1/* 2 * ntifs.h 3 * 4 * Windows NT Filesystem Driver Developer Kit 5 * 6 * This file is part of the ReactOS DDK package. 7 * 8 * Contributors: 9 * Amine Khaldi 10 * Timo Kreuzer (timo.kreuzer@reactos.org) 11 * 12 * THIS SOFTWARE IS NOT COPYRIGHTED 13 * 14 * This source code is offered for use in the public domain. You may 15 * use, modify or distribute it freely. 16 * 17 * This code is distributed in the hope that it will be useful but 18 * WITHOUT ANY WARRANTY. ALL WARRANTIES, EXPRESS OR IMPLIED ARE HEREBY 19 * DISCLAIMED. This includes but is not limited to warranties of 20 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 21 * 22 */ 23 24#pragma once 25 26#define _NTIFS_INCLUDED_ 27#define _GNU_NTIFS_ 28 29#ifdef __cplusplus 30extern "C" { 31#endif 32 33/* Dependencies */ 34#include <ntddk.h> 35#include <excpt.h> 36#include <ntdef.h> 37#include <ntnls.h> 38#include <ntstatus.h> 39#include <bugcodes.h> 40#include <ntiologc.h> 41 42 43#ifndef FlagOn 44#define FlagOn(_F,_SF) ((_F) & (_SF)) 45#endif 46 47#ifndef BooleanFlagOn 48#define BooleanFlagOn(F,SF) ((BOOLEAN)(((F) & (SF)) != 0)) 49#endif 50 51#ifndef SetFlag 52#define SetFlag(_F,_SF) ((_F) |= (_SF)) 53#endif 54 55#ifndef ClearFlag 56#define ClearFlag(_F,_SF) ((_F) &= ~(_SF)) 57#endif 58 59typedef UNICODE_STRING LSA_UNICODE_STRING, *PLSA_UNICODE_STRING; 60typedef STRING LSA_STRING, *PLSA_STRING; 61typedef OBJECT_ATTRIBUTES LSA_OBJECT_ATTRIBUTES, *PLSA_OBJECT_ATTRIBUTES; 62 63/****************************************************************************** 64 * Security Manager Types * 65 ******************************************************************************/ 66#ifndef SID_IDENTIFIER_AUTHORITY_DEFINED 67#define SID_IDENTIFIER_AUTHORITY_DEFINED 68typedef struct _SID_IDENTIFIER_AUTHORITY { 69 UCHAR Value[6]; 70} SID_IDENTIFIER_AUTHORITY,*PSID_IDENTIFIER_AUTHORITY,*LPSID_IDENTIFIER_AUTHORITY; 71#endif 72 73#ifndef SID_DEFINED 74#define SID_DEFINED 75typedef struct _SID { 76 UCHAR Revision; 77 UCHAR SubAuthorityCount; 78 SID_IDENTIFIER_AUTHORITY IdentifierAuthority; 79 ULONG SubAuthority[ANYSIZE_ARRAY]; 80} SID, *PISID; 81#endif 82 83#define SID_REVISION 1 84#define SID_MAX_SUB_AUTHORITIES 15 85#define SID_RECOMMENDED_SUB_AUTHORITIES 1 86 87typedef enum _SID_NAME_USE { 88 SidTypeUser = 1, 89 SidTypeGroup, 90 SidTypeDomain, 91 SidTypeAlias, 92 SidTypeWellKnownGroup, 93 SidTypeDeletedAccount, 94 SidTypeInvalid, 95 SidTypeUnknown, 96 SidTypeComputer, 97 SidTypeLabel 98} SID_NAME_USE, *PSID_NAME_USE; 99 100typedef struct _SID_AND_ATTRIBUTES { 101 PSID Sid; 102 ULONG Attributes; 103} SID_AND_ATTRIBUTES, *PSID_AND_ATTRIBUTES; 104typedef SID_AND_ATTRIBUTES SID_AND_ATTRIBUTES_ARRAY[ANYSIZE_ARRAY]; 105typedef SID_AND_ATTRIBUTES_ARRAY *PSID_AND_ATTRIBUTES_ARRAY; 106 107#define SID_HASH_SIZE 32 108typedef ULONG_PTR SID_HASH_ENTRY, *PSID_HASH_ENTRY; 109 110typedef struct _SID_AND_ATTRIBUTES_HASH { 111 ULONG SidCount; 112 PSID_AND_ATTRIBUTES SidAttr; 113 SID_HASH_ENTRY Hash[SID_HASH_SIZE]; 114} SID_AND_ATTRIBUTES_HASH, *PSID_AND_ATTRIBUTES_HASH; 115 116/* Universal well-known SIDs */ 117 118#define SECURITY_NULL_SID_AUTHORITY {0,0,0,0,0,0} 119#define SECURITY_WORLD_SID_AUTHORITY {0,0,0,0,0,1} 120#define SECURITY_LOCAL_SID_AUTHORITY {0,0,0,0,0,2} 121#define SECURITY_CREATOR_SID_AUTHORITY {0,0,0,0,0,3} 122#define SECURITY_NON_UNIQUE_AUTHORITY {0,0,0,0,0,4} 123#define SECURITY_RESOURCE_MANAGER_AUTHORITY {0,0,0,0,0,9} 124 125#define SECURITY_NULL_RID (0x00000000L) 126#define SECURITY_WORLD_RID (0x00000000L) 127#define SECURITY_LOCAL_RID (0x00000000L) 128#define SECURITY_LOCAL_LOGON_RID (0x00000001L) 129 130#define SECURITY_CREATOR_OWNER_RID (0x00000000L) 131#define SECURITY_CREATOR_GROUP_RID (0x00000001L) 132#define SECURITY_CREATOR_OWNER_SERVER_RID (0x00000002L) 133#define SECURITY_CREATOR_GROUP_SERVER_RID (0x00000003L) 134#define SECURITY_CREATOR_OWNER_RIGHTS_RID (0x00000004L) 135 136/* NT well-known SIDs */ 137 138#define SECURITY_NT_AUTHORITY {0,0,0,0,0,5} 139 140#define SECURITY_DIALUP_RID (0x00000001L) 141#define SECURITY_NETWORK_RID (0x00000002L) 142#define SECURITY_BATCH_RID (0x00000003L) 143#define SECURITY_INTERACTIVE_RID (0x00000004L) 144#define SECURITY_LOGON_IDS_RID (0x00000005L) 145#define SECURITY_LOGON_IDS_RID_COUNT (3L) 146#define SECURITY_SERVICE_RID (0x00000006L) 147#define SECURITY_ANONYMOUS_LOGON_RID (0x00000007L) 148#define SECURITY_PROXY_RID (0x00000008L) 149#define SECURITY_ENTERPRISE_CONTROLLERS_RID (0x00000009L) 150#define SECURITY_SERVER_LOGON_RID SECURITY_ENTERPRISE_CONTROLLERS_RID 151#define SECURITY_PRINCIPAL_SELF_RID (0x0000000AL) 152#define SECURITY_AUTHENTICATED_USER_RID (0x0000000BL) 153#define SECURITY_RESTRICTED_CODE_RID (0x0000000CL) 154#define SECURITY_TERMINAL_SERVER_RID (0x0000000DL) 155#define SECURITY_REMOTE_LOGON_RID (0x0000000EL) 156#define SECURITY_THIS_ORGANIZATION_RID (0x0000000FL) 157#define SECURITY_IUSER_RID (0x00000011L) 158#define SECURITY_LOCAL_SYSTEM_RID (0x00000012L) 159#define SECURITY_LOCAL_SERVICE_RID (0x00000013L) 160#define SECURITY_NETWORK_SERVICE_RID (0x00000014L) 161#define SECURITY_NT_NON_UNIQUE (0x00000015L) 162#define SECURITY_NT_NON_UNIQUE_SUB_AUTH_COUNT (3L) 163#define SECURITY_ENTERPRISE_READONLY_CONTROLLERS_RID (0x00000016L) 164 165#define SECURITY_BUILTIN_DOMAIN_RID (0x00000020L) 166#define SECURITY_WRITE_RESTRICTED_CODE_RID (0x00000021L) 167 168 169#define SECURITY_PACKAGE_BASE_RID (0x00000040L) 170#define SECURITY_PACKAGE_RID_COUNT (2L) 171#define SECURITY_PACKAGE_NTLM_RID (0x0000000AL) 172#define SECURITY_PACKAGE_SCHANNEL_RID (0x0000000EL) 173#define SECURITY_PACKAGE_DIGEST_RID (0x00000015L) 174 175#define SECURITY_CRED_TYPE_BASE_RID (0x00000041L) 176#define SECURITY_CRED_TYPE_RID_COUNT (2L) 177#define SECURITY_CRED_TYPE_THIS_ORG_CERT_RID (0x00000001L) 178 179#define SECURITY_MIN_BASE_RID (0x00000050L) 180#define SECURITY_SERVICE_ID_BASE_RID (0x00000050L) 181#define SECURITY_SERVICE_ID_RID_COUNT (6L) 182#define SECURITY_RESERVED_ID_BASE_RID (0x00000051L) 183#define SECURITY_APPPOOL_ID_BASE_RID (0x00000052L) 184#define SECURITY_APPPOOL_ID_RID_COUNT (6L) 185#define SECURITY_VIRTUALSERVER_ID_BASE_RID (0x00000053L) 186#define SECURITY_VIRTUALSERVER_ID_RID_COUNT (6L) 187#define SECURITY_USERMODEDRIVERHOST_ID_BASE_RID (0x00000054L) 188#define SECURITY_USERMODEDRIVERHOST_ID_RID_COUNT (6L) 189#define SECURITY_CLOUD_INFRASTRUCTURE_SERVICES_ID_BASE_RID (0x00000055L) 190#define SECURITY_CLOUD_INFRASTRUCTURE_SERVICES_ID_RID_COUNT (6L) 191#define SECURITY_WMIHOST_ID_BASE_RID (0x00000056L) 192#define SECURITY_WMIHOST_ID_RID_COUNT (6L) 193#define SECURITY_TASK_ID_BASE_RID (0x00000057L) 194#define SECURITY_NFS_ID_BASE_RID (0x00000058L) 195#define SECURITY_COM_ID_BASE_RID (0x00000059L) 196#define SECURITY_VIRTUALACCOUNT_ID_RID_COUNT (6L) 197 198#define SECURITY_MAX_BASE_RID (0x0000006FL) 199 200#define SECURITY_MAX_ALWAYS_FILTERED (0x000003E7L) 201#define SECURITY_MIN_NEVER_FILTERED (0x000003E8L) 202 203#define SECURITY_OTHER_ORGANIZATION_RID (0x000003E8L) 204 205#define SECURITY_WINDOWSMOBILE_ID_BASE_RID (0x00000070L) 206 207/* Well-known domain relative sub-authority values (RIDs) */ 208 209#define DOMAIN_GROUP_RID_ENTERPRISE_READONLY_DOMAIN_CONTROLLERS (0x000001F2L) 210 211#define FOREST_USER_RID_MAX (0x000001F3L) 212 213/* Well-known users */ 214 215#define DOMAIN_USER_RID_ADMIN (0x000001F4L) 216#define DOMAIN_USER_RID_GUEST (0x000001F5L) 217#define DOMAIN_USER_RID_KRBTGT (0x000001F6L) 218 219#define DOMAIN_USER_RID_MAX (0x000003E7L) 220 221/* Well-known groups */ 222 223#define DOMAIN_GROUP_RID_ADMINS (0x00000200L) 224#define DOMAIN_GROUP_RID_USERS (0x00000201L) 225#define DOMAIN_GROUP_RID_GUESTS (0x00000202L) 226#define DOMAIN_GROUP_RID_COMPUTERS (0x00000203L) 227#define DOMAIN_GROUP_RID_CONTROLLERS (0x00000204L) 228#define DOMAIN_GROUP_RID_CERT_ADMINS (0x00000205L) 229#define DOMAIN_GROUP_RID_SCHEMA_ADMINS (0x00000206L) 230#define DOMAIN_GROUP_RID_ENTERPRISE_ADMINS (0x00000207L) 231#define DOMAIN_GROUP_RID_POLICY_ADMINS (0x00000208L) 232#define DOMAIN_GROUP_RID_READONLY_CONTROLLERS (0x00000209L) 233 234/* Well-known aliases */ 235 236#define DOMAIN_ALIAS_RID_ADMINS (0x00000220L) 237#define DOMAIN_ALIAS_RID_USERS (0x00000221L) 238#define DOMAIN_ALIAS_RID_GUESTS (0x00000222L) 239#define DOMAIN_ALIAS_RID_POWER_USERS (0x00000223L) 240 241#define DOMAIN_ALIAS_RID_ACCOUNT_OPS (0x00000224L) 242#define DOMAIN_ALIAS_RID_SYSTEM_OPS (0x00000225L) 243#define DOMAIN_ALIAS_RID_PRINT_OPS (0x00000226L) 244#define DOMAIN_ALIAS_RID_BACKUP_OPS (0x00000227L) 245 246#define DOMAIN_ALIAS_RID_REPLICATOR (0x00000228L) 247#define DOMAIN_ALIAS_RID_RAS_SERVERS (0x00000229L) 248#define DOMAIN_ALIAS_RID_PREW2KCOMPACCESS (0x0000022AL) 249#define DOMAIN_ALIAS_RID_REMOTE_DESKTOP_USERS (0x0000022BL) 250#define DOMAIN_ALIAS_RID_NETWORK_CONFIGURATION_OPS (0x0000022CL) 251#define DOMAIN_ALIAS_RID_INCOMING_FOREST_TRUST_BUILDERS (0x0000022DL) 252 253#define DOMAIN_ALIAS_RID_MONITORING_USERS (0x0000022EL) 254#define DOMAIN_ALIAS_RID_LOGGING_USERS (0x0000022FL) 255#define DOMAIN_ALIAS_RID_AUTHORIZATIONACCESS (0x00000230L) 256#define DOMAIN_ALIAS_RID_TS_LICENSE_SERVERS (0x00000231L) 257#define DOMAIN_ALIAS_RID_DCOM_USERS (0x00000232L) 258#define DOMAIN_ALIAS_RID_IUSERS (0x00000238L) 259#define DOMAIN_ALIAS_RID_CRYPTO_OPERATORS (0x00000239L) 260#define DOMAIN_ALIAS_RID_CACHEABLE_PRINCIPALS_GROUP (0x0000023BL) 261#define DOMAIN_ALIAS_RID_NON_CACHEABLE_PRINCIPALS_GROUP (0x0000023CL) 262#define DOMAIN_ALIAS_RID_EVENT_LOG_READERS_GROUP (0x0000023DL) 263#define DOMAIN_ALIAS_RID_CERTSVC_DCOM_ACCESS_GROUP (0x0000023EL) 264 265#define SECURITY_MANDATORY_LABEL_AUTHORITY {0,0,0,0,0,16} 266#define SECURITY_MANDATORY_UNTRUSTED_RID (0x00000000L) 267#define SECURITY_MANDATORY_LOW_RID (0x00001000L) 268#define SECURITY_MANDATORY_MEDIUM_RID (0x00002000L) 269#define SECURITY_MANDATORY_HIGH_RID (0x00003000L) 270#define SECURITY_MANDATORY_SYSTEM_RID (0x00004000L) 271#define SECURITY_MANDATORY_PROTECTED_PROCESS_RID (0x00005000L) 272 273/* SECURITY_MANDATORY_MAXIMUM_USER_RID is the highest RID that 274 can be set by a usermode caller.*/ 275 276#define SECURITY_MANDATORY_MAXIMUM_USER_RID SECURITY_MANDATORY_SYSTEM_RID 277 278#define MANDATORY_LEVEL_TO_MANDATORY_RID(IL) (IL * 0x1000) 279 280/* Allocate the System Luid. The first 1000 LUIDs are reserved. 281 Use #999 here (0x3e7 = 999) */ 282 283#define SYSTEM_LUID {0x3e7, 0x0} 284#define ANONYMOUS_LOGON_LUID {0x3e6, 0x0} 285#define LOCALSERVICE_LUID {0x3e5, 0x0} 286#define NETWORKSERVICE_LUID {0x3e4, 0x0} 287#define IUSER_LUID {0x3e3, 0x0} 288 289typedef struct _ACE_HEADER { 290 UCHAR AceType; 291 UCHAR AceFlags; 292 USHORT AceSize; 293} ACE_HEADER, *PACE_HEADER; 294 295/* also in winnt.h */ 296#define ACCESS_MIN_MS_ACE_TYPE (0x0) 297#define ACCESS_ALLOWED_ACE_TYPE (0x0) 298#define ACCESS_DENIED_ACE_TYPE (0x1) 299#define SYSTEM_AUDIT_ACE_TYPE (0x2) 300#define SYSTEM_ALARM_ACE_TYPE (0x3) 301#define ACCESS_MAX_MS_V2_ACE_TYPE (0x3) 302#define ACCESS_ALLOWED_COMPOUND_ACE_TYPE (0x4) 303#define ACCESS_MAX_MS_V3_ACE_TYPE (0x4) 304#define ACCESS_MIN_MS_OBJECT_ACE_TYPE (0x5) 305#define ACCESS_ALLOWED_OBJECT_ACE_TYPE (0x5) 306#define ACCESS_DENIED_OBJECT_ACE_TYPE (0x6) 307#define SYSTEM_AUDIT_OBJECT_ACE_TYPE (0x7) 308#define SYSTEM_ALARM_OBJECT_ACE_TYPE (0x8) 309#define ACCESS_MAX_MS_OBJECT_ACE_TYPE (0x8) 310#define ACCESS_MAX_MS_V4_ACE_TYPE (0x8) 311#define ACCESS_MAX_MS_ACE_TYPE (0x8) 312#define ACCESS_ALLOWED_CALLBACK_ACE_TYPE (0x9) 313#define ACCESS_DENIED_CALLBACK_ACE_TYPE (0xA) 314#define ACCESS_ALLOWED_CALLBACK_OBJECT_ACE_TYPE (0xB) 315#define ACCESS_DENIED_CALLBACK_OBJECT_ACE_TYPE (0xC) 316#define SYSTEM_AUDIT_CALLBACK_ACE_TYPE (0xD) 317#define SYSTEM_ALARM_CALLBACK_ACE_TYPE (0xE) 318#define SYSTEM_AUDIT_CALLBACK_OBJECT_ACE_TYPE (0xF) 319#define SYSTEM_ALARM_CALLBACK_OBJECT_ACE_TYPE (0x10) 320#define ACCESS_MAX_MS_V5_ACE_TYPE (0x11) 321#define SYSTEM_MANDATORY_LABEL_ACE_TYPE (0x11) 322 323/* The following are the inherit flags that go into the AceFlags field 324 of an Ace header. */ 325 326#define OBJECT_INHERIT_ACE (0x1) 327#define CONTAINER_INHERIT_ACE (0x2) 328#define NO_PROPAGATE_INHERIT_ACE (0x4) 329#define INHERIT_ONLY_ACE (0x8) 330#define INHERITED_ACE (0x10) 331#define VALID_INHERIT_FLAGS (0x1F) 332 333#define SUCCESSFUL_ACCESS_ACE_FLAG (0x40) 334#define FAILED_ACCESS_ACE_FLAG (0x80) 335 336typedef struct _ACCESS_ALLOWED_ACE { 337 ACE_HEADER Header; 338 ACCESS_MASK Mask; 339 ULONG SidStart; 340} ACCESS_ALLOWED_ACE, *PACCESS_ALLOWED_ACE; 341 342typedef struct _ACCESS_DENIED_ACE { 343 ACE_HEADER Header; 344 ACCESS_MASK Mask; 345 ULONG SidStart; 346} ACCESS_DENIED_ACE, *PACCESS_DENIED_ACE; 347 348typedef struct _SYSTEM_AUDIT_ACE { 349 ACE_HEADER Header; 350 ACCESS_MASK Mask; 351 ULONG SidStart; 352} SYSTEM_AUDIT_ACE, *PSYSTEM_AUDIT_ACE; 353 354typedef struct _SYSTEM_ALARM_ACE { 355 ACE_HEADER Header; 356 ACCESS_MASK Mask; 357 ULONG SidStart; 358} SYSTEM_ALARM_ACE, *PSYSTEM_ALARM_ACE; 359 360typedef struct _SYSTEM_MANDATORY_LABEL_ACE { 361 ACE_HEADER Header; 362 ACCESS_MASK Mask; 363 ULONG SidStart; 364} SYSTEM_MANDATORY_LABEL_ACE, *PSYSTEM_MANDATORY_LABEL_ACE; 365 366#define SYSTEM_MANDATORY_LABEL_NO_WRITE_UP 0x1 367#define SYSTEM_MANDATORY_LABEL_NO_READ_UP 0x2 368#define SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP 0x4 369#define SYSTEM_MANDATORY_LABEL_VALID_MASK (SYSTEM_MANDATORY_LABEL_NO_WRITE_UP | \ 370 SYSTEM_MANDATORY_LABEL_NO_READ_UP | \ 371 SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP) 372 373#define SECURITY_DESCRIPTOR_MIN_LENGTH (sizeof(SECURITY_DESCRIPTOR)) 374 375typedef USHORT SECURITY_DESCRIPTOR_CONTROL,*PSECURITY_DESCRIPTOR_CONTROL; 376 377#define SE_OWNER_DEFAULTED 0x0001 378#define SE_GROUP_DEFAULTED 0x0002 379#define SE_DACL_PRESENT 0x0004 380#define SE_DACL_DEFAULTED 0x0008 381#define SE_SACL_PRESENT 0x0010 382#define SE_SACL_DEFAULTED 0x0020 383#define SE_DACL_UNTRUSTED 0x0040 384#define SE_SERVER_SECURITY 0x0080 385#define SE_DACL_AUTO_INHERIT_REQ 0x0100 386#define SE_SACL_AUTO_INHERIT_REQ 0x0200 387#define SE_DACL_AUTO_INHERITED 0x0400 388#define SE_SACL_AUTO_INHERITED 0x0800 389#define SE_DACL_PROTECTED 0x1000 390#define SE_SACL_PROTECTED 0x2000 391#define SE_RM_CONTROL_VALID 0x4000 392#define SE_SELF_RELATIVE 0x8000 393 394typedef struct _SECURITY_DESCRIPTOR_RELATIVE { 395 UCHAR Revision; 396 UCHAR Sbz1; 397 SECURITY_DESCRIPTOR_CONTROL Control; 398 ULONG Owner; 399 ULONG Group; 400 ULONG Sacl; 401 ULONG Dacl; 402} SECURITY_DESCRIPTOR_RELATIVE, *PISECURITY_DESCRIPTOR_RELATIVE; 403 404typedef struct _SECURITY_DESCRIPTOR { 405 UCHAR Revision; 406 UCHAR Sbz1; 407 SECURITY_DESCRIPTOR_CONTROL Control; 408 PSID Owner; 409 PSID Group; 410 PACL Sacl; 411 PACL Dacl; 412} SECURITY_DESCRIPTOR, *PISECURITY_DESCRIPTOR; 413 414typedef struct _OBJECT_TYPE_LIST { 415 USHORT Level; 416 USHORT Sbz; 417 GUID *ObjectType; 418} OBJECT_TYPE_LIST, *POBJECT_TYPE_LIST; 419 420#define ACCESS_OBJECT_GUID 0 421#define ACCESS_PROPERTY_SET_GUID 1 422#define ACCESS_PROPERTY_GUID 2 423#define ACCESS_MAX_LEVEL 4 424 425typedef enum _AUDIT_EVENT_TYPE { 426 AuditEventObjectAccess, 427 AuditEventDirectoryServiceAccess 428} AUDIT_EVENT_TYPE, *PAUDIT_EVENT_TYPE; 429 430#define AUDIT_ALLOW_NO_PRIVILEGE 0x1 431 432#define ACCESS_DS_SOURCE_A "DS" 433#define ACCESS_DS_SOURCE_W L"DS" 434#define ACCESS_DS_OBJECT_TYPE_NAME_A "Directory Service Object" 435#define ACCESS_DS_OBJECT_TYPE_NAME_W L"Directory Service Object" 436 437#define ACCESS_REASON_TYPE_MASK 0xffff0000 438#define ACCESS_REASON_DATA_MASK 0x0000ffff 439 440typedef enum _ACCESS_REASON_TYPE { 441 AccessReasonNone = 0x00000000, 442 AccessReasonAllowedAce = 0x00010000, 443 AccessReasonDeniedAce = 0x00020000, 444 AccessReasonAllowedParentAce = 0x00030000, 445 AccessReasonDeniedParentAce = 0x00040000, 446 AccessReasonMissingPrivilege = 0x00100000, 447 AccessReasonFromPrivilege = 0x00200000, 448 AccessReasonIntegrityLevel = 0x00300000, 449 AccessReasonOwnership = 0x00400000, 450 AccessReasonNullDacl = 0x00500000, 451 AccessReasonEmptyDacl = 0x00600000, 452 AccessReasonNoSD = 0x00700000, 453 AccessReasonNoGrant = 0x00800000 454} ACCESS_REASON_TYPE; 455 456typedef ULONG ACCESS_REASON; 457 458typedef struct _ACCESS_REASONS { 459 ACCESS_REASON Data[32]; 460} ACCESS_REASONS, *PACCESS_REASONS; 461 462#define SE_SECURITY_DESCRIPTOR_FLAG_NO_OWNER_ACE 0x00000001 463#define SE_SECURITY_DESCRIPTOR_FLAG_NO_LABEL_ACE 0x00000002 464#define SE_SECURITY_DESCRIPTOR_VALID_FLAGS 0x00000003 465 466typedef struct _SE_SECURITY_DESCRIPTOR { 467 ULONG Size; 468 ULONG Flags; 469 PSECURITY_DESCRIPTOR SecurityDescriptor; 470} SE_SECURITY_DESCRIPTOR, *PSE_SECURITY_DESCRIPTOR; 471 472typedef struct _SE_ACCESS_REQUEST { 473 ULONG Size; 474 PSE_SECURITY_DESCRIPTOR SeSecurityDescriptor; 475 ACCESS_MASK DesiredAccess; 476 ACCESS_MASK PreviouslyGrantedAccess; 477 PSID PrincipalSelfSid; 478 PGENERIC_MAPPING GenericMapping; 479 ULONG ObjectTypeListCount; 480 POBJECT_TYPE_LIST ObjectTypeList; 481} SE_ACCESS_REQUEST, *PSE_ACCESS_REQUEST; 482 483typedef struct _SE_ACCESS_REPLY { 484 ULONG Size; 485 ULONG ResultListCount; 486 PACCESS_MASK GrantedAccess; 487 PNTSTATUS AccessStatus; 488 PACCESS_REASONS AccessReason; 489 PPRIVILEGE_SET* Privileges; 490} SE_ACCESS_REPLY, *PSE_ACCESS_REPLY; 491 492typedef enum _SE_AUDIT_OPERATION { 493 AuditPrivilegeObject, 494 AuditPrivilegeService, 495 AuditAccessCheck, 496 AuditOpenObject, 497 AuditOpenObjectWithTransaction, 498 AuditCloseObject, 499 AuditDeleteObject, 500 AuditOpenObjectForDelete, 501 AuditOpenObjectForDeleteWithTransaction, 502 AuditCloseNonObject, 503 AuditOpenNonObject, 504 AuditObjectReference, 505 AuditHandleCreation, 506} SE_AUDIT_OPERATION, *PSE_AUDIT_OPERATION; 507 508typedef struct _SE_AUDIT_INFO { 509 ULONG Size; 510 AUDIT_EVENT_TYPE AuditType; 511 SE_AUDIT_OPERATION AuditOperation; 512 ULONG AuditFlags; 513 UNICODE_STRING SubsystemName; 514 UNICODE_STRING ObjectTypeName; 515 UNICODE_STRING ObjectName; 516 PVOID HandleId; 517 GUID* TransactionId; 518 LUID* OperationId; 519 BOOLEAN ObjectCreation; 520 BOOLEAN GenerateOnClose; 521} SE_AUDIT_INFO, *PSE_AUDIT_INFO; 522 523#define TOKEN_ASSIGN_PRIMARY (0x0001) 524#define TOKEN_DUPLICATE (0x0002) 525#define TOKEN_IMPERSONATE (0x0004) 526#define TOKEN_QUERY (0x0008) 527#define TOKEN_QUERY_SOURCE (0x0010) 528#define TOKEN_ADJUST_PRIVILEGES (0x0020) 529#define TOKEN_ADJUST_GROUPS (0x0040) 530#define TOKEN_ADJUST_DEFAULT (0x0080) 531#define TOKEN_ADJUST_SESSIONID (0x0100) 532 533#define TOKEN_ALL_ACCESS_P (STANDARD_RIGHTS_REQUIRED |\ 534 TOKEN_ASSIGN_PRIMARY |\ 535 TOKEN_DUPLICATE |\ 536 TOKEN_IMPERSONATE |\ 537 TOKEN_QUERY |\ 538 TOKEN_QUERY_SOURCE |\ 539 TOKEN_ADJUST_PRIVILEGES |\ 540 TOKEN_ADJUST_GROUPS |\ 541 TOKEN_ADJUST_DEFAULT ) 542 543#if ((defined(_WIN32_WINNT) && (_WIN32_WINNT > 0x0400)) || (!defined(_WIN32_WINNT))) 544#define TOKEN_ALL_ACCESS (TOKEN_ALL_ACCESS_P |\ 545 TOKEN_ADJUST_SESSIONID ) 546#else 547#define TOKEN_ALL_ACCESS (TOKEN_ALL_ACCESS_P) 548#endif 549 550#define TOKEN_READ (STANDARD_RIGHTS_READ |\ 551 TOKEN_QUERY) 552 553#define TOKEN_WRITE (STANDARD_RIGHTS_WRITE |\ 554 TOKEN_ADJUST_PRIVILEGES |\ 555 TOKEN_ADJUST_GROUPS |\ 556 TOKEN_ADJUST_DEFAULT) 557 558#define TOKEN_EXECUTE (STANDARD_RIGHTS_EXECUTE) 559 560typedef enum _TOKEN_TYPE { 561 TokenPrimary = 1, 562 TokenImpersonation 563} TOKEN_TYPE,*PTOKEN_TYPE; 564 565typedef enum _TOKEN_INFORMATION_CLASS { 566 TokenUser = 1, 567 TokenGroups, 568 TokenPrivileges, 569 TokenOwner, 570 TokenPrimaryGroup, 571 TokenDefaultDacl, 572 TokenSource, 573 TokenType, 574 TokenImpersonationLevel, 575 TokenStatistics, 576 TokenRestrictedSids, 577 TokenSessionId, 578 TokenGroupsAndPrivileges, 579 TokenSessionReference, 580 TokenSandBoxInert, 581 TokenAuditPolicy, 582 TokenOrigin, 583 TokenElevationType, 584 TokenLinkedToken, 585 TokenElevation, 586 TokenHasRestrictions, 587 TokenAccessInformation, 588 TokenVirtualizationAllowed, 589 TokenVirtualizationEnabled, 590 TokenIntegrityLevel, 591 TokenUIAccess, 592 TokenMandatoryPolicy, 593 TokenLogonSid, 594 MaxTokenInfoClass 595} TOKEN_INFORMATION_CLASS, *PTOKEN_INFORMATION_CLASS; 596 597typedef struct _TOKEN_USER { 598 SID_AND_ATTRIBUTES User; 599} TOKEN_USER, *PTOKEN_USER; 600 601typedef struct _TOKEN_GROUPS { 602 ULONG GroupCount; 603 SID_AND_ATTRIBUTES Groups[ANYSIZE_ARRAY]; 604} TOKEN_GROUPS,*PTOKEN_GROUPS,*LPTOKEN_GROUPS; 605 606typedef struct _TOKEN_PRIVILEGES { 607 ULONG PrivilegeCount; 608 LUID_AND_ATTRIBUTES Privileges[ANYSIZE_ARRAY]; 609} TOKEN_PRIVILEGES,*PTOKEN_PRIVILEGES,*LPTOKEN_PRIVILEGES; 610 611typedef struct _TOKEN_OWNER { 612 PSID Owner; 613} TOKEN_OWNER,*PTOKEN_OWNER; 614 615typedef struct _TOKEN_PRIMARY_GROUP { 616 PSID PrimaryGroup; 617} TOKEN_PRIMARY_GROUP,*PTOKEN_PRIMARY_GROUP; 618 619typedef struct _TOKEN_DEFAULT_DACL { 620 PACL DefaultDacl; 621} TOKEN_DEFAULT_DACL,*PTOKEN_DEFAULT_DACL; 622 623typedef struct _TOKEN_GROUPS_AND_PRIVILEGES { 624 ULONG SidCount; 625 ULONG SidLength; 626 PSID_AND_ATTRIBUTES Sids; 627 ULONG RestrictedSidCount; 628 ULONG RestrictedSidLength; 629 PSID_AND_ATTRIBUTES RestrictedSids; 630 ULONG PrivilegeCount; 631 ULONG PrivilegeLength; 632 PLUID_AND_ATTRIBUTES Privileges; 633 LUID AuthenticationId; 634} TOKEN_GROUPS_AND_PRIVILEGES, *PTOKEN_GROUPS_AND_PRIVILEGES; 635 636typedef struct _TOKEN_LINKED_TOKEN { 637 HANDLE LinkedToken; 638} TOKEN_LINKED_TOKEN, *PTOKEN_LINKED_TOKEN; 639 640typedef struct _TOKEN_ELEVATION { 641 ULONG TokenIsElevated; 642} TOKEN_ELEVATION, *PTOKEN_ELEVATION; 643 644typedef struct _TOKEN_MANDATORY_LABEL { 645 SID_AND_ATTRIBUTES Label; 646} TOKEN_MANDATORY_LABEL, *PTOKEN_MANDATORY_LABEL; 647 648#define TOKEN_MANDATORY_POLICY_OFF 0x0 649#define TOKEN_MANDATORY_POLICY_NO_WRITE_UP 0x1 650#define TOKEN_MANDATORY_POLICY_NEW_PROCESS_MIN 0x2 651 652#define TOKEN_MANDATORY_POLICY_VALID_MASK (TOKEN_MANDATORY_POLICY_NO_WRITE_UP | \ 653 TOKEN_MANDATORY_POLICY_NEW_PROCESS_MIN) 654 655typedef struct _TOKEN_MANDATORY_POLICY { 656 ULONG Policy; 657} TOKEN_MANDATORY_POLICY, *PTOKEN_MANDATORY_POLICY; 658 659typedef struct _TOKEN_ACCESS_INFORMATION { 660 PSID_AND_ATTRIBUTES_HASH SidHash; 661 PSID_AND_ATTRIBUTES_HASH RestrictedSidHash; 662 PTOKEN_PRIVILEGES Privileges; 663 LUID AuthenticationId; 664 TOKEN_TYPE TokenType; 665 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel; 666 TOKEN_MANDATORY_POLICY MandatoryPolicy; 667 ULONG Flags; 668} TOKEN_ACCESS_INFORMATION, *PTOKEN_ACCESS_INFORMATION; 669 670#define POLICY_AUDIT_SUBCATEGORY_COUNT (53) 671 672typedef struct _TOKEN_AUDIT_POLICY { 673 UCHAR PerUserPolicy[((POLICY_AUDIT_SUBCATEGORY_COUNT) >> 1) + 1]; 674} TOKEN_AUDIT_POLICY, *PTOKEN_AUDIT_POLICY; 675 676#define TOKEN_SOURCE_LENGTH 8 677 678typedef struct _TOKEN_SOURCE { 679 CHAR SourceName[TOKEN_SOURCE_LENGTH]; 680 LUID SourceIdentifier; 681} TOKEN_SOURCE,*PTOKEN_SOURCE; 682 683typedef struct _TOKEN_STATISTICS { 684 LUID TokenId; 685 LUID AuthenticationId; 686 LARGE_INTEGER ExpirationTime; 687 TOKEN_TYPE TokenType; 688 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel; 689 ULONG DynamicCharged; 690 ULONG DynamicAvailable; 691 ULONG GroupCount; 692 ULONG PrivilegeCount; 693 LUID ModifiedId; 694} TOKEN_STATISTICS, *PTOKEN_STATISTICS; 695 696typedef struct _TOKEN_CONTROL { 697 LUID TokenId; 698 LUID AuthenticationId; 699 LUID ModifiedId; 700 TOKEN_SOURCE TokenSource; 701} TOKEN_CONTROL,*PTOKEN_CONTROL; 702 703typedef struct _TOKEN_ORIGIN { 704 LUID OriginatingLogonSession; 705} TOKEN_ORIGIN, *PTOKEN_ORIGIN; 706 707typedef enum _MANDATORY_LEVEL { 708 MandatoryLevelUntrusted = 0, 709 MandatoryLevelLow, 710 MandatoryLevelMedium, 711 MandatoryLevelHigh, 712 MandatoryLevelSystem, 713 MandatoryLevelSecureProcess, 714 MandatoryLevelCount 715} MANDATORY_LEVEL, *PMANDATORY_LEVEL; 716 717#define TOKEN_HAS_TRAVERSE_PRIVILEGE 0x0001 718#define TOKEN_HAS_BACKUP_PRIVILEGE 0x0002 719#define TOKEN_HAS_RESTORE_PRIVILEGE 0x0004 720#define TOKEN_WRITE_RESTRICTED 0x0008 721#define TOKEN_IS_RESTRICTED 0x0010 722#define TOKEN_SESSION_NOT_REFERENCED 0x0020 723#define TOKEN_SANDBOX_INERT 0x0040 724#define TOKEN_HAS_IMPERSONATE_PRIVILEGE 0x0080 725#define SE_BACKUP_PRIVILEGES_CHECKED 0x0100 726#define TOKEN_VIRTUALIZE_ALLOWED 0x0200 727#define TOKEN_VIRTUALIZE_ENABLED 0x0400 728#define TOKEN_IS_FILTERED 0x0800 729#define TOKEN_UIACCESS 0x1000 730#define TOKEN_NOT_LOW 0x2000 731 732typedef struct _SE_EXPORTS { 733 LUID SeCreateTokenPrivilege; 734 LUID SeAssignPrimaryTokenPrivilege; 735 LUID SeLockMemoryPrivilege; 736 LUID SeIncreaseQuotaPrivilege; 737 LUID SeUnsolicitedInputPrivilege; 738 LUID SeTcbPrivilege; 739 LUID SeSecurityPrivilege; 740 LUID SeTakeOwnershipPrivilege; 741 LUID SeLoadDriverPrivilege; 742 LUID SeCreatePagefilePrivilege; 743 LUID SeIncreaseBasePriorityPrivilege; 744 LUID SeSystemProfilePrivilege; 745 LUID SeSystemtimePrivilege; 746 LUID SeProfileSingleProcessPrivilege; 747 LUID SeCreatePermanentPrivilege; 748 LUID SeBackupPrivilege; 749 LUID SeRestorePrivilege; 750 LUID SeShutdownPrivilege; 751 LUID SeDebugPrivilege; 752 LUID SeAuditPrivilege; 753 LUID SeSystemEnvironmentPrivilege; 754 LUID SeChangeNotifyPrivilege; 755 LUID SeRemoteShutdownPrivilege; 756 PSID SeNullSid; 757 PSID SeWorldSid; 758 PSID SeLocalSid; 759 PSID SeCreatorOwnerSid; 760 PSID SeCreatorGroupSid; 761 PSID SeNtAuthoritySid; 762 PSID SeDialupSid; 763 PSID SeNetworkSid; 764 PSID SeBatchSid; 765 PSID SeInteractiveSid; 766 PSID SeLocalSystemSid; 767 PSID SeAliasAdminsSid; 768 PSID SeAliasUsersSid; 769 PSID SeAliasGuestsSid; 770 PSID SeAliasPowerUsersSid; 771 PSID SeAliasAccountOpsSid; 772 PSID SeAliasSystemOpsSid; 773 PSID SeAliasPrintOpsSid; 774 PSID SeAliasBackupOpsSid; 775 PSID SeAuthenticatedUsersSid; 776 PSID SeRestrictedSid; 777 PSID SeAnonymousLogonSid; 778 LUID SeUndockPrivilege; 779 LUID SeSyncAgentPrivilege; 780 LUID SeEnableDelegationPrivilege; 781 PSID SeLocalServiceSid; 782 PSID SeNetworkServiceSid; 783 LUID SeManageVolumePrivilege; 784 LUID SeImpersonatePrivilege; 785 LUID SeCreateGlobalPrivilege; 786 LUID SeTrustedCredManAccessPrivilege; 787 LUID SeRelabelPrivilege; 788 LUID SeIncreaseWorkingSetPrivilege; 789 LUID SeTimeZonePrivilege; 790 LUID SeCreateSymbolicLinkPrivilege; 791 PSID SeIUserSid; 792 PSID SeUntrustedMandatorySid; 793 PSID SeLowMandatorySid; 794 PSID SeMediumMandatorySid; 795 PSID SeHighMandatorySid; 796 PSID SeSystemMandatorySid; 797 PSID SeOwnerRightsSid; 798} SE_EXPORTS, *PSE_EXPORTS; 799 800typedef NTSTATUS 801(NTAPI *PSE_LOGON_SESSION_TERMINATED_ROUTINE)( 802 IN PLUID LogonId); 803/****************************************************************************** 804 * Runtime Library Types * 805 ******************************************************************************/ 806 807 808#define RTL_SYSTEM_VOLUME_INFORMATION_FOLDER L"System Volume Information" 809 810typedef PVOID 811(NTAPI *PRTL_ALLOCATE_STRING_ROUTINE)( 812 IN SIZE_T NumberOfBytes); 813 814#if _WIN32_WINNT >= 0x0600 815typedef PVOID 816(NTAPI *PRTL_REALLOCATE_STRING_ROUTINE)( 817 IN SIZE_T NumberOfBytes, 818 IN PVOID Buffer); 819#endif 820 821typedef VOID 822(NTAPI *PRTL_FREE_STRING_ROUTINE)( 823 IN PVOID Buffer); 824 825extern const PRTL_ALLOCATE_STRING_ROUTINE RtlAllocateStringRoutine; 826extern const PRTL_FREE_STRING_ROUTINE RtlFreeStringRoutine; 827 828#if _WIN32_WINNT >= 0x0600 829extern const PRTL_REALLOCATE_STRING_ROUTINE RtlReallocateStringRoutine; 830#endif 831 832typedef NTSTATUS 833(NTAPI * PRTL_HEAP_COMMIT_ROUTINE) ( 834 IN PVOID Base, 835 IN OUT PVOID *CommitAddress, 836 IN OUT PSIZE_T CommitSize); 837 838typedef struct _RTL_HEAP_PARAMETERS { 839 ULONG Length; 840 SIZE_T SegmentReserve; 841 SIZE_T SegmentCommit; 842 SIZE_T DeCommitFreeBlockThreshold; 843 SIZE_T DeCommitTotalFreeThreshold; 844 SIZE_T MaximumAllocationSize; 845 SIZE_T VirtualMemoryThreshold; 846 SIZE_T InitialCommit; 847 SIZE_T InitialReserve; 848 PRTL_HEAP_COMMIT_ROUTINE CommitRoutine; 849 SIZE_T Reserved[2]; 850} RTL_HEAP_PARAMETERS, *PRTL_HEAP_PARAMETERS; 851 852#if (NTDDI_VERSION >= NTDDI_WIN2K) 853 854typedef struct _GENERATE_NAME_CONTEXT { 855 USHORT Checksum; 856 BOOLEAN CheckSumInserted; 857 UCHAR NameLength; 858 WCHAR NameBuffer[8]; 859 ULONG ExtensionLength; 860 WCHAR ExtensionBuffer[4]; 861 ULONG LastIndexValue; 862} GENERATE_NAME_CONTEXT, *PGENERATE_NAME_CONTEXT; 863 864typedef struct _PREFIX_TABLE_ENTRY { 865 CSHORT NodeTypeCode; 866 CSHORT NameLength; 867 struct _PREFIX_TABLE_ENTRY *NextPrefixTree; 868 RTL_SPLAY_LINKS Links; 869 PSTRING Prefix; 870} PREFIX_TABLE_ENTRY, *PPREFIX_TABLE_ENTRY; 871 872typedef struct _PREFIX_TABLE { 873 CSHORT NodeTypeCode; 874 CSHORT NameLength; 875 PPREFIX_TABLE_ENTRY NextPrefixTree; 876} PREFIX_TABLE, *PPREFIX_TABLE; 877 878typedef struct _UNICODE_PREFIX_TABLE_ENTRY { 879 CSHORT NodeTypeCode; 880 CSHORT NameLength; 881 struct _UNICODE_PREFIX_TABLE_ENTRY *NextPrefixTree; 882 struct _UNICODE_PREFIX_TABLE_ENTRY *CaseMatch; 883 RTL_SPLAY_LINKS Links; 884 PUNICODE_STRING Prefix; 885} UNICODE_PREFIX_TABLE_ENTRY, *PUNICODE_PREFIX_TABLE_ENTRY; 886 887typedef struct _UNICODE_PREFIX_TABLE { 888 CSHORT NodeTypeCode; 889 CSHORT NameLength; 890 PUNICODE_PREFIX_TABLE_ENTRY NextPrefixTree; 891 PUNICODE_PREFIX_TABLE_ENTRY LastNextEntry; 892} UNICODE_PREFIX_TABLE, *PUNICODE_PREFIX_TABLE; 893 894#endif /* (NTDDI_VERSION >= NTDDI_WIN2K) */ 895 896#if (NTDDI_VERSION >= NTDDI_WINXP) 897typedef struct _COMPRESSED_DATA_INFO { 898 USHORT CompressionFormatAndEngine; 899 UCHAR CompressionUnitShift; 900 UCHAR ChunkShift; 901 UCHAR ClusterShift; 902 UCHAR Reserved; 903 USHORT NumberOfChunks; 904 ULONG CompressedChunkSizes[ANYSIZE_ARRAY]; 905} COMPRESSED_DATA_INFO, *PCOMPRESSED_DATA_INFO; 906#endif 907 908/****************************************************************************** 909 * Runtime Library Functions * 910 ******************************************************************************/ 911 912#if (NTDDI_VERSION >= NTDDI_WIN2K) 913 914NTSYSAPI 915PVOID 916NTAPI 917RtlAllocateHeap( 918 IN HANDLE HeapHandle, 919 IN ULONG Flags OPTIONAL, 920 IN SIZE_T Size); 921 922NTSYSAPI 923BOOLEAN 924NTAPI 925RtlFreeHeap( 926 IN PVOID HeapHandle, 927 IN ULONG Flags OPTIONAL, 928 IN PVOID BaseAddress); 929 930NTSYSAPI 931VOID 932NTAPI 933RtlCaptureContext( 934 OUT PCONTEXT ContextRecord); 935 936NTSYSAPI 937ULONG 938NTAPI 939RtlRandom( 940 IN OUT PULONG Seed); 941 942NTSYSAPI 943BOOLEAN 944NTAPI 945RtlCreateUnicodeString( 946 OUT PUNICODE_STRING DestinationString, 947 IN PCWSTR SourceString); 948 949NTSYSAPI 950NTSTATUS 951NTAPI 952RtlAppendStringToString( 953 IN OUT PSTRING Destination, 954 IN const STRING *Source); 955 956NTSYSAPI 957NTSTATUS 958NTAPI 959RtlOemStringToUnicodeString( 960 IN OUT PUNICODE_STRING DestinationString, 961 IN PCOEM_STRING SourceString, 962 IN BOOLEAN AllocateDestinationString); 963 964NTSYSAPI 965NTSTATUS 966NTAPI 967RtlUnicodeStringToOemString( 968 IN OUT POEM_STRING DestinationString, 969 IN PCUNICODE_STRING SourceString, 970 IN BOOLEAN AllocateDestinationString); 971 972NTSYSAPI 973NTSTATUS 974NTAPI 975RtlUpcaseUnicodeStringToOemString( 976 IN OUT POEM_STRING DestinationString, 977 IN PCUNICODE_STRING SourceString, 978 IN BOOLEAN AllocateDestinationString); 979 980NTSYSAPI 981NTSTATUS 982NTAPI 983RtlOemStringToCountedUnicodeString( 984 IN OUT PUNICODE_STRING DestinationString, 985 IN PCOEM_STRING SourceString, 986 IN BOOLEAN AllocateDestinationString); 987 988NTSYSAPI 989NTSTATUS 990NTAPI 991RtlUnicodeStringToCountedOemString( 992 IN OUT POEM_STRING DestinationString, 993 IN PCUNICODE_STRING SourceString, 994 IN BOOLEAN AllocateDestinationString); 995 996NTSYSAPI 997NTSTATUS 998NTAPI 999RtlUpcaseUnicodeStringToCountedOemString( 1000 IN OUT POEM_STRING DestinationString, 1001 IN PCUNICODE_STRING SourceString, 1002 IN BOOLEAN AllocateDestinationString); 1003 1004NTSYSAPI 1005NTSTATUS 1006NTAPI 1007RtlDowncaseUnicodeString( 1008 IN OUT PUNICODE_STRING UniDest, 1009 IN PCUNICODE_STRING UniSource, 1010 IN BOOLEAN AllocateDestinationString); 1011 1012NTSYSAPI 1013VOID 1014NTAPI 1015RtlFreeOemString ( 1016 IN OUT POEM_STRING OemString); 1017 1018NTSYSAPI 1019ULONG 1020NTAPI 1021RtlxUnicodeStringToOemSize( 1022 IN PCUNICODE_STRING UnicodeString); 1023 1024NTSYSAPI 1025ULONG 1026NTAPI 1027RtlxOemStringToUnicodeSize( 1028 IN PCOEM_STRING OemString); 1029 1030NTSYSAPI 1031NTSTATUS 1032NTAPI 1033RtlMultiByteToUnicodeN( 1034 OUT PWCH UnicodeString, 1035 IN ULONG MaxBytesInUnicodeString, 1036 OUT PULONG BytesInUnicodeString OPTIONAL, 1037 IN const CHAR *MultiByteString, 1038 IN ULONG BytesInMultiByteString); 1039 1040NTSYSAPI 1041NTSTATUS 1042NTAPI 1043RtlMultiByteToUnicodeSize( 1044 OUT PULONG BytesInUnicodeString, 1045 IN const CHAR *MultiByteString, 1046 IN ULONG BytesInMultiByteString); 1047 1048NTSYSAPI 1049NTSTATUS 1050NTAPI 1051RtlUnicodeToMultiByteSize( 1052 OUT PULONG BytesInMultiByteString, 1053 IN PCWCH UnicodeString, 1054 IN ULONG BytesInUnicodeString); 1055 1056NTSYSAPI 1057NTSTATUS 1058NTAPI 1059RtlUnicodeToMultiByteN( 1060 OUT PCHAR MultiByteString, 1061 IN ULONG MaxBytesInMultiByteString, 1062 OUT PULONG BytesInMultiByteString OPTIONAL, 1063 IN PCWCH UnicodeString, 1064 IN ULONG BytesInUnicodeString); 1065 1066NTSYSAPI 1067NTSTATUS 1068NTAPI 1069RtlUpcaseUnicodeToMultiByteN( 1070 OUT PCHAR MultiByteString, 1071 IN ULONG MaxBytesInMultiByteString, 1072 OUT PULONG BytesInMultiByteString OPTIONAL, 1073 IN PCWCH UnicodeString, 1074 IN ULONG BytesInUnicodeString); 1075 1076NTSYSAPI 1077NTSTATUS 1078NTAPI 1079RtlOemToUnicodeN( 1080 OUT PWSTR UnicodeString, 1081 IN ULONG MaxBytesInUnicodeString, 1082 OUT PULONG BytesInUnicodeString OPTIONAL, 1083 IN PCCH OemString, 1084 IN ULONG BytesInOemString); 1085 1086NTSYSAPI 1087NTSTATUS 1088NTAPI 1089RtlUnicodeToOemN( 1090 OUT PCHAR OemString, 1091 IN ULONG MaxBytesInOemString, 1092 OUT PULONG BytesInOemString OPTIONAL, 1093 IN PCWCH UnicodeString, 1094 IN ULONG BytesInUnicodeString); 1095 1096NTSYSAPI 1097NTSTATUS 1098NTAPI 1099RtlUpcaseUnicodeToOemN( 1100 OUT PCHAR OemString, 1101 IN ULONG MaxBytesInOemString, 1102 OUT PULONG BytesInOemString OPTIONAL, 1103 IN PCWCH UnicodeString, 1104 IN ULONG BytesInUnicodeString); 1105 1106#if (NTDDI_VERSION >= NTDDI_VISTASP1) 1107NTSYSAPI 1108NTSTATUS 1109NTAPI 1110RtlGenerate8dot3Name( 1111 IN PCUNICODE_STRING Name, 1112 IN BOOLEAN AllowExtendedCharacters, 1113 IN OUT PGENERATE_NAME_CONTEXT Context, 1114 IN OUT PUNICODE_STRING Name8dot3); 1115#else 1116NTSYSAPI 1117VOID 1118NTAPI 1119RtlGenerate8dot3Name( 1120 IN PCUNICODE_STRING Name, 1121 IN BOOLEAN AllowExtendedCharacters, 1122 IN OUT PGENERATE_NAME_CONTEXT Context, 1123 IN OUT PUNICODE_STRING Name8dot3); 1124#endif 1125 1126NTSYSAPI 1127BOOLEAN 1128NTAPI 1129RtlIsNameLegalDOS8Dot3( 1130 IN PCUNICODE_STRING Name, 1131 IN OUT POEM_STRING OemName OPTIONAL, 1132 IN OUT PBOOLEAN NameContainsSpaces OPTIONAL); 1133 1134NTSYSAPI 1135BOOLEAN 1136NTAPI 1137RtlIsValidOemCharacter( 1138 IN OUT PWCHAR Char); 1139 1140NTSYSAPI 1141VOID 1142NTAPI 1143PfxInitialize( 1144 OUT PPREFIX_TABLE PrefixTable); 1145 1146NTSYSAPI 1147BOOLEAN 1148NTAPI 1149PfxInsertPrefix( 1150 IN PPREFIX_TABLE PrefixTable, 1151 IN PSTRING Prefix, 1152 OUT PPREFIX_TABLE_ENTRY PrefixTableEntry); 1153 1154NTSYSAPI 1155VOID 1156NTAPI 1157PfxRemovePrefix( 1158 IN PPREFIX_TABLE PrefixTable, 1159 