-#ifndef __INCLUDE_DDK_NTIFS_H
-#define __INCLUDE_DDK_NTIFS_H
+/*
+ * ntifs.h
+ *
+ * Windows NT Filesystem Driver Developer Kit
+ *
+ * This file is part of the w32api package.
+ *
+ * Contributors:
+ * Created by Bo Brantén <bosse@acc.umu.se>
+ *
+ * THIS SOFTWARE IS NOT COPYRIGHTED
+ *
+ * This source code is offered for use in the public domain. You may
+ * use, modify or distribute it freely.
+ *
+ * This code is distributed in the hope that it will be useful but
+ * WITHOUT ANY WARRANTY. ALL WARRANTIES, EXPRESS OR IMPLIED ARE HEREBY
+ * DISCLAIMED. This includes but is not limited to warranties of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ *
+ */
-struct _BCB;
+#ifndef _NTIFS_
+#define _NTIFS_
+#define _GNU_NTIFS_
-typedef struct _BCB* PBCB;
+#if __GNUC__ >= 3
+#pragma GCC system_header
+#endif
-struct _MEMORY_AREA;
+#ifdef _NTOSKRNL_
+/* HACKHACKHACK!!! We shouldn't include this header from ntoskrnl! */
+#define NTKERNELAPI
+#else
+#define NTKERNELAPI DECLSPEC_IMPORT
+#endif
-struct _CACHE_SEGMENT;
+#include "ntddk.h"
-typedef struct _CACHE_SEGMENT* PCACHE_SEGMENT;
+#define _NTIFS_INCLUDED_
+#ifdef __cplusplus
+extern "C" {
+#endif
-NTSTATUS STDCALL
-CcRosFlushCacheSegment (struct _CACHE_SEGMENT* CacheSeg);
-NTSTATUS STDCALL
-CcRosReleaseCacheSegment (struct _BCB* Bcb,
- struct _CACHE_SEGMENT* CacheSeg,
- BOOLEAN Valid,
- BOOLEAN Dirty,
- BOOLEAN Mapped);
-NTSTATUS STDCALL
-CcRosRequestCacheSegment (struct _BCB* Bcb,
- ULONG FileOffset,
- PVOID* BaseAddress,
- PBOOLEAN UptoDate,
- struct _CACHE_SEGMENT** CacheSeg);
-NTSTATUS STDCALL
-CcRosInitializeFileCache (PFILE_OBJECT FileObject,
- struct _BCB** Bcb,
- ULONG CacheSegmentSize);
-NTSTATUS STDCALL
-CcRosReleaseFileCache (PFILE_OBJECT FileObject,
- struct _BCB* Bcb);
+#pragma pack(push,4)
-#include <ddk/cctypes.h>
+#ifndef VER_PRODUCTBUILD
+#define VER_PRODUCTBUILD 10000
+#endif
-#include <ddk/ccfuncs.h>
+#ifndef NTSYSAPI
+#define NTSYSAPI
+#endif
-#include <ddk/fstypes.h>
-#include <ddk/fsfuncs.h>
+#define EX_PUSH_LOCK ULONG_PTR
+#define PEX_PUSH_LOCK PULONG_PTR
-#endif /* __INCLUDE_DDK_NTIFS_H */
+#include "csq.h"
+
+typedef struct _SE_EXPORTS *PSE_EXPORTS;
+
+#ifdef _NTOSKRNL_
+extern PUCHAR FsRtlLegalAnsiCharacterArray;
+#else
+extern DECLSPEC_IMPORT PUCHAR FsRtlLegalAnsiCharacterArray;
+#endif
+extern PSE_EXPORTS SeExports;
+extern PACL SePublicDefaultDacl;
+extern PACL SeSystemDefaultDacl;
+
+extern KSPIN_LOCK IoStatisticsLock;
+extern ULONG IoReadOperationCount;
+extern ULONG IoWriteOperationCount;
+extern ULONG IoOtherOperationCount;
+extern LARGE_INTEGER IoReadTransferCount;
+extern LARGE_INTEGER IoWriteTransferCount;
+extern LARGE_INTEGER IoOtherTransferCount;
+
+typedef STRING LSA_STRING, *PLSA_STRING;
+typedef ULONG LSA_OPERATIONAL_MODE, *PLSA_OPERATIONAL_MODE;
+
+typedef enum _SECURITY_LOGON_TYPE
+{
+ UndefinedLogonType = 0,
+ Interactive = 2,
+ Network,
+ Batch,
+ Service,
+ Proxy,
+ Unlock,
+ NetworkCleartext,
+ NewCredentials,
+#if (_WIN32_WINNT >= 0x0501)
+ RemoteInteractive,
+ CachedInteractive,
+#endif
+#if (_WIN32_WINNT >= 0x0502)
+ CachedRemoteInteractive,
+ CachedUnlock
+#endif
+} SECURITY_LOGON_TYPE, *PSECURITY_LOGON_TYPE;
+
+#define ANSI_DOS_STAR ('<')
+#define ANSI_DOS_QM ('>')
+#define ANSI_DOS_DOT ('"')
+
+#define DOS_STAR (L'<')
+#define DOS_QM (L'>')
+#define DOS_DOT (L'"')
+
+/* also in winnt.h */
+#define ACCESS_MIN_MS_ACE_TYPE (0x0)
+#define ACCESS_ALLOWED_ACE_TYPE (0x0)
+#define ACCESS_DENIED_ACE_TYPE (0x1)
+#define SYSTEM_AUDIT_ACE_TYPE (0x2)
+#define SYSTEM_ALARM_ACE_TYPE (0x3)
+#define ACCESS_MAX_MS_V2_ACE_TYPE (0x3)
+#define ACCESS_ALLOWED_COMPOUND_ACE_TYPE (0x4)
+#define ACCESS_MAX_MS_V3_ACE_TYPE (0x4)
+#define ACCESS_MIN_MS_OBJECT_ACE_TYPE (0x5)
+#define ACCESS_ALLOWED_OBJECT_ACE_TYPE (0x5)
+#define ACCESS_DENIED_OBJECT_ACE_TYPE (0x6)
+#define SYSTEM_AUDIT_OBJECT_ACE_TYPE (0x7)
+#define SYSTEM_ALARM_OBJECT_ACE_TYPE (0x8)
+#define ACCESS_MAX_MS_OBJECT_ACE_TYPE (0x8)
+#define ACCESS_MAX_MS_V4_ACE_TYPE (0x8)
+#define ACCESS_MAX_MS_ACE_TYPE (0x8)
+#define ACCESS_ALLOWED_CALLBACK_ACE_TYPE (0x9)
+#define ACCESS_DENIED_CALLBACK_ACE_TYPE (0xA)
+#define ACCESS_ALLOWED_CALLBACK_OBJECT_ACE_TYPE (0xB)
+#define ACCESS_DENIED_CALLBACK_OBJECT_ACE_TYPE (0xC)
+#define SYSTEM_AUDIT_CALLBACK_ACE_TYPE (0xD)
+#define SYSTEM_ALARM_CALLBACK_ACE_TYPE (0xE)
+#define SYSTEM_AUDIT_CALLBACK_OBJECT_ACE_TYPE (0xF)
+#define SYSTEM_ALARM_CALLBACK_OBJECT_ACE_TYPE (0x10)
+#define ACCESS_MAX_MS_V5_ACE_TYPE (0x10)
+
+#define COMPRESSION_FORMAT_NONE (0x0000)
+#define COMPRESSION_FORMAT_DEFAULT (0x0001)
+#define COMPRESSION_FORMAT_LZNT1 (0x0002)
+#define COMPRESSION_ENGINE_STANDARD (0x0000)
+#define COMPRESSION_ENGINE_MAXIMUM (0x0100)
+#define COMPRESSION_ENGINE_HIBER (0x0200)
+
+#define FILE_ACTION_ADDED 0x00000001
+#define FILE_ACTION_REMOVED 0x00000002
+#define FILE_ACTION_MODIFIED 0x00000003
+#define FILE_ACTION_RENAMED_OLD_NAME 0x00000004
+#define FILE_ACTION_RENAMED_NEW_NAME 0x00000005
+#define FILE_ACTION_ADDED_STREAM 0x00000006
+#define FILE_ACTION_REMOVED_STREAM 0x00000007
+#define FILE_ACTION_MODIFIED_STREAM 0x00000008
+#define FILE_ACTION_REMOVED_BY_DELETE 0x00000009
+#define FILE_ACTION_ID_NOT_TUNNELLED 0x0000000A
+#define FILE_ACTION_TUNNELLED_ID_COLLISION 0x0000000B
+/* end winnt.h */
+
+#define FILE_EA_TYPE_BINARY 0xfffe
+#define FILE_EA_TYPE_ASCII 0xfffd
+#define FILE_EA_TYPE_BITMAP 0xfffb
+#define FILE_EA_TYPE_METAFILE 0xfffa
+#define FILE_EA_TYPE_ICON 0xfff9
+#define FILE_EA_TYPE_EA 0xffee
+#define FILE_EA_TYPE_MVMT 0xffdf
+#define FILE_EA_TYPE_MVST 0xffde
+#define FILE_EA_TYPE_ASN1 0xffdd
+#define FILE_EA_TYPE_FAMILY_IDS 0xff01
+
+#define FILE_NEED_EA 0x00000080
+
+/* also in winnt.h */
+#define FILE_NOTIFY_CHANGE_FILE_NAME 0x00000001
+#define FILE_NOTIFY_CHANGE_DIR_NAME 0x00000002
+#define FILE_NOTIFY_CHANGE_NAME 0x00000003
+#define FILE_NOTIFY_CHANGE_ATTRIBUTES 0x00000004
+#define FILE_NOTIFY_CHANGE_SIZE 0x00000008
+#define FILE_NOTIFY_CHANGE_LAST_WRITE 0x00000010
+#define FILE_NOTIFY_CHANGE_LAST_ACCESS 0x00000020
+#define FILE_NOTIFY_CHANGE_CREATION 0x00000040
+#define FILE_NOTIFY_CHANGE_EA 0x00000080
+#define FILE_NOTIFY_CHANGE_SECURITY 0x00000100
+#define FILE_NOTIFY_CHANGE_STREAM_NAME 0x00000200
+#define FILE_NOTIFY_CHANGE_STREAM_SIZE 0x00000400
+#define FILE_NOTIFY_CHANGE_STREAM_WRITE 0x00000800
+#define FILE_NOTIFY_VALID_MASK 0x00000fff
+/* end winnt.h */
+
+#define FILE_OPLOCK_BROKEN_TO_LEVEL_2 0x00000007
+#define FILE_OPLOCK_BROKEN_TO_NONE 0x00000008
+
+#define FILE_OPBATCH_BREAK_UNDERWAY 0x00000009
+
+#define FILE_CASE_SENSITIVE_SEARCH 0x00000001
+#define FILE_CASE_PRESERVED_NAMES 0x00000002
+#define FILE_UNICODE_ON_DISK 0x00000004
+#define FILE_PERSISTENT_ACLS 0x00000008
+#define FILE_FILE_COMPRESSION 0x00000010
+#define FILE_VOLUME_QUOTAS 0x00000020
+#define FILE_SUPPORTS_SPARSE_FILES 0x00000040
+#define FILE_SUPPORTS_REPARSE_POINTS 0x00000080
+#define FILE_SUPPORTS_REMOTE_STORAGE 0x00000100
+#define FS_LFN_APIS 0x00004000
+#define FILE_VOLUME_IS_COMPRESSED 0x00008000
+#define FILE_SUPPORTS_OBJECT_IDS 0x00010000
+#define FILE_SUPPORTS_ENCRYPTION 0x00020000
+#define FILE_NAMED_STREAMS 0x00040000
+
+#define FILE_PIPE_BYTE_STREAM_TYPE 0x00000000
+#define FILE_PIPE_MESSAGE_TYPE 0x00000001
+
+#define FILE_PIPE_BYTE_STREAM_MODE 0x00000000
+#define FILE_PIPE_MESSAGE_MODE 0x00000001
+
+#define FILE_PIPE_QUEUE_OPERATION 0x00000000
+#define FILE_PIPE_COMPLETE_OPERATION 0x00000001
+
+#define FILE_PIPE_INBOUND 0x00000000
+#define FILE_PIPE_OUTBOUND 0x00000001
+#define FILE_PIPE_FULL_DUPLEX 0x00000002
+
+#define FILE_PIPE_DISCONNECTED_STATE 0x00000001
+#define FILE_PIPE_LISTENING_STATE 0x00000002
+#define FILE_PIPE_CONNECTED_STATE 0x00000003
+#define FILE_PIPE_CLOSING_STATE 0x00000004
+
+#define FILE_PIPE_CLIENT_END 0x00000000
+#define FILE_PIPE_SERVER_END 0x00000001
+
+#define FILE_PIPE_READ_DATA 0x00000000
+#define FILE_PIPE_WRITE_SPACE 0x00000001
+
+#define FILE_STORAGE_TYPE_SPECIFIED 0x00000041 /* FILE_DIRECTORY_FILE | FILE_NON_DIRECTORY_FILE */
+#define FILE_STORAGE_TYPE_DEFAULT (StorageTypeDefault << FILE_STORAGE_TYPE_SHIFT)
+#define FILE_STORAGE_TYPE_DIRECTORY (StorageTypeDirectory << FILE_STORAGE_TYPE_SHIFT)
+#define FILE_STORAGE_TYPE_FILE (StorageTypeFile << FILE_STORAGE_TYPE_SHIFT)
+#define FILE_STORAGE_TYPE_DOCFILE (StorageTypeDocfile << FILE_STORAGE_TYPE_SHIFT)
+#define FILE_STORAGE_TYPE_JUNCTION_POINT (StorageTypeJunctionPoint << FILE_STORAGE_TYPE_SHIFT)
+#define FILE_STORAGE_TYPE_CATALOG (StorageTypeCatalog << FILE_STORAGE_TYPE_SHIFT)
+#define FILE_STORAGE_TYPE_STRUCTURED_STORAGE (StorageTypeStructuredStorage << FILE_STORAGE_TYPE_SHIFT)
+#define FILE_STORAGE_TYPE_EMBEDDING (StorageTypeEmbedding << FILE_STORAGE_TYPE_SHIFT)
+#define FILE_STORAGE_TYPE_STREAM (StorageTypeStream << FILE_STORAGE_TYPE_SHIFT)
+#define FILE_MINIMUM_STORAGE_TYPE FILE_STORAGE_TYPE_DEFAULT
+#define FILE_MAXIMUM_STORAGE_TYPE FILE_STORAGE_TYPE_STREAM
+#define FILE_STORAGE_TYPE_MASK 0x000f0000
+#define FILE_STORAGE_TYPE_SHIFT 16
+
+#define FILE_VC_QUOTA_NONE 0x00000000
+#define FILE_VC_QUOTA_TRACK 0x00000001
+#define FILE_VC_QUOTA_ENFORCE 0x00000002
+#define FILE_VC_QUOTA_MASK 0x00000003
+
+#define FILE_VC_QUOTAS_LOG_VIOLATIONS 0x00000004
+#define FILE_VC_CONTENT_INDEX_DISABLED 0x00000008
+
+#define FILE_VC_LOG_QUOTA_THRESHOLD 0x00000010
+#define FILE_VC_LOG_QUOTA_LIMIT 0x00000020
+#define FILE_VC_LOG_VOLUME_THRESHOLD 0x00000040
+#define FILE_VC_LOG_VOLUME_LIMIT 0x00000080
+
+#define FILE_VC_QUOTAS_INCOMPLETE 0x00000100
+#define FILE_VC_QUOTAS_REBUILDING 0x00000200
+
+#define FILE_VC_VALID_MASK 0x000003ff
+
+#define FSRTL_FLAG_FILE_MODIFIED (0x01)
+#define FSRTL_FLAG_FILE_LENGTH_CHANGED (0x02)
+#define FSRTL_FLAG_LIMIT_MODIFIED_PAGES (0x04)
+#define FSRTL_FLAG_ACQUIRE_MAIN_RSRC_EX (0x08)
+#define FSRTL_FLAG_ACQUIRE_MAIN_RSRC_SH (0x10)
+#define FSRTL_FLAG_USER_MAPPED_FILE (0x20)
+#define FSRTL_FLAG_EOF_ADVANCE_ACTIVE (0x80)
+
+#define FSRTL_FLAG2_DO_MODIFIED_WRITE (0x01)
+
+#define FSRTL_FSP_TOP_LEVEL_IRP (0x01)
+#define FSRTL_CACHE_TOP_LEVEL_IRP (0x02)
+#define FSRTL_MOD_WRITE_TOP_LEVEL_IRP (0x03)
+#define FSRTL_FAST_IO_TOP_LEVEL_IRP (0x04)
+#define FSRTL_MAX_TOP_LEVEL_IRP_FLAG (0x04)
+
+#define FSRTL_VOLUME_DISMOUNT 1
+#define FSRTL_VOLUME_DISMOUNT_FAILED 2
+#define FSRTL_VOLUME_LOCK 3
+#define FSRTL_VOLUME_LOCK_FAILED 4
+#define FSRTL_VOLUME_UNLOCK 5
+#define FSRTL_VOLUME_MOUNT 6
+
+#define FSRTL_WILD_CHARACTER 0x08
+
+#define FSRTL_FAT_LEGAL 0x01
+#define FSRTL_HPFS_LEGAL 0x02
+#define FSRTL_NTFS_LEGAL 0x04
+#define FSRTL_WILD_CHARACTER 0x08
+#define FSRTL_OLE_LEGAL 0x10
+#define FSRTL_NTFS_STREAM_LEGAL 0x14
+
+#ifdef _X86_
+#define HARDWARE_PTE HARDWARE_PTE_X86
+#define PHARDWARE_PTE PHARDWARE_PTE_X86
+#else
+#define HARDWARE_PTE ULONG
+#define PHARDWARE_PTE PULONG
+#endif
+
+#define IO_CHECK_CREATE_PARAMETERS 0x0200
+#define IO_ATTACH_DEVICE 0x0400
+
+#define IO_ATTACH_DEVICE_API 0x80000000
+
+#define IO_FILE_OBJECT_NON_PAGED_POOL_CHARGE 64
+#define IO_FILE_OBJECT_PAGED_POOL_CHARGE 1024
+
+#define IO_TYPE_APC 18
+#define IO_TYPE_DPC 19
+#define IO_TYPE_DEVICE_QUEUE 20
+#define IO_TYPE_EVENT_PAIR 21
+#define IO_TYPE_INTERRUPT 22
+#define IO_TYPE_PROFILE 23
+
+#define IRP_BEING_VERIFIED 0x10
+
+#define MAILSLOT_CLASS_FIRSTCLASS 1
+#define MAILSLOT_CLASS_SECONDCLASS 2
+
+#define MAILSLOT_SIZE_AUTO 0
+
+#define MAP_PROCESS 1L
+#define MAP_SYSTEM 2L
+#define MEM_DOS_LIM 0x40000000
+
+#define OB_TYPE_TYPE 1
+#define OB_TYPE_DIRECTORY 2
+#define OB_TYPE_SYMBOLIC_LINK 3
+#define OB_TYPE_TOKEN 4
+#define OB_TYPE_PROCESS 5
+#define OB_TYPE_THREAD 6
+#define OB_TYPE_EVENT 7
+#define OB_TYPE_EVENT_PAIR 8
+#define OB_TYPE_MUTANT 9
+#define OB_TYPE_SEMAPHORE 10
+#define OB_TYPE_TIMER 11
+#define OB_TYPE_PROFILE 12
+#define OB_TYPE_WINDOW_STATION 13
+#define OB_TYPE_DESKTOP 14
+#define OB_TYPE_SECTION 15
+#define OB_TYPE_KEY 16
+#define OB_TYPE_PORT 17
+#define OB_TYPE_ADAPTER 18
+#define OB_TYPE_CONTROLLER 19
+#define OB_TYPE_DEVICE 20
+#define OB_TYPE_DRIVER 21
+#define OB_TYPE_IO_COMPLETION 22
+#define OB_TYPE_FILE 23
+
+#define PIN_WAIT (1)
+#define PIN_EXCLUSIVE (2)
+#define PIN_NO_READ (4)
+#define PIN_IF_BCB (8)
+
+#define RTL_DUPLICATE_UNICODE_STRING_NULL_TERMINATE 1
+#define RTL_DUPLICATE_UNICODE_STRING_ALLOCATE_NULL_STRING 2
+
+#define SEC_BASED 0x00200000
+
+#define SECURITY_WORLD_SID_AUTHORITY {0,0,0,0,0,1}
+#define SECURITY_WORLD_RID (0x00000000L)
+
+#define SID_REVISION 1
+#define SID_MAX_SUB_AUTHORITIES 15
+#define SID_RECOMMENDED_SUB_AUTHORITIES 1
+
+#define TOKEN_ASSIGN_PRIMARY (0x0001)
+#define TOKEN_DUPLICATE (0x0002)
+#define TOKEN_IMPERSONATE (0x0004)
+#define TOKEN_QUERY (0x0008)
+#define TOKEN_QUERY_SOURCE (0x0010)
+#define TOKEN_ADJUST_PRIVILEGES (0x0020)
+#define TOKEN_ADJUST_GROUPS (0x0040)
+#define TOKEN_ADJUST_DEFAULT (0x0080)
+#define TOKEN_ADJUST_SESSIONID (0x0100)
+
+#define TOKEN_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED |\
+ TOKEN_ASSIGN_PRIMARY |\
+ TOKEN_DUPLICATE |\
+ TOKEN_IMPERSONATE |\
+ TOKEN_QUERY |\
+ TOKEN_QUERY_SOURCE |\
+ TOKEN_ADJUST_PRIVILEGES |\
+ TOKEN_ADJUST_GROUPS |\
+ TOKEN_ADJUST_DEFAULT |\
+ TOKEN_ADJUST_SESSIONID)
+
+#define TOKEN_READ (STANDARD_RIGHTS_READ |\
+ TOKEN_QUERY)
+
+#define TOKEN_WRITE (STANDARD_RIGHTS_WRITE |\
+ TOKEN_ADJUST_PRIVILEGES |\
+ TOKEN_ADJUST_GROUPS |\
+ TOKEN_ADJUST_DEFAULT)
+
+#define TOKEN_EXECUTE (STANDARD_RIGHTS_EXECUTE)
+
+#define TOKEN_SOURCE_LENGTH 8
+/* end winnt.h */
+
+#define TOKEN_HAS_TRAVERSE_PRIVILEGE 0x01
+#define TOKEN_HAS_BACKUP_PRIVILEGE 0x02
+#define TOKEN_HAS_RESTORE_PRIVILEGE 0x04
+#define TOKEN_HAS_ADMIN_GROUP 0x08
+#define TOKEN_WRITE_RESTRICTED 0x08
+#define TOKEN_IS_RESTRICTED 0x10
+#define SE_BACKUP_PRIVILEGES_CHECKED 0x0100
+
+#define VACB_MAPPING_GRANULARITY (0x40000)
+#define VACB_OFFSET_SHIFT (18)
+
+#define SE_OWNER_DEFAULTED 0x0001
+#define SE_GROUP_DEFAULTED 0x0002
+#define SE_DACL_PRESENT 0x0004
+#define SE_DACL_DEFAULTED 0x0008
+#define SE_SACL_PRESENT 0x0010
+#define SE_SACL_DEFAULTED 0x0020
+#define SE_DACL_UNTRUSTED 0x0040
+#define SE_SERVER_SECURITY 0x0080
+#define SE_DACL_AUTO_INHERIT_REQ 0x0100
+#define SE_SACL_AUTO_INHERIT_REQ 0x0200
+#define SE_DACL_AUTO_INHERITED 0x0400
+#define SE_SACL_AUTO_INHERITED 0x0800
+#define SE_DACL_PROTECTED 0x1000
+#define SE_SACL_PROTECTED 0x2000
+#define SE_RM_CONTROL_VALID 0x4000
+#define SE_SELF_RELATIVE 0x8000
+
+#ifndef _WINNT_H
+#define _AUDIT_EVENT_TYPE_HACK 0
+#endif
+#if (_AUDIT_EVENT_TYPE_HACK == 1)
+
+#else
+typedef enum _AUDIT_EVENT_TYPE
+{
+ AuditEventObjectAccess,
+ AuditEventDirectoryServiceAccess
+} AUDIT_EVENT_TYPE, *PAUDIT_EVENT_TYPE;
+#endif
+
+#define AUDIT_ALLOW_NO_PRIVILEGE 0x1
+
+#define FSCTL_REQUEST_OPLOCK_LEVEL_1 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 0, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_REQUEST_OPLOCK_LEVEL_2 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 1, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_REQUEST_BATCH_OPLOCK CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 2, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_OPLOCK_BREAK_ACKNOWLEDGE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 3, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_OPBATCH_ACK_CLOSE_PENDING CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 4, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_OPLOCK_BREAK_NOTIFY CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 5, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_LOCK_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 6, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_UNLOCK_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 7, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_DISMOUNT_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 8, METHOD_BUFFERED, FILE_ANY_ACCESS)
