+++ /dev/null
-/*
- This is a free version of the file ntifs.h, release 58.
- The purpose of this include file is to build file system and
- file system filter drivers for Windows.
- Copyright (C) 1999-2015 Bo Brantén.
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
-
- The GNU General Public License is also available from:
- http://www.gnu.org/copyleft/gpl.html
-
- Windows and Windows NT are either registered trademarks or trademarks of
- Microsoft Corporation in the United States and/or other countries.
-
- DISCLAIMER: I do not encourage anyone to use this include file to build
- drivers used in production. Some of the information in this file may not
- be available in other publications intended for similar use. Some of the
- information in this file may have different names than in other
- publications even though they describe the same thing.
-
- NOTE: This file should be used with the Microsoft® Windows® Driver
- Development Kit (DDK) while the file wdkundoc.h is a subset of this
- file that should be used with the Microsoft Windows Driver Kit (WDK).
-
- Please send comments, corrections and contributions to bosse@acc.umu.se.
-
- The most recent version of this file is available from:
- http://www.acc.umu.se/~bosse/ntifs.h
-
- The most recent version of the file wdkundoc.h is available from:
- http://www.acc.umu.se/~bosse/wdkundoc.h
-
- Thanks to:
- Andrey Shedel, Luigi Mori, Louis Joubert, Itai Shaham, David Welch,
- Emanuele Aliberti, Anton Altaparmakov, Dan Partelly, Mamaich, Yossi
- Yaffe, Gunnar André Dalsnes, Vadim V Vorobev, Ashot Oganesyan K,
- Oleg Nikityenko, Matt Wu, Tomas Olsson, Raaf, Anthony Choi, Alexey
- Logachyov, Marc-Antoine Ruel, Vyacheslav I. Levtchenko, Yuri Polyakov,
- Bruno Milot, Alex Vlasov, Dan Fulger, Petr Semerad, Sobame La Garompa,
- Jérôme Hodé and Darja Isaksson.
-
- Revision history:
-
- 58. 2015-06-11
- Added:
- Externals:
- PsInitialSystemProcess
- HalPrivateDispatchTable
- KeLoaderBlock
- KeI386MachineType
- KiBugCheckData
- InitSafeBootMode
- KiEnableTimerWatchdog
- KdComPortInUse
- KdEnteredDebugger
- MmBadPointer
- NlsLeadByteInfo
- NlsOemLeadByteInfo
- NlsMbCodePageTag
- NlsMbOemCodePageTag
- NlsAnsiCodePage
- NlsOemCodePage
- IoStatisticsLock
- IoReadOperationCount
- IoWriteOperationCount
- IoReadTransferCount
- IoWriteTransferCount
- KeDcacheFlushCount
- KeIcacheFlushCount
- CcFastMdlReadWait
- CcFastReadNotPossible
- CcFastReadWait
- IoAdapterObjectType
- IoDeviceObjectType
- MmSectionObjectType
- PsProcessType
- PsThreadType
- ExDesktopObjectType
- ExWindowStationObjectType
- IoDeviceHandlerObjectType
- LpcPortObjectType
- PsJobType
- SeTokenObjectType
- TmEnlistmentObjectType
- TmResourceManagerObjectType
- TmTransactionManagerObjectType
- TmTransactionObjectType
- CmKeyObjectType
- IoDeviceHandlerObjectSize
- POGOBuffer
- psMUITest
- PsUILanguageComitted
-
- 57. 2015-03-23
- Corrected:
- ObGetObjectPointerCount
- Added:
- Function prototypes:
- FsRtlTeardownPerFileContexts
- FsRtlTeardownPerStreamContexts
-
- 56. 2008-07-31
- Corrected:
- FSCTL_SET_SPARSE
- FSRTL_COMMON_FCB_HEADER
- Added:
- Defines:
- FSRTL_XXX
- IO_REPARSE_TAG_XXX
- Data types:
- FSRTL_ADVANCED_FCB_HEADER
- Function prototypes:
- FsRtlSetupAdvancedHeader
-
- 55. 2006-05-15
- Corrected:
- TOKEN_OBJECT
- Added:
- Data types:
- SEP_AUDIT_POLICY_VISTA
- SID_AND_ATTRIBUTES_HASH
-
- 54. 2006-05-14
- Corrected:
- EXTENDED_IO_STACK_LOCATION
-
- 53. 2005-11-06
- Added:
- Function prototypes:
- RtlRandom
- RtlRandomEx
- RtlSecondsSince1980ToTime
- RtlTimeToSecondsSince1980
-
- 52. 2005-11-05
- Corrected:
- OBJECT_NAME
- TOKEN_OBJECT
-
- 51. 2005-10-16
- Corrected:
- ETHREAD
- GDI_TEB_BATCH
- MMADDRESS_NODE
- TEB
-
- 50. 2005-10-15
- Added:
- Data types:
- READ_LIST
- Function prototypes:
- IoAttachDeviceToDeviceStackSafe
- IoCheckQuerySetFileInformation
- IoCheckQuerySetVolumeInformation
- IoCreateFileSpecifyDeviceObjectHint
- IoCreateStreamFileObjectEx
- IoEnumerateDeviceObjectList
- IoGetDeviceAttachmentBaseRef
- IoGetDiskDeviceObject
- IoGetLowerDeviceObject
- IoIsFileOriginRemote
- IoQueryFileDosDeviceName
- IoQueueThreadIrp
- IoSetFileOrigin
- KeAcquireQueuedSpinLock
- KeInitializeMutant
- KeReadStateMutant
- KeReleaseMutant
- KeReleaseQueuedSpinLock
- KeSetIdealProcessorThread
- KeSetKernelStackSwapEnable
- KeTryToAcquireQueuedSpinLock
- MmPrefetchPages
- ObDereferenceSecurityDescriptor
- ObLogSecurityDescriptor
- ObReferenceSecurityDescriptor
- PoQueueShutdownWorkItem
- RtlxUnicodeStringToAnsiSize
- SeAuditHardLinkCreation
- SeAuditingHardLinkEvents
- SeFilterToken
-
- 49. 2005-10-09
- Corrected:
- EPROCESS
- KTHREAD
- MMSUPPORT_FLAGS
- MMSUPPORT
- OBJECT_HEADER
- OBJECT_TYPE_INITIALIZER
- OBJECT_TYPE
- TEB
- KeInsertQueueApc
- Added:
- Defines:
- OB_FLAG_XXX
- OB_SECURITY_CHARGE
- Data types:
- ACTIVATION_CONTEXT_STACK
- GDI_TEB_BATCH
- HANDLE_INFO
- KGUARDED_MUTEX
- MMADDRESS_NODE
- MM_AVL_TABLE
- OBJECT_CREATE_INFORMATION
- OBJECT_CREATOR_INFO
- OBJECT_DIRECTORY
- OBJECT_DIRECTORY_ITEM
- OBJECT_HANDLE_DB
- OBJECT_HANDLE_DB_LIST
- OBJECT_HEADER_FLAGS
- OBJECT_NAME
- OBJECT_QUOTA_CHARGES
- OBJECT_QUOTA_INFO
- QUOTA_BLOCK
- RTL_ACTIVATION_CONTEXT_STACK_FRAME
- TEB_ACTIVE_FRAME
- TEB_ACTIVE_FRAME_CONTEXT
- Wx86ThreadState
- Function prototypes:
- FsRtlAcquireFileExclusive
- FsRtlBalanceReads
- FsRtlDissectDbcs
- FsRtlDoesDbcsContainWildCards
- FsRtlIsDbcsInExpression
- FsRtlIsFatDbcsLegal
- FsRtlIsHpfsDbcsLegal
- FsRtlIsPagingFile
- FsRtlIsTotalDeviceFailure
- FsRtlMdlReadDev
- FsRtlPostPagingFileStackOverflow
- FsRtlPostStackOverflow
- FsRtlPrepareMdlWriteDev
- FsRtlReleaseFile
-
- 48. 2005-04-16
- Added:
- Data types:
- THREAD_BASIC_INFORMATION
- Function prototypes:
- ZwQueryInformationThread
-
- 47. 2005-03-08
- Corrected:
- SYSTEM_PROCESSES_INFORMATION
- TOKEN_OBJECT
- KeInsertQueueApc
-
- 46. 2004-06-08
- Added:
- Data types:
- TOKEN_OBJECT
-
- 45. 2004-06-06
- Corrected:
- SERVICE_DESCRIPTOR_TABLE
- Added:
- Defines:
- TOKEN_SESSION_NOT_REFERENCED
- TOKEN_SANDBOX_INERT
- TOKEN_HAS_IMPERSONATE_PRIVILEGE
- Function prototypes:
- FsRtlDissectName
- RtlOemStringToCountedUnicodeSize
- RtlOemStringToUnicodeSize
- RtlOemStringToUnicodeString
- RtlUnicodeStringToOemSize
- RtlUnicodeStringToOemString
- RtlxOemStringToUnicodeSize
- RtlxUnicodeStringToOemSize
-
- 44. 2003-05-06
- Added:
- Function prototypes:
- InbvAcquireDisplayOwnership
- InbvCheckDisplayOwnership
- InbvDisplayString
- InbvEnableBootDriver
- InbvEnableDisplayString
- InbvInstallDisplayStringFilter
- InbvIsBootDriverInstalled
- InbvNotifyDisplayOwnershipLost
- InbvResetDisplay
- InbvSetScrollRegion
- InbvSetTextColor
- InbvSolidColorFill
-
- 43. 2003-04-07
- Added:
- Data types:
- MCB
- Function prototypes:
- FsRtlAddMcbEntry
- FsRtlInitializeMcb
- FsRtlLookupLastMcbEntry
- FsRtlLookupMcbEntry
- FsRtlNotifyFilterChangeDirectory
- FsRtlNotifyFilterReportChange
- FsRtlNumberOfRunsInMcb
- FsRtlRemoveMcbEntry
- FsRtlTruncateMcb
- FsRtlUninitializeMcb
-
- 42. 2003-03-30
- Corrected:
- SYSTEM_CACHE_INFORMATION
- SYSTEM_INFORMATION_CLASS
- Added:
- Data types:
- SYSTEM_XXX_INFORMATION
- THREAD_STATE
-
- 41. 2003-01-03
- Corrected:
- CcMapData
- PsDereferenceImpersonationToken
- PsDereferencePrimaryToken
- PsGetProcessExitTime
- PsReferencePrimaryToken
- Added:
- Defines:
- MAP_XXX
- Function prototypes:
- CcMdlWriteAbort
- PsAssignImpersonationToken
- PsChargeProcessNonPagedPoolQuota
- PsChargeProcessPagedPoolQuota
- PsChargeProcessPoolQuota
- PsDisableImpersonation
- PsImpersonateClient
- PsIsSystemThread
- PsRestoreImpersonation
- SeDeleteAccessState
- ZwOpenProcessTokenEx
- ZwOpenThreadTokenEx
-
- 40. 2002-10-02
- Corrected:
- HANDLE_TABLE_ENTRY
- Added:
- Defines:
- FSRTL_FLAG_ADVANCED_HEADER
- FSRTL_FLAG2_SUPPORTS_FILTER_CONTEXTS
- FSRTL_FLAG2_PURGE_WHEN_MAPPED
- Data types:
- FILE_ID_BOTH_DIR_INFORMATION
- FILE_ID_FULL_DIR_INFORMATION
-
- 39. 2002-08-04
- Added:
- Data types:
- LARGE_MCB
- Function prototypes:
- FsRtlAddLargeMcbEntry
- FsRtlGetNextLargeMcbEntry
- FsRtlInitializeLargeMcb
- FsRtlLookupLargeMcbEntry
- FsRtlLookupLastLargeMcbEntry
- FsRtlLookupLastLargeMcbEntryAndIndex
- FsRtlNumberOfRunsInLargeMcb
- FsRtlRemoveLargeMcbEntry
- FsRtlResetLargeMcb
- FsRtlSplitLargeMcb
- FsRtlTruncateLargeMcb
- FsRtlUninitializeLargeMcb
-
- 38. 2002-06-30
- Added:
- Defines:
- FILE_READ_ONLY_VOLUME
- Function prototypes:
- FsRtlAllocateResource
- FsRtlIncrementCcFastReadNotPossible
- FsRtlIncrementCcFastReadNoWait
- FsRtlIncrementCcFastReadResourceMiss
- FsRtlIncrementCcFastReadWait
- KeIsAttachedProcess
- KeIsExecutingDpc
- KeRevertToUserAffinityThread
- KeUpdateSystemTime
- PsGetCurrentProcessSessionId
- PsGetCurrentThreadPreviousMode
- PsGetCurrentThreadStackBase
- PsGetCurrentThreadStackLimit
- RtlGetNtGlobalFlags
-
- 37. 2002-05-18
- Uppdated for Windows XP:
- EPROCESS
- ETHREAD
- KPROCESS
- KTHREAD
- MMSUPPORT_FLAGS
- MMSUPPORT
- PRIVATE_CACHE_MAP_FLAGS
- PRIVATE_CACHE_MAP
- SHARED_CACHE_MAP
- Corrected:
- VACB
- Added:
- Data types:
- EPROCESS_QUOTA_ENTRY
- EPROCESS_QUOTA_BLOCK
- EX_FAST_REF
- EX_PUSH_LOCK
- EX_RUNDOWN_REF
- PAGEFAULT_HISTORY
- SE_AUDIT_PROCESS_CREATION_INFO
- SECTION_OBJECT
- TERMINATION_PORT
-
- 36. 2002-05-14
- Corrected:
- FILE_FS_FULL_SIZE_INFORMATION
-
- 35. 2002-03-23
- Added:
- Defines:
- COMPRESSION_XXX
- Data types:
- COMPRESSED_DATA_INFO
- OBJECT_HEADER
- VAD_HEADER
- Function prototypes:
- CcWaitForCurrentLazyWriterActivity
- FsRtlCheckOplock
- FsRtlCurrentBatchOplock
- FsRtlDeregisterUncProvider
- FsRtlInitializeOplock
- FsRtlOplockFsctrl
- FsRtlOplockIsFastIoPossible
- FsRtlRegisterUncProvider
- FsRtlUninitializeOplock
- RtlCompressBuffer
- RtlCompressChunks
- RtlDecompressBuffer
- RtlDecompressChunks
- RtlDecompressFragment
- RtlDescribeChunk
- RtlGetCompressionWorkSpaceSize
- RtlReserveChunk
-
- 34. 2002-02-14
- Corrected:
- HARDWARE_PTE
- Changed the use of _WIN32_WINNT to VER_PRODUCTBUILD since _WIN32_WINNT
- is incorrectly defined in the Windows 2000 build environment included
- in the Windows XP DDK.
-
- 33. 2002-01-20
- Added:
- Function prototypes:
- PsDereferenceImpersonationToken
- PsDereferencePrimaryToken
-
- 32. 2002-01-18
- Corrected:
- ObReferenceObjectByName
- FILE_FS_OBJECT_ID_INFORMATION
- FILE_OBJECTID_INFORMATION
- Added:
- Externals:
- IoDriverObjectType
- SeExports
- Defines:
- FILE_ACTION_XXX
- FSCTL_XXX
- IO_FILE_OBJECT_XXX
- IRP_BEING_VERIFIED
- TOKEN_XXX
- Data types:
- DEVICE_MAP
- FILE_TRACKING_INFORMATION
- SE_EXPORTS
- Function prototypes:
- SeEnableAccessToExports
-
- 31. 2001-12-23
- Corrected:
- QueryQuota in EXTENDED_IO_STACK_LOCATION
- FILE_LOCK
- CcPinMappedData
- CcPinRead
- CcPreparePinWrite
- FsRtlFastUnlockAll
- FsRtlFastUnlockAllByKey
- FsRtlFastUnlockSingle
- FsRtlInitializeFileLock
- FsRtlPrivateLock
- FsRtlProcessFileLock
- MmForceSectionClosed
- MmIsRecursiveIoFault
- SeImpersonateClient
- SeImpersonateClientEx
- Added:
- Defines:
- More FSRTL_FLAG_XXX
- PIN_XXX
- VACB_XXX
- Data types:
- REPARSE_DATA_BUFFER
- Function prototypes:
- CcCopyWriteWontFlush
- CcGetFileSizePointer
- CcGetFlushedValidData
- CcIsFileCached
- CcRemapBcb
- ExDisableResourceBoostLite
- ExQueryPoolBlockSize
- FsRtlAllocateFileLock
- FsRtlAreThereCurrentFileLocks
- FsRtlFastLock
- FsRtlFreeFileLock
- IoCheckDesiredAccess
- IoCheckEaBufferValidity
- IoCheckFunctionAccess
- IoCheckQuotaBufferValidity
- IoCreateStreamFileObjectLite
- IoFastQueryNetworkAttributes
- IoGetRequestorProcessId
- IoIsFileOpenedExclusively
- IoIsSystemThread
- IoIsValidNameGraftingBuffer
- IoSynchronousPageWrite
- IoThreadToProcess
- KeInitializeQueue
- KeInsertHeadQueue
- KeInsertQueue
- KeReadStateQueue
- KeRemoveQueue
- KeRundownQueue
- MmSetAddressRangeModified
- ObGetObjectPointerCount
- ObMakeTemporaryObject
- ObQueryObjectAuditingByHandle
- PsChargePoolQuota
- PsReturnPoolQuota
- SeAppendPrivileges
- SeAuditingFileEvents
- SeAuditingFileOrGlobalEvents
- SeCreateClientSecurity
- SeCreateClientSecurityFromSubjectContext
- SeDeleteClientSecurity
- SeDeleteObjectAuditAlarm
- SeFreePrivileges
- SeLockSubjectContext
- SeOpenObjectAuditAlarm
- SeOpenObjectForDeleteAuditAlarm
- SePrivilegeCheck
- SeQueryAuthenticationIdToken
- SeQuerySecurityDescriptorInfo
- SeQuerySessionIdToken
- SeSetAccessStateGenericMapping
- SeSetSecurityDescriptorInfo
- SeSetSecurityDescriptorInfoEx
- SeTokenIsAdmin
- SeTokenIsRestricted
- SeTokenType
- SeUnlockSubjectContext
-
- 30. 2001-10-24
- Corrected:
- KINTERRUPT
- OBJECT_TYPE
- Added:
- Defines:
- More FSCTL_XXX
- Data types:
- BITMAP_RANGE
- CreateMailslot in EXTENDED_IO_STACK_LOCATION
- CreatePipe in EXTENDED_IO_STACK_LOCATION
- QueryQuota in EXTENDED_IO_STACK_LOCATION
- MAILSLOT_CREATE_PARAMETERS
- MBCB
- NAMED_PIPE_CREATE_PARAMETERS
- PRIVATE_CACHE_MAP_FLAGS
- PRIVATE_CACHE_MAP
- SECURITY_CLIENT_CONTEXT
- SHARED_CACHE_MAP
- VACB
- Function prototypes:
- HalQueryRealTimeClock
- HalSetRealTimeClock
- PsGetProcessExitTime
- PsIsThreadTerminating
- PsLookupProcessThreadByCid
- PsLookupThreadByThreadId
- SeQueryAuthenticationIdToken
- Externals:
- KeServiceDescriptorTable
- SePublicDefaultDacl
- SeSystemDefaultDacl
-
- 29. 2001-10-06
- Added:
- Defines:
- FSRTL_VOLUME_XXX
- Function prototypes:
- FsRtlNotifyChangeDirectory
- FsRtlNotifyReportChange
- FsRtlNotifyVolumeEvent
-
- 28. 2001-09-16
- Added:
- Function prototypes:
- FsRtlNotifyInitializeSync
- FsRtlNotifyUninitializeSync
- SeImpersonateClientEx
- SeReleaseSubjectContext
-
- 27. 2001-08-25
- Corrected:
- KPROCESS
- FILE_LOCK_ANCHOR
- FsRtlNormalizeNtstatus
- RtlSecondsSince1970ToTime
- RtlTimeToSecondsSince1970
- SeQueryInformationToken
- Added:
- Defines:
- FS_LFN_APIS
- Data types:
- FILE_LOCK_ENTRY
- FILE_SHARED_LOCK_ENTRY
- FILE_EXCLUSIVE_LOCK_ENTRY
- Function prototypes:
- FsRtlCheckLockForReadAccess
- FsRtlCheckLockForWriteAccess
- FsRtlFastUnlockAll
- FsRtlFastUnlockAllByKey
- FsRtlFastUnlockSingle
- FsRtlGetFileSize
- FsRtlGetNextFileLock
- FsRtlInitializeFileLock
- FsRtlPrivateLock
- FsRtlProcessFileLock
- FsRtlUninitializeFileLock
- IoUnregisterFsRegistrationChange
- PsLookupProcessByProcessId
- SeQuerySubjectContextToken
-
- 26. 2001-04-28
- Added:
- Defines:
- FSCTL_XXX
- Data types:
- RTL_SPLAY_LINKS
- TUNNEL
- Function prototypes:
- FsRtlAddToTunnelCache
- FsRtlDeleteKeyFromTunnelCache
- FsRtlDeleteTunnelCache
- FsRtlFindInTunnelCache
- FsRtlInitializeTunnelCache
- IoSetDeviceToVerify
- KeInitializeApc
- KeInsertQueueApc
- SeQueryInformationToken
-
- 25. 2001-04-05
- Corrected:
- RtlImageNtHeader
- LPC_XXX
- OBJECT_BASIC_INFO
- Added:
- Defines:
- SID_REVISION
- Data types:
- DIRECTORY_BASIC_INFORMATION
- KINTERRUPT
- OBJECT_HANDLE_ATTRIBUTE_INFO
- PROCESS_PRIORITY_CLASS
- SECTION_BASIC_INFORMATION
- SECTION_IMAGE_INFORMATION
- SECTION_INFORMATION_CLASS
- Function prototypes:
- RtlSecondsSince1970ToTime
- RtlTimeToSecondsSince1970
- ZwAdjustPrivilegesToken
- ZwAlertThread
- ZwAccessCheckAndAuditAlarm
- ZwClearEvent
- ZwCloseObjectAuditAlarm
- ZwCreateSection
- ZwCreateSymbolicLinkObject
- ZwDuplicateToken
- ZwFlushInstructionCache
- ZwFlushVirtualMemory
- ZwInitiatePowerAction
- ZwLoadKey
- ZwNotifyChangeKey
- ZwOpenThread
- ZwPowerInformation
- ZwPulseEvent
- ZwQueryDefaultLocale
- ZwQueryDefaultUILanguage
- ZwQueryInformationProcess
- ZwQueryInstallUILanguage
- ZwQuerySection
- ZwReplaceKey
- ZwResetEvent
- ZwRestoreKey
- ZwSaveKey
- ZwSetDefaultLocale
- ZwSetDefaultUILanguage
- ZwSetEvent
- ZwSetInformationObject
- ZwSetInformationProcess
- ZwSetSecurityObject
- ZwSetSystemTime
- ZwTerminateProcess
- ZwUnloadKey
- ZwWaitForSingleObject
- ZwWaitForMultipleObjects
- ZwYieldExecution
- Removed functions that is not exported in kernel mode:
- CcZeroEndOfLastPage
- RtlAllocateAndInitializeSid
- ZwAcceptConnectPort
- ZwCompleteConnectPort
- ZwCreatePort
- ZwCreateProcess
- ZwCreateThread
- ZwFlushBuffersFile
- ZwGetContextThread
- ZwImpersonateClientOfPort
- ZwListenPort
- ZwLockFile
- ZwNotifyChangeDirectoryFile
- ZwQueryInformationPort
- ZwReadRequestData
- ZwReplyPort
- ZwReplyWaitReceivePort
- ZwReplyWaitReplyPort
- ZwRequestPort
- ZwUnlockFile
- ZwWriteRequestData
-
- 24. 2001-03-08
- Corrected:
- EPROCESS
- ETHREAD
- FAST_IO_POSSIBLE
- QueryEa in EXTENDED_IO_STACK_LOCATION
- Added:
- Defines:
- Some more flags for FileSystemAttributes
- Data types:
- EXCEPTION_REGISTRATION_RECORD
- FILE_FS_FULL_SIZE_INFORMATION
- FILE_FS_OBJECT_ID_INFORMATION
- HANDLE_TABLE_ENTRY
- IO_CLIENT_EXTENSION
- PS_IMPERSONATION_INFORMATION
- SetEa and SetQuota in EXTENDED_IO_STACK_LOCATION
- Function prototypes:
- IoPageRead
- KeStackAttachProcess
- KeUnstackDetachProcess
- MmMapViewOfSection
- RtlSelfRelativeToAbsoluteSD
- SeCreateAccessState
-
- 23. 2001-01-29
- Corrected:
- FSCTL_GET_VOLUME_INFORMATION
- FSCTL_READ_MFT_RECORD
- HARDWARE_PTE
- EPROCESS
- ETHREAD
- KAPC_STATE
- KPROCESS
- KTHREAD
- MMSUPPORT
- Added:
- Data types:
- KGDTENTRY
- KIDTENTRY
- MMSUPPORT_FLAGS
-
- 22. 2000-12-23
- Corrected:
- EPROCESS
- KPROCESS
- Added:
- Data types:
- HARDWARE_PTE
- MMSUPPORT
-
- 21. 2000-12-12
- Added:
- Defines:
- IO_TYPE_XXX
- OB_TYPE_XXX
- THREAD_STATE_XXX
- Data types:
- EPROCESS
- ETHREAD
- KAPC_STATE
- KEVENT_PAIR
- KPROCESS
- KTHREAD
- KQUEUE
- SERVICE_DESCRIPTOR_TABLE
- TEB
-
- 20. 2000-12-03
- Added:
- Data types:
- OBJECT_TYPE
- Function prototypes:
- ObCreateObject
- ObInsertObject
- ObReferenceObjectByName
-
- 19. 2000-11-25
- Removed a name from credits since the person want to be anonymous.
-
- 18. 2000-10-13
- Corrected:
- PsReferenceImpersonationToken
- Added:
- Defines:
- FILE_PIPE_XXX
- LPC_XXX
- MAILSLOT_XXX
- PORT_XXX
- FSCTL_GET_VOLUME_INFORMATION
- FSCTL_READ_MFT_RECORD
- FSCTL_MAILSLOT_PEEK
- FSCTL_PIPE_XXX
- Data types:
- PORT_INFORMATION_CLASS
- BITMAP_DESCRIPTOR
- FILE_MAILSLOT_XXX
- FILE_PIPE_XXX
- MAPPING_PAIR
- GET_RETRIEVAL_DESCRIPTOR
- LPC_XXX
- MOVEFILE_DESCRIPTOR
- Function prototypes:
- InitializeMessageHeader
- MmForceSectionClosed
- ZwAcceptConnectPort
- ZwCompleteConnectPort
- ZwConnectPort
- ZwCreateEvent
- ZwCreatePort
- ZwImpersonateClientOfPort
- ZwListenPort
- ZwQueryInformationPort
- ZwReadRequestData
- ZwReplyPort
- ZwReplyWaitReceivePort
- ZwReplyWaitReplyPort
- ZwRequestPort
- ZwRequestWaitReplyPort
- ZwWriteRequestData
-
- 17. 2000-05-21
- Added:
- Function prototypes:
- PsRevertToSelf
- SeCreateClientSecurity
- SeImpersonateClient
- ZwDuplicateObject
-
- 16. 2000-03-28
- Added:
- Defines:
- FILE_STORAGE_TYPE_XXX
- FILE_VC_XXX
- IO_CHECK_CREATE_PARAMETERS
- IO_ATTACH_DEVICE
- IO_ATTACH_DEVICE_API
- IO_COMPLETION_XXX
- Data types:
- IO_COMPLETION_INFORMATION_CLASS
- OBJECT_INFO_CLASS
- SYSTEM_INFORMATION_CLASS
- FILE_LOCK_ANCHOR
- IO_COMPLETION_BASIC_INFORMATION
- OBJECT_BASIC_INFO
- OBJECT_NAME_INFO
- OBJECT_PROTECTION_INFO
- OBJECT_TYPE_INFO
- OBJECT_ALL_TYPES_INFO
- SYSTEM_CACHE_INFORMATION
- Function prototypes:
- FsRtlAllocatePool
- FsRtlAllocatePoolWithQuota
- FsRtlAllocatePoolWithQuotaTag
- FsRtlAllocatePoolWithTag
- FsRtlAreNamesEqual
- FsRtlFastCheckLockForRead
- FsRtlFastCheckLockForWrite
- FsRtlMdlReadComplete
- FsRtlMdlWriteComplete
- FsRtlNormalizeNtstatus
- RtlAllocateHeap
- RtlCreateHeap
- RtlDestroyHeap
- RtlFreeHeap
- RtlImageNtHeader
- ZwQueryObject
- ZwQuerySystemInformation
- ZwSetSystemInformation
-
- 15. 2000-03-15
- Corrected:
- Renamed IoQueryFileVolumeInformation to IoQueryVolumeInformation
- Comment on:
- CcZeroEndOfLastPage
-
- 14. 2000-03-12
- Corrected:
- IoCreateFile
- Added:
- #if (_WIN32_WINNT < 0x0500)/#endif around stuff that is included in
- the Windows 2000 DDK but is missing in the Windows NT 4.0 DDK.
- ZwOpenEvent
-
- 13. 2000-02-08
- Corrected:
- PsReferenceImpersonationToken
- Comment on:
- RtlAllocateAndInitializeSid
-
- 12. 1999-10-18
- Corrected:
- FILE_COMPRESSION_INFORMATION
- Added:
- Defines:
- ACCESS_ALLOWED_ACE_TYPE
- ACCESS_DENIED_ACE_TYPE
- SYSTEM_AUDIT_ACE_TYPE
- SYSTEM_ALARM_ACE_TYPE
- ANSI_DOS_STAR/QM/DOT
- DOS_STAR/QM/DOT
- FILE_EA_TYPE_XXX
- FILE_NEED_EA
- FILE_OPBATCH_BREAK_UNDERWAY
- SECURITY_WORLD_SID_AUTHORITY
- SECURITY_WORLD_RID
- Data types:
- POBJECT
- FILE_STORAGE_TYPE
- FILE_COMPLETION_INFORMATION
- FILE_COPY_ON_WRITE_INFORMATION
- FILE_FS_CONTROL_INFORMATION
- FILE_GET_EA_INFORMATION
- FILE_GET_QUOTA_INFORMATION
- FILE_OBJECTID_INFORMATION
- FILE_OLE_CLASSID_INFORMATION
- FILE_OLE_ALL_INFORMATION
- FILE_OLE_DIR_INFORMATION
- FILE_OLE_INFORMATION
- FILE_OLE_STATE_BITS_INFORMATION
- FILE_QUOTA_INFORMATION
- Function prototypes:
- HalDisplayString
- HalMakeBeep
- IoGetRequestorProcess
- ObQueryNameString
- ProbeForWrite
- RtlAbsoluteToSelfRelativeSD
- RtlGetDaclSecurityDescriptor
- RtlGetGroupSecurityDescriptor
- RtlGetOwnerSecurityDescriptor
- RtlInitializeSid
- RtlSetGroupSecurityDescriptor
- RtlSetOwnerSecurityDescriptor
- RtlSetSaclSecurityDescriptor
- ZwDeleteValueKey
- ZwDisplayString
- ZwQueryDirectoryObject
-
- 11. 1999-10-13
- Corrected:
- ZwOpenProcessToken
- ZwOpenThreadToken
- Added:
- Function prototypes:
- RtlAllocateAndInitializeSid
- RtlCopySid
- RtlEqualSid
- RtlFillMemoryUlong
- RtlIsNameLegalDOS8Dot3
- RtlLengthRequiredSid
- RtlLengthSid
- RtlNtStatusToDosError
- RtlSubAuthorityCountSid
- RtlSubAuthoritySid
- RtlValidSid
-
- 10. 1999-07-15
- Corrected:
- RtlConvertSidToUnicodeString
- Added:
- Externals:
- FsRtlLegalAnsiCharacterArray
- NtBuildNumber
- Defines:
- FSRTL_WILD_CHARACTER
- FlagOn
- FsRtlIsUnicodeCharacterWild
- Structures:
- FILE_ACCESS_INFORMATION
- FILE_MODE_INFORMATION
- GENERATE_NAME_CONTEXT
- Function prototypes:
- FsRtlDoesNameContainWildCards
- FsRtlIsNameInExpression
- IoSetInformation
- RtlGenerate8dot3Name
- ZwQuerySecurityObject
-
- 9. 1999-07-12
- Corrected:
- EXTENDED_IO_STACK_LOCATION
- QueryDirectory in EXTENDED_IO_STACK_LOCATION
- ZwCreateThread
- Added:
- Structures:
- INITIAL_TEB
- Function prototypes:
- ZwQuerySymbolicLinkObject
-
- 8. 1999-06-07
- Corrected:
- ZwOpenProcessToken
- ZwOpenThreadToken
- Added:
- Defines:
- FILE_OPLOCK_BROKEN_TO_LEVEL_2
- FILE_OPLOCK_BROKEN_TO_NONE
- FILE_CASE_SENSITIVE_SEARCH
- FILE_CASE_PRESERVED_NAMES
- FILE_UNICODE_ON_DISK
- FILE_PERSISTENT_ACLS
- FILE_FILE_COMPRESSION
- FILE_VOLUME_IS_COMPRESSED
- FSRTL_FLAG_ACQUIRE_MAIN_RSRC_EX
- FSRTL_FLAG_ACQUIRE_MAIN_RSRC_SH
- IOCTL_REDIR_QUERY_PATH
- Structures:
- FILE_FS_LABEL_INFORMATION
- PATHNAME_BUFFER
- In IO_STACK_LOCATION:
- FileSystemControl
- LockControl
- SetVolume
- Function prototypes:
- FsRtlCopyRead
- FsRtlCopyWrite
- IoVerifyVolume
-
- 7. 1999-06-05
- Added:
- defines for TOKEN_XXX
- SID_NAME_USE
- TOKEN_INFORMATION_CLASS
- TOKEN_TYPE
- FILE_FS_ATTRIBUTE_INFORMATION
- FILE_FS_SIZE_INFORMATION
- SID_IDENTIFIER_AUTHORITY
- SID
- SID_AND_ATTRIBUTES
- TOKEN_CONTROL
- TOKEN_DEFAULT_DACL
- TOKEN_GROUPS
- TOKEN_OWNER
- TOKEN_PRIMARY_GROUP
- TOKEN_PRIVILEGES
- TOKEN_SOURCE
- TOKEN_STATISTICS
- TOKEN_USER
- IoCreateFile
- IoGetAttachedDevice
- IoGetBaseFileSystemDeviceObject
- PsReferenceImpersonationToken
- PsReferencePrimaryToken
- RtlConvertSidToUnicodeString
- SeCaptureSubjectContext
- SeMarkLogonSessionForTerminationNotification
- SeRegisterLogonSessionTerminatedRoutine
- SeUnregisterLogonSessionTerminatedRoutine
- ZwOpenProcessToken
- ZwOpenThreadToken
- ZwQueryInformationToken
-
- 6. 1999-05-10
- Corrected declarations of Zw functions.
- Added:
- ZwCancelIoFile
- ZwDeleteFile
- ZwFlushBuffersFile
- ZwFsControlFile
- ZwLockFile
- ZwNotifyChangeDirectoryFile
- ZwOpenFile
- ZwQueryEaFile
- ZwSetEaFile
- ZwSetVolumeInformationFile
- ZwUnlockFile
-
- 5. 1999-05-09
- Added:
- defines for FILE_ACTION_XXX and FILE_NOTIFY_XXX
- FILE_FS_VOLUME_INFORMATION
- RETRIEVAL_POINTERS_BUFFER
- STARTING_VCN_INPUT_BUFFER
- FsRtlNotifyFullReportChange
-
- 4. 1999-04-11
- Corrected:
- ZwCreateThread
- Added:
- define _GNU_NTIFS_
-
- 3. 1999-03-30
- Added:
- defines for MAP_XXX, MEM_XXX and SEC_XXX
- FILE_BOTH_DIR_INFORMATION
- FILE_DIRECTORY_INFORMATION
- FILE_FULL_DIR_INFORMATION
- FILE_NAMES_INFORMATION
- FILE_NOTIFY_INFORMATION
- FsRtlNotifyCleanup
- KeAttachProcess
- KeDetachProcess
- MmCreateSection
- ZwCreateProcess
- ZwCreateThread
- ZwDeviceIoControlFile
- ZwGetContextThread
- ZwLoadDriver
- ZwOpenDirectoryObject
- ZwOpenProcess
- ZwOpenSymbolicLinkObject
- ZwQueryDirectoryFile
- ZwUnloadDriver
-
- 2. 1999-03-15
- Added:
- FILE_COMPRESSION_INFORMATION
- FILE_STREAM_INFORMATION
- FILE_LINK_INFORMATION
- FILE_RENAME_INFORMATION
- EXTENDED_IO_STACK_LOCATION
- IoQueryFileInformation
- IoQueryFileVolumeInformation
- ZwQueryVolumeInformationFile
- Moved include of ntddk.h to inside extern "C" block.
-
- 1. 1999-03-11
- Initial release.
-*/
-
-#ifndef _NTIFS_
-#define _NTIFS_
-#define _GNU_NTIFS_
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#include <ntddk.h>
-#include <ntverp.h>
-
-// Available in Windows NT 3.1 and later versions.
-// Documented in the WDK.
-extern PEPROCESS PsInitialSystemProcess;
-
-// Available in Windows NT 3.5 and later versions.
-typedef struct _HAL_PRIVATE_DISPATCH *PHAL_PRIVATE_DISPATCH;
-extern PHAL_PRIVATE_DISPATCH HalPrivateDispatchTable;
-
-// Available in Windows NT 3.5 and later versions.
-typedef struct _LOADER_PARAMETER_BLOCK *PLOADER_PARAMETER_BLOCK;
-extern PLOADER_PARAMETER_BLOCK KeLoaderBlock;
-
-// Available in Windows NT 3.5 and later versions.
-typedef struct _SERVICE_DESCRIPTOR_TABLE *PSERVICE_DESCRIPTOR_TABLE;
-extern PSERVICE_DESCRIPTOR_TABLE KeServiceDescriptorTable;
-
-// Available in Windows NT 3.5 and later versions.
-extern PSHORT NtBuildNumber;
-extern PULONG KeI386MachineType;
-
-// Available in Windows NT 4.0 and later versions.
-extern ULONG KiBugCheckData[5];
-
-// Available in Windows 2000 and later versions.
-extern PULONG InitSafeBootMode;
-
-// Available from Windows 2000 untill Windows Server 2003.
-extern PULONG KiEnableTimerWatchdog;
-
-// Available in Windows NT 3.5 and later versions.
-//
-// Set by the kernel debugger on the target system to the address of the
-// serial port used to communicate with the host.
-//
-extern PUCHAR *KdComPortInUse;
-
-// Available in Windows 2000 and later versions.
-extern PULONG KdEnteredDebugger;
-
-// Available in Windows Vista and later versions.
-// Documented in the WDK.
-extern PVOID MmBadPointer;
-
-// Available in Windows NT 3.5 and later versions.
-// Documented in the WDK.
-extern PUCHAR *FsRtlLegalAnsiCharacterArray;
-
-// Available in Windows NT 3.5 and later versions.
-extern PUSHORT *NlsLeadByteInfo;
-extern PUSHORT *NlsOemLeadByteInfo;
-extern PBOOLEAN NlsMbCodePageTag;
-extern PBOOLEAN NlsMbOemCodePageTag;
-
-// Available in Windows NT 4.0 and later versions.
-extern PUSHORT NlsAnsiCodePage;
-
-// Available in Windows 2000 and later versions.
-extern PUSHORT NlsOemCodePage;
-
-// Available in Windows NT 3.5 and later versions.
-// SeExports is documented in the WDK.
-typedef struct _SE_EXPORTS *PSE_EXPORTS;
-extern PSE_EXPORTS SeExports;
-extern PACL SePublicDefaultDacl;
-extern PACL SeSystemDefaultDacl;
-
-// Available in Windows NT 3.5 and later versions.
-// Documented in the WDK.
-extern KSPIN_LOCK IoStatisticsLock;
-extern ULONG IoReadOperationCount;
-extern ULONG IoWriteOperationCount;
-extern LARGE_INTEGER IoReadTransferCount;
-extern LARGE_INTEGER IoWriteTransferCount;
-
-// Available from Windows NT 3.5 untill Windows XP.
-extern ULONG KeDcacheFlushCount;
-extern ULONG KeIcacheFlushCount;
-
-// Available in Windows NT 4.0 and later versions.
-// Documented in the WDK.
-extern ULONG CcFastMdlReadWait;
-// Available from Windows NT 4.0 untill Windows Server 2003.
-extern ULONG CcFastReadNotPossible;
-extern ULONG CcFastReadWait;
-
-// The ExEventObjectType, ExSemaphoreObjectType and IoFileObjectType is
-// documented in the DDK and the WDK.
-//
-// The CmKeyObjectType, SeTokenObjectType, PsProcessType, PsThreadType,
-// TmEnlistmentObjectType, TmResourceManagerObjectType,
-// TmTransactionManagerObjectType and TmTransactionObjectType
-// is documented in the WDK.
-//
-// Available in Windows NT 3.5 and later versions.
-extern POBJECT_TYPE *IoAdapterObjectType;
-extern POBJECT_TYPE *IoDeviceObjectType;
-extern POBJECT_TYPE *IoDriverObjectType;
-extern POBJECT_TYPE *MmSectionObjectType;
-extern POBJECT_TYPE *PsProcessType;
-extern POBJECT_TYPE *PsThreadType;
-// Available in Windows NT 4.0 and later versions.
-extern POBJECT_TYPE *ExDesktopObjectType;
-extern POBJECT_TYPE *ExWindowStationObjectType;
-extern POBJECT_TYPE *IoDeviceHandlerObjectType;
-// Available in Windows 2000 and later versions.
-extern POBJECT_TYPE *LpcPortObjectType;
-extern POBJECT_TYPE *PsJobType;
-// Available in Windows XP and later versions.
-extern POBJECT_TYPE *SeTokenObjectType;
-// Available in Windows Vista and later versions.
-extern POBJECT_TYPE *TmEnlistmentObjectType;
-extern POBJECT_TYPE *TmResourceManagerObjectType;
-extern POBJECT_TYPE *TmTransactionManagerObjectType;
-extern POBJECT_TYPE *TmTransactionObjectType;
-// Available in Windows 7 and later versions.
-extern POBJECT_TYPE *CmKeyObjectType;
-
-// Available in Windows NT 4.0 and later versions.
-extern PULONG IoDeviceHandlerObjectSize;
-
-// Available in Windows Vista and later versions.
