mirror of
https://github.com/reactos/reactos.git
synced 2024-11-18 21:13:52 +00:00
03c86af7d5
Nothing in there should be packed!
1792 lines
50 KiB
C
1792 lines
50 KiB
C
/*
|
|
* ntifs.h
|
|
*
|
|
* Windows NT Filesystem Driver Developer Kit
|
|
*
|
|
* This file is part of the ReactOS DDK package.
|
|
*
|
|
* Contributors:
|
|
* Amine Khaldi
|
|
* Timo Kreuzer (timo.kreuzer@reactos.org)
|
|
*
|
|
* THIS SOFTWARE IS NOT COPYRIGHTED
|
|
*
|
|
* This source code is offered for use in the public domain. You may
|
|
* use, modify or distribute it freely.
|
|
*
|
|
* This code is distributed in the hope that it will be useful but
|
|
* WITHOUT ANY WARRANTY. ALL WARRANTIES, EXPRESS OR IMPLIED ARE HEREBY
|
|
* DISCLAIMED. This includes but is not limited to warranties of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
|
|
*
|
|
*/
|
|
|
|
#pragma once
|
|
|
|
#define _NTIFS_INCLUDED_
|
|
#define _GNU_NTIFS_
|
|
|
|
#ifdef __cplusplus
|
|
extern "C" {
|
|
#endif
|
|
|
|
$define(UCHAR=UCHAR)
|
|
$define(ULONG=ULONG)
|
|
$define(USHORT=USHORT)
|
|
|
|
/* Dependencies */
|
|
#include <ntddk.h>
|
|
#include <excpt.h>
|
|
#include <ntdef.h>
|
|
#include <ntnls.h>
|
|
#include <ntstatus.h>
|
|
#include <bugcodes.h>
|
|
#include <ntiologc.h>
|
|
|
|
$define (_NTIFS_)
|
|
|
|
#ifndef FlagOn
|
|
#define FlagOn(_F,_SF) ((_F) & (_SF))
|
|
#endif
|
|
|
|
#ifndef BooleanFlagOn
|
|
#define BooleanFlagOn(F,SF) ((BOOLEAN)(((F) & (SF)) != 0))
|
|
#endif
|
|
|
|
#ifndef SetFlag
|
|
#define SetFlag(_F,_SF) ((_F) |= (_SF))
|
|
#endif
|
|
|
|
#ifndef ClearFlag
|
|
#define ClearFlag(_F,_SF) ((_F) &= ~(_SF))
|
|
#endif
|
|
|
|
typedef UNICODE_STRING LSA_UNICODE_STRING, *PLSA_UNICODE_STRING;
|
|
typedef STRING LSA_STRING, *PLSA_STRING;
|
|
typedef OBJECT_ATTRIBUTES LSA_OBJECT_ATTRIBUTES, *PLSA_OBJECT_ATTRIBUTES;
|
|
|
|
$include (setypes.h)
|
|
$include (obtypes.h)
|
|
$include (rtltypes.h)
|
|
$include (rtlfuncs.h)
|
|
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
|
__kernel_entry
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtQueryObject(
|
|
_In_opt_ HANDLE Handle,
|
|
_In_ OBJECT_INFORMATION_CLASS ObjectInformationClass,
|
|
_Out_writes_bytes_opt_(ObjectInformationLength) PVOID ObjectInformation,
|
|
_In_ ULONG ObjectInformationLength,
|
|
_Out_opt_ PULONG ReturnLength);
|
|
|
|
#if (NTDDI_VERSION >= NTDDI_WIN2K)
|
|
|
|
_Must_inspect_result_
|
|
__kernel_entry
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtOpenThreadToken(
|
|
_In_ HANDLE ThreadHandle,
|
|
_In_ ACCESS_MASK DesiredAccess,
|
|
_In_ BOOLEAN OpenAsSelf,
|
|
_Out_ PHANDLE TokenHandle);
|
|
|
|
_Must_inspect_result_
|
|
__kernel_entry
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtOpenProcessToken(
|
|
_In_ HANDLE ProcessHandle,
|
|
_In_ ACCESS_MASK DesiredAccess,
|
|
_Out_ PHANDLE TokenHandle);
|
|
|
|
_When_(TokenInformationClass == TokenAccessInformation,
|
|
_At_(TokenInformationLength,
|
|
_In_range_(>=, sizeof(TOKEN_ACCESS_INFORMATION))))
|
|
_Must_inspect_result_
|
|
__kernel_entry
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtQueryInformationToken(
|
|
_In_ HANDLE TokenHandle,
|
|
_In_ TOKEN_INFORMATION_CLASS TokenInformationClass,
|
|
_Out_writes_bytes_to_opt_(TokenInformationLength, *ReturnLength) PVOID TokenInformation,
|
|
_In_ ULONG TokenInformationLength,
|
|
_Out_ PULONG ReturnLength);
|
|
|
|
_Must_inspect_result_
|
|
__kernel_entry
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtAdjustPrivilegesToken(
|
|
_In_ HANDLE TokenHandle,
|
|
_In_ BOOLEAN DisableAllPrivileges,
|
|
_In_opt_ PTOKEN_PRIVILEGES NewState,
|
|
_In_ ULONG BufferLength,
|
|
_Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_PRIVILEGES PreviousState,
|
|
_When_(PreviousState != NULL, _Out_) PULONG ReturnLength);
|
|
|
|
__kernel_entry
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtCreateFile(
|
|
_Out_ PHANDLE FileHandle,
|
|
_In_ ACCESS_MASK DesiredAccess,
|
|
_In_ POBJECT_ATTRIBUTES ObjectAttributes,
|
|
_Out_ PIO_STATUS_BLOCK IoStatusBlock,
|
|
_In_opt_ PLARGE_INTEGER AllocationSize,
|
|
_In_ ULONG FileAttributes,
|
|
_In_ ULONG ShareAccess,
|
|
_In_ ULONG CreateDisposition,
|
|
_In_ ULONG CreateOptions,
|
|
_In_reads_bytes_opt_(EaLength) PVOID EaBuffer,
|
|
_In_ ULONG EaLength);
|
|
|
|
__kernel_entry
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtDeviceIoControlFile(
|
|
_In_ HANDLE FileHandle,
|
|
_In_opt_ HANDLE Event,
|
|
_In_opt_ PIO_APC_ROUTINE ApcRoutine,
|
|
_In_opt_ PVOID ApcContext,
|
|
_Out_ PIO_STATUS_BLOCK IoStatusBlock,
|
|
_In_ ULONG IoControlCode,
|
|
_In_reads_bytes_opt_(InputBufferLength) PVOID InputBuffer,
|
|
_In_ ULONG InputBufferLength,
|
|
_Out_writes_bytes_opt_(OutputBufferLength) PVOID OutputBuffer,
|
|
_In_ ULONG OutputBufferLength);
|
|
|
|
__kernel_entry
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtFsControlFile(
|
|
_In_ HANDLE FileHandle,
|
|
_In_opt_ HANDLE Event,
|
|
_In_opt_ PIO_APC_ROUTINE ApcRoutine,
|
|
_In_opt_ PVOID ApcContext,
|
|
_Out_ PIO_STATUS_BLOCK IoStatusBlock,
|
|
_In_ ULONG FsControlCode,
|
|
_In_reads_bytes_opt_(InputBufferLength) PVOID InputBuffer,
|
|
_In_ ULONG InputBufferLength,
|
|
_Out_writes_bytes_opt_(OutputBufferLength) PVOID OutputBuffer,
|
|
_In_ ULONG OutputBufferLength);
|
|
|
|
__kernel_entry
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtLockFile(
|
|
_In_ HANDLE FileHandle,
|
|
_In_opt_ HANDLE Event,
|
|
_In_opt_ PIO_APC_ROUTINE ApcRoutine,
|
|
_In_opt_ PVOID ApcContext,
|
|
_Out_ PIO_STATUS_BLOCK IoStatusBlock,
|
|
_In_ PLARGE_INTEGER ByteOffset,
|
|
_In_ PLARGE_INTEGER Length,
|
|
_In_ ULONG Key,
|
|
_In_ BOOLEAN FailImmediately,
|
|
_In_ BOOLEAN ExclusiveLock);
|
|
|
|
__kernel_entry
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtOpenFile(
|
|
_Out_ PHANDLE FileHandle,
|
|
_In_ ACCESS_MASK DesiredAccess,
|
|
_In_ POBJECT_ATTRIBUTES ObjectAttributes,
|
|
_Out_ PIO_STATUS_BLOCK IoStatusBlock,
|
|
_In_ ULONG ShareAccess,
|
|
_In_ ULONG OpenOptions);
|
|
|
|
__kernel_entry
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtQueryDirectoryFile(
|
|
_In_ HANDLE FileHandle,
|
|
_In_opt_ HANDLE Event,
|
|
_In_opt_ PIO_APC_ROUTINE ApcRoutine,
|
|
_In_opt_ PVOID ApcContext,
|
|
_Out_ PIO_STATUS_BLOCK IoStatusBlock,
|
|
_Out_writes_bytes_(Length) PVOID FileInformation,
|
|
_In_ ULONG Length,
|
|
_In_ FILE_INFORMATION_CLASS FileInformationClass,
|
|
_In_ BOOLEAN ReturnSingleEntry,
|
|
_In_opt_ PUNICODE_STRING FileName,
|
|
_In_ BOOLEAN RestartScan);
|
|
|
|
__kernel_entry
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtQueryInformationFile(
|
|
_In_ HANDLE FileHandle,
|
|
_Out_ PIO_STATUS_BLOCK IoStatusBlock,
|
|
_Out_writes_bytes_(Length) PVOID FileInformation,
|
|
_In_ ULONG Length,
|
|
_In_ FILE_INFORMATION_CLASS FileInformationClass);
|
|
|
|