+
+#define FSCTL_IS_VOLUME_MOUNTED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 10, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_IS_PATHNAME_VALID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 11, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_MARK_VOLUME_DIRTY CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 12, METHOD_BUFFERED, FILE_ANY_ACCESS)
+
+#define FSCTL_QUERY_RETRIEVAL_POINTERS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 14, METHOD_NEITHER, FILE_ANY_ACCESS)
+#define FSCTL_GET_COMPRESSION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 15, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_SET_COMPRESSION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 16, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA)
+
+
+#define FSCTL_MARK_AS_SYSTEM_HIVE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 19, METHOD_NEITHER, FILE_ANY_ACCESS)
+#define FSCTL_OPLOCK_BREAK_ACK_NO_2 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 20, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_INVALIDATE_VOLUMES CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 21, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_QUERY_FAT_BPB CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 22, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_REQUEST_FILTER_OPLOCK CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 23, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_FILESYSTEM_GET_STATISTICS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 24, METHOD_BUFFERED, FILE_ANY_ACCESS)
+
+#if (VER_PRODUCTBUILD >= 1381)
+
+#define FSCTL_GET_NTFS_VOLUME_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 25, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_GET_NTFS_FILE_RECORD CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 26, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_GET_VOLUME_BITMAP CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 27, METHOD_NEITHER, FILE_ANY_ACCESS)
+#define FSCTL_GET_RETRIEVAL_POINTERS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 28, METHOD_NEITHER, FILE_ANY_ACCESS)
+#define FSCTL_MOVE_FILE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 29, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_IS_VOLUME_DIRTY CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 30, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_GET_HFS_INFORMATION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 31, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_ALLOW_EXTENDED_DASD_IO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 32, METHOD_NEITHER, FILE_ANY_ACCESS)
+
+#endif /* (VER_PRODUCTBUILD >= 1381) */
+
+#if (VER_PRODUCTBUILD >= 2195)
+
+#define FSCTL_READ_PROPERTY_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 33, METHOD_NEITHER, FILE_ANY_ACCESS)
+#define FSCTL_WRITE_PROPERTY_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 34, METHOD_NEITHER, FILE_ANY_ACCESS)
+#define FSCTL_FIND_FILES_BY_SID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 35, METHOD_NEITHER, FILE_ANY_ACCESS)
+
+#define FSCTL_DUMP_PROPERTY_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 37, METHOD_NEITHER, FILE_ANY_ACCESS)
+#define FSCTL_SET_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 38, METHOD_BUFFERED, FILE_WRITE_DATA)
+#define FSCTL_GET_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 39, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_DELETE_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 40, METHOD_BUFFERED, FILE_WRITE_DATA)
+#define FSCTL_SET_REPARSE_POINT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 41, METHOD_BUFFERED, FILE_WRITE_DATA)
+#define FSCTL_GET_REPARSE_POINT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 42, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_DELETE_REPARSE_POINT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 43, METHOD_BUFFERED, FILE_WRITE_DATA)
+#define FSCTL_ENUM_USN_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 44, METHOD_NEITHER, FILE_READ_DATA)
+#define FSCTL_SECURITY_ID_CHECK CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 45, METHOD_NEITHER, FILE_READ_DATA)
+#define FSCTL_READ_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 46, METHOD_NEITHER, FILE_READ_DATA)
+#define FSCTL_SET_OBJECT_ID_EXTENDED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 47, METHOD_BUFFERED, FILE_WRITE_DATA)
+#define FSCTL_CREATE_OR_GET_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 48, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_SET_SPARSE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 49, METHOD_BUFFERED, FILE_WRITE_DATA)
+#define FSCTL_SET_ZERO_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 50, METHOD_BUFFERED, FILE_WRITE_DATA)
+#define FSCTL_QUERY_ALLOCATED_RANGES CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 51, METHOD_NEITHER, FILE_READ_DATA)
+#define FSCTL_ENABLE_UPGRADE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 52, METHOD_BUFFERED, FILE_WRITE_DATA)
+#define FSCTL_SET_ENCRYPTION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 53, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_ENCRYPTION_FSCTL_IO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 54, METHOD_NEITHER, FILE_ANY_ACCESS)
+#define FSCTL_WRITE_RAW_ENCRYPTED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 55, METHOD_NEITHER, FILE_ANY_ACCESS)
+#define FSCTL_READ_RAW_ENCRYPTED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 56, METHOD_NEITHER, FILE_ANY_ACCESS)
+#define FSCTL_CREATE_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 57, METHOD_NEITHER, FILE_READ_DATA)
+#define FSCTL_READ_FILE_USN_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 58, METHOD_NEITHER, FILE_READ_DATA)
+#define FSCTL_WRITE_USN_CLOSE_RECORD CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 59, METHOD_NEITHER, FILE_READ_DATA)
+#define FSCTL_EXTEND_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 60, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_QUERY_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 61, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_DELETE_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 62, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_MARK_HANDLE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 63, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_SIS_COPYFILE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 64, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_SIS_LINK_FILES CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 65, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA)
+#define FSCTL_HSM_MSG CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 66, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA)
+#define FSCTL_NSS_CONTROL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 67, METHOD_BUFFERED, FILE_WRITE_DATA)
+#define FSCTL_HSM_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 68, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA)
+#define FSCTL_RECALL_FILE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 69, METHOD_NEITHER, FILE_ANY_ACCESS)
+#define FSCTL_NSS_RCONTROL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 70, METHOD_BUFFERED, FILE_READ_DATA)
+#define FSCTL_READ_FROM_PLEX CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 71, METHOD_OUT_DIRECT, FILE_READ_DATA)
+#define FSCTL_FILE_PREFETCH CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 72, METHOD_BUFFERED, FILE_SPECIAL_ACCESS)
+
+#endif /* (VER_PRODUCTBUILD >= 2195) */
+
+#define FSCTL_MAILSLOT_PEEK CTL_CODE(FILE_DEVICE_MAILSLOT, 0, METHOD_NEITHER, FILE_READ_DATA)
+
+#define FSCTL_NETWORK_SET_CONFIGURATION_INFO CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 102, METHOD_IN_DIRECT, FILE_ANY_ACCESS)
+#define FSCTL_NETWORK_GET_CONFIGURATION_INFO CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 103, METHOD_OUT_DIRECT, FILE_ANY_ACCESS)
+#define FSCTL_NETWORK_GET_CONNECTION_INFO CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 104, METHOD_NEITHER, FILE_ANY_ACCESS)
+#define FSCTL_NETWORK_ENUMERATE_CONNECTIONS CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 105, METHOD_NEITHER, FILE_ANY_ACCESS)
+#define FSCTL_NETWORK_DELETE_CONNECTION CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 107, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_NETWORK_GET_STATISTICS CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 116, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_NETWORK_SET_DOMAIN_NAME CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 120, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_NETWORK_REMOTE_BOOT_INIT_SCRT CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 250, METHOD_BUFFERED, FILE_ANY_ACCESS)
+
+#define FSCTL_PIPE_ASSIGN_EVENT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 0, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_PIPE_DISCONNECT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 1, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_PIPE_LISTEN CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_PIPE_PEEK CTL_CODE(FILE_DEVICE_NAMED_PIPE, 3, METHOD_BUFFERED, FILE_READ_DATA)
+#define FSCTL_PIPE_QUERY_EVENT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 4, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_PIPE_TRANSCEIVE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 5, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA)
+#define FSCTL_PIPE_WAIT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 6, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_PIPE_IMPERSONATE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 7, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_PIPE_SET_CLIENT_PROCESS CTL_CODE(FILE_DEVICE_NAMED_PIPE, 8, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_PIPE_QUERY_CLIENT_PROCESS CTL_CODE(FILE_DEVICE_NAMED_PIPE, 9, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_PIPE_INTERNAL_READ CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2045, METHOD_BUFFERED, FILE_READ_DATA)
+#define FSCTL_PIPE_INTERNAL_WRITE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2046, METHOD_BUFFERED, FILE_WRITE_DATA)
+#define FSCTL_PIPE_INTERNAL_TRANSCEIVE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2047, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA)
+#define FSCTL_PIPE_INTERNAL_READ_OVFLOW CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2048, METHOD_BUFFERED, FILE_READ_DATA)
+
+#define IOCTL_REDIR_QUERY_PATH CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 99, METHOD_NEITHER, FILE_ANY_ACCESS)
+
+typedef PVOID OPLOCK, *POPLOCK;
+
+typedef struct _CACHE_MANAGER_CALLBACKS *PCACHE_MANAGER_CALLBACKS;
+typedef struct _FILE_GET_QUOTA_INFORMATION *PFILE_GET_QUOTA_INFORMATION;
+typedef struct _HANDLE_TABLE *PHANDLE_TABLE;
+typedef struct _KPROCESS *PKPROCESS;
+typedef struct _KQUEUE *PKQUEUE;
+typedef struct _KTRAP_FRAME *PKTRAP_FRAME;
+typedef struct _OBJECT_DIRECTORY *POBJECT_DIRECTORY;
+typedef struct _SHARED_CACHE_MAP *PSHARED_CACHE_MAP;
+typedef struct _VACB *PVACB;
+typedef struct _VAD_HEADER *PVAD_HEADER;
+
+typedef ULONG LBN;
+typedef LBN *PLBN;
+
+typedef ULONG VBN;
+typedef VBN *PVBN;
+
+typedef struct _NOTIFY_SYNC
+{
+ ULONG Unknown0;
+ ULONG Unknown1;
+ ULONG Unknown2;
+ USHORT Unknown3;
+ USHORT Unknown4;
+ ULONG Unknown5;
+ ULONG Unknown6;
+ ULONG Unknown7;
+ ULONG Unknown8;
+ ULONG Unknown9;
+ ULONG Unknown10;
+} NOTIFY_SYNC, * PNOTIFY_SYNC;
+
+typedef enum _FAST_IO_POSSIBLE {
+ FastIoIsNotPossible,
+ FastIoIsPossible,
+ FastIoIsQuestionable
+} FAST_IO_POSSIBLE;
+
+typedef enum _FILE_STORAGE_TYPE {
+ StorageTypeDefault = 1,
+ StorageTypeDirectory,
+ StorageTypeFile,
+ StorageTypeJunctionPoint,
+ StorageTypeCatalog,
+ StorageTypeStructuredStorage,
+ StorageTypeEmbedding,
+ StorageTypeStream
+} FILE_STORAGE_TYPE;
+
+typedef enum _OBJECT_INFO_CLASS {
+ ObjectBasicInfo,
+ ObjectNameInfo,
+ ObjectTypeInfo,
+ ObjectAllTypesInfo,
+ ObjectProtectionInfo
+} OBJECT_INFO_CLASS;
+
+typedef struct _KAPC_STATE {
+ LIST_ENTRY ApcListHead[2];
+ PKPROCESS Process;
+ BOOLEAN KernelApcInProgress;
+ BOOLEAN KernelApcPending;
+ BOOLEAN UserApcPending;
+} KAPC_STATE, *PKAPC_STATE, *RESTRICTED_POINTER PRKAPC_STATE;
+
+typedef struct _BITMAP_RANGE {
+ LIST_ENTRY Links;
+ LARGE_INTEGER BasePage;
+ ULONG FirstDirtyPage;
+ ULONG LastDirtyPage;
+ ULONG DirtyPages;
+ PULONG Bitmap;
+} BITMAP_RANGE, *PBITMAP_RANGE;
+
+typedef struct _CACHE_UNINITIALIZE_EVENT {
+ struct _CACHE_UNINITIALIZE_EVENT *Next;
+ KEVENT Event;
+} CACHE_UNINITIALIZE_EVENT, *PCACHE_UNINITIALIZE_EVENT;
+
+typedef struct _CC_FILE_SIZES {
+ LARGE_INTEGER AllocationSize;
+ LARGE_INTEGER FileSize;
+ LARGE_INTEGER ValidDataLength;
+} CC_FILE_SIZES, *PCC_FILE_SIZES;
+
+typedef struct _COMPRESSED_DATA_INFO {
+ USHORT CompressionFormatAndEngine;
+ UCHAR CompressionUnitShift;
+ UCHAR ChunkShift;
+ UCHAR ClusterShift;
+ UCHAR Reserved;
+ USHORT NumberOfChunks;
+ ULONG CompressedChunkSizes[ANYSIZE_ARRAY];
+} COMPRESSED_DATA_INFO, *PCOMPRESSED_DATA_INFO;
+
+typedef struct _SID_IDENTIFIER_AUTHORITY {
+ BYTE Value[6];
+} SID_IDENTIFIER_AUTHORITY,*PSID_IDENTIFIER_AUTHORITY,*LPSID_IDENTIFIER_AUTHORITY;
+typedef PVOID PSID;
+typedef struct _SID {
+ BYTE Revision;
+ BYTE SubAuthorityCount;
+ SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
+ DWORD SubAuthority[ANYSIZE_ARRAY];
+} SID, *PISID;
+typedef struct _SID_AND_ATTRIBUTES {
+ PSID Sid;
+ DWORD Attributes;
+} SID_AND_ATTRIBUTES, *PSID_AND_ATTRIBUTES;
+typedef SID_AND_ATTRIBUTES SID_AND_ATTRIBUTES_ARRAY[ANYSIZE_ARRAY];
+typedef SID_AND_ATTRIBUTES_ARRAY *PSID_AND_ATTRIBUTES_ARRAY;
+typedef struct _TOKEN_SOURCE {
+ CHAR SourceName[TOKEN_SOURCE_LENGTH];
+ LUID SourceIdentifier;
+} TOKEN_SOURCE,*PTOKEN_SOURCE;
+typedef struct _TOKEN_CONTROL {
+ LUID TokenId;
+ LUID AuthenticationId;
+ LUID ModifiedId;
+ TOKEN_SOURCE TokenSource;
+} TOKEN_CONTROL,*PTOKEN_CONTROL;
+typedef struct _TOKEN_DEFAULT_DACL {
+ PACL DefaultDacl;
+} TOKEN_DEFAULT_DACL,*PTOKEN_DEFAULT_DACL;
+typedef struct _TOKEN_GROUPS {
+ DWORD GroupCount;
+ SID_AND_ATTRIBUTES Groups[ANYSIZE_ARRAY];
+} TOKEN_GROUPS,*PTOKEN_GROUPS,*LPTOKEN_GROUPS;
+typedef struct _TOKEN_GROUPS_AND_PRIVILEGES {
+ ULONG SidCount;
+ ULONG SidLength;
+ PSID_AND_ATTRIBUTES Sids;
+ ULONG RestrictedSidCount;
+ ULONG RestrictedSidLength;
+ PSID_AND_ATTRIBUTES RestrictedSids;
+ ULONG PrivilegeCount;
+ ULONG PrivilegeLength;
+ PLUID_AND_ATTRIBUTES Privileges;
+ LUID AuthenticationId;
+} TOKEN_GROUPS_AND_PRIVILEGES, *PTOKEN_GROUPS_AND_PRIVILEGES;
+typedef struct _TOKEN_ORIGIN {
+ LUID OriginatingLogonSession;
+} TOKEN_ORIGIN, *PTOKEN_ORIGIN;
+typedef struct _TOKEN_OWNER {
+ PSID Owner;
+} TOKEN_OWNER,*PTOKEN_OWNER;
+typedef struct _TOKEN_PRIMARY_GROUP {
+ PSID PrimaryGroup;
+} TOKEN_PRIMARY_GROUP,*PTOKEN_PRIMARY_GROUP;
+typedef struct _TOKEN_PRIVILEGES {
+ DWORD PrivilegeCount;
