#pragma GCC system_header
#endif
+#include "ntddk.h"
+#include "csq.h"
+
#ifdef __cplusplus
extern "C" {
#endif
-#include "ntddk.h"
-#include "ntapi.h"
-
#pragma pack(push,4)
#define VER_PRODUCTBUILD 10000
#endif
#ifndef NTKERNELAPI
-#define NTKERNELAPI STDCALL
+#define NTKERNELAPI DECLSPEC_IMPORT
#endif
typedef struct _SE_EXPORTS *PSE_EXPORTS;
-extern PUCHAR *FsRtlLegalAnsiCharacterArray;
+#ifdef _NTOSKRNL_
+extern PUCHAR FsRtlLegalAnsiCharacterArray;
+#else
+extern DECLSPEC_IMPORT PUCHAR FsRtlLegalAnsiCharacterArray;
+#endif
extern PSE_EXPORTS SeExports;
extern PACL SePublicDefaultDacl;
extern PACL SeSystemDefaultDacl;
+extern KSPIN_LOCK IoStatisticsLock;
+extern ULONG IoReadOperationCount;
+extern ULONG IoWriteOperationCount;
+extern ULONG IoOtherOperationCount;
+extern LARGE_INTEGER IoReadTransferCount;
+extern LARGE_INTEGER IoWriteTransferCount;
+extern LARGE_INTEGER IoOtherTransferCount;
+
#define ANSI_DOS_STAR ('<')
#define ANSI_DOS_QM ('>')
#define ANSI_DOS_DOT ('"')
#define FSRTL_WILD_CHARACTER 0x08
+#define FSRTL_FAT_LEGAL 0x01
+#define FSRTL_HPFS_LEGAL 0x02
+#define FSRTL_NTFS_LEGAL 0x04
+#define FSRTL_WILD_CHARACTER 0x08
+#define FSRTL_OLE_LEGAL 0x10
+#define FSRTL_NTFS_STREAM_LEGAL 0x14
+
#ifdef _X86_
#define HARDWARE_PTE HARDWARE_PTE_X86
#define PHARDWARE_PTE PHARDWARE_PTE_X86
#define PIN_NO_READ (4)
#define PIN_IF_BCB (8)
-#define PORT_CONNECT 0x0001
-#define PORT_ALL_ACCESS (STANDARD_RIGHTS_ALL |\
- PORT_CONNECT)
+#define RTL_DUPLICATE_UNICODE_STRING_NULL_TERMINATE 1
+#define RTL_DUPLICATE_UNICODE_STRING_ALLOCATE_NULL_STRING 2
+
/* also in winnt.h */
#define SEC_BASED 0x00200000
#define SEC_NO_CHANGE 0x00400000
#define IOCTL_REDIR_QUERY_PATH CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 99, METHOD_NEITHER, FILE_ANY_ACCESS)
-typedef PVOID PEJOB;
typedef PVOID OPLOCK, *POPLOCK;
typedef struct _CACHE_MANAGER_CALLBACKS *PCACHE_MANAGER_CALLBACKS;
-typedef struct _EPROCESS_QUOTA_BLOCK *PEPROCESS_QUOTA_BLOCK;
typedef struct _FILE_GET_QUOTA_INFORMATION *PFILE_GET_QUOTA_INFORMATION;
typedef struct _HANDLE_TABLE *PHANDLE_TABLE;
typedef struct _KPROCESS *PKPROCESS;
typedef struct _KQUEUE *PKQUEUE;
typedef struct _KTRAP_FRAME *PKTRAP_FRAME;
-typedef struct _MAILSLOT_CREATE_PARAMETERS *PMAILSLOT_CREATE_PARAMETERS;
-typedef struct _MMWSL *PMMWSL;
-typedef struct _NAMED_PIPE_CREATE_PARAMETERS *PNAMED_PIPE_CREATE_PARAMETERS;
typedef struct _OBJECT_DIRECTORY *POBJECT_DIRECTORY;
-typedef struct _PAGEFAULT_HISTORY *PPAGEFAULT_HISTORY;
-typedef struct _PS_IMPERSONATION_INFORMATION *PPS_IMPERSONATION_INFORMATION;
typedef struct _SECTION_OBJECT *PSECTION_OBJECT;
typedef struct _SHARED_CACHE_MAP *PSHARED_CACHE_MAP;
typedef struct _VACB *PVACB;
typedef struct _VAD_HEADER *PVAD_HEADER;
+typedef ULONG LBN;
+typedef LBN *PLBN;
+
+typedef ULONG VBN;
+typedef VBN *PVBN;
+
typedef struct _NOTIFY_SYNC
{
ULONG Unknown0;
StorageTypeStream
} FILE_STORAGE_TYPE;
-typedef enum _IO_COMPLETION_INFORMATION_CLASS {
- IoCompletionBasicInformation
-} IO_COMPLETION_INFORMATION_CLASS;
-
typedef enum _OBJECT_INFO_CLASS {
ObjectBasicInfo,
ObjectNameInfo,
BOOLEAN KernelApcInProgress;
BOOLEAN KernelApcPending;
BOOLEAN UserApcPending;
-} KAPC_STATE, *PKAPC_STATE, *__restrict PRKAPC_STATE;
-
-#if (VER_PRODUCTBUILD >= 2600)
-
-typedef struct _MMSUPPORT_FLAGS {
- ULONG SessionSpace : 1;
- ULONG BeingTrimmed : 1;
- ULONG SessionLeader : 1;
- ULONG TrimHard : 1;
- ULONG WorkingSetHard : 1;
- ULONG AddressSpaceBeingDeleted : 1;
- ULONG Available : 10;
- ULONG AllowWorkingSetAdjustment : 8;
- ULONG MemoryPriority : 8;
-} MMSUPPORT_FLAGS, *PMMSUPPORT_FLAGS;
-
-#else
-
-typedef struct _MMSUPPORT_FLAGS {
- ULONG SessionSpace : 1;
- ULONG BeingTrimmed : 1;
- ULONG ProcessInSession : 1;
- ULONG SessionLeader : 1;
- ULONG TrimHard : 1;
- ULONG WorkingSetHard : 1;
- ULONG WriteWatch : 1;
- ULONG Filler : 25;
-} MMSUPPORT_FLAGS, *PMMSUPPORT_FLAGS;
-
-#endif
-
-#if (VER_PRODUCTBUILD >= 2600)
-
-typedef struct _MMSUPPORT {
- LARGE_INTEGER LastTrimTime;
