30c, 0xe5f8, 0x4fe7, 0xab, 0x74, 0xf5, 0xa3, 0x19, 0x6d, 0x92, 0xdb);
+DEFINE_GUID(GUID_ECP_SRV_OPEN, 0xbebfaebc, 0xaabf, 0x489d, 0x9d, 0x2c, 0xe9, 0xe3, 0x61, 0x10, 0x28, 0x53 );
+
+typedef struct sockaddr_storage *PSOCKADDR_STORAGE_NFS;
+
+typedef struct _NFS_OPEN_ECP_CONTEXT {
+ PUNICODE_STRING ExportAlias;
+ PSOCKADDR_STORAGE_NFS ClientSocketAddress;
+} NFS_OPEN_ECP_CONTEXT, *PNFS_OPEN_ECP_CONTEXT, **PPNFS_OPEN_ECP_CONTEXT;
+
+typedef struct _SRV_OPEN_ECP_CONTEXT {
+ PUNICODE_STRING ShareName;
+ PSOCKADDR_STORAGE_NFS SocketAddress;
+ BOOLEAN OplockBlockState;
+ BOOLEAN OplockAppState;
+ BOOLEAN OplockFinalState;
+} SRV_OPEN_ECP_CONTEXT, *PSRV_OPEN_ECP_CONTEXT;
+
+#endif /* (NTDDI_VERSION >= NTDDI_WIN7) */
+
+#define VACB_MAPPING_GRANULARITY (0x40000)
+#define VACB_OFFSET_SHIFT (18)
+
+typedef struct _PUBLIC_BCB {
+ CSHORT NodeTypeCode;
+ CSHORT NodeByteSize;
+ ULONG MappedLength;
+ LARGE_INTEGER MappedFileOffset;
+} PUBLIC_BCB, *PPUBLIC_BCB;
+
+typedef struct _CC_FILE_SIZES {
+ LARGE_INTEGER AllocationSize;
+ LARGE_INTEGER FileSize;
+ LARGE_INTEGER ValidDataLength;
+} CC_FILE_SIZES, *PCC_FILE_SIZES;
+
+typedef BOOLEAN
+(NTAPI *PACQUIRE_FOR_LAZY_WRITE) (
+ IN PVOID Context,
+ IN BOOLEAN Wait);
+
+typedef VOID
+(NTAPI *PRELEASE_FROM_LAZY_WRITE) (
+ IN PVOID Context);
+
+typedef BOOLEAN
+(NTAPI *PACQUIRE_FOR_READ_AHEAD) (
+ IN PVOID Context,
+ IN BOOLEAN Wait);
+
+typedef VOID
+(NTAPI *PRELEASE_FROM_READ_AHEAD) (
+ IN PVOID Context);
+
+typedef struct _CACHE_MANAGER_CALLBACKS {
+ PACQUIRE_FOR_LAZY_WRITE AcquireForLazyWrite;
+ PRELEASE_FROM_LAZY_WRITE ReleaseFromLazyWrite;
+ PACQUIRE_FOR_READ_AHEAD AcquireForReadAhead;
+ PRELEASE_FROM_READ_AHEAD ReleaseFromReadAhead;
+} CACHE_MANAGER_CALLBACKS, *PCACHE_MANAGER_CALLBACKS;
+
+typedef struct _CACHE_UNINITIALIZE_EVENT {
+ struct _CACHE_UNINITIALIZE_EVENT *Next;
+ KEVENT Event;
+} CACHE_UNINITIALIZE_EVENT, *PCACHE_UNINITIALIZE_EVENT;
+
+typedef VOID
+(NTAPI *PDIRTY_PAGE_ROUTINE) (
+ IN PFILE_OBJECT FileObject,
+ IN PLARGE_INTEGER FileOffset,
+ IN ULONG Length,
+ IN PLARGE_INTEGER OldestLsn,
+ IN PLARGE_INTEGER NewestLsn,
+ IN PVOID Context1,
+ IN PVOID Context2);
+
+typedef VOID
+(NTAPI *PFLUSH_TO_LSN) (
+ IN PVOID LogHandle,
+ IN LARGE_INTEGER Lsn);
+
+typedef VOID
+(NTAPI *PCC_POST_DEFERRED_WRITE) (
+ IN PVOID Context1,
+ IN PVOID Context2);
+
+#define CcIsFileCached(FO) ( \
+ ((FO)->SectionObjectPointer != NULL) && \
+ (((PSECTION_OBJECT_POINTERS)(FO)->SectionObjectPointer)->SharedCacheMap != NULL) \
+)
+
+extern ULONG CcFastMdlReadWait;
+
+#if (NTDDI_VERSION >= NTDDI_WIN2K)
+
+NTKERNELAPI
+VOID
+NTAPI
+CcInitializeCacheMap(
+ IN PFILE_OBJECT FileObject,
+ IN PCC_FILE_SIZES FileSizes,
+ IN BOOLEAN PinAccess,
+ IN PCACHE_MANAGER_CALLBACKS Callbacks,
+ IN PVOID LazyWriteContext);
+
+NTKERNELAPI
+BOOLEAN
+NTAPI
+CcUninitializeCacheMap(
+ IN PFILE_OBJECT FileObject,
+ IN PLARGE_INTEGER TruncateSize OPTIONAL,
+ IN PCACHE_UNINITIALIZE_EVENT UninitializeCompleteEvent OPTIONAL);
+
+NTKERNELAPI
+VOID
+NTAPI
+CcSetFileSizes(
+ IN PFILE_OBJECT FileObject,
+ IN PCC_FILE_SIZES FileSizes);
+
+NTKERNELAPI
+VOID
+NTAPI
+CcSetDirtyPageThreshold(
+ IN PFILE_OBJECT FileObject,
+ IN ULONG DirtyPageThreshold);
+
+NTKERNELAPI
+VOID
+NTAPI
+CcFlushCache(
+ IN PSECTION_OBJECT_POINTERS SectionObjectPointer,
+ IN PLARGE_INTEGER FileOffset OPTIONAL,
+ IN ULONG Length,
+ OUT PIO_STATUS_BLOCK IoStatus OPTIONAL);
+
+NTKERNELAPI
+LARGE_INTEGER
+NTAPI
+CcGetFlushedValidData(
+ IN PSECTION_OBJECT_POINTERS SectionObjectPointer,
+ IN BOOLEAN BcbListHeld);
+
+NTKERNELAPI
+BOOLEAN
+NTAPI
+CcZeroData(
+ IN PFILE_OBJECT FileObject,
+ IN PLARGE_INTEGER StartOffset,
+ IN PLARGE_INTEGER EndOffset,
+ IN BOOLEAN Wait);
+
+NTKERNELAPI
+PVOID
+NTAPI
+CcRemapBcb(
+ IN PVOID Bcb);
+
+NTKERNELAPI
+VOID
+NTAPI
+CcRepinBcb(
+ IN PVOID Bcb);
+
+NTKERNELAPI
+VOID
+NTAPI
+CcUnpinRepinnedBcb(
+ IN PVOID Bcb,
+ IN BOOLEAN WriteThrough,
+ OUT PIO_STATUS_BLOCK IoStatus);
+
+NTKERNELAPI
+PFILE_OBJECT
+NTAPI
+CcGetFileObjectFromSectionPtrs(
+ IN PSECTION_OBJECT_POINTERS SectionObjectPointer);
+
+NTKERNELAPI
+PFILE_OBJECT
+NTAPI
+CcGetFileObjectFromBcb(
+ IN PVOID Bcb);
+
+NTKERNELAPI
+BOOLEAN
+NTAPI
+CcCanIWrite(
+ IN PFILE_OBJECT FileObject,
+ IN ULONG BytesToWrite,
+ IN BOOLEAN Wait,
+ IN BOOLEAN Retrying);
+
+NTKERNELAPI
+VOID
+NTAPI
+CcDeferWrite(
+ IN PFILE_OBJECT FileObject,
+ IN PCC_POST_DEFERRED_WRITE PostRoutine,
+ IN PVOID Context1,
+ IN PVOID Context2,
+ IN ULONG BytesToWrite,
+ IN BOOLEAN Retrying);
+
+NTKERNELAPI
+BOOLEAN
+NTAPI
+CcCopyRead(
+ IN PFILE_OBJECT FileObject,
+ IN PLARGE_INTEGER FileOffset,
+ IN ULONG Length,
+ IN BOOLEAN Wait,
+ OUT PVOID Buffer,
+ OUT PIO_STATUS_BLOCK IoStatus);
+
+NTKERNELAPI
+VOID
+NTAPI
+CcFastCopyRead(
+ IN PFILE_OBJECT FileObject,
+ IN ULONG FileOffset,
+ IN ULONG Length,
+ IN ULONG PageCount,
+ OUT PVOID Buffer,
+ OUT PIO_STATUS_BLOCK IoStatus);
+
+NTKERNELAPI
+BOOLEAN
+NTAPI
+CcCopyWrite(
+ IN PFILE_OBJECT FileObject,
+ IN PLARGE_INTEGER FileOffset,
+ IN ULONG Length,
+ IN BOOLEAN Wait,
+ IN PVOID Buffer);
+
+NTKERNELAPI
+VOID
+NTAPI
+CcFastCopyWrite(
+ IN PFILE_OBJECT FileObject,
+ IN ULONG FileOffset,
+ IN ULONG Length,
+ IN PVOID Buffer);
+
+NTKERNELAPI
+VOID
+NTAPI
+CcMdlRead(
+ IN PFILE_OBJECT FileObject,
+ IN PLARGE_INTEGER FileOffset,
+ IN ULONG Length,
+ OUT PMDL *MdlChain,
+ OUT PIO_STATUS_BLOCK IoStatus);
+
+NTKERNELAPI
+VOID
+NTAPI
+CcMdlReadComplete(
+ IN PFILE_OBJECT FileObject,
+ IN PMDL MdlChain);
+
+NTKERNELAPI
+VOID
+NTAPI
+CcPrepareMdlWrite(
+ IN PFILE_OBJECT FileObject,
+ IN PLARGE_INTEGER FileOffset,
+ IN ULONG Length,
+ OUT PMDL *MdlChain,
+ OUT PIO_STATUS_BLOCK IoStatus);
+
+NTKERNELAPI
+VOID
+NTAPI
+CcMdlWriteComplete(
+ IN PFILE_OBJECT FileObject,
+ IN PLARGE_INTEGER FileOffset,
+ IN PMDL MdlChain);
+
+NTKERNELAPI
+VOID
+NTAPI
+CcScheduleReadAhead(
+ IN PFILE_OBJECT FileObject,
+ IN PLARGE_INTEGER FileOffset,
+ IN ULONG Length);
+
+NTKERNELAPI
+NTSTATUS
+NTAPI
+CcWaitForCurrentLazyWriterActivity(
+ VOID);
+
+NTKERNELAPI
+VOID
+NTAPI
+CcSetReadAheadGranularity(
+ IN PFILE_OBJECT FileObject,
+ IN ULONG Granularity);
+
+NTKERNELAPI
+BOOLEAN
+NTAPI
+CcPinRead(
+ IN PFILE_OBJECT FileObject,
+ IN PLARGE_INTEGER FileOffset,
+ IN ULONG Length,
+ IN ULONG Flags,
+ OUT PVOID *Bcb,
+ OUT PVOID *Buffer);
+
+NTKERNELAPI
+BOOLEAN
+NTAPI
+CcPinMappedData(
+ IN PFILE_OBJECT FileObject,
+ IN PLARGE_INTEGER FileOffset,
+ IN ULONG Length,
+ IN ULONG Flags,
+ IN OUT PVOID *Bcb);
+
+NTKERNELAPI
+BOOLEAN
+NTAPI
+CcPreparePinWrite(
+ IN PFILE_OBJECT FileObject,
+ IN PLARGE_INTEGER FileOffset,
+ IN ULONG Length,
+ IN BOOLEAN Zero,
+ IN ULONG Flags,
+ OUT PVOID *Bcb,
+ OUT PVOID *Buffer);
+
+NTKERNELAPI
+VOID
+NTAPI
+CcSetDirtyPinnedData(
+ IN PVOID BcbVoid,
+ IN PLARGE_INTEGER Lsn OPTIONAL);
+
+NTKERNELAPI
+VOID
+NTAPI
+CcUnpinData(
+ IN PVOID Bcb);
+
+NTKERNELAPI
+VOID
+NTAPI
+CcSetBcbOwnerPointer(
+ IN PVOID Bcb,
+ IN PVOID OwnerPointer);
+
+NTKERNELAPI
+VOID
+NTAPI
+CcUnpinDataForThread(
+ IN PVOID Bcb,
+ IN ERESOURCE_THREAD ResourceThreadId);
+
+NTKERNELAPI
+VOID
+NTAPI
+CcSetAdditionalCacheAttributes(
+ IN PFILE_OBJECT FileObject,
+ IN BOOLEAN DisableReadAhead,
+ IN BOOLEAN DisableWriteBehind);
+
+NTKERNELAPI
+BOOLEAN
+NTAPI
+CcIsThereDirtyData(
+ IN PVPB Vpb);
+
+#endif /* (NTDDI_VERSION >= NTDDI_WIN2K) */
+
+#if (NTDDI_VERSION >= NTDDI_WINXP)
+