__kernel_entry
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtQueryQuotaInformationFile(
|
|
_In_ HANDLE FileHandle,
|
|
_Out_ PIO_STATUS_BLOCK IoStatusBlock,
|
|
_Out_writes_bytes_(Length) PVOID Buffer,
|
|
_In_ ULONG Length,
|
|
_In_ BOOLEAN ReturnSingleEntry,
|
|
_In_reads_bytes_opt_(SidListLength) PVOID SidList,
|
|
_In_ ULONG SidListLength,
|
|
_In_reads_bytes_opt_((8 + (4 * ((SID *)StartSid)->SubAuthorityCount))) PSID StartSid,
|
|
_In_ BOOLEAN RestartScan);
|
|
|
|
__kernel_entry
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtQueryVolumeInformationFile(
|
|
_In_ HANDLE FileHandle,
|
|
_Out_ PIO_STATUS_BLOCK IoStatusBlock,
|
|
_Out_writes_bytes_(Length) PVOID FsInformation,
|
|
_In_ ULONG Length,
|
|
_In_ FS_INFORMATION_CLASS FsInformationClass);
|
|
|
|
__kernel_entry
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtReadFile(
|
|
_In_ HANDLE FileHandle,
|
|
_In_opt_ HANDLE Event,
|
|
_In_opt_ PIO_APC_ROUTINE ApcRoutine,
|
|
_In_opt_ PVOID ApcContext,
|
|
_Out_ PIO_STATUS_BLOCK IoStatusBlock,
|
|
_Out_writes_bytes_(Length) PVOID Buffer,
|
|
_In_ ULONG Length,
|
|
_In_opt_ PLARGE_INTEGER ByteOffset,
|
|
_In_opt_ PULONG Key);
|
|
|
|
__kernel_entry
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtSetInformationFile(
|
|
_In_ HANDLE FileHandle,
|
|
_Out_ PIO_STATUS_BLOCK IoStatusBlock,
|
|
_In_reads_bytes_(Length) PVOID FileInformation,
|
|
_In_ ULONG Length,
|
|
_In_ FILE_INFORMATION_CLASS FileInformationClass);
|
|
|
|
__kernel_entry
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtSetQuotaInformationFile(
|
|
_In_ HANDLE FileHandle,
|
|
_Out_ PIO_STATUS_BLOCK IoStatusBlock,
|
|
_In_reads_bytes_(Length) PVOID Buffer,
|
|
_In_ ULONG Length);
|
|
|
|
__kernel_entry
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtSetVolumeInformationFile(
|
|
_In_ HANDLE FileHandle,
|
|
_Out_ PIO_STATUS_BLOCK IoStatusBlock,
|
|
_In_reads_bytes_(Length) PVOID FsInformation,
|
|
_In_ ULONG Length,
|
|
_In_ FS_INFORMATION_CLASS FsInformationClass);
|
|
|
|
__kernel_entry
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtWriteFile(
|
|
_In_ HANDLE FileHandle,
|
|
_In_opt_ HANDLE Event,
|
|
_In_opt_ PIO_APC_ROUTINE ApcRoutine,
|
|
_In_opt_ PVOID ApcContext,
|
|
_Out_ PIO_STATUS_BLOCK IoStatusBlock,
|
|
_In_reads_bytes_(Length) PVOID Buffer,
|
|
_In_ ULONG Length,
|
|
_In_opt_ PLARGE_INTEGER ByteOffset,
|
|
_In_opt_ PULONG Key);
|
|
|
|
__kernel_entry
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtUnlockFile(
|
|
_In_ HANDLE FileHandle,
|
|
_Out_ PIO_STATUS_BLOCK IoStatusBlock,
|
|
_In_ PLARGE_INTEGER ByteOffset,
|
|
_In_ PLARGE_INTEGER Length,
|
|
_In_ ULONG Key);
|
|
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
|
__kernel_entry
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtSetSecurityObject(
|
|
_In_ HANDLE Handle,
|
|
_In_ SECURITY_INFORMATION SecurityInformation,
|
|
_In_ PSECURITY_DESCRIPTOR SecurityDescriptor);
|
|
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
|
__kernel_entry
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtQuerySecurityObject(
|
|
_In_ HANDLE Handle,
|
|
_In_ SECURITY_INFORMATION SecurityInformation,
|
|
_Out_writes_bytes_opt_(Length) PSECURITY_DESCRIPTOR SecurityDescriptor,
|
|
_In_ ULONG Length,
|
|
_Out_ PULONG LengthNeeded);
|
|
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
|
__kernel_entry
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtClose(
|
|
_In_ HANDLE Handle);
|
|
|
|
#endif
|
|
|
|
#if (NTDDI_VERSION >= NTDDI_WINXP)
|
|
|
|
_Must_inspect_result_
|
|
__kernel_entry
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtOpenThreadTokenEx(
|
|
_In_ HANDLE ThreadHandle,
|
|
_In_ ACCESS_MASK DesiredAccess,
|
|
_In_ BOOLEAN OpenAsSelf,
|
|
_In_ ULONG HandleAttributes,
|
|
_Out_ PHANDLE TokenHandle);
|
|
|
|
_Must_inspect_result_
|
|
__kernel_entry
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtOpenProcessTokenEx(
|
|
_In_ HANDLE ProcessHandle,
|
|
_In_ ACCESS_MASK DesiredAccess,
|
|
_In_ ULONG HandleAttributes,
|
|
_Out_ PHANDLE TokenHandle);
|
|
|
|
_Must_inspect_result_
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtOpenJobObjectToken(
|
|
_In_ HANDLE JobHandle,
|
|
_In_ ACCESS_MASK DesiredAccess,
|
|
_Out_ PHANDLE TokenHandle);
|
|
|
|
_Must_inspect_result_
|
|
__kernel_entry
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtDuplicateToken(
|
|
_In_ HANDLE ExistingTokenHandle,
|
|
_In_ ACCESS_MASK DesiredAccess,
|
|
_In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
|
|
_In_ BOOLEAN EffectiveOnly,
|
|
_In_ TOKEN_TYPE TokenType,
|
|
_Out_ PHANDLE NewTokenHandle);
|
|
|
|
_Must_inspect_result_
|
|
__kernel_entry
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtFilterToken(
|
|
_In_ HANDLE ExistingTokenHandle,
|
|
_In_ ULONG Flags,
|
|
_In_opt_ PTOKEN_GROUPS SidsToDisable,
|
|
_In_opt_ PTOKEN_PRIVILEGES PrivilegesToDelete,
|
|
_In_opt_ PTOKEN_GROUPS RestrictedSids,
|
|
_Out_ PHANDLE NewTokenHandle);
|
|
|
|
_Must_inspect_result_
|
|
__kernel_entry
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtImpersonateAnonymousToken(
|
|
_In_ HANDLE ThreadHandle);
|
|
|
|
_Must_inspect_result_
|
|
__kernel_entry
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtSetInformationToken(
|
|
_In_ HANDLE TokenHandle,
|
|
_In_ TOKEN_INFORMATION_CLASS TokenInformationClass,
|
|
_In_reads_bytes_(TokenInformationLength) PVOID TokenInformation,
|
|
_In_ ULONG TokenInformationLength);
|
|
|
|
_Must_inspect_result_
|
|
__kernel_entry
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtAdjustGroupsToken(
|
|
_In_ HANDLE TokenHandle,
|
|
_In_ BOOLEAN ResetToDefault,
|
|
_In_opt_ PTOKEN_GROUPS NewState,
|
|
_In_opt_ ULONG BufferLength,
|
|
_Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_GROUPS PreviousState,
|
|
_Out_ PULONG ReturnLength);
|
|
|
|
_Must_inspect_result_
|
|
__kernel_entry
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtPrivilegeCheck(
|
|
_In_ HANDLE ClientToken,
|
|
_Inout_ PPRIVILEGE_SET RequiredPrivileges,
|
|
_Out_ PBOOLEAN Result);
|
|
|
|
_Must_inspect_result_
|
|
__kernel_entry
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtAccessCheckAndAuditAlarm(
|
|
_In_ PUNICODE_STRING SubsystemName,
|
|
_In_opt_ PVOID HandleId,
|
|
_In_ PUNICODE_STRING ObjectTypeName,
|
|
_In_ PUNICODE_STRING ObjectName,
|
|
_In_ PSECURITY_DESCRIPTOR SecurityDescriptor,
|
|
_In_ ACCESS_MASK DesiredAccess,
|
|
_In_ PGENERIC_MAPPING GenericMapping,
|
|
_In_ BOOLEAN ObjectCreation,
|
|
_Out_ PACCESS_MASK GrantedAccess,
|
|
_Out_ PNTSTATUS AccessStatus,
|
|
_Out_ PBOOLEAN GenerateOnClose);
|
|
|
|
_Must_inspect_result_
|
|
__kernel_entry
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtAccessCheckByTypeAndAuditAlarm(
|
|
_In_ PUNICODE_STRING SubsystemName,
|
|
_In_opt_ PVOID HandleId,
|
|
_In_ PUNICODE_STRING ObjectTypeName,
|
|
_In_ PUNICODE_STRING ObjectName,
|
|