- MMSUPPORT_FLAGS Flags;
- ULONG PageFaultCount;
- ULONG PeakWorkingSetSize;
- ULONG WorkingSetSize;
- ULONG MinimumWorkingSetSize;
- ULONG MaximumWorkingSetSize;
- PMMWSL VmWorkingSetList;
- LIST_ENTRY WorkingSetExpansionLinks;
- ULONG Claim;
- ULONG NextEstimationSlot;
- ULONG NextAgingSlot;
- ULONG EstimatedAvailable;
- ULONG GrowthSinceLastEstimate;
-} MMSUPPORT, *PMMSUPPORT;
-
-#else
-
-typedef struct _MMSUPPORT {
- LARGE_INTEGER LastTrimTime;
- ULONG LastTrimFaultCount;
- ULONG PageFaultCount;
- ULONG PeakWorkingSetSize;
- ULONG WorkingSetSize;
- ULONG MinimumWorkingSetSize;
- ULONG MaximumWorkingSetSize;
- PMMWSL VmWorkingSetList;
- LIST_ENTRY WorkingSetExpansionLinks;
- BOOLEAN AllowWorkingSetAdjustment;
- BOOLEAN AddressSpaceBeingDeleted;
- UCHAR ForegroundSwitchCount;
- UCHAR MemoryPriority;
-#if (VER_PRODUCTBUILD >= 2195)
- union {
- ULONG LongFlags;
- MMSUPPORT_FLAGS Flags;
- } u;
- ULONG Claim;
- ULONG NextEstimationSlot;
- ULONG NextAgingSlot;
- ULONG EstimatedAvailable;
- ULONG GrowthSinceLastEstimate;
-#endif /* (VER_PRODUCTBUILD >= 2195) */
-} MMSUPPORT, *PMMSUPPORT;
-
-#endif
-
-typedef struct _SE_AUDIT_PROCESS_CREATION_INFO {
- POBJECT_NAME_INFORMATION ImageFileName;
-} SE_AUDIT_PROCESS_CREATION_INFO, *PSE_AUDIT_PROCESS_CREATION_INFO;
+} KAPC_STATE, *PKAPC_STATE, *RESTRICTED_POINTER PRKAPC_STATE;
typedef struct _BITMAP_RANGE {
LIST_ENTRY Links;
ULONG CompressedChunkSizes[ANYSIZE_ARRAY];
} COMPRESSED_DATA_INFO, *PCOMPRESSED_DATA_INFO;
-typedef struct _DEVICE_MAP {
- POBJECT_DIRECTORY DosDevicesDirectory;
- POBJECT_DIRECTORY GlobalDosDevicesDirectory;
- ULONG ReferenceCount;
- ULONG DriveMap;
- UCHAR DriveType[32];
-} DEVICE_MAP, *PDEVICE_MAP;
-
-#if (VER_PRODUCTBUILD >= 2600)
-
-typedef struct _EX_FAST_REF {
- _ANONYMOUS_UNION union {
- PVOID Object;
- ULONG RefCnt : 3;
- ULONG Value;
- } DUMMYUNIONNAME;
-} EX_FAST_REF, *PEX_FAST_REF;
-
-typedef struct _EX_PUSH_LOCK {
- _ANONYMOUS_UNION union {
- _ANONYMOUS_STRUCT struct {
- ULONG Waiting : 1;
- ULONG Exclusive : 1;
- ULONG Shared : 30;
- } DUMMYSTRUCTNAME;
- ULONG Value;
- PVOID Ptr;
- } DUMMYUNIONNAME;
-} EX_PUSH_LOCK, *PEX_PUSH_LOCK;
-
-typedef struct _EX_RUNDOWN_REF {
- _ANONYMOUS_UNION union {
- ULONG Count;
- PVOID Ptr;
- } DUMMYUNIONNAME;
-} EX_RUNDOWN_REF, *PEX_RUNDOWN_REF;
-
-#endif
-
-typedef struct _EPROCESS_QUOTA_ENTRY {
- ULONG Usage;
- ULONG Limit;
- ULONG Peak;
- ULONG Return;
-} EPROCESS_QUOTA_ENTRY, *PEPROCESS_QUOTA_ENTRY;
-
-typedef struct _EPROCESS_QUOTA_BLOCK {
- EPROCESS_QUOTA_ENTRY QuotaEntry[3];
- LIST_ENTRY QuotaList;
- ULONG ReferenceCount;
- ULONG ProcessCount;
-} EPROCESS_QUOTA_BLOCK, *PEPROCESS_QUOTA_BLOCK;
+typedef struct _SID_IDENTIFIER_AUTHORITY {
+ BYTE Value[6];
+} SID_IDENTIFIER_AUTHORITY,*PSID_IDENTIFIER_AUTHORITY,*LPSID_IDENTIFIER_AUTHORITY;
+typedef PVOID PSID;
+typedef struct _SID {
+ BYTE Revision;
+ BYTE SubAuthorityCount;
+ SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
+ DWORD SubAuthority[ANYSIZE_ARRAY];
+} SID, *PISID;
+typedef struct _SID_AND_ATTRIBUTES {
+ PSID Sid;
+ DWORD Attributes;
+} SID_AND_ATTRIBUTES, *PSID_AND_ATTRIBUTES;
+typedef SID_AND_ATTRIBUTES SID_AND_ATTRIBUTES_ARRAY[ANYSIZE_ARRAY];
+typedef SID_AND_ATTRIBUTES_ARRAY *PSID_AND_ATTRIBUTES_ARRAY;
+typedef struct _TOKEN_SOURCE {
+ CHAR SourceName[TOKEN_SOURCE_LENGTH];
+ LUID SourceIdentifier;
+} TOKEN_SOURCE,*PTOKEN_SOURCE;
+typedef struct _TOKEN_CONTROL {
+ LUID TokenId;
+ LUID AuthenticationId;
+ LUID ModifiedId;
+ TOKEN_SOURCE TokenSource;
+} TOKEN_CONTROL,*PTOKEN_CONTROL;
+typedef struct _TOKEN_DEFAULT_DACL {
+ PACL DefaultDacl;
+} TOKEN_DEFAULT_DACL,*PTOKEN_DEFAULT_DACL;
+typedef struct _TOKEN_GROUPS {
+ DWORD GroupCount;
+ SID_AND_ATTRIBUTES Groups[ANYSIZE_ARRAY];
+} TOKEN_GROUPS,*PTOKEN_GROUPS,*LPTOKEN_GROUPS;
+typedef struct _TOKEN_GROUPS_AND_PRIVILEGES {
+ ULONG SidCount;
+ ULONG SidLength;
+ PSID_AND_ATTRIBUTES Sids;
+ ULONG RestrictedSidCount;
+ ULONG RestrictedSidLength;
+ PSID_AND_ATTRIBUTES RestrictedSids;