IN PPREFIX_TABLE_ENTRY PrefixTableEntry); 1160 1161NTSYSAPI 1162PPREFIX_TABLE_ENTRY 1163NTAPI 1164PfxFindPrefix( 1165 IN PPREFIX_TABLE PrefixTable, 1166 IN PSTRING FullName); 1167 1168NTSYSAPI 1169VOID 1170NTAPI 1171RtlInitializeUnicodePrefix( 1172 OUT PUNICODE_PREFIX_TABLE PrefixTable); 1173 1174NTSYSAPI 1175BOOLEAN 1176NTAPI 1177RtlInsertUnicodePrefix( 1178 IN PUNICODE_PREFIX_TABLE PrefixTable, 1179 IN PUNICODE_STRING Prefix, 1180 OUT PUNICODE_PREFIX_TABLE_ENTRY PrefixTableEntry); 1181 1182NTSYSAPI 1183VOID 1184NTAPI 1185RtlRemoveUnicodePrefix( 1186 IN PUNICODE_PREFIX_TABLE PrefixTable, 1187 IN PUNICODE_PREFIX_TABLE_ENTRY PrefixTableEntry); 1188 1189NTSYSAPI 1190PUNICODE_PREFIX_TABLE_ENTRY 1191NTAPI 1192RtlFindUnicodePrefix( 1193 IN PUNICODE_PREFIX_TABLE PrefixTable, 1194 IN PUNICODE_STRING FullName, 1195 IN ULONG CaseInsensitiveIndex); 1196 1197NTSYSAPI 1198PUNICODE_PREFIX_TABLE_ENTRY 1199NTAPI 1200RtlNextUnicodePrefix( 1201 IN PUNICODE_PREFIX_TABLE PrefixTable, 1202 IN BOOLEAN Restart); 1203 1204NTSYSAPI 1205SIZE_T 1206NTAPI 1207RtlCompareMemoryUlong( 1208 IN PVOID Source, 1209 IN SIZE_T Length, 1210 IN ULONG Pattern); 1211 1212NTSYSAPI 1213BOOLEAN 1214NTAPI 1215RtlTimeToSecondsSince1980( 1216 IN PLARGE_INTEGER Time, 1217 OUT PULONG ElapsedSeconds); 1218 1219NTSYSAPI 1220VOID 1221NTAPI 1222RtlSecondsSince1980ToTime( 1223 IN ULONG ElapsedSeconds, 1224 OUT PLARGE_INTEGER Time); 1225 1226NTSYSAPI 1227BOOLEAN 1228NTAPI 1229RtlTimeToSecondsSince1970( 1230 IN PLARGE_INTEGER Time, 1231 OUT PULONG ElapsedSeconds); 1232 1233NTSYSAPI 1234VOID 1235NTAPI 1236RtlSecondsSince1970ToTime( 1237 IN ULONG ElapsedSeconds, 1238 OUT PLARGE_INTEGER Time); 1239 1240NTSYSAPI 1241BOOLEAN 1242NTAPI 1243RtlValidSid( 1244 IN PSID Sid); 1245 1246NTSYSAPI 1247BOOLEAN 1248NTAPI 1249RtlEqualSid( 1250 IN PSID Sid1, 1251 IN PSID Sid2); 1252 1253NTSYSAPI 1254BOOLEAN 1255NTAPI 1256RtlEqualPrefixSid( 1257 IN PSID Sid1, 1258 IN PSID Sid2); 1259 1260NTSYSAPI 1261ULONG 1262NTAPI 1263RtlLengthRequiredSid( 1264 IN ULONG SubAuthorityCount); 1265 1266NTSYSAPI 1267PVOID 1268NTAPI 1269RtlFreeSid( 1270 IN PSID Sid); 1271 1272NTSYSAPI 1273NTSTATUS 1274NTAPI 1275RtlAllocateAndInitializeSid( 1276 IN PSID_IDENTIFIER_AUTHORITY IdentifierAuthority, 1277 IN UCHAR SubAuthorityCount, 1278 IN ULONG SubAuthority0, 1279 IN ULONG SubAuthority1, 1280 IN ULONG SubAuthority2, 1281 IN ULONG SubAuthority3, 1282 IN ULONG SubAuthority4, 1283 IN ULONG SubAuthority5, 1284 IN ULONG SubAuthority6, 1285 IN ULONG SubAuthority7, 1286 OUT PSID *Sid); 1287 1288NTSYSAPI 1289NTSTATUS 1290NTAPI 1291RtlInitializeSid( 1292 OUT PSID Sid, 1293 IN PSID_IDENTIFIER_AUTHORITY IdentifierAuthority, 1294 IN UCHAR SubAuthorityCount); 1295 1296NTSYSAPI 1297PULONG 1298NTAPI 1299RtlSubAuthoritySid( 1300 IN PSID Sid, 1301 IN ULONG SubAuthority); 1302 1303NTSYSAPI 1304ULONG 1305NTAPI 1306RtlLengthSid( 1307 IN PSID Sid); 1308 1309NTSYSAPI 1310NTSTATUS 1311NTAPI 1312RtlCopySid( 1313 IN ULONG Length, 1314 IN PSID Destination, 1315 IN PSID Source); 1316 1317NTSYSAPI 1318NTSTATUS 1319NTAPI 1320RtlConvertSidToUnicodeString( 1321 IN OUT PUNICODE_STRING UnicodeString, 1322 IN PSID Sid, 1323 IN BOOLEAN AllocateDestinationString); 1324 1325NTSYSAPI 1326VOID 1327NTAPI 1328RtlCopyLuid( 1329 OUT PLUID DestinationLuid, 1330 IN PLUID SourceLuid); 1331 1332NTSYSAPI 1333NTSTATUS 1334NTAPI 1335RtlCreateAcl( 1336 OUT PACL Acl, 1337 IN ULONG AclLength, 1338 IN ULONG AclRevision); 1339 1340NTSYSAPI 1341NTSTATUS 1342NTAPI 1343RtlAddAce( 1344 IN OUT PACL Acl, 1345 IN ULONG AceRevision, 1346 IN ULONG StartingAceIndex, 1347 IN PVOID AceList, 1348 IN ULONG AceListLength); 1349 1350NTSYSAPI 1351NTSTATUS 1352NTAPI 1353RtlDeleteAce( 1354 IN OUT PACL Acl, 1355 IN ULONG AceIndex); 1356 1357NTSYSAPI 1358NTSTATUS 1359NTAPI 1360RtlGetAce( 1361 IN PACL Acl, 1362 IN ULONG AceIndex, 1363 OUT PVOID *Ace); 1364 1365NTSYSAPI 1366NTSTATUS 1367NTAPI 1368RtlAddAccessAllowedAce( 1369 IN OUT PACL Acl, 1370 IN ULONG AceRevision, 1371 IN ACCESS_MASK AccessMask, 1372 IN PSID Sid); 1373 1374NTSYSAPI 1375NTSTATUS 1376NTAPI 1377RtlAddAccessAllowedAceEx( 1378 IN OUT PACL Acl, 1379 IN ULONG AceRevision, 1380 IN ULONG AceFlags, 1381 IN ACCESS_MASK AccessMask, 1382 IN PSID Sid); 1383 1384NTSYSAPI 1385NTSTATUS 1386NTAPI 1387RtlCreateSecurityDescriptorRelative( 1388 OUT PISECURITY_DESCRIPTOR_RELATIVE SecurityDescriptor, 1389 IN ULONG Revision); 1390 1391NTSYSAPI 1392NTSTATUS 1393NTAPI 1394RtlGetDaclSecurityDescriptor( 1395 IN PSECURITY_DESCRIPTOR SecurityDescriptor, 1396 OUT PBOOLEAN DaclPresent, 1397 OUT PACL *Dacl, 1398 OUT PBOOLEAN DaclDefaulted); 1399 1400NTSYSAPI 1401NTSTATUS 1402NTAPI 1403RtlSetOwnerSecurityDescriptor( 1404 IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor, 1405 IN PSID Owner OPTIONAL, 1406 IN BOOLEAN OwnerDefaulted); 1407 1408NTSYSAPI 1409NTSTATUS 1410NTAPI 1411RtlGetOwnerSecurityDescriptor( 1412 IN PSECURITY_DESCRIPTOR SecurityDescriptor, 1413 OUT PSID *Owner, 1414 OUT PBOOLEAN OwnerDefaulted); 1415 1416NTSYSAPI 1417ULONG 1418NTAPI 1419RtlNtStatusToDosError( 1420 IN NTSTATUS Status); 1421 1422NTSYSAPI 1423NTSTATUS 1424NTAPI 1425RtlCustomCPToUnicodeN( 1426 IN PCPTABLEINFO CustomCP, 1427 OUT PWCH UnicodeString, 1428 IN ULONG MaxBytesInUnicodeString, 1429 OUT PULONG BytesInUnicodeString OPTIONAL, 1430 IN PCH CustomCPString, 1431 IN ULONG BytesInCustomCPString); 1432 1433NTSYSAPI 1434NTSTATUS 1435NTAPI 1436RtlUnicodeToCustomCPN( 1437 IN PCPTABLEINFO CustomCP, 1438 OUT PCH CustomCPString, 1439 IN ULONG MaxBytesInCustomCPString, 1440 OUT PULONG BytesInCustomCPString OPTIONAL, 1441 IN PWCH UnicodeString, 1442 IN ULONG BytesInUnicodeString); 1443 1444NTSYSAPI 1445NTSTATUS 1446NTAPI 1447RtlUpcaseUnicodeToCustomCPN( 1448 IN PCPTABLEINFO CustomCP, 1449 OUT PCH CustomCPString, 1450 IN ULONG MaxBytesInCustomCPString, 1451 OUT PULONG BytesInCustomCPString OPTIONAL, 1452 IN PWCH UnicodeString, 1453 IN ULONG BytesInUnicodeString); 1454 1455NTSYSAPI 1456VOID 1457NTAPI 1458RtlInitCodePageTable( 1459 IN PUSHORT TableBase, 1460 IN OUT PCPTABLEINFO CodePageTable); 1461 1462 1463#endif /* (NTDDI_VERSION >= NTDDI_WIN2K) */ 1464 1465 1466#if (NTDDI_VERSION >= NTDDI_WINXP) 1467 1468NTSYSAPI 1469PVOID 1470NTAPI 1471RtlCreateHeap( 1472 IN ULONG Flags, 1473 IN PVOID HeapBase OPTIONAL, 1474 IN SIZE_T ReserveSize OPTIONAL, 1475 IN SIZE_T CommitSize OPTIONAL, 1476 IN PVOID Lock OPTIONAL, 1477 IN PRTL_HEAP_PARAMETERS Parameters OPTIONAL); 1478 1479NTSYSAPI 1480PVOID 1481NTAPI 1482RtlDestroyHeap( 1483 IN PVOID HeapHandle); 1484 1485NTSYSAPI 1486USHORT 1487NTAPI 1488RtlCaptureStackBackTrace( 1489 IN ULONG FramesToSkip, 1490 IN ULONG FramesToCapture, 1491 OUT PVOID *BackTrace, 1492 OUT PULONG BackTraceHash OPTIONAL); 1493 1494NTSYSAPI 1495ULONG 1496NTAPI 1497RtlRandomEx( 1498 IN OUT PULONG Seed); 1499 1500NTSYSAPI 1501NTSTATUS 1502NTAPI 1503RtlInitUnicodeStringEx( 1504 OUT PUNICODE_STRING DestinationString, 1505 IN PCWSTR SourceString OPTIONAL); 1506 1507NTSYSAPI 1508NTSTATUS 1509NTAPI 1510RtlValidateUnicodeString( 1511 IN ULONG Flags, 1512 IN PCUNICODE_STRING String); 1513 1514NTSYSAPI 1515NTSTATUS 1516NTAPI 1517RtlDuplicateUnicodeString( 1518 IN ULONG Flags, 1519 IN PCUNICODE_STRING SourceString, 1520 OUT PUNICODE_STRING DestinationString); 1521 1522NTSYSAPI 1523NTSTATUS 1524NTAPI 1525RtlGetCompressionWorkSpaceSize( 1526 IN USHORT CompressionFormatAndEngine, 1527 OUT PULONG CompressBufferWorkSpaceSize, 1528 OUT PULONG CompressFragmentWorkSpaceSize); 1529 1530NTSYSAPI 1531NTSTATUS 1532NTAPI 1533RtlCompressBuffer( 1534 IN USHORT CompressionFormatAndEngine, 1535 IN PUCHAR UncompressedBuffer, 1536 IN ULONG UncompressedBufferSize, 1537 OUT PUCHAR CompressedBuffer, 1538 IN ULONG CompressedBufferSize, 1539 IN ULONG UncompressedChunkSize, 1540 OUT PULONG FinalCompressedSize, 1541 IN PVOID WorkSpace); 1542 1543NTSYSAPI 1544NTSTATUS 1545NTAPI 1546RtlDecompressBuffer( 1547 IN USHORT CompressionFormat, 1548 OUT PUCHAR UncompressedBuffer, 1549 IN ULONG UncompressedBufferSize, 1550 IN PUCHAR CompressedBuffer, 1551 IN ULONG CompressedBufferSize, 1552 OUT PULONG FinalUncompressedSize); 1553 1554NTSYSAPI 1555NTSTATUS 1556NTAPI 1557RtlDecompressFragment( 1558 IN USHORT CompressionFormat, 1559 OUT PUCHAR UncompressedFragment, 1560 IN ULONG UncompressedFragmentSize, 1561 IN PUCHAR CompressedBuffer, 1562 IN ULONG CompressedBufferSize, 1563 IN ULONG FragmentOffset, 1564 OUT PULONG FinalUncompressedSize, 1565 IN PVOID WorkSpace); 1566 1567NTSYSAPI 1568NTSTATUS 1569NTAPI 1570RtlDescribeChunk( 1571 IN USHORT CompressionFormat, 1572 IN OUT PUCHAR *CompressedBuffer, 1573 IN PUCHAR EndOfCompressedBufferPlus1, 1574 OUT PUCHAR *ChunkBuffer, 1575 OUT PULONG ChunkSize); 1576 1577NTSYSAPI 1578NTSTATUS 1579NTAPI 1580RtlReserveChunk( 1581 IN USHORT CompressionFormat, 1582 IN OUT PUCHAR *CompressedBuffer, 1583 IN PUCHAR EndOfCompressedBufferPlus1, 1584 OUT PUCHAR *ChunkBuffer, 1585 IN ULONG ChunkSize); 1586 1587NTSYSAPI 1588NTSTATUS 1589NTAPI 1590RtlDecompressChunks( 1591 OUT PUCHAR UncompressedBuffer, 1592 IN ULONG UncompressedBufferSize, 1593 IN PUCHAR CompressedBuffer, 1594 IN ULONG CompressedBufferSize, 1595 IN PUCHAR CompressedTail, 1596 IN ULONG CompressedTailSize, 1597 IN PCOMPRESSED_DATA_INFO CompressedDataInfo); 1598 1599NTSYSAPI 1600NTSTATUS 1601NTAPI 1602RtlCompressChunks( 1603 IN PUCHAR UncompressedBuffer, 1604 IN ULONG UncompressedBufferSize, 1605 OUT PUCHAR CompressedBuffer, 1606 IN ULONG CompressedBufferSize, 1607 IN OUT PCOMPRESSED_DATA_INFO CompressedDataInfo, 1608 IN ULONG CompressedDataInfoLength, 1609 IN PVOID WorkSpace); 1610 1611NTSYSAPI 1612PSID_IDENTIFIER_AUTHORITY 1613NTAPI 1614RtlIdentifierAuthoritySid( 1615 IN PSID Sid); 1616 1617NTSYSAPI 1618PUCHAR 1619NTAPI 1620RtlSubAuthorityCountSid( 1621 IN PSID Sid); 1622 1623NTSYSAPI 1624ULONG 1625NTAPI 1626RtlNtStatusToDosErrorNoTeb( 1627 IN NTSTATUS Status); 1628 1629NTSYSAPI 1630NTSTATUS 1631NTAPI 1632RtlCreateSystemVolumeInformationFolder( 1633 IN PCUNICODE_STRING VolumeRootPath); 1634 1635#if defined(_M_AMD64) 1636 1637FORCEINLINE 1638VOID 1639RtlFillMemoryUlong ( 1640 OUT PVOID Destination, 1641 IN SIZE_T Length, 1642 IN ULONG Pattern) 1643{ 1644 PULONG Address = (PULONG)Destination; 1645 if ((Length /= 4) != 0) { 1646 if (((ULONG64)Address & 4) != 0) { 1647 *Address = Pattern; 1648 if ((Length -= 1) == 0) { 1649 return; 1650 } 1651 Address += 1; 1652 } 1653 __stosq((PULONG64)(Address), Pattern | ((ULONG64)Pattern << 32), Length / 2); 1654 if ((Length & 1) != 0) Address[Length - 1] = Pattern; 1655 } 1656 return; 1657} 1658 1659#define RtlFillMemoryUlonglong(Destination, Length, Pattern) \ 1660 __stosq((PULONG64)(Destination), Pattern, (Length) / 8) 1661 1662#else 1663 1664NTSYSAPI 1665VOID 1666NTAPI 1667RtlFillMemoryUlong( 1668 OUT PVOID Destination, 1669 IN SIZE_T Length, 1670 IN ULONG Pattern); 1671 1672NTSYSAPI 1673VOID 1674NTAPI 1675RtlFillMemoryUlonglong( 1676 OUT PVOID Destination, 1677 IN SIZE_T Length, 1678 IN ULONGLONG Pattern); 1679 1680#endif /* defined(_M_AMD64) */ 1681 1682#endif /* (NTDDI_VERSION >= NTDDI_WINXP) */ 1683 1684#if (NTDDI_VERSION >= NTDDI_WS03) 1685NTSYSAPI 1686NTSTATUS 1687NTAPI 1688RtlInitAnsiStringEx( 1689 OUT PANSI_STRING DestinationString, 1690 IN PCSZ SourceString OPTIONAL); 1691#endif 1692 1693#if (NTDDI_VERSION >= NTDDI_WS03SP1) 1694 1695NTSYSAPI 1696NTSTATUS 1697NTAPI 1698RtlGetSaclSecurityDescriptor( 1699 IN PSECURITY_DESCRIPTOR SecurityDescriptor, 1700 OUT PBOOLEAN SaclPresent, 1701 OUT PACL *Sacl, 1702 OUT PBOOLEAN SaclDefaulted); 1703 1704NTSYSAPI 1705NTSTATUS 1706NTAPI 1707RtlSetGroupSecurityDescriptor( 1708 IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor, 1709 IN PSID Group OPTIONAL, 1710 IN BOOLEAN GroupDefaulted OPTIONAL); 1711 1712NTSYSAPI 1713NTSTATUS 1714NTAPI 1715RtlGetGroupSecurityDescriptor( 1716 IN PSECURITY_DESCRIPTOR SecurityDescriptor, 1717 OUT PSID *Group, 1718 OUT PBOOLEAN GroupDefaulted); 1719 1720NTSYSAPI 1721NTSTATUS 1722NTAPI 1723RtlAbsoluteToSelfRelativeSD( 1724 IN PSECURITY_DESCRIPTOR AbsoluteSecurityDescriptor, 1725 OUT PSECURITY_DESCRIPTOR SelfRelativeSecurityDescriptor OPTIONAL, 1726 IN OUT PULONG BufferLength); 1727 1728NTSYSAPI 1729NTSTATUS 1730NTAPI 1731RtlSelfRelativeToAbsoluteSD( 1732 IN PSECURITY_DESCRIPTOR SelfRelativeSecurityDescriptor, 1733 OUT PSECURITY_DESCRIPTOR AbsoluteSecurityDescriptor OPTIONAL, 1734 IN OUT PULONG AbsoluteSecurityDescriptorSize, 1735 OUT PACL Dacl OPTIONAL, 1736 IN OUT PULONG DaclSize, 1737 OUT PACL Sacl OPTIONAL, 1738 IN OUT PULONG SaclSize, 1739 OUT PSID Owner OPTIONAL, 1740 IN OUT PULONG OwnerSize, 1741 OUT PSID PrimaryGroup OPTIONAL, 1742 IN OUT PULONG PrimaryGroupSize); 1743 1744#endif /* (NTDDI_VERSION >= NTDDI_WS03SP1) */ 1745 1746#if (NTDDI_VERSION >= NTDDI_VISTA) 1747 1748NTSYSAPI 1749NTSTATUS 1750NTAPI 1751RtlNormalizeString( 1752 IN ULONG NormForm, 1753 IN PCWSTR SourceString, 1754 IN LONG SourceStringLength, 1755 OUT PWSTR DestinationString, 1756 IN OUT PLONG DestinationStringLength); 1757 1758NTSYSAPI 1759NTSTATUS 1760NTAPI 1761RtlIsNormalizedString( 1762 IN ULONG NormForm, 1763 IN PCWSTR SourceString, 1764 IN LONG SourceStringLength, 1765 OUT PBOOLEAN Normalized); 1766 1767NTSYSAPI 1768NTSTATUS 1769NTAPI 1770RtlIdnToAscii( 1771 IN ULONG Flags, 1772 IN PCWSTR SourceString, 1773 IN LONG SourceStringLength, 1774 OUT PWSTR DestinationString, 1775 IN OUT PLONG DestinationStringLength); 1776 1777NTSYSAPI 1778NTSTATUS 1779NTAPI 1780RtlIdnToUnicode( 1781 IN ULONG Flags, 1782 IN PCWSTR SourceString, 1783 IN LONG SourceStringLength, 1784 OUT PWSTR DestinationString, 1785 IN OUT PLONG DestinationStringLength); 1786 1787NTSYSAPI 1788NTSTATUS 1789NTAPI 1790RtlIdnToNameprepUnicode( 1791 IN ULONG Flags, 1792 IN PCWSTR SourceString, 1793 IN LONG SourceStringLength, 1794 OUT PWSTR DestinationString, 1795 IN OUT PLONG DestinationStringLength); 1796 1797NTSYSAPI 1798NTSTATUS 1799NTAPI 1800RtlCreateServiceSid( 1801 IN PUNICODE_STRING ServiceName, 1802 OUT PSID ServiceSid, 1803 IN OUT PULONG ServiceSidLength); 1804 1805NTSYSAPI 1806LONG 1807NTAPI 1808RtlCompareAltitudes( 1809 IN PCUNICODE_STRING Altitude1, 1810 IN PCUNICODE_STRING Altitude2); 1811 1812#endif /* (NTDDI_VERSION >= NTDDI_VISTA) */ 1813 1814#if (NTDDI_VERSION >= NTDDI_WIN7) 1815 1816NTSYSAPI 1817NTSTATUS 1818NTAPI 1819RtlUnicodeToUTF8N( 1820 OUT PCHAR UTF8StringDestination, 1821 IN ULONG UTF8StringMaxByteCount, 1822 OUT PULONG UTF8StringActualByteCount, 1823 IN PCWCH UnicodeStringSource, 1824 IN ULONG UnicodeStringByteCount); 1825 1826NTSYSAPI 1827NTSTATUS 1828NTAPI 1829RtlUTF8ToUnicodeN( 1830 OUT PWSTR UnicodeStringDestination, 1831 IN ULONG UnicodeStringMaxByteCount, 1832 OUT PULONG UnicodeStringActualByteCount, 1833 IN PCCH UTF8StringSource, 1834 IN ULONG UTF8StringByteCount); 1835 1836NTSYSAPI 1837NTSTATUS 1838NTAPI 1839RtlReplaceSidInSd( 1840 IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor, 1841 IN PSID OldSid, 1842 IN PSID NewSid, 1843 OUT ULONG *NumChanges); 1844 1845NTSYSAPI 1846NTSTATUS 1847NTAPI 1848RtlCreateVirtualAccountSid( 1849 IN PCUNICODE_STRING Name, 1850 IN ULONG BaseSubAuthority, 1851 OUT PSID Sid, 1852 IN OUT PULONG SidLength); 1853 1854#endif /* (NTDDI_VERSION >= NTDDI_WIN7) */ 1855 1856 1857#if defined(_AMD64_) || defined(_IA64_) 1858 1859 1860#endif /* defined(_AMD64_) || defined(_IA64_) */ 1861 1862 1863 1864#define RTL_DUPLICATE_UNICODE_STRING_NULL_TERMINATE 1 1865#define RTL_DUPLICATE_UNICODE_STRING_ALLOCATE_NULL_STRING 2 1866 1867#define RtlUnicodeStringToOemSize(STRING) (NLS_MB_OEM_CODE_PAGE_TAG ? \ 1868 RtlxUnicodeStringToOemSize(STRING) : \ 1869 ((STRING)->Length + sizeof(UNICODE_NULL)) / sizeof(WCHAR) \ 1870) 1871 1872#define RtlOemStringToUnicodeSize(STRING) ( \ 1873 NLS_MB_OEM_CODE_PAGE_TAG ? \ 1874 RtlxOemStringToUnicodeSize(STRING) : \ 1875 ((STRING)->Length + sizeof(ANSI_NULL)) * sizeof(WCHAR) \ 1876) 1877 1878#define RtlOemStringToCountedUnicodeSize(STRING) ( \ 1879 (ULONG)(RtlOemStringToUnicodeSize(STRING) - sizeof(UNICODE_NULL)) \ 1880) 1881 1882#define RtlOffsetToPointer(B,O) ((PCHAR)(((PCHAR)(B)) + ((ULONG_PTR)(O)))) 1883#define RtlPointerToOffset(B,P) ((ULONG)(((PCHAR)(P)) - ((PCHAR)(B)))) 1884 1885typedef enum _OBJECT_INFORMATION_CLASS { 1886 ObjectBasicInformation = 0, 1887 ObjectNameInformation = 1, /* FIXME, not in WDK */ 1888 ObjectTypeInformation = 2, 1889 ObjectTypesInformation = 3, /* FIXME, not in WDK */ 1890 ObjectHandleFlagInformation = 4, /* FIXME, not in WDK */ 1891 ObjectSessionInformation = 5, /* FIXME, not in WDK */ 1892 MaxObjectInfoClass /* FIXME, not in WDK */ 1893} OBJECT_INFORMATION_CLASS; 1894 1895NTSYSCALLAPI 1896NTSTATUS 1897NTAPI 1898NtQueryObject( 1899 IN HANDLE Handle OPTIONAL, 1900 IN OBJECT_INFORMATION_CLASS ObjectInformationClass, 1901 OUT PVOID ObjectInformation OPTIONAL, 1902 IN ULONG ObjectInformationLength, 1903 OUT PULONG ReturnLength OPTIONAL); 1904 1905#if (NTDDI_VERSION >= NTDDI_WIN2K) 1906 1907NTSYSCALLAPI 1908NTSTATUS 1909NTAPI 1910NtOpenThreadToken( 1911 IN HANDLE ThreadHandle, 1912 IN ACCESS_MASK DesiredAccess, 1913 IN BOOLEAN OpenAsSelf, 1914 OUT PHANDLE TokenHandle); 1915 1916NTSYSCALLAPI 1917NTSTATUS 1918NTAPI 1919NtOpenProcessToken( 1920 IN HANDLE ProcessHandle, 1921 IN ACCESS_MASK DesiredAccess, 1922 OUT PHANDLE TokenHandle); 1923 1924NTSYSCALLAPI 1925NTSTATUS 1926NTAPI 1927NtQueryInformationToken( 1928 IN HANDLE TokenHandle, 1929 IN TOKEN_INFORMATION_CLASS TokenInformationClass, 1930 OUT PVOID TokenInformation OPTIONAL, 1931 IN ULONG TokenInformationLength, 1932 OUT PULONG ReturnLength); 1933 1934NTSYSCALLAPI 1935NTSTATUS 1936NTAPI 1937NtAdjustPrivilegesToken( 1938 IN HANDLE TokenHandle, 1939 IN BOOLEAN DisableAllPrivileges, 1940 IN PTOKEN_PRIVILEGES NewState OPTIONAL, 1941 IN ULONG BufferLength, 1942 OUT PTOKEN_PRIVILEGES PreviousState, 1943 OUT PULONG ReturnLength OPTIONAL); 1944 1945NTSYSCALLAPI 1946NTSTATUS 1947NTAPI 1948NtCreateFile( 1949 OUT PHANDLE FileHandle, 1950 IN ACCESS_MASK DesiredAccess, 1951 IN POBJECT_ATTRIBUTES ObjectAttributes, 1952 OUT PIO_STATUS_BLOCK IoStatusBlock, 1953 IN PLARGE_INTEGER AllocationSize OPTIONAL, 1954 IN ULONG FileAttributes, 1955 IN ULONG ShareAccess, 1956 IN ULONG CreateDisposition, 1957 IN ULONG CreateOptions, 1958 IN PVOID EaBuffer, 1959 IN ULONG EaLength); 1960 1961NTSYSCALLAPI 1962NTSTATUS 1963NTAPI 1964NtDeviceIoControlFile( 1965 IN HANDLE FileHandle, 1966 IN HANDLE Event OPTIONAL, 1967 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL, 1968 IN PVOID ApcContext OPTIONAL, 1969 OUT PIO_STATUS_BLOCK IoStatusBlock, 1970 IN ULONG IoControlCode, 1971 IN PVOID InputBuffer OPTIONAL, 1972 IN ULONG InputBufferLength, 1973 OUT PVOID OutputBuffer OPTIONAL, 1974 IN ULONG OutputBufferLength); 1975 1976NTSYSCALLAPI 1977NTSTATUS 1978NTAPI 1979NtFsControlFile( 1980 IN HANDLE FileHandle, 1981 IN HANDLE Event OPTIONAL, 1982 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL, 1983 IN PVOID ApcContext OPTIONAL, 1984 OUT PIO_STATUS_BLOCK IoStatusBlock, 1985 IN ULONG FsControlCode, 1986 IN PVOID InputBuffer OPTIONAL, 1987 IN ULONG InputBufferLength, 1988 OUT PVOID OutputBuffer OPTIONAL, 1989 IN ULONG OutputBufferLength); 1990 1991NTSYSCALLAPI 1992NTSTATUS 1993NTAPI 1994NtLockFile( 1995 IN HANDLE FileHandle, 1996 IN HANDLE Event OPTIONAL, 1997 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL, 1998 IN PVOID ApcContext OPTIONAL, 1999 OUT PIO_STATUS_BLOCK IoStatusBlock, 2000 IN PLARGE_INTEGER ByteOffset, 2001 IN PLARGE_INTEGER Length, 2002 IN ULONG Key, 2003 IN BOOLEAN FailImmediately, 2004 IN BOOLEAN ExclusiveLock); 2005 2006NTSYSCALLAPI 2007NTSTATUS 2008NTAPI 2009NtOpenFile( 2010 OUT PHANDLE FileHandle, 2011 IN ACCESS_MASK DesiredAccess, 2012 IN POBJECT_ATTRIBUTES ObjectAttributes, 2013 OUT PIO_STATUS_BLOCK IoStatusBlock, 2014 IN ULONG ShareAccess, 2015 IN ULONG OpenOptions); 2016 2017NTSYSCALLAPI 2018NTSTATUS 2019NTAPI 2020NtQueryDirectoryFile( 2021 IN HANDLE FileHandle, 2022 IN HANDLE Event OPTIONAL, 2023 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL, 2024 IN PVOID ApcContext OPTIONAL, 2025 OUT PIO_STATUS_BLOCK IoStatusBlock, 2026 OUT PVOID FileInformation, 2027 IN ULONG Length, 2028 IN FILE_INFORMATION_CLASS FileInformationClass, 2029 IN BOOLEAN ReturnSingleEntry, 2030 IN PUNICODE_STRING FileName OPTIONAL, 2031 IN BOOLEAN RestartScan); 2032 2033NTSYSCALLAPI 2034NTSTATUS 2035NTAPI 2036NtQueryInformationFile( 2037 IN HANDLE FileHandle, 2038 OUT PIO_STATUS_BLOCK IoStatusBlock, 2039 OUT PVOID FileInformation, 2040 IN ULONG Length, 2041 IN FILE_INFORMATION_CLASS FileInformationClass); 2042 2043NTSYSCALLAPI 2044NTSTATUS 2045NTAPI 2046NtQueryQuotaInformationFile( 2047 IN HANDLE FileHandle, 2048 OUT PIO_STATUS_BLOCK IoStatusBlock, 2049 OUT PVOID Buffer, 2050 IN ULONG Length, 2051 IN BOOLEAN ReturnSingleEntry, 2052 IN PVOID SidList, 2053 IN ULONG SidListLength, 2054 IN PSID StartSid OPTIONAL, 2055 IN BOOLEAN RestartScan); 2056 2057NTSYSCALLAPI 2058NTSTATUS 2059NTAPI 2060NtQueryVolumeInformationFile( 2061 IN HANDLE FileHandle, 2062 OUT PIO_STATUS_BLOCK IoStatusBlock, 2063 OUT PVOID FsInformation, 2064 IN ULONG Length, 2065 IN FS_INFORMATION_CLASS FsInformationClass); 2066 2067NTSYSCALLAPI 2068NTSTATUS 2069NTAPI 2070NtReadFile( 2071 IN HANDLE FileHandle, 2072 IN HANDLE Event OPTIONAL, 2073 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL, 2074 IN PVOID ApcContext OPTIONAL, 2075 OUT PIO_STATUS_BLOCK IoStatusBlock, 2076 OUT PVOID Buffer, 2077 IN ULONG Length, 2078 IN PLARGE_INTEGER ByteOffset OPTIONAL, 2079 IN PULONG Key OPTIONAL); 2080 2081NTSYSCALLAPI 2082NTSTATUS 2083NTAPI 2084NtSetInformationFile( 2085 IN HANDLE FileHandle, 2086 OUT PIO_STATUS_BLOCK IoStatusBlock, 2087 IN PVOID FileInformation, 2088 IN ULONG Length, 2089 IN FILE_INFORMATION_CLASS FileInformationClass); 2090 2091NTSYSCALLAPI 2092NTSTATUS 2093NTAPI 2094NtSetQuotaInformationFile( 2095 IN HANDLE FileHandle, 2096 OUT PIO_STATUS_BLOCK IoStatusBlock, 2097 IN PVOID Buffer, 2098 IN ULONG Length); 2099 2100NTSYSCALLAPI 2101NTSTATUS 2102NTAPI 2103NtSetVolumeInformationFile( 2104 IN HANDLE FileHandle, 2105 OUT PIO_STATUS_BLOCK IoStatusBlock, 2106 IN PVOID FsInformation, 2107 IN ULONG Length, 2108 IN FS_INFORMATION_CLASS FsInformationClass); 2109 2110NTSYSCALLAPI 2111NTSTATUS 2112NTAPI 2113NtWriteFile( 2114 IN HANDLE FileHandle, 2115 IN HANDLE Event OPTIONAL, 2116 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL, 2117 IN PVOID ApcContext OPTIONAL, 2118 OUT PIO_STATUS_BLOCK IoStatusBlock, 2119 IN PVOID Buffer, 2120 IN ULONG Length, 2121 IN PLARGE_INTEGER ByteOffset OPTIONAL, 2122 IN PULONG Key OPTIONAL); 2123 2124NTSYSCALLAPI 2125NTSTATUS 2126NTAPI 2127NtUnlockFile( 2128 IN HANDLE FileHandle, 2129 OUT PIO_STATUS_BLOCK IoStatusBlock, 2130 IN PLARGE_INTEGER ByteOffset, 2131 IN PLARGE_INTEGER Length, 2132 IN ULONG Key); 2133 2134NTSYSCALLAPI 2135NTSTATUS 2136NTAPI 2137NtSetSecurityObject( 2138 IN HANDLE Handle, 2139 IN SECURITY_INFORMATION SecurityInformation, 2140 IN PSECURITY_DESCRIPTOR SecurityDescriptor); 2141 2142NTSYSCALLAPI 2143NTSTATUS 2144NTAPI 2145NtQuerySecurityObject( 2146 IN HANDLE Handle, 2147 IN SECURITY_INFORMATION SecurityInformation, 2148 OUT PSECURITY_DESCRIPTOR SecurityDescriptor, 2149 IN ULONG Length, 2150 OUT PULONG LengthNeeded); 2151 2152NTSYSCALLAPI 2153NTSTATUS 2154NTAPI 2155NtClose( 2156 IN HANDLE Handle); 2157 2158NTSYSCALLAPI 2159NTSTATUS 2160NTAPI 2161NtAllocateVirtualMemory( 2162 IN HANDLE ProcessHandle, 2163 IN OUT PVOID *BaseAddress, 2164 IN ULONG_PTR ZeroBits, 2165 IN OUT PSIZE_T RegionSize, 2166 IN ULONG AllocationType, 2167 IN ULONG Protect); 2168 2169NTSYSCALLAPI 2170NTSTATUS 2171NTAPI 2172NtFreeVirtualMemory( 2173 IN HANDLE ProcessHandle, 2174 IN OUT PVOID *BaseAddress, 2175 IN OUT PSIZE_T RegionSize, 2176 IN ULONG FreeType); 2177 2178#endif /* (NTDDI_VERSION >= NTDDI_WIN2K) */ 2179 2180#if (NTDDI_VERSION >= NTDDI_WINXP) 2181 2182NTSYSCALLAPI 2183NTSTATUS 2184NTAPI 2185NtOpenThreadTokenEx( 2186 IN HANDLE ThreadHandle, 2187 IN ACCESS_MASK DesiredAccess, 2188 IN BOOLEAN OpenAsSelf, 2189 IN ULONG HandleAttributes, 2190 OUT PHANDLE TokenHandle); 2191 2192NTSYSCALLAPI 2193NTSTATUS 2194NTAPI 2195NtOpenProcessTokenEx( 2196 IN HANDLE ProcessHandle, 2197 IN ACCESS_MASK DesiredAccess, 2198 IN ULONG HandleAttributes, 2199 OUT PHANDLE TokenHandle); 2200 2201NTSYSAPI 2202NTSTATUS 2203NTAPI 2204NtOpenJobObjectToken( 2205 IN HANDLE JobHandle, 2206 IN ACCESS_MASK DesiredAccess, 2207 OUT PHANDLE TokenHandle); 2208 2209NTSYSCALLAPI 2210NTSTATUS 2211NTAPI 2212NtDuplicateToken( 2213 IN HANDLE ExistingTokenHandle, 2214 IN ACCESS_MASK DesiredAccess, 2215 IN POBJECT_ATTRIBUTES ObjectAttributes, 2216 IN BOOLEAN EffectiveOnly, 2217 IN TOKEN_TYPE TokenType, 2218 OUT PHANDLE NewTokenHandle); 2219 2220NTSYSCALLAPI 2221NTSTATUS 2222NTAPI 2223NtFilterToken( 2224 IN HANDLE ExistingTokenHandle, 2225 IN ULONG Flags, 2226 IN PTOKEN_GROUPS SidsToDisable OPTIONAL, 2227 IN PTOKEN_PRIVILEGES PrivilegesToDelete OPTIONAL, 2228 IN PTOKEN_GROUPS RestrictedSids OPTIONAL, 2229 OUT PHANDLE NewTokenHandle); 2230 2231NTSYSCALLAPI 2232NTSTATUS 2233NTAPI 2234NtImpersonateAnonymousToken( 2235 IN HANDLE ThreadHandle); 2236 2237NTSYSCALLAPI 2238NTSTATUS 2239NTAPI 2240NtSetInformationToken( 2241 IN HANDLE TokenHandle, 2242 IN TOKEN_INFORMATION_CLASS TokenInformationClass, 2243 IN PVOID TokenInformation, 2244 IN ULONG TokenInformationLength); 2245 2246NTSYSCALLAPI 2247NTSTATUS 2248NTAPI 2249NtAdjustGroupsToken( 2250 IN HANDLE TokenHandle, 2251 IN BOOLEAN ResetToDefault, 2252 IN PTOKEN_GROUPS NewState OPTIONAL, 2253 IN ULONG BufferLength OPTIONAL, 2254 OUT PTOKEN_GROUPS PreviousState, 2255 OUT PULONG ReturnLength); 2256 2257NTSYSCALLAPI 2258NTSTATUS 2259NTAPI 2260NtPrivilegeCheck( 2261 IN HANDLE ClientToken, 2262 IN OUT PPRIVILEGE_SET RequiredPrivileges, 2263 OUT PBOOLEAN Result); 2264 2265NTSYSCALLAPI 2266NTSTATUS 2267NTAPI 2268NtAccessCheckAndAuditAlarm( 2269 IN PUNICODE_STRING SubsystemName, 2270 IN PVOID HandleId OPTIONAL, 2271 IN PUNICODE_STRING ObjectTypeName, 2272 IN PUNICODE_STRING ObjectName, 2273 IN PSECURITY_DESCRIPTOR SecurityDescriptor, 2274 IN ACCESS_MASK DesiredAccess, 2275 IN PGENERIC_MAPPING GenericMapping, 2276 IN BOOLEAN ObjectCreation, 2277 OUT PACCESS_MASK GrantedAccess, 2278 OUT PNTSTATUS AccessStatus, 2279 OUT PBOOLEAN GenerateOnClose); 2280 2281NTSYSCALLAPI 2282NTSTATUS 2283NTAPI 2284NtAccessCheckByTypeAndAuditAlarm( 2285 IN PUNICODE_STRING SubsystemName, 2286 IN PVOID HandleId, 2287 IN PUNICODE_STRING ObjectTypeName, 2288 IN PUNICODE_STRING ObjectName, 2289 IN PSECURITY_DESCRIPTOR SecurityDescriptor, 2290 IN PSID PrincipalSelfSid OPTIONAL, 2291 IN ACCESS_MASK DesiredAccess, 2292 IN AUDIT_EVENT_TYPE AuditType, 2293 IN ULONG Flags, 2294 IN POBJECT_TYPE_LIST ObjectTypeList OPTIONAL, 2295 IN ULONG ObjectTypeLength, 2296 IN PGENERIC_MAPPING GenericMapping, 2297 IN BOOLEAN ObjectCreation, 2298 OUT PACCESS_MASK GrantedAccess, 2299 OUT PNTSTATUS AccessStatus, 2300 OUT PBOOLEAN GenerateOnClose); 2301 2302NTSYSCALLAPI 2303NTSTATUS 2304NTAPI 2305NtAccessCheckByTypeResultListAndAuditAlarm( 2306 IN PUNICODE_STRING SubsystemName, 2307 IN PVOID HandleId OPTIONAL, 2308 IN PUNICODE_STRING ObjectTypeName, 2309 IN PUNICODE_STRING ObjectName, 2310 IN PSECURITY_DESCRIPTOR SecurityDescriptor, 2311 IN PSID PrincipalSelfSid OPTIONAL, 2312 IN ACCESS_MASK DesiredAccess, 2313 IN AUDIT_EVENT_TYPE AuditType, 2314 IN ULONG Flags, 2315 IN POBJECT_TYPE_LIST ObjectTypeList OPTIONAL, 2316 IN ULONG ObjectTypeLength, 2317 IN PGENERIC_MAPPING GenericMapping, 2318 IN BOOLEAN ObjectCreation, 2319 OUT PACCESS_MASK GrantedAccess, 2320 OUT PNTSTATUS AccessStatus, 2321 OUT PBOOLEAN GenerateOnClose); 2322 2323NTSTATUS 2324NTAPI 2325NtAccessCheckByTypeResultListAndAuditAlarmByHandle( 2326 IN PUNICODE_STRING SubsystemName, 2327 IN PVOID HandleId OPTIONAL, 2328 IN HANDLE ClientToken, 2329 IN PUNICODE_STRING ObjectTypeName, 2330 IN PUNICODE_STRING ObjectName, 2331 IN PSECURITY_DESCRIPTOR SecurityDescriptor, 2332 IN PSID PrincipalSelfSid OPTIONAL, 2333 IN ACCESS_MASK DesiredAccess, 2334 IN AUDIT_EVENT_TYPE AuditType, 2335 IN ULONG Flags, 2336 IN POBJECT_TYPE_LIST ObjectTypeList OPTIONAL, 2337 IN ULONG ObjectTypeLength, 2338 IN PGENERIC_MAPPING GenericMapping, 2339 IN BOOLEAN ObjectCreation, 2340 OUT PACCESS_MASK GrantedAccess, 2341 OUT PNTSTATUS AccessStatus, 2342 OUT PBOOLEAN GenerateOnClose); 2343 2344NTSYSCALLAPI 2345NTSTATUS 2346NTAPI 2347NtOpenObjectAuditAlarm( 2348 IN PUNICODE_STRING SubsystemName, 2349 IN PVOID HandleId OPTIONAL, 2350 IN PUNICODE_STRING ObjectTypeName, 2351 IN PUNICODE_STRING ObjectName, 2352 IN PSECURITY_DESCRIPTOR SecurityDescriptor OPTIONAL, 2353 IN HANDLE ClientToken, 2354 IN ACCESS_MASK DesiredAccess, 2355 IN ACCESS_MASK GrantedAccess, 2356 IN PPRIVILEGE_SET Privileges OPTIONAL, 2357 IN BOOLEAN ObjectCreation, 2358 IN BOOLEAN AccessGranted, 2359 OUT PBOOLEAN GenerateOnClose); 2360 2361NTSYSCALLAPI 2362NTSTATUS 2363NTAPI 2364NtPrivilegeObjectAuditAlarm( 2365 IN PUNICODE_STRING SubsystemName, 2366 IN PVOID HandleId OPTIONAL, 2367 IN HANDLE ClientToken, 2368 IN ACCESS_MASK DesiredAccess, 2369 IN PPRIVILEGE_SET Privileges, 2370 IN BOOLEAN AccessGranted); 2371 2372NTSYSCALLAPI 2373NTSTATUS 2374NTAPI 2375NtCloseObjectAuditAlarm( 2376 IN PUNICODE_STRING SubsystemName, 2377 IN PVOID HandleId OPTIONAL, 2378 IN BOOLEAN GenerateOnClose); 2379 2380NTSYSCALLAPI 2381NTSTATUS 2382NTAPI 2383NtDeleteObjectAuditAlarm( 2384 IN PUNICODE_STRING SubsystemName, 2385 IN PVOID HandleId OPTIONAL, 2386 IN BOOLEAN GenerateOnClose); 2387 2388NTSYSCALLAPI 2389NTSTATUS 2390NTAPI 2391NtPrivilegedServiceAuditAlarm( 2392 IN PUNICODE_STRING SubsystemName, 2393 IN PUNICODE_STRING ServiceName, 2394 IN HANDLE ClientToken, 2395 IN PPRIVILEGE_SET Privileges, 2396 IN BOOLEAN AccessGranted); 2397 2398NTSYSCALLAPI 2399NTSTATUS 2400NTAPI 2401NtSetInformationThread( 2402 IN HANDLE ThreadHandle, 2403 IN THREADINFOCLASS ThreadInformationClass, 2404 IN PVOID ThreadInformation, 2405 IN ULONG ThreadInformationLength); 2406 2407NTSYSCALLAPI 2408NTSTATUS 2409NTAPI 2410NtCreateSection( 2411 OUT PHANDLE SectionHandle, 2412 IN ACCESS_MASK DesiredAccess, 2413 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, 2414 IN PLARGE_INTEGER MaximumSize OPTIONAL, 2415 IN ULONG SectionPageProtection, 2416 IN ULONG AllocationAttributes, 2417 IN HANDLE FileHandle OPTIONAL); 2418 2419#endif /* (NTDDI_VERSION >= NTDDI_WINXP) */ 2420 2421#define COMPRESSION_FORMAT_NONE (0x0000) 2422#define COMPRESSION_FORMAT_DEFAULT (0x0001) 2423#define COMPRESSION_FORMAT_LZNT1 (0x0002) 2424#define COMPRESSION_ENGINE_STANDARD (0x0000) 2425#define COMPRESSION_ENGINE_MAXIMUM (0x0100) 2426#define COMPRESSION_ENGINE_HIBER (0x0200) 2427 2428#define MAX_UNICODE_STACK_BUFFER_LENGTH 256 2429 2430#define METHOD_FROM_CTL_CODE(ctrlCode) ((ULONG)(ctrlCode & 3)) 2431 2432#define METHOD_DIRECT_TO_HARDWARE METHOD_IN_DIRECT 2433#define METHOD_DIRECT_FROM_HARDWARE METHOD_OUT_DIRECT 2434 2435typedef ULONG LSA_OPERATIONAL_MODE, *PLSA_OPERATIONAL_MODE; 2436 2437typedef enum _SECURITY_LOGON_TYPE { 2438 UndefinedLogonType = 0, 2439 Interactive = 2, 2440 Network, 2441 Batch, 2442 Service, 2443 Proxy, 2444 Unlock, 2445 NetworkCleartext, 2446 NewCredentials, 2447#if (_WIN32_WINNT >= 0x0501) 2448 RemoteInteractive, 2449 CachedInteractive, 2450#endif 2451#if (_WIN32_WINNT >= 0x0502) 2452 CachedRemoteInteractive, 2453 CachedUnlock 2454#endif 2455} SECURITY_LOGON_TYPE, *PSECURITY_LOGON_TYPE; 2456 2457#ifndef _NTLSA_AUDIT_ 2458#define _NTLSA_AUDIT_ 2459 2460#ifndef GUID_DEFINED 2461#include <guiddef.h> 2462#endif 2463 2464#endif /* _NTLSA_AUDIT_ */ 2465 2466NTSTATUS 2467NTAPI 2468LsaRegisterLogonProcess( 2469 IN PLSA_STRING LogonProcessName, 2470 OUT PHANDLE LsaHandle, 2471 OUT PLSA_OPERATIONAL_MODE SecurityMode); 2472 2473NTSTATUS 2474NTAPI 2475LsaLogonUser( 2476 IN HANDLE LsaHandle, 2477 IN PLSA_STRING OriginName, 2478 IN SECURITY_LOGON_TYPE LogonType, 2479 IN ULONG AuthenticationPackage, 2480 IN PVOID AuthenticationInformation, 2481 IN ULONG AuthenticationInformationLength, 2482 IN PTOKEN_GROUPS LocalGroups OPTIONAL, 2483 IN PTOKEN_SOURCE SourceContext, 2484 OUT PVOID *ProfileBuffer, 2485 OUT PULONG ProfileBufferLength, 2486 OUT PLUID LogonId, 2487 OUT PHANDLE Token, 2488 OUT PQUOTA_LIMITS Quotas, 2489 OUT PNTSTATUS SubStatus); 2490 2491NTSTATUS 2492NTAPI 2493LsaFreeReturnBuffer( 2494 IN PVOID Buffer); 2495 2496#ifndef _NTLSA_IFS_ 2497#define _NTLSA_IFS_ 2498#endif 2499 2500#define MSV1_0_PACKAGE_NAME "MICROSOFT_AUTHENTICATION_PACKAGE_V1_0" 2501#define MSV1_0_PACKAGE_NAMEW L"MICROSOFT_AUTHENTICATION_PACKAGE_V1_0" 2502#define MSV1_0_PACKAGE_NAMEW_LENGTH sizeof(MSV1_0_PACKAGE_NAMEW) - sizeof(WCHAR) 2503 2504#define MSV1_0_SUBAUTHENTICATION_KEY "SYSTEM\\CurrentControlSet\\Control\\Lsa\\MSV1_0" 2505#define MSV1_0_SUBAUTHENTICATION_VALUE "Auth" 2506 2507#define MSV1_0_CHALLENGE_LENGTH 8 2508#define MSV1_0_USER_SESSION_KEY_LENGTH 16 2509#define MSV1_0_LANMAN_SESSION_KEY_LENGTH 8 2510 2511#define MSV1_0_CLEARTEXT_PASSWORD_ALLOWED 0x02 2512#define MSV1_0_UPDATE_LOGON_STATISTICS 0x04 2513#define MSV1_0_RETURN_USER_PARAMETERS 0x08 2514#define MSV1_0_DONT_TRY_GUEST_ACCOUNT 0x10 2515#define MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT 0x20 2516#define MSV1_0_RETURN_PASSWORD_EXPIRY 0x40 2517#define MSV1_0_USE_CLIENT_CHALLENGE 0x80 2518#define MSV1_0_TRY_GUEST_ACCOUNT_ONLY 0x100 2519#define MSV1_0_RETURN_PROFILE_PATH 0x200 2520#define MSV1_0_TRY_SPECIFIED_DOMAIN_ONLY 0x400 2521#define MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT 0x800 2522 2523#define MSV1_0_DISABLE_PERSONAL_FALLBACK 0x00001000 2524#define MSV1_0_ALLOW_FORCE_GUEST 0x00002000 2525 2526#if (_WIN32_WINNT >= 0x0502) 2527#define MSV1_0_CLEARTEXT_PASSWORD_SUPPLIED 0x00004000 2528#define MSV1_0_USE_DOMAIN_FOR_ROUTING_ONLY 0x00008000 2529#endif 2530 2531#define MSV1_0_SUBAUTHENTICATION_DLL_EX 0x00100000 2532#define MSV1_0_ALLOW_MSVCHAPV2 0x00010000 2533 2534#if (_WIN32_WINNT >= 0x0600) 2535#define MSV1_0_S4U2SELF 0x00020000 2536#define MSV1_0_CHECK_LOGONHOURS_FOR_S4U 0x00040000 2537#endif 2538 2539#define MSV1_0_SUBAUTHENTICATION_DLL 0xFF000000 2540#define MSV1_0_SUBAUTHENTICATION_DLL_SHIFT 24 2541#define MSV1_0_MNS_LOGON 0x01000000 2542 2543#define MSV1_0_SUBAUTHENTICATION_DLL_RAS 2 2544#define MSV1_0_SUBAUTHENTICATION_DLL_IIS 132 2545 2546#define LOGON_GUEST 0x01 2547#define LOGON_NOENCRYPTION 0x02 2548#define LOGON_CACHED_ACCOUNT 0x04 2549#define LOGON_USED_LM_PASSWORD 0x08 2550#define LOGON_EXTRA_SIDS 0x20 2551#define LOGON_SUBAUTH_SESSION_KEY 0x40 2552#define LOGON_SERVER_TRUST_ACCOUNT 0x80 2553#define LOGON_NTLMV2_ENABLED 0x100 2554#define LOGON_RESOURCE_GROUPS 0x200 2555#define LOGON_PROFILE_PATH_RETURNED 0x400 2556#define LOGON_NT_V2 0x800 2557#define LOGON_LM_V2 0x1000 2558#define LOGON_NTLM_V2 0x2000 2559 2560#if (_WIN32_WINNT >= 0x0600) 2561 2562#define LOGON_OPTIMIZED 0x4000 2563#define LOGON_WINLOGON 0x8000 2564#define LOGON_PKINIT 0x10000 2565#define LOGON_NO_OPTIMIZED 0x20000 2566 2567#endif 2568 2569#define MSV1_0_SUBAUTHENTICATION_FLAGS 0xFF000000 2570 2571#define LOGON_GRACE_LOGON 0x01000000 2572 2573#define MSV1_0_OWF_PASSWORD_LENGTH 16 2574#define MSV1_0_CRED_LM_PRESENT 0x1 2575#define MSV1_0_CRED_NT_PRESENT 0x2 2576#define MSV1_0_CRED_VERSION 0 2577 2578#define MSV1_0_NTLM3_RESPONSE_LENGTH 16 2579#define MSV1_0_NTLM3_OWF_LENGTH 