_In_ PSECURITY_DESCRIPTOR SecurityDescriptor,
|
|
_In_opt_ PSID PrincipalSelfSid,
|
|
_In_ ACCESS_MASK DesiredAccess,
|
|
_In_ AUDIT_EVENT_TYPE AuditType,
|
|
_In_ ULONG Flags,
|
|
_In_reads_opt_(ObjectTypeLength) POBJECT_TYPE_LIST ObjectTypeList,
|
|
_In_ ULONG ObjectTypeLength,
|
|
_In_ PGENERIC_MAPPING GenericMapping,
|
|
_In_ BOOLEAN ObjectCreation,
|
|
_Out_ PACCESS_MASK GrantedAccess,
|
|
_Out_ PNTSTATUS AccessStatus,
|
|
_Out_ PBOOLEAN GenerateOnClose);
|
|
|
|
_Must_inspect_result_
|
|
__kernel_entry
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtAccessCheckByTypeResultListAndAuditAlarm(
|
|
_In_ PUNICODE_STRING SubsystemName,
|
|
_In_opt_ PVOID HandleId,
|
|
_In_ PUNICODE_STRING ObjectTypeName,
|
|
_In_ PUNICODE_STRING ObjectName,
|
|
_In_ PSECURITY_DESCRIPTOR SecurityDescriptor,
|
|
_In_opt_ PSID PrincipalSelfSid,
|
|
_In_ ACCESS_MASK DesiredAccess,
|
|
_In_ AUDIT_EVENT_TYPE AuditType,
|
|
_In_ ULONG Flags,
|
|
_In_reads_opt_(ObjectTypeListLength) POBJECT_TYPE_LIST ObjectTypeList,
|
|
_In_ ULONG ObjectTypeListLength,
|
|
_In_ PGENERIC_MAPPING GenericMapping,
|
|
_In_ BOOLEAN ObjectCreation,
|
|
_Out_writes_(ObjectTypeListLength) PACCESS_MASK GrantedAccess,
|
|
_Out_writes_(ObjectTypeListLength) PNTSTATUS AccessStatus,
|
|
_Out_ PBOOLEAN GenerateOnClose);
|
|
|
|
_Must_inspect_result_
|
|
__kernel_entry
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtAccessCheckByTypeResultListAndAuditAlarmByHandle(
|
|
_In_ PUNICODE_STRING SubsystemName,
|
|
_In_opt_ PVOID HandleId,
|
|
_In_ HANDLE ClientToken,
|
|
_In_ PUNICODE_STRING ObjectTypeName,
|
|
_In_ PUNICODE_STRING ObjectName,
|
|
_In_ PSECURITY_DESCRIPTOR SecurityDescriptor,
|
|
_In_opt_ PSID PrincipalSelfSid,
|
|
_In_ ACCESS_MASK DesiredAccess,
|
|
_In_ AUDIT_EVENT_TYPE AuditType,
|
|
_In_ ULONG Flags,
|
|
_In_reads_opt_(ObjectTypeListLength) POBJECT_TYPE_LIST ObjectTypeList,
|
|
_In_ ULONG ObjectTypeListLength,
|
|
_In_ PGENERIC_MAPPING GenericMapping,
|
|
_In_ BOOLEAN ObjectCreation,
|
|
_Out_writes_(ObjectTypeListLength) PACCESS_MASK GrantedAccess,
|
|
_Out_writes_(ObjectTypeListLength) PNTSTATUS AccessStatus,
|
|
_Out_ PBOOLEAN GenerateOnClose);
|
|
|
|
__kernel_entry
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtOpenObjectAuditAlarm(
|
|
_In_ PUNICODE_STRING SubsystemName,
|
|
_In_opt_ PVOID HandleId,
|
|
_In_ PUNICODE_STRING ObjectTypeName,
|
|
_In_ PUNICODE_STRING ObjectName,
|
|
_In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor,
|
|
_In_ HANDLE ClientToken,
|
|
_In_ ACCESS_MASK DesiredAccess,
|
|
_In_ ACCESS_MASK GrantedAccess,
|
|
_In_opt_ PPRIVILEGE_SET Privileges,
|
|
_In_ BOOLEAN ObjectCreation,
|
|
_In_ BOOLEAN AccessGranted,
|
|
_Out_ PBOOLEAN GenerateOnClose);
|
|
|
|
__kernel_entry
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtPrivilegeObjectAuditAlarm(
|
|
_In_ PUNICODE_STRING SubsystemName,
|
|
_In_opt_ PVOID HandleId,
|
|
_In_ HANDLE ClientToken,
|
|
_In_ ACCESS_MASK DesiredAccess,
|
|
_In_ PPRIVILEGE_SET Privileges,
|
|
_In_ BOOLEAN AccessGranted);
|
|
|
|
__kernel_entry
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtCloseObjectAuditAlarm(
|
|
_In_ PUNICODE_STRING SubsystemName,
|
|
_In_opt_ PVOID HandleId,
|
|
_In_ BOOLEAN GenerateOnClose);
|
|
|
|
__kernel_entry
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtDeleteObjectAuditAlarm(
|
|
_In_ PUNICODE_STRING SubsystemName,
|
|
_In_opt_ PVOID HandleId,
|
|
_In_ BOOLEAN GenerateOnClose);
|
|
|
|
__kernel_entry
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtPrivilegedServiceAuditAlarm(
|
|
_In_ PUNICODE_STRING SubsystemName,
|
|
_In_ PUNICODE_STRING ServiceName,
|
|
_In_ HANDLE ClientToken,
|
|
_In_ PPRIVILEGE_SET Privileges,
|
|
_In_ BOOLEAN AccessGranted);
|
|
|
|
__kernel_entry
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtSetInformationThread(
|
|
_In_ HANDLE ThreadHandle,
|
|
_In_ THREADINFOCLASS ThreadInformationClass,
|
|
_In_reads_bytes_(ThreadInformationLength) PVOID ThreadInformation,
|
|
_In_ ULONG ThreadInformationLength);
|
|
|
|
_Must_inspect_result_
|
|
__kernel_entry
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtCreateSection(
|
|
_Out_ PHANDLE SectionHandle,
|
|
_In_ ACCESS_MASK DesiredAccess,
|
|
_In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
|
|
_In_opt_ PLARGE_INTEGER MaximumSize,
|
|
_In_ ULONG SectionPageProtection,
|
|
_In_ ULONG AllocationAttributes,
|
|
_In_opt_ HANDLE FileHandle);
|
|
|
|
#endif
|
|
|
|
#define COMPRESSION_FORMAT_NONE (0x0000)
|
|
#define COMPRESSION_FORMAT_DEFAULT (0x0001)
|
|
#define COMPRESSION_FORMAT_LZNT1 (0x0002)
|
|
#define COMPRESSION_ENGINE_STANDARD (0x0000)
|
|
#define COMPRESSION_ENGINE_MAXIMUM (0x0100)
|
|
#define COMPRESSION_ENGINE_HIBER (0x0200)
|
|
|
|
#define MAX_UNICODE_STACK_BUFFER_LENGTH 256
|
|
|
|
#define METHOD_FROM_CTL_CODE(ctrlCode) ((ULONG)(ctrlCode & 3))
|
|
|
|
#define METHOD_DIRECT_TO_HARDWARE METHOD_IN_DIRECT
|
|
#define METHOD_DIRECT_FROM_HARDWARE METHOD_OUT_DIRECT
|
|
|
|
typedef ULONG LSA_OPERATIONAL_MODE, *PLSA_OPERATIONAL_MODE;
|
|
|
|
typedef enum _SECURITY_LOGON_TYPE {
|
|
UndefinedLogonType = 0,
|
|
Interactive = 2,
|
|
Network,
|
|
Batch,
|
|
Service,
|
|
Proxy,
|
|
Unlock,
|
|
NetworkCleartext,
|
|
NewCredentials,
|
|
#if (_WIN32_WINNT >= 0x0501)
|
|
RemoteInteractive,
|
|
CachedInteractive,
|
|
#endif
|
|
#if (_WIN32_WINNT >= 0x0502)
|
|
CachedRemoteInteractive,
|
|
CachedUnlock
|
|
#endif
|
|
} SECURITY_LOGON_TYPE, *PSECURITY_LOGON_TYPE;
|
|
|
|
#ifndef _NTLSA_AUDIT_
|
|
#define _NTLSA_AUDIT_
|
|
|
|
#ifndef GUID_DEFINED
|
|
#include <guiddef.h>
|
|
#endif
|
|
|
|
#endif /* _NTLSA_AUDIT_ */
|
|
|
|
_IRQL_requires_same_
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
|
NTSTATUS
|
|
NTAPI
|
|
LsaRegisterLogonProcess(
|
|
_In_ PLSA_STRING LogonProcessName,
|
|
_Out_ PHANDLE LsaHandle,
|
|
_Out_ PLSA_OPERATIONAL_MODE SecurityMode);
|
|
|
|
_IRQL_requires_same_
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
|
NTSTATUS
|
|
NTAPI
|
|
LsaLogonUser(
|
|
_In_ HANDLE LsaHandle,
|
|
_In_ PLSA_STRING OriginName,
|
|
_In_ SECURITY_LOGON_TYPE LogonType,
|
|
_In_ ULONG AuthenticationPackage,
|
|
_In_reads_bytes_(AuthenticationInformationLength) PVOID AuthenticationInformation,
|
|
_In_ ULONG AuthenticationInformationLength,
|
|
_In_opt_ PTOKEN_GROUPS LocalGroups,
|
|
_In_ PTOKEN_SOURCE SourceContext,
|
|
_Out_ PVOID *ProfileBuffer,
|
|
_Out_ PULONG ProfileBufferLength,
|
|
_Inout_ PLUID LogonId,
|
|
_Out_ PHANDLE Token,
|
|
_Out_ PQUOTA_LIMITS Quotas,
|
|
_Out_ PNTSTATUS SubStatus);
|
|
|
|
_IRQL_requires_same_
|
|
NTSTATUS
|
|
NTAPI
|
|
LsaFreeReturnBuffer(
|
|
_In_ PVOID Buffer);
|
|
|
|
#ifndef _NTLSA_IFS_
|
|
#define _NTLSA_IFS_
|
|
#endif
|
|
|
|
#define MSV1_0_PACKAGE_NAME "MICROSOFT_AUTHENTICATION_PACKAGE_V1_0"
|
|
#define MSV1_0_PACKAGE_NAMEW L"MICROSOFT_AUTHENTICATION_PACKAGE_V1_0"
