mirror of
https://github.com/reactos/reactos.git
synced 2024-07-17 18:06:11 +00:00
6333 lines
159 KiB
C
6333 lines
159 KiB
C
/*
|
|
* ntifs.h
|
|
*
|
|
* Windows NT Filesystem Driver Developer Kit
|
|
*
|
|
* This file is part of the w32api package.
|
|
*
|
|
* Contributors:
|
|
* Created by Bo Brantén <bosse@acc.umu.se>
|
|
*
|
|
* THIS SOFTWARE IS NOT COPYRIGHTED
|
|
*
|
|
* This source code is offered for use in the public domain. You may
|
|
* use, modify or distribute it freely.
|
|
*
|
|
* This code is distributed in the hope that it will be useful but
|
|
* WITHOUT ANY WARRANTY. ALL WARRANTIES, EXPRESS OR IMPLIED ARE HEREBY
|
|
* DISCLAIMED. This includes but is not limited to warranties of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
|
|
*
|
|
*/
|
|
|
|
#ifndef _NTIFS_
|
|
#define _NTIFS_
|
|
#define _GNU_NTIFS_
|
|
|
|
/* Helper macro to enable gcc's extension. */
|
|
#ifndef __GNU_EXTENSION
|
|
#ifdef __GNUC__
|
|
#define __GNU_EXTENSION __extension__
|
|
#else
|
|
#define __GNU_EXTENSION
|
|
#endif
|
|
#endif
|
|
|
|
#define NTKERNELAPI DECLSPEC_IMPORT
|
|
|
|
#include <ntddk.h>
|
|
|
|
#define _NTIFS_INCLUDED_
|
|
#ifdef __cplusplus
|
|
extern "C" {
|
|
#endif
|
|
|
|
#pragma pack(push,4)
|
|
|
|
#ifndef VER_PRODUCTBUILD
|
|
#define VER_PRODUCTBUILD 10000
|
|
#endif
|
|
|
|
#define EX_PUSH_LOCK ULONG_PTR
|
|
#define PEX_PUSH_LOCK PULONG_PTR
|
|
|
|
|
|
#ifndef FlagOn
|
|
#define FlagOn(_F,_SF) ((_F) & (_SF))
|
|
#endif
|
|
|
|
#ifndef BooleanFlagOn
|
|
#define BooleanFlagOn(F,SF) ((BOOLEAN)(((F) & (SF)) != 0))
|
|
#endif
|
|
|
|
#ifndef SetFlag
|
|
#define SetFlag(_F,_SF) ((_F) |= (_SF))
|
|
#endif
|
|
|
|
#ifndef ClearFlag
|
|
#define ClearFlag(_F,_SF) ((_F) &= ~(_SF))
|
|
#endif
|
|
|
|
#include "csq.h"
|
|
|
|
#ifdef _NTOSKRNL_
|
|
extern PUCHAR FsRtlLegalAnsiCharacterArray;
|
|
#else
|
|
extern DECLSPEC_IMPORT PUCHAR FsRtlLegalAnsiCharacterArray;
|
|
#endif
|
|
extern PACL SePublicDefaultDacl;
|
|
extern PACL SeSystemDefaultDacl;
|
|
|
|
extern KSPIN_LOCK IoStatisticsLock;
|
|
extern ULONG IoReadOperationCount;
|
|
extern ULONG IoWriteOperationCount;
|
|
extern ULONG IoOtherOperationCount;
|
|
extern LARGE_INTEGER IoReadTransferCount;
|
|
extern LARGE_INTEGER IoWriteTransferCount;
|
|
extern LARGE_INTEGER IoOtherTransferCount;
|
|
|
|
typedef STRING LSA_STRING, *PLSA_STRING;
|
|
typedef ULONG LSA_OPERATIONAL_MODE, *PLSA_OPERATIONAL_MODE;
|
|
|
|
typedef enum _SECURITY_LOGON_TYPE
|
|
{
|
|
UndefinedLogonType = 0,
|
|
Interactive = 2,
|
|
Network,
|
|
Batch,
|
|
Service,
|
|
Proxy,
|
|
Unlock,
|
|
NetworkCleartext,
|
|
NewCredentials,
|
|
#if (_WIN32_WINNT >= 0x0501)
|
|
RemoteInteractive,
|
|
CachedInteractive,
|
|
#endif
|
|
#if (_WIN32_WINNT >= 0x0502)
|
|
CachedRemoteInteractive,
|
|
CachedUnlock
|
|
#endif
|
|
} SECURITY_LOGON_TYPE, *PSECURITY_LOGON_TYPE;
|
|
|
|
#define ANSI_DOS_STAR ('<')
|
|
#define ANSI_DOS_QM ('>')
|
|
#define ANSI_DOS_DOT ('"')
|
|
|
|
#define DOS_STAR (L'<')
|
|
#define DOS_QM (L'>')
|
|
#define DOS_DOT (L'"')
|
|
|
|
/* also in winnt.h */
|
|
#define ACCESS_MIN_MS_ACE_TYPE (0x0)
|
|
#define ACCESS_ALLOWED_ACE_TYPE (0x0)
|
|
#define ACCESS_DENIED_ACE_TYPE (0x1)
|
|
#define SYSTEM_AUDIT_ACE_TYPE (0x2)
|
|
#define SYSTEM_ALARM_ACE_TYPE (0x3)
|
|
#define ACCESS_MAX_MS_V2_ACE_TYPE (0x3)
|
|
#define ACCESS_ALLOWED_COMPOUND_ACE_TYPE (0x4)
|
|
#define ACCESS_MAX_MS_V3_ACE_TYPE (0x4)
|
|
#define ACCESS_MIN_MS_OBJECT_ACE_TYPE (0x5)
|
|
#define ACCESS_ALLOWED_OBJECT_ACE_TYPE (0x5)
|
|
#define ACCESS_DENIED_OBJECT_ACE_TYPE (0x6)
|
|
#define SYSTEM_AUDIT_OBJECT_ACE_TYPE (0x7)
|
|
#define SYSTEM_ALARM_OBJECT_ACE_TYPE (0x8)
|
|
#define ACCESS_MAX_MS_OBJECT_ACE_TYPE (0x8)
|
|
#define ACCESS_MAX_MS_V4_ACE_TYPE (0x8)
|
|
#define ACCESS_MAX_MS_ACE_TYPE (0x8)
|
|
#define ACCESS_ALLOWED_CALLBACK_ACE_TYPE (0x9)
|
|
#define ACCESS_DENIED_CALLBACK_ACE_TYPE (0xA)
|
|
#define ACCESS_ALLOWED_CALLBACK_OBJECT_ACE_TYPE (0xB)
|
|
#define ACCESS_DENIED_CALLBACK_OBJECT_ACE_TYPE (0xC)
|
|
#define SYSTEM_AUDIT_CALLBACK_ACE_TYPE (0xD)
|
|
#define SYSTEM_ALARM_CALLBACK_ACE_TYPE (0xE)
|
|
#define SYSTEM_AUDIT_CALLBACK_OBJECT_ACE_TYPE (0xF)
|
|
#define SYSTEM_ALARM_CALLBACK_OBJECT_ACE_TYPE (0x10)
|
|
#define ACCESS_MAX_MS_V5_ACE_TYPE (0x10)
|
|
|
|
#define COMPRESSION_FORMAT_NONE (0x0000)
|
|
#define COMPRESSION_FORMAT_DEFAULT (0x0001)
|
|
#define COMPRESSION_FORMAT_LZNT1 (0x0002)
|
|
#define COMPRESSION_ENGINE_STANDARD (0x0000)
|
|
#define COMPRESSION_ENGINE_MAXIMUM (0x0100)
|
|
#define COMPRESSION_ENGINE_HIBER (0x0200)
|
|
|
|
#define FILE_ACTION_ADDED 0x00000001
|
|
#define FILE_ACTION_REMOVED 0x00000002
|
|
#define FILE_ACTION_MODIFIED 0x00000003
|
|
#define FILE_ACTION_RENAMED_OLD_NAME 0x00000004
|
|
#define FILE_ACTION_RENAMED_NEW_NAME 0x00000005
|
|
#define FILE_ACTION_ADDED_STREAM 0x00000006
|
|
#define FILE_ACTION_REMOVED_STREAM 0x00000007
|
|
#define FILE_ACTION_MODIFIED_STREAM 0x00000008
|
|
#define FILE_ACTION_REMOVED_BY_DELETE 0x00000009
|
|
#define FILE_ACTION_ID_NOT_TUNNELLED 0x0000000A
|
|
#define FILE_ACTION_TUNNELLED_ID_COLLISION 0x0000000B
|
|
/* end winnt.h */
|
|
|
|
#define FILE_EA_TYPE_BINARY 0xfffe
|
|
#define FILE_EA_TYPE_ASCII 0xfffd
|
|
#define FILE_EA_TYPE_BITMAP 0xfffb
|
|
#define FILE_EA_TYPE_METAFILE 0xfffa
|
|
#define FILE_EA_TYPE_ICON 0xfff9
|
|
#define FILE_EA_TYPE_EA 0xffee
|
|
#define FILE_EA_TYPE_MVMT 0xffdf
|
|
#define FILE_EA_TYPE_MVST 0xffde
|
|
#define FILE_EA_TYPE_ASN1 0xffdd
|
|
#define FILE_EA_TYPE_FAMILY_IDS 0xff01
|
|
|
|
#define FILE_NEED_EA 0x00000080
|
|
|
|
/* also in winnt.h */
|
|
#define FILE_NOTIFY_CHANGE_FILE_NAME 0x00000001
|
|
#define FILE_NOTIFY_CHANGE_DIR_NAME 0x00000002
|
|
#define FILE_NOTIFY_CHANGE_NAME 0x00000003
|
|
#define FILE_NOTIFY_CHANGE_ATTRIBUTES 0x00000004
|
|
#define FILE_NOTIFY_CHANGE_SIZE 0x00000008
|
|
#define FILE_NOTIFY_CHANGE_LAST_WRITE 0x00000010
|
|
#define FILE_NOTIFY_CHANGE_LAST_ACCESS 0x00000020
|
|
#define FILE_NOTIFY_CHANGE_CREATION 0x00000040
|
|
#define FILE_NOTIFY_CHANGE_EA 0x00000080
|
|
#define FILE_NOTIFY_CHANGE_SECURITY 0x00000100
|
|
#define FILE_NOTIFY_CHANGE_STREAM_NAME 0x00000200
|
|
#define FILE_NOTIFY_CHANGE_STREAM_SIZE 0x00000400
|
|
#define FILE_NOTIFY_CHANGE_STREAM_WRITE 0x00000800
|
|
#define FILE_NOTIFY_VALID_MASK 0x00000fff
|
|
/* end winnt.h */
|
|
|
|
#define FILE_OPLOCK_BROKEN_TO_LEVEL_2 0x00000007
|
|
#define FILE_OPLOCK_BROKEN_TO_NONE 0x00000008
|
|
|
|
#define FILE_OPBATCH_BREAK_UNDERWAY 0x00000009
|
|
|
|
#define FILE_CASE_SENSITIVE_SEARCH 0x00000001
|
|
#define FILE_CASE_PRESERVED_NAMES 0x00000002
|
|
#define FILE_UNICODE_ON_DISK 0x00000004
|
|
#define FILE_PERSISTENT_ACLS 0x00000008
|
|
#define FILE_FILE_COMPRESSION 0x00000010
|
|
#define FILE_VOLUME_QUOTAS 0x00000020
|
|
#define FILE_SUPPORTS_SPARSE_FILES 0x00000040
|
|
#define FILE_SUPPORTS_REPARSE_POINTS 0x00000080
|
|
#define FILE_SUPPORTS_REMOTE_STORAGE 0x00000100
|
|
#define FS_LFN_APIS 0x00004000
|
|
#define FILE_VOLUME_IS_COMPRESSED 0x00008000
|
|
#define FILE_SUPPORTS_OBJECT_IDS 0x00010000
|
|
#define FILE_SUPPORTS_ENCRYPTION 0x00020000
|
|
#define FILE_NAMED_STREAMS 0x00040000
|
|
#define FILE_READ_ONLY_VOLUME 0x00080000
|
|
#define FILE_SEQUENTIAL_WRITE_ONCE 0x00100000
|
|
#define FILE_SUPPORTS_TRANSACTIONS 0x00200000
|
|
|
|
#define FILE_PIPE_BYTE_STREAM_TYPE 0x00000000
|
|
#define FILE_PIPE_MESSAGE_TYPE 0x00000001
|
|
|
|
#define FILE_PIPE_BYTE_STREAM_MODE 0x00000000
|
|
#define FILE_PIPE_MESSAGE_MODE 0x00000001
|
|
|
|
#define FILE_PIPE_QUEUE_OPERATION 0x00000000
|
|
#define FILE_PIPE_COMPLETE_OPERATION 0x00000001
|
|
|
|
#define FILE_PIPE_INBOUND 0x00000000
|
|
#define FILE_PIPE_OUTBOUND 0x00000001
|
|
#define FILE_PIPE_FULL_DUPLEX 0x00000002
|
|
|
|
#define FILE_PIPE_DISCONNECTED_STATE 0x00000001
|
|
#define FILE_PIPE_LISTENING_STATE 0x00000002
|
|
#define FILE_PIPE_CONNECTED_STATE 0x00000003
|
|
#define FILE_PIPE_CLOSING_STATE 0x00000004
|
|
|
|
#define FILE_PIPE_CLIENT_END 0x00000000
|
|
#define FILE_PIPE_SERVER_END 0x00000001
|
|
|
|
#define FILE_PIPE_READ_DATA 0x00000000
|
|
#define FILE_PIPE_WRITE_SPACE 0x00000001
|
|
|
|
#define FILE_STORAGE_TYPE_SPECIFIED 0x00000041 /* FILE_DIRECTORY_FILE | FILE_NON_DIRECTORY_FILE */
|
|
#define FILE_STORAGE_TYPE_DEFAULT (StorageTypeDefault << FILE_STORAGE_TYPE_SHIFT)
|
|
#define FILE_STORAGE_TYPE_DIRECTORY (StorageTypeDirectory << FILE_STORAGE_TYPE_SHIFT)
|
|
#define FILE_STORAGE_TYPE_FILE (StorageTypeFile << FILE_STORAGE_TYPE_SHIFT)
|
|
#define FILE_STORAGE_TYPE_DOCFILE (StorageTypeDocfile << FILE_STORAGE_TYPE_SHIFT)
|
|
#define FILE_STORAGE_TYPE_JUNCTION_POINT (StorageTypeJunctionPoint << FILE_STORAGE_TYPE_SHIFT)
|
|
#define FILE_STORAGE_TYPE_CATALOG (StorageTypeCatalog << FILE_STORAGE_TYPE_SHIFT)
|
|
#define FILE_STORAGE_TYPE_STRUCTURED_STORAGE (StorageTypeStructuredStorage << FILE_STORAGE_TYPE_SHIFT)
|
|
#define FILE_STORAGE_TYPE_EMBEDDING (StorageTypeEmbedding << FILE_STORAGE_TYPE_SHIFT)
|
|
#define FILE_STORAGE_TYPE_STREAM (StorageTypeStream << FILE_STORAGE_TYPE_SHIFT)
|
|
#define FILE_MINIMUM_STORAGE_TYPE FILE_STORAGE_TYPE_DEFAULT
|
|
#define FILE_MAXIMUM_STORAGE_TYPE FILE_STORAGE_TYPE_STREAM
|
|
#define FILE_STORAGE_TYPE_MASK 0x000f0000
|
|
#define FILE_STORAGE_TYPE_SHIFT 16
|
|
|
|
#define FILE_VC_QUOTA_NONE 0x00000000
|
|
#define FILE_VC_QUOTA_TRACK 0x00000001
|
|
#define FILE_VC_QUOTA_ENFORCE 0x00000002
|
|
#define FILE_VC_QUOTA_MASK 0x00000003
|
|
|
|
#define FILE_VC_QUOTAS_LOG_VIOLATIONS 0x00000004
|
|
#define FILE_VC_CONTENT_INDEX_DISABLED 0x00000008
|
|
|
|
#define FILE_VC_LOG_QUOTA_THRESHOLD 0x00000010
|
|
#define FILE_VC_LOG_QUOTA_LIMIT 0x00000020
|
|
#define FILE_VC_LOG_VOLUME_THRESHOLD 0x00000040
|
|
#define FILE_VC_LOG_VOLUME_LIMIT 0x00000080
|
|
|
|
#define FILE_VC_QUOTAS_INCOMPLETE 0x00000100
|
|
#define FILE_VC_QUOTAS_REBUILDING 0x00000200
|
|
|
|
#define FILE_VC_VALID_MASK 0x000003ff
|
|
|
|
#define FSRTL_FLAG_FILE_MODIFIED (0x01)
|
|
#define FSRTL_FLAG_FILE_LENGTH_CHANGED (0x02)
|
|
#define FSRTL_FLAG_LIMIT_MODIFIED_PAGES (0x04)
|
|
#define FSRTL_FLAG_ACQUIRE_MAIN_RSRC_EX (0x08)
|
|
#define FSRTL_FLAG_ACQUIRE_MAIN_RSRC_SH (0x10)
|
|
#define FSRTL_FLAG_USER_MAPPED_FILE (0x20)
|
|
#define FSRTL_FLAG_ADVANCED_HEADER (0x40)
|
|
#define FSRTL_FLAG_EOF_ADVANCE_ACTIVE (0x80)
|
|
|
|
#define FSRTL_FLAG2_DO_MODIFIED_WRITE (0x01)
|
|
#define FSRTL_FLAG2_SUPPORTS_FILTER_CONTEXTS (0x02)
|
|
#define FSRTL_FLAG2_PURGE_WHEN_MAPPED (0x04)
|
|
#define FSRTL_FLAG2_IS_PAGING_FILE (0x08)
|
|
|
|
#define FSRTL_FSP_TOP_LEVEL_IRP (0x01)
|
|
#define FSRTL_CACHE_TOP_LEVEL_IRP (0x02)
|
|
#define FSRTL_MOD_WRITE_TOP_LEVEL_IRP (0x03)
|
|
#define FSRTL_FAST_IO_TOP_LEVEL_IRP (0x04)
|
|
#define FSRTL_MAX_TOP_LEVEL_IRP_FLAG (0x04)
|
|
|
|
#define FSRTL_VOLUME_DISMOUNT 1
|
|
#define FSRTL_VOLUME_DISMOUNT_FAILED 2
|
|
#define FSRTL_VOLUME_LOCK 3
|
|
#define FSRTL_VOLUME_LOCK_FAILED 4
|
|
#define FSRTL_VOLUME_UNLOCK 5
|
|
#define FSRTL_VOLUME_MOUNT 6
|
|
|
|
#define FSRTL_WILD_CHARACTER 0x08
|
|
|
|
#define FSRTL_FAT_LEGAL 0x01
|
|
#define FSRTL_HPFS_LEGAL 0x02
|
|
#define FSRTL_NTFS_LEGAL 0x04
|
|
#define FSRTL_WILD_CHARACTER 0x08
|
|
#define FSRTL_OLE_LEGAL 0x10
|
|
#define FSRTL_NTFS_STREAM_LEGAL 0x14
|
|
|
|
#ifdef _X86_
|
|
#define HARDWARE_PTE HARDWARE_PTE_X86
|
|
#define PHARDWARE_PTE PHARDWARE_PTE_X86
|
|
#endif
|
|
|
|
#define IO_CHECK_CREATE_PARAMETERS 0x0200
|
|
#define IO_ATTACH_DEVICE 0x0400
|
|
|
|
#define IO_ATTACH_DEVICE_API 0x80000000
|
|
|
|
#define IO_FILE_OBJECT_NON_PAGED_POOL_CHARGE 64
|
|
#define IO_FILE_OBJECT_PAGED_POOL_CHARGE 1024
|
|
|
|
#define IO_TYPE_APC 18
|
|
#define IO_TYPE_DPC 19
|
|
#define IO_TYPE_DEVICE_QUEUE 20
|
|
#define IO_TYPE_EVENT_PAIR 21
|
|
#define IO_TYPE_INTERRUPT 22
|
|
#define IO_TYPE_PROFILE 23
|
|
|
|
#define IRP_BEING_VERIFIED 0x10
|
|
|
|
#define MAILSLOT_CLASS_FIRSTCLASS 1
|
|
#define MAILSLOT_CLASS_SECONDCLASS 2
|
|
|
|
#define MAILSLOT_SIZE_AUTO 0
|
|
|
|
#define MEM_DOS_LIM 0x40000000
|
|
|
|
#define MCB_FLAG_RAISE_ON_ALLOCATION_FAILURE 1
|
|
|
|
#define OB_TYPE_TYPE 1
|
|
#define OB_TYPE_DIRECTORY 2
|
|
#define OB_TYPE_SYMBOLIC_LINK 3
|
|
#define OB_TYPE_TOKEN 4
|
|
#define OB_TYPE_PROCESS 5
|
|
#define OB_TYPE_THREAD 6
|
|
#define OB_TYPE_EVENT 7
|
|
#define OB_TYPE_EVENT_PAIR 8
|
|
#define OB_TYPE_MUTANT 9
|
|
#define OB_TYPE_SEMAPHORE 10
|
|
#define OB_TYPE_TIMER 11
|
|
#define OB_TYPE_PROFILE 12
|
|
#define OB_TYPE_WINDOW_STATION 13
|
|
#define OB_TYPE_DESKTOP 14
|
|
#define OB_TYPE_SECTION 15
|
|
#define OB_TYPE_KEY 16
|
|
#define OB_TYPE_PORT 17
|
|
#define OB_TYPE_ADAPTER 18
|
|
#define OB_TYPE_CONTROLLER 19
|
|
#define OB_TYPE_DEVICE 20
|
|
#define OB_TYPE_DRIVER 21
|
|
#define OB_TYPE_IO_COMPLETION 22
|
|
#define OB_TYPE_FILE 23
|
|
|
|
#define PIN_WAIT (1)
|
|
#define PIN_EXCLUSIVE (2)
|
|
#define PIN_NO_READ (4)
|
|
#define PIN_IF_BCB (8)
|
|
|
|
#define RTL_DUPLICATE_UNICODE_STRING_NULL_TERMINATE 1
|
|
#define RTL_DUPLICATE_UNICODE_STRING_ALLOCATE_NULL_STRING 2
|
|
|
|
#define SEC_BASED 0x00200000
|
|
|
|
#define SECURITY_WORLD_SID_AUTHORITY {0,0,0,0,0,1}
|
|
#define SECURITY_WORLD_RID (0x00000000L)
|
|
|
|
#define SID_REVISION 1
|
|
#define SID_MAX_SUB_AUTHORITIES 15
|
|
#define SID_RECOMMENDED_SUB_AUTHORITIES 1
|
|
|
|
