| /* |
| * ntifs.h |
| * |
| * Windows NT Filesystem Driver Developer Kit |
| * |
| * This file is part of the ReactOS DDK package. |
| * |
| * Contributors: |
| * Amine Khaldi |
| * Timo Kreuzer (timo.kreuzer@reactos.org) |
| * |
| * THIS SOFTWARE IS NOT COPYRIGHTED |
| * |
| * This source code is offered for use in the public domain. You may |
| * use, modify or distribute it freely. |
| * |
| * This code is distributed in the hope that it will be useful but |
| * WITHOUT ANY WARRANTY. ALL WARRANTIES, EXPRESS OR IMPLIED ARE HEREBY |
| * DISCLAIMED. This includes but is not limited to warranties of |
| * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. |
| * |
| */ |
| |
| #pragma once |
| |
| #define _NTIFS_INCLUDED_ |
| #define _GNU_NTIFS_ |
| |
| #ifdef __cplusplus |
| extern "C" { |
| #endif |
| |
| /* Dependencies */ |
| #include <ntddk.h> |
| #include <excpt.h> |
| #include <ntdef.h> |
| #include <ntnls.h> |
| #include <ntstatus.h> |
| #include <bugcodes.h> |
| #include <ntiologc.h> |
| |
| |
| #ifndef FlagOn |
| #define FlagOn(_F,_SF) ((_F) & (_SF)) |
| #endif |
| |
| #ifndef BooleanFlagOn |
| #define BooleanFlagOn(F,SF) ((BOOLEAN)(((F) & (SF)) != 0)) |
| #endif |
| |
| #ifndef SetFlag |
| #define SetFlag(_F,_SF) ((_F) |= (_SF)) |
| #endif |
| |
| #ifndef ClearFlag |
| #define ClearFlag(_F,_SF) ((_F) &= ~(_SF)) |
| #endif |
| |
| typedef UNICODE_STRING LSA_UNICODE_STRING, *PLSA_UNICODE_STRING; |
| typedef STRING LSA_STRING, *PLSA_STRING; |
| typedef OBJECT_ATTRIBUTES LSA_OBJECT_ATTRIBUTES, *PLSA_OBJECT_ATTRIBUTES; |
| |
| /****************************************************************************** |
| * Security Manager Types * |
| ******************************************************************************/ |
| #ifndef SID_IDENTIFIER_AUTHORITY_DEFINED |
| #define SID_IDENTIFIER_AUTHORITY_DEFINED |
| typedef struct _SID_IDENTIFIER_AUTHORITY { |
| UCHAR Value[6]; |
| } SID_IDENTIFIER_AUTHORITY,*PSID_IDENTIFIER_AUTHORITY,*LPSID_IDENTIFIER_AUTHORITY; |
| #endif |
| |
| #ifndef SID_DEFINED |
| #define SID_DEFINED |
| typedef struct _SID { |
| UCHAR Revision; |
| UCHAR SubAuthorityCount; |
| SID_IDENTIFIER_AUTHORITY IdentifierAuthority; |
| ULONG SubAuthority[ANYSIZE_ARRAY]; |
| } SID, *PISID; |
| #endif |
| |
| #define SID_REVISION 1 |
| #define SID_MAX_SUB_AUTHORITIES 15 |
| #define SID_RECOMMENDED_SUB_AUTHORITIES 1 |
| |
| typedef enum _SID_NAME_USE { |
| SidTypeUser = 1, |
| SidTypeGroup, |
| SidTypeDomain, |
| SidTypeAlias, |
| SidTypeWellKnownGroup, |
| SidTypeDeletedAccount, |
| SidTypeInvalid, |
| SidTypeUnknown, |
| SidTypeComputer, |
| SidTypeLabel |
| } SID_NAME_USE, *PSID_NAME_USE; |
| |
| typedef struct _SID_AND_ATTRIBUTES { |
| PSID Sid; |
| ULONG Attributes; |
| } SID_AND_ATTRIBUTES, *PSID_AND_ATTRIBUTES; |
| typedef SID_AND_ATTRIBUTES SID_AND_ATTRIBUTES_ARRAY[ANYSIZE_ARRAY]; |
| typedef SID_AND_ATTRIBUTES_ARRAY *PSID_AND_ATTRIBUTES_ARRAY; |
| |
| #define SID_HASH_SIZE 32 |
| typedef ULONG_PTR SID_HASH_ENTRY, *PSID_HASH_ENTRY; |
| |
| typedef struct _SID_AND_ATTRIBUTES_HASH { |
| ULONG SidCount; |
| PSID_AND_ATTRIBUTES SidAttr; |
| SID_HASH_ENTRY Hash[SID_HASH_SIZE]; |
| } SID_AND_ATTRIBUTES_HASH, *PSID_AND_ATTRIBUTES_HASH; |
| |
| /* Universal well-known SIDs */ |
| |
| #define SECURITY_NULL_SID_AUTHORITY {0,0,0,0,0,0} |
| #define SECURITY_WORLD_SID_AUTHORITY {0,0,0,0,0,1} |
| #define SECURITY_LOCAL_SID_AUTHORITY {0,0,0,0,0,2} |
| #define SECURITY_CREATOR_SID_AUTHORITY {0,0,0,0,0,3} |
| #define SECURITY_NON_UNIQUE_AUTHORITY {0,0,0,0,0,4} |
| #define SECURITY_RESOURCE_MANAGER_AUTHORITY {0,0,0,0,0,9} |
| |
| #define SECURITY_NULL_RID (0x00000000L) |
| #define SECURITY_WORLD_RID (0x00000000L) |
| #define SECURITY_LOCAL_RID (0x00000000L) |
| #define SECURITY_LOCAL_LOGON_RID (0x00000001L) |
| |
| #define SECURITY_CREATOR_OWNER_RID (0x00000000L) |
| #define SECURITY_CREATOR_GROUP_RID (0x00000001L) |
| #define SECURITY_CREATOR_OWNER_SERVER_RID (0x00000002L) |
| #define SECURITY_CREATOR_GROUP_SERVER_RID (0x00000003L) |
| #define SECURITY_CREATOR_OWNER_RIGHTS_RID (0x00000004L) |
| |
| /* NT well-known SIDs */ |
| |
| #define SECURITY_NT_AUTHORITY {0,0,0,0,0,5} |
| |
| #define SECURITY_DIALUP_RID (0x00000001L) |
| #define SECURITY_NETWORK_RID (0x00000002L) |
| #define SECURITY_BATCH_RID (0x00000003L) |
| #define SECURITY_INTERACTIVE_RID (0x00000004L) |
| #define SECURITY_LOGON_IDS_RID (0x00000005L) |
| #define SECURITY_LOGON_IDS_RID_COUNT (3L) |
| #define SECURITY_SERVICE_RID (0x00000006L) |
| #define SECURITY_ANONYMOUS_LOGON_RID (0x00000007L) |
| #define SECURITY_PROXY_RID (0x00000008L) |
| #define SECURITY_ENTERPRISE_CONTROLLERS_RID (0x00000009L) |
| #define SECURITY_SERVER_LOGON_RID SECURITY_ENTERPRISE_CONTROLLERS_RID |
| #define SECURITY_PRINCIPAL_SELF_RID (0x0000000AL) |
| #define SECURITY_AUTHENTICATED_USER_RID (0x0000000BL) |
| #define SECURITY_RESTRICTED_CODE_RID (0x0000000CL) |
| #define SECURITY_TERMINAL_SERVER_RID (0x0000000DL) |
| #define SECURITY_REMOTE_LOGON_RID (0x0000000EL) |
| #define SECURITY_THIS_ORGANIZATION_RID (0x0000000FL) |
| #define SECURITY_IUSER_RID (0x00000011L) |
| #define SECURITY_LOCAL_SYSTEM_RID (0x00000012L) |
| #define SECURITY_LOCAL_SERVICE_RID (0x00000013L) |
| #define SECURITY_NETWORK_SERVICE_RID (0x00000014L) |
| #define SECURITY_NT_NON_UNIQUE (0x00000015L) |
| #define SECURITY_NT_NON_UNIQUE_SUB_AUTH_COUNT (3L) |
| #define SECURITY_ENTERPRISE_READONLY_CONTROLLERS_RID (0x00000016L) |
| |
| #define SECURITY_BUILTIN_DOMAIN_RID (0x00000020L) |
| #define SECURITY_WRITE_RESTRICTED_CODE_RID (0x00000021L) |
| |
| |
| #define SECURITY_PACKAGE_BASE_RID (0x00000040L) |
| #define SECURITY_PACKAGE_RID_COUNT (2L) |
| #define SECURITY_PACKAGE_NTLM_RID (0x0000000AL) |
| #define SECURITY_PACKAGE_SCHANNEL_RID (0x0000000EL) |
| #define SECURITY_PACKAGE_DIGEST_RID (0x00000015L) |
| |
| #define SECURITY_CRED_TYPE_BASE_RID (0x00000041L) |
| #define SECURITY_CRED_TYPE_RID_COUNT (2L) |
| #define SECURITY_CRED_TYPE_THIS_ORG_CERT_RID (0x00000001L) |
| |
| #define SECURITY_MIN_BASE_RID (0x00000050L) |
| #define SECURITY_SERVICE_ID_BASE_RID (0x00000050L) |
| #define SECURITY_SERVICE_ID_RID_COUNT (6L) |
| #define SECURITY_RESERVED_ID_BASE_RID (0x00000051L) |
| #define SECURITY_APPPOOL_ID_BASE_RID (0x00000052L) |
| #define SECURITY_APPPOOL_ID_RID_COUNT (6L) |
| #define SECURITY_VIRTUALSERVER_ID_BASE_RID (0x00000053L) |
| #define SECURITY_VIRTUALSERVER_ID_RID_COUNT (6L) |
| #define SECURITY_USERMODEDRIVERHOST_ID_BASE_RID (0x00000054L) |
| #define SECURITY_USERMODEDRIVERHOST_ID_RID_COUNT (6L) |
| #define SECURITY_CLOUD_INFRASTRUCTURE_SERVICES_ID_BASE_RID (0x00000055L) |
| #define SECURITY_CLOUD_INFRASTRUCTURE_SERVICES_ID_RID_COUNT (6L) |
| #define SECURITY_WMIHOST_ID_BASE_RID (0x00000056L) |
| #define SECURITY_WMIHOST_ID_RID_COUNT (6L) |
| #define SECURITY_TASK_ID_BASE_RID (0x00000057L) |
| #define SECURITY_NFS_ID_BASE_RID (0x00000058L) |
| #define SECURITY_COM_ID_BASE_RID (0x00000059L) |
| #define SECURITY_VIRTUALACCOUNT_ID_RID_COUNT (6L) |
| |
| #define SECURITY_MAX_BASE_RID (0x0000006FL) |
| |
| #define SECURITY_MAX_ALWAYS_FILTERED (0x000003E7L) |
| #define SECURITY_MIN_NEVER_FILTERED (0x000003E8L) |
| |
| #define SECURITY_OTHER_ORGANIZATION_RID (0x000003E8L) |
| |
| #define SECURITY_WINDOWSMOBILE_ID_BASE_RID (0x00000070L) |
| |
| /* Well-known domain relative sub-authority values (RIDs) */ |
| |
| #define DOMAIN_GROUP_RID_ENTERPRISE_READONLY_DOMAIN_CONTROLLERS (0x000001F2L) |
| |
| #define FOREST_USER_RID_MAX (0x000001F3L) |
| |
| /* Well-known users */ |
| |
| #define DOMAIN_USER_RID_ADMIN (0x000001F4L) |
| #define DOMAIN_USER_RID_GUEST (0x000001F5L) |
| #define DOMAIN_USER_RID_KRBTGT (0x000001F6L) |
| |
| #define DOMAIN_USER_RID_MAX (0x000003E7L) |
| |
| /* Well-known groups */ |
| |
| #define DOMAIN_GROUP_RID_ADMINS (0x00000200L) |
| #define DOMAIN_GROUP_RID_USERS (0x00000201L) |
| #define DOMAIN_GROUP_RID_GUESTS (0x00000202L) |
| #define DOMAIN_GROUP_RID_COMPUTERS (0x00000203L) |
| #define DOMAIN_GROUP_RID_CONTROLLERS (0x00000204L) |
| #define DOMAIN_GROUP_RID_CERT_ADMINS (0x00000205L) |
| #define DOMAIN_GROUP_RID_SCHEMA_ADMINS (0x00000206L) |
| #define DOMAIN_GROUP_RID_ENTERPRISE_ADMINS (0x00000207L) |
| #define DOMAIN_GROUP_RID_POLICY_ADMINS (0x00000208L) |
| #define DOMAIN_GROUP_RID_READONLY_CONTROLLERS (0x00000209L) |
| |
| /* Well-known aliases */ |
| |
| #define DOMAIN_ALIAS_RID_ADMINS (0x00000220L) |
| #define DOMAIN_ALIAS_RID_USERS (0x00000221L) |
| #define DOMAIN_ALIAS_RID_GUESTS (0x00000222L) |
| #define DOMAIN_ALIAS_RID_POWER_USERS (0x00000223L) |
| |
| #define DOMAIN_ALIAS_RID_ACCOUNT_OPS (0x00000224L) |
| #define DOMAIN_ALIAS_RID_SYSTEM_OPS (0x00000225L) |
| #define DOMAIN_ALIAS_RID_PRINT_OPS (0x00000226L) |
| #define DOMAIN_ALIAS_RID_BACKUP_OPS (0x00000227L) |
| |
| #define DOMAIN_ALIAS_RID_REPLICATOR (0x00000228L) |
| #define DOMAIN_ALIAS_RID_RAS_SERVERS (0x00000229L) |
| #define DOMAIN_ALIAS_RID_PREW2KCOMPACCESS (0x0000022AL) |
| #define DOMAIN_ALIAS_RID_REMOTE_DESKTOP_USERS (0x0000022BL) |
| #define DOMAIN_ALIAS_RID_NETWORK_CONFIGURATION_OPS (0x0000022CL) |
| #define DOMAIN_ALIAS_RID_INCOMING_FOREST_TRUST_BUILDERS (0x0000022DL) |
| |
| #define DOMAIN_ALIAS_RID_MONITORING_USERS (0x0000022EL) |
| #define DOMAIN_ALIAS_RID_LOGGING_USERS (0x0000022FL) |
| #define DOMAIN_ALIAS_RID_AUTHORIZATIONACCESS (0x00000230L) |
| #define DOMAIN_ALIAS_RID_TS_LICENSE_SERVERS (0x00000231L) |
| #define DOMAIN_ALIAS_RID_DCOM_USERS (0x00000232L) |
| #define DOMAIN_ALIAS_RID_IUSERS (0x00000238L) |
| #define DOMAIN_ALIAS_RID_CRYPTO_OPERATORS (0x00000239L) |
| #define DOMAIN_ALIAS_RID_CACHEABLE_PRINCIPALS_GROUP (0x0000023BL) |
| #define DOMAIN_ALIAS_RID_NON_CACHEABLE_PRINCIPALS_GROUP (0x0000023CL) |
| #define DOMAIN_ALIAS_RID_EVENT_LOG_READERS_GROUP (0x0000023DL) |
| #define DOMAIN_ALIAS_RID_CERTSVC_DCOM_ACCESS_GROUP (0x0000023EL) |
| |
| #define SECURITY_MANDATORY_LABEL_AUTHORITY {0,0,0,0,0,16} |
| #define SECURITY_MANDATORY_UNTRUSTED_RID (0x00000000L) |
| #define SECURITY_MANDATORY_LOW_RID (0x00001000L) |
| #define SECURITY_MANDATORY_MEDIUM_RID (0x00002000L) |
| #define SECURITY_MANDATORY_HIGH_RID (0x00003000L) |
| #define SECURITY_MANDATORY_SYSTEM_RID (0x00004000L) |
| #define SECURITY_MANDATORY_PROTECTED_PROCESS_RID (0x00005000L) |
| |
| /* SECURITY_MANDATORY_MAXIMUM_USER_RID is the highest RID that |
| can be set by a usermode caller.*/ |
| |
| #define SECURITY_MANDATORY_MAXIMUM_USER_RID SECURITY_MANDATORY_SYSTEM_RID |
| |
| #define MANDATORY_LEVEL_TO_MANDATORY_RID(IL) (IL * 0x1000) |
| |
| /* Allocate the System Luid. The first 1000 LUIDs are reserved. |
| Use #999 here (0x3e7 = 999) */ |
| |
| #define SYSTEM_LUID {0x3e7, 0x0} |
| #define ANONYMOUS_LOGON_LUID {0x3e6, 0x0} |
| #define LOCALSERVICE_LUID {0x3e5, 0x0} |
| #define NETWORKSERVICE_LUID {0x3e4, 0x0} |
| #define IUSER_LUID {0x3e3, 0x0} |
| |
| typedef struct _ACE_HEADER { |
| UCHAR AceType; |
| UCHAR AceFlags; |
| USHORT AceSize; |
| } ACE_HEADER, *PACE_HEADER; |
| |
| /* also in winnt.h */ |
| #define ACCESS_MIN_MS_ACE_TYPE (0x0) |
| #define ACCESS_ALLOWED_ACE_TYPE (0x0) |
| #define ACCESS_DENIED_ACE_TYPE (0x1) |
| #define SYSTEM_AUDIT_ACE_TYPE (0x2) |
| #define SYSTEM_ALARM_ACE_TYPE (0x3) |
| #define ACCESS_MAX_MS_V2_ACE_TYPE (0x3) |
| #define ACCESS_ALLOWED_COMPOUND_ACE_TYPE (0x4) |
| #define ACCESS_MAX_MS_V3_ACE_TYPE (0x4) |
| #define ACCESS_MIN_MS_OBJECT_ACE_TYPE (0x5) |
| #define ACCESS_ALLOWED_OBJECT_ACE_TYPE (0x5) |
| #define ACCESS_DENIED_OBJECT_ACE_TYPE (0x6) |
| #define SYSTEM_AUDIT_OBJECT_ACE_TYPE (0x7) |
| #define SYSTEM_ALARM_OBJECT_ACE_TYPE (0x8) |
| #define ACCESS_MAX_MS_OBJECT_ACE_TYPE (0x8) |
| #define ACCESS_MAX_MS_V4_ACE_TYPE (0x8) |
| #define ACCESS_MAX_MS_ACE_TYPE (0x8) |
| #define ACCESS_ALLOWED_CALLBACK_ACE_TYPE (0x9) |
| #define ACCESS_DENIED_CALLBACK_ACE_TYPE (0xA) |
| #define ACCESS_ALLOWED_CALLBACK_OBJECT_ACE_TYPE (0xB) |
| #define ACCESS_DENIED_CALLBACK_OBJECT_ACE_TYPE (0xC) |
| #define SYSTEM_AUDIT_CALLBACK_ACE_TYPE (0xD) |
| #define SYSTEM_ALARM_CALLBACK_ACE_TYPE (0xE) |
| #define SYSTEM_AUDIT_CALLBACK_OBJECT_ACE_TYPE (0xF) |
| #define SYSTEM_ALARM_CALLBACK_OBJECT_ACE_TYPE (0x10) |
| #define ACCESS_MAX_MS_V5_ACE_TYPE (0x11) |
| #define SYSTEM_MANDATORY_LABEL_ACE_TYPE (0x11) |
| |
| /* The following are the inherit flags that go into the AceFlags field |
| of an Ace header. */ |
| |
| #define OBJECT_INHERIT_ACE (0x1) |
| #define CONTAINER_INHERIT_ACE (0x2) |
| #define NO_PROPAGATE_INHERIT_ACE (0x4) |
| #define INHERIT_ONLY_ACE (0x8) |
| #define INHERITED_ACE (0x10) |
| #define VALID_INHERIT_FLAGS (0x1F) |
| |
| #define SUCCESSFUL_ACCESS_ACE_FLAG (0x40) |
| #define FAILED_ACCESS_ACE_FLAG (0x80) |
| |
| typedef struct _ACCESS_ALLOWED_ACE { |
| ACE_HEADER Header; |
| ACCESS_MASK Mask; |
| ULONG SidStart; |
| } ACCESS_ALLOWED_ACE, *PACCESS_ALLOWED_ACE; |
| |
| typedef struct _ACCESS_DENIED_ACE { |
| ACE_HEADER Header; |
| ACCESS_MASK Mask; |
| ULONG SidStart; |
| } ACCESS_DENIED_ACE, *PACCESS_DENIED_ACE; |
| |
| typedef struct _SYSTEM_AUDIT_ACE { |
| ACE_HEADER Header; |
| ACCESS_MASK Mask; |
| ULONG SidStart; |
| } SYSTEM_AUDIT_ACE, *PSYSTEM_AUDIT_ACE; |
| |
| typedef struct _SYSTEM_ALARM_ACE { |
| ACE_HEADER Header; |
| ACCESS_MASK Mask; |
| ULONG SidStart; |
| } SYSTEM_ALARM_ACE, *PSYSTEM_ALARM_ACE; |
| |
| typedef struct _SYSTEM_MANDATORY_LABEL_ACE { |
| ACE_HEADER Header; |
| ACCESS_MASK Mask; |
| ULONG SidStart; |
| } SYSTEM_MANDATORY_LABEL_ACE, *PSYSTEM_MANDATORY_LABEL_ACE; |
| |
| #define SYSTEM_MANDATORY_LABEL_NO_WRITE_UP 0x1 |
| #define SYSTEM_MANDATORY_LABEL_NO_READ_UP 0x2 |
| #define SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP 0x4 |
| #define SYSTEM_MANDATORY_LABEL_VALID_MASK (SYSTEM_MANDATORY_LABEL_NO_WRITE_UP | \ |
| SYSTEM_MANDATORY_LABEL_NO_READ_UP | \ |
| SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP) |
| |
| #define SECURITY_DESCRIPTOR_MIN_LENGTH (sizeof(SECURITY_DESCRIPTOR)) |
| |
| typedef USHORT SECURITY_DESCRIPTOR_CONTROL,*PSECURITY_DESCRIPTOR_CONTROL; |
| |
| #define SE_OWNER_DEFAULTED 0x0001 |
| #define SE_GROUP_DEFAULTED 0x0002 |
| #define SE_DACL_PRESENT 0x0004 |
| #define SE_DACL_DEFAULTED 0x0008 |
| #define SE_SACL_PRESENT 0x0010 |
| #define SE_SACL_DEFAULTED 0x0020 |
| #define SE_DACL_UNTRUSTED 0x0040 |
| #define SE_SERVER_SECURITY 0x0080 |
| #define SE_DACL_AUTO_INHERIT_REQ 0x0100 |
| #define SE_SACL_AUTO_INHERIT_REQ 0x0200 |
| #define SE_DACL_AUTO_INHERITED 0x0400 |
| #define SE_SACL_AUTO_INHERITED 0x0800 |
| #define SE_DACL_PROTECTED 0x1000 |
| #define SE_SACL_PROTECTED 0x2000 |
| #define SE_RM_CONTROL_VALID 0x4000 |
| #define SE_SELF_RELATIVE 0x8000 |
| |
| typedef struct _SECURITY_DESCRIPTOR_RELATIVE { |
| UCHAR Revision; |
| UCHAR Sbz1; |
| SECURITY_DESCRIPTOR_CONTROL Control; |
| ULONG Owner; |
| ULONG Group; |
| ULONG Sacl; |
| ULONG Dacl; |
| } SECURITY_DESCRIPTOR_RELATIVE, *PISECURITY_DESCRIPTOR_RELATIVE; |
| |
| typedef struct _SECURITY_DESCRIPTOR { |
| UCHAR Revision; |
| UCHAR Sbz1; |
| SECURITY_DESCRIPTOR_CONTROL Control; |
| PSID Owner; |
| PSID Group; |
| PACL Sacl; |
| PACL Dacl; |
| } SECURITY_DESCRIPTOR, *PISECURITY_DESCRIPTOR; |
| |
| typedef struct _OBJECT_TYPE_LIST { |
| USHORT Level; |
| USHORT Sbz; |
| GUID *ObjectType; |
| } OBJECT_TYPE_LIST, *POBJECT_TYPE_LIST; |
| |
| #define ACCESS_OBJECT_GUID 0 |
| #define ACCESS_PROPERTY_SET_GUID 1 |
| #define ACCESS_PROPERTY_GUID 2 |
| #define ACCESS_MAX_LEVEL 4 |
| |
| typedef enum _AUDIT_EVENT_TYPE { |
| AuditEventObjectAccess, |
| AuditEventDirectoryServiceAccess |
| } AUDIT_EVENT_TYPE, *PAUDIT_EVENT_TYPE; |
| |
| #define AUDIT_ALLOW_NO_PRIVILEGE 0x1 |
| |
| #define ACCESS_DS_SOURCE_A "DS" |
| #define ACCESS_DS_SOURCE_W L"DS" |
| #define ACCESS_DS_OBJECT_TYPE_NAME_A "Directory Service Object" |
| #define ACCESS_DS_OBJECT_TYPE_NAME_W L"Directory Service Object" |
| |
| #define ACCESS_REASON_TYPE_MASK 0xffff0000 |
| #define ACCESS_REASON_DATA_MASK 0x0000ffff |
| |
| typedef enum _ACCESS_REASON_TYPE { |
| AccessReasonNone = 0x00000000, |
| AccessReasonAllowedAce = 0x00010000, |
| AccessReasonDeniedAce = 0x00020000, |
| AccessReasonAllowedParentAce = 0x00030000, |
| AccessReasonDeniedParentAce = 0x00040000, |
| AccessReasonMissingPrivilege = 0x00100000, |
| AccessReasonFromPrivilege = 0x00200000, |
| AccessReasonIntegrityLevel = 0x00300000, |
| AccessReasonOwnership = 0x00400000, |
| AccessReasonNullDacl = 0x00500000, |
| AccessReasonEmptyDacl = 0x00600000, |
| AccessReasonNoSD = 0x00700000, |
| AccessReasonNoGrant = 0x00800000 |
| } ACCESS_REASON_TYPE; |
| |
| typedef ULONG ACCESS_REASON; |
| |
| typedef struct _ACCESS_REASONS { |
| ACCESS_REASON Data[32]; |
| } ACCESS_REASONS, *PACCESS_REASONS; |
| |
| #define SE_SECURITY_DESCRIPTOR_FLAG_NO_OWNER_ACE 0x00000001 |
| #define SE_SECURITY_DESCRIPTOR_FLAG_NO_LABEL_ACE 0x00000002 |
| #define SE_SECURITY_DESCRIPTOR_VALID_FLAGS 0x00000003 |
| |
| typedef struct _SE_SECURITY_DESCRIPTOR { |
| ULONG Size; |
| ULONG Flags; |
| PSECURITY_DESCRIPTOR SecurityDescriptor; |
| } SE_SECURITY_DESCRIPTOR, *PSE_SECURITY_DESCRIPTOR; |
| |
| typedef struct _SE_ACCESS_REQUEST { |
| ULONG Size; |
| PSE_SECURITY_DESCRIPTOR SeSecurityDescriptor; |
| ACCESS_MASK DesiredAccess; |
| ACCESS_MASK PreviouslyGrantedAccess; |
| PSID PrincipalSelfSid; |
| PGENERIC_MAPPING GenericMapping; |
| ULONG ObjectTypeListCount; |
| POBJECT_TYPE_LIST ObjectTypeList; |
| } SE_ACCESS_REQUEST, *PSE_ACCESS_REQUEST; |
| |
| typedef struct _SE_ACCESS_REPLY { |
| ULONG Size; |
| ULONG ResultListCount; |
| PACCESS_MASK GrantedAccess; |
| PNTSTATUS AccessStatus; |
| PACCESS_REASONS AccessReason; |
| PPRIVILEGE_SET* Privileges; |
| } SE_ACCESS_REPLY, *PSE_ACCESS_REPLY; |
| |
| typedef enum _SE_AUDIT_OPERATION { |
| AuditPrivilegeObject, |
| AuditPrivilegeService, |
| AuditAccessCheck, |
| AuditOpenObject, |
| AuditOpenObjectWithTransaction, |
| AuditCloseObject, |
| AuditDeleteObject, |
| AuditOpenObjectForDelete, |
| AuditOpenObjectForDeleteWithTransaction, |
| AuditCloseNonObject, |
| AuditOpenNonObject, |
| AuditObjectReference, |
| AuditHandleCreation, |
| } SE_AUDIT_OPERATION, *PSE_AUDIT_OPERATION; |
| |
| typedef struct _SE_AUDIT_INFO { |
| ULONG Size; |
| AUDIT_EVENT_TYPE AuditType; |
| SE_AUDIT_OPERATION AuditOperation; |
| ULONG AuditFlags; |
| UNICODE_STRING SubsystemName; |
| UNICODE_STRING ObjectTypeName; |
| UNICODE_STRING ObjectName; |
| PVOID HandleId; |
| GUID* TransactionId; |
| LUID* OperationId; |
| BOOLEAN ObjectCreation; |
| BOOLEAN GenerateOnClose; |
| } SE_AUDIT_INFO, *PSE_AUDIT_INFO; |
| |
| #define TOKEN_ASSIGN_PRIMARY (0x0001) |
| #define TOKEN_DUPLICATE (0x0002) |
| #define TOKEN_IMPERSONATE (0x0004) |
| #define TOKEN_QUERY (0x0008) |
| #define TOKEN_QUERY_SOURCE (0x0010) |
| #define TOKEN_ADJUST_PRIVILEGES (0x0020) |
| #define TOKEN_ADJUST_GROUPS (0x0040) |
| #define TOKEN_ADJUST_DEFAULT (0x0080) |
| #define TOKEN_ADJUST_SESSIONID (0x0100) |
| |
| #define TOKEN_ALL_ACCESS_P (STANDARD_RIGHTS_REQUIRED |\ |
| TOKEN_ASSIGN_PRIMARY |\ |
| TOKEN_DUPLICATE |\ |
| TOKEN_IMPERSONATE |\ |
| TOKEN_QUERY |\ |
| TOKEN_QUERY_SOURCE |\ |
| TOKEN_ADJUST_PRIVILEGES |\ |
| TOKEN_ADJUST_GROUPS |\ |
| TOKEN_ADJUST_DEFAULT ) |
| |
| #if ((defined(_WIN32_WINNT) && (_WIN32_WINNT > 0x0400)) || (!defined(_WIN32_WINNT))) |
| #define TOKEN_ALL_ACCESS (TOKEN_ALL_ACCESS_P |\ |
| TOKEN_ADJUST_SESSIONID ) |
| #else |
| #define TOKEN_ALL_ACCESS (TOKEN_ALL_ACCESS_P) |
| #endif |
| |
| #define TOKEN_READ (STANDARD_RIGHTS_READ |\ |
| TOKEN_QUERY) |
| |
| #define TOKEN_WRITE (STANDARD_RIGHTS_WRITE |\ |
| TOKEN_ADJUST_PRIVILEGES |\ |
| TOKEN_ADJUST_GROUPS |\ |
| TOKEN_ADJUST_DEFAULT) |
| |
| #define TOKEN_EXECUTE (STANDARD_RIGHTS_EXECUTE) |
| |
| typedef enum _TOKEN_TYPE { |
| TokenPrimary = 1, |
| TokenImpersonation |
| } TOKEN_TYPE,*PTOKEN_TYPE; |
| |
| typedef enum _TOKEN_INFORMATION_CLASS { |
| TokenUser = 1, |
| TokenGroups, |
| TokenPrivileges, |
| TokenOwner, |
| TokenPrimaryGroup, |
| TokenDefaultDacl, |
| TokenSource, |
| TokenType, |
| TokenImpersonationLevel, |
| TokenStatistics, |
| TokenRestrictedSids, |
| TokenSessionId, |
| TokenGroupsAndPrivileges, |
| TokenSessionReference, |
| TokenSandBoxInert, |
| TokenAuditPolicy, |
| TokenOrigin, |
| TokenElevationType, |
| TokenLinkedToken, |
| TokenElevation, |
| TokenHasRestrictions, |
| TokenAccessInformation, |
| TokenVirtualizationAllowed, |
| TokenVirtualizationEnabled, |
| TokenIntegrityLevel, |
| TokenUIAccess, |
| TokenMandatoryPolicy, |
| TokenLogonSid, |
| MaxTokenInfoClass |
| } TOKEN_INFORMATION_CLASS, *PTOKEN_INFORMATION_CLASS; |
| |
| typedef struct _TOKEN_USER { |
| SID_AND_ATTRIBUTES User; |
| } TOKEN_USER, *PTOKEN_USER; |
| |
| typedef struct _TOKEN_GROUPS { |
| ULONG GroupCount; |
| SID_AND_ATTRIBUTES Groups[ANYSIZE_ARRAY]; |
| } TOKEN_GROUPS,*PTOKEN_GROUPS,*LPTOKEN_GROUPS; |
| |
| typedef struct _TOKEN_PRIVILEGES { |
| ULONG PrivilegeCount; |
| LUID_AND_ATTRIBUTES Privileges[ANYSIZE_ARRAY]; |
| } TOKEN_PRIVILEGES,*PTOKEN_PRIVILEGES,*LPTOKEN_PRIVILEGES; |
| |
| typedef struct _TOKEN_OWNER { |
| PSID Owner; |
| } TOKEN_OWNER,*PTOKEN_OWNER; |
| |
| typedef struct _TOKEN_PRIMARY_GROUP { |
| PSID PrimaryGroup; |
| } TOKEN_PRIMARY_GROUP,*PTOKEN_PRIMARY_GROUP; |
| |
| typedef struct _TOKEN_DEFAULT_DACL { |
| PACL DefaultDacl; |
| } TOKEN_DEFAULT_DACL,*PTOKEN_DEFAULT_DACL; |
| |
| typedef struct _TOKEN_GROUPS_AND_PRIVILEGES { |
| ULONG SidCount; |
| ULONG SidLength; |
| PSID_AND_ATTRIBUTES Sids; |
| ULONG RestrictedSidCount; |
| ULONG RestrictedSidLength; |
| PSID_AND_ATTRIBUTES RestrictedSids; |
| ULONG PrivilegeCount; |
| ULONG PrivilegeLength; |
| PLUID_AND_ATTRIBUTES Privileges; |
| LUID AuthenticationId; |
| } TOKEN_GROUPS_AND_PRIVILEGES, *PTOKEN_GROUPS_AND_PRIVILEGES; |
| |
| typedef struct _TOKEN_LINKED_TOKEN { |
| HANDLE LinkedToken; |
| } TOKEN_LINKED_TOKEN, *PTOKEN_LINKED_TOKEN; |
| |
| typedef struct _TOKEN_ELEVATION { |
| ULONG TokenIsElevated; |
| } TOKEN_ELEVATION, *PTOKEN_ELEVATION; |
| |
| typedef struct _TOKEN_MANDATORY_LABEL { |
| SID_AND_ATTRIBUTES Label; |
| } TOKEN_MANDATORY_LABEL, *PTOKEN_MANDATORY_LABEL; |
| |
| #define TOKEN_MANDATORY_POLICY_OFF 0x0 |
| #define TOKEN_MANDATORY_POLICY_NO_WRITE_UP 0x1 |
| #define TOKEN_MANDATORY_POLICY_NEW_PROCESS_MIN 0x2 |
| |
| #define TOKEN_MANDATORY_POLICY_VALID_MASK (TOKEN_MANDATORY_POLICY_NO_WRITE_UP | \ |
| TOKEN_MANDATORY_POLICY_NEW_PROCESS_MIN) |
| |
| typedef struct _TOKEN_MANDATORY_POLICY { |
| ULONG Policy; |
| } TOKEN_MANDATORY_POLICY, *PTOKEN_MANDATORY_POLICY; |
| |
| typedef struct _TOKEN_ACCESS_INFORMATION { |
| PSID_AND_ATTRIBUTES_HASH SidHash; |
| PSID_AND_ATTRIBUTES_HASH RestrictedSidHash; |
| PTOKEN_PRIVILEGES Privileges; |
| LUID AuthenticationId; |
| TOKEN_TYPE TokenType; |
| SECURITY_IMPERSONATION_LEVEL ImpersonationLevel; |
| TOKEN_MANDATORY_POLICY MandatoryPolicy; |
| ULONG Flags; |
| } TOKEN_ACCESS_INFORMATION, *PTOKEN_ACCESS_INFORMATION; |
| |
| #define POLICY_AUDIT_SUBCATEGORY_COUNT (53) |
| |
| typedef struct _TOKEN_AUDIT_POLICY { |
| UCHAR PerUserPolicy[((POLICY_AUDIT_SUBCATEGORY_COUNT) >> 1) + 1]; |
| } TOKEN_AUDIT_POLICY, *PTOKEN_AUDIT_POLICY; |
| |
| #define TOKEN_SOURCE_LENGTH 8 |
| |
| typedef struct _TOKEN_SOURCE { |
| CHAR SourceName[TOKEN_SOURCE_LENGTH]; |
| LUID SourceIdentifier; |
| } TOKEN_SOURCE,*PTOKEN_SOURCE; |
| |
| typedef struct _TOKEN_STATISTICS { |
| LUID TokenId; |
| LUID AuthenticationId; |
| LARGE_INTEGER ExpirationTime; |
| TOKEN_TYPE TokenType; |
| SECURITY_IMPERSONATION_LEVEL ImpersonationLevel; |
| ULONG DynamicCharged; |
| ULONG DynamicAvailable; |
| ULONG GroupCount; |
| ULONG PrivilegeCount; |
| LUID ModifiedId; |
| } TOKEN_STATISTICS, *PTOKEN_STATISTICS; |
| |
| typedef struct _TOKEN_CONTROL { |
| LUID TokenId; |
| LUID AuthenticationId; |
| LUID ModifiedId; |
| TOKEN_SOURCE TokenSource; |
| } TOKEN_CONTROL,*PTOKEN_CONTROL; |
| |
| typedef struct _TOKEN_ORIGIN { |
| LUID OriginatingLogonSession; |
| } TOKEN_ORIGIN, *PTOKEN_ORIGIN; |
| |
| typedef enum _MANDATORY_LEVEL { |
| MandatoryLevelUntrusted = 0, |
| MandatoryLevelLow, |
| MandatoryLevelMedium, |
| MandatoryLevelHigh, |
| MandatoryLevelSystem, |
| MandatoryLevelSecureProcess, |
| MandatoryLevelCount |
| } MANDATORY_LEVEL, *PMANDATORY_LEVEL; |
| |
| #define TOKEN_HAS_TRAVERSE_PRIVILEGE 0x0001 |
| #define TOKEN_HAS_BACKUP_PRIVILEGE 0x0002 |
| #define TOKEN_HAS_RESTORE_PRIVILEGE 0x0004 |
| #define TOKEN_WRITE_RESTRICTED 0x0008 |
| #define TOKEN_IS_RESTRICTED 0x0010 |
| #define TOKEN_SESSION_NOT_REFERENCED 0x0020 |
| #define TOKEN_SANDBOX_INERT 0x0040 |
| #define TOKEN_HAS_IMPERSONATE_PRIVILEGE 0x0080 |
| #define SE_BACKUP_PRIVILEGES_CHECKED 0x0100 |
| #define TOKEN_VIRTUALIZE_ALLOWED 0x0200 |
| #define TOKEN_VIRTUALIZE_ENABLED 0x0400 |
| #define TOKEN_IS_FILTERED 0x0800 |
| #define TOKEN_UIACCESS 0x1000 |
| #define TOKEN_NOT_LOW 0x2000 |
| |
| typedef struct _SE_EXPORTS { |
| LUID SeCreateTokenPrivilege; |
| LUID SeAssignPrimaryTokenPrivilege; |
| LUID SeLockMemoryPrivilege; |
| LUID SeIncreaseQuotaPrivilege; |
| LUID SeUnsolicitedInputPrivilege; |
| LUID SeTcbPrivilege; |
| LUID SeSecurityPrivilege; |
| LUID SeTakeOwnershipPrivilege; |
| LUID SeLoadDriverPrivilege; |
| LUID SeCreatePagefilePrivilege; |
| LUID SeIncreaseBasePriorityPrivilege; |
| LUID SeSystemProfilePrivilege; |
| LUID SeSystemtimePrivilege; |
| LUID SeProfileSingleProcessPrivilege; |
| LUID SeCreatePermanentPrivilege; |
| LUID SeBackupPrivilege; |
| LUID SeRestorePrivilege; |
| LUID SeShutdownPrivilege; |
| LUID SeDebugPrivilege; |
| LUID SeAuditPrivilege; |
| LUID SeSystemEnvironmentPrivilege; |
| LUID SeChangeNotifyPrivilege; |
| LUID SeRemoteShutdownPrivilege; |
| PSID SeNullSid; |
| PSID SeWorldSid; |
| PSID SeLocalSid; |
| PSID SeCreatorOwnerSid; |
| PSID SeCreatorGroupSid; |
| PSID SeNtAuthoritySid; |
| PSID SeDialupSid; |
| PSID SeNetworkSid; |
| PSID SeBatchSid; |
| PSID SeInteractiveSid; |
| PSID SeLocalSystemSid; |
| PSID SeAliasAdminsSid; |
| PSID SeAliasUsersSid; |
| PSID SeAliasGuestsSid; |
| PSID SeAliasPowerUsersSid; |
| PSID SeAliasAccountOpsSid; |
| PSID SeAliasSystemOpsSid; |
| PSID SeAliasPrintOpsSid; |
| PSID SeAliasBackupOpsSid; |
| PSID SeAuthenticatedUsersSid; |
| PSID SeRestrictedSid; |
| PSID SeAnonymousLogonSid; |
| LUID SeUndockPrivilege; |
| LUID SeSyncAgentPrivilege; |
| LUID SeEnableDelegationPrivilege; |
| PSID SeLocalServiceSid; |
| PSID SeNetworkServiceSid; |
| LUID SeManageVolumePrivilege; |
| LUID SeImpersonatePrivilege; |
| LUID SeCreateGlobalPrivilege; |
| LUID SeTrustedCredManAccessPrivilege; |
| LUID SeRelabelPrivilege; |
| LUID SeIncreaseWorkingSetPrivilege; |
| LUID SeTimeZonePrivilege; |
| LUID SeCreateSymbolicLinkPrivilege; |
| PSID SeIUserSid; |
| PSID SeUntrustedMandatorySid; |
| PSID SeLowMandatorySid; |
| PSID SeMediumMandatorySid; |
| PSID SeHighMandatorySid; |
| PSID SeSystemMandatorySid; |
| PSID SeOwnerRightsSid; |
| } SE_EXPORTS, *PSE_EXPORTS; |
| |
| typedef NTSTATUS |
| (NTAPI *PSE_LOGON_SESSION_TERMINATED_ROUTINE)( |
| IN PLUID LogonId); |
| /****************************************************************************** |
| * Runtime Library Types * |
| ******************************************************************************/ |
| |
| |
| #define RTL_SYSTEM_VOLUME_INFORMATION_FOLDER L"System Volume Information" |
| |
| typedef PVOID |
| (NTAPI *PRTL_ALLOCATE_STRING_ROUTINE)( |
| IN SIZE_T NumberOfBytes); |
| |
| #if _WIN32_WINNT >= 0x0600 |
| typedef PVOID |
| (NTAPI *PRTL_REALLOCATE_STRING_ROUTINE)( |
| IN SIZE_T NumberOfBytes, |
| IN PVOID Buffer); |
| #endif |
| |
| typedef VOID |
| (NTAPI *PRTL_FREE_STRING_ROUTINE)( |
| IN PVOID Buffer); |
| |
| extern const PRTL_ALLOCATE_STRING_ROUTINE RtlAllocateStringRoutine; |
| extern const PRTL_FREE_STRING_ROUTINE RtlFreeStringRoutine; |
| |
| #if _WIN32_WINNT >= 0x0600 |
| extern const PRTL_REALLOCATE_STRING_ROUTINE RtlReallocateStringRoutine; |
| #endif |
| |
| typedef NTSTATUS |
| (NTAPI * PRTL_HEAP_COMMIT_ROUTINE) ( |
| IN PVOID Base, |
| IN OUT PVOID *CommitAddress, |
| IN OUT PSIZE_T CommitSize); |
| |
| typedef struct _RTL_HEAP_PARAMETERS { |
| ULONG Length; |
| SIZE_T SegmentReserve; |
| SIZE_T SegmentCommit; |
| SIZE_T DeCommitFreeBlockThreshold; |
| SIZE_T DeCommitTotalFreeThreshold; |
| SIZE_T MaximumAllocationSize; |
| SIZE_T VirtualMemoryThreshold; |
| SIZE_T InitialCommit; |
| SIZE_T InitialReserve; |
| PRTL_HEAP_COMMIT_ROUTINE CommitRoutine; |
| SIZE_T Reserved[2]; |
| } RTL_HEAP_PARAMETERS, *PRTL_HEAP_PARAMETERS; |
| |
| #if (NTDDI_VERSION >= NTDDI_WIN2K) |
| |
| typedef struct _GENERATE_NAME_CONTEXT { |
| USHORT Checksum; |
| BOOLEAN CheckSumInserted; |
| UCHAR NameLength; |
| WCHAR NameBuffer[8]; |
| ULONG ExtensionLength; |
| WCHAR ExtensionBuffer[4]; |
| ULONG LastIndexValue; |
| } GENERATE_NAME_CONTEXT, *PGENERATE_NAME_CONTEXT; |
| |
| typedef struct _PREFIX_TABLE_ENTRY { |
| CSHORT NodeTypeCode; |
| CSHORT NameLength; |
| struct _PREFIX_TABLE_ENTRY *NextPrefixTree; |
| RTL_SPLAY_LINKS Links; |
| PSTRING Prefix; |
| } PREFIX_TABLE_ENTRY, *PPREFIX_TABLE_ENTRY; |
| |
| typedef struct _PREFIX_TABLE { |
| CSHORT NodeTypeCode; |
| CSHORT NameLength; |
| PPREFIX_TABLE_ENTRY NextPrefixTree; |
| } PREFIX_TABLE, *PPREFIX_TABLE; |
| |
| typedef struct _UNICODE_PREFIX_TABLE_ENTRY { |
| CSHORT NodeTypeCode; |
| CSHORT NameLength; |
| struct _UNICODE_PREFIX_TABLE_ENTRY *NextPrefixTree; |
| struct _UNICODE_PREFIX_TABLE_ENTRY *CaseMatch; |
| RTL_SPLAY_LINKS Links; |
| PUNICODE_STRING Prefix; |
| } UNICODE_PREFIX_TABLE_ENTRY, *PUNICODE_PREFIX_TABLE_ENTRY; |
| |
| typedef struct _UNICODE_PREFIX_TABLE { |
| CSHORT NodeTypeCode; |
| CSHORT NameLength; |
| PUNICODE_PREFIX_TABLE_ENTRY NextPrefixTree; |
| PUNICODE_PREFIX_TABLE_ENTRY LastNextEntry; |
| } UNICODE_PREFIX_TABLE, *PUNICODE_PREFIX_TABLE; |
| |
| #endif /* (NTDDI_VERSION >= NTDDI_WIN2K) */ |
| |
| #if (NTDDI_VERSION >= NTDDI_WINXP) |
| typedef struct _COMPRESSED_DATA_INFO { |
| USHORT CompressionFormatAndEngine; |
| UCHAR CompressionUnitShift; |
| UCHAR ChunkShift; |
| UCHAR ClusterShift; |
| UCHAR Reserved; |
| USHORT NumberOfChunks; |
| ULONG CompressedChunkSizes[ANYSIZE_ARRAY]; |
| } COMPRESSED_DATA_INFO, *PCOMPRESSED_DATA_INFO; |
| #endif |
| |
| /****************************************************************************** |
| * Runtime Library Functions * |
| ******************************************************************************/ |
| |
| #if (NTDDI_VERSION >= NTDDI_WIN2K) |
| |
| NTSYSAPI |
| PVOID |
| NTAPI |
| RtlAllocateHeap( |
| IN HANDLE HeapHandle, |
| IN ULONG Flags OPTIONAL, |
| IN SIZE_T Size); |
| |
| NTSYSAPI |
| BOOLEAN |
| NTAPI |
| RtlFreeHeap( |
| IN PVOID HeapHandle, |
| IN ULONG Flags OPTIONAL, |
| IN PVOID BaseAddress); |
| |
| NTSYSAPI |
| VOID |
| NTAPI |
| RtlCaptureContext( |
| OUT PCONTEXT ContextRecord); |
| |
| NTSYSAPI |
| ULONG |
| NTAPI |
| RtlRandom( |
| IN OUT PULONG Seed); |
| |
| NTSYSAPI |
| BOOLEAN |
| NTAPI |
| RtlCreateUnicodeString( |
| OUT PUNICODE_STRING DestinationString, |
| IN PCWSTR SourceString); |
| |
| NTSYSAPI |
| NTSTATUS |
| NTAPI |
| RtlAppendStringToString( |
| IN OUT PSTRING Destination, |
| IN const STRING *Source); |
| |
| NTSYSAPI |
| NTSTATUS |
| NTAPI |
| RtlOemStringToUnicodeString( |
| IN OUT PUNICODE_STRING DestinationString, |
| IN PCOEM_STRING SourceString, |
| IN BOOLEAN AllocateDestinationString); |
| |
| NTSYSAPI |
| NTSTATUS |
| NTAPI |
| RtlUnicodeStringToOemString( |
| IN OUT POEM_STRING DestinationString, |
| IN PCUNICODE_STRING SourceString, |
| IN BOOLEAN AllocateDestinationString); |
| |
| NTSYSAPI |
| NTSTATUS |
| NTAPI |
| RtlUpcaseUnicodeStringToOemString( |
| IN OUT POEM_STRING DestinationString, |
| IN PCUNICODE_STRING SourceString, |
| IN BOOLEAN AllocateDestinationString); |
| |
| NTSYSAPI |
| NTSTATUS |
| NTAPI |
| RtlOemStringToCountedUnicodeString( |
| IN OUT PUNICODE_STRING DestinationString, |
| IN PCOEM_STRING SourceString, |
| IN BOOLEAN AllocateDestinationString); |
| |
| NTSYSAPI |
| NTSTATUS |
| NTAPI |
| RtlUnicodeStringToCountedOemString( |
| IN OUT POEM_STRING DestinationString, |
| IN PCUNICODE_STRING SourceString, |
| IN BOOLEAN AllocateDestinationString); |
| |
| NTSYSAPI |
| NTSTATUS |
| NTAPI |
| RtlUpcaseUnicodeStringToCountedOemString( |
| IN OUT POEM_STRING DestinationString, |
| IN PCUNICODE_STRING SourceString, |
| IN BOOLEAN AllocateDestinationString); |
| |
| NTSYSAPI |
| NTSTATUS |
| NTAPI |
| RtlDowncaseUnicodeString( |
| IN OUT PUNICODE_STRING UniDest, |
| IN PCUNICODE_STRING UniSource, |
| IN BOOLEAN AllocateDestinationString); |
| |
| NTSYSAPI |
| VOID |
| NTAPI |
| RtlFreeOemString ( |
| IN OUT POEM_STRING OemString); |
| |
| NTSYSAPI |
| ULONG |
| NTAPI |
| RtlxUnicodeStringToOemSize( |
| IN PCUNICODE_STRING UnicodeString); |
| |
| NTSYSAPI |
| ULONG |
| NTAPI |
| RtlxOemStringToUnicodeSize( |
| IN PCOEM_STRING OemString); |
| |
| NTSYSAPI |
| NTSTATUS |
| NTAPI |
| RtlMultiByteToUnicodeN( |
| OUT PWCH UnicodeString, |
| IN ULONG MaxBytesInUnicodeString, |
| OUT PULONG BytesInUnicodeString OPTIONAL, |
| IN const CHAR *MultiByteString, |
| IN ULONG BytesInMultiByteString); |
| |
| NTSYSAPI |
| NTSTATUS |
| NTAPI |
| RtlMultiByteToUnicodeSize( |
| OUT PULONG BytesInUnicodeString, |
| IN const CHAR *MultiByteString, |
| IN ULONG BytesInMultiByteString); |
| |
| NTSYSAPI |
| NTSTATUS |
| NTAPI |
| RtlUnicodeToMultiByteSize( |
| OUT PULONG BytesInMultiByteString, |
| IN PCWCH UnicodeString, |
| IN ULONG BytesInUnicodeString); |
| |
| NTSYSAPI |
| NTSTATUS |
| NTAPI |
| RtlUnicodeToMultiByteN( |
| OUT PCHAR MultiByteString, |
| IN ULONG MaxBytesInMultiByteString, |
| OUT PULONG BytesInMultiByteString OPTIONAL, |
| IN PWCH UnicodeString, |
| IN ULONG BytesInUnicodeString); |
| |
| NTSYSAPI |
| NTSTATUS |
| NTAPI |
| RtlUpcaseUnicodeToMultiByteN( |
| OUT PCHAR MultiByteString, |
| IN ULONG MaxBytesInMultiByteString, |
| OUT PULONG BytesInMultiByteString OPTIONAL, |
| IN PCWCH UnicodeString, |
| IN ULONG BytesInUnicodeString); |
| |
| NTSYSAPI |
| NTSTATUS |
| NTAPI |
| RtlOemToUnicodeN( |
| OUT PWSTR UnicodeString, |
| IN ULONG MaxBytesInUnicodeString, |
| OUT PULONG BytesInUnicodeString OPTIONAL, |
| IN PCCH OemString, |
| IN ULONG BytesInOemString); |
| |
| NTSYSAPI |
| NTSTATUS |
| NTAPI |
| RtlUnicodeToOemN( |
| OUT PCHAR OemString, |
| IN ULONG MaxBytesInOemString, |
| OUT PULONG BytesInOemString OPTIONAL, |
| IN PCWCH UnicodeString, |
| IN ULONG BytesInUnicodeString); |
| |
| NTSYSAPI |
| NTSTATUS |
| NTAPI |
| RtlUpcaseUnicodeToOemN( |
| OUT PCHAR OemString, |
| IN ULONG MaxBytesInOemString, |
| OUT PULONG BytesInOemString OPTIONAL, |
| IN PCWCH UnicodeString, |
| IN ULONG BytesInUnicodeString); |
| |
| #if (NTDDI_VERSION >= NTDDI_VISTASP1) |
| NTSYSAPI |
| NTSTATUS |
| NTAPI |
| RtlGenerate8dot3Name( |