|
|
#define MSV1_0_PACKAGE_NAMEW_LENGTH sizeof(MSV1_0_PACKAGE_NAMEW) - sizeof(WCHAR)
|
|
|
|
#define MSV1_0_SUBAUTHENTICATION_KEY "SYSTEM\\CurrentControlSet\\Control\\Lsa\\MSV1_0"
|
|
#define MSV1_0_SUBAUTHENTICATION_VALUE "Auth"
|
|
|
|
#define MSV1_0_CHALLENGE_LENGTH 8
|
|
#define MSV1_0_USER_SESSION_KEY_LENGTH 16
|
|
#define MSV1_0_LANMAN_SESSION_KEY_LENGTH 8
|
|
|
|
#define MSV1_0_CLEARTEXT_PASSWORD_ALLOWED 0x02
|
|
#define MSV1_0_UPDATE_LOGON_STATISTICS 0x04
|
|
#define MSV1_0_RETURN_USER_PARAMETERS 0x08
|
|
#define MSV1_0_DONT_TRY_GUEST_ACCOUNT 0x10
|
|
#define MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT 0x20
|
|
#define MSV1_0_RETURN_PASSWORD_EXPIRY 0x40
|
|
#define MSV1_0_USE_CLIENT_CHALLENGE 0x80
|
|
#define MSV1_0_TRY_GUEST_ACCOUNT_ONLY 0x100
|
|
#define MSV1_0_RETURN_PROFILE_PATH 0x200
|
|
#define MSV1_0_TRY_SPECIFIED_DOMAIN_ONLY 0x400
|
|
#define MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT 0x800
|
|
|
|
#define MSV1_0_DISABLE_PERSONAL_FALLBACK 0x00001000
|
|
#define MSV1_0_ALLOW_FORCE_GUEST 0x00002000
|
|
|
|
#if (_WIN32_WINNT >= 0x0502)
|
|
#define MSV1_0_CLEARTEXT_PASSWORD_SUPPLIED 0x00004000
|
|
#define MSV1_0_USE_DOMAIN_FOR_ROUTING_ONLY 0x00008000
|
|
#endif
|
|
|
|
#define MSV1_0_SUBAUTHENTICATION_DLL_EX 0x00100000
|
|
#define MSV1_0_ALLOW_MSVCHAPV2 0x00010000
|
|
|
|
#if (_WIN32_WINNT >= 0x0600)
|
|
#define MSV1_0_S4U2SELF 0x00020000
|
|
#define MSV1_0_CHECK_LOGONHOURS_FOR_S4U 0x00040000
|
|
#endif
|
|
|
|
#define MSV1_0_SUBAUTHENTICATION_DLL 0xFF000000
|
|
#define MSV1_0_SUBAUTHENTICATION_DLL_SHIFT 24
|
|
#define MSV1_0_MNS_LOGON 0x01000000
|
|
|
|
#define MSV1_0_SUBAUTHENTICATION_DLL_RAS 2
|
|
#define MSV1_0_SUBAUTHENTICATION_DLL_IIS 132
|
|
|
|
#define LOGON_GUEST 0x01
|
|
#define LOGON_NOENCRYPTION 0x02
|
|
#define LOGON_CACHED_ACCOUNT 0x04
|
|
#define LOGON_USED_LM_PASSWORD 0x08
|
|
#define LOGON_EXTRA_SIDS 0x20
|
|
#define LOGON_SUBAUTH_SESSION_KEY 0x40
|
|
#define LOGON_SERVER_TRUST_ACCOUNT 0x80
|
|
#define LOGON_NTLMV2_ENABLED 0x100
|
|
#define LOGON_RESOURCE_GROUPS 0x200
|
|
#define LOGON_PROFILE_PATH_RETURNED 0x400
|
|
#define LOGON_NT_V2 0x800
|
|
#define LOGON_LM_V2 0x1000
|
|
#define LOGON_NTLM_V2 0x2000
|
|
|
|
#if (_WIN32_WINNT >= 0x0600)
|
|
|
|
#define LOGON_OPTIMIZED 0x4000
|
|
#define LOGON_WINLOGON 0x8000
|
|
#define LOGON_PKINIT 0x10000
|
|
#define LOGON_NO_OPTIMIZED 0x20000
|
|
|
|
#endif
|
|
|
|
#define MSV1_0_SUBAUTHENTICATION_FLAGS 0xFF000000
|
|
|
|
#define LOGON_GRACE_LOGON 0x01000000
|
|
|
|
#define MSV1_0_OWF_PASSWORD_LENGTH 16
|
|
#define MSV1_0_CRED_LM_PRESENT 0x1
|
|
#define MSV1_0_CRED_NT_PRESENT 0x2
|
|
#define MSV1_0_CRED_VERSION 0
|
|
|
|
#define MSV1_0_NTLM3_RESPONSE_LENGTH 16
|
|
#define MSV1_0_NTLM3_OWF_LENGTH 16
|
|
|
|
#if (_WIN32_WINNT == 0x0500)
|
|
#define MSV1_0_MAX_NTLM3_LIFE 1800
|
|
#else
|
|
#define MSV1_0_MAX_NTLM3_LIFE 129600
|
|
#endif
|
|
#define MSV1_0_MAX_AVL_SIZE 64000
|
|
|
|
#if (_WIN32_WINNT >= 0x0501)
|
|
|
|
#define MSV1_0_AV_FLAG_FORCE_GUEST 0x00000001
|
|
|
|
#if (_WIN32_WINNT >= 0x0600)
|
|
#define MSV1_0_AV_FLAG_MIC_HANDSHAKE_MESSAGES 0x00000002
|
|
#endif
|
|
|
|
#endif
|
|
|
|
#define MSV1_0_NTLM3_INPUT_LENGTH (sizeof(MSV1_0_NTLM3_RESPONSE) - MSV1_0_NTLM3_RESPONSE_LENGTH)
|
|
|
|
#if(_WIN32_WINNT >= 0x0502)
|
|
#define MSV1_0_NTLM3_MIN_NT_RESPONSE_LENGTH RTL_SIZEOF_THROUGH_FIELD(MSV1_0_NTLM3_RESPONSE, AvPairsOff)
|
|
#endif
|
|
|
|
#define USE_PRIMARY_PASSWORD 0x01
|
|
#define RETURN_PRIMARY_USERNAME 0x02
|
|
#define RETURN_PRIMARY_LOGON_DOMAINNAME 0x04
|
|
#define RETURN_NON_NT_USER_SESSION_KEY 0x08
|
|
#define GENERATE_CLIENT_CHALLENGE 0x10
|
|
#define GCR_NTLM3_PARMS 0x20
|
|
#define GCR_TARGET_INFO 0x40
|
|
#define RETURN_RESERVED_PARAMETER 0x80
|
|
#define GCR_ALLOW_NTLM 0x100
|
|
#define GCR_USE_OEM_SET 0x200
|
|
#define GCR_MACHINE_CREDENTIAL 0x400
|
|
#define GCR_USE_OWF_PASSWORD 0x800
|
|
#define GCR_ALLOW_LM 0x1000
|
|
#define GCR_ALLOW_NO_TARGET 0x2000
|
|
|
|
typedef enum _MSV1_0_LOGON_SUBMIT_TYPE {
|
|
MsV1_0InteractiveLogon = 2,
|
|
MsV1_0Lm20Logon,
|
|
MsV1_0NetworkLogon,
|
|
MsV1_0SubAuthLogon,
|
|
MsV1_0WorkstationUnlockLogon = 7,
|
|
MsV1_0S4ULogon = 12,
|
|
MsV1_0VirtualLogon = 82
|
|
} MSV1_0_LOGON_SUBMIT_TYPE, *PMSV1_0_LOGON_SUBMIT_TYPE;
|
|
|
|
typedef enum _MSV1_0_PROFILE_BUFFER_TYPE {
|
|
MsV1_0InteractiveProfile = 2,
|
|
MsV1_0Lm20LogonProfile,
|
|
MsV1_0SmartCardProfile
|
|
} MSV1_0_PROFILE_BUFFER_TYPE, *PMSV1_0_PROFILE_BUFFER_TYPE;
|
|
|
|
typedef struct _MSV1_0_INTERACTIVE_LOGON {
|
|
MSV1_0_LOGON_SUBMIT_TYPE MessageType;
|
|
UNICODE_STRING LogonDomainName;
|
|
UNICODE_STRING UserName;
|
|
UNICODE_STRING Password;
|
|
} MSV1_0_INTERACTIVE_LOGON, *PMSV1_0_INTERACTIVE_LOGON;
|
|
|
|
typedef struct _MSV1_0_INTERACTIVE_PROFILE {
|
|
MSV1_0_PROFILE_BUFFER_TYPE MessageType;
|
|
USHORT LogonCount;
|
|
USHORT BadPasswordCount;
|
|
LARGE_INTEGER LogonTime;
|
|
LARGE_INTEGER LogoffTime;
|
|
LARGE_INTEGER KickOffTime;
|
|
LARGE_INTEGER PasswordLastSet;
|
|
LARGE_INTEGER PasswordCanChange;
|
|
LARGE_INTEGER PasswordMustChange;
|
|
UNICODE_STRING LogonScript;
|
|
UNICODE_STRING HomeDirectory;
|
|
UNICODE_STRING FullName;
|
|
UNICODE_STRING ProfilePath;
|
|
UNICODE_STRING HomeDirectoryDrive;
|
|
UNICODE_STRING LogonServer;
|
|
ULONG UserFlags;
|
|
} MSV1_0_INTERACTIVE_PROFILE, *PMSV1_0_INTERACTIVE_PROFILE;
|
|
|
|
typedef struct _MSV1_0_LM20_LOGON {
|
|
MSV1_0_LOGON_SUBMIT_TYPE MessageType;
|
|
UNICODE_STRING LogonDomainName;
|
|
UNICODE_STRING UserName;
|
|
UNICODE_STRING Workstation;
|
|
UCHAR ChallengeToClient[MSV1_0_CHALLENGE_LENGTH];
|
|
STRING CaseSensitiveChallengeResponse;
|
|
STRING CaseInsensitiveChallengeResponse;
|
|
ULONG ParameterControl;
|
|
} MSV1_0_LM20_LOGON, * PMSV1_0_LM20_LOGON;
|
|
|
|
typedef struct _MSV1_0_SUBAUTH_LOGON {
|
|
MSV1_0_LOGON_SUBMIT_TYPE MessageType;
|
|
UNICODE_STRING LogonDomainName;
|
|
UNICODE_STRING UserName;
|
|
UNICODE_STRING Workstation;
|
|
UCHAR ChallengeToClient[MSV1_0_CHALLENGE_LENGTH];
|
|
STRING AuthenticationInfo1;
|
|
STRING AuthenticationInfo2;
|
|
ULONG ParameterControl;
|
|
ULONG SubAuthPackageId;
|
|
} MSV1_0_SUBAUTH_LOGON, * PMSV1_0_SUBAUTH_LOGON;
|
|
|
|
#if (_WIN32_WINNT >= 0x0600)
|
|
|
|
#define MSV1_0_S4U_LOGON_FLAG_CHECK_LOGONHOURS 0x2
|
|
|
|
typedef struct _MSV1_0_S4U_LOGON {
|
|
MSV1_0_LOGON_SUBMIT_TYPE MessageType;
|
|
ULONG Flags;
|
|
UNICODE_STRING UserPrincipalName;
|
|
UNICODE_STRING DomainName;
|
|
} MSV1_0_S4U_LOGON, *PMSV1_0_S4U_LOGON;
|
|
|
|
#endif
|
|
|
|
typedef struct _MSV1_0_LM20_LOGON_PROFILE {
|
|
MSV1_0_PROFILE_BUFFER_TYPE MessageType;
|
|
LARGE_INTEGER KickOffTime;
|
|
LARGE_INTEGER LogoffTime;
|
|
ULONG UserFlags;
|
|
UCHAR UserSessionKey[MSV1_0_USER_SESSION_KEY_LENGTH];
|
|
UNICODE_STRING LogonDomainName;
|
|
UCHAR LanmanSessionKey[MSV1_0_LANMAN_SESSION_KEY_LENGTH];
