From be0e0e64a7b513f6e0796905ad2fff9241afffba Mon Sep 17 00:00:00 2001 From: Pierre Schweitzer Date: Fri, 27 May 2016 20:35:44 +0000 Subject: [PATCH] [REISERFS] r71430, repetita svn path=/trunk/; revision=71432 --- .../filesystems/reiserfs/inc/gplntifs.h | 9491 ----------------- 1 file changed, 9491 deletions(-) delete mode 100644 reactos/drivers/filesystems/reiserfs/inc/gplntifs.h diff --git a/reactos/drivers/filesystems/reiserfs/inc/gplntifs.h b/reactos/drivers/filesystems/reiserfs/inc/gplntifs.h deleted file mode 100644 index d4d9f3a6938..00000000000 --- a/reactos/drivers/filesystems/reiserfs/inc/gplntifs.h +++ /dev/null @@ -1,9491 +0,0 @@ -/* - This is a free version of the file ntifs.h, release 58. - The purpose of this include file is to build file system and - file system filter drivers for Windows. - Copyright (C) 1999-2015 Bo Brantén. - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - - The GNU General Public License is also available from: - http://www.gnu.org/copyleft/gpl.html - - Windows and Windows NT are either registered trademarks or trademarks of - Microsoft Corporation in the United States and/or other countries. - - DISCLAIMER: I do not encourage anyone to use this include file to build - drivers used in production. Some of the information in this file may not - be available in other publications intended for similar use. Some of the - information in this file may have different names than in other - publications even though they describe the same thing. - - NOTE: This file should be used with the Microsoft® Windows® Driver - Development Kit (DDK) while the file wdkundoc.h is a subset of this - file that should be used with the Microsoft Windows Driver Kit (WDK). - - Please send comments, corrections and contributions to bosse@acc.umu.se. - - The most recent version of this file is available from: - http://www.acc.umu.se/~bosse/ntifs.h - - The most recent version of the file wdkundoc.h is available from: - http://www.acc.umu.se/~bosse/wdkundoc.h - - Thanks to: - Andrey Shedel, Luigi Mori, Louis Joubert, Itai Shaham, David Welch, - Emanuele Aliberti, Anton Altaparmakov, Dan Partelly, Mamaich, Yossi - Yaffe, Gunnar André Dalsnes, Vadim V Vorobev, Ashot Oganesyan K, - Oleg Nikityenko, Matt Wu, Tomas Olsson, Raaf, Anthony Choi, Alexey - Logachyov, Marc-Antoine Ruel, Vyacheslav I. Levtchenko, Yuri Polyakov, - Bruno Milot, Alex Vlasov, Dan Fulger, Petr Semerad, Sobame La Garompa, - Jérôme Hodé and Darja Isaksson. - - Revision history: - - 58. 2015-06-11 - Added: - Externals: - PsInitialSystemProcess - HalPrivateDispatchTable - KeLoaderBlock - KeI386MachineType - KiBugCheckData - InitSafeBootMode - KiEnableTimerWatchdog - KdComPortInUse - KdEnteredDebugger - MmBadPointer - NlsLeadByteInfo - NlsOemLeadByteInfo - NlsMbCodePageTag - NlsMbOemCodePageTag - NlsAnsiCodePage - NlsOemCodePage - IoStatisticsLock - IoReadOperationCount - IoWriteOperationCount - IoReadTransferCount - IoWriteTransferCount - KeDcacheFlushCount - KeIcacheFlushCount - CcFastMdlReadWait - CcFastReadNotPossible - CcFastReadWait - IoAdapterObjectType - IoDeviceObjectType - MmSectionObjectType - PsProcessType - PsThreadType - ExDesktopObjectType - ExWindowStationObjectType - IoDeviceHandlerObjectType - LpcPortObjectType - PsJobType - SeTokenObjectType - TmEnlistmentObjectType - TmResourceManagerObjectType - TmTransactionManagerObjectType - TmTransactionObjectType - CmKeyObjectType - IoDeviceHandlerObjectSize - POGOBuffer - psMUITest - PsUILanguageComitted - - 57. 2015-03-23 - Corrected: - ObGetObjectPointerCount - Added: - Function prototypes: - FsRtlTeardownPerFileContexts - FsRtlTeardownPerStreamContexts - - 56. 2008-07-31 - Corrected: - FSCTL_SET_SPARSE - FSRTL_COMMON_FCB_HEADER - Added: - Defines: - FSRTL_XXX - IO_REPARSE_TAG_XXX - Data types: - FSRTL_ADVANCED_FCB_HEADER - Function prototypes: - FsRtlSetupAdvancedHeader - - 55. 2006-05-15 - Corrected: - TOKEN_OBJECT - Added: - Data types: - SEP_AUDIT_POLICY_VISTA - SID_AND_ATTRIBUTES_HASH - - 54. 2006-05-14 - Corrected: - EXTENDED_IO_STACK_LOCATION - - 53. 2005-11-06 - Added: - Function prototypes: - RtlRandom - RtlRandomEx - RtlSecondsSince1980ToTime - RtlTimeToSecondsSince1980 - - 52. 2005-11-05 - Corrected: - OBJECT_NAME - TOKEN_OBJECT - - 51. 2005-10-16 - Corrected: - ETHREAD - GDI_TEB_BATCH - MMADDRESS_NODE - TEB - - 50. 2005-10-15 - Added: - Data types: - READ_LIST - Function prototypes: - IoAttachDeviceToDeviceStackSafe - IoCheckQuerySetFileInformation - IoCheckQuerySetVolumeInformation - IoCreateFileSpecifyDeviceObjectHint - IoCreateStreamFileObjectEx - IoEnumerateDeviceObjectList - IoGetDeviceAttachmentBaseRef - IoGetDiskDeviceObject - IoGetLowerDeviceObject - IoIsFileOriginRemote - IoQueryFileDosDeviceName - IoQueueThreadIrp - IoSetFileOrigin - KeAcquireQueuedSpinLock - KeInitializeMutant - KeReadStateMutant - KeReleaseMutant - KeReleaseQueuedSpinLock - KeSetIdealProcessorThread - KeSetKernelStackSwapEnable - KeTryToAcquireQueuedSpinLock - MmPrefetchPages - ObDereferenceSecurityDescriptor - ObLogSecurityDescriptor - ObReferenceSecurityDescriptor - PoQueueShutdownWorkItem - RtlxUnicodeStringToAnsiSize - SeAuditHardLinkCreation - SeAuditingHardLinkEvents - SeFilterToken - - 49. 2005-10-09 - Corrected: - EPROCESS - KTHREAD - MMSUPPORT_FLAGS - MMSUPPORT - OBJECT_HEADER - OBJECT_TYPE_INITIALIZER - OBJECT_TYPE - TEB - KeInsertQueueApc - Added: - Defines: - OB_FLAG_XXX - OB_SECURITY_CHARGE - Data types: - ACTIVATION_CONTEXT_STACK - GDI_TEB_BATCH - HANDLE_INFO - KGUARDED_MUTEX - MMADDRESS_NODE - MM_AVL_TABLE - OBJECT_CREATE_INFORMATION - OBJECT_CREATOR_INFO - OBJECT_DIRECTORY - OBJECT_DIRECTORY_ITEM - OBJECT_HANDLE_DB - OBJECT_HANDLE_DB_LIST - OBJECT_HEADER_FLAGS - OBJECT_NAME - OBJECT_QUOTA_CHARGES - OBJECT_QUOTA_INFO - QUOTA_BLOCK - RTL_ACTIVATION_CONTEXT_STACK_FRAME - TEB_ACTIVE_FRAME - TEB_ACTIVE_FRAME_CONTEXT - Wx86ThreadState - Function prototypes: - FsRtlAcquireFileExclusive - FsRtlBalanceReads - FsRtlDissectDbcs - FsRtlDoesDbcsContainWildCards - FsRtlIsDbcsInExpression - FsRtlIsFatDbcsLegal - FsRtlIsHpfsDbcsLegal - FsRtlIsPagingFile - FsRtlIsTotalDeviceFailure - FsRtlMdlReadDev - FsRtlPostPagingFileStackOverflow - FsRtlPostStackOverflow - FsRtlPrepareMdlWriteDev - FsRtlReleaseFile - - 48. 2005-04-16 - Added: - Data types: - THREAD_BASIC_INFORMATION - Function prototypes: - ZwQueryInformationThread - - 47. 2005-03-08 - Corrected: - SYSTEM_PROCESSES_INFORMATION - TOKEN_OBJECT - KeInsertQueueApc - - 46. 2004-06-08 - Added: - Data types: - TOKEN_OBJECT - - 45. 2004-06-06 - Corrected: - SERVICE_DESCRIPTOR_TABLE - Added: - Defines: - TOKEN_SESSION_NOT_REFERENCED - TOKEN_SANDBOX_INERT - TOKEN_HAS_IMPERSONATE_PRIVILEGE - Function prototypes: - FsRtlDissectName - RtlOemStringToCountedUnicodeSize - RtlOemStringToUnicodeSize - RtlOemStringToUnicodeString - RtlUnicodeStringToOemSize - RtlUnicodeStringToOemString - RtlxOemStringToUnicodeSize - RtlxUnicodeStringToOemSize - - 44. 2003-05-06 - Added: - Function prototypes: - InbvAcquireDisplayOwnership - InbvCheckDisplayOwnership - InbvDisplayString - InbvEnableBootDriver - InbvEnableDisplayString - InbvInstallDisplayStringFilter - InbvIsBootDriverInstalled - InbvNotifyDisplayOwnershipLost - InbvResetDisplay - InbvSetScrollRegion - InbvSetTextColor - InbvSolidColorFill - - 43. 2003-04-07 - Added: - Data types: - MCB - Function prototypes: - FsRtlAddMcbEntry - FsRtlInitializeMcb - FsRtlLookupLastMcbEntry - FsRtlLookupMcbEntry - FsRtlNotifyFilterChangeDirectory - FsRtlNotifyFilterReportChange - FsRtlNumberOfRunsInMcb - FsRtlRemoveMcbEntry - FsRtlTruncateMcb - FsRtlUninitializeMcb - - 42. 2003-03-30 - Corrected: - SYSTEM_CACHE_INFORMATION - SYSTEM_INFORMATION_CLASS - Added: - Data types: - SYSTEM_XXX_INFORMATION - THREAD_STATE - - 41. 2003-01-03 - Corrected: - CcMapData - PsDereferenceImpersonationToken - PsDereferencePrimaryToken - PsGetProcessExitTime - PsReferencePrimaryToken - Added: - Defines: - MAP_XXX - Function prototypes: - CcMdlWriteAbort - PsAssignImpersonationToken - PsChargeProcessNonPagedPoolQuota - PsChargeProcessPagedPoolQuota - PsChargeProcessPoolQuota - PsDisableImpersonation - PsImpersonateClient - PsIsSystemThread - PsRestoreImpersonation - SeDeleteAccessState - ZwOpenProcessTokenEx - ZwOpenThreadTokenEx - - 40. 2002-10-02 - Corrected: - HANDLE_TABLE_ENTRY - Added: - Defines: - FSRTL_FLAG_ADVANCED_HEADER - FSRTL_FLAG2_SUPPORTS_FILTER_CONTEXTS - FSRTL_FLAG2_PURGE_WHEN_MAPPED - Data types: - FILE_ID_BOTH_DIR_INFORMATION - FILE_ID_FULL_DIR_INFORMATION - - 39. 2002-08-04 - Added: - Data types: - LARGE_MCB - Function prototypes: - FsRtlAddLargeMcbEntry - FsRtlGetNextLargeMcbEntry - FsRtlInitializeLargeMcb - FsRtlLookupLargeMcbEntry - FsRtlLookupLastLargeMcbEntry - FsRtlLookupLastLargeMcbEntryAndIndex - FsRtlNumberOfRunsInLargeMcb - FsRtlRemoveLargeMcbEntry - FsRtlResetLargeMcb - FsRtlSplitLargeMcb - FsRtlTruncateLargeMcb - FsRtlUninitializeLargeMcb - - 38. 2002-06-30 - Added: - Defines: - FILE_READ_ONLY_VOLUME - Function prototypes: - FsRtlAllocateResource - FsRtlIncrementCcFastReadNotPossible - FsRtlIncrementCcFastReadNoWait - FsRtlIncrementCcFastReadResourceMiss - FsRtlIncrementCcFastReadWait - KeIsAttachedProcess - KeIsExecutingDpc - KeRevertToUserAffinityThread - KeUpdateSystemTime - PsGetCurrentProcessSessionId - PsGetCurrentThreadPreviousMode - PsGetCurrentThreadStackBase - PsGetCurrentThreadStackLimit - RtlGetNtGlobalFlags - - 37. 2002-05-18 - Uppdated for Windows XP: - EPROCESS - ETHREAD - KPROCESS - KTHREAD - MMSUPPORT_FLAGS - MMSUPPORT - PRIVATE_CACHE_MAP_FLAGS - PRIVATE_CACHE_MAP - SHARED_CACHE_MAP - Corrected: - VACB - Added: - Data types: - EPROCESS_QUOTA_ENTRY - EPROCESS_QUOTA_BLOCK - EX_FAST_REF - EX_PUSH_LOCK - EX_RUNDOWN_REF - PAGEFAULT_HISTORY - SE_AUDIT_PROCESS_CREATION_INFO - SECTION_OBJECT - TERMINATION_PORT - - 36. 2002-05-14 - Corrected: - FILE_FS_FULL_SIZE_INFORMATION - - 35. 2002-03-23 - Added: - Defines: - COMPRESSION_XXX - Data types: - COMPRESSED_DATA_INFO - OBJECT_HEADER - VAD_HEADER - Function prototypes: - CcWaitForCurrentLazyWriterActivity - FsRtlCheckOplock - FsRtlCurrentBatchOplock - FsRtlDeregisterUncProvider - FsRtlInitializeOplock - FsRtlOplockFsctrl - FsRtlOplockIsFastIoPossible - FsRtlRegisterUncProvider - FsRtlUninitializeOplock - RtlCompressBuffer - RtlCompressChunks - RtlDecompressBuffer - RtlDecompressChunks - RtlDecompressFragment - RtlDescribeChunk - RtlGetCompressionWorkSpaceSize - RtlReserveChunk - - 34. 2002-02-14 - Corrected: - HARDWARE_PTE - Changed the use of _WIN32_WINNT to VER_PRODUCTBUILD since _WIN32_WINNT - is incorrectly defined in the Windows 2000 build environment included - in the Windows XP DDK. - - 33. 2002-01-20 - Added: - Function prototypes: - PsDereferenceImpersonationToken - PsDereferencePrimaryToken - - 32. 2002-01-18 - Corrected: - ObReferenceObjectByName - FILE_FS_OBJECT_ID_INFORMATION - FILE_OBJECTID_INFORMATION - Added: - Externals: - IoDriverObjectType - SeExports - Defines: - FILE_ACTION_XXX - FSCTL_XXX - IO_FILE_OBJECT_XXX - IRP_BEING_VERIFIED - TOKEN_XXX - Data types: - DEVICE_MAP - FILE_TRACKING_INFORMATION - SE_EXPORTS - Function prototypes: - SeEnableAccessToExports - - 31. 2001-12-23 - Corrected: - QueryQuota in EXTENDED_IO_STACK_LOCATION - FILE_LOCK - CcPinMappedData - CcPinRead - CcPreparePinWrite - FsRtlFastUnlockAll - FsRtlFastUnlockAllByKey - FsRtlFastUnlockSingle - FsRtlInitializeFileLock - FsRtlPrivateLock - FsRtlProcessFileLock - MmForceSectionClosed - MmIsRecursiveIoFault - SeImpersonateClient - SeImpersonateClientEx - Added: - Defines: - More FSRTL_FLAG_XXX - PIN_XXX - VACB_XXX - Data types: - REPARSE_DATA_BUFFER - Function prototypes: - CcCopyWriteWontFlush - CcGetFileSizePointer - CcGetFlushedValidData - CcIsFileCached - CcRemapBcb - ExDisableResourceBoostLite - ExQueryPoolBlockSize - FsRtlAllocateFileLock - FsRtlAreThereCurrentFileLocks - FsRtlFastLock - FsRtlFreeFileLock - IoCheckDesiredAccess - IoCheckEaBufferValidity - IoCheckFunctionAccess - IoCheckQuotaBufferValidity - IoCreateStreamFileObjectLite - IoFastQueryNetworkAttributes - IoGetRequestorProcessId - IoIsFileOpenedExclusively - IoIsSystemThread - IoIsValidNameGraftingBuffer - IoSynchronousPageWrite - IoThreadToProcess - KeInitializeQueue - KeInsertHeadQueue - KeInsertQueue - KeReadStateQueue - KeRemoveQueue - KeRundownQueue - MmSetAddressRangeModified - ObGetObjectPointerCount - ObMakeTemporaryObject - ObQueryObjectAuditingByHandle - PsChargePoolQuota - PsReturnPoolQuota - SeAppendPrivileges - SeAuditingFileEvents - SeAuditingFileOrGlobalEvents - SeCreateClientSecurity - SeCreateClientSecurityFromSubjectContext - SeDeleteClientSecurity - SeDeleteObjectAuditAlarm - SeFreePrivileges - SeLockSubjectContext - SeOpenObjectAuditAlarm - SeOpenObjectForDeleteAuditAlarm - SePrivilegeCheck - SeQueryAuthenticationIdToken - SeQuerySecurityDescriptorInfo - SeQuerySessionIdToken - SeSetAccessStateGenericMapping - SeSetSecurityDescriptorInfo - SeSetSecurityDescriptorInfoEx - SeTokenIsAdmin - SeTokenIsRestricted - SeTokenType - SeUnlockSubjectContext - - 30. 2001-10-24 - Corrected: - KINTERRUPT - OBJECT_TYPE - Added: - Defines: - More FSCTL_XXX - Data types: - BITMAP_RANGE - CreateMailslot in EXTENDED_IO_STACK_LOCATION - CreatePipe in EXTENDED_IO_STACK_LOCATION - QueryQuota in EXTENDED_IO_STACK_LOCATION - MAILSLOT_CREATE_PARAMETERS - MBCB - NAMED_PIPE_CREATE_PARAMETERS - PRIVATE_CACHE_MAP_FLAGS - PRIVATE_CACHE_MAP - SECURITY_CLIENT_CONTEXT - SHARED_CACHE_MAP - VACB - Function prototypes: - HalQueryRealTimeClock - HalSetRealTimeClock - PsGetProcessExitTime - PsIsThreadTerminating - PsLookupProcessThreadByCid - PsLookupThreadByThreadId - SeQueryAuthenticationIdToken - Externals: - KeServiceDescriptorTable - SePublicDefaultDacl - SeSystemDefaultDacl - - 29. 2001-10-06 - Added: - Defines: - FSRTL_VOLUME_XXX - Function prototypes: - FsRtlNotifyChangeDirectory - FsRtlNotifyReportChange - FsRtlNotifyVolumeEvent - - 28. 2001-09-16 - Added: - Function prototypes: - FsRtlNotifyInitializeSync - FsRtlNotifyUninitializeSync - SeImpersonateClientEx - SeReleaseSubjectContext - - 27. 2001-08-25 - Corrected: - KPROCESS - FILE_LOCK_ANCHOR - FsRtlNormalizeNtstatus - RtlSecondsSince1970ToTime - RtlTimeToSecondsSince1970 - SeQueryInformationToken - Added: - Defines: - FS_LFN_APIS - Data types: - FILE_LOCK_ENTRY - FILE_SHARED_LOCK_ENTRY - FILE_EXCLUSIVE_LOCK_ENTRY - Function prototypes: - FsRtlCheckLockForReadAccess - FsRtlCheckLockForWriteAccess - FsRtlFastUnlockAll - FsRtlFastUnlockAllByKey - FsRtlFastUnlockSingle - FsRtlGetFileSize - FsRtlGetNextFileLock - FsRtlInitializeFileLock - FsRtlPrivateLock - FsRtlProcessFileLock - FsRtlUninitializeFileLock - IoUnregisterFsRegistrationChange - PsLookupProcessByProcessId - SeQuerySubjectContextToken - - 26. 2001-04-28 - Added: - Defines: - FSCTL_XXX - Data types: - RTL_SPLAY_LINKS - TUNNEL - Function prototypes: - FsRtlAddToTunnelCache - FsRtlDeleteKeyFromTunnelCache - FsRtlDeleteTunnelCache - FsRtlFindInTunnelCache - FsRtlInitializeTunnelCache - IoSetDeviceToVerify - KeInitializeApc - KeInsertQueueApc - SeQueryInformationToken - - 25. 2001-04-05 - Corrected: - RtlImageNtHeader - LPC_XXX - OBJECT_BASIC_INFO - Added: - Defines: - SID_REVISION - Data types: - DIRECTORY_BASIC_INFORMATION - KINTERRUPT - OBJECT_HANDLE_ATTRIBUTE_INFO - PROCESS_PRIORITY_CLASS - SECTION_BASIC_INFORMATION - SECTION_IMAGE_INFORMATION - SECTION_INFORMATION_CLASS - Function prototypes: - RtlSecondsSince1970ToTime - RtlTimeToSecondsSince1970 - ZwAdjustPrivilegesToken - ZwAlertThread - ZwAccessCheckAndAuditAlarm - ZwClearEvent - ZwCloseObjectAuditAlarm - ZwCreateSection - ZwCreateSymbolicLinkObject - ZwDuplicateToken - ZwFlushInstructionCache - ZwFlushVirtualMemory - ZwInitiatePowerAction - ZwLoadKey - ZwNotifyChangeKey - ZwOpenThread - ZwPowerInformation - ZwPulseEvent - ZwQueryDefaultLocale - ZwQueryDefaultUILanguage - ZwQueryInformationProcess - ZwQueryInstallUILanguage - ZwQuerySection - ZwReplaceKey - ZwResetEvent - ZwRestoreKey - ZwSaveKey - ZwSetDefaultLocale - ZwSetDefaultUILanguage - ZwSetEvent - ZwSetInformationObject - ZwSetInformationProcess - ZwSetSecurityObject - ZwSetSystemTime - ZwTerminateProcess - ZwUnloadKey - ZwWaitForSingleObject - ZwWaitForMultipleObjects - ZwYieldExecution - Removed functions that is not exported in kernel mode: - CcZeroEndOfLastPage - RtlAllocateAndInitializeSid - ZwAcceptConnectPort - ZwCompleteConnectPort - ZwCreatePort - ZwCreateProcess - ZwCreateThread - ZwFlushBuffersFile - ZwGetContextThread - ZwImpersonateClientOfPort - ZwListenPort - ZwLockFile - ZwNotifyChangeDirectoryFile - ZwQueryInformationPort - ZwReadRequestData - ZwReplyPort - ZwReplyWaitReceivePort - ZwReplyWaitReplyPort - ZwRequestPort - ZwUnlockFile - ZwWriteRequestData - - 24. 2001-03-08 - Corrected: - EPROCESS - ETHREAD - FAST_IO_POSSIBLE - QueryEa in EXTENDED_IO_STACK_LOCATION - Added: - Defines: - Some more flags for FileSystemAttributes - Data types: - EXCEPTION_REGISTRATION_RECORD - FILE_FS_FULL_SIZE_INFORMATION - FILE_FS_OBJECT_ID_INFORMATION - HANDLE_TABLE_ENTRY - IO_CLIENT_EXTENSION - PS_IMPERSONATION_INFORMATION - SetEa and SetQuota in EXTENDED_IO_STACK_LOCATION - Function prototypes: - IoPageRead - KeStackAttachProcess - KeUnstackDetachProcess - MmMapViewOfSection - RtlSelfRelativeToAbsoluteSD - SeCreateAccessState - - 23. 2001-01-29 - Corrected: - FSCTL_GET_VOLUME_INFORMATION - FSCTL_READ_MFT_RECORD - HARDWARE_PTE - EPROCESS - ETHREAD - KAPC_STATE - KPROCESS - KTHREAD - MMSUPPORT - Added: - Data types: - KGDTENTRY - KIDTENTRY - MMSUPPORT_FLAGS - - 22. 2000-12-23 - Corrected: - EPROCESS - KPROCESS - Added: - Data types: - HARDWARE_PTE - MMSUPPORT - - 21. 2000-12-12 - Added: - Defines: - IO_TYPE_XXX - OB_TYPE_XXX - THREAD_STATE_XXX - Data types: - EPROCESS - ETHREAD - KAPC_STATE - KEVENT_PAIR - KPROCESS - KTHREAD - KQUEUE - SERVICE_DESCRIPTOR_TABLE - TEB - - 20. 2000-12-03 - Added: - Data types: - OBJECT_TYPE - Function prototypes: - ObCreateObject - ObInsertObject - ObReferenceObjectByName - - 19. 2000-11-25 - Removed a name from credits since the person want to be anonymous. - - 18. 2000-10-13 - Corrected: - PsReferenceImpersonationToken - Added: - Defines: - FILE_PIPE_XXX - LPC_XXX - MAILSLOT_XXX - PORT_XXX - FSCTL_GET_VOLUME_INFORMATION - FSCTL_READ_MFT_RECORD - FSCTL_MAILSLOT_PEEK - FSCTL_PIPE_XXX - Data types: - PORT_INFORMATION_CLASS - BITMAP_DESCRIPTOR - FILE_MAILSLOT_XXX - FILE_PIPE_XXX - MAPPING_PAIR - GET_RETRIEVAL_DESCRIPTOR - LPC_XXX - MOVEFILE_DESCRIPTOR - Function prototypes: - InitializeMessageHeader - MmForceSectionClosed - ZwAcceptConnectPort - ZwCompleteConnectPort - ZwConnectPort - ZwCreateEvent - ZwCreatePort - ZwImpersonateClientOfPort - ZwListenPort - ZwQueryInformationPort - ZwReadRequestData - ZwReplyPort - ZwReplyWaitReceivePort - ZwReplyWaitReplyPort - ZwRequestPort - ZwRequestWaitReplyPort - ZwWriteRequestData - - 17. 2000-05-21 - Added: - Function prototypes: - PsRevertToSelf - SeCreateClientSecurity - SeImpersonateClient - ZwDuplicateObject - - 16. 2000-03-28 - Added: - Defines: - FILE_STORAGE_TYPE_XXX - FILE_VC_XXX - IO_CHECK_CREATE_PARAMETERS - IO_ATTACH_DEVICE - IO_ATTACH_DEVICE_API - IO_COMPLETION_XXX - Data types: - IO_COMPLETION_INFORMATION_CLASS - OBJECT_INFO_CLASS - SYSTEM_INFORMATION_CLASS - FILE_LOCK_ANCHOR - IO_COMPLETION_BASIC_INFORMATION - OBJECT_BASIC_INFO - OBJECT_NAME_INFO - OBJECT_PROTECTION_INFO - OBJECT_TYPE_INFO - OBJECT_ALL_TYPES_INFO - SYSTEM_CACHE_INFORMATION - Function prototypes: - FsRtlAllocatePool - FsRtlAllocatePoolWithQuota - FsRtlAllocatePoolWithQuotaTag - FsRtlAllocatePoolWithTag - FsRtlAreNamesEqual - FsRtlFastCheckLockForRead - FsRtlFastCheckLockForWrite - FsRtlMdlReadComplete - FsRtlMdlWriteComplete - FsRtlNormalizeNtstatus - RtlAllocateHeap - RtlCreateHeap - RtlDestroyHeap - RtlFreeHeap - RtlImageNtHeader - ZwQueryObject - ZwQuerySystemInformation - ZwSetSystemInformation - - 15. 2000-03-15 - Corrected: - Renamed IoQueryFileVolumeInformation to IoQueryVolumeInformation - Comment on: - CcZeroEndOfLastPage - - 14. 2000-03-12 - Corrected: - IoCreateFile - Added: - #if (_WIN32_WINNT < 0x0500)/#endif around stuff that is included in - the Windows 2000 DDK but is missing in the Windows NT 4.0 DDK. - ZwOpenEvent - - 13. 2000-02-08 - Corrected: - PsReferenceImpersonationToken - Comment on: - RtlAllocateAndInitializeSid - - 12. 1999-10-18 - Corrected: - FILE_COMPRESSION_INFORMATION - Added: - Defines: - ACCESS_ALLOWED_ACE_TYPE - ACCESS_DENIED_ACE_TYPE - SYSTEM_AUDIT_ACE_TYPE - SYSTEM_ALARM_ACE_TYPE - ANSI_DOS_STAR/QM/DOT - DOS_STAR/QM/DOT - FILE_EA_TYPE_XXX - FILE_NEED_EA - FILE_OPBATCH_BREAK_UNDERWAY - SECURITY_WORLD_SID_AUTHORITY - SECURITY_WORLD_RID - Data types: - POBJECT - FILE_STORAGE_TYPE - FILE_COMPLETION_INFORMATION - FILE_COPY_ON_WRITE_INFORMATION - FILE_FS_CONTROL_INFORMATION - FILE_GET_EA_INFORMATION - FILE_GET_QUOTA_INFORMATION - FILE_OBJECTID_INFORMATION - FILE_OLE_CLASSID_INFORMATION - FILE_OLE_ALL_INFORMATION - FILE_OLE_DIR_INFORMATION - FILE_OLE_INFORMATION - FILE_OLE_STATE_BITS_INFORMATION - FILE_QUOTA_INFORMATION - Function prototypes: - HalDisplayString - HalMakeBeep - IoGetRequestorProcess - ObQueryNameString - ProbeForWrite - RtlAbsoluteToSelfRelativeSD - RtlGetDaclSecurityDescriptor - RtlGetGroupSecurityDescriptor - RtlGetOwnerSecurityDescriptor - RtlInitializeSid - RtlSetGroupSecurityDescriptor - RtlSetOwnerSecurityDescriptor - RtlSetSaclSecurityDescriptor - ZwDeleteValueKey - ZwDisplayString - ZwQueryDirectoryObject - - 11. 1999-10-13 - Corrected: - ZwOpenProcessToken - ZwOpenThreadToken - Added: - Function prototypes: - RtlAllocateAndInitializeSid - RtlCopySid - RtlEqualSid - RtlFillMemoryUlong - RtlIsNameLegalDOS8Dot3 - RtlLengthRequiredSid - RtlLengthSid - RtlNtStatusToDosError - RtlSubAuthorityCountSid - RtlSubAuthoritySid - RtlValidSid - - 10. 1999-07-15 - Corrected: - RtlConvertSidToUnicodeString - Added: - Externals: - FsRtlLegalAnsiCharacterArray - NtBuildNumber - Defines: - FSRTL_WILD_CHARACTER - FlagOn - FsRtlIsUnicodeCharacterWild - Structures: - FILE_ACCESS_INFORMATION - FILE_MODE_INFORMATION - GENERATE_NAME_CONTEXT - Function prototypes: - FsRtlDoesNameContainWildCards - FsRtlIsNameInExpression - IoSetInformation - RtlGenerate8dot3Name - ZwQuerySecurityObject - - 9. 1999-07-12 - Corrected: - EXTENDED_IO_STACK_LOCATION - QueryDirectory in EXTENDED_IO_STACK_LOCATION - ZwCreateThread - Added: - Structures: - INITIAL_TEB - Function prototypes: - ZwQuerySymbolicLinkObject - - 8. 1999-06-07 - Corrected: - ZwOpenProcessToken - ZwOpenThreadToken - Added: - Defines: - FILE_OPLOCK_BROKEN_TO_LEVEL_2 - FILE_OPLOCK_BROKEN_TO_NONE - FILE_CASE_SENSITIVE_SEARCH - FILE_CASE_PRESERVED_NAMES - FILE_UNICODE_ON_DISK - FILE_PERSISTENT_ACLS - FILE_FILE_COMPRESSION - FILE_VOLUME_IS_COMPRESSED - FSRTL_FLAG_ACQUIRE_MAIN_RSRC_EX - FSRTL_FLAG_ACQUIRE_MAIN_RSRC_SH - IOCTL_REDIR_QUERY_PATH - Structures: - FILE_FS_LABEL_INFORMATION - PATHNAME_BUFFER - In IO_STACK_LOCATION: - FileSystemControl - LockControl - SetVolume - Function prototypes: - FsRtlCopyRead - FsRtlCopyWrite - IoVerifyVolume - - 7. 1999-06-05 - Added: - defines for TOKEN_XXX - SID_NAME_USE - TOKEN_INFORMATION_CLASS - TOKEN_TYPE - FILE_FS_ATTRIBUTE_INFORMATION - FILE_FS_SIZE_INFORMATION - SID_IDENTIFIER_AUTHORITY - SID - SID_AND_ATTRIBUTES - TOKEN_CONTROL - TOKEN_DEFAULT_DACL - TOKEN_GROUPS - TOKEN_OWNER - TOKEN_PRIMARY_GROUP - TOKEN_PRIVILEGES - TOKEN_SOURCE - TOKEN_STATISTICS - TOKEN_USER - IoCreateFile - IoGetAttachedDevice - IoGetBaseFileSystemDeviceObject - PsReferenceImpersonationToken - PsReferencePrimaryToken - RtlConvertSidToUnicodeString - SeCaptureSubjectContext - SeMarkLogonSessionForTerminationNotification - SeRegisterLogonSessionTerminatedRoutine - SeUnregisterLogonSessionTerminatedRoutine - ZwOpenProcessToken - ZwOpenThreadToken - ZwQueryInformationToken - - 6. 1999-05-10 - Corrected declarations of Zw functions. - Added: - ZwCancelIoFile - ZwDeleteFile - ZwFlushBuffersFile - ZwFsControlFile - ZwLockFile - ZwNotifyChangeDirectoryFile - ZwOpenFile - ZwQueryEaFile - ZwSetEaFile - ZwSetVolumeInformationFile - ZwUnlockFile - - 5. 1999-05-09 - Added: - defines for FILE_ACTION_XXX and FILE_NOTIFY_XXX - FILE_FS_VOLUME_INFORMATION - RETRIEVAL_POINTERS_BUFFER - STARTING_VCN_INPUT_BUFFER - FsRtlNotifyFullReportChange - - 4. 1999-04-11 - Corrected: - ZwCreateThread - Added: - define _GNU_NTIFS_ - - 3. 1999-03-30 - Added: - defines for MAP_XXX, MEM_XXX and SEC_XXX - FILE_BOTH_DIR_INFORMATION - FILE_DIRECTORY_INFORMATION - FILE_FULL_DIR_INFORMATION - FILE_NAMES_INFORMATION - FILE_NOTIFY_INFORMATION - FsRtlNotifyCleanup - KeAttachProcess - KeDetachProcess - MmCreateSection - ZwCreateProcess - ZwCreateThread - ZwDeviceIoControlFile - ZwGetContextThread - ZwLoadDriver - ZwOpenDirectoryObject - ZwOpenProcess - ZwOpenSymbolicLinkObject - ZwQueryDirectoryFile - ZwUnloadDriver - - 2. 1999-03-15 - Added: - FILE_COMPRESSION_INFORMATION - FILE_STREAM_INFORMATION - FILE_LINK_INFORMATION - FILE_RENAME_INFORMATION - EXTENDED_IO_STACK_LOCATION - IoQueryFileInformation - IoQueryFileVolumeInformation - ZwQueryVolumeInformationFile - Moved include of ntddk.h to inside extern "C" block. - - 1. 