-extern PVOID POGOBuffer;
-extern PVOID psMUITest;
-extern PVOID PsUILanguageComitted;
-
-#define ACCESS_ALLOWED_ACE_TYPE (0x0)
-#define ACCESS_DENIED_ACE_TYPE (0x1)
-#define SYSTEM_AUDIT_ACE_TYPE (0x2)
-#define SYSTEM_ALARM_ACE_TYPE (0x3)
-
-#define ANSI_DOS_STAR ('<')
-#define ANSI_DOS_QM ('>')
-#define ANSI_DOS_DOT ('"')
-
-#define DOS_STAR (L'<')
-#define DOS_QM (L'>')
-#define DOS_DOT (L'"')
-
-#define COMPRESSION_FORMAT_NONE (0x0000)
-#define COMPRESSION_FORMAT_DEFAULT (0x0001)
-#define COMPRESSION_FORMAT_LZNT1 (0x0002)
-#define COMPRESSION_ENGINE_STANDARD (0x0000)
-#define COMPRESSION_ENGINE_MAXIMUM (0x0100)
-#define COMPRESSION_ENGINE_HIBER (0x0200)
-
-#define FILE_ACTION_ADDED 0x00000001
-#define FILE_ACTION_REMOVED 0x00000002
-#define FILE_ACTION_MODIFIED 0x00000003
-#define FILE_ACTION_RENAMED_OLD_NAME 0x00000004
-#define FILE_ACTION_RENAMED_NEW_NAME 0x00000005
-#define FILE_ACTION_ADDED_STREAM 0x00000006
-#define FILE_ACTION_REMOVED_STREAM 0x00000007
-#define FILE_ACTION_MODIFIED_STREAM 0x00000008
-#define FILE_ACTION_REMOVED_BY_DELETE 0x00000009
-#define FILE_ACTION_ID_NOT_TUNNELLED 0x0000000A
-#define FILE_ACTION_TUNNELLED_ID_COLLISION 0x0000000B
-
-#define FILE_EA_TYPE_BINARY 0xfffe
-#define FILE_EA_TYPE_ASCII 0xfffd
-#define FILE_EA_TYPE_BITMAP 0xfffb
-#define FILE_EA_TYPE_METAFILE 0xfffa
-#define FILE_EA_TYPE_ICON 0xfff9
-#define FILE_EA_TYPE_EA 0xffee
-#define FILE_EA_TYPE_MVMT 0xffdf
-#define FILE_EA_TYPE_MVST 0xffde
-#define FILE_EA_TYPE_ASN1 0xffdd
-#define FILE_EA_TYPE_FAMILY_IDS 0xff01
-
-#define FILE_NEED_EA 0x00000080
-
-#define FILE_NOTIFY_CHANGE_FILE_NAME 0x00000001
-#define FILE_NOTIFY_CHANGE_DIR_NAME 0x00000002
-#define FILE_NOTIFY_CHANGE_NAME 0x00000003
-#define FILE_NOTIFY_CHANGE_ATTRIBUTES 0x00000004
-#define FILE_NOTIFY_CHANGE_SIZE 0x00000008
-#define FILE_NOTIFY_CHANGE_LAST_WRITE 0x00000010
-#define FILE_NOTIFY_CHANGE_LAST_ACCESS 0x00000020
-#define FILE_NOTIFY_CHANGE_CREATION 0x00000040
-#define FILE_NOTIFY_CHANGE_EA 0x00000080
-#define FILE_NOTIFY_CHANGE_SECURITY 0x00000100
-#define FILE_NOTIFY_CHANGE_STREAM_NAME 0x00000200
-#define FILE_NOTIFY_CHANGE_STREAM_SIZE 0x00000400
-#define FILE_NOTIFY_CHANGE_STREAM_WRITE 0x00000800
-#define FILE_NOTIFY_VALID_MASK 0x00000fff
-
-#define FILE_OPLOCK_BROKEN_TO_LEVEL_2 0x00000007
-#define FILE_OPLOCK_BROKEN_TO_NONE 0x00000008
-
-#define FILE_OPBATCH_BREAK_UNDERWAY 0x00000009
-
-#define FILE_CASE_SENSITIVE_SEARCH 0x00000001
-#define FILE_CASE_PRESERVED_NAMES 0x00000002
-#define FILE_UNICODE_ON_DISK 0x00000004
-#define FILE_PERSISTENT_ACLS 0x00000008
-#define FILE_FILE_COMPRESSION 0x00000010
-#define FILE_VOLUME_QUOTAS 0x00000020
-#define FILE_SUPPORTS_SPARSE_FILES 0x00000040
-#define FILE_SUPPORTS_REPARSE_POINTS 0x00000080
-#define FILE_SUPPORTS_REMOTE_STORAGE 0x00000100
-#define FS_LFN_APIS 0x00004000
-#define FILE_VOLUME_IS_COMPRESSED 0x00008000
-#define FILE_SUPPORTS_OBJECT_IDS 0x00010000
-#define FILE_SUPPORTS_ENCRYPTION 0x00020000
-#define FILE_NAMED_STREAMS 0x00040000
-#define FILE_READ_ONLY_VOLUME 0x00080000
-
-#define FILE_PIPE_BYTE_STREAM_TYPE 0x00000000
-#define FILE_PIPE_MESSAGE_TYPE 0x00000001
-
-#define FILE_PIPE_BYTE_STREAM_MODE 0x00000000
-#define FILE_PIPE_MESSAGE_MODE 0x00000001
-
-#define FILE_PIPE_QUEUE_OPERATION 0x00000000
-#define FILE_PIPE_COMPLETE_OPERATION 0x00000001
-
-#define FILE_PIPE_INBOUND 0x00000000
-#define FILE_PIPE_OUTBOUND 0x00000001
-#define FILE_PIPE_FULL_DUPLEX 0x00000002
-
-#define FILE_PIPE_DISCONNECTED_STATE 0x00000001
-#define FILE_PIPE_LISTENING_STATE 0x00000002
-#define FILE_PIPE_CONNECTED_STATE 0x00000003
-#define FILE_PIPE_CLOSING_STATE 0x00000004
-
-#define FILE_PIPE_CLIENT_END 0x00000000
-#define FILE_PIPE_SERVER_END 0x00000001
-
-#define FILE_PIPE_READ_DATA 0x00000000
-#define FILE_PIPE_WRITE_SPACE 0x00000001
-
-#define FILE_STORAGE_TYPE_SPECIFIED 0x00000041 // FILE_DIRECTORY_FILE | FILE_NON_DIRECTORY_FILE
-#define FILE_STORAGE_TYPE_DEFAULT (StorageTypeDefault << FILE_STORAGE_TYPE_SHIFT)
-#define FILE_STORAGE_TYPE_DIRECTORY (StorageTypeDirectory << FILE_STORAGE_TYPE_SHIFT)
-#define FILE_STORAGE_TYPE_FILE (StorageTypeFile << FILE_STORAGE_TYPE_SHIFT)
-#define FILE_STORAGE_TYPE_DOCFILE (StorageTypeDocfile << FILE_STORAGE_TYPE_SHIFT)
-#define FILE_STORAGE_TYPE_JUNCTION_POINT (StorageTypeJunctionPoint << FILE_STORAGE_TYPE_SHIFT)
-#define FILE_STORAGE_TYPE_CATALOG (StorageTypeCatalog << FILE_STORAGE_TYPE_SHIFT)
-#define FILE_STORAGE_TYPE_STRUCTURED_STORAGE (StorageTypeStructuredStorage << FILE_STORAGE_TYPE_SHIFT)
-#define FILE_STORAGE_TYPE_EMBEDDING (StorageTypeEmbedding << FILE_STORAGE_TYPE_SHIFT)
-#define FILE_STORAGE_TYPE_STREAM (StorageTypeStream << FILE_STORAGE_TYPE_SHIFT)
-#define FILE_MINIMUM_STORAGE_TYPE FILE_STORAGE_TYPE_DEFAULT
-#define FILE_MAXIMUM_STORAGE_TYPE FILE_STORAGE_TYPE_STREAM
-#define FILE_STORAGE_TYPE_MASK 0x000f0000
-#define FILE_STORAGE_TYPE_SHIFT 16
-
-#define FILE_VC_QUOTA_NONE 0x00000000
-#define FILE_VC_QUOTA_TRACK 0x00000001
-#define FILE_VC_QUOTA_ENFORCE 0x00000002
-#define FILE_VC_QUOTA_MASK 0x00000003
-
-#define FILE_VC_QUOTAS_LOG_VIOLATIONS 0x00000004
-#define FILE_VC_CONTENT_INDEX_DISABLED 0x00000008
-
-#define FILE_VC_LOG_QUOTA_THRESHOLD 0x00000010
-#define FILE_VC_LOG_QUOTA_LIMIT 0x00000020
-#define FILE_VC_LOG_VOLUME_THRESHOLD 0x00000040
-#define FILE_VC_LOG_VOLUME_LIMIT 0x00000080
-
-#define FILE_VC_QUOTAS_INCOMPLETE 0x00000100
-#define FILE_VC_QUOTAS_REBUILDING 0x00000200
-
-#define FILE_VC_VALID_MASK 0x000003ff
-
-#define FSRTL_FCB_HEADER_V0 (0x00)
-#define FSRTL_FCB_HEADER_V1 (0x01)
-
-#define FSRTL_FLAG_FILE_MODIFIED (0x01)
-#define FSRTL_FLAG_FILE_LENGTH_CHANGED (0x02)
-#define FSRTL_FLAG_LIMIT_MODIFIED_PAGES (0x04)
-#define FSRTL_FLAG_ACQUIRE_MAIN_RSRC_EX (0x08)
-#define FSRTL_FLAG_ACQUIRE_MAIN_RSRC_SH (0x10)
-#define FSRTL_FLAG_USER_MAPPED_FILE (0x20)
-#define FSRTL_FLAG_ADVANCED_HEADER (0x40)
-#define FSRTL_FLAG_EOF_ADVANCE_ACTIVE (0x80)
-
-#define FSRTL_FLAG2_DO_MODIFIED_WRITE (0x01)
-#define FSRTL_FLAG2_SUPPORTS_FILTER_CONTEXTS (0x02)
-#define FSRTL_FLAG2_PURGE_WHEN_MAPPED (0x04)
-#define FSRTL_FLAG2_IS_PAGING_FILE (0x08)
-
-#define FSRTL_FSP_TOP_LEVEL_IRP (0x01)
-#define FSRTL_CACHE_TOP_LEVEL_IRP (0x02)
-#define FSRTL_MOD_WRITE_TOP_LEVEL_IRP (0x03)
-#define FSRTL_FAST_IO_TOP_LEVEL_IRP (0x04)
-#define FSRTL_MAX_TOP_LEVEL_IRP_FLAG (0x04)
-
-#define FSRTL_VOLUME_DISMOUNT 1
-#define FSRTL_VOLUME_DISMOUNT_FAILED 2
-#define FSRTL_VOLUME_LOCK 3
-#define FSRTL_VOLUME_LOCK_FAILED 4
-#define FSRTL_VOLUME_UNLOCK 5
-#define FSRTL_VOLUME_MOUNT 6
-
-#define FSRTL_WILD_CHARACTER 0x08
-
-#ifdef _X86_
-#define HARDWARE_PTE HARDWARE_PTE_X86
-#define PHARDWARE_PTE PHARDWARE_PTE_X86
-#else
-#define HARDWARE_PTE ULONG
-#define PHARDWARE_PTE PULONG
-#endif
-
-#define IO_CHECK_CREATE_PARAMETERS 0x0200
-#define IO_ATTACH_DEVICE 0x0400
-
-#define IO_ATTACH_DEVICE_API 0x80000000
-
-#define IO_COMPLETION_QUERY_STATE 0x0001
-#define IO_COMPLETION_MODIFY_STATE 0x0002
-#define IO_COMPLETION_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED|SYNCHRONIZE|0x3)
-
-#define IO_FILE_OBJECT_NON_PAGED_POOL_CHARGE 64
-#define IO_FILE_OBJECT_PAGED_POOL_CHARGE 1024
-
-#define IO_REPARSE_TAG_RESERVED_ZERO (0)
-#define IO_REPARSE_TAG_RESERVED_ONE (1)
-
-#define IO_TYPE_APC 18
-#define IO_TYPE_DPC 19
-#define IO_TYPE_DEVICE_QUEUE 20
-#define IO_TYPE_EVENT_PAIR 21
-#define IO_TYPE_INTERRUPT 22
-#define IO_TYPE_PROFILE 23
-
-#define IRP_BEING_VERIFIED 0x10
-
-#define MAILSLOT_CLASS_FIRSTCLASS 1
-#define MAILSLOT_CLASS_SECONDCLASS 2
-
-#define MAILSLOT_SIZE_AUTO 0
-
-#define MAP_PROCESS 1L
-#define MAP_SYSTEM 2L
-
-#define MEM_DOS_LIM 0x40000000
-#define MEM_IMAGE SEC_IMAGE
-
-#define OB_FLAG_CREATE_INFO 0x01 /* Object header has OBJECT_CREATE_INFO */
-#define OB_FLAG_KERNEL_MODE 0x02 /* Created by kernel */
-#define OB_FLAG_CREATOR_INFO 0x04 /* Object header has OBJECT_CREATOR_INFO */
-#define OB_FLAG_EXCLUSIVE 0x08 /* OBJ_EXCLUSIVE */
-#define OB_FLAG_PERMAMENT 0x10 /* OBJ_PERMAMENT */
-#define OB_FLAG_SECURITY 0x20 /* Object header has SecurityDescriptor != NULL */
-#define OB_FLAG_SINGLE_PROCESS 0x40 /* absent HandleDBList */
-
-#define OB_SECURITY_CHARGE 0x00000800
-
-#define OB_TYPE_TYPE 1
-#define OB_TYPE_DIRECTORY 2
-#define OB_TYPE_SYMBOLIC_LINK 3
-#define OB_TYPE_TOKEN 4
-#define OB_TYPE_PROCESS 5
-#define OB_TYPE_THREAD 6
-#define OB_TYPE_EVENT 7
-#define OB_TYPE_EVENT_PAIR 8
-#define OB_TYPE_MUTANT 9
-#define OB_TYPE_SEMAPHORE 10
-#define OB_TYPE_TIMER 11
-#define OB_TYPE_PROFILE 12
-#define OB_TYPE_WINDOW_STATION 13
-#define OB_TYPE_DESKTOP 14
-#define OB_TYPE_SECTION 15
-#define OB_TYPE_KEY 16
-#define OB_TYPE_PORT 17
-#define OB_TYPE_ADAPTER 18
-#define OB_TYPE_CONTROLLER 19
-#define OB_TYPE_DEVICE 20
-#define OB_TYPE_DRIVER 21
-#define OB_TYPE_IO_COMPLETION 22
-#define OB_TYPE_FILE 23
-
-#define PIN_WAIT (1)
-#define PIN_EXCLUSIVE (2)
-#define PIN_NO_READ (4)
-#define PIN_IF_BCB (8)
-
-#define MAP_WAIT (1)
-#define MAP_NO_READ (16)
-
-#define PORT_CONNECT 0x0001
-#define PORT_ALL_ACCESS (STANDARD_RIGHTS_ALL |\
- PORT_CONNECT)
-
-#define SEC_BASED 0x00200000
-#define SEC_NO_CHANGE 0x00400000
-#define SEC_FILE 0x00800000
-#define SEC_IMAGE 0x01000000
-#define SEC_COMMIT 0x08000000
-#define SEC_NOCACHE 0x10000000
-
-#define SECURITY_WORLD_SID_AUTHORITY {0,0,0,0,0,1}
-#define SECURITY_WORLD_RID (0x00000000L)
-
-#define SID_REVISION 1
-
-#define THREAD_STATE_INITIALIZED 0
-#define THREAD_STATE_READY 1
-#define THREAD_STATE_RUNNING 2
-#define THREAD_STATE_STANDBY 3
-#define THREAD_STATE_TERMINATED 4
-#define THREAD_STATE_WAIT 5
-#define THREAD_STATE_TRANSITION 6
-#define THREAD_STATE_UNKNOWN 7
-
-#define TOKEN_ASSIGN_PRIMARY (0x0001)
-#define TOKEN_DUPLICATE (0x0002)
-#define TOKEN_IMPERSONATE (0x0004)
-#define TOKEN_QUERY (0x0008)
-#define TOKEN_QUERY_SOURCE (0x0010)
-#define TOKEN_ADJUST_PRIVILEGES (0x0020)
-#define TOKEN_ADJUST_GROUPS (0x0040)
-#define TOKEN_ADJUST_DEFAULT (0x0080)
-
-#define TOKEN_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED |\
- TOKEN_ASSIGN_PRIMARY |\
- TOKEN_DUPLICATE |\
- TOKEN_IMPERSONATE |\
- TOKEN_QUERY |\
- TOKEN_QUERY_SOURCE |\
- TOKEN_ADJUST_PRIVILEGES |\
- TOKEN_ADJUST_GROUPS |\
- TOKEN_ADJUST_DEFAULT)
-
-#define TOKEN_READ (STANDARD_RIGHTS_READ |\
- TOKEN_QUERY)
-
-#define TOKEN_WRITE (STANDARD_RIGHTS_WRITE |\
- TOKEN_ADJUST_PRIVILEGES |\
- TOKEN_ADJUST_GROUPS |\
- TOKEN_ADJUST_DEFAULT)
-
-#define TOKEN_EXECUTE (STANDARD_RIGHTS_EXECUTE)
-
-#define TOKEN_SOURCE_LENGTH 8
-
-#define TOKEN_HAS_TRAVERSE_PRIVILEGE 0x01
-#define TOKEN_HAS_BACKUP_PRIVILEGE 0x02
-#define TOKEN_HAS_RESTORE_PRIVILEGE 0x04
-#define TOKEN_HAS_ADMIN_GROUP 0x08
-#define TOKEN_IS_RESTRICTED 0x10
-#define TOKEN_SESSION_NOT_REFERENCED 0x20
-#define TOKEN_SANDBOX_INERT 0x40
-#define TOKEN_HAS_IMPERSONATE_PRIVILEGE 0x80
-
-#define VACB_MAPPING_GRANULARITY (0x40000)
-#define VACB_OFFSET_SHIFT (18)
-
-#define FSCTL_REQUEST_OPLOCK_LEVEL_1 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 0, METHOD_BUFFERED, FILE_ANY_ACCESS)
-#define FSCTL_REQUEST_OPLOCK_LEVEL_2 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 1, METHOD_BUFFERED, FILE_ANY_ACCESS)
-#define FSCTL_REQUEST_BATCH_OPLOCK CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 2, METHOD_BUFFERED, FILE_ANY_ACCESS)
-#define FSCTL_OPLOCK_BREAK_ACKNOWLEDGE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 3, METHOD_BUFFERED, FILE_ANY_ACCESS)
-#define FSCTL_OPBATCH_ACK_CLOSE_PENDING CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 4, METHOD_BUFFERED, FILE_ANY_ACCESS)
-#define FSCTL_OPLOCK_BREAK_NOTIFY CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 5, METHOD_BUFFERED, FILE_ANY_ACCESS)
-#define FSCTL_LOCK_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 6, METHOD_BUFFERED, FILE_ANY_ACCESS)
-#define FSCTL_UNLOCK_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 7, METHOD_BUFFERED, FILE_ANY_ACCESS)
-#define FSCTL_DISMOUNT_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 8, METHOD_BUFFERED, FILE_ANY_ACCESS)
-
-#define FSCTL_IS_VOLUME_MOUNTED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 10, METHOD_BUFFERED, FILE_ANY_ACCESS)
-#define FSCTL_IS_PATHNAME_VALID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 11, METHOD_BUFFERED, FILE_ANY_ACCESS)
-#define FSCTL_MARK_VOLUME_DIRTY CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 12, METHOD_BUFFERED, FILE_ANY_ACCESS)
-
-#define FSCTL_QUERY_RETRIEVAL_POINTERS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 14, METHOD_NEITHER, FILE_ANY_ACCESS)
-#define FSCTL_GET_COMPRESSION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 15, METHOD_BUFFERED, FILE_ANY_ACCESS)
-#define FSCTL_SET_COMPRESSION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 16, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA)
-
-
-#define FSCTL_MARK_AS_SYSTEM_HIVE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 19, METHOD_NEITHER, FILE_ANY_ACCESS)
-#define FSCTL_OPLOCK_BREAK_ACK_NO_2 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 20, METHOD_BUFFERED, FILE_ANY_ACCESS)
-#define FSCTL_INVALIDATE_VOLUMES CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 21, METHOD_BUFFERED, FILE_ANY_ACCESS)
-#define FSCTL_QUERY_FAT_BPB CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 22, METHOD_BUFFERED, FILE_ANY_ACCESS)
-#define FSCTL_REQUEST_FILTER_OPLOCK CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 23, METHOD_BUFFERED, FILE_ANY_ACCESS)
-#define FSCTL_FILESYSTEM_GET_STATISTICS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 24, METHOD_BUFFERED, FILE_ANY_ACCESS)
-
-#if (VER_PRODUCTBUILD >= 1381)
-
-#define FSCTL_GET_NTFS_VOLUME_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 25, METHOD_BUFFERED, FILE_ANY_ACCESS)
-#define FSCTL_GET_NTFS_FILE_RECORD CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 26, METHOD_BUFFERED, FILE_ANY_ACCESS)
-#define FSCTL_GET_VOLUME_BITMAP CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 27, METHOD_NEITHER, FILE_ANY_ACCESS)
-#define FSCTL_GET_RETRIEVAL_POINTERS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 28, METHOD_NEITHER, FILE_ANY_ACCESS)
-#define FSCTL_MOVE_FILE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 29, METHOD_BUFFERED, FILE_ANY_ACCESS)
-#define FSCTL_IS_VOLUME_DIRTY CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 30, METHOD_BUFFERED, FILE_ANY_ACCESS)
-#define FSCTL_GET_HFS_INFORMATION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 31, METHOD_BUFFERED, FILE_ANY_ACCESS)
-#define FSCTL_ALLOW_EXTENDED_DASD_IO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 32, METHOD_NEITHER, FILE_ANY_ACCESS)
-
-#endif // (VER_PRODUCTBUILD >= 1381)
-
-#if (VER_PRODUCTBUILD >= 2195)
-
-#define FSCTL_READ_PROPERTY_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 33, METHOD_NEITHER, FILE_ANY_ACCESS)
-#define FSCTL_WRITE_PROPERTY_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 34, METHOD_NEITHER, FILE_ANY_ACCESS)
-#define FSCTL_FIND_FILES_BY_SID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 35, METHOD_NEITHER, FILE_ANY_ACCESS)
-
-#define FSCTL_DUMP_PROPERTY_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 37, METHOD_NEITHER, FILE_ANY_ACCESS)
-#define FSCTL_SET_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 38, METHOD_BUFFERED, FILE_WRITE_DATA)
-#define FSCTL_GET_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 39, METHOD_BUFFERED, FILE_ANY_ACCESS)
-#define FSCTL_DELETE_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 40, METHOD_BUFFERED, FILE_WRITE_DATA)
-#define FSCTL_SET_REPARSE_POINT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 41, METHOD_BUFFERED, FILE_WRITE_DATA)
-#define FSCTL_GET_REPARSE_POINT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 42, METHOD_BUFFERED, FILE_ANY_ACCESS)
-#define FSCTL_DELETE_REPARSE_POINT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 43, METHOD_BUFFERED, FILE_WRITE_DATA)
-#define FSCTL_ENUM_USN_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 44, METHOD_NEITHER, FILE_READ_DATA)
-#define FSCTL_SECURITY_ID_CHECK CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 45, METHOD_NEITHER, FILE_READ_DATA)
-#define FSCTL_READ_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 46, METHOD_NEITHER, FILE_READ_DATA)
-#define FSCTL_SET_OBJECT_ID_EXTENDED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 47, METHOD_BUFFERED, FILE_WRITE_DATA)
-#define FSCTL_CREATE_OR_GET_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 48, METHOD_BUFFERED, FILE_ANY_ACCESS)
-#define FSCTL_SET_SPARSE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 49, METHOD_BUFFERED, FILE_SPECIAL_ACCESS)
-#define FSCTL_SET_ZERO_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 50, METHOD_BUFFERED, FILE_WRITE_DATA)
-#define FSCTL_QUERY_ALLOCATED_RANGES CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 51, METHOD_NEITHER, FILE_READ_DATA)
-#define FSCTL_ENABLE_UPGRADE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 52, METHOD_BUFFERED, FILE_WRITE_DATA)
-#define FSCTL_SET_ENCRYPTION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 53, METHOD_BUFFERED, FILE_ANY_ACCESS)
-#define FSCTL_ENCRYPTION_FSCTL_IO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 54, METHOD_NEITHER, FILE_ANY_ACCESS)
-#define FSCTL_WRITE_RAW_ENCRYPTED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 55, METHOD_NEITHER, FILE_ANY_ACCESS)
-#define FSCTL_READ_RAW_ENCRYPTED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 56, METHOD_NEITHER, FILE_ANY_ACCESS)
-#define FSCTL_CREATE_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 57, METHOD_NEITHER, FILE_READ_DATA)
-#define FSCTL_READ_FILE_USN_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 58, METHOD_NEITHER, FILE_READ_DATA)
-#define FSCTL_WRITE_USN_CLOSE_RECORD CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 59, METHOD_NEITHER, FILE_READ_DATA)
-#define FSCTL_EXTEND_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 60, METHOD_BUFFERED, FILE_ANY_ACCESS)
-#define FSCTL_QUERY_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 61, METHOD_BUFFERED, FILE_ANY_ACCESS)
-#define FSCTL_DELETE_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 62, METHOD_BUFFERED, FILE_ANY_ACCESS)
-#define FSCTL_MARK_HANDLE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 63, METHOD_BUFFERED, FILE_ANY_ACCESS)
-#define FSCTL_SIS_COPYFILE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 64, METHOD_BUFFERED, FILE_ANY_ACCESS)
-#define FSCTL_SIS_LINK_FILES CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 65, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA)
-#define FSCTL_HSM_MSG CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 66, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA)
-#define FSCTL_NSS_CONTROL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 67, METHOD_BUFFERED, FILE_WRITE_DATA)
-#define FSCTL_HSM_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 68, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA)
-#define FSCTL_RECALL_FILE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 69, METHOD_NEITHER, FILE_ANY_ACCESS)
-#define FSCTL_NSS_RCONTROL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 70, METHOD_BUFFERED, FILE_READ_DATA)
-#define FSCTL_READ_FROM_PLEX CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 71, METHOD_OUT_DIRECT, FILE_READ_DATA)
-#define FSCTL_FILE_PREFETCH CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 72, METHOD_BUFFERED, FILE_SPECIAL_ACCESS)
-
-#endif // (VER_PRODUCTBUILD >= 2195)
-
-#define FSCTL_MAILSLOT_PEEK CTL_CODE(FILE_DEVICE_MAILSLOT, 0, METHOD_NEITHER, FILE_READ_DATA)
-
-#define FSCTL_NETWORK_SET_CONFIGURATION_INFO CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 102, METHOD_IN_DIRECT, FILE_ANY_ACCESS)
-#define FSCTL_NETWORK_GET_CONFIGURATION_INFO CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 103, METHOD_OUT_DIRECT, FILE_ANY_ACCESS)
-#define FSCTL_NETWORK_GET_CONNECTION_INFO CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 104, METHOD_NEITHER, FILE_ANY_ACCESS)
-#define FSCTL_NETWORK_ENUMERATE_CONNECTIONS CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 105, METHOD_NEITHER, FILE_ANY_ACCESS)
-#define FSCTL_NETWORK_DELETE_CONNECTION CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 107, METHOD_BUFFERED, FILE_ANY_ACCESS)
-#define FSCTL_NETWORK_GET_STATISTICS CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 116, METHOD_BUFFERED, FILE_ANY_ACCESS)
-#define FSCTL_NETWORK_SET_DOMAIN_NAME CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 120, METHOD_BUFFERED, FILE_ANY_ACCESS)
-#define FSCTL_NETWORK_REMOTE_BOOT_INIT_SCRT CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 250, METHOD_BUFFERED, FILE_ANY_ACCESS)
-
-#define FSCTL_PIPE_ASSIGN_EVENT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 0, METHOD_BUFFERED, FILE_ANY_ACCESS)
-#define FSCTL_PIPE_DISCONNECT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 1, METHOD_BUFFERED, FILE_ANY_ACCESS)
-#define FSCTL_PIPE_LISTEN CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2, METHOD_BUFFERED, FILE_ANY_ACCESS)
-#define FSCTL_PIPE_PEEK CTL_CODE(FILE_DEVICE_NAMED_PIPE, 3, METHOD_BUFFERED, FILE_READ_DATA)
-#define FSCTL_PIPE_QUERY_EVENT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 4, METHOD_BUFFERED, FILE_ANY_ACCESS)
-#define FSCTL_PIPE_TRANSCEIVE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 5, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA)
-#define FSCTL_PIPE_WAIT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 6, METHOD_BUFFERED, FILE_ANY_ACCESS)
-#define FSCTL_PIPE_IMPERSONATE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 7, METHOD_BUFFERED, FILE_ANY_ACCESS)
-#define FSCTL_PIPE_SET_CLIENT_PROCESS CTL_CODE(FILE_DEVICE_NAMED_PIPE, 8, METHOD_BUFFERED, FILE_ANY_ACCESS)
-#define FSCTL_PIPE_QUERY_CLIENT_PROCESS CTL_CODE(FILE_DEVICE_NAMED_PIPE, 9, METHOD_BUFFERED, FILE_ANY_ACCESS)
-#define FSCTL_PIPE_INTERNAL_READ CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2045, METHOD_BUFFERED, FILE_READ_DATA)
-#define FSCTL_PIPE_INTERNAL_WRITE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2046, METHOD_BUFFERED, FILE_WRITE_DATA)
-#define FSCTL_PIPE_INTERNAL_TRANSCEIVE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2047, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA)
-#define FSCTL_PIPE_INTERNAL_READ_OVFLOW CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2048, METHOD_BUFFERED, FILE_READ_DATA)
-
-#define IOCTL_REDIR_QUERY_PATH CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 99, METHOD_NEITHER, FILE_ANY_ACCESS)
-
-typedef PVOID PEJOB;
-typedef PVOID PNOTIFY_SYNC;
-typedef PVOID OPLOCK, *POPLOCK;
-typedef PVOID PWOW64_PROCESS;
-
-typedef ULONG LBN;
-typedef LBN *PLBN;
-
-typedef ULONG VBN;
-typedef VBN *PVBN;
-
-typedef struct _CACHE_MANAGER_CALLBACKS *PCACHE_MANAGER_CALLBACKS;
-typedef struct _EPROCESS_QUOTA_BLOCK *PEPROCESS_QUOTA_BLOCK;
-typedef struct _FILE_GET_QUOTA_INFORMATION *PFILE_GET_QUOTA_INFORMATION;
-typedef struct _HANDLE_TABLE *PHANDLE_TABLE;
-typedef struct _KEVENT_PAIR *PKEVENT_PAIR;
-typedef struct _KPROCESS *PKPROCESS;
-typedef struct _KQUEUE *PKQUEUE;
-typedef struct _KTRAP_FRAME *PKTRAP_FRAME;
-typedef struct _LPC_MESSAGE *PLPC_MESSAGE;
-typedef struct _MAILSLOT_CREATE_PARAMETERS *PMAILSLOT_CREATE_PARAMETERS;
-typedef struct _MMWSL *PMMWSL;
-typedef struct _NAMED_PIPE_CREATE_PARAMETERS *PNAMED_PIPE_CREATE_PARAMETERS;
-typedef struct _OBJECT_DIRECTORY *POBJECT_DIRECTORY;
-typedef struct _PAGEFAULT_HISTORY *PPAGEFAULT_HISTORY;
-typedef struct _PEB *PPEB;
-typedef struct _PS_IMPERSONATION_INFORMATION *PPS_IMPERSONATION_INFORMATION;
-typedef struct _SECTION_OBJECT *PSECTION_OBJECT;
-typedef struct _SERVICE_DESCRIPTOR_TABLE *PSERVICE_DESCRIPTOR_TABLE;
-typedef struct _SHARED_CACHE_MAP *PSHARED_CACHE_MAP;
-typedef struct _TERMINATION_PORT *PTERMINATION_PORT;
-typedef struct _VACB *PVACB;
-typedef struct _VAD_HEADER *PVAD_HEADER;
-
-#if (VER_PRODUCTBUILD < 2195)
-typedef ULONG SIZE_T, *PSIZE_T;
-#endif
-
-typedef enum _FAST_IO_POSSIBLE {
- FastIoIsNotPossible,
- FastIoIsPossible,
- FastIoIsQuestionable
-} FAST_IO_POSSIBLE;
-
-typedef enum _FILE_STORAGE_TYPE {
- StorageTypeDefault = 1,
- StorageTypeDirectory,
- StorageTypeFile,
- StorageTypeJunctionPoint,
- StorageTypeCatalog,
- StorageTypeStructuredStorage,
- StorageTypeEmbedding,
- StorageTypeStream
-} FILE_STORAGE_TYPE;
-
-typedef enum _IO_COMPLETION_INFORMATION_CLASS {
- IoCompletionBasicInformation
-} IO_COMPLETION_INFORMATION_CLASS;
-
-#if (VER_PRODUCTBUILD == 2195)
-
-typedef enum _KSPIN_LOCK_QUEUE_NUMBER {
- LockQueueDispatcherLock,
- LockQueueContextSwapLock,
- LockQueuePfnLock,
- LockQueueSystemSpaceLock,
- LockQueueVacbLock,
- LockQueueMasterLock,
- LockQueueNonPagedPoolLock,
- LockQueueIoCancelLock,
- LockQueueWorkQueueLock,
- LockQueueIoVpbLock,
- LockQueueIoDatabaseLock,
- LockQueueIoCompletionLock,
- LockQueueNtfsStructLock,
- LockQueueAfdWorkQueueLock,
- LockQueueBcbLock,
- LockQueueMaximumLock
-} KSPIN_LOCK_QUEUE_NUMBER;
-
-#endif // (VER_PRODUCTBUILD == 2195)
-
-typedef enum _LPC_TYPE {
- LPC_NEW_MESSAGE,
- LPC_REQUEST,
- LPC_REPLY,
- LPC_DATAGRAM,
- LPC_LOST_REPLY,
- LPC_PORT_CLOSED,
- LPC_CLIENT_DIED,
- LPC_EXCEPTION,
- LPC_DEBUG_EVENT,
- LPC_ERROR_EVENT,
- LPC_CONNECTION_REQUEST
-} LPC_TYPE;
-
-typedef enum _MMFLUSH_TYPE {
- MmFlushForDelete,
- MmFlushForWrite
-} MMFLUSH_TYPE;
-
-typedef enum _OBJECT_INFO_CLASS {
- ObjectBasicInfo,
- ObjectNameInfo,
- ObjectTypeInfo,
- ObjectAllTypesInfo,
- ObjectProtectionInfo
-} OBJECT_INFO_CLASS;
-
-typedef enum _PORT_INFORMATION_CLASS {
- PortNoInformation
-} PORT_INFORMATION_CLASS;
-
-typedef enum _SECTION_INFORMATION_CLASS {
- SectionBasicInformation,
- SectionImageInformation
-} SECTION_INFORMATION_CLASS;
-
-typedef enum _SID_NAME_USE {
- SidTypeUser = 1,
- SidTypeGroup,
- SidTypeDomain,
- SidTypeAlias,
- SidTypeWellKnownGroup,
- SidTypeDeletedAccount,
- SidTypeInvalid,
- SidTypeUnknown
-} SID_NAME_USE;
-
-typedef enum _SYSTEM_INFORMATION_CLASS {
- SystemBasicInformation,
- SystemProcessorInformation,
- SystemPerformanceInformation,
- SystemTimeOfDayInformation,
- SystemNotImplemented1,
- SystemProcessesAndThreadsInformation,
- SystemCallCounts,
- SystemConfigurationInformation,
- SystemProcessorTimes,
- SystemGlobalFlag,
- SystemNotImplemented2,
- SystemModuleInformation,
- SystemLockInformation,
- SystemNotImplemented3,
- SystemNotImplemented4,
- SystemNotImplemented5,
- SystemHandleInformation,
- SystemObjectInformation,
- SystemPagefileInformation,
- SystemInstructionEmulationCounts,
- SystemInvalidInfoClass1,
- SystemCacheInformation,
- SystemPoolTagInformation,
- SystemProcessorStatistics,
- SystemDpcInformation,
- SystemNotImplemented6,
- SystemLoadImage,
- SystemUnloadImage,
- SystemTimeAdjustment,
- SystemNotImplemented7,
- SystemNotImplemented8,
- SystemNotImplemented9,
- SystemCrashDumpInformation,
- SystemExceptionInformation,
- SystemCrashDumpStateInformation,
- SystemKernelDebuggerInformation,
- SystemContextSwitchInformation,
- SystemRegistryQuotaInformation,
- SystemLoadAndCallImage,
- SystemPrioritySeparation,
- SystemNotImplemented10,
- SystemNotImplemented11,
- SystemInvalidInfoClass2,
- SystemInvalidInfoClass3,
- SystemTimeZoneInformation,
- SystemLookasideInformation,
- SystemSetTimeSlipEvent,
- SystemCreateSession,
- SystemDeleteSession,
- SystemInvalidInfoClass4,
- SystemRangeStartInformation,
- SystemVerifierInformation,
- SystemAddVerifier,
- SystemSessionProcessesInformation
-} SYSTEM_INFORMATION_CLASS;
-
-typedef enum _THREAD_STATE {
- StateInitialized,
- StateReady,
- StateRunning,
- StateStandby,
- StateTerminated,
- StateWait,
- StateTransition,
- StateUnknown
-} THREAD_STATE;
-
-typedef enum _TOKEN_INFORMATION_CLASS {
- TokenUser = 1,
- TokenGroups,
- TokenPrivileges,
- TokenOwner,
- TokenPrimaryGroup,
- TokenDefaultDacl,
- TokenSource,
- TokenType,
- TokenImpersonationLevel,
- TokenStatistics,
- TokenRestrictedSids
-} TOKEN_INFORMATION_CLASS;
-
-typedef enum _TOKEN_TYPE {
- TokenPrimary = 1,
- TokenImpersonation
-} TOKEN_TYPE;
-
-typedef struct _HARDWARE_PTE_X86 {
- ULONG Valid : 1;
- ULONG Write : 1;
- ULONG Owner : 1;
- ULONG WriteThrough : 1;
- ULONG CacheDisable : 1;
- ULONG Accessed : 1;
- ULONG Dirty : 1;
- ULONG LargePage : 1;
- ULONG Global : 1;
- ULONG CopyOnWrite : 1;
- ULONG Prototype : 1;
- ULONG reserved : 1;
- ULONG PageFrameNumber : 20;
-} HARDWARE_PTE_X86, *PHARDWARE_PTE_X86;
-
-typedef struct _KAPC_STATE {
- LIST_ENTRY ApcListHead[2];
- PKPROCESS Process;
- BOOLEAN KernelApcInProgress;
- BOOLEAN KernelApcPending;
- BOOLEAN UserApcPending;
-} KAPC_STATE, *PKAPC_STATE;
-
-typedef struct _KGDTENTRY {
- USHORT LimitLow;
- USHORT BaseLow;
- union {
- struct {
- UCHAR BaseMid;
- UCHAR Flags1;
- UCHAR Flags2;
- UCHAR BaseHi;
- } Bytes;
- struct {
- ULONG BaseMid : 8;
- ULONG Type : 5;
- ULONG Dpl : 2;
- ULONG Pres : 1;
- ULONG LimitHi : 4;
- ULONG Sys : 1;
- ULONG Reserved_0 : 1;
- ULONG Default_Big : 1;
- ULONG Granularity : 1;
- ULONG BaseHi : 8;
- } Bits;
- } HighWord;
-} KGDTENTRY, *PKGDTENTRY;
-
-typedef struct _KIDTENTRY {
- USHORT Offset;
- USHORT Selector;
- USHORT Access;
- USHORT ExtendedOffset;
-} KIDTENTRY, *PKIDTENTRY;
-
-#if (VER_PRODUCTBUILD >= 2600)
-
-typedef struct _KPROCESS {
- DISPATCHER_HEADER Header;
- LIST_ENTRY ProfileListHead;
- ULONG DirectoryTableBase[2];
- KGDTENTRY LdtDescriptor;
- KIDTENTRY Int21Descriptor;
- USHORT IopmOffset;
- UCHAR Iopl;
- UCHAR Unused;
- ULONG ActiveProcessors;
- ULONG KernelTime;
- ULONG UserTime;
- LIST_ENTRY ReadyListHead;
- SINGLE_LIST_ENTRY SwapListEntry;
- PVOID VdmTrapcHandler;
- LIST_ENTRY ThreadListHead;
- KSPIN_LOCK ProcessLock;
- KAFFINITY Affinity;
- USHORT StackCount;
- CHAR BasePriority;
- CHAR ThreadQuantum;
- BOOLEAN AutoAlignment;
- UCHAR State;
- UCHAR ThreadSeed;
- BOOLEAN DisableBoost;
- UCHAR PowerState;