+ ULONG PrivilegeCount;
+ ULONG PrivilegeLength;
+ PLUID_AND_ATTRIBUTES Privileges;
+ LUID AuthenticationId;
+} TOKEN_GROUPS_AND_PRIVILEGES, *PTOKEN_GROUPS_AND_PRIVILEGES;
+typedef struct _TOKEN_ORIGIN {
+ LUID OriginatingLogonSession;
+} TOKEN_ORIGIN, *PTOKEN_ORIGIN;
+typedef struct _TOKEN_OWNER {
+ PSID Owner;
+} TOKEN_OWNER,*PTOKEN_OWNER;
+typedef struct _TOKEN_PRIMARY_GROUP {
+ PSID PrimaryGroup;
+} TOKEN_PRIMARY_GROUP,*PTOKEN_PRIMARY_GROUP;
+typedef struct _TOKEN_PRIVILEGES {
+ DWORD PrivilegeCount;
+ LUID_AND_ATTRIBUTES Privileges[ANYSIZE_ARRAY];
+} TOKEN_PRIVILEGES,*PTOKEN_PRIVILEGES,*LPTOKEN_PRIVILEGES;
+typedef enum tagTOKEN_TYPE {
+ TokenPrimary = 1,
+ TokenImpersonation
+} TOKEN_TYPE,*PTOKEN_TYPE;
+typedef struct _TOKEN_STATISTICS {
+ LUID TokenId;
+ LUID AuthenticationId;
+ LARGE_INTEGER ExpirationTime;
+ TOKEN_TYPE TokenType;
+ SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
+ DWORD DynamicCharged;
+ DWORD DynamicAvailable;
+ DWORD GroupCount;
+ DWORD PrivilegeCount;
+ LUID ModifiedId;
+} TOKEN_STATISTICS, *PTOKEN_STATISTICS;
+typedef struct _TOKEN_USER {
+ SID_AND_ATTRIBUTES User;
+} TOKEN_USER, *PTOKEN_USER;
+typedef DWORD SECURITY_INFORMATION,*PSECURITY_INFORMATION;
+typedef WORD SECURITY_DESCRIPTOR_CONTROL,*PSECURITY_DESCRIPTOR_CONTROL;
+typedef struct _SECURITY_DESCRIPTOR {
+ BYTE Revision;
+ BYTE Sbz1;
+ SECURITY_DESCRIPTOR_CONTROL Control;
+ PSID Owner;
+ PSID Group;
+ PACL Sacl;
+ PACL Dacl;
+} SECURITY_DESCRIPTOR, *PISECURITY_DESCRIPTOR;
+typedef struct _SECURITY_DESCRIPTOR_RELATIVE {
+ BYTE Revision;
+ BYTE Sbz1;
+ SECURITY_DESCRIPTOR_CONTROL Control;
+ DWORD Owner;
+ DWORD Group;
+ DWORD Sacl;
+ DWORD Dacl;
+} SECURITY_DESCRIPTOR_RELATIVE, *PISECURITY_DESCRIPTOR_RELATIVE;
+typedef enum _TOKEN_INFORMATION_CLASS {
+ TokenUser=1,TokenGroups,TokenPrivileges,TokenOwner,
+ TokenPrimaryGroup,TokenDefaultDacl,TokenSource,TokenType,
+ TokenImpersonationLevel,TokenStatistics,TokenRestrictedSids,
+ TokenSessionId,TokenGroupsAndPrivileges,TokenSessionReference,
+ TokenSandBoxInert,TokenAuditPolicy,TokenOrigin,
+} TOKEN_INFORMATION_CLASS;
typedef struct _FILE_ACCESS_INFORMATION {
ACCESS_MASK AccessFlags;
SID Sid;
} FILE_GET_QUOTA_INFORMATION, *PFILE_GET_QUOTA_INFORMATION;
+typedef struct _FILE_QUOTA_INFORMATION
+{
+ ULONG NextEntryOffset;
+ ULONG SidLength;
+ LARGE_INTEGER ChangeTime;
+ LARGE_INTEGER QuotaUsed;
+ LARGE_INTEGER QuotaThreshold;
+ LARGE_INTEGER QuotaLimit;
+ SID Sid;
+} FILE_QUOTA_INFORMATION, *PFILE_QUOTA_INFORMATION;
+
typedef struct _FILE_INTERNAL_INFORMATION {
LARGE_INTEGER IndexNumber;
} FILE_INTERNAL_INFORMATION, *PFILE_INTERNAL_INFORMATION;
} FILE_MAILSLOT_QUERY_INFORMATION, *PFILE_MAILSLOT_QUERY_INFORMATION;
typedef struct _FILE_MAILSLOT_SET_INFORMATION {
- LARGE_INTEGER ReadTimeout;
+ PLARGE_INTEGER ReadTimeout;
} FILE_MAILSLOT_SET_INFORMATION, *PFILE_MAILSLOT_SET_INFORMATION;
typedef struct _FILE_MODE_INFORMATION {
ULONG NumberRequests;
} FILE_PIPE_EVENT_BUFFER, *PFILE_PIPE_EVENT_BUFFER;
+typedef struct _FILE_PIPE_PEEK_BUFFER
+{
+ ULONG NamedPipeState;
+ ULONG ReadDataAvailable;
+ ULONG NumberOfMessages;
+ ULONG MessageLength;
+ CHAR Data[1];
+} FILE_PIPE_PEEK_BUFFER, *PFILE_PIPE_PEEK_BUFFER;
+
typedef struct _FILE_PIPE_INFORMATION {
ULONG ReadMode;
ULONG CompletionMode;
WCHAR Name[1];
} FILE_PIPE_WAIT_FOR_BUFFER, *PFILE_PIPE_WAIT_FOR_BUFFER;
-typedef struct _FILE_QUOTA_INFORMATION {
- ULONG NextEntryOffset;
- ULONG SidLength;
- LARGE_INTEGER ChangeTime;
- LARGE_INTEGER QuotaUsed;
- LARGE_INTEGER QuotaThreshold;
- LARGE_INTEGER QuotaLimit;
- SID Sid;
-} FILE_QUOTA_INFORMATION, *PFILE_QUOTA_INFORMATION;
-
typedef struct _FILE_RENAME_INFORMATION {
BOOLEAN ReplaceIfExists;
HANDLE RootDirectory;
LARGE_INTEGER ValidDataLength;
} FSRTL_COMMON_FCB_HEADER, *PFSRTL_COMMON_FCB_HEADER;
+#if (VER_PRODUCTBUILD >= 2600)
+
+typedef struct _FSRTL_ADVANCED_FCB_HEADER {
+ CSHORT NodeTypeCode;
+ CSHORT NodeByteSize;
+ UCHAR Flags;
+ UCHAR IsFastIoPossible;
+ UCHAR Flags2;