1999-03-11 - Initial release. -*/ - -#ifndef _NTIFS_ -#define _NTIFS_ -#define _GNU_NTIFS_ - -#ifdef __cplusplus -extern "C" { -#endif - -#include -#include - -// Available in Windows NT 3.1 and later versions. -// Documented in the WDK. -extern PEPROCESS PsInitialSystemProcess; - -// Available in Windows NT 3.5 and later versions. -typedef struct _HAL_PRIVATE_DISPATCH *PHAL_PRIVATE_DISPATCH; -extern PHAL_PRIVATE_DISPATCH HalPrivateDispatchTable; - -// Available in Windows NT 3.5 and later versions. -typedef struct _LOADER_PARAMETER_BLOCK *PLOADER_PARAMETER_BLOCK; -extern PLOADER_PARAMETER_BLOCK KeLoaderBlock; - -// Available in Windows NT 3.5 and later versions. -typedef struct _SERVICE_DESCRIPTOR_TABLE *PSERVICE_DESCRIPTOR_TABLE; -extern PSERVICE_DESCRIPTOR_TABLE KeServiceDescriptorTable; - -// Available in Windows NT 3.5 and later versions. -extern PSHORT NtBuildNumber; -extern PULONG KeI386MachineType; - -// Available in Windows NT 4.0 and later versions. -extern ULONG KiBugCheckData[5]; - -// Available in Windows 2000 and later versions. -extern PULONG InitSafeBootMode; - -// Available from Windows 2000 untill Windows Server 2003. -extern PULONG KiEnableTimerWatchdog; - -// Available in Windows NT 3.5 and later versions. -// -// Set by the kernel debugger on the target system to the address of the -// serial port used to communicate with the host. -// -extern PUCHAR *KdComPortInUse; - -// Available in Windows 2000 and later versions. -extern PULONG KdEnteredDebugger; - -// Available in Windows Vista and later versions. -// Documented in the WDK. -extern PVOID MmBadPointer; - -// Available in Windows NT 3.5 and later versions. -// Documented in the WDK. -extern PUCHAR *FsRtlLegalAnsiCharacterArray; - -// Available in Windows NT 3.5 and later versions. -extern PUSHORT *NlsLeadByteInfo; -extern PUSHORT *NlsOemLeadByteInfo; -extern PBOOLEAN NlsMbCodePageTag; -extern PBOOLEAN NlsMbOemCodePageTag; - -// Available in Windows NT 4.0 and later versions. -extern PUSHORT NlsAnsiCodePage; - -// Available in Windows 2000 and later versions. -extern PUSHORT NlsOemCodePage; - -// Available in Windows NT 3.5 and later versions. -// SeExports is documented in the WDK. -typedef struct _SE_EXPORTS *PSE_EXPORTS; -extern PSE_EXPORTS SeExports; -extern PACL SePublicDefaultDacl; -extern PACL SeSystemDefaultDacl; - -// Available in Windows NT 3.5 and later versions. -// Documented in the WDK. -extern KSPIN_LOCK IoStatisticsLock; -extern ULONG IoReadOperationCount; -extern ULONG IoWriteOperationCount; -extern LARGE_INTEGER IoReadTransferCount; -extern LARGE_INTEGER IoWriteTransferCount; - -// Available from Windows NT 3.5 untill Windows XP. -extern ULONG KeDcacheFlushCount; -extern ULONG KeIcacheFlushCount; - -// Available in Windows NT 4.0 and later versions. -// Documented in the WDK. -extern ULONG CcFastMdlReadWait; -// Available from Windows NT 4.0 untill Windows Server 2003. -extern ULONG CcFastReadNotPossible; -extern ULONG CcFastReadWait; - -// The ExEventObjectType, ExSemaphoreObjectType and IoFileObjectType is -// documented in the DDK and the WDK. -// -// The CmKeyObjectType, SeTokenObjectType, PsProcessType, PsThreadType, -// TmEnlistmentObjectType, TmResourceManagerObjectType, -// TmTransactionManagerObjectType and TmTransactionObjectType -// is documented in the WDK. -// -// Available in Windows NT 3.5 and later versions. -extern POBJECT_TYPE *IoAdapterObjectType; -extern POBJECT_TYPE *IoDeviceObjectType; -extern POBJECT_TYPE *IoDriverObjectType; -extern POBJECT_TYPE *MmSectionObjectType; -extern POBJECT_TYPE *PsProcessType; -extern POBJECT_TYPE *PsThreadType; -// Available in Windows NT 4.0 and later versions. -extern POBJECT_TYPE *ExDesktopObjectType; -extern POBJECT_TYPE *ExWindowStationObjectType; -extern POBJECT_TYPE *IoDeviceHandlerObjectType; -// Available in Windows 2000 and later versions. -extern POBJECT_TYPE *LpcPortObjectType; -extern POBJECT_TYPE *PsJobType; -// Available in Windows XP and later versions. -extern POBJECT_TYPE *SeTokenObjectType; -// Available in Windows Vista and later versions. -extern POBJECT_TYPE *TmEnlistmentObjectType; -extern POBJECT_TYPE *TmResourceManagerObjectType; -extern POBJECT_TYPE *TmTransactionManagerObjectType; -extern POBJECT_TYPE *TmTransactionObjectType; -// Available in Windows 7 and later versions. -extern POBJECT_TYPE *CmKeyObjectType; - -// Available in Windows NT 4.0 and later versions. -extern PULONG IoDeviceHandlerObjectSize; - -// Available in Windows Vista and later versions. -extern PVOID POGOBuffer; -extern PVOID psMUITest; -extern PVOID PsUILanguageComitted; - -#define ACCESS_ALLOWED_ACE_TYPE (0x0) -#define ACCESS_DENIED_ACE_TYPE (0x1) -#define SYSTEM_AUDIT_ACE_TYPE (0x2) -#define SYSTEM_ALARM_ACE_TYPE (0x3) - -#define ANSI_DOS_STAR ('<') -#define ANSI_DOS_QM ('>') -#define ANSI_DOS_DOT ('"') - -#define DOS_STAR (L'<') -#define DOS_QM (L'>') -#define DOS_DOT (L'"') - -#define COMPRESSION_FORMAT_NONE (0x0000) -#define COMPRESSION_FORMAT_DEFAULT (0x0001) -#define COMPRESSION_FORMAT_LZNT1 (0x0002) -#define COMPRESSION_ENGINE_STANDARD (0x0000) -#define COMPRESSION_ENGINE_MAXIMUM (0x0100) -#define COMPRESSION_ENGINE_HIBER (0x0200) - -#define FILE_ACTION_ADDED 0x00000001 -#define FILE_ACTION_REMOVED 0x00000002 -#define FILE_ACTION_MODIFIED 0x00000003 -#define FILE_ACTION_RENAMED_OLD_NAME 0x00000004 -#define FILE_ACTION_RENAMED_NEW_NAME 0x00000005 -#define FILE_ACTION_ADDED_STREAM 0x00000006 -#define FILE_ACTION_REMOVED_STREAM 0x00000007 -#define FILE_ACTION_MODIFIED_STREAM 0x00000008 -#define FILE_ACTION_REMOVED_BY_DELETE 0x00000009 -#define FILE_ACTION_ID_NOT_TUNNELLED 0x0000000A -#define FILE_ACTION_TUNNELLED_ID_COLLISION 0x0000000B - -#define FILE_EA_TYPE_BINARY 0xfffe -#define FILE_EA_TYPE_ASCII 0xfffd -#define FILE_EA_TYPE_BITMAP 0xfffb -#define FILE_EA_TYPE_METAFILE 0xfffa -#define FILE_EA_TYPE_ICON 0xfff9 -#define FILE_EA_TYPE_EA 0xffee -#define FILE_EA_TYPE_MVMT 0xffdf -#define FILE_EA_TYPE_MVST 0xffde -#define FILE_EA_TYPE_ASN1 0xffdd -#define FILE_EA_TYPE_FAMILY_IDS 0xff01 - -#define FILE_NEED_EA 0x00000080 - -#define FILE_NOTIFY_CHANGE_FILE_NAME 0x00000001 -#define FILE_NOTIFY_CHANGE_DIR_NAME 0x00000002 -#define FILE_NOTIFY_CHANGE_NAME 0x00000003 -#define FILE_NOTIFY_CHANGE_ATTRIBUTES 0x00000004 -#define FILE_NOTIFY_CHANGE_SIZE 0x00000008 -#define FILE_NOTIFY_CHANGE_LAST_WRITE 0x00000010 -#define FILE_NOTIFY_CHANGE_LAST_ACCESS 0x00000020 -#define FILE_NOTIFY_CHANGE_CREATION 0x00000040 -#define FILE_NOTIFY_CHANGE_EA 0x00000080 -#define FILE_NOTIFY_CHANGE_SECURITY 0x00000100 -#define FILE_NOTIFY_CHANGE_STREAM_NAME 0x00000200 -#define FILE_NOTIFY_CHANGE_STREAM_SIZE 0x00000400 -#define FILE_NOTIFY_CHANGE_STREAM_WRITE 0x00000800 -#define FILE_NOTIFY_VALID_MASK 0x00000fff - -#define FILE_OPLOCK_BROKEN_TO_LEVEL_2 0x00000007 -#define FILE_OPLOCK_BROKEN_TO_NONE 0x00000008 - -#define FILE_OPBATCH_BREAK_UNDERWAY 0x00000009 - -#define FILE_CASE_SENSITIVE_SEARCH 0x00000001 -#define FILE_CASE_PRESERVED_NAMES 0x00000002 -#define FILE_UNICODE_ON_DISK 0x00000004 -#define FILE_PERSISTENT_ACLS 0x00000008 -#define FILE_FILE_COMPRESSION 0x00000010 -#define FILE_VOLUME_QUOTAS 0x00000020 -#define FILE_SUPPORTS_SPARSE_FILES 0x00000040 -#define FILE_SUPPORTS_REPARSE_POINTS 0x00000080 -#define FILE_SUPPORTS_REMOTE_STORAGE 0x00000100 -#define FS_LFN_APIS 0x00004000 -#define FILE_VOLUME_IS_COMPRESSED 0x00008000 -#define FILE_SUPPORTS_OBJECT_IDS 0x00010000 -#define FILE_SUPPORTS_ENCRYPTION 0x00020000 -#define FILE_NAMED_STREAMS 0x00040000 -#define FILE_READ_ONLY_VOLUME 0x00080000 - -#define FILE_PIPE_BYTE_STREAM_TYPE 0x00000000 -#define FILE_PIPE_MESSAGE_TYPE 0x00000001 - -#define FILE_PIPE_BYTE_STREAM_MODE 0x00000000 -#define FILE_PIPE_MESSAGE_MODE 0x00000001 - -#define FILE_PIPE_QUEUE_OPERATION 0x00000000 -#define FILE_PIPE_COMPLETE_OPERATION 0x00000001 - -#define FILE_PIPE_INBOUND 0x00000000 -#define FILE_PIPE_OUTBOUND 0x00000001 -#define FILE_PIPE_FULL_DUPLEX 0x00000002 - -#define FILE_PIPE_DISCONNECTED_STATE 0x00000001 -#define FILE_PIPE_LISTENING_STATE 0x00000002 -#define FILE_PIPE_CONNECTED_STATE 0x00000003 -#define FILE_PIPE_CLOSING_STATE 0x00000004 - -#define FILE_PIPE_CLIENT_END 0x00000000 -#define FILE_PIPE_SERVER_END 0x00000001 - -#define FILE_PIPE_READ_DATA 0x00000000 -#define FILE_PIPE_WRITE_SPACE 0x00000001 - -#define FILE_STORAGE_TYPE_SPECIFIED 0x00000041 // FILE_DIRECTORY_FILE | FILE_NON_DIRECTORY_FILE -#define FILE_STORAGE_TYPE_DEFAULT (StorageTypeDefault << FILE_STORAGE_TYPE_SHIFT) -#define FILE_STORAGE_TYPE_DIRECTORY (StorageTypeDirectory << FILE_STORAGE_TYPE_SHIFT) -#define FILE_STORAGE_TYPE_FILE (StorageTypeFile << FILE_STORAGE_TYPE_SHIFT) -#define FILE_STORAGE_TYPE_DOCFILE (StorageTypeDocfile << FILE_STORAGE_TYPE_SHIFT) -#define FILE_STORAGE_TYPE_JUNCTION_POINT (StorageTypeJunctionPoint << FILE_STORAGE_TYPE_SHIFT) -#define FILE_STORAGE_TYPE_CATALOG (StorageTypeCatalog << FILE_STORAGE_TYPE_SHIFT) -#define FILE_STORAGE_TYPE_STRUCTURED_STORAGE (StorageTypeStructuredStorage << FILE_STORAGE_TYPE_SHIFT) -#define FILE_STORAGE_TYPE_EMBEDDING (StorageTypeEmbedding << FILE_STORAGE_TYPE_SHIFT) -#define FILE_STORAGE_TYPE_STREAM (StorageTypeStream << FILE_STORAGE_TYPE_SHIFT) -#define FILE_MINIMUM_STORAGE_TYPE FILE_STORAGE_TYPE_DEFAULT -#define FILE_MAXIMUM_STORAGE_TYPE FILE_STORAGE_TYPE_STREAM -#define FILE_STORAGE_TYPE_MASK 0x000f0000 -#define FILE_STORAGE_TYPE_SHIFT 16 - -#define FILE_VC_QUOTA_NONE 0x00000000 -#define FILE_VC_QUOTA_TRACK 0x00000001 -#define FILE_VC_QUOTA_ENFORCE 0x00000002 -#define FILE_VC_QUOTA_MASK 0x00000003 - -#define FILE_VC_QUOTAS_LOG_VIOLATIONS 0x00000004 -#define FILE_VC_CONTENT_INDEX_DISABLED 0x00000008 - -#define FILE_VC_LOG_QUOTA_THRESHOLD 0x00000010 -#define FILE_VC_LOG_QUOTA_LIMIT 0x00000020 -#define FILE_VC_LOG_VOLUME_THRESHOLD 0x00000040 -#define FILE_VC_LOG_VOLUME_LIMIT 0x00000080 - -#define FILE_VC_QUOTAS_INCOMPLETE 0x00000100 -#define FILE_VC_QUOTAS_REBUILDING 0x00000200 - -#define FILE_VC_VALID_MASK 0x000003ff - -#define FSRTL_FCB_HEADER_V0 (0x00) -#define FSRTL_FCB_HEADER_V1 (0x01) - -#define FSRTL_FLAG_FILE_MODIFIED (0x01) -#define FSRTL_FLAG_FILE_LENGTH_CHANGED (0x02) -#define FSRTL_FLAG_LIMIT_MODIFIED_PAGES (0x04) -#define FSRTL_FLAG_ACQUIRE_MAIN_RSRC_EX (0x08) -#define FSRTL_FLAG_ACQUIRE_MAIN_RSRC_SH (0x10) -#define FSRTL_FLAG_USER_MAPPED_FILE (0x20) -#define FSRTL_FLAG_ADVANCED_HEADER (0x40) -#define FSRTL_FLAG_EOF_ADVANCE_ACTIVE (0x80) - -#define FSRTL_FLAG2_DO_MODIFIED_WRITE (0x01) -#define FSRTL_FLAG2_SUPPORTS_FILTER_CONTEXTS (0x02) -#define FSRTL_FLAG2_PURGE_WHEN_MAPPED (0x04) -#define FSRTL_FLAG2_IS_PAGING_FILE (0x08) - -#define FSRTL_FSP_TOP_LEVEL_IRP (0x01) -#define FSRTL_CACHE_TOP_LEVEL_IRP (0x02) -#define FSRTL_MOD_WRITE_TOP_LEVEL_IRP (0x03) -#define FSRTL_FAST_IO_TOP_LEVEL_IRP (0x04) -#define FSRTL_MAX_TOP_LEVEL_IRP_FLAG (0x04) - -#define FSRTL_VOLUME_DISMOUNT 1 -#define FSRTL_VOLUME_DISMOUNT_FAILED 2 -#define FSRTL_VOLUME_LOCK 3 -#define FSRTL_VOLUME_LOCK_FAILED 4 -#define FSRTL_VOLUME_UNLOCK 5 -#define FSRTL_VOLUME_MOUNT 6 - -#define FSRTL_WILD_CHARACTER 0x08 - -#ifdef _X86_ -#define HARDWARE_PTE HARDWARE_PTE_X86 -#define PHARDWARE_PTE PHARDWARE_PTE_X86 -#else -#define HARDWARE_PTE ULONG -#define PHARDWARE_PTE PULONG -#endif - -#define IO_CHECK_CREATE_PARAMETERS 0x0200 -#define IO_ATTACH_DEVICE 0x0400 - -#define IO_ATTACH_DEVICE_API 0x80000000 - -#define IO_COMPLETION_QUERY_STATE 0x0001 -#define IO_COMPLETION_MODIFY_STATE 0x0002 -#define IO_COMPLETION_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED|SYNCHRONIZE|0x3) - -#define IO_FILE_OBJECT_NON_PAGED_POOL_CHARGE 64 -#define IO_FILE_OBJECT_PAGED_POOL_CHARGE 1024 - -#define IO_REPARSE_TAG_RESERVED_ZERO (0) -#define IO_REPARSE_TAG_RESERVED_ONE (1) - -#define IO_TYPE_APC 18 -#define IO_TYPE_DPC 19 -#define IO_TYPE_DEVICE_QUEUE 20 -#define IO_TYPE_EVENT_PAIR 21 -#define IO_TYPE_INTERRUPT 22 -#define IO_TYPE_PROFILE 23 - -#define IRP_BEING_VERIFIED 0x10 - -#define MAILSLOT_CLASS_FIRSTCLASS 1 -#define MAILSLOT_CLASS_SECONDCLASS 2 - -#define MAILSLOT_SIZE_AUTO 0 - -#define MAP_PROCESS 1L -#define MAP_SYSTEM 2L - -#define MEM_DOS_LIM 0x40000000 -#define MEM_IMAGE SEC_IMAGE - -#define OB_FLAG_CREATE_INFO 0x01 /* Object header has OBJECT_CREATE_INFO */ -#define OB_FLAG_KERNEL_MODE 0x02 /* Created by kernel */ -#define OB_FLAG_CREATOR_INFO 0x04 /* Object header has OBJECT_CREATOR_INFO */ -#define OB_FLAG_EXCLUSIVE 0x08 /* OBJ_EXCLUSIVE */ -#define OB_FLAG_PERMAMENT 0x10 /* OBJ_PERMAMENT */ -#define OB_FLAG_SECURITY 0x20 /* Object header has SecurityDescriptor != NULL */ -#define OB_FLAG_SINGLE_PROCESS 0x40 /* absent HandleDBList */ - -#define OB_SECURITY_CHARGE 0x00000800 - -#define OB_TYPE_TYPE 1 -#define OB_TYPE_DIRECTORY 2 -#define OB_TYPE_SYMBOLIC_LINK 3 -#define OB_TYPE_TOKEN 4 -#define OB_TYPE_PROCESS 5 -#define OB_TYPE_THREAD 6 -#define OB_TYPE_EVENT 7 -#define OB_TYPE_EVENT_PAIR 8 -#define OB_TYPE_MUTANT 9 -#define OB_TYPE_SEMAPHORE 10 -#define OB_TYPE_TIMER 11 -#define OB_TYPE_PROFILE 12 -#define OB_TYPE_WINDOW_STATION 13 -#define OB_TYPE_DESKTOP 14 -#define OB_TYPE_SECTION 15 -#define OB_TYPE_KEY 16 -#define OB_TYPE_PORT 17 -#define OB_TYPE_ADAPTER 18 -#define OB_TYPE_CONTROLLER 19 -#define OB_TYPE_DEVICE 20 -#define OB_TYPE_DRIVER 21 -#define OB_TYPE_IO_COMPLETION 22 -#define OB_TYPE_FILE 23 - -#define PIN_WAIT (1) -#define PIN_EXCLUSIVE (2) -#define PIN_NO_READ (4) -#define PIN_IF_BCB (8) - -#define MAP_WAIT (1) -#define MAP_NO_READ (16) - -#define PORT_CONNECT 0x0001 -#define PORT_ALL_ACCESS (STANDARD_RIGHTS_ALL |\ - PORT_CONNECT) - -#define SEC_BASED 0x00200000 -#define SEC_NO_CHANGE 0x00400000 -#define SEC_FILE 0x00800000 -#define SEC_IMAGE 0x01000000 -#define SEC_COMMIT 0x08000000 -#define SEC_NOCACHE 0x10000000 - -#define SECURITY_WORLD_SID_AUTHORITY {0,0,0,0,0,1} -#define SECURITY_WORLD_RID (0x00000000L) - -#define SID_REVISION 1 - -#define THREAD_STATE_INITIALIZED 0 -#define THREAD_STATE_READY 1 -#define THREAD_STATE_RUNNING 2 -#define THREAD_STATE_STANDBY 3 -#define THREAD_STATE_TERMINATED 4 -#define THREAD_STATE_WAIT 5 -#define THREAD_STATE_TRANSITION 6 -#define THREAD_STATE_UNKNOWN 7 - -#define TOKEN_ASSIGN_PRIMARY (0x0001) -#define TOKEN_DUPLICATE (0x0002) -#define TOKEN_IMPERSONATE (0x0004) -#define TOKEN_QUERY (0x0008) -#define TOKEN_QUERY_SOURCE (0x0010) -#define TOKEN_ADJUST_PRIVILEGES (0x0020) -#define TOKEN_ADJUST_GROUPS (0x0040) -#define TOKEN_ADJUST_DEFAULT (0x0080) - -#define TOKEN_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED |\ - TOKEN_ASSIGN_PRIMARY |\ - TOKEN_DUPLICATE |\ - TOKEN_IMPERSONATE |\ - TOKEN_QUERY |\ - TOKEN_QUERY_SOURCE |\ - TOKEN_ADJUST_PRIVILEGES |\ - TOKEN_ADJUST_GROUPS |\ - TOKEN_ADJUST_DEFAULT) - -#define TOKEN_READ (STANDARD_RIGHTS_READ |\ - TOKEN_QUERY) - -#define TOKEN_WRITE (STANDARD_RIGHTS_WRITE |\ - TOKEN_ADJUST_PRIVILEGES |\ - TOKEN_ADJUST_GROUPS |\ - TOKEN_ADJUST_DEFAULT) - -#define TOKEN_EXECUTE (STANDARD_RIGHTS_EXECUTE) - -#define TOKEN_SOURCE_LENGTH 8 - -#define TOKEN_HAS_TRAVERSE_PRIVILEGE 0x01 -#define TOKEN_HAS_BACKUP_PRIVILEGE 0x02 -#define TOKEN_HAS_RESTORE_PRIVILEGE 0x04 -#define TOKEN_HAS_ADMIN_GROUP 0x08 -#define TOKEN_IS_RESTRICTED 0x10 -#define TOKEN_SESSION_NOT_REFERENCED 0x20 -#define TOKEN_SANDBOX_INERT 0x40 -#define TOKEN_HAS_IMPERSONATE_PRIVILEGE 0x80 - -#define VACB_MAPPING_GRANULARITY (0x40000) -#define VACB_OFFSET_SHIFT (18) - -#define FSCTL_REQUEST_OPLOCK_LEVEL_1 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 0, METHOD_BUFFERED, FILE_ANY_ACCESS) -#define FSCTL_REQUEST_OPLOCK_LEVEL_2 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 1, METHOD_BUFFERED, FILE_ANY_ACCESS) -#define FSCTL_REQUEST_BATCH_OPLOCK CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 2, METHOD_BUFFERED, FILE_ANY_ACCESS) -#define FSCTL_OPLOCK_BREAK_ACKNOWLEDGE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 3, METHOD_BUFFERED, FILE_ANY_ACCESS) -#define FSCTL_OPBATCH_ACK_CLOSE_PENDING CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 4, METHOD_BUFFERED, FILE_ANY_ACCESS) -#define FSCTL_OPLOCK_BREAK_NOTIFY CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 5, METHOD_BUFFERED, FILE_ANY_ACCESS) -#define FSCTL_LOCK_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 6, METHOD_BUFFERED, FILE_ANY_ACCESS) -#define FSCTL_UNLOCK_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 7, METHOD_BUFFERED, FILE_ANY_ACCESS) -#define FSCTL_DISMOUNT_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 8, METHOD_BUFFERED, FILE_ANY_ACCESS) - -#define FSCTL_IS_VOLUME_MOUNTED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 10, METHOD_BUFFERED, FILE_ANY_ACCESS) -#define FSCTL_IS_PATHNAME_VALID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 11, METHOD_BUFFERED, FILE_ANY_ACCESS) -#define FSCTL_MARK_VOLUME_DIRTY CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 12, METHOD_BUFFERED, FILE_ANY_ACCESS) - -#define FSCTL_QUERY_RETRIEVAL_POINTERS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 14, METHOD_NEITHER, FILE_ANY_ACCESS) -#define FSCTL_GET_COMPRESSION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 15, METHOD_BUFFERED, FILE_ANY_ACCESS) -#define FSCTL_SET_COMPRESSION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 16, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA) - - -#define FSCTL_MARK_AS_SYSTEM_HIVE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 19, METHOD_NEITHER, FILE_ANY_ACCESS) -#define FSCTL_OPLOCK_BREAK_ACK_NO_2 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 20, METHOD_BUFFERED, FILE_ANY_ACCESS) -#define FSCTL_INVALIDATE_VOLUMES CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 21, METHOD_BUFFERED, FILE_ANY_ACCESS) -#define FSCTL_QUERY_FAT_BPB CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 22, METHOD_BUFFERED, FILE_ANY_ACCESS) -#define FSCTL_REQUEST_FILTER_OPLOCK CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 23, METHOD_BUFFERED, FILE_ANY_ACCESS) -#define FSCTL_FILESYSTEM_GET_STATISTICS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 24, METHOD_BUFFERED, FILE_ANY_ACCESS) - -#if (VER_PRODUCTBUILD >= 1381) - -#define FSCTL_GET_NTFS_VOLUME_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 25, METHOD_BUFFERED, FILE_ANY_ACCESS) -#define FSCTL_GET_NTFS_FILE_RECORD CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 26, METHOD_BUFFERED, FILE_ANY_ACCESS) -#define FSCTL_GET_VOLUME_BITMAP CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 27, METHOD_NEITHER, FILE_ANY_ACCESS) -#define FSCTL_GET_RETRIEVAL_POINTERS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 28, METHOD_NEITHER, FILE_ANY_ACCESS) -#define FSCTL_MOVE_FILE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 29, METHOD_BUFFERED, FILE_ANY_ACCESS) -#define FSCTL_IS_VOLUME_DIRTY CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 30, METHOD_BUFFERED, FILE_ANY_ACCESS) -#define FSCTL_GET_HFS_INFORMATION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 31, METHOD_BUFFERED, FILE_ANY_ACCESS) -#define FSCTL_ALLOW_EXTENDED_DASD_IO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 32, METHOD_NEITHER, FILE_ANY_ACCESS) - -#endif // (VER_PRODUCTBUILD >= 1381) - -#if (VER_PRODUCTBUILD >= 2195) - -#define FSCTL_READ_PROPERTY_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 33, METHOD_NEITHER, FILE_ANY_ACCESS) -#define FSCTL_WRITE_PROPERTY_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 34, METHOD_NEITHER, FILE_ANY_ACCESS) -#define FSCTL_FIND_FILES_BY_SID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 35, METHOD_NEITHER, FILE_ANY_ACCESS) - -#define FSCTL_DUMP_PROPERTY_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 37, METHOD_NEITHER, FILE_ANY_ACCESS) -#define FSCTL_SET_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 38, METHOD_BUFFERED, FILE_WRITE_DATA) -#define FSCTL_GET_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 39, METHOD_BUFFERED, FILE_ANY_ACCESS) -#define FSCTL_DELETE_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 40, METHOD_BUFFERED, FILE_WRITE_DATA) -#define FSCTL_SET_REPARSE_POINT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 41, METHOD_BUFFERED, FILE_WRITE_DATA) -#define FSCTL_GET_REPARSE_POINT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 42, METHOD_BUFFERED, FILE_ANY_ACCESS) -#define FSCTL_DELETE_REPARSE_POINT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 43, METHOD_BUFFERED, FILE_WRITE_DATA) -#define FSCTL_ENUM_USN_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 44, METHOD_NEITHER, FILE_READ_DATA) -#define FSCTL_SECURITY_ID_CHECK CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 45, METHOD_NEITHER, FILE_READ_DATA) -#define FSCTL_READ_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 46, METHOD_NEITHER, FILE_READ_DATA) -#define FSCTL_SET_OBJECT_ID_EXTENDED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 47, METHOD_BUFFERED, FILE_WRITE_DATA) -#define FSCTL_CREATE_OR_GET_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 48, METHOD_BUFFERED, FILE_ANY_ACCESS) -#define FSCTL_SET_SPARSE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 49, METHOD_BUFFERED, FILE_SPECIAL_ACCESS) -#define FSCTL_SET_ZERO_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 50, METHOD_BUFFERED, FILE_WRITE_DATA) -#define FSCTL_QUERY_ALLOCATED_RANGES CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 51, METHOD_NEITHER, FILE_READ_DATA) -#define FSCTL_ENABLE_UPGRADE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 52, METHOD_BUFFERED, FILE_WRITE_DATA) -#define FSCTL_SET_ENCRYPTION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 53, METHOD_BUFFERED, FILE_ANY_ACCESS) -#define FSCTL_ENCRYPTION_FSCTL_IO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 54, METHOD_NEITHER, FILE_ANY_ACCESS) -#define FSCTL_WRITE_RAW_ENCRYPTED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 55, METHOD_NEITHER, FILE_ANY_ACCESS) -#define FSCTL_READ_RAW_ENCRYPTED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 56, METHOD_NEITHER, FILE_ANY_ACCESS) -#define FSCTL_CREATE_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 57, METHOD_NEITHER, FILE_READ_DATA) -#define FSCTL_READ_FILE_USN_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 58, METHOD_NEITHER, FILE_READ_DATA) -#define FSCTL_WRITE_USN_CLOSE_RECORD CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 59, METHOD_NEITHER, FILE_READ_DATA) -#define FSCTL_EXTEND_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 60, METHOD_BUFFERED, FILE_ANY_ACCESS) -#define FSCTL_QUERY_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 61, METHOD_BUFFERED, FILE_ANY_ACCESS) -#define FSCTL_DELETE_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 62, METHOD_BUFFERED, FILE_ANY_ACCESS) -#define FSCTL_MARK_HANDLE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 63, METHOD_BUFFERED, FILE_ANY_ACCESS) -#define FSCTL_SIS_COPYFILE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 64, METHOD_BUFFERED, FILE_ANY_ACCESS) -#define FSCTL_SIS_LINK_FILES CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 65, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA) -#define FSCTL_HSM_MSG CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 66, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA) -#define FSCTL_NSS_CONTROL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 67, METHOD_BUFFERED, FILE_WRITE_DATA) -#define FSCTL_HSM_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 68, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA) -#define FSCTL_RECALL_FILE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 69, METHOD_NEITHER, FILE_ANY_ACCESS) -#define FSCTL_NSS_RCONTROL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 70, METHOD_BUFFERED, FILE_READ_DATA) -#define FSCTL_READ_FROM_PLEX CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 71, METHOD_OUT_DIRECT, FILE_READ_DATA) -#define FSCTL_FILE_PREFETCH CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 72, METHOD_BUFFERED, FILE_SPECIAL_ACCESS) - -#endif // (VER_PRODUCTBUILD >= 2195) - -#define FSCTL_MAILSLOT_PEEK CTL_CODE(FILE_DEVICE_MAILSLOT, 0, METHOD_NEITHER, FILE_READ_DATA) - -#define FSCTL_NETWORK_SET_CONFIGURATION_INFO CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 102, METHOD_IN_DIRECT, FILE_ANY_ACCESS) -#define FSCTL_NETWORK_GET_CONFIGURATION_INFO CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 103, METHOD_OUT_DIRECT, FILE_ANY_ACCESS) -#define FSCTL_NETWORK_GET_CONNECTION_INFO CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 104, METHOD_NEITHER, FILE_ANY_ACCESS) -#define FSCTL_NETWORK_ENUMERATE_CONNECTIONS CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 105, METHOD_NEITHER, FILE_ANY_ACCESS) -#define FSCTL_NETWORK_DELETE_CONNECTION CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 107, METHOD_BUFFERED, FILE_ANY_ACCESS) -#define FSCTL_NETWORK_GET_STATISTICS CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 116, METHOD_BUFFERED, FILE_ANY_ACCESS) -#define FSCTL_NETWORK_SET_DOMAIN_NAME CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 120, METHOD_BUFFERED, FILE_ANY_ACCESS) -#define FSCTL_NETWORK_REMOTE_BOOT_INIT_SCRT CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 250, METHOD_BUFFERED, FILE_ANY_ACCESS) - -#define FSCTL_PIPE_ASSIGN_EVENT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 0, METHOD_BUFFERED, FILE_ANY_ACCESS) -#define FSCTL_PIPE_DISCONNECT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 1, METHOD_BUFFERED, FILE_ANY_ACCESS) -#define FSCTL_PIPE_LISTEN CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2, METHOD_BUFFERED, FILE_ANY_ACCESS) -#define FSCTL_PIPE_PEEK CTL_CODE(FILE_DEVICE_NAMED_PIPE, 3, METHOD_BUFFERED, FILE_READ_DATA) -#define FSCTL_PIPE_QUERY_EVENT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 4, METHOD_BUFFERED, FILE_ANY_ACCESS) -#define FSCTL_PIPE_TRANSCEIVE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 5, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA) -#define FSCTL_PIPE_WAIT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 6, METHOD_BUFFERED, FILE_ANY_ACCESS) -#define FSCTL_PIPE_IMPERSONATE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 7, METHOD_BUFFERED, FILE_ANY_ACCESS) -#define FSCTL_PIPE_SET_CLIENT_PROCESS CTL_CODE(FILE_DEVICE_NAMED_PIPE, 8, METHOD_BUFFERED, FILE_ANY_ACCESS) -#define FSCTL_PIPE_QUERY_CLIENT_PROCESS CTL_CODE(FILE_DEVICE_NAMED_PIPE, 9, METHOD_BUFFERED, FILE_ANY_ACCESS) -#define FSCTL_PIPE_INTERNAL_READ CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2045, METHOD_BUFFERED, FILE_READ_DATA) -#define FSCTL_PIPE_INTERNAL_WRITE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2046, METHOD_BUFFERED, FILE_WRITE_DATA) -#define FSCTL_PIPE_INTERNAL_TRANSCEIVE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2047, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA) -#define FSCTL_PIPE_INTERNAL_READ_OVFLOW CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2048, METHOD_BUFFERED, FILE_READ_DATA) - -#define IOCTL_REDIR_QUERY_PATH CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 99, METHOD_NEITHER, FILE_ANY_ACCESS) - -typedef PVOID PEJOB; -typedef PVOID PNOTIFY_SYNC; -typedef PVOID OPLOCK, *POPLOCK; -typedef PVOID PWOW64_PROCESS; - -typedef ULONG LBN; -typedef LBN *PLBN; - -typedef ULONG VBN; -typedef VBN *PVBN; - -typedef struct _CACHE_MANAGER_CALLBACKS *PCACHE_MANAGER_CALLBACKS; -typedef struct _EPROCESS_QUOTA_BLOCK *PEPROCESS_QUOTA_BLOCK; -typedef struct _FILE_GET_QUOTA_INFORMATION *PFILE_GET_QUOTA_INFORMATION; -typedef struct _HANDLE_TABLE *PHANDLE_TABLE; -typedef struct _KEVENT_PAIR *PKEVENT_PAIR; -typedef struct _KPROCESS *PKPROCESS; -typedef struct _KQUEUE *PKQUEUE; -typedef struct _KTRAP_FRAME *PKTRAP_FRAME; -typedef struct _LPC_MESSAGE *PLPC_MESSAGE; -typedef struct _MAILSLOT_CREATE_PARAMETERS *PMAILSLOT_CREATE_PARAMETERS; -typedef struct _MMWSL *PMMWSL; -typedef struct _NAMED_PIPE_CREATE_PARAMETERS *PNAMED_PIPE_CREATE_PARAMETERS; -typedef struct _OBJECT_DIRECTORY *POBJECT_DIRECTORY; -typedef struct _PAGEFAULT_HISTORY *PPAGEFAULT_HISTORY; -typedef struct _PEB *PPEB; -typedef struct _PS_IMPERSONATION_INFORMATION *PPS_IMPERSONATION_INFORMATION; -typedef struct _SECTION_OBJECT *PSECTION_OBJECT; -typedef struct _SERVICE_DESCRIPTOR_TABLE *PSERVICE_DESCRIPTOR_TABLE; -typedef struct _SHARED_CACHE_MAP *PSHARED_CACHE_MAP; -typedef struct _TERMINATION_PORT *PTERMINATION_PORT; -typedef struct _VACB *PVACB; -typedef struct _VAD_HEADER *PVAD_HEADER; - -#if (VER_PRODUCTBUILD < 2195) -typedef ULONG SIZE_T, *PSIZE_T; -#endif - -typedef enum _FAST_IO_POSSIBLE { - FastIoIsNotPossible, - FastIoIsPossible, - FastIoIsQuestionable -} FAST_IO_POSSIBLE; - -typedef enum _FILE_STORAGE_TYPE { - StorageTypeDefault = 1, - StorageTypeDirectory, - StorageTypeFile, - StorageTypeJunctionPoint, - StorageTypeCatalog, - StorageTypeStructuredStorage, - StorageTypeEmbedding, - StorageTypeStream -} FILE_STORAGE_TYPE; - -typedef enum _IO_COMPLETION_INFORMATION_CLASS { - IoCompletionBasicInformation -} IO_COMPLETION_INFORMATION_CLASS; - -#if (VER_PRODUCTBUILD == 2195) - -typedef enum _KSPIN_LOCK_QUEUE_NUMBER { - LockQueueDispatcherLock, - LockQueueContextSwapLock, - LockQueuePfnLock, - LockQueueSystemSpaceLock, - LockQueueVacbLock, - LockQueueMasterLock, - LockQueueNonPagedPoolLock, - LockQueueIoCancelLock, - LockQueueWorkQueueLock, - LockQueueIoVpbLock, - LockQueueIoDatabaseLock, - LockQueueIoCompletionLock, - LockQueueNtfsStructLock, - LockQueueAfdWorkQueueLock, - LockQueueBcbLock, - LockQueueMaximumLock -} KSPIN_LOCK_QUEUE_NUMBER; - -#endif // (VER_PRODUCTBUILD == 2195) - -typedef enum _LPC_TYPE { - LPC_NEW_MESSAGE, - LPC_REQUEST, - LPC_REPLY, - LPC_DATAGRAM, - LPC_LOST_REPLY, - LPC_PORT_CLOSED, - LPC_CLIENT_DIED, - LPC_EXCEPTION, - LPC_DEBUG_EVENT, - LPC_ERROR_EVENT, - LPC_CONNECTION_REQUEST -} LPC_TYPE; - -typedef enum _MMFLUSH_TYPE { - MmFlushForDelete, - MmFlushForWrite -} MMFLUSH_TYPE; - -typedef enum _OBJECT_INFO_CLASS { - ObjectBasicInfo, - ObjectNameInfo, - ObjectTypeInfo, - ObjectAllTypesInfo, - ObjectProtectionInfo -} OBJECT_INFO_CLASS; - -typedef enum _PORT_INFORMATION_CLASS { - PortNoInformation -} PORT_INFORMATION_CLASS; - -typedef enum _SECTION_INFORMATION_CLASS { - SectionBasicInformation, - SectionImageInformation -} SECTION_INFORMATION_CLASS; - -typedef enum _SID_NAME_USE { - SidTypeUser = 1, - SidTypeGroup, - SidTypeDomain, - SidTypeAlias, - SidTypeWellKnownGroup, - SidTypeDeletedAccount, - SidTypeInvalid, - SidTypeUnknown -} SID_NAME_USE; - -typedef enum _SYSTEM_INFORMATION_CLASS { - SystemBasicInformation, - SystemProcessorInformation, - SystemPerformanceInformation, - SystemTimeOfDayInformation, - SystemNotImplemented1, - SystemProcessesAndThreadsInformation, - SystemCallCounts, - SystemConfigurationInformation, - SystemProcessorTimes, - SystemGlobalFlag, - SystemNotImplemented2, - SystemModuleInformation, - SystemLockInformation, - SystemNotImplemented3, - SystemNotImplemented4, - SystemNotImplemented5, - SystemHandleInformation, - SystemObjectInformation, - SystemPagefileInformation, - SystemInstructionEmulationCounts, - SystemInvalidInfoClass1, - SystemCacheInformation, - SystemPoolTagInformation, - SystemProcessorStatistics, - SystemDpcInformation, - SystemNotImplemented6, - SystemLoadImage, - SystemUnloadImage, - SystemTimeAdjustment, - SystemNotImplemented7, - SystemNotImplemented8, - SystemNotImplemented9, - SystemCrashDumpInformation, - SystemExceptionInformation, - SystemCrashDumpStateInformation, - SystemKernelDebuggerInformation, - SystemContextSwitchInformation, - SystemRegistryQuotaInformation, - SystemLoadAndCallImage, - SystemPrioritySeparation, - SystemNotImplemented10, - SystemNotImplemented11, - SystemInvalidInfoClass2, - SystemInvalidInfoClass3, - SystemTimeZoneInformation, - SystemLookasideInformation, - SystemSetTimeSlipEvent, - SystemCreateSession, - SystemDeleteSession, - SystemInvalidInfoClass4, - SystemRangeStartInformation, - SystemVerifierInformation, - SystemAddVerifier, - SystemSessionProcessesInformation -} SYSTEM_INFORMATION_CLASS; - -typedef enum _THREAD_STATE { - StateInitialized, - StateReady, - StateRunning, - StateStandby, - StateTerminated, - StateWait, - StateTransition, - StateUnknown -} THREAD_STATE; - -typedef enum _TOKEN_INFORMATION_CLASS { - TokenUser = 1, - TokenGroups, - TokenPrivileges, - TokenOwner, - TokenPrimaryGroup, - TokenDefaultDacl, - TokenSource, - TokenType, - TokenImpersonationLevel, - TokenStatistics, - TokenRestrictedSids -} TOKEN_INFORMATION_CLASS; - -typedef enum _TOKEN_TYPE { - TokenPrimary = 1, - TokenImpersonation -} TOKEN_TYPE; - -typedef struct _HARDWARE_PTE_X86 { - ULONG Valid : 1; - ULONG Write : 1; - ULONG Owner : 1; - ULONG WriteThrough : 1; - ULONG CacheDisable : 1; - ULONG Accessed : 1; - ULONG Dirty : 1; - ULONG LargePage : 1; - ULONG Global : 1; - ULONG CopyOnWrite : 1; - ULONG Prototype : 1; - ULONG reserved : 1; - ULONG PageFrameNumber : 20; -} HARDWARE_PTE_X86, *PHARDWARE_PTE_X86; - -typedef struct _KAPC_STATE { - LIST_ENTRY ApcListHead[2]; - PKPROCESS Process; - BOOLEAN KernelApcInProgress; - BOOLEAN KernelApcPending; - BOOLEAN UserApcPending; -} KAPC_STATE, *PKAPC_STATE; - -typedef struct _KGDTENTRY { - USHORT LimitLow; - USHORT BaseLow; - union { - struct { - UCHAR BaseMid; - UCHAR Flags1; - UCHAR Flags2; - UCHAR BaseHi; - } Bytes; - struct { - ULONG BaseMid : 8; - ULONG Type : 5; - ULONG Dpl : 2; - ULONG Pres : 1; - ULONG LimitHi : 4; - ULONG Sys : 1; - ULONG Reserved_0 : 1; - ULONG Default_Big : 1; - ULONG Granularity : 1; - ULONG BaseHi : 8; - } Bits; - } HighWord; -} KGDTENTRY, *PKGDTENTRY; - -typedef struct _KIDTENTRY { - USHORT Offset; - USHORT Selector; - USHORT Access; - USHORT ExtendedOffset; -} KIDTENTRY, *PKIDTENTRY; - -#if (VER_PRODUCTBUILD >= 2600) - -typedef struct _KPROCESS { - DISPATCHER_HEADER Header; - LIST_ENTRY ProfileListHead; - ULONG DirectoryTableBase[2]; - KGDTENTRY LdtDescriptor; - KIDTENTRY Int21Descriptor; - USHORT IopmOffset; - UCHAR Iopl; - UCHAR Unused; - ULONG ActiveProcessors; - ULONG KernelTime; - ULONG UserTime; - LIST_ENTRY ReadyListHead; - SINGLE_LIST_ENTRY SwapListEntry; - PVOID VdmTrapcHandler; - LIST_ENTRY ThreadListHead; - KSPIN_LOCK ProcessLock; - KAFFINITY Affinity; - USHORT StackCount; - CHAR BasePriority; - CHAR ThreadQuantum; - BOOLEAN AutoAlignment; - UCHAR State; - UCHAR ThreadSeed; - BOOLEAN DisableBoost; - UCHAR PowerState; - BOOLEAN DisableQuantum; - UCHAR IdealNode; - UCHAR Spare; -} KPROCESS, *PKPROCESS; - -#else - -typedef struct _KPROCESS { - DISPATCHER_HEADER Header; - LIST_ENTRY ProfileListHead; - ULONG DirectoryTableBase[2]; - KGDTENTRY LdtDescriptor; - KIDTENTRY Int21Descriptor; - USHORT IopmOffset; - UCHAR Iopl; - UCHAR VdmFlag; - ULONG ActiveProcessors; - ULONG KernelTime; - ULONG UserTime; - LIST_ENTRY ReadyListHead; - SINGLE_LIST_ENTRY SwapListEntry; - PVOID Reserved1; - LIST_ENTRY ThreadListHead; - KSPIN_LOCK ProcessLock; - KAFFINITY Affinity; - USHORT StackCount; - UCHAR BasePriority; - UCHAR ThreadQuantum; - BOOLEAN AutoAlignment; - UCHAR State; - UCHAR ThreadSeed; - BOOLEAN DisableBoost; -#if (VER_PRODUCTBUILD >= 2195) - UCHAR PowerState; - BOOLEAN DisableQuantum; - UCHAR IdealNode; - UCHAR Spare; -#endif // (VER_PRODUCTBUILD >= 2195) -} KPROCESS, *PKPROCESS; - -#endif - -#if (VER_PRODUCTBUILD >= 3790) - -typedef struct _KTHREAD { - DISPATCHER_HEADER Header; - LIST_ENTRY MutantListHead; // 0x10 - PVOID InitialStack; // 0x18 - PVOID StackLimit; // 0x1c - PVOID KernelStack; // 0x20 - ULONG ThreadLock; // 0x24 - ULONG ContextSwitches; // 0x28 - UCHAR State; // 0x2c - UCHAR NpxState; // 0x2d - UCHAR WaitIrql; // 0x2e - CHAR WaitMode; // 0x2f - struct _TEB *Teb; // 0x30 - KAPC_STATE ApcState; // 0x34 - KSPIN_LOCK ApcQueueLock; // 0x4c - NTSTATUS WaitStatus; // 0x50 - PKWAIT_BLOCK WaitBlockList; // 0x54 - BOOLEAN Alertable; // 0x58 - UCHAR WaitNext; // 0x59 - UCHAR WaitReason; // 0x5a - CHAR Priority; // 0x5b - BOOLEAN EnableStackSwap; // 0x5c - BOOLEAN SwapBusy; // 0x5d - UCHAR Alerted[2]; // 0x5e - union { - LIST_ENTRY WaitListEntry; // 0x60 - SINGLE_LIST_ENTRY SwapListEntry; // 0x60 - }; - PKQUEUE Queue; // 0x68 - ULONG WaitTime; // 0x6c - union { - struct { - USHORT KernelApcDisable; // 0x70 - USHORT SpecialApcDisable; // 0x72 - }; - USHORT CombinedApcDisable; // 0x70 - }; - KTIMER Timer; // 0x78 - KWAIT_BLOCK WaitBlock[4]; // 0xa0 - LIST_ENTRY QueueListEntry; // 0x100 - UCHAR ApcStateIndex; // 0x108 - BOOLEAN ApcQueueable; // 0x109 - BOOLEAN Preempted; // 0x10a - BOOLEAN ProcessReadyQueue; // 0x10b - BOOLEAN KernelStackResident; // 0x10c - CHAR Saturation; // 0x10d - UCHAR IdealProcessor; // 0x10e - UCHAR NextProcessor; // 0x10f - CHAR BasePriority; // 0x110 - UCHAR Spare4; // 0x111 - CHAR PriorityDecrement; // 0x112 - CHAR Quantum; // 0x113 - BOOLEAN SystemAffinityActive; // 0x114 - CHAR PreviousMode; // 0x115 - UCHAR ResourceIndex; // 0x116 - BOOLEAN DisableBoost; // 0x117 - ULONG UserAffinity; // 0x118 - PKPROCESS Process; // 0x11c - ULONG Affinity; // 0x120 - PSERVICE_DESCRIPTOR_TABLE ServiceTable; // 0x124 - PKAPC_STATE ApcStatePointer[2]; // 0x128 - KAPC_STATE SavedApcState; // 0x130 - PVOID CallbackStack; // 0x148 - PVOID Win32Thread; // 0x14c - PKTRAP_FRAME TrapFrame; // 0x150 - ULONG KernelTime; // 0x154 - ULONG UserTime; // 0x158 - PVOID StackBase; // 0x15c - KAPC SuspendApc; // 0x160 - KSEMAPHORE SuspendSemaphore; // 0x190 - PVOID TlsArray; // 0x1a4 - PVOID LegoData; // 0x1a8 - LIST_ENTRY ThreadListEntry; // 0x1ac - BOOLEAN LargeStack; // 0x1b4 - UCHAR PowerState; // 0x1b5 - UCHAR NpxIrql; // 0x1b6 - UCHAR Spare5; // 0x1b7 - BOOLEAN AutoAlignment; // 0x1b8 - UCHAR Iopl; // 0x1b9 - CHAR FreezeCount; // 0x1ba - CHAR SuspendCount; // 0x1bb - UCHAR Spare0[1]; // 0x1bc - UCHAR UserIdealProcessor; // 0x1bd - UCHAR DeferredProcessor; // 0x1be - UCHAR AdjustReason; // 0x1bf - CHAR AdjustIncrement; // 0x1c0 - UCHAR Spare2[3]; // 0x1c1 -} KTHREAD, *PKTHREAD; - -#elif (VER_PRODUCTBUILD >= 2600) - -typedef struct _KTHREAD { - DISPATCHER_HEADER Header; - LIST_ENTRY MutantListHead; - PVOID InitialStack; - PVOID StackLimit; - struct _TEB *Teb; - PVOID TlsArray; - PVOID KernelStack; - BOOLEAN DebugActive; - UCHAR State; - UCHAR Alerted[2]; - UCHAR Iopl; - UCHAR NpxState; - CHAR Saturation; - CHAR Priority; - KAPC_STATE ApcState; - ULONG ContextSwitches; - UCHAR IdleSwapBlock; - UCHAR Spare0[3]; - NTSTATUS WaitStatus; - UCHAR WaitIrql; - CHAR WaitMode; - UCHAR WaitNext; - UCHAR WaitReason; - PKWAIT_BLOCK WaitBlockList; - union { - LIST_ENTRY WaitListEntry; - SINGLE_LIST_ENTRY SwapListEntry; - }; - ULONG WaitTime; - CHAR BasePriority; - UCHAR DecrementCount; - CHAR PriorityDecrement; - CHAR Quantum; - KWAIT_BLOCK WaitBlock[4]; - PVOID LegoData; - ULONG KernelApcDisable; - ULONG UserAffinity; - BOOLEAN SystemAffinityActive; - UCHAR PowerState; - UCHAR NpxIrql; - UCHAR InitialNode; - PSERVICE_DESCRIPTOR_TABLE ServiceTable; - PKQUEUE Queue; - KSPIN_LOCK ApcQueueLock; - KTIMER Timer; - LIST_ENTRY QueueListEntry; - ULONG SoftAffinity; - ULONG Affinity; - BOOLEAN Preempted; - BOOLEAN ProcessReadyQueue; - BOOLEAN KernelStackResident; - UCHAR NextProcessor; - PVOID CallbackStack; - PVOID Win32Thread; - PKTRAP_FRAME TrapFrame; - PKAPC_STATE ApcStatePointer[2]; - CHAR PreviousMode; - BOOLEAN EnableStackSwap; - BOOLEAN LargeStack; - UCHAR ResourceIndex; - ULONG KernelTime; - ULONG UserTime; - KAPC_STATE SavedApcState; - BOOLEAN Alertable; - UCHAR ApcStateIndex; - BOOLEAN ApcQueueable; - BOOLEAN AutoAlignment; - PVOID StackBase; - KAPC SuspendApc; - KSEMAPHORE SuspendSemaphore; - LIST_ENTRY ThreadListEntry; - CHAR FreezeCount; - CHAR SuspendCount; - UCHAR IdealProcessor; - BOOLEAN DisableBoost; -} KTHREAD, *PKTHREAD; - -#else - -typedef struct _KTHREAD { - DISPATCHER_HEADER Header; - LIST_ENTRY MutantListHead; - PVOID InitialStack; - PVOID StackLimit; - struct _TEB *Teb; - PVOID TlsArray; - PVOID KernelStack; - BOOLEAN DebugActive; - UCHAR State; - USHORT Alerted; - UCHAR Iopl; - UCHAR NpxState; - UCHAR Saturation; - UCHAR Priority; - KAPC_STATE ApcState; - ULONG ContextSwitches; - NTSTATUS WaitStatus; - UCHAR WaitIrql; - UCHAR WaitMode; - UCHAR WaitNext; - UCHAR WaitReason; - PKWAIT_BLOCK WaitBlockList; - LIST_ENTRY WaitListEntry; - ULONG WaitTime; - UCHAR BasePriority; - UCHAR DecrementCount; - UCHAR PriorityDecrement; - UCHAR Quantum; - KWAIT_BLOCK WaitBlock[4]; - ULONG LegoData; - ULONG KernelApcDisable; - ULONG UserAffinity; - BOOLEAN SystemAffinityActive; -#if (VER_PRODUCTBUILD < 2195) - UCHAR Pad[3]; -#else // (VER_PRODUCTBUILD >= 2195) - UCHAR PowerState; - UCHAR NpxIrql; - UCHAR Pad[1]; -#endif // (VER_PRODUCTBUILD >= 2195) - PSERVICE_DESCRIPTOR_TABLE ServiceDescriptorTable; - PKQUEUE Queue; - KSPIN_LOCK ApcQueueLock; - KTIMER Timer; - LIST_ENTRY QueueListEntry; - ULONG Affinity; - BOOLEAN Preempted; - BOOLEAN ProcessReadyQueue; - BOOLEAN KernelStackResident; - UCHAR NextProcessor; - PVOID CallbackStack; - PVOID Win32Thread; - PKTRAP_FRAME TrapFrame; - PKAPC_STATE ApcStatePointer[2]; -#if (VER_PRODUCTBUILD >= 2195) - UCHAR PreviousMode; -#endif // (VER_PRODUCTBUILD >= 2195) - BOOLEAN EnableStackSwap; - BOOLEAN LargeStack; - UCHAR ResourceIndex; -#if (VER_PRODUCTBUILD < 2195) - UCHAR PreviousMode; -#endif // (VER_PRODUCTBUILD < 2195) - ULONG KernelTime; - ULONG UserTime; - KAPC_STATE SavedApcState; - BOOLEAN Alertable; - UCHAR ApcStateIndex; - BOOLEAN ApcQueueable; - BOOLEAN AutoAlignment; - PVOID StackBase; - KAPC SuspendApc; - KSEMAPHORE SuspendSemaphore; - LIST_ENTRY ThreadListEntry; - UCHAR FreezeCount; - UCHAR SuspendCount; - UCHAR IdealProcessor; - BOOLEAN DisableBoost; -} KTHREAD, *PKTHREAD; - -#endif - -#if (VER_PRODUCTBUILD >= 3790) - -typedef struct _MMSUPPORT_FLAGS { - ULONG SessionSpace : 1; - ULONG BeingTrimmed : 1; - ULONG SessionLeader : 1; - ULONG TrimHard : 1; - ULONG MaximumWorkingSetHard : 1; - ULONG ForceTrim : 1; - ULONG MinimumWorkingSetHard : 1; - ULONG Available0 : 1; - ULONG MemoryPriority : 8; - ULONG GrowWsleHash : 1; - ULONG AcquiredUnsafe : 1; - ULONG Available : 14; -} MMSUPPORT_FLAGS, *PMMSUPPORT_FLAGS; - -#elif (VER_PRODUCTBUILD >= 2600) - -typedef struct _MMSUPPORT_FLAGS { - ULONG SessionSpace : 1; - ULONG BeingTrimmed : 1; - ULONG SessionLeader : 1; - ULONG TrimHard : 1; - ULONG WorkingSetHard : 1; - ULONG AddressSpaceBeingDeleted : 1; - ULONG Available : 10; - ULONG AllowWorkingSetAdjustment : 8; - ULONG MemoryPriority : 8; -} MMSUPPORT_FLAGS, *PMMSUPPORT_FLAGS; - -#else - -typedef struct _MMSUPPORT_FLAGS { - ULONG SessionSpace : 1; - ULONG BeingTrimmed : 1; - ULONG ProcessInSession : 1; - ULONG SessionLeader : 1; - ULONG TrimHard : 1; - ULONG WorkingSetHard : 1; - ULONG WriteWatch : 1; - ULONG Filler : 25; -} MMSUPPORT_FLAGS, *PMMSUPPORT_FLAGS; - -#endif - -#if (VER_PRODUCTBUILD >= 3790) -/* -typedef struct _KGUARDED_MUTEX { - LONG Count; - PKTHREAD Owner; // 0x4 - ULONG Contention; // 0x8 - KEVENT Event; // 0xc - union { - struct { - USHORT KernelApcDisable; // 0x1c - USHORT SpecialApcDisable; // 0x1e - }; - USHORT CombinedApcDisable; // 0x1c - }; -} KGUARDED_MUTEX, *PKGUARDED_MUTEX; -*/ -typedef struct _MMSUPPORT { - LIST_ENTRY WorkingSetExpansionLinks; - LARGE_INTEGER LastTrimTime; // 0x8 - MMSUPPORT_FLAGS Flags; // 0x10 - ULONG PageFaultCount; // 0x14 - ULONG PeakWorkingSetSize; // 0x18 - ULONG GrowthSinceLastEstimate; // 0x1c - ULONG MinimumWorkingSetSize; // 0x20 - ULONG MaximumWorkingSetSize; // 0x24 - PMMWSL VmWorkingSetList; // 0x28 - ULONG Claim; // 0x2c - ULONG NextEstimationSlot; // 0x30 - ULONG NextAgingSlot; // 0x34 - ULONG EstimatedAvailable; // 0x38 - ULONG WorkingSetSize; //0x3c - KGUARDED_MUTEX Mutex; // 0x40 -} MMSUPPORT, *PMMSUPPORT; - -#elif (VER_PRODUCTBUILD >= 2600) - -typedef struct _MMSUPPORT { - LARGE_INTEGER LastTrimTime; - MMSUPPORT_FLAGS Flags; - ULONG PageFaultCount; - ULONG PeakWorkingSetSize; - ULONG WorkingSetSize; - ULONG MinimumWorkingSetSize; - ULONG MaximumWorkingSetSize; - PMMWSL VmWorkingSetList; - LIST_ENTRY WorkingSetExpansionLinks; - ULONG Claim; - ULONG NextEstimationSlot; - ULONG NextAgingSlot; - ULONG EstimatedAvailable; - ULONG GrowthSinceLastEstimate; -} MMSUPPORT, *PMMSUPPORT; - -#else - -typedef struct _MMSUPPORT { - LARGE_INTEGER LastTrimTime; - ULONG LastTrimFaultCount; - ULONG PageFaultCount; - ULONG PeakWorkingSetSize; - ULONG WorkingSetSize; - ULONG MinimumWorkingSetSize; - ULONG MaximumWorkingSetSize; - PMMWSL VmWorkingSetList; - LIST_ENTRY WorkingSetExpansionLinks; - BOOLEAN AllowWorkingSetAdjustment; - BOOLEAN AddressSpaceBeingDeleted; - UCHAR ForegroundSwitchCount; - UCHAR MemoryPriority; -#if (VER_PRODUCTBUILD >= 2195) - union { - ULONG LongFlags; - MMSUPPORT_FLAGS Flags; - } u; - ULONG Claim; - ULONG NextEstimationSlot; - ULONG NextAgingSlot; - ULONG EstimatedAvailable; - ULONG GrowthSinceLastEstimate; -#endif // (VER_PRODUCTBUILD >= 2195) -} MMSUPPORT, *PMMSUPPORT; - -#endif - -typedef struct _SE_AUDIT_PROCESS_CREATION_INFO { - POBJECT_NAME_INFORMATION ImageFileName; -} SE_AUDIT_PROCESS_CREATION_INFO, *PSE_AUDIT_PROCESS_CREATION_INFO; - -typedef struct _SID_IDENTIFIER_AUTHORITY { - UCHAR Value[6]; -} SID_IDENTIFIER_AUTHORITY, *PSID_IDENTIFIER_AUTHORITY; - -typedef struct _SID { - UCHAR Revision; - UCHAR SubAuthorityCount; - SID_IDENTIFIER_AUTHORITY IdentifierAuthority; - ULONG SubAuthority[1]; -} SID, *PREAL_SID; - -typedef struct _BITMAP_DESCRIPTOR { - ULONGLONG StartLcn; - ULONGLONG ClustersToEndOfVol; - UCHAR Map[1]; -} BITMAP_DESCRIPTOR, *PBITMAP_DESCRIPTOR; - -typedef struct _BITMAP_RANGE { - LIST_ENTRY Links; - LARGE_INTEGER BasePage; - ULONG FirstDirtyPage; - ULONG LastDirtyPage; - ULONG DirtyPages; - PULONG Bitmap; -} BITMAP_RANGE, *PBITMAP_RANGE; - -typedef struct _CACHE_UNINITIALIZE_EVENT { - struct _CACHE_UNINITIALIZE_EVENT *Next; - KEVENT Event; -} CACHE_UNINITIALIZE_EVENT, *PCACHE_UNINITIALIZE_EVENT; - -typedef struct _CC_FILE_SIZES { - LARGE_INTEGER AllocationSize; - LARGE_INTEGER FileSize; - LARGE_INTEGER ValidDataLength; -} CC_FILE_SIZES, *PCC_FILE_SIZES; - -typedef struct _COMPRESSED_DATA_INFO { - USHORT CompressionFormatAndEngine; - UCHAR CompressionUnitShift; - UCHAR ChunkShift; - UCHAR ClusterShift; - UCHAR Reserved; - USHORT NumberOfChunks; - ULONG CompressedChunkSizes[ANYSIZE_ARRAY]; -} COMPRESSED_DATA_INFO, *PCOMPRESSED_DATA_INFO; - -typedef struct _DEVICE_MAP { - POBJECT_DIRECTORY DosDevicesDirectory; - POBJECT_DIRECTORY GlobalDosDevicesDirectory; - ULONG ReferenceCount; - ULONG DriveMap; - UCHAR DriveType[32]; -} DEVICE_MAP, *PDEVICE_MAP; - -typedef struct _DIRECTORY_BASIC_INFORMATION { - UNICODE_STRING ObjectName; - UNICODE_STRING ObjectTypeName; -} DIRECTORY_BASIC_INFORMATION, *PDIRECTORY_BASIC_INFORMATION; - -#if (VER_PRODUCTBUILD >= 2600) - -typedef struct _EX_FAST_REF { - union { - PVOID Object; - ULONG RefCnt : 3; - ULONG Value; - }; -} EX_FAST_REF, *PEX_FAST_REF; - -typedef struct _EX_PUSH_LOCK { - union { - struct { - ULONG Waiting : 1; - ULONG Exclusive : 1; - ULONG Shared : 30; - }; - ULONG Value; - PVOID Ptr; - }; -} EX_PUSH_LOCK, *PEX_PUSH_LOCK; - -#endif // (VER_PRODUCTBUILD >= 2600) - -#if (VER_PRODUCTBUILD == 2600) - -typedef struct _EX_RUNDOWN_REF { - union { - ULONG Count; - PVOID Ptr; - }; -} EX_RUNDOWN_REF, *PEX_RUNDOWN_REF; - -#endif // (VER_PRODUCTBUILD == 2600) - -#if (VER_PRODUCTBUILD >= 3790) - -typedef struct _MM_ADDRESS_NODE { - union { - ULONG Balance : 2; - struct _MM_ADDRESS_NODE *Parent; // lower 2 bits of Parent are Balance and must be zeroed to obtain Parent - }; - struct _MM_ADDRESS_NODE *LeftChild; - struct _MM_ADDRESS_NODE *RightChild; - ULONG_PTR StartingVpn; - ULONG_PTR EndingVpn; -} MMADDRESS_NODE, *PMMADDRESS_NODE; - -typedef struct _MM_AVL_TABLE { - MMADDRESS_NODE BalancedRoot; // Vadroot; incorrectly represents the NULL pages (EndingVpn should be 0xf, etc.) - ULONG DepthOfTree : 5; // 0x14 - ULONG Unused : 3; - ULONG NumberGenericTableElements : 24; // total number of nodes - PVOID NodeHint; // 0x18 (0x270 in _EPROCESS) - PVOID NodeFreeHint; // 0x1c -} MM_AVL_TABLE, *PMM_AVL_TABLE; - -typedef struct _EPROCESS { - KPROCESS Pcb; // +0x000 - EX_PUSH_LOCK ProcessLock; // +0x06c - LARGE_INTEGER CreateTime; // +0x070 - LARGE_INTEGER ExitTime; // +0x078 - EX_RUNDOWN_REF RundownProtect; // +0x080 - ULONG UniqueProcessId; // +0x084 - LIST_ENTRY ActiveProcessLinks; // +0x088 - ULONG QuotaUsage[3]; // +0x090 - ULONG QuotaPeak[3]; // +0x09c - ULONG CommitCharge; // +0x0a8 - ULONG PeakVirtualSize; // +0x0ac - ULONG VirtualSize; // +0x0b0 - LIST_ENTRY SessionProcessLinks; // +0x0b4 - PVOID DebugPort; // +0x0bc - PVOID ExceptionPort; // +0x0c0 - PHANDLE_TABLE ObjectTable; // +0x0c4 - EX_FAST_REF Token; // +0x0c8 - ULONG WorkingSetPage; // +0x0cc - KGUARDED_MUTEX AddressCreationLock; // +0x0d0 - ULONG HyperSpaceLock; // +0x0f0 - PETHREAD ForkInProgress; // +0x0f4 - ULONG HardwareTrigger; // +0x0f8 - PMM_AVL_TABLE PhysicalVadRoot; // +0x0fc - PVOID CloneRoot; // +0x100 - ULONG NumberOfPrivatePages; // +0x104 - ULONG NumberOfLockedPages; // +0x108 - PVOID Win32Process; // +0x10c - PEJOB Job; // +0x110 - PVOID SectionObject; // +0x114 - PVOID SectionBaseAddress; // +0x118 - PEPROCESS_QUOTA_BLOCK QuotaBlock; // +0x11c - PPAGEFAULT_HISTORY WorkingSetWatch; // +0x120 - PVOID Win32WindowStation; // +0x124 - ULONG InheritedFromUniqueProcessId; // +0x128 - PVOID LdtInformation; // +0x12c - PVOID VadFreeHint; // +0x130 - PVOID VdmObjects; // +0x134 - PVOID DeviceMap; // +0x138 - PVOID Spare0[3]; // +0x13c - union { - HARDWARE_PTE PageDirectoryPte; // +0x148 - UINT64 Filler; // +0x148 - }; - PVOID Session; // +0x150 - UCHAR ImageFileName[16]; // +0x154 - LIST_ENTRY JobLinks; // +0x164 - PVOID LockedPagesList; // +0x16c - LIST_ENTRY ThreadListHead; // +0x170 - PVOID SecurityPort; // +0x178 - PVOID PaeTop; // +0x17c - ULONG ActiveThreads; // +0x180 - ULONG GrantedAccess; // +0x184 - ULONG DefaultHardErrorProcessing; // +0x188 - SHORT LastThreadExitStatus; // +0x18c - PPEB Peb; // +0x190 - EX_FAST_REF PrefetchTrace; // +0x194 - LARGE_INTEGER ReadOperationCount; // +0x198 - LARGE_INTEGER WriteOperationCount; // +0x1a0 - LARGE_INTEGER OtherOperationCount; // +0x1a8 - LARGE_INTEGER ReadTransferCount; // +0x1b0 - LARGE_INTEGER WriteTransferCount; // +0x1b8 - LARGE_INTEGER OtherTransferCount; // +0x1c0 - ULONG CommitChargeLimit; // +0x1c8 - ULONG CommitChargePeak; // +0x1cc - PVOID AweInfo; // +0x1d0 - SE_AUDIT_PROCESS_CREATION_INFO SeAuditProcessCreationInfo; // +0x1d4 - MMSUPPORT Vm; // +0x1d8 - LIST_ENTRY MmProcessLinks; // +0x238 - ULONG ModifiedPageCount; // +0x240 - ULONG JobStatus; // +0x244 - union { - ULONG Flags; // 0x248 - struct { - ULONG CreateReported : 1; - ULONG NoDebugInherit : 1; - ULONG ProcessExiting : 1; - ULONG ProcessDelete : 1; - ULONG Wow64SplitPages : 1; - ULONG VmDeleted : 1; - ULONG OutswapEnabled : 1; - ULONG Outswapped : 1; - ULONG ForkFailed : 1; - ULONG Wow64VaSpace4Gb : 1; - ULONG AddressSpaceInitialized : 2; - ULONG SetTimerResolution : 1; - ULONG BreakOnTermination : 1; - ULONG SessionCreationUnderway : 1; - ULONG WriteWatch : 1; - ULONG ProcessInSession : 1; - ULONG OverrideAddressSpace : 1; - ULONG HasAddressSpace : 1; - ULONG LaunchPrefetched : 1; - ULONG InjectInpageErrors : 1; - ULONG VmTopDown : 1; - ULONG ImageNotifyDone : 1; - ULONG PdeUpdateNeeded : 1; - ULONG VdmAllowed : 1; - ULONG Unused : 7; - }; - }; - NTSTATUS ExitStatus; // +0x24c - USHORT NextPageColor; // +0x250 - union { - struct { - UCHAR SubSystemMinorVersion; // +0x252 - UCHAR SubSystemMajorVersion; // +0x253 - }; - USHORT SubSystemVersion; // +0x252 - }; - UCHAR PriorityClass; // +0x254 - MM_AVL_TABLE VadRoot; // +0x258 -} EPROCESS, *PEPROCESS; // 0x278 in total - -#elif (VER_PRODUCTBUILD >= 2600) - -typedef struct _EPROCESS { - KPROCESS Pcb; - EX_PUSH_LOCK ProcessLock; - LARGE_INTEGER CreateTime; - LARGE_INTEGER ExitTime; - EX_RUNDOWN_REF RundownProtect; - ULONG UniqueProcessId; - LIST_ENTRY ActiveProcessLinks; - ULONG QuotaUsage[3]; - ULONG QuotaPeak[3]; - ULONG CommitCharge; - ULONG PeakVirtualSize; - ULONG VirtualSize; - LIST_ENTRY SessionProcessLinks; - PVOID DebugPort; - PVOID ExceptionPort; - PHANDLE_TABLE ObjectTable; - EX_FAST_REF Token; - FAST_MUTEX WorkingSetLock; - ULONG WorkingSetPage; - FAST_MUTEX AddressCreationLock; - KSPIN_LOCK HyperSpaceLock; - PETHREAD ForkInProgress; - ULONG HardwareTrigger; - PVOID VadRoot; - PVOID VadHint; - PVOID CloneRoot; - ULONG NumberOfPrivatePages; - ULONG NumberOfLockedPages; - PVOID Win32Process; - PEJOB Job; - PSECTION_OBJECT SectionObject; - PVOID SectionBaseAddress; - PEPROCESS_QUOTA_BLOCK QuotaBlock; - PPAGEFAULT_HISTORY WorkingSetWatch; - PVOID Win32WindowStation; - PVOID InheritedFromUniqueProcessId; - PVOID LdtInformation; - PVOID VadFreeHint; - PVOID VdmObjects; - PDEVICE_MAP DeviceMap; - LIST_ENTRY PhysicalVadList; - union { - HARDWARE_PTE PageDirectoryPte; - ULONGLONG Filler; - }; - PVOID Session; - UCHAR ImageFileName[16]; - LIST_ENTRY JobLinks; - PVOID LockedPageList; - LIST_ENTRY ThreadListHead; - PVOID SecurityPort; - PVOID PaeTop; - ULONG ActiveThreads; - ULONG GrantedAccess; - ULONG DefaultHardErrorProcessing; - NTSTATUS LastThreadExitStatus; - PPEB Peb; - EX_FAST_REF PrefetchTrace; - LARGE_INTEGER ReadOperationCount; - LARGE_INTEGER WriteOperationCount; - LARGE_INTEGER OtherOperationCount; - LARGE_INTEGER ReadTransferCount; - LARGE_INTEGER WriteTransferCount; - LARGE_INTEGER OtherTransferCount; - ULONG CommitChargeLimit; - ULONG CommitChargePeek; - PVOID AweInfo; - SE_AUDIT_PROCESS_CREATION_INFO SeAuditProcessCreationInfo; - MMSUPPORT Vm; - ULONG LastFaultCount; - ULONG ModifiedPageCount; - ULONG NumberOfVads; - ULONG JobStatus; - union { - ULONG Flags; - struct { - ULONG CreateReported : 1; - ULONG NoDebugInherit : 1; - ULONG ProcessExiting : 1; - ULONG ProcessDelete : 1; - ULONG Wow64SplitPages : 1; - ULONG VmDeleted : 1; - ULONG OutswapEnabled : 1; - ULONG Outswapped : 1; - ULONG ForkFailed : 1; - ULONG HasPhysicalVad : 1; - ULONG AddressSpaceInitialized : 2; - ULONG SetTimerResolution : 1; - ULONG BreakOnTermination : 1; - ULONG SessionCreationUnderway : 1; - ULONG WriteWatch : 1; - ULONG ProcessInSession : 1; - ULONG OverrideAddressSpace : 1; - ULONG HasAddressSpace : 1; - ULONG LaunchPrefetched : 1; - ULONG InjectInpageErrors : 1; - ULONG Unused : 11; - }; - }; - NTSTATUS ExitStatus; - USHORT NextPageColor; - union { - struct { - UCHAR SubSystemMinorVersion; - UCHAR SubSystemMajorVersion; - }; - USHORT SubSystemVersion; - }; - UCHAR PriorityClass; - BOOLEAN WorkingSetAcquiredUnsafe; -} EPROCESS, *PEPROCESS; - -#else - -typedef struct _EPROCESS { - KPROCESS Pcb; - NTSTATUS ExitStatus; - KEVENT LockEvent; - ULONG LockCount; - LARGE_INTEGER CreateTime; - LARGE_INTEGER ExitTime; - PKTHREAD LockOwner; - ULONG UniqueProcessId; - LIST_ENTRY ActiveProcessLinks; - ULONGLONG QuotaPeakPoolUsage; - ULONGLONG QuotaPoolUsage; - ULONG PagefileUsage; - ULONG CommitCharge; - ULONG PeakPagefileUsage; - ULONG PeakVirtualSize; - ULONGLONG VirtualSize; - MMSUPPORT Vm; -#if (VER_PRODUCTBUILD < 2195) - ULONG LastProtoPteFault; -#else // (VER_PRODUCTBUILD >= 2195) - LIST_ENTRY SessionProcessLinks; -#endif // (VER_PRODUCTBUILD >= 2195) - ULONG DebugPort; - ULONG ExceptionPort; - PHANDLE_TABLE ObjectTable; - PACCESS_TOKEN Token; - FAST_MUTEX WorkingSetLock; - ULONG WorkingSetPage; - BOOLEAN ProcessOutswapEnabled; - BOOLEAN ProcessOutswapped; - BOOLEAN AddressSpaceInitialized; - BOOLEAN AddressSpaceDeleted; - FAST_MUTEX AddressCreationLock; - KSPIN_LOCK HyperSpaceLock; - PETHREAD ForkInProgress; - USHORT VmOperation; - BOOLEAN ForkWasSuccessful; - UCHAR MmAgressiveWsTrimMask; - PKEVENT VmOperationEvent; -#if (VER_PRODUCTBUILD < 2195) - HARDWARE_PTE PageDirectoryPte; -#else // (VER_PRODUCTBUILD >= 2195) - PVOID PaeTop; -#endif // (VER_PRODUCTBUILD >= 2195) - ULONG LastFaultCount; - ULONG ModifiedPageCount; - PVOID VadRoot; - PVOID VadHint; - ULONG CloneRoot; - ULONG NumberOfPrivatePages; - ULONG NumberOfLockedPages; - USHORT NextPageColor; - BOOLEAN ExitProcessCalled; - BOOLEAN CreateProcessReported; - HANDLE SectionHandle; - PPEB Peb; - PVOID SectionBaseAddress; - PEPROCESS_QUOTA_BLOCK QuotaBlock; - NTSTATUS LastThreadExitStatus; - PPROCESS_WS_WATCH_INFORMATION WorkingSetWatch; - HANDLE Win32WindowStation; - HANDLE InheritedFromUniqueProcessId; - ACCESS_MASK GrantedAccess; - ULONG DefaultHardErrorProcessing; - PVOID LdtInformation; - PVOID VadFreeHint; - PVOID VdmObjects; -#if (VER_PRODUCTBUILD < 2195) - KMUTANT ProcessMutant; -#else // (VER_PRODUCTBUILD >= 2195) - PDEVICE_MAP DeviceMap; - ULONG SessionId; - LIST_ENTRY PhysicalVadList; - HARDWARE_PTE PageDirectoryPte; - ULONG Filler; - ULONG PaePageDirectoryPage; -#endif // (VER_PRODUCTBUILD >= 2195) - UCHAR ImageFileName[16]; - ULONG VmTrimFaultValue; - UCHAR SetTimerResolution; - UCHAR PriorityClass; - union { - struct { - UCHAR SubSystemMinorVersion; - UCHAR SubSystemMajorVersion; - }; - USHORT SubSystemVersion; - }; - PVOID Win32Process; -#if (VER_PRODUCTBUILD >= 2195) - PEJOB Job; - ULONG JobStatus; - LIST_ENTRY JobLinks; - PVOID LockedPageList; - PVOID SecurityPort; - PWOW64_PROCESS Wow64Process; - LARGE_INTEGER ReadOperationCount; - LARGE_INTEGER WriteOperationCount; - LARGE_INTEGER OtherOperationCount; - LARGE_INTEGER ReadTransferCount; - LARGE_INTEGER WriteTransferCount; - LARGE_INTEGER OtherTransferCount; - ULONG CommitChargeLimit; - ULONG CommitChargePeek; - LIST_ENTRY ThreadListHead; - PRTL_BITMAP VadPhysicalPagesBitMap; - ULONG VadPhysicalPages; - ULONG AweLock; -#endif // (VER_PRODUCTBUILD >= 2195) -} EPROCESS, *PEPROCESS; - -#endif - -#if (VER_PRODUCTBUILD >= 2600) - -typedef struct _ETHREAD { - KTHREAD Tcb; - union { - LARGE_INTEGER CreateTime; - struct { - ULONG NestedFaultCount : 2; - ULONG ApcNeeded : 1; - }; - }; - union { - LARGE_INTEGER ExitTime; - LIST_ENTRY LpcReplyChain; - LIST_ENTRY KeyedWaitChain; - }; - union { - NTSTATUS ExitStatus; - PVOID OfsChain; - }; - LIST_ENTRY PostBlockList; - union { - PTERMINATION_PORT TerminationPort; - PETHREAD ReaperLink; - PVOID KeyedWaitValue; - }; - KSPIN_LOCK ActiveTimerListLock; - LIST_ENTRY ActiveTimerListHead; - CLIENT_ID Cid; - union { - KSEMAPHORE LpcReplySemaphore; - KSEMAPHORE KeyedWaitSemaphore; - }; - union { - PLPC_MESSAGE LpcReplyMessage; - PVOID LpcWaitingOnPort; - }; - PPS_IMPERSONATION_INFORMATION ImpersonationInfo; - LIST_ENTRY IrpList; - ULONG TopLevelIrp; - PDEVICE_OBJECT DeviceToVerify; - PEPROCESS ThreadsProcess; - PKSTART_ROUTINE StartAddress; - union { - PVOID Win32StartAddress; - ULONG LpcReceivedMessageId; - }; - LIST_ENTRY ThreadListEntry; - EX_RUNDOWN_REF RundownProtect; - EX_PUSH_LOCK ThreadLock; - ULONG LpcReplyMessageId; - ULONG ReadClusterSize; - ACCESS_MASK GrantedAccess; - union { - ULONG CrossThreadFlags; - struct { - ULONG Terminated : 1; - ULONG DeadThread : 1; - ULONG HideFromDebugger : 1; - ULONG ActiveImpersonationInfo : 1; - ULONG SystemThread : 1; - ULONG HardErrorsAreDisabled : 1; - ULONG BreakOnTermination : 1; - ULONG SkipCreationMsg : 1; - ULONG SkipTerminationMsg : 1; - }; - }; - union { - ULONG SameThreadPassiveFlags; - struct { - ULONG ActiveExWorker : 1; - ULONG ExWorkerCanWaitUser : 1; - ULONG MemoryMaker : 1; - ULONG KeyedEventInUse : 1; - }; - }; - union { - ULONG SameThreadApcFlags; - struct { - BOOLEAN LpcReceivedMsgIdValid : 1; - BOOLEAN LpcExitThreadCalled : 1; - BOOLEAN AddressSpaceOwner : 1; - }; - }; - BOOLEAN ForwardClusterOnly; - BOOLEAN DisablePageFaultClustering; -} ETHREAD, *PETHREAD; - -#else - -typedef struct _ETHREAD { - KTHREAD Tcb; - LARGE_INTEGER CreateTime; - union { - LARGE_INTEGER ExitTime; - LIST_ENTRY LpcReplyChain; - }; - union { - NTSTATUS ExitStatus; - PVOID OfsChain; - }; - LIST_ENTRY