#define TOKEN_ASSIGN_PRIMARY (0x0001)
|
|
#define TOKEN_DUPLICATE (0x0002)
|
|
#define TOKEN_IMPERSONATE (0x0004)
|
|
#define TOKEN_QUERY (0x0008)
|
|
#define TOKEN_QUERY_SOURCE (0x0010)
|
|
#define TOKEN_ADJUST_PRIVILEGES (0x0020)
|
|
#define TOKEN_ADJUST_GROUPS (0x0040)
|
|
#define TOKEN_ADJUST_DEFAULT (0x0080)
|
|
#define TOKEN_ADJUST_SESSIONID (0x0100)
|
|
|
|
#define TOKEN_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED |\
|
|
TOKEN_ASSIGN_PRIMARY |\
|
|
TOKEN_DUPLICATE |\
|
|
TOKEN_IMPERSONATE |\
|
|
TOKEN_QUERY |\
|
|
TOKEN_QUERY_SOURCE |\
|
|
TOKEN_ADJUST_PRIVILEGES |\
|
|
TOKEN_ADJUST_GROUPS |\
|
|
TOKEN_ADJUST_DEFAULT |\
|
|
TOKEN_ADJUST_SESSIONID)
|
|
|
|
#define TOKEN_READ (STANDARD_RIGHTS_READ |\
|
|
TOKEN_QUERY)
|
|
|
|
#define TOKEN_WRITE (STANDARD_RIGHTS_WRITE |\
|
|
TOKEN_ADJUST_PRIVILEGES |\
|
|
TOKEN_ADJUST_GROUPS |\
|
|
TOKEN_ADJUST_DEFAULT)
|
|
|
|
#define TOKEN_EXECUTE (STANDARD_RIGHTS_EXECUTE)
|
|
|
|
#define TOKEN_SOURCE_LENGTH 8
|
|
/* end winnt.h */
|
|
|
|
#define TOKEN_HAS_TRAVERSE_PRIVILEGE 0x01
|
|
#define TOKEN_HAS_BACKUP_PRIVILEGE 0x02
|
|
#define TOKEN_HAS_RESTORE_PRIVILEGE 0x04
|
|
#define TOKEN_HAS_ADMIN_GROUP 0x08
|
|
#define TOKEN_WRITE_RESTRICTED 0x08
|
|
#define TOKEN_IS_RESTRICTED 0x10
|
|
#define SE_BACKUP_PRIVILEGES_CHECKED 0x0100
|
|
|
|
#define VACB_MAPPING_GRANULARITY (0x40000)
|
|
#define VACB_OFFSET_SHIFT (18)
|
|
|
|
#define SE_OWNER_DEFAULTED 0x0001
|
|
#define SE_GROUP_DEFAULTED 0x0002
|
|
#define SE_DACL_PRESENT 0x0004
|
|
#define SE_DACL_DEFAULTED 0x0008
|
|
#define SE_SACL_PRESENT 0x0010
|
|
#define SE_SACL_DEFAULTED 0x0020
|
|
#define SE_DACL_UNTRUSTED 0x0040
|
|
#define SE_SERVER_SECURITY 0x0080
|
|
#define SE_DACL_AUTO_INHERIT_REQ 0x0100
|
|
#define SE_SACL_AUTO_INHERIT_REQ 0x0200
|
|
#define SE_DACL_AUTO_INHERITED 0x0400
|
|
#define SE_SACL_AUTO_INHERITED 0x0800
|
|
#define SE_DACL_PROTECTED 0x1000
|
|
#define SE_SACL_PROTECTED 0x2000
|
|
#define SE_RM_CONTROL_VALID 0x4000
|
|
#define SE_SELF_RELATIVE 0x8000
|
|
|
|
#ifndef _WINNT_H
|
|
#define _AUDIT_EVENT_TYPE_HACK 0
|
|
#endif
|
|
#if (_AUDIT_EVENT_TYPE_HACK == 1)
|
|
|
|
#else
|
|
typedef enum _AUDIT_EVENT_TYPE
|
|
{
|
|
AuditEventObjectAccess,
|
|
AuditEventDirectoryServiceAccess
|
|
} AUDIT_EVENT_TYPE, *PAUDIT_EVENT_TYPE;
|
|
#endif
|
|
|
|
#define AUDIT_ALLOW_NO_PRIVILEGE 0x1
|
|
|
|
#define FSCTL_REQUEST_OPLOCK_LEVEL_1 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 0, METHOD_BUFFERED, FILE_ANY_ACCESS)
|
|
#define FSCTL_REQUEST_OPLOCK_LEVEL_2 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 1, METHOD_BUFFERED, FILE_ANY_ACCESS)
|
|
#define FSCTL_REQUEST_BATCH_OPLOCK CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 2, METHOD_BUFFERED, FILE_ANY_ACCESS)
|
|
#define FSCTL_OPLOCK_BREAK_ACKNOWLEDGE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 3, METHOD_BUFFERED, FILE_ANY_ACCESS)
|
|
#define FSCTL_OPBATCH_ACK_CLOSE_PENDING CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 4, METHOD_BUFFERED, FILE_ANY_ACCESS)
|
|
#define FSCTL_OPLOCK_BREAK_NOTIFY CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 5, METHOD_BUFFERED, FILE_ANY_ACCESS)
|
|
#define FSCTL_LOCK_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 6, METHOD_BUFFERED, FILE_ANY_ACCESS)
|
|
#define FSCTL_UNLOCK_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 7, METHOD_BUFFERED, FILE_ANY_ACCESS)
|
|
#define FSCTL_DISMOUNT_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 8, METHOD_BUFFERED, FILE_ANY_ACCESS)
|
|
|
|
#define FSCTL_IS_VOLUME_MOUNTED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 10, METHOD_BUFFERED, FILE_ANY_ACCESS)
|
|
#define FSCTL_IS_PATHNAME_VALID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 11, METHOD_BUFFERED, FILE_ANY_ACCESS)
|
|
#define FSCTL_MARK_VOLUME_DIRTY CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 12, METHOD_BUFFERED, FILE_ANY_ACCESS)
|
|
|
|
#define FSCTL_QUERY_RETRIEVAL_POINTERS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 14, METHOD_NEITHER, FILE_ANY_ACCESS)
|
|
#define FSCTL_GET_COMPRESSION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 15, METHOD_BUFFERED, FILE_ANY_ACCESS)
|
|
#define FSCTL_SET_COMPRESSION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 16, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA)
|
|
|
|
|
|
#define FSCTL_MARK_AS_SYSTEM_HIVE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 19, METHOD_NEITHER, FILE_ANY_ACCESS)
|
|
#define FSCTL_OPLOCK_BREAK_ACK_NO_2 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 20, METHOD_BUFFERED, FILE_ANY_ACCESS)
|
|
#define FSCTL_INVALIDATE_VOLUMES CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 21, METHOD_BUFFERED, FILE_ANY_ACCESS)
|
|
#define FSCTL_QUERY_FAT_BPB CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 22, METHOD_BUFFERED, FILE_ANY_ACCESS)
|
|
#define FSCTL_REQUEST_FILTER_OPLOCK CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 23, METHOD_BUFFERED, FILE_ANY_ACCESS)
|
|
#define FSCTL_FILESYSTEM_GET_STATISTICS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 24, METHOD_BUFFERED, FILE_ANY_ACCESS)
|
|
|
|
#if (VER_PRODUCTBUILD >= 1381)
|
|
|
|
#define FSCTL_GET_NTFS_VOLUME_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 25, METHOD_BUFFERED, FILE_ANY_ACCESS)
|
|
#define FSCTL_GET_NTFS_FILE_RECORD CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 26, METHOD_BUFFERED, FILE_ANY_ACCESS)
|
|
#define FSCTL_GET_VOLUME_BITMAP CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 27, METHOD_NEITHER, FILE_ANY_ACCESS)
|
|
#define FSCTL_GET_RETRIEVAL_POINTERS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 28, METHOD_NEITHER, FILE_ANY_ACCESS)
|
|
#define FSCTL_MOVE_FILE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 29, METHOD_BUFFERED, FILE_ANY_ACCESS)
|
|
#define FSCTL_IS_VOLUME_DIRTY CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 30, METHOD_BUFFERED, FILE_ANY_ACCESS)
|
|
#define FSCTL_GET_HFS_INFORMATION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 31, METHOD_BUFFERED, FILE_ANY_ACCESS)
|
|
#define FSCTL_ALLOW_EXTENDED_DASD_IO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 32, METHOD_NEITHER, FILE_ANY_ACCESS)
|
|
|
|
#endif /* (VER_PRODUCTBUILD >= 1381) */
|
|
|
|
#if (VER_PRODUCTBUILD >= 2195)
|
|
|
|
#define FSCTL_READ_PROPERTY_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 33, METHOD_NEITHER, FILE_ANY_ACCESS)
|
|
#define FSCTL_WRITE_PROPERTY_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 34, METHOD_NEITHER, FILE_ANY_ACCESS)
|
|
#define FSCTL_FIND_FILES_BY_SID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 35, METHOD_NEITHER, FILE_ANY_ACCESS)
|
|
|
|
#define FSCTL_DUMP_PROPERTY_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 37, METHOD_NEITHER, FILE_ANY_ACCESS)
|
|
#define FSCTL_SET_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 38, METHOD_BUFFERED, FILE_WRITE_DATA)
|
|
#define FSCTL_GET_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 39, METHOD_BUFFERED, FILE_ANY_ACCESS)
|
|
#define FSCTL_DELETE_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 40, METHOD_BUFFERED, FILE_WRITE_DATA)
|
|
#define FSCTL_SET_REPARSE_POINT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 41, METHOD_BUFFERED, FILE_WRITE_DATA)
|
|
#define FSCTL_GET_REPARSE_POINT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 42, METHOD_BUFFERED, FILE_ANY_ACCESS)
|
|
#define FSCTL_DELETE_REPARSE_POINT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 43, METHOD_BUFFERED, FILE_WRITE_DATA)
|
|
#define FSCTL_ENUM_USN_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 44, METHOD_NEITHER, FILE_READ_DATA)
|
|
#define FSCTL_SECURITY_ID_CHECK CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 45, METHOD_NEITHER, FILE_READ_DATA)
|
|
#define FSCTL_READ_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 46, METHOD_NEITHER, FILE_READ_DATA)
|
|
#define FSCTL_SET_OBJECT_ID_EXTENDED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 47, METHOD_BUFFERED, FILE_WRITE_DATA)
|
|
#define FSCTL_CREATE_OR_GET_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 48, METHOD_BUFFERED, FILE_ANY_ACCESS)
|
|
#define FSCTL_SET_SPARSE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 49, METHOD_BUFFERED, FILE_WRITE_DATA)
|
|
#define FSCTL_SET_ZERO_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 50, METHOD_BUFFERED, FILE_WRITE_DATA)
|
|
#define FSCTL_QUERY_ALLOCATED_RANGES CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 51, METHOD_NEITHER, FILE_READ_DATA)
|
|
#define FSCTL_ENABLE_UPGRADE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 52, METHOD_BUFFERED, FILE_WRITE_DATA)
|
|
#define FSCTL_SET_ENCRYPTION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 53, METHOD_BUFFERED, FILE_ANY_ACCESS)
|
|
#define FSCTL_ENCRYPTION_FSCTL_IO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 54, METHOD_NEITHER, FILE_ANY_ACCESS)
|
|
#define FSCTL_WRITE_RAW_ENCRYPTED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 55, METHOD_NEITHER, FILE_ANY_ACCESS)
|
|
#define FSCTL_READ_RAW_ENCRYPTED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 56, METHOD_NEITHER, FILE_ANY_ACCESS)
|
|
#define FSCTL_CREATE_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 57, METHOD_NEITHER, FILE_READ_DATA)
|
|
#define FSCTL_READ_FILE_USN_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 58, METHOD_NEITHER, FILE_READ_DATA)
|
|
#define FSCTL_WRITE_USN_CLOSE_RECORD CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 59, METHOD_NEITHER, FILE_READ_DATA)
|
|
#define FSCTL_EXTEND_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 60, METHOD_BUFFERED, FILE_ANY_ACCESS)
|
|
#define FSCTL_QUERY_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 61, METHOD_BUFFERED, FILE_ANY_ACCESS)
|
|
#define FSCTL_DELETE_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 62, METHOD_BUFFERED, FILE_ANY_ACCESS)
|
|
#define FSCTL_MARK_HANDLE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 63, METHOD_BUFFERED, FILE_ANY_ACCESS)
|
|
#define FSCTL_SIS_COPYFILE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 64, METHOD_BUFFERED, FILE_ANY_ACCESS)
|
|
#define FSCTL_SIS_LINK_FILES CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 65, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA)
|
|
#define FSCTL_HSM_MSG CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 66, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA)
|
|
#define FSCTL_NSS_CONTROL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 67, METHOD_BUFFERED, FILE_WRITE_DATA)
|
|
#define FSCTL_HSM_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 68, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA)
|
|
#define FSCTL_RECALL_FILE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 69, METHOD_NEITHER, FILE_ANY_ACCESS)
|
|
#define FSCTL_NSS_RCONTROL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 70, METHOD_BUFFERED, FILE_READ_DATA)
|
|
#define FSCTL_READ_FROM_PLEX CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 71, METHOD_OUT_DIRECT, FILE_READ_DATA)
|
|
#define FSCTL_FILE_PREFETCH CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 72, METHOD_BUFFERED, FILE_SPECIAL_ACCESS)
|
|
|
|
#endif /* (VER_PRODUCTBUILD >= 2195) */
|
|
|
|
#define FSCTL_MAILSLOT_PEEK CTL_CODE(FILE_DEVICE_MAILSLOT, 0, METHOD_NEITHER, FILE_READ_DATA)
|
|
|
|
#define FSCTL_NETWORK_SET_CONFIGURATION_INFO CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 102, METHOD_IN_DIRECT, FILE_ANY_ACCESS)
|
|
#define FSCTL_NETWORK_GET_CONFIGURATION_INFO CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 103, METHOD_OUT_DIRECT, FILE_ANY_ACCESS)
|
|
#define FSCTL_NETWORK_GET_CONNECTION_INFO CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 104, METHOD_NEITHER, FILE_ANY_ACCESS)
|
|
#define FSCTL_NETWORK_ENUMERATE_CONNECTIONS CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 105, METHOD_NEITHER, FILE_ANY_ACCESS)
|
|
#define FSCTL_NETWORK_DELETE_CONNECTION CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 107, METHOD_BUFFERED, FILE_ANY_ACCESS)
|
|
#define FSCTL_NETWORK_GET_STATISTICS CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 116, METHOD_BUFFERED, FILE_ANY_ACCESS)
|
|
#define FSCTL_NETWORK_SET_DOMAIN_NAME CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 120, METHOD_BUFFERED, FILE_ANY_ACCESS)
|
|
#define FSCTL_NETWORK_REMOTE_BOOT_INIT_SCRT CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 250, METHOD_BUFFERED, FILE_ANY_ACCESS)
|
|
|
|
#define FSCTL_PIPE_ASSIGN_EVENT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 0, METHOD_BUFFERED, FILE_ANY_ACCESS)
|
|
#define FSCTL_PIPE_DISCONNECT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 1, METHOD_BUFFERED, FILE_ANY_ACCESS)
|
|
#define FSCTL_PIPE_LISTEN CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2, METHOD_BUFFERED, FILE_ANY_ACCESS)
|
|
#define FSCTL_PIPE_PEEK CTL_CODE(FILE_DEVICE_NAMED_PIPE, 3, METHOD_BUFFERED, FILE_READ_DATA)
|
|
#define FSCTL_PIPE_QUERY_EVENT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 4, METHOD_BUFFERED, FILE_ANY_ACCESS)
|
|
#define FSCTL_PIPE_TRANSCEIVE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 5, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA)
|
|
#define FSCTL_PIPE_WAIT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 6, METHOD_BUFFERED, FILE_ANY_ACCESS)