+NTKERNELAPI
+VOID
+NTAPI
+CcMdlWriteAbort(
+ IN PFILE_OBJECT FileObject,
+ IN PMDL MdlChain);
+
+NTKERNELAPI
+VOID
+NTAPI
+CcSetLogHandleForFile(
+ IN PFILE_OBJECT FileObject,
+ IN PVOID LogHandle,
+ IN PFLUSH_TO_LSN FlushToLsnRoutine);
+
+NTKERNELAPI
+LARGE_INTEGER
+NTAPI
+CcGetDirtyPages(
+ IN PVOID LogHandle,
+ IN PDIRTY_PAGE_ROUTINE DirtyPageRoutine,
+ IN PVOID Context1,
+ IN PVOID Context2);
+
+#endif
+
+#if (NTDDI_VERSION >= NTDDI_WINXP)
+NTKERNELAPI
+BOOLEAN
+NTAPI
+CcMapData(
+ IN PFILE_OBJECT FileObject,
+ IN PLARGE_INTEGER FileOffset,
+ IN ULONG Length,
+ IN ULONG Flags,
+ OUT PVOID *Bcb,
+ OUT PVOID *Buffer);
+#elif (NTDDI_VERSION >= NTDDI_WIN2K)
+NTKERNELAPI
+BOOLEAN
+NTAPI
+CcMapData(
+ IN PFILE_OBJECT FileObject,
+ IN PLARGE_INTEGER FileOffset,
+ IN ULONG Length,
+ IN BOOLEAN Wait,
+ OUT PVOID *Bcb,
+ OUT PVOID *Buffer);
+#endif
+
+#if (NTDDI_VERSION >= NTDDI_VISTA)
+
+NTKERNELAPI
+NTSTATUS
+NTAPI
+CcSetFileSizesEx(
+ IN PFILE_OBJECT FileObject,
+ IN PCC_FILE_SIZES FileSizes);
+
+NTKERNELAPI
+PFILE_OBJECT
+NTAPI
+CcGetFileObjectFromSectionPtrsRef(
+ IN PSECTION_OBJECT_POINTERS SectionObjectPointer);
+
+NTKERNELAPI
+VOID
+NTAPI
+CcSetParallelFlushFile(
+ IN PFILE_OBJECT FileObject,
+ IN BOOLEAN EnableParallelFlush);
+
+NTKERNELAPI
+BOOLEAN
+CcIsThereDirtyDataEx(
+ IN PVPB Vpb,
+ IN PULONG NumberOfDirtyPages OPTIONAL);
+
+#endif
+
+#if (NTDDI_VERSION >= NTDDI_WIN7)
+NTKERNELAPI
+VOID
+NTAPI
+CcCoherencyFlushAndPurgeCache(
+ IN PSECTION_OBJECT_POINTERS SectionObjectPointer,
+ IN PLARGE_INTEGER FileOffset OPTIONAL,
+ IN ULONG Length,
+ OUT PIO_STATUS_BLOCK IoStatus,
+ IN ULONG Flags OPTIONAL);
+#endif
+
+#define CcGetFileSizePointer(FO) ( \
+ ((PLARGE_INTEGER)((FO)->SectionObjectPointer->SharedCacheMap) + 1) \
+)
+
+#define UNINITIALIZE_CACHE_MAPS (1)
+#define DO_NOT_RETRY_PURGE (2)
+#define DO_NOT_PURGE_DIRTY_PAGES (0x4)
+
+#define CC_FLUSH_AND_PURGE_NO_PURGE (0x1)
+
+#if (NTDDI_VERSION >= NTDDI_VISTA)
+NTKERNELAPI
+BOOLEAN
+NTAPI
+CcPurgeCacheSection(
+ IN PSECTION_OBJECT_POINTERS SectionObjectPointer,
+ IN PLARGE_INTEGER FileOffset OPTIONAL,
+ IN ULONG Length,
+ IN ULONG Flags);
+#elif (NTDDI_VERSION >= NTDDI_WIN2K)
+NTKERNELAPI
+BOOLEAN
+NTAPI
+CcPurgeCacheSection(
+ IN PSECTION_OBJECT_POINTERS SectionObjectPointer,
+ IN PLARGE_INTEGER FileOffset OPTIONAL,
+ IN ULONG Length,
+ IN BOOLEAN UninitializeCacheMaps);
+#endif
+
+#if (NTDDI_VERSION >= NTDDI_WIN7)
+NTKERNELAPI
+BOOLEAN
+NTAPI
+CcCopyWriteWontFlush(
+ IN PFILE_OBJECT FileObject,
+ IN PLARGE_INTEGER FileOffset,
+ IN ULONG Length);
+#else
+#define CcCopyWriteWontFlush(FO, FOFF, LEN) ((LEN) <= 0x10000)
+#endif
+
+#define CcReadAhead(FO, FOFF, LEN) ( \
+ if ((LEN) >= 256) { \
+ CcScheduleReadAhead((FO), (FOFF), (LEN)); \
+ } \
+)
+
+#define PIN_WAIT (1)
+#define PIN_EXCLUSIVE (2)
+#define PIN_NO_READ (4)
+#define PIN_IF_BCB (8)
+#define PIN_CALLER_TRACKS_DIRTY_DATA (32)
+#define PIN_HIGH_PRIORITY (64)
+
+#define MAP_WAIT 1
+#define MAP_NO_READ (16)
+#define MAP_HIGH_PRIORITY (64)
+
+#define IOCTL_REDIR_QUERY_PATH CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 99, METHOD_NEITHER, FILE_ANY_ACCESS)
+#define IOCTL_REDIR_QUERY_PATH_EX CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 100, METHOD_NEITHER, FILE_ANY_ACCESS)
+
+typedef struct _QUERY_PATH_REQUEST {
+ ULONG PathNameLength;
+ PIO_SECURITY_CONTEXT SecurityContext;
+ WCHAR FilePathName[1];
+} QUERY_PATH_REQUEST, *PQUERY_PATH_REQUEST;
+
+typedef struct _QUERY_PATH_REQUEST_EX {
+ PIO_SECURITY_CONTEXT pSecurityContext;
+ ULONG EaLength;
+ PVOID pEaBuffer;
+ UNICODE_STRING PathName;
+ UNICODE_STRING DomainServiceName;
+ ULONG_PTR Reserved[ 3 ];
+} QUERY_PATH_REQUEST_EX, *PQUERY_PATH_REQUEST_EX;
+
+typedef struct _QUERY_PATH_RESPONSE {
+ ULONG LengthAccepted;
+} QUERY_PATH_RESPONSE, *PQUERY_PATH_RESPONSE;
+
+#define VOLSNAPCONTROLTYPE 0x00000053
+#define IOCTL_VOLSNAP_FLUSH_AND_HOLD_WRITES CTL_CODE(VOLSNAPCONTROLTYPE, 0, METHOD_BUFFERED, FILE_READ_ACCESS | FILE_WRITE_ACCESS)
+
+#if (NTDDI_VERSION >= NTDDI_WIN2K)
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwQueryObject(
+ IN HANDLE Handle OPTIONAL,
+ IN OBJECT_INFORMATION_CLASS ObjectInformationClass,
+ OUT PVOID ObjectInformation OPTIONAL,
+ IN ULONG ObjectInformationLength,
+ OUT PULONG ReturnLength OPTIONAL);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwNotifyChangeKey(
+ IN HANDLE KeyHandle,
+ IN HANDLE EventHandle OPTIONAL,
+ IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
+ IN PVOID ApcContext OPTIONAL,
+ OUT PIO_STATUS_BLOCK IoStatusBlock,
+ IN ULONG NotifyFilter,
+ IN BOOLEAN WatchSubtree,
+ OUT PVOID Buffer,
+ IN ULONG BufferLength,
+ IN BOOLEAN Asynchronous);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwCreateEvent(
+ OUT PHANDLE EventHandle,
+ IN ACCESS_MASK DesiredAccess,
+ IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
+ IN EVENT_TYPE EventType,
+ IN BOOLEAN InitialState);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwDeleteFile(
+ IN POBJECT_ATTRIBUTES ObjectAttributes);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwDeviceIoControlFile(
+ IN HANDLE FileHandle,
+ IN HANDLE Event OPTIONAL,
+ IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
+ IN PVOID ApcContext OPTIONAL,
+ OUT PIO_STATUS_BLOCK IoStatusBlock,
+ IN ULONG IoControlCode,
+ IN PVOID InputBuffer OPTIONAL,
+ IN ULONG InputBufferLength,
+ OUT PVOID OutputBuffer OPTIONAL,
+ IN ULONG OutputBufferLength);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwQueryDirectoryFile(
+ IN HANDLE FileHandle,
+ IN HANDLE Event OPTIONAL,
+ IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
+ IN PVOID ApcContext OPTIONAL,
+ OUT PIO_STATUS_BLOCK IoStatusBlock,
+ OUT PVOID FileInformation,
+ IN ULONG Length,
+ IN FILE_INFORMATION_CLASS FileInformationClass,
+ IN BOOLEAN ReturnSingleEntry,
+ IN PUNICODE_STRING FileName OPTIONAL,
+ IN BOOLEAN RestartScan);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwQueryVolumeInformationFile(
+ IN HANDLE FileHandle,
+ OUT PIO_STATUS_BLOCK IoStatusBlock,
+ OUT PVOID FsInformation,
+ IN ULONG Length,
+ IN FS_INFORMATION_CLASS FsInformationClass);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwSetVolumeInformationFile(
+ IN HANDLE FileHandle,
+ OUT PIO_STATUS_BLOCK IoStatusBlock,
+ IN PVOID FsInformation,
+ IN ULONG Length,
+ IN FS_INFORMATION_CLASS FsInformationClass);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwFsControlFile(
+ IN HANDLE FileHandle,
+ IN HANDLE Event OPTIONAL,
+ IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
+ IN PVOID ApcContext OPTIONAL,
+ OUT PIO_STATUS_BLOCK IoStatusBlock,
+ IN ULONG FsControlCode,
+ IN PVOID InputBuffer OPTIONAL,
+ IN ULONG InputBufferLength,
+ OUT PVOID OutputBuffer OPTIONAL,
+ IN ULONG OutputBufferLength);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwDuplicateObject(
+ IN HANDLE SourceProcessHandle,
+ IN HANDLE SourceHandle,
+ IN HANDLE TargetProcessHandle OPTIONAL,
+ OUT PHANDLE TargetHandle OPTIONAL,
+ IN ACCESS_MASK DesiredAccess,
+ IN ULONG HandleAttributes,
+ IN ULONG Options);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwOpenDirectoryObject(
+ OUT PHANDLE DirectoryHandle,
+ IN ACCESS_MASK DesiredAccess,
+ IN POBJECT_ATTRIBUTES ObjectAttributes);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwAllocateVirtualMemory(
+ IN HANDLE ProcessHandle,
+ IN OUT PVOID *BaseAddress,