+ LUID_AND_ATTRIBUTES Privileges[ANYSIZE_ARRAY];
+} TOKEN_PRIVILEGES,*PTOKEN_PRIVILEGES,*LPTOKEN_PRIVILEGES;
+typedef enum tagTOKEN_TYPE {
+ TokenPrimary = 1,
+ TokenImpersonation
+} TOKEN_TYPE,*PTOKEN_TYPE;
+typedef struct _TOKEN_STATISTICS {
+ LUID TokenId;
+ LUID AuthenticationId;
+ LARGE_INTEGER ExpirationTime;
+ TOKEN_TYPE TokenType;
+ SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
+ DWORD DynamicCharged;
+ DWORD DynamicAvailable;
+ DWORD GroupCount;
+ DWORD PrivilegeCount;
+ LUID ModifiedId;
+} TOKEN_STATISTICS, *PTOKEN_STATISTICS;
+typedef struct _TOKEN_USER {
+ SID_AND_ATTRIBUTES User;
+} TOKEN_USER, *PTOKEN_USER;
+typedef DWORD SECURITY_INFORMATION,*PSECURITY_INFORMATION;
+typedef WORD SECURITY_DESCRIPTOR_CONTROL,*PSECURITY_DESCRIPTOR_CONTROL;
+typedef struct _SECURITY_DESCRIPTOR {
+ BYTE Revision;
+ BYTE Sbz1;
+ SECURITY_DESCRIPTOR_CONTROL Control;
+ PSID Owner;
+ PSID Group;
+ PACL Sacl;
+ PACL Dacl;
+} SECURITY_DESCRIPTOR, *PISECURITY_DESCRIPTOR;
+typedef struct _SECURITY_DESCRIPTOR_RELATIVE {
+ BYTE Revision;
+ BYTE Sbz1;
+ SECURITY_DESCRIPTOR_CONTROL Control;
+ DWORD Owner;
+ DWORD Group;
+ DWORD Sacl;
+ DWORD Dacl;
+} SECURITY_DESCRIPTOR_RELATIVE, *PISECURITY_DESCRIPTOR_RELATIVE;
+typedef enum _TOKEN_INFORMATION_CLASS {
+ TokenUser=1,TokenGroups,TokenPrivileges,TokenOwner,
+ TokenPrimaryGroup,TokenDefaultDacl,TokenSource,TokenType,
+ TokenImpersonationLevel,TokenStatistics,TokenRestrictedSids,
+ TokenSessionId,TokenGroupsAndPrivileges,TokenSessionReference,
+ TokenSandBoxInert,TokenAuditPolicy,TokenOrigin,
+} TOKEN_INFORMATION_CLASS;
+
+#define SYMLINK_FLAG_RELATIVE 1
+
+typedef struct _REPARSE_DATA_BUFFER {
+ ULONG ReparseTag;
+ USHORT ReparseDataLength;
+ USHORT Reserved;
+ union {
+ struct {
+ USHORT SubstituteNameOffset;
+ USHORT SubstituteNameLength;
+ USHORT PrintNameOffset;
+ USHORT PrintNameLength;
+ ULONG Flags;
+ WCHAR PathBuffer[1];
+ } SymbolicLinkReparseBuffer;
+ struct {
+ USHORT SubstituteNameOffset;
+ USHORT SubstituteNameLength;
+ USHORT PrintNameOffset;
+ USHORT PrintNameLength;
+ WCHAR PathBuffer[1];
+ } MountPointReparseBuffer;
+ struct {
+ UCHAR DataBuffer[1];
+ } GenericReparseBuffer;
+ };
+} REPARSE_DATA_BUFFER, *PREPARSE_DATA_BUFFER;
+
+#define REPARSE_DATA_BUFFER_HEADER_SIZE FIELD_OFFSET(REPARSE_DATA_BUFFER, GenericReparseBuffer)
+
+typedef struct _FILE_ACCESS_INFORMATION {
+ ACCESS_MASK AccessFlags;
+} FILE_ACCESS_INFORMATION, *PFILE_ACCESS_INFORMATION;
+
+typedef struct _FILE_ALLOCATION_INFORMATION {
+ LARGE_INTEGER AllocationSize;
+} FILE_ALLOCATION_INFORMATION, *PFILE_ALLOCATION_INFORMATION;
+
+typedef struct _FILE_BOTH_DIR_INFORMATION {
+ ULONG NextEntryOffset;
+ ULONG FileIndex;
+ LARGE_INTEGER CreationTime;
+ LARGE_INTEGER LastAccessTime;
+ LARGE_INTEGER LastWriteTime;
+ LARGE_INTEGER ChangeTime;
+ LARGE_INTEGER EndOfFile;
+ LARGE_INTEGER AllocationSize;
+ ULONG FileAttributes;
+ ULONG FileNameLength;
+ ULONG EaSize;
+ CCHAR ShortNameLength;
+ WCHAR ShortName[12];
+ WCHAR FileName[1];
+} FILE_BOTH_DIR_INFORMATION, *PFILE_BOTH_DIR_INFORMATION;
+
+typedef struct _FILE_COMPLETION_INFORMATION {
+ HANDLE Port;
+ PVOID Key;
+} FILE_COMPLETION_INFORMATION, *PFILE_COMPLETION_INFORMATION;
+
+typedef struct _FILE_COMPRESSION_INFORMATION {
+ LARGE_INTEGER CompressedFileSize;
+ USHORT CompressionFormat;
+ UCHAR CompressionUnitShift;
+ UCHAR ChunkShift;
+ UCHAR ClusterShift;
+ UCHAR Reserved[3];
+} FILE_COMPRESSION_INFORMATION, *PFILE_COMPRESSION_INFORMATION;
+
+typedef struct _FILE_COPY_ON_WRITE_INFORMATION {
+ BOOLEAN ReplaceIfExists;
+ HANDLE RootDirectory;
+ ULONG FileNameLength;
+ WCHAR FileName[1];
+} FILE_COPY_ON_WRITE_INFORMATION, *PFILE_COPY_ON_WRITE_INFORMATION;
+
+typedef struct _FILE_DIRECTORY_INFORMATION {
+ ULONG NextEntryOffset;
+ ULONG FileIndex;
+ LARGE_INTEGER CreationTime;
+ LARGE_INTEGER LastAccessTime;
+ LARGE_INTEGER LastWriteTime;
+ LARGE_INTEGER ChangeTime;
+ LARGE_INTEGER EndOfFile;
+ LARGE_INTEGER AllocationSize;
+ ULONG FileAttributes;
+ ULONG FileNameLength;
+ WCHAR FileName[1];
+} FILE_DIRECTORY_INFORMATION, *PFILE_DIRECTORY_INFORMATION;
+
+typedef struct _FILE_FULL_DIRECTORY_INFORMATION {
+ ULONG NextEntryOffset;
+ ULONG FileIndex;
+ LARGE_INTEGER CreationTime;
+ LARGE_INTEGER LastAccessTime;
+ LARGE_INTEGER LastWriteTime;
+ LARGE_INTEGER ChangeTime;
+ LARGE_INTEGER EndOfFile;
+ LARGE_INTEGER AllocationSize;
+ ULONG FileAttributes;
+ ULONG FileNameLength;
+ ULONG EaSize;
+ WCHAR FileName[0];
+} FILE_FULL_DIRECTORY_INFORMATION, *PFILE_FULL_DIRECTORY_INFORMATION;
+
+typedef struct _FILE_BOTH_DIRECTORY_INFORMATION {
+ ULONG NextEntryOffset;
+ ULONG FileIndex;
+ LARGE_INTEGER CreationTime;
+ LARGE_INTEGER LastAccessTime;
+ LARGE_INTEGER LastWriteTime;
+ LARGE_INTEGER ChangeTime;
+ LARGE_INTEGER EndOfFile;
+ LARGE_INTEGER AllocationSize;
+ ULONG FileAttributes;
+ ULONG FileNameLength;
+ ULONG EaSize;
+ CHAR ShortNameLength;
+ WCHAR ShortName[12];
+ WCHAR FileName[0];
+} FILE_BOTH_DIRECTORY_INFORMATION, *PFILE_BOTH_DIRECTORY_INFORMATION;
+
+typedef struct _FILE_EA_INFORMATION {
+ ULONG EaSize;
+} FILE_EA_INFORMATION, *PFILE_EA_INFORMATION;
+
+typedef struct _FILE_FS_ATTRIBUTE_INFORMATION {
+ ULONG FileSystemAttributes;
+ ULONG MaximumComponentNameLength;
+ ULONG FileSystemNameLength;
+ WCHAR FileSystemName[1];
+} FILE_FS_ATTRIBUTE_INFORMATION, *PFILE_FS_ATTRIBUTE_INFORMATION;
+
+typedef struct _FILE_FS_CONTROL_INFORMATION {
+ LARGE_INTEGER FreeSpaceStartFiltering;
+ LARGE_INTEGER FreeSpaceThreshold;
+ LARGE_INTEGER FreeSpaceStopFiltering;
+ LARGE_INTEGER DefaultQuotaThreshold;
+ LARGE_INTEGER DefaultQuotaLimit;
+ ULONG FileSystemControlFlags;
+} FILE_FS_CONTROL_INFORMATION, *PFILE_FS_CONTROL_INFORMATION;
+
+typedef struct _FILE_FS_FULL_SIZE_INFORMATION {
+ LARGE_INTEGER TotalAllocationUnits;
+ LARGE_INTEGER CallerAvailableAllocationUnits;
+ LARGE_INTEGER ActualAvailableAllocationUnits;
+ ULONG SectorsPerAllocationUnit;
+ ULONG BytesPerSector;
+} FILE_FS_FULL_SIZE_INFORMATION, *PFILE_FS_FULL_SIZE_INFORMATION;
+
+typedef struct _FILE_FS_LABEL_INFORMATION {
+ ULONG VolumeLabelLength;
+ WCHAR VolumeLabel[1];
+} FILE_FS_LABEL_INFORMATION, *PFILE_FS_LABEL_INFORMATION;
+
+#if (VER_PRODUCTBUILD >= 2195)
+
+typedef struct _FILE_FS_OBJECT_ID_INFORMATION {
+ UCHAR ObjectId[16];
+ UCHAR ExtendedInfo[48];
+} FILE_FS_OBJECT_ID_INFORMATION, *PFILE_FS_OBJECT_ID_INFORMATION;
+
+#endif /* (VER_PRODUCTBUILD >= 2195) */
+
+typedef struct _FILE_FS_SIZE_INFORMATION {
+ LARGE_INTEGER TotalAllocationUnits;
+ LARGE_INTEGER AvailableAllocationUnits;
+ ULONG SectorsPerAllocationUnit;
+ ULONG BytesPerSector;
+} FILE_FS_SIZE_INFORMATION, *PFILE_FS_SIZE_INFORMATION;
+
+typedef struct _FILE_FS_VOLUME_INFORMATION {
+ LARGE_INTEGER VolumeCreationTime;
+ ULONG VolumeSerialNumber;
+ ULONG VolumeLabelLength;
+ BOOLEAN SupportsObjects;
+ WCHAR VolumeLabel[1];
+} FILE_FS_VOLUME_INFORMATION, *PFILE_FS_VOLUME_INFORMATION;
+
+typedef struct _FILE_FS_OBJECTID_INFORMATION
+{
+ UCHAR ObjectId[16];
+ UCHAR ExtendedInfo[48];
+} FILE_FS_OBJECTID_INFORMATION, *PFILE_FS_OBJECTID_INFORMATION;
+
+typedef struct _FILE_FS_DRIVER_PATH_INFORMATION
+{
+ BOOLEAN DriverInPath;
+ ULONG DriverNameLength;
+ WCHAR DriverName[1];
+} FILE_FS_DRIVER_PATH_INFORMATION, *PFILE_FS_DRIVER_PATH_INFORMATION;
+
+typedef struct _FILE_FULL_DIR_INFORMATION {
+ ULONG NextEntryOffset;
+ ULONG FileIndex;
+ LARGE_INTEGER CreationTime;
+ LARGE_INTEGER LastAccessTime;
+ LARGE_INTEGER LastWriteTime;
+ LARGE_INTEGER ChangeTime;
+ LARGE_INTEGER EndOfFile;
+ LARGE_INTEGER AllocationSize;
+ ULONG FileAttributes;
+ ULONG FileNameLength;
+ ULONG EaSize;
+ WCHAR FileName[1];
+} FILE_FULL_DIR_INFORMATION, *PFILE_FULL_DIR_INFORMATION;
+
+typedef struct _FILE_GET_EA_INFORMATION {
+ ULONG NextEntryOffset;
+ UCHAR EaNameLength;
+ CHAR EaName[1];
+} FILE_GET_EA_INFORMATION, *PFILE_GET_EA_INFORMATION;
+
+typedef struct _FILE_GET_QUOTA_INFORMATION {
+ ULONG NextEntryOffset;
+ ULONG SidLength;
+ SID Sid;
+} FILE_GET_QUOTA_INFORMATION, *PFILE_GET_QUOTA_INFORMATION;
+
+typedef struct _FILE_QUOTA_INFORMATION
+{
+ ULONG NextEntryOffset;
+ ULONG SidLength;
+ LARGE_INTEGER ChangeTime;
+ LARGE_INTEGER QuotaUsed;
+ LARGE_INTEGER QuotaThreshold;
+ LARGE_INTEGER QuotaLimit;
+ SID Sid;
+} FILE_QUOTA_INFORMATION, *PFILE_QUOTA_INFORMATION;
+
+typedef struct _FILE_INTERNAL_INFORMATION {
+ LARGE_INTEGER IndexNumber;
+} FILE_INTERNAL_INFORMATION, *PFILE_INTERNAL_INFORMATION;
+
+typedef struct _FILE_LINK_INFORMATION {
+ BOOLEAN ReplaceIfExists;
+ HANDLE RootDirectory;
+ ULONG FileNameLength;
+ WCHAR FileName[1];
+} FILE_LINK_INFORMATION, *PFILE_LINK_INFORMATION;
+
+typedef struct _FILE_LOCK_INFO
+{
+ LARGE_INTEGER StartingByte;
+ LARGE_INTEGER Length;
+ BOOLEAN ExclusiveLock;
+ ULONG Key;
+ PFILE_OBJECT FileObject;
+ PVOID ProcessId;
+ LARGE_INTEGER EndingByte;
+} FILE_LOCK_INFO, *PFILE_LOCK_INFO;
+
+typedef struct _FILE_REPARSE_POINT_INFORMATION
+{
+ LONGLONG FileReference;
+ ULONG Tag;
+} FILE_REPARSE_POINT_INFORMATION, *PFILE_REPARSE_POINT_INFORMATION;
+
+typedef struct _FILE_MOVE_CLUSTER_INFORMATION
+{
+ ULONG ClusterCount;
+ HANDLE RootDirectory;
+ ULONG FileNameLength;
+ WCHAR FileName[1];
+} FILE_MOVE_CLUSTER_INFORMATION, *PFILE_MOVE_CLUSTER_INFORMATION;
+
+/* raw internal file lock struct returned from FsRtlGetNextFileLock */
+typedef struct _FILE_SHARED_LOCK_ENTRY {
+ PVOID Unknown1;
+ PVOID Unknown2;
+ FILE_LOCK_INFO FileLock;
+} FILE_SHARED_LOCK_ENTRY, *PFILE_SHARED_LOCK_ENTRY;
+
+/* raw internal file lock struct returned from FsRtlGetNextFileLock */
+typedef struct _FILE_EXCLUSIVE_LOCK_ENTRY {
+ LIST_ENTRY ListEntry;
+ PVOID Unknown1;
+ PVOID Unknown2;
+ FILE_LOCK_INFO FileLock;
+} FILE_EXCLUSIVE_LOCK_ENTRY, *PFILE_EXCLUSIVE_LOCK_ENTRY;
+
+typedef NTSTATUS (*PCOMPLETE_LOCK_IRP_ROUTINE) (
+ IN PVOID Context,
+ IN PIRP Irp
+);
+
+typedef VOID (NTAPI *PUNLOCK_ROUTINE) (
+ IN PVOID Context,
+ IN PFILE_LOCK_INFO FileLockInfo
+);
+
+typedef struct _FILE_LOCK {
+ PCOMPLETE_LOCK_IRP_ROUTINE CompleteLockIrpRoutine;
+ PUNLOCK_ROUTINE UnlockRoutine;
+ BOOLEAN FastIoIsQuestionable;
+ BOOLEAN Pad[3];
+ PVOID LockInformation;
+ FILE_LOCK_INFO LastReturnedLockInfo;
+ PVOID LastReturnedLock;
+} FILE_LOCK, *PFILE_LOCK;
+
+typedef struct _FILE_MAILSLOT_PEEK_BUFFER {
+ ULONG ReadDataAvailable;
+ ULONG NumberOfMessages;
+ ULONG MessageLength;
+} FILE_MAILSLOT_PEEK_BUFFER, *PFILE_MAILSLOT_PEEK_BUFFER;
+
+typedef struct _FILE_MAILSLOT_QUERY_INFORMATION {
+ ULONG MaximumMessageSize;
+ ULONG MailslotQuota;
+ ULONG NextMessageSize;
+ ULONG MessagesAvailable;
+ LARGE_INTEGER ReadTimeout;
+} FILE_MAILSLOT_QUERY_INFORMATION, *PFILE_MAILSLOT_QUERY_INFORMATION;
+
+typedef struct _FILE_MAILSLOT_SET_INFORMATION {
+ PLARGE_INTEGER ReadTimeout;
+} FILE_MAILSLOT_SET_INFORMATION, *PFILE_MAILSLOT_SET_INFORMATION;
+
+typedef struct _FILE_MODE_INFORMATION {
+ ULONG Mode;
+} FILE_MODE_INFORMATION, *PFILE_MODE_INFORMATION;
+
+typedef struct _FILE_ALL_INFORMATION {
+ FILE_BASIC_INFORMATION BasicInformation;
+ FILE_STANDARD_INFORMATION StandardInformation;
+ FILE_INTERNAL_INFORMATION InternalInformation;
+ FILE_EA_INFORMATION EaInformation;
+ FILE_ACCESS_INFORMATION AccessInformation;
+ FILE_POSITION_INFORMATION PositionInformation;
+ FILE_MODE_INFORMATION ModeInformation;
+ FILE_ALIGNMENT_INFORMATION AlignmentInformation;
+ FILE_NAME_INFORMATION NameInformation;
+} FILE_ALL_INFORMATION, *PFILE_ALL_INFORMATION;
+
+typedef struct _FILE_NAMES_INFORMATION {
+ ULONG NextEntryOffset;
+ ULONG FileIndex;
+ ULONG FileNameLength;
+ WCHAR FileName[1];
+} FILE_NAMES_INFORMATION, *PFILE_NAMES_INFORMATION;
+
+typedef struct _FILE_OBJECTID_INFORMATION {
+ LONGLONG FileReference;
+ UCHAR ObjectId[16];
+ _ANONYMOUS_UNION union {
+ struct {
+ UCHAR BirthVolumeId[16];
+ UCHAR BirthObjectId[16];
+ UCHAR DomainId[16];
+ } ;
+ UCHAR ExtendedInfo[48];
+ } DUMMYUNIONNAME;
+} FILE_OBJECTID_INFORMATION, *PFILE_OBJECTID_INFORMATION;
+
+typedef struct _FILE_OLE_CLASSID_INFORMATION {
+ GUID ClassId;
+} FILE_OLE_CLASSID_INFORMATION, *PFILE_OLE_CLASSID_INFORMATION;
+
+typedef struct _FILE_OLE_ALL_INFORMATION {
+ FILE_BASIC_INFORMATION BasicInformation;
+ FILE_STANDARD_INFORMATION StandardInformation;
+ FILE_INTERNAL_INFORMATION InternalInformation;
+ FILE_EA_INFORMATION EaInformation;
+ FILE_ACCESS_INFORMATION AccessInformation;
+ FILE_POSITION_INFORMATION PositionInformation;
+ FILE_MODE_INFORMATION ModeInformation;
+ FILE_ALIGNMENT_INFORMATION AlignmentInformation;
+ USN LastChangeUsn;
+ USN ReplicationUsn;
+ LARGE_INTEGER SecurityChangeTime;
+ FILE_OLE_CLASSID_INFORMATION OleClassIdInformation;
+ FILE_OBJECTID_INFORMATION ObjectIdInformation;
+ FILE_STORAGE_TYPE StorageType;
+ ULONG OleStateBits;
+ ULONG OleId;
+ ULONG NumberOfStreamReferences;
+ ULONG StreamIndex;
+ ULONG SecurityId;
+ BOOLEAN ContentIndexDisable;
+ BOOLEAN InheritContentIndexDisable;
+ FILE_NAME_INFORMATION NameInformation;
+} FILE_OLE_ALL_INFORMATION, *PFILE_OLE_ALL_INFORMATION;
+
+typedef struct _FILE_OLE_DIR_INFORMATION {
+ ULONG NextEntryOffset;
+ ULONG FileIndex;
+ LARGE_INTEGER CreationTime;
+ LARGE_INTEGER LastAccessTime;
+ LARGE_INTEGER LastWriteTime;
+ LARGE_INTEGER ChangeTime;
+ LARGE_INTEGER EndOfFile;
+ LARGE_INTEGER AllocationSize;
+ ULONG FileAttributes;
+ ULONG FileNameLength;
+ FILE_STORAGE_TYPE StorageType;
+ GUID OleClassId;
+ ULONG OleStateBits;
+ BOOLEAN ContentIndexDisable;
+ BOOLEAN InheritContentIndexDisable;
+ WCHAR FileName[1];
+} FILE_OLE_DIR_INFORMATION, *PFILE_OLE_DIR_INFORMATION;
+
+typedef struct _FILE_OLE_INFORMATION {
+ LARGE_INTEGER SecurityChangeTime;
+ FILE_OLE_CLASSID_INFORMATION OleClassIdInformation;
+ FILE_OBJECTID_INFORMATION ObjectIdInformation;
+ FILE_STORAGE_TYPE StorageType;
+ ULONG OleStateBits;
+ BOOLEAN ContentIndexDisable;
+ BOOLEAN InheritContentIndexDisable;
+} FILE_OLE_INFORMATION, *PFILE_OLE_INFORMATION;
+
+typedef struct _FILE_OLE_STATE_BITS_INFORMATION {
+ ULONG StateBits;
+ ULONG StateBitsMask;
+} FILE_OLE_STATE_BITS_INFORMATION, *PFILE_OLE_STATE_BITS_INFORMATION;
+
+typedef struct _FILE_PIPE_ASSIGN_EVENT_BUFFER {
+ HANDLE EventHandle;
+ ULONG KeyValue;
+} FILE_PIPE_ASSIGN_EVENT_BUFFER, *PFILE_PIPE_ASSIGN_EVENT_BUFFER;
+
+typedef struct _FILE_PIPE_CLIENT_PROCESS_BUFFER {
+ PVOID ClientSession;
+ PVOID ClientProcess;
+} FILE_PIPE_CLIENT_PROCESS_BUFFER, *PFILE_PIPE_CLIENT_PROCESS_BUFFER;
+
+typedef struct _FILE_PIPE_EVENT_BUFFER {
+ ULONG NamedPipeState;
+ ULONG EntryType;
+ ULONG ByteCount;
+ ULONG KeyValue;
+ ULONG NumberRequests;
+} FILE_PIPE_EVENT_BUFFER, *PFILE_PIPE_EVENT_BUFFER;
+
+typedef struct _FILE_PIPE_PEEK_BUFFER
+{
+ ULONG NamedPipeState;
+ ULONG ReadDataAvailable;
+ ULONG NumberOfMessages;
+ ULONG MessageLength;
+ CHAR Data[1];
+} FILE_PIPE_PEEK_BUFFER, *PFILE_PIPE_PEEK_BUFFER;
+
+typedef struct _FILE_PIPE_INFORMATION {
+ ULONG ReadMode;
+ ULONG CompletionMode;
+} FILE_PIPE_INFORMATION, *PFILE_PIPE_INFORMATION;
+
+typedef struct _FILE_PIPE_LOCAL_INFORMATION {
+ ULONG NamedPipeType;
+ ULONG NamedPipeConfiguration;
+ ULONG MaximumInstances;
+ ULONG CurrentInstances;
+ ULONG InboundQuota;
+ ULONG ReadDataAvailable;
+ ULONG OutboundQuota;
+ ULONG WriteQuotaAvailable;
+ ULONG NamedPipeState;
+ ULONG NamedPipeEnd;
+} FILE_PIPE_LOCAL_INFORMATION, *PFILE_PIPE_LOCAL_INFORMATION;
+
+typedef struct _FILE_PIPE_REMOTE_INFORMATION {
+ LARGE_INTEGER CollectDataTime;