- BOOLEAN DisableQuantum;
- UCHAR IdealNode;
- UCHAR Spare;
-} KPROCESS, *PKPROCESS;
-
-#else
-
-typedef struct _KPROCESS {
- DISPATCHER_HEADER Header;
- LIST_ENTRY ProfileListHead;
- ULONG DirectoryTableBase[2];
- KGDTENTRY LdtDescriptor;
- KIDTENTRY Int21Descriptor;
- USHORT IopmOffset;
- UCHAR Iopl;
- UCHAR VdmFlag;
- ULONG ActiveProcessors;
- ULONG KernelTime;
- ULONG UserTime;
- LIST_ENTRY ReadyListHead;
- SINGLE_LIST_ENTRY SwapListEntry;
- PVOID Reserved1;
- LIST_ENTRY ThreadListHead;
- KSPIN_LOCK ProcessLock;
- KAFFINITY Affinity;
- USHORT StackCount;
- UCHAR BasePriority;
- UCHAR ThreadQuantum;
- BOOLEAN AutoAlignment;
- UCHAR State;
- UCHAR ThreadSeed;
- BOOLEAN DisableBoost;
-#if (VER_PRODUCTBUILD >= 2195)
- UCHAR PowerState;
- BOOLEAN DisableQuantum;
- UCHAR IdealNode;
- UCHAR Spare;
-#endif // (VER_PRODUCTBUILD >= 2195)
-} KPROCESS, *PKPROCESS;
-
-#endif
-
-#if (VER_PRODUCTBUILD >= 3790)
-
-typedef struct _KTHREAD {
- DISPATCHER_HEADER Header;
- LIST_ENTRY MutantListHead; // 0x10
- PVOID InitialStack; // 0x18
- PVOID StackLimit; // 0x1c
- PVOID KernelStack; // 0x20
- ULONG ThreadLock; // 0x24
- ULONG ContextSwitches; // 0x28
- UCHAR State; // 0x2c
- UCHAR NpxState; // 0x2d
- UCHAR WaitIrql; // 0x2e
- CHAR WaitMode; // 0x2f
- struct _TEB *Teb; // 0x30
- KAPC_STATE ApcState; // 0x34
- KSPIN_LOCK ApcQueueLock; // 0x4c
- NTSTATUS WaitStatus; // 0x50
- PKWAIT_BLOCK WaitBlockList; // 0x54
- BOOLEAN Alertable; // 0x58
- UCHAR WaitNext; // 0x59
- UCHAR WaitReason; // 0x5a
- CHAR Priority; // 0x5b
- BOOLEAN EnableStackSwap; // 0x5c
- BOOLEAN SwapBusy; // 0x5d
- UCHAR Alerted[2]; // 0x5e
- union {
- LIST_ENTRY WaitListEntry; // 0x60
- SINGLE_LIST_ENTRY SwapListEntry; // 0x60
- };
- PKQUEUE Queue; // 0x68
- ULONG WaitTime; // 0x6c
- union {
- struct {
- USHORT KernelApcDisable; // 0x70
- USHORT SpecialApcDisable; // 0x72
- };
- USHORT CombinedApcDisable; // 0x70
- };
- KTIMER Timer; // 0x78
- KWAIT_BLOCK WaitBlock[4]; // 0xa0
- LIST_ENTRY QueueListEntry; // 0x100
- UCHAR ApcStateIndex; // 0x108
- BOOLEAN ApcQueueable; // 0x109
- BOOLEAN Preempted; // 0x10a
- BOOLEAN ProcessReadyQueue; // 0x10b
- BOOLEAN KernelStackResident; // 0x10c
- CHAR Saturation; // 0x10d
- UCHAR IdealProcessor; // 0x10e
- UCHAR NextProcessor; // 0x10f
- CHAR BasePriority; // 0x110
- UCHAR Spare4; // 0x111
- CHAR PriorityDecrement; // 0x112
- CHAR Quantum; // 0x113
- BOOLEAN SystemAffinityActive; // 0x114
- CHAR PreviousMode; // 0x115
- UCHAR ResourceIndex; // 0x116
- BOOLEAN DisableBoost; // 0x117
- ULONG UserAffinity; // 0x118
- PKPROCESS Process; // 0x11c
- ULONG Affinity; // 0x120
- PSERVICE_DESCRIPTOR_TABLE ServiceTable; // 0x124
- PKAPC_STATE ApcStatePointer[2]; // 0x128
- KAPC_STATE SavedApcState; // 0x130
- PVOID CallbackStack; // 0x148
- PVOID Win32Thread; // 0x14c
- PKTRAP_FRAME TrapFrame; // 0x150
- ULONG KernelTime; // 0x154
- ULONG UserTime; // 0x158
- PVOID StackBase; // 0x15c
- KAPC SuspendApc; // 0x160
- KSEMAPHORE SuspendSemaphore; // 0x190
- PVOID TlsArray; // 0x1a4
- PVOID LegoData; // 0x1a8
- LIST_ENTRY ThreadListEntry; // 0x1ac
- BOOLEAN LargeStack; // 0x1b4
- UCHAR PowerState; // 0x1b5
- UCHAR NpxIrql; // 0x1b6
- UCHAR Spare5; // 0x1b7
- BOOLEAN AutoAlignment; // 0x1b8
- UCHAR Iopl; // 0x1b9
- CHAR FreezeCount; // 0x1ba
- CHAR SuspendCount; // 0x1bb
- UCHAR Spare0[1]; // 0x1bc
- UCHAR UserIdealProcessor; // 0x1bd
- UCHAR DeferredProcessor; // 0x1be
- UCHAR AdjustReason; // 0x1bf
- CHAR AdjustIncrement; // 0x1c0
- UCHAR Spare2[3]; // 0x1c1
-} KTHREAD, *PKTHREAD;
-
-#elif (VER_PRODUCTBUILD >= 2600)
-
-typedef struct _KTHREAD {
- DISPATCHER_HEADER Header;
- LIST_ENTRY MutantListHead;
- PVOID InitialStack;
- PVOID StackLimit;
- struct _TEB *Teb;
- PVOID TlsArray;
- PVOID KernelStack;
- BOOLEAN DebugActive;
- UCHAR State;
- UCHAR Alerted[2];
- UCHAR Iopl;
- UCHAR NpxState;
- CHAR Saturation;
- CHAR Priority;
- KAPC_STATE ApcState;
- ULONG ContextSwitches;
- UCHAR IdleSwapBlock;
- UCHAR Spare0[3];
- NTSTATUS WaitStatus;
- UCHAR WaitIrql;
- CHAR WaitMode;
- UCHAR WaitNext;
- UCHAR WaitReason;
- PKWAIT_BLOCK WaitBlockList;
- union {
- LIST_ENTRY WaitListEntry;
- SINGLE_LIST_ENTRY SwapListEntry;
- };
- ULONG WaitTime;
- CHAR BasePriority;
- UCHAR DecrementCount;
- CHAR PriorityDecrement;
- CHAR Quantum;
- KWAIT_BLOCK WaitBlock[4];
- PVOID LegoData;
- ULONG KernelApcDisable;
- ULONG UserAffinity;
- BOOLEAN SystemAffinityActive;
- UCHAR PowerState;
- UCHAR NpxIrql;
- UCHAR InitialNode;
- PSERVICE_DESCRIPTOR_TABLE ServiceTable;
- PKQUEUE Queue;
- KSPIN_LOCK ApcQueueLock;
- KTIMER Timer;
- LIST_ENTRY QueueListEntry;
- ULONG SoftAffinity;
- ULONG Affinity;
- BOOLEAN Preempted;
- BOOLEAN ProcessReadyQueue;
- BOOLEAN KernelStackResident;
- UCHAR NextProcessor;
- PVOID CallbackStack;
- PVOID Win32Thread;
- PKTRAP_FRAME TrapFrame;
- PKAPC_STATE ApcStatePointer[2];
- CHAR PreviousMode;
- BOOLEAN EnableStackSwap;
- BOOLEAN LargeStack;
- UCHAR ResourceIndex;
- ULONG KernelTime;
- ULONG UserTime;
- KAPC_STATE SavedApcState;
- BOOLEAN Alertable;
- UCHAR ApcStateIndex;
- BOOLEAN ApcQueueable;
- BOOLEAN AutoAlignment;
- PVOID StackBase;
- KAPC SuspendApc;
- KSEMAPHORE SuspendSemaphore;
- LIST_ENTRY ThreadListEntry;
- CHAR FreezeCount;
- CHAR SuspendCount;
- UCHAR IdealProcessor;
- BOOLEAN DisableBoost;
-} KTHREAD, *PKTHREAD;
-
-#else
-
-typedef struct _KTHREAD {
- DISPATCHER_HEADER Header;
- LIST_ENTRY MutantListHead;
- PVOID InitialStack;
- PVOID StackLimit;
- struct _TEB *Teb;
- PVOID TlsArray;
- PVOID KernelStack;
- BOOLEAN DebugActive;
- UCHAR State;
- USHORT Alerted;
- UCHAR Iopl;
- UCHAR NpxState;
- UCHAR Saturation;
- UCHAR Priority;
- KAPC_STATE ApcState;
- ULONG ContextSwitches;
- NTSTATUS WaitStatus;
- UCHAR WaitIrql;
- UCHAR WaitMode;
- UCHAR WaitNext;
- UCHAR WaitReason;
- PKWAIT_BLOCK WaitBlockList;
- LIST_ENTRY WaitListEntry;
- ULONG WaitTime;
- UCHAR BasePriority;
- UCHAR DecrementCount;
- UCHAR PriorityDecrement;
- UCHAR Quantum;
- KWAIT_BLOCK WaitBlock[4];
- ULONG LegoData;
- ULONG KernelApcDisable;
- ULONG UserAffinity;
- BOOLEAN SystemAffinityActive;
-#if (VER_PRODUCTBUILD < 2195)
- UCHAR Pad[3];
-#else // (VER_PRODUCTBUILD >= 2195)
- UCHAR PowerState;
- UCHAR NpxIrql;
- UCHAR Pad[1];
-#endif // (VER_PRODUCTBUILD >= 2195)
- PSERVICE_DESCRIPTOR_TABLE ServiceDescriptorTable;
- PKQUEUE Queue;
- KSPIN_LOCK ApcQueueLock;
- KTIMER Timer;
- LIST_ENTRY QueueListEntry;
- ULONG Affinity;
- BOOLEAN Preempted;
- BOOLEAN ProcessReadyQueue;
- BOOLEAN KernelStackResident;
- UCHAR NextProcessor;
- PVOID CallbackStack;
- PVOID Win32Thread;
- PKTRAP_FRAME TrapFrame;
- PKAPC_STATE ApcStatePointer[2];
-#if (VER_PRODUCTBUILD >= 2195)
- UCHAR PreviousMode;
-#endif // (VER_PRODUCTBUILD >= 2195)
- BOOLEAN EnableStackSwap;
- BOOLEAN LargeStack;
- UCHAR ResourceIndex;
-#if (VER_PRODUCTBUILD < 2195)
- UCHAR PreviousMode;
-#endif // (VER_PRODUCTBUILD < 2195)
- ULONG KernelTime;
- ULONG UserTime;
- KAPC_STATE SavedApcState;
- BOOLEAN Alertable;
- UCHAR ApcStateIndex;
- BOOLEAN ApcQueueable;
- BOOLEAN AutoAlignment;
- PVOID StackBase;
- KAPC SuspendApc;
- KSEMAPHORE SuspendSemaphore;
- LIST_ENTRY ThreadListEntry;
- UCHAR FreezeCount;
- UCHAR SuspendCount;
- UCHAR IdealProcessor;
- BOOLEAN DisableBoost;
-} KTHREAD, *PKTHREAD;
-
-#endif
-
-#if (VER_PRODUCTBUILD >= 3790)
-
-typedef struct _MMSUPPORT_FLAGS {
- ULONG SessionSpace : 1;
- ULONG BeingTrimmed : 1;
- ULONG SessionLeader : 1;
- ULONG TrimHard : 1;
- ULONG MaximumWorkingSetHard : 1;
- ULONG ForceTrim : 1;
- ULONG MinimumWorkingSetHard : 1;
- ULONG Available0 : 1;
- ULONG MemoryPriority : 8;
- ULONG GrowWsleHash : 1;
- ULONG AcquiredUnsafe : 1;
- ULONG Available : 14;
-} MMSUPPORT_FLAGS, *PMMSUPPORT_FLAGS;
-
-#elif (VER_PRODUCTBUILD >= 2600)
-
-typedef struct _MMSUPPORT_FLAGS {
- ULONG SessionSpace : 1;
- ULONG BeingTrimmed : 1;
- ULONG SessionLeader : 1;
- ULONG TrimHard : 1;
- ULONG WorkingSetHard : 1;
- ULONG AddressSpaceBeingDeleted : 1;
- ULONG Available : 10;
- ULONG AllowWorkingSetAdjustment : 8;
- ULONG MemoryPriority : 8;
-} MMSUPPORT_FLAGS, *PMMSUPPORT_FLAGS;
-
-#else
-
-typedef struct _MMSUPPORT_FLAGS {
- ULONG SessionSpace : 1;
- ULONG BeingTrimmed : 1;
- ULONG ProcessInSession : 1;
- ULONG SessionLeader : 1;
- ULONG TrimHard : 1;
- ULONG WorkingSetHard : 1;
- ULONG WriteWatch : 1;
- ULONG Filler : 25;
-} MMSUPPORT_FLAGS, *PMMSUPPORT_FLAGS;
-
-#endif
-
-#if (VER_PRODUCTBUILD >= 3790)
-/*
-typedef struct _KGUARDED_MUTEX {
- LONG Count;
- PKTHREAD Owner; // 0x4
- ULONG Contention; // 0x8
- KEVENT Event; // 0xc
- union {
- struct {
- USHORT KernelApcDisable; // 0x1c
- USHORT SpecialApcDisable; // 0x1e
- };
- USHORT CombinedApcDisable; // 0x1c
- };
-} KGUARDED_MUTEX, *PKGUARDED_MUTEX;
-*/
-typedef struct _MMSUPPORT {
- LIST_ENTRY WorkingSetExpansionLinks;
- LARGE_INTEGER LastTrimTime; // 0x8
- MMSUPPORT_FLAGS Flags; // 0x10
- ULONG PageFaultCount; // 0x14
- ULONG PeakWorkingSetSize; // 0x18
- ULONG GrowthSinceLastEstimate; // 0x1c
- ULONG MinimumWorkingSetSize; // 0x20
- ULONG MaximumWorkingSetSize; // 0x24
- PMMWSL VmWorkingSetList; // 0x28
- ULONG Claim; // 0x2c
- ULONG NextEstimationSlot; // 0x30
- ULONG NextAgingSlot; // 0x34
- ULONG EstimatedAvailable; // 0x38
- ULONG WorkingSetSize; //0x3c
- KGUARDED_MUTEX Mutex; // 0x40
-} MMSUPPORT, *PMMSUPPORT;
-
-#elif (VER_PRODUCTBUILD >= 2600)
-
-typedef struct _MMSUPPORT {
- LARGE_INTEGER LastTrimTime;
- MMSUPPORT_FLAGS Flags;
- ULONG PageFaultCount;
- ULONG PeakWorkingSetSize;
- ULONG WorkingSetSize;
- ULONG MinimumWorkingSetSize;
- ULONG MaximumWorkingSetSize;
- PMMWSL VmWorkingSetList;
- LIST_ENTRY WorkingSetExpansionLinks;
- ULONG Claim;
- ULONG NextEstimationSlot;
- ULONG NextAgingSlot;
- ULONG EstimatedAvailable;
- ULONG GrowthSinceLastEstimate;
-} MMSUPPORT, *PMMSUPPORT;
-
-#else
-
-typedef struct _MMSUPPORT {
- LARGE_INTEGER LastTrimTime;
- ULONG LastTrimFaultCount;
- ULONG PageFaultCount;
- ULONG PeakWorkingSetSize;
- ULONG WorkingSetSize;
- ULONG MinimumWorkingSetSize;
- ULONG MaximumWorkingSetSize;
- PMMWSL VmWorkingSetList;
- LIST_ENTRY WorkingSetExpansionLinks;
- BOOLEAN AllowWorkingSetAdjustment;
- BOOLEAN AddressSpaceBeingDeleted;
- UCHAR ForegroundSwitchCount;
- UCHAR MemoryPriority;
-#if (VER_PRODUCTBUILD >= 2195)
- union {
- ULONG LongFlags;
- MMSUPPORT_FLAGS Flags;
- } u;
- ULONG Claim;
- ULONG NextEstimationSlot;
- ULONG NextAgingSlot;
- ULONG EstimatedAvailable;
- ULONG GrowthSinceLastEstimate;
-#endif // (VER_PRODUCTBUILD >= 2195)
-} MMSUPPORT, *PMMSUPPORT;
-
-#endif
-
-typedef struct _SE_AUDIT_PROCESS_CREATION_INFO {
- POBJECT_NAME_INFORMATION ImageFileName;
-} SE_AUDIT_PROCESS_CREATION_INFO, *PSE_AUDIT_PROCESS_CREATION_INFO;
-
-typedef struct _SID_IDENTIFIER_AUTHORITY {
- UCHAR Value[6];
-} SID_IDENTIFIER_AUTHORITY, *PSID_IDENTIFIER_AUTHORITY;
-
-typedef struct _SID {
- UCHAR Revision;
- UCHAR SubAuthorityCount;
- SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
- ULONG SubAuthority[1];
-} SID, *PREAL_SID;
-
-typedef struct _BITMAP_DESCRIPTOR {
- ULONGLONG StartLcn;
- ULONGLONG ClustersToEndOfVol;
- UCHAR Map[1];
-} BITMAP_DESCRIPTOR, *PBITMAP_DESCRIPTOR;
-
-typedef struct _BITMAP_RANGE {
- LIST_ENTRY Links;
- LARGE_INTEGER BasePage;
- ULONG FirstDirtyPage;
- ULONG LastDirtyPage;
- ULONG DirtyPages;
- PULONG Bitmap;
-} BITMAP_RANGE, *PBITMAP_RANGE;
-
-typedef struct _CACHE_UNINITIALIZE_EVENT {
- struct _CACHE_UNINITIALIZE_EVENT *Next;
- KEVENT Event;
-} CACHE_UNINITIALIZE_EVENT, *PCACHE_UNINITIALIZE_EVENT;
-
-typedef struct _CC_FILE_SIZES {
- LARGE_INTEGER AllocationSize;
- LARGE_INTEGER FileSize;
- LARGE_INTEGER ValidDataLength;
-} CC_FILE_SIZES, *PCC_FILE_SIZES;
-
-typedef struct _COMPRESSED_DATA_INFO {
- USHORT CompressionFormatAndEngine;
- UCHAR CompressionUnitShift;
- UCHAR ChunkShift;
- UCHAR ClusterShift;
- UCHAR Reserved;
- USHORT NumberOfChunks;
- ULONG CompressedChunkSizes[ANYSIZE_ARRAY];
-} COMPRESSED_DATA_INFO, *PCOMPRESSED_DATA_INFO;
-
-typedef struct _DEVICE_MAP {
- POBJECT_DIRECTORY DosDevicesDirectory;
- POBJECT_DIRECTORY GlobalDosDevicesDirectory;
- ULONG ReferenceCount;
- ULONG DriveMap;
- UCHAR DriveType[32];
-} DEVICE_MAP, *PDEVICE_MAP;
-
-typedef struct _DIRECTORY_BASIC_INFORMATION {
- UNICODE_STRING ObjectName;
- UNICODE_STRING ObjectTypeName;
-} DIRECTORY_BASIC_INFORMATION, *PDIRECTORY_BASIC_INFORMATION;
-
-#if (VER_PRODUCTBUILD >= 2600)
-
-typedef struct _EX_FAST_REF {
- union {
- PVOID Object;
- ULONG RefCnt : 3;
- ULONG Value;
- };
-} EX_FAST_REF, *PEX_FAST_REF;
-
-typedef struct _EX_PUSH_LOCK {
- union {
- struct {
- ULONG Waiting : 1;
- ULONG Exclusive : 1;
- ULONG Shared : 30;
- };
- ULONG Value;
- PVOID Ptr;
- };
-} EX_PUSH_LOCK, *PEX_PUSH_LOCK;
-
-#endif // (VER_PRODUCTBUILD >= 2600)
-
-#if (VER_PRODUCTBUILD == 2600)
-
-typedef struct _EX_RUNDOWN_REF {
- union {
- ULONG Count;
- PVOID Ptr;
- };
-} EX_RUNDOWN_REF, *PEX_RUNDOWN_REF;
-
-#endif // (VER_PRODUCTBUILD == 2600)
-
-#if (VER_PRODUCTBUILD >= 3790)
-
-typedef struct _MM_ADDRESS_NODE {
- union {
- ULONG Balance : 2;
- struct _MM_ADDRESS_NODE *Parent; // lower 2 bits of Parent are Balance and must be zeroed to obtain Parent
- };
- struct _MM_ADDRESS_NODE *LeftChild;
- struct _MM_ADDRESS_NODE *RightChild;
- ULONG_PTR StartingVpn;
- ULONG_PTR EndingVpn;
-} MMADDRESS_NODE, *PMMADDRESS_NODE;
-
-typedef struct _MM_AVL_TABLE {
- MMADDRESS_NODE BalancedRoot; // Vadroot; incorrectly represents the NULL pages (EndingVpn should be 0xf, etc.)
- ULONG DepthOfTree : 5; // 0x14
- ULONG Unused : 3;
- ULONG NumberGenericTableElements : 24; // total number of nodes
- PVOID NodeHint; // 0x18 (0x270 in _EPROCESS)
- PVOID NodeFreeHint; // 0x1c
-} MM_AVL_TABLE, *PMM_AVL_TABLE;
-
-typedef struct _EPROCESS {
- KPROCESS Pcb; // +0x000
- EX_PUSH_LOCK ProcessLock; // +0x06c
- LARGE_INTEGER CreateTime; // +0x070
- LARGE_INTEGER ExitTime; // +0x078
- EX_RUNDOWN_REF RundownProtect; // +0x080
- ULONG UniqueProcessId; // +0x084
- LIST_ENTRY ActiveProcessLinks; // +0x088
- ULONG QuotaUsage[3]; // +0x090
- ULONG QuotaPeak[3]; // +0x09c
- ULONG CommitCharge; // +0x0a8
- ULONG PeakVirtualSize; // +0x0ac
- ULONG VirtualSize; // +0x0b0
- LIST_ENTRY SessionProcessLinks; // +0x0b4
- PVOID DebugPort; // +0x0bc
- PVOID ExceptionPort; // +0x0c0
- PHANDLE_TABLE ObjectTable; // +0x0c4
- EX_FAST_REF Token; // +0x0c8
- ULONG WorkingSetPage; // +0x0cc
- KGUARDED_MUTEX AddressCreationLock; // +0x0d0
- ULONG HyperSpaceLock; // +0x0f0
- PETHREAD ForkInProgress; // +0x0f4
- ULONG HardwareTrigger; // +0x0f8
- PMM_AVL_TABLE PhysicalVadRoot; // +0x0fc
- PVOID CloneRoot; // +0x100
- ULONG NumberOfPrivatePages; // +0x104
- ULONG NumberOfLockedPages; // +0x108
- PVOID Win32Process; // +0x10c
- PEJOB Job; // +0x110
- PVOID SectionObject; // +0x114
- PVOID SectionBaseAddress; // +0x118
- PEPROCESS_QUOTA_BLOCK QuotaBlock; // +0x11c
- PPAGEFAULT_HISTORY WorkingSetWatch; // +0x120
- PVOID Win32WindowStation; // +0x124
- ULONG InheritedFromUniqueProcessId; // +0x128
- PVOID LdtInformation; // +0x12c
- PVOID VadFreeHint; // +0x130
- PVOID VdmObjects; // +0x134
- PVOID DeviceMap; // +0x138
- PVOID Spare0[3]; // +0x13c
- union {
- HARDWARE_PTE PageDirectoryPte; // +0x148
- UINT64 Filler; // +0x148
- };
- PVOID Session; // +0x150
- UCHAR ImageFileName[16]; // +0x154
- LIST_ENTRY JobLinks; // +0x164
- PVOID LockedPagesList; // +0x16c
- LIST_ENTRY ThreadListHead; // +0x170
- PVOID SecurityPort; // +0x178
- PVOID PaeTop; // +0x17c
- ULONG ActiveThreads; // +0x180
- ULONG GrantedAccess; // +0x184
- ULONG DefaultHardErrorProcessing; // +0x188
- SHORT LastThreadExitStatus; // +0x18c
- PPEB Peb; // +0x190
- EX_FAST_REF PrefetchTrace; // +0x194
- LARGE_INTEGER ReadOperationCount; // +0x198
- LARGE_INTEGER WriteOperationCount; // +0x1a0
- LARGE_INTEGER OtherOperationCount; // +0x1a8
- LARGE_INTEGER ReadTransferCount; // +0x1b0
- LARGE_INTEGER WriteTransferCount; // +0x1b8
- LARGE_INTEGER OtherTransferCount; // +0x1c0
- ULONG CommitChargeLimit; // +0x1c8
- ULONG CommitChargePeak; // +0x1cc
- PVOID AweInfo; // +0x1d0
- SE_AUDIT_PROCESS_CREATION_INFO SeAuditProcessCreationInfo; // +0x1d4
- MMSUPPORT Vm; // +0x1d8
- LIST_ENTRY MmProcessLinks; // +0x238
- ULONG ModifiedPageCount; // +0x240
- ULONG JobStatus; // +0x244
- union {
- ULONG Flags; // 0x248
- struct {
- ULONG CreateReported : 1;
- ULONG NoDebugInherit : 1;
- ULONG ProcessExiting : 1;
- ULONG ProcessDelete : 1;
- ULONG Wow64SplitPages : 1;
- ULONG VmDeleted : 1;
- ULONG OutswapEnabled : 1;
- ULONG Outswapped : 1;
- ULONG ForkFailed : 1;
- ULONG Wow64VaSpace4Gb : 1;
- ULONG AddressSpaceInitialized : 2;
- ULONG SetTimerResolution : 1;
- ULONG BreakOnTermination : 1;
- ULONG SessionCreationUnderway : 1;
- ULONG WriteWatch : 1;
- ULONG ProcessInSession : 1;
- ULONG OverrideAddressSpace : 1;
- ULONG HasAddressSpace : 1;
- ULONG LaunchPrefetched : 1;
- ULONG InjectInpageErrors : 1;
- ULONG VmTopDown : 1;
- ULONG ImageNotifyDone : 1;
- ULONG PdeUpdateNeeded : 1;
- ULONG VdmAllowed : 1;
- ULONG Unused : 7;
- };
- };
- NTSTATUS ExitStatus; // +0x24c
- USHORT NextPageColor; // +0x250
- union {
- struct {
- UCHAR SubSystemMinorVersion; // +0x252
- UCHAR SubSystemMajorVersion; // +0x253
- };
- USHORT SubSystemVersion; // +0x252
- };
- UCHAR PriorityClass; // +0x254
- MM_AVL_TABLE VadRoot; // +0x258
-} EPROCESS, *PEPROCESS; // 0x278 in total
-
-#elif (VER_PRODUCTBUILD >= 2600)
-
-typedef struct _EPROCESS {
- KPROCESS Pcb;
- EX_PUSH_LOCK ProcessLock;
- LARGE_INTEGER CreateTime;
- LARGE_INTEGER ExitTime;
- EX_RUNDOWN_REF RundownProtect;
- ULONG UniqueProcessId;
- LIST_ENTRY ActiveProcessLinks;
- ULONG QuotaUsage[3];
- ULONG QuotaPeak[3];
- ULONG CommitCharge;
- ULONG PeakVirtualSize;
- ULONG VirtualSize;
- LIST_ENTRY SessionProcessLinks;
- PVOID DebugPort;
- PVOID ExceptionPort;
- PHANDLE_TABLE ObjectTable;
- EX_FAST_REF Token;
- FAST_MUTEX WorkingSetLock;
- ULONG WorkingSetPage;
- FAST_MUTEX AddressCreationLock;
- KSPIN_LOCK HyperSpaceLock;
- PETHREAD ForkInProgress;
- ULONG HardwareTrigger;
- PVOID VadRoot;
- PVOID VadHint;
- PVOID CloneRoot;
- ULONG NumberOfPrivatePages;
- ULONG NumberOfLockedPages;
- PVOID Win32Process;
- PEJOB Job;
- PSECTION_OBJECT SectionObject;
- PVOID SectionBaseAddress;
- PEPROCESS_QUOTA_BLOCK QuotaBlock;
- PPAGEFAULT_HISTORY WorkingSetWatch;
- PVOID Win32WindowStation;
- PVOID InheritedFromUniqueProcessId;
- PVOID LdtInformation;
- PVOID VadFreeHint;
- PVOID VdmObjects;
- PDEVICE_MAP DeviceMap;
- LIST_ENTRY PhysicalVadList;
- union {
- HARDWARE_PTE PageDirectoryPte;
- ULONGLONG Filler;
- };
- PVOID Session;
- UCHAR ImageFileName[16];
- LIST_ENTRY JobLinks;
- PVOID LockedPageList;
- LIST_ENTRY ThreadListHead;
- PVOID SecurityPort;
- PVOID PaeTop;
- ULONG ActiveThreads;
- ULONG GrantedAccess;
- ULONG DefaultHardErrorProcessing;
- NTSTATUS LastThreadExitStatus;
- PPEB Peb;
- EX_FAST_REF PrefetchTrace;
- LARGE_INTEGER ReadOperationCount;
- LARGE_INTEGER WriteOperationCount;
- LARGE_INTEGER OtherOperationCount;
- LARGE_INTEGER ReadTransferCount;
- LARGE_INTEGER WriteTransferCount;
- LARGE_INTEGER OtherTransferCount;
- ULONG CommitChargeLimit;
- ULONG CommitChargePeek;
- PVOID AweInfo;
- SE_AUDIT_PROCESS_CREATION_INFO SeAuditProcessCreationInfo;
- MMSUPPORT Vm;
- ULONG LastFaultCount;
- ULONG ModifiedPageCount;
- ULONG NumberOfVads;
- ULONG JobStatus;
- union {
- ULONG Flags;
- struct {
- ULONG CreateReported : 1;
- ULONG NoDebugInherit : 1;
- ULONG ProcessExiting : 1;
- ULONG ProcessDelete : 1;
- ULONG Wow64SplitPages : 1;
- ULONG VmDeleted : 1;
- ULONG OutswapEnabled : 1;
- ULONG Outswapped : 1;
- ULONG ForkFailed : 1;
- ULONG HasPhysicalVad : 1;
- ULONG AddressSpaceInitialized : 2;
- ULONG SetTimerResolution : 1;
- ULONG BreakOnTermination : 1;
- ULONG SessionCreationUnderway : 1;
- ULONG WriteWatch : 1;
- ULONG ProcessInSession : 1;
- ULONG OverrideAddressSpace : 1;
- ULONG HasAddressSpace : 1;
- ULONG LaunchPrefetched : 1;
- ULONG InjectInpageErrors : 1;
- ULONG Unused : 11;
- };
- };
- NTSTATUS ExitStatus;
- USHORT NextPageColor;
- union {
- struct {
- UCHAR SubSystemMinorVersion;
- UCHAR SubSystemMajorVersion;
- };
- USHORT SubSystemVersion;
- };
- UCHAR PriorityClass;
- BOOLEAN WorkingSetAcquiredUnsafe;
-} EPROCESS, *PEPROCESS;
-
-#else
-
-typedef struct _EPROCESS {
- KPROCESS Pcb;
- NTSTATUS ExitStatus;
- KEVENT LockEvent;
- ULONG LockCount;
- LARGE_INTEGER CreateTime;
- LARGE_INTEGER ExitTime;
- PKTHREAD LockOwner;
- ULONG UniqueProcessId;
- LIST_ENTRY ActiveProcessLinks;
- ULONGLONG QuotaPeakPoolUsage;
- ULONGLONG QuotaPoolUsage;
- ULONG PagefileUsage;
- ULONG CommitCharge;
- ULONG PeakPagefileUsage;
- ULONG PeakVirtualSize;
- ULONGLONG VirtualSize;
- MMSUPPORT Vm;
-#if (VER_PRODUCTBUILD < 2195)
- ULONG LastProtoPteFault;
-#else // (VER_PRODUCTBUILD >= 2195)
- LIST_ENTRY SessionProcessLinks;
-#endif // (VER_PRODUCTBUILD >= 2195)
- ULONG DebugPort;
- ULONG ExceptionPort;
- PHANDLE_TABLE ObjectTable;
- PACCESS_TOKEN Token;
- FAST_MUTEX WorkingSetLock;
- ULONG WorkingSetPage;
- BOOLEAN ProcessOutswapEnabled;
- BOOLEAN ProcessOutswapped;
- BOOLEAN AddressSpaceInitialized;
- BOOLEAN AddressSpaceDeleted;
- FAST_MUTEX AddressCreationLock;
- KSPIN_LOCK HyperSpaceLock;
- PETHREAD ForkInProgress;
- USHORT VmOperation;
- BOOLEAN ForkWasSuccessful;
- UCHAR MmAgressiveWsTrimMask;
- PKEVENT VmOperationEvent;
-#if (VER_PRODUCTBUILD < 2195)
- HARDWARE_PTE PageDirectoryPte;
-#else // (VER_PRODUCTBUILD >= 2195)
- PVOID PaeTop;
-#endif // (VER_PRODUCTBUILD >= 2195)
- ULONG LastFaultCount;
- ULONG ModifiedPageCount;
- PVOID VadRoot;
- PVOID VadHint;
- ULONG CloneRoot;
- ULONG NumberOfPrivatePages;
- ULONG NumberOfLockedPages;
- USHORT NextPageColor;
- BOOLEAN ExitProcessCalled;
- BOOLEAN CreateProcessReported;
- HANDLE SectionHandle;
- PPEB Peb;
- PVOID SectionBaseAddress;
- PEPROCESS_QUOTA_BLOCK QuotaBlock;
- NTSTATUS LastThreadExitStatus;
- PPROCESS_WS_WATCH_INFORMATION WorkingSetWatch;
- HANDLE Win32WindowStation;
- HANDLE InheritedFromUniqueProcessId;
- ACCESS_MASK GrantedAccess;
- ULONG DefaultHardErrorProcessing;
- PVOID LdtInformation;
- PVOID VadFreeHint;
- PVOID VdmObjects;
-#if (VER_PRODUCTBUILD < 2195)
- KMUTANT ProcessMutant;
-#else // (VER_PRODUCTBUILD >= 2195)
- PDEVICE_MAP DeviceMap;
- ULONG SessionId;
- LIST_ENTRY PhysicalVadList;
- HARDWARE_PTE PageDirectoryPte;
- ULONG Filler;
- ULONG PaePageDirectoryPage;
-#endif // (VER_PRODUCTBUILD >= 2195)
- UCHAR ImageFileName[16];
- ULONG VmTrimFaultValue;
- UCHAR SetTimerResolution;
- UCHAR PriorityClass;
- union {
- struct {
- UCHAR SubSystemMinorVersion;
- UCHAR SubSystemMajorVersion;
- };
- USHORT SubSystemVersion;
- };
- PVOID Win32Process;
-#if (VER_PRODUCTBUILD >= 2195)
- PEJOB Job;
- ULONG JobStatus;
- LIST_ENTRY JobLinks;
- PVOID LockedPageList;
- PVOID SecurityPort;
- PWOW64_PROCESS Wow64Process;
- LARGE_INTEGER ReadOperationCount;
- LARGE_INTEGER WriteOperationCount;
- LARGE_INTEGER OtherOperationCount;
- LARGE_INTEGER ReadTransferCount;
- LARGE_INTEGER WriteTransferCount;
- LARGE_INTEGER OtherTransferCount;
- ULONG CommitChargeLimit;
- ULONG CommitChargePeek;
- LIST_ENTRY ThreadListHead;
- PRTL_BITMAP VadPhysicalPagesBitMap;
- ULONG VadPhysicalPages;
- ULONG AweLock;
-#endif // (VER_PRODUCTBUILD >= 2195)
-} EPROCESS, *PEPROCESS;
-
-#endif
-
-#if (VER_PRODUCTBUILD >= 2600)
-
-typedef struct _ETHREAD {
- KTHREAD Tcb;
- union {
- LARGE_INTEGER CreateTime;
- struct {
- ULONG NestedFaultCount : 2;
- ULONG ApcNeeded : 1;
- };
- };
- union {
- LARGE_INTEGER ExitTime;
- LIST_ENTRY LpcReplyChain;
- LIST_ENTRY KeyedWaitChain;
- };
- union {
- NTSTATUS ExitStatus;
- PVOID OfsChain;
- };
- LIST_ENTRY PostBlockList;
- union {
- PTERMINATION_PORT TerminationPort;
- PETHREAD ReaperLink;
- PVOID KeyedWaitValue;
- };
- KSPIN_LOCK ActiveTimerListLock;
- LIST_ENTRY ActiveTimerListHead;
- CLIENT_ID Cid;
- union {
- KSEMAPHORE LpcReplySemaphore;
- KSEMAPHORE KeyedWaitSemaphore;
- };
- union {
- PLPC_MESSAGE LpcReplyMessage;
- PVOID LpcWaitingOnPort;
- };
- PPS_IMPERSONATION_INFORMATION ImpersonationInfo;
- LIST_ENTRY IrpList;
- ULONG TopLevelIrp;
- PDEVICE_OBJECT DeviceToVerify;
- PEPROCESS ThreadsProcess;
- PKSTART_ROUTINE StartAddress;
- union {
- PVOID Win32StartAddress;
- ULONG LpcReceivedMessageId;
- };
- LIST_ENTRY ThreadListEntry;
- EX_RUNDOWN_REF RundownProtect;
- EX_PUSH_LOCK ThreadLock;
- ULONG LpcReplyMessageId;
- ULONG ReadClusterSize;
- ACCESS_MASK GrantedAccess;
- union {
- ULONG CrossThreadFlags;
- struct {
- ULONG Terminated : 1;
- ULONG DeadThread : 1;
- ULONG HideFromDebugger : 1;
- ULONG ActiveImpersonationInfo : 1;
- ULONG SystemThread : 1;
- ULONG HardErrorsAreDisabled : 1;
- ULONG BreakOnTermination : 1;
- ULONG SkipCreationMsg : 1;
- ULONG SkipTerminationMsg : 1;
- };
- };
- union {
- ULONG SameThreadPassiveFlags;
- struct {
- ULONG ActiveExWorker : 1;
- ULONG ExWorkerCanWaitUser : 1;
- ULONG MemoryMaker : 1;
- ULONG KeyedEventInUse : 1;
- };
- };
- union {
- ULONG SameThreadApcFlags;
- struct {
- BOOLEAN LpcReceivedMsgIdValid : 1;
- BOOLEAN LpcExitThreadCalled : 1;
- BOOLEAN AddressSpaceOwner : 1;
- };
- };
- BOOLEAN ForwardClusterOnly;
- BOOLEAN DisablePageFaultClustering;
-} ETHREAD, *PETHREAD;
-
-#else
-
-typedef struct _ETHREAD {
- KTHREAD Tcb;
- LARGE_INTEGER CreateTime;
- union {
- LARGE_INTEGER ExitTime;
- LIST_ENTRY LpcReplyChain;
- };
- union {
- NTSTATUS ExitStatus;
- PVOID OfsChain;
- };
- LIST_ENTRY PostBlockList;
- LIST_ENTRY TerminationPortList;
- KSPIN_LOCK ActiveTimerListLock;
- LIST_ENTRY ActiveTimerListHead;
- CLIENT_ID Cid;
- KSEMAPHORE LpcReplySemaphore;
- PLPC_MESSAGE LpcReplyMessage;
- ULONG LpcReplyMessageId;
- ULONG PerformanceCountLow;
- PPS_IMPERSONATION_INFORMATION ImpersonationInfo;
- LIST_ENTRY IrpList;
- PVOID TopLevelIrp;
- PDEVICE_OBJECT DeviceToVerify;
- ULONG ReadClusterSize;
- BOOLEAN ForwardClusterOnly;
- BOOLEAN DisablePageFaultClustering;
- BOOLEAN DeadThread;
-#if (VER_PRODUCTBUILD >= 2195)
- BOOLEAN HideFromDebugger;
-#endif // (VER_PRODUCTBUILD >= 2195)
-#if (VER_PRODUCTBUILD < 2195)
- BOOLEAN HasTerminated;
-#else // (VER_PRODUCTBUILD >= 2195)
- ULONG HasTerminated;
-#endif // (VER_PRODUCTBUILD >= 2195)
-#if (VER_PRODUCTBUILD < 2195)
- PKEVENT_PAIR EventPair;
-#endif // (VER_PRODUCTBUILD < 2195)
- ACCESS_MASK GrantedAccess;
- PEPROCESS ThreadsProcess;
- PKSTART_ROUTINE StartAddress;
- union {
- PVOID Win32StartAddress;
- ULONG LpcReceivedMessageId;
- };
- BOOLEAN LpcExitThreadCalled;
- BOOLEAN HardErrorsAreDisabled;
- BOOLEAN LpcReceivedMsgIdValid;
- BOOLEAN ActiveImpersonationInfo;
- ULONG PerformanceCountHigh;
-#if (VER_PRODUCTBUILD >= 2195)
- LIST_ENTRY ThreadListEntry;
-#endif // (VER_PRODUCTBUILD >= 2195)
-} ETHREAD, *PETHREAD;
-
-#endif
-
-typedef struct _EPROCESS_QUOTA_ENTRY {
- ULONG Usage;
- ULONG Limit;
- ULONG Peak;
- ULONG Return;
-} EPROCESS_QUOTA_ENTRY, *PEPROCESS_QUOTA_ENTRY;
-
-typedef struct _EPROCESS_QUOTA_BLOCK {
- EPROCESS_QUOTA_ENTRY QuotaEntry[3];
- LIST_ENTRY QuotaList;
- ULONG ReferenceCount;
- ULONG ProcessCount;
-} EPROCESS_QUOTA_BLOCK, *PEPROCESS_QUOTA_BLOCK;
-
-typedef struct _EXCEPTION_REGISTRATION_RECORD {
- struct _EXCEPTION_REGISTRATION_RECORD *Next;
- PVOID Handler;
-} EXCEPTION_REGISTRATION_RECORD, *PEXCEPTION_REGISTRATION_RECORD;
-
-/*
- * When needing these parameters cast your PIO_STACK_LOCATION to
- * PEXTENDED_IO_STACK_LOCATION
- */
-#if !defined(_ALPHA_) && !defined(_AMD64_) && !defined(_IA64_)
-#include <pshpack4.h>
-#endif
-typedef struct _EXTENDED_IO_STACK_LOCATION {
-
- /* Included for padding */
- UCHAR MajorFunction;
- UCHAR MinorFunction;
- UCHAR Flags;
- UCHAR Control;
-
- union {
-
- struct {
- PIO_SECURITY_CONTEXT SecurityContext;
- ULONG Options;
- USHORT Reserved;
- USHORT ShareAccess;
- PMAILSLOT_CREATE_PARAMETERS Parameters;
- } CreateMailslot;
-
- struct {
- PIO_SECURITY_CONTEXT SecurityContext;
- ULONG Options;
- USHORT Reserved;
- USHORT ShareAccess;
- PNAMED_PIPE_CREATE_PARAMETERS Parameters;
- } CreatePipe;
-
- struct {
- ULONG OutputBufferLength;
- ULONG InputBufferLength;
- ULONG FsControlCode;
- PVOID Type3InputBuffer;
- } FileSystemControl;
-
- struct {
- PLARGE_INTEGER Length;
- ULONG Key;
- LARGE_INTEGER ByteOffset;
- } LockControl;
-
- struct {
- ULONG Length;
- ULONG CompletionFilter;
- } NotifyDirectory;
-
- struct {
- ULONG Length;
- PUNICODE_STRING FileName;
- FILE_INFORMATION_CLASS FileInformationClass;
- ULONG FileIndex;
- } QueryDirectory;
-
- struct {
- ULONG Length;
- PVOID EaList;
- ULONG EaListLength;
- ULONG EaIndex;
- } QueryEa;
-
- struct {
- ULONG Length;
- PSID StartSid;
- PFILE_GET_QUOTA_INFORMATION SidList;
- ULONG SidListLength;
- } QueryQuota;
-
- struct {
- ULONG Length;
- } SetEa;
-
- struct {
- ULONG Length;
- } SetQuota;
-
- struct {
- ULONG Length;
- FS_INFORMATION_CLASS FsInformationClass;
- } SetVolume;
-
- } Parameters;
-
-} EXTENDED_IO_STACK_LOCATION, *PEXTENDED_IO_STACK_LOCATION;
-#if !defined(_ALPHA_) && !defined(_AMD64_) && !defined(_IA64_)
-#include <poppack.h>
-#endif
-
-typedef struct _FILE_ACCESS_INFORMATION {
- ACCESS_MASK AccessFlags;
-} FILE_ACCESS_INFORMATION, *PFILE_ACCESS_INFORMATION;
-
-typedef struct _FILE_ALLOCATION_INFORMATION {
- LARGE_INTEGER AllocationSize;
-} FILE_ALLOCATION_INFORMATION, *PFILE_ALLOCATION_INFORMATION;
-
-typedef struct _FILE_BOTH_DIR_INFORMATION {
- ULONG NextEntryOffset;
- ULONG FileIndex;
- LARGE_INTEGER CreationTime;
- LARGE_INTEGER LastAccessTime;
- LARGE_INTEGER LastWriteTime;
- LARGE_INTEGER ChangeTime;
- LARGE_INTEGER EndOfFile;
- LARGE_INTEGER AllocationSize;
- ULONG FileAttributes;
- ULONG FileNameLength;
- ULONG EaSize;
- CCHAR ShortNameLength;
- WCHAR ShortName[12];
- WCHAR FileName[1];
-} FILE_BOTH_DIR_INFORMATION, *PFILE_BOTH_DIR_INFORMATION;
-
-typedef struct _FILE_COMPLETION_INFORMATION {
- HANDLE Port;
- ULONG Key;
-} FILE_COMPLETION_INFORMATION, *PFILE_COMPLETION_INFORMATION;
-
-typedef struct _FILE_COMPRESSION_INFORMATION {