16 2580 2581#if (_WIN32_WINNT == 0x0500) 2582#define MSV1_0_MAX_NTLM3_LIFE 1800 2583#else 2584#define MSV1_0_MAX_NTLM3_LIFE 129600 2585#endif 2586#define MSV1_0_MAX_AVL_SIZE 64000 2587 2588#if (_WIN32_WINNT >= 0x0501) 2589 2590#define MSV1_0_AV_FLAG_FORCE_GUEST 0x00000001 2591 2592#if (_WIN32_WINNT >= 0x0600) 2593#define MSV1_0_AV_FLAG_MIC_HANDSHAKE_MESSAGES 0x00000002 2594#endif 2595 2596#endif 2597 2598#define MSV1_0_NTLM3_INPUT_LENGTH (sizeof(MSV1_0_NTLM3_RESPONSE) - MSV1_0_NTLM3_RESPONSE_LENGTH) 2599 2600#if(_WIN32_WINNT >= 0x0502) 2601#define MSV1_0_NTLM3_MIN_NT_RESPONSE_LENGTH RTL_SIZEOF_THROUGH_FIELD(MSV1_0_NTLM3_RESPONSE, AvPairsOff) 2602#endif 2603 2604#define USE_PRIMARY_PASSWORD 0x01 2605#define RETURN_PRIMARY_USERNAME 0x02 2606#define RETURN_PRIMARY_LOGON_DOMAINNAME 0x04 2607#define RETURN_NON_NT_USER_SESSION_KEY 0x08 2608#define GENERATE_CLIENT_CHALLENGE 0x10 2609#define GCR_NTLM3_PARMS 0x20 2610#define GCR_TARGET_INFO 0x40 2611#define RETURN_RESERVED_PARAMETER 0x80 2612#define GCR_ALLOW_NTLM 0x100 2613#define GCR_USE_OEM_SET 0x200 2614#define GCR_MACHINE_CREDENTIAL 0x400 2615#define GCR_USE_OWF_PASSWORD 0x800 2616#define GCR_ALLOW_LM 0x1000 2617#define GCR_ALLOW_NO_TARGET 0x2000 2618 2619typedef enum _MSV1_0_LOGON_SUBMIT_TYPE { 2620 MsV1_0InteractiveLogon = 2, 2621 MsV1_0Lm20Logon, 2622 MsV1_0NetworkLogon, 2623 MsV1_0SubAuthLogon, 2624 MsV1_0WorkstationUnlockLogon = 7, 2625 MsV1_0S4ULogon = 12, 2626 MsV1_0VirtualLogon = 82 2627} MSV1_0_LOGON_SUBMIT_TYPE, *PMSV1_0_LOGON_SUBMIT_TYPE; 2628 2629typedef enum _MSV1_0_PROFILE_BUFFER_TYPE { 2630 MsV1_0InteractiveProfile = 2, 2631 MsV1_0Lm20LogonProfile, 2632 MsV1_0SmartCardProfile 2633} MSV1_0_PROFILE_BUFFER_TYPE, *PMSV1_0_PROFILE_BUFFER_TYPE; 2634 2635typedef struct _MSV1_0_INTERACTIVE_LOGON { 2636 MSV1_0_LOGON_SUBMIT_TYPE MessageType; 2637 UNICODE_STRING LogonDomainName; 2638 UNICODE_STRING UserName; 2639 UNICODE_STRING Password; 2640} MSV1_0_INTERACTIVE_LOGON, *PMSV1_0_INTERACTIVE_LOGON; 2641 2642typedef struct _MSV1_0_INTERACTIVE_PROFILE { 2643 MSV1_0_PROFILE_BUFFER_TYPE MessageType; 2644 USHORT LogonCount; 2645 USHORT BadPasswordCount; 2646 LARGE_INTEGER LogonTime; 2647 LARGE_INTEGER LogoffTime; 2648 LARGE_INTEGER KickOffTime; 2649 LARGE_INTEGER PasswordLastSet; 2650 LARGE_INTEGER PasswordCanChange; 2651 LARGE_INTEGER PasswordMustChange; 2652 UNICODE_STRING LogonScript; 2653 UNICODE_STRING HomeDirectory; 2654 UNICODE_STRING FullName; 2655 UNICODE_STRING ProfilePath; 2656 UNICODE_STRING HomeDirectoryDrive; 2657 UNICODE_STRING LogonServer; 2658 ULONG UserFlags; 2659} MSV1_0_INTERACTIVE_PROFILE, *PMSV1_0_INTERACTIVE_PROFILE; 2660 2661typedef struct _MSV1_0_LM20_LOGON { 2662 MSV1_0_LOGON_SUBMIT_TYPE MessageType; 2663 UNICODE_STRING LogonDomainName; 2664 UNICODE_STRING UserName; 2665 UNICODE_STRING Workstation; 2666 UCHAR ChallengeToClient[MSV1_0_CHALLENGE_LENGTH]; 2667 STRING CaseSensitiveChallengeResponse; 2668 STRING CaseInsensitiveChallengeResponse; 2669 ULONG ParameterControl; 2670} MSV1_0_LM20_LOGON, * PMSV1_0_LM20_LOGON; 2671 2672typedef struct _MSV1_0_SUBAUTH_LOGON { 2673 MSV1_0_LOGON_SUBMIT_TYPE MessageType; 2674 UNICODE_STRING LogonDomainName; 2675 UNICODE_STRING UserName; 2676 UNICODE_STRING Workstation; 2677 UCHAR ChallengeToClient[MSV1_0_CHALLENGE_LENGTH]; 2678 STRING AuthenticationInfo1; 2679 STRING AuthenticationInfo2; 2680 ULONG ParameterControl; 2681 ULONG SubAuthPackageId; 2682} MSV1_0_SUBAUTH_LOGON, * PMSV1_0_SUBAUTH_LOGON; 2683 2684#if (_WIN32_WINNT >= 0x0600) 2685 2686#define MSV1_0_S4U_LOGON_FLAG_CHECK_LOGONHOURS 0x2 2687 2688typedef struct _MSV1_0_S4U_LOGON { 2689 MSV1_0_LOGON_SUBMIT_TYPE MessageType; 2690 ULONG Flags; 2691 UNICODE_STRING UserPrincipalName; 2692 UNICODE_STRING DomainName; 2693} MSV1_0_S4U_LOGON, *PMSV1_0_S4U_LOGON; 2694 2695#endif 2696 2697typedef struct _MSV1_0_LM20_LOGON_PROFILE { 2698 MSV1_0_PROFILE_BUFFER_TYPE MessageType; 2699 LARGE_INTEGER KickOffTime; 2700 LARGE_INTEGER LogoffTime; 2701 ULONG UserFlags; 2702 UCHAR UserSessionKey[MSV1_0_USER_SESSION_KEY_LENGTH]; 2703 UNICODE_STRING LogonDomainName; 2704 UCHAR LanmanSessionKey[MSV1_0_LANMAN_SESSION_KEY_LENGTH]; 2705 UNICODE_STRING LogonServer; 2706 UNICODE_STRING UserParameters; 2707} MSV1_0_LM20_LOGON_PROFILE, * PMSV1_0_LM20_LOGON_PROFILE; 2708 2709typedef struct _MSV1_0_SUPPLEMENTAL_CREDENTIAL { 2710 ULONG Version; 2711 ULONG Flags; 2712 UCHAR LmPassword[MSV1_0_OWF_PASSWORD_LENGTH]; 2713 UCHAR NtPassword[MSV1_0_OWF_PASSWORD_LENGTH]; 2714} MSV1_0_SUPPLEMENTAL_CREDENTIAL, *PMSV1_0_SUPPLEMENTAL_CREDENTIAL; 2715 2716typedef struct _MSV1_0_NTLM3_RESPONSE { 2717 UCHAR Response[MSV1_0_NTLM3_RESPONSE_LENGTH]; 2718 UCHAR RespType; 2719 UCHAR HiRespType; 2720 USHORT Flags; 2721 ULONG MsgWord; 2722 ULONGLONG TimeStamp; 2723 UCHAR ChallengeFromClient[MSV1_0_CHALLENGE_LENGTH]; 2724 ULONG AvPairsOff; 2725 UCHAR Buffer[1]; 2726} MSV1_0_NTLM3_RESPONSE, *PMSV1_0_NTLM3_RESPONSE; 2727 2728typedef enum _MSV1_0_AVID { 2729 MsvAvEOL, 2730 MsvAvNbComputerName, 2731 MsvAvNbDomainName, 2732 MsvAvDnsComputerName, 2733 MsvAvDnsDomainName, 2734#if (_WIN32_WINNT >= 0x0501) 2735 MsvAvDnsTreeName, 2736 MsvAvFlags, 2737#if (_WIN32_WINNT >= 0x0600) 2738 MsvAvTimestamp, 2739 MsvAvRestrictions, 2740 MsvAvTargetName, 2741 MsvAvChannelBindings, 2742#endif 2743#endif 2744} MSV1_0_AVID; 2745 2746typedef struct _MSV1_0_AV_PAIR { 2747 USHORT AvId; 2748 USHORT AvLen; 2749} MSV1_0_AV_PAIR, *PMSV1_0_AV_PAIR; 2750 2751typedef enum _MSV1_0_PROTOCOL_MESSAGE_TYPE { 2752 MsV1_0Lm20ChallengeRequest = 0, 2753 MsV1_0Lm20GetChallengeResponse, 2754 MsV1_0EnumerateUsers, 2755 MsV1_0GetUserInfo, 2756 MsV1_0ReLogonUsers, 2757 MsV1_0ChangePassword, 2758 MsV1_0ChangeCachedPassword, 2759 MsV1_0GenericPassthrough, 2760 MsV1_0CacheLogon, 2761 MsV1_0SubAuth, 2762 MsV1_0DeriveCredential, 2763 MsV1_0CacheLookup, 2764#if (_WIN32_WINNT >= 0x0501) 2765 MsV1_0SetProcessOption, 2766#endif 2767#if (_WIN32_WINNT >= 0x0600) 2768 MsV1_0ConfigLocalAliases, 2769 MsV1_0ClearCachedCredentials, 2770#endif 2771} MSV1_0_PROTOCOL_MESSAGE_TYPE, *PMSV1_0_PROTOCOL_MESSAGE_TYPE; 2772 2773typedef struct _MSV1_0_LM20_CHALLENGE_REQUEST { 2774 MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType; 2775} MSV1_0_LM20_CHALLENGE_REQUEST, *PMSV1_0_LM20_CHALLENGE_REQUEST; 2776 2777typedef struct _MSV1_0_LM20_CHALLENGE_RESPONSE { 2778 MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType; 2779 UCHAR ChallengeToClient[MSV1_0_CHALLENGE_LENGTH]; 2780} MSV1_0_LM20_CHALLENGE_RESPONSE, *PMSV1_0_LM20_CHALLENGE_RESPONSE; 2781 2782typedef struct _MSV1_0_GETCHALLENRESP_REQUEST_V1 { 2783 MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType; 2784 ULONG ParameterControl; 2785 LUID LogonId; 2786 UNICODE_STRING Password; 2787 UCHAR ChallengeToClient[MSV1_0_CHALLENGE_LENGTH]; 2788} MSV1_0_GETCHALLENRESP_REQUEST_V1, *PMSV1_0_GETCHALLENRESP_REQUEST_V1; 2789 2790typedef struct _MSV1_0_GETCHALLENRESP_REQUEST { 2791 MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType; 2792 ULONG ParameterControl; 2793 LUID LogonId; 2794 UNICODE_STRING Password; 2795 UCHAR ChallengeToClient[MSV1_0_CHALLENGE_LENGTH]; 2796 UNICODE_STRING UserName; 2797 UNICODE_STRING LogonDomainName; 2798 UNICODE_STRING ServerName; 2799} MSV1_0_GETCHALLENRESP_REQUEST, *PMSV1_0_GETCHALLENRESP_REQUEST; 2800 2801typedef struct _MSV1_0_GETCHALLENRESP_RESPONSE { 2802 MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType; 2803 STRING CaseSensitiveChallengeResponse; 2804 STRING CaseInsensitiveChallengeResponse; 2805 UNICODE_STRING UserName; 2806 UNICODE_STRING LogonDomainName; 2807 UCHAR UserSessionKey[MSV1_0_USER_SESSION_KEY_LENGTH]; 2808 UCHAR LanmanSessionKey[MSV1_0_LANMAN_SESSION_KEY_LENGTH]; 2809} MSV1_0_GETCHALLENRESP_RESPONSE, *PMSV1_0_GETCHALLENRESP_RESPONSE; 2810 2811typedef struct _MSV1_0_ENUMUSERS_REQUEST { 2812 MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType; 2813} MSV1_0_ENUMUSERS_REQUEST, *PMSV1_0_ENUMUSERS_REQUEST; 2814 2815typedef struct _MSV1_0_ENUMUSERS_RESPONSE { 2816 MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType; 2817 ULONG NumberOfLoggedOnUsers; 2818 PLUID LogonIds; 2819 PULONG EnumHandles; 2820} MSV1_0_ENUMUSERS_RESPONSE, *PMSV1_0_ENUMUSERS_RESPONSE; 2821 2822typedef struct _MSV1_0_GETUSERINFO_REQUEST { 2823 MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType; 2824 LUID LogonId; 2825} MSV1_0_GETUSERINFO_REQUEST, *PMSV1_0_GETUSERINFO_REQUEST; 2826 2827typedef struct _MSV1_0_GETUSERINFO_RESPONSE { 2828 MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType; 2829 PSID UserSid; 2830 UNICODE_STRING UserName; 2831 UNICODE_STRING LogonDomainName; 2832 UNICODE_STRING LogonServer; 2833 SECURITY_LOGON_TYPE LogonType; 2834} MSV1_0_GETUSERINFO_RESPONSE, *PMSV1_0_GETUSERINFO_RESPONSE; 2835 2836 2837 2838#define FILE_OPLOCK_BROKEN_TO_LEVEL_2 0x00000007 2839#define FILE_OPLOCK_BROKEN_TO_NONE 0x00000008 2840#define FILE_OPBATCH_BREAK_UNDERWAY 0x00000009 2841 2842/* also in winnt.h */ 2843#define FILE_NOTIFY_CHANGE_FILE_NAME 0x00000001 2844#define FILE_NOTIFY_CHANGE_DIR_NAME 0x00000002 2845#define FILE_NOTIFY_CHANGE_NAME 0x00000003 2846#define FILE_NOTIFY_CHANGE_ATTRIBUTES 0x00000004 2847#define FILE_NOTIFY_CHANGE_SIZE 0x00000008 2848#define FILE_NOTIFY_CHANGE_LAST_WRITE 0x00000010 2849#define FILE_NOTIFY_CHANGE_LAST_ACCESS 0x00000020 2850#define FILE_NOTIFY_CHANGE_CREATION 0x00000040 2851#define FILE_NOTIFY_CHANGE_EA 0x00000080 2852#define FILE_NOTIFY_CHANGE_SECURITY 0x00000100 2853#define FILE_NOTIFY_CHANGE_STREAM_NAME 0x00000200 2854#define FILE_NOTIFY_CHANGE_STREAM_SIZE 0x00000400 2855#define FILE_NOTIFY_CHANGE_STREAM_WRITE 0x00000800 2856#define FILE_NOTIFY_VALID_MASK 0x00000fff 2857 2858#define FILE_ACTION_ADDED 0x00000001 2859#define FILE_ACTION_REMOVED 0x00000002 2860#define FILE_ACTION_MODIFIED 0x00000003 2861#define FILE_ACTION_RENAMED_OLD_NAME 0x00000004 2862#define FILE_ACTION_RENAMED_NEW_NAME 0x00000005 2863#define FILE_ACTION_ADDED_STREAM 0x00000006 2864#define FILE_ACTION_REMOVED_STREAM 0x00000007 2865#define FILE_ACTION_MODIFIED_STREAM 0x00000008 2866#define FILE_ACTION_REMOVED_BY_DELETE 0x00000009 2867#define FILE_ACTION_ID_NOT_TUNNELLED 0x0000000A 2868#define FILE_ACTION_TUNNELLED_ID_COLLISION 0x0000000B 2869/* end winnt.h */ 2870 2871#define FILE_PIPE_BYTE_STREAM_TYPE 0x00000000 2872#define FILE_PIPE_MESSAGE_TYPE 0x00000001 2873 2874#define FILE_PIPE_ACCEPT_REMOTE_CLIENTS 0x00000000 2875#define FILE_PIPE_REJECT_REMOTE_CLIENTS 0x00000002 2876 2877#define FILE_PIPE_TYPE_VALID_MASK 0x00000003 2878 2879#define FILE_PIPE_BYTE_STREAM_MODE 0x00000000 2880#define FILE_PIPE_MESSAGE_MODE 0x00000001 2881 2882#define FILE_PIPE_QUEUE_OPERATION 0x00000000 2883#define FILE_PIPE_COMPLETE_OPERATION 0x00000001 2884 2885#define FILE_PIPE_INBOUND 0x00000000 2886#define FILE_PIPE_OUTBOUND 0x00000001 2887#define FILE_PIPE_FULL_DUPLEX 0x00000002 2888 2889#define FILE_PIPE_DISCONNECTED_STATE 0x00000001 2890#define FILE_PIPE_LISTENING_STATE 0x00000002 2891#define FILE_PIPE_CONNECTED_STATE 0x00000003 2892#define FILE_PIPE_CLOSING_STATE 0x00000004 2893 2894#define FILE_PIPE_CLIENT_END 0x00000000 2895#define FILE_PIPE_SERVER_END 0x00000001 2896 2897#define FILE_CASE_SENSITIVE_SEARCH 0x00000001 2898#define FILE_CASE_PRESERVED_NAMES 0x00000002 2899#define FILE_UNICODE_ON_DISK 0x00000004 2900#define FILE_PERSISTENT_ACLS 0x00000008 2901#define FILE_FILE_COMPRESSION 0x00000010 2902#define FILE_VOLUME_QUOTAS 0x00000020 2903#define FILE_SUPPORTS_SPARSE_FILES 0x00000040 2904#define FILE_SUPPORTS_REPARSE_POINTS 0x00000080 2905#define FILE_SUPPORTS_REMOTE_STORAGE 0x00000100 2906#define FILE_VOLUME_IS_COMPRESSED 0x00008000 2907#define FILE_SUPPORTS_OBJECT_IDS 0x00010000 2908#define FILE_SUPPORTS_ENCRYPTION 0x00020000 2909#define FILE_NAMED_STREAMS 0x00040000 2910#define FILE_READ_ONLY_VOLUME 0x00080000 2911#define FILE_SEQUENTIAL_WRITE_ONCE 0x00100000 2912#define FILE_SUPPORTS_TRANSACTIONS 0x00200000 2913#define FILE_SUPPORTS_HARD_LINKS 0x00400000 2914#define FILE_SUPPORTS_EXTENDED_ATTRIBUTES 0x00800000 2915#define FILE_SUPPORTS_OPEN_BY_FILE_ID 0x01000000 2916#define FILE_SUPPORTS_USN_JOURNAL 0x02000000 2917 2918#define FILE_NEED_EA 0x00000080 2919 2920#define FILE_EA_TYPE_BINARY 0xfffe 2921#define FILE_EA_TYPE_ASCII 0xfffd 2922#define FILE_EA_TYPE_BITMAP 0xfffb 2923#define FILE_EA_TYPE_METAFILE 0xfffa 2924#define FILE_EA_TYPE_ICON 0xfff9 2925#define FILE_EA_TYPE_EA 0xffee 2926#define FILE_EA_TYPE_MVMT 0xffdf 2927#define FILE_EA_TYPE_MVST 0xffde 2928#define FILE_EA_TYPE_ASN1 0xffdd 2929#define FILE_EA_TYPE_FAMILY_IDS 0xff01 2930 2931typedef struct _FILE_NOTIFY_INFORMATION { 2932 ULONG NextEntryOffset; 2933 ULONG Action; 2934 ULONG FileNameLength; 2935 WCHAR FileName[1]; 2936} FILE_NOTIFY_INFORMATION, *PFILE_NOTIFY_INFORMATION; 2937 2938typedef struct _FILE_DIRECTORY_INFORMATION { 2939 ULONG NextEntryOffset; 2940 ULONG FileIndex; 2941 LARGE_INTEGER CreationTime; 2942 LARGE_INTEGER LastAccessTime; 2943 LARGE_INTEGER LastWriteTime; 2944 LARGE_INTEGER ChangeTime; 2945 LARGE_INTEGER EndOfFile; 2946 LARGE_INTEGER AllocationSize; 2947 ULONG FileAttributes; 2948 ULONG FileNameLength; 2949 WCHAR FileName[1]; 2950} FILE_DIRECTORY_INFORMATION, *PFILE_DIRECTORY_INFORMATION; 2951 2952typedef struct _FILE_FULL_DIR_INFORMATION { 2953 ULONG NextEntryOffset; 2954 ULONG FileIndex; 2955 LARGE_INTEGER CreationTime; 2956 LARGE_INTEGER LastAccessTime; 2957 LARGE_INTEGER LastWriteTime; 2958 LARGE_INTEGER ChangeTime; 2959 LARGE_INTEGER EndOfFile; 2960 LARGE_INTEGER AllocationSize; 2961 ULONG FileAttributes; 2962 ULONG FileNameLength; 2963 ULONG EaSize; 2964 WCHAR FileName[1]; 2965} FILE_FULL_DIR_INFORMATION, *PFILE_FULL_DIR_INFORMATION; 2966 2967typedef struct _FILE_ID_FULL_DIR_INFORMATION { 2968 ULONG NextEntryOffset; 2969 ULONG FileIndex; 2970 LARGE_INTEGER CreationTime; 2971 LARGE_INTEGER LastAccessTime; 2972 LARGE_INTEGER LastWriteTime; 2973 LARGE_INTEGER ChangeTime; 2974 LARGE_INTEGER EndOfFile; 2975 LARGE_INTEGER AllocationSize; 2976 ULONG FileAttributes; 2977 ULONG FileNameLength; 2978 ULONG EaSize; 2979 LARGE_INTEGER FileId; 2980 WCHAR FileName[1]; 2981} FILE_ID_FULL_DIR_INFORMATION, *PFILE_ID_FULL_DIR_INFORMATION; 2982 2983typedef struct _FILE_BOTH_DIR_INFORMATION { 2984 ULONG NextEntryOffset; 2985 ULONG FileIndex; 2986 LARGE_INTEGER CreationTime; 2987 LARGE_INTEGER LastAccessTime; 2988 LARGE_INTEGER LastWriteTime; 2989 LARGE_INTEGER ChangeTime; 2990 LARGE_INTEGER EndOfFile; 2991 LARGE_INTEGER AllocationSize; 2992 ULONG FileAttributes; 2993 ULONG FileNameLength; 2994 ULONG EaSize; 2995 CCHAR ShortNameLength; 2996 WCHAR ShortName[12]; 2997 WCHAR FileName[1]; 2998} FILE_BOTH_DIR_INFORMATION, *PFILE_BOTH_DIR_INFORMATION; 2999 3000typedef struct _FILE_ID_BOTH_DIR_INFORMATION { 3001 ULONG NextEntryOffset; 3002 ULONG FileIndex; 3003 LARGE_INTEGER CreationTime; 3004 LARGE_INTEGER LastAccessTime; 3005 LARGE_INTEGER LastWriteTime; 3006 LARGE_INTEGER ChangeTime; 3007 LARGE_INTEGER EndOfFile; 3008 LARGE_INTEGER AllocationSize; 3009 ULONG FileAttributes; 3010 ULONG FileNameLength; 3011 ULONG EaSize; 3012 CCHAR ShortNameLength; 3013 WCHAR ShortName[12]; 3014 LARGE_INTEGER FileId; 3015 WCHAR FileName[1]; 3016} FILE_ID_BOTH_DIR_INFORMATION, *PFILE_ID_BOTH_DIR_INFORMATION; 3017 3018typedef struct _FILE_NAMES_INFORMATION { 3019 ULONG NextEntryOffset; 3020 ULONG FileIndex; 3021 ULONG FileNameLength; 3022 WCHAR FileName[1]; 3023} FILE_NAMES_INFORMATION, *PFILE_NAMES_INFORMATION; 3024 3025typedef struct _FILE_ID_GLOBAL_TX_DIR_INFORMATION { 3026 ULONG NextEntryOffset; 3027 ULONG FileIndex; 3028 LARGE_INTEGER CreationTime; 3029 LARGE_INTEGER LastAccessTime; 3030 LARGE_INTEGER LastWriteTime; 3031 LARGE_INTEGER ChangeTime; 3032 LARGE_INTEGER EndOfFile; 3033 LARGE_INTEGER AllocationSize; 3034 ULONG FileAttributes; 3035 ULONG FileNameLength; 3036 LARGE_INTEGER FileId; 3037 GUID LockingTransactionId; 3038 ULONG TxInfoFlags; 3039 WCHAR FileName[1]; 3040} FILE_ID_GLOBAL_TX_DIR_INFORMATION, *PFILE_ID_GLOBAL_TX_DIR_INFORMATION; 3041 3042#define FILE_ID_GLOBAL_TX_DIR_INFO_FLAG_WRITELOCKED 0x00000001 3043#define FILE_ID_GLOBAL_TX_DIR_INFO_FLAG_VISIBLE_TO_TX 0x00000002 3044#define FILE_ID_GLOBAL_TX_DIR_INFO_FLAG_VISIBLE_OUTSIDE_TX 0x00000004 3045 3046typedef struct _FILE_OBJECTID_INFORMATION { 3047 LONGLONG FileReference; 3048 UCHAR ObjectId[16]; 3049 _ANONYMOUS_UNION union { 3050 _ANONYMOUS_STRUCT struct { 3051 UCHAR BirthVolumeId[16]; 3052 UCHAR BirthObjectId[16]; 3053 UCHAR DomainId[16]; 3054 } DUMMYSTRUCTNAME; 3055 UCHAR ExtendedInfo[48]; 3056 } DUMMYUNIONNAME; 3057} FILE_OBJECTID_INFORMATION, *PFILE_OBJECTID_INFORMATION; 3058 3059#define ANSI_DOS_STAR ('<') 3060#define ANSI_DOS_QM ('>') 3061#define ANSI_DOS_DOT ('"') 3062 3063#define DOS_STAR (L'<') 3064#define DOS_QM (L'>') 3065#define DOS_DOT (L'"') 3066 3067typedef struct _FILE_INTERNAL_INFORMATION { 3068 LARGE_INTEGER IndexNumber; 3069} FILE_INTERNAL_INFORMATION, *PFILE_INTERNAL_INFORMATION; 3070 3071typedef struct _FILE_EA_INFORMATION { 3072 ULONG EaSize; 3073} FILE_EA_INFORMATION, *PFILE_EA_INFORMATION; 3074 3075typedef struct _FILE_ACCESS_INFORMATION { 3076 ACCESS_MASK AccessFlags; 3077} FILE_ACCESS_INFORMATION, *PFILE_ACCESS_INFORMATION; 3078 3079typedef struct _FILE_MODE_INFORMATION { 3080 ULONG Mode; 3081} FILE_MODE_INFORMATION, *PFILE_MODE_INFORMATION; 3082 3083typedef struct _FILE_ALL_INFORMATION { 3084 FILE_BASIC_INFORMATION BasicInformation; 3085 FILE_STANDARD_INFORMATION StandardInformation; 3086 FILE_INTERNAL_INFORMATION InternalInformation; 3087 FILE_EA_INFORMATION EaInformation; 3088 FILE_ACCESS_INFORMATION AccessInformation; 3089 FILE_POSITION_INFORMATION PositionInformation; 3090 FILE_MODE_INFORMATION ModeInformation; 3091 FILE_ALIGNMENT_INFORMATION AlignmentInformation; 3092 FILE_NAME_INFORMATION NameInformation; 3093} FILE_ALL_INFORMATION, *PFILE_ALL_INFORMATION; 3094 3095typedef struct _FILE_ALLOCATION_INFORMATION { 3096 LARGE_INTEGER AllocationSize; 3097} FILE_ALLOCATION_INFORMATION, *PFILE_ALLOCATION_INFORMATION; 3098 3099typedef struct _FILE_COMPRESSION_INFORMATION { 3100 LARGE_INTEGER CompressedFileSize; 3101 USHORT CompressionFormat; 3102 UCHAR CompressionUnitShift; 3103 UCHAR ChunkShift; 3104 UCHAR ClusterShift; 3105 UCHAR Reserved[3]; 3106} FILE_COMPRESSION_INFORMATION, *PFILE_COMPRESSION_INFORMATION; 3107 3108typedef struct _FILE_LINK_INFORMATION { 3109 BOOLEAN ReplaceIfExists; 3110 HANDLE RootDirectory; 3111 ULONG FileNameLength; 3112 WCHAR FileName[1]; 3113} FILE_LINK_INFORMATION, *PFILE_LINK_INFORMATION; 3114 3115typedef struct _FILE_MOVE_CLUSTER_INFORMATION { 3116 ULONG ClusterCount; 3117 HANDLE RootDirectory; 3118 ULONG FileNameLength; 3119 WCHAR FileName[1]; 3120} FILE_MOVE_CLUSTER_INFORMATION, *PFILE_MOVE_CLUSTER_INFORMATION; 3121 3122typedef struct _FILE_RENAME_INFORMATION { 3123 BOOLEAN ReplaceIfExists; 3124 HANDLE RootDirectory; 3125 ULONG FileNameLength; 3126 WCHAR FileName[1]; 3127} FILE_RENAME_INFORMATION, *PFILE_RENAME_INFORMATION; 3128 3129typedef struct _FILE_STREAM_INFORMATION { 3130 ULONG NextEntryOffset; 3131 ULONG StreamNameLength; 3132 LARGE_INTEGER StreamSize; 3133 LARGE_INTEGER StreamAllocationSize; 3134 WCHAR StreamName[1]; 3135} FILE_STREAM_INFORMATION, *PFILE_STREAM_INFORMATION; 3136 3137typedef struct _FILE_TRACKING_INFORMATION { 3138 HANDLE DestinationFile; 3139 ULONG ObjectInformationLength; 3140 CHAR ObjectInformation[1]; 3141} FILE_TRACKING_INFORMATION, *PFILE_TRACKING_INFORMATION; 3142 3143typedef struct _FILE_COMPLETION_INFORMATION { 3144 HANDLE Port; 3145 PVOID Key; 3146} FILE_COMPLETION_INFORMATION, *PFILE_COMPLETION_INFORMATION; 3147 3148typedef struct _FILE_PIPE_INFORMATION { 3149 ULONG ReadMode; 3150 ULONG CompletionMode; 3151} FILE_PIPE_INFORMATION, *PFILE_PIPE_INFORMATION; 3152 3153typedef struct _FILE_PIPE_LOCAL_INFORMATION { 3154 ULONG NamedPipeType; 3155 ULONG NamedPipeConfiguration; 3156 ULONG MaximumInstances; 3157 ULONG CurrentInstances; 3158 ULONG InboundQuota; 3159 ULONG ReadDataAvailable; 3160 ULONG OutboundQuota; 3161 ULONG WriteQuotaAvailable; 3162 ULONG NamedPipeState; 3163 ULONG NamedPipeEnd; 3164} FILE_PIPE_LOCAL_INFORMATION, *PFILE_PIPE_LOCAL_INFORMATION; 3165 3166typedef struct _FILE_PIPE_REMOTE_INFORMATION { 3167 LARGE_INTEGER CollectDataTime; 3168 ULONG MaximumCollectionCount; 3169} FILE_PIPE_REMOTE_INFORMATION, *PFILE_PIPE_REMOTE_INFORMATION; 3170 3171typedef struct _FILE_MAILSLOT_QUERY_INFORMATION { 3172 ULONG MaximumMessageSize; 3173 ULONG MailslotQuota; 3174 ULONG NextMessageSize; 3175 ULONG MessagesAvailable; 3176 LARGE_INTEGER ReadTimeout; 3177} FILE_MAILSLOT_QUERY_INFORMATION, *PFILE_MAILSLOT_QUERY_INFORMATION; 3178 3179typedef struct _FILE_MAILSLOT_SET_INFORMATION { 3180 PLARGE_INTEGER ReadTimeout; 3181} FILE_MAILSLOT_SET_INFORMATION, *PFILE_MAILSLOT_SET_INFORMATION; 3182 3183typedef struct _FILE_REPARSE_POINT_INFORMATION { 3184 LONGLONG FileReference; 3185 ULONG Tag; 3186} FILE_REPARSE_POINT_INFORMATION, *PFILE_REPARSE_POINT_INFORMATION; 3187 3188typedef struct _FILE_LINK_ENTRY_INFORMATION { 3189 ULONG NextEntryOffset; 3190 LONGLONG ParentFileId; 3191 ULONG FileNameLength; 3192 WCHAR FileName[1]; 3193} FILE_LINK_ENTRY_INFORMATION, *PFILE_LINK_ENTRY_INFORMATION; 3194 3195typedef struct _FILE_LINKS_INFORMATION { 3196 ULONG BytesNeeded; 3197 ULONG EntriesReturned; 3198 FILE_LINK_ENTRY_INFORMATION Entry; 3199} FILE_LINKS_INFORMATION, *PFILE_LINKS_INFORMATION; 3200 3201typedef struct _FILE_NETWORK_PHYSICAL_NAME_INFORMATION { 3202 ULONG FileNameLength; 3203 WCHAR FileName[1]; 3204} FILE_NETWORK_PHYSICAL_NAME_INFORMATION, *PFILE_NETWORK_PHYSICAL_NAME_INFORMATION; 3205 3206typedef struct _FILE_STANDARD_LINK_INFORMATION { 3207 ULONG NumberOfAccessibleLinks; 3208 ULONG TotalNumberOfLinks; 3209 BOOLEAN DeletePending; 3210 BOOLEAN Directory; 3211} FILE_STANDARD_LINK_INFORMATION, *PFILE_STANDARD_LINK_INFORMATION; 3212 3213typedef struct _FILE_GET_EA_INFORMATION { 3214 ULONG NextEntryOffset; 3215 UCHAR EaNameLength; 3216 CHAR EaName[1]; 3217} FILE_GET_EA_INFORMATION, *PFILE_GET_EA_INFORMATION; 3218 3219#define REMOTE_PROTOCOL_FLAG_LOOPBACK 0x00000001 3220#define REMOTE_PROTOCOL_FLAG_OFFLINE 0x00000002 3221 3222typedef struct _FILE_REMOTE_PROTOCOL_INFORMATION { 3223 USHORT StructureVersion; 3224 USHORT StructureSize; 3225 ULONG Protocol; 3226 USHORT ProtocolMajorVersion; 3227 USHORT ProtocolMinorVersion; 3228 USHORT ProtocolRevision; 3229 USHORT Reserved; 3230 ULONG Flags; 3231 struct { 3232 ULONG Reserved[8]; 3233 } GenericReserved; 3234 struct { 3235 ULONG Reserved[16]; 3236 } ProtocolSpecificReserved; 3237} FILE_REMOTE_PROTOCOL_INFORMATION, *PFILE_REMOTE_PROTOCOL_INFORMATION; 3238 3239typedef struct _FILE_GET_QUOTA_INFORMATION { 3240 ULONG NextEntryOffset; 3241 ULONG SidLength; 3242 SID Sid; 3243} FILE_GET_QUOTA_INFORMATION, *PFILE_GET_QUOTA_INFORMATION; 3244 3245typedef struct _FILE_QUOTA_INFORMATION { 3246 ULONG NextEntryOffset; 3247 ULONG SidLength; 3248 LARGE_INTEGER ChangeTime; 3249 LARGE_INTEGER QuotaUsed; 3250 LARGE_INTEGER QuotaThreshold; 3251 LARGE_INTEGER QuotaLimit; 3252 SID Sid; 3253} FILE_QUOTA_INFORMATION, *PFILE_QUOTA_INFORMATION; 3254 3255typedef struct _FILE_FS_ATTRIBUTE_INFORMATION { 3256 ULONG FileSystemAttributes; 3257 ULONG MaximumComponentNameLength; 3258 ULONG FileSystemNameLength; 3259 WCHAR FileSystemName[1]; 3260} FILE_FS_ATTRIBUTE_INFORMATION, *PFILE_FS_ATTRIBUTE_INFORMATION; 3261 3262typedef struct _FILE_FS_DRIVER_PATH_INFORMATION { 3263 BOOLEAN DriverInPath; 3264 ULONG DriverNameLength; 3265 WCHAR DriverName[1]; 3266} FILE_FS_DRIVER_PATH_INFORMATION, *PFILE_FS_DRIVER_PATH_INFORMATION; 3267 3268typedef struct _FILE_FS_VOLUME_FLAGS_INFORMATION { 3269 ULONG Flags; 3270} FILE_FS_VOLUME_FLAGS_INFORMATION, *PFILE_FS_VOLUME_FLAGS_INFORMATION; 3271 3272#define FILE_VC_QUOTA_NONE 0x00000000 3273#define FILE_VC_QUOTA_TRACK 0x00000001 3274#define FILE_VC_QUOTA_ENFORCE 0x00000002 3275#define FILE_VC_QUOTA_MASK 0x00000003 3276#define FILE_VC_CONTENT_INDEX_DISABLED 0x00000008 3277#define FILE_VC_LOG_QUOTA_THRESHOLD 0x00000010 3278#define FILE_VC_LOG_QUOTA_LIMIT 0x00000020 3279#define FILE_VC_LOG_VOLUME_THRESHOLD 0x00000040 3280#define FILE_VC_LOG_VOLUME_LIMIT 0x00000080 3281#define FILE_VC_QUOTAS_INCOMPLETE 0x00000100 3282#define FILE_VC_QUOTAS_REBUILDING 0x00000200 3283#define FILE_VC_VALID_MASK 0x000003ff 3284 3285typedef struct _FILE_FS_CONTROL_INFORMATION { 3286 LARGE_INTEGER FreeSpaceStartFiltering; 3287 LARGE_INTEGER FreeSpaceThreshold; 3288 LARGE_INTEGER FreeSpaceStopFiltering; 3289 LARGE_INTEGER DefaultQuotaThreshold; 3290 LARGE_INTEGER DefaultQuotaLimit; 3291 ULONG FileSystemControlFlags; 3292} FILE_FS_CONTROL_INFORMATION, *PFILE_FS_CONTROL_INFORMATION; 3293 3294#ifndef _FILESYSTEMFSCTL_ 3295#define _FILESYSTEMFSCTL_ 3296 3297#define FSCTL_REQUEST_OPLOCK_LEVEL_1 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 0, METHOD_BUFFERED, FILE_ANY_ACCESS) 3298#define FSCTL_REQUEST_OPLOCK_LEVEL_2 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 1, METHOD_BUFFERED, FILE_ANY_ACCESS) 3299#define FSCTL_REQUEST_BATCH_OPLOCK CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 2, METHOD_BUFFERED, FILE_ANY_ACCESS) 3300#define FSCTL_OPLOCK_BREAK_ACKNOWLEDGE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 3, METHOD_BUFFERED, FILE_ANY_ACCESS) 3301#define FSCTL_OPBATCH_ACK_CLOSE_PENDING CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 4, METHOD_BUFFERED, FILE_ANY_ACCESS) 3302#define FSCTL_OPLOCK_BREAK_NOTIFY CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 5, METHOD_BUFFERED, FILE_ANY_ACCESS) 3303#define FSCTL_LOCK_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 6, METHOD_BUFFERED, FILE_ANY_ACCESS) 3304#define FSCTL_UNLOCK_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 7, METHOD_BUFFERED, FILE_ANY_ACCESS) 3305#define FSCTL_DISMOUNT_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 8, METHOD_BUFFERED, FILE_ANY_ACCESS) 3306#define FSCTL_IS_VOLUME_MOUNTED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 10, METHOD_BUFFERED, FILE_ANY_ACCESS) 3307#define FSCTL_IS_PATHNAME_VALID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 11, METHOD_BUFFERED, FILE_ANY_ACCESS) 3308#define FSCTL_MARK_VOLUME_DIRTY CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 12, METHOD_BUFFERED, FILE_ANY_ACCESS) 3309#define FSCTL_QUERY_RETRIEVAL_POINTERS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 14, METHOD_NEITHER, FILE_ANY_ACCESS) 3310#define FSCTL_GET_COMPRESSION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 15, METHOD_BUFFERED, FILE_ANY_ACCESS) 3311#define FSCTL_SET_COMPRESSION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 16, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA) 3312#define FSCTL_SET_BOOTLOADER_ACCESSED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 19, METHOD_NEITHER, FILE_ANY_ACCESS) 3313 3314#define FSCTL_OPLOCK_BREAK_ACK_NO_2 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 20, METHOD_BUFFERED, FILE_ANY_ACCESS) 3315#define FSCTL_INVALIDATE_VOLUMES CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 21, METHOD_BUFFERED, FILE_ANY_ACCESS) 3316#define FSCTL_QUERY_FAT_BPB CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 22, METHOD_BUFFERED, FILE_ANY_ACCESS) 3317#define FSCTL_REQUEST_FILTER_OPLOCK CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 23, METHOD_BUFFERED, FILE_ANY_ACCESS) 3318#define FSCTL_FILESYSTEM_GET_STATISTICS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 24, METHOD_BUFFERED, FILE_ANY_ACCESS) 3319 3320#if (_WIN32_WINNT >= 0x0400) 3321 3322#define FSCTL_GET_NTFS_VOLUME_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 25, METHOD_BUFFERED, FILE_ANY_ACCESS) 3323#define FSCTL_GET_NTFS_FILE_RECORD CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 26, METHOD_BUFFERED, FILE_ANY_ACCESS) 3324#define FSCTL_GET_VOLUME_BITMAP CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 27, METHOD_NEITHER, FILE_ANY_ACCESS) 3325#define FSCTL_GET_RETRIEVAL_POINTERS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 28, METHOD_NEITHER, FILE_ANY_ACCESS) 3326#define FSCTL_MOVE_FILE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 29, METHOD_BUFFERED, FILE_SPECIAL_ACCESS) 3327#define FSCTL_IS_VOLUME_DIRTY CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 30, METHOD_BUFFERED, FILE_ANY_ACCESS) 3328#define FSCTL_ALLOW_EXTENDED_DASD_IO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 32, METHOD_NEITHER, FILE_ANY_ACCESS) 3329 3330#endif 3331 3332#if (_WIN32_WINNT >= 0x0500) 3333 3334#define FSCTL_FIND_FILES_BY_SID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 35, METHOD_NEITHER, FILE_ANY_ACCESS) 3335#define FSCTL_SET_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 38, METHOD_BUFFERED, FILE_SPECIAL_ACCESS) 3336#define FSCTL_GET_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 39, METHOD_BUFFERED, FILE_ANY_ACCESS) 3337#define FSCTL_DELETE_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 40, METHOD_BUFFERED, FILE_SPECIAL_ACCESS) 3338#define FSCTL_SET_REPARSE_POINT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 41, METHOD_BUFFERED, FILE_SPECIAL_ACCESS) 3339#define FSCTL_GET_REPARSE_POINT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 42, METHOD_BUFFERED, FILE_ANY_ACCESS) 3340#define FSCTL_DELETE_REPARSE_POINT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 43, METHOD_BUFFERED, FILE_SPECIAL_ACCESS) 3341#define FSCTL_ENUM_USN_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 44, METHOD_NEITHER, FILE_ANY_ACCESS) 3342#define FSCTL_SECURITY_ID_CHECK CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 45, METHOD_NEITHER, FILE_READ_DATA) 3343#define FSCTL_READ_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 46, METHOD_NEITHER, FILE_ANY_ACCESS) 3344#define FSCTL_SET_OBJECT_ID_EXTENDED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 47, METHOD_BUFFERED, FILE_SPECIAL_ACCESS) 3345#define FSCTL_CREATE_OR_GET_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 48, METHOD_BUFFERED, FILE_ANY_ACCESS) 3346#define FSCTL_SET_SPARSE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 49, METHOD_BUFFERED, FILE_SPECIAL_ACCESS) 3347#define FSCTL_SET_ZERO_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 50, METHOD_BUFFERED, FILE_WRITE_DATA) 3348#define FSCTL_QUERY_ALLOCATED_RANGES CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 51, METHOD_NEITHER, FILE_READ_DATA) 3349#define FSCTL_ENABLE_UPGRADE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 52, METHOD_BUFFERED, FILE_WRITE_DATA) 3350#define FSCTL_SET_ENCRYPTION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 53, METHOD_NEITHER, FILE_ANY_ACCESS) 3351#define FSCTL_ENCRYPTION_FSCTL_IO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 54, METHOD_NEITHER, FILE_ANY_ACCESS) 3352#define FSCTL_WRITE_RAW_ENCRYPTED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 55, METHOD_NEITHER, FILE_SPECIAL_ACCESS) 3353#define FSCTL_READ_RAW_ENCRYPTED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 56, METHOD_NEITHER, FILE_SPECIAL_ACCESS) 3354#define FSCTL_CREATE_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 57, METHOD_NEITHER, FILE_ANY_ACCESS) 3355#define FSCTL_READ_FILE_USN_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 58, METHOD_NEITHER, FILE_ANY_ACCESS) 3356#define FSCTL_WRITE_USN_CLOSE_RECORD CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 59, METHOD_NEITHER, FILE_ANY_ACCESS) 3357#define FSCTL_EXTEND_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 60, METHOD_BUFFERED, FILE_ANY_ACCESS) 3358#define FSCTL_QUERY_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 61, METHOD_BUFFERED, FILE_ANY_ACCESS) 3359#define FSCTL_DELETE_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 62, METHOD_BUFFERED, FILE_ANY_ACCESS) 3360#define FSCTL_MARK_HANDLE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 63, METHOD_BUFFERED, FILE_ANY_ACCESS) 3361#define FSCTL_SIS_COPYFILE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 64, METHOD_BUFFERED, FILE_ANY_ACCESS) 3362#define FSCTL_SIS_LINK_FILES CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 65, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA) 3363#define FSCTL_RECALL_FILE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 69, METHOD_NEITHER, FILE_ANY_ACCESS) 3364#define FSCTL_READ_FROM_PLEX CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 71, METHOD_OUT_DIRECT, FILE_READ_DATA) 3365#define FSCTL_FILE_PREFETCH CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 72, METHOD_BUFFERED, FILE_SPECIAL_ACCESS) 3366 3367#endif 3368 3369#if (_WIN32_WINNT >= 0x0600) 3370 3371#define FSCTL_MAKE_MEDIA_COMPATIBLE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 76, METHOD_BUFFERED, FILE_WRITE_DATA) 3372#define FSCTL_SET_DEFECT_MANAGEMENT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 77, METHOD_BUFFERED, FILE_WRITE_DATA) 3373#define FSCTL_QUERY_SPARING_INFO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 78, METHOD_BUFFERED, FILE_ANY_ACCESS) 3374#define FSCTL_QUERY_ON_DISK_VOLUME_INFO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 79, METHOD_BUFFERED, FILE_ANY_ACCESS) 3375#define FSCTL_SET_VOLUME_COMPRESSION_STATE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 80, METHOD_BUFFERED, FILE_SPECIAL_ACCESS) 3376#define FSCTL_TXFS_MODIFY_RM CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 81, METHOD_BUFFERED, FILE_WRITE_DATA) 3377#define FSCTL_TXFS_QUERY_RM_INFORMATION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 82, METHOD_BUFFERED, FILE_READ_DATA) 3378#define FSCTL_TXFS_ROLLFORWARD_REDO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 84, METHOD_BUFFERED, FILE_WRITE_DATA) 3379#define FSCTL_TXFS_ROLLFORWARD_UNDO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 85, METHOD_BUFFERED, FILE_WRITE_DATA) 3380#define FSCTL_TXFS_START_RM CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 86, METHOD_BUFFERED, FILE_WRITE_DATA) 3381#define FSCTL_TXFS_SHUTDOWN_RM CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 87, METHOD_BUFFERED, FILE_WRITE_DATA) 3382#define FSCTL_TXFS_READ_BACKUP_INFORMATION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 88, METHOD_BUFFERED, FILE_READ_DATA) 3383#define FSCTL_TXFS_WRITE_BACKUP_INFORMATION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 89, METHOD_BUFFERED, FILE_WRITE_DATA) 3384#define FSCTL_TXFS_CREATE_SECONDARY_RM CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 90, METHOD_BUFFERED, FILE_WRITE_DATA) 3385#define FSCTL_TXFS_GET_METADATA_INFO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 91, METHOD_BUFFERED, FILE_READ_DATA) 3386#define FSCTL_TXFS_GET_TRANSACTED_VERSION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 92, METHOD_BUFFERED, FILE_READ_DATA) 3387#define FSCTL_TXFS_SAVEPOINT_INFORMATION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 94, METHOD_BUFFERED, FILE_WRITE_DATA) 3388#define FSCTL_TXFS_CREATE_MINIVERSION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 95, METHOD_BUFFERED, FILE_WRITE_DATA) 3389#define FSCTL_TXFS_TRANSACTION_ACTIVE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 99, METHOD_BUFFERED, FILE_READ_DATA) 3390#define FSCTL_SET_ZERO_ON_DEALLOCATION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 101, METHOD_BUFFERED, FILE_SPECIAL_ACCESS) 3391#define FSCTL_SET_REPAIR CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 102, METHOD_BUFFERED, FILE_ANY_ACCESS) 