+ ULONG MaximumCollectionCount;
+} FILE_PIPE_REMOTE_INFORMATION, *PFILE_PIPE_REMOTE_INFORMATION;
+
+typedef struct _FILE_PIPE_WAIT_FOR_BUFFER {
+ LARGE_INTEGER Timeout;
+ ULONG NameLength;
+ BOOLEAN TimeoutSpecified;
+ WCHAR Name[1];
+} FILE_PIPE_WAIT_FOR_BUFFER, *PFILE_PIPE_WAIT_FOR_BUFFER;
+
+typedef struct _FILE_RENAME_INFORMATION {
+ BOOLEAN ReplaceIfExists;
+ HANDLE RootDirectory;
+ ULONG FileNameLength;
+ WCHAR FileName[1];
+} FILE_RENAME_INFORMATION, *PFILE_RENAME_INFORMATION;
+
+typedef struct _FILE_STREAM_INFORMATION {
+ ULONG NextEntryOffset;
+ ULONG StreamNameLength;
+ LARGE_INTEGER StreamSize;
+ LARGE_INTEGER StreamAllocationSize;
+ WCHAR StreamName[1];
+} FILE_STREAM_INFORMATION, *PFILE_STREAM_INFORMATION;
+
+typedef struct _FILE_TRACKING_INFORMATION {
+ HANDLE DestinationFile;
+ ULONG ObjectInformationLength;
+ CHAR ObjectInformation[1];
+} FILE_TRACKING_INFORMATION, *PFILE_TRACKING_INFORMATION;
+
+#if (VER_PRODUCTBUILD >= 2195)
+typedef struct _FILE_ZERO_DATA_INFORMATION {
+ LARGE_INTEGER FileOffset;
+ LARGE_INTEGER BeyondFinalZero;
+} FILE_ZERO_DATA_INFORMATION, *PFILE_ZERO_DATA_INFORMATION;
+
+typedef struct FILE_ALLOCATED_RANGE_BUFFER {
+ LARGE_INTEGER FileOffset;
+ LARGE_INTEGER Length;
+} FILE_ALLOCATED_RANGE_BUFFER, *PFILE_ALLOCATED_RANGE_BUFFER;
+#endif /* (VER_PRODUCTBUILD >= 2195) */
+
+typedef struct _FSRTL_COMMON_FCB_HEADER {
+ CSHORT NodeTypeCode;
+ CSHORT NodeByteSize;
+ UCHAR Flags;
+ UCHAR IsFastIoPossible;
+#if (VER_PRODUCTBUILD >= 1381)
+ UCHAR Flags2;
+ UCHAR Reserved;
+#endif /* (VER_PRODUCTBUILD >= 1381) */
+ PERESOURCE Resource;
+ PERESOURCE PagingIoResource;
+ LARGE_INTEGER AllocationSize;
+ LARGE_INTEGER FileSize;
+ LARGE_INTEGER ValidDataLength;
+} FSRTL_COMMON_FCB_HEADER, *PFSRTL_COMMON_FCB_HEADER;
+
+#if (VER_PRODUCTBUILD >= 2600)
+
+typedef struct _FSRTL_ADVANCED_FCB_HEADER {
+ CSHORT NodeTypeCode;
+ CSHORT NodeByteSize;
+ UCHAR Flags;
+ UCHAR IsFastIoPossible;
+ UCHAR Flags2;
+ UCHAR Reserved;
+ PERESOURCE Resource;
+ PERESOURCE PagingIoResource;
+ LARGE_INTEGER AllocationSize;
+ LARGE_INTEGER FileSize;
+ LARGE_INTEGER ValidDataLength;
+ PFAST_MUTEX FastMutex;
+ LIST_ENTRY FilterContexts;
+} FSRTL_ADVANCED_FCB_HEADER, *PFSRTL_ADVANCED_FCB_HEADER;
+
+typedef struct _FSRTL_PER_STREAM_CONTEXT {
+ LIST_ENTRY Links;
+ PVOID OwnerId;
+ PVOID InstanceId;
+ PFREE_FUNCTION FreeCallback;
+} FSRTL_PER_STREAM_CONTEXT, *PFSRTL_PER_STREAM_CONTEXT;
+
+typedef struct _FSRTL_PER_FILEOBJECT_CONTEXT
+{
+ LIST_ENTRY Links;
+ PVOID OwnerId;
+ PVOID InstanceId;
+} FSRTL_PER_FILEOBJECT_CONTEXT, *PFSRTL_PER_FILEOBJECT_CONTEXT;
+
+#endif /* (VER_PRODUCTBUILD >= 2600) */
+
+typedef struct _BASE_MCB
+{
+ ULONG MaximumPairCount;
+ ULONG PairCount;
+ USHORT PoolType;
+ USHORT Flags;
+ PVOID Mapping;
+} BASE_MCB, *PBASE_MCB;
+
+typedef struct _LARGE_MCB
+{
+ PKGUARDED_MUTEX GuardedMutex;
+ BASE_MCB BaseMcb;
+} LARGE_MCB, *PLARGE_MCB;
+
+typedef struct _MCB
+{
+ LARGE_MCB DummyFieldThatSizesThisStructureCorrectly;
+} MCB, *PMCB;
+
+typedef struct _GENERATE_NAME_CONTEXT {
+ USHORT Checksum;
+ BOOLEAN CheckSumInserted;
+ UCHAR NameLength;
+ WCHAR NameBuffer[8];
+ ULONG ExtensionLength;
+ WCHAR ExtensionBuffer[4];
+ ULONG LastIndexValue;
+} GENERATE_NAME_CONTEXT, *PGENERATE_NAME_CONTEXT;
+
+typedef struct _MAPPING_PAIR {
+ ULONGLONG Vcn;
+ ULONGLONG Lcn;
+} MAPPING_PAIR, *PMAPPING_PAIR;
+
+typedef struct _GET_RETRIEVAL_DESCRIPTOR {
+ ULONG NumberOfPairs;
+ ULONGLONG StartVcn;
+ MAPPING_PAIR Pair[1];
+} GET_RETRIEVAL_DESCRIPTOR, *PGET_RETRIEVAL_DESCRIPTOR;
+
+typedef struct _KQUEUE {
+ DISPATCHER_HEADER Header;
+ LIST_ENTRY EntryListHead;
+ ULONG CurrentCount;
+ ULONG MaximumCount;
+ LIST_ENTRY ThreadListHead;
+} KQUEUE, *PKQUEUE, *RESTRICTED_POINTER PRKQUEUE;
+
+#define ASSERT_QUEUE(Q) ASSERT(((Q)->Header.Type & KOBJECT_TYPE_MASK) == QueueObject);
+
+typedef struct _MBCB {
+ CSHORT NodeTypeCode;
+ CSHORT NodeIsInZone;
+ ULONG PagesToWrite;
+ ULONG DirtyPages;
+ ULONG Reserved;
+ LIST_ENTRY BitmapRanges;
+ LONGLONG ResumeWritePage;
+ BITMAP_RANGE BitmapRange1;
+ BITMAP_RANGE BitmapRange2;
+ BITMAP_RANGE BitmapRange3;
+} MBCB, *PMBCB;
+
+typedef struct _MOVEFILE_DESCRIPTOR {
+ HANDLE FileHandle;
+ ULONG Reserved;
+ LARGE_INTEGER StartVcn;
+ LARGE_INTEGER TargetLcn;
+ ULONG NumVcns;
+ ULONG Reserved1;
+} MOVEFILE_DESCRIPTOR, *PMOVEFILE_DESCRIPTOR;
+
+typedef struct _OBJECT_BASIC_INFO {
+ ULONG Attributes;
+ ACCESS_MASK GrantedAccess;
+ ULONG HandleCount;
+ ULONG ReferenceCount;
+ ULONG PagedPoolUsage;
+ ULONG NonPagedPoolUsage;
+ ULONG Reserved[3];
+ ULONG NameInformationLength;
+ ULONG TypeInformationLength;
+ ULONG SecurityDescriptorLength;
+ LARGE_INTEGER CreateTime;
+} OBJECT_BASIC_INFO, *POBJECT_BASIC_INFO;
+
+typedef struct _OBJECT_HANDLE_ATTRIBUTE_INFO {
+ BOOLEAN Inherit;
+ BOOLEAN ProtectFromClose;
+} OBJECT_HANDLE_ATTRIBUTE_INFO, *POBJECT_HANDLE_ATTRIBUTE_INFO;
+
+typedef struct _OBJECT_NAME_INFO {
+ UNICODE_STRING ObjectName;
+ WCHAR ObjectNameBuffer[1];
+} OBJECT_NAME_INFO, *POBJECT_NAME_INFO;
+
+typedef struct _OBJECT_PROTECTION_INFO {
+ BOOLEAN Inherit;
+ BOOLEAN ProtectHandle;
+} OBJECT_PROTECTION_INFO, *POBJECT_PROTECTION_INFO;
+
+typedef struct _OBJECT_TYPE_INFO {
+ UNICODE_STRING ObjectTypeName;
+ UCHAR Unknown[0x58];
+ WCHAR ObjectTypeNameBuffer[1];
+} OBJECT_TYPE_INFO, *POBJECT_TYPE_INFO;
+
+typedef struct _OBJECT_ALL_TYPES_INFO {
+ ULONG NumberOfObjectTypes;
+ OBJECT_TYPE_INFO ObjectsTypeInfo[1];
+} OBJECT_ALL_TYPES_INFO, *POBJECT_ALL_TYPES_INFO;
+
+
+typedef struct _PATHNAME_BUFFER {
+ ULONG PathNameLength;
+ WCHAR Name[1];
+} PATHNAME_BUFFER, *PPATHNAME_BUFFER;
+
+typedef enum _RTL_GENERIC_COMPARE_RESULTS
+{
+ GenericLessThan,
+ GenericGreaterThan,
+ GenericEqual
+} RTL_GENERIC_COMPARE_RESULTS;
+
+typedef enum _TABLE_SEARCH_RESULT
+{
+ TableEmptyTree,
+ TableFoundNode,
+ TableInsertAsLeft,
+ TableInsertAsRight
+} TABLE_SEARCH_RESULT;
+
+typedef NTSTATUS
+(NTAPI *PRTL_AVL_MATCH_FUNCTION)(
+ struct _RTL_AVL_TABLE *Table,
+ PVOID UserData,
+ PVOID MatchData
+);
+
+typedef RTL_GENERIC_COMPARE_RESULTS
+(NTAPI *PRTL_AVL_COMPARE_ROUTINE) (
+ struct _RTL_AVL_TABLE *Table,
+ PVOID FirstStruct,
+ PVOID SecondStruct
+);
+
+typedef RTL_GENERIC_COMPARE_RESULTS
+(NTAPI *PRTL_GENERIC_COMPARE_ROUTINE) (
+ struct _RTL_GENERIC_TABLE *Table,
+ PVOID FirstStruct,
+ PVOID SecondStruct
+);
+
+typedef PVOID
+(NTAPI *PRTL_GENERIC_ALLOCATE_ROUTINE) (
+ struct _RTL_GENERIC_TABLE *Table,
+ CLONG ByteSize
+);
+
+typedef VOID
+(NTAPI *PRTL_GENERIC_FREE_ROUTINE) (
+ struct _RTL_GENERIC_TABLE *Table,
+ PVOID Buffer
+);
+
+typedef PVOID
+(NTAPI *PRTL_AVL_ALLOCATE_ROUTINE) (
+ struct _RTL_AVL_TABLE *Table,
+ CLONG ByteSize
+);
+
+typedef VOID
+(NTAPI *PRTL_AVL_FREE_ROUTINE) (
+ struct _RTL_AVL_TABLE *Table,
+ PVOID Buffer
+);
+
+typedef struct _PUBLIC_BCB {
+ CSHORT NodeTypeCode;
+ CSHORT NodeByteSize;
+ ULONG MappedLength;
+ LARGE_INTEGER MappedFileOffset;
+} PUBLIC_BCB, *PPUBLIC_BCB;
+
+typedef struct _QUERY_PATH_REQUEST {
+ ULONG PathNameLength;
+ PIO_SECURITY_CONTEXT SecurityContext;
+ WCHAR FilePathName[1];
+} QUERY_PATH_REQUEST, *PQUERY_PATH_REQUEST;
+
+typedef struct _QUERY_PATH_RESPONSE {
+ ULONG LengthAccepted;
+} QUERY_PATH_RESPONSE, *PQUERY_PATH_RESPONSE;
+
+typedef struct _RETRIEVAL_POINTERS_BUFFER {
+ ULONG ExtentCount;
+ LARGE_INTEGER StartingVcn;
+ struct {
+ LARGE_INTEGER NextVcn;
+ LARGE_INTEGER Lcn;
+ } Extents[1];
+} RETRIEVAL_POINTERS_BUFFER, *PRETRIEVAL_POINTERS_BUFFER;
+
+typedef struct _RTL_SPLAY_LINKS {
+ struct _RTL_SPLAY_LINKS *Parent;
+ struct _RTL_SPLAY_LINKS *LeftChild;
+ struct _RTL_SPLAY_LINKS *RightChild;
+} RTL_SPLAY_LINKS, *PRTL_SPLAY_LINKS;
+
+typedef struct _RTL_BALANCED_LINKS
+{
+ struct _RTL_BALANCED_LINKS *Parent;
+ struct _RTL_BALANCED_LINKS *LeftChild;
+ struct _RTL_BALANCED_LINKS *RightChild;
+ CHAR Balance;
+ UCHAR Reserved[3];
+} RTL_BALANCED_LINKS, *PRTL_BALANCED_LINKS;
+
+typedef struct _RTL_GENERIC_TABLE
+{
+ PRTL_SPLAY_LINKS TableRoot;
+ LIST_ENTRY InsertOrderList;
+ PLIST_ENTRY OrderedPointer;
+ ULONG WhichOrderedElement;
+ ULONG NumberGenericTableElements;
+ PRTL_GENERIC_COMPARE_ROUTINE CompareRoutine;
+ PRTL_GENERIC_ALLOCATE_ROUTINE AllocateRoutine;
+ PRTL_GENERIC_FREE_ROUTINE FreeRoutine;
+ PVOID TableContext;
+} RTL_GENERIC_TABLE, *PRTL_GENERIC_TABLE;
+
+typedef struct _RTL_AVL_TABLE
+{
+ RTL_BALANCED_LINKS BalancedRoot;
+ PVOID OrderedPointer;
+ ULONG WhichOrderedElement;
+ ULONG NumberGenericTableElements;
+ ULONG DepthOfTree;
+ PRTL_BALANCED_LINKS RestartKey;
+ ULONG DeleteCount;
+ PRTL_AVL_COMPARE_ROUTINE CompareRoutine;
+ PRTL_AVL_ALLOCATE_ROUTINE AllocateRoutine;
+ PRTL_AVL_FREE_ROUTINE FreeRoutine;
+ PVOID TableContext;
+} RTL_AVL_TABLE, *PRTL_AVL_TABLE;
+
+NTSYSAPI
+VOID
+NTAPI
+RtlInitializeGenericTableAvl(
+ PRTL_AVL_TABLE Table,
+ PRTL_AVL_COMPARE_ROUTINE CompareRoutine,
+ PRTL_AVL_ALLOCATE_ROUTINE AllocateRoutine,
+ PRTL_AVL_FREE_ROUTINE FreeRoutine,
+ PVOID TableContext
+);
+
+#if defined(USE_LPC6432)
+#define LPC_CLIENT_ID CLIENT_ID64
+#define LPC_SIZE_T ULONGLONG
+#define LPC_PVOID ULONGLONG
+#define LPC_HANDLE ULONGLONG
+#else
+#define LPC_CLIENT_ID CLIENT_ID
+#define LPC_SIZE_T SIZE_T
+#define LPC_PVOID PVOID
+#define LPC_HANDLE HANDLE
+#endif
+
+typedef struct _PORT_MESSAGE
+{
+ union
+ {
+ struct
+ {
+ CSHORT DataLength;
+ CSHORT TotalLength;
+ } s1;
+ ULONG Length;
+ } u1;
+ union
+ {
+ struct
+ {
+ CSHORT Type;
+ CSHORT DataInfoOffset;
+ } s2;
+ ULONG ZeroInit;
+ } u2;
+ union
+ {
+ LPC_CLIENT_ID ClientId;
+ double DoNotUseThisField;
+ };
+ ULONG MessageId;
+ union
+ {
+ LPC_SIZE_T ClientViewSize;
+ ULONG CallbackId;
+ };
+} PORT_MESSAGE, *PPORT_MESSAGE;
+
+#define LPC_KERNELMODE_MESSAGE (CSHORT)((USHORT)0x8000)
+
+typedef struct _PORT_VIEW
+{
+ ULONG Length;
+ LPC_HANDLE SectionHandle;
+ ULONG SectionOffset;
+ LPC_SIZE_T ViewSize;
+ LPC_PVOID ViewBase;
+ LPC_PVOID ViewRemoteBase;
+} PORT_VIEW, *PPORT_VIEW;
+
+typedef struct _REMOTE_PORT_VIEW
+{
+ ULONG Length;
+ LPC_SIZE_T ViewSize;
+ LPC_PVOID ViewBase;
+} REMOTE_PORT_VIEW, *PREMOTE_PORT_VIEW;
+
+typedef struct _SE_EXPORTS {
+
+ LUID SeCreateTokenPrivilege;
+ LUID SeAssignPrimaryTokenPrivilege;
+ LUID SeLockMemoryPrivilege;
+ LUID SeIncreaseQuotaPrivilege;
+ LUID SeUnsolicitedInputPrivilege;
+ LUID SeTcbPrivilege;
+ LUID SeSecurityPrivilege;
+ LUID SeTakeOwnershipPrivilege;
+ LUID SeLoadDriverPrivilege;
+ LUID SeCreatePagefilePrivilege;
+ LUID SeIncreaseBasePriorityPrivilege;
+ LUID SeSystemProfilePrivilege;
+ LUID SeSystemtimePrivilege;
+ LUID SeProfileSingleProcessPrivilege;
+ LUID SeCreatePermanentPrivilege;
+ LUID SeBackupPrivilege;
+ LUID SeRestorePrivilege;
+ LUID SeShutdownPrivilege;
+ LUID SeDebugPrivilege;
+ LUID SeAuditPrivilege;
+ LUID SeSystemEnvironmentPrivilege;
+ LUID SeChangeNotifyPrivilege;
+ LUID SeRemoteShutdownPrivilege;
+
+ PSID SeNullSid;
+ PSID SeWorldSid;
+ PSID SeLocalSid;
+ PSID SeCreatorOwnerSid;
+ PSID SeCreatorGroupSid;
+
+ PSID SeNtAuthoritySid;
+ PSID SeDialupSid;
+ PSID SeNetworkSid;
+ PSID SeBatchSid;
+ PSID SeInteractiveSid;
+ PSID SeLocalSystemSid;
+ PSID SeAliasAdminsSid;
+ PSID SeAliasUsersSid;
+ PSID SeAliasGuestsSid;
+ PSID SeAliasPowerUsersSid;
+ PSID SeAliasAccountOpsSid;
+ PSID SeAliasSystemOpsSid;
+ PSID SeAliasPrintOpsSid;
+ PSID SeAliasBackupOpsSid;
+
+ PSID SeAuthenticatedUsersSid;
+
+ PSID SeRestrictedSid;
+ PSID SeAnonymousLogonSid;
+
+ LUID SeUndockPrivilege;
+ LUID SeSyncAgentPrivilege;
+ LUID SeEnableDelegationPrivilege;
+
+} SE_EXPORTS, *PSE_EXPORTS;
+
+typedef struct
+{
+ LARGE_INTEGER StartingLcn;
+} STARTING_LCN_INPUT_BUFFER, *PSTARTING_LCN_INPUT_BUFFER;
+
+typedef struct _STARTING_VCN_INPUT_BUFFER {
+ LARGE_INTEGER StartingVcn;
+} STARTING_VCN_INPUT_BUFFER, *PSTARTING_VCN_INPUT_BUFFER;
+
+typedef struct _SECURITY_CLIENT_CONTEXT {
+ SECURITY_QUALITY_OF_SERVICE SecurityQos;
+ PACCESS_TOKEN ClientToken;
+ BOOLEAN DirectlyAccessClientToken;
+ BOOLEAN DirectAccessEffectiveOnly;
+ BOOLEAN ServerIsRemote;
+ TOKEN_CONTROL ClientTokenControl;
+} SECURITY_CLIENT_CONTEXT, *PSECURITY_CLIENT_CONTEXT;
+
+typedef struct _ACE_HEADER
+{
+ UCHAR AceType;
+ UCHAR AceFlags;
+ USHORT AceSize;
+} ACE_HEADER, *PACE_HEADER;
+
+typedef struct _TUNNEL {
+ FAST_MUTEX Mutex;
+ PRTL_SPLAY_LINKS Cache;
+ LIST_ENTRY TimerQueue;
+ USHORT NumEntries;
+} TUNNEL, *PTUNNEL;
+
+typedef struct _VAD_HEADER {
+ PVOID StartVPN;
+ PVOID EndVPN;
+ PVAD_HEADER ParentLink;
+ PVAD_HEADER LeftLink;
+ PVAD_HEADER RightLink;
+ ULONG Flags; /* LSB = CommitCharge */
+ PVOID ControlArea;
+ PVOID FirstProtoPte;
+ PVOID LastPTE;
+ ULONG Unknown;
+ LIST_ENTRY Secured;
+} VAD_HEADER, *PVAD_HEADER;
+
+typedef struct
+{
+ LARGE_INTEGER StartingLcn;
+ LARGE_INTEGER BitmapSize;
+ UCHAR Buffer[1];
+} VOLUME_BITMAP_BUFFER, *PVOLUME_BITMAP_BUFFER;
+
+#if (VER_PRODUCTBUILD >= 2600)
+
+typedef BOOLEAN
+(NTAPI *PFILTER_REPORT_CHANGE) (
+ IN PVOID NotifyContext,
+ IN PVOID FilterContext
+);
+
+typedef enum _FS_FILTER_SECTION_SYNC_TYPE {
+ SyncTypeOther = 0,
+ SyncTypeCreateSection
+} FS_FILTER_SECTION_SYNC_TYPE, *PFS_FILTER_SECTION_SYNC_TYPE;
+
+typedef union _FS_FILTER_PARAMETERS {
+ struct {
+ PLARGE_INTEGER EndingOffset;
+ } AcquireForModifiedPageWriter;
+
+ struct {
+ PERESOURCE ResourceToRelease;
+ } ReleaseForModifiedPageWriter;
+
+ struct {
+ FS_FILTER_SECTION_SYNC_TYPE SyncType;
+ ULONG PageProtection;
+ } AcquireForSectionSynchronization;
+
+ struct {
+ PVOID Argument1;
+ PVOID Argument2;
+ PVOID Argument3;
+ PVOID Argument4;
+ PVOID Argument5;
+ } Others;
+} FS_FILTER_PARAMETERS, *PFS_FILTER_PARAMETERS;
+
+typedef struct _FS_FILTER_CALLBACK_DATA {
+ ULONG SizeOfFsFilterCallbackData;
+ UCHAR Operation;
+ UCHAR Reserved;
+ struct _DEVICE_OBJECT *DeviceObject;
+ struct _FILE_OBJECT *FileObject;
+ FS_FILTER_PARAMETERS Parameters;
+} FS_FILTER_CALLBACK_DATA, *PFS_FILTER_CALLBACK_DATA;
+
+typedef NTSTATUS
+(NTAPI *PFS_FILTER_CALLBACK) (
+ IN PFS_FILTER_CALLBACK_DATA Data,
+ OUT PVOID *CompletionContext
+);
+
+typedef VOID
+(NTAPI *PFS_FILTER_COMPLETION_CALLBACK) (
+ IN PFS_FILTER_CALLBACK_DATA Data,
+ IN NTSTATUS OperationStatus,
+ IN PVOID CompletionContext
+);
+
+typedef struct _FS_FILTER_CALLBACKS {
+ ULONG SizeOfFsFilterCallbacks;
+ ULONG Reserved;
+ PFS_FILTER_CALLBACK PreAcquireForSectionSynchronization;
+ PFS_FILTER_COMPLETION_CALLBACK PostAcquireForSectionSynchronization;
+ PFS_FILTER_CALLBACK PreReleaseForSectionSynchronization;
+ PFS_FILTER_COMPLETION_CALLBACK PostReleaseForSectionSynchronization;
+ PFS_FILTER_CALLBACK PreAcquireForCcFlush;
+ PFS_FILTER_COMPLETION_CALLBACK PostAcquireForCcFlush;
+ PFS_FILTER_CALLBACK PreReleaseForCcFlush;
+ PFS_FILTER_COMPLETION_CALLBACK PostReleaseForCcFlush;
+ PFS_FILTER_CALLBACK PreAcquireForModifiedPageWriter;
+ PFS_FILTER_COMPLETION_CALLBACK PostAcquireForModifiedPageWriter;
+ PFS_FILTER_CALLBACK PreReleaseForModifiedPageWriter;
+ PFS_FILTER_COMPLETION_CALLBACK PostReleaseForModifiedPageWriter;
+} FS_FILTER_CALLBACKS, *PFS_FILTER_CALLBACKS;
+
+typedef struct _READ_LIST {
+ PFILE_OBJECT FileObject;
+ ULONG NumberOfEntries;
+ LOGICAL IsImage;
+ FILE_SEGMENT_ELEMENT List[ANYSIZE_ARRAY];
+} READ_LIST, *PREAD_LIST;
+
+#endif
+
+typedef NTSTATUS
+(NTAPI * PRTL_HEAP_COMMIT_ROUTINE) (
+ IN PVOID Base,
+ IN OUT PVOID *CommitAddress,
+ IN OUT PSIZE_T CommitSize
+);
+
+typedef struct _RTL_HEAP_PARAMETERS {
+ ULONG Length;
+ SIZE_T SegmentReserve;
