extern "C" {
#endif
+
/* Dependencies */
#include <ntddk.h>
#include <excpt.h>
/******************************************************************************
* Security Manager Types *
******************************************************************************/
+
#ifndef SID_IDENTIFIER_AUTHORITY_DEFINED
#define SID_IDENTIFIER_AUTHORITY_DEFINED
typedef struct _SID_IDENTIFIER_AUTHORITY {
/* Universal well-known SIDs */
#define SECURITY_NULL_SID_AUTHORITY {0,0,0,0,0,0}
+
+/* S-1-1 */
#define SECURITY_WORLD_SID_AUTHORITY {0,0,0,0,0,1}
+
+/* S-1-2 */
#define SECURITY_LOCAL_SID_AUTHORITY {0,0,0,0,0,2}
+
+/* S-1-3 */
#define SECURITY_CREATOR_SID_AUTHORITY {0,0,0,0,0,3}
+
+/* S-1-4 */
#define SECURITY_NON_UNIQUE_AUTHORITY {0,0,0,0,0,4}
+
#define SECURITY_RESOURCE_MANAGER_AUTHORITY {0,0,0,0,0,9}
-#define SECURITY_NULL_RID (0x00000000L)
-#define SECURITY_WORLD_RID (0x00000000L)
-#define SECURITY_LOCAL_RID (0x00000000L)
-#define SECURITY_LOCAL_LOGON_RID (0x00000001L)
+#define SECURITY_NULL_RID (0x00000000L)
+#define SECURITY_WORLD_RID (0x00000000L)
+#define SECURITY_LOCAL_RID (0x00000000L)
+#define SECURITY_LOCAL_LOGON_RID (0x00000001L)
-#define SECURITY_CREATOR_OWNER_RID (0x00000000L)
-#define SECURITY_CREATOR_GROUP_RID (0x00000001L)
-#define SECURITY_CREATOR_OWNER_SERVER_RID (0x00000002L)
-#define SECURITY_CREATOR_GROUP_SERVER_RID (0x00000003L)
-#define SECURITY_CREATOR_OWNER_RIGHTS_RID (0x00000004L)
+#define SECURITY_CREATOR_OWNER_RID (0x00000000L)
+#define SECURITY_CREATOR_GROUP_RID (0x00000001L)
+#define SECURITY_CREATOR_OWNER_SERVER_RID (0x00000002L)
+#define SECURITY_CREATOR_GROUP_SERVER_RID (0x00000003L)
+#define SECURITY_CREATOR_OWNER_RIGHTS_RID (0x00000004L)
/* NT well-known SIDs */
-#define SECURITY_NT_AUTHORITY {0,0,0,0,0,5}
-
-#define SECURITY_DIALUP_RID (0x00000001L)
-#define SECURITY_NETWORK_RID (0x00000002L)
-#define SECURITY_BATCH_RID (0x00000003L)
-#define SECURITY_INTERACTIVE_RID (0x00000004L)
-#define SECURITY_LOGON_IDS_RID (0x00000005L)
-#define SECURITY_LOGON_IDS_RID_COUNT (3L)
-#define SECURITY_SERVICE_RID (0x00000006L)
-#define SECURITY_ANONYMOUS_LOGON_RID (0x00000007L)
-#define SECURITY_PROXY_RID (0x00000008L)
-#define SECURITY_ENTERPRISE_CONTROLLERS_RID (0x00000009L)
-#define SECURITY_SERVER_LOGON_RID SECURITY_ENTERPRISE_CONTROLLERS_RID
-#define SECURITY_PRINCIPAL_SELF_RID (0x0000000AL)
-#define SECURITY_AUTHENTICATED_USER_RID (0x0000000BL)
-#define SECURITY_RESTRICTED_CODE_RID (0x0000000CL)
-#define SECURITY_TERMINAL_SERVER_RID (0x0000000DL)
-#define SECURITY_REMOTE_LOGON_RID (0x0000000EL)
-#define SECURITY_THIS_ORGANIZATION_RID (0x0000000FL)
-#define SECURITY_IUSER_RID (0x00000011L)
-#define SECURITY_LOCAL_SYSTEM_RID (0x00000012L)
-#define SECURITY_LOCAL_SERVICE_RID (0x00000013L)
-#define SECURITY_NETWORK_SERVICE_RID (0x00000014L)
-#define SECURITY_NT_NON_UNIQUE (0x00000015L)
-#define SECURITY_NT_NON_UNIQUE_SUB_AUTH_COUNT (3L)
+/* S-1-5 */
+#define SECURITY_NT_AUTHORITY {0,0,0,0,0,5}
+
+#define SECURITY_DIALUP_RID (0x00000001L)
+#define SECURITY_NETWORK_RID (0x00000002L)
+#define SECURITY_BATCH_RID (0x00000003L)
+#define SECURITY_INTERACTIVE_RID (0x00000004L)
+#define SECURITY_LOGON_IDS_RID (0x00000005L)
+#define SECURITY_LOGON_IDS_RID_COUNT (3L)
+#define SECURITY_SERVICE_RID (0x00000006L)
+#define SECURITY_ANONYMOUS_LOGON_RID (0x00000007L)
+#define SECURITY_PROXY_RID (0x00000008L)
+#define SECURITY_ENTERPRISE_CONTROLLERS_RID (0x00000009L)
+#define SECURITY_SERVER_LOGON_RID SECURITY_ENTERPRISE_CONTROLLERS_RID
+#define SECURITY_PRINCIPAL_SELF_RID (0x0000000AL)
+#define SECURITY_AUTHENTICATED_USER_RID (0x0000000BL)
+#define SECURITY_RESTRICTED_CODE_RID (0x0000000CL)
+#define SECURITY_TERMINAL_SERVER_RID (0x0000000DL)
+#define SECURITY_REMOTE_LOGON_RID (0x0000000EL)
+#define SECURITY_THIS_ORGANIZATION_RID (0x0000000FL)
+#define SECURITY_IUSER_RID (0x00000011L)
+#define SECURITY_LOCAL_SYSTEM_RID (0x00000012L)
+#define SECURITY_LOCAL_SERVICE_RID (0x00000013L)
+#define SECURITY_NETWORK_SERVICE_RID (0x00000014L)
+#define SECURITY_NT_NON_UNIQUE (0x00000015L)
+#define SECURITY_NT_NON_UNIQUE_SUB_AUTH_COUNT (3L)
#define SECURITY_ENTERPRISE_READONLY_CONTROLLERS_RID (0x00000016L)
-#define SECURITY_BUILTIN_DOMAIN_RID (0x00000020L)
+#define SECURITY_BUILTIN_DOMAIN_RID (0x00000020L)
#define SECURITY_WRITE_RESTRICTED_CODE_RID (0x00000021L)
-#define SECURITY_PACKAGE_BASE_RID (0x00000040L)
-#define SECURITY_PACKAGE_RID_COUNT (2L)
-#define SECURITY_PACKAGE_NTLM_RID (0x0000000AL)
-#define SECURITY_PACKAGE_SCHANNEL_RID (0x0000000EL)
-#define SECURITY_PACKAGE_DIGEST_RID (0x00000015L)
-
-#define SECURITY_CRED_TYPE_BASE_RID (0x00000041L)
-#define SECURITY_CRED_TYPE_RID_COUNT (2L)
-#define SECURITY_CRED_TYPE_THIS_ORG_CERT_RID (0x00000001L)
-
-#define SECURITY_MIN_BASE_RID (0x00000050L)
-#define SECURITY_SERVICE_ID_BASE_RID (0x00000050L)
-#define SECURITY_SERVICE_ID_RID_COUNT (6L)
-#define SECURITY_RESERVED_ID_BASE_RID (0x00000051L)
-#define SECURITY_APPPOOL_ID_BASE_RID (0x00000052L)
-#define SECURITY_APPPOOL_ID_RID_COUNT (6L)
-#define SECURITY_VIRTUALSERVER_ID_BASE_RID (0x00000053L)
-#define SECURITY_VIRTUALSERVER_ID_RID_COUNT (6L)
-#define SECURITY_USERMODEDRIVERHOST_ID_BASE_RID (0x00000054L)
-#define SECURITY_USERMODEDRIVERHOST_ID_RID_COUNT (6L)
+#define SECURITY_PACKAGE_BASE_RID (0x00000040L)
+#define SECURITY_PACKAGE_RID_COUNT (2L)
+#define SECURITY_PACKAGE_NTLM_RID (0x0000000AL)
+#define SECURITY_PACKAGE_SCHANNEL_RID (0x0000000EL)
+#define SECURITY_PACKAGE_DIGEST_RID (0x00000015L)
+
+#define SECURITY_CRED_TYPE_BASE_RID (0x00000041L)
+#define SECURITY_CRED_TYPE_RID_COUNT (2L)
+#define SECURITY_CRED_TYPE_THIS_ORG_CERT_RID (0x00000001L)
+
+#define SECURITY_MIN_BASE_RID (0x00000050L)
+#define SECURITY_SERVICE_ID_BASE_RID (0x00000050L)
+#define SECURITY_SERVICE_ID_RID_COUNT (6L)
+#define SECURITY_RESERVED_ID_BASE_RID (0x00000051L)
+#define SECURITY_APPPOOL_ID_BASE_RID (0x00000052L)
+#define SECURITY_APPPOOL_ID_RID_COUNT (6L)
+#define SECURITY_VIRTUALSERVER_ID_BASE_RID (0x00000053L)
+#define SECURITY_VIRTUALSERVER_ID_RID_COUNT (6L)
+#define SECURITY_USERMODEDRIVERHOST_ID_BASE_RID (0x00000054L)
+#define SECURITY_USERMODEDRIVERHOST_ID_RID_COUNT (6L)
#define SECURITY_CLOUD_INFRASTRUCTURE_SERVICES_ID_BASE_RID (0x00000055L)
#define SECURITY_CLOUD_INFRASTRUCTURE_SERVICES_ID_RID_COUNT (6L)
-#define SECURITY_WMIHOST_ID_BASE_RID (0x00000056L)
-#define SECURITY_WMIHOST_ID_RID_COUNT (6L)
-#define SECURITY_TASK_ID_BASE_RID (0x00000057L)
-#define SECURITY_NFS_ID_BASE_RID (0x00000058L)
-#define SECURITY_COM_ID_BASE_RID (0x00000059L)
-#define SECURITY_VIRTUALACCOUNT_ID_RID_COUNT (6L)
+#define SECURITY_WMIHOST_ID_BASE_RID (0x00000056L)
+#define SECURITY_WMIHOST_ID_RID_COUNT (6L)
+#define SECURITY_TASK_ID_BASE_RID (0x00000057L)
+#define SECURITY_NFS_ID_BASE_RID (0x00000058L)
+#define SECURITY_COM_ID_BASE_RID (0x00000059L)
+#define SECURITY_VIRTUALACCOUNT_ID_RID_COUNT (6L)
-#define SECURITY_MAX_BASE_RID (0x0000006FL)
+#define SECURITY_MAX_BASE_RID (0x0000006FL)
-#define SECURITY_MAX_ALWAYS_FILTERED (0x000003E7L)
-#define SECURITY_MIN_NEVER_FILTERED (0x000003E8L)
+#define SECURITY_MAX_ALWAYS_FILTERED (0x000003E7L)
+#define SECURITY_MIN_NEVER_FILTERED (0x000003E8L)
#define SECURITY_OTHER_ORGANIZATION_RID (0x000003E8L)
#define DOMAIN_GROUP_RID_ENTERPRISE_READONLY_DOMAIN_CONTROLLERS (0x000001F2L)
-#define FOREST_USER_RID_MAX (0x000001F3L)
+#define FOREST_USER_RID_MAX (0x000001F3L)
/* Well-known users */
-#define DOMAIN_USER_RID_ADMIN (0x000001F4L)
-#define DOMAIN_USER_RID_GUEST (0x000001F5L)
-#define DOMAIN_USER_RID_KRBTGT (0x000001F6L)
+#define DOMAIN_USER_RID_ADMIN (0x000001F4L)
+#define DOMAIN_USER_RID_GUEST (0x000001F5L)
+#define DOMAIN_USER_RID_KRBTGT (0x000001F6L)
