1 /* 2 * ntifs.h 3 * 4 * Windows NT Filesystem Driver Developer Kit 5 * 6 * This file is part of the ReactOS DDK package. 7 * 8 * Contributors: 9 * Amine Khaldi 10 * Timo Kreuzer (timo.kreuzer (at) reactos.org) 11 * 12 * THIS SOFTWARE IS NOT COPYRIGHTED 13 * 14 * This source code is offered for use in the public domain. You may 15 * use, modify or distribute it freely. 16 * 17 * This code is distributed in the hope that it will be useful but 18 * WITHOUT ANY WARRANTY. ALL WARRANTIES, EXPRESS OR IMPLIED ARE HEREBY 19 * DISCLAIMED. This includes but is not limited to warranties of 20 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 21 * 22 */ 23 24 #pragma once 25 26 #define _NTIFS_INCLUDED_ 27 #define _GNU_NTIFS_ 28 29 #ifdef __cplusplus 30 extern "C" { 31 #endif 32 33 /* Dependencies */ 34 #include <ntddk.h> 35 #include <excpt.h> 36 #include <ntdef.h> 37 #include <ntnls.h> 38 #include <ntstatus.h> 39 #include <bugcodes.h> 40 #include <ntiologc.h> 41 42 43 #ifndef FlagOn 44 #define FlagOn(_F,_SF) ((_F) & (_SF)) 45 #endif 46 47 #ifndef BooleanFlagOn 48 #define BooleanFlagOn(F,SF) ((BOOLEAN)(((F) & (SF)) != 0)) 49 #endif 50 51 #ifndef SetFlag 52 #define SetFlag(_F,_SF) ((_F) |= (_SF)) 53 #endif 54 55 #ifndef ClearFlag 56 #define ClearFlag(_F,_SF) ((_F) &= ~(_SF)) 57 #endif 58 59 typedef UNICODE_STRING LSA_UNICODE_STRING, *PLSA_UNICODE_STRING; 60 typedef STRING LSA_STRING, *PLSA_STRING; 61 typedef OBJECT_ATTRIBUTES LSA_OBJECT_ATTRIBUTES, *PLSA_OBJECT_ATTRIBUTES; 62 63 /****************************************************************************** 64 * Security Manager Types * 65 ******************************************************************************/ 66 #ifndef SID_IDENTIFIER_AUTHORITY_DEFINED 67 #define SID_IDENTIFIER_AUTHORITY_DEFINED 68 typedef struct _SID_IDENTIFIER_AUTHORITY { 69 UCHAR Value[6]; 70 } SID_IDENTIFIER_AUTHORITY,*PSID_IDENTIFIER_AUTHORITY,*LPSID_IDENTIFIER_AUTHORITY; 71 #endif 72 73 #ifndef SID_DEFINED 74 #define SID_DEFINED 75 typedef struct _SID { 76 UCHAR Revision; 77 UCHAR SubAuthorityCount; 78 SID_IDENTIFIER_AUTHORITY IdentifierAuthority; 79 ULONG SubAuthority[ANYSIZE_ARRAY]; 80 } SID, *PISID; 81 #endif 82 83 #define SID_REVISION 1 84 #define SID_MAX_SUB_AUTHORITIES 15 85 #define SID_RECOMMENDED_SUB_AUTHORITIES 1 86 87 typedef enum _SID_NAME_USE { 88 SidTypeUser = 1, 89 SidTypeGroup, 90 SidTypeDomain, 91 SidTypeAlias, 92 SidTypeWellKnownGroup, 93 SidTypeDeletedAccount, 94 SidTypeInvalid, 95 SidTypeUnknown, 96 SidTypeComputer, 97 SidTypeLabel 98 } SID_NAME_USE, *PSID_NAME_USE; 99 100 typedef struct _SID_AND_ATTRIBUTES { 101 PSID Sid; 102 ULONG Attributes; 103 } SID_AND_ATTRIBUTES, *PSID_AND_ATTRIBUTES; 104 typedef SID_AND_ATTRIBUTES SID_AND_ATTRIBUTES_ARRAY[ANYSIZE_ARRAY]; 105 typedef SID_AND_ATTRIBUTES_ARRAY *PSID_AND_ATTRIBUTES_ARRAY; 106 107 #define SID_HASH_SIZE 32 108 typedef ULONG_PTR SID_HASH_ENTRY, *PSID_HASH_ENTRY; 109 110 typedef struct _SID_AND_ATTRIBUTES_HASH { 111 ULONG SidCount; 112 PSID_AND_ATTRIBUTES SidAttr; 113 SID_HASH_ENTRY Hash[SID_HASH_SIZE]; 114 } SID_AND_ATTRIBUTES_HASH, *PSID_AND_ATTRIBUTES_HASH; 115 116 /* Universal well-known SIDs */ 117 118 #define SECURITY_NULL_SID_AUTHORITY {0,0,0,0,0,0} 119 #define SECURITY_WORLD_SID_AUTHORITY {0,0,0,0,0,1} 120 #define SECURITY_LOCAL_SID_AUTHORITY {0,0,0,0,0,2} 121 #define SECURITY_CREATOR_SID_AUTHORITY {0,0,0,0,0,3} 122 #define SECURITY_NON_UNIQUE_AUTHORITY {0,0,0,0,0,4} 123 #define SECURITY_RESOURCE_MANAGER_AUTHORITY {0,0,0,0,0,9} 124 125 #define SECURITY_NULL_RID (0x00000000L) 126 #define SECURITY_WORLD_RID (0x00000000L) 127 #define SECURITY_LOCAL_RID (0x00000000L) 128 #define SECURITY_LOCAL_LOGON_RID (0x00000001L) 129 130 #define SECURITY_CREATOR_OWNER_RID (0x00000000L) 131 #define SECURITY_CREATOR_GROUP_RID (0x00000001L) 132 #define SECURITY_CREATOR_OWNER_SERVER_RID (0x00000002L) 133 #define SECURITY_CREATOR_GROUP_SERVER_RID (0x00000003L) 134 #define SECURITY_CREATOR_OWNER_RIGHTS_RID (0x00000004L) 135 136 /* NT well-known SIDs */ 137 138 #define SECURITY_NT_AUTHORITY {0,0,0,0,0,5} 139 140 #define SECURITY_DIALUP_RID (0x00000001L) 141 #define SECURITY_NETWORK_RID (0x00000002L) 142 #define SECURITY_BATCH_RID (0x00000003L) 143 #define SECURITY_INTERACTIVE_RID (0x00000004L) 144 #define SECURITY_LOGON_IDS_RID (0x00000005L) 145 #define SECURITY_LOGON_IDS_RID_COUNT (3L) 146 #define SECURITY_SERVICE_RID (0x00000006L) 147 #define SECURITY_ANONYMOUS_LOGON_RID (0x00000007L) 148 #define SECURITY_PROXY_RID (0x00000008L) 149 #define SECURITY_ENTERPRISE_CONTROLLERS_RID (0x00000009L) 150 #define SECURITY_SERVER_LOGON_RID SECURITY_ENTERPRISE_CONTROLLERS_RID 151 #define SECURITY_PRINCIPAL_SELF_RID (0x0000000AL) 152 #define SECURITY_AUTHENTICATED_USER_RID (0x0000000BL) 153 #define SECURITY_RESTRICTED_CODE_RID (0x0000000CL) 154 #define SECURITY_TERMINAL_SERVER_RID (0x0000000DL) 155 #define SECURITY_REMOTE_LOGON_RID (0x0000000EL) 156 #define SECURITY_THIS_ORGANIZATION_RID (0x0000000FL) 157 #define SECURITY_IUSER_RID (0x00000011L) 158 #define SECURITY_LOCAL_SYSTEM_RID (0x00000012L) 159 #define SECURITY_LOCAL_SERVICE_RID (0x00000013L) 160 #define SECURITY_NETWORK_SERVICE_RID (0x00000014L) 161 #define SECURITY_NT_NON_UNIQUE (0x00000015L) 162 #define SECURITY_NT_NON_UNIQUE_SUB_AUTH_COUNT (3L) 163 #define SECURITY_ENTERPRISE_READONLY_CONTROLLERS_RID (0x00000016L) 164 165 #define SECURITY_BUILTIN_DOMAIN_RID (0x00000020L) 166 #define SECURITY_WRITE_RESTRICTED_CODE_RID (0x00000021L) 167 168 169 #define SECURITY_PACKAGE_BASE_RID (0x00000040L) 170 #define SECURITY_PACKAGE_RID_COUNT (2L) 171 #define SECURITY_PACKAGE_NTLM_RID (0x0000000AL) 172 #define SECURITY_PACKAGE_SCHANNEL_RID (0x0000000EL) 173 #define SECURITY_PACKAGE_DIGEST_RID (0x00000015L) 174 175 #define SECURITY_CRED_TYPE_BASE_RID (0x00000041L) 176 #define SECURITY_CRED_TYPE_RID_COUNT (2L) 177 #define SECURITY_CRED_TYPE_THIS_ORG_CERT_RID (0x00000001L) 178 179 #define SECURITY_MIN_BASE_RID (0x00000050L) 180 #define SECURITY_SERVICE_ID_BASE_RID (0x00000050L) 181 #define SECURITY_SERVICE_ID_RID_COUNT (6L) 182 #define SECURITY_RESERVED_ID_BASE_RID (0x00000051L) 183 #define SECURITY_APPPOOL_ID_BASE_RID (0x00000052L) 184 #define SECURITY_APPPOOL_ID_RID_COUNT (6L) 185 #define SECURITY_VIRTUALSERVER_ID_BASE_RID (0x00000053L) 186 #define SECURITY_VIRTUALSERVER_ID_RID_COUNT (6L) 187 #define SECURITY_USERMODEDRIVERHOST_ID_BASE_RID (0x00000054L) 188 #define SECURITY_USERMODEDRIVERHOST_ID_RID_COUNT (6L) 189 #define SECURITY_CLOUD_INFRASTRUCTURE_SERVICES_ID_BASE_RID (0x00000055L) 190 #define SECURITY_CLOUD_INFRASTRUCTURE_SERVICES_ID_RID_COUNT (6L) 191 #define SECURITY_WMIHOST_ID_BASE_RID (0x00000056L) 192 #define SECURITY_WMIHOST_ID_RID_COUNT (6L) 193 #define SECURITY_TASK_ID_BASE_RID (0x00000057L) 194 #define SECURITY_NFS_ID_BASE_RID (0x00000058L) 195 #define SECURITY_COM_ID_BASE_RID (0x00000059L) 196 #define SECURITY_VIRTUALACCOUNT_ID_RID_COUNT (6L) 197 198 #define SECURITY_MAX_BASE_RID (0x0000006FL) 199 200 #define SECURITY_MAX_ALWAYS_FILTERED (0x000003E7L) 201 #define SECURITY_MIN_NEVER_FILTERED (0x000003E8L) 202 203 #define SECURITY_OTHER_ORGANIZATION_RID (0x000003E8L) 204 205 #define SECURITY_WINDOWSMOBILE_ID_BASE_RID (0x00000070L) 206 207 /* Well-known domain relative sub-authority values (RIDs) */ 208 209 #define DOMAIN_GROUP_RID_ENTERPRISE_READONLY_DOMAIN_CONTROLLERS (0x000001F2L) 210 211 #define FOREST_USER_RID_MAX (0x000001F3L) 212 213 /* Well-known users */ 214 215 #define DOMAIN_USER_RID_ADMIN (0x000001F4L) 216 #define DOMAIN_USER_RID_GUEST (0x000001F5L) 217 #define DOMAIN_USER_RID_KRBTGT (0x000001F6L) 218 219 #define DOMAIN_USER_RID_MAX (0x000003E7L) 220 221 /* Well-known groups */ 222 223 #define DOMAIN_GROUP_RID_ADMINS (0x00000200L) 224 #define DOMAIN_GROUP_RID_USERS (0x00000201L) 225 #define DOMAIN_GROUP_RID_GUESTS (0x00000202L) 226 #define DOMAIN_GROUP_RID_COMPUTERS (0x00000203L) 227 #define DOMAIN_GROUP_RID_CONTROLLERS (0x00000204L) 228 #define DOMAIN_GROUP_RID_CERT_ADMINS (0x00000205L) 229 #define DOMAIN_GROUP_RID_SCHEMA_ADMINS (0x00000206L) 230 #define DOMAIN_GROUP_RID_ENTERPRISE_ADMINS (0x00000207L) 231 #define DOMAIN_GROUP_RID_POLICY_ADMINS (0x00000208L) 232 #define DOMAIN_GROUP_RID_READONLY_CONTROLLERS (0x00000209L) 233 234 /* Well-known aliases */ 235 236 #define DOMAIN_ALIAS_RID_ADMINS (0x00000220L) 237 #define DOMAIN_ALIAS_RID_USERS (0x00000221L) 238 #define DOMAIN_ALIAS_RID_GUESTS (0x00000222L) 239 #define DOMAIN_ALIAS_RID_POWER_USERS (0x00000223L) 240 241 #define DOMAIN_ALIAS_RID_ACCOUNT_OPS (0x00000224L) 242 #define DOMAIN_ALIAS_RID_SYSTEM_OPS (0x00000225L) 243 #define DOMAIN_ALIAS_RID_PRINT_OPS (0x00000226L) 244 #define DOMAIN_ALIAS_RID_BACKUP_OPS (0x00000227L) 245 246 #define DOMAIN_ALIAS_RID_REPLICATOR (0x00000228L) 247 #define DOMAIN_ALIAS_RID_RAS_SERVERS (0x00000229L) 248 #define DOMAIN_ALIAS_RID_PREW2KCOMPACCESS (0x0000022AL) 249 #define DOMAIN_ALIAS_RID_REMOTE_DESKTOP_USERS (0x0000022BL) 250 #define DOMAIN_ALIAS_RID_NETWORK_CONFIGURATION_OPS (0x0000022CL) 251 #define DOMAIN_ALIAS_RID_INCOMING_FOREST_TRUST_BUILDERS (0x0000022DL) 252 253 #define DOMAIN_ALIAS_RID_MONITORING_USERS (0x0000022EL) 254 #define DOMAIN_ALIAS_RID_LOGGING_USERS (0x0000022FL) 255 #define DOMAIN_ALIAS_RID_AUTHORIZATIONACCESS (0x00000230L) 256 #define DOMAIN_ALIAS_RID_TS_LICENSE_SERVERS (0x00000231L) 257 #define DOMAIN_ALIAS_RID_DCOM_USERS (0x00000232L) 258 #define DOMAIN_ALIAS_RID_IUSERS (0x00000238L) 259 #define DOMAIN_ALIAS_RID_CRYPTO_OPERATORS (0x00000239L) 260 #define DOMAIN_ALIAS_RID_CACHEABLE_PRINCIPALS_GROUP (0x0000023BL) 261 #define DOMAIN_ALIAS_RID_NON_CACHEABLE_PRINCIPALS_GROUP (0x0000023CL) 262 #define DOMAIN_ALIAS_RID_EVENT_LOG_READERS_GROUP (0x0000023DL) 263 #define DOMAIN_ALIAS_RID_CERTSVC_DCOM_ACCESS_GROUP (0x0000023EL) 264 265 #define SECURITY_MANDATORY_LABEL_AUTHORITY {0,0,0,0,0,16} 266 #define SECURITY_MANDATORY_UNTRUSTED_RID (0x00000000L) 267 #define SECURITY_MANDATORY_LOW_RID (0x00001000L) 268 #define SECURITY_MANDATORY_MEDIUM_RID (0x00002000L) 269 #define SECURITY_MANDATORY_HIGH_RID (0x00003000L) 270 #define SECURITY_MANDATORY_SYSTEM_RID (0x00004000L) 271 #define SECURITY_MANDATORY_PROTECTED_PROCESS_RID (0x00005000L) 272 273 /* SECURITY_MANDATORY_MAXIMUM_USER_RID is the highest RID that 274 can be set by a usermode caller.*/ 275 276 #define SECURITY_MANDATORY_MAXIMUM_USER_RID SECURITY_MANDATORY_SYSTEM_RID 277 278 #define MANDATORY_LEVEL_TO_MANDATORY_RID(IL) (IL * 0x1000) 279 280 /* Allocate the System Luid. The first 1000 LUIDs are reserved. 281 Use #999 here (0x3e7 = 999) */ 282 283 #define SYSTEM_LUID {0x3e7, 0x0} 284 #define ANONYMOUS_LOGON_LUID {0x3e6, 0x0} 285 #define LOCALSERVICE_LUID {0x3e5, 0x0} 286 #define NETWORKSERVICE_LUID {0x3e4, 0x0} 287 #define IUSER_LUID {0x3e3, 0x0} 288 289 typedef struct _ACE_HEADER { 290 UCHAR AceType; 291 UCHAR AceFlags; 292 USHORT AceSize; 293 } ACE_HEADER, *PACE_HEADER; 294 295 /* also in winnt.h */ 296 #define ACCESS_MIN_MS_ACE_TYPE (0x0) 297 #define ACCESS_ALLOWED_ACE_TYPE (0x0) 298 #define ACCESS_DENIED_ACE_TYPE (0x1) 299 #define SYSTEM_AUDIT_ACE_TYPE (0x2) 300 #define SYSTEM_ALARM_ACE_TYPE (0x3) 301 #define ACCESS_MAX_MS_V2_ACE_TYPE (0x3) 302 #define ACCESS_ALLOWED_COMPOUND_ACE_TYPE (0x4) 303 #define ACCESS_MAX_MS_V3_ACE_TYPE (0x4) 304 #define ACCESS_MIN_MS_OBJECT_ACE_TYPE (0x5) 305 #define ACCESS_ALLOWED_OBJECT_ACE_TYPE (0x5) 306 #define ACCESS_DENIED_OBJECT_ACE_TYPE (0x6) 307 #define SYSTEM_AUDIT_OBJECT_ACE_TYPE (0x7) 308 #define SYSTEM_ALARM_OBJECT_ACE_TYPE (0x8) 309 #define ACCESS_MAX_MS_OBJECT_ACE_TYPE (0x8) 310 #define ACCESS_MAX_MS_V4_ACE_TYPE (0x8) 311 #define ACCESS_MAX_MS_ACE_TYPE (0x8) 312 #define ACCESS_ALLOWED_CALLBACK_ACE_TYPE (0x9) 313 #define ACCESS_DENIED_CALLBACK_ACE_TYPE (0xA) 314 #define ACCESS_ALLOWED_CALLBACK_OBJECT_ACE_TYPE (0xB) 315 #define ACCESS_DENIED_CALLBACK_OBJECT_ACE_TYPE (0xC) 316 #define SYSTEM_AUDIT_CALLBACK_ACE_TYPE (0xD) 317 #define SYSTEM_ALARM_CALLBACK_ACE_TYPE (0xE) 318 #define SYSTEM_AUDIT_CALLBACK_OBJECT_ACE_TYPE (0xF) 319 #define SYSTEM_ALARM_CALLBACK_OBJECT_ACE_TYPE (0x10) 320 #define ACCESS_MAX_MS_V5_ACE_TYPE (0x11) 321 #define SYSTEM_MANDATORY_LABEL_ACE_TYPE (0x11) 322 323 /* The following are the inherit flags that go into the AceFlags field 324 of an Ace header. */ 325 326 #define OBJECT_INHERIT_ACE (0x1) 327 #define CONTAINER_INHERIT_ACE (0x2) 328 #define NO_PROPAGATE_INHERIT_ACE (0x4) 329 #define INHERIT_ONLY_ACE (0x8) 330 #define INHERITED_ACE (0x10) 331 #define VALID_INHERIT_FLAGS (0x1F) 332 333 #define SUCCESSFUL_ACCESS_ACE_FLAG (0x40) 334 #define FAILED_ACCESS_ACE_FLAG (0x80) 335 336 typedef struct _ACCESS_ALLOWED_ACE { 337 ACE_HEADER Header; 338 ACCESS_MASK Mask; 339 ULONG SidStart; 340 } ACCESS_ALLOWED_ACE, *PACCESS_ALLOWED_ACE; 341 342 typedef struct _ACCESS_DENIED_ACE { 343 ACE_HEADER Header; 344 ACCESS_MASK Mask; 345 ULONG SidStart; 346 } ACCESS_DENIED_ACE, *PACCESS_DENIED_ACE; 347 348 typedef struct _SYSTEM_AUDIT_ACE { 349 ACE_HEADER Header; 350 ACCESS_MASK Mask; 351 ULONG SidStart; 352 } SYSTEM_AUDIT_ACE, *PSYSTEM_AUDIT_ACE; 353 354 typedef struct _SYSTEM_ALARM_ACE { 355 ACE_HEADER Header; 356 ACCESS_MASK Mask; 357 ULONG SidStart; 358 } SYSTEM_ALARM_ACE, *PSYSTEM_ALARM_ACE; 359 360 typedef struct _SYSTEM_MANDATORY_LABEL_ACE { 361 ACE_HEADER Header; 362 ACCESS_MASK Mask; 363 ULONG SidStart; 364 } SYSTEM_MANDATORY_LABEL_ACE, *PSYSTEM_MANDATORY_LABEL_ACE; 365 366 #define SYSTEM_MANDATORY_LABEL_NO_WRITE_UP 0x1 367 #define SYSTEM_MANDATORY_LABEL_NO_READ_UP 0x2 368 #define SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP 0x4 369 #define SYSTEM_MANDATORY_LABEL_VALID_MASK (SYSTEM_MANDATORY_LABEL_NO_WRITE_UP | \ 370 SYSTEM_MANDATORY_LABEL_NO_READ_UP | \ 371 SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP) 372 373 #define SECURITY_DESCRIPTOR_MIN_LENGTH (sizeof(SECURITY_DESCRIPTOR)) 374 375 typedef USHORT SECURITY_DESCRIPTOR_CONTROL,*PSECURITY_DESCRIPTOR_CONTROL; 376 377 #define SE_OWNER_DEFAULTED 0x0001 378 #define SE_GROUP_DEFAULTED 0x0002 379 #define SE_DACL_PRESENT 0x0004 380 #define SE_DACL_DEFAULTED 0x0008 381 #define SE_SACL_PRESENT 0x0010 382 #define SE_SACL_DEFAULTED 0x0020 383 #define SE_DACL_UNTRUSTED 0x0040 384 #define SE_SERVER_SECURITY 0x0080 385 #define SE_DACL_AUTO_INHERIT_REQ 0x0100 386 #define SE_SACL_AUTO_INHERIT_REQ 0x0200 387 #define SE_DACL_AUTO_INHERITED 0x0400 388 #define SE_SACL_AUTO_INHERITED 0x0800 389 #define SE_DACL_PROTECTED 0x1000 390 #define SE_SACL_PROTECTED 0x2000 391 #define SE_RM_CONTROL_VALID 0x4000 392 #define SE_SELF_RELATIVE 0x8000 393 394 typedef struct _SECURITY_DESCRIPTOR_RELATIVE { 395 UCHAR Revision; 396 UCHAR Sbz1; 397 SECURITY_DESCRIPTOR_CONTROL Control; 398 ULONG Owner; 399 ULONG Group; 400 ULONG Sacl; 401 ULONG Dacl; 402 } SECURITY_DESCRIPTOR_RELATIVE, *PISECURITY_DESCRIPTOR_RELATIVE; 403 404 typedef struct _SECURITY_DESCRIPTOR { 405 UCHAR Revision; 406 UCHAR Sbz1; 407 SECURITY_DESCRIPTOR_CONTROL Control; 408 PSID Owner; 409 PSID Group; 410 PACL Sacl; 411 PACL Dacl; 412 } SECURITY_DESCRIPTOR, *PISECURITY_DESCRIPTOR; 413 414 typedef struct _OBJECT_TYPE_LIST { 415 USHORT Level; 416 USHORT Sbz; 417 GUID *ObjectType; 418 } OBJECT_TYPE_LIST, *POBJECT_TYPE_LIST; 419 420 #define ACCESS_OBJECT_GUID 0 421 #define ACCESS_PROPERTY_SET_GUID 1 422 #define ACCESS_PROPERTY_GUID 2 423 #define ACCESS_MAX_LEVEL 4 424 425 typedef enum _AUDIT_EVENT_TYPE { 426 AuditEventObjectAccess, 427 AuditEventDirectoryServiceAccess 428 } AUDIT_EVENT_TYPE, *PAUDIT_EVENT_TYPE; 429 430 #define AUDIT_ALLOW_NO_PRIVILEGE 0x1 431 432 #define ACCESS_DS_SOURCE_A "DS" 433 #define ACCESS_DS_SOURCE_W L"DS" 434 #define ACCESS_DS_OBJECT_TYPE_NAME_A "Directory Service Object" 435 #define ACCESS_DS_OBJECT_TYPE_NAME_W L"Directory Service Object" 436 437 #define ACCESS_REASON_TYPE_MASK 0xffff0000 438 #define ACCESS_REASON_DATA_MASK 0x0000ffff 439 440 typedef enum _ACCESS_REASON_TYPE { 441 AccessReasonNone = 0x00000000, 442 AccessReasonAllowedAce = 0x00010000, 443 AccessReasonDeniedAce = 0x00020000, 444 AccessReasonAllowedParentAce = 0x00030000, 445 AccessReasonDeniedParentAce = 0x00040000, 446 AccessReasonMissingPrivilege = 0x00100000, 447 AccessReasonFromPrivilege = 0x00200000, 448 AccessReasonIntegrityLevel = 0x00300000, 449 AccessReasonOwnership = 0x00400000, 450 AccessReasonNullDacl = 0x00500000, 451 AccessReasonEmptyDacl = 0x00600000, 452 AccessReasonNoSD = 0x00700000, 453 AccessReasonNoGrant = 0x00800000 454 } ACCESS_REASON_TYPE; 455 456 typedef ULONG ACCESS_REASON; 457 458 typedef struct _ACCESS_REASONS { 459 ACCESS_REASON Data[32]; 460 } ACCESS_REASONS, *PACCESS_REASONS; 461 462 #define SE_SECURITY_DESCRIPTOR_FLAG_NO_OWNER_ACE 0x00000001 463 #define SE_SECURITY_DESCRIPTOR_FLAG_NO_LABEL_ACE 0x00000002 464 #define SE_SECURITY_DESCRIPTOR_VALID_FLAGS 0x00000003 465 466 typedef struct _SE_SECURITY_DESCRIPTOR { 467 ULONG Size; 468 ULONG Flags; 469 PSECURITY_DESCRIPTOR SecurityDescriptor; 470 } SE_SECURITY_DESCRIPTOR, *PSE_SECURITY_DESCRIPTOR; 471 472 typedef struct _SE_ACCESS_REQUEST { 473 ULONG Size; 474 PSE_SECURITY_DESCRIPTOR SeSecurityDescriptor; 475 ACCESS_MASK DesiredAccess; 476 ACCESS_MASK PreviouslyGrantedAccess; 477 PSID PrincipalSelfSid; 478 PGENERIC_MAPPING GenericMapping; 479 ULONG ObjectTypeListCount; 480 POBJECT_TYPE_LIST ObjectTypeList; 481 } SE_ACCESS_REQUEST, *PSE_ACCESS_REQUEST; 482 483 typedef struct _SE_ACCESS_REPLY { 484 ULONG Size; 485 ULONG ResultListCount; 486 PACCESS_MASK GrantedAccess; 487 PNTSTATUS AccessStatus; 488 PACCESS_REASONS AccessReason; 489 PPRIVILEGE_SET* Privileges; 490 } SE_ACCESS_REPLY, *PSE_ACCESS_REPLY; 491 492 typedef enum _SE_AUDIT_OPERATION { 493 AuditPrivilegeObject, 494 AuditPrivilegeService, 495 AuditAccessCheck, 496 AuditOpenObject, 497 AuditOpenObjectWithTransaction, 498 AuditCloseObject, 499 AuditDeleteObject, 500 AuditOpenObjectForDelete, 501 AuditOpenObjectForDeleteWithTransaction, 502 AuditCloseNonObject, 503 AuditOpenNonObject, 504 AuditObjectReference, 505 AuditHandleCreation, 506 } SE_AUDIT_OPERATION, *PSE_AUDIT_OPERATION; 507 508 typedef struct _SE_AUDIT_INFO { 509 ULONG Size; 510 AUDIT_EVENT_TYPE AuditType; 511 SE_AUDIT_OPERATION AuditOperation; 512 ULONG AuditFlags; 513 UNICODE_STRING SubsystemName; 514 UNICODE_STRING ObjectTypeName; 515 UNICODE_STRING ObjectName; 516 PVOID HandleId; 517 GUID* TransactionId; 518 LUID* OperationId; 519 BOOLEAN ObjectCreation; 520 BOOLEAN GenerateOnClose; 521 } SE_AUDIT_INFO, *PSE_AUDIT_INFO; 522 523 #define TOKEN_ASSIGN_PRIMARY (0x0001) 524 #define TOKEN_DUPLICATE (0x0002) 525 #define TOKEN_IMPERSONATE (0x0004) 526 #define TOKEN_QUERY (0x0008) 527 #define TOKEN_QUERY_SOURCE (0x0010) 528 #define TOKEN_ADJUST_PRIVILEGES (0x0020) 529 #define TOKEN_ADJUST_GROUPS (0x0040) 530 #define TOKEN_ADJUST_DEFAULT (0x0080) 531 #define TOKEN_ADJUST_SESSIONID (0x0100) 532 533 #define TOKEN_ALL_ACCESS_P (STANDARD_RIGHTS_REQUIRED |\ 534 TOKEN_ASSIGN_PRIMARY |\ 535 TOKEN_DUPLICATE |\ 536 TOKEN_IMPERSONATE |\ 537 TOKEN_QUERY |\ 538 TOKEN_QUERY_SOURCE |\ 539 TOKEN_ADJUST_PRIVILEGES |\ 540 TOKEN_ADJUST_GROUPS |\ 541 TOKEN_ADJUST_DEFAULT ) 542 543 #if ((defined(_WIN32_WINNT) && (_WIN32_WINNT > 0x0400)) || (!defined(_WIN32_WINNT))) 544 #define TOKEN_ALL_ACCESS (TOKEN_ALL_ACCESS_P |\ 545 TOKEN_ADJUST_SESSIONID ) 546 #else 547 #define TOKEN_ALL_ACCESS (TOKEN_ALL_ACCESS_P) 548 #endif 549 550 #define TOKEN_READ (STANDARD_RIGHTS_READ |\ 551 TOKEN_QUERY) 552 553 #define TOKEN_WRITE (STANDARD_RIGHTS_WRITE |\ 554 TOKEN_ADJUST_PRIVILEGES |\ 555 TOKEN_ADJUST_GROUPS |\ 556 TOKEN_ADJUST_DEFAULT) 557 558 #define TOKEN_EXECUTE (STANDARD_RIGHTS_EXECUTE) 559 560 typedef enum _TOKEN_TYPE { 561 TokenPrimary = 1, 562 TokenImpersonation 563 } TOKEN_TYPE,*PTOKEN_TYPE; 564 565 typedef enum _TOKEN_INFORMATION_CLASS { 566 TokenUser = 1, 567 TokenGroups, 568 TokenPrivileges, 569 TokenOwner, 570 TokenPrimaryGroup, 571 TokenDefaultDacl, 572 TokenSource, 573 TokenType, 574 TokenImpersonationLevel, 575 TokenStatistics, 576 TokenRestrictedSids, 577 TokenSessionId, 578 TokenGroupsAndPrivileges, 579 TokenSessionReference, 580 TokenSandBoxInert, 581 TokenAuditPolicy, 582 TokenOrigin, 583 TokenElevationType, 584 TokenLinkedToken, 585 TokenElevation, 586 TokenHasRestrictions, 587 TokenAccessInformation, 588 TokenVirtualizationAllowed, 589 TokenVirtualizationEnabled, 590 TokenIntegrityLevel, 591 TokenUIAccess, 592 TokenMandatoryPolicy, 593 TokenLogonSid, 594 MaxTokenInfoClass 595 } TOKEN_INFORMATION_CLASS, *PTOKEN_INFORMATION_CLASS; 596 597 typedef struct _TOKEN_USER { 598 SID_AND_ATTRIBUTES User; 599 } TOKEN_USER, *PTOKEN_USER; 600 601 typedef struct _TOKEN_GROUPS { 602 ULONG GroupCount; 603 SID_AND_ATTRIBUTES Groups[ANYSIZE_ARRAY]; 604 } TOKEN_GROUPS,*PTOKEN_GROUPS,*LPTOKEN_GROUPS; 605 606 typedef struct _TOKEN_PRIVILEGES { 607 ULONG PrivilegeCount; 608 LUID_AND_ATTRIBUTES Privileges[ANYSIZE_ARRAY]; 609 } TOKEN_PRIVILEGES,*PTOKEN_PRIVILEGES,*LPTOKEN_PRIVILEGES; 610 611 typedef struct _TOKEN_OWNER { 612 PSID Owner; 613 } TOKEN_OWNER,*PTOKEN_OWNER; 614 615 typedef struct _TOKEN_PRIMARY_GROUP { 616 PSID PrimaryGroup; 617 } TOKEN_PRIMARY_GROUP,*PTOKEN_PRIMARY_GROUP; 618 619 typedef struct _TOKEN_DEFAULT_DACL { 620 PACL DefaultDacl; 621 } TOKEN_DEFAULT_DACL,*PTOKEN_DEFAULT_DACL; 622 623 typedef struct _TOKEN_GROUPS_AND_PRIVILEGES { 624 ULONG SidCount; 625 ULONG SidLength; 626 PSID_AND_ATTRIBUTES Sids; 627 ULONG RestrictedSidCount; 628 ULONG RestrictedSidLength; 629 PSID_AND_ATTRIBUTES RestrictedSids; 630 ULONG PrivilegeCount; 631 ULONG PrivilegeLength; 632 PLUID_AND_ATTRIBUTES Privileges; 633 LUID AuthenticationId; 634 } TOKEN_GROUPS_AND_PRIVILEGES, *PTOKEN_GROUPS_AND_PRIVILEGES; 635 636 typedef struct _TOKEN_LINKED_TOKEN { 637 HANDLE LinkedToken; 638 } TOKEN_LINKED_TOKEN, *PTOKEN_LINKED_TOKEN; 639 640 typedef struct _TOKEN_ELEVATION { 641 ULONG TokenIsElevated; 642 } TOKEN_ELEVATION, *PTOKEN_ELEVATION; 643 644 typedef struct _TOKEN_MANDATORY_LABEL { 645 SID_AND_ATTRIBUTES Label; 646 } TOKEN_MANDATORY_LABEL, *PTOKEN_MANDATORY_LABEL; 647 648 #define TOKEN_MANDATORY_POLICY_OFF 0x0 649 #define TOKEN_MANDATORY_POLICY_NO_WRITE_UP 0x1 650 #define TOKEN_MANDATORY_POLICY_NEW_PROCESS_MIN 0x2 651 652 #define TOKEN_MANDATORY_POLICY_VALID_MASK (TOKEN_MANDATORY_POLICY_NO_WRITE_UP | \ 653 TOKEN_MANDATORY_POLICY_NEW_PROCESS_MIN) 654 655 typedef struct _TOKEN_MANDATORY_POLICY { 656 ULONG Policy; 657 } TOKEN_MANDATORY_POLICY, *PTOKEN_MANDATORY_POLICY; 658 659 typedef struct _TOKEN_ACCESS_INFORMATION { 660 PSID_AND_ATTRIBUTES_HASH SidHash; 661 PSID_AND_ATTRIBUTES_HASH RestrictedSidHash; 662 PTOKEN_PRIVILEGES Privileges; 663 LUID AuthenticationId; 664 TOKEN_TYPE TokenType; 665 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel; 666 TOKEN_MANDATORY_POLICY MandatoryPolicy; 667 ULONG Flags; 668 } TOKEN_ACCESS_INFORMATION, *PTOKEN_ACCESS_INFORMATION; 669 670 #define POLICY_AUDIT_SUBCATEGORY_COUNT (53) 671 672 typedef struct _TOKEN_AUDIT_POLICY { 673 UCHAR PerUserPolicy[((POLICY_AUDIT_SUBCATEGORY_COUNT) >> 1) + 1]; 674 } TOKEN_AUDIT_POLICY, *PTOKEN_AUDIT_POLICY; 675 676 #define TOKEN_SOURCE_LENGTH 8 677 678 typedef struct _TOKEN_SOURCE { 679 CHAR SourceName[TOKEN_SOURCE_LENGTH]; 680 LUID SourceIdentifier; 681 } TOKEN_SOURCE,*PTOKEN_SOURCE; 682 683 typedef struct _TOKEN_STATISTICS { 684 LUID TokenId; 685 LUID AuthenticationId; 686 LARGE_INTEGER ExpirationTime; 687 TOKEN_TYPE TokenType; 688 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel; 689 ULONG DynamicCharged; 690 ULONG DynamicAvailable; 691 ULONG GroupCount; 692 ULONG PrivilegeCount; 693 LUID ModifiedId; 694 } TOKEN_STATISTICS, *PTOKEN_STATISTICS; 695 696 typedef struct _TOKEN_CONTROL { 697 LUID TokenId; 698 LUID AuthenticationId; 699 LUID ModifiedId; 700 TOKEN_SOURCE TokenSource; 701 } TOKEN_CONTROL,*PTOKEN_CONTROL; 702 703 typedef struct _TOKEN_ORIGIN { 704 LUID OriginatingLogonSession; 705 } TOKEN_ORIGIN, *PTOKEN_ORIGIN; 706 707 typedef enum _MANDATORY_LEVEL { 708 MandatoryLevelUntrusted = 0, 709 MandatoryLevelLow, 710 MandatoryLevelMedium, 711 MandatoryLevelHigh, 712 MandatoryLevelSystem, 713 MandatoryLevelSecureProcess, 714 MandatoryLevelCount 715 } MANDATORY_LEVEL, *PMANDATORY_LEVEL; 716 717 #define TOKEN_HAS_TRAVERSE_PRIVILEGE 0x0001 718 #define TOKEN_HAS_BACKUP_PRIVILEGE 0x0002 719 #define TOKEN_HAS_RESTORE_PRIVILEGE 0x0004 720 #define TOKEN_WRITE_RESTRICTED 0x0008 721 #define TOKEN_IS_RESTRICTED 0x0010 722 #define TOKEN_SESSION_NOT_REFERENCED 0x0020 723 #define TOKEN_SANDBOX_INERT 0x0040 724 #define TOKEN_HAS_IMPERSONATE_PRIVILEGE 0x0080 725 #define SE_BACKUP_PRIVILEGES_CHECKED 0x0100 726 #define TOKEN_VIRTUALIZE_ALLOWED 0x0200 727 #define TOKEN_VIRTUALIZE_ENABLED 0x0400 728 #define TOKEN_IS_FILTERED 0x0800 729 #define TOKEN_UIACCESS 0x1000 730 #define TOKEN_NOT_LOW 0x2000 731 732 typedef struct _SE_EXPORTS { 733 LUID SeCreateTokenPrivilege; 734 LUID SeAssignPrimaryTokenPrivilege; 735 LUID SeLockMemoryPrivilege; 736 LUID SeIncreaseQuotaPrivilege; 737 LUID SeUnsolicitedInputPrivilege; 738 LUID SeTcbPrivilege; 739 LUID SeSecurityPrivilege; 740 LUID SeTakeOwnershipPrivilege; 741 LUID SeLoadDriverPrivilege; 742 LUID SeCreatePagefilePrivilege; 743 LUID SeIncreaseBasePriorityPrivilege; 744 LUID SeSystemProfilePrivilege; 745 LUID SeSystemtimePrivilege; 746 LUID SeProfileSingleProcessPrivilege; 747 LUID SeCreatePermanentPrivilege; 748 LUID SeBackupPrivilege; 749 LUID SeRestorePrivilege; 750 LUID SeShutdownPrivilege; 751 LUID SeDebugPrivilege; 752 LUID SeAuditPrivilege; 753 LUID SeSystemEnvironmentPrivilege; 754 LUID SeChangeNotifyPrivilege; 755 LUID SeRemoteShutdownPrivilege; 756 PSID SeNullSid; 757 PSID SeWorldSid; 758 PSID SeLocalSid; 759 PSID SeCreatorOwnerSid; 760 PSID SeCreatorGroupSid; 761 PSID SeNtAuthoritySid; 762 PSID SeDialupSid; 763 PSID SeNetworkSid; 764 PSID SeBatchSid; 765 PSID SeInteractiveSid; 766 PSID SeLocalSystemSid; 767 PSID SeAliasAdminsSid; 768 PSID SeAliasUsersSid; 769 PSID SeAliasGuestsSid; 770 PSID SeAliasPowerUsersSid; 771 PSID SeAliasAccountOpsSid; 772 PSID SeAliasSystemOpsSid; 773 PSID SeAliasPrintOpsSid; 774 PSID SeAliasBackupOpsSid; 775 PSID SeAuthenticatedUsersSid; 776 PSID SeRestrictedSid; 777 PSID SeAnonymousLogonSid; 778 LUID SeUndockPrivilege; 779 LUID SeSyncAgentPrivilege; 780 LUID SeEnableDelegationPrivilege; 781 PSID SeLocalServiceSid; 782 PSID SeNetworkServiceSid; 783 LUID SeManageVolumePrivilege; 784 LUID SeImpersonatePrivilege; 785 LUID SeCreateGlobalPrivilege; 786 LUID SeTrustedCredManAccessPrivilege; 787 LUID SeRelabelPrivilege; 788 LUID SeIncreaseWorkingSetPrivilege; 789 LUID SeTimeZonePrivilege; 790 LUID SeCreateSymbolicLinkPrivilege; 791 PSID SeIUserSid; 792 PSID SeUntrustedMandatorySid; 793 PSID SeLowMandatorySid; 794 PSID SeMediumMandatorySid; 795 PSID SeHighMandatorySid; 796 PSID SeSystemMandatorySid; 797 PSID SeOwnerRightsSid; 798 } SE_EXPORTS, *PSE_EXPORTS; 799 800 typedef NTSTATUS 801 (NTAPI *PSE_LOGON_SESSION_TERMINATED_ROUTINE)( 802 IN PLUID LogonId); 803 /****************************************************************************** 804 * Runtime Library Types * 805 ******************************************************************************/ 806 807 808 #define RTL_SYSTEM_VOLUME_INFORMATION_FOLDER L"System Volume Information" 809 810 typedef PVOID 811 (NTAPI *PRTL_ALLOCATE_STRING_ROUTINE)( 812 IN SIZE_T NumberOfBytes); 813 814 #if _WIN32_WINNT >= 0x0600 815 typedef PVOID 816 (NTAPI *PRTL_REALLOCATE_STRING_ROUTINE)( 817 IN SIZE_T NumberOfBytes, 818 IN PVOID Buffer); 819 #endif 820 821 typedef VOID 822 (NTAPI *PRTL_FREE_STRING_ROUTINE)( 823 IN PVOID Buffer); 824 825 extern const PRTL_ALLOCATE_STRING_ROUTINE RtlAllocateStringRoutine; 826 extern const PRTL_FREE_STRING_ROUTINE RtlFreeStringRoutine; 827 828 #if _WIN32_WINNT >= 0x0600 829 extern const PRTL_REALLOCATE_STRING_ROUTINE RtlReallocateStringRoutine; 830 #endif 831 832 typedef NTSTATUS 833 (NTAPI * PRTL_HEAP_COMMIT_ROUTINE) ( 834 IN PVOID Base, 835 IN OUT PVOID *CommitAddress, 836 IN OUT PSIZE_T CommitSize); 837 838 typedef struct _RTL_HEAP_PARAMETERS { 839 ULONG Length; 840 SIZE_T SegmentReserve; 841 SIZE_T SegmentCommit; 842 SIZE_T DeCommitFreeBlockThreshold; 843 SIZE_T DeCommitTotalFreeThreshold; 844 SIZE_T MaximumAllocationSize; 845 SIZE_T VirtualMemoryThreshold; 846 SIZE_T InitialCommit; 847 SIZE_T InitialReserve; 848 PRTL_HEAP_COMMIT_ROUTINE CommitRoutine; 849 SIZE_T Reserved[2]; 850 } RTL_HEAP_PARAMETERS, *PRTL_HEAP_PARAMETERS; 851 852 #if (NTDDI_VERSION >= NTDDI_WIN2K) 853 854 typedef struct _GENERATE_NAME_CONTEXT { 855 USHORT Checksum; 856 BOOLEAN CheckSumInserted; 857 UCHAR NameLength; 858 WCHAR NameBuffer[8]; 859 ULONG ExtensionLength; 860 WCHAR ExtensionBuffer[4]; 861 ULONG LastIndexValue; 862 } GENERATE_NAME_CONTEXT, *PGENERATE_NAME_CONTEXT; 863 864 typedef struct _PREFIX_TABLE_ENTRY { 865 CSHORT NodeTypeCode; 866 CSHORT NameLength; 867 struct _PREFIX_TABLE_ENTRY *NextPrefixTree; 868 RTL_SPLAY_LINKS Links; 869 PSTRING Prefix; 870 } PREFIX_TABLE_ENTRY, *PPREFIX_TABLE_ENTRY; 871 872 typedef struct _PREFIX_TABLE { 873 CSHORT NodeTypeCode; 874 CSHORT NameLength; 875 PPREFIX_TABLE_ENTRY NextPrefixTree; 876 } PREFIX_TABLE, *PPREFIX_TABLE; 877 878 typedef struct _UNICODE_PREFIX_TABLE_ENTRY { 879 CSHORT NodeTypeCode; 880 CSHORT NameLength; 881 struct _UNICODE_PREFIX_TABLE_ENTRY *NextPrefixTree; 882 struct _UNICODE_PREFIX_TABLE_ENTRY *CaseMatch; 883 RTL_SPLAY_LINKS Links; 884 PUNICODE_STRING Prefix; 885 } UNICODE_PREFIX_TABLE_ENTRY, *PUNICODE_PREFIX_TABLE_ENTRY; 886 887 typedef struct _UNICODE_PREFIX_TABLE { 888 CSHORT NodeTypeCode; 889 CSHORT NameLength; 890 PUNICODE_PREFIX_TABLE_ENTRY NextPrefixTree; 891 PUNICODE_PREFIX_TABLE_ENTRY LastNextEntry; 892 } UNICODE_PREFIX_TABLE, *PUNICODE_PREFIX_TABLE; 893 894 #endif /* (NTDDI_VERSION >= NTDDI_WIN2K) */ 895 896 #if (NTDDI_VERSION >= NTDDI_WINXP) 897 typedef struct _COMPRESSED_DATA_INFO { 898 USHORT CompressionFormatAndEngine; 899 UCHAR CompressionUnitShift; 900 UCHAR ChunkShift; 901 UCHAR ClusterShift; 902 UCHAR Reserved; 903 USHORT NumberOfChunks; 904 ULONG CompressedChunkSizes[ANYSIZE_ARRAY]; 905 } COMPRESSED_DATA_INFO, *PCOMPRESSED_DATA_INFO; 906 #endif 907 908 /****************************************************************************** 909 * Runtime Library Functions * 910 ******************************************************************************/ 911 912 #if (NTDDI_VERSION >= NTDDI_WIN2K) 913 914 NTSYSAPI 915 PVOID 916 NTAPI 917 RtlAllocateHeap( 918 IN HANDLE HeapHandle, 919 IN ULONG Flags OPTIONAL, 920 IN SIZE_T Size); 921 922 NTSYSAPI 923 BOOLEAN 924 NTAPI 925 RtlFreeHeap( 926 IN PVOID HeapHandle, 927 IN ULONG Flags OPTIONAL, 928 IN PVOID BaseAddress); 929 930 NTSYSAPI 931 VOID 932 NTAPI 933 RtlCaptureContext( 934 OUT PCONTEXT ContextRecord); 935 936 NTSYSAPI 937 ULONG 938 NTAPI 939 RtlRandom( 940 IN OUT PULONG Seed); 941 942 NTSYSAPI 943 BOOLEAN 944 NTAPI 945 RtlCreateUnicodeString( 946 OUT PUNICODE_STRING DestinationString, 947 IN PCWSTR SourceString); 948 949 NTSYSAPI 950 NTSTATUS 951 NTAPI 952 RtlAppendStringToString( 953 IN OUT PSTRING Destination, 954 IN const STRING *Source); 955 956 NTSYSAPI 957 NTSTATUS 958 NTAPI 959 RtlOemStringToUnicodeString( 960 IN OUT PUNICODE_STRING DestinationString, 961 IN PCOEM_STRING SourceString, 962 IN BOOLEAN AllocateDestinationString); 963 964 NTSYSAPI 965 NTSTATUS 966 NTAPI 967 RtlUnicodeStringToOemString( 968 IN OUT POEM_STRING DestinationString, 969 IN PCUNICODE_STRING SourceString, 970 IN BOOLEAN AllocateDestinationString); 971 972 NTSYSAPI 973 NTSTATUS 974 NTAPI 975 RtlUpcaseUnicodeStringToOemString( 976 IN OUT POEM_STRING DestinationString, 977 IN PCUNICODE_STRING SourceString, 978 IN BOOLEAN AllocateDestinationString); 979 980 NTSYSAPI 981 NTSTATUS 982 NTAPI 983 RtlOemStringToCountedUnicodeString( 984 IN OUT PUNICODE_STRING DestinationString, 985 IN PCOEM_STRING SourceString, 986 IN BOOLEAN AllocateDestinationString); 987 988 NTSYSAPI 989 NTSTATUS 990 NTAPI 991 RtlUnicodeStringToCountedOemString( 992 IN OUT POEM_STRING DestinationString, 993 IN PCUNICODE_STRING SourceString, 994 IN BOOLEAN AllocateDestinationString); 995 996 NTSYSAPI 997 NTSTATUS 998 NTAPI 999 RtlUpcaseUnicodeStringToCountedOemString( 1000 IN OUT POEM_STRING DestinationString, 1001 IN PCUNICODE_STRING SourceString, 1002 IN BOOLEAN AllocateDestinationString); 1003 1004 NTSYSAPI 1005 NTSTATUS 1006 NTAPI 1007 RtlDowncaseUnicodeString( 1008 IN OUT PUNICODE_STRING UniDest, 1009 IN PCUNICODE_STRING UniSource, 1010 IN BOOLEAN AllocateDestinationString); 1011 1012 NTSYSAPI 1013 VOID 1014 NTAPI 1015 RtlFreeOemString ( 1016 IN OUT POEM_STRING OemString); 1017 1018 NTSYSAPI 1019 ULONG 1020 NTAPI 1021 RtlxUnicodeStringToOemSize( 1022 IN PCUNICODE_STRING UnicodeString); 1023 1024 NTSYSAPI 1025 ULONG 1026 NTAPI 1027 RtlxOemStringToUnicodeSize( 1028 IN PCOEM_STRING OemString); 1029 1030 NTSYSAPI 1031 NTSTATUS 1032 NTAPI 1033 RtlMultiByteToUnicodeN( 1034 OUT PWCH UnicodeString, 1035 IN ULONG MaxBytesInUnicodeString, 1036 OUT PULONG BytesInUnicodeString OPTIONAL, 1037 IN const CHAR *MultiByteString, 1038 IN ULONG BytesInMultiByteString); 1039 1040 NTSYSAPI 1041 NTSTATUS 1042 NTAPI 1043 RtlMultiByteToUnicodeSize( 1044 OUT PULONG BytesInUnicodeString, 1045 IN const CHAR *MultiByteString, 1046 IN ULONG BytesInMultiByteString); 1047 1048 NTSYSAPI 1049 NTSTATUS 1050 NTAPI 1051 RtlUnicodeToMultiByteSize( 1052 OUT PULONG BytesInMultiByteString, 1053 IN PCWCH UnicodeString, 1054 IN ULONG BytesInUnicodeString); 1055 1056 NTSYSAPI 1057 NTSTATUS 1058 NTAPI 1059 RtlUnicodeToMultiByteN( 1060 OUT PCHAR MultiByteString, 1061 IN ULONG MaxBytesInMultiByteString, 1062 OUT PULONG BytesInMultiByteString OPTIONAL, 1063 IN PCWCH UnicodeString, 1064 IN ULONG BytesInUnicodeString); 1065 1066 NTSYSAPI 1067 NTSTATUS 1068 NTAPI 1069 RtlUpcaseUnicodeToMultiByteN( 1070 OUT PCHAR MultiByteString, 1071 IN ULONG MaxBytesInMultiByteString, 1072 OUT PULONG BytesInMultiByteString OPTIONAL, 1073 IN PCWCH UnicodeString, 1074 IN ULONG BytesInUnicodeString); 1075 1076 NTSYSAPI 1077 NTSTATUS 1078 NTAPI 1079 RtlOemToUnicodeN( 1080 OUT PWSTR UnicodeString, 1081 IN ULONG MaxBytesInUnicodeString, 1082 OUT PULONG BytesInUnicodeString OPTIONAL, 1083 IN PCCH OemString, 1084 IN ULONG BytesInOemString); 1085 1086 NTSYSAPI 1087 NTSTATUS 1088 NTAPI 1089 RtlUnicodeToOemN( 1090 OUT PCHAR OemString, 1091 IN ULONG MaxBytesInOemString, 1092 OUT PULONG BytesInOemString OPTIONAL, 1093 IN PCWCH UnicodeString, 1094 IN ULONG BytesInUnicodeString); 1095 1096 NTSYSAPI 1097 NTSTATUS 1098 NTAPI 1099 RtlUpcaseUnicodeToOemN( 1100 OUT PCHAR OemString, 1101 IN ULONG MaxBytesInOemString, 1102 OUT PULONG BytesInOemString OPTIONAL, 1103 IN PCWCH UnicodeString, 1104 IN ULONG BytesInUnicodeString); 1105 1106 #if (NTDDI_VERSION >= NTDDI_VISTASP1) 1107 NTSYSAPI 1108 NTSTATUS 1109 NTAPI 1110 RtlGenerate8dot3Name( 1111 IN PCUNICODE_STRING Name, 1112 IN BOOLEAN AllowExtendedCharacters, 1113 IN OUT PGENERATE_NAME_CONTEXT Context, 1114 IN OUT PUNICODE_STRING Name8dot3); 1115 #else 1116 NTSYSAPI 1117 VOID 1118 NTAPI 1119 RtlGenerate8dot3Name( 1120 IN PCUNICODE_STRING Name, 1121 IN BOOLEAN AllowExtendedCharacters, 1122 IN OUT PGENERATE_NAME_CONTEXT Context, 1123 IN OUT PUNICODE_STRING Name8dot3); 1124 #endif 1125 1126 NTSYSAPI 1127 BOOLEAN 1128 NTAPI 1129 RtlIsNameLegalDOS8Dot3( 1130 IN PCUNICODE_STRING Name, 1131 IN OUT POEM_STRING OemName OPTIONAL, 1132 IN OUT PBOOLEAN NameContainsSpaces OPTIONAL); 1133 1134 NTSYSAPI 1135 BOOLEAN 1136 NTAPI 1137 RtlIsValidOemCharacter( 1138 IN OUT PWCHAR Char); 1139 1140 NTSYSAPI 1141 VOID 1142 NTAPI 1143 PfxInitialize( 1144 OUT PPREFIX_TABLE PrefixTable); 1145 1146 NTSYSAPI 1147 BOOLEAN 1148 NTAPI 1149 PfxInsertPrefix( 1150 IN PPREFIX_TABLE PrefixTable, 1151 IN PSTRING Prefix, 1152 OUT PPREFIX_TABLE_ENTRY PrefixTableEntry); 1153 1154 NTSYSAPI 1155 VOID 1156 NTAPI 1157 PfxRemovePrefix( 1158 IN PPREFIX_TABLE PrefixTable, 1159 IN