| IN PCUNICODE_STRING Name, |
| IN BOOLEAN AllowExtendedCharacters, |
| IN OUT PGENERATE_NAME_CONTEXT Context, |
| IN OUT PUNICODE_STRING Name8dot3); |
| #else |
| NTSYSAPI |
| VOID |
| NTAPI |
| RtlGenerate8dot3Name( |
| IN PCUNICODE_STRING Name, |
| IN BOOLEAN AllowExtendedCharacters, |
| IN OUT PGENERATE_NAME_CONTEXT Context, |
| IN OUT PUNICODE_STRING Name8dot3); |
| #endif |
| |
| NTSYSAPI |
| BOOLEAN |
| NTAPI |
| RtlIsNameLegalDOS8Dot3( |
| IN PCUNICODE_STRING Name, |
| IN OUT POEM_STRING OemName OPTIONAL, |
| IN OUT PBOOLEAN NameContainsSpaces OPTIONAL); |
| |
| NTSYSAPI |
| BOOLEAN |
| NTAPI |
| RtlIsValidOemCharacter( |
| IN OUT PWCHAR Char); |
| |
| NTSYSAPI |
| VOID |
| NTAPI |
| PfxInitialize( |
| OUT PPREFIX_TABLE PrefixTable); |
| |
| NTSYSAPI |
| BOOLEAN |
| NTAPI |
| PfxInsertPrefix( |
| IN PPREFIX_TABLE PrefixTable, |
| IN PSTRING Prefix, |
| OUT PPREFIX_TABLE_ENTRY PrefixTableEntry); |
| |
| NTSYSAPI |
| VOID |
| NTAPI |
| PfxRemovePrefix( |
| IN PPREFIX_TABLE PrefixTable, |
| IN PPREFIX_TABLE_ENTRY PrefixTableEntry); |
| |
| NTSYSAPI |
| PPREFIX_TABLE_ENTRY |
| NTAPI |
| PfxFindPrefix( |
| IN PPREFIX_TABLE PrefixTable, |
| IN PSTRING FullName); |
| |
| NTSYSAPI |
| VOID |
| NTAPI |
| RtlInitializeUnicodePrefix( |
| OUT PUNICODE_PREFIX_TABLE PrefixTable); |
| |
| NTSYSAPI |
| BOOLEAN |
| NTAPI |
| RtlInsertUnicodePrefix( |
| IN PUNICODE_PREFIX_TABLE PrefixTable, |
| IN PUNICODE_STRING Prefix, |
| OUT PUNICODE_PREFIX_TABLE_ENTRY PrefixTableEntry); |
| |
| NTSYSAPI |
| VOID |
| NTAPI |
| RtlRemoveUnicodePrefix( |
| IN PUNICODE_PREFIX_TABLE PrefixTable, |
| IN PUNICODE_PREFIX_TABLE_ENTRY PrefixTableEntry); |
| |
| NTSYSAPI |
| PUNICODE_PREFIX_TABLE_ENTRY |
| NTAPI |
| RtlFindUnicodePrefix( |
| IN PUNICODE_PREFIX_TABLE PrefixTable, |
| IN PUNICODE_STRING FullName, |
| IN ULONG CaseInsensitiveIndex); |
| |
| NTSYSAPI |
| PUNICODE_PREFIX_TABLE_ENTRY |
| NTAPI |
| RtlNextUnicodePrefix( |
| IN PUNICODE_PREFIX_TABLE PrefixTable, |
| IN BOOLEAN Restart); |
| |
| NTSYSAPI |
| SIZE_T |
| NTAPI |
| RtlCompareMemoryUlong( |
| IN PVOID Source, |
| IN SIZE_T Length, |
| IN ULONG Pattern); |
| |
| NTSYSAPI |
| BOOLEAN |
| NTAPI |
| RtlTimeToSecondsSince1980( |
| IN PLARGE_INTEGER Time, |
| OUT PULONG ElapsedSeconds); |
| |
| NTSYSAPI |
| VOID |
| NTAPI |
| RtlSecondsSince1980ToTime( |
| IN ULONG ElapsedSeconds, |
| OUT PLARGE_INTEGER Time); |
| |
| NTSYSAPI |
| BOOLEAN |
| NTAPI |
| RtlTimeToSecondsSince1970( |
| IN PLARGE_INTEGER Time, |
| OUT PULONG ElapsedSeconds); |
| |
| NTSYSAPI |
| VOID |
| NTAPI |
| RtlSecondsSince1970ToTime( |
| IN ULONG ElapsedSeconds, |
| OUT PLARGE_INTEGER Time); |
| |
| NTSYSAPI |
| BOOLEAN |
| NTAPI |
| RtlValidSid( |
| IN PSID Sid); |
| |
| NTSYSAPI |
| BOOLEAN |
| NTAPI |
| RtlEqualSid( |
| IN PSID Sid1, |
| IN PSID Sid2); |
| |
| NTSYSAPI |
| BOOLEAN |
| NTAPI |
| RtlEqualPrefixSid( |
| IN PSID Sid1, |
| IN PSID Sid2); |
| |
| NTSYSAPI |
| ULONG |
| NTAPI |
| RtlLengthRequiredSid( |
| IN ULONG SubAuthorityCount); |
| |
| NTSYSAPI |
| PVOID |
| NTAPI |
| RtlFreeSid( |
| IN PSID Sid); |
| |
| NTSYSAPI |
| NTSTATUS |
| NTAPI |
| RtlAllocateAndInitializeSid( |
| IN PSID_IDENTIFIER_AUTHORITY IdentifierAuthority, |
| IN UCHAR SubAuthorityCount, |
| IN ULONG SubAuthority0, |
| IN ULONG SubAuthority1, |
| IN ULONG SubAuthority2, |
| IN ULONG SubAuthority3, |
| IN ULONG SubAuthority4, |
| IN ULONG SubAuthority5, |
| IN ULONG SubAuthority6, |
| IN ULONG SubAuthority7, |
| OUT PSID *Sid); |
| |
| NTSYSAPI |
| NTSTATUS |
| NTAPI |
| RtlInitializeSid( |
| OUT PSID Sid, |
| IN PSID_IDENTIFIER_AUTHORITY IdentifierAuthority, |
| IN UCHAR SubAuthorityCount); |
| |
| NTSYSAPI |
| PULONG |
| NTAPI |
| RtlSubAuthoritySid( |
| IN PSID Sid, |
| IN ULONG SubAuthority); |
| |
| NTSYSAPI |
| ULONG |
| NTAPI |
| RtlLengthSid( |
| IN PSID Sid); |
| |
| NTSYSAPI |
| NTSTATUS |
| NTAPI |
| RtlCopySid( |
| IN ULONG Length, |
| IN PSID Destination, |
| IN PSID Source); |
| |
| NTSYSAPI |
| NTSTATUS |
| NTAPI |
| RtlConvertSidToUnicodeString( |
| IN OUT PUNICODE_STRING UnicodeString, |
| IN PSID Sid, |
| IN BOOLEAN AllocateDestinationString); |
| |
| NTSYSAPI |
| VOID |
| NTAPI |
| RtlCopyLuid( |
| OUT PLUID DestinationLuid, |
| IN PLUID SourceLuid); |
| |
| NTSYSAPI |
| NTSTATUS |
| NTAPI |
| RtlCreateAcl( |
| OUT PACL Acl, |
| IN ULONG AclLength, |
| IN ULONG AclRevision); |
| |
| NTSYSAPI |
| NTSTATUS |
| NTAPI |
| RtlAddAce( |
| IN OUT PACL Acl, |
| IN ULONG AceRevision, |
| IN ULONG StartingAceIndex, |
| IN PVOID AceList, |
| IN ULONG AceListLength); |
| |
| NTSYSAPI |
| NTSTATUS |
| NTAPI |
| RtlDeleteAce( |
| IN OUT PACL Acl, |
| IN ULONG AceIndex); |
| |
| NTSYSAPI |
| NTSTATUS |
| NTAPI |
| RtlGetAce( |
| IN PACL Acl, |
| IN ULONG AceIndex, |
| OUT PVOID *Ace); |
| |
| NTSYSAPI |
| NTSTATUS |
| NTAPI |
| RtlAddAccessAllowedAce( |
| IN OUT PACL Acl, |
| IN ULONG AceRevision, |
| IN ACCESS_MASK AccessMask, |
| IN PSID Sid); |
| |
| NTSYSAPI |
| NTSTATUS |
| NTAPI |
| RtlAddAccessAllowedAceEx( |
| IN OUT PACL Acl, |
| IN ULONG AceRevision, |
| IN ULONG AceFlags, |
| IN ACCESS_MASK AccessMask, |
| IN PSID Sid); |
| |
| NTSYSAPI |
| NTSTATUS |
| NTAPI |
| RtlCreateSecurityDescriptorRelative( |
| OUT PISECURITY_DESCRIPTOR_RELATIVE SecurityDescriptor, |
| IN ULONG Revision); |
| |
| NTSYSAPI |
| NTSTATUS |
| NTAPI |
| RtlGetDaclSecurityDescriptor( |
| IN PSECURITY_DESCRIPTOR SecurityDescriptor, |
| OUT PBOOLEAN DaclPresent, |
| OUT PACL *Dacl, |
| OUT PBOOLEAN DaclDefaulted); |
| |
| NTSYSAPI |
| NTSTATUS |
| NTAPI |
| RtlSetOwnerSecurityDescriptor( |
| IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor, |
| IN PSID Owner OPTIONAL, |
| IN BOOLEAN OwnerDefaulted); |
| |
| NTSYSAPI |
| NTSTATUS |
| NTAPI |
| RtlGetOwnerSecurityDescriptor( |
| IN PSECURITY_DESCRIPTOR SecurityDescriptor, |
| OUT PSID *Owner, |
| OUT PBOOLEAN OwnerDefaulted); |
| |
| NTSYSAPI |
| ULONG |
| NTAPI |
| RtlNtStatusToDosError( |
| IN NTSTATUS Status); |
| |
| NTSYSAPI |
| NTSTATUS |
| NTAPI |
| RtlCustomCPToUnicodeN( |
| IN PCPTABLEINFO CustomCP, |
| OUT PWCH UnicodeString, |
| IN ULONG MaxBytesInUnicodeString, |
| OUT PULONG BytesInUnicodeString OPTIONAL, |
| IN PCH CustomCPString, |
| IN ULONG BytesInCustomCPString); |
| |
| NTSYSAPI |
| NTSTATUS |
| NTAPI |
| RtlUnicodeToCustomCPN( |
| IN PCPTABLEINFO CustomCP, |
| OUT PCH CustomCPString, |
| IN ULONG MaxBytesInCustomCPString, |
| OUT PULONG BytesInCustomCPString OPTIONAL, |
| IN PWCH UnicodeString, |
| IN ULONG BytesInUnicodeString); |
| |
| NTSYSAPI |
| NTSTATUS |
| NTAPI |
| RtlUpcaseUnicodeToCustomCPN( |
| IN PCPTABLEINFO CustomCP, |
| OUT PCH CustomCPString, |
| IN ULONG MaxBytesInCustomCPString, |
| OUT PULONG BytesInCustomCPString OPTIONAL, |
| IN PWCH UnicodeString, |
| IN ULONG BytesInUnicodeString); |
| |
| NTSYSAPI |
| VOID |
| NTAPI |
| RtlInitCodePageTable( |
| IN PUSHORT TableBase, |
| IN OUT PCPTABLEINFO CodePageTable); |
| |
| |
| #endif /* (NTDDI_VERSION >= NTDDI_WIN2K) */ |
| |
| |
| #if (NTDDI_VERSION >= NTDDI_WINXP) |
| |
| NTSYSAPI |
| PVOID |
| NTAPI |
| RtlCreateHeap( |
| IN ULONG Flags, |
| IN PVOID HeapBase OPTIONAL, |
| IN SIZE_T ReserveSize OPTIONAL, |
| IN SIZE_T CommitSize OPTIONAL, |
| IN PVOID Lock OPTIONAL, |
| IN PRTL_HEAP_PARAMETERS Parameters OPTIONAL); |
| |
| NTSYSAPI |
| PVOID |
| NTAPI |
| RtlDestroyHeap( |
| IN PVOID HeapHandle); |
| |
| NTSYSAPI |
| USHORT |
| NTAPI |
| RtlCaptureStackBackTrace( |
| IN ULONG FramesToSkip, |
| IN ULONG FramesToCapture, |
| OUT PVOID *BackTrace, |
| OUT PULONG BackTraceHash OPTIONAL); |
| |
| NTSYSAPI |
| ULONG |
| NTAPI |
| RtlRandomEx( |
| IN OUT PULONG Seed); |
| |
| NTSYSAPI |
| NTSTATUS |
| NTAPI |
| RtlInitUnicodeStringEx( |
| OUT PUNICODE_STRING DestinationString, |
| IN PCWSTR SourceString OPTIONAL); |
| |
| NTSYSAPI |
| NTSTATUS |
| NTAPI |
| RtlValidateUnicodeString( |
| IN ULONG Flags, |
| IN PCUNICODE_STRING String); |
| |
| NTSYSAPI |
| NTSTATUS |
| NTAPI |
| RtlDuplicateUnicodeString( |
| IN ULONG Flags, |
| IN PCUNICODE_STRING SourceString, |
| OUT PUNICODE_STRING DestinationString); |
| |
| NTSYSAPI |
| NTSTATUS |
| NTAPI |
| RtlGetCompressionWorkSpaceSize( |
| IN USHORT CompressionFormatAndEngine, |
| OUT PULONG CompressBufferWorkSpaceSize, |
| OUT PULONG CompressFragmentWorkSpaceSize); |
| |
| NTSYSAPI |
| NTSTATUS |
| NTAPI |
| RtlCompressBuffer( |
| IN USHORT CompressionFormatAndEngine, |
| IN PUCHAR UncompressedBuffer, |
| IN ULONG UncompressedBufferSize, |
| OUT PUCHAR CompressedBuffer, |
| IN ULONG CompressedBufferSize, |
| IN ULONG UncompressedChunkSize, |
| OUT PULONG FinalCompressedSize, |
| IN PVOID WorkSpace); |
| |
| NTSYSAPI |
| NTSTATUS |
| NTAPI |
| RtlDecompressBuffer( |
| IN USHORT CompressionFormat, |
| OUT PUCHAR UncompressedBuffer, |
| IN ULONG UncompressedBufferSize, |
| IN PUCHAR CompressedBuffer, |
| IN ULONG CompressedBufferSize, |
| OUT PULONG FinalUncompressedSize); |
| |
| NTSYSAPI |
| NTSTATUS |
| NTAPI |
| RtlDecompressFragment( |
| IN USHORT CompressionFormat, |
| OUT PUCHAR UncompressedFragment, |
| IN ULONG UncompressedFragmentSize, |
| IN PUCHAR CompressedBuffer, |
| IN ULONG CompressedBufferSize, |
| IN ULONG FragmentOffset, |
| OUT PULONG FinalUncompressedSize, |
| IN PVOID WorkSpace); |
| |
| NTSYSAPI |
| NTSTATUS |
| NTAPI |
| RtlDescribeChunk( |
| IN USHORT CompressionFormat, |
| IN OUT PUCHAR *CompressedBuffer, |
| IN PUCHAR EndOfCompressedBufferPlus1, |
| OUT PUCHAR *ChunkBuffer, |
| OUT PULONG ChunkSize); |
| |
| NTSYSAPI |
| NTSTATUS |
| NTAPI |
| RtlReserveChunk( |
| IN USHORT CompressionFormat, |
| IN OUT PUCHAR *CompressedBuffer, |
| IN PUCHAR EndOfCompressedBufferPlus1, |
| OUT PUCHAR *ChunkBuffer, |
| IN ULONG ChunkSize); |
| |
| NTSYSAPI |
| NTSTATUS |
| NTAPI |
| RtlDecompressChunks( |
| OUT PUCHAR UncompressedBuffer, |
| IN ULONG UncompressedBufferSize, |
| IN PUCHAR CompressedBuffer, |
| IN ULONG CompressedBufferSize, |
| IN PUCHAR CompressedTail, |
| IN ULONG CompressedTailSize, |
| IN PCOMPRESSED_DATA_INFO CompressedDataInfo); |
| |
| NTSYSAPI |
| NTSTATUS |
| NTAPI |
| RtlCompressChunks( |
| IN PUCHAR UncompressedBuffer, |
| IN ULONG UncompressedBufferSize, |
| OUT PUCHAR CompressedBuffer, |
| IN ULONG CompressedBufferSize, |
| IN OUT PCOMPRESSED_DATA_INFO CompressedDataInfo, |
| IN ULONG CompressedDataInfoLength, |
| IN PVOID WorkSpace); |
| |
| NTSYSAPI |
| PSID_IDENTIFIER_AUTHORITY |
| NTAPI |
| RtlIdentifierAuthoritySid( |
| IN PSID Sid); |
| |
| NTSYSAPI |
| PUCHAR |
| NTAPI |
| RtlSubAuthorityCountSid( |
| IN PSID Sid); |
| |
| NTSYSAPI |
| ULONG |
| NTAPI |
| RtlNtStatusToDosErrorNoTeb( |
| IN NTSTATUS Status); |
| |
| NTSYSAPI |
| NTSTATUS |
| NTAPI |
| RtlCreateSystemVolumeInformationFolder( |
| IN PCUNICODE_STRING VolumeRootPath); |
| |
| #if defined(_M_AMD64) |
| |
| FORCEINLINE |
| VOID |
| RtlFillMemoryUlong ( |
| OUT PVOID Destination, |
| IN SIZE_T Length, |
| IN ULONG Pattern) |
| { |
| PULONG Address = (PULONG)Destination; |
| if ((Length /= 4) != 0) { |
| if (((ULONG64)Address & 4) != 0) { |
| *Address = Pattern; |
| if ((Length -= 1) == 0) { |
| return; |
| } |
| Address += 1; |
| } |
| __stosq((PULONG64)(Address), Pattern | ((ULONG64)Pattern << 32), Length / 2); |
| if ((Length & 1) != 0) Address[Length - 1] = Pattern; |
| } |
| return; |
| } |
| |
| #define RtlFillMemoryUlonglong(Destination, Length, Pattern) \ |
| __stosq((PULONG64)(Destination), Pattern, (Length) / 8) |
| |
| #else |
| |
| NTSYSAPI |
| VOID |
| NTAPI |
| RtlFillMemoryUlong( |
| OUT PVOID Destination, |
| IN SIZE_T Length, |
| IN ULONG Pattern); |
| |
| NTSYSAPI |
| VOID |
| NTAPI |
| RtlFillMemoryUlonglong( |
| OUT PVOID Destination, |
| IN SIZE_T Length, |
| IN ULONGLONG Pattern); |
| |
| #endif /* defined(_M_AMD64) */ |
| |
| #endif /* (NTDDI_VERSION >= NTDDI_WINXP) */ |
| |
| #if (NTDDI_VERSION >= NTDDI_WS03) |
| NTSYSAPI |
| NTSTATUS |
| NTAPI |
| RtlInitAnsiStringEx( |
| OUT PANSI_STRING DestinationString, |
| IN PCSZ SourceString OPTIONAL); |
| #endif |
| |
| #if (NTDDI_VERSION >= NTDDI_WS03SP1) |
| |
| NTSYSAPI |
| NTSTATUS |
| NTAPI |
| RtlGetSaclSecurityDescriptor( |
| IN PSECURITY_DESCRIPTOR SecurityDescriptor, |
| OUT PBOOLEAN SaclPresent, |
| OUT PACL *Sacl, |
| OUT PBOOLEAN SaclDefaulted); |
| |
| NTSYSAPI |
| NTSTATUS |
| NTAPI |
| RtlSetGroupSecurityDescriptor( |
| IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor, |
| IN PSID Group OPTIONAL, |
| IN BOOLEAN GroupDefaulted OPTIONAL); |
| |
| NTSYSAPI |
| NTSTATUS |
| NTAPI |
| RtlGetGroupSecurityDescriptor( |
| IN PSECURITY_DESCRIPTOR SecurityDescriptor, |
| OUT PSID *Group, |
| OUT PBOOLEAN GroupDefaulted); |
| |
| NTSYSAPI |
| NTSTATUS |
| NTAPI |
| RtlAbsoluteToSelfRelativeSD( |
| IN PSECURITY_DESCRIPTOR AbsoluteSecurityDescriptor, |
| OUT PSECURITY_DESCRIPTOR SelfRelativeSecurityDescriptor OPTIONAL, |
| IN OUT PULONG BufferLength); |
| |
| NTSYSAPI |
| NTSTATUS |
| NTAPI |
| RtlSelfRelativeToAbsoluteSD( |
| IN PSECURITY_DESCRIPTOR SelfRelativeSecurityDescriptor, |
| OUT PSECURITY_DESCRIPTOR AbsoluteSecurityDescriptor OPTIONAL, |
| IN OUT PULONG AbsoluteSecurityDescriptorSize, |
| OUT PACL Dacl OPTIONAL, |
| IN OUT PULONG DaclSize, |
| OUT PACL Sacl OPTIONAL, |
| IN OUT PULONG SaclSize, |
| OUT PSID Owner OPTIONAL, |
| IN OUT PULONG OwnerSize, |
| OUT PSID PrimaryGroup OPTIONAL, |
| IN OUT PULONG PrimaryGroupSize); |
| |
| #endif /* (NTDDI_VERSION >= NTDDI_WS03SP1) */ |
| |
| #if (NTDDI_VERSION >= NTDDI_VISTA) |
| |
| NTSYSAPI |
| NTSTATUS |
| NTAPI |
| RtlNormalizeString( |
| IN ULONG NormForm, |
| IN PCWSTR SourceString, |
| IN LONG SourceStringLength, |
| OUT PWSTR DestinationString, |
| IN OUT PLONG DestinationStringLength); |
| |
| NTSYSAPI |
| NTSTATUS |
| NTAPI |
| RtlIsNormalizedString( |
| IN ULONG NormForm, |
| IN PCWSTR SourceString, |
| IN LONG SourceStringLength, |
| OUT PBOOLEAN Normalized); |
| |
| NTSYSAPI |
| NTSTATUS |
| NTAPI |
| RtlIdnToAscii( |
| IN ULONG Flags, |
| IN PCWSTR SourceString, |
| IN LONG SourceStringLength, |
| OUT PWSTR DestinationString, |
| IN OUT PLONG DestinationStringLength); |
| |
| NTSYSAPI |
| NTSTATUS |
| NTAPI |
| RtlIdnToUnicode( |
| IN ULONG Flags, |
| IN PCWSTR SourceString, |
| IN LONG SourceStringLength, |
| OUT PWSTR DestinationString, |
| IN OUT PLONG DestinationStringLength); |
| |
| NTSYSAPI |
| NTSTATUS |
| NTAPI |
| RtlIdnToNameprepUnicode( |
| IN ULONG Flags, |
| IN PCWSTR SourceString, |
| IN LONG SourceStringLength, |
| OUT PWSTR DestinationString, |
| IN OUT PLONG DestinationStringLength); |
| |
| NTSYSAPI |
| NTSTATUS |
| NTAPI |
| RtlCreateServiceSid( |
| IN PUNICODE_STRING ServiceName, |
| OUT PSID ServiceSid, |
| IN OUT PULONG ServiceSidLength); |
| |
| NTSYSAPI |
| LONG |
| NTAPI |
| RtlCompareAltitudes( |
| IN PCUNICODE_STRING Altitude1, |
| IN PCUNICODE_STRING Altitude2); |
| |
| #endif /* (NTDDI_VERSION >= NTDDI_VISTA) */ |
| |
| #if (NTDDI_VERSION >= NTDDI_WIN7) |
| |
| NTSYSAPI |
| NTSTATUS |
| NTAPI |
| RtlUnicodeToUTF8N( |
| OUT PCHAR UTF8StringDestination, |
| IN ULONG UTF8StringMaxByteCount, |
| OUT PULONG UTF8StringActualByteCount, |
| IN PCWCH UnicodeStringSource, |
| IN ULONG UnicodeStringByteCount); |
| |
| NTSYSAPI |
| NTSTATUS |
| NTAPI |
| RtlUTF8ToUnicodeN( |
| OUT PWSTR UnicodeStringDestination, |
| IN ULONG UnicodeStringMaxByteCount, |
| OUT PULONG UnicodeStringActualByteCount, |
| IN PCCH UTF8StringSource, |
| IN ULONG UTF8StringByteCount); |
| |
| NTSYSAPI |
| NTSTATUS |
| NTAPI |
| RtlReplaceSidInSd( |
| IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor, |
| IN PSID OldSid, |
| IN PSID NewSid, |
| OUT ULONG *NumChanges); |
| |
| NTSYSAPI |
| NTSTATUS |
| NTAPI |
| RtlCreateVirtualAccountSid( |
| IN PCUNICODE_STRING Name, |
| IN ULONG BaseSubAuthority, |
| OUT PSID Sid, |
| IN OUT PULONG SidLength); |
| |
| #endif /* (NTDDI_VERSION >= NTDDI_WIN7) */ |
| |
| |
| #if defined(_AMD64_) || defined(_IA64_) |
| |
| |
| #endif /* defined(_AMD64_) || defined(_IA64_) */ |
| |
| |
| |
| #define RTL_DUPLICATE_UNICODE_STRING_NULL_TERMINATE 1 |
| #define RTL_DUPLICATE_UNICODE_STRING_ALLOCATE_NULL_STRING 2 |
| |
| #define RtlUnicodeStringToOemSize(STRING) (NLS_MB_OEM_CODE_PAGE_TAG ? \ |
| RtlxUnicodeStringToOemSize(STRING) : \ |
| ((STRING)->Length + sizeof(UNICODE_NULL)) / sizeof(WCHAR) \ |
| ) |
| |
| #define RtlOemStringToUnicodeSize(STRING) ( \ |
| NLS_MB_OEM_CODE_PAGE_TAG ? \ |
| RtlxOemStringToUnicodeSize(STRING) : \ |
| ((STRING)->Length + sizeof(ANSI_NULL)) * sizeof(WCHAR) \ |
| ) |
| |
| #define RtlOemStringToCountedUnicodeSize(STRING) ( \ |
| (ULONG)(RtlOemStringToUnicodeSize(STRING) - sizeof(UNICODE_NULL)) \ |
| ) |
| |
| #define RtlOffsetToPointer(B,O) ((PCHAR)(((PCHAR)(B)) + ((ULONG_PTR)(O)))) |
| #define RtlPointerToOffset(B,P) ((ULONG)(((PCHAR)(P)) - ((PCHAR)(B)))) |
| |
| typedef enum _OBJECT_INFORMATION_CLASS { |
| ObjectBasicInformation = 0, |
| ObjectNameInformation = 1, /* FIXME, not in WDK */ |
| ObjectTypeInformation = 2, |
| ObjectTypesInformation = 3, /* FIXME, not in WDK */ |
| ObjectHandleFlagInformation = 4, /* FIXME, not in WDK */ |
| ObjectSessionInformation = 5, /* FIXME, not in WDK */ |
| MaxObjectInfoClass /* FIXME, not in WDK */ |
| } OBJECT_INFORMATION_CLASS; |
| |
| NTSYSCALLAPI |
| NTSTATUS |
| NTAPI |
| NtQueryObject( |
| IN HANDLE Handle OPTIONAL, |
| IN OBJECT_INFORMATION_CLASS ObjectInformationClass, |
| OUT PVOID ObjectInformation OPTIONAL, |
| IN ULONG ObjectInformationLength, |
| OUT PULONG ReturnLength OPTIONAL); |
| |
| #if (NTDDI_VERSION >= NTDDI_WIN2K) |
| |
| NTSYSCALLAPI |
| NTSTATUS |
| NTAPI |
| NtOpenThreadToken( |
| IN HANDLE ThreadHandle, |
| IN ACCESS_MASK DesiredAccess, |
| IN BOOLEAN OpenAsSelf, |
| OUT PHANDLE TokenHandle); |
| |
| NTSYSCALLAPI |
| NTSTATUS |
| NTAPI |
| NtOpenProcessToken( |
| IN HANDLE ProcessHandle, |
| IN ACCESS_MASK DesiredAccess, |
| OUT PHANDLE TokenHandle); |
| |
| NTSYSCALLAPI |
| NTSTATUS |
| NTAPI |
| NtQueryInformationToken( |
| IN HANDLE TokenHandle, |
| IN TOKEN_INFORMATION_CLASS TokenInformationClass, |
| OUT PVOID TokenInformation OPTIONAL, |
| IN ULONG TokenInformationLength, |
| OUT PULONG ReturnLength); |
| |
| NTSYSCALLAPI |
| NTSTATUS |
| NTAPI |
| NtAdjustPrivilegesToken( |
| IN HANDLE TokenHandle, |
| IN BOOLEAN DisableAllPrivileges, |
| IN PTOKEN_PRIVILEGES NewState OPTIONAL, |
| IN ULONG BufferLength, |
| OUT PTOKEN_PRIVILEGES PreviousState, |
| OUT PULONG ReturnLength OPTIONAL); |
| |
| NTSYSCALLAPI |
| NTSTATUS |
| NTAPI |
| NtCreateFile( |
| OUT PHANDLE FileHandle, |
| IN ACCESS_MASK DesiredAccess, |
| IN POBJECT_ATTRIBUTES ObjectAttributes, |
| OUT PIO_STATUS_BLOCK IoStatusBlock, |
| IN PLARGE_INTEGER AllocationSize OPTIONAL, |
| IN ULONG FileAttributes, |
| IN ULONG ShareAccess, |
| IN ULONG CreateDisposition, |
| IN ULONG CreateOptions, |
| IN PVOID EaBuffer, |
| IN ULONG EaLength); |
| |
| NTSYSCALLAPI |
| NTSTATUS |
| NTAPI |
| NtDeviceIoControlFile( |
| IN HANDLE FileHandle, |
| IN HANDLE Event OPTIONAL, |
| IN PIO_APC_ROUTINE ApcRoutine OPTIONAL, |
| IN PVOID ApcContext OPTIONAL, |
| OUT PIO_STATUS_BLOCK IoStatusBlock, |
| IN ULONG IoControlCode, |
| IN PVOID InputBuffer OPTIONAL, |
| IN ULONG InputBufferLength, |
| OUT PVOID OutputBuffer OPTIONAL, |
| IN ULONG OutputBufferLength); |
| |
| NTSYSCALLAPI |
| NTSTATUS |
| NTAPI |
| NtFsControlFile( |
| IN HANDLE FileHandle, |
| IN HANDLE Event OPTIONAL, |
| IN PIO_APC_ROUTINE ApcRoutine OPTIONAL, |
| IN PVOID ApcContext OPTIONAL, |
| OUT PIO_STATUS_BLOCK IoStatusBlock, |
| IN ULONG FsControlCode, |
| IN PVOID InputBuffer OPTIONAL, |
| IN ULONG InputBufferLength, |
| OUT PVOID OutputBuffer OPTIONAL, |
| IN ULONG OutputBufferLength); |
| |
| NTSYSCALLAPI |
| NTSTATUS |
| NTAPI |
| NtLockFile( |
| IN HANDLE FileHandle, |
| IN HANDLE Event OPTIONAL, |
| IN PIO_APC_ROUTINE ApcRoutine OPTIONAL, |
| IN PVOID ApcContext OPTIONAL, |
| OUT PIO_STATUS_BLOCK IoStatusBlock, |
| IN PLARGE_INTEGER ByteOffset, |
| IN PLARGE_INTEGER Length, |
| IN ULONG Key, |
| IN BOOLEAN FailImmediately, |
| IN BOOLEAN ExclusiveLock); |
| |
| NTSYSCALLAPI |
| NTSTATUS |
| NTAPI |
| NtOpenFile( |
| OUT PHANDLE FileHandle, |
| IN ACCESS_MASK DesiredAccess, |
| IN POBJECT_ATTRIBUTES ObjectAttributes, |
| OUT PIO_STATUS_BLOCK IoStatusBlock, |
| IN ULONG ShareAccess, |
| IN ULONG OpenOptions); |
| |
| NTSYSCALLAPI |
| NTSTATUS |
| NTAPI |
| NtQueryDirectoryFile( |
| IN HANDLE FileHandle, |
| IN HANDLE Event OPTIONAL, |
| IN PIO_APC_ROUTINE ApcRoutine OPTIONAL, |
| IN PVOID ApcContext OPTIONAL, |
| OUT PIO_STATUS_BLOCK IoStatusBlock, |
| OUT PVOID FileInformation, |
| IN ULONG Length, |
| IN FILE_INFORMATION_CLASS FileInformationClass, |
| IN BOOLEAN ReturnSingleEntry, |
| IN PUNICODE_STRING FileName OPTIONAL, |
| IN BOOLEAN RestartScan); |
| |
| NTSYSCALLAPI |
| NTSTATUS |
| NTAPI |
| NtQueryInformationFile( |
| IN HANDLE FileHandle, |
| OUT PIO_STATUS_BLOCK IoStatusBlock, |
| OUT PVOID FileInformation, |
| IN ULONG Length, |
| IN FILE_INFORMATION_CLASS FileInformationClass); |
| |
| NTSYSCALLAPI |
| NTSTATUS |
| NTAPI |
| NtQueryQuotaInformationFile( |
| IN HANDLE FileHandle, |
| OUT PIO_STATUS_BLOCK IoStatusBlock, |
| OUT PVOID Buffer, |
| IN ULONG Length, |
| IN BOOLEAN ReturnSingleEntry, |
| IN PVOID SidList, |
| IN ULONG SidListLength, |
| IN PSID StartSid OPTIONAL, |
| IN BOOLEAN RestartScan); |
| |
| NTSYSCALLAPI |
| NTSTATUS |
| NTAPI |
| NtQueryVolumeInformationFile( |
| IN HANDLE FileHandle, |
| OUT PIO_STATUS_BLOCK IoStatusBlock, |
| OUT PVOID FsInformation, |
| IN ULONG Length, |
| IN FS_INFORMATION_CLASS FsInformationClass); |
| |
| NTSYSCALLAPI |
| NTSTATUS |
| NTAPI |
| NtReadFile( |
| IN HANDLE FileHandle, |
| IN HANDLE Event OPTIONAL, |
| IN PIO_APC_ROUTINE ApcRoutine OPTIONAL, |
| IN PVOID ApcContext OPTIONAL, |
| OUT PIO_STATUS_BLOCK IoStatusBlock, |
| OUT PVOID Buffer, |
| IN ULONG Length, |
| IN PLARGE_INTEGER ByteOffset OPTIONAL, |
| IN PULONG Key OPTIONAL); |
| |
| NTSYSCALLAPI |
| NTSTATUS |
| NTAPI |
| NtSetInformationFile( |
| IN HANDLE FileHandle, |
| OUT PIO_STATUS_BLOCK IoStatusBlock, |
| IN PVOID FileInformation, |
| IN ULONG Length, |
| IN FILE_INFORMATION_CLASS FileInformationClass); |
| |
| NTSYSCALLAPI |
| NTSTATUS |
| NTAPI |
| NtSetQuotaInformationFile( |
| IN HANDLE FileHandle, |
| OUT PIO_STATUS_BLOCK IoStatusBlock, |
| IN PVOID Buffer, |
| IN ULONG Length); |
| |
| NTSYSCALLAPI |
| NTSTATUS |
| NTAPI |
| NtSetVolumeInformationFile( |
| IN HANDLE FileHandle, |
| OUT PIO_STATUS_BLOCK IoStatusBlock, |
| IN PVOID FsInformation, |
| IN ULONG Length, |
| IN FS_INFORMATION_CLASS FsInformationClass); |
| |
| NTSYSCALLAPI |
| NTSTATUS |
| NTAPI |
| NtWriteFile( |
| IN HANDLE FileHandle, |
| IN HANDLE Event OPTIONAL, |
| IN PIO_APC_ROUTINE ApcRoutine OPTIONAL, |
| IN PVOID ApcContext OPTIONAL, |
| OUT PIO_STATUS_BLOCK IoStatusBlock, |
| IN PVOID Buffer, |
| IN ULONG Length, |
| IN PLARGE_INTEGER ByteOffset OPTIONAL, |
| IN PULONG Key OPTIONAL); |
| |
| NTSYSCALLAPI |
| NTSTATUS |
| NTAPI |
| NtUnlockFile( |
| IN HANDLE FileHandle, |
| OUT PIO_STATUS_BLOCK IoStatusBlock, |
| IN PLARGE_INTEGER ByteOffset, |
| IN PLARGE_INTEGER Length, |
| IN ULONG Key); |
| |
| NTSYSCALLAPI |
| NTSTATUS |
| NTAPI |
| NtSetSecurityObject( |
| IN HANDLE Handle, |
| IN SECURITY_INFORMATION SecurityInformation, |
| IN PSECURITY_DESCRIPTOR SecurityDescriptor); |
| |
| NTSYSCALLAPI |
| NTSTATUS |
| NTAPI |
| NtQuerySecurityObject( |
| IN HANDLE Handle, |
| IN SECURITY_INFORMATION SecurityInformation, |
| OUT PSECURITY_DESCRIPTOR SecurityDescriptor, |
| IN ULONG Length, |
| OUT PULONG LengthNeeded); |
| |
| NTSYSCALLAPI |
| NTSTATUS |
| NTAPI |
| NtClose( |
| IN HANDLE Handle); |
| |
| NTSYSCALLAPI |
| NTSTATUS |
| NTAPI |
| NtAllocateVirtualMemory( |
| IN HANDLE ProcessHandle, |
| IN OUT PVOID *BaseAddress, |
| IN ULONG_PTR ZeroBits, |
| IN OUT PSIZE_T RegionSize, |
| IN ULONG AllocationType, |
| IN ULONG Protect); |
| |
| NTSYSCALLAPI |
| NTSTATUS |
| NTAPI |
| NtFreeVirtualMemory( |
| IN HANDLE ProcessHandle, |
| IN OUT PVOID *BaseAddress, |
| IN OUT PSIZE_T RegionSize, |
| IN ULONG FreeType); |
| |
| #endif /* (NTDDI_VERSION >= NTDDI_WIN2K) */ |
| |
| #if (NTDDI_VERSION >= NTDDI_WINXP) |
| |
| NTSYSCALLAPI |
| NTSTATUS |
| NTAPI |
| NtOpenThreadTokenEx( |
| IN HANDLE ThreadHandle, |
| IN ACCESS_MASK DesiredAccess, |
| IN BOOLEAN OpenAsSelf, |
| IN ULONG HandleAttributes, |
| OUT PHANDLE TokenHandle); |
| |
| NTSYSCALLAPI |
| NTSTATUS |
| NTAPI |
| NtOpenProcessTokenEx( |
| IN HANDLE ProcessHandle, |
| IN ACCESS_MASK DesiredAccess, |
| IN ULONG HandleAttributes, |
| OUT PHANDLE TokenHandle); |
| |
| NTSYSAPI |
| NTSTATUS |
| NTAPI |
| NtOpenJobObjectToken( |
| IN HANDLE JobHandle, |
| IN ACCESS_MASK DesiredAccess, |
| OUT PHANDLE TokenHandle); |
| |
| NTSYSCALLAPI |
| NTSTATUS |
| NTAPI |
| NtDuplicateToken( |
| IN HANDLE ExistingTokenHandle, |
| IN ACCESS_MASK DesiredAccess, |
| IN POBJECT_ATTRIBUTES ObjectAttributes, |
| IN BOOLEAN EffectiveOnly, |
| IN TOKEN_TYPE TokenType, |
| OUT PHANDLE NewTokenHandle); |
| |
| NTSYSCALLAPI |
| NTSTATUS |
| NTAPI |
| NtFilterToken( |
| IN HANDLE ExistingTokenHandle, |
| IN ULONG Flags, |
| IN PTOKEN_GROUPS SidsToDisable OPTIONAL, |
| IN PTOKEN_PRIVILEGES PrivilegesToDelete OPTIONAL, |
| IN PTOKEN_GROUPS RestrictedSids OPTIONAL, |
| OUT PHANDLE NewTokenHandle); |
| |
| NTSYSCALLAPI |
| NTSTATUS |
| NTAPI |
| NtImpersonateAnonymousToken( |
| IN HANDLE ThreadHandle); |
| |
| NTSYSCALLAPI |
| NTSTATUS |
| NTAPI |
| NtSetInformationToken( |
| IN HANDLE TokenHandle, |
| IN TOKEN_INFORMATION_CLASS TokenInformationClass, |
| IN PVOID TokenInformation, |
| IN ULONG TokenInformationLength); |
| |
| NTSYSCALLAPI |
| NTSTATUS |
| NTAPI |
| NtAdjustGroupsToken( |
| IN HANDLE TokenHandle, |
| IN BOOLEAN ResetToDefault, |
| IN PTOKEN_GROUPS NewState OPTIONAL, |
| IN ULONG BufferLength OPTIONAL, |
| OUT PTOKEN_GROUPS PreviousState, |
| OUT PULONG ReturnLength); |
| |
| NTSYSCALLAPI |
| NTSTATUS |
| NTAPI |
| NtPrivilegeCheck( |
| IN HANDLE ClientToken, |
| IN OUT PPRIVILEGE_SET RequiredPrivileges, |
| OUT PBOOLEAN Result); |
| |
| NTSYSCALLAPI |
| NTSTATUS |
| NTAPI |
| NtAccessCheckAndAuditAlarm( |
| IN PUNICODE_STRING SubsystemName, |
| IN PVOID HandleId OPTIONAL, |
| IN PUNICODE_STRING ObjectTypeName, |
| IN PUNICODE_STRING ObjectName, |
| IN PSECURITY_DESCRIPTOR SecurityDescriptor, |
| IN ACCESS_MASK DesiredAccess, |
| IN PGENERIC_MAPPING GenericMapping, |
| IN BOOLEAN ObjectCreation, |
| OUT PACCESS_MASK GrantedAccess, |
| OUT PNTSTATUS AccessStatus, |
| OUT PBOOLEAN GenerateOnClose); |
| |
| NTSYSCALLAPI |
| NTSTATUS |
| NTAPI |
| NtAccessCheckByTypeAndAuditAlarm( |
| IN PUNICODE_STRING SubsystemName, |
| IN PVOID HandleId, |
| IN PUNICODE_STRING ObjectTypeName, |
| IN PUNICODE_STRING ObjectName, |
| IN PSECURITY_DESCRIPTOR SecurityDescriptor, |
| IN PSID PrincipalSelfSid OPTIONAL, |
| IN ACCESS_MASK DesiredAccess, |
| IN AUDIT_EVENT_TYPE AuditType, |
| IN ULONG Flags, |
| IN POBJECT_TYPE_LIST ObjectTypeList OPTIONAL, |
| IN ULONG ObjectTypeLength, |
| IN PGENERIC_MAPPING GenericMapping, |
| IN BOOLEAN ObjectCreation, |
| OUT PACCESS_MASK GrantedAccess, |
| OUT PNTSTATUS AccessStatus, |
| OUT PBOOLEAN GenerateOnClose); |
| |
| NTSYSCALLAPI |
| NTSTATUS |
| NTAPI |
| NtAccessCheckByTypeResultListAndAuditAlarm( |
| IN PUNICODE_STRING SubsystemName, |
| IN PVOID HandleId OPTIONAL, |
| IN PUNICODE_STRING ObjectTypeName, |
| IN PUNICODE_STRING ObjectName, |
| IN PSECURITY_DESCRIPTOR SecurityDescriptor, |
| IN PSID PrincipalSelfSid OPTIONAL, |
| IN ACCESS_MASK DesiredAccess, |
| IN AUDIT_EVENT_TYPE AuditType, |
| IN ULONG Flags, |
| IN POBJECT_TYPE_LIST ObjectTypeList OPTIONAL, |
| IN ULONG ObjectTypeLength, |
| IN PGENERIC_MAPPING GenericMapping, |
| IN BOOLEAN ObjectCreation, |
| OUT PACCESS_MASK GrantedAccess, |
| OUT PNTSTATUS AccessStatus, |
| OUT PBOOLEAN GenerateOnClose); |
| |
| NTSTATUS |
| NTAPI |
| NtAccessCheckByTypeResultListAndAuditAlarmByHandle( |
| IN PUNICODE_STRING SubsystemName, |
| IN PVOID HandleId OPTIONAL, |
| IN HANDLE ClientToken, |
| IN PUNICODE_STRING ObjectTypeName, |
| IN PUNICODE_STRING ObjectName, |
| IN PSECURITY_DESCRIPTOR SecurityDescriptor, |
| IN PSID PrincipalSelfSid OPTIONAL, |
| IN ACCESS_MASK DesiredAccess, |
| IN AUDIT_EVENT_TYPE AuditType, |
| IN ULONG Flags, |
| IN POBJECT_TYPE_LIST ObjectTypeList OPTIONAL, |
| IN ULONG ObjectTypeLength, |
| IN PGENERIC_MAPPING GenericMapping, |
| IN BOOLEAN ObjectCreation, |
| OUT PACCESS_MASK GrantedAccess, |
| OUT PNTSTATUS AccessStatus, |
| OUT PBOOLEAN GenerateOnClose); |
| |
| NTSYSCALLAPI |
| NTSTATUS |
| NTAPI |
| NtOpenObjectAuditAlarm( |
| IN PUNICODE_STRING SubsystemName, |
| IN PVOID HandleId OPTIONAL, |
| IN PUNICODE_STRING ObjectTypeName, |
| IN PUNICODE_STRING ObjectName, |
| IN PSECURITY_DESCRIPTOR SecurityDescriptor OPTIONAL, |
| IN HANDLE ClientToken, |
| IN ACCESS_MASK DesiredAccess, |
| IN ACCESS_MASK GrantedAccess, |
| IN PPRIVILEGE_SET Privileges OPTIONAL, |
| IN BOOLEAN ObjectCreation, |
| IN BOOLEAN AccessGranted, |
| OUT PBOOLEAN GenerateOnClose); |
| |
| NTSYSCALLAPI |
| NTSTATUS |
| NTAPI |
| NtPrivilegeObjectAuditAlarm( |
| IN PUNICODE_STRING SubsystemName, |
| IN PVOID HandleId OPTIONAL, |
| IN HANDLE ClientToken, |
| IN ACCESS_MASK DesiredAccess, |
| IN PPRIVILEGE_SET Privileges, |
| IN BOOLEAN AccessGranted); |
| |
| NTSYSCALLAPI |
| NTSTATUS |
| NTAPI |
| NtCloseObjectAuditAlarm( |
| IN PUNICODE_STRING SubsystemName, |
| IN PVOID HandleId OPTIONAL, |
| IN BOOLEAN GenerateOnClose); |
| |
| NTSYSCALLAPI |
| NTSTATUS |
| NTAPI |
| NtDeleteObjectAuditAlarm( |
| IN PUNICODE_STRING SubsystemName, |
| IN PVOID HandleId OPTIONAL, |
| IN BOOLEAN GenerateOnClose); |
| |
| NTSYSCALLAPI |
| NTSTATUS |
| NTAPI |
| NtPrivilegedServiceAuditAlarm( |
| IN PUNICODE_STRING SubsystemName, |
| IN PUNICODE_STRING ServiceName, |
| IN HANDLE ClientToken, |
| IN PPRIVILEGE_SET Privileges, |
| IN BOOLEAN AccessGranted); |
| |
| NTSYSCALLAPI |
| NTSTATUS |
| NTAPI |
| NtSetInformationThread( |
| IN HANDLE ThreadHandle, |
| IN THREADINFOCLASS ThreadInformationClass, |
| IN PVOID ThreadInformation, |
| IN ULONG ThreadInformationLength); |
| |
| NTSYSCALLAPI |
| NTSTATUS |
| NTAPI |
| NtCreateSection( |
| OUT PHANDLE SectionHandle, |
| IN ACCESS_MASK DesiredAccess, |
| IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, |
| IN PLARGE_INTEGER MaximumSize OPTIONAL, |
| IN ULONG SectionPageProtection, |
| IN ULONG AllocationAttributes, |
| IN HANDLE FileHandle OPTIONAL); |
| |
| #endif /* (NTDDI_VERSION >= NTDDI_WINXP) */ |
| |
| #define COMPRESSION_FORMAT_NONE (0x0000) |
| #define COMPRESSION_FORMAT_DEFAULT (0x0001) |
| #define COMPRESSION_FORMAT_LZNT1 (0x0002) |
| #define COMPRESSION_ENGINE_STANDARD (0x0000) |
| #define COMPRESSION_ENGINE_MAXIMUM (0x0100) |
| #define COMPRESSION_ENGINE_HIBER (0x0200) |
| |
| #define MAX_UNICODE_STACK_BUFFER_LENGTH 256 |
| |
| #define METHOD_FROM_CTL_CODE(ctrlCode) ((ULONG)(ctrlCode & 3)) |
| |
| #define METHOD_DIRECT_TO_HARDWARE METHOD_IN_DIRECT |
| #define METHOD_DIRECT_FROM_HARDWARE METHOD_OUT_DIRECT |
| |
| typedef ULONG LSA_OPERATIONAL_MODE, *PLSA_OPERATIONAL_MODE; |
| |
| typedef enum _SECURITY_LOGON_TYPE { |
| UndefinedLogonType = 0, |
| Interactive = 2, |
| Network, |
| Batch, |
| Service, |
| Proxy, |
| Unlock, |
| NetworkCleartext, |
| NewCredentials, |
| #if (_WIN32_WINNT >= 0x0501) |
| RemoteInteractive, |
| CachedInteractive, |
| #endif |
| #if (_WIN32_WINNT >= 0x0502) |
| CachedRemoteInteractive, |
| CachedUnlock |
| #endif |
| } SECURITY_LOGON_TYPE, *PSECURITY_LOGON_TYPE; |
| |
| #ifndef _NTLSA_AUDIT_ |
| #define _NTLSA_AUDIT_ |
| |
| #ifndef GUID_DEFINED |
| #include <guiddef.h> |
| #endif |
| |
| #endif /* _NTLSA_AUDIT_ */ |
| |
| NTSTATUS |
| NTAPI |
| LsaRegisterLogonProcess( |
| IN PLSA_STRING LogonProcessName, |
| OUT PHANDLE LsaHandle, |
| OUT PLSA_OPERATIONAL_MODE SecurityMode); |
| |
| NTSTATUS |
| NTAPI |
| LsaLogonUser( |
| IN HANDLE LsaHandle, |
| IN PLSA_STRING OriginName, |
| IN SECURITY_LOGON_TYPE LogonType, |
| IN ULONG AuthenticationPackage, |
| IN PVOID AuthenticationInformation, |
| IN ULONG AuthenticationInformationLength, |
| IN PTOKEN_GROUPS LocalGroups OPTIONAL, |
| IN PTOKEN_SOURCE SourceContext, |
| OUT PVOID *ProfileBuffer, |
| OUT PULONG ProfileBufferLength, |
| OUT PLUID LogonId, |
| OUT PHANDLE Token, |
| OUT PQUOTA_LIMITS Quotas, |
| OUT PNTSTATUS SubStatus); |
| |
| NTSTATUS |
| NTAPI |
| LsaFreeReturnBuffer( |
| IN PVOID Buffer); |
| |
| #ifndef _NTLSA_IFS_ |
| #define _NTLSA_IFS_ |
| #endif |
| |
| #define MSV1_0_PACKAGE_NAME "MICROSOFT_AUTHENTICATION_PACKAGE_V1_0" |
| #define MSV1_0_PACKAGE_NAMEW L"MICROSOFT_AUTHENTICATION_PACKAGE_V1_0" |
| #define MSV1_0_PACKAGE_NAMEW_LENGTH sizeof(MSV1_0_PACKAGE_NAMEW) - sizeof(WCHAR) |
| |
| #define MSV1_0_SUBAUTHENTICATION_KEY "SYSTEM\\CurrentControlSet\\Control\\Lsa\\MSV1_0" |
| #define MSV1_0_SUBAUTHENTICATION_VALUE "Auth" |
| |
| #define MSV1_0_CHALLENGE_LENGTH 8 |
| #define MSV1_0_USER_SESSION_KEY_LENGTH 16 |
| #define MSV1_0_LANMAN_SESSION_KEY_LENGTH 8 |
| |
| #define MSV1_0_CLEARTEXT_PASSWORD_ALLOWED 0x02 |
| #define MSV1_0_UPDATE_LOGON_STATISTICS 0x04 |
| #define MSV1_0_RETURN_USER_PARAMETERS 0x08 |
| #define MSV1_0_DONT_TRY_GUEST_ACCOUNT 0x10 |
| #define MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT 0x20 |
| #define MSV1_0_RETURN_PASSWORD_EXPIRY 0x40 |
| #define MSV1_0_USE_CLIENT_CHALLENGE 0x80 |
| #define MSV1_0_TRY_GUEST_ACCOUNT_ONLY 0x100 |
| #define MSV1_0_RETURN_PROFILE_PATH 0x200 |
| #define MSV1_0_TRY_SPECIFIED_DOMAIN_ONLY 0x400 |
| #define MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT 0x800 |
| |
| #define MSV1_0_DISABLE_PERSONAL_FALLBACK 0x00001000 |
| #define MSV1_0_ALLOW_FORCE_GUEST 0x00002000 |
| |
| #if (_WIN32_WINNT >= 0x0502) |
| #define MSV1_0_CLEARTEXT_PASSWORD_SUPPLIED 0x00004000 |
| #define MSV1_0_USE_DOMAIN_FOR_ROUTING_ONLY 0x00008000 |
| #endif |
| |
| #define MSV1_0_SUBAUTHENTICATION_DLL_EX 0x00100000 |
| #define MSV1_0_ALLOW_MSVCHAPV2 0x00010000 |
| |
| #if (_WIN32_WINNT >= 0x0600) |
| #define MSV1_0_S4U2SELF 0x00020000 |
| #define MSV1_0_CHECK_LOGONHOURS_FOR_S4U 0x00040000 |
| #endif |
| |
| #define MSV1_0_SUBAUTHENTICATION_DLL 0xFF000000 |
| #define MSV1_0_SUBAUTHENTICATION_DLL_SHIFT 24 |
| #define MSV1_0_MNS_LOGON 0x01000000 |
| |
| #define MSV1_0_SUBAUTHENTICATION_DLL_RAS 2 |
| #define MSV1_0_SUBAUTHENTICATION_DLL_IIS 132 |
| |
| #define LOGON_GUEST 0x01 |
| #define LOGON_NOENCRYPTION 0x02 |
| #define LOGON_CACHED_ACCOUNT 0x04 |
| #define LOGON_USED_LM_PASSWORD 0x08 |
| #define LOGON_EXTRA_SIDS 0x20 |
| #define LOGON_SUBAUTH_SESSION_KEY 0x40 |
| #define LOGON_SERVER_TRUST_ACCOUNT 0x80 |
| #define LOGON_NTLMV2_ENABLED 0x100 |
| #define LOGON_RESOURCE_GROUPS 0x200 |