|
|
UNICODE_STRING LogonServer;
|
|
UNICODE_STRING UserParameters;
|
|
} MSV1_0_LM20_LOGON_PROFILE, * PMSV1_0_LM20_LOGON_PROFILE;
|
|
|
|
typedef struct _MSV1_0_SUPPLEMENTAL_CREDENTIAL {
|
|
ULONG Version;
|
|
ULONG Flags;
|
|
UCHAR LmPassword[MSV1_0_OWF_PASSWORD_LENGTH];
|
|
UCHAR NtPassword[MSV1_0_OWF_PASSWORD_LENGTH];
|
|
} MSV1_0_SUPPLEMENTAL_CREDENTIAL, *PMSV1_0_SUPPLEMENTAL_CREDENTIAL;
|
|
|
|
typedef struct _MSV1_0_NTLM3_RESPONSE {
|
|
UCHAR Response[MSV1_0_NTLM3_RESPONSE_LENGTH];
|
|
UCHAR RespType;
|
|
UCHAR HiRespType;
|
|
USHORT Flags;
|
|
ULONG MsgWord;
|
|
ULONGLONG TimeStamp;
|
|
UCHAR ChallengeFromClient[MSV1_0_CHALLENGE_LENGTH];
|
|
ULONG AvPairsOff;
|
|
UCHAR Buffer[1];
|
|
} MSV1_0_NTLM3_RESPONSE, *PMSV1_0_NTLM3_RESPONSE;
|
|
|
|
typedef enum _MSV1_0_AVID {
|
|
MsvAvEOL,
|
|
MsvAvNbComputerName,
|
|
MsvAvNbDomainName,
|
|
MsvAvDnsComputerName,
|
|
MsvAvDnsDomainName,
|
|
#if (_WIN32_WINNT >= 0x0501)
|
|
MsvAvDnsTreeName,
|
|
MsvAvFlags,
|
|
#if (_WIN32_WINNT >= 0x0600)
|
|
MsvAvTimestamp,
|
|
MsvAvRestrictions,
|
|
MsvAvTargetName,
|
|
MsvAvChannelBindings,
|
|
#endif
|
|
#endif
|
|
} MSV1_0_AVID;
|
|
|
|
typedef struct _MSV1_0_AV_PAIR {
|
|
USHORT AvId;
|
|
USHORT AvLen;
|
|
} MSV1_0_AV_PAIR, *PMSV1_0_AV_PAIR;
|
|
|
|
typedef enum _MSV1_0_PROTOCOL_MESSAGE_TYPE {
|
|
MsV1_0Lm20ChallengeRequest = 0,
|
|
MsV1_0Lm20GetChallengeResponse,
|
|
MsV1_0EnumerateUsers,
|
|
MsV1_0GetUserInfo,
|
|
MsV1_0ReLogonUsers,
|
|
MsV1_0ChangePassword,
|
|
MsV1_0ChangeCachedPassword,
|
|
MsV1_0GenericPassthrough,
|
|
MsV1_0CacheLogon,
|
|
MsV1_0SubAuth,
|
|
MsV1_0DeriveCredential,
|
|
MsV1_0CacheLookup,
|
|
#if (_WIN32_WINNT >= 0x0501)
|
|
MsV1_0SetProcessOption,
|
|
#endif
|
|
#if (_WIN32_WINNT >= 0x0600)
|
|
MsV1_0ConfigLocalAliases,
|
|
MsV1_0ClearCachedCredentials,
|
|
#endif
|
|
} MSV1_0_PROTOCOL_MESSAGE_TYPE, *PMSV1_0_PROTOCOL_MESSAGE_TYPE;
|
|
|
|
typedef struct _MSV1_0_LM20_CHALLENGE_REQUEST {
|
|
MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType;
|
|
} MSV1_0_LM20_CHALLENGE_REQUEST, *PMSV1_0_LM20_CHALLENGE_REQUEST;
|
|
|
|
typedef struct _MSV1_0_LM20_CHALLENGE_RESPONSE {
|
|
MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType;
|
|
UCHAR ChallengeToClient[MSV1_0_CHALLENGE_LENGTH];
|
|
} MSV1_0_LM20_CHALLENGE_RESPONSE, *PMSV1_0_LM20_CHALLENGE_RESPONSE;
|
|
|
|
typedef struct _MSV1_0_GETCHALLENRESP_REQUEST_V1 {
|
|
MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType;
|
|
ULONG ParameterControl;
|
|
LUID LogonId;
|
|
UNICODE_STRING Password;
|
|
UCHAR ChallengeToClient[MSV1_0_CHALLENGE_LENGTH];
|
|
} MSV1_0_GETCHALLENRESP_REQUEST_V1, *PMSV1_0_GETCHALLENRESP_REQUEST_V1;
|
|
|
|
typedef struct _MSV1_0_GETCHALLENRESP_REQUEST {
|
|
MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType;
|
|
ULONG ParameterControl;
|
|
LUID LogonId;
|
|
UNICODE_STRING Password;
|
|
UCHAR ChallengeToClient[MSV1_0_CHALLENGE_LENGTH];
|
|
UNICODE_STRING UserName;
|
|
UNICODE_STRING LogonDomainName;
|
|
UNICODE_STRING ServerName;
|
|
} MSV1_0_GETCHALLENRESP_REQUEST, *PMSV1_0_GETCHALLENRESP_REQUEST;
|
|
|
|
typedef struct _MSV1_0_GETCHALLENRESP_RESPONSE {
|
|
MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType;
|
|
STRING CaseSensitiveChallengeResponse;
|
|
STRING CaseInsensitiveChallengeResponse;
|
|
UNICODE_STRING UserName;
|
|
UNICODE_STRING LogonDomainName;
|
|
UCHAR UserSessionKey[MSV1_0_USER_SESSION_KEY_LENGTH];
|
|
UCHAR LanmanSessionKey[MSV1_0_LANMAN_SESSION_KEY_LENGTH];
|
|
} MSV1_0_GETCHALLENRESP_RESPONSE, *PMSV1_0_GETCHALLENRESP_RESPONSE;
|
|
|
|
typedef struct _MSV1_0_ENUMUSERS_REQUEST {
|
|
MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType;
|
|
} MSV1_0_ENUMUSERS_REQUEST, *PMSV1_0_ENUMUSERS_REQUEST;
|
|
|
|
typedef struct _MSV1_0_ENUMUSERS_RESPONSE {
|
|
MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType;
|
|
ULONG NumberOfLoggedOnUsers;
|
|
PLUID LogonIds;
|
|
PULONG EnumHandles;
|
|
} MSV1_0_ENUMUSERS_RESPONSE, *PMSV1_0_ENUMUSERS_RESPONSE;
|
|
|
|
typedef struct _MSV1_0_GETUSERINFO_REQUEST {
|
|
MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType;
|
|
LUID LogonId;
|
|
} MSV1_0_GETUSERINFO_REQUEST, *PMSV1_0_GETUSERINFO_REQUEST;
|
|
|
|
typedef struct _MSV1_0_GETUSERINFO_RESPONSE {
|
|
MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType;
|
|
PSID UserSid;
|
|
UNICODE_STRING UserName;
|
|
UNICODE_STRING LogonDomainName;
|
|
UNICODE_STRING LogonServer;
|
|
SECURITY_LOGON_TYPE LogonType;
|
|
} MSV1_0_GETUSERINFO_RESPONSE, *PMSV1_0_GETUSERINFO_RESPONSE;
|
|
|
|
$include (iotypes.h)
|
|
|
|
typedef struct _PUBLIC_OBJECT_BASIC_INFORMATION {
|
|
ULONG Attributes;
|
|
ACCESS_MASK GrantedAccess;
|
|
ULONG HandleCount;
|
|
ULONG PointerCount;
|
|
ULONG Reserved[10];
|
|
} PUBLIC_OBJECT_BASIC_INFORMATION, *PPUBLIC_OBJECT_BASIC_INFORMATION;
|
|
|
|
typedef struct _PUBLIC_OBJECT_TYPE_INFORMATION {
|
|
UNICODE_STRING TypeName;
|
|
ULONG Reserved [22];
|
|
} PUBLIC_OBJECT_TYPE_INFORMATION, *PPUBLIC_OBJECT_TYPE_INFORMATION;
|
|
|
|
#define SYSTEM_PAGE_PRIORITY_BITS 3
|
|
#define SYSTEM_PAGE_PRIORITY_LEVELS (1 << SYSTEM_PAGE_PRIORITY_BITS)
|
|
|
|
$include (ketypes.h)
|
|
$include (kefuncs.h)
|
|
$include (extypes.h)
|
|
$include (exfuncs.h)
|
|
$include (sefuncs.h)
|
|
$include (psfuncs.h)
|
|
$include (iofuncs.h)
|
|
$include (potypes.h)
|
|
$include (pofuncs.h)
|
|
$include (mmtypes.h)
|
|
$include (mmfuncs.h)
|
|
$include (obfuncs.h)
|
|
$include (fsrtltypes.h)
|
|
$include (fsrtlfuncs.h)
|
|
$include (cctypes.h)
|
|
$include (ccfuncs.h)
|
|
$include (zwfuncs.h)
|
|
$include (sspi.h)
|
|
|
|
/* #if !defined(_X86AMD64_) FIXME : WHAT ?! */
|
|
#if defined(_WIN64)
|
|
C_ASSERT(sizeof(ERESOURCE) == 0x68);
|
|
C_ASSERT(FIELD_OFFSET(ERESOURCE,ActiveCount) == 0x18);
|
|
C_ASSERT(FIELD_OFFSET(ERESOURCE,Flag) == 0x1a);
|
|
#else
|
|
C_ASSERT(sizeof(ERESOURCE) == 0x38);
|
|
C_ASSERT(FIELD_OFFSET(ERESOURCE,ActiveCount) == 0x0c);
|
|
C_ASSERT(FIELD_OFFSET(ERESOURCE,Flag) == 0x0e);
|
|
#endif
|
|
/* #endif */
|
|
|
|
#if defined(_IA64_)
|
|
#if (NTDDI_VERSION >= NTDDI_WIN2K)
|
|
//DECLSPEC_DEPRECATED_DDK
|
|
NTHALAPI
|
|
ULONG
|
|
NTAPI
|
|
HalGetDmaAlignmentRequirement(
|
|
VOID);
|
|
#endif
|
|
#endif
|
|
|
|
#if defined(_M_IX86) || defined(_M_AMD64)
|
|
#define HalGetDmaAlignmentRequirement() 1L
|
|
#endif
|
|
|
|
#ifdef _NTSYSTEM_
|
|
extern PUSHORT NlsOemLeadByteInfo;
|
|
#define NLS_OEM_LEAD_BYTE_INFO NlsOemLeadByteInfo
|
|
#else
|
|
__CREATE_NTOS_DATA_IMPORT_ALIAS(NlsOemLeadByteInfo)
|
|
extern PUSHORT *NlsOemLeadByteInfo;
|
|
#define NLS_OEM_LEAD_BYTE_INFO (*NlsOemLeadByteInfo)
|
|
#endif
|
|
|
|
#if (NTDDI_VERSION >= NTDDI_VISTA)
|
|
|
|
typedef enum _NETWORK_OPEN_LOCATION_QUALIFIER {
|
|
NetworkOpenLocationAny,
|
|
NetworkOpenLocationRemote,
|
|
NetworkOpenLocationLoopback
|
|
} NETWORK_OPEN_LOCATION_QUALIFIER;