PPREFIX_TABLE_ENTRY PrefixTableEntry); 1160 1161 NTSYSAPI 1162 PPREFIX_TABLE_ENTRY 1163 NTAPI 1164 PfxFindPrefix( 1165 IN PPREFIX_TABLE PrefixTable, 1166 IN PSTRING FullName); 1167 1168 NTSYSAPI 1169 VOID 1170 NTAPI 1171 RtlInitializeUnicodePrefix( 1172 OUT PUNICODE_PREFIX_TABLE PrefixTable); 1173 1174 NTSYSAPI 1175 BOOLEAN 1176 NTAPI 1177 RtlInsertUnicodePrefix( 1178 IN PUNICODE_PREFIX_TABLE PrefixTable, 1179 IN PUNICODE_STRING Prefix, 1180 OUT PUNICODE_PREFIX_TABLE_ENTRY PrefixTableEntry); 1181 1182 NTSYSAPI 1183 VOID 1184 NTAPI 1185 RtlRemoveUnicodePrefix( 1186 IN PUNICODE_PREFIX_TABLE PrefixTable, 1187 IN PUNICODE_PREFIX_TABLE_ENTRY PrefixTableEntry); 1188 1189 NTSYSAPI 1190 PUNICODE_PREFIX_TABLE_ENTRY 1191 NTAPI 1192 RtlFindUnicodePrefix( 1193 IN PUNICODE_PREFIX_TABLE PrefixTable, 1194 IN PUNICODE_STRING FullName, 1195 IN ULONG CaseInsensitiveIndex); 1196 1197 NTSYSAPI 1198 PUNICODE_PREFIX_TABLE_ENTRY 1199 NTAPI 1200 RtlNextUnicodePrefix( 1201 IN PUNICODE_PREFIX_TABLE PrefixTable, 1202 IN BOOLEAN Restart); 1203 1204 NTSYSAPI 1205 SIZE_T 1206 NTAPI 1207 RtlCompareMemoryUlong( 1208 IN PVOID Source, 1209 IN SIZE_T Length, 1210 IN ULONG Pattern); 1211 1212 NTSYSAPI 1213 BOOLEAN 1214 NTAPI 1215 RtlTimeToSecondsSince1980( 1216 IN PLARGE_INTEGER Time, 1217 OUT PULONG ElapsedSeconds); 1218 1219 NTSYSAPI 1220 VOID 1221 NTAPI 1222 RtlSecondsSince1980ToTime( 1223 IN ULONG ElapsedSeconds, 1224 OUT PLARGE_INTEGER Time); 1225 1226 NTSYSAPI 1227 BOOLEAN 1228 NTAPI 1229 RtlTimeToSecondsSince1970( 1230 IN PLARGE_INTEGER Time, 1231 OUT PULONG ElapsedSeconds); 1232 1233 NTSYSAPI 1234 VOID 1235 NTAPI 1236 RtlSecondsSince1970ToTime( 1237 IN ULONG ElapsedSeconds, 1238 OUT PLARGE_INTEGER Time); 1239 1240 NTSYSAPI 1241 BOOLEAN 1242 NTAPI 1243 RtlValidSid( 1244 IN PSID Sid); 1245 1246 NTSYSAPI 1247 BOOLEAN 1248 NTAPI 1249 RtlEqualSid( 1250 IN PSID Sid1, 1251 IN PSID Sid2); 1252 1253 NTSYSAPI 1254 BOOLEAN 1255 NTAPI 1256 RtlEqualPrefixSid( 1257 IN PSID Sid1, 1258 IN PSID Sid2); 1259 1260 NTSYSAPI 1261 ULONG 1262 NTAPI 1263 RtlLengthRequiredSid( 1264 IN ULONG SubAuthorityCount); 1265 1266 NTSYSAPI 1267 PVOID 1268 NTAPI 1269 RtlFreeSid( 1270 IN PSID Sid); 1271 1272 NTSYSAPI 1273 NTSTATUS 1274 NTAPI 1275 RtlAllocateAndInitializeSid( 1276 IN PSID_IDENTIFIER_AUTHORITY IdentifierAuthority, 1277 IN UCHAR SubAuthorityCount, 1278 IN ULONG SubAuthority0, 1279 IN ULONG SubAuthority1, 1280 IN ULONG SubAuthority2, 1281 IN ULONG SubAuthority3, 1282 IN ULONG SubAuthority4, 1283 IN ULONG SubAuthority5, 1284 IN ULONG SubAuthority6, 1285 IN ULONG SubAuthority7, 1286 OUT PSID *Sid); 1287 1288 NTSYSAPI 1289 NTSTATUS 1290 NTAPI 1291 RtlInitializeSid( 1292 OUT PSID Sid, 1293 IN PSID_IDENTIFIER_AUTHORITY IdentifierAuthority, 1294 IN UCHAR SubAuthorityCount); 1295 1296 NTSYSAPI 1297 PULONG 1298 NTAPI 1299 RtlSubAuthoritySid( 1300 IN PSID Sid, 1301 IN ULONG SubAuthority); 1302 1303 NTSYSAPI 1304 ULONG 1305 NTAPI 1306 RtlLengthSid( 1307 IN PSID Sid); 1308 1309 NTSYSAPI 1310 NTSTATUS 1311 NTAPI 1312 RtlCopySid( 1313 IN ULONG Length, 1314 IN PSID Destination, 1315 IN PSID Source); 1316 1317 NTSYSAPI 1318 NTSTATUS 1319 NTAPI 1320 RtlConvertSidToUnicodeString( 1321 IN OUT PUNICODE_STRING UnicodeString, 1322 IN PSID Sid, 1323 IN BOOLEAN AllocateDestinationString); 1324 1325 NTSYSAPI 1326 VOID 1327 NTAPI 1328 RtlCopyLuid( 1329 OUT PLUID DestinationLuid, 1330 IN PLUID SourceLuid); 1331 1332 NTSYSAPI 1333 NTSTATUS 1334 NTAPI 1335 RtlCreateAcl( 1336 OUT PACL Acl, 1337 IN ULONG AclLength, 1338 IN ULONG AclRevision); 1339 1340 NTSYSAPI 1341 NTSTATUS 1342 NTAPI 1343 RtlAddAce( 1344 IN OUT PACL Acl, 1345 IN ULONG AceRevision, 1346 IN ULONG StartingAceIndex, 1347 IN PVOID AceList, 1348 IN ULONG AceListLength); 1349 1350 NTSYSAPI 1351 NTSTATUS 1352 NTAPI 1353 RtlDeleteAce( 1354 IN OUT PACL Acl, 1355 IN ULONG AceIndex); 1356 1357 NTSYSAPI 1358 NTSTATUS 1359 NTAPI 1360 RtlGetAce( 1361 IN PACL Acl, 1362 IN ULONG AceIndex, 1363 OUT PVOID *Ace); 1364 1365 NTSYSAPI 1366 NTSTATUS 1367 NTAPI 1368 RtlAddAccessAllowedAce( 1369 IN OUT PACL Acl, 1370 IN ULONG AceRevision, 1371 IN ACCESS_MASK AccessMask, 1372 IN PSID Sid); 1373 1374 NTSYSAPI 1375 NTSTATUS 1376 NTAPI 1377 RtlAddAccessAllowedAceEx( 1378 IN OUT PACL Acl, 1379 IN ULONG AceRevision, 1380 IN ULONG AceFlags, 1381 IN ACCESS_MASK AccessMask, 1382 IN PSID Sid); 1383 1384 NTSYSAPI 1385 NTSTATUS 1386 NTAPI 1387 RtlCreateSecurityDescriptorRelative( 1388 OUT PISECURITY_DESCRIPTOR_RELATIVE SecurityDescriptor, 1389 IN ULONG Revision); 1390 1391 NTSYSAPI 1392 NTSTATUS 1393 NTAPI 1394 RtlGetDaclSecurityDescriptor( 1395 IN PSECURITY_DESCRIPTOR SecurityDescriptor, 1396 OUT PBOOLEAN DaclPresent, 1397 OUT PACL *Dacl, 1398 OUT PBOOLEAN DaclDefaulted); 1399 1400 NTSYSAPI 1401 NTSTATUS 1402 NTAPI 1403 RtlSetOwnerSecurityDescriptor( 1404 IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor, 1405 IN PSID Owner OPTIONAL, 1406 IN BOOLEAN OwnerDefaulted); 1407 1408 NTSYSAPI 1409 NTSTATUS 1410 NTAPI 1411 RtlGetOwnerSecurityDescriptor( 1412 IN PSECURITY_DESCRIPTOR SecurityDescriptor, 1413 OUT PSID *Owner, 1414 OUT PBOOLEAN OwnerDefaulted); 1415 1416 NTSYSAPI 1417 ULONG 1418 NTAPI 1419 RtlNtStatusToDosError( 1420 IN NTSTATUS Status); 1421 1422 NTSYSAPI 1423 NTSTATUS 1424 NTAPI 1425 RtlCustomCPToUnicodeN( 1426 IN PCPTABLEINFO CustomCP, 1427 OUT PWCH UnicodeString, 1428 IN ULONG MaxBytesInUnicodeString, 1429 OUT PULONG BytesInUnicodeString OPTIONAL, 1430 IN PCH CustomCPString, 1431 IN ULONG BytesInCustomCPString); 1432 1433 NTSYSAPI 1434 NTSTATUS 1435 NTAPI 1436 RtlUnicodeToCustomCPN( 1437 IN PCPTABLEINFO CustomCP, 1438 OUT PCH CustomCPString, 1439 IN ULONG MaxBytesInCustomCPString, 1440 OUT PULONG BytesInCustomCPString OPTIONAL, 1441 IN PWCH UnicodeString, 1442 IN ULONG BytesInUnicodeString); 1443 1444 NTSYSAPI 1445 NTSTATUS 1446 NTAPI 1447 RtlUpcaseUnicodeToCustomCPN( 1448 IN PCPTABLEINFO CustomCP, 1449 OUT PCH CustomCPString, 1450 IN ULONG MaxBytesInCustomCPString, 1451 OUT PULONG BytesInCustomCPString OPTIONAL, 1452 IN PWCH UnicodeString, 1453 IN ULONG BytesInUnicodeString); 1454 1455 NTSYSAPI 1456 VOID 1457 NTAPI 1458 RtlInitCodePageTable( 1459 IN PUSHORT TableBase, 1460 IN OUT PCPTABLEINFO CodePageTable); 1461 1462 1463 #endif /* (NTDDI_VERSION >= NTDDI_WIN2K) */ 1464 1465 1466 #if (NTDDI_VERSION >= NTDDI_WINXP) 1467 1468 NTSYSAPI 1469 PVOID 1470 NTAPI 1471 RtlCreateHeap( 1472 IN ULONG Flags, 1473 IN PVOID HeapBase OPTIONAL, 1474 IN SIZE_T ReserveSize OPTIONAL, 1475 IN SIZE_T CommitSize OPTIONAL, 1476 IN PVOID Lock OPTIONAL, 1477 IN PRTL_HEAP_PARAMETERS Parameters OPTIONAL); 1478 1479 NTSYSAPI 1480 PVOID 1481 NTAPI 1482 RtlDestroyHeap( 1483 IN PVOID HeapHandle); 1484 1485 NTSYSAPI 1486 USHORT 1487 NTAPI 1488 RtlCaptureStackBackTrace( 1489 IN ULONG FramesToSkip, 1490 IN ULONG FramesToCapture, 1491 OUT PVOID *BackTrace, 1492 OUT PULONG BackTraceHash OPTIONAL); 1493 1494 NTSYSAPI 1495 ULONG 1496 NTAPI 1497 RtlRandomEx( 1498 IN OUT PULONG Seed); 1499 1500 NTSYSAPI 1501 NTSTATUS 1502 NTAPI 1503 RtlInitUnicodeStringEx( 1504 OUT PUNICODE_STRING DestinationString, 1505 IN PCWSTR SourceString OPTIONAL); 1506 1507 NTSYSAPI 1508 NTSTATUS 1509 NTAPI 1510 RtlValidateUnicodeString( 1511 IN ULONG Flags, 1512 IN PCUNICODE_STRING String); 1513 1514 NTSYSAPI 1515 NTSTATUS 1516 NTAPI 1517 RtlDuplicateUnicodeString( 1518 IN ULONG Flags, 1519 IN PCUNICODE_STRING SourceString, 1520 OUT PUNICODE_STRING DestinationString); 1521 1522 NTSYSAPI 1523 NTSTATUS 1524 NTAPI 1525 RtlGetCompressionWorkSpaceSize( 1526 IN USHORT CompressionFormatAndEngine, 1527 OUT PULONG CompressBufferWorkSpaceSize, 1528 OUT PULONG CompressFragmentWorkSpaceSize); 1529 1530 NTSYSAPI 1531 NTSTATUS 1532 NTAPI 1533 RtlCompressBuffer( 1534 IN USHORT CompressionFormatAndEngine, 1535 IN PUCHAR UncompressedBuffer, 1536 IN ULONG UncompressedBufferSize, 1537 OUT PUCHAR CompressedBuffer, 1538 IN ULONG CompressedBufferSize, 1539 IN ULONG UncompressedChunkSize, 1540 OUT PULONG FinalCompressedSize, 1541 IN PVOID WorkSpace); 1542 1543 NTSYSAPI 1544 NTSTATUS 1545 NTAPI 1546 RtlDecompressBuffer( 1547 IN USHORT CompressionFormat, 1548 OUT PUCHAR UncompressedBuffer, 1549 IN ULONG UncompressedBufferSize, 1550 IN PUCHAR CompressedBuffer, 1551 IN ULONG CompressedBufferSize, 1552 OUT PULONG FinalUncompressedSize); 1553 1554 NTSYSAPI 1555 NTSTATUS 1556 NTAPI 1557 RtlDecompressFragment( 1558 IN USHORT CompressionFormat, 1559 OUT PUCHAR UncompressedFragment, 1560 IN ULONG UncompressedFragmentSize, 1561 IN PUCHAR CompressedBuffer, 1562 IN ULONG CompressedBufferSize, 1563 IN ULONG FragmentOffset, 1564 OUT PULONG FinalUncompressedSize, 1565 IN PVOID WorkSpace); 1566 1567 NTSYSAPI 1568 NTSTATUS 1569 NTAPI 1570 RtlDescribeChunk( 1571 IN USHORT CompressionFormat, 1572 IN OUT PUCHAR *CompressedBuffer, 1573 IN PUCHAR EndOfCompressedBufferPlus1, 1574 OUT PUCHAR *ChunkBuffer, 1575 OUT PULONG ChunkSize); 1576 1577 NTSYSAPI 1578 NTSTATUS 1579 NTAPI 1580 RtlReserveChunk( 1581 IN USHORT CompressionFormat, 1582 IN OUT PUCHAR *CompressedBuffer, 1583 IN PUCHAR EndOfCompressedBufferPlus1, 1584 OUT PUCHAR *ChunkBuffer, 1585 IN ULONG ChunkSize); 1586 1587 NTSYSAPI 1588 NTSTATUS 1589 NTAPI 1590 RtlDecompressChunks( 1591 OUT PUCHAR UncompressedBuffer, 1592 IN ULONG UncompressedBufferSize, 1593 IN PUCHAR CompressedBuffer, 1594 IN ULONG CompressedBufferSize, 1595 IN PUCHAR CompressedTail, 1596 IN ULONG CompressedTailSize, 1597 IN PCOMPRESSED_DATA_INFO CompressedDataInfo); 1598 1599 NTSYSAPI 1600 NTSTATUS 1601 NTAPI 1602 RtlCompressChunks( 1603 IN PUCHAR UncompressedBuffer, 1604 IN ULONG UncompressedBufferSize, 1605 OUT PUCHAR CompressedBuffer, 1606 IN ULONG CompressedBufferSize, 1607 IN OUT PCOMPRESSED_DATA_INFO CompressedDataInfo, 1608 IN ULONG CompressedDataInfoLength, 1609 IN PVOID WorkSpace); 1610 1611 NTSYSAPI 1612 PSID_IDENTIFIER_AUTHORITY 1613 NTAPI 1614 RtlIdentifierAuthoritySid( 1615 IN PSID Sid); 1616 1617 NTSYSAPI 1618 PUCHAR 1619 NTAPI 1620 RtlSubAuthorityCountSid( 1621 IN PSID Sid); 1622 1623 NTSYSAPI 1624 ULONG 1625 NTAPI 1626 RtlNtStatusToDosErrorNoTeb( 1627 IN NTSTATUS Status); 1628 1629 NTSYSAPI 1630 NTSTATUS 1631 NTAPI 1632 RtlCreateSystemVolumeInformationFolder( 1633 IN PCUNICODE_STRING VolumeRootPath); 1634 1635 #if defined(_M_AMD64) 1636 1637 FORCEINLINE 1638 VOID 1639 RtlFillMemoryUlong ( 1640 OUT PVOID Destination, 1641 IN SIZE_T Length, 1642 IN ULONG Pattern) 1643 { 1644 PULONG Address = (PULONG)Destination; 1645 if ((Length /= 4) != 0) { 1646 if (((ULONG64)Address & 4) != 0) { 1647 *Address = Pattern; 1648 if ((Length -= 1) == 0) { 1649 return; 1650 } 1651 Address += 1; 1652 } 1653 __stosq((PULONG64)(Address), Pattern | ((ULONG64)Pattern << 32), Length / 2); 1654 if ((Length & 1) != 0) Address[Length - 1] = Pattern; 1655 } 1656 return; 1657 } 1658 1659 #define RtlFillMemoryUlonglong(Destination, Length, Pattern) \ 1660 __stosq((PULONG64)(Destination), Pattern, (Length) / 8) 1661 1662 #else 1663 1664 NTSYSAPI 1665 VOID 1666 NTAPI 1667 RtlFillMemoryUlong( 1668 OUT PVOID Destination, 1669 IN SIZE_T Length, 1670 IN ULONG Pattern); 1671 1672 NTSYSAPI 1673 VOID 1674 NTAPI 1675 RtlFillMemoryUlonglong( 1676 OUT PVOID Destination, 1677 IN SIZE_T Length, 1678 IN ULONGLONG Pattern); 1679 1680 #endif /* defined(_M_AMD64) */ 1681 1682 #endif /* (NTDDI_VERSION >= NTDDI_WINXP) */ 1683 1684 #if (NTDDI_VERSION >= NTDDI_WS03) 1685 NTSYSAPI 1686 NTSTATUS 1687 NTAPI 1688 RtlInitAnsiStringEx( 1689 OUT PANSI_STRING DestinationString, 1690 IN PCSZ SourceString OPTIONAL); 1691 #endif 1692 1693 #if (NTDDI_VERSION >= NTDDI_WS03SP1) 1694 1695 NTSYSAPI 1696 NTSTATUS 1697 NTAPI 1698 RtlGetSaclSecurityDescriptor( 1699 IN PSECURITY_DESCRIPTOR SecurityDescriptor, 1700 OUT PBOOLEAN SaclPresent, 1701 OUT PACL *Sacl, 1702 OUT PBOOLEAN SaclDefaulted); 1703 1704 NTSYSAPI 1705 NTSTATUS 1706 NTAPI 1707 RtlSetGroupSecurityDescriptor( 1708 IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor, 1709 IN PSID Group OPTIONAL, 1710 IN BOOLEAN GroupDefaulted OPTIONAL); 1711 1712 NTSYSAPI 1713 NTSTATUS 1714 NTAPI 1715 RtlGetGroupSecurityDescriptor( 1716 IN PSECURITY_DESCRIPTOR SecurityDescriptor, 1717 OUT PSID *Group, 1718 OUT PBOOLEAN GroupDefaulted); 1719 1720 NTSYSAPI 1721 NTSTATUS 1722 NTAPI 1723 RtlAbsoluteToSelfRelativeSD( 1724 IN PSECURITY_DESCRIPTOR AbsoluteSecurityDescriptor, 1725 OUT PSECURITY_DESCRIPTOR SelfRelativeSecurityDescriptor OPTIONAL, 1726 IN OUT PULONG BufferLength); 1727 1728 NTSYSAPI 1729 NTSTATUS 1730 NTAPI 1731 RtlSelfRelativeToAbsoluteSD( 1732 IN PSECURITY_DESCRIPTOR SelfRelativeSecurityDescriptor, 1733 OUT PSECURITY_DESCRIPTOR AbsoluteSecurityDescriptor OPTIONAL, 1734 IN OUT PULONG AbsoluteSecurityDescriptorSize, 1735 OUT PACL Dacl OPTIONAL, 1736 IN OUT PULONG DaclSize, 1737 OUT PACL Sacl OPTIONAL, 1738 IN OUT PULONG SaclSize, 1739 OUT PSID Owner OPTIONAL, 1740 IN OUT PULONG OwnerSize, 1741 OUT PSID PrimaryGroup OPTIONAL, 1742 IN OUT PULONG PrimaryGroupSize); 1743 1744 #endif /* (NTDDI_VERSION >= NTDDI_WS03SP1) */ 1745 1746 #if (NTDDI_VERSION >= NTDDI_VISTA) 1747 1748 NTSYSAPI 1749 NTSTATUS 1750 NTAPI 1751 RtlNormalizeString( 1752 IN ULONG NormForm, 1753 IN PCWSTR SourceString, 1754 IN LONG SourceStringLength, 1755 OUT PWSTR DestinationString, 1756 IN OUT PLONG DestinationStringLength); 1757 1758 NTSYSAPI 1759 NTSTATUS 1760 NTAPI 1761 RtlIsNormalizedString( 1762 IN ULONG NormForm, 1763 IN PCWSTR SourceString, 1764 IN LONG SourceStringLength, 1765 OUT PBOOLEAN Normalized); 1766 1767 NTSYSAPI 1768 NTSTATUS 1769 NTAPI 1770 RtlIdnToAscii( 1771 IN ULONG Flags, 1772 IN PCWSTR SourceString, 1773 IN LONG SourceStringLength, 1774 OUT PWSTR DestinationString, 1775 IN OUT PLONG DestinationStringLength); 1776 1777 NTSYSAPI 1778 NTSTATUS 1779 NTAPI 1780 RtlIdnToUnicode( 1781 IN ULONG Flags, 1782 IN PCWSTR SourceString, 1783 IN LONG SourceStringLength, 1784 OUT PWSTR DestinationString, 1785 IN OUT PLONG DestinationStringLength); 1786 1787 NTSYSAPI 1788 NTSTATUS 1789 NTAPI 1790 RtlIdnToNameprepUnicode( 1791 IN ULONG Flags, 1792 IN PCWSTR SourceString, 1793 IN LONG SourceStringLength, 1794 OUT PWSTR DestinationString, 1795 IN OUT PLONG DestinationStringLength); 1796 1797 NTSYSAPI 1798 NTSTATUS 1799 NTAPI 1800 RtlCreateServiceSid( 1801 IN PUNICODE_STRING ServiceName, 1802 OUT PSID ServiceSid, 1803 IN OUT PULONG ServiceSidLength); 1804 1805 NTSYSAPI 1806 LONG 1807 NTAPI 1808 RtlCompareAltitudes( 1809 IN PCUNICODE_STRING Altitude1, 1810 IN PCUNICODE_STRING Altitude2); 1811 1812 #endif /* (NTDDI_VERSION >= NTDDI_VISTA) */ 1813 1814 #if (NTDDI_VERSION >= NTDDI_WIN7) 1815 1816 NTSYSAPI 1817 NTSTATUS 1818 NTAPI 1819 RtlUnicodeToUTF8N( 1820 OUT PCHAR UTF8StringDestination, 1821 IN ULONG UTF8StringMaxByteCount, 1822 OUT PULONG UTF8StringActualByteCount, 1823 IN PCWCH UnicodeStringSource, 1824 IN ULONG UnicodeStringByteCount); 1825 1826 NTSYSAPI 1827 NTSTATUS 1828 NTAPI 1829 RtlUTF8ToUnicodeN( 1830 OUT PWSTR UnicodeStringDestination, 1831 IN ULONG UnicodeStringMaxByteCount, 1832 OUT PULONG UnicodeStringActualByteCount, 1833 IN PCCH UTF8StringSource, 1834 IN ULONG UTF8StringByteCount); 1835 1836 NTSYSAPI 1837 NTSTATUS 1838 NTAPI 1839 RtlReplaceSidInSd( 1840 IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor, 1841 IN PSID OldSid, 1842 IN PSID NewSid, 1843 OUT ULONG *NumChanges); 1844 1845 NTSYSAPI 1846 NTSTATUS 1847 NTAPI 1848 RtlCreateVirtualAccountSid( 1849 IN PCUNICODE_STRING Name, 1850 IN ULONG BaseSubAuthority, 1851 OUT PSID Sid, 1852 IN OUT PULONG SidLength); 1853 1854 #endif /* (NTDDI_VERSION >= NTDDI_WIN7) */ 1855 1856 1857 #if defined(_AMD64_) || defined(_IA64_) 1858 1859 1860 #endif /* defined(_AMD64_) || defined(_IA64_) */ 1861 1862 1863 1864 #define RTL_DUPLICATE_UNICODE_STRING_NULL_TERMINATE 1 1865 #define RTL_DUPLICATE_UNICODE_STRING_ALLOCATE_NULL_STRING 2 1866 1867 #define RtlUnicodeStringToOemSize(STRING) (NLS_MB_OEM_CODE_PAGE_TAG ? \ 1868 RtlxUnicodeStringToOemSize(STRING) : \ 1869 ((STRING)->Length + sizeof(UNICODE_NULL)) / sizeof(WCHAR) \ 1870 ) 1871 1872 #define RtlOemStringToUnicodeSize(STRING) ( \ 1873 NLS_MB_OEM_CODE_PAGE_TAG ? \ 1874 RtlxOemStringToUnicodeSize(STRING) : \ 1875 ((STRING)->Length + sizeof(ANSI_NULL)) * sizeof(WCHAR) \ 1876 ) 1877 1878 #define RtlOemStringToCountedUnicodeSize(STRING) ( \ 1879 (ULONG)(RtlOemStringToUnicodeSize(STRING) - sizeof(UNICODE_NULL)) \ 1880 ) 1881 1882 #define RtlOffsetToPointer(B,O) ((PCHAR)(((PCHAR)(B)) + ((ULONG_PTR)(O)))) 1883 #define RtlPointerToOffset(B,P) ((ULONG)(((PCHAR)(P)) - ((PCHAR)(B)))) 1884 1885 typedef enum _OBJECT_INFORMATION_CLASS { 1886 ObjectBasicInformation = 0, 1887 ObjectNameInformation = 1, /* FIXME, not in WDK */ 1888 ObjectTypeInformation = 2, 1889 ObjectTypesInformation = 3, /* FIXME, not in WDK */ 1890 ObjectHandleFlagInformation = 4, /* FIXME, not in WDK */ 1891 ObjectSessionInformation = 5, /* FIXME, not in WDK */ 1892 MaxObjectInfoClass /* FIXME, not in WDK */ 1893 } OBJECT_INFORMATION_CLASS; 1894 1895 NTSYSCALLAPI 1896 NTSTATUS 1897 NTAPI 1898 NtQueryObject( 1899 IN HANDLE Handle OPTIONAL, 1900 IN OBJECT_INFORMATION_CLASS ObjectInformationClass, 1901 OUT PVOID ObjectInformation OPTIONAL, 1902 IN ULONG ObjectInformationLength, 1903 OUT PULONG ReturnLength OPTIONAL); 1904 1905 #if (NTDDI_VERSION >= NTDDI_WIN2K) 1906 1907 NTSYSCALLAPI 1908 NTSTATUS 1909 NTAPI 1910 NtOpenThreadToken( 1911 IN HANDLE ThreadHandle, 1912 IN ACCESS_MASK DesiredAccess, 1913 IN BOOLEAN OpenAsSelf, 1914 OUT PHANDLE TokenHandle); 1915 1916 NTSYSCALLAPI 1917 NTSTATUS 1918 NTAPI 1919 NtOpenProcessToken( 1920 IN HANDLE ProcessHandle, 1921 IN ACCESS_MASK DesiredAccess, 1922 OUT PHANDLE TokenHandle); 1923 1924 NTSYSCALLAPI 1925 NTSTATUS 1926 NTAPI 1927 NtQueryInformationToken( 1928 IN HANDLE TokenHandle, 1929 IN TOKEN_INFORMATION_CLASS TokenInformationClass, 1930 OUT PVOID TokenInformation OPTIONAL, 1931 IN ULONG TokenInformationLength, 1932 OUT PULONG ReturnLength); 1933 1934 NTSYSCALLAPI 1935 NTSTATUS 1936 NTAPI 1937 NtAdjustPrivilegesToken( 1938 IN HANDLE TokenHandle, 1939 IN BOOLEAN DisableAllPrivileges, 1940 IN PTOKEN_PRIVILEGES NewState OPTIONAL, 1941 IN ULONG BufferLength, 1942 OUT PTOKEN_PRIVILEGES PreviousState, 1943 OUT PULONG ReturnLength OPTIONAL); 1944 1945 NTSYSCALLAPI 1946 NTSTATUS 1947 NTAPI 1948 NtCreateFile( 1949 OUT PHANDLE FileHandle, 1950 IN ACCESS_MASK DesiredAccess, 1951 IN POBJECT_ATTRIBUTES ObjectAttributes, 1952 OUT PIO_STATUS_BLOCK IoStatusBlock, 1953 IN PLARGE_INTEGER AllocationSize OPTIONAL, 1954 IN ULONG FileAttributes, 1955 IN ULONG ShareAccess, 1956 IN ULONG CreateDisposition, 1957 IN ULONG CreateOptions, 1958 IN PVOID EaBuffer, 1959 IN ULONG EaLength); 1960 1961 NTSYSCALLAPI 1962 NTSTATUS 1963 NTAPI 1964 NtDeviceIoControlFile( 1965 IN HANDLE FileHandle, 1966 IN HANDLE Event OPTIONAL, 1967 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL, 1968 IN PVOID ApcContext OPTIONAL, 1969 OUT PIO_STATUS_BLOCK IoStatusBlock, 1970 IN ULONG IoControlCode, 1971 IN PVOID InputBuffer OPTIONAL, 1972 IN ULONG InputBufferLength, 1973 OUT PVOID OutputBuffer OPTIONAL, 1974 IN ULONG OutputBufferLength); 1975 1976 NTSYSCALLAPI 1977 NTSTATUS 1978 NTAPI 1979 NtFsControlFile( 1980 IN HANDLE FileHandle, 1981 IN HANDLE Event OPTIONAL, 1982 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL, 1983 IN PVOID ApcContext OPTIONAL, 1984 OUT PIO_STATUS_BLOCK IoStatusBlock, 1985 IN ULONG FsControlCode, 1986 IN PVOID InputBuffer OPTIONAL, 1987 IN ULONG InputBufferLength, 1988 OUT PVOID OutputBuffer OPTIONAL, 1989 IN ULONG OutputBufferLength); 1990 1991 NTSYSCALLAPI 1992 NTSTATUS 1993 NTAPI 1994 NtLockFile( 1995 IN HANDLE FileHandle, 1996 IN HANDLE Event OPTIONAL, 1997 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL, 1998 IN PVOID ApcContext OPTIONAL, 1999 OUT PIO_STATUS_BLOCK IoStatusBlock, 2000 IN PLARGE_INTEGER ByteOffset, 2001 IN PLARGE_INTEGER Length, 2002 IN ULONG Key, 2003 IN BOOLEAN FailImmediately, 2004 IN BOOLEAN ExclusiveLock); 2005 2006 NTSYSCALLAPI 2007 NTSTATUS 2008 NTAPI 2009 NtOpenFile( 2010 OUT PHANDLE FileHandle, 2011 IN ACCESS_MASK DesiredAccess, 2012 IN POBJECT_ATTRIBUTES ObjectAttributes, 2013 OUT PIO_STATUS_BLOCK IoStatusBlock, 2014 IN ULONG ShareAccess, 2015 IN ULONG OpenOptions); 2016 2017 NTSYSCALLAPI 2018 NTSTATUS 2019 NTAPI 2020 NtQueryDirectoryFile( 2021 IN HANDLE FileHandle, 2022 IN HANDLE Event OPTIONAL, 2023 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL, 2024 IN PVOID ApcContext OPTIONAL, 2025 OUT PIO_STATUS_BLOCK IoStatusBlock, 2026 OUT PVOID FileInformation, 2027 IN ULONG Length, 2028 IN FILE_INFORMATION_CLASS FileInformationClass, 2029 IN BOOLEAN ReturnSingleEntry, 2030 IN PUNICODE_STRING FileName OPTIONAL, 2031 IN BOOLEAN RestartScan); 2032 2033 NTSYSCALLAPI 2034 NTSTATUS 2035 NTAPI 2036 NtQueryInformationFile( 2037 IN HANDLE FileHandle, 2038 OUT PIO_STATUS_BLOCK IoStatusBlock, 2039 OUT PVOID FileInformation, 2040 IN ULONG Length, 2041 IN FILE_INFORMATION_CLASS FileInformationClass); 2042 2043 NTSYSCALLAPI 2044 NTSTATUS 2045 NTAPI 2046 NtQueryQuotaInformationFile( 2047 IN HANDLE FileHandle, 2048 OUT PIO_STATUS_BLOCK IoStatusBlock, 2049 OUT PVOID Buffer, 2050 IN ULONG Length, 2051 IN BOOLEAN ReturnSingleEntry, 2052 IN PVOID SidList, 2053 IN ULONG SidListLength, 2054 IN PSID StartSid OPTIONAL, 2055 IN BOOLEAN RestartScan); 2056 2057 NTSYSCALLAPI 2058 NTSTATUS 2059 NTAPI 2060 NtQueryVolumeInformationFile( 2061 IN HANDLE FileHandle, 2062 OUT PIO_STATUS_BLOCK IoStatusBlock, 2063 OUT PVOID FsInformation, 2064 IN ULONG Length, 2065 IN FS_INFORMATION_CLASS FsInformationClass); 2066 2067 NTSYSCALLAPI 2068 NTSTATUS 2069 NTAPI 2070 NtReadFile( 2071 IN HANDLE FileHandle, 2072 IN HANDLE Event OPTIONAL, 2073 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL, 2074 IN PVOID ApcContext OPTIONAL, 2075 OUT PIO_STATUS_BLOCK IoStatusBlock, 2076 OUT PVOID Buffer, 2077 IN ULONG Length, 2078 IN PLARGE_INTEGER ByteOffset OPTIONAL, 2079 IN PULONG Key OPTIONAL); 2080 2081 NTSYSCALLAPI 2082 NTSTATUS 2083 NTAPI 2084 NtSetInformationFile( 2085 IN HANDLE FileHandle, 2086 OUT PIO_STATUS_BLOCK IoStatusBlock, 2087 IN PVOID FileInformation, 2088 IN ULONG Length, 2089 IN FILE_INFORMATION_CLASS FileInformationClass); 2090 2091 NTSYSCALLAPI 2092 NTSTATUS 2093 NTAPI 2094 NtSetQuotaInformationFile( 2095 IN HANDLE FileHandle, 2096 OUT PIO_STATUS_BLOCK IoStatusBlock, 2097 IN PVOID Buffer, 2098 IN ULONG Length); 2099 2100 NTSYSCALLAPI 2101 NTSTATUS 2102 NTAPI 2103 NtSetVolumeInformationFile( 2104 IN HANDLE FileHandle, 2105 OUT PIO_STATUS_BLOCK IoStatusBlock, 2106 IN PVOID FsInformation, 2107 IN ULONG Length, 2108 IN FS_INFORMATION_CLASS FsInformationClass); 2109 2110 NTSYSCALLAPI 2111 NTSTATUS 2112 NTAPI 2113 NtWriteFile( 2114 IN HANDLE FileHandle, 2115 IN HANDLE Event OPTIONAL, 2116 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL, 2117 IN PVOID ApcContext OPTIONAL, 2118 OUT PIO_STATUS_BLOCK IoStatusBlock, 2119 IN PVOID Buffer, 2120 IN ULONG Length, 2121 IN PLARGE_INTEGER ByteOffset OPTIONAL, 2122 IN PULONG Key OPTIONAL); 2123 2124 NTSYSCALLAPI 2125 NTSTATUS 2126 NTAPI 2127 NtUnlockFile( 2128 IN HANDLE FileHandle, 2129 OUT PIO_STATUS_BLOCK IoStatusBlock, 2130 IN PLARGE_INTEGER ByteOffset, 2131 IN PLARGE_INTEGER Length, 2132 IN ULONG Key); 2133 2134 NTSYSCALLAPI 2135 NTSTATUS 2136 NTAPI 2137 NtSetSecurityObject( 2138 IN HANDLE Handle, 2139 IN SECURITY_INFORMATION SecurityInformation, 2140 IN PSECURITY_DESCRIPTOR SecurityDescriptor); 2141 2142 NTSYSCALLAPI 2143 NTSTATUS 2144 NTAPI 2145 NtQuerySecurityObject( 2146 IN HANDLE Handle, 2147 IN SECURITY_INFORMATION SecurityInformation, 2148 OUT PSECURITY_DESCRIPTOR SecurityDescriptor, 2149 IN ULONG Length, 2150 OUT PULONG LengthNeeded); 2151 2152 NTSYSCALLAPI 2153 NTSTATUS 2154 NTAPI 2155 NtClose( 2156 IN HANDLE Handle); 2157 2158 NTSYSCALLAPI 2159 NTSTATUS 2160 NTAPI 2161 NtAllocateVirtualMemory( 2162 IN HANDLE ProcessHandle, 2163 IN OUT PVOID *BaseAddress, 2164 IN ULONG_PTR ZeroBits, 2165 IN OUT PSIZE_T RegionSize, 2166 IN ULONG AllocationType, 2167 IN ULONG Protect); 2168 2169 NTSYSCALLAPI 2170 NTSTATUS 2171 NTAPI 2172 NtFreeVirtualMemory( 2173 IN HANDLE ProcessHandle, 2174 IN OUT PVOID *BaseAddress, 2175 IN OUT PSIZE_T RegionSize, 2176 IN ULONG FreeType); 2177 2178 #endif /* (NTDDI_VERSION >= NTDDI_WIN2K) */ 2179 2180 #if (NTDDI_VERSION >= NTDDI_WINXP) 2181 2182 NTSYSCALLAPI 2183 NTSTATUS 2184 NTAPI 2185 NtOpenThreadTokenEx( 2186 IN HANDLE ThreadHandle, 2187 IN ACCESS_MASK DesiredAccess, 2188 IN BOOLEAN OpenAsSelf, 2189 IN ULONG HandleAttributes, 2190 OUT PHANDLE TokenHandle); 2191 2192 NTSYSCALLAPI 2193 NTSTATUS 2194 NTAPI 2195 NtOpenProcessTokenEx( 2196 IN HANDLE ProcessHandle, 2197 IN ACCESS_MASK DesiredAccess, 2198 IN ULONG HandleAttributes, 2199 OUT PHANDLE TokenHandle); 2200 2201 NTSYSAPI 2202 NTSTATUS 2203 NTAPI 2204 NtOpenJobObjectToken( 2205 IN HANDLE JobHandle, 2206 IN ACCESS_MASK DesiredAccess, 2207 OUT PHANDLE TokenHandle); 2208 2209 NTSYSCALLAPI 2210 NTSTATUS 2211 NTAPI 2212 NtDuplicateToken( 2213 IN HANDLE ExistingTokenHandle, 2214 IN ACCESS_MASK DesiredAccess, 2215 IN POBJECT_ATTRIBUTES ObjectAttributes, 2216 IN BOOLEAN EffectiveOnly, 2217 IN TOKEN_TYPE TokenType, 2218 OUT PHANDLE NewTokenHandle); 2219 2220 NTSYSCALLAPI 2221 NTSTATUS 2222 NTAPI 2223 NtFilterToken( 2224 IN HANDLE ExistingTokenHandle, 2225 IN ULONG Flags, 2226 IN PTOKEN_GROUPS SidsToDisable OPTIONAL, 2227 IN PTOKEN_PRIVILEGES PrivilegesToDelete OPTIONAL, 2228 IN PTOKEN_GROUPS RestrictedSids OPTIONAL, 2229 OUT PHANDLE NewTokenHandle); 2230 2231 NTSYSCALLAPI 2232 NTSTATUS 2233 NTAPI 2234 NtImpersonateAnonymousToken( 2235 IN HANDLE ThreadHandle); 2236 2237 NTSYSCALLAPI 2238 NTSTATUS 2239 NTAPI 2240 NtSetInformationToken( 2241 IN HANDLE TokenHandle, 2242 IN TOKEN_INFORMATION_CLASS TokenInformationClass, 2243 IN PVOID TokenInformation, 2244 IN ULONG TokenInformationLength); 2245 2246 NTSYSCALLAPI 2247 NTSTATUS 2248 NTAPI 2249 NtAdjustGroupsToken( 2250 IN HANDLE TokenHandle, 2251 IN BOOLEAN ResetToDefault, 2252 IN PTOKEN_GROUPS NewState OPTIONAL, 2253 IN ULONG BufferLength OPTIONAL, 2254 OUT PTOKEN_GROUPS PreviousState, 2255 OUT PULONG ReturnLength); 2256 2257 NTSYSCALLAPI 2258 NTSTATUS 2259 NTAPI 2260 NtPrivilegeCheck( 2261 IN HANDLE ClientToken, 2262 IN OUT PPRIVILEGE_SET RequiredPrivileges, 2263 OUT PBOOLEAN Result); 2264 2265 NTSYSCALLAPI 2266 NTSTATUS 2267 NTAPI 2268 NtAccessCheckAndAuditAlarm( 2269 IN PUNICODE_STRING SubsystemName, 2270 IN PVOID HandleId OPTIONAL, 2271 IN PUNICODE_STRING ObjectTypeName, 2272 IN PUNICODE_STRING ObjectName, 2273 IN PSECURITY_DESCRIPTOR SecurityDescriptor, 2274 IN ACCESS_MASK DesiredAccess, 2275 IN PGENERIC_MAPPING GenericMapping, 2276 IN BOOLEAN ObjectCreation, 2277 OUT PACCESS_MASK GrantedAccess, 2278 OUT PNTSTATUS AccessStatus, 2279 OUT PBOOLEAN GenerateOnClose); 2280 2281 NTSYSCALLAPI 2282 NTSTATUS 2283 NTAPI 2284 NtAccessCheckByTypeAndAuditAlarm( 2285 IN PUNICODE_STRING SubsystemName, 2286 IN PVOID HandleId, 2287 IN PUNICODE_STRING ObjectTypeName, 2288 IN PUNICODE_STRING ObjectName, 2289 IN PSECURITY_DESCRIPTOR SecurityDescriptor, 2290 IN PSID PrincipalSelfSid OPTIONAL, 2291 IN ACCESS_MASK DesiredAccess, 2292 IN AUDIT_EVENT_TYPE AuditType, 2293 IN ULONG Flags, 2294 IN POBJECT_TYPE_LIST ObjectTypeList OPTIONAL, 2295 IN ULONG ObjectTypeLength, 2296 IN PGENERIC_MAPPING GenericMapping, 2297 IN BOOLEAN ObjectCreation, 2298 OUT PACCESS_MASK GrantedAccess, 2299 OUT PNTSTATUS AccessStatus, 2300 OUT PBOOLEAN GenerateOnClose); 2301 2302 NTSYSCALLAPI 2303 NTSTATUS 2304 NTAPI 2305 NtAccessCheckByTypeResultListAndAuditAlarm( 2306 IN PUNICODE_STRING SubsystemName, 2307 IN PVOID HandleId OPTIONAL, 2308 IN PUNICODE_STRING ObjectTypeName, 2309 IN PUNICODE_STRING ObjectName, 2310 IN PSECURITY_DESCRIPTOR SecurityDescriptor, 2311 IN PSID PrincipalSelfSid OPTIONAL, 2312 IN ACCESS_MASK DesiredAccess, 2313 IN AUDIT_EVENT_TYPE AuditType, 2314 IN ULONG Flags, 2315 IN POBJECT_TYPE_LIST ObjectTypeList OPTIONAL, 2316 IN ULONG ObjectTypeLength, 2317 IN PGENERIC_MAPPING GenericMapping, 2318 IN BOOLEAN ObjectCreation, 2319 OUT PACCESS_MASK GrantedAccess, 2320 OUT PNTSTATUS AccessStatus, 2321 OUT PBOOLEAN GenerateOnClose); 2322 2323 NTSTATUS 2324 NTAPI 2325 NtAccessCheckByTypeResultListAndAuditAlarmByHandle( 2326 IN PUNICODE_STRING SubsystemName, 2327 IN PVOID HandleId OPTIONAL, 2328 IN HANDLE ClientToken, 2329 IN PUNICODE_STRING ObjectTypeName, 2330 IN PUNICODE_STRING ObjectName, 2331 IN PSECURITY_DESCRIPTOR SecurityDescriptor, 2332 IN PSID PrincipalSelfSid OPTIONAL, 2333 IN ACCESS_MASK DesiredAccess, 2334 IN AUDIT_EVENT_TYPE AuditType, 2335 IN ULONG Flags, 2336 IN POBJECT_TYPE_LIST ObjectTypeList OPTIONAL, 2337 IN ULONG ObjectTypeLength, 2338 IN PGENERIC_MAPPING GenericMapping, 2339 IN BOOLEAN ObjectCreation, 2340 OUT PACCESS_MASK GrantedAccess, 2341 OUT PNTSTATUS AccessStatus, 2342 OUT PBOOLEAN GenerateOnClose); 2343 2344 NTSYSCALLAPI 2345 NTSTATUS 2346 NTAPI 2347 NtOpenObjectAuditAlarm( 2348 IN PUNICODE_STRING SubsystemName, 2349 IN PVOID HandleId OPTIONAL, 2350 IN PUNICODE_STRING ObjectTypeName, 2351 IN PUNICODE_STRING ObjectName, 2352 IN PSECURITY_DESCRIPTOR SecurityDescriptor OPTIONAL, 2353 IN HANDLE ClientToken, 2354 IN ACCESS_MASK DesiredAccess, 2355 IN ACCESS_MASK GrantedAccess, 2356 IN PPRIVILEGE_SET Privileges OPTIONAL, 2357 IN BOOLEAN ObjectCreation, 2358 IN BOOLEAN AccessGranted, 2359 OUT PBOOLEAN GenerateOnClose); 2360 2361 NTSYSCALLAPI 2362 NTSTATUS 2363 NTAPI 2364 NtPrivilegeObjectAuditAlarm( 2365 IN PUNICODE_STRING SubsystemName, 2366 IN PVOID HandleId OPTIONAL, 2367 IN HANDLE ClientToken, 2368 IN ACCESS_MASK DesiredAccess, 2369 IN PPRIVILEGE_SET Privileges, 2370 IN BOOLEAN AccessGranted); 2371 2372 NTSYSCALLAPI 2373 NTSTATUS 2374 NTAPI 2375 NtCloseObjectAuditAlarm( 2376 IN PUNICODE_STRING SubsystemName, 2377 IN PVOID HandleId OPTIONAL, 2378 IN BOOLEAN GenerateOnClose); 2379 2380 NTSYSCALLAPI 2381 NTSTATUS 2382 NTAPI 2383 NtDeleteObjectAuditAlarm( 2384 IN PUNICODE_STRING SubsystemName, 2385 IN PVOID HandleId OPTIONAL, 2386 IN BOOLEAN GenerateOnClose); 2387 2388 NTSYSCALLAPI 2389 NTSTATUS 2390 NTAPI 2391 NtPrivilegedServiceAuditAlarm( 2392 IN PUNICODE_STRING SubsystemName, 2393 IN PUNICODE_STRING ServiceName, 2394 IN HANDLE ClientToken, 2395 IN PPRIVILEGE_SET Privileges, 2396 IN BOOLEAN AccessGranted); 2397 2398 NTSYSCALLAPI 2399 NTSTATUS 2400 NTAPI 2401 NtSetInformationThread( 2402 IN HANDLE ThreadHandle, 2403 IN THREADINFOCLASS ThreadInformationClass, 2404 IN PVOID ThreadInformation, 2405 IN ULONG ThreadInformationLength); 2406 2407 NTSYSCALLAPI 2408 NTSTATUS 2409 NTAPI 2410 NtCreateSection( 2411 OUT PHANDLE SectionHandle, 2412 IN ACCESS_MASK DesiredAccess, 2413 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, 2414 IN PLARGE_INTEGER MaximumSize OPTIONAL, 2415 IN ULONG SectionPageProtection, 2416 IN ULONG AllocationAttributes, 2417 IN HANDLE FileHandle OPTIONAL); 2418 2419 #endif /* (NTDDI_VERSION >= NTDDI_WINXP) */ 2420 2421 #define COMPRESSION_FORMAT_NONE (0x0000) 2422 #define COMPRESSION_FORMAT_DEFAULT (0x0001) 2423 #define COMPRESSION_FORMAT_LZNT1 (0x0002) 2424 #define COMPRESSION_ENGINE_STANDARD (0x0000) 2425 #define COMPRESSION_ENGINE_MAXIMUM (0x0100) 2426 #define COMPRESSION_ENGINE_HIBER (0x0200) 2427 2428 #define MAX_UNICODE_STACK_BUFFER_LENGTH 256 2429 2430 #define METHOD_FROM_CTL_CODE(ctrlCode) ((ULONG)(ctrlCode & 3)) 2431 2432 #define METHOD_DIRECT_TO_HARDWARE METHOD_IN_DIRECT 2433 #define METHOD_DIRECT_FROM_HARDWARE METHOD_OUT_DIRECT 2434 2435 typedef ULONG LSA_OPERATIONAL_MODE, *PLSA_OPERATIONAL_MODE; 2436 2437 typedef enum _SECURITY_LOGON_TYPE { 2438 UndefinedLogonType = 0, 2439 Interactive = 2, 2440 Network, 2441 Batch, 2442 Service, 2443 Proxy, 2444 Unlock, 2445 NetworkCleartext, 2446 NewCredentials, 2447 #if (_WIN32_WINNT >= 0x0501) 2448 RemoteInteractive, 2449 CachedInteractive, 2450 #endif 2451 #if (_WIN32_WINNT >= 0x0502) 2452 CachedRemoteInteractive, 2453 CachedUnlock 2454 #endif 2455 } SECURITY_LOGON_TYPE, *PSECURITY_LOGON_TYPE; 2456 2457 #ifndef _NTLSA_AUDIT_ 2458 #define _NTLSA_AUDIT_ 2459 2460 #ifndef GUID_DEFINED 2461 #include <guiddef.h> 2462 #endif 2463 2464 #endif /* _NTLSA_AUDIT_ */ 2465 2466 NTSTATUS 2467 NTAPI 2468 LsaRegisterLogonProcess( 2469 IN PLSA_STRING LogonProcessName, 2470 OUT PHANDLE LsaHandle, 2471 OUT PLSA_OPERATIONAL_MODE SecurityMode); 2472 2473 NTSTATUS 2474 NTAPI 2475 LsaLogonUser( 2476 IN HANDLE LsaHandle, 2477 IN PLSA_STRING OriginName, 2478 IN SECURITY_LOGON_TYPE LogonType, 2479 IN ULONG AuthenticationPackage, 2480 IN PVOID AuthenticationInformation, 2481 IN ULONG AuthenticationInformationLength, 2482 IN PTOKEN_GROUPS LocalGroups OPTIONAL, 2483 IN PTOKEN_SOURCE SourceContext, 2484 OUT PVOID *ProfileBuffer, 2485 OUT PULONG ProfileBufferLength, 2486 OUT PLUID LogonId, 2487 OUT PHANDLE Token, 2488 OUT PQUOTA_LIMITS Quotas, 2489 OUT PNTSTATUS SubStatus); 2490 2491 NTSTATUS 2492 NTAPI 2493 LsaFreeReturnBuffer( 2494 IN PVOID Buffer); 2495 2496 #ifndef _NTLSA_IFS_ 2497 #define _NTLSA_IFS_ 2498 #endif 2499 2500 #define MSV1_0_PACKAGE_NAME "MICROSOFT_AUTHENTICATION_PACKAGE_V1_0" 2501 #define MSV1_0_PACKAGE_NAMEW L"MICROSOFT_AUTHENTICATION_PACKAGE_V1_0" 2502 #define MSV1_0_PACKAGE_NAMEW_LENGTH sizeof(MSV1_0_PACKAGE_NAMEW) - sizeof(WCHAR) 2503 2504 #define MSV1_0_SUBAUTHENTICATION_KEY "SYSTEM\\CurrentControlSet\\Control\\Lsa\\MSV1_0" 2505 #define MSV1_0_SUBAUTHENTICATION_VALUE "Auth" 2506 2507 #define MSV1_0_CHALLENGE_LENGTH 8 2508 #define MSV1_0_USER_SESSION_KEY_LENGTH 16 2509 #define MSV1_0_LANMAN_SESSION_KEY_LENGTH 8 2510 2511 #define MSV1_0_CLEARTEXT_PASSWORD_ALLOWED 0x02 2512 #define MSV1_0_UPDATE_LOGON_STATISTICS 0x04 2513 #define MSV1_0_RETURN_USER_PARAMETERS 0x08 2514 #define MSV1_0_DONT_TRY_GUEST_ACCOUNT 0x10 2515 #define MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT 0x20 2516 #define MSV1_0_RETURN_PASSWORD_EXPIRY 0x40 2517 #define MSV1_0_USE_CLIENT_CHALLENGE 0x80 2518 #define MSV1_0_TRY_GUEST_ACCOUNT_ONLY 0x100 2519 #define MSV1_0_RETURN_PROFILE_PATH 0x200 2520 #define MSV1_0_TRY_SPECIFIED_DOMAIN_ONLY 0x400 2521 #define MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT 0x800 2522 2523 #define MSV1_0_DISABLE_PERSONAL_FALLBACK 0x00001000 2524 #define MSV1_0_ALLOW_FORCE_GUEST 0x00002000 2525 2526 #if (_WIN32_WINNT >= 0x0502) 2527 #define MSV1_0_CLEARTEXT_PASSWORD_SUPPLIED 0x00004000 2528 #define MSV1_0_USE_DOMAIN_FOR_ROUTING_ONLY 0x00008000 2529 #endif 2530 2531 #define MSV1_0_SUBAUTHENTICATION_DLL_EX 0x00100000 2532 #define MSV1_0_ALLOW_MSVCHAPV2 0x00010000 2533 2534 #if (_WIN32_WINNT >= 0x0600) 2535 #define MSV1_0_S4U2SELF 0x00020000 2536 #define MSV1_0_CHECK_LOGONHOURS_FOR_S4U 0x00040000 2537 #endif 2538 2539 #define MSV1_0_SUBAUTHENTICATION_DLL 0xFF000000 2540 #define MSV1_0_SUBAUTHENTICATION_DLL_SHIFT 24 2541 #define MSV1_0_MNS_LOGON 0x01000000 2542 2543 #define MSV1_0_SUBAUTHENTICATION_DLL_RAS 2 2544 #define MSV1_0_SUBAUTHENTICATION_DLL_IIS 132 2545 2546 #define LOGON_GUEST 0x01 2547 #define LOGON_NOENCRYPTION 0x02 2548 #define LOGON_CACHED_ACCOUNT 0x04 2549 #define LOGON_USED_LM_PASSWORD 0x08 2550 #define LOGON_EXTRA_SIDS 0x20 2551 #define LOGON_SUBAUTH_SESSION_KEY 0x40 2552 #define LOGON_SERVER_TRUST_ACCOUNT 0x80 2553 #define LOGON_NTLMV2_ENABLED 0x100 2554 #define LOGON_RESOURCE_GROUPS 0x200 2555 #define LOGON_PROFILE_PATH_RETURNED 0x400 2556 #define LOGON_NT_V2 0x800 2557 #define LOGON_LM_V2 0x1000 2558 #define LOGON_NTLM_V2 0x2000 2559 2560 #if (_WIN32_WINNT >= 0x0600) 2561 2562 #define LOGON_OPTIMIZED 0x4000 2563 #define LOGON_WINLOGON 0x8000 2564 #define LOGON_PKINIT 0x10000 2565 #define LOGON_NO_OPTIMIZED 0x20000 2566 2567 #endif 2568 2569 #define MSV1_0_SUBAUTHENTICATION_FLAGS 0xFF000000 2570 2571 #define LOGON_GRACE_LOGON 0x01000000 2572 2573 #define MSV1_0_OWF_PASSWORD_LENGTH 16 2574 #define MSV1_0_CRED_LM_PRESENT 0x1 2575 #define MSV1_0_CRED_NT_PRESENT 0x2 2576 #define MSV1_0_CRED_VERSION 0 2577 2578 #define