| #define LOGON_PROFILE_PATH_RETURNED 0x400 |
| #define LOGON_NT_V2 0x800 |
| #define LOGON_LM_V2 0x1000 |
| #define LOGON_NTLM_V2 0x2000 |
| |
| #if (_WIN32_WINNT >= 0x0600) |
| |
| #define LOGON_OPTIMIZED 0x4000 |
| #define LOGON_WINLOGON 0x8000 |
| #define LOGON_PKINIT 0x10000 |
| #define LOGON_NO_OPTIMIZED 0x20000 |
| |
| #endif |
| |
| #define MSV1_0_SUBAUTHENTICATION_FLAGS 0xFF000000 |
| |
| #define LOGON_GRACE_LOGON 0x01000000 |
| |
| #define MSV1_0_OWF_PASSWORD_LENGTH 16 |
| #define MSV1_0_CRED_LM_PRESENT 0x1 |
| #define MSV1_0_CRED_NT_PRESENT 0x2 |
| #define MSV1_0_CRED_VERSION 0 |
| |
| #define MSV1_0_NTLM3_RESPONSE_LENGTH 16 |
| #define MSV1_0_NTLM3_OWF_LENGTH 16 |
| |
| #if (_WIN32_WINNT == 0x0500) |
| #define MSV1_0_MAX_NTLM3_LIFE 1800 |
| #else |
| #define MSV1_0_MAX_NTLM3_LIFE 129600 |
| #endif |
| #define MSV1_0_MAX_AVL_SIZE 64000 |
| |
| #if (_WIN32_WINNT >= 0x0501) |
| |
| #define MSV1_0_AV_FLAG_FORCE_GUEST 0x00000001 |
| |
| #if (_WIN32_WINNT >= 0x0600) |
| #define MSV1_0_AV_FLAG_MIC_HANDSHAKE_MESSAGES 0x00000002 |
| #endif |
| |
| #endif |
| |
| #define MSV1_0_NTLM3_INPUT_LENGTH (sizeof(MSV1_0_NTLM3_RESPONSE) - MSV1_0_NTLM3_RESPONSE_LENGTH) |
| |
| #if(_WIN32_WINNT >= 0x0502) |
| #define MSV1_0_NTLM3_MIN_NT_RESPONSE_LENGTH RTL_SIZEOF_THROUGH_FIELD(MSV1_0_NTLM3_RESPONSE, AvPairsOff) |
| #endif |
| |
| #define USE_PRIMARY_PASSWORD 0x01 |
| #define RETURN_PRIMARY_USERNAME 0x02 |
| #define RETURN_PRIMARY_LOGON_DOMAINNAME 0x04 |
| #define RETURN_NON_NT_USER_SESSION_KEY 0x08 |
| #define GENERATE_CLIENT_CHALLENGE 0x10 |
| #define GCR_NTLM3_PARMS 0x20 |
| #define GCR_TARGET_INFO 0x40 |
| #define RETURN_RESERVED_PARAMETER 0x80 |
| #define GCR_ALLOW_NTLM 0x100 |
| #define GCR_USE_OEM_SET 0x200 |
| #define GCR_MACHINE_CREDENTIAL 0x400 |
| #define GCR_USE_OWF_PASSWORD 0x800 |
| #define GCR_ALLOW_LM 0x1000 |
| #define GCR_ALLOW_NO_TARGET 0x2000 |
| |
| typedef enum _MSV1_0_LOGON_SUBMIT_TYPE { |
| MsV1_0InteractiveLogon = 2, |
| MsV1_0Lm20Logon, |
| MsV1_0NetworkLogon, |
| MsV1_0SubAuthLogon, |
| MsV1_0WorkstationUnlockLogon = 7, |
| MsV1_0S4ULogon = 12, |
| MsV1_0VirtualLogon = 82 |
| } MSV1_0_LOGON_SUBMIT_TYPE, *PMSV1_0_LOGON_SUBMIT_TYPE; |
| |
| typedef enum _MSV1_0_PROFILE_BUFFER_TYPE { |
| MsV1_0InteractiveProfile = 2, |
| MsV1_0Lm20LogonProfile, |
| MsV1_0SmartCardProfile |
| } MSV1_0_PROFILE_BUFFER_TYPE, *PMSV1_0_PROFILE_BUFFER_TYPE; |
| |
| typedef struct _MSV1_0_INTERACTIVE_LOGON { |
| MSV1_0_LOGON_SUBMIT_TYPE MessageType; |
| UNICODE_STRING LogonDomainName; |
| UNICODE_STRING UserName; |
| UNICODE_STRING Password; |
| } MSV1_0_INTERACTIVE_LOGON, *PMSV1_0_INTERACTIVE_LOGON; |
| |
| typedef struct _MSV1_0_INTERACTIVE_PROFILE { |
| MSV1_0_PROFILE_BUFFER_TYPE MessageType; |
| USHORT LogonCount; |
| USHORT BadPasswordCount; |
| LARGE_INTEGER LogonTime; |
| LARGE_INTEGER LogoffTime; |
| LARGE_INTEGER KickOffTime; |
| LARGE_INTEGER PasswordLastSet; |
| LARGE_INTEGER PasswordCanChange; |
| LARGE_INTEGER PasswordMustChange; |
| UNICODE_STRING LogonScript; |
| UNICODE_STRING HomeDirectory; |
| UNICODE_STRING FullName; |
| UNICODE_STRING ProfilePath; |
| UNICODE_STRING HomeDirectoryDrive; |
| UNICODE_STRING LogonServer; |
| ULONG UserFlags; |
| } MSV1_0_INTERACTIVE_PROFILE, *PMSV1_0_INTERACTIVE_PROFILE; |
| |
| typedef struct _MSV1_0_LM20_LOGON { |
| MSV1_0_LOGON_SUBMIT_TYPE MessageType; |
| UNICODE_STRING LogonDomainName; |
| UNICODE_STRING UserName; |
| UNICODE_STRING Workstation; |
| UCHAR ChallengeToClient[MSV1_0_CHALLENGE_LENGTH]; |
| STRING CaseSensitiveChallengeResponse; |
| STRING CaseInsensitiveChallengeResponse; |
| ULONG ParameterControl; |
| } MSV1_0_LM20_LOGON, * PMSV1_0_LM20_LOGON; |
| |
| typedef struct _MSV1_0_SUBAUTH_LOGON { |
| MSV1_0_LOGON_SUBMIT_TYPE MessageType; |
| UNICODE_STRING LogonDomainName; |
| UNICODE_STRING UserName; |
| UNICODE_STRING Workstation; |
| UCHAR ChallengeToClient[MSV1_0_CHALLENGE_LENGTH]; |
| STRING AuthenticationInfo1; |
| STRING AuthenticationInfo2; |
| ULONG ParameterControl; |
| ULONG SubAuthPackageId; |
| } MSV1_0_SUBAUTH_LOGON, * PMSV1_0_SUBAUTH_LOGON; |
| |
| #if (_WIN32_WINNT >= 0x0600) |
| |
| #define MSV1_0_S4U_LOGON_FLAG_CHECK_LOGONHOURS 0x2 |
| |
| typedef struct _MSV1_0_S4U_LOGON { |
| MSV1_0_LOGON_SUBMIT_TYPE MessageType; |
| ULONG Flags; |
| UNICODE_STRING UserPrincipalName; |
| UNICODE_STRING DomainName; |
| } MSV1_0_S4U_LOGON, *PMSV1_0_S4U_LOGON; |
| |
| #endif |
| |
| typedef struct _MSV1_0_LM20_LOGON_PROFILE { |
| MSV1_0_PROFILE_BUFFER_TYPE MessageType; |
| LARGE_INTEGER KickOffTime; |
| LARGE_INTEGER LogoffTime; |
| ULONG UserFlags; |
| UCHAR UserSessionKey[MSV1_0_USER_SESSION_KEY_LENGTH]; |
| UNICODE_STRING LogonDomainName; |
| UCHAR LanmanSessionKey[MSV1_0_LANMAN_SESSION_KEY_LENGTH]; |
| UNICODE_STRING LogonServer; |
| UNICODE_STRING UserParameters; |
| } MSV1_0_LM20_LOGON_PROFILE, * PMSV1_0_LM20_LOGON_PROFILE; |
| |
| typedef struct _MSV1_0_SUPPLEMENTAL_CREDENTIAL { |
| ULONG Version; |
| ULONG Flags; |
| UCHAR LmPassword[MSV1_0_OWF_PASSWORD_LENGTH]; |
| UCHAR NtPassword[MSV1_0_OWF_PASSWORD_LENGTH]; |
| } MSV1_0_SUPPLEMENTAL_CREDENTIAL, *PMSV1_0_SUPPLEMENTAL_CREDENTIAL; |
| |
| typedef struct _MSV1_0_NTLM3_RESPONSE { |
| UCHAR Response[MSV1_0_NTLM3_RESPONSE_LENGTH]; |
| UCHAR RespType; |
| UCHAR HiRespType; |
| USHORT Flags; |
| ULONG MsgWord; |
| ULONGLONG TimeStamp; |
| UCHAR ChallengeFromClient[MSV1_0_CHALLENGE_LENGTH]; |
| ULONG AvPairsOff; |
| UCHAR Buffer[1]; |
| } MSV1_0_NTLM3_RESPONSE, *PMSV1_0_NTLM3_RESPONSE; |
| |
| typedef enum _MSV1_0_AVID { |
| MsvAvEOL, |
| MsvAvNbComputerName, |
| MsvAvNbDomainName, |
| MsvAvDnsComputerName, |
| MsvAvDnsDomainName, |
| #if (_WIN32_WINNT >= 0x0501) |
| MsvAvDnsTreeName, |
| MsvAvFlags, |
| #if (_WIN32_WINNT >= 0x0600) |
| MsvAvTimestamp, |
| MsvAvRestrictions, |
| MsvAvTargetName, |
| MsvAvChannelBindings, |
| #endif |
| #endif |
| } MSV1_0_AVID; |
| |
| typedef struct _MSV1_0_AV_PAIR { |
| USHORT AvId; |
| USHORT AvLen; |
| } MSV1_0_AV_PAIR, *PMSV1_0_AV_PAIR; |
| |
| typedef enum _MSV1_0_PROTOCOL_MESSAGE_TYPE { |
| MsV1_0Lm20ChallengeRequest = 0, |
| MsV1_0Lm20GetChallengeResponse, |
| MsV1_0EnumerateUsers, |
| MsV1_0GetUserInfo, |
| MsV1_0ReLogonUsers, |
| MsV1_0ChangePassword, |
| MsV1_0ChangeCachedPassword, |
| MsV1_0GenericPassthrough, |
| MsV1_0CacheLogon, |
| MsV1_0SubAuth, |
| MsV1_0DeriveCredential, |
| MsV1_0CacheLookup, |
| #if (_WIN32_WINNT >= 0x0501) |
| MsV1_0SetProcessOption, |
| #endif |
| #if (_WIN32_WINNT >= 0x0600) |
| MsV1_0ConfigLocalAliases, |
| MsV1_0ClearCachedCredentials, |
| #endif |
| } MSV1_0_PROTOCOL_MESSAGE_TYPE, *PMSV1_0_PROTOCOL_MESSAGE_TYPE; |
| |
| typedef struct _MSV1_0_LM20_CHALLENGE_REQUEST { |
| MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType; |
| } MSV1_0_LM20_CHALLENGE_REQUEST, *PMSV1_0_LM20_CHALLENGE_REQUEST; |
| |
| typedef struct _MSV1_0_LM20_CHALLENGE_RESPONSE { |
| MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType; |
| UCHAR ChallengeToClient[MSV1_0_CHALLENGE_LENGTH]; |
| } MSV1_0_LM20_CHALLENGE_RESPONSE, *PMSV1_0_LM20_CHALLENGE_RESPONSE; |
| |
| typedef struct _MSV1_0_GETCHALLENRESP_REQUEST_V1 { |
| MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType; |
| ULONG ParameterControl; |
| LUID LogonId; |
| UNICODE_STRING Password; |
| UCHAR ChallengeToClient[MSV1_0_CHALLENGE_LENGTH]; |
| } MSV1_0_GETCHALLENRESP_REQUEST_V1, *PMSV1_0_GETCHALLENRESP_REQUEST_V1; |
| |
| typedef struct _MSV1_0_GETCHALLENRESP_REQUEST { |
| MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType; |
| ULONG ParameterControl; |
| LUID LogonId; |
| UNICODE_STRING Password; |
| UCHAR ChallengeToClient[MSV1_0_CHALLENGE_LENGTH]; |
| UNICODE_STRING UserName; |
| UNICODE_STRING LogonDomainName; |
| UNICODE_STRING ServerName; |
| } MSV1_0_GETCHALLENRESP_REQUEST, *PMSV1_0_GETCHALLENRESP_REQUEST; |
| |
| typedef struct _MSV1_0_GETCHALLENRESP_RESPONSE { |
| MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType; |
| STRING CaseSensitiveChallengeResponse; |
| STRING CaseInsensitiveChallengeResponse; |
| UNICODE_STRING UserName; |
| UNICODE_STRING LogonDomainName; |
| UCHAR UserSessionKey[MSV1_0_USER_SESSION_KEY_LENGTH]; |
| UCHAR LanmanSessionKey[MSV1_0_LANMAN_SESSION_KEY_LENGTH]; |
| } MSV1_0_GETCHALLENRESP_RESPONSE, *PMSV1_0_GETCHALLENRESP_RESPONSE; |
| |
| typedef struct _MSV1_0_ENUMUSERS_REQUEST { |
| MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType; |
| } MSV1_0_ENUMUSERS_REQUEST, *PMSV1_0_ENUMUSERS_REQUEST; |
| |
| typedef struct _MSV1_0_ENUMUSERS_RESPONSE { |
| MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType; |
| ULONG NumberOfLoggedOnUsers; |
| PLUID LogonIds; |
| PULONG EnumHandles; |
| } MSV1_0_ENUMUSERS_RESPONSE, *PMSV1_0_ENUMUSERS_RESPONSE; |
| |
| typedef struct _MSV1_0_GETUSERINFO_REQUEST { |
| MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType; |
| LUID LogonId; |
| } MSV1_0_GETUSERINFO_REQUEST, *PMSV1_0_GETUSERINFO_REQUEST; |
| |
| typedef struct _MSV1_0_GETUSERINFO_RESPONSE { |
| MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType; |
| PSID UserSid; |
| UNICODE_STRING UserName; |
| UNICODE_STRING LogonDomainName; |
| UNICODE_STRING LogonServer; |
| SECURITY_LOGON_TYPE LogonType; |
| } MSV1_0_GETUSERINFO_RESPONSE, *PMSV1_0_GETUSERINFO_RESPONSE; |
| |
| |
| |
| #define FILE_OPLOCK_BROKEN_TO_LEVEL_2 0x00000007 |
| #define FILE_OPLOCK_BROKEN_TO_NONE 0x00000008 |
| #define FILE_OPBATCH_BREAK_UNDERWAY 0x00000009 |
| |
| /* also in winnt.h */ |
| #define FILE_NOTIFY_CHANGE_FILE_NAME 0x00000001 |
| #define FILE_NOTIFY_CHANGE_DIR_NAME 0x00000002 |
| #define FILE_NOTIFY_CHANGE_NAME 0x00000003 |
| #define FILE_NOTIFY_CHANGE_ATTRIBUTES 0x00000004 |
| #define FILE_NOTIFY_CHANGE_SIZE 0x00000008 |
| #define FILE_NOTIFY_CHANGE_LAST_WRITE 0x00000010 |
| #define FILE_NOTIFY_CHANGE_LAST_ACCESS 0x00000020 |
| #define FILE_NOTIFY_CHANGE_CREATION 0x00000040 |
| #define FILE_NOTIFY_CHANGE_EA 0x00000080 |
| #define FILE_NOTIFY_CHANGE_SECURITY 0x00000100 |
| #define FILE_NOTIFY_CHANGE_STREAM_NAME 0x00000200 |
| #define FILE_NOTIFY_CHANGE_STREAM_SIZE 0x00000400 |
| #define FILE_NOTIFY_CHANGE_STREAM_WRITE 0x00000800 |
| #define FILE_NOTIFY_VALID_MASK 0x00000fff |
| |
| #define FILE_ACTION_ADDED 0x00000001 |
| #define FILE_ACTION_REMOVED 0x00000002 |
| #define FILE_ACTION_MODIFIED 0x00000003 |
| #define FILE_ACTION_RENAMED_OLD_NAME 0x00000004 |
| #define FILE_ACTION_RENAMED_NEW_NAME 0x00000005 |
| #define FILE_ACTION_ADDED_STREAM 0x00000006 |
| #define FILE_ACTION_REMOVED_STREAM 0x00000007 |
| #define FILE_ACTION_MODIFIED_STREAM 0x00000008 |
| #define FILE_ACTION_REMOVED_BY_DELETE 0x00000009 |
| #define FILE_ACTION_ID_NOT_TUNNELLED 0x0000000A |
| #define FILE_ACTION_TUNNELLED_ID_COLLISION 0x0000000B |
| /* end winnt.h */ |
| |
| #define FILE_PIPE_BYTE_STREAM_TYPE 0x00000000 |
| #define FILE_PIPE_MESSAGE_TYPE 0x00000001 |
| |
| #define FILE_PIPE_ACCEPT_REMOTE_CLIENTS 0x00000000 |
| #define FILE_PIPE_REJECT_REMOTE_CLIENTS 0x00000002 |
| |
| #define FILE_PIPE_ACCEPT_REMOTE_CLIENTS 0x00000000 |
| #define FILE_PIPE_REJECT_REMOTE_CLIENTS 0x00000002 |
| #define FILE_PIPE_TYPE_VALID_MASK 0x00000003 |
| |
| #define FILE_PIPE_BYTE_STREAM_MODE 0x00000000 |
| #define FILE_PIPE_MESSAGE_MODE 0x00000001 |
| |
| #define FILE_PIPE_QUEUE_OPERATION 0x00000000 |
| #define FILE_PIPE_COMPLETE_OPERATION 0x00000001 |
| |
| #define FILE_PIPE_INBOUND 0x00000000 |
| #define FILE_PIPE_OUTBOUND 0x00000001 |
| #define FILE_PIPE_FULL_DUPLEX 0x00000002 |
| |
| #define FILE_PIPE_DISCONNECTED_STATE 0x00000001 |
| #define FILE_PIPE_LISTENING_STATE 0x00000002 |
| #define FILE_PIPE_CONNECTED_STATE 0x00000003 |
| #define FILE_PIPE_CLOSING_STATE 0x00000004 |
| |
| #define FILE_PIPE_CLIENT_END 0x00000000 |
| #define FILE_PIPE_SERVER_END 0x00000001 |
| |
| #define FILE_CASE_SENSITIVE_SEARCH 0x00000001 |
| #define FILE_CASE_PRESERVED_NAMES 0x00000002 |
| #define FILE_UNICODE_ON_DISK 0x00000004 |
| #define FILE_PERSISTENT_ACLS 0x00000008 |
| #define FILE_FILE_COMPRESSION 0x00000010 |
| #define FILE_VOLUME_QUOTAS 0x00000020 |
| #define FILE_SUPPORTS_SPARSE_FILES 0x00000040 |
| #define FILE_SUPPORTS_REPARSE_POINTS 0x00000080 |
| #define FILE_SUPPORTS_REMOTE_STORAGE 0x00000100 |
| #define FILE_VOLUME_IS_COMPRESSED 0x00008000 |
| #define FILE_SUPPORTS_OBJECT_IDS 0x00010000 |
| #define FILE_SUPPORTS_ENCRYPTION 0x00020000 |
| #define FILE_NAMED_STREAMS 0x00040000 |
| #define FILE_READ_ONLY_VOLUME 0x00080000 |
| #define FILE_SEQUENTIAL_WRITE_ONCE 0x00100000 |
| #define FILE_SUPPORTS_TRANSACTIONS 0x00200000 |
| #define FILE_SUPPORTS_HARD_LINKS 0x00400000 |
| #define FILE_SUPPORTS_EXTENDED_ATTRIBUTES 0x00800000 |
| #define FILE_SUPPORTS_OPEN_BY_FILE_ID 0x01000000 |
| #define FILE_SUPPORTS_USN_JOURNAL 0x02000000 |
| |
| #define FILE_NEED_EA 0x00000080 |
| |
| #define FILE_EA_TYPE_BINARY 0xfffe |
| #define FILE_EA_TYPE_ASCII 0xfffd |
| #define FILE_EA_TYPE_BITMAP 0xfffb |
| #define FILE_EA_TYPE_METAFILE 0xfffa |
| #define FILE_EA_TYPE_ICON 0xfff9 |
| #define FILE_EA_TYPE_EA 0xffee |
| #define FILE_EA_TYPE_MVMT 0xffdf |
| #define FILE_EA_TYPE_MVST 0xffde |
| #define FILE_EA_TYPE_ASN1 0xffdd |
| #define FILE_EA_TYPE_FAMILY_IDS 0xff01 |
| |
| typedef struct _FILE_NOTIFY_INFORMATION { |
| ULONG NextEntryOffset; |
| ULONG Action; |
| ULONG FileNameLength; |
| WCHAR FileName[1]; |
| } FILE_NOTIFY_INFORMATION, *PFILE_NOTIFY_INFORMATION; |
| |
| typedef struct _FILE_DIRECTORY_INFORMATION { |
| ULONG NextEntryOffset; |
| ULONG FileIndex; |
| LARGE_INTEGER CreationTime; |
| LARGE_INTEGER LastAccessTime; |
| LARGE_INTEGER LastWriteTime; |
| LARGE_INTEGER ChangeTime; |
| LARGE_INTEGER EndOfFile; |
| LARGE_INTEGER AllocationSize; |
| ULONG FileAttributes; |
| ULONG FileNameLength; |
| WCHAR FileName[1]; |
| } FILE_DIRECTORY_INFORMATION, *PFILE_DIRECTORY_INFORMATION; |
| |
| typedef struct _FILE_FULL_DIR_INFORMATION { |
| ULONG NextEntryOffset; |
| ULONG FileIndex; |
| LARGE_INTEGER CreationTime; |
| LARGE_INTEGER LastAccessTime; |
| LARGE_INTEGER LastWriteTime; |
| LARGE_INTEGER ChangeTime; |
| LARGE_INTEGER EndOfFile; |
| LARGE_INTEGER AllocationSize; |
| ULONG FileAttributes; |
| ULONG FileNameLength; |
| ULONG EaSize; |
| WCHAR FileName[1]; |
| } FILE_FULL_DIR_INFORMATION, *PFILE_FULL_DIR_INFORMATION; |
| |
| typedef struct _FILE_ID_FULL_DIR_INFORMATION { |
| ULONG NextEntryOffset; |
| ULONG FileIndex; |
| LARGE_INTEGER CreationTime; |
| LARGE_INTEGER LastAccessTime; |
| LARGE_INTEGER LastWriteTime; |
| LARGE_INTEGER ChangeTime; |
| LARGE_INTEGER EndOfFile; |
| LARGE_INTEGER AllocationSize; |
| ULONG FileAttributes; |
| ULONG FileNameLength; |
| ULONG EaSize; |
| LARGE_INTEGER FileId; |
| WCHAR FileName[1]; |
| } FILE_ID_FULL_DIR_INFORMATION, *PFILE_ID_FULL_DIR_INFORMATION; |
| |
| typedef struct _FILE_BOTH_DIR_INFORMATION { |
| ULONG NextEntryOffset; |
| ULONG FileIndex; |
| LARGE_INTEGER CreationTime; |
| LARGE_INTEGER LastAccessTime; |
| LARGE_INTEGER LastWriteTime; |
| LARGE_INTEGER ChangeTime; |
| LARGE_INTEGER EndOfFile; |
| LARGE_INTEGER AllocationSize; |
| ULONG FileAttributes; |
| ULONG FileNameLength; |
| ULONG EaSize; |
| CCHAR ShortNameLength; |
| WCHAR ShortName[12]; |
| WCHAR FileName[1]; |
| } FILE_BOTH_DIR_INFORMATION, *PFILE_BOTH_DIR_INFORMATION; |
| |
| typedef struct _FILE_ID_BOTH_DIR_INFORMATION { |
| ULONG NextEntryOffset; |
| ULONG FileIndex; |
| LARGE_INTEGER CreationTime; |
| LARGE_INTEGER LastAccessTime; |
| LARGE_INTEGER LastWriteTime; |
| LARGE_INTEGER ChangeTime; |
| LARGE_INTEGER EndOfFile; |
| LARGE_INTEGER AllocationSize; |
| ULONG FileAttributes; |
| ULONG FileNameLength; |
| ULONG EaSize; |
| CCHAR ShortNameLength; |
| WCHAR ShortName[12]; |
| LARGE_INTEGER FileId; |
| WCHAR FileName[1]; |
| } FILE_ID_BOTH_DIR_INFORMATION, *PFILE_ID_BOTH_DIR_INFORMATION; |
| |
| typedef struct _FILE_NAMES_INFORMATION { |
| ULONG NextEntryOffset; |
| ULONG FileIndex; |
| ULONG FileNameLength; |
| WCHAR FileName[1]; |
| } FILE_NAMES_INFORMATION, *PFILE_NAMES_INFORMATION; |
| |
| typedef struct _FILE_ID_GLOBAL_TX_DIR_INFORMATION { |
| ULONG NextEntryOffset; |
| ULONG FileIndex; |
| LARGE_INTEGER CreationTime; |
| LARGE_INTEGER LastAccessTime; |
| LARGE_INTEGER LastWriteTime; |
| LARGE_INTEGER ChangeTime; |
| LARGE_INTEGER EndOfFile; |
| LARGE_INTEGER AllocationSize; |
| ULONG FileAttributes; |
| ULONG FileNameLength; |
| LARGE_INTEGER FileId; |
| GUID LockingTransactionId; |
| ULONG TxInfoFlags; |
| WCHAR FileName[1]; |
| } FILE_ID_GLOBAL_TX_DIR_INFORMATION, *PFILE_ID_GLOBAL_TX_DIR_INFORMATION; |
| |
| #define FILE_ID_GLOBAL_TX_DIR_INFO_FLAG_WRITELOCKED 0x00000001 |
| #define FILE_ID_GLOBAL_TX_DIR_INFO_FLAG_VISIBLE_TO_TX 0x00000002 |
| #define FILE_ID_GLOBAL_TX_DIR_INFO_FLAG_VISIBLE_OUTSIDE_TX 0x00000004 |
| |
| typedef struct _FILE_OBJECTID_INFORMATION { |
| LONGLONG FileReference; |
| UCHAR ObjectId[16]; |
| _ANONYMOUS_UNION union { |
| _ANONYMOUS_STRUCT struct { |
| UCHAR BirthVolumeId[16]; |
| UCHAR BirthObjectId[16]; |
| UCHAR DomainId[16]; |
| } DUMMYSTRUCTNAME; |
| UCHAR ExtendedInfo[48]; |
| } DUMMYUNIONNAME; |
| } FILE_OBJECTID_INFORMATION, *PFILE_OBJECTID_INFORMATION; |
| |
| #define ANSI_DOS_STAR ('<') |
| #define ANSI_DOS_QM ('>') |
| #define ANSI_DOS_DOT ('"') |
| |
| #define DOS_STAR (L'<') |
| #define DOS_QM (L'>') |
| #define DOS_DOT (L'"') |
| |
| typedef struct _FILE_INTERNAL_INFORMATION { |
| LARGE_INTEGER IndexNumber; |
| } FILE_INTERNAL_INFORMATION, *PFILE_INTERNAL_INFORMATION; |
| |
| typedef struct _FILE_EA_INFORMATION { |
| ULONG EaSize; |
| } FILE_EA_INFORMATION, *PFILE_EA_INFORMATION; |
| |
| typedef struct _FILE_ACCESS_INFORMATION { |
| ACCESS_MASK AccessFlags; |
| } FILE_ACCESS_INFORMATION, *PFILE_ACCESS_INFORMATION; |
| |
| typedef struct _FILE_MODE_INFORMATION { |
| ULONG Mode; |
| } FILE_MODE_INFORMATION, *PFILE_MODE_INFORMATION; |
| |
| typedef struct _FILE_ALL_INFORMATION { |
| FILE_BASIC_INFORMATION BasicInformation; |
| FILE_STANDARD_INFORMATION StandardInformation; |
| FILE_INTERNAL_INFORMATION InternalInformation; |
| FILE_EA_INFORMATION EaInformation; |
| FILE_ACCESS_INFORMATION AccessInformation; |
| FILE_POSITION_INFORMATION PositionInformation; |
| FILE_MODE_INFORMATION ModeInformation; |
| FILE_ALIGNMENT_INFORMATION AlignmentInformation; |
| FILE_NAME_INFORMATION NameInformation; |
| } FILE_ALL_INFORMATION, *PFILE_ALL_INFORMATION; |
| |
| typedef struct _FILE_ALLOCATION_INFORMATION { |
| LARGE_INTEGER AllocationSize; |
| } FILE_ALLOCATION_INFORMATION, *PFILE_ALLOCATION_INFORMATION; |
| |
| typedef struct _FILE_COMPRESSION_INFORMATION { |
| LARGE_INTEGER CompressedFileSize; |
| USHORT CompressionFormat; |
| UCHAR CompressionUnitShift; |
| UCHAR ChunkShift; |
| UCHAR ClusterShift; |
| UCHAR Reserved[3]; |
| } FILE_COMPRESSION_INFORMATION, *PFILE_COMPRESSION_INFORMATION; |
| |
| typedef struct _FILE_LINK_INFORMATION { |
| BOOLEAN ReplaceIfExists; |
| HANDLE RootDirectory; |
| ULONG FileNameLength; |
| WCHAR FileName[1]; |
| } FILE_LINK_INFORMATION, *PFILE_LINK_INFORMATION; |
| |
| typedef struct _FILE_MOVE_CLUSTER_INFORMATION { |
| ULONG ClusterCount; |
| HANDLE RootDirectory; |
| ULONG FileNameLength; |
| WCHAR FileName[1]; |
| } FILE_MOVE_CLUSTER_INFORMATION, *PFILE_MOVE_CLUSTER_INFORMATION; |
| |
| typedef struct _FILE_RENAME_INFORMATION { |
| BOOLEAN ReplaceIfExists; |
| HANDLE RootDirectory; |
| ULONG FileNameLength; |
| WCHAR FileName[1]; |
| } FILE_RENAME_INFORMATION, *PFILE_RENAME_INFORMATION; |
| |
| typedef struct _FILE_STREAM_INFORMATION { |
| ULONG NextEntryOffset; |
| ULONG StreamNameLength; |
| LARGE_INTEGER StreamSize; |
| LARGE_INTEGER StreamAllocationSize; |
| WCHAR StreamName[1]; |
| } FILE_STREAM_INFORMATION, *PFILE_STREAM_INFORMATION; |
| |
| typedef struct _FILE_TRACKING_INFORMATION { |
| HANDLE DestinationFile; |
| ULONG ObjectInformationLength; |
| CHAR ObjectInformation[1]; |
| } FILE_TRACKING_INFORMATION, *PFILE_TRACKING_INFORMATION; |
| |
| typedef struct _FILE_COMPLETION_INFORMATION { |
| HANDLE Port; |
| PVOID Key; |
| } FILE_COMPLETION_INFORMATION, *PFILE_COMPLETION_INFORMATION; |
| |
| typedef struct _FILE_PIPE_INFORMATION { |
| ULONG ReadMode; |
| ULONG CompletionMode; |
| } FILE_PIPE_INFORMATION, *PFILE_PIPE_INFORMATION; |
| |
| typedef struct _FILE_PIPE_LOCAL_INFORMATION { |
| ULONG NamedPipeType; |
| ULONG NamedPipeConfiguration; |
| ULONG MaximumInstances; |
| ULONG CurrentInstances; |
| ULONG InboundQuota; |
| ULONG ReadDataAvailable; |
| ULONG OutboundQuota; |
| ULONG WriteQuotaAvailable; |
| ULONG NamedPipeState; |
| ULONG NamedPipeEnd; |
| } FILE_PIPE_LOCAL_INFORMATION, *PFILE_PIPE_LOCAL_INFORMATION; |
| |
| typedef struct _FILE_PIPE_REMOTE_INFORMATION { |
| LARGE_INTEGER CollectDataTime; |
| ULONG MaximumCollectionCount; |
| } FILE_PIPE_REMOTE_INFORMATION, *PFILE_PIPE_REMOTE_INFORMATION; |
| |
| typedef struct _FILE_MAILSLOT_QUERY_INFORMATION { |
| ULONG MaximumMessageSize; |
| ULONG MailslotQuota; |
| ULONG NextMessageSize; |
| ULONG MessagesAvailable; |
| LARGE_INTEGER ReadTimeout; |
| } FILE_MAILSLOT_QUERY_INFORMATION, *PFILE_MAILSLOT_QUERY_INFORMATION; |
| |
| typedef struct _FILE_MAILSLOT_SET_INFORMATION { |
| PLARGE_INTEGER ReadTimeout; |
| } FILE_MAILSLOT_SET_INFORMATION, *PFILE_MAILSLOT_SET_INFORMATION; |
| |
| typedef struct _FILE_REPARSE_POINT_INFORMATION { |
| LONGLONG FileReference; |
| ULONG Tag; |
| } FILE_REPARSE_POINT_INFORMATION, *PFILE_REPARSE_POINT_INFORMATION; |
| |
| typedef struct _FILE_LINK_ENTRY_INFORMATION { |
| ULONG NextEntryOffset; |
| LONGLONG ParentFileId; |
| ULONG FileNameLength; |
| WCHAR FileName[1]; |
| } FILE_LINK_ENTRY_INFORMATION, *PFILE_LINK_ENTRY_INFORMATION; |
| |
| typedef struct _FILE_LINKS_INFORMATION { |
| ULONG BytesNeeded; |
| ULONG EntriesReturned; |
| FILE_LINK_ENTRY_INFORMATION Entry; |
| } FILE_LINKS_INFORMATION, *PFILE_LINKS_INFORMATION; |
| |
| typedef struct _FILE_NETWORK_PHYSICAL_NAME_INFORMATION { |
| ULONG FileNameLength; |
| WCHAR FileName[1]; |
| } FILE_NETWORK_PHYSICAL_NAME_INFORMATION, *PFILE_NETWORK_PHYSICAL_NAME_INFORMATION; |
| |
| typedef struct _FILE_STANDARD_LINK_INFORMATION { |
| ULONG NumberOfAccessibleLinks; |
| ULONG TotalNumberOfLinks; |
| BOOLEAN DeletePending; |
| BOOLEAN Directory; |
| } FILE_STANDARD_LINK_INFORMATION, *PFILE_STANDARD_LINK_INFORMATION; |
| |
| typedef struct _FILE_GET_EA_INFORMATION { |
| ULONG NextEntryOffset; |
| UCHAR EaNameLength; |
| CHAR EaName[1]; |
| } FILE_GET_EA_INFORMATION, *PFILE_GET_EA_INFORMATION; |
| |
| #define REMOTE_PROTOCOL_FLAG_LOOPBACK 0x00000001 |
| #define REMOTE_PROTOCOL_FLAG_OFFLINE 0x00000002 |
| |
| typedef struct _FILE_REMOTE_PROTOCOL_INFORMATION { |
| USHORT StructureVersion; |
| USHORT StructureSize; |
| ULONG Protocol; |
| USHORT ProtocolMajorVersion; |
| USHORT ProtocolMinorVersion; |
| USHORT ProtocolRevision; |
| USHORT Reserved; |
| ULONG Flags; |
| struct { |
| ULONG Reserved[8]; |
| } GenericReserved; |
| struct { |
| ULONG Reserved[16]; |
| } ProtocolSpecificReserved; |
| } FILE_REMOTE_PROTOCOL_INFORMATION, *PFILE_REMOTE_PROTOCOL_INFORMATION; |
| |
| typedef struct _FILE_GET_QUOTA_INFORMATION { |
| ULONG NextEntryOffset; |
| ULONG SidLength; |
| SID Sid; |
| } FILE_GET_QUOTA_INFORMATION, *PFILE_GET_QUOTA_INFORMATION; |
| |
| typedef struct _FILE_QUOTA_INFORMATION { |
| ULONG NextEntryOffset; |
| ULONG SidLength; |
| LARGE_INTEGER ChangeTime; |
| LARGE_INTEGER QuotaUsed; |
| LARGE_INTEGER QuotaThreshold; |
| LARGE_INTEGER QuotaLimit; |
| SID Sid; |
| } FILE_QUOTA_INFORMATION, *PFILE_QUOTA_INFORMATION; |
| |
| typedef struct _FILE_FS_ATTRIBUTE_INFORMATION { |
| ULONG FileSystemAttributes; |
| ULONG MaximumComponentNameLength; |
| ULONG FileSystemNameLength; |
| WCHAR FileSystemName[1]; |
| } FILE_FS_ATTRIBUTE_INFORMATION, *PFILE_FS_ATTRIBUTE_INFORMATION; |
| |
| typedef struct _FILE_FS_DRIVER_PATH_INFORMATION { |
| BOOLEAN DriverInPath; |
| ULONG DriverNameLength; |
| WCHAR DriverName[1]; |
| } FILE_FS_DRIVER_PATH_INFORMATION, *PFILE_FS_DRIVER_PATH_INFORMATION; |
| |
| typedef struct _FILE_FS_VOLUME_FLAGS_INFORMATION { |
| ULONG Flags; |
| } FILE_FS_VOLUME_FLAGS_INFORMATION, *PFILE_FS_VOLUME_FLAGS_INFORMATION; |
| |
| #define FILE_VC_QUOTA_NONE 0x00000000 |
| #define FILE_VC_QUOTA_TRACK 0x00000001 |
| #define FILE_VC_QUOTA_ENFORCE 0x00000002 |
| #define FILE_VC_QUOTA_MASK 0x00000003 |
| #define FILE_VC_CONTENT_INDEX_DISABLED 0x00000008 |
| #define FILE_VC_LOG_QUOTA_THRESHOLD 0x00000010 |
| #define FILE_VC_LOG_QUOTA_LIMIT 0x00000020 |
| #define FILE_VC_LOG_VOLUME_THRESHOLD 0x00000040 |
| #define FILE_VC_LOG_VOLUME_LIMIT 0x00000080 |
| #define FILE_VC_QUOTAS_INCOMPLETE 0x00000100 |
| #define FILE_VC_QUOTAS_REBUILDING 0x00000200 |
| #define FILE_VC_VALID_MASK 0x000003ff |
| |
| typedef struct _FILE_FS_CONTROL_INFORMATION { |
| LARGE_INTEGER FreeSpaceStartFiltering; |
| LARGE_INTEGER FreeSpaceThreshold; |
| LARGE_INTEGER FreeSpaceStopFiltering; |
| LARGE_INTEGER DefaultQuotaThreshold; |
| LARGE_INTEGER DefaultQuotaLimit; |
| ULONG FileSystemControlFlags; |
| } FILE_FS_CONTROL_INFORMATION, *PFILE_FS_CONTROL_INFORMATION; |
| |
| #ifndef _FILESYSTEMFSCTL_ |
| #define _FILESYSTEMFSCTL_ |
| |
| #define FSCTL_REQUEST_OPLOCK_LEVEL_1 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 0, METHOD_BUFFERED, FILE_ANY_ACCESS) |
| #define FSCTL_REQUEST_OPLOCK_LEVEL_2 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 1, METHOD_BUFFERED, FILE_ANY_ACCESS) |
| #define FSCTL_REQUEST_BATCH_OPLOCK CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 2, METHOD_BUFFERED, FILE_ANY_ACCESS) |
| #define FSCTL_OPLOCK_BREAK_ACKNOWLEDGE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 3, METHOD_BUFFERED, FILE_ANY_ACCESS) |
| #define FSCTL_OPBATCH_ACK_CLOSE_PENDING CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 4, METHOD_BUFFERED, FILE_ANY_ACCESS) |
| #define FSCTL_OPLOCK_BREAK_NOTIFY CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 5, METHOD_BUFFERED, FILE_ANY_ACCESS) |
| #define FSCTL_LOCK_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 6, METHOD_BUFFERED, FILE_ANY_ACCESS) |
| #define FSCTL_UNLOCK_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 7, METHOD_BUFFERED, FILE_ANY_ACCESS) |
| #define FSCTL_DISMOUNT_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 8, METHOD_BUFFERED, FILE_ANY_ACCESS) |
| #define FSCTL_IS_VOLUME_MOUNTED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 10, METHOD_BUFFERED, FILE_ANY_ACCESS) |
| #define FSCTL_IS_PATHNAME_VALID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 11, METHOD_BUFFERED, FILE_ANY_ACCESS) |
| #define FSCTL_MARK_VOLUME_DIRTY CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 12, METHOD_BUFFERED, FILE_ANY_ACCESS) |
| #define FSCTL_QUERY_RETRIEVAL_POINTERS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 14, METHOD_NEITHER, FILE_ANY_ACCESS) |
| #define FSCTL_GET_COMPRESSION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 15, METHOD_BUFFERED, FILE_ANY_ACCESS) |
| #define FSCTL_SET_COMPRESSION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 16, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA) |
| #define FSCTL_SET_BOOTLOADER_ACCESSED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 19, METHOD_NEITHER, FILE_ANY_ACCESS) |
| |
| #define FSCTL_OPLOCK_BREAK_ACK_NO_2 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 20, METHOD_BUFFERED, FILE_ANY_ACCESS) |
| #define FSCTL_INVALIDATE_VOLUMES CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 21, METHOD_BUFFERED, FILE_ANY_ACCESS) |
| #define FSCTL_QUERY_FAT_BPB CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 22, METHOD_BUFFERED, FILE_ANY_ACCESS) |
| #define FSCTL_REQUEST_FILTER_OPLOCK CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 23, METHOD_BUFFERED, FILE_ANY_ACCESS) |
| #define FSCTL_FILESYSTEM_GET_STATISTICS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 24, METHOD_BUFFERED, FILE_ANY_ACCESS) |
| |
| #if (_WIN32_WINNT >= 0x0400) |
| |
| #define FSCTL_GET_NTFS_VOLUME_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 25, METHOD_BUFFERED, FILE_ANY_ACCESS) |
| #define FSCTL_GET_NTFS_FILE_RECORD CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 26, METHOD_BUFFERED, FILE_ANY_ACCESS) |
| #define FSCTL_GET_VOLUME_BITMAP CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 27, METHOD_NEITHER, FILE_ANY_ACCESS) |
| #define FSCTL_GET_RETRIEVAL_POINTERS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 28, METHOD_NEITHER, FILE_ANY_ACCESS) |
| #define FSCTL_MOVE_FILE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 29, METHOD_BUFFERED, FILE_ANY_ACCESS) |
| #define FSCTL_IS_VOLUME_DIRTY CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 30, METHOD_BUFFERED, FILE_ANY_ACCESS) |
| #define FSCTL_ALLOW_EXTENDED_DASD_IO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 32, METHOD_NEITHER, FILE_ANY_ACCESS) |
| |
| #endif |
| |
| #if (_WIN32_WINNT >= 0x0500) |
| |
| #define FSCTL_FIND_FILES_BY_SID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 35, METHOD_NEITHER, FILE_ANY_ACCESS) |
| #define FSCTL_SET_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 38, METHOD_BUFFERED, FILE_WRITE_DATA) |
| #define FSCTL_GET_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 39, METHOD_BUFFERED, FILE_ANY_ACCESS) |
| #define FSCTL_DELETE_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 40, METHOD_BUFFERED, FILE_WRITE_DATA) |
| #define FSCTL_SET_REPARSE_POINT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 41, METHOD_BUFFERED, FILE_WRITE_DATA) |
| #define FSCTL_GET_REPARSE_POINT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 42, METHOD_BUFFERED, FILE_ANY_ACCESS) |
| #define FSCTL_DELETE_REPARSE_POINT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 43, METHOD_BUFFERED, FILE_WRITE_DATA) |
| #define FSCTL_ENUM_USN_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 44, METHOD_NEITHER, FILE_READ_DATA) |
| #define FSCTL_SECURITY_ID_CHECK CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 45, METHOD_NEITHER, FILE_READ_DATA) |
| #define FSCTL_READ_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 46, METHOD_NEITHER, FILE_READ_DATA) |
| #define FSCTL_SET_OBJECT_ID_EXTENDED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 47, METHOD_BUFFERED, FILE_WRITE_DATA) |
| #define FSCTL_CREATE_OR_GET_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 48, METHOD_BUFFERED, FILE_ANY_ACCESS) |
| #define FSCTL_SET_SPARSE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 49, METHOD_BUFFERED, FILE_WRITE_DATA) |
| #define FSCTL_SET_ZERO_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 50, METHOD_BUFFERED, FILE_WRITE_DATA) |
| #define FSCTL_QUERY_ALLOCATED_RANGES CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 51, METHOD_NEITHER, FILE_READ_DATA) |
| #define FSCTL_ENABLE_UPGRADE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 52, METHOD_BUFFERED, FILE_WRITE_DATA) |
| #define FSCTL_SET_ENCRYPTION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 53, METHOD_BUFFERED, FILE_ANY_ACCESS) |
| #define FSCTL_ENCRYPTION_FSCTL_IO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 54, METHOD_NEITHER, FILE_ANY_ACCESS) |
| #define FSCTL_WRITE_RAW_ENCRYPTED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 55, METHOD_NEITHER, FILE_ANY_ACCESS) |
| #define FSCTL_READ_RAW_ENCRYPTED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 56, METHOD_NEITHER, FILE_ANY_ACCESS) |
| #define FSCTL_CREATE_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 57, METHOD_NEITHER, FILE_READ_DATA) |
| #define FSCTL_READ_FILE_USN_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 58, METHOD_NEITHER, FILE_READ_DATA) |
| #define FSCTL_WRITE_USN_CLOSE_RECORD CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 59, METHOD_NEITHER, FILE_READ_DATA) |
| #define FSCTL_EXTEND_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 60, METHOD_BUFFERED, FILE_ANY_ACCESS) |
| #define FSCTL_QUERY_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 61, METHOD_BUFFERED, FILE_ANY_ACCESS) |
| #define FSCTL_DELETE_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 62, METHOD_BUFFERED, FILE_ANY_ACCESS) |
| #define FSCTL_MARK_HANDLE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 63, METHOD_BUFFERED, FILE_ANY_ACCESS) |
| #define FSCTL_SIS_COPYFILE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 64, METHOD_BUFFERED, FILE_ANY_ACCESS) |
| #define FSCTL_SIS_LINK_FILES CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 65, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA) |
| #define FSCTL_RECALL_FILE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 69, METHOD_NEITHER, FILE_ANY_ACCESS) |
| #define FSCTL_READ_FROM_PLEX CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 71, METHOD_OUT_DIRECT, FILE_READ_DATA) |
| #define FSCTL_FILE_PREFETCH CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 72, METHOD_BUFFERED, FILE_SPECIAL_ACCESS) |
| |
| #endif |
| |
| #if (_WIN32_WINNT >= 0x0600) |
| |
| #define FSCTL_MAKE_MEDIA_COMPATIBLE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 76, METHOD_BUFFERED, FILE_WRITE_DATA) |
| #define FSCTL_SET_DEFECT_MANAGEMENT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 77, METHOD_BUFFERED, FILE_WRITE_DATA) |
| #define FSCTL_QUERY_SPARING_INFO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 78, METHOD_BUFFERED, FILE_ANY_ACCESS) |
| #define FSCTL_QUERY_ON_DISK_VOLUME_INFO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 79, METHOD_BUFFERED, FILE_ANY_ACCESS) |
| #define FSCTL_SET_VOLUME_COMPRESSION_STATE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 80, METHOD_BUFFERED, FILE_SPECIAL_ACCESS) |
| #define FSCTL_TXFS_MODIFY_RM CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 81, METHOD_BUFFERED, FILE_WRITE_DATA) |
| #define FSCTL_TXFS_QUERY_RM_INFORMATION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 82, METHOD_BUFFERED, FILE_READ_DATA) |
| #define FSCTL_TXFS_ROLLFORWARD_REDO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 84, METHOD_BUFFERED, FILE_WRITE_DATA) |
| #define FSCTL_TXFS_ROLLFORWARD_UNDO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 85, METHOD_BUFFERED, FILE_WRITE_DATA) |
| #define FSCTL_TXFS_START_RM CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 86, METHOD_BUFFERED, FILE_WRITE_DATA) |
| #define FSCTL_TXFS_SHUTDOWN_RM CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 87, METHOD_BUFFERED, FILE_WRITE_DATA) |
| #define FSCTL_TXFS_READ_BACKUP_INFORMATION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 88, METHOD_BUFFERED, FILE_READ_DATA) |
| #define FSCTL_TXFS_WRITE_BACKUP_INFORMATION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 89, METHOD_BUFFERED, FILE_WRITE_DATA) |
| #define FSCTL_TXFS_CREATE_SECONDARY_RM CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 90, METHOD_BUFFERED, FILE_WRITE_DATA) |
| #define FSCTL_TXFS_GET_METADATA_INFO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 91, METHOD_BUFFERED, FILE_READ_DATA) |