|
|
#define FSCTL_PIPE_IMPERSONATE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 7, METHOD_BUFFERED, FILE_ANY_ACCESS)
|
|
#define FSCTL_PIPE_SET_CLIENT_PROCESS CTL_CODE(FILE_DEVICE_NAMED_PIPE, 8, METHOD_BUFFERED, FILE_ANY_ACCESS)
|
|
#define FSCTL_PIPE_QUERY_CLIENT_PROCESS CTL_CODE(FILE_DEVICE_NAMED_PIPE, 9, METHOD_BUFFERED, FILE_ANY_ACCESS)
|
|
#define FSCTL_PIPE_INTERNAL_READ CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2045, METHOD_BUFFERED, FILE_READ_DATA)
|
|
#define FSCTL_PIPE_INTERNAL_WRITE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2046, METHOD_BUFFERED, FILE_WRITE_DATA)
|
|
#define FSCTL_PIPE_INTERNAL_TRANSCEIVE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2047, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA)
|
|
#define FSCTL_PIPE_INTERNAL_READ_OVFLOW CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2048, METHOD_BUFFERED, FILE_READ_DATA)
|
|
|
|
#define IOCTL_REDIR_QUERY_PATH CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 99, METHOD_NEITHER, FILE_ANY_ACCESS)
|
|
|
|
typedef PVOID OPLOCK, *POPLOCK;
|
|
|
|
//
|
|
// Forwarders
|
|
//
|
|
struct _RTL_AVL_TABLE;
|
|
struct _RTL_GENERIC_TABLE;
|
|
|
|
typedef ULONG LBN;
|
|
typedef LBN *PLBN;
|
|
|
|
typedef ULONG VBN;
|
|
typedef VBN *PVBN;
|
|
|
|
typedef PVOID PNOTIFY_SYNC;
|
|
|
|
typedef enum _FAST_IO_POSSIBLE {
|
|
FastIoIsNotPossible,
|
|
FastIoIsPossible,
|
|
FastIoIsQuestionable
|
|
} FAST_IO_POSSIBLE;
|
|
|
|
typedef enum _FILE_STORAGE_TYPE {
|
|
StorageTypeDefault = 1,
|
|
StorageTypeDirectory,
|
|
StorageTypeFile,
|
|
StorageTypeJunctionPoint,
|
|
StorageTypeCatalog,
|
|
StorageTypeStructuredStorage,
|
|
StorageTypeEmbedding,
|
|
StorageTypeStream
|
|
} FILE_STORAGE_TYPE;
|
|
|
|
typedef enum _OBJECT_INFORMATION_CLASS
|
|
{
|
|
ObjectBasicInformation,
|
|
ObjectNameInformation,
|
|
ObjectTypeInformation,
|
|
ObjectTypesInformation,
|
|
ObjectHandleFlagInformation,
|
|
ObjectSessionInformation,
|
|
MaxObjectInfoClass
|
|
} OBJECT_INFORMATION_CLASS;
|
|
|
|
typedef struct _OBJECT_BASIC_INFORMATION
|
|
{
|
|
ULONG Attributes;
|
|
ACCESS_MASK GrantedAccess;
|
|
ULONG HandleCount;
|
|
ULONG PointerCount;
|
|
ULONG PagedPoolCharge;
|
|
ULONG NonPagedPoolCharge;
|
|
ULONG Reserved[ 3 ];
|
|
ULONG NameInfoSize;
|
|
ULONG TypeInfoSize;
|
|
ULONG SecurityDescriptorSize;
|
|
LARGE_INTEGER CreationTime;
|
|
} OBJECT_BASIC_INFORMATION, *POBJECT_BASIC_INFORMATION;
|
|
|
|
typedef struct _KAPC_STATE {
|
|
LIST_ENTRY ApcListHead[2];
|
|
PKPROCESS Process;
|
|
BOOLEAN KernelApcInProgress;
|
|
BOOLEAN KernelApcPending;
|
|
BOOLEAN UserApcPending;
|
|
} KAPC_STATE, *PKAPC_STATE, *RESTRICTED_POINTER PRKAPC_STATE;
|
|
#define KAPC_STATE_ACTUAL_LENGTH (FIELD_OFFSET(KAPC_STATE, UserApcPending) + sizeof(BOOLEAN))
|
|
|
|
typedef struct _BITMAP_RANGE {
|
|
LIST_ENTRY Links;
|
|
LONGLONG BasePage;
|
|
ULONG FirstDirtyPage;
|
|
ULONG LastDirtyPage;
|
|
ULONG DirtyPages;
|
|
PULONG Bitmap;
|
|
} BITMAP_RANGE, *PBITMAP_RANGE;
|
|
|
|
typedef struct _CACHE_UNINITIALIZE_EVENT {
|
|
struct _CACHE_UNINITIALIZE_EVENT *Next;
|
|
KEVENT Event;
|
|
} CACHE_UNINITIALIZE_EVENT, *PCACHE_UNINITIALIZE_EVENT;
|
|
|
|
typedef struct _CC_FILE_SIZES {
|
|
LARGE_INTEGER AllocationSize;
|
|
LARGE_INTEGER FileSize;
|
|
LARGE_INTEGER ValidDataLength;
|
|
} CC_FILE_SIZES, *PCC_FILE_SIZES;
|
|
|
|
typedef struct _COMPRESSED_DATA_INFO {
|
|
USHORT CompressionFormatAndEngine;
|
|
UCHAR CompressionUnitShift;
|
|
UCHAR ChunkShift;
|
|
UCHAR ClusterShift;
|
|
UCHAR Reserved;
|
|
USHORT NumberOfChunks;
|
|
ULONG CompressedChunkSizes[ANYSIZE_ARRAY];
|
|
} COMPRESSED_DATA_INFO, *PCOMPRESSED_DATA_INFO;
|
|
|
|
typedef struct _SID_IDENTIFIER_AUTHORITY {
|
|
UCHAR Value[6];
|
|
} SID_IDENTIFIER_AUTHORITY,*PSID_IDENTIFIER_AUTHORITY,*LPSID_IDENTIFIER_AUTHORITY;
|
|
|
|
typedef struct _SID {
|
|
UCHAR Revision;
|
|
UCHAR SubAuthorityCount;
|
|
SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
|
|
ULONG SubAuthority[ANYSIZE_ARRAY];
|
|
} SID, *PISID;
|
|
typedef struct _SID_AND_ATTRIBUTES {
|
|
PSID Sid;
|
|
ULONG Attributes;
|
|
} SID_AND_ATTRIBUTES, *PSID_AND_ATTRIBUTES;
|
|
typedef SID_AND_ATTRIBUTES SID_AND_ATTRIBUTES_ARRAY[ANYSIZE_ARRAY];
|
|
typedef SID_AND_ATTRIBUTES_ARRAY *PSID_AND_ATTRIBUTES_ARRAY;
|
|
|
|
|
|
|
|
//
|
|
// Universal well-known SIDs
|
|
//
|
|
#define SECURITY_NULL_SID_AUTHORITY {0,0,0,0,0,0}
|
|
#define SECURITY_WORLD_SID_AUTHORITY {0,0,0,0,0,1}
|
|
#define SECURITY_LOCAL_SID_AUTHORITY {0,0,0,0,0,2}
|
|
#define SECURITY_CREATOR_SID_AUTHORITY {0,0,0,0,0,3}
|
|
#define SECURITY_NON_UNIQUE_AUTHORITY {0,0,0,0,0,4}
|
|
#define SECURITY_RESOURCE_MANAGER_AUTHORITY {0,0,0,0,0,9}
|
|
|
|
#define SECURITY_NULL_RID (0x00000000L)
|
|
#define SECURITY_WORLD_RID (0x00000000L)
|
|
#define SECURITY_LOCAL_RID (0x00000000L)
|
|
|
|
#define SECURITY_CREATOR_OWNER_RID (0x00000000L)
|
|
#define SECURITY_CREATOR_GROUP_RID (0x00000001L)
|
|
|
|
#define SECURITY_CREATOR_OWNER_SERVER_RID (0x00000002L)
|
|
#define SECURITY_CREATOR_GROUP_SERVER_RID (0x00000003L)
|
|
|
|
#define SECURITY_CREATOR_OWNER_RIGHTS_RID (0x00000004L)
|
|
|
|
|
|
|
|
//
|
|
// NT well-known SIDs
|
|
//
|
|
#define SECURITY_NT_AUTHORITY {0,0,0,0,0,5}
|
|
|
|
#define SECURITY_DIALUP_RID (0x00000001L)
|
|
#define SECURITY_NETWORK_RID (0x00000002L)
|
|
#define SECURITY_BATCH_RID (0x00000003L)
|
|
#define SECURITY_INTERACTIVE_RID (0x00000004L)
|
|
#define SECURITY_LOGON_IDS_RID (0x00000005L)
|
|
#define SECURITY_LOGON_IDS_RID_COUNT (3L)
|
|
#define SECURITY_SERVICE_RID (0x00000006L)
|
|
#define SECURITY_ANONYMOUS_LOGON_RID (0x00000007L)
|
|
#define SECURITY_PROXY_RID (0x00000008L)
|
|
#define SECURITY_ENTERPRISE_CONTROLLERS_RID (0x00000009L)
|
|
#define SECURITY_SERVER_LOGON_RID SECURITY_ENTERPRISE_CONTROLLERS_RID
|
|
#define SECURITY_PRINCIPAL_SELF_RID (0x0000000AL)
|
|
#define SECURITY_AUTHENTICATED_USER_RID (0x0000000BL)
|
|
#define SECURITY_RESTRICTED_CODE_RID (0x0000000CL)
|
|
#define SECURITY_TERMINAL_SERVER_RID (0x0000000DL)
|
|
#define SECURITY_REMOTE_LOGON_RID (0x0000000EL)
|
|
#define SECURITY_THIS_ORGANIZATION_RID (0x0000000FL)
|
|
#define SECURITY_IUSER_RID (0x00000011L)
|
|
#define SECURITY_LOCAL_SYSTEM_RID (0x00000012L)
|
|
#define SECURITY_LOCAL_SERVICE_RID (0x00000013L)
|
|
#define SECURITY_NETWORK_SERVICE_RID (0x00000014L)
|
|
|
|
#define SECURITY_NT_NON_UNIQUE (0x00000015L)
|
|
#define SECURITY_NT_NON_UNIQUE_SUB_AUTH_COUNT (3L)
|
|
|
|
#define SECURITY_ENTERPRISE_READONLY_CONTROLLERS_RID (0x00000016L)
|
|
|
|
#define SECURITY_BUILTIN_DOMAIN_RID (0x00000020L)
|
|
#define SECURITY_WRITE_RESTRICTED_CODE_RID (0x00000021L)
|
|
|
|
|
|
#define SECURITY_PACKAGE_BASE_RID (0x00000040L)
|
|
#define SECURITY_PACKAGE_RID_COUNT (2L)
|
|
#define SECURITY_PACKAGE_NTLM_RID (0x0000000AL)
|
|
#define SECURITY_PACKAGE_SCHANNEL_RID (0x0000000EL)
|
|
#define SECURITY_PACKAGE_DIGEST_RID (0x00000015L)
|
|
|
|
#define SECURITY_MIN_BASE_RID (0x00000050L)
|
|
|
|
#define SECURITY_SERVICE_ID_BASE_RID (0x00000050L)
|
|
#define SECURITY_SERVICE_ID_RID_COUNT (6L)
|
|
|
|
#define SECURITY_RESERVED_ID_BASE_RID (0x00000051L)
|
|
|
|
#define SECURITY_APPPOOL_ID_BASE_RID (0x00000052L)
|
|
#define SECURITY_APPPOOL_ID_RID_COUNT (6L)
|
|
|
|
#define SECURITY_VIRTUALSERVER_ID_BASE_RID (0x00000053L)
|
|
#define SECURITY_VIRTUALSERVER_ID_RID_COUNT (6L)
|
|
|
|
#define SECURITY_MAX_BASE_RID (0x0000006FL)
|
|
|
|
#define SECURITY_MAX_ALWAYS_FILTERED (0x000003E7L)
|
|
#define SECURITY_MIN_NEVER_FILTERED (0x000003E8L)
|
|
|
|
#define SECURITY_OTHER_ORGANIZATION_RID (0x000003E8L)
|
|
|
|
|
|
|
|
//
|
|
// Well-known domain relative sub-authority values (RIDs)
|
|
//
|
|
#define DOMAIN_GROUP_RID_ENTERPRISE_READONLY_DOMAIN_CONTROLLERS (0x000001F2L)
|
|
|
|
#define FOREST_USER_RID_MAX (0x000001F3L)
|
|
|
|
//
|
|
// Well-known users
|
|
//
|
|
#define DOMAIN_USER_RID_ADMIN (0x000001F4L)
|
|
#define DOMAIN_USER_RID_GUEST (0x000001F5L)
|
|
#define DOMAIN_USER_RID_KRBTGT (0x000001F6L)
|
|
|
|
#define DOMAIN_USER_RID_MAX (0x000003E7L)
|
|
|
|
//
|
|
// Well-known groups
|
|
//
|
|
#define DOMAIN_GROUP_RID_ADMINS (0x00000200L)
|
|
#define DOMAIN_GROUP_RID_USERS (0x00000201L)
|
|
#define DOMAIN_GROUP_RID_GUESTS (0x00000202L)
|
|
#define DOMAIN_GROUP_RID_COMPUTERS (0x00000203L)
|
|
#define DOMAIN_GROUP_RID_CONTROLLERS (0x00000204L)
|
|
#define DOMAIN_GROUP_RID_CERT_ADMINS (0x00000205L)
|
|
#define DOMAIN_GROUP_RID_SCHEMA_ADMINS (0x00000206L)
|
|
#define DOMAIN_GROUP_RID_ENTERPRISE_ADMINS (0x00000207L)
|
|
#define DOMAIN_GROUP_RID_POLICY_ADMINS (0x00000208L)
|
|
#define DOMAIN_GROUP_RID_READONLY_CONTROLLERS (0x00000209L)
|
|
|
|
//
|
|
// Well-known aliases
|
|
//
|
|
#define DOMAIN_ALIAS_RID_ADMINS (0x00000220L)
|
|
#define DOMAIN_ALIAS_RID_USERS (0x00000221L)
|
|
#define DOMAIN_ALIAS_RID_GUESTS (0x00000222L)
|
|
#define DOMAIN_ALIAS_RID_POWER_USERS (0x00000223L)
|
|
|
|
#define DOMAIN_ALIAS_RID_ACCOUNT_OPS (0x00000224L)
|
|
#define DOMAIN_ALIAS_RID_SYSTEM_OPS (0x00000225L)
|
|
#define DOMAIN_ALIAS_RID_PRINT_OPS (0x00000226L)
|
|
#define DOMAIN_ALIAS_RID_BACKUP_OPS (0x00000227L)
|
|
|
|
#define DOMAIN_ALIAS_RID_REPLICATOR (0x00000228L)
|
|
#define DOMAIN_ALIAS_RID_RAS_SERVERS (0x00000229L)
|
|
#define DOMAIN_ALIAS_RID_PREW2KCOMPACCESS (0x0000022AL)
|
|
#define DOMAIN_ALIAS_RID_REMOTE_DESKTOP_USERS (0x0000022BL)
|
|
#define DOMAIN_ALIAS_RID_NETWORK_CONFIGURATION_OPS (0x0000022CL)
|
|
#define DOMAIN_ALIAS_RID_INCOMING_FOREST_TRUST_BUILDERS (0x0000022DL)
|
|
|
|
#define DOMAIN_ALIAS_RID_MONITORING_USERS (0x0000022EL)
|
|
#define DOMAIN_ALIAS_RID_LOGGING_USERS (0x0000022FL)
|
|
#define DOMAIN_ALIAS_RID_AUTHORIZATIONACCESS (0x00000230L)
|
|
#define DOMAIN_ALIAS_RID_TS_LICENSE_SERVERS (0x00000231L)
|
|
#define DOMAIN_ALIAS_RID_DCOM_USERS (0x00000232L)
|
|
#define DOMAIN_ALIAS_RID_IUSERS (0x00000238L)
|
|
#define DOMAIN_ALIAS_RID_CRYPTO_OPERATORS (0x00000239L)
|
|
#define DOMAIN_ALIAS_RID_CACHEABLE_PRINCIPALS_GROUP (0x0000023BL)
|
|
#define DOMAIN_ALIAS_RID_NON_CACHEABLE_PRINCIPALS_GROUP (0x0000023CL)
|
|
#define DOMAIN_ALIAS_RID_EVENT_LOG_READERS_GROUP (0x0000023DL)
|
|
#define DOMAIN_ALIAS_RID_CERTSVC_DCOM_ACCESS_GROUP (0x0000023EL)
|
|
|
|
|
|
#define SECURITY_MANDATORY_LABEL_AUTHORITY {0,0,0,0,0,16}
|
|
#define SECURITY_MANDATORY_UNTRUSTED_RID (0x00000000L)
|
|
#define SECURITY_MANDATORY_LOW_RID (0x00001000L)
|
|
#define SECURITY_MANDATORY_MEDIUM_RID (0x00002000L)
|
|
#define SECURITY_MANDATORY_HIGH_RID (0x00003000L)
|
|
#define SECURITY_MANDATORY_SYSTEM_RID (0x00004000L)
|
|
#define SECURITY_MANDATORY_PROTECTED_PROCESS_RID (0x00005000L)
|
|
|
|
//
|
|
// SECURITY_MANDATORY_MAXIMUM_USER_RID is the highest RID that
|
|
// can be set by a usermode caller.
|
|
//
|
|
#define SECURITY_MANDATORY_MAXIMUM_USER_RID SECURITY_MANDATORY_SYSTEM_RID
|
|
|
|
#define MANDATORY_LEVEL_TO_MANDATORY_RID(IL) (IL * 0x1000)
|
|
|
|
//
|
|
// Allocate the System Luid. The first 1000 LUIDs are reserved.
|
|
// Use #999 here (0x3e7 = 999)
|
|
//
|
|
#define SYSTEM_LUID { 0x3e7, 0x0 }
|
|
#define ANONYMOUS_LOGON_LUID { 0x3e6, 0x0 }
|
|
#define LOCALSERVICE_LUID { 0x3e5, 0x0 }
|
|
#define NETWORKSERVICE_LUID { 0x3e4, 0x0 }
|
|
#define IUSER_LUID { 0x3e3, 0x0 }
|
|
|
|
|
|
|
|
typedef struct _TOKEN_SOURCE {
|
|
CHAR SourceName[TOKEN_SOURCE_LENGTH];
|
|
LUID SourceIdentifier;
|
|
} TOKEN_SOURCE,*PTOKEN_SOURCE;
|
|
typedef struct _TOKEN_CONTROL {
|
|
LUID TokenId;
|
|
LUID AuthenticationId;
|
|
LUID ModifiedId;
|
|
TOKEN_SOURCE TokenSource;
|
|
} TOKEN_CONTROL,*PTOKEN_CONTROL;
|
|
typedef struct _TOKEN_DEFAULT_DACL {
|
|
PACL DefaultDacl;
|
|
} TOKEN_DEFAULT_DACL,*PTOKEN_DEFAULT_DACL;
|
|
typedef struct _TOKEN_GROUPS {
|
|
ULONG GroupCount;
|
|
SID_AND_ATTRIBUTES Groups[ANYSIZE_ARRAY];
|
|
} TOKEN_GROUPS,*PTOKEN_GROUPS,*LPTOKEN_GROUPS;
|
|
typedef struct _TOKEN_GROUPS_AND_PRIVILEGES {
|
|
ULONG SidCount;
|
|
ULONG SidLength;
|
|
PSID_AND_ATTRIBUTES Sids;
|
|
ULONG RestrictedSidCount;
|
|
ULONG RestrictedSidLength;
|
|
PSID_AND_ATTRIBUTES RestrictedSids;
|
|
ULONG PrivilegeCount;
|
|
ULONG PrivilegeLength;
|
|
PLUID_AND_ATTRIBUTES Privileges;
|
|
LUID AuthenticationId;
|
|
} TOKEN_GROUPS_AND_PRIVILEGES, *PTOKEN_GROUPS_AND_PRIVILEGES;
|
|
typedef struct _TOKEN_ORIGIN {
|
|
LUID OriginatingLogonSession;
|
|
} TOKEN_ORIGIN, *PTOKEN_ORIGIN;
|
|
typedef struct _TOKEN_OWNER {
|
|
PSID Owner;
|
|
} TOKEN_OWNER,*PTOKEN_OWNER;
|
|
typedef struct _TOKEN_PRIMARY_GROUP {
|
|
PSID PrimaryGroup;
|
|
} TOKEN_PRIMARY_GROUP,*PTOKEN_PRIMARY_GROUP;
|
|
typedef struct _TOKEN_PRIVILEGES {
|
|
ULONG PrivilegeCount;
|
|
LUID_AND_ATTRIBUTES Privileges[ANYSIZE_ARRAY];
|
|
} TOKEN_PRIVILEGES,*PTOKEN_PRIVILEGES,*LPTOKEN_PRIVILEGES;
|
|
typedef enum tagTOKEN_TYPE {
|
|
TokenPrimary = 1,
|
|
TokenImpersonation
|
|
} TOKEN_TYPE,*PTOKEN_TYPE;
|
|
typedef struct _TOKEN_STATISTICS {
|
|
LUID TokenId;
|
|
LUID AuthenticationId;
|
|
LARGE_INTEGER ExpirationTime;
|
|
TOKEN_TYPE TokenType;
|
|
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
|
|
ULONG DynamicCharged;
|
|
ULONG DynamicAvailable;
|
|
ULONG GroupCount;
|
|
ULONG PrivilegeCount;
|
|
LUID ModifiedId;
|
|
} TOKEN_STATISTICS, *PTOKEN_STATISTICS;
|
|
typedef struct _TOKEN_USER {
|
|
SID_AND_ATTRIBUTES User;
|
|