-#define DOMAIN_USER_RID_MAX (0x000003E7L)
+#define DOMAIN_USER_RID_MAX (0x000003E7L)
/* Well-known groups */
/* Well-known aliases */
-#define DOMAIN_ALIAS_RID_ADMINS (0x00000220L)
-#define DOMAIN_ALIAS_RID_USERS (0x00000221L)
-#define DOMAIN_ALIAS_RID_GUESTS (0x00000222L)
-#define DOMAIN_ALIAS_RID_POWER_USERS (0x00000223L)
+#define DOMAIN_ALIAS_RID_ADMINS (0x00000220L)
+#define DOMAIN_ALIAS_RID_USERS (0x00000221L)
+#define DOMAIN_ALIAS_RID_GUESTS (0x00000222L)
+#define DOMAIN_ALIAS_RID_POWER_USERS (0x00000223L)
-#define DOMAIN_ALIAS_RID_ACCOUNT_OPS (0x00000224L)
-#define DOMAIN_ALIAS_RID_SYSTEM_OPS (0x00000225L)
-#define DOMAIN_ALIAS_RID_PRINT_OPS (0x00000226L)
-#define DOMAIN_ALIAS_RID_BACKUP_OPS (0x00000227L)
+#define DOMAIN_ALIAS_RID_ACCOUNT_OPS (0x00000224L)
+#define DOMAIN_ALIAS_RID_SYSTEM_OPS (0x00000225L)
+#define DOMAIN_ALIAS_RID_PRINT_OPS (0x00000226L)
+#define DOMAIN_ALIAS_RID_BACKUP_OPS (0x00000227L)
#define DOMAIN_ALIAS_RID_REPLICATOR (0x00000228L)
#define DOMAIN_ALIAS_RID_RAS_SERVERS (0x00000229L)
#define DOMAIN_ALIAS_RID_NETWORK_CONFIGURATION_OPS (0x0000022CL)
#define DOMAIN_ALIAS_RID_INCOMING_FOREST_TRUST_BUILDERS (0x0000022DL)
-#define DOMAIN_ALIAS_RID_MONITORING_USERS (0x0000022EL)
-#define DOMAIN_ALIAS_RID_LOGGING_USERS (0x0000022FL)
-#define DOMAIN_ALIAS_RID_AUTHORIZATIONACCESS (0x00000230L)
-#define DOMAIN_ALIAS_RID_TS_LICENSE_SERVERS (0x00000231L)
-#define DOMAIN_ALIAS_RID_DCOM_USERS (0x00000232L)
+#define DOMAIN_ALIAS_RID_MONITORING_USERS (0x0000022EL)
+#define DOMAIN_ALIAS_RID_LOGGING_USERS (0x0000022FL)
+#define DOMAIN_ALIAS_RID_AUTHORIZATIONACCESS (0x00000230L)
+#define DOMAIN_ALIAS_RID_TS_LICENSE_SERVERS (0x00000231L)
+#define DOMAIN_ALIAS_RID_DCOM_USERS (0x00000232L)
+
#define DOMAIN_ALIAS_RID_IUSERS (0x00000238L)
#define DOMAIN_ALIAS_RID_CRYPTO_OPERATORS (0x00000239L)
#define DOMAIN_ALIAS_RID_CACHEABLE_PRINCIPALS_GROUP (0x0000023BL)
#define DOMAIN_ALIAS_RID_EVENT_LOG_READERS_GROUP (0x0000023DL)
#define DOMAIN_ALIAS_RID_CERTSVC_DCOM_ACCESS_GROUP (0x0000023EL)
-#define SECURITY_MANDATORY_LABEL_AUTHORITY {0,0,0,0,0,16}
-#define SECURITY_MANDATORY_UNTRUSTED_RID (0x00000000L)
-#define SECURITY_MANDATORY_LOW_RID (0x00001000L)
-#define SECURITY_MANDATORY_MEDIUM_RID (0x00002000L)
-#define SECURITY_MANDATORY_HIGH_RID (0x00003000L)
-#define SECURITY_MANDATORY_SYSTEM_RID (0x00004000L)
-#define SECURITY_MANDATORY_PROTECTED_PROCESS_RID (0x00005000L)
+#define SECURITY_MANDATORY_LABEL_AUTHORITY {0,0,0,0,0,16}
+#define SECURITY_MANDATORY_UNTRUSTED_RID (0x00000000L)
+#define SECURITY_MANDATORY_LOW_RID (0x00001000L)
+#define SECURITY_MANDATORY_MEDIUM_RID (0x00002000L)
+#define SECURITY_MANDATORY_HIGH_RID (0x00003000L)
+#define SECURITY_MANDATORY_SYSTEM_RID (0x00004000L)
+#define SECURITY_MANDATORY_PROTECTED_PROCESS_RID (0x00005000L)
/* SECURITY_MANDATORY_MAXIMUM_USER_RID is the highest RID that
can be set by a usermode caller.*/
-#define SECURITY_MANDATORY_MAXIMUM_USER_RID SECURITY_MANDATORY_SYSTEM_RID
+#define SECURITY_MANDATORY_MAXIMUM_USER_RID SECURITY_MANDATORY_SYSTEM_RID
#define MANDATORY_LEVEL_TO_MANDATORY_RID(IL) (IL * 0x1000)
/* Allocate the System Luid. The first 1000 LUIDs are reserved.
Use #999 here (0x3e7 = 999) */
-#define SYSTEM_LUID {0x3e7, 0x0}
-#define ANONYMOUS_LOGON_LUID {0x3e6, 0x0}
-#define LOCALSERVICE_LUID {0x3e5, 0x0}
-#define NETWORKSERVICE_LUID {0x3e4, 0x0}
-#define IUSER_LUID {0x3e3, 0x0}
+#define SYSTEM_LUID {0x3e7, 0x0}
+#define ANONYMOUS_LOGON_LUID {0x3e6, 0x0}
+#define LOCALSERVICE_LUID {0x3e5, 0x0}
+#define NETWORKSERVICE_LUID {0x3e4, 0x0}
+#define IUSER_LUID {0x3e3, 0x0}
typedef struct _ACE_HEADER {
UCHAR AceType;
USHORT AceSize;
} ACE_HEADER, *PACE_HEADER;
-/* also in winnt.h */
#define ACCESS_MIN_MS_ACE_TYPE (0x0)
#define ACCESS_ALLOWED_ACE_TYPE (0x0)
#define ACCESS_DENIED_ACE_TYPE (0x1)
/* The following are the inherit flags that go into the AceFlags field
of an Ace header. */
-#define OBJECT_INHERIT_ACE (0x1)
-#define CONTAINER_INHERIT_ACE (0x2)
-#define NO_PROPAGATE_INHERIT_ACE (0x4)
-#define INHERIT_ONLY_ACE (0x8)
-#define INHERITED_ACE (0x10)
-#define VALID_INHERIT_FLAGS (0x1F)
+#define OBJECT_INHERIT_ACE (0x1)
+#define CONTAINER_INHERIT_ACE (0x2)
+#define NO_PROPAGATE_INHERIT_ACE (0x4)
+#define INHERIT_ONLY_ACE (0x8)
+#define INHERITED_ACE (0x10)
+#define VALID_INHERIT_FLAGS (0x1F)
-#define SUCCESSFUL_ACCESS_ACE_FLAG (0x40)
-#define FAILED_ACCESS_ACE_FLAG (0x80)
+#define SUCCESSFUL_ACCESS_ACE_FLAG (0x40)
+#define FAILED_ACCESS_ACE_FLAG (0x80)
typedef struct _ACCESS_ALLOWED_ACE {
ACE_HEADER Header;
ULONG SidStart;
} SYSTEM_MANDATORY_LABEL_ACE, *PSYSTEM_MANDATORY_LABEL_ACE;
-#define SYSTEM_MANDATORY_LABEL_NO_WRITE_UP 0x1
-#define SYSTEM_MANDATORY_LABEL_NO_READ_UP 0x2
-#define SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP 0x4
-#define SYSTEM_MANDATORY_LABEL_VALID_MASK (SYSTEM_MANDATORY_LABEL_NO_WRITE_UP | \
- SYSTEM_MANDATORY_LABEL_NO_READ_UP | \
- SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP)
-
-#define SECURITY_DESCRIPTOR_MIN_LENGTH (sizeof(SECURITY_DESCRIPTOR))
-
-typedef USHORT SECURITY_DESCRIPTOR_CONTROL,*PSECURITY_DESCRIPTOR_CONTROL;
-
-#define SE_OWNER_DEFAULTED 0x0001
-#define SE_GROUP_DEFAULTED 0x0002
-#define SE_DACL_PRESENT 0x0004
-#define SE_DACL_DEFAULTED 0x0008
-#define SE_SACL_PRESENT 0x0010
-#define SE_SACL_DEFAULTED 0x0020
-#define SE_DACL_UNTRUSTED 0x0040
-#define SE_SERVER_SECURITY 0x0080
-#define SE_DACL_AUTO_INHERIT_REQ 0x0100
-#define SE_SACL_AUTO_INHERIT_REQ 0x0200
-#define SE_DACL_AUTO_INHERITED 0x0400
-#define SE_SACL_AUTO_INHERITED 0x0800
-#define SE_DACL_PROTECTED 0x1000
-#define SE_SACL_PROTECTED 0x2000
-#define SE_RM_CONTROL_VALID 0x4000
-#define SE_SELF_RELATIVE 0x8000
+#define SYSTEM_MANDATORY_LABEL_NO_WRITE_UP 0x1
+#define SYSTEM_MANDATORY_LABEL_NO_READ_UP 0x2
+#define SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP 0x4
+#define SYSTEM_MANDATORY_LABEL_VALID_MASK (SYSTEM_MANDATORY_LABEL_NO_WRITE_UP | \
+ SYSTEM_MANDATORY_LABEL_NO_READ_UP | \
+ SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP)
+
+#define SECURITY_DESCRIPTOR_MIN_LENGTH (sizeof(SECURITY_DESCRIPTOR))
+
+typedef USHORT SECURITY_DESCRIPTOR_CONTROL, *PSECURITY_DESCRIPTOR_CONTROL;
+
+#define SE_OWNER_DEFAULTED 0x0001
+#define SE_GROUP_DEFAULTED 0x0002
+#define SE_DACL_PRESENT 0x0004
+#define SE_DACL_DEFAULTED 0x0008
+#define SE_SACL_PRESENT 0x0010
+#define SE_SACL_DEFAULTED 0x0020
+#define SE_DACL_UNTRUSTED 0x0040
+#define SE_SERVER_SECURITY 0x0080
+#define SE_DACL_AUTO_INHERIT_REQ 0x0100
+#define SE_SACL_AUTO_INHERIT_REQ 0x0200
+#define SE_DACL_AUTO_INHERITED 0x0400
+#define SE_SACL_AUTO_INHERITED 0x0800
+#define SE_DACL_PROTECTED 0x1000
+#define SE_SACL_PROTECTED 0x2000
+#define SE_RM_CONTROL_VALID 0x4000
+#define SE_SELF_RELATIVE 0x8000
typedef struct _SECURITY_DESCRIPTOR_RELATIVE {
UCHAR Revision;
PSECURITY_DESCRIPTOR SecurityDescriptor;
} SE_SECURITY_DESCRIPTOR, *PSE_SECURITY_DESCRIPTOR;
+
typedef struct _SE_ACCESS_REQUEST {
ULONG Size;
PSE_SECURITY_DESCRIPTOR SeSecurityDescriptor;
(NTAPI *PRTL_FREE_STRING_ROUTINE)(
_In_ __drv_freesMem(Mem) _Post_invalid_ PVOID Buffer);
-extern const PRTL_ALLOCATE_STRING_ROUTINE RtlAllocateStringRoutine;
-extern const PRTL_FREE_STRING_ROUTINE RtlFreeStringRoutine;
+extern NTKERNELAPI const PRTL_ALLOCATE_STRING_ROUTINE RtlAllocateStringRoutine;
+extern NTKERNELAPI const PRTL_FREE_STRING_ROUTINE RtlFreeStringRoutine;
#if _WIN32_WINNT >= 0x0600
-extern const PRTL_REALLOCATE_STRING_ROUTINE RtlReallocateStringRoutine;
+extern NTKERNELAPI const PRTL_REALLOCATE_STRING_ROUTINE RtlReallocateStringRoutine;
#endif
_Function_class_(RTL_HEAP_COMMIT_ROUTINE)
PUNICODE_STRING DestinationString,
_In_z_ PCWSTR SourceString);