PostBlockList; - LIST_ENTRY TerminationPortList; - KSPIN_LOCK ActiveTimerListLock; - LIST_ENTRY ActiveTimerListHead; - CLIENT_ID Cid; - KSEMAPHORE LpcReplySemaphore; - PLPC_MESSAGE LpcReplyMessage; - ULONG LpcReplyMessageId; - ULONG PerformanceCountLow; - PPS_IMPERSONATION_INFORMATION ImpersonationInfo; - LIST_ENTRY IrpList; - PVOID TopLevelIrp; - PDEVICE_OBJECT DeviceToVerify; - ULONG ReadClusterSize; - BOOLEAN ForwardClusterOnly; - BOOLEAN DisablePageFaultClustering; - BOOLEAN DeadThread; -#if (VER_PRODUCTBUILD >= 2195) - BOOLEAN HideFromDebugger; -#endif // (VER_PRODUCTBUILD >= 2195) -#if (VER_PRODUCTBUILD < 2195) - BOOLEAN HasTerminated; -#else // (VER_PRODUCTBUILD >= 2195) - ULONG HasTerminated; -#endif // (VER_PRODUCTBUILD >= 2195) -#if (VER_PRODUCTBUILD < 2195) - PKEVENT_PAIR EventPair; -#endif // (VER_PRODUCTBUILD < 2195) - ACCESS_MASK GrantedAccess; - PEPROCESS ThreadsProcess; - PKSTART_ROUTINE StartAddress; - union { - PVOID Win32StartAddress; - ULONG LpcReceivedMessageId; - }; - BOOLEAN LpcExitThreadCalled; - BOOLEAN HardErrorsAreDisabled; - BOOLEAN LpcReceivedMsgIdValid; - BOOLEAN ActiveImpersonationInfo; - ULONG PerformanceCountHigh; -#if (VER_PRODUCTBUILD >= 2195) - LIST_ENTRY ThreadListEntry; -#endif // (VER_PRODUCTBUILD >= 2195) -} ETHREAD, *PETHREAD; - -#endif - -typedef struct _EPROCESS_QUOTA_ENTRY { - ULONG Usage; - ULONG Limit; - ULONG Peak; - ULONG Return; -} EPROCESS_QUOTA_ENTRY, *PEPROCESS_QUOTA_ENTRY; - -typedef struct _EPROCESS_QUOTA_BLOCK { - EPROCESS_QUOTA_ENTRY QuotaEntry[3]; - LIST_ENTRY QuotaList; - ULONG ReferenceCount; - ULONG ProcessCount; -} EPROCESS_QUOTA_BLOCK, *PEPROCESS_QUOTA_BLOCK; - -typedef struct _EXCEPTION_REGISTRATION_RECORD { - struct _EXCEPTION_REGISTRATION_RECORD *Next; - PVOID Handler; -} EXCEPTION_REGISTRATION_RECORD, *PEXCEPTION_REGISTRATION_RECORD; - -/* - * When needing these parameters cast your PIO_STACK_LOCATION to - * PEXTENDED_IO_STACK_LOCATION - */ -#if !defined(_ALPHA_) && !defined(_AMD64_) && !defined(_IA64_) -#include -#endif -typedef struct _EXTENDED_IO_STACK_LOCATION { - - /* Included for padding */ - UCHAR MajorFunction; - UCHAR MinorFunction; - UCHAR Flags; - UCHAR Control; - - union { - - struct { - PIO_SECURITY_CONTEXT SecurityContext; - ULONG Options; - USHORT Reserved; - USHORT ShareAccess; - PMAILSLOT_CREATE_PARAMETERS Parameters; - } CreateMailslot; - - struct { - PIO_SECURITY_CONTEXT SecurityContext; - ULONG Options; - USHORT Reserved; - USHORT ShareAccess; - PNAMED_PIPE_CREATE_PARAMETERS Parameters; - } CreatePipe; - - struct { - ULONG OutputBufferLength; - ULONG InputBufferLength; - ULONG FsControlCode; - PVOID Type3InputBuffer; - } FileSystemControl; - - struct { - PLARGE_INTEGER Length; - ULONG Key; - LARGE_INTEGER ByteOffset; - } LockControl; - - struct { - ULONG Length; - ULONG CompletionFilter; - } NotifyDirectory; - - struct { - ULONG Length; - PUNICODE_STRING FileName; - FILE_INFORMATION_CLASS FileInformationClass; - ULONG FileIndex; - } QueryDirectory; - - struct { - ULONG Length; - PVOID EaList; - ULONG EaListLength; - ULONG EaIndex; - } QueryEa; - - struct { - ULONG Length; - PSID StartSid; - PFILE_GET_QUOTA_INFORMATION SidList; - ULONG SidListLength; - } QueryQuota; - - struct { - ULONG Length; - } SetEa; - - struct { - ULONG Length; - } SetQuota; - - struct { - ULONG Length; - FS_INFORMATION_CLASS FsInformationClass; - } SetVolume; - - } Parameters; - -} EXTENDED_IO_STACK_LOCATION, *PEXTENDED_IO_STACK_LOCATION; -#if !defined(_ALPHA_) && !defined(_AMD64_) && !defined(_IA64_) -#include -#endif - -typedef struct _FILE_ACCESS_INFORMATION { - ACCESS_MASK AccessFlags; -} FILE_ACCESS_INFORMATION, *PFILE_ACCESS_INFORMATION; - -typedef struct _FILE_ALLOCATION_INFORMATION { - LARGE_INTEGER AllocationSize; -} FILE_ALLOCATION_INFORMATION, *PFILE_ALLOCATION_INFORMATION; - -typedef struct _FILE_BOTH_DIR_INFORMATION { - ULONG NextEntryOffset; - ULONG FileIndex; - LARGE_INTEGER CreationTime; - LARGE_INTEGER LastAccessTime; - LARGE_INTEGER LastWriteTime; - LARGE_INTEGER ChangeTime; - LARGE_INTEGER EndOfFile; - LARGE_INTEGER AllocationSize; - ULONG FileAttributes; - ULONG FileNameLength; - ULONG EaSize; - CCHAR ShortNameLength; - WCHAR ShortName[12]; - WCHAR FileName[1]; -} FILE_BOTH_DIR_INFORMATION, *PFILE_BOTH_DIR_INFORMATION; - -typedef struct _FILE_COMPLETION_INFORMATION { - HANDLE Port; - ULONG Key; -} FILE_COMPLETION_INFORMATION, *PFILE_COMPLETION_INFORMATION; - -typedef struct _FILE_COMPRESSION_INFORMATION { - LARGE_INTEGER CompressedFileSize; - USHORT CompressionFormat; - UCHAR CompressionUnitShift; - UCHAR ChunkShift; - UCHAR ClusterShift; - UCHAR Reserved[3]; -} FILE_COMPRESSION_INFORMATION, *PFILE_COMPRESSION_INFORMATION; - -typedef struct _FILE_COPY_ON_WRITE_INFORMATION { - BOOLEAN ReplaceIfExists; - HANDLE RootDirectory; - ULONG FileNameLength; - WCHAR FileName[1]; -} FILE_COPY_ON_WRITE_INFORMATION, *PFILE_COPY_ON_WRITE_INFORMATION; - -typedef struct _FILE_DIRECTORY_INFORMATION { - ULONG NextEntryOffset; - ULONG FileIndex; - LARGE_INTEGER CreationTime; - LARGE_INTEGER LastAccessTime; - LARGE_INTEGER LastWriteTime; - LARGE_INTEGER ChangeTime; - LARGE_INTEGER EndOfFile; - LARGE_INTEGER AllocationSize; - ULONG FileAttributes; - ULONG FileNameLength; - WCHAR FileName[1]; -} FILE_DIRECTORY_INFORMATION, *PFILE_DIRECTORY_INFORMATION; - -typedef struct _FILE_EA_INFORMATION { - ULONG EaSize; -} FILE_EA_INFORMATION, *PFILE_EA_INFORMATION; - -typedef struct _FILE_FS_ATTRIBUTE_INFORMATION { - ULONG FileSystemAttributes; - ULONG MaximumComponentNameLength; - ULONG FileSystemNameLength; - WCHAR FileSystemName[1]; -} FILE_FS_ATTRIBUTE_INFORMATION, *PFILE_FS_ATTRIBUTE_INFORMATION; - -typedef struct _FILE_FS_CONTROL_INFORMATION { - LARGE_INTEGER FreeSpaceStartFiltering; - LARGE_INTEGER FreeSpaceThreshold; - LARGE_INTEGER FreeSpaceStopFiltering; - LARGE_INTEGER DefaultQuotaThreshold; - LARGE_INTEGER DefaultQuotaLimit; - ULONG FileSystemControlFlags; -} FILE_FS_CONTROL_INFORMATION, *PFILE_FS_CONTROL_INFORMATION; - -typedef struct _FILE_FS_FULL_SIZE_INFORMATION { - LARGE_INTEGER TotalAllocationUnits; - LARGE_INTEGER CallerAvailableAllocationUnits; - LARGE_INTEGER ActualAvailableAllocationUnits; - ULONG SectorsPerAllocationUnit; - ULONG BytesPerSector; -} FILE_FS_FULL_SIZE_INFORMATION, *PFILE_FS_FULL_SIZE_INFORMATION; - -typedef struct _FILE_FS_LABEL_INFORMATION { - ULONG VolumeLabelLength; - WCHAR VolumeLabel[1]; -} FILE_FS_LABEL_INFORMATION, *PFILE_FS_LABEL_INFORMATION; - -#if (VER_PRODUCTBUILD >= 2195) - -typedef struct _FILE_FS_OBJECT_ID_INFORMATION { - UCHAR ObjectId[16]; - UCHAR ExtendedInfo[48]; -} FILE_FS_OBJECT_ID_INFORMATION, *PFILE_FS_OBJECT_ID_INFORMATION; - -#endif // (VER_PRODUCTBUILD >= 2195) - -typedef struct _FILE_FS_SIZE_INFORMATION { - LARGE_INTEGER TotalAllocationUnits; - LARGE_INTEGER AvailableAllocationUnits; - ULONG SectorsPerAllocationUnit; - ULONG BytesPerSector; -} FILE_FS_SIZE_INFORMATION, *PFILE_FS_SIZE_INFORMATION; - -typedef struct _FILE_FS_VOLUME_INFORMATION { - LARGE_INTEGER VolumeCreationTime; - ULONG VolumeSerialNumber; - ULONG VolumeLabelLength; - BOOLEAN SupportsObjects; - WCHAR VolumeLabel[1]; -} FILE_FS_VOLUME_INFORMATION, *PFILE_FS_VOLUME_INFORMATION; - -typedef struct _FILE_FULL_DIR_INFORMATION { - ULONG NextEntryOffset; - ULONG FileIndex; - LARGE_INTEGER CreationTime; - LARGE_INTEGER LastAccessTime; - LARGE_INTEGER LastWriteTime; - LARGE_INTEGER ChangeTime; - LARGE_INTEGER EndOfFile; - LARGE_INTEGER AllocationSize; - ULONG FileAttributes; - ULONG FileNameLength; - ULONG EaSize; - WCHAR FileName[1]; -} FILE_FULL_DIR_INFORMATION, *PFILE_FULL_DIR_INFORMATION; - -typedef struct _FILE_GET_EA_INFORMATION { - ULONG NextEntryOffset; - UCHAR EaNameLength; - CHAR EaName[1]; -} FILE_GET_EA_INFORMATION, *PFILE_GET_EA_INFORMATION; - -typedef struct _FILE_GET_QUOTA_INFORMATION { - ULONG NextEntryOffset; - ULONG SidLength; - SID Sid; -} FILE_GET_QUOTA_INFORMATION, *PFILE_GET_QUOTA_INFORMATION; - -typedef struct _FILE_ID_BOTH_DIR_INFORMATION { - ULONG NextEntryOffset; - ULONG FileIndex; - LARGE_INTEGER CreationTime; - LARGE_INTEGER LastAccessTime; - LARGE_INTEGER LastWriteTime; - LARGE_INTEGER ChangeTime; - LARGE_INTEGER EndOfFile; - LARGE_INTEGER AllocationSize; - ULONG FileAttributes; - ULONG FileNameLength; - ULONG EaSize; - CCHAR ShortNameLength; - WCHAR ShortName[12]; - LARGE_INTEGER FileId; - WCHAR FileName[1]; -} FILE_ID_BOTH_DIR_INFORMATION, *PFILE_ID_BOTH_DIR_INFORMATION; - -typedef struct _FILE_ID_FULL_DIR_INFORMATION { - ULONG NextEntryOffset; - ULONG FileIndex; - LARGE_INTEGER CreationTime; - LARGE_INTEGER LastAccessTime; - LARGE_INTEGER LastWriteTime; - LARGE_INTEGER ChangeTime; - LARGE_INTEGER EndOfFile; - LARGE_INTEGER AllocationSize; - ULONG FileAttributes; - ULONG FileNameLength; - ULONG EaSize; - LARGE_INTEGER FileId; - WCHAR FileName[1]; -} FILE_ID_FULL_DIR_INFORMATION, *PFILE_ID_FULL_DIR_INFORMATION; - -typedef struct _FILE_INTERNAL_INFORMATION { - LARGE_INTEGER IndexNumber; -} FILE_INTERNAL_INFORMATION, *PFILE_INTERNAL_INFORMATION; - -typedef struct _FILE_LINK_INFORMATION { - BOOLEAN ReplaceIfExists; - HANDLE RootDirectory; - ULONG FileNameLength; - WCHAR FileName[1]; -} FILE_LINK_INFORMATION, *PFILE_LINK_INFORMATION; - -typedef struct _FILE_LOCK_INFO { - LARGE_INTEGER StartingByte; - LARGE_INTEGER Length; - BOOLEAN ExclusiveLock; - ULONG Key; - PFILE_OBJECT FileObject; - PEPROCESS Process; - LARGE_INTEGER EndingByte; -} FILE_LOCK_INFO, *PFILE_LOCK_INFO; - -// raw internal file lock struct returned from FsRtlGetNextFileLock -typedef struct _FILE_SHARED_LOCK_ENTRY { - PVOID Unknown1; - PVOID Unknown2; - FILE_LOCK_INFO FileLock; -} FILE_SHARED_LOCK_ENTRY, *PFILE_SHARED_LOCK_ENTRY; - -// raw internal file lock struct returned from FsRtlGetNextFileLock -typedef struct _FILE_EXCLUSIVE_LOCK_ENTRY { - LIST_ENTRY ListEntry; - PVOID Unknown1; - PVOID Unknown2; - FILE_LOCK_INFO FileLock; -} FILE_EXCLUSIVE_LOCK_ENTRY, *PFILE_EXCLUSIVE_LOCK_ENTRY; - -typedef NTSTATUS (*PCOMPLETE_LOCK_IRP_ROUTINE) ( - IN PVOID Context, - IN PIRP Irp -); - -typedef VOID (*PUNLOCK_ROUTINE) ( - IN PVOID Context, - IN PFILE_LOCK_INFO FileLockInfo -); - -typedef struct _FILE_LOCK { - PCOMPLETE_LOCK_IRP_ROUTINE CompleteLockIrpRoutine; - PUNLOCK_ROUTINE UnlockRoutine; - BOOLEAN FastIoIsQuestionable; - BOOLEAN Pad[3]; - PVOID LockInformation; - FILE_LOCK_INFO LastReturnedLockInfo; - PVOID LastReturnedLock; -} FILE_LOCK, *PFILE_LOCK; - -typedef struct _FILE_MAILSLOT_PEEK_BUFFER { - ULONG ReadDataAvailable; - ULONG NumberOfMessages; - ULONG MessageLength; -} FILE_MAILSLOT_PEEK_BUFFER, *PFILE_MAILSLOT_PEEK_BUFFER; - -typedef struct _FILE_MAILSLOT_QUERY_INFORMATION { - ULONG MaximumMessageSize; - ULONG MailslotQuota; - ULONG NextMessageSize; - ULONG MessagesAvailable; - LARGE_INTEGER ReadTimeout; -} FILE_MAILSLOT_QUERY_INFORMATION, *PFILE_MAILSLOT_QUERY_INFORMATION; - -typedef struct _FILE_MAILSLOT_SET_INFORMATION { - PLARGE_INTEGER ReadTimeout; -} FILE_MAILSLOT_SET_INFORMATION, *PFILE_MAILSLOT_SET_INFORMATION; - -typedef struct _FILE_MODE_INFORMATION { - ULONG Mode; -} FILE_MODE_INFORMATION, *PFILE_MODE_INFORMATION; - -// This structure is included in the Windows 2000 DDK but is missing in the -// Windows NT 4.0 DDK -#if (VER_PRODUCTBUILD < 2195) -typedef struct _FILE_NAME_INFORMATION { - ULONG FileNameLength; - WCHAR FileName[1]; -} FILE_NAME_INFORMATION, *PFILE_NAME_INFORMATION; -#endif // (VER_PRODUCTBUILD < 2195) - -typedef struct _FILE_ALL_INFORMATION { - FILE_BASIC_INFORMATION BasicInformation; - FILE_STANDARD_INFORMATION StandardInformation; - FILE_INTERNAL_INFORMATION InternalInformation; - FILE_EA_INFORMATION EaInformation; - FILE_ACCESS_INFORMATION AccessInformation; - FILE_POSITION_INFORMATION PositionInformation; - FILE_MODE_INFORMATION ModeInformation; - FILE_ALIGNMENT_INFORMATION AlignmentInformation; - FILE_NAME_INFORMATION NameInformation; -} FILE_ALL_INFORMATION, *PFILE_ALL_INFORMATION; - -typedef struct _FILE_NAMES_INFORMATION { - ULONG NextEntryOffset; - ULONG FileIndex; - ULONG FileNameLength; - WCHAR FileName[1]; -} FILE_NAMES_INFORMATION, *PFILE_NAMES_INFORMATION; - -typedef struct _FILE_NOTIFY_INFORMATION { - ULONG NextEntryOffset; - ULONG Action; - ULONG FileNameLength; - WCHAR FileName[1]; -} FILE_NOTIFY_INFORMATION, *PFILE_NOTIFY_INFORMATION; - -typedef struct _FILE_OBJECTID_INFORMATION { - LONGLONG FileReference; - UCHAR ObjectId[16]; - union { - struct { - UCHAR BirthVolumeId[16]; - UCHAR BirthObjectId[16]; - UCHAR DomainId[16]; - } ; - UCHAR ExtendedInfo[48]; - }; -} FILE_OBJECTID_INFORMATION, *PFILE_OBJECTID_INFORMATION; - -typedef struct _FILE_OLE_CLASSID_INFORMATION { - GUID ClassId; -} FILE_OLE_CLASSID_INFORMATION, *PFILE_OLE_CLASSID_INFORMATION; - -typedef struct _FILE_OLE_ALL_INFORMATION { - FILE_BASIC_INFORMATION BasicInformation; - FILE_STANDARD_INFORMATION StandardInformation; - FILE_INTERNAL_INFORMATION InternalInformation; - FILE_EA_INFORMATION EaInformation; - FILE_ACCESS_INFORMATION AccessInformation; - FILE_POSITION_INFORMATION PositionInformation; - FILE_MODE_INFORMATION ModeInformation; - FILE_ALIGNMENT_INFORMATION AlignmentInformation; - USN LastChangeUsn; - USN ReplicationUsn; - LARGE_INTEGER SecurityChangeTime; - FILE_OLE_CLASSID_INFORMATION OleClassIdInformation; - FILE_OBJECTID_INFORMATION ObjectIdInformation; - FILE_STORAGE_TYPE StorageType; - ULONG OleStateBits; - ULONG OleId; - ULONG NumberOfStreamReferences; - ULONG StreamIndex; - ULONG SecurityId; - BOOLEAN ContentIndexDisable; - BOOLEAN InheritContentIndexDisable; - FILE_NAME_INFORMATION NameInformation; -} FILE_OLE_ALL_INFORMATION, *PFILE_OLE_ALL_INFORMATION; - -typedef struct _FILE_OLE_DIR_INFORMATION { - ULONG NextEntryOffset; - ULONG FileIndex; - LARGE_INTEGER CreationTime; - LARGE_INTEGER LastAccessTime; - LARGE_INTEGER LastWriteTime; - LARGE_INTEGER ChangeTime; - LARGE_INTEGER EndOfFile; - LARGE_INTEGER AllocationSize; - ULONG FileAttributes; - ULONG FileNameLength; - FILE_STORAGE_TYPE StorageType; - GUID OleClassId; - ULONG OleStateBits; - BOOLEAN ContentIndexDisable; - BOOLEAN InheritContentIndexDisable; - WCHAR FileName[1]; -} FILE_OLE_DIR_INFORMATION, *PFILE_OLE_DIR_INFORMATION; - -typedef struct _FILE_OLE_INFORMATION { - LARGE_INTEGER SecurityChangeTime; - FILE_OLE_CLASSID_INFORMATION OleClassIdInformation; - FILE_OBJECTID_INFORMATION ObjectIdInformation; - FILE_STORAGE_TYPE StorageType; - ULONG OleStateBits; - BOOLEAN ContentIndexDisable; - BOOLEAN InheritContentIndexDisable; -} FILE_OLE_INFORMATION, *PFILE_OLE_INFORMATION; - -typedef struct _FILE_OLE_STATE_BITS_INFORMATION { - ULONG StateBits; - ULONG StateBitsMask; -} FILE_OLE_STATE_BITS_INFORMATION, *PFILE_OLE_STATE_BITS_INFORMATION; - -typedef struct _FILE_PIPE_ASSIGN_EVENT_BUFFER { - HANDLE EventHandle; - ULONG KeyValue; -} FILE_PIPE_ASSIGN_EVENT_BUFFER, *PFILE_PIPE_ASSIGN_EVENT_BUFFER; - -typedef struct _FILE_PIPE_CLIENT_PROCESS_BUFFER { - PVOID ClientSession; - PVOID ClientProcess; -} FILE_PIPE_CLIENT_PROCESS_BUFFER, *PFILE_PIPE_CLIENT_PROCESS_BUFFER; - -typedef struct _FILE_PIPE_EVENT_BUFFER { - ULONG NamedPipeState; - ULONG EntryType; - ULONG ByteCount; - ULONG KeyValue; - ULONG NumberRequests; -} FILE_PIPE_EVENT_BUFFER, *PFILE_PIPE_EVENT_BUFFER; - -typedef struct _FILE_PIPE_INFORMATION { - ULONG ReadMode; - ULONG CompletionMode; -} FILE_PIPE_INFORMATION, *PFILE_PIPE_INFORMATION; - -typedef struct _FILE_PIPE_LOCAL_INFORMATION { - ULONG NamedPipeType; - ULONG NamedPipeConfiguration; - ULONG MaximumInstances; - ULONG CurrentInstances; - ULONG InboundQuota; - ULONG ReadDataAvailable; - ULONG OutboundQuota; - ULONG WriteQuotaAvailable; - ULONG NamedPipeState; - ULONG NamedPipeEnd; -} FILE_PIPE_LOCAL_INFORMATION, *PFILE_PIPE_LOCAL_INFORMATION; - -typedef struct _FILE_PIPE_PEEK_BUFFER { - ULONG NamedPipeState; - ULONG ReadDataAvailable; - ULONG NumberOfMessages; - ULONG MessageLength; - CHAR Data[1]; -} FILE_PIPE_PEEK_BUFFER, *PFILE_PIPE_PEEK_BUFFER; - -typedef struct _FILE_PIPE_REMOTE_INFORMATION { - LARGE_INTEGER CollectDataTime; - ULONG MaximumCollectionCount; -} FILE_PIPE_REMOTE_INFORMATION, *PFILE_PIPE_REMOTE_INFORMATION; - -typedef struct _FILE_PIPE_WAIT_FOR_BUFFER { - LARGE_INTEGER Timeout; - ULONG NameLength; - BOOLEAN TimeoutSpecified; - WCHAR Name[1]; -} FILE_PIPE_WAIT_FOR_BUFFER, *PFILE_PIPE_WAIT_FOR_BUFFER; - -typedef struct _FILE_QUOTA_INFORMATION { - ULONG NextEntryOffset; - ULONG SidLength; - LARGE_INTEGER ChangeTime; - LARGE_INTEGER QuotaUsed; - LARGE_INTEGER QuotaThreshold; - LARGE_INTEGER QuotaLimit; - SID Sid; -} FILE_QUOTA_INFORMATION, *PFILE_QUOTA_INFORMATION; - -typedef struct _FILE_RENAME_INFORMATION { - BOOLEAN ReplaceIfExists; - HANDLE RootDirectory; - ULONG FileNameLength; - WCHAR FileName[1]; -} FILE_RENAME_INFORMATION, *PFILE_RENAME_INFORMATION; - -typedef struct _FILE_STREAM_INFORMATION { - ULONG NextEntryOffset; - ULONG StreamNameLength; - LARGE_INTEGER StreamSize; - LARGE_INTEGER StreamAllocationSize; - WCHAR StreamName[1]; -} FILE_STREAM_INFORMATION, *PFILE_STREAM_INFORMATION; - -typedef struct _FILE_TRACKING_INFORMATION { - HANDLE DestinationFile; - ULONG ObjectInformationLength; - CHAR ObjectInformation[1]; -} FILE_TRACKING_INFORMATION, *PFILE_TRACKING_INFORMATION; - -typedef struct _FSRTL_COMMON_FCB_HEADER { - CSHORT NodeTypeCode; - CSHORT NodeByteSize; - UCHAR Flags; - UCHAR IsFastIoPossible; -#if (VER_PRODUCTBUILD >= 1381) - UCHAR Flags2; - UCHAR Reserved : 4; - UCHAR Version : 4; -#endif // (VER_PRODUCTBUILD >= 1381) - PERESOURCE Resource; - PERESOURCE PagingIoResource; - LARGE_INTEGER AllocationSize; - LARGE_INTEGER FileSize; - LARGE_INTEGER ValidDataLength; -} FSRTL_COMMON_FCB_HEADER, *PFSRTL_COMMON_FCB_HEADER; - -#if (VER_PRODUCTBUILD >= 2600) - -#ifdef __cplusplus -typedef struct _FSRTL_ADVANCED_FCB_HEADER:FSRTL_COMMON_FCB_HEADER { -#else // __cplusplus -typedef struct _FSRTL_ADVANCED_FCB_HEADER { - FSRTL_COMMON_FCB_HEADER; -#endif // __cplusplus - PFAST_MUTEX FastMutex; - LIST_ENTRY FilterContexts; - EX_PUSH_LOCK PushLock; - PVOID *FileContextSupportPointer; -} FSRTL_ADVANCED_FCB_HEADER, *PFSRTL_ADVANCED_FCB_HEADER; - -#endif // (VER_PRODUCTBUILD >= 2600) - -typedef struct _GENERATE_NAME_CONTEXT { - USHORT Checksum; - BOOLEAN CheckSumInserted; - UCHAR NameLength; - WCHAR NameBuffer[8]; - ULONG ExtensionLength; - WCHAR ExtensionBuffer[4]; - ULONG LastIndexValue; -} GENERATE_NAME_CONTEXT, *PGENERATE_NAME_CONTEXT; - -typedef struct _HANDLE_INFO { // Information about open handles - union { - PEPROCESS Process; // Pointer to PEPROCESS owning the Handle - ULONG Count; // Count of HANDLE_INFO structures following this structure - } HandleInfo; - USHORT HandleCount; -} HANDLE_INFO, *PHANDLE_INFO; - -typedef struct _HANDLE_TABLE_ENTRY_INFO { - ULONG AuditMask; -} HANDLE_TABLE_ENTRY_INFO, *PHANDLE_TABLE_ENTRY_INFO; - -typedef struct _HANDLE_TABLE_ENTRY { - union { - PVOID Object; - ULONG ObAttributes; - PHANDLE_TABLE_ENTRY_INFO InfoTable; - ULONG Value; - }; - union { - ULONG GrantedAccess; - USHORT GrantedAccessIndex; - LONG NextFreeTableEntry; - }; - USHORT CreatorBackTraceIndex; -} HANDLE_TABLE_ENTRY, *PHANDLE_TABLE_ENTRY; - -typedef struct _MAPPING_PAIR { - ULONGLONG Vcn; - ULONGLONG Lcn; -} MAPPING_PAIR, *PMAPPING_PAIR; - -typedef struct _GET_RETRIEVAL_DESCRIPTOR { - ULONG NumberOfPairs; - ULONGLONG StartVcn; - MAPPING_PAIR Pair[1]; -} GET_RETRIEVAL_DESCRIPTOR, *PGET_RETRIEVAL_DESCRIPTOR; - -typedef struct _INITIAL_TEB { - ULONG Unknown_1; - ULONG Unknown_2; - PVOID StackTop; - PVOID StackBase; - PVOID Unknown_3; -} INITIAL_TEB, *PINITIAL_TEB; - -typedef struct _IO_CLIENT_EXTENSION { - struct _IO_CLIENT_EXTENSION *NextExtension; - PVOID ClientIdentificationAddress; -} IO_CLIENT_EXTENSION, *PIO_CLIENT_EXTENSION; - -typedef struct _IO_COMPLETION_BASIC_INFORMATION { - LONG Depth; -} IO_COMPLETION_BASIC_INFORMATION, *PIO_COMPLETION_BASIC_INFORMATION; - -typedef struct _KEVENT_PAIR { - USHORT Type; - USHORT Size; - KEVENT Event1; - KEVENT Event2; -} KEVENT_PAIR, *PKEVENT_PAIR; - -typedef struct _KINTERRUPT { - CSHORT Type; - CSHORT Size; - LIST_ENTRY InterruptListEntry; - PKSERVICE_ROUTINE ServiceRoutine; - PVOID ServiceContext; - KSPIN_LOCK SpinLock; - ULONG TickCount; - PKSPIN_LOCK ActualLock; - PVOID DispatchAddress; - ULONG Vector; - KIRQL Irql; - KIRQL SynchronizeIrql; - BOOLEAN FloatingSave; - BOOLEAN Connected; - CHAR Number; - UCHAR ShareVector; - KINTERRUPT_MODE Mode; - ULONG ServiceCount; - ULONG DispatchCount; - ULONG DispatchCode[106]; -} KINTERRUPT, *PKINTERRUPT; - -typedef struct _KQUEUE { - DISPATCHER_HEADER Header; - LIST_ENTRY EntryListHead; - ULONG CurrentCount; - ULONG MaximumCount; - LIST_ENTRY ThreadListHead; -} KQUEUE, *PKQUEUE, *RESTRICTED_POINTER PRKQUEUE; - -typedef struct _LARGE_MCB { - PFAST_MUTEX FastMutex; - ULONG MaximumPairCount; - ULONG PairCount; - POOL_TYPE PoolType; - PVOID Mapping; -} LARGE_MCB, *PLARGE_MCB; - -typedef struct _LPC_MESSAGE { - USHORT DataSize; - USHORT MessageSize; - USHORT MessageType; - USHORT VirtualRangesOffset; - CLIENT_ID ClientId; - ULONG MessageId; - ULONG SectionSize; - UCHAR Data[1]; -} LPC_MESSAGE, *PLPC_MESSAGE; - -typedef struct _LPC_SECTION_READ { - ULONG Length; - ULONG ViewSize; - PVOID ViewBase; -} LPC_SECTION_READ, *PLPC_SECTION_READ; - -typedef struct _LPC_SECTION_WRITE { - ULONG Length; - HANDLE SectionHandle; - ULONG SectionOffset; - ULONG ViewSize; - PVOID ViewBase; - PVOID TargetViewBase; -} LPC_SECTION_WRITE, *PLPC_SECTION_WRITE; - -typedef struct _MAILSLOT_CREATE_PARAMETERS { - ULONG MailslotQuota; - ULONG MaximumMessageSize; - LARGE_INTEGER ReadTimeout; - BOOLEAN TimeoutSpecified; -} MAILSLOT_CREATE_PARAMETERS, *PMAILSLOT_CREATE_PARAMETERS; - -typedef struct _MBCB { - CSHORT NodeTypeCode; - CSHORT NodeIsInZone; - ULONG PagesToWrite; - ULONG DirtyPages; - ULONG Reserved; - LIST_ENTRY BitmapRanges; - LONGLONG ResumeWritePage; - BITMAP_RANGE BitmapRange1; - BITMAP_RANGE BitmapRange2; - BITMAP_RANGE BitmapRange3; -} MBCB, *PMBCB; - -typedef struct _MCB { - LARGE_MCB LargeMcb; -} MCB, *PMCB; - -typedef struct _MOVEFILE_DESCRIPTOR { - HANDLE FileHandle; - ULONG Reserved; - LARGE_INTEGER StartVcn; - LARGE_INTEGER TargetLcn; - ULONG NumVcns; - ULONG Reserved1; -} MOVEFILE_DESCRIPTOR, *PMOVEFILE_DESCRIPTOR; - -typedef struct _NAMED_PIPE_CREATE_PARAMETERS { - ULONG NamedPipeType; - ULONG ReadMode; - ULONG CompletionMode; - ULONG MaximumInstances; - ULONG InboundQuota; - ULONG OutboundQuota; - LARGE_INTEGER DefaultTimeout; - BOOLEAN TimeoutSpecified; -} NAMED_PIPE_CREATE_PARAMETERS, *PNAMED_PIPE_CREATE_PARAMETERS; - -typedef struct _QUOTA_BLOCK { - KSPIN_LOCK QuotaLock; - ULONG ReferenceCount; // Number of processes using this block - ULONG PeakNonPagedPoolUsage; - ULONG PeakPagedPoolUsage; - ULONG NonPagedpoolUsage; - ULONG PagedPoolUsage; - ULONG NonPagedPoolLimit; - ULONG PagedPoolLimit; - ULONG PeakPagefileUsage; - ULONG PagefileUsage; - ULONG PageFileLimit; -} QUOTA_BLOCK, *PQUOTA_BLOCK; - -typedef struct _OBJECT_BASIC_INFO { - ULONG Attributes; - ACCESS_MASK GrantedAccess; - ULONG HandleCount; - ULONG ReferenceCount; - ULONG PagedPoolUsage; - ULONG NonPagedPoolUsage; - ULONG Reserved[3]; - ULONG NameInformationLength; - ULONG TypeInformationLength; - ULONG SecurityDescriptorLength; - LARGE_INTEGER CreateTime; -} OBJECT_BASIC_INFO, *POBJECT_BASIC_INFO; - -typedef struct _OBJECT_CREATE_INFORMATION { - ULONG Attributes; - HANDLE RootDirectory; // 0x4 - PVOID ParseContext; // 0x8 - KPROCESSOR_MODE ProbeMode; // 0xc - ULONG PagedPoolCharge; // 0x10 - ULONG NonPagedPoolCharge; // 0x14 - ULONG SecurityDescriptorCharge; // 0x18 - PSECURITY_DESCRIPTOR SecurityDescriptor; // 0x1c - PSECURITY_QUALITY_OF_SERVICE SecurityQos; // 0x20 - SECURITY_QUALITY_OF_SERVICE SecurityQualityOfService; // 0x24 -} OBJECT_CREATE_INFORMATION, *POBJECT_CREATE_INFORMATION; - -typedef struct _OBJECT_CREATOR_INFO { - LIST_ENTRY Creator; - ULONG UniqueProcessId; // Creator's Process ID - ULONG Reserved; // Alignment -} OBJECT_CREATOR_INFO, *POBJECT_CREATOR_INFO; - -typedef struct _OBJECT_DIRECTORY_ITEM { - struct _OBJECT_DIRECTORY_ITEM *Next; - PVOID Object; -} OBJECT_DIRECTORY_ITEM, *POBJECT_DIRECTORY_ITEM; - -typedef struct _OBJECT_DIRECTORY { - POBJECT_DIRECTORY_ITEM HashEntries[0x25]; - POBJECT_DIRECTORY_ITEM LastHashAccess; - ULONG LastHashResult; -} OBJECT_DIRECTORY, *POBJECT_DIRECTORY; - -typedef struct _OBJECT_HANDLE_ATTRIBUTE_INFO { - BOOLEAN Inherit; - BOOLEAN ProtectFromClose; -} OBJECT_HANDLE_ATTRIBUTE_INFO, *POBJECT_HANDLE_ATTRIBUTE_INFO; - -typedef struct _OBJECT_HANDLE_DB { - union { - struct _EPROCESS *Process; - struct _OBJECT_HANDLE_DB_LIST *HandleDBList; - }; - ULONG HandleCount; -} OBJECT_HANDLE_DB, *POBJECT_HANDLE_DB; - -typedef struct _OBJECT_HANDLE_DB_LIST { - ULONG Count; - OBJECT_HANDLE_DB Entries[1]; -} OBJECT_HANDLE_DB_LIST, *POBJECT_HANDLE_DB_LIST; - -typedef struct _OBJECT_HEADER_FLAGS { - ULONG NameInfoOffset : 8; - ULONG HandleInfoOffset : 8; - ULONG QuotaInfoOffset : 8; - ULONG QuotaBlock : 1; // QuotaBlock/ObjectInfo - ULONG KernelMode : 1; // UserMode/KernelMode - ULONG CreatorInfo : 1; - ULONG Exclusive : 1; - ULONG Permanent : 1; - ULONG SecurityDescriptor : 1; - ULONG HandleInfo : 1; - ULONG Reserved : 1; -} OBJECT_HEADER_FLAGS, *POBJECT_HEADER_FLAGS; - -typedef struct _OBJECT_HEADER { - ULONG ReferenceCount; - union { - ULONG HandleCount; - PSINGLE_LIST_ENTRY NextToFree; - }; // 0x4 - POBJECT_TYPE ObjectType; // 0x8 - OBJECT_HEADER_FLAGS Flags; // 0xc - union { - POBJECT_CREATE_INFORMATION ObjectCreateInfo; - PQUOTA_BLOCK QuotaBlock; - }; // 0x10 - PSECURITY_DESCRIPTOR SecurityDescriptor; // 0x14 - QUAD Body; // 0x18 -} OBJECT_HEADER, *POBJECT_HEADER; - -typedef struct _OBJECT_NAME { - POBJECT_DIRECTORY Directory; - UNICODE_STRING ObjectName; - ULONG Reserved; -} OBJECT_NAME, *POBJECT_NAME; - -typedef struct _OBJECT_NAME_INFO { - UNICODE_STRING ObjectName; - WCHAR ObjectNameBuffer[1]; -} OBJECT_NAME_INFO, *POBJECT_NAME_INFO; - -typedef struct _OBJECT_PROTECTION_INFO { - BOOLEAN Inherit; - BOOLEAN ProtectHandle; -} OBJECT_PROTECTION_INFO, *POBJECT_PROTECTION_INFO; - -typedef struct _OBJECT_QUOTA_CHARGES { - ULONG PagedPoolCharge; - ULONG NonPagedPoolCharge; - ULONG SecurityCharge; - ULONG Reserved; -} OBJECT_QUOTA_CHARGES, *POBJECT_QUOTA_CHARGES; - -typedef struct _OBJECT_QUOTA_INFO { - ULONG PagedPoolQuota; - ULONG NonPagedPoolQuota; - ULONG QuotaInformationSize; - PEPROCESS Process; // Owning process -} OBJECT_QUOTA_INFO, *POBJECT_QUOTA_INFO; - -typedef struct _OBJECT_TYPE_INITIALIZER { - USHORT Length; - BOOLEAN UseDefaultObject; - BOOLEAN Reserved1; - ULONG InvalidAttributes; - GENERIC_MAPPING GenericMapping; - ACCESS_MASK ValidAccessMask; - BOOLEAN SecurityRequired; - BOOLEAN MaintainHandleCount; /* OBJECT_HANDLE_DB */ - BOOLEAN MaintainTypeList; /* OBJECT_CREATOR_INFO */ - UCHAR Reserved2; - BOOLEAN PagedPool; - ULONG DefaultPagedPoolCharge; - ULONG DefaultNonPagedPoolCharge; - PVOID DumpProcedure; - PVOID OpenProcedure; - PVOID CloseProcedure; - PVOID DeleteProcedure; - PVOID ParseProcedure; - PVOID SecurityProcedure; /* SeDefaultObjectMethod */ - PVOID QueryNameProcedure; - PVOID OkayToCloseProcedure; -} OBJECT_TYPE_INITIALIZER, *POBJECT_TYPE_INITIALIZER; - -typedef struct _OBJECT_TYPE { - ERESOURCE Lock; - LIST_ENTRY ObjectListHead; /* OBJECT_CREATOR_INFO */ - UNICODE_STRING ObjectTypeName; - union { - PVOID DefaultObject; /* ObpDefaultObject */ - ULONG Code; /* File: 5C, WaitablePort: A0 */ - }; - ULONG ObjectTypeIndex; /* OB_TYPE_INDEX_* */ - ULONG ObjectCount; - ULONG HandleCount; - ULONG PeakObjectCount; - ULONG PeakHandleCount; - OBJECT_TYPE_INITIALIZER TypeInfo; - ULONG ObjectTypeTag; /* OB_TYPE_TAG_* */ -} OBJECT_TYPE, *POBJECT_TYPE; - -typedef struct _OBJECT_TYPE_INFO { - UNICODE_STRING ObjectTypeName; - UCHAR Unknown[0x58]; - WCHAR ObjectTypeNameBuffer[1]; -} OBJECT_TYPE_INFO, *POBJECT_TYPE_INFO; - -typedef struct _OBJECT_ALL_TYPES_INFO { - ULONG NumberOfObjectTypes; - OBJECT_TYPE_INFO ObjectsTypeInfo[1]; -} OBJECT_ALL_TYPES_INFO, *POBJECT_ALL_TYPES_INFO; - -typedef struct _PAGEFAULT_HISTORY { - ULONG CurrentIndex; - ULONG MaxIndex; - KSPIN_LOCK SpinLock; - PVOID Reserved; - PROCESS_WS_WATCH_INFORMATION WatchInfo[1]; -} PAGEFAULT_HISTORY, *PPAGEFAULT_HISTORY; - -typedef