} TOKEN_USER, *PTOKEN_USER;
|
|
typedef USHORT SECURITY_DESCRIPTOR_CONTROL,*PSECURITY_DESCRIPTOR_CONTROL;
|
|
typedef struct _SECURITY_DESCRIPTOR {
|
|
UCHAR Revision;
|
|
UCHAR Sbz1;
|
|
SECURITY_DESCRIPTOR_CONTROL Control;
|
|
PSID Owner;
|
|
PSID Group;
|
|
PACL Sacl;
|
|
PACL Dacl;
|
|
} SECURITY_DESCRIPTOR, *PISECURITY_DESCRIPTOR;
|
|
|
|
#define SECURITY_DESCRIPTOR_MIN_LENGTH (sizeof(SECURITY_DESCRIPTOR))
|
|
|
|
typedef struct _OBJECT_TYPE_LIST {
|
|
USHORT Level;
|
|
USHORT Sbz;
|
|
GUID *ObjectType;
|
|
} OBJECT_TYPE_LIST, *POBJECT_TYPE_LIST;
|
|
|
|
typedef struct _SECURITY_DESCRIPTOR_RELATIVE {
|
|
UCHAR Revision;
|
|
UCHAR Sbz1;
|
|
SECURITY_DESCRIPTOR_CONTROL Control;
|
|
ULONG Owner;
|
|
ULONG Group;
|
|
ULONG Sacl;
|
|
ULONG Dacl;
|
|
} SECURITY_DESCRIPTOR_RELATIVE, *PISECURITY_DESCRIPTOR_RELATIVE;
|
|
typedef enum _TOKEN_INFORMATION_CLASS {
|
|
TokenUser=1,TokenGroups,TokenPrivileges,TokenOwner,
|
|
TokenPrimaryGroup,TokenDefaultDacl,TokenSource,TokenType,
|
|
TokenImpersonationLevel,TokenStatistics,TokenRestrictedSids,
|
|
TokenSessionId,TokenGroupsAndPrivileges,TokenSessionReference,
|
|
TokenSandBoxInert,TokenAuditPolicy,TokenOrigin,
|
|
} TOKEN_INFORMATION_CLASS;
|
|
|
|
#define SYMLINK_FLAG_RELATIVE 1
|
|
|
|
typedef struct _REPARSE_DATA_BUFFER {
|
|
ULONG ReparseTag;
|
|
USHORT ReparseDataLength;
|
|
USHORT Reserved;
|
|
__GNU_EXTENSION union {
|
|
struct {
|
|
USHORT SubstituteNameOffset;
|
|
USHORT SubstituteNameLength;
|
|
USHORT PrintNameOffset;
|
|
USHORT PrintNameLength;
|
|
ULONG Flags;
|
|
WCHAR PathBuffer[1];
|
|
} SymbolicLinkReparseBuffer;
|
|
struct {
|
|
USHORT SubstituteNameOffset;
|
|
USHORT SubstituteNameLength;
|
|
USHORT PrintNameOffset;
|
|
USHORT PrintNameLength;
|
|
WCHAR PathBuffer[1];
|
|
} MountPointReparseBuffer;
|
|
struct {
|
|
UCHAR DataBuffer[1];
|
|
} GenericReparseBuffer;
|
|
};
|
|
} REPARSE_DATA_BUFFER, *PREPARSE_DATA_BUFFER;
|
|
|
|
|
|
|
|
//
|
|
// MicroSoft reparse point tags
|
|
//
|
|
#define IO_REPARSE_TAG_MOUNT_POINT (0xA0000003L)
|
|
#define IO_REPARSE_TAG_HSM (0xC0000004L)
|
|
#define IO_REPARSE_TAG_DRIVE_EXTENDER (0x80000005L)
|
|
#define IO_REPARSE_TAG_HSM2 (0x80000006L)
|
|
#define IO_REPARSE_TAG_SIS (0x80000007L)
|
|
#define IO_REPARSE_TAG_DFS (0x8000000AL)
|
|
#define IO_REPARSE_TAG_FILTER_MANAGER (0x8000000BL)
|
|
#define IO_REPARSE_TAG_SYMLINK (0xA000000CL)
|
|
#define IO_REPARSE_TAG_IIS_CACHE (0xA0000010L)
|
|
#define IO_REPARSE_TAG_DFSR (0x80000012L)
|
|
|
|
//
|
|
// Reserved reparse tags
|
|
//
|
|
#define IO_REPARSE_TAG_RESERVED_ZERO (0)
|
|
#define IO_REPARSE_TAG_RESERVED_ONE (1)
|
|
#define IO_REPARSE_TAG_RESERVED_RANGE IO_REPARSE_TAG_RESERVED_ONE
|
|
|
|
|
|
#define REPARSE_DATA_BUFFER_HEADER_SIZE FIELD_OFFSET(REPARSE_DATA_BUFFER, GenericReparseBuffer)
|
|
|
|
typedef struct _FILE_ACCESS_INFORMATION {
|
|
ACCESS_MASK AccessFlags;
|
|
} FILE_ACCESS_INFORMATION, *PFILE_ACCESS_INFORMATION;
|
|
|
|
typedef struct _FILE_ALLOCATION_INFORMATION {
|
|
LARGE_INTEGER AllocationSize;
|
|
} FILE_ALLOCATION_INFORMATION, *PFILE_ALLOCATION_INFORMATION;
|
|
|
|
typedef struct _FILE_BOTH_DIR_INFORMATION {
|
|
ULONG NextEntryOffset;
|
|
ULONG FileIndex;
|
|
LARGE_INTEGER CreationTime;
|
|
LARGE_INTEGER LastAccessTime;
|
|
LARGE_INTEGER LastWriteTime;
|
|
LARGE_INTEGER ChangeTime;
|
|
LARGE_INTEGER EndOfFile;
|
|
LARGE_INTEGER AllocationSize;
|
|
ULONG FileAttributes;
|
|
ULONG FileNameLength;
|
|
ULONG EaSize;
|
|
CCHAR ShortNameLength;
|
|
WCHAR ShortName[12];
|
|
WCHAR FileName[1];
|
|
} FILE_BOTH_DIR_INFORMATION, *PFILE_BOTH_DIR_INFORMATION;
|
|
|
|
typedef struct _FILE_COMPLETION_INFORMATION {
|
|
HANDLE Port;
|
|
PVOID Key;
|
|
} FILE_COMPLETION_INFORMATION, *PFILE_COMPLETION_INFORMATION;
|
|
|
|
typedef struct _FILE_COMPRESSION_INFORMATION {
|
|
LARGE_INTEGER CompressedFileSize;
|
|
USHORT CompressionFormat;
|
|
UCHAR CompressionUnitShift;
|
|
UCHAR ChunkShift;
|
|
UCHAR ClusterShift;
|
|
UCHAR Reserved[3];
|
|
} FILE_COMPRESSION_INFORMATION, *PFILE_COMPRESSION_INFORMATION;
|
|
|
|
typedef struct _FILE_COPY_ON_WRITE_INFORMATION {
|
|
BOOLEAN ReplaceIfExists;
|
|
HANDLE RootDirectory;
|
|
ULONG FileNameLength;
|
|
WCHAR FileName[1];
|
|
} FILE_COPY_ON_WRITE_INFORMATION, *PFILE_COPY_ON_WRITE_INFORMATION;
|
|
|
|
typedef struct _FILE_DIRECTORY_INFORMATION {
|
|
ULONG NextEntryOffset;
|
|
ULONG FileIndex;
|
|
LARGE_INTEGER CreationTime;
|
|
LARGE_INTEGER LastAccessTime;
|
|
LARGE_INTEGER LastWriteTime;
|
|
LARGE_INTEGER ChangeTime;
|
|
LARGE_INTEGER EndOfFile;
|
|
LARGE_INTEGER AllocationSize;
|
|
ULONG FileAttributes;
|
|
ULONG FileNameLength;
|
|
WCHAR FileName[1];
|
|
} FILE_DIRECTORY_INFORMATION, *PFILE_DIRECTORY_INFORMATION;
|
|
|
|
typedef struct _FILE_FULL_DIRECTORY_INFORMATION {
|
|
ULONG NextEntryOffset;
|
|
ULONG FileIndex;
|
|
LARGE_INTEGER CreationTime;
|
|
LARGE_INTEGER LastAccessTime;
|
|
LARGE_INTEGER LastWriteTime;
|
|
LARGE_INTEGER ChangeTime;
|
|
LARGE_INTEGER EndOfFile;
|
|
LARGE_INTEGER AllocationSize;
|
|
ULONG FileAttributes;
|
|
ULONG FileNameLength;
|
|
ULONG EaSize;
|
|
WCHAR FileName[ANYSIZE_ARRAY];
|
|
} FILE_FULL_DIRECTORY_INFORMATION, *PFILE_FULL_DIRECTORY_INFORMATION;
|
|
|
|
typedef struct _FILE_ID_FULL_DIR_INFORMATION {
|
|
ULONG NextEntryOffset;
|
|
ULONG FileIndex;
|
|
LARGE_INTEGER CreationTime;
|
|
LARGE_INTEGER LastAccessTime;
|
|
LARGE_INTEGER LastWriteTime;
|
|
LARGE_INTEGER ChangeTime;
|
|
LARGE_INTEGER EndOfFile;
|
|
LARGE_INTEGER AllocationSize;
|
|
ULONG FileAttributes;
|
|
ULONG FileNameLength;
|
|
ULONG EaSize;
|
|
LARGE_INTEGER FileId;
|
|
WCHAR FileName[1];
|
|
} FILE_ID_FULL_DIR_INFORMATION, *PFILE_ID_FULL_DIR_INFORMATION;
|
|
|
|
typedef struct _FILE_ID_BOTH_DIR_INFORMATION {
|
|
ULONG NextEntryOffset;
|
|
ULONG FileIndex;
|
|
LARGE_INTEGER CreationTime;
|
|
LARGE_INTEGER LastAccessTime;
|
|
LARGE_INTEGER LastWriteTime;
|
|
LARGE_INTEGER ChangeTime;
|
|
LARGE_INTEGER EndOfFile;
|
|
LARGE_INTEGER AllocationSize;
|
|
ULONG FileAttributes;
|
|
ULONG FileNameLength;
|
|
ULONG EaSize;
|
|
CCHAR ShortNameLength;
|
|
WCHAR ShortName[12];
|
|
LARGE_INTEGER FileId;
|
|
WCHAR FileName[1];
|
|
} FILE_ID_BOTH_DIR_INFORMATION, *PFILE_ID_BOTH_DIR_INFORMATION;
|
|
|
|
typedef struct _FILE_EA_INFORMATION {
|
|
ULONG EaSize;
|
|
} FILE_EA_INFORMATION, *PFILE_EA_INFORMATION;
|
|
|
|
typedef struct _FILE_FS_ATTRIBUTE_INFORMATION {
|
|
ULONG FileSystemAttributes;
|
|
ULONG MaximumComponentNameLength;
|
|
ULONG FileSystemNameLength;
|
|
WCHAR FileSystemName[1];
|
|
} FILE_FS_ATTRIBUTE_INFORMATION, *PFILE_FS_ATTRIBUTE_INFORMATION;
|
|
|
|
typedef struct _FILE_FS_CONTROL_INFORMATION {
|
|
LARGE_INTEGER FreeSpaceStartFiltering;
|
|
LARGE_INTEGER FreeSpaceThreshold;
|
|
LARGE_INTEGER FreeSpaceStopFiltering;
|
|
LARGE_INTEGER DefaultQuotaThreshold;
|
|
LARGE_INTEGER DefaultQuotaLimit;
|
|
ULONG FileSystemControlFlags;
|
|
} FILE_FS_CONTROL_INFORMATION, *PFILE_FS_CONTROL_INFORMATION;
|
|
|
|
typedef struct _FILE_FS_FULL_SIZE_INFORMATION {
|
|
LARGE_INTEGER TotalAllocationUnits;
|
|
LARGE_INTEGER CallerAvailableAllocationUnits;
|
|
LARGE_INTEGER ActualAvailableAllocationUnits;
|
|
ULONG SectorsPerAllocationUnit;
|
|
ULONG BytesPerSector;
|
|
} FILE_FS_FULL_SIZE_INFORMATION, *PFILE_FS_FULL_SIZE_INFORMATION;
|
|
|
|
typedef struct _FILE_FS_LABEL_INFORMATION {
|
|
ULONG VolumeLabelLength;
|
|
WCHAR VolumeLabel[1];
|
|
} FILE_FS_LABEL_INFORMATION, *PFILE_FS_LABEL_INFORMATION;
|
|
|
|
#if (VER_PRODUCTBUILD >= 2195)
|
|
|
|
typedef struct _FILE_FS_OBJECT_ID_INFORMATION {
|
|
UCHAR ObjectId[16];
|
|
UCHAR ExtendedInfo[48];
|
|
} FILE_FS_OBJECT_ID_INFORMATION, *PFILE_FS_OBJECT_ID_INFORMATION;
|
|
|
|
#endif /* (VER_PRODUCTBUILD >= 2195) */
|
|
|
|
typedef struct _FILE_FS_SIZE_INFORMATION {
|
|
LARGE_INTEGER TotalAllocationUnits;
|
|
LARGE_INTEGER AvailableAllocationUnits;
|
|
ULONG SectorsPerAllocationUnit;
|
|
ULONG BytesPerSector;
|
|
} FILE_FS_SIZE_INFORMATION, *PFILE_FS_SIZE_INFORMATION;
|
|
|
|
typedef struct _FILE_FS_VOLUME_INFORMATION {
|
|
LARGE_INTEGER VolumeCreationTime;
|
|
ULONG VolumeSerialNumber;
|
|
ULONG VolumeLabelLength;
|
|
BOOLEAN SupportsObjects;
|
|
WCHAR VolumeLabel[1];
|
|
} FILE_FS_VOLUME_INFORMATION, *PFILE_FS_VOLUME_INFORMATION;
|
|
|
|
typedef struct _FILE_FS_OBJECTID_INFORMATION
|
|
{
|
|
UCHAR ObjectId[16];
|
|
UCHAR ExtendedInfo[48];
|
|
} FILE_FS_OBJECTID_INFORMATION, *PFILE_FS_OBJECTID_INFORMATION;
|
|
|
|
typedef struct _FILE_FS_DRIVER_PATH_INFORMATION
|
|
{
|
|
BOOLEAN DriverInPath;
|
|
ULONG DriverNameLength;
|
|
WCHAR DriverName[1];
|
|
} FILE_FS_DRIVER_PATH_INFORMATION, *PFILE_FS_DRIVER_PATH_INFORMATION;
|
|
|
|
typedef struct _FILE_FULL_DIR_INFORMATION {
|
|
ULONG NextEntryOffset;
|
|
ULONG FileIndex;
|
|
LARGE_INTEGER CreationTime;
|
|
LARGE_INTEGER LastAccessTime;
|
|
LARGE_INTEGER LastWriteTime;
|
|
LARGE_INTEGER ChangeTime;
|
|
LARGE_INTEGER EndOfFile;
|
|
LARGE_INTEGER AllocationSize;
|
|
ULONG FileAttributes;
|
|
ULONG FileNameLength;
|
|
ULONG EaSize;
|
|
WCHAR FileName[1];
|
|
} FILE_FULL_DIR_INFORMATION, *PFILE_FULL_DIR_INFORMATION;
|
|
|
|
typedef struct _FILE_GET_EA_INFORMATION {
|
|
ULONG NextEntryOffset;
|
|
UCHAR EaNameLength;
|
|
CHAR EaName[1];
|
|
} FILE_GET_EA_INFORMATION, *PFILE_GET_EA_INFORMATION;
|
|
|
|
typedef struct _FILE_GET_QUOTA_INFORMATION {
|
|
ULONG NextEntryOffset;
|
|
ULONG SidLength;
|
|
SID Sid;
|
|
} FILE_GET_QUOTA_INFORMATION, *PFILE_GET_QUOTA_INFORMATION;
|
|
|
|
typedef struct _FILE_QUOTA_INFORMATION
|
|
{
|
|
ULONG NextEntryOffset;
|
|
ULONG SidLength;
|
|
LARGE_INTEGER ChangeTime;
|
|
LARGE_INTEGER QuotaUsed;
|
|
LARGE_INTEGER QuotaThreshold;
|
|
LARGE_INTEGER QuotaLimit;
|
|
SID Sid;
|
|
} FILE_QUOTA_INFORMATION, *PFILE_QUOTA_INFORMATION;
|
|
|
|
typedef struct _FILE_INTERNAL_INFORMATION {
|
|
LARGE_INTEGER IndexNumber;
|
|
} FILE_INTERNAL_INFORMATION, *PFILE_INTERNAL_INFORMATION;
|
|
|
|
typedef struct _FILE_LINK_INFORMATION {
|
|
BOOLEAN ReplaceIfExists;
|
|
HANDLE RootDirectory;
|
|
ULONG FileNameLength;
|
|
WCHAR FileName[1];
|
|
} FILE_LINK_INFORMATION, *PFILE_LINK_INFORMATION;
|
|
|
|
typedef struct _FILE_LOCK_INFO
|
|
{
|
|
LARGE_INTEGER StartingByte;
|
|
LARGE_INTEGER Length;
|
|
BOOLEAN ExclusiveLock;
|
|
ULONG Key;
|
|
PFILE_OBJECT FileObject;
|
|
PVOID ProcessId;
|
|
LARGE_INTEGER EndingByte;
|
|
} FILE_LOCK_INFO, *PFILE_LOCK_INFO;
|
|
|
|
typedef struct _FILE_REPARSE_POINT_INFORMATION
|
|
{
|
|
LONGLONG FileReference;
|
|
ULONG Tag;
|
|
} FILE_REPARSE_POINT_INFORMATION, *PFILE_REPARSE_POINT_INFORMATION;
|
|
|
|
typedef struct _FILE_MOVE_CLUSTER_INFORMATION
|
|
{
|
|
ULONG ClusterCount;
|
|
HANDLE RootDirectory;
|
|
ULONG FileNameLength;
|
|
WCHAR FileName[1];
|
|
} FILE_MOVE_CLUSTER_INFORMATION, *PFILE_MOVE_CLUSTER_INFORMATION;
|
|
|
|
typedef struct _FILE_NOTIFY_INFORMATION
|
|
{
|
|
ULONG NextEntryOffset;
|
|
ULONG Action;
|
|
ULONG FileNameLength;
|
|
WCHAR FileName[1];
|
|
} FILE_NOTIFY_INFORMATION, *PFILE_NOTIFY_INFORMATION;
|
|
|
|
/* raw internal file lock struct returned from FsRtlGetNextFileLock */
|
|
typedef struct _FILE_SHARED_LOCK_ENTRY {
|
|
PVOID Unknown1;
|
|
PVOID Unknown2;
|
|
FILE_LOCK_INFO FileLock;
|
|
} FILE_SHARED_LOCK_ENTRY, *PFILE_SHARED_LOCK_ENTRY;
|
|
|
|
/* raw internal file lock struct returned from FsRtlGetNextFileLock */
|
|
typedef struct _FILE_EXCLUSIVE_LOCK_ENTRY {
|
|
LIST_ENTRY ListEntry;
|
|
PVOID Unknown1;
|
|
PVOID Unknown2;
|
|
FILE_LOCK_INFO FileLock;
|
|
} FILE_EXCLUSIVE_LOCK_ENTRY, *PFILE_EXCLUSIVE_LOCK_ENTRY;
|
|
|
|
typedef NTSTATUS (NTAPI *PCOMPLETE_LOCK_IRP_ROUTINE) (
|
|
IN PVOID Context,
|
|
IN PIRP Irp
|
|
);
|
|
|
|
typedef VOID (NTAPI *PUNLOCK_ROUTINE) (
|
|
IN PVOID Context,
|
|
IN PFILE_LOCK_INFO FileLockInfo
|
|
);
|
|
|
|
typedef struct _FILE_LOCK {
|
|
PCOMPLETE_LOCK_IRP_ROUTINE CompleteLockIrpRoutine;
|
|
PUNLOCK_ROUTINE UnlockRoutine;
|
|
BOOLEAN FastIoIsQuestionable;
|
|
BOOLEAN Pad[3];
|
|
PVOID LockInformation;
|
|
FILE_LOCK_INFO LastReturnedLockInfo;
|
|
PVOID LastReturnedLock;
|
|
} FILE_LOCK, *PFILE_LOCK;
|
|
|
|
typedef struct _FILE_MAILSLOT_PEEK_BUFFER {
|
|
ULONG ReadDataAvailable;
|
|
ULONG NumberOfMessages;
|
|
ULONG MessageLength;
|
|
} FILE_MAILSLOT_PEEK_BUFFER, *PFILE_MAILSLOT_PEEK_BUFFER;
|
|
|
|
typedef struct _FILE_MAILSLOT_QUERY_INFORMATION {
|
|
ULONG MaximumMessageSize;
|
|
ULONG MailslotQuota;
|
|
ULONG NextMessageSize;
|
|
ULONG MessagesAvailable;
|
|
LARGE_INTEGER ReadTimeout;
|
|
} FILE_MAILSLOT_QUERY_INFORMATION, *PFILE_MAILSLOT_QUERY_INFORMATION;
|
|
|
|
typedef struct _FILE_MAILSLOT_SET_INFORMATION {
|
|
PLARGE_INTEGER ReadTimeout;
|
|
} FILE_MAILSLOT_SET_INFORMATION, *PFILE_MAILSLOT_SET_INFORMATION;
|
|
|
|
typedef struct _FILE_MODE_INFORMATION {
|
|
ULONG Mode;
|
|
} FILE_MODE_INFORMATION, *PFILE_MODE_INFORMATION;
|
|
|
|
typedef struct _FILE_ALL_INFORMATION {
|
|
FILE_BASIC_INFORMATION BasicInformation;
|
|
FILE_STANDARD_INFORMATION StandardInformation;
|
|
FILE_INTERNAL_INFORMATION InternalInformation;
|
|
FILE_EA_INFORMATION EaInformation;
|
|
FILE_ACCESS_INFORMATION AccessInformation;
|
|
FILE_POSITION_INFORMATION PositionInformation;
|
|
FILE_MODE_INFORMATION ModeInformation;
|
|
FILE_ALIGNMENT_INFORMATION AlignmentInformation;
|
|
FILE_NAME_INFORMATION NameInformation;
|
|