+ IN ULONG_PTR ZeroBits,
+ IN OUT PSIZE_T RegionSize,
+ IN ULONG AllocationType,
+ IN ULONG Protect);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwFreeVirtualMemory(
+ IN HANDLE ProcessHandle,
+ IN OUT PVOID *BaseAddress,
+ IN OUT PSIZE_T RegionSize,
+ IN ULONG FreeType);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwWaitForSingleObject(
+ IN HANDLE Handle,
+ IN BOOLEAN Alertable,
+ IN PLARGE_INTEGER Timeout OPTIONAL);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwSetEvent(
+ IN HANDLE EventHandle,
+ OUT PLONG PreviousState OPTIONAL);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwFlushVirtualMemory(
+ IN HANDLE ProcessHandle,
+ IN OUT PVOID *BaseAddress,
+ IN OUT PSIZE_T RegionSize,
+ OUT PIO_STATUS_BLOCK IoStatusBlock);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwQueryInformationToken(
+ IN HANDLE TokenHandle,
+ IN TOKEN_INFORMATION_CLASS TokenInformationClass,
+ OUT PVOID TokenInformation,
+ IN ULONG Length,
+ OUT PULONG ResultLength);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwSetSecurityObject(
+ IN HANDLE Handle,
+ IN SECURITY_INFORMATION SecurityInformation,
+ IN PSECURITY_DESCRIPTOR SecurityDescriptor);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwQuerySecurityObject(
+ IN HANDLE FileHandle,
+ IN SECURITY_INFORMATION SecurityInformation,
+ OUT PSECURITY_DESCRIPTOR SecurityDescriptor,
+ IN ULONG Length,
+ OUT PULONG ResultLength);
+
+#endif /* (NTDDI_VERSION >= NTDDI_WIN2K) */
+
+#if (NTDDI_VERSION >= NTDDI_WINXP)
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwOpenProcessTokenEx(
+ IN HANDLE ProcessHandle,
+ IN ACCESS_MASK DesiredAccess,
+ IN ULONG HandleAttributes,
+ OUT PHANDLE TokenHandle);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwOpenThreadTokenEx(
+ IN HANDLE ThreadHandle,
+ IN ACCESS_MASK DesiredAccess,
+ IN BOOLEAN OpenAsSelf,
+ IN ULONG HandleAttributes,
+ OUT PHANDLE TokenHandle);
+
+#endif
+
+#if (NTDDI_VERSION >= NTDDI_VISTA)
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwLockFile(
+ IN HANDLE FileHandle,
+ IN HANDLE Event OPTIONAL,
+ IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
+ IN PVOID ApcContext OPTIONAL,
+ OUT PIO_STATUS_BLOCK IoStatusBlock,
+ IN PLARGE_INTEGER ByteOffset,
+ IN PLARGE_INTEGER Length,
+ IN ULONG Key,
+ IN BOOLEAN FailImmediately,
+ IN BOOLEAN ExclusiveLock);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwUnlockFile(
+ IN HANDLE FileHandle,
+ OUT PIO_STATUS_BLOCK IoStatusBlock,
+ IN PLARGE_INTEGER ByteOffset,
+ IN PLARGE_INTEGER Length,
+ IN ULONG Key);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwQueryQuotaInformationFile(
+ IN HANDLE FileHandle,
+ OUT PIO_STATUS_BLOCK IoStatusBlock,
+ OUT PVOID Buffer,
+ IN ULONG Length,
+ IN BOOLEAN ReturnSingleEntry,
+ IN PVOID SidList,
+ IN ULONG SidListLength,
+ IN PSID StartSid OPTIONAL,
+ IN BOOLEAN RestartScan);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwSetQuotaInformationFile(
+ IN HANDLE FileHandle,
+ OUT PIO_STATUS_BLOCK IoStatusBlock,
+ IN PVOID Buffer,
+ IN ULONG Length);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwFlushBuffersFile(
+ IN HANDLE FileHandle,
+ OUT PIO_STATUS_BLOCK IoStatusBlock);
+
+#endif /* (NTDDI_VERSION >= NTDDI_VISTA) */
+
+#if (NTDDI_VERSION >= NTDDI_WIN7)
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwSetInformationToken(
+ IN HANDLE TokenHandle,
+ IN TOKEN_INFORMATION_CLASS TokenInformationClass,
+ IN PVOID TokenInformation,
+ IN ULONG TokenInformationLength);
+#endif
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwQueryEaFile(
+ IN HANDLE FileHandle,
+ OUT PIO_STATUS_BLOCK IoStatusBlock,
+ OUT PVOID Buffer,
+ IN ULONG Length,
+ IN BOOLEAN ReturnSingleEntry,
+ IN PVOID EaList OPTIONAL,
+ IN ULONG EaListLength,
+ IN PULONG EaIndex OPTIONAL,
+ IN BOOLEAN RestartScan);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwSetEaFile(
+ IN HANDLE FileHandle,
+ OUT PIO_STATUS_BLOCK IoStatusBlock,
+ OUT PVOID Buffer,
+ IN ULONG Length);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwDuplicateToken(
+ IN HANDLE ExistingTokenHandle,
+ IN ACCESS_MASK DesiredAccess,
+ IN POBJECT_ATTRIBUTES ObjectAttributes,
+ IN BOOLEAN EffectiveOnly,
+ IN TOKEN_TYPE TokenType,
+ OUT PHANDLE NewTokenHandle);
+
+#pragma pack(push,4)
+
+#ifndef VER_PRODUCTBUILD
+#define VER_PRODUCTBUILD 10000
+#endif
+
+#include "csq.h"
+
+#ifdef _NTOSKRNL_
+extern PUCHAR FsRtlLegalAnsiCharacterArray;
+#else
+extern DECLSPEC_IMPORT PUCHAR FsRtlLegalAnsiCharacterArray;
+#endif
+extern PACL SePublicDefaultDacl;
+extern PACL SeSystemDefaultDacl;
+
+#define FS_LFN_APIS 0x00004000
+
+#define FILE_STORAGE_TYPE_SPECIFIED 0x00000041 /* FILE_DIRECTORY_FILE | FILE_NON_DIRECTORY_FILE */
+#define FILE_STORAGE_TYPE_DEFAULT (StorageTypeDefault << FILE_STORAGE_TYPE_SHIFT)
+#define FILE_STORAGE_TYPE_DIRECTORY (StorageTypeDirectory << FILE_STORAGE_TYPE_SHIFT)
+#define FILE_STORAGE_TYPE_FILE (StorageTypeFile << FILE_STORAGE_TYPE_SHIFT)
+#define FILE_STORAGE_TYPE_DOCFILE (StorageTypeDocfile << FILE_STORAGE_TYPE_SHIFT)
+#define FILE_STORAGE_TYPE_JUNCTION_POINT (StorageTypeJunctionPoint << FILE_STORAGE_TYPE_SHIFT)
+#define FILE_STORAGE_TYPE_CATALOG (StorageTypeCatalog << FILE_STORAGE_TYPE_SHIFT)
+#define FILE_STORAGE_TYPE_STRUCTURED_STORAGE (StorageTypeStructuredStorage << FILE_STORAGE_TYPE_SHIFT)
+#define FILE_STORAGE_TYPE_EMBEDDING (StorageTypeEmbedding << FILE_STORAGE_TYPE_SHIFT)
+#define FILE_STORAGE_TYPE_STREAM (StorageTypeStream << FILE_STORAGE_TYPE_SHIFT)
+#define FILE_MINIMUM_STORAGE_TYPE FILE_STORAGE_TYPE_DEFAULT
+#define FILE_MAXIMUM_STORAGE_TYPE FILE_STORAGE_TYPE_STREAM
+#define FILE_STORAGE_TYPE_MASK 0x000f0000
+#define FILE_STORAGE_TYPE_SHIFT 16
+
+#define FILE_VC_QUOTAS_LOG_VIOLATIONS 0x00000004
+
+#define FSRTL_WILD_CHARACTER 0x08
+
+#ifdef _X86_
+#define HARDWARE_PTE HARDWARE_PTE_X86
+#define PHARDWARE_PTE PHARDWARE_PTE_X86
+#endif
+
+#define IO_CHECK_CREATE_PARAMETERS 0x0200
+#define IO_ATTACH_DEVICE 0x0400
+
+#define IO_ATTACH_DEVICE_API 0x80000000
+
+#define IO_TYPE_APC 18
+#define IO_TYPE_DPC 19
+#define IO_TYPE_DEVICE_QUEUE 20
+#define IO_TYPE_EVENT_PAIR 21
+#define IO_TYPE_INTERRUPT 22
+#define IO_TYPE_PROFILE 23
+
+#define IRP_BEING_VERIFIED 0x10
+
+#define MAILSLOT_CLASS_FIRSTCLASS 1
+#define MAILSLOT_CLASS_SECONDCLASS 2
+
+#define MAILSLOT_SIZE_AUTO 0
+
+#define MEM_DOS_LIM 0x40000000
+
+#define OB_TYPE_TYPE 1
+#define OB_TYPE_DIRECTORY 2
+#define OB_TYPE_SYMBOLIC_LINK 3
+#define OB_TYPE_TOKEN 4
+#define OB_TYPE_PROCESS 5
+#define OB_TYPE_THREAD 6
+#define OB_TYPE_EVENT 7
+#define OB_TYPE_EVENT_PAIR 8
+#define OB_TYPE_MUTANT 9
+#define OB_TYPE_SEMAPHORE 10
+#define OB_TYPE_TIMER 11
+#define OB_TYPE_PROFILE 12
+#define OB_TYPE_WINDOW_STATION 13
+#define OB_TYPE_DESKTOP 14
+#define OB_TYPE_SECTION 15
+#define OB_TYPE_KEY 16
+#define OB_TYPE_PORT 17
+#define OB_TYPE_ADAPTER 18
+#define OB_TYPE_CONTROLLER 19
+#define OB_TYPE_DEVICE 20
+#define OB_TYPE_DRIVER 21
+#define OB_TYPE_IO_COMPLETION 22
+#define OB_TYPE_FILE 23
+
+#define SEC_BASED 0x00200000
+
+#define SECURITY_WORLD_SID_AUTHORITY {0,0,0,0,0,1}
+#define SECURITY_WORLD_RID (0x00000000L)
+
+/* end winnt.h */
+
+#define TOKEN_HAS_ADMIN_GROUP 0x08
+
+#if (VER_PRODUCTBUILD >= 1381)
+#define FSCTL_GET_HFS_INFORMATION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 31, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#endif /* (VER_PRODUCTBUILD >= 1381) */