struct _PATHNAME_BUFFER { - ULONG PathNameLength; - WCHAR Name[1]; -} PATHNAME_BUFFER, *PPATHNAME_BUFFER; - -#if (VER_PRODUCTBUILD >= 2600) - -typedef struct _PRIVATE_CACHE_MAP_FLAGS { - ULONG DontUse : 16; - ULONG ReadAheadActive : 1; - ULONG ReadAheadEnabled : 1; - ULONG Available : 14; -} PRIVATE_CACHE_MAP_FLAGS, *PPRIVATE_CACHE_MAP_FLAGS; - -typedef struct _PRIVATE_CACHE_MAP { - union { - CSHORT NodeTypeCode; - PRIVATE_CACHE_MAP_FLAGS Flags; - ULONG UlongFlags; - }; - ULONG ReadAheadMask; - PFILE_OBJECT FileObject; - LARGE_INTEGER FileOffset1; - LARGE_INTEGER BeyondLastByte1; - LARGE_INTEGER FileOffset2; - LARGE_INTEGER BeyondLastByte2; - LARGE_INTEGER ReadAheadOffset[2]; - ULONG ReadAheadLength[2]; - KSPIN_LOCK ReadAheadSpinLock; - LIST_ENTRY PrivateLinks; -} PRIVATE_CACHE_MAP, *PPRIVATE_CACHE_MAP; - -#endif - -typedef struct _PROCESS_PRIORITY_CLASS { - BOOLEAN Foreground; - UCHAR PriorityClass; -} PROCESS_PRIORITY_CLASS, *PPROCESS_PRIORITY_CLASS; - -typedef struct _PS_IMPERSONATION_INFORMATION { - PACCESS_TOKEN Token; - BOOLEAN CopyOnOpen; - BOOLEAN EffectiveOnly; - SECURITY_IMPERSONATION_LEVEL ImpersonationLevel; -} PS_IMPERSONATION_INFORMATION, *PPS_IMPERSONATION_INFORMATION; - -typedef struct _PUBLIC_BCB { - CSHORT NodeTypeCode; - CSHORT NodeByteSize; - ULONG MappedLength; - LARGE_INTEGER MappedFileOffset; -} PUBLIC_BCB, *PPUBLIC_BCB; - -typedef struct _QUERY_PATH_REQUEST { - ULONG PathNameLength; - PIO_SECURITY_CONTEXT SecurityContext; - WCHAR FilePathName[1]; -} QUERY_PATH_REQUEST, *PQUERY_PATH_REQUEST; - -typedef struct _QUERY_PATH_RESPONSE { - ULONG LengthAccepted; -} QUERY_PATH_RESPONSE, *PQUERY_PATH_RESPONSE; - -#if (VER_PRODUCTBUILD >= 2600) - -typedef struct _READ_LIST { - PFILE_OBJECT FileObject; - ULONG NumberOfEntries; - LOGICAL IsImage; - FILE_SEGMENT_ELEMENT List[ANYSIZE_ARRAY]; -} READ_LIST, *PREAD_LIST; - -#endif // (VER_PRODUCTBUILD >= 2600) - -typedef struct _REPARSE_DATA_BUFFER { - - ULONG ReparseTag; - USHORT ReparseDataLength; - USHORT Reserved; - - union { - - struct { - USHORT SubstituteNameOffset; - USHORT SubstituteNameLength; - USHORT PrintNameOffset; - USHORT PrintNameLength; - WCHAR PathBuffer[1]; - } SymbolicLinkReparseBuffer; - - struct { - USHORT SubstituteNameOffset; - USHORT SubstituteNameLength; - USHORT PrintNameOffset; - USHORT PrintNameLength; - WCHAR PathBuffer[1]; - } MountPointReparseBuffer; - - struct { - UCHAR DataBuffer[1]; - } GenericReparseBuffer; - }; - -} REPARSE_DATA_BUFFER, *PREPARSE_DATA_BUFFER; - -typedef struct _RETRIEVAL_POINTERS_BUFFER { - ULONG ExtentCount; - LARGE_INTEGER StartingVcn; - struct { - LARGE_INTEGER NextVcn; - LARGE_INTEGER Lcn; - } Extents[1]; -} RETRIEVAL_POINTERS_BUFFER, *PRETRIEVAL_POINTERS_BUFFER; - -typedef struct _RTL_SPLAY_LINKS { - struct _RTL_SPLAY_LINKS *Parent; - struct _RTL_SPLAY_LINKS *LeftChild; - struct _RTL_SPLAY_LINKS *RightChild; -} RTL_SPLAY_LINKS, *PRTL_SPLAY_LINKS; - -typedef struct _SE_EXPORTS { - - LUID SeCreateTokenPrivilege; - LUID SeAssignPrimaryTokenPrivilege; - LUID SeLockMemoryPrivilege; - LUID SeIncreaseQuotaPrivilege; - LUID SeUnsolicitedInputPrivilege; - LUID SeTcbPrivilege; - LUID SeSecurityPrivilege; - LUID SeTakeOwnershipPrivilege; - LUID SeLoadDriverPrivilege; - LUID SeCreatePagefilePrivilege; - LUID SeIncreaseBasePriorityPrivilege; - LUID SeSystemProfilePrivilege; - LUID SeSystemtimePrivilege; - LUID SeProfileSingleProcessPrivilege; - LUID SeCreatePermanentPrivilege; - LUID SeBackupPrivilege; - LUID SeRestorePrivilege; - LUID SeShutdownPrivilege; - LUID SeDebugPrivilege; - LUID SeAuditPrivilege; - LUID SeSystemEnvironmentPrivilege; - LUID SeChangeNotifyPrivilege; - LUID SeRemoteShutdownPrivilege; - - PSID SeNullSid; - PSID SeWorldSid; - PSID SeLocalSid; - PSID SeCreatorOwnerSid; - PSID SeCreatorGroupSid; - - PSID SeNtAuthoritySid; - PSID SeDialupSid; - PSID SeNetworkSid; - PSID SeBatchSid; - PSID SeInteractiveSid; - PSID SeLocalSystemSid; - PSID SeAliasAdminsSid; - PSID SeAliasUsersSid; - PSID SeAliasGuestsSid; - PSID SeAliasPowerUsersSid; - PSID SeAliasAccountOpsSid; - PSID SeAliasSystemOpsSid; - PSID SeAliasPrintOpsSid; - PSID SeAliasBackupOpsSid; - - PSID SeAuthenticatedUsersSid; - - PSID SeRestrictedSid; - PSID SeAnonymousLogonSid; - - LUID SeUndockPrivilege; - LUID SeSyncAgentPrivilege; - LUID SeEnableDelegationPrivilege; - -} SE_EXPORTS, *PSE_EXPORTS; - -typedef struct _SECTION_BASIC_INFORMATION { - PVOID BaseAddress; - ULONG Attributes; - LARGE_INTEGER Size; -} SECTION_BASIC_INFORMATION, *PSECTION_BASIC_INFORMATION; - -typedef struct _SECTION_IMAGE_INFORMATION { - PVOID EntryPoint; - ULONG Unknown1; - ULONG StackReserve; - ULONG StackCommit; - ULONG Subsystem; - USHORT MinorSubsystemVersion; - USHORT MajorSubsystemVersion; - ULONG Unknown2; - ULONG Characteristics; - USHORT ImageNumber; - BOOLEAN Executable; - UCHAR Unknown3; - ULONG Unknown4[3]; -} SECTION_IMAGE_INFORMATION, *PSECTION_IMAGE_INFORMATION; - -typedef struct _SECTION_OBJECT { - PVOID StartingVa; - PVOID EndingVa; - struct _SECTION_OBJECT *Parent; - struct _SECTION_OBJECT *LeftChild; - struct _SECTION_OBJECT *RightChild; - PVOID Segment; -} SECTION_OBJECT, *PSECTION_OBJECT; - -typedef struct _SEP_AUDIT_POLICY { - // _SEP_AUDIT_POLICY_CATEGORIES - ULONGLONG System : 4; - ULONGLONG Logon : 4; - ULONGLONG ObjectAccess : 4; - ULONGLONG PrivilegeUse : 4; - ULONGLONG DetailedTracking : 4; - ULONGLONG PolicyChange : 4; - ULONGLONG AccountManagement : 4; - ULONGLONG DirectoryServiceAccess : 4; - ULONGLONG AccountLogon : 4; - // _SEP_AUDIT_POLICY_OVERLAY - ULONGLONG SetBit : 1; -} SEP_AUDIT_POLICY, *PSEP_AUDIT_POLICY; - -/* size 0x1C */ -typedef struct _SEP_AUDIT_POLICY_VISTA { - UCHAR PerUserPolicy[25]; /* +0x000 */ - UCHAR PolicySetStatus; /* +0x019 */ - USHORT Alignment; /* +0x01A */ -} SEP_AUDIT_POLICY_VISTA, *PSEP_AUDIT_POLICY_VISTA; - -typedef struct _SERVICE_DESCRIPTOR_TABLE { - /* - * Table containing cServices elements of pointers to service handler - * functions, indexed by service ID. - */ - PVOID *ServiceTable; - /* - * Table that counts how many times each service is used. This table - * is only updated in checked builds. - */ - PULONG CounterTable; - /* - * Number of services contained in this table. - */ - ULONG TableSize; - /* - * Table containing the number of bytes of parameters the handler - * function takes. - */ - PUCHAR ArgumentTable; -} SERVICE_DESCRIPTOR_TABLE, *PSERVICE_DESCRIPTOR_TABLE; - -#if (VER_PRODUCTBUILD >= 2600) - -typedef struct _SHARED_CACHE_MAP { - CSHORT NodeTypeCode; - CSHORT NodeByteSize; - ULONG OpenCount; - LARGE_INTEGER FileSize; - LIST_ENTRY BcbList; - LARGE_INTEGER SectionSize; - LARGE_INTEGER ValidDataLength; - LARGE_INTEGER ValidDataGoal; - PVACB InitialVacbs[4]; - PVACB *Vacbs; - PFILE_OBJECT FileObject; - PVACB ActiveVacb; - PVOID NeedToZero; - ULONG ActivePage; - ULONG NeedToZeroPage; - KSPIN_LOCK ActiveVacbSpinLock; - ULONG VacbActiveCount; - ULONG DirtyPages; - LIST_ENTRY SharedCacheMapLinks; - ULONG Flags; - NTSTATUS Status; - PMBCB Mbcb; - PVOID Section; - PKEVENT CreateEvent; - PKEVENT WaitOnActiveCount; - ULONG PagesToWrite; - LONGLONG BeyondLastFlush; - PCACHE_MANAGER_CALLBACKS Callbacks; - PVOID LazyWriteContext; - LIST_ENTRY PrivateList; - PVOID LogHandle; - PVOID FlushToLsnRoutine; - ULONG DirtyPageThreshold; - ULONG LazyWritePassCount; - PCACHE_UNINITIALIZE_EVENT UninitializeEvent; - PVACB NeedToZeroVacb; - KSPIN_LOCK BcbSpinLock; - PVOID Reserved; - KEVENT Event; - EX_PUSH_LOCK VacbPushLock; - PRIVATE_CACHE_MAP PrivateCacheMap; -} SHARED_CACHE_MAP, *PSHARED_CACHE_MAP; - -#endif - -typedef struct _SID_AND_ATTRIBUTES { - PSID Sid; - ULONG Attributes; -} SID_AND_ATTRIBUTES, *PSID_AND_ATTRIBUTES; - -typedef struct _SID_AND_ATTRIBUTES_HASH { - ULONG SidCount; /* +0x000 */ - PSID_AND_ATTRIBUTES SidAttr; /* +0x004 */ - ULONG Hash[32]; /* +0x008 */ -} SID_AND_ATTRIBUTES_HASH, *PSID_AND_ATTRIBUTES_HASH; - -typedef struct _STARTING_VCN_INPUT_BUFFER { - LARGE_INTEGER StartingVcn; -} STARTING_VCN_INPUT_BUFFER, *PSTARTING_VCN_INPUT_BUFFER; - -// SystemBasicInformation -typedef struct _SYSTEM_BASIC_INFORMATION { - ULONG Unknown; - ULONG MaximumIncrement; - ULONG PhysicalPageSize; - ULONG NumberOfPhysicalPages; - ULONG LowestPhysicalPage; - ULONG HighestPhysicalPage; - ULONG AllocationGranularity; - ULONG LowestUserAddress; - ULONG HighestUserAddress; - ULONG ActiveProcessors; - UCHAR NumberProcessors; -} SYSTEM_BASIC_INFORMATION, *PSYSTEM_BASIC_INFORMATION; - -// SystemProcessorInformation -typedef struct _SYSTEM_PROCESSOR_INFORMATION { - USHORT ProcessorArchitecture; - USHORT ProcessorLevel; - USHORT ProcessorRevision; - USHORT Unknown; - ULONG FeatureBits; -} SYSTEM_PROCESSOR_INFORMATION, *PSYSTEM_PROCESSOR_INFORMATION; - -// SystemPerformanceInformation -typedef struct _SYSTEM_PERFORMANCE_INFORMATION { - LARGE_INTEGER IdleTime; - LARGE_INTEGER ReadTransferCount; - LARGE_INTEGER WriteTransferCount; - LARGE_INTEGER OtherTransferCount; - ULONG ReadOperationCount; - ULONG WriteOperationCount; - ULONG OtherOperationCount; - ULONG AvailablePages; - ULONG TotalCommittedPages; - ULONG TotalCommitLimit; - ULONG PeakCommitment; - ULONG PageFaults; - ULONG WriteCopyFaults; - ULONG TransistionFaults; - ULONG Reserved1; - ULONG DemandZeroFaults; - ULONG PagesRead; - ULONG PageReadIos; - ULONG Reserved2[2]; - ULONG PagefilePagesWritten; - ULONG PagefilePageWriteIos; - ULONG MappedFilePagesWritten; - ULONG MappedFilePageWriteIos; - ULONG PagedPoolUsage; - ULONG NonPagedPoolUsage; - ULONG PagedPoolAllocs; - ULONG PagedPoolFrees; - ULONG NonPagedPoolAllocs; - ULONG NonPagedPoolFrees; - ULONG TotalFreeSystemPtes; - ULONG SystemCodePage; - ULONG TotalSystemDriverPages; - ULONG TotalSystemCodePages; - ULONG SmallNonPagedLookasideListAllocateHits; - ULONG SmallPagedLookasideListAllocateHits; - ULONG Reserved3; - ULONG MmSystemCachePage; - ULONG PagedPoolPage; - ULONG SystemDriverPage; - ULONG FastReadNoWait; - ULONG FastReadWait; - ULONG FastReadResourceMiss; - ULONG FastReadNotPossible; - ULONG FastMdlReadNoWait; - ULONG FastMdlReadWait; - ULONG FastMdlReadResourceMiss; - ULONG FastMdlReadNotPossible; - ULONG MapDataNoWait; - ULONG MapDataWait; - ULONG MapDataNoWaitMiss; - ULONG MapDataWaitMiss; - ULONG PinMappedDataCount; - ULONG PinReadNoWait; - ULONG PinReadWait; - ULONG PinReadNoWaitMiss; - ULONG PinReadWaitMiss; - ULONG CopyReadNoWait; - ULONG CopyReadWait; - ULONG CopyReadNoWaitMiss; - ULONG CopyReadWaitMiss; - ULONG MdlReadNoWait; - ULONG MdlReadWait; - ULONG MdlReadNoWaitMiss; - ULONG MdlReadWaitMiss; - ULONG ReadAheadIos; - ULONG LazyWriteIos; - ULONG LazyWritePages; - ULONG DataFlushes; - ULONG DataPages; - ULONG ContextSwitches; - ULONG FirstLevelTbFills; - ULONG SecondLevelTbFills; - ULONG SystemCalls; -} SYSTEM_PERFORMANCE_INFORMATION, *PSYSTEM_PERFORMANCE_INFORMATION; - -// SystemTimeOfDayInformation -typedef struct _SYSTEM_TIME_OF_DAY_INFORMATION { - LARGE_INTEGER BootTime; - LARGE_INTEGER CurrentTime; - LARGE_INTEGER TimeZoneBias; - ULONG CurrentTimeZoneId; -} SYSTEM_TIME_OF_DAY_INFORMATION, *PSYSTEM_TIME_OF_DAY_INFORMATION; - -typedef struct _SYSTEM_THREADS_INFORMATION { - LARGE_INTEGER KernelTime; - LARGE_INTEGER UserTime; - LARGE_INTEGER CreateTime; - ULONG WaitTime; - PVOID StartAddress; - CLIENT_ID ClientId; - KPRIORITY Priority; - KPRIORITY BasePriority; - ULONG ContextSwitchCount; - THREAD_STATE State; - KWAIT_REASON WaitReason; -} SYSTEM_THREADS_INFORMATION, *PSYSTEM_THREADS_INFORMATION; - -// SystemProcessesAndThreadsInformation -typedef struct _SYSTEM_PROCESSES_INFORMATION { - ULONG NextEntryDelta; - ULONG ThreadCount; - ULONG Reserved1[6]; - LARGE_INTEGER CreateTime; - LARGE_INTEGER UserTime; - LARGE_INTEGER KernelTime; - UNICODE_STRING ProcessName; - KPRIORITY BasePriority; - ULONG ProcessId; - ULONG InheritedFromProcessId; - ULONG HandleCount; - ULONG SessionId; - ULONG Reserved2; - VM_COUNTERS VmCounters; -#if (VER_PRODUCTBUILD >= 2195) - IO_COUNTERS IoCounters; -#endif // (VER_PRODUCTBUILD >= 2195) - SYSTEM_THREADS_INFORMATION Threads[1]; -} SYSTEM_PROCESSES_INFORMATION, *PSYSTEM_PROCESSES_INFORMATION; - -// SystemCallCounts -typedef struct _SYSTEM_CALL_COUNTS { - ULONG Size; - ULONG NumberOfDescriptorTables; - ULONG NumberOfRoutinesInTable[1]; - // On checked build this is followed by a ULONG CallCounts[1] variable length array. -} SYSTEM_CALL_COUNTS, *PSYSTEM_CALL_COUNTS; - -// SystemConfigurationInformation -typedef struct _SYSTEM_CONFIGURATION_INFORMATION { - ULONG DiskCount; - ULONG FloppyCount; - ULONG CdRomCount; - ULONG TapeCount; - ULONG SerialCount; - ULONG ParallelCount; -} SYSTEM_CONFIGURATION_INFORMATION, *PSYSTEM_CONFIGURATION_INFORMATION; - -// SystemProcessorTimes -typedef struct _SYSTEM_PROCESSOR_TIMES { - LARGE_INTEGER IdleTime; - LARGE_INTEGER KernelTime; - LARGE_INTEGER UserTime; - LARGE_INTEGER DpcTime; - LARGE_INTEGER InterruptTime; - ULONG InterruptCount; -} SYSTEM_PROCESSOR_TIMES, *PSYSTEM_PROCESSOR_TIMES; - -// SystemGlobalFlag -typedef struct _SYSTEM_GLOBAL_FLAG { - ULONG GlobalFlag; -} SYSTEM_GLOBAL_FLAG, *PSYSTEM_GLOBAL_FLAG; - -// SystemModuleInformation -typedef struct _SYSTEM_MODULE_INFORMATION { - ULONG Reserved[2]; - PVOID Base; - ULONG Size; - ULONG Flags; - USHORT Index; - USHORT Unknown; - USHORT LoadCount; - USHORT ModuleNameOffset; - CHAR ImageName[256]; -} SYSTEM_MODULE_INFORMATION, *PSYSTEM_MODULE_INFORMATION; - -// SystemLockInformation -typedef struct _SYSTEM_LOCK_INFORMATION { - PVOID Address; - USHORT Type; - USHORT Reserved1; - ULONG ExclusiveOwnerThreadId; - ULONG ActiveCount; - ULONG ContentionCount; - ULONG Reserved2[2]; - ULONG NumberOfSharedWaiters; - ULONG NumberOfExclusiveWaiters; -} SYSTEM_LOCK_INFORMATION, *PSYSTEM_LOCK_INFORMATION; - -// SystemHandleInformation -typedef struct _SYSTEM_HANDLE_INFORMATION { - ULONG ProcessId; - UCHAR ObjectTypeNumber; - UCHAR Flags; - USHORT Handle; - PVOID Object; - ACCESS_MASK GrantedAccess; -} SYSTEM_HANDLE_INFORMATION, *PSYSTEM_HANDLE_INFORMATION; - -// SystemObjectInformation -typedef struct _SYSTEM_OBJECT_TYPE_INFORMATION { - ULONG NextEntryOffset; - ULONG ObjectCount; - ULONG HandleCount; - ULONG TypeNumber; - ULONG InvalidAttributes; - GENERIC_MAPPING GenericMapping; - ACCESS_MASK ValidAccessMask; - POOL_TYPE PoolType; - UCHAR Unknown; - UNICODE_STRING Name; -} SYSTEM_OBJECT_TYPE_INFORMATION, *PSYSTEM_OBJECT_TYPE_INFORMATION; - -typedef struct _SYSTEM_OBJECT_INFORMATION { - ULONG NextEntryOffset; - PVOID Object; - ULONG CreatorProcessId; - USHORT Unknown; - USHORT Flags; - ULONG PointerCount; - ULONG HandleCount; - ULONG PagedPoolUsage; - ULONG NonPagedPoolUsage; - ULONG ExclusiveProcessId; - PSECURITY_DESCRIPTOR SecurityDescriptor; - UNICODE_STRING Name; -} SYSTEM_OBJECT_INFORMATION, *PSYSTEM_OBJECT_INFORMATION; - -// SystemPagefileInformation -typedef struct _SYSTEM_PAGEFILE_INFORMATION { - ULONG NextEntryOffset; - ULONG CurrentSize; - ULONG TotalUsed; - ULONG PeakUsed; - UNICODE_STRING FileName; -} SYSTEM_PAGEFILE_INFORMATION, *PSYSTEM_PAGEFILE_INFORMATION; - -// SystemInstructionEmulationCounts -typedef struct _SYSTEM_INSTRUCTION_EMULATION_COUNTS { - ULONG GenericInvalidOpcode; - ULONG TwoByteOpcode; - ULONG ESprefix; - ULONG CSprefix; - ULONG SSprefix; - ULONG DSprefix; - ULONG FSPrefix; - ULONG GSprefix; - ULONG OPER32prefix; - ULONG ADDR32prefix; - ULONG INSB; - ULONG INSW; - ULONG OUTSB; - ULONG OUTSW; - ULONG PUSHFD; - ULONG POPFD; - ULONG INTnn; - ULONG INTO; - ULONG IRETD; - ULONG FloatingPointOpcode; - ULONG INBimm; - ULONG INWimm; - ULONG OUTBimm; - ULONG OUTWimm; - ULONG INB; - ULONG INW; - ULONG OUTB; - ULONG OUTW; - ULONG LOCKprefix; - ULONG REPNEprefix; - ULONG REPprefix; - ULONG CLI; - ULONG STI; - ULONG HLT; -} SYSTEM_INSTRUCTION_EMULATION_COUNTS, *PSYSTEM_INSTRUCTION_EMULATION_COUNTS; - -// SystemCacheInformation -typedef struct _SYSTEM_CACHE_INFORMATION { - ULONG SystemCacheWsSize; - ULONG SystemCacheWsPeakSize; - ULONG SystemCacheWsFaults; - ULONG SystemCacheWsMinimum; - ULONG SystemCacheWsMaximum; - ULONG TransitionSharedPages; - ULONG TransitionSharedPagesPeak; - ULONG Reserved[2]; -} SYSTEM_CACHE_INFORMATION, *PSYSTEM_CACHE_INFORMATION; - -// SystemPoolTagInformation -typedef struct _SYSTEM_POOL_TAG_INFORMATION { - CHAR Tag[4]; - ULONG PagedPoolAllocs; - ULONG PagedPoolFrees; - ULONG PagedPoolUsage; - ULONG NonPagedPoolAllocs; - ULONG NonPagedPoolFrees; - ULONG NonPagedPoolUsage; -} SYSTEM_POOL_TAG_INFORMATION, *PSYSTEM_POOL_TAG_INFORMATION; - -// SystemProcessorStatistics -typedef struct _SYSTEM_PROCESSOR_STATISTICS { - ULONG ContextSwitches; - ULONG DpcCount; - ULONG DpcRequestRate; - ULONG TimeIncrement; - ULONG DpcBypassCount; - ULONG ApcBypassCount; -} SYSTEM_PROCESSOR_STATISTICS, *PSYSTEM_PROCESSOR_STATISTICS; - -// SystemDpcInformation -typedef struct _SYSTEM_DPC_INFORMATION { - ULONG Reserved; - ULONG MaximumDpcQueueDepth; - ULONG MinimumDpcRate; - ULONG AdjustDpcThreshold; - ULONG IdealDpcRate; -} SYSTEM_DPC_INFORMATION, *PSYSTEM_DPC_INFORMATION; - -// SystemLoadImage -typedef struct _SYSTEM_LOAD_IMAGE { - UNICODE_STRING ModuleName; - PVOID ModuleBase; - PVOID Unknown; - PVOID EntryPoint; - PVOID ExportDirectory; -} SYSTEM_LOAD_IMAGE, *PSYSTEM_LOAD_IMAGE; - -// SystemUnloadImage -typedef struct _SYSTEM_UNLOAD_IMAGE { - PVOID ModuleBase; -} SYSTEM_UNLOAD_IMAGE, *PSYSTEM_UNLOAD_IMAGE; - -// SystemTimeAdjustment -typedef struct _SYSTEM_QUERY_TIME_ADJUSTMENT { - ULONG TimeAdjustment; - ULONG MaximumIncrement; - BOOLEAN TimeSynchronization; -} SYSTEM_QUERY_TIME_ADJUSTMENT, *PSYSTEM_QUERY_TIME_ADJUSTMENT; - -// SystemTimeAdjustment -typedef struct _SYSTEM_SET_TIME_ADJUSTMENT { - ULONG TimeAdjustment; - BOOLEAN TimeSynchronization; -} SYSTEM_SET_TIME_ADJUSTMENT, *PSYSTEM_SET_TIME_ADJUSTMENT; - -// SystemCrashDumpInformation -typedef struct _SYSTEM_CRASH_DUMP_INFORMATION { - HANDLE CrashDumpSectionHandle; -#if (VER_PRODUCTBUILD >= 2195) - HANDLE Unknown; -#endif // (VER_PRODUCTBUILD >= 2195) -} SYSTEM_CRASH_DUMP_INFORMATION, *PSYSTEM_CRASH_DUMP_INFORMATION; - -// SystemExceptionInformation -typedef struct _SYSTEM_EXCEPTION_INFORMATION { - ULONG AlignmentFixupCount; - ULONG ExceptionDispatchCount; - ULONG FloatingEmulationCount; - ULONG Reserved; -} SYSTEM_EXCEPTION_INFORMATION, *PSYSTEM_EXCEPTION_INFORMATION; - -// SystemCrashDumpStateInformation -typedef struct _SYSTEM_CRASH_DUMP_STATE_INFORMATION { - ULONG ValidCrashDump; -#if (VER_PRODUCTBUILD >= 2195) - ULONG Unknown; -#endif // (VER_PRODUCTBUILD >= 2195) -} SYSTEM_CRASH_DUMP_STATE_INFORMATION, *PSYSTEM_CRASH_DUMP_STATE_INFORMATION; - -// SystemKernelDebuggerInformation -typedef struct _SYSTEM_KERNEL_DEBUGGER_INFORMATION { - BOOLEAN DebuggerEnabled; - BOOLEAN DebuggerNotPresent; -} SYSTEM_KERNEL_DEBUGGER_INFORMATION, *PSYSTEM_KERNEL_DEBUGGER_INFORMATION; - -// SystemContextSwitchInformation -typedef struct _SYSTEM_CONTEXT_SWITCH_INFORMATION { - ULONG ContextSwitches; - ULONG ContextSwitchCounters[11]; -} SYSTEM_CONTEXT_SWITCH_INFORMATION, *PSYSTEM_CONTEXT_SWITCH_INFORMATION; - -// SystemRegistryQuotaInformation -typedef struct _SYSTEM_REGISTRY_QUOTA_INFORMATION { - ULONG RegistryQuota; - ULONG RegistryQuotaInUse; - ULONG PagedPoolSize; -} SYSTEM_REGISTRY_QUOTA_INFORMATION, *PSYSTEM_REGISTRY_QUOTA_INFORMATION; - -// SystemLoadAndCallImage -typedef struct _SYSTEM_LOAD_AND_CALL_IMAGE { - UNICODE_STRING ModuleName; -} SYSTEM_LOAD_AND_CALL_IMAGE, *PSYSTEM_LOAD_AND_CALL_IMAGE; - -// SystemPrioritySeparation -typedef struct _SYSTEM_PRIORITY_SEPARATION { - ULONG PrioritySeparation; -} SYSTEM_PRIORITY_SEPARATION, *PSYSTEM_PRIORITY_SEPARATION; - -// SystemTimeZoneInformation -typedef struct _SYSTEM_TIME_ZONE_INFORMATION { - LONG Bias; - WCHAR StandardName[32]; - TIME_FIELDS StandardDate; - LONG StandardBias; - WCHAR DaylightName[32]; - TIME_FIELDS DaylightDate; - LONG DaylightBias; -} SYSTEM_TIME_ZONE_INFORMATION, *PSYSTEM_TIME_ZONE_INFORMATION; - -// SystemLookasideInformation -typedef struct _SYSTEM_LOOKASIDE_INFORMATION { - USHORT Depth; - USHORT MaximumDepth; - ULONG TotalAllocates; - ULONG AllocateMisses; - ULONG TotalFrees; - ULONG FreeMisses; - POOL_TYPE Type; - ULONG Tag; - ULONG Size; -} SYSTEM_LOOKASIDE_INFORMATION, *PSYSTEM_LOOKASIDE_INFORMATION; - -// SystemSetTimeSlipEvent -typedef struct _SYSTEM_SET_TIME_SLIP_EVENT { - HANDLE TimeSlipEvent; -} SYSTEM_SET_TIME_SLIP_EVENT, *PSYSTEM_SET_TIME_SLIP_EVENT; - -// SystemCreateSession -typedef struct _SYSTEM_CREATE_SESSION { - ULONG Session; -} SYSTEM_CREATE_SESSION, *PSYSTEM_CREATE_SESSION; - -// SystemDeleteSession -typedef struct _SYSTEM_DELETE_SESSION { - ULONG Session; -} SYSTEM_DELETE_SESSION, *PSYSTEM_DELETE_SESSION; - -// SystemRangeStartInformation -typedef struct _SYSTEM_RANGE_START_INFORMATION { - PVOID SystemRangeStart; -} SYSTEM_RANGE_START_INFORMATION, *PSYSTEM_RANGE_START_INFORMATION; - -// SystemSessionProcessesInformation -typedef struct _SYSTEM_SESSION_PROCESS_INFORMATION { - ULONG SessionId; - ULONG BufferSize; - PVOID Buffer; -} SYSTEM_SESSION_PROCESS_INFORMATION, *PSYSTEM_SESSION_PROCESS_INFORMATION; - -typedef struct _GDI_TEB_BATCH { - ULONG Offset; - ULONG HDC; - ULONG Buffer[(VER_PRODUCTBUILD >= 2195) ? 0x133 : 0x136]; -} GDI_TEB_BATCH, *PGDI_TEB_BATCH; - -#if (VER_PRODUCTBUILD >= 2600) - -typedef struct _RTL_ACTIVATION_CONTEXT_STACK_FRAME { - struct _RTL_ACTIVATION_CONTEXT_STACK_FRAME* Previous; - struct _ACTIVATION_CONTEXT* ActivationContext; // 0x4 - ULONG Flags; // 0x8 -} RTL_ACTIVATION_CONTEXT_STACK_FRAME, *PRTL_ACTIVATION_CONTEXT_STACK_FRAME; - -typedef struct _ACTIVATION_CONTEXT_STACK { - ULONG Flags; - ULONG NextCookieSequenceNumber; - PRTL_ACTIVATION_CONTEXT_STACK_FRAME ActiveFrame; // 0x8 - LIST_ENTRY FrameListCache; // 0xc -} ACTIVATION_CONTEXT_STACK, *PACTIVATION_CONTEXT_STACK; - -#endif // (VER_PRODUCTBUILD >= 2600) - -typedef struct _Wx86ThreadState { - PULONG CallBx86Eip; - PVOID DeallocationCpu; - UCHAR UseKnownWx86Dll; // 0x8 - UCHAR OleStubInvoked; // 0x9 -} Wx86ThreadState, *PWx86ThreadState; - -typedef struct _TEB_ACTIVE_FRAME_CONTEXT { - ULONG Flags; - PCHAR FrameName; -} TEB_ACTIVE_FRAME_CONTEXT, *PTEB_ACTIVE_FRAME_CONTEXT; - -typedef struct _TEB_ACTIVE_FRAME { - ULONG Flags; - struct _TEB_ACTIVE_FRAME *Previous; - PTEB_ACTIVE_FRAME_CONTEXT Context; -} TEB_ACTIVE_FRAME, *PTEB_ACTIVE_FRAME; - -typedef struct _TEB // from Reactos, Native API; checked and corrected for 2003 and nt 4.0 - // should also work on XP and 2000 - // the reactos version was probably from NT 3.51 SP3 -{ - NT_TIB Tib; /* 00h */ - PVOID EnvironmentPointer; /* 1Ch */ - CLIENT_ID Cid; /* 20h */ - HANDLE RpcHandle; /* 28h */ - PVOID *ThreadLocalStorage; /* 2Ch */ - PPEB Peb; /* 30h */ - ULONG LastErrorValue; /* 34h */ - ULONG CountOfOwnedCriticalSections; /* 38h */ - PVOID CsrClientThread; /* 3Ch */ - struct _W32THREAD* Win32ThreadInfo; /* 40h */ - ULONG User32Reserved[26]; /* 44h */ - ULONG UserReserved[5]; /* ACh */ - PVOID WOW32Reserved; /* C0h */ - LCID CurrentLocale; /* C4h */ - ULONG FpSoftwareStatusRegister; /* C8h */ - PVOID SystemReserved1[0x36]; /* CCh */ -#if (VER_PRODUCTBUILD <= 1381) - PVOID Spare1; /* 1A4h */ -#endif - LONG ExceptionCode; /* 1A4h */ -#if (VER_PRODUCTBUILD >= 2600) - ACTIVATION_CONTEXT_STACK - ActivationContextStack; /* 1A8h */ - UCHAR SpareBytes1[24]; /* 1BCh */ -#elif (VER_PRODUCTBUILD >= 2195) - UCHAR SpareBytes1[0x2c]; /* 1A8h */ -#else /* nt 4.0 */ - ULONG SpareBytes1[0x14]; /* 1ACh */ -#endif - GDI_TEB_BATCH GdiTebBatch; /* 1D4h */ /* 1FC for nt 4.0 */ - ULONG gdiRgn; /* 6A8h */ /* 6DCh for nt 4.0 */ - ULONG gdiPen; /* 6ACh */ - ULONG gdiBrush; /* 6B0h */ - CLIENT_ID RealClientId; /* 6B4h */ /* 6E8h for nt 4.0 */ - PVOID GdiCachedProcessHandle; /* 6BCh */ - ULONG GdiClientPID; /* 6C0h */ - ULONG GdiClientTID; /* 6C4h */ - PVOID GdiThreadLocaleInfo; /* 6C8h */ -#if (VER_PRODUCTBUILD == 1381) - PVOID Win32ClientInfo[5]; /* 700h */ - PVOID glDispatchTable[0x118]; /* 714h */ - ULONG glReserved1[0x1a]; /* B74h */ -#else - PVOID Win32ClientInfo[0x3e]; /* 6CCh */ - PVOID glDispatchTable[0xe9]; /* 7C4h */ - ULONG glReserved1[0x1d]; /* B68h */ -#endif - PVOID glReserved2; /* BDCh */ - PVOID glSectionInfo; /* BE0h */ - PVOID glSection; /* BE4h */ - PVOID glTable; /* BE8h */ - PVOID glCurrentRC; /* BECh */ - PVOID glContext; /* BF0h */ - NTSTATUS LastStatusValue; /* BF4h */ - UNICODE_STRING StaticUnicodeString; /* BF8h */ - WCHAR StaticUnicodeBuffer[0x105]; /* C00h */ - PVOID DeallocationStack; /* E0Ch */ - PVOID TlsSlots[0x40]; /* E10h */ - LIST_ENTRY TlsLinks; /* F10h */ - PVOID Vdm; /* F18h */ - PVOID ReservedForNtRpc; /* F1Ch */ - PVOID DbgSsReserved[0x2]; /* F20h */ - ULONG HardErrorDisabled; /* F28h */ - PVOID Instrumentation[0x10]; /* F2Ch */ - PVOID WinSockData; /* F6Ch */ - ULONG GdiBatchCount; /* F70h */ - BOOLEAN InDbgPrint; /* F74h */ - BOOLEAN FreeStackOnTermination; /* F75h */ - BOOLEAN HasFiberData; /* F76h */ - UCHAR IdealProcessor; /* F77h */ - ULONG Spare3; /* F78h */ - ULONG ReservedForPerf; /* F7Ch */ - PVOID ReservedForOle; /* F80h */ - ULONG WaitingOnLoaderLock; /* F84h */ -#if (VER_PRODUCTBUILD >= 2195) - Wx86ThreadState Wx86Thread; /* F88h */ - PVOID* TlsExpansionSlots; /* F94h */ - ULONG ImpersonationLocale; /* F98h */ - ULONG IsImpersonating; /* F9Ch */ - PVOID NlsCache; /* FA0h */ - PVOID pShimData; /* FA4h */ - ULONG HeapVirtualAffinity; /* FA8h */ - PVOID CurrentTransactionHandle; /* FACh */ - PTEB_ACTIVE_FRAME ActiveFrame; /* FB0h*/ - PVOID FlsSlots; /* FB4h */ -#endif -} TEB, *PTEB; - -typedef struct _TERMINATION_PORT { - struct _TERMINATION_PORT* Next; - PVOID Port; -} TERMINATION_PORT, *PTERMINATION_PORT; - -typedef struct _THREAD_BASIC_INFORMATION { - NTSTATUS ExitStatus; - PVOID TebBaseAddress; - ULONG UniqueProcessId; - ULONG UniqueThreadId; - KAFFINITY AffinityMask; - KPRIORITY BasePriority; - ULONG DiffProcessPriority; -} THREAD_BASIC_INFORMATION, *PTHREAD_BASIC_INFORMATION; - -typedef struct _TOKEN_SOURCE { - CCHAR SourceName[TOKEN_SOURCE_LENGTH]; - LUID SourceIdentifier; -} TOKEN_SOURCE, *PTOKEN_SOURCE; - -typedef struct _TOKEN_CONTROL { - LUID TokenId; - LUID AuthenticationId; - LUID ModifiedId; - TOKEN_SOURCE TokenSource; -} TOKEN_CONTROL, *PTOKEN_CONTROL; - -typedef struct _TOKEN_DEFAULT_DACL { - PACL DefaultDacl; -} TOKEN_DEFAULT_DACL, *PTOKEN_DEFAULT_DACL; - -typedef struct _TOKEN_GROUPS { - ULONG GroupCount; - SID_AND_ATTRIBUTES Groups[1]; -} TOKEN_GROUPS, *PTOKEN_GROUPS; - -/* XP SP2 has same TOKEN_OBJECT structure as Windows Server 2003 (stucture K23 in union). */ -#include -typedef union -{ - struct - { - TOKEN_SOURCE TokenSource; /* 0x0: CHAR SourceName[8] = "*SYSTEM*" | "User32 " + LUID SourceIdentifier = 0x10, *SYSTEM* id == 0 */ - LUID TokenId; /* 0x10: */ - LUID AuthenticationId; /* 0x18: */ - LARGE_INTEGER ExpirationTime; /* 0x20: -1 no expired. *SYSTEM* has expired? */ - LUID ModifiedId; /* 0x28: */ - ULONG UserAndGroupCount; /* 0x30: 3 */ - ULONG PrivilegeCount; /* 0x34: 14 */ - ULONG VariableLength; /* 0x38: 0x37C */ - ULONG DynamicCharged; /* 0x3C: 0x1F4 */ - ULONG DynamicAvailable; /* 0x40: 0x1A4 */ - ULONG DefaultOwnerIndex; /* 0x44: 1 */ - PSID_AND_ATTRIBUTES UserAndGroups;/* 0x48: TOKEN_USER Owners [UserAndGroupCount] DefaultOwnerIndex */ - PSID PrimaryGroup; /* 0x4C: */ - PLUID_AND_ATTRIBUTES Privileges;/* 0x50: */ - PULONG DynamicPart; /* 0x54: */ - PACL DefaultDacl; /* 0x58: */ - TOKEN_TYPE TokenType; /* 0x5C: TokenPrimary | TokenImpersonation */ - SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;/* 0x60: 0 */ - UCHAR TokenFlags; /* 0x64: 1 */ - BOOLEAN TokenInUse; /* 0x65: 1 */ - USHORT Alignment; /* 0x66: 0 */ - PVOID ProxyData; /* 0x68: 0 */ - PVOID AuditData; /* 0x6C: 0 */ - ULONG VariablePart; /* 0x70: */ - } NT; - struct - { - TOKEN_SOURCE TokenSource; /* 0x0: CHAR SourceName[8] = "*SYSTEM*" | "User32 " + LUID SourceIdentifier = 0x10 */ - LUID TokenId; /* 0x10: */ - LUID AuthenticationId; /* 0x18: */ - LUID ParentTokenId; /* 0x20: 0 */ - LARGE_INTEGER ExpirationTime; /* 0x28: -1 no expired */ - LUID ModifiedId; /* 0x30: */ - ULONG SessionId; /* 0x38: 0 */ - ULONG UserAndGroupCount; /* 0x3C: 9 */ - ULONG RestrictedSidCount; /*+0x40: 0 */ - ULONG PrivilegeCount; /* 0x44: 11 */ - ULONG VariableLength; /* 0x48: 0x1F0 */ - ULONG DynamicCharged; /* 0x4C: 0x1F4 */ - ULONG