3392#define FSCTL_GET_REPAIR CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 103, METHOD_BUFFERED, FILE_ANY_ACCESS) 3393#define FSCTL_WAIT_FOR_REPAIR CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 104, METHOD_BUFFERED, FILE_ANY_ACCESS) 3394#define FSCTL_INITIATE_REPAIR CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 106, METHOD_BUFFERED, FILE_ANY_ACCESS) 3395#define FSCTL_CSC_INTERNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 107, METHOD_NEITHER, FILE_ANY_ACCESS) 3396#define FSCTL_SHRINK_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 108, METHOD_BUFFERED, FILE_SPECIAL_ACCESS) 3397#define FSCTL_SET_SHORT_NAME_BEHAVIOR CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 109, METHOD_BUFFERED, FILE_ANY_ACCESS) 3398#define FSCTL_DFSR_SET_GHOST_HANDLE_STATE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 110, METHOD_BUFFERED, FILE_ANY_ACCESS) 3399 3400#define FSCTL_TXFS_LIST_TRANSACTION_LOCKED_FILES \ 3401 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 120, METHOD_BUFFERED, FILE_READ_DATA) 3402#define FSCTL_TXFS_LIST_TRANSACTIONS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 121, METHOD_BUFFERED, FILE_READ_DATA) 3403#define FSCTL_QUERY_PAGEFILE_ENCRYPTION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 122, METHOD_BUFFERED, FILE_ANY_ACCESS) 3404#define FSCTL_RESET_VOLUME_ALLOCATION_HINTS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 123, METHOD_BUFFERED, FILE_ANY_ACCESS) 3405#define FSCTL_TXFS_READ_BACKUP_INFORMATION2 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 126, METHOD_BUFFERED, FILE_ANY_ACCESS) 3406 3407#endif 3408 3409#if (_WIN32_WINNT >= 0x0601) 3410 3411#define FSCTL_QUERY_DEPENDENT_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 124, METHOD_BUFFERED, FILE_ANY_ACCESS) 3412#define FSCTL_SD_GLOBAL_CHANGE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 125, METHOD_BUFFERED, FILE_ANY_ACCESS) 3413#define FSCTL_LOOKUP_STREAM_FROM_CLUSTER CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 127, METHOD_BUFFERED, FILE_ANY_ACCESS) 3414#define FSCTL_TXFS_WRITE_BACKUP_INFORMATION2 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 128, METHOD_BUFFERED, FILE_ANY_ACCESS) 3415#define FSCTL_FILE_TYPE_NOTIFICATION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 129, METHOD_BUFFERED, FILE_ANY_ACCESS) 3416#define FSCTL_GET_BOOT_AREA_INFO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 140, METHOD_BUFFERED, FILE_ANY_ACCESS) 3417#define FSCTL_GET_RETRIEVAL_POINTER_BASE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 141, METHOD_BUFFERED, FILE_ANY_ACCESS) 3418#define FSCTL_SET_PERSISTENT_VOLUME_STATE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 142, METHOD_BUFFERED, FILE_ANY_ACCESS) 3419#define FSCTL_QUERY_PERSISTENT_VOLUME_STATE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 143, METHOD_BUFFERED, FILE_ANY_ACCESS) 3420 3421#define FSCTL_REQUEST_OPLOCK CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 144, METHOD_BUFFERED, FILE_ANY_ACCESS) 3422 3423#define FSCTL_CSV_TUNNEL_REQUEST CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 145, METHOD_BUFFERED, FILE_ANY_ACCESS) 3424#define FSCTL_IS_CSV_FILE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 146, METHOD_BUFFERED, FILE_ANY_ACCESS) 3425 3426#define FSCTL_QUERY_FILE_SYSTEM_RECOGNITION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 147, METHOD_BUFFERED, FILE_ANY_ACCESS) 3427#define FSCTL_CSV_GET_VOLUME_PATH_NAME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 148, METHOD_BUFFERED, FILE_ANY_ACCESS) 3428#define FSCTL_CSV_GET_VOLUME_NAME_FOR_VOLUME_MOUNT_POINT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 149, METHOD_BUFFERED, FILE_ANY_ACCESS) 3429#define FSCTL_CSV_GET_VOLUME_PATH_NAMES_FOR_VOLUME_NAME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 150, METHOD_BUFFERED, FILE_ANY_ACCESS) 3430#define FSCTL_IS_FILE_ON_CSV_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 151, METHOD_BUFFERED, FILE_ANY_ACCESS) 3431 3432typedef struct _CSV_NAMESPACE_INFO { 3433 ULONG Version; 3434 ULONG DeviceNumber; 3435 LARGE_INTEGER StartingOffset; 3436 ULONG SectorSize; 3437} CSV_NAMESPACE_INFO, *PCSV_NAMESPACE_INFO; 3438 3439#define CSV_NAMESPACE_INFO_V1 (sizeof(CSV_NAMESPACE_INFO)) 3440#define CSV_INVALID_DEVICE_NUMBER 0xFFFFFFFF 3441 3442#endif 3443 3444#define FSCTL_MARK_AS_SYSTEM_HIVE FSCTL_SET_BOOTLOADER_ACCESSED 3445 3446typedef struct _PATHNAME_BUFFER { 3447 ULONG PathNameLength; 3448 WCHAR Name[1]; 3449} PATHNAME_BUFFER, *PPATHNAME_BUFFER; 3450 3451typedef struct _FSCTL_QUERY_FAT_BPB_BUFFER { 3452 UCHAR First0x24BytesOfBootSector[0x24]; 3453} FSCTL_QUERY_FAT_BPB_BUFFER, *PFSCTL_QUERY_FAT_BPB_BUFFER; 3454 3455#if (_WIN32_WINNT >= 0x0400) 3456 3457typedef struct _NTFS_VOLUME_DATA_BUFFER { 3458 LARGE_INTEGER VolumeSerialNumber; 3459 LARGE_INTEGER NumberSectors; 3460 LARGE_INTEGER TotalClusters; 3461 LARGE_INTEGER FreeClusters; 3462 LARGE_INTEGER TotalReserved; 3463 ULONG BytesPerSector; 3464 ULONG BytesPerCluster; 3465 ULONG BytesPerFileRecordSegment; 3466 ULONG ClustersPerFileRecordSegment; 3467 LARGE_INTEGER MftValidDataLength; 3468 LARGE_INTEGER MftStartLcn; 3469 LARGE_INTEGER Mft2StartLcn; 3470 LARGE_INTEGER MftZoneStart; 3471 LARGE_INTEGER MftZoneEnd; 3472} NTFS_VOLUME_DATA_BUFFER, *PNTFS_VOLUME_DATA_BUFFER; 3473 3474typedef struct _NTFS_EXTENDED_VOLUME_DATA { 3475 ULONG ByteCount; 3476 USHORT MajorVersion; 3477 USHORT MinorVersion; 3478} NTFS_EXTENDED_VOLUME_DATA, *PNTFS_EXTENDED_VOLUME_DATA; 3479 3480typedef struct _STARTING_LCN_INPUT_BUFFER { 3481 LARGE_INTEGER StartingLcn; 3482} STARTING_LCN_INPUT_BUFFER, *PSTARTING_LCN_INPUT_BUFFER; 3483 3484typedef struct _VOLUME_BITMAP_BUFFER { 3485 LARGE_INTEGER StartingLcn; 3486 LARGE_INTEGER BitmapSize; 3487 UCHAR Buffer[1]; 3488} VOLUME_BITMAP_BUFFER, *PVOLUME_BITMAP_BUFFER; 3489 3490typedef struct _STARTING_VCN_INPUT_BUFFER { 3491 LARGE_INTEGER StartingVcn; 3492} STARTING_VCN_INPUT_BUFFER, *PSTARTING_VCN_INPUT_BUFFER; 3493 3494typedef struct _RETRIEVAL_POINTERS_BUFFER { 3495 ULONG ExtentCount; 3496 LARGE_INTEGER StartingVcn; 3497 struct { 3498 LARGE_INTEGER NextVcn; 3499 LARGE_INTEGER Lcn; 3500 } Extents[1]; 3501} RETRIEVAL_POINTERS_BUFFER, *PRETRIEVAL_POINTERS_BUFFER; 3502 3503typedef struct _NTFS_FILE_RECORD_INPUT_BUFFER { 3504 LARGE_INTEGER FileReferenceNumber; 3505} NTFS_FILE_RECORD_INPUT_BUFFER, *PNTFS_FILE_RECORD_INPUT_BUFFER; 3506 3507typedef struct _NTFS_FILE_RECORD_OUTPUT_BUFFER { 3508 LARGE_INTEGER FileReferenceNumber; 3509 ULONG FileRecordLength; 3510 UCHAR FileRecordBuffer[1]; 3511} NTFS_FILE_RECORD_OUTPUT_BUFFER, *PNTFS_FILE_RECORD_OUTPUT_BUFFER; 3512 3513typedef struct _MOVE_FILE_DATA { 3514 HANDLE FileHandle; 3515 LARGE_INTEGER StartingVcn; 3516 LARGE_INTEGER StartingLcn; 3517 ULONG ClusterCount; 3518} MOVE_FILE_DATA, *PMOVE_FILE_DATA; 3519 3520typedef struct _MOVE_FILE_RECORD_DATA { 3521 HANDLE FileHandle; 3522 LARGE_INTEGER SourceFileRecord; 3523 LARGE_INTEGER TargetFileRecord; 3524} MOVE_FILE_RECORD_DATA, *PMOVE_FILE_RECORD_DATA; 3525 3526#if defined(_WIN64) 3527typedef struct _MOVE_FILE_DATA32 { 3528 UINT32 FileHandle; 3529 LARGE_INTEGER StartingVcn; 3530 LARGE_INTEGER StartingLcn; 3531 ULONG ClusterCount; 3532} MOVE_FILE_DATA32, *PMOVE_FILE_DATA32; 3533#endif 3534 3535#endif /* (_WIN32_WINNT >= 0x0400) */ 3536 3537#if (_WIN32_WINNT >= 0x0500) 3538 3539typedef struct _FIND_BY_SID_DATA { 3540 ULONG Restart; 3541 SID Sid; 3542} FIND_BY_SID_DATA, *PFIND_BY_SID_DATA; 3543 3544typedef struct _FIND_BY_SID_OUTPUT { 3545 ULONG NextEntryOffset; 3546 ULONG FileIndex; 3547 ULONG FileNameLength; 3548 WCHAR FileName[1]; 3549} FIND_BY_SID_OUTPUT, *PFIND_BY_SID_OUTPUT; 3550 3551typedef struct _MFT_ENUM_DATA { 3552 ULONGLONG StartFileReferenceNumber; 3553 USN LowUsn; 3554 USN HighUsn; 3555} MFT_ENUM_DATA, *PMFT_ENUM_DATA; 3556 3557typedef struct _CREATE_USN_JOURNAL_DATA { 3558 ULONGLONG MaximumSize; 3559 ULONGLONG AllocationDelta; 3560} CREATE_USN_JOURNAL_DATA, *PCREATE_USN_JOURNAL_DATA; 3561 3562typedef struct _READ_USN_JOURNAL_DATA { 3563 USN StartUsn; 3564 ULONG ReasonMask; 3565 ULONG ReturnOnlyOnClose; 3566 ULONGLONG Timeout; 3567 ULONGLONG BytesToWaitFor; 3568 ULONGLONG UsnJournalID; 3569} READ_USN_JOURNAL_DATA, *PREAD_USN_JOURNAL_DATA; 3570 3571typedef struct _USN_RECORD { 3572 ULONG RecordLength; 3573 USHORT MajorVersion; 3574 USHORT MinorVersion; 3575 ULONGLONG FileReferenceNumber; 3576 ULONGLONG ParentFileReferenceNumber; 3577 USN Usn; 3578 LARGE_INTEGER TimeStamp; 3579 ULONG Reason; 3580 ULONG SourceInfo; 3581 ULONG SecurityId; 3582 ULONG FileAttributes; 3583 USHORT FileNameLength; 3584 USHORT FileNameOffset; 3585 WCHAR FileName[1]; 3586} USN_RECORD, *PUSN_RECORD; 3587 3588#define USN_PAGE_SIZE (0x1000) 3589 3590#define USN_REASON_DATA_OVERWRITE (0x00000001) 3591#define USN_REASON_DATA_EXTEND (0x00000002) 3592#define USN_REASON_DATA_TRUNCATION (0x00000004) 3593#define USN_REASON_NAMED_DATA_OVERWRITE (0x00000010) 3594#define USN_REASON_NAMED_DATA_EXTEND (0x00000020) 3595#define USN_REASON_NAMED_DATA_TRUNCATION (0x00000040) 3596#define USN_REASON_FILE_CREATE (0x00000100) 3597#define USN_REASON_FILE_DELETE (0x00000200) 3598#define USN_REASON_EA_CHANGE (0x00000400) 3599#define USN_REASON_SECURITY_CHANGE (0x00000800) 3600#define USN_REASON_RENAME_OLD_NAME (0x00001000) 3601#define USN_REASON_RENAME_NEW_NAME (0x00002000) 3602#define USN_REASON_INDEXABLE_CHANGE (0x00004000) 3603#define USN_REASON_BASIC_INFO_CHANGE (0x00008000) 3604#define USN_REASON_HARD_LINK_CHANGE (0x00010000) 3605#define USN_REASON_COMPRESSION_CHANGE (0x00020000) 3606#define USN_REASON_ENCRYPTION_CHANGE (0x00040000) 3607#define USN_REASON_OBJECT_ID_CHANGE (0x00080000) 3608#define USN_REASON_REPARSE_POINT_CHANGE (0x00100000) 3609#define USN_REASON_STREAM_CHANGE (0x00200000) 3610#define USN_REASON_TRANSACTED_CHANGE (0x00400000) 3611#define USN_REASON_CLOSE (0x80000000) 3612 3613typedef struct _USN_JOURNAL_DATA { 3614 ULONGLONG UsnJournalID; 3615 USN FirstUsn; 3616 USN NextUsn; 3617 USN LowestValidUsn; 3618 USN MaxUsn; 3619 ULONGLONG MaximumSize; 3620 ULONGLONG AllocationDelta; 3621} USN_JOURNAL_DATA, *PUSN_JOURNAL_DATA; 3622 3623typedef struct _DELETE_USN_JOURNAL_DATA { 3624 ULONGLONG UsnJournalID; 3625 ULONG DeleteFlags; 3626} DELETE_USN_JOURNAL_DATA, *PDELETE_USN_JOURNAL_DATA; 3627 3628#define USN_DELETE_FLAG_DELETE (0x00000001) 3629#define USN_DELETE_FLAG_NOTIFY (0x00000002) 3630#define USN_DELETE_VALID_FLAGS (0x00000003) 3631 3632typedef struct _MARK_HANDLE_INFO { 3633 ULONG UsnSourceInfo; 3634 HANDLE VolumeHandle; 3635 ULONG HandleInfo; 3636} MARK_HANDLE_INFO, *PMARK_HANDLE_INFO; 3637 3638#if defined(_WIN64) 3639typedef struct _MARK_HANDLE_INFO32 { 3640 ULONG UsnSourceInfo; 3641 UINT32 VolumeHandle; 3642 ULONG HandleInfo; 3643} MARK_HANDLE_INFO32, *PMARK_HANDLE_INFO32; 3644#endif 3645 3646#define USN_SOURCE_DATA_MANAGEMENT (0x00000001) 3647#define USN_SOURCE_AUXILIARY_DATA (0x00000002) 3648#define USN_SOURCE_REPLICATION_MANAGEMENT (0x00000004) 3649 3650#define MARK_HANDLE_PROTECT_CLUSTERS (0x00000001) 3651#define MARK_HANDLE_TXF_SYSTEM_LOG (0x00000004) 3652#define MARK_HANDLE_NOT_TXF_SYSTEM_LOG (0x00000008) 3653 3654typedef struct _BULK_SECURITY_TEST_DATA { 3655 ACCESS_MASK DesiredAccess; 3656 ULONG SecurityIds[1]; 3657} BULK_SECURITY_TEST_DATA, *PBULK_SECURITY_TEST_DATA; 3658 3659#define VOLUME_IS_DIRTY (0x00000001) 3660#define VOLUME_UPGRADE_SCHEDULED (0x00000002) 3661#define VOLUME_SESSION_OPEN (0x00000004) 3662 3663typedef struct _FILE_PREFETCH { 3664 ULONG Type; 3665 ULONG Count; 3666 ULONGLONG Prefetch[1]; 3667} FILE_PREFETCH, *PFILE_PREFETCH; 3668 3669typedef struct _FILE_PREFETCH_EX { 3670 ULONG Type; 3671 ULONG Count; 3672 PVOID Context; 3673 ULONGLONG Prefetch[1]; 3674} FILE_PREFETCH_EX, *PFILE_PREFETCH_EX; 3675 3676#define FILE_PREFETCH_TYPE_FOR_CREATE 0x1 3677#define FILE_PREFETCH_TYPE_FOR_DIRENUM 0x2 3678#define FILE_PREFETCH_TYPE_FOR_CREATE_EX 0x3 3679#define FILE_PREFETCH_TYPE_FOR_DIRENUM_EX 0x4 3680 3681#define FILE_PREFETCH_TYPE_MAX 0x4 3682 3683typedef struct _FILE_OBJECTID_BUFFER { 3684 UCHAR ObjectId[16]; 3685 _ANONYMOUS_UNION union { 3686 _ANONYMOUS_STRUCT struct { 3687 UCHAR BirthVolumeId[16]; 3688 UCHAR BirthObjectId[16]; 3689 UCHAR DomainId[16]; 3690 } DUMMYSTRUCTNAME; 3691 UCHAR ExtendedInfo[48]; 3692 } DUMMYUNIONNAME; 3693} FILE_OBJECTID_BUFFER, *PFILE_OBJECTID_BUFFER; 3694 3695typedef struct _FILE_SET_SPARSE_BUFFER { 3696 BOOLEAN SetSparse; 3697} FILE_SET_SPARSE_BUFFER, *PFILE_SET_SPARSE_BUFFER; 3698 3699typedef struct _FILE_ZERO_DATA_INFORMATION { 3700 LARGE_INTEGER FileOffset; 3701 LARGE_INTEGER BeyondFinalZero; 3702} FILE_ZERO_DATA_INFORMATION, *PFILE_ZERO_DATA_INFORMATION; 3703 3704typedef struct _FILE_ALLOCATED_RANGE_BUFFER { 3705 LARGE_INTEGER FileOffset; 3706 LARGE_INTEGER Length; 3707} FILE_ALLOCATED_RANGE_BUFFER, *PFILE_ALLOCATED_RANGE_BUFFER; 3708 3709typedef struct _ENCRYPTION_BUFFER { 3710 ULONG EncryptionOperation; 3711 UCHAR Private[1]; 3712} ENCRYPTION_BUFFER, *PENCRYPTION_BUFFER; 3713 3714#define FILE_SET_ENCRYPTION 0x00000001 3715#define FILE_CLEAR_ENCRYPTION 0x00000002 3716#define STREAM_SET_ENCRYPTION 0x00000003 3717#define STREAM_CLEAR_ENCRYPTION 0x00000004 3718 3719#define MAXIMUM_ENCRYPTION_VALUE 0x00000004 3720 3721typedef struct _DECRYPTION_STATUS_BUFFER { 3722 BOOLEAN NoEncryptedStreams; 3723} DECRYPTION_STATUS_BUFFER, *PDECRYPTION_STATUS_BUFFER; 3724 3725#define ENCRYPTION_FORMAT_DEFAULT (0x01) 3726 3727#define COMPRESSION_FORMAT_SPARSE (0x4000) 3728 3729typedef struct _REQUEST_RAW_ENCRYPTED_DATA { 3730 LONGLONG FileOffset; 3731 ULONG Length; 3732} REQUEST_RAW_ENCRYPTED_DATA, *PREQUEST_RAW_ENCRYPTED_DATA; 3733 3734typedef struct _ENCRYPTED_DATA_INFO { 3735 ULONGLONG StartingFileOffset; 3736 ULONG OutputBufferOffset; 3737 ULONG BytesWithinFileSize; 3738 ULONG BytesWithinValidDataLength; 3739 USHORT CompressionFormat; 3740 UCHAR DataUnitShift; 3741 UCHAR ChunkShift; 3742 UCHAR ClusterShift; 3743 UCHAR EncryptionFormat; 3744 USHORT NumberOfDataBlocks; 3745 ULONG DataBlockSize[ANYSIZE_ARRAY]; 3746} ENCRYPTED_DATA_INFO, *PENCRYPTED_DATA_INFO; 3747 3748typedef struct _PLEX_READ_DATA_REQUEST { 3749 LARGE_INTEGER ByteOffset; 3750 ULONG ByteLength; 3751 ULONG PlexNumber; 3752} PLEX_READ_DATA_REQUEST, *PPLEX_READ_DATA_REQUEST; 3753 3754typedef struct _SI_COPYFILE { 3755 ULONG SourceFileNameLength; 3756 ULONG DestinationFileNameLength; 3757 ULONG Flags; 3758 WCHAR FileNameBuffer[1]; 3759} SI_COPYFILE, *PSI_COPYFILE; 3760 3761#define COPYFILE_SIS_LINK 0x0001 3762#define COPYFILE_SIS_REPLACE 0x0002 3763#define COPYFILE_SIS_FLAGS 0x0003 3764 3765#endif /* (_WIN32_WINNT >= 0x0500) */ 3766 3767#if (_WIN32_WINNT >= 0x0600) 3768 3769typedef struct _FILE_MAKE_COMPATIBLE_BUFFER { 3770 BOOLEAN CloseDisc; 3771} FILE_MAKE_COMPATIBLE_BUFFER, *PFILE_MAKE_COMPATIBLE_BUFFER; 3772 3773typedef struct _FILE_SET_DEFECT_MGMT_BUFFER { 3774 BOOLEAN Disable; 3775} FILE_SET_DEFECT_MGMT_BUFFER, *PFILE_SET_DEFECT_MGMT_BUFFER; 3776 3777typedef struct _FILE_QUERY_SPARING_BUFFER { 3778 ULONG SparingUnitBytes; 3779 BOOLEAN SoftwareSparing; 3780 ULONG TotalSpareBlocks; 3781 ULONG FreeSpareBlocks; 3782} FILE_QUERY_SPARING_BUFFER, *PFILE_QUERY_SPARING_BUFFER; 3783 3784typedef struct _FILE_QUERY_ON_DISK_VOL_INFO_BUFFER { 3785 LARGE_INTEGER DirectoryCount; 3786 LARGE_INTEGER FileCount; 3787 USHORT FsFormatMajVersion; 3788 USHORT FsFormatMinVersion; 3789 WCHAR FsFormatName[12]; 3790 LARGE_INTEGER FormatTime; 3791 LARGE_INTEGER LastUpdateTime; 3792 WCHAR CopyrightInfo[34]; 3793 WCHAR AbstractInfo[34]; 3794 WCHAR FormattingImplementationInfo[34]; 3795 WCHAR LastModifyingImplementationInfo[34]; 3796} FILE_QUERY_ON_DISK_VOL_INFO_BUFFER, *PFILE_QUERY_ON_DISK_VOL_INFO_BUFFER; 3797 3798#define SET_REPAIR_ENABLED (0x00000001) 3799#define SET_REPAIR_VOLUME_BITMAP_SCAN (0x00000002) 3800#define SET_REPAIR_DELETE_CROSSLINK (0x00000004) 3801#define SET_REPAIR_WARN_ABOUT_DATA_LOSS (0x00000008) 3802#define SET_REPAIR_DISABLED_AND_BUGCHECK_ON_CORRUPT (0x00000010) 3803#define SET_REPAIR_VALID_MASK (0x0000001F) 3804 3805typedef enum _SHRINK_VOLUME_REQUEST_TYPES { 3806 ShrinkPrepare = 1, 3807 ShrinkCommit, 3808 ShrinkAbort 3809} SHRINK_VOLUME_REQUEST_TYPES, *PSHRINK_VOLUME_REQUEST_TYPES; 3810 3811typedef struct _SHRINK_VOLUME_INFORMATION { 3812 SHRINK_VOLUME_REQUEST_TYPES ShrinkRequestType; 3813 ULONGLONG Flags; 3814 LONGLONG NewNumberOfSectors; 3815} SHRINK_VOLUME_INFORMATION, *PSHRINK_VOLUME_INFORMATION; 3816 3817#define TXFS_RM_FLAG_LOGGING_MODE 0x00000001 3818#define TXFS_RM_FLAG_RENAME_RM 0x00000002 3819#define TXFS_RM_FLAG_LOG_CONTAINER_COUNT_MAX 0x00000004 3820#define TXFS_RM_FLAG_LOG_CONTAINER_COUNT_MIN 0x00000008 3821#define TXFS_RM_FLAG_LOG_GROWTH_INCREMENT_NUM_CONTAINERS 0x00000010 3822#define TXFS_RM_FLAG_LOG_GROWTH_INCREMENT_PERCENT 0x00000020 3823#define TXFS_RM_FLAG_LOG_AUTO_SHRINK_PERCENTAGE 0x00000040 3824#define TXFS_RM_FLAG_LOG_NO_CONTAINER_COUNT_MAX 0x00000080 3825#define TXFS_RM_FLAG_LOG_NO_CONTAINER_COUNT_MIN 0x00000100 3826#define TXFS_RM_FLAG_GROW_LOG 0x00000400 3827#define TXFS_RM_FLAG_SHRINK_LOG 0x00000800 3828#define TXFS_RM_FLAG_ENFORCE_MINIMUM_SIZE 0x00001000 3829#define TXFS_RM_FLAG_PRESERVE_CHANGES 0x00002000 3830#define TXFS_RM_FLAG_RESET_RM_AT_NEXT_START 0x00004000 3831#define TXFS_RM_FLAG_DO_NOT_RESET_RM_AT_NEXT_START 0x00008000 3832#define TXFS_RM_FLAG_PREFER_CONSISTENCY 0x00010000 3833#define TXFS_RM_FLAG_PREFER_AVAILABILITY 0x00020000 3834 3835#define TXFS_LOGGING_MODE_SIMPLE (0x0001) 3836#define TXFS_LOGGING_MODE_FULL (0x0002) 3837 3838#define TXFS_TRANSACTION_STATE_NONE 0x00 3839#define TXFS_TRANSACTION_STATE_ACTIVE 0x01 3840#define TXFS_TRANSACTION_STATE_PREPARED 0x02 3841#define TXFS_TRANSACTION_STATE_NOTACTIVE 0x03 3842 3843#define TXFS_MODIFY_RM_VALID_FLAGS (TXFS_RM_FLAG_LOGGING_MODE | \ 3844 TXFS_RM_FLAG_RENAME_RM | \ 3845 TXFS_RM_FLAG_LOG_CONTAINER_COUNT_MAX | \ 3846 TXFS_RM_FLAG_LOG_CONTAINER_COUNT_MIN | \ 3847 TXFS_RM_FLAG_LOG_GROWTH_INCREMENT_NUM_CONTAINERS | \ 3848 TXFS_RM_FLAG_LOG_GROWTH_INCREMENT_PERCENT | \ 3849 TXFS_RM_FLAG_LOG_AUTO_SHRINK_PERCENTAGE | \ 3850 TXFS_RM_FLAG_LOG_NO_CONTAINER_COUNT_MAX | \ 3851 TXFS_RM_FLAG_LOG_NO_CONTAINER_COUNT_MIN | \ 3852 TXFS_RM_FLAG_SHRINK_LOG | \ 3853 TXFS_RM_FLAG_GROW_LOG | \ 3854 TXFS_RM_FLAG_ENFORCE_MINIMUM_SIZE | \ 3855 TXFS_RM_FLAG_PRESERVE_CHANGES | \ 3856 TXFS_RM_FLAG_RESET_RM_AT_NEXT_START | \ 3857 TXFS_RM_FLAG_DO_NOT_RESET_RM_AT_NEXT_START | \ 3858 TXFS_RM_FLAG_PREFER_CONSISTENCY | \ 3859 TXFS_RM_FLAG_PREFER_AVAILABILITY) 3860 3861typedef struct _TXFS_MODIFY_RM { 3862 ULONG Flags; 3863 ULONG LogContainerCountMax; 3864 ULONG LogContainerCountMin; 3865 ULONG LogContainerCount; 3866 ULONG LogGrowthIncrement; 3867 ULONG LogAutoShrinkPercentage; 3868 ULONGLONG Reserved; 3869 USHORT LoggingMode; 3870} TXFS_MODIFY_RM, *PTXFS_MODIFY_RM; 3871 3872#define TXFS_RM_STATE_NOT_STARTED 0 3873#define TXFS_RM_STATE_STARTING 1 3874#define TXFS_RM_STATE_ACTIVE 2 3875#define TXFS_RM_STATE_SHUTTING_DOWN 3 3876 3877#define TXFS_QUERY_RM_INFORMATION_VALID_FLAGS \ 3878 (TXFS_RM_FLAG_LOG_GROWTH_INCREMENT_NUM_CONTAINERS | \ 3879 TXFS_RM_FLAG_LOG_GROWTH_INCREMENT_PERCENT | \ 3880 TXFS_RM_FLAG_LOG_NO_CONTAINER_COUNT_MAX | \ 3881 TXFS_RM_FLAG_LOG_NO_CONTAINER_COUNT_MIN | \ 3882 TXFS_RM_FLAG_RESET_RM_AT_NEXT_START | \ 3883 TXFS_RM_FLAG_DO_NOT_RESET_RM_AT_NEXT_START | \ 3884 TXFS_RM_FLAG_PREFER_CONSISTENCY | \ 3885 TXFS_RM_FLAG_PREFER_AVAILABILITY) 3886 3887typedef struct _TXFS_QUERY_RM_INFORMATION { 3888 ULONG BytesRequired; 3889 ULONGLONG TailLsn; 3890 ULONGLONG CurrentLsn; 3891 ULONGLONG ArchiveTailLsn; 3892 ULONGLONG LogContainerSize; 3893 LARGE_INTEGER HighestVirtualClock; 3894 ULONG LogContainerCount; 3895 ULONG LogContainerCountMax; 3896 ULONG LogContainerCountMin; 3897 ULONG LogGrowthIncrement; 3898 ULONG LogAutoShrinkPercentage; 3899 ULONG Flags; 3900 USHORT LoggingMode; 3901 USHORT Reserved; 3902 ULONG RmState; 3903 ULONGLONG LogCapacity; 3904 ULONGLONG LogFree; 3905 ULONGLONG TopsSize; 3906 ULONGLONG TopsUsed; 3907 ULONGLONG TransactionCount; 3908 ULONGLONG OnePCCount; 3909 ULONGLONG TwoPCCount; 3910 ULONGLONG NumberLogFileFull; 3911 ULONGLONG OldestTransactionAge; 3912 GUID RMName; 3913 ULONG TmLogPathOffset; 3914} TXFS_QUERY_RM_INFORMATION, *PTXFS_QUERY_RM_INFORMATION; 3915 3916#define TXFS_ROLLFORWARD_REDO_FLAG_USE_LAST_REDO_LSN 0x01 3917#define TXFS_ROLLFORWARD_REDO_FLAG_USE_LAST_VIRTUAL_CLOCK 0x02 3918 3919#define TXFS_ROLLFORWARD_REDO_VALID_FLAGS \ 3920 (TXFS_ROLLFORWARD_REDO_FLAG_USE_LAST_REDO_LSN | \ 3921 TXFS_ROLLFORWARD_REDO_FLAG_USE_LAST_VIRTUAL_CLOCK) 3922 3923typedef struct _TXFS_ROLLFORWARD_REDO_INFORMATION { 3924 LARGE_INTEGER LastVirtualClock; 3925 ULONGLONG LastRedoLsn; 3926 ULONGLONG HighestRecoveryLsn; 3927 ULONG Flags; 3928} TXFS_ROLLFORWARD_REDO_INFORMATION, *PTXFS_ROLLFORWARD_REDO_INFORMATION; 3929 3930#define TXFS_START_RM_FLAG_LOG_CONTAINER_COUNT_MAX 0x00000001 3931#define TXFS_START_RM_FLAG_LOG_CONTAINER_COUNT_MIN 0x00000002 3932#define TXFS_START_RM_FLAG_LOG_CONTAINER_SIZE 0x00000004 3933#define TXFS_START_RM_FLAG_LOG_GROWTH_INCREMENT_NUM_CONTAINERS 0x00000008 3934#define TXFS_START_RM_FLAG_LOG_GROWTH_INCREMENT_PERCENT 0x00000010 3935#define TXFS_START_RM_FLAG_LOG_AUTO_SHRINK_PERCENTAGE 0x00000020 3936#define TXFS_START_RM_FLAG_LOG_NO_CONTAINER_COUNT_MAX 0x00000040 3937#define TXFS_START_RM_FLAG_LOG_NO_CONTAINER_COUNT_MIN 0x00000080 3938 3939#define TXFS_START_RM_FLAG_RECOVER_BEST_EFFORT 0x00000200 3940#define TXFS_START_RM_FLAG_LOGGING_MODE 0x00000400 3941#define TXFS_START_RM_FLAG_PRESERVE_CHANGES 0x00000800 3942 3943#define TXFS_START_RM_FLAG_PREFER_CONSISTENCY 0x00001000 3944#define TXFS_START_RM_FLAG_PREFER_AVAILABILITY 0x00002000 3945 3946#define TXFS_START_RM_VALID_FLAGS \ 3947 (TXFS_START_RM_FLAG_LOG_CONTAINER_COUNT_MAX | \ 3948 TXFS_START_RM_FLAG_LOG_CONTAINER_COUNT_MIN | \ 3949 TXFS_START_RM_FLAG_LOG_CONTAINER_SIZE | \ 3950 TXFS_START_RM_FLAG_LOG_GROWTH_INCREMENT_NUM_CONTAINERS | \ 3951 TXFS_START_RM_FLAG_LOG_GROWTH_INCREMENT_PERCENT | \ 3952 TXFS_START_RM_FLAG_LOG_AUTO_SHRINK_PERCENTAGE | \ 3953 TXFS_START_RM_FLAG_RECOVER_BEST_EFFORT | \ 3954 TXFS_START_RM_FLAG_LOG_NO_CONTAINER_COUNT_MAX | \ 3955 TXFS_START_RM_FLAG_LOGGING_MODE | \ 3956 TXFS_START_RM_FLAG_PRESERVE_CHANGES | \ 3957 TXFS_START_RM_FLAG_PREFER_CONSISTENCY | \ 3958 TXFS_START_RM_FLAG_PREFER_AVAILABILITY) 3959 3960typedef struct _TXFS_START_RM_INFORMATION { 3961 ULONG Flags; 3962 ULONGLONG LogContainerSize; 3963 ULONG LogContainerCountMin; 3964 ULONG LogContainerCountMax; 3965 ULONG LogGrowthIncrement; 3966 ULONG LogAutoShrinkPercentage; 3967 ULONG TmLogPathOffset; 3968 USHORT TmLogPathLength; 3969 USHORT LoggingMode; 3970 USHORT LogPathLength; 3971 USHORT Reserved; 3972 WCHAR LogPath[1]; 3973} TXFS_START_RM_INFORMATION, *PTXFS_START_RM_INFORMATION; 3974 3975typedef struct _TXFS_GET_METADATA_INFO_OUT { 3976 struct { 3977 LONGLONG LowPart; 3978 LONGLONG HighPart; 3979 } TxfFileId; 3980 GUID LockingTransaction; 3981 ULONGLONG LastLsn; 3982 ULONG TransactionState; 3983} TXFS_GET_METADATA_INFO_OUT, *PTXFS_GET_METADATA_INFO_OUT; 3984 3985#define TXFS_LIST_TRANSACTION_LOCKED_FILES_ENTRY_FLAG_CREATED 0x00000001 3986#define TXFS_LIST_TRANSACTION_LOCKED_FILES_ENTRY_FLAG_DELETED 0x00000002 3987 3988typedef struct _TXFS_LIST_TRANSACTION_LOCKED_FILES_ENTRY { 3989 ULONGLONG Offset; 3990 ULONG NameFlags; 3991 LONGLONG FileId; 3992 ULONG Reserved1; 3993 ULONG Reserved2; 3994 LONGLONG Reserved3; 3995 WCHAR FileName[1]; 3996} TXFS_LIST_TRANSACTION_LOCKED_FILES_ENTRY, *PTXFS_LIST_TRANSACTION_LOCKED_FILES_ENTRY; 3997 3998typedef struct _TXFS_LIST_TRANSACTION_LOCKED_FILES { 3999 GUID KtmTransaction; 4000 ULONGLONG NumberOfFiles; 4001 ULONGLONG BufferSizeRequired; 4002 ULONGLONG Offset; 4003} TXFS_LIST_TRANSACTION_LOCKED_FILES, *PTXFS_LIST_TRANSACTION_LOCKED_FILES; 4004 4005typedef struct _TXFS_LIST_TRANSACTIONS_ENTRY { 4006 GUID TransactionId; 4007 ULONG TransactionState; 4008 ULONG Reserved1; 4009 ULONG Reserved2; 4010 LONGLONG Reserved3; 4011} TXFS_LIST_TRANSACTIONS_ENTRY, *PTXFS_LIST_TRANSACTIONS_ENTRY; 4012 4013typedef struct _TXFS_LIST_TRANSACTIONS { 4014 ULONGLONG NumberOfTransactions; 4015 ULONGLONG BufferSizeRequired; 4016} TXFS_LIST_TRANSACTIONS, *PTXFS_LIST_TRANSACTIONS; 4017 4018typedef struct _TXFS_READ_BACKUP_INFORMATION_OUT { 4019 _ANONYMOUS_UNION union { 4020 ULONG BufferLength; 4021 UCHAR Buffer[1]; 4022 } DUMMYUNIONNAME; 4023} TXFS_READ_BACKUP_INFORMATION_OUT, *PTXFS_READ_BACKUP_INFORMATION_OUT; 4024 4025typedef struct _TXFS_WRITE_BACKUP_INFORMATION { 4026 UCHAR Buffer[1]; 4027} TXFS_WRITE_BACKUP_INFORMATION, *PTXFS_WRITE_BACKUP_INFORMATION; 4028 4029#define TXFS_TRANSACTED_VERSION_NONTRANSACTED 0xFFFFFFFE 4030#define TXFS_TRANSACTED_VERSION_UNCOMMITTED 0xFFFFFFFF 4031 4032typedef struct _TXFS_GET_TRANSACTED_VERSION { 4033 ULONG ThisBaseVersion; 4034 ULONG LatestVersion; 4035 USHORT ThisMiniVersion; 4036 USHORT FirstMiniVersion; 4037 USHORT LatestMiniVersion; 4038} TXFS_GET_TRANSACTED_VERSION, *PTXFS_GET_TRANSACTED_VERSION; 4039 4040#define TXFS_SAVEPOINT_SET 0x00000001 4041#define TXFS_SAVEPOINT_ROLLBACK 0x00000002 4042#define TXFS_SAVEPOINT_CLEAR 0x00000004 4043#define TXFS_SAVEPOINT_CLEAR_ALL 0x00000010 4044 4045typedef struct _TXFS_SAVEPOINT_INFORMATION { 4046 HANDLE KtmTransaction; 4047 ULONG ActionCode; 4048 ULONG SavepointId; 4049} TXFS_SAVEPOINT_INFORMATION, *PTXFS_SAVEPOINT_INFORMATION; 4050 4051typedef struct _TXFS_CREATE_MINIVERSION_INFO { 4052 USHORT StructureVersion; 4053 USHORT StructureLength; 4054 ULONG BaseVersion; 4055 USHORT MiniVersion; 4056} TXFS_CREATE_MINIVERSION_INFO, *PTXFS_CREATE_MINIVERSION_INFO; 4057 4058typedef struct _TXFS_TRANSACTION_ACTIVE_INFO { 4059 BOOLEAN TransactionsActiveAtSnapshot; 4060} TXFS_TRANSACTION_ACTIVE_INFO, *PTXFS_TRANSACTION_ACTIVE_INFO; 4061 4062#endif /* (_WIN32_WINNT >= 0x0600) */ 4063 4064#if (_WIN32_WINNT >= 0x0601) 4065 4066#define MARK_HANDLE_REALTIME (0x00000020) 4067#define MARK_HANDLE_NOT_REALTIME (0x00000040) 4068 4069#define NO_8DOT3_NAME_PRESENT (0x00000001) 4070#define REMOVED_8DOT3_NAME (0x00000002) 4071 4072#define PERSISTENT_VOLUME_STATE_SHORT_NAME_CREATION_DISABLED (0x00000001) 4073 4074typedef struct _BOOT_AREA_INFO { 4075 ULONG BootSectorCount; 4076 struct { 4077 LARGE_INTEGER Offset; 4078 } BootSectors[2]; 4079} BOOT_AREA_INFO, *PBOOT_AREA_INFO; 4080 4081typedef struct _RETRIEVAL_POINTER_BASE { 4082 LARGE_INTEGER FileAreaOffset; 4083} RETRIEVAL_POINTER_BASE, *PRETRIEVAL_POINTER_BASE; 4084 4085typedef struct _FILE_FS_PERSISTENT_VOLUME_INFORMATION { 4086 ULONG VolumeFlags; 4087 ULONG FlagMask; 4088 ULONG Version; 4089 ULONG Reserved; 4090} FILE_FS_PERSISTENT_VOLUME_INFORMATION, *PFILE_FS_PERSISTENT_VOLUME_INFORMATION; 4091 4092typedef struct _FILE_SYSTEM_RECOGNITION_INFORMATION { 4093 CHAR FileSystem[9]; 4094} FILE_SYSTEM_RECOGNITION_INFORMATION, *PFILE_SYSTEM_RECOGNITION_INFORMATION; 4095 4096#define OPLOCK_LEVEL_CACHE_READ (0x00000001) 4097#define OPLOCK_LEVEL_CACHE_HANDLE (0x00000002) 4098#define OPLOCK_LEVEL_CACHE_WRITE (0x00000004) 4099 4100#define REQUEST_OPLOCK_INPUT_FLAG_REQUEST (0x00000001) 4101#define REQUEST_OPLOCK_INPUT_FLAG_ACK (0x00000002) 4102#define REQUEST_OPLOCK_INPUT_FLAG_COMPLETE_ACK_ON_CLOSE (0x00000004) 4103 4104#define REQUEST_OPLOCK_CURRENT_VERSION 1 4105 4106typedef struct _REQUEST_OPLOCK_INPUT_BUFFER { 4107 USHORT StructureVersion; 4108 USHORT StructureLength; 4109 ULONG RequestedOplockLevel; 4110 ULONG Flags; 4111} REQUEST_OPLOCK_INPUT_BUFFER, *PREQUEST_OPLOCK_INPUT_BUFFER; 4112 4113#define REQUEST_OPLOCK_OUTPUT_FLAG_ACK_REQUIRED (0x00000001) 4114#define REQUEST_OPLOCK_OUTPUT_FLAG_MODES_PROVIDED (0x00000002) 4115 4116typedef struct _REQUEST_OPLOCK_OUTPUT_BUFFER { 4117 USHORT StructureVersion; 4118 USHORT StructureLength; 4119 ULONG OriginalOplockLevel; 4120 ULONG NewOplockLevel; 4121 ULONG Flags; 4122 ACCESS_MASK AccessMode; 4123 USHORT ShareMode; 4124} REQUEST_OPLOCK_OUTPUT_BUFFER, *PREQUEST_OPLOCK_OUTPUT_BUFFER; 4125 4126#define SD_GLOBAL_CHANGE_TYPE_MACHINE_SID 1 4127 4128typedef struct _SD_CHANGE_MACHINE_SID_INPUT { 4129 USHORT CurrentMachineSIDOffset; 4130 USHORT CurrentMachineSIDLength; 4131 USHORT NewMachineSIDOffset; 4132 USHORT NewMachineSIDLength; 4133} SD_CHANGE_MACHINE_SID_INPUT, *PSD_CHANGE_MACHINE_SID_INPUT; 4134 4135typedef struct _SD_CHANGE_MACHINE_SID_OUTPUT { 4136 ULONGLONG NumSDChangedSuccess; 4137 ULONGLONG NumSDChangedFail; 4138 ULONGLONG NumSDUnused; 4139 ULONGLONG NumSDTotal; 4140 ULONGLONG NumMftSDChangedSuccess; 4141 ULONGLONG NumMftSDChangedFail; 4142 ULONGLONG NumMftSDTotal; 4143} SD_CHANGE_MACHINE_SID_OUTPUT, *PSD_CHANGE_MACHINE_SID_OUTPUT; 4144 4145typedef struct _SD_GLOBAL_CHANGE_INPUT { 4146 ULONG Flags; 4147 ULONG ChangeType; 4148 _ANONYMOUS_UNION union { 4149 SD_CHANGE_MACHINE_SID_INPUT SdChange; 4150 } DUMMYUNIONNAME; 4151} SD_GLOBAL_CHANGE_INPUT, *PSD_GLOBAL_CHANGE_INPUT; 4152 4153typedef struct _SD_GLOBAL_CHANGE_OUTPUT { 4154 ULONG Flags; 4155 ULONG ChangeType; 4156 _ANONYMOUS_UNION union { 4157 SD_CHANGE_MACHINE_SID_OUTPUT SdChange; 4158 } DUMMYUNIONNAME; 4159} SD_GLOBAL_CHANGE_OUTPUT, *PSD_GLOBAL_CHANGE_OUTPUT; 4160 4161#define ENCRYPTED_DATA_INFO_SPARSE_FILE 1 4162 4163typedef struct _EXTENDED_ENCRYPTED_DATA_INFO { 4164 ULONG ExtendedCode; 4165 ULONG Length; 4166 ULONG Flags; 4167 ULONG Reserved; 4168} EXTENDED_ENCRYPTED_DATA_INFO, *PEXTENDED_ENCRYPTED_DATA_INFO; 4169 4170typedef struct _LOOKUP_STREAM_FROM_CLUSTER_INPUT { 4171 ULONG Flags; 4172 ULONG NumberOfClusters; 4173 LARGE_INTEGER Cluster[1]; 4174} LOOKUP_STREAM_FROM_CLUSTER_INPUT, *PLOOKUP_STREAM_FROM_CLUSTER_INPUT; 4175 4176typedef struct _LOOKUP_STREAM_FROM_CLUSTER_OUTPUT { 4177 ULONG Offset; 4178 ULONG NumberOfMatches; 4179 ULONG BufferSizeRequired; 4180} LOOKUP_STREAM_FROM_CLUSTER_OUTPUT, *PLOOKUP_STREAM_FROM_CLUSTER_OUTPUT; 4181 4182#define LOOKUP_STREAM_FROM_CLUSTER_ENTRY_FLAG_PAGE_FILE 0x00000001 4183#define LOOKUP_STREAM_FROM_CLUSTER_ENTRY_FLAG_DENY_DEFRAG_SET 0x00000002 4184#define LOOKUP_STREAM_FROM_CLUSTER_ENTRY_FLAG_FS_SYSTEM_FILE 0x00000004 4185#define LOOKUP_STREAM_FROM_CLUSTER_ENTRY_FLAG_TXF_SYSTEM_FILE 0x00000008 4186 4187#define LOOKUP_STREAM_FROM_CLUSTER_ENTRY_ATTRIBUTE_MASK 0xff000000 4188#define LOOKUP_STREAM_FROM_CLUSTER_ENTRY_ATTRIBUTE_DATA 0x01000000 4189#define LOOKUP_STREAM_FROM_CLUSTER_ENTRY_ATTRIBUTE_INDEX 0x02000000 4190#define LOOKUP_STREAM_FROM_CLUSTER_ENTRY_ATTRIBUTE_SYSTEM 0x03000000 4191 4192typedef struct _LOOKUP_STREAM_FROM_CLUSTER_ENTRY { 4193 ULONG OffsetToNext; 4194 ULONG Flags; 4195 LARGE_INTEGER Reserved; 4196 LARGE_INTEGER Cluster; 4197 WCHAR FileName[1]; 4198} LOOKUP_STREAM_FROM_CLUSTER_ENTRY, *PLOOKUP_STREAM_FROM_CLUSTER_ENTRY; 4199 4200typedef struct _FILE_TYPE_NOTIFICATION_INPUT { 4201 ULONG Flags; 4202 ULONG NumFileTypeIDs; 4203 GUID FileTypeID[1]; 4204} FILE_TYPE_NOTIFICATION_INPUT, *PFILE_TYPE_NOTIFICATION_INPUT; 4205 4206#define FILE_TYPE_NOTIFICATION_FLAG_USAGE_BEGIN 0x00000001 4207#define FILE_TYPE_NOTIFICATION_FLAG_USAGE_END 0x00000002 4208 4209DEFINE_GUID(FILE_TYPE_NOTIFICATION_GUID_PAGE_FILE, 0x0d0a64a1, 0x38fc, 0x4db8, 0x9f, 0xe7, 0x3f, 0x43, 0x52, 0xcd, 0x7c, 0x5c); 4210DEFINE_GUID(FILE_TYPE_NOTIFICATION_GUID_HIBERNATION_FILE, 0xb7624d64, 0xb9a3, 0x4cf8, 0x80, 0x11, 0x5b, 0x86, 0xc9, 0x40, 0xe7, 0xb7); 4211DEFINE_GUID(FILE_TYPE_NOTIFICATION_GUID_CRASHDUMP_FILE, 0x9d453eb7, 0xd2a6, 0x4dbd, 0xa2, 0xe3, 0xfb, 0xd0, 0xed, 0x91, 0x09, 0xa9); 4212 4213#ifndef _VIRTUAL_STORAGE_TYPE_DEFINED 4214#define _VIRTUAL_STORAGE_TYPE_DEFINED 4215typedef struct _VIRTUAL_STORAGE_TYPE { 4216 ULONG DeviceId; 4217 GUID VendorId; 4218} VIRTUAL_STORAGE_TYPE, *PVIRTUAL_STORAGE_TYPE; 4219#endif 4220 4221typedef struct _STORAGE_QUERY_DEPENDENT_VOLUME_REQUEST { 4222 ULONG RequestLevel; 4223 ULONG RequestFlags; 4224} STORAGE_QUERY_DEPENDENT_VOLUME_REQUEST, *PSTORAGE_QUERY_DEPENDENT_VOLUME_REQUEST; 4225 4226#define QUERY_DEPENDENT_VOLUME_REQUEST_FLAG_HOST_VOLUMES 0x1 4227#define QUERY_DEPENDENT_VOLUME_REQUEST_FLAG_GUEST_VOLUMES 0x2 4228 4229typedef struct _STORAGE_QUERY_DEPENDENT_VOLUME_LEV1_ENTRY { 4230 ULONG EntryLength; 4231 ULONG DependencyTypeFlags; 4232 ULONG ProviderSpecificFlags; 4233 VIRTUAL_STORAGE_TYPE VirtualStorageType; 4234} STORAGE_QUERY_DEPENDENT_VOLUME_LEV1_ENTRY, *PSTORAGE_QUERY_DEPENDENT_VOLUME_LEV1_ENTRY; 4235 4236typedef struct _STORAGE_QUERY_DEPENDENT_VOLUME_LEV2_ENTRY { 4237 ULONG EntryLength; 4238 ULONG DependencyTypeFlags; 4239 ULONG ProviderSpecificFlags; 4240 VIRTUAL_STORAGE_TYPE VirtualStorageType; 4241 ULONG AncestorLevel; 4242 ULONG HostVolumeNameOffset; 4243 ULONG HostVolumeNameSize; 4244 ULONG DependentVolumeNameOffset; 4245 ULONG DependentVolumeNameSize; 4246 ULONG RelativePathOffset; 4247 ULONG RelativePathSize; 4248 ULONG DependentDeviceNameOffset; 4249 ULONG DependentDeviceNameSize; 4250} STORAGE_QUERY_DEPENDENT_VOLUME_LEV2_ENTRY, *PSTORAGE_QUERY_DEPENDENT_VOLUME_LEV2_ENTRY; 4251 4252typedef struct _STORAGE_QUERY_DEPENDENT_VOLUME_RESPONSE { 4253 ULONG ResponseLevel; 4254 ULONG NumberEntries; 4255 _ANONYMOUS_UNION union { 4256 STORAGE_QUERY_DEPENDENT_VOLUME_LEV1_ENTRY Lev1Depends[]; 4257 STORAGE_QUERY_DEPENDENT_VOLUME_LEV2_ENTRY Lev2Depends[]; 4258 } DUMMYUNIONNAME; 4259} STORAGE_QUERY_DEPENDENT_VOLUME_RESPONSE, *PSTORAGE_QUERY_DEPENDENT_VOLUME_RESPONSE; 4260 4261#endif /* (_WIN32_WINNT >= 0x0601) */ 4262 4263typedef struct _FILESYSTEM_STATISTICS { 4264 USHORT FileSystemType; 4265 USHORT Version; 4266 ULONG SizeOfCompleteStructure; 4267 ULONG UserFileReads; 4268 ULONG UserFileReadBytes; 4269 ULONG UserDiskReads; 4270 ULONG UserFileWrites; 4271 ULONG UserFileWriteBytes; 4272 ULONG UserDiskWrites; 4273 ULONG MetaDataReads; 4274 ULONG MetaDataReadBytes; 4275 ULONG MetaDataDiskReads; 4276 ULONG MetaDataWrites; 4277 ULONG MetaDataWriteBytes; 4278 ULONG MetaDataDiskWrites; 4279} FILESYSTEM_STATISTICS, *PFILESYSTEM_STATISTICS; 4280 4281#define FILESYSTEM_STATISTICS_TYPE_NTFS 1 4282#define FILESYSTEM_STATISTICS_TYPE_FAT 2 4283#define FILESYSTEM_STATISTICS_TYPE_EXFAT 3 4284 4285typedef struct _FAT_STATISTICS { 4286 ULONG CreateHits; 4287 ULONG SuccessfulCreates; 4288 ULONG FailedCreates; 4289 ULONG NonCachedReads; 4290 ULONG NonCachedReadBytes; 4291 ULONG NonCachedWrites; 4292 ULONG NonCachedWriteBytes; 4293 ULONG NonCachedDiskReads; 4294 ULONG NonCachedDiskWrites; 4295} FAT_STATISTICS, *PFAT_STATISTICS; 4296 4297typedef struct _EXFAT_STATISTICS { 4298 ULONG CreateHits; 4299 ULONG SuccessfulCreates; 4300 ULONG FailedCreates; 4301 ULONG NonCachedReads; 4302 ULONG NonCachedReadBytes; 4303 ULONG NonCachedWrites; 4304 ULONG NonCachedWriteBytes; 4305 ULONG NonCachedDiskReads; 4306 ULONG NonCachedDiskWrites; 4307} EXFAT_STATISTICS, *PEXFAT_STATISTICS; 4308 4309typedef struct _NTFS_STATISTICS { 4310 ULONG LogFileFullExceptions; 4311 ULONG OtherExceptions; 4312 ULONG MftReads; 4313 ULONG MftReadBytes; 4314 ULONG MftWrites; 4315 ULONG MftWriteBytes; 4316 struct { 4317 USHORT Write; 4318 USHORT Create; 4319 USHORT SetInfo; 4320 USHORT Flush; 4321 } MftWritesUserLevel; 4322 USHORT MftWritesFlushForLogFileFull; 4323 USHORT MftWritesLazyWriter; 4324 USHORT MftWritesUserRequest; 4325 ULONG Mft2Writes; 4326 ULONG Mft2WriteBytes; 4327 struct { 4328 USHORT Write; 4329 USHORT Create; 4330 USHORT SetInfo; 4331 USHORT Flush; 4332 } Mft2WritesUserLevel; 4333 USHORT Mft2WritesFlushForLogFileFull; 4334 USHORT Mft2WritesLazyWriter; 4335 USHORT Mft2WritesUserRequest; 4336 ULONG RootIndexReads; 4337 ULONG RootIndexReadBytes; 4338 ULONG RootIndexWrites; 4339 ULONG RootIndexWriteBytes; 4340 ULONG BitmapReads; 4341 ULONG BitmapReadBytes; 4342 ULONG BitmapWrites; 4343 ULONG BitmapWriteBytes; 4344 USHORT BitmapWritesFlushForLogFileFull; 4345 USHORT BitmapWritesLazyWriter; 4346 USHORT BitmapWritesUserRequest; 4347 struct { 4348 USHORT Write; 4349 USHORT Create; 4350 USHORT SetInfo; 4351 } BitmapWritesUserLevel; 4352 ULONG MftBitmapReads; 4353 ULONG MftBitmapReadBytes; 4354 ULONG MftBitmapWrites; 4355 ULONG MftBitmapWriteBytes; 4356 USHORT MftBitmapWritesFlushForLogFileFull; 4357 USHORT MftBitmapWritesLazyWriter; 4358 USHORT MftBitmapWritesUserRequest; 4359 struct { 4360 USHORT Write; 4361 USHORT Create; 4362 USHORT SetInfo; 4363 USHORT Flush; 4364 } MftBitmapWritesUserLevel; 4365 ULONG UserIndexReads; 4366 ULONG UserIndexReadBytes; 4367 ULONG UserIndexWrites; 4368 ULONG UserIndexWriteBytes; 4369 ULONG LogFileReads; 4370 ULONG LogFileReadBytes; 4371 ULONG LogFileWrites; 4372 ULONG LogFileWriteBytes; 4373 struct { 4374 ULONG Calls; 4375 ULONG Clusters; 4376 ULONG Hints; 4377 ULONG RunsReturned; 4378 ULONG HintsHonored; 4379 ULONG HintsClusters; 4380 ULONG Cache; 4381 ULONG CacheClusters; 4382 ULONG CacheMiss; 4383 ULONG CacheMissClusters; 4384 } Allocate; 4385} NTFS_STATISTICS, *PNTFS_STATISTICS; 4386 4387#endif /* _FILESYSTEMFSCTL_ */ 4388 4389#define SYMLINK_FLAG_RELATIVE 1 4390 4391typedef struct _REPARSE_DATA_BUFFER { 4392 ULONG ReparseTag; 4393 USHORT ReparseDataLength; 4394 USHORT Reserved; 4395 _ANONYMOUS_UNION union { 4396 struct { 4397 USHORT SubstituteNameOffset; 4398 USHORT SubstituteNameLength; 4399 USHORT PrintNameOffset; 4400 USHORT PrintNameLength; 4401 ULONG Flags; 4402 WCHAR PathBuffer[1]; 4403 } SymbolicLinkReparseBuffer; 4404 struct { 4405 USHORT SubstituteNameOffset; 4406 USHORT SubstituteNameLength; 4407 USHORT PrintNameOffset; 4408 USHORT PrintNameLength; 4409 WCHAR PathBuffer[1]; 4410 } MountPointReparseBuffer; 4411 struct { 4412 UCHAR DataBuffer[1]; 4413 } GenericReparseBuffer; 4414 } DUMMYUNIONNAME; 4415} REPARSE_DATA_BUFFER, *PREPARSE_DATA_BUFFER; 4416 4417#define REPARSE_DATA_BUFFER_HEADER_SIZE FIELD_OFFSET(REPARSE_DATA_BUFFER, GenericReparseBuffer) 4418 4419typedef struct _REPARSE_GUID_DATA_BUFFER { 4420 ULONG ReparseTag; 4421 USHORT ReparseDataLength; 4422 USHORT Reserved; 4423 GUID ReparseGuid; 4424 struct { 4425 UCHAR DataBuffer[1]; 4426 } GenericReparseBuffer; 4427} REPARSE_GUID_DATA_BUFFER, *PREPARSE_GUID_DATA_BUFFER; 4428 4429#define REPARSE_GUID_DATA_BUFFER_HEADER_SIZE FIELD_OFFSET(REPARSE_GUID_DATA_BUFFER, GenericReparseBuffer) 4430 4431#define MAXIMUM_REPARSE_DATA_BUFFER_SIZE ( 16 * 1024 ) 4432 4433/* Reserved reparse tags */ 4434#define IO_REPARSE_TAG_RESERVED_ZERO (0) 4435#define IO_REPARSE_TAG_RESERVED_ONE (1) 4436#define IO_REPARSE_TAG_RESERVED_RANGE IO_REPARSE_TAG_RESERVED_ONE 4437 4438#define IsReparseTagMicrosoft(_tag) (((_tag) & 0x80000000)) 4439#define IsReparseTagNameSurrogate(_tag) (((_tag) & 0x20000000)) 4440 4441#define IO_REPARSE_TAG_VALID_VALUES (0xF000FFFF) 4442 4443#define IsReparseTagValid(tag) ( \ 4444 !