|
|
|
|
typedef enum _NETWORK_OPEN_INTEGRITY_QUALIFIER {
|
|
NetworkOpenIntegrityAny,
|
|
NetworkOpenIntegrityNone,
|
|
NetworkOpenIntegritySigned,
|
|
NetworkOpenIntegrityEncrypted,
|
|
NetworkOpenIntegrityMaximum
|
|
} NETWORK_OPEN_INTEGRITY_QUALIFIER;
|
|
|
|
#if (NTDDI_VERSION >= NTDDI_WIN7)
|
|
|
|
#define NETWORK_OPEN_ECP_IN_FLAG_DISABLE_HANDLE_COLLAPSING 0x1
|
|
#define NETWORK_OPEN_ECP_IN_FLAG_DISABLE_HANDLE_DURABILITY 0x2
|
|
#define NETWORK_OPEN_ECP_IN_FLAG_FORCE_BUFFERED_SYNCHRONOUS_IO_HACK 0x80000000
|
|
|
|
typedef struct _NETWORK_OPEN_ECP_CONTEXT {
|
|
USHORT Size;
|
|
USHORT Reserved;
|
|
_ANONYMOUS_STRUCT struct {
|
|
struct {
|
|
NETWORK_OPEN_LOCATION_QUALIFIER Location;
|
|
NETWORK_OPEN_INTEGRITY_QUALIFIER Integrity;
|
|
ULONG Flags;
|
|
} in;
|
|
struct {
|
|
NETWORK_OPEN_LOCATION_QUALIFIER Location;
|
|
NETWORK_OPEN_INTEGRITY_QUALIFIER Integrity;
|
|
ULONG Flags;
|
|
} out;
|
|
} DUMMYSTRUCTNAME;
|
|
} NETWORK_OPEN_ECP_CONTEXT, *PNETWORK_OPEN_ECP_CONTEXT;
|
|
|
|
typedef struct _NETWORK_OPEN_ECP_CONTEXT_V0 {
|
|
USHORT Size;
|
|
USHORT Reserved;
|
|
_ANONYMOUS_STRUCT struct {
|
|
struct {
|
|
NETWORK_OPEN_LOCATION_QUALIFIER Location;
|
|
NETWORK_OPEN_INTEGRITY_QUALIFIER Integrity;
|
|
} in;
|
|
struct {
|
|
NETWORK_OPEN_LOCATION_QUALIFIER Location;
|
|
NETWORK_OPEN_INTEGRITY_QUALIFIER Integrity;
|
|
} out;
|
|
} DUMMYSTRUCTNAME;
|
|
} NETWORK_OPEN_ECP_CONTEXT_V0, *PNETWORK_OPEN_ECP_CONTEXT_V0;
|
|
|
|
#elif (NTDDI_VERSION >= NTDDI_VISTA)
|
|
typedef struct _NETWORK_OPEN_ECP_CONTEXT {
|
|
USHORT Size;
|
|
USHORT Reserved;
|
|
_ANONYMOUS_STRUCT struct {
|
|
struct {
|
|
NETWORK_OPEN_LOCATION_QUALIFIER Location;
|
|
NETWORK_OPEN_INTEGRITY_QUALIFIER Integrity;
|
|
} in;
|
|
struct {
|
|
NETWORK_OPEN_LOCATION_QUALIFIER Location;
|
|
NETWORK_OPEN_INTEGRITY_QUALIFIER Integrity;
|
|
} out;
|
|
} DUMMYSTRUCTNAME;
|
|
} NETWORK_OPEN_ECP_CONTEXT, *PNETWORK_OPEN_ECP_CONTEXT;
|
|
#endif
|
|
|
|
DEFINE_GUID(GUID_ECP_NETWORK_OPEN_CONTEXT, 0xc584edbf, 0x00df, 0x4d28, 0xb8, 0x84, 0x35, 0xba, 0xca, 0x89, 0x11, 0xe8);
|
|
|
|
#endif /* (NTDDI_VERSION >= NTDDI_VISTA) */
|
|
|
|
|
|
#if (NTDDI_VERSION >= NTDDI_VISTA)
|
|
|
|
typedef struct _PREFETCH_OPEN_ECP_CONTEXT {
|
|
PVOID Context;
|
|
} PREFETCH_OPEN_ECP_CONTEXT, *PPREFETCH_OPEN_ECP_CONTEXT;
|
|
|
|
DEFINE_GUID(GUID_ECP_PREFETCH_OPEN, 0xe1777b21, 0x847e, 0x4837, 0xaa, 0x45, 0x64, 0x16, 0x1d, 0x28, 0x6, 0x55);
|
|
|
|
#endif /* (NTDDI_VERSION >= NTDDI_VISTA) */
|
|
|
|
#if (NTDDI_VERSION >= NTDDI_WIN7)
|
|
|
|
DEFINE_GUID (GUID_ECP_NFS_OPEN, 0xf326d30c, 0xe5f8, 0x4fe7, 0xab, 0x74, 0xf5, 0xa3, 0x19, 0x6d, 0x92, 0xdb);
|
|
DEFINE_GUID (GUID_ECP_SRV_OPEN, 0xbebfaebc, 0xaabf, 0x489d, 0x9d, 0x2c, 0xe9, 0xe3, 0x61, 0x10, 0x28, 0x53);
|
|
|
|
typedef struct sockaddr_storage *PSOCKADDR_STORAGE_NFS;
|
|
|
|
typedef struct _NFS_OPEN_ECP_CONTEXT {
|
|
PUNICODE_STRING ExportAlias;
|
|
PSOCKADDR_STORAGE_NFS ClientSocketAddress;
|
|
} NFS_OPEN_ECP_CONTEXT, *PNFS_OPEN_ECP_CONTEXT, **PPNFS_OPEN_ECP_CONTEXT;
|
|
|
|
typedef struct _SRV_OPEN_ECP_CONTEXT {
|
|
PUNICODE_STRING ShareName;
|
|
PSOCKADDR_STORAGE_NFS SocketAddress;
|
|
BOOLEAN OplockBlockState;
|
|
BOOLEAN OplockAppState;
|
|
BOOLEAN OplockFinalState;
|
|
} SRV_OPEN_ECP_CONTEXT, *PSRV_OPEN_ECP_CONTEXT;
|
|
|
|
#endif /* (NTDDI_VERSION >= NTDDI_WIN7) */
|
|
|
|
#define PIN_WAIT (1)
|
|
#define PIN_EXCLUSIVE (2)
|
|
#define PIN_NO_READ (4)
|
|
#define PIN_IF_BCB (8)
|
|
#define PIN_CALLER_TRACKS_DIRTY_DATA (32)
|
|
#define PIN_HIGH_PRIORITY (64)
|
|
|
|
#define MAP_WAIT 1
|
|
#define MAP_NO_READ (16)
|
|
#define MAP_HIGH_PRIORITY (64)
|
|
|
|
#define IOCTL_REDIR_QUERY_PATH CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 99, METHOD_NEITHER, FILE_ANY_ACCESS)
|
|
#define IOCTL_REDIR_QUERY_PATH_EX CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 100, METHOD_NEITHER, FILE_ANY_ACCESS)
|
|
|
|
typedef struct _QUERY_PATH_REQUEST {
|
|
ULONG PathNameLength;
|
|
PIO_SECURITY_CONTEXT SecurityContext;
|
|
WCHAR FilePathName[1];
|
|
} QUERY_PATH_REQUEST, *PQUERY_PATH_REQUEST;
|
|
|
|
typedef struct _QUERY_PATH_REQUEST_EX {
|
|
PIO_SECURITY_CONTEXT pSecurityContext;
|
|
ULONG EaLength;
|
|
PVOID pEaBuffer;
|
|
UNICODE_STRING PathName;
|
|
UNICODE_STRING DomainServiceName;
|
|
ULONG_PTR Reserved[ 3 ];
|
|
} QUERY_PATH_REQUEST_EX, *PQUERY_PATH_REQUEST_EX;
|
|
|
|
typedef struct _QUERY_PATH_RESPONSE {
|
|
ULONG LengthAccepted;
|
|
} QUERY_PATH_RESPONSE, *PQUERY_PATH_RESPONSE;
|
|
|
|
#define VOLSNAPCONTROLTYPE 0x00000053
|
|
#define IOCTL_VOLSNAP_FLUSH_AND_HOLD_WRITES CTL_CODE(VOLSNAPCONTROLTYPE, 0, METHOD_BUFFERED, FILE_READ_ACCESS | FILE_WRITE_ACCESS)
|
|
|
|
/* FIXME : These definitions below don't belong here (or anywhere in ddk really) */
|
|
#ifndef VER_PRODUCTBUILD
|
|
#define VER_PRODUCTBUILD 10000
|
|
#endif
|
|
|
|
#include "csq.h"
|
|
|
|
#define FS_LFN_APIS 0x00004000
|
|
|
|
#define FILE_STORAGE_TYPE_SPECIFIED 0x00000041 /* FILE_DIRECTORY_FILE | FILE_NON_DIRECTORY_FILE */
|
|
#define FILE_STORAGE_TYPE_DEFAULT (StorageTypeDefault << FILE_STORAGE_TYPE_SHIFT)
|
|
#define FILE_STORAGE_TYPE_DIRECTORY (StorageTypeDirectory << FILE_STORAGE_TYPE_SHIFT)
|
|
#define FILE_STORAGE_TYPE_FILE (StorageTypeFile << FILE_STORAGE_TYPE_SHIFT)
|
|
#define FILE_STORAGE_TYPE_DOCFILE (StorageTypeDocfile << FILE_STORAGE_TYPE_SHIFT)
|
|
#define FILE_STORAGE_TYPE_JUNCTION_POINT (StorageTypeJunctionPoint << FILE_STORAGE_TYPE_SHIFT)
|
|
#define FILE_STORAGE_TYPE_CATALOG (StorageTypeCatalog << FILE_STORAGE_TYPE_SHIFT)
|
|
#define FILE_STORAGE_TYPE_STRUCTURED_STORAGE (StorageTypeStructuredStorage << FILE_STORAGE_TYPE_SHIFT)
|
|
#define FILE_STORAGE_TYPE_EMBEDDING (StorageTypeEmbedding << FILE_STORAGE_TYPE_SHIFT)
|
|
#define FILE_STORAGE_TYPE_STREAM (StorageTypeStream << FILE_STORAGE_TYPE_SHIFT)
|
|
#define FILE_MINIMUM_STORAGE_TYPE FILE_STORAGE_TYPE_DEFAULT
|
|
#define FILE_MAXIMUM_STORAGE_TYPE FILE_STORAGE_TYPE_STREAM
|
|
#define FILE_STORAGE_TYPE_MASK 0x000f0000
|
|
#define FILE_STORAGE_TYPE_SHIFT 16
|
|
|
|
#define FILE_VC_QUOTAS_LOG_VIOLATIONS 0x00000004
|
|
|
|
#ifdef _X86_
|
|
#define HARDWARE_PTE HARDWARE_PTE_X86
|
|
#define PHARDWARE_PTE PHARDWARE_PTE_X86
|
|
#endif
|
|
|
|
#define IO_ATTACH_DEVICE_API 0x80000000
|
|
|
|
#define IO_TYPE_APC 18
|
|
#define IO_TYPE_DPC 19
|
|
#define IO_TYPE_DEVICE_QUEUE 20
|
|
#define IO_TYPE_EVENT_PAIR 21
|
|
#define IO_TYPE_INTERRUPT 22
|
|
#define IO_TYPE_PROFILE 23
|
|
|
|
#define IRP_BEING_VERIFIED 0x10
|
|
|
|
#define MAILSLOT_CLASS_FIRSTCLASS 1
|
|
#define MAILSLOT_CLASS_SECONDCLASS 2
|
|
|
|
#define MAILSLOT_SIZE_AUTO 0
|
|
|
|
#define MEM_DOS_LIM 0x40000000
|
|
|
|
#define OB_TYPE_TYPE 1
|
|
#define OB_TYPE_DIRECTORY 2
|
|
#define OB_TYPE_SYMBOLIC_LINK 3
|
|
#define OB_TYPE_TOKEN 4
|
|
#define OB_TYPE_PROCESS 5
|
|
#define OB_TYPE_THREAD 6