} FILE_ALL_INFORMATION, *PFILE_ALL_INFORMATION;
|
|
|
|
typedef struct _FILE_NAMES_INFORMATION {
|
|
ULONG NextEntryOffset;
|
|
ULONG FileIndex;
|
|
ULONG FileNameLength;
|
|
WCHAR FileName[1];
|
|
} FILE_NAMES_INFORMATION, *PFILE_NAMES_INFORMATION;
|
|
|
|
typedef struct _FILE_OBJECTID_INFORMATION {
|
|
LONGLONG FileReference;
|
|
UCHAR ObjectId[16];
|
|
_ANONYMOUS_UNION union {
|
|
__GNU_EXTENSION struct {
|
|
UCHAR BirthVolumeId[16];
|
|
UCHAR BirthObjectId[16];
|
|
UCHAR DomainId[16];
|
|
};
|
|
UCHAR ExtendedInfo[48];
|
|
} DUMMYUNIONNAME;
|
|
} FILE_OBJECTID_INFORMATION, *PFILE_OBJECTID_INFORMATION;
|
|
|
|
typedef struct _FILE_OLE_CLASSID_INFORMATION {
|
|
GUID ClassId;
|
|
} FILE_OLE_CLASSID_INFORMATION, *PFILE_OLE_CLASSID_INFORMATION;
|
|
|
|
typedef struct _FILE_OLE_ALL_INFORMATION {
|
|
FILE_BASIC_INFORMATION BasicInformation;
|
|
FILE_STANDARD_INFORMATION StandardInformation;
|
|
FILE_INTERNAL_INFORMATION InternalInformation;
|
|
FILE_EA_INFORMATION EaInformation;
|
|
FILE_ACCESS_INFORMATION AccessInformation;
|
|
FILE_POSITION_INFORMATION PositionInformation;
|
|
FILE_MODE_INFORMATION ModeInformation;
|
|
FILE_ALIGNMENT_INFORMATION AlignmentInformation;
|
|
USN LastChangeUsn;
|
|
USN ReplicationUsn;
|
|
LARGE_INTEGER SecurityChangeTime;
|
|
FILE_OLE_CLASSID_INFORMATION OleClassIdInformation;
|
|
FILE_OBJECTID_INFORMATION ObjectIdInformation;
|
|
FILE_STORAGE_TYPE StorageType;
|
|
ULONG OleStateBits;
|
|
ULONG OleId;
|
|
ULONG NumberOfStreamReferences;
|
|
ULONG StreamIndex;
|
|
ULONG SecurityId;
|
|
BOOLEAN ContentIndexDisable;
|
|
BOOLEAN InheritContentIndexDisable;
|
|
FILE_NAME_INFORMATION NameInformation;
|
|
} FILE_OLE_ALL_INFORMATION, *PFILE_OLE_ALL_INFORMATION;
|
|
|
|
typedef struct _FILE_OLE_DIR_INFORMATION {
|
|
ULONG NextEntryOffset;
|
|
ULONG FileIndex;
|
|
LARGE_INTEGER CreationTime;
|
|
LARGE_INTEGER LastAccessTime;
|
|
LARGE_INTEGER LastWriteTime;
|
|
LARGE_INTEGER ChangeTime;
|
|
LARGE_INTEGER EndOfFile;
|
|
LARGE_INTEGER AllocationSize;
|
|
ULONG FileAttributes;
|
|
ULONG FileNameLength;
|
|
FILE_STORAGE_TYPE StorageType;
|
|
GUID OleClassId;
|
|
ULONG OleStateBits;
|
|
BOOLEAN ContentIndexDisable;
|
|
BOOLEAN InheritContentIndexDisable;
|
|
WCHAR FileName[1];
|
|
} FILE_OLE_DIR_INFORMATION, *PFILE_OLE_DIR_INFORMATION;
|
|
|
|
typedef struct _FILE_OLE_INFORMATION {
|
|
LARGE_INTEGER SecurityChangeTime;
|
|
FILE_OLE_CLASSID_INFORMATION OleClassIdInformation;
|
|
FILE_OBJECTID_INFORMATION ObjectIdInformation;
|
|
FILE_STORAGE_TYPE StorageType;
|
|
ULONG OleStateBits;
|
|
BOOLEAN ContentIndexDisable;
|
|
BOOLEAN InheritContentIndexDisable;
|
|
} FILE_OLE_INFORMATION, *PFILE_OLE_INFORMATION;
|
|
|
|
typedef struct _FILE_OLE_STATE_BITS_INFORMATION {
|
|
ULONG StateBits;
|
|
ULONG StateBitsMask;
|
|
} FILE_OLE_STATE_BITS_INFORMATION, *PFILE_OLE_STATE_BITS_INFORMATION;
|
|
|
|
typedef struct _FILE_PIPE_ASSIGN_EVENT_BUFFER {
|
|
HANDLE EventHandle;
|
|
ULONG KeyValue;
|
|
} FILE_PIPE_ASSIGN_EVENT_BUFFER, *PFILE_PIPE_ASSIGN_EVENT_BUFFER;
|
|
|
|
typedef struct _FILE_PIPE_CLIENT_PROCESS_BUFFER {
|
|
PVOID ClientSession;
|
|
PVOID ClientProcess;
|
|
} FILE_PIPE_CLIENT_PROCESS_BUFFER, *PFILE_PIPE_CLIENT_PROCESS_BUFFER;
|
|
|
|
typedef struct _FILE_PIPE_EVENT_BUFFER {
|
|
ULONG NamedPipeState;
|
|
ULONG EntryType;
|
|
ULONG ByteCount;
|
|
ULONG KeyValue;
|
|
ULONG NumberRequests;
|
|
} FILE_PIPE_EVENT_BUFFER, *PFILE_PIPE_EVENT_BUFFER;
|
|
|
|
typedef struct _FILE_PIPE_PEEK_BUFFER
|
|
{
|
|
ULONG NamedPipeState;
|
|
ULONG ReadDataAvailable;
|
|
ULONG NumberOfMessages;
|
|
ULONG MessageLength;
|
|
CHAR Data[1];
|
|
} FILE_PIPE_PEEK_BUFFER, *PFILE_PIPE_PEEK_BUFFER;
|
|
|
|
typedef struct _FILE_PIPE_INFORMATION {
|
|
ULONG ReadMode;
|
|
ULONG CompletionMode;
|
|
} FILE_PIPE_INFORMATION, *PFILE_PIPE_INFORMATION;
|
|
|
|
typedef struct _FILE_PIPE_LOCAL_INFORMATION {
|
|
ULONG NamedPipeType;
|
|
ULONG NamedPipeConfiguration;
|
|
ULONG MaximumInstances;
|
|
ULONG CurrentInstances;
|
|
ULONG InboundQuota;
|
|
ULONG ReadDataAvailable;
|
|
ULONG OutboundQuota;
|
|
ULONG WriteQuotaAvailable;
|
|
ULONG NamedPipeState;
|
|
ULONG NamedPipeEnd;
|
|
} FILE_PIPE_LOCAL_INFORMATION, *PFILE_PIPE_LOCAL_INFORMATION;
|
|
|
|
typedef struct _FILE_PIPE_REMOTE_INFORMATION {
|
|
LARGE_INTEGER CollectDataTime;
|
|
ULONG MaximumCollectionCount;
|
|
} FILE_PIPE_REMOTE_INFORMATION, *PFILE_PIPE_REMOTE_INFORMATION;
|
|
|
|
typedef struct _FILE_PIPE_WAIT_FOR_BUFFER {
|
|
LARGE_INTEGER Timeout;
|
|
ULONG NameLength;
|
|
BOOLEAN TimeoutSpecified;
|
|
WCHAR Name[1];
|
|
} FILE_PIPE_WAIT_FOR_BUFFER, *PFILE_PIPE_WAIT_FOR_BUFFER;
|
|
|
|
typedef struct _FILE_RENAME_INFORMATION {
|
|
BOOLEAN ReplaceIfExists;
|
|
HANDLE RootDirectory;
|
|
ULONG FileNameLength;
|
|
WCHAR FileName[1];
|
|
} FILE_RENAME_INFORMATION, *PFILE_RENAME_INFORMATION;
|
|
|
|
typedef struct _FILE_STREAM_INFORMATION {
|
|
ULONG NextEntryOffset;
|
|
ULONG StreamNameLength;
|
|
LARGE_INTEGER StreamSize;
|
|
LARGE_INTEGER StreamAllocationSize;
|
|
WCHAR StreamName[1];
|
|
} FILE_STREAM_INFORMATION, *PFILE_STREAM_INFORMATION;
|
|
|
|
typedef struct _FILE_TRACKING_INFORMATION {
|
|
HANDLE DestinationFile;
|
|
ULONG ObjectInformationLength;
|
|
CHAR ObjectInformation[1];
|
|
} FILE_TRACKING_INFORMATION, *PFILE_TRACKING_INFORMATION;
|
|
|
|
#if (VER_PRODUCTBUILD >= 2195)
|
|
typedef struct _FILE_ZERO_DATA_INFORMATION {
|
|
LARGE_INTEGER FileOffset;
|
|
LARGE_INTEGER BeyondFinalZero;
|
|
} FILE_ZERO_DATA_INFORMATION, *PFILE_ZERO_DATA_INFORMATION;
|
|
|
|
typedef struct FILE_ALLOCATED_RANGE_BUFFER {
|
|
LARGE_INTEGER FileOffset;
|
|
LARGE_INTEGER Length;
|
|
} FILE_ALLOCATED_RANGE_BUFFER, *PFILE_ALLOCATED_RANGE_BUFFER;
|
|
#endif /* (VER_PRODUCTBUILD >= 2195) */
|
|
|
|
#define FSRTL_FCB_HEADER_V0 (0x00)
|
|
#define FSRTL_FCB_HEADER_V1 (0x01)
|
|
|
|
|
|
typedef struct _FSRTL_COMMON_FCB_HEADER {
|
|
CSHORT NodeTypeCode;
|
|
CSHORT NodeByteSize;
|
|
UCHAR Flags;
|
|
UCHAR IsFastIoPossible;
|
|
#if (VER_PRODUCTBUILD >= 1381)
|
|
UCHAR Flags2;
|
|
UCHAR Reserved;
|
|
#endif /* (VER_PRODUCTBUILD >= 1381) */
|
|
PERESOURCE Resource;
|
|
PERESOURCE PagingIoResource;
|
|
LARGE_INTEGER AllocationSize;
|
|
LARGE_INTEGER FileSize;
|
|
LARGE_INTEGER ValidDataLength;
|
|
} FSRTL_COMMON_FCB_HEADER, *PFSRTL_COMMON_FCB_HEADER;
|
|
|
|
typedef enum _FSRTL_COMPARISON_RESULT
|
|
{
|
|
LessThan = -1,
|
|
EqualTo = 0,
|
|
GreaterThan = 1
|
|
} FSRTL_COMPARISON_RESULT;
|
|
|
|
#if (VER_PRODUCTBUILD >= 2600)
|
|
|
|
typedef struct _FSRTL_ADVANCED_FCB_HEADER {
|
|
CSHORT NodeTypeCode;
|
|
CSHORT NodeByteSize;
|
|
UCHAR Flags;
|
|
UCHAR IsFastIoPossible;
|
|
UCHAR Flags2;
|
|
UCHAR Reserved: 4;
|
|
UCHAR Version: 4;
|
|
PERESOURCE Resource;
|
|
PERESOURCE PagingIoResource;
|
|
LARGE_INTEGER AllocationSize;
|
|
LARGE_INTEGER FileSize;
|
|
LARGE_INTEGER ValidDataLength;
|
|
PFAST_MUTEX FastMutex;
|
|
LIST_ENTRY FilterContexts;
|
|
EX_PUSH_LOCK PushLock;
|
|
PVOID *FileContextSupportPointer;
|
|
} FSRTL_ADVANCED_FCB_HEADER, *PFSRTL_ADVANCED_FCB_HEADER;
|
|
|
|
typedef struct _FSRTL_PER_STREAM_CONTEXT {
|
|
LIST_ENTRY Links;
|
|
PVOID OwnerId;
|
|
PVOID InstanceId;
|
|
PFREE_FUNCTION FreeCallback;
|
|
} FSRTL_PER_STREAM_CONTEXT, *PFSRTL_PER_STREAM_CONTEXT;
|
|
|
|
typedef struct _FSRTL_PER_FILEOBJECT_CONTEXT
|
|
{
|
|
LIST_ENTRY Links;
|
|
PVOID OwnerId;
|
|
PVOID InstanceId;
|
|
} FSRTL_PER_FILEOBJECT_CONTEXT, *PFSRTL_PER_FILEOBJECT_CONTEXT;
|
|
|
|
#endif /* (VER_PRODUCTBUILD >= 2600) */
|
|
|
|
typedef struct _BASE_MCB
|
|
{
|
|
ULONG MaximumPairCount;
|
|
ULONG PairCount;
|
|
USHORT PoolType;
|
|
USHORT Flags;
|
|
PVOID Mapping;
|
|
} BASE_MCB, *PBASE_MCB;
|
|
|
|
typedef struct _LARGE_MCB
|
|
{
|
|
PKGUARDED_MUTEX GuardedMutex;
|
|
BASE_MCB BaseMcb;
|
|
} LARGE_MCB, *PLARGE_MCB;
|
|
|
|
typedef struct _MCB
|
|
{
|
|
LARGE_MCB DummyFieldThatSizesThisStructureCorrectly;
|
|
} MCB, *PMCB;
|
|
|
|
typedef struct _GENERATE_NAME_CONTEXT {
|
|
USHORT Checksum;
|
|
BOOLEAN CheckSumInserted;
|
|
UCHAR NameLength;
|
|
WCHAR NameBuffer[8];
|
|
ULONG ExtensionLength;
|
|
WCHAR ExtensionBuffer[4];
|
|
ULONG LastIndexValue;
|
|
} GENERATE_NAME_CONTEXT, *PGENERATE_NAME_CONTEXT;
|
|
|
|
typedef struct _MAPPING_PAIR {
|
|
ULONGLONG Vcn;
|
|
ULONGLONG Lcn;
|
|
} MAPPING_PAIR, *PMAPPING_PAIR;
|
|
|
|
typedef struct _GET_RETRIEVAL_DESCRIPTOR {
|
|
ULONG NumberOfPairs;
|
|
ULONGLONG StartVcn;
|
|
MAPPING_PAIR Pair[1];
|
|
} GET_RETRIEVAL_DESCRIPTOR, *PGET_RETRIEVAL_DESCRIPTOR;
|
|
|
|
typedef struct _KQUEUE {
|
|
DISPATCHER_HEADER Header;
|
|
LIST_ENTRY EntryListHead;
|
|
ULONG CurrentCount;
|
|
ULONG MaximumCount;
|
|
LIST_ENTRY ThreadListHead;
|
|
} KQUEUE, *PKQUEUE, *RESTRICTED_POINTER PRKQUEUE;
|
|
|
|
#define ASSERT_QUEUE(Q) ASSERT(((Q)->Header.Type & KOBJECT_TYPE_MASK) == QueueObject);
|
|
|
|
typedef struct _MBCB {
|
|
CSHORT NodeTypeCode;
|
|
CSHORT NodeIsInZone;
|
|
ULONG PagesToWrite;
|
|
ULONG DirtyPages;
|
|
ULONG Reserved;
|
|
LIST_ENTRY BitmapRanges;
|
|
LONGLONG ResumeWritePage;
|
|
BITMAP_RANGE BitmapRange1;
|
|
BITMAP_RANGE BitmapRange2;
|
|
BITMAP_RANGE BitmapRange3;
|
|
} MBCB, *PMBCB;
|
|
|
|
typedef struct _MOVEFILE_DESCRIPTOR {
|
|
HANDLE FileHandle;
|
|
ULONG Reserved;
|
|
LARGE_INTEGER StartVcn;
|
|
LARGE_INTEGER TargetLcn;
|
|
ULONG NumVcns;
|
|
ULONG Reserved1;
|
|
} MOVEFILE_DESCRIPTOR, *PMOVEFILE_DESCRIPTOR;
|
|
|
|
typedef struct _OBJECT_BASIC_INFO {
|
|
ULONG Attributes;
|
|
ACCESS_MASK GrantedAccess;
|
|
ULONG HandleCount;
|
|
ULONG ReferenceCount;
|
|
ULONG PagedPoolUsage;
|
|
ULONG NonPagedPoolUsage;
|
|
ULONG Reserved[3];
|
|
ULONG NameInformationLength;
|
|
ULONG TypeInformationLength;
|
|
ULONG SecurityDescriptorLength;
|
|
LARGE_INTEGER CreateTime;
|
|
} OBJECT_BASIC_INFO, *POBJECT_BASIC_INFO;
|
|
|
|
typedef struct _OBJECT_HANDLE_ATTRIBUTE_INFO {
|
|
BOOLEAN Inherit;
|
|
BOOLEAN ProtectFromClose;
|
|
} OBJECT_HANDLE_ATTRIBUTE_INFO, *POBJECT_HANDLE_ATTRIBUTE_INFO;
|
|
|
|
typedef struct _OBJECT_NAME_INFO {
|
|
UNICODE_STRING ObjectName;
|
|
WCHAR ObjectNameBuffer[1];
|
|
} OBJECT_NAME_INFO, *POBJECT_NAME_INFO;
|
|
|
|
typedef struct _OBJECT_PROTECTION_INFO {
|
|
BOOLEAN Inherit;
|
|
BOOLEAN ProtectHandle;
|
|
} OBJECT_PROTECTION_INFO, *POBJECT_PROTECTION_INFO;
|
|
|
|
typedef struct _OBJECT_TYPE_INFO {
|
|
UNICODE_STRING ObjectTypeName;
|
|
UCHAR Unknown[0x58];
|
|
WCHAR ObjectTypeNameBuffer[1];
|
|
} OBJECT_TYPE_INFO, *POBJECT_TYPE_INFO;
|
|
|
|
typedef struct _OBJECT_ALL_TYPES_INFO {
|
|
ULONG NumberOfObjectTypes;
|
|
OBJECT_TYPE_INFO ObjectsTypeInfo[1];
|
|
} OBJECT_ALL_TYPES_INFO, *POBJECT_ALL_TYPES_INFO;
|
|
|
|
|
|
typedef struct _PATHNAME_BUFFER {
|
|
ULONG PathNameLength;
|
|
WCHAR Name[1];
|
|
} PATHNAME_BUFFER, *PPATHNAME_BUFFER;
|
|
|
|
typedef enum _RTL_GENERIC_COMPARE_RESULTS
|
|
{
|
|
GenericLessThan,
|
|
GenericGreaterThan,
|
|
GenericEqual
|
|
} RTL_GENERIC_COMPARE_RESULTS;
|
|
|
|
typedef enum _TABLE_SEARCH_RESULT
|
|
{
|
|
TableEmptyTree,
|
|
TableFoundNode,
|
|
TableInsertAsLeft,
|
|
TableInsertAsRight
|
|
} TABLE_SEARCH_RESULT;
|
|
|
|
typedef NTSTATUS
|
|
(NTAPI *PRTL_AVL_MATCH_FUNCTION)(
|
|
struct _RTL_AVL_TABLE *Table,
|
|
PVOID UserData,
|
|
PVOID MatchData
|
|
);
|
|
|
|
typedef RTL_GENERIC_COMPARE_RESULTS
|
|
(NTAPI *PRTL_AVL_COMPARE_ROUTINE) (
|
|
struct _RTL_AVL_TABLE *Table,
|
|
PVOID FirstStruct,
|
|
PVOID SecondStruct
|
|
);
|
|
|
|
typedef RTL_GENERIC_COMPARE_RESULTS
|
|
(NTAPI *PRTL_GENERIC_COMPARE_ROUTINE) (
|
|
struct _RTL_GENERIC_TABLE *Table,
|
|
PVOID FirstStruct,
|
|
PVOID SecondStruct
|
|
);
|
|
|
|
typedef PVOID
|
|
(NTAPI *PRTL_GENERIC_ALLOCATE_ROUTINE) (
|
|
struct _RTL_GENERIC_TABLE *Table,
|
|
CLONG ByteSize
|
|
);
|
|
|
|
typedef VOID
|
|
(NTAPI *PRTL_GENERIC_FREE_ROUTINE) (
|
|
struct _RTL_GENERIC_TABLE *Table,
|
|
PVOID Buffer
|
|
);
|
|
|
|
typedef PVOID
|
|
(NTAPI *PRTL_AVL_ALLOCATE_ROUTINE) (
|
|
struct _RTL_AVL_TABLE *Table,
|
|
CLONG ByteSize
|
|
);
|
|
|
|
typedef VOID
|
|
(NTAPI *PRTL_AVL_FREE_ROUTINE) (
|
|
struct _RTL_AVL_TABLE *Table,
|
|
PVOID Buffer
|
|
);
|
|
|
|
typedef struct _PUBLIC_BCB {
|
|
CSHORT NodeTypeCode;
|
|
CSHORT NodeByteSize;
|
|
ULONG MappedLength;
|
|
LARGE_INTEGER MappedFileOffset;
|
|
} PUBLIC_BCB, *PPUBLIC_BCB;
|
|
|
|
typedef struct _QUERY_PATH_REQUEST {
|
|
ULONG PathNameLength;
|
|
PIO_SECURITY_CONTEXT SecurityContext;
|
|
WCHAR FilePathName[1];
|
|
} QUERY_PATH_REQUEST, *PQUERY_PATH_REQUEST;
|
|
|
|
typedef struct _QUERY_PATH_RESPONSE {
|
|
ULONG LengthAccepted;
|
|
} QUERY_PATH_RESPONSE, *PQUERY_PATH_RESPONSE;
|
|
|
|
typedef struct _RETRIEVAL_POINTERS_BUFFER {
|
|
ULONG ExtentCount;
|
|
LARGE_INTEGER StartingVcn;
|
|
struct {
|
|
LARGE_INTEGER NextVcn;
|
|
LARGE_INTEGER Lcn;
|
|
} Extents[1];
|
|
} RETRIEVAL_POINTERS_BUFFER, *PRETRIEVAL_POINTERS_BUFFER;
|
|
|
|
typedef struct _RTL_SPLAY_LINKS {
|
|
struct _RTL_SPLAY_LINKS *Parent;
|
|
struct _RTL_SPLAY_LINKS *LeftChild;
|
|
struct _RTL_SPLAY_LINKS *RightChild;
|
|
} RTL_SPLAY_LINKS, *PRTL_SPLAY_LINKS;
|
|
|
|
typedef struct _RTL_BALANCED_LINKS
|
|
{
|
|
struct _RTL_BALANCED_LINKS *Parent;
|
|
struct _RTL_BALANCED_LINKS *LeftChild;
|
|
struct _RTL_BALANCED_LINKS *RightChild;
|
|
CHAR Balance;
|
|
UCHAR Reserved[3];
|
|
} RTL_BALANCED_LINKS, *PRTL_BALANCED_LINKS;