| #define FSCTL_TXFS_GET_TRANSACTED_VERSION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 92, METHOD_BUFFERED, FILE_READ_DATA) |
| #define FSCTL_TXFS_SAVEPOINT_INFORMATION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 94, METHOD_BUFFERED, FILE_WRITE_DATA) |
| #define FSCTL_TXFS_CREATE_MINIVERSION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 95, METHOD_BUFFERED, FILE_WRITE_DATA) |
| #define FSCTL_TXFS_TRANSACTION_ACTIVE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 99, METHOD_BUFFERED, FILE_READ_DATA) |
| #define FSCTL_SET_ZERO_ON_DEALLOCATION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 101, METHOD_BUFFERED, FILE_SPECIAL_ACCESS) |
| #define FSCTL_SET_REPAIR CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 102, METHOD_BUFFERED, FILE_ANY_ACCESS) |
| #define FSCTL_GET_REPAIR CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 103, METHOD_BUFFERED, FILE_ANY_ACCESS) |
| #define FSCTL_WAIT_FOR_REPAIR CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 104, METHOD_BUFFERED, FILE_ANY_ACCESS) |
| #define FSCTL_INITIATE_REPAIR CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 106, METHOD_BUFFERED, FILE_ANY_ACCESS) |
| #define FSCTL_CSC_INTERNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 107, METHOD_NEITHER, FILE_ANY_ACCESS) |
| #define FSCTL_SHRINK_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 108, METHOD_BUFFERED, FILE_SPECIAL_ACCESS) |
| #define FSCTL_SET_SHORT_NAME_BEHAVIOR CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 109, METHOD_BUFFERED, FILE_ANY_ACCESS) |
| #define FSCTL_DFSR_SET_GHOST_HANDLE_STATE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 110, METHOD_BUFFERED, FILE_ANY_ACCESS) |
| |
| #define FSCTL_TXFS_LIST_TRANSACTION_LOCKED_FILES \ |
| CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 120, METHOD_BUFFERED, FILE_READ_DATA) |
| #define FSCTL_TXFS_LIST_TRANSACTIONS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 121, METHOD_BUFFERED, FILE_READ_DATA) |
| #define FSCTL_QUERY_PAGEFILE_ENCRYPTION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 122, METHOD_BUFFERED, FILE_ANY_ACCESS) |
| #define FSCTL_RESET_VOLUME_ALLOCATION_HINTS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 123, METHOD_BUFFERED, FILE_ANY_ACCESS) |
| #define FSCTL_TXFS_READ_BACKUP_INFORMATION2 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 126, METHOD_BUFFERED, FILE_ANY_ACCESS) |
| |
| #endif |
| |
| #if (_WIN32_WINNT >= 0x0601) |
| |
| #define FSCTL_QUERY_DEPENDENT_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 124, METHOD_BUFFERED, FILE_ANY_ACCESS) |
| #define FSCTL_SD_GLOBAL_CHANGE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 125, METHOD_BUFFERED, FILE_ANY_ACCESS) |
| #define FSCTL_LOOKUP_STREAM_FROM_CLUSTER CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 127, METHOD_BUFFERED, FILE_ANY_ACCESS) |
| #define FSCTL_TXFS_WRITE_BACKUP_INFORMATION2 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 128, METHOD_BUFFERED, FILE_ANY_ACCESS) |
| #define FSCTL_FILE_TYPE_NOTIFICATION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 129, METHOD_BUFFERED, FILE_ANY_ACCESS) |
| #define FSCTL_GET_BOOT_AREA_INFO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 140, METHOD_BUFFERED, FILE_ANY_ACCESS) |
| #define FSCTL_GET_RETRIEVAL_POINTER_BASE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 141, METHOD_BUFFERED, FILE_ANY_ACCESS) |
| #define FSCTL_SET_PERSISTENT_VOLUME_STATE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 142, METHOD_BUFFERED, FILE_ANY_ACCESS) |
| #define FSCTL_QUERY_PERSISTENT_VOLUME_STATE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 143, METHOD_BUFFERED, FILE_ANY_ACCESS) |
| |
| #define FSCTL_REQUEST_OPLOCK CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 144, METHOD_BUFFERED, FILE_ANY_ACCESS) |
| |
| #define FSCTL_CSV_TUNNEL_REQUEST CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 145, METHOD_BUFFERED, FILE_ANY_ACCESS) |
| #define FSCTL_IS_CSV_FILE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 146, METHOD_BUFFERED, FILE_ANY_ACCESS) |
| |
| #define FSCTL_QUERY_FILE_SYSTEM_RECOGNITION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 147, METHOD_BUFFERED, FILE_ANY_ACCESS) |
| #define FSCTL_CSV_GET_VOLUME_PATH_NAME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 148, METHOD_BUFFERED, FILE_ANY_ACCESS) |
| #define FSCTL_CSV_GET_VOLUME_NAME_FOR_VOLUME_MOUNT_POINT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 149, METHOD_BUFFERED, FILE_ANY_ACCESS) |
| #define FSCTL_CSV_GET_VOLUME_PATH_NAMES_FOR_VOLUME_NAME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 150, METHOD_BUFFERED, FILE_ANY_ACCESS) |
| #define FSCTL_IS_FILE_ON_CSV_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 151, METHOD_BUFFERED, FILE_ANY_ACCESS) |
| |
| typedef struct _CSV_NAMESPACE_INFO { |
| ULONG Version; |
| ULONG DeviceNumber; |
| LARGE_INTEGER StartingOffset; |
| ULONG SectorSize; |
| } CSV_NAMESPACE_INFO, *PCSV_NAMESPACE_INFO; |
| |
| #define CSV_NAMESPACE_INFO_V1 (sizeof(CSV_NAMESPACE_INFO)) |
| #define CSV_INVALID_DEVICE_NUMBER 0xFFFFFFFF |
| |
| #endif |
| |
| #define FSCTL_MARK_AS_SYSTEM_HIVE FSCTL_SET_BOOTLOADER_ACCESSED |
| |
| typedef struct _PATHNAME_BUFFER { |
| ULONG PathNameLength; |
| WCHAR Name[1]; |
| } PATHNAME_BUFFER, *PPATHNAME_BUFFER; |
| |
| typedef struct _FSCTL_QUERY_FAT_BPB_BUFFER { |
| UCHAR First0x24BytesOfBootSector[0x24]; |
| } FSCTL_QUERY_FAT_BPB_BUFFER, *PFSCTL_QUERY_FAT_BPB_BUFFER; |
| |
| #if (_WIN32_WINNT >= 0x0400) |
| |
| typedef struct _NTFS_VOLUME_DATA_BUFFER { |
| LARGE_INTEGER VolumeSerialNumber; |
| LARGE_INTEGER NumberSectors; |
| LARGE_INTEGER TotalClusters; |
| LARGE_INTEGER FreeClusters; |
| LARGE_INTEGER TotalReserved; |
| ULONG BytesPerSector; |
| ULONG BytesPerCluster; |
| ULONG BytesPerFileRecordSegment; |
| ULONG ClustersPerFileRecordSegment; |
| LARGE_INTEGER MftValidDataLength; |
| LARGE_INTEGER MftStartLcn; |
| LARGE_INTEGER Mft2StartLcn; |
| LARGE_INTEGER MftZoneStart; |
| LARGE_INTEGER MftZoneEnd; |
| } NTFS_VOLUME_DATA_BUFFER, *PNTFS_VOLUME_DATA_BUFFER; |
| |
| typedef struct _NTFS_EXTENDED_VOLUME_DATA { |
| ULONG ByteCount; |
| USHORT MajorVersion; |
| USHORT MinorVersion; |
| } NTFS_EXTENDED_VOLUME_DATA, *PNTFS_EXTENDED_VOLUME_DATA; |
| |
| typedef struct _STARTING_LCN_INPUT_BUFFER { |
| LARGE_INTEGER StartingLcn; |
| } STARTING_LCN_INPUT_BUFFER, *PSTARTING_LCN_INPUT_BUFFER; |
| |
| typedef struct _VOLUME_BITMAP_BUFFER { |
| LARGE_INTEGER StartingLcn; |
| LARGE_INTEGER BitmapSize; |
| UCHAR Buffer[1]; |
| } VOLUME_BITMAP_BUFFER, *PVOLUME_BITMAP_BUFFER; |
| |
| typedef struct _STARTING_VCN_INPUT_BUFFER { |
| LARGE_INTEGER StartingVcn; |
| } STARTING_VCN_INPUT_BUFFER, *PSTARTING_VCN_INPUT_BUFFER; |
| |
| typedef struct _RETRIEVAL_POINTERS_BUFFER { |
| ULONG ExtentCount; |
| LARGE_INTEGER StartingVcn; |
| struct { |
| LARGE_INTEGER NextVcn; |
| LARGE_INTEGER Lcn; |
| } Extents[1]; |
| } RETRIEVAL_POINTERS_BUFFER, *PRETRIEVAL_POINTERS_BUFFER; |
| |
| typedef struct _NTFS_FILE_RECORD_INPUT_BUFFER { |
| LARGE_INTEGER FileReferenceNumber; |
| } NTFS_FILE_RECORD_INPUT_BUFFER, *PNTFS_FILE_RECORD_INPUT_BUFFER; |
| |
| typedef struct _NTFS_FILE_RECORD_OUTPUT_BUFFER { |
| LARGE_INTEGER FileReferenceNumber; |
| ULONG FileRecordLength; |
| UCHAR FileRecordBuffer[1]; |
| } NTFS_FILE_RECORD_OUTPUT_BUFFER, *PNTFS_FILE_RECORD_OUTPUT_BUFFER; |
| |
| typedef struct _MOVE_FILE_DATA { |
| HANDLE FileHandle; |
| LARGE_INTEGER StartingVcn; |
| LARGE_INTEGER StartingLcn; |
| ULONG ClusterCount; |
| } MOVE_FILE_DATA, *PMOVE_FILE_DATA; |
| |
| typedef struct _MOVE_FILE_RECORD_DATA { |
| HANDLE FileHandle; |
| LARGE_INTEGER SourceFileRecord; |
| LARGE_INTEGER TargetFileRecord; |
| } MOVE_FILE_RECORD_DATA, *PMOVE_FILE_RECORD_DATA; |
| |
| #if defined(_WIN64) |
| typedef struct _MOVE_FILE_DATA32 { |
| UINT32 FileHandle; |
| LARGE_INTEGER StartingVcn; |
| LARGE_INTEGER StartingLcn; |
| ULONG ClusterCount; |
| } MOVE_FILE_DATA32, *PMOVE_FILE_DATA32; |
| #endif |
| |
| #endif /* (_WIN32_WINNT >= 0x0400) */ |
| |
| #if (_WIN32_WINNT >= 0x0500) |
| |
| typedef struct _FIND_BY_SID_DATA { |
| ULONG Restart; |
| SID Sid; |
| } FIND_BY_SID_DATA, *PFIND_BY_SID_DATA; |
| |
| typedef struct _FIND_BY_SID_OUTPUT { |
| ULONG NextEntryOffset; |
| ULONG FileIndex; |
| ULONG FileNameLength; |
| WCHAR FileName[1]; |
| } FIND_BY_SID_OUTPUT, *PFIND_BY_SID_OUTPUT; |
| |
| typedef struct _MFT_ENUM_DATA { |
| ULONGLONG StartFileReferenceNumber; |
| USN LowUsn; |
| USN HighUsn; |
| } MFT_ENUM_DATA, *PMFT_ENUM_DATA; |
| |
| typedef struct _CREATE_USN_JOURNAL_DATA { |
| ULONGLONG MaximumSize; |
| ULONGLONG AllocationDelta; |
| } CREATE_USN_JOURNAL_DATA, *PCREATE_USN_JOURNAL_DATA; |
| |
| typedef struct _READ_USN_JOURNAL_DATA { |
| USN StartUsn; |
| ULONG ReasonMask; |
| ULONG ReturnOnlyOnClose; |
| ULONGLONG Timeout; |
| ULONGLONG BytesToWaitFor; |
| ULONGLONG UsnJournalID; |
| } READ_USN_JOURNAL_DATA, *PREAD_USN_JOURNAL_DATA; |
| |
| typedef struct _USN_RECORD { |
| ULONG RecordLength; |
| USHORT MajorVersion; |
| USHORT MinorVersion; |
| ULONGLONG FileReferenceNumber; |
| ULONGLONG ParentFileReferenceNumber; |
| USN Usn; |
| LARGE_INTEGER TimeStamp; |
| ULONG Reason; |
| ULONG SourceInfo; |
| ULONG SecurityId; |
| ULONG FileAttributes; |
| USHORT FileNameLength; |
| USHORT FileNameOffset; |
| WCHAR FileName[1]; |
| } USN_RECORD, *PUSN_RECORD; |
| |
| #define USN_PAGE_SIZE (0x1000) |
| |
| #define USN_REASON_DATA_OVERWRITE (0x00000001) |
| #define USN_REASON_DATA_EXTEND (0x00000002) |
| #define USN_REASON_DATA_TRUNCATION (0x00000004) |
| #define USN_REASON_NAMED_DATA_OVERWRITE (0x00000010) |
| #define USN_REASON_NAMED_DATA_EXTEND (0x00000020) |
| #define USN_REASON_NAMED_DATA_TRUNCATION (0x00000040) |
| #define USN_REASON_FILE_CREATE (0x00000100) |
| #define USN_REASON_FILE_DELETE (0x00000200) |
| #define USN_REASON_EA_CHANGE (0x00000400) |
| #define USN_REASON_SECURITY_CHANGE (0x00000800) |
| #define USN_REASON_RENAME_OLD_NAME (0x00001000) |
| #define USN_REASON_RENAME_NEW_NAME (0x00002000) |
| #define USN_REASON_INDEXABLE_CHANGE (0x00004000) |
| #define USN_REASON_BASIC_INFO_CHANGE (0x00008000) |
| #define USN_REASON_HARD_LINK_CHANGE (0x00010000) |
| #define USN_REASON_COMPRESSION_CHANGE (0x00020000) |
| #define USN_REASON_ENCRYPTION_CHANGE (0x00040000) |
| #define USN_REASON_OBJECT_ID_CHANGE (0x00080000) |
| #define USN_REASON_REPARSE_POINT_CHANGE (0x00100000) |
| #define USN_REASON_STREAM_CHANGE (0x00200000) |
| #define USN_REASON_TRANSACTED_CHANGE (0x00400000) |
| #define USN_REASON_CLOSE (0x80000000) |
| |
| typedef struct _USN_JOURNAL_DATA { |
| ULONGLONG UsnJournalID; |
| USN FirstUsn; |
| USN NextUsn; |
| USN LowestValidUsn; |
| USN MaxUsn; |
| ULONGLONG MaximumSize; |
| ULONGLONG AllocationDelta; |
| } USN_JOURNAL_DATA, *PUSN_JOURNAL_DATA; |
| |
| typedef struct _DELETE_USN_JOURNAL_DATA { |
| ULONGLONG UsnJournalID; |
| ULONG DeleteFlags; |
| } DELETE_USN_JOURNAL_DATA, *PDELETE_USN_JOURNAL_DATA; |
| |
| #define USN_DELETE_FLAG_DELETE (0x00000001) |
| #define USN_DELETE_FLAG_NOTIFY (0x00000002) |
| #define USN_DELETE_VALID_FLAGS (0x00000003) |
| |
| typedef struct _MARK_HANDLE_INFO { |
| ULONG UsnSourceInfo; |
| HANDLE VolumeHandle; |
| ULONG HandleInfo; |
| } MARK_HANDLE_INFO, *PMARK_HANDLE_INFO; |
| |
| #if defined(_WIN64) |
| typedef struct _MARK_HANDLE_INFO32 { |
| ULONG UsnSourceInfo; |
| UINT32 VolumeHandle; |
| ULONG HandleInfo; |
| } MARK_HANDLE_INFO32, *PMARK_HANDLE_INFO32; |
| #endif |
| |
| #define USN_SOURCE_DATA_MANAGEMENT (0x00000001) |
| #define USN_SOURCE_AUXILIARY_DATA (0x00000002) |
| #define USN_SOURCE_REPLICATION_MANAGEMENT (0x00000004) |
| |
| #define MARK_HANDLE_PROTECT_CLUSTERS (0x00000001) |
| #define MARK_HANDLE_TXF_SYSTEM_LOG (0x00000004) |
| #define MARK_HANDLE_NOT_TXF_SYSTEM_LOG (0x00000008) |
| |
| typedef struct _BULK_SECURITY_TEST_DATA { |
| ACCESS_MASK DesiredAccess; |
| ULONG SecurityIds[1]; |
| } BULK_SECURITY_TEST_DATA, *PBULK_SECURITY_TEST_DATA; |
| |
| #define VOLUME_IS_DIRTY (0x00000001) |
| #define VOLUME_UPGRADE_SCHEDULED (0x00000002) |
| #define VOLUME_SESSION_OPEN (0x00000004) |
| |
| typedef struct _FILE_PREFETCH { |
| ULONG Type; |
| ULONG Count; |
| ULONGLONG Prefetch[1]; |
| } FILE_PREFETCH, *PFILE_PREFETCH; |
| |
| typedef struct _FILE_PREFETCH_EX { |
| ULONG Type; |
| ULONG Count; |
| PVOID Context; |
| ULONGLONG Prefetch[1]; |
| } FILE_PREFETCH_EX, *PFILE_PREFETCH_EX; |
| |
| #define FILE_PREFETCH_TYPE_FOR_CREATE 0x1 |
| #define FILE_PREFETCH_TYPE_FOR_DIRENUM 0x2 |
| #define FILE_PREFETCH_TYPE_FOR_CREATE_EX 0x3 |
| #define FILE_PREFETCH_TYPE_FOR_DIRENUM_EX 0x4 |
| |
| #define FILE_PREFETCH_TYPE_MAX 0x4 |
| |
| typedef struct _FILE_OBJECTID_BUFFER { |
| UCHAR ObjectId[16]; |
| _ANONYMOUS_UNION union { |
| _ANONYMOUS_STRUCT struct { |
| UCHAR BirthVolumeId[16]; |
| UCHAR BirthObjectId[16]; |
| UCHAR DomainId[16]; |
| } DUMMYSTRUCTNAME; |
| UCHAR ExtendedInfo[48]; |
| } DUMMYUNIONNAME; |
| } FILE_OBJECTID_BUFFER, *PFILE_OBJECTID_BUFFER; |
| |
| typedef struct _FILE_SET_SPARSE_BUFFER { |
| BOOLEAN SetSparse; |
| } FILE_SET_SPARSE_BUFFER, *PFILE_SET_SPARSE_BUFFER; |
| |
| typedef struct _FILE_ZERO_DATA_INFORMATION { |
| LARGE_INTEGER FileOffset; |
| LARGE_INTEGER BeyondFinalZero; |
| } FILE_ZERO_DATA_INFORMATION, *PFILE_ZERO_DATA_INFORMATION; |
| |
| typedef struct _FILE_ALLOCATED_RANGE_BUFFER { |
| LARGE_INTEGER FileOffset; |
| LARGE_INTEGER Length; |
| } FILE_ALLOCATED_RANGE_BUFFER, *PFILE_ALLOCATED_RANGE_BUFFER; |
| |
| typedef struct _ENCRYPTION_BUFFER { |
| ULONG EncryptionOperation; |
| UCHAR Private[1]; |
| } ENCRYPTION_BUFFER, *PENCRYPTION_BUFFER; |
| |
| #define FILE_SET_ENCRYPTION 0x00000001 |
| #define FILE_CLEAR_ENCRYPTION 0x00000002 |
| #define STREAM_SET_ENCRYPTION 0x00000003 |
| #define STREAM_CLEAR_ENCRYPTION 0x00000004 |
| |
| #define MAXIMUM_ENCRYPTION_VALUE 0x00000004 |
| |
| typedef struct _DECRYPTION_STATUS_BUFFER { |
| BOOLEAN NoEncryptedStreams; |
| } DECRYPTION_STATUS_BUFFER, *PDECRYPTION_STATUS_BUFFER; |
| |
| #define ENCRYPTION_FORMAT_DEFAULT (0x01) |
| |
| #define COMPRESSION_FORMAT_SPARSE (0x4000) |
| |
| typedef struct _REQUEST_RAW_ENCRYPTED_DATA { |
| LONGLONG FileOffset; |
| ULONG Length; |
| } REQUEST_RAW_ENCRYPTED_DATA, *PREQUEST_RAW_ENCRYPTED_DATA; |
| |
| typedef struct _ENCRYPTED_DATA_INFO { |
| ULONGLONG StartingFileOffset; |
| ULONG OutputBufferOffset; |
| ULONG BytesWithinFileSize; |
| ULONG BytesWithinValidDataLength; |
| USHORT CompressionFormat; |
| UCHAR DataUnitShift; |
| UCHAR ChunkShift; |
| UCHAR ClusterShift; |
| UCHAR EncryptionFormat; |
| USHORT NumberOfDataBlocks; |
| ULONG DataBlockSize[ANYSIZE_ARRAY]; |
| } ENCRYPTED_DATA_INFO, *PENCRYPTED_DATA_INFO; |
| |
| typedef struct _PLEX_READ_DATA_REQUEST { |
| LARGE_INTEGER ByteOffset; |
| ULONG ByteLength; |
| ULONG PlexNumber; |
| } PLEX_READ_DATA_REQUEST, *PPLEX_READ_DATA_REQUEST; |
| |
| typedef struct _SI_COPYFILE { |
| ULONG SourceFileNameLength; |
| ULONG DestinationFileNameLength; |
| ULONG Flags; |
| WCHAR FileNameBuffer[1]; |
| } SI_COPYFILE, *PSI_COPYFILE; |
| |
| #define COPYFILE_SIS_LINK 0x0001 |
| #define COPYFILE_SIS_REPLACE 0x0002 |
| #define COPYFILE_SIS_FLAGS 0x0003 |
| |
| #endif /* (_WIN32_WINNT >= 0x0500) */ |
| |
| #if (_WIN32_WINNT >= 0x0600) |
| |
| typedef struct _FILE_MAKE_COMPATIBLE_BUFFER { |
| BOOLEAN CloseDisc; |
| } FILE_MAKE_COMPATIBLE_BUFFER, *PFILE_MAKE_COMPATIBLE_BUFFER; |
| |
| typedef struct _FILE_SET_DEFECT_MGMT_BUFFER { |
| BOOLEAN Disable; |
| } FILE_SET_DEFECT_MGMT_BUFFER, *PFILE_SET_DEFECT_MGMT_BUFFER; |
| |
| typedef struct _FILE_QUERY_SPARING_BUFFER { |
| ULONG SparingUnitBytes; |
| BOOLEAN SoftwareSparing; |
| ULONG TotalSpareBlocks; |
| ULONG FreeSpareBlocks; |
| } FILE_QUERY_SPARING_BUFFER, *PFILE_QUERY_SPARING_BUFFER; |
| |
| typedef struct _FILE_QUERY_ON_DISK_VOL_INFO_BUFFER { |
| LARGE_INTEGER DirectoryCount; |
| LARGE_INTEGER FileCount; |
| USHORT FsFormatMajVersion; |
| USHORT FsFormatMinVersion; |
| WCHAR FsFormatName[12]; |
| LARGE_INTEGER FormatTime; |
| LARGE_INTEGER LastUpdateTime; |
| WCHAR CopyrightInfo[34]; |
| WCHAR AbstractInfo[34]; |
| WCHAR FormattingImplementationInfo[34]; |
| WCHAR LastModifyingImplementationInfo[34]; |
| } FILE_QUERY_ON_DISK_VOL_INFO_BUFFER, *PFILE_QUERY_ON_DISK_VOL_INFO_BUFFER; |
| |
| #define SET_REPAIR_ENABLED (0x00000001) |
| #define SET_REPAIR_VOLUME_BITMAP_SCAN (0x00000002) |
| #define SET_REPAIR_DELETE_CROSSLINK (0x00000004) |
| #define SET_REPAIR_WARN_ABOUT_DATA_LOSS (0x00000008) |
| #define SET_REPAIR_DISABLED_AND_BUGCHECK_ON_CORRUPT (0x00000010) |
| #define SET_REPAIR_VALID_MASK (0x0000001F) |
| |
| typedef enum _SHRINK_VOLUME_REQUEST_TYPES { |
| ShrinkPrepare = 1, |
| ShrinkCommit, |
| ShrinkAbort |
| } SHRINK_VOLUME_REQUEST_TYPES, *PSHRINK_VOLUME_REQUEST_TYPES; |
| |
| typedef struct _SHRINK_VOLUME_INFORMATION { |
| SHRINK_VOLUME_REQUEST_TYPES ShrinkRequestType; |
| ULONGLONG Flags; |
| LONGLONG NewNumberOfSectors; |
| } SHRINK_VOLUME_INFORMATION, *PSHRINK_VOLUME_INFORMATION; |
| |
| #define TXFS_RM_FLAG_LOGGING_MODE 0x00000001 |
| #define TXFS_RM_FLAG_RENAME_RM 0x00000002 |
| #define TXFS_RM_FLAG_LOG_CONTAINER_COUNT_MAX 0x00000004 |
| #define TXFS_RM_FLAG_LOG_CONTAINER_COUNT_MIN 0x00000008 |
| #define TXFS_RM_FLAG_LOG_GROWTH_INCREMENT_NUM_CONTAINERS 0x00000010 |
| #define TXFS_RM_FLAG_LOG_GROWTH_INCREMENT_PERCENT 0x00000020 |
| #define TXFS_RM_FLAG_LOG_AUTO_SHRINK_PERCENTAGE 0x00000040 |
| #define TXFS_RM_FLAG_LOG_NO_CONTAINER_COUNT_MAX 0x00000080 |
| #define TXFS_RM_FLAG_LOG_NO_CONTAINER_COUNT_MIN 0x00000100 |
| #define TXFS_RM_FLAG_GROW_LOG 0x00000400 |
| #define TXFS_RM_FLAG_SHRINK_LOG 0x00000800 |
| #define TXFS_RM_FLAG_ENFORCE_MINIMUM_SIZE 0x00001000 |
| #define TXFS_RM_FLAG_PRESERVE_CHANGES 0x00002000 |
| #define TXFS_RM_FLAG_RESET_RM_AT_NEXT_START 0x00004000 |
| #define TXFS_RM_FLAG_DO_NOT_RESET_RM_AT_NEXT_START 0x00008000 |
| #define TXFS_RM_FLAG_PREFER_CONSISTENCY 0x00010000 |
| #define TXFS_RM_FLAG_PREFER_AVAILABILITY 0x00020000 |
| |
| #define TXFS_LOGGING_MODE_SIMPLE (0x0001) |
| #define TXFS_LOGGING_MODE_FULL (0x0002) |
| |
| #define TXFS_TRANSACTION_STATE_NONE 0x00 |
| #define TXFS_TRANSACTION_STATE_ACTIVE 0x01 |
| #define TXFS_TRANSACTION_STATE_PREPARED 0x02 |
| #define TXFS_TRANSACTION_STATE_NOTACTIVE 0x03 |
| |
| #define TXFS_MODIFY_RM_VALID_FLAGS (TXFS_RM_FLAG_LOGGING_MODE | \ |
| TXFS_RM_FLAG_RENAME_RM | \ |
| TXFS_RM_FLAG_LOG_CONTAINER_COUNT_MAX | \ |
| TXFS_RM_FLAG_LOG_CONTAINER_COUNT_MIN | \ |
| TXFS_RM_FLAG_LOG_GROWTH_INCREMENT_NUM_CONTAINERS | \ |
| TXFS_RM_FLAG_LOG_GROWTH_INCREMENT_PERCENT | \ |
| TXFS_RM_FLAG_LOG_AUTO_SHRINK_PERCENTAGE | \ |
| TXFS_RM_FLAG_LOG_NO_CONTAINER_COUNT_MAX | \ |
| TXFS_RM_FLAG_LOG_NO_CONTAINER_COUNT_MIN | \ |
| TXFS_RM_FLAG_SHRINK_LOG | \ |
| TXFS_RM_FLAG_GROW_LOG | \ |
| TXFS_RM_FLAG_ENFORCE_MINIMUM_SIZE | \ |
| TXFS_RM_FLAG_PRESERVE_CHANGES | \ |
| TXFS_RM_FLAG_RESET_RM_AT_NEXT_START | \ |
| TXFS_RM_FLAG_DO_NOT_RESET_RM_AT_NEXT_START | \ |
| TXFS_RM_FLAG_PREFER_CONSISTENCY | \ |
| TXFS_RM_FLAG_PREFER_AVAILABILITY) |
| |
| typedef struct _TXFS_MODIFY_RM { |
| ULONG Flags; |
| ULONG LogContainerCountMax; |
| ULONG LogContainerCountMin; |
| ULONG LogContainerCount; |
| ULONG LogGrowthIncrement; |
| ULONG LogAutoShrinkPercentage; |
| ULONGLONG Reserved; |
| USHORT LoggingMode; |
| } TXFS_MODIFY_RM, *PTXFS_MODIFY_RM; |
| |
| #define TXFS_RM_STATE_NOT_STARTED 0 |
| #define TXFS_RM_STATE_STARTING 1 |
| #define TXFS_RM_STATE_ACTIVE 2 |
| #define TXFS_RM_STATE_SHUTTING_DOWN 3 |
| |
| #define TXFS_QUERY_RM_INFORMATION_VALID_FLAGS \ |
| (TXFS_RM_FLAG_LOG_GROWTH_INCREMENT_NUM_CONTAINERS | \ |
| TXFS_RM_FLAG_LOG_GROWTH_INCREMENT_PERCENT | \ |
| TXFS_RM_FLAG_LOG_NO_CONTAINER_COUNT_MAX | \ |
| TXFS_RM_FLAG_LOG_NO_CONTAINER_COUNT_MIN | \ |
| TXFS_RM_FLAG_RESET_RM_AT_NEXT_START | \ |
| TXFS_RM_FLAG_DO_NOT_RESET_RM_AT_NEXT_START | \ |
| TXFS_RM_FLAG_PREFER_CONSISTENCY | \ |
| TXFS_RM_FLAG_PREFER_AVAILABILITY) |
| |
| typedef struct _TXFS_QUERY_RM_INFORMATION { |
| ULONG BytesRequired; |
| ULONGLONG TailLsn; |
| ULONGLONG CurrentLsn; |
| ULONGLONG ArchiveTailLsn; |
| ULONGLONG LogContainerSize; |
| LARGE_INTEGER HighestVirtualClock; |
| ULONG LogContainerCount; |
| ULONG LogContainerCountMax; |
| ULONG LogContainerCountMin; |
| ULONG LogGrowthIncrement; |
| ULONG LogAutoShrinkPercentage; |
| ULONG Flags; |
| USHORT LoggingMode; |
| USHORT Reserved; |
| ULONG RmState; |
| ULONGLONG LogCapacity; |
| ULONGLONG LogFree; |
| ULONGLONG TopsSize; |
| ULONGLONG TopsUsed; |
| ULONGLONG TransactionCount; |
| ULONGLONG OnePCCount; |
| ULONGLONG TwoPCCount; |
| ULONGLONG NumberLogFileFull; |
| ULONGLONG OldestTransactionAge; |
| GUID RMName; |
| ULONG TmLogPathOffset; |
| } TXFS_QUERY_RM_INFORMATION, *PTXFS_QUERY_RM_INFORMATION; |
| |
| #define TXFS_ROLLFORWARD_REDO_FLAG_USE_LAST_REDO_LSN 0x01 |
| #define TXFS_ROLLFORWARD_REDO_FLAG_USE_LAST_VIRTUAL_CLOCK 0x02 |
| |
| #define TXFS_ROLLFORWARD_REDO_VALID_FLAGS \ |
| (TXFS_ROLLFORWARD_REDO_FLAG_USE_LAST_REDO_LSN | \ |
| TXFS_ROLLFORWARD_REDO_FLAG_USE_LAST_VIRTUAL_CLOCK) |
| |
| typedef struct _TXFS_ROLLFORWARD_REDO_INFORMATION { |
| LARGE_INTEGER LastVirtualClock; |
| ULONGLONG LastRedoLsn; |
| ULONGLONG HighestRecoveryLsn; |
| ULONG Flags; |
| } TXFS_ROLLFORWARD_REDO_INFORMATION, *PTXFS_ROLLFORWARD_REDO_INFORMATION; |
| |
| #define TXFS_START_RM_FLAG_LOG_CONTAINER_COUNT_MAX 0x00000001 |
| #define TXFS_START_RM_FLAG_LOG_CONTAINER_COUNT_MIN 0x00000002 |
| #define TXFS_START_RM_FLAG_LOG_CONTAINER_SIZE 0x00000004 |
| #define TXFS_START_RM_FLAG_LOG_GROWTH_INCREMENT_NUM_CONTAINERS 0x00000008 |
| #define TXFS_START_RM_FLAG_LOG_GROWTH_INCREMENT_PERCENT 0x00000010 |
| #define TXFS_START_RM_FLAG_LOG_AUTO_SHRINK_PERCENTAGE 0x00000020 |
| #define TXFS_START_RM_FLAG_LOG_NO_CONTAINER_COUNT_MAX 0x00000040 |
| #define TXFS_START_RM_FLAG_LOG_NO_CONTAINER_COUNT_MIN 0x00000080 |
| |
| #define TXFS_START_RM_FLAG_RECOVER_BEST_EFFORT 0x00000200 |
| #define TXFS_START_RM_FLAG_LOGGING_MODE 0x00000400 |
| #define TXFS_START_RM_FLAG_PRESERVE_CHANGES 0x00000800 |
| |
| #define TXFS_START_RM_FLAG_PREFER_CONSISTENCY 0x00001000 |
| #define TXFS_START_RM_FLAG_PREFER_AVAILABILITY 0x00002000 |
| |
| #define TXFS_START_RM_VALID_FLAGS \ |
| (TXFS_START_RM_FLAG_LOG_CONTAINER_COUNT_MAX | \ |
| TXFS_START_RM_FLAG_LOG_CONTAINER_COUNT_MIN | \ |
| TXFS_START_RM_FLAG_LOG_CONTAINER_SIZE | \ |
| TXFS_START_RM_FLAG_LOG_GROWTH_INCREMENT_NUM_CONTAINERS | \ |
| TXFS_START_RM_FLAG_LOG_GROWTH_INCREMENT_PERCENT | \ |
| TXFS_START_RM_FLAG_LOG_AUTO_SHRINK_PERCENTAGE | \ |
| TXFS_START_RM_FLAG_RECOVER_BEST_EFFORT | \ |
| TXFS_START_RM_FLAG_LOG_NO_CONTAINER_COUNT_MAX | \ |
| TXFS_START_RM_FLAG_LOGGING_MODE | \ |
| TXFS_START_RM_FLAG_PRESERVE_CHANGES | \ |
| TXFS_START_RM_FLAG_PREFER_CONSISTENCY | \ |
| TXFS_START_RM_FLAG_PREFER_AVAILABILITY) |
| |
| typedef struct _TXFS_START_RM_INFORMATION { |
| ULONG Flags; |
| ULONGLONG LogContainerSize; |
| ULONG LogContainerCountMin; |
| ULONG LogContainerCountMax; |
| ULONG LogGrowthIncrement; |
| ULONG LogAutoShrinkPercentage; |
| ULONG TmLogPathOffset; |
| USHORT TmLogPathLength; |
| USHORT LoggingMode; |
| USHORT LogPathLength; |
| USHORT Reserved; |
| WCHAR LogPath[1]; |
| } TXFS_START_RM_INFORMATION, *PTXFS_START_RM_INFORMATION; |
| |
| typedef struct _TXFS_GET_METADATA_INFO_OUT { |
| struct { |
| LONGLONG LowPart; |
| LONGLONG HighPart; |
| } TxfFileId; |
| GUID LockingTransaction; |
| ULONGLONG LastLsn; |
| ULONG TransactionState; |
| } TXFS_GET_METADATA_INFO_OUT, *PTXFS_GET_METADATA_INFO_OUT; |
| |
| #define TXFS_LIST_TRANSACTION_LOCKED_FILES_ENTRY_FLAG_CREATED 0x00000001 |
| #define TXFS_LIST_TRANSACTION_LOCKED_FILES_ENTRY_FLAG_DELETED 0x00000002 |
| |
| typedef struct _TXFS_LIST_TRANSACTION_LOCKED_FILES_ENTRY { |
| ULONGLONG Offset; |
| ULONG NameFlags; |
| LONGLONG FileId; |
| ULONG Reserved1; |
| ULONG Reserved2; |
| LONGLONG Reserved3; |
| WCHAR FileName[1]; |
| } TXFS_LIST_TRANSACTION_LOCKED_FILES_ENTRY, *PTXFS_LIST_TRANSACTION_LOCKED_FILES_ENTRY; |
| |
| typedef struct _TXFS_LIST_TRANSACTION_LOCKED_FILES { |
| GUID KtmTransaction; |
| ULONGLONG NumberOfFiles; |
| ULONGLONG BufferSizeRequired; |
| ULONGLONG Offset; |
| } TXFS_LIST_TRANSACTION_LOCKED_FILES, *PTXFS_LIST_TRANSACTION_LOCKED_FILES; |
| |
| typedef struct _TXFS_LIST_TRANSACTIONS_ENTRY { |
| GUID TransactionId; |
| ULONG TransactionState; |
| ULONG Reserved1; |
| ULONG Reserved2; |
| LONGLONG Reserved3; |
| } TXFS_LIST_TRANSACTIONS_ENTRY, *PTXFS_LIST_TRANSACTIONS_ENTRY; |
| |
| typedef struct _TXFS_LIST_TRANSACTIONS { |
| ULONGLONG NumberOfTransactions; |
| ULONGLONG BufferSizeRequired; |
| } TXFS_LIST_TRANSACTIONS, *PTXFS_LIST_TRANSACTIONS; |
| |
| typedef struct _TXFS_READ_BACKUP_INFORMATION_OUT { |
| _ANONYMOUS_UNION union { |
| ULONG BufferLength; |
| UCHAR Buffer[1]; |
| } DUMMYUNIONNAME; |
| } TXFS_READ_BACKUP_INFORMATION_OUT, *PTXFS_READ_BACKUP_INFORMATION_OUT; |
| |
| typedef struct _TXFS_WRITE_BACKUP_INFORMATION { |
| UCHAR Buffer[1]; |
| } TXFS_WRITE_BACKUP_INFORMATION, *PTXFS_WRITE_BACKUP_INFORMATION; |
| |
| #define TXFS_TRANSACTED_VERSION_NONTRANSACTED 0xFFFFFFFE |
| #define TXFS_TRANSACTED_VERSION_UNCOMMITTED 0xFFFFFFFF |
| |
| typedef struct _TXFS_GET_TRANSACTED_VERSION { |
| ULONG ThisBaseVersion; |
| ULONG LatestVersion; |
| USHORT ThisMiniVersion; |
| USHORT FirstMiniVersion; |
| USHORT LatestMiniVersion; |
| } TXFS_GET_TRANSACTED_VERSION, *PTXFS_GET_TRANSACTED_VERSION; |
| |
| #define TXFS_SAVEPOINT_SET 0x00000001 |
| #define TXFS_SAVEPOINT_ROLLBACK 0x00000002 |
| #define TXFS_SAVEPOINT_CLEAR 0x00000004 |
| #define TXFS_SAVEPOINT_CLEAR_ALL 0x00000010 |
| |
| typedef struct _TXFS_SAVEPOINT_INFORMATION { |
| HANDLE KtmTransaction; |
| ULONG ActionCode; |
| ULONG SavepointId; |
| } TXFS_SAVEPOINT_INFORMATION, *PTXFS_SAVEPOINT_INFORMATION; |
| |
| typedef struct _TXFS_CREATE_MINIVERSION_INFO { |
| USHORT StructureVersion; |
| USHORT StructureLength; |
| ULONG BaseVersion; |
| USHORT MiniVersion; |
| } TXFS_CREATE_MINIVERSION_INFO, *PTXFS_CREATE_MINIVERSION_INFO; |
| |
| typedef struct _TXFS_TRANSACTION_ACTIVE_INFO { |
| BOOLEAN TransactionsActiveAtSnapshot; |
| } TXFS_TRANSACTION_ACTIVE_INFO, *PTXFS_TRANSACTION_ACTIVE_INFO; |
| |
| #endif /* (_WIN32_WINNT >= 0x0600) */ |
| |
| #if (_WIN32_WINNT >= 0x0601) |
| |
| #define MARK_HANDLE_REALTIME (0x00000020) |
| #define MARK_HANDLE_NOT_REALTIME (0x00000040) |
| |
| #define NO_8DOT3_NAME_PRESENT (0x00000001) |
| #define REMOVED_8DOT3_NAME (0x00000002) |
| |
| #define PERSISTENT_VOLUME_STATE_SHORT_NAME_CREATION_DISABLED (0x00000001) |
| |
| typedef struct _BOOT_AREA_INFO { |
| ULONG BootSectorCount; |
| struct { |
| LARGE_INTEGER Offset; |
| } BootSectors[2]; |
| } BOOT_AREA_INFO, *PBOOT_AREA_INFO; |
| |
| typedef struct _RETRIEVAL_POINTER_BASE { |
| LARGE_INTEGER FileAreaOffset; |
| } RETRIEVAL_POINTER_BASE, *PRETRIEVAL_POINTER_BASE; |
| |
| typedef struct _FILE_FS_PERSISTENT_VOLUME_INFORMATION { |
| ULONG VolumeFlags; |
| ULONG FlagMask; |
| ULONG Version; |
| ULONG Reserved; |
| } FILE_FS_PERSISTENT_VOLUME_INFORMATION, *PFILE_FS_PERSISTENT_VOLUME_INFORMATION; |
| |
| typedef struct _FILE_SYSTEM_RECOGNITION_INFORMATION { |
| CHAR FileSystem[9]; |
| } FILE_SYSTEM_RECOGNITION_INFORMATION, *PFILE_SYSTEM_RECOGNITION_INFORMATION; |
| |
| #define OPLOCK_LEVEL_CACHE_READ (0x00000001) |
| #define OPLOCK_LEVEL_CACHE_HANDLE (0x00000002) |
| #define OPLOCK_LEVEL_CACHE_WRITE (0x00000004) |
| |
| #define REQUEST_OPLOCK_INPUT_FLAG_REQUEST (0x00000001) |
| #define REQUEST_OPLOCK_INPUT_FLAG_ACK (0x00000002) |
| #define REQUEST_OPLOCK_INPUT_FLAG_COMPLETE_ACK_ON_CLOSE (0x00000004) |
| |
| #define REQUEST_OPLOCK_CURRENT_VERSION 1 |
| |
| typedef struct _REQUEST_OPLOCK_INPUT_BUFFER { |
| USHORT StructureVersion; |
| USHORT StructureLength; |
| ULONG RequestedOplockLevel; |
| ULONG Flags; |
| } REQUEST_OPLOCK_INPUT_BUFFER, *PREQUEST_OPLOCK_INPUT_BUFFER; |
| |
| #define REQUEST_OPLOCK_OUTPUT_FLAG_ACK_REQUIRED (0x00000001) |
| #define REQUEST_OPLOCK_OUTPUT_FLAG_MODES_PROVIDED (0x00000002) |
| |
| typedef struct _REQUEST_OPLOCK_OUTPUT_BUFFER { |
| USHORT StructureVersion; |
| USHORT StructureLength; |
| ULONG OriginalOplockLevel; |
| ULONG NewOplockLevel; |
| ULONG Flags; |
| ACCESS_MASK AccessMode; |
| USHORT ShareMode; |
| } REQUEST_OPLOCK_OUTPUT_BUFFER, *PREQUEST_OPLOCK_OUTPUT_BUFFER; |
| |
| #define SD_GLOBAL_CHANGE_TYPE_MACHINE_SID 1 |
| |
| typedef struct _SD_CHANGE_MACHINE_SID_INPUT { |
| USHORT CurrentMachineSIDOffset; |
| USHORT CurrentMachineSIDLength; |
| USHORT NewMachineSIDOffset; |
| USHORT NewMachineSIDLength; |
| } SD_CHANGE_MACHINE_SID_INPUT, *PSD_CHANGE_MACHINE_SID_INPUT; |
| |
| typedef struct _SD_CHANGE_MACHINE_SID_OUTPUT { |
| ULONGLONG NumSDChangedSuccess; |
| ULONGLONG NumSDChangedFail; |
| ULONGLONG NumSDUnused; |
| ULONGLONG NumSDTotal; |
| ULONGLONG NumMftSDChangedSuccess; |
| ULONGLONG NumMftSDChangedFail; |
| ULONGLONG NumMftSDTotal; |
| } SD_CHANGE_MACHINE_SID_OUTPUT, *PSD_CHANGE_MACHINE_SID_OUTPUT; |
| |
| typedef struct _SD_GLOBAL_CHANGE_INPUT { |
| ULONG Flags; |
| ULONG ChangeType; |
| _ANONYMOUS_UNION union { |
| SD_CHANGE_MACHINE_SID_INPUT SdChange; |
| } DUMMYUNIONNAME; |
| } SD_GLOBAL_CHANGE_INPUT, *PSD_GLOBAL_CHANGE_INPUT; |
| |
| typedef struct _SD_GLOBAL_CHANGE_OUTPUT { |
| ULONG Flags; |
| ULONG ChangeType; |
| _ANONYMOUS_UNION union { |
| SD_CHANGE_MACHINE_SID_OUTPUT SdChange; |
| } DUMMYUNIONNAME; |
| } SD_GLOBAL_CHANGE_OUTPUT, *PSD_GLOBAL_CHANGE_OUTPUT; |
| |
| #define ENCRYPTED_DATA_INFO_SPARSE_FILE 1 |
| |
| typedef struct _EXTENDED_ENCRYPTED_DATA_INFO { |
| ULONG ExtendedCode; |
| ULONG Length; |
| ULONG Flags; |
| ULONG Reserved; |
| } EXTENDED_ENCRYPTED_DATA_INFO, *PEXTENDED_ENCRYPTED_DATA_INFO; |
| |
| typedef struct _LOOKUP_STREAM_FROM_CLUSTER_INPUT { |
| ULONG Flags; |
| ULONG NumberOfClusters; |
| LARGE_INTEGER Cluster[1]; |
| } LOOKUP_STREAM_FROM_CLUSTER_INPUT, *PLOOKUP_STREAM_FROM_CLUSTER_INPUT; |
| |
| typedef struct _LOOKUP_STREAM_FROM_CLUSTER_OUTPUT { |
| ULONG Offset; |
| ULONG NumberOfMatches; |
| ULONG BufferSizeRequired; |
| } LOOKUP_STREAM_FROM_CLUSTER_OUTPUT, *PLOOKUP_STREAM_FROM_CLUSTER_OUTPUT; |
| |
| #define LOOKUP_STREAM_FROM_CLUSTER_ENTRY_FLAG_PAGE_FILE 0x00000001 |
| #define LOOKUP_STREAM_FROM_CLUSTER_ENTRY_FLAG_DENY_DEFRAG_SET 0x00000002 |
| #define LOOKUP_STREAM_FROM_CLUSTER_ENTRY_FLAG_FS_SYSTEM_FILE 0x00000004 |
| #define LOOKUP_STREAM_FROM_CLUSTER_ENTRY_FLAG_TXF_SYSTEM_FILE 0x00000008 |
| |
| #define LOOKUP_STREAM_FROM_CLUSTER_ENTRY_ATTRIBUTE_MASK 0xff000000 |
| #define LOOKUP_STREAM_FROM_CLUSTER_ENTRY_ATTRIBUTE_DATA 0x01000000 |
| #define LOOKUP_STREAM_FROM_CLUSTER_ENTRY_ATTRIBUTE_INDEX 0x02000000 |
| #define LOOKUP_STREAM_FROM_CLUSTER_ENTRY_ATTRIBUTE_SYSTEM 0x03000000 |
| |
| typedef struct _LOOKUP_STREAM_FROM_CLUSTER_ENTRY { |
| ULONG OffsetToNext; |
| ULONG Flags; |
| LARGE_INTEGER Reserved; |
| LARGE_INTEGER Cluster; |
| WCHAR FileName[1]; |
| } LOOKUP_STREAM_FROM_CLUSTER_ENTRY, *PLOOKUP_STREAM_FROM_CLUSTER_ENTRY; |
| |
| typedef struct _FILE_TYPE_NOTIFICATION_INPUT { |
| ULONG Flags; |
| ULONG NumFileTypeIDs; |
| GUID FileTypeID[1]; |
| } FILE_TYPE_NOTIFICATION_INPUT, *PFILE_TYPE_NOTIFICATION_INPUT; |
| |
| #define FILE_TYPE_NOTIFICATION_FLAG_USAGE_BEGIN 0x00000001 |
| #define FILE_TYPE_NOTIFICATION_FLAG_USAGE_END 0x00000002 |
| |
| DEFINE_GUID(FILE_TYPE_NOTIFICATION_GUID_PAGE_FILE, 0x0d0a64a1, 0x38fc, 0x4db8, 0x9f, 0xe7, 0x3f, 0x43, 0x52, 0xcd, 0x7c, 0x5c); |
| DEFINE_GUID(FILE_TYPE_NOTIFICATION_GUID_HIBERNATION_FILE, 0xb7624d64, 0xb9a3, 0x4cf8, 0x80, 0x11, 0x5b, 0x86, 0xc9, 0x40, 0xe7, 0xb7); |
| DEFINE_GUID(FILE_TYPE_NOTIFICATION_GUID_CRASHDUMP_FILE, 0x9d453eb7, 0xd2a6, 0x4dbd, 0xa2, 0xe3, 0xfb, 0xd0, 0xed, 0x91, 0x09, 0xa9); |
| |
| #ifndef _VIRTUAL_STORAGE_TYPE_DEFINED |
| #define _VIRTUAL_STORAGE_TYPE_DEFINED |
| typedef struct _VIRTUAL_STORAGE_TYPE { |
| ULONG DeviceId; |
| GUID VendorId; |
| } VIRTUAL_STORAGE_TYPE, *PVIRTUAL_STORAGE_TYPE; |
| #endif |
| |
| typedef struct _STORAGE_QUERY_DEPENDENT_VOLUME_REQUEST { |
| ULONG RequestLevel; |
| ULONG RequestFlags; |
| } STORAGE_QUERY_DEPENDENT_VOLUME_REQUEST, *PSTORAGE_QUERY_DEPENDENT_VOLUME_REQUEST; |
| |
| #define QUERY_DEPENDENT_VOLUME_REQUEST_FLAG_HOST_VOLUMES 0x1 |
| #define QUERY_DEPENDENT_VOLUME_REQUEST_FLAG_GUEST_VOLUMES 0x2 |
| |
| typedef struct _STORAGE_QUERY_DEPENDENT_VOLUME_LEV1_ENTRY { |
| ULONG EntryLength; |
| ULONG DependencyTypeFlags; |
| ULONG ProviderSpecificFlags; |
| VIRTUAL_STORAGE_TYPE VirtualStorageType; |
| } STORAGE_QUERY_DEPENDENT_VOLUME_LEV1_ENTRY, *PSTORAGE_QUERY_DEPENDENT_VOLUME_LEV1_ENTRY; |
| |
| typedef struct _STORAGE_QUERY_DEPENDENT_VOLUME_LEV2_ENTRY { |
| ULONG EntryLength; |
| ULONG DependencyTypeFlags; |
| ULONG ProviderSpecificFlags; |
| VIRTUAL_STORAGE_TYPE VirtualStorageType; |
| ULONG AncestorLevel; |
| ULONG HostVolumeNameOffset; |
| ULONG HostVolumeNameSize; |
| ULONG DependentVolumeNameOffset; |
| ULONG DependentVolumeNameSize; |
| ULONG RelativePathOffset; |
| ULONG RelativePathSize; |
| ULONG DependentDeviceNameOffset; |
| ULONG DependentDeviceNameSize; |
| } STORAGE_QUERY_DEPENDENT_VOLUME_LEV2_ENTRY, *PSTORAGE_QUERY_DEPENDENT_VOLUME_LEV2_ENTRY; |
| |
| typedef struct _STORAGE_QUERY_DEPENDENT_VOLUME_RESPONSE { |
| ULONG ResponseLevel; |
| ULONG NumberEntries; |
| _ANONYMOUS_UNION union { |
| STORAGE_QUERY_DEPENDENT_VOLUME_LEV1_ENTRY Lev1Depends[]; |
| STORAGE_QUERY_DEPENDENT_VOLUME_LEV2_ENTRY Lev2Depends[]; |
| } DUMMYUNIONNAME; |
| } STORAGE_QUERY_DEPENDENT_VOLUME_RESPONSE, *PSTORAGE_QUERY_DEPENDENT_VOLUME_RESPONSE; |
| |
| #endif /* (_WIN32_WINNT >= 0x0601) */ |
| |
| typedef struct _FILESYSTEM_STATISTICS { |
| USHORT FileSystemType; |
| USHORT Version; |
| ULONG SizeOfCompleteStructure; |
| ULONG UserFileReads; |
| ULONG UserFileReadBytes; |
| ULONG UserDiskReads; |
| ULONG UserFileWrites; |
| ULONG UserFileWriteBytes; |
| ULONG UserDiskWrites; |
| ULONG MetaDataReads; |
| ULONG MetaDataReadBytes; |
| ULONG MetaDataDiskReads; |
| ULONG MetaDataWrites; |
| ULONG MetaDataWriteBytes; |
| ULONG MetaDataDiskWrites; |
| } FILESYSTEM_STATISTICS, *PFILESYSTEM_STATISTICS; |
| |
| #define FILESYSTEM_STATISTICS_TYPE_NTFS 1 |
| #define FILESYSTEM_STATISTICS_TYPE_FAT 2 |
| #define FILESYSTEM_STATISTICS_TYPE_EXFAT 3 |
| |
| typedef struct _FAT_STATISTICS { |
| ULONG CreateHits; |
| ULONG SuccessfulCreates; |
| ULONG FailedCreates; |
| ULONG NonCachedReads; |
| ULONG NonCachedReadBytes; |
| ULONG NonCachedWrites; |
| ULONG NonCachedWriteBytes; |
| ULONG NonCachedDiskReads; |
| ULONG NonCachedDiskWrites; |
| } FAT_STATISTICS, *PFAT_STATISTICS; |
| |
| typedef struct _EXFAT_STATISTICS { |
| ULONG CreateHits; |
| ULONG SuccessfulCreates; |