- LARGE_INTEGER CompressedFileSize;
- USHORT CompressionFormat;
- UCHAR CompressionUnitShift;
- UCHAR ChunkShift;
- UCHAR ClusterShift;
- UCHAR Reserved[3];
-} FILE_COMPRESSION_INFORMATION, *PFILE_COMPRESSION_INFORMATION;
-
-typedef struct _FILE_COPY_ON_WRITE_INFORMATION {
- BOOLEAN ReplaceIfExists;
- HANDLE RootDirectory;
- ULONG FileNameLength;
- WCHAR FileName[1];
-} FILE_COPY_ON_WRITE_INFORMATION, *PFILE_COPY_ON_WRITE_INFORMATION;
-
-typedef struct _FILE_DIRECTORY_INFORMATION {
- ULONG NextEntryOffset;
- ULONG FileIndex;
- LARGE_INTEGER CreationTime;
- LARGE_INTEGER LastAccessTime;
- LARGE_INTEGER LastWriteTime;
- LARGE_INTEGER ChangeTime;
- LARGE_INTEGER EndOfFile;
- LARGE_INTEGER AllocationSize;
- ULONG FileAttributes;
- ULONG FileNameLength;
- WCHAR FileName[1];
-} FILE_DIRECTORY_INFORMATION, *PFILE_DIRECTORY_INFORMATION;
-
-typedef struct _FILE_EA_INFORMATION {
- ULONG EaSize;
-} FILE_EA_INFORMATION, *PFILE_EA_INFORMATION;
-
-typedef struct _FILE_FS_ATTRIBUTE_INFORMATION {
- ULONG FileSystemAttributes;
- ULONG MaximumComponentNameLength;
- ULONG FileSystemNameLength;
- WCHAR FileSystemName[1];
-} FILE_FS_ATTRIBUTE_INFORMATION, *PFILE_FS_ATTRIBUTE_INFORMATION;
-
-typedef struct _FILE_FS_CONTROL_INFORMATION {
- LARGE_INTEGER FreeSpaceStartFiltering;
- LARGE_INTEGER FreeSpaceThreshold;
- LARGE_INTEGER FreeSpaceStopFiltering;
- LARGE_INTEGER DefaultQuotaThreshold;
- LARGE_INTEGER DefaultQuotaLimit;
- ULONG FileSystemControlFlags;
-} FILE_FS_CONTROL_INFORMATION, *PFILE_FS_CONTROL_INFORMATION;
-
-typedef struct _FILE_FS_FULL_SIZE_INFORMATION {
- LARGE_INTEGER TotalAllocationUnits;
- LARGE_INTEGER CallerAvailableAllocationUnits;
- LARGE_INTEGER ActualAvailableAllocationUnits;
- ULONG SectorsPerAllocationUnit;
- ULONG BytesPerSector;
-} FILE_FS_FULL_SIZE_INFORMATION, *PFILE_FS_FULL_SIZE_INFORMATION;
-
-typedef struct _FILE_FS_LABEL_INFORMATION {
- ULONG VolumeLabelLength;
- WCHAR VolumeLabel[1];
-} FILE_FS_LABEL_INFORMATION, *PFILE_FS_LABEL_INFORMATION;
-
-#if (VER_PRODUCTBUILD >= 2195)
-
-typedef struct _FILE_FS_OBJECT_ID_INFORMATION {
- UCHAR ObjectId[16];
- UCHAR ExtendedInfo[48];
-} FILE_FS_OBJECT_ID_INFORMATION, *PFILE_FS_OBJECT_ID_INFORMATION;
-
-#endif // (VER_PRODUCTBUILD >= 2195)
-
-typedef struct _FILE_FS_SIZE_INFORMATION {
- LARGE_INTEGER TotalAllocationUnits;
- LARGE_INTEGER AvailableAllocationUnits;
- ULONG SectorsPerAllocationUnit;
- ULONG BytesPerSector;
-} FILE_FS_SIZE_INFORMATION, *PFILE_FS_SIZE_INFORMATION;
-
-typedef struct _FILE_FS_VOLUME_INFORMATION {
- LARGE_INTEGER VolumeCreationTime;
- ULONG VolumeSerialNumber;
- ULONG VolumeLabelLength;
- BOOLEAN SupportsObjects;
- WCHAR VolumeLabel[1];
-} FILE_FS_VOLUME_INFORMATION, *PFILE_FS_VOLUME_INFORMATION;
-
-typedef struct _FILE_FULL_DIR_INFORMATION {
- ULONG NextEntryOffset;
- ULONG FileIndex;
- LARGE_INTEGER CreationTime;
- LARGE_INTEGER LastAccessTime;
- LARGE_INTEGER LastWriteTime;
- LARGE_INTEGER ChangeTime;
- LARGE_INTEGER EndOfFile;
- LARGE_INTEGER AllocationSize;
- ULONG FileAttributes;
- ULONG FileNameLength;
- ULONG EaSize;
- WCHAR FileName[1];
-} FILE_FULL_DIR_INFORMATION, *PFILE_FULL_DIR_INFORMATION;
-
-typedef struct _FILE_GET_EA_INFORMATION {
- ULONG NextEntryOffset;
- UCHAR EaNameLength;
- CHAR EaName[1];
-} FILE_GET_EA_INFORMATION, *PFILE_GET_EA_INFORMATION;
-
-typedef struct _FILE_GET_QUOTA_INFORMATION {
- ULONG NextEntryOffset;
- ULONG SidLength;
- SID Sid;
-} FILE_GET_QUOTA_INFORMATION, *PFILE_GET_QUOTA_INFORMATION;
-
-typedef struct _FILE_ID_BOTH_DIR_INFORMATION {
- ULONG NextEntryOffset;
- ULONG FileIndex;
- LARGE_INTEGER CreationTime;
- LARGE_INTEGER LastAccessTime;
- LARGE_INTEGER LastWriteTime;
- LARGE_INTEGER ChangeTime;
- LARGE_INTEGER EndOfFile;
- LARGE_INTEGER AllocationSize;
- ULONG FileAttributes;
- ULONG FileNameLength;
- ULONG EaSize;
- CCHAR ShortNameLength;
- WCHAR ShortName[12];
- LARGE_INTEGER FileId;
- WCHAR FileName[1];
-} FILE_ID_BOTH_DIR_INFORMATION, *PFILE_ID_BOTH_DIR_INFORMATION;
-
-typedef struct _FILE_ID_FULL_DIR_INFORMATION {
- ULONG NextEntryOffset;
- ULONG FileIndex;
- LARGE_INTEGER CreationTime;
- LARGE_INTEGER LastAccessTime;
- LARGE_INTEGER LastWriteTime;
- LARGE_INTEGER ChangeTime;
- LARGE_INTEGER EndOfFile;
- LARGE_INTEGER AllocationSize;
- ULONG FileAttributes;
- ULONG FileNameLength;
- ULONG EaSize;
- LARGE_INTEGER FileId;
- WCHAR FileName[1];
-} FILE_ID_FULL_DIR_INFORMATION, *PFILE_ID_FULL_DIR_INFORMATION;
-
-typedef struct _FILE_INTERNAL_INFORMATION {
- LARGE_INTEGER IndexNumber;
-} FILE_INTERNAL_INFORMATION, *PFILE_INTERNAL_INFORMATION;
-
-typedef struct _FILE_LINK_INFORMATION {
- BOOLEAN ReplaceIfExists;
- HANDLE RootDirectory;
- ULONG FileNameLength;
- WCHAR FileName[1];
-} FILE_LINK_INFORMATION, *PFILE_LINK_INFORMATION;
-
-typedef struct _FILE_LOCK_INFO {
- LARGE_INTEGER StartingByte;
- LARGE_INTEGER Length;
- BOOLEAN ExclusiveLock;
- ULONG Key;
- PFILE_OBJECT FileObject;
- PEPROCESS Process;
- LARGE_INTEGER EndingByte;
-} FILE_LOCK_INFO, *PFILE_LOCK_INFO;
-
-// raw internal file lock struct returned from FsRtlGetNextFileLock
-typedef struct _FILE_SHARED_LOCK_ENTRY {
- PVOID Unknown1;
- PVOID Unknown2;
- FILE_LOCK_INFO FileLock;
-} FILE_SHARED_LOCK_ENTRY, *PFILE_SHARED_LOCK_ENTRY;
-
-// raw internal file lock struct returned from FsRtlGetNextFileLock
-typedef struct _FILE_EXCLUSIVE_LOCK_ENTRY {
- LIST_ENTRY ListEntry;
- PVOID Unknown1;
- PVOID Unknown2;
- FILE_LOCK_INFO FileLock;
-} FILE_EXCLUSIVE_LOCK_ENTRY, *PFILE_EXCLUSIVE_LOCK_ENTRY;
-
-typedef NTSTATUS (*PCOMPLETE_LOCK_IRP_ROUTINE) (
- IN PVOID Context,
- IN PIRP Irp
-);
-
-typedef VOID (*PUNLOCK_ROUTINE) (
- IN PVOID Context,
- IN PFILE_LOCK_INFO FileLockInfo
-);
-
-typedef struct _FILE_LOCK {
- PCOMPLETE_LOCK_IRP_ROUTINE CompleteLockIrpRoutine;
- PUNLOCK_ROUTINE UnlockRoutine;
- BOOLEAN FastIoIsQuestionable;
- BOOLEAN Pad[3];
- PVOID LockInformation;
- FILE_LOCK_INFO LastReturnedLockInfo;
- PVOID LastReturnedLock;
-} FILE_LOCK, *PFILE_LOCK;
-
-typedef struct _FILE_MAILSLOT_PEEK_BUFFER {
- ULONG ReadDataAvailable;
- ULONG NumberOfMessages;
- ULONG MessageLength;
-} FILE_MAILSLOT_PEEK_BUFFER, *PFILE_MAILSLOT_PEEK_BUFFER;
-
-typedef struct _FILE_MAILSLOT_QUERY_INFORMATION {
- ULONG MaximumMessageSize;
- ULONG MailslotQuota;
- ULONG NextMessageSize;
- ULONG MessagesAvailable;
- LARGE_INTEGER ReadTimeout;
-} FILE_MAILSLOT_QUERY_INFORMATION, *PFILE_MAILSLOT_QUERY_INFORMATION;
-
-typedef struct _FILE_MAILSLOT_SET_INFORMATION {
- PLARGE_INTEGER ReadTimeout;
-} FILE_MAILSLOT_SET_INFORMATION, *PFILE_MAILSLOT_SET_INFORMATION;
-
-typedef struct _FILE_MODE_INFORMATION {
- ULONG Mode;
-} FILE_MODE_INFORMATION, *PFILE_MODE_INFORMATION;
-
-// This structure is included in the Windows 2000 DDK but is missing in the
-// Windows NT 4.0 DDK
-#if (VER_PRODUCTBUILD < 2195)
-typedef struct _FILE_NAME_INFORMATION {
- ULONG FileNameLength;
- WCHAR FileName[1];
-} FILE_NAME_INFORMATION, *PFILE_NAME_INFORMATION;
-#endif // (VER_PRODUCTBUILD < 2195)
-
-typedef struct _FILE_ALL_INFORMATION {
- FILE_BASIC_INFORMATION BasicInformation;
- FILE_STANDARD_INFORMATION StandardInformation;
- FILE_INTERNAL_INFORMATION InternalInformation;
- FILE_EA_INFORMATION EaInformation;
- FILE_ACCESS_INFORMATION AccessInformation;
- FILE_POSITION_INFORMATION PositionInformation;
- FILE_MODE_INFORMATION ModeInformation;
- FILE_ALIGNMENT_INFORMATION AlignmentInformation;
- FILE_NAME_INFORMATION NameInformation;
-} FILE_ALL_INFORMATION, *PFILE_ALL_INFORMATION;
-
-typedef struct _FILE_NAMES_INFORMATION {
- ULONG NextEntryOffset;
- ULONG FileIndex;
- ULONG FileNameLength;
- WCHAR FileName[1];
-} FILE_NAMES_INFORMATION, *PFILE_NAMES_INFORMATION;
-
-typedef struct _FILE_NOTIFY_INFORMATION {
- ULONG NextEntryOffset;
- ULONG Action;
- ULONG FileNameLength;
- WCHAR FileName[1];
-} FILE_NOTIFY_INFORMATION, *PFILE_NOTIFY_INFORMATION;
-
-typedef struct _FILE_OBJECTID_INFORMATION {
- LONGLONG FileReference;
- UCHAR ObjectId[16];
- union {
- struct {
- UCHAR BirthVolumeId[16];
- UCHAR BirthObjectId[16];
- UCHAR DomainId[16];
- } ;
- UCHAR ExtendedInfo[48];
- };
-} FILE_OBJECTID_INFORMATION, *PFILE_OBJECTID_INFORMATION;
-
-typedef struct _FILE_OLE_CLASSID_INFORMATION {
- GUID ClassId;
-} FILE_OLE_CLASSID_INFORMATION, *PFILE_OLE_CLASSID_INFORMATION;
-
-typedef struct _FILE_OLE_ALL_INFORMATION {
- FILE_BASIC_INFORMATION BasicInformation;
- FILE_STANDARD_INFORMATION StandardInformation;
- FILE_INTERNAL_INFORMATION InternalInformation;
- FILE_EA_INFORMATION EaInformation;
- FILE_ACCESS_INFORMATION AccessInformation;
- FILE_POSITION_INFORMATION PositionInformation;
- FILE_MODE_INFORMATION ModeInformation;
- FILE_ALIGNMENT_INFORMATION AlignmentInformation;
- USN LastChangeUsn;
- USN ReplicationUsn;
- LARGE_INTEGER SecurityChangeTime;
- FILE_OLE_CLASSID_INFORMATION OleClassIdInformation;
- FILE_OBJECTID_INFORMATION ObjectIdInformation;
- FILE_STORAGE_TYPE StorageType;
- ULONG OleStateBits;
- ULONG OleId;
- ULONG NumberOfStreamReferences;
- ULONG StreamIndex;
- ULONG SecurityId;
- BOOLEAN ContentIndexDisable;
- BOOLEAN InheritContentIndexDisable;
- FILE_NAME_INFORMATION NameInformation;
-} FILE_OLE_ALL_INFORMATION, *PFILE_OLE_ALL_INFORMATION;
-
-typedef struct _FILE_OLE_DIR_INFORMATION {
- ULONG NextEntryOffset;
- ULONG FileIndex;
- LARGE_INTEGER CreationTime;
- LARGE_INTEGER LastAccessTime;
- LARGE_INTEGER LastWriteTime;
- LARGE_INTEGER ChangeTime;
- LARGE_INTEGER EndOfFile;
- LARGE_INTEGER AllocationSize;
- ULONG FileAttributes;
- ULONG FileNameLength;
- FILE_STORAGE_TYPE StorageType;
- GUID OleClassId;
- ULONG OleStateBits;
- BOOLEAN ContentIndexDisable;
- BOOLEAN InheritContentIndexDisable;
- WCHAR FileName[1];
-} FILE_OLE_DIR_INFORMATION, *PFILE_OLE_DIR_INFORMATION;
-
-typedef struct _FILE_OLE_INFORMATION {
- LARGE_INTEGER SecurityChangeTime;
- FILE_OLE_CLASSID_INFORMATION OleClassIdInformation;
- FILE_OBJECTID_INFORMATION ObjectIdInformation;
- FILE_STORAGE_TYPE StorageType;
- ULONG OleStateBits;
- BOOLEAN ContentIndexDisable;
- BOOLEAN InheritContentIndexDisable;
-} FILE_OLE_INFORMATION, *PFILE_OLE_INFORMATION;
-
-typedef struct _FILE_OLE_STATE_BITS_INFORMATION {
- ULONG StateBits;
- ULONG StateBitsMask;
-} FILE_OLE_STATE_BITS_INFORMATION, *PFILE_OLE_STATE_BITS_INFORMATION;
-
-typedef struct _FILE_PIPE_ASSIGN_EVENT_BUFFER {
- HANDLE EventHandle;
- ULONG KeyValue;
-} FILE_PIPE_ASSIGN_EVENT_BUFFER, *PFILE_PIPE_ASSIGN_EVENT_BUFFER;
-
-typedef struct _FILE_PIPE_CLIENT_PROCESS_BUFFER {
- PVOID ClientSession;
- PVOID ClientProcess;
-} FILE_PIPE_CLIENT_PROCESS_BUFFER, *PFILE_PIPE_CLIENT_PROCESS_BUFFER;
-
-typedef struct _FILE_PIPE_EVENT_BUFFER {
- ULONG NamedPipeState;
- ULONG EntryType;
- ULONG ByteCount;
- ULONG KeyValue;
- ULONG NumberRequests;
-} FILE_PIPE_EVENT_BUFFER, *PFILE_PIPE_EVENT_BUFFER;
-
-typedef struct _FILE_PIPE_INFORMATION {
- ULONG ReadMode;
- ULONG CompletionMode;
-} FILE_PIPE_INFORMATION, *PFILE_PIPE_INFORMATION;
-
-typedef struct _FILE_PIPE_LOCAL_INFORMATION {
- ULONG NamedPipeType;
- ULONG NamedPipeConfiguration;
- ULONG MaximumInstances;
- ULONG CurrentInstances;
- ULONG InboundQuota;
- ULONG ReadDataAvailable;
- ULONG OutboundQuota;
- ULONG WriteQuotaAvailable;
- ULONG NamedPipeState;
- ULONG NamedPipeEnd;
-} FILE_PIPE_LOCAL_INFORMATION, *PFILE_PIPE_LOCAL_INFORMATION;
-
-typedef struct _FILE_PIPE_PEEK_BUFFER {
- ULONG NamedPipeState;
- ULONG ReadDataAvailable;
- ULONG NumberOfMessages;
- ULONG MessageLength;
- CHAR Data[1];
-} FILE_PIPE_PEEK_BUFFER, *PFILE_PIPE_PEEK_BUFFER;
-
-typedef struct _FILE_PIPE_REMOTE_INFORMATION {
- LARGE_INTEGER CollectDataTime;
- ULONG MaximumCollectionCount;
-} FILE_PIPE_REMOTE_INFORMATION, *PFILE_PIPE_REMOTE_INFORMATION;
-
-typedef struct _FILE_PIPE_WAIT_FOR_BUFFER {
- LARGE_INTEGER Timeout;
- ULONG NameLength;
- BOOLEAN TimeoutSpecified;
- WCHAR Name[1];
-} FILE_PIPE_WAIT_FOR_BUFFER, *PFILE_PIPE_WAIT_FOR_BUFFER;
-
-typedef struct _FILE_QUOTA_INFORMATION {
- ULONG NextEntryOffset;
- ULONG SidLength;
- LARGE_INTEGER ChangeTime;
- LARGE_INTEGER QuotaUsed;
- LARGE_INTEGER QuotaThreshold;
- LARGE_INTEGER QuotaLimit;
- SID Sid;
-} FILE_QUOTA_INFORMATION, *PFILE_QUOTA_INFORMATION;
-
-typedef struct _FILE_RENAME_INFORMATION {
- BOOLEAN ReplaceIfExists;
- HANDLE RootDirectory;
- ULONG FileNameLength;
- WCHAR FileName[1];
-} FILE_RENAME_INFORMATION, *PFILE_RENAME_INFORMATION;
-
-typedef struct _FILE_STREAM_INFORMATION {
- ULONG NextEntryOffset;
- ULONG StreamNameLength;
- LARGE_INTEGER StreamSize;
- LARGE_INTEGER StreamAllocationSize;
- WCHAR StreamName[1];
-} FILE_STREAM_INFORMATION, *PFILE_STREAM_INFORMATION;
-
-typedef struct _FILE_TRACKING_INFORMATION {
- HANDLE DestinationFile;
- ULONG ObjectInformationLength;
- CHAR ObjectInformation[1];
-} FILE_TRACKING_INFORMATION, *PFILE_TRACKING_INFORMATION;
-
-typedef struct _FSRTL_COMMON_FCB_HEADER {
- CSHORT NodeTypeCode;
- CSHORT NodeByteSize;
- UCHAR Flags;
- UCHAR IsFastIoPossible;
-#if (VER_PRODUCTBUILD >= 1381)
- UCHAR Flags2;
- UCHAR Reserved : 4;
- UCHAR Version : 4;
-#endif // (VER_PRODUCTBUILD >= 1381)
- PERESOURCE Resource;
- PERESOURCE PagingIoResource;
- LARGE_INTEGER AllocationSize;
- LARGE_INTEGER FileSize;
- LARGE_INTEGER ValidDataLength;
-} FSRTL_COMMON_FCB_HEADER, *PFSRTL_COMMON_FCB_HEADER;
-
-#if (VER_PRODUCTBUILD >= 2600)
-
-#ifdef __cplusplus
-typedef struct _FSRTL_ADVANCED_FCB_HEADER:FSRTL_COMMON_FCB_HEADER {
-#else // __cplusplus
-typedef struct _FSRTL_ADVANCED_FCB_HEADER {
- FSRTL_COMMON_FCB_HEADER;
-#endif // __cplusplus
- PFAST_MUTEX FastMutex;
- LIST_ENTRY FilterContexts;
- EX_PUSH_LOCK PushLock;
- PVOID *FileContextSupportPointer;
-} FSRTL_ADVANCED_FCB_HEADER, *PFSRTL_ADVANCED_FCB_HEADER;
-
-#endif // (VER_PRODUCTBUILD >= 2600)
-
-typedef struct _GENERATE_NAME_CONTEXT {
- USHORT Checksum;
- BOOLEAN CheckSumInserted;
- UCHAR NameLength;
- WCHAR NameBuffer[8];
- ULONG ExtensionLength;
- WCHAR ExtensionBuffer[4];
- ULONG LastIndexValue;
-} GENERATE_NAME_CONTEXT, *PGENERATE_NAME_CONTEXT;
-
-typedef struct _HANDLE_INFO { // Information about open handles
- union {
- PEPROCESS Process; // Pointer to PEPROCESS owning the Handle
- ULONG Count; // Count of HANDLE_INFO structures following this structure
- } HandleInfo;
- USHORT HandleCount;
-} HANDLE_INFO, *PHANDLE_INFO;
-
-typedef struct _HANDLE_TABLE_ENTRY_INFO {
- ULONG AuditMask;
-} HANDLE_TABLE_ENTRY_INFO, *PHANDLE_TABLE_ENTRY_INFO;
-
-typedef struct _HANDLE_TABLE_ENTRY {
- union {
- PVOID Object;
- ULONG ObAttributes;
- PHANDLE_TABLE_ENTRY_INFO InfoTable;
- ULONG Value;
- };
- union {
- ULONG GrantedAccess;
- USHORT GrantedAccessIndex;
- LONG NextFreeTableEntry;
- };
- USHORT CreatorBackTraceIndex;
-} HANDLE_TABLE_ENTRY, *PHANDLE_TABLE_ENTRY;
-
-typedef struct _MAPPING_PAIR {
- ULONGLONG Vcn;
- ULONGLONG Lcn;
-} MAPPING_PAIR, *PMAPPING_PAIR;
-
-typedef struct _GET_RETRIEVAL_DESCRIPTOR {
- ULONG NumberOfPairs;
- ULONGLONG StartVcn;
- MAPPING_PAIR Pair[1];
-} GET_RETRIEVAL_DESCRIPTOR, *PGET_RETRIEVAL_DESCRIPTOR;
-
-typedef struct _INITIAL_TEB {
- ULONG Unknown_1;
- ULONG Unknown_2;
- PVOID StackTop;
- PVOID StackBase;
- PVOID Unknown_3;
-} INITIAL_TEB, *PINITIAL_TEB;
-
-typedef struct _IO_CLIENT_EXTENSION {
- struct _IO_CLIENT_EXTENSION *NextExtension;
- PVOID ClientIdentificationAddress;
-} IO_CLIENT_EXTENSION, *PIO_CLIENT_EXTENSION;
-
-typedef struct _IO_COMPLETION_BASIC_INFORMATION {
- LONG Depth;
-} IO_COMPLETION_BASIC_INFORMATION, *PIO_COMPLETION_BASIC_INFORMATION;
-
-typedef struct _KEVENT_PAIR {
- USHORT Type;
- USHORT Size;
- KEVENT Event1;
- KEVENT Event2;
-} KEVENT_PAIR, *PKEVENT_PAIR;
-
-typedef struct _KINTERRUPT {
- CSHORT Type;
- CSHORT Size;
- LIST_ENTRY InterruptListEntry;
- PKSERVICE_ROUTINE ServiceRoutine;
- PVOID ServiceContext;
- KSPIN_LOCK SpinLock;
- ULONG TickCount;
- PKSPIN_LOCK ActualLock;
- PVOID DispatchAddress;
- ULONG Vector;
- KIRQL Irql;
- KIRQL SynchronizeIrql;
- BOOLEAN FloatingSave;
- BOOLEAN Connected;
- CHAR Number;
- UCHAR ShareVector;
- KINTERRUPT_MODE Mode;
- ULONG ServiceCount;
- ULONG DispatchCount;
- ULONG DispatchCode[106];
-} KINTERRUPT, *PKINTERRUPT;
-
-typedef struct _KQUEUE {
- DISPATCHER_HEADER Header;
- LIST_ENTRY EntryListHead;
- ULONG CurrentCount;
- ULONG MaximumCount;
- LIST_ENTRY ThreadListHead;
-} KQUEUE, *PKQUEUE, *RESTRICTED_POINTER PRKQUEUE;
-
-typedef struct _LARGE_MCB {
- PFAST_MUTEX FastMutex;
- ULONG MaximumPairCount;
- ULONG PairCount;
- POOL_TYPE PoolType;
- PVOID Mapping;
-} LARGE_MCB, *PLARGE_MCB;
-
-typedef struct _LPC_MESSAGE {
- USHORT DataSize;
- USHORT MessageSize;
- USHORT MessageType;
- USHORT VirtualRangesOffset;
- CLIENT_ID ClientId;
- ULONG MessageId;
- ULONG SectionSize;
- UCHAR Data[1];
-} LPC_MESSAGE, *PLPC_MESSAGE;
-
-typedef struct _LPC_SECTION_READ {
- ULONG Length;
- ULONG ViewSize;
- PVOID ViewBase;
-} LPC_SECTION_READ, *PLPC_SECTION_READ;
-
-typedef struct _LPC_SECTION_WRITE {
- ULONG Length;
- HANDLE SectionHandle;
- ULONG SectionOffset;
- ULONG ViewSize;
- PVOID ViewBase;
- PVOID TargetViewBase;
-} LPC_SECTION_WRITE, *PLPC_SECTION_WRITE;
-
-typedef struct _MAILSLOT_CREATE_PARAMETERS {
- ULONG MailslotQuota;
- ULONG MaximumMessageSize;
- LARGE_INTEGER ReadTimeout;
- BOOLEAN TimeoutSpecified;
-} MAILSLOT_CREATE_PARAMETERS, *PMAILSLOT_CREATE_PARAMETERS;
-
-typedef struct _MBCB {
- CSHORT NodeTypeCode;
- CSHORT NodeIsInZone;
- ULONG PagesToWrite;
- ULONG DirtyPages;
- ULONG Reserved;
- LIST_ENTRY BitmapRanges;
- LONGLONG ResumeWritePage;
- BITMAP_RANGE BitmapRange1;
- BITMAP_RANGE BitmapRange2;
- BITMAP_RANGE BitmapRange3;
-} MBCB, *PMBCB;
-
-typedef struct _MCB {
- LARGE_MCB LargeMcb;
-} MCB, *PMCB;
-
-typedef struct _MOVEFILE_DESCRIPTOR {
- HANDLE FileHandle;
- ULONG Reserved;
- LARGE_INTEGER StartVcn;
- LARGE_INTEGER TargetLcn;
- ULONG NumVcns;
- ULONG Reserved1;
-} MOVEFILE_DESCRIPTOR, *PMOVEFILE_DESCRIPTOR;
-
-typedef struct _NAMED_PIPE_CREATE_PARAMETERS {
- ULONG NamedPipeType;
- ULONG ReadMode;
- ULONG CompletionMode;
- ULONG MaximumInstances;
- ULONG InboundQuota;
- ULONG OutboundQuota;
- LARGE_INTEGER DefaultTimeout;
- BOOLEAN TimeoutSpecified;
-} NAMED_PIPE_CREATE_PARAMETERS, *PNAMED_PIPE_CREATE_PARAMETERS;
-
-typedef struct _QUOTA_BLOCK {
- KSPIN_LOCK QuotaLock;
- ULONG ReferenceCount; // Number of processes using this block
- ULONG PeakNonPagedPoolUsage;
- ULONG PeakPagedPoolUsage;
- ULONG NonPagedpoolUsage;
- ULONG PagedPoolUsage;
- ULONG NonPagedPoolLimit;
- ULONG PagedPoolLimit;
- ULONG PeakPagefileUsage;
- ULONG PagefileUsage;
- ULONG PageFileLimit;
-} QUOTA_BLOCK, *PQUOTA_BLOCK;
-
-typedef struct _OBJECT_BASIC_INFO {
- ULONG Attributes;
- ACCESS_MASK GrantedAccess;
- ULONG HandleCount;
- ULONG ReferenceCount;
- ULONG PagedPoolUsage;
- ULONG NonPagedPoolUsage;
- ULONG Reserved[3];
- ULONG NameInformationLength;
- ULONG TypeInformationLength;
- ULONG SecurityDescriptorLength;
- LARGE_INTEGER CreateTime;
-} OBJECT_BASIC_INFO, *POBJECT_BASIC_INFO;
-
-typedef struct _OBJECT_CREATE_INFORMATION {
- ULONG Attributes;
- HANDLE RootDirectory; // 0x4
- PVOID ParseContext; // 0x8
- KPROCESSOR_MODE ProbeMode; // 0xc
- ULONG PagedPoolCharge; // 0x10
- ULONG NonPagedPoolCharge; // 0x14
- ULONG SecurityDescriptorCharge; // 0x18
- PSECURITY_DESCRIPTOR SecurityDescriptor; // 0x1c
- PSECURITY_QUALITY_OF_SERVICE SecurityQos; // 0x20
- SECURITY_QUALITY_OF_SERVICE SecurityQualityOfService; // 0x24
-} OBJECT_CREATE_INFORMATION, *POBJECT_CREATE_INFORMATION;
-
-typedef struct _OBJECT_CREATOR_INFO {
- LIST_ENTRY Creator;
- ULONG UniqueProcessId; // Creator's Process ID
- ULONG Reserved; // Alignment
-} OBJECT_CREATOR_INFO, *POBJECT_CREATOR_INFO;
-
-typedef struct _OBJECT_DIRECTORY_ITEM {
- struct _OBJECT_DIRECTORY_ITEM *Next;
- PVOID Object;
-} OBJECT_DIRECTORY_ITEM, *POBJECT_DIRECTORY_ITEM;
-
-typedef struct _OBJECT_DIRECTORY {
- POBJECT_DIRECTORY_ITEM HashEntries[0x25];
- POBJECT_DIRECTORY_ITEM LastHashAccess;
- ULONG LastHashResult;
-} OBJECT_DIRECTORY, *POBJECT_DIRECTORY;
-
-typedef struct _OBJECT_HANDLE_ATTRIBUTE_INFO {
- BOOLEAN Inherit;
- BOOLEAN ProtectFromClose;
-} OBJECT_HANDLE_ATTRIBUTE_INFO, *POBJECT_HANDLE_ATTRIBUTE_INFO;
-
-typedef struct _OBJECT_HANDLE_DB {
- union {
- struct _EPROCESS *Process;
- struct _OBJECT_HANDLE_DB_LIST *HandleDBList;
- };
- ULONG HandleCount;
-} OBJECT_HANDLE_DB, *POBJECT_HANDLE_DB;
-
-typedef struct _OBJECT_HANDLE_DB_LIST {
- ULONG Count;
- OBJECT_HANDLE_DB Entries[1];
-} OBJECT_HANDLE_DB_LIST, *POBJECT_HANDLE_DB_LIST;
-
-typedef struct _OBJECT_HEADER_FLAGS {
- ULONG NameInfoOffset : 8;
- ULONG HandleInfoOffset : 8;
- ULONG QuotaInfoOffset : 8;
- ULONG QuotaBlock : 1; // QuotaBlock/ObjectInfo
- ULONG KernelMode : 1; // UserMode/KernelMode
- ULONG CreatorInfo : 1;
- ULONG Exclusive : 1;
- ULONG Permanent : 1;
- ULONG SecurityDescriptor : 1;
- ULONG HandleInfo : 1;
- ULONG Reserved : 1;
-} OBJECT_HEADER_FLAGS, *POBJECT_HEADER_FLAGS;
-
-typedef struct _OBJECT_HEADER {
- ULONG ReferenceCount;
- union {
- ULONG HandleCount;
- PSINGLE_LIST_ENTRY NextToFree;
- }; // 0x4
- POBJECT_TYPE ObjectType; // 0x8
- OBJECT_HEADER_FLAGS Flags; // 0xc
- union {
- POBJECT_CREATE_INFORMATION ObjectCreateInfo;
- PQUOTA_BLOCK QuotaBlock;
- }; // 0x10
- PSECURITY_DESCRIPTOR SecurityDescriptor; // 0x14
- QUAD Body; // 0x18
-} OBJECT_HEADER, *POBJECT_HEADER;
-
-typedef struct _OBJECT_NAME {
- POBJECT_DIRECTORY Directory;
- UNICODE_STRING ObjectName;
- ULONG Reserved;
-} OBJECT_NAME, *POBJECT_NAME;
-
-typedef struct _OBJECT_NAME_INFO {
- UNICODE_STRING ObjectName;
- WCHAR ObjectNameBuffer[1];
-} OBJECT_NAME_INFO, *POBJECT_NAME_INFO;
-
-typedef struct _OBJECT_PROTECTION_INFO {
- BOOLEAN Inherit;
- BOOLEAN ProtectHandle;
-} OBJECT_PROTECTION_INFO, *POBJECT_PROTECTION_INFO;
-
-typedef struct _OBJECT_QUOTA_CHARGES {
- ULONG PagedPoolCharge;
- ULONG NonPagedPoolCharge;
- ULONG SecurityCharge;
- ULONG Reserved;
-} OBJECT_QUOTA_CHARGES, *POBJECT_QUOTA_CHARGES;
-
-typedef struct _OBJECT_QUOTA_INFO {
- ULONG PagedPoolQuota;
- ULONG NonPagedPoolQuota;
- ULONG QuotaInformationSize;
- PEPROCESS Process; // Owning process
-} OBJECT_QUOTA_INFO, *POBJECT_QUOTA_INFO;
-
-typedef struct _OBJECT_TYPE_INITIALIZER {
- USHORT Length;
- BOOLEAN UseDefaultObject;
- BOOLEAN Reserved1;
- ULONG InvalidAttributes;
- GENERIC_MAPPING GenericMapping;
- ACCESS_MASK ValidAccessMask;
- BOOLEAN SecurityRequired;
- BOOLEAN MaintainHandleCount; /* OBJECT_HANDLE_DB */
- BOOLEAN MaintainTypeList; /* OBJECT_CREATOR_INFO */
- UCHAR Reserved2;
- BOOLEAN PagedPool;
- ULONG DefaultPagedPoolCharge;
- ULONG DefaultNonPagedPoolCharge;
- PVOID DumpProcedure;
- PVOID OpenProcedure;
- PVOID CloseProcedure;
- PVOID DeleteProcedure;
- PVOID ParseProcedure;
- PVOID SecurityProcedure; /* SeDefaultObjectMethod */
- PVOID QueryNameProcedure;
- PVOID OkayToCloseProcedure;
-} OBJECT_TYPE_INITIALIZER, *POBJECT_TYPE_INITIALIZER;
-
-typedef struct _OBJECT_TYPE {
- ERESOURCE Lock;
- LIST_ENTRY ObjectListHead; /* OBJECT_CREATOR_INFO */
- UNICODE_STRING ObjectTypeName;
- union {
- PVOID DefaultObject; /* ObpDefaultObject */
- ULONG Code; /* File: 5C, WaitablePort: A0 */
- };
- ULONG ObjectTypeIndex; /* OB_TYPE_INDEX_* */
- ULONG ObjectCount;
- ULONG HandleCount;
- ULONG PeakObjectCount;
- ULONG PeakHandleCount;
- OBJECT_TYPE_INITIALIZER TypeInfo;
- ULONG ObjectTypeTag; /* OB_TYPE_TAG_* */
-} OBJECT_TYPE, *POBJECT_TYPE;
-
-typedef struct _OBJECT_TYPE_INFO {
- UNICODE_STRING ObjectTypeName;
- UCHAR Unknown[0x58];
- WCHAR ObjectTypeNameBuffer[1];
-} OBJECT_TYPE_INFO, *POBJECT_TYPE_INFO;
-
-typedef struct _OBJECT_ALL_TYPES_INFO {
- ULONG NumberOfObjectTypes;
- OBJECT_TYPE_INFO ObjectsTypeInfo[1];
-} OBJECT_ALL_TYPES_INFO, *POBJECT_ALL_TYPES_INFO;
-
-typedef struct _PAGEFAULT_HISTORY {
- ULONG CurrentIndex;
- ULONG MaxIndex;
- KSPIN_LOCK SpinLock;
- PVOID Reserved;
- PROCESS_WS_WATCH_INFORMATION WatchInfo[1];
-} PAGEFAULT_HISTORY, *PPAGEFAULT_HISTORY;
-
-typedef struct _PATHNAME_BUFFER {
- ULONG PathNameLength;
- WCHAR Name[1];
-} PATHNAME_BUFFER, *PPATHNAME_BUFFER;
-
-#if (VER_PRODUCTBUILD >= 2600)
-
-typedef struct _PRIVATE_CACHE_MAP_FLAGS {
- ULONG DontUse : 16;
- ULONG ReadAheadActive : 1;
- ULONG ReadAheadEnabled : 1;
- ULONG Available : 14;
-} PRIVATE_CACHE_MAP_FLAGS, *PPRIVATE_CACHE_MAP_FLAGS;
-
-typedef struct _PRIVATE_CACHE_MAP {
- union {
- CSHORT NodeTypeCode;
- PRIVATE_CACHE_MAP_FLAGS Flags;
- ULONG UlongFlags;
- };
- ULONG ReadAheadMask;
- PFILE_OBJECT FileObject;
- LARGE_INTEGER FileOffset1;
- LARGE_INTEGER BeyondLastByte1;
- LARGE_INTEGER FileOffset2;
- LARGE_INTEGER BeyondLastByte2;
- LARGE_INTEGER ReadAheadOffset[2];
- ULONG ReadAheadLength[2];
- KSPIN_LOCK ReadAheadSpinLock;
- LIST_ENTRY PrivateLinks;
-} PRIVATE_CACHE_MAP, *PPRIVATE_CACHE_MAP;
-
-#endif
-
-typedef struct _PROCESS_PRIORITY_CLASS {
- BOOLEAN Foreground;
- UCHAR PriorityClass;
-} PROCESS_PRIORITY_CLASS, *PPROCESS_PRIORITY_CLASS;
-
-typedef struct _PS_IMPERSONATION_INFORMATION {
- PACCESS_TOKEN Token;
- BOOLEAN CopyOnOpen;
- BOOLEAN EffectiveOnly;
- SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
-} PS_IMPERSONATION_INFORMATION, *PPS_IMPERSONATION_INFORMATION;
-
-typedef struct _PUBLIC_BCB {
- CSHORT NodeTypeCode;
- CSHORT NodeByteSize;
- ULONG MappedLength;
- LARGE_INTEGER MappedFileOffset;
-} PUBLIC_BCB, *PPUBLIC_BCB;
-
-typedef struct _QUERY_PATH_REQUEST {
- ULONG PathNameLength;
- PIO_SECURITY_CONTEXT SecurityContext;
- WCHAR FilePathName[1];
-} QUERY_PATH_REQUEST, *PQUERY_PATH_REQUEST;
-
-typedef struct _QUERY_PATH_RESPONSE {
- ULONG LengthAccepted;
-} QUERY_PATH_RESPONSE, *PQUERY_PATH_RESPONSE;
-
-#if (VER_PRODUCTBUILD >= 2600)
-
-typedef struct _READ_LIST {
- PFILE_OBJECT FileObject;
- ULONG NumberOfEntries;
- LOGICAL IsImage;
- FILE_SEGMENT_ELEMENT List[ANYSIZE_ARRAY];
-} READ_LIST, *PREAD_LIST;
-
-#endif // (VER_PRODUCTBUILD >= 2600)
-
-typedef struct _REPARSE_DATA_BUFFER {
-
- ULONG ReparseTag;
- USHORT ReparseDataLength;
- USHORT Reserved;
-
- union {
-
- struct {
- USHORT SubstituteNameOffset;
- USHORT SubstituteNameLength;
- USHORT PrintNameOffset;
- USHORT PrintNameLength;
- WCHAR PathBuffer[1];
- } SymbolicLinkReparseBuffer;
-
- struct {
- USHORT SubstituteNameOffset;
- USHORT SubstituteNameLength;
- USHORT PrintNameOffset;
- USHORT PrintNameLength;
- WCHAR PathBuffer[1];
- } MountPointReparseBuffer;
-
- struct {
- UCHAR DataBuffer[1];
- } GenericReparseBuffer;
- };
-
-} REPARSE_DATA_BUFFER, *PREPARSE_DATA_BUFFER;
-
-typedef struct _RETRIEVAL_POINTERS_BUFFER {
- ULONG ExtentCount;
- LARGE_INTEGER StartingVcn;
- struct {
- LARGE_INTEGER NextVcn;
- LARGE_INTEGER Lcn;
- } Extents[1];
-} RETRIEVAL_POINTERS_BUFFER, *PRETRIEVAL_POINTERS_BUFFER;
-
-typedef struct _RTL_SPLAY_LINKS {
- struct _RTL_SPLAY_LINKS *Parent;
- struct _RTL_SPLAY_LINKS *LeftChild;
- struct _RTL_SPLAY_LINKS *RightChild;
-} RTL_SPLAY_LINKS, *PRTL_SPLAY_LINKS;
-
-typedef struct _SE_EXPORTS {
-
- LUID SeCreateTokenPrivilege;
- LUID SeAssignPrimaryTokenPrivilege;
- LUID SeLockMemoryPrivilege;
- LUID SeIncreaseQuotaPrivilege;
- LUID SeUnsolicitedInputPrivilege;
- LUID SeTcbPrivilege;
- LUID SeSecurityPrivilege;
- LUID SeTakeOwnershipPrivilege;
- LUID SeLoadDriverPrivilege;
- LUID SeCreatePagefilePrivilege;
- LUID SeIncreaseBasePriorityPrivilege;
- LUID SeSystemProfilePrivilege;
- LUID SeSystemtimePrivilege;
- LUID SeProfileSingleProcessPrivilege;
- LUID SeCreatePermanentPrivilege;
- LUID SeBackupPrivilege;
- LUID SeRestorePrivilege;
- LUID SeShutdownPrivilege;
- LUID SeDebugPrivilege;
- LUID SeAuditPrivilege;
- LUID SeSystemEnvironmentPrivilege;
- LUID SeChangeNotifyPrivilege;
- LUID SeRemoteShutdownPrivilege;
-
- PSID SeNullSid;
- PSID SeWorldSid;
- PSID SeLocalSid;
- PSID SeCreatorOwnerSid;
- PSID SeCreatorGroupSid;
-
- PSID SeNtAuthoritySid;
- PSID SeDialupSid;
- PSID SeNetworkSid;
- PSID SeBatchSid;
- PSID SeInteractiveSid;
- PSID SeLocalSystemSid;
- PSID SeAliasAdminsSid;
- PSID SeAliasUsersSid;
- PSID SeAliasGuestsSid;
- PSID SeAliasPowerUsersSid;
- PSID SeAliasAccountOpsSid;
- PSID SeAliasSystemOpsSid;
- PSID SeAliasPrintOpsSid;
- PSID SeAliasBackupOpsSid;
-
- PSID SeAuthenticatedUsersSid;
-
- PSID SeRestrictedSid;
- PSID SeAnonymousLogonSid;
-
- LUID SeUndockPrivilege;
- LUID SeSyncAgentPrivilege;
- LUID SeEnableDelegationPrivilege;
-
-} SE_EXPORTS, *PSE_EXPORTS;
-
-typedef struct _SECTION_BASIC_INFORMATION {
- PVOID BaseAddress;
- ULONG Attributes;
- LARGE_INTEGER Size;
-} SECTION_BASIC_INFORMATION, *PSECTION_BASIC_INFORMATION;
-
-typedef struct _SECTION_IMAGE_INFORMATION {
- PVOID EntryPoint;
- ULONG Unknown1;
- ULONG StackReserve;
- ULONG StackCommit;
- ULONG Subsystem;
- USHORT MinorSubsystemVersion;
- USHORT MajorSubsystemVersion;
- ULONG Unknown2;
- ULONG Characteristics;
- USHORT ImageNumber;
- BOOLEAN Executable;
- UCHAR Unknown3;
- ULONG Unknown4[3];
-} SECTION_IMAGE_INFORMATION, *PSECTION_IMAGE_INFORMATION;
-
-typedef struct _SECTION_OBJECT {
- PVOID StartingVa;
- PVOID EndingVa;
- struct _SECTION_OBJECT *Parent;
- struct _SECTION_OBJECT *LeftChild;
- struct _SECTION_OBJECT *RightChild;
- PVOID Segment;
-} SECTION_OBJECT, *PSECTION_OBJECT;
-
-typedef struct _SEP_AUDIT_POLICY {
- // _SEP_AUDIT_POLICY_CATEGORIES
- ULONGLONG System : 4;
- ULONGLONG Logon : 4;
- ULONGLONG ObjectAccess : 4;
- ULONGLONG PrivilegeUse : 4;
- ULONGLONG DetailedTracking : 4;
- ULONGLONG PolicyChange : 4;
- ULONGLONG AccountManagement : 4;
- ULONGLONG DirectoryServiceAccess : 4;
- ULONGLONG AccountLogon : 4;
- // _SEP_AUDIT_POLICY_OVERLAY
- ULONGLONG SetBit : 1;
-} SEP_AUDIT_POLICY, *PSEP_AUDIT_POLICY;
-
-/* size 0x1C */
-typedef struct _SEP_AUDIT_POLICY_VISTA {
- UCHAR PerUserPolicy[25]; /* +0x000 */
- UCHAR PolicySetStatus; /* +0x019 */
- USHORT Alignment; /* +0x01A */
-} SEP_AUDIT_POLICY_VISTA, *PSEP_AUDIT_POLICY_VISTA;
-
-typedef struct _SERVICE_DESCRIPTOR_TABLE {
- /*
- * Table containing cServices elements of pointers to service handler
- * functions, indexed by service ID.