|
|
|
|
typedef struct _RTL_GENERIC_TABLE
|
|
{
|
|
PRTL_SPLAY_LINKS TableRoot;
|
|
LIST_ENTRY InsertOrderList;
|
|
PLIST_ENTRY OrderedPointer;
|
|
ULONG WhichOrderedElement;
|
|
ULONG NumberGenericTableElements;
|
|
PRTL_GENERIC_COMPARE_ROUTINE CompareRoutine;
|
|
PRTL_GENERIC_ALLOCATE_ROUTINE AllocateRoutine;
|
|
PRTL_GENERIC_FREE_ROUTINE FreeRoutine;
|
|
PVOID TableContext;
|
|
} RTL_GENERIC_TABLE, *PRTL_GENERIC_TABLE;
|
|
|
|
typedef struct _UNICODE_PREFIX_TABLE_ENTRY
|
|
{
|
|
CSHORT NodeTypeCode;
|
|
CSHORT NameLength;
|
|
struct _UNICODE_PREFIX_TABLE_ENTRY *NextPrefixTree;
|
|
struct _UNICODE_PREFIX_TABLE_ENTRY *CaseMatch;
|
|
RTL_SPLAY_LINKS Links;
|
|
PUNICODE_STRING Prefix;
|
|
} UNICODE_PREFIX_TABLE_ENTRY, *PUNICODE_PREFIX_TABLE_ENTRY;
|
|
|
|
typedef struct _UNICODE_PREFIX_TABLE
|
|
{
|
|
CSHORT NodeTypeCode;
|
|
CSHORT NameLength;
|
|
PUNICODE_PREFIX_TABLE_ENTRY NextPrefixTree;
|
|
PUNICODE_PREFIX_TABLE_ENTRY LastNextEntry;
|
|
} UNICODE_PREFIX_TABLE, *PUNICODE_PREFIX_TABLE;
|
|
|
|
NTSYSAPI
|
|
VOID
|
|
NTAPI
|
|
RtlInitializeUnicodePrefix (
|
|
IN PUNICODE_PREFIX_TABLE PrefixTable
|
|
);
|
|
|
|
NTSYSAPI
|
|
BOOLEAN
|
|
NTAPI
|
|
RtlInsertUnicodePrefix (
|
|
IN PUNICODE_PREFIX_TABLE PrefixTable,
|
|
IN PUNICODE_STRING Prefix,
|
|
IN PUNICODE_PREFIX_TABLE_ENTRY PrefixTableEntry
|
|
);
|
|
|
|
NTSYSAPI
|
|
VOID
|
|
NTAPI
|
|
RtlRemoveUnicodePrefix (
|
|
IN PUNICODE_PREFIX_TABLE PrefixTable,
|
|
IN PUNICODE_PREFIX_TABLE_ENTRY PrefixTableEntry
|
|
);
|
|
|
|
NTSYSAPI
|
|
PUNICODE_PREFIX_TABLE_ENTRY
|
|
NTAPI
|
|
RtlFindUnicodePrefix (
|
|
IN PUNICODE_PREFIX_TABLE PrefixTable,
|
|
IN PUNICODE_STRING FullName,
|
|
IN ULONG CaseInsensitiveIndex
|
|
);
|
|
|
|
NTSYSAPI
|
|
PUNICODE_PREFIX_TABLE_ENTRY
|
|
NTAPI
|
|
RtlNextUnicodePrefix (
|
|
IN PUNICODE_PREFIX_TABLE PrefixTable,
|
|
IN BOOLEAN Restart
|
|
);
|
|
|
|
#undef PRTL_GENERIC_COMPARE_ROUTINE
|
|
#undef PRTL_GENERIC_ALLOCATE_ROUTINE
|
|
#undef PRTL_GENERIC_FREE_ROUTINE
|
|
#undef RTL_GENERIC_TABLE
|
|
#undef PRTL_GENERIC_TABLE
|
|
|
|
#define PRTL_GENERIC_COMPARE_ROUTINE PRTL_AVL_COMPARE_ROUTINE
|
|
#define PRTL_GENERIC_ALLOCATE_ROUTINE PRTL_AVL_ALLOCATE_ROUTINE
|
|
#define PRTL_GENERIC_FREE_ROUTINE PRTL_AVL_FREE_ROUTINE
|
|
#define RTL_GENERIC_TABLE RTL_AVL_TABLE
|
|
#define PRTL_GENERIC_TABLE PRTL_AVL_TABLE
|
|
|
|
#define RtlInitializeGenericTable RtlInitializeGenericTableAvl
|
|
#define RtlInsertElementGenericTable RtlInsertElementGenericTableAvl
|
|
#define RtlInsertElementGenericTableFull RtlInsertElementGenericTableFullAvl
|
|
#define RtlDeleteElementGenericTable RtlDeleteElementGenericTableAvl
|
|
#define RtlLookupElementGenericTable RtlLookupElementGenericTableAvl
|
|
#define RtlLookupElementGenericTableFull RtlLookupElementGenericTableFullAvl
|
|
#define RtlEnumerateGenericTable RtlEnumerateGenericTableAvl
|
|
#define RtlEnumerateGenericTableWithoutSplaying RtlEnumerateGenericTableWithoutSplayingAvl
|
|
#define RtlGetElementGenericTable RtlGetElementGenericTableAvl
|
|
#define RtlNumberGenericTableElements RtlNumberGenericTableElementsAvl
|
|
#define RtlIsGenericTableEmpty RtlIsGenericTableEmptyAvl
|
|
|
|
typedef struct _RTL_AVL_TABLE
|
|
{
|
|
RTL_BALANCED_LINKS BalancedRoot;
|
|
PVOID OrderedPointer;
|
|
ULONG WhichOrderedElement;
|
|
ULONG NumberGenericTableElements;
|
|
ULONG DepthOfTree;
|
|
PRTL_BALANCED_LINKS RestartKey;
|
|
ULONG DeleteCount;
|
|
PRTL_AVL_COMPARE_ROUTINE CompareRoutine;
|
|
PRTL_AVL_ALLOCATE_ROUTINE AllocateRoutine;
|
|
PRTL_AVL_FREE_ROUTINE FreeRoutine;
|
|
PVOID TableContext;
|
|
} RTL_AVL_TABLE, *PRTL_AVL_TABLE;
|
|
|
|
NTSYSAPI
|
|
VOID
|
|
NTAPI
|
|
RtlInitializeGenericTableAvl(
|
|
PRTL_AVL_TABLE Table,
|
|
PRTL_AVL_COMPARE_ROUTINE CompareRoutine,
|
|
PRTL_AVL_ALLOCATE_ROUTINE AllocateRoutine,
|
|
PRTL_AVL_FREE_ROUTINE FreeRoutine,
|
|
PVOID TableContext
|
|
);
|
|
|
|
NTSYSAPI
|
|
PVOID
|
|
NTAPI
|
|
RtlInsertElementGenericTableAvl (
|
|
PRTL_AVL_TABLE Table,
|
|
PVOID Buffer,
|
|
CLONG BufferSize,
|
|
PBOOLEAN NewElement OPTIONAL
|
|
);
|
|
|
|
NTSYSAPI
|
|
BOOLEAN
|
|
NTAPI
|
|
RtlDeleteElementGenericTableAvl (
|
|
PRTL_AVL_TABLE Table,
|
|
PVOID Buffer
|
|
);
|
|
|
|
NTSYSAPI
|
|
PVOID
|
|
NTAPI
|
|
RtlLookupElementGenericTableAvl (
|
|
PRTL_AVL_TABLE Table,
|
|
PVOID Buffer
|
|
);
|
|
|
|
NTSYSAPI
|
|
PVOID
|
|
NTAPI
|
|
RtlEnumerateGenericTableWithoutSplayingAvl (
|
|
PRTL_AVL_TABLE Table,
|
|
PVOID *RestartKey
|
|
);
|
|
|
|
#if defined(USE_LPC6432)
|
|
#define LPC_CLIENT_ID CLIENT_ID64
|
|
#define LPC_SIZE_T ULONGLONG
|
|
#define LPC_PVOID ULONGLONG
|
|
#define LPC_HANDLE ULONGLONG
|
|
#else
|
|
#define LPC_CLIENT_ID CLIENT_ID
|
|
#define LPC_SIZE_T SIZE_T
|
|
#define LPC_PVOID PVOID
|
|
#define LPC_HANDLE HANDLE
|
|
#endif
|
|
|
|
typedef struct _PORT_MESSAGE
|
|
{
|
|
union
|
|
{
|
|
struct
|
|
{
|
|
CSHORT DataLength;
|
|
CSHORT TotalLength;
|
|
} s1;
|
|
ULONG Length;
|
|
} u1;
|
|
union
|
|
{
|
|
struct
|
|
{
|
|
CSHORT Type;
|
|
CSHORT DataInfoOffset;
|
|
} s2;
|
|
ULONG ZeroInit;
|
|
} u2;
|
|
__GNU_EXTENSION union
|
|
{
|
|
LPC_CLIENT_ID ClientId;
|
|
double DoNotUseThisField;
|
|
};
|
|
ULONG MessageId;
|
|
__GNU_EXTENSION union
|
|
{
|
|
LPC_SIZE_T ClientViewSize;
|
|
ULONG CallbackId;
|
|
};
|
|
} PORT_MESSAGE, *PPORT_MESSAGE;
|
|
|
|
#define LPC_KERNELMODE_MESSAGE (CSHORT)((USHORT)0x8000)
|
|
|
|
typedef struct _PORT_VIEW
|
|
{
|
|
ULONG Length;
|
|
LPC_HANDLE SectionHandle;
|
|
ULONG SectionOffset;
|
|
LPC_SIZE_T ViewSize;
|
|
LPC_PVOID ViewBase;
|
|
LPC_PVOID ViewRemoteBase;
|
|
} PORT_VIEW, *PPORT_VIEW;
|
|
|
|
typedef struct _REMOTE_PORT_VIEW
|
|
{
|
|
ULONG Length;
|
|
LPC_SIZE_T ViewSize;
|
|
LPC_PVOID ViewBase;
|
|
} REMOTE_PORT_VIEW, *PREMOTE_PORT_VIEW;
|
|
|
|
typedef struct _SE_EXPORTS {
|
|
|
|
LUID SeCreateTokenPrivilege;
|
|
LUID SeAssignPrimaryTokenPrivilege;
|
|
LUID SeLockMemoryPrivilege;
|
|
LUID SeIncreaseQuotaPrivilege;
|
|
LUID SeUnsolicitedInputPrivilege;
|
|
LUID SeTcbPrivilege;
|
|
LUID SeSecurityPrivilege;
|
|
LUID SeTakeOwnershipPrivilege;
|
|
LUID SeLoadDriverPrivilege;
|
|
LUID SeCreatePagefilePrivilege;
|
|
LUID SeIncreaseBasePriorityPrivilege;
|
|
LUID SeSystemProfilePrivilege;
|
|
LUID SeSystemtimePrivilege;
|
|
LUID SeProfileSingleProcessPrivilege;
|
|
LUID SeCreatePermanentPrivilege;
|
|
LUID SeBackupPrivilege;
|
|
LUID SeRestorePrivilege;
|
|
LUID SeShutdownPrivilege;
|
|
LUID SeDebugPrivilege;
|
|
LUID SeAuditPrivilege;
|
|
LUID SeSystemEnvironmentPrivilege;
|
|
LUID SeChangeNotifyPrivilege;
|
|
LUID SeRemoteShutdownPrivilege;
|
|
|
|
PSID SeNullSid;
|
|
PSID SeWorldSid;
|
|
PSID SeLocalSid;
|
|
PSID SeCreatorOwnerSid;
|
|
PSID SeCreatorGroupSid;
|
|
|
|
PSID SeNtAuthoritySid;
|
|
PSID SeDialupSid;
|
|
PSID SeNetworkSid;
|
|
PSID SeBatchSid;
|
|
PSID SeInteractiveSid;
|
|
PSID SeLocalSystemSid;
|
|
PSID SeAliasAdminsSid;
|
|
PSID SeAliasUsersSid;
|
|
PSID SeAliasGuestsSid;
|
|
PSID SeAliasPowerUsersSid;
|
|
PSID SeAliasAccountOpsSid;
|
|
PSID SeAliasSystemOpsSid;
|
|
PSID SeAliasPrintOpsSid;
|
|
PSID SeAliasBackupOpsSid;
|
|
|
|
PSID SeAuthenticatedUsersSid;
|
|
|
|
PSID SeRestrictedSid;
|
|
PSID SeAnonymousLogonSid;
|
|
|
|
LUID SeUndockPrivilege;
|
|
LUID SeSyncAgentPrivilege;
|
|
LUID SeEnableDelegationPrivilege;
|
|
|
|
} SE_EXPORTS, *PSE_EXPORTS;
|
|
|
|
extern PSE_EXPORTS SeExports;
|
|
|
|
typedef struct
|
|
{
|
|
LARGE_INTEGER StartingLcn;
|
|
} STARTING_LCN_INPUT_BUFFER, *PSTARTING_LCN_INPUT_BUFFER;
|
|
|
|
typedef struct _STARTING_VCN_INPUT_BUFFER {
|
|
LARGE_INTEGER StartingVcn;
|
|
} STARTING_VCN_INPUT_BUFFER, *PSTARTING_VCN_INPUT_BUFFER;
|
|
|
|
typedef struct _SECURITY_CLIENT_CONTEXT {
|
|
SECURITY_QUALITY_OF_SERVICE SecurityQos;
|
|
PACCESS_TOKEN ClientToken;
|
|
BOOLEAN DirectlyAccessClientToken;
|
|
BOOLEAN DirectAccessEffectiveOnly;
|
|
BOOLEAN ServerIsRemote;
|
|
TOKEN_CONTROL ClientTokenControl;
|
|
} SECURITY_CLIENT_CONTEXT, *PSECURITY_CLIENT_CONTEXT;
|
|
|
|
//
|
|
// The following are the inherit flags that go into the AceFlags field
|
|
// of an Ace header.
|
|
//
|
|
#define OBJECT_INHERIT_ACE (0x1)
|
|
#define CONTAINER_INHERIT_ACE (0x2)
|
|
#define NO_PROPAGATE_INHERIT_ACE (0x4)
|
|
#define INHERIT_ONLY_ACE (0x8)
|
|
#define INHERITED_ACE (0x10)
|
|
#define VALID_INHERIT_FLAGS (0x1F)
|
|
|
|
typedef struct _ACE_HEADER
|
|
{
|
|
UCHAR AceType;
|
|
UCHAR AceFlags;
|
|
USHORT AceSize;
|
|
} ACE_HEADER, *PACE_HEADER;
|
|
|
|
typedef struct _ACCESS_ALLOWED_ACE
|
|
{
|
|
ACE_HEADER Header;
|
|
ACCESS_MASK Mask;
|
|
ULONG SidStart;
|
|
} ACCESS_ALLOWED_ACE, *PACCESS_ALLOWED_ACE;
|
|
|
|
typedef struct _ACCESS_DENIED_ACE
|
|
{
|
|
ACE_HEADER Header;
|
|
ACCESS_MASK Mask;
|
|
ULONG SidStart;
|
|
} ACCESS_DENIED_ACE, *PACCESS_DENIED_ACE;
|
|
|
|
typedef struct _SYSTEM_AUDIT_ACE
|
|
{
|
|
ACE_HEADER Header;
|
|
ACCESS_MASK Mask;
|
|
ULONG SidStart;
|
|
} SYSTEM_AUDIT_ACE, *PSYSTEM_AUDIT_ACE;
|
|
|
|
typedef struct _SYSTEM_ALARM_ACE
|
|
{
|
|
ACE_HEADER Header;
|
|
ACCESS_MASK Mask;
|
|
ULONG SidStart;
|
|
} SYSTEM_ALARM_ACE, *PSYSTEM_ALARM_ACE;
|
|
|
|
typedef struct _SYSTEM_MANDATORY_LABEL_ACE
|
|
{
|
|
ACE_HEADER Header;
|
|
ACCESS_MASK Mask;
|
|
ULONG SidStart;
|
|
} SYSTEM_MANDATORY_LABEL_ACE, *PSYSTEM_MANDATORY_LABEL_ACE;
|
|
|
|
typedef struct _TUNNEL {
|
|
FAST_MUTEX Mutex;
|
|
PRTL_SPLAY_LINKS Cache;
|
|
LIST_ENTRY TimerQueue;
|
|
USHORT NumEntries;
|
|
} TUNNEL, *PTUNNEL;
|
|
|
|
typedef struct _VAD_HEADER {
|
|
PVOID StartVPN;
|
|
PVOID EndVPN;
|
|
struct _VAD_HEADER* ParentLink;
|
|
struct _VAD_HEADER* LeftLink;
|
|
struct _VAD_HEADER* RightLink;
|
|
ULONG Flags; /* LSB = CommitCharge */
|
|
PVOID ControlArea;
|
|
PVOID FirstProtoPte;
|
|
PVOID LastPTE;
|
|
ULONG Unknown;
|
|
LIST_ENTRY Secured;
|
|
} VAD_HEADER, *PVAD_HEADER;
|
|
|
|
typedef struct
|
|
{
|
|
LARGE_INTEGER StartingLcn;
|
|
LARGE_INTEGER BitmapSize;
|
|
UCHAR Buffer[1];
|
|
} VOLUME_BITMAP_BUFFER, *PVOLUME_BITMAP_BUFFER;
|
|
|
|
#if (VER_PRODUCTBUILD >= 2600)
|
|
|
|
typedef BOOLEAN
|
|
(NTAPI *PFILTER_REPORT_CHANGE) (
|
|
IN PVOID NotifyContext,
|
|
IN PVOID FilterContext
|
|
);
|
|
|
|
typedef enum _FS_FILTER_SECTION_SYNC_TYPE {
|
|
SyncTypeOther = 0,
|
|
SyncTypeCreateSection
|
|
} FS_FILTER_SECTION_SYNC_TYPE, *PFS_FILTER_SECTION_SYNC_TYPE;
|
|
|
|
typedef enum _FS_FILTER_STREAM_FO_NOTIFICATION_TYPE {
|
|
NotifyTypeCreate = 0,
|
|
NotifyTypeRetired
|
|
} FS_FILTER_STREAM_FO_NOTIFICATION_TYPE, *PFS_FILTER_STREAM_FO_NOTIFICATION_TYPE;
|
|
|
|
typedef union _FS_FILTER_PARAMETERS {
|
|
struct {
|
|
PLARGE_INTEGER EndingOffset;
|
|
PERESOURCE *ResourceToRelease;
|
|
} AcquireForModifiedPageWriter;
|
|
|
|
struct {
|
|
PERESOURCE ResourceToRelease;
|
|
} ReleaseForModifiedPageWriter;
|
|
|
|
struct {
|
|
FS_FILTER_SECTION_SYNC_TYPE SyncType;
|
|
ULONG PageProtection;
|
|
} AcquireForSectionSynchronization;
|
|
|
|
struct {
|
|
FS_FILTER_STREAM_FO_NOTIFICATION_TYPE NotificationType;
|
|
BOOLEAN POINTER_ALIGNMENT SafeToRecurse;
|
|
} NotifyStreamFileObject;
|
|
|
|
struct {
|
|
PVOID Argument1;
|
|
PVOID Argument2;
|
|
PVOID Argument3;
|
|
PVOID Argument4;
|
|
PVOID Argument5;
|
|
} Others;
|
|
} FS_FILTER_PARAMETERS, *PFS_FILTER_PARAMETERS;
|
|
|
|
typedef struct _FS_FILTER_CALLBACK_DATA {
|
|
ULONG SizeOfFsFilterCallbackData;
|
|
UCHAR Operation;
|
|
UCHAR Reserved;
|
|
struct _DEVICE_OBJECT *DeviceObject;
|
|
struct _FILE_OBJECT *FileObject;
|
|
FS_FILTER_PARAMETERS Parameters;
|
|
} FS_FILTER_CALLBACK_DATA, *PFS_FILTER_CALLBACK_DATA;
|
|
|
|
typedef NTSTATUS
|
|
(NTAPI *PFS_FILTER_CALLBACK) (
|
|
IN PFS_FILTER_CALLBACK_DATA Data,
|
|
OUT PVOID *CompletionContext
|
|
);
|
|
|
|
typedef VOID
|
|
(NTAPI *PFS_FILTER_COMPLETION_CALLBACK) (
|
|
IN PFS_FILTER_CALLBACK_DATA Data,
|
|
IN NTSTATUS OperationStatus,
|
|
IN PVOID CompletionContext
|
|
);
|
|
|
|
typedef struct _FS_FILTER_CALLBACKS {
|
|
ULONG SizeOfFsFilterCallbacks;
|
|
ULONG Reserved;
|
|
PFS_FILTER_CALLBACK PreAcquireForSectionSynchronization;
|
|
PFS_FILTER_COMPLETION_CALLBACK PostAcquireForSectionSynchronization;
|
|
PFS_FILTER_CALLBACK PreReleaseForSectionSynchronization;
|
|
PFS_FILTER_COMPLETION_CALLBACK PostReleaseForSectionSynchronization;
|
|
PFS_FILTER_CALLBACK PreAcquireForCcFlush;
|
|
PFS_FILTER_COMPLETION_CALLBACK PostAcquireForCcFlush;
|
|
PFS_FILTER_CALLBACK PreReleaseForCcFlush;
|
|
PFS_FILTER_COMPLETION_CALLBACK PostReleaseForCcFlush;
|
|
PFS_FILTER_CALLBACK PreAcquireForModifiedPageWriter;
|
|
PFS_FILTER_COMPLETION_CALLBACK PostAcquireForModifiedPageWriter;
|
|
PFS_FILTER_CALLBACK PreReleaseForModifiedPageWriter;
|
|
PFS_FILTER_COMPLETION_CALLBACK PostReleaseForModifiedPageWriter;
|
|
} FS_FILTER_CALLBACKS, *PFS_FILTER_CALLBACKS;
|
|
|
|
typedef struct _READ_LIST {
|
|
PFILE_OBJECT FileObject;
|
|
ULONG NumberOfEntries;
|
|
LOGICAL IsImage;
|
|
FILE_SEGMENT_ELEMENT List[ANYSIZE_ARRAY];
|
|
} READ_LIST, *PREAD_LIST;
|
|
|
|
#endif
|
|
|
|
typedef NTSTATUS
|
|
(NTAPI * PRTL_HEAP_COMMIT_ROUTINE) (
|
|
IN PVOID Base,
|
|
IN OUT PVOID *CommitAddress,
|
|
IN OUT PSIZE_T CommitSize
|
|
);
|
|
|
|
typedef struct _RTL_HEAP_PARAMETERS {
|
|
ULONG Length;
|
|
SIZE_T SegmentReserve;
|
|
SIZE_T SegmentCommit;
|
|
SIZE_T DeCommitFreeBlockThreshold;
|
|
SIZE_T DeCommitTotalFreeThreshold;
|
|
SIZE_T MaximumAllocationSize;