+ UCHAR Reserved;
+ PERESOURCE Resource;
+ PERESOURCE PagingIoResource;
+ LARGE_INTEGER AllocationSize;
+ LARGE_INTEGER FileSize;
+ LARGE_INTEGER ValidDataLength;
+ PFAST_MUTEX FastMutex;
+ LIST_ENTRY FilterContexts;
+} FSRTL_ADVANCED_FCB_HEADER, *PFSRTL_ADVANCED_FCB_HEADER;
+
+typedef struct _FSRTL_PER_STREAM_CONTEXT {
+ LIST_ENTRY Links;
+ PVOID OwnerId;
+ PVOID InstanceId;
+ PFREE_FUNCTION FreeCallback;
+} FSRTL_PER_STREAM_CONTEXT, *PFSRTL_PER_STREAM_CONTEXT;
+
+#endif /* (VER_PRODUCTBUILD >= 2600) */
+
+typedef struct _BASE_MCB
+{
+ ULONG MaximumPairCount;
+ ULONG PairCount;
+ POOL_TYPE PoolType;
+ PVOID Mapping;
+} BASE_MCB;
+typedef BASE_MCB *PBASE_MCB;
+
+typedef struct _LARGE_MCB
+{
+ PFAST_MUTEX FastMutex;
+ BASE_MCB BaseMcb;
+} LARGE_MCB;
+typedef LARGE_MCB *PLARGE_MCB;
+
+typedef struct _MCB
+{
+ LARGE_MCB DummyFieldThatSizesThisStructureCorrectly;
+} MCB;
+typedef MCB *PMCB;
+
typedef struct _GENERATE_NAME_CONTEXT {
USHORT Checksum;
BOOLEAN CheckSumInserted;
ULONG LastIndexValue;
} GENERATE_NAME_CONTEXT, *PGENERATE_NAME_CONTEXT;
-typedef struct _HANDLE_TABLE_ENTRY_INFO {
- ULONG AuditMask;
-} HANDLE_TABLE_ENTRY_INFO, *PHANDLE_TABLE_ENTRY_INFO;
-
-typedef struct _HANDLE_TABLE_ENTRY {
- union {
- PVOID Object;
- ULONG ObAttributes;
- PHANDLE_TABLE_ENTRY_INFO InfoTable;
- ULONG_PTR Value;
- } u1;
- union {
- ULONG GrantedAccess;
- USHORT GrantedAccessIndex;
- LONG NextFreeTableEntry;
- } u2;
- USHORT CreatorBackTraceIndex;
-} HANDLE_TABLE_ENTRY, *PHANDLE_TABLE_ENTRY;
-
typedef struct _MAPPING_PAIR {
ULONGLONG Vcn;
ULONGLONG Lcn;
LIST_ENTRY ThreadListHead;
} KQUEUE, *PKQUEUE, *RESTRICTED_POINTER PRKQUEUE;
-typedef struct _MAILSLOT_CREATE_PARAMETERS {
- ULONG MailslotQuota;
- ULONG MaximumMessageSize;
- LARGE_INTEGER ReadTimeout;
- BOOLEAN TimeoutSpecified;
-} MAILSLOT_CREATE_PARAMETERS, *PMAILSLOT_CREATE_PARAMETERS;
-
typedef struct _MBCB {
CSHORT NodeTypeCode;
CSHORT NodeIsInZone;
ULONG Reserved1;
} MOVEFILE_DESCRIPTOR, *PMOVEFILE_DESCRIPTOR;
-typedef struct _NAMED_PIPE_CREATE_PARAMETERS {
- ULONG NamedPipeType;
- ULONG ReadMode;
- ULONG CompletionMode;
- ULONG MaximumInstances;
- ULONG InboundQuota;
- ULONG OutboundQuota;
- LARGE_INTEGER DefaultTimeout;
- BOOLEAN TimeoutSpecified;
-} NAMED_PIPE_CREATE_PARAMETERS, *PNAMED_PIPE_CREATE_PARAMETERS;
-
typedef struct _OBJECT_BASIC_INFO {
ULONG Attributes;
ACCESS_MASK GrantedAccess;
OBJECT_TYPE_INFO ObjectsTypeInfo[1];
} OBJECT_ALL_TYPES_INFO, *POBJECT_ALL_TYPES_INFO;
-typedef struct _PAGEFAULT_HISTORY {
- ULONG CurrentIndex;
- ULONG MaxIndex;
- KSPIN_LOCK SpinLock;
- PVOID Reserved;
- PROCESS_WS_WATCH_INFORMATION WatchInfo[1];
-} PAGEFAULT_HISTORY, *PPAGEFAULT_HISTORY;
typedef struct _PATHNAME_BUFFER {
ULONG PathNameLength;
#endif
-typedef struct _PS_IMPERSONATION_INFORMATION {
- PACCESS_TOKEN Token;
- BOOLEAN CopyOnOpen;
- BOOLEAN EffectiveOnly;
- SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
-} PS_IMPERSONATION_INFORMATION, *PPS_IMPERSONATION_INFORMATION;
-
typedef struct _PUBLIC_BCB {
CSHORT NodeTypeCode;
CSHORT NodeByteSize;
ULONG LengthAccepted;
} QUERY_PATH_RESPONSE, *PQUERY_PATH_RESPONSE;
-#pragma pack(push,8)
typedef struct _RETRIEVAL_POINTERS_BUFFER {
ULONG ExtentCount;
LARGE_INTEGER StartingVcn;
LARGE_INTEGER Lcn;
} Extents[1];
} RETRIEVAL_POINTERS_BUFFER, *PRETRIEVAL_POINTERS_BUFFER;
-#pragma pack(pop)
typedef struct _RTL_SPLAY_LINKS {
struct _RTL_SPLAY_LINKS *Parent;
struct _RTL_SPLAY_LINKS *RightChild;
} RTL_SPLAY_LINKS, *PRTL_SPLAY_LINKS;
+typedef enum _RTL_GENERIC_COMPARE_RESULTS
+{
+ GenericLessThan,
+ GenericGreaterThan,
+ GenericEqual
+} RTL_GENERIC_COMPARE_RESULTS;
+
+#if defined(USE_LPC6432)
+#define LPC_CLIENT_ID CLIENT_ID64
+#define LPC_SIZE_T ULONGLONG
+#define LPC_PVOID ULONGLONG
+#define LPC_HANDLE ULONGLONG
+#else
+#define LPC_CLIENT_ID CLIENT_ID
+#define LPC_SIZE_T SIZE_T
+#define LPC_PVOID PVOID
+#define LPC_HANDLE HANDLE
+#endif
+
+typedef struct _PORT_MESSAGE
+{
+ union
+ {
+ struct
+ {
+ CSHORT DataLength;