- */
- PVOID *ServiceTable;
- /*
- * Table that counts how many times each service is used. This table
- * is only updated in checked builds.
- */
- PULONG CounterTable;
- /*
- * Number of services contained in this table.
- */
- ULONG TableSize;
- /*
- * Table containing the number of bytes of parameters the handler
- * function takes.
- */
- PUCHAR ArgumentTable;
-} SERVICE_DESCRIPTOR_TABLE, *PSERVICE_DESCRIPTOR_TABLE;
-
-#if (VER_PRODUCTBUILD >= 2600)
-
-typedef struct _SHARED_CACHE_MAP {
- CSHORT NodeTypeCode;
- CSHORT NodeByteSize;
- ULONG OpenCount;
- LARGE_INTEGER FileSize;
- LIST_ENTRY BcbList;
- LARGE_INTEGER SectionSize;
- LARGE_INTEGER ValidDataLength;
- LARGE_INTEGER ValidDataGoal;
- PVACB InitialVacbs[4];
- PVACB *Vacbs;
- PFILE_OBJECT FileObject;
- PVACB ActiveVacb;
- PVOID NeedToZero;
- ULONG ActivePage;
- ULONG NeedToZeroPage;
- KSPIN_LOCK ActiveVacbSpinLock;
- ULONG VacbActiveCount;
- ULONG DirtyPages;
- LIST_ENTRY SharedCacheMapLinks;
- ULONG Flags;
- NTSTATUS Status;
- PMBCB Mbcb;
- PVOID Section;
- PKEVENT CreateEvent;
- PKEVENT WaitOnActiveCount;
- ULONG PagesToWrite;
- LONGLONG BeyondLastFlush;
- PCACHE_MANAGER_CALLBACKS Callbacks;
- PVOID LazyWriteContext;
- LIST_ENTRY PrivateList;
- PVOID LogHandle;
- PVOID FlushToLsnRoutine;
- ULONG DirtyPageThreshold;
- ULONG LazyWritePassCount;
- PCACHE_UNINITIALIZE_EVENT UninitializeEvent;
- PVACB NeedToZeroVacb;
- KSPIN_LOCK BcbSpinLock;
- PVOID Reserved;
- KEVENT Event;
- EX_PUSH_LOCK VacbPushLock;
- PRIVATE_CACHE_MAP PrivateCacheMap;
-} SHARED_CACHE_MAP, *PSHARED_CACHE_MAP;
-
-#endif
-
-typedef struct _SID_AND_ATTRIBUTES {
- PSID Sid;
- ULONG Attributes;
-} SID_AND_ATTRIBUTES, *PSID_AND_ATTRIBUTES;
-
-typedef struct _SID_AND_ATTRIBUTES_HASH {
- ULONG SidCount; /* +0x000 */
- PSID_AND_ATTRIBUTES SidAttr; /* +0x004 */
- ULONG Hash[32]; /* +0x008 */
-} SID_AND_ATTRIBUTES_HASH, *PSID_AND_ATTRIBUTES_HASH;
-
-typedef struct _STARTING_VCN_INPUT_BUFFER {
- LARGE_INTEGER StartingVcn;
-} STARTING_VCN_INPUT_BUFFER, *PSTARTING_VCN_INPUT_BUFFER;
-
-// SystemBasicInformation
-typedef struct _SYSTEM_BASIC_INFORMATION {
- ULONG Unknown;
- ULONG MaximumIncrement;
- ULONG PhysicalPageSize;
- ULONG NumberOfPhysicalPages;
- ULONG LowestPhysicalPage;
- ULONG HighestPhysicalPage;
- ULONG AllocationGranularity;
- ULONG LowestUserAddress;
- ULONG HighestUserAddress;
- ULONG ActiveProcessors;
- UCHAR NumberProcessors;
-} SYSTEM_BASIC_INFORMATION, *PSYSTEM_BASIC_INFORMATION;
-
-// SystemProcessorInformation
-typedef struct _SYSTEM_PROCESSOR_INFORMATION {
- USHORT ProcessorArchitecture;
- USHORT ProcessorLevel;
- USHORT ProcessorRevision;
- USHORT Unknown;
- ULONG FeatureBits;
-} SYSTEM_PROCESSOR_INFORMATION, *PSYSTEM_PROCESSOR_INFORMATION;
-
-// SystemPerformanceInformation
-typedef struct _SYSTEM_PERFORMANCE_INFORMATION {
- LARGE_INTEGER IdleTime;
- LARGE_INTEGER ReadTransferCount;
- LARGE_INTEGER WriteTransferCount;
- LARGE_INTEGER OtherTransferCount;
- ULONG ReadOperationCount;
- ULONG WriteOperationCount;
- ULONG OtherOperationCount;
- ULONG AvailablePages;
- ULONG TotalCommittedPages;
- ULONG TotalCommitLimit;
- ULONG PeakCommitment;
- ULONG PageFaults;
- ULONG WriteCopyFaults;
- ULONG TransistionFaults;
- ULONG Reserved1;
- ULONG DemandZeroFaults;
- ULONG PagesRead;
- ULONG PageReadIos;
- ULONG Reserved2[2];
- ULONG PagefilePagesWritten;
- ULONG PagefilePageWriteIos;
- ULONG MappedFilePagesWritten;
- ULONG MappedFilePageWriteIos;
- ULONG PagedPoolUsage;
- ULONG NonPagedPoolUsage;
- ULONG PagedPoolAllocs;
- ULONG PagedPoolFrees;
- ULONG NonPagedPoolAllocs;
- ULONG NonPagedPoolFrees;
- ULONG TotalFreeSystemPtes;
- ULONG SystemCodePage;
- ULONG TotalSystemDriverPages;
- ULONG TotalSystemCodePages;
- ULONG SmallNonPagedLookasideListAllocateHits;
- ULONG SmallPagedLookasideListAllocateHits;
- ULONG Reserved3;
- ULONG MmSystemCachePage;
- ULONG PagedPoolPage;
- ULONG SystemDriverPage;
- ULONG FastReadNoWait;
- ULONG FastReadWait;
- ULONG FastReadResourceMiss;
- ULONG FastReadNotPossible;
- ULONG FastMdlReadNoWait;
- ULONG FastMdlReadWait;
- ULONG FastMdlReadResourceMiss;
- ULONG FastMdlReadNotPossible;
- ULONG MapDataNoWait;
- ULONG MapDataWait;
- ULONG MapDataNoWaitMiss;
- ULONG MapDataWaitMiss;
- ULONG PinMappedDataCount;
- ULONG PinReadNoWait;
- ULONG PinReadWait;
- ULONG PinReadNoWaitMiss;
- ULONG PinReadWaitMiss;
- ULONG CopyReadNoWait;
- ULONG CopyReadWait;
- ULONG CopyReadNoWaitMiss;
- ULONG CopyReadWaitMiss;
- ULONG MdlReadNoWait;
- ULONG MdlReadWait;
- ULONG MdlReadNoWaitMiss;
- ULONG MdlReadWaitMiss;
- ULONG ReadAheadIos;
- ULONG LazyWriteIos;
- ULONG LazyWritePages;
- ULONG DataFlushes;
- ULONG DataPages;
- ULONG ContextSwitches;
- ULONG FirstLevelTbFills;
- ULONG SecondLevelTbFills;
- ULONG SystemCalls;
-} SYSTEM_PERFORMANCE_INFORMATION, *PSYSTEM_PERFORMANCE_INFORMATION;
-
-// SystemTimeOfDayInformation
-typedef struct _SYSTEM_TIME_OF_DAY_INFORMATION {
- LARGE_INTEGER BootTime;
- LARGE_INTEGER CurrentTime;
- LARGE_INTEGER TimeZoneBias;
- ULONG CurrentTimeZoneId;
-} SYSTEM_TIME_OF_DAY_INFORMATION, *PSYSTEM_TIME_OF_DAY_INFORMATION;
-
-typedef struct _SYSTEM_THREADS_INFORMATION {
- LARGE_INTEGER KernelTime;
- LARGE_INTEGER UserTime;
- LARGE_INTEGER CreateTime;
- ULONG WaitTime;
- PVOID StartAddress;
- CLIENT_ID ClientId;
- KPRIORITY Priority;
- KPRIORITY BasePriority;
- ULONG ContextSwitchCount;
- THREAD_STATE State;
- KWAIT_REASON WaitReason;
-} SYSTEM_THREADS_INFORMATION, *PSYSTEM_THREADS_INFORMATION;
-
-// SystemProcessesAndThreadsInformation
-typedef struct _SYSTEM_PROCESSES_INFORMATION {
- ULONG NextEntryDelta;
- ULONG ThreadCount;
- ULONG Reserved1[6];
- LARGE_INTEGER CreateTime;
- LARGE_INTEGER UserTime;
- LARGE_INTEGER KernelTime;
- UNICODE_STRING ProcessName;
- KPRIORITY BasePriority;
- ULONG ProcessId;
- ULONG InheritedFromProcessId;
- ULONG HandleCount;
- ULONG SessionId;
- ULONG Reserved2;
- VM_COUNTERS VmCounters;
-#if (VER_PRODUCTBUILD >= 2195)
- IO_COUNTERS IoCounters;
-#endif // (VER_PRODUCTBUILD >= 2195)
- SYSTEM_THREADS_INFORMATION Threads[1];
-} SYSTEM_PROCESSES_INFORMATION, *PSYSTEM_PROCESSES_INFORMATION;
-
-// SystemCallCounts
-typedef struct _SYSTEM_CALL_COUNTS {
- ULONG Size;
- ULONG NumberOfDescriptorTables;
- ULONG NumberOfRoutinesInTable[1];
- // On checked build this is followed by a ULONG CallCounts[1] variable length array.
-} SYSTEM_CALL_COUNTS, *PSYSTEM_CALL_COUNTS;
-
-// SystemConfigurationInformation
-typedef struct _SYSTEM_CONFIGURATION_INFORMATION {
- ULONG DiskCount;
- ULONG FloppyCount;
- ULONG CdRomCount;
- ULONG TapeCount;
- ULONG SerialCount;
- ULONG ParallelCount;
-} SYSTEM_CONFIGURATION_INFORMATION, *PSYSTEM_CONFIGURATION_INFORMATION;
-
-// SystemProcessorTimes
-typedef struct _SYSTEM_PROCESSOR_TIMES {
- LARGE_INTEGER IdleTime;
- LARGE_INTEGER KernelTime;
- LARGE_INTEGER UserTime;
- LARGE_INTEGER DpcTime;
- LARGE_INTEGER InterruptTime;
- ULONG InterruptCount;
-} SYSTEM_PROCESSOR_TIMES, *PSYSTEM_PROCESSOR_TIMES;
-
-// SystemGlobalFlag
-typedef struct _SYSTEM_GLOBAL_FLAG {
- ULONG GlobalFlag;
-} SYSTEM_GLOBAL_FLAG, *PSYSTEM_GLOBAL_FLAG;
-
-// SystemModuleInformation
-typedef struct _SYSTEM_MODULE_INFORMATION {
- ULONG Reserved[2];
- PVOID Base;
- ULONG Size;
- ULONG Flags;
- USHORT Index;
- USHORT Unknown;
- USHORT LoadCount;
- USHORT ModuleNameOffset;
- CHAR ImageName[256];
-} SYSTEM_MODULE_INFORMATION, *PSYSTEM_MODULE_INFORMATION;
-
-// SystemLockInformation
-typedef struct _SYSTEM_LOCK_INFORMATION {
- PVOID Address;
- USHORT Type;
- USHORT Reserved1;
- ULONG ExclusiveOwnerThreadId;
- ULONG ActiveCount;
- ULONG ContentionCount;
- ULONG Reserved2[2];
- ULONG NumberOfSharedWaiters;
- ULONG NumberOfExclusiveWaiters;
-} SYSTEM_LOCK_INFORMATION, *PSYSTEM_LOCK_INFORMATION;
-
-// SystemHandleInformation
-typedef struct _SYSTEM_HANDLE_INFORMATION {
- ULONG ProcessId;
- UCHAR ObjectTypeNumber;
- UCHAR Flags;
- USHORT Handle;
- PVOID Object;
- ACCESS_MASK GrantedAccess;
-} SYSTEM_HANDLE_INFORMATION, *PSYSTEM_HANDLE_INFORMATION;
-
-// SystemObjectInformation
-typedef struct _SYSTEM_OBJECT_TYPE_INFORMATION {
- ULONG NextEntryOffset;
- ULONG ObjectCount;
- ULONG HandleCount;
- ULONG TypeNumber;
- ULONG InvalidAttributes;
- GENERIC_MAPPING GenericMapping;
- ACCESS_MASK ValidAccessMask;
- POOL_TYPE PoolType;
- UCHAR Unknown;
- UNICODE_STRING Name;
-} SYSTEM_OBJECT_TYPE_INFORMATION, *PSYSTEM_OBJECT_TYPE_INFORMATION;
-
-typedef struct _SYSTEM_OBJECT_INFORMATION {
- ULONG NextEntryOffset;
- PVOID Object;
- ULONG CreatorProcessId;
- USHORT Unknown;
- USHORT Flags;
- ULONG PointerCount;
- ULONG HandleCount;
- ULONG PagedPoolUsage;
- ULONG NonPagedPoolUsage;
- ULONG ExclusiveProcessId;
- PSECURITY_DESCRIPTOR SecurityDescriptor;
- UNICODE_STRING Name;
-} SYSTEM_OBJECT_INFORMATION, *PSYSTEM_OBJECT_INFORMATION;
-
-// SystemPagefileInformation
-typedef struct _SYSTEM_PAGEFILE_INFORMATION {
- ULONG NextEntryOffset;
- ULONG CurrentSize;
- ULONG TotalUsed;
- ULONG PeakUsed;
- UNICODE_STRING FileName;
-} SYSTEM_PAGEFILE_INFORMATION, *PSYSTEM_PAGEFILE_INFORMATION;
-
-// SystemInstructionEmulationCounts
-typedef struct _SYSTEM_INSTRUCTION_EMULATION_COUNTS {
- ULONG GenericInvalidOpcode;
- ULONG TwoByteOpcode;
- ULONG ESprefix;
- ULONG CSprefix;
- ULONG SSprefix;
- ULONG DSprefix;
- ULONG FSPrefix;
- ULONG GSprefix;
- ULONG OPER32prefix;
- ULONG ADDR32prefix;
- ULONG INSB;
- ULONG INSW;
- ULONG OUTSB;
- ULONG OUTSW;
- ULONG PUSHFD;
- ULONG POPFD;
- ULONG INTnn;
- ULONG INTO;
- ULONG IRETD;
- ULONG FloatingPointOpcode;
- ULONG INBimm;
- ULONG INWimm;
- ULONG OUTBimm;
- ULONG OUTWimm;
- ULONG INB;
- ULONG INW;
- ULONG OUTB;
- ULONG OUTW;
- ULONG LOCKprefix;
- ULONG REPNEprefix;
- ULONG REPprefix;
- ULONG CLI;
- ULONG STI;
- ULONG HLT;
-} SYSTEM_INSTRUCTION_EMULATION_COUNTS, *PSYSTEM_INSTRUCTION_EMULATION_COUNTS;
-
-// SystemCacheInformation
-typedef struct _SYSTEM_CACHE_INFORMATION {
- ULONG SystemCacheWsSize;
- ULONG SystemCacheWsPeakSize;
- ULONG SystemCacheWsFaults;
- ULONG SystemCacheWsMinimum;
- ULONG SystemCacheWsMaximum;
- ULONG TransitionSharedPages;
- ULONG TransitionSharedPagesPeak;
- ULONG Reserved[2];
-} SYSTEM_CACHE_INFORMATION, *PSYSTEM_CACHE_INFORMATION;
-
-// SystemPoolTagInformation
-typedef struct _SYSTEM_POOL_TAG_INFORMATION {
- CHAR Tag[4];
- ULONG PagedPoolAllocs;
- ULONG PagedPoolFrees;
- ULONG PagedPoolUsage;
- ULONG NonPagedPoolAllocs;
- ULONG NonPagedPoolFrees;
- ULONG NonPagedPoolUsage;
-} SYSTEM_POOL_TAG_INFORMATION, *PSYSTEM_POOL_TAG_INFORMATION;
-
-// SystemProcessorStatistics
-typedef struct _SYSTEM_PROCESSOR_STATISTICS {
- ULONG ContextSwitches;
- ULONG DpcCount;
- ULONG DpcRequestRate;
- ULONG TimeIncrement;
- ULONG DpcBypassCount;
- ULONG ApcBypassCount;
-} SYSTEM_PROCESSOR_STATISTICS, *PSYSTEM_PROCESSOR_STATISTICS;
-
-// SystemDpcInformation
-typedef struct _SYSTEM_DPC_INFORMATION {
- ULONG Reserved;
- ULONG MaximumDpcQueueDepth;
- ULONG MinimumDpcRate;
- ULONG AdjustDpcThreshold;
- ULONG IdealDpcRate;
-} SYSTEM_DPC_INFORMATION, *PSYSTEM_DPC_INFORMATION;
-
-// SystemLoadImage
-typedef struct _SYSTEM_LOAD_IMAGE {
- UNICODE_STRING ModuleName;
- PVOID ModuleBase;
- PVOID Unknown;
- PVOID EntryPoint;
- PVOID ExportDirectory;
-} SYSTEM_LOAD_IMAGE, *PSYSTEM_LOAD_IMAGE;
-
-// SystemUnloadImage
-typedef struct _SYSTEM_UNLOAD_IMAGE {
- PVOID ModuleBase;
-} SYSTEM_UNLOAD_IMAGE, *PSYSTEM_UNLOAD_IMAGE;
-
-// SystemTimeAdjustment
-typedef struct _SYSTEM_QUERY_TIME_ADJUSTMENT {
- ULONG TimeAdjustment;
- ULONG MaximumIncrement;
- BOOLEAN TimeSynchronization;
-} SYSTEM_QUERY_TIME_ADJUSTMENT, *PSYSTEM_QUERY_TIME_ADJUSTMENT;
-
-// SystemTimeAdjustment
-typedef struct _SYSTEM_SET_TIME_ADJUSTMENT {
- ULONG TimeAdjustment;
- BOOLEAN TimeSynchronization;
-} SYSTEM_SET_TIME_ADJUSTMENT, *PSYSTEM_SET_TIME_ADJUSTMENT;
-
-// SystemCrashDumpInformation
-typedef struct _SYSTEM_CRASH_DUMP_INFORMATION {
- HANDLE CrashDumpSectionHandle;
-#if (VER_PRODUCTBUILD >= 2195)
- HANDLE Unknown;
-#endif // (VER_PRODUCTBUILD >= 2195)
-} SYSTEM_CRASH_DUMP_INFORMATION, *PSYSTEM_CRASH_DUMP_INFORMATION;
-
-// SystemExceptionInformation
-typedef struct _SYSTEM_EXCEPTION_INFORMATION {
- ULONG AlignmentFixupCount;
- ULONG ExceptionDispatchCount;
- ULONG FloatingEmulationCount;
- ULONG Reserved;
-} SYSTEM_EXCEPTION_INFORMATION, *PSYSTEM_EXCEPTION_INFORMATION;
-
-// SystemCrashDumpStateInformation
-typedef struct _SYSTEM_CRASH_DUMP_STATE_INFORMATION {
- ULONG ValidCrashDump;
-#if (VER_PRODUCTBUILD >= 2195)
- ULONG Unknown;
-#endif // (VER_PRODUCTBUILD >= 2195)
-} SYSTEM_CRASH_DUMP_STATE_INFORMATION, *PSYSTEM_CRASH_DUMP_STATE_INFORMATION;
-
-// SystemKernelDebuggerInformation
-typedef struct _SYSTEM_KERNEL_DEBUGGER_INFORMATION {
- BOOLEAN DebuggerEnabled;
- BOOLEAN DebuggerNotPresent;
-} SYSTEM_KERNEL_DEBUGGER_INFORMATION, *PSYSTEM_KERNEL_DEBUGGER_INFORMATION;
-
-// SystemContextSwitchInformation
-typedef struct _SYSTEM_CONTEXT_SWITCH_INFORMATION {
- ULONG ContextSwitches;
- ULONG ContextSwitchCounters[11];
-} SYSTEM_CONTEXT_SWITCH_INFORMATION, *PSYSTEM_CONTEXT_SWITCH_INFORMATION;
-
-// SystemRegistryQuotaInformation
-typedef struct _SYSTEM_REGISTRY_QUOTA_INFORMATION {
- ULONG RegistryQuota;
- ULONG RegistryQuotaInUse;
- ULONG PagedPoolSize;
-} SYSTEM_REGISTRY_QUOTA_INFORMATION, *PSYSTEM_REGISTRY_QUOTA_INFORMATION;
-
-// SystemLoadAndCallImage
-typedef struct _SYSTEM_LOAD_AND_CALL_IMAGE {
- UNICODE_STRING ModuleName;
-} SYSTEM_LOAD_AND_CALL_IMAGE, *PSYSTEM_LOAD_AND_CALL_IMAGE;
-
-// SystemPrioritySeparation
-typedef struct _SYSTEM_PRIORITY_SEPARATION {
- ULONG PrioritySeparation;
-} SYSTEM_PRIORITY_SEPARATION, *PSYSTEM_PRIORITY_SEPARATION;
-
-// SystemTimeZoneInformation
-typedef struct _SYSTEM_TIME_ZONE_INFORMATION {
- LONG Bias;
- WCHAR StandardName[32];
- TIME_FIELDS StandardDate;
- LONG StandardBias;
- WCHAR DaylightName[32];
- TIME_FIELDS DaylightDate;
- LONG DaylightBias;
-} SYSTEM_TIME_ZONE_INFORMATION, *PSYSTEM_TIME_ZONE_INFORMATION;
-
-// SystemLookasideInformation
-typedef struct _SYSTEM_LOOKASIDE_INFORMATION {
- USHORT Depth;
- USHORT MaximumDepth;
- ULONG TotalAllocates;
- ULONG AllocateMisses;
- ULONG TotalFrees;
- ULONG FreeMisses;
- POOL_TYPE Type;
- ULONG Tag;
- ULONG Size;
-} SYSTEM_LOOKASIDE_INFORMATION, *PSYSTEM_LOOKASIDE_INFORMATION;
-
-// SystemSetTimeSlipEvent
-typedef struct _SYSTEM_SET_TIME_SLIP_EVENT {
- HANDLE TimeSlipEvent;
-} SYSTEM_SET_TIME_SLIP_EVENT, *PSYSTEM_SET_TIME_SLIP_EVENT;
-
-// SystemCreateSession
-typedef struct _SYSTEM_CREATE_SESSION {
- ULONG Session;
-} SYSTEM_CREATE_SESSION, *PSYSTEM_CREATE_SESSION;
-
-// SystemDeleteSession
-typedef struct _SYSTEM_DELETE_SESSION {
- ULONG Session;
-} SYSTEM_DELETE_SESSION, *PSYSTEM_DELETE_SESSION;
-
-// SystemRangeStartInformation
-typedef struct _SYSTEM_RANGE_START_INFORMATION {
- PVOID SystemRangeStart;
-} SYSTEM_RANGE_START_INFORMATION, *PSYSTEM_RANGE_START_INFORMATION;
-
-// SystemSessionProcessesInformation
-typedef struct _SYSTEM_SESSION_PROCESS_INFORMATION {
- ULONG SessionId;
- ULONG BufferSize;
- PVOID Buffer;
-} SYSTEM_SESSION_PROCESS_INFORMATION, *PSYSTEM_SESSION_PROCESS_INFORMATION;
-
-typedef struct _GDI_TEB_BATCH {
- ULONG Offset;
- ULONG HDC;
- ULONG Buffer[(VER_PRODUCTBUILD >= 2195) ? 0x133 : 0x136];
-} GDI_TEB_BATCH, *PGDI_TEB_BATCH;
-
-#if (VER_PRODUCTBUILD >= 2600)
-
-typedef struct _RTL_ACTIVATION_CONTEXT_STACK_FRAME {
- struct _RTL_ACTIVATION_CONTEXT_STACK_FRAME* Previous;
- struct _ACTIVATION_CONTEXT* ActivationContext; // 0x4
- ULONG Flags; // 0x8
-} RTL_ACTIVATION_CONTEXT_STACK_FRAME, *PRTL_ACTIVATION_CONTEXT_STACK_FRAME;
-
-typedef struct _ACTIVATION_CONTEXT_STACK {
- ULONG Flags;
- ULONG NextCookieSequenceNumber;
- PRTL_ACTIVATION_CONTEXT_STACK_FRAME ActiveFrame; // 0x8
- LIST_ENTRY FrameListCache; // 0xc
-} ACTIVATION_CONTEXT_STACK, *PACTIVATION_CONTEXT_STACK;
-
-#endif // (VER_PRODUCTBUILD >= 2600)
-
-typedef struct _Wx86ThreadState {
- PULONG CallBx86Eip;
- PVOID DeallocationCpu;
- UCHAR UseKnownWx86Dll; // 0x8
- UCHAR OleStubInvoked; // 0x9
-} Wx86ThreadState, *PWx86ThreadState;
-
-typedef struct _TEB_ACTIVE_FRAME_CONTEXT {
- ULONG Flags;
- PCHAR FrameName;
-} TEB_ACTIVE_FRAME_CONTEXT, *PTEB_ACTIVE_FRAME_CONTEXT;
-
-typedef struct _TEB_ACTIVE_FRAME {
- ULONG Flags;
- struct _TEB_ACTIVE_FRAME *Previous;
- PTEB_ACTIVE_FRAME_CONTEXT Context;
-} TEB_ACTIVE_FRAME, *PTEB_ACTIVE_FRAME;
-
-typedef struct _TEB // from Reactos, Native API; checked and corrected for 2003 and nt 4.0
- // should also work on XP and 2000
- // the reactos version was probably from NT 3.51 SP3
-{
- NT_TIB Tib; /* 00h */
- PVOID EnvironmentPointer; /* 1Ch */
- CLIENT_ID Cid; /* 20h */
- HANDLE RpcHandle; /* 28h */
- PVOID *ThreadLocalStorage; /* 2Ch */
- PPEB Peb; /* 30h */
- ULONG LastErrorValue; /* 34h */
- ULONG CountOfOwnedCriticalSections; /* 38h */
- PVOID CsrClientThread; /* 3Ch */
- struct _W32THREAD* Win32ThreadInfo; /* 40h */
- ULONG User32Reserved[26]; /* 44h */
- ULONG UserReserved[5]; /* ACh */
- PVOID WOW32Reserved; /* C0h */
- LCID CurrentLocale; /* C4h */
- ULONG FpSoftwareStatusRegister; /* C8h */
- PVOID SystemReserved1[0x36]; /* CCh */
-#if (VER_PRODUCTBUILD <= 1381)
- PVOID Spare1; /* 1A4h */
-#endif
- LONG ExceptionCode; /* 1A4h */
-#if (VER_PRODUCTBUILD >= 2600)
- ACTIVATION_CONTEXT_STACK
- ActivationContextStack; /* 1A8h */
- UCHAR SpareBytes1[24]; /* 1BCh */
-#elif (VER_PRODUCTBUILD >= 2195)
- UCHAR SpareBytes1[0x2c]; /* 1A8h */
-#else /* nt 4.0 */
- ULONG SpareBytes1[0x14]; /* 1ACh */
-#endif
- GDI_TEB_BATCH GdiTebBatch; /* 1D4h */ /* 1FC for nt 4.0 */
- ULONG gdiRgn; /* 6A8h */ /* 6DCh for nt 4.0 */
- ULONG gdiPen; /* 6ACh */
- ULONG gdiBrush; /* 6B0h */
- CLIENT_ID RealClientId; /* 6B4h */ /* 6E8h for nt 4.0 */
- PVOID GdiCachedProcessHandle; /* 6BCh */
- ULONG GdiClientPID; /* 6C0h */
- ULONG GdiClientTID; /* 6C4h */
- PVOID GdiThreadLocaleInfo; /* 6C8h */
-#if (VER_PRODUCTBUILD == 1381)
- PVOID Win32ClientInfo[5]; /* 700h */
- PVOID glDispatchTable[0x118]; /* 714h */
- ULONG glReserved1[0x1a]; /* B74h */
-#else
- PVOID Win32ClientInfo[0x3e]; /* 6CCh */
- PVOID glDispatchTable[0xe9]; /* 7C4h */
- ULONG glReserved1[0x1d]; /* B68h */
-#endif
- PVOID glReserved2; /* BDCh */
- PVOID glSectionInfo; /* BE0h */
- PVOID glSection; /* BE4h */
- PVOID glTable; /* BE8h */
- PVOID glCurrentRC; /* BECh */
- PVOID glContext; /* BF0h */
- NTSTATUS LastStatusValue; /* BF4h */
- UNICODE_STRING StaticUnicodeString; /* BF8h */
- WCHAR StaticUnicodeBuffer[0x105]; /* C00h */
- PVOID DeallocationStack; /* E0Ch */
- PVOID TlsSlots[0x40]; /* E10h */
- LIST_ENTRY TlsLinks; /* F10h */
- PVOID Vdm; /* F18h */
- PVOID ReservedForNtRpc; /* F1Ch */
- PVOID DbgSsReserved[0x2]; /* F20h */
- ULONG HardErrorDisabled; /* F28h */
- PVOID Instrumentation[0x10]; /* F2Ch */
- PVOID WinSockData; /* F6Ch */
- ULONG GdiBatchCount; /* F70h */
- BOOLEAN InDbgPrint; /* F74h */
- BOOLEAN FreeStackOnTermination; /* F75h */
- BOOLEAN HasFiberData; /* F76h */
- UCHAR IdealProcessor; /* F77h */
- ULONG Spare3; /* F78h */
- ULONG ReservedForPerf; /* F7Ch */
- PVOID ReservedForOle; /* F80h */
- ULONG WaitingOnLoaderLock; /* F84h */
-#if (VER_PRODUCTBUILD >= 2195)
- Wx86ThreadState Wx86Thread; /* F88h */
- PVOID* TlsExpansionSlots; /* F94h */
- ULONG ImpersonationLocale; /* F98h */
- ULONG IsImpersonating; /* F9Ch */
- PVOID NlsCache; /* FA0h */
- PVOID pShimData; /* FA4h */
- ULONG HeapVirtualAffinity; /* FA8h */
- PVOID CurrentTransactionHandle; /* FACh */
- PTEB_ACTIVE_FRAME ActiveFrame; /* FB0h*/
- PVOID FlsSlots; /* FB4h */
-#endif
-} TEB, *PTEB;
-
-typedef struct _TERMINATION_PORT {
- struct _TERMINATION_PORT* Next;
- PVOID Port;
-} TERMINATION_PORT, *PTERMINATION_PORT;
-
-typedef struct _THREAD_BASIC_INFORMATION {
- NTSTATUS ExitStatus;
- PVOID TebBaseAddress;
- ULONG UniqueProcessId;
- ULONG UniqueThreadId;
- KAFFINITY AffinityMask;
- KPRIORITY BasePriority;
- ULONG DiffProcessPriority;
-} THREAD_BASIC_INFORMATION, *PTHREAD_BASIC_INFORMATION;
-
-typedef struct _TOKEN_SOURCE {
- CCHAR SourceName[TOKEN_SOURCE_LENGTH];
- LUID SourceIdentifier;
-} TOKEN_SOURCE, *PTOKEN_SOURCE;
-
-typedef struct _TOKEN_CONTROL {
- LUID TokenId;
- LUID AuthenticationId;
- LUID ModifiedId;
- TOKEN_SOURCE TokenSource;
-} TOKEN_CONTROL, *PTOKEN_CONTROL;
-
-typedef struct _TOKEN_DEFAULT_DACL {
- PACL DefaultDacl;
-} TOKEN_DEFAULT_DACL, *PTOKEN_DEFAULT_DACL;
-
-typedef struct _TOKEN_GROUPS {
- ULONG GroupCount;
- SID_AND_ATTRIBUTES Groups[1];
-} TOKEN_GROUPS, *PTOKEN_GROUPS;
-
-/* XP SP2 has same TOKEN_OBJECT structure as Windows Server 2003 (stucture K23 in union). */
-#include <pshpack1.h>
-typedef union
-{
- struct
- {
- TOKEN_SOURCE TokenSource; /* 0x0: CHAR SourceName[8] = "*SYSTEM*" | "User32 " + LUID SourceIdentifier = 0x10, *SYSTEM* id == 0 */
- LUID TokenId; /* 0x10: */
- LUID AuthenticationId; /* 0x18: */
- LARGE_INTEGER ExpirationTime; /* 0x20: -1 no expired. *SYSTEM* has expired? */
- LUID ModifiedId; /* 0x28: */
- ULONG UserAndGroupCount; /* 0x30: 3 */
- ULONG PrivilegeCount; /* 0x34: 14 */
- ULONG VariableLength; /* 0x38: 0x37C */
- ULONG DynamicCharged; /* 0x3C: 0x1F4 */
- ULONG DynamicAvailable; /* 0x40: 0x1A4 */
- ULONG DefaultOwnerIndex; /* 0x44: 1 */
- PSID_AND_ATTRIBUTES UserAndGroups;/* 0x48: TOKEN_USER Owners [UserAndGroupCount] DefaultOwnerIndex */
- PSID PrimaryGroup; /* 0x4C: */
- PLUID_AND_ATTRIBUTES Privileges;/* 0x50: */
- PULONG DynamicPart; /* 0x54: */
- PACL DefaultDacl; /* 0x58: */
- TOKEN_TYPE TokenType; /* 0x5C: TokenPrimary | TokenImpersonation */
- SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;/* 0x60: 0 */
- UCHAR TokenFlags; /* 0x64: 1 */
- BOOLEAN TokenInUse; /* 0x65: 1 */
- USHORT Alignment; /* 0x66: 0 */
- PVOID ProxyData; /* 0x68: 0 */
- PVOID AuditData; /* 0x6C: 0 */
- ULONG VariablePart; /* 0x70: */
- } NT;
- struct
- {
- TOKEN_SOURCE TokenSource; /* 0x0: CHAR SourceName[8] = "*SYSTEM*" | "User32 " + LUID SourceIdentifier = 0x10 */
- LUID TokenId; /* 0x10: */
- LUID AuthenticationId; /* 0x18: */
- LUID ParentTokenId; /* 0x20: 0 */
- LARGE_INTEGER ExpirationTime; /* 0x28: -1 no expired */
- LUID ModifiedId; /* 0x30: */
- ULONG SessionId; /* 0x38: 0 */
- ULONG UserAndGroupCount; /* 0x3C: 9 */
- ULONG RestrictedSidCount; /*+0x40: 0 */
- ULONG PrivilegeCount; /* 0x44: 11 */
- ULONG VariableLength; /* 0x48: 0x1F0 */
- ULONG DynamicCharged; /* 0x4C: 0x1F4 */
- ULONG DynamicAvailable; /* 0x50: 0x1A4 */
- ULONG DefaultOwnerIndex; /* 0x54: 3 */
- PSID_AND_ATTRIBUTES UserAndGroups; /* 0x58: TOKEN_USER Owners [UserAndGroupCount] DefaultOwnerIndex */
- PSID_AND_ATTRIBUTES RestrictedSids;/* 0x5C: 0 */
- PSID PrimaryGroup; /* 0x60: */
- PLUID_AND_ATTRIBUTES Privileges;/* 0x64: */
- PULONG DynamicPart; /* 0x68: */
- PACL DefaultDacl; /* 0x6C: */
- TOKEN_TYPE TokenType; /* 0x70: TokenPrimary | TokenImpersonation */
- SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;/* 0x74: 0 */
- UCHAR TokenFlags; /* 0x78: 9 */
- BOOLEAN TokenInUse; /* 0x79: 1 */
- USHORT Alignment; /* 0x7A: 0 */
- PVOID ProxyData; /* 0x7C: 0 */
- PVOID AuditData; /* 0x80: 0 */
- ULONG VariablePart; /* 0x84: */
- } K2;