MSV1_0_NTLM3_RESPONSE_LENGTH 16 2579 #define MSV1_0_NTLM3_OWF_LENGTH 16 2580 2581 #if (_WIN32_WINNT == 0x0500) 2582 #define MSV1_0_MAX_NTLM3_LIFE 1800 2583 #else 2584 #define MSV1_0_MAX_NTLM3_LIFE 129600 2585 #endif 2586 #define MSV1_0_MAX_AVL_SIZE 64000 2587 2588 #if (_WIN32_WINNT >= 0x0501) 2589 2590 #define MSV1_0_AV_FLAG_FORCE_GUEST 0x00000001 2591 2592 #if (_WIN32_WINNT >= 0x0600) 2593 #define MSV1_0_AV_FLAG_MIC_HANDSHAKE_MESSAGES 0x00000002 2594 #endif 2595 2596 #endif 2597 2598 #define MSV1_0_NTLM3_INPUT_LENGTH (sizeof(MSV1_0_NTLM3_RESPONSE) - MSV1_0_NTLM3_RESPONSE_LENGTH) 2599 2600 #if(_WIN32_WINNT >= 0x0502) 2601 #define MSV1_0_NTLM3_MIN_NT_RESPONSE_LENGTH RTL_SIZEOF_THROUGH_FIELD(MSV1_0_NTLM3_RESPONSE, AvPairsOff) 2602 #endif 2603 2604 #define USE_PRIMARY_PASSWORD 0x01 2605 #define RETURN_PRIMARY_USERNAME 0x02 2606 #define RETURN_PRIMARY_LOGON_DOMAINNAME 0x04 2607 #define RETURN_NON_NT_USER_SESSION_KEY 0x08 2608 #define GENERATE_CLIENT_CHALLENGE 0x10 2609 #define GCR_NTLM3_PARMS 0x20 2610 #define GCR_TARGET_INFO 0x40 2611 #define RETURN_RESERVED_PARAMETER 0x80 2612 #define GCR_ALLOW_NTLM 0x100 2613 #define GCR_USE_OEM_SET 0x200 2614 #define GCR_MACHINE_CREDENTIAL 0x400 2615 #define GCR_USE_OWF_PASSWORD 0x800 2616 #define GCR_ALLOW_LM 0x1000 2617 #define GCR_ALLOW_NO_TARGET 0x2000 2618 2619 typedef enum _MSV1_0_LOGON_SUBMIT_TYPE { 2620 MsV1_0InteractiveLogon = 2, 2621 MsV1_0Lm20Logon, 2622 MsV1_0NetworkLogon, 2623 MsV1_0SubAuthLogon, 2624 MsV1_0WorkstationUnlockLogon = 7, 2625 MsV1_0S4ULogon = 12, 2626 MsV1_0VirtualLogon = 82 2627 } MSV1_0_LOGON_SUBMIT_TYPE, *PMSV1_0_LOGON_SUBMIT_TYPE; 2628 2629 typedef enum _MSV1_0_PROFILE_BUFFER_TYPE { 2630 MsV1_0InteractiveProfile = 2, 2631 MsV1_0Lm20LogonProfile, 2632 MsV1_0SmartCardProfile 2633 } MSV1_0_PROFILE_BUFFER_TYPE, *PMSV1_0_PROFILE_BUFFER_TYPE; 2634 2635 typedef struct _MSV1_0_INTERACTIVE_LOGON { 2636 MSV1_0_LOGON_SUBMIT_TYPE MessageType; 2637 UNICODE_STRING LogonDomainName; 2638 UNICODE_STRING UserName; 2639 UNICODE_STRING Password; 2640 } MSV1_0_INTERACTIVE_LOGON, *PMSV1_0_INTERACTIVE_LOGON; 2641 2642 typedef struct _MSV1_0_INTERACTIVE_PROFILE { 2643 MSV1_0_PROFILE_BUFFER_TYPE MessageType; 2644 USHORT LogonCount; 2645 USHORT BadPasswordCount; 2646 LARGE_INTEGER LogonTime; 2647 LARGE_INTEGER LogoffTime; 2648 LARGE_INTEGER KickOffTime; 2649 LARGE_INTEGER PasswordLastSet; 2650 LARGE_INTEGER PasswordCanChange; 2651 LARGE_INTEGER PasswordMustChange; 2652 UNICODE_STRING LogonScript; 2653 UNICODE_STRING HomeDirectory; 2654 UNICODE_STRING FullName; 2655 UNICODE_STRING ProfilePath; 2656 UNICODE_STRING HomeDirectoryDrive; 2657 UNICODE_STRING LogonServer; 2658 ULONG UserFlags; 2659 } MSV1_0_INTERACTIVE_PROFILE, *PMSV1_0_INTERACTIVE_PROFILE; 2660 2661 typedef struct _MSV1_0_LM20_LOGON { 2662 MSV1_0_LOGON_SUBMIT_TYPE MessageType; 2663 UNICODE_STRING LogonDomainName; 2664 UNICODE_STRING UserName; 2665 UNICODE_STRING Workstation; 2666 UCHAR ChallengeToClient[MSV1_0_CHALLENGE_LENGTH]; 2667 STRING CaseSensitiveChallengeResponse; 2668 STRING CaseInsensitiveChallengeResponse; 2669 ULONG ParameterControl; 2670 } MSV1_0_LM20_LOGON, * PMSV1_0_LM20_LOGON; 2671 2672 typedef struct _MSV1_0_SUBAUTH_LOGON { 2673 MSV1_0_LOGON_SUBMIT_TYPE MessageType; 2674 UNICODE_STRING LogonDomainName; 2675 UNICODE_STRING UserName; 2676 UNICODE_STRING Workstation; 2677 UCHAR ChallengeToClient[MSV1_0_CHALLENGE_LENGTH]; 2678 STRING AuthenticationInfo1; 2679 STRING AuthenticationInfo2; 2680 ULONG ParameterControl; 2681 ULONG SubAuthPackageId; 2682 } MSV1_0_SUBAUTH_LOGON, * PMSV1_0_SUBAUTH_LOGON; 2683 2684 #if (_WIN32_WINNT >= 0x0600) 2685 2686 #define MSV1_0_S4U_LOGON_FLAG_CHECK_LOGONHOURS 0x2 2687 2688 typedef struct _MSV1_0_S4U_LOGON { 2689 MSV1_0_LOGON_SUBMIT_TYPE MessageType; 2690 ULONG Flags; 2691 UNICODE_STRING UserPrincipalName; 2692 UNICODE_STRING DomainName; 2693 } MSV1_0_S4U_LOGON, *PMSV1_0_S4U_LOGON; 2694 2695 #endif 2696 2697 typedef struct _MSV1_0_LM20_LOGON_PROFILE { 2698 MSV1_0_PROFILE_BUFFER_TYPE MessageType; 2699 LARGE_INTEGER KickOffTime; 2700 LARGE_INTEGER LogoffTime; 2701 ULONG UserFlags; 2702 UCHAR UserSessionKey[MSV1_0_USER_SESSION_KEY_LENGTH]; 2703 UNICODE_STRING LogonDomainName; 2704 UCHAR LanmanSessionKey[MSV1_0_LANMAN_SESSION_KEY_LENGTH]; 2705 UNICODE_STRING LogonServer; 2706 UNICODE_STRING UserParameters; 2707 } MSV1_0_LM20_LOGON_PROFILE, * PMSV1_0_LM20_LOGON_PROFILE; 2708 2709 typedef struct _MSV1_0_SUPPLEMENTAL_CREDENTIAL { 2710 ULONG Version; 2711 ULONG Flags; 2712 UCHAR LmPassword[MSV1_0_OWF_PASSWORD_LENGTH]; 2713 UCHAR NtPassword[MSV1_0_OWF_PASSWORD_LENGTH]; 2714 } MSV1_0_SUPPLEMENTAL_CREDENTIAL, *PMSV1_0_SUPPLEMENTAL_CREDENTIAL; 2715 2716 typedef struct _MSV1_0_NTLM3_RESPONSE { 2717 UCHAR Response[MSV1_0_NTLM3_RESPONSE_LENGTH]; 2718 UCHAR RespType; 2719 UCHAR HiRespType; 2720 USHORT Flags; 2721 ULONG MsgWord; 2722 ULONGLONG TimeStamp; 2723 UCHAR ChallengeFromClient[MSV1_0_CHALLENGE_LENGTH]; 2724 ULONG AvPairsOff; 2725 UCHAR Buffer[1]; 2726 } MSV1_0_NTLM3_RESPONSE, *PMSV1_0_NTLM3_RESPONSE; 2727 2728 typedef enum _MSV1_0_AVID { 2729 MsvAvEOL, 2730 MsvAvNbComputerName, 2731 MsvAvNbDomainName, 2732 MsvAvDnsComputerName, 2733 MsvAvDnsDomainName, 2734 #if (_WIN32_WINNT >= 0x0501) 2735 MsvAvDnsTreeName, 2736 MsvAvFlags, 2737 #if (_WIN32_WINNT >= 0x0600) 2738 MsvAvTimestamp, 2739 MsvAvRestrictions, 2740 MsvAvTargetName, 2741 MsvAvChannelBindings, 2742 #endif 2743 #endif 2744 } MSV1_0_AVID; 2745 2746 typedef struct _MSV1_0_AV_PAIR { 2747 USHORT AvId; 2748 USHORT AvLen; 2749 } MSV1_0_AV_PAIR, *PMSV1_0_AV_PAIR; 2750 2751 typedef enum _MSV1_0_PROTOCOL_MESSAGE_TYPE { 2752 MsV1_0Lm20ChallengeRequest = 0, 2753 MsV1_0Lm20GetChallengeResponse, 2754 MsV1_0EnumerateUsers, 2755 MsV1_0GetUserInfo, 2756 MsV1_0ReLogonUsers, 2757 MsV1_0ChangePassword, 2758 MsV1_0ChangeCachedPassword, 2759 MsV1_0GenericPassthrough, 2760 MsV1_0CacheLogon, 2761 MsV1_0SubAuth, 2762 MsV1_0DeriveCredential, 2763 MsV1_0CacheLookup, 2764 #if (_WIN32_WINNT >= 0x0501) 2765 MsV1_0SetProcessOption, 2766 #endif 2767 #if (_WIN32_WINNT >= 0x0600) 2768 MsV1_0ConfigLocalAliases, 2769 MsV1_0ClearCachedCredentials, 2770 #endif 2771 } MSV1_0_PROTOCOL_MESSAGE_TYPE, *PMSV1_0_PROTOCOL_MESSAGE_TYPE; 2772 2773 typedef struct _MSV1_0_LM20_CHALLENGE_REQUEST { 2774 MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType; 2775 } MSV1_0_LM20_CHALLENGE_REQUEST, *PMSV1_0_LM20_CHALLENGE_REQUEST; 2776 2777 typedef struct _MSV1_0_LM20_CHALLENGE_RESPONSE { 2778 MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType; 2779 UCHAR ChallengeToClient[MSV1_0_CHALLENGE_LENGTH]; 2780 } MSV1_0_LM20_CHALLENGE_RESPONSE, *PMSV1_0_LM20_CHALLENGE_RESPONSE; 2781 2782 typedef struct _MSV1_0_GETCHALLENRESP_REQUEST_V1 { 2783 MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType; 2784 ULONG ParameterControl; 2785 LUID LogonId; 2786 UNICODE_STRING Password; 2787 UCHAR ChallengeToClient[MSV1_0_CHALLENGE_LENGTH]; 2788 } MSV1_0_GETCHALLENRESP_REQUEST_V1, *PMSV1_0_GETCHALLENRESP_REQUEST_V1; 2789 2790 typedef struct _MSV1_0_GETCHALLENRESP_REQUEST { 2791 MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType; 2792 ULONG ParameterControl; 2793 LUID LogonId; 2794 UNICODE_STRING Password; 2795 UCHAR ChallengeToClient[MSV1_0_CHALLENGE_LENGTH]; 2796 UNICODE_STRING UserName; 2797 UNICODE_STRING LogonDomainName; 2798 UNICODE_STRING ServerName; 2799 } MSV1_0_GETCHALLENRESP_REQUEST, *PMSV1_0_GETCHALLENRESP_REQUEST; 2800 2801 typedef struct _MSV1_0_GETCHALLENRESP_RESPONSE { 2802 MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType; 2803 STRING CaseSensitiveChallengeResponse; 2804 STRING CaseInsensitiveChallengeResponse; 2805 UNICODE_STRING UserName; 2806 UNICODE_STRING LogonDomainName; 2807 UCHAR UserSessionKey[MSV1_0_USER_SESSION_KEY_LENGTH]; 2808 UCHAR LanmanSessionKey[MSV1_0_LANMAN_SESSION_KEY_LENGTH]; 2809 } MSV1_0_GETCHALLENRESP_RESPONSE, *PMSV1_0_GETCHALLENRESP_RESPONSE; 2810 2811 typedef struct _MSV1_0_ENUMUSERS_REQUEST { 2812 MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType; 2813 } MSV1_0_ENUMUSERS_REQUEST, *PMSV1_0_ENUMUSERS_REQUEST; 2814 2815 typedef struct _MSV1_0_ENUMUSERS_RESPONSE { 2816 MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType; 2817 ULONG NumberOfLoggedOnUsers; 2818 PLUID LogonIds; 2819 PULONG EnumHandles; 2820 } MSV1_0_ENUMUSERS_RESPONSE, *PMSV1_0_ENUMUSERS_RESPONSE; 2821 2822 typedef struct _MSV1_0_GETUSERINFO_REQUEST { 2823 MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType; 2824 LUID LogonId; 2825 } MSV1_0_GETUSERINFO_REQUEST, *PMSV1_0_GETUSERINFO_REQUEST; 2826 2827 typedef struct _MSV1_0_GETUSERINFO_RESPONSE { 2828 MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType; 2829 PSID UserSid; 2830 UNICODE_STRING UserName; 2831 UNICODE_STRING LogonDomainName; 2832 UNICODE_STRING LogonServer; 2833 SECURITY_LOGON_TYPE LogonType; 2834 } MSV1_0_GETUSERINFO_RESPONSE, *PMSV1_0_GETUSERINFO_RESPONSE; 2835 2836 2837 2838 #define FILE_OPLOCK_BROKEN_TO_LEVEL_2 0x00000007 2839 #define FILE_OPLOCK_BROKEN_TO_NONE 0x00000008 2840 #define FILE_OPBATCH_BREAK_UNDERWAY 0x00000009 2841 2842 /* also in winnt.h */ 2843 #define FILE_NOTIFY_CHANGE_FILE_NAME 0x00000001 2844 #define FILE_NOTIFY_CHANGE_DIR_NAME 0x00000002 2845 #define FILE_NOTIFY_CHANGE_NAME 0x00000003 2846 #define FILE_NOTIFY_CHANGE_ATTRIBUTES 0x00000004 2847 #define FILE_NOTIFY_CHANGE_SIZE 0x00000008 2848 #define FILE_NOTIFY_CHANGE_LAST_WRITE 0x00000010 2849 #define FILE_NOTIFY_CHANGE_LAST_ACCESS 0x00000020 2850 #define FILE_NOTIFY_CHANGE_CREATION 0x00000040 2851 #define FILE_NOTIFY_CHANGE_EA 0x00000080 2852 #define FILE_NOTIFY_CHANGE_SECURITY 0x00000100 2853 #define FILE_NOTIFY_CHANGE_STREAM_NAME 0x00000200 2854 #define FILE_NOTIFY_CHANGE_STREAM_SIZE 0x00000400 2855 #define FILE_NOTIFY_CHANGE_STREAM_WRITE 0x00000800 2856 #define FILE_NOTIFY_VALID_MASK 0x00000fff 2857 2858 #define FILE_ACTION_ADDED 0x00000001 2859 #define FILE_ACTION_REMOVED 0x00000002 2860 #define FILE_ACTION_MODIFIED 0x00000003 2861 #define FILE_ACTION_RENAMED_OLD_NAME 0x00000004 2862 #define FILE_ACTION_RENAMED_NEW_NAME 0x00000005 2863 #define FILE_ACTION_ADDED_STREAM 0x00000006 2864 #define FILE_ACTION_REMOVED_STREAM 0x00000007 2865 #define FILE_ACTION_MODIFIED_STREAM 0x00000008 2866 #define FILE_ACTION_REMOVED_BY_DELETE 0x00000009 2867 #define FILE_ACTION_ID_NOT_TUNNELLED 0x0000000A 2868 #define FILE_ACTION_TUNNELLED_ID_COLLISION 0x0000000B 2869 /* end winnt.h */ 2870 2871 #define FILE_PIPE_BYTE_STREAM_TYPE 0x00000000 2872 #define FILE_PIPE_MESSAGE_TYPE 0x00000001 2873 2874 #define FILE_PIPE_ACCEPT_REMOTE_CLIENTS 0x00000000 2875 #define FILE_PIPE_REJECT_REMOTE_CLIENTS 0x00000002 2876 2877 #define FILE_PIPE_TYPE_VALID_MASK 0x00000003 2878 2879 #define FILE_PIPE_BYTE_STREAM_MODE 0x00000000 2880 #define FILE_PIPE_MESSAGE_MODE 0x00000001 2881 2882 #define FILE_PIPE_QUEUE_OPERATION 0x00000000 2883 #define FILE_PIPE_COMPLETE_OPERATION 0x00000001 2884 2885 #define FILE_PIPE_INBOUND 0x00000000 2886 #define FILE_PIPE_OUTBOUND 0x00000001 2887 #define FILE_PIPE_FULL_DUPLEX 0x00000002 2888 2889 #define FILE_PIPE_DISCONNECTED_STATE 0x00000001 2890 #define FILE_PIPE_LISTENING_STATE 0x00000002 2891 #define FILE_PIPE_CONNECTED_STATE 0x00000003 2892 #define FILE_PIPE_CLOSING_STATE 0x00000004 2893 2894 #define FILE_PIPE_CLIENT_END 0x00000000 2895 #define FILE_PIPE_SERVER_END 0x00000001 2896 2897 #define FILE_CASE_SENSITIVE_SEARCH 0x00000001 2898 #define FILE_CASE_PRESERVED_NAMES 0x00000002 2899 #define FILE_UNICODE_ON_DISK 0x00000004 2900 #define FILE_PERSISTENT_ACLS 0x00000008 2901 #define FILE_FILE_COMPRESSION 0x00000010 2902 #define FILE_VOLUME_QUOTAS 0x00000020 2903 #define FILE_SUPPORTS_SPARSE_FILES 0x00000040 2904 #define FILE_SUPPORTS_REPARSE_POINTS 0x00000080 2905 #define FILE_SUPPORTS_REMOTE_STORAGE 0x00000100 2906 #define FILE_VOLUME_IS_COMPRESSED 0x00008000 2907 #define FILE_SUPPORTS_OBJECT_IDS 0x00010000 2908 #define FILE_SUPPORTS_ENCRYPTION 0x00020000 2909 #define FILE_NAMED_STREAMS 0x00040000 2910 #define FILE_READ_ONLY_VOLUME 0x00080000 2911 #define FILE_SEQUENTIAL_WRITE_ONCE 0x00100000 2912 #define FILE_SUPPORTS_TRANSACTIONS 0x00200000 2913 #define FILE_SUPPORTS_HARD_LINKS 0x00400000 2914 #define FILE_SUPPORTS_EXTENDED_ATTRIBUTES 0x00800000 2915 #define FILE_SUPPORTS_OPEN_BY_FILE_ID 0x01000000 2916 #define FILE_SUPPORTS_USN_JOURNAL 0x02000000 2917 2918 #define FILE_NEED_EA 0x00000080 2919 2920 #define FILE_EA_TYPE_BINARY 0xfffe 2921 #define FILE_EA_TYPE_ASCII 0xfffd 2922 #define FILE_EA_TYPE_BITMAP 0xfffb 2923 #define FILE_EA_TYPE_METAFILE 0xfffa 2924 #define FILE_EA_TYPE_ICON 0xfff9 2925 #define FILE_EA_TYPE_EA 0xffee 2926 #define FILE_EA_TYPE_MVMT 0xffdf 2927 #define FILE_EA_TYPE_MVST 0xffde 2928 #define FILE_EA_TYPE_ASN1 0xffdd 2929 #define FILE_EA_TYPE_FAMILY_IDS 0xff01 2930 2931 typedef struct _FILE_NOTIFY_INFORMATION { 2932 ULONG NextEntryOffset; 2933 ULONG Action; 2934 ULONG FileNameLength; 2935 WCHAR FileName[1]; 2936 } FILE_NOTIFY_INFORMATION, *PFILE_NOTIFY_INFORMATION; 2937 2938 typedef struct _FILE_DIRECTORY_INFORMATION { 2939 ULONG NextEntryOffset; 2940 ULONG FileIndex; 2941 LARGE_INTEGER CreationTime; 2942 LARGE_INTEGER LastAccessTime; 2943 LARGE_INTEGER LastWriteTime; 2944 LARGE_INTEGER ChangeTime; 2945 LARGE_INTEGER EndOfFile; 2946 LARGE_INTEGER AllocationSize; 2947 ULONG FileAttributes; 2948 ULONG FileNameLength; 2949 WCHAR FileName[1]; 2950 } FILE_DIRECTORY_INFORMATION, *PFILE_DIRECTORY_INFORMATION; 2951 2952 typedef struct _FILE_FULL_DIR_INFORMATION { 2953 ULONG NextEntryOffset; 2954 ULONG FileIndex; 2955 LARGE_INTEGER CreationTime; 2956 LARGE_INTEGER LastAccessTime; 2957 LARGE_INTEGER LastWriteTime; 2958 LARGE_INTEGER ChangeTime; 2959 LARGE_INTEGER EndOfFile; 2960 LARGE_INTEGER AllocationSize; 2961 ULONG FileAttributes; 2962 ULONG FileNameLength; 2963 ULONG EaSize; 2964 WCHAR FileName[1]; 2965 } FILE_FULL_DIR_INFORMATION, *PFILE_FULL_DIR_INFORMATION; 2966 2967 typedef struct _FILE_ID_FULL_DIR_INFORMATION { 2968 ULONG NextEntryOffset; 2969 ULONG FileIndex; 2970 LARGE_INTEGER CreationTime; 2971 LARGE_INTEGER LastAccessTime; 2972 LARGE_INTEGER LastWriteTime; 2973 LARGE_INTEGER ChangeTime; 2974 LARGE_INTEGER EndOfFile; 2975 LARGE_INTEGER AllocationSize; 2976 ULONG FileAttributes; 2977 ULONG FileNameLength; 2978 ULONG EaSize; 2979 LARGE_INTEGER FileId; 2980 WCHAR FileName[1]; 2981 } FILE_ID_FULL_DIR_INFORMATION, *PFILE_ID_FULL_DIR_INFORMATION; 2982 2983 typedef struct _FILE_BOTH_DIR_INFORMATION { 2984 ULONG NextEntryOffset; 2985 ULONG FileIndex; 2986 LARGE_INTEGER CreationTime; 2987 LARGE_INTEGER LastAccessTime; 2988 LARGE_INTEGER LastWriteTime; 2989 LARGE_INTEGER ChangeTime; 2990 LARGE_INTEGER EndOfFile; 2991 LARGE_INTEGER AllocationSize; 2992 ULONG FileAttributes; 2993 ULONG FileNameLength; 2994 ULONG EaSize; 2995 CCHAR ShortNameLength; 2996 WCHAR ShortName[12]; 2997 WCHAR FileName[1]; 2998 } FILE_BOTH_DIR_INFORMATION, *PFILE_BOTH_DIR_INFORMATION; 2999 3000 typedef struct _FILE_ID_BOTH_DIR_INFORMATION { 3001 ULONG NextEntryOffset; 3002 ULONG FileIndex; 3003 LARGE_INTEGER CreationTime; 3004 LARGE_INTEGER LastAccessTime; 3005 LARGE_INTEGER LastWriteTime; 3006 LARGE_INTEGER ChangeTime; 3007 LARGE_INTEGER EndOfFile; 3008 LARGE_INTEGER AllocationSize; 3009 ULONG FileAttributes; 3010 ULONG FileNameLength; 3011 ULONG EaSize; 3012 CCHAR ShortNameLength; 3013 WCHAR ShortName[12]; 3014 LARGE_INTEGER FileId; 3015 WCHAR FileName[1]; 3016 } FILE_ID_BOTH_DIR_INFORMATION, *PFILE_ID_BOTH_DIR_INFORMATION; 3017 3018 typedef struct _FILE_NAMES_INFORMATION { 3019 ULONG NextEntryOffset; 3020 ULONG FileIndex; 3021 ULONG FileNameLength; 3022 WCHAR FileName[1]; 3023 } FILE_NAMES_INFORMATION, *PFILE_NAMES_INFORMATION; 3024 3025 typedef struct _FILE_ID_GLOBAL_TX_DIR_INFORMATION { 3026 ULONG NextEntryOffset; 3027 ULONG FileIndex; 3028 LARGE_INTEGER CreationTime; 3029 LARGE_INTEGER LastAccessTime; 3030 LARGE_INTEGER LastWriteTime; 3031 LARGE_INTEGER ChangeTime; 3032 LARGE_INTEGER EndOfFile; 3033 LARGE_INTEGER AllocationSize; 3034 ULONG FileAttributes; 3035 ULONG FileNameLength; 3036 LARGE_INTEGER FileId; 3037 GUID LockingTransactionId; 3038 ULONG TxInfoFlags; 3039 WCHAR FileName[1]; 3040 } FILE_ID_GLOBAL_TX_DIR_INFORMATION, *PFILE_ID_GLOBAL_TX_DIR_INFORMATION; 3041 3042 #define FILE_ID_GLOBAL_TX_DIR_INFO_FLAG_WRITELOCKED 0x00000001 3043 #define FILE_ID_GLOBAL_TX_DIR_INFO_FLAG_VISIBLE_TO_TX 0x00000002 3044 #define FILE_ID_GLOBAL_TX_DIR_INFO_FLAG_VISIBLE_OUTSIDE_TX 0x00000004 3045 3046 typedef struct _FILE_OBJECTID_INFORMATION { 3047 LONGLONG FileReference; 3048 UCHAR ObjectId[16]; 3049 _ANONYMOUS_UNION union { 3050 _ANONYMOUS_STRUCT struct { 3051 UCHAR BirthVolumeId[16]; 3052 UCHAR BirthObjectId[16]; 3053 UCHAR DomainId[16]; 3054 } DUMMYSTRUCTNAME; 3055 UCHAR ExtendedInfo[48]; 3056 } DUMMYUNIONNAME; 3057 } FILE_OBJECTID_INFORMATION, *PFILE_OBJECTID_INFORMATION; 3058 3059 #define ANSI_DOS_STAR ('<') 3060 #define ANSI_DOS_QM ('>') 3061 #define ANSI_DOS_DOT ('"') 3062 3063 #define DOS_STAR (L'<') 3064 #define DOS_QM (L'>') 3065 #define DOS_DOT (L'"') 3066 3067 typedef struct _FILE_INTERNAL_INFORMATION { 3068 LARGE_INTEGER IndexNumber; 3069 } FILE_INTERNAL_INFORMATION, *PFILE_INTERNAL_INFORMATION; 3070 3071 typedef struct _FILE_EA_INFORMATION { 3072 ULONG EaSize; 3073 } FILE_EA_INFORMATION, *PFILE_EA_INFORMATION; 3074 3075 typedef struct _FILE_ACCESS_INFORMATION { 3076 ACCESS_MASK AccessFlags; 3077 } FILE_ACCESS_INFORMATION, *PFILE_ACCESS_INFORMATION; 3078 3079 typedef struct _FILE_MODE_INFORMATION { 3080 ULONG Mode; 3081 } FILE_MODE_INFORMATION, *PFILE_MODE_INFORMATION; 3082 3083 typedef struct _FILE_ALL_INFORMATION { 3084 FILE_BASIC_INFORMATION BasicInformation; 3085 FILE_STANDARD_INFORMATION StandardInformation; 3086 FILE_INTERNAL_INFORMATION InternalInformation; 3087 FILE_EA_INFORMATION EaInformation; 3088 FILE_ACCESS_INFORMATION AccessInformation; 3089 FILE_POSITION_INFORMATION PositionInformation; 3090 FILE_MODE_INFORMATION ModeInformation; 3091 FILE_ALIGNMENT_INFORMATION AlignmentInformation; 3092 FILE_NAME_INFORMATION NameInformation; 3093 } FILE_ALL_INFORMATION, *PFILE_ALL_INFORMATION; 3094 3095 typedef struct _FILE_ALLOCATION_INFORMATION { 3096 LARGE_INTEGER AllocationSize; 3097 } FILE_ALLOCATION_INFORMATION, *PFILE_ALLOCATION_INFORMATION; 3098 3099 typedef struct _FILE_COMPRESSION_INFORMATION { 3100 LARGE_INTEGER CompressedFileSize; 3101 USHORT CompressionFormat; 3102 UCHAR CompressionUnitShift; 3103 UCHAR ChunkShift; 3104 UCHAR ClusterShift; 3105 UCHAR Reserved[3]; 3106 } FILE_COMPRESSION_INFORMATION, *PFILE_COMPRESSION_INFORMATION; 3107 3108 typedef struct _FILE_LINK_INFORMATION { 3109 BOOLEAN ReplaceIfExists; 3110 HANDLE RootDirectory; 3111 ULONG FileNameLength; 3112 WCHAR FileName[1]; 3113 } FILE_LINK_INFORMATION, *PFILE_LINK_INFORMATION; 3114 3115 typedef struct _FILE_MOVE_CLUSTER_INFORMATION { 3116 ULONG ClusterCount; 3117 HANDLE RootDirectory; 3118 ULONG FileNameLength; 3119 WCHAR FileName[1]; 3120 } FILE_MOVE_CLUSTER_INFORMATION, *PFILE_MOVE_CLUSTER_INFORMATION; 3121 3122 typedef struct _FILE_RENAME_INFORMATION { 3123 BOOLEAN ReplaceIfExists; 3124 HANDLE RootDirectory; 3125 ULONG FileNameLength; 3126 WCHAR FileName[1]; 3127 } FILE_RENAME_INFORMATION, *PFILE_RENAME_INFORMATION; 3128 3129 typedef struct _FILE_STREAM_INFORMATION { 3130 ULONG NextEntryOffset; 3131 ULONG StreamNameLength; 3132 LARGE_INTEGER StreamSize; 3133 LARGE_INTEGER StreamAllocationSize; 3134 WCHAR StreamName[1]; 3135 } FILE_STREAM_INFORMATION, *PFILE_STREAM_INFORMATION; 3136 3137 typedef struct _FILE_TRACKING_INFORMATION { 3138 HANDLE DestinationFile; 3139 ULONG ObjectInformationLength; 3140 CHAR ObjectInformation[1]; 3141 } FILE_TRACKING_INFORMATION, *PFILE_TRACKING_INFORMATION; 3142 3143 typedef struct _FILE_COMPLETION_INFORMATION { 3144 HANDLE Port; 3145 PVOID Key; 3146 } FILE_COMPLETION_INFORMATION, *PFILE_COMPLETION_INFORMATION; 3147 3148 typedef struct _FILE_PIPE_INFORMATION { 3149 ULONG ReadMode; 3150 ULONG CompletionMode; 3151 } FILE_PIPE_INFORMATION, *PFILE_PIPE_INFORMATION; 3152 3153 typedef struct _FILE_PIPE_LOCAL_INFORMATION { 3154 ULONG NamedPipeType; 3155 ULONG NamedPipeConfiguration; 3156 ULONG MaximumInstances; 3157 ULONG CurrentInstances; 3158 ULONG InboundQuota; 3159 ULONG ReadDataAvailable; 3160 ULONG OutboundQuota; 3161 ULONG WriteQuotaAvailable; 3162 ULONG NamedPipeState; 3163 ULONG NamedPipeEnd; 3164 } FILE_PIPE_LOCAL_INFORMATION, *PFILE_PIPE_LOCAL_INFORMATION; 3165 3166 typedef struct _FILE_PIPE_REMOTE_INFORMATION { 3167 LARGE_INTEGER CollectDataTime; 3168 ULONG MaximumCollectionCount; 3169 } FILE_PIPE_REMOTE_INFORMATION, *PFILE_PIPE_REMOTE_INFORMATION; 3170 3171 typedef struct _FILE_MAILSLOT_QUERY_INFORMATION { 3172 ULONG MaximumMessageSize; 3173 ULONG MailslotQuota; 3174 ULONG NextMessageSize; 3175 ULONG MessagesAvailable; 3176 LARGE_INTEGER ReadTimeout; 3177 } FILE_MAILSLOT_QUERY_INFORMATION, *PFILE_MAILSLOT_QUERY_INFORMATION; 3178 3179 typedef struct _FILE_MAILSLOT_SET_INFORMATION { 3180 PLARGE_INTEGER ReadTimeout; 3181 } FILE_MAILSLOT_SET_INFORMATION, *PFILE_MAILSLOT_SET_INFORMATION; 3182 3183 typedef struct _FILE_REPARSE_POINT_INFORMATION { 3184 LONGLONG FileReference; 3185 ULONG Tag; 3186 } FILE_REPARSE_POINT_INFORMATION, *PFILE_REPARSE_POINT_INFORMATION; 3187 3188 typedef struct _FILE_LINK_ENTRY_INFORMATION { 3189 ULONG NextEntryOffset; 3190 LONGLONG ParentFileId; 3191 ULONG FileNameLength; 3192 WCHAR FileName[1]; 3193 } FILE_LINK_ENTRY_INFORMATION, *PFILE_LINK_ENTRY_INFORMATION; 3194 3195 typedef struct _FILE_LINKS_INFORMATION { 3196 ULONG BytesNeeded; 3197 ULONG EntriesReturned; 3198 FILE_LINK_ENTRY_INFORMATION Entry; 3199 } FILE_LINKS_INFORMATION, *PFILE_LINKS_INFORMATION; 3200 3201 typedef struct _FILE_NETWORK_PHYSICAL_NAME_INFORMATION { 3202 ULONG FileNameLength; 3203 WCHAR FileName[1]; 3204 } FILE_NETWORK_PHYSICAL_NAME_INFORMATION, *PFILE_NETWORK_PHYSICAL_NAME_INFORMATION; 3205 3206 typedef struct _FILE_STANDARD_LINK_INFORMATION { 3207 ULONG NumberOfAccessibleLinks; 3208 ULONG TotalNumberOfLinks; 3209 BOOLEAN DeletePending; 3210 BOOLEAN Directory; 3211 } FILE_STANDARD_LINK_INFORMATION, *PFILE_STANDARD_LINK_INFORMATION; 3212 3213 typedef struct _FILE_GET_EA_INFORMATION { 3214 ULONG NextEntryOffset; 3215 UCHAR EaNameLength; 3216 CHAR EaName[1]; 3217 } FILE_GET_EA_INFORMATION, *PFILE_GET_EA_INFORMATION; 3218 3219 #define REMOTE_PROTOCOL_FLAG_LOOPBACK 0x00000001 3220 #define REMOTE_PROTOCOL_FLAG_OFFLINE 0x00000002 3221 3222 typedef struct _FILE_REMOTE_PROTOCOL_INFORMATION { 3223 USHORT StructureVersion; 3224 USHORT StructureSize; 3225 ULONG Protocol; 3226 USHORT ProtocolMajorVersion; 3227 USHORT ProtocolMinorVersion; 3228 USHORT ProtocolRevision; 3229 USHORT Reserved; 3230 ULONG Flags; 3231 struct { 3232 ULONG Reserved[8]; 3233 } GenericReserved; 3234 struct { 3235 ULONG Reserved[16]; 3236 } ProtocolSpecificReserved; 3237 } FILE_REMOTE_PROTOCOL_INFORMATION, *PFILE_REMOTE_PROTOCOL_INFORMATION; 3238 3239 typedef struct _FILE_GET_QUOTA_INFORMATION { 3240 ULONG NextEntryOffset; 3241 ULONG SidLength; 3242 SID Sid; 3243 } FILE_GET_QUOTA_INFORMATION, *PFILE_GET_QUOTA_INFORMATION; 3244 3245 typedef struct _FILE_QUOTA_INFORMATION { 3246 ULONG NextEntryOffset; 3247 ULONG SidLength; 3248 LARGE_INTEGER ChangeTime; 3249 LARGE_INTEGER QuotaUsed; 3250 LARGE_INTEGER QuotaThreshold; 3251 LARGE_INTEGER QuotaLimit; 3252 SID Sid; 3253 } FILE_QUOTA_INFORMATION, *PFILE_QUOTA_INFORMATION; 3254 3255 typedef struct _FILE_FS_ATTRIBUTE_INFORMATION { 3256 ULONG FileSystemAttributes; 3257 ULONG MaximumComponentNameLength; 3258 ULONG FileSystemNameLength; 3259 WCHAR FileSystemName[1]; 3260 } FILE_FS_ATTRIBUTE_INFORMATION, *PFILE_FS_ATTRIBUTE_INFORMATION; 3261 3262 typedef struct _FILE_FS_DRIVER_PATH_INFORMATION { 3263 BOOLEAN DriverInPath; 3264 ULONG DriverNameLength; 3265 WCHAR DriverName[1]; 3266 } FILE_FS_DRIVER_PATH_INFORMATION, *PFILE_FS_DRIVER_PATH_INFORMATION; 3267 3268 typedef struct _FILE_FS_VOLUME_FLAGS_INFORMATION { 3269 ULONG Flags; 3270 } FILE_FS_VOLUME_FLAGS_INFORMATION, *PFILE_FS_VOLUME_FLAGS_INFORMATION; 3271 3272 #define FILE_VC_QUOTA_NONE 0x00000000 3273 #define FILE_VC_QUOTA_TRACK 0x00000001 3274 #define FILE_VC_QUOTA_ENFORCE 0x00000002 3275 #define FILE_VC_QUOTA_MASK 0x00000003 3276 #define FILE_VC_CONTENT_INDEX_DISABLED 0x00000008 3277 #define FILE_VC_LOG_QUOTA_THRESHOLD 0x00000010 3278 #define FILE_VC_LOG_QUOTA_LIMIT 0x00000020 3279 #define FILE_VC_LOG_VOLUME_THRESHOLD 0x00000040 3280 #define FILE_VC_LOG_VOLUME_LIMIT 0x00000080 3281 #define FILE_VC_QUOTAS_INCOMPLETE 0x00000100 3282 #define FILE_VC_QUOTAS_REBUILDING 0x00000200 3283 #define FILE_VC_VALID_MASK 0x000003ff 3284 3285 typedef struct _FILE_FS_CONTROL_INFORMATION { 3286 LARGE_INTEGER FreeSpaceStartFiltering; 3287 LARGE_INTEGER FreeSpaceThreshold; 3288 LARGE_INTEGER FreeSpaceStopFiltering; 3289 LARGE_INTEGER DefaultQuotaThreshold; 3290 LARGE_INTEGER DefaultQuotaLimit; 3291 ULONG FileSystemControlFlags; 3292 } FILE_FS_CONTROL_INFORMATION, *PFILE_FS_CONTROL_INFORMATION; 3293 3294 #ifndef _FILESYSTEMFSCTL_ 3295 #define _FILESYSTEMFSCTL_ 3296 3297 #define FSCTL_REQUEST_OPLOCK_LEVEL_1 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 0, METHOD_BUFFERED, FILE_ANY_ACCESS) 3298 #define FSCTL_REQUEST_OPLOCK_LEVEL_2 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 1, METHOD_BUFFERED, FILE_ANY_ACCESS) 3299 #define FSCTL_REQUEST_BATCH_OPLOCK CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 2, METHOD_BUFFERED, FILE_ANY_ACCESS) 3300 #define FSCTL_OPLOCK_BREAK_ACKNOWLEDGE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 3, METHOD_BUFFERED, FILE_ANY_ACCESS) 3301 #define FSCTL_OPBATCH_ACK_CLOSE_PENDING CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 4, METHOD_BUFFERED, FILE_ANY_ACCESS) 3302 #define FSCTL_OPLOCK_BREAK_NOTIFY CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 5, METHOD_BUFFERED, FILE_ANY_ACCESS) 3303 #define FSCTL_LOCK_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 6, METHOD_BUFFERED, FILE_ANY_ACCESS) 3304 #define FSCTL_UNLOCK_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 7, METHOD_BUFFERED, FILE_ANY_ACCESS) 3305 #define FSCTL_DISMOUNT_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 8, METHOD_BUFFERED, FILE_ANY_ACCESS) 3306 #define FSCTL_IS_VOLUME_MOUNTED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 10, METHOD_BUFFERED, FILE_ANY_ACCESS) 3307 #define FSCTL_IS_PATHNAME_VALID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 11, METHOD_BUFFERED, FILE_ANY_ACCESS) 3308 #define FSCTL_MARK_VOLUME_DIRTY CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 12, METHOD_BUFFERED, FILE_ANY_ACCESS) 3309 #define FSCTL_QUERY_RETRIEVAL_POINTERS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 14, METHOD_NEITHER, FILE_ANY_ACCESS) 3310 #define FSCTL_GET_COMPRESSION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 15, METHOD_BUFFERED, FILE_ANY_ACCESS) 3311 #define FSCTL_SET_COMPRESSION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 16, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA) 3312 #define FSCTL_SET_BOOTLOADER_ACCESSED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 19, METHOD_NEITHER, FILE_ANY_ACCESS) 3313 3314 #define FSCTL_OPLOCK_BREAK_ACK_NO_2 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 20, METHOD_BUFFERED, FILE_ANY_ACCESS) 3315 #define FSCTL_INVALIDATE_VOLUMES CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 21, METHOD_BUFFERED, FILE_ANY_ACCESS) 3316 #define FSCTL_QUERY_FAT_BPB CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 22, METHOD_BUFFERED, FILE_ANY_ACCESS) 3317 #define FSCTL_REQUEST_FILTER_OPLOCK CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 23, METHOD_BUFFERED, FILE_ANY_ACCESS) 3318 #define FSCTL_FILESYSTEM_GET_STATISTICS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 24, METHOD_BUFFERED, FILE_ANY_ACCESS) 3319 3320 #if (_WIN32_WINNT >= 0x0400) 3321 3322 #define FSCTL_GET_NTFS_VOLUME_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 25, METHOD_BUFFERED, FILE_ANY_ACCESS) 3323 #define FSCTL_GET_NTFS_FILE_RECORD CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 26, METHOD_BUFFERED, FILE_ANY_ACCESS) 3324 #define FSCTL_GET_VOLUME_BITMAP CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 27, METHOD_NEITHER, FILE_ANY_ACCESS) 3325 #define FSCTL_GET_RETRIEVAL_POINTERS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 28, METHOD_NEITHER, FILE_ANY_ACCESS) 3326 #define FSCTL_MOVE_FILE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 29, METHOD_BUFFERED, FILE_SPECIAL_ACCESS) 3327 #define FSCTL_IS_VOLUME_DIRTY CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 30, METHOD_BUFFERED, FILE_ANY_ACCESS) 3328 #define FSCTL_ALLOW_EXTENDED_DASD_IO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 32, METHOD_NEITHER, FILE_ANY_ACCESS) 3329 3330 #endif 3331 3332 #if (_WIN32_WINNT >= 0x0500) 3333 3334 #define FSCTL_FIND_FILES_BY_SID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 35, METHOD_NEITHER, FILE_ANY_ACCESS) 3335 #define FSCTL_SET_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 38, METHOD_BUFFERED, FILE_SPECIAL_ACCESS) 3336 #define FSCTL_GET_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 39, METHOD_BUFFERED, FILE_ANY_ACCESS) 3337 #define FSCTL_DELETE_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 40, METHOD_BUFFERED, FILE_SPECIAL_ACCESS) 3338 #define FSCTL_SET_REPARSE_POINT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 41, METHOD_BUFFERED, FILE_SPECIAL_ACCESS) 3339 #define FSCTL_GET_REPARSE_POINT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 42, METHOD_BUFFERED, FILE_ANY_ACCESS) 3340 #define FSCTL_DELETE_REPARSE_POINT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 43, METHOD_BUFFERED, FILE_SPECIAL_ACCESS) 3341 #define FSCTL_ENUM_USN_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 44, METHOD_NEITHER, FILE_ANY_ACCESS) 3342 #define FSCTL_SECURITY_ID_CHECK CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 45, METHOD_NEITHER, FILE_READ_DATA) 3343 #define FSCTL_READ_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 46, METHOD_NEITHER, FILE_ANY_ACCESS) 3344 #define FSCTL_SET_OBJECT_ID_EXTENDED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 47, METHOD_BUFFERED, FILE_SPECIAL_ACCESS) 3345 #define FSCTL_CREATE_OR_GET_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 48, METHOD_BUFFERED, FILE_ANY_ACCESS) 3346 #define FSCTL_SET_SPARSE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 49, METHOD_BUFFERED, FILE_SPECIAL_ACCESS) 3347 #define FSCTL_SET_ZERO_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 50, METHOD_BUFFERED, FILE_WRITE_DATA) 3348 #define FSCTL_QUERY_ALLOCATED_RANGES CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 51, METHOD_NEITHER, FILE_READ_DATA) 3349 #define FSCTL_ENABLE_UPGRADE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 52, METHOD_BUFFERED, FILE_WRITE_DATA) 3350 #define FSCTL_SET_ENCRYPTION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 53, METHOD_NEITHER, FILE_ANY_ACCESS) 3351 #define FSCTL_ENCRYPTION_FSCTL_IO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 54, METHOD_NEITHER, FILE_ANY_ACCESS) 3352 #define FSCTL_WRITE_RAW_ENCRYPTED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 55, METHOD_NEITHER, FILE_SPECIAL_ACCESS) 3353 #define FSCTL_READ_RAW_ENCRYPTED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 56, METHOD_NEITHER, FILE_SPECIAL_ACCESS) 3354 #define FSCTL_CREATE_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 57, METHOD_NEITHER, FILE_ANY_ACCESS) 3355 #define FSCTL_READ_FILE_USN_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 58, METHOD_NEITHER, FILE_ANY_ACCESS) 3356 #define FSCTL_WRITE_USN_CLOSE_RECORD CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 59, METHOD_NEITHER, FILE_ANY_ACCESS) 3357 #define FSCTL_EXTEND_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 60, METHOD_BUFFERED, FILE_ANY_ACCESS) 3358 #define FSCTL_QUERY_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 61, METHOD_BUFFERED, FILE_ANY_ACCESS) 3359 #define FSCTL_DELETE_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 62, METHOD_BUFFERED, FILE_ANY_ACCESS) 3360 #define FSCTL_MARK_HANDLE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 63, METHOD_BUFFERED, FILE_ANY_ACCESS) 3361 #define FSCTL_SIS_COPYFILE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 64, METHOD_BUFFERED, FILE_ANY_ACCESS) 3362 #define FSCTL_SIS_LINK_FILES CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 65, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA) 3363 #define FSCTL_RECALL_FILE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 69, METHOD_NEITHER, FILE_ANY_ACCESS) 3364 #define FSCTL_READ_FROM_PLEX CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 71, METHOD_OUT_DIRECT, FILE_READ_DATA) 3365 #define FSCTL_FILE_PREFETCH CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 72, METHOD_BUFFERED, FILE_SPECIAL_ACCESS) 3366 3367 #endif 3368 3369 #if (_WIN32_WINNT >= 0x0600) 3370 3371 #define FSCTL_MAKE_MEDIA_COMPATIBLE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 76, METHOD_BUFFERED, FILE_WRITE_DATA) 3372 #define FSCTL_SET_DEFECT_MANAGEMENT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 77, METHOD_BUFFERED, FILE_WRITE_DATA) 3373 #define FSCTL_QUERY_SPARING_INFO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 78, METHOD_BUFFERED, FILE_ANY_ACCESS) 3374 #define FSCTL_QUERY_ON_DISK_VOLUME_INFO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 79, METHOD_BUFFERED, FILE_ANY_ACCESS) 3375 #define FSCTL_SET_VOLUME_COMPRESSION_STATE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 80, METHOD_BUFFERED, FILE_SPECIAL_ACCESS) 3376 #define FSCTL_TXFS_MODIFY_RM CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 81, METHOD_BUFFERED, FILE_WRITE_DATA) 3377 #define FSCTL_TXFS_QUERY_RM_INFORMATION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 82, METHOD_BUFFERED, FILE_READ_DATA) 3378 #define FSCTL_TXFS_ROLLFORWARD_REDO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 84, METHOD_BUFFERED, FILE_WRITE_DATA) 3379 #define FSCTL_TXFS_ROLLFORWARD_UNDO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 85, METHOD_BUFFERED, FILE_WRITE_DATA) 3380 #define FSCTL_TXFS_START_RM CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 86, METHOD_BUFFERED, FILE_WRITE_DATA) 3381 #define FSCTL_TXFS_SHUTDOWN_RM CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 87, METHOD_BUFFERED, FILE_WRITE_DATA) 3382 #define FSCTL_TXFS_READ_BACKUP_INFORMATION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 88, METHOD_BUFFERED, FILE_READ_DATA) 3383 #define FSCTL_TXFS_WRITE_BACKUP_INFORMATION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 89, METHOD_BUFFERED, FILE_WRITE_DATA) 3384 #define FSCTL_TXFS_CREATE_SECONDARY_RM CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 90, METHOD_BUFFERED, FILE_WRITE_DATA) 3385 #define FSCTL_TXFS_GET_METADATA_INFO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 91, METHOD_BUFFERED, FILE_READ_DATA) 3386 #define FSCTL_TXFS_GET_TRANSACTED_VERSION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 92, METHOD_BUFFERED, FILE_READ_DATA) 3387 #define FSCTL_TXFS_SAVEPOINT_INFORMATION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 94, METHOD_BUFFERED, FILE_WRITE_DATA) 3388 #define FSCTL_TXFS_CREATE_MINIVERSION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 95, METHOD_BUFFERED, FILE_WRITE_DATA) 3389 #define FSCTL_TXFS_TRANSACTION_ACTIVE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 99, METHOD_BUFFERED, FILE_READ_DATA) 3390 #define FSCTL_SET_ZERO_ON_DEALLOCATION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 101, METHOD_BUFFERED, FILE_SPECIAL_ACCESS) 3391 #define FSCTL_SET_REPAIR CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 102, METHOD_BUFFERED, FILE_ANY_ACCESS) 3392 #define FSCTL_GET_REPAIR CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 103, METHOD_BUFFERED, FILE_ANY_ACCESS) 3393 #define