+
+#if (VER_PRODUCTBUILD >= 2195)
+
+#define FSCTL_READ_PROPERTY_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 33, METHOD_NEITHER, FILE_ANY_ACCESS)
+#define FSCTL_WRITE_PROPERTY_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 34, METHOD_NEITHER, FILE_ANY_ACCESS)
+
+#define FSCTL_DUMP_PROPERTY_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 37, METHOD_NEITHER, FILE_ANY_ACCESS)
+
+#define FSCTL_HSM_MSG CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 66, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA)
+#define FSCTL_NSS_CONTROL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 67, METHOD_BUFFERED, FILE_WRITE_DATA)
+#define FSCTL_HSM_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 68, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA)
+#define FSCTL_NSS_RCONTROL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 70, METHOD_BUFFERED, FILE_READ_DATA)
+#endif /* (VER_PRODUCTBUILD >= 2195) */
+
+#define FSCTL_NETWORK_SET_CONFIGURATION_INFO CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 102, METHOD_IN_DIRECT, FILE_ANY_ACCESS)
+#define FSCTL_NETWORK_GET_CONFIGURATION_INFO CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 103, METHOD_OUT_DIRECT, FILE_ANY_ACCESS)
+#define FSCTL_NETWORK_GET_CONNECTION_INFO CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 104, METHOD_NEITHER, FILE_ANY_ACCESS)
+#define FSCTL_NETWORK_ENUMERATE_CONNECTIONS CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 105, METHOD_NEITHER, FILE_ANY_ACCESS)
+#define FSCTL_NETWORK_DELETE_CONNECTION CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 107, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_NETWORK_GET_STATISTICS CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 116, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_NETWORK_SET_DOMAIN_NAME CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 120, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_NETWORK_REMOTE_BOOT_INIT_SCRT CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 250, METHOD_BUFFERED, FILE_ANY_ACCESS)
+
+//
+// Forwarders
+//
+struct _RTL_AVL_TABLE;
+struct _RTL_GENERIC_TABLE;
+
+typedef enum _FILE_STORAGE_TYPE {
+ StorageTypeDefault = 1,
+ StorageTypeDirectory,
+ StorageTypeFile,
+ StorageTypeJunctionPoint,
+ StorageTypeCatalog,
+ StorageTypeStructuredStorage,
+ StorageTypeEmbedding,
+ StorageTypeStream
+} FILE_STORAGE_TYPE;
+
+typedef struct _OBJECT_BASIC_INFORMATION
+{
+ ULONG Attributes;
+ ACCESS_MASK GrantedAccess;
+ ULONG HandleCount;
+ ULONG PointerCount;
+ ULONG PagedPoolCharge;
+ ULONG NonPagedPoolCharge;
+ ULONG Reserved[ 3 ];
+ ULONG NameInfoSize;
+ ULONG TypeInfoSize;
+ ULONG SecurityDescriptorSize;
+ LARGE_INTEGER CreationTime;
+} OBJECT_BASIC_INFORMATION, *POBJECT_BASIC_INFORMATION;
+
+typedef struct _BITMAP_RANGE {
+ LIST_ENTRY Links;
+ LONGLONG BasePage;
+ ULONG FirstDirtyPage;
+ ULONG LastDirtyPage;
+ ULONG DirtyPages;
+ PULONG Bitmap;
+} BITMAP_RANGE, *PBITMAP_RANGE;
+
+typedef struct _FILE_COPY_ON_WRITE_INFORMATION {
+ BOOLEAN ReplaceIfExists;
+ HANDLE RootDirectory;
+ ULONG FileNameLength;
+ WCHAR FileName[1];
+} FILE_COPY_ON_WRITE_INFORMATION, *PFILE_COPY_ON_WRITE_INFORMATION;
+
+typedef struct _FILE_FULL_DIRECTORY_INFORMATION {
+ ULONG NextEntryOffset;
+ ULONG FileIndex;
+ LARGE_INTEGER CreationTime;
+ LARGE_INTEGER LastAccessTime;
+ LARGE_INTEGER LastWriteTime;
+ LARGE_INTEGER ChangeTime;
+ LARGE_INTEGER EndOfFile;
+ LARGE_INTEGER AllocationSize;
+ ULONG FileAttributes;
+ ULONG FileNameLength;
+ ULONG EaSize;
+ WCHAR FileName[ANYSIZE_ARRAY];
+} FILE_FULL_DIRECTORY_INFORMATION, *PFILE_FULL_DIRECTORY_INFORMATION;
+
+typedef struct _FILE_FS_FULL_SIZE_INFORMATION {
+ LARGE_INTEGER TotalAllocationUnits;
+ LARGE_INTEGER CallerAvailableAllocationUnits;
+ LARGE_INTEGER ActualAvailableAllocationUnits;
+ ULONG SectorsPerAllocationUnit;
+ ULONG BytesPerSector;
+} FILE_FS_FULL_SIZE_INFORMATION, *PFILE_FS_FULL_SIZE_INFORMATION;
+
+typedef struct _FILE_FS_LABEL_INFORMATION {
+ ULONG VolumeLabelLength;
+ WCHAR VolumeLabel[1];
+} FILE_FS_LABEL_INFORMATION, *PFILE_FS_LABEL_INFORMATION;
+
+#if (VER_PRODUCTBUILD >= 2195)
+
+typedef struct _FILE_FS_OBJECT_ID_INFORMATION {
+ UCHAR ObjectId[16];
+ UCHAR ExtendedInfo[48];
+} FILE_FS_OBJECT_ID_INFORMATION, *PFILE_FS_OBJECT_ID_INFORMATION;
+
+#endif /* (VER_PRODUCTBUILD >= 2195) */
+
+typedef struct _FILE_FS_SIZE_INFORMATION {
+ LARGE_INTEGER TotalAllocationUnits;
+ LARGE_INTEGER AvailableAllocationUnits;
+ ULONG SectorsPerAllocationUnit;
+ ULONG BytesPerSector;
+} FILE_FS_SIZE_INFORMATION, *PFILE_FS_SIZE_INFORMATION;
+
+typedef struct _FILE_FS_VOLUME_INFORMATION {
+ LARGE_INTEGER VolumeCreationTime;
+ ULONG VolumeSerialNumber;
+ ULONG VolumeLabelLength;
+ BOOLEAN SupportsObjects;
+ WCHAR VolumeLabel[1];
+} FILE_FS_VOLUME_INFORMATION, *PFILE_FS_VOLUME_INFORMATION;
+
+typedef struct _FILE_FS_OBJECTID_INFORMATION
+{
+ UCHAR ObjectId[16];
+ UCHAR ExtendedInfo[48];
+} FILE_FS_OBJECTID_INFORMATION, *PFILE_FS_OBJECTID_INFORMATION;
+
+/* raw internal file lock struct returned from FsRtlGetNextFileLock */
+typedef struct _FILE_SHARED_LOCK_ENTRY {
+ PVOID Unknown1;
+ PVOID Unknown2;
+ FILE_LOCK_INFO FileLock;
+} FILE_SHARED_LOCK_ENTRY, *PFILE_SHARED_LOCK_ENTRY;
+
+/* raw internal file lock struct returned from FsRtlGetNextFileLock */
+typedef struct _FILE_EXCLUSIVE_LOCK_ENTRY {
+ LIST_ENTRY ListEntry;
+ PVOID Unknown1;
+ PVOID Unknown2;
+ FILE_LOCK_INFO FileLock;
+} FILE_EXCLUSIVE_LOCK_ENTRY, *PFILE_EXCLUSIVE_LOCK_ENTRY;
+
+typedef struct _FILE_MAILSLOT_PEEK_BUFFER {
+ ULONG ReadDataAvailable;
+ ULONG NumberOfMessages;
+ ULONG MessageLength;
+} FILE_MAILSLOT_PEEK_BUFFER, *PFILE_MAILSLOT_PEEK_BUFFER;
+
+typedef struct _FILE_OLE_CLASSID_INFORMATION {
+ GUID ClassId;
+} FILE_OLE_CLASSID_INFORMATION, *PFILE_OLE_CLASSID_INFORMATION;
+
+typedef struct _FILE_OLE_ALL_INFORMATION {
+ FILE_BASIC_INFORMATION BasicInformation;
+ FILE_STANDARD_INFORMATION StandardInformation;
+ FILE_INTERNAL_INFORMATION InternalInformation;
+ FILE_EA_INFORMATION EaInformation;
+ FILE_ACCESS_INFORMATION AccessInformation;
+ FILE_POSITION_INFORMATION PositionInformation;
+ FILE_MODE_INFORMATION ModeInformation;
+ FILE_ALIGNMENT_INFORMATION AlignmentInformation;
+ USN LastChangeUsn;
+ USN ReplicationUsn;
+ LARGE_INTEGER SecurityChangeTime;
+ FILE_OLE_CLASSID_INFORMATION OleClassIdInformation;
+ FILE_OBJECTID_INFORMATION ObjectIdInformation;
+ FILE_STORAGE_TYPE StorageType;
+ ULONG OleStateBits;
+ ULONG OleId;
+ ULONG NumberOfStreamReferences;
+ ULONG StreamIndex;
+ ULONG SecurityId;
+ BOOLEAN ContentIndexDisable;
+ BOOLEAN InheritContentIndexDisable;
+ FILE_NAME_INFORMATION NameInformation;
+} FILE_OLE_ALL_INFORMATION, *PFILE_OLE_ALL_INFORMATION;
+
+typedef struct _FILE_OLE_DIR_INFORMATION {
+ ULONG NextEntryOffset;
+ ULONG FileIndex;
+ LARGE_INTEGER CreationTime;
+ LARGE_INTEGER LastAccessTime;
+ LARGE_INTEGER LastWriteTime;
+ LARGE_INTEGER ChangeTime;
+ LARGE_INTEGER EndOfFile;
+ LARGE_INTEGER AllocationSize;
+ ULONG FileAttributes;
+ ULONG FileNameLength;
+ FILE_STORAGE_TYPE StorageType;
+ GUID OleClassId;
+ ULONG OleStateBits;
+ BOOLEAN ContentIndexDisable;
+ BOOLEAN InheritContentIndexDisable;
+ WCHAR FileName[1];
+} FILE_OLE_DIR_INFORMATION, *PFILE_OLE_DIR_INFORMATION;
+
+typedef struct _FILE_OLE_INFORMATION {
+ LARGE_INTEGER SecurityChangeTime;