DynamicAvailable; /* 0x50: 0x1A4 */ - ULONG DefaultOwnerIndex; /* 0x54: 3 */ - PSID_AND_ATTRIBUTES UserAndGroups; /* 0x58: TOKEN_USER Owners [UserAndGroupCount] DefaultOwnerIndex */ - PSID_AND_ATTRIBUTES RestrictedSids;/* 0x5C: 0 */ - PSID PrimaryGroup; /* 0x60: */ - PLUID_AND_ATTRIBUTES Privileges;/* 0x64: */ - PULONG DynamicPart; /* 0x68: */ - PACL DefaultDacl; /* 0x6C: */ - TOKEN_TYPE TokenType; /* 0x70: TokenPrimary | TokenImpersonation */ - SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;/* 0x74: 0 */ - UCHAR TokenFlags; /* 0x78: 9 */ - BOOLEAN TokenInUse; /* 0x79: 1 */ - USHORT Alignment; /* 0x7A: 0 */ - PVOID ProxyData; /* 0x7C: 0 */ - PVOID AuditData; /* 0x80: 0 */ - ULONG VariablePart; /* 0x84: */ - } K2; - struct - { - TOKEN_SOURCE TokenSource; /* 0x0: CHAR SourceName[8] = "*SYSTEM*" | "User32 " + LUID SourceIdentifier = 0x10 */ - LUID TokenId; /* 0x10: 0x6F68 */ - LUID AuthenticationId; /* 0x18: */ - LUID ParentTokenId; /* 0x20: 0 */ - LARGE_INTEGER ExpirationTime; /* 0x28: -1 no expired */ - PERESOURCE TokenLock; /*+0x30: 0x8xxxxxxxx */ - LUID ModifiedId; /* 0x34: */ - ULONG SessionId; /* 0x3C: 0x6F6A */ - ULONG UserAndGroupCount; /* 0x40: 4 */ - ULONG RestrictedSidCount; /*+0x44: 0 */ - ULONG VariableLength; /* 0x48: 0x160 */ - ULONG DynamicCharged; /* 0x4C: 0x164 */ - ULONG DynamicAvailable; /* 0x50: 0x1F4 */ - ULONG PrivilegeCount; /* 0x54: 0 */ - ULONG DefaultOwnerIndex; /* 0x58: 1 */ - PSID_AND_ATTRIBUTES UserAndGroups; /* 0x5C: TOKEN_USER Owners [UserAndGroupCount] DefaultOwnerIndex */ - PSID_AND_ATTRIBUTES RestrictedSids;/* 0x60: 0 */ - PSID PrimaryGroup; /* 0x64: */ - PLUID_AND_ATTRIBUTES Privileges;/* 0x68: */ - PULONG DynamicPart; /* 0x6C: */ - PACL DefaultDacl; /* 0x70: */ - TOKEN_TYPE TokenType; /* 0x74: TokenPrimary | TokenImpersonation */ - SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;/* 0x78: 0 */ - UCHAR TokenFlags; /* 0x7C: 9 */ - BOOLEAN TokenInUse; /* 0x7D: 1 */ - USHORT Alignment; /* 0x7E: 4BB4 */ - PVOID ProxyData; /* 0x80: 0 */ - PVOID AuditData; /* 0x84: 0 */ - ULONG VariablePart; /* 0x88: */ - } XP; - struct - { - TOKEN_SOURCE TokenSource; /* 0x0: CHAR SourceName[8] = "*SYSTEM*" | "User32 " + LUID SourceIdentifier = 0x10 */ - LUID TokenId; /* 0x10: 0x6F68 */ - LUID AuthenticationId; /* 0x18: */ - LUID ParentTokenId; /* 0x20: 0 */ - LARGE_INTEGER ExpirationTime; /* 0x28: -1 no expired */ - PERESOURCE TokenLock; /*+0x30: 0x8xxxxxxxx */ - ULONG Padding64; /*+0x34: 0xXxxxxxxxx */ - SEP_AUDIT_POLICY AuditPolicy; /*+0x38: */ - LUID ModifiedId; /*+0x040: 0x6F6A */ - ULONG SessionId; /*+0x048: */ - ULONG UserAndGroupCount; /* 0x4C: 4 */ - ULONG RestrictedSidCount; /*+0x50: 0 */ - ULONG VariableLength; /* 0x54: 0x18 */ - ULONG DynamicCharged; /* 0x58: 0x17C */ - ULONG DynamicAvailable; /* 0x5C: 0x1F4 */ - ULONG PrivilegeCount; /* 0x60: 0 */ - ULONG DefaultOwnerIndex; /* 0x64: 1 */ - PSID_AND_ATTRIBUTES UserAndGroups; /* 0x68: TOKEN_USER Owners [UserAndGroupCount] DefaultOwnerIndex */ - PSID_AND_ATTRIBUTES RestrictedSids;/* 0x6C: 0 */ - PSID PrimaryGroup; /* 0x70: */ - PLUID_AND_ATTRIBUTES Privileges;/* 0x74: */ - PULONG DynamicPart; /* 0x78: */ - PACL DefaultDacl; /* 0x7C: */ - TOKEN_TYPE TokenType; /* 0x80: TokenPrimary | TokenImpersonation */ - SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;/* 0x84: 0 */ - UCHAR TokenFlags; /* 0x88: 9 */ - BOOLEAN TokenInUse; /* 0x89: 1 */ - USHORT Alignment; /* 0x8A: 4BB4 */ - PVOID ProxyData; /* 0x8C: 0x8xxxxxxxx */ - PVOID AuditData; /* 0x90: 0 */ - ULONG VariablePart; /* 0x94: */ - } K23; - struct - { - TOKEN_SOURCE TokenSource; /* +0x0: CHAR SourceName[8] = "*SYSTEM*" | "User32 " + LUID SourceIdentifier = 0x10 */ - LUID TokenId; /* +0x10: 0x6F68 */ - LUID AuthenticationId; /* +0x18: */ - LUID ParentTokenId; /* +0x20: 0 */ - LARGE_INTEGER ExpirationTime; /* +0x28: -1 no expired */ - PERESOURCE TokenLock; /* +0x30: 0x8xxxxxxxx */ - ULONG Padding64; /* +0x34: 0xXxxxxxxxx */ - SEP_AUDIT_POLICY AuditPolicy; /* +0x38: */ - LUID ModifiedId; /* +0x040: 0x6F6A */ - ULONG SessionId; /* +0x048: */ - ULONG UserAndGroupCount; /* +0x04c: 4 */ - ULONG RestrictedSidCount; /* +0x050: 0 */ - ULONG PrivilegeCount; /* +0x054: 0x18 */ - ULONG VariableLength; /* +0x058: 0x17C */ - ULONG DynamicCharged; /* +0x05c: 0x1F4 */ - ULONG DynamicAvailable; /* +0x060: 0 */ - ULONG DefaultOwnerIndex; /* +0x064: 1 */ - PSID_AND_ATTRIBUTES UserAndGroups; /* +0x68: TOKEN_USER Owners [UserAndGroupCount] DefaultOwnerIndex */ - PSID_AND_ATTRIBUTES RestrictedSids; /* +0x6C: 0 */ - PSID PrimaryGroup; /* +0x70: */ - PLUID_AND_ATTRIBUTES Privileges; /* +0x74: */ - PULONG DynamicPart; /* +0x78: */ - PACL DefaultDacl; /* +0x7C: */ - TOKEN_TYPE TokenType; /* +0x80: TokenPrimary | TokenImpersonation */ - SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;/* +0x84: 0 */ - UCHAR TokenFlags; /* +0x88: 9 */ - BOOLEAN TokenInUse; /* +0x89: 1 */ - USHORT Alignment; /* +0x8A: 4BB4 */ - PVOID ProxyData; /* +0x8C: 0x8xxxxxxxx */ - PVOID AuditData; /* +0x90: 0 */ - PVOID LogonSession; /* +0x94: */ - LUID OriginatingLogonSession;/* +0x98: */ - ULONG VariablePart; /* +0xa0: */ - } K23SP1; - struct - { - TOKEN_SOURCE TokenSource; /* +0x000 */ - LUID TokenId; /* +0x010 */ - LUID AuthenticationId; /* +0x018 */ - LUID ParentTokenId; /* +0x020 */ - LARGE_INTEGER ExpirationTime; /* +0x028 */ - PERESOURCE TokenLock; /* +0x030 */ - LUID ModifiedId; /* +0x034 */ - SEP_AUDIT_POLICY_VISTA AuditPolicy; /* +0x03c */ - ULONG SessionId; /* +0x058 */ - ULONG UserAndGroupCount; /* +0x05c */ - ULONG RestrictedSidCount; /* +0x060 */ - ULONG PrivilegeCount; /* +0x064 */ - ULONG VariableLength; /* +0x068 */ - ULONG DynamicCharged; /* +0x06c */ - ULONG DynamicAvailable; /* +0x070 */ - ULONG DefaultOwnerIndex; /* +0x074 */ - PSID_AND_ATTRIBUTES UserAndGroups; /* +0x078 */ - PSID_AND_ATTRIBUTES RestrictedSids; /* +0x07c */ - PSID PrimaryGroup; /* +0x080 */ - PLUID_AND_ATTRIBUTES Privileges; /* +0x084 */ - PULONG DynamicPart; /* +0x088 */ - PACL DefaultDacl; /* +0x08c */ - TOKEN_TYPE TokenType; /* +0x090 */ - SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;/* +0x094 */ - ULONG TokenFlags; /* +0x098 */ - BOOLEAN TokenInUse; /* +0x09c */ - BOOLEAN WriterPresent; /* +0x09d */ - USHORT Alignment; /* +0x09e */ - ULONG IntegrityLevelIndex; /* +0x0a0 */ - ULONG DesktopIntegrityLevelIndex;/* +0x0a4 */ - ULONG MandatoryPolicy; /* +0x0a8 */ - PVOID ProxyData; /* +0x0ac */ - PVOID AuditData; /* +0x0b0 */ - PVOID LogonSession; /* +0x0b4 */ - LUID OriginatingLogonSession;/* +0x0b8 */ - SID_AND_ATTRIBUTES_HASH SidHash; /* +0x0c0 */ - SID_AND_ATTRIBUTES_HASH RestrictedSidHash;/* +0x148 */ - ULONG VariablePart; /* +0x1d0 */ - } VISTA; - struct - { - TOKEN_SOURCE TokenSource; /* +0x000 */ - LUID TokenId; /* +0x010 */ - LUID AuthenticationId; /* +0x018 */ - LUID ParentTokenId; /* +0x020 */ - LARGE_INTEGER ExpirationTime; /* +0x028 */ - PERESOURCE TokenLock; /* +0x030 */ - SEP_AUDIT_POLICY AuditPolicy; /* +0x038 */ - LUID ModifiedId; /* +0x040 */ - ULONG SessionId; /* +0x048 */ - ULONG UserAndGroupCount; /* +0x04c */ - ULONG RestrictedSidCount; /* +0x050 */ - ULONG PrivilegeCount; /* +0x054 */ - ULONG VariableLength; /* +0x058 */ - ULONG DynamicCharged; /* +0x05c */ - ULONG DynamicAvailable; /* +0x060 */ - ULONG DefaultOwnerIndex; /* +0x064 */ - PSID_AND_ATTRIBUTES UserAndGroups; /* +0x068 */ - PSID_AND_ATTRIBUTES RestrictedSids; /* +0x070 */ - PSID PrimaryGroup; /* +0x078 */ - PLUID_AND_ATTRIBUTES Privileges; /* +0x080 */ - PULONG DynamicPart; /* +0x088 */ - PACL DefaultDacl; /* +0x090 */ - TOKEN_TYPE TokenType; /* +0x098 */ - SECURITY_IMPERSONATION_LEVEL ImpersonationLevel; /* +0x09c */ - UCHAR TokenFlags; /* +0x0a0 */ - BOOLEAN TokenInUse; /* +0x0a1 */ - UCHAR Padding64 [6]; /* +0x0a2 */ - PVOID ProxyData; /* +0x0a8 */ - PVOID AuditData; /* +0x0b0 */ - PVOID LogonSession; /* +0x0b8 */ - LUID OriginatingLogonSession;/* +0x0c0 */ - ULONG VariablePart; /* +0x0c8 */ - } XP64; /* equial 2K3SP1x64 */ - /* VariablePart */ -} TOKEN_OBJECT, *PTOKEN_OBJECT; -#include - -typedef struct _TOKEN_OWNER { - PSID Owner; -} TOKEN_OWNER, *PTOKEN_OWNER; - -typedef struct _TOKEN_PRIMARY_GROUP { - PSID PrimaryGroup; -} TOKEN_PRIMARY_GROUP, *PTOKEN_PRIMARY_GROUP; - -typedef struct _TOKEN_PRIVILEGES { - ULONG PrivilegeCount; - LUID_AND_ATTRIBUTES Privileges[1]; -} TOKEN_PRIVILEGES, *PTOKEN_PRIVILEGES; - -typedef struct _TOKEN_STATISTICS { - LUID TokenId; - LUID AuthenticationId; - LARGE_INTEGER ExpirationTime; - TOKEN_TYPE TokenType; - SECURITY_IMPERSONATION_LEVEL ImpersonationLevel; - ULONG DynamicCharged; - ULONG DynamicAvailable; - ULONG GroupCount; - ULONG PrivilegeCount; - LUID ModifiedId; -} TOKEN_STATISTICS, *PTOKEN_STATISTICS; - -typedef struct _TOKEN_USER { - SID_AND_ATTRIBUTES User; -} TOKEN_USER, *PTOKEN_USER; - -typedef struct _SECURITY_CLIENT_CONTEXT { - SECURITY_QUALITY_OF_SERVICE SecurityQos; - PACCESS_TOKEN ClientToken; - BOOLEAN DirectlyAccessClientToken; - BOOLEAN DirectAccessEffectiveOnly; - BOOLEAN ServerIsRemote; - TOKEN_CONTROL ClientTokenControl; -} SECURITY_CLIENT_CONTEXT, *PSECURITY_CLIENT_CONTEXT; - -typedef struct _TUNNEL { - FAST_MUTEX Mutex; - PRTL_SPLAY_LINKS Cache; - LIST_ENTRY TimerQueue; - USHORT NumEntries; -} TUNNEL, *PTUNNEL; - -typedef struct _VACB { - PVOID BaseAddress; - PSHARED_CACHE_MAP SharedCacheMap; - union { - LARGE_INTEGER FileOffset; - USHORT ActiveCount; - } Overlay; - LIST_ENTRY LruList; -} VACB, *PVACB; - -typedef struct _VAD_HEADER { - PVOID StartVPN; - PVOID EndVPN; - PVAD_HEADER ParentLink; - PVAD_HEADER LeftLink; - PVAD_HEADER RightLink; - ULONG Flags; // LSB = CommitCharge - PVOID ControlArea; - PVOID FirstProtoPte; - PVOID LastPTE; - ULONG Unknown; - LIST_ENTRY Secured; -} VAD_HEADER, *PVAD_HEADER; - -NTKERNELAPI -BOOLEAN -CcCanIWrite ( - IN PFILE_OBJECT FileObject, - IN ULONG BytesToWrite, - IN BOOLEAN Wait, - IN BOOLEAN Retrying -); - -NTKERNELAPI -BOOLEAN -CcCopyRead ( - IN PFILE_OBJECT FileObject, - IN PLARGE_INTEGER FileOffset, - IN ULONG Length, - IN BOOLEAN Wait, - OUT PVOID Buffer, - OUT PIO_STATUS_BLOCK IoStatus -); - -NTKERNELAPI -BOOLEAN -CcCopyWrite ( - IN PFILE_OBJECT FileObject, - IN PLARGE_INTEGER FileOffset, - IN ULONG Length, - IN BOOLEAN Wait, - IN PVOID Buffer -); - -#define CcCopyWriteWontFlush(FO, FOFF, LEN) ((LEN) <= 0x10000) - -typedef VOID (*PCC_POST_DEFERRED_WRITE) ( - IN PVOID Context1, - IN PVOID Context2 -); - -NTKERNELAPI -VOID -CcDeferWrite ( - IN PFILE_OBJECT FileObject, - IN PCC_POST_DEFERRED_WRITE PostRoutine, - IN PVOID Context1, - IN PVOID Context2, - IN ULONG BytesToWrite, - IN BOOLEAN Retrying -); - -NTKERNELAPI -VOID -CcFastCopyRead ( - IN PFILE_OBJECT FileObject, - IN ULONG FileOffset, - IN ULONG Length, - IN ULONG PageCount, - OUT PVOID Buffer, - OUT PIO_STATUS_BLOCK IoStatus -); - -NTKERNELAPI -VOID -CcFastCopyWrite ( - IN PFILE_OBJECT FileObject, - IN ULONG FileOffset, - IN ULONG Length, - IN PVOID Buffer -); - -NTKERNELAPI -VOID -CcFlushCache ( - IN PSECTION_OBJECT_POINTERS SectionObjectPointer, - IN PLARGE_INTEGER FileOffset OPTIONAL, - IN ULONG Length, - OUT PIO_STATUS_BLOCK IoStatus OPTIONAL -); - -typedef VOID (*PDIRTY_PAGE_ROUTINE) ( - IN PFILE_OBJECT FileObject, - IN PLARGE_INTEGER FileOffset, - IN ULONG Length, - IN PLARGE_INTEGER OldestLsn, - IN PLARGE_INTEGER NewestLsn, - IN PVOID Context1, - IN PVOID Context2 -); - -NTKERNELAPI -LARGE_INTEGER -CcGetDirtyPages ( - IN PVOID LogHandle, - IN PDIRTY_PAGE_ROUTINE DirtyPageRoutine, - IN PVOID Context1, - IN PVOID Context2 -); - -NTKERNELAPI -PFILE_OBJECT -CcGetFileObjectFromBcb ( - IN PVOID Bcb -); - -NTKERNELAPI -PFILE_OBJECT -CcGetFileObjectFromSectionPtrs ( - IN PSECTION_OBJECT_POINTERS SectionObjectPointer -); - -#define CcGetFileSizePointer(FO) ( \ - ((PLARGE_INTEGER)((FO)->SectionObjectPointer->SharedCacheMap) + 1) \ -) - -#if (VER_PRODUCTBUILD >= 2195) - -NTKERNELAPI -LARGE_INTEGER -CcGetFlushedValidData ( - IN PSECTION_OBJECT_POINTERS SectionObjectPointer, - IN BOOLEAN BcbListHeld -); - -#endif // (VER_PRODUCTBUILD >= 2195) - -NTKERNELAPI -LARGE_INTEGER -CcGetLsnForFileObject ( - IN PFILE_OBJECT FileObject, - OUT PLARGE_INTEGER OldestLsn OPTIONAL -); - -typedef BOOLEAN (*PACQUIRE_FOR_LAZY_WRITE) ( - IN PVOID Context, - IN BOOLEAN Wait -); - -typedef VOID (*PRELEASE_FROM_LAZY_WRITE) ( - IN PVOID Context -); - -typedef BOOLEAN (*PACQUIRE_FOR_READ_AHEAD) ( - IN PVOID Context, - IN BOOLEAN Wait -); - -typedef VOID (*PRELEASE_FROM_READ_AHEAD) ( - IN PVOID Context -); - -typedef struct _CACHE_MANAGER_CALLBACKS { - PACQUIRE_FOR_LAZY_WRITE AcquireForLazyWrite; - PRELEASE_FROM_LAZY_WRITE ReleaseFromLazyWrite; - PACQUIRE_FOR_READ_AHEAD AcquireForReadAhead; - PRELEASE_FROM_READ_AHEAD ReleaseFromReadAhead; -} CACHE_MANAGER_CALLBACKS, *PCACHE_MANAGER_CALLBACKS; - -NTKERNELAPI -VOID -CcInitializeCacheMap ( - IN PFILE_OBJECT FileObject, - IN PCC_FILE_SIZES FileSizes, - IN BOOLEAN PinAccess, - IN PCACHE_MANAGER_CALLBACKS Callbacks, - IN PVOID LazyWriteContext -); - -#define CcIsFileCached(FO) ( \ - ((FO)->SectionObjectPointer != NULL) && \ - (((PSECTION_OBJECT_POINTERS)(FO)->SectionObjectPointer)->SharedCacheMap != NULL) \ -) - -NTKERNELAPI -BOOLEAN -CcIsThereDirtyData ( - IN PVPB Vpb -); - -NTKERNELAPI -BOOLEAN -CcMapData ( - IN PFILE_OBJECT FileObject, - IN PLARGE_INTEGER FileOffset, - IN ULONG Length, -#if (VER_PRODUCTBUILD >= 2600) - IN ULONG Flags, -#else - IN BOOLEAN Wait, -#endif - OUT PVOID *Bcb, - OUT PVOID *Buffer -); - -NTKERNELAPI -VOID -CcMdlRead ( - IN PFILE_OBJECT FileObject, - IN PLARGE_INTEGER FileOffset, - IN ULONG Length, - OUT PMDL *MdlChain, - OUT PIO_STATUS_BLOCK IoStatus -); - -NTKERNELAPI -VOID -CcMdlReadComplete ( - IN PFILE_OBJECT FileObject, - IN PMDL MdlChain -); - -#if (VER_PRODUCTBUILD >= 2600) - -NTKERNELAPI -VOID -CcMdlWriteAbort ( - IN PFILE_OBJECT FileObject, - IN PMDL MdlChain -); - -#endif - -NTKERNELAPI -VOID -CcMdlWriteComplete ( - IN PFILE_OBJECT FileObject, - IN PLARGE_INTEGER FileOffset, - IN PMDL MdlChain -); - -NTKERNELAPI -BOOLEAN -CcPinMappedData ( - IN PFILE_OBJECT FileObject, - IN PLARGE_INTEGER FileOffset, - IN ULONG Length, -#if (VER_PRODUCTBUILD >= 2195) - IN ULONG Flags, -#else - IN BOOLEAN Wait, -#endif - IN OUT PVOID *Bcb -); - -NTKERNELAPI -BOOLEAN -CcPinRead ( - IN PFILE_OBJECT FileObject, - IN PLARGE_INTEGER FileOffset, - IN ULONG Length, -#if (VER_PRODUCTBUILD >= 2195) - IN ULONG Flags, -#else - IN BOOLEAN Wait, -#endif - OUT PVOID *Bcb, - OUT PVOID *Buffer -); - -NTKERNELAPI -VOID -CcPrepareMdlWrite ( - IN PFILE_OBJECT FileObject, - IN PLARGE_INTEGER FileOffset, - IN ULONG Length, - OUT PMDL *MdlChain, - OUT PIO_STATUS_BLOCK IoStatus -); - -NTKERNELAPI -BOOLEAN -CcPreparePinWrite ( - IN PFILE_OBJECT FileObject, - IN PLARGE_INTEGER FileOffset, - IN ULONG Length, - IN BOOLEAN Zero, -#if (VER_PRODUCTBUILD >= 2195) - IN ULONG Flags, -#else - IN BOOLEAN Wait, -#endif - OUT PVOID *Bcb, - OUT PVOID *Buffer -); - -NTKERNELAPI -BOOLEAN -CcPurgeCacheSection ( - IN PSECTION_OBJECT_POINTERS SectionObjectPointer, - IN PLARGE_INTEGER FileOffset OPTIONAL, - IN ULONG Length, - IN BOOLEAN UninitializeCacheMaps -); - -#define CcReadAhead(FO, FOFF, LEN) ( \ - if ((LEN) >= 256) { \ - CcScheduleReadAhead((FO), (FOFF), (LEN)); \ - } \ -) - -#if (VER_PRODUCTBUILD >= 2195) - -NTKERNELAPI -PVOID -CcRemapBcb ( - IN PVOID Bcb -); - -#endif // (VER_PRODUCTBUILD >= 2195) - -NTKERNELAPI -VOID -CcRepinBcb ( - IN PVOID Bcb -); - -NTKERNELAPI -VOID -CcScheduleReadAhead ( - IN PFILE_OBJECT FileObject, - IN PLARGE_INTEGER FileOffset, - IN ULONG Length -); - -NTKERNELAPI -VOID -CcSetAdditionalCacheAttributes ( - IN PFILE_OBJECT FileObject, - IN BOOLEAN DisableReadAhead, - IN BOOLEAN DisableWriteBehind -); - -NTKERNELAPI -VOID -CcSetBcbOwnerPointer ( - IN PVOID Bcb, - IN PVOID OwnerPointer -); - -NTKERNELAPI -VOID -CcSetDirtyPageThreshold ( - IN PFILE_OBJECT FileObject, - IN ULONG DirtyPageThreshold -); - -NTKERNELAPI -VOID -CcSetDirtyPinnedData ( - IN PVOID BcbVoid, - IN PLARGE_INTEGER Lsn OPTIONAL -); - -NTKERNELAPI -VOID -CcSetFileSizes ( - IN PFILE_OBJECT FileObject, - IN PCC_FILE_SIZES FileSizes -); - -typedef VOID (*PFLUSH_TO_LSN) ( - IN PVOID LogHandle, - IN PLARGE_INTEGER Lsn -); - -NTKERNELAPI -VOID -CcSetLogHandleForFile ( - IN PFILE_OBJECT FileObject, - IN PVOID LogHandle, - IN PFLUSH_TO_LSN FlushToLsnRoutine -); - -NTKERNELAPI -VOID -CcSetReadAheadGranularity ( - IN PFILE_OBJECT FileObject, - IN ULONG Granularity // default: PAGE_SIZE - // allowed: 2^n * PAGE_SIZE -); - -NTKERNELAPI -BOOLEAN -CcUninitializeCacheMap ( - IN PFILE_OBJECT FileObject, - IN PLARGE_INTEGER TruncateSize OPTIONAL, - IN PCACHE_UNINITIALIZE_EVENT UninitializeCompleteEvent OPTIONAL -); - -NTKERNELAPI -VOID -CcUnpinData ( - IN PVOID Bcb -); - -NTKERNELAPI -VOID -CcUnpinDataForThread ( - IN PVOID Bcb, - IN ERESOURCE_THREAD ResourceThreadId -); - -NTKERNELAPI -VOID -CcUnpinRepinnedBcb ( - IN PVOID Bcb, - IN BOOLEAN WriteThrough, - OUT PIO_STATUS_BLOCK IoStatus -); - -#if (VER_PRODUCTBUILD >= 2195) - -NTKERNELAPI -NTSTATUS -CcWaitForCurrentLazyWriterActivity ( - VOID -); - -#endif // (VER_PRODUCTBUILD >= 2195) - -NTKERNELAPI -BOOLEAN -CcZeroData ( - IN PFILE_OBJECT FileObject, - IN PLARGE_INTEGER StartOffset, - IN PLARGE_INTEGER EndOffset, - IN BOOLEAN Wait -); - -NTKERNELAPI -VOID -ExDisableResourceBoostLite ( - IN PERESOURCE Resource -); - -NTKERNELAPI -ULONG -ExQueryPoolBlockSize ( - IN PVOID PoolBlock, - OUT PBOOLEAN QuotaCharged -); - -#define FlagOn(x, f) ((x) & (f)) - -#if (VER_PRODUCTBUILD >= 2195) - -NTKERNELAPI -VOID -FsRtlAcquireFileExclusive ( - IN PFILE_OBJECT FileObject -); - -#endif // (VER_PRODUCTBUILD >= 2195) - -NTKERNELAPI -BOOLEAN -FsRtlAddLargeMcbEntry ( - IN PLARGE_MCB Mcb, - IN LONGLONG Vbn, - IN LONGLONG Lbn, - IN LONGLONG SectorCount -); - -NTKERNELAPI -BOOLEAN -FsRtlAddMcbEntry ( - IN PMCB Mcb, - IN VBN Vbn, - IN LBN Lbn, - IN ULONG SectorCount -); - -NTKERNELAPI -VOID -FsRtlAddToTunnelCache ( - IN PTUNNEL Cache, - IN ULONGLONG DirectoryKey, - IN PUNICODE_STRING ShortName, - IN PUNICODE_STRING LongName, - IN BOOLEAN KeyByShortName, - IN ULONG DataLength, - IN PVOID Data -); - -#if (VER_PRODUCTBUILD >= 2195) - -PFILE_LOCK -FsRtlAllocateFileLock ( - IN PCOMPLETE_LOCK_IRP_ROUTINE CompleteLockIrpRoutine OPTIONAL, - IN PUNLOCK_ROUTINE UnlockRoutine OPTIONAL -); - -#endif // (VER_PRODUCTBUILD >= 2195) - -NTKERNELAPI -PVOID -FsRtlAllocatePool ( - IN POOL_TYPE PoolType, - IN ULONG NumberOfBytes -); - -NTKERNELAPI -PVOID -FsRtlAllocatePoolWithQuota ( - IN POOL_TYPE PoolType, - IN ULONG NumberOfBytes -); - -NTKERNELAPI -PVOID -FsRtlAllocatePoolWithQuotaTag ( - IN POOL_TYPE PoolType, - IN ULONG NumberOfBytes, - IN ULONG Tag -); - -NTKERNELAPI -PVOID -FsRtlAllocatePoolWithTag ( - IN POOL_TYPE PoolType, - IN ULONG NumberOfBytes, - IN ULONG Tag -); - -NTKERNELAPI -PVOID -FsRtlAllocateResource ( - VOID -); - -NTKERNELAPI -BOOLEAN -FsRtlAreNamesEqual ( - IN PUNICODE_STRING Name1, - IN PUNICODE_STRING Name2, - IN BOOLEAN IgnoreCase, - IN PWCHAR UpcaseTable OPTIONAL -); - -#define FsRtlAreThereCurrentFileLocks(FL) ( \ - ((FL)->FastIoIsQuestionable) \ -) - -NTKERNELAPI -NTSTATUS -FsRtlBalanceReads ( - IN PDEVICE_OBJECT TargetDevice -); - -/* - FsRtlCheckLockForReadAccess: - - All this really does is pick out the lock parameters from the irp (io stack - location?), get IoGetRequestorProcess, and pass values on to - FsRtlFastCheckLockForRead. -*/ -NTKERNELAPI -BOOLEAN -FsRtlCheckLockForReadAccess ( - IN PFILE_LOCK FileLock, - IN PIRP Irp -); - -/* - FsRtlCheckLockForWriteAccess: - - All this really does is pick out the lock parameters from the irp (io stack - location?), get IoGetRequestorProcess, and pass values on to - FsRtlFastCheckLockForWrite. -*/ -NTKERNELAPI -BOOLEAN -FsRtlCheckLockForWriteAccess ( - IN PFILE_LOCK FileLock, - IN PIRP Irp -); - -typedef -VOID -(*POPLOCK_WAIT_COMPLETE_ROUTINE) ( - IN PVOID Context, - IN PIRP Irp -); - -typedef -VOID -(*POPLOCK_FS_PREPOST_IRP) ( - IN PVOID Context, - IN PIRP Irp -); - -NTKERNELAPI -NTSTATUS -FsRtlCheckOplock ( - IN POPLOCK Oplock, - IN PIRP Irp, - IN PVOID Context, - IN POPLOCK_WAIT_COMPLETE_ROUTINE CompletionRoutine OPTIONAL, - IN POPLOCK_FS_PREPOST_IRP PostIrpRoutine OPTIONAL -); - -NTKERNELAPI -BOOLEAN -FsRtlCopyRead ( - IN PFILE_OBJECT FileObject, - IN PLARGE_INTEGER FileOffset, - IN ULONG Length, - IN BOOLEAN Wait, - IN ULONG LockKey, - OUT PVOID Buffer, - OUT PIO_STATUS_BLOCK IoStatus, - IN PDEVICE_OBJECT DeviceObject -); - -NTKERNELAPI -BOOLEAN -FsRtlCopyWrite ( - IN PFILE_OBJECT FileObject, - IN PLARGE_INTEGER FileOffset, - IN ULONG Length, - IN BOOLEAN Wait, - IN ULONG LockKey, - IN PVOID Buffer, - OUT PIO_STATUS_BLOCK IoStatus, - IN PDEVICE_OBJECT DeviceObject -); - -NTKERNELAPI -BOOLEAN -FsRtlCurrentBatchOplock ( - IN POPLOCK Oplock -); - -NTKERNELAPI -VOID -FsRtlDeleteKeyFromTunnelCache ( - IN PTUNNEL Cache, - IN ULONGLONG DirectoryKey -); - -NTKERNELAPI -VOID -FsRtlDeleteTunnelCache ( - IN PTUNNEL Cache -); - -NTKERNELAPI -VOID -FsRtlDeregisterUncProvider ( - IN HANDLE Handle -); - -NTKERNELAPI -VOID -FsRtlDissectDbcs ( - IN ANSI_STRING InputName, - OUT PANSI_STRING FirstPart, - OUT PANSI_STRING RemainingPart -); - -NTKERNELAPI -VOID -FsRtlDissectName ( - IN UNICODE_STRING Path, - OUT PUNICODE_STRING FirstName, - OUT PUNICODE_STRING RemainingName -); - -NTKERNELAPI -BOOLEAN -FsRtlDoesDbcsContainWildCards ( - IN PANSI_STRING Name -); - -NTKERNELAPI -BOOLEAN -FsRtlDoesNameContainWildCards ( - IN PUNICODE_STRING Name -); - -#define FsRtlEnterFileSystem KeEnterCriticalRegion - -#define FsRtlExitFileSystem KeLeaveCriticalRegion - -NTKERNELAPI -BOOLEAN -FsRtlFastCheckLockForRead ( - IN PFILE_LOCK FileLock, - IN PLARGE_INTEGER FileOffset, - IN PLARGE_INTEGER Length, - IN ULONG Key, - IN PFILE_OBJECT FileObject, - IN PEPROCESS Process -); - -NTKERNELAPI -BOOLEAN -FsRtlFastCheckLockForWrite ( - IN PFILE_LOCK FileLock, - IN PLARGE_INTEGER FileOffset, - IN PLARGE_INTEGER Length, - IN ULONG Key, - IN PFILE_OBJECT FileObject, - IN PEPROCESS Process -); - -#define FsRtlFastLock(A1, A2, A3, A4, A5, A6, A7, A8, A9, A10, A11) ( \ - FsRtlPrivateLock(A1, A2, A3, A4, A5, A6, A7, A8, A9, NULL, A10, A11) \ -) - -NTKERNELAPI -NTSTATUS -FsRtlFastUnlockAll ( - IN PFILE_LOCK FileLock, - IN PFILE_OBJECT FileObject, - IN PEPROCESS Process, - IN PVOID Context OPTIONAL -); -//ret: STATUS_RANGE_NOT_LOCKED - -NTKERNELAPI -NTSTATUS -FsRtlFastUnlockAllByKey ( - IN PFILE_LOCK FileLock, - IN PFILE_OBJECT FileObject, - IN PEPROCESS Process, - IN ULONG Key, - IN PVOID Context OPTIONAL -); -//ret: STATUS_RANGE_NOT_LOCKED - -NTKERNELAPI -NTSTATUS -FsRtlFastUnlockSingle ( - IN PFILE_LOCK FileLock, - IN PFILE_OBJECT FileObject, - IN PLARGE_INTEGER FileOffset, - IN PLARGE_INTEGER Length, - IN PEPROCESS Process, - IN ULONG Key, - IN PVOID Context OPTIONAL, - IN BOOLEAN AlreadySynchronized -); -//ret: STATUS_RANGE_NOT_LOCKED - -NTKERNELAPI -BOOLEAN -FsRtlFindInTunnelCache ( - IN PTUNNEL Cache, - IN ULONGLONG DirectoryKey, - IN PUNICODE_STRING Name, - OUT PUNICODE_STRING ShortName, - OUT PUNICODE_STRING LongName, - IN OUT PULONG DataLength, - OUT PVOID Data -); - -#if (VER_PRODUCTBUILD >= 2195) - -VOID -FsRtlFreeFileLock ( - IN PFILE_LOCK FileLock -); - -#endif // (VER_PRODUCTBUILD >= 2195) - -NTKERNELAPI -NTSTATUS -FsRtlGetFileSize ( - IN PFILE_OBJECT FileObject, - IN OUT PLARGE_INTEGER FileSize -); - -/* - FsRtlGetNextFileLock: - - ret: NULL if no more locks - - Internals: - FsRtlGetNextFileLock uses FileLock->LastReturnedLockInfo and - FileLock->LastReturnedLock as storage. - LastReturnedLock is a pointer to the 'raw' lock inkl. double linked - list, and FsRtlGetNextFileLock needs this to get next lock on subsequent - calls with Restart = FALSE. -*/ -NTKERNELAPI -PFILE_LOCK_INFO -FsRtlGetNextFileLock ( - IN PFILE_LOCK FileLock, - IN BOOLEAN Restart -); - -NTKERNELAPI -BOOLEAN -FsRtlGetNextLargeMcbEntry ( - IN PLARGE_MCB Mcb, - IN ULONG RunIndex, - OUT PLONGLONG Vbn, - OUT PLONGLONG Lbn, - OUT PLONGLONG SectorCount -); - -NTKERNELAPI -BOOLEAN -FsRtlGetNextMcbEntry ( - IN PMCB Mcb, - IN ULONG RunIndex, - OUT PVBN Vbn, - OUT PLBN Lbn, - OUT PULONG SectorCount -); - -#if (VER_PRODUCTBUILD >= 2600) - -NTKERNELAPI -VOID -FsRtlIncrementCcFastReadNotPossible ( - VOID -); - -NTKERNELAPI -VOID -FsRtlIncrementCcFastReadNoWait ( - VOID -); - -NTKERNELAPI -VOID -FsRtlIncrementCcFastReadResourceMiss ( - VOID -); - -NTKERNELAPI -VOID -FsRtlIncrementCcFastReadWait ( - VOID -); - -#endif // (VER_PRODUCTBUILD >= 2600) - -NTKERNELAPI -VOID -FsRtlInitializeFileLock ( - IN PFILE_LOCK FileLock, - IN PCOMPLETE_LOCK_IRP_ROUTINE CompleteLockIrpRoutine OPTIONAL, - IN PUNLOCK_ROUTINE UnlockRoutine OPTIONAL -); - -NTKERNELAPI -VOID -FsRtlInitializeLargeMcb ( - IN PLARGE_MCB Mcb, - IN POOL_TYPE PoolType -); - -NTKERNELAPI -VOID -FsRtlInitializeMcb ( - IN PMCB Mcb, - IN POOL_TYPE PoolType -); - -NTKERNELAPI -VOID -FsRtlInitializeOplock ( - IN OUT POPLOCK Oplock -); - -NTKERNELAPI -VOID -FsRtlInitializeTunnelCache ( - IN PTUNNEL Cache -); - -NTKERNELAPI -BOOLEAN -FsRtlIsDbcsInExpression ( - IN PANSI_STRING Expression, - IN PANSI_STRING Name -); - -NTKERNELAPI -BOOLEAN -FsRtlIsFatDbcsLegal ( - IN ANSI_STRING DbcsName, - IN BOOLEAN WildCardsPermissible, - IN BOOLEAN PathNamePermissible, - IN BOOLEAN LeadingBackslashPermissible -); - -NTKERNELAPI -BOOLEAN -FsRtlIsHpfsDbcsLegal ( - IN ANSI_STRING DbcsName, - IN BOOLEAN WildCardsPermissible, - IN BOOLEAN PathNamePermissible, - IN BOOLEAN LeadingBackslashPermissible -); - -NTKERNELAPI -BOOLEAN -FsRtlIsNameInExpression ( - IN PUNICODE_STRING Expression, - IN PUNICODE_STRING Name, - IN BOOLEAN IgnoreCase, - IN PWCHAR UpcaseTable OPTIONAL -); - -NTKERNELAPI -BOOLEAN -FsRtlIsNtstatusExpected ( - IN NTSTATUS Ntstatus -); - -#if (VER_PRODUCTBUILD >= 2600) - -NTKERNELAPI -BOOLEAN -FsRtlIsPagingFile ( - IN PFILE_OBJECT FileObject -); - -#endif // (VER_PRODUCTBUILD >= 2600) - -NTKERNELAPI -BOOLEAN -FsRtlIsTotalDeviceFailure ( - IN NTSTATUS Status -); - -#define FsRtlIsUnicodeCharacterWild(C) ( \ - (((C) >= 0x40) ? \ - FALSE : \ - FlagOn((*FsRtlLegalAnsiCharacterArray)[(C)], FSRTL_WILD_CHARACTER )) \ -) - -NTKERNELAPI -BOOLEAN -FsRtlLookupLargeMcbEntry ( - IN PLARGE_MCB Mcb, - IN LONGLONG Vbn, - OUT PLONGLONG Lbn OPTIONAL, - OUT PLONGLONG SectorCountFromLbn OPTIONAL, - OUT PLONGLONG StartingLbn OPTIONAL, - OUT PLONGLONG SectorCountFromStartingLbn OPTIONAL, - OUT PULONG Index OPTIONAL -); - -NTKERNELAPI -BOOLEAN -FsRtlLookupLastLargeMcbEntry ( - IN PLARGE_MCB Mcb, - OUT PLONGLONG Vbn, - OUT PLONGLONG Lbn -); - -#if (VER_PRODUCTBUILD >= 2195) - -NTKERNELAPI -BOOLEAN -FsRtlLookupLastLargeMcbEntryAndIndex ( - IN PLARGE_MCB OpaqueMcb, - OUT PLONGLONG LargeVbn, - OUT PLONGLONG LargeLbn, - OUT PULONG Index -); - -#endif // (VER_PRODUCTBUILD >= 2195) - -NTKERNELAPI -BOOLEAN -FsRtlLookupLastMcbEntry ( - IN PMCB Mcb, - OUT PVBN Vbn, - OUT PLBN Lbn -); - -NTKERNELAPI -BOOLEAN -FsRtlLookupMcbEntry ( - IN PMCB Mcb, - IN VBN Vbn, - OUT PLBN Lbn, - OUT PULONG SectorCount OPTIONAL, - OUT PULONG Index -); - -NTKERNELAPI -BOOLEAN -FsRtlMdlReadComplete ( - IN PFILE_OBJECT FileObject, - IN PMDL MdlChain -); - -NTKERNELAPI -BOOLEAN -FsRtlMdlReadCompleteDev ( - IN PFILE_OBJECT FileObject, - IN PMDL MdlChain, - IN PDEVICE_OBJECT DeviceObject -); - -#if (VER_PRODUCTBUILD >= 1381) - -NTKERNELAPI -BOOLEAN -FsRtlMdlReadDev ( - IN PFILE_OBJECT FileObject, - IN PLARGE_INTEGER FileOffset, - IN ULONG Length, - IN ULONG LockKey, - OUT PMDL *MdlChain, - OUT PIO_STATUS_BLOCK IoStatus, - IN PDEVICE_OBJECT DeviceObject -); - -#endif // (VER_PRODUCTBUILD >= 1381) - -NTKERNELAPI -BOOLEAN -FsRtlMdlWriteComplete ( - IN PFILE_OBJECT FileObject, - IN PLARGE_INTEGER FileOffset, - IN PMDL MdlChain -); - -NTKERNELAPI -BOOLEAN -FsRtlMdlWriteCompleteDev ( - IN PFILE_OBJECT FileObject, - IN PLARGE_INTEGER FileOffset, - IN PMDL MdlChain, - IN PDEVICE_OBJECT DeviceObject -); - -NTKERNELAPI -NTSTATUS -FsRtlNormalizeNtstatus ( - IN NTSTATUS Exception, - IN NTSTATUS GenericException -); - -NTKERNELAPI -VOID -FsRtlNotifyChangeDirectory ( - IN PNOTIFY_SYNC NotifySync, - IN PVOID FsContext, - IN PSTRING FullDirectoryName, - IN PLIST_ENTRY NotifyList, - IN BOOLEAN WatchTree, - IN ULONG CompletionFilter, - IN PIRP NotifyIrp -); - -NTKERNELAPI -VOID -FsRtlNotifyCleanup ( - IN PNOTIFY_SYNC NotifySync, - IN PLIST_ENTRY NotifyList, - IN PVOID FsContext -); - -typedef BOOLEAN (*PCHECK_FOR_TRAVERSE_ACCESS) ( - IN PVOID NotifyContext, - IN PVOID TargetContext, - IN PSECURITY_SUBJECT_CONTEXT SubjectContext -); - -#if (VER_PRODUCTBUILD >= 2600) - -typedef BOOLEAN (*PFILTER_REPORT_CHANGE) ( - IN PVOID NotifyContext, - IN PVOID FilterContext -); - -NTKERNELAPI -VOID -FsRtlNotifyFilterChangeDirectory ( - IN PNOTIFY_SYNC NotifySync, - IN PLIST_ENTRY NotifyList, - IN PVOID FsContext, - IN PSTRING FullDirectoryName, - IN BOOLEAN WatchTree, - IN BOOLEAN IgnoreBuffer, - IN ULONG CompletionFilter, - IN PIRP NotifyIrp, - IN PCHECK_FOR_TRAVERSE_ACCESS TraverseCallback OPTIONAL, - IN PSECURITY_SUBJECT_CONTEXT SubjectContext OPTIONAL, - IN PFILTER_REPORT_CHANGE FilterCallback OPTIONAL -); - -NTKERNELAPI -VOID -FsRtlNotifyFilterReportChange ( - IN PNOTIFY_SYNC NotifySync, - IN PLIST_ENTRY NotifyList, - IN PSTRING FullTargetName, - IN USHORT TargetNameOffset, - IN PSTRING StreamName OPTIONAL, - IN PSTRING NormalizedParentName OPTIONAL, - IN ULONG FilterMatch, - IN ULONG Action, - IN PVOID TargetContext, - IN PVOID FilterContext -); - -#endif // (VER_PRODUCTBUILD >= 2600) - -NTKERNELAPI -VOID -FsRtlNotifyFullChangeDirectory ( - IN PNOTIFY_SYNC NotifySync, - IN PLIST_ENTRY NotifyList, - IN PVOID FsContext, - IN PSTRING FullDirectoryName, - IN BOOLEAN WatchTree, - IN BOOLEAN IgnoreBuffer, - IN ULONG CompletionFilter, - IN PIRP NotifyIrp, - IN PCHECK_FOR_TRAVERSE_ACCESS TraverseCallback OPTIONAL, - IN PSECURITY_SUBJECT_CONTEXT SubjectContext OPTIONAL -); - -NTKERNELAPI -VOID -FsRtlNotifyFullReportChange ( - IN PNOTIFY_SYNC NotifySync, - IN PLIST_ENTRY NotifyList, - IN PSTRING FullTargetName, - IN USHORT TargetNameOffset, - IN PSTRING StreamName OPTIONAL, - IN PSTRING NormalizedParentName OPTIONAL, - IN ULONG FilterMatch, - IN ULONG Action, - IN PVOID TargetContext -); - -NTKERNELAPI -VOID -FsRtlNotifyInitializeSync ( - IN PNOTIFY_SYNC *NotifySync -); - -NTKERNELAPI -VOID -FsRtlNotifyReportChange ( - IN PNOTIFY_SYNC NotifySync, - IN PLIST_ENTRY NotifyList, - IN PSTRING FullTargetName, - IN PUSHORT FileNamePartLength, - IN ULONG FilterMatch -); - -NTKERNELAPI -VOID -FsRtlNotifyUninitializeSync ( - IN PNOTIFY_SYNC *NotifySync -); - -#if (VER_PRODUCTBUILD >= 2195) - -NTKERNELAPI -NTSTATUS -FsRtlNotifyVolumeEvent ( - IN PFILE_OBJECT FileObject, - IN ULONG EventCode -); - -#endif // (VER_PRODUCTBUILD >= 2195) - -NTKERNELAPI -ULONG -FsRtlNumberOfRunsInLargeMcb ( - IN PLARGE_MCB Mcb -); - -NTKERNELAPI -ULONG -FsRtlNumberOfRunsInMcb ( - IN PMCB Mcb -); - -NTKERNELAPI -NTSTATUS -FsRtlOplockFsctrl ( - IN POPLOCK Oplock, - IN PIRP Irp, - IN ULONG OpenCount -); - -NTKERNELAPI -BOOLEAN -FsRtlOplockIsFastIoPossible ( - IN POPLOCK Oplock -); - -typedef -VOID -(*PFSRTL_STACK_OVERFLOW_ROUTINE) ( - IN PVOID Context, - IN PKEVENT Event - ); - -NTKERNELAPI -VOID -FsRtlPostPagingFileStackOverflow ( - IN PVOID Context, - IN PKEVENT Event, - IN PFSRTL_STACK_OVERFLOW_ROUTINE StackOverflowRoutine -); - -NTKERNELAPI -VOID -FsRtlPostStackOverflow ( - IN PVOID Context, - IN PKEVENT Event, - IN PFSRTL_STACK_OVERFLOW_ROUTINE StackOverflowRoutine -); - -#if (VER_PRODUCTBUILD >= 1381) - -NTKERNELAPI -BOOLEAN -FsRtlPrepareMdlWriteDev ( - IN PFILE_OBJECT FileObject, - IN PLARGE_INTEGER FileOffset, - IN ULONG Length, - IN ULONG LockKey, - OUT PMDL *MdlChain, - OUT PIO_STATUS_BLOCK IoStatus, - IN PDEVICE_OBJECT DeviceObject -); - -#endif // (VER_PRODUCTBUILD >= 1381) - -/* - FsRtlPrivateLock: - - ret: IoStatus->Status: STATUS_PENDING, STATUS_LOCK_NOT_GRANTED - - Internals: - -Calls IoCompleteRequest if Irp - -Uses exception handling / ExRaiseStatus with STATUS_INSUFFICIENT_RESOURCES -*/ -NTKERNELAPI -BOOLEAN -FsRtlPrivateLock ( - IN PFILE_LOCK FileLock, - IN PFILE_OBJECT FileObject, - IN PLARGE_INTEGER FileOffset, - IN PLARGE_INTEGER Length, - IN PEPROCESS Process, - IN ULONG Key, - IN BOOLEAN FailImmediately, - IN BOOLEAN ExclusiveLock, - OUT PIO_STATUS_BLOCK IoStatus, - IN PIRP Irp OPTIONAL, - IN PVOID Context, - IN BOOLEAN AlreadySynchronized -); - -/* - FsRtlProcessFileLock: - - ret: - -STATUS_INVALID_DEVICE_REQUEST - -STATUS_RANGE_NOT_LOCKED from unlock routines. - -STATUS_PENDING, STATUS_LOCK_NOT_GRANTED from FsRtlPrivateLock - (redirected IoStatus->Status). - - Internals: - -switch ( Irp->CurrentStackLocation->MinorFunction ) - lock: return FsRtlPrivateLock; - unlocksingle: return FsRtlFastUnlockSingle; - unlockall: return FsRtlFastUnlockAll; - unlockallbykey: return FsRtlFastUnlockAllByKey; - default: IofCompleteRequest with STATUS_INVALID_DEVICE_REQUEST; - return STATUS_INVALID_DEVICE_REQUEST; - - -'AllwaysZero' is passed thru as 'AllwaysZero' to lock / unlock routines. - -'Irp' is passet thru as 'Irp' to FsRtlPrivateLock. -*/ -NTKERNELAPI -NTSTATUS -FsRtlProcessFileLock ( - IN PFILE_LOCK FileLock, - IN PIRP Irp, - IN PVOID Context OPTIONAL -); - -NTKERNELAPI -NTSTATUS -FsRtlRegisterUncProvider ( - IN OUT PHANDLE MupHandle, - IN PUNICODE_STRING RedirectorDeviceName, - IN BOOLEAN MailslotsSupported -); - -#if (VER_PRODUCTBUILD >= 2195) - -NTKERNELAPI -VOID -FsRtlReleaseFile ( - IN PFILE_OBJECT FileObject -); - -#endif // (VER_PRODUCTBUILD >= 2195) - -NTKERNELAPI -VOID -FsRtlRemoveLargeMcbEntry ( - IN PLARGE_MCB Mcb, - IN LONGLONG Vbn, - IN LONGLONG SectorCount -); - -NTKERNELAPI -VOID -FsRtlRemoveMcbEntry ( - IN PMCB Mcb, - IN VBN Vbn, - IN ULONG SectorCount -); - -#if (VER_PRODUCTBUILD >= 2195) - -NTKERNELAPI -VOID -FsRtlResetLargeMcb ( - IN PLARGE_MCB Mcb, - IN BOOLEAN SelfSynchronized -); - -#endif // (VER_PRODUCTBUILD >= 2195) - -#if (VER_PRODUCTBUILD >= 2600) - -#define FsRtlSetupAdvancedHeader( _advhdr, _fmutx ) \ -{ \ - SetFlag( (_advhdr)->Flags, FSRTL_FLAG_ADVANCED_HEADER ); \ - SetFlag( (_advhdr)->Flags2, FSRTL_FLAG2_SUPPORTS_FILTER_CONTEXTS ); \ - (_advhdr)->Version = FSRTL_FCB_HEADER_V1; \ - InitializeListHead( &(_advhdr)->FilterContexts ); \ - if ((_fmutx) != NULL) { \ - (_advhdr)->FastMutex = (_fmutx); \ - } \ - *((PULONG_PTR)(&(_advhdr)->PushLock)) = 0; \ - (_advhdr)->FileContextSupportPointer = NULL; \ -} - -#endif // (VER_PRODUCTBUILD >= 2600) - -NTKERNELAPI -BOOLEAN -FsRtlSplitLargeMcb ( - IN PLARGE_MCB Mcb, - IN LONGLONG Vbn, - IN LONGLONG Amount -); - -#if (VER_PRODUCTBUILD >= 2600) - -NTKERNELAPI -VOID -FsRtlTeardownPerFileContexts ( - IN PVOID *PerFileContextPointer -); - -NTKERNELAPI -VOID -FsRtlTeardownPerStreamContexts ( - IN PFSRTL_ADVANCED_FCB_HEADER AdvancedHeader -); - -#endif // (VER_PRODUCTBUILD >= 2600) - -NTKERNELAPI -VOID -FsRtlTruncateLargeMcb ( - IN PLARGE_MCB Mcb, - IN LONGLONG Vbn -); - -NTKERNELAPI -VOID -FsRtlTruncateMcb ( - IN PMCB Mcb, - IN VBN Vbn -); - -NTKERNELAPI -VOID -FsRtlUninitializeFileLock ( - IN PFILE_LOCK FileLock -); - -NTKERNELAPI -VOID -FsRtlUninitializeLargeMcb ( - IN PLARGE_MCB Mcb -); - -NTKERNELAPI -VOID -FsRtlUninitializeMcb ( - IN PMCB Mcb -); - -NTKERNELAPI -VOID -FsRtlUninitializeOplock ( - IN OUT POPLOCK Oplock -); - -// -// If using HalDisplayString during boot on Windows 2000 or later you must -// first call InbvEnableDisplayString. -// -NTSYSAPI -VOID -NTAPI -HalDisplayString ( - IN PCHAR String -); - -NTSYSAPI -VOID -NTAPI -HalQueryRealTimeClock ( - IN OUT PTIME_FIELDS TimeFields -); - -NTSYSAPI -VOID -NTAPI -HalSetRealTimeClock ( - IN PTIME_FIELDS TimeFields -); - -#if (VER_PRODUCTBUILD >= 2195) - -NTKERNELAPI -VOID -InbvAcquireDisplayOwnership ( - VOID -); - -NTKERNELAPI -BOOLEAN -InbvCheckDisplayOwnership ( - VOID -); - -NTKERNELAPI -BOOLEAN -InbvDisplayString ( - IN PCHAR String -); - -NTKERNELAPI -VOID -InbvEnableBootDriver ( - IN BOOLEAN Enable -); - -NTKERNELAPI -BOOLEAN -InbvEnableDisplayString ( - IN BOOLEAN Enable -); - -NTKERNELAPI -VOID -InbvInstallDisplayStringFilter ( - IN PVOID Unknown -); - -NTKERNELAPI -BOOLEAN -InbvIsBootDriverInstalled ( - VOID -); - -NTKERNELAPI -VOID -InbvNotifyDisplayOwnershipLost ( - IN PVOID Callback -); - -NTKERNELAPI -BOOLEAN -InbvResetDisplay ( - VOID -); - -NTKERNELAPI -VOID -InbvSetScrollRegion ( - IN ULONG Left, - IN ULONG Top, - IN ULONG Width, - IN ULONG Height -); - -NTKERNELAPI -VOID -InbvSetTextColor ( - IN ULONG Color -); - -NTKERNELAPI -VOID -InbvSolidColorFill ( - IN ULONG Left, - IN ULONG Top, - IN ULONG Width, - IN ULONG Height, - IN ULONG Color -); - -#endif // (VER_PRODUCTBUILD >= 2195) - -#define InitializeMessageHeader(m, l, t) { \ - (m)->Length = (USHORT)(l); \ - (m)->DataLength = (USHORT)(l - sizeof( LPC_MESSAGE )); \ - (m)->MessageType = (USHORT)(t); \ - (m)->DataInfoOffset = 0; \ -} - -NTKERNELAPI -VOID -IoAcquireVpbSpinLock ( - OUT PKIRQL Irql -); - -#if (VER_PRODUCTBUILD >= 2600) - -NTKERNELAPI -NTSTATUS -IoAttachDeviceToDeviceStackSafe ( - IN PDEVICE_OBJECT SourceDevice, - IN PDEVICE_OBJECT TargetDevice, - OUT PDEVICE_OBJECT *AttachedToDeviceObject -); - -#endif // (VER_PRODUCTBUILD >= 2600) - -NTKERNELAPI -NTSTATUS -IoCheckDesiredAccess ( - IN OUT PACCESS_MASK DesiredAccess, - IN ACCESS_MASK GrantedAccess -); - -NTKERNELAPI -NTSTATUS -IoCheckEaBufferValidity ( - IN PFILE_FULL_EA_INFORMATION EaBuffer, - IN ULONG EaLength, - OUT PULONG ErrorOffset -); - -NTKERNELAPI -NTSTATUS -IoCheckFunctionAccess ( - IN ACCESS_MASK GrantedAccess, - IN UCHAR MajorFunction, - IN UCHAR MinorFunction, - IN ULONG IoControlCode, - IN PFILE_INFORMATION_CLASS FileInformationClass OPTIONAL, - IN PFS_INFORMATION_CLASS FsInformationClass OPTIONAL -); - -#if (VER_PRODUCTBUILD >= 2195) - -NTKERNELAPI -NTSTATUS -IoCheckQuerySetFileInformation ( - IN FILE_INFORMATION_CLASS FileInformationClass, - IN ULONG Length, - IN BOOLEAN SetOperation -); - -NTKERNELAPI -NTSTATUS -IoCheckQuerySetVolumeInformation ( - IN FS_INFORMATION_CLASS FsInformationClass, - IN ULONG Length, - IN BOOLEAN SetOperation -); - -NTKERNELAPI -NTSTATUS -IoCheckQuotaBufferValidity ( - IN PFILE_QUOTA_INFORMATION QuotaBuffer, - IN ULONG QuotaLength, - OUT PULONG ErrorOffset -); - -#endif // (VER_PRODUCTBUILD >= 2195) - -#if (VER_PRODUCTBUILD >= 2600) - -NTKERNELAPI -NTSTATUS -IoCreateFileSpecifyDeviceObjectHint ( - OUT PHANDLE FileHandle, - IN ACCESS_MASK DesiredAccess, - IN POBJECT_ATTRIBUTES ObjectAttributes, - OUT PIO_STATUS_BLOCK IoStatusBlock, - IN PLARGE_INTEGER AllocationSize OPTIONAL, - IN ULONG FileAttributes, - IN ULONG ShareAccess, - IN ULONG Disposition, - IN ULONG CreateOptions, - IN PVOID EaBuffer OPTIONAL, - IN ULONG EaLength, - IN CREATE_FILE_TYPE CreateFileType, - IN PVOID ExtraCreateParameters OPTIONAL, - IN ULONG Options, - IN PVOID DeviceObject -); - -#endif // (VER_PRODUCTBUILD >= 2600) - -NTKERNELAPI -PFILE_OBJECT -IoCreateStreamFileObject ( - IN PFILE_OBJECT FileObject OPTIONAL, - IN PDEVICE_OBJECT DeviceObject OPTIONAL -); - -#if (VER_PRODUCTBUILD >= 2600) - -NTKERNELAPI -PFILE_OBJECT -IoCreateStreamFileObjectEx ( - IN PFILE_OBJECT FileObject OPTIONAL, - IN PDEVICE_OBJECT DeviceObject OPTIONAL, - OUT PHANDLE FileObjectHandle OPTIONAL -); - -#endif // (VER_PRODUCTBUILD >= 2600) - -#if (VER_PRODUCTBUILD >= 2195) - -NTKERNELAPI -PFILE_OBJECT -IoCreateStreamFileObjectLite ( - IN PFILE_OBJECT FileObject OPTIONAL, - IN PDEVICE_OBJECT DeviceObject OPTIONAL -); - -#endif // (VER_PRODUCTBUILD >= 2195) - -#if (VER_PRODUCTBUILD >= 2600) - -NTKERNELAPI -NTSTATUS -IoEnumerateDeviceObjectList ( - IN PDRIVER_OBJECT DriverObject, - IN PDEVICE_OBJECT *DeviceObjectList, - IN ULONG DeviceObjectListSize, - OUT PULONG ActualNumberDeviceObjects -); - -#endif // (VER_PRODUCTBUILD >= 2600) - -NTKERNELAPI -BOOLEAN -IoFastQueryNetworkAttributes ( - IN POBJECT_ATTRIBUTES ObjectAttributes, - IN ACCESS_MASK DesiredAccess, - IN ULONG OpenOptions, - OUT PIO_STATUS_BLOCK IoStatus, - OUT PFILE_NETWORK_OPEN_INFORMATION Buffer -); - -NTKERNELAPI -PDEVICE_OBJECT -IoGetAttachedDevice ( - IN PDEVICE_OBJECT DeviceObject -); - -NTKERNELAPI -PDEVICE_OBJECT -IoGetBaseFileSystemDeviceObject ( - IN PFILE_OBJECT FileObject -); - -#if (VER_PRODUCTBUILD >= 2600) - -NTKERNELAPI -PDEVICE_OBJECT -IoGetDeviceAttachmentBaseRef ( - IN PDEVICE_OBJECT DeviceObject -); - -NTKERNELAPI -NTSTATUS -IoGetDiskDeviceObject ( - IN PDEVICE_OBJECT FileSystemDeviceObject, - OUT PDEVICE_OBJECT *DiskDeviceObject -); - -NTKERNELAPI -PDEVICE_OBJECT -IoGetLowerDeviceObject ( - IN PDEVICE_OBJECT DeviceObject -); - -#endif // (VER_PRODUCTBUILD >= 2600) - -NTKERNELAPI -PEPROCESS -IoGetRequestorProcess ( - IN PIRP Irp -); - -#if (VER_PRODUCTBUILD >= 2195) - -NTKERNELAPI -ULONG -IoGetRequestorProcessId ( - IN PIRP Irp -); - -#endif // (VER_PRODUCTBUILD >= 2195) - -NTKERNELAPI -PIRP -IoGetTopLevelIrp ( - VOID -); - -#define IoIsFileOpenedExclusively(FileObject) ( \ - (BOOLEAN) !( \ - (FileObject)->SharedRead || \ - (FileObject)->SharedWrite || \ - (FileObject)->SharedDelete \ - ) \ -) - -#if (VER_PRODUCTBUILD >= 2195) - -NTKERNELAPI -BOOLEAN -IoIsFileOriginRemote ( - IN PFILE_OBJECT FileObject -); - -#endif // (VER_PRODUCTBUILD >= 2195) - -NTKERNELAPI -BOOLEAN -IoIsOperationSynchronous ( - IN PIRP Irp -); - -NTKERNELAPI -BOOLEAN -IoIsSystemThread ( - IN PETHREAD Thread -); - -#if (VER_PRODUCTBUILD >= 2195) - -NTKERNELAPI -BOOLEAN -IoIsValidNameGraftingBuffer ( - IN PIRP Irp, - IN PREPARSE_DATA_BUFFER ReparseBuffer -); - -#endif // (VER_PRODUCTBUILD >= 2195) - -NTKERNELAPI -NTSTATUS -IoPageRead ( - IN PFILE_OBJECT FileObject, - IN PMDL Mdl, - IN PLARGE_INTEGER Offset, - IN PKEVENT Event, - OUT PIO_STATUS_BLOCK IoStatusBlock -); - -#if (VER_PRODUCTBUILD >= 2600) - -NTKERNELAPI -NTSTATUS -IoQueryFileDosDeviceName ( - IN PFILE_OBJECT FileObject, - OUT POBJECT_NAME_INFORMATION *ObjectNameInformation -); - -#endif // (VER_PRODUCTBUILD >= 2600) - -NTKERNELAPI -NTSTATUS -IoQueryFileInformation ( - IN PFILE_OBJECT FileObject, - IN FILE_INFORMATION_CLASS FileInformationClass, - IN ULONG Length, - OUT PVOID FileInformation, - OUT PULONG ReturnedLength -); - -NTKERNELAPI -NTSTATUS -IoQueryVolumeInformation ( - IN PFILE_OBJECT FileObject, - IN FS_INFORMATION_CLASS FsInformationClass, - IN ULONG Length, - OUT PVOID FsInformation, - OUT PULONG ReturnedLength -); - -#if (VER_PRODUCTBUILD >= 1381) - -NTKERNELAPI -VOID -IoQueueThreadIrp ( - IN PIRP Irp -); - -#endif // (VER_PRODUCTBUILD >= 1381) - -NTKERNELAPI -VOID -IoRegisterFileSystem ( - IN OUT PDEVICE_OBJECT DeviceObject -); - -#if (VER_PRODUCTBUILD >= 1381) - -typedef VOID (*PDRIVER_FS_NOTIFICATION) ( - IN PDEVICE_OBJECT DeviceObject, - IN BOOLEAN DriverActive -); - -NTKERNELAPI -NTSTATUS -IoRegisterFsRegistrationChange ( - IN PDRIVER_OBJECT DriverObject, - IN PDRIVER_FS_NOTIFICATION DriverNotificationRoutine -); - -#endif // (VER_PRODUCTBUILD >= 1381) - -NTKERNELAPI -VOID -IoReleaseVpbSpinLock ( - IN KIRQL Irql -); - -NTKERNELAPI -VOID -IoSetDeviceToVerify ( - IN PETHREAD Thread, - IN PDEVICE_OBJECT DeviceObject -); - -#if (VER_PRODUCTBUILD >= 2195) - -NTKERNELAPI -NTSTATUS -IoSetFileOrigin ( - IN PFILE_OBJECT FileObject, - IN BOOLEAN Remote -); - -#endif // (VER_PRODUCTBUILD >= 2195) - -NTKERNELAPI -NTSTATUS -IoSetInformation ( - IN PFILE_OBJECT FileObject, - IN FILE_INFORMATION_CLASS FileInformationClass, - IN ULONG Length, - IN PVOID FileInformation -); - -NTKERNELAPI -VOID -IoSetTopLevelIrp ( - IN PIRP Irp -); - -NTKERNELAPI -NTSTATUS -IoSynchronousPageWrite ( - IN PFILE_OBJECT FileObject, - IN PMDL Mdl, - IN PLARGE_INTEGER FileOffset, - IN PKEVENT Event, - OUT PIO_STATUS_BLOCK IoStatusBlock -); - -NTKERNELAPI -PEPROCESS -IoThreadToProcess ( - IN PETHREAD Thread -); - -NTKERNELAPI -VOID -IoUnregisterFileSystem ( - IN OUT PDEVICE_OBJECT DeviceObject -); - -#if (VER_PRODUCTBUILD >= 1381) - -NTKERNELAPI -NTSTATUS -IoUnregisterFsRegistrationChange ( - IN PDRIVER_OBJECT DriverObject, - IN PDRIVER_FS_NOTIFICATION DriverNotificationRoutine -); - -#endif // (VER_PRODUCTBUILD >= 1381) - -NTKERNELAPI -NTSTATUS -IoVerifyVolume ( - IN PDEVICE_OBJECT DeviceObject, - IN BOOLEAN AllowRawMount -); - -#if (VER_PRODUCTBUILD >= 2195) - -NTKERNELAPI -KIRQL -FASTCALL -KeAcquireQueuedSpinLock ( - IN KSPIN_LOCK_QUEUE_NUMBER Number -); - -#endif // (VER_PRODUCTBUILD >= 2195) - -NTKERNELAPI -VOID -KeAttachProcess ( - IN PEPROCESS Process -); - -NTKERNELAPI -VOID -KeDetachProcess ( - VOID -); - -NTKERNELAPI -VOID -KeInitializeApc ( - PKAPC Apc, - PKTHREAD Thread, - UCHAR StateIndex, - PKKERNEL_ROUTINE KernelRoutine, - PKRUNDOWN_ROUTINE RundownRoutine, - PKNORMAL_ROUTINE NormalRoutine, - KPROCESSOR_MODE ApcMode, - PVOID NormalContext -); - -NTKERNELAPI -VOID -KeInitializeMutant ( - IN PRKMUTANT Mutant, - IN BOOLEAN InitialOwner -); - -NTKERNELAPI -VOID -KeInitializeQueue ( - IN PRKQUEUE Queue, - IN ULONG Count OPTIONAL -); - -NTKERNELAPI -LONG -KeInsertHeadQueue ( - IN PRKQUEUE Queue, - IN PLIST_ENTRY Entry -); - -NTKERNELAPI -LONG -KeInsertQueue ( - IN PRKQUEUE Queue, - IN PLIST_ENTRY Entry -); - -NTKERNELAPI -BOOLEAN -KeInsertQueueApc ( - IN PKAPC Apc, - IN PVOID SystemArgument1, - IN PVOID SystemArgument2, - IN KPRIORITY Increment -); - -#if (VER_PRODUCTBUILD >= 2600) - -NTKERNELAPI -BOOLEAN -KeIsAttachedProcess ( - VOID -); - -#endif // (VER_PRODUCTBUILD >= 2600) - -NTKERNELAPI -BOOLEAN -KeIsExecutingDpc ( - VOID -); - -NTKERNELAPI -LONG -KeReadStateMutant ( - IN PRKMUTANT Mutant -); - -NTKERNELAPI -LONG -KeReadStateQueue ( - IN PRKQUEUE Queue -); - -NTKERNELAPI -LONG -KeReleaseMutant ( - IN PRKMUTANT Mutant, - IN KPRIORITY Increment, - IN BOOLEAN Abandoned, - IN BOOLEAN Wait -); - -#if (VER_PRODUCTBUILD >= 2195) - -NTKERNELAPI -VOID -FASTCALL -KeReleaseQueuedSpinLock ( - IN KSPIN_LOCK_QUEUE_NUMBER Number, - IN KIRQL OldIrql -); - -#endif // (VER_PRODUCTBUILD >= 2195) - -NTKERNELAPI -PLIST_ENTRY -KeRemoveQueue ( - IN PRKQUEUE Queue, - IN KPROCESSOR_MODE WaitMode, - IN PLARGE_INTEGER Timeout OPTIONAL -); - -#if (VER_PRODUCTBUILD >= 2195) - -NTKERNELAPI -NTSTATUS -KeRevertToUserAffinityThread ( - VOID -); - -#endif // (VER_PRODUCTBUILD >= 2195) - -NTKERNELAPI -PLIST_ENTRY -KeRundownQueue ( - IN PRKQUEUE Queue -); - -#if (VER_PRODUCTBUILD >= 1381) - -NTKERNELAPI -CCHAR -KeSetIdealProcessorThread ( - IN PKTHREAD Thread, - IN CCHAR Processor -); - -NTKERNELAPI -BOOLEAN -KeSetKernelStackSwapEnable ( - IN BOOLEAN Enable -); - -#endif // (VER_PRODUCTBUILD >= 1381) - -#if (VER_PRODUCTBUILD >= 2195) - -NTKERNELAPI -VOID -KeStackAttachProcess ( - IN PKPROCESS Process, - OUT PKAPC_STATE ApcState -); - -NTKERNELAPI -LOGICAL -FASTCALL -KeTryToAcquireQueuedSpinLock ( - IN KSPIN_LOCK_QUEUE_NUMBER Number, - IN PKIRQL OldIrql -); - -NTKERNELAPI -VOID -KeUnstackDetachProcess ( - IN PKAPC_STATE ApcState -); - -#endif // (VER_PRODUCTBUILD >= 2195) - -NTKERNELAPI -NTSTATUS -KeUpdateSystemTime ( - VOID -); - -NTKERNELAPI -BOOLEAN -MmCanFileBeTruncated ( - IN PSECTION_OBJECT_POINTERS SectionObjectPointer, - IN PLARGE_INTEGER NewFileSize -); - -NTKERNELAPI -NTSTATUS -MmCreateSection ( - OUT PVOID *SectionObject, - IN ACCESS_MASK DesiredAccess, - IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, - IN PLARGE_INTEGER MaximumSize, - IN ULONG SectionPageProtection, - IN ULONG AllocationAttributes, - IN HANDLE FileHandle OPTIONAL, - IN PFILE_OBJECT FileObject OPTIONAL -); - -NTKERNELAPI -BOOLEAN -MmFlushImageSection ( - IN PSECTION_OBJECT_POINTERS SectionObjectPointer, - IN MMFLUSH_TYPE FlushType -); - -NTKERNELAPI -BOOLEAN -MmForceSectionClosed ( - IN PSECTION_OBJECT_POINTERS SectionObjectPointer, - IN BOOLEAN DelayClose -); - -#if (VER_PRODUCTBUILD >= 1381) - -NTKERNELAPI -BOOLEAN -MmIsRecursiveIoFault ( - VOID -); - -#else - -#define MmIsRecursiveIoFault() ( \ - (PsGetCurrentThread()->DisablePageFaultClustering) | \ - (PsGetCurrentThread()->ForwardClusterOnly) \ -) - -#endif - -NTKERNELAPI -NTSTATUS -MmMapViewOfSection ( - IN PVOID SectionObject, - IN PEPROCESS Process, - IN OUT PVOID *BaseAddress, - IN ULONG ZeroBits, - IN ULONG CommitSize, - IN OUT PLARGE_INTEGER SectionOffset OPTIONAL, - IN OUT PULONG ViewSize, - IN SECTION_INHERIT InheritDisposition, - IN ULONG AllocationType, - IN ULONG Protect -); - -#if (VER_PRODUCTBUILD >= 2600) - -NTKERNELAPI -NTSTATUS -MmPrefetchPages ( - IN ULONG NumberOfLists, - IN PREAD_LIST *ReadLists -); - -#endif // (VER_PRODUCTBUILD >= 2600) - -NTKERNELAPI -BOOLEAN -MmSetAddressRangeModified ( - IN PVOID Address, - IN SIZE_T Length -); - -NTKERNELAPI -NTSTATUS -ObCreateObject ( - IN KPROCESSOR_MODE ObjectAttributesAccessMode OPTIONAL, - IN POBJECT_TYPE ObjectType, - IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, - IN KPROCESSOR_MODE AccessMode, - IN OUT PVOID ParseContext OPTIONAL, - IN ULONG ObjectSize, - IN ULONG PagedPoolCharge OPTIONAL, - IN ULONG NonPagedPoolCharge OPTIONAL, - OUT PVOID *Object -); - -#if (VER_PRODUCTBUILD >= 2600) - -NTKERNELAPI -VOID -ObDereferenceSecurityDescriptor ( - IN PSECURITY_DESCRIPTOR SecurityDescriptor, - IN ULONG Count -); - -#endif // (VER_PRODUCTBUILD >= 2600) - -#if (VER_PRODUCTBUILD <= 2195) - -NTKERNELAPI -ULONG -ObGetObjectPointerCount ( - IN PVOID Object -); - -#endif // (VER_PRODUCTBUILD <= 2195) - -NTKERNELAPI -NTSTATUS -ObInsertObject ( - IN PVOID Object, - IN PACCESS_STATE PassedAccessState OPTIONAL, - IN ACCESS_MASK DesiredAccess, - IN ULONG AdditionalReferences, - OUT PVOID *ReferencedObject OPTIONAL, - OUT PHANDLE Handle -); - -#if (VER_PRODUCTBUILD >= 2600) - -NTKERNELAPI -NTSTATUS -ObLogSecurityDescriptor ( - IN PSECURITY_DESCRIPTOR InputSecurityDescriptor, - OUT PSECURITY_DESCRIPTOR *OutputSecurityDescriptor, - IN ULONG RefBias -); - -#endif // (VER_PRODUCTBUILD >= 2600) - -NTKERNELAPI -VOID -ObMakeTemporaryObject ( - IN PVOID Object -); - -NTKERNELAPI -NTSTATUS -ObOpenObjectByPointer ( - IN PVOID Object, - IN ULONG HandleAttributes, - IN PACCESS_STATE PassedAccessState OPTIONAL, - IN ACCESS_MASK DesiredAccess OPTIONAL, - IN POBJECT_TYPE ObjectType OPTIONAL, - IN KPROCESSOR_MODE AccessMode, - OUT PHANDLE Handle -); - -NTKERNELAPI -NTSTATUS -ObQueryNameString ( - IN PVOID Object, - OUT POBJECT_NAME_INFORMATION ObjectNameInfo, - IN ULONG Length, - OUT PULONG ReturnLength -); - -NTKERNELAPI -NTSTATUS -ObQueryObjectAuditingByHandle ( - IN HANDLE Handle, - OUT PBOOLEAN GenerateOnClose -); - -NTKERNELAPI -NTSTATUS -ObReferenceObjectByName ( - IN PUNICODE_STRING ObjectName, - IN ULONG Attributes, - IN PACCESS_STATE PassedAccessState OPTIONAL, - IN ACCESS_MASK DesiredAccess OPTIONAL, - IN POBJECT_TYPE ObjectType, - IN KPROCESSOR_MODE AccessMode, - IN OUT PVOID ParseContext OPTIONAL, - OUT PVOID *Object -); - -#if (VER_PRODUCTBUILD >= 2600) - -NTKERNELAPI -VOID -ObReferenceSecurityDescriptor ( - IN PSECURITY_DESCRIPTOR SecurityDescriptor, - IN ULONG Count -); - -NTKERNELAPI -NTSTATUS -PoQueueShutdownWorkItem ( - IN PWORK_QUEUE_ITEM WorkItem -); - -#endif // (VER_PRODUCTBUILD >= 2600) - -NTKERNELAPI -NTSTATUS -PsAssignImpersonationToken ( - IN PETHREAD Thread, - IN HANDLE Token -); - -NTKERNELAPI -VOID -PsChargePoolQuota ( - IN PEPROCESS Process, - IN POOL_TYPE PoolType, - IN ULONG Amount -); - -#if (VER_PRODUCTBUILD >= 2600) - -NTKERNELAPI -NTSTATUS -PsChargeProcessNonPagedPoolQuota ( - IN PEPROCESS Process, - IN ULONG_PTR Amount -); - -NTKERNELAPI -NTSTATUS -PsChargeProcessPagedPoolQuota ( - IN PEPROCESS Process, - IN ULONG_PTR Amount -); - -NTKERNELAPI -NTSTATUS -PsChargeProcessPoolQuota ( - IN PEPROCESS Process, - IN POOL_TYPE PoolType, - IN ULONG_PTR Amount -); - -#endif // (VER_PRODUCTBUILD >= 2600) - -#if (VER_PRODUCTBUILD >= 2600) - -NTKERNELAPI -VOID -PsDereferenceImpersonationToken ( - IN PACCESS_TOKEN ImpersonationToken -); - -NTKERNELAPI -VOID -PsDereferencePrimaryToken ( - IN PACCESS_TOKEN PrimaryToken -); - -#else - -#define PsDereferenceImpersonationToken(T) \ - {if (ARGUMENT_PRESENT(T)) { \ - (ObDereferenceObject((T))); \ - } else { \ - ; \ - } \ -} - -#define PsDereferencePrimaryToken(T) (ObDereferenceObject((T))) - -#endif - -#if (VER_PRODUCTBUILD >= 2195) - -NTKERNELAPI -BOOLEAN -PsDisableImpersonation ( - IN PETHREAD Thread, - IN PSE_IMPERSONATION_STATE ImpersonationState -); - -#endif // (VER_PRODUCTBUILD >= 2195) - -#if (VER_PRODUCTBUILD >= 2600) - -NTKERNELAPI -ULONG -PsGetCurrentProcessSessionId ( - VOID -); - -NTKERNELAPI -KPROCESSOR_MODE -PsGetCurrentThreadPreviousMode ( - VOID -); - -NTKERNELAPI -PVOID -PsGetCurrentThreadStackBase ( - VOID -); - -NTKERNELAPI -PVOID -PsGetCurrentThreadStackLimit ( - VOID -); - -#endif // (VER_PRODUCTBUILD >= 2600) - -NTKERNELAPI -LARGE_INTEGER -PsGetProcessExitTime ( - VOID -); - -NTKERNELAPI -NTSTATUS -PsImpersonateClient ( - IN PETHREAD Thread, - IN PACCESS_TOKEN Token, - IN BOOLEAN CopyOnOpen, - IN BOOLEAN EffectiveOnly, - IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel -); - -#if (VER_PRODUCTBUILD >= 2600) - -NTKERNELAPI -BOOLEAN -PsIsSystemThread ( - IN PETHREAD Thread -); - -#endif // (VER_PRODUCTBUILD >= 2600) - -NTKERNELAPI -BOOLEAN -PsIsThreadTerminating ( - IN PETHREAD Thread -); - -// -// PsLookupProcessByProcessId returns a referenced pointer to the process -// that should be dereferenced after use with a call to ObDereferenceObject. -// -NTKERNELAPI -NTSTATUS -PsLookupProcessByProcessId ( - IN PVOID ProcessId, - OUT PEPROCESS *Process -); - -NTKERNELAPI -NTSTATUS -PsLookupProcessThreadByCid ( - IN PCLIENT_ID Cid, - OUT PEPROCESS *Process OPTIONAL, - OUT PETHREAD *Thread -); - -NTKERNELAPI -NTSTATUS -PsLookupThreadByThreadId ( - IN PVOID UniqueThreadId, - OUT PETHREAD *Thread -); - -NTKERNELAPI -PACCESS_TOKEN -PsReferenceImpersonationToken ( - IN PETHREAD Thread, - OUT PBOOLEAN CopyOnOpen, - OUT PBOOLEAN EffectiveOnly, - OUT PSECURITY_IMPERSONATION_LEVEL ImpersonationLevel -); - -NTKERNELAPI -PACCESS_TOKEN -PsReferencePrimaryToken ( - IN PEPROCESS Process -); - -#if (VER_PRODUCTBUILD >= 2195) - -NTKERNELAPI -VOID -PsRestoreImpersonation ( - IN PETHREAD Thread, - IN PSE_IMPERSONATION_STATE ImpersonationState -); - -#endif // (VER_PRODUCTBUILD >= 2195) - -NTKERNELAPI -VOID -PsReturnPoolQuota ( - IN PEPROCESS Process, - IN POOL_TYPE PoolType, - IN ULONG Amount -); - -#if (VER_PRODUCTBUILD >= 1381) - -NTKERNELAPI -VOID -PsRevertToSelf ( - VOID -); - -#endif // (VER_PRODUCTBUILD >= 1381) - -NTSYSAPI -NTSTATUS -NTAPI -RtlAbsoluteToSelfRelativeSD ( - IN PSECURITY_DESCRIPTOR AbsoluteSecurityDescriptor, - IN OUT PSECURITY_DESCRIPTOR SelfRelativeSecurityDescriptor, - IN PULONG BufferLength -); - -NTSYSAPI -PVOID -NTAPI -RtlAllocateHeap ( - IN HANDLE HeapHandle, - IN ULONG Flags, - IN ULONG Size -); - -NTSYSAPI -NTSTATUS -NTAPI -RtlCompressBuffer ( - IN USHORT CompressionFormatAndEngine, - IN PUCHAR UncompressedBuffer, - IN ULONG UncompressedBufferSize, - OUT PUCHAR CompressedBuffer, - IN ULONG CompressedBufferSize, - IN ULONG UncompressedChunkSize, - OUT PULONG FinalCompressedSize, - IN PVOID WorkSpace -); - -NTSYSAPI -NTSTATUS -NTAPI -RtlCompressChunks ( - IN PUCHAR UncompressedBuffer, - IN ULONG UncompressedBufferSize, - OUT PUCHAR CompressedBuffer, - IN ULONG CompressedBufferSize, - IN OUT PCOMPRESSED_DATA_INFO CompressedDataInfo, - IN ULONG CompressedDataInfoLength, - IN PVOID WorkSpace -); - -NTSYSAPI -NTSTATUS -NTAPI -RtlConvertSidToUnicodeString ( - OUT PUNICODE_STRING DestinationString, - IN PSID Sid, - IN BOOLEAN AllocateDestinationString -); - -NTSYSAPI -NTSTATUS -NTAPI -RtlCopySid ( - IN ULONG Length, - IN PSID Destination, - IN PSID Source -); - -NTSYSAPI -HANDLE -NTAPI -RtlCreateHeap ( - IN ULONG Flags, - IN PVOID Base, - IN ULONG Reserve, - IN ULONG Commit, - IN ULONG Lock, - IN PVOID RtlHeapParams -); - -NTSYSAPI -NTSTATUS -NTAPI -RtlDecompressBuffer ( - IN USHORT CompressionFormat, - OUT PUCHAR UncompressedBuffer, - IN ULONG UncompressedBufferSize, - IN PUCHAR CompressedBuffer, - IN ULONG CompressedBufferSize, - OUT PULONG FinalUncompressedSize -); - -NTSYSAPI -NTSTATUS -NTAPI -RtlDecompressChunks ( - OUT PUCHAR UncompressedBuffer, - IN ULONG UncompressedBufferSize, - IN PUCHAR CompressedBuffer, - IN ULONG CompressedBufferSize, - IN PUCHAR CompressedTail, - IN ULONG CompressedTailSize, - IN PCOMPRESSED_DATA_INFO CompressedDataInfo -); - -NTSYSAPI -NTSTATUS -NTAPI -RtlDecompressFragment ( - IN USHORT CompressionFormat, - OUT PUCHAR UncompressedFragment, - IN ULONG UncompressedFragmentSize, - IN PUCHAR CompressedBuffer, - IN ULONG CompressedBufferSize, - IN ULONG FragmentOffset, - OUT PULONG FinalUncompressedSize, - IN PVOID WorkSpace -); - -NTSYSAPI -NTSTATUS -NTAPI -RtlDescribeChunk ( - IN USHORT CompressionFormat, - IN OUT PUCHAR *CompressedBuffer, - IN PUCHAR EndOfCompressedBufferPlus1, - OUT PUCHAR *ChunkBuffer, - OUT PULONG ChunkSize -); - -NTSYSAPI -NTSTATUS -NTAPI -RtlDestroyHeap ( - IN HANDLE HeapHandle -); - -NTSYSAPI -BOOLEAN -NTAPI -RtlEqualSid ( - IN PSID Sid1, - IN PSID Sid2 -); - -NTSYSAPI -VOID -NTAPI -RtlFillMemoryUlong ( - IN PVOID Destination, - IN ULONG Length, - IN ULONG Fill -); - -NTSYSAPI -BOOLEAN -NTAPI -RtlFreeHeap ( - IN HANDLE HeapHandle, - IN ULONG Flags, - IN PVOID P -); - -NTSYSAPI -VOID -NTAPI -RtlGenerate8dot3Name ( - IN PUNICODE_STRING Name, - IN BOOLEAN AllowExtendedCharacters, - IN OUT PGENERATE_NAME_CONTEXT Context, - OUT PUNICODE_STRING Name8dot3 -); - -NTSYSAPI -NTSTATUS -NTAPI -RtlGetCompressionWorkSpaceSize ( - IN USHORT CompressionFormatAndEngine, - OUT PULONG CompressBufferWorkSpaceSize, - OUT PULONG CompressFragmentWorkSpaceSize -); - -NTSYSAPI -NTSTATUS -NTAPI -RtlGetDaclSecurityDescriptor ( - IN PSECURITY_DESCRIPTOR SecurityDescriptor, - OUT PBOOLEAN DaclPresent, - OUT PACL *Dacl, - OUT PBOOLEAN DaclDefaulted -); - -NTSYSAPI -NTSTATUS -NTAPI -RtlGetGroupSecurityDescriptor ( - IN PSECURITY_DESCRIPTOR SecurityDescriptor, - OUT PSID *Group, - OUT PBOOLEAN GroupDefaulted -); - -#if (VER_PRODUCTBUILD >= 2195) - -NTSYSAPI -ULONG -NTAPI -RtlGetNtGlobalFlags ( - VOID -); - -#endif // (VER_PRODUCTBUILD >= 2195) - -NTSYSAPI -NTSTATUS -NTAPI -RtlGetOwnerSecurityDescriptor ( - IN PSECURITY_DESCRIPTOR SecurityDescriptor, - OUT PSID *Owner, - OUT PBOOLEAN OwnerDefaulted -); - -// -// This function returns a PIMAGE_NT_HEADERS, -// see the standard include file winnt.h -// -NTSYSAPI -PVOID -NTAPI -RtlImageNtHeader ( - IN PVOID BaseAddress -); - -NTSYSAPI -NTSTATUS -NTAPI -RtlInitializeSid ( - IN OUT PSID Sid, - IN PSID_IDENTIFIER_AUTHORITY IdentifierAuthority, - IN UCHAR SubAuthorityCount -); - -NTSYSAPI -BOOLEAN -NTAPI -RtlIsNameLegalDOS8Dot3 ( - IN PUNICODE_STRING UnicodeName, - IN PANSI_STRING AnsiName, - PBOOLEAN Unknown -); - -NTSYSAPI -ULONG -NTAPI -RtlLengthRequiredSid ( - IN UCHAR SubAuthorityCount -); - -NTSYSAPI -ULONG -NTAPI -RtlLengthSid ( - IN PSID Sid -); - -NTSYSAPI -ULONG -NTAPI -RtlNtStatusToDosError ( - IN NTSTATUS Status -); - -#define RtlOemStringToCountedUnicodeSize(STRING) ( \ - (ULONG)(RtlOemStringToUnicodeSize(STRING) - sizeof(UNICODE_NULL)) \ -) - -#define RtlOemStringToUnicodeSize(STRING) ( \ - NLS_MB_OEM_CODE_PAGE_TAG ? \ - RtlxOemStringToUnicodeSize(STRING) : \ - ((STRING)->Length + sizeof(ANSI_NULL)) * sizeof(WCHAR) \ -) - -NTSYSAPI -NTSTATUS -NTAPI -RtlOemStringToUnicodeString ( - OUT PUNICODE_STRING DestinationString, - IN POEM_STRING SourceString, - IN BOOLEAN AllocateDestinationString -); - -NTSYSAPI -ULONG -NTAPI -RtlRandom ( - IN PULONG Seed -); - -#if (VER_PRODUCTBUILD >= 2600) - -NTSYSAPI -ULONG -NTAPI -RtlRandomEx ( - IN PULONG Seed -); - -#endif // (VER_PRODUCTBUILD >= 2600) - -NTSYSAPI -NTSTATUS -NTAPI -RtlReserveChunk ( - IN USHORT CompressionFormat, - IN OUT PUCHAR *CompressedBuffer, - IN PUCHAR EndOfCompressedBufferPlus1, - OUT PUCHAR *ChunkBuffer, - IN ULONG ChunkSize -); - -NTSYSAPI -VOID -NTAPI -RtlSecondsSince1970ToTime ( - IN ULONG SecondsSince1970, - OUT PLARGE_INTEGER Time -); - -NTSYSAPI -VOID -NTAPI -RtlSecondsSince1980ToTime ( - IN ULONG SecondsSince1980, - OUT PLARGE_INTEGER Time -); - -#if (VER_PRODUCTBUILD >= 2195) - -NTSYSAPI -NTSTATUS -NTAPI -RtlSelfRelativeToAbsoluteSD ( - IN PSECURITY_DESCRIPTOR SelfRelativeSD, - OUT PSECURITY_DESCRIPTOR AbsoluteSD, - IN PULONG AbsoluteSDSize, - IN PACL Dacl, - IN PULONG DaclSize, - IN PACL Sacl, - IN PULONG SaclSize, - IN PSID Owner, - IN PULONG OwnerSize, - IN PSID PrimaryGroup, - IN PULONG PrimaryGroupSize -); - -#endif // (VER_PRODUCTBUILD >= 2195) - -NTSYSAPI -NTSTATUS -NTAPI -RtlSetGroupSecurityDescriptor ( - IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor, - IN PSID Group, - IN BOOLEAN GroupDefaulted -); - -NTSYSAPI -NTSTATUS -NTAPI -RtlSetOwnerSecurityDescriptor ( - IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor, - IN PSID Owner, - IN BOOLEAN OwnerDefaulted -); - -NTSYSAPI -NTSTATUS -NTAPI -RtlSetSaclSecurityDescriptor ( - IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor, - IN BOOLEAN SaclPresent, - IN PACL Sacl, - IN BOOLEAN SaclDefaulted -); - -NTSYSAPI -PUCHAR -NTAPI -RtlSubAuthorityCountSid ( - IN PSID Sid -); - -NTSYSAPI -PULONG -NTAPI -RtlSubAuthoritySid ( - IN PSID Sid, - IN ULONG SubAuthority -); - -NTSYSAPI -BOOLEAN -NTAPI -RtlTimeToSecondsSince1970 ( - IN PLARGE_INTEGER Time, - OUT PULONG SecondsSince1970 -); - -NTSYSAPI -BOOLEAN -NTAPI -RtlTimeToSecondsSince1980 ( - IN PLARGE_INTEGER Time, - OUT PULONG SecondsSince1980 -); - -#define RtlUnicodeStringToOemSize(STRING) ( \ - NLS_MB_OEM_CODE_PAGE_TAG ? \ - RtlxUnicodeStringToOemSize(STRING) : \ - ((STRING)->Length + sizeof(UNICODE_NULL)) / sizeof(WCHAR) \ -) - -NTSYSAPI -NTSTATUS -NTAPI -RtlUnicodeStringToOemString ( - OUT POEM_STRING DestinationString, - IN PUNICODE_STRING SourceString, - IN BOOLEAN AllocateDestinationString -); - -NTSYSAPI -BOOLEAN -NTAPI -RtlValidSid ( - IN PSID Sid -); - -NTSYSAPI -ULONG -NTAPI -RtlxOemStringToUnicodeSize ( - IN POEM_STRING OemString -); - -NTSYSAPI -ULONG -NTAPI -RtlxUnicodeStringToAnsiSize ( - IN PUNICODE_STRING UnicodeString -); - -NTSYSAPI -ULONG -NTAPI -RtlxUnicodeStringToOemSize ( - IN PUNICODE_STRING UnicodeString -); - -NTKERNELAPI -NTSTATUS -SeAppendPrivileges ( - PACCESS_STATE AccessState, - PPRIVILEGE_SET Privileges -); - -#if (VER_PRODUCTBUILD >= 2195) - -NTKERNELAPI -VOID -SeAuditHardLinkCreation ( - IN PUNICODE_STRING FileName, - IN PUNICODE_STRING LinkName, - IN BOOLEAN Success -); - -#endif // (VER_PRODUCTBUILD >= 2195) - -NTKERNELAPI -BOOLEAN -SeAuditingFileEvents ( - IN BOOLEAN AccessGranted, - IN PSECURITY_DESCRIPTOR SecurityDescriptor -); - -NTKERNELAPI -BOOLEAN -SeAuditingFileOrGlobalEvents ( - IN BOOLEAN AccessGranted, - IN PSECURITY_DESCRIPTOR SecurityDescriptor, - IN PSECURITY_SUBJECT_CONTEXT SubjectContext -); - -#if (VER_PRODUCTBUILD >= 2195) - -NTKERNELAPI -BOOLEAN -SeAuditingHardLinkEvents ( - IN BOOLEAN AccessGranted, - IN PSECURITY_DESCRIPTOR SecurityDescriptor -); - -#endif // (VER_PRODUCTBUILD >= 2195) - -NTKERNELAPI -VOID -SeCaptureSubjectContext ( - OUT PSECURITY_SUBJECT_CONTEXT SubjectContext -); - -NTKERNELAPI -NTSTATUS -SeCreateAccessState ( - OUT PACCESS_STATE AccessState, - IN PVOID AuxData, - IN ACCESS_MASK AccessMask, - IN PGENERIC_MAPPING Mapping -); - -NTKERNELAPI -NTSTATUS -SeCreateClientSecurity ( - IN PETHREAD Thread, - IN PSECURITY_QUALITY_OF_SERVICE QualityOfService, - IN BOOLEAN RemoteClient, - OUT PSECURITY_CLIENT_CONTEXT ClientContext -); - -#if (VER_PRODUCTBUILD >= 2195) - -NTKERNELAPI -NTSTATUS -SeCreateClientSecurityFromSubjectContext ( - IN PSECURITY_SUBJECT_CONTEXT SubjectContext, - IN PSECURITY_QUALITY_OF_SERVICE QualityOfService, - IN BOOLEAN ServerIsRemote, - OUT PSECURITY_CLIENT_CONTEXT ClientContext -); - -#endif // (VER_PRODUCTBUILD >= 2195) - -NTKERNELAPI -VOID -SeDeleteAccessState ( - IN PACCESS_STATE AccessState -); - -#define SeDeleteClientSecurity(C) { \ - if (SeTokenType((C)->ClientToken) == TokenPrimary) { \ - PsDereferencePrimaryToken( (C)->ClientToken ); \ - } else { \ - PsDereferenceImpersonationToken( (C)->ClientToken ); \ - } \ -} - -NTKERNELAPI -VOID -SeDeleteObjectAuditAlarm ( - IN PVOID Object, - IN HANDLE Handle -); - -#define SeEnableAccessToExports() SeExports = *(PSE_EXPORTS *)SeExports; - -#if (VER_PRODUCTBUILD >= 2600) - -NTKERNELAPI -NTSTATUS -SeFilterToken ( - IN PACCESS_TOKEN ExistingToken, - IN ULONG Flags, - IN PTOKEN_GROUPS SidsToDisable OPTIONAL, - IN PTOKEN_PRIVILEGES PrivilegesToDelete OPTIONAL, - IN PTOKEN_GROUPS RestrictedSids OPTIONAL, - OUT PACCESS_TOKEN *FilteredToken -); - -#endif // (VER_PRODUCTBUILD >= 2600) - -NTKERNELAPI -VOID -SeFreePrivileges ( - IN PPRIVILEGE_SET Privileges -); - -NTKERNELAPI -VOID -SeImpersonateClient ( - IN PSECURITY_CLIENT_CONTEXT ClientContext, - IN PETHREAD ServerThread OPTIONAL -); - -#if (VER_PRODUCTBUILD >= 2195) - -NTKERNELAPI -NTSTATUS -SeImpersonateClientEx ( - IN PSECURITY_CLIENT_CONTEXT ClientContext, - IN PETHREAD ServerThread OPTIONAL -); - -#endif // (VER_PRODUCTBUILD >= 2195) - -NTKERNELAPI -VOID -SeLockSubjectContext ( - IN PSECURITY_SUBJECT_CONTEXT SubjectContext -); - -NTKERNELAPI -NTSTATUS -SeMarkLogonSessionForTerminationNotification ( - IN PLUID LogonId -); - -NTKERNELAPI -VOID -SeOpenObjectAuditAlarm ( - IN PUNICODE_STRING ObjectTypeName, - IN PVOID Object OPTIONAL, - IN PUNICODE_STRING AbsoluteObjectName OPTIONAL, - IN PSECURITY_DESCRIPTOR SecurityDescriptor, - IN PACCESS_STATE AccessState, - IN BOOLEAN ObjectCreated, - IN BOOLEAN AccessGranted, - IN KPROCESSOR_MODE AccessMode, - OUT PBOOLEAN GenerateOnClose -); - -NTKERNELAPI -VOID -SeOpenObjectForDeleteAuditAlarm ( - IN PUNICODE_STRING ObjectTypeName, - IN PVOID Object OPTIONAL, - IN PUNICODE_STRING AbsoluteObjectName OPTIONAL, - IN PSECURITY_DESCRIPTOR SecurityDescriptor, - IN PACCESS_STATE AccessState, - IN BOOLEAN ObjectCreated, - IN BOOLEAN AccessGranted, - IN KPROCESSOR_MODE AccessMode, - OUT PBOOLEAN GenerateOnClose -); - -NTKERNELAPI -BOOLEAN -SePrivilegeCheck ( - IN OUT PPRIVILEGE_SET RequiredPrivileges, - IN PSECURITY_SUBJECT_CONTEXT SubjectContext, - IN KPROCESSOR_MODE AccessMode -); - -NTKERNELAPI -NTSTATUS -SeQueryAuthenticationIdToken ( - IN PACCESS_TOKEN Token, - OUT PLUID LogonId -); - -#if (VER_PRODUCTBUILD >= 2195) - -NTKERNELAPI -NTSTATUS -SeQueryInformationToken ( - IN PACCESS_TOKEN Token, - IN TOKEN_INFORMATION_CLASS TokenInformationClass, - OUT PVOID *TokenInformation -); - -#endif // (VER_PRODUCTBUILD >= 2195) - -NTKERNELAPI -NTSTATUS -SeQuerySecurityDescriptorInfo ( - IN PSECURITY_INFORMATION SecurityInformation, - OUT PSECURITY_DESCRIPTOR SecurityDescriptor, - IN OUT PULONG Length, - IN PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor -); - -#if (VER_PRODUCTBUILD >= 2195) - -NTKERNELAPI -NTSTATUS -SeQuerySessionIdToken ( - IN PACCESS_TOKEN Token, - IN PULONG SessionId -); - -#endif // (VER_PRODUCTBUILD >= 2195) - -#define SeQuerySubjectContextToken( SubjectContext ) \ - ( ARGUMENT_PRESENT( \ - ((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->ClientToken \ - ) ? \ - ((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->ClientToken : \ - ((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->PrimaryToken ) - -typedef NTSTATUS (*PSE_LOGON_SESSION_TERMINATED_ROUTINE) ( - IN PLUID LogonId -); - -NTKERNELAPI -NTSTATUS -SeRegisterLogonSessionTerminatedRoutine ( - IN PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine -); - -NTKERNELAPI -VOID -SeReleaseSubjectContext ( - IN PSECURITY_SUBJECT_CONTEXT SubjectContext -); - -NTKERNELAPI -VOID -SeSetAccessStateGenericMapping ( - PACCESS_STATE AccessState, - PGENERIC_MAPPING GenericMapping -); - -NTKERNELAPI -NTSTATUS -SeSetSecurityDescriptorInfo ( - IN PVOID Object OPTIONAL, - IN PSECURITY_INFORMATION SecurityInformation, - IN PSECURITY_DESCRIPTOR SecurityDescriptor, - IN OUT PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor, - IN POOL_TYPE PoolType, - IN PGENERIC_MAPPING GenericMapping -); - -#if (VER_PRODUCTBUILD >= 2195) - -NTKERNELAPI -NTSTATUS -SeSetSecurityDescriptorInfoEx ( - IN PVOID Object OPTIONAL, - IN PSECURITY_INFORMATION SecurityInformation, - IN PSECURITY_DESCRIPTOR ModificationDescriptor, - IN OUT PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor, - IN ULONG AutoInheritFlags, - IN POOL_TYPE PoolType, - IN PGENERIC_MAPPING GenericMapping -); - -NTKERNELAPI -BOOLEAN -SeTokenIsAdmin ( - IN PACCESS_TOKEN Token -); - -NTKERNELAPI -BOOLEAN -SeTokenIsRestricted ( - IN PACCESS_TOKEN Token -); - -#endif // (VER_PRODUCTBUILD >= 2195) - -NTKERNELAPI -TOKEN_TYPE -SeTokenType ( - IN PACCESS_TOKEN Token -); - -NTKERNELAPI -VOID -SeUnlockSubjectContext ( - IN PSECURITY_SUBJECT_CONTEXT SubjectContext -); - -NTKERNELAPI -NTSTATUS -SeUnregisterLogonSessionTerminatedRoutine ( - IN PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine -); - -#if (VER_PRODUCTBUILD >= 2195) - -NTSYSAPI -NTSTATUS -NTAPI -ZwAdjustPrivilegesToken ( - IN HANDLE TokenHandle, - IN BOOLEAN DisableAllPrivileges, - IN PTOKEN_PRIVILEGES NewState, - IN ULONG BufferLength, - OUT PTOKEN_PRIVILEGES PreviousState OPTIONAL, - OUT PULONG ReturnLength -); - -#endif // (VER_PRODUCTBUILD >= 2195) - -NTSYSAPI -NTSTATUS -NTAPI -ZwAlertThread ( - IN HANDLE ThreadHandle -); - -NTSYSAPI -NTSTATUS -NTAPI -ZwAllocateVirtualMemory ( - IN HANDLE ProcessHandle, - IN OUT PVOID *BaseAddress, - IN ULONG ZeroBits, - IN OUT PSIZE_T RegionSize, - IN ULONG AllocationType, - IN ULONG Protect -); - -NTSYSAPI -NTSTATUS -NTAPI -ZwAccessCheckAndAuditAlarm ( - IN PUNICODE_STRING SubsystemName, - IN PVOID HandleId, - IN PUNICODE_STRING ObjectTypeName, - IN PUNICODE_STRING ObjectName, - IN PSECURITY_DESCRIPTOR SecurityDescriptor, - IN ACCESS_MASK DesiredAccess, - IN PGENERIC_MAPPING GenericMapping, - IN BOOLEAN ObjectCreation, - OUT PACCESS_MASK GrantedAccess, - OUT PBOOLEAN AccessStatus, - OUT PBOOLEAN GenerateOnClose -); - -#if (VER_PRODUCTBUILD >= 2195) - -NTSYSAPI -NTSTATUS -NTAPI -ZwCancelIoFile ( - IN HANDLE FileHandle, - OUT PIO_STATUS_BLOCK IoStatusBlock -); - -#endif // (VER_PRODUCTBUILD >= 2195) - -NTSYSAPI -NTSTATUS -NTAPI -ZwClearEvent ( - IN HANDLE EventHandle -); - -NTSYSAPI -NTSTATUS -NTAPI -ZwConnectPort ( - OUT PHANDLE ClientPortHandle, - IN PUNICODE_STRING ServerPortName, - IN PSECURITY_QUALITY_OF_SERVICE SecurityQos, - IN OUT PLPC_SECTION_WRITE ClientSharedMemory OPTIONAL, - IN OUT PLPC_SECTION_READ ServerSharedMemory OPTIONAL, - OUT PULONG MaximumMessageLength OPTIONAL, - IN OUT PVOID ConnectionInfo OPTIONAL, - IN OUT PULONG ConnectionInfoLength OPTIONAL -); - -NTSYSAPI -NTSTATUS -NTAPI -ZwCloseObjectAuditAlarm ( - IN PUNICODE_STRING SubsystemName, - IN PVOID HandleId, - IN BOOLEAN GenerateOnClose -); - -NTSYSAPI -NTSTATUS -NTAPI -ZwCreateEvent ( - OUT PHANDLE EventHandle, - IN ACCESS_MASK DesiredAccess, - IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, - IN EVENT_TYPE EventType, - IN BOOLEAN InitialState -); - -NTSYSAPI -NTSTATUS -NTAPI -ZwCreateSection ( - OUT PHANDLE SectionHandle, - IN ACCESS_MASK DesiredAccess, - IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, - IN PLARGE_INTEGER MaximumSize OPTIONAL, - IN ULONG SectionPageProtection, - IN ULONG AllocationAttributes, - IN HANDLE FileHandle OPTIONAL -); - -NTSYSAPI -NTSTATUS -NTAPI -ZwCreateSymbolicLinkObject ( - OUT PHANDLE SymbolicLinkHandle, - IN ACCESS_MASK DesiredAccess, - IN POBJECT_ATTRIBUTES ObjectAttributes, - IN PUNICODE_STRING TargetName -); - -NTSYSAPI -NTSTATUS -NTAPI -ZwDeleteFile ( - IN POBJECT_ATTRIBUTES ObjectAttributes -); - -NTSYSAPI -NTSTATUS -NTAPI -ZwDeleteValueKey ( - IN HANDLE Handle, - IN PUNICODE_STRING Name -); - -NTSYSAPI -NTSTATUS -NTAPI -ZwDeviceIoControlFile ( - IN HANDLE FileHandle, - IN HANDLE Event OPTIONAL, - IN PIO_APC_ROUTINE ApcRoutine OPTIONAL, - IN PVOID ApcContext OPTIONAL, - OUT PIO_STATUS_BLOCK IoStatusBlock, - IN ULONG IoControlCode, - IN PVOID InputBuffer OPTIONAL, - IN ULONG InputBufferLength, - OUT PVOID OutputBuffer OPTIONAL, - IN ULONG OutputBufferLength -); - -// -// If using ZwDisplayString during boot on Windows 2000 or later you must -// first call InbvEnableDisplayString. -// -NTSYSAPI -NTSTATUS -NTAPI -ZwDisplayString ( - IN PUNICODE_STRING String -); - -NTSYSAPI -NTSTATUS -NTAPI -ZwDuplicateObject ( - IN HANDLE SourceProcessHandle, - IN HANDLE SourceHandle, - IN HANDLE TargetProcessHandle OPTIONAL, - OUT PHANDLE TargetHandle OPTIONAL, - IN ACCESS_MASK DesiredAccess, - IN ULONG HandleAttributes, - IN ULONG Options -); - -NTSYSAPI -NTSTATUS -NTAPI -ZwDuplicateToken ( - IN HANDLE ExistingTokenHandle, - IN ACCESS_MASK DesiredAccess, - IN POBJECT_ATTRIBUTES ObjectAttributes, - IN BOOLEAN EffectiveOnly, - IN TOKEN_TYPE TokenType, - OUT PHANDLE NewTokenHandle -); - -NTSYSAPI -NTSTATUS -NTAPI -ZwFlushInstructionCache ( - IN HANDLE ProcessHandle, - IN PVOID BaseAddress OPTIONAL, - IN ULONG FlushSize -); - -#if (VER_PRODUCTBUILD >= 2195) - -NTSYSAPI -NTSTATUS -NTAPI -ZwFlushVirtualMemory ( - IN HANDLE ProcessHandle, - IN OUT PVOID *BaseAddress, - IN OUT PSIZE_T RegionSize, - OUT PIO_STATUS_BLOCK IoStatusBlock -); - -#endif // (VER_PRODUCTBUILD >= 2195) - -NTSYSAPI -NTSTATUS -NTAPI -ZwFreeVirtualMemory ( - IN HANDLE ProcessHandle, - IN OUT PVOID *BaseAddress, - IN OUT PSIZE_T RegionSize, - IN ULONG FreeType -); - -NTSYSAPI -NTSTATUS -NTAPI -ZwFsControlFile ( - IN HANDLE FileHandle, - IN HANDLE Event OPTIONAL, - IN PIO_APC_ROUTINE ApcRoutine OPTIONAL, - IN PVOID ApcContext OPTIONAL, - OUT PIO_STATUS_BLOCK IoStatusBlock, - IN ULONG FsControlCode, - IN PVOID InputBuffer OPTIONAL, - IN ULONG InputBufferLength, - OUT PVOID OutputBuffer OPTIONAL, - IN ULONG OutputBufferLength -); - -#if (VER_PRODUCTBUILD >= 2195) - -NTSYSAPI -NTSTATUS -NTAPI -ZwInitiatePowerAction ( - IN POWER_ACTION SystemAction, - IN SYSTEM_POWER_STATE MinSystemState, - IN ULONG Flags, - IN BOOLEAN Asynchronous -); - -#endif // (VER_PRODUCTBUILD >= 2195) - -NTSYSAPI -NTSTATUS -NTAPI -ZwLoadDriver ( - // "\\Registry\\Machine\\System\\CurrentControlSet\\Services\\" - IN PUNICODE_STRING RegistryPath -); - -NTSYSAPI -NTSTATUS -NTAPI -ZwLoadKey ( - IN POBJECT_ATTRIBUTES KeyObjectAttributes, - IN POBJECT_ATTRIBUTES FileObjectAttributes -); - -NTSYSAPI -NTSTATUS -NTAPI -ZwNotifyChangeKey ( - IN HANDLE KeyHandle, - IN HANDLE EventHandle OPTIONAL, - IN PIO_APC_ROUTINE ApcRoutine OPTIONAL, - IN PVOID ApcContext OPTIONAL, - OUT PIO_STATUS_BLOCK IoStatusBlock, - IN ULONG NotifyFilter, - IN BOOLEAN WatchSubtree, - IN PVOID Buffer, - IN ULONG BufferLength, - IN BOOLEAN Asynchronous -); - -NTSYSAPI -NTSTATUS -NTAPI -ZwOpenDirectoryObject ( - OUT PHANDLE DirectoryHandle, - IN ACCESS_MASK DesiredAccess, - IN POBJECT_ATTRIBUTES ObjectAttributes -); - -NTSYSAPI -NTSTATUS -NTAPI -ZwOpenEvent ( - OUT PHANDLE EventHandle, - IN ACCESS_MASK DesiredAccess, - IN POBJECT_ATTRIBUTES ObjectAttributes -); - -NTSYSAPI -NTSTATUS -NTAPI -ZwOpenProcess ( - OUT PHANDLE ProcessHandle, - IN ACCESS_MASK DesiredAccess, - IN POBJECT_ATTRIBUTES ObjectAttributes, - IN PCLIENT_ID ClientId OPTIONAL -); - -NTSYSAPI -NTSTATUS -NTAPI -ZwOpenProcessToken ( - IN HANDLE ProcessHandle, - IN ACCESS_MASK DesiredAccess, - OUT PHANDLE TokenHandle -); - -#if (VER_PRODUCTBUILD >= 2600) - -NTSYSAPI -NTSTATUS -NTAPI -ZwOpenProcessTokenEx ( - IN HANDLE ProcessHandle, - IN ACCESS_MASK DesiredAccess, - IN ULONG HandleAttributes, - OUT PHANDLE TokenHandle -); - -#endif // (VER_PRODUCTBUILD >= 2600) - -NTSYSAPI -NTSTATUS -NTAPI -ZwOpenThread ( - OUT PHANDLE ThreadHandle, - IN ACCESS_MASK DesiredAccess, - IN POBJECT_ATTRIBUTES ObjectAttributes, - IN PCLIENT_ID ClientId -); - -NTSYSAPI -NTSTATUS -NTAPI -ZwOpenThreadToken ( - IN HANDLE ThreadHandle, - IN ACCESS_MASK DesiredAccess, - IN BOOLEAN OpenAsSelf, - OUT PHANDLE TokenHandle -); - -#if (VER_PRODUCTBUILD >= 2600) - -NTSYSAPI -NTSTATUS -NTAPI -ZwOpenThreadTokenEx ( - IN HANDLE ThreadHandle, - IN ACCESS_MASK DesiredAccess, - IN BOOLEAN OpenAsSelf, - IN ULONG HandleAttributes, - OUT PHANDLE TokenHandle -); - -#endif // (VER_PRODUCTBUILD >= 2600) - -#if (VER_PRODUCTBUILD >= 2195) - -NTSYSAPI -NTSTATUS -NTAPI -ZwPowerInformation ( - IN POWER_INFORMATION_LEVEL PowerInformationLevel, - IN PVOID InputBuffer OPTIONAL, - IN ULONG InputBufferLength, - OUT PVOID OutputBuffer OPTIONAL, - IN ULONG OutputBufferLength -); - -#endif // (VER_PRODUCTBUILD >= 2195) - -NTSYSAPI -NTSTATUS -NTAPI -ZwPulseEvent ( - IN HANDLE EventHandle, - OUT PULONG PreviousState OPTIONAL -); - -NTSYSAPI -NTSTATUS -NTAPI -ZwQueryDefaultLocale ( - IN BOOLEAN ThreadOrSystem, - OUT PLCID Locale -); - -#if (VER_PRODUCTBUILD >= 2195) - -NTSYSAPI -NTSTATUS -NTAPI -ZwQueryDefaultUILanguage ( - OUT LANGID *LanguageId -); - -#endif // (VER_PRODUCTBUILD >= 2195) - -NTSYSAPI -NTSTATUS -NTAPI -ZwQueryDirectoryFile ( - IN HANDLE FileHandle, - IN HANDLE Event OPTIONAL, - IN PIO_APC_ROUTINE ApcRoutine OPTIONAL, - IN PVOID ApcContext OPTIONAL, - OUT PIO_STATUS_BLOCK IoStatusBlock, - OUT PVOID FileInformation, - IN ULONG Length, - IN FILE_INFORMATION_CLASS FileInformationClass, - IN BOOLEAN ReturnSingleEntry, - IN PUNICODE_STRING FileName OPTIONAL, - IN BOOLEAN RestartScan -); - -#if (VER_PRODUCTBUILD >= 2195) - -NTSYSAPI -NTSTATUS -NTAPI -ZwQueryDirectoryObject ( - IN HANDLE DirectoryHandle, - OUT PVOID Buffer, - IN ULONG Length, - IN BOOLEAN ReturnSingleEntry, - IN BOOLEAN RestartScan, - IN OUT PULONG Context, - OUT PULONG ReturnLength OPTIONAL -); - -NTSYSAPI -NTSTATUS -NTAPI -ZwQueryEaFile ( - IN HANDLE FileHandle, - OUT PIO_STATUS_BLOCK IoStatusBlock, - OUT PVOID Buffer, - IN ULONG Length, - IN BOOLEAN ReturnSingleEntry, - IN PVOID EaList OPTIONAL, - IN ULONG EaListLength, - IN PULONG EaIndex OPTIONAL, - IN BOOLEAN RestartScan -); - -#endif // (VER_PRODUCTBUILD >= 2195) - -NTSYSAPI -NTSTATUS -NTAPI -ZwQueryInformationProcess ( - IN HANDLE ProcessHandle, - IN PROCESSINFOCLASS ProcessInformationClass, - OUT PVOID ProcessInformation, - IN ULONG ProcessInformationLength, - OUT PULONG ReturnLength OPTIONAL -); - -#if (VER_PRODUCTBUILD >= 2600) - -NTSYSAPI -NTSTATUS -NTAPI -ZwQueryInformationThread ( - IN HANDLE ThreadHandle, - IN THREADINFOCLASS ThreadInformationClass, - OUT PVOID ThreadInformation, - IN ULONG ThreadInformationLength, - OUT PULONG ReturnLength OPTIONAL -); - -#endif // (VER_PRODUCTBUILD >= 2600) - -NTSYSAPI -NTSTATUS -NTAPI -ZwQueryInformationToken ( - IN HANDLE TokenHandle, - IN TOKEN_INFORMATION_CLASS TokenInformationClass, - OUT PVOID TokenInformation, - IN ULONG TokenInformationLength, - OUT PULONG ReturnLength -); - -#if (VER_PRODUCTBUILD >= 2195) - -NTSYSAPI -NTSTATUS -NTAPI -ZwQueryInstallUILanguage ( - OUT LANGID *LanguageId -); - -#endif // (VER_PRODUCTBUILD >= 2195) - -NTSYSAPI -NTSTATUS -NTAPI -ZwQueryObject ( - IN HANDLE ObjectHandle, - IN OBJECT_INFO_CLASS ObjectInformationClass, - OUT PVOID ObjectInformation, - IN ULONG Length, - OUT PULONG ResultLength -); - -NTSYSAPI -NTSTATUS -NTAPI -ZwQuerySection ( - IN HANDLE SectionHandle, - IN SECTION_INFORMATION_CLASS SectionInformationClass, - OUT PVOID SectionInformation, - IN ULONG SectionInformationLength, - OUT PULONG ResultLength OPTIONAL -); - -NTSYSAPI -NTSTATUS -NTAPI -ZwQuerySecurityObject ( - IN HANDLE FileHandle, - IN SECURITY_INFORMATION SecurityInformation, - OUT PSECURITY_DESCRIPTOR SecurityDescriptor, - IN ULONG Length, - OUT PULONG ResultLength -); - -NTSYSAPI -NTSTATUS -NTAPI -ZwQuerySystemInformation ( - IN SYSTEM_INFORMATION_CLASS SystemInformationClass, - OUT PVOID SystemInformation, - IN ULONG Length, - OUT PULONG ReturnLength -); - -NTSYSAPI -NTSTATUS -NTAPI -ZwQueryVolumeInformationFile ( - IN HANDLE FileHandle, - OUT PIO_STATUS_BLOCK IoStatusBlock, - OUT PVOID FsInformation, - IN ULONG Length, - IN FS_INFORMATION_CLASS FsInformationClass -); - -NTSYSAPI -NTSTATUS -NTAPI -ZwReplaceKey ( - IN POBJECT_ATTRIBUTES NewFileObjectAttributes, - IN HANDLE KeyHandle, - IN POBJECT_ATTRIBUTES OldFileObjectAttributes -); - -NTSYSAPI -NTSTATUS -NTAPI -ZwRequestWaitReplyPort ( - IN HANDLE PortHandle, - IN PLPC_MESSAGE Request, - OUT PLPC_MESSAGE Reply -); - -NTSYSAPI -NTSTATUS -NTAPI -ZwResetEvent ( - IN HANDLE EventHandle, - OUT PULONG PreviousState OPTIONAL -); - -#if (VER_PRODUCTBUILD >= 2195) - -NTSYSAPI -NTSTATUS -NTAPI -ZwRestoreKey ( - IN HANDLE KeyHandle, - IN HANDLE FileHandle, - IN ULONG Flags -); - -#endif // (VER_PRODUCTBUILD >= 2195) - -NTSYSAPI -NTSTATUS -NTAPI -ZwSaveKey ( - IN HANDLE KeyHandle, - IN HANDLE FileHandle -); - -NTSYSAPI -NTSTATUS -NTAPI -ZwSetDefaultLocale ( - IN BOOLEAN ThreadOrSystem, - IN LCID Locale -); - -#if (VER_PRODUCTBUILD >= 2195) - -NTSYSAPI -NTSTATUS -NTAPI -ZwSetDefaultUILanguage ( - IN LANGID LanguageId -); - -NTSYSAPI -NTSTATUS -NTAPI -ZwSetEaFile ( - IN HANDLE FileHandle, - OUT PIO_STATUS_BLOCK IoStatusBlock, - OUT PVOID Buffer, - IN ULONG Length -); - -#endif // (VER_PRODUCTBUILD >= 2195) - -NTSYSAPI -NTSTATUS -NTAPI -ZwSetEvent ( - IN HANDLE EventHandle, - OUT PULONG PreviousState OPTIONAL -); - -NTSYSAPI -NTSTATUS -NTAPI -ZwSetInformationObject ( - IN HANDLE ObjectHandle, - IN OBJECT_INFO_CLASS ObjectInformationClass, - IN PVOID ObjectInformation, - IN ULONG ObjectInformationLength -); - -NTSYSAPI -NTSTATUS -NTAPI -ZwSetInformationProcess ( - IN HANDLE ProcessHandle, - IN PROCESSINFOCLASS ProcessInformationClass, - IN PVOID ProcessInformation, - IN ULONG ProcessInformationLength -); - -#if (VER_PRODUCTBUILD >= 2195) - -NTSYSAPI -NTSTATUS -NTAPI -ZwSetSecurityObject ( - IN HANDLE Handle, - IN SECURITY_INFORMATION SecurityInformation, - IN PSECURITY_DESCRIPTOR SecurityDescriptor -); - -#endif // (VER_PRODUCTBUILD >= 2195) - -NTSYSAPI -NTSTATUS -NTAPI -ZwSetSystemInformation ( - IN SYSTEM_INFORMATION_CLASS SystemInformationClass, - IN PVOID SystemInformation, - IN ULONG Length -); - -NTSYSAPI -NTSTATUS -NTAPI -ZwSetSystemTime ( - IN PLARGE_INTEGER NewTime, - OUT PLARGE_INTEGER OldTime OPTIONAL -); - -#if (VER_PRODUCTBUILD >= 2195) - -NTSYSAPI -NTSTATUS -NTAPI -ZwSetVolumeInformationFile ( - IN HANDLE FileHandle, - OUT PIO_STATUS_BLOCK IoStatusBlock, - IN PVOID FsInformation, - IN ULONG Length, - IN FS_INFORMATION_CLASS FsInformationClass -); - -#endif // (VER_PRODUCTBUILD >= 2195) - -NTSYSAPI -NTSTATUS -NTAPI -ZwTerminateProcess ( - IN HANDLE ProcessHandle OPTIONAL, - IN NTSTATUS ExitStatus -); - -NTSYSAPI -NTSTATUS -NTAPI -ZwUnloadDriver ( - // "\\Registry\\Machine\\System\\CurrentControlSet\\Services\\" - IN PUNICODE_STRING RegistryPath -); - -NTSYSAPI -NTSTATUS -NTAPI -ZwUnloadKey ( - IN POBJECT_ATTRIBUTES KeyObjectAttributes -); - -NTSYSAPI -NTSTATUS -NTAPI -ZwWaitForSingleObject ( - IN HANDLE Handle, - IN BOOLEAN Alertable, - IN PLARGE_INTEGER Timeout OPTIONAL -); - -NTSYSAPI -NTSTATUS -NTAPI -ZwWaitForMultipleObjects ( - IN ULONG HandleCount, - IN PHANDLE Handles, - IN WAIT_TYPE WaitType, - IN BOOLEAN Alertable, - IN PLARGE_INTEGER Timeout OPTIONAL -); - -NTSYSAPI -NTSTATUS -NTAPI -ZwYieldExecution ( - VOID -); - -// -// Below is stuff that is included in the Windows 2000 DDK but is missing in -// the Windows NT 4.0 DDK -// - -#if (VER_PRODUCTBUILD < 2195) - -NTSYSAPI -VOID -NTAPI -HalMakeBeep ( - IN ULONG Frequency -); - -#ifndef IoCopyCurrentIrpStackLocationToNext -#define IoCopyCurrentIrpStackLocationToNext( Irp ) { \ - PIO_STACK_LOCATION irpSp; \ - PIO_STACK_LOCATION nextIrpSp; \ - irpSp = IoGetCurrentIrpStackLocation( (Irp) ); \ - nextIrpSp = IoGetNextIrpStackLocation( (Irp) ); \ - RtlCopyMemory( \ - nextIrpSp, \ - irpSp, \ - FIELD_OFFSET(IO_STACK_LOCATION, CompletionRoutine) \ - ); \ - nextIrpSp->Control = 0; } -#endif - -NTKERNELAPI -NTSTATUS -IoCreateFile ( - OUT PHANDLE FileHandle, - IN ACCESS_MASK DesiredAccess, - IN POBJECT_ATTRIBUTES ObjectAttributes, - OUT PIO_STATUS_BLOCK IoStatusBlock, - IN PLARGE_INTEGER AllocationSize OPTIONAL, - IN ULONG FileAttributes, - IN ULONG ShareAccess, - IN ULONG CreateDisposition, - IN ULONG CreateOptions, - IN PVOID EaBuffer OPTIONAL, - IN ULONG EaLength, - IN CREATE_FILE_TYPE CreateFileType, - IN PVOID ExtraCreateParameters, - IN ULONG Options -); - -#ifndef IoSkipCurrentIrpStackLocation -#define IoSkipCurrentIrpStackLocation( Irp ) \ - (Irp)->CurrentLocation++; \ - (Irp)->Tail.Overlay.CurrentStackLocation++; -#endif - -NTSYSAPI -VOID -NTAPI -ProbeForWrite ( - IN PVOID Address, - IN ULONG Length, - IN ULONG Alignment -); - -NTSYSAPI -NTSTATUS -NTAPI -ZwOpenFile ( - OUT PHANDLE FileHandle, - IN ACCESS_MASK DesiredAccess, - IN POBJECT_ATTRIBUTES ObjectAttributes, - OUT PIO_STATUS_BLOCK IoStatusBlock, - IN ULONG ShareAccess, - IN ULONG OpenOptions -); - -NTSYSAPI -NTSTATUS -NTAPI -ZwOpenSymbolicLinkObject ( - OUT PHANDLE SymbolicLinkHandle, - IN ACCESS_MASK DesiredAccess, - IN POBJECT_ATTRIBUTES ObjectAttributes -); - -NTSYSAPI -NTSTATUS -NTAPI -ZwQuerySymbolicLinkObject ( - IN HANDLE LinkHandle, - IN OUT PUNICODE_STRING LinkTarget, - OUT PULONG ReturnedLength OPTIONAL -); - -#endif // (VER_PRODUCTBUILD < 2195) - -#ifdef __cplusplus -} -#endif - -#endif // _NTIFS_ -- 2.17.1