FSCTL_WAIT_FOR_REPAIR CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 104, METHOD_BUFFERED, FILE_ANY_ACCESS) 3394 #define FSCTL_INITIATE_REPAIR CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 106, METHOD_BUFFERED, FILE_ANY_ACCESS) 3395 #define FSCTL_CSC_INTERNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 107, METHOD_NEITHER, FILE_ANY_ACCESS) 3396 #define FSCTL_SHRINK_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 108, METHOD_BUFFERED, FILE_SPECIAL_ACCESS) 3397 #define FSCTL_SET_SHORT_NAME_BEHAVIOR CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 109, METHOD_BUFFERED, FILE_ANY_ACCESS) 3398 #define FSCTL_DFSR_SET_GHOST_HANDLE_STATE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 110, METHOD_BUFFERED, FILE_ANY_ACCESS) 3399 3400 #define FSCTL_TXFS_LIST_TRANSACTION_LOCKED_FILES \ 3401 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 120, METHOD_BUFFERED, FILE_READ_DATA) 3402 #define FSCTL_TXFS_LIST_TRANSACTIONS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 121, METHOD_BUFFERED, FILE_READ_DATA) 3403 #define FSCTL_QUERY_PAGEFILE_ENCRYPTION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 122, METHOD_BUFFERED, FILE_ANY_ACCESS) 3404 #define FSCTL_RESET_VOLUME_ALLOCATION_HINTS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 123, METHOD_BUFFERED, FILE_ANY_ACCESS) 3405 #define FSCTL_TXFS_READ_BACKUP_INFORMATION2 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 126, METHOD_BUFFERED, FILE_ANY_ACCESS) 3406 3407 #endif 3408 3409 #if (_WIN32_WINNT >= 0x0601) 3410 3411 #define FSCTL_QUERY_DEPENDENT_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 124, METHOD_BUFFERED, FILE_ANY_ACCESS) 3412 #define FSCTL_SD_GLOBAL_CHANGE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 125, METHOD_BUFFERED, FILE_ANY_ACCESS) 3413 #define FSCTL_LOOKUP_STREAM_FROM_CLUSTER CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 127, METHOD_BUFFERED, FILE_ANY_ACCESS) 3414 #define FSCTL_TXFS_WRITE_BACKUP_INFORMATION2 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 128, METHOD_BUFFERED, FILE_ANY_ACCESS) 3415 #define FSCTL_FILE_TYPE_NOTIFICATION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 129, METHOD_BUFFERED, FILE_ANY_ACCESS) 3416 #define FSCTL_GET_BOOT_AREA_INFO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 140, METHOD_BUFFERED, FILE_ANY_ACCESS) 3417 #define FSCTL_GET_RETRIEVAL_POINTER_BASE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 141, METHOD_BUFFERED, FILE_ANY_ACCESS) 3418 #define FSCTL_SET_PERSISTENT_VOLUME_STATE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 142, METHOD_BUFFERED, FILE_ANY_ACCESS) 3419 #define FSCTL_QUERY_PERSISTENT_VOLUME_STATE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 143, METHOD_BUFFERED, FILE_ANY_ACCESS) 3420 3421 #define FSCTL_REQUEST_OPLOCK CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 144, METHOD_BUFFERED, FILE_ANY_ACCESS) 3422 3423 #define FSCTL_CSV_TUNNEL_REQUEST CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 145, METHOD_BUFFERED, FILE_ANY_ACCESS) 3424 #define FSCTL_IS_CSV_FILE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 146, METHOD_BUFFERED, FILE_ANY_ACCESS) 3425 3426 #define FSCTL_QUERY_FILE_SYSTEM_RECOGNITION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 147, METHOD_BUFFERED, FILE_ANY_ACCESS) 3427 #define FSCTL_CSV_GET_VOLUME_PATH_NAME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 148, METHOD_BUFFERED, FILE_ANY_ACCESS) 3428 #define FSCTL_CSV_GET_VOLUME_NAME_FOR_VOLUME_MOUNT_POINT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 149, METHOD_BUFFERED, FILE_ANY_ACCESS) 3429 #define FSCTL_CSV_GET_VOLUME_PATH_NAMES_FOR_VOLUME_NAME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 150, METHOD_BUFFERED, FILE_ANY_ACCESS) 3430 #define FSCTL_IS_FILE_ON_CSV_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 151, METHOD_BUFFERED, FILE_ANY_ACCESS) 3431 3432 typedef struct _CSV_NAMESPACE_INFO { 3433 ULONG Version; 3434 ULONG DeviceNumber; 3435 LARGE_INTEGER StartingOffset; 3436 ULONG SectorSize; 3437 } CSV_NAMESPACE_INFO, *PCSV_NAMESPACE_INFO; 3438 3439 #define CSV_NAMESPACE_INFO_V1 (sizeof(CSV_NAMESPACE_INFO)) 3440 #define CSV_INVALID_DEVICE_NUMBER 0xFFFFFFFF 3441 3442 #endif 3443 3444 #define FSCTL_MARK_AS_SYSTEM_HIVE FSCTL_SET_BOOTLOADER_ACCESSED 3445 3446 typedef struct _PATHNAME_BUFFER { 3447 ULONG PathNameLength; 3448 WCHAR Name[1]; 3449 } PATHNAME_BUFFER, *PPATHNAME_BUFFER; 3450 3451 typedef struct _FSCTL_QUERY_FAT_BPB_BUFFER { 3452 UCHAR First0x24BytesOfBootSector[0x24]; 3453 } FSCTL_QUERY_FAT_BPB_BUFFER, *PFSCTL_QUERY_FAT_BPB_BUFFER; 3454 3455 #if (_WIN32_WINNT >= 0x0400) 3456 3457 typedef struct _NTFS_VOLUME_DATA_BUFFER { 3458 LARGE_INTEGER VolumeSerialNumber; 3459 LARGE_INTEGER NumberSectors; 3460 LARGE_INTEGER TotalClusters; 3461 LARGE_INTEGER FreeClusters; 3462 LARGE_INTEGER TotalReserved; 3463 ULONG BytesPerSector; 3464 ULONG BytesPerCluster; 3465 ULONG BytesPerFileRecordSegment; 3466 ULONG ClustersPerFileRecordSegment; 3467 LARGE_INTEGER MftValidDataLength; 3468 LARGE_INTEGER MftStartLcn; 3469 LARGE_INTEGER Mft2StartLcn; 3470 LARGE_INTEGER MftZoneStart; 3471 LARGE_INTEGER MftZoneEnd; 3472 } NTFS_VOLUME_DATA_BUFFER, *PNTFS_VOLUME_DATA_BUFFER; 3473 3474 typedef struct _NTFS_EXTENDED_VOLUME_DATA { 3475 ULONG ByteCount; 3476 USHORT MajorVersion; 3477 USHORT MinorVersion; 3478 } NTFS_EXTENDED_VOLUME_DATA, *PNTFS_EXTENDED_VOLUME_DATA; 3479 3480 typedef struct _STARTING_LCN_INPUT_BUFFER { 3481 LARGE_INTEGER StartingLcn; 3482 } STARTING_LCN_INPUT_BUFFER, *PSTARTING_LCN_INPUT_BUFFER; 3483 3484 typedef struct _VOLUME_BITMAP_BUFFER { 3485 LARGE_INTEGER StartingLcn; 3486 LARGE_INTEGER BitmapSize; 3487 UCHAR Buffer[1]; 3488 } VOLUME_BITMAP_BUFFER, *PVOLUME_BITMAP_BUFFER; 3489 3490 typedef struct _STARTING_VCN_INPUT_BUFFER { 3491 LARGE_INTEGER StartingVcn; 3492 } STARTING_VCN_INPUT_BUFFER, *PSTARTING_VCN_INPUT_BUFFER; 3493 3494 typedef struct _RETRIEVAL_POINTERS_BUFFER { 3495 ULONG ExtentCount; 3496 LARGE_INTEGER StartingVcn; 3497 struct { 3498 LARGE_INTEGER NextVcn; 3499 LARGE_INTEGER Lcn; 3500 } Extents[1]; 3501 } RETRIEVAL_POINTERS_BUFFER, *PRETRIEVAL_POINTERS_BUFFER; 3502 3503 typedef struct _NTFS_FILE_RECORD_INPUT_BUFFER { 3504 LARGE_INTEGER FileReferenceNumber; 3505 } NTFS_FILE_RECORD_INPUT_BUFFER, *PNTFS_FILE_RECORD_INPUT_BUFFER; 3506 3507 typedef struct _NTFS_FILE_RECORD_OUTPUT_BUFFER { 3508 LARGE_INTEGER FileReferenceNumber; 3509 ULONG FileRecordLength; 3510 UCHAR FileRecordBuffer[1]; 3511 } NTFS_FILE_RECORD_OUTPUT_BUFFER, *PNTFS_FILE_RECORD_OUTPUT_BUFFER; 3512 3513 typedef struct _MOVE_FILE_DATA { 3514 HANDLE FileHandle; 3515 LARGE_INTEGER StartingVcn; 3516 LARGE_INTEGER StartingLcn; 3517 ULONG ClusterCount; 3518 } MOVE_FILE_DATA, *PMOVE_FILE_DATA; 3519 3520 typedef struct _MOVE_FILE_RECORD_DATA { 3521 HANDLE FileHandle; 3522 LARGE_INTEGER SourceFileRecord; 3523 LARGE_INTEGER TargetFileRecord; 3524 } MOVE_FILE_RECORD_DATA, *PMOVE_FILE_RECORD_DATA; 3525 3526 #if defined(_WIN64) 3527 typedef struct _MOVE_FILE_DATA32 { 3528 UINT32 FileHandle; 3529 LARGE_INTEGER StartingVcn; 3530 LARGE_INTEGER StartingLcn; 3531 ULONG ClusterCount; 3532 } MOVE_FILE_DATA32, *PMOVE_FILE_DATA32; 3533 #endif 3534 3535 #endif /* (_WIN32_WINNT >= 0x0400) */ 3536 3537 #if (_WIN32_WINNT >= 0x0500) 3538 3539 typedef struct _FIND_BY_SID_DATA { 3540 ULONG Restart; 3541 SID Sid; 3542 } FIND_BY_SID_DATA, *PFIND_BY_SID_DATA; 3543 3544 typedef struct _FIND_BY_SID_OUTPUT { 3545 ULONG NextEntryOffset; 3546 ULONG FileIndex; 3547 ULONG FileNameLength; 3548 WCHAR FileName[1]; 3549 } FIND_BY_SID_OUTPUT, *PFIND_BY_SID_OUTPUT; 3550 3551 typedef struct _MFT_ENUM_DATA { 3552 ULONGLONG StartFileReferenceNumber; 3553 USN LowUsn; 3554 USN HighUsn; 3555 } MFT_ENUM_DATA, *PMFT_ENUM_DATA; 3556 3557 typedef struct _CREATE_USN_JOURNAL_DATA { 3558 ULONGLONG MaximumSize; 3559 ULONGLONG AllocationDelta; 3560 } CREATE_USN_JOURNAL_DATA, *PCREATE_USN_JOURNAL_DATA; 3561 3562 typedef struct _READ_USN_JOURNAL_DATA { 3563 USN StartUsn; 3564 ULONG ReasonMask; 3565 ULONG ReturnOnlyOnClose; 3566 ULONGLONG Timeout; 3567 ULONGLONG BytesToWaitFor; 3568 ULONGLONG UsnJournalID; 3569 } READ_USN_JOURNAL_DATA, *PREAD_USN_JOURNAL_DATA; 3570 3571 typedef struct _USN_RECORD { 3572 ULONG RecordLength; 3573 USHORT MajorVersion; 3574 USHORT MinorVersion; 3575 ULONGLONG FileReferenceNumber; 3576 ULONGLONG ParentFileReferenceNumber; 3577 USN Usn; 3578 LARGE_INTEGER TimeStamp; 3579 ULONG Reason; 3580 ULONG SourceInfo; 3581 ULONG SecurityId; 3582 ULONG FileAttributes; 3583 USHORT FileNameLength; 3584 USHORT FileNameOffset; 3585 WCHAR FileName[1]; 3586 } USN_RECORD, *PUSN_RECORD; 3587 3588 #define USN_PAGE_SIZE (0x1000) 3589 3590 #define USN_REASON_DATA_OVERWRITE (0x00000001) 3591 #define USN_REASON_DATA_EXTEND (0x00000002) 3592 #define USN_REASON_DATA_TRUNCATION (0x00000004) 3593 #define USN_REASON_NAMED_DATA_OVERWRITE (0x00000010) 3594 #define USN_REASON_NAMED_DATA_EXTEND (0x00000020) 3595 #define USN_REASON_NAMED_DATA_TRUNCATION (0x00000040) 3596 #define USN_REASON_FILE_CREATE (0x00000100) 3597 #define USN_REASON_FILE_DELETE (0x00000200) 3598 #define USN_REASON_EA_CHANGE (0x00000400) 3599 #define USN_REASON_SECURITY_CHANGE (0x00000800) 3600 #define USN_REASON_RENAME_OLD_NAME (0x00001000) 3601 #define USN_REASON_RENAME_NEW_NAME (0x00002000) 3602 #define USN_REASON_INDEXABLE_CHANGE (0x00004000) 3603 #define USN_REASON_BASIC_INFO_CHANGE (0x00008000) 3604 #define USN_REASON_HARD_LINK_CHANGE (0x00010000) 3605 #define USN_REASON_COMPRESSION_CHANGE (0x00020000) 3606 #define USN_REASON_ENCRYPTION_CHANGE (0x00040000) 3607 #define USN_REASON_OBJECT_ID_CHANGE (0x00080000) 3608 #define USN_REASON_REPARSE_POINT_CHANGE (0x00100000) 3609 #define USN_REASON_STREAM_CHANGE (0x00200000) 3610 #define USN_REASON_TRANSACTED_CHANGE (0x00400000) 3611 #define USN_REASON_CLOSE (0x80000000) 3612 3613 typedef struct _USN_JOURNAL_DATA { 3614 ULONGLONG UsnJournalID; 3615 USN FirstUsn; 3616 USN NextUsn; 3617 USN LowestValidUsn; 3618 USN MaxUsn; 3619 ULONGLONG MaximumSize; 3620 ULONGLONG AllocationDelta; 3621 } USN_JOURNAL_DATA, *PUSN_JOURNAL_DATA; 3622 3623 typedef struct _DELETE_USN_JOURNAL_DATA { 3624 ULONGLONG UsnJournalID; 3625 ULONG DeleteFlags; 3626 } DELETE_USN_JOURNAL_DATA, *PDELETE_USN_JOURNAL_DATA; 3627 3628 #define USN_DELETE_FLAG_DELETE (0x00000001) 3629 #define USN_DELETE_FLAG_NOTIFY (0x00000002) 3630 #define USN_DELETE_VALID_FLAGS (0x00000003) 3631 3632 typedef struct _MARK_HANDLE_INFO { 3633 ULONG UsnSourceInfo; 3634 HANDLE VolumeHandle; 3635 ULONG HandleInfo; 3636 } MARK_HANDLE_INFO, *PMARK_HANDLE_INFO; 3637 3638 #if defined(_WIN64) 3639 typedef struct _MARK_HANDLE_INFO32 { 3640 ULONG UsnSourceInfo; 3641 UINT32 VolumeHandle; 3642 ULONG HandleInfo; 3643 } MARK_HANDLE_INFO32, *PMARK_HANDLE_INFO32; 3644 #endif 3645 3646 #define USN_SOURCE_DATA_MANAGEMENT (0x00000001) 3647 #define USN_SOURCE_AUXILIARY_DATA (0x00000002) 3648 #define USN_SOURCE_REPLICATION_MANAGEMENT (0x00000004) 3649 3650 #define MARK_HANDLE_PROTECT_CLUSTERS (0x00000001) 3651 #define MARK_HANDLE_TXF_SYSTEM_LOG (0x00000004) 3652 #define MARK_HANDLE_NOT_TXF_SYSTEM_LOG (0x00000008) 3653 3654 typedef struct _BULK_SECURITY_TEST_DATA { 3655 ACCESS_MASK DesiredAccess; 3656 ULONG SecurityIds[1]; 3657 } BULK_SECURITY_TEST_DATA, *PBULK_SECURITY_TEST_DATA; 3658 3659 #define VOLUME_IS_DIRTY (0x00000001) 3660 #define VOLUME_UPGRADE_SCHEDULED (0x00000002) 3661 #define VOLUME_SESSION_OPEN (0x00000004) 3662 3663 typedef struct _FILE_PREFETCH { 3664 ULONG Type; 3665 ULONG Count; 3666 ULONGLONG Prefetch[1]; 3667 } FILE_PREFETCH, *PFILE_PREFETCH; 3668 3669 typedef struct _FILE_PREFETCH_EX { 3670 ULONG Type; 3671 ULONG Count; 3672 PVOID Context; 3673 ULONGLONG Prefetch[1]; 3674 } FILE_PREFETCH_EX, *PFILE_PREFETCH_EX; 3675 3676 #define FILE_PREFETCH_TYPE_FOR_CREATE 0x1 3677 #define FILE_PREFETCH_TYPE_FOR_DIRENUM 0x2 3678 #define FILE_PREFETCH_TYPE_FOR_CREATE_EX 0x3 3679 #define FILE_PREFETCH_TYPE_FOR_DIRENUM_EX 0x4 3680 3681 #define FILE_PREFETCH_TYPE_MAX 0x4 3682 3683 typedef struct _FILE_OBJECTID_BUFFER { 3684 UCHAR ObjectId[16]; 3685 _ANONYMOUS_UNION union { 3686 _ANONYMOUS_STRUCT struct { 3687 UCHAR BirthVolumeId[16]; 3688 UCHAR BirthObjectId[16]; 3689 UCHAR DomainId[16]; 3690 } DUMMYSTRUCTNAME; 3691 UCHAR ExtendedInfo[48]; 3692 } DUMMYUNIONNAME; 3693 } FILE_OBJECTID_BUFFER, *PFILE_OBJECTID_BUFFER; 3694 3695 typedef struct _FILE_SET_SPARSE_BUFFER { 3696 BOOLEAN SetSparse; 3697 } FILE_SET_SPARSE_BUFFER, *PFILE_SET_SPARSE_BUFFER; 3698 3699 typedef struct _FILE_ZERO_DATA_INFORMATION { 3700 LARGE_INTEGER FileOffset; 3701 LARGE_INTEGER BeyondFinalZero; 3702 } FILE_ZERO_DATA_INFORMATION, *PFILE_ZERO_DATA_INFORMATION; 3703 3704 typedef struct _FILE_ALLOCATED_RANGE_BUFFER { 3705 LARGE_INTEGER FileOffset; 3706 LARGE_INTEGER Length; 3707 } FILE_ALLOCATED_RANGE_BUFFER, *PFILE_ALLOCATED_RANGE_BUFFER; 3708 3709 typedef struct _ENCRYPTION_BUFFER { 3710 ULONG EncryptionOperation; 3711 UCHAR Private[1]; 3712 } ENCRYPTION_BUFFER, *PENCRYPTION_BUFFER; 3713 3714 #define FILE_SET_ENCRYPTION 0x00000001 3715 #define FILE_CLEAR_ENCRYPTION 0x00000002 3716 #define STREAM_SET_ENCRYPTION 0x00000003 3717 #define STREAM_CLEAR_ENCRYPTION 0x00000004 3718 3719 #define MAXIMUM_ENCRYPTION_VALUE 0x00000004 3720 3721 typedef struct _DECRYPTION_STATUS_BUFFER { 3722 BOOLEAN NoEncryptedStreams; 3723 } DECRYPTION_STATUS_BUFFER, *PDECRYPTION_STATUS_BUFFER; 3724 3725 #define ENCRYPTION_FORMAT_DEFAULT (0x01) 3726 3727 #define COMPRESSION_FORMAT_SPARSE (0x4000) 3728 3729 typedef struct _REQUEST_RAW_ENCRYPTED_DATA { 3730 LONGLONG FileOffset; 3731 ULONG Length; 3732 } REQUEST_RAW_ENCRYPTED_DATA, *PREQUEST_RAW_ENCRYPTED_DATA; 3733 3734 typedef struct _ENCRYPTED_DATA_INFO { 3735 ULONGLONG StartingFileOffset; 3736 ULONG OutputBufferOffset; 3737 ULONG BytesWithinFileSize; 3738 ULONG BytesWithinValidDataLength; 3739 USHORT CompressionFormat; 3740 UCHAR DataUnitShift; 3741 UCHAR ChunkShift; 3742 UCHAR ClusterShift; 3743 UCHAR EncryptionFormat; 3744 USHORT NumberOfDataBlocks; 3745 ULONG DataBlockSize[ANYSIZE_ARRAY]; 3746 } ENCRYPTED_DATA_INFO, *PENCRYPTED_DATA_INFO; 3747 3748 typedef struct _PLEX_READ_DATA_REQUEST { 3749 LARGE_INTEGER ByteOffset; 3750 ULONG ByteLength; 3751 ULONG PlexNumber; 3752 } PLEX_READ_DATA_REQUEST, *PPLEX_READ_DATA_REQUEST; 3753 3754 typedef struct _SI_COPYFILE { 3755 ULONG SourceFileNameLength; 3756 ULONG DestinationFileNameLength; 3757 ULONG Flags; 3758 WCHAR FileNameBuffer[1]; 3759 } SI_COPYFILE, *PSI_COPYFILE; 3760 3761 #define COPYFILE_SIS_LINK 0x0001 3762 #define COPYFILE_SIS_REPLACE 0x0002 3763 #define COPYFILE_SIS_FLAGS 0x0003 3764 3765 #endif /* (_WIN32_WINNT >= 0x0500) */ 3766 3767 #if (_WIN32_WINNT >= 0x0600) 3768 3769 typedef struct _FILE_MAKE_COMPATIBLE_BUFFER { 3770 BOOLEAN CloseDisc; 3771 } FILE_MAKE_COMPATIBLE_BUFFER, *PFILE_MAKE_COMPATIBLE_BUFFER; 3772 3773 typedef struct _FILE_SET_DEFECT_MGMT_BUFFER { 3774 BOOLEAN Disable; 3775 } FILE_SET_DEFECT_MGMT_BUFFER, *PFILE_SET_DEFECT_MGMT_BUFFER; 3776 3777 typedef struct _FILE_QUERY_SPARING_BUFFER { 3778 ULONG SparingUnitBytes; 3779 BOOLEAN SoftwareSparing; 3780 ULONG TotalSpareBlocks; 3781 ULONG FreeSpareBlocks; 3782 } FILE_QUERY_SPARING_BUFFER, *PFILE_QUERY_SPARING_BUFFER; 3783 3784 typedef struct _FILE_QUERY_ON_DISK_VOL_INFO_BUFFER { 3785 LARGE_INTEGER DirectoryCount; 3786 LARGE_INTEGER FileCount; 3787 USHORT FsFormatMajVersion; 3788 USHORT FsFormatMinVersion; 3789 WCHAR FsFormatName[12]; 3790 LARGE_INTEGER FormatTime; 3791 LARGE_INTEGER LastUpdateTime; 3792 WCHAR CopyrightInfo[34]; 3793 WCHAR AbstractInfo[34]; 3794 WCHAR FormattingImplementationInfo[34]; 3795 WCHAR LastModifyingImplementationInfo[34]; 3796 } FILE_QUERY_ON_DISK_VOL_INFO_BUFFER, *PFILE_QUERY_ON_DISK_VOL_INFO_BUFFER; 3797 3798 #define SET_REPAIR_ENABLED (0x00000001) 3799 #define SET_REPAIR_VOLUME_BITMAP_SCAN (0x00000002) 3800 #define SET_REPAIR_DELETE_CROSSLINK (0x00000004) 3801 #define SET_REPAIR_WARN_ABOUT_DATA_LOSS (0x00000008) 3802 #define SET_REPAIR_DISABLED_AND_BUGCHECK_ON_CORRUPT (0x00000010) 3803 #define SET_REPAIR_VALID_MASK (0x0000001F) 3804 3805 typedef enum _SHRINK_VOLUME_REQUEST_TYPES { 3806 ShrinkPrepare = 1, 3807 ShrinkCommit, 3808 ShrinkAbort 3809 } SHRINK_VOLUME_REQUEST_TYPES, *PSHRINK_VOLUME_REQUEST_TYPES; 3810 3811 typedef struct _SHRINK_VOLUME_INFORMATION { 3812 SHRINK_VOLUME_REQUEST_TYPES ShrinkRequestType; 3813 ULONGLONG Flags; 3814 LONGLONG NewNumberOfSectors; 3815 } SHRINK_VOLUME_INFORMATION, *PSHRINK_VOLUME_INFORMATION; 3816 3817 #define TXFS_RM_FLAG_LOGGING_MODE 0x00000001 3818 #define TXFS_RM_FLAG_RENAME_RM 0x00000002 3819 #define TXFS_RM_FLAG_LOG_CONTAINER_COUNT_MAX 0x00000004 3820 #define TXFS_RM_FLAG_LOG_CONTAINER_COUNT_MIN 0x00000008 3821 #define TXFS_RM_FLAG_LOG_GROWTH_INCREMENT_NUM_CONTAINERS 0x00000010 3822 #define TXFS_RM_FLAG_LOG_GROWTH_INCREMENT_PERCENT 0x00000020 3823 #define TXFS_RM_FLAG_LOG_AUTO_SHRINK_PERCENTAGE 0x00000040 3824 #define TXFS_RM_FLAG_LOG_NO_CONTAINER_COUNT_MAX 0x00000080 3825 #define TXFS_RM_FLAG_LOG_NO_CONTAINER_COUNT_MIN 0x00000100 3826 #define TXFS_RM_FLAG_GROW_LOG 0x00000400 3827 #define TXFS_RM_FLAG_SHRINK_LOG 0x00000800 3828 #define TXFS_RM_FLAG_ENFORCE_MINIMUM_SIZE 0x00001000 3829 #define TXFS_RM_FLAG_PRESERVE_CHANGES 0x00002000 3830 #define TXFS_RM_FLAG_RESET_RM_AT_NEXT_START 0x00004000 3831 #define TXFS_RM_FLAG_DO_NOT_RESET_RM_AT_NEXT_START 0x00008000 3832 #define TXFS_RM_FLAG_PREFER_CONSISTENCY 0x00010000 3833 #define TXFS_RM_FLAG_PREFER_AVAILABILITY 0x00020000 3834 3835 #define TXFS_LOGGING_MODE_SIMPLE (0x0001) 3836 #define TXFS_LOGGING_MODE_FULL (0x0002) 3837 3838 #define TXFS_TRANSACTION_STATE_NONE 0x00 3839 #define TXFS_TRANSACTION_STATE_ACTIVE 0x01 3840 #define TXFS_TRANSACTION_STATE_PREPARED 0x02 3841 #define TXFS_TRANSACTION_STATE_NOTACTIVE 0x03 3842 3843 #define TXFS_MODIFY_RM_VALID_FLAGS (TXFS_RM_FLAG_LOGGING_MODE | \ 3844 TXFS_RM_FLAG_RENAME_RM | \ 3845 TXFS_RM_FLAG_LOG_CONTAINER_COUNT_MAX | \ 3846 TXFS_RM_FLAG_LOG_CONTAINER_COUNT_MIN | \ 3847 TXFS_RM_FLAG_LOG_GROWTH_INCREMENT_NUM_CONTAINERS | \ 3848 TXFS_RM_FLAG_LOG_GROWTH_INCREMENT_PERCENT | \ 3849 TXFS_RM_FLAG_LOG_AUTO_SHRINK_PERCENTAGE | \ 3850 TXFS_RM_FLAG_LOG_NO_CONTAINER_COUNT_MAX | \ 3851 TXFS_RM_FLAG_LOG_NO_CONTAINER_COUNT_MIN | \ 3852 TXFS_RM_FLAG_SHRINK_LOG | \ 3853 TXFS_RM_FLAG_GROW_LOG | \ 3854 TXFS_RM_FLAG_ENFORCE_MINIMUM_SIZE | \ 3855 TXFS_RM_FLAG_PRESERVE_CHANGES | \ 3856 TXFS_RM_FLAG_RESET_RM_AT_NEXT_START | \ 3857 TXFS_RM_FLAG_DO_NOT_RESET_RM_AT_NEXT_START | \ 3858 TXFS_RM_FLAG_PREFER_CONSISTENCY | \ 3859 TXFS_RM_FLAG_PREFER_AVAILABILITY) 3860 3861 typedef struct _TXFS_MODIFY_RM { 3862 ULONG Flags; 3863 ULONG LogContainerCountMax; 3864 ULONG LogContainerCountMin; 3865 ULONG LogContainerCount; 3866 ULONG LogGrowthIncrement; 3867 ULONG LogAutoShrinkPercentage; 3868 ULONGLONG Reserved; 3869 USHORT LoggingMode; 3870 } TXFS_MODIFY_RM, *PTXFS_MODIFY_RM; 3871 3872 #define TXFS_RM_STATE_NOT_STARTED 0 3873 #define TXFS_RM_STATE_STARTING 1 3874 #define TXFS_RM_STATE_ACTIVE 2 3875 #define TXFS_RM_STATE_SHUTTING_DOWN 3 3876 3877 #define TXFS_QUERY_RM_INFORMATION_VALID_FLAGS \ 3878 (TXFS_RM_FLAG_LOG_GROWTH_INCREMENT_NUM_CONTAINERS | \ 3879 TXFS_RM_FLAG_LOG_GROWTH_INCREMENT_PERCENT | \ 3880 TXFS_RM_FLAG_LOG_NO_CONTAINER_COUNT_MAX | \ 3881 TXFS_RM_FLAG_LOG_NO_CONTAINER_COUNT_MIN | \ 3882 TXFS_RM_FLAG_RESET_RM_AT_NEXT_START | \ 3883 TXFS_RM_FLAG_DO_NOT_RESET_RM_AT_NEXT_START | \ 3884 TXFS_RM_FLAG_PREFER_CONSISTENCY | \ 3885 TXFS_RM_FLAG_PREFER_AVAILABILITY) 3886 3887 typedef struct _TXFS_QUERY_RM_INFORMATION { 3888 ULONG BytesRequired; 3889 ULONGLONG TailLsn; 3890 ULONGLONG CurrentLsn; 3891 ULONGLONG ArchiveTailLsn; 3892 ULONGLONG LogContainerSize; 3893 LARGE_INTEGER HighestVirtualClock; 3894 ULONG LogContainerCount; 3895 ULONG LogContainerCountMax; 3896 ULONG LogContainerCountMin; 3897 ULONG LogGrowthIncrement; 3898 ULONG LogAutoShrinkPercentage; 3899 ULONG Flags; 3900 USHORT LoggingMode; 3901 USHORT Reserved; 3902 ULONG RmState; 3903 ULONGLONG LogCapacity; 3904 ULONGLONG LogFree; 3905 ULONGLONG TopsSize; 3906 ULONGLONG TopsUsed; 3907 ULONGLONG TransactionCount; 3908 ULONGLONG OnePCCount; 3909 ULONGLONG TwoPCCount; 3910 ULONGLONG NumberLogFileFull; 3911 ULONGLONG OldestTransactionAge; 3912 GUID RMName; 3913 ULONG TmLogPathOffset; 3914 } TXFS_QUERY_RM_INFORMATION, *PTXFS_QUERY_RM_INFORMATION; 3915 3916 #define TXFS_ROLLFORWARD_REDO_FLAG_USE_LAST_REDO_LSN 0x01 3917 #define TXFS_ROLLFORWARD_REDO_FLAG_USE_LAST_VIRTUAL_CLOCK 0x02 3918 3919 #define TXFS_ROLLFORWARD_REDO_VALID_FLAGS \ 3920 (TXFS_ROLLFORWARD_REDO_FLAG_USE_LAST_REDO_LSN | \ 3921 TXFS_ROLLFORWARD_REDO_FLAG_USE_LAST_VIRTUAL_CLOCK) 3922 3923 typedef struct _TXFS_ROLLFORWARD_REDO_INFORMATION { 3924 LARGE_INTEGER LastVirtualClock; 3925 ULONGLONG LastRedoLsn; 3926 ULONGLONG HighestRecoveryLsn; 3927 ULONG Flags; 3928 } TXFS_ROLLFORWARD_REDO_INFORMATION, *PTXFS_ROLLFORWARD_REDO_INFORMATION; 3929 3930 #define TXFS_START_RM_FLAG_LOG_CONTAINER_COUNT_MAX 0x00000001 3931 #define TXFS_START_RM_FLAG_LOG_CONTAINER_COUNT_MIN 0x00000002 3932 #define TXFS_START_RM_FLAG_LOG_CONTAINER_SIZE 0x00000004 3933 #define TXFS_START_RM_FLAG_LOG_GROWTH_INCREMENT_NUM_CONTAINERS 0x00000008 3934 #define TXFS_START_RM_FLAG_LOG_GROWTH_INCREMENT_PERCENT 0x00000010 3935 #define TXFS_START_RM_FLAG_LOG_AUTO_SHRINK_PERCENTAGE 0x00000020 3936 #define TXFS_START_RM_FLAG_LOG_NO_CONTAINER_COUNT_MAX 0x00000040 3937 #define TXFS_START_RM_FLAG_LOG_NO_CONTAINER_COUNT_MIN 0x00000080 3938 3939 #define TXFS_START_RM_FLAG_RECOVER_BEST_EFFORT 0x00000200 3940 #define TXFS_START_RM_FLAG_LOGGING_MODE 0x00000400 3941 #define TXFS_START_RM_FLAG_PRESERVE_CHANGES 0x00000800 3942 3943 #define TXFS_START_RM_FLAG_PREFER_CONSISTENCY 0x00001000 3944 #define TXFS_START_RM_FLAG_PREFER_AVAILABILITY 0x00002000 3945 3946 #define TXFS_START_RM_VALID_FLAGS \ 3947 (TXFS_START_RM_FLAG_LOG_CONTAINER_COUNT_MAX | \ 3948 TXFS_START_RM_FLAG_LOG_CONTAINER_COUNT_MIN | \ 3949 TXFS_START_RM_FLAG_LOG_CONTAINER_SIZE | \ 3950 TXFS_START_RM_FLAG_LOG_GROWTH_INCREMENT_NUM_CONTAINERS | \ 3951 TXFS_START_RM_FLAG_LOG_GROWTH_INCREMENT_PERCENT | \ 3952 TXFS_START_RM_FLAG_LOG_AUTO_SHRINK_PERCENTAGE | \ 3953 TXFS_START_RM_FLAG_RECOVER_BEST_EFFORT | \ 3954 TXFS_START_RM_FLAG_LOG_NO_CONTAINER_COUNT_MAX | \ 3955 TXFS_START_RM_FLAG_LOGGING_MODE | \ 3956 TXFS_START_RM_FLAG_PRESERVE_CHANGES | \ 3957 TXFS_START_RM_FLAG_PREFER_CONSISTENCY | \ 3958 TXFS_START_RM_FLAG_PREFER_AVAILABILITY) 3959 3960 typedef struct _TXFS_START_RM_INFORMATION { 3961 ULONG Flags; 3962 ULONGLONG LogContainerSize; 3963 ULONG LogContainerCountMin; 3964 ULONG LogContainerCountMax; 3965 ULONG LogGrowthIncrement; 3966 ULONG LogAutoShrinkPercentage; 3967 ULONG TmLogPathOffset; 3968 USHORT TmLogPathLength; 3969 USHORT LoggingMode; 3970 USHORT LogPathLength; 3971 USHORT Reserved; 3972 WCHAR LogPath[1]; 3973 } TXFS_START_RM_INFORMATION, *PTXFS_START_RM_INFORMATION; 3974 3975 typedef struct _TXFS_GET_METADATA_INFO_OUT { 3976 struct { 3977 LONGLONG LowPart; 3978 LONGLONG HighPart; 3979 } TxfFileId; 3980 GUID LockingTransaction; 3981 ULONGLONG LastLsn; 3982 ULONG TransactionState; 3983 } TXFS_GET_METADATA_INFO_OUT, *PTXFS_GET_METADATA_INFO_OUT; 3984 3985 #define TXFS_LIST_TRANSACTION_LOCKED_FILES_ENTRY_FLAG_CREATED 0x00000001 3986 #define TXFS_LIST_TRANSACTION_LOCKED_FILES_ENTRY_FLAG_DELETED 0x00000002 3987 3988 typedef struct _TXFS_LIST_TRANSACTION_LOCKED_FILES_ENTRY { 3989 ULONGLONG Offset; 3990 ULONG NameFlags; 3991 LONGLONG FileId; 3992 ULONG Reserved1; 3993 ULONG Reserved2; 3994 LONGLONG Reserved3; 3995 WCHAR FileName[1]; 3996 } TXFS_LIST_TRANSACTION_LOCKED_FILES_ENTRY, *PTXFS_LIST_TRANSACTION_LOCKED_FILES_ENTRY; 3997 3998 typedef struct _TXFS_LIST_TRANSACTION_LOCKED_FILES { 3999 GUID KtmTransaction; 4000 ULONGLONG NumberOfFiles; 4001 ULONGLONG BufferSizeRequired; 4002 ULONGLONG Offset; 4003 } TXFS_LIST_TRANSACTION_LOCKED_FILES, *PTXFS_LIST_TRANSACTION_LOCKED_FILES; 4004 4005 typedef struct _TXFS_LIST_TRANSACTIONS_ENTRY { 4006 GUID TransactionId; 4007 ULONG TransactionState; 4008 ULONG Reserved1; 4009 ULONG Reserved2; 4010 LONGLONG Reserved3; 4011 } TXFS_LIST_TRANSACTIONS_ENTRY, *PTXFS_LIST_TRANSACTIONS_ENTRY; 4012 4013 typedef struct _TXFS_LIST_TRANSACTIONS { 4014 ULONGLONG NumberOfTransactions; 4015 ULONGLONG BufferSizeRequired; 4016 } TXFS_LIST_TRANSACTIONS, *PTXFS_LIST_TRANSACTIONS; 4017 4018 typedef struct _TXFS_READ_BACKUP_INFORMATION_OUT { 4019 _ANONYMOUS_UNION union { 4020 ULONG BufferLength; 4021 UCHAR Buffer[1]; 4022 } DUMMYUNIONNAME; 4023 } TXFS_READ_BACKUP_INFORMATION_OUT, *PTXFS_READ_BACKUP_INFORMATION_OUT; 4024 4025 typedef struct _TXFS_WRITE_BACKUP_INFORMATION { 4026 UCHAR Buffer[1]; 4027 } TXFS_WRITE_BACKUP_INFORMATION, *PTXFS_WRITE_BACKUP_INFORMATION; 4028 4029 #define TXFS_TRANSACTED_VERSION_NONTRANSACTED 0xFFFFFFFE 4030 #define TXFS_TRANSACTED_VERSION_UNCOMMITTED 0xFFFFFFFF 4031 4032 typedef struct _TXFS_GET_TRANSACTED_VERSION { 4033 ULONG ThisBaseVersion; 4034 ULONG LatestVersion; 4035 USHORT ThisMiniVersion; 4036 USHORT FirstMiniVersion; 4037 USHORT LatestMiniVersion; 4038 } TXFS_GET_TRANSACTED_VERSION, *PTXFS_GET_TRANSACTED_VERSION; 4039 4040 #define TXFS_SAVEPOINT_SET 0x00000001 4041 #define TXFS_SAVEPOINT_ROLLBACK 0x00000002 4042 #define TXFS_SAVEPOINT_CLEAR 0x00000004 4043 #define TXFS_SAVEPOINT_CLEAR_ALL 0x00000010 4044 4045 typedef struct _TXFS_SAVEPOINT_INFORMATION { 4046 HANDLE KtmTransaction; 4047 ULONG ActionCode; 4048 ULONG SavepointId; 4049 } TXFS_SAVEPOINT_INFORMATION, *PTXFS_SAVEPOINT_INFORMATION; 4050 4051 typedef struct _TXFS_CREATE_MINIVERSION_INFO { 4052 USHORT StructureVersion; 4053 USHORT StructureLength; 4054 ULONG BaseVersion; 4055 USHORT MiniVersion; 4056 } TXFS_CREATE_MINIVERSION_INFO, *PTXFS_CREATE_MINIVERSION_INFO; 4057 4058 typedef struct _TXFS_TRANSACTION_ACTIVE_INFO { 4059 BOOLEAN TransactionsActiveAtSnapshot; 4060 } TXFS_TRANSACTION_ACTIVE_INFO, *PTXFS_TRANSACTION_ACTIVE_INFO; 4061 4062 #endif /* (_WIN32_WINNT >= 0x0600) */ 4063 4064 #if (_WIN32_WINNT >= 0x0601) 4065 4066 #define MARK_HANDLE_REALTIME (0x00000020) 4067 #define MARK_HANDLE_NOT_REALTIME (0x00000040) 4068 4069 #define NO_8DOT3_NAME_PRESENT (0x00000001) 4070 #define REMOVED_8DOT3_NAME (0x00000002) 4071 4072 #define PERSISTENT_VOLUME_STATE_SHORT_NAME_CREATION_DISABLED (0x00000001) 4073 4074 typedef struct _BOOT_AREA_INFO { 4075 ULONG BootSectorCount; 4076 struct { 4077 LARGE_INTEGER Offset; 4078 } BootSectors[2]; 4079 } BOOT_AREA_INFO, *PBOOT_AREA_INFO; 4080 4081 typedef struct _RETRIEVAL_POINTER_BASE { 4082 LARGE_INTEGER FileAreaOffset; 4083 } RETRIEVAL_POINTER_BASE, *PRETRIEVAL_POINTER_BASE; 4084 4085 typedef struct _FILE_FS_PERSISTENT_VOLUME_INFORMATION { 4086 ULONG VolumeFlags; 4087 ULONG FlagMask; 4088 ULONG Version; 4089 ULONG Reserved; 4090 } FILE_FS_PERSISTENT_VOLUME_INFORMATION, *PFILE_FS_PERSISTENT_VOLUME_INFORMATION; 4091 4092 typedef struct _FILE_SYSTEM_RECOGNITION_INFORMATION { 4093 CHAR FileSystem[9]; 4094 } FILE_SYSTEM_RECOGNITION_INFORMATION, *PFILE_SYSTEM_RECOGNITION_INFORMATION; 4095 4096 #define OPLOCK_LEVEL_CACHE_READ (0x00000001) 4097 #define OPLOCK_LEVEL_CACHE_HANDLE (0x00000002) 4098 #define OPLOCK_LEVEL_CACHE_WRITE (0x00000004) 4099 4100 #define REQUEST_OPLOCK_INPUT_FLAG_REQUEST (0x00000001) 4101 #define REQUEST_OPLOCK_INPUT_FLAG_ACK (0x00000002) 4102 #define REQUEST_OPLOCK_INPUT_FLAG_COMPLETE_ACK_ON_CLOSE (0x00000004) 4103 4104 #define REQUEST_OPLOCK_CURRENT_VERSION 1 4105 4106 typedef struct _REQUEST_OPLOCK_INPUT_BUFFER { 4107 USHORT StructureVersion; 4108 USHORT StructureLength; 4109 ULONG RequestedOplockLevel; 4110 ULONG Flags; 4111 } REQUEST_OPLOCK_INPUT_BUFFER, *PREQUEST_OPLOCK_INPUT_BUFFER; 4112 4113 #define REQUEST_OPLOCK_OUTPUT_FLAG_ACK_REQUIRED (0x00000001) 4114 #define REQUEST_OPLOCK_OUTPUT_FLAG_MODES_PROVIDED (0x00000002) 4115 4116 typedef struct _REQUEST_OPLOCK_OUTPUT_BUFFER { 4117 USHORT StructureVersion; 4118 USHORT StructureLength; 4119 ULONG OriginalOplockLevel; 4120 ULONG NewOplockLevel; 4121 ULONG Flags; 4122 ACCESS_MASK AccessMode; 4123 USHORT ShareMode; 4124 } REQUEST_OPLOCK_OUTPUT_BUFFER, *PREQUEST_OPLOCK_OUTPUT_BUFFER; 4125 4126 #define SD_GLOBAL_CHANGE_TYPE_MACHINE_SID 1 4127 4128 typedef struct _SD_CHANGE_MACHINE_SID_INPUT { 4129 USHORT CurrentMachineSIDOffset; 4130 USHORT CurrentMachineSIDLength; 4131 USHORT NewMachineSIDOffset; 4132 USHORT NewMachineSIDLength; 4133 } SD_CHANGE_MACHINE_SID_INPUT, *PSD_CHANGE_MACHINE_SID_INPUT; 4134 4135 typedef struct _SD_CHANGE_MACHINE_SID_OUTPUT { 4136 ULONGLONG NumSDChangedSuccess; 4137 ULONGLONG NumSDChangedFail; 4138 ULONGLONG NumSDUnused; 4139 ULONGLONG NumSDTotal; 4140 ULONGLONG NumMftSDChangedSuccess; 4141 ULONGLONG NumMftSDChangedFail; 4142 ULONGLONG NumMftSDTotal; 4143 } SD_CHANGE_MACHINE_SID_OUTPUT, *PSD_CHANGE_MACHINE_SID_OUTPUT; 4144 4145 typedef struct _SD_GLOBAL_CHANGE_INPUT { 4146 ULONG Flags; 4147 ULONG ChangeType; 4148 _ANONYMOUS_UNION union { 4149 SD_CHANGE_MACHINE_SID_INPUT SdChange; 4150 } DUMMYUNIONNAME; 4151 } SD_GLOBAL_CHANGE_INPUT, *PSD_GLOBAL_CHANGE_INPUT; 4152 4153 typedef struct _SD_GLOBAL_CHANGE_OUTPUT { 4154 ULONG Flags; 4155 ULONG ChangeType; 4156 _ANONYMOUS_UNION union { 4157 SD_CHANGE_MACHINE_SID_OUTPUT SdChange; 4158 } DUMMYUNIONNAME; 4159 } SD_GLOBAL_CHANGE_OUTPUT, *PSD_GLOBAL_CHANGE_OUTPUT; 4160 4161 #define ENCRYPTED_DATA_INFO_SPARSE_FILE 1 4162 4163 typedef struct _EXTENDED_ENCRYPTED_DATA_INFO { 4164 ULONG ExtendedCode; 4165 ULONG Length; 4166 ULONG Flags; 4167 ULONG Reserved; 4168 } EXTENDED_ENCRYPTED_DATA_INFO, *PEXTENDED_ENCRYPTED_DATA_INFO; 4169 4170 typedef struct _LOOKUP_STREAM_FROM_CLUSTER_INPUT { 4171 ULONG Flags; 4172 ULONG NumberOfClusters; 4173 LARGE_INTEGER Cluster[1]; 4174 } LOOKUP_STREAM_FROM_CLUSTER_INPUT, *PLOOKUP_STREAM_FROM_CLUSTER_INPUT; 4175 4176 typedef struct _LOOKUP_STREAM_FROM_CLUSTER_OUTPUT { 4177 ULONG Offset; 4178 ULONG NumberOfMatches; 4179 ULONG BufferSizeRequired; 4180 } LOOKUP_STREAM_FROM_CLUSTER_OUTPUT, *PLOOKUP_STREAM_FROM_CLUSTER_OUTPUT; 4181 4182 #define LOOKUP_STREAM_FROM_CLUSTER_ENTRY_FLAG_PAGE_FILE 0x00000001 4183 #define LOOKUP_STREAM_FROM_CLUSTER_ENTRY_FLAG_DENY_DEFRAG_SET 0x00000002 4184 #define LOOKUP_STREAM_FROM_CLUSTER_ENTRY_FLAG_FS_SYSTEM_FILE 0x00000004 4185 #define LOOKUP_STREAM_FROM_CLUSTER_ENTRY_FLAG_TXF_SYSTEM_FILE 0x00000008 4186 4187 #define LOOKUP_STREAM_FROM_CLUSTER_ENTRY_ATTRIBUTE_MASK 0xff000000 4188 #define LOOKUP_STREAM_FROM_CLUSTER_ENTRY_ATTRIBUTE_DATA 0x01000000 4189 #define LOOKUP_STREAM_FROM_CLUSTER_ENTRY_ATTRIBUTE_INDEX 0x02000000 4190 #define LOOKUP_STREAM_FROM_CLUSTER_ENTRY_ATTRIBUTE_SYSTEM 0x03000000 4191 4192 typedef struct _LOOKUP_STREAM_FROM_CLUSTER_ENTRY { 4193 ULONG OffsetToNext; 4194 ULONG Flags; 4195 LARGE_INTEGER Reserved; 4196 LARGE_INTEGER Cluster; 4197 WCHAR FileName[1]; 4198 } LOOKUP_STREAM_FROM_CLUSTER_ENTRY, *PLOOKUP_STREAM_FROM_CLUSTER_ENTRY; 4199 4200 typedef struct _FILE_TYPE_NOTIFICATION_INPUT { 4201 ULONG Flags; 4202 ULONG NumFileTypeIDs; 4203 GUID FileTypeID[1]; 4204 } FILE_TYPE_NOTIFICATION_INPUT, *PFILE_TYPE_NOTIFICATION_INPUT; 4205 4206 #define FILE_TYPE_NOTIFICATION_FLAG_USAGE_BEGIN 0x00000001 4207 #define FILE_TYPE_NOTIFICATION_FLAG_USAGE_END 0x00000002 4208 4209 DEFINE_GUID(FILE_TYPE_NOTIFICATION_GUID_PAGE_FILE, 0x0d0a64a1, 0x38fc, 0x4db8, 0x9f, 0xe7, 0x3f, 0x43, 0x52, 0xcd, 0x7c, 0x5c); 4210 DEFINE_GUID(FILE_TYPE_NOTIFICATION_GUID_HIBERNATION_FILE, 0xb7624d64, 0xb9a3, 0x4cf8, 0x80, 0x11, 0x5b, 0x86, 0xc9, 0x40, 0xe7, 0xb7); 4211 DEFINE_GUID(FILE_TYPE_NOTIFICATION_GUID_CRASHDUMP_FILE, 0x9d453eb7, 0xd2a6, 0x4dbd, 0xa2, 0xe3, 0xfb, 0xd0, 0xed, 0x91, 0x09, 0xa9); 4212 4213 #ifndef _VIRTUAL_STORAGE_TYPE_DEFINED 4214 #define _VIRTUAL_STORAGE_TYPE_DEFINED 4215 typedef struct _VIRTUAL_STORAGE_TYPE { 4216 ULONG DeviceId; 4217 GUID VendorId; 4218 } VIRTUAL_STORAGE_TYPE, *PVIRTUAL_STORAGE_TYPE; 4219 #endif 4220 4221 typedef struct _STORAGE_QUERY_DEPENDENT_VOLUME_REQUEST { 4222 ULONG RequestLevel; 4223 ULONG RequestFlags; 4224 } STORAGE_QUERY_DEPENDENT_VOLUME_REQUEST, *PSTORAGE_QUERY_DEPENDENT_VOLUME_REQUEST; 4225 4226 #define QUERY_DEPENDENT_VOLUME_REQUEST_FLAG_HOST_VOLUMES 0x1 4227 #define QUERY_DEPENDENT_VOLUME_REQUEST_FLAG_GUEST_VOLUMES 0x2 4228 4229 typedef struct _STORAGE_QUERY_DEPENDENT_VOLUME_LEV1_ENTRY { 4230 ULONG EntryLength; 4231 ULONG DependencyTypeFlags; 4232 ULONG ProviderSpecificFlags; 4233 VIRTUAL_STORAGE_TYPE VirtualStorageType; 4234 } STORAGE_QUERY_DEPENDENT_VOLUME_LEV1_ENTRY, *PSTORAGE_QUERY_DEPENDENT_VOLUME_LEV1_ENTRY; 4235 4236 typedef struct _STORAGE_QUERY_DEPENDENT_VOLUME_LEV2_ENTRY { 4237 ULONG EntryLength; 4238 ULONG DependencyTypeFlags; 4239 ULONG ProviderSpecificFlags; 4240 VIRTUAL_STORAGE_TYPE VirtualStorageType; 4241 ULONG AncestorLevel; 4242 ULONG HostVolumeNameOffset; 4243 ULONG HostVolumeNameSize; 4244 ULONG DependentVolumeNameOffset; 4245 ULONG DependentVolumeNameSize; 4246 ULONG RelativePathOffset; 4247 ULONG RelativePathSize; 4248 ULONG DependentDeviceNameOffset; 4249 ULONG DependentDeviceNameSize; 4250 } STORAGE_QUERY_DEPENDENT_VOLUME_LEV2_ENTRY, *PSTORAGE_QUERY_DEPENDENT_VOLUME_LEV2_ENTRY; 4251 4252 typedef struct _STORAGE_QUERY_DEPENDENT_VOLUME_RESPONSE { 4253 ULONG ResponseLevel; 4254 ULONG NumberEntries; 4255 _ANONYMOUS_UNION union { 4256 STORAGE_QUERY_DEPENDENT_VOLUME_LEV1_ENTRY Lev1Depends[]; 4257 STORAGE_QUERY_DEPENDENT_VOLUME_LEV2_ENTRY Lev2Depends[]; 4258 } DUMMYUNIONNAME; 4259 } STORAGE_QUERY_DEPENDENT_VOLUME_RESPONSE, *PSTORAGE_QUERY_DEPENDENT_VOLUME_RESPONSE; 4260 4261 #endif /* (_WIN32_WINNT >= 0x0601) */ 4262 4263 typedef struct _FILESYSTEM_STATISTICS { 4264 USHORT FileSystemType; 4265 USHORT Version; 4266 ULONG SizeOfCompleteStructure; 4267 ULONG UserFileReads; 4268 ULONG UserFileReadBytes; 4269 ULONG UserDiskReads; 4270 ULONG UserFileWrites; 4271 ULONG UserFileWriteBytes; 4272 ULONG UserDiskWrites; 4273 ULONG MetaDataReads; 4274 ULONG MetaDataReadBytes; 4275 ULONG MetaDataDiskReads; 4276 ULONG MetaDataWrites; 4277 ULONG MetaDataWriteBytes; 4278 ULONG MetaDataDiskWrites; 4279 } FILESYSTEM_STATISTICS, *PFILESYSTEM_STATISTICS; 4280 4281 #define FILESYSTEM_STATISTICS_TYPE_NTFS 1 4282 #define FILESYSTEM_STATISTICS_TYPE_FAT 2 4283 #define FILESYSTEM_STATISTICS_TYPE_EXFAT 3 4284 4285 typedef struct _FAT_STATISTICS { 4286 ULONG CreateHits; 4287 ULONG SuccessfulCreates; 4288 ULONG FailedCreates; 4289 ULONG NonCachedReads; 4290 ULONG NonCachedReadBytes; 4291 ULONG NonCachedWrites; 4292 ULONG NonCachedWriteBytes; 4293 ULONG NonCachedDiskReads; 4294 ULONG NonCachedDiskWrites; 4295 } FAT_STATISTICS, *PFAT_STATISTICS; 4296 4297 typedef struct _EXFAT_STATISTICS { 4298 ULONG CreateHits; 4299 ULONG SuccessfulCreates; 4300 ULONG FailedCreates; 4301 ULONG NonCachedReads; 4302 ULONG NonCachedReadBytes; 4303 ULONG NonCachedWrites; 4304 ULONG NonCachedWriteBytes; 4305 ULONG NonCachedDiskReads; 4306 ULONG NonCachedDiskWrites; 4307 } EXFAT_STATISTICS, *PEXFAT_STATISTICS; 4308 4309 typedef struct _NTFS_STATISTICS { 4310 ULONG LogFileFullExceptions; 4311 ULONG OtherExceptions; 4312 ULONG MftReads; 4313 ULONG MftReadBytes; 4314 ULONG MftWrites; 4315 ULONG MftWriteBytes; 4316 struct { 4317 USHORT Write; 4318 USHORT Create; 4319 USHORT SetInfo; 4320 USHORT Flush; 4321 } MftWritesUserLevel; 4322 USHORT MftWritesFlushForLogFileFull; 4323 USHORT MftWritesLazyWriter; 4324 USHORT MftWritesUserRequest; 4325 ULONG Mft2Writes; 4326 ULONG Mft2WriteBytes; 4327 struct { 4328 USHORT Write; 4329 USHORT Create; 4330 USHORT SetInfo; 4331 USHORT Flush; 4332 } Mft2WritesUserLevel; 4333 USHORT Mft2WritesFlushForLogFileFull; 4334 USHORT Mft2WritesLazyWriter; 4335 USHORT Mft2WritesUserRequest; 4336 ULONG RootIndexReads; 4337 ULONG RootIndexReadBytes; 4338 ULONG RootIndexWrites; 4339 ULONG RootIndexWriteBytes; 4340 ULONG BitmapReads; 4341 ULONG BitmapReadBytes; 4342 ULONG BitmapWrites; 4343 ULONG BitmapWriteBytes; 4344 USHORT BitmapWritesFlushForLogFileFull; 4345 USHORT BitmapWritesLazyWriter; 4346 USHORT BitmapWritesUserRequest; 4347 struct { 4348 USHORT Write; 4349 USHORT Create; 4350 USHORT SetInfo; 4351 } BitmapWritesUserLevel; 4352 ULONG MftBitmapReads; 4353 ULONG MftBitmapReadBytes; 4354 ULONG MftBitmapWrites; 4355 ULONG MftBitmapWriteBytes; 4356 USHORT MftBitmapWritesFlushForLogFileFull; 4357 USHORT MftBitmapWritesLazyWriter; 4358 USHORT MftBitmapWritesUserRequest; 4359 struct { 4360 USHORT Write; 4361 USHORT Create; 4362 USHORT SetInfo; 4363 USHORT Flush; 4364 } MftBitmapWritesUserLevel; 4365 ULONG UserIndexReads; 4366 ULONG UserIndexReadBytes; 4367 ULONG UserIndexWrites; 4368 ULONG UserIndexWriteBytes; 4369 ULONG LogFileReads; 4370 ULONG LogFileReadBytes; 4371 ULONG LogFileWrites; 4372 ULONG LogFileWriteBytes; 4373 struct { 4374 ULONG Calls; 4375 ULONG Clusters; 4376 ULONG Hints; 4377 ULONG RunsReturned; 4378 ULONG HintsHonored; 4379 ULONG HintsClusters; 4380 ULONG Cache; 4381 ULONG CacheClusters; 4382 ULONG CacheMiss; 4383 ULONG CacheMissClusters; 4384 } Allocate; 4385 } NTFS_STATISTICS, *PNTFS_STATISTICS; 4386 4387 #endif /* _FILESYSTEMFSCTL_ */ 4388 4389 #define SYMLINK_FLAG_RELATIVE 1 4390 4391 typedef struct _REPARSE_DATA_BUFFER { 4392 ULONG ReparseTag; 4393 USHORT ReparseDataLength; 4394 USHORT Reserved; 4395 _ANONYMOUS_UNION union { 4396 struct { 4397 USHORT SubstituteNameOffset; 4398 USHORT SubstituteNameLength; 4399 USHORT PrintNameOffset; 4400 USHORT PrintNameLength; 4401 ULONG Flags; 4402 WCHAR PathBuffer[1]; 4403 } SymbolicLinkReparseBuffer; 4404 struct { 4405 USHORT SubstituteNameOffset; 4406 USHORT SubstituteNameLength; 4407 USHORT PrintNameOffset; 4408 USHORT PrintNameLength; 4409 WCHAR PathBuffer[1]; 4410 } MountPointReparseBuffer; 4411 struct { 4412 UCHAR DataBuffer[1]; 4413 } GenericReparseBuffer; 4414 } DUMMYUNIONNAME; 4415 } REPARSE_DATA_BUFFER, *PREPARSE_DATA_BUFFER; 4416 4417 #define REPARSE_DATA_BUFFER_HEADER_SIZE FIELD_OFFSET(REPARSE_DATA_BUFFER, GenericReparseBuffer) 4418 4419 typedef struct _REPARSE_GUID_DATA_BUFFER { 4420 ULONG ReparseTag; 4421 USHORT ReparseDataLength; 4422 USHORT Reserved; 4423 GUID ReparseGuid; 4424 struct { 4425 UCHAR DataBuffer[1]; 4426 } GenericReparseBuffer; 4427 } REPARSE_GUID_DATA_BUFFER, *PREPARSE_GUID_DATA_BUFFER; 4428 4429 #define REPARSE_GUID_DATA_BUFFER_HEADER_SIZE FIELD_OFFSET(REPARSE_GUID_DATA_BUFFER, GenericReparseBuffer) 4430 4431 #define MAXIMUM_REPARSE_DATA_BUFFER_SIZE ( 16 * 1024 ) 4432 4433 /* Reserved reparse tags */ 4434 #define IO_REPARSE_TAG_RESERVED_ZERO (0) 4435 #define IO_REPARSE_TAG_RESERVED_ONE (1) 4436 #define IO_REPARSE_TAG_RESERVED_RANGE IO_REPARSE_TAG_RESERVED_ONE 4437 4438 #define IsReparseTagMicrosoft(_tag) (((_tag) & 0x80000000)) 4439 #define IsReparseTagNameSurrogate(_tag) (((_tag) & 0x20000000)) 4440 4441 #define IO_REPARSE_TAG_VALID_VALUES (0xF000FFFF) 4442 4443 #define IsReparseTagValid(tag) ( \ 4444 !