+ FILE_OLE_CLASSID_INFORMATION OleClassIdInformation;
+ FILE_OBJECTID_INFORMATION ObjectIdInformation;
+ FILE_STORAGE_TYPE StorageType;
+ ULONG OleStateBits;
+ BOOLEAN ContentIndexDisable;
+ BOOLEAN InheritContentIndexDisable;
+} FILE_OLE_INFORMATION, *PFILE_OLE_INFORMATION;
+
+typedef struct _FILE_OLE_STATE_BITS_INFORMATION {
+ ULONG StateBits;
+ ULONG StateBitsMask;
+} FILE_OLE_STATE_BITS_INFORMATION, *PFILE_OLE_STATE_BITS_INFORMATION;
+
+typedef struct _MAPPING_PAIR {
+ ULONGLONG Vcn;
+ ULONGLONG Lcn;
+} MAPPING_PAIR, *PMAPPING_PAIR;
+
+typedef struct _GET_RETRIEVAL_DESCRIPTOR {
+ ULONG NumberOfPairs;
+ ULONGLONG StartVcn;
+ MAPPING_PAIR Pair[1];
+} GET_RETRIEVAL_DESCRIPTOR, *PGET_RETRIEVAL_DESCRIPTOR;
+
+#define ASSERT_QUEUE(Q) ASSERT(((Q)->Header.Type & KOBJECT_TYPE_MASK) == QueueObject);
+
+typedef struct _MBCB {
+ CSHORT NodeTypeCode;
+ CSHORT NodeIsInZone;
+ ULONG PagesToWrite;
+ ULONG DirtyPages;
+ ULONG Reserved;
+ LIST_ENTRY BitmapRanges;
+ LONGLONG ResumeWritePage;
+ BITMAP_RANGE BitmapRange1;
+ BITMAP_RANGE BitmapRange2;
+ BITMAP_RANGE BitmapRange3;
+} MBCB, *PMBCB;
+
+typedef struct _MOVEFILE_DESCRIPTOR {
+ HANDLE FileHandle;
+ ULONG Reserved;
+ LARGE_INTEGER StartVcn;
+ LARGE_INTEGER TargetLcn;
+ ULONG NumVcns;
+ ULONG Reserved1;
+} MOVEFILE_DESCRIPTOR, *PMOVEFILE_DESCRIPTOR;
+
+typedef struct _OBJECT_BASIC_INFO {
+ ULONG Attributes;
+ ACCESS_MASK GrantedAccess;
+ ULONG HandleCount;
+ ULONG ReferenceCount;
+ ULONG PagedPoolUsage;
+ ULONG NonPagedPoolUsage;
+ ULONG Reserved[3];
+ ULONG NameInformationLength;
+ ULONG TypeInformationLength;
+ ULONG SecurityDescriptorLength;
+ LARGE_INTEGER CreateTime;
+} OBJECT_BASIC_INFO, *POBJECT_BASIC_INFO;
+
+typedef struct _OBJECT_HANDLE_ATTRIBUTE_INFO {
+ BOOLEAN Inherit;
+ BOOLEAN ProtectFromClose;
+} OBJECT_HANDLE_ATTRIBUTE_INFO, *POBJECT_HANDLE_ATTRIBUTE_INFO;
+
+typedef struct _OBJECT_NAME_INFO {
+ UNICODE_STRING ObjectName;
+ WCHAR ObjectNameBuffer[1];
+} OBJECT_NAME_INFO, *POBJECT_NAME_INFO;
+
+typedef struct _OBJECT_PROTECTION_INFO {
+ BOOLEAN Inherit;
+ BOOLEAN ProtectHandle;
+} OBJECT_PROTECTION_INFO, *POBJECT_PROTECTION_INFO;
+
+typedef struct _OBJECT_TYPE_INFO {
+ UNICODE_STRING ObjectTypeName;
+ UCHAR Unknown[0x58];
+ WCHAR ObjectTypeNameBuffer[1];
+} OBJECT_TYPE_INFO, *POBJECT_TYPE_INFO;
+
+typedef struct _OBJECT_ALL_TYPES_INFO {
+ ULONG NumberOfObjectTypes;
+ OBJECT_TYPE_INFO ObjectsTypeInfo[1];
+} OBJECT_ALL_TYPES_INFO, *POBJECT_ALL_TYPES_INFO;
+
+typedef enum _RTL_GENERIC_COMPARE_RESULTS
+{
+ GenericLessThan,
+ GenericGreaterThan,
+ GenericEqual
+} RTL_GENERIC_COMPARE_RESULTS;
+
+typedef enum _TABLE_SEARCH_RESULT
+{
+ TableEmptyTree,
+ TableFoundNode,
+ TableInsertAsLeft,
+ TableInsertAsRight
+} TABLE_SEARCH_RESULT;
-#define RtlLeftChild(Links) \
- ((PRTL_SPLAY_LINKS)(Links))->LeftChild
+typedef NTSTATUS
+(NTAPI *PRTL_AVL_MATCH_FUNCTION)(
+ struct _RTL_AVL_TABLE *Table,
+ PVOID UserData,
+ PVOID MatchData
+);
-#define RtlParent(Links) \
- ((PRTL_SPLAY_LINKS)(Links))->Parent
+typedef RTL_GENERIC_COMPARE_RESULTS
+(NTAPI *PRTL_AVL_COMPARE_ROUTINE) (
+ struct _RTL_AVL_TABLE *Table,
+ PVOID FirstStruct,
+ PVOID SecondStruct
+);
-#define RtlInitializeSplayLinks(Links) \
- { \
- PRTL_SPLAY_LINKS _SplayLinks; \
- _SplayLinks = (PRTL_SPLAY_LINKS)(Links); \
- _SplayLinks->Parent = _SplayLinks; \
- _SplayLinks->LeftChild = NULL; \
- _SplayLinks->RightChild = NULL; \
- }
+typedef RTL_GENERIC_COMPARE_RESULTS
+(NTAPI *PRTL_GENERIC_COMPARE_ROUTINE) (
+ struct _RTL_GENERIC_TABLE *Table,
+ PVOID FirstStruct,
+ PVOID SecondStruct
+);
-#define RtlInsertAsLeftChild(ParentLinks,ChildLinks) \
- { \
- PRTL_SPLAY_LINKS _SplayParent; \
- PRTL_SPLAY_LINKS _SplayChild; \
- _SplayParent = (PRTL_SPLAY_LINKS)(ParentLinks); \
- _SplayChild = (PRTL_SPLAY_LINKS)(ChildLinks); \
- _SplayParent->LeftChild = _SplayChild; \
- _SplayChild->Parent = _SplayParent; \
- }
+typedef PVOID
+(NTAPI *PRTL_GENERIC_ALLOCATE_ROUTINE) (
+ struct _RTL_GENERIC_TABLE *Table,
+ CLONG ByteSize
+);
-#define RtlInsertAsRightChild(ParentLinks,ChildLinks) \
- { \
- PRTL_SPLAY_LINKS _SplayParent; \
- PRTL_SPLAY_LINKS _SplayChild; \
- _SplayParent = (PRTL_SPLAY_LINKS)(ParentLinks); \
- _SplayChild = (PRTL_SPLAY_LINKS)(ChildLinks); \
- _SplayParent->RightChild = _SplayChild; \
- _SplayChild->Parent = _SplayParent; \
- }
+typedef VOID
+(NTAPI *PRTL_GENERIC_FREE_ROUTINE) (
+ struct _RTL_GENERIC_TABLE *Table,
+ PVOID Buffer
+);
+
+typedef PVOID
+(NTAPI *PRTL_AVL_ALLOCATE_ROUTINE) (
+ struct _RTL_AVL_TABLE *Table,
+ CLONG ByteSize
+);
+
+typedef VOID
+(NTAPI *PRTL_AVL_FREE_ROUTINE) (
+ struct _RTL_AVL_TABLE *Table,
+ PVOID Buffer
+);
+
+typedef struct _RTL_BALANCED_LINKS
+{
+ struct _RTL_BALANCED_LINKS *Parent;
+ struct _RTL_BALANCED_LINKS *LeftChild;
+ struct _RTL_BALANCED_LINKS *RightChild;
+ CHAR Balance;
+ UCHAR Reserved[3];
+} RTL_BALANCED_LINKS, *PRTL_BALANCED_LINKS;
+
+typedef struct _RTL_GENERIC_TABLE
+{
+ PRTL_SPLAY_LINKS TableRoot;
+ LIST_ENTRY InsertOrderList;
+ PLIST_ENTRY OrderedPointer;
+ ULONG WhichOrderedElement;
+ ULONG NumberGenericTableElements;
+ PRTL_GENERIC_COMPARE_ROUTINE CompareRoutine;
+ PRTL_GENERIC_ALLOCATE_ROUTINE AllocateRoutine;
+ PRTL_GENERIC_FREE_ROUTINE FreeRoutine;
+ PVOID TableContext;
+} RTL_GENERIC_TABLE, *PRTL_GENERIC_TABLE;
+
+#undef PRTL_GENERIC_COMPARE_ROUTINE
+#undef PRTL_GENERIC_ALLOCATE_ROUTINE
+#undef PRTL_GENERIC_FREE_ROUTINE
+#undef RTL_GENERIC_TABLE
+#undef PRTL_GENERIC_TABLE
+
+#define PRTL_GENERIC_COMPARE_ROUTINE PRTL_AVL_COMPARE_ROUTINE
+#define PRTL_GENERIC_ALLOCATE_ROUTINE PRTL_AVL_ALLOCATE_ROUTINE
+#define PRTL_GENERIC_FREE_ROUTINE PRTL_AVL_FREE_ROUTINE
+#define RTL_GENERIC_TABLE RTL_AVL_TABLE
+#define PRTL_GENERIC_TABLE PRTL_AVL_TABLE
+
+#define RtlInitializeGenericTable RtlInitializeGenericTableAvl
+#define RtlInsertElementGenericTable RtlInsertElementGenericTableAvl
+#define RtlInsertElementGenericTableFull RtlInsertElementGenericTableFullAvl
+#define RtlDeleteElementGenericTable RtlDeleteElementGenericTableAvl
+#define RtlLookupElementGenericTable RtlLookupElementGenericTableAvl
+#define RtlLookupElementGenericTableFull RtlLookupElementGenericTableFullAvl
+#define RtlEnumerateGenericTable RtlEnumerateGenericTableAvl
+#define RtlEnumerateGenericTableWithoutSplaying RtlEnumerateGenericTableWithoutSplayingAvl
+#define RtlGetElementGenericTable RtlGetElementGenericTableAvl
+#define RtlNumberGenericTableElements RtlNumberGenericTableElementsAvl
+#define RtlIsGenericTableEmpty RtlIsGenericTableEmptyAvl
+
+typedef struct _RTL_AVL_TABLE
+{
+ RTL_BALANCED_LINKS BalancedRoot;
+ PVOID OrderedPointer;
+ ULONG WhichOrderedElement;
+ ULONG NumberGenericTableElements;
+ ULONG DepthOfTree;
+ PRTL_BALANCED_LINKS RestartKey;
+ ULONG DeleteCount;
+ PRTL_AVL_COMPARE_ROUTINE CompareRoutine;
+ PRTL_AVL_ALLOCATE_ROUTINE AllocateRoutine;
+ PRTL_AVL_FREE_ROUTINE FreeRoutine;
+ PVOID TableContext;
+} RTL_AVL_TABLE, *PRTL_AVL_TABLE;
+
+NTSYSAPI
+VOID
+NTAPI
+RtlInitializeGenericTableAvl(
+ PRTL_AVL_TABLE Table,
+ PRTL_AVL_COMPARE_ROUTINE CompareRoutine,
+ PRTL_AVL_ALLOCATE_ROUTINE AllocateRoutine,
+ PRTL_AVL_FREE_ROUTINE FreeRoutine,
+ PVOID TableContext
+);
+NTSYSAPI
+PVOID
+NTAPI
+RtlInsertElementGenericTableAvl (
+ PRTL_AVL_TABLE Table,
+ PVOID Buffer,
+ CLONG BufferSize,
+ PBOOLEAN NewElement OPTIONAL
+ );
+
NTSYSAPI
BOOLEAN
NTAPI
-RtlValidSid (
- IN PSID Sid