|
|
SIZE_T VirtualMemoryThreshold;
|
|
SIZE_T InitialCommit;
|
|
SIZE_T InitialReserve;
|
|
PRTL_HEAP_COMMIT_ROUTINE CommitRoutine;
|
|
SIZE_T Reserved[2];
|
|
} RTL_HEAP_PARAMETERS, *PRTL_HEAP_PARAMETERS;
|
|
|
|
NTKERNELAPI
|
|
BOOLEAN
|
|
NTAPI
|
|
CcCanIWrite (
|
|
IN PFILE_OBJECT FileObject,
|
|
IN ULONG BytesToWrite,
|
|
IN BOOLEAN Wait,
|
|
IN BOOLEAN Retrying
|
|
);
|
|
|
|
NTKERNELAPI
|
|
BOOLEAN
|
|
NTAPI
|
|
CcCopyRead (
|
|
IN PFILE_OBJECT FileObject,
|
|
IN PLARGE_INTEGER FileOffset,
|
|
IN ULONG Length,
|
|
IN BOOLEAN Wait,
|
|
OUT PVOID Buffer,
|
|
OUT PIO_STATUS_BLOCK IoStatus
|
|
);
|
|
|
|
NTKERNELAPI
|
|
BOOLEAN
|
|
NTAPI
|
|
CcCopyWrite (
|
|
IN PFILE_OBJECT FileObject,
|
|
IN PLARGE_INTEGER FileOffset,
|
|
IN ULONG Length,
|
|
IN BOOLEAN Wait,
|
|
IN PVOID Buffer
|
|
);
|
|
|
|
#define CcCopyWriteWontFlush(FO, FOFF, LEN) ((LEN) <= 0x10000)
|
|
|
|
typedef VOID (NTAPI *PCC_POST_DEFERRED_WRITE) (
|
|
IN PVOID Context1,
|
|
IN PVOID Context2
|
|
);
|
|
|
|
NTKERNELAPI
|
|
VOID
|
|
NTAPI
|
|
CcDeferWrite (
|
|
IN PFILE_OBJECT FileObject,
|
|
IN PCC_POST_DEFERRED_WRITE PostRoutine,
|
|
IN PVOID Context1,
|
|
IN PVOID Context2,
|
|
IN ULONG BytesToWrite,
|
|
IN BOOLEAN Retrying
|
|
);
|
|
|
|
NTKERNELAPI
|
|
VOID
|
|
NTAPI
|
|
CcFastCopyRead (
|
|
IN PFILE_OBJECT FileObject,
|
|
IN ULONG FileOffset,
|
|
IN ULONG Length,
|
|
IN ULONG PageCount,
|
|
OUT PVOID Buffer,
|
|
OUT PIO_STATUS_BLOCK IoStatus
|
|
);
|
|
|
|
NTKERNELAPI
|
|
VOID
|
|
NTAPI
|
|
CcFastCopyWrite (
|
|
IN PFILE_OBJECT FileObject,
|
|
IN ULONG FileOffset,
|
|
IN ULONG Length,
|
|
IN PVOID Buffer
|
|
);
|
|
|
|
NTKERNELAPI
|
|
VOID
|
|
NTAPI
|
|
CcFlushCache (
|
|
IN PSECTION_OBJECT_POINTERS SectionObjectPointer,
|
|
IN PLARGE_INTEGER FileOffset OPTIONAL,
|
|
IN ULONG Length,
|
|
OUT PIO_STATUS_BLOCK IoStatus OPTIONAL
|
|
);
|
|
|
|
typedef VOID (NTAPI *PDIRTY_PAGE_ROUTINE) (
|
|
IN PFILE_OBJECT FileObject,
|
|
IN PLARGE_INTEGER FileOffset,
|
|
IN ULONG Length,
|
|
IN PLARGE_INTEGER OldestLsn,
|
|
IN PLARGE_INTEGER NewestLsn,
|
|
IN PVOID Context1,
|
|
IN PVOID Context2
|
|
);
|
|
|
|
NTKERNELAPI
|
|
LARGE_INTEGER
|
|
NTAPI
|
|
CcGetDirtyPages (
|
|
IN PVOID LogHandle,
|
|
IN PDIRTY_PAGE_ROUTINE DirtyPageRoutine,
|
|
IN PVOID Context1,
|
|
IN PVOID Context2
|
|
);
|
|
|
|
NTKERNELAPI
|
|
PFILE_OBJECT
|
|
NTAPI
|
|
CcGetFileObjectFromBcb (
|
|
IN PVOID Bcb
|
|
);
|
|
|
|
NTKERNELAPI
|
|
PFILE_OBJECT
|
|
NTAPI
|
|
CcGetFileObjectFromSectionPtrs (
|
|
IN PSECTION_OBJECT_POINTERS SectionObjectPointer
|
|
);
|
|
|
|
#define CcGetFileSizePointer(FO) ( \
|
|
((PLARGE_INTEGER)((FO)->SectionObjectPointer->SharedCacheMap) + 1) \
|
|
)
|
|
|
|
#if (VER_PRODUCTBUILD >= 2195)
|
|
|
|
NTKERNELAPI
|
|
LARGE_INTEGER
|
|
NTAPI
|
|
CcGetFlushedValidData (
|
|
IN PSECTION_OBJECT_POINTERS SectionObjectPointer,
|
|
IN BOOLEAN BcbListHeld
|
|
);
|
|
|
|
#endif /* (VER_PRODUCTBUILD >= 2195) */
|
|
|
|
NTKERNELAPI
|
|
LARGE_INTEGER
|
|
NTAPI
|
|
CcGetLsnForFileObject (
|
|
IN PFILE_OBJECT FileObject,
|
|
OUT PLARGE_INTEGER OldestLsn OPTIONAL
|
|
);
|
|
|
|
typedef BOOLEAN (NTAPI *PACQUIRE_FOR_LAZY_WRITE) (
|
|
IN PVOID Context,
|
|
IN BOOLEAN Wait
|
|
);
|
|
|
|
typedef VOID (NTAPI *PRELEASE_FROM_LAZY_WRITE) (
|
|
IN PVOID Context
|
|
);
|
|
|
|
typedef BOOLEAN (NTAPI *PACQUIRE_FOR_READ_AHEAD) (
|
|
IN PVOID Context,
|
|
IN BOOLEAN Wait
|
|
);
|
|
|
|
typedef VOID (NTAPI *PRELEASE_FROM_READ_AHEAD) (
|
|
IN PVOID Context
|
|
);
|
|
|
|
typedef struct _CACHE_MANAGER_CALLBACKS {
|
|
PACQUIRE_FOR_LAZY_WRITE AcquireForLazyWrite;
|
|
PRELEASE_FROM_LAZY_WRITE ReleaseFromLazyWrite;
|
|
PACQUIRE_FOR_READ_AHEAD AcquireForReadAhead;
|
|
PRELEASE_FROM_READ_AHEAD ReleaseFromReadAhead;
|
|
} CACHE_MANAGER_CALLBACKS, *PCACHE_MANAGER_CALLBACKS;
|
|
|
|
NTKERNELAPI
|
|
VOID
|
|
NTAPI
|
|
CcInitializeCacheMap (
|
|
IN PFILE_OBJECT FileObject,
|
|
IN PCC_FILE_SIZES FileSizes,
|
|
IN BOOLEAN PinAccess,
|
|
IN PCACHE_MANAGER_CALLBACKS Callbacks,
|
|
IN PVOID LazyWriteContext
|
|
);
|
|
|
|
#define CcIsFileCached(FO) ( \
|
|
((FO)->SectionObjectPointer != NULL) && \
|
|
(((PSECTION_OBJECT_POINTERS)(FO)->SectionObjectPointer)->SharedCacheMap != NULL) \
|
|
)
|
|
|
|
extern ULONG CcFastMdlReadWait;
|
|
|
|
NTKERNELAPI
|
|
BOOLEAN
|
|
NTAPI
|
|
CcIsThereDirtyData (
|
|
IN PVPB Vpb
|
|
);
|
|
|
|
NTKERNELAPI
|
|
BOOLEAN
|
|
NTAPI
|
|
CcMapData (
|
|
IN PFILE_OBJECT FileObject,
|
|
IN PLARGE_INTEGER FileOffset,
|
|
IN ULONG Length,
|
|
IN ULONG Flags,
|
|
OUT PVOID *Bcb,
|
|
OUT PVOID *Buffer
|
|
);
|
|
|
|
NTKERNELAPI
|
|
VOID
|
|
NTAPI
|
|
CcMdlRead (
|
|
IN PFILE_OBJECT FileObject,
|
|
IN PLARGE_INTEGER FileOffset,
|
|
IN ULONG Length,
|
|
OUT PMDL *MdlChain,
|
|
OUT PIO_STATUS_BLOCK IoStatus
|
|
);
|
|
|
|
NTKERNELAPI
|
|
VOID
|
|
NTAPI
|
|
CcMdlReadComplete (
|
|
IN PFILE_OBJECT FileObject,
|
|
IN PMDL MdlChain
|
|
);
|
|
|
|
NTKERNELAPI
|
|
VOID
|
|
NTAPI
|
|
CcMdlWriteComplete (
|
|
IN PFILE_OBJECT FileObject,
|
|
IN PLARGE_INTEGER FileOffset,
|
|
IN PMDL MdlChain
|
|
);
|
|
|
|
#define MAP_WAIT 1
|
|
|
|
NTKERNELAPI
|
|
BOOLEAN
|
|
NTAPI
|
|
CcPinMappedData (
|
|
IN PFILE_OBJECT FileObject,
|
|
IN PLARGE_INTEGER FileOffset,
|
|
IN ULONG Length,
|
|
IN ULONG Flags,
|
|
IN OUT PVOID *Bcb
|
|
);
|
|
|
|
NTKERNELAPI
|
|
BOOLEAN
|
|
NTAPI
|
|
CcPinRead (
|
|
IN PFILE_OBJECT FileObject,
|
|
IN PLARGE_INTEGER FileOffset,
|
|
IN ULONG Length,
|
|
IN ULONG Flags,
|
|
OUT PVOID *Bcb,
|
|
OUT PVOID *Buffer
|
|
);
|
|
|
|
NTKERNELAPI
|
|
VOID
|
|
NTAPI
|
|
CcPrepareMdlWrite (
|
|
IN PFILE_OBJECT FileObject,
|
|
IN PLARGE_INTEGER FileOffset,
|
|
IN ULONG Length,
|
|
OUT PMDL *MdlChain,
|
|
OUT PIO_STATUS_BLOCK IoStatus
|
|
);
|
|
|
|
NTKERNELAPI
|
|
BOOLEAN
|
|
NTAPI
|
|
CcPreparePinWrite (
|
|
IN PFILE_OBJECT FileObject,
|
|
IN PLARGE_INTEGER FileOffset,
|
|
IN ULONG Length,
|
|
IN BOOLEAN Zero,
|
|
IN ULONG Flags,
|
|
OUT PVOID *Bcb,
|
|
OUT PVOID *Buffer
|
|
);
|
|
|
|
NTKERNELAPI
|
|
BOOLEAN
|
|
NTAPI
|
|
CcPurgeCacheSection (
|
|
IN PSECTION_OBJECT_POINTERS SectionObjectPointer,
|
|
IN PLARGE_INTEGER FileOffset OPTIONAL,
|
|
IN ULONG Length,
|
|
IN BOOLEAN UninitializeCacheMaps
|
|
);
|
|
|
|
#define CcReadAhead(FO, FOFF, LEN) ( \
|
|
if ((LEN) >= 256) { \
|
|
CcScheduleReadAhead((FO), (FOFF), (LEN)); \
|
|
} \
|
|
)
|
|
|
|
#if (VER_PRODUCTBUILD >= 2195)
|
|
|
|
NTKERNELAPI
|
|
PVOID
|
|
NTAPI
|
|
CcRemapBcb (
|
|
IN PVOID Bcb
|
|
);
|
|
|
|
#endif /* (VER_PRODUCTBUILD >= 2195) */
|
|
|
|
NTKERNELAPI
|
|
VOID
|
|
NTAPI
|
|
CcRepinBcb (
|
|
IN PVOID Bcb
|
|
);
|
|
|
|
NTKERNELAPI
|
|
VOID
|
|
NTAPI
|
|
CcScheduleReadAhead (
|
|
IN PFILE_OBJECT FileObject,
|
|
IN PLARGE_INTEGER FileOffset,
|
|
IN ULONG Length
|
|
);
|
|
|
|
NTKERNELAPI
|
|
VOID
|
|
NTAPI
|
|
CcSetAdditionalCacheAttributes (
|
|
IN PFILE_OBJECT FileObject,
|
|
IN BOOLEAN DisableReadAhead,
|
|
IN BOOLEAN DisableWriteBehind
|
|
);
|
|
|
|
NTKERNELAPI
|
|
VOID
|
|
NTAPI
|
|
CcSetBcbOwnerPointer (
|
|
IN PVOID Bcb,
|
|
IN PVOID OwnerPointer
|
|
);
|
|
|
|
NTKERNELAPI
|
|
VOID
|
|
NTAPI
|
|
CcSetDirtyPageThreshold (
|
|
IN PFILE_OBJECT FileObject,
|
|
IN ULONG DirtyPageThreshold
|
|
);
|
|
|
|
NTKERNELAPI
|
|
VOID
|
|
NTAPI
|
|
CcSetDirtyPinnedData (
|
|
IN PVOID BcbVoid,
|
|
IN PLARGE_INTEGER Lsn OPTIONAL
|
|
);
|
|
|
|
NTKERNELAPI
|
|
VOID
|
|
NTAPI
|
|
CcSetFileSizes (
|
|
IN PFILE_OBJECT FileObject,
|
|
IN PCC_FILE_SIZES FileSizes
|
|
);
|
|
|
|
typedef VOID (NTAPI *PFLUSH_TO_LSN) (
|
|
IN PVOID LogHandle,
|
|
IN LARGE_INTEGER Lsn
|
|
);
|
|
|
|
NTKERNELAPI
|
|
VOID
|
|
NTAPI
|
|
CcSetLogHandleForFile (
|
|
IN PFILE_OBJECT FileObject,
|
|
IN PVOID LogHandle,
|
|
IN PFLUSH_TO_LSN FlushToLsnRoutine
|
|
);
|
|
|
|
NTKERNELAPI
|
|
VOID
|
|
NTAPI
|
|
CcSetReadAheadGranularity (
|
|
IN PFILE_OBJECT FileObject,
|
|
IN ULONG Granularity /* default: PAGE_SIZE */
|
|
/* allowed: 2^n * PAGE_SIZE */
|
|
);
|
|
|
|
NTKERNELAPI
|
|
BOOLEAN
|
|
NTAPI
|
|
CcUninitializeCacheMap (
|
|
IN PFILE_OBJECT FileObject,
|
|
IN PLARGE_INTEGER TruncateSize OPTIONAL,
|
|
IN PCACHE_UNINITIALIZE_EVENT UninitializeCompleteEvent OPTIONAL
|
|
);
|
|
|
|
NTKERNELAPI
|
|
VOID
|
|
NTAPI
|
|
CcUnpinData (
|
|
IN PVOID Bcb
|
|
);
|
|
|
|
NTKERNELAPI
|
|
VOID
|
|
NTAPI
|
|
CcUnpinDataForThread (
|
|
IN PVOID Bcb,
|
|
IN ERESOURCE_THREAD ResourceThreadId
|
|
);
|
|
|
|
NTKERNELAPI
|
|
VOID
|
|
NTAPI
|
|
CcUnpinRepinnedBcb (
|
|
IN PVOID Bcb,
|
|
IN BOOLEAN WriteThrough,
|
|
OUT PIO_STATUS_BLOCK IoStatus
|
|
);
|
|
|
|
#if (VER_PRODUCTBUILD >= 2195)
|
|
|
|
NTKERNELAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
CcWaitForCurrentLazyWriterActivity (
|
|
VOID
|
|
);
|
|
|
|
#endif /* (VER_PRODUCTBUILD >= 2195) */
|
|
|
|
NTKERNELAPI
|
|
BOOLEAN
|
|
NTAPI
|
|
CcZeroData (
|
|
IN PFILE_OBJECT FileObject,
|
|
IN PLARGE_INTEGER StartOffset,
|
|
IN PLARGE_INTEGER EndOffset,
|
|
IN BOOLEAN Wait
|
|
);
|
|
|
|
NTKERNELAPI
|
|
VOID
|
|
NTAPI
|
|
ExDisableResourceBoostLite (
|
|
IN PERESOURCE Resource
|
|
);
|
|
|
|
NTKERNELAPI
|
|
SIZE_T
|
|
NTAPI
|
|
ExQueryPoolBlockSize (
|
|
IN PVOID PoolBlock,
|
|
OUT PBOOLEAN QuotaCharged
|
|
);
|
|
|
|
#if (VER_PRODUCTBUILD >= 2600)
|
|
|
|
#ifndef __NTOSKRNL__
|
|
NTKERNELAPI
|
|
VOID
|
|
FASTCALL
|
|
ExInitializeRundownProtection (
|
|
IN PEX_RUNDOWN_REF RunRef
|
|
);
|
|
|
|
NTKERNELAPI
|
|
VOID
|
|
FASTCALL
|
|
ExReInitializeRundownProtection (
|
|
IN PEX_RUNDOWN_REF RunRef
|
|
);
|
|
|
|
NTKERNELAPI
|
|
BOOLEAN
|
|
FASTCALL
|
|
ExAcquireRundownProtection (
|
|
IN PEX_RUNDOWN_REF RunRef
|
|
);
|
|
|
|
NTKERNELAPI
|
|
BOOLEAN
|
|
FASTCALL
|
|
ExAcquireRundownProtectionEx (
|
|
IN PEX_RUNDOWN_REF RunRef,
|
|
IN ULONG Count
|
|
);
|
|
|
|
NTKERNELAPI
|
|
VOID
|
|
FASTCALL
|
|
ExReleaseRundownProtection (
|
|
IN PEX_RUNDOWN_REF RunRef
|
|
);
|
|
|
|
NTKERNELAPI
|
|
VOID
|
|
FASTCALL
|
|
ExReleaseRundownProtectionEx (
|
|
IN PEX_RUNDOWN_REF RunRef,
|
|
IN ULONG Count
|
|
);
|
|
|
|
NTKERNELAPI
|
|
VOID
|
|
FASTCALL
|
|
ExRundownCompleted (
|
|
IN PEX_RUNDOWN_REF RunRef
|
|
);
|
|
|
|
NTKERNELAPI
|
|
VOID
|
|
FASTCALL
|
|
ExWaitForRundownProtectionRelease (
|
|
IN PEX_RUNDOWN_REF RunRef
|
|
);
|
|
|
|
#endif
|
|
#endif /* (VER_PRODUCTBUILD >= 2600) */
|
|
|
|
|
|
#define FsRtlSetupAdvancedHeader( _advhdr, _fmutx ) \
|
|
{ \
|
|
SetFlag( (_advhdr)->Flags, FSRTL_FLAG_ADVANCED_HEADER ); \
|
|
SetFlag( (_advhdr)->Flags2, FSRTL_FLAG2_SUPPORTS_FILTER_CONTEXTS ); \
|
|
(_advhdr)->Version = FSRTL_FCB_HEADER_V1; \
|
|
InitializeListHead( &(_advhdr)->FilterContexts ); \
|
|
if ((_fmutx) != NULL) { \
|
|
(_advhdr)->FastMutex = (_fmutx); \
|
|
} \
|
|
*((PULONG_PTR)(&(_advhdr)->PushLock)) = 0; \
|
|
/*ExInitializePushLock( &(_advhdr)->PushLock ); API Not avaliable downlevel*/\
|
|
(_advhdr)->FileContextSupportPointer = NULL; \
|
|
}
|
|
|
|
NTKERNELAPI
|
|
BOOLEAN
|
|
NTAPI
|
|
FsRtlAddBaseMcbEntry (
|
|
IN PBASE_MCB Mcb,
|
|
IN LONGLONG Vbn,
|
|
IN LONGLONG Lbn,
|
|
IN LONGLONG SectorCount
|
|
);
|
|
|
|
NTKERNELAPI
|
|
BOOLEAN
|
|
NTAPI
|
|
FsRtlAddLargeMcbEntry (
|
|
IN PLARGE_MCB Mcb,
|
|
IN LONGLONG Vbn,
|
|
IN LONGLONG Lbn,
|
|
IN LONGLONG SectorCount
|
|
);
|
|
|
|
NTKERNELAPI
|
|
BOOLEAN
|
|
NTAPI
|
|
FsRtlAddMcbEntry (
|
|
IN PMCB Mcb,
|
|
IN VBN Vbn,
|
|
IN LBN Lbn,
|
|
IN ULONG SectorCount
|
|
);
|
|
|
|
NTKERNELAPI
|
|
VOID
|
|
NTAPI
|
|
FsRtlAddToTunnelCache (
|
|
IN PTUNNEL Cache,
|
|
IN ULONGLONG DirectoryKey,
|
|
IN PUNICODE_STRING ShortName,
|
|
IN PUNICODE_STRING LongName,
|
|
IN BOOLEAN KeyByShortName,
|
|
IN ULONG DataLength,
|
|
IN PVOID Data
|
|
);
|
|
|
|
#if (VER_PRODUCTBUILD >= 2195)
|
|
|
|
PFILE_LOCK
|
|
NTAPI
|
|
FsRtlAllocateFileLock (
|
|
IN PCOMPLETE_LOCK_IRP_ROUTINE CompleteLockIrpRoutine OPTIONAL,
|
|
IN PUNLOCK_ROUTINE UnlockRoutine OPTIONAL
|
|
);
|
|
|
|
#endif /* (VER_PRODUCTBUILD >= 2195) */
|
|
|
|
NTKERNELAPI
|
|
PVOID
|
|
NTAPI
|
|
FsRtlAllocatePool (
|
|
IN POOL_TYPE PoolType,
|
|
IN ULONG NumberOfBytes
|
|
);
|
|
|
|
NTKERNELAPI
|
|
PVOID
|
|
NTAPI
|
|
FsRtlAllocatePoolWithQuota (
|
|
IN POOL_TYPE PoolType,
|
|
IN ULONG NumberOfBytes
|
|
);
|
|
|
|
NTKERNELAPI
|
|
PVOID
|
|
NTAPI
|
|
FsRtlAllocatePoolWithQuotaTag (
|
|
IN POOL_TYPE PoolType,
|
|
IN ULONG NumberOfBytes,
|
|
IN ULONG Tag
|
|
);
|
|
|
|
NTKERNELAPI
|
|
PVOID
|
|
NTAPI
|
|
FsRtlAllocatePoolWithTag (
|
|
IN POOL_TYPE PoolType,
|
|
IN ULONG NumberOfBytes,
|
|
IN ULONG Tag
|
|
);
|
|
|
|
NTKERNELAPI
|
|
BOOLEAN
|
|
NTAPI
|
|
FsRtlAreNamesEqual (
|
|
IN PCUNICODE_STRING Name1,
|
|
IN PCUNICODE_STRING Name2,
|
|
IN BOOLEAN IgnoreCase,
|
|
IN PCWCH UpcaseTable OPTIONAL
|
|
);
|
|
|
|
#define FsRtlAreThereCurrentFileLocks(FL) ( \
|
|
((FL)->FastIoIsQuestionable) \
|
|
)
|
|
|
|
/*
|
|
FsRtlCheckLockForReadAccess:
|
|
|
|
All this really does is pick out the lock parameters from the irp (io stack
|
|
location?), get IoGetRequestorProcess, and pass values on to
|
|
FsRtlFastCheckLockForRead.
|
|
*/
|
|
NTKERNELAPI
|
|
BOOLEAN
|
|
NTAPI
|
|
FsRtlCheckLockForReadAccess (
|
|
IN PFILE_LOCK FileLock,
|
|
IN PIRP Irp
|
|
);
|
|
|
|
/*
|
|
FsRtlCheckLockForWriteAccess:
|
|
|
|
All this really does is pick out the lock parameters from the irp (io stack
|
|
location?), get IoGetRequestorProcess, and pass values on to
|
|
FsRtlFastCheckLockForWrite.