+ CSHORT TotalLength;
+ } s1;
+ ULONG Length;
+ } u1;
+ union
+ {
+ struct
+ {
+ CSHORT Type;
+ CSHORT DataInfoOffset;
+ } s2;
+ ULONG ZeroInit;
+ } u2;
+ union
+ {
+ LPC_CLIENT_ID ClientId;
+ double DoNotUseThisField;
+ };
+ ULONG MessageId;
+ union
+ {
+ LPC_SIZE_T ClientViewSize;
+ ULONG CallbackId;
+ };
+} PORT_MESSAGE, *PPORT_MESSAGE;
+
+typedef struct _PORT_VIEW
+{
+ ULONG Length;
+ LPC_HANDLE SectionHandle;
+ ULONG SectionOffset;
+ LPC_SIZE_T ViewSize;
+ LPC_PVOID ViewBase;
+ LPC_PVOID ViewRemoteBase;
+} PORT_VIEW, *PPORT_VIEW;
+
+typedef struct _REMOTE_PORT_VIEW
+{
+ ULONG Length;
+ LPC_SIZE_T ViewSize;
+ LPC_PVOID ViewBase;
+} REMOTE_PORT_VIEW, *PREMOTE_PORT_VIEW;
+
typedef struct _SE_EXPORTS {
LUID SeCreateTokenPrivilege;
} SE_EXPORTS, *PSE_EXPORTS;
-typedef struct _SECTION_BASIC_INFORMATION {
- PVOID BaseAddress;
- ULONG Attributes;
- LARGE_INTEGER Size;
-} SECTION_BASIC_INFORMATION, *PSECTION_BASIC_INFORMATION;
-
-typedef struct _SECTION_IMAGE_INFORMATION {
- ULONG EntryPoint;
- ULONG Unknown1;
- ULONG_PTR StackReserve;
- ULONG_PTR StackCommit;
- ULONG Subsystem;
- USHORT MinorSubsystemVersion;
- USHORT MajorSubsystemVersion;
- ULONG Unknown2;
- ULONG Characteristics;
- USHORT ImageNumber;
- BOOLEAN Executable;
- UCHAR Unknown3;
- ULONG Unknown4[3];
-} SECTION_IMAGE_INFORMATION, *PSECTION_IMAGE_INFORMATION;
-
-#if (VER_PRODUCTBUILD >= 2600)
-
-typedef struct _SHARED_CACHE_MAP {
- CSHORT NodeTypeCode;
- CSHORT NodeByteSize;
- ULONG OpenCount;
- LARGE_INTEGER FileSize;
- LIST_ENTRY BcbList;
- LARGE_INTEGER SectionSize;
- LARGE_INTEGER ValidDataLength;
- LARGE_INTEGER ValidDataGoal;
- PVACB InitialVacbs[4];
- PVACB *Vacbs;
- PFILE_OBJECT FileObject;
- PVACB ActiveVacb;
- PVOID NeedToZero;
- ULONG ActivePage;
- ULONG NeedToZeroPage;
- KSPIN_LOCK ActiveVacbSpinLock;
- ULONG VacbActiveCount;
- ULONG DirtyPages;
- LIST_ENTRY SharedCacheMapLinks;
- ULONG Flags;
- NTSTATUS Status;
- PMBCB Mbcb;
- PVOID Section;
- PKEVENT CreateEvent;
- PKEVENT WaitOnActiveCount;
- ULONG PagesToWrite;
- LONGLONG BeyondLastFlush;
- PCACHE_MANAGER_CALLBACKS Callbacks;
- PVOID LazyWriteContext;
- LIST_ENTRY PrivateList;
- PVOID LogHandle;
- PVOID FlushToLsnRoutine;
- ULONG DirtyPageThreshold;
- ULONG LazyWritePassCount;
- PCACHE_UNINITIALIZE_EVENT UninitializeEvent;
- PVACB NeedToZeroVacb;
- KSPIN_LOCK BcbSpinLock;
- PVOID Reserved;
- KEVENT Event;
- EX_PUSH_LOCK VacbPushLock;
- PRIVATE_CACHE_MAP PrivateCacheMap;
-} SHARED_CACHE_MAP, *PSHARED_CACHE_MAP;
-
-#endif
+typedef struct
+{
+ LARGE_INTEGER StartingLcn;
+} STARTING_LCN_INPUT_BUFFER, *PSTARTING_LCN_INPUT_BUFFER;
typedef struct _STARTING_VCN_INPUT_BUFFER {
LARGE_INTEGER StartingVcn;
} STARTING_VCN_INPUT_BUFFER, *PSTARTING_VCN_INPUT_BUFFER;
-typedef struct _SYSTEM_CACHE_INFORMATION {
- ULONG CurrentSize;
- ULONG PeakSize;
- ULONG PageFaultCount;
- ULONG MinimumWorkingSet;
- ULONG MaximumWorkingSet;
- ULONG Unused[4];
-} SYSTEM_CACHE_INFORMATION, *PSYSTEM_CACHE_INFORMATION;
-
typedef struct _SECURITY_CLIENT_CONTEXT {
SECURITY_QUALITY_OF_SERVICE SecurityQos;
PACCESS_TOKEN ClientToken;
LIST_ENTRY Secured;
} VAD_HEADER, *PVAD_HEADER;
+typedef struct
+{
+ LARGE_INTEGER StartingLcn;
+ LARGE_INTEGER BitmapSize;
+ UCHAR Buffer[1];
+} VOLUME_BITMAP_BUFFER, *PVOLUME_BITMAP_BUFFER;
+
+#if (VER_PRODUCTBUILD >= 2600)
+
+typedef BOOLEAN
+(NTAPI *PFILTER_REPORT_CHANGE) (
+ IN PVOID NotifyContext,
+ IN PVOID FilterContext
+);
+
+typedef enum _FS_FILTER_SECTION_SYNC_TYPE {
+ SyncTypeOther = 0,
+ SyncTypeCreateSection
+} FS_FILTER_SECTION_SYNC_TYPE, *PFS_FILTER_SECTION_SYNC_TYPE;
+
+typedef union _FS_FILTER_PARAMETERS {
+ struct {
+ PLARGE_INTEGER EndingOffset;
+ } AcquireForModifiedPageWriter;
+
+ struct {
+ PERESOURCE ResourceToRelease;
+ } ReleaseForModifiedPageWriter;
+
+ struct {
+ FS_FILTER_SECTION_SYNC_TYPE SyncType;
+ ULONG PageProtection;
+ } AcquireForSectionSynchronization;
+
+ struct {
+ PVOID Argument1;
+ PVOID Argument2;
+ PVOID Argument3;
+ PVOID Argument4;