+RtlDeleteElementGenericTableAvl (
+ PRTL_AVL_TABLE Table,
+ PVOID Buffer
+ );
+
+NTSYSAPI
+PVOID
+NTAPI
+RtlLookupElementGenericTableAvl (
+ PRTL_AVL_TABLE Table,
+ PVOID Buffer
+ );
+
+NTSYSAPI
+PVOID
+NTAPI
+RtlEnumerateGenericTableWithoutSplayingAvl (
+ PRTL_AVL_TABLE Table,
+ PVOID *RestartKey
+ );
+
+#if defined(USE_LPC6432)
+#define LPC_CLIENT_ID CLIENT_ID64
+#define LPC_SIZE_T ULONGLONG
+#define LPC_PVOID ULONGLONG
+#define LPC_HANDLE ULONGLONG
+#else
+#define LPC_CLIENT_ID CLIENT_ID
+#define LPC_SIZE_T SIZE_T
+#define LPC_PVOID PVOID
+#define LPC_HANDLE HANDLE
+#endif
+
+typedef struct _PORT_MESSAGE
+{
+ union
+ {
+ struct
+ {
+ CSHORT DataLength;
+ CSHORT TotalLength;
+ } s1;
+ ULONG Length;
+ } u1;
+ union
+ {
+ struct
+ {
+ CSHORT Type;
+ CSHORT DataInfoOffset;
+ } s2;
+ ULONG ZeroInit;
+ } u2;
+ __GNU_EXTENSION union
+ {
+ LPC_CLIENT_ID ClientId;
+ double DoNotUseThisField;
+ };
+ ULONG MessageId;
+ __GNU_EXTENSION union
+ {
+ LPC_SIZE_T ClientViewSize;
+ ULONG CallbackId;
+ };
+} PORT_MESSAGE, *PPORT_MESSAGE;
+
+#define LPC_KERNELMODE_MESSAGE (CSHORT)((USHORT)0x8000)
+
+typedef struct _PORT_VIEW
+{
+ ULONG Length;
+ LPC_HANDLE SectionHandle;
+ ULONG SectionOffset;
+ LPC_SIZE_T ViewSize;
+ LPC_PVOID ViewBase;
+ LPC_PVOID ViewRemoteBase;
+} PORT_VIEW, *PPORT_VIEW;
+
+typedef struct _REMOTE_PORT_VIEW
+{
+ ULONG Length;
+ LPC_SIZE_T ViewSize;
+ LPC_PVOID ViewBase;
+} REMOTE_PORT_VIEW, *PREMOTE_PORT_VIEW;
+
+typedef struct _VAD_HEADER {
+ PVOID StartVPN;
+ PVOID EndVPN;
+ struct _VAD_HEADER* ParentLink;
+ struct _VAD_HEADER* LeftLink;
+ struct _VAD_HEADER* RightLink;
+ ULONG Flags; /* LSB = CommitCharge */
+ PVOID ControlArea;
+ PVOID FirstProtoPte;
+ PVOID LastPTE;
+ ULONG Unknown;
+ LIST_ENTRY Secured;
+} VAD_HEADER, *PVAD_HEADER;
+
+NTKERNELAPI
+LARGE_INTEGER
+NTAPI
+CcGetLsnForFileObject (
+ IN PFILE_OBJECT FileObject,
+ OUT PLARGE_INTEGER OldestLsn OPTIONAL
);
-//
-// RTL time functions
-//
+#if (VER_PRODUCTBUILD >= 2600)
-NTSYSAPI
-BOOLEAN
-NTAPI
-RtlTimeToSecondsSince1980 (
- PLARGE_INTEGER Time,
- PULONG ElapsedSeconds
+#ifndef __NTOSKRNL__
+NTKERNELAPI
+VOID
+FASTCALL
+ExInitializeRundownProtection (
+ IN PEX_RUNDOWN_REF RunRef
);
-NTSYSAPI
+NTKERNELAPI
VOID
-NTAPI
-RtlSecondsSince1980ToTime (
- ULONG ElapsedSeconds,
- PLARGE_INTEGER Time
+FASTCALL
+ExReInitializeRundownProtection (
+ IN PEX_RUNDOWN_REF RunRef
);
-NTSYSAPI
+NTKERNELAPI
BOOLEAN
-NTAPI
-RtlTimeToSecondsSince1970 (
- PLARGE_INTEGER Time,
- PULONG ElapsedSeconds
+FASTCALL
+ExAcquireRundownProtection (
+ IN PEX_RUNDOWN_REF RunRef
);
-NTSYSAPI
-VOID
-NTAPI
-RtlSecondsSince1970ToTime (
- ULONG ElapsedSeconds,
- PLARGE_INTEGER Time
+NTKERNELAPI
+BOOLEAN
+FASTCALL
+ExAcquireRundownProtectionEx (
+ IN PEX_RUNDOWN_REF RunRef,
+ IN ULONG Count
);
NTKERNELAPI
-NTSTATUS
-NTAPI
-SeAppendPrivileges (
- PACCESS_STATE AccessState,
- PPRIVILEGE_SET Privileges
+VOID
+FASTCALL
+ExReleaseRundownProtection (
+ IN PEX_RUNDOWN_REF RunRef
);
NTKERNELAPI
-BOOLEAN
-NTAPI
-SeAuditingFileEvents (
- IN BOOLEAN AccessGranted,
- IN PSECURITY_DESCRIPTOR SecurityDescriptor
+VOID
+FASTCALL
+ExReleaseRundownProtectionEx (
+ IN PEX_RUNDOWN_REF RunRef,
+ IN ULONG Count
);
NTKERNELAPI
-BOOLEAN
-NTAPI
-SeAuditingFileOrGlobalEvents (
- IN BOOLEAN AccessGranted,
- IN PSECURITY_DESCRIPTOR SecurityDescriptor,
- IN PSECURITY_SUBJECT_CONTEXT SubjectContext
+VOID
+FASTCALL
+ExRundownCompleted (
+ IN PEX_RUNDOWN_REF RunRef
);
NTKERNELAPI
VOID
-NTAPI
-SeCaptureSubjectContext (
- OUT PSECURITY_SUBJECT_CONTEXT SubjectContext
+FASTCALL
+ExWaitForRundownProtectionRelease (
+ IN PEX_RUNDOWN_REF RunRef
);
+#endif
+#endif /* (VER_PRODUCTBUILD >= 2600) */
+
NTKERNELAPI
-NTSTATUS
+PVOID
NTAPI
-SeCreateClientSecurity (
- IN PETHREAD Thread,
- IN PSECURITY_QUALITY_OF_SERVICE QualityOfService,
- IN BOOLEAN RemoteClient,
- OUT PSECURITY_CLIENT_CONTEXT ClientContext
+FsRtlAllocatePool (
+ IN POOL_TYPE PoolType,
+ IN ULONG NumberOfBytes
);
-#if (VER_PRODUCTBUILD >= 2195)
-
NTKERNELAPI
-NTSTATUS
+PVOID
NTAPI
-SeCreateClientSecurityFromSubjectContext (
- IN PSECURITY_SUBJECT_CONTEXT SubjectContext,
- IN PSECURITY_QUALITY_OF_SERVICE QualityOfService,
- IN BOOLEAN ServerIsRemote,
- OUT PSECURITY_CLIENT_CONTEXT ClientContext
+FsRtlAllocatePoolWithQuota (
+ IN POOL_TYPE PoolType,
+ IN ULONG NumberOfBytes
);
-#endif /* (VER_PRODUCTBUILD >= 2195) */
-
-
-#define SeLengthSid( Sid ) \
- (8 + (4 * ((SID *)Sid)->SubAuthorityCount))
-
-#define SeDeleteClientSecurity(C) { \
- if (SeTokenType((C)->ClientToken) == TokenPrimary) { \
- PsDereferencePrimaryToken( (C)->ClientToken ); \
- } else { \
- PsDereferenceImpersonationToken( (C)->ClientToken ); \
- } \
-}
-
NTKERNELAPI
-VOID
+PVOID
NTAPI
-SeDeleteObjectAuditAlarm (
- IN PVOID Object,
- IN HANDLE Handle
+FsRtlAllocatePoolWithQuotaTag (
+ IN POOL_TYPE PoolType,
+ IN ULONG NumberOfBytes,
+ IN ULONG Tag
);
-#define SeEnableAccessToExports() SeExports = *(PSE_EXPORTS *)SeExports;
-
NTKERNELAPI
-VOID
+PVOID
NTAPI
-SeFreePrivileges (
- IN PPRIVILEGE_SET Privileges
+FsRtlAllocatePoolWithTag (
+ IN POOL_TYPE PoolType,
+ IN ULONG NumberOfBytes,
+ IN ULONG Tag
);
NTKERNELAPI
-VOID
+BOOLEAN
NTAPI
-SeImpersonateClient (
- IN PSECURITY_CLIENT_CONTEXT ClientContext,
- IN PETHREAD ServerThread OPTIONAL
+FsRtlIsFatDbcsLegal (
+ IN ANSI_STRING DbcsName,
+ IN BOOLEAN WildCardsPermissible,
+ IN BOOLEAN PathNamePermissible,
+ IN BOOLEAN LeadingBackslashPermissible
);
-#if (VER_PRODUCTBUILD >= 2195)
+extern PUSHORT NlsOemLeadByteInfo;
NTKERNELAPI
-NTSTATUS
+BOOLEAN
NTAPI
-SeImpersonateClientEx (
- IN PSECURITY_CLIENT_CONTEXT ClientContext,
- IN PETHREAD ServerThread OPTIONAL
+FsRtlMdlReadComplete (
+ IN PFILE_OBJECT FileObject,
+ IN PMDL MdlChain
);
-#endif /* (VER_PRODUCTBUILD >= 2195) */
-
NTKERNELAPI
-VOID
+BOOLEAN
NTAPI
-SeLockSubjectContext (
- IN PSECURITY_SUBJECT_CONTEXT SubjectContext
+FsRtlMdlWriteComplete (
+ IN PFILE_OBJECT FileObject,
+ IN PLARGE_INTEGER FileOffset,
+ IN PMDL MdlChain
);
NTKERNELAPI
-NTSTATUS
+VOID
NTAPI
-SeMarkLogonSessionForTerminationNotification (
- IN PLUID LogonId
+FsRtlNotifyChangeDirectory (
+ IN PNOTIFY_SYNC NotifySync,
+ IN PVOID FsContext,
+ IN PSTRING FullDirectoryName,
+ IN PLIST_ENTRY NotifyList,
+ IN BOOLEAN WatchTree,
+ IN ULONG CompletionFilter,
+ IN PIRP NotifyIrp
);
NTKERNELAPI
-VOID
+NTSTATUS
NTAPI
-SeOpenObjectAuditAlarm (
- IN PUNICODE_STRING ObjectTypeName,
- IN PVOID Object OPTIONAL,
- IN PUNICODE_STRING AbsoluteObjectName OPTIONAL,
- IN PSECURITY_DESCRIPTOR SecurityDescriptor,
- IN PACCESS_STATE AccessState,
- IN BOOLEAN ObjectCreated,
- IN BOOLEAN AccessGranted,
- IN KPROCESSOR_MODE AccessMode,
- OUT PBOOLEAN GenerateOnClose
+IoAttachDeviceToDeviceStackSafe(
+ IN PDEVICE_OBJECT SourceDevice,
+ IN PDEVICE_OBJECT TargetDevice,
+ OUT PDEVICE_OBJECT *AttachedToDeviceObject
);
NTKERNELAPI
-VOID
+NTSTATUS
NTAPI
-SeOpenObjectForDeleteAuditAlarm (
- IN PUNICODE_STRING ObjectTypeName,
- IN PVOID Object OPTIONAL,
- IN PUNICODE_STRING AbsoluteObjectName OPTIONAL,
- IN PSECURITY_DESCRIPTOR SecurityDescriptor,
- IN PACCESS_STATE AccessState,
- IN BOOLEAN ObjectCreated,
- IN BOOLEAN AccessGranted,
+ObCreateObject (
+ IN KPROCESSOR_MODE ObjectAttributesAccessMode OPTIONAL,
+ IN POBJECT_TYPE ObjectType,
+ IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
IN KPROCESSOR_MODE AccessMode,
- OUT PBOOLEAN GenerateOnClose