|
|
#define OB_TYPE_EVENT 7
|
|
#define OB_TYPE_EVENT_PAIR 8
|
|
#define OB_TYPE_MUTANT 9
|
|
#define OB_TYPE_SEMAPHORE 10
|
|
#define OB_TYPE_TIMER 11
|
|
#define OB_TYPE_PROFILE 12
|
|
#define OB_TYPE_WINDOW_STATION 13
|
|
#define OB_TYPE_DESKTOP 14
|
|
#define OB_TYPE_SECTION 15
|
|
#define OB_TYPE_KEY 16
|
|
#define OB_TYPE_PORT 17
|
|
#define OB_TYPE_ADAPTER 18
|
|
#define OB_TYPE_CONTROLLER 19
|
|
#define OB_TYPE_DEVICE 20
|
|
#define OB_TYPE_DRIVER 21
|
|
#define OB_TYPE_IO_COMPLETION 22
|
|
#define OB_TYPE_FILE 23
|
|
|
|
#define SEC_BASED 0x00200000
|
|
|
|
/* end winnt.h */
|
|
|
|
#if (VER_PRODUCTBUILD >= 1381)
|
|
#define FSCTL_GET_HFS_INFORMATION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 31, METHOD_BUFFERED, FILE_ANY_ACCESS)
|
|
#endif /* (VER_PRODUCTBUILD >= 1381) */
|
|
|
|
#if (VER_PRODUCTBUILD >= 2195)
|
|
|
|
#define FSCTL_READ_PROPERTY_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 33, METHOD_NEITHER, FILE_ANY_ACCESS)
|
|
#define FSCTL_WRITE_PROPERTY_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 34, METHOD_NEITHER, FILE_ANY_ACCESS)
|
|
|
|
#define FSCTL_DUMP_PROPERTY_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 37, METHOD_NEITHER, FILE_ANY_ACCESS)
|
|
|
|
#define FSCTL_HSM_MSG CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 66, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA)
|
|
#define FSCTL_NSS_CONTROL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 67, METHOD_BUFFERED, FILE_WRITE_DATA)
|
|
#define FSCTL_HSM_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 68, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA)
|
|
#define FSCTL_NSS_RCONTROL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 70, METHOD_BUFFERED, FILE_READ_DATA)
|
|
#endif /* (VER_PRODUCTBUILD >= 2195) */
|
|
|
|
#define FSCTL_NETWORK_SET_CONFIGURATION_INFO CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 102, METHOD_IN_DIRECT, FILE_ANY_ACCESS)
|
|
#define FSCTL_NETWORK_GET_CONFIGURATION_INFO CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 103, METHOD_OUT_DIRECT, FILE_ANY_ACCESS)
|
|
#define FSCTL_NETWORK_GET_CONNECTION_INFO CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 104, METHOD_NEITHER, FILE_ANY_ACCESS)
|
|
#define FSCTL_NETWORK_ENUMERATE_CONNECTIONS CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 105, METHOD_NEITHER, FILE_ANY_ACCESS)
|
|
#define FSCTL_NETWORK_DELETE_CONNECTION CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 107, METHOD_BUFFERED, FILE_ANY_ACCESS)
|
|
#define FSCTL_NETWORK_GET_STATISTICS CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 116, METHOD_BUFFERED, FILE_ANY_ACCESS)
|
|
#define FSCTL_NETWORK_SET_DOMAIN_NAME CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 120, METHOD_BUFFERED, FILE_ANY_ACCESS)
|
|
#define FSCTL_NETWORK_REMOTE_BOOT_INIT_SCRT CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 250, METHOD_BUFFERED, FILE_ANY_ACCESS)
|
|
|
|
typedef enum _FILE_STORAGE_TYPE {
|
|
StorageTypeDefault = 1,
|
|
StorageTypeDirectory,
|
|
StorageTypeFile,
|
|
StorageTypeJunctionPoint,
|
|
StorageTypeCatalog,
|
|
StorageTypeStructuredStorage,
|
|
StorageTypeEmbedding,
|
|
StorageTypeStream
|
|
} FILE_STORAGE_TYPE;
|
|
|
|
typedef struct _OBJECT_BASIC_INFORMATION
|
|
{
|
|
ULONG Attributes;
|
|
ACCESS_MASK GrantedAccess;
|
|
ULONG HandleCount;
|
|
ULONG PointerCount;
|
|
ULONG PagedPoolCharge;
|
|
ULONG NonPagedPoolCharge;
|
|
ULONG Reserved[ 3 ];
|
|
ULONG NameInfoSize;
|
|
ULONG TypeInfoSize;
|
|
ULONG SecurityDescriptorSize;
|
|
LARGE_INTEGER CreationTime;
|
|
} OBJECT_BASIC_INFORMATION, *POBJECT_BASIC_INFORMATION;
|
|
|
|
typedef struct _FILE_COPY_ON_WRITE_INFORMATION {
|
|
BOOLEAN ReplaceIfExists;
|
|
HANDLE RootDirectory;
|
|
ULONG FileNameLength;
|
|
WCHAR FileName[1];
|
|
} FILE_COPY_ON_WRITE_INFORMATION, *PFILE_COPY_ON_WRITE_INFORMATION;
|
|
|
|
typedef struct _FILE_FULL_DIRECTORY_INFORMATION {
|
|
ULONG NextEntryOffset;
|
|
ULONG FileIndex;
|
|
LARGE_INTEGER CreationTime;
|
|
LARGE_INTEGER LastAccessTime;
|
|
LARGE_INTEGER LastWriteTime;
|
|
LARGE_INTEGER ChangeTime;
|
|
LARGE_INTEGER EndOfFile;
|
|
LARGE_INTEGER AllocationSize;
|
|
ULONG FileAttributes;
|
|
ULONG FileNameLength;
|
|
ULONG EaSize;
|
|
WCHAR FileName[ANYSIZE_ARRAY];
|
|
} FILE_FULL_DIRECTORY_INFORMATION, *PFILE_FULL_DIRECTORY_INFORMATION;
|
|
|
|
/* raw internal file lock struct returned from FsRtlGetNextFileLock */
|
|
typedef struct _FILE_SHARED_LOCK_ENTRY {
|
|
PVOID Unknown1;
|
|
PVOID Unknown2;
|
|
FILE_LOCK_INFO FileLock;
|
|
} FILE_SHARED_LOCK_ENTRY, *PFILE_SHARED_LOCK_ENTRY;
|
|
|
|
/* raw internal file lock struct returned from FsRtlGetNextFileLock */
|
|
typedef struct _FILE_EXCLUSIVE_LOCK_ENTRY {
|
|
LIST_ENTRY ListEntry;
|
|
PVOID Unknown1;
|
|
PVOID Unknown2;
|
|
FILE_LOCK_INFO FileLock;
|
|
} FILE_EXCLUSIVE_LOCK_ENTRY, *PFILE_EXCLUSIVE_LOCK_ENTRY;
|
|
|
|
typedef struct _FILE_MAILSLOT_PEEK_BUFFER {
|
|
ULONG ReadDataAvailable;
|
|
ULONG NumberOfMessages;
|
|
ULONG MessageLength;
|
|
} FILE_MAILSLOT_PEEK_BUFFER, *PFILE_MAILSLOT_PEEK_BUFFER;
|
|
|
|
typedef struct _FILE_OLE_CLASSID_INFORMATION {
|
|
GUID ClassId;
|
|
} FILE_OLE_CLASSID_INFORMATION, *PFILE_OLE_CLASSID_INFORMATION;
|
|
|
|
typedef struct _FILE_OLE_ALL_INFORMATION {
|
|
FILE_BASIC_INFORMATION BasicInformation;
|
|
FILE_STANDARD_INFORMATION StandardInformation;
|
|
FILE_INTERNAL_INFORMATION InternalInformation;
|
|
FILE_EA_INFORMATION EaInformation;
|
|
FILE_ACCESS_INFORMATION AccessInformation;
|
|
FILE_POSITION_INFORMATION PositionInformation;
|
|
FILE_MODE_INFORMATION ModeInformation;
|
|
FILE_ALIGNMENT_INFORMATION AlignmentInformation;
|
|
USN LastChangeUsn;
|
|
USN ReplicationUsn;
|
|
LARGE_INTEGER SecurityChangeTime;
|
|
FILE_OLE_CLASSID_INFORMATION OleClassIdInformation;
|
|
FILE_OBJECTID_INFORMATION ObjectIdInformation;
|
|
FILE_STORAGE_TYPE StorageType;
|
|
ULONG OleStateBits;
|
|
ULONG OleId;
|
|
ULONG NumberOfStreamReferences;
|
|
ULONG StreamIndex;
|
|
ULONG SecurityId;
|
|
BOOLEAN ContentIndexDisable;
|
|
BOOLEAN InheritContentIndexDisable;
|
|
FILE_NAME_INFORMATION NameInformation;
|
|
} FILE_OLE_ALL_INFORMATION, *PFILE_OLE_ALL_INFORMATION;
|
|
|
|
typedef struct _FILE_OLE_DIR_INFORMATION {
|
|
ULONG NextEntryOffset;
|
|
ULONG FileIndex;
|
|
LARGE_INTEGER CreationTime;
|
|
LARGE_INTEGER LastAccessTime;
|
|
LARGE_INTEGER LastWriteTime;
|
|
LARGE_INTEGER ChangeTime;
|
|
LARGE_INTEGER EndOfFile;
|
|
LARGE_INTEGER AllocationSize;
|
|
ULONG FileAttributes;
|
|
ULONG FileNameLength;
|
|
FILE_STORAGE_TYPE StorageType;
|
|
GUID OleClassId;
|
|
ULONG OleStateBits;
|
|
BOOLEAN ContentIndexDisable;
|
|
BOOLEAN InheritContentIndexDisable;
|
|
WCHAR FileName[1];
|
|
} FILE_OLE_DIR_INFORMATION, *PFILE_OLE_DIR_INFORMATION;
|
|
|
|
typedef struct _FILE_OLE_INFORMATION {
|
|
LARGE_INTEGER SecurityChangeTime;