((tag) & ~IO_REPARSE_TAG_VALID_VALUES) && \ 4445 ((tag) > IO_REPARSE_TAG_RESERVED_RANGE) \ 4446 ) 4447 4448/* MicroSoft reparse point tags */ 4449#define IO_REPARSE_TAG_MOUNT_POINT (0xA0000003L) 4450#define IO_REPARSE_TAG_HSM (0xC0000004L) 4451#define IO_REPARSE_TAG_DRIVE_EXTENDER (0x80000005L) 4452#define IO_REPARSE_TAG_HSM2 (0x80000006L) 4453#define IO_REPARSE_TAG_SIS (0x80000007L) 4454#define IO_REPARSE_TAG_WIM (0x80000008L) 4455#define IO_REPARSE_TAG_CSV (0x80000009L) 4456#define IO_REPARSE_TAG_DFS (0x8000000AL) 4457#define IO_REPARSE_TAG_FILTER_MANAGER (0x8000000BL) 4458#define IO_REPARSE_TAG_SYMLINK (0xA000000CL) 4459#define IO_REPARSE_TAG_IIS_CACHE (0xA0000010L) 4460#define IO_REPARSE_TAG_DFSR (0x80000012L) 4461 4462#pragma pack(4) 4463typedef struct _REPARSE_INDEX_KEY { 4464 ULONG FileReparseTag; 4465 LARGE_INTEGER FileId; 4466} REPARSE_INDEX_KEY, *PREPARSE_INDEX_KEY; 4467#pragma pack() 4468 4469#define FSCTL_LMR_GET_LINK_TRACKING_INFORMATION CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM,58,METHOD_BUFFERED,FILE_ANY_ACCESS) 4470#define FSCTL_LMR_SET_LINK_TRACKING_INFORMATION CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM,59,METHOD_BUFFERED,FILE_ANY_ACCESS) 4471#define IOCTL_LMR_ARE_FILE_OBJECTS_ON_SAME_SERVER CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM,60,METHOD_BUFFERED,FILE_ANY_ACCESS) 4472 4473#define FSCTL_PIPE_ASSIGN_EVENT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 0, METHOD_BUFFERED, FILE_ANY_ACCESS) 4474#define FSCTL_PIPE_DISCONNECT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 1, METHOD_BUFFERED, FILE_ANY_ACCESS) 4475#define FSCTL_PIPE_LISTEN CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2, METHOD_BUFFERED, FILE_ANY_ACCESS) 4476#define FSCTL_PIPE_PEEK CTL_CODE(FILE_DEVICE_NAMED_PIPE, 3, METHOD_BUFFERED, FILE_READ_DATA) 4477#define FSCTL_PIPE_QUERY_EVENT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 4, METHOD_BUFFERED, FILE_ANY_ACCESS) 4478#define FSCTL_PIPE_TRANSCEIVE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 5, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA) 4479#define FSCTL_PIPE_WAIT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 6, METHOD_BUFFERED, FILE_ANY_ACCESS) 4480#define FSCTL_PIPE_IMPERSONATE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 7, METHOD_BUFFERED, FILE_ANY_ACCESS) 4481#define FSCTL_PIPE_SET_CLIENT_PROCESS CTL_CODE(FILE_DEVICE_NAMED_PIPE, 8, METHOD_BUFFERED, FILE_ANY_ACCESS) 4482#define FSCTL_PIPE_QUERY_CLIENT_PROCESS CTL_CODE(FILE_DEVICE_NAMED_PIPE, 9, METHOD_BUFFERED, FILE_ANY_ACCESS) 4483#define FSCTL_PIPE_GET_PIPE_ATTRIBUTE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 10, METHOD_BUFFERED, FILE_ANY_ACCESS) 4484#define FSCTL_PIPE_SET_PIPE_ATTRIBUTE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 11, METHOD_BUFFERED, FILE_ANY_ACCESS) 4485#define FSCTL_PIPE_GET_CONNECTION_ATTRIBUTE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 12, METHOD_BUFFERED, FILE_ANY_ACCESS) 4486#define FSCTL_PIPE_SET_CONNECTION_ATTRIBUTE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 13, METHOD_BUFFERED, FILE_ANY_ACCESS) 4487#define FSCTL_PIPE_GET_HANDLE_ATTRIBUTE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 14, METHOD_BUFFERED, FILE_ANY_ACCESS) 4488#define FSCTL_PIPE_SET_HANDLE_ATTRIBUTE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 15, METHOD_BUFFERED, FILE_ANY_ACCESS) 4489#define FSCTL_PIPE_FLUSH CTL_CODE(FILE_DEVICE_NAMED_PIPE, 16, METHOD_BUFFERED, FILE_WRITE_DATA) 4490 4491#define FSCTL_PIPE_INTERNAL_READ CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2045, METHOD_BUFFERED, FILE_READ_DATA) 4492#define FSCTL_PIPE_INTERNAL_WRITE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2046, METHOD_BUFFERED, FILE_WRITE_DATA) 4493#define FSCTL_PIPE_INTERNAL_TRANSCEIVE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2047, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA) 4494#define FSCTL_PIPE_INTERNAL_READ_OVFLOW CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2048, METHOD_BUFFERED, FILE_READ_DATA) 4495 4496#define FILE_PIPE_READ_DATA 0x00000000 4497#define FILE_PIPE_WRITE_SPACE 0x00000001 4498 4499typedef struct _FILE_PIPE_ASSIGN_EVENT_BUFFER { 4500 HANDLE EventHandle; 4501 ULONG KeyValue; 4502} FILE_PIPE_ASSIGN_EVENT_BUFFER, *PFILE_PIPE_ASSIGN_EVENT_BUFFER; 4503 4504typedef struct _FILE_PIPE_EVENT_BUFFER { 4505 ULONG NamedPipeState; 4506 ULONG EntryType; 4507 ULONG ByteCount; 4508 ULONG KeyValue; 4509 ULONG NumberRequests; 4510} FILE_PIPE_EVENT_BUFFER, *PFILE_PIPE_EVENT_BUFFER; 4511 4512typedef struct _FILE_PIPE_PEEK_BUFFER { 4513 ULONG NamedPipeState; 4514 ULONG ReadDataAvailable; 4515 ULONG NumberOfMessages; 4516 ULONG MessageLength; 4517 CHAR Data[1]; 4518} FILE_PIPE_PEEK_BUFFER, *PFILE_PIPE_PEEK_BUFFER; 4519 4520typedef struct _FILE_PIPE_WAIT_FOR_BUFFER { 4521 LARGE_INTEGER Timeout; 4522 ULONG NameLength; 4523 BOOLEAN TimeoutSpecified; 4524 WCHAR Name[1]; 4525} FILE_PIPE_WAIT_FOR_BUFFER, *PFILE_PIPE_WAIT_FOR_BUFFER; 4526 4527typedef struct _FILE_PIPE_CLIENT_PROCESS_BUFFER { 4528#if !defined(BUILD_WOW6432) 4529 PVOID ClientSession; 4530 PVOID ClientProcess; 4531#else 4532 ULONGLONG ClientSession; 4533 ULONGLONG ClientProcess; 4534#endif 4535} FILE_PIPE_CLIENT_PROCESS_BUFFER, *PFILE_PIPE_CLIENT_PROCESS_BUFFER; 4536 4537#define FILE_PIPE_COMPUTER_NAME_LENGTH 15 4538 4539typedef struct _FILE_PIPE_CLIENT_PROCESS_BUFFER_EX { 4540#if !defined(BUILD_WOW6432) 4541 PVOID ClientSession; 4542 PVOID ClientProcess; 4543#else 4544 ULONGLONG ClientSession; 4545 ULONGLONG ClientProcess; 4546#endif 4547 USHORT ClientComputerNameLength; 4548 WCHAR ClientComputerBuffer[FILE_PIPE_COMPUTER_NAME_LENGTH+1]; 4549} FILE_PIPE_CLIENT_PROCESS_BUFFER_EX, *PFILE_PIPE_CLIENT_PROCESS_BUFFER_EX; 4550 4551#define FSCTL_MAILSLOT_PEEK CTL_CODE(FILE_DEVICE_MAILSLOT, 0, METHOD_NEITHER, FILE_READ_DATA) 4552 4553typedef enum _LINK_TRACKING_INFORMATION_TYPE { 4554 NtfsLinkTrackingInformation, 4555 DfsLinkTrackingInformation 4556} LINK_TRACKING_INFORMATION_TYPE, *PLINK_TRACKING_INFORMATION_TYPE; 4557 4558typedef struct _LINK_TRACKING_INFORMATION { 4559 LINK_TRACKING_INFORMATION_TYPE Type; 4560 UCHAR VolumeId[16]; 4561} LINK_TRACKING_INFORMATION, *PLINK_TRACKING_INFORMATION; 4562 4563typedef struct _REMOTE_LINK_TRACKING_INFORMATION { 4564 PVOID TargetFileObject; 4565 ULONG TargetLinkTrackingInformationLength; 4566 UCHAR TargetLinkTrackingInformationBuffer[1]; 4567} REMOTE_LINK_TRACKING_INFORMATION, *PREMOTE_LINK_TRACKING_INFORMATION; 4568 4569#define IO_OPEN_PAGING_FILE 0x0002 4570#define IO_OPEN_TARGET_DIRECTORY 0x0004 4571#define IO_STOP_ON_SYMLINK 0x0008 4572#define IO_MM_PAGING_FILE 0x0010 4573 4574typedef VOID 4575(NTAPI *PDRIVER_FS_NOTIFICATION) ( 4576 IN PDEVICE_OBJECT DeviceObject, 4577 IN BOOLEAN FsActive); 4578 4579typedef enum _FS_FILTER_SECTION_SYNC_TYPE { 4580 SyncTypeOther = 0, 4581 SyncTypeCreateSection 4582} FS_FILTER_SECTION_SYNC_TYPE, *PFS_FILTER_SECTION_SYNC_TYPE; 4583 4584typedef enum _FS_FILTER_STREAM_FO_NOTIFICATION_TYPE { 4585 NotifyTypeCreate = 0, 4586 NotifyTypeRetired 4587} FS_FILTER_STREAM_FO_NOTIFICATION_TYPE, *PFS_FILTER_STREAM_FO_NOTIFICATION_TYPE; 4588 4589typedef union _FS_FILTER_PARAMETERS { 4590 struct { 4591 PLARGE_INTEGER EndingOffset; 4592 PERESOURCE *ResourceToRelease; 4593 } AcquireForModifiedPageWriter; 4594 struct { 4595 PERESOURCE ResourceToRelease; 4596 } ReleaseForModifiedPageWriter; 4597 struct { 4598 FS_FILTER_SECTION_SYNC_TYPE SyncType; 4599 ULONG PageProtection; 4600 } AcquireForSectionSynchronization; 4601 struct { 4602 FS_FILTER_STREAM_FO_NOTIFICATION_TYPE NotificationType; 4603 BOOLEAN POINTER_ALIGNMENT SafeToRecurse; 4604 } NotifyStreamFileObject; 4605 struct { 4606 PVOID Argument1; 4607 PVOID Argument2; 4608 PVOID Argument3; 4609 PVOID Argument4; 4610 PVOID Argument5; 4611 } Others; 4612} FS_FILTER_PARAMETERS, *PFS_FILTER_PARAMETERS; 4613 4614#define FS_FILTER_ACQUIRE_FOR_SECTION_SYNCHRONIZATION (UCHAR)-1 4615#define FS_FILTER_RELEASE_FOR_SECTION_SYNCHRONIZATION (UCHAR)-2 4616#define FS_FILTER_ACQUIRE_FOR_MOD_WRITE (UCHAR)-3 4617#define FS_FILTER_RELEASE_FOR_MOD_WRITE (UCHAR)-4 4618#define FS_FILTER_ACQUIRE_FOR_CC_FLUSH (UCHAR)-5 4619#define FS_FILTER_RELEASE_FOR_CC_FLUSH (UCHAR)-6 4620 4621typedef struct _FS_FILTER_CALLBACK_DATA { 4622 ULONG SizeOfFsFilterCallbackData; 4623 UCHAR Operation; 4624 UCHAR Reserved; 4625 struct _DEVICE_OBJECT *DeviceObject; 4626 struct _FILE_OBJECT *FileObject; 4627 FS_FILTER_PARAMETERS Parameters; 4628} FS_FILTER_CALLBACK_DATA, *PFS_FILTER_CALLBACK_DATA; 4629 4630typedef NTSTATUS 4631(NTAPI *PFS_FILTER_CALLBACK) ( 4632 IN PFS_FILTER_CALLBACK_DATA Data, 4633 OUT PVOID *CompletionContext); 4634 4635typedef VOID 4636(NTAPI *PFS_FILTER_COMPLETION_CALLBACK) ( 4637 IN PFS_FILTER_CALLBACK_DATA Data, 4638 IN NTSTATUS OperationStatus, 4639 IN PVOID CompletionContext); 4640 4641typedef struct _FS_FILTER_CALLBACKS { 4642 ULONG SizeOfFsFilterCallbacks; 4643 ULONG Reserved; 4644 PFS_FILTER_CALLBACK PreAcquireForSectionSynchronization; 4645 PFS_FILTER_COMPLETION_CALLBACK PostAcquireForSectionSynchronization; 4646 PFS_FILTER_CALLBACK PreReleaseForSectionSynchronization; 4647 PFS_FILTER_COMPLETION_CALLBACK PostReleaseForSectionSynchronization; 4648 PFS_FILTER_CALLBACK PreAcquireForCcFlush; 4649 PFS_FILTER_COMPLETION_CALLBACK PostAcquireForCcFlush; 4650 PFS_FILTER_CALLBACK PreReleaseForCcFlush; 4651 PFS_FILTER_COMPLETION_CALLBACK PostReleaseForCcFlush; 4652 PFS_FILTER_CALLBACK PreAcquireForModifiedPageWriter; 4653 PFS_FILTER_COMPLETION_CALLBACK PostAcquireForModifiedPageWriter; 4654 PFS_FILTER_CALLBACK PreReleaseForModifiedPageWriter; 4655 PFS_FILTER_COMPLETION_CALLBACK PostReleaseForModifiedPageWriter; 4656} FS_FILTER_CALLBACKS, *PFS_FILTER_CALLBACKS; 4657 4658#if (NTDDI_VERSION >= NTDDI_WINXP) 4659NTKERNELAPI 4660NTSTATUS 4661NTAPI 4662FsRtlRegisterFileSystemFilterCallbacks( 4663 IN struct _DRIVER_OBJECT *FilterDriverObject, 4664 IN PFS_FILTER_CALLBACKS Callbacks); 4665#endif /* (NTDDI_VERSION >= NTDDI_WINXP) */ 4666 4667#if (NTDDI_VERSION >= NTDDI_VISTA) 4668NTKERNELAPI 4669NTSTATUS 4670NTAPI 4671FsRtlNotifyStreamFileObject( 4672 IN struct _FILE_OBJECT * StreamFileObject, 4673 IN struct _DEVICE_OBJECT *DeviceObjectHint OPTIONAL, 4674 IN FS_FILTER_STREAM_FO_NOTIFICATION_TYPE NotificationType, 4675 IN BOOLEAN SafeToRecurse); 4676#endif /* (NTDDI_VERSION >= NTDDI_VISTA) */ 4677 4678#define DO_VERIFY_VOLUME 0x00000002 4679#define DO_BUFFERED_IO 0x00000004 4680#define DO_EXCLUSIVE 0x00000008 4681#define DO_DIRECT_IO 0x00000010 4682#define DO_MAP_IO_BUFFER 0x00000020 4683#define DO_DEVICE_HAS_NAME 0x00000040 4684#define DO_DEVICE_INITIALIZING 0x00000080 4685#define DO_SYSTEM_BOOT_PARTITION 0x00000100 4686#define DO_LONG_TERM_REQUESTS 0x00000200 4687#define DO_NEVER_LAST_DEVICE 0x00000400 4688#define DO_SHUTDOWN_REGISTERED 0x00000800 4689#define DO_BUS_ENUMERATED_DEVICE 0x00001000 4690#define DO_POWER_PAGABLE 0x00002000 4691#define DO_POWER_INRUSH 0x00004000 4692#define DO_LOW_PRIORITY_FILESYSTEM 0x00010000 4693#define DO_SUPPORTS_TRANSACTIONS 0x00040000 4694#define DO_FORCE_NEITHER_IO 0x00080000 4695#define DO_VOLUME_DEVICE_OBJECT 0x00100000 4696#define DO_SYSTEM_SYSTEM_PARTITION 0x00200000 4697#define DO_SYSTEM_CRITICAL_PARTITION 0x00400000 4698#define DO_DISALLOW_EXECUTE 0x00800000 4699 4700extern KSPIN_LOCK IoStatisticsLock; 4701extern ULONG IoReadOperationCount; 4702extern ULONG IoWriteOperationCount; 4703extern ULONG IoOtherOperationCount; 4704extern LARGE_INTEGER IoReadTransferCount; 4705extern LARGE_INTEGER IoWriteTransferCount; 4706extern LARGE_INTEGER IoOtherTransferCount; 4707 4708#define IO_FILE_OBJECT_NON_PAGED_POOL_CHARGE 64 4709#define IO_FILE_OBJECT_PAGED_POOL_CHARGE 1024 4710 4711#if (NTDDI_VERSION >= NTDDI_VISTA) 4712typedef struct _IO_PRIORITY_INFO { 4713 ULONG Size; 4714 ULONG ThreadPriority; 4715 ULONG PagePriority; 4716 IO_PRIORITY_HINT IoPriority; 4717} IO_PRIORITY_INFO, *PIO_PRIORITY_INFO; 4718#endif 4719 4720typedef struct _PUBLIC_OBJECT_BASIC_INFORMATION { 4721 ULONG Attributes; 4722 ACCESS_MASK GrantedAccess; 4723 ULONG HandleCount; 4724 ULONG PointerCount; 4725 ULONG Reserved[10]; 4726} PUBLIC_OBJECT_BASIC_INFORMATION, *PPUBLIC_OBJECT_BASIC_INFORMATION; 4727 4728typedef struct _PUBLIC_OBJECT_TYPE_INFORMATION { 4729 UNICODE_STRING TypeName; 4730 ULONG Reserved [22]; 4731} PUBLIC_OBJECT_TYPE_INFORMATION, *PPUBLIC_OBJECT_TYPE_INFORMATION; 4732 4733typedef struct _SECURITY_CLIENT_CONTEXT { 4734 SECURITY_QUALITY_OF_SERVICE SecurityQos; 4735 PACCESS_TOKEN ClientToken; 4736 BOOLEAN DirectlyAccessClientToken; 4737 BOOLEAN DirectAccessEffectiveOnly; 4738 BOOLEAN ServerIsRemote; 4739 TOKEN_CONTROL ClientTokenControl; 4740} SECURITY_CLIENT_CONTEXT, *PSECURITY_CLIENT_CONTEXT; 4741 4742#define SYSTEM_PAGE_PRIORITY_BITS 3 4743#define SYSTEM_PAGE_PRIORITY_LEVELS (1 << SYSTEM_PAGE_PRIORITY_BITS) 4744 4745typedef struct _KAPC_STATE { 4746 LIST_ENTRY ApcListHead[MaximumMode]; 4747 PKPROCESS Process; 4748 BOOLEAN KernelApcInProgress; 4749 BOOLEAN KernelApcPending; 4750 BOOLEAN UserApcPending; 4751} KAPC_STATE, *PKAPC_STATE, *RESTRICTED_POINTER PRKAPC_STATE; 4752 4753#define KAPC_STATE_ACTUAL_LENGTH (FIELD_OFFSET(KAPC_STATE, UserApcPending) + sizeof(BOOLEAN)) 4754 4755#define ASSERT_QUEUE(Q) ASSERT(((Q)->Header.Type & KOBJECT_TYPE_MASK) == QueueObject); 4756 4757typedef struct _KQUEUE { 4758 DISPATCHER_HEADER Header; 4759 LIST_ENTRY EntryListHead; 4760 volatile ULONG CurrentCount; 4761 ULONG MaximumCount; 4762 LIST_ENTRY ThreadListHead; 4763} KQUEUE, *PKQUEUE, *RESTRICTED_POINTER PRKQUEUE; 4764 4765/****************************************************************************** 4766 * Kernel Functions * 4767 ******************************************************************************/ 4768 4769NTSTATUS 4770NTAPI 4771KeGetProcessorNumberFromIndex( 4772 IN ULONG ProcIndex, 4773 OUT PPROCESSOR_NUMBER ProcNumber); 4774 4775ULONG 4776NTAPI 4777KeGetProcessorIndexFromNumber( 4778 IN PPROCESSOR_NUMBER ProcNumber); 4779 4780#if (NTDDI_VERSION >= NTDDI_WIN2K) 4781 4782 4783 4784 4785NTKERNELAPI 4786VOID 4787NTAPI 4788KeInitializeMutant( 4789 OUT PRKMUTANT Mutant, 4790 IN BOOLEAN InitialOwner); 4791 4792NTKERNELAPI 4793LONG 4794NTAPI 4795KeReadStateMutant( 4796 IN PRKMUTANT Mutant); 4797 4798NTKERNELAPI 4799LONG 4800NTAPI 4801KeReleaseMutant( 4802 IN OUT PRKMUTANT Mutant, 4803 IN KPRIORITY Increment, 4804 IN BOOLEAN Abandoned, 4805 IN BOOLEAN Wait); 4806 4807NTKERNELAPI 4808VOID 4809NTAPI 4810KeInitializeQueue( 4811 OUT PRKQUEUE Queue, 4812 IN ULONG Count); 4813 4814NTKERNELAPI 4815LONG 4816NTAPI 4817KeReadStateQueue( 4818 IN PRKQUEUE Queue); 4819 4820NTKERNELAPI 4821LONG 4822NTAPI 4823KeInsertQueue( 4824 IN OUT PRKQUEUE Queue, 4825 IN OUT PLIST_ENTRY Entry); 4826 4827NTKERNELAPI 4828LONG 4829NTAPI 4830KeInsertHeadQueue( 4831 IN OUT PRKQUEUE Queue, 4832 IN OUT PLIST_ENTRY Entry); 4833 4834NTKERNELAPI 4835PLIST_ENTRY 4836NTAPI 4837KeRemoveQueue( 4838 IN OUT PRKQUEUE Queue, 4839 IN KPROCESSOR_MODE WaitMode, 4840 IN PLARGE_INTEGER Timeout OPTIONAL); 4841 4842NTKERNELAPI 4843VOID 4844NTAPI 4845KeAttachProcess( 4846 IN OUT PKPROCESS Process); 4847 4848NTKERNELAPI 4849VOID 4850NTAPI 4851KeDetachProcess( 4852 VOID); 4853 4854NTKERNELAPI 4855PLIST_ENTRY 4856NTAPI 4857KeRundownQueue( 4858 IN OUT PRKQUEUE Queue); 4859 4860NTKERNELAPI 4861VOID 4862NTAPI 4863KeStackAttachProcess( 4864 IN OUT PKPROCESS Process, 4865 OUT PKAPC_STATE ApcState); 4866 4867NTKERNELAPI 4868VOID 4869NTAPI 4870KeUnstackDetachProcess( 4871 IN PKAPC_STATE ApcState); 4872 4873NTKERNELAPI 4874UCHAR 4875NTAPI 4876KeSetIdealProcessorThread( 4877 IN OUT PKTHREAD Thread, 4878 IN UCHAR Processor); 4879 4880NTKERNELAPI 4881BOOLEAN 4882NTAPI 4883KeSetKernelStackSwapEnable( 4884 IN BOOLEAN Enable); 4885 4886#if defined(_X86_) 4887NTHALAPI 4888KIRQL 4889FASTCALL 4890KeAcquireSpinLockRaiseToSynch( 4891 IN OUT PKSPIN_LOCK SpinLock); 4892#else 4893NTKERNELAPI 4894KIRQL 4895KeAcquireSpinLockRaiseToSynch( 4896 IN OUT PKSPIN_LOCK SpinLock); 4897#endif 4898 4899#endif /* (NTDDI_VERSION >= NTDDI_WIN2K) */ 4900 4901#if (NTDDI_VERSION >= NTDDI_WINXP) 4902 4903_DECL_HAL_KE_IMPORT 4904KIRQL 4905FASTCALL 4906KeAcquireQueuedSpinLock( 4907 IN OUT KSPIN_LOCK_QUEUE_NUMBER Number); 4908 4909_DECL_HAL_KE_IMPORT 4910VOID 4911FASTCALL 4912KeReleaseQueuedSpinLock( 4913 IN OUT KSPIN_LOCK_QUEUE_NUMBER Number, 4914 IN KIRQL OldIrql); 4915 4916_DECL_HAL_KE_IMPORT 4917LOGICAL 4918FASTCALL 4919KeTryToAcquireQueuedSpinLock( 4920 IN KSPIN_LOCK_QUEUE_NUMBER Number, 4921 OUT PKIRQL OldIrql); 4922 4923#endif /* (NTDDI_VERSION >= NTDDI_WINXP) */ 4924 4925 4926 4927#if (NTDDI_VERSION >= NTDDI_VISTA) 4928 4929NTKERNELAPI 4930VOID 4931KeQueryOwnerMutant( 4932 IN PKMUTANT Mutant, 4933 OUT PCLIENT_ID ClientId); 4934 4935NTKERNELAPI 4936ULONG 4937KeRemoveQueueEx ( 4938 IN OUT PKQUEUE Queue, 4939 IN KPROCESSOR_MODE WaitMode, 4940 IN BOOLEAN Alertable, 4941 IN PLARGE_INTEGER Timeout OPTIONAL, 4942 OUT PLIST_ENTRY *EntryArray, 4943 IN ULONG Count); 4944 4945#endif /* (NTDDI_VERSION >= NTDDI_VISTA) */ 4946 4947 4948 4949#define INVALID_PROCESSOR_INDEX 0xffffffff 4950 4951#define EX_PUSH_LOCK ULONG_PTR 4952#define PEX_PUSH_LOCK PULONG_PTR 4953 4954/****************************************************************************** 4955 * Executive Functions * 4956 ******************************************************************************/ 4957 4958#define ExDisableResourceBoost ExDisableResourceBoostLite 4959 4960VOID 4961ExInitializePushLock ( 4962 OUT PEX_PUSH_LOCK PushLock); 4963 4964#if (NTDDI_VERSION >= NTDDI_WIN2K) 4965 4966NTKERNELAPI 4967SIZE_T 4968NTAPI 4969ExQueryPoolBlockSize( 4970 IN PVOID PoolBlock, 4971 OUT PBOOLEAN QuotaCharged); 4972 4973VOID 4974ExAdjustLookasideDepth( 4975 VOID); 4976 4977NTKERNELAPI 4978VOID 4979NTAPI 4980ExDisableResourceBoostLite( 4981 IN PERESOURCE Resource); 4982#endif /* (NTDDI_VERSION >= NTDDI_WIN2K) */ 4983 4984#if (NTDDI_VERSION >= NTDDI_WINXP) 4985 4986PSLIST_ENTRY 4987FASTCALL 4988InterlockedPushListSList( 4989 IN OUT PSLIST_HEADER ListHead, 4990 IN OUT PSLIST_ENTRY List, 4991 IN OUT PSLIST_ENTRY ListEnd, 4992 IN ULONG Count); 4993#endif /* (NTDDI_VERSION >= NTDDI_WINXP) */ 4994 4995/****************************************************************************** 4996 * Security Manager Functions * 4997 ******************************************************************************/ 4998 4999#if (NTDDI_VERSION >= NTDDI_WIN2K) 5000 5001NTKERNELAPI 5002VOID 5003NTAPI 5004SeReleaseSubjectContext( 5005 IN PSECURITY_SUBJECT_CONTEXT SubjectContext); 5006 5007NTKERNELAPI 5008BOOLEAN 5009NTAPI 5010SePrivilegeCheck( 5011 IN OUT PPRIVILEGE_SET RequiredPrivileges, 5012 IN PSECURITY_SUBJECT_CONTEXT SubjectContext, 5013 IN KPROCESSOR_MODE AccessMode); 5014 5015NTKERNELAPI 5016VOID 5017NTAPI 5018SeOpenObjectAuditAlarm( 5019 IN PUNICODE_STRING ObjectTypeName, 5020 IN PVOID Object OPTIONAL, 5021 IN PUNICODE_STRING AbsoluteObjectName OPTIONAL, 5022 IN PSECURITY_DESCRIPTOR SecurityDescriptor, 5023 IN PACCESS_STATE AccessState, 5024 IN BOOLEAN ObjectCreated, 5025 IN BOOLEAN AccessGranted, 5026 IN KPROCESSOR_MODE AccessMode, 5027 OUT PBOOLEAN GenerateOnClose); 5028 5029NTKERNELAPI 5030VOID 5031NTAPI 5032SeOpenObjectForDeleteAuditAlarm( 5033 IN PUNICODE_STRING ObjectTypeName, 5034 IN PVOID Object OPTIONAL, 5035 IN PUNICODE_STRING AbsoluteObjectName OPTIONAL, 5036 IN PSECURITY_DESCRIPTOR SecurityDescriptor, 5037 IN PACCESS_STATE AccessState, 5038 IN BOOLEAN ObjectCreated, 5039 IN BOOLEAN AccessGranted, 5040 IN KPROCESSOR_MODE AccessMode, 5041 OUT PBOOLEAN GenerateOnClose); 5042 5043NTKERNELAPI 5044VOID 5045NTAPI 5046SeDeleteObjectAuditAlarm( 5047 IN PVOID Object, 5048 IN HANDLE Handle); 5049 5050NTKERNELAPI 5051TOKEN_TYPE 5052NTAPI 5053SeTokenType( 5054 IN PACCESS_TOKEN Token); 5055 5056NTKERNELAPI 5057BOOLEAN 5058NTAPI 5059SeTokenIsAdmin( 5060 IN PACCESS_TOKEN Token); 5061 5062NTKERNELAPI 5063BOOLEAN 5064NTAPI 5065SeTokenIsRestricted( 5066 IN PACCESS_TOKEN Token); 5067 5068NTKERNELAPI 5069NTSTATUS 5070NTAPI 5071SeQueryAuthenticationIdToken( 5072 IN PACCESS_TOKEN Token, 5073 OUT PLUID AuthenticationId); 5074 5075NTKERNELAPI 5076NTSTATUS 5077NTAPI 5078SeQuerySessionIdToken( 5079 IN PACCESS_TOKEN Token, 5080 OUT PULONG SessionId); 5081 5082NTKERNELAPI 5083NTSTATUS 5084NTAPI 5085SeCreateClientSecurity( 5086 IN PETHREAD ClientThread, 5087 IN PSECURITY_QUALITY_OF_SERVICE ClientSecurityQos, 5088 IN BOOLEAN RemoteSession, 5089 OUT PSECURITY_CLIENT_CONTEXT ClientContext); 5090 5091NTKERNELAPI 5092VOID 5093NTAPI 5094SeImpersonateClient( 5095 IN PSECURITY_CLIENT_CONTEXT ClientContext, 5096 IN PETHREAD ServerThread OPTIONAL); 5097 5098NTKERNELAPI 5099NTSTATUS 5100NTAPI 5101SeImpersonateClientEx( 5102 IN PSECURITY_CLIENT_CONTEXT ClientContext, 5103 IN PETHREAD ServerThread OPTIONAL); 5104 5105NTKERNELAPI 5106NTSTATUS 5107NTAPI 5108SeCreateClientSecurityFromSubjectContext( 5109 IN PSECURITY_SUBJECT_CONTEXT SubjectContext, 5110 IN PSECURITY_QUALITY_OF_SERVICE ClientSecurityQos, 5111 IN BOOLEAN ServerIsRemote, 5112 OUT PSECURITY_CLIENT_CONTEXT ClientContext); 5113 5114NTKERNELAPI 5115NTSTATUS 5116NTAPI 5117SeQuerySecurityDescriptorInfo( 5118 IN PSECURITY_INFORMATION SecurityInformation, 5119 OUT PSECURITY_DESCRIPTOR SecurityDescriptor, 5120 IN OUT PULONG Length, 5121 IN OUT PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor); 5122 5123NTKERNELAPI 5124NTSTATUS 5125NTAPI 5126SeSetSecurityDescriptorInfo( 5127 IN PVOID Object OPTIONAL, 5128 IN PSECURITY_INFORMATION SecurityInformation, 5129 IN PSECURITY_DESCRIPTOR SecurityDescriptor, 5130 IN OUT PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor, 5131 IN POOL_TYPE PoolType, 5132 IN PGENERIC_MAPPING GenericMapping); 5133 5134NTKERNELAPI 5135NTSTATUS 5136NTAPI 5137SeSetSecurityDescriptorInfoEx( 5138 IN PVOID Object OPTIONAL, 5139 IN PSECURITY_INFORMATION SecurityInformation, 5140 IN PSECURITY_DESCRIPTOR ModificationDescriptor, 5141 IN OUT PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor, 5142 IN ULONG AutoInheritFlags, 5143 IN POOL_TYPE PoolType, 5144 IN PGENERIC_MAPPING GenericMapping); 5145 5146NTKERNELAPI 5147NTSTATUS 5148NTAPI 5149SeAppendPrivileges( 5150 IN OUT PACCESS_STATE AccessState, 5151 IN PPRIVILEGE_SET Privileges); 5152 5153NTKERNELAPI 5154BOOLEAN 5155NTAPI 5156SeAuditingFileEvents( 5157 IN BOOLEAN AccessGranted, 5158 IN PSECURITY_DESCRIPTOR SecurityDescriptor); 5159 5160NTKERNELAPI 5161BOOLEAN 5162NTAPI 5163SeAuditingFileOrGlobalEvents( 5164 IN BOOLEAN AccessGranted, 5165 IN PSECURITY_DESCRIPTOR SecurityDescriptor, 5166 IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext); 5167 5168VOID 5169NTAPI 5170SeSetAccessStateGenericMapping( 5171 IN OUT PACCESS_STATE AccessState, 5172 IN PGENERIC_MAPPING GenericMapping); 5173 5174NTKERNELAPI 5175NTSTATUS 5176NTAPI 5177SeRegisterLogonSessionTerminatedRoutine( 5178 IN PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine); 5179 5180NTKERNELAPI 5181NTSTATUS 5182NTAPI 5183SeUnregisterLogonSessionTerminatedRoutine( 5184 IN PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine); 5185 5186NTKERNELAPI 5187NTSTATUS 5188NTAPI 5189SeMarkLogonSessionForTerminationNotification( 5190 IN PLUID LogonId); 5191 5192NTKERNELAPI 5193NTSTATUS 5194NTAPI 5195SeQueryInformationToken( 5196 IN PACCESS_TOKEN Token, 5197 IN TOKEN_INFORMATION_CLASS TokenInformationClass, 5198 OUT PVOID *TokenInformation); 5199 5200#endif /* (NTDDI_VERSION >= NTDDI_WIN2K) */ 5201#if (NTDDI_VERSION >= NTDDI_WIN2KSP3) 5202NTKERNELAPI 5203BOOLEAN 5204NTAPI 5205SeAuditingHardLinkEvents( 5206 IN BOOLEAN AccessGranted, 5207 IN PSECURITY_DESCRIPTOR SecurityDescriptor); 5208#endif 5209 5210#if (NTDDI_VERSION >= NTDDI_WINXP) 5211 5212NTKERNELAPI 5213NTSTATUS 5214NTAPI 5215SeFilterToken( 5216 IN PACCESS_TOKEN ExistingToken, 5217 IN ULONG Flags, 5218 IN PTOKEN_GROUPS SidsToDisable OPTIONAL, 5219 IN PTOKEN_PRIVILEGES PrivilegesToDelete OPTIONAL, 5220 IN PTOKEN_GROUPS RestrictedSids OPTIONAL, 5221 OUT PACCESS_TOKEN *FilteredToken); 5222 5223NTKERNELAPI 5224VOID 5225NTAPI 5226SeAuditHardLinkCreation( 5227 IN PUNICODE_STRING FileName, 5228 IN PUNICODE_STRING LinkName, 5229 IN BOOLEAN bSuccess); 5230 5231#endif /* (NTDDI_VERSION >= NTDDI_WINXP) */ 5232 5233#if (NTDDI_VERSION >= NTDDI_WINXPSP2) 5234 5235NTKERNELAPI 5236BOOLEAN 5237NTAPI 5238SeAuditingFileEventsWithContext( 5239 IN BOOLEAN AccessGranted, 5240 IN PSECURITY_DESCRIPTOR SecurityDescriptor, 5241 IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext OPTIONAL); 5242 5243NTKERNELAPI 5244BOOLEAN 5245NTAPI 5246SeAuditingHardLinkEventsWithContext( 5247 IN BOOLEAN AccessGranted, 5248 IN PSECURITY_DESCRIPTOR SecurityDescriptor, 5249 IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext OPTIONAL); 5250 5251#endif 5252 5253 5254#if (NTDDI_VERSION >= NTDDI_VISTA) 5255 5256NTKERNELAPI 5257VOID 5258NTAPI 5259SeOpenObjectAuditAlarmWithTransaction( 5260 IN PUNICODE_STRING ObjectTypeName, 5261 IN PVOID Object OPTIONAL, 5262 IN PUNICODE_STRING AbsoluteObjectName OPTIONAL, 5263 IN PSECURITY_DESCRIPTOR SecurityDescriptor, 5264 IN PACCESS_STATE AccessState, 5265 IN BOOLEAN ObjectCreated, 5266 IN BOOLEAN AccessGranted, 5267 IN KPROCESSOR_MODE AccessMode, 5268 IN GUID *TransactionId OPTIONAL, 5269 OUT PBOOLEAN GenerateOnClose); 5270 5271NTKERNELAPI 5272VOID 5273NTAPI 5274SeOpenObjectForDeleteAuditAlarmWithTransaction( 5275 IN PUNICODE_STRING ObjectTypeName, 5276 IN PVOID Object OPTIONAL, 5277 IN PUNICODE_STRING AbsoluteObjectName OPTIONAL, 5278 IN PSECURITY_DESCRIPTOR SecurityDescriptor, 5279 IN PACCESS_STATE AccessState, 5280 IN BOOLEAN ObjectCreated, 5281 IN BOOLEAN AccessGranted, 5282 IN KPROCESSOR_MODE AccessMode, 5283 IN GUID *TransactionId OPTIONAL, 5284 OUT PBOOLEAN GenerateOnClose); 5285 5286NTKERNELAPI 5287VOID 5288NTAPI 5289SeExamineSacl( 5290 IN PACL Sacl, 5291 IN PACCESS_TOKEN Token, 5292 IN ACCESS_MASK DesiredAccess, 5293 IN BOOLEAN AccessGranted, 5294 OUT PBOOLEAN GenerateAudit, 5295 OUT PBOOLEAN GenerateAlarm); 5296 5297NTKERNELAPI 5298VOID 5299NTAPI 5300SeDeleteObjectAuditAlarmWithTransaction( 5301 IN PVOID Object, 5302 IN HANDLE Handle, 5303 IN GUID *TransactionId OPTIONAL); 5304 5305NTKERNELAPI 5306VOID 5307NTAPI 5308SeQueryTokenIntegrity( 5309 IN PACCESS_TOKEN Token, 5310 IN OUT PSID_AND_ATTRIBUTES IntegritySA); 5311 5312NTKERNELAPI 5313NTSTATUS 5314NTAPI 5315SeSetSessionIdToken( 5316 IN PACCESS_TOKEN Token, 5317 IN ULONG SessionId); 5318 5319NTKERNELAPI 5320VOID 5321NTAPI 5322SeAuditHardLinkCreationWithTransaction( 5323 IN PUNICODE_STRING FileName, 5324 IN PUNICODE_STRING LinkName, 5325 IN BOOLEAN bSuccess, 5326 IN GUID *TransactionId OPTIONAL); 5327 5328NTKERNELAPI 5329VOID 5330NTAPI 5331SeAuditTransactionStateChange( 5332 IN GUID *TransactionId, 5333 IN GUID *ResourceManagerId, 5334 IN ULONG NewTransactionState); 5335#endif /* (NTDDI_VERSION >= NTDDI_VISTA) */ 5336 5337#if (NTDDI_VERSION >= NTDDI_VISTA || (NTDDI_VERSION >= NTDDI_WINXPSP2 && NTDDI_VERSION < NTDDI_WS03)) 5338NTKERNELAPI 5339BOOLEAN 5340NTAPI 5341SeTokenIsWriteRestricted( 5342 IN PACCESS_TOKEN Token); 5343#endif 5344 5345#if (NTDDI_VERSION >= NTDDI_WIN7) 5346 5347NTKERNELAPI 5348BOOLEAN 5349NTAPI 5350SeAuditingAnyFileEventsWithContext( 5351 IN PSECURITY_DESCRIPTOR SecurityDescriptor, 5352 IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext OPTIONAL); 5353 5354NTKERNELAPI 5355VOID 5356NTAPI 5357SeExamineGlobalSacl( 5358 IN PUNICODE_STRING ObjectType, 5359 IN PACCESS_TOKEN Token, 5360 IN ACCESS_MASK DesiredAccess, 5361 IN BOOLEAN AccessGranted, 5362 IN OUT PBOOLEAN GenerateAudit, 5363 IN OUT PBOOLEAN GenerateAlarm OPTIONAL); 5364 5365NTKERNELAPI 5366VOID 5367NTAPI 5368SeMaximumAuditMaskFromGlobalSacl( 5369 IN PUNICODE_STRING ObjectTypeName OPTIONAL, 5370 IN ACCESS_MASK GrantedAccess, 5371 IN PACCESS_TOKEN Token, 5372 IN OUT PACCESS_MASK AuditMask); 5373 5374#endif /* (NTDDI_VERSION >= NTDDI_WIN7) */ 5375 5376NTSTATUS 5377NTAPI 5378SeReportSecurityEventWithSubCategory( 5379 IN ULONG Flags, 5380 IN PUNICODE_STRING SourceName, 5381 IN PSID UserSid OPTIONAL, 5382 IN PSE_ADT_PARAMETER_ARRAY AuditParameters, 5383 IN ULONG AuditSubcategoryId); 5384 5385BOOLEAN 5386NTAPI 5387SeAccessCheckFromState( 5388 IN PSECURITY_DESCRIPTOR SecurityDescriptor, 5389 IN PTOKEN_ACCESS_INFORMATION PrimaryTokenInformation, 5390 IN PTOKEN_ACCESS_INFORMATION ClientTokenInformation OPTIONAL, 5391 IN ACCESS_MASK DesiredAccess, 5392 IN ACCESS_MASK PreviouslyGrantedAccess, 5393 OUT PPRIVILEGE_SET *Privileges OPTIONAL, 5394 IN PGENERIC_MAPPING GenericMapping, 5395 IN KPROCESSOR_MODE AccessMode, 5396 OUT PACCESS_MASK GrantedAccess, 5397 OUT PNTSTATUS AccessStatus); 5398 5399NTKERNELAPI 5400VOID 5401NTAPI 5402SeFreePrivileges( 5403 IN PPRIVILEGE_SET Privileges); 5404 5405NTSTATUS 5406NTAPI 5407SeLocateProcessImageName( 5408 IN OUT PEPROCESS Process, 5409 OUT PUNICODE_STRING *pImageFileName); 5410 5411#define SeLengthSid( Sid ) \ 5412 (8 + (4 * ((SID *)Sid)->SubAuthorityCount)) 5413 5414#define SeDeleteClientSecurity(C) { \ 5415 if (SeTokenType((C)->ClientToken) == TokenPrimary) { \ 5416 PsDereferencePrimaryToken( (C)->ClientToken ); \ 5417 } else { \ 5418 PsDereferenceImpersonationToken( (C)->ClientToken ); \ 5419 } \ 5420} 5421 5422#define SeStopImpersonatingClient() PsRevertToSelf() 5423 5424#define SeQuerySubjectContextToken( SubjectContext ) \ 5425 ( ARGUMENT_PRESENT( \ 5426 ((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->ClientToken \ 5427 ) ? \ 5428 ((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->ClientToken : \ 5429 ((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->PrimaryToken ) 5430 5431extern NTKERNELAPI PSE_EXPORTS SeExports; 5432/****************************************************************************** 5433 * Process Manager Functions * 5434 ******************************************************************************/ 5435 5436NTKERNELAPI 5437NTSTATUS 5438NTAPI 5439PsLookupProcessByProcessId( 5440 IN HANDLE ProcessId, 5441 OUT PEPROCESS *Process); 5442 5443NTKERNELAPI 5444NTSTATUS 5445NTAPI 5446PsLookupThreadByThreadId( 5447 IN HANDLE UniqueThreadId, 5448 OUT PETHREAD *Thread); 5449 5450#if (NTDDI_VERSION >= NTDDI_WIN2K) 5451 5452 5453NTKERNELAPI 5454PACCESS_TOKEN 5455NTAPI 5456PsReferenceImpersonationToken( 5457 IN OUT PETHREAD Thread, 5458 OUT PBOOLEAN CopyOnOpen, 5459 OUT PBOOLEAN EffectiveOnly, 5460 OUT PSECURITY_IMPERSONATION_LEVEL ImpersonationLevel); 5461 5462NTKERNELAPI 5463LARGE_INTEGER 5464NTAPI 5465PsGetProcessExitTime(VOID); 5466 5467NTKERNELAPI 5468BOOLEAN 5469NTAPI 5470PsIsThreadTerminating( 5471 IN PETHREAD Thread); 5472 5473NTKERNELAPI 5474NTSTATUS 5475NTAPI 5476PsImpersonateClient( 5477 IN OUT PETHREAD Thread, 5478 IN PACCESS_TOKEN Token, 5479 IN BOOLEAN CopyOnOpen, 5480 IN BOOLEAN EffectiveOnly, 5481 IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel); 5482 5483NTKERNELAPI 5484BOOLEAN 5485NTAPI 5486PsDisableImpersonation( 5487 IN OUT PETHREAD Thread, 5488 IN OUT PSE_IMPERSONATION_STATE ImpersonationState); 5489 5490NTKERNELAPI 5491VOID 5492NTAPI 5493PsRestoreImpersonation( 5494 IN PETHREAD Thread, 5495 IN PSE_IMPERSONATION_STATE ImpersonationState); 5496 5497NTKERNELAPI 5498VOID 5499NTAPI 5500PsRevertToSelf(VOID); 5501 5502NTKERNELAPI 5503VOID 5504NTAPI 5505PsChargePoolQuota( 5506 IN PEPROCESS Process, 5507 IN POOL_TYPE PoolType, 5508 IN ULONG_PTR Amount); 5509 5510NTKERNELAPI 5511VOID 5512NTAPI 5513PsReturnPoolQuota( 5514 IN PEPROCESS Process, 5515 IN POOL_TYPE PoolType, 5516 IN ULONG_PTR Amount); 5517 5518NTKERNELAPI 5519NTSTATUS 5520NTAPI 5521PsAssignImpersonationToken( 5522 IN PETHREAD Thread, 5523 IN HANDLE Token OPTIONAL); 5524 5525NTKERNELAPI 5526HANDLE 5527NTAPI 5528PsReferencePrimaryToken( 5529 IN OUT PEPROCESS Process); 5530#endif /* (NTDDI_VERSION >= NTDDI_WIN2K) */ 5531#if (NTDDI_VERSION >= NTDDI_WINXP) 5532 5533 5534NTKERNELAPI 5535VOID 5536NTAPI 5537PsDereferencePrimaryToken( 5538 IN PACCESS_TOKEN PrimaryToken); 5539 5540NTKERNELAPI 5541VOID 5542NTAPI 5543PsDereferenceImpersonationToken( 5544 IN PACCESS_TOKEN ImpersonationToken); 5545 5546NTKERNELAPI 5547NTSTATUS 5548NTAPI 5549PsChargeProcessPoolQuota( 5550 IN PEPROCESS Process, 5551 IN POOL_TYPE PoolType, 5552 IN ULONG_PTR Amount); 5553 5554NTKERNELAPI 5555BOOLEAN 5556NTAPI 5557PsIsSystemThread( 5558 IN PETHREAD Thread); 5559#endif /* (NTDDI_VERSION >= NTDDI_WINXP) */ 5560 5561/****************************************************************************** 5562 * I/O Manager Functions * 5563 ******************************************************************************/ 5564 5565#define IoIsFileOpenedExclusively(FileObject) ( \ 5566 (BOOLEAN) !