+_IRQL_requires_max_(PASSIVE_LEVEL)
+_Must_inspect_result_
+NTSYSAPI
+BOOLEAN
+NTAPI
+RtlPrefixString(
+ _In_ const STRING *String1,
+ _In_ const STRING *String2,
+ _In_ BOOLEAN CaseInsensitive);
+
_IRQL_requires_max_(APC_LEVEL)
NTSYSAPI
NTSTATUS
_Out_ PLARGE_INTEGER Time);
_Success_(return != 0)
+_Must_inspect_result_
NTSYSAPI
BOOLEAN
NTAPI
RtlTimeToSecondsSince1970(
- _In_ PLARGE_INTEGER Time,
- _Out_ PULONG ElapsedSeconds);
+ _In_ PLARGE_INTEGER Time,
+ _Out_ PULONG ElapsedSeconds);
NTSYSAPI
VOID
NTSTATUS
NTAPI
RtlCopySid(
- _In_ ULONG Length,
- _Out_writes_bytes_(Length) PSID Destination,
- _In_ PSID Source);
+ _In_ ULONG DestinationSidLength,
+ _Out_writes_bytes_(DestinationSidLength) PSID DestinationSid,
+ _In_ PSID SourceSid);
_IRQL_requires_max_(APC_LEVEL)
NTSYSAPI
NTAPI
RtlInitCodePageTable(
_In_ PUSHORT TableBase,
- _Inout_ PCPTABLEINFO CodePageTable);
+ _Out_ PCPTABLEINFO CodePageTable);
#endif /* (NTDDI_VERSION >= NTDDI_WIN2K) */
NTSTATUS
NTAPI
NtAdjustPrivilegesToken(
- _In_ HANDLE TokenHandle,
- _In_ BOOLEAN DisableAllPrivileges,
- _In_opt_ PTOKEN_PRIVILEGES NewState,
- _In_ ULONG BufferLength,
- _Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_PRIVILEGES PreviousState,
- _Out_ _When_(PreviousState == NULL, _Out_opt_) PULONG ReturnLength);
+ _In_ HANDLE TokenHandle,
+ _In_ BOOLEAN DisableAllPrivileges,
+ _In_opt_ PTOKEN_PRIVILEGES NewState,
+ _In_ ULONG BufferLength,
+ _Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_PRIVILEGES PreviousState,
+ _When_(PreviousState != NULL, _Out_) PULONG ReturnLength);
__kernel_entry
NTSYSCALLAPI
NtClose(
_In_ HANDLE Handle);
-_Must_inspect_result_
-__drv_allocatesMem(Mem)
-__kernel_entry
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtAllocateVirtualMemory(
- _In_ HANDLE ProcessHandle,
- _Inout_ _At_(*BaseAddress, _Readable_bytes_(*RegionSize) _Writable_bytes_(*RegionSize) _Post_readable_byte_size_(*RegionSize)) PVOID *BaseAddress,
- _In_ ULONG_PTR ZeroBits,
- _Inout_ PSIZE_T RegionSize,
- _In_ ULONG AllocationType,
- _In_ ULONG Protect);
-
-__kernel_entry
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-NtFreeVirtualMemory(
- _In_ HANDLE ProcessHandle,
- _Inout_ __drv_freesMem(Mem) PVOID *BaseAddress,
- _Inout_ PSIZE_T RegionSize,
- _In_ ULONG FreeType);
-
#endif
#if (NTDDI_VERSION >= NTDDI_WINXP)
#define FSCTL_GET_NTFS_FILE_RECORD CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 26, METHOD_BUFFERED, FILE_ANY_ACCESS)
#define FSCTL_GET_VOLUME_BITMAP CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 27, METHOD_NEITHER, FILE_ANY_ACCESS)
#define FSCTL_GET_RETRIEVAL_POINTERS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 28, METHOD_NEITHER, FILE_ANY_ACCESS)
-#define FSCTL_MOVE_FILE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 29, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_MOVE_FILE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 29, METHOD_BUFFERED, FILE_SPECIAL_ACCESS)
#define FSCTL_IS_VOLUME_DIRTY CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 30, METHOD_BUFFERED, FILE_ANY_ACCESS)
#define FSCTL_ALLOW_EXTENDED_DASD_IO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 32, METHOD_NEITHER, FILE_ANY_ACCESS)
#if (_WIN32_WINNT >= 0x0500)
#define FSCTL_FIND_FILES_BY_SID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 35, METHOD_NEITHER, FILE_ANY_ACCESS)
-#define FSCTL_SET_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 38, METHOD_BUFFERED, FILE_WRITE_DATA)
+#define FSCTL_SET_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 38, METHOD_BUFFERED, FILE_SPECIAL_ACCESS)
#define FSCTL_GET_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 39, METHOD_BUFFERED, FILE_ANY_ACCESS)
-#define FSCTL_DELETE_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 40, METHOD_BUFFERED, FILE_WRITE_DATA)
-#define FSCTL_SET_REPARSE_POINT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 41, METHOD_BUFFERED, FILE_WRITE_DATA)
+#define FSCTL_DELETE_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 40, METHOD_BUFFERED, FILE_SPECIAL_ACCESS)
+#define FSCTL_SET_REPARSE_POINT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 41, METHOD_BUFFERED, FILE_SPECIAL_ACCESS)
#define FSCTL_GET_REPARSE_POINT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 42, METHOD_BUFFERED, FILE_ANY_ACCESS)
-#define FSCTL_DELETE_REPARSE_POINT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 43, METHOD_BUFFERED, FILE_WRITE_DATA)
-#define FSCTL_ENUM_USN_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 44, METHOD_NEITHER, FILE_READ_DATA)
+#define FSCTL_DELETE_REPARSE_POINT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 43, METHOD_BUFFERED, FILE_SPECIAL_ACCESS)
+#define FSCTL_ENUM_USN_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 44, METHOD_NEITHER, FILE_ANY_ACCESS)
#define FSCTL_SECURITY_ID_CHECK CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 45, METHOD_NEITHER, FILE_READ_DATA)
-#define FSCTL_READ_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 46, METHOD_NEITHER, FILE_READ_DATA)
-#define FSCTL_SET_OBJECT_ID_EXTENDED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 47, METHOD_BUFFERED, FILE_WRITE_DATA)
+#define FSCTL_READ_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 46, METHOD_NEITHER, FILE_ANY_ACCESS)
+#define FSCTL_SET_OBJECT_ID_EXTENDED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 47, METHOD_BUFFERED, FILE_SPECIAL_ACCESS)
#define FSCTL_CREATE_OR_GET_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 48, METHOD_BUFFERED, FILE_ANY_ACCESS)
-#define FSCTL_SET_SPARSE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 49, METHOD_BUFFERED, FILE_WRITE_DATA)
+#define FSCTL_SET_SPARSE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 49, METHOD_BUFFERED, FILE_SPECIAL_ACCESS)
#define FSCTL_SET_ZERO_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 50, METHOD_BUFFERED, FILE_WRITE_DATA)
#define FSCTL_QUERY_ALLOCATED_RANGES CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 51, METHOD_NEITHER, FILE_READ_DATA)
#define FSCTL_ENABLE_UPGRADE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 52, METHOD_BUFFERED, FILE_WRITE_DATA)
-#define FSCTL_SET_ENCRYPTION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 53, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_SET_ENCRYPTION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 53, METHOD_NEITHER, FILE_ANY_ACCESS)
#define FSCTL_ENCRYPTION_FSCTL_IO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 54, METHOD_NEITHER, FILE_ANY_ACCESS)
-#define FSCTL_WRITE_RAW_ENCRYPTED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 55, METHOD_NEITHER, FILE_ANY_ACCESS)
-#define FSCTL_READ_RAW_ENCRYPTED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 56, METHOD_NEITHER, FILE_ANY_ACCESS)
-#define FSCTL_CREATE_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 57, METHOD_NEITHER, FILE_READ_DATA)
-#define FSCTL_READ_FILE_USN_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 58, METHOD_NEITHER, FILE_READ_DATA)
-#define FSCTL_WRITE_USN_CLOSE_RECORD CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 59, METHOD_NEITHER, FILE_READ_DATA)
+#define FSCTL_WRITE_RAW_ENCRYPTED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 55, METHOD_NEITHER, FILE_SPECIAL_ACCESS)
+#define FSCTL_READ_RAW_ENCRYPTED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 56, METHOD_NEITHER, FILE_SPECIAL_ACCESS)
+#define FSCTL_CREATE_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 57, METHOD_NEITHER, FILE_ANY_ACCESS)
+#define FSCTL_READ_FILE_USN_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 58, METHOD_NEITHER, FILE_ANY_ACCESS)
+#define FSCTL_WRITE_USN_CLOSE_RECORD CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 59, METHOD_NEITHER, FILE_ANY_ACCESS)