+ PVOID Argument5;
+ } Others;
+} FS_FILTER_PARAMETERS, *PFS_FILTER_PARAMETERS;
+
+typedef struct _FS_FILTER_CALLBACK_DATA {
+ ULONG SizeOfFsFilterCallbackData;
+ UCHAR Operation;
+ UCHAR Reserved;
+ struct _DEVICE_OBJECT *DeviceObject;
+ struct _FILE_OBJECT *FileObject;
+ FS_FILTER_PARAMETERS Parameters;
+} FS_FILTER_CALLBACK_DATA, *PFS_FILTER_CALLBACK_DATA;
+
+typedef NTSTATUS
+(NTAPI *PFS_FILTER_CALLBACK) (
+ IN PFS_FILTER_CALLBACK_DATA Data,
+ OUT PVOID *CompletionContext
+);
+
+typedef VOID
+(NTAPI *PFS_FILTER_COMPLETION_CALLBACK) (
+ IN PFS_FILTER_CALLBACK_DATA Data,
+ IN NTSTATUS OperationStatus,
+ IN PVOID CompletionContext
+);
+
+typedef struct _FS_FILTER_CALLBACKS {
+ ULONG SizeOfFsFilterCallbacks;
+ ULONG Reserved;
+ PFS_FILTER_CALLBACK PreAcquireForSectionSynchronization;
+ PFS_FILTER_COMPLETION_CALLBACK PostAcquireForSectionSynchronization;
+ PFS_FILTER_CALLBACK PreReleaseForSectionSynchronization;
+ PFS_FILTER_COMPLETION_CALLBACK PostReleaseForSectionSynchronization;
+ PFS_FILTER_CALLBACK PreAcquireForCcFlush;
+ PFS_FILTER_COMPLETION_CALLBACK PostAcquireForCcFlush;
+ PFS_FILTER_CALLBACK PreReleaseForCcFlush;
+ PFS_FILTER_COMPLETION_CALLBACK PostReleaseForCcFlush;
+ PFS_FILTER_CALLBACK PreAcquireForModifiedPageWriter;
+ PFS_FILTER_COMPLETION_CALLBACK PostAcquireForModifiedPageWriter;
+ PFS_FILTER_CALLBACK PreReleaseForModifiedPageWriter;
+ PFS_FILTER_COMPLETION_CALLBACK PostReleaseForModifiedPageWriter;
+} FS_FILTER_CALLBACKS, *PFS_FILTER_CALLBACKS;
+
+typedef struct _READ_LIST {
+ PFILE_OBJECT FileObject;
+ ULONG NumberOfEntries;
+ LOGICAL IsImage;
+ FILE_SEGMENT_ELEMENT List[ANYSIZE_ARRAY];
+} READ_LIST, *PREAD_LIST;
+
+#endif
+
+typedef NTSTATUS
+(NTAPI * PRTL_HEAP_COMMIT_ROUTINE) (
+ IN PVOID Base,
+ IN OUT PVOID *CommitAddress,
+ IN OUT PSIZE_T CommitSize
+);
+
+typedef struct _RTL_HEAP_PARAMETERS {
+ ULONG Length;
+ SIZE_T SegmentReserve;
+ SIZE_T SegmentCommit;
+ SIZE_T DeCommitFreeBlockThreshold;
+ SIZE_T DeCommitTotalFreeThreshold;
+ SIZE_T MaximumAllocationSize;
+ SIZE_T VirtualMemoryThreshold;
+ SIZE_T InitialCommit;
+ SIZE_T InitialReserve;
+ PRTL_HEAP_COMMIT_ROUTINE CommitRoutine;
+ SIZE_T Reserved[2];
+} RTL_HEAP_PARAMETERS, *PRTL_HEAP_PARAMETERS;
+
NTKERNELAPI
BOOLEAN
NTAPI
NTKERNELAPI
LARGE_INTEGER
+NTAPI
CcGetLsnForFileObject (
IN PFILE_OBJECT FileObject,
OUT PLARGE_INTEGER OldestLsn OPTIONAL
VOID
NTAPI
ExDisableResourceBoostLite (
- IN PERESOURCE Resource
+ IN PERESOURCE Resource
);
NTKERNELAPI
ULONG
NTAPI
ExQueryPoolBlockSize (
- IN PVOID PoolBlock,
- OUT PBOOLEAN QuotaCharged
+ IN PVOID PoolBlock,
+ OUT PBOOLEAN QuotaCharged
+);
+
+#if (VER_PRODUCTBUILD >= 2600)
+
+#ifndef __NTOSKRNL__
+NTKERNELAPI
+VOID
+FASTCALL
+ExInitializeRundownProtection (
+ IN PEX_RUNDOWN_REF RunRef
+);
+
+NTKERNELAPI
+VOID
+FASTCALL
+ExReInitializeRundownProtection (
+ IN PEX_RUNDOWN_REF RunRef
+);
+
+NTKERNELAPI
+BOOLEAN
+FASTCALL
+ExAcquireRundownProtection (
+ IN PEX_RUNDOWN_REF RunRef
+);
+
+NTKERNELAPI
+BOOLEAN
+FASTCALL
+ExAcquireRundownProtectionEx (
+ IN PEX_RUNDOWN_REF RunRef,
+ IN ULONG Count
+);
+
+NTKERNELAPI
+VOID
+FASTCALL
+ExReleaseRundownProtection (
+ IN PEX_RUNDOWN_REF RunRef
+);
+
+NTKERNELAPI
+VOID
+FASTCALL
+ExReleaseRundownProtectionEx (
+ IN PEX_RUNDOWN_REF RunRef,
+ IN ULONG Count
+);
+
+NTKERNELAPI
+VOID
+FASTCALL
+ExRundownCompleted (
+ IN PEX_RUNDOWN_REF RunRef
+);
+
+NTKERNELAPI
+VOID
+FASTCALL
+ExWaitForRundownProtectionRelease (
+ IN PEX_RUNDOWN_REF RunRef
);
+#endif
+#endif /* (VER_PRODUCTBUILD >= 2600) */
+
#define FlagOn(x, f) ((x) & (f))
NTKERNELAPI
);
typedef
-VOID NTAPI
-(*POPLOCK_WAIT_COMPLETE_ROUTINE) (
+VOID
+(NTAPI*POPLOCK_WAIT_COMPLETE_ROUTINE) (
IN PVOID Context,
IN PIRP Irp
);
typedef
-VOID NTAPI
-(*POPLOCK_FS_PREPOST_IRP) (
+VOID
+(NTAPI*POPLOCK_FS_PREPOST_IRP) (
IN PVOID Context,
IN PIRP Irp
);
IN PDEVICE_OBJECT DeviceObject
);
+NTKERNELAPI
+PVOID
+NTAPI
+RtlCreateHeap (
+ IN ULONG Flags,
+ IN PVOID HeapBase OPTIONAL,
+ IN SIZE_T ReserveSize OPTIONAL,