( \ 5567 (FileObject)->SharedRead || \ 5568 (FileObject)->SharedWrite || \ 5569 (FileObject)->SharedDelete \ 5570 ) \ 5571) 5572 5573#if (NTDDI_VERSION == NTDDI_WIN2K) 5574NTKERNELAPI 5575NTSTATUS 5576NTAPI 5577IoRegisterFsRegistrationChangeEx( 5578 IN PDRIVER_OBJECT DriverObject, 5579 IN PDRIVER_FS_NOTIFICATION DriverNotificationRoutine); 5580#endif 5581#if (NTDDI_VERSION >= NTDDI_WIN2K) 5582 5583 5584NTKERNELAPI 5585VOID 5586NTAPI 5587IoAcquireVpbSpinLock( 5588 OUT PKIRQL Irql); 5589 5590NTKERNELAPI 5591NTSTATUS 5592NTAPI 5593IoCheckDesiredAccess( 5594 IN OUT PACCESS_MASK DesiredAccess, 5595 IN ACCESS_MASK GrantedAccess); 5596 5597NTKERNELAPI 5598NTSTATUS 5599NTAPI 5600IoCheckEaBufferValidity( 5601 IN PFILE_FULL_EA_INFORMATION EaBuffer, 5602 IN ULONG EaLength, 5603 OUT PULONG ErrorOffset); 5604 5605NTKERNELAPI 5606NTSTATUS 5607NTAPI 5608IoCheckFunctionAccess( 5609 IN ACCESS_MASK GrantedAccess, 5610 IN UCHAR MajorFunction, 5611 IN UCHAR MinorFunction, 5612 IN ULONG IoControlCode, 5613 IN PVOID Argument1 OPTIONAL, 5614 IN PVOID Argument2 OPTIONAL); 5615 5616NTKERNELAPI 5617NTSTATUS 5618NTAPI 5619IoCheckQuerySetFileInformation( 5620 IN FILE_INFORMATION_CLASS FileInformationClass, 5621 IN ULONG Length, 5622 IN BOOLEAN SetOperation); 5623 5624NTKERNELAPI 5625NTSTATUS 5626NTAPI 5627IoCheckQuerySetVolumeInformation( 5628 IN FS_INFORMATION_CLASS FsInformationClass, 5629 IN ULONG Length, 5630 IN BOOLEAN SetOperation); 5631 5632NTKERNELAPI 5633NTSTATUS 5634NTAPI 5635IoCheckQuotaBufferValidity( 5636 IN PFILE_QUOTA_INFORMATION QuotaBuffer, 5637 IN ULONG QuotaLength, 5638 OUT PULONG ErrorOffset); 5639 5640NTKERNELAPI 5641PFILE_OBJECT 5642NTAPI 5643IoCreateStreamFileObject( 5644 IN PFILE_OBJECT FileObject OPTIONAL, 5645 IN PDEVICE_OBJECT DeviceObject OPTIONAL); 5646 5647NTKERNELAPI 5648PFILE_OBJECT 5649NTAPI 5650IoCreateStreamFileObjectLite( 5651 IN PFILE_OBJECT FileObject OPTIONAL, 5652 IN PDEVICE_OBJECT DeviceObject OPTIONAL); 5653 5654NTKERNELAPI 5655BOOLEAN 5656NTAPI 5657IoFastQueryNetworkAttributes( 5658 IN POBJECT_ATTRIBUTES ObjectAttributes, 5659 IN ACCESS_MASK DesiredAccess, 5660 IN ULONG OpenOptions, 5661 OUT PIO_STATUS_BLOCK IoStatus, 5662 OUT PFILE_NETWORK_OPEN_INFORMATION Buffer); 5663 5664NTKERNELAPI 5665NTSTATUS 5666NTAPI 5667IoPageRead( 5668 IN PFILE_OBJECT FileObject, 5669 IN PMDL Mdl, 5670 IN PLARGE_INTEGER Offset, 5671 IN PKEVENT Event, 5672 OUT PIO_STATUS_BLOCK IoStatusBlock); 5673 5674NTKERNELAPI 5675PDEVICE_OBJECT 5676NTAPI 5677IoGetBaseFileSystemDeviceObject( 5678 IN PFILE_OBJECT FileObject); 5679 5680NTKERNELAPI 5681PCONFIGURATION_INFORMATION 5682NTAPI 5683IoGetConfigurationInformation(VOID); 5684 5685NTKERNELAPI 5686ULONG 5687NTAPI 5688IoGetRequestorProcessId( 5689 IN PIRP Irp); 5690 5691NTKERNELAPI 5692PEPROCESS 5693NTAPI 5694IoGetRequestorProcess( 5695 IN PIRP Irp); 5696 5697NTKERNELAPI 5698PIRP 5699NTAPI 5700IoGetTopLevelIrp(VOID); 5701 5702NTKERNELAPI 5703BOOLEAN 5704NTAPI 5705IoIsOperationSynchronous( 5706 IN PIRP Irp); 5707 5708NTKERNELAPI 5709BOOLEAN 5710NTAPI 5711IoIsSystemThread( 5712 IN PETHREAD Thread); 5713 5714NTKERNELAPI 5715BOOLEAN 5716NTAPI 5717IoIsValidNameGraftingBuffer( 5718 IN PIRP Irp, 5719 IN PREPARSE_DATA_BUFFER ReparseBuffer); 5720 5721NTKERNELAPI 5722NTSTATUS 5723NTAPI 5724IoQueryFileInformation( 5725 IN PFILE_OBJECT FileObject, 5726 IN FILE_INFORMATION_CLASS FileInformationClass, 5727 IN ULONG Length, 5728 OUT PVOID FileInformation, 5729 OUT PULONG ReturnedLength); 5730 5731NTKERNELAPI 5732NTSTATUS 5733NTAPI 5734IoQueryVolumeInformation( 5735 IN PFILE_OBJECT FileObject, 5736 IN FS_INFORMATION_CLASS FsInformationClass, 5737 IN ULONG Length, 5738 OUT PVOID FsInformation, 5739 OUT PULONG ReturnedLength); 5740 5741NTKERNELAPI 5742VOID 5743NTAPI 5744IoQueueThreadIrp( 5745 IN PIRP Irp); 5746 5747NTKERNELAPI 5748VOID 5749NTAPI 5750IoRegisterFileSystem( 5751 IN PDEVICE_OBJECT DeviceObject); 5752 5753NTKERNELAPI 5754NTSTATUS 5755NTAPI 5756IoRegisterFsRegistrationChange( 5757 IN PDRIVER_OBJECT DriverObject, 5758 IN PDRIVER_FS_NOTIFICATION DriverNotificationRoutine); 5759 5760NTKERNELAPI 5761VOID 5762NTAPI 5763IoReleaseVpbSpinLock( 5764 IN KIRQL Irql); 5765 5766NTKERNELAPI 5767VOID 5768NTAPI 5769IoSetDeviceToVerify( 5770 IN PETHREAD Thread, 5771 IN PDEVICE_OBJECT DeviceObject OPTIONAL); 5772 5773NTKERNELAPI 5774NTSTATUS 5775NTAPI 5776IoSetInformation( 5777 IN PFILE_OBJECT FileObject, 5778 IN FILE_INFORMATION_CLASS FileInformationClass, 5779 IN ULONG Length, 5780 IN PVOID FileInformation); 5781 5782NTKERNELAPI 5783VOID 5784NTAPI 5785IoSetTopLevelIrp( 5786 IN PIRP Irp OPTIONAL); 5787 5788NTKERNELAPI 5789NTSTATUS 5790NTAPI 5791IoSynchronousPageWrite( 5792 IN PFILE_OBJECT FileObject, 5793 IN PMDL Mdl, 5794 IN PLARGE_INTEGER FileOffset, 5795 IN PKEVENT Event, 5796 OUT PIO_STATUS_BLOCK IoStatusBlock); 5797 5798NTKERNELAPI 5799PEPROCESS 5800NTAPI 5801IoThreadToProcess( 5802 IN PETHREAD Thread); 5803 5804NTKERNELAPI 5805VOID 5806NTAPI 5807IoUnregisterFileSystem( 5808 IN PDEVICE_OBJECT DeviceObject); 5809 5810NTKERNELAPI 5811VOID 5812NTAPI 5813IoUnregisterFsRegistrationChange( 5814 IN PDRIVER_OBJECT DriverObject, 5815 IN PDRIVER_FS_NOTIFICATION DriverNotificationRoutine); 5816 5817NTKERNELAPI 5818NTSTATUS 5819NTAPI 5820IoVerifyVolume( 5821 IN PDEVICE_OBJECT DeviceObject, 5822 IN BOOLEAN AllowRawMount); 5823 5824NTKERNELAPI 5825NTSTATUS 5826NTAPI 5827IoGetRequestorSessionId( 5828 IN PIRP Irp, 5829 OUT PULONG pSessionId); 5830 5831#endif /* (NTDDI_VERSION >= NTDDI_WIN2K) */ 5832 5833 5834#if (NTDDI_VERSION >= NTDDI_WINXP) 5835 5836NTKERNELAPI 5837PFILE_OBJECT 5838NTAPI 5839IoCreateStreamFileObjectEx( 5840 IN PFILE_OBJECT FileObject OPTIONAL, 5841 IN PDEVICE_OBJECT DeviceObject OPTIONAL, 5842 OUT PHANDLE FileObjectHandle OPTIONAL); 5843 5844NTKERNELAPI 5845NTSTATUS 5846NTAPI 5847IoQueryFileDosDeviceName( 5848 IN PFILE_OBJECT FileObject, 5849 OUT POBJECT_NAME_INFORMATION *ObjectNameInformation); 5850 5851NTKERNELAPI 5852NTSTATUS 5853NTAPI 5854IoEnumerateDeviceObjectList( 5855 IN PDRIVER_OBJECT DriverObject, 5856 OUT PDEVICE_OBJECT *DeviceObjectList, 5857 IN ULONG DeviceObjectListSize, 5858 OUT PULONG ActualNumberDeviceObjects); 5859 5860NTKERNELAPI 5861PDEVICE_OBJECT 5862NTAPI 5863IoGetLowerDeviceObject( 5864 IN PDEVICE_OBJECT DeviceObject); 5865 5866NTKERNELAPI 5867PDEVICE_OBJECT 5868NTAPI 5869IoGetDeviceAttachmentBaseRef( 5870 IN PDEVICE_OBJECT DeviceObject); 5871 5872NTKERNELAPI 5873NTSTATUS 5874NTAPI 5875IoGetDiskDeviceObject( 5876 IN PDEVICE_OBJECT FileSystemDeviceObject, 5877 OUT PDEVICE_OBJECT *DiskDeviceObject); 5878 5879#endif /* (NTDDI_VERSION >= NTDDI_WINXP) */ 5880 5881#if (NTDDI_VERSION >= NTDDI_WS03SP1) 5882 5883NTKERNELAPI 5884NTSTATUS 5885NTAPI 5886IoEnumerateRegisteredFiltersList( 5887 OUT PDRIVER_OBJECT *DriverObjectList, 5888 IN ULONG DriverObjectListSize, 5889 OUT PULONG ActualNumberDriverObjects); 5890#endif /* (NTDDI_VERSION >= NTDDI_WS03SP1) */ 5891 5892#if (NTDDI_VERSION >= NTDDI_VISTA) 5893 5894FORCEINLINE 5895VOID 5896NTAPI 5897IoInitializePriorityInfo( 5898 IN PIO_PRIORITY_INFO PriorityInfo) 5899{ 5900 PriorityInfo->Size = sizeof(IO_PRIORITY_INFO); 5901 PriorityInfo->ThreadPriority = 0xffff; 5902 PriorityInfo->IoPriority = IoPriorityNormal; 5903 PriorityInfo->PagePriority = 0; 5904} 5905#endif /* (NTDDI_VERSION >= NTDDI_VISTA) */ 5906 5907#if (NTDDI_VERSION >= NTDDI_WIN7) 5908 5909NTKERNELAPI 5910NTSTATUS 5911NTAPI 5912IoRegisterFsRegistrationChangeMountAware( 5913 IN PDRIVER_OBJECT DriverObject, 5914 IN PDRIVER_FS_NOTIFICATION DriverNotificationRoutine, 5915 IN BOOLEAN SynchronizeWithMounts); 5916 5917NTKERNELAPI 5918NTSTATUS 5919NTAPI 5920IoReplaceFileObjectName( 5921 IN PFILE_OBJECT FileObject, 5922 IN PWSTR NewFileName, 5923 IN USHORT FileNameLength); 5924#endif /* (NTDDI_VERSION >= NTDDI_WIN7) */ 5925 5926 5927#define PO_CB_SYSTEM_POWER_POLICY 0 5928#define PO_CB_AC_STATUS 1 5929#define PO_CB_BUTTON_COLLISION 2 5930#define PO_CB_SYSTEM_STATE_LOCK 3 5931#define PO_CB_LID_SWITCH_STATE 4 5932#define PO_CB_PROCESSOR_POWER_POLICY 5 5933 5934 5935#if (NTDDI_VERSION >= NTDDI_WINXP) 5936NTKERNELAPI 5937NTSTATUS 5938NTAPI 5939PoQueueShutdownWorkItem( 5940 IN OUT PWORK_QUEUE_ITEM WorkItem); 5941#endif 5942 5943/****************************************************************************** 5944 * Memory manager Types * 5945 ******************************************************************************/ 5946 5947typedef enum _MMFLUSH_TYPE { 5948 MmFlushForDelete, 5949 MmFlushForWrite 5950} MMFLUSH_TYPE; 5951 5952typedef struct _READ_LIST { 5953 PFILE_OBJECT FileObject; 5954 ULONG NumberOfEntries; 5955 LOGICAL IsImage; 5956 FILE_SEGMENT_ELEMENT List[ANYSIZE_ARRAY]; 5957} READ_LIST, *PREAD_LIST; 5958 5959#if (NTDDI_VERSION >= NTDDI_WINXP) 5960 5961typedef union _MM_PREFETCH_FLAGS { 5962 struct { 5963 ULONG Priority : SYSTEM_PAGE_PRIORITY_BITS; 5964 ULONG RepurposePriority : SYSTEM_PAGE_PRIORITY_BITS; 5965 } Flags; 5966 ULONG AllFlags; 5967} MM_PREFETCH_FLAGS, *PMM_PREFETCH_FLAGS; 5968 5969#define MM_PREFETCH_FLAGS_MASK ((1 << (2*SYSTEM_PAGE_PRIORITY_BITS)) - 1) 5970 5971#endif /* (NTDDI_VERSION >= NTDDI_WINXP) */ 5972 5973#define HEAP_NO_SERIALIZE 0x00000001 5974#define HEAP_GROWABLE 0x00000002 5975#define HEAP_GENERATE_EXCEPTIONS 0x00000004 5976#define HEAP_ZERO_MEMORY 0x00000008 5977#define HEAP_REALLOC_IN_PLACE_ONLY 0x00000010 5978#define HEAP_TAIL_CHECKING_ENABLED 0x00000020 5979#define HEAP_FREE_CHECKING_ENABLED 0x00000040 5980#define HEAP_DISABLE_COALESCE_ON_FREE 0x00000080 5981 5982#define HEAP_CREATE_ALIGN_16 0x00010000 5983#define HEAP_CREATE_ENABLE_TRACING 0x00020000 5984#define HEAP_CREATE_ENABLE_EXECUTE 0x00040000 5985 5986#define HEAP_SETTABLE_USER_VALUE 0x00000100 5987#define HEAP_SETTABLE_USER_FLAG1 0x00000200 5988#define HEAP_SETTABLE_USER_FLAG2 0x00000400 5989#define HEAP_SETTABLE_USER_FLAG3 0x00000800 5990#define HEAP_SETTABLE_USER_FLAGS 0x00000E00 5991 5992#define HEAP_CLASS_0 0x00000000 5993#define HEAP_CLASS_1 0x00001000 5994#define HEAP_CLASS_2 0x00002000 5995#define HEAP_CLASS_3 0x00003000 5996#define HEAP_CLASS_4 0x00004000 5997#define HEAP_CLASS_5 0x00005000 5998#define HEAP_CLASS_6 0x00006000 5999#define HEAP_CLASS_7 0x00007000 6000#define HEAP_CLASS_8 0x00008000 6001#define HEAP_CLASS_MASK 0x0000F000 6002 6003#define HEAP_MAXIMUM_TAG 0x0FFF 6004#define HEAP_GLOBAL_TAG 0x0800 6005#define HEAP_PSEUDO_TAG_FLAG 0x8000 6006#define HEAP_TAG_SHIFT 18 6007#define HEAP_TAG_MASK (HEAP_MAXIMUM_TAG << HEAP_TAG_SHIFT) 6008 6009#define HEAP_CREATE_VALID_MASK (HEAP_NO_SERIALIZE | \ 6010 HEAP_GROWABLE | \ 6011 HEAP_GENERATE_EXCEPTIONS | \ 6012 HEAP_ZERO_MEMORY | \ 6013 HEAP_REALLOC_IN_PLACE_ONLY | \ 6014 HEAP_TAIL_CHECKING_ENABLED | \ 6015 HEAP_FREE_CHECKING_ENABLED | \ 6016 HEAP_DISABLE_COALESCE_ON_FREE | \ 6017 HEAP_CLASS_MASK | \ 6018 HEAP_CREATE_ALIGN_16 | \ 6019 HEAP_CREATE_ENABLE_TRACING | \ 6020 HEAP_CREATE_ENABLE_EXECUTE) 6021 6022/****************************************************************************** 6023 * Memory manager Functions * 6024 ******************************************************************************/ 6025 6026FORCEINLINE 6027ULONG 6028HEAP_MAKE_TAG_FLAGS( 6029 IN ULONG TagBase, 6030 IN ULONG Tag) 6031{ 6032 //__assume_bound(TagBase); // FIXME 6033 return ((ULONG)((TagBase) + ((Tag) << HEAP_TAG_SHIFT))); 6034} 6035 6036#if (NTDDI_VERSION >= NTDDI_WIN2K) 6037 6038NTKERNELAPI 6039BOOLEAN 6040NTAPI 6041MmIsRecursiveIoFault( 6042 VOID); 6043 6044NTKERNELAPI 6045BOOLEAN 6046NTAPI 6047MmForceSectionClosed( 6048 IN PSECTION_OBJECT_POINTERS SectionObjectPointer, 6049 IN BOOLEAN DelayClose); 6050 6051NTKERNELAPI 6052BOOLEAN 6053NTAPI 6054MmFlushImageSection( 6055 IN PSECTION_OBJECT_POINTERS SectionObjectPointer, 6056 IN MMFLUSH_TYPE FlushType); 6057 6058NTKERNELAPI 6059BOOLEAN 6060NTAPI 6061MmCanFileBeTruncated( 6062 IN PSECTION_OBJECT_POINTERS SectionObjectPointer, 6063 IN PLARGE_INTEGER NewFileSize OPTIONAL); 6064 6065NTKERNELAPI 6066BOOLEAN 6067NTAPI 6068MmSetAddressRangeModified( 6069 IN PVOID Address, 6070 IN SIZE_T Length); 6071 6072#endif /* (NTDDI_VERSION >= NTDDI_WIN2K) */ 6073 6074#if (NTDDI_VERSION >= NTDDI_WINXP) 6075 6076NTKERNELAPI 6077NTSTATUS 6078NTAPI 6079MmPrefetchPages( 6080 IN ULONG NumberOfLists, 6081 IN PREAD_LIST *ReadLists); 6082 6083#endif /* (NTDDI_VERSION >= NTDDI_WINXP) */ 6084 6085 6086#if (NTDDI_VERSION >= NTDDI_VISTA) 6087 6088NTKERNELAPI 6089ULONG 6090NTAPI 6091MmDoesFileHaveUserWritableReferences( 6092 IN PSECTION_OBJECT_POINTERS SectionPointer); 6093#endif /* (NTDDI_VERSION >= NTDDI_VISTA) */ 6094 6095 6096#if (NTDDI_VERSION >= NTDDI_WIN2K) 6097 6098NTKERNELAPI 6099NTSTATUS 6100NTAPI 6101ObInsertObject( 6102 IN PVOID Object, 6103 IN OUT PACCESS_STATE PassedAccessState OPTIONAL, 6104 IN ACCESS_MASK DesiredAccess OPTIONAL, 6105 IN ULONG ObjectPointerBias, 6106 OUT PVOID *NewObject OPTIONAL, 6107 OUT PHANDLE Handle OPTIONAL); 6108 6109NTKERNELAPI 6110NTSTATUS 6111NTAPI 6112ObOpenObjectByPointer( 6113 IN PVOID Object, 6114 IN ULONG HandleAttributes, 6115 IN PACCESS_STATE PassedAccessState OPTIONAL, 6116 IN ACCESS_MASK DesiredAccess OPTIONAL, 6117 IN POBJECT_TYPE ObjectType OPTIONAL, 6118 IN KPROCESSOR_MODE AccessMode, 6119 OUT PHANDLE Handle); 6120 6121NTKERNELAPI 6122VOID 6123NTAPI 6124ObMakeTemporaryObject( 6125 IN PVOID Object); 6126 6127NTKERNELAPI 6128NTSTATUS 6129NTAPI 6130ObQueryNameString( 6131 IN PVOID Object, 6132 OUT POBJECT_NAME_INFORMATION ObjectNameInfo OPTIONAL, 6133 IN ULONG Length, 6134 OUT PULONG ReturnLength); 6135 6136NTKERNELAPI 6137NTSTATUS 6138NTAPI 6139ObQueryObjectAuditingByHandle( 6140 IN HANDLE Handle, 6141 OUT PBOOLEAN GenerateOnClose); 6142#endif /* (NTDDI_VERSION >= NTDDI_WIN2K) */ 6143 6144#if (NTDDI_VERSION >= NTDDI_VISTA) 6145 6146NTKERNELAPI 6147BOOLEAN 6148NTAPI 6149ObIsKernelHandle( 6150 IN HANDLE Handle); 6151#endif 6152 6153 6154#if (NTDDI_VERSION >= NTDDI_WIN7) 6155 6156NTKERNELAPI 6157NTSTATUS 6158NTAPI 6159ObOpenObjectByPointerWithTag( 6160 IN PVOID Object, 6161 IN ULONG HandleAttributes, 6162 IN PACCESS_STATE PassedAccessState OPTIONAL, 6163 IN ACCESS_MASK DesiredAccess, 6164 IN POBJECT_TYPE ObjectType OPTIONAL, 6165 IN KPROCESSOR_MODE AccessMode, 6166 IN ULONG Tag, 6167 OUT PHANDLE Handle); 6168#endif /* (NTDDI_VERSION >= NTDDI_WIN7) */ 6169 6170/* FSRTL Types */ 6171 6172typedef ULONG LBN; 6173typedef LBN *PLBN; 6174 6175typedef ULONG VBN; 6176typedef VBN *PVBN; 6177 6178#define FSRTL_COMMON_FCB_HEADER_LAYOUT \ 6179 CSHORT NodeTypeCode; \ 6180 CSHORT NodeByteSize; \ 6181 UCHAR Flags; \ 6182 UCHAR IsFastIoPossible; \ 6183 UCHAR Flags2; \ 6184 UCHAR Reserved:4; \ 6185 UCHAR Version:4; \ 6186 PERESOURCE Resource; \ 6187 PERESOURCE PagingIoResource; \ 6188 LARGE_INTEGER AllocationSize; \ 6189 LARGE_INTEGER FileSize; \ 6190 LARGE_INTEGER ValidDataLength; 6191 6192typedef struct _FSRTL_COMMON_FCB_HEADER { 6193 FSRTL_COMMON_FCB_HEADER_LAYOUT 6194} FSRTL_COMMON_FCB_HEADER, *PFSRTL_COMMON_FCB_HEADER; 6195 6196#ifdef __cplusplus 6197typedef struct _FSRTL_ADVANCED_FCB_HEADER:FSRTL_COMMON_FCB_HEADER { 6198#else /* __cplusplus */ 6199typedef struct _FSRTL_ADVANCED_FCB_HEADER { 6200 FSRTL_COMMON_FCB_HEADER_LAYOUT 6201#endif /* __cplusplus */ 6202 PFAST_MUTEX FastMutex; 6203 LIST_ENTRY FilterContexts; 6204#if (NTDDI_VERSION >= NTDDI_VISTA) 6205 EX_PUSH_LOCK PushLock; 6206 PVOID *FileContextSupportPointer; 6207#endif 6208} FSRTL_ADVANCED_FCB_HEADER, *PFSRTL_ADVANCED_FCB_HEADER; 6209 6210#define FSRTL_FCB_HEADER_V0 (0x00) 6211#define FSRTL_FCB_HEADER_V1 (0x01) 6212 6213#define FSRTL_FLAG_FILE_MODIFIED (0x01) 6214#define FSRTL_FLAG_FILE_LENGTH_CHANGED (0x02) 6215#define FSRTL_FLAG_LIMIT_MODIFIED_PAGES (0x04) 6216#define FSRTL_FLAG_ACQUIRE_MAIN_RSRC_EX (0x08) 6217#define FSRTL_FLAG_ACQUIRE_MAIN_RSRC_SH (0x10) 6218#define FSRTL_FLAG_USER_MAPPED_FILE (0x20) 6219#define FSRTL_FLAG_ADVANCED_HEADER (0x40) 6220#define FSRTL_FLAG_EOF_ADVANCE_ACTIVE (0x80) 6221 6222#define FSRTL_FLAG2_DO_MODIFIED_WRITE (0x01) 6223#define FSRTL_FLAG2_SUPPORTS_FILTER_CONTEXTS (0x02) 6224#define FSRTL_FLAG2_PURGE_WHEN_MAPPED (0x04) 6225#define FSRTL_FLAG2_IS_PAGING_FILE (0x08) 6226 6227#define FSRTL_FSP_TOP_LEVEL_IRP (0x01) 6228#define FSRTL_CACHE_TOP_LEVEL_IRP (0x02) 6229#define FSRTL_MOD_WRITE_TOP_LEVEL_IRP (0x03) 6230#define FSRTL_FAST_IO_TOP_LEVEL_IRP (0x04) 6231#define FSRTL_NETWORK1_TOP_LEVEL_IRP ((LONG_PTR)0x05) 6232#define FSRTL_NETWORK2_TOP_LEVEL_IRP ((LONG_PTR)0x06) 6233#define FSRTL_MAX_TOP_LEVEL_IRP_FLAG ((LONG_PTR)0xFFFF) 6234 6235typedef struct _FSRTL_AUXILIARY_BUFFER { 6236 PVOID Buffer; 6237 ULONG Length; 6238 ULONG Flags; 6239 PMDL Mdl; 6240} FSRTL_AUXILIARY_BUFFER, *PFSRTL_AUXILIARY_BUFFER; 6241 6242#define FSRTL_AUXILIARY_FLAG_DEALLOCATE 0x00000001 6243 6244typedef enum _FSRTL_COMPARISON_RESULT { 6245 LessThan = -1, 6246 EqualTo = 0, 6247 GreaterThan = 1 6248} FSRTL_COMPARISON_RESULT; 6249 6250#define FSRTL_FAT_LEGAL 0x01 6251#define FSRTL_HPFS_LEGAL 0x02 6252#define FSRTL_NTFS_LEGAL 0x04 6253#define FSRTL_WILD_CHARACTER 0x08 6254#define FSRTL_OLE_LEGAL 0x10 6255#define FSRTL_NTFS_STREAM_LEGAL (FSRTL_NTFS_LEGAL | FSRTL_OLE_LEGAL) 6256 6257#define FSRTL_VOLUME_DISMOUNT 1 6258#define FSRTL_VOLUME_DISMOUNT_FAILED 2 6259#define FSRTL_VOLUME_LOCK 3 6260#define FSRTL_VOLUME_LOCK_FAILED 4 6261#define FSRTL_VOLUME_UNLOCK 5 6262#define FSRTL_VOLUME_MOUNT 6 6263#define FSRTL_VOLUME_NEEDS_CHKDSK 7 6264#define FSRTL_VOLUME_WORM_NEAR_FULL 8 6265#define FSRTL_VOLUME_WEARING_OUT 9 6266#define FSRTL_VOLUME_FORCED_CLOSED 10 6267#define FSRTL_VOLUME_INFO_MAKE_COMPAT 11 6268#define FSRTL_VOLUME_PREPARING_EJECT 12 6269#define FSRTL_VOLUME_CHANGE_SIZE 13 6270#define FSRTL_VOLUME_BACKGROUND_FORMAT 14 6271 6272typedef VOID 6273(NTAPI *PFSRTL_STACK_OVERFLOW_ROUTINE) ( 6274 IN PVOID Context, 6275 IN PKEVENT Event); 6276 6277#if (NTDDI_VERSION >= NTDDI_VISTA) 6278 6279#define FSRTL_UNC_PROVIDER_FLAGS_MAILSLOTS_SUPPORTED 0x00000001 6280#define FSRTL_UNC_PROVIDER_FLAGS_CSC_ENABLED 0x00000002 6281#define FSRTL_UNC_PROVIDER_FLAGS_DOMAIN_SVC_AWARE 0x00000004 6282 6283#define FSRTL_ALLOCATE_ECPLIST_FLAG_CHARGE_QUOTA 0x00000001 6284 6285#define FSRTL_ALLOCATE_ECP_FLAG_CHARGE_QUOTA 0x00000001 6286#define FSRTL_ALLOCATE_ECP_FLAG_NONPAGED_POOL 0x00000002 6287 6288#define FSRTL_ECP_LOOKASIDE_FLAG_NONPAGED_POOL 0x00000002 6289 6290#define FSRTL_VIRTDISK_FULLY_ALLOCATED 0x00000001 6291#define FSRTL_VIRTDISK_NO_DRIVE_LETTER 0x00000002 6292 6293typedef struct _FSRTL_MUP_PROVIDER_INFO_LEVEL_1 { 6294 ULONG32 ProviderId; 6295} FSRTL_MUP_PROVIDER_INFO_LEVEL_1, *PFSRTL_MUP_PROVIDER_INFO_LEVEL_1; 6296 6297typedef struct _FSRTL_MUP_PROVIDER_INFO_LEVEL_2 { 6298 ULONG32 ProviderId; 6299 UNICODE_STRING ProviderName; 6300} FSRTL_MUP_PROVIDER_INFO_LEVEL_2, *PFSRTL_MUP_PROVIDER_INFO_LEVEL_2; 6301 6302typedef VOID 6303(*PFSRTL_EXTRA_CREATE_PARAMETER_CLEANUP_CALLBACK) ( 6304 IN OUT PVOID EcpContext, 6305 IN LPCGUID EcpType); 6306 6307typedef struct _ECP_LIST ECP_LIST, *PECP_LIST; 6308 6309typedef ULONG FSRTL_ALLOCATE_ECPLIST_FLAGS; 6310typedef ULONG FSRTL_ALLOCATE_ECP_FLAGS; 6311typedef ULONG FSRTL_ECP_LOOKASIDE_FLAGS; 6312 6313typedef enum _FSRTL_CHANGE_BACKING_TYPE { 6314 ChangeDataControlArea, 6315 ChangeImageControlArea, 6316 ChangeSharedCacheMap 6317} FSRTL_CHANGE_BACKING_TYPE, *PFSRTL_CHANGE_BACKING_TYPE; 6318 6319#endif /* (NTDDI_VERSION >= NTDDI_VISTA) */ 6320 6321typedef struct _FSRTL_PER_FILE_CONTEXT { 6322 LIST_ENTRY Links; 6323 PVOID OwnerId; 6324 PVOID InstanceId; 6325 PFREE_FUNCTION FreeCallback; 6326} FSRTL_PER_FILE_CONTEXT, *PFSRTL_PER_FILE_CONTEXT; 6327 6328typedef struct _FSRTL_PER_STREAM_CONTEXT { 6329 LIST_ENTRY Links; 6330 PVOID OwnerId; 6331 PVOID InstanceId; 6332 PFREE_FUNCTION FreeCallback; 6333} FSRTL_PER_STREAM_CONTEXT, *PFSRTL_PER_STREAM_CONTEXT; 6334 6335#if (NTDDI_VERSION >= NTDDI_WIN2K) 6336typedef VOID 6337(*PFN_FSRTLTEARDOWNPERSTREAMCONTEXTS) ( 6338 IN PFSRTL_ADVANCED_FCB_HEADER AdvancedHeader); 6339#endif 6340 6341typedef struct _FSRTL_PER_FILEOBJECT_CONTEXT { 6342 LIST_ENTRY Links; 6343 PVOID OwnerId; 6344 PVOID InstanceId; 6345} FSRTL_PER_FILEOBJECT_CONTEXT, *PFSRTL_PER_FILEOBJECT_CONTEXT; 6346 6347#define FSRTL_CC_FLUSH_ERROR_FLAG_NO_HARD_ERROR 0x1 6348#define FSRTL_CC_FLUSH_ERROR_FLAG_NO_LOG_ENTRY 0x2 6349 6350typedef NTSTATUS 6351(NTAPI *PCOMPLETE_LOCK_IRP_ROUTINE) ( 6352 IN PVOID Context, 6353 IN PIRP Irp); 6354 6355typedef struct _FILE_LOCK_INFO { 6356 LARGE_INTEGER StartingByte; 6357 LARGE_INTEGER Length; 6358 BOOLEAN ExclusiveLock; 6359 ULONG Key; 6360 PFILE_OBJECT FileObject; 6361 PVOID ProcessId; 6362 LARGE_INTEGER EndingByte; 6363} FILE_LOCK_INFO, *PFILE_LOCK_INFO; 6364 6365typedef VOID 6366(NTAPI *PUNLOCK_ROUTINE) ( 6367 IN PVOID Context, 6368 IN PFILE_LOCK_INFO FileLockInfo); 6369 6370typedef struct _FILE_LOCK { 6371 PCOMPLETE_LOCK_IRP_ROUTINE CompleteLockIrpRoutine; 6372 PUNLOCK_ROUTINE UnlockRoutine; 6373 BOOLEAN FastIoIsQuestionable; 6374 BOOLEAN SpareC[3]; 6375 PVOID LockInformation; 6376 FILE_LOCK_INFO LastReturnedLockInfo; 6377 PVOID LastReturnedLock; 6378 LONG volatile LockRequestsInProgress; 6379} FILE_LOCK, *PFILE_LOCK; 6380 6381typedef struct _TUNNEL { 6382 FAST_MUTEX Mutex; 6383 PRTL_SPLAY_LINKS Cache; 6384 LIST_ENTRY TimerQueue; 6385 USHORT NumEntries; 6386} TUNNEL, *PTUNNEL; 6387 6388typedef struct _BASE_MCB { 6389 ULONG MaximumPairCount; 6390 ULONG PairCount; 6391 USHORT PoolType; 6392 USHORT Flags; 6393 PVOID Mapping; 6394} BASE_MCB, *PBASE_MCB; 6395 6396typedef struct _LARGE_MCB { 6397 PKGUARDED_MUTEX GuardedMutex; 6398 BASE_MCB BaseMcb; 6399} LARGE_MCB, *PLARGE_MCB; 6400 6401#define MCB_FLAG_RAISE_ON_ALLOCATION_FAILURE 1 6402 6403typedef struct _MCB { 6404 LARGE_MCB DummyFieldThatSizesThisStructureCorrectly; 6405} MCB, *PMCB; 6406 6407typedef enum _FAST_IO_POSSIBLE { 6408 FastIoIsNotPossible = 0, 6409 FastIoIsPossible, 6410 FastIoIsQuestionable 6411} FAST_IO_POSSIBLE; 6412 6413typedef struct _EOF_WAIT_BLOCK { 6414 LIST_ENTRY EofWaitLinks; 6415 KEVENT Event; 6416} EOF_WAIT_BLOCK, *PEOF_WAIT_BLOCK; 6417 6418typedef PVOID OPLOCK, *POPLOCK; 6419 6420typedef VOID 6421(NTAPI *POPLOCK_WAIT_COMPLETE_ROUTINE) ( 6422 IN PVOID Context, 6423 IN PIRP Irp); 6424 6425typedef VOID 6426(NTAPI *POPLOCK_FS_PREPOST_IRP) ( 6427 IN PVOID Context, 6428 IN PIRP Irp); 6429 6430#if (NTDDI_VERSION >= NTDDI_VISTASP1) 6431#define OPLOCK_FLAG_COMPLETE_IF_OPLOCKED 0x00000001 6432#endif 6433 6434#if (NTDDI_VERSION >= NTDDI_WIN7) 6435#define OPLOCK_FLAG_OPLOCK_KEY_CHECK_ONLY 0x00000002 6436#define OPLOCK_FLAG_BACK_OUT_ATOMIC_OPLOCK 0x00000004 6437#define OPLOCK_FLAG_IGNORE_OPLOCK_KEYS 0x00000008 6438#define OPLOCK_FSCTRL_FLAG_ALL_KEYS_MATCH 0x00000001 6439#endif 6440 6441#if (NTDDI_VERSION >= NTDDI_WIN7) 6442 6443typedef struct _OPLOCK_KEY_ECP_CONTEXT { 6444 GUID OplockKey; 6445 ULONG Reserved; 6446} OPLOCK_KEY_ECP_CONTEXT, *POPLOCK_KEY_ECP_CONTEXT; 6447 6448DEFINE_GUID(GUID_ECP_OPLOCK_KEY, 0x48850596, 0x3050, 0x4be7, 0x98, 0x63, 0xfe, 0xc3, 0x50, 0xce, 0x8d, 0x7f); 6449 6450#endif 6451 6452typedef PVOID PNOTIFY_SYNC; 6453 6454#if (NTDDI_VERSION >= NTDDI_WIN7) 6455typedef struct _ECP_HEADER ECP_HEADER, *PECP_HEADER; 6456#endif 6457 6458typedef BOOLEAN 6459(NTAPI *PCHECK_FOR_TRAVERSE_ACCESS) ( 6460 IN PVOID NotifyContext, 6461 IN PVOID TargetContext OPTIONAL, 6462 IN PSECURITY_SUBJECT_CONTEXT SubjectContext); 6463 6464typedef BOOLEAN 6465(NTAPI *PFILTER_REPORT_CHANGE) ( 6466 IN PVOID NotifyContext, 6467 IN PVOID FilterContext); 6468/* FSRTL Functions */ 6469 6470#define FsRtlEnterFileSystem KeEnterCriticalRegion 6471#define FsRtlExitFileSystem KeLeaveCriticalRegion 6472 6473#if (NTDDI_VERSION >= NTDDI_WIN2K) 6474 6475NTKERNELAPI 6476BOOLEAN 6477NTAPI 6478FsRtlCopyRead( 6479 IN PFILE_OBJECT FileObject, 6480 IN PLARGE_INTEGER FileOffset, 6481 IN ULONG Length, 6482 IN BOOLEAN Wait, 6483 IN ULONG LockKey, 6484 OUT PVOID Buffer, 6485 OUT PIO_STATUS_BLOCK IoStatus, 6486 IN PDEVICE_OBJECT DeviceObject); 6487 6488NTKERNELAPI 6489BOOLEAN 6490NTAPI 6491FsRtlCopyWrite( 6492 IN PFILE_OBJECT FileObject, 6493 IN PLARGE_INTEGER FileOffset, 6494 IN ULONG Length, 6495 IN BOOLEAN Wait, 6496 IN ULONG LockKey, 6497 IN PVOID Buffer, 6498 OUT PIO_STATUS_BLOCK IoStatus, 6499 IN PDEVICE_OBJECT DeviceObject); 6500 6501NTKERNELAPI 6502BOOLEAN 6503NTAPI 6504FsRtlMdlReadDev( 6505 IN PFILE_OBJECT FileObject, 6506 IN PLARGE_INTEGER FileOffset, 6507 IN ULONG Length, 6508 IN ULONG LockKey, 6509 OUT PMDL *MdlChain, 6510 OUT PIO_STATUS_BLOCK IoStatus, 6511 IN PDEVICE_OBJECT DeviceObject OPTIONAL); 6512 6513NTKERNELAPI 6514BOOLEAN 6515NTAPI 6516FsRtlMdlReadCompleteDev( 6517 IN PFILE_OBJECT FileObject, 6518 IN PMDL MdlChain, 6519 IN PDEVICE_OBJECT DeviceObject OPTIONAL); 6520 6521NTKERNELAPI 6522BOOLEAN 6523NTAPI 6524FsRtlPrepareMdlWriteDev( 6525 IN PFILE_OBJECT FileObject, 6526 IN PLARGE_INTEGER FileOffset, 6527 IN ULONG Length, 6528 IN ULONG LockKey, 6529 OUT PMDL *MdlChain, 6530 OUT PIO_STATUS_BLOCK IoStatus, 6531 IN PDEVICE_OBJECT DeviceObject); 6532 6533NTKERNELAPI 6534BOOLEAN 6535NTAPI 6536FsRtlMdlWriteCompleteDev( 6537 IN PFILE_OBJECT FileObject, 6538 IN PLARGE_INTEGER FileOffset, 6539 IN PMDL MdlChain, 6540 IN PDEVICE_OBJECT DeviceObject); 6541 6542NTKERNELAPI 6543VOID 6544NTAPI 6545FsRtlAcquireFileExclusive( 6546 IN PFILE_OBJECT FileObject); 6547 6548NTKERNELAPI 6549VOID 6550NTAPI 6551FsRtlReleaseFile( 6552 IN PFILE_OBJECT FileObject); 6553 6554NTKERNELAPI 6555NTSTATUS 6556NTAPI 6557FsRtlGetFileSize( 6558 IN PFILE_OBJECT FileObject, 6559 OUT PLARGE_INTEGER FileSize); 6560 6561NTKERNELAPI 6562BOOLEAN 6563NTAPI 6564FsRtlIsTotalDeviceFailure( 6565 IN NTSTATUS Status); 6566 6567NTKERNELAPI 6568PFILE_LOCK 6569NTAPI 6570FsRtlAllocateFileLock( 6571 IN PCOMPLETE_LOCK_IRP_ROUTINE CompleteLockIrpRoutine OPTIONAL, 6572 IN PUNLOCK_ROUTINE UnlockRoutine OPTIONAL); 6573 6574NTKERNELAPI 6575VOID 6576NTAPI 6577FsRtlFreeFileLock( 6578 IN PFILE_LOCK FileLock); 6579 6580NTKERNELAPI 6581VOID 6582NTAPI 6583FsRtlInitializeFileLock( 6584 IN PFILE_LOCK FileLock, 6585 IN PCOMPLETE_LOCK_IRP_ROUTINE CompleteLockIrpRoutine OPTIONAL, 6586 IN PUNLOCK_ROUTINE UnlockRoutine OPTIONAL); 6587 6588NTKERNELAPI 6589VOID 6590NTAPI 6591FsRtlUninitializeFileLock( 6592 IN PFILE_LOCK FileLock); 6593 6594/* 6595 FsRtlProcessFileLock: 6596 6597 ret: 6598 -STATUS_INVALID_DEVICE_REQUEST 6599 -STATUS_RANGE_NOT_LOCKED from unlock routines. 6600 -STATUS_PENDING, STATUS_LOCK_NOT_GRANTED from FsRtlPrivateLock 6601 (redirected IoStatus->Status). 6602 6603 Internals: 6604 -switch ( Irp->CurrentStackLocation->MinorFunction ) 6605 lock: return FsRtlPrivateLock; 6606 unlocksingle: return FsRtlFastUnlockSingle; 6607 unlockall: return FsRtlFastUnlockAll; 6608 unlockallbykey: return FsRtlFastUnlockAllByKey; 6609 default: IofCompleteRequest with STATUS_INVALID_DEVICE_REQUEST; 6610 return STATUS_INVALID_DEVICE_REQUEST; 6611 6612 -'AllwaysZero' is passed thru as 'AllwaysZero' to lock / unlock routines. 6613 -'Irp' is passet thru as 'Irp' to FsRtlPrivateLock. 6614*/ 6615NTKERNELAPI 6616NTSTATUS 6617NTAPI 6618FsRtlProcessFileLock( 6619 IN PFILE_LOCK FileLock, 6620 IN PIRP Irp, 6621 IN PVOID Context OPTIONAL); 6622 6623/* 6624 FsRtlCheckLockForReadAccess: 6625 6626 All this really does is pick out the lock parameters from the irp (io stack 6627 location?), get IoGetRequestorProcess, and pass values on to 6628 FsRtlFastCheckLockForRead. 6629*/ 6630NTKERNELAPI 6631BOOLEAN 6632NTAPI 6633FsRtlCheckLockForReadAccess( 6634 IN PFILE_LOCK FileLock, 6635 IN PIRP Irp); 6636 6637/* 6638 FsRtlCheckLockForWriteAccess: 6639 6640 All this really does is pick out the lock parameters from the irp (io stack 6641 location?), get IoGetRequestorProcess, and pass values on to 6642 FsRtlFastCheckLockForWrite. 6643*/ 6644NTKERNELAPI 6645BOOLEAN 6646NTAPI 6647FsRtlCheckLockForWriteAccess( 6648 IN PFILE_LOCK FileLock, 6649 IN PIRP Irp); 6650 6651NTKERNELAPI 6652BOOLEAN 6653NTAPI 6654FsRtlFastCheckLockForRead( 6655 IN PFILE_LOCK FileLock, 6656 IN PLARGE_INTEGER FileOffset, 6657 IN PLARGE_INTEGER Length, 6658 IN ULONG Key, 6659 IN PFILE_OBJECT FileObject, 6660 IN PVOID Process); 6661 6662NTKERNELAPI 6663BOOLEAN 6664NTAPI 6665FsRtlFastCheckLockForWrite( 6666 IN PFILE_LOCK FileLock, 6667 IN PLARGE_INTEGER FileOffset, 6668 IN PLARGE_INTEGER Length, 6669 IN ULONG Key, 6670 IN PFILE_OBJECT FileObject, 6671 IN PVOID Process); 6672 6673/* 6674 FsRtlGetNextFileLock: 6675 6676 ret: NULL if no more locks 6677 6678 Internals: 6679 FsRtlGetNextFileLock uses FileLock->LastReturnedLockInfo and 6680 FileLock->LastReturnedLock as storage. 6681 LastReturnedLock is a pointer to the 'raw' lock inkl. double linked 6682 list, and FsRtlGetNextFileLock needs this to get next lock on subsequent 6683 calls with Restart = FALSE. 6684*/ 6685NTKERNELAPI 6686PFILE_LOCK_INFO 6687NTAPI 6688FsRtlGetNextFileLock( 6689 IN PFILE_LOCK FileLock, 6690 IN BOOLEAN Restart); 6691 6692NTKERNELAPI 6693NTSTATUS 6694NTAPI 6695FsRtlFastUnlockSingle( 6696 IN PFILE_LOCK FileLock, 6697 IN PFILE_OBJECT FileObject, 6698 IN PLARGE_INTEGER FileOffset, 6699 IN PLARGE_INTEGER Length, 6700 IN PEPROCESS Process, 6701 IN ULONG Key, 6702 IN PVOID Context OPTIONAL, 6703 IN BOOLEAN AlreadySynchronized); 6704 6705NTKERNELAPI 6706NTSTATUS 6707NTAPI 6708FsRtlFastUnlockAll( 6709 IN PFILE_LOCK FileLock, 6710 IN PFILE_OBJECT FileObject, 6711 IN PEPROCESS Process, 6712 IN PVOID Context OPTIONAL); 6713 6714NTKERNELAPI 6715NTSTATUS 6716NTAPI 6717FsRtlFastUnlockAllByKey( 6718 IN PFILE_LOCK FileLock, 6719 IN PFILE_OBJECT FileObject, 6720 IN PEPROCESS Process, 6721 IN ULONG Key, 6722 IN PVOID Context OPTIONAL); 6723 6724/* 6725 FsRtlPrivateLock: 6726 6727 ret: IoStatus->Status: STATUS_PENDING, STATUS_LOCK_NOT_GRANTED 6728 6729 Internals: 6730 -Calls IoCompleteRequest if Irp 6731 -Uses exception handling / ExRaiseStatus with STATUS_INSUFFICIENT_RESOURCES 6732*/ 6733NTKERNELAPI 6734BOOLEAN 6735NTAPI 6736FsRtlPrivateLock( 6737 IN PFILE_LOCK FileLock, 6738 IN PFILE_OBJECT FileObject, 6739 IN PLARGE_INTEGER FileOffset, 6740 IN PLARGE_INTEGER Length, 6741 IN PEPROCESS Process, 6742 IN ULONG Key, 6743 IN BOOLEAN FailImmediately, 6744 IN BOOLEAN ExclusiveLock, 6745 OUT PIO_STATUS_BLOCK IoStatus, 6746 IN PIRP Irp OPTIONAL, 6747 IN PVOID Context, 6748 IN BOOLEAN AlreadySynchronized); 6749 6750NTKERNELAPI 6751VOID 6752NTAPI 6753FsRtlInitializeTunnelCache( 6754 IN PTUNNEL Cache); 6755 6756NTKERNELAPI 6757VOID 6758NTAPI 6759FsRtlAddToTunnelCache( 6760 IN PTUNNEL Cache, 6761 IN ULONGLONG DirectoryKey, 6762 IN PUNICODE_STRING ShortName, 6763 IN PUNICODE_STRING LongName, 6764 IN BOOLEAN KeyByShortName, 6765 IN ULONG DataLength, 6766 IN PVOID Data); 6767 6768NTKERNELAPI 6769BOOLEAN 6770NTAPI 6771FsRtlFindInTunnelCache( 6772 IN PTUNNEL Cache, 6773 IN ULONGLONG DirectoryKey, 6774 IN PUNICODE_STRING Name, 6775 OUT PUNICODE_STRING ShortName, 6776 OUT PUNICODE_STRING LongName, 6777 IN OUT PULONG DataLength, 6778 OUT PVOID Data); 6779 6780NTKERNELAPI 6781VOID 6782NTAPI 6783FsRtlDeleteKeyFromTunnelCache( 6784 IN PTUNNEL Cache, 6785 IN ULONGLONG DirectoryKey); 6786 6787NTKERNELAPI 6788VOID 6789NTAPI 6790FsRtlDeleteTunnelCache( 6791 IN PTUNNEL Cache); 6792 6793NTKERNELAPI 6794VOID 6795NTAPI 6796FsRtlDissectDbcs( 6797 IN ANSI_STRING Name, 6798 OUT PANSI_STRING FirstPart, 6799 OUT PANSI_STRING RemainingPart); 6800 6801NTKERNELAPI 6802BOOLEAN 6803NTAPI 6804FsRtlDoesDbcsContainWildCards( 6805 IN PANSI_STRING Name); 6806 6807NTKERNELAPI 6808BOOLEAN 6809NTAPI 6810FsRtlIsDbcsInExpression( 6811 IN PANSI_STRING Expression, 6812 IN PANSI_STRING Name); 6813 6814NTKERNELAPI 6815BOOLEAN 6816NTAPI 6817FsRtlIsFatDbcsLegal( 6818 IN ANSI_STRING DbcsName, 6819 IN BOOLEAN WildCardsPermissible, 6820 IN BOOLEAN PathNamePermissible, 6821 IN BOOLEAN LeadingBackslashPermissible); 6822 6823NTKERNELAPI 6824BOOLEAN 6825NTAPI 6826FsRtlIsHpfsDbcsLegal( 6827 IN ANSI_STRING DbcsName, 6828 IN BOOLEAN WildCardsPermissible, 6829 IN BOOLEAN PathNamePermissible, 6830 IN BOOLEAN LeadingBackslashPermissible); 6831 6832NTKERNELAPI 6833NTSTATUS 6834NTAPI 6835FsRtlNormalizeNtstatus( 6836 IN NTSTATUS Exception, 6837 IN NTSTATUS GenericException); 6838 6839NTKERNELAPI 6840BOOLEAN 6841NTAPI 6842FsRtlIsNtstatusExpected( 6843 IN NTSTATUS Ntstatus); 6844 6845NTKERNELAPI 6846PERESOURCE 6847NTAPI 6848FsRtlAllocateResource( 6849 VOID); 6850 6851NTKERNELAPI 6852VOID 6853NTAPI 6854FsRtlInitializeLargeMcb( 6855 IN PLARGE_MCB Mcb, 6856 IN POOL_TYPE PoolType); 6857 6858NTKERNELAPI 6859VOID 6860NTAPI 6861FsRtlUninitializeLargeMcb( 6862 IN PLARGE_MCB Mcb); 6863 6864NTKERNELAPI 6865VOID 6866NTAPI 6867FsRtlResetLargeMcb( 6868 IN PLARGE_MCB Mcb, 6869 IN BOOLEAN SelfSynchronized); 6870 6871NTKERNELAPI 6872VOID 6873NTAPI 6874FsRtlTruncateLargeMcb( 6875 IN PLARGE_MCB Mcb, 6876 IN LONGLONG Vbn); 6877 6878NTKERNELAPI 6879BOOLEAN 6880NTAPI 6881FsRtlAddLargeMcbEntry( 6882 IN PLARGE_MCB Mcb, 6883 IN LONGLONG Vbn, 6884 IN LONGLONG Lbn, 6885 IN LONGLONG SectorCount); 6886 6887NTKERNELAPI 6888VOID 6889NTAPI 6890FsRtlRemoveLargeMcbEntry( 6891 IN PLARGE_MCB Mcb, 6892 IN LONGLONG Vbn, 6893 IN LONGLONG SectorCount); 6894 6895NTKERNELAPI 6896BOOLEAN 6897NTAPI 6898FsRtlLookupLargeMcbEntry( 6899 IN PLARGE_MCB Mcb, 6900 IN LONGLONG Vbn, 6901 OUT PLONGLONG Lbn OPTIONAL, 6902 OUT PLONGLONG SectorCountFromLbn OPTIONAL, 6903 OUT PLONGLONG StartingLbn OPTIONAL, 6904 OUT PLONGLONG SectorCountFromStartingLbn OPTIONAL, 6905 OUT PULONG Index OPTIONAL); 6906 6907NTKERNELAPI 6908BOOLEAN 6909NTAPI 6910FsRtlLookupLastLargeMcbEntry( 6911 IN PLARGE_MCB Mcb, 6912 OUT PLONGLONG Vbn, 6913 OUT PLONGLONG Lbn); 6914 6915NTKERNELAPI 6916BOOLEAN 6917NTAPI 6918FsRtlLookupLastLargeMcbEntryAndIndex( 6919 IN PLARGE_MCB OpaqueMcb, 6920 OUT PLONGLONG LargeVbn, 6921 OUT PLONGLONG LargeLbn, 6922 OUT PULONG Index); 6923 6924NTKERNELAPI 6925ULONG 6926NTAPI 6927FsRtlNumberOfRunsInLargeMcb( 6928 IN PLARGE_MCB Mcb); 6929 6930NTKERNELAPI 6931BOOLEAN 6932NTAPI 6933FsRtlGetNextLargeMcbEntry( 6934 IN PLARGE_MCB Mcb, 6935 IN ULONG RunIndex, 6936 OUT PLONGLONG Vbn, 6937 OUT PLONGLONG Lbn, 6938 OUT PLONGLONG SectorCount); 6939 6940NTKERNELAPI 6941BOOLEAN 6942NTAPI 6943FsRtlSplitLargeMcb( 6944 IN PLARGE_MCB Mcb, 6945 IN LONGLONG Vbn, 6946 IN LONGLONG Amount); 6947 6948NTKERNELAPI 6949VOID 6950NTAPI 6951FsRtlInitializeMcb( 6952 IN PMCB Mcb, 6953 IN POOL_TYPE PoolType); 6954 6955NTKERNELAPI 6956VOID 6957NTAPI 6958FsRtlUninitializeMcb( 6959 IN PMCB Mcb); 6960 6961NTKERNELAPI 6962VOID 6963NTAPI 6964FsRtlTruncateMcb( 6965 IN PMCB Mcb, 6966 IN VBN Vbn); 6967 6968NTKERNELAPI 6969BOOLEAN 6970NTAPI 6971FsRtlAddMcbEntry( 6972 IN PMCB Mcb, 6973 IN VBN Vbn, 6974 IN LBN Lbn, 6975 IN ULONG SectorCount); 6976 6977NTKERNELAPI 6978VOID 6979NTAPI 6980FsRtlRemoveMcbEntry( 