- struct
- {
- TOKEN_SOURCE TokenSource; /* 0x0: CHAR SourceName[8] = "*SYSTEM*" | "User32 " + LUID SourceIdentifier = 0x10 */
- LUID TokenId; /* 0x10: 0x6F68 */
- LUID AuthenticationId; /* 0x18: */
- LUID ParentTokenId; /* 0x20: 0 */
- LARGE_INTEGER ExpirationTime; /* 0x28: -1 no expired */
- PERESOURCE TokenLock; /*+0x30: 0x8xxxxxxxx */
- LUID ModifiedId; /* 0x34: */
- ULONG SessionId; /* 0x3C: 0x6F6A */
- ULONG UserAndGroupCount; /* 0x40: 4 */
- ULONG RestrictedSidCount; /*+0x44: 0 */
- ULONG VariableLength; /* 0x48: 0x160 */
- ULONG DynamicCharged; /* 0x4C: 0x164 */
- ULONG DynamicAvailable; /* 0x50: 0x1F4 */
- ULONG PrivilegeCount; /* 0x54: 0 */
- ULONG DefaultOwnerIndex; /* 0x58: 1 */
- PSID_AND_ATTRIBUTES UserAndGroups; /* 0x5C: TOKEN_USER Owners [UserAndGroupCount] DefaultOwnerIndex */
- PSID_AND_ATTRIBUTES RestrictedSids;/* 0x60: 0 */
- PSID PrimaryGroup; /* 0x64: */
- PLUID_AND_ATTRIBUTES Privileges;/* 0x68: */
- PULONG DynamicPart; /* 0x6C: */
- PACL DefaultDacl; /* 0x70: */
- TOKEN_TYPE TokenType; /* 0x74: TokenPrimary | TokenImpersonation */
- SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;/* 0x78: 0 */
- UCHAR TokenFlags; /* 0x7C: 9 */
- BOOLEAN TokenInUse; /* 0x7D: 1 */
- USHORT Alignment; /* 0x7E: 4BB4 */
- PVOID ProxyData; /* 0x80: 0 */
- PVOID AuditData; /* 0x84: 0 */
- ULONG VariablePart; /* 0x88: */
- } XP;
- struct
- {
- TOKEN_SOURCE TokenSource; /* 0x0: CHAR SourceName[8] = "*SYSTEM*" | "User32 " + LUID SourceIdentifier = 0x10 */
- LUID TokenId; /* 0x10: 0x6F68 */
- LUID AuthenticationId; /* 0x18: */
- LUID ParentTokenId; /* 0x20: 0 */
- LARGE_INTEGER ExpirationTime; /* 0x28: -1 no expired */
- PERESOURCE TokenLock; /*+0x30: 0x8xxxxxxxx */
- ULONG Padding64; /*+0x34: 0xXxxxxxxxx */
- SEP_AUDIT_POLICY AuditPolicy; /*+0x38: */
- LUID ModifiedId; /*+0x040: 0x6F6A */
- ULONG SessionId; /*+0x048: */
- ULONG UserAndGroupCount; /* 0x4C: 4 */
- ULONG RestrictedSidCount; /*+0x50: 0 */
- ULONG VariableLength; /* 0x54: 0x18 */
- ULONG DynamicCharged; /* 0x58: 0x17C */
- ULONG DynamicAvailable; /* 0x5C: 0x1F4 */
- ULONG PrivilegeCount; /* 0x60: 0 */
- ULONG DefaultOwnerIndex; /* 0x64: 1 */
- PSID_AND_ATTRIBUTES UserAndGroups; /* 0x68: TOKEN_USER Owners [UserAndGroupCount] DefaultOwnerIndex */
- PSID_AND_ATTRIBUTES RestrictedSids;/* 0x6C: 0 */
- PSID PrimaryGroup; /* 0x70: */
- PLUID_AND_ATTRIBUTES Privileges;/* 0x74: */
- PULONG DynamicPart; /* 0x78: */
- PACL DefaultDacl; /* 0x7C: */
- TOKEN_TYPE TokenType; /* 0x80: TokenPrimary | TokenImpersonation */
- SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;/* 0x84: 0 */
- UCHAR TokenFlags; /* 0x88: 9 */
- BOOLEAN TokenInUse; /* 0x89: 1 */
- USHORT Alignment; /* 0x8A: 4BB4 */
- PVOID ProxyData; /* 0x8C: 0x8xxxxxxxx */
- PVOID AuditData; /* 0x90: 0 */
- ULONG VariablePart; /* 0x94: */
- } K23;
- struct
- {
- TOKEN_SOURCE TokenSource; /* +0x0: CHAR SourceName[8] = "*SYSTEM*" | "User32 " + LUID SourceIdentifier = 0x10 */
- LUID TokenId; /* +0x10: 0x6F68 */
- LUID AuthenticationId; /* +0x18: */
- LUID ParentTokenId; /* +0x20: 0 */
- LARGE_INTEGER ExpirationTime; /* +0x28: -1 no expired */
- PERESOURCE TokenLock; /* +0x30: 0x8xxxxxxxx */
- ULONG Padding64; /* +0x34: 0xXxxxxxxxx */
- SEP_AUDIT_POLICY AuditPolicy; /* +0x38: */
- LUID ModifiedId; /* +0x040: 0x6F6A */
- ULONG SessionId; /* +0x048: */
- ULONG UserAndGroupCount; /* +0x04c: 4 */
- ULONG RestrictedSidCount; /* +0x050: 0 */
- ULONG PrivilegeCount; /* +0x054: 0x18 */
- ULONG VariableLength; /* +0x058: 0x17C */
- ULONG DynamicCharged; /* +0x05c: 0x1F4 */
- ULONG DynamicAvailable; /* +0x060: 0 */
- ULONG DefaultOwnerIndex; /* +0x064: 1 */
- PSID_AND_ATTRIBUTES UserAndGroups; /* +0x68: TOKEN_USER Owners [UserAndGroupCount] DefaultOwnerIndex */
- PSID_AND_ATTRIBUTES RestrictedSids; /* +0x6C: 0 */
- PSID PrimaryGroup; /* +0x70: */
- PLUID_AND_ATTRIBUTES Privileges; /* +0x74: */
- PULONG DynamicPart; /* +0x78: */
- PACL DefaultDacl; /* +0x7C: */
- TOKEN_TYPE TokenType; /* +0x80: TokenPrimary | TokenImpersonation */
- SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;/* +0x84: 0 */
- UCHAR TokenFlags; /* +0x88: 9 */
- BOOLEAN TokenInUse; /* +0x89: 1 */
- USHORT Alignment; /* +0x8A: 4BB4 */
- PVOID ProxyData; /* +0x8C: 0x8xxxxxxxx */
- PVOID AuditData; /* +0x90: 0 */
- PVOID LogonSession; /* +0x94: */
- LUID OriginatingLogonSession;/* +0x98: */
- ULONG VariablePart; /* +0xa0: */
- } K23SP1;
- struct
- {
- TOKEN_SOURCE TokenSource; /* +0x000 */
- LUID TokenId; /* +0x010 */
- LUID AuthenticationId; /* +0x018 */
- LUID ParentTokenId; /* +0x020 */
- LARGE_INTEGER ExpirationTime; /* +0x028 */
- PERESOURCE TokenLock; /* +0x030 */
- LUID ModifiedId; /* +0x034 */
- SEP_AUDIT_POLICY_VISTA AuditPolicy; /* +0x03c */
- ULONG SessionId; /* +0x058 */
- ULONG UserAndGroupCount; /* +0x05c */
- ULONG RestrictedSidCount; /* +0x060 */
- ULONG PrivilegeCount; /* +0x064 */
- ULONG VariableLength; /* +0x068 */
- ULONG DynamicCharged; /* +0x06c */
- ULONG DynamicAvailable; /* +0x070 */
- ULONG DefaultOwnerIndex; /* +0x074 */
- PSID_AND_ATTRIBUTES UserAndGroups; /* +0x078 */
- PSID_AND_ATTRIBUTES RestrictedSids; /* +0x07c */
- PSID PrimaryGroup; /* +0x080 */
- PLUID_AND_ATTRIBUTES Privileges; /* +0x084 */
- PULONG DynamicPart; /* +0x088 */
- PACL DefaultDacl; /* +0x08c */
- TOKEN_TYPE TokenType; /* +0x090 */
- SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;/* +0x094 */
- ULONG TokenFlags; /* +0x098 */
- BOOLEAN TokenInUse; /* +0x09c */
- BOOLEAN WriterPresent; /* +0x09d */
- USHORT Alignment; /* +0x09e */
- ULONG IntegrityLevelIndex; /* +0x0a0 */
- ULONG DesktopIntegrityLevelIndex;/* +0x0a4 */
- ULONG MandatoryPolicy; /* +0x0a8 */
- PVOID ProxyData; /* +0x0ac */
- PVOID AuditData; /* +0x0b0 */
- PVOID LogonSession; /* +0x0b4 */
- LUID OriginatingLogonSession;/* +0x0b8 */
- SID_AND_ATTRIBUTES_HASH SidHash; /* +0x0c0 */
- SID_AND_ATTRIBUTES_HASH RestrictedSidHash;/* +0x148 */
- ULONG VariablePart; /* +0x1d0 */
- } VISTA;
- struct
- {
- TOKEN_SOURCE TokenSource; /* +0x000 */
- LUID TokenId; /* +0x010 */
- LUID AuthenticationId; /* +0x018 */
- LUID ParentTokenId; /* +0x020 */
- LARGE_INTEGER ExpirationTime; /* +0x028 */
- PERESOURCE TokenLock; /* +0x030 */
- SEP_AUDIT_POLICY AuditPolicy; /* +0x038 */
- LUID ModifiedId; /* +0x040 */
- ULONG SessionId; /* +0x048 */
- ULONG UserAndGroupCount; /* +0x04c */
- ULONG RestrictedSidCount; /* +0x050 */
- ULONG PrivilegeCount; /* +0x054 */
- ULONG VariableLength; /* +0x058 */
- ULONG DynamicCharged; /* +0x05c */
- ULONG DynamicAvailable; /* +0x060 */
- ULONG DefaultOwnerIndex; /* +0x064 */
- PSID_AND_ATTRIBUTES UserAndGroups; /* +0x068 */
- PSID_AND_ATTRIBUTES RestrictedSids; /* +0x070 */
- PSID PrimaryGroup; /* +0x078 */
- PLUID_AND_ATTRIBUTES Privileges; /* +0x080 */
- PULONG DynamicPart; /* +0x088 */
- PACL DefaultDacl; /* +0x090 */
- TOKEN_TYPE TokenType; /* +0x098 */
- SECURITY_IMPERSONATION_LEVEL ImpersonationLevel; /* +0x09c */
- UCHAR TokenFlags; /* +0x0a0 */
- BOOLEAN TokenInUse; /* +0x0a1 */
- UCHAR Padding64 [6]; /* +0x0a2 */
- PVOID ProxyData; /* +0x0a8 */
- PVOID AuditData; /* +0x0b0 */
- PVOID LogonSession; /* +0x0b8 */
- LUID OriginatingLogonSession;/* +0x0c0 */
- ULONG VariablePart; /* +0x0c8 */
- } XP64; /* equial 2K3SP1x64 */
- /* VariablePart */
-} TOKEN_OBJECT, *PTOKEN_OBJECT;
-#include <poppack.h>
-
-typedef struct _TOKEN_OWNER {
- PSID Owner;
-} TOKEN_OWNER, *PTOKEN_OWNER;
-
-typedef struct _TOKEN_PRIMARY_GROUP {
- PSID PrimaryGroup;
-} TOKEN_PRIMARY_GROUP, *PTOKEN_PRIMARY_GROUP;
-
-typedef struct _TOKEN_PRIVILEGES {
- ULONG PrivilegeCount;
- LUID_AND_ATTRIBUTES Privileges[1];
-} TOKEN_PRIVILEGES, *PTOKEN_PRIVILEGES;
-
-typedef struct _TOKEN_STATISTICS {
- LUID TokenId;
- LUID AuthenticationId;
- LARGE_INTEGER ExpirationTime;
- TOKEN_TYPE TokenType;
- SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
- ULONG DynamicCharged;
- ULONG DynamicAvailable;
- ULONG GroupCount;
- ULONG PrivilegeCount;
- LUID ModifiedId;
-} TOKEN_STATISTICS, *PTOKEN_STATISTICS;
-
-typedef struct _TOKEN_USER {
- SID_AND_ATTRIBUTES User;
-} TOKEN_USER, *PTOKEN_USER;
-
-typedef struct _SECURITY_CLIENT_CONTEXT {
- SECURITY_QUALITY_OF_SERVICE SecurityQos;
- PACCESS_TOKEN ClientToken;
- BOOLEAN DirectlyAccessClientToken;
- BOOLEAN DirectAccessEffectiveOnly;
- BOOLEAN ServerIsRemote;
- TOKEN_CONTROL ClientTokenControl;
-} SECURITY_CLIENT_CONTEXT, *PSECURITY_CLIENT_CONTEXT;
-
-typedef struct _TUNNEL {
- FAST_MUTEX Mutex;
- PRTL_SPLAY_LINKS Cache;
- LIST_ENTRY TimerQueue;
- USHORT NumEntries;
-} TUNNEL, *PTUNNEL;
-
-typedef struct _VACB {
- PVOID BaseAddress;
- PSHARED_CACHE_MAP SharedCacheMap;
- union {
- LARGE_INTEGER FileOffset;
- USHORT ActiveCount;
- } Overlay;
- LIST_ENTRY LruList;
-} VACB, *PVACB;
-
-typedef struct _VAD_HEADER {
- PVOID StartVPN;
- PVOID EndVPN;
- PVAD_HEADER ParentLink;
- PVAD_HEADER LeftLink;
- PVAD_HEADER RightLink;
- ULONG Flags; // LSB = CommitCharge
- PVOID ControlArea;
- PVOID FirstProtoPte;
- PVOID LastPTE;
- ULONG Unknown;
- LIST_ENTRY Secured;
-} VAD_HEADER, *PVAD_HEADER;
-
-NTKERNELAPI
-BOOLEAN
-CcCanIWrite (
- IN PFILE_OBJECT FileObject,
- IN ULONG BytesToWrite,
- IN BOOLEAN Wait,
- IN BOOLEAN Retrying
-);
-
-NTKERNELAPI
-BOOLEAN
-CcCopyRead (
- IN PFILE_OBJECT FileObject,
- IN PLARGE_INTEGER FileOffset,
- IN ULONG Length,
- IN BOOLEAN Wait,
- OUT PVOID Buffer,
- OUT PIO_STATUS_BLOCK IoStatus
-);
-
-NTKERNELAPI
-BOOLEAN
-CcCopyWrite (
- IN PFILE_OBJECT FileObject,
- IN PLARGE_INTEGER FileOffset,
- IN ULONG Length,
- IN BOOLEAN Wait,
- IN PVOID Buffer
-);
-
-#define CcCopyWriteWontFlush(FO, FOFF, LEN) ((LEN) <= 0x10000)
-
-typedef VOID (*PCC_POST_DEFERRED_WRITE) (
- IN PVOID Context1,
- IN PVOID Context2
-);
-
-NTKERNELAPI
-VOID
-CcDeferWrite (
- IN PFILE_OBJECT FileObject,
- IN PCC_POST_DEFERRED_WRITE PostRoutine,
- IN PVOID Context1,
- IN PVOID Context2,
- IN ULONG BytesToWrite,
- IN BOOLEAN Retrying
-);
-
-NTKERNELAPI
-VOID
-CcFastCopyRead (
- IN PFILE_OBJECT FileObject,
- IN ULONG FileOffset,
- IN ULONG Length,
- IN ULONG PageCount,
- OUT PVOID Buffer,
- OUT PIO_STATUS_BLOCK IoStatus
-);
-
-NTKERNELAPI
-VOID
-CcFastCopyWrite (
- IN PFILE_OBJECT FileObject,
- IN ULONG FileOffset,
- IN ULONG Length,
- IN PVOID Buffer
-);
-
-NTKERNELAPI
-VOID
-CcFlushCache (
- IN PSECTION_OBJECT_POINTERS SectionObjectPointer,
- IN PLARGE_INTEGER FileOffset OPTIONAL,
- IN ULONG Length,
- OUT PIO_STATUS_BLOCK IoStatus OPTIONAL
-);
-
-typedef VOID (*PDIRTY_PAGE_ROUTINE) (
- IN PFILE_OBJECT FileObject,
- IN PLARGE_INTEGER FileOffset,
- IN ULONG Length,
- IN PLARGE_INTEGER OldestLsn,
- IN PLARGE_INTEGER NewestLsn,
- IN PVOID Context1,
- IN PVOID Context2
-);
-
-NTKERNELAPI
-LARGE_INTEGER
-CcGetDirtyPages (
- IN PVOID LogHandle,
- IN PDIRTY_PAGE_ROUTINE DirtyPageRoutine,
- IN PVOID Context1,
- IN PVOID Context2
-);
-
-NTKERNELAPI
-PFILE_OBJECT
-CcGetFileObjectFromBcb (
- IN PVOID Bcb
-);
-
-NTKERNELAPI
-PFILE_OBJECT
-CcGetFileObjectFromSectionPtrs (
- IN PSECTION_OBJECT_POINTERS SectionObjectPointer
-);
-
-#define CcGetFileSizePointer(FO) ( \
- ((PLARGE_INTEGER)((FO)->SectionObjectPointer->SharedCacheMap) + 1) \
-)
-
-#if (VER_PRODUCTBUILD >= 2195)
-
-NTKERNELAPI
-LARGE_INTEGER
-CcGetFlushedValidData (
- IN PSECTION_OBJECT_POINTERS SectionObjectPointer,
- IN BOOLEAN BcbListHeld
-);
-
-#endif // (VER_PRODUCTBUILD >= 2195)
-
-NTKERNELAPI
-LARGE_INTEGER
-CcGetLsnForFileObject (
- IN PFILE_OBJECT FileObject,
- OUT PLARGE_INTEGER OldestLsn OPTIONAL
-);
-
-typedef BOOLEAN (*PACQUIRE_FOR_LAZY_WRITE) (
- IN PVOID Context,
- IN BOOLEAN Wait
-);
-
-typedef VOID (*PRELEASE_FROM_LAZY_WRITE) (
- IN PVOID Context
-);
-
-typedef BOOLEAN (*PACQUIRE_FOR_READ_AHEAD) (
- IN PVOID Context,
- IN BOOLEAN Wait
-);
-
-typedef VOID (*PRELEASE_FROM_READ_AHEAD) (
- IN PVOID Context
-);
-
-typedef struct _CACHE_MANAGER_CALLBACKS {
- PACQUIRE_FOR_LAZY_WRITE AcquireForLazyWrite;
- PRELEASE_FROM_LAZY_WRITE ReleaseFromLazyWrite;
- PACQUIRE_FOR_READ_AHEAD AcquireForReadAhead;
- PRELEASE_FROM_READ_AHEAD ReleaseFromReadAhead;
-} CACHE_MANAGER_CALLBACKS, *PCACHE_MANAGER_CALLBACKS;
-
-NTKERNELAPI
-VOID
-CcInitializeCacheMap (
- IN PFILE_OBJECT FileObject,
- IN PCC_FILE_SIZES FileSizes,
- IN BOOLEAN PinAccess,
- IN PCACHE_MANAGER_CALLBACKS Callbacks,
- IN PVOID LazyWriteContext
-);
-
-#define CcIsFileCached(FO) ( \
- ((FO)->SectionObjectPointer != NULL) && \
- (((PSECTION_OBJECT_POINTERS)(FO)->SectionObjectPointer)->SharedCacheMap != NULL) \
-)
-
-NTKERNELAPI
-BOOLEAN
-CcIsThereDirtyData (
- IN PVPB Vpb
-);
-
-NTKERNELAPI
-BOOLEAN
-CcMapData (
- IN PFILE_OBJECT FileObject,
- IN PLARGE_INTEGER FileOffset,
- IN ULONG Length,
-#if (VER_PRODUCTBUILD >= 2600)
- IN ULONG Flags,
-#else
- IN BOOLEAN Wait,
-#endif
- OUT PVOID *Bcb,
- OUT PVOID *Buffer
-);
-
-NTKERNELAPI
-VOID
-CcMdlRead (
- IN PFILE_OBJECT FileObject,
- IN PLARGE_INTEGER FileOffset,
- IN ULONG Length,
- OUT PMDL *MdlChain,
- OUT PIO_STATUS_BLOCK IoStatus
-);
-
-NTKERNELAPI
-VOID
-CcMdlReadComplete (
- IN PFILE_OBJECT FileObject,
- IN PMDL MdlChain
-);
-
-#if (VER_PRODUCTBUILD >= 2600)
-
-NTKERNELAPI
-VOID
-CcMdlWriteAbort (
- IN PFILE_OBJECT FileObject,
- IN PMDL MdlChain
-);
-
-#endif
-
-NTKERNELAPI
-VOID
-CcMdlWriteComplete (
- IN PFILE_OBJECT FileObject,
- IN PLARGE_INTEGER FileOffset,
- IN PMDL MdlChain
-);
-
-NTKERNELAPI
-BOOLEAN
-CcPinMappedData (
- IN PFILE_OBJECT FileObject,
- IN PLARGE_INTEGER FileOffset,
- IN ULONG Length,
-#if (VER_PRODUCTBUILD >= 2195)
- IN ULONG Flags,
-#else
- IN BOOLEAN Wait,
-#endif
- IN OUT PVOID *Bcb
-);
-
-NTKERNELAPI
-BOOLEAN
-CcPinRead (
- IN PFILE_OBJECT FileObject,
- IN PLARGE_INTEGER FileOffset,
- IN ULONG Length,
-#if (VER_PRODUCTBUILD >= 2195)
- IN ULONG Flags,
-#else
- IN BOOLEAN Wait,
-#endif
- OUT PVOID *Bcb,
- OUT PVOID *Buffer
-);
-
-NTKERNELAPI
-VOID
-CcPrepareMdlWrite (
- IN PFILE_OBJECT FileObject,
- IN PLARGE_INTEGER FileOffset,
- IN ULONG Length,
- OUT PMDL *MdlChain,
- OUT PIO_STATUS_BLOCK IoStatus
-);
-
-NTKERNELAPI
-BOOLEAN
-CcPreparePinWrite (
- IN PFILE_OBJECT FileObject,
- IN PLARGE_INTEGER FileOffset,
- IN ULONG Length,
- IN BOOLEAN Zero,
-#if (VER_PRODUCTBUILD >= 2195)
- IN ULONG Flags,
-#else
- IN BOOLEAN Wait,
-#endif
- OUT PVOID *Bcb,
- OUT PVOID *Buffer
-);
-
-NTKERNELAPI
-BOOLEAN
-CcPurgeCacheSection (
- IN PSECTION_OBJECT_POINTERS SectionObjectPointer,
- IN PLARGE_INTEGER FileOffset OPTIONAL,
- IN ULONG Length,
- IN BOOLEAN UninitializeCacheMaps
-);
-
-#define CcReadAhead(FO, FOFF, LEN) ( \
- if ((LEN) >= 256) { \
- CcScheduleReadAhead((FO), (FOFF), (LEN)); \
- } \
-)
-
-#if (VER_PRODUCTBUILD >= 2195)
-
-NTKERNELAPI
-PVOID
-CcRemapBcb (
- IN PVOID Bcb
-);
-
-#endif // (VER_PRODUCTBUILD >= 2195)
-
-NTKERNELAPI
-VOID
-CcRepinBcb (
- IN PVOID Bcb
-);
-
-NTKERNELAPI
-VOID
-CcScheduleReadAhead (
- IN PFILE_OBJECT FileObject,
- IN PLARGE_INTEGER FileOffset,
- IN ULONG Length
-);
-
-NTKERNELAPI
-VOID
-CcSetAdditionalCacheAttributes (
- IN PFILE_OBJECT FileObject,
- IN BOOLEAN DisableReadAhead,
- IN BOOLEAN DisableWriteBehind
-);
-
-NTKERNELAPI
-VOID
-CcSetBcbOwnerPointer (
- IN PVOID Bcb,
- IN PVOID OwnerPointer
-);
-
-NTKERNELAPI
-VOID
-CcSetDirtyPageThreshold (
- IN PFILE_OBJECT FileObject,
- IN ULONG DirtyPageThreshold
-);
-
-NTKERNELAPI
-VOID
-CcSetDirtyPinnedData (
- IN PVOID BcbVoid,
- IN PLARGE_INTEGER Lsn OPTIONAL
-);
-
-NTKERNELAPI
-VOID
-CcSetFileSizes (
- IN PFILE_OBJECT FileObject,
- IN PCC_FILE_SIZES FileSizes
-);
-
-typedef VOID (*PFLUSH_TO_LSN) (
- IN PVOID LogHandle,
- IN PLARGE_INTEGER Lsn
-);
-
-NTKERNELAPI
-VOID
-CcSetLogHandleForFile (
- IN PFILE_OBJECT FileObject,
- IN PVOID LogHandle,
- IN PFLUSH_TO_LSN FlushToLsnRoutine
-);
-
-NTKERNELAPI
-VOID
-CcSetReadAheadGranularity (
- IN PFILE_OBJECT FileObject,
- IN ULONG Granularity // default: PAGE_SIZE
- // allowed: 2^n * PAGE_SIZE
-);
-
-NTKERNELAPI
-BOOLEAN
-CcUninitializeCacheMap (
- IN PFILE_OBJECT FileObject,
- IN PLARGE_INTEGER TruncateSize OPTIONAL,
- IN PCACHE_UNINITIALIZE_EVENT UninitializeCompleteEvent OPTIONAL
-);
-
-NTKERNELAPI
-VOID
-CcUnpinData (
- IN PVOID Bcb
-);
-
-NTKERNELAPI
-VOID
-CcUnpinDataForThread (
- IN PVOID Bcb,
- IN ERESOURCE_THREAD ResourceThreadId
-);
-
-NTKERNELAPI
-VOID
-CcUnpinRepinnedBcb (
- IN PVOID Bcb,
- IN BOOLEAN WriteThrough,
- OUT PIO_STATUS_BLOCK IoStatus
-);
-
-#if (VER_PRODUCTBUILD >= 2195)
-
-NTKERNELAPI
-NTSTATUS
-CcWaitForCurrentLazyWriterActivity (
- VOID
-);
-
-#endif // (VER_PRODUCTBUILD >= 2195)
-
-NTKERNELAPI
-BOOLEAN
-CcZeroData (
- IN PFILE_OBJECT FileObject,
- IN PLARGE_INTEGER StartOffset,
- IN PLARGE_INTEGER EndOffset,
- IN BOOLEAN Wait
-);
-
-NTKERNELAPI
-VOID
-ExDisableResourceBoostLite (
- IN PERESOURCE Resource
-);
-
-NTKERNELAPI
-ULONG
-ExQueryPoolBlockSize (
- IN PVOID PoolBlock,
- OUT PBOOLEAN QuotaCharged
-);
-
-#define FlagOn(x, f) ((x) & (f))
-
-#if (VER_PRODUCTBUILD >= 2195)
-
-NTKERNELAPI
-VOID
-FsRtlAcquireFileExclusive (
- IN PFILE_OBJECT FileObject
-);
-
-#endif // (VER_PRODUCTBUILD >= 2195)
-
-NTKERNELAPI
-BOOLEAN
-FsRtlAddLargeMcbEntry (
- IN PLARGE_MCB Mcb,
- IN LONGLONG Vbn,
- IN LONGLONG Lbn,
- IN LONGLONG SectorCount
-);
-
-NTKERNELAPI
-BOOLEAN
-FsRtlAddMcbEntry (
- IN PMCB Mcb,
- IN VBN Vbn,
- IN LBN Lbn,
- IN ULONG SectorCount
-);
-
-NTKERNELAPI
-VOID
-FsRtlAddToTunnelCache (
- IN PTUNNEL Cache,
- IN ULONGLONG DirectoryKey,
- IN PUNICODE_STRING ShortName,
- IN PUNICODE_STRING LongName,
- IN BOOLEAN KeyByShortName,
- IN ULONG DataLength,
- IN PVOID Data
-);
-
-#if (VER_PRODUCTBUILD >= 2195)
-
-PFILE_LOCK
-FsRtlAllocateFileLock (
- IN PCOMPLETE_LOCK_IRP_ROUTINE CompleteLockIrpRoutine OPTIONAL,
- IN PUNLOCK_ROUTINE UnlockRoutine OPTIONAL
-);
-
-#endif // (VER_PRODUCTBUILD >= 2195)
-
-NTKERNELAPI
-PVOID
-FsRtlAllocatePool (
- IN POOL_TYPE PoolType,
- IN ULONG NumberOfBytes
-);
-
-NTKERNELAPI
-PVOID
-FsRtlAllocatePoolWithQuota (
- IN POOL_TYPE PoolType,
- IN ULONG NumberOfBytes
-);
-
-NTKERNELAPI
-PVOID
-FsRtlAllocatePoolWithQuotaTag (
- IN POOL_TYPE PoolType,
- IN ULONG NumberOfBytes,
- IN ULONG Tag
-);
-
-NTKERNELAPI
-PVOID
-FsRtlAllocatePoolWithTag (
- IN POOL_TYPE PoolType,
- IN ULONG NumberOfBytes,
- IN ULONG Tag
-);
-
-NTKERNELAPI
-PVOID
-FsRtlAllocateResource (
- VOID
-);
-
-NTKERNELAPI
-BOOLEAN
-FsRtlAreNamesEqual (
- IN PUNICODE_STRING Name1,
- IN PUNICODE_STRING Name2,
- IN BOOLEAN IgnoreCase,
- IN PWCHAR UpcaseTable OPTIONAL
-);
-
-#define FsRtlAreThereCurrentFileLocks(FL) ( \
- ((FL)->FastIoIsQuestionable) \
-)
-
-NTKERNELAPI
-NTSTATUS
-FsRtlBalanceReads (
- IN PDEVICE_OBJECT TargetDevice
-);
-
-/*
- FsRtlCheckLockForReadAccess:
-
- All this really does is pick out the lock parameters from the irp (io stack
- location?), get IoGetRequestorProcess, and pass values on to
- FsRtlFastCheckLockForRead.
-*/
-NTKERNELAPI
-BOOLEAN
-FsRtlCheckLockForReadAccess (
- IN PFILE_LOCK FileLock,
- IN PIRP Irp
-);
-
-/*
- FsRtlCheckLockForWriteAccess:
-
- All this really does is pick out the lock parameters from the irp (io stack
- location?), get IoGetRequestorProcess, and pass values on to
- FsRtlFastCheckLockForWrite.
-*/
-NTKERNELAPI
-BOOLEAN
-FsRtlCheckLockForWriteAccess (
- IN PFILE_LOCK FileLock,
- IN PIRP Irp
-);
-
-typedef
-VOID
-(*POPLOCK_WAIT_COMPLETE_ROUTINE) (
- IN PVOID Context,
- IN PIRP Irp
-);
-
-typedef
-VOID
-(*POPLOCK_FS_PREPOST_IRP) (
- IN PVOID Context,
- IN PIRP Irp
-);
-
-NTKERNELAPI
-NTSTATUS
-FsRtlCheckOplock (
- IN POPLOCK Oplock,
- IN PIRP Irp,
- IN PVOID Context,
- IN POPLOCK_WAIT_COMPLETE_ROUTINE CompletionRoutine OPTIONAL,
- IN POPLOCK_FS_PREPOST_IRP PostIrpRoutine OPTIONAL
-);
-
-NTKERNELAPI
-BOOLEAN
-FsRtlCopyRead (
- IN PFILE_OBJECT FileObject,
- IN PLARGE_INTEGER FileOffset,
- IN ULONG Length,
- IN BOOLEAN Wait,
- IN ULONG LockKey,
- OUT PVOID Buffer,
- OUT PIO_STATUS_BLOCK IoStatus,
- IN PDEVICE_OBJECT DeviceObject
-);
-
-NTKERNELAPI
-BOOLEAN
-FsRtlCopyWrite (
- IN PFILE_OBJECT FileObject,
- IN PLARGE_INTEGER FileOffset,
- IN ULONG Length,
- IN BOOLEAN Wait,
- IN ULONG LockKey,
- IN PVOID Buffer,
- OUT PIO_STATUS_BLOCK IoStatus,
- IN PDEVICE_OBJECT DeviceObject
-);
-
-NTKERNELAPI
-BOOLEAN
-FsRtlCurrentBatchOplock (
- IN POPLOCK Oplock
-);
-
-NTKERNELAPI
-VOID
-FsRtlDeleteKeyFromTunnelCache (
- IN PTUNNEL Cache,
- IN ULONGLONG DirectoryKey
-);
-
-NTKERNELAPI
-VOID
-FsRtlDeleteTunnelCache (
- IN PTUNNEL Cache
-);
-
-NTKERNELAPI
-VOID
-FsRtlDeregisterUncProvider (
- IN HANDLE Handle
-);
-
-NTKERNELAPI
-VOID
-FsRtlDissectDbcs (
- IN ANSI_STRING InputName,
- OUT PANSI_STRING FirstPart,
- OUT PANSI_STRING RemainingPart
-);
-
-NTKERNELAPI
-VOID
-FsRtlDissectName (
- IN UNICODE_STRING Path,
- OUT PUNICODE_STRING FirstName,
- OUT PUNICODE_STRING RemainingName
-);
-
-NTKERNELAPI
-BOOLEAN
-FsRtlDoesDbcsContainWildCards (
- IN PANSI_STRING Name
-);
-
-NTKERNELAPI
-BOOLEAN
-FsRtlDoesNameContainWildCards (
- IN PUNICODE_STRING Name
-);
-
-#define FsRtlEnterFileSystem KeEnterCriticalRegion
-
-#define FsRtlExitFileSystem KeLeaveCriticalRegion
-
-NTKERNELAPI
-BOOLEAN
-FsRtlFastCheckLockForRead (
- IN PFILE_LOCK FileLock,
- IN PLARGE_INTEGER FileOffset,
- IN PLARGE_INTEGER Length,
- IN ULONG Key,
- IN PFILE_OBJECT FileObject,
- IN PEPROCESS Process
-);
-
-NTKERNELAPI
-BOOLEAN
-FsRtlFastCheckLockForWrite (
- IN PFILE_LOCK FileLock,
- IN PLARGE_INTEGER FileOffset,
- IN PLARGE_INTEGER Length,
- IN ULONG Key,
- IN PFILE_OBJECT FileObject,
- IN PEPROCESS Process
-);
-
-#define FsRtlFastLock(A1, A2, A3, A4, A5, A6, A7, A8, A9, A10, A11) ( \
- FsRtlPrivateLock(A1, A2, A3, A4, A5, A6, A7, A8, A9, NULL, A10, A11) \
-)
-
-NTKERNELAPI
-NTSTATUS
-FsRtlFastUnlockAll (
- IN PFILE_LOCK FileLock,
- IN PFILE_OBJECT FileObject,
- IN PEPROCESS Process,
- IN PVOID Context OPTIONAL
-);
-//ret: STATUS_RANGE_NOT_LOCKED
-
-NTKERNELAPI
-NTSTATUS
-FsRtlFastUnlockAllByKey (
- IN PFILE_LOCK FileLock,
- IN PFILE_OBJECT FileObject,
- IN PEPROCESS Process,
- IN ULONG Key,
- IN PVOID Context OPTIONAL
-);
-//ret: STATUS_RANGE_NOT_LOCKED
-
-NTKERNELAPI
-NTSTATUS
-FsRtlFastUnlockSingle (
- IN PFILE_LOCK FileLock,
- IN PFILE_OBJECT FileObject,
- IN PLARGE_INTEGER FileOffset,
- IN PLARGE_INTEGER Length,
- IN PEPROCESS Process,
- IN ULONG Key,
- IN PVOID Context OPTIONAL,
- IN BOOLEAN AlreadySynchronized
-);
-//ret: STATUS_RANGE_NOT_LOCKED
-
-NTKERNELAPI
-BOOLEAN
-FsRtlFindInTunnelCache (
- IN PTUNNEL Cache,
- IN ULONGLONG DirectoryKey,
- IN PUNICODE_STRING Name,
- OUT PUNICODE_STRING ShortName,
- OUT PUNICODE_STRING LongName,
- IN OUT PULONG DataLength,
- OUT PVOID Data
-);
-
-#if (VER_PRODUCTBUILD >= 2195)
-
-VOID
-FsRtlFreeFileLock (
- IN PFILE_LOCK FileLock
-);
-
-#endif // (VER_PRODUCTBUILD >= 2195)
-
-NTKERNELAPI
-NTSTATUS
-FsRtlGetFileSize (
- IN PFILE_OBJECT FileObject,
- IN OUT PLARGE_INTEGER FileSize
-);
-
-/*
- FsRtlGetNextFileLock:
-
- ret: NULL if no more locks
-
- Internals:
- FsRtlGetNextFileLock uses FileLock->LastReturnedLockInfo and
- FileLock->LastReturnedLock as storage.
- LastReturnedLock is a pointer to the 'raw' lock inkl. double linked
- list, and FsRtlGetNextFileLock needs this to get next lock on subsequent
- calls with Restart = FALSE.