#define FSCTL_EXTEND_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 60, METHOD_BUFFERED, FILE_ANY_ACCESS)
#define FSCTL_QUERY_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 61, METHOD_BUFFERED, FILE_ANY_ACCESS)
#define FSCTL_DELETE_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 62, METHOD_BUFFERED, FILE_ANY_ACCESS)
#define FSCTL_SHRINK_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 108, METHOD_BUFFERED, FILE_SPECIAL_ACCESS)
#define FSCTL_SET_SHORT_NAME_BEHAVIOR CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 109, METHOD_BUFFERED, FILE_ANY_ACCESS)
#define FSCTL_DFSR_SET_GHOST_HANDLE_STATE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 110, METHOD_BUFFERED, FILE_ANY_ACCESS)
-
#define FSCTL_TXFS_LIST_TRANSACTION_LOCKED_FILES \
CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 120, METHOD_BUFFERED, FILE_READ_DATA)
#define FSCTL_TXFS_LIST_TRANSACTIONS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 121, METHOD_BUFFERED, FILE_READ_DATA)
#define FSCTL_GET_RETRIEVAL_POINTER_BASE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 141, METHOD_BUFFERED, FILE_ANY_ACCESS)
#define FSCTL_SET_PERSISTENT_VOLUME_STATE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 142, METHOD_BUFFERED, FILE_ANY_ACCESS)
#define FSCTL_QUERY_PERSISTENT_VOLUME_STATE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 143, METHOD_BUFFERED, FILE_ANY_ACCESS)
-
#define FSCTL_REQUEST_OPLOCK CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 144, METHOD_BUFFERED, FILE_ANY_ACCESS)
-
#define FSCTL_CSV_TUNNEL_REQUEST CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 145, METHOD_BUFFERED, FILE_ANY_ACCESS)
#define FSCTL_IS_CSV_FILE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 146, METHOD_BUFFERED, FILE_ANY_ACCESS)
-
#define FSCTL_QUERY_FILE_SYSTEM_RECOGNITION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 147, METHOD_BUFFERED, FILE_ANY_ACCESS)
#define FSCTL_CSV_GET_VOLUME_PATH_NAME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 148, METHOD_BUFFERED, FILE_ANY_ACCESS)
#define FSCTL_CSV_GET_VOLUME_NAME_FOR_VOLUME_MOUNT_POINT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 149, METHOD_BUFFERED, FILE_ANY_ACCESS)
#define FSCTL_CSV_GET_VOLUME_PATH_NAMES_FOR_VOLUME_NAME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 150, METHOD_BUFFERED, FILE_ANY_ACCESS)
#define FSCTL_IS_FILE_ON_CSV_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 151, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_CSV_INTERNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 155, METHOD_BUFFERED, FILE_ANY_ACCESS)
typedef struct _CSV_NAMESPACE_INFO {
ULONG Version;
#endif
+#if (_WIN32_WINNT >= 0x0602)
+
+#define FSCTL_FILE_LEVEL_TRIM CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 130, METHOD_BUFFERED, FILE_WRITE_DATA)
+#define FSCTL_CORRUPTION_HANDLING CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 152, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_OFFLOAD_READ CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 153, METHOD_BUFFERED, FILE_READ_ACCESS)
+#define FSCTL_OFFLOAD_WRITE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 154, METHOD_BUFFERED, FILE_WRITE_ACCESS)
+#define FSCTL_SET_PURGE_FAILURE_MODE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 156, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_QUERY_FILE_LAYOUT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 157, METHOD_NEITHER, FILE_ANY_ACCESS)
+#define FSCTL_IS_VOLUME_OWNED_BYCSVFS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 158, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_GET_INTEGRITY_INFORMATION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 159, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_SET_INTEGRITY_INFORMATION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 160, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA)
+#define FSCTL_QUERY_FILE_REGIONS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 161, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_DEDUP_FILE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 165, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_DEDUP_QUERY_FILE_HASHES CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 166, METHOD_NEITHER, FILE_READ_DATA)
+#define FSCTL_RKF_INTERNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 171, METHOD_NEITHER, FILE_ANY_ACCESS)
+#define FSCTL_SCRUB_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 172, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_REPAIR_COPIES CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 173, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA)
+#define FSCTL_DISABLE_LOCAL_BUFFERING CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 174, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_CSV_MGMT_LOCK CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 175, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_CSV_QUERY_DOWN_LEVEL_FILE_SYSTEM_CHARACTERISTICS \
+ CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 176, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_ADVANCE_FILE_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 177, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_CSV_SYNC_TUNNEL_REQUEST CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 178, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_CSV_QUERY_VETO_FILE_DIRECT_IO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 179, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_WRITE_USN_REASON CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 180, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_CSV_CONTROL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 181, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_GET_REFS_VOLUME_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 182, METHOD_BUFFERED, FILE_ANY_ACCESS)
+
+#endif
+
#define FSCTL_MARK_AS_SYSTEM_HIVE FSCTL_SET_BOOTLOADER_ACCESSED
typedef struct _PATHNAME_BUFFER {
PFS_FILTER_COMPLETION_CALLBACK PostReleaseForModifiedPageWriter;
} FS_FILTER_CALLBACKS, *PFS_FILTER_CALLBACKS;
-#if (NTDDI_VERSION >= NTDDI_WINXP)
-NTKERNELAPI
-NTSTATUS
-NTAPI
-FsRtlRegisterFileSystemFilterCallbacks(
- _In_ struct _DRIVER_OBJECT *FilterDriverObject,
- _In_ PFS_FILTER_CALLBACKS Callbacks);
-#endif /* (NTDDI_VERSION >= NTDDI_WINXP) */
-
-#if (NTDDI_VERSION >= NTDDI_VISTA)
-NTKERNELAPI
-NTSTATUS
-NTAPI
-FsRtlNotifyStreamFileObject(
- _In_ struct _FILE_OBJECT * StreamFileObject,
- _In_opt_ struct _DEVICE_OBJECT *DeviceObjectHint,
- _In_ FS_FILTER_STREAM_FO_NOTIFICATION_TYPE NotificationType,
- _In_ BOOLEAN SafeToRecurse);
-#endif /* (NTDDI_VERSION >= NTDDI_VISTA) */
-
-#define DO_VERIFY_VOLUME 0x00000002
-#define DO_BUFFERED_IO 0x00000004
-#define DO_EXCLUSIVE 0x00000008
-#define DO_DIRECT_IO 0x00000010
-#define DO_MAP_IO_BUFFER 0x00000020
-#define DO_DEVICE_HAS_NAME 0x00000040
-#define DO_DEVICE_INITIALIZING 0x00000080
-#define DO_SYSTEM_BOOT_PARTITION 0x00000100
-#define DO_LONG_TERM_REQUESTS 0x00000200
-#define DO_NEVER_LAST_DEVICE 0x00000400
-#define DO_SHUTDOWN_REGISTERED 0x00000800
-#define DO_BUS_ENUMERATED_DEVICE 0x00001000
-#define DO_POWER_PAGABLE 0x00002000
-#define DO_POWER_INRUSH 0x00004000
-#define DO_LOW_PRIORITY_FILESYSTEM 0x00010000
-#define DO_SUPPORTS_TRANSACTIONS 0x00040000
-#define DO_FORCE_NEITHER_IO 0x00080000
-#define DO_VOLUME_DEVICE_OBJECT 0x00100000
-#define DO_SYSTEM_SYSTEM_PARTITION 0x00200000
-#define DO_SYSTEM_CRITICAL_PARTITION 0x00400000
-#define DO_DISALLOW_EXECUTE 0x00800000
-
-extern KSPIN_LOCK IoStatisticsLock;
-extern ULONG IoReadOperationCount;
-extern ULONG IoWriteOperationCount;
-extern ULONG IoOtherOperationCount;
-extern LARGE_INTEGER IoReadTransferCount;