6981 IN PMCB Mcb, 6982 IN VBN Vbn, 6983 IN ULONG SectorCount); 6984 6985NTKERNELAPI 6986BOOLEAN 6987NTAPI 6988FsRtlLookupMcbEntry( 6989 IN PMCB Mcb, 6990 IN VBN Vbn, 6991 OUT PLBN Lbn, 6992 OUT PULONG SectorCount OPTIONAL, 6993 OUT PULONG Index); 6994 6995NTKERNELAPI 6996BOOLEAN 6997NTAPI 6998FsRtlLookupLastMcbEntry( 6999 IN PMCB Mcb, 7000 OUT PVBN Vbn, 7001 OUT PLBN Lbn); 7002 7003NTKERNELAPI 7004ULONG 7005NTAPI 7006FsRtlNumberOfRunsInMcb( 7007 IN PMCB Mcb); 7008 7009NTKERNELAPI 7010BOOLEAN 7011NTAPI 7012FsRtlGetNextMcbEntry( 7013 IN PMCB Mcb, 7014 IN ULONG RunIndex, 7015 OUT PVBN Vbn, 7016 OUT PLBN Lbn, 7017 OUT PULONG SectorCount); 7018 7019NTKERNELAPI 7020NTSTATUS 7021NTAPI 7022FsRtlBalanceReads( 7023 IN PDEVICE_OBJECT TargetDevice); 7024 7025NTKERNELAPI 7026VOID 7027NTAPI 7028FsRtlInitializeOplock( 7029 IN OUT POPLOCK Oplock); 7030 7031NTKERNELAPI 7032VOID 7033NTAPI 7034FsRtlUninitializeOplock( 7035 IN OUT POPLOCK Oplock); 7036 7037NTKERNELAPI 7038NTSTATUS 7039NTAPI 7040FsRtlOplockFsctrl( 7041 IN POPLOCK Oplock, 7042 IN PIRP Irp, 7043 IN ULONG OpenCount); 7044 7045NTKERNELAPI 7046NTSTATUS 7047NTAPI 7048FsRtlCheckOplock( 7049 IN POPLOCK Oplock, 7050 IN PIRP Irp, 7051 IN PVOID Context, 7052 IN POPLOCK_WAIT_COMPLETE_ROUTINE CompletionRoutine OPTIONAL, 7053 IN POPLOCK_FS_PREPOST_IRP PostIrpRoutine OPTIONAL); 7054 7055NTKERNELAPI 7056BOOLEAN 7057NTAPI 7058FsRtlOplockIsFastIoPossible( 7059 IN POPLOCK Oplock); 7060 7061NTKERNELAPI 7062BOOLEAN 7063NTAPI 7064FsRtlCurrentBatchOplock( 7065 IN POPLOCK Oplock); 7066 7067NTKERNELAPI 7068NTSTATUS 7069NTAPI 7070FsRtlNotifyVolumeEvent( 7071 IN PFILE_OBJECT FileObject, 7072 IN ULONG EventCode); 7073 7074NTKERNELAPI 7075VOID 7076NTAPI 7077FsRtlNotifyInitializeSync( 7078 IN PNOTIFY_SYNC *NotifySync); 7079 7080NTKERNELAPI 7081VOID 7082NTAPI 7083FsRtlNotifyUninitializeSync( 7084 IN PNOTIFY_SYNC *NotifySync); 7085 7086NTKERNELAPI 7087VOID 7088NTAPI 7089FsRtlNotifyFullChangeDirectory( 7090 IN PNOTIFY_SYNC NotifySync, 7091 IN PLIST_ENTRY NotifyList, 7092 IN PVOID FsContext, 7093 IN PSTRING FullDirectoryName, 7094 IN BOOLEAN WatchTree, 7095 IN BOOLEAN IgnoreBuffer, 7096 IN ULONG CompletionFilter, 7097 IN PIRP NotifyIrp OPTIONAL, 7098 IN PCHECK_FOR_TRAVERSE_ACCESS TraverseCallback OPTIONAL, 7099 IN PSECURITY_SUBJECT_CONTEXT SubjectContext OPTIONAL); 7100 7101NTKERNELAPI 7102VOID 7103NTAPI 7104FsRtlNotifyFilterReportChange( 7105 IN PNOTIFY_SYNC NotifySync, 7106 IN PLIST_ENTRY NotifyList, 7107 IN PSTRING FullTargetName, 7108 IN USHORT TargetNameOffset, 7109 IN PSTRING StreamName OPTIONAL, 7110 IN PSTRING NormalizedParentName OPTIONAL, 7111 IN ULONG FilterMatch, 7112 IN ULONG Action, 7113 IN PVOID TargetContext OPTIONAL, 7114 IN PVOID FilterContext OPTIONAL); 7115 7116NTKERNELAPI 7117VOID 7118NTAPI 7119FsRtlNotifyFullReportChange( 7120 IN PNOTIFY_SYNC NotifySync, 7121 IN PLIST_ENTRY NotifyList, 7122 IN PSTRING FullTargetName, 7123 IN USHORT TargetNameOffset, 7124 IN PSTRING StreamName OPTIONAL, 7125 IN PSTRING NormalizedParentName OPTIONAL, 7126 IN ULONG FilterMatch, 7127 IN ULONG Action, 7128 IN PVOID TargetContext OPTIONAL); 7129 7130NTKERNELAPI 7131VOID 7132NTAPI 7133FsRtlNotifyCleanup( 7134 IN PNOTIFY_SYNC NotifySync, 7135 IN PLIST_ENTRY NotifyList, 7136 IN PVOID FsContext); 7137 7138NTKERNELAPI 7139VOID 7140NTAPI 7141FsRtlDissectName( 7142 IN UNICODE_STRING Name, 7143 OUT PUNICODE_STRING FirstPart, 7144 OUT PUNICODE_STRING RemainingPart); 7145 7146NTKERNELAPI 7147BOOLEAN 7148NTAPI 7149FsRtlDoesNameContainWildCards( 7150 IN PUNICODE_STRING Name); 7151 7152NTKERNELAPI 7153BOOLEAN 7154NTAPI 7155FsRtlAreNamesEqual( 7156 IN PCUNICODE_STRING Name1, 7157 IN PCUNICODE_STRING Name2, 7158 IN BOOLEAN IgnoreCase, 7159 IN PCWCH UpcaseTable OPTIONAL); 7160 7161NTKERNELAPI 7162BOOLEAN 7163NTAPI 7164FsRtlIsNameInExpression( 7165 IN PUNICODE_STRING Expression, 7166 IN PUNICODE_STRING Name, 7167 IN BOOLEAN IgnoreCase, 7168 IN PWCHAR UpcaseTable OPTIONAL); 7169 7170NTKERNELAPI 7171VOID 7172NTAPI 7173FsRtlPostPagingFileStackOverflow( 7174 IN PVOID Context, 7175 IN PKEVENT Event, 7176 IN PFSRTL_STACK_OVERFLOW_ROUTINE StackOverflowRoutine); 7177 7178NTKERNELAPI 7179VOID 7180NTAPI 7181FsRtlPostStackOverflow ( 7182 IN PVOID Context, 7183 IN PKEVENT Event, 7184 IN PFSRTL_STACK_OVERFLOW_ROUTINE StackOverflowRoutine); 7185 7186NTKERNELAPI 7187NTSTATUS 7188NTAPI 7189FsRtlRegisterUncProvider( 7190 OUT PHANDLE MupHandle, 7191 IN PUNICODE_STRING RedirectorDeviceName, 7192 IN BOOLEAN MailslotsSupported); 7193 7194NTKERNELAPI 7195VOID 7196NTAPI 7197FsRtlDeregisterUncProvider( 7198 IN HANDLE Handle); 7199 7200NTKERNELAPI 7201VOID 7202NTAPI 7203FsRtlTeardownPerStreamContexts( 7204 IN PFSRTL_ADVANCED_FCB_HEADER AdvancedHeader); 7205 7206NTKERNELAPI 7207NTSTATUS 7208NTAPI 7209FsRtlCreateSectionForDataScan( 7210 OUT PHANDLE SectionHandle, 7211 OUT PVOID *SectionObject, 7212 OUT PLARGE_INTEGER SectionFileSize OPTIONAL, 7213 IN PFILE_OBJECT FileObject, 7214 IN ACCESS_MASK DesiredAccess, 7215 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, 7216 IN PLARGE_INTEGER MaximumSize OPTIONAL, 7217 IN ULONG SectionPageProtection, 7218 IN ULONG AllocationAttributes, 7219 IN ULONG Flags); 7220 7221#endif /* (NTDDI_VERSION >= NTDDI_WIN2K) */ 7222 7223#if (NTDDI_VERSION >= NTDDI_WINXP) 7224 7225NTKERNELAPI 7226VOID 7227NTAPI 7228FsRtlNotifyFilterChangeDirectory( 7229 IN PNOTIFY_SYNC NotifySync, 7230 IN PLIST_ENTRY NotifyList, 7231 IN PVOID FsContext, 7232 IN PSTRING FullDirectoryName, 7233 IN BOOLEAN WatchTree, 7234 IN BOOLEAN IgnoreBuffer, 7235 IN ULONG CompletionFilter, 7236 IN PIRP NotifyIrp OPTIONAL, 7237 IN PCHECK_FOR_TRAVERSE_ACCESS TraverseCallback OPTIONAL, 7238 IN PSECURITY_SUBJECT_CONTEXT SubjectContext OPTIONAL, 7239 IN PFILTER_REPORT_CHANGE FilterCallback OPTIONAL); 7240 7241NTKERNELAPI 7242NTSTATUS 7243NTAPI 7244FsRtlInsertPerStreamContext( 7245 IN PFSRTL_ADVANCED_FCB_HEADER PerStreamContext, 7246 IN PFSRTL_PER_STREAM_CONTEXT Ptr); 7247 7248NTKERNELAPI 7249PFSRTL_PER_STREAM_CONTEXT 7250NTAPI 7251FsRtlLookupPerStreamContextInternal( 7252 IN PFSRTL_ADVANCED_FCB_HEADER StreamContext, 7253 IN PVOID OwnerId OPTIONAL, 7254 IN PVOID InstanceId OPTIONAL); 7255 7256NTKERNELAPI 7257PFSRTL_PER_STREAM_CONTEXT 7258NTAPI 7259FsRtlRemovePerStreamContext( 7260 IN PFSRTL_ADVANCED_FCB_HEADER StreamContext, 7261 IN PVOID OwnerId OPTIONAL, 7262 IN PVOID InstanceId OPTIONAL); 7263 7264NTKERNELAPI 7265VOID 7266NTAPI 7267FsRtlIncrementCcFastReadNotPossible( 7268 VOID); 7269 7270NTKERNELAPI 7271VOID 7272NTAPI 7273FsRtlIncrementCcFastReadWait( 7274 VOID); 7275 7276NTKERNELAPI 7277VOID 7278NTAPI 7279FsRtlIncrementCcFastReadNoWait( 7280 VOID); 7281 7282NTKERNELAPI 7283VOID 7284NTAPI 7285FsRtlIncrementCcFastReadResourceMiss( 7286 VOID); 7287 7288NTKERNELAPI 7289LOGICAL 7290NTAPI 7291FsRtlIsPagingFile( 7292 IN PFILE_OBJECT FileObject); 7293 7294#endif /* (NTDDI_VERSION >= NTDDI_WINXP) */ 7295 7296#if (NTDDI_VERSION >= NTDDI_WS03) 7297 7298NTKERNELAPI 7299VOID 7300NTAPI 7301FsRtlInitializeBaseMcb( 7302 IN PBASE_MCB Mcb, 7303 IN POOL_TYPE PoolType); 7304 7305NTKERNELAPI 7306VOID 7307NTAPI 7308FsRtlUninitializeBaseMcb( 7309 IN PBASE_MCB Mcb); 7310 7311NTKERNELAPI 7312VOID 7313NTAPI 7314FsRtlResetBaseMcb( 7315 IN PBASE_MCB Mcb); 7316 7317NTKERNELAPI 7318VOID 7319NTAPI 7320FsRtlTruncateBaseMcb( 7321 IN PBASE_MCB Mcb, 7322 IN LONGLONG Vbn); 7323 7324NTKERNELAPI 7325BOOLEAN 7326NTAPI 7327FsRtlAddBaseMcbEntry( 7328 IN PBASE_MCB Mcb, 7329 IN LONGLONG Vbn, 7330 IN LONGLONG Lbn, 7331 IN LONGLONG SectorCount); 7332 7333NTKERNELAPI 7334BOOLEAN 7335NTAPI 7336FsRtlRemoveBaseMcbEntry( 7337 IN PBASE_MCB Mcb, 7338 IN LONGLONG Vbn, 7339 IN LONGLONG SectorCount); 7340 7341NTKERNELAPI 7342BOOLEAN 7343NTAPI 7344FsRtlLookupBaseMcbEntry( 7345 IN PBASE_MCB Mcb, 7346 IN LONGLONG Vbn, 7347 OUT PLONGLONG Lbn OPTIONAL, 7348 OUT PLONGLONG SectorCountFromLbn OPTIONAL, 7349 OUT PLONGLONG StartingLbn OPTIONAL, 7350 OUT PLONGLONG SectorCountFromStartingLbn OPTIONAL, 7351 OUT PULONG Index OPTIONAL); 7352 7353NTKERNELAPI 7354BOOLEAN 7355NTAPI 7356FsRtlLookupLastBaseMcbEntry( 7357 IN PBASE_MCB Mcb, 7358 OUT PLONGLONG Vbn, 7359 OUT PLONGLONG Lbn); 7360 7361NTKERNELAPI 7362BOOLEAN 7363NTAPI 7364FsRtlLookupLastBaseMcbEntryAndIndex( 7365 IN PBASE_MCB OpaqueMcb, 7366 IN OUT PLONGLONG LargeVbn, 7367 IN OUT PLONGLONG LargeLbn, 7368 IN OUT PULONG Index); 7369 7370NTKERNELAPI 7371ULONG 7372NTAPI 7373FsRtlNumberOfRunsInBaseMcb( 7374 IN PBASE_MCB Mcb); 7375 7376NTKERNELAPI 7377BOOLEAN 7378NTAPI 7379FsRtlGetNextBaseMcbEntry( 7380 IN PBASE_MCB Mcb, 7381 IN ULONG RunIndex, 7382 OUT PLONGLONG Vbn, 7383 OUT PLONGLONG Lbn, 7384 OUT PLONGLONG SectorCount); 7385 7386NTKERNELAPI 7387BOOLEAN 7388NTAPI 7389FsRtlSplitBaseMcb( 7390 IN PBASE_MCB Mcb, 7391 IN LONGLONG Vbn, 7392 IN LONGLONG Amount); 7393 7394#endif /* (NTDDI_VERSION >= NTDDI_WS03) */ 7395 7396#if (NTDDI_VERSION >= NTDDI_VISTA) 7397 7398BOOLEAN 7399NTAPI 7400FsRtlInitializeBaseMcbEx( 7401 IN PBASE_MCB Mcb, 7402 IN POOL_TYPE PoolType, 7403 IN USHORT Flags); 7404 7405NTSTATUS 7406NTAPI 7407FsRtlAddBaseMcbEntryEx( 7408 IN PBASE_MCB Mcb, 7409 IN LONGLONG Vbn, 7410 IN LONGLONG Lbn, 7411 IN LONGLONG SectorCount); 7412 7413NTKERNELAPI 7414BOOLEAN 7415NTAPI 7416FsRtlCurrentOplock( 7417 IN POPLOCK Oplock); 7418 7419NTKERNELAPI 7420NTSTATUS 7421NTAPI 7422FsRtlOplockBreakToNone( 7423 IN OUT POPLOCK Oplock, 7424 IN PIO_STACK_LOCATION IrpSp OPTIONAL, 7425 IN PIRP Irp, 7426 IN PVOID Context OPTIONAL, 7427 IN POPLOCK_WAIT_COMPLETE_ROUTINE CompletionRoutine OPTIONAL, 7428 IN POPLOCK_FS_PREPOST_IRP PostIrpRoutine OPTIONAL); 7429 7430NTKERNELAPI 7431NTSTATUS 7432NTAPI 7433FsRtlNotifyVolumeEventEx( 7434 IN PFILE_OBJECT FileObject, 7435 IN ULONG EventCode, 7436 IN PTARGET_DEVICE_CUSTOM_NOTIFICATION Event); 7437 7438NTKERNELAPI 7439VOID 7440NTAPI 7441FsRtlNotifyCleanupAll( 7442 IN PNOTIFY_SYNC NotifySync, 7443 IN PLIST_ENTRY NotifyList); 7444 7445NTSTATUS 7446NTAPI 7447FsRtlRegisterUncProviderEx( 7448 OUT PHANDLE MupHandle, 7449 IN PUNICODE_STRING RedirDevName, 7450 IN PDEVICE_OBJECT DeviceObject, 7451 IN ULONG Flags); 7452 7453NTKERNELAPI 7454NTSTATUS 7455NTAPI 7456FsRtlCancellableWaitForSingleObject( 7457 IN PVOID Object, 7458 IN PLARGE_INTEGER Timeout OPTIONAL, 7459 IN PIRP Irp OPTIONAL); 7460 7461NTKERNELAPI 7462NTSTATUS 7463NTAPI 7464FsRtlCancellableWaitForMultipleObjects( 7465 IN ULONG Count, 7466 IN PVOID ObjectArray[], 7467 IN WAIT_TYPE WaitType, 7468 IN PLARGE_INTEGER Timeout OPTIONAL, 7469 IN PKWAIT_BLOCK WaitBlockArray OPTIONAL, 7470 IN PIRP Irp OPTIONAL); 7471 7472NTKERNELAPI 7473NTSTATUS 7474NTAPI 7475FsRtlMupGetProviderInfoFromFileObject( 7476 IN PFILE_OBJECT pFileObject, 7477 IN ULONG Level, 7478 OUT PVOID pBuffer, 7479 IN OUT PULONG pBufferSize); 7480 7481NTKERNELAPI 7482NTSTATUS 7483NTAPI 7484FsRtlMupGetProviderIdFromName( 7485 IN PUNICODE_STRING pProviderName, 7486 OUT PULONG32 pProviderId); 7487 7488NTKERNELAPI 7489VOID 7490NTAPI 7491FsRtlIncrementCcFastMdlReadWait( 7492 VOID); 7493 7494NTKERNELAPI 7495NTSTATUS 7496NTAPI 7497FsRtlValidateReparsePointBuffer( 7498 IN ULONG BufferLength, 7499 IN PREPARSE_DATA_BUFFER ReparseBuffer); 7500 7501NTKERNELAPI 7502NTSTATUS 7503NTAPI 7504FsRtlRemoveDotsFromPath( 7505 IN OUT PWSTR OriginalString, 7506 IN USHORT PathLength, 7507 OUT USHORT *NewLength); 7508 7509NTKERNELAPI 7510NTSTATUS 7511NTAPI 7512FsRtlAllocateExtraCreateParameterList( 7513 IN FSRTL_ALLOCATE_ECPLIST_FLAGS Flags, 7514 OUT PECP_LIST *EcpList); 7515 7516NTKERNELAPI 7517VOID 7518NTAPI 7519FsRtlFreeExtraCreateParameterList( 7520 IN PECP_LIST EcpList); 7521 7522NTKERNELAPI 7523NTSTATUS 7524NTAPI 7525FsRtlAllocateExtraCreateParameter( 7526 IN LPCGUID EcpType, 7527 IN ULONG SizeOfContext, 7528 IN FSRTL_ALLOCATE_ECP_FLAGS Flags, 7529 IN PFSRTL_EXTRA_CREATE_PARAMETER_CLEANUP_CALLBACK CleanupCallback OPTIONAL, 7530 IN ULONG PoolTag, 7531 OUT PVOID *EcpContext); 7532 7533NTKERNELAPI 7534VOID 7535NTAPI 7536FsRtlFreeExtraCreateParameter( 7537 IN PVOID EcpContext); 7538 7539NTKERNELAPI 7540VOID 7541NTAPI 7542FsRtlInitExtraCreateParameterLookasideList( 7543 IN OUT PVOID Lookaside, 7544 IN FSRTL_ECP_LOOKASIDE_FLAGS Flags, 7545 IN SIZE_T Size, 7546 IN ULONG Tag); 7547 7548VOID 7549NTAPI 7550FsRtlDeleteExtraCreateParameterLookasideList( 7551 IN OUT PVOID Lookaside, 7552 IN FSRTL_ECP_LOOKASIDE_FLAGS Flags); 7553 7554NTKERNELAPI 7555NTSTATUS 7556NTAPI 7557FsRtlAllocateExtraCreateParameterFromLookasideList( 7558 IN LPCGUID EcpType, 7559 IN ULONG SizeOfContext, 7560 IN FSRTL_ALLOCATE_ECP_FLAGS Flags, 7561 IN PFSRTL_EXTRA_CREATE_PARAMETER_CLEANUP_CALLBACK CleanupCallback OPTIONAL, 7562 IN OUT PVOID LookasideList, 7563 OUT PVOID *EcpContext); 7564 7565NTKERNELAPI 7566NTSTATUS 7567NTAPI 7568FsRtlInsertExtraCreateParameter( 7569 IN OUT PECP_LIST EcpList, 7570 IN OUT PVOID EcpContext); 7571 7572NTKERNELAPI 7573NTSTATUS 7574NTAPI 7575FsRtlFindExtraCreateParameter( 7576 IN PECP_LIST EcpList, 7577 IN LPCGUID EcpType, 7578 OUT PVOID *EcpContext OPTIONAL, 7579 OUT ULONG *EcpContextSize OPTIONAL); 7580 7581NTKERNELAPI 7582NTSTATUS 7583NTAPI 7584FsRtlRemoveExtraCreateParameter( 7585 IN OUT PECP_LIST EcpList, 7586 IN LPCGUID EcpType, 7587 OUT PVOID *EcpContext, 7588 OUT ULONG *EcpContextSize OPTIONAL); 7589 7590NTKERNELAPI 7591NTSTATUS 7592NTAPI 7593FsRtlGetEcpListFromIrp( 7594 IN PIRP Irp, 7595 OUT PECP_LIST *EcpList OPTIONAL); 7596 7597NTKERNELAPI 7598NTSTATUS 7599NTAPI 7600FsRtlSetEcpListIntoIrp( 7601 IN OUT PIRP Irp, 7602 IN PECP_LIST EcpList); 7603 7604NTKERNELAPI 7605NTSTATUS 7606NTAPI 7607FsRtlGetNextExtraCreateParameter( 7608 IN PECP_LIST EcpList, 7609 IN PVOID CurrentEcpContext OPTIONAL, 7610 OUT LPGUID NextEcpType OPTIONAL, 7611 OUT PVOID *NextEcpContext OPTIONAL, 7612 OUT ULONG *NextEcpContextSize OPTIONAL); 7613 7614NTKERNELAPI 7615VOID 7616NTAPI 7617FsRtlAcknowledgeEcp( 7618 IN PVOID EcpContext); 7619 7620NTKERNELAPI 7621BOOLEAN 7622NTAPI 7623FsRtlIsEcpAcknowledged( 7624 IN PVOID EcpContext); 7625 7626NTKERNELAPI 7627BOOLEAN 7628NTAPI 7629FsRtlIsEcpFromUserMode( 7630 IN PVOID EcpContext); 7631 7632NTKERNELAPI 7633NTSTATUS 7634NTAPI 7635FsRtlChangeBackingFileObject( 7636 IN PFILE_OBJECT CurrentFileObject OPTIONAL, 7637 IN PFILE_OBJECT NewFileObject, 7638 IN FSRTL_CHANGE_BACKING_TYPE ChangeBackingType, 7639 IN ULONG Flags); 7640 7641NTKERNELAPI 7642NTSTATUS 7643NTAPI 7644FsRtlLogCcFlushError( 7645 IN PUNICODE_STRING FileName, 7646 IN PDEVICE_OBJECT DeviceObject, 7647 IN PSECTION_OBJECT_POINTERS SectionObjectPointer, 7648 IN NTSTATUS FlushError, 7649 IN ULONG Flags); 7650 7651NTKERNELAPI 7652BOOLEAN 7653NTAPI 7654FsRtlAreVolumeStartupApplicationsComplete( 7655 VOID); 7656 7657NTKERNELAPI 7658ULONG 7659NTAPI 7660FsRtlQueryMaximumVirtualDiskNestingLevel( 7661 VOID); 7662 7663NTKERNELAPI 7664NTSTATUS 7665NTAPI 7666FsRtlGetVirtualDiskNestingLevel( 7667 IN PDEVICE_OBJECT DeviceObject, 7668 OUT PULONG NestingLevel, 7669 OUT PULONG NestingFlags OPTIONAL); 7670 7671#endif /* (NTDDI_VERSION >= NTDDI_VISTA) */ 7672 7673#if (NTDDI_VERSION >= NTDDI_VISTASP1) 7674NTKERNELAPI 7675NTSTATUS 7676NTAPI 7677FsRtlCheckOplockEx( 7678 IN POPLOCK Oplock, 7679 IN PIRP Irp, 7680 IN ULONG Flags, 7681 IN PVOID Context OPTIONAL, 7682 IN POPLOCK_WAIT_COMPLETE_ROUTINE CompletionRoutine OPTIONAL, 7683 IN POPLOCK_FS_PREPOST_IRP PostIrpRoutine OPTIONAL); 7684 7685#endif 7686 7687#if (NTDDI_VERSION >= NTDDI_WIN7) 7688 7689NTKERNELAPI 7690BOOLEAN 7691NTAPI 7692FsRtlAreThereCurrentOrInProgressFileLocks( 7693 IN PFILE_LOCK FileLock); 7694 7695NTKERNELAPI 7696BOOLEAN 7697NTAPI 7698FsRtlOplockIsSharedRequest( 7699 IN PIRP Irp); 7700 7701NTKERNELAPI 7702NTSTATUS 7703NTAPI 7704FsRtlOplockBreakH( 7705 IN POPLOCK Oplock, 7706 IN PIRP Irp, 7707 IN ULONG Flags, 7708 IN PVOID Context OPTIONAL, 7709 IN POPLOCK_WAIT_COMPLETE_ROUTINE CompletionRoutine OPTIONAL, 7710 IN POPLOCK_FS_PREPOST_IRP PostIrpRoutine OPTIONAL); 7711 7712NTKERNELAPI 7713BOOLEAN 7714NTAPI 7715FsRtlCurrentOplockH( 7716 IN POPLOCK Oplock); 7717 7718NTKERNELAPI 7719NTSTATUS 7720NTAPI 7721FsRtlOplockBreakToNoneEx( 7722 IN OUT POPLOCK Oplock, 7723 IN PIRP Irp, 7724 IN ULONG Flags, 7725 IN PVOID Context OPTIONAL, 7726 IN POPLOCK_WAIT_COMPLETE_ROUTINE CompletionRoutine OPTIONAL, 7727 IN POPLOCK_FS_PREPOST_IRP PostIrpRoutine OPTIONAL); 7728 7729NTKERNELAPI 7730NTSTATUS 7731NTAPI 7732FsRtlOplockFsctrlEx( 7733 IN POPLOCK Oplock, 7734 IN PIRP Irp, 7735 IN ULONG OpenCount, 7736 IN ULONG Flags); 7737 7738NTKERNELAPI 7739BOOLEAN 7740NTAPI 7741FsRtlOplockKeysEqual( 7742 IN PFILE_OBJECT Fo1 OPTIONAL, 7743 IN PFILE_OBJECT Fo2 OPTIONAL); 7744 7745NTKERNELAPI 7746NTSTATUS 7747NTAPI 7748FsRtlInitializeExtraCreateParameterList( 7749 IN OUT PECP_LIST EcpList); 7750 7751NTKERNELAPI 7752VOID 7753NTAPI 7754FsRtlInitializeExtraCreateParameter( 7755 IN PECP_HEADER Ecp, 7756 IN ULONG EcpFlags, 7757 IN PFSRTL_EXTRA_CREATE_PARAMETER_CLEANUP_CALLBACK CleanupCallback OPTIONAL, 7758 IN ULONG TotalSize, 7759 IN LPCGUID EcpType, 7760 IN PVOID ListAllocatedFrom OPTIONAL); 7761 7762#endif /* (NTDDI_VERSION >= NTDDI_WIN7) */ 7763 7764NTKERNELAPI 7765NTSTATUS 7766NTAPI 7767FsRtlInsertPerFileContext( 7768 IN PVOID* PerFileContextPointer, 7769 IN PFSRTL_PER_FILE_CONTEXT Ptr); 7770 7771NTKERNELAPI 7772PFSRTL_PER_FILE_CONTEXT 7773NTAPI 7774FsRtlLookupPerFileContext( 7775 IN PVOID* PerFileContextPointer, 7776 IN PVOID OwnerId OPTIONAL, 7777 IN PVOID InstanceId OPTIONAL); 7778 7779NTKERNELAPI 7780PFSRTL_PER_FILE_CONTEXT 7781NTAPI 7782FsRtlRemovePerFileContext( 7783 IN PVOID* PerFileContextPointer, 7784 IN PVOID OwnerId OPTIONAL, 7785 IN PVOID InstanceId OPTIONAL); 7786 7787NTKERNELAPI 7788VOID 7789NTAPI 7790FsRtlTeardownPerFileContexts( 7791 IN PVOID* PerFileContextPointer); 7792 7793NTKERNELAPI 7794NTSTATUS 7795NTAPI 7796FsRtlInsertPerFileObjectContext( 7797 IN PFILE_OBJECT FileObject, 7798 IN PFSRTL_PER_FILEOBJECT_CONTEXT Ptr); 7799 7800NTKERNELAPI 7801PFSRTL_PER_FILEOBJECT_CONTEXT 7802NTAPI 7803FsRtlLookupPerFileObjectContext( 7804 IN PFILE_OBJECT FileObject, 7805 IN PVOID OwnerId OPTIONAL, 7806 IN PVOID InstanceId OPTIONAL); 7807 7808NTKERNELAPI 7809PFSRTL_PER_FILEOBJECT_CONTEXT 7810NTAPI 7811FsRtlRemovePerFileObjectContext( 7812 IN PFILE_OBJECT FileObject, 7813 IN PVOID OwnerId OPTIONAL, 7814 IN PVOID InstanceId OPTIONAL); 7815 7816#define FsRtlFastLock(A1, A2, A3, A4, A5, A6, A7, A8, A9, A10, A11) ( \ 7817 FsRtlPrivateLock(A1, A2, A3, A4, A5, A6, A7, A8, A9, NULL, A10, A11) \ 7818) 7819 7820#define FsRtlAreThereCurrentFileLocks(FL) ( \ 7821 ((FL)->FastIoIsQuestionable) \ 7822) 7823 7824#define FsRtlIncrementLockRequestsInProgress(FL) { \ 7825 ASSERT( (FL)->LockRequestsInProgress >= 0 ); \ 7826 (void) \ 7827 (InterlockedIncrement((LONG volatile *)&((FL)->LockRequestsInProgress)));\ 7828} 7829 7830#define FsRtlDecrementLockRequestsInProgress(FL) { \ 7831 ASSERT( (FL)->LockRequestsInProgress > 0 ); \ 7832 (void) \ 7833 (InterlockedDecrement((LONG volatile *)&((FL)->LockRequestsInProgress)));\ 7834} 7835 7836/* GCC compatible definition, MS one is retarded */ 7837extern NTKERNELAPI const UCHAR * const FsRtlLegalAnsiCharacterArray; 7838#define LEGAL_ANSI_CHARACTER_ARRAY FsRtlLegalAnsiCharacterArray 7839 7840#define FsRtlIsAnsiCharacterWild(C) ( \ 7841 FlagOn(FsRtlLegalAnsiCharacterArray[(UCHAR)(C)], FSRTL_WILD_CHARACTER ) \ 7842) 7843 7844#define FsRtlIsAnsiCharacterLegalFat(C, WILD) ( \ 7845 FlagOn(FsRtlLegalAnsiCharacterArray[(UCHAR)(C)], (FSRTL_FAT_LEGAL) | \ 7846 ((WILD) ? FSRTL_WILD_CHARACTER : 0 )) \ 7847) 7848 7849#define FsRtlIsAnsiCharacterLegalHpfs(C, WILD) ( \ 7850 FlagOn(FsRtlLegalAnsiCharacterArray[(UCHAR)(C)], (FSRTL_HPFS_LEGAL) | \ 7851 ((WILD) ? FSRTL_WILD_CHARACTER : 0 )) \ 7852) 7853 7854#define FsRtlIsAnsiCharacterLegalNtfs(C, WILD) ( \ 7855 FlagOn(FsRtlLegalAnsiCharacterArray[(UCHAR)(C)], (FSRTL_NTFS_LEGAL) | \ 7856 ((WILD) ? FSRTL_WILD_CHARACTER : 0 )) \ 7857) 7858 7859#define FsRtlIsAnsiCharacterLegalNtfsStream(C,WILD_OK) ( \ 7860 FsRtlTestAnsiCharacter((C), TRUE, (WILD_OK), FSRTL_NTFS_STREAM_LEGAL) \ 7861) 7862 7863#define FsRtlIsAnsiCharacterLegal(C,FLAGS) ( \ 7864 FsRtlTestAnsiCharacter((C), TRUE, FALSE, (FLAGS)) \ 7865) 7866 7867#define FsRtlTestAnsiCharacter(C, DEFAULT_RET, WILD_OK, FLAGS) ( \ 7868 ((SCHAR)(C) < 0) ? DEFAULT_RET : \ 7869 FlagOn( LEGAL_ANSI_CHARACTER_ARRAY[(C)], \ 7870 (FLAGS) | \ 7871 ((WILD_OK) ? FSRTL_WILD_CHARACTER : 0) ) \ 7872) 7873 7874#define FsRtlIsLeadDbcsCharacter(DBCS_CHAR) ( \ 7875 (BOOLEAN)((UCHAR)(DBCS_CHAR) < 0x80 ? FALSE : \ 7876 (NLS_MB_CODE_PAGE_TAG && \ 7877 (NLS_OEM_LEAD_BYTE_INFO[(UCHAR)(DBCS_CHAR)] != 0))) \ 7878) 7879 7880#define FsRtlIsUnicodeCharacterWild(C) ( \ 7881 (((C) >= 0x40) ? \ 7882 FALSE : \ 7883 FlagOn(FsRtlLegalAnsiCharacterArray[(C)], FSRTL_WILD_CHARACTER )) \ 7884) 7885 7886#define FsRtlInitPerFileContext( _fc, _owner, _inst, _cb) \ 7887 ((_fc)->OwnerId = (_owner), \ 7888 (_fc)->InstanceId = (_inst), \ 7889 (_fc)->FreeCallback = (_cb)) 7890 7891#define FsRtlGetPerFileContextPointer(_fo) \ 7892 (FsRtlSupportsPerFileContexts(_fo) ? \ 7893 FsRtlGetPerStreamContextPointer(_fo)->FileContextSupportPointer : \ 7894 NULL) 7895 7896#define FsRtlSupportsPerFileContexts(_fo) \ 7897 ((FsRtlGetPerStreamContextPointer(_fo) != NULL) && \ 7898 (FsRtlGetPerStreamContextPointer(_fo)->Version >= FSRTL_FCB_HEADER_V1) && \ 7899 (FsRtlGetPerStreamContextPointer(_fo)->FileContextSupportPointer != NULL)) 7900 7901#define FsRtlSetupAdvancedHeaderEx( _advhdr, _fmutx, _fctxptr ) \ 7902{ \ 7903 FsRtlSetupAdvancedHeader( _advhdr, _fmutx ); \ 7904 if ((_fctxptr) != NULL) { \ 7905 (_advhdr)->FileContextSupportPointer = (_fctxptr); \ 7906 } \ 7907} 7908 7909#define FsRtlGetPerStreamContextPointer(FO) ( \ 7910 (PFSRTL_ADVANCED_FCB_HEADER)(FO)->FsContext \ 7911) 7912 7913#define FsRtlInitPerStreamContext(PSC, O, I, FC) ( \ 7914 (PSC)->OwnerId = (O), \ 7915 (PSC)->InstanceId = (I), \ 7916 (PSC)->FreeCallback = (FC) \ 7917) 7918 7919#define FsRtlSupportsPerStreamContexts(FO) ( \ 7920 (BOOLEAN)((NULL != FsRtlGetPerStreamContextPointer(FO) && \ 7921 FlagOn(FsRtlGetPerStreamContextPointer(FO)->Flags2, \ 7922 FSRTL_FLAG2_SUPPORTS_FILTER_CONTEXTS)) \ 7923) 7924 7925#define FsRtlLookupPerStreamContext(_sc, _oid, _iid) \ 7926 (((NULL != (_sc)) && \ 7927 FlagOn((_sc)->Flags2,FSRTL_FLAG2_SUPPORTS_FILTER_CONTEXTS) && \ 7928 !IsListEmpty(&(_sc)->FilterContexts)) ? \ 7929 FsRtlLookupPerStreamContextInternal((_sc), (_oid), (_iid)) : \ 7930 NULL) 7931 7932FORCEINLINE 7933VOID 7934NTAPI 7935FsRtlSetupAdvancedHeader( 7936 IN PVOID AdvHdr, 7937 IN PFAST_MUTEX FMutex ) 7938{ 7939 PFSRTL_ADVANCED_FCB_HEADER localAdvHdr = (PFSRTL_ADVANCED_FCB_HEADER)AdvHdr; 7940 7941 localAdvHdr->Flags |= FSRTL_FLAG_ADVANCED_HEADER; 7942 localAdvHdr->Flags2 |= FSRTL_FLAG2_SUPPORTS_FILTER_CONTEXTS; 7943#if (NTDDI_VERSION >= NTDDI_VISTA) 7944 localAdvHdr->Version = FSRTL_FCB_HEADER_V1; 7945#else 7946 localAdvHdr->Version = FSRTL_FCB_HEADER_V0; 7947#endif 7948 InitializeListHead( &localAdvHdr->FilterContexts ); 7949 if (FMutex != NULL) { 7950 localAdvHdr->FastMutex = FMutex; 7951 } 7952#if (NTDDI_VERSION >= NTDDI_VISTA) 7953 *((PULONG_PTR)(&localAdvHdr->PushLock)) = 0; 7954 localAdvHdr->FileContextSupportPointer = NULL; 7955#endif 7956} 7957 7958#define FsRtlInitPerFileObjectContext(_fc, _owner, _inst) \ 7959 ((_fc)->OwnerId = (_owner), (_fc)->InstanceId = (_inst)) 7960 7961#define FsRtlCompleteRequest(IRP,STATUS) { \ 7962 (IRP)->IoStatus.Status = (STATUS); \ 7963 IoCompleteRequest( (IRP), IO_DISK_INCREMENT ); \ 7964} 7965/* Common Cache Types */ 7966 7967#define VACB_MAPPING_GRANULARITY (0x40000) 7968#define VACB_OFFSET_SHIFT (18) 7969 7970typedef struct _PUBLIC_BCB { 7971 CSHORT NodeTypeCode; 7972 CSHORT NodeByteSize; 7973 ULONG MappedLength; 7974 LARGE_INTEGER MappedFileOffset; 7975} PUBLIC_BCB, *PPUBLIC_BCB; 7976 7977typedef struct _CC_FILE_SIZES { 7978 LARGE_INTEGER AllocationSize; 7979 LARGE_INTEGER FileSize; 7980 LARGE_INTEGER ValidDataLength; 7981} CC_FILE_SIZES, *PCC_FILE_SIZES; 7982 7983typedef BOOLEAN 7984(NTAPI *PACQUIRE_FOR_LAZY_WRITE) ( 7985 IN PVOID Context, 7986 IN BOOLEAN Wait); 7987 7988typedef VOID 7989(NTAPI *PRELEASE_FROM_LAZY_WRITE) ( 7990 IN PVOID Context); 7991 7992typedef BOOLEAN 7993(NTAPI *PACQUIRE_FOR_READ_AHEAD) ( 7994 IN PVOID Context, 7995 IN BOOLEAN Wait); 7996 7997typedef VOID 7998(NTAPI *PRELEASE_FROM_READ_AHEAD) ( 7999 IN PVOID Context); 8000 8001typedef struct _CACHE_MANAGER_CALLBACKS { 8002 PACQUIRE_FOR_LAZY_WRITE AcquireForLazyWrite; 8003 PRELEASE_FROM_LAZY_WRITE ReleaseFromLazyWrite; 8004 PACQUIRE_FOR_READ_AHEAD AcquireForReadAhead; 8005 PRELEASE_FROM_READ_AHEAD ReleaseFromReadAhead; 8006} CACHE_MANAGER_CALLBACKS, *PCACHE_MANAGER_CALLBACKS; 8007 8008typedef struct _CACHE_UNINITIALIZE_EVENT { 8009 struct _CACHE_UNINITIALIZE_EVENT *Next; 8010 KEVENT Event; 8011} CACHE_UNINITIALIZE_EVENT, *PCACHE_UNINITIALIZE_EVENT; 8012 8013typedef VOID 8014(NTAPI *PDIRTY_PAGE_ROUTINE) ( 8015 IN PFILE_OBJECT FileObject, 8016 IN PLARGE_INTEGER FileOffset, 8017 IN ULONG Length, 8018 IN PLARGE_INTEGER OldestLsn, 8019 IN PLARGE_INTEGER NewestLsn, 8020 IN PVOID Context1, 8021 IN PVOID Context2); 8022 8023typedef VOID 8024(NTAPI *PFLUSH_TO_LSN) ( 8025 IN PVOID LogHandle, 8026 IN LARGE_INTEGER Lsn); 8027 8028typedef VOID 8029(NTAPI *PCC_POST_DEFERRED_WRITE) ( 8030 IN PVOID Context1, 8031 IN PVOID Context2); 8032 8033#define UNINITIALIZE_CACHE_MAPS (1) 8034#define DO_NOT_RETRY_PURGE (2) 8035#define DO_NOT_PURGE_DIRTY_PAGES (0x4) 8036 8037#define CC_FLUSH_AND_PURGE_NO_PURGE (0x1) 8038/* Common Cache Functions */ 8039 8040#define CcIsFileCached(FO) ( \ 8041 ((FO)->SectionObjectPointer != NULL) && \ 8042 (((PSECTION_OBJECT_POINTERS)(FO)->SectionObjectPointer)->SharedCacheMap != NULL) \ 8043) 8044 8045extern ULONG CcFastMdlReadWait; 8046 8047#if (NTDDI_VERSION >= NTDDI_WIN2K) 8048 8049NTKERNELAPI 8050VOID 8051NTAPI 8052CcInitializeCacheMap( 8053 IN PFILE_OBJECT FileObject, 8054 IN PCC_FILE_SIZES FileSizes, 8055 IN BOOLEAN PinAccess, 8056 IN PCACHE_MANAGER_CALLBACKS Callbacks, 8057 IN PVOID LazyWriteContext); 8058 8059NTKERNELAPI 8060BOOLEAN 8061NTAPI 8062CcUninitializeCacheMap( 8063 IN PFILE_OBJECT FileObject, 8064 IN PLARGE_INTEGER TruncateSize OPTIONAL, 8065 IN PCACHE_UNINITIALIZE_EVENT UninitializeCompleteEvent OPTIONAL); 8066 8067NTKERNELAPI 8068VOID 8069NTAPI 8070CcSetFileSizes( 8071 IN PFILE_OBJECT FileObject, 8072 IN PCC_FILE_SIZES FileSizes); 8073 8074NTKERNELAPI 8075VOID 8076NTAPI 8077CcSetDirtyPageThreshold( 8078 IN PFILE_OBJECT FileObject, 8079 IN ULONG DirtyPageThreshold); 8080 8081NTKERNELAPI 8082VOID 8083NTAPI 8084CcFlushCache( 8085 IN PSECTION_OBJECT_POINTERS SectionObjectPointer, 8086 IN PLARGE_INTEGER FileOffset OPTIONAL, 8087 IN ULONG Length, 8088 OUT PIO_STATUS_BLOCK IoStatus OPTIONAL); 8089 8090NTKERNELAPI 8091LARGE_INTEGER 8092NTAPI 8093CcGetFlushedValidData( 8094 IN PSECTION_OBJECT_POINTERS SectionObjectPointer, 8095 IN BOOLEAN BcbListHeld); 8096 8097NTKERNELAPI 8098BOOLEAN 8099NTAPI 8100CcZeroData( 8101 IN PFILE_OBJECT FileObject, 8102 IN PLARGE_INTEGER StartOffset, 8103 IN PLARGE_INTEGER EndOffset, 8104 IN BOOLEAN Wait); 8105 8106NTKERNELAPI 8107PVOID 8108NTAPI 8109CcRemapBcb( 8110 IN PVOID Bcb); 8111 8112NTKERNELAPI 8113VOID 8114NTAPI 8115CcRepinBcb( 8116 IN PVOID Bcb); 8117 8118NTKERNELAPI 8119VOID 8120NTAPI 8121CcUnpinRepinnedBcb( 8122 IN PVOID Bcb, 8123 IN BOOLEAN WriteThrough, 8124 OUT PIO_STATUS_BLOCK IoStatus); 8125 8126NTKERNELAPI 8127PFILE_OBJECT 8128NTAPI 8129CcGetFileObjectFromSectionPtrs( 8130 IN PSECTION_OBJECT_POINTERS SectionObjectPointer); 8131 8132NTKERNELAPI 8133PFILE_OBJECT 8134NTAPI 8135CcGetFileObjectFromBcb( 8136 IN PVOID Bcb); 8137 8138NTKERNELAPI 8139BOOLEAN 8140NTAPI 8141CcCanIWrite( 8142 IN PFILE_OBJECT FileObject, 8143 IN ULONG BytesToWrite, 8144 IN BOOLEAN Wait, 8145 IN BOOLEAN Retrying); 8146 8147NTKERNELAPI 8148VOID 8149NTAPI 8150CcDeferWrite( 8151 IN PFILE_OBJECT FileObject, 8152 IN PCC_POST_DEFERRED_WRITE PostRoutine, 8153 IN PVOID Context1, 8154 IN PVOID Context2, 8155 IN ULONG BytesToWrite, 8156 IN BOOLEAN Retrying); 8157 8158NTKERNELAPI 8159BOOLEAN 8160NTAPI 8161CcCopyRead( 8162 IN PFILE_OBJECT FileObject, 8163 IN PLARGE_INTEGER FileOffset, 8164 IN ULONG Length, 8165 IN BOOLEAN Wait, 8166 OUT PVOID Buffer, 8167 OUT PIO_STATUS_BLOCK IoStatus); 8168 8169NTKERNELAPI 8170VOID 8171NTAPI 8172CcFastCopyRead( 8173 IN PFILE_OBJECT FileObject, 8174 IN ULONG FileOffset, 8175 IN ULONG Length, 8176 IN ULONG PageCount, 8177 OUT PVOID Buffer, 8178 OUT PIO_STATUS_BLOCK IoStatus); 8179 8180NTKERNELAPI 8181BOOLEAN 8182NTAPI 8183CcCopyWrite( 8184 IN PFILE_OBJECT FileObject, 8185 IN PLARGE_INTEGER FileOffset, 8186 IN ULONG Length, 8187 IN BOOLEAN Wait, 8188 IN PVOID Buffer); 8189 8190NTKERNELAPI 8191VOID 8192NTAPI 8193CcFastCopyWrite( 8194 IN PFILE_OBJECT FileObject, 8195 IN ULONG FileOffset, 8196 IN ULONG Length, 8197 IN PVOID Buffer); 8198 8199NTKERNELAPI 8200VOID 8201NTAPI 8202CcMdlRead( 8203 IN PFILE_OBJECT FileObject, 8204 IN PLARGE_INTEGER FileOffset, 8205 IN ULONG Length, 8206 OUT PMDL *MdlChain, 8207 OUT PIO_STATUS_BLOCK IoStatus); 8208 8209NTKERNELAPI 8210VOID 8211NTAPI 8212CcMdlReadComplete( 8213 IN PFILE_OBJECT FileObject, 8214 IN PMDL MdlChain); 8215 8216NTKERNELAPI 8217VOID 8218NTAPI 8219CcPrepareMdlWrite( 8220 IN PFILE_OBJECT FileObject, 8221 IN PLARGE_INTEGER FileOffset, 8222 IN ULONG Length, 8223 OUT PMDL *MdlChain, 8224 OUT PIO_STATUS_BLOCK IoStatus); 8225 8226NTKERNELAPI 8227VOID 8228NTAPI 8229CcMdlWriteComplete( 8230 IN PFILE_OBJECT FileObject, 8231 IN PLARGE_INTEGER FileOffset, 8232 IN PMDL MdlChain); 8233 8234NTKERNELAPI 8235VOID 8236NTAPI 8237CcScheduleReadAhead( 8238 IN PFILE_OBJECT FileObject, 8239 IN PLARGE_INTEGER FileOffset, 8240 IN ULONG Length); 8241 8242NTKERNELAPI 8243NTSTATUS 8244NTAPI 8245CcWaitForCurrentLazyWriterActivity( 8246 VOID); 8247 8248NTKERNELAPI 8249VOID 8250NTAPI 8251CcSetReadAheadGranularity( 8252 IN PFILE_OBJECT FileObject, 8253 IN ULONG Granularity); 8254 8255NTKERNELAPI 8256BOOLEAN 8257NTAPI 8258CcPinRead( 8259 IN PFILE_OBJECT FileObject, 8260 IN PLARGE_INTEGER FileOffset, 8261 IN ULONG Length, 8262 IN ULONG Flags, 8263 OUT PVOID *Bcb, 8264 OUT PVOID *Buffer); 8265 8266NTKERNELAPI 8267BOOLEAN 8268NTAPI 8269CcPinMappedData( 8270 IN PFILE_OBJECT FileObject, 8271 IN PLARGE_INTEGER FileOffset, 8272 IN ULONG Length, 8273 IN ULONG Flags, 8274 IN OUT PVOID *Bcb); 8275 8276NTKERNELAPI 8277BOOLEAN 8278NTAPI 8279CcPreparePinWrite( 8280 IN PFILE_OBJECT FileObject, 8281 IN PLARGE_INTEGER FileOffset, 8282 IN ULONG Length, 8283 IN BOOLEAN Zero, 8284 IN ULONG Flags, 8285 OUT PVOID *Bcb, 8286 OUT PVOID *Buffer); 8287 8288NTKERNELAPI 8289VOID 8290NTAPI 8291CcSetDirtyPinnedData( 8292 IN PVOID BcbVoid, 8293 IN PLARGE_INTEGER Lsn OPTIONAL); 8294 8295NTKERNELAPI 8296VOID 8297NTAPI 8298CcUnpinData( 8299 IN PVOID Bcb); 8300 8301NTKERNELAPI 8302VOID 8303NTAPI 8304CcSetBcbOwnerPointer( 8305 IN PVOID Bcb, 8306 IN PVOID OwnerPointer); 8307 8308NTKERNELAPI 8309VOID 8310NTAPI 8311CcUnpinDataForThread( 8312 IN PVOID Bcb, 8313 IN ERESOURCE_THREAD ResourceThreadId); 8314 8315NTKERNELAPI 8316VOID 8317NTAPI 8318CcSetAdditionalCacheAttributes( 8319 IN PFILE_OBJECT FileObject, 8320 IN BOOLEAN DisableReadAhead, 8321 IN BOOLEAN DisableWriteBehind); 8322 8323NTKERNELAPI 8324BOOLEAN 8325NTAPI 8326CcIsThereDirtyData( 8327 IN PVPB Vpb); 8328 8329#endif /* (NTDDI_VERSION >= NTDDI_WIN2K) */ 8330 8331#if (NTDDI_VERSION >= NTDDI_WINXP) 8332 8333NTKERNELAPI 8334VOID 8335NTAPI 8336CcMdlWriteAbort( 8337 IN PFILE_OBJECT FileObject, 8338 IN PMDL MdlChain); 8339 8340NTKERNELAPI 8341VOID 8342NTAPI 8343CcSetLogHandleForFile( 8344 IN PFILE_OBJECT FileObject, 8345 IN PVOID LogHandle, 8346 IN PFLUSH_TO_LSN FlushToLsnRoutine); 8347 8348NTKERNELAPI 8349LARGE_INTEGER 8350NTAPI 8351CcGetDirtyPages( 8352 IN PVOID LogHandle, 8353 IN PDIRTY_PAGE_ROUTINE DirtyPageRoutine, 8354 IN PVOID Context1, 8355 IN PVOID Context2); 8356 8357#endif 8358 8359#if (NTDDI_VERSION >= NTDDI_WINXP) 8360NTKERNELAPI 8361BOOLEAN 8362NTAPI 8363CcMapData( 8364 IN PFILE_OBJECT FileObject, 8365 IN PLARGE_INTEGER FileOffset, 8366 IN ULONG Length, 8367 IN ULONG Flags, 8368 OUT PVOID *Bcb, 8369 OUT PVOID *Buffer); 8370#elif (NTDDI_VERSION >= NTDDI_WIN2K) 8371NTKERNELAPI 8372BOOLEAN 8373NTAPI 8374CcMapData( 8375 IN PFILE_OBJECT FileObject, 8376 IN PLARGE_INTEGER FileOffset, 8377 IN ULONG Length, 8378 IN BOOLEAN Wait, 8379 OUT PVOID *Bcb, 8380 OUT PVOID *Buffer); 8381#endif 8382 8383#if (NTDDI_VERSION >= NTDDI_VISTA) 8384 8385NTKERNELAPI 8386NTSTATUS 8387NTAPI 8388CcSetFileSizesEx( 8389 IN PFILE_OBJECT FileObject, 8390 IN PCC_FILE_SIZES FileSizes); 8391 8392NTKERNELAPI 8393PFILE_OBJECT 8394NTAPI 8395CcGetFileObjectFromSectionPtrsRef( 8396 IN PSECTION_OBJECT_POINTERS SectionObjectPointer); 8397 8398NTKERNELAPI 8399VOID 8400NTAPI 8401CcSetParallelFlushFile( 8402 IN PFILE_OBJECT FileObject, 8403 IN BOOLEAN EnableParallelFlush); 8404 8405NTKERNELAPI 8406BOOLEAN 8407CcIsThereDirtyDataEx( 8408 IN PVPB Vpb, 8409 IN PULONG NumberOfDirtyPages OPTIONAL); 8410 8411#endif 8412 8413#if (NTDDI_VERSION >= NTDDI_WIN7) 8414NTKERNELAPI 8415VOID 8416NTAPI 8417CcCoherencyFlushAndPurgeCache( 8418 IN PSECTION_OBJECT_POINTERS SectionObjectPointer, 8419 IN PLARGE_INTEGER FileOffset OPTIONAL, 8420 IN ULONG Length, 8421 OUT PIO_STATUS_BLOCK IoStatus, 8422 IN ULONG Flags OPTIONAL); 8423#endif 8424 8425#define CcGetFileSizePointer(FO) ( \ 8426 ((PLARGE_INTEGER)((FO)->SectionObjectPointer->SharedCacheMap) + 1) \ 8427) 8428 8429#if (NTDDI_VERSION >= NTDDI_VISTA) 8430NTKERNELAPI 8431BOOLEAN 8432NTAPI 8433CcPurgeCacheSection( 8434 IN PSECTION_OBJECT_POINTERS SectionObjectPointer, 8435 IN PLARGE_INTEGER FileOffset OPTIONAL, 8436 IN ULONG Length, 8437 IN ULONG Flags); 8438#elif (NTDDI_VERSION >= NTDDI_WIN2K) 8439NTKERNELAPI 8440BOOLEAN 8441NTAPI 8442CcPurgeCacheSection( 8443 IN PSECTION_OBJECT_POINTERS SectionObjectPointer, 8444 IN PLARGE_INTEGER FileOffset OPTIONAL, 8445 IN ULONG Length, 8446 IN BOOLEAN UninitializeCacheMaps); 8447#endif 8448 8449#if (NTDDI_VERSION >= NTDDI_WIN7) 8450NTKERNELAPI 8451BOOLEAN 8452NTAPI 8453CcCopyWriteWontFlush( 8454 IN PFILE_OBJECT FileObject, 8455 IN PLARGE_INTEGER FileOffset, 8456 IN ULONG Length); 8457#else 8458#define CcCopyWriteWontFlush(FO, FOFF, LEN) ((LEN) <= 0x10000) 8459#endif 8460 8461#define CcReadAhead(FO, FOFF, LEN) ( \ 8462 if ((LEN) >= 256) { \ 8463 CcScheduleReadAhead((FO), (FOFF), (LEN)); \ 8464 } \ 8465) 8466 8467 8468/****************************************************************************** 8469 * ZwXxx Functions * 8470 ******************************************************************************/ 8471 8472NTSYSAPI 8473NTSTATUS 8474NTAPI 8475ZwQueryEaFile( 8476 IN HANDLE FileHandle, 8477 OUT PIO_STATUS_BLOCK IoStatusBlock, 8478 OUT PVOID Buffer, 8479 IN ULONG Length, 8480 IN BOOLEAN ReturnSingleEntry, 8481 IN PVOID EaList OPTIONAL, 8482 IN ULONG EaListLength, 8483 IN PULONG EaIndex OPTIONAL, 8484 IN BOOLEAN RestartScan); 8485 8486NTSYSAPI 8487NTSTATUS 8488NTAPI 8489ZwSetEaFile( 8490 IN HANDLE FileHandle, 8491 OUT PIO_STATUS_BLOCK IoStatusBlock, 8492 OUT PVOID Buffer, 8493 IN ULONG Length); 8494 8495NTSYSAPI 8496NTSTATUS 8497NTAPI 8498ZwDuplicateToken( 8499 IN HANDLE ExistingTokenHandle, 8500 IN ACCESS_MASK DesiredAccess, 8501 IN POBJECT_ATTRIBUTES ObjectAttributes, 8502 