| ULONG FailedCreates; |
| ULONG NonCachedReads; |
| ULONG NonCachedReadBytes; |
| ULONG NonCachedWrites; |
| ULONG NonCachedWriteBytes; |
| ULONG NonCachedDiskReads; |
| ULONG NonCachedDiskWrites; |
| } EXFAT_STATISTICS, *PEXFAT_STATISTICS; |
| |
| typedef struct _NTFS_STATISTICS { |
| ULONG LogFileFullExceptions; |
| ULONG OtherExceptions; |
| ULONG MftReads; |
| ULONG MftReadBytes; |
| ULONG MftWrites; |
| ULONG MftWriteBytes; |
| struct { |
| USHORT Write; |
| USHORT Create; |
| USHORT SetInfo; |
| USHORT Flush; |
| } MftWritesUserLevel; |
| USHORT MftWritesFlushForLogFileFull; |
| USHORT MftWritesLazyWriter; |
| USHORT MftWritesUserRequest; |
| ULONG Mft2Writes; |
| ULONG Mft2WriteBytes; |
| struct { |
| USHORT Write; |
| USHORT Create; |
| USHORT SetInfo; |
| USHORT Flush; |
| } Mft2WritesUserLevel; |
| USHORT Mft2WritesFlushForLogFileFull; |
| USHORT Mft2WritesLazyWriter; |
| USHORT Mft2WritesUserRequest; |
| ULONG RootIndexReads; |
| ULONG RootIndexReadBytes; |
| ULONG RootIndexWrites; |
| ULONG RootIndexWriteBytes; |
| ULONG BitmapReads; |
| ULONG BitmapReadBytes; |
| ULONG BitmapWrites; |
| ULONG BitmapWriteBytes; |
| USHORT BitmapWritesFlushForLogFileFull; |
| USHORT BitmapWritesLazyWriter; |
| USHORT BitmapWritesUserRequest; |
| struct { |
| USHORT Write; |
| USHORT Create; |
| USHORT SetInfo; |
| } BitmapWritesUserLevel; |
| ULONG MftBitmapReads; |
| ULONG MftBitmapReadBytes; |
| ULONG MftBitmapWrites; |
| ULONG MftBitmapWriteBytes; |
| USHORT MftBitmapWritesFlushForLogFileFull; |
| USHORT MftBitmapWritesLazyWriter; |
| USHORT MftBitmapWritesUserRequest; |
| struct { |
| USHORT Write; |
| USHORT Create; |
| USHORT SetInfo; |
| USHORT Flush; |
| } MftBitmapWritesUserLevel; |
| ULONG UserIndexReads; |
| ULONG UserIndexReadBytes; |
| ULONG UserIndexWrites; |
| ULONG UserIndexWriteBytes; |
| ULONG LogFileReads; |
| ULONG LogFileReadBytes; |
| ULONG LogFileWrites; |
| ULONG LogFileWriteBytes; |
| struct { |
| ULONG Calls; |
| ULONG Clusters; |
| ULONG Hints; |
| ULONG RunsReturned; |
| ULONG HintsHonored; |
| ULONG HintsClusters; |
| ULONG Cache; |
| ULONG CacheClusters; |
| ULONG CacheMiss; |
| ULONG CacheMissClusters; |
| } Allocate; |
| } NTFS_STATISTICS, *PNTFS_STATISTICS; |
| |
| #endif /* _FILESYSTEMFSCTL_ */ |
| |
| #define SYMLINK_FLAG_RELATIVE 1 |
| |
| typedef struct _REPARSE_DATA_BUFFER { |
| ULONG ReparseTag; |
| USHORT ReparseDataLength; |
| USHORT Reserved; |
| _ANONYMOUS_UNION union { |
| struct { |
| USHORT SubstituteNameOffset; |
| USHORT SubstituteNameLength; |
| USHORT PrintNameOffset; |
| USHORT PrintNameLength; |
| ULONG Flags; |
| WCHAR PathBuffer[1]; |
| } SymbolicLinkReparseBuffer; |
| struct { |
| USHORT SubstituteNameOffset; |
| USHORT SubstituteNameLength; |
| USHORT PrintNameOffset; |
| USHORT PrintNameLength; |
| WCHAR PathBuffer[1]; |
| } MountPointReparseBuffer; |
| struct { |
| UCHAR DataBuffer[1]; |
| } GenericReparseBuffer; |
| } DUMMYUNIONNAME; |
| } REPARSE_DATA_BUFFER, *PREPARSE_DATA_BUFFER; |
| |
| #define REPARSE_DATA_BUFFER_HEADER_SIZE FIELD_OFFSET(REPARSE_DATA_BUFFER, GenericReparseBuffer) |
| |
| typedef struct _REPARSE_GUID_DATA_BUFFER { |
| ULONG ReparseTag; |
| USHORT ReparseDataLength; |
| USHORT Reserved; |
| GUID ReparseGuid; |
| struct { |
| UCHAR DataBuffer[1]; |
| } GenericReparseBuffer; |
| } REPARSE_GUID_DATA_BUFFER, *PREPARSE_GUID_DATA_BUFFER; |
| |
| #define REPARSE_GUID_DATA_BUFFER_HEADER_SIZE FIELD_OFFSET(REPARSE_GUID_DATA_BUFFER, GenericReparseBuffer) |
| |
| #define MAXIMUM_REPARSE_DATA_BUFFER_SIZE ( 16 * 1024 ) |
| |
| /* Reserved reparse tags */ |
| #define IO_REPARSE_TAG_RESERVED_ZERO (0) |
| #define IO_REPARSE_TAG_RESERVED_ONE (1) |
| #define IO_REPARSE_TAG_RESERVED_RANGE IO_REPARSE_TAG_RESERVED_ONE |
| |
| #define IsReparseTagMicrosoft(_tag) (((_tag) & 0x80000000)) |
| #define IsReparseTagNameSurrogate(_tag) (((_tag) & 0x20000000)) |
| |
| #define IO_REPARSE_TAG_VALID_VALUES (0xF000FFFF) |
| |
| #define IsReparseTagValid(tag) ( \ |
| !((tag) & ~IO_REPARSE_TAG_VALID_VALUES) && \ |
| ((tag) > IO_REPARSE_TAG_RESERVED_RANGE) \ |
| ) |
| |
| /* MicroSoft reparse point tags */ |
| #define IO_REPARSE_TAG_MOUNT_POINT (0xA0000003L) |
| #define IO_REPARSE_TAG_HSM (0xC0000004L) |
| #define IO_REPARSE_TAG_DRIVE_EXTENDER (0x80000005L) |
| #define IO_REPARSE_TAG_HSM2 (0x80000006L) |
| #define IO_REPARSE_TAG_SIS (0x80000007L) |
| #define IO_REPARSE_TAG_WIM (0x80000008L) |
| #define IO_REPARSE_TAG_CSV (0x80000009L) |
| #define IO_REPARSE_TAG_DFS (0x8000000AL) |
| #define IO_REPARSE_TAG_FILTER_MANAGER (0x8000000BL) |
| #define IO_REPARSE_TAG_SYMLINK (0xA000000CL) |
| #define IO_REPARSE_TAG_IIS_CACHE (0xA0000010L) |
| #define IO_REPARSE_TAG_DFSR (0x80000012L) |
| |
| #pragma pack(4) |
| typedef struct _REPARSE_INDEX_KEY { |
| ULONG FileReparseTag; |
| LARGE_INTEGER FileId; |
| } REPARSE_INDEX_KEY, *PREPARSE_INDEX_KEY; |
| #pragma pack() |
| |
| #define FSCTL_LMR_GET_LINK_TRACKING_INFORMATION CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM,58,METHOD_BUFFERED,FILE_ANY_ACCESS) |
| #define FSCTL_LMR_SET_LINK_TRACKING_INFORMATION CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM,59,METHOD_BUFFERED,FILE_ANY_ACCESS) |
| #define IOCTL_LMR_ARE_FILE_OBJECTS_ON_SAME_SERVER CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM,60,METHOD_BUFFERED,FILE_ANY_ACCESS) |
| |
| #define FSCTL_PIPE_ASSIGN_EVENT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 0, METHOD_BUFFERED, FILE_ANY_ACCESS) |
| #define FSCTL_PIPE_DISCONNECT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 1, METHOD_BUFFERED, FILE_ANY_ACCESS) |
| #define FSCTL_PIPE_LISTEN CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2, METHOD_BUFFERED, FILE_ANY_ACCESS) |
| #define FSCTL_PIPE_PEEK CTL_CODE(FILE_DEVICE_NAMED_PIPE, 3, METHOD_BUFFERED, FILE_READ_DATA) |
| #define FSCTL_PIPE_QUERY_EVENT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 4, METHOD_BUFFERED, FILE_ANY_ACCESS) |
| #define FSCTL_PIPE_TRANSCEIVE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 5, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA) |
| #define FSCTL_PIPE_WAIT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 6, METHOD_BUFFERED, FILE_ANY_ACCESS) |
| #define FSCTL_PIPE_IMPERSONATE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 7, METHOD_BUFFERED, FILE_ANY_ACCESS) |
| #define FSCTL_PIPE_SET_CLIENT_PROCESS CTL_CODE(FILE_DEVICE_NAMED_PIPE, 8, METHOD_BUFFERED, FILE_ANY_ACCESS) |
| #define FSCTL_PIPE_QUERY_CLIENT_PROCESS CTL_CODE(FILE_DEVICE_NAMED_PIPE, 9, METHOD_BUFFERED, FILE_ANY_ACCESS) |
| #define FSCTL_PIPE_GET_PIPE_ATTRIBUTE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 10, METHOD_BUFFERED, FILE_ANY_ACCESS) |
| #define FSCTL_PIPE_SET_PIPE_ATTRIBUTE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 11, METHOD_BUFFERED, FILE_ANY_ACCESS) |
| #define FSCTL_PIPE_GET_CONNECTION_ATTRIBUTE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 12, METHOD_BUFFERED, FILE_ANY_ACCESS) |
| #define FSCTL_PIPE_SET_CONNECTION_ATTRIBUTE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 13, METHOD_BUFFERED, FILE_ANY_ACCESS) |
| #define FSCTL_PIPE_GET_HANDLE_ATTRIBUTE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 14, METHOD_BUFFERED, FILE_ANY_ACCESS) |
| #define FSCTL_PIPE_SET_HANDLE_ATTRIBUTE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 15, METHOD_BUFFERED, FILE_ANY_ACCESS) |
| #define FSCTL_PIPE_FLUSH CTL_CODE(FILE_DEVICE_NAMED_PIPE, 16, METHOD_BUFFERED, FILE_WRITE_DATA) |
| |
| #define FSCTL_PIPE_INTERNAL_READ CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2045, METHOD_BUFFERED, FILE_READ_DATA) |
| #define FSCTL_PIPE_INTERNAL_WRITE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2046, METHOD_BUFFERED, FILE_WRITE_DATA) |
| #define FSCTL_PIPE_INTERNAL_TRANSCEIVE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2047, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA) |
| #define FSCTL_PIPE_INTERNAL_READ_OVFLOW CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2048, METHOD_BUFFERED, FILE_READ_DATA) |
| |
| #define FILE_PIPE_READ_DATA 0x00000000 |
| #define FILE_PIPE_WRITE_SPACE 0x00000001 |
| |
| typedef struct _FILE_PIPE_ASSIGN_EVENT_BUFFER { |
| HANDLE EventHandle; |
| ULONG KeyValue; |
| } FILE_PIPE_ASSIGN_EVENT_BUFFER, *PFILE_PIPE_ASSIGN_EVENT_BUFFER; |
| |
| typedef struct _FILE_PIPE_EVENT_BUFFER { |
| ULONG NamedPipeState; |
| ULONG EntryType; |
| ULONG ByteCount; |
| ULONG KeyValue; |
| ULONG NumberRequests; |
| } FILE_PIPE_EVENT_BUFFER, *PFILE_PIPE_EVENT_BUFFER; |
| |
| typedef struct _FILE_PIPE_PEEK_BUFFER { |
| ULONG NamedPipeState; |
| ULONG ReadDataAvailable; |
| ULONG NumberOfMessages; |
| ULONG MessageLength; |
| CHAR Data[1]; |
| } FILE_PIPE_PEEK_BUFFER, *PFILE_PIPE_PEEK_BUFFER; |
| |
| typedef struct _FILE_PIPE_WAIT_FOR_BUFFER { |
| LARGE_INTEGER Timeout; |
| ULONG NameLength; |
| BOOLEAN TimeoutSpecified; |
| WCHAR Name[1]; |
| } FILE_PIPE_WAIT_FOR_BUFFER, *PFILE_PIPE_WAIT_FOR_BUFFER; |
| |
| typedef struct _FILE_PIPE_CLIENT_PROCESS_BUFFER { |
| #if !defined(BUILD_WOW6432) |
| PVOID ClientSession; |
| PVOID ClientProcess; |
| #else |
| ULONGLONG ClientSession; |
| ULONGLONG ClientProcess; |
| #endif |
| } FILE_PIPE_CLIENT_PROCESS_BUFFER, *PFILE_PIPE_CLIENT_PROCESS_BUFFER; |
| |
| #define FILE_PIPE_COMPUTER_NAME_LENGTH 15 |
| |
| typedef struct _FILE_PIPE_CLIENT_PROCESS_BUFFER_EX { |
| #if !defined(BUILD_WOW6432) |
| PVOID ClientSession; |
| PVOID ClientProcess; |
| #else |
| ULONGLONG ClientSession; |
| ULONGLONG ClientProcess; |
| #endif |
| USHORT ClientComputerNameLength; |
| WCHAR ClientComputerBuffer[FILE_PIPE_COMPUTER_NAME_LENGTH+1]; |
| } FILE_PIPE_CLIENT_PROCESS_BUFFER_EX, *PFILE_PIPE_CLIENT_PROCESS_BUFFER_EX; |
| |
| #define FSCTL_MAILSLOT_PEEK CTL_CODE(FILE_DEVICE_MAILSLOT, 0, METHOD_NEITHER, FILE_READ_DATA) |
| |
| typedef enum _LINK_TRACKING_INFORMATION_TYPE { |
| NtfsLinkTrackingInformation, |
| DfsLinkTrackingInformation |
| } LINK_TRACKING_INFORMATION_TYPE, *PLINK_TRACKING_INFORMATION_TYPE; |
| |
| typedef struct _LINK_TRACKING_INFORMATION { |
| LINK_TRACKING_INFORMATION_TYPE Type; |
| UCHAR VolumeId[16]; |
| } LINK_TRACKING_INFORMATION, *PLINK_TRACKING_INFORMATION; |
| |
| typedef struct _REMOTE_LINK_TRACKING_INFORMATION { |
| PVOID TargetFileObject; |
| ULONG TargetLinkTrackingInformationLength; |
| UCHAR TargetLinkTrackingInformationBuffer[1]; |
| } REMOTE_LINK_TRACKING_INFORMATION, *PREMOTE_LINK_TRACKING_INFORMATION; |
| |
| #define IO_OPEN_PAGING_FILE 0x0002 |
| #define IO_OPEN_TARGET_DIRECTORY 0x0004 |
| #define IO_STOP_ON_SYMLINK 0x0008 |
| #define IO_MM_PAGING_FILE 0x0010 |
| |
| typedef VOID |
| (NTAPI *PDRIVER_FS_NOTIFICATION) ( |
| IN PDEVICE_OBJECT DeviceObject, |
| IN BOOLEAN FsActive); |
| |
| typedef enum _FS_FILTER_SECTION_SYNC_TYPE { |
| SyncTypeOther = 0, |
| SyncTypeCreateSection |
| } FS_FILTER_SECTION_SYNC_TYPE, *PFS_FILTER_SECTION_SYNC_TYPE; |
| |
| typedef enum _FS_FILTER_STREAM_FO_NOTIFICATION_TYPE { |
| NotifyTypeCreate = 0, |
| NotifyTypeRetired |
| } FS_FILTER_STREAM_FO_NOTIFICATION_TYPE, *PFS_FILTER_STREAM_FO_NOTIFICATION_TYPE; |
| |
| typedef union _FS_FILTER_PARAMETERS { |
| struct { |
| PLARGE_INTEGER EndingOffset; |
| PERESOURCE *ResourceToRelease; |
| } AcquireForModifiedPageWriter; |
| struct { |
| PERESOURCE ResourceToRelease; |
| } ReleaseForModifiedPageWriter; |
| struct { |
| FS_FILTER_SECTION_SYNC_TYPE SyncType; |
| ULONG PageProtection; |
| } AcquireForSectionSynchronization; |
| struct { |
| FS_FILTER_STREAM_FO_NOTIFICATION_TYPE NotificationType; |
| BOOLEAN POINTER_ALIGNMENT SafeToRecurse; |
| } NotifyStreamFileObject; |
| struct { |
| PVOID Argument1; |
| PVOID Argument2; |
| PVOID Argument3; |
| PVOID Argument4; |
| PVOID Argument5; |
| } Others; |
| } FS_FILTER_PARAMETERS, *PFS_FILTER_PARAMETERS; |
| |
| #define FS_FILTER_ACQUIRE_FOR_SECTION_SYNCHRONIZATION (UCHAR)-1 |
| #define FS_FILTER_RELEASE_FOR_SECTION_SYNCHRONIZATION (UCHAR)-2 |
| #define FS_FILTER_ACQUIRE_FOR_MOD_WRITE (UCHAR)-3 |
| #define FS_FILTER_RELEASE_FOR_MOD_WRITE (UCHAR)-4 |
| #define FS_FILTER_ACQUIRE_FOR_CC_FLUSH (UCHAR)-5 |
| #define FS_FILTER_RELEASE_FOR_CC_FLUSH (UCHAR)-6 |
| |
| typedef struct _FS_FILTER_CALLBACK_DATA { |
| ULONG SizeOfFsFilterCallbackData; |
| UCHAR Operation; |
| UCHAR Reserved; |
| struct _DEVICE_OBJECT *DeviceObject; |
| struct _FILE_OBJECT *FileObject; |
| FS_FILTER_PARAMETERS Parameters; |
| } FS_FILTER_CALLBACK_DATA, *PFS_FILTER_CALLBACK_DATA; |
| |
| typedef NTSTATUS |
| (NTAPI *PFS_FILTER_CALLBACK) ( |
| IN PFS_FILTER_CALLBACK_DATA Data, |
| OUT PVOID *CompletionContext); |
| |
| typedef VOID |
| (NTAPI *PFS_FILTER_COMPLETION_CALLBACK) ( |
| IN PFS_FILTER_CALLBACK_DATA Data, |
| IN NTSTATUS OperationStatus, |
| IN PVOID CompletionContext); |
| |
| typedef struct _FS_FILTER_CALLBACKS { |
| ULONG SizeOfFsFilterCallbacks; |
| ULONG Reserved; |
| PFS_FILTER_CALLBACK PreAcquireForSectionSynchronization; |
| PFS_FILTER_COMPLETION_CALLBACK PostAcquireForSectionSynchronization; |
| PFS_FILTER_CALLBACK PreReleaseForSectionSynchronization; |
| PFS_FILTER_COMPLETION_CALLBACK PostReleaseForSectionSynchronization; |
| PFS_FILTER_CALLBACK PreAcquireForCcFlush; |
| PFS_FILTER_COMPLETION_CALLBACK PostAcquireForCcFlush; |
| PFS_FILTER_CALLBACK PreReleaseForCcFlush; |
| PFS_FILTER_COMPLETION_CALLBACK PostReleaseForCcFlush; |
| PFS_FILTER_CALLBACK PreAcquireForModifiedPageWriter; |
| PFS_FILTER_COMPLETION_CALLBACK PostAcquireForModifiedPageWriter; |
| PFS_FILTER_CALLBACK PreReleaseForModifiedPageWriter; |
| PFS_FILTER_COMPLETION_CALLBACK PostReleaseForModifiedPageWriter; |
| } FS_FILTER_CALLBACKS, *PFS_FILTER_CALLBACKS; |
| |
| #if (NTDDI_VERSION >= NTDDI_WINXP) |
| NTKERNELAPI |
| NTSTATUS |
| NTAPI |
| FsRtlRegisterFileSystemFilterCallbacks( |
| IN struct _DRIVER_OBJECT *FilterDriverObject, |
| IN PFS_FILTER_CALLBACKS Callbacks); |
| #endif /* (NTDDI_VERSION >= NTDDI_WINXP) */ |
| |
| #if (NTDDI_VERSION >= NTDDI_VISTA) |
| NTKERNELAPI |
| NTSTATUS |
| NTAPI |
| FsRtlNotifyStreamFileObject( |
| IN struct _FILE_OBJECT * StreamFileObject, |
| IN struct _DEVICE_OBJECT *DeviceObjectHint OPTIONAL, |
| IN FS_FILTER_STREAM_FO_NOTIFICATION_TYPE NotificationType, |
| IN BOOLEAN SafeToRecurse); |
| #endif /* (NTDDI_VERSION >= NTDDI_VISTA) */ |
| |
| #define DO_VERIFY_VOLUME 0x00000002 |
| #define DO_BUFFERED_IO 0x00000004 |
| #define DO_EXCLUSIVE 0x00000008 |
| #define DO_DIRECT_IO 0x00000010 |
| #define DO_MAP_IO_BUFFER 0x00000020 |
| #define DO_DEVICE_HAS_NAME 0x00000040 |
| #define DO_DEVICE_INITIALIZING 0x00000080 |
| #define DO_SYSTEM_BOOT_PARTITION 0x00000100 |
| #define DO_LONG_TERM_REQUESTS 0x00000200 |
| #define DO_NEVER_LAST_DEVICE 0x00000400 |
| #define DO_SHUTDOWN_REGISTERED 0x00000800 |
| #define DO_BUS_ENUMERATED_DEVICE 0x00001000 |
| #define DO_POWER_PAGABLE 0x00002000 |
| #define DO_POWER_INRUSH 0x00004000 |
| #define DO_LOW_PRIORITY_FILESYSTEM 0x00010000 |
| #define DO_SUPPORTS_TRANSACTIONS 0x00040000 |
| #define DO_FORCE_NEITHER_IO 0x00080000 |
| #define DO_VOLUME_DEVICE_OBJECT 0x00100000 |
| #define DO_SYSTEM_SYSTEM_PARTITION 0x00200000 |
| #define DO_SYSTEM_CRITICAL_PARTITION 0x00400000 |
| #define DO_DISALLOW_EXECUTE 0x00800000 |
| |
| extern KSPIN_LOCK IoStatisticsLock; |
| extern ULONG IoReadOperationCount; |
| extern ULONG IoWriteOperationCount; |
| extern ULONG IoOtherOperationCount; |
| extern LARGE_INTEGER IoReadTransferCount; |
| extern LARGE_INTEGER IoWriteTransferCount; |
| extern LARGE_INTEGER IoOtherTransferCount; |
| |
| #define IO_FILE_OBJECT_NON_PAGED_POOL_CHARGE 64 |
| #define IO_FILE_OBJECT_PAGED_POOL_CHARGE 1024 |
| |
| #if (NTDDI_VERSION >= NTDDI_VISTA) |
| typedef struct _IO_PRIORITY_INFO { |
| ULONG Size; |
| ULONG ThreadPriority; |
| ULONG PagePriority; |
| IO_PRIORITY_HINT IoPriority; |
| } IO_PRIORITY_INFO, *PIO_PRIORITY_INFO; |
| #endif |
| |
| typedef struct _PUBLIC_OBJECT_BASIC_INFORMATION { |
| ULONG Attributes; |
| ACCESS_MASK GrantedAccess; |
| ULONG HandleCount; |
| ULONG PointerCount; |
| ULONG Reserved[10]; |
| } PUBLIC_OBJECT_BASIC_INFORMATION, *PPUBLIC_OBJECT_BASIC_INFORMATION; |
| |
| typedef struct _PUBLIC_OBJECT_TYPE_INFORMATION { |
| UNICODE_STRING TypeName; |
| ULONG Reserved [22]; |
| } PUBLIC_OBJECT_TYPE_INFORMATION, *PPUBLIC_OBJECT_TYPE_INFORMATION; |
| |
| typedef struct _SECURITY_CLIENT_CONTEXT { |
| SECURITY_QUALITY_OF_SERVICE SecurityQos; |
| PACCESS_TOKEN ClientToken; |
| BOOLEAN DirectlyAccessClientToken; |
| BOOLEAN DirectAccessEffectiveOnly; |
| BOOLEAN ServerIsRemote; |
| TOKEN_CONTROL ClientTokenControl; |
| } SECURITY_CLIENT_CONTEXT, *PSECURITY_CLIENT_CONTEXT; |
| |
| #define SYSTEM_PAGE_PRIORITY_BITS 3 |
| #define SYSTEM_PAGE_PRIORITY_LEVELS (1 << SYSTEM_PAGE_PRIORITY_BITS) |
| |
| typedef struct _KAPC_STATE { |
| LIST_ENTRY ApcListHead[MaximumMode]; |
| PKPROCESS Process; |
| BOOLEAN KernelApcInProgress; |
| BOOLEAN KernelApcPending; |
| BOOLEAN UserApcPending; |
| } KAPC_STATE, *PKAPC_STATE, *RESTRICTED_POINTER PRKAPC_STATE; |
| |
| #define KAPC_STATE_ACTUAL_LENGTH (FIELD_OFFSET(KAPC_STATE, UserApcPending) + sizeof(BOOLEAN)) |
| |
| #define ASSERT_QUEUE(Q) ASSERT(((Q)->Header.Type & KOBJECT_TYPE_MASK) == QueueObject); |
| |
| typedef struct _KQUEUE { |
| DISPATCHER_HEADER Header; |
| LIST_ENTRY EntryListHead; |
| volatile ULONG CurrentCount; |
| ULONG MaximumCount; |
| LIST_ENTRY ThreadListHead; |
| } KQUEUE, *PKQUEUE, *RESTRICTED_POINTER PRKQUEUE; |
| |
| /****************************************************************************** |
| * Kernel Functions * |
| ******************************************************************************/ |
| |
| NTSTATUS |
| NTAPI |
| KeGetProcessorNumberFromIndex( |
| IN ULONG ProcIndex, |
| OUT PPROCESSOR_NUMBER ProcNumber); |
| |
| ULONG |
| NTAPI |
| KeGetProcessorIndexFromNumber( |
| IN PPROCESSOR_NUMBER ProcNumber); |
| |
| #if (NTDDI_VERSION >= NTDDI_WIN2K) |
| |
| |
| |
| |
| NTKERNELAPI |
| VOID |
| NTAPI |
| KeInitializeMutant( |
| OUT PRKMUTANT Mutant, |
| IN BOOLEAN InitialOwner); |
| |
| NTKERNELAPI |
| LONG |
| NTAPI |
| KeReadStateMutant( |
| IN PRKMUTANT Mutant); |
| |
| NTKERNELAPI |
| LONG |
| NTAPI |
| KeReleaseMutant( |
| IN OUT PRKMUTANT Mutant, |
| IN KPRIORITY Increment, |
| IN BOOLEAN Abandoned, |
| IN BOOLEAN Wait); |
| |
| NTKERNELAPI |
| VOID |
| NTAPI |
| KeInitializeQueue( |
| OUT PRKQUEUE Queue, |
| IN ULONG Count); |
| |
| NTKERNELAPI |
| LONG |
| NTAPI |
| KeReadStateQueue( |
| IN PRKQUEUE Queue); |
| |
| NTKERNELAPI |
| LONG |
| NTAPI |
| KeInsertQueue( |
| IN OUT PRKQUEUE Queue, |
| IN OUT PLIST_ENTRY Entry); |
| |
| NTKERNELAPI |
| LONG |
| NTAPI |
| KeInsertHeadQueue( |
| IN OUT PRKQUEUE Queue, |
| IN OUT PLIST_ENTRY Entry); |
| |
| NTKERNELAPI |
| PLIST_ENTRY |
| NTAPI |
| KeRemoveQueue( |
| IN OUT PRKQUEUE Queue, |
| IN KPROCESSOR_MODE WaitMode, |
| IN PLARGE_INTEGER Timeout OPTIONAL); |
| |
| NTKERNELAPI |
| VOID |
| NTAPI |
| KeAttachProcess( |
| IN OUT PKPROCESS Process); |
| |
| NTKERNELAPI |
| VOID |
| NTAPI |
| KeDetachProcess( |
| VOID); |
| |
| NTKERNELAPI |
| PLIST_ENTRY |
| NTAPI |
| KeRundownQueue( |
| IN OUT PRKQUEUE Queue); |
| |
| NTKERNELAPI |
| VOID |
| NTAPI |
| KeStackAttachProcess( |
| IN OUT PKPROCESS Process, |
| OUT PKAPC_STATE ApcState); |
| |
| NTKERNELAPI |
| VOID |
| NTAPI |
| KeUnstackDetachProcess( |
| IN PKAPC_STATE ApcState); |
| |
| NTKERNELAPI |
| UCHAR |
| NTAPI |
| KeSetIdealProcessorThread( |
| IN OUT PKTHREAD Thread, |
| IN UCHAR Processor); |
| |
| NTKERNELAPI |
| BOOLEAN |
| NTAPI |
| KeSetKernelStackSwapEnable( |
| IN BOOLEAN Enable); |
| |
| #if defined(_X86_) |
| NTHALAPI |
| KIRQL |
| FASTCALL |
| KeAcquireSpinLockRaiseToSynch( |
| IN OUT PKSPIN_LOCK SpinLock); |
| #else |
| NTKERNELAPI |
| KIRQL |
| KeAcquireSpinLockRaiseToSynch( |
| IN OUT PKSPIN_LOCK SpinLock); |
| #endif |
| |
| #endif /* (NTDDI_VERSION >= NTDDI_WIN2K) */ |
| |
| #if (NTDDI_VERSION >= NTDDI_WINXP) |
| |
| _DECL_HAL_KE_IMPORT |
| KIRQL |
| FASTCALL |
| KeAcquireQueuedSpinLock( |
| IN OUT KSPIN_LOCK_QUEUE_NUMBER Number); |
| |
| _DECL_HAL_KE_IMPORT |
| VOID |
| FASTCALL |
| KeReleaseQueuedSpinLock( |
| IN OUT KSPIN_LOCK_QUEUE_NUMBER Number, |
| IN KIRQL OldIrql); |
| |
| _DECL_HAL_KE_IMPORT |
| LOGICAL |
| FASTCALL |
| KeTryToAcquireQueuedSpinLock( |
| IN KSPIN_LOCK_QUEUE_NUMBER Number, |
| OUT PKIRQL OldIrql); |
| |
| #endif /* (NTDDI_VERSION >= NTDDI_WINXP) */ |
| |
| |
| |
| #if (NTDDI_VERSION >= NTDDI_VISTA) |
| |
| NTKERNELAPI |
| VOID |
| KeQueryOwnerMutant( |
| IN PKMUTANT Mutant, |
| OUT PCLIENT_ID ClientId); |
| |
| NTKERNELAPI |
| ULONG |
| KeRemoveQueueEx ( |
| IN OUT PKQUEUE Queue, |
| IN KPROCESSOR_MODE WaitMode, |
| IN BOOLEAN Alertable, |
| IN PLARGE_INTEGER Timeout OPTIONAL, |
| OUT PLIST_ENTRY *EntryArray, |
| IN ULONG Count); |
| |
| #endif /* (NTDDI_VERSION >= NTDDI_VISTA) */ |
| |
| |
| |
| #define INVALID_PROCESSOR_INDEX 0xffffffff |
| |
| #define EX_PUSH_LOCK ULONG_PTR |
| #define PEX_PUSH_LOCK PULONG_PTR |
| |
| /****************************************************************************** |
| * Executive Functions * |
| ******************************************************************************/ |
| |
| #define ExDisableResourceBoost ExDisableResourceBoostLite |
| |
| VOID |
| ExInitializePushLock ( |
| OUT PEX_PUSH_LOCK PushLock); |
| |
| #if (NTDDI_VERSION >= NTDDI_WIN2K) |
| |
| NTKERNELAPI |
| SIZE_T |
| NTAPI |
| ExQueryPoolBlockSize( |
| IN PVOID PoolBlock, |
| OUT PBOOLEAN QuotaCharged); |
| |
| VOID |
| ExAdjustLookasideDepth( |
| VOID); |
| |
| NTKERNELAPI |
| VOID |
| NTAPI |
| ExDisableResourceBoostLite( |
| IN PERESOURCE Resource); |
| #endif /* (NTDDI_VERSION >= NTDDI_WIN2K) */ |
| |
| #if (NTDDI_VERSION >= NTDDI_WINXP) |
| |
| PSLIST_ENTRY |
| FASTCALL |
| InterlockedPushListSList( |
| IN OUT PSLIST_HEADER ListHead, |
| IN OUT PSLIST_ENTRY List, |
| IN OUT PSLIST_ENTRY ListEnd, |
| IN ULONG Count); |
| #endif /* (NTDDI_VERSION >= NTDDI_WINXP) */ |
| |
| /****************************************************************************** |
| * Security Manager Functions * |
| ******************************************************************************/ |
| |
| #if (NTDDI_VERSION >= NTDDI_WIN2K) |
| |
| NTKERNELAPI |
| VOID |
| NTAPI |
| SeReleaseSubjectContext( |
| IN PSECURITY_SUBJECT_CONTEXT SubjectContext); |
| |
| NTKERNELAPI |
| BOOLEAN |
| NTAPI |
| SePrivilegeCheck( |
| IN OUT PPRIVILEGE_SET RequiredPrivileges, |
| IN PSECURITY_SUBJECT_CONTEXT SubjectContext, |
| IN KPROCESSOR_MODE AccessMode); |
| |
| NTKERNELAPI |
| VOID |
| NTAPI |
| SeOpenObjectAuditAlarm( |
| IN PUNICODE_STRING ObjectTypeName, |
| IN PVOID Object OPTIONAL, |
| IN PUNICODE_STRING AbsoluteObjectName OPTIONAL, |
| IN PSECURITY_DESCRIPTOR SecurityDescriptor, |
| IN PACCESS_STATE AccessState, |
| IN BOOLEAN ObjectCreated, |
| IN BOOLEAN AccessGranted, |
| IN KPROCESSOR_MODE AccessMode, |
| OUT PBOOLEAN GenerateOnClose); |
| |
| NTKERNELAPI |
| VOID |
| NTAPI |
| SeOpenObjectForDeleteAuditAlarm( |
| IN PUNICODE_STRING ObjectTypeName, |
| IN PVOID Object OPTIONAL, |
| IN PUNICODE_STRING AbsoluteObjectName OPTIONAL, |
| IN PSECURITY_DESCRIPTOR SecurityDescriptor, |
| IN PACCESS_STATE AccessState, |
| IN BOOLEAN ObjectCreated, |
| IN BOOLEAN AccessGranted, |
| IN KPROCESSOR_MODE AccessMode, |
| OUT PBOOLEAN GenerateOnClose); |
| |
| NTKERNELAPI |
| VOID |
| NTAPI |
| SeDeleteObjectAuditAlarm( |
| IN PVOID Object, |
| IN HANDLE Handle); |
| |
| NTKERNELAPI |
| TOKEN_TYPE |
| NTAPI |
| SeTokenType( |
| IN PACCESS_TOKEN Token); |
| |
| NTKERNELAPI |
| BOOLEAN |
| NTAPI |
| SeTokenIsAdmin( |
| IN PACCESS_TOKEN Token); |
| |
| NTKERNELAPI |
| BOOLEAN |
| NTAPI |
| SeTokenIsRestricted( |
| IN PACCESS_TOKEN Token); |
| |
| NTKERNELAPI |
| NTSTATUS |
| NTAPI |
| SeQueryAuthenticationIdToken( |
| IN PACCESS_TOKEN Token, |
| OUT PLUID AuthenticationId); |
| |
| NTKERNELAPI |
| NTSTATUS |
| NTAPI |
| SeQuerySessionIdToken( |
| IN PACCESS_TOKEN Token, |
| OUT PULONG SessionId); |
| |
| NTKERNELAPI |
| NTSTATUS |
| NTAPI |
| SeCreateClientSecurity( |
| IN PETHREAD ClientThread, |
| IN PSECURITY_QUALITY_OF_SERVICE ClientSecurityQos, |
| IN BOOLEAN RemoteSession, |
| OUT PSECURITY_CLIENT_CONTEXT ClientContext); |
| |
| NTKERNELAPI |
| VOID |
| NTAPI |
| SeImpersonateClient( |
| IN PSECURITY_CLIENT_CONTEXT ClientContext, |
| IN PETHREAD ServerThread OPTIONAL); |
| |
| NTKERNELAPI |
| NTSTATUS |
| NTAPI |
| SeImpersonateClientEx( |
| IN PSECURITY_CLIENT_CONTEXT ClientContext, |
| IN PETHREAD ServerThread OPTIONAL); |
| |
| NTKERNELAPI |
| NTSTATUS |
| NTAPI |
| SeCreateClientSecurityFromSubjectContext( |
| IN PSECURITY_SUBJECT_CONTEXT SubjectContext, |
| IN PSECURITY_QUALITY_OF_SERVICE ClientSecurityQos, |
| IN BOOLEAN ServerIsRemote, |
| OUT PSECURITY_CLIENT_CONTEXT ClientContext); |
| |
| NTKERNELAPI |
| NTSTATUS |
| NTAPI |
| SeQuerySecurityDescriptorInfo( |
| IN PSECURITY_INFORMATION SecurityInformation, |
| OUT PSECURITY_DESCRIPTOR SecurityDescriptor, |
| IN OUT PULONG Length, |
| IN OUT PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor); |
| |
| NTKERNELAPI |
| NTSTATUS |
| NTAPI |
| SeSetSecurityDescriptorInfo( |
| IN PVOID Object OPTIONAL, |
| IN PSECURITY_INFORMATION SecurityInformation, |
| IN PSECURITY_DESCRIPTOR SecurityDescriptor, |
| IN OUT PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor, |
| IN POOL_TYPE PoolType, |
| IN PGENERIC_MAPPING GenericMapping); |
| |
| NTKERNELAPI |
| NTSTATUS |
| NTAPI |
| SeSetSecurityDescriptorInfoEx( |
| IN PVOID Object OPTIONAL, |
| IN PSECURITY_INFORMATION SecurityInformation, |
| IN PSECURITY_DESCRIPTOR ModificationDescriptor, |
| IN OUT PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor, |
| IN ULONG AutoInheritFlags, |
| IN POOL_TYPE PoolType, |
| IN PGENERIC_MAPPING GenericMapping); |
| |
| NTKERNELAPI |
| NTSTATUS |
| NTAPI |
| SeAppendPrivileges( |
| IN OUT PACCESS_STATE AccessState, |
| IN PPRIVILEGE_SET Privileges); |
| |
| NTKERNELAPI |
| BOOLEAN |
| NTAPI |
| SeAuditingFileEvents( |
| IN BOOLEAN AccessGranted, |
| IN PSECURITY_DESCRIPTOR SecurityDescriptor); |
| |
| NTKERNELAPI |
| BOOLEAN |
| NTAPI |
| SeAuditingFileOrGlobalEvents( |
| IN BOOLEAN AccessGranted, |
| IN PSECURITY_DESCRIPTOR SecurityDescriptor, |
| IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext); |
| |
| VOID |
| NTAPI |
| SeSetAccessStateGenericMapping( |
| IN OUT PACCESS_STATE AccessState, |
| IN PGENERIC_MAPPING GenericMapping); |
| |
| NTKERNELAPI |
| NTSTATUS |
| NTAPI |
| SeRegisterLogonSessionTerminatedRoutine( |
| IN PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine); |
| |
| NTKERNELAPI |
| NTSTATUS |
| NTAPI |
| SeUnregisterLogonSessionTerminatedRoutine( |
| IN PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine); |
| |
| NTKERNELAPI |
| NTSTATUS |
| NTAPI |
| SeMarkLogonSessionForTerminationNotification( |
| IN PLUID LogonId); |
| |
| NTKERNELAPI |
| NTSTATUS |
| NTAPI |
| SeQueryInformationToken( |
| IN PACCESS_TOKEN Token, |
| IN TOKEN_INFORMATION_CLASS TokenInformationClass, |
| OUT PVOID *TokenInformation); |
| |
| #endif /* (NTDDI_VERSION >= NTDDI_WIN2K) */ |
| #if (NTDDI_VERSION >= NTDDI_WIN2KSP3) |
| NTKERNELAPI |
| BOOLEAN |
| NTAPI |
| SeAuditingHardLinkEvents( |
| IN BOOLEAN AccessGranted, |
| IN PSECURITY_DESCRIPTOR SecurityDescriptor); |
| #endif |
| |
| #if (NTDDI_VERSION >= NTDDI_WINXP) |
| |
| NTKERNELAPI |
| NTSTATUS |
| NTAPI |
| SeFilterToken( |
| IN PACCESS_TOKEN ExistingToken, |
| IN ULONG Flags, |
| IN PTOKEN_GROUPS SidsToDisable OPTIONAL, |
| IN PTOKEN_PRIVILEGES PrivilegesToDelete OPTIONAL, |
| IN PTOKEN_GROUPS RestrictedSids OPTIONAL, |
| OUT PACCESS_TOKEN *FilteredToken); |
| |
| NTKERNELAPI |
| VOID |
| NTAPI |
| SeAuditHardLinkCreation( |
| IN PUNICODE_STRING FileName, |
| IN PUNICODE_STRING LinkName, |
| IN BOOLEAN bSuccess); |
| |
| #endif /* (NTDDI_VERSION >= NTDDI_WINXP) */ |
| |
| #if (NTDDI_VERSION >= NTDDI_WINXPSP2) |
| |
| NTKERNELAPI |
| BOOLEAN |
| NTAPI |
| SeAuditingFileEventsWithContext( |
| IN BOOLEAN AccessGranted, |
| IN PSECURITY_DESCRIPTOR SecurityDescriptor, |
| IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext OPTIONAL); |
| |
| NTKERNELAPI |
| BOOLEAN |
| NTAPI |
| SeAuditingHardLinkEventsWithContext( |
| IN BOOLEAN AccessGranted, |
| IN PSECURITY_DESCRIPTOR SecurityDescriptor, |
| IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext OPTIONAL); |
| |
| #endif |
| |
| |
| #if (NTDDI_VERSION >= NTDDI_VISTA) |
| |
| NTKERNELAPI |
| VOID |
| NTAPI |
| SeOpenObjectAuditAlarmWithTransaction( |
| IN PUNICODE_STRING ObjectTypeName, |
| IN PVOID Object OPTIONAL, |
| IN PUNICODE_STRING AbsoluteObjectName OPTIONAL, |
| IN PSECURITY_DESCRIPTOR SecurityDescriptor, |
| IN PACCESS_STATE AccessState, |
| IN BOOLEAN ObjectCreated, |
| IN BOOLEAN AccessGranted, |
| IN KPROCESSOR_MODE AccessMode, |
| IN GUID *TransactionId OPTIONAL, |
| OUT PBOOLEAN GenerateOnClose); |
| |
| NTKERNELAPI |
| VOID |
| NTAPI |
| SeOpenObjectForDeleteAuditAlarmWithTransaction( |
| IN PUNICODE_STRING ObjectTypeName, |
| IN PVOID Object OPTIONAL, |
| IN PUNICODE_STRING AbsoluteObjectName OPTIONAL, |
| IN PSECURITY_DESCRIPTOR SecurityDescriptor, |
| IN PACCESS_STATE AccessState, |
| IN BOOLEAN ObjectCreated, |
| IN BOOLEAN AccessGranted, |
| IN KPROCESSOR_MODE AccessMode, |
| IN GUID *TransactionId OPTIONAL, |
| OUT PBOOLEAN GenerateOnClose); |
| |
| NTKERNELAPI |
| VOID |
| NTAPI |
| SeExamineSacl( |
| IN PACL Sacl, |
| IN PACCESS_TOKEN Token, |
| IN ACCESS_MASK DesiredAccess, |
| IN BOOLEAN AccessGranted, |
| OUT PBOOLEAN GenerateAudit, |
| OUT PBOOLEAN GenerateAlarm); |
| |
| NTKERNELAPI |
| VOID |
| NTAPI |
| SeDeleteObjectAuditAlarmWithTransaction( |
| IN PVOID Object, |
| IN HANDLE Handle, |
| IN GUID *TransactionId OPTIONAL); |
| |
| NTKERNELAPI |
| VOID |
| NTAPI |
| SeQueryTokenIntegrity( |
| IN PACCESS_TOKEN Token, |
| IN OUT PSID_AND_ATTRIBUTES IntegritySA); |
| |
| NTKERNELAPI |
| NTSTATUS |
| NTAPI |
| SeSetSessionIdToken( |
| IN PACCESS_TOKEN Token, |
| IN ULONG SessionId); |
| |
| NTKERNELAPI |
| VOID |
| NTAPI |
| SeAuditHardLinkCreationWithTransaction( |
| IN PUNICODE_STRING FileName, |
| IN PUNICODE_STRING LinkName, |
| IN BOOLEAN bSuccess, |
| IN GUID *TransactionId OPTIONAL); |
| |
| NTKERNELAPI |
| VOID |
| NTAPI |
| SeAuditTransactionStateChange( |
| IN GUID *TransactionId, |
| IN GUID *ResourceManagerId, |
| IN ULONG NewTransactionState); |
| #endif /* (NTDDI_VERSION >= NTDDI_VISTA) */ |
| |
| #if (NTDDI_VERSION >= NTDDI_VISTA || (NTDDI_VERSION >= NTDDI_WINXPSP2 && NTDDI_VERSION < NTDDI_WS03)) |
| NTKERNELAPI |
| BOOLEAN |
| NTAPI |
| SeTokenIsWriteRestricted( |
| IN PACCESS_TOKEN Token); |
| #endif |
| |
| #if (NTDDI_VERSION >= NTDDI_WIN7) |
| |
| NTKERNELAPI |
| BOOLEAN |
| NTAPI |
| SeAuditingAnyFileEventsWithContext( |
| IN PSECURITY_DESCRIPTOR SecurityDescriptor, |
| IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext OPTIONAL); |
| |
| NTKERNELAPI |
| VOID |
| NTAPI |
| SeExamineGlobalSacl( |
| IN PUNICODE_STRING ObjectType, |
| IN PACCESS_TOKEN Token, |
| IN ACCESS_MASK DesiredAccess, |
| IN BOOLEAN AccessGranted, |
| IN OUT PBOOLEAN GenerateAudit, |
| IN OUT PBOOLEAN GenerateAlarm OPTIONAL); |
| |
| NTKERNELAPI |
| VOID |
| NTAPI |
| SeMaximumAuditMaskFromGlobalSacl( |
| IN PUNICODE_STRING ObjectTypeName OPTIONAL, |
| IN ACCESS_MASK GrantedAccess, |
| IN PACCESS_TOKEN Token, |
| IN OUT PACCESS_MASK AuditMask); |
| |
| #endif /* (NTDDI_VERSION >= NTDDI_WIN7) */ |
| |
| NTSTATUS |
| NTAPI |
| SeReportSecurityEventWithSubCategory( |
| IN ULONG Flags, |
| IN PUNICODE_STRING SourceName, |
| IN PSID UserSid OPTIONAL, |
| IN PSE_ADT_PARAMETER_ARRAY AuditParameters, |
| IN ULONG AuditSubcategoryId); |
| |
| BOOLEAN |
| NTAPI |
| SeAccessCheckFromState( |
| IN PSECURITY_DESCRIPTOR SecurityDescriptor, |
| IN PTOKEN_ACCESS_INFORMATION PrimaryTokenInformation, |
| IN PTOKEN_ACCESS_INFORMATION ClientTokenInformation OPTIONAL, |
| IN ACCESS_MASK DesiredAccess, |
| IN ACCESS_MASK PreviouslyGrantedAccess, |
| OUT PPRIVILEGE_SET *Privileges OPTIONAL, |
| IN PGENERIC_MAPPING GenericMapping, |
| IN KPROCESSOR_MODE AccessMode, |
| OUT PACCESS_MASK GrantedAccess, |
| OUT PNTSTATUS AccessStatus); |
| |
| NTKERNELAPI |
| VOID |
| NTAPI |
| SeFreePrivileges( |
| IN PPRIVILEGE_SET Privileges); |
| |
| NTSTATUS |
| NTAPI |
| SeLocateProcessImageName( |
| IN OUT PEPROCESS Process, |
| OUT PUNICODE_STRING *pImageFileName); |
| |
| #define SeLengthSid( Sid ) \ |
| (8 + (4 * ((SID *)Sid)->SubAuthorityCount)) |
| |
| #define SeDeleteClientSecurity(C) { \ |
| if (SeTokenType((C)->ClientToken) == TokenPrimary) { \ |
| PsDereferencePrimaryToken( (C)->ClientToken ); \ |
| } else { \ |
| PsDereferenceImpersonationToken( (C)->ClientToken ); \ |
| } \ |
| } |
| |
| #define SeStopImpersonatingClient() PsRevertToSelf() |
| |
| #define SeQuerySubjectContextToken( SubjectContext ) \ |
| ( ARGUMENT_PRESENT( \ |
| ((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->ClientToken \ |
| ) ? \ |
| ((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->ClientToken : \ |
| ((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->PrimaryToken ) |
| |
| extern NTKERNELAPI PSE_EXPORTS SeExports; |
| /****************************************************************************** |
| * Process Manager Functions * |
| ******************************************************************************/ |
| |
| NTKERNELAPI |
| NTSTATUS |
| NTAPI |
| PsLookupProcessByProcessId( |
| IN HANDLE ProcessId, |
| OUT PEPROCESS *Process); |
| |
| NTKERNELAPI |
| NTSTATUS |
| NTAPI |
| PsLookupThreadByThreadId( |
| IN HANDLE UniqueThreadId, |
| OUT PETHREAD *Thread); |
| |
| #if (NTDDI_VERSION >= NTDDI_WIN2K) |
| |
| |
| NTKERNELAPI |
| PACCESS_TOKEN |
| NTAPI |
| PsReferenceImpersonationToken( |
| IN OUT PETHREAD Thread, |
| OUT PBOOLEAN CopyOnOpen, |
| OUT PBOOLEAN EffectiveOnly, |
| OUT PSECURITY_IMPERSONATION_LEVEL ImpersonationLevel); |
| |
| NTKERNELAPI |
| LARGE_INTEGER |
| NTAPI |
| PsGetProcessExitTime(VOID); |
| |
| NTKERNELAPI |
| BOOLEAN |
| NTAPI |
| PsIsThreadTerminating( |
| IN PETHREAD Thread); |
| |
| NTKERNELAPI |
| NTSTATUS |
| NTAPI |
| PsImpersonateClient( |
| IN OUT PETHREAD Thread, |
| IN PACCESS_TOKEN Token, |
| IN BOOLEAN CopyOnOpen, |
| IN BOOLEAN EffectiveOnly, |
| IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel); |
| |
| NTKERNELAPI |
| BOOLEAN |
| NTAPI |
| PsDisableImpersonation( |
| IN OUT PETHREAD Thread, |
| IN OUT PSE_IMPERSONATION_STATE ImpersonationState); |
| |
| NTKERNELAPI |
| VOID |
| NTAPI |
| PsRestoreImpersonation( |
| IN PETHREAD Thread, |
| IN PSE_IMPERSONATION_STATE ImpersonationState); |
| |
| NTKERNELAPI |
| VOID |
| NTAPI |
| PsRevertToSelf(VOID); |
| |
| NTKERNELAPI |
| VOID |
| NTAPI |
| PsChargePoolQuota( |
| IN PEPROCESS Process, |