+ SIZE_T SegmentCommit;
+ SIZE_T DeCommitFreeBlockThreshold;
+ SIZE_T DeCommitTotalFreeThreshold;
+ SIZE_T MaximumAllocationSize;
+ SIZE_T VirtualMemoryThreshold;
+ SIZE_T InitialCommit;
+ SIZE_T InitialReserve;
+ PRTL_HEAP_COMMIT_ROUTINE CommitRoutine;
+ SIZE_T Reserved[2];
+} RTL_HEAP_PARAMETERS, *PRTL_HEAP_PARAMETERS;
+
+NTKERNELAPI
+BOOLEAN
+NTAPI
+CcCanIWrite (
+ IN PFILE_OBJECT FileObject,
+ IN ULONG BytesToWrite,
+ IN BOOLEAN Wait,
+ IN BOOLEAN Retrying
+);
+
+NTKERNELAPI
+BOOLEAN
+NTAPI
+CcCopyRead (
+ IN PFILE_OBJECT FileObject,
+ IN PLARGE_INTEGER FileOffset,
+ IN ULONG Length,
+ IN BOOLEAN Wait,
+ OUT PVOID Buffer,
+ OUT PIO_STATUS_BLOCK IoStatus
+);
+
+NTKERNELAPI
+BOOLEAN
+NTAPI
+CcCopyWrite (
+ IN PFILE_OBJECT FileObject,
+ IN PLARGE_INTEGER FileOffset,
+ IN ULONG Length,
+ IN BOOLEAN Wait,
+ IN PVOID Buffer
+);
+
+#define CcCopyWriteWontFlush(FO, FOFF, LEN) ((LEN) <= 0x10000)
+
+typedef VOID (NTAPI *PCC_POST_DEFERRED_WRITE) (
+ IN PVOID Context1,
+ IN PVOID Context2
+);
+
+NTKERNELAPI
+VOID
+NTAPI
+CcDeferWrite (
+ IN PFILE_OBJECT FileObject,
+ IN PCC_POST_DEFERRED_WRITE PostRoutine,
+ IN PVOID Context1,
+ IN PVOID Context2,
+ IN ULONG BytesToWrite,
+ IN BOOLEAN Retrying
+);
+
+NTKERNELAPI
+VOID
+NTAPI
+CcFastCopyRead (
+ IN PFILE_OBJECT FileObject,
+ IN ULONG FileOffset,
+ IN ULONG Length,
+ IN ULONG PageCount,
+ OUT PVOID Buffer,
+ OUT PIO_STATUS_BLOCK IoStatus
+);
+
+NTKERNELAPI
+VOID
+NTAPI
+CcFastCopyWrite (
+ IN PFILE_OBJECT FileObject,
+ IN ULONG FileOffset,
+ IN ULONG Length,
+ IN PVOID Buffer
+);
+
+NTKERNELAPI
+VOID
+NTAPI
+CcFlushCache (
+ IN PSECTION_OBJECT_POINTERS SectionObjectPointer,
+ IN PLARGE_INTEGER FileOffset OPTIONAL,
+ IN ULONG Length,
+ OUT PIO_STATUS_BLOCK IoStatus OPTIONAL
+);
+
+typedef VOID (*PDIRTY_PAGE_ROUTINE) (
+ IN PFILE_OBJECT FileObject,
+ IN PLARGE_INTEGER FileOffset,
+ IN ULONG Length,
+ IN PLARGE_INTEGER OldestLsn,
+ IN PLARGE_INTEGER NewestLsn,
+ IN PVOID Context1,
+ IN PVOID Context2
+);
+
+NTKERNELAPI
+LARGE_INTEGER
+NTAPI
+CcGetDirtyPages (
+ IN PVOID LogHandle,
+ IN PDIRTY_PAGE_ROUTINE DirtyPageRoutine,
+ IN PVOID Context1,
+ IN PVOID Context2
+);
+
+NTKERNELAPI
+PFILE_OBJECT
+NTAPI
+CcGetFileObjectFromBcb (
+ IN PVOID Bcb
+);
+
+NTKERNELAPI
+PFILE_OBJECT
+NTAPI
+CcGetFileObjectFromSectionPtrs (
+ IN PSECTION_OBJECT_POINTERS SectionObjectPointer
+);
+
+#define CcGetFileSizePointer(FO) ( \
+ ((PLARGE_INTEGER)((FO)->SectionObjectPointer->SharedCacheMap) + 1) \
+)
+
+#if (VER_PRODUCTBUILD >= 2195)
+
+NTKERNELAPI
+LARGE_INTEGER
+NTAPI
+CcGetFlushedValidData (
+ IN PSECTION_OBJECT_POINTERS SectionObjectPointer,
+ IN BOOLEAN BcbListHeld
+);
+
+#endif /* (VER_PRODUCTBUILD >= 2195) */
+
+NTKERNELAPI
+LARGE_INTEGER
+NTAPI
+CcGetLsnForFileObject (
+ IN PFILE_OBJECT FileObject,
+ OUT PLARGE_INTEGER OldestLsn OPTIONAL
+);
+
+typedef BOOLEAN (NTAPI *PACQUIRE_FOR_LAZY_WRITE) (
+ IN PVOID Context,
+ IN BOOLEAN Wait
+);
+
+typedef VOID (NTAPI *PRELEASE_FROM_LAZY_WRITE) (
+ IN PVOID Context
+);
+
+typedef BOOLEAN (NTAPI *PACQUIRE_FOR_READ_AHEAD) (
+ IN PVOID Context,
+ IN BOOLEAN Wait
+);
+
+typedef VOID (NTAPI *PRELEASE_FROM_READ_AHEAD) (
+ IN PVOID Context
+);
+
+typedef struct _CACHE_MANAGER_CALLBACKS {
+ PACQUIRE_FOR_LAZY_WRITE AcquireForLazyWrite;
+ PRELEASE_FROM_LAZY_WRITE ReleaseFromLazyWrite;
+ PACQUIRE_FOR_READ_AHEAD AcquireForReadAhead;
+ PRELEASE_FROM_READ_AHEAD ReleaseFromReadAhead;
+} CACHE_MANAGER_CALLBACKS, *PCACHE_MANAGER_CALLBACKS;
+
+NTKERNELAPI
+VOID
+NTAPI
+CcInitializeCacheMap (
+ IN PFILE_OBJECT FileObject,
+ IN PCC_FILE_SIZES FileSizes,
+ IN BOOLEAN PinAccess,
+ IN PCACHE_MANAGER_CALLBACKS Callbacks,
+ IN PVOID LazyWriteContext
+);
+
+#define CcIsFileCached(FO) ( \
+ ((FO)->SectionObjectPointer != NULL) && \
+ (((PSECTION_OBJECT_POINTERS)(FO)->SectionObjectPointer)->SharedCacheMap != NULL) \
+)
+
+extern ULONG CcFastMdlReadWait;
+
+NTKERNELAPI
+BOOLEAN
+NTAPI
+CcIsThereDirtyData (
+ IN PVPB Vpb
+);
+
+NTKERNELAPI
+BOOLEAN
+NTAPI
+CcMapData (
+ IN PFILE_OBJECT FileObject,
+ IN PLARGE_INTEGER FileOffset,
+ IN ULONG Length,
+ IN ULONG Flags,
+ OUT PVOID *Bcb,
+ OUT PVOID *Buffer
+);
+
+NTKERNELAPI
+VOID
+NTAPI
+CcMdlRead (
+ IN PFILE_OBJECT FileObject,
+ IN PLARGE_INTEGER FileOffset,
+ IN ULONG Length,
+ OUT PMDL *MdlChain,
+ OUT PIO_STATUS_BLOCK IoStatus
+);
+
+NTKERNELAPI
+VOID
+NTAPI
+CcMdlReadComplete (
+ IN PFILE_OBJECT FileObject,
+ IN PMDL MdlChain
+);
+
+NTKERNELAPI
+VOID
+NTAPI
+CcMdlWriteComplete (
+ IN PFILE_OBJECT FileObject,
+ IN PLARGE_INTEGER FileOffset,
+ IN PMDL MdlChain
+);
+
+#define MAP_WAIT 1
+
+NTKERNELAPI
+BOOLEAN
+NTAPI
+CcPinMappedData (
+ IN PFILE_OBJECT FileObject,
+ IN PLARGE_INTEGER FileOffset,
+ IN ULONG Length,
+ IN ULONG Flags,
+ IN OUT PVOID *Bcb
+);
+
+NTKERNELAPI
+BOOLEAN
+NTAPI
+CcPinRead (
+ IN PFILE_OBJECT FileObject,
+ IN PLARGE_INTEGER FileOffset,
+ IN ULONG Length,
+ IN ULONG Flags,
+ OUT PVOID *Bcb,
+ OUT PVOID *Buffer
+);
+
+NTKERNELAPI
+VOID
+NTAPI
+CcPrepareMdlWrite (
+ IN PFILE_OBJECT FileObject,
+ IN PLARGE_INTEGER FileOffset,
+ IN ULONG Length,
+ OUT PMDL *MdlChain,
+ OUT PIO_STATUS_BLOCK IoStatus
+);
+
+NTKERNELAPI
+BOOLEAN
+NTAPI
+CcPreparePinWrite (
+ IN PFILE_OBJECT FileObject,
+ IN PLARGE_INTEGER FileOffset,
+ IN ULONG Length,
+ IN BOOLEAN Zero,
+ IN ULONG Flags,
+ OUT PVOID *Bcb,
+ OUT PVOID *Buffer
+);
+
+NTKERNELAPI
+BOOLEAN
+NTAPI
+CcPurgeCacheSection (
+ IN PSECTION_OBJECT_POINTERS SectionObjectPointer,
+ IN PLARGE_INTEGER FileOffset OPTIONAL,
+ IN ULONG Length,
+ IN BOOLEAN UninitializeCacheMaps
+);
+
+#define CcReadAhead(FO, FOFF, LEN) ( \
+ if ((LEN) >= 256) { \
+ CcScheduleReadAhead((FO), (FOFF), (LEN)); \
+ } \
+)
+
+#if (VER_PRODUCTBUILD >= 2195)
+
+NTKERNELAPI
+PVOID
+NTAPI
+CcRemapBcb (
+ IN PVOID Bcb
+);
+
+#endif /* (VER_PRODUCTBUILD >= 2195) */
+
+NTKERNELAPI
+VOID
+NTAPI
+CcRepinBcb (
+ IN PVOID Bcb
+);
+
+NTKERNELAPI
+VOID
+NTAPI
+CcScheduleReadAhead (
+ IN PFILE_OBJECT FileObject,
+ IN PLARGE_INTEGER FileOffset,
+ IN ULONG Length
+);
+
+NTKERNELAPI
+VOID
+NTAPI
+CcSetAdditionalCacheAttributes (
+ IN PFILE_OBJECT FileObject,
+ IN BOOLEAN DisableReadAhead,
+ IN BOOLEAN DisableWriteBehind
+);
+
+NTKERNELAPI
+VOID
+NTAPI
+CcSetBcbOwnerPointer (
+ IN PVOID Bcb,
+ IN PVOID OwnerPointer
+);
+
+NTKERNELAPI
+VOID
+NTAPI
+CcSetDirtyPageThreshold (
+ IN PFILE_OBJECT FileObject,
+ IN ULONG DirtyPageThreshold
+);
+
+NTKERNELAPI
+VOID
+NTAPI
+CcSetDirtyPinnedData (
+ IN PVOID BcbVoid,
+ IN PLARGE_INTEGER Lsn OPTIONAL
+);
+
+NTKERNELAPI
+VOID
+NTAPI
+CcSetFileSizes (
+ IN PFILE_OBJECT FileObject,
+ IN PCC_FILE_SIZES FileSizes
+);
+
+typedef VOID (NTAPI *PFLUSH_TO_LSN) (
+ IN PVOID LogHandle,
+ IN PLARGE_INTEGER Lsn
+);
+
+NTKERNELAPI
+VOID
+NTAPI
+CcSetLogHandleForFile (
+ IN PFILE_OBJECT FileObject,
+ IN PVOID LogHandle,
+ IN PFLUSH_TO_LSN FlushToLsnRoutine
+);
+
+NTKERNELAPI
+VOID
+NTAPI
+CcSetReadAheadGranularity (
+ IN PFILE_OBJECT FileObject,
+ IN ULONG Granularity /* default: PAGE_SIZE */
+ /* allowed: 2^n * PAGE_SIZE */
+);
+
+NTKERNELAPI
+BOOLEAN
+NTAPI
+CcUninitializeCacheMap (
+ IN PFILE_OBJECT FileObject,
+ IN PLARGE_INTEGER TruncateSize OPTIONAL,
+ IN PCACHE_UNINITIALIZE_EVENT UninitializeCompleteEvent OPTIONAL
+);
+
+NTKERNELAPI
+VOID
+NTAPI
+CcUnpinData (
+ IN PVOID Bcb
+);
+
+NTKERNELAPI
+VOID
+NTAPI
+CcUnpinDataForThread (
+ IN PVOID Bcb,
+ IN ERESOURCE_THREAD ResourceThreadId
+);
+
+NTKERNELAPI
+VOID
+NTAPI
+CcUnpinRepinnedBcb (
+ IN PVOID Bcb,
+ IN BOOLEAN WriteThrough,
+ OUT PIO_STATUS_BLOCK IoStatus
+);
+
+#if (VER_PRODUCTBUILD >= 2195)
+
+NTKERNELAPI
+NTSTATUS
+NTAPI
+CcWaitForCurrentLazyWriterActivity (
+ VOID
+);
+
+#endif /* (VER_PRODUCTBUILD >= 2195) */
+
+NTKERNELAPI
+BOOLEAN
+NTAPI
+CcZeroData (
+ IN PFILE_OBJECT FileObject,
+ IN PLARGE_INTEGER StartOffset,
+ IN PLARGE_INTEGER EndOffset,
+ IN BOOLEAN Wait
+);
+
+NTKERNELAPI
+VOID
+NTAPI
+ExDisableResourceBoostLite (
+ IN PERESOURCE Resource
+);
+
+NTKERNELAPI
+ULONG
+NTAPI
+ExQueryPoolBlockSize (
+ IN PVOID PoolBlock,
+ OUT PBOOLEAN QuotaCharged
+);
+
+#if (VER_PRODUCTBUILD >= 2600)
+
+#ifndef __NTOSKRNL__
+NTKERNELAPI
+VOID
+FASTCALL
+ExInitializeRundownProtection (
+ IN PEX_RUNDOWN_REF RunRef
+);
+
+NTKERNELAPI
+VOID
+FASTCALL
+ExReInitializeRundownProtection (
+ IN PEX_RUNDOWN_REF RunRef
+);
+
+NTKERNELAPI
+BOOLEAN
+FASTCALL
+ExAcquireRundownProtection (
+ IN PEX_RUNDOWN_REF RunRef
+);
+
+NTKERNELAPI
+BOOLEAN
+FASTCALL
+ExAcquireRundownProtectionEx (
+ IN PEX_RUNDOWN_REF RunRef,
+ IN ULONG Count
+);
+
+NTKERNELAPI
+VOID
+FASTCALL
+ExReleaseRundownProtection (
+ IN PEX_RUNDOWN_REF RunRef
+);
+
+NTKERNELAPI
+VOID
+FASTCALL
+ExReleaseRundownProtectionEx (
+ IN PEX_RUNDOWN_REF RunRef,
+ IN ULONG Count
+);
+
+NTKERNELAPI
+VOID
+FASTCALL
+ExRundownCompleted (
+ IN PEX_RUNDOWN_REF RunRef
+);
+
+NTKERNELAPI
+VOID
+FASTCALL
+ExWaitForRundownProtectionRelease (
+ IN PEX_RUNDOWN_REF RunRef
+);
+
+#endif
+#endif /* (VER_PRODUCTBUILD >= 2600) */
+
+#define FlagOn(x, f) ((x) & (f))
+
+NTKERNELAPI
+VOID
+NTAPI
+FsRtlAddToTunnelCache (
+ IN PTUNNEL Cache,
+ IN ULONGLONG DirectoryKey,
+ IN PUNICODE_STRING ShortName,
+ IN PUNICODE_STRING LongName,
+ IN BOOLEAN KeyByShortName,
+ IN ULONG DataLength,
+ IN PVOID Data
+);
+
+#if (VER_PRODUCTBUILD >= 2195)
+
+PFILE_LOCK
+NTAPI
+FsRtlAllocateFileLock (
+ IN PCOMPLETE_LOCK_IRP_ROUTINE CompleteLockIrpRoutine OPTIONAL,
+ IN PUNLOCK_ROUTINE UnlockRoutine OPTIONAL
+);
+
+#endif /* (VER_PRODUCTBUILD >= 2195) */
+
+NTKERNELAPI
+PVOID
+NTAPI
+FsRtlAllocatePool (
+ IN POOL_TYPE PoolType,
+ IN ULONG NumberOfBytes
+);
+
+NTKERNELAPI
+PVOID
+NTAPI
+FsRtlAllocatePoolWithQuota (
+ IN POOL_TYPE PoolType,
+ IN ULONG NumberOfBytes
+);
+
+NTKERNELAPI
+PVOID
+NTAPI
+FsRtlAllocatePoolWithQuotaTag (
+ IN POOL_TYPE PoolType,
+ IN ULONG NumberOfBytes,
+ IN ULONG Tag
+);
+
+NTKERNELAPI
+PVOID
+NTAPI
+FsRtlAllocatePoolWithTag (
+ IN POOL_TYPE PoolType,
+ IN ULONG NumberOfBytes,
+ IN ULONG Tag
+);
+
+NTKERNELAPI
+BOOLEAN
+NTAPI
+FsRtlAreNamesEqual (
+ IN PCUNICODE_STRING Name1,
+ IN PCUNICODE_STRING Name2,
+ IN BOOLEAN IgnoreCase,
+ IN PCWCH UpcaseTable OPTIONAL
+);
+
+#define FsRtlAreThereCurrentFileLocks(FL) ( \
+ ((FL)->FastIoIsQuestionable) \
+)
+
+/*
+ FsRtlCheckLockForReadAccess:
+
+ All this really does is pick out the lock parameters from the irp (io stack
+ location?), get IoGetRequestorProcess, and pass values on to
+ FsRtlFastCheckLockForRead.
+*/
+NTKERNELAPI
+BOOLEAN
+NTAPI
+FsRtlCheckLockForReadAccess (
+ IN PFILE_LOCK FileLock,
+ IN PIRP Irp
+);
+
+/*
+ FsRtlCheckLockForWriteAccess:
+
+ All this really does is pick out the lock parameters from the irp (io stack
+ location?), get IoGetRequestorProcess, and pass values on to
+ FsRtlFastCheckLockForWrite.
+*/
+NTKERNELAPI
+BOOLEAN
+NTAPI
+FsRtlCheckLockForWriteAccess (
+ IN PFILE_LOCK FileLock,
+ IN PIRP Irp
+);
+
+typedef
+VOID
+(NTAPI*POPLOCK_WAIT_COMPLETE_ROUTINE) (
+ IN PVOID Context,
+ IN PIRP Irp
+);
+
+typedef
+VOID
+(NTAPI*POPLOCK_FS_PREPOST_IRP) (
+ IN PVOID Context,
+ IN PIRP Irp
+);
+
+NTKERNELAPI
+NTSTATUS
+NTAPI
+FsRtlCheckOplock (
+ IN POPLOCK Oplock,
+ IN PIRP Irp,
+ IN PVOID Context,
+ IN POPLOCK_WAIT_COMPLETE_ROUTINE CompletionRoutine OPTIONAL,
+ IN POPLOCK_FS_PREPOST_IRP PostIrpRoutine OPTIONAL
+);
+
+NTKERNELAPI
+BOOLEAN
+NTAPI
+FsRtlCopyRead (
+ IN PFILE_OBJECT FileObject,
+ IN PLARGE_INTEGER FileOffset,
+ IN ULONG Length,
+ IN BOOLEAN Wait,
+ IN ULONG LockKey,
+ OUT PVOID Buffer,
+ OUT PIO_STATUS_BLOCK IoStatus,
+ IN PDEVICE_OBJECT DeviceObject
+);
+
+NTKERNELAPI
+BOOLEAN
+NTAPI
+FsRtlCopyWrite (
+ IN PFILE_OBJECT FileObject,
+ IN PLARGE_INTEGER FileOffset,
+ IN ULONG Length,
+ IN BOOLEAN Wait,
+ IN ULONG LockKey,
+ IN PVOID Buffer,
+ OUT PIO_STATUS_BLOCK IoStatus,
+ IN PDEVICE_OBJECT DeviceObject
+);
+
+NTSYSAPI
+PVOID
+NTAPI
+RtlCreateHeap (
+ IN ULONG Flags,
+ IN PVOID HeapBase OPTIONAL,
+ IN SIZE_T ReserveSize OPTIONAL,
+ IN SIZE_T CommitSize OPTIONAL,
+ IN PVOID Lock OPTIONAL,
+ IN PRTL_HEAP_PARAMETERS Parameters OPTIONAL
+);
+
+NTKERNELAPI
+BOOLEAN
+NTAPI
+FsRtlCurrentBatchOplock (
+ IN POPLOCK Oplock
+);
+
+NTKERNELAPI
+VOID
+NTAPI
+FsRtlDeleteKeyFromTunnelCache (
+ IN PTUNNEL Cache,
+ IN ULONGLONG DirectoryKey
+);
+
+NTKERNELAPI
+VOID
+NTAPI
+FsRtlDeleteTunnelCache (
+ IN PTUNNEL Cache
+);
+
+NTKERNELAPI
+VOID
+NTAPI
+FsRtlDeregisterUncProvider (
+ IN HANDLE Handle
+);
+
+NTSYSAPI
+PVOID
+NTAPI
+RtlDestroyHeap(
+ IN PVOID HeapHandle
+);
+
+NTKERNELAPI
+VOID
+NTAPI
+FsRtlDissectDbcs (
+ IN ANSI_STRING Name,
+ OUT PANSI_STRING FirstPart,
+ OUT PANSI_STRING RemainingPart
+);
+
+NTKERNELAPI
+VOID
+NTAPI
+FsRtlDissectName (
+ IN UNICODE_STRING Name,
+ OUT PUNICODE_STRING FirstPart,
+ OUT PUNICODE_STRING RemainingPart
+);
+
+NTKERNELAPI
+BOOLEAN
+NTAPI
+FsRtlDoesDbcsContainWildCards (
+ IN PANSI_STRING Name
+);
+
+NTKERNELAPI
+BOOLEAN
+NTAPI
+FsRtlDoesNameContainWildCards (
+ IN PUNICODE_STRING Name
+);
+
+#define FsRtlCompleteRequest(IRP,STATUS) { \
+ (IRP)->IoStatus.Status = (STATUS); \
+ IoCompleteRequest( (IRP), IO_DISK_INCREMENT ); \
+}
+
+#define FsRtlEnterFileSystem KeEnterCriticalRegion
+
+#define FsRtlExitFileSystem KeLeaveCriticalRegion
+
+NTKERNELAPI
+BOOLEAN
+NTAPI
+FsRtlFastCheckLockForRead (
+ IN PFILE_LOCK FileLock,
+ IN PLARGE_INTEGER FileOffset,
+ IN PLARGE_INTEGER Length,
+ IN ULONG Key,
+ IN PFILE_OBJECT FileObject,
+ IN PEPROCESS Process
+);
+
+NTKERNELAPI
+BOOLEAN
+NTAPI
+FsRtlFastCheckLockForWrite (
+ IN PFILE_LOCK FileLock,
+ IN PLARGE_INTEGER FileOffset,
+ IN PLARGE_INTEGER Length,
+ IN ULONG Key,
+ IN PFILE_OBJECT FileObject,
+ IN PEPROCESS Process
+);
+
+#define FsRtlFastLock(A1, A2, A3, A4, A5, A6, A7, A8, A9, A10, A11) ( \
+ FsRtlPrivateLock(A1, A2, A3, A4, A5, A6, A7, A8, A9, NULL, A10, A11) \
+)
+
+NTKERNELAPI
+NTSTATUS
+NTAPI
+FsRtlFastUnlockAll (
+ IN PFILE_LOCK FileLock,
+ IN PFILE_OBJECT FileObject,
+ IN PEPROCESS Process,
+ IN PVOID Context OPTIONAL
+);
+/* ret: STATUS_RANGE_NOT_LOCKED */
+
+NTKERNELAPI
+NTSTATUS
+NTAPI
+FsRtlFastUnlockAllByKey (
+ IN PFILE_LOCK FileLock,
+ IN PFILE_OBJECT FileObject,
+ IN PEPROCESS Process,
+ IN ULONG Key,
+ IN PVOID Context OPTIONAL
+);
+/* ret: STATUS_RANGE_NOT_LOCKED */
+
+NTKERNELAPI
+NTSTATUS
+NTAPI
+FsRtlFastUnlockSingle (
+ IN PFILE_LOCK FileLock,
+ IN PFILE_OBJECT FileObject,
+ IN PLARGE_INTEGER FileOffset,
+ IN PLARGE_INTEGER Length,
+ IN PEPROCESS Process,
+ IN ULONG Key,
+ IN PVOID Context OPTIONAL,
+ IN BOOLEAN AlreadySynchronized
+);
+/* ret: STATUS_RANGE_NOT_LOCKED */
+
+NTKERNELAPI
+BOOLEAN
+NTAPI
+FsRtlFindInTunnelCache (
+ IN PTUNNEL Cache,
+ IN ULONGLONG DirectoryKey,
+ IN PUNICODE_STRING Name,
+ OUT PUNICODE_STRING ShortName,
+ OUT PUNICODE_STRING LongName,
+ IN OUT PULONG DataLength,
+ OUT PVOID Data
+);
+
+#if (VER_PRODUCTBUILD >= 2195)
+
+NTKERNELAPI
+VOID
+NTAPI
+FsRtlFreeFileLock (
+ IN PFILE_LOCK FileLock
+);
+
+#endif /* (VER_PRODUCTBUILD >= 2195) */
+
+NTKERNELAPI
+NTSTATUS
+NTAPI
+FsRtlGetFileSize (
+ IN PFILE_OBJECT FileObject,
+ IN OUT PLARGE_INTEGER FileSize
+);
+
+/*
+ FsRtlGetNextFileLock:
+
+ ret: NULL if no more locks
+
+ Internals:
+ FsRtlGetNextFileLock uses FileLock->LastReturnedLockInfo and
+ FileLock->LastReturnedLock as storage.
+ LastReturnedLock is a pointer to the 'raw' lock inkl. double linked
+ list, and FsRtlGetNextFileLock needs this to get next lock on subsequent
+ calls with Restart = FALSE.