-extern LARGE_INTEGER IoWriteTransferCount;
-extern LARGE_INTEGER IoOtherTransferCount;
+extern NTKERNELAPI KSPIN_LOCK IoStatisticsLock;
+extern NTKERNELAPI ULONG IoReadOperationCount;
+extern NTKERNELAPI ULONG IoWriteOperationCount;
+extern NTKERNELAPI ULONG IoOtherOperationCount;
+extern NTKERNELAPI LARGE_INTEGER IoReadTransferCount;
+extern NTKERNELAPI LARGE_INTEGER IoWriteTransferCount;
+extern NTKERNELAPI LARGE_INTEGER IoOtherTransferCount;
#define IO_FILE_OBJECT_NON_PAGED_POOL_CHARGE 64
#define IO_FILE_OBJECT_PAGED_POOL_CHARGE 1024
#define ExDisableResourceBoost ExDisableResourceBoostLite
VOID
+NTAPI
ExInitializePushLock(
_Out_ PEX_PUSH_LOCK PushLock);
((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->PrimaryToken )
extern NTKERNELAPI PSE_EXPORTS SeExports;
+
/******************************************************************************
* Process Manager Functions *
******************************************************************************/
NTAPI
MmDoesFileHaveUserWritableReferences(
_In_ PSECTION_OBJECT_POINTERS SectionPointer);
+
+_Must_inspect_result_
+_At_(*BaseAddress, __drv_allocatesMem(Mem))
+__kernel_entry
+NTSYSCALLAPI
+NTSTATUS
+NTAPI
+NtAllocateVirtualMemory(
+ _In_ HANDLE ProcessHandle,
+ _Inout_ _Outptr_result_buffer_(*RegionSize) PVOID *BaseAddress,
+ _In_ ULONG_PTR ZeroBits,
+ _Inout_ PSIZE_T RegionSize,
+ _In_ ULONG AllocationType,
+ _In_ ULONG Protect);
+
+__kernel_entry
+_IRQL_requires_max_(PASSIVE_LEVEL)
+NTSYSCALLAPI
+NTSTATUS
+NTAPI
+NtFreeVirtualMemory(
+ _In_ HANDLE ProcessHandle,
+ _Inout_ __drv_freesMem(Mem) PVOID *BaseAddress,
+ _Inout_ PSIZE_T RegionSize,
+ _In_ ULONG FreeType);
+
#endif /* (NTDDI_VERSION >= NTDDI_VISTA) */
_In_ KPROCESSOR_MODE AccessMode,
_In_ ULONG Tag,
_Out_ PHANDLE Handle);
+
+NTKERNELAPI
+ULONG
+NTAPI
+ObGetObjectPointerCount(
+ _In_ PVOID Object
+);
+
#endif /* (NTDDI_VERSION >= NTDDI_WIN7) */
/* FSRTL Types */
_In_opt_ PVOID OwnerId,
_In_opt_ PVOID InstanceId);
-#define FsRtlFastLock(A1, A2, A3, A4, A5, A6, A7, A8, A9, A10, A11) ( \
- FsRtlPrivateLock(A1, A2, A3, A4, A5, A6, A7, A8, A9, NULL, A10, A11) \
-)
+NTKERNELAPI
+NTSTATUS
+NTAPI
+FsRtlRegisterFileSystemFilterCallbacks(
+ _In_ struct _DRIVER_OBJECT *FilterDriverObject,
+ _In_ PFS_FILTER_CALLBACKS Callbacks);
-#define FsRtlAreThereCurrentFileLocks(FL) ( \
- ((FL)->FastIoIsQuestionable) \
-)
+#if (NTDDI_VERSION >= NTDDI_VISTA)
+NTKERNELAPI
+NTSTATUS
+NTAPI
+FsRtlNotifyStreamFileObject(
+ _In_ struct _FILE_OBJECT * StreamFileObject,
+ _In_opt_ struct _DEVICE_OBJECT *DeviceObjectHint,
+ _In_ FS_FILTER_STREAM_FO_NOTIFICATION_TYPE NotificationType,
+ _In_ BOOLEAN SafeToRecurse);
+#endif /* (NTDDI_VERSION >= NTDDI_VISTA) */
+
+#define FsRtlFastLock(A1, A2, A3, A4, A5, A6, A7, A8, A9, A10, A11) \
+ FsRtlPrivateLock(A1, A2, A3, A4, A5, A6, A7, A8, A9, NULL, A10, A11)
-#define FsRtlIncrementLockRequestsInProgress(FL) { \
- ASSERT( (FL)->LockRequestsInProgress >= 0 ); \
- (void) \
- (InterlockedIncrement((LONG volatile *)&((FL)->LockRequestsInProgress)));\
+#define FsRtlAreThereCurrentFileLocks(FL) \
+ ((FL)->FastIoIsQuestionable)
+
+#define FsRtlIncrementLockRequestsInProgress(FL) { \
+ ASSERT((FL)->LockRequestsInProgress >= 0); \
+ (void) \
+ (InterlockedIncrement((LONG volatile *)&((FL)->LockRequestsInProgress))); \
}
-#define FsRtlDecrementLockRequestsInProgress(FL) { \
- ASSERT( (FL)->LockRequestsInProgress > 0 ); \
- (void) \
- (InterlockedDecrement((LONG volatile *)&((FL)->LockRequestsInProgress)));\
+#define FsRtlDecrementLockRequestsInProgress(FL) { \
+ ASSERT((FL)->LockRequestsInProgress > 0); \
+ (void) \
+ (InterlockedDecrement((LONG volatile *)&((FL)->LockRequestsInProgress))); \
}
-/* GCC compatible definition, MS one is retarded */
-extern NTKERNELAPI const UCHAR * const FsRtlLegalAnsiCharacterArray;
-#define LEGAL_ANSI_CHARACTER_ARRAY FsRtlLegalAnsiCharacterArray
+#ifdef _NTSYSTEM_
+extern const UCHAR * const FsRtlLegalAnsiCharacterArray;
+#define LEGAL_ANSI_CHARACTER_ARRAY FsRtlLegalAnsiCharacterArray
+#else
+__CREATE_NTOS_DATA_IMPORT_ALIAS(FsRtlLegalAnsiCharacterArray)
+extern const UCHAR * const *FsRtlLegalAnsiCharacterArray;
+#define LEGAL_ANSI_CHARACTER_ARRAY (*FsRtlLegalAnsiCharacterArray)
+#endif
-#define FsRtlIsAnsiCharacterWild(C) ( \
- FlagOn(FsRtlLegalAnsiCharacterArray[(UCHAR)(C)], FSRTL_WILD_CHARACTER ) \
-)
+#define FsRtlIsAnsiCharacterWild(C) \
+ FlagOn(LEGAL_ANSI_CHARACTER_ARRAY[(UCHAR)(C)], FSRTL_WILD_CHARACTER)
-#define FsRtlIsAnsiCharacterLegalFat(C, WILD) ( \
- FlagOn(FsRtlLegalAnsiCharacterArray[(UCHAR)(C)], (FSRTL_FAT_LEGAL) | \
- ((WILD) ? FSRTL_WILD_CHARACTER : 0 )) \
-)
+#define FsRtlIsAnsiCharacterLegalFat(C, WILD) \
+ FlagOn(LEGAL_ANSI_CHARACTER_ARRAY[(UCHAR)(C)], (FSRTL_FAT_LEGAL) | \
+ ((WILD) ? FSRTL_WILD_CHARACTER : 0 ))
-#define FsRtlIsAnsiCharacterLegalHpfs(C, WILD) ( \
- FlagOn(FsRtlLegalAnsiCharacterArray[(UCHAR)(C)], (FSRTL_HPFS_LEGAL) | \
- ((WILD) ? FSRTL_WILD_CHARACTER : 0 )) \
-)
+#define FsRtlIsAnsiCharacterLegalHpfs(C, WILD) \
+ FlagOn(LEGAL_ANSI_CHARACTER_ARRAY[(UCHAR)(C)], (FSRTL_HPFS_LEGAL) | \
+ ((WILD) ? FSRTL_WILD_CHARACTER : 0 ))
-#define FsRtlIsAnsiCharacterLegalNtfs(C, WILD) ( \
- FlagOn(FsRtlLegalAnsiCharacterArray[(UCHAR)(C)], (FSRTL_NTFS_LEGAL) | \
- ((WILD) ? FSRTL_WILD_CHARACTER : 0 )) \
-)
+#define FsRtlIsAnsiCharacterLegalNtfs(C, WILD) \
+ FlagOn(LEGAL_ANSI_CHARACTER_ARRAY[(UCHAR)(C)], (FSRTL_NTFS_LEGAL) | \
+ ((WILD) ? FSRTL_WILD_CHARACTER : 0 ))
-#define FsRtlIsAnsiCharacterLegalNtfsStream(C,WILD_OK) ( \
- FsRtlTestAnsiCharacter((C), TRUE, (WILD_OK), FSRTL_NTFS_STREAM_LEGAL) \
-)
+#define FsRtlIsAnsiCharacterLegalNtfsStream(C,WILD_OK) \
+ FsRtlTestAnsiCharacter((C), TRUE, (WILD_OK), FSRTL_NTFS_STREAM_LEGAL)
-#define FsRtlIsAnsiCharacterLegal(C,FLAGS) ( \
- FsRtlTestAnsiCharacter((C), TRUE, FALSE, (FLAGS)) \
-)
+#define FsRtlIsAnsiCharacterLegal(C,FLAGS) \
+ FsRtlTestAnsiCharacter((C), TRUE, FALSE, (FLAGS))
-#define FsRtlTestAnsiCharacter(C, DEFAULT_RET, WILD_OK, FLAGS) ( \
- ((SCHAR)(C) < 0) ? DEFAULT_RET : \
- FlagOn( LEGAL_ANSI_CHARACTER_ARRAY[(C)], \
- (FLAGS) | \
- ((WILD_OK) ? FSRTL_WILD_CHARACTER : 0) ) \
-)
+#define FsRtlTestAnsiCharacter(C, DEFAULT_RET, WILD_OK, FLAGS) \
+ (((SCHAR)(C) < 0) ? DEFAULT_RET : \
+ FlagOn(LEGAL_ANSI_CHARACTER_ARRAY[(C)], \
+ (FLAGS) | ((WILD_OK) ? FSRTL_WILD_CHARACTER : 0)))
-#define FsRtlIsLeadDbcsCharacter(DBCS_CHAR) ( \
- (BOOLEAN)((UCHAR)(DBCS_CHAR) < 0x80 ? FALSE : \
- (NLS_MB_CODE_PAGE_TAG && \
- (NLS_OEM_LEAD_BYTE_INFO[(UCHAR)(DBCS_CHAR)] != 0))) \
-)
+#define FsRtlIsLeadDbcsCharacter(DBCS_CHAR) \
+ ((BOOLEAN)((UCHAR)(DBCS_CHAR) < 0x80 ? FALSE : \
+ (NLS_MB_CODE_PAGE_TAG && \
+ (NLS_OEM_LEAD_BYTE_INFO[(UCHAR)(DBCS_CHAR)] != 0))))
-#define FsRtlIsUnicodeCharacterWild(C) ( \
- (((C) >= 0x40) ? \
- FALSE : \
- FlagOn(FsRtlLegalAnsiCharacterArray[(C)], FSRTL_WILD_CHARACTER )) \
-)
+#define FsRtlIsUnicodeCharacterWild(C) \
+ ((((C) >= 0x40) ? FALSE : \
+ FlagOn(LEGAL_ANSI_CHARACTER_ARRAY[(C)], FSRTL_WILD_CHARACTER )))
-#define FsRtlInitPerFileContext( _fc, _owner, _inst, _cb) \
- ((_fc)->OwnerId = (_owner), \
- (_fc)->InstanceId = (_inst), \
+#define FsRtlInitPerFileContext(_fc, _owner, _inst, _cb) \
+ ((_fc)->OwnerId = (_owner), \
+ (_fc)->InstanceId = (_inst), \
(_fc)->FreeCallback = (_cb))
-#define FsRtlGetPerFileContextPointer(_fo) \
- (FsRtlSupportsPerFileContexts(_fo) ? \
- FsRtlGetPerStreamContextPointer(_fo)->FileContextSupportPointer : \
- NULL)
+#define FsRtlGetPerFileContextPointer(_fo) \
+ (FsRtlSupportsPerFileContexts(_fo) ? \
+ FsRtlGetPerStreamContextPointer(_fo)->FileContextSupportPointer : NULL)
-#define FsRtlSupportsPerFileContexts(_fo) \
- ((FsRtlGetPerStreamContextPointer(_fo) != NULL) && \