+ IN SIZE_T CommitSize OPTIONAL,
+ IN PVOID Lock OPTIONAL,
+ IN PRTL_HEAP_PARAMETERS Parameters OPTIONAL
+);
+
NTKERNELAPI
BOOLEAN
NTAPI
IN HANDLE Handle
);
+NTKERNELAPI
+PVOID
+NTAPI
+RtlDestroyHeap(
+ IN PVOID HeapHandle
+);
+
NTKERNELAPI
VOID
NTAPI
IN NTSTATUS Ntstatus
);
+#define NLS_OEM_LEAD_BYTE_INFO NlsOemLeadByteInfo
+
+extern PUSHORT NlsOemLeadByteInfo;
+
+#define FsRtlIsLeadDbcsCharacter(DBCS_CHAR) ( \
+ (BOOLEAN)((UCHAR)(DBCS_CHAR) < 0x80 ? FALSE : \
+ (NLS_MB_CODE_PAGE_TAG && \
+ (NLS_OEM_LEAD_BYTE_INFO[(UCHAR)(DBCS_CHAR)] != 0))) \
+)
+
+#define FsRtlIsAnsiCharacterWild(C) ( \
+ FlagOn(FsRtlLegalAnsiCharacterArray[(UCHAR)(C)], FSRTL_WILD_CHARACTER ) \
+)
+
#define FsRtlIsUnicodeCharacterWild(C) ( \
(((C) >= 0x40) ? \
FALSE : \
- FlagOn((*FsRtlLegalAnsiCharacterArray)[(C)], FSRTL_WILD_CHARACTER )) \
+ FlagOn(FsRtlLegalAnsiCharacterArray[(C)], FSRTL_WILD_CHARACTER )) \
)
+NTKERNELAPI
+BOOLEAN
+NTAPI
+FsRtlMdlReadDev (
+ IN PFILE_OBJECT FileObject,
+ IN PLARGE_INTEGER FileOffset,
+ IN ULONG Length,
+ IN ULONG LockKey,
+ OUT PMDL *MdlChain,
+ OUT PIO_STATUS_BLOCK IoStatus,
+ IN PDEVICE_OBJECT DeviceObject
+);
+
NTKERNELAPI
BOOLEAN
NTAPI
IN PDEVICE_OBJECT DeviceObject
);
+NTKERNELAPI
+BOOLEAN
+NTAPI
+FsRtlPrepareMdlWriteDev (
+ IN PFILE_OBJECT FileObject,
+ IN PLARGE_INTEGER FileOffset,
+ IN ULONG Length,
+ IN ULONG LockKey,
+ OUT PMDL *MdlChain,
+ OUT PIO_STATUS_BLOCK IoStatus,
+ IN PDEVICE_OBJECT DeviceObject
+);
+
NTKERNELAPI
BOOLEAN
NTAPI
VOID
NTAPI
FsRtlNotifyInitializeSync (
- IN PNOTIFY_SYNC NotifySync
+ IN PNOTIFY_SYNC *NotifySync
);
NTKERNELAPI
VOID
NTAPI
FsRtlNotifyUninitializeSync (
- IN PNOTIFY_SYNC NotifySync
+ IN PNOTIFY_SYNC *NotifySync
);
#if (VER_PRODUCTBUILD >= 2195)
IN BOOLEAN MailslotsSupported
);
+typedef VOID
+(NTAPI *PFSRTL_STACK_OVERFLOW_ROUTINE) (
+ IN PVOID Context,
+ IN PKEVENT Event
+);
+
+NTKERNELAPI
+VOID
+NTAPI
+FsRtlPostStackOverflow (
+ IN PVOID Context,
+ IN PKEVENT Event,
+ IN PFSRTL_STACK_OVERFLOW_ROUTINE StackOverflowRoutine
+);
+
+NTKERNELAPI
+VOID
+NTAPI
+FsRtlPostPagingFileStackOverflow (
+ IN PVOID Context,
+ IN PKEVENT Event,
+ IN PFSRTL_STACK_OVERFLOW_ROUTINE StackOverflowRoutine
+);
+
NTKERNELAPI
VOID
NTAPI
IN PTIME_FIELDS TimeFields
);
-#define InitializeMessageHeader(m, l, t) { \
- (m)->Length = (USHORT)(l); \
- (m)->DataLength = (USHORT)(l - sizeof( LPC_MESSAGE )); \
- (m)->MessageType = (USHORT)(t); \
- (m)->DataInfoOffset = 0; \
-}
+NTKERNELAPI
+NTSTATUS
+NTAPI
+IoAttachDeviceToDeviceStackSafe(
+ IN PDEVICE_OBJECT SourceDevice,
+ IN PDEVICE_OBJECT TargetDevice,
+ OUT PDEVICE_OBJECT *AttachedToDeviceObject
+);
NTKERNELAPI
VOID
IN UCHAR MajorFunction,
IN UCHAR MinorFunction,
IN ULONG IoControlCode,
- IN PFILE_INFORMATION_CLASS FileInformationClass OPTIONAL,
- IN PFS_INFORMATION_CLASS FsInformationClass OPTIONAL
+ IN PVOID Argument1 OPTIONAL,
+ IN PVOID Argument2 OPTIONAL
);
#if (VER_PRODUCTBUILD >= 2195)
OUT PULONG ReturnedLength
);
+NTKERNELAPI
+VOID
+NTAPI
+IoQueueThreadIrp(
+ IN PIRP Irp
+);
+
NTKERNELAPI
VOID
NTAPI
#if (VER_PRODUCTBUILD >= 1381)
NTKERNELAPI
-NTSTATUS
+VOID
NTAPI
IoUnregisterFsRegistrationChange (
IN PDRIVER_OBJECT DriverObject,
IN PRKQUEUE Queue
);
+NTKERNELAPI
+VOID
+NTAPI
+KeInitializeMutant (
+ IN PRKMUTANT Mutant,
+ IN BOOLEAN InitialOwner
+);
+
+NTKERNELAPI
+LONG
+NTAPI
+KeReadStateMutant (
+ IN PRKMUTANT Mutant
+);
+
+NTKERNELAPI
+LONG
+NTAPI
+KeReleaseMutant (
+ IN PRKMUTANT Mutant,
+ IN KPRIORITY Increment,
+ IN BOOLEAN Abandoned,
+ IN BOOLEAN Wait
+);
+
#if (VER_PRODUCTBUILD >= 2195)
NTKERNELAPI
OUT PVOID *Object
);
+NTKERNELAPI
+NTSTATUS
+NTAPI
+PsAssignImpersonationToken (
+ IN PETHREAD Thread,
+ IN HANDLE Token
+);
+
NTKERNELAPI
VOID
NTAPI
IN ULONG Amount
);
+NTKERNELAPI
+NTSTATUS
+NTAPI
+PsChargeProcessPoolQuota (
+ IN PEPROCESS Process,
+ IN POOL_TYPE PoolType,
+ IN ULONG_PTR Amount
+);
+
#define PsDereferenceImpersonationToken(T) \
{if (ARGUMENT_PRESENT(T)) { \
(ObDereferenceObject((T))); \