((tag) & ~IO_REPARSE_TAG_VALID_VALUES) && \ 4445 ((tag) > IO_REPARSE_TAG_RESERVED_RANGE) \ 4446 ) 4447 4448 /* MicroSoft reparse point tags */ 4449 #define IO_REPARSE_TAG_MOUNT_POINT (0xA0000003L) 4450 #define IO_REPARSE_TAG_HSM (0xC0000004L) 4451 #define IO_REPARSE_TAG_DRIVE_EXTENDER (0x80000005L) 4452 #define IO_REPARSE_TAG_HSM2 (0x80000006L) 4453 #define IO_REPARSE_TAG_SIS (0x80000007L) 4454 #define IO_REPARSE_TAG_WIM (0x80000008L) 4455 #define IO_REPARSE_TAG_CSV (0x80000009L) 4456 #define IO_REPARSE_TAG_DFS (0x8000000AL) 4457 #define IO_REPARSE_TAG_FILTER_MANAGER (0x8000000BL) 4458 #define IO_REPARSE_TAG_SYMLINK (0xA000000CL) 4459 #define IO_REPARSE_TAG_IIS_CACHE (0xA0000010L) 4460 #define IO_REPARSE_TAG_DFSR (0x80000012L) 4461 4462 #pragma pack(4) 4463 typedef struct _REPARSE_INDEX_KEY { 4464 ULONG FileReparseTag; 4465 LARGE_INTEGER FileId; 4466 } REPARSE_INDEX_KEY, *PREPARSE_INDEX_KEY; 4467 #pragma pack() 4468 4469 #define FSCTL_LMR_GET_LINK_TRACKING_INFORMATION CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM,58,METHOD_BUFFERED,FILE_ANY_ACCESS) 4470 #define FSCTL_LMR_SET_LINK_TRACKING_INFORMATION CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM,59,METHOD_BUFFERED,FILE_ANY_ACCESS) 4471 #define IOCTL_LMR_ARE_FILE_OBJECTS_ON_SAME_SERVER CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM,60,METHOD_BUFFERED,FILE_ANY_ACCESS) 4472 4473 #define FSCTL_PIPE_ASSIGN_EVENT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 0, METHOD_BUFFERED, FILE_ANY_ACCESS) 4474 #define FSCTL_PIPE_DISCONNECT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 1, METHOD_BUFFERED, FILE_ANY_ACCESS) 4475 #define FSCTL_PIPE_LISTEN CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2, METHOD_BUFFERED, FILE_ANY_ACCESS) 4476 #define FSCTL_PIPE_PEEK CTL_CODE(FILE_DEVICE_NAMED_PIPE, 3, METHOD_BUFFERED, FILE_READ_DATA) 4477 #define FSCTL_PIPE_QUERY_EVENT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 4, METHOD_BUFFERED, FILE_ANY_ACCESS) 4478 #define FSCTL_PIPE_TRANSCEIVE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 5, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA) 4479 #define FSCTL_PIPE_WAIT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 6, METHOD_BUFFERED, FILE_ANY_ACCESS) 4480 #define FSCTL_PIPE_IMPERSONATE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 7, METHOD_BUFFERED, FILE_ANY_ACCESS) 4481 #define FSCTL_PIPE_SET_CLIENT_PROCESS CTL_CODE(FILE_DEVICE_NAMED_PIPE, 8, METHOD_BUFFERED, FILE_ANY_ACCESS) 4482 #define FSCTL_PIPE_QUERY_CLIENT_PROCESS CTL_CODE(FILE_DEVICE_NAMED_PIPE, 9, METHOD_BUFFERED, FILE_ANY_ACCESS) 4483 #define FSCTL_PIPE_GET_PIPE_ATTRIBUTE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 10, METHOD_BUFFERED, FILE_ANY_ACCESS) 4484 #define FSCTL_PIPE_SET_PIPE_ATTRIBUTE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 11, METHOD_BUFFERED, FILE_ANY_ACCESS) 4485 #define FSCTL_PIPE_GET_CONNECTION_ATTRIBUTE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 12, METHOD_BUFFERED, FILE_ANY_ACCESS) 4486 #define FSCTL_PIPE_SET_CONNECTION_ATTRIBUTE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 13, METHOD_BUFFERED, FILE_ANY_ACCESS) 4487 #define FSCTL_PIPE_GET_HANDLE_ATTRIBUTE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 14, METHOD_BUFFERED, FILE_ANY_ACCESS) 4488 #define FSCTL_PIPE_SET_HANDLE_ATTRIBUTE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 15, METHOD_BUFFERED, FILE_ANY_ACCESS) 4489 #define FSCTL_PIPE_FLUSH CTL_CODE(FILE_DEVICE_NAMED_PIPE, 16, METHOD_BUFFERED, FILE_WRITE_DATA) 4490 4491 #define FSCTL_PIPE_INTERNAL_READ CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2045, METHOD_BUFFERED, FILE_READ_DATA) 4492 #define FSCTL_PIPE_INTERNAL_WRITE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2046, METHOD_BUFFERED, FILE_WRITE_DATA) 4493 #define FSCTL_PIPE_INTERNAL_TRANSCEIVE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2047, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA) 4494 #define FSCTL_PIPE_INTERNAL_READ_OVFLOW CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2048, METHOD_BUFFERED, FILE_READ_DATA) 4495 4496 #define FILE_PIPE_READ_DATA 0x00000000 4497 #define FILE_PIPE_WRITE_SPACE 0x00000001 4498 4499 typedef struct _FILE_PIPE_ASSIGN_EVENT_BUFFER { 4500 HANDLE EventHandle; 4501 ULONG KeyValue; 4502 } FILE_PIPE_ASSIGN_EVENT_BUFFER, *PFILE_PIPE_ASSIGN_EVENT_BUFFER; 4503 4504 typedef struct _FILE_PIPE_EVENT_BUFFER { 4505 ULONG NamedPipeState; 4506 ULONG EntryType; 4507 ULONG ByteCount; 4508 ULONG KeyValue; 4509 ULONG NumberRequests; 4510 } FILE_PIPE_EVENT_BUFFER, *PFILE_PIPE_EVENT_BUFFER; 4511 4512 typedef struct _FILE_PIPE_PEEK_BUFFER { 4513 ULONG NamedPipeState; 4514 ULONG ReadDataAvailable; 4515 ULONG NumberOfMessages; 4516 ULONG MessageLength; 4517 CHAR Data[1]; 4518 } FILE_PIPE_PEEK_BUFFER, *PFILE_PIPE_PEEK_BUFFER; 4519 4520 typedef struct _FILE_PIPE_WAIT_FOR_BUFFER { 4521 LARGE_INTEGER Timeout; 4522 ULONG NameLength; 4523 BOOLEAN TimeoutSpecified; 4524 WCHAR Name[1]; 4525 } FILE_PIPE_WAIT_FOR_BUFFER, *PFILE_PIPE_WAIT_FOR_BUFFER; 4526 4527 typedef struct _FILE_PIPE_CLIENT_PROCESS_BUFFER { 4528 #if !defined(BUILD_WOW6432) 4529 PVOID ClientSession; 4530 PVOID ClientProcess; 4531 #else 4532 ULONGLONG ClientSession; 4533 ULONGLONG ClientProcess; 4534 #endif 4535 } FILE_PIPE_CLIENT_PROCESS_BUFFER, *PFILE_PIPE_CLIENT_PROCESS_BUFFER; 4536 4537 #define FILE_PIPE_COMPUTER_NAME_LENGTH 15 4538 4539 typedef struct _FILE_PIPE_CLIENT_PROCESS_BUFFER_EX { 4540 #if !defined(BUILD_WOW6432) 4541 PVOID ClientSession; 4542 PVOID ClientProcess; 4543 #else 4544 ULONGLONG ClientSession; 4545 ULONGLONG ClientProcess; 4546 #endif 4547 USHORT ClientComputerNameLength; 4548 WCHAR ClientComputerBuffer[FILE_PIPE_COMPUTER_NAME_LENGTH+1]; 4549 } FILE_PIPE_CLIENT_PROCESS_BUFFER_EX, *PFILE_PIPE_CLIENT_PROCESS_BUFFER_EX; 4550 4551 #define FSCTL_MAILSLOT_PEEK CTL_CODE(FILE_DEVICE_MAILSLOT, 0, METHOD_NEITHER, FILE_READ_DATA) 4552 4553 typedef enum _LINK_TRACKING_INFORMATION_TYPE { 4554 NtfsLinkTrackingInformation, 4555 DfsLinkTrackingInformation 4556 } LINK_TRACKING_INFORMATION_TYPE, *PLINK_TRACKING_INFORMATION_TYPE; 4557 4558 typedef struct _LINK_TRACKING_INFORMATION { 4559 LINK_TRACKING_INFORMATION_TYPE Type; 4560 UCHAR VolumeId[16]; 4561 } LINK_TRACKING_INFORMATION, *PLINK_TRACKING_INFORMATION; 4562 4563 typedef struct _REMOTE_LINK_TRACKING_INFORMATION { 4564 PVOID TargetFileObject; 4565 ULONG TargetLinkTrackingInformationLength; 4566 UCHAR TargetLinkTrackingInformationBuffer[1]; 4567 } REMOTE_LINK_TRACKING_INFORMATION, *PREMOTE_LINK_TRACKING_INFORMATION; 4568 4569 #define IO_OPEN_PAGING_FILE 0x0002 4570 #define IO_OPEN_TARGET_DIRECTORY 0x0004 4571 #define IO_STOP_ON_SYMLINK 0x0008 4572 #define IO_MM_PAGING_FILE 0x0010 4573 4574 typedef VOID 4575 (NTAPI *PDRIVER_FS_NOTIFICATION) ( 4576 IN PDEVICE_OBJECT DeviceObject, 4577 IN BOOLEAN FsActive); 4578 4579 typedef enum _FS_FILTER_SECTION_SYNC_TYPE { 4580 SyncTypeOther = 0, 4581 SyncTypeCreateSection 4582 } FS_FILTER_SECTION_SYNC_TYPE, *PFS_FILTER_SECTION_SYNC_TYPE; 4583 4584 typedef enum _FS_FILTER_STREAM_FO_NOTIFICATION_TYPE { 4585 NotifyTypeCreate = 0, 4586 NotifyTypeRetired 4587 } FS_FILTER_STREAM_FO_NOTIFICATION_TYPE, *PFS_FILTER_STREAM_FO_NOTIFICATION_TYPE; 4588 4589 typedef union _FS_FILTER_PARAMETERS { 4590 struct { 4591 PLARGE_INTEGER EndingOffset; 4592 PERESOURCE *ResourceToRelease; 4593 } AcquireForModifiedPageWriter; 4594 struct { 4595 PERESOURCE ResourceToRelease; 4596 } ReleaseForModifiedPageWriter; 4597 struct { 4598 FS_FILTER_SECTION_SYNC_TYPE SyncType; 4599 ULONG PageProtection; 4600 } AcquireForSectionSynchronization; 4601 struct { 4602 FS_FILTER_STREAM_FO_NOTIFICATION_TYPE NotificationType; 4603 BOOLEAN POINTER_ALIGNMENT SafeToRecurse; 4604 } NotifyStreamFileObject; 4605 struct { 4606 PVOID Argument1; 4607 PVOID Argument2; 4608 PVOID Argument3; 4609 PVOID Argument4; 4610 PVOID Argument5; 4611 } Others; 4612 } FS_FILTER_PARAMETERS, *PFS_FILTER_PARAMETERS; 4613 4614 #define FS_FILTER_ACQUIRE_FOR_SECTION_SYNCHRONIZATION (UCHAR)-1 4615 #define FS_FILTER_RELEASE_FOR_SECTION_SYNCHRONIZATION (UCHAR)-2 4616 #define FS_FILTER_ACQUIRE_FOR_MOD_WRITE (UCHAR)-3 4617 #define FS_FILTER_RELEASE_FOR_MOD_WRITE (UCHAR)-4 4618 #define FS_FILTER_ACQUIRE_FOR_CC_FLUSH (UCHAR)-5 4619 #define FS_FILTER_RELEASE_FOR_CC_FLUSH (UCHAR)-6 4620 4621 typedef struct _FS_FILTER_CALLBACK_DATA { 4622 ULONG SizeOfFsFilterCallbackData; 4623 UCHAR Operation; 4624 UCHAR Reserved; 4625 struct _DEVICE_OBJECT *DeviceObject; 4626 struct _FILE_OBJECT *FileObject; 4627 FS_FILTER_PARAMETERS Parameters; 4628 } FS_FILTER_CALLBACK_DATA, *PFS_FILTER_CALLBACK_DATA; 4629 4630 typedef NTSTATUS 4631 (NTAPI *PFS_FILTER_CALLBACK) ( 4632 IN PFS_FILTER_CALLBACK_DATA Data, 4633 OUT PVOID *CompletionContext); 4634 4635 typedef VOID 4636 (NTAPI *PFS_FILTER_COMPLETION_CALLBACK) ( 4637 IN PFS_FILTER_CALLBACK_DATA Data, 4638 IN NTSTATUS OperationStatus, 4639 IN PVOID CompletionContext); 4640 4641 typedef struct _FS_FILTER_CALLBACKS { 4642 ULONG SizeOfFsFilterCallbacks; 4643 ULONG Reserved; 4644 PFS_FILTER_CALLBACK PreAcquireForSectionSynchronization; 4645 PFS_FILTER_COMPLETION_CALLBACK PostAcquireForSectionSynchronization; 4646 PFS_FILTER_CALLBACK PreReleaseForSectionSynchronization; 4647 PFS_FILTER_COMPLETION_CALLBACK PostReleaseForSectionSynchronization; 4648 PFS_FILTER_CALLBACK PreAcquireForCcFlush; 4649 PFS_FILTER_COMPLETION_CALLBACK PostAcquireForCcFlush; 4650 PFS_FILTER_CALLBACK PreReleaseForCcFlush; 4651 PFS_FILTER_COMPLETION_CALLBACK PostReleaseForCcFlush; 4652 PFS_FILTER_CALLBACK PreAcquireForModifiedPageWriter; 4653 PFS_FILTER_COMPLETION_CALLBACK PostAcquireForModifiedPageWriter; 4654 PFS_FILTER_CALLBACK PreReleaseForModifiedPageWriter; 4655 PFS_FILTER_COMPLETION_CALLBACK PostReleaseForModifiedPageWriter; 4656 } FS_FILTER_CALLBACKS, *PFS_FILTER_CALLBACKS; 4657 4658 #if (NTDDI_VERSION >= NTDDI_WINXP) 4659 NTKERNELAPI 4660 NTSTATUS 4661 NTAPI 4662 FsRtlRegisterFileSystemFilterCallbacks( 4663 IN struct _DRIVER_OBJECT *FilterDriverObject, 4664 IN PFS_FILTER_CALLBACKS Callbacks); 4665 #endif /* (NTDDI_VERSION >= NTDDI_WINXP) */ 4666 4667 #if (NTDDI_VERSION >= NTDDI_VISTA) 4668 NTKERNELAPI 4669 NTSTATUS 4670 NTAPI 4671 FsRtlNotifyStreamFileObject( 4672 IN struct _FILE_OBJECT * StreamFileObject, 4673 IN struct _DEVICE_OBJECT *DeviceObjectHint OPTIONAL, 4674 IN FS_FILTER_STREAM_FO_NOTIFICATION_TYPE NotificationType, 4675 IN BOOLEAN SafeToRecurse); 4676 #endif /* (NTDDI_VERSION >= NTDDI_VISTA) */ 4677 4678 #define DO_VERIFY_VOLUME 0x00000002 4679 #define DO_BUFFERED_IO 0x00000004 4680 #define DO_EXCLUSIVE 0x00000008 4681 #define DO_DIRECT_IO 0x00000010 4682 #define DO_MAP_IO_BUFFER 0x00000020 4683 #define DO_DEVICE_HAS_NAME 0x00000040 4684 #define DO_DEVICE_INITIALIZING 0x00000080 4685 #define DO_SYSTEM_BOOT_PARTITION 0x00000100 4686 #define DO_LONG_TERM_REQUESTS 0x00000200 4687 #define DO_NEVER_LAST_DEVICE 0x00000400 4688 #define DO_SHUTDOWN_REGISTERED 0x00000800 4689 #define DO_BUS_ENUMERATED_DEVICE 0x00001000 4690 #define DO_POWER_PAGABLE 0x00002000 4691 #define DO_POWER_INRUSH 0x00004000 4692 #define DO_LOW_PRIORITY_FILESYSTEM 0x00010000 4693 #define DO_SUPPORTS_TRANSACTIONS 0x00040000 4694 #define DO_FORCE_NEITHER_IO 0x00080000 4695 #define DO_VOLUME_DEVICE_OBJECT 0x00100000 4696 #define DO_SYSTEM_SYSTEM_PARTITION 0x00200000 4697 #define DO_SYSTEM_CRITICAL_PARTITION 0x00400000 4698 #define DO_DISALLOW_EXECUTE 0x00800000 4699 4700 extern KSPIN_LOCK IoStatisticsLock; 4701 extern ULONG IoReadOperationCount; 4702 extern ULONG IoWriteOperationCount; 4703 extern ULONG IoOtherOperationCount; 4704 extern LARGE_INTEGER IoReadTransferCount; 4705 extern LARGE_INTEGER IoWriteTransferCount; 4706 extern LARGE_INTEGER IoOtherTransferCount; 4707 4708 #define IO_FILE_OBJECT_NON_PAGED_POOL_CHARGE 64 4709 #define IO_FILE_OBJECT_PAGED_POOL_CHARGE 1024 4710 4711 #if (NTDDI_VERSION >= NTDDI_VISTA) 4712 typedef struct _IO_PRIORITY_INFO { 4713 ULONG Size; 4714 ULONG ThreadPriority; 4715 ULONG PagePriority; 4716 IO_PRIORITY_HINT IoPriority; 4717 } IO_PRIORITY_INFO, *PIO_PRIORITY_INFO; 4718 #endif 4719 4720 typedef struct _PUBLIC_OBJECT_BASIC_INFORMATION { 4721 ULONG Attributes; 4722 ACCESS_MASK GrantedAccess; 4723 ULONG HandleCount; 4724 ULONG PointerCount; 4725 ULONG Reserved[10]; 4726 } PUBLIC_OBJECT_BASIC_INFORMATION, *PPUBLIC_OBJECT_BASIC_INFORMATION; 4727 4728 typedef struct _PUBLIC_OBJECT_TYPE_INFORMATION { 4729 UNICODE_STRING TypeName; 4730 ULONG Reserved [22]; 4731 } PUBLIC_OBJECT_TYPE_INFORMATION, *PPUBLIC_OBJECT_TYPE_INFORMATION; 4732 4733 typedef struct _SECURITY_CLIENT_CONTEXT { 4734 SECURITY_QUALITY_OF_SERVICE SecurityQos; 4735 PACCESS_TOKEN ClientToken; 4736 BOOLEAN DirectlyAccessClientToken; 4737 BOOLEAN DirectAccessEffectiveOnly; 4738 BOOLEAN ServerIsRemote; 4739 TOKEN_CONTROL ClientTokenControl; 4740 } SECURITY_CLIENT_CONTEXT, *PSECURITY_CLIENT_CONTEXT; 4741 4742 #define SYSTEM_PAGE_PRIORITY_BITS 3 4743 #define SYSTEM_PAGE_PRIORITY_LEVELS (1 << SYSTEM_PAGE_PRIORITY_BITS) 4744 4745 typedef struct _KAPC_STATE { 4746 LIST_ENTRY ApcListHead[MaximumMode]; 4747 PKPROCESS Process; 4748 BOOLEAN KernelApcInProgress; 4749 BOOLEAN KernelApcPending; 4750 BOOLEAN UserApcPending; 4751 } KAPC_STATE, *PKAPC_STATE, *RESTRICTED_POINTER PRKAPC_STATE; 4752 4753 #define KAPC_STATE_ACTUAL_LENGTH (FIELD_OFFSET(KAPC_STATE, UserApcPending) + sizeof(BOOLEAN)) 4754 4755 #define ASSERT_QUEUE(Q) ASSERT(((Q)->Header.Type & KOBJECT_TYPE_MASK) == QueueObject); 4756 4757 typedef struct _KQUEUE { 4758 DISPATCHER_HEADER Header; 4759 LIST_ENTRY EntryListHead; 4760 volatile ULONG CurrentCount; 4761 ULONG MaximumCount; 4762 LIST_ENTRY ThreadListHead; 4763 } KQUEUE, *PKQUEUE, *RESTRICTED_POINTER PRKQUEUE; 4764 4765 /****************************************************************************** 4766 * Kernel Functions * 4767 ******************************************************************************/ 4768 4769 NTSTATUS 4770 NTAPI 4771 KeGetProcessorNumberFromIndex( 4772 IN ULONG ProcIndex, 4773 OUT PPROCESSOR_NUMBER ProcNumber); 4774 4775 ULONG 4776 NTAPI 4777 KeGetProcessorIndexFromNumber( 4778 IN PPROCESSOR_NUMBER ProcNumber); 4779 4780 #if (NTDDI_VERSION >= NTDDI_WIN2K) 4781 4782 4783 4784 4785 NTKERNELAPI 4786 VOID 4787 NTAPI 4788 KeInitializeMutant( 4789 OUT PRKMUTANT Mutant, 4790 IN BOOLEAN InitialOwner); 4791 4792 NTKERNELAPI 4793 LONG 4794 NTAPI 4795 KeReadStateMutant( 4796 IN PRKMUTANT Mutant); 4797 4798 NTKERNELAPI 4799 LONG 4800 NTAPI 4801 KeReleaseMutant( 4802 IN OUT PRKMUTANT Mutant, 4803 IN KPRIORITY Increment, 4804 IN BOOLEAN Abandoned, 4805 IN BOOLEAN Wait); 4806 4807 NTKERNELAPI 4808 VOID 4809 NTAPI 4810 KeInitializeQueue( 4811 OUT PRKQUEUE Queue, 4812 IN ULONG Count); 4813 4814 NTKERNELAPI 4815 LONG 4816 NTAPI 4817 KeReadStateQueue( 4818 IN PRKQUEUE Queue); 4819 4820 NTKERNELAPI 4821 LONG 4822 NTAPI 4823 KeInsertQueue( 4824 IN OUT PRKQUEUE Queue, 4825 IN OUT PLIST_ENTRY Entry); 4826 4827 NTKERNELAPI 4828 LONG 4829 NTAPI 4830 KeInsertHeadQueue( 4831 IN OUT PRKQUEUE Queue, 4832 IN OUT PLIST_ENTRY Entry); 4833 4834 NTKERNELAPI 4835 PLIST_ENTRY 4836 NTAPI 4837 KeRemoveQueue( 4838 IN OUT PRKQUEUE Queue, 4839 IN KPROCESSOR_MODE WaitMode, 4840 IN PLARGE_INTEGER Timeout OPTIONAL); 4841 4842 NTKERNELAPI 4843 VOID 4844 NTAPI 4845 KeAttachProcess( 4846 IN OUT PKPROCESS Process); 4847 4848 NTKERNELAPI 4849 VOID 4850 NTAPI 4851 KeDetachProcess( 4852 VOID); 4853 4854 NTKERNELAPI 4855 PLIST_ENTRY 4856 NTAPI 4857 KeRundownQueue( 4858 IN OUT PRKQUEUE Queue); 4859 4860 NTKERNELAPI 4861 VOID 4862 NTAPI 4863 KeStackAttachProcess( 4864 IN OUT PKPROCESS Process, 4865 OUT PKAPC_STATE ApcState); 4866 4867 NTKERNELAPI 4868 VOID 4869 NTAPI 4870 KeUnstackDetachProcess( 4871 IN PKAPC_STATE ApcState); 4872 4873 NTKERNELAPI 4874 UCHAR 4875 NTAPI 4876 KeSetIdealProcessorThread( 4877 IN OUT PKTHREAD Thread, 4878 IN UCHAR Processor); 4879 4880 NTKERNELAPI 4881 BOOLEAN 4882 NTAPI 4883 KeSetKernelStackSwapEnable( 4884 IN BOOLEAN Enable); 4885 4886 #if defined(_X86_) 4887 NTHALAPI 4888 KIRQL 4889 FASTCALL 4890 KeAcquireSpinLockRaiseToSynch( 4891 IN OUT PKSPIN_LOCK SpinLock); 4892 #else 4893 NTKERNELAPI 4894 KIRQL 4895 KeAcquireSpinLockRaiseToSynch( 4896 IN OUT PKSPIN_LOCK SpinLock); 4897 #endif 4898 4899 #endif /* (NTDDI_VERSION >= NTDDI_WIN2K) */ 4900 4901 #if (NTDDI_VERSION >= NTDDI_WINXP) 4902 4903 _DECL_HAL_KE_IMPORT 4904 KIRQL 4905 FASTCALL 4906 KeAcquireQueuedSpinLock( 4907 IN OUT KSPIN_LOCK_QUEUE_NUMBER Number); 4908 4909 _DECL_HAL_KE_IMPORT 4910 VOID 4911 FASTCALL 4912 KeReleaseQueuedSpinLock( 4913 IN OUT KSPIN_LOCK_QUEUE_NUMBER Number, 4914 IN KIRQL OldIrql); 4915 4916 _DECL_HAL_KE_IMPORT 4917 LOGICAL 4918 FASTCALL 4919 KeTryToAcquireQueuedSpinLock( 4920 IN KSPIN_LOCK_QUEUE_NUMBER Number, 4921 OUT PKIRQL OldIrql); 4922 4923 #endif /* (NTDDI_VERSION >= NTDDI_WINXP) */ 4924 4925 4926 4927 #if (NTDDI_VERSION >= NTDDI_VISTA) 4928 4929 NTKERNELAPI 4930 VOID 4931 KeQueryOwnerMutant( 4932 IN PKMUTANT Mutant, 4933 OUT PCLIENT_ID ClientId); 4934 4935 NTKERNELAPI 4936 ULONG 4937 KeRemoveQueueEx ( 4938 IN OUT PKQUEUE Queue, 4939 IN KPROCESSOR_MODE WaitMode, 4940 IN BOOLEAN Alertable, 4941 IN PLARGE_INTEGER Timeout OPTIONAL, 4942 OUT PLIST_ENTRY *EntryArray, 4943 IN ULONG Count); 4944 4945 #endif /* (NTDDI_VERSION >= NTDDI_VISTA) */ 4946 4947 4948 4949 #define INVALID_PROCESSOR_INDEX 0xffffffff 4950 4951 #define EX_PUSH_LOCK ULONG_PTR 4952 #define PEX_PUSH_LOCK PULONG_PTR 4953 4954 /****************************************************************************** 4955 * Executive Functions * 4956 ******************************************************************************/ 4957 4958 #define ExDisableResourceBoost ExDisableResourceBoostLite 4959 4960 VOID 4961 ExInitializePushLock ( 4962 OUT PEX_PUSH_LOCK PushLock); 4963 4964 #if (NTDDI_VERSION >= NTDDI_WIN2K) 4965 4966 NTKERNELAPI 4967 SIZE_T 4968 NTAPI 4969 ExQueryPoolBlockSize( 4970 IN PVOID PoolBlock, 4971 OUT PBOOLEAN QuotaCharged); 4972 4973 VOID 4974 ExAdjustLookasideDepth( 4975 VOID); 4976 4977 NTKERNELAPI 4978 VOID 4979 NTAPI 4980 ExDisableResourceBoostLite( 4981 IN PERESOURCE Resource); 4982 #endif /* (NTDDI_VERSION >= NTDDI_WIN2K) */ 4983 4984 #if (NTDDI_VERSION >= NTDDI_WINXP) 4985 4986 PSLIST_ENTRY 4987 FASTCALL 4988 InterlockedPushListSList( 4989 IN OUT PSLIST_HEADER ListHead, 4990 IN OUT PSLIST_ENTRY List, 4991 IN OUT PSLIST_ENTRY ListEnd, 4992 IN ULONG Count); 4993 #endif /* (NTDDI_VERSION >= NTDDI_WINXP) */ 4994 4995 /****************************************************************************** 4996 * Security Manager Functions * 4997 ******************************************************************************/ 4998 4999 #if (NTDDI_VERSION >= NTDDI_WIN2K) 5000 5001 NTKERNELAPI 5002 VOID 5003 NTAPI 5004 SeReleaseSubjectContext( 5005 IN PSECURITY_SUBJECT_CONTEXT SubjectContext); 5006 5007 NTKERNELAPI 5008 BOOLEAN 5009 NTAPI 5010 SePrivilegeCheck( 5011 IN OUT PPRIVILEGE_SET RequiredPrivileges, 5012 IN PSECURITY_SUBJECT_CONTEXT SubjectContext, 5013 IN KPROCESSOR_MODE AccessMode); 5014 5015 NTKERNELAPI 5016 VOID 5017 NTAPI 5018 SeOpenObjectAuditAlarm( 5019 IN PUNICODE_STRING ObjectTypeName, 5020 IN PVOID Object OPTIONAL, 5021 IN PUNICODE_STRING AbsoluteObjectName OPTIONAL, 5022 IN PSECURITY_DESCRIPTOR SecurityDescriptor, 5023 IN PACCESS_STATE AccessState, 5024 IN BOOLEAN ObjectCreated, 5025 IN BOOLEAN AccessGranted, 5026 IN KPROCESSOR_MODE AccessMode, 5027 OUT PBOOLEAN GenerateOnClose); 5028 5029 NTKERNELAPI 5030 VOID 5031 NTAPI 5032 SeOpenObjectForDeleteAuditAlarm( 5033 IN PUNICODE_STRING ObjectTypeName, 5034 IN PVOID Object OPTIONAL, 5035 IN PUNICODE_STRING AbsoluteObjectName OPTIONAL, 5036 IN PSECURITY_DESCRIPTOR SecurityDescriptor, 5037 IN PACCESS_STATE AccessState, 5038 IN BOOLEAN ObjectCreated, 5039 IN BOOLEAN AccessGranted, 5040 IN KPROCESSOR_MODE AccessMode, 5041 OUT PBOOLEAN GenerateOnClose); 5042 5043 NTKERNELAPI 5044 VOID 5045 NTAPI 5046 SeDeleteObjectAuditAlarm( 5047 IN PVOID Object, 5048 IN HANDLE Handle); 5049 5050 NTKERNELAPI 5051 TOKEN_TYPE 5052 NTAPI 5053 SeTokenType( 5054 IN PACCESS_TOKEN Token); 5055 5056 NTKERNELAPI 5057 BOOLEAN 5058 NTAPI 5059 SeTokenIsAdmin( 5060 IN PACCESS_TOKEN Token); 5061 5062 NTKERNELAPI 5063 BOOLEAN 5064 NTAPI 5065 SeTokenIsRestricted( 5066 IN PACCESS_TOKEN Token); 5067 5068 NTKERNELAPI 5069 NTSTATUS 5070 NTAPI 5071 SeQueryAuthenticationIdToken( 5072 IN PACCESS_TOKEN Token, 5073 OUT PLUID AuthenticationId); 5074 5075 NTKERNELAPI 5076 NTSTATUS 5077 NTAPI 5078 SeQuerySessionIdToken( 5079 IN PACCESS_TOKEN Token, 5080 OUT PULONG SessionId); 5081 5082 NTKERNELAPI 5083 NTSTATUS 5084 NTAPI 5085 SeCreateClientSecurity( 5086 IN PETHREAD ClientThread, 5087 IN PSECURITY_QUALITY_OF_SERVICE ClientSecurityQos, 5088 IN BOOLEAN RemoteSession, 5089 OUT PSECURITY_CLIENT_CONTEXT ClientContext); 5090 5091 NTKERNELAPI 5092 VOID 5093 NTAPI 5094 SeImpersonateClient( 5095 IN PSECURITY_CLIENT_CONTEXT ClientContext, 5096 IN PETHREAD ServerThread OPTIONAL); 5097 5098 NTKERNELAPI 5099 NTSTATUS 5100 NTAPI 5101 SeImpersonateClientEx( 5102 IN PSECURITY_CLIENT_CONTEXT ClientContext, 5103 IN PETHREAD ServerThread OPTIONAL); 5104 5105 NTKERNELAPI 5106 NTSTATUS 5107 NTAPI 5108 SeCreateClientSecurityFromSubjectContext( 5109 IN PSECURITY_SUBJECT_CONTEXT SubjectContext, 5110 IN PSECURITY_QUALITY_OF_SERVICE ClientSecurityQos, 5111 IN BOOLEAN ServerIsRemote, 5112 OUT PSECURITY_CLIENT_CONTEXT ClientContext); 5113 5114 NTKERNELAPI 5115 NTSTATUS 5116 NTAPI 5117 SeQuerySecurityDescriptorInfo( 5118 IN PSECURITY_INFORMATION SecurityInformation, 5119 OUT PSECURITY_DESCRIPTOR SecurityDescriptor, 5120 IN OUT PULONG Length, 5121 IN OUT PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor); 5122 5123 NTKERNELAPI 5124 NTSTATUS 5125 NTAPI 5126 SeSetSecurityDescriptorInfo( 5127 IN PVOID Object OPTIONAL, 5128 IN PSECURITY_INFORMATION SecurityInformation, 5129 IN PSECURITY_DESCRIPTOR SecurityDescriptor, 5130 IN OUT PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor, 5131 IN POOL_TYPE PoolType, 5132 IN PGENERIC_MAPPING GenericMapping); 5133 5134 NTKERNELAPI 5135 NTSTATUS 5136 NTAPI 5137 SeSetSecurityDescriptorInfoEx( 5138 IN PVOID Object OPTIONAL, 5139 IN PSECURITY_INFORMATION SecurityInformation, 5140 IN PSECURITY_DESCRIPTOR ModificationDescriptor, 5141 IN OUT PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor, 5142 IN ULONG AutoInheritFlags, 5143 IN POOL_TYPE PoolType, 5144 IN PGENERIC_MAPPING GenericMapping); 5145 5146 NTKERNELAPI 5147 NTSTATUS 5148 NTAPI 5149 SeAppendPrivileges( 5150 IN OUT PACCESS_STATE AccessState, 5151 IN PPRIVILEGE_SET Privileges); 5152 5153 NTKERNELAPI 5154 BOOLEAN 5155 NTAPI 5156 SeAuditingFileEvents( 5157 IN BOOLEAN AccessGranted, 5158 IN PSECURITY_DESCRIPTOR SecurityDescriptor); 5159 5160 NTKERNELAPI 5161 BOOLEAN 5162 NTAPI 5163 SeAuditingFileOrGlobalEvents( 5164 IN BOOLEAN AccessGranted, 5165 IN PSECURITY_DESCRIPTOR SecurityDescriptor, 5166 IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext); 5167 5168 VOID 5169 NTAPI 5170 SeSetAccessStateGenericMapping( 5171 IN OUT PACCESS_STATE AccessState, 5172 IN PGENERIC_MAPPING GenericMapping); 5173 5174 NTKERNELAPI 5175 NTSTATUS 5176 NTAPI 5177 SeRegisterLogonSessionTerminatedRoutine( 5178 IN PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine); 5179 5180 NTKERNELAPI 5181 NTSTATUS 5182 NTAPI 5183 SeUnregisterLogonSessionTerminatedRoutine( 5184 IN PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine); 5185 5186 NTKERNELAPI 5187 NTSTATUS 5188 NTAPI 5189 SeMarkLogonSessionForTerminationNotification( 5190 IN PLUID LogonId); 5191 5192 NTKERNELAPI 5193 NTSTATUS 5194 NTAPI 5195 SeQueryInformationToken( 5196 IN PACCESS_TOKEN Token, 5197 IN TOKEN_INFORMATION_CLASS TokenInformationClass, 5198 OUT PVOID *TokenInformation); 5199 5200 #endif /* (NTDDI_VERSION >= NTDDI_WIN2K) */ 5201 #if (NTDDI_VERSION >= NTDDI_WIN2KSP3) 5202 NTKERNELAPI 5203 BOOLEAN 5204 NTAPI 5205 SeAuditingHardLinkEvents( 5206 IN BOOLEAN AccessGranted, 5207 IN PSECURITY_DESCRIPTOR SecurityDescriptor); 5208 #endif 5209 5210 #if (NTDDI_VERSION >= NTDDI_WINXP) 5211 5212 NTKERNELAPI 5213 NTSTATUS 5214 NTAPI 5215 SeFilterToken( 5216 IN PACCESS_TOKEN ExistingToken, 5217 IN ULONG Flags, 5218 IN PTOKEN_GROUPS SidsToDisable OPTIONAL, 5219 IN PTOKEN_PRIVILEGES PrivilegesToDelete OPTIONAL, 5220 IN PTOKEN_GROUPS RestrictedSids OPTIONAL, 5221 OUT PACCESS_TOKEN *FilteredToken); 5222 5223 NTKERNELAPI 5224 VOID 5225 NTAPI 5226 SeAuditHardLinkCreation( 5227 IN PUNICODE_STRING FileName, 5228 IN PUNICODE_STRING LinkName, 5229 IN BOOLEAN bSuccess); 5230 5231 #endif /* (NTDDI_VERSION >= NTDDI_WINXP) */ 5232 5233 #if (NTDDI_VERSION >= NTDDI_WINXPSP2) 5234 5235 NTKERNELAPI 5236 BOOLEAN 5237 NTAPI 5238 SeAuditingFileEventsWithContext( 5239 IN BOOLEAN AccessGranted, 5240 IN PSECURITY_DESCRIPTOR SecurityDescriptor, 5241 IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext OPTIONAL); 5242 5243 NTKERNELAPI 5244 BOOLEAN 5245 NTAPI 5246 SeAuditingHardLinkEventsWithContext( 5247 IN BOOLEAN AccessGranted, 5248 IN PSECURITY_DESCRIPTOR SecurityDescriptor, 5249 IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext OPTIONAL); 5250 5251 #endif 5252 5253 5254 #if (NTDDI_VERSION >= NTDDI_VISTA) 5255 5256 NTKERNELAPI 5257 VOID 5258 NTAPI 5259 SeOpenObjectAuditAlarmWithTransaction( 5260 IN PUNICODE_STRING ObjectTypeName, 5261 IN PVOID Object OPTIONAL, 5262 IN PUNICODE_STRING AbsoluteObjectName OPTIONAL, 5263 IN PSECURITY_DESCRIPTOR SecurityDescriptor, 5264 IN PACCESS_STATE AccessState, 5265 IN BOOLEAN ObjectCreated, 5266 IN BOOLEAN AccessGranted, 5267 IN KPROCESSOR_MODE AccessMode, 5268 IN GUID *TransactionId OPTIONAL, 5269 OUT PBOOLEAN GenerateOnClose); 5270 5271 NTKERNELAPI 5272 VOID 5273 NTAPI 5274 SeOpenObjectForDeleteAuditAlarmWithTransaction( 5275 IN PUNICODE_STRING ObjectTypeName, 5276 IN PVOID Object OPTIONAL, 5277 IN PUNICODE_STRING AbsoluteObjectName OPTIONAL, 5278 IN PSECURITY_DESCRIPTOR SecurityDescriptor, 5279 IN PACCESS_STATE AccessState, 5280 IN BOOLEAN ObjectCreated, 5281 IN BOOLEAN AccessGranted, 5282 IN KPROCESSOR_MODE AccessMode, 5283 IN GUID *TransactionId OPTIONAL, 5284 OUT PBOOLEAN GenerateOnClose); 5285 5286 NTKERNELAPI 5287 VOID 5288 NTAPI 5289 SeExamineSacl( 5290 IN PACL Sacl, 5291 IN PACCESS_TOKEN Token, 5292 IN ACCESS_MASK DesiredAccess, 5293 IN BOOLEAN AccessGranted, 5294 OUT PBOOLEAN GenerateAudit, 5295 OUT PBOOLEAN GenerateAlarm); 5296 5297 NTKERNELAPI 5298 VOID 5299 NTAPI 5300 SeDeleteObjectAuditAlarmWithTransaction( 5301 IN PVOID Object, 5302 IN HANDLE Handle, 5303 IN GUID *TransactionId OPTIONAL); 5304 5305 NTKERNELAPI 5306 VOID 5307 NTAPI 5308 SeQueryTokenIntegrity( 5309 IN PACCESS_TOKEN Token, 5310 IN OUT PSID_AND_ATTRIBUTES IntegritySA); 5311 5312 NTKERNELAPI 5313 NTSTATUS 5314 NTAPI 5315 SeSetSessionIdToken( 5316 IN PACCESS_TOKEN Token, 5317 IN ULONG SessionId); 5318 5319 NTKERNELAPI 5320 VOID 5321 NTAPI 5322 SeAuditHardLinkCreationWithTransaction( 5323 IN PUNICODE_STRING FileName, 5324 IN PUNICODE_STRING LinkName, 5325 IN BOOLEAN bSuccess, 5326 IN GUID *TransactionId OPTIONAL); 5327 5328 NTKERNELAPI 5329 VOID 5330 NTAPI 5331 SeAuditTransactionStateChange( 5332 IN GUID *TransactionId, 5333 IN GUID *ResourceManagerId, 5334 IN ULONG NewTransactionState); 5335 #endif /* (NTDDI_VERSION >= NTDDI_VISTA) */ 5336 5337 #if (NTDDI_VERSION >= NTDDI_VISTA || (NTDDI_VERSION >= NTDDI_WINXPSP2 && NTDDI_VERSION < NTDDI_WS03)) 5338 NTKERNELAPI 5339 BOOLEAN 5340 NTAPI 5341 SeTokenIsWriteRestricted( 5342 IN PACCESS_TOKEN Token); 5343 #endif 5344 5345 #if (NTDDI_VERSION >= NTDDI_WIN7) 5346 5347 NTKERNELAPI 5348 BOOLEAN 5349 NTAPI 5350 SeAuditingAnyFileEventsWithContext( 5351 IN PSECURITY_DESCRIPTOR SecurityDescriptor, 5352 IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext OPTIONAL); 5353 5354 NTKERNELAPI 5355 VOID 5356 NTAPI 5357 SeExamineGlobalSacl( 5358 IN PUNICODE_STRING ObjectType, 5359 IN PACCESS_TOKEN Token, 5360 IN ACCESS_MASK DesiredAccess, 5361 IN BOOLEAN AccessGranted, 5362 IN OUT PBOOLEAN GenerateAudit, 5363 IN OUT PBOOLEAN GenerateAlarm OPTIONAL); 5364 5365 NTKERNELAPI 5366 VOID 5367 NTAPI 5368 SeMaximumAuditMaskFromGlobalSacl( 5369 IN PUNICODE_STRING ObjectTypeName OPTIONAL, 5370 IN ACCESS_MASK GrantedAccess, 5371 IN PACCESS_TOKEN Token, 5372 IN OUT PACCESS_MASK AuditMask); 5373 5374 #endif /* (NTDDI_VERSION >= NTDDI_WIN7) */ 5375 5376 NTSTATUS 5377 NTAPI 5378 SeReportSecurityEventWithSubCategory( 5379 IN ULONG Flags, 5380 IN PUNICODE_STRING SourceName, 5381 IN PSID UserSid OPTIONAL, 5382 IN PSE_ADT_PARAMETER_ARRAY AuditParameters, 5383 IN ULONG AuditSubcategoryId); 5384 5385 BOOLEAN 5386 NTAPI 5387 SeAccessCheckFromState( 5388 IN PSECURITY_DESCRIPTOR SecurityDescriptor, 5389 IN PTOKEN_ACCESS_INFORMATION PrimaryTokenInformation, 5390 IN PTOKEN_ACCESS_INFORMATION ClientTokenInformation OPTIONAL, 5391 IN ACCESS_MASK DesiredAccess, 5392 IN ACCESS_MASK PreviouslyGrantedAccess, 5393 OUT PPRIVILEGE_SET *Privileges OPTIONAL, 5394 IN PGENERIC_MAPPING GenericMapping, 5395 IN KPROCESSOR_MODE AccessMode, 5396 OUT PACCESS_MASK GrantedAccess, 5397 OUT PNTSTATUS AccessStatus); 5398 5399 NTKERNELAPI 5400 VOID 5401 NTAPI 5402 SeFreePrivileges( 5403 IN PPRIVILEGE_SET Privileges); 5404 5405 NTSTATUS 5406 NTAPI 5407 SeLocateProcessImageName( 5408 IN OUT PEPROCESS Process, 5409 OUT PUNICODE_STRING *pImageFileName); 5410 5411 #define SeLengthSid( Sid ) \ 5412 (8 + (4 * ((SID *)Sid)->SubAuthorityCount)) 5413 5414 #define SeDeleteClientSecurity(C) { \ 5415 if (SeTokenType((C)->ClientToken) == TokenPrimary) { \ 5416 PsDereferencePrimaryToken( (C)->ClientToken ); \ 5417 } else { \ 5418 PsDereferenceImpersonationToken( (C)->ClientToken ); \ 5419 } \ 5420 } 5421 5422 #define SeStopImpersonatingClient() PsRevertToSelf() 5423 5424 #define SeQuerySubjectContextToken( SubjectContext ) \ 5425 ( ARGUMENT_PRESENT( \ 5426 ((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->ClientToken \ 5427 ) ? \ 5428 ((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->ClientToken : \ 5429 ((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->PrimaryToken ) 5430 5431 extern NTKERNELAPI PSE_EXPORTS SeExports; 5432 /****************************************************************************** 5433 * Process Manager Functions * 5434 ******************************************************************************/ 5435 5436 NTKERNELAPI 5437 NTSTATUS 5438 NTAPI 5439 PsLookupProcessByProcessId( 5440 IN HANDLE ProcessId, 5441 OUT PEPROCESS *Process); 5442 5443 NTKERNELAPI 5444 NTSTATUS 5445 NTAPI 5446 PsLookupThreadByThreadId( 5447 IN HANDLE UniqueThreadId, 5448 OUT PETHREAD *Thread); 5449 5450 #if (NTDDI_VERSION >= NTDDI_WIN2K) 5451 5452 5453 NTKERNELAPI 5454 PACCESS_TOKEN 5455 NTAPI 5456 PsReferenceImpersonationToken( 5457 IN OUT PETHREAD Thread, 5458 OUT PBOOLEAN CopyOnOpen, 5459 OUT PBOOLEAN EffectiveOnly, 5460 OUT PSECURITY_IMPERSONATION_LEVEL ImpersonationLevel); 5461 5462 NTKERNELAPI 5463 LARGE_INTEGER 5464 NTAPI 5465 PsGetProcessExitTime(VOID); 5466 5467 NTKERNELAPI 5468 BOOLEAN 5469 NTAPI 5470 PsIsThreadTerminating( 5471 IN PETHREAD Thread); 5472 5473 NTKERNELAPI 5474 NTSTATUS 5475 NTAPI 5476 PsImpersonateClient( 5477 IN OUT PETHREAD Thread, 5478 IN PACCESS_TOKEN Token, 5479 IN BOOLEAN CopyOnOpen, 5480 IN BOOLEAN EffectiveOnly, 5481 IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel); 5482 5483 NTKERNELAPI 5484 BOOLEAN 5485 NTAPI 5486 PsDisableImpersonation( 5487 IN OUT PETHREAD Thread, 5488 IN OUT PSE_IMPERSONATION_STATE ImpersonationState); 5489 5490 NTKERNELAPI 5491 VOID 5492 NTAPI 5493 PsRestoreImpersonation( 5494 IN PETHREAD Thread, 5495 IN PSE_IMPERSONATION_STATE ImpersonationState); 5496 5497 NTKERNELAPI 5498 VOID 5499 NTAPI 5500 PsRevertToSelf(VOID); 5501 5502 NTKERNELAPI 5503 VOID 5504 NTAPI 5505 PsChargePoolQuota( 5506 IN PEPROCESS Process, 5507 IN POOL_TYPE PoolType, 5508 IN ULONG_PTR Amount); 5509 5510 NTKERNELAPI 5511 VOID 5512 NTAPI 5513 PsReturnPoolQuota( 5514 IN PEPROCESS Process, 5515 IN POOL_TYPE PoolType, 5516 IN ULONG_PTR Amount); 5517 5518 NTKERNELAPI 5519 NTSTATUS 5520 NTAPI 5521 PsAssignImpersonationToken( 5522 IN PETHREAD Thread, 5523 IN HANDLE Token OPTIONAL); 5524 5525 NTKERNELAPI 5526 HANDLE 5527 NTAPI 5528 PsReferencePrimaryToken( 5529 IN OUT PEPROCESS Process); 5530 #endif /* (NTDDI_VERSION >= NTDDI_WIN2K) */ 5531 #if (NTDDI_VERSION >= NTDDI_WINXP) 5532 5533 5534 NTKERNELAPI 5535 VOID 5536 NTAPI 5537 PsDereferencePrimaryToken( 5538 IN PACCESS_TOKEN PrimaryToken); 5539 5540 NTKERNELAPI 5541 VOID 5542 NTAPI 5543 PsDereferenceImpersonationToken( 5544 IN PACCESS_TOKEN ImpersonationToken); 5545 5546 NTKERNELAPI 5547 NTSTATUS 5548 NTAPI 5549 PsChargeProcessPoolQuota( 5550 IN PEPROCESS Process, 5551 IN POOL_TYPE PoolType, 5552 IN ULONG_PTR Amount); 5553 5554 NTKERNELAPI 5555 BOOLEAN 5556 NTAPI 5557 PsIsSystemThread( 5558 IN PETHREAD Thread); 5559 #endif /* (NTDDI_VERSION >= NTDDI_WINXP) */ 5560 5561 /****************************************************************************** 5562 * I/O Manager Functions * 5563 ******************************************************************************/ 5564 5565 #define IoIsFileOpenedExclusively(FileObject) ( \ 5566 (BOOLEAN) !