- (FsRtlGetPerStreamContextPointer(_fo)->Version >= FSRTL_FCB_HEADER_V1) && \
+#define FsRtlSupportsPerFileContexts(_fo) \
+ ((FsRtlGetPerStreamContextPointer(_fo) != NULL) && \
+ (FsRtlGetPerStreamContextPointer(_fo)->Version >= FSRTL_FCB_HEADER_V1) && \
(FsRtlGetPerStreamContextPointer(_fo)->FileContextSupportPointer != NULL))
-#define FsRtlSetupAdvancedHeaderEx( _advhdr, _fmutx, _fctxptr ) \
-{ \
- FsRtlSetupAdvancedHeader( _advhdr, _fmutx ); \
- if ((_fctxptr) != NULL) { \
- (_advhdr)->FileContextSupportPointer = (_fctxptr); \
- } \
+#define FsRtlSetupAdvancedHeaderEx(_advhdr, _fmutx, _fctxptr) \
+{ \
+ FsRtlSetupAdvancedHeader( _advhdr, _fmutx ); \
+ if ((_fctxptr) != NULL) { \
+ (_advhdr)->FileContextSupportPointer = (_fctxptr); \
+ } \
}
-#define FsRtlGetPerStreamContextPointer(FO) ( \
- (PFSRTL_ADVANCED_FCB_HEADER)(FO)->FsContext \
-)
+#define FsRtlGetPerStreamContextPointer(FO) \
+ ((PFSRTL_ADVANCED_FCB_HEADER)(FO)->FsContext)
-#define FsRtlInitPerStreamContext(PSC, O, I, FC) ( \
- (PSC)->OwnerId = (O), \
- (PSC)->InstanceId = (I), \
- (PSC)->FreeCallback = (FC) \
-)
+#define FsRtlInitPerStreamContext(PSC, O, I, FC) \
+ ((PSC)->OwnerId = (O), \
+ (PSC)->InstanceId = (I), \
+ (PSC)->FreeCallback = (FC))
-#define FsRtlSupportsPerStreamContexts(FO) ( \
- (BOOLEAN)((NULL != FsRtlGetPerStreamContextPointer(FO) && \
- FlagOn(FsRtlGetPerStreamContextPointer(FO)->Flags2, \
- FSRTL_FLAG2_SUPPORTS_FILTER_CONTEXTS)) \
-)
+#define FsRtlSupportsPerStreamContexts(FO) \
+ ((BOOLEAN)((NULL != FsRtlGetPerStreamContextPointer(FO) && \
+ FlagOn(FsRtlGetPerStreamContextPointer(FO)->Flags2, \
+ FSRTL_FLAG2_SUPPORTS_FILTER_CONTEXTS)))
-#define FsRtlLookupPerStreamContext(_sc, _oid, _iid) \
- (((NULL != (_sc)) && \
- FlagOn((_sc)->Flags2,FSRTL_FLAG2_SUPPORTS_FILTER_CONTEXTS) && \
- !IsListEmpty(&(_sc)->FilterContexts)) ? \
- FsRtlLookupPerStreamContextInternal((_sc), (_oid), (_iid)) : \
- NULL)
+#define FsRtlLookupPerStreamContext(_sc, _oid, _iid) \
+ (((NULL != (_sc)) && \
+ FlagOn((_sc)->Flags2,FSRTL_FLAG2_SUPPORTS_FILTER_CONTEXTS) && \
+ !IsListEmpty(&(_sc)->FilterContexts)) ? \
+ FsRtlLookupPerStreamContextInternal((_sc), (_oid), (_iid)) : NULL)
_IRQL_requires_max_(APC_LEVEL)
FORCEINLINE
#endif
}
-#define FsRtlInitPerFileObjectContext(_fc, _owner, _inst) \
+#define FsRtlInitPerFileObjectContext(_fc, _owner, _inst) \
((_fc)->OwnerId = (_owner), (_fc)->InstanceId = (_inst))
-#define FsRtlCompleteRequest(IRP,STATUS) { \
- (IRP)->IoStatus.Status = (STATUS); \
- IoCompleteRequest( (IRP), IO_DISK_INCREMENT ); \
+#define FsRtlCompleteRequest(IRP, STATUS) { \
+ (IRP)->IoStatus.Status = (STATUS); \
+ IoCompleteRequest( (IRP), IO_DISK_INCREMENT ); \
}
/* Common Cache Types */
(((PSECTION_OBJECT_POINTERS)(FO)->SectionObjectPointer)->SharedCacheMap != NULL) \
)
-extern ULONG CcFastMdlReadWait;
+extern NTKERNELAPI ULONG CcFastMdlReadWait;
#if (NTDDI_VERSION >= NTDDI_WIN2K)
_In_ ACCESS_MASK DesiredAccess,
_In_ POBJECT_ATTRIBUTES ObjectAttributes);
-_IRQL_requires_max_(PASSIVE_LEVEL)
-_When_(return==0, __drv_allocatesMem(Region))
+_Must_inspect_result_
+_At_(*BaseAddress, __drv_allocatesMem(Mem))
+__kernel_entry
NTSYSAPI
NTSTATUS
NTAPI
ZwAllocateVirtualMemory(
- _In_ HANDLE ProcessHandle,
- _Inout_ PVOID *BaseAddress,
- _In_ ULONG_PTR ZeroBits,
- _Inout_ PSIZE_T RegionSize,
- _In_ ULONG AllocationType,
- _In_ ULONG Protect);
+ _In_ HANDLE ProcessHandle,
+ _Inout_ _Outptr_result_buffer_(*RegionSize) PVOID *BaseAddress,
+ _In_ ULONG_PTR ZeroBits,
+ _Inout_ PSIZE_T RegionSize,
+ _In_ ULONG AllocationType,
+ _In_ ULONG Protect);
_IRQL_requires_max_(PASSIVE_LEVEL)
-_When_(return==0, __drv_freesMem(Region))
NTSYSAPI
NTSTATUS
NTAPI
ZwFreeVirtualMemory(
- _In_ HANDLE ProcessHandle,
- _Inout_ PVOID *BaseAddress,
- _Inout_ PSIZE_T RegionSize,
- _In_ ULONG FreeType);
+ _In_ HANDLE ProcessHandle,
+ _Inout_ __drv_freesMem(Mem) PVOID *BaseAddress,
+ _Inout_ PSIZE_T RegionSize,
+ _In_ ULONG FreeType);
_When_(Timeout == NULL, _IRQL_requires_max_(APC_LEVEL))
_When_(Timeout->QuadPart != 0, _IRQL_requires_max_(APC_LEVEL))
_In_ TOKEN_INFORMATION_CLASS TokenInformationClass,
_In_reads_bytes_(TokenInformationLength) PVOID TokenInformation,
_In_ ULONG TokenInformationLength);
-#endif /* (NTDDI_VERSION >= NTDDI_WIN7) */
-#ifndef __SSPI_H__
-#define __SSPI_H__
+#if (VER_PRODUCTBUILD >= 2195)
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwAdjustPrivilegesToken (
+ _In_ HANDLE TokenHandle,
+ _In_ BOOLEAN DisableAllPrivileges,
+ _In_ PTOKEN_PRIVILEGES NewState,
+ _In_ ULONG BufferLength,
+ _Out_opt_ PTOKEN_PRIVILEGES PreviousState,
+ _Out_ PULONG ReturnLength
+);
+#endif /* (VER_PRODUCTBUILD >= 2195) */
-// for ntifs.h:
-#define ISSP_LEVEL 32
-#define ISSP_MODE 0
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwAlertThread (
+ _In_ HANDLE ThreadHandle
+);
-#ifdef MIDL_PASS
-#define MIDL_PROP(x) x
-#else
-#define MIDL_PROP(x)
-#endif
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwAccessCheckAndAuditAlarm (
+ _In_ PUNICODE_STRING SubsystemName,
+ _In_ PVOID HandleId,
+ _In_ PUNICODE_STRING ObjectTypeName,
+ _In_ PUNICODE_STRING ObjectName,
+ _In_ PSECURITY_DESCRIPTOR SecurityDescriptor,
+ _In_ ACCESS_MASK DesiredAccess,
+ _In_ PGENERIC_MAPPING GenericMapping,
+ _In_ BOOLEAN ObjectCreation,
+ _Out_ PACCESS_MASK GrantedAccess,
+ _Out_ PBOOLEAN AccessStatus,
+ _Out_ PBOOLEAN GenerateOnClose
+);
-#define SEC_TEXT TEXT
-#define SEC_FAR
-#define SEC_ENTRY __stdcall
+#if (VER_PRODUCTBUILD >= 2195)
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwCancelIoFile (
+ _In_ HANDLE FileHandle,
+ _Out_ PIO_STATUS_BLOCK IoStatusBlock
+);
+#endif /* (VER_PRODUCTBUILD >= 2195) */
-#if defined(_NO_KSECDD_IMPORT_)
-#define KSECDDDECLSPEC
-#else
-#define KSECDDDECLSPEC __declspec(dllimport)
-#endif
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwClearEvent (
+ _In_ HANDLE EventHandle
+);
-#define SECQOP_WRAP_NO_ENCRYPT 0x80000001
-#define SECQOP_WRAP_OOB_DATA 0x40000000
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwCloseObjectAuditAlarm (
+ _In_ PUNICODE_STRING SubsystemName,
+ _In_ PVOID HandleId,
+ _In_ BOOLEAN GenerateOnClose
+);
-#define SECURITY_ENTRYPOINTW SEC_TEXT("InitSecurityInterfaceW")
-#define SECURITY_ENTRYPOINT SECURITY_ENTRYPOINTW
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwCreateSymbolicLinkObject (
+ _Out_ PHANDLE SymbolicLinkHandle,
+ _In_ ACCESS_MASK DesiredAccess,
+ _In_ POBJECT_ATTRIBUTES ObjectAttributes,
+ _In_ PUNICODE_STRING TargetName
+);
-#define SECURITY_SUPPORT_PROVIDER_INTERFACE_VERSION 1
-#define SECURITY_SUPPORT_PROVIDER_INTERFACE_VERSION_2 2
-#define SECURITY_SUPPORT_PROVIDER_INTERFACE_VERSION_3 3
-#define SECURITY_SUPPORT_PROVIDER_INTERFACE_VERSION_4 4
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwFlushInstructionCache (
+ _In_ HANDLE ProcessHandle,
+ _In_opt_ PVOID BaseAddress,
+ _In_ ULONG FlushSize
+);
-#define SECURITY_NATIVE_DREP 0x00000010
-#define SECURITY_NETWORK_DREP 0x00000000
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwFlushBuffersFile(
+ _In_ HANDLE FileHandle,
+ _Out_ PIO_STATUS_BLOCK IoStatusBlock
+);
-#define SECPKG_ID_NONE 0xFFFF
+#if (VER_PRODUCTBUILD >= 2195)
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwInitiatePowerAction (
+ _In_ POWER_ACTION SystemAction,
+ _In_ SYSTEM_POWER_STATE MinSystemState,
+ _In_ ULONG Flags,
+ _In_ BOOLEAN Asynchronous
+);
+#endif /* (VER_PRODUCTBUILD >= 2195) */
-#define SECPKG_CRED_ATTR_NAMES 1
-#define SECPKG_CRED_ATTR_SSI_PROVIDER 2
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwLoadKey (
+ _In_ POBJECT_ATTRIBUTES KeyObjectAttributes,
+ _In_ POBJECT_ATTRIBUTES FileObjectAttributes
+);
-#define SECPKG_ATTR_SIZES 0
-#define SECPKG_ATTR_NAMES 1
-#define SECPKG_ATTR_LIFESPAN 2