+ IN OUT PVOID ParseContext OPTIONAL,
+ IN ULONG ObjectSize,
+ IN ULONG PagedPoolCharge OPTIONAL,
+ IN ULONG NonPagedPoolCharge OPTIONAL,
+ OUT PVOID *Object
);
NTKERNELAPI
-BOOLEAN
+ULONG
NTAPI
-SePrivilegeCheck (
- IN OUT PPRIVILEGE_SET RequiredPrivileges,
- IN PSECURITY_SUBJECT_CONTEXT SubjectContext,
- IN KPROCESSOR_MODE AccessMode
+ObGetObjectPointerCount (
+ IN PVOID Object
);
NTKERNELAPI
NTSTATUS
NTAPI
-SeQueryAuthenticationIdToken (
- IN PACCESS_TOKEN Token,
- OUT PLUID LogonId
+ObReferenceObjectByName (
+ IN PUNICODE_STRING ObjectName,
+ IN ULONG Attributes,
+ IN PACCESS_STATE PassedAccessState OPTIONAL,
+ IN ACCESS_MASK DesiredAccess OPTIONAL,
+ IN POBJECT_TYPE ObjectType,
+ IN KPROCESSOR_MODE AccessMode,
+ IN OUT PVOID ParseContext OPTIONAL,
+ OUT PVOID *Object
);
-#if (VER_PRODUCTBUILD >= 2195)
+#if (NTDDI_VERSION >= NTDDI_WIN2K)
NTKERNELAPI
NTSTATUS
NTAPI
-SeQueryInformationToken (
- IN PACCESS_TOKEN Token,
- IN TOKEN_INFORMATION_CLASS TokenInformationClass,
- OUT PVOID *TokenInformation
-);
-
-#endif /* (VER_PRODUCTBUILD >= 2195) */
+PsAssignImpersonationToken(
+ IN PETHREAD Thread,
+ IN HANDLE Token OPTIONAL);
NTKERNELAPI
-NTSTATUS
+HANDLE
NTAPI
-SeQuerySecurityDescriptorInfo (
- IN PSECURITY_INFORMATION SecurityInformation,
- OUT PSECURITY_DESCRIPTOR SecurityDescriptor,
- IN OUT PULONG Length,
- IN PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor
-);
+PsReferencePrimaryToken(
+ IN OUT PEPROCESS Process);
-#if (VER_PRODUCTBUILD >= 2195)
+#endif
+
+#define PsDereferenceImpersonationToken(T) \
+ {if (ARGUMENT_PRESENT(T)) { \
+ (ObDereferenceObject((T))); \
+ } else { \
+ ; \
+ } \
+}
NTKERNELAPI
NTSTATUS
NTAPI
-SeQuerySessionIdToken (
- IN PACCESS_TOKEN Token,
- IN PULONG SessionId
+PsLookupProcessThreadByCid (
+ IN PCLIENT_ID Cid,
+ OUT PEPROCESS *Process OPTIONAL,
+ OUT PETHREAD *Thread
);
-#endif /* (VER_PRODUCTBUILD >= 2195) */
-
-#define SeQuerySubjectContextToken( SubjectContext ) \
- ( ARGUMENT_PRESENT( \
- ((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->ClientToken \
- ) ? \
- ((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->ClientToken : \
- ((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->PrimaryToken )
+NTSYSAPI
+VOID
+NTAPI
+RtlSecondsSince1970ToTime (
+ IN ULONG SecondsSince1970,
+ OUT PLARGE_INTEGER Time
+);
-typedef NTSTATUS (NTAPI *PSE_LOGON_SESSION_TERMINATED_ROUTINE) (
- IN PLUID LogonId
+NTSYSAPI
+NTSTATUS
+NTAPI
+RtlSetSaclSecurityDescriptor (
+ IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor,
+ IN BOOLEAN SaclPresent,
+ IN PACL Sacl,
+ IN BOOLEAN SaclDefaulted
);
-NTKERNELAPI
+NTSYSAPI
NTSTATUS
NTAPI
-SeRegisterLogonSessionTerminatedRoutine (
- IN PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine
+RtlUnicodeStringToCountedOemString (
+ IN OUT POEM_STRING DestinationString,
+ IN PCUNICODE_STRING SourceString,
+ IN BOOLEAN AllocateDestinationString
);
-NTKERNELAPI
+/* RTL Splay Tree Functions */
+NTSYSAPI
+PRTL_SPLAY_LINKS
+NTAPI
+RtlSplay(PRTL_SPLAY_LINKS Links);
+
+NTSYSAPI
+PRTL_SPLAY_LINKS
+NTAPI
+RtlDelete(PRTL_SPLAY_LINKS Links);
+
+NTSYSAPI
VOID
NTAPI
-SeReleaseSubjectContext (
- IN PSECURITY_SUBJECT_CONTEXT SubjectContext
+RtlDeleteNoSplay(
+ PRTL_SPLAY_LINKS Links,
+ PRTL_SPLAY_LINKS *Root
);
-NTKERNELAPI
-VOID
+NTSYSAPI
+PRTL_SPLAY_LINKS
+NTAPI
+RtlSubtreeSuccessor(PRTL_SPLAY_LINKS Links);
+
+NTSYSAPI
+PRTL_SPLAY_LINKS
+NTAPI
+RtlSubtreePredecessor(PRTL_SPLAY_LINKS Links);
+
+NTSYSAPI
+PRTL_SPLAY_LINKS
NTAPI
-SeSetAccessStateGenericMapping (
- PACCESS_STATE AccessState,
- PGENERIC_MAPPING GenericMapping
-);
+RtlRealSuccessor(PRTL_SPLAY_LINKS Links);
-NTKERNELAPI
-NTSTATUS
+NTSYSAPI
+PRTL_SPLAY_LINKS
NTAPI
-SeSetSecurityDescriptorInfo (
- IN PVOID Object OPTIONAL,
- IN PSECURITY_INFORMATION SecurityInformation,
- IN PSECURITY_DESCRIPTOR SecurityDescriptor,
- IN OUT PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor,
- IN POOL_TYPE PoolType,
- IN PGENERIC_MAPPING GenericMapping
-);
+RtlRealPredecessor(PRTL_SPLAY_LINKS Links);
-#if (VER_PRODUCTBUILD >= 2195)
+#define RtlIsLeftChild(Links) \
+ (RtlLeftChild(RtlParent(Links)) == (PRTL_SPLAY_LINKS)(Links))
-NTKERNELAPI
-NTSTATUS
-NTAPI
-SeSetSecurityDescriptorInfoEx (
- IN PVOID Object OPTIONAL,
- IN PSECURITY_INFORMATION SecurityInformation,
- IN PSECURITY_DESCRIPTOR ModificationDescriptor,
- IN OUT PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor,
- IN ULONG AutoInheritFlags,
- IN POOL_TYPE PoolType,
- IN PGENERIC_MAPPING GenericMapping
-);
+#define RtlIsRightChild(Links) \
+ (RtlRightChild(RtlParent(Links)) == (PRTL_SPLAY_LINKS)(Links))
-NTKERNELAPI
-BOOLEAN
-NTAPI
-SeTokenIsAdmin (
- IN PACCESS_TOKEN Token
-);
+#define RtlRightChild(Links) \
+ ((PRTL_SPLAY_LINKS)(Links))->RightChild
-NTKERNELAPI
-BOOLEAN
-NTAPI
-SeTokenIsRestricted (
- IN PACCESS_TOKEN Token
-);
+#define RtlIsRoot(Links) \
+ (RtlParent(Links) == (PRTL_SPLAY_LINKS)(Links))
+#define RtlLeftChild(Links) \
+ ((PRTL_SPLAY_LINKS)(Links))->LeftChild
-NTSTATUS
-NTAPI
-SeLocateProcessImageName(
- IN PEPROCESS Process,
- OUT PUNICODE_STRING *pImageFileName
-);
+#define RtlParent(Links) \
+ ((PRTL_SPLAY_LINKS)(Links))->Parent
-#endif /* (VER_PRODUCTBUILD >= 2195) */
+#define RtlInitializeSplayLinks(Links) \
+ { \
+ PRTL_SPLAY_LINKS _SplayLinks; \
+ _SplayLinks = (PRTL_SPLAY_LINKS)(Links); \
+ _SplayLinks->Parent = _SplayLinks; \
+ _SplayLinks->LeftChild = NULL; \
+ _SplayLinks->RightChild = NULL; \
+ }
-NTKERNELAPI
-TOKEN_TYPE
-NTAPI
-SeTokenType (
- IN PACCESS_TOKEN Token
-);
+#define RtlInsertAsLeftChild(ParentLinks,ChildLinks) \
+ { \
+ PRTL_SPLAY_LINKS _SplayParent; \
+ PRTL_SPLAY_LINKS _SplayChild; \
+ _SplayParent = (PRTL_SPLAY_LINKS)(ParentLinks); \
+ _SplayChild = (PRTL_SPLAY_LINKS)(ChildLinks); \
+ _SplayParent->LeftChild = _SplayChild; \
+ _SplayChild->Parent = _SplayParent; \
+ }
-NTKERNELAPI
-VOID
-NTAPI
-SeUnlockSubjectContext (
- IN PSECURITY_SUBJECT_CONTEXT SubjectContext
-);
+#define RtlInsertAsRightChild(ParentLinks,ChildLinks) \
+ { \
+ PRTL_SPLAY_LINKS _SplayParent; \
+ PRTL_SPLAY_LINKS _SplayChild; \
+ _SplayParent = (PRTL_SPLAY_LINKS)(ParentLinks); \
+ _SplayChild = (PRTL_SPLAY_LINKS)(ChildLinks); \
+ _SplayParent->RightChild = _SplayChild; \
+ _SplayChild->Parent = _SplayParent; \
+ }
-NTKERNELAPI
-NTSTATUS
-NTAPI
-SeUnregisterLogonSessionTerminatedRoutine (
- IN PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine
-);
+//
+// RTL time functions
+//
+
+#define SeEnableAccessToExports() SeExports = *(PSE_EXPORTS *)SeExports;
#if (VER_PRODUCTBUILD >= 2195)
IN HANDLE ThreadHandle
);
-NTSYSAPI
-NTSTATUS
-NTAPI
-ZwAllocateVirtualMemory (
- IN HANDLE ProcessHandle,
- IN OUT PVOID *BaseAddress,
- IN ULONG_PTR ZeroBits,
- IN OUT PSIZE_T RegionSize,
- IN ULONG AllocationType,
- IN ULONG Protect
-);
-
-NTSTATUS
-NTAPI
-NtAccessCheckByTypeAndAuditAlarm(
- IN PUNICODE_STRING SubsystemName,
- IN HANDLE HandleId,
- IN PUNICODE_STRING ObjectTypeName,
- IN PUNICODE_STRING ObjectName,
- IN PSECURITY_DESCRIPTOR SecurityDescriptor,
- IN PSID PrincipalSelfSid,
- IN ACCESS_MASK DesiredAccess,
- IN AUDIT_EVENT_TYPE AuditType,
- IN ULONG Flags,
- IN POBJECT_TYPE_LIST ObjectTypeList,
- IN ULONG ObjectTypeLength,
- IN PGENERIC_MAPPING GenericMapping,
- IN BOOLEAN ObjectCreation,
- OUT PACCESS_MASK GrantedAccess,
- OUT PNTSTATUS AccessStatus,
- OUT PBOOLEAN GenerateOnClose
-);
-
-NTSTATUS
-NTAPI