( \ 5567 (FileObject)->SharedRead || \ 5568 (FileObject)->SharedWrite || \ 5569 (FileObject)->SharedDelete \ 5570 ) \ 5571 ) 5572 5573 #if (NTDDI_VERSION == NTDDI_WIN2K) 5574 NTKERNELAPI 5575 NTSTATUS 5576 NTAPI 5577 IoRegisterFsRegistrationChangeEx( 5578 IN PDRIVER_OBJECT DriverObject, 5579 IN PDRIVER_FS_NOTIFICATION DriverNotificationRoutine); 5580 #endif 5581 #if (NTDDI_VERSION >= NTDDI_WIN2K) 5582 5583 5584 NTKERNELAPI 5585 VOID 5586 NTAPI 5587 IoAcquireVpbSpinLock( 5588 OUT PKIRQL Irql); 5589 5590 NTKERNELAPI 5591 NTSTATUS 5592 NTAPI 5593 IoCheckDesiredAccess( 5594 IN OUT PACCESS_MASK DesiredAccess, 5595 IN ACCESS_MASK GrantedAccess); 5596 5597 NTKERNELAPI 5598 NTSTATUS 5599 NTAPI 5600 IoCheckEaBufferValidity( 5601 IN PFILE_FULL_EA_INFORMATION EaBuffer, 5602 IN ULONG EaLength, 5603 OUT PULONG ErrorOffset); 5604 5605 NTKERNELAPI 5606 NTSTATUS 5607 NTAPI 5608 IoCheckFunctionAccess( 5609 IN ACCESS_MASK GrantedAccess, 5610 IN UCHAR MajorFunction, 5611 IN UCHAR MinorFunction, 5612 IN ULONG IoControlCode, 5613 IN PVOID Argument1 OPTIONAL, 5614 IN PVOID Argument2 OPTIONAL); 5615 5616 NTKERNELAPI 5617 NTSTATUS 5618 NTAPI 5619 IoCheckQuerySetFileInformation( 5620 IN FILE_INFORMATION_CLASS FileInformationClass, 5621 IN ULONG Length, 5622 IN BOOLEAN SetOperation); 5623 5624 NTKERNELAPI 5625 NTSTATUS 5626 NTAPI 5627 IoCheckQuerySetVolumeInformation( 5628 IN FS_INFORMATION_CLASS FsInformationClass, 5629 IN ULONG Length, 5630 IN BOOLEAN SetOperation); 5631 5632 NTKERNELAPI 5633 NTSTATUS 5634 NTAPI 5635 IoCheckQuotaBufferValidity( 5636 IN PFILE_QUOTA_INFORMATION QuotaBuffer, 5637 IN ULONG QuotaLength, 5638 OUT PULONG ErrorOffset); 5639 5640 NTKERNELAPI 5641 PFILE_OBJECT 5642 NTAPI 5643 IoCreateStreamFileObject( 5644 IN PFILE_OBJECT FileObject OPTIONAL, 5645 IN PDEVICE_OBJECT DeviceObject OPTIONAL); 5646 5647 NTKERNELAPI 5648 PFILE_OBJECT 5649 NTAPI 5650 IoCreateStreamFileObjectLite( 5651 IN PFILE_OBJECT FileObject OPTIONAL, 5652 IN PDEVICE_OBJECT DeviceObject OPTIONAL); 5653 5654 NTKERNELAPI 5655 BOOLEAN 5656 NTAPI 5657 IoFastQueryNetworkAttributes( 5658 IN POBJECT_ATTRIBUTES ObjectAttributes, 5659 IN ACCESS_MASK DesiredAccess, 5660 IN ULONG OpenOptions, 5661 OUT PIO_STATUS_BLOCK IoStatus, 5662 OUT PFILE_NETWORK_OPEN_INFORMATION Buffer); 5663 5664 NTKERNELAPI 5665 NTSTATUS 5666 NTAPI 5667 IoPageRead( 5668 IN PFILE_OBJECT FileObject, 5669 IN PMDL Mdl, 5670 IN PLARGE_INTEGER Offset, 5671 IN PKEVENT Event, 5672 OUT PIO_STATUS_BLOCK IoStatusBlock); 5673 5674 NTKERNELAPI 5675 PDEVICE_OBJECT 5676 NTAPI 5677 IoGetBaseFileSystemDeviceObject( 5678 IN PFILE_OBJECT FileObject); 5679 5680 NTKERNELAPI 5681 PCONFIGURATION_INFORMATION 5682 NTAPI 5683 IoGetConfigurationInformation(VOID); 5684 5685 NTKERNELAPI 5686 ULONG 5687 NTAPI 5688 IoGetRequestorProcessId( 5689 IN PIRP Irp); 5690 5691 NTKERNELAPI 5692 PEPROCESS 5693 NTAPI 5694 IoGetRequestorProcess( 5695 IN PIRP Irp); 5696 5697 NTKERNELAPI 5698 PIRP 5699 NTAPI 5700 IoGetTopLevelIrp(VOID); 5701 5702 NTKERNELAPI 5703 BOOLEAN 5704 NTAPI 5705 IoIsOperationSynchronous( 5706 IN PIRP Irp); 5707 5708 NTKERNELAPI 5709 BOOLEAN 5710 NTAPI 5711 IoIsSystemThread( 5712 IN PETHREAD Thread); 5713 5714 NTKERNELAPI 5715 BOOLEAN 5716 NTAPI 5717 IoIsValidNameGraftingBuffer( 5718 IN PIRP Irp, 5719 IN PREPARSE_DATA_BUFFER ReparseBuffer); 5720 5721 NTKERNELAPI 5722 NTSTATUS 5723 NTAPI 5724 IoQueryFileInformation( 5725 IN PFILE_OBJECT FileObject, 5726 IN FILE_INFORMATION_CLASS FileInformationClass, 5727 IN ULONG Length, 5728 OUT PVOID FileInformation, 5729 OUT PULONG ReturnedLength); 5730 5731 NTKERNELAPI 5732 NTSTATUS 5733 NTAPI 5734 IoQueryVolumeInformation( 5735 IN PFILE_OBJECT FileObject, 5736 IN FS_INFORMATION_CLASS FsInformationClass, 5737 IN ULONG Length, 5738 OUT PVOID FsInformation, 5739 OUT PULONG ReturnedLength); 5740 5741 NTKERNELAPI 5742 VOID 5743 NTAPI 5744 IoQueueThreadIrp( 5745 IN PIRP Irp); 5746 5747 NTKERNELAPI 5748 VOID 5749 NTAPI 5750 IoRegisterFileSystem( 5751 IN PDEVICE_OBJECT DeviceObject); 5752 5753 NTKERNELAPI 5754 NTSTATUS 5755 NTAPI 5756 IoRegisterFsRegistrationChange( 5757 IN PDRIVER_OBJECT DriverObject, 5758 IN PDRIVER_FS_NOTIFICATION DriverNotificationRoutine); 5759 5760 NTKERNELAPI 5761 VOID 5762 NTAPI 5763 IoReleaseVpbSpinLock( 5764 IN KIRQL Irql); 5765 5766 NTKERNELAPI 5767 VOID 5768 NTAPI 5769 IoSetDeviceToVerify( 5770 IN PETHREAD Thread, 5771 IN PDEVICE_OBJECT DeviceObject OPTIONAL); 5772 5773 NTKERNELAPI 5774 NTSTATUS 5775 NTAPI 5776 IoSetInformation( 5777 IN PFILE_OBJECT FileObject, 5778 IN FILE_INFORMATION_CLASS FileInformationClass, 5779 IN ULONG Length, 5780 IN PVOID FileInformation); 5781 5782 NTKERNELAPI 5783 VOID 5784 NTAPI 5785 IoSetTopLevelIrp( 5786 IN PIRP Irp OPTIONAL); 5787 5788 NTKERNELAPI 5789 NTSTATUS 5790 NTAPI 5791 IoSynchronousPageWrite( 5792 IN PFILE_OBJECT FileObject, 5793 IN PMDL Mdl, 5794 IN PLARGE_INTEGER FileOffset, 5795 IN PKEVENT Event, 5796 OUT PIO_STATUS_BLOCK IoStatusBlock); 5797 5798 NTKERNELAPI 5799 PEPROCESS 5800 NTAPI 5801 IoThreadToProcess( 5802 IN PETHREAD Thread); 5803 5804 NTKERNELAPI 5805 VOID 5806 NTAPI 5807 IoUnregisterFileSystem( 5808 IN PDEVICE_OBJECT DeviceObject); 5809 5810 NTKERNELAPI 5811 VOID 5812 NTAPI 5813 IoUnregisterFsRegistrationChange( 5814 IN PDRIVER_OBJECT DriverObject, 5815 IN PDRIVER_FS_NOTIFICATION DriverNotificationRoutine); 5816 5817 NTKERNELAPI 5818 NTSTATUS 5819 NTAPI 5820 IoVerifyVolume( 5821 IN PDEVICE_OBJECT DeviceObject, 5822 IN BOOLEAN AllowRawMount); 5823 5824 NTKERNELAPI 5825 NTSTATUS 5826 NTAPI 5827 IoGetRequestorSessionId( 5828 IN PIRP Irp, 5829 OUT PULONG pSessionId); 5830 5831 #endif /* (NTDDI_VERSION >= NTDDI_WIN2K) */ 5832 5833 5834 #if (NTDDI_VERSION >= NTDDI_WINXP) 5835 5836 NTKERNELAPI 5837 PFILE_OBJECT 5838 NTAPI 5839 IoCreateStreamFileObjectEx( 5840 IN PFILE_OBJECT FileObject OPTIONAL, 5841 IN PDEVICE_OBJECT DeviceObject OPTIONAL, 5842 OUT PHANDLE FileObjectHandle OPTIONAL); 5843 5844 NTKERNELAPI 5845 NTSTATUS 5846 NTAPI 5847 IoQueryFileDosDeviceName( 5848 IN PFILE_OBJECT FileObject, 5849 OUT POBJECT_NAME_INFORMATION *ObjectNameInformation); 5850 5851 NTKERNELAPI 5852 NTSTATUS 5853 NTAPI 5854 IoEnumerateDeviceObjectList( 5855 IN PDRIVER_OBJECT DriverObject, 5856 OUT PDEVICE_OBJECT *DeviceObjectList, 5857 IN ULONG DeviceObjectListSize, 5858 OUT PULONG ActualNumberDeviceObjects); 5859 5860 NTKERNELAPI 5861 PDEVICE_OBJECT 5862 NTAPI 5863 IoGetLowerDeviceObject( 5864 IN PDEVICE_OBJECT DeviceObject); 5865 5866 NTKERNELAPI 5867 PDEVICE_OBJECT 5868 NTAPI 5869 IoGetDeviceAttachmentBaseRef( 5870 IN PDEVICE_OBJECT DeviceObject); 5871 5872 NTKERNELAPI 5873 NTSTATUS 5874 NTAPI 5875 IoGetDiskDeviceObject( 5876 IN PDEVICE_OBJECT FileSystemDeviceObject, 5877 OUT PDEVICE_OBJECT *DiskDeviceObject); 5878 5879 #endif /* (NTDDI_VERSION >= NTDDI_WINXP) */ 5880 5881 #if (NTDDI_VERSION >= NTDDI_WS03SP1) 5882 5883 NTKERNELAPI 5884 NTSTATUS 5885 NTAPI 5886 IoEnumerateRegisteredFiltersList( 5887 OUT PDRIVER_OBJECT *DriverObjectList, 5888 IN ULONG DriverObjectListSize, 5889 OUT PULONG ActualNumberDriverObjects); 5890 #endif /* (NTDDI_VERSION >= NTDDI_WS03SP1) */ 5891 5892 #if (NTDDI_VERSION >= NTDDI_VISTA) 5893 5894 FORCEINLINE 5895 VOID 5896 NTAPI 5897 IoInitializePriorityInfo( 5898 IN PIO_PRIORITY_INFO PriorityInfo) 5899 { 5900 PriorityInfo->Size = sizeof(IO_PRIORITY_INFO); 5901 PriorityInfo->ThreadPriority = 0xffff; 5902 PriorityInfo->IoPriority = IoPriorityNormal; 5903 PriorityInfo->PagePriority = 0; 5904 } 5905 #endif /* (NTDDI_VERSION >= NTDDI_VISTA) */ 5906 5907 #if (NTDDI_VERSION >= NTDDI_WIN7) 5908 5909 NTKERNELAPI 5910 NTSTATUS 5911 NTAPI 5912 IoRegisterFsRegistrationChangeMountAware( 5913 IN PDRIVER_OBJECT DriverObject, 5914 IN PDRIVER_FS_NOTIFICATION DriverNotificationRoutine, 5915 IN BOOLEAN SynchronizeWithMounts); 5916 5917 NTKERNELAPI 5918 NTSTATUS 5919 NTAPI 5920 IoReplaceFileObjectName( 5921 IN PFILE_OBJECT FileObject, 5922 IN PWSTR NewFileName, 5923 IN USHORT FileNameLength); 5924 #endif /* (NTDDI_VERSION >= NTDDI_WIN7) */ 5925 5926 5927 #define PO_CB_SYSTEM_POWER_POLICY 0 5928 #define PO_CB_AC_STATUS 1 5929 #define PO_CB_BUTTON_COLLISION 2 5930 #define PO_CB_SYSTEM_STATE_LOCK 3 5931 #define PO_CB_LID_SWITCH_STATE 4 5932 #define PO_CB_PROCESSOR_POWER_POLICY 5 5933 5934 5935 #if (NTDDI_VERSION >= NTDDI_WINXP) 5936 NTKERNELAPI 5937 NTSTATUS 5938 NTAPI 5939 PoQueueShutdownWorkItem( 5940 IN OUT PWORK_QUEUE_ITEM WorkItem); 5941 #endif 5942 5943 /****************************************************************************** 5944 * Memory manager Types * 5945 ******************************************************************************/ 5946 5947 typedef enum _MMFLUSH_TYPE { 5948 MmFlushForDelete, 5949 MmFlushForWrite 5950 } MMFLUSH_TYPE; 5951 5952 typedef struct _READ_LIST { 5953 PFILE_OBJECT FileObject; 5954 ULONG NumberOfEntries; 5955 LOGICAL IsImage; 5956 FILE_SEGMENT_ELEMENT List[ANYSIZE_ARRAY]; 5957 } READ_LIST, *PREAD_LIST; 5958 5959 #if (NTDDI_VERSION >= NTDDI_WINXP) 5960 5961 typedef union _MM_PREFETCH_FLAGS { 5962 struct { 5963 ULONG Priority : SYSTEM_PAGE_PRIORITY_BITS; 5964 ULONG RepurposePriority : SYSTEM_PAGE_PRIORITY_BITS; 5965 } Flags; 5966 ULONG AllFlags; 5967 } MM_PREFETCH_FLAGS, *PMM_PREFETCH_FLAGS; 5968 5969 #define MM_PREFETCH_FLAGS_MASK ((1 << (2*SYSTEM_PAGE_PRIORITY_BITS)) - 1) 5970 5971 #endif /* (NTDDI_VERSION >= NTDDI_WINXP) */ 5972 5973 #define HEAP_NO_SERIALIZE 0x00000001 5974 #define HEAP_GROWABLE 0x00000002 5975 #define HEAP_GENERATE_EXCEPTIONS 0x00000004 5976 #define HEAP_ZERO_MEMORY 0x00000008 5977 #define HEAP_REALLOC_IN_PLACE_ONLY 0x00000010 5978 #define HEAP_TAIL_CHECKING_ENABLED 0x00000020 5979 #define HEAP_FREE_CHECKING_ENABLED 0x00000040 5980 #define HEAP_DISABLE_COALESCE_ON_FREE 0x00000080 5981 5982 #define HEAP_CREATE_ALIGN_16 0x00010000 5983 #define HEAP_CREATE_ENABLE_TRACING 0x00020000 5984 #define HEAP_CREATE_ENABLE_EXECUTE 0x00040000 5985 5986 #define HEAP_SETTABLE_USER_VALUE 0x00000100 5987 #define HEAP_SETTABLE_USER_FLAG1 0x00000200 5988 #define HEAP_SETTABLE_USER_FLAG2 0x00000400 5989 #define HEAP_SETTABLE_USER_FLAG3 0x00000800 5990 #define HEAP_SETTABLE_USER_FLAGS 0x00000E00 5991 5992 #define HEAP_CLASS_0 0x00000000 5993 #define HEAP_CLASS_1 0x00001000 5994 #define HEAP_CLASS_2 0x00002000 5995 #define HEAP_CLASS_3 0x00003000 5996 #define HEAP_CLASS_4 0x00004000 5997 #define HEAP_CLASS_5 0x00005000 5998 #define HEAP_CLASS_6 0x00006000 5999 #define HEAP_CLASS_7 0x00007000 6000 #define HEAP_CLASS_8 0x00008000 6001 #define HEAP_CLASS_MASK 0x0000F000 6002 6003 #define HEAP_MAXIMUM_TAG 0x0FFF 6004 #define HEAP_GLOBAL_TAG 0x0800 6005 #define HEAP_PSEUDO_TAG_FLAG 0x8000 6006 #define HEAP_TAG_SHIFT 18 6007 #define HEAP_TAG_MASK (HEAP_MAXIMUM_TAG << HEAP_TAG_SHIFT) 6008 6009 #define HEAP_CREATE_VALID_MASK (HEAP_NO_SERIALIZE | \ 6010 HEAP_GROWABLE | \ 6011 HEAP_GENERATE_EXCEPTIONS | \ 6012 HEAP_ZERO_MEMORY | \ 6013 HEAP_REALLOC_IN_PLACE_ONLY | \ 6014 HEAP_TAIL_CHECKING_ENABLED | \ 6015 HEAP_FREE_CHECKING_ENABLED | \ 6016 HEAP_DISABLE_COALESCE_ON_FREE | \ 6017 HEAP_CLASS_MASK | \ 6018 HEAP_CREATE_ALIGN_16 | \ 6019 HEAP_CREATE_ENABLE_TRACING | \ 6020 HEAP_CREATE_ENABLE_EXECUTE) 6021 6022 /****************************************************************************** 6023 * Memory manager Functions * 6024 ******************************************************************************/ 6025 6026 FORCEINLINE 6027 ULONG 6028 HEAP_MAKE_TAG_FLAGS( 6029 IN ULONG TagBase, 6030 IN ULONG Tag) 6031 { 6032 //__assume_bound(TagBase); // FIXME 6033 return ((ULONG)((TagBase) + ((Tag) << HEAP_TAG_SHIFT))); 6034 } 6035 6036 #if (NTDDI_VERSION >= NTDDI_WIN2K) 6037 6038 NTKERNELAPI 6039 BOOLEAN 6040 NTAPI 6041 MmIsRecursiveIoFault( 6042 VOID); 6043 6044 NTKERNELAPI 6045 BOOLEAN 6046 NTAPI 6047 MmForceSectionClosed( 6048 IN PSECTION_OBJECT_POINTERS SectionObjectPointer, 6049 IN BOOLEAN DelayClose); 6050 6051 NTKERNELAPI 6052 BOOLEAN 6053 NTAPI 6054 MmFlushImageSection( 6055 IN PSECTION_OBJECT_POINTERS SectionObjectPointer, 6056 IN MMFLUSH_TYPE FlushType); 6057 6058 NTKERNELAPI 6059 BOOLEAN 6060 NTAPI 6061 MmCanFileBeTruncated( 6062 IN PSECTION_OBJECT_POINTERS SectionObjectPointer, 6063 IN PLARGE_INTEGER NewFileSize OPTIONAL); 6064 6065 NTKERNELAPI 6066 BOOLEAN 6067 NTAPI 6068 MmSetAddressRangeModified( 6069 IN PVOID Address, 6070 IN SIZE_T Length); 6071 6072 #endif /* (NTDDI_VERSION >= NTDDI_WIN2K) */ 6073 6074 #if (NTDDI_VERSION >= NTDDI_WINXP) 6075 6076 NTKERNELAPI 6077 NTSTATUS 6078 NTAPI 6079 MmPrefetchPages( 6080 IN ULONG NumberOfLists, 6081 IN PREAD_LIST *ReadLists); 6082 6083 #endif /* (NTDDI_VERSION >= NTDDI_WINXP) */ 6084 6085 6086 #if (NTDDI_VERSION >= NTDDI_VISTA) 6087 6088 NTKERNELAPI 6089 ULONG 6090 NTAPI 6091 MmDoesFileHaveUserWritableReferences( 6092 IN PSECTION_OBJECT_POINTERS SectionPointer); 6093 #endif /* (NTDDI_VERSION >= NTDDI_VISTA) */ 6094 6095 6096 #if (NTDDI_VERSION >= NTDDI_WIN2K) 6097 6098 NTKERNELAPI 6099 NTSTATUS 6100 NTAPI 6101 ObInsertObject( 6102 IN PVOID Object, 6103 IN OUT PACCESS_STATE PassedAccessState OPTIONAL, 6104 IN ACCESS_MASK DesiredAccess OPTIONAL, 6105 IN ULONG ObjectPointerBias, 6106 OUT PVOID *NewObject OPTIONAL, 6107 OUT PHANDLE Handle OPTIONAL); 6108 6109 NTKERNELAPI 6110 NTSTATUS 6111 NTAPI 6112 ObOpenObjectByPointer( 6113 IN PVOID Object, 6114 IN ULONG HandleAttributes, 6115 IN PACCESS_STATE PassedAccessState OPTIONAL, 6116 IN ACCESS_MASK DesiredAccess OPTIONAL, 6117 IN POBJECT_TYPE ObjectType OPTIONAL, 6118 IN KPROCESSOR_MODE AccessMode, 6119 OUT PHANDLE Handle); 6120 6121 NTKERNELAPI 6122 VOID 6123 NTAPI 6124 ObMakeTemporaryObject( 6125 IN PVOID Object); 6126 6127 NTKERNELAPI 6128 NTSTATUS 6129 NTAPI 6130 ObQueryNameString( 6131 IN PVOID Object, 6132 OUT POBJECT_NAME_INFORMATION ObjectNameInfo OPTIONAL, 6133 IN ULONG Length, 6134 OUT PULONG ReturnLength); 6135 6136 NTKERNELAPI 6137 NTSTATUS 6138 NTAPI 6139 ObQueryObjectAuditingByHandle( 6140 IN HANDLE Handle, 6141 OUT PBOOLEAN GenerateOnClose); 6142 #endif /* (NTDDI_VERSION >= NTDDI_WIN2K) */ 6143 6144 #if (NTDDI_VERSION >= NTDDI_VISTA) 6145 6146 NTKERNELAPI 6147 BOOLEAN 6148 NTAPI 6149 ObIsKernelHandle( 6150 IN HANDLE Handle); 6151 #endif 6152 6153 6154 #if (NTDDI_VERSION >= NTDDI_WIN7) 6155 6156 NTKERNELAPI 6157 NTSTATUS 6158 NTAPI 6159 ObOpenObjectByPointerWithTag( 6160 IN PVOID Object, 6161 IN ULONG HandleAttributes, 6162 IN PACCESS_STATE PassedAccessState OPTIONAL, 6163 IN ACCESS_MASK DesiredAccess, 6164 IN POBJECT_TYPE ObjectType OPTIONAL, 6165 IN KPROCESSOR_MODE AccessMode, 6166 IN ULONG Tag, 6167 OUT PHANDLE Handle); 6168 #endif /* (NTDDI_VERSION >= NTDDI_WIN7) */ 6169 6170 /* FSRTL Types */ 6171 6172 typedef ULONG LBN; 6173 typedef LBN *PLBN; 6174 6175 typedef ULONG VBN; 6176 typedef VBN *PVBN; 6177 6178 #define FSRTL_COMMON_FCB_HEADER_LAYOUT \ 6179 CSHORT NodeTypeCode; \ 6180 CSHORT NodeByteSize; \ 6181 UCHAR Flags; \ 6182 UCHAR IsFastIoPossible; \ 6183 UCHAR Flags2; \ 6184 UCHAR Reserved:4; \ 6185 UCHAR Version:4; \ 6186 PERESOURCE Resource; \ 6187 PERESOURCE PagingIoResource; \ 6188 LARGE_INTEGER AllocationSize; \ 6189 LARGE_INTEGER FileSize; \ 6190 LARGE_INTEGER ValidDataLength; 6191 6192 typedef struct _FSRTL_COMMON_FCB_HEADER { 6193 FSRTL_COMMON_FCB_HEADER_LAYOUT 6194 } FSRTL_COMMON_FCB_HEADER, *PFSRTL_COMMON_FCB_HEADER; 6195 6196 #ifdef __cplusplus 6197 typedef struct _FSRTL_ADVANCED_FCB_HEADER:FSRTL_COMMON_FCB_HEADER { 6198 #else /* __cplusplus */ 6199 typedef struct _FSRTL_ADVANCED_FCB_HEADER { 6200 FSRTL_COMMON_FCB_HEADER_LAYOUT 6201 #endif /* __cplusplus */ 6202 PFAST_MUTEX FastMutex; 6203 LIST_ENTRY FilterContexts; 6204 #if (NTDDI_VERSION >= NTDDI_VISTA) 6205 EX_PUSH_LOCK PushLock; 6206 PVOID *FileContextSupportPointer; 6207 #endif 6208 } FSRTL_ADVANCED_FCB_HEADER, *PFSRTL_ADVANCED_FCB_HEADER; 6209 6210 #define FSRTL_FCB_HEADER_V0 (0x00) 6211 #define FSRTL_FCB_HEADER_V1 (0x01) 6212 6213 #define FSRTL_FLAG_FILE_MODIFIED (0x01) 6214 #define FSRTL_FLAG_FILE_LENGTH_CHANGED (0x02) 6215 #define FSRTL_FLAG_LIMIT_MODIFIED_PAGES (0x04) 6216 #define FSRTL_FLAG_ACQUIRE_MAIN_RSRC_EX (0x08) 6217 #define FSRTL_FLAG_ACQUIRE_MAIN_RSRC_SH (0x10) 6218 #define FSRTL_FLAG_USER_MAPPED_FILE (0x20) 6219 #define FSRTL_FLAG_ADVANCED_HEADER (0x40) 6220 #define FSRTL_FLAG_EOF_ADVANCE_ACTIVE (0x80) 6221 6222 #define FSRTL_FLAG2_DO_MODIFIED_WRITE (0x01) 6223 #define FSRTL_FLAG2_SUPPORTS_FILTER_CONTEXTS (0x02) 6224 #define FSRTL_FLAG2_PURGE_WHEN_MAPPED (0x04) 6225 #define FSRTL_FLAG2_IS_PAGING_FILE (0x08) 6226 6227 #define FSRTL_FSP_TOP_LEVEL_IRP (0x01) 6228 #define FSRTL_CACHE_TOP_LEVEL_IRP (0x02) 6229 #define FSRTL_MOD_WRITE_TOP_LEVEL_IRP (0x03) 6230 #define FSRTL_FAST_IO_TOP_LEVEL_IRP (0x04) 6231 #define FSRTL_NETWORK1_TOP_LEVEL_IRP ((LONG_PTR)0x05) 6232 #define FSRTL_NETWORK2_TOP_LEVEL_IRP ((LONG_PTR)0x06) 6233 #define FSRTL_MAX_TOP_LEVEL_IRP_FLAG ((LONG_PTR)0xFFFF) 6234 6235 typedef struct _FSRTL_AUXILIARY_BUFFER { 6236 PVOID Buffer; 6237 ULONG Length; 6238 ULONG Flags; 6239 PMDL Mdl; 6240 } FSRTL_AUXILIARY_BUFFER, *PFSRTL_AUXILIARY_BUFFER; 6241 6242 #define FSRTL_AUXILIARY_FLAG_DEALLOCATE 0x00000001 6243 6244 typedef enum _FSRTL_COMPARISON_RESULT { 6245 LessThan = -1, 6246 EqualTo = 0, 6247 GreaterThan = 1 6248 } FSRTL_COMPARISON_RESULT; 6249 6250 #define FSRTL_FAT_LEGAL 0x01 6251 #define FSRTL_HPFS_LEGAL 0x02 6252 #define FSRTL_NTFS_LEGAL 0x04 6253 #define FSRTL_WILD_CHARACTER 0x08 6254 #define FSRTL_OLE_LEGAL 0x10 6255 #define FSRTL_NTFS_STREAM_LEGAL (FSRTL_NTFS_LEGAL | FSRTL_OLE_LEGAL) 6256 6257 #define FSRTL_VOLUME_DISMOUNT 1 6258 #define FSRTL_VOLUME_DISMOUNT_FAILED 2 6259 #define FSRTL_VOLUME_LOCK 3 6260 #define FSRTL_VOLUME_LOCK_FAILED 4 6261 #define FSRTL_VOLUME_UNLOCK 5 6262 #define FSRTL_VOLUME_MOUNT 6 6263 #define FSRTL_VOLUME_NEEDS_CHKDSK 7 6264 #define FSRTL_VOLUME_WORM_NEAR_FULL 8 6265 #define FSRTL_VOLUME_WEARING_OUT 9 6266 #define FSRTL_VOLUME_FORCED_CLOSED 10 6267 #define FSRTL_VOLUME_INFO_MAKE_COMPAT 11 6268 #define FSRTL_VOLUME_PREPARING_EJECT 12 6269 #define FSRTL_VOLUME_CHANGE_SIZE 13 6270 #define FSRTL_VOLUME_BACKGROUND_FORMAT 14 6271 6272 typedef VOID 6273 (NTAPI *PFSRTL_STACK_OVERFLOW_ROUTINE) ( 6274 IN PVOID Context, 6275 IN PKEVENT Event); 6276 6277 #if (NTDDI_VERSION >= NTDDI_VISTA) 6278 6279 #define FSRTL_UNC_PROVIDER_FLAGS_MAILSLOTS_SUPPORTED 0x00000001 6280 #define FSRTL_UNC_PROVIDER_FLAGS_CSC_ENABLED 0x00000002 6281 #define FSRTL_UNC_PROVIDER_FLAGS_DOMAIN_SVC_AWARE 0x00000004 6282 6283 #define FSRTL_ALLOCATE_ECPLIST_FLAG_CHARGE_QUOTA 0x00000001 6284 6285 #define FSRTL_ALLOCATE_ECP_FLAG_CHARGE_QUOTA 0x00000001 6286 #define FSRTL_ALLOCATE_ECP_FLAG_NONPAGED_POOL 0x00000002 6287 6288 #define FSRTL_ECP_LOOKASIDE_FLAG_NONPAGED_POOL 0x00000002 6289 6290 #define FSRTL_VIRTDISK_FULLY_ALLOCATED 0x00000001 6291 #define FSRTL_VIRTDISK_NO_DRIVE_LETTER 0x00000002 6292 6293 typedef struct _FSRTL_MUP_PROVIDER_INFO_LEVEL_1 { 6294 ULONG32 ProviderId; 6295 } FSRTL_MUP_PROVIDER_INFO_LEVEL_1, *PFSRTL_MUP_PROVIDER_INFO_LEVEL_1; 6296 6297 typedef struct _FSRTL_MUP_PROVIDER_INFO_LEVEL_2 { 6298 ULONG32 ProviderId; 6299 UNICODE_STRING ProviderName; 6300 } FSRTL_MUP_PROVIDER_INFO_LEVEL_2, *PFSRTL_MUP_PROVIDER_INFO_LEVEL_2; 6301 6302 typedef VOID 6303 (*PFSRTL_EXTRA_CREATE_PARAMETER_CLEANUP_CALLBACK) ( 6304 IN OUT PVOID EcpContext, 6305 IN LPCGUID EcpType); 6306 6307 typedef struct _ECP_LIST ECP_LIST, *PECP_LIST; 6308 6309 typedef ULONG FSRTL_ALLOCATE_ECPLIST_FLAGS; 6310 typedef ULONG FSRTL_ALLOCATE_ECP_FLAGS; 6311 typedef ULONG FSRTL_ECP_LOOKASIDE_FLAGS; 6312 6313 typedef enum _FSRTL_CHANGE_BACKING_TYPE { 6314 ChangeDataControlArea, 6315 ChangeImageControlArea, 6316 ChangeSharedCacheMap 6317 } FSRTL_CHANGE_BACKING_TYPE, *PFSRTL_CHANGE_BACKING_TYPE; 6318 6319 #endif /* (NTDDI_VERSION >= NTDDI_VISTA) */ 6320 6321 typedef struct _FSRTL_PER_FILE_CONTEXT { 6322 LIST_ENTRY Links; 6323 PVOID OwnerId; 6324 PVOID InstanceId; 6325 PFREE_FUNCTION FreeCallback; 6326 } FSRTL_PER_FILE_CONTEXT, *PFSRTL_PER_FILE_CONTEXT; 6327 6328 typedef struct _FSRTL_PER_STREAM_CONTEXT { 6329 LIST_ENTRY Links; 6330 PVOID OwnerId; 6331 PVOID InstanceId; 6332 PFREE_FUNCTION FreeCallback; 6333 } FSRTL_PER_STREAM_CONTEXT, *PFSRTL_PER_STREAM_CONTEXT; 6334 6335 #if (NTDDI_VERSION >= NTDDI_WIN2K) 6336 typedef VOID 6337 (*PFN_FSRTLTEARDOWNPERSTREAMCONTEXTS) ( 6338 IN PFSRTL_ADVANCED_FCB_HEADER AdvancedHeader); 6339 #endif 6340 6341 typedef struct _FSRTL_PER_FILEOBJECT_CONTEXT { 6342 LIST_ENTRY Links; 6343 PVOID OwnerId; 6344 PVOID InstanceId; 6345 } FSRTL_PER_FILEOBJECT_CONTEXT, *PFSRTL_PER_FILEOBJECT_CONTEXT; 6346 6347 #define FSRTL_CC_FLUSH_ERROR_FLAG_NO_HARD_ERROR 0x1 6348 #define FSRTL_CC_FLUSH_ERROR_FLAG_NO_LOG_ENTRY 0x2 6349 6350 typedef NTSTATUS 6351 (NTAPI *PCOMPLETE_LOCK_IRP_ROUTINE) ( 6352 IN PVOID Context, 6353 IN PIRP Irp); 6354 6355 typedef struct _FILE_LOCK_INFO { 6356 LARGE_INTEGER StartingByte; 6357 LARGE_INTEGER Length; 6358 BOOLEAN ExclusiveLock; 6359 ULONG Key; 6360 PFILE_OBJECT FileObject; 6361 PVOID ProcessId; 6362 LARGE_INTEGER EndingByte; 6363 } FILE_LOCK_INFO, *PFILE_LOCK_INFO; 6364 6365 typedef VOID 6366 (NTAPI *PUNLOCK_ROUTINE) ( 6367 IN PVOID Context, 6368 IN PFILE_LOCK_INFO FileLockInfo); 6369 6370 typedef struct _FILE_LOCK { 6371 PCOMPLETE_LOCK_IRP_ROUTINE CompleteLockIrpRoutine; 6372 PUNLOCK_ROUTINE UnlockRoutine; 6373 BOOLEAN FastIoIsQuestionable; 6374 BOOLEAN SpareC[3]; 6375 PVOID LockInformation; 6376 FILE_LOCK_INFO LastReturnedLockInfo; 6377 PVOID LastReturnedLock; 6378 LONG volatile LockRequestsInProgress; 6379 } FILE_LOCK, *PFILE_LOCK; 6380 6381 typedef struct _TUNNEL { 6382 FAST_MUTEX Mutex; 6383 PRTL_SPLAY_LINKS Cache; 6384 LIST_ENTRY TimerQueue; 6385 USHORT NumEntries; 6386 } TUNNEL, *PTUNNEL; 6387 6388 typedef struct _BASE_MCB { 6389 ULONG MaximumPairCount; 6390 ULONG PairCount; 6391 USHORT PoolType; 6392 USHORT Flags; 6393 PVOID Mapping; 6394 } BASE_MCB, *PBASE_MCB; 6395 6396 typedef struct _LARGE_MCB { 6397 PKGUARDED_MUTEX GuardedMutex; 6398 BASE_MCB BaseMcb; 6399 } LARGE_MCB, *PLARGE_MCB; 6400 6401 #define MCB_FLAG_RAISE_ON_ALLOCATION_FAILURE 1 6402 6403 typedef struct _MCB { 6404 LARGE_MCB DummyFieldThatSizesThisStructureCorrectly; 6405 } MCB, *PMCB; 6406 6407 typedef enum _FAST_IO_POSSIBLE { 6408 FastIoIsNotPossible = 0, 6409 FastIoIsPossible, 6410 FastIoIsQuestionable 6411 } FAST_IO_POSSIBLE; 6412 6413 typedef struct _EOF_WAIT_BLOCK { 6414 LIST_ENTRY EofWaitLinks; 6415 KEVENT Event; 6416 } EOF_WAIT_BLOCK, *PEOF_WAIT_BLOCK; 6417 6418 typedef PVOID OPLOCK, *POPLOCK; 6419 6420 typedef VOID 6421 (NTAPI *POPLOCK_WAIT_COMPLETE_ROUTINE) ( 6422 IN PVOID Context, 6423 IN PIRP Irp); 6424 6425 typedef VOID 6426 (NTAPI *POPLOCK_FS_PREPOST_IRP) ( 6427 IN PVOID Context, 6428 IN PIRP Irp); 6429 6430 #if (NTDDI_VERSION >= NTDDI_VISTASP1) 6431 #define OPLOCK_FLAG_COMPLETE_IF_OPLOCKED 0x00000001 6432 #endif 6433 6434 #if (NTDDI_VERSION >= NTDDI_WIN7) 6435 #define OPLOCK_FLAG_OPLOCK_KEY_CHECK_ONLY 0x00000002 6436 #define OPLOCK_FLAG_BACK_OUT_ATOMIC_OPLOCK 0x00000004 6437 #define OPLOCK_FLAG_IGNORE_OPLOCK_KEYS 0x00000008 6438 #define OPLOCK_FSCTRL_FLAG_ALL_KEYS_MATCH 0x00000001 6439 #endif 6440 6441 #if (NTDDI_VERSION >= NTDDI_WIN7) 6442 6443 typedef struct _OPLOCK_KEY_ECP_CONTEXT { 6444 GUID OplockKey; 6445 ULONG Reserved; 6446 } OPLOCK_KEY_ECP_CONTEXT, *POPLOCK_KEY_ECP_CONTEXT; 6447 6448 DEFINE_GUID(GUID_ECP_OPLOCK_KEY, 0x48850596, 0x3050, 0x4be7, 0x98, 0x63, 0xfe, 0xc3, 0x50, 0xce, 0x8d, 0x7f); 6449 6450 #endif 6451 6452 typedef PVOID PNOTIFY_SYNC; 6453 6454 #if (NTDDI_VERSION >= NTDDI_WIN7) 6455 typedef struct _ECP_HEADER ECP_HEADER, *PECP_HEADER; 6456 #endif 6457 6458 typedef BOOLEAN 6459 (NTAPI *PCHECK_FOR_TRAVERSE_ACCESS) ( 6460 IN PVOID NotifyContext, 6461 IN PVOID TargetContext OPTIONAL, 6462 IN PSECURITY_SUBJECT_CONTEXT SubjectContext); 6463 6464 typedef BOOLEAN 6465 (NTAPI *PFILTER_REPORT_CHANGE) ( 6466 IN PVOID NotifyContext, 6467 IN PVOID FilterContext); 6468 /* FSRTL Functions */ 6469 6470 #define FsRtlEnterFileSystem KeEnterCriticalRegion 6471 #define FsRtlExitFileSystem KeLeaveCriticalRegion 6472 6473 #if (NTDDI_VERSION >= NTDDI_WIN2K) 6474 6475 NTKERNELAPI 6476 BOOLEAN 6477 NTAPI 6478 FsRtlCopyRead( 6479 IN PFILE_OBJECT FileObject, 6480 IN PLARGE_INTEGER FileOffset, 6481 IN ULONG Length, 6482 IN BOOLEAN Wait, 6483 IN ULONG LockKey, 6484 OUT PVOID Buffer, 6485 OUT PIO_STATUS_BLOCK IoStatus, 6486 IN PDEVICE_OBJECT DeviceObject); 6487 6488 NTKERNELAPI 6489 BOOLEAN 6490 NTAPI 6491 FsRtlCopyWrite( 6492 IN PFILE_OBJECT FileObject, 6493 IN PLARGE_INTEGER FileOffset, 6494 IN ULONG Length, 6495 IN BOOLEAN Wait, 6496 IN ULONG LockKey, 6497 IN PVOID Buffer, 6498 OUT PIO_STATUS_BLOCK IoStatus, 6499 IN PDEVICE_OBJECT DeviceObject); 6500 6501 NTKERNELAPI 6502 BOOLEAN 6503 NTAPI 6504 FsRtlMdlReadDev( 6505 IN PFILE_OBJECT FileObject, 6506 IN PLARGE_INTEGER FileOffset, 6507 IN ULONG Length, 6508 IN ULONG LockKey, 6509 OUT PMDL *MdlChain, 6510 OUT PIO_STATUS_BLOCK IoStatus, 6511 IN PDEVICE_OBJECT DeviceObject OPTIONAL); 6512 6513 NTKERNELAPI 6514 BOOLEAN 6515 NTAPI 6516 FsRtlMdlReadCompleteDev( 6517 IN PFILE_OBJECT FileObject, 6518 IN PMDL MdlChain, 6519 IN PDEVICE_OBJECT DeviceObject OPTIONAL); 6520 6521 NTKERNELAPI 6522 BOOLEAN 6523 NTAPI 6524 FsRtlPrepareMdlWriteDev( 6525 IN PFILE_OBJECT FileObject, 6526 IN PLARGE_INTEGER FileOffset, 6527 IN ULONG Length, 6528 IN ULONG LockKey, 6529 OUT PMDL *MdlChain, 6530 OUT PIO_STATUS_BLOCK IoStatus, 6531 IN PDEVICE_OBJECT DeviceObject); 6532 6533 NTKERNELAPI 6534 BOOLEAN 6535 NTAPI 6536 FsRtlMdlWriteCompleteDev( 6537 IN PFILE_OBJECT FileObject, 6538 IN PLARGE_INTEGER FileOffset, 6539 IN PMDL MdlChain, 6540 IN PDEVICE_OBJECT DeviceObject); 6541 6542 NTKERNELAPI 6543 VOID 6544 NTAPI 6545 FsRtlAcquireFileExclusive( 6546 IN PFILE_OBJECT FileObject); 6547 6548 NTKERNELAPI 6549 VOID 6550 NTAPI 6551 FsRtlReleaseFile( 6552 IN PFILE_OBJECT FileObject); 6553 6554 NTKERNELAPI 6555 NTSTATUS 6556 NTAPI 6557 FsRtlGetFileSize( 6558 IN PFILE_OBJECT FileObject, 6559 OUT PLARGE_INTEGER FileSize); 6560 6561 NTKERNELAPI 6562 BOOLEAN 6563 NTAPI 6564 FsRtlIsTotalDeviceFailure( 6565 IN NTSTATUS Status); 6566 6567 NTKERNELAPI 6568 PFILE_LOCK 6569 NTAPI 6570 FsRtlAllocateFileLock( 6571 IN PCOMPLETE_LOCK_IRP_ROUTINE CompleteLockIrpRoutine OPTIONAL, 6572 IN PUNLOCK_ROUTINE UnlockRoutine OPTIONAL); 6573 6574 NTKERNELAPI 6575 VOID 6576 NTAPI 6577 FsRtlFreeFileLock( 6578 IN PFILE_LOCK FileLock); 6579 6580 NTKERNELAPI 6581 VOID 6582 NTAPI 6583 FsRtlInitializeFileLock( 6584 IN PFILE_LOCK FileLock, 6585 IN PCOMPLETE_LOCK_IRP_ROUTINE CompleteLockIrpRoutine OPTIONAL, 6586 IN PUNLOCK_ROUTINE UnlockRoutine OPTIONAL); 6587 6588 NTKERNELAPI 6589 VOID 6590 NTAPI 6591 FsRtlUninitializeFileLock( 6592 IN PFILE_LOCK FileLock); 6593 6594 /* 6595 FsRtlProcessFileLock: 6596 6597 ret: 6598 -STATUS_INVALID_DEVICE_REQUEST 6599 -STATUS_RANGE_NOT_LOCKED from unlock routines. 6600 -STATUS_PENDING, STATUS_LOCK_NOT_GRANTED from FsRtlPrivateLock 6601 (redirected IoStatus->Status). 6602 6603 Internals: 6604 -switch ( Irp->CurrentStackLocation->MinorFunction ) 6605 lock: return FsRtlPrivateLock; 6606 unlocksingle: return FsRtlFastUnlockSingle; 6607 unlockall: return FsRtlFastUnlockAll; 6608 unlockallbykey: return FsRtlFastUnlockAllByKey; 6609 default: IofCompleteRequest with STATUS_INVALID_DEVICE_REQUEST; 6610 return STATUS_INVALID_DEVICE_REQUEST; 6611 6612 -'AllwaysZero' is passed thru as 'AllwaysZero' to lock / unlock routines. 6613 -'Irp' is passet thru as 'Irp' to FsRtlPrivateLock. 6614 */ 6615 NTKERNELAPI 6616 NTSTATUS 6617 NTAPI 6618 FsRtlProcessFileLock( 6619 IN PFILE_LOCK FileLock, 6620 IN PIRP Irp, 6621 IN PVOID Context OPTIONAL); 6622 6623 /* 6624 FsRtlCheckLockForReadAccess: 6625 6626 All this really does is pick out the lock parameters from the irp (io stack 6627 location?), get IoGetRequestorProcess, and pass values on to 6628 FsRtlFastCheckLockForRead. 6629 */ 6630 NTKERNELAPI 6631 BOOLEAN 6632 NTAPI 6633 FsRtlCheckLockForReadAccess( 6634 IN PFILE_LOCK FileLock, 6635 IN PIRP Irp); 6636 6637 /* 6638 FsRtlCheckLockForWriteAccess: 6639 6640 All this really does is pick out the lock parameters from the irp (io stack 6641 location?), get IoGetRequestorProcess, and pass values on to 6642 FsRtlFastCheckLockForWrite. 6643 */ 6644 NTKERNELAPI 6645 BOOLEAN 6646 NTAPI 6647 FsRtlCheckLockForWriteAccess( 6648 IN PFILE_LOCK FileLock, 6649 IN PIRP Irp); 6650 6651 NTKERNELAPI 6652 BOOLEAN 6653 NTAPI 6654 FsRtlFastCheckLockForRead( 6655 IN PFILE_LOCK FileLock, 6656 IN PLARGE_INTEGER FileOffset, 6657 IN PLARGE_INTEGER Length, 6658 IN ULONG Key, 6659 IN PFILE_OBJECT FileObject, 6660 IN PVOID Process); 6661 6662 NTKERNELAPI 6663 BOOLEAN 6664 NTAPI 6665 FsRtlFastCheckLockForWrite( 6666 IN PFILE_LOCK FileLock, 6667 IN PLARGE_INTEGER FileOffset, 6668 IN PLARGE_INTEGER Length, 6669 IN ULONG Key, 6670 IN PFILE_OBJECT FileObject, 6671 IN PVOID Process); 6672 6673 /* 6674 FsRtlGetNextFileLock: 6675 6676 ret: NULL if no more locks 6677 6678 Internals: 6679 FsRtlGetNextFileLock uses FileLock->LastReturnedLockInfo and 6680 FileLock->LastReturnedLock as storage. 6681 LastReturnedLock is a pointer to the 'raw' lock inkl. double linked 6682 list, and FsRtlGetNextFileLock needs this to get next lock on subsequent 6683 calls with Restart = FALSE. 6684 */ 6685 NTKERNELAPI 6686 PFILE_LOCK_INFO 6687 NTAPI 6688 FsRtlGetNextFileLock( 6689 IN PFILE_LOCK FileLock, 6690 IN BOOLEAN Restart); 6691 6692 NTKERNELAPI 6693 NTSTATUS 6694 NTAPI 6695 FsRtlFastUnlockSingle( 6696 IN PFILE_LOCK FileLock, 6697 IN PFILE_OBJECT FileObject, 6698 IN PLARGE_INTEGER FileOffset, 6699 IN PLARGE_INTEGER Length, 6700 IN PEPROCESS Process, 6701 IN ULONG Key, 6702 IN PVOID Context OPTIONAL, 6703 IN BOOLEAN AlreadySynchronized); 6704 6705 NTKERNELAPI 6706 NTSTATUS 6707 NTAPI 6708 FsRtlFastUnlockAll( 6709 IN PFILE_LOCK FileLock, 6710 IN PFILE_OBJECT FileObject, 6711 IN PEPROCESS Process, 6712 IN PVOID Context OPTIONAL); 6713 6714 NTKERNELAPI 6715 NTSTATUS 6716 NTAPI 6717 FsRtlFastUnlockAllByKey( 6718 IN PFILE_LOCK FileLock, 6719 IN PFILE_OBJECT FileObject, 6720 IN PEPROCESS Process, 6721 IN ULONG Key, 6722 IN PVOID Context OPTIONAL); 6723 6724 /* 6725 FsRtlPrivateLock: 6726 6727 ret: IoStatus->Status: STATUS_PENDING, STATUS_LOCK_NOT_GRANTED 6728 6729 Internals: 6730 -Calls IoCompleteRequest if Irp 6731 -Uses exception handling / ExRaiseStatus with STATUS_INSUFFICIENT_RESOURCES 6732 */ 6733 NTKERNELAPI 6734 BOOLEAN 6735 NTAPI 6736 FsRtlPrivateLock( 6737 IN PFILE_LOCK FileLock, 6738 IN PFILE_OBJECT FileObject, 6739 IN PLARGE_INTEGER FileOffset, 6740 IN PLARGE_INTEGER Length, 6741 IN PEPROCESS Process, 6742 IN ULONG Key, 6743 IN BOOLEAN FailImmediately, 6744 IN BOOLEAN ExclusiveLock, 6745 OUT PIO_STATUS_BLOCK IoStatus, 6746 IN PIRP Irp OPTIONAL, 6747 IN PVOID Context, 6748 IN BOOLEAN AlreadySynchronized); 6749 6750 NTKERNELAPI 6751 VOID 6752 NTAPI 6753 FsRtlInitializeTunnelCache( 6754 IN PTUNNEL Cache); 6755 6756 NTKERNELAPI 6757 VOID 6758 NTAPI 6759 FsRtlAddToTunnelCache( 6760 IN PTUNNEL Cache, 6761 IN ULONGLONG DirectoryKey, 6762 IN PUNICODE_STRING ShortName, 6763 IN PUNICODE_STRING LongName, 6764 IN BOOLEAN KeyByShortName, 6765 IN ULONG DataLength, 6766 IN PVOID Data); 6767 6768 NTKERNELAPI 6769 BOOLEAN 6770 NTAPI 6771 FsRtlFindInTunnelCache( 6772 IN PTUNNEL Cache, 6773 IN ULONGLONG DirectoryKey, 6774 IN PUNICODE_STRING Name, 6775 OUT PUNICODE_STRING ShortName, 6776 OUT PUNICODE_STRING LongName, 6777 IN OUT PULONG DataLength, 6778 OUT PVOID Data); 6779 6780 NTKERNELAPI 6781 VOID 6782 NTAPI 6783 FsRtlDeleteKeyFromTunnelCache( 6784 IN PTUNNEL Cache, 6785 IN ULONGLONG DirectoryKey); 6786 6787 NTKERNELAPI 6788 VOID 6789 NTAPI 6790 FsRtlDeleteTunnelCache( 6791 IN PTUNNEL Cache); 6792 6793 NTKERNELAPI 6794 VOID 6795 NTAPI 6796 FsRtlDissectDbcs( 6797 IN ANSI_STRING Name, 6798 OUT PANSI_STRING FirstPart, 6799 OUT PANSI_STRING RemainingPart); 6800 6801 NTKERNELAPI 6802 BOOLEAN 6803 NTAPI 6804 FsRtlDoesDbcsContainWildCards( 6805 IN PANSI_STRING Name); 6806 6807 NTKERNELAPI 6808 BOOLEAN 6809 NTAPI 6810 FsRtlIsDbcsInExpression( 6811 IN PANSI_STRING Expression, 6812 IN PANSI_STRING Name); 6813 6814 NTKERNELAPI 6815 BOOLEAN 6816 NTAPI 6817 FsRtlIsFatDbcsLegal( 6818 IN ANSI_STRING DbcsName, 6819 IN BOOLEAN WildCardsPermissible, 6820 IN BOOLEAN PathNamePermissible, 6821 IN BOOLEAN LeadingBackslashPermissible); 6822 6823 NTKERNELAPI 6824 BOOLEAN 6825 NTAPI 6826 FsRtlIsHpfsDbcsLegal( 6827 IN ANSI_STRING DbcsName, 6828 IN BOOLEAN WildCardsPermissible, 6829 IN BOOLEAN PathNamePermissible, 6830 IN BOOLEAN LeadingBackslashPermissible); 6831 6832 NTKERNELAPI 6833 NTSTATUS 6834 NTAPI 6835 FsRtlNormalizeNtstatus( 6836 IN NTSTATUS Exception, 6837 IN NTSTATUS GenericException); 6838 6839 NTKERNELAPI 6840 BOOLEAN 6841 NTAPI 6842 FsRtlIsNtstatusExpected( 6843 IN NTSTATUS Ntstatus); 6844 6845 NTKERNELAPI 6846 PERESOURCE 6847 NTAPI 6848 FsRtlAllocateResource( 6849 VOID); 6850 6851 NTKERNELAPI 6852 VOID 6853 NTAPI 6854 FsRtlInitializeLargeMcb( 6855 IN PLARGE_MCB Mcb, 6856 IN POOL_TYPE PoolType); 6857 6858 NTKERNELAPI 6859 VOID 6860 NTAPI 6861 FsRtlUninitializeLargeMcb( 6862 IN PLARGE_MCB Mcb); 6863 6864 NTKERNELAPI 6865 VOID 6866 NTAPI 6867 FsRtlResetLargeMcb( 6868 IN PLARGE_MCB Mcb, 6869 IN BOOLEAN SelfSynchronized); 6870 6871 NTKERNELAPI 6872 VOID 6873 NTAPI 6874 FsRtlTruncateLargeMcb( 6875 IN PLARGE_MCB Mcb, 6876 IN LONGLONG Vbn); 6877 6878 NTKERNELAPI 6879 BOOLEAN 6880 NTAPI 6881 FsRtlAddLargeMcbEntry( 6882 IN PLARGE_MCB Mcb, 6883 IN LONGLONG Vbn, 6884 IN LONGLONG Lbn, 6885 IN LONGLONG SectorCount); 6886 6887 NTKERNELAPI 6888 VOID 6889 NTAPI 6890 FsRtlRemoveLargeMcbEntry( 6891 IN PLARGE_MCB Mcb, 6892 IN LONGLONG Vbn, 6893 IN LONGLONG SectorCount); 6894 6895 NTKERNELAPI 6896 BOOLEAN 6897 NTAPI 6898 FsRtlLookupLargeMcbEntry( 6899 IN PLARGE_MCB Mcb, 6900 IN LONGLONG Vbn, 6901 OUT PLONGLONG Lbn OPTIONAL, 6902 OUT PLONGLONG SectorCountFromLbn OPTIONAL, 6903 OUT PLONGLONG StartingLbn OPTIONAL, 6904 OUT PLONGLONG SectorCountFromStartingLbn OPTIONAL, 6905 OUT PULONG Index OPTIONAL); 6906 6907 NTKERNELAPI 6908 BOOLEAN 6909 NTAPI 6910 FsRtlLookupLastLargeMcbEntry( 6911 IN PLARGE_MCB Mcb, 6912 OUT PLONGLONG Vbn, 6913 OUT PLONGLONG Lbn); 6914 6915 NTKERNELAPI 6916 BOOLEAN 6917 NTAPI 6918 FsRtlLookupLastLargeMcbEntryAndIndex( 6919 IN PLARGE_MCB OpaqueMcb, 6920 OUT PLONGLONG LargeVbn, 6921 OUT PLONGLONG LargeLbn, 6922 OUT PULONG Index); 6923 6924 NTKERNELAPI 6925 ULONG 6926 NTAPI 6927 FsRtlNumberOfRunsInLargeMcb( 6928 IN PLARGE_MCB Mcb); 6929 6930 NTKERNELAPI 6931 BOOLEAN 6932 NTAPI 6933 FsRtlGetNextLargeMcbEntry( 6934 IN PLARGE_MCB Mcb, 6935 IN ULONG RunIndex, 6936 OUT PLONGLONG Vbn, 6937 OUT PLONGLONG Lbn, 6938 OUT PLONGLONG SectorCount); 6939 6940 NTKERNELAPI 6941 BOOLEAN 6942 NTAPI 6943 FsRtlSplitLargeMcb( 6944 IN PLARGE_MCB Mcb, 6945 IN LONGLONG Vbn, 6946 IN LONGLONG Amount); 6947 6948 NTKERNELAPI 6949 VOID 6950 NTAPI 6951 FsRtlInitializeMcb( 6952 IN PMCB Mcb, 6953 IN POOL_TYPE PoolType); 6954 6955 NTKERNELAPI 6956 VOID 6957 NTAPI 6958 FsRtlUninitializeMcb( 6959 IN PMCB Mcb); 6960 6961 NTKERNELAPI 6962 VOID 6963 NTAPI 6964 FsRtlTruncateMcb( 6965 IN PMCB Mcb, 6966 IN VBN Vbn); 6967 6968 NTKERNELAPI 6969 BOOLEAN 6970 NTAPI 6971 FsRtlAddMcbEntry( 6972 IN PMCB Mcb, 6973 IN VBN Vbn, 6974 IN LBN Lbn, 6975 IN ULONG SectorCount); 6976 6977 NTKERNELAPI 6978 VOID 6979 NTAPI 6980 FsRtlRemoveMcbEntry( 6981 IN PMCB Mcb, 6982 IN VBN Vbn, 6983 IN ULONG SectorCount); 6984 6985 NTKERNELAPI 6986 BOOLEAN 6987 NTAPI 6988 FsRtlLookupMcbEntry( 6989 IN PMCB Mcb, 6990 IN VBN Vbn, 6991 OUT PLBN Lbn, 