-*/
-NTKERNELAPI
-PFILE_LOCK_INFO
-FsRtlGetNextFileLock (
- IN PFILE_LOCK FileLock,
- IN BOOLEAN Restart
-);
-
-NTKERNELAPI
-BOOLEAN
-FsRtlGetNextLargeMcbEntry (
- IN PLARGE_MCB Mcb,
- IN ULONG RunIndex,
- OUT PLONGLONG Vbn,
- OUT PLONGLONG Lbn,
- OUT PLONGLONG SectorCount
-);
-
-NTKERNELAPI
-BOOLEAN
-FsRtlGetNextMcbEntry (
- IN PMCB Mcb,
- IN ULONG RunIndex,
- OUT PVBN Vbn,
- OUT PLBN Lbn,
- OUT PULONG SectorCount
-);
-
-#if (VER_PRODUCTBUILD >= 2600)
-
-NTKERNELAPI
-VOID
-FsRtlIncrementCcFastReadNotPossible (
- VOID
-);
-
-NTKERNELAPI
-VOID
-FsRtlIncrementCcFastReadNoWait (
- VOID
-);
-
-NTKERNELAPI
-VOID
-FsRtlIncrementCcFastReadResourceMiss (
- VOID
-);
-
-NTKERNELAPI
-VOID
-FsRtlIncrementCcFastReadWait (
- VOID
-);
-
-#endif // (VER_PRODUCTBUILD >= 2600)
-
-NTKERNELAPI
-VOID
-FsRtlInitializeFileLock (
- IN PFILE_LOCK FileLock,
- IN PCOMPLETE_LOCK_IRP_ROUTINE CompleteLockIrpRoutine OPTIONAL,
- IN PUNLOCK_ROUTINE UnlockRoutine OPTIONAL
-);
-
-NTKERNELAPI
-VOID
-FsRtlInitializeLargeMcb (
- IN PLARGE_MCB Mcb,
- IN POOL_TYPE PoolType
-);
-
-NTKERNELAPI
-VOID
-FsRtlInitializeMcb (
- IN PMCB Mcb,
- IN POOL_TYPE PoolType
-);
-
-NTKERNELAPI
-VOID
-FsRtlInitializeOplock (
- IN OUT POPLOCK Oplock
-);
-
-NTKERNELAPI
-VOID
-FsRtlInitializeTunnelCache (
- IN PTUNNEL Cache
-);
-
-NTKERNELAPI
-BOOLEAN
-FsRtlIsDbcsInExpression (
- IN PANSI_STRING Expression,
- IN PANSI_STRING Name
-);
-
-NTKERNELAPI
-BOOLEAN
-FsRtlIsFatDbcsLegal (
- IN ANSI_STRING DbcsName,
- IN BOOLEAN WildCardsPermissible,
- IN BOOLEAN PathNamePermissible,
- IN BOOLEAN LeadingBackslashPermissible
-);
-
-NTKERNELAPI
-BOOLEAN
-FsRtlIsHpfsDbcsLegal (
- IN ANSI_STRING DbcsName,
- IN BOOLEAN WildCardsPermissible,
- IN BOOLEAN PathNamePermissible,
- IN BOOLEAN LeadingBackslashPermissible
-);
-
-NTKERNELAPI
-BOOLEAN
-FsRtlIsNameInExpression (
- IN PUNICODE_STRING Expression,
- IN PUNICODE_STRING Name,
- IN BOOLEAN IgnoreCase,
- IN PWCHAR UpcaseTable OPTIONAL
-);
-
-NTKERNELAPI
-BOOLEAN
-FsRtlIsNtstatusExpected (
- IN NTSTATUS Ntstatus
-);
-
-#if (VER_PRODUCTBUILD >= 2600)
-
-NTKERNELAPI
-BOOLEAN
-FsRtlIsPagingFile (
- IN PFILE_OBJECT FileObject
-);
-
-#endif // (VER_PRODUCTBUILD >= 2600)
-
-NTKERNELAPI
-BOOLEAN
-FsRtlIsTotalDeviceFailure (
- IN NTSTATUS Status
-);
-
-#define FsRtlIsUnicodeCharacterWild(C) ( \
- (((C) >= 0x40) ? \
- FALSE : \
- FlagOn((*FsRtlLegalAnsiCharacterArray)[(C)], FSRTL_WILD_CHARACTER )) \
-)
-
-NTKERNELAPI
-BOOLEAN
-FsRtlLookupLargeMcbEntry (
- IN PLARGE_MCB Mcb,
- IN LONGLONG Vbn,
- OUT PLONGLONG Lbn OPTIONAL,
- OUT PLONGLONG SectorCountFromLbn OPTIONAL,
- OUT PLONGLONG StartingLbn OPTIONAL,
- OUT PLONGLONG SectorCountFromStartingLbn OPTIONAL,
- OUT PULONG Index OPTIONAL
-);
-
-NTKERNELAPI
-BOOLEAN
-FsRtlLookupLastLargeMcbEntry (
- IN PLARGE_MCB Mcb,
- OUT PLONGLONG Vbn,
- OUT PLONGLONG Lbn
-);
-
-#if (VER_PRODUCTBUILD >= 2195)
-
-NTKERNELAPI
-BOOLEAN
-FsRtlLookupLastLargeMcbEntryAndIndex (
- IN PLARGE_MCB OpaqueMcb,
- OUT PLONGLONG LargeVbn,
- OUT PLONGLONG LargeLbn,
- OUT PULONG Index
-);
-
-#endif // (VER_PRODUCTBUILD >= 2195)
-
-NTKERNELAPI
-BOOLEAN
-FsRtlLookupLastMcbEntry (
- IN PMCB Mcb,
- OUT PVBN Vbn,
- OUT PLBN Lbn
-);
-
-NTKERNELAPI
-BOOLEAN
-FsRtlLookupMcbEntry (
- IN PMCB Mcb,
- IN VBN Vbn,
- OUT PLBN Lbn,
- OUT PULONG SectorCount OPTIONAL,
- OUT PULONG Index
-);
-
-NTKERNELAPI
-BOOLEAN
-FsRtlMdlReadComplete (
- IN PFILE_OBJECT FileObject,
- IN PMDL MdlChain
-);
-
-NTKERNELAPI
-BOOLEAN
-FsRtlMdlReadCompleteDev (
- IN PFILE_OBJECT FileObject,
- IN PMDL MdlChain,
- IN PDEVICE_OBJECT DeviceObject
-);
-
-#if (VER_PRODUCTBUILD >= 1381)
-
-NTKERNELAPI
-BOOLEAN
-FsRtlMdlReadDev (
- IN PFILE_OBJECT FileObject,
- IN PLARGE_INTEGER FileOffset,
- IN ULONG Length,
- IN ULONG LockKey,
- OUT PMDL *MdlChain,
- OUT PIO_STATUS_BLOCK IoStatus,
- IN PDEVICE_OBJECT DeviceObject
-);
-
-#endif // (VER_PRODUCTBUILD >= 1381)
-
-NTKERNELAPI
-BOOLEAN
-FsRtlMdlWriteComplete (
- IN PFILE_OBJECT FileObject,
- IN PLARGE_INTEGER FileOffset,
- IN PMDL MdlChain
-);
-
-NTKERNELAPI
-BOOLEAN
-FsRtlMdlWriteCompleteDev (
- IN PFILE_OBJECT FileObject,
- IN PLARGE_INTEGER FileOffset,
- IN PMDL MdlChain,
- IN PDEVICE_OBJECT DeviceObject
-);
-
-NTKERNELAPI
-NTSTATUS
-FsRtlNormalizeNtstatus (
- IN NTSTATUS Exception,
- IN NTSTATUS GenericException
-);
-
-NTKERNELAPI
-VOID
-FsRtlNotifyChangeDirectory (
- IN PNOTIFY_SYNC NotifySync,
- IN PVOID FsContext,
- IN PSTRING FullDirectoryName,
- IN PLIST_ENTRY NotifyList,
- IN BOOLEAN WatchTree,
- IN ULONG CompletionFilter,
- IN PIRP NotifyIrp
-);
-
-NTKERNELAPI
-VOID
-FsRtlNotifyCleanup (
- IN PNOTIFY_SYNC NotifySync,
- IN PLIST_ENTRY NotifyList,
- IN PVOID FsContext
-);
-
-typedef BOOLEAN (*PCHECK_FOR_TRAVERSE_ACCESS) (
- IN PVOID NotifyContext,
- IN PVOID TargetContext,
- IN PSECURITY_SUBJECT_CONTEXT SubjectContext
-);
-
-#if (VER_PRODUCTBUILD >= 2600)
-
-typedef BOOLEAN (*PFILTER_REPORT_CHANGE) (
- IN PVOID NotifyContext,
- IN PVOID FilterContext
-);
-
-NTKERNELAPI
-VOID
-FsRtlNotifyFilterChangeDirectory (
- IN PNOTIFY_SYNC NotifySync,
- IN PLIST_ENTRY NotifyList,
- IN PVOID FsContext,
- IN PSTRING FullDirectoryName,
- IN BOOLEAN WatchTree,
- IN BOOLEAN IgnoreBuffer,
- IN ULONG CompletionFilter,
- IN PIRP NotifyIrp,
- IN PCHECK_FOR_TRAVERSE_ACCESS TraverseCallback OPTIONAL,
- IN PSECURITY_SUBJECT_CONTEXT SubjectContext OPTIONAL,
- IN PFILTER_REPORT_CHANGE FilterCallback OPTIONAL
-);
-
-NTKERNELAPI
-VOID
-FsRtlNotifyFilterReportChange (
- IN PNOTIFY_SYNC NotifySync,
- IN PLIST_ENTRY NotifyList,
- IN PSTRING FullTargetName,
- IN USHORT TargetNameOffset,
- IN PSTRING StreamName OPTIONAL,
- IN PSTRING NormalizedParentName OPTIONAL,
- IN ULONG FilterMatch,
- IN ULONG Action,
- IN PVOID TargetContext,
- IN PVOID FilterContext
-);
-
-#endif // (VER_PRODUCTBUILD >= 2600)
-
-NTKERNELAPI
-VOID
-FsRtlNotifyFullChangeDirectory (
- IN PNOTIFY_SYNC NotifySync,
- IN PLIST_ENTRY NotifyList,
- IN PVOID FsContext,
- IN PSTRING FullDirectoryName,
- IN BOOLEAN WatchTree,
- IN BOOLEAN IgnoreBuffer,
- IN ULONG CompletionFilter,
- IN PIRP NotifyIrp,
- IN PCHECK_FOR_TRAVERSE_ACCESS TraverseCallback OPTIONAL,
- IN PSECURITY_SUBJECT_CONTEXT SubjectContext OPTIONAL
-);
-
-NTKERNELAPI
-VOID
-FsRtlNotifyFullReportChange (
- IN PNOTIFY_SYNC NotifySync,
- IN PLIST_ENTRY NotifyList,
- IN PSTRING FullTargetName,
- IN USHORT TargetNameOffset,
- IN PSTRING StreamName OPTIONAL,
- IN PSTRING NormalizedParentName OPTIONAL,
- IN ULONG FilterMatch,
- IN ULONG Action,
- IN PVOID TargetContext
-);
-
-NTKERNELAPI
-VOID
-FsRtlNotifyInitializeSync (
- IN PNOTIFY_SYNC *NotifySync
-);
-
-NTKERNELAPI
-VOID
-FsRtlNotifyReportChange (
- IN PNOTIFY_SYNC NotifySync,
- IN PLIST_ENTRY NotifyList,
- IN PSTRING FullTargetName,
- IN PUSHORT FileNamePartLength,
- IN ULONG FilterMatch
-);
-
-NTKERNELAPI
-VOID
-FsRtlNotifyUninitializeSync (
- IN PNOTIFY_SYNC *NotifySync
-);
-
-#if (VER_PRODUCTBUILD >= 2195)
-
-NTKERNELAPI
-NTSTATUS
-FsRtlNotifyVolumeEvent (
- IN PFILE_OBJECT FileObject,
- IN ULONG EventCode
-);
-
-#endif // (VER_PRODUCTBUILD >= 2195)
-
-NTKERNELAPI
-ULONG
-FsRtlNumberOfRunsInLargeMcb (
- IN PLARGE_MCB Mcb
-);
-
-NTKERNELAPI
-ULONG
-FsRtlNumberOfRunsInMcb (
- IN PMCB Mcb
-);
-
-NTKERNELAPI
-NTSTATUS
-FsRtlOplockFsctrl (
- IN POPLOCK Oplock,
- IN PIRP Irp,
- IN ULONG OpenCount
-);
-
-NTKERNELAPI
-BOOLEAN
-FsRtlOplockIsFastIoPossible (
- IN POPLOCK Oplock
-);
-
-typedef
-VOID
-(*PFSRTL_STACK_OVERFLOW_ROUTINE) (
- IN PVOID Context,
- IN PKEVENT Event
- );
-
-NTKERNELAPI
-VOID
-FsRtlPostPagingFileStackOverflow (
- IN PVOID Context,
- IN PKEVENT Event,
- IN PFSRTL_STACK_OVERFLOW_ROUTINE StackOverflowRoutine
-);
-
-NTKERNELAPI
-VOID
-FsRtlPostStackOverflow (
- IN PVOID Context,
- IN PKEVENT Event,
- IN PFSRTL_STACK_OVERFLOW_ROUTINE StackOverflowRoutine
-);
-
-#if (VER_PRODUCTBUILD >= 1381)
-
-NTKERNELAPI
-BOOLEAN
-FsRtlPrepareMdlWriteDev (
- IN PFILE_OBJECT FileObject,
- IN PLARGE_INTEGER FileOffset,
- IN ULONG Length,
- IN ULONG LockKey,
- OUT PMDL *MdlChain,
- OUT PIO_STATUS_BLOCK IoStatus,
- IN PDEVICE_OBJECT DeviceObject
-);
-
-#endif // (VER_PRODUCTBUILD >= 1381)
-
-/*
- FsRtlPrivateLock:
-
- ret: IoStatus->Status: STATUS_PENDING, STATUS_LOCK_NOT_GRANTED
-
- Internals:
- -Calls IoCompleteRequest if Irp
- -Uses exception handling / ExRaiseStatus with STATUS_INSUFFICIENT_RESOURCES
-*/
-NTKERNELAPI
-BOOLEAN
-FsRtlPrivateLock (
- IN PFILE_LOCK FileLock,
- IN PFILE_OBJECT FileObject,
- IN PLARGE_INTEGER FileOffset,
- IN PLARGE_INTEGER Length,
- IN PEPROCESS Process,
- IN ULONG Key,
- IN BOOLEAN FailImmediately,
- IN BOOLEAN ExclusiveLock,
- OUT PIO_STATUS_BLOCK IoStatus,
- IN PIRP Irp OPTIONAL,
- IN PVOID Context,
- IN BOOLEAN AlreadySynchronized
-);
-
-/*
- FsRtlProcessFileLock:
-
- ret:
- -STATUS_INVALID_DEVICE_REQUEST
- -STATUS_RANGE_NOT_LOCKED from unlock routines.
- -STATUS_PENDING, STATUS_LOCK_NOT_GRANTED from FsRtlPrivateLock
- (redirected IoStatus->Status).
-
- Internals:
- -switch ( Irp->CurrentStackLocation->MinorFunction )
- lock: return FsRtlPrivateLock;
- unlocksingle: return FsRtlFastUnlockSingle;
- unlockall: return FsRtlFastUnlockAll;
- unlockallbykey: return FsRtlFastUnlockAllByKey;
- default: IofCompleteRequest with STATUS_INVALID_DEVICE_REQUEST;
- return STATUS_INVALID_DEVICE_REQUEST;
-
- -'AllwaysZero' is passed thru as 'AllwaysZero' to lock / unlock routines.
- -'Irp' is passet thru as 'Irp' to FsRtlPrivateLock.
-*/
-NTKERNELAPI
-NTSTATUS
-FsRtlProcessFileLock (
- IN PFILE_LOCK FileLock,
- IN PIRP Irp,
- IN PVOID Context OPTIONAL
-);
-
-NTKERNELAPI
-NTSTATUS
-FsRtlRegisterUncProvider (
- IN OUT PHANDLE MupHandle,
- IN PUNICODE_STRING RedirectorDeviceName,
- IN BOOLEAN MailslotsSupported
-);
-
-#if (VER_PRODUCTBUILD >= 2195)
-
-NTKERNELAPI
-VOID
-FsRtlReleaseFile (
- IN PFILE_OBJECT FileObject
-);
-
-#endif // (VER_PRODUCTBUILD >= 2195)
-
-NTKERNELAPI
-VOID
-FsRtlRemoveLargeMcbEntry (
- IN PLARGE_MCB Mcb,
- IN LONGLONG Vbn,
- IN LONGLONG SectorCount
-);
-
-NTKERNELAPI
-VOID
-FsRtlRemoveMcbEntry (
- IN PMCB Mcb,
- IN VBN Vbn,
- IN ULONG SectorCount
-);
-
-#if (VER_PRODUCTBUILD >= 2195)
-
-NTKERNELAPI
-VOID
-FsRtlResetLargeMcb (
- IN PLARGE_MCB Mcb,
- IN BOOLEAN SelfSynchronized
-);
-
-#endif // (VER_PRODUCTBUILD >= 2195)
-
-#if (VER_PRODUCTBUILD >= 2600)
-
-#define FsRtlSetupAdvancedHeader( _advhdr, _fmutx ) \
-{ \
- SetFlag( (_advhdr)->Flags, FSRTL_FLAG_ADVANCED_HEADER ); \
- SetFlag( (_advhdr)->Flags2, FSRTL_FLAG2_SUPPORTS_FILTER_CONTEXTS ); \
- (_advhdr)->Version = FSRTL_FCB_HEADER_V1; \
- InitializeListHead( &(_advhdr)->FilterContexts ); \
- if ((_fmutx) != NULL) { \
- (_advhdr)->FastMutex = (_fmutx); \
- } \
- *((PULONG_PTR)(&(_advhdr)->PushLock)) = 0; \
- (_advhdr)->FileContextSupportPointer = NULL; \
-}
-
-#endif // (VER_PRODUCTBUILD >= 2600)
-
-NTKERNELAPI
-BOOLEAN
-FsRtlSplitLargeMcb (
- IN PLARGE_MCB Mcb,
- IN LONGLONG Vbn,
- IN LONGLONG Amount
-);
-
-#if (VER_PRODUCTBUILD >= 2600)
-
-NTKERNELAPI
-VOID
-FsRtlTeardownPerFileContexts (
- IN PVOID *PerFileContextPointer
-);
-
-NTKERNELAPI
-VOID
-FsRtlTeardownPerStreamContexts (
- IN PFSRTL_ADVANCED_FCB_HEADER AdvancedHeader
-);
-
-#endif // (VER_PRODUCTBUILD >= 2600)
-
-NTKERNELAPI
-VOID
-FsRtlTruncateLargeMcb (
- IN PLARGE_MCB Mcb,
- IN LONGLONG Vbn
-);
-
-NTKERNELAPI
-VOID
-FsRtlTruncateMcb (
- IN PMCB Mcb,
- IN VBN Vbn
-);
-
-NTKERNELAPI
-VOID
-FsRtlUninitializeFileLock (
- IN PFILE_LOCK FileLock
-);
-
-NTKERNELAPI
-VOID
-FsRtlUninitializeLargeMcb (
- IN PLARGE_MCB Mcb
-);
-
-NTKERNELAPI
-VOID
-FsRtlUninitializeMcb (
- IN PMCB Mcb
-);
-
-NTKERNELAPI
-VOID
-FsRtlUninitializeOplock (
- IN OUT POPLOCK Oplock
-);
-
-//
-// If using HalDisplayString during boot on Windows 2000 or later you must
-// first call InbvEnableDisplayString.
-//
-NTSYSAPI
-VOID
-NTAPI
-HalDisplayString (
- IN PCHAR String
-);
-
-NTSYSAPI
-VOID
-NTAPI
-HalQueryRealTimeClock (
- IN OUT PTIME_FIELDS TimeFields
-);
-
-NTSYSAPI
-VOID
-NTAPI
-HalSetRealTimeClock (
- IN PTIME_FIELDS TimeFields
-);
-
-#if (VER_PRODUCTBUILD >= 2195)
-
-NTKERNELAPI
-VOID
-InbvAcquireDisplayOwnership (
- VOID
-);
-
-NTKERNELAPI
-BOOLEAN
-InbvCheckDisplayOwnership (
- VOID
-);
-
-NTKERNELAPI
-BOOLEAN
-InbvDisplayString (
- IN PCHAR String
-);
-
-NTKERNELAPI
-VOID
-InbvEnableBootDriver (
- IN BOOLEAN Enable
-);
-
-NTKERNELAPI
-BOOLEAN
-InbvEnableDisplayString (
- IN BOOLEAN Enable
-);
-
-NTKERNELAPI
-VOID
-InbvInstallDisplayStringFilter (
- IN PVOID Unknown
-);
-
-NTKERNELAPI
-BOOLEAN
-InbvIsBootDriverInstalled (
- VOID
-);
-
-NTKERNELAPI
-VOID
-InbvNotifyDisplayOwnershipLost (
- IN PVOID Callback
-);
-
-NTKERNELAPI
-BOOLEAN
-InbvResetDisplay (
- VOID
-);
-
-NTKERNELAPI
-VOID
-InbvSetScrollRegion (
- IN ULONG Left,
- IN ULONG Top,
- IN ULONG Width,
- IN ULONG Height
-);
-
-NTKERNELAPI
-VOID
-InbvSetTextColor (
- IN ULONG Color
-);
-
-NTKERNELAPI
-VOID
-InbvSolidColorFill (
- IN ULONG Left,
- IN ULONG Top,
- IN ULONG Width,
- IN ULONG Height,
- IN ULONG Color
-);
-
-#endif // (VER_PRODUCTBUILD >= 2195)
-
-#define InitializeMessageHeader(m, l, t) { \
- (m)->Length = (USHORT)(l); \
- (m)->DataLength = (USHORT)(l - sizeof( LPC_MESSAGE )); \
- (m)->MessageType = (USHORT)(t); \
- (m)->DataInfoOffset = 0; \
-}
-
-NTKERNELAPI
-VOID
-IoAcquireVpbSpinLock (
- OUT PKIRQL Irql
-);
-
-#if (VER_PRODUCTBUILD >= 2600)
-
-NTKERNELAPI
-NTSTATUS
-IoAttachDeviceToDeviceStackSafe (
- IN PDEVICE_OBJECT SourceDevice,
- IN PDEVICE_OBJECT TargetDevice,
- OUT PDEVICE_OBJECT *AttachedToDeviceObject
-);
-
-#endif // (VER_PRODUCTBUILD >= 2600)
-
-NTKERNELAPI
-NTSTATUS
-IoCheckDesiredAccess (
- IN OUT PACCESS_MASK DesiredAccess,
- IN ACCESS_MASK GrantedAccess
-);
-
-NTKERNELAPI
-NTSTATUS
-IoCheckEaBufferValidity (
- IN PFILE_FULL_EA_INFORMATION EaBuffer,
- IN ULONG EaLength,
- OUT PULONG ErrorOffset
-);
-
-NTKERNELAPI
-NTSTATUS
-IoCheckFunctionAccess (
- IN ACCESS_MASK GrantedAccess,
- IN UCHAR MajorFunction,
- IN UCHAR MinorFunction,
- IN ULONG IoControlCode,
- IN PFILE_INFORMATION_CLASS FileInformationClass OPTIONAL,
- IN PFS_INFORMATION_CLASS FsInformationClass OPTIONAL
-);
-
-#if (VER_PRODUCTBUILD >= 2195)
-
-NTKERNELAPI
-NTSTATUS
-IoCheckQuerySetFileInformation (
- IN FILE_INFORMATION_CLASS FileInformationClass,
- IN ULONG Length,
- IN BOOLEAN SetOperation
-);
-
-NTKERNELAPI
-NTSTATUS
-IoCheckQuerySetVolumeInformation (
- IN FS_INFORMATION_CLASS FsInformationClass,
- IN ULONG Length,
- IN BOOLEAN SetOperation
-);
-
-NTKERNELAPI
-NTSTATUS
-IoCheckQuotaBufferValidity (
- IN PFILE_QUOTA_INFORMATION QuotaBuffer,
- IN ULONG QuotaLength,
- OUT PULONG ErrorOffset
-);
-
-#endif // (VER_PRODUCTBUILD >= 2195)
-
-#if (VER_PRODUCTBUILD >= 2600)
-
-NTKERNELAPI
-NTSTATUS
-IoCreateFileSpecifyDeviceObjectHint (
- OUT PHANDLE FileHandle,
- IN ACCESS_MASK DesiredAccess,
- IN POBJECT_ATTRIBUTES ObjectAttributes,
- OUT PIO_STATUS_BLOCK IoStatusBlock,
- IN PLARGE_INTEGER AllocationSize OPTIONAL,
- IN ULONG FileAttributes,
- IN ULONG ShareAccess,
- IN ULONG Disposition,
- IN ULONG CreateOptions,
- IN PVOID EaBuffer OPTIONAL,
- IN ULONG EaLength,
- IN CREATE_FILE_TYPE CreateFileType,
- IN PVOID ExtraCreateParameters OPTIONAL,
- IN ULONG Options,
- IN PVOID DeviceObject
-);
-
-#endif // (VER_PRODUCTBUILD >= 2600)
-
-NTKERNELAPI
-PFILE_OBJECT
-IoCreateStreamFileObject (
- IN PFILE_OBJECT FileObject OPTIONAL,
- IN PDEVICE_OBJECT DeviceObject OPTIONAL
-);
-
-#if (VER_PRODUCTBUILD >= 2600)
-
-NTKERNELAPI
-PFILE_OBJECT
-IoCreateStreamFileObjectEx (
- IN PFILE_OBJECT FileObject OPTIONAL,
- IN PDEVICE_OBJECT DeviceObject OPTIONAL,
- OUT PHANDLE FileObjectHandle OPTIONAL
-);
-
-#endif // (VER_PRODUCTBUILD >= 2600)
-
-#if (VER_PRODUCTBUILD >= 2195)
-
-NTKERNELAPI
-PFILE_OBJECT
-IoCreateStreamFileObjectLite (
- IN PFILE_OBJECT FileObject OPTIONAL,
- IN PDEVICE_OBJECT DeviceObject OPTIONAL
-);
-
-#endif // (VER_PRODUCTBUILD >= 2195)
-
-#if (VER_PRODUCTBUILD >= 2600)
-
-NTKERNELAPI
-NTSTATUS
-IoEnumerateDeviceObjectList (
- IN PDRIVER_OBJECT DriverObject,
- IN PDEVICE_OBJECT *DeviceObjectList,
- IN ULONG DeviceObjectListSize,
- OUT PULONG ActualNumberDeviceObjects
-);
-
-#endif // (VER_PRODUCTBUILD >= 2600)
-
-NTKERNELAPI
-BOOLEAN
-IoFastQueryNetworkAttributes (
- IN POBJECT_ATTRIBUTES ObjectAttributes,
- IN ACCESS_MASK DesiredAccess,
- IN ULONG OpenOptions,
- OUT PIO_STATUS_BLOCK IoStatus,
- OUT PFILE_NETWORK_OPEN_INFORMATION Buffer
-);
-
-NTKERNELAPI
-PDEVICE_OBJECT
-IoGetAttachedDevice (
- IN PDEVICE_OBJECT DeviceObject
-);
-
-NTKERNELAPI
-PDEVICE_OBJECT
-IoGetBaseFileSystemDeviceObject (
- IN PFILE_OBJECT FileObject
-);
-
-#if (VER_PRODUCTBUILD >= 2600)
-
-NTKERNELAPI
-PDEVICE_OBJECT
-IoGetDeviceAttachmentBaseRef (
- IN PDEVICE_OBJECT DeviceObject
-);
-
-NTKERNELAPI
-NTSTATUS
-IoGetDiskDeviceObject (
- IN PDEVICE_OBJECT FileSystemDeviceObject,
- OUT PDEVICE_OBJECT *DiskDeviceObject
-);
-
-NTKERNELAPI
-PDEVICE_OBJECT
-IoGetLowerDeviceObject (
- IN PDEVICE_OBJECT DeviceObject
-);
-
-#endif // (VER_PRODUCTBUILD >= 2600)
-
-NTKERNELAPI
-PEPROCESS
-IoGetRequestorProcess (
- IN PIRP Irp
-);
-
-#if (VER_PRODUCTBUILD >= 2195)
-
-NTKERNELAPI
-ULONG
-IoGetRequestorProcessId (
- IN PIRP Irp
-);
-
-#endif // (VER_PRODUCTBUILD >= 2195)
-
-NTKERNELAPI
-PIRP
-IoGetTopLevelIrp (
- VOID
-);
-
-#define IoIsFileOpenedExclusively(FileObject) ( \
- (BOOLEAN) !( \
- (FileObject)->SharedRead || \
- (FileObject)->SharedWrite || \
- (FileObject)->SharedDelete \
- ) \
-)
-
-#if (VER_PRODUCTBUILD >= 2195)
-
-NTKERNELAPI
-BOOLEAN
-IoIsFileOriginRemote (
- IN PFILE_OBJECT FileObject
-);
-
-#endif // (VER_PRODUCTBUILD >= 2195)
-
-NTKERNELAPI
-BOOLEAN
-IoIsOperationSynchronous (
- IN PIRP Irp
-);
-
-NTKERNELAPI
-BOOLEAN
-IoIsSystemThread (
- IN PETHREAD Thread
-);
-
-#if (VER_PRODUCTBUILD >= 2195)
-
-NTKERNELAPI
-BOOLEAN
-IoIsValidNameGraftingBuffer (
- IN PIRP Irp,
- IN PREPARSE_DATA_BUFFER ReparseBuffer
-);
-
-#endif // (VER_PRODUCTBUILD >= 2195)
-
-NTKERNELAPI
-NTSTATUS
-IoPageRead (
- IN PFILE_OBJECT FileObject,
- IN PMDL Mdl,
- IN PLARGE_INTEGER Offset,
- IN PKEVENT Event,
- OUT PIO_STATUS_BLOCK IoStatusBlock
-);
-
-#if (VER_PRODUCTBUILD >= 2600)
-
-NTKERNELAPI
-NTSTATUS
-IoQueryFileDosDeviceName (
- IN PFILE_OBJECT FileObject,
- OUT POBJECT_NAME_INFORMATION *ObjectNameInformation
-);
-
-#endif // (VER_PRODUCTBUILD >= 2600)
-
-NTKERNELAPI
-NTSTATUS
-IoQueryFileInformation (
- IN PFILE_OBJECT FileObject,
- IN FILE_INFORMATION_CLASS FileInformationClass,
- IN ULONG Length,
- OUT PVOID FileInformation,
- OUT PULONG ReturnedLength
-);
-
-NTKERNELAPI
-NTSTATUS
-IoQueryVolumeInformation (
- IN PFILE_OBJECT FileObject,
- IN FS_INFORMATION_CLASS FsInformationClass,
- IN ULONG Length,
- OUT PVOID FsInformation,
- OUT PULONG ReturnedLength
-);
-
-#if (VER_PRODUCTBUILD >= 1381)
-
-NTKERNELAPI
-VOID
-IoQueueThreadIrp (
- IN PIRP Irp
-);
-
-#endif // (VER_PRODUCTBUILD >= 1381)
-
-NTKERNELAPI
-VOID
-IoRegisterFileSystem (
- IN OUT PDEVICE_OBJECT DeviceObject
-);
-
-#if (VER_PRODUCTBUILD >= 1381)
-
-typedef VOID (*PDRIVER_FS_NOTIFICATION) (
- IN PDEVICE_OBJECT DeviceObject,
- IN BOOLEAN DriverActive
-);
-
-NTKERNELAPI
-NTSTATUS
-IoRegisterFsRegistrationChange (
- IN PDRIVER_OBJECT DriverObject,
- IN PDRIVER_FS_NOTIFICATION DriverNotificationRoutine
-);
-
-#endif // (VER_PRODUCTBUILD >= 1381)
-
-NTKERNELAPI
-VOID
-IoReleaseVpbSpinLock (
- IN KIRQL Irql
-);
-
-NTKERNELAPI
-VOID
-IoSetDeviceToVerify (
- IN PETHREAD Thread,
- IN PDEVICE_OBJECT DeviceObject
-);
-
-#if (VER_PRODUCTBUILD >= 2195)
-
-NTKERNELAPI
-NTSTATUS
-IoSetFileOrigin (
- IN PFILE_OBJECT FileObject,
- IN BOOLEAN Remote
-);
-
-#endif // (VER_PRODUCTBUILD >= 2195)
-
-NTKERNELAPI
-NTSTATUS
-IoSetInformation (
- IN PFILE_OBJECT FileObject,
- IN FILE_INFORMATION_CLASS FileInformationClass,
- IN ULONG Length,
- IN PVOID FileInformation
-);
-
-NTKERNELAPI
-VOID
-IoSetTopLevelIrp (
- IN PIRP Irp
-);
-
-NTKERNELAPI
-NTSTATUS
-IoSynchronousPageWrite (
- IN PFILE_OBJECT FileObject,
- IN PMDL Mdl,
- IN PLARGE_INTEGER FileOffset,
- IN PKEVENT Event,
- OUT PIO_STATUS_BLOCK IoStatusBlock
-);
-
-NTKERNELAPI
-PEPROCESS
-IoThreadToProcess (
- IN PETHREAD Thread
-);
-
-NTKERNELAPI
-VOID
-IoUnregisterFileSystem (
- IN OUT PDEVICE_OBJECT DeviceObject
-);
-
-#if (VER_PRODUCTBUILD >= 1381)
-
-NTKERNELAPI
-NTSTATUS
-IoUnregisterFsRegistrationChange (
- IN PDRIVER_OBJECT DriverObject,
- IN PDRIVER_FS_NOTIFICATION DriverNotificationRoutine
-);
-
-#endif // (VER_PRODUCTBUILD >= 1381)
-
-NTKERNELAPI
-NTSTATUS
-IoVerifyVolume (
- IN PDEVICE_OBJECT DeviceObject,
- IN BOOLEAN AllowRawMount
-);
-
-#if (VER_PRODUCTBUILD >= 2195)
-
-NTKERNELAPI
-KIRQL
-FASTCALL
-KeAcquireQueuedSpinLock (
- IN KSPIN_LOCK_QUEUE_NUMBER Number
-);
-
-#endif // (VER_PRODUCTBUILD >= 2195)
-
-NTKERNELAPI
-VOID
-KeAttachProcess (
- IN PEPROCESS Process
-);
-
-NTKERNELAPI
-VOID
-KeDetachProcess (
- VOID
-);
-
-NTKERNELAPI
-VOID
-KeInitializeApc (
- PKAPC Apc,
- PKTHREAD Thread,
- UCHAR StateIndex,
- PKKERNEL_ROUTINE KernelRoutine,
- PKRUNDOWN_ROUTINE RundownRoutine,
- PKNORMAL_ROUTINE NormalRoutine,
- KPROCESSOR_MODE ApcMode,
- PVOID NormalContext
-);
-
-NTKERNELAPI
-VOID
-KeInitializeMutant (
- IN PRKMUTANT Mutant,
- IN BOOLEAN InitialOwner
-);
-
-NTKERNELAPI
-VOID
-KeInitializeQueue (
- IN PRKQUEUE Queue,
- IN ULONG Count OPTIONAL
-);
-
-NTKERNELAPI
-LONG
-KeInsertHeadQueue (
- IN PRKQUEUE Queue,
- IN PLIST_ENTRY Entry
-);
-
-NTKERNELAPI
-LONG
-KeInsertQueue (
- IN PRKQUEUE Queue,
- IN PLIST_ENTRY Entry
-);
-
-NTKERNELAPI
-BOOLEAN
-KeInsertQueueApc (
- IN PKAPC Apc,
- IN PVOID SystemArgument1,
- IN PVOID SystemArgument2,
- IN KPRIORITY Increment
-);
-
-#if (VER_PRODUCTBUILD >= 2600)
-
-NTKERNELAPI
-BOOLEAN
-KeIsAttachedProcess (
- VOID
-);
-
-#endif // (VER_PRODUCTBUILD >= 2600)
-
-NTKERNELAPI
-BOOLEAN
-KeIsExecutingDpc (
- VOID
-);
-
-NTKERNELAPI
-LONG
-KeReadStateMutant (
- IN PRKMUTANT Mutant
-);
-
-NTKERNELAPI
-LONG
-KeReadStateQueue (
- IN PRKQUEUE Queue
-);
-
-NTKERNELAPI
-LONG
-KeReleaseMutant (
- IN PRKMUTANT Mutant,
- IN KPRIORITY Increment,
- IN BOOLEAN Abandoned,
- IN BOOLEAN Wait
-);
-
-#if (VER_PRODUCTBUILD >= 2195)
-
-NTKERNELAPI
-VOID
-FASTCALL
-KeReleaseQueuedSpinLock (
- IN KSPIN_LOCK_QUEUE_NUMBER Number,
- IN KIRQL OldIrql
-);
-
-#endif // (VER_PRODUCTBUILD >= 2195)
-
-NTKERNELAPI
-PLIST_ENTRY
-KeRemoveQueue (
- IN PRKQUEUE Queue,
- IN KPROCESSOR_MODE WaitMode,
- IN PLARGE_INTEGER Timeout OPTIONAL
-);
-
-#if (VER_PRODUCTBUILD >= 2195)
-
-NTKERNELAPI
-NTSTATUS
-KeRevertToUserAffinityThread (
- VOID
-);
-
-#endif // (VER_PRODUCTBUILD >= 2195)
-
-NTKERNELAPI
-PLIST_ENTRY
-KeRundownQueue (
- IN PRKQUEUE Queue
-);
-
-#if (VER_PRODUCTBUILD >= 1381)
-
-NTKERNELAPI
-CCHAR
-KeSetIdealProcessorThread (
- IN PKTHREAD Thread,
- IN CCHAR Processor
-);
-
-NTKERNELAPI
-BOOLEAN
-KeSetKernelStackSwapEnable (
- IN BOOLEAN Enable
-);
-
-#endif // (VER_PRODUCTBUILD >= 1381)
-
-#if (VER_PRODUCTBUILD >= 2195)
-
-NTKERNELAPI
-VOID
-KeStackAttachProcess (
- IN PKPROCESS Process,
- OUT PKAPC_STATE ApcState
-);
-
-NTKERNELAPI
-LOGICAL
-FASTCALL
-KeTryToAcquireQueuedSpinLock (
- IN KSPIN_LOCK_QUEUE_NUMBER Number,
- IN PKIRQL OldIrql
-);
-
-NTKERNELAPI
-VOID
-KeUnstackDetachProcess (
- IN PKAPC_STATE ApcState
-);
-
-#endif // (VER_PRODUCTBUILD >= 2195)
-
-NTKERNELAPI
-NTSTATUS
-KeUpdateSystemTime (
- VOID
-);
-
-NTKERNELAPI
-BOOLEAN
-MmCanFileBeTruncated (
- IN PSECTION_OBJECT_POINTERS SectionObjectPointer,
- IN PLARGE_INTEGER NewFileSize
-);
-
-NTKERNELAPI
-NTSTATUS
-MmCreateSection (
- OUT PVOID *SectionObject,
- IN ACCESS_MASK DesiredAccess,
- IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
- IN PLARGE_INTEGER MaximumSize,
- IN ULONG SectionPageProtection,
- IN ULONG AllocationAttributes,
- IN HANDLE FileHandle OPTIONAL,
- IN PFILE_OBJECT FileObject OPTIONAL
-);
-
-NTKERNELAPI
-BOOLEAN
-MmFlushImageSection (
- IN PSECTION_OBJECT_POINTERS SectionObjectPointer,
- IN MMFLUSH_TYPE FlushType
-);
-
-NTKERNELAPI
-BOOLEAN
-MmForceSectionClosed (
- IN PSECTION_OBJECT_POINTERS SectionObjectPointer,
- IN BOOLEAN DelayClose
-);
-
-#if (VER_PRODUCTBUILD >= 1381)
-
-NTKERNELAPI
-BOOLEAN
-MmIsRecursiveIoFault (
- VOID
-);
-
-#else
-
-#define MmIsRecursiveIoFault() ( \
- (PsGetCurrentThread()->DisablePageFaultClustering) | \
- (PsGetCurrentThread()->ForwardClusterOnly) \
-)
-
-#endif
-
-NTKERNELAPI
-NTSTATUS
-MmMapViewOfSection (
- IN PVOID SectionObject,
- IN PEPROCESS Process,
- IN OUT PVOID *BaseAddress,
- IN ULONG ZeroBits,
- IN ULONG CommitSize,
- IN OUT PLARGE_INTEGER SectionOffset OPTIONAL,
- IN OUT PULONG ViewSize,
- IN SECTION_INHERIT InheritDisposition,
- IN ULONG AllocationType,
- IN ULONG Protect
-);
-
-#if (VER_PRODUCTBUILD >= 2600)
-
-NTKERNELAPI
-NTSTATUS
-MmPrefetchPages (
- IN ULONG NumberOfLists,
- IN PREAD_LIST *ReadLists
-);
-
-#endif // (VER_PRODUCTBUILD >= 2600)
-
-NTKERNELAPI
-BOOLEAN
-MmSetAddressRangeModified (
- IN PVOID Address,
- IN SIZE_T Length
-);
-
-NTKERNELAPI
-NTSTATUS
-ObCreateObject (
- IN KPROCESSOR_MODE ObjectAttributesAccessMode OPTIONAL,
- IN POBJECT_TYPE ObjectType,
- IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
- IN KPROCESSOR_MODE AccessMode,
- IN OUT PVOID ParseContext OPTIONAL,
- IN ULONG ObjectSize,
- IN ULONG PagedPoolCharge OPTIONAL,
- IN ULONG NonPagedPoolCharge OPTIONAL,
- OUT PVOID *Object
-);
-
-#if (VER_PRODUCTBUILD >= 2600)
-
-NTKERNELAPI
-VOID
-ObDereferenceSecurityDescriptor (
- IN PSECURITY_DESCRIPTOR SecurityDescriptor,
- IN ULONG Count
-);
-
-#endif // (VER_PRODUCTBUILD >= 2600)
-
-#if (VER_PRODUCTBUILD <= 2195)
-
-NTKERNELAPI
-ULONG
-ObGetObjectPointerCount (
- IN PVOID Object
-);
-
-#endif // (VER_PRODUCTBUILD <= 2195)
-
-NTKERNELAPI
-NTSTATUS
-ObInsertObject (
- IN PVOID Object,
- IN PACCESS_STATE PassedAccessState OPTIONAL,
- IN ACCESS_MASK DesiredAccess,
- IN ULONG AdditionalReferences,
- OUT PVOID *ReferencedObject OPTIONAL,
- OUT PHANDLE Handle
-);
-
-#if (VER_PRODUCTBUILD >= 2600)
-
-NTKERNELAPI
-NTSTATUS
-ObLogSecurityDescriptor (
- IN PSECURITY_DESCRIPTOR InputSecurityDescriptor,
- OUT PSECURITY_DESCRIPTOR *OutputSecurityDescriptor,
- IN ULONG RefBias
-);
-
-#endif // (VER_PRODUCTBUILD >= 2600)
-
-NTKERNELAPI
-VOID
-ObMakeTemporaryObject (
- IN PVOID Object
-);
-
-NTKERNELAPI
-NTSTATUS
-ObOpenObjectByPointer (
- IN PVOID Object,
- IN ULONG HandleAttributes,
- IN PACCESS_STATE PassedAccessState OPTIONAL,
- IN ACCESS_MASK DesiredAccess OPTIONAL,
- IN POBJECT_TYPE ObjectType OPTIONAL,
- IN KPROCESSOR_MODE AccessMode,
- OUT PHANDLE Handle
-);
-
-NTKERNELAPI
-NTSTATUS
-ObQueryNameString (
- IN PVOID Object,
- OUT POBJECT_NAME_INFORMATION ObjectNameInfo,
- IN ULONG Length,
- OUT PULONG ReturnLength
-);
-
-NTKERNELAPI
-NTSTATUS
-ObQueryObjectAuditingByHandle (
- IN HANDLE Handle,
- OUT PBOOLEAN GenerateOnClose
-);
-
-NTKERNELAPI
-NTSTATUS
-ObReferenceObjectByName (
- IN PUNICODE_STRING ObjectName,
- IN ULONG Attributes,
- IN PACCESS_STATE PassedAccessState OPTIONAL,
- IN ACCESS_MASK DesiredAccess OPTIONAL,
- IN POBJECT_TYPE ObjectType,
- IN KPROCESSOR_MODE AccessMode,
- IN OUT PVOID ParseContext OPTIONAL,
- OUT PVOID *Object
-);
-
-#if (VER_PRODUCTBUILD >= 2600)
-
-NTKERNELAPI
-VOID
-ObReferenceSecurityDescriptor (
- IN PSECURITY_DESCRIPTOR SecurityDescriptor,
- IN ULONG Count
-);
-
-NTKERNELAPI
-NTSTATUS
-PoQueueShutdownWorkItem (
- IN PWORK_QUEUE_ITEM WorkItem
-);
-
-#endif // (VER_PRODUCTBUILD >= 2600)
-
-NTKERNELAPI
-NTSTATUS
-PsAssignImpersonationToken (
- IN PETHREAD Thread,
- IN HANDLE Token
-);
-
-NTKERNELAPI
-VOID
-PsChargePoolQuota (
- IN PEPROCESS Process,
- IN POOL_TYPE PoolType,
- IN ULONG Amount
-);
-
-#if (VER_PRODUCTBUILD >= 2600)
-
-NTKERNELAPI
-NTSTATUS
-PsChargeProcessNonPagedPoolQuota (
- IN PEPROCESS Process,
- IN ULONG_PTR Amount
-);
-
-NTKERNELAPI
-NTSTATUS
-PsChargeProcessPagedPoolQuota (
- IN PEPROCESS Process,
- IN ULONG_PTR Amount
-);
-
-NTKERNELAPI
-NTSTATUS
-PsChargeProcessPoolQuota (
- IN PEPROCESS Process,
- IN POOL_TYPE PoolType,
- IN ULONG_PTR Amount
-);
-
-#endif // (VER_PRODUCTBUILD >= 2600)
-
-#if (VER_PRODUCTBUILD >= 2600)
-
-NTKERNELAPI
-VOID
-PsDereferenceImpersonationToken (
- IN PACCESS_TOKEN ImpersonationToken
-);
-
-NTKERNELAPI
-VOID
-PsDereferencePrimaryToken (
- IN PACCESS_TOKEN PrimaryToken
-);
-
-#else
-
-#define PsDereferenceImpersonationToken(T) \
- {if (ARGUMENT_PRESENT(T)) { \
- (ObDereferenceObject((T))); \
- } else { \
- ; \
- } \
-}
-
-#define PsDereferencePrimaryToken(T) (ObDereferenceObject((T)))
-
-#endif
-
-#if (VER_PRODUCTBUILD >= 2195)
-
-NTKERNELAPI
-BOOLEAN
-PsDisableImpersonation (
- IN PETHREAD Thread,
- IN PSE_IMPERSONATION_STATE ImpersonationState
-);
-
-#endif // (VER_PRODUCTBUILD >= 2195)
-
-#if (VER_PRODUCTBUILD >= 2600)
-
-NTKERNELAPI
-ULONG
-PsGetCurrentProcessSessionId (
- VOID
-);
-
-NTKERNELAPI
-KPROCESSOR_MODE
-PsGetCurrentThreadPreviousMode (
- VOID
-);
-
-NTKERNELAPI
-PVOID
-PsGetCurrentThreadStackBase (
- VOID
-);
-
-NTKERNELAPI
-PVOID
-PsGetCurrentThreadStackLimit (
- VOID
-);
-
-#endif // (VER_PRODUCTBUILD >= 2600)
-
-NTKERNELAPI
-LARGE_INTEGER
-PsGetProcessExitTime (
- VOID
-);
-
-NTKERNELAPI
-NTSTATUS
-PsImpersonateClient (
- IN PETHREAD Thread,
- IN PACCESS_TOKEN Token,
- IN BOOLEAN CopyOnOpen,
- IN BOOLEAN EffectiveOnly,
- IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
-);
-
-#if (VER_PRODUCTBUILD >= 2600)
-
-NTKERNELAPI
-BOOLEAN
-PsIsSystemThread (
- IN PETHREAD Thread
-);
-
-#endif // (VER_PRODUCTBUILD >= 2600)
-
-NTKERNELAPI
-BOOLEAN
-PsIsThreadTerminating (
- IN PETHREAD Thread
-);
-
-//
-// PsLookupProcessByProcessId returns a referenced pointer to the process
-// that should be dereferenced after use with a call to ObDereferenceObject.