| IN POOL_TYPE PoolType, |
| IN ULONG_PTR Amount); |
| |
| NTKERNELAPI |
| VOID |
| NTAPI |
| PsReturnPoolQuota( |
| IN PEPROCESS Process, |
| IN POOL_TYPE PoolType, |
| IN ULONG_PTR Amount); |
| |
| NTKERNELAPI |
| NTSTATUS |
| NTAPI |
| PsAssignImpersonationToken( |
| IN PETHREAD Thread, |
| IN HANDLE Token OPTIONAL); |
| |
| NTKERNELAPI |
| HANDLE |
| NTAPI |
| PsReferencePrimaryToken( |
| IN OUT PEPROCESS Process); |
| #endif /* (NTDDI_VERSION >= NTDDI_WIN2K) */ |
| #if (NTDDI_VERSION >= NTDDI_WINXP) |
| |
| |
| NTKERNELAPI |
| VOID |
| NTAPI |
| PsDereferencePrimaryToken( |
| IN PACCESS_TOKEN PrimaryToken); |
| |
| NTKERNELAPI |
| VOID |
| NTAPI |
| PsDereferenceImpersonationToken( |
| IN PACCESS_TOKEN ImpersonationToken); |
| |
| NTKERNELAPI |
| NTSTATUS |
| NTAPI |
| PsChargeProcessPoolQuota( |
| IN PEPROCESS Process, |
| IN POOL_TYPE PoolType, |
| IN ULONG_PTR Amount); |
| |
| NTKERNELAPI |
| BOOLEAN |
| NTAPI |
| PsIsSystemThread( |
| IN PETHREAD Thread); |
| #endif /* (NTDDI_VERSION >= NTDDI_WINXP) */ |
| |
| /****************************************************************************** |
| * I/O Manager Functions * |
| ******************************************************************************/ |
| |
| #define IoIsFileOpenedExclusively(FileObject) ( \ |
| (BOOLEAN) !( \ |
| (FileObject)->SharedRead || \ |
| (FileObject)->SharedWrite || \ |
| (FileObject)->SharedDelete \ |
| ) \ |
| ) |
| |
| #if (NTDDI_VERSION == NTDDI_WIN2K) |
| NTKERNELAPI |
| NTSTATUS |
| NTAPI |
| IoRegisterFsRegistrationChangeEx( |
| IN PDRIVER_OBJECT DriverObject, |
| IN PDRIVER_FS_NOTIFICATION DriverNotificationRoutine); |
| #endif |
| #if (NTDDI_VERSION >= NTDDI_WIN2K) |
| |
| |
| NTKERNELAPI |
| VOID |
| NTAPI |
| IoAcquireVpbSpinLock( |
| OUT PKIRQL Irql); |
| |
| NTKERNELAPI |
| NTSTATUS |
| NTAPI |
| IoCheckDesiredAccess( |
| IN OUT PACCESS_MASK DesiredAccess, |
| IN ACCESS_MASK GrantedAccess); |
| |
| NTKERNELAPI |
| NTSTATUS |
| NTAPI |
| IoCheckEaBufferValidity( |
| IN PFILE_FULL_EA_INFORMATION EaBuffer, |
| IN ULONG EaLength, |
| OUT PULONG ErrorOffset); |
| |
| NTKERNELAPI |
| NTSTATUS |
| NTAPI |
| IoCheckFunctionAccess( |
| IN ACCESS_MASK GrantedAccess, |
| IN UCHAR MajorFunction, |
| IN UCHAR MinorFunction, |
| IN ULONG IoControlCode, |
| IN PVOID Argument1 OPTIONAL, |
| IN PVOID Argument2 OPTIONAL); |
| |
| NTKERNELAPI |
| NTSTATUS |
| NTAPI |
| IoCheckQuerySetFileInformation( |
| IN FILE_INFORMATION_CLASS FileInformationClass, |
| IN ULONG Length, |
| IN BOOLEAN SetOperation); |
| |
| NTKERNELAPI |
| NTSTATUS |
| NTAPI |
| IoCheckQuerySetVolumeInformation( |
| IN FS_INFORMATION_CLASS FsInformationClass, |
| IN ULONG Length, |
| IN BOOLEAN SetOperation); |
| |
| NTKERNELAPI |
| NTSTATUS |
| NTAPI |
| IoCheckQuotaBufferValidity( |
| IN PFILE_QUOTA_INFORMATION QuotaBuffer, |
| IN ULONG QuotaLength, |
| OUT PULONG ErrorOffset); |
| |
| NTKERNELAPI |
| PFILE_OBJECT |
| NTAPI |
| IoCreateStreamFileObject( |
| IN PFILE_OBJECT FileObject OPTIONAL, |
| IN PDEVICE_OBJECT DeviceObject OPTIONAL); |
| |
| NTKERNELAPI |
| PFILE_OBJECT |
| NTAPI |
| IoCreateStreamFileObjectLite( |
| IN PFILE_OBJECT FileObject OPTIONAL, |
| IN PDEVICE_OBJECT DeviceObject OPTIONAL); |
| |
| NTKERNELAPI |
| BOOLEAN |
| NTAPI |
| IoFastQueryNetworkAttributes( |
| IN POBJECT_ATTRIBUTES ObjectAttributes, |
| IN ACCESS_MASK DesiredAccess, |
| IN ULONG OpenOptions, |
| OUT PIO_STATUS_BLOCK IoStatus, |
| OUT PFILE_NETWORK_OPEN_INFORMATION Buffer); |
| |
| NTKERNELAPI |
| NTSTATUS |
| NTAPI |
| IoPageRead( |
| IN PFILE_OBJECT FileObject, |
| IN PMDL Mdl, |
| IN PLARGE_INTEGER Offset, |
| IN PKEVENT Event, |
| OUT PIO_STATUS_BLOCK IoStatusBlock); |
| |
| NTKERNELAPI |
| PDEVICE_OBJECT |
| NTAPI |
| IoGetBaseFileSystemDeviceObject( |
| IN PFILE_OBJECT FileObject); |
| |
| NTKERNELAPI |
| PCONFIGURATION_INFORMATION |
| NTAPI |
| IoGetConfigurationInformation(VOID); |
| |
| NTKERNELAPI |
| ULONG |
| NTAPI |
| IoGetRequestorProcessId( |
| IN PIRP Irp); |
| |
| NTKERNELAPI |
| PEPROCESS |
| NTAPI |
| IoGetRequestorProcess( |
| IN PIRP Irp); |
| |
| NTKERNELAPI |
| PIRP |
| NTAPI |
| IoGetTopLevelIrp(VOID); |
| |
| NTKERNELAPI |
| BOOLEAN |
| NTAPI |
| IoIsOperationSynchronous( |
| IN PIRP Irp); |
| |
| NTKERNELAPI |
| BOOLEAN |
| NTAPI |
| IoIsSystemThread( |
| IN PETHREAD Thread); |
| |
| NTKERNELAPI |
| BOOLEAN |
| NTAPI |
| IoIsValidNameGraftingBuffer( |
| IN PIRP Irp, |
| IN PREPARSE_DATA_BUFFER ReparseBuffer); |
| |
| NTKERNELAPI |
| NTSTATUS |
| NTAPI |
| IoQueryFileInformation( |
| IN PFILE_OBJECT FileObject, |
| IN FILE_INFORMATION_CLASS FileInformationClass, |
| IN ULONG Length, |
| OUT PVOID FileInformation, |
| OUT PULONG ReturnedLength); |
| |
| NTKERNELAPI |
| NTSTATUS |
| NTAPI |
| IoQueryVolumeInformation( |
| IN PFILE_OBJECT FileObject, |
| IN FS_INFORMATION_CLASS FsInformationClass, |
| IN ULONG Length, |
| OUT PVOID FsInformation, |
| OUT PULONG ReturnedLength); |
| |
| NTKERNELAPI |
| VOID |
| NTAPI |
| IoQueueThreadIrp( |
| IN PIRP Irp); |
| |
| NTKERNELAPI |
| VOID |
| NTAPI |
| IoRegisterFileSystem( |
| IN PDEVICE_OBJECT DeviceObject); |
| |
| NTKERNELAPI |
| NTSTATUS |
| NTAPI |
| IoRegisterFsRegistrationChange( |
| IN PDRIVER_OBJECT DriverObject, |
| IN PDRIVER_FS_NOTIFICATION DriverNotificationRoutine); |
| |
| NTKERNELAPI |
| VOID |
| NTAPI |
| IoReleaseVpbSpinLock( |
| IN KIRQL Irql); |
| |
| NTKERNELAPI |
| VOID |
| NTAPI |
| IoSetDeviceToVerify( |
| IN PETHREAD Thread, |
| IN PDEVICE_OBJECT DeviceObject OPTIONAL); |
| |
| NTKERNELAPI |
| NTSTATUS |
| NTAPI |
| IoSetInformation( |
| IN PFILE_OBJECT FileObject, |
| IN FILE_INFORMATION_CLASS FileInformationClass, |
| IN ULONG Length, |
| IN PVOID FileInformation); |
| |
| NTKERNELAPI |
| VOID |
| NTAPI |
| IoSetTopLevelIrp( |
| IN PIRP Irp OPTIONAL); |
| |
| NTKERNELAPI |
| NTSTATUS |
| NTAPI |
| IoSynchronousPageWrite( |
| IN PFILE_OBJECT FileObject, |
| IN PMDL Mdl, |
| IN PLARGE_INTEGER FileOffset, |
| IN PKEVENT Event, |
| OUT PIO_STATUS_BLOCK IoStatusBlock); |
| |
| NTKERNELAPI |
| PEPROCESS |
| NTAPI |
| IoThreadToProcess( |
| IN PETHREAD Thread); |
| |
| NTKERNELAPI |
| VOID |
| NTAPI |
| IoUnregisterFileSystem( |
| IN PDEVICE_OBJECT DeviceObject); |
| |
| NTKERNELAPI |
| VOID |
| NTAPI |
| IoUnregisterFsRegistrationChange( |
| IN PDRIVER_OBJECT DriverObject, |
| IN PDRIVER_FS_NOTIFICATION DriverNotificationRoutine); |
| |
| NTKERNELAPI |
| NTSTATUS |
| NTAPI |
| IoVerifyVolume( |
| IN PDEVICE_OBJECT DeviceObject, |
| IN BOOLEAN AllowRawMount); |
| |
| NTKERNELAPI |
| NTSTATUS |
| NTAPI |
| IoGetRequestorSessionId( |
| IN PIRP Irp, |
| OUT PULONG pSessionId); |
| |
| #endif /* (NTDDI_VERSION >= NTDDI_WIN2K) */ |
| |
| |
| #if (NTDDI_VERSION >= NTDDI_WINXP) |
| |
| NTKERNELAPI |
| PFILE_OBJECT |
| NTAPI |
| IoCreateStreamFileObjectEx( |
| IN PFILE_OBJECT FileObject OPTIONAL, |
| IN PDEVICE_OBJECT DeviceObject OPTIONAL, |
| OUT PHANDLE FileObjectHandle OPTIONAL); |
| |
| NTKERNELAPI |
| NTSTATUS |
| NTAPI |
| IoQueryFileDosDeviceName( |
| IN PFILE_OBJECT FileObject, |
| OUT POBJECT_NAME_INFORMATION *ObjectNameInformation); |
| |
| NTKERNELAPI |
| NTSTATUS |
| NTAPI |
| IoEnumerateDeviceObjectList( |
| IN PDRIVER_OBJECT DriverObject, |
| OUT PDEVICE_OBJECT *DeviceObjectList, |
| IN ULONG DeviceObjectListSize, |
| OUT PULONG ActualNumberDeviceObjects); |
| |
| NTKERNELAPI |
| PDEVICE_OBJECT |
| NTAPI |
| IoGetLowerDeviceObject( |
| IN PDEVICE_OBJECT DeviceObject); |
| |
| NTKERNELAPI |
| PDEVICE_OBJECT |
| NTAPI |
| IoGetDeviceAttachmentBaseRef( |
| IN PDEVICE_OBJECT DeviceObject); |
| |
| NTKERNELAPI |
| NTSTATUS |
| NTAPI |
| IoGetDiskDeviceObject( |
| IN PDEVICE_OBJECT FileSystemDeviceObject, |
| OUT PDEVICE_OBJECT *DiskDeviceObject); |
| |
| #endif /* (NTDDI_VERSION >= NTDDI_WINXP) */ |
| |
| #if (NTDDI_VERSION >= NTDDI_WS03SP1) |
| |
| NTKERNELAPI |
| NTSTATUS |
| NTAPI |
| IoEnumerateRegisteredFiltersList( |
| OUT PDRIVER_OBJECT *DriverObjectList, |
| IN ULONG DriverObjectListSize, |
| OUT PULONG ActualNumberDriverObjects); |
| #endif /* (NTDDI_VERSION >= NTDDI_WS03SP1) */ |
| |
| #if (NTDDI_VERSION >= NTDDI_VISTA) |
| |
| FORCEINLINE |
| VOID |
| NTAPI |
| IoInitializePriorityInfo( |
| IN PIO_PRIORITY_INFO PriorityInfo) |
| { |
| PriorityInfo->Size = sizeof(IO_PRIORITY_INFO); |
| PriorityInfo->ThreadPriority = 0xffff; |
| PriorityInfo->IoPriority = IoPriorityNormal; |
| PriorityInfo->PagePriority = 0; |
| } |
| #endif /* (NTDDI_VERSION >= NTDDI_VISTA) */ |
| |
| #if (NTDDI_VERSION >= NTDDI_WIN7) |
| |
| NTKERNELAPI |
| NTSTATUS |
| NTAPI |
| IoRegisterFsRegistrationChangeMountAware( |
| IN PDRIVER_OBJECT DriverObject, |
| IN PDRIVER_FS_NOTIFICATION DriverNotificationRoutine, |
| IN BOOLEAN SynchronizeWithMounts); |
| |
| NTKERNELAPI |
| NTSTATUS |
| NTAPI |
| IoReplaceFileObjectName( |
| IN PFILE_OBJECT FileObject, |
| IN PWSTR NewFileName, |
| IN USHORT FileNameLength); |
| #endif /* (NTDDI_VERSION >= NTDDI_WIN7) */ |
| |
| |
| #define PO_CB_SYSTEM_POWER_POLICY 0 |
| #define PO_CB_AC_STATUS 1 |
| #define PO_CB_BUTTON_COLLISION 2 |
| #define PO_CB_SYSTEM_STATE_LOCK 3 |
| #define PO_CB_LID_SWITCH_STATE 4 |
| #define PO_CB_PROCESSOR_POWER_POLICY 5 |
| |
| |
| #if (NTDDI_VERSION >= NTDDI_WINXP) |
| NTKERNELAPI |
| NTSTATUS |
| NTAPI |
| PoQueueShutdownWorkItem( |
| IN OUT PWORK_QUEUE_ITEM WorkItem); |
| #endif |
| |
| /****************************************************************************** |
| * Memory manager Types * |
| ******************************************************************************/ |
| |
| typedef enum _MMFLUSH_TYPE { |
| MmFlushForDelete, |
| MmFlushForWrite |
| } MMFLUSH_TYPE; |
| |
| typedef struct _READ_LIST { |
| PFILE_OBJECT FileObject; |
| ULONG NumberOfEntries; |
| LOGICAL IsImage; |
| FILE_SEGMENT_ELEMENT List[ANYSIZE_ARRAY]; |
| } READ_LIST, *PREAD_LIST; |
| |
| #if (NTDDI_VERSION >= NTDDI_WINXP) |
| |
| typedef union _MM_PREFETCH_FLAGS { |
| struct { |
| ULONG Priority : SYSTEM_PAGE_PRIORITY_BITS; |
| ULONG RepurposePriority : SYSTEM_PAGE_PRIORITY_BITS; |
| } Flags; |
| ULONG AllFlags; |
| } MM_PREFETCH_FLAGS, *PMM_PREFETCH_FLAGS; |
| |
| #define MM_PREFETCH_FLAGS_MASK ((1 << (2*SYSTEM_PAGE_PRIORITY_BITS)) - 1) |
| |
| #endif /* (NTDDI_VERSION >= NTDDI_WINXP) */ |
| |
| #define HEAP_NO_SERIALIZE 0x00000001 |
| #define HEAP_GROWABLE 0x00000002 |
| #define HEAP_GENERATE_EXCEPTIONS 0x00000004 |
| #define HEAP_ZERO_MEMORY 0x00000008 |
| #define HEAP_REALLOC_IN_PLACE_ONLY 0x00000010 |
| #define HEAP_TAIL_CHECKING_ENABLED 0x00000020 |
| #define HEAP_FREE_CHECKING_ENABLED 0x00000040 |
| #define HEAP_DISABLE_COALESCE_ON_FREE 0x00000080 |
| |
| #define HEAP_CREATE_ALIGN_16 0x00010000 |
| #define HEAP_CREATE_ENABLE_TRACING 0x00020000 |
| #define HEAP_CREATE_ENABLE_EXECUTE 0x00040000 |
| |
| #define HEAP_SETTABLE_USER_VALUE 0x00000100 |
| #define HEAP_SETTABLE_USER_FLAG1 0x00000200 |
| #define HEAP_SETTABLE_USER_FLAG2 0x00000400 |
| #define HEAP_SETTABLE_USER_FLAG3 0x00000800 |
| #define HEAP_SETTABLE_USER_FLAGS 0x00000E00 |
| |
| #define HEAP_CLASS_0 0x00000000 |
| #define HEAP_CLASS_1 0x00001000 |
| #define HEAP_CLASS_2 0x00002000 |
| #define HEAP_CLASS_3 0x00003000 |
| #define HEAP_CLASS_4 0x00004000 |
| #define HEAP_CLASS_5 0x00005000 |
| #define HEAP_CLASS_6 0x00006000 |
| #define HEAP_CLASS_7 0x00007000 |
| #define HEAP_CLASS_8 0x00008000 |
| #define HEAP_CLASS_MASK 0x0000F000 |
| |
| #define HEAP_MAXIMUM_TAG 0x0FFF |
| #define HEAP_GLOBAL_TAG 0x0800 |
| #define HEAP_PSEUDO_TAG_FLAG 0x8000 |
| #define HEAP_TAG_SHIFT 18 |
| #define HEAP_TAG_MASK (HEAP_MAXIMUM_TAG << HEAP_TAG_SHIFT) |
| |
| #define HEAP_CREATE_VALID_MASK (HEAP_NO_SERIALIZE | \ |
| HEAP_GROWABLE | \ |
| HEAP_GENERATE_EXCEPTIONS | \ |
| HEAP_ZERO_MEMORY | \ |
| HEAP_REALLOC_IN_PLACE_ONLY | \ |
| HEAP_TAIL_CHECKING_ENABLED | \ |
| HEAP_FREE_CHECKING_ENABLED | \ |
| HEAP_DISABLE_COALESCE_ON_FREE | \ |
| HEAP_CLASS_MASK | \ |
| HEAP_CREATE_ALIGN_16 | \ |
| HEAP_CREATE_ENABLE_TRACING | \ |
| HEAP_CREATE_ENABLE_EXECUTE) |
| |
| /****************************************************************************** |
| * Memory manager Functions * |
| ******************************************************************************/ |
| |
| FORCEINLINE |
| ULONG |
| HEAP_MAKE_TAG_FLAGS( |
| IN ULONG TagBase, |
| IN ULONG Tag) |
| { |
| //__assume_bound(TagBase); // FIXME |
| return ((ULONG)((TagBase) + ((Tag) << HEAP_TAG_SHIFT))); |
| } |
| |
| #if (NTDDI_VERSION >= NTDDI_WIN2K) |
| |
| NTKERNELAPI |
| BOOLEAN |
| NTAPI |
| MmIsRecursiveIoFault( |
| VOID); |
| |
| NTKERNELAPI |
| BOOLEAN |
| NTAPI |
| MmForceSectionClosed( |
| IN PSECTION_OBJECT_POINTERS SectionObjectPointer, |
| IN BOOLEAN DelayClose); |
| |
| NTKERNELAPI |
| BOOLEAN |
| NTAPI |
| MmFlushImageSection( |
| IN PSECTION_OBJECT_POINTERS SectionObjectPointer, |
| IN MMFLUSH_TYPE FlushType); |
| |
| NTKERNELAPI |
| BOOLEAN |
| NTAPI |
| MmCanFileBeTruncated( |
| IN PSECTION_OBJECT_POINTERS SectionObjectPointer, |
| IN PLARGE_INTEGER NewFileSize OPTIONAL); |
| |
| NTKERNELAPI |
| BOOLEAN |
| NTAPI |
| MmSetAddressRangeModified( |
| IN PVOID Address, |
| IN SIZE_T Length); |
| |
| #endif /* (NTDDI_VERSION >= NTDDI_WIN2K) */ |
| |
| #if (NTDDI_VERSION >= NTDDI_WINXP) |
| |
| NTKERNELAPI |
| NTSTATUS |
| NTAPI |
| MmPrefetchPages( |
| IN ULONG NumberOfLists, |
| IN PREAD_LIST *ReadLists); |
| |
| #endif /* (NTDDI_VERSION >= NTDDI_WINXP) */ |
| |
| |
| #if (NTDDI_VERSION >= NTDDI_VISTA) |
| |
| NTKERNELAPI |
| ULONG |
| NTAPI |
| MmDoesFileHaveUserWritableReferences( |
| IN PSECTION_OBJECT_POINTERS SectionPointer); |
| #endif /* (NTDDI_VERSION >= NTDDI_VISTA) */ |
| |
| |
| #if (NTDDI_VERSION >= NTDDI_WIN2K) |
| |
| NTKERNELAPI |
| NTSTATUS |
| NTAPI |
| ObInsertObject( |
| IN PVOID Object, |
| IN OUT PACCESS_STATE PassedAccessState OPTIONAL, |
| IN ACCESS_MASK DesiredAccess OPTIONAL, |
| IN ULONG ObjectPointerBias, |
| OUT PVOID *NewObject OPTIONAL, |
| OUT PHANDLE Handle OPTIONAL); |
| |
| NTKERNELAPI |
| NTSTATUS |
| NTAPI |
| ObOpenObjectByPointer( |
| IN PVOID Object, |
| IN ULONG HandleAttributes, |
| IN PACCESS_STATE PassedAccessState OPTIONAL, |
| IN ACCESS_MASK DesiredAccess OPTIONAL, |
| IN POBJECT_TYPE ObjectType OPTIONAL, |
| IN KPROCESSOR_MODE AccessMode, |
| OUT PHANDLE Handle); |
| |
| NTKERNELAPI |
| VOID |
| NTAPI |
| ObMakeTemporaryObject( |
| IN PVOID Object); |
| |
| NTKERNELAPI |
| NTSTATUS |
| NTAPI |
| ObQueryNameString( |
| IN PVOID Object, |
| OUT POBJECT_NAME_INFORMATION ObjectNameInfo OPTIONAL, |
| IN ULONG Length, |
| OUT PULONG ReturnLength); |
| |
| NTKERNELAPI |
| NTSTATUS |
| NTAPI |
| ObQueryObjectAuditingByHandle( |
| IN HANDLE Handle, |
| OUT PBOOLEAN GenerateOnClose); |
| #endif /* (NTDDI_VERSION >= NTDDI_WIN2K) */ |
| |
| #if (NTDDI_VERSION >= NTDDI_VISTA) |
| |
| NTKERNELAPI |
| BOOLEAN |
| NTAPI |
| ObIsKernelHandle( |
| IN HANDLE Handle); |
| #endif |
| |
| |
| #if (NTDDI_VERSION >= NTDDI_WIN7) |
| |
| NTKERNELAPI |
| NTSTATUS |
| NTAPI |
| ObOpenObjectByPointerWithTag( |
| IN PVOID Object, |
| IN ULONG HandleAttributes, |
| IN PACCESS_STATE PassedAccessState OPTIONAL, |
| IN ACCESS_MASK DesiredAccess, |
| IN POBJECT_TYPE ObjectType OPTIONAL, |
| IN KPROCESSOR_MODE AccessMode, |
| IN ULONG Tag, |
| OUT PHANDLE Handle); |
| #endif /* (NTDDI_VERSION >= NTDDI_WIN7) */ |
| |
| /* FSRTL Types */ |
| |
| typedef ULONG LBN; |
| typedef LBN *PLBN; |
| |
| typedef ULONG VBN; |
| typedef VBN *PVBN; |
| |
| #define FSRTL_COMMON_FCB_HEADER_LAYOUT \ |
| CSHORT NodeTypeCode; \ |
| CSHORT NodeByteSize; \ |
| UCHAR Flags; \ |
| UCHAR IsFastIoPossible; \ |
| UCHAR Flags2; \ |
| UCHAR Reserved:4; \ |
| UCHAR Version:4; \ |
| PERESOURCE Resource; \ |
| PERESOURCE PagingIoResource; \ |
| LARGE_INTEGER AllocationSize; \ |
| LARGE_INTEGER FileSize; \ |
| LARGE_INTEGER ValidDataLength; |
| |
| typedef struct _FSRTL_COMMON_FCB_HEADER { |
| FSRTL_COMMON_FCB_HEADER_LAYOUT |
| } FSRTL_COMMON_FCB_HEADER, *PFSRTL_COMMON_FCB_HEADER; |
| |
| #ifdef __cplusplus |
| typedef struct _FSRTL_ADVANCED_FCB_HEADER:FSRTL_COMMON_FCB_HEADER { |
| #else /* __cplusplus */ |
| typedef struct _FSRTL_ADVANCED_FCB_HEADER { |
| FSRTL_COMMON_FCB_HEADER_LAYOUT |
| #endif /* __cplusplus */ |
| PFAST_MUTEX FastMutex; |
| LIST_ENTRY FilterContexts; |
| #if (NTDDI_VERSION >= NTDDI_VISTA) |
| EX_PUSH_LOCK PushLock; |
| PVOID *FileContextSupportPointer; |
| #endif |
| } FSRTL_ADVANCED_FCB_HEADER, *PFSRTL_ADVANCED_FCB_HEADER; |
| |
| #define FSRTL_FCB_HEADER_V0 (0x00) |
| #define FSRTL_FCB_HEADER_V1 (0x01) |
| |
| #define FSRTL_FLAG_FILE_MODIFIED (0x01) |
| #define FSRTL_FLAG_FILE_LENGTH_CHANGED (0x02) |
| #define FSRTL_FLAG_LIMIT_MODIFIED_PAGES (0x04) |
| #define FSRTL_FLAG_ACQUIRE_MAIN_RSRC_EX (0x08) |
| #define FSRTL_FLAG_ACQUIRE_MAIN_RSRC_SH (0x10) |
| #define FSRTL_FLAG_USER_MAPPED_FILE (0x20) |
| #define FSRTL_FLAG_ADVANCED_HEADER (0x40) |
| #define FSRTL_FLAG_EOF_ADVANCE_ACTIVE (0x80) |
| |
| #define FSRTL_FLAG2_DO_MODIFIED_WRITE (0x01) |
| #define FSRTL_FLAG2_SUPPORTS_FILTER_CONTEXTS (0x02) |
| #define FSRTL_FLAG2_PURGE_WHEN_MAPPED (0x04) |
| #define FSRTL_FLAG2_IS_PAGING_FILE (0x08) |
| |
| #define FSRTL_FSP_TOP_LEVEL_IRP (0x01) |
| #define FSRTL_CACHE_TOP_LEVEL_IRP (0x02) |
| #define FSRTL_MOD_WRITE_TOP_LEVEL_IRP (0x03) |
| #define FSRTL_FAST_IO_TOP_LEVEL_IRP (0x04) |
| #define FSRTL_NETWORK1_TOP_LEVEL_IRP ((LONG_PTR)0x05) |
| #define FSRTL_NETWORK2_TOP_LEVEL_IRP ((LONG_PTR)0x06) |
| #define FSRTL_MAX_TOP_LEVEL_IRP_FLAG ((LONG_PTR)0xFFFF) |
| |
| typedef struct _FSRTL_AUXILIARY_BUFFER { |
| PVOID Buffer; |
| ULONG Length; |
| ULONG Flags; |
| PMDL Mdl; |
| } FSRTL_AUXILIARY_BUFFER, *PFSRTL_AUXILIARY_BUFFER; |
| |
| #define FSRTL_AUXILIARY_FLAG_DEALLOCATE 0x00000001 |
| |
| typedef enum _FSRTL_COMPARISON_RESULT { |
| LessThan = -1, |
| EqualTo = 0, |
| GreaterThan = 1 |
| } FSRTL_COMPARISON_RESULT; |
| |
| #define FSRTL_FAT_LEGAL 0x01 |
| #define FSRTL_HPFS_LEGAL 0x02 |
| #define FSRTL_NTFS_LEGAL 0x04 |
| #define FSRTL_WILD_CHARACTER 0x08 |
| #define FSRTL_OLE_LEGAL 0x10 |
| #define FSRTL_NTFS_STREAM_LEGAL (FSRTL_NTFS_LEGAL | FSRTL_OLE_LEGAL) |
| |
| #define FSRTL_VOLUME_DISMOUNT 1 |
| #define FSRTL_VOLUME_DISMOUNT_FAILED 2 |
| #define FSRTL_VOLUME_LOCK 3 |
| #define FSRTL_VOLUME_LOCK_FAILED 4 |
| #define FSRTL_VOLUME_UNLOCK 5 |
| #define FSRTL_VOLUME_MOUNT 6 |
| #define FSRTL_VOLUME_NEEDS_CHKDSK 7 |
| #define FSRTL_VOLUME_WORM_NEAR_FULL 8 |
| #define FSRTL_VOLUME_WEARING_OUT 9 |
| #define FSRTL_VOLUME_FORCED_CLOSED 10 |
| #define FSRTL_VOLUME_INFO_MAKE_COMPAT 11 |
| #define FSRTL_VOLUME_PREPARING_EJECT 12 |
| #define FSRTL_VOLUME_CHANGE_SIZE 13 |
| #define FSRTL_VOLUME_BACKGROUND_FORMAT 14 |
| |
| typedef VOID |
| (NTAPI *PFSRTL_STACK_OVERFLOW_ROUTINE) ( |
| IN PVOID Context, |
| IN PKEVENT Event); |
| |
| #if (NTDDI_VERSION >= NTDDI_VISTA) |
| |
| #define FSRTL_UNC_PROVIDER_FLAGS_MAILSLOTS_SUPPORTED 0x00000001 |
| #define FSRTL_UNC_PROVIDER_FLAGS_CSC_ENABLED 0x00000002 |
| #define FSRTL_UNC_PROVIDER_FLAGS_DOMAIN_SVC_AWARE 0x00000004 |
| |
| #define FSRTL_ALLOCATE_ECPLIST_FLAG_CHARGE_QUOTA 0x00000001 |
| |
| #define FSRTL_ALLOCATE_ECP_FLAG_CHARGE_QUOTA 0x00000001 |
| #define FSRTL_ALLOCATE_ECP_FLAG_NONPAGED_POOL 0x00000002 |
| |
| #define FSRTL_ECP_LOOKASIDE_FLAG_NONPAGED_POOL 0x00000002 |
| |
| #define FSRTL_VIRTDISK_FULLY_ALLOCATED 0x00000001 |
| #define FSRTL_VIRTDISK_NO_DRIVE_LETTER 0x00000002 |
| |
| typedef struct _FSRTL_MUP_PROVIDER_INFO_LEVEL_1 { |
| ULONG32 ProviderId; |
| } FSRTL_MUP_PROVIDER_INFO_LEVEL_1, *PFSRTL_MUP_PROVIDER_INFO_LEVEL_1; |
| |
| typedef struct _FSRTL_MUP_PROVIDER_INFO_LEVEL_2 { |
| ULONG32 ProviderId; |
| UNICODE_STRING ProviderName; |
| } FSRTL_MUP_PROVIDER_INFO_LEVEL_2, *PFSRTL_MUP_PROVIDER_INFO_LEVEL_2; |
| |
| typedef VOID |
| (*PFSRTL_EXTRA_CREATE_PARAMETER_CLEANUP_CALLBACK) ( |
| IN OUT PVOID EcpContext, |
| IN LPCGUID EcpType); |
| |
| typedef struct _ECP_LIST ECP_LIST, *PECP_LIST; |
| |
| typedef ULONG FSRTL_ALLOCATE_ECPLIST_FLAGS; |
| typedef ULONG FSRTL_ALLOCATE_ECP_FLAGS; |
| typedef ULONG FSRTL_ECP_LOOKASIDE_FLAGS; |
| |
| typedef enum _FSRTL_CHANGE_BACKING_TYPE { |
| ChangeDataControlArea, |
| ChangeImageControlArea, |
| ChangeSharedCacheMap |
| } FSRTL_CHANGE_BACKING_TYPE, *PFSRTL_CHANGE_BACKING_TYPE; |
| |
| #endif /* (NTDDI_VERSION >= NTDDI_VISTA) */ |
| |
| typedef struct _FSRTL_PER_FILE_CONTEXT { |
| LIST_ENTRY Links; |
| PVOID OwnerId; |
| PVOID InstanceId; |
| PFREE_FUNCTION FreeCallback; |
| } FSRTL_PER_FILE_CONTEXT, *PFSRTL_PER_FILE_CONTEXT; |
| |
| typedef struct _FSRTL_PER_STREAM_CONTEXT { |
| LIST_ENTRY Links; |
| PVOID OwnerId; |
| PVOID InstanceId; |
| PFREE_FUNCTION FreeCallback; |
| } FSRTL_PER_STREAM_CONTEXT, *PFSRTL_PER_STREAM_CONTEXT; |
| |
| #if (NTDDI_VERSION >= NTDDI_WIN2K) |
| typedef VOID |
| (*PFN_FSRTLTEARDOWNPERSTREAMCONTEXTS) ( |
| IN PFSRTL_ADVANCED_FCB_HEADER AdvancedHeader); |
| #endif |
| |
| typedef struct _FSRTL_PER_FILEOBJECT_CONTEXT { |
| LIST_ENTRY Links; |
| PVOID OwnerId; |
| PVOID InstanceId; |
| } FSRTL_PER_FILEOBJECT_CONTEXT, *PFSRTL_PER_FILEOBJECT_CONTEXT; |
| |
| #define FSRTL_CC_FLUSH_ERROR_FLAG_NO_HARD_ERROR 0x1 |
| #define FSRTL_CC_FLUSH_ERROR_FLAG_NO_LOG_ENTRY 0x2 |
| |
| typedef NTSTATUS |
| (NTAPI *PCOMPLETE_LOCK_IRP_ROUTINE) ( |
| IN PVOID Context, |
| IN PIRP Irp); |
| |
| typedef struct _FILE_LOCK_INFO { |
| LARGE_INTEGER StartingByte; |
| LARGE_INTEGER Length; |
| BOOLEAN ExclusiveLock; |
| ULONG Key; |
| PFILE_OBJECT FileObject; |
| PVOID ProcessId; |
| LARGE_INTEGER EndingByte; |
| } FILE_LOCK_INFO, *PFILE_LOCK_INFO; |
| |
| typedef VOID |
| (NTAPI *PUNLOCK_ROUTINE) ( |
| IN PVOID Context, |
| IN PFILE_LOCK_INFO FileLockInfo); |
| |
| typedef struct _FILE_LOCK { |
| PCOMPLETE_LOCK_IRP_ROUTINE CompleteLockIrpRoutine; |
| PUNLOCK_ROUTINE UnlockRoutine; |
| BOOLEAN FastIoIsQuestionable; |
| BOOLEAN SpareC[3]; |
| PVOID LockInformation; |
| FILE_LOCK_INFO LastReturnedLockInfo; |
| PVOID LastReturnedLock; |
| LONG volatile LockRequestsInProgress; |
| } FILE_LOCK, *PFILE_LOCK; |
| |
| typedef struct _TUNNEL { |
| FAST_MUTEX Mutex; |
| PRTL_SPLAY_LINKS Cache; |
| LIST_ENTRY TimerQueue; |
| USHORT NumEntries; |
| } TUNNEL, *PTUNNEL; |
| |
| typedef struct _BASE_MCB { |
| ULONG MaximumPairCount; |
| ULONG PairCount; |
| USHORT PoolType; |
| USHORT Flags; |
| PVOID Mapping; |
| } BASE_MCB, *PBASE_MCB; |
| |
| typedef struct _LARGE_MCB { |
| PKGUARDED_MUTEX GuardedMutex; |
| BASE_MCB BaseMcb; |
| } LARGE_MCB, *PLARGE_MCB; |
| |
| #define MCB_FLAG_RAISE_ON_ALLOCATION_FAILURE 1 |
| |
| typedef struct _MCB { |
| LARGE_MCB DummyFieldThatSizesThisStructureCorrectly; |
| } MCB, *PMCB; |
| |
| typedef enum _FAST_IO_POSSIBLE { |
| FastIoIsNotPossible = 0, |
| FastIoIsPossible, |
| FastIoIsQuestionable |
| } FAST_IO_POSSIBLE; |
| |
| typedef struct _EOF_WAIT_BLOCK { |
| LIST_ENTRY EofWaitLinks; |
| KEVENT Event; |
| } EOF_WAIT_BLOCK, *PEOF_WAIT_BLOCK; |
| |
| typedef PVOID OPLOCK, *POPLOCK; |
| |
| typedef VOID |
| (NTAPI *POPLOCK_WAIT_COMPLETE_ROUTINE) ( |
| IN PVOID Context, |
| IN PIRP Irp); |
| |
| typedef VOID |
| (NTAPI *POPLOCK_FS_PREPOST_IRP) ( |
| IN PVOID Context, |
| IN PIRP Irp); |
| |
| #if (NTDDI_VERSION >= NTDDI_VISTASP1) |
| #define OPLOCK_FLAG_COMPLETE_IF_OPLOCKED 0x00000001 |
| #endif |
| |
| #if (NTDDI_VERSION >= NTDDI_WIN7) |
| #define OPLOCK_FLAG_OPLOCK_KEY_CHECK_ONLY 0x00000002 |
| #define OPLOCK_FLAG_BACK_OUT_ATOMIC_OPLOCK 0x00000004 |
| #define OPLOCK_FLAG_IGNORE_OPLOCK_KEYS 0x00000008 |
| #define OPLOCK_FSCTRL_FLAG_ALL_KEYS_MATCH 0x00000001 |
| #endif |
| |
| #if (NTDDI_VERSION >= NTDDI_WIN7) |
| |
| typedef struct _OPLOCK_KEY_ECP_CONTEXT { |
| GUID OplockKey; |
| ULONG Reserved; |
| } OPLOCK_KEY_ECP_CONTEXT, *POPLOCK_KEY_ECP_CONTEXT; |
| |
| DEFINE_GUID(GUID_ECP_OPLOCK_KEY, 0x48850596, 0x3050, 0x4be7, 0x98, 0x63, 0xfe, 0xc3, 0x50, 0xce, 0x8d, 0x7f); |
| |
| #endif |
| |
| typedef PVOID PNOTIFY_SYNC; |
| |
| #if (NTDDI_VERSION >= NTDDI_WIN7) |
| typedef struct _ECP_HEADER ECP_HEADER, *PECP_HEADER; |
| #endif |
| |
| typedef BOOLEAN |
| (NTAPI *PCHECK_FOR_TRAVERSE_ACCESS) ( |
| IN PVOID NotifyContext, |
| IN PVOID TargetContext OPTIONAL, |
| IN PSECURITY_SUBJECT_CONTEXT SubjectContext); |
| |
| typedef BOOLEAN |
| (NTAPI *PFILTER_REPORT_CHANGE) ( |
| IN PVOID NotifyContext, |
| IN PVOID FilterContext); |
| /* FSRTL Functions */ |
| |
| #define FsRtlEnterFileSystem KeEnterCriticalRegion |
| #define FsRtlExitFileSystem KeLeaveCriticalRegion |
| |
| #if (NTDDI_VERSION >= NTDDI_WIN2K) |
| |
| NTKERNELAPI |
| BOOLEAN |
| NTAPI |
| FsRtlCopyRead( |
| IN PFILE_OBJECT FileObject, |
| IN PLARGE_INTEGER FileOffset, |
| IN ULONG Length, |
| IN BOOLEAN Wait, |
| IN ULONG LockKey, |
| OUT PVOID Buffer, |
| OUT PIO_STATUS_BLOCK IoStatus, |
| IN PDEVICE_OBJECT DeviceObject); |
| |
| NTKERNELAPI |
| BOOLEAN |
| NTAPI |
| FsRtlCopyWrite( |
| IN PFILE_OBJECT FileObject, |
| IN PLARGE_INTEGER FileOffset, |
| IN ULONG Length, |
| IN BOOLEAN Wait, |
| IN ULONG LockKey, |
| IN PVOID Buffer, |
| OUT PIO_STATUS_BLOCK IoStatus, |
| IN PDEVICE_OBJECT DeviceObject); |
| |
| NTKERNELAPI |
| BOOLEAN |
| NTAPI |
| FsRtlMdlReadDev( |
| IN PFILE_OBJECT FileObject, |
| IN PLARGE_INTEGER FileOffset, |
| IN ULONG Length, |
| IN ULONG LockKey, |
| OUT PMDL *MdlChain, |
| OUT PIO_STATUS_BLOCK IoStatus, |
| IN PDEVICE_OBJECT DeviceObject OPTIONAL); |
| |
| NTKERNELAPI |
| BOOLEAN |
| NTAPI |
| FsRtlMdlReadCompleteDev( |
| IN PFILE_OBJECT FileObject, |
| IN PMDL MdlChain, |
| IN PDEVICE_OBJECT DeviceObject OPTIONAL); |
| |
| NTKERNELAPI |
| BOOLEAN |
| NTAPI |
| FsRtlPrepareMdlWriteDev( |
| IN PFILE_OBJECT FileObject, |
| IN PLARGE_INTEGER FileOffset, |
| IN ULONG Length, |
| IN ULONG LockKey, |
| OUT PMDL *MdlChain, |
| OUT PIO_STATUS_BLOCK IoStatus, |
| IN PDEVICE_OBJECT DeviceObject); |
| |
| NTKERNELAPI |
| BOOLEAN |
| NTAPI |
| FsRtlMdlWriteCompleteDev( |
| IN PFILE_OBJECT FileObject, |
| IN PLARGE_INTEGER FileOffset, |
| IN PMDL MdlChain, |
| IN PDEVICE_OBJECT DeviceObject); |
| |
| NTKERNELAPI |
| VOID |
| NTAPI |
| FsRtlAcquireFileExclusive( |
| IN PFILE_OBJECT FileObject); |
| |
| NTKERNELAPI |
| VOID |
| NTAPI |
| FsRtlReleaseFile( |
| IN PFILE_OBJECT FileObject); |
| |
| NTKERNELAPI |
| NTSTATUS |
| NTAPI |
| FsRtlGetFileSize( |
| IN PFILE_OBJECT FileObject, |
| OUT PLARGE_INTEGER FileSize); |
| |
| NTKERNELAPI |
| BOOLEAN |
| NTAPI |
| FsRtlIsTotalDeviceFailure( |
| IN NTSTATUS Status); |
| |
| NTKERNELAPI |
| PFILE_LOCK |
| NTAPI |
| FsRtlAllocateFileLock( |
| IN PCOMPLETE_LOCK_IRP_ROUTINE CompleteLockIrpRoutine OPTIONAL, |
| IN PUNLOCK_ROUTINE UnlockRoutine OPTIONAL); |
| |
| NTKERNELAPI |
| VOID |
| NTAPI |
| FsRtlFreeFileLock( |
| IN PFILE_LOCK FileLock); |
| |
| NTKERNELAPI |
| VOID |
| NTAPI |
| FsRtlInitializeFileLock( |
| IN PFILE_LOCK FileLock, |
| IN PCOMPLETE_LOCK_IRP_ROUTINE CompleteLockIrpRoutine OPTIONAL, |
| IN PUNLOCK_ROUTINE UnlockRoutine OPTIONAL); |
| |
| NTKERNELAPI |
| VOID |
| NTAPI |
| FsRtlUninitializeFileLock( |
| IN PFILE_LOCK FileLock); |
| |
| /* |
| FsRtlProcessFileLock: |
| |
| ret: |
| -STATUS_INVALID_DEVICE_REQUEST |
| -STATUS_RANGE_NOT_LOCKED from unlock routines. |
| -STATUS_PENDING, STATUS_LOCK_NOT_GRANTED from FsRtlPrivateLock |
| (redirected IoStatus->Status). |
| |
| Internals: |
| -switch ( Irp->CurrentStackLocation->MinorFunction ) |
| lock: return FsRtlPrivateLock; |
| unlocksingle: return FsRtlFastUnlockSingle; |
| unlockall: return FsRtlFastUnlockAll; |
| unlockallbykey: return FsRtlFastUnlockAllByKey; |
| default: IofCompleteRequest with STATUS_INVALID_DEVICE_REQUEST; |
| return STATUS_INVALID_DEVICE_REQUEST; |
| |
| -'AllwaysZero' is passed thru as 'AllwaysZero' to lock / unlock routines. |
| -'Irp' is passet thru as 'Irp' to FsRtlPrivateLock. |
| */ |
| NTKERNELAPI |
| NTSTATUS |
| NTAPI |
| FsRtlProcessFileLock( |
| IN PFILE_LOCK FileLock, |
| IN PIRP Irp, |
| IN PVOID Context OPTIONAL); |
| |
| /* |
| FsRtlCheckLockForReadAccess: |
| |
| All this really does is pick out the lock parameters from the irp (io stack |
| location?), get IoGetRequestorProcess, and pass values on to |
| FsRtlFastCheckLockForRead. |
| */ |
| NTKERNELAPI |
| BOOLEAN |
| NTAPI |
| FsRtlCheckLockForReadAccess( |
| IN PFILE_LOCK FileLock, |
| IN PIRP Irp); |
| |
| /* |
| FsRtlCheckLockForWriteAccess: |
| |
| All this really does is pick out the lock parameters from the irp (io stack |
| location?), get IoGetRequestorProcess, and pass values on to |
| FsRtlFastCheckLockForWrite. |
| */ |
| NTKERNELAPI |
| BOOLEAN |
| NTAPI |
| FsRtlCheckLockForWriteAccess( |
| IN PFILE_LOCK FileLock, |
| IN PIRP Irp); |
| |
| NTKERNELAPI |
| BOOLEAN |
| NTAPI |
| FsRtlFastCheckLockForRead( |
| IN PFILE_LOCK FileLock, |
| IN PLARGE_INTEGER FileOffset, |
| IN PLARGE_INTEGER Length, |
| IN ULONG Key, |
| IN PFILE_OBJECT FileObject, |
| IN PVOID Process); |
| |
| NTKERNELAPI |
| BOOLEAN |
| NTAPI |
| FsRtlFastCheckLockForWrite( |
| IN PFILE_LOCK FileLock, |
| IN PLARGE_INTEGER FileOffset, |
| IN PLARGE_INTEGER Length, |
| IN ULONG Key, |
| IN PFILE_OBJECT FileObject, |
| IN PVOID Process); |
| |
| /* |
| FsRtlGetNextFileLock: |
| |
| ret: NULL if no more locks |
| |
| Internals: |
| FsRtlGetNextFileLock uses FileLock->LastReturnedLockInfo and |
| FileLock->LastReturnedLock as storage. |
| LastReturnedLock is a pointer to the 'raw' lock inkl. double linked |
| list, and FsRtlGetNextFileLock needs this to get next lock on subsequent |
| calls with Restart = FALSE. |
| */ |
| NTKERNELAPI |
| PFILE_LOCK_INFO |
| NTAPI |
| FsRtlGetNextFileLock( |
| IN PFILE_LOCK FileLock, |
| IN BOOLEAN Restart); |
| |
| NTKERNELAPI |
| NTSTATUS |
| NTAPI |
| FsRtlFastUnlockSingle( |
| IN PFILE_LOCK FileLock, |
| IN PFILE_OBJECT FileObject, |
| IN PLARGE_INTEGER FileOffset, |
| IN PLARGE_INTEGER Length, |
| IN PEPROCESS Process, |
| IN ULONG Key, |
| IN PVOID Context OPTIONAL, |
| IN BOOLEAN AlreadySynchronized); |
| |
| NTKERNELAPI |
| NTSTATUS |
| NTAPI |
| FsRtlFastUnlockAll( |
| IN PFILE_LOCK FileLock, |
| IN PFILE_OBJECT FileObject, |
| IN PEPROCESS Process, |
| IN PVOID Context OPTIONAL); |
| |
| NTKERNELAPI |
| NTSTATUS |
| NTAPI |
| FsRtlFastUnlockAllByKey( |
| IN PFILE_LOCK FileLock, |
| IN PFILE_OBJECT FileObject, |
| IN PEPROCESS Process, |
| IN ULONG Key, |
| IN PVOID Context OPTIONAL); |
| |
| /* |
| FsRtlPrivateLock: |
| |
| ret: IoStatus->Status: STATUS_PENDING, STATUS_LOCK_NOT_GRANTED |
| |
| Internals: |
| -Calls IoCompleteRequest if Irp |
| -Uses exception handling / ExRaiseStatus with STATUS_INSUFFICIENT_RESOURCES |
| */ |
| NTKERNELAPI |
| BOOLEAN |
| NTAPI |
| FsRtlPrivateLock( |
| IN PFILE_LOCK FileLock, |
| IN PFILE_OBJECT FileObject, |
| IN PLARGE_INTEGER FileOffset, |
| IN PLARGE_INTEGER Length, |
| IN PEPROCESS Process, |
| IN ULONG Key, |
| IN BOOLEAN FailImmediately, |
| IN BOOLEAN ExclusiveLock, |
| OUT PIO_STATUS_BLOCK IoStatus, |
| IN PIRP Irp OPTIONAL, |
| IN PVOID Context, |
| IN BOOLEAN AlreadySynchronized); |
| |
| NTKERNELAPI |
| VOID |
| NTAPI |
| FsRtlInitializeTunnelCache( |
| IN PTUNNEL Cache); |
| |
| NTKERNELAPI |
| VOID |
| NTAPI |
| FsRtlAddToTunnelCache( |
| IN PTUNNEL Cache, |
| IN ULONGLONG DirectoryKey, |
| IN PUNICODE_STRING ShortName, |
| IN PUNICODE_STRING LongName, |
| IN BOOLEAN KeyByShortName, |
| IN ULONG DataLength, |
| IN PVOID Data); |
| |
| NTKERNELAPI |
| BOOLEAN |
| NTAPI |
| FsRtlFindInTunnelCache( |
| IN PTUNNEL Cache, |
| IN ULONGLONG DirectoryKey, |
| IN PUNICODE_STRING Name, |
| OUT PUNICODE_STRING ShortName, |
| OUT PUNICODE_STRING LongName, |
| IN OUT PULONG DataLength, |
| OUT PVOID Data); |
| |
| NTKERNELAPI |
| VOID |
| NTAPI |
| FsRtlDeleteKeyFromTunnelCache( |
| IN PTUNNEL Cache, |
| IN ULONGLONG DirectoryKey); |
| |
| NTKERNELAPI |
| VOID |
| NTAPI |
| FsRtlDeleteTunnelCache( |
| IN PTUNNEL Cache); |
| |
| NTKERNELAPI |
| VOID |
| NTAPI |
| FsRtlDissectDbcs( |
| IN ANSI_STRING Name, |
| OUT PANSI_STRING FirstPart, |
| OUT PANSI_STRING RemainingPart); |
| |
| NTKERNELAPI |
| BOOLEAN |
| NTAPI |
| FsRtlDoesDbcsContainWildCards( |
| IN PANSI_STRING Name); |
| |
| NTKERNELAPI |
| BOOLEAN |
| NTAPI |
| FsRtlIsDbcsInExpression( |
| IN PANSI_STRING Expression, |
| IN PANSI_STRING Name); |
| |
| NTKERNELAPI |
| BOOLEAN |
| NTAPI |
| FsRtlIsFatDbcsLegal( |
| IN ANSI_STRING DbcsName, |
| IN BOOLEAN WildCardsPermissible, |
| IN BOOLEAN PathNamePermissible, |
| IN BOOLEAN LeadingBackslashPermissible); |
| |
| NTKERNELAPI |
| BOOLEAN |
| NTAPI |
| FsRtlIsHpfsDbcsLegal( |
| IN ANSI_STRING DbcsName, |
| IN BOOLEAN WildCardsPermissible, |
| IN BOOLEAN PathNamePermissible, |
| IN BOOLEAN LeadingBackslashPermissible); |
| |
| NTKERNELAPI |
| NTSTATUS |
| NTAPI |
| FsRtlNormalizeNtstatus( |
| IN NTSTATUS Exception, |
| IN NTSTATUS GenericException); |
| |
| NTKERNELAPI |
| BOOLEAN |
| NTAPI |
| FsRtlIsNtstatusExpected( |
| IN NTSTATUS Ntstatus); |
| |
| NTKERNELAPI |
| PERESOURCE |
| NTAPI |
| FsRtlAllocateResource( |
| VOID); |
| |
| NTKERNELAPI |
| VOID |
| NTAPI |
| FsRtlInitializeLargeMcb( |
| IN PLARGE_MCB Mcb, |
| IN POOL_TYPE PoolType); |
| |
| NTKERNELAPI |
| VOID |
| NTAPI |
| FsRtlUninitializeLargeMcb( |
| IN PLARGE_MCB Mcb); |
| |
| NTKERNELAPI |
| VOID |
| NTAPI |
| FsRtlResetLargeMcb( |
| IN PLARGE_MCB Mcb, |
| IN BOOLEAN SelfSynchronized); |
| |
| NTKERNELAPI |
| VOID |
| NTAPI |
| FsRtlTruncateLargeMcb( |
| IN PLARGE_MCB Mcb, |
| IN LONGLONG Vbn); |
| |
| NTKERNELAPI |
| BOOLEAN |
| NTAPI |
| FsRtlAddLargeMcbEntry( |
| IN PLARGE_MCB Mcb, |
| IN LONGLONG Vbn, |
| IN LONGLONG Lbn, |
| IN LONGLONG SectorCount); |
| |
| NTKERNELAPI |
| VOID |
| NTAPI |
| FsRtlRemoveLargeMcbEntry( |
| IN PLARGE_MCB Mcb, |
| IN LONGLONG Vbn, |
| IN LONGLONG SectorCount); |
| |
| NTKERNELAPI |
| BOOLEAN |
| NTAPI |
| FsRtlLookupLargeMcbEntry( |
| IN PLARGE_MCB Mcb, |
| IN LONGLONG Vbn, |
| OUT PLONGLONG Lbn OPTIONAL, |
| OUT PLONGLONG SectorCountFromLbn OPTIONAL, |
| OUT PLONGLONG StartingLbn OPTIONAL, |
| OUT PLONGLONG SectorCountFromStartingLbn OPTIONAL, |
| OUT PULONG Index OPTIONAL); |
| |
| NTKERNELAPI |
| BOOLEAN |
| NTAPI |
| FsRtlLookupLastLargeMcbEntry( |
| IN PLARGE_MCB Mcb, |
| OUT PLONGLONG Vbn, |
| OUT PLONGLONG Lbn); |
| |
| NTKERNELAPI |
| BOOLEAN |
| NTAPI |
| FsRtlLookupLastLargeMcbEntryAndIndex( |
| IN PLARGE_MCB OpaqueMcb, |
| OUT PLONGLONG LargeVbn, |
| OUT PLONGLONG LargeLbn, |
| OUT PULONG Index); |
| |
| NTKERNELAPI |
| ULONG |
| NTAPI |
| FsRtlNumberOfRunsInLargeMcb( |
| IN PLARGE_MCB Mcb); |
| |
| NTKERNELAPI |
| BOOLEAN |
| NTAPI |
| FsRtlGetNextLargeMcbEntry( |
| IN PLARGE_MCB Mcb, |
| IN ULONG RunIndex, |
| OUT PLONGLONG Vbn, |
| OUT PLONGLONG Lbn, |
| OUT PLONGLONG SectorCount); |
| |
| NTKERNELAPI |
| BOOLEAN |
| NTAPI |
| FsRtlSplitLargeMcb( |
| IN PLARGE_MCB Mcb, |
| IN LONGLONG Vbn, |
| IN LONGLONG Amount); |