+*/
+NTKERNELAPI
+PFILE_LOCK_INFO
+NTAPI
+FsRtlGetNextFileLock (
+ IN PFILE_LOCK FileLock,
+ IN BOOLEAN Restart
+);
+
+NTKERNELAPI
+VOID
+NTAPI
+FsRtlInitializeFileLock (
+ IN PFILE_LOCK FileLock,
+ IN PCOMPLETE_LOCK_IRP_ROUTINE CompleteLockIrpRoutine OPTIONAL,
+ IN PUNLOCK_ROUTINE UnlockRoutine OPTIONAL
+);
+
+NTKERNELAPI
+VOID
+NTAPI
+FsRtlInitializeOplock (
+ IN OUT POPLOCK Oplock
+);
+
+NTKERNELAPI
+VOID
+NTAPI
+FsRtlInitializeTunnelCache (
+ IN PTUNNEL Cache
+);
+
+NTKERNELAPI
+BOOLEAN
+NTAPI
+FsRtlIsNameInExpression (
+ IN PUNICODE_STRING Expression,
+ IN PUNICODE_STRING Name,
+ IN BOOLEAN IgnoreCase,
+ IN PWCHAR UpcaseTable OPTIONAL
+);
+
+NTKERNELAPI
+BOOLEAN
+NTAPI
+FsRtlIsNtstatusExpected (
+ IN NTSTATUS Ntstatus
+);
+
+#define NLS_OEM_LEAD_BYTE_INFO NlsOemLeadByteInfo
+
+extern PUSHORT NlsOemLeadByteInfo;
+
+#define FsRtlIsLeadDbcsCharacter(DBCS_CHAR) ( \
+ (BOOLEAN)((UCHAR)(DBCS_CHAR) < 0x80 ? FALSE : \
+ (NLS_MB_CODE_PAGE_TAG && \
+ (NLS_OEM_LEAD_BYTE_INFO[(UCHAR)(DBCS_CHAR)] != 0))) \
+)
+
+#define FsRtlIsAnsiCharacterWild(C) ( \
+ FlagOn(FsRtlLegalAnsiCharacterArray[(UCHAR)(C)], FSRTL_WILD_CHARACTER ) \
+)
+
+#define FsRtlIsUnicodeCharacterWild(C) ( \
+ (((C) >= 0x40) ? \
+ FALSE : \
+ FlagOn(FsRtlLegalAnsiCharacterArray[(C)], FSRTL_WILD_CHARACTER )) \
+)
+
+NTKERNELAPI
+BOOLEAN
+NTAPI
+FsRtlMdlReadDev (
+ IN PFILE_OBJECT FileObject,
+ IN PLARGE_INTEGER FileOffset,
+ IN ULONG Length,
+ IN ULONG LockKey,
+ OUT PMDL *MdlChain,
+ OUT PIO_STATUS_BLOCK IoStatus,
+ IN PDEVICE_OBJECT DeviceObject
+);
+
+NTKERNELAPI
+BOOLEAN
+NTAPI
+FsRtlMdlReadComplete (
+ IN PFILE_OBJECT FileObject,
+ IN PMDL MdlChain
+);
+
+NTKERNELAPI
+BOOLEAN
+NTAPI
+FsRtlMdlReadCompleteDev (
+ IN PFILE_OBJECT FileObject,
+ IN PMDL MdlChain,
+ IN PDEVICE_OBJECT DeviceObject
+);
+
+NTKERNELAPI
+BOOLEAN
+NTAPI
+FsRtlPrepareMdlWriteDev (
+ IN PFILE_OBJECT FileObject,
+ IN PLARGE_INTEGER FileOffset,
+ IN ULONG Length,
+ IN ULONG LockKey,
+ OUT PMDL *MdlChain,
+ OUT PIO_STATUS_BLOCK IoStatus,
+ IN PDEVICE_OBJECT DeviceObject
+);
+
+NTKERNELAPI
+BOOLEAN
+NTAPI
+FsRtlMdlWriteComplete (
+ IN PFILE_OBJECT FileObject,
+ IN PLARGE_INTEGER FileOffset,
+ IN PMDL MdlChain
+);
+
+NTKERNELAPI
+BOOLEAN
+NTAPI
+FsRtlMdlWriteCompleteDev (
+ IN PFILE_OBJECT FileObject,
+ IN PLARGE_INTEGER FileOffset,
+ IN PMDL MdlChain,
+ IN PDEVICE_OBJECT DeviceObject
+);
+
+NTKERNELAPI
+NTSTATUS
+NTAPI
+FsRtlNormalizeNtstatus (
+ IN NTSTATUS Exception,
+ IN NTSTATUS GenericException
+);
+
+NTKERNELAPI
+VOID
+NTAPI
+FsRtlNotifyChangeDirectory (
+ IN PNOTIFY_SYNC NotifySync,
+ IN PVOID FsContext,
+ IN PSTRING FullDirectoryName,
+ IN PLIST_ENTRY NotifyList,
+ IN BOOLEAN WatchTree,
+ IN ULONG CompletionFilter,
+ IN PIRP NotifyIrp
+);
+
+NTKERNELAPI
+VOID
+NTAPI
+FsRtlNotifyCleanup (
+ IN PNOTIFY_SYNC NotifySync,
+ IN PLIST_ENTRY NotifyList,
+ IN PVOID FsContext
+);
+
+typedef BOOLEAN (*PCHECK_FOR_TRAVERSE_ACCESS) (
+ IN PVOID NotifyContext,
+ IN PVOID TargetContext,
+ IN PSECURITY_SUBJECT_CONTEXT SubjectContext
+);
+
+NTKERNELAPI
+VOID
+NTAPI
+FsRtlNotifyFullChangeDirectory (
+ IN PNOTIFY_SYNC NotifySync,
+ IN PLIST_ENTRY NotifyList,
+ IN PVOID FsContext,
+ IN PSTRING FullDirectoryName,
+ IN BOOLEAN WatchTree,
+ IN BOOLEAN IgnoreBuffer,
+ IN ULONG CompletionFilter,
+ IN PIRP NotifyIrp,
+ IN PCHECK_FOR_TRAVERSE_ACCESS TraverseCallback OPTIONAL,
+ IN PSECURITY_SUBJECT_CONTEXT SubjectContext OPTIONAL
+);
+
+NTKERNELAPI
+VOID
+NTAPI
+FsRtlNotifyFullReportChange (
+ IN PNOTIFY_SYNC NotifySync,
+ IN PLIST_ENTRY NotifyList,
+ IN PSTRING FullTargetName,
+ IN USHORT TargetNameOffset,
+ IN PSTRING StreamName OPTIONAL,
+ IN PSTRING NormalizedParentName OPTIONAL,
+ IN ULONG FilterMatch,
+ IN ULONG Action,
+ IN PVOID TargetContext
+);
+
+NTKERNELAPI
+VOID
+NTAPI
+FsRtlNotifyInitializeSync (
+ IN PNOTIFY_SYNC *NotifySync
+);
+
+NTKERNELAPI
+VOID
+NTAPI
+FsRtlNotifyReportChange (
+ IN PNOTIFY_SYNC NotifySync,
+ IN PLIST_ENTRY NotifyList,
+ IN PSTRING FullTargetName,
+ IN PUSHORT FileNamePartLength,
+ IN ULONG FilterMatch
+);
+
+NTKERNELAPI
+VOID
+NTAPI
+FsRtlNotifyUninitializeSync (
+ IN PNOTIFY_SYNC *NotifySync
+);
+
+#if (VER_PRODUCTBUILD >= 2195)
+
+NTKERNELAPI
+NTSTATUS
+NTAPI
+FsRtlNotifyVolumeEvent (
+ IN PFILE_OBJECT FileObject,
+ IN ULONG EventCode
+);
+
+#endif /* (VER_PRODUCTBUILD >= 2195) */
+
+NTKERNELAPI
+NTSTATUS
+NTAPI
+FsRtlOplockFsctrl (
+ IN POPLOCK Oplock,
+ IN PIRP Irp,
+ IN ULONG OpenCount
+);
+
+NTKERNELAPI
+BOOLEAN
+NTAPI
+FsRtlOplockIsFastIoPossible (
+ IN POPLOCK Oplock
+);
+
+/*
+ FsRtlPrivateLock:
+
+ ret: IoStatus->Status: STATUS_PENDING, STATUS_LOCK_NOT_GRANTED
+
+ Internals:
+ -Calls IoCompleteRequest if Irp
+ -Uses exception handling / ExRaiseStatus with STATUS_INSUFFICIENT_RESOURCES
+*/
+NTKERNELAPI
+BOOLEAN
+NTAPI
+FsRtlPrivateLock (
+ IN PFILE_LOCK FileLock,
+ IN PFILE_OBJECT FileObject,
+ IN PLARGE_INTEGER FileOffset,
+ IN PLARGE_INTEGER Length,
+ IN PEPROCESS Process,
+ IN ULONG Key,
+ IN BOOLEAN FailImmediately,
+ IN BOOLEAN ExclusiveLock,
+ OUT PIO_STATUS_BLOCK IoStatus,
+ IN PIRP Irp OPTIONAL,
+ IN PVOID Context,
+ IN BOOLEAN AlreadySynchronized
+);
+
+/*
+ FsRtlProcessFileLock:
+
+ ret:
+ -STATUS_INVALID_DEVICE_REQUEST
+ -STATUS_RANGE_NOT_LOCKED from unlock routines.
+ -STATUS_PENDING, STATUS_LOCK_NOT_GRANTED from FsRtlPrivateLock
+ (redirected IoStatus->Status).
+
+ Internals:
+ -switch ( Irp->CurrentStackLocation->MinorFunction )
+ lock: return FsRtlPrivateLock;
+ unlocksingle: return FsRtlFastUnlockSingle;
+ unlockall: return FsRtlFastUnlockAll;
+ unlockallbykey: return FsRtlFastUnlockAllByKey;
+ default: IofCompleteRequest with STATUS_INVALID_DEVICE_REQUEST;
+ return STATUS_INVALID_DEVICE_REQUEST;
+
+ -'AllwaysZero' is passed thru as 'AllwaysZero' to lock / unlock routines.
+ -'Irp' is passet thru as 'Irp' to FsRtlPrivateLock.
+*/
+NTKERNELAPI
+NTSTATUS
+NTAPI
+FsRtlProcessFileLock (
+ IN PFILE_LOCK FileLock,
+ IN PIRP Irp,
+ IN PVOID Context OPTIONAL
+);
+
+NTKERNELAPI
+NTSTATUS
+NTAPI
+FsRtlRegisterUncProvider (
+ IN OUT PHANDLE MupHandle,
+ IN PUNICODE_STRING RedirectorDeviceName,
+ IN BOOLEAN MailslotsSupported
+);
+
+typedef VOID
+(NTAPI *PFSRTL_STACK_OVERFLOW_ROUTINE) (
+ IN PVOID Context,
+ IN PKEVENT Event
+);
+
+NTKERNELAPI
+VOID
+NTAPI
+FsRtlPostStackOverflow (
+ IN PVOID Context,
+ IN PKEVENT Event,
+ IN PFSRTL_STACK_OVERFLOW_ROUTINE StackOverflowRoutine
+);
+
+NTKERNELAPI
+VOID
+NTAPI
+FsRtlPostPagingFileStackOverflow (
+ IN PVOID Context,
+ IN PKEVENT Event,
+ IN PFSRTL_STACK_OVERFLOW_ROUTINE StackOverflowRoutine
+);
+
+NTKERNELAPI
+VOID
+NTAPI
+FsRtlUninitializeFileLock (
+ IN PFILE_LOCK FileLock
+);
+
+NTKERNELAPI
+VOID
+NTAPI
+FsRtlUninitializeOplock (
+ IN OUT POPLOCK Oplock
+);
+
+NTHALAPI
+VOID
+NTAPI
+HalDisplayString (
+ IN PCHAR String
+);
+
+NTKERNELAPI
+UCHAR
+NTAPI
+KeSetIdealProcessorThread(
+ IN OUT PKTHREAD Thread,
+ IN UCHAR Processor
+);
+
+NTKERNELAPI
+NTSTATUS
+NTAPI
+IoAttachDeviceToDeviceStackSafe(
+ IN PDEVICE_OBJECT SourceDevice,
+ IN PDEVICE_OBJECT TargetDevice,
+ OUT PDEVICE_OBJECT *AttachedToDeviceObject
+);
+
+NTKERNELAPI
+VOID
+NTAPI
+IoAcquireVpbSpinLock (
+ OUT PKIRQL Irql
+);
+
+NTKERNELAPI
+NTSTATUS
+NTAPI
+IoCheckDesiredAccess (
+ IN OUT PACCESS_MASK DesiredAccess,
+ IN ACCESS_MASK GrantedAccess
+);
+
+NTKERNELAPI
+NTSTATUS
+NTAPI
+IoCheckEaBufferValidity (
+ IN PFILE_FULL_EA_INFORMATION EaBuffer,
+ IN ULONG EaLength,
+ OUT PULONG ErrorOffset
+);
+
+NTKERNELAPI
+NTSTATUS
+NTAPI
+IoCheckFunctionAccess (
+ IN ACCESS_MASK GrantedAccess,
+ IN UCHAR MajorFunction,
+ IN UCHAR MinorFunction,
+ IN ULONG IoControlCode,
+ IN PVOID Argument1 OPTIONAL,
+ IN PVOID Argument2 OPTIONAL
+);
+
+#if (VER_PRODUCTBUILD >= 2195)
+
+NTKERNELAPI
+NTSTATUS
+NTAPI
+IoCheckQuotaBufferValidity (
+ IN PFILE_QUOTA_INFORMATION QuotaBuffer,
+ IN ULONG QuotaLength,
+ OUT PULONG ErrorOffset
+);
+
+#endif /* (VER_PRODUCTBUILD >= 2195) */
+
+NTKERNELAPI
+PFILE_OBJECT
+NTAPI
+IoCreateStreamFileObject (
+ IN PFILE_OBJECT FileObject OPTIONAL,
+ IN PDEVICE_OBJECT DeviceObject OPTIONAL
+);
+
+#if (VER_PRODUCTBUILD >= 2195)
+
+NTKERNELAPI
+PFILE_OBJECT
+NTAPI
+IoCreateStreamFileObjectLite (
+ IN PFILE_OBJECT FileObject OPTIONAL,
+ IN PDEVICE_OBJECT DeviceObject OPTIONAL
+);
+
+#endif /* (VER_PRODUCTBUILD >= 2195) */
+
+NTKERNELAPI
+BOOLEAN
+NTAPI
+IoFastQueryNetworkAttributes (
+ IN POBJECT_ATTRIBUTES ObjectAttributes,
+ IN ACCESS_MASK DesiredAccess,
+ IN ULONG OpenOptions,
+ OUT PIO_STATUS_BLOCK IoStatus,
+ OUT PFILE_NETWORK_OPEN_INFORMATION Buffer
+);
+
+NTKERNELAPI
+PDEVICE_OBJECT
+NTAPI
+IoGetAttachedDevice (
+ IN PDEVICE_OBJECT DeviceObject
+);
+
+NTKERNELAPI
+PDEVICE_OBJECT
+NTAPI
+IoGetBaseFileSystemDeviceObject (
+ IN PFILE_OBJECT FileObject
+);
+
+NTKERNELAPI
+PEPROCESS
+NTAPI
+IoGetRequestorProcess (
+ IN PIRP Irp
+);
+
+#if (VER_PRODUCTBUILD >= 2195)
+
+NTKERNELAPI
+ULONG
+NTAPI
+IoGetRequestorProcessId (
+ IN PIRP Irp
+);
+
+#endif /* (VER_PRODUCTBUILD >= 2195) */
+
+NTKERNELAPI
+PIRP
+NTAPI
+IoGetTopLevelIrp (
+ VOID
+);
+
+#define IoIsFileOpenedExclusively(FileObject) ( \
+ (BOOLEAN) !( \
+ (FileObject)->SharedRead || \
+ (FileObject)->SharedWrite || \
+ (FileObject)->SharedDelete \
+ ) \
+)
+
+NTKERNELAPI
+BOOLEAN
+NTAPI
+IoIsOperationSynchronous (
+ IN PIRP Irp
+);
+
+NTKERNELAPI
+BOOLEAN
+NTAPI
+IoIsSystemThread (
+ IN PETHREAD Thread
+);
+
+#if (VER_PRODUCTBUILD >= 2195)
+
+NTKERNELAPI
+BOOLEAN
+NTAPI
+IoIsValidNameGraftingBuffer (
+ IN PIRP Irp,
+ IN PREPARSE_DATA_BUFFER ReparseBuffer
+);
+
+#endif /* (VER_PRODUCTBUILD >= 2195) */
+
+NTKERNELAPI
+NTSTATUS
+NTAPI
+IoPageRead (
+ IN PFILE_OBJECT FileObject,
+ IN PMDL Mdl,
+ IN PLARGE_INTEGER Offset,
+ IN PKEVENT Event,
+ OUT PIO_STATUS_BLOCK IoStatusBlock
+);
+
+NTKERNELAPI
+NTSTATUS
+NTAPI
+IoQueryFileInformation (
+ IN PFILE_OBJECT FileObject,
+ IN FILE_INFORMATION_CLASS FileInformationClass,
+ IN ULONG Length,
+ OUT PVOID FileInformation,
+ OUT PULONG ReturnedLength
+);
+
+NTKERNELAPI
+NTSTATUS
+NTAPI
+IoQueryVolumeInformation (
+ IN PFILE_OBJECT FileObject,
+ IN FS_INFORMATION_CLASS FsInformationClass,
+ IN ULONG Length,
+ OUT PVOID FsInformation,
+ OUT PULONG ReturnedLength
+);
+
+NTKERNELAPI
+VOID
+NTAPI
+IoQueueThreadIrp(
+ IN PIRP Irp
+);
+
+NTKERNELAPI
+VOID
+NTAPI
+IoRegisterFileSystem (
+ IN OUT PDEVICE_OBJECT DeviceObject
+);
+
+#if (VER_PRODUCTBUILD >= 1381)
+
+typedef VOID (NTAPI *PDRIVER_FS_NOTIFICATION) (
+ IN PDEVICE_OBJECT DeviceObject,
+ IN BOOLEAN DriverActive
+);
+
+NTKERNELAPI
+NTSTATUS
+NTAPI
+IoRegisterFsRegistrationChange (
+ IN PDRIVER_OBJECT DriverObject,
+ IN PDRIVER_FS_NOTIFICATION DriverNotificationRoutine
+);
+
+#endif /* (VER_PRODUCTBUILD >= 1381) */
+
+NTKERNELAPI
+VOID
+NTAPI
+IoReleaseVpbSpinLock (
+ IN KIRQL Irql
+);
+
+NTKERNELAPI
+VOID
+NTAPI
+IoSetDeviceToVerify (
+ IN PETHREAD Thread,
+ IN PDEVICE_OBJECT DeviceObject
+);
+
+NTKERNELAPI
+NTSTATUS
+NTAPI
+IoSetInformation (
+ IN PFILE_OBJECT FileObject,
+ IN FILE_INFORMATION_CLASS FileInformationClass,
+ IN ULONG Length,
+ IN PVOID FileInformation
+);
+
+NTKERNELAPI
+VOID
+NTAPI
+IoSetTopLevelIrp (
+ IN PIRP Irp
+);
+
+NTKERNELAPI
+NTSTATUS
+NTAPI
+IoSynchronousPageWrite (
+ IN PFILE_OBJECT FileObject,
+ IN PMDL Mdl,
+ IN PLARGE_INTEGER FileOffset,
+ IN PKEVENT Event,
+ OUT PIO_STATUS_BLOCK IoStatusBlock
+);
+
+NTKERNELAPI
+PEPROCESS
+NTAPI
+IoThreadToProcess (
+ IN PETHREAD Thread
+);
+
+NTKERNELAPI
+VOID
+NTAPI
+IoUnregisterFileSystem (
+ IN OUT PDEVICE_OBJECT DeviceObject
+);
+
+#if (VER_PRODUCTBUILD >= 1381)
+
+NTKERNELAPI
+VOID
+NTAPI
+IoUnregisterFsRegistrationChange (
+ IN PDRIVER_OBJECT DriverObject,
+ IN PDRIVER_FS_NOTIFICATION DriverNotificationRoutine
+);
+
+#endif /* (VER_PRODUCTBUILD >= 1381) */
+
+NTKERNELAPI
+NTSTATUS
+NTAPI
+IoVerifyVolume (
+ IN PDEVICE_OBJECT DeviceObject,
+ IN BOOLEAN AllowRawMount
+);
+
+NTKERNELAPI
+VOID
+NTAPI
+KeAttachProcess (
+ IN PKPROCESS Process
+);
+
+NTKERNELAPI
+VOID
+NTAPI
+KeDetachProcess (
+ VOID
+);
+
+NTKERNELAPI
+VOID
+NTAPI
+KeInitializeQueue (
+ IN PRKQUEUE Queue,
+ IN ULONG Count OPTIONAL
+);
+
+NTKERNELAPI
+LONG
+NTAPI
+KeInsertHeadQueue (
+ IN PRKQUEUE Queue,
+ IN PLIST_ENTRY Entry
+);
+
+NTKERNELAPI
+LONG
+NTAPI
+KeInsertQueue (
+ IN PRKQUEUE Queue,
+ IN PLIST_ENTRY Entry
+);
+
+NTKERNELAPI
+LONG
+NTAPI
+KeReadStateQueue (
+ IN PRKQUEUE Queue
+);
+
+NTKERNELAPI
+PLIST_ENTRY
+NTAPI
+KeRemoveQueue (
+ IN PRKQUEUE Queue,
+ IN KPROCESSOR_MODE WaitMode,
+ IN PLARGE_INTEGER Timeout OPTIONAL
+);
+
+NTKERNELAPI
+PLIST_ENTRY
+NTAPI
+KeRundownQueue (
+ IN PRKQUEUE Queue
+);
+
+NTKERNELAPI
+VOID
+NTAPI
+KeInitializeMutant (
+ IN PRKMUTANT Mutant,
+ IN BOOLEAN InitialOwner
+);
+
+NTKERNELAPI
+LONG
+NTAPI
+KeReadStateMutant (
+ IN PRKMUTANT Mutant
+);
+
+NTKERNELAPI
+LONG
+NTAPI
+KeReleaseMutant (
+ IN PRKMUTANT Mutant,
+ IN KPRIORITY Increment,
+ IN BOOLEAN Abandoned,
+ IN BOOLEAN Wait
+);
+
+#if (VER_PRODUCTBUILD >= 2195)
+
+NTKERNELAPI
+VOID
+NTAPI
+KeStackAttachProcess (
+ IN PKPROCESS Process,
+ OUT PKAPC_STATE ApcState
+);
+
+NTKERNELAPI
+VOID
+NTAPI
+KeUnstackDetachProcess (
+ IN PKAPC_STATE ApcState
+);
+
+#endif /* (VER_PRODUCTBUILD >= 2195) */
+
+NTKERNELAPI
+BOOLEAN
+NTAPI
+KeSetKernelStackSwapEnable(
+ IN BOOLEAN Enable
+);
+
+NTKERNELAPI
+BOOLEAN
+NTAPI
+MmCanFileBeTruncated (
+ IN PSECTION_OBJECT_POINTERS SectionObjectPointer,
+ IN PLARGE_INTEGER NewFileSize
+);
+
+NTKERNELAPI
+BOOLEAN
+NTAPI
+MmFlushImageSection (
+ IN PSECTION_OBJECT_POINTERS SectionObjectPointer,
+ IN MMFLUSH_TYPE FlushType
+);
+
+NTKERNELAPI
+BOOLEAN
+NTAPI
+MmForceSectionClosed (
+ IN PSECTION_OBJECT_POINTERS SectionObjectPointer,
+ IN BOOLEAN DelayClose
+);
+
+#if (VER_PRODUCTBUILD >= 1381)
+
+NTKERNELAPI
+BOOLEAN
+NTAPI
+MmIsRecursiveIoFault (
+ VOID
+);
+
+#else
+
+#define MmIsRecursiveIoFault() ( \
+ (PsGetCurrentThread()->DisablePageFaultClustering) | \
+ (PsGetCurrentThread()->ForwardClusterOnly) \
+)
+
+#endif
+
+
+NTKERNELAPI
+BOOLEAN
+NTAPI
+MmSetAddressRangeModified (
+ IN PVOID Address,
+ IN ULONG Length
+);
+
+NTKERNELAPI
+NTSTATUS
+NTAPI
+ObCreateObject (
+ IN KPROCESSOR_MODE ObjectAttributesAccessMode OPTIONAL,
+ IN POBJECT_TYPE ObjectType,
+ IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
+ IN KPROCESSOR_MODE AccessMode,
+ IN OUT PVOID ParseContext OPTIONAL,
+ IN ULONG ObjectSize,
+ IN ULONG PagedPoolCharge OPTIONAL,
+ IN ULONG NonPagedPoolCharge OPTIONAL,
+ OUT PVOID *Object
+);
+
+NTKERNELAPI
+ULONG
+NTAPI
+ObGetObjectPointerCount (
+ IN PVOID Object
+);
+
+NTKERNELAPI
+NTSTATUS
+NTAPI
+ObInsertObject (
+ IN PVOID Object,
+ IN PACCESS_STATE PassedAccessState OPTIONAL,
+ IN ACCESS_MASK DesiredAccess,
+ IN ULONG AdditionalReferences,
+ OUT PVOID *ReferencedObject OPTIONAL,
+ OUT PHANDLE Handle
+);
+
+NTKERNELAPI
+VOID
+NTAPI
+ObMakeTemporaryObject (
+ IN PVOID Object
+);
+
+NTKERNELAPI
+NTSTATUS
+NTAPI
+ObOpenObjectByPointer (
+ IN PVOID Object,
+ IN ULONG HandleAttributes,
+ IN PACCESS_STATE PassedAccessState OPTIONAL,
+ IN ACCESS_MASK DesiredAccess OPTIONAL,
+ IN POBJECT_TYPE ObjectType OPTIONAL,
+ IN KPROCESSOR_MODE AccessMode,
+ OUT PHANDLE Handle
+);
+
+NTKERNELAPI
+NTSTATUS
+NTAPI
+ObQueryNameString (
+ IN PVOID Object,
+ OUT POBJECT_NAME_INFORMATION ObjectNameInfo,
+ IN ULONG Length,
+ OUT PULONG ReturnLength
+);
+
+NTKERNELAPI
+NTSTATUS
+NTAPI
+ObQueryObjectAuditingByHandle (
+ IN HANDLE Handle,
+ OUT PBOOLEAN GenerateOnClose
+);
+
+NTKERNELAPI
+NTSTATUS
+NTAPI
+ObReferenceObjectByName (
+ IN PUNICODE_STRING ObjectName,
+ IN ULONG Attributes,
+ IN PACCESS_STATE PassedAccessState OPTIONAL,
+ IN ACCESS_MASK DesiredAccess OPTIONAL,
+ IN POBJECT_TYPE ObjectType,
+ IN KPROCESSOR_MODE AccessMode,
+ IN OUT PVOID ParseContext OPTIONAL,
+ OUT PVOID *Object
+);
+
+NTKERNELAPI
+NTSTATUS
+NTAPI
+PsAssignImpersonationToken (
+ IN PETHREAD Thread,