|
|
FILE_OLE_CLASSID_INFORMATION OleClassIdInformation;
|
|
FILE_OBJECTID_INFORMATION ObjectIdInformation;
|
|
FILE_STORAGE_TYPE StorageType;
|
|
ULONG OleStateBits;
|
|
BOOLEAN ContentIndexDisable;
|
|
BOOLEAN InheritContentIndexDisable;
|
|
} FILE_OLE_INFORMATION, *PFILE_OLE_INFORMATION;
|
|
|
|
typedef struct _FILE_OLE_STATE_BITS_INFORMATION {
|
|
ULONG StateBits;
|
|
ULONG StateBitsMask;
|
|
} FILE_OLE_STATE_BITS_INFORMATION, *PFILE_OLE_STATE_BITS_INFORMATION;
|
|
|
|
typedef struct _MAPPING_PAIR {
|
|
ULONGLONG Vcn;
|
|
ULONGLONG Lcn;
|
|
} MAPPING_PAIR, *PMAPPING_PAIR;
|
|
|
|
typedef struct _GET_RETRIEVAL_DESCRIPTOR {
|
|
ULONG NumberOfPairs;
|
|
ULONGLONG StartVcn;
|
|
MAPPING_PAIR Pair[1];
|
|
} GET_RETRIEVAL_DESCRIPTOR, *PGET_RETRIEVAL_DESCRIPTOR;
|
|
|
|
typedef struct _MOVEFILE_DESCRIPTOR {
|
|
HANDLE FileHandle;
|
|
ULONG Reserved;
|
|
LARGE_INTEGER StartVcn;
|
|
LARGE_INTEGER TargetLcn;
|
|
ULONG NumVcns;
|
|
ULONG Reserved1;
|
|
} MOVEFILE_DESCRIPTOR, *PMOVEFILE_DESCRIPTOR;
|
|
|
|
typedef struct _OBJECT_BASIC_INFO {
|
|
ULONG Attributes;
|
|
ACCESS_MASK GrantedAccess;
|
|
ULONG HandleCount;
|
|
ULONG ReferenceCount;
|
|
ULONG PagedPoolUsage;
|
|
ULONG NonPagedPoolUsage;
|
|
ULONG Reserved[3];
|
|
ULONG NameInformationLength;
|
|
ULONG TypeInformationLength;
|
|
ULONG SecurityDescriptorLength;
|
|
LARGE_INTEGER CreateTime;
|
|
} OBJECT_BASIC_INFO, *POBJECT_BASIC_INFO;
|
|
|
|
typedef struct _OBJECT_HANDLE_ATTRIBUTE_INFO {
|
|
BOOLEAN Inherit;
|
|
BOOLEAN ProtectFromClose;
|
|
} OBJECT_HANDLE_ATTRIBUTE_INFO, *POBJECT_HANDLE_ATTRIBUTE_INFO;
|
|
|
|
typedef struct _OBJECT_NAME_INFO {
|
|
UNICODE_STRING ObjectName;
|
|
WCHAR ObjectNameBuffer[1];
|
|
} OBJECT_NAME_INFO, *POBJECT_NAME_INFO;
|
|
|
|
typedef struct _OBJECT_PROTECTION_INFO {
|
|
BOOLEAN Inherit;
|
|
BOOLEAN ProtectHandle;
|
|
} OBJECT_PROTECTION_INFO, *POBJECT_PROTECTION_INFO;
|
|
|
|
typedef struct _OBJECT_TYPE_INFO {
|
|
UNICODE_STRING ObjectTypeName;
|
|
UCHAR Unknown[0x58];
|
|
WCHAR ObjectTypeNameBuffer[1];
|
|
} OBJECT_TYPE_INFO, *POBJECT_TYPE_INFO;
|
|
|
|
typedef struct _OBJECT_ALL_TYPES_INFO {
|
|
ULONG NumberOfObjectTypes;
|
|
OBJECT_TYPE_INFO ObjectsTypeInfo[1];
|
|
} OBJECT_ALL_TYPES_INFO, *POBJECT_ALL_TYPES_INFO;
|
|
|
|
#if defined(USE_LPC6432)
|
|
#define LPC_CLIENT_ID CLIENT_ID64
|
|
#define LPC_SIZE_T ULONGLONG
|
|
#define LPC_PVOID ULONGLONG
|
|
#define LPC_HANDLE ULONGLONG
|
|
#else
|
|
#define LPC_CLIENT_ID CLIENT_ID
|
|
#define LPC_SIZE_T SIZE_T
|
|
#define LPC_PVOID PVOID
|
|
#define LPC_HANDLE HANDLE
|
|
#endif
|
|
|
|
typedef struct _PORT_MESSAGE
|
|
{
|
|
union
|
|
{
|
|
struct
|
|
{
|
|
CSHORT DataLength;
|
|
CSHORT TotalLength;
|
|
} s1;
|
|
ULONG Length;
|
|
} u1;
|
|
union
|
|
{
|
|
struct
|
|
{
|
|
CSHORT Type;
|
|
CSHORT DataInfoOffset;
|
|
} s2;
|
|
ULONG ZeroInit;
|
|
} u2;
|
|
__GNU_EXTENSION union
|
|
{
|
|
LPC_CLIENT_ID ClientId;
|
|
double DoNotUseThisField;
|
|
};
|
|
ULONG MessageId;
|
|
__GNU_EXTENSION union
|
|
{
|
|
LPC_SIZE_T ClientViewSize;
|
|
ULONG CallbackId;
|
|
};
|
|
} PORT_MESSAGE, *PPORT_MESSAGE;
|
|
|
|
#define LPC_KERNELMODE_MESSAGE (CSHORT)((USHORT)0x8000)
|
|
|
|
typedef struct _PORT_VIEW
|
|
{
|
|
ULONG Length;
|
|
LPC_HANDLE SectionHandle;
|
|
ULONG SectionOffset;
|
|
LPC_SIZE_T ViewSize;
|
|
LPC_PVOID ViewBase;
|
|
LPC_PVOID ViewRemoteBase;
|
|
} PORT_VIEW, *PPORT_VIEW;
|
|
|
|
typedef struct _REMOTE_PORT_VIEW
|
|
{
|
|
ULONG Length;
|
|
LPC_SIZE_T ViewSize;
|
|
LPC_PVOID ViewBase;
|
|
} REMOTE_PORT_VIEW, *PREMOTE_PORT_VIEW;
|
|
|
|
typedef struct _VAD_HEADER {
|
|
PVOID StartVPN;
|
|
PVOID EndVPN;
|
|
struct _VAD_HEADER* ParentLink;
|
|
struct _VAD_HEADER* LeftLink;
|
|
struct _VAD_HEADER* RightLink;
|
|
ULONG Flags; /* LSB = CommitCharge */
|
|
PVOID ControlArea;
|
|
PVOID FirstProtoPte;
|
|
PVOID LastPTE;
|
|
ULONG Unknown;
|
|
LIST_ENTRY Secured;
|
|
} VAD_HEADER, *PVAD_HEADER;
|
|
|
|
NTKERNELAPI
|
|
LARGE_INTEGER
|
|
NTAPI
|
|
CcGetLsnForFileObject (
|
|
_In_ PFILE_OBJECT FileObject,
|
|
_Out_opt_ PLARGE_INTEGER OldestLsn
|
|
);
|
|
|
|
NTKERNELAPI
|
|
PVOID
|
|
NTAPI
|
|
FsRtlAllocatePool (
|
|
_In_ POOL_TYPE PoolType,
|
|
_In_ ULONG NumberOfBytes
|
|
);
|
|
|
|
NTKERNELAPI
|
|
PVOID
|
|
NTAPI
|
|
FsRtlAllocatePoolWithQuota (
|
|
_In_ POOL_TYPE PoolType,
|
|
_In_ ULONG NumberOfBytes
|
|
);
|
|
|
|
NTKERNELAPI
|
|
PVOID
|
|
NTAPI
|
|
FsRtlAllocatePoolWithQuotaTag (
|
|
_In_ POOL_TYPE PoolType,
|
|
_In_ ULONG NumberOfBytes,
|
|
_In_ ULONG Tag
|
|
);
|
|
|
|
NTKERNELAPI
|
|
PVOID
|
|
NTAPI
|
|
FsRtlAllocatePoolWithTag (
|
|
_In_ POOL_TYPE PoolType,
|
|
_In_ ULONG NumberOfBytes,
|
|
_In_ ULONG Tag
|
|
);
|
|
|
|
NTKERNELAPI
|
|
BOOLEAN
|
|
NTAPI
|
|
FsRtlMdlReadComplete (
|
|
_In_ PFILE_OBJECT FileObject,
|
|
_In_ PMDL MdlChain
|
|
);
|
|
|
|
NTKERNELAPI
|
|
BOOLEAN
|
|
NTAPI
|
|
FsRtlMdlWriteComplete (
|
|
_In_ PFILE_OBJECT FileObject,
|
|
_In_ PLARGE_INTEGER FileOffset,
|
|
_In_ PMDL MdlChain
|
|
);
|
|
|
|
NTKERNELAPI
|
|
VOID
|
|
NTAPI
|
|
FsRtlNotifyChangeDirectory (
|
|
_In_ PNOTIFY_SYNC NotifySync,
|
|
_In_ PVOID FsContext,
|
|
_In_ PSTRING FullDirectoryName,
|
|
_In_ PLIST_ENTRY NotifyList,
|
|
_In_ BOOLEAN WatchTree,
|
|
_In_ ULONG CompletionFilter,
|
|
_In_ PIRP NotifyIrp
|
|
);
|
|
|
|
#if 1
|
|
NTKERNELAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ObCreateObject(
|
|
_In_opt_ KPROCESSOR_MODE ObjectAttributesAccessMode,
|
|
_In_ POBJECT_TYPE ObjectType,
|
|
_In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
|
|
_In_ KPROCESSOR_MODE AccessMode,
|
|
_Inout_opt_ PVOID ParseContext,
|
|
_In_ ULONG ObjectSize,
|
|
_In_opt_ ULONG PagedPoolCharge,
|
|
_In_opt_ ULONG NonPagedPoolCharge,
|
|
_Out_ PVOID *Object
|
|
);
|
|
|
|
NTKERNELAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ObReferenceObjectByName (
|
|
_In_ PUNICODE_STRING ObjectName,
|
|
_In_ ULONG Attributes,
|
|
_In_opt_ PACCESS_STATE PassedAccessState,
|
|
_In_opt_ ACCESS_MASK DesiredAccess,
|
|
_In_ POBJECT_TYPE ObjectType,
|
|
_In_ KPROCESSOR_MODE AccessMode,
|
|
_Inout_opt_ PVOID ParseContext,
|
|
_Out_ PVOID *Object
|
|
);
|
|
|
|
#define PsDereferenceImpersonationToken(T) \
|
|
{if (ARGUMENT_PRESENT(T)) { \
|
|
(ObDereferenceObject((T))); \
|
|
} else { \
|
|
; \
|
|
} \
|
|
}
|
|
|
|
NTKERNELAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
PsLookupProcessThreadByCid (
|
|
_In_ PCLIENT_ID Cid,
|
|
_Out_opt_ PEPROCESS *Process,
|
|
_Out_ PETHREAD *Thread
|
|
);
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
RtlSetSaclSecurityDescriptor (
|
|
_Inout_ PSECURITY_DESCRIPTOR SecurityDescriptor,
|
|
_In_ BOOLEAN SaclPresent,
|
|
_In_ PACL Sacl,
|
|
_In_ BOOLEAN SaclDefaulted
|
|
);
|
|
|
|
#define SeEnableAccessToExports() SeExports = *(PSE_EXPORTS *)SeExports;
|
|
|
|
#endif
|
|
|
|
#ifdef __cplusplus
|
|
}
|
|
#endif
|