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwOpenProcessToken (
+ _In_ HANDLE ProcessHandle,
+ _In_ ACCESS_MASK DesiredAccess,
+ _Out_ PHANDLE TokenHandle
+);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwOpenThread (
+ _Out_ PHANDLE ThreadHandle,
+ _In_ ACCESS_MASK DesiredAccess,
+ _In_ POBJECT_ATTRIBUTES ObjectAttributes,
+ _In_ PCLIENT_ID ClientId
+);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwOpenThreadToken (
+ _In_ HANDLE ThreadHandle,
+ _In_ ACCESS_MASK DesiredAccess,
+ _In_ BOOLEAN OpenAsSelf,
+ _Out_ PHANDLE TokenHandle
+);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwPulseEvent (
+ _In_ HANDLE EventHandle,
+ _In_opt_ PLONG PulseCount
+);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwQueryDefaultLocale (
+ _In_ BOOLEAN UserProfile,
+ _Out_ PLCID DefaultLocaleId
+);
+
+#if (VER_PRODUCTBUILD >= 2195)
+_IRQL_requires_max_(PASSIVE_LEVEL)
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwQueryDirectoryObject(
+ _In_ HANDLE DirectoryHandle,
+ _Out_ PVOID Buffer,
+ _In_ ULONG BufferLength,
+ _In_ BOOLEAN ReturnSingleEntry,
+ _In_ BOOLEAN RestartScan,
+ _Inout_ PULONG Context,
+ _Out_opt_ PULONG ReturnLength
+);
+#endif /* (VER_PRODUCTBUILD >= 2195) */
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwQueryInformationProcess (
+ _In_ HANDLE ProcessHandle,
+ _In_ PROCESSINFOCLASS ProcessInformationClass,
+ _Out_ PVOID ProcessInformation,
+ _In_ ULONG ProcessInformationLength,
+ _Out_opt_ PULONG ReturnLength
+);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwReplaceKey (
+ _In_ POBJECT_ATTRIBUTES NewFileObjectAttributes,
+ _In_ HANDLE KeyHandle,
+ _In_ POBJECT_ATTRIBUTES OldFileObjectAttributes
+);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwResetEvent (
+ _In_ HANDLE EventHandle,
+ _Out_opt_ PLONG NumberOfWaitingThreads
+);
+
+#if (VER_PRODUCTBUILD >= 2195)
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwRestoreKey (
+ _In_ HANDLE KeyHandle,
+ _In_ HANDLE FileHandle,
+ _In_ ULONG Flags
+);
+#endif /* (VER_PRODUCTBUILD >= 2195) */
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwSaveKey (
+ _In_ HANDLE KeyHandle,
+ _In_ HANDLE FileHandle
+);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwSetDefaultLocale (
+ _In_ BOOLEAN UserProfile,
+ _In_ LCID DefaultLocaleId
+);
+
+#if (VER_PRODUCTBUILD >= 2195)
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwSetDefaultUILanguage (
+ _In_ LANGID LanguageId
+);
+#endif /* (VER_PRODUCTBUILD >= 2195) */
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwSetInformationProcess (
+ _In_ HANDLE ProcessHandle,
+ _In_ PROCESSINFOCLASS ProcessInformationClass,
+ _In_ PVOID ProcessInformation,
+ _In_ ULONG ProcessInformationLength
+);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwSetSystemTime (
+ _In_ PLARGE_INTEGER NewTime,
+ _Out_opt_ PLARGE_INTEGER OldTime
+);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwUnloadKey (
+ _In_ POBJECT_ATTRIBUTES KeyObjectAttributes
+);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwWaitForMultipleObjects (
+ _In_ ULONG HandleCount,
+ _In_ PHANDLE Handles,
+ _In_ WAIT_TYPE WaitType,
+ _In_ BOOLEAN Alertable,
+ _In_opt_ PLARGE_INTEGER Timeout
+);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwYieldExecution (
+ VOID
+);
+
+#endif /* (NTDDI_VERSION >= NTDDI_WIN7) */
+
+#ifndef __SSPI_H__
+#define __SSPI_H__
+
+// for ntifs.h:
+#define ISSP_LEVEL 32
+#define ISSP_MODE 0
+
+#ifdef MIDL_PASS
+#define MIDL_PROP(x) x
+#else
+#define MIDL_PROP(x)
+#endif
+
+#define SEC_TEXT TEXT
+#define SEC_FAR
+#define SEC_ENTRY __stdcall
+
+#if defined(_NO_KSECDD_IMPORT_)
+#define KSECDDDECLSPEC
+#else
+#define KSECDDDECLSPEC __declspec(dllimport)
+#endif
+
+#define SECQOP_WRAP_NO_ENCRYPT 0x80000001
+#define SECQOP_WRAP_OOB_DATA 0x40000000
+
+#define SECURITY_ENTRYPOINTW SEC_TEXT("InitSecurityInterfaceW")
+#define SECURITY_ENTRYPOINT SECURITY_ENTRYPOINTW
+
+#define SECURITY_SUPPORT_PROVIDER_INTERFACE_VERSION 1
+#define SECURITY_SUPPORT_PROVIDER_INTERFACE_VERSION_2 2
+#define SECURITY_SUPPORT_PROVIDER_INTERFACE_VERSION_3 3
+#define SECURITY_SUPPORT_PROVIDER_INTERFACE_VERSION_4 4
+
+#define SECURITY_NATIVE_DREP 0x00000010
+#define SECURITY_NETWORK_DREP 0x00000000
+
+#define SECPKG_ID_NONE 0xFFFF
+
+#define SECPKG_CRED_ATTR_NAMES 1
+#define SECPKG_CRED_ATTR_SSI_PROVIDER 2
+
+#define SECPKG_ATTR_SIZES 0
+#define SECPKG_ATTR_NAMES 1
+#define SECPKG_ATTR_LIFESPAN 2
#define SECPKG_ATTR_DCE_INFO 3
#define SECPKG_ATTR_STREAM_SIZES 4
#define SECPKG_ATTR_KEY_INFO 5
#ifdef MIDL_PASS
MIDL_PROP([size_is(cbBuffer)]) PCHAR pvBuffer;
#else
- __field_bcount(cbBuffer) void SEC_FAR *pvBuffer;
+ _Field_size_bytes_(cbBuffer) void SEC_FAR *pvBuffer;
#endif
} SecBuffer, *PSecBuffer;
{
ULONG ulVersion;
ULONG cBuffers;
- MIDL_PROP([size_is(cBuffers)]) __field_ecount(cBuffers) PSecBuffer pBuffers;
+ MIDL_PROP([size_is(cBuffers)]) _Field_size_(cBuffers) PSecBuffer pBuffers;
} SecBufferDesc, SEC_FAR *PSecBufferDesc;
typedef struct _SecPkgInfoW
typedef struct _SecPkgContext_SessionKey
{
ULONG SessionKeyLength;
- __field_bcount(SessionKeyLength) PUCHAR SessionKey;
+ _Field_size_bytes_(SessionKeyLength) PUCHAR SessionKey;
} SecPkgContext_SessionKey, *PSecPkgContext_SessionKey;
typedef struct _SecPkgContext_NegoKeys
{
ULONG KeyType;
USHORT KeyLength;
- __field_bcount(KeyLength) PUCHAR KeyValue;
+ _Field_size_bytes_(KeyLength) PUCHAR KeyValue;
ULONG VerifyKeyType;
USHORT VerifyKeyLength;
- __field_bcount(VerifyKeyLength) PUCHAR VerifyKeyValue;
+ _Field_size_bytes_(VerifyKeyLength) PUCHAR VerifyKeyValue;
} SecPkgContext_NegoKeys, *PSecPkgContext_NegoKeys;
typedef struct _SecPkgContext_DceInfo
#define HalGetDmaAlignmentRequirement() 1L
#endif
-extern NTKERNELAPI PUSHORT NlsOemLeadByteInfo;
-#define NLS_OEM_LEAD_BYTE_INFO NlsOemLeadByteInfo
-
-#ifdef NLS_MB_CODE_PAGE_TAG
-#undef NLS_MB_CODE_PAGE_TAG
+#ifdef _NTSYSTEM_
+extern PUSHORT NlsOemLeadByteInfo;
+#define NLS_OEM_LEAD_BYTE_INFO NlsOemLeadByteInfo
+#else
+__CREATE_NTOS_DATA_IMPORT_ALIAS(NlsOemLeadByteInfo)
+extern PUSHORT *NlsOemLeadByteInfo;
+#define NLS_OEM_LEAD_BYTE_INFO (*NlsOemLeadByteInfo)
#endif
-#define NLS_MB_CODE_PAGE_TAG NlsMbOemCodePageTag
#if (NTDDI_VERSION >= NTDDI_VISTA)
LARGE_INTEGER CreationTime;
} OBJECT_BASIC_INFORMATION, *POBJECT_BASIC_INFORMATION;
-typedef struct _BITMAP_RANGE {
- LIST_ENTRY Links;
- LONGLONG BasePage;
- ULONG FirstDirtyPage;
- ULONG LastDirtyPage;
- ULONG DirtyPages;
- PULONG Bitmap;
-} BITMAP_RANGE, *PBITMAP_RANGE;
-
typedef struct _FILE_COPY_ON_WRITE_INFORMATION {
BOOLEAN ReplaceIfExists;
HANDLE RootDirectory;
MAPPING_PAIR Pair[1];
} GET_RETRIEVAL_DESCRIPTOR, *PGET_RETRIEVAL_DESCRIPTOR;
-typedef struct _MBCB {
- CSHORT NodeTypeCode;
- CSHORT NodeIsInZone;
- ULONG PagesToWrite;
- ULONG DirtyPages;
- ULONG Reserved;
- LIST_ENTRY BitmapRanges;
- LONGLONG ResumeWritePage;
- BITMAP_RANGE BitmapRange1;
- BITMAP_RANGE BitmapRange2;
- BITMAP_RANGE BitmapRange3;
-} MBCB, *PMBCB;
-
typedef struct _MOVEFILE_DESCRIPTOR {
HANDLE FileHandle;
ULONG Reserved;
LARGE_INTEGER
NTAPI
CcGetLsnForFileObject (
- IN PFILE_OBJECT FileObject,
- OUT PLARGE_INTEGER OldestLsn OPTIONAL
+ _In_ PFILE_OBJECT FileObject,
+ _Out_opt_ PLARGE_INTEGER OldestLsn
);
NTKERNELAPI
PVOID
NTAPI
FsRtlAllocatePool (
- IN POOL_TYPE PoolType,
- IN ULONG NumberOfBytes
+ _In_ POOL_TYPE PoolType,
+ _In_ ULONG NumberOfBytes
);
NTKERNELAPI
PVOID
NTAPI
FsRtlAllocatePoolWithQuota (
- IN POOL_TYPE PoolType,
- IN ULONG NumberOfBytes
+ _In_ POOL_TYPE PoolType,
+ _In_ ULONG NumberOfBytes
);
NTKERNELAPI
PVOID
NTAPI
FsRtlAllocatePoolWithQuotaTag (
- IN POOL_TYPE PoolType,
- IN ULONG NumberOfBytes,
- IN ULONG Tag
+ _In_ POOL_TYPE PoolType,
+ _In_ ULONG NumberOfBytes,
+ _In_ ULONG Tag
);