+ IN HANDLE Token
+);
+
+NTKERNELAPI
+VOID
+NTAPI
+PsChargePoolQuota (
+ IN PEPROCESS Process,
+ IN POOL_TYPE PoolType,
+ IN ULONG Amount
+);
+
+NTKERNELAPI
+NTSTATUS
+NTAPI
+PsChargeProcessPoolQuota (
+ IN PEPROCESS Process,
+ IN POOL_TYPE PoolType,
+ IN ULONG_PTR Amount
+);
+
+#define PsDereferenceImpersonationToken(T) \
+ {if (ARGUMENT_PRESENT(T)) { \
+ (ObDereferenceObject((T))); \
+ } else { \
+ ; \
+ } \
+}
+
+#define PsDereferencePrimaryToken(T) (ObDereferenceObject((T)))
+
+NTKERNELAPI
+BOOLEAN
+NTAPI
+PsDisableImpersonation(
+ IN PETHREAD Thread,
+ IN PSE_IMPERSONATION_STATE ImpersonationState
+);
+
+NTKERNELAPI
+LARGE_INTEGER
+NTAPI
+PsGetProcessExitTime (
+ VOID
+);
+
+NTKERNELAPI
+NTSTATUS
+NTAPI
+PsImpersonateClient(
+ IN PETHREAD Thread,
+ IN PACCESS_TOKEN Token,
+ IN BOOLEAN CopyOnOpen,
+ IN BOOLEAN EffectiveOnly,
+ IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
+);
+
+NTKERNELAPI
+BOOLEAN
+NTAPI
+PsIsSystemThread(
+ IN PETHREAD Thread
+);
+
+NTKERNELAPI
+BOOLEAN
+NTAPI
+PsIsThreadTerminating (
+ IN PETHREAD Thread
+);
+
+NTKERNELAPI
+NTSTATUS
+NTAPI
+PsLookupProcessByProcessId (
+ IN HANDLE ProcessId,
+ OUT PEPROCESS *Process
+);
+
+NTKERNELAPI
+NTSTATUS
+NTAPI
+PsLookupProcessThreadByCid (
+ IN PCLIENT_ID Cid,
+ OUT PEPROCESS *Process OPTIONAL,
+ OUT PETHREAD *Thread
+);
+
+NTKERNELAPI
+NTSTATUS
+NTAPI
+PsLookupThreadByThreadId (
+ IN HANDLE UniqueThreadId,
+ OUT PETHREAD *Thread
+);
+
+NTKERNELAPI
+PACCESS_TOKEN
+NTAPI
+PsReferenceImpersonationToken (
+ IN PETHREAD Thread,
+ OUT PBOOLEAN CopyOnUse,
+ OUT PBOOLEAN EffectiveOnly,
+ OUT PSECURITY_IMPERSONATION_LEVEL Level
+);
+
+NTKERNELAPI
+HANDLE
+NTAPI
+PsReferencePrimaryToken (
+ IN PEPROCESS Process
+);
+
+NTKERNELAPI
+VOID
+NTAPI
+PsRestoreImpersonation(
+ IN PETHREAD Thread,
+ IN PSE_IMPERSONATION_STATE ImpersonationState
+);
+
+NTKERNELAPI
+VOID
+NTAPI
+PsReturnPoolQuota (
+ IN PEPROCESS Process,
+ IN POOL_TYPE PoolType,
+ IN ULONG Amount
+);
+
+NTKERNELAPI
+VOID
+NTAPI
+PsRevertToSelf (
+ VOID
+);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+RtlAbsoluteToSelfRelativeSD (
+ IN PSECURITY_DESCRIPTOR AbsoluteSecurityDescriptor,
+ IN OUT PSECURITY_DESCRIPTOR SelfRelativeSecurityDescriptor,
+ IN PULONG BufferLength
+);
+
+NTSYSAPI
+PVOID
+NTAPI
+RtlAllocateHeap (
+ IN HANDLE HeapHandle,
+ IN ULONG Flags,
+ IN ULONG Size
+);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+RtlAppendStringToString(
+ PSTRING Destination,
+ const STRING *Source
+);
+
+NTSYSAPI
+USHORT
+NTAPI
+RtlCaptureStackBackTrace (
+ IN ULONG FramesToSkip,
+ IN ULONG FramesToCapture,
+ OUT PVOID *BackTrace,
+ OUT PULONG BackTraceHash OPTIONAL
+);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+RtlCompressBuffer (
+ IN USHORT CompressionFormatAndEngine,
+ IN PUCHAR UncompressedBuffer,
+ IN ULONG UncompressedBufferSize,
+ OUT PUCHAR CompressedBuffer,
+ IN ULONG CompressedBufferSize,
+ IN ULONG UncompressedChunkSize,
+ OUT PULONG FinalCompressedSize,
+ IN PVOID WorkSpace
+);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+RtlCompressChunks (
+ IN PUCHAR UncompressedBuffer,
+ IN ULONG UncompressedBufferSize,
+ OUT PUCHAR CompressedBuffer,
+ IN ULONG CompressedBufferSize,
+ IN OUT PCOMPRESSED_DATA_INFO CompressedDataInfo,
+ IN ULONG CompressedDataInfoLength,
+ IN PVOID WorkSpace
+);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+RtlConvertSidToUnicodeString (
+ OUT PUNICODE_STRING DestinationString,
+ IN PSID Sid,
+ IN BOOLEAN AllocateDestinationString
+);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+RtlCopySid (
+ IN ULONG Length,
+ IN PSID Destination,
+ IN PSID Source
+);
+
+NTSYSAPI
+BOOLEAN
+NTAPI
+RtlCreateUnicodeString(
+ PUNICODE_STRING DestinationString,
+ PCWSTR SourceString
+);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+RtlDecompressBuffer (
+ IN USHORT CompressionFormat,
+ OUT PUCHAR UncompressedBuffer,
+ IN ULONG UncompressedBufferSize,
+ IN PUCHAR CompressedBuffer,
+ IN ULONG CompressedBufferSize,
+ OUT PULONG FinalUncompressedSize
+);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+RtlDecompressChunks (
+ OUT PUCHAR UncompressedBuffer,
+ IN ULONG UncompressedBufferSize,
+ IN PUCHAR CompressedBuffer,
+ IN ULONG CompressedBufferSize,
+ IN PUCHAR CompressedTail,
+ IN ULONG CompressedTailSize,
+ IN PCOMPRESSED_DATA_INFO CompressedDataInfo
+);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+RtlDecompressFragment (
+ IN USHORT CompressionFormat,
+ OUT PUCHAR UncompressedFragment,
+ IN ULONG UncompressedFragmentSize,
+ IN PUCHAR CompressedBuffer,
+ IN ULONG CompressedBufferSize,
+ IN ULONG FragmentOffset,
+ OUT PULONG FinalUncompressedSize,
+ IN PVOID WorkSpace
+);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+RtlDescribeChunk (
+ IN USHORT CompressionFormat,
+ IN OUT PUCHAR *CompressedBuffer,
+ IN PUCHAR EndOfCompressedBufferPlus1,
+ OUT PUCHAR *ChunkBuffer,
+ OUT PULONG ChunkSize
+);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+RtlDowncaseUnicodeString(
+ IN OUT PUNICODE_STRING UniDest,
+ IN PCUNICODE_STRING UniSource,
+ IN BOOLEAN AllocateDestinationString
+);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+RtlDuplicateUnicodeString(
+ IN ULONG Flags,
+ IN PCUNICODE_STRING SourceString,
+ OUT PUNICODE_STRING DestinationString
+);
+
+NTSYSAPI
+BOOLEAN
+NTAPI
+RtlEqualSid (
+ IN PSID Sid1,
+ IN PSID Sid2
+);
+
+NTSYSAPI
+VOID
+NTAPI
+RtlFillMemoryUlong (
+ IN PVOID Destination,
+ IN ULONG Length,
+ IN ULONG Fill
+);
+
+NTSYSAPI
+BOOLEAN
+NTAPI
+RtlFreeHeap (
+ IN HANDLE HeapHandle,
+ IN ULONG Flags,
+ IN PVOID P
+);
+
+NTSYSAPI
+VOID
+NTAPI
+RtlGenerate8dot3Name (
+ IN PUNICODE_STRING Name,
+ IN BOOLEAN AllowExtendedCharacters,
+ IN OUT PGENERATE_NAME_CONTEXT Context,
+ OUT PUNICODE_STRING Name8dot3
+);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+RtlGetCompressionWorkSpaceSize (
+ IN USHORT CompressionFormatAndEngine,
+ OUT PULONG CompressBufferWorkSpaceSize,
+ OUT PULONG CompressFragmentWorkSpaceSize
+);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+RtlGetDaclSecurityDescriptor (
+ IN PSECURITY_DESCRIPTOR SecurityDescriptor,
+ OUT PBOOLEAN DaclPresent,
+ OUT PACL *Dacl,
+ OUT PBOOLEAN DaclDefaulted
+);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+RtlGetGroupSecurityDescriptor (
+ IN PSECURITY_DESCRIPTOR SecurityDescriptor,
+ OUT PSID *Group,
+ OUT PBOOLEAN GroupDefaulted
+);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+RtlGetOwnerSecurityDescriptor (
+ IN PSECURITY_DESCRIPTOR SecurityDescriptor,
+ OUT PSID *Owner,
+ OUT PBOOLEAN OwnerDefaulted
+);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+RtlInitializeSid (
+ IN OUT PSID Sid,
+ IN PSID_IDENTIFIER_AUTHORITY IdentifierAuthority,
+ IN UCHAR SubAuthorityCount
+);
+
+NTSYSAPI
+BOOLEAN
+NTAPI
+RtlIsNameLegalDOS8Dot3(
+ IN PCUNICODE_STRING Name,
+ IN OUT POEM_STRING OemName OPTIONAL,
+ IN OUT PBOOLEAN NameContainsSpaces OPTIONAL
+);
+
+NTSYSAPI
+ULONG
+NTAPI
+RtlLengthRequiredSid (
+ IN ULONG SubAuthorityCount
+);
+
+NTSYSAPI
+ULONG
+NTAPI
+RtlLengthSid (
+ IN PSID Sid
+);
+
+NTSYSAPI
+ULONG
+NTAPI
+RtlNtStatusToDosError (
+ IN NTSTATUS Status
+);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+RtlOemStringToUnicodeString(
+ IN OUT PUNICODE_STRING DestinationString,
+ IN PCOEM_STRING SourceString,
+ IN BOOLEAN AllocateDestinationString
+);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+RtlUnicodeStringToOemString(
+ IN OUT POEM_STRING DestinationString,
+ IN PCUNICODE_STRING SourceString,
+ IN BOOLEAN AllocateDestinationString
+);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+RtlReserveChunk (
+ IN USHORT CompressionFormat,
+ IN OUT PUCHAR *CompressedBuffer,
+ IN PUCHAR EndOfCompressedBufferPlus1,
+ OUT PUCHAR *ChunkBuffer,
+ IN ULONG ChunkSize
+);
+
+NTSYSAPI
+VOID
+NTAPI
+RtlSecondsSince1970ToTime (
+ IN ULONG SecondsSince1970,
+ OUT PLARGE_INTEGER Time
+);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+RtlSetGroupSecurityDescriptor (
+ IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor,
+ IN PSID Group,
+ IN BOOLEAN GroupDefaulted
+);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+RtlSetOwnerSecurityDescriptor (
+ IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor,
+ IN PSID Owner,
+ IN BOOLEAN OwnerDefaulted
+);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+RtlSetSaclSecurityDescriptor (
+ IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor,
+ IN BOOLEAN SaclPresent,
+ IN PACL Sacl,
+ IN BOOLEAN SaclDefaulted
+);
+
+NTSYSAPI
+PUCHAR
+NTAPI
+RtlSubAuthorityCountSid (
+ IN PSID Sid
+);
+
+NTSYSAPI
+PULONG
+NTAPI
+RtlSubAuthoritySid (
+ IN PSID Sid,
+ IN ULONG SubAuthority
+);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+RtlUnicodeToMultiByteN(
+ OUT PCHAR MultiByteString,
+ IN ULONG MaxBytesInMultiByteString,
+ OUT PULONG BytesInMultiByteString OPTIONAL,
+ IN PWCH UnicodeString,
+ IN ULONG BytesInUnicodeString
+);
+
+/* RTL Splay Tree Functions */
+NTSYSAPI
+PRTL_SPLAY_LINKS
+NTAPI
+RtlSplay(PRTL_SPLAY_LINKS Links);
+
+NTSYSAPI
+PRTL_SPLAY_LINKS
+NTAPI
+RtlDelete(PRTL_SPLAY_LINKS Links);
+
+NTSYSAPI
+VOID
+NTAPI
+RtlDeleteNoSplay(
+ PRTL_SPLAY_LINKS Links,
+ PRTL_SPLAY_LINKS *Root
+);
+
+NTSYSAPI
+PRTL_SPLAY_LINKS
+NTAPI
+RtlSubtreeSuccessor(PRTL_SPLAY_LINKS Links);
+
+NTSYSAPI
+PRTL_SPLAY_LINKS
+NTAPI
+RtlSubtreePredecessor(PRTL_SPLAY_LINKS Links);
+
+NTSYSAPI
+PRTL_SPLAY_LINKS
+NTAPI
+RtlRealSuccessor(PRTL_SPLAY_LINKS Links);
+
+NTSYSAPI
+PRTL_SPLAY_LINKS
+NTAPI
+RtlRealPredecessor(PRTL_SPLAY_LINKS Links);
+
+#define RtlIsLeftChild(Links) \
+ (RtlLeftChild(RtlParent(Links)) == (PRTL_SPLAY_LINKS)(Links))
+
+#define RtlIsRightChild(Links) \
+ (RtlRightChild(RtlParent(Links)) == (PRTL_SPLAY_LINKS)(Links))
+
+#define RtlRightChild(Links) \
+ ((PRTL_SPLAY_LINKS)(Links))->RightChild
+
+#define RtlIsRoot(Links) \
+ (RtlParent(Links) == (PRTL_SPLAY_LINKS)(Links))
+
+#define RtlLeftChild(Links) \
+ ((PRTL_SPLAY_LINKS)(Links))->LeftChild
+
+#define RtlParent(Links) \
+ ((PRTL_SPLAY_LINKS)(Links))->Parent
+
+#define RtlInitializeSplayLinks(Links) \
+ { \
+ PRTL_SPLAY_LINKS _SplayLinks; \
+ _SplayLinks = (PRTL_SPLAY_LINKS)(Links); \
+ _SplayLinks->Parent = _SplayLinks; \
+ _SplayLinks->LeftChild = NULL; \
+ _SplayLinks->RightChild = NULL; \
+ }
+
+#define RtlInsertAsLeftChild(ParentLinks,ChildLinks) \
+ { \
+ PRTL_SPLAY_LINKS _SplayParent; \
+ PRTL_SPLAY_LINKS _SplayChild; \
+ _SplayParent = (PRTL_SPLAY_LINKS)(ParentLinks); \
+ _SplayChild = (PRTL_SPLAY_LINKS)(ChildLinks); \
+ _SplayParent->LeftChild = _SplayChild; \
+ _SplayChild->Parent = _SplayParent; \
+ }
+
+#define RtlInsertAsRightChild(ParentLinks,ChildLinks) \
+ { \
+ PRTL_SPLAY_LINKS _SplayParent; \
+ PRTL_SPLAY_LINKS _SplayChild; \
+ _SplayParent = (PRTL_SPLAY_LINKS)(ParentLinks); \
+ _SplayChild = (PRTL_SPLAY_LINKS)(ChildLinks); \
+ _SplayParent->RightChild = _SplayChild; \
+ _SplayChild->Parent = _SplayParent; \
+ }
+
+NTSYSAPI
+BOOLEAN
+NTAPI
+RtlValidSid (
+ IN PSID Sid
+);
+
+NTKERNELAPI
+NTSTATUS
+NTAPI
+SeAppendPrivileges (
+ PACCESS_STATE AccessState,
+ PPRIVILEGE_SET Privileges
+);
+
+NTKERNELAPI
+BOOLEAN
+NTAPI
+SeAuditingFileEvents (
+ IN BOOLEAN AccessGranted,
+ IN PSECURITY_DESCRIPTOR SecurityDescriptor
+);
+
+NTKERNELAPI
+BOOLEAN
+NTAPI
+SeAuditingFileOrGlobalEvents (
+ IN BOOLEAN AccessGranted,
+ IN PSECURITY_DESCRIPTOR SecurityDescriptor,
+ IN PSECURITY_SUBJECT_CONTEXT SubjectContext
+);
+
+NTKERNELAPI
+VOID
+NTAPI
+SeCaptureSubjectContext (
+ OUT PSECURITY_SUBJECT_CONTEXT SubjectContext
+);
+
+NTKERNELAPI
+NTSTATUS
+NTAPI
+SeCreateClientSecurity (
+ IN PETHREAD Thread,
+ IN PSECURITY_QUALITY_OF_SERVICE QualityOfService,
+ IN BOOLEAN RemoteClient,
+ OUT PSECURITY_CLIENT_CONTEXT ClientContext
+);
+
+#if (VER_PRODUCTBUILD >= 2195)
+
+NTKERNELAPI
+NTSTATUS
+NTAPI
+SeCreateClientSecurityFromSubjectContext (
+ IN PSECURITY_SUBJECT_CONTEXT SubjectContext,
+ IN PSECURITY_QUALITY_OF_SERVICE QualityOfService,
+ IN BOOLEAN ServerIsRemote,
+ OUT PSECURITY_CLIENT_CONTEXT ClientContext
+);
+
+#endif /* (VER_PRODUCTBUILD >= 2195) */
+
+#define SeDeleteClientSecurity(C) { \
+ if (SeTokenType((C)->ClientToken) == TokenPrimary) { \
+ PsDereferencePrimaryToken( (C)->ClientToken ); \
+ } else { \
+ PsDereferenceImpersonationToken( (C)->ClientToken ); \
+ } \
+}
+
+NTKERNELAPI
+VOID
+NTAPI
+SeDeleteObjectAuditAlarm (
+ IN PVOID Object,
+ IN HANDLE Handle
+);
+
+#define SeEnableAccessToExports() SeExports = *(PSE_EXPORTS *)SeExports;
+
+NTKERNELAPI
+VOID
+NTAPI
+SeFreePrivileges (
+ IN PPRIVILEGE_SET Privileges
+);
+
+NTKERNELAPI
+VOID
+NTAPI
+SeImpersonateClient (
+ IN PSECURITY_CLIENT_CONTEXT ClientContext,
+ IN PETHREAD ServerThread OPTIONAL
+);
+
+#if (VER_PRODUCTBUILD >= 2195)
+
+NTKERNELAPI
+NTSTATUS
+NTAPI
+SeImpersonateClientEx (
+ IN PSECURITY_CLIENT_CONTEXT ClientContext,
+ IN PETHREAD ServerThread OPTIONAL
+);
+
+#endif /* (VER_PRODUCTBUILD >= 2195) */
+
+NTKERNELAPI
+VOID
+NTAPI
+SeLockSubjectContext (
+ IN PSECURITY_SUBJECT_CONTEXT SubjectContext
+);
+
+NTKERNELAPI
+NTSTATUS
+NTAPI
+SeMarkLogonSessionForTerminationNotification (
+ IN PLUID LogonId
+);
+
+NTKERNELAPI
+VOID
+NTAPI
+SeOpenObjectAuditAlarm (
+ IN PUNICODE_STRING ObjectTypeName,
+ IN PVOID Object OPTIONAL,
+ IN PUNICODE_STRING AbsoluteObjectName OPTIONAL,
+ IN PSECURITY_DESCRIPTOR SecurityDescriptor,
+ IN PACCESS_STATE AccessState,
+ IN BOOLEAN ObjectCreated,
+ IN BOOLEAN AccessGranted,
+ IN KPROCESSOR_MODE AccessMode,
+ OUT PBOOLEAN GenerateOnClose
+);
+
+NTKERNELAPI
+VOID
+NTAPI
+SeOpenObjectForDeleteAuditAlarm (
+ IN PUNICODE_STRING ObjectTypeName,
+ IN PVOID Object OPTIONAL,
+ IN PUNICODE_STRING AbsoluteObjectName OPTIONAL,
+ IN PSECURITY_DESCRIPTOR SecurityDescriptor,
+ IN PACCESS_STATE AccessState,
+ IN BOOLEAN ObjectCreated,
+ IN BOOLEAN AccessGranted,
+ IN KPROCESSOR_MODE AccessMode,
+ OUT PBOOLEAN GenerateOnClose
+);
+
+NTKERNELAPI
+BOOLEAN
+NTAPI
+SePrivilegeCheck (
+ IN OUT PPRIVILEGE_SET RequiredPrivileges,
+ IN PSECURITY_SUBJECT_CONTEXT SubjectContext,
+ IN KPROCESSOR_MODE AccessMode
+);
+
+NTKERNELAPI
+NTSTATUS
+NTAPI
+SeQueryAuthenticationIdToken (
+ IN PACCESS_TOKEN Token,
+ OUT PLUID LogonId
+);
+
+#if (VER_PRODUCTBUILD >= 2195)
+
+NTKERNELAPI
+NTSTATUS
+NTAPI
+SeQueryInformationToken (
+ IN PACCESS_TOKEN Token,
+ IN TOKEN_INFORMATION_CLASS TokenInformationClass,
+ OUT PVOID *TokenInformation
+);
+
+#endif /* (VER_PRODUCTBUILD >= 2195) */
+
+NTKERNELAPI
+NTSTATUS
+NTAPI
+SeQuerySecurityDescriptorInfo (
+ IN PSECURITY_INFORMATION SecurityInformation,
+ OUT PSECURITY_DESCRIPTOR SecurityDescriptor,
+ IN OUT PULONG Length,
+ IN PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor
+);
+
+#if (VER_PRODUCTBUILD >= 2195)
+
+NTKERNELAPI
+NTSTATUS
+NTAPI
+SeQuerySessionIdToken (
+ IN PACCESS_TOKEN Token,
+ IN PULONG SessionId
+);
+
+#endif /* (VER_PRODUCTBUILD >= 2195) */
+
+#define SeQuerySubjectContextToken( SubjectContext ) \
+ ( ARGUMENT_PRESENT( \
+ ((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->ClientToken \
+ ) ? \
+ ((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->ClientToken : \
+ ((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->PrimaryToken )
+
+typedef NTSTATUS (*PSE_LOGON_SESSION_TERMINATED_ROUTINE) (
+ IN PLUID LogonId
+);
+
+NTKERNELAPI
+NTSTATUS
+NTAPI
+SeRegisterLogonSessionTerminatedRoutine (
+ IN PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine
+);
+
+NTKERNELAPI
+VOID
+NTAPI
+SeReleaseSubjectContext (
+ IN PSECURITY_SUBJECT_CONTEXT SubjectContext
+);
+
+NTKERNELAPI
+VOID
+NTAPI
+SeSetAccessStateGenericMapping (
+ PACCESS_STATE AccessState,
+ PGENERIC_MAPPING GenericMapping
+);
+
+NTKERNELAPI
+NTSTATUS
+NTAPI
+SeSetSecurityDescriptorInfo (
+ IN PVOID Object OPTIONAL,
+ IN PSECURITY_INFORMATION SecurityInformation,
+ IN PSECURITY_DESCRIPTOR SecurityDescriptor,