-//
-NTKERNELAPI
-NTSTATUS
-PsLookupProcessByProcessId (
- IN PVOID ProcessId,
- OUT PEPROCESS *Process
-);
-
-NTKERNELAPI
-NTSTATUS
-PsLookupProcessThreadByCid (
- IN PCLIENT_ID Cid,
- OUT PEPROCESS *Process OPTIONAL,
- OUT PETHREAD *Thread
-);
-
-NTKERNELAPI
-NTSTATUS
-PsLookupThreadByThreadId (
- IN PVOID UniqueThreadId,
- OUT PETHREAD *Thread
-);
-
-NTKERNELAPI
-PACCESS_TOKEN
-PsReferenceImpersonationToken (
- IN PETHREAD Thread,
- OUT PBOOLEAN CopyOnOpen,
- OUT PBOOLEAN EffectiveOnly,
- OUT PSECURITY_IMPERSONATION_LEVEL ImpersonationLevel
-);
-
-NTKERNELAPI
-PACCESS_TOKEN
-PsReferencePrimaryToken (
- IN PEPROCESS Process
-);
-
-#if (VER_PRODUCTBUILD >= 2195)
-
-NTKERNELAPI
-VOID
-PsRestoreImpersonation (
- IN PETHREAD Thread,
- IN PSE_IMPERSONATION_STATE ImpersonationState
-);
-
-#endif // (VER_PRODUCTBUILD >= 2195)
-
-NTKERNELAPI
-VOID
-PsReturnPoolQuota (
- IN PEPROCESS Process,
- IN POOL_TYPE PoolType,
- IN ULONG Amount
-);
-
-#if (VER_PRODUCTBUILD >= 1381)
-
-NTKERNELAPI
-VOID
-PsRevertToSelf (
- VOID
-);
-
-#endif // (VER_PRODUCTBUILD >= 1381)
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlAbsoluteToSelfRelativeSD (
- IN PSECURITY_DESCRIPTOR AbsoluteSecurityDescriptor,
- IN OUT PSECURITY_DESCRIPTOR SelfRelativeSecurityDescriptor,
- IN PULONG BufferLength
-);
-
-NTSYSAPI
-PVOID
-NTAPI
-RtlAllocateHeap (
- IN HANDLE HeapHandle,
- IN ULONG Flags,
- IN ULONG Size
-);
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlCompressBuffer (
- IN USHORT CompressionFormatAndEngine,
- IN PUCHAR UncompressedBuffer,
- IN ULONG UncompressedBufferSize,
- OUT PUCHAR CompressedBuffer,
- IN ULONG CompressedBufferSize,
- IN ULONG UncompressedChunkSize,
- OUT PULONG FinalCompressedSize,
- IN PVOID WorkSpace
-);
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlCompressChunks (
- IN PUCHAR UncompressedBuffer,
- IN ULONG UncompressedBufferSize,
- OUT PUCHAR CompressedBuffer,
- IN ULONG CompressedBufferSize,
- IN OUT PCOMPRESSED_DATA_INFO CompressedDataInfo,
- IN ULONG CompressedDataInfoLength,
- IN PVOID WorkSpace
-);
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlConvertSidToUnicodeString (
- OUT PUNICODE_STRING DestinationString,
- IN PSID Sid,
- IN BOOLEAN AllocateDestinationString
-);
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlCopySid (
- IN ULONG Length,
- IN PSID Destination,
- IN PSID Source
-);
-
-NTSYSAPI
-HANDLE
-NTAPI
-RtlCreateHeap (
- IN ULONG Flags,
- IN PVOID Base,
- IN ULONG Reserve,
- IN ULONG Commit,
- IN ULONG Lock,
- IN PVOID RtlHeapParams
-);
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlDecompressBuffer (
- IN USHORT CompressionFormat,
- OUT PUCHAR UncompressedBuffer,
- IN ULONG UncompressedBufferSize,
- IN PUCHAR CompressedBuffer,
- IN ULONG CompressedBufferSize,
- OUT PULONG FinalUncompressedSize
-);
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlDecompressChunks (
- OUT PUCHAR UncompressedBuffer,
- IN ULONG UncompressedBufferSize,
- IN PUCHAR CompressedBuffer,
- IN ULONG CompressedBufferSize,
- IN PUCHAR CompressedTail,
- IN ULONG CompressedTailSize,
- IN PCOMPRESSED_DATA_INFO CompressedDataInfo
-);
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlDecompressFragment (
- IN USHORT CompressionFormat,
- OUT PUCHAR UncompressedFragment,
- IN ULONG UncompressedFragmentSize,
- IN PUCHAR CompressedBuffer,
- IN ULONG CompressedBufferSize,
- IN ULONG FragmentOffset,
- OUT PULONG FinalUncompressedSize,
- IN PVOID WorkSpace
-);
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlDescribeChunk (
- IN USHORT CompressionFormat,
- IN OUT PUCHAR *CompressedBuffer,
- IN PUCHAR EndOfCompressedBufferPlus1,
- OUT PUCHAR *ChunkBuffer,
- OUT PULONG ChunkSize
-);
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlDestroyHeap (
- IN HANDLE HeapHandle
-);
-
-NTSYSAPI
-BOOLEAN
-NTAPI
-RtlEqualSid (
- IN PSID Sid1,
- IN PSID Sid2
-);
-
-NTSYSAPI
-VOID
-NTAPI
-RtlFillMemoryUlong (
- IN PVOID Destination,
- IN ULONG Length,
- IN ULONG Fill
-);
-
-NTSYSAPI
-BOOLEAN
-NTAPI
-RtlFreeHeap (
- IN HANDLE HeapHandle,
- IN ULONG Flags,
- IN PVOID P
-);
-
-NTSYSAPI
-VOID
-NTAPI
-RtlGenerate8dot3Name (
- IN PUNICODE_STRING Name,
- IN BOOLEAN AllowExtendedCharacters,
- IN OUT PGENERATE_NAME_CONTEXT Context,
- OUT PUNICODE_STRING Name8dot3
-);
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlGetCompressionWorkSpaceSize (
- IN USHORT CompressionFormatAndEngine,
- OUT PULONG CompressBufferWorkSpaceSize,
- OUT PULONG CompressFragmentWorkSpaceSize
-);
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlGetDaclSecurityDescriptor (
- IN PSECURITY_DESCRIPTOR SecurityDescriptor,
- OUT PBOOLEAN DaclPresent,
- OUT PACL *Dacl,
- OUT PBOOLEAN DaclDefaulted
-);
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlGetGroupSecurityDescriptor (
- IN PSECURITY_DESCRIPTOR SecurityDescriptor,
- OUT PSID *Group,
- OUT PBOOLEAN GroupDefaulted
-);
-
-#if (VER_PRODUCTBUILD >= 2195)
-
-NTSYSAPI
-ULONG
-NTAPI
-RtlGetNtGlobalFlags (
- VOID
-);
-
-#endif // (VER_PRODUCTBUILD >= 2195)
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlGetOwnerSecurityDescriptor (
- IN PSECURITY_DESCRIPTOR SecurityDescriptor,
- OUT PSID *Owner,
- OUT PBOOLEAN OwnerDefaulted
-);
-
-//
-// This function returns a PIMAGE_NT_HEADERS,
-// see the standard include file winnt.h
-//
-NTSYSAPI
-PVOID
-NTAPI
-RtlImageNtHeader (
- IN PVOID BaseAddress
-);
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlInitializeSid (
- IN OUT PSID Sid,
- IN PSID_IDENTIFIER_AUTHORITY IdentifierAuthority,
- IN UCHAR SubAuthorityCount
-);
-
-NTSYSAPI
-BOOLEAN
-NTAPI
-RtlIsNameLegalDOS8Dot3 (
- IN PUNICODE_STRING UnicodeName,
- IN PANSI_STRING AnsiName,
- PBOOLEAN Unknown
-);
-
-NTSYSAPI
-ULONG
-NTAPI
-RtlLengthRequiredSid (
- IN UCHAR SubAuthorityCount
-);
-
-NTSYSAPI
-ULONG
-NTAPI
-RtlLengthSid (
- IN PSID Sid
-);
-
-NTSYSAPI
-ULONG
-NTAPI
-RtlNtStatusToDosError (
- IN NTSTATUS Status
-);
-
-#define RtlOemStringToCountedUnicodeSize(STRING) ( \
- (ULONG)(RtlOemStringToUnicodeSize(STRING) - sizeof(UNICODE_NULL)) \
-)
-
-#define RtlOemStringToUnicodeSize(STRING) ( \
- NLS_MB_OEM_CODE_PAGE_TAG ? \
- RtlxOemStringToUnicodeSize(STRING) : \
- ((STRING)->Length + sizeof(ANSI_NULL)) * sizeof(WCHAR) \
-)
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlOemStringToUnicodeString (
- OUT PUNICODE_STRING DestinationString,
- IN POEM_STRING SourceString,
- IN BOOLEAN AllocateDestinationString
-);
-
-NTSYSAPI
-ULONG
-NTAPI
-RtlRandom (
- IN PULONG Seed
-);
-
-#if (VER_PRODUCTBUILD >= 2600)
-
-NTSYSAPI
-ULONG
-NTAPI
-RtlRandomEx (
- IN PULONG Seed
-);
-
-#endif // (VER_PRODUCTBUILD >= 2600)
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlReserveChunk (
- IN USHORT CompressionFormat,
- IN OUT PUCHAR *CompressedBuffer,
- IN PUCHAR EndOfCompressedBufferPlus1,
- OUT PUCHAR *ChunkBuffer,
- IN ULONG ChunkSize
-);
-
-NTSYSAPI
-VOID
-NTAPI
-RtlSecondsSince1970ToTime (
- IN ULONG SecondsSince1970,
- OUT PLARGE_INTEGER Time
-);
-
-NTSYSAPI
-VOID
-NTAPI
-RtlSecondsSince1980ToTime (
- IN ULONG SecondsSince1980,
- OUT PLARGE_INTEGER Time
-);
-
-#if (VER_PRODUCTBUILD >= 2195)
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlSelfRelativeToAbsoluteSD (
- IN PSECURITY_DESCRIPTOR SelfRelativeSD,
- OUT PSECURITY_DESCRIPTOR AbsoluteSD,
- IN PULONG AbsoluteSDSize,
- IN PACL Dacl,
- IN PULONG DaclSize,
- IN PACL Sacl,
- IN PULONG SaclSize,
- IN PSID Owner,
- IN PULONG OwnerSize,
- IN PSID PrimaryGroup,
- IN PULONG PrimaryGroupSize
-);
-
-#endif // (VER_PRODUCTBUILD >= 2195)
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlSetGroupSecurityDescriptor (
- IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor,
- IN PSID Group,
- IN BOOLEAN GroupDefaulted
-);
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlSetOwnerSecurityDescriptor (
- IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor,
- IN PSID Owner,
- IN BOOLEAN OwnerDefaulted
-);
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlSetSaclSecurityDescriptor (
- IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor,
- IN BOOLEAN SaclPresent,
- IN PACL Sacl,
- IN BOOLEAN SaclDefaulted
-);
-
-NTSYSAPI
-PUCHAR
-NTAPI
-RtlSubAuthorityCountSid (
- IN PSID Sid
-);
-
-NTSYSAPI
-PULONG
-NTAPI
-RtlSubAuthoritySid (
- IN PSID Sid,
- IN ULONG SubAuthority
-);
-
-NTSYSAPI
-BOOLEAN
-NTAPI
-RtlTimeToSecondsSince1970 (
- IN PLARGE_INTEGER Time,
- OUT PULONG SecondsSince1970
-);
-
-NTSYSAPI
-BOOLEAN
-NTAPI
-RtlTimeToSecondsSince1980 (
- IN PLARGE_INTEGER Time,
- OUT PULONG SecondsSince1980
-);
-
-#define RtlUnicodeStringToOemSize(STRING) ( \
- NLS_MB_OEM_CODE_PAGE_TAG ? \
- RtlxUnicodeStringToOemSize(STRING) : \
- ((STRING)->Length + sizeof(UNICODE_NULL)) / sizeof(WCHAR) \
-)
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlUnicodeStringToOemString (
- OUT POEM_STRING DestinationString,
- IN PUNICODE_STRING SourceString,
- IN BOOLEAN AllocateDestinationString
-);
-
-NTSYSAPI
-BOOLEAN
-NTAPI
-RtlValidSid (
- IN PSID Sid
-);
-
-NTSYSAPI
-ULONG
-NTAPI
-RtlxOemStringToUnicodeSize (
- IN POEM_STRING OemString
-);
-
-NTSYSAPI
-ULONG
-NTAPI
-RtlxUnicodeStringToAnsiSize (
- IN PUNICODE_STRING UnicodeString
-);
-
-NTSYSAPI
-ULONG
-NTAPI
-RtlxUnicodeStringToOemSize (
- IN PUNICODE_STRING UnicodeString
-);
-
-NTKERNELAPI
-NTSTATUS
-SeAppendPrivileges (
- PACCESS_STATE AccessState,
- PPRIVILEGE_SET Privileges
-);
-
-#if (VER_PRODUCTBUILD >= 2195)
-
-NTKERNELAPI
-VOID
-SeAuditHardLinkCreation (
- IN PUNICODE_STRING FileName,
- IN PUNICODE_STRING LinkName,
- IN BOOLEAN Success
-);
-
-#endif // (VER_PRODUCTBUILD >= 2195)
-
-NTKERNELAPI
-BOOLEAN
-SeAuditingFileEvents (
- IN BOOLEAN AccessGranted,
- IN PSECURITY_DESCRIPTOR SecurityDescriptor
-);
-
-NTKERNELAPI
-BOOLEAN
-SeAuditingFileOrGlobalEvents (
- IN BOOLEAN AccessGranted,
- IN PSECURITY_DESCRIPTOR SecurityDescriptor,
- IN PSECURITY_SUBJECT_CONTEXT SubjectContext
-);
-
-#if (VER_PRODUCTBUILD >= 2195)
-
-NTKERNELAPI
-BOOLEAN
-SeAuditingHardLinkEvents (
- IN BOOLEAN AccessGranted,
- IN PSECURITY_DESCRIPTOR SecurityDescriptor
-);
-
-#endif // (VER_PRODUCTBUILD >= 2195)
-
-NTKERNELAPI
-VOID
-SeCaptureSubjectContext (
- OUT PSECURITY_SUBJECT_CONTEXT SubjectContext
-);
-
-NTKERNELAPI
-NTSTATUS
-SeCreateAccessState (
- OUT PACCESS_STATE AccessState,
- IN PVOID AuxData,
- IN ACCESS_MASK AccessMask,
- IN PGENERIC_MAPPING Mapping
-);
-
-NTKERNELAPI
-NTSTATUS
-SeCreateClientSecurity (
- IN PETHREAD Thread,
- IN PSECURITY_QUALITY_OF_SERVICE QualityOfService,
- IN BOOLEAN RemoteClient,
- OUT PSECURITY_CLIENT_CONTEXT ClientContext
-);
-
-#if (VER_PRODUCTBUILD >= 2195)
-
-NTKERNELAPI
-NTSTATUS
-SeCreateClientSecurityFromSubjectContext (
- IN PSECURITY_SUBJECT_CONTEXT SubjectContext,
- IN PSECURITY_QUALITY_OF_SERVICE QualityOfService,
- IN BOOLEAN ServerIsRemote,
- OUT PSECURITY_CLIENT_CONTEXT ClientContext
-);
-
-#endif // (VER_PRODUCTBUILD >= 2195)
-
-NTKERNELAPI
-VOID
-SeDeleteAccessState (
- IN PACCESS_STATE AccessState
-);
-
-#define SeDeleteClientSecurity(C) { \
- if (SeTokenType((C)->ClientToken) == TokenPrimary) { \
- PsDereferencePrimaryToken( (C)->ClientToken ); \
- } else { \
- PsDereferenceImpersonationToken( (C)->ClientToken ); \
- } \
-}
-
-NTKERNELAPI
-VOID
-SeDeleteObjectAuditAlarm (
- IN PVOID Object,
- IN HANDLE Handle
-);
-
-#define SeEnableAccessToExports() SeExports = *(PSE_EXPORTS *)SeExports;
-
-#if (VER_PRODUCTBUILD >= 2600)
-
-NTKERNELAPI
-NTSTATUS
-SeFilterToken (
- IN PACCESS_TOKEN ExistingToken,
- IN ULONG Flags,
- IN PTOKEN_GROUPS SidsToDisable OPTIONAL,
- IN PTOKEN_PRIVILEGES PrivilegesToDelete OPTIONAL,
- IN PTOKEN_GROUPS RestrictedSids OPTIONAL,
- OUT PACCESS_TOKEN *FilteredToken
-);
-
-#endif // (VER_PRODUCTBUILD >= 2600)
-
-NTKERNELAPI
-VOID
-SeFreePrivileges (
- IN PPRIVILEGE_SET Privileges
-);
-
-NTKERNELAPI
-VOID
-SeImpersonateClient (
- IN PSECURITY_CLIENT_CONTEXT ClientContext,
- IN PETHREAD ServerThread OPTIONAL
-);
-
-#if (VER_PRODUCTBUILD >= 2195)
-
-NTKERNELAPI
-NTSTATUS
-SeImpersonateClientEx (
- IN PSECURITY_CLIENT_CONTEXT ClientContext,
- IN PETHREAD ServerThread OPTIONAL
-);
-
-#endif // (VER_PRODUCTBUILD >= 2195)
-
-NTKERNELAPI
-VOID
-SeLockSubjectContext (
- IN PSECURITY_SUBJECT_CONTEXT SubjectContext
-);
-
-NTKERNELAPI
-NTSTATUS
-SeMarkLogonSessionForTerminationNotification (
- IN PLUID LogonId
-);
-
-NTKERNELAPI
-VOID
-SeOpenObjectAuditAlarm (
- IN PUNICODE_STRING ObjectTypeName,
- IN PVOID Object OPTIONAL,
- IN PUNICODE_STRING AbsoluteObjectName OPTIONAL,
- IN PSECURITY_DESCRIPTOR SecurityDescriptor,
- IN PACCESS_STATE AccessState,
- IN BOOLEAN ObjectCreated,
- IN BOOLEAN AccessGranted,
- IN KPROCESSOR_MODE AccessMode,
- OUT PBOOLEAN GenerateOnClose
-);
-
-NTKERNELAPI
-VOID
-SeOpenObjectForDeleteAuditAlarm (
- IN PUNICODE_STRING ObjectTypeName,
- IN PVOID Object OPTIONAL,
- IN PUNICODE_STRING AbsoluteObjectName OPTIONAL,
- IN PSECURITY_DESCRIPTOR SecurityDescriptor,
- IN PACCESS_STATE AccessState,
- IN BOOLEAN ObjectCreated,
- IN BOOLEAN AccessGranted,
- IN KPROCESSOR_MODE AccessMode,
- OUT PBOOLEAN GenerateOnClose
-);
-
-NTKERNELAPI
-BOOLEAN
-SePrivilegeCheck (
- IN OUT PPRIVILEGE_SET RequiredPrivileges,
- IN PSECURITY_SUBJECT_CONTEXT SubjectContext,
- IN KPROCESSOR_MODE AccessMode
-);
-
-NTKERNELAPI
-NTSTATUS
-SeQueryAuthenticationIdToken (
- IN PACCESS_TOKEN Token,
- OUT PLUID LogonId
-);
-
-#if (VER_PRODUCTBUILD >= 2195)
-
-NTKERNELAPI
-NTSTATUS
-SeQueryInformationToken (
- IN PACCESS_TOKEN Token,
- IN TOKEN_INFORMATION_CLASS TokenInformationClass,
- OUT PVOID *TokenInformation
-);
-
-#endif // (VER_PRODUCTBUILD >= 2195)
-
-NTKERNELAPI
-NTSTATUS
-SeQuerySecurityDescriptorInfo (
- IN PSECURITY_INFORMATION SecurityInformation,
- OUT PSECURITY_DESCRIPTOR SecurityDescriptor,
- IN OUT PULONG Length,
- IN PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor
-);
-
-#if (VER_PRODUCTBUILD >= 2195)
-
-NTKERNELAPI
-NTSTATUS
-SeQuerySessionIdToken (
- IN PACCESS_TOKEN Token,
- IN PULONG SessionId
-);
-
-#endif // (VER_PRODUCTBUILD >= 2195)
-
-#define SeQuerySubjectContextToken( SubjectContext ) \
- ( ARGUMENT_PRESENT( \
- ((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->ClientToken \
- ) ? \
- ((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->ClientToken : \
- ((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->PrimaryToken )
-
-typedef NTSTATUS (*PSE_LOGON_SESSION_TERMINATED_ROUTINE) (
- IN PLUID LogonId
-);
-
-NTKERNELAPI
-NTSTATUS
-SeRegisterLogonSessionTerminatedRoutine (
- IN PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine
-);
-
-NTKERNELAPI
-VOID
-SeReleaseSubjectContext (
- IN PSECURITY_SUBJECT_CONTEXT SubjectContext
-);
-
-NTKERNELAPI
-VOID
-SeSetAccessStateGenericMapping (
- PACCESS_STATE AccessState,
- PGENERIC_MAPPING GenericMapping
-);
-
-NTKERNELAPI
-NTSTATUS
-SeSetSecurityDescriptorInfo (
- IN PVOID Object OPTIONAL,
- IN PSECURITY_INFORMATION SecurityInformation,
- IN PSECURITY_DESCRIPTOR SecurityDescriptor,
- IN OUT PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor,
- IN POOL_TYPE PoolType,
- IN PGENERIC_MAPPING GenericMapping
-);
-
-#if (VER_PRODUCTBUILD >= 2195)
-
-NTKERNELAPI
-NTSTATUS
-SeSetSecurityDescriptorInfoEx (
- IN PVOID Object OPTIONAL,
- IN PSECURITY_INFORMATION SecurityInformation,
- IN PSECURITY_DESCRIPTOR ModificationDescriptor,
- IN OUT PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor,
- IN ULONG AutoInheritFlags,
- IN POOL_TYPE PoolType,
- IN PGENERIC_MAPPING GenericMapping
-);
-
-NTKERNELAPI
-BOOLEAN
-SeTokenIsAdmin (
- IN PACCESS_TOKEN Token
-);
-
-NTKERNELAPI
-BOOLEAN
-SeTokenIsRestricted (
- IN PACCESS_TOKEN Token
-);
-
-#endif // (VER_PRODUCTBUILD >= 2195)
-
-NTKERNELAPI
-TOKEN_TYPE
-SeTokenType (
- IN PACCESS_TOKEN Token
-);
-
-NTKERNELAPI
-VOID
-SeUnlockSubjectContext (
- IN PSECURITY_SUBJECT_CONTEXT SubjectContext
-);
-
-NTKERNELAPI
-NTSTATUS
-SeUnregisterLogonSessionTerminatedRoutine (
- IN PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine
-);
-
-#if (VER_PRODUCTBUILD >= 2195)
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-ZwAdjustPrivilegesToken (
- IN HANDLE TokenHandle,
- IN BOOLEAN DisableAllPrivileges,
- IN PTOKEN_PRIVILEGES NewState,
- IN ULONG BufferLength,
- OUT PTOKEN_PRIVILEGES PreviousState OPTIONAL,
- OUT PULONG ReturnLength
-);
-
-#endif // (VER_PRODUCTBUILD >= 2195)
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-ZwAlertThread (
- IN HANDLE ThreadHandle
-);
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-ZwAllocateVirtualMemory (
- IN HANDLE ProcessHandle,
- IN OUT PVOID *BaseAddress,
- IN ULONG ZeroBits,
- IN OUT PSIZE_T RegionSize,
- IN ULONG AllocationType,
- IN ULONG Protect
-);
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-ZwAccessCheckAndAuditAlarm (
- IN PUNICODE_STRING SubsystemName,
- IN PVOID HandleId,
- IN PUNICODE_STRING ObjectTypeName,
- IN PUNICODE_STRING ObjectName,
- IN PSECURITY_DESCRIPTOR SecurityDescriptor,
- IN ACCESS_MASK DesiredAccess,
- IN PGENERIC_MAPPING GenericMapping,
- IN BOOLEAN ObjectCreation,
- OUT PACCESS_MASK GrantedAccess,
- OUT PBOOLEAN AccessStatus,
- OUT PBOOLEAN GenerateOnClose
-);
-
-#if (VER_PRODUCTBUILD >= 2195)
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-ZwCancelIoFile (
- IN HANDLE FileHandle,
- OUT PIO_STATUS_BLOCK IoStatusBlock
-);
-
-#endif // (VER_PRODUCTBUILD >= 2195)
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-ZwClearEvent (
- IN HANDLE EventHandle
-);
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-ZwConnectPort (
- OUT PHANDLE ClientPortHandle,
- IN PUNICODE_STRING ServerPortName,
- IN PSECURITY_QUALITY_OF_SERVICE SecurityQos,
- IN OUT PLPC_SECTION_WRITE ClientSharedMemory OPTIONAL,
- IN OUT PLPC_SECTION_READ ServerSharedMemory OPTIONAL,
- OUT PULONG MaximumMessageLength OPTIONAL,
- IN OUT PVOID ConnectionInfo OPTIONAL,
- IN OUT PULONG ConnectionInfoLength OPTIONAL
-);
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-ZwCloseObjectAuditAlarm (
- IN PUNICODE_STRING SubsystemName,
- IN PVOID HandleId,
- IN BOOLEAN GenerateOnClose
-);
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-ZwCreateEvent (
- OUT PHANDLE EventHandle,
- IN ACCESS_MASK DesiredAccess,
- IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
- IN EVENT_TYPE EventType,
- IN BOOLEAN InitialState
-);
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-ZwCreateSection (
- OUT PHANDLE SectionHandle,
- IN ACCESS_MASK DesiredAccess,
- IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
- IN PLARGE_INTEGER MaximumSize OPTIONAL,
- IN ULONG SectionPageProtection,
- IN ULONG AllocationAttributes,
- IN HANDLE FileHandle OPTIONAL
-);
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-ZwCreateSymbolicLinkObject (
- OUT PHANDLE SymbolicLinkHandle,
- IN ACCESS_MASK DesiredAccess,
- IN POBJECT_ATTRIBUTES ObjectAttributes,
- IN PUNICODE_STRING TargetName
-);
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-ZwDeleteFile (
- IN POBJECT_ATTRIBUTES ObjectAttributes
-);
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-ZwDeleteValueKey (
- IN HANDLE Handle,
- IN PUNICODE_STRING Name
-);
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-ZwDeviceIoControlFile (
- IN HANDLE FileHandle,
- IN HANDLE Event OPTIONAL,
- IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
- IN PVOID ApcContext OPTIONAL,
- OUT PIO_STATUS_BLOCK IoStatusBlock,
- IN ULONG IoControlCode,
- IN PVOID InputBuffer OPTIONAL,
- IN ULONG InputBufferLength,
- OUT PVOID OutputBuffer OPTIONAL,
- IN ULONG OutputBufferLength
-);
-
-//
-// If using ZwDisplayString during boot on Windows 2000 or later you must
-// first call InbvEnableDisplayString.
-//
-NTSYSAPI
-NTSTATUS
-NTAPI
-ZwDisplayString (
- IN PUNICODE_STRING String
-);
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-ZwDuplicateObject (
- IN HANDLE SourceProcessHandle,
- IN HANDLE SourceHandle,
- IN HANDLE TargetProcessHandle OPTIONAL,
- OUT PHANDLE TargetHandle OPTIONAL,
- IN ACCESS_MASK DesiredAccess,
- IN ULONG HandleAttributes,
- IN ULONG Options
-);
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-ZwDuplicateToken (
- IN HANDLE ExistingTokenHandle,
- IN ACCESS_MASK DesiredAccess,
- IN POBJECT_ATTRIBUTES ObjectAttributes,
- IN BOOLEAN EffectiveOnly,
- IN TOKEN_TYPE TokenType,
- OUT PHANDLE NewTokenHandle
-);
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-ZwFlushInstructionCache (
- IN HANDLE ProcessHandle,
- IN PVOID BaseAddress OPTIONAL,
- IN ULONG FlushSize
-);
-
-#if (VER_PRODUCTBUILD >= 2195)
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-ZwFlushVirtualMemory (
- IN HANDLE ProcessHandle,
- IN OUT PVOID *BaseAddress,
- IN OUT PSIZE_T RegionSize,
- OUT PIO_STATUS_BLOCK IoStatusBlock
-);
-
-#endif // (VER_PRODUCTBUILD >= 2195)
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-ZwFreeVirtualMemory (
- IN HANDLE ProcessHandle,
- IN OUT PVOID *BaseAddress,
- IN OUT PSIZE_T RegionSize,
- IN ULONG FreeType
-);
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-ZwFsControlFile (
- IN HANDLE FileHandle,
- IN HANDLE Event OPTIONAL,
- IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
- IN PVOID ApcContext OPTIONAL,
- OUT PIO_STATUS_BLOCK IoStatusBlock,
- IN ULONG FsControlCode,
- IN PVOID InputBuffer OPTIONAL,
- IN ULONG InputBufferLength,
- OUT PVOID OutputBuffer OPTIONAL,
- IN ULONG OutputBufferLength
-);
-
-#if (VER_PRODUCTBUILD >= 2195)
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-ZwInitiatePowerAction (
- IN POWER_ACTION SystemAction,
- IN SYSTEM_POWER_STATE MinSystemState,
- IN ULONG Flags,
- IN BOOLEAN Asynchronous
-);
-
-#endif // (VER_PRODUCTBUILD >= 2195)
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-ZwLoadDriver (
- // "\\Registry\\Machine\\System\\CurrentControlSet\\Services\\<DriverName>"
- IN PUNICODE_STRING RegistryPath
-);
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-ZwLoadKey (
- IN POBJECT_ATTRIBUTES KeyObjectAttributes,
- IN POBJECT_ATTRIBUTES FileObjectAttributes
-);
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-ZwNotifyChangeKey (
- IN HANDLE KeyHandle,
- IN HANDLE EventHandle OPTIONAL,
- IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
- IN PVOID ApcContext OPTIONAL,
- OUT PIO_STATUS_BLOCK IoStatusBlock,
- IN ULONG NotifyFilter,
- IN BOOLEAN WatchSubtree,
- IN PVOID Buffer,
- IN ULONG BufferLength,
- IN BOOLEAN Asynchronous
-);
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-ZwOpenDirectoryObject (
- OUT PHANDLE DirectoryHandle,
- IN ACCESS_MASK DesiredAccess,
- IN POBJECT_ATTRIBUTES ObjectAttributes
-);
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-ZwOpenEvent (
- OUT PHANDLE EventHandle,
- IN ACCESS_MASK DesiredAccess,
- IN POBJECT_ATTRIBUTES ObjectAttributes
-);
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-ZwOpenProcess (
- OUT PHANDLE ProcessHandle,
- IN ACCESS_MASK DesiredAccess,
- IN POBJECT_ATTRIBUTES ObjectAttributes,
- IN PCLIENT_ID ClientId OPTIONAL
-);
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-ZwOpenProcessToken (
- IN HANDLE ProcessHandle,
- IN ACCESS_MASK DesiredAccess,
- OUT PHANDLE TokenHandle
-);
-
-#if (VER_PRODUCTBUILD >= 2600)
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-ZwOpenProcessTokenEx (
- IN HANDLE ProcessHandle,
- IN ACCESS_MASK DesiredAccess,
- IN ULONG HandleAttributes,
- OUT PHANDLE TokenHandle
-);
-
-#endif // (VER_PRODUCTBUILD >= 2600)
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-ZwOpenThread (
- OUT PHANDLE ThreadHandle,
- IN ACCESS_MASK DesiredAccess,
- IN POBJECT_ATTRIBUTES ObjectAttributes,
- IN PCLIENT_ID ClientId
-);
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-ZwOpenThreadToken (
- IN HANDLE ThreadHandle,
- IN ACCESS_MASK DesiredAccess,
- IN BOOLEAN OpenAsSelf,
- OUT PHANDLE TokenHandle
-);
-
-#if (VER_PRODUCTBUILD >= 2600)
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-ZwOpenThreadTokenEx (
- IN HANDLE ThreadHandle,
- IN ACCESS_MASK DesiredAccess,
- IN BOOLEAN OpenAsSelf,
- IN ULONG HandleAttributes,
- OUT PHANDLE TokenHandle
-);
-
-#endif // (VER_PRODUCTBUILD >= 2600)
-
-#if (VER_PRODUCTBUILD >= 2195)
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-ZwPowerInformation (
- IN POWER_INFORMATION_LEVEL PowerInformationLevel,
- IN PVOID InputBuffer OPTIONAL,
- IN ULONG InputBufferLength,
- OUT PVOID OutputBuffer OPTIONAL,
- IN ULONG OutputBufferLength
-);
-
-#endif // (VER_PRODUCTBUILD >= 2195)
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-ZwPulseEvent (
- IN HANDLE EventHandle,
- OUT PULONG PreviousState OPTIONAL
-);
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-ZwQueryDefaultLocale (
- IN BOOLEAN ThreadOrSystem,
- OUT PLCID Locale
-);
-
-#if (VER_PRODUCTBUILD >= 2195)
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-ZwQueryDefaultUILanguage (
- OUT LANGID *LanguageId
-);
-
-#endif // (VER_PRODUCTBUILD >= 2195)
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-ZwQueryDirectoryFile (
- IN HANDLE FileHandle,
- IN HANDLE Event OPTIONAL,
- IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
- IN PVOID ApcContext OPTIONAL,
- OUT PIO_STATUS_BLOCK IoStatusBlock,
- OUT PVOID FileInformation,
- IN ULONG Length,
- IN FILE_INFORMATION_CLASS FileInformationClass,
- IN BOOLEAN ReturnSingleEntry,
- IN PUNICODE_STRING FileName OPTIONAL,
- IN BOOLEAN RestartScan
-);
-
-#if (VER_PRODUCTBUILD >= 2195)
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-ZwQueryDirectoryObject (
- IN HANDLE DirectoryHandle,
- OUT PVOID Buffer,
- IN ULONG Length,
- IN BOOLEAN ReturnSingleEntry,
- IN BOOLEAN RestartScan,
- IN OUT PULONG Context,
- OUT PULONG ReturnLength OPTIONAL
-);
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-ZwQueryEaFile (
- IN HANDLE FileHandle,
- OUT PIO_STATUS_BLOCK IoStatusBlock,
- OUT PVOID Buffer,
- IN ULONG Length,
- IN BOOLEAN ReturnSingleEntry,
- IN PVOID EaList OPTIONAL,
- IN ULONG EaListLength,
- IN PULONG EaIndex OPTIONAL,
- IN BOOLEAN RestartScan
-);
-
-#endif // (VER_PRODUCTBUILD >= 2195)
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-ZwQueryInformationProcess (
- IN HANDLE ProcessHandle,
- IN PROCESSINFOCLASS ProcessInformationClass,
- OUT PVOID ProcessInformation,
- IN ULONG ProcessInformationLength,
- OUT PULONG ReturnLength OPTIONAL
-);
-
-#if (VER_PRODUCTBUILD >= 2600)
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-ZwQueryInformationThread (
- IN HANDLE ThreadHandle,
- IN THREADINFOCLASS ThreadInformationClass,
- OUT PVOID ThreadInformation,
- IN ULONG ThreadInformationLength,
- OUT PULONG ReturnLength OPTIONAL
-);
-
-#endif // (VER_PRODUCTBUILD >= 2600)
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-ZwQueryInformationToken (
- IN HANDLE TokenHandle,
- IN TOKEN_INFORMATION_CLASS TokenInformationClass,
- OUT PVOID TokenInformation,
- IN ULONG TokenInformationLength,
- OUT PULONG ReturnLength
-);
-
-#if (VER_PRODUCTBUILD >= 2195)
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-ZwQueryInstallUILanguage (
- OUT LANGID *LanguageId
-);
-
-#endif // (VER_PRODUCTBUILD >= 2195)
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-ZwQueryObject (
- IN HANDLE ObjectHandle,
- IN OBJECT_INFO_CLASS ObjectInformationClass,
- OUT PVOID ObjectInformation,
- IN ULONG Length,
- OUT PULONG ResultLength
-);
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-ZwQuerySection (
- IN HANDLE SectionHandle,
- IN SECTION_INFORMATION_CLASS SectionInformationClass,
- OUT PVOID SectionInformation,
- IN ULONG SectionInformationLength,
- OUT PULONG ResultLength OPTIONAL
-);
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-ZwQuerySecurityObject (
- IN HANDLE FileHandle,
- IN SECURITY_INFORMATION SecurityInformation,
- OUT PSECURITY_DESCRIPTOR SecurityDescriptor,
- IN ULONG Length,
- OUT PULONG ResultLength
-);
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-ZwQuerySystemInformation (
- IN SYSTEM_INFORMATION_CLASS SystemInformationClass,
- OUT PVOID SystemInformation,
- IN ULONG Length,
- OUT PULONG ReturnLength
-);
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-ZwQueryVolumeInformationFile (
- IN HANDLE FileHandle,
- OUT PIO_STATUS_BLOCK IoStatusBlock,
- OUT PVOID FsInformation,
- IN ULONG Length,
- IN FS_INFORMATION_CLASS FsInformationClass
-);
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-ZwReplaceKey (
- IN POBJECT_ATTRIBUTES NewFileObjectAttributes,
- IN HANDLE KeyHandle,
- IN POBJECT_ATTRIBUTES OldFileObjectAttributes
-);
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-ZwRequestWaitReplyPort (
- IN HANDLE PortHandle,
- IN PLPC_MESSAGE Request,
- OUT PLPC_MESSAGE Reply
-);
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-ZwResetEvent (
- IN HANDLE EventHandle,
- OUT PULONG PreviousState OPTIONAL
-);
-
-#if (VER_PRODUCTBUILD >= 2195)
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-ZwRestoreKey (
- IN HANDLE KeyHandle,
- IN HANDLE FileHandle,
- IN ULONG Flags
-);
-
-#endif // (VER_PRODUCTBUILD >= 2195)
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-ZwSaveKey (
- IN HANDLE KeyHandle,
- IN HANDLE FileHandle
-);
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-ZwSetDefaultLocale (
- IN BOOLEAN ThreadOrSystem,
- IN LCID Locale
-);
-
-#if (VER_PRODUCTBUILD >= 2195)
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-ZwSetDefaultUILanguage (
- IN LANGID LanguageId
-);
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-ZwSetEaFile (
- IN HANDLE FileHandle,
- OUT PIO_STATUS_BLOCK IoStatusBlock,
- OUT PVOID Buffer,
- IN ULONG Length
-);
-
-#endif // (VER_PRODUCTBUILD >= 2195)
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-ZwSetEvent (
- IN HANDLE EventHandle,
- OUT PULONG PreviousState OPTIONAL
-);
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-ZwSetInformationObject (
- IN HANDLE ObjectHandle,
- IN OBJECT_INFO_CLASS ObjectInformationClass,
- IN PVOID ObjectInformation,
- IN ULONG ObjectInformationLength
-);
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-ZwSetInformationProcess (
- IN HANDLE ProcessHandle,
- IN PROCESSINFOCLASS ProcessInformationClass,
- IN PVOID ProcessInformation,
- IN ULONG ProcessInformationLength
-);
-
-#if (VER_PRODUCTBUILD >= 2195)
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-ZwSetSecurityObject (
- IN HANDLE Handle,
- IN SECURITY_INFORMATION SecurityInformation,
- IN PSECURITY_DESCRIPTOR SecurityDescriptor
-);
-
-#endif // (VER_PRODUCTBUILD >= 2195)
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-ZwSetSystemInformation (
- IN SYSTEM_INFORMATION_CLASS SystemInformationClass,
- IN PVOID SystemInformation,
- IN ULONG Length
-);
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-ZwSetSystemTime (
- IN PLARGE_INTEGER NewTime,
- OUT PLARGE_INTEGER OldTime OPTIONAL
-);
-
-#if (VER_PRODUCTBUILD >= 2195)
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-ZwSetVolumeInformationFile (
- IN HANDLE FileHandle,
- OUT PIO_STATUS_BLOCK IoStatusBlock,
- IN PVOID FsInformation,
- IN ULONG Length,
- IN FS_INFORMATION_CLASS FsInformationClass
-);
-
-#endif // (VER_PRODUCTBUILD >= 2195)
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-ZwTerminateProcess (
- IN HANDLE ProcessHandle OPTIONAL,
- IN NTSTATUS ExitStatus
-);
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-ZwUnloadDriver (
- // "\\Registry\\Machine\\System\\CurrentControlSet\\Services\\<DriverName>"
- IN PUNICODE_STRING RegistryPath
-);
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-ZwUnloadKey (
- IN POBJECT_ATTRIBUTES KeyObjectAttributes
-);
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-ZwWaitForSingleObject (
- IN HANDLE Handle,
- IN BOOLEAN Alertable,
- IN PLARGE_INTEGER Timeout OPTIONAL
-);
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-ZwWaitForMultipleObjects (
- IN ULONG HandleCount,
- IN PHANDLE Handles,
- IN WAIT_TYPE WaitType,
- IN BOOLEAN Alertable,
- IN PLARGE_INTEGER Timeout OPTIONAL
-);
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-ZwYieldExecution (
- VOID
-);
-
-//
-// Below is stuff that is included in the Windows 2000 DDK but is missing in
-// the Windows NT 4.0 DDK
-//
-
-#if (VER_PRODUCTBUILD < 2195)
-
-NTSYSAPI
-VOID
-NTAPI
-HalMakeBeep (
- IN ULONG Frequency
-);
-
-#ifndef IoCopyCurrentIrpStackLocationToNext
-#define IoCopyCurrentIrpStackLocationToNext( Irp ) { \
- PIO_STACK_LOCATION irpSp; \
- PIO_STACK_LOCATION nextIrpSp; \
- irpSp = IoGetCurrentIrpStackLocation( (Irp) ); \
- nextIrpSp = IoGetNextIrpStackLocation( (Irp) ); \
- RtlCopyMemory( \
- nextIrpSp, \
- irpSp, \
- FIELD_OFFSET(IO_STACK_LOCATION, CompletionRoutine) \
- ); \
- nextIrpSp->Control = 0; }
-#endif
-
-NTKERNELAPI
-NTSTATUS
-IoCreateFile (
- OUT PHANDLE FileHandle,
- IN ACCESS_MASK DesiredAccess,
- IN POBJECT_ATTRIBUTES ObjectAttributes,
- OUT PIO_STATUS_BLOCK IoStatusBlock,
- IN PLARGE_INTEGER AllocationSize OPTIONAL,
- IN ULONG FileAttributes,
- IN ULONG ShareAccess,
- IN ULONG CreateDisposition,
- IN ULONG CreateOptions,
- IN PVOID EaBuffer OPTIONAL,
- IN ULONG EaLength,
- IN CREATE_FILE_TYPE CreateFileType,
- IN PVOID ExtraCreateParameters,
- IN ULONG Options
-);
-
-#ifndef IoSkipCurrentIrpStackLocation
-#define IoSkipCurrentIrpStackLocation( Irp ) \
- (Irp)->CurrentLocation++; \
- (Irp)->Tail.Overlay.CurrentStackLocation++;
-#endif
-
-NTSYSAPI
-VOID
-NTAPI
-ProbeForWrite (
- IN PVOID Address,
- IN ULONG Length,
- IN ULONG Alignment
-);
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-ZwOpenFile (
- OUT PHANDLE FileHandle,
- IN ACCESS_MASK DesiredAccess,
- IN POBJECT_ATTRIBUTES ObjectAttributes,
- OUT PIO_STATUS_BLOCK IoStatusBlock,
- IN ULONG ShareAccess,
- IN ULONG OpenOptions
-);
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-ZwOpenSymbolicLinkObject (
- OUT PHANDLE SymbolicLinkHandle,
- IN ACCESS_MASK DesiredAccess,
- IN POBJECT_ATTRIBUTES ObjectAttributes
-);
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-ZwQuerySymbolicLinkObject (
- IN HANDLE LinkHandle,
- IN OUT PUNICODE_STRING LinkTarget,
- OUT PULONG ReturnedLength OPTIONAL
-);
-
-#endif // (VER_PRODUCTBUILD < 2195)
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif // _NTIFS_
projects / reactos.git / commitdiff