NTKERNELAPI
PVOID
NTAPI
FsRtlAllocatePoolWithTag (
- IN POOL_TYPE PoolType,
- IN ULONG NumberOfBytes,
- IN ULONG Tag
+ _In_ POOL_TYPE PoolType,
+ _In_ ULONG NumberOfBytes,
+ _In_ ULONG Tag
);
NTKERNELAPI
BOOLEAN
NTAPI
FsRtlMdlReadComplete (
- IN PFILE_OBJECT FileObject,
- IN PMDL MdlChain
+ _In_ PFILE_OBJECT FileObject,
+ _In_ PMDL MdlChain
);
NTKERNELAPI
BOOLEAN
NTAPI
FsRtlMdlWriteComplete (
- IN PFILE_OBJECT FileObject,
- IN PLARGE_INTEGER FileOffset,
- IN PMDL MdlChain
+ _In_ PFILE_OBJECT FileObject,
+ _In_ PLARGE_INTEGER FileOffset,
+ _In_ PMDL MdlChain
);
NTKERNELAPI
VOID
NTAPI
FsRtlNotifyChangeDirectory (
- IN PNOTIFY_SYNC NotifySync,
- IN PVOID FsContext,
- IN PSTRING FullDirectoryName,
- IN PLIST_ENTRY NotifyList,
- IN BOOLEAN WatchTree,
- IN ULONG CompletionFilter,
- IN PIRP NotifyIrp
+ _In_ PNOTIFY_SYNC NotifySync,
+ _In_ PVOID FsContext,
+ _In_ PSTRING FullDirectoryName,
+ _In_ PLIST_ENTRY NotifyList,
+ _In_ BOOLEAN WatchTree,
+ _In_ ULONG CompletionFilter,
+ _In_ PIRP NotifyIrp
);
+#if 1
NTKERNELAPI
NTSTATUS
NTAPI
_Out_ PVOID *Object
);
-NTKERNELAPI
-ULONG
-NTAPI
-ObGetObjectPointerCount(
- _In_ PVOID Object
-);
-
NTKERNELAPI
NTSTATUS
NTAPI
-ObReferenceObjectByName(
+ObReferenceObjectByName (
_In_ PUNICODE_STRING ObjectName,
_In_ ULONG Attributes,
_In_opt_ PACCESS_STATE PassedAccessState,
NTKERNELAPI
NTSTATUS
NTAPI
-PsLookupProcessThreadByCid(
- _In_ PCLIENT_ID Cid,
- _Out_opt_ PEPROCESS *Process,
- _Out_ PETHREAD *Thread
+PsLookupProcessThreadByCid (
+ _In_ PCLIENT_ID Cid,
+ _Out_opt_ PEPROCESS *Process,
+ _Out_ PETHREAD *Thread
);
NTSYSAPI
NTSTATUS
NTAPI
-RtlSetSaclSecurityDescriptor(
+RtlSetSaclSecurityDescriptor (
_Inout_ PSECURITY_DESCRIPTOR SecurityDescriptor,
- _In_ BOOLEAN SaclPresent,
- _In_ PACL Sacl,
- _In_ BOOLEAN SaclDefaulted
+ _In_ BOOLEAN SaclPresent,
+ _In_ PACL Sacl,
+ _In_ BOOLEAN SaclDefaulted
);
#define SeEnableAccessToExports() SeExports = *(PSE_EXPORTS *)SeExports;
-#if (VER_PRODUCTBUILD >= 2195)
-
-_Must_inspect_result_
-NTSYSAPI
-NTSTATUS
-NTAPI
-ZwAdjustPrivilegesToken(
- _In_ HANDLE TokenHandle,
- _In_ BOOLEAN DisableAllPrivileges,
- _In_opt_ PTOKEN_PRIVILEGES NewState,
- _In_ ULONG BufferLength,
- _Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_PRIVILEGES PreviousState,
- _Out_ _When_(PreviousState == NULL, _Out_opt_) PULONG ReturnLength
-);
-
-#endif /* (VER_PRODUCTBUILD >= 2195) */
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-ZwAlertThread(
- _In_ HANDLE ThreadHandle
-);
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-ZwAccessCheckAndAuditAlarm (
- IN PUNICODE_STRING SubsystemName,
- IN PVOID HandleId,
- IN PUNICODE_STRING ObjectTypeName,
- IN PUNICODE_STRING ObjectName,
- IN PSECURITY_DESCRIPTOR SecurityDescriptor,
- IN ACCESS_MASK DesiredAccess,
- IN PGENERIC_MAPPING GenericMapping,
- IN BOOLEAN ObjectCreation,
- OUT PACCESS_MASK GrantedAccess,
- OUT PBOOLEAN AccessStatus,
- OUT PBOOLEAN GenerateOnClose
-);
-
-#if (VER_PRODUCTBUILD >= 2195)
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-ZwCancelIoFile(
- _In_ HANDLE FileHandle,
- _Out_ PIO_STATUS_BLOCK IoStatusBlock
-);
-
-#endif /* (VER_PRODUCTBUILD >= 2195) */
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-ZwClearEvent(
- _In_ HANDLE EventHandle
-);
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-ZwCloseObjectAuditAlarm(
- _In_ PUNICODE_STRING SubsystemName,
- _In_ PVOID HandleId,
- _In_ BOOLEAN GenerateOnClose
-);
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-ZwCreateSymbolicLinkObject(
- _Out_ PHANDLE SymbolicLinkHandle,
- _In_ ACCESS_MASK DesiredAccess,
- _In_ POBJECT_ATTRIBUTES ObjectAttributes,
- _In_ PUNICODE_STRING Name
-);
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-ZwFlushInstructionCache(
- _In_ HANDLE ProcessHandle,
- _In_ PVOID BaseAddress,
- _In_ ULONG NumberOfBytesToFlush
-);
-
-_IRQL_requires_max_(PASSIVE_LEVEL)
-NTSYSAPI
-NTSTATUS
-NTAPI
-ZwFlushBuffersFile(
- _In_ HANDLE FileHandle,
- _Out_ PIO_STATUS_BLOCK IoStatusBlock
-);
-
-#if (VER_PRODUCTBUILD >= 2195)
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-ZwInitiatePowerAction(
- _In_ POWER_ACTION SystemAction,
- _In_ SYSTEM_POWER_STATE MinSystemState,
- _In_ ULONG Flags,
- _In_ BOOLEAN Asynchronous
-);
-
-#endif /* (VER_PRODUCTBUILD >= 2195) */
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-ZwLoadKey (
- IN POBJECT_ATTRIBUTES KeyObjectAttributes,
- IN POBJECT_ATTRIBUTES FileObjectAttributes
-);
-
-_IRQL_requires_max_(PASSIVE_LEVEL)
-NTSYSAPI
-NTSTATUS
-NTAPI
-ZwOpenProcessToken(
- _In_ HANDLE ProcessHandle,
- _In_ ACCESS_MASK DesiredAccess,
- _Out_ PHANDLE TokenHandle
-);
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-ZwOpenThread(
- _Out_ PHANDLE ThreadHandle,
- _In_ ACCESS_MASK DesiredAccess,
- _In_ POBJECT_ATTRIBUTES ObjectAttributes,
- _In_ PCLIENT_ID ClientId
-);
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-ZwOpenThreadToken(
- _In_ HANDLE ThreadHandle,
- _In_ ACCESS_MASK DesiredAccess,
- _In_ BOOLEAN OpenAsSelf,
- _Out_ PHANDLE TokenHandle
-);
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-ZwPulseEvent(
- _In_ HANDLE EventHandle,
- _In_opt_ PLONG PulseCount
-);
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-ZwQueryDefaultLocale(
- _In_ BOOLEAN UserProfile,
- _Out_ PLCID DefaultLocaleId
-);
-
-#if (VER_PRODUCTBUILD >= 2195)
-
-_IRQL_requires_max_(PASSIVE_LEVEL)
-NTSYSAPI
-NTSTATUS
-NTAPI
-ZwQueryDirectoryObject(
- _In_ HANDLE DirectoryHandle,
- _Out_ PVOID Buffer,
- _In_ ULONG BufferLength,
- _In_ BOOLEAN ReturnSingleEntry,
- _In_ BOOLEAN RestartScan,
- _Inout_ PULONG Context,
- _Out_opt_ PULONG ReturnLength
-);
-
-#endif /* (VER_PRODUCTBUILD >= 2195) */
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-ZwQueryInformationProcess (
- IN HANDLE ProcessHandle,
- IN PROCESSINFOCLASS ProcessInformationClass,
- OUT PVOID ProcessInformation,
- IN ULONG ProcessInformationLength,
- OUT PULONG ReturnLength OPTIONAL
-);
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-ZwReplaceKey (
- IN POBJECT_ATTRIBUTES NewFileObjectAttributes,
- IN HANDLE KeyHandle,
- IN POBJECT_ATTRIBUTES OldFileObjectAttributes
-);
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-ZwResetEvent(
- _In_ HANDLE EventHandle,
- _Out_opt_ PLONG NumberOfWaitingThreads
-);
-
-#if (VER_PRODUCTBUILD >= 2195)
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-ZwRestoreKey (
- IN HANDLE KeyHandle,
- IN HANDLE FileHandle,
- IN ULONG Flags
-);
-
-#endif /* (VER_PRODUCTBUILD >= 2195) */
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-ZwSaveKey (
- IN HANDLE KeyHandle,
- IN HANDLE FileHandle
-);
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-ZwSetDefaultLocale(
- _In_ BOOLEAN UserProfile,
- _In_ LCID DefaultLocaleId
-);
-
-#if (VER_PRODUCTBUILD >= 2195)
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-ZwSetDefaultUILanguage (
- IN LANGID LanguageId
-);
-
-#endif /* (VER_PRODUCTBUILD >= 2195) */
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-ZwSetInformationProcess(
- _In_ HANDLE ProcessHandle,
- _In_ PROCESSINFOCLASS ProcessInformationClass,
- _In_ PVOID ProcessInformation,
- _In_ ULONG ProcessInformationLength
-);
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-ZwSetSystemTime(
- _In_ PLARGE_INTEGER SystemTime,
- _In_opt_ PLARGE_INTEGER NewSystemTime
-);
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-ZwUnloadKey(
- _In_ POBJECT_ATTRIBUTES KeyObjectAttributes
-);
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-ZwWaitForMultipleObjects(
- _In_ ULONG Count,
- _In_ HANDLE Object[],
- _In_ WAIT_TYPE WaitType,
- _In_ BOOLEAN Alertable,
- _In_ PLARGE_INTEGER Time
-);
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-ZwYieldExecution (
- VOID
-);
+#endif
#pragma pack(pop)