| |
| NTKERNELAPI |
| VOID |
| NTAPI |
| FsRtlInitializeMcb( |
| IN PMCB Mcb, |
| IN POOL_TYPE PoolType); |
| |
| NTKERNELAPI |
| VOID |
| NTAPI |
| FsRtlUninitializeMcb( |
| IN PMCB Mcb); |
| |
| NTKERNELAPI |
| VOID |
| NTAPI |
| FsRtlTruncateMcb( |
| IN PMCB Mcb, |
| IN VBN Vbn); |
| |
| NTKERNELAPI |
| BOOLEAN |
| NTAPI |
| FsRtlAddMcbEntry( |
| IN PMCB Mcb, |
| IN VBN Vbn, |
| IN LBN Lbn, |
| IN ULONG SectorCount); |
| |
| NTKERNELAPI |
| VOID |
| NTAPI |
| FsRtlRemoveMcbEntry( |
| IN PMCB Mcb, |
| IN VBN Vbn, |
| IN ULONG SectorCount); |
| |
| NTKERNELAPI |
| BOOLEAN |
| NTAPI |
| FsRtlLookupMcbEntry( |
| IN PMCB Mcb, |
| IN VBN Vbn, |
| OUT PLBN Lbn, |
| OUT PULONG SectorCount OPTIONAL, |
| OUT PULONG Index); |
| |
| NTKERNELAPI |
| BOOLEAN |
| NTAPI |
| FsRtlLookupLastMcbEntry( |
| IN PMCB Mcb, |
| OUT PVBN Vbn, |
| OUT PLBN Lbn); |
| |
| NTKERNELAPI |
| ULONG |
| NTAPI |
| FsRtlNumberOfRunsInMcb( |
| IN PMCB Mcb); |
| |
| NTKERNELAPI |
| BOOLEAN |
| NTAPI |
| FsRtlGetNextMcbEntry( |
| IN PMCB Mcb, |
| IN ULONG RunIndex, |
| OUT PVBN Vbn, |
| OUT PLBN Lbn, |
| OUT PULONG SectorCount); |
| |
| NTKERNELAPI |
| NTSTATUS |
| NTAPI |
| FsRtlBalanceReads( |
| IN PDEVICE_OBJECT TargetDevice); |
| |
| NTKERNELAPI |
| VOID |
| NTAPI |
| FsRtlInitializeOplock( |
| IN OUT POPLOCK Oplock); |
| |
| NTKERNELAPI |
| VOID |
| NTAPI |
| FsRtlUninitializeOplock( |
| IN OUT POPLOCK Oplock); |
| |
| NTKERNELAPI |
| NTSTATUS |
| NTAPI |
| FsRtlOplockFsctrl( |
| IN POPLOCK Oplock, |
| IN PIRP Irp, |
| IN ULONG OpenCount); |
| |
| NTKERNELAPI |
| NTSTATUS |
| NTAPI |
| FsRtlCheckOplock( |
| IN POPLOCK Oplock, |
| IN PIRP Irp, |
| IN PVOID Context, |
| IN POPLOCK_WAIT_COMPLETE_ROUTINE CompletionRoutine OPTIONAL, |
| IN POPLOCK_FS_PREPOST_IRP PostIrpRoutine OPTIONAL); |
| |
| NTKERNELAPI |
| BOOLEAN |
| NTAPI |
| FsRtlOplockIsFastIoPossible( |
| IN POPLOCK Oplock); |
| |
| NTKERNELAPI |
| BOOLEAN |
| NTAPI |
| FsRtlCurrentBatchOplock( |
| IN POPLOCK Oplock); |
| |
| NTKERNELAPI |
| NTSTATUS |
| NTAPI |
| FsRtlNotifyVolumeEvent( |
| IN PFILE_OBJECT FileObject, |
| IN ULONG EventCode); |
| |
| NTKERNELAPI |
| VOID |
| NTAPI |
| FsRtlNotifyInitializeSync( |
| IN PNOTIFY_SYNC *NotifySync); |
| |
| NTKERNELAPI |
| VOID |
| NTAPI |
| FsRtlNotifyUninitializeSync( |
| IN PNOTIFY_SYNC *NotifySync); |
| |
| NTKERNELAPI |
| VOID |
| NTAPI |
| FsRtlNotifyFullChangeDirectory( |
| IN PNOTIFY_SYNC NotifySync, |
| IN PLIST_ENTRY NotifyList, |
| IN PVOID FsContext, |
| IN PSTRING FullDirectoryName, |
| IN BOOLEAN WatchTree, |
| IN BOOLEAN IgnoreBuffer, |
| IN ULONG CompletionFilter, |
| IN PIRP NotifyIrp OPTIONAL, |
| IN PCHECK_FOR_TRAVERSE_ACCESS TraverseCallback OPTIONAL, |
| IN PSECURITY_SUBJECT_CONTEXT SubjectContext OPTIONAL); |
| |
| NTKERNELAPI |
| VOID |
| NTAPI |
| FsRtlNotifyFilterReportChange( |
| IN PNOTIFY_SYNC NotifySync, |
| IN PLIST_ENTRY NotifyList, |
| IN PSTRING FullTargetName, |
| IN USHORT TargetNameOffset, |
| IN PSTRING StreamName OPTIONAL, |
| IN PSTRING NormalizedParentName OPTIONAL, |
| IN ULONG FilterMatch, |
| IN ULONG Action, |
| IN PVOID TargetContext OPTIONAL, |
| IN PVOID FilterContext OPTIONAL); |
| |
| NTKERNELAPI |
| VOID |
| NTAPI |
| FsRtlNotifyFullReportChange( |
| IN PNOTIFY_SYNC NotifySync, |
| IN PLIST_ENTRY NotifyList, |
| IN PSTRING FullTargetName, |
| IN USHORT TargetNameOffset, |
| IN PSTRING StreamName OPTIONAL, |
| IN PSTRING NormalizedParentName OPTIONAL, |
| IN ULONG FilterMatch, |
| IN ULONG Action, |
| IN PVOID TargetContext OPTIONAL); |
| |
| NTKERNELAPI |
| VOID |
| NTAPI |
| FsRtlNotifyCleanup( |
| IN PNOTIFY_SYNC NotifySync, |
| IN PLIST_ENTRY NotifyList, |
| IN PVOID FsContext); |
| |
| NTKERNELAPI |
| VOID |
| NTAPI |
| FsRtlDissectName( |
| IN UNICODE_STRING Name, |
| OUT PUNICODE_STRING FirstPart, |
| OUT PUNICODE_STRING RemainingPart); |
| |
| NTKERNELAPI |
| BOOLEAN |
| NTAPI |
| FsRtlDoesNameContainWildCards( |
| IN PUNICODE_STRING Name); |
| |
| NTKERNELAPI |
| BOOLEAN |
| NTAPI |
| FsRtlAreNamesEqual( |
| IN PCUNICODE_STRING Name1, |
| IN PCUNICODE_STRING Name2, |
| IN BOOLEAN IgnoreCase, |
| IN PCWCH UpcaseTable OPTIONAL); |
| |
| NTKERNELAPI |
| BOOLEAN |
| NTAPI |
| FsRtlIsNameInExpression( |
| IN PUNICODE_STRING Expression, |
| IN PUNICODE_STRING Name, |
| IN BOOLEAN IgnoreCase, |
| IN PWCHAR UpcaseTable OPTIONAL); |
| |
| NTKERNELAPI |
| VOID |
| NTAPI |
| FsRtlPostPagingFileStackOverflow( |
| IN PVOID Context, |
| IN PKEVENT Event, |
| IN PFSRTL_STACK_OVERFLOW_ROUTINE StackOverflowRoutine); |
| |
| NTKERNELAPI |
| VOID |
| NTAPI |
| FsRtlPostStackOverflow ( |
| IN PVOID Context, |
| IN PKEVENT Event, |
| IN PFSRTL_STACK_OVERFLOW_ROUTINE StackOverflowRoutine); |
| |
| NTKERNELAPI |
| NTSTATUS |
| NTAPI |
| FsRtlRegisterUncProvider( |
| OUT PHANDLE MupHandle, |
| IN PUNICODE_STRING RedirectorDeviceName, |
| IN BOOLEAN MailslotsSupported); |
| |
| NTKERNELAPI |
| VOID |
| NTAPI |
| FsRtlDeregisterUncProvider( |
| IN HANDLE Handle); |
| |
| NTKERNELAPI |
| VOID |
| NTAPI |
| FsRtlTeardownPerStreamContexts( |
| IN PFSRTL_ADVANCED_FCB_HEADER AdvancedHeader); |
| |
| NTKERNELAPI |
| NTSTATUS |
| NTAPI |
| FsRtlCreateSectionForDataScan( |
| OUT PHANDLE SectionHandle, |
| OUT PVOID *SectionObject, |
| OUT PLARGE_INTEGER SectionFileSize OPTIONAL, |
| IN PFILE_OBJECT FileObject, |
| IN ACCESS_MASK DesiredAccess, |
| IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, |
| IN PLARGE_INTEGER MaximumSize OPTIONAL, |
| IN ULONG SectionPageProtection, |
| IN ULONG AllocationAttributes, |
| IN ULONG Flags); |
| |
| #endif /* (NTDDI_VERSION >= NTDDI_WIN2K) */ |
| |
| #if (NTDDI_VERSION >= NTDDI_WINXP) |
| |
| NTKERNELAPI |
| VOID |
| NTAPI |
| FsRtlNotifyFilterChangeDirectory( |
| IN PNOTIFY_SYNC NotifySync, |
| IN PLIST_ENTRY NotifyList, |
| IN PVOID FsContext, |
| IN PSTRING FullDirectoryName, |
| IN BOOLEAN WatchTree, |
| IN BOOLEAN IgnoreBuffer, |
| IN ULONG CompletionFilter, |
| IN PIRP NotifyIrp OPTIONAL, |
| IN PCHECK_FOR_TRAVERSE_ACCESS TraverseCallback OPTIONAL, |
| IN PSECURITY_SUBJECT_CONTEXT SubjectContext OPTIONAL, |
| IN PFILTER_REPORT_CHANGE FilterCallback OPTIONAL); |
| |
| NTKERNELAPI |
| NTSTATUS |
| NTAPI |
| FsRtlInsertPerStreamContext( |
| IN PFSRTL_ADVANCED_FCB_HEADER PerStreamContext, |
| IN PFSRTL_PER_STREAM_CONTEXT Ptr); |
| |
| NTKERNELAPI |
| PFSRTL_PER_STREAM_CONTEXT |
| NTAPI |
| FsRtlLookupPerStreamContextInternal( |
| IN PFSRTL_ADVANCED_FCB_HEADER StreamContext, |
| IN PVOID OwnerId OPTIONAL, |
| IN PVOID InstanceId OPTIONAL); |
| |
| NTKERNELAPI |
| PFSRTL_PER_STREAM_CONTEXT |
| NTAPI |
| FsRtlRemovePerStreamContext( |
| IN PFSRTL_ADVANCED_FCB_HEADER StreamContext, |
| IN PVOID OwnerId OPTIONAL, |
| IN PVOID InstanceId OPTIONAL); |
| |
| NTKERNELAPI |
| VOID |
| NTAPI |
| FsRtlIncrementCcFastReadNotPossible( |
| VOID); |
| |
| NTKERNELAPI |
| VOID |
| NTAPI |
| FsRtlIncrementCcFastReadWait( |
| VOID); |
| |
| NTKERNELAPI |
| VOID |
| NTAPI |
| FsRtlIncrementCcFastReadNoWait( |
| VOID); |
| |
| NTKERNELAPI |
| VOID |
| NTAPI |
| FsRtlIncrementCcFastReadResourceMiss( |
| VOID); |
| |
| NTKERNELAPI |
| LOGICAL |
| NTAPI |
| FsRtlIsPagingFile( |
| IN PFILE_OBJECT FileObject); |
| |
| #endif /* (NTDDI_VERSION >= NTDDI_WINXP) */ |
| |
| #if (NTDDI_VERSION >= NTDDI_WS03) |
| |
| NTKERNELAPI |
| VOID |
| NTAPI |
| FsRtlInitializeBaseMcb( |
| IN PBASE_MCB Mcb, |
| IN POOL_TYPE PoolType); |
| |
| NTKERNELAPI |
| VOID |
| NTAPI |
| FsRtlUninitializeBaseMcb( |
| IN PBASE_MCB Mcb); |
| |
| NTKERNELAPI |
| VOID |
| NTAPI |
| FsRtlResetBaseMcb( |
| IN PBASE_MCB Mcb); |
| |
| NTKERNELAPI |
| VOID |
| NTAPI |
| FsRtlTruncateBaseMcb( |
| IN PBASE_MCB Mcb, |
| IN LONGLONG Vbn); |
| |
| NTKERNELAPI |
| BOOLEAN |
| NTAPI |
| FsRtlAddBaseMcbEntry( |
| IN PBASE_MCB Mcb, |
| IN LONGLONG Vbn, |
| IN LONGLONG Lbn, |
| IN LONGLONG SectorCount); |
| |
| NTKERNELAPI |
| BOOLEAN |
| NTAPI |
| FsRtlRemoveBaseMcbEntry( |
| IN PBASE_MCB Mcb, |
| IN LONGLONG Vbn, |
| IN LONGLONG SectorCount); |
| |
| NTKERNELAPI |
| BOOLEAN |
| NTAPI |
| FsRtlLookupBaseMcbEntry( |
| IN PBASE_MCB Mcb, |
| IN LONGLONG Vbn, |
| OUT PLONGLONG Lbn OPTIONAL, |
| OUT PLONGLONG SectorCountFromLbn OPTIONAL, |
| OUT PLONGLONG StartingLbn OPTIONAL, |
| OUT PLONGLONG SectorCountFromStartingLbn OPTIONAL, |
| OUT PULONG Index OPTIONAL); |
| |
| NTKERNELAPI |
| BOOLEAN |
| NTAPI |
| FsRtlLookupLastBaseMcbEntry( |
| IN PBASE_MCB Mcb, |
| OUT PLONGLONG Vbn, |
| OUT PLONGLONG Lbn); |
| |
| NTKERNELAPI |
| BOOLEAN |
| NTAPI |
| FsRtlLookupLastBaseMcbEntryAndIndex( |
| IN PBASE_MCB OpaqueMcb, |
| IN OUT PLONGLONG LargeVbn, |
| IN OUT PLONGLONG LargeLbn, |
| IN OUT PULONG Index); |
| |
| NTKERNELAPI |
| ULONG |
| NTAPI |
| FsRtlNumberOfRunsInBaseMcb( |
| IN PBASE_MCB Mcb); |
| |
| NTKERNELAPI |
| BOOLEAN |
| NTAPI |
| FsRtlGetNextBaseMcbEntry( |
| IN PBASE_MCB Mcb, |
| IN ULONG RunIndex, |
| OUT PLONGLONG Vbn, |
| OUT PLONGLONG Lbn, |
| OUT PLONGLONG SectorCount); |
| |
| NTKERNELAPI |
| BOOLEAN |
| NTAPI |
| FsRtlSplitBaseMcb( |
| IN PBASE_MCB Mcb, |
| IN LONGLONG Vbn, |
| IN LONGLONG Amount); |
| |
| #endif /* (NTDDI_VERSION >= NTDDI_WS03) */ |
| |
| #if (NTDDI_VERSION >= NTDDI_VISTA) |
| |
| BOOLEAN |
| NTAPI |
| FsRtlInitializeBaseMcbEx( |
| IN PBASE_MCB Mcb, |
| IN POOL_TYPE PoolType, |
| IN USHORT Flags); |
| |
| NTSTATUS |
| NTAPI |
| FsRtlAddBaseMcbEntryEx( |
| IN PBASE_MCB Mcb, |
| IN LONGLONG Vbn, |
| IN LONGLONG Lbn, |
| IN LONGLONG SectorCount); |
| |
| NTKERNELAPI |
| BOOLEAN |
| NTAPI |
| FsRtlCurrentOplock( |
| IN POPLOCK Oplock); |
| |
| NTKERNELAPI |
| NTSTATUS |
| NTAPI |
| FsRtlOplockBreakToNone( |
| IN OUT POPLOCK Oplock, |
| IN PIO_STACK_LOCATION IrpSp OPTIONAL, |
| IN PIRP Irp, |
| IN PVOID Context OPTIONAL, |
| IN POPLOCK_WAIT_COMPLETE_ROUTINE CompletionRoutine OPTIONAL, |
| IN POPLOCK_FS_PREPOST_IRP PostIrpRoutine OPTIONAL); |
| |
| NTKERNELAPI |
| NTSTATUS |
| NTAPI |
| FsRtlNotifyVolumeEventEx( |
| IN PFILE_OBJECT FileObject, |
| IN ULONG EventCode, |
| IN PTARGET_DEVICE_CUSTOM_NOTIFICATION Event); |
| |
| NTKERNELAPI |
| VOID |
| NTAPI |
| FsRtlNotifyCleanupAll( |
| IN PNOTIFY_SYNC NotifySync, |
| IN PLIST_ENTRY NotifyList); |
| |
| NTSTATUS |
| NTAPI |
| FsRtlRegisterUncProviderEx( |
| OUT PHANDLE MupHandle, |
| IN PUNICODE_STRING RedirDevName, |
| IN PDEVICE_OBJECT DeviceObject, |
| IN ULONG Flags); |
| |
| NTKERNELAPI |
| NTSTATUS |
| NTAPI |
| FsRtlCancellableWaitForSingleObject( |
| IN PVOID Object, |
| IN PLARGE_INTEGER Timeout OPTIONAL, |
| IN PIRP Irp OPTIONAL); |
| |
| NTKERNELAPI |
| NTSTATUS |
| NTAPI |
| FsRtlCancellableWaitForMultipleObjects( |
| IN ULONG Count, |
| IN PVOID ObjectArray[], |
| IN WAIT_TYPE WaitType, |
| IN PLARGE_INTEGER Timeout OPTIONAL, |
| IN PKWAIT_BLOCK WaitBlockArray OPTIONAL, |
| IN PIRP Irp OPTIONAL); |
| |
| NTKERNELAPI |
| NTSTATUS |
| NTAPI |
| FsRtlMupGetProviderInfoFromFileObject( |
| IN PFILE_OBJECT pFileObject, |
| IN ULONG Level, |
| OUT PVOID pBuffer, |
| IN OUT PULONG pBufferSize); |
| |
| NTKERNELAPI |
| NTSTATUS |
| NTAPI |
| FsRtlMupGetProviderIdFromName( |
| IN PUNICODE_STRING pProviderName, |
| OUT PULONG32 pProviderId); |
| |
| NTKERNELAPI |
| VOID |
| NTAPI |
| FsRtlIncrementCcFastMdlReadWait( |
| VOID); |
| |
| NTKERNELAPI |
| NTSTATUS |
| NTAPI |
| FsRtlValidateReparsePointBuffer( |
| IN ULONG BufferLength, |
| IN PREPARSE_DATA_BUFFER ReparseBuffer); |
| |
| NTKERNELAPI |
| NTSTATUS |
| NTAPI |
| FsRtlRemoveDotsFromPath( |
| IN OUT PWSTR OriginalString, |
| IN USHORT PathLength, |
| OUT USHORT *NewLength); |
| |
| NTKERNELAPI |
| NTSTATUS |
| NTAPI |
| FsRtlAllocateExtraCreateParameterList( |
| IN FSRTL_ALLOCATE_ECPLIST_FLAGS Flags, |
| OUT PECP_LIST *EcpList); |
| |
| NTKERNELAPI |
| VOID |
| NTAPI |
| FsRtlFreeExtraCreateParameterList( |
| IN PECP_LIST EcpList); |
| |
| NTKERNELAPI |
| NTSTATUS |
| NTAPI |
| FsRtlAllocateExtraCreateParameter( |
| IN LPCGUID EcpType, |
| IN ULONG SizeOfContext, |
| IN FSRTL_ALLOCATE_ECP_FLAGS Flags, |
| IN PFSRTL_EXTRA_CREATE_PARAMETER_CLEANUP_CALLBACK CleanupCallback OPTIONAL, |
| IN ULONG PoolTag, |
| OUT PVOID *EcpContext); |
| |
| NTKERNELAPI |
| VOID |
| NTAPI |
| FsRtlFreeExtraCreateParameter( |
| IN PVOID EcpContext); |
| |
| NTKERNELAPI |
| VOID |
| NTAPI |
| FsRtlInitExtraCreateParameterLookasideList( |
| IN OUT PVOID Lookaside, |
| IN FSRTL_ECP_LOOKASIDE_FLAGS Flags, |
| IN SIZE_T Size, |
| IN ULONG Tag); |
| |
| VOID |
| NTAPI |
| FsRtlDeleteExtraCreateParameterLookasideList( |
| IN OUT PVOID Lookaside, |
| IN FSRTL_ECP_LOOKASIDE_FLAGS Flags); |
| |
| NTKERNELAPI |
| NTSTATUS |
| NTAPI |
| FsRtlAllocateExtraCreateParameterFromLookasideList( |
| IN LPCGUID EcpType, |
| IN ULONG SizeOfContext, |
| IN FSRTL_ALLOCATE_ECP_FLAGS Flags, |
| IN PFSRTL_EXTRA_CREATE_PARAMETER_CLEANUP_CALLBACK CleanupCallback OPTIONAL, |
| IN OUT PVOID LookasideList, |
| OUT PVOID *EcpContext); |
| |
| NTKERNELAPI |
| NTSTATUS |
| NTAPI |
| FsRtlInsertExtraCreateParameter( |
| IN OUT PECP_LIST EcpList, |
| IN OUT PVOID EcpContext); |
| |
| NTKERNELAPI |
| NTSTATUS |
| NTAPI |
| FsRtlFindExtraCreateParameter( |
| IN PECP_LIST EcpList, |
| IN LPCGUID EcpType, |
| OUT PVOID *EcpContext OPTIONAL, |
| OUT ULONG *EcpContextSize OPTIONAL); |
| |
| NTKERNELAPI |
| NTSTATUS |
| NTAPI |
| FsRtlRemoveExtraCreateParameter( |
| IN OUT PECP_LIST EcpList, |
| IN LPCGUID EcpType, |
| OUT PVOID *EcpContext, |
| OUT ULONG *EcpContextSize OPTIONAL); |
| |
| NTKERNELAPI |
| NTSTATUS |
| NTAPI |
| FsRtlGetEcpListFromIrp( |
| IN PIRP Irp, |
| OUT PECP_LIST *EcpList OPTIONAL); |
| |
| NTKERNELAPI |
| NTSTATUS |
| NTAPI |
| FsRtlSetEcpListIntoIrp( |
| IN OUT PIRP Irp, |
| IN PECP_LIST EcpList); |
| |
| NTKERNELAPI |
| NTSTATUS |
| NTAPI |
| FsRtlGetNextExtraCreateParameter( |
| IN PECP_LIST EcpList, |
| IN PVOID CurrentEcpContext OPTIONAL, |
| OUT LPGUID NextEcpType OPTIONAL, |
| OUT PVOID *NextEcpContext OPTIONAL, |
| OUT ULONG *NextEcpContextSize OPTIONAL); |
| |
| NTKERNELAPI |
| VOID |
| NTAPI |
| FsRtlAcknowledgeEcp( |
| IN PVOID EcpContext); |
| |
| NTKERNELAPI |
| BOOLEAN |
| NTAPI |
| FsRtlIsEcpAcknowledged( |
| IN PVOID EcpContext); |
| |
| NTKERNELAPI |
| BOOLEAN |
| NTAPI |
| FsRtlIsEcpFromUserMode( |
| IN PVOID EcpContext); |
| |
| NTKERNELAPI |
| NTSTATUS |
| NTAPI |
| FsRtlChangeBackingFileObject( |
| IN PFILE_OBJECT CurrentFileObject OPTIONAL, |
| IN PFILE_OBJECT NewFileObject, |
| IN FSRTL_CHANGE_BACKING_TYPE ChangeBackingType, |
| IN ULONG Flags); |
| |
| NTKERNELAPI |
| NTSTATUS |
| NTAPI |
| FsRtlLogCcFlushError( |
| IN PUNICODE_STRING FileName, |
| IN PDEVICE_OBJECT DeviceObject, |
| IN PSECTION_OBJECT_POINTERS SectionObjectPointer, |
| IN NTSTATUS FlushError, |
| IN ULONG Flags); |
| |
| NTKERNELAPI |
| BOOLEAN |
| NTAPI |
| FsRtlAreVolumeStartupApplicationsComplete( |
| VOID); |
| |
| NTKERNELAPI |
| ULONG |
| NTAPI |
| FsRtlQueryMaximumVirtualDiskNestingLevel( |
| VOID); |
| |
| NTKERNELAPI |
| NTSTATUS |
| NTAPI |
| FsRtlGetVirtualDiskNestingLevel( |
| IN PDEVICE_OBJECT DeviceObject, |
| OUT PULONG NestingLevel, |
| OUT PULONG NestingFlags OPTIONAL); |
| |
| #endif /* (NTDDI_VERSION >= NTDDI_VISTA) */ |
| |
| #if (NTDDI_VERSION >= NTDDI_VISTASP1) |
| NTKERNELAPI |
| NTSTATUS |
| NTAPI |
| FsRtlCheckOplockEx( |
| IN POPLOCK Oplock, |
| IN PIRP Irp, |
| IN ULONG Flags, |
| IN PVOID Context OPTIONAL, |
| IN POPLOCK_WAIT_COMPLETE_ROUTINE CompletionRoutine OPTIONAL, |
| IN POPLOCK_FS_PREPOST_IRP PostIrpRoutine OPTIONAL); |
| |
| #endif |
| |
| #if (NTDDI_VERSION >= NTDDI_WIN7) |
| |
| NTKERNELAPI |
| BOOLEAN |
| NTAPI |
| FsRtlAreThereCurrentOrInProgressFileLocks( |
| IN PFILE_LOCK FileLock); |
| |
| NTKERNELAPI |
| BOOLEAN |
| NTAPI |
| FsRtlOplockIsSharedRequest( |
| IN PIRP Irp); |
| |
| NTKERNELAPI |
| NTSTATUS |
| NTAPI |
| FsRtlOplockBreakH( |
| IN POPLOCK Oplock, |
| IN PIRP Irp, |
| IN ULONG Flags, |
| IN PVOID Context OPTIONAL, |
| IN POPLOCK_WAIT_COMPLETE_ROUTINE CompletionRoutine OPTIONAL, |
| IN POPLOCK_FS_PREPOST_IRP PostIrpRoutine OPTIONAL); |
| |
| NTKERNELAPI |
| BOOLEAN |
| NTAPI |
| FsRtlCurrentOplockH( |
| IN POPLOCK Oplock); |
| |
| NTKERNELAPI |
| NTSTATUS |
| NTAPI |
| FsRtlOplockBreakToNoneEx( |
| IN OUT POPLOCK Oplock, |
| IN PIRP Irp, |
| IN ULONG Flags, |
| IN PVOID Context OPTIONAL, |
| IN POPLOCK_WAIT_COMPLETE_ROUTINE CompletionRoutine OPTIONAL, |
| IN POPLOCK_FS_PREPOST_IRP PostIrpRoutine OPTIONAL); |
| |
| NTKERNELAPI |
| NTSTATUS |
| NTAPI |
| FsRtlOplockFsctrlEx( |
| IN POPLOCK Oplock, |
| IN PIRP Irp, |
| IN ULONG OpenCount, |
| IN ULONG Flags); |
| |
| NTKERNELAPI |
| BOOLEAN |
| NTAPI |
| FsRtlOplockKeysEqual( |
| IN PFILE_OBJECT Fo1 OPTIONAL, |
| IN PFILE_OBJECT Fo2 OPTIONAL); |
| |
| NTKERNELAPI |
| NTSTATUS |
| NTAPI |
| FsRtlInitializeExtraCreateParameterList( |
| IN OUT PECP_LIST EcpList); |
| |
| NTKERNELAPI |
| VOID |
| NTAPI |
| FsRtlInitializeExtraCreateParameter( |
| IN PECP_HEADER Ecp, |
| IN ULONG EcpFlags, |
| IN PFSRTL_EXTRA_CREATE_PARAMETER_CLEANUP_CALLBACK CleanupCallback OPTIONAL, |
| IN ULONG TotalSize, |
| IN LPCGUID EcpType, |
| IN PVOID ListAllocatedFrom OPTIONAL); |
| |
| #endif /* (NTDDI_VERSION >= NTDDI_WIN7) */ |
| |
| NTKERNELAPI |
| NTSTATUS |
| NTAPI |
| FsRtlInsertPerFileContext( |
| IN PVOID* PerFileContextPointer, |
| IN PFSRTL_PER_FILE_CONTEXT Ptr); |
| |
| NTKERNELAPI |
| PFSRTL_PER_FILE_CONTEXT |
| NTAPI |
| FsRtlLookupPerFileContext( |
| IN PVOID* PerFileContextPointer, |
| IN PVOID OwnerId OPTIONAL, |
| IN PVOID InstanceId OPTIONAL); |
| |
| NTKERNELAPI |
| PFSRTL_PER_FILE_CONTEXT |
| NTAPI |
| FsRtlRemovePerFileContext( |
| IN PVOID* PerFileContextPointer, |
| IN PVOID OwnerId OPTIONAL, |
| IN PVOID InstanceId OPTIONAL); |
| |
| NTKERNELAPI |
| VOID |
| NTAPI |
| FsRtlTeardownPerFileContexts( |
| IN PVOID* PerFileContextPointer); |
| |
| NTKERNELAPI |
| NTSTATUS |
| NTAPI |
| FsRtlInsertPerFileObjectContext( |
| IN PFILE_OBJECT FileObject, |
| IN PFSRTL_PER_FILEOBJECT_CONTEXT Ptr); |
| |
| NTKERNELAPI |
| PFSRTL_PER_FILEOBJECT_CONTEXT |
| NTAPI |
| FsRtlLookupPerFileObjectContext( |
| IN PFILE_OBJECT FileObject, |
| IN PVOID OwnerId OPTIONAL, |
| IN PVOID InstanceId OPTIONAL); |
| |
| NTKERNELAPI |
| PFSRTL_PER_FILEOBJECT_CONTEXT |
| NTAPI |
| FsRtlRemovePerFileObjectContext( |
| IN PFILE_OBJECT FileObject, |
| IN PVOID OwnerId OPTIONAL, |
| IN PVOID InstanceId OPTIONAL); |
| |
| #define FsRtlFastLock(A1, A2, A3, A4, A5, A6, A7, A8, A9, A10, A11) ( \ |
| FsRtlPrivateLock(A1, A2, A3, A4, A5, A6, A7, A8, A9, NULL, A10, A11) \ |
| ) |
| |
| #define FsRtlAreThereCurrentFileLocks(FL) ( \ |
| ((FL)->FastIoIsQuestionable) \ |
| ) |
| |
| #define FsRtlIncrementLockRequestsInProgress(FL) { \ |
| ASSERT( (FL)->LockRequestsInProgress >= 0 ); \ |
| (void) \ |
| (InterlockedIncrement((LONG volatile *)&((FL)->LockRequestsInProgress)));\ |
| } |
| |
| #define FsRtlDecrementLockRequestsInProgress(FL) { \ |
| ASSERT( (FL)->LockRequestsInProgress > 0 ); \ |
| (void) \ |
| (InterlockedDecrement((LONG volatile *)&((FL)->LockRequestsInProgress)));\ |
| } |
| |
| /* GCC compatible definition, MS one is retarded */ |
| extern NTKERNELAPI const UCHAR * const FsRtlLegalAnsiCharacterArray; |
| #define LEGAL_ANSI_CHARACTER_ARRAY FsRtlLegalAnsiCharacterArray |
| |
| #define FsRtlIsAnsiCharacterWild(C) ( \ |
| FlagOn(FsRtlLegalAnsiCharacterArray[(UCHAR)(C)], FSRTL_WILD_CHARACTER ) \ |
| ) |
| |
| #define FsRtlIsAnsiCharacterLegalFat(C, WILD) ( \ |
| FlagOn(FsRtlLegalAnsiCharacterArray[(UCHAR)(C)], (FSRTL_FAT_LEGAL) | \ |
| ((WILD) ? FSRTL_WILD_CHARACTER : 0 )) \ |
| ) |
| |
| #define FsRtlIsAnsiCharacterLegalHpfs(C, WILD) ( \ |
| FlagOn(FsRtlLegalAnsiCharacterArray[(UCHAR)(C)], (FSRTL_HPFS_LEGAL) | \ |
| ((WILD) ? FSRTL_WILD_CHARACTER : 0 )) \ |
| ) |
| |
| #define FsRtlIsAnsiCharacterLegalNtfs(C, WILD) ( \ |
| FlagOn(FsRtlLegalAnsiCharacterArray[(UCHAR)(C)], (FSRTL_NTFS_LEGAL) | \ |
| ((WILD) ? FSRTL_WILD_CHARACTER : 0 )) \ |
| ) |
| |
| #define FsRtlIsAnsiCharacterLegalNtfsStream(C,WILD_OK) ( \ |
| FsRtlTestAnsiCharacter((C), TRUE, (WILD_OK), FSRTL_NTFS_STREAM_LEGAL) \ |
| ) |
| |
| #define FsRtlIsAnsiCharacterLegal(C,FLAGS) ( \ |
| FsRtlTestAnsiCharacter((C), TRUE, FALSE, (FLAGS)) \ |
| ) |
| |
| #define FsRtlTestAnsiCharacter(C, DEFAULT_RET, WILD_OK, FLAGS) ( \ |
| ((SCHAR)(C) < 0) ? DEFAULT_RET : \ |
| FlagOn( LEGAL_ANSI_CHARACTER_ARRAY[(C)], \ |
| (FLAGS) | \ |
| ((WILD_OK) ? FSRTL_WILD_CHARACTER : 0) ) \ |
| ) |
| |
| #define FsRtlIsLeadDbcsCharacter(DBCS_CHAR) ( \ |
| (BOOLEAN)((UCHAR)(DBCS_CHAR) < 0x80 ? FALSE : \ |
| (NLS_MB_CODE_PAGE_TAG && \ |
| (NLS_OEM_LEAD_BYTE_INFO[(UCHAR)(DBCS_CHAR)] != 0))) \ |
| ) |
| |
| #define FsRtlIsUnicodeCharacterWild(C) ( \ |
| (((C) >= 0x40) ? \ |
| FALSE : \ |
| FlagOn(FsRtlLegalAnsiCharacterArray[(C)], FSRTL_WILD_CHARACTER )) \ |
| ) |
| |
| #define FsRtlInitPerFileContext( _fc, _owner, _inst, _cb) \ |
| ((_fc)->OwnerId = (_owner), \ |
| (_fc)->InstanceId = (_inst), \ |
| (_fc)->FreeCallback = (_cb)) |
| |
| #define FsRtlGetPerFileContextPointer(_fo) \ |
| (FsRtlSupportsPerFileContexts(_fo) ? \ |
| FsRtlGetPerStreamContextPointer(_fo)->FileContextSupportPointer : \ |
| NULL) |
| |
| #define FsRtlSupportsPerFileContexts(_fo) \ |
| ((FsRtlGetPerStreamContextPointer(_fo) != NULL) && \ |
| (FsRtlGetPerStreamContextPointer(_fo)->Version >= FSRTL_FCB_HEADER_V1) && \ |
| (FsRtlGetPerStreamContextPointer(_fo)->FileContextSupportPointer != NULL)) |
| |
| #define FsRtlSetupAdvancedHeaderEx( _advhdr, _fmutx, _fctxptr ) \ |
| { \ |
| FsRtlSetupAdvancedHeader( _advhdr, _fmutx ); \ |
| if ((_fctxptr) != NULL) { \ |
| (_advhdr)->FileContextSupportPointer = (_fctxptr); \ |
| } \ |
| } |
| |
| #define FsRtlGetPerStreamContextPointer(FO) ( \ |
| (PFSRTL_ADVANCED_FCB_HEADER)(FO)->FsContext \ |
| ) |
| |
| #define FsRtlInitPerStreamContext(PSC, O, I, FC) ( \ |
| (PSC)->OwnerId = (O), \ |
| (PSC)->InstanceId = (I), \ |
| (PSC)->FreeCallback = (FC) \ |
| ) |
| |
| #define FsRtlSupportsPerStreamContexts(FO) ( \ |
| (BOOLEAN)((NULL != FsRtlGetPerStreamContextPointer(FO) && \ |
| FlagOn(FsRtlGetPerStreamContextPointer(FO)->Flags2, \ |
| FSRTL_FLAG2_SUPPORTS_FILTER_CONTEXTS)) \ |
| ) |
| |
| #define FsRtlLookupPerStreamContext(_sc, _oid, _iid) \ |
| (((NULL != (_sc)) && \ |
| FlagOn((_sc)->Flags2,FSRTL_FLAG2_SUPPORTS_FILTER_CONTEXTS) && \ |
| !IsListEmpty(&(_sc)->FilterContexts)) ? \ |
| FsRtlLookupPerStreamContextInternal((_sc), (_oid), (_iid)) : \ |
| NULL) |
| |
| FORCEINLINE |
| VOID |
| NTAPI |
| FsRtlSetupAdvancedHeader( |
| IN PVOID AdvHdr, |
| IN PFAST_MUTEX FMutex ) |
| { |
| PFSRTL_ADVANCED_FCB_HEADER localAdvHdr = (PFSRTL_ADVANCED_FCB_HEADER)AdvHdr; |
| |
| localAdvHdr->Flags |= FSRTL_FLAG_ADVANCED_HEADER; |
| localAdvHdr->Flags2 |= FSRTL_FLAG2_SUPPORTS_FILTER_CONTEXTS; |
| #if (NTDDI_VERSION >= NTDDI_VISTA) |
| localAdvHdr->Version = FSRTL_FCB_HEADER_V1; |
| #else |
| localAdvHdr->Version = FSRTL_FCB_HEADER_V0; |
| #endif |
| InitializeListHead( &localAdvHdr->FilterContexts ); |
| if (FMutex != NULL) { |
| localAdvHdr->FastMutex = FMutex; |
| } |
| #if (NTDDI_VERSION >= NTDDI_VISTA) |
| *((PULONG_PTR)(&localAdvHdr->PushLock)) = 0; |
| localAdvHdr->FileContextSupportPointer = NULL; |
| #endif |
| } |
| |
| #define FsRtlInitPerFileObjectContext(_fc, _owner, _inst) \ |
| ((_fc)->OwnerId = (_owner), (_fc)->InstanceId = (_inst)) |
| |
| #define FsRtlCompleteRequest(IRP,STATUS) { \ |
| (IRP)->IoStatus.Status = (STATUS); \ |
| IoCompleteRequest( (IRP), IO_DISK_INCREMENT ); \ |
| } |
| /* Common Cache Types */ |
| |
| #define VACB_MAPPING_GRANULARITY (0x40000) |
| #define VACB_OFFSET_SHIFT (18) |
| |
| typedef struct _PUBLIC_BCB { |
| CSHORT NodeTypeCode; |
| CSHORT NodeByteSize; |
| ULONG MappedLength; |
| LARGE_INTEGER MappedFileOffset; |
| } PUBLIC_BCB, *PPUBLIC_BCB; |
| |
| typedef struct _CC_FILE_SIZES { |
| LARGE_INTEGER AllocationSize; |
| LARGE_INTEGER FileSize; |
| LARGE_INTEGER ValidDataLength; |
| } CC_FILE_SIZES, *PCC_FILE_SIZES; |
| |
| typedef BOOLEAN |
| (NTAPI *PACQUIRE_FOR_LAZY_WRITE) ( |
| IN PVOID Context, |
| IN BOOLEAN Wait); |
| |
| typedef VOID |
| (NTAPI *PRELEASE_FROM_LAZY_WRITE) ( |
| IN PVOID Context); |
| |
| typedef BOOLEAN |
| (NTAPI *PACQUIRE_FOR_READ_AHEAD) ( |
| IN PVOID Context, |
| IN BOOLEAN Wait); |
| |
| typedef VOID |
| (NTAPI *PRELEASE_FROM_READ_AHEAD) ( |
| IN PVOID Context); |
| |
| typedef struct _CACHE_MANAGER_CALLBACKS { |
| PACQUIRE_FOR_LAZY_WRITE AcquireForLazyWrite; |
| PRELEASE_FROM_LAZY_WRITE ReleaseFromLazyWrite; |
| PACQUIRE_FOR_READ_AHEAD AcquireForReadAhead; |
| PRELEASE_FROM_READ_AHEAD ReleaseFromReadAhead; |
| } CACHE_MANAGER_CALLBACKS, *PCACHE_MANAGER_CALLBACKS; |
| |
| typedef struct _CACHE_UNINITIALIZE_EVENT { |
| struct _CACHE_UNINITIALIZE_EVENT *Next; |
| KEVENT Event; |
| } CACHE_UNINITIALIZE_EVENT, *PCACHE_UNINITIALIZE_EVENT; |
| |
| typedef VOID |
| (NTAPI *PDIRTY_PAGE_ROUTINE) ( |
| IN PFILE_OBJECT FileObject, |
| IN PLARGE_INTEGER FileOffset, |
| IN ULONG Length, |
| IN PLARGE_INTEGER OldestLsn, |
| IN PLARGE_INTEGER NewestLsn, |
| IN PVOID Context1, |
| IN PVOID Context2); |
| |
| typedef VOID |
| (NTAPI *PFLUSH_TO_LSN) ( |
| IN PVOID LogHandle, |
| IN LARGE_INTEGER Lsn); |
| |
| typedef VOID |
| (NTAPI *PCC_POST_DEFERRED_WRITE) ( |
| IN PVOID Context1, |
| IN PVOID Context2); |
| |
| #define UNINITIALIZE_CACHE_MAPS (1) |
| #define DO_NOT_RETRY_PURGE (2) |
| #define DO_NOT_PURGE_DIRTY_PAGES (0x4) |
| |
| #define CC_FLUSH_AND_PURGE_NO_PURGE (0x1) |
| /* Common Cache Functions */ |
| |
| #define CcIsFileCached(FO) ( \ |
| ((FO)->SectionObjectPointer != NULL) && \ |
| (((PSECTION_OBJECT_POINTERS)(FO)->SectionObjectPointer)->SharedCacheMap != NULL) \ |
| ) |
| |
| extern ULONG CcFastMdlReadWait; |
| |
| #if (NTDDI_VERSION >= NTDDI_WIN2K) |
| |
| NTKERNELAPI |
| VOID |
| NTAPI |
| CcInitializeCacheMap( |
| IN PFILE_OBJECT FileObject, |
| IN PCC_FILE_SIZES FileSizes, |
| IN BOOLEAN PinAccess, |
| IN PCACHE_MANAGER_CALLBACKS Callbacks, |
| IN PVOID LazyWriteContext); |
| |
| NTKERNELAPI |
| BOOLEAN |
| NTAPI |
| CcUninitializeCacheMap( |
| IN PFILE_OBJECT FileObject, |
| IN PLARGE_INTEGER TruncateSize OPTIONAL, |
| IN PCACHE_UNINITIALIZE_EVENT UninitializeCompleteEvent OPTIONAL); |
| |
| NTKERNELAPI |
| VOID |
| NTAPI |
| CcSetFileSizes( |
| IN PFILE_OBJECT FileObject, |
| IN PCC_FILE_SIZES FileSizes); |
| |
| NTKERNELAPI |
| VOID |
| NTAPI |
| CcSetDirtyPageThreshold( |
| IN PFILE_OBJECT FileObject, |
| IN ULONG DirtyPageThreshold); |
| |
| NTKERNELAPI |
| VOID |
| NTAPI |
| CcFlushCache( |
| IN PSECTION_OBJECT_POINTERS SectionObjectPointer, |
| IN PLARGE_INTEGER FileOffset OPTIONAL, |
| IN ULONG Length, |
| OUT PIO_STATUS_BLOCK IoStatus OPTIONAL); |
| |
| NTKERNELAPI |
| LARGE_INTEGER |
| NTAPI |
| CcGetFlushedValidData( |
| IN PSECTION_OBJECT_POINTERS SectionObjectPointer, |
| IN BOOLEAN BcbListHeld); |
| |
| NTKERNELAPI |
| BOOLEAN |
| NTAPI |
| CcZeroData( |
| IN PFILE_OBJECT FileObject, |
| IN PLARGE_INTEGER StartOffset, |
| IN PLARGE_INTEGER EndOffset, |
| IN BOOLEAN Wait); |
| |
| NTKERNELAPI |
| PVOID |
| NTAPI |
| CcRemapBcb( |
| IN PVOID Bcb); |
| |
| NTKERNELAPI |
| VOID |
| NTAPI |
| CcRepinBcb( |
| IN PVOID Bcb); |
| |
| NTKERNELAPI |
| VOID |
| NTAPI |
| CcUnpinRepinnedBcb( |
| IN PVOID Bcb, |
| IN BOOLEAN WriteThrough, |
| OUT PIO_STATUS_BLOCK IoStatus); |
| |
| NTKERNELAPI |
| PFILE_OBJECT |
| NTAPI |
| CcGetFileObjectFromSectionPtrs( |
| IN PSECTION_OBJECT_POINTERS SectionObjectPointer); |
| |
| NTKERNELAPI |
| PFILE_OBJECT |
| NTAPI |
| CcGetFileObjectFromBcb( |
| IN PVOID Bcb); |
| |
| NTKERNELAPI |
| BOOLEAN |
| NTAPI |
| CcCanIWrite( |
| IN PFILE_OBJECT FileObject, |
| IN ULONG BytesToWrite, |
| IN BOOLEAN Wait, |
| IN BOOLEAN Retrying); |
| |
| NTKERNELAPI |
| VOID |
| NTAPI |
| CcDeferWrite( |
| IN PFILE_OBJECT FileObject, |
| IN PCC_POST_DEFERRED_WRITE PostRoutine, |
| IN PVOID Context1, |
| IN PVOID Context2, |
| IN ULONG BytesToWrite, |
| IN BOOLEAN Retrying); |
| |
| NTKERNELAPI |
| BOOLEAN |
| NTAPI |
| CcCopyRead( |
| IN PFILE_OBJECT FileObject, |
| IN PLARGE_INTEGER FileOffset, |
| IN ULONG Length, |
| IN BOOLEAN Wait, |
| OUT PVOID Buffer, |
| OUT PIO_STATUS_BLOCK IoStatus); |
| |
| NTKERNELAPI |
| VOID |
| NTAPI |
| CcFastCopyRead( |
| IN PFILE_OBJECT FileObject, |
| IN ULONG FileOffset, |
| IN ULONG Length, |
| IN ULONG PageCount, |
| OUT PVOID Buffer, |
| OUT PIO_STATUS_BLOCK IoStatus); |
| |
| NTKERNELAPI |
| BOOLEAN |
| NTAPI |
| CcCopyWrite( |
| IN PFILE_OBJECT FileObject, |
| IN PLARGE_INTEGER FileOffset, |
| IN ULONG Length, |
| IN BOOLEAN Wait, |
| IN PVOID Buffer); |
| |
| NTKERNELAPI |
| VOID |
| NTAPI |
| CcFastCopyWrite( |
| IN PFILE_OBJECT FileObject, |
| IN ULONG FileOffset, |
| IN ULONG Length, |
| IN PVOID Buffer); |
| |
| NTKERNELAPI |
| VOID |
| NTAPI |
| CcMdlRead( |
| IN PFILE_OBJECT FileObject, |
| IN PLARGE_INTEGER FileOffset, |
| IN ULONG Length, |
| OUT PMDL *MdlChain, |
| OUT PIO_STATUS_BLOCK IoStatus); |
| |
| NTKERNELAPI |
| VOID |
| NTAPI |
| CcMdlReadComplete( |
| IN PFILE_OBJECT FileObject, |
| IN PMDL MdlChain); |
| |
| NTKERNELAPI |
| VOID |
| NTAPI |
| CcPrepareMdlWrite( |
| IN PFILE_OBJECT FileObject, |
| IN PLARGE_INTEGER FileOffset, |
| IN ULONG Length, |
| OUT PMDL *MdlChain, |
| OUT PIO_STATUS_BLOCK IoStatus); |
| |
| NTKERNELAPI |
| VOID |
| NTAPI |
| CcMdlWriteComplete( |
| IN PFILE_OBJECT FileObject, |
| IN PLARGE_INTEGER FileOffset, |
| IN PMDL MdlChain); |
| |
| NTKERNELAPI |
| VOID |
| NTAPI |
| CcScheduleReadAhead( |
| IN PFILE_OBJECT FileObject, |
| IN PLARGE_INTEGER FileOffset, |
| IN ULONG Length); |
| |
| NTKERNELAPI |
| NTSTATUS |
| NTAPI |
| CcWaitForCurrentLazyWriterActivity( |
| VOID); |
| |
| NTKERNELAPI |
| VOID |
| NTAPI |
| CcSetReadAheadGranularity( |
| IN PFILE_OBJECT FileObject, |
| IN ULONG Granularity); |
| |
| NTKERNELAPI |
| BOOLEAN |
| NTAPI |
| CcPinRead( |
| IN PFILE_OBJECT FileObject, |
| IN PLARGE_INTEGER FileOffset, |
| IN ULONG Length, |
| IN ULONG Flags, |
| OUT PVOID *Bcb, |
| OUT PVOID *Buffer); |
| |
| NTKERNELAPI |
| BOOLEAN |
| NTAPI |
| CcPinMappedData( |
| IN PFILE_OBJECT FileObject, |
| IN PLARGE_INTEGER FileOffset, |
| IN ULONG Length, |
| IN ULONG Flags, |
| IN OUT PVOID *Bcb); |
| |
| NTKERNELAPI |
| BOOLEAN |
| NTAPI |
| CcPreparePinWrite( |
| IN PFILE_OBJECT FileObject, |
| IN PLARGE_INTEGER FileOffset, |
| IN ULONG Length, |
| IN BOOLEAN Zero, |
| IN ULONG Flags, |
| OUT PVOID *Bcb, |
| OUT PVOID *Buffer); |
| |
| NTKERNELAPI |
| VOID |
| NTAPI |
| CcSetDirtyPinnedData( |
| IN PVOID BcbVoid, |
| IN PLARGE_INTEGER Lsn OPTIONAL); |
| |
| NTKERNELAPI |
| VOID |
| NTAPI |
| CcUnpinData( |
| IN PVOID Bcb); |
| |
| NTKERNELAPI |
| VOID |
| NTAPI |
| CcSetBcbOwnerPointer( |
| IN PVOID Bcb, |
| IN PVOID OwnerPointer); |
| |
| NTKERNELAPI |
| VOID |
| NTAPI |
| CcUnpinDataForThread( |
| IN PVOID Bcb, |
| IN ERESOURCE_THREAD ResourceThreadId); |
| |
| NTKERNELAPI |
| VOID |
| NTAPI |
| CcSetAdditionalCacheAttributes( |
| IN PFILE_OBJECT FileObject, |
| IN BOOLEAN DisableReadAhead, |
| IN BOOLEAN DisableWriteBehind); |
| |
| NTKERNELAPI |
| BOOLEAN |
| NTAPI |
| CcIsThereDirtyData( |
| IN PVPB Vpb); |
| |
| #endif /* (NTDDI_VERSION >= NTDDI_WIN2K) */ |
| |
| #if (NTDDI_VERSION >= NTDDI_WINXP) |
| |
| NTKERNELAPI |
| VOID |
| NTAPI |
| CcMdlWriteAbort( |
| IN PFILE_OBJECT FileObject, |
| IN PMDL MdlChain); |
| |
| NTKERNELAPI |
| VOID |
| NTAPI |
| CcSetLogHandleForFile( |
| IN PFILE_OBJECT FileObject, |
| IN PVOID LogHandle, |
| IN PFLUSH_TO_LSN FlushToLsnRoutine); |
| |
| NTKERNELAPI |
| LARGE_INTEGER |
| NTAPI |
| CcGetDirtyPages( |
| IN PVOID LogHandle, |
| IN PDIRTY_PAGE_ROUTINE DirtyPageRoutine, |
| IN PVOID Context1, |
| IN PVOID Context2); |
| |
| #endif |
| |
| #if (NTDDI_VERSION >= NTDDI_WINXP) |
| NTKERNELAPI |
| BOOLEAN |
| NTAPI |
| CcMapData( |
| IN PFILE_OBJECT FileObject, |
| IN PLARGE_INTEGER FileOffset, |
| IN ULONG Length, |
| IN ULONG Flags, |
| OUT PVOID *Bcb, |
| OUT PVOID *Buffer); |
| #elif (NTDDI_VERSION >= NTDDI_WIN2K) |
| NTKERNELAPI |
| BOOLEAN |
| NTAPI |
| CcMapData( |
| IN PFILE_OBJECT FileObject, |
| IN PLARGE_INTEGER FileOffset, |
| IN ULONG Length, |
| IN BOOLEAN Wait, |
| OUT PVOID *Bcb, |
| OUT PVOID *Buffer); |
| #endif |
| |
| #if (NTDDI_VERSION >= NTDDI_VISTA) |
| |
| NTKERNELAPI |
| NTSTATUS |
| NTAPI |
| CcSetFileSizesEx( |
| IN PFILE_OBJECT FileObject, |
| IN PCC_FILE_SIZES FileSizes); |
| |
| NTKERNELAPI |
| PFILE_OBJECT |
| NTAPI |
| CcGetFileObjectFromSectionPtrsRef( |
| IN PSECTION_OBJECT_POINTERS SectionObjectPointer); |
| |
| NTKERNELAPI |
| VOID |
| NTAPI |
| CcSetParallelFlushFile( |
| IN PFILE_OBJECT FileObject, |
| IN BOOLEAN EnableParallelFlush); |
| |
| NTKERNELAPI |
| BOOLEAN |
| CcIsThereDirtyDataEx( |
| IN PVPB Vpb, |
| IN PULONG NumberOfDirtyPages OPTIONAL); |
| |
| #endif |
| |
| #if (NTDDI_VERSION >= NTDDI_WIN7) |
| NTKERNELAPI |
| VOID |
| NTAPI |
| CcCoherencyFlushAndPurgeCache( |
| IN PSECTION_OBJECT_POINTERS SectionObjectPointer, |
| IN PLARGE_INTEGER FileOffset OPTIONAL, |
| IN ULONG Length, |
| OUT PIO_STATUS_BLOCK IoStatus, |
| IN ULONG Flags OPTIONAL); |
| #endif |
| |
| #define CcGetFileSizePointer(FO) ( \ |
| ((PLARGE_INTEGER)((FO)->SectionObjectPointer->SharedCacheMap) + 1) \ |
| ) |
| |
| #if (NTDDI_VERSION >= NTDDI_VISTA) |
| NTKERNELAPI |
| BOOLEAN |
| NTAPI |
| CcPurgeCacheSection( |
| IN PSECTION_OBJECT_POINTERS SectionObjectPointer, |
| IN PLARGE_INTEGER FileOffset OPTIONAL, |
| IN ULONG Length, |
| IN ULONG Flags); |
| #elif (NTDDI_VERSION >= NTDDI_WIN2K) |
| NTKERNELAPI |
| BOOLEAN |
| NTAPI |
| CcPurgeCacheSection( |
| IN PSECTION_OBJECT_POINTERS SectionObjectPointer, |
| IN PLARGE_INTEGER FileOffset OPTIONAL, |
| IN ULONG Length, |
| IN BOOLEAN UninitializeCacheMaps); |
| #endif |
| |
| #if (NTDDI_VERSION >= NTDDI_WIN7) |
| NTKERNELAPI |
| BOOLEAN |
| NTAPI |
| CcCopyWriteWontFlush( |
| IN PFILE_OBJECT FileObject, |
| IN PLARGE_INTEGER FileOffset, |
| IN ULONG Length); |
| #else |
| #define CcCopyWriteWontFlush(FO, FOFF, LEN) ((LEN) <= 0x10000) |
| #endif |
| |
| #define CcReadAhead(FO, FOFF, LEN) ( \ |
| if ((LEN) >= 256) { \ |
| CcScheduleReadAhead((FO), (FOFF), (LEN)); \ |
| } \ |
| ) |
| |
| |
| /****************************************************************************** |
| * ZwXxx Functions * |
| ******************************************************************************/ |
| |
| NTSYSAPI |
| NTSTATUS |
| NTAPI |
| ZwQueryEaFile( |
| IN HANDLE FileHandle, |
| OUT PIO_STATUS_BLOCK IoStatusBlock, |
| OUT PVOID Buffer, |
| IN ULONG Length, |
| IN BOOLEAN ReturnSingleEntry, |
| IN PVOID EaList OPTIONAL, |
| IN ULONG EaListLength, |
| IN PULONG EaIndex OPTIONAL, |
| IN BOOLEAN RestartScan); |
| |
| NTSYSAPI |
| NTSTATUS |
| NTAPI |
| ZwSetEaFile( |
| IN HANDLE FileHandle, |