IN BOOLEAN EffectiveOnly, 8503 IN TOKEN_TYPE TokenType, 8504 OUT PHANDLE NewTokenHandle); 8505 8506#if (NTDDI_VERSION >= NTDDI_WIN2K) 8507 8508NTSYSAPI 8509NTSTATUS 8510NTAPI 8511ZwQueryObject( 8512 IN HANDLE Handle OPTIONAL, 8513 IN OBJECT_INFORMATION_CLASS ObjectInformationClass, 8514 OUT PVOID ObjectInformation OPTIONAL, 8515 IN ULONG ObjectInformationLength, 8516 OUT PULONG ReturnLength OPTIONAL); 8517 8518NTSYSAPI 8519NTSTATUS 8520NTAPI 8521ZwNotifyChangeKey( 8522 IN HANDLE KeyHandle, 8523 IN HANDLE EventHandle OPTIONAL, 8524 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL, 8525 IN PVOID ApcContext OPTIONAL, 8526 OUT PIO_STATUS_BLOCK IoStatusBlock, 8527 IN ULONG NotifyFilter, 8528 IN BOOLEAN WatchSubtree, 8529 OUT PVOID Buffer, 8530 IN ULONG BufferLength, 8531 IN BOOLEAN Asynchronous); 8532 8533NTSYSAPI 8534NTSTATUS 8535NTAPI 8536ZwCreateEvent( 8537 OUT PHANDLE EventHandle, 8538 IN ACCESS_MASK DesiredAccess, 8539 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, 8540 IN EVENT_TYPE EventType, 8541 IN BOOLEAN InitialState); 8542 8543NTSYSAPI 8544NTSTATUS 8545NTAPI 8546ZwDeleteFile( 8547 IN POBJECT_ATTRIBUTES ObjectAttributes); 8548 8549NTSYSAPI 8550NTSTATUS 8551NTAPI 8552ZwQueryDirectoryFile( 8553 IN HANDLE FileHandle, 8554 IN HANDLE Event OPTIONAL, 8555 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL, 8556 IN PVOID ApcContext OPTIONAL, 8557 OUT PIO_STATUS_BLOCK IoStatusBlock, 8558 OUT PVOID FileInformation, 8559 IN ULONG Length, 8560 IN FILE_INFORMATION_CLASS FileInformationClass, 8561 IN BOOLEAN ReturnSingleEntry, 8562 IN PUNICODE_STRING FileName OPTIONAL, 8563 IN BOOLEAN RestartScan); 8564 8565NTSYSAPI 8566NTSTATUS 8567NTAPI 8568ZwSetVolumeInformationFile( 8569 IN HANDLE FileHandle, 8570 OUT PIO_STATUS_BLOCK IoStatusBlock, 8571 IN PVOID FsInformation, 8572 IN ULONG Length, 8573 IN FS_INFORMATION_CLASS FsInformationClass); 8574 8575NTSYSAPI 8576NTSTATUS 8577NTAPI 8578ZwFsControlFile( 8579 IN HANDLE FileHandle, 8580 IN HANDLE Event OPTIONAL, 8581 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL, 8582 IN PVOID ApcContext OPTIONAL, 8583 OUT PIO_STATUS_BLOCK IoStatusBlock, 8584 IN ULONG FsControlCode, 8585 IN PVOID InputBuffer OPTIONAL, 8586 IN ULONG InputBufferLength, 8587 OUT PVOID OutputBuffer OPTIONAL, 8588 IN ULONG OutputBufferLength); 8589 8590NTSYSAPI 8591NTSTATUS 8592NTAPI 8593ZwDuplicateObject( 8594 IN HANDLE SourceProcessHandle, 8595 IN HANDLE SourceHandle, 8596 IN HANDLE TargetProcessHandle OPTIONAL, 8597 OUT PHANDLE TargetHandle OPTIONAL, 8598 IN ACCESS_MASK DesiredAccess, 8599 IN ULONG HandleAttributes, 8600 IN ULONG Options); 8601 8602NTSYSAPI 8603NTSTATUS 8604NTAPI 8605ZwOpenDirectoryObject( 8606 OUT PHANDLE DirectoryHandle, 8607 IN ACCESS_MASK DesiredAccess, 8608 IN POBJECT_ATTRIBUTES ObjectAttributes); 8609 8610NTSYSAPI 8611NTSTATUS 8612NTAPI 8613ZwAllocateVirtualMemory( 8614 IN HANDLE ProcessHandle, 8615 IN OUT PVOID *BaseAddress, 8616 IN ULONG_PTR ZeroBits, 8617 IN OUT PSIZE_T RegionSize, 8618 IN ULONG AllocationType, 8619 IN ULONG Protect); 8620 8621NTSYSAPI 8622NTSTATUS 8623NTAPI 8624ZwFreeVirtualMemory( 8625 IN HANDLE ProcessHandle, 8626 IN OUT PVOID *BaseAddress, 8627 IN OUT PSIZE_T RegionSize, 8628 IN ULONG FreeType); 8629 8630NTSYSAPI 8631NTSTATUS 8632NTAPI 8633ZwWaitForSingleObject( 8634 IN HANDLE Handle, 8635 IN BOOLEAN Alertable, 8636 IN PLARGE_INTEGER Timeout OPTIONAL); 8637 8638NTSYSAPI 8639NTSTATUS 8640NTAPI 8641ZwSetEvent( 8642 IN HANDLE EventHandle, 8643 OUT PLONG PreviousState OPTIONAL); 8644 8645NTSYSAPI 8646NTSTATUS 8647NTAPI 8648ZwFlushVirtualMemory( 8649 IN HANDLE ProcessHandle, 8650 IN OUT PVOID *BaseAddress, 8651 IN OUT PSIZE_T RegionSize, 8652 OUT PIO_STATUS_BLOCK IoStatusBlock); 8653 8654NTSYSAPI 8655NTSTATUS 8656NTAPI 8657ZwQueryInformationToken( 8658 IN HANDLE TokenHandle, 8659 IN TOKEN_INFORMATION_CLASS TokenInformationClass, 8660 OUT PVOID TokenInformation, 8661 IN ULONG Length, 8662 OUT PULONG ResultLength); 8663 8664NTSYSAPI 8665NTSTATUS 8666NTAPI 8667ZwSetSecurityObject( 8668 IN HANDLE Handle, 8669 IN SECURITY_INFORMATION SecurityInformation, 8670 IN PSECURITY_DESCRIPTOR SecurityDescriptor); 8671 8672NTSYSAPI 8673NTSTATUS 8674NTAPI 8675ZwQuerySecurityObject( 8676 IN HANDLE FileHandle, 8677 IN SECURITY_INFORMATION SecurityInformation, 8678 OUT PSECURITY_DESCRIPTOR SecurityDescriptor, 8679 IN ULONG Length, 8680 OUT PULONG ResultLength); 8681#endif /* (NTDDI_VERSION >= NTDDI_WIN2K) */ 8682 8683#if (NTDDI_VERSION >= NTDDI_WINXP) 8684 8685NTSYSAPI 8686NTSTATUS 8687NTAPI 8688ZwOpenProcessTokenEx( 8689 IN HANDLE ProcessHandle, 8690 IN ACCESS_MASK DesiredAccess, 8691 IN ULONG HandleAttributes, 8692 OUT PHANDLE TokenHandle); 8693 8694NTSYSAPI 8695NTSTATUS 8696NTAPI 8697ZwOpenThreadTokenEx( 8698 IN HANDLE ThreadHandle, 8699 IN ACCESS_MASK DesiredAccess, 8700 IN BOOLEAN OpenAsSelf, 8701 IN ULONG HandleAttributes, 8702 OUT PHANDLE TokenHandle); 8703 8704#endif /* (NTDDI_VERSION >= NTDDI_WINXP) */ 8705 8706#if (NTDDI_VERSION >= NTDDI_VISTA) 8707 8708NTSYSAPI 8709NTSTATUS 8710NTAPI 8711ZwLockFile( 8712 IN HANDLE FileHandle, 8713 IN HANDLE Event OPTIONAL, 8714 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL, 8715 IN PVOID ApcContext OPTIONAL, 8716 OUT PIO_STATUS_BLOCK IoStatusBlock, 8717 IN PLARGE_INTEGER ByteOffset, 8718 IN PLARGE_INTEGER Length, 8719 IN ULONG Key, 8720 IN BOOLEAN FailImmediately, 8721 IN BOOLEAN ExclusiveLock); 8722 8723NTSYSAPI 8724NTSTATUS 8725NTAPI 8726ZwUnlockFile( 8727 IN HANDLE FileHandle, 8728 OUT PIO_STATUS_BLOCK IoStatusBlock, 8729 IN PLARGE_INTEGER ByteOffset, 8730 IN PLARGE_INTEGER Length, 8731 IN ULONG Key); 8732 8733NTSYSAPI 8734NTSTATUS 8735NTAPI 8736ZwQueryQuotaInformationFile( 8737 IN HANDLE FileHandle, 8738 OUT PIO_STATUS_BLOCK IoStatusBlock, 8739 OUT PVOID Buffer, 8740 IN ULONG Length, 8741 IN BOOLEAN ReturnSingleEntry, 8742 IN PVOID SidList, 8743 IN ULONG SidListLength, 8744 IN PSID StartSid OPTIONAL, 8745 IN BOOLEAN RestartScan); 8746 8747NTSYSAPI 8748NTSTATUS 8749NTAPI 8750ZwSetQuotaInformationFile( 8751 IN HANDLE FileHandle, 8752 OUT PIO_STATUS_BLOCK IoStatusBlock, 8753 IN PVOID Buffer, 8754 IN ULONG Length); 8755 8756NTSYSAPI 8757NTSTATUS 8758NTAPI 8759ZwFlushBuffersFile( 8760 IN HANDLE FileHandle, 8761 OUT PIO_STATUS_BLOCK IoStatusBlock); 8762#endif /* (NTDDI_VERSION >= NTDDI_VISTA) */ 8763 8764#if (NTDDI_VERSION >= NTDDI_WIN7) 8765 8766NTSYSAPI 8767NTSTATUS 8768NTAPI 8769ZwSetInformationToken( 8770 IN HANDLE TokenHandle, 8771 IN TOKEN_INFORMATION_CLASS TokenInformationClass, 8772 IN PVOID TokenInformation, 8773 IN ULONG TokenInformationLength); 8774#endif /* (NTDDI_VERSION >= NTDDI_WIN7) */ 8775 8776 8777/* #if !defined(_X86AMD64_) FIXME : WHAT ?! */ 8778#if defined(_WIN64) 8779 8780C_ASSERT(sizeof(ERESOURCE) == 0x68); 8781C_ASSERT(FIELD_OFFSET(ERESOURCE,ActiveCount) == 0x18); 8782C_ASSERT(FIELD_OFFSET(ERESOURCE,Flag) == 0x1a); 8783 8784#else 8785 8786C_ASSERT(sizeof(ERESOURCE) == 0x38); 8787C_ASSERT(FIELD_OFFSET(ERESOURCE,ActiveCount) == 0x0c); 8788C_ASSERT(FIELD_OFFSET(ERESOURCE,Flag) == 0x0e); 8789 8790#endif 8791/* #endif */ 8792 8793#if defined(_IA64_) 8794#if (NTDDI_VERSION >= NTDDI_WIN2K) 8795//DECLSPEC_DEPRECATED_DDK 8796NTHALAPI 8797ULONG 8798NTAPI 8799HalGetDmaAlignmentRequirement( 8800 VOID); 8801#endif 8802#endif 8803 8804#if defined(_M_IX86) || defined(_M_AMD64) 8805#define HalGetDmaAlignmentRequirement() 1L 8806#endif 8807 8808extern NTKERNELAPI PUSHORT NlsOemLeadByteInfo; 8809#define NLS_OEM_LEAD_BYTE_INFO NlsOemLeadByteInfo 8810 8811#ifdef NLS_MB_CODE_PAGE_TAG 8812#undef NLS_MB_CODE_PAGE_TAG 8813#endif 8814#define NLS_MB_CODE_PAGE_TAG NlsMbOemCodePageTag 8815 8816#if (NTDDI_VERSION >= NTDDI_VISTA) 8817 8818typedef enum _NETWORK_OPEN_LOCATION_QUALIFIER { 8819 NetworkOpenLocationAny, 8820 NetworkOpenLocationRemote, 8821 NetworkOpenLocationLoopback 8822} NETWORK_OPEN_LOCATION_QUALIFIER; 8823 8824typedef enum _NETWORK_OPEN_INTEGRITY_QUALIFIER { 8825 NetworkOpenIntegrityAny, 8826 NetworkOpenIntegrityNone, 8827 NetworkOpenIntegritySigned, 8828 NetworkOpenIntegrityEncrypted, 8829 NetworkOpenIntegrityMaximum 8830} NETWORK_OPEN_INTEGRITY_QUALIFIER; 8831 8832#if (NTDDI_VERSION >= NTDDI_WIN7) 8833 8834#define NETWORK_OPEN_ECP_IN_FLAG_DISABLE_HANDLE_COLLAPSING 0x1 8835#define NETWORK_OPEN_ECP_IN_FLAG_DISABLE_HANDLE_DURABILITY 0x2 8836#define NETWORK_OPEN_ECP_IN_FLAG_FORCE_BUFFERED_SYNCHRONOUS_IO_HACK 0x80000000 8837 8838typedef struct _NETWORK_OPEN_ECP_CONTEXT { 8839 USHORT Size; 8840 USHORT Reserved; 8841 _ANONYMOUS_STRUCT struct { 8842 struct { 8843 NETWORK_OPEN_LOCATION_QUALIFIER Location; 8844 NETWORK_OPEN_INTEGRITY_QUALIFIER Integrity; 8845 ULONG Flags; 8846 } in; 8847 struct { 8848 NETWORK_OPEN_LOCATION_QUALIFIER Location; 8849 NETWORK_OPEN_INTEGRITY_QUALIFIER Integrity; 8850 ULONG Flags; 8851 } out; 8852 } DUMMYSTRUCTNAME; 8853} NETWORK_OPEN_ECP_CONTEXT, *PNETWORK_OPEN_ECP_CONTEXT; 8854 8855typedef struct _NETWORK_OPEN_ECP_CONTEXT_V0 { 8856 USHORT Size; 8857 USHORT Reserved; 8858 _ANONYMOUS_STRUCT struct { 8859 struct { 8860 NETWORK_OPEN_LOCATION_QUALIFIER Location; 8861 NETWORK_OPEN_INTEGRITY_QUALIFIER Integrity; 8862 } in; 8863 struct { 8864 NETWORK_OPEN_LOCATION_QUALIFIER Location; 8865 NETWORK_OPEN_INTEGRITY_QUALIFIER Integrity; 8866 } out; 8867 } DUMMYSTRUCTNAME; 8868} NETWORK_OPEN_ECP_CONTEXT_V0, *PNETWORK_OPEN_ECP_CONTEXT_V0; 8869 8870#elif (NTDDI_VERSION >= NTDDI_VISTA) 8871typedef struct _NETWORK_OPEN_ECP_CONTEXT { 8872 USHORT Size; 8873 USHORT Reserved; 8874 _ANONYMOUS_STRUCT struct { 8875 struct { 8876 NETWORK_OPEN_LOCATION_QUALIFIER Location; 8877 NETWORK_OPEN_INTEGRITY_QUALIFIER Integrity; 8878 } in; 8879 struct { 8880 NETWORK_OPEN_LOCATION_QUALIFIER Location; 8881 NETWORK_OPEN_INTEGRITY_QUALIFIER Integrity; 8882 } out; 8883 } DUMMYSTRUCTNAME; 8884} NETWORK_OPEN_ECP_CONTEXT, *PNETWORK_OPEN_ECP_CONTEXT; 8885#endif 8886 8887DEFINE_GUID(GUID_ECP_NETWORK_OPEN_CONTEXT, 0xc584edbf, 0x00df, 0x4d28, 0xb8, 0x84, 0x35, 0xba, 0xca, 0x89, 0x11, 0xe8); 8888 8889#endif /* (NTDDI_VERSION >= NTDDI_VISTA) */ 8890 8891 8892#if (NTDDI_VERSION >= NTDDI_VISTA) 8893 8894typedef struct _PREFETCH_OPEN_ECP_CONTEXT { 8895 PVOID Context; 8896} PREFETCH_OPEN_ECP_CONTEXT, *PPREFETCH_OPEN_ECP_CONTEXT; 8897 8898DEFINE_GUID(GUID_ECP_PREFETCH_OPEN, 0xe1777b21, 0x847e, 0x4837, 0xaa, 0x45, 0x64, 0x16, 0x1d, 0x28, 0x6, 0x55); 8899 8900#endif /* (NTDDI_VERSION >= NTDDI_VISTA) */ 8901 8902#if (NTDDI_VERSION >= NTDDI_WIN7) 8903 8904DEFINE_GUID (GUID_ECP_NFS_OPEN, 0xf326d30c, 0xe5f8, 0x4fe7, 0xab, 0x74, 0xf5, 0xa3, 0x19, 0x6d, 0x92, 0xdb); 8905DEFINE_GUID (GUID_ECP_SRV_OPEN, 0xbebfaebc, 0xaabf, 0x489d, 0x9d, 0x2c, 0xe9, 0xe3, 0x61, 0x10, 0x28, 0x53); 8906 8907typedef struct sockaddr_storage *PSOCKADDR_STORAGE_NFS; 8908 8909typedef struct _NFS_OPEN_ECP_CONTEXT { 8910 PUNICODE_STRING ExportAlias; 8911 PSOCKADDR_STORAGE_NFS ClientSocketAddress; 8912} NFS_OPEN_ECP_CONTEXT, *PNFS_OPEN_ECP_CONTEXT, **PPNFS_OPEN_ECP_CONTEXT; 8913 8914typedef struct _SRV_OPEN_ECP_CONTEXT { 8915 PUNICODE_STRING ShareName; 8916 PSOCKADDR_STORAGE_NFS SocketAddress; 8917 BOOLEAN OplockBlockState; 8918 BOOLEAN OplockAppState; 8919 BOOLEAN OplockFinalState; 8920} SRV_OPEN_ECP_CONTEXT, *PSRV_OPEN_ECP_CONTEXT; 8921 8922#endif /* (NTDDI_VERSION >= NTDDI_WIN7) */ 8923 8924#define PIN_WAIT (1) 8925#define PIN_EXCLUSIVE (2) 8926#define PIN_NO_READ (4) 8927#define PIN_IF_BCB (8) 8928#define PIN_CALLER_TRACKS_DIRTY_DATA (32) 8929#define PIN_HIGH_PRIORITY (64) 8930 8931#define MAP_WAIT 1 8932#define MAP_NO_READ (16) 8933#define MAP_HIGH_PRIORITY (64) 8934 8935#define IOCTL_REDIR_QUERY_PATH CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 99, METHOD_NEITHER, FILE_ANY_ACCESS) 8936#define IOCTL_REDIR_QUERY_PATH_EX CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 100, METHOD_NEITHER, FILE_ANY_ACCESS) 8937 8938typedef struct _QUERY_PATH_REQUEST { 8939 ULONG PathNameLength; 8940 PIO_SECURITY_CONTEXT SecurityContext; 8941 WCHAR FilePathName[1]; 8942} QUERY_PATH_REQUEST, *PQUERY_PATH_REQUEST; 8943 8944typedef struct _QUERY_PATH_REQUEST_EX { 8945 PIO_SECURITY_CONTEXT pSecurityContext; 8946 ULONG EaLength; 8947 PVOID pEaBuffer; 8948 UNICODE_STRING PathName; 8949 UNICODE_STRING DomainServiceName; 8950 ULONG_PTR Reserved[ 3 ]; 8951} QUERY_PATH_REQUEST_EX, *PQUERY_PATH_REQUEST_EX; 8952 8953typedef struct _QUERY_PATH_RESPONSE { 8954 ULONG LengthAccepted; 8955} QUERY_PATH_RESPONSE, *PQUERY_PATH_RESPONSE; 8956 8957#define VOLSNAPCONTROLTYPE 0x00000053 8958#define IOCTL_VOLSNAP_FLUSH_AND_HOLD_WRITES CTL_CODE(VOLSNAPCONTROLTYPE, 0, METHOD_BUFFERED, FILE_READ_ACCESS | FILE_WRITE_ACCESS) 8959 8960/* FIXME : These definitions below don't belong here (or anywhere in ddk really) */ 8961#pragma pack(push,4) 8962 8963#ifndef VER_PRODUCTBUILD 8964#define VER_PRODUCTBUILD 10000 8965#endif 8966 8967#include "csq.h" 8968 8969extern PACL SePublicDefaultDacl; 8970extern PACL SeSystemDefaultDacl; 8971 8972#define FS_LFN_APIS 0x00004000 8973 8974#define FILE_STORAGE_TYPE_SPECIFIED 0x00000041 /* FILE_DIRECTORY_FILE | FILE_NON_DIRECTORY_FILE */ 8975#define FILE_STORAGE_TYPE_DEFAULT (StorageTypeDefault << FILE_STORAGE_TYPE_SHIFT) 8976#define FILE_STORAGE_TYPE_DIRECTORY (StorageTypeDirectory << FILE_STORAGE_TYPE_SHIFT) 8977#define FILE_STORAGE_TYPE_FILE (StorageTypeFile << FILE_STORAGE_TYPE_SHIFT) 8978#define FILE_STORAGE_TYPE_DOCFILE (StorageTypeDocfile << FILE_STORAGE_TYPE_SHIFT) 8979#define FILE_STORAGE_TYPE_JUNCTION_POINT (StorageTypeJunctionPoint << FILE_STORAGE_TYPE_SHIFT) 8980#define FILE_STORAGE_TYPE_CATALOG (StorageTypeCatalog << FILE_STORAGE_TYPE_SHIFT) 8981#define FILE_STORAGE_TYPE_STRUCTURED_STORAGE (StorageTypeStructuredStorage << FILE_STORAGE_TYPE_SHIFT) 8982#define FILE_STORAGE_TYPE_EMBEDDING (StorageTypeEmbedding << FILE_STORAGE_TYPE_SHIFT) 8983#define FILE_STORAGE_TYPE_STREAM (StorageTypeStream << FILE_STORAGE_TYPE_SHIFT) 8984#define FILE_MINIMUM_STORAGE_TYPE FILE_STORAGE_TYPE_DEFAULT 8985#define FILE_MAXIMUM_STORAGE_TYPE FILE_STORAGE_TYPE_STREAM 8986#define FILE_STORAGE_TYPE_MASK 0x000f0000 8987#define FILE_STORAGE_TYPE_SHIFT 16 8988 8989#define FILE_VC_QUOTAS_LOG_VIOLATIONS 0x00000004 8990 8991#ifdef _X86_ 8992#define HARDWARE_PTE HARDWARE_PTE_X86 8993#define PHARDWARE_PTE PHARDWARE_PTE_X86 8994#endif 8995 8996#define IO_ATTACH_DEVICE_API 0x80000000 8997 8998#define IO_TYPE_APC 18 8999#define IO_TYPE_DPC 19 9000#define IO_TYPE_DEVICE_QUEUE 20 9001#define IO_TYPE_EVENT_PAIR 21 9002#define IO_TYPE_INTERRUPT 22 9003#define IO_TYPE_PROFILE 23 9004 9005#define IRP_BEING_VERIFIED 0x10 9006 9007#define MAILSLOT_CLASS_FIRSTCLASS 1 9008#define MAILSLOT_CLASS_SECONDCLASS 2 9009 9010#define MAILSLOT_SIZE_AUTO 0 9011 9012#define MEM_DOS_LIM 0x40000000 9013 9014#define OB_TYPE_TYPE 1 9015#define OB_TYPE_DIRECTORY 2 9016#define OB_TYPE_SYMBOLIC_LINK 3 9017#define OB_TYPE_TOKEN 4 9018#define OB_TYPE_PROCESS 5 9019#define OB_TYPE_THREAD 6 9020#define OB_TYPE_EVENT 7 9021#define OB_TYPE_EVENT_PAIR 8 9022#define OB_TYPE_MUTANT 9 9023#define OB_TYPE_SEMAPHORE 10 9024#define OB_TYPE_TIMER 11 9025#define OB_TYPE_PROFILE 12 9026#define OB_TYPE_WINDOW_STATION 13 9027#define OB_TYPE_DESKTOP 14 9028#define OB_TYPE_SECTION 15 9029#define OB_TYPE_KEY 16 9030#define OB_TYPE_PORT 17 9031#define OB_TYPE_ADAPTER 18 9032#define OB_TYPE_CONTROLLER 19 9033#define OB_TYPE_DEVICE 20 9034#define OB_TYPE_DRIVER 21 9035#define OB_TYPE_IO_COMPLETION 22 9036#define OB_TYPE_FILE 23 9037 9038#define SEC_BASED 0x00200000 9039 9040/* end winnt.h */ 9041 9042#define TOKEN_HAS_ADMIN_GROUP 0x08 9043 9044#if (VER_PRODUCTBUILD >= 1381) 9045#define FSCTL_GET_HFS_INFORMATION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 31, METHOD_BUFFERED, FILE_ANY_ACCESS) 9046#endif /* (VER_PRODUCTBUILD >= 1381) */ 9047 9048#if (VER_PRODUCTBUILD >= 2195) 9049 9050#define FSCTL_READ_PROPERTY_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 33, METHOD_NEITHER, FILE_ANY_ACCESS) 9051#define FSCTL_WRITE_PROPERTY_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 34, METHOD_NEITHER, FILE_ANY_ACCESS) 9052 9053#define FSCTL_DUMP_PROPERTY_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 37, METHOD_NEITHER, FILE_ANY_ACCESS) 9054 9055#define FSCTL_HSM_MSG CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 66, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA) 9056#define FSCTL_NSS_CONTROL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 67, METHOD_BUFFERED, FILE_WRITE_DATA) 9057#define FSCTL_HSM_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 68, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA) 9058#define FSCTL_NSS_RCONTROL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 70, METHOD_BUFFERED, FILE_READ_DATA) 9059#endif /* (VER_PRODUCTBUILD >= 2195) */ 9060 9061#define FSCTL_NETWORK_SET_CONFIGURATION_INFO CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 102, METHOD_IN_DIRECT, FILE_ANY_ACCESS) 9062#define FSCTL_NETWORK_GET_CONFIGURATION_INFO CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 103, METHOD_OUT_DIRECT, FILE_ANY_ACCESS) 9063#define FSCTL_NETWORK_GET_CONNECTION_INFO CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 104, METHOD_NEITHER, FILE_ANY_ACCESS) 9064#define FSCTL_NETWORK_ENUMERATE_CONNECTIONS CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 105, METHOD_NEITHER, FILE_ANY_ACCESS) 9065#define FSCTL_NETWORK_DELETE_CONNECTION CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 107, METHOD_BUFFERED, FILE_ANY_ACCESS) 9066#define FSCTL_NETWORK_GET_STATISTICS CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 116, METHOD_BUFFERED, FILE_ANY_ACCESS) 9067#define FSCTL_NETWORK_SET_DOMAIN_NAME CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 120, METHOD_BUFFERED, FILE_ANY_ACCESS) 9068#define FSCTL_NETWORK_REMOTE_BOOT_INIT_SCRT CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 250, METHOD_BUFFERED, FILE_ANY_ACCESS) 9069 9070typedef enum _FILE_STORAGE_TYPE { 9071 StorageTypeDefault = 1, 9072 StorageTypeDirectory, 9073 StorageTypeFile, 9074 StorageTypeJunctionPoint, 9075 StorageTypeCatalog, 9076 StorageTypeStructuredStorage, 9077 StorageTypeEmbedding, 9078 StorageTypeStream 9079} FILE_STORAGE_TYPE; 9080 9081typedef struct _OBJECT_BASIC_INFORMATION 9082{ 9083 ULONG Attributes; 9084 ACCESS_MASK GrantedAccess; 9085 ULONG HandleCount; 9086 ULONG PointerCount; 9087 ULONG PagedPoolCharge; 9088 ULONG NonPagedPoolCharge; 9089 ULONG Reserved[ 3 ]; 9090 ULONG NameInfoSize; 9091 ULONG TypeInfoSize; 9092 ULONG SecurityDescriptorSize; 9093 LARGE_INTEGER CreationTime; 9094} OBJECT_BASIC_INFORMATION, *POBJECT_BASIC_INFORMATION; 9095 9096typedef struct _BITMAP_RANGE { 9097 LIST_ENTRY Links; 9098 LONGLONG BasePage; 9099 ULONG FirstDirtyPage; 9100 ULONG LastDirtyPage; 9101 ULONG DirtyPages; 9102 PULONG Bitmap; 9103} BITMAP_RANGE, *PBITMAP_RANGE; 9104 9105typedef struct _FILE_COPY_ON_WRITE_INFORMATION { 9106 BOOLEAN ReplaceIfExists; 9107 HANDLE RootDirectory; 9108 ULONG FileNameLength; 9109 WCHAR FileName[1]; 9110} FILE_COPY_ON_WRITE_INFORMATION, *PFILE_COPY_ON_WRITE_INFORMATION; 9111 9112typedef struct _FILE_FULL_DIRECTORY_INFORMATION { 9113 ULONG NextEntryOffset; 9114 ULONG FileIndex; 9115 LARGE_INTEGER CreationTime; 9116 LARGE_INTEGER LastAccessTime; 9117 LARGE_INTEGER LastWriteTime; 9118 LARGE_INTEGER ChangeTime; 9119 LARGE_INTEGER EndOfFile; 9120 LARGE_INTEGER AllocationSize; 9121 ULONG FileAttributes; 9122 ULONG FileNameLength; 9123 ULONG EaSize; 9124 WCHAR FileName[ANYSIZE_ARRAY]; 9125} FILE_FULL_DIRECTORY_INFORMATION, *PFILE_FULL_DIRECTORY_INFORMATION; 9126 9127/* raw internal file lock struct returned from FsRtlGetNextFileLock */ 9128typedef struct _FILE_SHARED_LOCK_ENTRY { 9129 PVOID Unknown1; 9130 PVOID Unknown2; 9131 FILE_LOCK_INFO FileLock; 9132} FILE_SHARED_LOCK_ENTRY, *PFILE_SHARED_LOCK_ENTRY; 9133 9134/* raw internal file lock struct returned from FsRtlGetNextFileLock */ 9135typedef struct _FILE_EXCLUSIVE_LOCK_ENTRY { 9136 LIST_ENTRY ListEntry; 9137 PVOID Unknown1; 9138 PVOID Unknown2; 9139 FILE_LOCK_INFO FileLock; 9140} FILE_EXCLUSIVE_LOCK_ENTRY, *PFILE_EXCLUSIVE_LOCK_ENTRY; 9141 9142typedef struct _FILE_MAILSLOT_PEEK_BUFFER { 9143 ULONG ReadDataAvailable; 9144 ULONG NumberOfMessages; 9145 ULONG MessageLength; 9146} FILE_MAILSLOT_PEEK_BUFFER, *PFILE_MAILSLOT_PEEK_BUFFER; 9147 9148typedef struct _FILE_OLE_CLASSID_INFORMATION { 9149 GUID ClassId; 9150} FILE_OLE_CLASSID_INFORMATION, *PFILE_OLE_CLASSID_INFORMATION; 9151 9152typedef struct _FILE_OLE_ALL_INFORMATION { 9153 FILE_BASIC_INFORMATION BasicInformation; 9154 FILE_STANDARD_INFORMATION StandardInformation; 9155 FILE_INTERNAL_INFORMATION InternalInformation; 9156 FILE_EA_INFORMATION EaInformation; 9157 FILE_ACCESS_INFORMATION AccessInformation; 9158 FILE_POSITION_INFORMATION PositionInformation; 9159 FILE_MODE_INFORMATION ModeInformation; 9160 FILE_ALIGNMENT_INFORMATION AlignmentInformation; 9161 USN LastChangeUsn; 9162 USN ReplicationUsn; 9163 LARGE_INTEGER SecurityChangeTime; 9164 FILE_OLE_CLASSID_INFORMATION OleClassIdInformation; 9165 FILE_OBJECTID_INFORMATION ObjectIdInformation; 9166 FILE_STORAGE_TYPE StorageType; 9167 ULONG OleStateBits; 9168 ULONG OleId; 9169 ULONG NumberOfStreamReferences; 9170 ULONG StreamIndex; 9171 ULONG SecurityId; 9172 BOOLEAN ContentIndexDisable; 9173 BOOLEAN InheritContentIndexDisable; 9174 FILE_NAME_INFORMATION NameInformation; 9175} FILE_OLE_ALL_INFORMATION, *PFILE_OLE_ALL_INFORMATION; 9176 9177typedef struct _FILE_OLE_DIR_INFORMATION { 9178 ULONG NextEntryOffset; 9179 ULONG FileIndex; 9180 LARGE_INTEGER CreationTime; 9181 LARGE_INTEGER LastAccessTime; 9182 LARGE_INTEGER LastWriteTime; 9183 LARGE_INTEGER ChangeTime; 9184 LARGE_INTEGER EndOfFile; 9185 LARGE_INTEGER AllocationSize; 9186 ULONG FileAttributes; 9187 ULONG FileNameLength; 9188 FILE_STORAGE_TYPE StorageType; 9189 GUID OleClassId; 9190 ULONG OleStateBits; 9191 BOOLEAN ContentIndexDisable; 9192 BOOLEAN InheritContentIndexDisable; 9193 WCHAR FileName[1]; 9194} FILE_OLE_DIR_INFORMATION, *PFILE_OLE_DIR_INFORMATION; 9195 9196typedef struct _FILE_OLE_INFORMATION { 9197 LARGE_INTEGER SecurityChangeTime; 9198 FILE_OLE_CLASSID_INFORMATION OleClassIdInformation; 9199 FILE_OBJECTID_INFORMATION ObjectIdInformation; 9200 FILE_STORAGE_TYPE StorageType; 9201 ULONG OleStateBits; 9202 BOOLEAN ContentIndexDisable; 9203 BOOLEAN InheritContentIndexDisable; 9204} FILE_OLE_INFORMATION, *PFILE_OLE_INFORMATION; 9205 9206typedef struct _FILE_OLE_STATE_BITS_INFORMATION { 9207 ULONG StateBits; 9208 ULONG StateBitsMask; 9209} FILE_OLE_STATE_BITS_INFORMATION, *PFILE_OLE_STATE_BITS_INFORMATION; 9210 9211typedef struct _MAPPING_PAIR { 9212 ULONGLONG Vcn; 9213 ULONGLONG Lcn; 9214} MAPPING_PAIR, *PMAPPING_PAIR; 9215 9216typedef struct _GET_RETRIEVAL_DESCRIPTOR { 9217 ULONG NumberOfPairs; 9218 ULONGLONG StartVcn; 9219 MAPPING_PAIR Pair[1]; 9220} GET_RETRIEVAL_DESCRIPTOR, *PGET_RETRIEVAL_DESCRIPTOR; 9221 9222typedef struct _MBCB { 9223 CSHORT NodeTypeCode; 9224 CSHORT NodeIsInZone; 9225 ULONG PagesToWrite; 9226 ULONG DirtyPages; 9227 ULONG Reserved; 9228 LIST_ENTRY BitmapRanges; 9229 LONGLONG ResumeWritePage; 9230 BITMAP_RANGE BitmapRange1; 9231 BITMAP_RANGE BitmapRange2; 9232 BITMAP_RANGE BitmapRange3; 9233} MBCB, *PMBCB; 9234 9235typedef struct _MOVEFILE_DESCRIPTOR { 9236 HANDLE FileHandle; 9237 ULONG Reserved; 9238 LARGE_INTEGER StartVcn; 9239 LARGE_INTEGER TargetLcn; 9240 ULONG NumVcns; 9241 ULONG Reserved1; 9242} MOVEFILE_DESCRIPTOR, *PMOVEFILE_DESCRIPTOR; 9243 9244typedef struct _OBJECT_BASIC_INFO { 9245 ULONG Attributes; 9246 ACCESS_MASK GrantedAccess; 9247 ULONG HandleCount; 9248 ULONG ReferenceCount; 9249 ULONG PagedPoolUsage; 9250 ULONG NonPagedPoolUsage; 9251 ULONG Reserved[3]; 9252 ULONG NameInformationLength; 9253 ULONG TypeInformationLength; 9254 ULONG SecurityDescriptorLength; 9255 LARGE_INTEGER CreateTime; 9256} OBJECT_BASIC_INFO, *POBJECT_BASIC_INFO; 9257 9258typedef struct _OBJECT_HANDLE_ATTRIBUTE_INFO { 9259 BOOLEAN Inherit; 9260 BOOLEAN ProtectFromClose; 9261} OBJECT_HANDLE_ATTRIBUTE_INFO, *POBJECT_HANDLE_ATTRIBUTE_INFO; 9262 9263typedef struct _OBJECT_NAME_INFO { 9264 UNICODE_STRING ObjectName; 9265 WCHAR ObjectNameBuffer[1]; 9266} OBJECT_NAME_INFO, *POBJECT_NAME_INFO; 9267 9268typedef struct _OBJECT_PROTECTION_INFO { 9269 BOOLEAN Inherit; 9270 BOOLEAN ProtectHandle; 9271} OBJECT_PROTECTION_INFO, *POBJECT_PROTECTION_INFO; 9272 9273typedef struct _OBJECT_TYPE_INFO { 9274 UNICODE_STRING ObjectTypeName; 9275 UCHAR Unknown[0x58]; 9276 WCHAR ObjectTypeNameBuffer[1]; 9277} OBJECT_TYPE_INFO, *POBJECT_TYPE_INFO; 9278 9279typedef struct _OBJECT_ALL_TYPES_INFO { 9280 ULONG NumberOfObjectTypes; 9281 OBJECT_TYPE_INFO ObjectsTypeInfo[1]; 9282} OBJECT_ALL_TYPES_INFO, *POBJECT_ALL_TYPES_INFO; 9283 9284#if defined(USE_LPC6432) 9285#define LPC_CLIENT_ID CLIENT_ID64 9286#define LPC_SIZE_T ULONGLONG 9287#define LPC_PVOID ULONGLONG 9288#define LPC_HANDLE ULONGLONG 9289#else 9290#define LPC_CLIENT_ID CLIENT_ID 9291#define LPC_SIZE_T SIZE_T 9292#define LPC_PVOID PVOID 9293#define LPC_HANDLE HANDLE 9294#endif 9295 9296typedef struct _PORT_MESSAGE 9297{ 9298 union 9299 { 9300 struct 9301 { 9302 CSHORT DataLength; 9303 CSHORT TotalLength; 9304 } s1; 9305 ULONG Length; 9306 } u1; 9307 union 9308 { 9309 struct 9310 { 9311 CSHORT Type; 9312 CSHORT DataInfoOffset; 9313 } s2; 9314 ULONG ZeroInit; 9315 } u2; 9316 __GNU_EXTENSION union 9317 { 9318 LPC_CLIENT_ID ClientId; 9319 double DoNotUseThisField; 9320 }; 9321 ULONG MessageId; 9322 __GNU_EXTENSION union 9323 { 9324 LPC_SIZE_T ClientViewSize; 9325 ULONG CallbackId; 9326 }; 9327} PORT_MESSAGE, *PPORT_MESSAGE; 9328 9329#define LPC_KERNELMODE_MESSAGE (CSHORT)((USHORT)0x8000) 9330 9331typedef struct _PORT_VIEW 9332{ 9333 ULONG Length; 9334 LPC_HANDLE SectionHandle; 9335 ULONG SectionOffset; 9336 LPC_SIZE_T ViewSize; 9337 LPC_PVOID ViewBase; 9338 LPC_PVOID ViewRemoteBase; 9339} PORT_VIEW, *PPORT_VIEW; 9340 9341typedef struct _REMOTE_PORT_VIEW 9342{ 9343 ULONG Length; 9344 LPC_SIZE_T ViewSize; 9345 LPC_PVOID ViewBase; 9346} REMOTE_PORT_VIEW, *PREMOTE_PORT_VIEW; 9347 9348typedef struct _VAD_HEADER { 9349 PVOID StartVPN; 9350 PVOID EndVPN; 9351 struct _VAD_HEADER* ParentLink; 9352 struct _VAD_HEADER* LeftLink; 9353 struct _VAD_HEADER* RightLink; 9354 ULONG Flags; /* LSB = CommitCharge */ 9355 PVOID ControlArea; 9356 PVOID FirstProtoPte; 9357 PVOID LastPTE; 9358 ULONG Unknown; 9359 LIST_ENTRY Secured; 9360} VAD_HEADER, *PVAD_HEADER; 9361 9362NTKERNELAPI 9363LARGE_INTEGER 9364NTAPI 9365CcGetLsnForFileObject ( 9366 IN PFILE_OBJECT FileObject, 9367 OUT PLARGE_INTEGER OldestLsn OPTIONAL 9368); 9369 9370NTKERNELAPI 9371PVOID 9372NTAPI 9373FsRtlAllocatePool ( 9374 IN POOL_TYPE PoolType, 9375 IN ULONG NumberOfBytes 9376); 9377 9378NTKERNELAPI 9379PVOID 9380NTAPI 9381FsRtlAllocatePoolWithQuota ( 9382 IN POOL_TYPE PoolType, 9383 IN ULONG NumberOfBytes 9384); 9385 9386NTKERNELAPI 9387PVOID 9388NTAPI 9389FsRtlAllocatePoolWithQuotaTag ( 9390 IN POOL_TYPE PoolType, 9391 IN ULONG NumberOfBytes, 9392 IN ULONG Tag 9393); 9394 9395NTKERNELAPI 9396PVOID 9397NTAPI 9398FsRtlAllocatePoolWithTag ( 9399 IN POOL_TYPE PoolType, 9400 IN ULONG NumberOfBytes, 9401 IN ULONG Tag 9402); 9403 9404NTKERNELAPI 9405BOOLEAN 9406NTAPI 9407FsRtlIsFatDbcsLegal ( 9408 IN ANSI_STRING DbcsName, 9409 IN BOOLEAN WildCardsPermissible, 9410 IN BOOLEAN PathNamePermissible, 9411 IN BOOLEAN LeadingBackslashPermissible 9412); 9413 9414NTKERNELAPI 9415BOOLEAN 9416NTAPI 9417FsRtlMdlReadComplete ( 9418 IN PFILE_OBJECT FileObject, 9419 IN PMDL MdlChain 9420); 9421 9422NTKERNELAPI 9423BOOLEAN 9424NTAPI 9425FsRtlMdlWriteComplete ( 9426 IN PFILE_OBJECT FileObject, 9427 IN PLARGE_INTEGER FileOffset, 9428 IN PMDL MdlChain 9429); 9430 9431NTKERNELAPI 9432VOID 9433NTAPI 9434FsRtlNotifyChangeDirectory ( 9435 IN PNOTIFY_SYNC NotifySync, 9436 IN PVOID FsContext, 9437 IN PSTRING FullDirectoryName, 9438 IN PLIST_ENTRY NotifyList, 9439 IN BOOLEAN WatchTree, 9440 IN ULONG CompletionFilter, 9441 IN PIRP NotifyIrp 9442); 9443 9444NTKERNELAPI 9445NTSTATUS 9446NTAPI 9447ObCreateObject ( 9448 IN KPROCESSOR_MODE ObjectAttributesAccessMode OPTIONAL, 9449 IN POBJECT_TYPE ObjectType, 9450 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, 9451 IN KPROCESSOR_MODE AccessMode, 9452 IN OUT PVOID ParseContext OPTIONAL, 9453 IN ULONG ObjectSize, 9454 IN ULONG PagedPoolCharge OPTIONAL, 9455 IN ULONG NonPagedPoolCharge OPTIONAL, 9456 OUT PVOID *Object 9457); 9458 9459NTKERNELAPI 9460ULONG 9461NTAPI 9462ObGetObjectPointerCount ( 9463 IN PVOID Object 9464); 9465 9466NTKERNELAPI 9467NTSTATUS 9468NTAPI 9469ObReferenceObjectByName ( 9470 IN PUNICODE_STRING ObjectName, 9471 IN ULONG Attributes, 9472 IN PACCESS_STATE PassedAccessState OPTIONAL, 9473 IN ACCESS_MASK DesiredAccess OPTIONAL, 9474 IN POBJECT_TYPE ObjectType, 9475 IN KPROCESSOR_MODE AccessMode, 9476 IN OUT PVOID ParseContext OPTIONAL, 9477 OUT PVOID *Object 9478); 9479 9480#define PsDereferenceImpersonationToken(T) \ 9481 {if (ARGUMENT_PRESENT(T)) { \ 9482 (ObDereferenceObject((T))); \ 9483 } else { \ 9484 ; \ 9485 } \ 9486} 9487 9488NTKERNELAPI 9489NTSTATUS 9490NTAPI 9491PsLookupProcessThreadByCid ( 9492 IN PCLIENT_ID Cid, 9493 OUT PEPROCESS *Process OPTIONAL, 9494 OUT PETHREAD *Thread 9495); 9496 9497NTSYSAPI 9498NTSTATUS 9499NTAPI 9500RtlSetSaclSecurityDescriptor ( 9501 IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor, 9502 IN BOOLEAN SaclPresent, 9503 IN PACL Sacl, 9504 IN BOOLEAN SaclDefaulted 9505); 9506 9507#define SeEnableAccessToExports() SeExports = *(PSE_EXPORTS *)SeExports; 9508 9509#if (VER_PRODUCTBUILD >= 2195) 9510 9511NTSYSAPI 9512NTSTATUS 9513NTAPI 9514ZwAdjustPrivilegesToken ( 9515 IN HANDLE TokenHandle, 9516 IN BOOLEAN DisableAllPrivileges, 9517 IN PTOKEN_PRIVILEGES NewState, 9518 IN ULONG BufferLength, 9519 OUT PTOKEN_PRIVILEGES PreviousState OPTIONAL, 9520 OUT PULONG ReturnLength 9521); 9522 9523#endif /* (VER_PRODUCTBUILD >= 2195) */ 9524 9525NTSYSAPI 9526NTSTATUS 9527NTAPI 9528ZwAlertThread ( 9529 IN HANDLE ThreadHandle 9530); 9531 9532NTSYSAPI 9533NTSTATUS 9534NTAPI 9535ZwAccessCheckAndAuditAlarm ( 9536 IN PUNICODE_STRING SubsystemName, 9537 IN PVOID HandleId, 9538 IN PUNICODE_STRING ObjectTypeName, 9539 IN PUNICODE_STRING ObjectName, 9540 IN PSECURITY_DESCRIPTOR SecurityDescriptor, 9541 IN ACCESS_MASK DesiredAccess, 9542 IN PGENERIC_MAPPING GenericMapping, 9543 IN BOOLEAN ObjectCreation, 9544 OUT PACCESS_MASK GrantedAccess, 9545 OUT PBOOLEAN AccessStatus, 9546 OUT PBOOLEAN GenerateOnClose 9547); 9548 9549#if (VER_PRODUCTBUILD >= 2195) 9550 9551NTSYSAPI 9552NTSTATUS 9553NTAPI 9554ZwCancelIoFile ( 9555 IN HANDLE FileHandle, 9556 OUT PIO_STATUS_BLOCK IoStatusBlock 9557); 9558 9559#endif /* (VER_PRODUCTBUILD >= 2195) */ 9560 9561NTSYSAPI 9562NTSTATUS 9563NTAPI 9564ZwClearEvent ( 9565 IN HANDLE EventHandle 9566); 9567 9568NTSYSAPI 9569NTSTATUS 9570NTAPI 9571ZwCloseObjectAuditAlarm ( 9572 IN PUNICODE_STRING SubsystemName, 9573 IN PVOID HandleId, 9574 IN BOOLEAN GenerateOnClose 9575); 9576 9577NTSYSAPI 9578NTSTATUS 9579NTAPI 9580ZwCreateSymbolicLinkObject ( 9581 OUT PHANDLE SymbolicLinkHandle, 9582 IN ACCESS_MASK DesiredAccess, 9583 IN POBJECT_ATTRIBUTES ObjectAttributes, 9584 IN PUNICODE_STRING TargetName 9585); 9586 9587NTSYSAPI 9588NTSTATUS 9589NTAPI 9590ZwFlushInstructionCache ( 9591 IN HANDLE ProcessHandle, 9592 IN PVOID BaseAddress OPTIONAL, 9593 IN ULONG FlushSize 9594); 9595 9596NTSYSAPI 9597NTSTATUS 9598NTAPI 9599ZwFlushBuffersFile( 9600 IN HANDLE FileHandle, 9601 OUT PIO_STATUS_BLOCK IoStatusBlock 9602); 9603 9604#if (VER_PRODUCTBUILD >= 2195) 9605 9606NTSYSAPI 9607NTSTATUS 9608NTAPI 9609ZwInitiatePowerAction ( 9610 IN POWER_ACTION SystemAction, 9611 IN SYSTEM_POWER_STATE MinSystemState, 9612 IN ULONG Flags, 9613 IN BOOLEAN Asynchronous 9614); 9615 9616#endif /* (VER_PRODUCTBUILD >= 2195) */ 9617 9618NTSYSAPI 9619NTSTATUS 9620NTAPI 9621ZwLoadKey ( 9622 IN POBJECT_ATTRIBUTES KeyObjectAttributes, 9623 IN POBJECT_ATTRIBUTES FileObjectAttributes 9624); 9625 9626NTSYSAPI 9627NTSTATUS 9628NTAPI 9629ZwOpenProcessToken ( 9630 IN HANDLE ProcessHandle, 9631 IN ACCESS_MASK DesiredAccess, 9632 OUT PHANDLE TokenHandle 9633); 9634 9635NTSYSAPI 9636NTSTATUS 9637NTAPI 9638ZwOpenThread ( 9639 OUT PHANDLE ThreadHandle, 9640 IN ACCESS_MASK DesiredAccess, 9641 IN POBJECT_ATTRIBUTES ObjectAttributes, 9642 IN PCLIENT_ID ClientId 9643); 9644 9645NTSYSAPI 9646NTSTATUS 9647NTAPI 9648ZwOpenThreadToken ( 9649 IN HANDLE ThreadHandle, 9650 IN ACCESS_MASK DesiredAccess, 9651 IN BOOLEAN OpenAsSelf, 9652 OUT PHANDLE TokenHandle 9653); 9654 9655NTSYSAPI 9656NTSTATUS 9657NTAPI 9658ZwPulseEvent ( 9659 IN HANDLE EventHandle, 9660 OUT PLONG PreviousState OPTIONAL 9661); 9662 9663NTSYSAPI 9664NTSTATUS 9665NTAPI 9666ZwQueryDefaultLocale ( 9667 IN BOOLEAN ThreadOrSystem, 9668 OUT PLCID Locale 9669); 9670 9671#if (VER_PRODUCTBUILD >= 2195) 9672 9673NTSYSAPI 9674NTSTATUS 9675NTAPI 9676ZwQueryDirectoryObject ( 9677 IN HANDLE DirectoryHandle, 9678 OUT PVOID Buffer, 9679 IN ULONG Length, 9680 IN BOOLEAN ReturnSingleEntry, 9681 IN BOOLEAN RestartScan, 9682 IN OUT PULONG Context, 9683 OUT PULONG ReturnLength OPTIONAL 9684); 9685 9686#endif /* (VER_PRODUCTBUILD >= 2195) */ 9687 9688NTSYSAPI 9689NTSTATUS 9690NTAPI 9691ZwQueryInformationProcess ( 9692 IN HANDLE ProcessHandle, 9693 IN PROCESSINFOCLASS ProcessInformationClass, 9694 OUT PVOID ProcessInformation, 9695 IN ULONG ProcessInformationLength, 9696 OUT PULONG ReturnLength OPTIONAL 9697); 9698 9699NTSYSAPI 9700NTSTATUS 9701NTAPI 9702ZwReplaceKey ( 9703 IN POBJECT_ATTRIBUTES NewFileObjectAttributes, 9704 IN HANDLE KeyHandle, 9705 IN POBJECT_ATTRIBUTES OldFileObjectAttributes 9706); 9707 9708NTSYSAPI 9709NTSTATUS 9710NTAPI 9711ZwResetEvent ( 9712 IN HANDLE EventHandle, 9713 OUT PLONG PreviousState OPTIONAL 9714); 9715 9716#if (VER_PRODUCTBUILD >= 2195) 9717 9718NTSYSAPI 9719NTSTATUS 9720NTAPI 9721ZwRestoreKey ( 9722 IN HANDLE KeyHandle, 9723 IN HANDLE FileHandle, 9724 IN ULONG Flags 9725); 9726 9727#endif /* (VER_PRODUCTBUILD >= 2195) */ 9728 9729NTSYSAPI 9730NTSTATUS 9731NTAPI 9732ZwSaveKey ( 9733 IN HANDLE KeyHandle, 9734 IN HANDLE FileHandle 9735); 9736 9737NTSYSAPI 9738NTSTATUS 9739NTAPI 9740ZwSetDefaultLocale ( 9741 IN BOOLEAN ThreadOrSystem, 9742 IN LCID Locale 9743); 9744 9745#if (VER_PRODUCTBUILD >= 2195) 9746 9747NTSYSAPI 9748NTSTATUS 9749NTAPI 9750ZwSetDefaultUILanguage ( 9751 IN LANGID LanguageId 9752); 9753 9754#endif /* (VER_PRODUCTBUILD >= 2195) */ 9755 9756NTSYSAPI 9757NTSTATUS 9758NTAPI 9759ZwSetInformationProcess ( 9760 IN HANDLE ProcessHandle, 9761 IN PROCESSINFOCLASS ProcessInformationClass, 9762 IN PVOID ProcessInformation, 9763 IN ULONG ProcessInformationLength 9764); 9765 9766NTSYSAPI 9767NTSTATUS 9768NTAPI 9769ZwSetSystemTime ( 9770 IN PLARGE_INTEGER NewTime, 9771 OUT PLARGE_INTEGER OldTime OPTIONAL 9772); 9773 9774NTSYSAPI 9775NTSTATUS 9776NTAPI 9777ZwUnloadKey ( 9778 IN POBJECT_ATTRIBUTES KeyObjectAttributes 9779); 9780 9781NTSYSAPI 9782NTSTATUS 9783NTAPI 9784ZwWaitForMultipleObjects ( 9785 IN ULONG HandleCount, 9786 IN PHANDLE Handles, 9787 IN WAIT_TYPE WaitType, 9788 IN BOOLEAN Alertable, 9789 IN PLARGE_INTEGER Timeout OPTIONAL 9790); 9791 9792NTSYSAPI 9793NTSTATUS 9794NTAPI 9795ZwYieldExecution ( 9796 VOID 9797); 9798 9799#pragma pack(pop) 9800 9801#ifdef __cplusplus 9802} 9803#endif 9804