-NtAccessCheckByTypeResultListAndAuditAlarm(
- IN PUNICODE_STRING SubsystemName,
- IN HANDLE HandleId,
- IN PUNICODE_STRING ObjectTypeName,
- IN PUNICODE_STRING ObjectName,
- IN PSECURITY_DESCRIPTOR SecurityDescriptor,
- IN PSID PrincipalSelfSid,
- IN ACCESS_MASK DesiredAccess,
- IN AUDIT_EVENT_TYPE AuditType,
- IN ULONG Flags,
- IN POBJECT_TYPE_LIST ObjectTypeList,
- IN ULONG ObjectTypeLength,
- IN PGENERIC_MAPPING GenericMapping,
- IN BOOLEAN ObjectCreation,
- OUT PACCESS_MASK GrantedAccess,
- OUT PNTSTATUS AccessStatus,
- OUT PBOOLEAN GenerateOnClose
-);
-
-NTSTATUS
-NTAPI
-NtAccessCheckByTypeResultListAndAuditAlarmByHandle(
- IN PUNICODE_STRING SubsystemName,
- IN HANDLE HandleId,
- IN HANDLE ClientToken,
- IN PUNICODE_STRING ObjectTypeName,
- IN PUNICODE_STRING ObjectName,
- IN PSECURITY_DESCRIPTOR SecurityDescriptor,
- IN PSID PrincipalSelfSid,
- IN ACCESS_MASK DesiredAccess,
- IN AUDIT_EVENT_TYPE AuditType,
- IN ULONG Flags,
- IN POBJECT_TYPE_LIST ObjectTypeList,
- IN ULONG ObjectTypeLength,
- IN PGENERIC_MAPPING GenericMapping,
- IN BOOLEAN ObjectCreation,
- OUT PACCESS_MASK GrantedAccess,
- OUT PNTSTATUS AccessStatus,
- OUT PBOOLEAN GenerateOnClose
-);
-
NTSYSAPI
NTSTATUS
NTAPI
IN PUNICODE_STRING TargetName
);
-NTSYSAPI
-NTSTATUS
-NTAPI
-ZwDeleteFile (
- IN POBJECT_ATTRIBUTES ObjectAttributes
-);
-
NTSYSAPI
NTSTATUS
NTAPI
);
-#if (NTDDI_VERSION >= NTDDI_WIN2K)
-NTSYSAPI
-NTSTATUS
-NTAPI
-ZwDeviceIoControlFile (
- IN HANDLE FileHandle,
- IN HANDLE Event OPTIONAL,
- IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
- IN PVOID ApcContext OPTIONAL,
- OUT PIO_STATUS_BLOCK IoStatusBlock,
- IN ULONG IoControlCode,
- IN PVOID InputBuffer OPTIONAL,
- IN ULONG InputBufferLength,
- OUT PVOID OutputBuffer OPTIONAL,
- IN ULONG OutputBufferLength);
-#endif
-
NTSYSAPI
NTSTATUS
NTAPI
IN PUNICODE_STRING String
);
-NTSYSAPI
-NTSTATUS
-NTAPI
-ZwDuplicateObject (
- IN HANDLE SourceProcessHandle,
- IN HANDLE SourceHandle,
- IN HANDLE TargetProcessHandle OPTIONAL,
- OUT PHANDLE TargetHandle OPTIONAL,
- IN ACCESS_MASK DesiredAccess,
- IN ULONG HandleAttributes,
- IN ULONG Options
-);
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-ZwDuplicateToken (
- IN HANDLE ExistingTokenHandle,
- IN ACCESS_MASK DesiredAccess,
- IN POBJECT_ATTRIBUTES ObjectAttributes,
- IN BOOLEAN EffectiveOnly,
- IN TOKEN_TYPE TokenType,
- OUT PHANDLE NewTokenHandle
-);
-
-NTSTATUS
-NTAPI
-NtFilterToken(
- IN HANDLE ExistingTokenHandle,
- IN ULONG Flags,
- IN PTOKEN_GROUPS SidsToDisable OPTIONAL,
- IN PTOKEN_PRIVILEGES PrivilegesToDelete OPTIONAL,
- IN PTOKEN_GROUPS RestrictedSids OPTIONAL,
- OUT PHANDLE NewTokenHandle
-);
-
NTSYSAPI
NTSTATUS
NTAPI
#if (VER_PRODUCTBUILD >= 2195)
-NTSYSAPI
-NTSTATUS
-NTAPI
-ZwFlushVirtualMemory (
- IN HANDLE ProcessHandle,
- IN OUT PVOID *BaseAddress,
- IN OUT PULONG FlushSize,
- OUT PIO_STATUS_BLOCK IoStatusBlock
-);
-
-#endif /* (VER_PRODUCTBUILD >= 2195) */
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-ZwFreeVirtualMemory (
- IN HANDLE ProcessHandle,
- IN OUT PVOID *BaseAddress,
- IN OUT PSIZE_T RegionSize,
- IN ULONG FreeType
-);
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-ZwFsControlFile (
- IN HANDLE FileHandle,
- IN HANDLE Event OPTIONAL,
- IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
- IN PVOID ApcContext OPTIONAL,
- OUT PIO_STATUS_BLOCK IoStatusBlock,
- IN ULONG FsControlCode,
- IN PVOID InputBuffer OPTIONAL,
- IN ULONG InputBufferLength,
- OUT PVOID OutputBuffer OPTIONAL,
- IN ULONG OutputBufferLength
-);
-
-#if (VER_PRODUCTBUILD >= 2195)
-
NTSYSAPI
NTSTATUS
NTAPI
IN POBJECT_ATTRIBUTES FileObjectAttributes
);
-NTSYSAPI
-NTSTATUS
-NTAPI
-ZwNotifyChangeKey (
- IN HANDLE KeyHandle,
- IN HANDLE EventHandle OPTIONAL,
- IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
- IN PVOID ApcContext OPTIONAL,
- OUT PIO_STATUS_BLOCK IoStatusBlock,
- IN ULONG NotifyFilter,
- IN BOOLEAN WatchSubtree,
- IN PVOID Buffer,
- IN ULONG BufferLength,
- IN BOOLEAN Asynchronous
-);
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-ZwOpenDirectoryObject (
- OUT PHANDLE DirectoryHandle,
- IN ACCESS_MASK DesiredAccess,
- IN POBJECT_ATTRIBUTES ObjectAttributes
-);
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-ZwOpenEvent (
- OUT PHANDLE EventHandle,
- IN ACCESS_MASK DesiredAccess,
- IN POBJECT_ATTRIBUTES ObjectAttributes
-);
-
NTSYSAPI
NTSTATUS
NTAPI
OUT PLCID Locale
);
-NTSYSAPI
-NTSTATUS
-NTAPI
-ZwQueryDirectoryFile (
- IN HANDLE FileHandle,
- IN HANDLE Event OPTIONAL,
- IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
- IN PVOID ApcContext OPTIONAL,
- OUT PIO_STATUS_BLOCK IoStatusBlock,
- OUT PVOID FileInformation,
- IN ULONG Length,
- IN FILE_INFORMATION_CLASS FileInformationClass,
- IN BOOLEAN ReturnSingleEntry,
- IN PUNICODE_STRING FileName OPTIONAL,
- IN BOOLEAN RestartScan
-);
-
#if (VER_PRODUCTBUILD >= 2195)
NTSYSAPI
OUT PULONG ReturnLength OPTIONAL
);
-NTSYSAPI
-NTSTATUS
-NTAPI
-ZwQueryEaFile (
- IN HANDLE FileHandle,
- OUT PIO_STATUS_BLOCK IoStatusBlock,
- OUT PVOID Buffer,
- IN ULONG Length,
- IN BOOLEAN ReturnSingleEntry,
- IN PVOID EaList OPTIONAL,
- IN ULONG EaListLength,
- IN PULONG EaIndex OPTIONAL,
- IN BOOLEAN RestartScan
-);
-
#endif /* (VER_PRODUCTBUILD >= 2195) */
NTSYSAPI
OUT PULONG ReturnLength OPTIONAL
);
-NTSYSAPI
-NTSTATUS
-NTAPI
-ZwQueryInformationToken (
- IN HANDLE TokenHandle,
- IN TOKEN_INFORMATION_CLASS TokenInformationClass,
- OUT PVOID TokenInformation,
- IN ULONG Length,
- OUT PULONG ResultLength
-);
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-ZwQuerySecurityObject (
- IN HANDLE FileHandle,
- IN SECURITY_INFORMATION SecurityInformation,
- OUT PSECURITY_DESCRIPTOR SecurityDescriptor,
- IN ULONG Length,
- OUT PULONG ResultLength
-);
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-ZwQueryVolumeInformationFile (
- IN HANDLE FileHandle,
- OUT PIO_STATUS_BLOCK IoStatusBlock,
- OUT PVOID FsInformation,
- IN ULONG Length,
- IN FS_INFORMATION_CLASS FsInformationClass
-);
-
NTSYSAPI
NTSTATUS
NTAPI
IN LANGID LanguageId
);
-NTSYSAPI
-NTSTATUS
-NTAPI
-ZwSetEaFile (
- IN HANDLE FileHandle,
- OUT PIO_STATUS_BLOCK IoStatusBlock,
- OUT PVOID Buffer,
- IN ULONG Length
-);
-
#endif /* (VER_PRODUCTBUILD >= 2195) */
-NTSYSAPI
-NTSTATUS
-NTAPI
-ZwSetEvent (
- IN HANDLE EventHandle,
- OUT PLONG PreviousState OPTIONAL
-);
-
NTSYSAPI
NTSTATUS
NTAPI
IN ULONG ProcessInformationLength
);
-#if (VER_PRODUCTBUILD >= 2195)
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-ZwSetSecurityObject (
- IN HANDLE Handle,
- IN SECURITY_INFORMATION SecurityInformation,
- IN PSECURITY_DESCRIPTOR SecurityDescriptor
-);
-
-#endif /* (VER_PRODUCTBUILD >= 2195) */
-
NTSYSAPI
NTSTATUS
NTAPI
OUT PLARGE_INTEGER OldTime OPTIONAL
);
-#if (VER_PRODUCTBUILD >= 2195)
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-ZwSetVolumeInformationFile (
- IN HANDLE FileHandle,
- OUT PIO_STATUS_BLOCK IoStatusBlock,
- IN PVOID FsInformation,
- IN ULONG Length,
- IN FS_INFORMATION_CLASS FsInformationClass
-);
-
-#endif /* (VER_PRODUCTBUILD >= 2195) */
-
NTSYSAPI
NTSTATUS
NTAPI
IN POBJECT_ATTRIBUTES KeyObjectAttributes
);
-#if (NTDDI_VERSION >= NTDDI_WIN2K)
-NTSYSAPI
-NTSTATUS
-NTAPI
-ZwWaitForSingleObject (
- IN HANDLE Handle,
- IN BOOLEAN Alertable,
- IN PLARGE_INTEGER Timeout OPTIONAL);
-#endif
-
NTSYSAPI
NTSTATUS
NTAPI
#ifdef __cplusplus
}
#endif
-
-#endif /* _NTIFS_ */