| OUT PIO_STATUS_BLOCK IoStatusBlock, |
| OUT PVOID Buffer, |
| IN ULONG Length); |
| |
| NTSYSAPI |
| NTSTATUS |
| NTAPI |
| ZwDuplicateToken( |
| IN HANDLE ExistingTokenHandle, |
| IN ACCESS_MASK DesiredAccess, |
| IN POBJECT_ATTRIBUTES ObjectAttributes, |
| IN BOOLEAN EffectiveOnly, |
| IN TOKEN_TYPE TokenType, |
| OUT PHANDLE NewTokenHandle); |
| |
| #if (NTDDI_VERSION >= NTDDI_WIN2K) |
| |
| NTSYSAPI |
| NTSTATUS |
| NTAPI |
| ZwQueryObject( |
| IN HANDLE Handle OPTIONAL, |
| IN OBJECT_INFORMATION_CLASS ObjectInformationClass, |
| OUT PVOID ObjectInformation OPTIONAL, |
| IN ULONG ObjectInformationLength, |
| OUT PULONG ReturnLength OPTIONAL); |
| |
| NTSYSAPI |
| NTSTATUS |
| NTAPI |
| ZwNotifyChangeKey( |
| IN HANDLE KeyHandle, |
| IN HANDLE EventHandle OPTIONAL, |
| IN PIO_APC_ROUTINE ApcRoutine OPTIONAL, |
| IN PVOID ApcContext OPTIONAL, |
| OUT PIO_STATUS_BLOCK IoStatusBlock, |
| IN ULONG NotifyFilter, |
| IN BOOLEAN WatchSubtree, |
| OUT PVOID Buffer, |
| IN ULONG BufferLength, |
| IN BOOLEAN Asynchronous); |
| |
| NTSYSAPI |
| NTSTATUS |
| NTAPI |
| ZwCreateEvent( |
| OUT PHANDLE EventHandle, |
| IN ACCESS_MASK DesiredAccess, |
| IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, |
| IN EVENT_TYPE EventType, |
| IN BOOLEAN InitialState); |
| |
| NTSYSAPI |
| NTSTATUS |
| NTAPI |
| ZwDeleteFile( |
| IN POBJECT_ATTRIBUTES ObjectAttributes); |
| |
| NTSYSAPI |
| NTSTATUS |
| NTAPI |
| ZwQueryDirectoryFile( |
| IN HANDLE FileHandle, |
| IN HANDLE Event OPTIONAL, |
| IN PIO_APC_ROUTINE ApcRoutine OPTIONAL, |
| IN PVOID ApcContext OPTIONAL, |
| OUT PIO_STATUS_BLOCK IoStatusBlock, |
| OUT PVOID FileInformation, |
| IN ULONG Length, |
| IN FILE_INFORMATION_CLASS FileInformationClass, |
| IN BOOLEAN ReturnSingleEntry, |
| IN PUNICODE_STRING FileName OPTIONAL, |
| IN BOOLEAN RestartScan); |
| |
| NTSYSAPI |
| NTSTATUS |
| NTAPI |
| ZwSetVolumeInformationFile( |
| IN HANDLE FileHandle, |
| OUT PIO_STATUS_BLOCK IoStatusBlock, |
| IN PVOID FsInformation, |
| IN ULONG Length, |
| IN FS_INFORMATION_CLASS FsInformationClass); |
| |
| NTSYSAPI |
| NTSTATUS |
| NTAPI |
| ZwFsControlFile( |
| IN HANDLE FileHandle, |
| IN HANDLE Event OPTIONAL, |
| IN PIO_APC_ROUTINE ApcRoutine OPTIONAL, |
| IN PVOID ApcContext OPTIONAL, |
| OUT PIO_STATUS_BLOCK IoStatusBlock, |
| IN ULONG FsControlCode, |
| IN PVOID InputBuffer OPTIONAL, |
| IN ULONG InputBufferLength, |
| OUT PVOID OutputBuffer OPTIONAL, |
| IN ULONG OutputBufferLength); |
| |
| NTSYSAPI |
| NTSTATUS |
| NTAPI |
| ZwDuplicateObject( |
| IN HANDLE SourceProcessHandle, |
| IN HANDLE SourceHandle, |
| IN HANDLE TargetProcessHandle OPTIONAL, |
| OUT PHANDLE TargetHandle OPTIONAL, |
| IN ACCESS_MASK DesiredAccess, |
| IN ULONG HandleAttributes, |
| IN ULONG Options); |
| |
| NTSYSAPI |
| NTSTATUS |
| NTAPI |
| ZwOpenDirectoryObject( |
| OUT PHANDLE DirectoryHandle, |
| IN ACCESS_MASK DesiredAccess, |
| IN POBJECT_ATTRIBUTES ObjectAttributes); |
| |
| NTSYSAPI |
| NTSTATUS |
| NTAPI |
| ZwAllocateVirtualMemory( |
| IN HANDLE ProcessHandle, |
| IN OUT PVOID *BaseAddress, |
| IN ULONG_PTR ZeroBits, |
| IN OUT PSIZE_T RegionSize, |
| IN ULONG AllocationType, |
| IN ULONG Protect); |
| |
| NTSYSAPI |
| NTSTATUS |
| NTAPI |
| ZwFreeVirtualMemory( |
| IN HANDLE ProcessHandle, |
| IN OUT PVOID *BaseAddress, |
| IN OUT PSIZE_T RegionSize, |
| IN ULONG FreeType); |
| |
| NTSYSAPI |
| NTSTATUS |
| NTAPI |
| ZwWaitForSingleObject( |
| IN HANDLE Handle, |
| IN BOOLEAN Alertable, |
| IN PLARGE_INTEGER Timeout OPTIONAL); |
| |
| NTSYSAPI |
| NTSTATUS |
| NTAPI |
| ZwSetEvent( |
| IN HANDLE EventHandle, |
| OUT PLONG PreviousState OPTIONAL); |
| |
| NTSYSAPI |
| NTSTATUS |
| NTAPI |
| ZwFlushVirtualMemory( |
| IN HANDLE ProcessHandle, |
| IN OUT PVOID *BaseAddress, |
| IN OUT PSIZE_T RegionSize, |
| OUT PIO_STATUS_BLOCK IoStatusBlock); |
| |
| NTSYSAPI |
| NTSTATUS |
| NTAPI |
| ZwQueryInformationToken( |
| IN HANDLE TokenHandle, |
| IN TOKEN_INFORMATION_CLASS TokenInformationClass, |
| OUT PVOID TokenInformation, |
| IN ULONG Length, |
| OUT PULONG ResultLength); |
| |
| NTSYSAPI |
| NTSTATUS |
| NTAPI |
| ZwSetSecurityObject( |
| IN HANDLE Handle, |
| IN SECURITY_INFORMATION SecurityInformation, |
| IN PSECURITY_DESCRIPTOR SecurityDescriptor); |
| |
| NTSYSAPI |
| NTSTATUS |
| NTAPI |
| ZwQuerySecurityObject( |
| IN HANDLE FileHandle, |
| IN SECURITY_INFORMATION SecurityInformation, |
| OUT PSECURITY_DESCRIPTOR SecurityDescriptor, |
| IN ULONG Length, |
| OUT PULONG ResultLength); |
| #endif /* (NTDDI_VERSION >= NTDDI_WIN2K) */ |
| |
| #if (NTDDI_VERSION >= NTDDI_WINXP) |
| |
| NTSYSAPI |
| NTSTATUS |
| NTAPI |
| ZwOpenProcessTokenEx( |
| IN HANDLE ProcessHandle, |
| IN ACCESS_MASK DesiredAccess, |
| IN ULONG HandleAttributes, |
| OUT PHANDLE TokenHandle); |
| |
| NTSYSAPI |
| NTSTATUS |
| NTAPI |
| ZwOpenThreadTokenEx( |
| IN HANDLE ThreadHandle, |
| IN ACCESS_MASK DesiredAccess, |
| IN BOOLEAN OpenAsSelf, |
| IN ULONG HandleAttributes, |
| OUT PHANDLE TokenHandle); |
| |
| #endif /* (NTDDI_VERSION >= NTDDI_WINXP) */ |
| |
| #if (NTDDI_VERSION >= NTDDI_VISTA) |
| |
| NTSYSAPI |
| NTSTATUS |
| NTAPI |
| ZwLockFile( |
| IN HANDLE FileHandle, |
| IN HANDLE Event OPTIONAL, |
| IN PIO_APC_ROUTINE ApcRoutine OPTIONAL, |
| IN PVOID ApcContext OPTIONAL, |
| OUT PIO_STATUS_BLOCK IoStatusBlock, |
| IN PLARGE_INTEGER ByteOffset, |
| IN PLARGE_INTEGER Length, |
| IN ULONG Key, |
| IN BOOLEAN FailImmediately, |
| IN BOOLEAN ExclusiveLock); |
| |
| NTSYSAPI |
| NTSTATUS |
| NTAPI |
| ZwUnlockFile( |
| IN HANDLE FileHandle, |
| OUT PIO_STATUS_BLOCK IoStatusBlock, |
| IN PLARGE_INTEGER ByteOffset, |
| IN PLARGE_INTEGER Length, |
| IN ULONG Key); |
| |
| NTSYSAPI |
| NTSTATUS |
| NTAPI |
| ZwQueryQuotaInformationFile( |
| IN HANDLE FileHandle, |
| OUT PIO_STATUS_BLOCK IoStatusBlock, |
| OUT PVOID Buffer, |
| IN ULONG Length, |
| IN BOOLEAN ReturnSingleEntry, |
| IN PVOID SidList, |
| IN ULONG SidListLength, |
| IN PSID StartSid OPTIONAL, |
| IN BOOLEAN RestartScan); |
| |
| NTSYSAPI |
| NTSTATUS |
| NTAPI |
| ZwSetQuotaInformationFile( |
| IN HANDLE FileHandle, |
| OUT PIO_STATUS_BLOCK IoStatusBlock, |
| IN PVOID Buffer, |
| IN ULONG Length); |
| |
| NTSYSAPI |
| NTSTATUS |
| NTAPI |
| ZwFlushBuffersFile( |
| IN HANDLE FileHandle, |
| OUT PIO_STATUS_BLOCK IoStatusBlock); |
| #endif /* (NTDDI_VERSION >= NTDDI_VISTA) */ |
| |
| #if (NTDDI_VERSION >= NTDDI_WIN7) |
| |
| NTSYSAPI |
| NTSTATUS |
| NTAPI |
| ZwSetInformationToken( |
| IN HANDLE TokenHandle, |
| IN TOKEN_INFORMATION_CLASS TokenInformationClass, |
| IN PVOID TokenInformation, |
| IN ULONG TokenInformationLength); |
| #endif /* (NTDDI_VERSION >= NTDDI_WIN7) */ |
| |
| |
| /* #if !defined(_X86AMD64_) FIXME : WHAT ?! */ |
| #if defined(_WIN64) |
| |
| C_ASSERT(sizeof(ERESOURCE) == 0x68); |
| C_ASSERT(FIELD_OFFSET(ERESOURCE,ActiveCount) == 0x18); |
| C_ASSERT(FIELD_OFFSET(ERESOURCE,Flag) == 0x1a); |
| |
| #else |
| |
| C_ASSERT(sizeof(ERESOURCE) == 0x38); |
| C_ASSERT(FIELD_OFFSET(ERESOURCE,ActiveCount) == 0x0c); |
| C_ASSERT(FIELD_OFFSET(ERESOURCE,Flag) == 0x0e); |
| |
| #endif |
| /* #endif */ |
| |
| #if defined(_IA64_) |
| #if (NTDDI_VERSION >= NTDDI_WIN2K) |
| //DECLSPEC_DEPRECATED_DDK |
| NTHALAPI |
| ULONG |
| NTAPI |
| HalGetDmaAlignmentRequirement( |
| VOID); |
| #endif |
| #endif |
| |
| #if defined(_M_IX86) || defined(_M_AMD64) |
| #define HalGetDmaAlignmentRequirement() 1L |
| #endif |
| |
| extern NTKERNELAPI PUSHORT NlsOemLeadByteInfo; |
| #define NLS_OEM_LEAD_BYTE_INFO NlsOemLeadByteInfo |
| |
| #ifdef NLS_MB_CODE_PAGE_TAG |
| #undef NLS_MB_CODE_PAGE_TAG |
| #endif |
| #define NLS_MB_CODE_PAGE_TAG NlsMbOemCodePageTag |
| |
| #if (NTDDI_VERSION >= NTDDI_VISTA) |
| |
| typedef enum _NETWORK_OPEN_LOCATION_QUALIFIER { |
| NetworkOpenLocationAny, |
| NetworkOpenLocationRemote, |
| NetworkOpenLocationLoopback |
| } NETWORK_OPEN_LOCATION_QUALIFIER; |
| |
| typedef enum _NETWORK_OPEN_INTEGRITY_QUALIFIER { |
| NetworkOpenIntegrityAny, |
| NetworkOpenIntegrityNone, |
| NetworkOpenIntegritySigned, |
| NetworkOpenIntegrityEncrypted, |
| NetworkOpenIntegrityMaximum |
| } NETWORK_OPEN_INTEGRITY_QUALIFIER; |
| |
| #if (NTDDI_VERSION >= NTDDI_WIN7) |
| |
| #define NETWORK_OPEN_ECP_IN_FLAG_DISABLE_HANDLE_COLLAPSING 0x1 |
| #define NETWORK_OPEN_ECP_IN_FLAG_DISABLE_HANDLE_DURABILITY 0x2 |
| #define NETWORK_OPEN_ECP_IN_FLAG_FORCE_BUFFERED_SYNCHRONOUS_IO_HACK 0x80000000 |
| |
| typedef struct _NETWORK_OPEN_ECP_CONTEXT { |
| USHORT Size; |
| USHORT Reserved; |
| _ANONYMOUS_STRUCT struct { |
| struct { |
| NETWORK_OPEN_LOCATION_QUALIFIER Location; |
| NETWORK_OPEN_INTEGRITY_QUALIFIER Integrity; |
| ULONG Flags; |
| } in; |
| struct { |
| NETWORK_OPEN_LOCATION_QUALIFIER Location; |
| NETWORK_OPEN_INTEGRITY_QUALIFIER Integrity; |
| ULONG Flags; |
| } out; |
| } DUMMYSTRUCTNAME; |
| } NETWORK_OPEN_ECP_CONTEXT, *PNETWORK_OPEN_ECP_CONTEXT; |
| |
| typedef struct _NETWORK_OPEN_ECP_CONTEXT_V0 { |
| USHORT Size; |
| USHORT Reserved; |
| _ANONYMOUS_STRUCT struct { |
| struct { |
| NETWORK_OPEN_LOCATION_QUALIFIER Location; |
| NETWORK_OPEN_INTEGRITY_QUALIFIER Integrity; |
| } in; |
| struct { |
| NETWORK_OPEN_LOCATION_QUALIFIER Location; |
| NETWORK_OPEN_INTEGRITY_QUALIFIER Integrity; |
| } out; |
| } DUMMYSTRUCTNAME; |
| } NETWORK_OPEN_ECP_CONTEXT_V0, *PNETWORK_OPEN_ECP_CONTEXT_V0; |
| |
| #elif (NTDDI_VERSION >= NTDDI_VISTA) |
| typedef struct _NETWORK_OPEN_ECP_CONTEXT { |
| USHORT Size; |
| USHORT Reserved; |
| _ANONYMOUS_STRUCT struct { |
| struct { |
| NETWORK_OPEN_LOCATION_QUALIFIER Location; |
| NETWORK_OPEN_INTEGRITY_QUALIFIER Integrity; |
| } in; |
| struct { |
| NETWORK_OPEN_LOCATION_QUALIFIER Location; |
| NETWORK_OPEN_INTEGRITY_QUALIFIER Integrity; |
| } out; |
| } DUMMYSTRUCTNAME; |
| } NETWORK_OPEN_ECP_CONTEXT, *PNETWORK_OPEN_ECP_CONTEXT; |
| #endif |
| |
| DEFINE_GUID(GUID_ECP_NETWORK_OPEN_CONTEXT, 0xc584edbf, 0x00df, 0x4d28, 0xb8, 0x84, 0x35, 0xba, 0xca, 0x89, 0x11, 0xe8); |
| |
| #endif /* (NTDDI_VERSION >= NTDDI_VISTA) */ |
| |
| |
| #if (NTDDI_VERSION >= NTDDI_VISTA) |
| |
| typedef struct _PREFETCH_OPEN_ECP_CONTEXT { |
| PVOID Context; |
| } PREFETCH_OPEN_ECP_CONTEXT, *PPREFETCH_OPEN_ECP_CONTEXT; |
| |
| DEFINE_GUID(GUID_ECP_PREFETCH_OPEN, 0xe1777b21, 0x847e, 0x4837, 0xaa, 0x45, 0x64, 0x16, 0x1d, 0x28, 0x6, 0x55); |
| |
| #endif /* (NTDDI_VERSION >= NTDDI_VISTA) */ |
| |
| #if (NTDDI_VERSION >= NTDDI_WIN7) |
| |
| DEFINE_GUID (GUID_ECP_NFS_OPEN, 0xf326d30c, 0xe5f8, 0x4fe7, 0xab, 0x74, 0xf5, 0xa3, 0x19, 0x6d, 0x92, 0xdb); |
| DEFINE_GUID (GUID_ECP_SRV_OPEN, 0xbebfaebc, 0xaabf, 0x489d, 0x9d, 0x2c, 0xe9, 0xe3, 0x61, 0x10, 0x28, 0x53); |
| |
| typedef struct sockaddr_storage *PSOCKADDR_STORAGE_NFS; |
| |
| typedef struct _NFS_OPEN_ECP_CONTEXT { |
| PUNICODE_STRING ExportAlias; |
| PSOCKADDR_STORAGE_NFS ClientSocketAddress; |
| } NFS_OPEN_ECP_CONTEXT, *PNFS_OPEN_ECP_CONTEXT, **PPNFS_OPEN_ECP_CONTEXT; |
| |
| typedef struct _SRV_OPEN_ECP_CONTEXT { |
| PUNICODE_STRING ShareName; |
| PSOCKADDR_STORAGE_NFS SocketAddress; |
| BOOLEAN OplockBlockState; |
| BOOLEAN OplockAppState; |
| BOOLEAN OplockFinalState; |
| } SRV_OPEN_ECP_CONTEXT, *PSRV_OPEN_ECP_CONTEXT; |
| |
| #endif /* (NTDDI_VERSION >= NTDDI_WIN7) */ |
| |
| #define PIN_WAIT (1) |
| #define PIN_EXCLUSIVE (2) |
| #define PIN_NO_READ (4) |
| #define PIN_IF_BCB (8) |
| #define PIN_CALLER_TRACKS_DIRTY_DATA (32) |
| #define PIN_HIGH_PRIORITY (64) |
| |
| #define MAP_WAIT 1 |
| #define MAP_NO_READ (16) |
| #define MAP_HIGH_PRIORITY (64) |
| |
| #define IOCTL_REDIR_QUERY_PATH CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 99, METHOD_NEITHER, FILE_ANY_ACCESS) |
| #define IOCTL_REDIR_QUERY_PATH_EX CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 100, METHOD_NEITHER, FILE_ANY_ACCESS) |
| |
| typedef struct _QUERY_PATH_REQUEST { |
| ULONG PathNameLength; |
| PIO_SECURITY_CONTEXT SecurityContext; |
| WCHAR FilePathName[1]; |
| } QUERY_PATH_REQUEST, *PQUERY_PATH_REQUEST; |
| |
| typedef struct _QUERY_PATH_REQUEST_EX { |
| PIO_SECURITY_CONTEXT pSecurityContext; |
| ULONG EaLength; |
| PVOID pEaBuffer; |
| UNICODE_STRING PathName; |
| UNICODE_STRING DomainServiceName; |
| ULONG_PTR Reserved[ 3 ]; |
| } QUERY_PATH_REQUEST_EX, *PQUERY_PATH_REQUEST_EX; |
| |
| typedef struct _QUERY_PATH_RESPONSE { |
| ULONG LengthAccepted; |
| } QUERY_PATH_RESPONSE, *PQUERY_PATH_RESPONSE; |
| |
| #define VOLSNAPCONTROLTYPE 0x00000053 |
| #define IOCTL_VOLSNAP_FLUSH_AND_HOLD_WRITES CTL_CODE(VOLSNAPCONTROLTYPE, 0, METHOD_BUFFERED, FILE_READ_ACCESS | FILE_WRITE_ACCESS) |
| |
| /* FIXME : These definitions below don't belong here (or anywhere in ddk really) */ |
| #pragma pack(push,4) |
| |
| #ifndef VER_PRODUCTBUILD |
| #define VER_PRODUCTBUILD 10000 |
| #endif |
| |
| #include "csq.h" |
| |
| extern PACL SePublicDefaultDacl; |
| extern PACL SeSystemDefaultDacl; |
| |
| #define FS_LFN_APIS 0x00004000 |
| |
| #define FILE_STORAGE_TYPE_SPECIFIED 0x00000041 /* FILE_DIRECTORY_FILE | FILE_NON_DIRECTORY_FILE */ |
| #define FILE_STORAGE_TYPE_DEFAULT (StorageTypeDefault << FILE_STORAGE_TYPE_SHIFT) |
| #define FILE_STORAGE_TYPE_DIRECTORY (StorageTypeDirectory << FILE_STORAGE_TYPE_SHIFT) |
| #define FILE_STORAGE_TYPE_FILE (StorageTypeFile << FILE_STORAGE_TYPE_SHIFT) |
| #define FILE_STORAGE_TYPE_DOCFILE (StorageTypeDocfile << FILE_STORAGE_TYPE_SHIFT) |
| #define FILE_STORAGE_TYPE_JUNCTION_POINT (StorageTypeJunctionPoint << FILE_STORAGE_TYPE_SHIFT) |
| #define FILE_STORAGE_TYPE_CATALOG (StorageTypeCatalog << FILE_STORAGE_TYPE_SHIFT) |
| #define FILE_STORAGE_TYPE_STRUCTURED_STORAGE (StorageTypeStructuredStorage << FILE_STORAGE_TYPE_SHIFT) |
| #define FILE_STORAGE_TYPE_EMBEDDING (StorageTypeEmbedding << FILE_STORAGE_TYPE_SHIFT) |
| #define FILE_STORAGE_TYPE_STREAM (StorageTypeStream << FILE_STORAGE_TYPE_SHIFT) |
| #define FILE_MINIMUM_STORAGE_TYPE FILE_STORAGE_TYPE_DEFAULT |
| #define FILE_MAXIMUM_STORAGE_TYPE FILE_STORAGE_TYPE_STREAM |
| #define FILE_STORAGE_TYPE_MASK 0x000f0000 |
| #define FILE_STORAGE_TYPE_SHIFT 16 |
| |
| #define FILE_VC_QUOTAS_LOG_VIOLATIONS 0x00000004 |
| |
| #ifdef _X86_ |
| #define HARDWARE_PTE HARDWARE_PTE_X86 |
| #define PHARDWARE_PTE PHARDWARE_PTE_X86 |
| #endif |
| |
| #define IO_ATTACH_DEVICE_API 0x80000000 |
| |
| #define IO_TYPE_APC 18 |
| #define IO_TYPE_DPC 19 |
| #define IO_TYPE_DEVICE_QUEUE 20 |
| #define IO_TYPE_EVENT_PAIR 21 |
| #define IO_TYPE_INTERRUPT 22 |
| #define IO_TYPE_PROFILE 23 |
| |
| #define IRP_BEING_VERIFIED 0x10 |
| |
| #define MAILSLOT_CLASS_FIRSTCLASS 1 |
| #define MAILSLOT_CLASS_SECONDCLASS 2 |
| |
| #define MAILSLOT_SIZE_AUTO 0 |
| |
| #define MEM_DOS_LIM 0x40000000 |
| |
| #define OB_TYPE_TYPE 1 |
| #define OB_TYPE_DIRECTORY 2 |
| #define OB_TYPE_SYMBOLIC_LINK 3 |
| #define OB_TYPE_TOKEN 4 |
| #define OB_TYPE_PROCESS 5 |
| #define OB_TYPE_THREAD 6 |
| #define OB_TYPE_EVENT 7 |
| #define OB_TYPE_EVENT_PAIR 8 |
| #define OB_TYPE_MUTANT 9 |
| #define OB_TYPE_SEMAPHORE 10 |
| #define OB_TYPE_TIMER 11 |
| #define OB_TYPE_PROFILE 12 |
| #define OB_TYPE_WINDOW_STATION 13 |
| #define OB_TYPE_DESKTOP 14 |
| #define OB_TYPE_SECTION 15 |
| #define OB_TYPE_KEY 16 |
| #define OB_TYPE_PORT 17 |
| #define OB_TYPE_ADAPTER 18 |
| #define OB_TYPE_CONTROLLER 19 |
| #define OB_TYPE_DEVICE 20 |
| #define OB_TYPE_DRIVER 21 |
| #define OB_TYPE_IO_COMPLETION 22 |
| #define OB_TYPE_FILE 23 |
| |
| #define SEC_BASED 0x00200000 |
| |
| /* end winnt.h */ |
| |
| #define TOKEN_HAS_ADMIN_GROUP 0x08 |
| |
| #if (VER_PRODUCTBUILD >= 1381) |
| #define FSCTL_GET_HFS_INFORMATION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 31, METHOD_BUFFERED, FILE_ANY_ACCESS) |
| #endif /* (VER_PRODUCTBUILD >= 1381) */ |
| |
| #if (VER_PRODUCTBUILD >= 2195) |
| |
| #define FSCTL_READ_PROPERTY_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 33, METHOD_NEITHER, FILE_ANY_ACCESS) |
| #define FSCTL_WRITE_PROPERTY_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 34, METHOD_NEITHER, FILE_ANY_ACCESS) |
| |
| #define FSCTL_DUMP_PROPERTY_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 37, METHOD_NEITHER, FILE_ANY_ACCESS) |
| |
| #define FSCTL_HSM_MSG CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 66, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA) |
| #define FSCTL_NSS_CONTROL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 67, METHOD_BUFFERED, FILE_WRITE_DATA) |
| #define FSCTL_HSM_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 68, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA) |
| #define FSCTL_NSS_RCONTROL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 70, METHOD_BUFFERED, FILE_READ_DATA) |
| #endif /* (VER_PRODUCTBUILD >= 2195) */ |
| |
| #define FSCTL_NETWORK_SET_CONFIGURATION_INFO CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 102, METHOD_IN_DIRECT, FILE_ANY_ACCESS) |
| #define FSCTL_NETWORK_GET_CONFIGURATION_INFO CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 103, METHOD_OUT_DIRECT, FILE_ANY_ACCESS) |
| #define FSCTL_NETWORK_GET_CONNECTION_INFO CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 104, METHOD_NEITHER, FILE_ANY_ACCESS) |
| #define FSCTL_NETWORK_ENUMERATE_CONNECTIONS CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 105, METHOD_NEITHER, FILE_ANY_ACCESS) |
| #define FSCTL_NETWORK_DELETE_CONNECTION CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 107, METHOD_BUFFERED, FILE_ANY_ACCESS) |
| #define FSCTL_NETWORK_GET_STATISTICS CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 116, METHOD_BUFFERED, FILE_ANY_ACCESS) |
| #define FSCTL_NETWORK_SET_DOMAIN_NAME CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 120, METHOD_BUFFERED, FILE_ANY_ACCESS) |
| #define FSCTL_NETWORK_REMOTE_BOOT_INIT_SCRT CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 250, METHOD_BUFFERED, FILE_ANY_ACCESS) |
| |
| typedef enum _FILE_STORAGE_TYPE { |
| StorageTypeDefault = 1, |
| StorageTypeDirectory, |
| StorageTypeFile, |
| StorageTypeJunctionPoint, |
| StorageTypeCatalog, |
| StorageTypeStructuredStorage, |
| StorageTypeEmbedding, |
| StorageTypeStream |
| } FILE_STORAGE_TYPE; |
| |
| typedef struct _OBJECT_BASIC_INFORMATION |
| { |
| ULONG Attributes; |
| ACCESS_MASK GrantedAccess; |
| ULONG HandleCount; |
| ULONG PointerCount; |
| ULONG PagedPoolCharge; |
| ULONG NonPagedPoolCharge; |
| ULONG Reserved[ 3 ]; |
| ULONG NameInfoSize; |
| ULONG TypeInfoSize; |
| ULONG SecurityDescriptorSize; |
| LARGE_INTEGER CreationTime; |
| } OBJECT_BASIC_INFORMATION, *POBJECT_BASIC_INFORMATION; |
| |
| typedef struct _BITMAP_RANGE { |
| LIST_ENTRY Links; |
| LONGLONG BasePage; |
| ULONG FirstDirtyPage; |
| ULONG LastDirtyPage; |
| ULONG DirtyPages; |
| PULONG Bitmap; |
| } BITMAP_RANGE, *PBITMAP_RANGE; |
| |
| typedef struct _FILE_COPY_ON_WRITE_INFORMATION { |
| BOOLEAN ReplaceIfExists; |
| HANDLE RootDirectory; |
| ULONG FileNameLength; |
| WCHAR FileName[1]; |
| } FILE_COPY_ON_WRITE_INFORMATION, *PFILE_COPY_ON_WRITE_INFORMATION; |
| |
| typedef struct _FILE_FULL_DIRECTORY_INFORMATION { |
| ULONG NextEntryOffset; |
| ULONG FileIndex; |
| LARGE_INTEGER CreationTime; |
| LARGE_INTEGER LastAccessTime; |
| LARGE_INTEGER LastWriteTime; |
| LARGE_INTEGER ChangeTime; |
| LARGE_INTEGER EndOfFile; |
| LARGE_INTEGER AllocationSize; |
| ULONG FileAttributes; |
| ULONG FileNameLength; |
| ULONG EaSize; |
| WCHAR FileName[ANYSIZE_ARRAY]; |
| } FILE_FULL_DIRECTORY_INFORMATION, *PFILE_FULL_DIRECTORY_INFORMATION; |
| |
| /* raw internal file lock struct returned from FsRtlGetNextFileLock */ |
| typedef struct _FILE_SHARED_LOCK_ENTRY { |
| PVOID Unknown1; |
| PVOID Unknown2; |
| FILE_LOCK_INFO FileLock; |
| } FILE_SHARED_LOCK_ENTRY, *PFILE_SHARED_LOCK_ENTRY; |
| |
| /* raw internal file lock struct returned from FsRtlGetNextFileLock */ |
| typedef struct _FILE_EXCLUSIVE_LOCK_ENTRY { |
| LIST_ENTRY ListEntry; |
| PVOID Unknown1; |
| PVOID Unknown2; |
| FILE_LOCK_INFO FileLock; |
| } FILE_EXCLUSIVE_LOCK_ENTRY, *PFILE_EXCLUSIVE_LOCK_ENTRY; |
| |
| typedef struct _FILE_MAILSLOT_PEEK_BUFFER { |
| ULONG ReadDataAvailable; |
| ULONG NumberOfMessages; |
| ULONG MessageLength; |
| } FILE_MAILSLOT_PEEK_BUFFER, *PFILE_MAILSLOT_PEEK_BUFFER; |
| |
| typedef struct _FILE_OLE_CLASSID_INFORMATION { |
| GUID ClassId; |
| } FILE_OLE_CLASSID_INFORMATION, *PFILE_OLE_CLASSID_INFORMATION; |
| |
| typedef struct _FILE_OLE_ALL_INFORMATION { |
| FILE_BASIC_INFORMATION BasicInformation; |
| FILE_STANDARD_INFORMATION StandardInformation; |
| FILE_INTERNAL_INFORMATION InternalInformation; |
| FILE_EA_INFORMATION EaInformation; |
| FILE_ACCESS_INFORMATION AccessInformation; |
| FILE_POSITION_INFORMATION PositionInformation; |
| FILE_MODE_INFORMATION ModeInformation; |
| FILE_ALIGNMENT_INFORMATION AlignmentInformation; |
| USN LastChangeUsn; |
| USN ReplicationUsn; |
| LARGE_INTEGER SecurityChangeTime; |
| FILE_OLE_CLASSID_INFORMATION OleClassIdInformation; |
| FILE_OBJECTID_INFORMATION ObjectIdInformation; |
| FILE_STORAGE_TYPE StorageType; |
| ULONG OleStateBits; |
| ULONG OleId; |
| ULONG NumberOfStreamReferences; |
| ULONG StreamIndex; |
| ULONG SecurityId; |
| BOOLEAN ContentIndexDisable; |
| BOOLEAN InheritContentIndexDisable; |
| FILE_NAME_INFORMATION NameInformation; |
| } FILE_OLE_ALL_INFORMATION, *PFILE_OLE_ALL_INFORMATION; |
| |
| typedef struct _FILE_OLE_DIR_INFORMATION { |
| ULONG NextEntryOffset; |
| ULONG FileIndex; |
| LARGE_INTEGER CreationTime; |
| LARGE_INTEGER LastAccessTime; |
| LARGE_INTEGER LastWriteTime; |
| LARGE_INTEGER ChangeTime; |
| LARGE_INTEGER EndOfFile; |
| LARGE_INTEGER AllocationSize; |
| ULONG FileAttributes; |
| ULONG FileNameLength; |
| FILE_STORAGE_TYPE StorageType; |
| GUID OleClassId; |
| ULONG OleStateBits; |
| BOOLEAN ContentIndexDisable; |
| BOOLEAN InheritContentIndexDisable; |
| WCHAR FileName[1]; |
| } FILE_OLE_DIR_INFORMATION, *PFILE_OLE_DIR_INFORMATION; |
| |
| typedef struct _FILE_OLE_INFORMATION { |
| LARGE_INTEGER SecurityChangeTime; |
| FILE_OLE_CLASSID_INFORMATION OleClassIdInformation; |
| FILE_OBJECTID_INFORMATION ObjectIdInformation; |
| FILE_STORAGE_TYPE StorageType; |
| ULONG OleStateBits; |
| BOOLEAN ContentIndexDisable; |
| BOOLEAN InheritContentIndexDisable; |
| } FILE_OLE_INFORMATION, *PFILE_OLE_INFORMATION; |
| |
| typedef struct _FILE_OLE_STATE_BITS_INFORMATION { |
| ULONG StateBits; |
| ULONG StateBitsMask; |
| } FILE_OLE_STATE_BITS_INFORMATION, *PFILE_OLE_STATE_BITS_INFORMATION; |
| |
| typedef struct _MAPPING_PAIR { |
| ULONGLONG Vcn; |
| ULONGLONG Lcn; |
| } MAPPING_PAIR, *PMAPPING_PAIR; |
| |
| typedef struct _GET_RETRIEVAL_DESCRIPTOR { |
| ULONG NumberOfPairs; |
| ULONGLONG StartVcn; |
| MAPPING_PAIR Pair[1]; |
| } GET_RETRIEVAL_DESCRIPTOR, *PGET_RETRIEVAL_DESCRIPTOR; |
| |
| typedef struct _MBCB { |
| CSHORT NodeTypeCode; |
| CSHORT NodeIsInZone; |
| ULONG PagesToWrite; |
| ULONG DirtyPages; |
| ULONG Reserved; |
| LIST_ENTRY BitmapRanges; |
| LONGLONG ResumeWritePage; |
| BITMAP_RANGE BitmapRange1; |
| BITMAP_RANGE BitmapRange2; |
| BITMAP_RANGE BitmapRange3; |
| } MBCB, *PMBCB; |
| |
| typedef struct _MOVEFILE_DESCRIPTOR { |
| HANDLE FileHandle; |
| ULONG Reserved; |
| LARGE_INTEGER StartVcn; |
| LARGE_INTEGER TargetLcn; |
| ULONG NumVcns; |
| ULONG Reserved1; |
| } MOVEFILE_DESCRIPTOR, *PMOVEFILE_DESCRIPTOR; |
| |
| typedef struct _OBJECT_BASIC_INFO { |
| ULONG Attributes; |
| ACCESS_MASK GrantedAccess; |
| ULONG HandleCount; |
| ULONG ReferenceCount; |
| ULONG PagedPoolUsage; |
| ULONG NonPagedPoolUsage; |
| ULONG Reserved[3]; |
| ULONG NameInformationLength; |
| ULONG TypeInformationLength; |
| ULONG SecurityDescriptorLength; |
| LARGE_INTEGER CreateTime; |
| } OBJECT_BASIC_INFO, *POBJECT_BASIC_INFO; |
| |
| typedef struct _OBJECT_HANDLE_ATTRIBUTE_INFO { |
| BOOLEAN Inherit; |
| BOOLEAN ProtectFromClose; |
| } OBJECT_HANDLE_ATTRIBUTE_INFO, *POBJECT_HANDLE_ATTRIBUTE_INFO; |
| |
| typedef struct _OBJECT_NAME_INFO { |
| UNICODE_STRING ObjectName; |
| WCHAR ObjectNameBuffer[1]; |
| } OBJECT_NAME_INFO, *POBJECT_NAME_INFO; |
| |
| typedef struct _OBJECT_PROTECTION_INFO { |
| BOOLEAN Inherit; |
| BOOLEAN ProtectHandle; |
| } OBJECT_PROTECTION_INFO, *POBJECT_PROTECTION_INFO; |
| |
| typedef struct _OBJECT_TYPE_INFO { |
| UNICODE_STRING ObjectTypeName; |
| UCHAR Unknown[0x58]; |
| WCHAR ObjectTypeNameBuffer[1]; |
| } OBJECT_TYPE_INFO, *POBJECT_TYPE_INFO; |
| |
| typedef struct _OBJECT_ALL_TYPES_INFO { |
| ULONG NumberOfObjectTypes; |
| OBJECT_TYPE_INFO ObjectsTypeInfo[1]; |
| } OBJECT_ALL_TYPES_INFO, *POBJECT_ALL_TYPES_INFO; |
| |
| #if defined(USE_LPC6432) |
| #define LPC_CLIENT_ID CLIENT_ID64 |
| #define LPC_SIZE_T ULONGLONG |
| #define LPC_PVOID ULONGLONG |
| #define LPC_HANDLE ULONGLONG |
| #else |
| #define LPC_CLIENT_ID CLIENT_ID |
| #define LPC_SIZE_T SIZE_T |
| #define LPC_PVOID PVOID |
| #define LPC_HANDLE HANDLE |
| #endif |
| |
| typedef struct _PORT_MESSAGE |
| { |
| union |
| { |
| struct |
| { |
| CSHORT DataLength; |
| CSHORT TotalLength; |
| } s1; |
| ULONG Length; |
| } u1; |
| union |
| { |
| struct |
| { |
| CSHORT Type; |
| CSHORT DataInfoOffset; |
| } s2; |
| ULONG ZeroInit; |
| } u2; |
| __GNU_EXTENSION union |
| { |
| LPC_CLIENT_ID ClientId; |
| double DoNotUseThisField; |
| }; |
| ULONG MessageId; |
| __GNU_EXTENSION union |
| { |
| LPC_SIZE_T ClientViewSize; |
| ULONG CallbackId; |
| }; |
| } PORT_MESSAGE, *PPORT_MESSAGE; |
| |
| #define LPC_KERNELMODE_MESSAGE (CSHORT)((USHORT)0x8000) |
| |
| typedef struct _PORT_VIEW |
| { |
| ULONG Length; |
| LPC_HANDLE SectionHandle; |
| ULONG SectionOffset; |
| LPC_SIZE_T ViewSize; |
| LPC_PVOID ViewBase; |
| LPC_PVOID ViewRemoteBase; |
| } PORT_VIEW, *PPORT_VIEW; |
| |
| typedef struct _REMOTE_PORT_VIEW |
| { |
| ULONG Length; |
| LPC_SIZE_T ViewSize; |
| LPC_PVOID ViewBase; |
| } REMOTE_PORT_VIEW, *PREMOTE_PORT_VIEW; |
| |
| typedef struct _VAD_HEADER { |
| PVOID StartVPN; |
| PVOID EndVPN; |
| struct _VAD_HEADER* ParentLink; |
| struct _VAD_HEADER* LeftLink; |
| struct _VAD_HEADER* RightLink; |
| ULONG Flags; /* LSB = CommitCharge */ |
| PVOID ControlArea; |
| PVOID FirstProtoPte; |
| PVOID LastPTE; |
| ULONG Unknown; |
| LIST_ENTRY Secured; |
| } VAD_HEADER, *PVAD_HEADER; |
| |
| NTKERNELAPI |
| LARGE_INTEGER |
| NTAPI |
| CcGetLsnForFileObject ( |
| IN PFILE_OBJECT FileObject, |
| OUT PLARGE_INTEGER OldestLsn OPTIONAL |
| ); |
| |
| NTKERNELAPI |
| PVOID |
| NTAPI |
| FsRtlAllocatePool ( |
| IN POOL_TYPE PoolType, |
| IN ULONG NumberOfBytes |
| ); |
| |
| NTKERNELAPI |
| PVOID |
| NTAPI |
| FsRtlAllocatePoolWithQuota ( |
| IN POOL_TYPE PoolType, |
| IN ULONG NumberOfBytes |
| ); |
| |
| NTKERNELAPI |
| PVOID |
| NTAPI |
| FsRtlAllocatePoolWithQuotaTag ( |
| IN POOL_TYPE PoolType, |
| IN ULONG NumberOfBytes, |
| IN ULONG Tag |
| ); |
| |
| NTKERNELAPI |
| PVOID |
| NTAPI |
| FsRtlAllocatePoolWithTag ( |
| IN POOL_TYPE PoolType, |
| IN ULONG NumberOfBytes, |
| IN ULONG Tag |
| ); |
| |
| NTKERNELAPI |
| BOOLEAN |
| NTAPI |
| FsRtlIsFatDbcsLegal ( |
| IN ANSI_STRING DbcsName, |
| IN BOOLEAN WildCardsPermissible, |
| IN BOOLEAN PathNamePermissible, |
| IN BOOLEAN LeadingBackslashPermissible |
| ); |
| |
| NTKERNELAPI |
| BOOLEAN |
| NTAPI |
| FsRtlMdlReadComplete ( |
| IN PFILE_OBJECT FileObject, |
| IN PMDL MdlChain |
| ); |
| |
| NTKERNELAPI |
| BOOLEAN |
| NTAPI |
| FsRtlMdlWriteComplete ( |
| IN PFILE_OBJECT FileObject, |
| IN PLARGE_INTEGER FileOffset, |
| IN PMDL MdlChain |
| ); |
| |
| NTKERNELAPI |
| VOID |
| NTAPI |
| FsRtlNotifyChangeDirectory ( |
| IN PNOTIFY_SYNC NotifySync, |
| IN PVOID FsContext, |
| IN PSTRING FullDirectoryName, |
| IN PLIST_ENTRY NotifyList, |
| IN BOOLEAN WatchTree, |
| IN ULONG CompletionFilter, |
| IN PIRP NotifyIrp |
| ); |
| |
| NTKERNELAPI |
| NTSTATUS |
| NTAPI |
| ObCreateObject ( |
| IN KPROCESSOR_MODE ObjectAttributesAccessMode OPTIONAL, |
| IN POBJECT_TYPE ObjectType, |
| IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, |
| IN KPROCESSOR_MODE AccessMode, |
| IN OUT PVOID ParseContext OPTIONAL, |
| IN ULONG ObjectSize, |
| IN ULONG PagedPoolCharge OPTIONAL, |
| IN ULONG NonPagedPoolCharge OPTIONAL, |
| OUT PVOID *Object |
| ); |
| |
| NTKERNELAPI |
| ULONG |
| NTAPI |
| ObGetObjectPointerCount ( |
| IN PVOID Object |
| ); |
| |
| NTKERNELAPI |
| NTSTATUS |
| NTAPI |
| ObReferenceObjectByName ( |
| IN PUNICODE_STRING ObjectName, |
| IN ULONG Attributes, |
| IN PACCESS_STATE PassedAccessState OPTIONAL, |
| IN ACCESS_MASK DesiredAccess OPTIONAL, |
| IN POBJECT_TYPE ObjectType, |
| IN KPROCESSOR_MODE AccessMode, |
| IN OUT PVOID ParseContext OPTIONAL, |
| OUT PVOID *Object |
| ); |
| |
| #define PsDereferenceImpersonationToken(T) \ |
| {if (ARGUMENT_PRESENT(T)) { \ |
| (ObDereferenceObject((T))); \ |
| } else { \ |
| ; \ |
| } \ |
| } |
| |
| NTKERNELAPI |
| NTSTATUS |
| NTAPI |
| PsLookupProcessThreadByCid ( |
| IN PCLIENT_ID Cid, |
| OUT PEPROCESS *Process OPTIONAL, |
| OUT PETHREAD *Thread |
| ); |
| |
| NTSYSAPI |
| NTSTATUS |
| NTAPI |
| RtlSetSaclSecurityDescriptor ( |
| IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor, |
| IN BOOLEAN SaclPresent, |
| IN PACL Sacl, |
| IN BOOLEAN SaclDefaulted |
| ); |
| |
| #define SeEnableAccessToExports() SeExports = *(PSE_EXPORTS *)SeExports; |
| |
| #if (VER_PRODUCTBUILD >= 2195) |
| |
| NTSYSAPI |
| NTSTATUS |
| NTAPI |
| ZwAdjustPrivilegesToken ( |
| IN HANDLE TokenHandle, |
| IN BOOLEAN DisableAllPrivileges, |
| IN PTOKEN_PRIVILEGES NewState, |
| IN ULONG BufferLength, |
| OUT PTOKEN_PRIVILEGES PreviousState OPTIONAL, |
| OUT PULONG ReturnLength |
| ); |
| |
| #endif /* (VER_PRODUCTBUILD >= 2195) */ |
| |
| NTSYSAPI |
| NTSTATUS |
| NTAPI |
| ZwAlertThread ( |
| IN HANDLE ThreadHandle |
| ); |
| |
| NTSYSAPI |
| NTSTATUS |
| NTAPI |
| ZwAccessCheckAndAuditAlarm ( |
| IN PUNICODE_STRING SubsystemName, |
| IN PVOID HandleId, |
| IN PUNICODE_STRING ObjectTypeName, |
| IN PUNICODE_STRING ObjectName, |
| IN PSECURITY_DESCRIPTOR SecurityDescriptor, |
| IN ACCESS_MASK DesiredAccess, |
| IN PGENERIC_MAPPING GenericMapping, |
| IN BOOLEAN ObjectCreation, |
| OUT PACCESS_MASK GrantedAccess, |
| OUT PBOOLEAN AccessStatus, |
| OUT PBOOLEAN GenerateOnClose |
| ); |
| |
| #if (VER_PRODUCTBUILD >= 2195) |
| |
| NTSYSAPI |
| NTSTATUS |
| NTAPI |
| ZwCancelIoFile ( |
| IN HANDLE FileHandle, |
| OUT PIO_STATUS_BLOCK IoStatusBlock |
| ); |
| |
| #endif /* (VER_PRODUCTBUILD >= 2195) */ |
| |
| NTSYSAPI |
| NTSTATUS |
| NTAPI |
| ZwClearEvent ( |
| IN HANDLE EventHandle |
| ); |
| |
| NTSYSAPI |
| NTSTATUS |
| NTAPI |
| ZwCloseObjectAuditAlarm ( |
| IN PUNICODE_STRING SubsystemName, |
| IN PVOID HandleId, |
| IN BOOLEAN GenerateOnClose |
| ); |
| |
| NTSYSAPI |
| NTSTATUS |
| NTAPI |
| ZwCreateSymbolicLinkObject ( |
| OUT PHANDLE SymbolicLinkHandle, |
| IN ACCESS_MASK DesiredAccess, |
| IN POBJECT_ATTRIBUTES ObjectAttributes, |
| IN PUNICODE_STRING TargetName |
| ); |
| |
| NTSYSAPI |
| NTSTATUS |
| NTAPI |
| ZwFlushInstructionCache ( |
| IN HANDLE ProcessHandle, |
| IN PVOID BaseAddress OPTIONAL, |
| IN ULONG FlushSize |
| ); |
| |
| NTSYSAPI |
| NTSTATUS |
| NTAPI |
| ZwFlushBuffersFile( |
| IN HANDLE FileHandle, |
| OUT PIO_STATUS_BLOCK IoStatusBlock |
| ); |
| |
| #if (VER_PRODUCTBUILD >= 2195) |
| |
| NTSYSAPI |
| NTSTATUS |
| NTAPI |
| ZwInitiatePowerAction ( |
| IN POWER_ACTION SystemAction, |
| IN SYSTEM_POWER_STATE MinSystemState, |
| IN ULONG Flags, |
| IN BOOLEAN Asynchronous |
| ); |
| |
| #endif /* (VER_PRODUCTBUILD >= 2195) */ |
| |
| NTSYSAPI |
| NTSTATUS |
| NTAPI |
| ZwLoadKey ( |
| IN POBJECT_ATTRIBUTES KeyObjectAttributes, |
| IN POBJECT_ATTRIBUTES FileObjectAttributes |
| ); |
| |
| NTSYSAPI |
| NTSTATUS |
| NTAPI |
| ZwOpenProcessToken ( |
| IN HANDLE ProcessHandle, |
| IN ACCESS_MASK DesiredAccess, |
| OUT PHANDLE TokenHandle |
| ); |
| |
| NTSYSAPI |
| NTSTATUS |
| NTAPI |
| ZwOpenThread ( |
| OUT PHANDLE ThreadHandle, |
| IN ACCESS_MASK DesiredAccess, |
| IN POBJECT_ATTRIBUTES ObjectAttributes, |
| IN PCLIENT_ID ClientId |
| ); |
| |
| NTSYSAPI |
| NTSTATUS |
| NTAPI |
| ZwOpenThreadToken ( |
| IN HANDLE ThreadHandle, |
| IN ACCESS_MASK DesiredAccess, |
| IN BOOLEAN OpenAsSelf, |
| OUT PHANDLE TokenHandle |
| ); |
| |
| NTSYSAPI |
| NTSTATUS |
| NTAPI |
| ZwPulseEvent ( |
| IN HANDLE EventHandle, |
| OUT PLONG PreviousState OPTIONAL |
| ); |
| |
| NTSYSAPI |
| NTSTATUS |
| NTAPI |
| ZwQueryDefaultLocale ( |
| IN BOOLEAN ThreadOrSystem, |
| OUT PLCID Locale |
| ); |
| |
| #if (VER_PRODUCTBUILD >= 2195) |
| |
| NTSYSAPI |
| NTSTATUS |
| NTAPI |
| ZwQueryDirectoryObject ( |
| IN HANDLE DirectoryHandle, |
| OUT PVOID Buffer, |
| IN ULONG Length, |
| IN BOOLEAN ReturnSingleEntry, |
| IN BOOLEAN RestartScan, |
| IN OUT PULONG Context, |
| OUT PULONG ReturnLength OPTIONAL |
| ); |
| |
| #endif /* (VER_PRODUCTBUILD >= 2195) */ |
| |
| NTSYSAPI |
| NTSTATUS |
| NTAPI |
| ZwQueryInformationProcess ( |
| IN HANDLE ProcessHandle, |
| IN PROCESSINFOCLASS ProcessInformationClass, |
| OUT PVOID ProcessInformation, |
| IN ULONG ProcessInformationLength, |
| OUT PULONG ReturnLength OPTIONAL |
| ); |
| |
| NTSYSAPI |
| NTSTATUS |
| NTAPI |
| ZwReplaceKey ( |
| IN POBJECT_ATTRIBUTES NewFileObjectAttributes, |
| IN HANDLE KeyHandle, |
| IN POBJECT_ATTRIBUTES OldFileObjectAttributes |
| ); |
| |
| NTSYSAPI |
| NTSTATUS |
| NTAPI |
| ZwResetEvent ( |
| IN HANDLE EventHandle, |
| OUT PLONG PreviousState OPTIONAL |
| ); |
| |
| #if (VER_PRODUCTBUILD >= 2195) |
| |
| NTSYSAPI |
| NTSTATUS |
| NTAPI |
| ZwRestoreKey ( |
| IN HANDLE KeyHandle, |
| IN HANDLE FileHandle, |
| IN ULONG Flags |
| ); |
| |
| #endif /* (VER_PRODUCTBUILD >= 2195) */ |
| |
| NTSYSAPI |
| NTSTATUS |
| NTAPI |
| ZwSaveKey ( |
| IN HANDLE KeyHandle, |
| IN HANDLE FileHandle |
| ); |
| |
| NTSYSAPI |
| NTSTATUS |
| NTAPI |
| ZwSetDefaultLocale ( |
| IN BOOLEAN ThreadOrSystem, |
| IN LCID Locale |
| ); |
| |
| #if (VER_PRODUCTBUILD >= 2195) |
| |
| NTSYSAPI |
| NTSTATUS |
| NTAPI |
| ZwSetDefaultUILanguage ( |
| IN LANGID LanguageId |
| ); |
| |
| #endif /* (VER_PRODUCTBUILD >= 2195) */ |
| |
| NTSYSAPI |
| NTSTATUS |
| NTAPI |
| ZwSetInformationProcess ( |
| IN HANDLE ProcessHandle, |
| IN PROCESSINFOCLASS ProcessInformationClass, |
| IN PVOID ProcessInformation, |
| IN ULONG ProcessInformationLength |
| ); |
| |
| NTSYSAPI |
| NTSTATUS |
| NTAPI |
| ZwSetSystemTime ( |
| IN PLARGE_INTEGER NewTime, |
| OUT PLARGE_INTEGER OldTime OPTIONAL |
| ); |
| |
| NTSYSAPI |
| NTSTATUS |
| NTAPI |
| ZwUnloadKey ( |
| IN POBJECT_ATTRIBUTES KeyObjectAttributes |
| ); |
| |
| NTSYSAPI |
| NTSTATUS |
| NTAPI |
| ZwWaitForMultipleObjects ( |
| IN ULONG HandleCount, |
| IN PHANDLE Handles, |
| IN WAIT_TYPE WaitType, |
| IN BOOLEAN Alertable, |
| IN PLARGE_INTEGER Timeout OPTIONAL |
| ); |
| |
| NTSYSAPI |
| NTSTATUS |
| NTAPI |
| ZwYieldExecution ( |
| VOID |
| ); |
| |
| #pragma pack(pop) |
| |
| #ifdef __cplusplus |
| } |
| #endif |