#define PsDereferencePrimaryToken(T) (ObDereferenceObject((T)))
NTKERNELAPI
-ULONGLONG
+BOOLEAN
+NTAPI
+PsDisableImpersonation(
+ IN PETHREAD Thread,
+ IN PSE_IMPERSONATION_STATE ImpersonationState
+);
+
+NTKERNELAPI
+LARGE_INTEGER
NTAPI
PsGetProcessExitTime (
VOID
);
+NTKERNELAPI
+NTSTATUS
+NTAPI
+PsImpersonateClient(
+ IN PETHREAD Thread,
+ IN PACCESS_TOKEN Token,
+ IN BOOLEAN CopyOnOpen,
+ IN BOOLEAN EffectiveOnly,
+ IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
+);
+
+NTKERNELAPI
+BOOLEAN
+NTAPI
+PsIsSystemThread(
+ IN PETHREAD Thread
+);
+
NTKERNELAPI
BOOLEAN
NTAPI
IN PEPROCESS Process
);
+NTKERNELAPI
+VOID
+NTAPI
+PsRestoreImpersonation(
+ IN PETHREAD Thread,
+ IN PSE_IMPERSONATION_STATE ImpersonationState
+);
+
NTKERNELAPI
VOID
NTAPI
NTAPI
RtlAbsoluteToSelfRelativeSD (
IN PSECURITY_DESCRIPTOR AbsoluteSecurityDescriptor,
- IN OUT PSECURITY_DESCRIPTOR_RELATIVE SelfRelativeSecurityDescriptor,
+ IN OUT PSECURITY_DESCRIPTOR SelfRelativeSecurityDescriptor,
IN PULONG BufferLength
);
IN PSID Source
);
+NTSYSAPI
+BOOLEAN
+NTAPI
+RtlCreateUnicodeString(
+ PUNICODE_STRING DestinationString,
+ PCWSTR SourceString
+);
+
NTSYSAPI
NTSTATUS
NTAPI
OUT PULONG ChunkSize
);
+NTSYSAPI
+NTSTATUS
+NTAPI
+RtlDowncaseUnicodeString(
+ IN OUT PUNICODE_STRING UniDest,
+ IN PCUNICODE_STRING UniSource,
+ IN BOOLEAN AllocateDestinationString
+);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+RtlDuplicateUnicodeString(
+ IN ULONG Flags,
+ IN PCUNICODE_STRING SourceString,
+ OUT PUNICODE_STRING DestinationString
+);
+
NTSYSAPI
BOOLEAN
NTAPI
ULONG
NTAPI
RtlLengthRequiredSid (
- IN UCHAR SubAuthorityCount
+ IN ULONG SubAuthorityCount
);
NTSYSAPI
OUT PLARGE_INTEGER Time
);
-#if (VER_PRODUCTBUILD >= 2195)
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlSelfRelativeToAbsoluteSD (
- IN PSECURITY_DESCRIPTOR_RELATIVE SelfRelativeSD,
- OUT PSECURITY_DESCRIPTOR AbsoluteSD,
- IN PULONG AbsoluteSDSize,
- IN PACL Dacl,
- IN PULONG DaclSize,
- IN PACL Sacl,
- IN PULONG SaclSize,
- IN PSID Owner,
- IN PULONG OwnerSize,
- IN PSID PrimaryGroup,
- IN PULONG PrimaryGroupSize
-);
-
-#endif /* (VER_PRODUCTBUILD >= 2195) */
-
NTSYSAPI
NTSTATUS
NTAPI
OUT PSECURITY_SUBJECT_CONTEXT SubjectContext
);
-NTKERNELAPI
-NTSTATUS
-NTAPI
-SeCreateAccessState (
- OUT PACCESS_STATE AccessState,
- IN PVOID AuxData,
- IN ACCESS_MASK AccessMask,
- IN PGENERIC_MAPPING Mapping
-);
-
NTKERNELAPI
NTSTATUS
NTAPI
NTKERNELAPI
NTSTATUS
+NTAPI
SeUnregisterLogonSessionTerminatedRoutine (
IN PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine
);
IN ULONG FlushSize
);
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwFlushBuffersFile(
+ IN HANDLE FileHandle,
+ OUT PIO_STATUS_BLOCK IoStatusBlock
+);
+
#if (VER_PRODUCTBUILD >= 2195)
NTSYSAPI
OUT PULONG ResultLength
);
-NTSYSAPI
-NTSTATUS
-NTAPI
-ZwQueryObject (
- IN HANDLE ObjectHandle,
- IN OBJECT_INFORMATION_CLASS ObjectInformationClass,
- OUT PVOID ObjectInformation,
- IN ULONG Length,
- OUT PULONG ResultLength
-);
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-ZwQuerySection (
- IN HANDLE SectionHandle,
- IN SECTION_INFORMATION_CLASS SectionInformationClass,
- OUT PVOID SectionInformation,
- IN ULONG SectionInformationLength,
- OUT PULONG ResultLength OPTIONAL
-);
-
NTSYSAPI
NTSTATUS
NTAPI
OUT PULONG ResultLength
);
-NTSYSAPI
-NTSTATUS
-NTAPI
-ZwQuerySystemInformation (
- IN SYSTEM_INFORMATION_CLASS SystemInformationClass,
- OUT PVOID SystemInformation,
- IN ULONG Length,
- OUT PULONG ReturnLength
-);
-
NTSYSAPI
NTSTATUS
NTAPI
OUT PLONG PreviousState OPTIONAL
);
-NTSYSAPI
-NTSTATUS
-NTAPI
-ZwSetInformationObject (
- IN HANDLE ObjectHandle,
- IN OBJECT_INFORMATION_CLASS ObjectInformationClass,
- IN PVOID ObjectInformation,
- IN ULONG ObjectInformationLength
-);
-
NTSYSAPI
NTSTATUS
NTAPI
#endif /* (VER_PRODUCTBUILD >= 2195) */
-NTSYSAPI
-NTSTATUS
-NTAPI
-ZwSetSystemInformation (
- IN SYSTEM_INFORMATION_CLASS SystemInformationClass,
- IN PVOID SystemInformation,
- IN ULONG Length
-);
-
NTSYSAPI
NTSTATUS
NTAPI