+ IN OUT PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor,
+ IN POOL_TYPE PoolType,
+ IN PGENERIC_MAPPING GenericMapping
+);
+
+#if (VER_PRODUCTBUILD >= 2195)
+
+NTKERNELAPI
+NTSTATUS
+NTAPI
+SeSetSecurityDescriptorInfoEx (
+ IN PVOID Object OPTIONAL,
+ IN PSECURITY_INFORMATION SecurityInformation,
+ IN PSECURITY_DESCRIPTOR ModificationDescriptor,
+ IN OUT PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor,
+ IN ULONG AutoInheritFlags,
+ IN POOL_TYPE PoolType,
+ IN PGENERIC_MAPPING GenericMapping
+);
+
+NTKERNELAPI
+BOOLEAN
+NTAPI
+SeTokenIsAdmin (
+ IN PACCESS_TOKEN Token
+);
+
+NTKERNELAPI
+BOOLEAN
+NTAPI
+SeTokenIsRestricted (
+ IN PACCESS_TOKEN Token
+);
+
+
+NTSTATUS
+NTAPI
+SeLocateProcessImageName(
+ IN PEPROCESS Process,
+ OUT PUNICODE_STRING *pImageFileName
+);
+
+#endif /* (VER_PRODUCTBUILD >= 2195) */
+
+NTKERNELAPI
+TOKEN_TYPE
+NTAPI
+SeTokenType (
+ IN PACCESS_TOKEN Token
+);
+
+NTKERNELAPI
+VOID
+NTAPI
+SeUnlockSubjectContext (
+ IN PSECURITY_SUBJECT_CONTEXT SubjectContext
+);
+
+NTKERNELAPI
+NTSTATUS
+NTAPI
+SeUnregisterLogonSessionTerminatedRoutine (
+ IN PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine
+);
+
+#if (VER_PRODUCTBUILD >= 2195)
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwAdjustPrivilegesToken (
+ IN HANDLE TokenHandle,
+ IN BOOLEAN DisableAllPrivileges,
+ IN PTOKEN_PRIVILEGES NewState,
+ IN ULONG BufferLength,
+ OUT PTOKEN_PRIVILEGES PreviousState OPTIONAL,
+ OUT PULONG ReturnLength
+);
+
+#endif /* (VER_PRODUCTBUILD >= 2195) */
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwAlertThread (
+ IN HANDLE ThreadHandle
+);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwAllocateVirtualMemory (
+ IN HANDLE ProcessHandle,
+ IN OUT PVOID *BaseAddress,
+ IN ULONG ZeroBits,
+ IN OUT PULONG RegionSize,
+ IN ULONG AllocationType,
+ IN ULONG Protect
+);
+
+NTSTATUS
+NTAPI
+NtAccessCheckByTypeAndAuditAlarm(
+ IN PUNICODE_STRING SubsystemName,
+ IN HANDLE HandleId,
+ IN PUNICODE_STRING ObjectTypeName,
+ IN PUNICODE_STRING ObjectName,
+ IN PSECURITY_DESCRIPTOR SecurityDescriptor,
+ IN PSID PrincipalSelfSid,
+ IN ACCESS_MASK DesiredAccess,
+ IN AUDIT_EVENT_TYPE AuditType,
+ IN ULONG Flags,
+ IN POBJECT_TYPE_LIST ObjectTypeList,
+ IN ULONG ObjectTypeLength,
+ IN PGENERIC_MAPPING GenericMapping,
+ IN BOOLEAN ObjectCreation,
+ OUT PACCESS_MASK GrantedAccess,
+ OUT PNTSTATUS AccessStatus,
+ OUT PBOOLEAN GenerateOnClose
+);
+
+NTSTATUS
+NTAPI
+NtAccessCheckByTypeResultListAndAuditAlarm(
+ IN PUNICODE_STRING SubsystemName,
+ IN HANDLE HandleId,
+ IN PUNICODE_STRING ObjectTypeName,
+ IN PUNICODE_STRING ObjectName,
+ IN PSECURITY_DESCRIPTOR SecurityDescriptor,
+ IN PSID PrincipalSelfSid,
+ IN ACCESS_MASK DesiredAccess,
+ IN AUDIT_EVENT_TYPE AuditType,
+ IN ULONG Flags,
+ IN POBJECT_TYPE_LIST ObjectTypeList,
+ IN ULONG ObjectTypeLength,
+ IN PGENERIC_MAPPING GenericMapping,
+ IN BOOLEAN ObjectCreation,
+ OUT PACCESS_MASK GrantedAccess,
+ OUT PNTSTATUS AccessStatus,
+ OUT PBOOLEAN GenerateOnClose
+);
+
+NTSTATUS
+NTAPI
+NtAccessCheckByTypeResultListAndAuditAlarmByHandle(
+ IN PUNICODE_STRING SubsystemName,
+ IN HANDLE HandleId,
+ IN HANDLE ClientToken,
+ IN PUNICODE_STRING ObjectTypeName,
+ IN PUNICODE_STRING ObjectName,
+ IN PSECURITY_DESCRIPTOR SecurityDescriptor,
+ IN PSID PrincipalSelfSid,
+ IN ACCESS_MASK DesiredAccess,
+ IN AUDIT_EVENT_TYPE AuditType,
+ IN ULONG Flags,
+ IN POBJECT_TYPE_LIST ObjectTypeList,
+ IN ULONG ObjectTypeLength,
+ IN PGENERIC_MAPPING GenericMapping,
+ IN BOOLEAN ObjectCreation,
+ OUT PACCESS_MASK GrantedAccess,
+ OUT PNTSTATUS AccessStatus,
+ OUT PBOOLEAN GenerateOnClose
+);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwAccessCheckAndAuditAlarm (
+ IN PUNICODE_STRING SubsystemName,
+ IN PVOID HandleId,
+ IN PUNICODE_STRING ObjectTypeName,
+ IN PUNICODE_STRING ObjectName,
+ IN PSECURITY_DESCRIPTOR SecurityDescriptor,
+ IN ACCESS_MASK DesiredAccess,
+ IN PGENERIC_MAPPING GenericMapping,
+ IN BOOLEAN ObjectCreation,
+ OUT PACCESS_MASK GrantedAccess,
+ OUT PBOOLEAN AccessStatus,
+ OUT PBOOLEAN GenerateOnClose
+);
+
+#if (VER_PRODUCTBUILD >= 2195)
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwCancelIoFile (
+ IN HANDLE FileHandle,
+ OUT PIO_STATUS_BLOCK IoStatusBlock
+);
+
+#endif /* (VER_PRODUCTBUILD >= 2195) */
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwClearEvent (
+ IN HANDLE EventHandle
+);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwCloseObjectAuditAlarm (
+ IN PUNICODE_STRING SubsystemName,
+ IN PVOID HandleId,
+ IN BOOLEAN GenerateOnClose
+);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwCreateSection (
+ OUT PHANDLE SectionHandle,
+ IN ACCESS_MASK DesiredAccess,
+ IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
+ IN PLARGE_INTEGER MaximumSize OPTIONAL,
+ IN ULONG SectionPageProtection,
+ IN ULONG AllocationAttributes,
+ IN HANDLE FileHandle OPTIONAL
+);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwCreateSymbolicLinkObject (
+ OUT PHANDLE SymbolicLinkHandle,
+ IN ACCESS_MASK DesiredAccess,
+ IN POBJECT_ATTRIBUTES ObjectAttributes,
+ IN PUNICODE_STRING TargetName
+);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwDeleteFile (
+ IN POBJECT_ATTRIBUTES ObjectAttributes
+);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwDeleteValueKey (
+ IN HANDLE Handle,
+ IN PUNICODE_STRING Name
+);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwDeviceIoControlFile (
+ IN HANDLE FileHandle,
+ IN HANDLE Event OPTIONAL,
+ IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
+ IN PVOID ApcContext OPTIONAL,
+ OUT PIO_STATUS_BLOCK IoStatusBlock,
+ IN ULONG IoControlCode,
+ IN PVOID InputBuffer OPTIONAL,
+ IN ULONG InputBufferLength,
+ OUT PVOID OutputBuffer OPTIONAL,
+ IN ULONG OutputBufferLength
+);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwDisplayString (
+ IN PUNICODE_STRING String
+);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwDuplicateObject (
+ IN HANDLE SourceProcessHandle,
+ IN HANDLE SourceHandle,
+ IN HANDLE TargetProcessHandle OPTIONAL,
+ OUT PHANDLE TargetHandle OPTIONAL,
+ IN ACCESS_MASK DesiredAccess,
+ IN ULONG HandleAttributes,
+ IN ULONG Options
+);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwDuplicateToken (
+ IN HANDLE ExistingTokenHandle,
+ IN ACCESS_MASK DesiredAccess,
+ IN POBJECT_ATTRIBUTES ObjectAttributes,
+ IN BOOLEAN EffectiveOnly,
+ IN TOKEN_TYPE TokenType,
+ OUT PHANDLE NewTokenHandle
+);
+
+NTSTATUS
+NTAPI
+NtFilterToken(
+ IN HANDLE ExistingTokenHandle,
+ IN ULONG Flags,
+ IN PTOKEN_GROUPS SidsToDisable OPTIONAL,
+ IN PTOKEN_PRIVILEGES PrivilegesToDelete OPTIONAL,
+ IN PTOKEN_GROUPS RestrictedSids OPTIONAL,
+ OUT PHANDLE NewTokenHandle
+);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwFlushInstructionCache (
+ IN HANDLE ProcessHandle,
+ IN PVOID BaseAddress OPTIONAL,
+ IN ULONG FlushSize
+);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwFlushBuffersFile(
+ IN HANDLE FileHandle,
+ OUT PIO_STATUS_BLOCK IoStatusBlock
+);
+
+#if (VER_PRODUCTBUILD >= 2195)
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwFlushVirtualMemory (
+ IN HANDLE ProcessHandle,
+ IN OUT PVOID *BaseAddress,
+ IN OUT PULONG FlushSize,
+ OUT PIO_STATUS_BLOCK IoStatusBlock
+);
+
+#endif /* (VER_PRODUCTBUILD >= 2195) */
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwFreeVirtualMemory (
+ IN HANDLE ProcessHandle,
+ IN OUT PVOID *BaseAddress,
+ IN OUT PULONG RegionSize,
+ IN ULONG FreeType
+);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwFsControlFile (
+ IN HANDLE FileHandle,
+ IN HANDLE Event OPTIONAL,
+ IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
+ IN PVOID ApcContext OPTIONAL,
+ OUT PIO_STATUS_BLOCK IoStatusBlock,
+ IN ULONG FsControlCode,
+ IN PVOID InputBuffer OPTIONAL,
+ IN ULONG InputBufferLength,
+ OUT PVOID OutputBuffer OPTIONAL,
+ IN ULONG OutputBufferLength
+);
+
+#if (VER_PRODUCTBUILD >= 2195)
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwInitiatePowerAction (
+ IN POWER_ACTION SystemAction,
+ IN SYSTEM_POWER_STATE MinSystemState,
+ IN ULONG Flags,
+ IN BOOLEAN Asynchronous
+);
+
+#endif /* (VER_PRODUCTBUILD >= 2195) */
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwLoadDriver (
+ /* "\\Registry\\Machine\\System\\CurrentControlSet\\Services\\<DriverName>" */
+ IN PUNICODE_STRING RegistryPath
+);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwLoadKey (
+ IN POBJECT_ATTRIBUTES KeyObjectAttributes,
+ IN POBJECT_ATTRIBUTES FileObjectAttributes
+);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwNotifyChangeKey (
+ IN HANDLE KeyHandle,
+ IN HANDLE EventHandle OPTIONAL,
+ IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
+ IN PVOID ApcContext OPTIONAL,
+ OUT PIO_STATUS_BLOCK IoStatusBlock,
+ IN ULONG NotifyFilter,
+ IN BOOLEAN WatchSubtree,
+ IN PVOID Buffer,
+ IN ULONG BufferLength,
+ IN BOOLEAN Asynchronous
+);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwOpenDirectoryObject (
+ OUT PHANDLE DirectoryHandle,
+ IN ACCESS_MASK DesiredAccess,
+ IN POBJECT_ATTRIBUTES ObjectAttributes
+);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwOpenEvent (
+ OUT PHANDLE EventHandle,
+ IN ACCESS_MASK DesiredAccess,
+ IN POBJECT_ATTRIBUTES ObjectAttributes
+);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwOpenProcess (
+ OUT PHANDLE ProcessHandle,
+ IN ACCESS_MASK DesiredAccess,
+ IN POBJECT_ATTRIBUTES ObjectAttributes,
+ IN PCLIENT_ID ClientId OPTIONAL
+);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwOpenProcessToken (
+ IN HANDLE ProcessHandle,
+ IN ACCESS_MASK DesiredAccess,
+ OUT PHANDLE TokenHandle
+);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwOpenThread (
+ OUT PHANDLE ThreadHandle,
+ IN ACCESS_MASK DesiredAccess,
+ IN POBJECT_ATTRIBUTES ObjectAttributes,
+ IN PCLIENT_ID ClientId
+);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwOpenThreadToken (
+ IN HANDLE ThreadHandle,
+ IN ACCESS_MASK DesiredAccess,
+ IN BOOLEAN OpenAsSelf,
+ OUT PHANDLE TokenHandle
+);
+
+#if (VER_PRODUCTBUILD >= 2195)
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwPowerInformation (
+ IN POWER_INFORMATION_LEVEL PowerInformationLevel,
+ IN PVOID InputBuffer OPTIONAL,
+ IN ULONG InputBufferLength,
+ OUT PVOID OutputBuffer OPTIONAL,
+ IN ULONG OutputBufferLength
+);
+
+#endif /* (VER_PRODUCTBUILD >= 2195) */
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwPulseEvent (
+ IN HANDLE EventHandle,
+ OUT PLONG PreviousState OPTIONAL
+);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwQueryDefaultLocale (
+ IN BOOLEAN ThreadOrSystem,
+ OUT PLCID Locale
+);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwQueryDirectoryFile (
+ IN HANDLE FileHandle,
+ IN HANDLE Event OPTIONAL,
+ IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
+ IN PVOID ApcContext OPTIONAL,
+ OUT PIO_STATUS_BLOCK IoStatusBlock,
+ OUT PVOID FileInformation,
+ IN ULONG Length,
+ IN FILE_INFORMATION_CLASS FileInformationClass,
+ IN BOOLEAN ReturnSingleEntry,
+ IN PUNICODE_STRING FileName OPTIONAL,
+ IN BOOLEAN RestartScan
+);
+
+#if (VER_PRODUCTBUILD >= 2195)
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwQueryDirectoryObject (
+ IN HANDLE DirectoryHandle,
+ OUT PVOID Buffer,
+ IN ULONG Length,
+ IN BOOLEAN ReturnSingleEntry,
+ IN BOOLEAN RestartScan,
+ IN OUT PULONG Context,
+ OUT PULONG ReturnLength OPTIONAL
+);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwQueryEaFile (
+ IN HANDLE FileHandle,
+ OUT PIO_STATUS_BLOCK IoStatusBlock,
+ OUT PVOID Buffer,
+ IN ULONG Length,
+ IN BOOLEAN ReturnSingleEntry,
+ IN PVOID EaList OPTIONAL,
+ IN ULONG EaListLength,
+ IN PULONG EaIndex OPTIONAL,
+ IN BOOLEAN RestartScan
+);
+
+#endif /* (VER_PRODUCTBUILD >= 2195) */
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwQueryInformationProcess (
+ IN HANDLE ProcessHandle,
+ IN PROCESSINFOCLASS ProcessInformationClass,
+ OUT PVOID ProcessInformation,
+ IN ULONG ProcessInformationLength,
+ OUT PULONG ReturnLength OPTIONAL
+);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwQueryInformationToken (
+ IN HANDLE TokenHandle,
+ IN TOKEN_INFORMATION_CLASS TokenInformationClass,
+ OUT PVOID TokenInformation,
+ IN ULONG Length,
+ OUT PULONG ResultLength
+);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwQuerySecurityObject (
+ IN HANDLE FileHandle,
+ IN SECURITY_INFORMATION SecurityInformation,
+ OUT PSECURITY_DESCRIPTOR SecurityDescriptor,
+ IN ULONG Length,
+ OUT PULONG ResultLength
+);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwQueryVolumeInformationFile (
+ IN HANDLE FileHandle,
+ OUT PIO_STATUS_BLOCK IoStatusBlock,
+ OUT PVOID FsInformation,
+ IN ULONG Length,
+ IN FS_INFORMATION_CLASS FsInformationClass
+);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwReplaceKey (
+ IN POBJECT_ATTRIBUTES NewFileObjectAttributes,
+ IN HANDLE KeyHandle,
+ IN POBJECT_ATTRIBUTES OldFileObjectAttributes
+);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwResetEvent (
+ IN HANDLE EventHandle,
+ OUT PLONG PreviousState OPTIONAL
+);
+
+#if (VER_PRODUCTBUILD >= 2195)
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwRestoreKey (
+ IN HANDLE KeyHandle,
+ IN HANDLE FileHandle,
+ IN ULONG Flags
+);
+
+#endif /* (VER_PRODUCTBUILD >= 2195) */
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwSaveKey (
+ IN HANDLE KeyHandle,
+ IN HANDLE FileHandle
+);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwSetDefaultLocale (
+ IN BOOLEAN ThreadOrSystem,
+ IN LCID Locale
+);
+
+#if (VER_PRODUCTBUILD >= 2195)
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwSetDefaultUILanguage (
+ IN LANGID LanguageId
+);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwSetEaFile (
+ IN HANDLE FileHandle,
+ OUT PIO_STATUS_BLOCK IoStatusBlock,
+ OUT PVOID Buffer,
+ IN ULONG Length
+);
+
+#endif /* (VER_PRODUCTBUILD >= 2195) */
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwSetEvent (
+ IN HANDLE EventHandle,
+ OUT PLONG PreviousState OPTIONAL
+);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwSetInformationProcess (
+ IN HANDLE ProcessHandle,
+ IN PROCESSINFOCLASS ProcessInformationClass,
+ IN PVOID ProcessInformation,
+ IN ULONG ProcessInformationLength
+);
+
+#if (VER_PRODUCTBUILD >= 2195)
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwSetSecurityObject (
+ IN HANDLE Handle,
+ IN SECURITY_INFORMATION SecurityInformation,
+ IN PSECURITY_DESCRIPTOR SecurityDescriptor
+);
+
+#endif /* (VER_PRODUCTBUILD >= 2195) */
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwSetSystemTime (
+ IN PLARGE_INTEGER NewTime,
+ OUT PLARGE_INTEGER OldTime OPTIONAL
+);
+
+#if (VER_PRODUCTBUILD >= 2195)
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwSetVolumeInformationFile (
+ IN HANDLE FileHandle,
+ OUT PIO_STATUS_BLOCK IoStatusBlock,
+ IN PVOID FsInformation,
+ IN ULONG Length,
+ IN FS_INFORMATION_CLASS FsInformationClass
+);
+
+#endif /* (VER_PRODUCTBUILD >= 2195) */
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwTerminateProcess (
+ IN HANDLE ProcessHandle OPTIONAL,
+ IN NTSTATUS ExitStatus
+);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwUnloadDriver (
+ /* "\\Registry\\Machine\\System\\CurrentControlSet\\Services\\<DriverName>" */
+ IN PUNICODE_STRING RegistryPath
+);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwUnloadKey (
+ IN POBJECT_ATTRIBUTES KeyObjectAttributes
+);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwWaitForSingleObject (
+ IN HANDLE Handle,
+ IN BOOLEAN Alertable,
+ IN PLARGE_INTEGER Timeout OPTIONAL
+);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwWaitForMultipleObjects (
+ IN ULONG HandleCount,
+ IN PHANDLE Handles,
+ IN WAIT_TYPE WaitType,
+ IN BOOLEAN Alertable,
+ IN PLARGE_INTEGER Timeout OPTIONAL
+);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwYieldExecution (
+ VOID
+);
+
+#pragma pack(pop)
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _NTIFS_ */