6992 OUT PULONG SectorCount OPTIONAL, 6993 OUT PULONG Index); 6994 6995 NTKERNELAPI 6996 BOOLEAN 6997 NTAPI 6998 FsRtlLookupLastMcbEntry( 6999 IN PMCB Mcb, 7000 OUT PVBN Vbn, 7001 OUT PLBN Lbn); 7002 7003 NTKERNELAPI 7004 ULONG 7005 NTAPI 7006 FsRtlNumberOfRunsInMcb( 7007 IN PMCB Mcb); 7008 7009 NTKERNELAPI 7010 BOOLEAN 7011 NTAPI 7012 FsRtlGetNextMcbEntry( 7013 IN PMCB Mcb, 7014 IN ULONG RunIndex, 7015 OUT PVBN Vbn, 7016 OUT PLBN Lbn, 7017 OUT PULONG SectorCount); 7018 7019 NTKERNELAPI 7020 NTSTATUS 7021 NTAPI 7022 FsRtlBalanceReads( 7023 IN PDEVICE_OBJECT TargetDevice); 7024 7025 NTKERNELAPI 7026 VOID 7027 NTAPI 7028 FsRtlInitializeOplock( 7029 IN OUT POPLOCK Oplock); 7030 7031 NTKERNELAPI 7032 VOID 7033 NTAPI 7034 FsRtlUninitializeOplock( 7035 IN OUT POPLOCK Oplock); 7036 7037 NTKERNELAPI 7038 NTSTATUS 7039 NTAPI 7040 FsRtlOplockFsctrl( 7041 IN POPLOCK Oplock, 7042 IN PIRP Irp, 7043 IN ULONG OpenCount); 7044 7045 NTKERNELAPI 7046 NTSTATUS 7047 NTAPI 7048 FsRtlCheckOplock( 7049 IN POPLOCK Oplock, 7050 IN PIRP Irp, 7051 IN PVOID Context, 7052 IN POPLOCK_WAIT_COMPLETE_ROUTINE CompletionRoutine OPTIONAL, 7053 IN POPLOCK_FS_PREPOST_IRP PostIrpRoutine OPTIONAL); 7054 7055 NTKERNELAPI 7056 BOOLEAN 7057 NTAPI 7058 FsRtlOplockIsFastIoPossible( 7059 IN POPLOCK Oplock); 7060 7061 NTKERNELAPI 7062 BOOLEAN 7063 NTAPI 7064 FsRtlCurrentBatchOplock( 7065 IN POPLOCK Oplock); 7066 7067 NTKERNELAPI 7068 NTSTATUS 7069 NTAPI 7070 FsRtlNotifyVolumeEvent( 7071 IN PFILE_OBJECT FileObject, 7072 IN ULONG EventCode); 7073 7074 NTKERNELAPI 7075 VOID 7076 NTAPI 7077 FsRtlNotifyInitializeSync( 7078 IN PNOTIFY_SYNC *NotifySync); 7079 7080 NTKERNELAPI 7081 VOID 7082 NTAPI 7083 FsRtlNotifyUninitializeSync( 7084 IN PNOTIFY_SYNC *NotifySync); 7085 7086 NTKERNELAPI 7087 VOID 7088 NTAPI 7089 FsRtlNotifyFullChangeDirectory( 7090 IN PNOTIFY_SYNC NotifySync, 7091 IN PLIST_ENTRY NotifyList, 7092 IN PVOID FsContext, 7093 IN PSTRING FullDirectoryName, 7094 IN BOOLEAN WatchTree, 7095 IN BOOLEAN IgnoreBuffer, 7096 IN ULONG CompletionFilter, 7097 IN PIRP NotifyIrp OPTIONAL, 7098 IN PCHECK_FOR_TRAVERSE_ACCESS TraverseCallback OPTIONAL, 7099 IN PSECURITY_SUBJECT_CONTEXT SubjectContext OPTIONAL); 7100 7101 NTKERNELAPI 7102 VOID 7103 NTAPI 7104 FsRtlNotifyFilterReportChange( 7105 IN PNOTIFY_SYNC NotifySync, 7106 IN PLIST_ENTRY NotifyList, 7107 IN PSTRING FullTargetName, 7108 IN USHORT TargetNameOffset, 7109 IN PSTRING StreamName OPTIONAL, 7110 IN PSTRING NormalizedParentName OPTIONAL, 7111 IN ULONG FilterMatch, 7112 IN ULONG Action, 7113 IN PVOID TargetContext OPTIONAL, 7114 IN PVOID FilterContext OPTIONAL); 7115 7116 NTKERNELAPI 7117 VOID 7118 NTAPI 7119 FsRtlNotifyFullReportChange( 7120 IN PNOTIFY_SYNC NotifySync, 7121 IN PLIST_ENTRY NotifyList, 7122 IN PSTRING FullTargetName, 7123 IN USHORT TargetNameOffset, 7124 IN PSTRING StreamName OPTIONAL, 7125 IN PSTRING NormalizedParentName OPTIONAL, 7126 IN ULONG FilterMatch, 7127 IN ULONG Action, 7128 IN PVOID TargetContext OPTIONAL); 7129 7130 NTKERNELAPI 7131 VOID 7132 NTAPI 7133 FsRtlNotifyCleanup( 7134 IN PNOTIFY_SYNC NotifySync, 7135 IN PLIST_ENTRY NotifyList, 7136 IN PVOID FsContext); 7137 7138 NTKERNELAPI 7139 VOID 7140 NTAPI 7141 FsRtlDissectName( 7142 IN UNICODE_STRING Name, 7143 OUT PUNICODE_STRING FirstPart, 7144 OUT PUNICODE_STRING RemainingPart); 7145 7146 NTKERNELAPI 7147 BOOLEAN 7148 NTAPI 7149 FsRtlDoesNameContainWildCards( 7150 IN PUNICODE_STRING Name); 7151 7152 NTKERNELAPI 7153 BOOLEAN 7154 NTAPI 7155 FsRtlAreNamesEqual( 7156 IN PCUNICODE_STRING Name1, 7157 IN PCUNICODE_STRING Name2, 7158 IN BOOLEAN IgnoreCase, 7159 IN PCWCH UpcaseTable OPTIONAL); 7160 7161 NTKERNELAPI 7162 BOOLEAN 7163 NTAPI 7164 FsRtlIsNameInExpression( 7165 IN PUNICODE_STRING Expression, 7166 IN PUNICODE_STRING Name, 7167 IN BOOLEAN IgnoreCase, 7168 IN PWCHAR UpcaseTable OPTIONAL); 7169 7170 NTKERNELAPI 7171 VOID 7172 NTAPI 7173 FsRtlPostPagingFileStackOverflow( 7174 IN PVOID Context, 7175 IN PKEVENT Event, 7176 IN PFSRTL_STACK_OVERFLOW_ROUTINE StackOverflowRoutine); 7177 7178 NTKERNELAPI 7179 VOID 7180 NTAPI 7181 FsRtlPostStackOverflow ( 7182 IN PVOID Context, 7183 IN PKEVENT Event, 7184 IN PFSRTL_STACK_OVERFLOW_ROUTINE StackOverflowRoutine); 7185 7186 NTKERNELAPI 7187 NTSTATUS 7188 NTAPI 7189 FsRtlRegisterUncProvider( 7190 OUT PHANDLE MupHandle, 7191 IN PUNICODE_STRING RedirectorDeviceName, 7192 IN BOOLEAN MailslotsSupported); 7193 7194 NTKERNELAPI 7195 VOID 7196 NTAPI 7197 FsRtlDeregisterUncProvider( 7198 IN HANDLE Handle); 7199 7200 NTKERNELAPI 7201 VOID 7202 NTAPI 7203 FsRtlTeardownPerStreamContexts( 7204 IN PFSRTL_ADVANCED_FCB_HEADER AdvancedHeader); 7205 7206 NTKERNELAPI 7207 NTSTATUS 7208 NTAPI 7209 FsRtlCreateSectionForDataScan( 7210 OUT PHANDLE SectionHandle, 7211 OUT PVOID *SectionObject, 7212 OUT PLARGE_INTEGER SectionFileSize OPTIONAL, 7213 IN PFILE_OBJECT FileObject, 7214 IN ACCESS_MASK DesiredAccess, 7215 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, 7216 IN PLARGE_INTEGER MaximumSize OPTIONAL, 7217 IN ULONG SectionPageProtection, 7218 IN ULONG AllocationAttributes, 7219 IN ULONG Flags); 7220 7221 #endif /* (NTDDI_VERSION >= NTDDI_WIN2K) */ 7222 7223 #if (NTDDI_VERSION >= NTDDI_WINXP) 7224 7225 NTKERNELAPI 7226 VOID 7227 NTAPI 7228 FsRtlNotifyFilterChangeDirectory( 7229 IN PNOTIFY_SYNC NotifySync, 7230 IN PLIST_ENTRY NotifyList, 7231 IN PVOID FsContext, 7232 IN PSTRING FullDirectoryName, 7233 IN BOOLEAN WatchTree, 7234 IN BOOLEAN IgnoreBuffer, 7235 IN ULONG CompletionFilter, 7236 IN PIRP NotifyIrp OPTIONAL, 7237 IN PCHECK_FOR_TRAVERSE_ACCESS TraverseCallback OPTIONAL, 7238 IN PSECURITY_SUBJECT_CONTEXT SubjectContext OPTIONAL, 7239 IN PFILTER_REPORT_CHANGE FilterCallback OPTIONAL); 7240 7241 NTKERNELAPI 7242 NTSTATUS 7243 NTAPI 7244 FsRtlInsertPerStreamContext( 7245 IN PFSRTL_ADVANCED_FCB_HEADER PerStreamContext, 7246 IN PFSRTL_PER_STREAM_CONTEXT Ptr); 7247 7248 NTKERNELAPI 7249 PFSRTL_PER_STREAM_CONTEXT 7250 NTAPI 7251 FsRtlLookupPerStreamContextInternal( 7252 IN PFSRTL_ADVANCED_FCB_HEADER StreamContext, 7253 IN PVOID OwnerId OPTIONAL, 7254 IN PVOID InstanceId OPTIONAL); 7255 7256 NTKERNELAPI 7257 PFSRTL_PER_STREAM_CONTEXT 7258 NTAPI 7259 FsRtlRemovePerStreamContext( 7260 IN PFSRTL_ADVANCED_FCB_HEADER StreamContext, 7261 IN PVOID OwnerId OPTIONAL, 7262 IN PVOID InstanceId OPTIONAL); 7263 7264 NTKERNELAPI 7265 VOID 7266 NTAPI 7267 FsRtlIncrementCcFastReadNotPossible( 7268 VOID); 7269 7270 NTKERNELAPI 7271 VOID 7272 NTAPI 7273 FsRtlIncrementCcFastReadWait( 7274 VOID); 7275 7276 NTKERNELAPI 7277 VOID 7278 NTAPI 7279 FsRtlIncrementCcFastReadNoWait( 7280 VOID); 7281 7282 NTKERNELAPI 7283 VOID 7284 NTAPI 7285 FsRtlIncrementCcFastReadResourceMiss( 7286 VOID); 7287 7288 NTKERNELAPI 7289 LOGICAL 7290 NTAPI 7291 FsRtlIsPagingFile( 7292 IN PFILE_OBJECT FileObject); 7293 7294 #endif /* (NTDDI_VERSION >= NTDDI_WINXP) */ 7295 7296 #if (NTDDI_VERSION >= NTDDI_WS03) 7297 7298 NTKERNELAPI 7299 VOID 7300 NTAPI 7301 FsRtlInitializeBaseMcb( 7302 IN PBASE_MCB Mcb, 7303 IN POOL_TYPE PoolType); 7304 7305 NTKERNELAPI 7306 VOID 7307 NTAPI 7308 FsRtlUninitializeBaseMcb( 7309 IN PBASE_MCB Mcb); 7310 7311 NTKERNELAPI 7312 VOID 7313 NTAPI 7314 FsRtlResetBaseMcb( 7315 IN PBASE_MCB Mcb); 7316 7317 NTKERNELAPI 7318 VOID 7319 NTAPI 7320 FsRtlTruncateBaseMcb( 7321 IN PBASE_MCB Mcb, 7322 IN LONGLONG Vbn); 7323 7324 NTKERNELAPI 7325 BOOLEAN 7326 NTAPI 7327 FsRtlAddBaseMcbEntry( 7328 IN PBASE_MCB Mcb, 7329 IN LONGLONG Vbn, 7330 IN LONGLONG Lbn, 7331 IN LONGLONG SectorCount); 7332 7333 NTKERNELAPI 7334 BOOLEAN 7335 NTAPI 7336 FsRtlRemoveBaseMcbEntry( 7337 IN PBASE_MCB Mcb, 7338 IN LONGLONG Vbn, 7339 IN LONGLONG SectorCount); 7340 7341 NTKERNELAPI 7342 BOOLEAN 7343 NTAPI 7344 FsRtlLookupBaseMcbEntry( 7345 IN PBASE_MCB Mcb, 7346 IN LONGLONG Vbn, 7347 OUT PLONGLONG Lbn OPTIONAL, 7348 OUT PLONGLONG SectorCountFromLbn OPTIONAL, 7349 OUT PLONGLONG StartingLbn OPTIONAL, 7350 OUT PLONGLONG SectorCountFromStartingLbn OPTIONAL, 7351 OUT PULONG Index OPTIONAL); 7352 7353 NTKERNELAPI 7354 BOOLEAN 7355 NTAPI 7356 FsRtlLookupLastBaseMcbEntry( 7357 IN PBASE_MCB Mcb, 7358 OUT PLONGLONG Vbn, 7359 OUT PLONGLONG Lbn); 7360 7361 NTKERNELAPI 7362 BOOLEAN 7363 NTAPI 7364 FsRtlLookupLastBaseMcbEntryAndIndex( 7365 IN PBASE_MCB OpaqueMcb, 7366 IN OUT PLONGLONG LargeVbn, 7367 IN OUT PLONGLONG LargeLbn, 7368 IN OUT PULONG Index); 7369 7370 NTKERNELAPI 7371 ULONG 7372 NTAPI 7373 FsRtlNumberOfRunsInBaseMcb( 7374 IN PBASE_MCB Mcb); 7375 7376 NTKERNELAPI 7377 BOOLEAN 7378 NTAPI 7379 FsRtlGetNextBaseMcbEntry( 7380 IN PBASE_MCB Mcb, 7381 IN ULONG RunIndex, 7382 OUT PLONGLONG Vbn, 7383 OUT PLONGLONG Lbn, 7384 OUT PLONGLONG SectorCount); 7385 7386 NTKERNELAPI 7387 BOOLEAN 7388 NTAPI 7389 FsRtlSplitBaseMcb( 7390 IN PBASE_MCB Mcb, 7391 IN LONGLONG Vbn, 7392 IN LONGLONG Amount); 7393 7394 #endif /* (NTDDI_VERSION >= NTDDI_WS03) */ 7395 7396 #if (NTDDI_VERSION >= NTDDI_VISTA) 7397 7398 BOOLEAN 7399 NTAPI 7400 FsRtlInitializeBaseMcbEx( 7401 IN PBASE_MCB Mcb, 7402 IN POOL_TYPE PoolType, 7403 IN USHORT Flags); 7404 7405 NTSTATUS 7406 NTAPI 7407 FsRtlAddBaseMcbEntryEx( 7408 IN PBASE_MCB Mcb, 7409 IN LONGLONG Vbn, 7410 IN LONGLONG Lbn, 7411 IN LONGLONG SectorCount); 7412 7413 NTKERNELAPI 7414 BOOLEAN 7415 NTAPI 7416 FsRtlCurrentOplock( 7417 IN POPLOCK Oplock); 7418 7419 NTKERNELAPI 7420 NTSTATUS 7421 NTAPI 7422 FsRtlOplockBreakToNone( 7423 IN OUT POPLOCK Oplock, 7424 IN PIO_STACK_LOCATION IrpSp OPTIONAL, 7425 IN PIRP Irp, 7426 IN PVOID Context OPTIONAL, 7427 IN POPLOCK_WAIT_COMPLETE_ROUTINE CompletionRoutine OPTIONAL, 7428 IN POPLOCK_FS_PREPOST_IRP PostIrpRoutine OPTIONAL); 7429 7430 NTKERNELAPI 7431 NTSTATUS 7432 NTAPI 7433 FsRtlNotifyVolumeEventEx( 7434 IN PFILE_OBJECT FileObject, 7435 IN ULONG EventCode, 7436 IN PTARGET_DEVICE_CUSTOM_NOTIFICATION Event); 7437 7438 NTKERNELAPI 7439 VOID 7440 NTAPI 7441 FsRtlNotifyCleanupAll( 7442 IN PNOTIFY_SYNC NotifySync, 7443 IN PLIST_ENTRY NotifyList); 7444 7445 NTSTATUS 7446 NTAPI 7447 FsRtlRegisterUncProviderEx( 7448 OUT PHANDLE MupHandle, 7449 IN PUNICODE_STRING RedirDevName, 7450 IN PDEVICE_OBJECT DeviceObject, 7451 IN ULONG Flags); 7452 7453 NTKERNELAPI 7454 NTSTATUS 7455 NTAPI 7456 FsRtlCancellableWaitForSingleObject( 7457 IN PVOID Object, 7458 IN PLARGE_INTEGER Timeout OPTIONAL, 7459 IN PIRP Irp OPTIONAL); 7460 7461 NTKERNELAPI 7462 NTSTATUS 7463 NTAPI 7464 FsRtlCancellableWaitForMultipleObjects( 7465 IN ULONG Count, 7466 IN PVOID ObjectArray[], 7467 IN WAIT_TYPE WaitType, 7468 IN PLARGE_INTEGER Timeout OPTIONAL, 7469 IN PKWAIT_BLOCK WaitBlockArray OPTIONAL, 7470 IN PIRP Irp OPTIONAL); 7471 7472 NTKERNELAPI 7473 NTSTATUS 7474 NTAPI 7475 FsRtlMupGetProviderInfoFromFileObject( 7476 IN PFILE_OBJECT pFileObject, 7477 IN ULONG Level, 7478 OUT PVOID pBuffer, 7479 IN OUT PULONG pBufferSize); 7480 7481 NTKERNELAPI 7482 NTSTATUS 7483 NTAPI 7484 FsRtlMupGetProviderIdFromName( 7485 IN PUNICODE_STRING pProviderName, 7486 OUT PULONG32 pProviderId); 7487 7488 NTKERNELAPI 7489 VOID 7490 NTAPI 7491 FsRtlIncrementCcFastMdlReadWait( 7492 VOID); 7493 7494 NTKERNELAPI 7495 NTSTATUS 7496 NTAPI 7497 FsRtlValidateReparsePointBuffer( 7498 IN ULONG BufferLength, 7499 IN PREPARSE_DATA_BUFFER ReparseBuffer); 7500 7501 NTKERNELAPI 7502 NTSTATUS 7503 NTAPI 7504 FsRtlRemoveDotsFromPath( 7505 IN OUT PWSTR OriginalString, 7506 IN USHORT PathLength, 7507 OUT USHORT *NewLength); 7508 7509 NTKERNELAPI 7510 NTSTATUS 7511 NTAPI 7512 FsRtlAllocateExtraCreateParameterList( 7513 IN FSRTL_ALLOCATE_ECPLIST_FLAGS Flags, 7514 OUT PECP_LIST *EcpList); 7515 7516 NTKERNELAPI 7517 VOID 7518 NTAPI 7519 FsRtlFreeExtraCreateParameterList( 7520 IN PECP_LIST EcpList); 7521 7522 NTKERNELAPI 7523 NTSTATUS 7524 NTAPI 7525 FsRtlAllocateExtraCreateParameter( 7526 IN LPCGUID EcpType, 7527 IN ULONG SizeOfContext, 7528 IN FSRTL_ALLOCATE_ECP_FLAGS Flags, 7529 IN PFSRTL_EXTRA_CREATE_PARAMETER_CLEANUP_CALLBACK CleanupCallback OPTIONAL, 7530 IN ULONG PoolTag, 7531 OUT PVOID *EcpContext); 7532 7533 NTKERNELAPI 7534 VOID 7535 NTAPI 7536 FsRtlFreeExtraCreateParameter( 7537 IN PVOID EcpContext); 7538 7539 NTKERNELAPI 7540 VOID 7541 NTAPI 7542 FsRtlInitExtraCreateParameterLookasideList( 7543 IN OUT PVOID Lookaside, 7544 IN FSRTL_ECP_LOOKASIDE_FLAGS Flags, 7545 IN SIZE_T Size, 7546 IN ULONG Tag); 7547 7548 VOID 7549 NTAPI 7550 FsRtlDeleteExtraCreateParameterLookasideList( 7551 IN OUT PVOID Lookaside, 7552 IN FSRTL_ECP_LOOKASIDE_FLAGS Flags); 7553 7554 NTKERNELAPI 7555 NTSTATUS 7556 NTAPI 7557 FsRtlAllocateExtraCreateParameterFromLookasideList( 7558 IN LPCGUID EcpType, 7559 IN ULONG SizeOfContext, 7560 IN FSRTL_ALLOCATE_ECP_FLAGS Flags, 7561 IN PFSRTL_EXTRA_CREATE_PARAMETER_CLEANUP_CALLBACK CleanupCallback OPTIONAL, 7562 IN OUT PVOID LookasideList, 7563 OUT PVOID *EcpContext); 7564 7565 NTKERNELAPI 7566 NTSTATUS 7567 NTAPI 7568 FsRtlInsertExtraCreateParameter( 7569 IN OUT PECP_LIST EcpList, 7570 IN OUT PVOID EcpContext); 7571 7572 NTKERNELAPI 7573 NTSTATUS 7574 NTAPI 7575 FsRtlFindExtraCreateParameter( 7576 IN PECP_LIST EcpList, 7577 IN LPCGUID EcpType, 7578 OUT PVOID *EcpContext OPTIONAL, 7579 OUT ULONG *EcpContextSize OPTIONAL); 7580 7581 NTKERNELAPI 7582 NTSTATUS 7583 NTAPI 7584 FsRtlRemoveExtraCreateParameter( 7585 IN OUT PECP_LIST EcpList, 7586 IN LPCGUID EcpType, 7587 OUT PVOID *EcpContext, 7588 OUT ULONG *EcpContextSize OPTIONAL); 7589 7590 NTKERNELAPI 7591 NTSTATUS 7592 NTAPI 7593 FsRtlGetEcpListFromIrp( 7594 IN PIRP Irp, 7595 OUT PECP_LIST *EcpList OPTIONAL); 7596 7597 NTKERNELAPI 7598 NTSTATUS 7599 NTAPI 7600 FsRtlSetEcpListIntoIrp( 7601 IN OUT PIRP Irp, 7602 IN PECP_LIST EcpList); 7603 7604 NTKERNELAPI 7605 NTSTATUS 7606 NTAPI 7607 FsRtlGetNextExtraCreateParameter( 7608 IN PECP_LIST EcpList, 7609 IN PVOID CurrentEcpContext OPTIONAL, 7610 OUT LPGUID NextEcpType OPTIONAL, 7611 OUT PVOID *NextEcpContext OPTIONAL, 7612 OUT ULONG *NextEcpContextSize OPTIONAL); 7613 7614 NTKERNELAPI 7615 VOID 7616 NTAPI 7617 FsRtlAcknowledgeEcp( 7618 IN PVOID EcpContext); 7619 7620 NTKERNELAPI 7621 BOOLEAN 7622 NTAPI 7623 FsRtlIsEcpAcknowledged( 7624 IN PVOID EcpContext); 7625 7626 NTKERNELAPI 7627 BOOLEAN 7628 NTAPI 7629 FsRtlIsEcpFromUserMode( 7630 IN PVOID EcpContext); 7631 7632 NTKERNELAPI 7633 NTSTATUS 7634 NTAPI 7635 FsRtlChangeBackingFileObject( 7636 IN PFILE_OBJECT CurrentFileObject OPTIONAL, 7637 IN PFILE_OBJECT NewFileObject, 7638 IN FSRTL_CHANGE_BACKING_TYPE ChangeBackingType, 7639 IN ULONG Flags); 7640 7641 NTKERNELAPI 7642 NTSTATUS 7643 NTAPI 7644 FsRtlLogCcFlushError( 7645 IN PUNICODE_STRING FileName, 7646 IN PDEVICE_OBJECT DeviceObject, 7647 IN PSECTION_OBJECT_POINTERS SectionObjectPointer, 7648 IN NTSTATUS FlushError, 7649 IN ULONG Flags); 7650 7651 NTKERNELAPI 7652 BOOLEAN 7653 NTAPI 7654 FsRtlAreVolumeStartupApplicationsComplete( 7655 VOID); 7656 7657 NTKERNELAPI 7658 ULONG 7659 NTAPI 7660 FsRtlQueryMaximumVirtualDiskNestingLevel( 7661 VOID); 7662 7663 NTKERNELAPI 7664 NTSTATUS 7665 NTAPI 7666 FsRtlGetVirtualDiskNestingLevel( 7667 IN PDEVICE_OBJECT DeviceObject, 7668 OUT PULONG NestingLevel, 7669 OUT PULONG NestingFlags OPTIONAL); 7670 7671 #endif /* (NTDDI_VERSION >= NTDDI_VISTA) */ 7672 7673 #if (NTDDI_VERSION >= NTDDI_VISTASP1) 7674 NTKERNELAPI 7675 NTSTATUS 7676 NTAPI 7677 FsRtlCheckOplockEx( 7678 IN POPLOCK Oplock, 7679 IN PIRP Irp, 7680 IN ULONG Flags, 7681 IN PVOID Context OPTIONAL, 7682 IN POPLOCK_WAIT_COMPLETE_ROUTINE CompletionRoutine OPTIONAL, 7683 IN POPLOCK_FS_PREPOST_IRP PostIrpRoutine OPTIONAL); 7684 7685 #endif 7686 7687 #if (NTDDI_VERSION >= NTDDI_WIN7) 7688 7689 NTKERNELAPI 7690 BOOLEAN 7691 NTAPI 7692 FsRtlAreThereCurrentOrInProgressFileLocks( 7693 IN PFILE_LOCK FileLock); 7694 7695 NTKERNELAPI 7696 BOOLEAN 7697 NTAPI 7698 FsRtlOplockIsSharedRequest( 7699 IN PIRP Irp); 7700 7701 NTKERNELAPI 7702 NTSTATUS 7703 NTAPI 7704 FsRtlOplockBreakH( 7705 IN POPLOCK Oplock, 7706 IN PIRP Irp, 7707 IN ULONG Flags, 7708 IN PVOID Context OPTIONAL, 7709 IN POPLOCK_WAIT_COMPLETE_ROUTINE CompletionRoutine OPTIONAL, 7710 IN POPLOCK_FS_PREPOST_IRP PostIrpRoutine OPTIONAL); 7711 7712 NTKERNELAPI 7713 BOOLEAN 7714 NTAPI 7715 FsRtlCurrentOplockH( 7716 IN POPLOCK Oplock); 7717 7718 NTKERNELAPI 7719 NTSTATUS 7720 NTAPI 7721 FsRtlOplockBreakToNoneEx( 7722 IN OUT POPLOCK Oplock, 7723 IN PIRP Irp, 7724 IN ULONG Flags, 7725 IN PVOID Context OPTIONAL, 7726 IN POPLOCK_WAIT_COMPLETE_ROUTINE CompletionRoutine OPTIONAL, 7727 IN POPLOCK_FS_PREPOST_IRP PostIrpRoutine OPTIONAL); 7728 7729 NTKERNELAPI 7730 NTSTATUS 7731 NTAPI 7732 FsRtlOplockFsctrlEx( 7733 IN POPLOCK Oplock, 7734 IN PIRP Irp, 7735 IN ULONG OpenCount, 7736 IN ULONG Flags); 7737 7738 NTKERNELAPI 7739 BOOLEAN 7740 NTAPI 7741 FsRtlOplockKeysEqual( 7742 IN PFILE_OBJECT Fo1 OPTIONAL, 7743 IN PFILE_OBJECT Fo2 OPTIONAL); 7744 7745 NTKERNELAPI 7746 NTSTATUS 7747 NTAPI 7748 FsRtlInitializeExtraCreateParameterList( 7749 IN OUT PECP_LIST EcpList); 7750 7751 NTKERNELAPI 7752 VOID 7753 NTAPI 7754 FsRtlInitializeExtraCreateParameter( 7755 IN PECP_HEADER Ecp, 7756 IN ULONG EcpFlags, 7757 IN PFSRTL_EXTRA_CREATE_PARAMETER_CLEANUP_CALLBACK CleanupCallback OPTIONAL, 7758 IN ULONG TotalSize, 7759 IN LPCGUID EcpType, 7760 IN PVOID ListAllocatedFrom OPTIONAL); 7761 7762 #endif /* (NTDDI_VERSION >= NTDDI_WIN7) */ 7763 7764 NTKERNELAPI 7765 NTSTATUS 7766 NTAPI 7767 FsRtlInsertPerFileContext( 7768 IN PVOID* PerFileContextPointer, 7769 IN PFSRTL_PER_FILE_CONTEXT Ptr); 7770 7771 NTKERNELAPI 7772 PFSRTL_PER_FILE_CONTEXT 7773 NTAPI 7774 FsRtlLookupPerFileContext( 7775 IN PVOID* PerFileContextPointer, 7776 IN PVOID OwnerId OPTIONAL, 7777 IN PVOID InstanceId OPTIONAL); 7778 7779 NTKERNELAPI 7780 PFSRTL_PER_FILE_CONTEXT 7781 NTAPI 7782 FsRtlRemovePerFileContext( 7783 IN PVOID* PerFileContextPointer, 7784 IN PVOID OwnerId OPTIONAL, 7785 IN PVOID InstanceId OPTIONAL); 7786 7787 NTKERNELAPI 7788 VOID 7789 NTAPI 7790 FsRtlTeardownPerFileContexts( 7791 IN PVOID* PerFileContextPointer); 7792 7793 NTKERNELAPI 7794 NTSTATUS 7795 NTAPI 7796 FsRtlInsertPerFileObjectContext( 7797 IN PFILE_OBJECT FileObject, 7798 IN PFSRTL_PER_FILEOBJECT_CONTEXT Ptr); 7799 7800 NTKERNELAPI 7801 PFSRTL_PER_FILEOBJECT_CONTEXT 7802 NTAPI 7803 FsRtlLookupPerFileObjectContext( 7804 IN PFILE_OBJECT FileObject, 7805 IN PVOID OwnerId OPTIONAL, 7806 IN PVOID InstanceId OPTIONAL); 7807 7808 NTKERNELAPI 7809 PFSRTL_PER_FILEOBJECT_CONTEXT 7810 NTAPI 7811 FsRtlRemovePerFileObjectContext( 7812 IN PFILE_OBJECT FileObject, 7813 IN PVOID OwnerId OPTIONAL, 7814 IN PVOID InstanceId OPTIONAL); 7815 7816 #define FsRtlFastLock(A1, A2, A3, A4, A5, A6, A7, A8, A9, A10, A11) ( \ 7817 FsRtlPrivateLock(A1, A2, A3, A4, A5, A6, A7, A8, A9, NULL, A10, A11) \ 7818 ) 7819 7820 #define FsRtlAreThereCurrentFileLocks(FL) ( \ 7821 ((FL)->FastIoIsQuestionable) \ 7822 ) 7823 7824 #define FsRtlIncrementLockRequestsInProgress(FL) { \ 7825 ASSERT( (FL)->LockRequestsInProgress >= 0 ); \ 7826 (void) \ 7827 (InterlockedIncrement((LONG volatile *)&((FL)->LockRequestsInProgress)));\ 7828 } 7829 7830 #define FsRtlDecrementLockRequestsInProgress(FL) { \ 7831 ASSERT( (FL)->LockRequestsInProgress > 0 ); \ 7832 (void) \ 7833 (InterlockedDecrement((LONG volatile *)&((FL)->LockRequestsInProgress)));\ 7834 } 7835 7836 /* GCC compatible definition, MS one is retarded */ 7837 extern NTKERNELAPI const UCHAR * const FsRtlLegalAnsiCharacterArray; 7838 #define LEGAL_ANSI_CHARACTER_ARRAY FsRtlLegalAnsiCharacterArray 7839 7840 #define FsRtlIsAnsiCharacterWild(C) ( \ 7841 FlagOn(FsRtlLegalAnsiCharacterArray[(UCHAR)(C)], FSRTL_WILD_CHARACTER ) \ 7842 ) 7843 7844 #define FsRtlIsAnsiCharacterLegalFat(C, WILD) ( \ 7845 FlagOn(FsRtlLegalAnsiCharacterArray[(UCHAR)(C)], (FSRTL_FAT_LEGAL) | \ 7846 ((WILD) ? FSRTL_WILD_CHARACTER : 0 )) \ 7847 ) 7848 7849 #define FsRtlIsAnsiCharacterLegalHpfs(C, WILD) ( \ 7850 FlagOn(FsRtlLegalAnsiCharacterArray[(UCHAR)(C)], (FSRTL_HPFS_LEGAL) | \ 7851 ((WILD) ? FSRTL_WILD_CHARACTER : 0 )) \ 7852 ) 7853 7854 #define FsRtlIsAnsiCharacterLegalNtfs(C, WILD) ( \ 7855 FlagOn(FsRtlLegalAnsiCharacterArray[(UCHAR)(C)], (FSRTL_NTFS_LEGAL) | \ 7856 ((WILD) ? FSRTL_WILD_CHARACTER : 0 )) \ 7857 ) 7858 7859 #define FsRtlIsAnsiCharacterLegalNtfsStream(C,WILD_OK) ( \ 7860 FsRtlTestAnsiCharacter((C), TRUE, (WILD_OK), FSRTL_NTFS_STREAM_LEGAL) \ 7861 ) 7862 7863 #define FsRtlIsAnsiCharacterLegal(C,FLAGS) ( \ 7864 FsRtlTestAnsiCharacter((C), TRUE, FALSE, (FLAGS)) \ 7865 ) 7866 7867 #define FsRtlTestAnsiCharacter(C, DEFAULT_RET, WILD_OK, FLAGS) ( \ 7868 ((SCHAR)(C) < 0) ? DEFAULT_RET : \ 7869 FlagOn( LEGAL_ANSI_CHARACTER_ARRAY[(C)], \ 7870 (FLAGS) | \ 7871 ((WILD_OK) ? FSRTL_WILD_CHARACTER : 0) ) \ 7872 ) 7873 7874 #define FsRtlIsLeadDbcsCharacter(DBCS_CHAR) ( \ 7875 (BOOLEAN)((UCHAR)(DBCS_CHAR) < 0x80 ? FALSE : \ 7876 (NLS_MB_CODE_PAGE_TAG && \ 7877 (NLS_OEM_LEAD_BYTE_INFO[(UCHAR)(DBCS_CHAR)] != 0))) \ 7878 ) 7879 7880 #define FsRtlIsUnicodeCharacterWild(C) ( \ 7881 (((C) >= 0x40) ? \ 7882 FALSE : \ 7883 FlagOn(FsRtlLegalAnsiCharacterArray[(C)], FSRTL_WILD_CHARACTER )) \ 7884 ) 7885 7886 #define FsRtlInitPerFileContext( _fc, _owner, _inst, _cb) \ 7887 ((_fc)->OwnerId = (_owner), \ 7888 (_fc)->InstanceId = (_inst), \ 7889 (_fc)->FreeCallback = (_cb)) 7890 7891 #define FsRtlGetPerFileContextPointer(_fo) \ 7892 (FsRtlSupportsPerFileContexts(_fo) ? \ 7893 FsRtlGetPerStreamContextPointer(_fo)->FileContextSupportPointer : \ 7894 NULL) 7895 7896 #define FsRtlSupportsPerFileContexts(_fo) \ 7897 ((FsRtlGetPerStreamContextPointer(_fo) != NULL) && \ 7898 (FsRtlGetPerStreamContextPointer(_fo)->Version >= FSRTL_FCB_HEADER_V1) && \ 7899 (FsRtlGetPerStreamContextPointer(_fo)->FileContextSupportPointer != NULL)) 7900 7901 #define FsRtlSetupAdvancedHeaderEx( _advhdr, _fmutx, _fctxptr ) \ 7902 { \ 7903 FsRtlSetupAdvancedHeader( _advhdr, _fmutx ); \ 7904 if ((_fctxptr) != NULL) { \ 7905 (_advhdr)->FileContextSupportPointer = (_fctxptr); \ 7906 } \ 7907 } 7908 7909 #define FsRtlGetPerStreamContextPointer(FO) ( \ 7910 (PFSRTL_ADVANCED_FCB_HEADER)(FO)->FsContext \ 7911 ) 7912 7913 #define FsRtlInitPerStreamContext(PSC, O, I, FC) ( \ 7914 (PSC)->OwnerId = (O), \ 7915 (PSC)->InstanceId = (I), \ 7916 (PSC)->FreeCallback = (FC) \ 7917 ) 7918 7919 #define FsRtlSupportsPerStreamContexts(FO) ( \ 7920 (BOOLEAN)((NULL != FsRtlGetPerStreamContextPointer(FO) && \ 7921 FlagOn(FsRtlGetPerStreamContextPointer(FO)->Flags2, \ 7922 FSRTL_FLAG2_SUPPORTS_FILTER_CONTEXTS)) \ 7923 ) 7924 7925 #define FsRtlLookupPerStreamContext(_sc, _oid, _iid) \ 7926 (((NULL != (_sc)) && \ 7927 FlagOn((_sc)->Flags2,FSRTL_FLAG2_SUPPORTS_FILTER_CONTEXTS) && \ 7928 !IsListEmpty(&(_sc)->FilterContexts)) ? \ 7929 FsRtlLookupPerStreamContextInternal((_sc), (_oid), (_iid)) : \ 7930 NULL) 7931 7932 FORCEINLINE 7933 VOID 7934 NTAPI 7935 FsRtlSetupAdvancedHeader( 7936 IN PVOID AdvHdr, 7937 IN PFAST_MUTEX FMutex ) 7938 { 7939 PFSRTL_ADVANCED_FCB_HEADER localAdvHdr = (PFSRTL_ADVANCED_FCB_HEADER)AdvHdr; 7940 7941 localAdvHdr->Flags |= FSRTL_FLAG_ADVANCED_HEADER; 7942 localAdvHdr->Flags2 |= FSRTL_FLAG2_SUPPORTS_FILTER_CONTEXTS; 7943 #if (NTDDI_VERSION >= NTDDI_VISTA) 7944 localAdvHdr->Version = FSRTL_FCB_HEADER_V1; 7945 #else 7946 localAdvHdr->Version = FSRTL_FCB_HEADER_V0; 7947 #endif 7948 InitializeListHead( &localAdvHdr->FilterContexts ); 7949 if (FMutex != NULL) { 7950 localAdvHdr->FastMutex = FMutex; 7951 } 7952 #if (NTDDI_VERSION >= NTDDI_VISTA) 7953 *((PULONG_PTR)(&localAdvHdr->PushLock)) = 0; 7954 localAdvHdr->FileContextSupportPointer = NULL; 7955 #endif 7956 } 7957 7958 #define FsRtlInitPerFileObjectContext(_fc, _owner, _inst) \ 7959 ((_fc)->OwnerId = (_owner), (_fc)->InstanceId = (_inst)) 7960 7961 #define FsRtlCompleteRequest(IRP,STATUS) { \ 7962 (IRP)->IoStatus.Status = (STATUS); \ 7963 IoCompleteRequest( (IRP), IO_DISK_INCREMENT ); \ 7964 } 7965 /* Common Cache Types */ 7966 7967 #define VACB_MAPPING_GRANULARITY (0x40000) 7968 #define VACB_OFFSET_SHIFT (18) 7969 7970 typedef struct _PUBLIC_BCB { 7971 CSHORT NodeTypeCode; 7972 CSHORT NodeByteSize; 7973 ULONG MappedLength; 7974 LARGE_INTEGER MappedFileOffset; 7975 } PUBLIC_BCB, *PPUBLIC_BCB; 7976 7977 typedef struct _CC_FILE_SIZES { 7978 LARGE_INTEGER AllocationSize; 7979 LARGE_INTEGER FileSize; 7980 LARGE_INTEGER ValidDataLength; 7981 } CC_FILE_SIZES, *PCC_FILE_SIZES; 7982 7983 typedef BOOLEAN 7984 (NTAPI *PACQUIRE_FOR_LAZY_WRITE) ( 7985 IN PVOID Context, 7986 IN BOOLEAN Wait); 7987 7988 typedef VOID 7989 (NTAPI *PRELEASE_FROM_LAZY_WRITE) ( 7990 IN PVOID Context); 7991 7992 typedef BOOLEAN 7993 (NTAPI *PACQUIRE_FOR_READ_AHEAD) ( 7994 IN PVOID Context, 7995 IN BOOLEAN Wait); 7996 7997 typedef VOID 7998 (NTAPI *PRELEASE_FROM_READ_AHEAD) ( 7999 IN PVOID Context); 8000 8001 typedef struct _CACHE_MANAGER_CALLBACKS { 8002 PACQUIRE_FOR_LAZY_WRITE AcquireForLazyWrite; 8003 PRELEASE_FROM_LAZY_WRITE ReleaseFromLazyWrite; 8004 PACQUIRE_FOR_READ_AHEAD AcquireForReadAhead; 8005 PRELEASE_FROM_READ_AHEAD ReleaseFromReadAhead; 8006 } CACHE_MANAGER_CALLBACKS, *PCACHE_MANAGER_CALLBACKS; 8007 8008 typedef struct _CACHE_UNINITIALIZE_EVENT { 8009 struct _CACHE_UNINITIALIZE_EVENT *Next; 8010 KEVENT Event; 8011 } CACHE_UNINITIALIZE_EVENT, *PCACHE_UNINITIALIZE_EVENT; 8012 8013 typedef VOID 8014 (NTAPI *PDIRTY_PAGE_ROUTINE) ( 8015 IN PFILE_OBJECT FileObject, 8016 IN PLARGE_INTEGER FileOffset, 8017 IN ULONG Length, 8018 IN PLARGE_INTEGER OldestLsn, 8019 IN PLARGE_INTEGER NewestLsn, 8020 IN PVOID Context1, 8021 IN PVOID Context2); 8022 8023 typedef VOID 8024 (NTAPI *PFLUSH_TO_LSN) ( 8025 IN PVOID LogHandle, 8026 IN LARGE_INTEGER Lsn); 8027 8028 typedef VOID 8029 (NTAPI *PCC_POST_DEFERRED_WRITE) ( 8030 IN PVOID Context1, 8031 IN PVOID Context2); 8032 8033 #define UNINITIALIZE_CACHE_MAPS (1) 8034 #define DO_NOT_RETRY_PURGE (2) 8035 #define DO_NOT_PURGE_DIRTY_PAGES (0x4) 8036 8037 #define CC_FLUSH_AND_PURGE_NO_PURGE (0x1) 8038 /* Common Cache Functions */ 8039 8040 #define CcIsFileCached(FO) ( \ 8041 ((FO)->SectionObjectPointer != NULL) && \ 8042 (((PSECTION_OBJECT_POINTERS)(FO)->SectionObjectPointer)->SharedCacheMap != NULL) \ 8043 ) 8044 8045 extern ULONG CcFastMdlReadWait; 8046 8047 #if (NTDDI_VERSION >= NTDDI_WIN2K) 8048 8049 NTKERNELAPI 8050 VOID 8051 NTAPI 8052 CcInitializeCacheMap( 8053 IN PFILE_OBJECT FileObject, 8054 IN PCC_FILE_SIZES FileSizes, 8055 IN BOOLEAN PinAccess, 8056 IN PCACHE_MANAGER_CALLBACKS Callbacks, 8057 IN PVOID LazyWriteContext); 8058 8059 NTKERNELAPI 8060 BOOLEAN 8061 NTAPI 8062 CcUninitializeCacheMap( 8063 IN PFILE_OBJECT FileObject, 8064 IN PLARGE_INTEGER TruncateSize OPTIONAL, 8065 IN PCACHE_UNINITIALIZE_EVENT UninitializeCompleteEvent OPTIONAL); 8066 8067 NTKERNELAPI 8068 VOID 8069 NTAPI 8070 CcSetFileSizes( 8071 IN PFILE_OBJECT FileObject, 8072 IN PCC_FILE_SIZES FileSizes); 8073 8074 NTKERNELAPI 8075 VOID 8076 NTAPI 8077 CcSetDirtyPageThreshold( 8078 IN PFILE_OBJECT FileObject, 8079 IN ULONG DirtyPageThreshold); 8080 8081 NTKERNELAPI 8082 VOID 8083 NTAPI 8084 CcFlushCache( 8085 IN PSECTION_OBJECT_POINTERS SectionObjectPointer, 8086 IN PLARGE_INTEGER FileOffset OPTIONAL, 8087 IN ULONG Length, 8088 OUT PIO_STATUS_BLOCK IoStatus OPTIONAL); 8089 8090 NTKERNELAPI 8091 LARGE_INTEGER 8092 NTAPI 8093 CcGetFlushedValidData( 8094 IN PSECTION_OBJECT_POINTERS SectionObjectPointer, 8095 IN BOOLEAN BcbListHeld); 8096 8097 NTKERNELAPI 8098 BOOLEAN 8099 NTAPI 8100 CcZeroData( 8101 IN PFILE_OBJECT FileObject, 8102 IN PLARGE_INTEGER StartOffset, 8103 IN PLARGE_INTEGER EndOffset, 8104 IN BOOLEAN Wait); 8105 8106 NTKERNELAPI 8107 PVOID 8108 NTAPI 8109 CcRemapBcb( 8110 IN PVOID Bcb); 8111 8112 NTKERNELAPI 8113 VOID 8114 NTAPI 8115 CcRepinBcb( 8116 IN PVOID Bcb); 8117 8118 NTKERNELAPI 8119 VOID 8120 NTAPI 8121 CcUnpinRepinnedBcb( 8122 IN PVOID Bcb, 8123 IN BOOLEAN WriteThrough, 8124 OUT PIO_STATUS_BLOCK IoStatus); 8125 8126 NTKERNELAPI 8127 PFILE_OBJECT 8128 NTAPI 8129 CcGetFileObjectFromSectionPtrs( 8130 IN PSECTION_OBJECT_POINTERS SectionObjectPointer); 8131 8132 NTKERNELAPI 8133 PFILE_OBJECT 8134 NTAPI 8135 CcGetFileObjectFromBcb( 8136 IN PVOID Bcb); 8137 8138 NTKERNELAPI 8139 BOOLEAN 8140 NTAPI 8141 CcCanIWrite( 8142 IN PFILE_OBJECT FileObject, 8143 IN ULONG BytesToWrite, 8144 IN BOOLEAN Wait, 8145 IN BOOLEAN Retrying); 8146 8147 NTKERNELAPI 8148 VOID 8149 NTAPI 8150 CcDeferWrite( 8151 IN PFILE_OBJECT FileObject, 8152 IN PCC_POST_DEFERRED_WRITE PostRoutine, 8153 IN PVOID Context1, 8154 IN PVOID Context2, 8155 IN ULONG BytesToWrite, 8156 IN BOOLEAN Retrying); 8157 8158 NTKERNELAPI 8159 BOOLEAN 8160 NTAPI 8161 CcCopyRead( 8162 IN PFILE_OBJECT FileObject, 8163 IN PLARGE_INTEGER FileOffset, 8164 IN ULONG Length, 8165 IN BOOLEAN Wait, 8166 OUT PVOID Buffer, 8167 OUT PIO_STATUS_BLOCK IoStatus); 8168 8169 NTKERNELAPI 8170 VOID 8171 NTAPI 8172 CcFastCopyRead( 8173 IN PFILE_OBJECT FileObject, 8174 IN ULONG FileOffset, 8175 IN ULONG Length, 8176 IN ULONG PageCount, 8177 OUT PVOID Buffer, 8178 OUT PIO_STATUS_BLOCK IoStatus); 8179 8180 NTKERNELAPI 8181 BOOLEAN 8182 NTAPI 8183 CcCopyWrite( 8184 IN PFILE_OBJECT FileObject, 8185 IN PLARGE_INTEGER FileOffset, 8186 IN ULONG Length, 8187 IN BOOLEAN Wait, 8188 IN PVOID Buffer); 8189 8190 NTKERNELAPI 8191 VOID 8192 NTAPI 8193 CcFastCopyWrite( 8194 IN PFILE_OBJECT FileObject, 8195 IN ULONG FileOffset, 8196 IN ULONG Length, 8197 IN PVOID Buffer); 8198 8199 NTKERNELAPI 8200 VOID 8201 NTAPI 8202 CcMdlRead( 8203 IN PFILE_OBJECT FileObject, 8204 IN PLARGE_INTEGER FileOffset, 8205 IN ULONG Length, 8206 OUT PMDL *MdlChain, 8207 OUT PIO_STATUS_BLOCK IoStatus); 8208 8209 NTKERNELAPI 8210 VOID 8211 NTAPI 8212 CcMdlReadComplete( 8213 IN PFILE_OBJECT FileObject, 8214 IN PMDL MdlChain); 8215 8216 NTKERNELAPI 8217 VOID 8218 NTAPI 8219 CcPrepareMdlWrite( 8220 IN PFILE_OBJECT FileObject, 8221 IN PLARGE_INTEGER FileOffset, 8222 IN ULONG Length, 8223 OUT PMDL *MdlChain, 8224 OUT PIO_STATUS_BLOCK IoStatus); 8225 8226 NTKERNELAPI 8227 VOID 8228 NTAPI 8229 CcMdlWriteComplete( 8230 IN PFILE_OBJECT FileObject, 8231 IN PLARGE_INTEGER FileOffset, 8232 IN PMDL MdlChain); 8233 8234 NTKERNELAPI 8235 VOID 8236 NTAPI 8237 CcScheduleReadAhead( 8238 IN PFILE_OBJECT FileObject, 8239 IN PLARGE_INTEGER FileOffset, 8240 IN ULONG Length); 8241 8242 NTKERNELAPI 8243 NTSTATUS 8244 NTAPI 8245 CcWaitForCurrentLazyWriterActivity( 8246 VOID); 8247 8248 NTKERNELAPI 8249 VOID 8250 NTAPI 8251 CcSetReadAheadGranularity( 8252 IN PFILE_OBJECT FileObject, 8253 IN ULONG Granularity); 8254 8255 NTKERNELAPI 8256 BOOLEAN 8257 NTAPI 8258 CcPinRead( 8259 IN PFILE_OBJECT FileObject, 8260 IN PLARGE_INTEGER FileOffset, 8261 IN ULONG Length, 8262 IN ULONG Flags, 8263 OUT PVOID *Bcb, 8264 OUT PVOID *Buffer); 8265 8266 NTKERNELAPI 8267 BOOLEAN 8268 NTAPI 8269 CcPinMappedData( 8270 IN PFILE_OBJECT FileObject, 8271 IN PLARGE_INTEGER FileOffset, 8272 IN ULONG Length, 8273 IN ULONG Flags, 8274 IN OUT PVOID *Bcb); 8275 8276 NTKERNELAPI 8277 BOOLEAN 8278 NTAPI 8279 CcPreparePinWrite( 8280 IN PFILE_OBJECT FileObject, 8281 IN PLARGE_INTEGER FileOffset, 8282 IN ULONG Length, 8283 IN BOOLEAN Zero, 8284 IN ULONG Flags, 8285 OUT PVOID *Bcb, 8286 OUT PVOID *Buffer); 8287 8288 NTKERNELAPI 8289 VOID 8290 NTAPI 8291 CcSetDirtyPinnedData( 8292 IN PVOID BcbVoid, 8293 IN PLARGE_INTEGER Lsn OPTIONAL); 8294 8295 NTKERNELAPI 8296 VOID 8297 NTAPI 8298 CcUnpinData( 8299 IN PVOID Bcb); 8300 8301 NTKERNELAPI 8302 VOID 8303 NTAPI 8304 CcSetBcbOwnerPointer( 8305 IN PVOID Bcb, 8306 IN PVOID OwnerPointer); 8307 8308 NTKERNELAPI 8309 VOID 8310 NTAPI 8311 CcUnpinDataForThread( 8312 IN PVOID Bcb, 8313 IN ERESOURCE_THREAD ResourceThreadId); 8314 8315 NTKERNELAPI 8316 VOID 8317 NTAPI 8318 CcSetAdditionalCacheAttributes( 8319 IN PFILE_OBJECT FileObject, 8320 IN BOOLEAN DisableReadAhead, 8321 IN BOOLEAN DisableWriteBehind); 8322 8323 NTKERNELAPI 8324 BOOLEAN 8325 NTAPI 8326 CcIsThereDirtyData( 8327 IN PVPB Vpb); 8328 8329 #endif /* (NTDDI_VERSION >= NTDDI_WIN2K) */ 8330 8331 #if (NTDDI_VERSION >= NTDDI_WINXP) 8332 8333 NTKERNELAPI 8334 VOID 8335 NTAPI 8336 CcMdlWriteAbort( 8337 IN PFILE_OBJECT FileObject, 8338 IN PMDL MdlChain); 8339 8340 NTKERNELAPI 8341 VOID 8342 NTAPI 8343 CcSetLogHandleForFile( 8344 IN PFILE_OBJECT FileObject, 8345 IN PVOID LogHandle, 8346 IN PFLUSH_TO_LSN FlushToLsnRoutine); 8347 8348 NTKERNELAPI 8349 LARGE_INTEGER 8350 NTAPI 8351 CcGetDirtyPages( 8352 IN PVOID LogHandle, 8353 IN PDIRTY_PAGE_ROUTINE DirtyPageRoutine, 8354 IN PVOID Context1, 8355 IN PVOID Context2); 8356 8357 #endif 8358 8359 #if (NTDDI_VERSION >= NTDDI_WINXP) 8360 NTKERNELAPI 8361 BOOLEAN 8362 NTAPI 8363 CcMapData( 8364 IN PFILE_OBJECT FileObject, 8365 IN PLARGE_INTEGER FileOffset, 8366 IN ULONG Length, 8367 IN ULONG Flags, 8368 OUT PVOID *Bcb, 8369 OUT PVOID *Buffer); 8370 #elif (NTDDI_VERSION >= NTDDI_WIN2K) 8371 NTKERNELAPI 8372 BOOLEAN 8373 NTAPI 8374 CcMapData( 8375 IN PFILE_OBJECT FileObject, 8376 IN PLARGE_INTEGER FileOffset, 8377 IN ULONG Length, 8378 IN BOOLEAN Wait, 8379 OUT PVOID *Bcb, 8380 OUT PVOID *Buffer); 8381 #endif 8382 8383 #if (NTDDI_VERSION >= NTDDI_VISTA) 8384 8385 NTKERNELAPI 8386 NTSTATUS 8387 NTAPI 8388 CcSetFileSizesEx( 8389 IN PFILE_OBJECT FileObject, 8390 IN PCC_FILE_SIZES FileSizes); 8391 8392 NTKERNELAPI 8393 PFILE_OBJECT 8394 NTAPI 8395 CcGetFileObjectFromSectionPtrsRef( 8396 IN PSECTION_OBJECT_POINTERS SectionObjectPointer); 8397 8398 NTKERNELAPI 8399 VOID 8400 NTAPI 8401 CcSetParallelFlushFile( 8402 IN PFILE_OBJECT FileObject, 8403 IN BOOLEAN EnableParallelFlush); 8404 8405 NTKERNELAPI 8406 BOOLEAN 8407 CcIsThereDirtyDataEx( 8408 IN PVPB Vpb, 8409 IN PULONG NumberOfDirtyPages OPTIONAL); 8410 8411 #endif 8412 8413 #if (NTDDI_VERSION >= NTDDI_WIN7) 8414 NTKERNELAPI 8415 VOID 8416 NTAPI 8417 CcCoherencyFlushAndPurgeCache( 8418 IN PSECTION_OBJECT_POINTERS SectionObjectPointer, 8419 IN PLARGE_INTEGER FileOffset OPTIONAL, 8420 IN ULONG Length, 8421 OUT PIO_STATUS_BLOCK IoStatus, 8422 IN ULONG Flags OPTIONAL); 8423 #endif 8424 8425 #define CcGetFileSizePointer(FO) ( \ 8426 ((PLARGE_INTEGER)((FO)->SectionObjectPointer->SharedCacheMap) + 1) \ 8427 ) 8428 8429 #if (NTDDI_VERSION >= NTDDI_VISTA) 8430 NTKERNELAPI 8431 BOOLEAN 8432 NTAPI 8433 CcPurgeCacheSection( 8434 IN PSECTION_OBJECT_POINTERS SectionObjectPointer, 8435 IN PLARGE_INTEGER FileOffset OPTIONAL, 8436 IN ULONG Length, 8437 IN ULONG Flags); 8438 #elif (NTDDI_VERSION >= NTDDI_WIN2K) 8439 NTKERNELAPI 8440 BOOLEAN 8441 NTAPI 8442 CcPurgeCacheSection( 8443 IN PSECTION_OBJECT_POINTERS SectionObjectPointer, 8444 IN PLARGE_INTEGER FileOffset OPTIONAL, 8445 IN ULONG Length, 8446 IN BOOLEAN UninitializeCacheMaps); 8447 #endif 8448 8449 #if (NTDDI_VERSION >= NTDDI_WIN7) 8450 NTKERNELAPI 8451 BOOLEAN 8452 NTAPI 8453 CcCopyWriteWontFlush( 8454 IN PFILE_OBJECT FileObject, 8455 IN PLARGE_INTEGER FileOffset, 8456 IN ULONG Length); 8457 #else 8458 #define CcCopyWriteWontFlush(FO, FOFF, LEN) ((LEN) <= 0x10000) 8459 #endif 8460 8461 #define CcReadAhead(FO, FOFF, LEN) ( \ 8462 if ((LEN) >= 256) { \ 8463 CcScheduleReadAhead((FO), (FOFF), (LEN)); \ 8464 } \ 8465 ) 8466 8467 8468 /****************************************************************************** 8469 * ZwXxx Functions * 8470 ******************************************************************************/ 8471 8472 NTSYSAPI 8473 NTSTATUS 8474 NTAPI 8475 ZwQueryEaFile( 8476 IN HANDLE FileHandle, 8477 OUT PIO_STATUS_BLOCK IoStatusBlock, 8478 OUT PVOID Buffer, 8479 IN ULONG Length, 8480 IN BOOLEAN ReturnSingleEntry, 8481 IN PVOID EaList OPTIONAL, 8482 IN ULONG EaListLength, 8483 IN PULONG EaIndex OPTIONAL, 8484 IN BOOLEAN RestartScan); 8485 8486 NTSYSAPI 8487 NTSTATUS 8488 NTAPI 8489 ZwSetEaFile( 8490 IN HANDLE FileHandle, 8491 OUT PIO_STATUS_BLOCK IoStatusBlock, 8492 OUT PVOID Buffer, 8493 IN ULONG Length); 8494 8495 NTSYSAPI 8496 NTSTATUS 8497 NTAPI 8498 ZwDuplicateToken( 8499 IN HANDLE ExistingTokenHandle, 8500 IN ACCESS_MASK DesiredAccess, 8501 IN POBJECT_ATTRIBUTES ObjectAttributes, 8502 IN BOOLEAN EffectiveOnly, 8503 IN TOKEN_TYPE TokenType, 8504 OUT PHANDLE NewTokenHandle); 8505 8506 #if (NTDDI_VERSION >= NTDDI_WIN2K) 8507 8508 NTSYSAPI 8509 NTSTATUS 8510 NTAPI 8511 ZwQueryObject( 8512 IN HANDLE Handle OPTIONAL, 8513 IN OBJECT_INFORMATION_CLASS ObjectInformationClass, 8514 OUT PVOID ObjectInformation OPTIONAL, 8515 IN ULONG ObjectInformationLength, 8516 OUT PULONG ReturnLength OPTIONAL); 8517 8518 NTSYSAPI 8519 NTSTATUS 8520 NTAPI 8521 ZwNotifyChangeKey( 8522 IN HANDLE KeyHandle, 8523 IN HANDLE EventHandle OPTIONAL, 8524 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL, 8525 IN PVOID ApcContext OPTIONAL, 8526 OUT PIO_STATUS_BLOCK IoStatusBlock, 8527 IN ULONG NotifyFilter, 8528 IN BOOLEAN WatchSubtree, 8529 OUT PVOID Buffer, 8530 IN ULONG BufferLength, 8531 IN BOOLEAN Asynchronous); 8532 8533 NTSYSAPI 8534 NTSTATUS 8535 NTAPI 8536 ZwCreateEvent( 8537 OUT PHANDLE EventHandle, 8538 IN ACCESS_MASK DesiredAccess, 8539 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, 8540 IN EVENT_TYPE EventType, 8541 IN BOOLEAN InitialState); 8542 8543 NTSYSAPI 8544 NTSTATUS 8545 NTAPI 8546 ZwDeleteFile( 8547 IN POBJECT_ATTRIBUTES ObjectAttributes); 8548 8549 NTSYSAPI 8550 NTSTATUS 8551 NTAPI 8552 ZwQueryDirectoryFile( 8553 IN HANDLE FileHandle, 8554 IN HANDLE Event OPTIONAL, 8555 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL, 8556 IN PVOID ApcContext OPTIONAL, 8557 OUT PIO_STATUS_BLOCK IoStatusBlock, 8558 OUT PVOID FileInformation, 8559 IN ULONG Length, 8560 IN FILE_INFORMATION_CLASS FileInformationClass, 8561 IN BOOLEAN ReturnSingleEntry, 8562 IN PUNICODE_STRING FileName OPTIONAL, 8563 IN BOOLEAN RestartScan); 8564 8565 NTSYSAPI 8566 NTSTATUS 8567 NTAPI 8568 ZwSetVolumeInformationFile( 8569 IN HANDLE FileHandle, 8570 OUT PIO_STATUS_BLOCK IoStatusBlock, 8571 IN PVOID FsInformation, 8572 IN ULONG Length, 8573 IN FS_INFORMATION_CLASS FsInformationClass); 8574 8575 NTSYSAPI 8576 NTSTATUS 8577 NTAPI 8578 ZwFsControlFile( 8579 IN HANDLE FileHandle, 8580 IN HANDLE Event OPTIONAL, 8581 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL, 8582 IN PVOID ApcContext OPTIONAL, 8583 OUT PIO_STATUS_BLOCK IoStatusBlock, 8584 IN ULONG FsControlCode, 8585 IN PVOID InputBuffer OPTIONAL, 8586 IN ULONG InputBufferLength, 8587 OUT PVOID OutputBuffer OPTIONAL, 8588 IN ULONG OutputBufferLength); 8589 8590 NTSYSAPI 8591 NTSTATUS 8592 NTAPI 8593 ZwDuplicateObject( 8594 IN HANDLE SourceProcessHandle, 8595 IN HANDLE SourceHandle, 8596 IN HANDLE TargetProcessHandle OPTIONAL, 8597 OUT PHANDLE TargetHandle OPTIONAL, 8598 IN ACCESS_MASK DesiredAccess, 8599 IN ULONG HandleAttributes, 8600 IN ULONG Options); 8601 8602 NTSYSAPI 8603 NTSTATUS 8604 NTAPI 8605 ZwOpenDirectoryObject( 8606 OUT PHANDLE DirectoryHandle, 8607 IN ACCESS_MASK DesiredAccess, 8608 IN POBJECT_ATTRIBUTES ObjectAttributes); 8609 8610 NTSYSAPI 8611 NTSTATUS 8612 NTAPI 8613 ZwAllocateVirtualMemory( 8614 IN HANDLE ProcessHandle, 8615 IN OUT PVOID *BaseAddress, 8616 IN ULONG_PTR ZeroBits, 8617 IN OUT PSIZE_T RegionSize, 8618 IN ULONG AllocationType, 8619 IN ULONG Protect); 8620 8621 NTSYSAPI 8622 NTSTATUS 8623 NTAPI 8624 ZwFreeVirtualMemory( 8625 IN HANDLE ProcessHandle, 8626 IN OUT PVOID *BaseAddress, 8627 IN OUT PSIZE_T RegionSize, 8628 IN ULONG FreeType); 8629 8630 NTSYSAPI 8631 NTSTATUS 8632 NTAPI 8633 ZwWaitForSingleObject( 8634 IN HANDLE Handle, 8635 IN BOOLEAN Alertable, 8636 IN PLARGE_INTEGER Timeout OPTIONAL); 8637 8638 NTSYSAPI 8639 NTSTATUS 8640 NTAPI 8641 ZwSetEvent( 8642 IN HANDLE EventHandle, 8643 OUT PLONG PreviousState OPTIONAL); 8644 8645 NTSYSAPI 8646 NTSTATUS 8647 NTAPI 8648 ZwFlushVirtualMemory( 8649 IN HANDLE ProcessHandle, 8650 IN OUT PVOID *BaseAddress, 8651 IN OUT PSIZE_T RegionSize, 8652 OUT PIO_STATUS_BLOCK IoStatusBlock); 8653 8654 NTSYSAPI 8655 NTSTATUS 8656 NTAPI 8657 ZwQueryInformationToken( 8658 IN HANDLE TokenHandle, 8659 IN TOKEN_INFORMATION_CLASS TokenInformationClass, 8660 OUT PVOID TokenInformation, 8661 IN ULONG Length, 8662 OUT PULONG ResultLength); 8663 8664 NTSYSAPI 8665 NTSTATUS 8666 NTAPI 8667 ZwSetSecurityObject( 8668 IN HANDLE Handle, 8669 IN SECURITY_INFORMATION SecurityInformation, 8670 IN PSECURITY_DESCRIPTOR SecurityDescriptor); 8671 8672 NTSYSAPI 8673 NTSTATUS 8674 NTAPI 8675 ZwQuerySecurityObject( 8676 IN HANDLE FileHandle, 8677 IN SECURITY_INFORMATION SecurityInformation, 8678 OUT PSECURITY_DESCRIPTOR SecurityDescriptor, 8679 IN ULONG Length, 8680 OUT PULONG ResultLength); 8681 #endif /* (NTDDI_VERSION >= NTDDI_WIN2K) */ 8682 8683 #if (NTDDI_VERSION >= NTDDI_WINXP) 8684 8685 NTSYSAPI 8686 NTSTATUS 8687 NTAPI 8688 ZwOpenProcessTokenEx( 8689 IN HANDLE ProcessHandle, 8690 IN ACCESS_MASK DesiredAccess, 8691 IN ULONG HandleAttributes, 8692 OUT PHANDLE TokenHandle); 8693 8694 NTSYSAPI 8695 NTSTATUS 8696 NTAPI 8697 ZwOpenThreadTokenEx( 8698 IN HANDLE ThreadHandle, 8699 IN ACCESS_MASK DesiredAccess, 8700 IN BOOLEAN OpenAsSelf, 8701 IN ULONG HandleAttributes, 8702 OUT PHANDLE TokenHandle); 8703 8704 #endif /* (NTDDI_VERSION >= NTDDI_WINXP) */ 8705 8706 #if (NTDDI_VERSION >= NTDDI_VISTA) 8707 8708 NTSYSAPI 8709 NTSTATUS 8710 NTAPI 8711 ZwLockFile( 8712 IN HANDLE FileHandle, 8713 IN HANDLE Event OPTIONAL, 8714 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL, 8715 IN PVOID ApcContext OPTIONAL, 8716 OUT PIO_STATUS_BLOCK IoStatusBlock, 8717 IN PLARGE_INTEGER ByteOffset, 8718 IN PLARGE_INTEGER Length, 8719 IN ULONG Key, 8720 IN BOOLEAN FailImmediately, 8721 IN BOOLEAN ExclusiveLock); 8722 8723 NTSYSAPI 8724 NTSTATUS 8725 NTAPI 8726 ZwUnlockFile( 8727 IN HANDLE FileHandle, 8728 OUT PIO_STATUS_BLOCK IoStatusBlock, 8729 IN PLARGE_INTEGER ByteOffset, 8730 IN PLARGE_INTEGER Length, 8731 IN ULONG Key); 8732 8733 NTSYSAPI 8734 NTSTATUS 8735 NTAPI 8736 ZwQueryQuotaInformationFile( 8737 IN HANDLE FileHandle, 8738 OUT PIO_STATUS_BLOCK IoStatusBlock, 8739 OUT PVOID Buffer, 8740 IN ULONG Length, 8741 IN BOOLEAN ReturnSingleEntry, 8742 IN PVOID SidList, 8743 IN ULONG SidListLength, 8744 IN PSID StartSid OPTIONAL, 8745 IN BOOLEAN RestartScan); 8746 8747 NTSYSAPI 8748 NTSTATUS 8749 NTAPI 8750 ZwSetQuotaInformationFile( 8751 IN HANDLE FileHandle, 8752 OUT PIO_STATUS_BLOCK IoStatusBlock, 8753 IN PVOID Buffer, 8754 IN ULONG Length); 8755 8756 NTSYSAPI 8757 NTSTATUS 8758 NTAPI 8759 ZwFlushBuffersFile( 8760 IN HANDLE FileHandle, 8761 OUT PIO_STATUS_BLOCK IoStatusBlock); 8762 #endif /* (NTDDI_VERSION >= NTDDI_VISTA) */ 8763 8764 #if (NTDDI_VERSION >= NTDDI_WIN7) 8765 8766 NTSYSAPI 8767 NTSTATUS 8768 NTAPI 8769 ZwSetInformationToken( 8770 IN HANDLE TokenHandle, 8771 IN TOKEN_INFORMATION_CLASS TokenInformationClass, 8772 IN PVOID TokenInformation, 8773 IN ULONG TokenInformationLength); 8774 #endif /* (NTDDI_VERSION >= NTDDI_WIN7) */ 8775 8776 8777 /* #if !defined(_X86AMD64_) FIXME : WHAT ?! */ 8778 #if defined(_WIN64) 8779 8780 C_ASSERT(sizeof(ERESOURCE) == 0x68); 8781 C_ASSERT(FIELD_OFFSET(ERESOURCE,ActiveCount) == 0x18); 8782 C_ASSERT(FIELD_OFFSET(ERESOURCE,Flag) == 0x1a); 8783 8784 #else 8785 8786 C_ASSERT(sizeof(ERESOURCE) == 0x38); 8787 C_ASSERT(FIELD_OFFSET(ERESOURCE,ActiveCount) == 0x0c); 8788 C_ASSERT(FIELD_OFFSET(ERESOURCE,Flag) == 0x0e); 8789 8790 #endif 8791 /* #endif */ 8792 8793 #if defined(_IA64_) 8794 #if (NTDDI_VERSION >= NTDDI_WIN2K) 8795 //DECLSPEC_DEPRECATED_DDK 8796 NTHALAPI 8797 ULONG 8798 NTAPI 8799 HalGetDmaAlignmentRequirement( 8800 VOID); 8801 #endif 8802 #endif 8803 8804 #if defined(_M_IX86) || defined(_M_AMD64) 8805 #define HalGetDmaAlignmentRequirement() 1L 8806 #endif 8807 8808 extern NTKERNELAPI PUSHORT NlsOemLeadByteInfo; 8809 #define NLS_OEM_LEAD_BYTE_INFO NlsOemLeadByteInfo 8810 8811 #ifdef NLS_MB_CODE_PAGE_TAG 8812 #undef NLS_MB_CODE_PAGE_TAG 8813 #endif 8814 #define NLS_MB_CODE_PAGE_TAG NlsMbOemCodePageTag 8815 8816 #if (NTDDI_VERSION >= NTDDI_VISTA) 8817 8818 typedef enum _NETWORK_OPEN_LOCATION_QUALIFIER { 8819 NetworkOpenLocationAny, 8820 NetworkOpenLocationRemote, 8821 NetworkOpenLocationLoopback 8822 } NETWORK_OPEN_LOCATION_QUALIFIER; 8823 8824 typedef enum _NETWORK_OPEN_INTEGRITY_QUALIFIER { 8825 NetworkOpenIntegrityAny, 8826 NetworkOpenIntegrityNone, 8827 NetworkOpenIntegritySigned, 8828 NetworkOpenIntegrityEncrypted, 8829 NetworkOpenIntegrityMaximum 8830 } NETWORK_OPEN_INTEGRITY_QUALIFIER; 8831 8832 #if (NTDDI_VERSION >= NTDDI_WIN7) 8833 8834 #define NETWORK_OPEN_ECP_IN_FLAG_DISABLE_HANDLE_COLLAPSING 0x1 8835 #define NETWORK_OPEN_ECP_IN_FLAG_DISABLE_HANDLE_DURABILITY 0x2 8836 #define NETWORK_OPEN_ECP_IN_FLAG_FORCE_BUFFERED_SYNCHRONOUS_IO_HACK 0x80000000 8837 8838 typedef struct _NETWORK_OPEN_ECP_CONTEXT { 8839 USHORT Size; 8840 USHORT Reserved; 8841 _ANONYMOUS_STRUCT struct { 8842 struct { 8843 NETWORK_OPEN_LOCATION_QUALIFIER Location; 8844 NETWORK_OPEN_INTEGRITY_QUALIFIER Integrity; 8845 ULONG Flags; 8846 } in; 8847 struct { 8848 NETWORK_OPEN_LOCATION_QUALIFIER Location; 8849 NETWORK_OPEN_INTEGRITY_QUALIFIER Integrity; 8850 ULONG Flags; 8851 } out; 8852 } DUMMYSTRUCTNAME; 8853 } NETWORK_OPEN_ECP_CONTEXT, *PNETWORK_OPEN_ECP_CONTEXT; 8854 8855 typedef struct _NETWORK_OPEN_ECP_CONTEXT_V0 { 8856 USHORT Size; 8857 USHORT Reserved; 8858 _ANONYMOUS_STRUCT struct { 8859 struct { 8860 NETWORK_OPEN_LOCATION_QUALIFIER Location; 8861 NETWORK_OPEN_INTEGRITY_QUALIFIER Integrity; 8862 } in; 8863 struct { 8864 NETWORK_OPEN_LOCATION_QUALIFIER Location; 8865 NETWORK_OPEN_INTEGRITY_QUALIFIER Integrity; 8866 } out; 8867 } DUMMYSTRUCTNAME; 8868 } NETWORK_OPEN_ECP_CONTEXT_V0, *PNETWORK_OPEN_ECP_CONTEXT_V0; 8869 8870 #elif (NTDDI_VERSION >= NTDDI_VISTA) 8871 typedef struct _NETWORK_OPEN_ECP_CONTEXT { 8872 USHORT Size; 8873 USHORT Reserved; 8874 _ANONYMOUS_STRUCT struct { 8875 struct { 8876 NETWORK_OPEN_LOCATION_QUALIFIER Location; 8877 NETWORK_OPEN_INTEGRITY_QUALIFIER Integrity; 8878 } in; 8879 struct { 8880 NETWORK_OPEN_LOCATION_QUALIFIER Location; 8881 NETWORK_OPEN_INTEGRITY_QUALIFIER Integrity; 8882 } out; 8883 } DUMMYSTRUCTNAME; 8884 } NETWORK_OPEN_ECP_CONTEXT, *PNETWORK_OPEN_ECP_CONTEXT; 8885 #endif 8886 8887 DEFINE_GUID(GUID_ECP_NETWORK_OPEN_CONTEXT, 0xc584edbf, 0x00df, 0x4d28, 0xb8, 0x84, 0x35, 0xba, 0xca, 0x89, 0x11, 0xe8); 8888 8889 #endif /* (NTDDI_VERSION >= NTDDI_VISTA) */ 8890 8891 8892 #if (NTDDI_VERSION >= NTDDI_VISTA) 8893 8894 typedef struct _PREFETCH_OPEN_ECP_CONTEXT { 8895 PVOID Context; 8896 } PREFETCH_OPEN_ECP_CONTEXT, *PPREFETCH_OPEN_ECP_CONTEXT; 8897 8898 DEFINE_GUID(GUID_ECP_PREFETCH_OPEN, 0xe1777b21, 0x847e, 0x4837, 0xaa, 0x45, 0x64, 0x16, 0x1d, 0x28, 0x6, 0x55); 8899 8900 #endif /* (NTDDI_VERSION >= NTDDI_VISTA) */ 8901 8902 #if (NTDDI_VERSION >= NTDDI_WIN7) 8903 8904 DEFINE_GUID (GUID_ECP_NFS_OPEN, 0xf326d30c, 0xe5f8, 0x4fe7, 0xab, 0x74, 0xf5, 0xa3, 0x19, 0x6d, 0x92, 0xdb); 8905 DEFINE_GUID (GUID_ECP_SRV_OPEN, 0xbebfaebc, 0xaabf, 0x489d, 0x9d, 0x2c, 0xe9, 0xe3, 0x61, 0x10, 0x28, 0x53); 8906 8907 typedef struct sockaddr_storage *PSOCKADDR_STORAGE_NFS; 8908 8909 typedef struct _NFS_OPEN_ECP_CONTEXT { 8910 PUNICODE_STRING ExportAlias; 8911 PSOCKADDR_STORAGE_NFS ClientSocketAddress; 8912 } NFS_OPEN_ECP_CONTEXT, *PNFS_OPEN_ECP_CONTEXT, **PPNFS_OPEN_ECP_CONTEXT; 8913 8914 typedef struct _SRV_OPEN_ECP_CONTEXT { 8915 PUNICODE_STRING ShareName; 8916 PSOCKADDR_STORAGE_NFS SocketAddress; 8917 BOOLEAN OplockBlockState; 8918 BOOLEAN OplockAppState; 8919 BOOLEAN OplockFinalState; 8920 } SRV_OPEN_ECP_CONTEXT, *PSRV_OPEN_ECP_CONTEXT; 8921 8922 #endif /* (NTDDI_VERSION >= NTDDI_WIN7) */ 8923 8924 #define PIN_WAIT (1) 8925 #define PIN_EXCLUSIVE (2) 8926 #define PIN_NO_READ (4) 8927 #define PIN_IF_BCB (8) 8928 #define PIN_CALLER_TRACKS_DIRTY_DATA (32) 8929 #define PIN_HIGH_PRIORITY (64) 8930 8931 #define MAP_WAIT 1 8932 #define MAP_NO_READ (16) 8933 #define MAP_HIGH_PRIORITY (64) 8934 8935 #define IOCTL_REDIR_QUERY_PATH CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 99, METHOD_NEITHER, FILE_ANY_ACCESS) 8936 #define IOCTL_REDIR_QUERY_PATH_EX CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 100, METHOD_NEITHER, FILE_ANY_ACCESS) 8937 8938 typedef struct _QUERY_PATH_REQUEST { 8939 ULONG PathNameLength; 8940 PIO_SECURITY_CONTEXT SecurityContext; 8941 WCHAR FilePathName[1]; 8942 } QUERY_PATH_REQUEST, *PQUERY_PATH_REQUEST; 8943 8944 typedef struct _QUERY_PATH_REQUEST_EX { 8945 PIO_SECURITY_CONTEXT pSecurityContext; 8946 ULONG EaLength; 8947 PVOID pEaBuffer; 8948 UNICODE_STRING PathName; 8949 UNICODE_STRING DomainServiceName; 8950 ULONG_PTR Reserved[ 3 ]; 8951 } QUERY_PATH_REQUEST_EX, *PQUERY_PATH_REQUEST_EX; 8952 8953 typedef struct _QUERY_PATH_RESPONSE { 8954 ULONG LengthAccepted; 8955 } QUERY_PATH_RESPONSE, *PQUERY_PATH_RESPONSE; 8956 8957 #define VOLSNAPCONTROLTYPE 0x00000053 8958 #define IOCTL_VOLSNAP_FLUSH_AND_HOLD_WRITES CTL_CODE(VOLSNAPCONTROLTYPE, 0, METHOD_BUFFERED, FILE_READ_ACCESS | FILE_WRITE_ACCESS) 8959 8960 /* FIXME : These definitions below don't belong here (or anywhere in ddk really) */ 8961 #pragma pack(push,4) 8962 8963 #ifndef VER_PRODUCTBUILD 8964 #define VER_PRODUCTBUILD 10000 8965 #endif 8966 8967 #include "csq.h" 8968 8969 extern PACL SePublicDefaultDacl; 8970 extern PACL SeSystemDefaultDacl; 8971 8972 #define FS_LFN_APIS 0x00004000 8973 8974 #define FILE_STORAGE_TYPE_SPECIFIED 0x00000041 /* FILE_DIRECTORY_FILE | FILE_NON_DIRECTORY_FILE */ 8975 #define FILE_STORAGE_TYPE_DEFAULT (StorageTypeDefault << FILE_STORAGE_TYPE_SHIFT) 8976 #define FILE_STORAGE_TYPE_DIRECTORY (StorageTypeDirectory << FILE_STORAGE_TYPE_SHIFT) 8977 #define FILE_STORAGE_TYPE_FILE (StorageTypeFile << FILE_STORAGE_TYPE_SHIFT) 8978 #define FILE_STORAGE_TYPE_DOCFILE (StorageTypeDocfile << FILE_STORAGE_TYPE_SHIFT) 8979 #define FILE_STORAGE_TYPE_JUNCTION_POINT (StorageTypeJunctionPoint << FILE_STORAGE_TYPE_SHIFT) 8980 #define FILE_STORAGE_TYPE_CATALOG (StorageTypeCatalog << FILE_STORAGE_TYPE_SHIFT) 8981 #define FILE_STORAGE_TYPE_STRUCTURED_STORAGE (StorageTypeStructuredStorage << FILE_STORAGE_TYPE_SHIFT) 8982 #define FILE_STORAGE_TYPE_EMBEDDING (StorageTypeEmbedding << FILE_STORAGE_TYPE_SHIFT) 8983 #define FILE_STORAGE_TYPE_STREAM (StorageTypeStream << FILE_STORAGE_TYPE_SHIFT) 8984 #define FILE_MINIMUM_STORAGE_TYPE FILE_STORAGE_TYPE_DEFAULT 8985 #define FILE_MAXIMUM_STORAGE_TYPE FILE_STORAGE_TYPE_STREAM 8986 #define FILE_STORAGE_TYPE_MASK 0x000f0000 8987 #define FILE_STORAGE_TYPE_SHIFT 16 8988 8989 #define FILE_VC_QUOTAS_LOG_VIOLATIONS 0x00000004 8990 8991 #ifdef _X86_ 8992 #define HARDWARE_PTE HARDWARE_PTE_X86 8993 #define PHARDWARE_PTE PHARDWARE_PTE_X86 8994 #endif 8995 8996 #define IO_ATTACH_DEVICE_API 0x80000000 8997 8998 #define IO_TYPE_APC 18 8999 #define IO_TYPE_DPC 19 9000 #define IO_TYPE_DEVICE_QUEUE 20 9001 #define IO_TYPE_EVENT_PAIR 21 9002 #define IO_TYPE_INTERRUPT 22 9003 #define IO_TYPE_PROFILE 23 9004 9005 #define IRP_BEING_VERIFIED 0x10 9006 9007 #define MAILSLOT_CLASS_FIRSTCLASS 1 9008 #define MAILSLOT_CLASS_SECONDCLASS 2 9009 9010 #define MAILSLOT_SIZE_AUTO 0 9011 9012 #define MEM_DOS_LIM 0x40000000 9013 9014 #define OB_TYPE_TYPE 1 9015 #define OB_TYPE_DIRECTORY 2 9016 #define OB_TYPE_SYMBOLIC_LINK 3 9017 #define OB_TYPE_TOKEN 4 9018 #define OB_TYPE_PROCESS 5 9019 #define OB_TYPE_THREAD 6 9020 #define OB_TYPE_EVENT 7 9021 #define OB_TYPE_EVENT_PAIR 8 9022 #define OB_TYPE_MUTANT 9 9023 #define OB_TYPE_SEMAPHORE 10 9024 #define OB_TYPE_TIMER 11 9025 #define OB_TYPE_PROFILE 12 9026 #define OB_TYPE_WINDOW_STATION 13 9027 #define OB_TYPE_DESKTOP 14 9028 #define OB_TYPE_SECTION 15 9029 #define OB_TYPE_KEY 16 9030 #define OB_TYPE_PORT 17 9031 #define OB_TYPE_ADAPTER 18 9032 #define OB_TYPE_CONTROLLER 19 9033 #define OB_TYPE_DEVICE 20 9034 #define OB_TYPE_DRIVER 21 9035 #define OB_TYPE_IO_COMPLETION 22 9036 #define OB_TYPE_FILE 23 9037 9038 #define SEC_BASED 0x00200000 9039 9040 /* end winnt.h */ 9041 9042 #define TOKEN_HAS_ADMIN_GROUP 0x08 9043 9044 #if (VER_PRODUCTBUILD >= 1381) 9045 #define FSCTL_GET_HFS_INFORMATION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 31, METHOD_BUFFERED, FILE_ANY_ACCESS) 9046 #endif /* (VER_PRODUCTBUILD >= 1381) */ 9047 9048 #if (VER_PRODUCTBUILD >= 2195) 9049 9050 #define FSCTL_READ_PROPERTY_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 33, METHOD_NEITHER, FILE_ANY_ACCESS) 9051 #define FSCTL_WRITE_PROPERTY_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 34, METHOD_NEITHER, FILE_ANY_ACCESS) 9052 9053 #define FSCTL_DUMP_PROPERTY_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 37, METHOD_NEITHER, FILE_ANY_ACCESS) 9054 9055 #define FSCTL_HSM_MSG CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 66, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA) 9056 #define FSCTL_NSS_CONTROL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 67, METHOD_BUFFERED, FILE_WRITE_DATA) 9057 #define FSCTL_HSM_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 68, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA) 9058 #define FSCTL_NSS_RCONTROL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 70, METHOD_BUFFERED, FILE_READ_DATA) 9059 #endif /* (VER_PRODUCTBUILD >= 2195) */ 9060 9061 #define FSCTL_NETWORK_SET_CONFIGURATION_INFO CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 102, METHOD_IN_DIRECT, FILE_ANY_ACCESS) 9062 #define FSCTL_NETWORK_GET_CONFIGURATION_INFO CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 103, METHOD_OUT_DIRECT, FILE_ANY_ACCESS) 9063 #define FSCTL_NETWORK_GET_CONNECTION_INFO CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 104, METHOD_NEITHER, FILE_ANY_ACCESS) 9064 #define FSCTL_NETWORK_ENUMERATE_CONNECTIONS CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 105, METHOD_NEITHER, FILE_ANY_ACCESS) 9065 #define FSCTL_NETWORK_DELETE_CONNECTION CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 107, METHOD_BUFFERED, FILE_ANY_ACCESS) 9066 #define FSCTL_NETWORK_GET_STATISTICS CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 116, METHOD_BUFFERED, FILE_ANY_ACCESS) 9067 #define FSCTL_NETWORK_SET_DOMAIN_NAME CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 120, METHOD_BUFFERED, FILE_ANY_ACCESS) 9068 #define FSCTL_NETWORK_REMOTE_BOOT_INIT_SCRT CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 250, METHOD_BUFFERED, FILE_ANY_ACCESS) 9069 9070 typedef enum _FILE_STORAGE_TYPE { 9071 StorageTypeDefault = 1, 9072 StorageTypeDirectory, 9073 StorageTypeFile, 9074 StorageTypeJunctionPoint, 9075 StorageTypeCatalog, 9076 StorageTypeStructuredStorage, 9077 StorageTypeEmbedding, 9078 StorageTypeStream 9079 } FILE_STORAGE_TYPE; 9080 9081 typedef struct _OBJECT_BASIC_INFORMATION 9082 { 9083 ULONG Attributes; 9084 ACCESS_MASK GrantedAccess; 9085 ULONG HandleCount; 9086 ULONG PointerCount; 9087 ULONG PagedPoolCharge; 9088 ULONG NonPagedPoolCharge; 9089 ULONG Reserved[ 3 ]; 9090 ULONG NameInfoSize; 9091 ULONG TypeInfoSize; 9092 ULONG SecurityDescriptorSize; 9093 LARGE_INTEGER CreationTime; 9094 } OBJECT_BASIC_INFORMATION, *POBJECT_BASIC_INFORMATION; 9095 9096 typedef struct _BITMAP_RANGE { 9097 LIST_ENTRY Links; 9098 LONGLONG BasePage; 9099 ULONG FirstDirtyPage; 9100 ULONG LastDirtyPage; 9101 ULONG DirtyPages; 9102 PULONG Bitmap; 9103 } BITMAP_RANGE, *PBITMAP_RANGE; 9104 9105 typedef struct _FILE_COPY_ON_WRITE_INFORMATION { 9106 BOOLEAN ReplaceIfExists; 9107 HANDLE RootDirectory; 9108 ULONG FileNameLength; 9109 WCHAR FileName[1]; 9110 } FILE_COPY_ON_WRITE_INFORMATION, *PFILE_COPY_ON_WRITE_INFORMATION; 9111 9112 typedef struct _FILE_FULL_DIRECTORY_INFORMATION { 9113 ULONG NextEntryOffset; 9114 ULONG FileIndex; 9115 LARGE_INTEGER CreationTime; 9116 LARGE_INTEGER LastAccessTime; 9117 LARGE_INTEGER LastWriteTime; 9118 LARGE_INTEGER ChangeTime; 9119 LARGE_INTEGER EndOfFile; 9120 LARGE_INTEGER AllocationSize; 9121 ULONG FileAttributes; 9122 ULONG FileNameLength; 9123 ULONG EaSize; 9124 WCHAR FileName[ANYSIZE_ARRAY]; 9125 } FILE_FULL_DIRECTORY_INFORMATION, *PFILE_FULL_DIRECTORY_INFORMATION; 9126 9127 /* raw internal file lock struct returned from FsRtlGetNextFileLock */ 9128 typedef struct _FILE_SHARED_LOCK_ENTRY { 9129 PVOID Unknown1; 9130 PVOID Unknown2; 9131 FILE_LOCK_INFO FileLock; 9132 } FILE_SHARED_LOCK_ENTRY, *PFILE_SHARED_LOCK_ENTRY; 9133 9134 /* raw internal file lock struct returned from FsRtlGetNextFileLock */ 9135 typedef struct _FILE_EXCLUSIVE_LOCK_ENTRY { 9136 LIST_ENTRY ListEntry; 9137 PVOID Unknown1; 9138 PVOID Unknown2; 9139 FILE_LOCK_INFO FileLock; 9140 } FILE_EXCLUSIVE_LOCK_ENTRY, *PFILE_EXCLUSIVE_LOCK_ENTRY; 9141 9142 typedef struct _FILE_MAILSLOT_PEEK_BUFFER { 9143 ULONG ReadDataAvailable; 9144 ULONG NumberOfMessages; 9145 ULONG MessageLength; 9146 } FILE_MAILSLOT_PEEK_BUFFER, *PFILE_MAILSLOT_PEEK_BUFFER; 9147 9148 typedef struct _FILE_OLE_CLASSID_INFORMATION { 9149 GUID ClassId; 9150 } FILE_OLE_CLASSID_INFORMATION, *PFILE_OLE_CLASSID_INFORMATION; 9151 9152 typedef struct _FILE_OLE_ALL_INFORMATION { 9153 FILE_BASIC_INFORMATION BasicInformation; 9154 FILE_STANDARD_INFORMATION StandardInformation; 9155 FILE_INTERNAL_INFORMATION InternalInformation; 9156 FILE_EA_INFORMATION EaInformation; 9157 FILE_ACCESS_INFORMATION AccessInformation; 9158 FILE_POSITION_INFORMATION PositionInformation; 9159 FILE_MODE_INFORMATION ModeInformation; 9160 FILE_ALIGNMENT_INFORMATION AlignmentInformation; 9161 USN LastChangeUsn; 9162 USN ReplicationUsn; 9163 LARGE_INTEGER SecurityChangeTime; 9164 FILE_OLE_CLASSID_INFORMATION OleClassIdInformation; 9165 FILE_OBJECTID_INFORMATION ObjectIdInformation; 9166 FILE_STORAGE_TYPE StorageType; 9167 ULONG OleStateBits; 9168 ULONG OleId; 9169 ULONG NumberOfStreamReferences; 9170 ULONG StreamIndex; 9171 ULONG SecurityId; 9172 BOOLEAN ContentIndexDisable; 9173 BOOLEAN InheritContentIndexDisable; 9174 FILE_NAME_INFORMATION NameInformation; 9175 } FILE_OLE_ALL_INFORMATION, *PFILE_OLE_ALL_INFORMATION; 9176 9177 typedef struct _FILE_OLE_DIR_INFORMATION { 9178 ULONG NextEntryOffset; 9179 ULONG FileIndex; 9180 LARGE_INTEGER CreationTime; 9181 LARGE_INTEGER LastAccessTime; 9182 LARGE_INTEGER LastWriteTime; 9183 LARGE_INTEGER ChangeTime; 9184 LARGE_INTEGER EndOfFile; 9185 LARGE_INTEGER AllocationSize; 9186 ULONG FileAttributes; 9187 ULONG FileNameLength; 9188 FILE_STORAGE_TYPE StorageType; 9189 GUID OleClassId; 9190 ULONG OleStateBits; 9191 BOOLEAN ContentIndexDisable; 9192 BOOLEAN InheritContentIndexDisable; 9193 WCHAR FileName[1]; 9194 } FILE_OLE_DIR_INFORMATION, *PFILE_OLE_DIR_INFORMATION; 9195 9196 typedef struct _FILE_OLE_INFORMATION { 9197 LARGE_INTEGER SecurityChangeTime; 9198 FILE_OLE_CLASSID_INFORMATION OleClassIdInformation; 9199 FILE_OBJECTID_INFORMATION ObjectIdInformation; 9200 FILE_STORAGE_TYPE StorageType; 9201 ULONG OleStateBits; 9202 BOOLEAN ContentIndexDisable; 9203 BOOLEAN InheritContentIndexDisable; 9204 } FILE_OLE_INFORMATION, *PFILE_OLE_INFORMATION; 9205 9206 typedef struct _FILE_OLE_STATE_BITS_INFORMATION { 9207 ULONG StateBits; 9208 ULONG StateBitsMask; 9209 } FILE_OLE_STATE_BITS_INFORMATION, *PFILE_OLE_STATE_BITS_INFORMATION; 9210 9211 typedef struct _MAPPING_PAIR { 9212 ULONGLONG Vcn; 9213 ULONGLONG Lcn; 9214 } MAPPING_PAIR, *PMAPPING_PAIR; 9215 9216 typedef struct _GET_RETRIEVAL_DESCRIPTOR { 9217 ULONG NumberOfPairs; 9218 ULONGLONG StartVcn; 9219 MAPPING_PAIR Pair[1]; 9220 } GET_RETRIEVAL_DESCRIPTOR, *PGET_RETRIEVAL_DESCRIPTOR; 9221 9222 typedef struct _MBCB { 9223 CSHORT NodeTypeCode; 9224 CSHORT NodeIsInZone; 9225 ULONG PagesToWrite; 9226 ULONG DirtyPages; 9227 ULONG Reserved; 9228 LIST_ENTRY BitmapRanges; 9229 LONGLONG ResumeWritePage; 9230 BITMAP_RANGE BitmapRange1; 9231 BITMAP_RANGE BitmapRange2; 9232 BITMAP_RANGE BitmapRange3; 9233 } MBCB, *PMBCB; 9234 9235 typedef struct _MOVEFILE_DESCRIPTOR { 9236 HANDLE FileHandle; 9237 ULONG Reserved; 9238 LARGE_INTEGER StartVcn; 9239 LARGE_INTEGER TargetLcn; 9240 ULONG NumVcns; 9241 ULONG Reserved1; 9242 } MOVEFILE_DESCRIPTOR, *PMOVEFILE_DESCRIPTOR; 9243 9244 typedef struct _OBJECT_BASIC_INFO { 9245 ULONG Attributes; 9246 ACCESS_MASK GrantedAccess; 9247 ULONG HandleCount; 9248 ULONG ReferenceCount; 9249 ULONG PagedPoolUsage; 9250 ULONG NonPagedPoolUsage; 9251 ULONG Reserved[3]; 9252 ULONG NameInformationLength; 9253 ULONG TypeInformationLength; 9254 ULONG SecurityDescriptorLength; 9255 LARGE_INTEGER CreateTime; 9256 } OBJECT_BASIC_INFO, *POBJECT_BASIC_INFO; 9257 9258 typedef struct _OBJECT_HANDLE_ATTRIBUTE_INFO { 9259 BOOLEAN Inherit; 9260 BOOLEAN ProtectFromClose; 9261 } OBJECT_HANDLE_ATTRIBUTE_INFO, *POBJECT_HANDLE_ATTRIBUTE_INFO; 9262 9263 typedef struct _OBJECT_NAME_INFO { 9264 UNICODE_STRING ObjectName; 9265 WCHAR ObjectNameBuffer[1]; 9266 } OBJECT_NAME_INFO, *POBJECT_NAME_INFO; 9267 9268 typedef struct _OBJECT_PROTECTION_INFO { 9269 BOOLEAN Inherit; 9270 BOOLEAN ProtectHandle; 9271 } OBJECT_PROTECTION_INFO, *POBJECT_PROTECTION_INFO; 9272 9273 typedef struct _OBJECT_TYPE_INFO { 9274 UNICODE_STRING ObjectTypeName; 9275 UCHAR Unknown[0x58]; 9276 WCHAR ObjectTypeNameBuffer[1]; 9277 } OBJECT_TYPE_INFO, *POBJECT_TYPE_INFO; 9278 9279 typedef struct _OBJECT_ALL_TYPES_INFO { 9280 ULONG NumberOfObjectTypes; 9281 OBJECT_TYPE_INFO ObjectsTypeInfo[1]; 9282 } OBJECT_ALL_TYPES_INFO, *POBJECT_ALL_TYPES_INFO; 9283 9284 #if defined(USE_LPC6432) 9285 #define LPC_CLIENT_ID CLIENT_ID64 9286 #define LPC_SIZE_T ULONGLONG 9287 #define LPC_PVOID ULONGLONG 9288 #define LPC_HANDLE ULONGLONG 9289 #else 9290 #define LPC_CLIENT_ID CLIENT_ID 9291 #define LPC_SIZE_T SIZE_T 9292 #define LPC_PVOID PVOID 9293 #define LPC_HANDLE HANDLE 9294 #endif 9295 9296 typedef struct _PORT_MESSAGE 9297 { 9298 union 9299 { 9300 struct 9301 { 9302 CSHORT DataLength; 9303 CSHORT TotalLength; 9304 } s1; 9305 ULONG Length; 9306 } u1; 9307 union 9308 { 9309 struct 9310 { 9311 CSHORT Type; 9312 CSHORT DataInfoOffset; 9313 } s2; 9314 ULONG ZeroInit; 9315 } u2; 9316 __GNU_EXTENSION union 9317 { 9318 LPC_CLIENT_ID ClientId; 9319 double DoNotUseThisField; 9320 }; 9321 ULONG MessageId; 9322 __GNU_EXTENSION union 9323 { 9324 LPC_SIZE_T ClientViewSize; 9325 ULONG CallbackId; 9326 }; 9327 } PORT_MESSAGE, *PPORT_MESSAGE; 9328 9329 #define LPC_KERNELMODE_MESSAGE (CSHORT)((USHORT)0x8000) 9330 9331 typedef struct _PORT_VIEW 9332 { 9333 ULONG Length; 9334 LPC_HANDLE SectionHandle; 9335 ULONG SectionOffset; 9336 LPC_SIZE_T ViewSize; 9337 LPC_PVOID ViewBase; 9338 LPC_PVOID ViewRemoteBase; 9339 } PORT_VIEW, *PPORT_VIEW; 9340 9341 typedef struct _REMOTE_PORT_VIEW 9342 { 9343 ULONG Length; 9344 LPC_SIZE_T ViewSize; 9345 LPC_PVOID ViewBase; 9346 } REMOTE_PORT_VIEW, *PREMOTE_PORT_VIEW; 9347 9348 typedef struct _VAD_HEADER { 9349 PVOID StartVPN; 9350 PVOID EndVPN; 9351 struct _VAD_HEADER* ParentLink; 9352 struct _VAD_HEADER* LeftLink; 9353 struct _VAD_HEADER* RightLink; 9354 ULONG Flags; /* LSB = CommitCharge */ 9355 PVOID ControlArea; 9356 PVOID FirstProtoPte; 9357 PVOID LastPTE; 9358 ULONG Unknown; 9359 LIST_ENTRY Secured; 9360 } VAD_HEADER, *PVAD_HEADER; 9361 9362 NTKERNELAPI 9363 LARGE_INTEGER 9364 NTAPI 9365 CcGetLsnForFileObject ( 9366 IN PFILE_OBJECT FileObject, 9367 OUT PLARGE_INTEGER OldestLsn OPTIONAL 9368 ); 9369 9370 NTKERNELAPI 9371 PVOID 9372 NTAPI 9373 FsRtlAllocatePool ( 9374 IN POOL_TYPE PoolType, 9375 IN ULONG NumberOfBytes 9376 ); 9377 9378 NTKERNELAPI 9379 PVOID 9380 NTAPI 9381 FsRtlAllocatePoolWithQuota ( 9382 IN POOL_TYPE PoolType, 9383 IN ULONG NumberOfBytes 9384 ); 9385 9386 NTKERNELAPI 9387 PVOID 9388 NTAPI 9389 FsRtlAllocatePoolWithQuotaTag ( 9390 IN POOL_TYPE PoolType, 9391 IN ULONG NumberOfBytes, 9392 IN ULONG Tag 9393 ); 9394 9395 NTKERNELAPI 9396 PVOID 9397 NTAPI 9398 FsRtlAllocatePoolWithTag ( 9399 IN POOL_TYPE PoolType, 9400 IN ULONG NumberOfBytes, 9401 IN ULONG Tag 9402 ); 9403 9404 NTKERNELAPI 9405 BOOLEAN 9406 NTAPI 9407 FsRtlIsFatDbcsLegal ( 9408 IN ANSI_STRING DbcsName, 9409 IN BOOLEAN WildCardsPermissible, 9410 IN BOOLEAN PathNamePermissible, 9411 IN BOOLEAN LeadingBackslashPermissible 9412 ); 9413 9414 NTKERNELAPI 9415 BOOLEAN 9416 NTAPI 9417 FsRtlMdlReadComplete ( 9418 IN PFILE_OBJECT FileObject, 9419 IN PMDL MdlChain 9420 ); 9421 9422 NTKERNELAPI 9423 BOOLEAN 9424 NTAPI 9425 FsRtlMdlWriteComplete ( 9426 IN PFILE_OBJECT FileObject, 9427 IN PLARGE_INTEGER FileOffset, 9428 IN PMDL MdlChain 9429 ); 9430 9431 NTKERNELAPI 9432 VOID 9433 NTAPI 9434 FsRtlNotifyChangeDirectory ( 9435 IN PNOTIFY_SYNC NotifySync, 9436 IN PVOID FsContext, 9437 IN PSTRING FullDirectoryName, 9438 IN PLIST_ENTRY NotifyList, 9439 IN BOOLEAN WatchTree, 9440 IN ULONG CompletionFilter, 9441 IN PIRP NotifyIrp 9442 ); 9443 9444 NTKERNELAPI 9445 NTSTATUS 9446 NTAPI 9447 ObCreateObject ( 9448 IN KPROCESSOR_MODE ObjectAttributesAccessMode OPTIONAL, 9449 IN POBJECT_TYPE ObjectType, 9450 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, 9451 IN KPROCESSOR_MODE AccessMode, 9452 IN OUT PVOID ParseContext OPTIONAL, 9453 IN ULONG ObjectSize, 9454 IN ULONG PagedPoolCharge OPTIONAL, 9455 IN ULONG NonPagedPoolCharge OPTIONAL, 9456 OUT PVOID *Object 9457 ); 9458 9459 NTKERNELAPI 9460 ULONG 9461 NTAPI 9462 ObGetObjectPointerCount ( 9463 IN PVOID Object 9464 ); 9465 9466 NTKERNELAPI 9467 NTSTATUS 9468 NTAPI 9469 ObReferenceObjectByName ( 9470 IN PUNICODE_STRING ObjectName, 9471 IN ULONG Attributes, 9472 IN PACCESS_STATE PassedAccessState OPTIONAL, 9473 IN ACCESS_MASK DesiredAccess OPTIONAL, 9474 IN POBJECT_TYPE ObjectType, 9475 IN KPROCESSOR_MODE AccessMode, 9476 IN OUT PVOID ParseContext OPTIONAL, 9477 OUT PVOID *Object 9478 ); 9479 9480 #define PsDereferenceImpersonationToken(T) \ 9481 {if (ARGUMENT_PRESENT(T)) { \ 9482 (ObDereferenceObject((T))); \ 9483 } else { \ 9484 ; \ 9485 } \ 9486 } 9487 9488 NTKERNELAPI 9489 NTSTATUS 9490 NTAPI 9491 PsLookupProcessThreadByCid ( 9492 IN PCLIENT_ID Cid, 9493 OUT PEPROCESS *Process OPTIONAL, 9494 OUT PETHREAD *Thread 9495 ); 9496 9497 NTSYSAPI 9498 NTSTATUS 9499 NTAPI 9500 RtlSetSaclSecurityDescriptor ( 9501 IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor, 9502 IN BOOLEAN SaclPresent, 9503 IN PACL Sacl, 9504 IN BOOLEAN SaclDefaulted 9505 ); 9506 9507 #define SeEnableAccessToExports() SeExports = *(PSE_EXPORTS *)SeExports; 9508 9509 #if (VER_PRODUCTBUILD >= 2195) 9510 9511 NTSYSAPI 9512 NTSTATUS 9513 NTAPI 9514 ZwAdjustPrivilegesToken ( 9515 IN HANDLE TokenHandle, 9516 IN BOOLEAN DisableAllPrivileges, 9517 IN PTOKEN_PRIVILEGES NewState, 9518 IN ULONG BufferLength, 9519 OUT PTOKEN_PRIVILEGES PreviousState OPTIONAL, 9520 OUT PULONG ReturnLength 9521 ); 9522 9523 #endif /* (VER_PRODUCTBUILD >= 2195) */ 9524 9525 NTSYSAPI 9526 NTSTATUS 9527 NTAPI 9528 ZwAlertThread ( 9529 IN HANDLE ThreadHandle 9530 ); 9531 9532 NTSYSAPI 9533 NTSTATUS 9534 NTAPI 9535 ZwAccessCheckAndAuditAlarm ( 9536 IN PUNICODE_STRING SubsystemName, 9537 IN PVOID HandleId, 9538 IN PUNICODE_STRING ObjectTypeName, 9539 IN PUNICODE_STRING ObjectName, 9540 IN PSECURITY_DESCRIPTOR SecurityDescriptor, 9541 IN ACCESS_MASK DesiredAccess, 9542 IN PGENERIC_MAPPING GenericMapping, 9543 IN BOOLEAN ObjectCreation, 9544 OUT PACCESS_MASK GrantedAccess, 9545 OUT PBOOLEAN AccessStatus, 9546 OUT PBOOLEAN GenerateOnClose 9547 ); 9548 9549 #if (VER_PRODUCTBUILD >= 2195) 9550 9551 NTSYSAPI 9552 NTSTATUS 9553 NTAPI 9554 ZwCancelIoFile ( 9555 IN HANDLE FileHandle, 9556 OUT PIO_STATUS_BLOCK IoStatusBlock 9557 ); 9558 9559 #endif /* (VER_PRODUCTBUILD >= 2195) */ 9560 9561 NTSYSAPI 9562 NTSTATUS 9563 NTAPI 9564 ZwClearEvent ( 9565 IN HANDLE EventHandle 9566 ); 9567 9568 NTSYSAPI 9569 NTSTATUS 9570 NTAPI 9571 ZwCloseObjectAuditAlarm ( 9572 IN PUNICODE_STRING SubsystemName, 9573 IN PVOID HandleId, 9574 IN BOOLEAN GenerateOnClose 9575 ); 9576 9577 NTSYSAPI 9578 NTSTATUS 9579 NTAPI 9580 ZwCreateSymbolicLinkObject ( 9581 OUT PHANDLE SymbolicLinkHandle, 9582 IN ACCESS_MASK DesiredAccess, 9583 IN POBJECT_ATTRIBUTES ObjectAttributes, 9584 IN PUNICODE_STRING TargetName 9585 ); 9586 9587 NTSYSAPI 9588 NTSTATUS 9589 NTAPI 9590 ZwFlushInstructionCache ( 9591 IN HANDLE ProcessHandle, 9592 IN PVOID BaseAddress OPTIONAL, 9593 IN ULONG FlushSize 9594 ); 9595 9596 NTSYSAPI 9597 NTSTATUS 9598 NTAPI 9599 ZwFlushBuffersFile( 9600 IN HANDLE FileHandle, 9601 OUT PIO_STATUS_BLOCK IoStatusBlock 9602 ); 9603 9604 #if (VER_PRODUCTBUILD >= 2195) 9605 9606 NTSYSAPI 9607 NTSTATUS 9608 NTAPI 9609 ZwInitiatePowerAction ( 9610 IN POWER_ACTION SystemAction, 9611 IN SYSTEM_POWER_STATE MinSystemState, 9612 IN ULONG Flags, 9613 IN BOOLEAN Asynchronous 9614 ); 9615 9616 #endif /* (VER_PRODUCTBUILD >= 2195) */ 9617 9618 NTSYSAPI 9619 NTSTATUS 9620 NTAPI 9621 ZwLoadKey ( 9622 IN POBJECT_ATTRIBUTES KeyObjectAttributes, 9623 IN POBJECT_ATTRIBUTES FileObjectAttributes 9624 ); 9625 9626 NTSYSAPI 9627 NTSTATUS 9628 NTAPI 9629 ZwOpenProcessToken ( 9630 IN HANDLE ProcessHandle, 9631 IN ACCESS_MASK DesiredAccess, 9632 OUT PHANDLE TokenHandle 9633 ); 9634 9635 NTSYSAPI 9636 NTSTATUS 9637 NTAPI 9638 ZwOpenThread ( 9639 OUT PHANDLE ThreadHandle, 9640 IN ACCESS_MASK DesiredAccess, 9641 IN POBJECT_ATTRIBUTES ObjectAttributes, 9642 IN PCLIENT_ID ClientId 9643 ); 9644 9645 NTSYSAPI 9646 NTSTATUS 9647 NTAPI 9648 ZwOpenThreadToken ( 9649 IN HANDLE ThreadHandle, 9650 IN ACCESS_MASK DesiredAccess, 9651 IN BOOLEAN OpenAsSelf, 9652 OUT PHANDLE TokenHandle 9653 ); 9654 9655 NTSYSAPI 9656 NTSTATUS 9657 NTAPI 9658 ZwPulseEvent ( 9659 IN HANDLE EventHandle, 9660 OUT PLONG PreviousState OPTIONAL 9661 ); 9662 9663 NTSYSAPI 9664 NTSTATUS 9665 NTAPI 9666 ZwQueryDefaultLocale ( 9667 IN BOOLEAN ThreadOrSystem, 9668 OUT PLCID Locale 9669 ); 9670 9671 #if (VER_PRODUCTBUILD >= 2195) 9672 9673 NTSYSAPI 9674 NTSTATUS 9675 NTAPI 9676 ZwQueryDirectoryObject ( 9677 IN HANDLE DirectoryHandle, 9678 OUT PVOID Buffer, 9679 IN ULONG Length, 9680 IN BOOLEAN ReturnSingleEntry, 9681 IN BOOLEAN RestartScan, 9682 IN OUT PULONG Context, 9683 OUT PULONG ReturnLength OPTIONAL 9684 ); 9685 9686 #endif /* (VER_PRODUCTBUILD >= 2195) */ 9687 9688 NTSYSAPI 9689 NTSTATUS 9690 NTAPI 9691 ZwQueryInformationProcess ( 9692 IN HANDLE ProcessHandle, 9693 IN PROCESSINFOCLASS ProcessInformationClass, 9694 OUT PVOID ProcessInformation, 9695 IN ULONG ProcessInformationLength, 9696 OUT PULONG ReturnLength OPTIONAL 9697 ); 9698 9699 NTSYSAPI 9700 NTSTATUS 9701 NTAPI 9702 ZwReplaceKey ( 9703 IN POBJECT_ATTRIBUTES NewFileObjectAttributes, 9704 IN HANDLE KeyHandle, 9705 IN POBJECT_ATTRIBUTES OldFileObjectAttributes 9706 ); 9707 9708 NTSYSAPI 9709 NTSTATUS 9710 NTAPI 9711 ZwResetEvent ( 9712 IN HANDLE EventHandle, 9713 OUT PLONG PreviousState OPTIONAL 9714 ); 9715 9716 #if (VER_PRODUCTBUILD >= 2195) 9717 9718 NTSYSAPI 9719 NTSTATUS 9720 NTAPI 9721 ZwRestoreKey ( 9722 IN HANDLE KeyHandle, 9723 IN HANDLE FileHandle, 9724 IN ULONG Flags 9725 ); 9726 9727 #endif /* (VER_PRODUCTBUILD >= 2195) */ 9728 9729 NTSYSAPI 9730 NTSTATUS 9731 NTAPI 9732 ZwSaveKey ( 9733 IN HANDLE KeyHandle, 9734 IN HANDLE FileHandle 9735 ); 9736 9737 NTSYSAPI 9738 NTSTATUS 9739 NTAPI 9740 ZwSetDefaultLocale ( 9741 IN BOOLEAN ThreadOrSystem, 9742 IN LCID Locale 9743 ); 9744 9745 #if (VER_PRODUCTBUILD >= 2195) 9746 9747 NTSYSAPI 9748 NTSTATUS 9749 NTAPI 9750 ZwSetDefaultUILanguage ( 9751 IN LANGID LanguageId 9752 ); 9753 9754 #endif /* (VER_PRODUCTBUILD >= 2195) */ 9755 9756 NTSYSAPI 9757 NTSTATUS 9758 NTAPI 9759 ZwSetInformationProcess ( 9760 IN HANDLE ProcessHandle, 9761 IN PROCESSINFOCLASS ProcessInformationClass, 9762 IN PVOID ProcessInformation, 9763 IN ULONG ProcessInformationLength 9764 ); 9765 9766 NTSYSAPI 9767 NTSTATUS 9768 NTAPI 9769 ZwSetSystemTime ( 9770 IN PLARGE_INTEGER NewTime, 9771 OUT PLARGE_INTEGER OldTime OPTIONAL 9772 ); 9773 9774 NTSYSAPI 9775 NTSTATUS 9776 NTAPI 9777 ZwUnloadKey ( 9778 IN POBJECT_ATTRIBUTES KeyObjectAttributes 9779 ); 9780 9781 NTSYSAPI 9782 NTSTATUS 9783 NTAPI 9784 ZwWaitForMultipleObjects ( 9785 IN ULONG HandleCount, 9786 IN PHANDLE Handles, 9787 IN WAIT_TYPE WaitType, 9788 IN BOOLEAN Alertable, 9789 IN PLARGE_INTEGER Timeout OPTIONAL 9790 ); 9791 9792 NTSYSAPI 9793 NTSTATUS 9794 NTAPI 9795 ZwYieldExecution ( 9796 VOID 9797 ); 9798 9799 #pragma pack(pop) 9800 9801 #ifdef __cplusplus 9802 } 9803 #endif 9804