|
|
*/
|
|
NTKERNELAPI
|
|
BOOLEAN
|
|
NTAPI
|
|
FsRtlCheckLockForWriteAccess (
|
|
IN PFILE_LOCK FileLock,
|
|
IN PIRP Irp
|
|
);
|
|
|
|
typedef
|
|
VOID
|
|
(NTAPI*POPLOCK_WAIT_COMPLETE_ROUTINE) (
|
|
IN PVOID Context,
|
|
IN PIRP Irp
|
|
);
|
|
|
|
typedef
|
|
VOID
|
|
(NTAPI*POPLOCK_FS_PREPOST_IRP) (
|
|
IN PVOID Context,
|
|
IN PIRP Irp
|
|
);
|
|
|
|
NTKERNELAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
FsRtlCheckOplock (
|
|
IN POPLOCK Oplock,
|
|
IN PIRP Irp,
|
|
IN PVOID Context,
|
|
IN POPLOCK_WAIT_COMPLETE_ROUTINE CompletionRoutine OPTIONAL,
|
|
IN POPLOCK_FS_PREPOST_IRP PostIrpRoutine OPTIONAL
|
|
);
|
|
|
|
NTKERNELAPI
|
|
BOOLEAN
|
|
NTAPI
|
|
FsRtlCopyRead (
|
|
IN PFILE_OBJECT FileObject,
|
|
IN PLARGE_INTEGER FileOffset,
|
|
IN ULONG Length,
|
|
IN BOOLEAN Wait,
|
|
IN ULONG LockKey,
|
|
OUT PVOID Buffer,
|
|
OUT PIO_STATUS_BLOCK IoStatus,
|
|
IN PDEVICE_OBJECT DeviceObject
|
|
);
|
|
|
|
NTKERNELAPI
|
|
BOOLEAN
|
|
NTAPI
|
|
FsRtlCopyWrite (
|
|
IN PFILE_OBJECT FileObject,
|
|
IN PLARGE_INTEGER FileOffset,
|
|
IN ULONG Length,
|
|
IN BOOLEAN Wait,
|
|
IN ULONG LockKey,
|
|
IN PVOID Buffer,
|
|
OUT PIO_STATUS_BLOCK IoStatus,
|
|
IN PDEVICE_OBJECT DeviceObject
|
|
);
|
|
|
|
#define HEAP_NO_SERIALIZE 0x00000001
|
|
#define HEAP_GROWABLE 0x00000002
|
|
#define HEAP_GENERATE_EXCEPTIONS 0x00000004
|
|
#define HEAP_ZERO_MEMORY 0x00000008
|
|
#define HEAP_REALLOC_IN_PLACE_ONLY 0x00000010
|
|
#define HEAP_TAIL_CHECKING_ENABLED 0x00000020
|
|
#define HEAP_FREE_CHECKING_ENABLED 0x00000040
|
|
#define HEAP_DISABLE_COALESCE_ON_FREE 0x00000080
|
|
|
|
#define HEAP_CREATE_ALIGN_16 0x00010000
|
|
#define HEAP_CREATE_ENABLE_TRACING 0x00020000
|
|
#define HEAP_CREATE_ENABLE_EXECUTE 0x00040000
|
|
|
|
NTSYSAPI
|
|
PVOID
|
|
NTAPI
|
|
RtlCreateHeap (
|
|
IN ULONG Flags,
|
|
IN PVOID HeapBase OPTIONAL,
|
|
IN SIZE_T ReserveSize OPTIONAL,
|
|
IN SIZE_T CommitSize OPTIONAL,
|
|
IN PVOID Lock OPTIONAL,
|
|
IN PRTL_HEAP_PARAMETERS Parameters OPTIONAL
|
|
);
|
|
|
|
NTKERNELAPI
|
|
BOOLEAN
|
|
NTAPI
|
|
FsRtlCurrentBatchOplock (
|
|
IN POPLOCK Oplock
|
|
);
|
|
|
|
NTKERNELAPI
|
|
VOID
|
|
NTAPI
|
|
FsRtlDeleteKeyFromTunnelCache (
|
|
IN PTUNNEL Cache,
|
|
IN ULONGLONG DirectoryKey
|
|
);
|
|
|
|
NTKERNELAPI
|
|
VOID
|
|
NTAPI
|
|
FsRtlDeleteTunnelCache (
|
|
IN PTUNNEL Cache
|
|
);
|
|
|
|
NTKERNELAPI
|
|
VOID
|
|
NTAPI
|
|
FsRtlDeregisterUncProvider (
|
|
IN HANDLE Handle
|
|
);
|
|
|
|
NTSYSAPI
|
|
PVOID
|
|
NTAPI
|
|
RtlDestroyHeap(
|
|
IN PVOID HeapHandle
|
|
);
|
|
|
|
NTKERNELAPI
|
|
VOID
|
|
NTAPI
|
|
FsRtlDissectDbcs (
|
|
IN ANSI_STRING Name,
|
|
OUT PANSI_STRING FirstPart,
|
|
OUT PANSI_STRING RemainingPart
|
|
);
|
|
|
|
NTKERNELAPI
|
|
VOID
|
|
NTAPI
|
|
FsRtlDissectName (
|
|
IN UNICODE_STRING Name,
|
|
OUT PUNICODE_STRING FirstPart,
|
|
OUT PUNICODE_STRING RemainingPart
|
|
);
|
|
|
|
NTKERNELAPI
|
|
BOOLEAN
|
|
NTAPI
|
|
FsRtlDoesDbcsContainWildCards (
|
|
IN PANSI_STRING Name
|
|
);
|
|
|
|
NTKERNELAPI
|
|
BOOLEAN
|
|
NTAPI
|
|
FsRtlDoesNameContainWildCards (
|
|
IN PUNICODE_STRING Name
|
|
);
|
|
|
|
NTKERNELAPI
|
|
BOOLEAN
|
|
NTAPI
|
|
FsRtlIsFatDbcsLegal (
|
|
IN ANSI_STRING DbcsName,
|
|
IN BOOLEAN WildCardsPermissible,
|
|
IN BOOLEAN PathNamePermissible,
|
|
IN BOOLEAN LeadingBackslashPermissible
|
|
);
|
|
|
|
|
|
#define FsRtlCompleteRequest(IRP,STATUS) { \
|
|
(IRP)->IoStatus.Status = (STATUS); \
|
|
IoCompleteRequest( (IRP), IO_DISK_INCREMENT ); \
|
|
}
|
|
|
|
#define FsRtlEnterFileSystem KeEnterCriticalRegion
|
|
|
|
#define FsRtlExitFileSystem KeLeaveCriticalRegion
|
|
|
|
NTKERNELAPI
|
|
BOOLEAN
|
|
NTAPI
|
|
FsRtlFastCheckLockForRead (
|
|
IN PFILE_LOCK FileLock,
|
|
IN PLARGE_INTEGER FileOffset,
|
|
IN PLARGE_INTEGER Length,
|
|
IN ULONG Key,
|
|
IN PFILE_OBJECT FileObject,
|
|
IN PVOID Process
|
|
);
|
|
|
|
NTKERNELAPI
|
|
BOOLEAN
|
|
NTAPI
|
|
FsRtlFastCheckLockForWrite (
|
|
IN PFILE_LOCK FileLock,
|
|
IN PLARGE_INTEGER FileOffset,
|
|
IN PLARGE_INTEGER Length,
|
|
IN ULONG Key,
|
|
IN PFILE_OBJECT FileObject,
|
|
IN PVOID Process
|
|
);
|
|
|
|
#define FsRtlFastLock(A1, A2, A3, A4, A5, A6, A7, A8, A9, A10, A11) ( \
|
|
FsRtlPrivateLock(A1, A2, A3, A4, A5, A6, A7, A8, A9, NULL, A10, A11) \
|
|
)
|
|
|
|
NTKERNELAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
FsRtlFastUnlockAll (
|
|
IN PFILE_LOCK FileLock,
|
|
IN PFILE_OBJECT FileObject,
|
|
IN PEPROCESS Process,
|
|
IN PVOID Context OPTIONAL
|
|
);
|
|
/* ret: STATUS_RANGE_NOT_LOCKED */
|
|
|
|
NTKERNELAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
FsRtlFastUnlockAllByKey (
|
|
IN PFILE_LOCK FileLock,
|
|
IN PFILE_OBJECT FileObject,
|
|
IN PEPROCESS Process,
|
|
IN ULONG Key,
|
|
IN PVOID Context OPTIONAL
|
|
);
|
|
/* ret: STATUS_RANGE_NOT_LOCKED */
|
|
|
|
NTKERNELAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
FsRtlFastUnlockSingle (
|
|
IN PFILE_LOCK FileLock,
|
|
IN PFILE_OBJECT FileObject,
|
|
IN PLARGE_INTEGER FileOffset,
|
|
IN PLARGE_INTEGER Length,
|
|
IN PEPROCESS Process,
|
|
IN ULONG Key,
|
|
IN PVOID Context OPTIONAL,
|
|
IN BOOLEAN AlreadySynchronized
|
|
);
|
|
/* ret: STATUS_RANGE_NOT_LOCKED */
|
|
|
|
NTKERNELAPI
|
|
BOOLEAN
|
|
NTAPI
|
|
FsRtlFindInTunnelCache (
|
|
IN PTUNNEL Cache,
|
|
IN ULONGLONG DirectoryKey,
|
|
IN PUNICODE_STRING Name,
|
|
OUT PUNICODE_STRING ShortName,
|
|
OUT PUNICODE_STRING LongName,
|
|
IN OUT PULONG DataLength,
|
|
OUT PVOID Data
|
|
);
|
|
|
|
#if (VER_PRODUCTBUILD >= 2195)
|
|
|
|
NTKERNELAPI
|
|
VOID
|
|
NTAPI
|
|
FsRtlFreeFileLock (
|
|
IN PFILE_LOCK FileLock
|
|
);
|
|
|
|
#endif /* (VER_PRODUCTBUILD >= 2195) */
|
|
|
|
NTKERNELAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
FsRtlGetFileSize (
|
|
IN PFILE_OBJECT FileObject,
|
|
IN OUT PLARGE_INTEGER FileSize
|
|
);
|
|
|
|
NTKERNELAPI
|
|
BOOLEAN
|
|
NTAPI
|
|
FsRtlGetNextBaseMcbEntry (
|
|
IN PBASE_MCB Mcb,
|
|
IN ULONG RunIndex,
|
|
OUT PLONGLONG Vbn,
|
|
OUT PLONGLONG Lbn,
|
|
OUT PLONGLONG SectorCount
|
|
);
|
|
|
|
/*
|
|
FsRtlGetNextFileLock:
|
|
|
|
ret: NULL if no more locks
|
|
|
|
Internals:
|
|
FsRtlGetNextFileLock uses FileLock->LastReturnedLockInfo and
|
|
FileLock->LastReturnedLock as storage.
|
|
LastReturnedLock is a pointer to the 'raw' lock inkl. double linked
|
|
list, and FsRtlGetNextFileLock needs this to get next lock on subsequent
|
|
calls with Restart = FALSE.
|
|
*/
|
|
NTKERNELAPI
|
|
PFILE_LOCK_INFO
|
|
NTAPI
|
|
FsRtlGetNextFileLock (
|
|
IN PFILE_LOCK FileLock,
|
|
IN BOOLEAN Restart
|
|
);
|
|
|
|
NTKERNELAPI
|
|
BOOLEAN
|
|
NTAPI
|
|
FsRtlGetNextLargeMcbEntry (
|
|
IN PLARGE_MCB Mcb,
|
|
IN ULONG RunIndex,
|
|
OUT PLONGLONG Vbn,
|
|
OUT PLONGLONG Lbn,
|
|
OUT PLONGLONG SectorCount
|
|
);
|
|
|
|
NTKERNELAPI
|
|
BOOLEAN
|
|
NTAPI
|
|
FsRtlGetNextMcbEntry (
|
|
IN PMCB Mcb,
|
|
IN ULONG RunIndex,
|
|
OUT PVBN Vbn,
|
|
OUT PLBN Lbn,
|
|
OUT PULONG SectorCount
|
|
);
|
|
|
|
#define FsRtlGetPerStreamContextPointer(FO) ( \
|
|
(PFSRTL_ADVANCED_FCB_HEADER)(FO)->FsContext \
|
|
)
|
|
|
|
NTKERNELAPI
|
|
VOID
|
|
NTAPI
|
|
FsRtlInitializeBaseMcb (
|
|
IN PBASE_MCB Mcb,
|
|
IN POOL_TYPE PoolType
|
|
);
|
|
|
|
NTKERNELAPI
|
|
VOID
|
|
NTAPI
|
|
FsRtlInitializeFileLock (
|
|
IN PFILE_LOCK FileLock,
|
|
IN PCOMPLETE_LOCK_IRP_ROUTINE CompleteLockIrpRoutine OPTIONAL,
|
|
IN PUNLOCK_ROUTINE UnlockRoutine OPTIONAL
|
|
);
|
|
|
|
NTKERNELAPI
|
|
VOID
|
|
NTAPI
|
|
FsRtlInitializeLargeMcb (
|
|
IN PLARGE_MCB Mcb,
|
|
IN POOL_TYPE PoolType
|
|
);
|
|
|
|
NTKERNELAPI
|
|
VOID
|
|
NTAPI
|
|
FsRtlInitializeMcb (
|
|
IN PMCB Mcb,
|
|
IN POOL_TYPE PoolType
|
|
);
|
|
|
|
NTKERNELAPI
|
|
VOID
|
|
NTAPI
|
|
FsRtlInitializeOplock (
|
|
IN OUT POPLOCK Oplock
|
|
);
|
|
|
|
NTKERNELAPI
|
|
VOID
|
|
NTAPI
|
|
FsRtlInitializeTunnelCache (
|
|
IN PTUNNEL Cache
|
|
);
|
|
|
|
#define FsRtlInitPerStreamContext(PSC, O, I, FC) ( \
|
|
(PSC)->OwnerId = (O), \
|
|
(PSC)->InstanceId = (I), \
|
|
(PSC)->FreeCallback = (FC) \
|
|
)
|
|
|
|
NTKERNELAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
FsRtlInsertPerStreamContext (
|
|
IN PFSRTL_ADVANCED_FCB_HEADER PerStreamContext,
|
|
IN PFSRTL_PER_STREAM_CONTEXT Ptr
|
|
);
|
|
|
|
#define FsRtlIsAnsiCharacterLegalFat(C, WILD) ( \
|
|
FlagOn(FsRtlLegalAnsiCharacterArray[(UCHAR)(C)], (FSRTL_FAT_LEGAL) | \
|
|
((WILD) ? FSRTL_WILD_CHARACTER : 0 )) \
|
|
)
|
|
|
|
#define FsRtlIsAnsiCharacterLegalHpfs(C, WILD) ( \
|
|
FlagOn(FsRtlLegalAnsiCharacterArray[(UCHAR)(C)], (FSRTL_HPFS_LEGAL) | \
|
|
((WILD) ? FSRTL_WILD_CHARACTER : 0 )) \
|
|
)
|
|
|
|
#define FsRtlIsAnsiCharacterLegalNtfs(C, WILD) ( \
|
|
FlagOn(FsRtlLegalAnsiCharacterArray[(UCHAR)(C)], (FSRTL_NTFS_LEGAL) | \
|
|
((WILD) ? FSRTL_WILD_CHARACTER : 0 )) \
|
|
)
|
|
|
|
#define FsRtlIsAnsiCharacterWild(C) ( \
|
|
FlagOn(FsRtlLegalAnsiCharacterArray[(UCHAR)(C)], FSRTL_WILD_CHARACTER ) \
|
|
)
|
|
|
|
NTKERNELAPI
|
|
BOOLEAN
|
|
NTAPI
|
|
FsRtlIsFatDbcsLegal (
|
|
IN ANSI_STRING DbcsName,
|
|
IN BOOLEAN WildCardsPermissible,
|
|
IN BOOLEAN PathNamePermissible,
|
|
IN BOOLEAN LeadingBackslashPermissible
|
|
);
|
|
|
|
NTKERNELAPI
|
|
BOOLEAN
|
|
NTAPI
|
|
FsRtlIsHpfsDbcsLegal (
|
|
IN ANSI_STRING DbcsName,
|
|
IN BOOLEAN WildCardsPermissible,
|
|
IN BOOLEAN PathNamePermissible,
|
|
IN BOOLEAN LeadingBackslashPermissible
|
|
);
|
|
|
|
NTKERNELAPI
|
|
BOOLEAN
|
|
NTAPI
|
|
FsRtlIsNameInExpression (
|
|
IN PUNICODE_STRING Expression,
|
|
IN PUNICODE_STRING Name,
|
|
IN BOOLEAN IgnoreCase,
|
|
IN PWCHAR UpcaseTable OPTIONAL
|
|
);
|
|
|
|
NTKERNELAPI
|
|
BOOLEAN
|
|
NTAPI
|
|
FsRtlIsNtstatusExpected (
|
|
IN NTSTATUS Ntstatus
|
|
);
|
|
|
|
#define NLS_OEM_LEAD_BYTE_INFO NlsOemLeadByteInfo
|
|
|
|
extern PUSHORT NlsOemLeadByteInfo;
|
|
|
|
#define FsRtlIsLeadDbcsCharacter(DBCS_CHAR) ( \
|
|
(BOOLEAN)((UCHAR)(DBCS_CHAR) < 0x80 ? FALSE : \
|
|
(NLS_MB_CODE_PAGE_TAG && \
|
|
(NLS_OEM_LEAD_BYTE_INFO[(UCHAR)(DBCS_CHAR)] != 0))) \
|
|
)
|
|
|
|
#define FsRtlIsUnicodeCharacterWild(C) ( \
|
|
(((C) >= 0x40) ? \
|
|
FALSE : \
|
|
FlagOn(FsRtlLegalAnsiCharacterArray[(C)], FSRTL_WILD_CHARACTER )) \
|
|
)
|
|
|
|
NTKERNELAPI
|
|
BOOLEAN
|
|
NTAPI
|
|
FsRtlLookupBaseMcbEntry (
|
|
IN PBASE_MCB Mcb,
|
|
IN LONGLONG Vbn,
|
|
OUT PLONGLONG Lbn OPTIONAL,
|
|
OUT PLONGLONG SectorCountFromLbn OPTIONAL,
|
|
OUT PLONGLONG StartingLbn OPTIONAL,
|
|
OUT PLONGLONG SectorCountFromStartingLbn OPTIONAL,
|
|
OUT PULONG Index OPTIONAL
|
|
);
|
|
|
|
NTKERNELAPI
|
|
BOOLEAN
|
|
NTAPI
|
|
FsRtlLookupLargeMcbEntry (
|
|
IN PLARGE_MCB Mcb,
|
|
IN LONGLONG Vbn,
|
|
OUT PLONGLONG Lbn OPTIONAL,
|
|
OUT PLONGLONG SectorCountFromLbn OPTIONAL,
|
|
OUT PLONGLONG StartingLbn OPTIONAL,
|
|
OUT PLONGLONG SectorCountFromStartingLbn OPTIONAL,
|
|
OUT PULONG Index OPTIONAL
|
|
);
|
|
|
|
NTKERNELAPI
|
|
BOOLEAN
|
|
NTAPI
|
|
FsRtlLookupLastBaseMcbEntry (
|
|
IN PBASE_MCB Mcb,
|
|
OUT PLONGLONG Vbn,
|
|
OUT PLONGLONG Lbn
|
|
);
|
|
|
|
NTKERNELAPI
|
|
BOOLEAN
|
|
NTAPI
|
|
FsRtlLookupLastLargeMcbEntry (
|
|
IN PLARGE_MCB Mcb,
|
|
OUT PLONGLONG Vbn,
|
|
OUT PLONGLONG Lbn
|
|
);
|
|
|
|
NTKERNELAPI
|
|
BOOLEAN
|
|
NTAPI
|
|
FsRtlLookupLastMcbEntry (
|
|
IN PMCB Mcb,
|
|
OUT PVBN Vbn,
|
|
OUT PLBN Lbn
|
|
);
|
|
|
|
NTKERNELAPI
|
|
BOOLEAN
|
|
NTAPI
|
|
FsRtlLookupLastBaseMcbEntryAndIndex (
|
|
IN PBASE_MCB OpaqueMcb,
|
|
IN OUT PLONGLONG LargeVbn,
|
|
IN OUT PLONGLONG LargeLbn,
|
|
IN OUT PULONG Index
|
|
);
|
|
|
|
NTKERNELAPI
|
|
BOOLEAN
|
|
NTAPI
|
|
FsRtlLookupLastLargeMcbEntryAndIndex (
|
|
IN PLARGE_MCB OpaqueMcb,
|
|
OUT PLONGLONG LargeVbn,
|
|
OUT PLONGLONG LargeLbn,
|
|
OUT PULONG Index
|
|
);
|
|
|
|
NTKERNELAPI
|
|
BOOLEAN
|
|
NTAPI
|
|
FsRtlLookupMcbEntry (
|
|
IN PMCB Mcb,
|
|
IN VBN Vbn,
|
|
OUT PLBN Lbn,
|
|
OUT PULONG SectorCount OPTIONAL,
|
|
OUT PULONG Index
|
|
);
|
|
|
|
NTKERNELAPI
|
|
PFSRTL_PER_STREAM_CONTEXT
|
|
NTAPI
|
|
FsRtlLookupPerStreamContextInternal (
|
|
IN PFSRTL_ADVANCED_FCB_HEADER StreamContext,
|
|
IN PVOID OwnerId OPTIONAL,
|
|
IN PVOID InstanceId OPTIONAL
|
|
);
|
|
|
|
NTKERNELAPI
|
|
BOOLEAN
|
|
NTAPI
|
|
FsRtlMdlReadDev (
|
|
IN PFILE_OBJECT FileObject,
|
|
IN PLARGE_INTEGER FileOffset,
|
|
IN ULONG Length,
|
|
IN ULONG LockKey,
|
|
OUT PMDL *MdlChain,
|
|
OUT PIO_STATUS_BLOCK IoStatus,
|
|
IN PDEVICE_OBJECT DeviceObject
|
|
);
|
|
|
|
NTKERNELAPI
|
|
BOOLEAN
|
|
NTAPI
|
|
FsRtlMdlReadComplete (
|
|
IN PFILE_OBJECT FileObject,
|
|
IN PMDL MdlChain
|
|
);
|
|
|
|
NTKERNELAPI
|
|
BOOLEAN
|
|
NTAPI
|
|
FsRtlMdlReadCompleteDev (
|
|
IN PFILE_OBJECT FileObject,
|
|
IN PMDL MdlChain,
|
|
IN PDEVICE_OBJECT DeviceObject
|
|
);
|
|
|
|
NTKERNELAPI
|
|
BOOLEAN
|
|
NTAPI
|
|
FsRtlPrepareMdlWriteDev (
|
|
IN PFILE_OBJECT FileObject,
|
|
IN PLARGE_INTEGER FileOffset,
|
|
IN ULONG Length,
|
|
IN ULONG LockKey,
|
|
OUT PMDL *MdlChain,
|
|
OUT PIO_STATUS_BLOCK IoStatus,
|
|
IN PDEVICE_OBJECT DeviceObject
|
|
);
|
|
|
|
NTKERNELAPI
|
|
BOOLEAN
|
|
NTAPI
|
|
FsRtlMdlWriteComplete (
|
|
IN PFILE_OBJECT FileObject,
|
|
IN PLARGE_INTEGER FileOffset,
|
|
IN PMDL MdlChain
|
|
);
|
|
|
|
NTKERNELAPI
|
|
BOOLEAN
|
|
NTAPI
|
|
FsRtlMdlWriteCompleteDev (
|
|
IN PFILE_OBJECT FileObject,
|
|
IN PLARGE_INTEGER FileOffset,
|
|
IN PMDL MdlChain,
|
|
IN PDEVICE_OBJECT DeviceObject
|
|
);
|
|
|
|
NTKERNELAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
FsRtlNormalizeNtstatus (
|
|
IN NTSTATUS Exception,
|
|
IN NTSTATUS GenericException
|
|
);
|
|
|
|
NTKERNELAPI
|
|
VOID
|
|
NTAPI
|
|
FsRtlNotifyChangeDirectory (
|
|
IN PNOTIFY_SYNC NotifySync,
|
|
IN PVOID FsContext,
|
|
IN PSTRING FullDirectoryName,
|
|
IN PLIST_ENTRY NotifyList,
|
|
IN BOOLEAN WatchTree,
|
|
IN ULONG CompletionFilter,
|
|
IN PIRP NotifyIrp
|
|
);
|
|
|
|
NTKERNELAPI
|
|
VOID
|
|
NTAPI
|
|
FsRtlNotifyCleanup (
|
|
IN PNOTIFY_SYNC NotifySync,
|
|
IN PLIST_ENTRY NotifyList,
|
|
IN PVOID FsContext
|
|
);
|
|
|
|
typedef BOOLEAN (NTAPI *PCHECK_FOR_TRAVERSE_ACCESS) (
|
|
IN PVOID NotifyContext,
|
|
IN PVOID TargetContext,
|
|
IN PSECURITY_SUBJECT_CONTEXT SubjectContext
|
|
);
|
|
|
|
NTKERNELAPI
|
|
VOID
|
|
NTAPI
|
|
FsRtlNotifyFilterChangeDirectory (
|
|
IN PNOTIFY_SYNC NotifySync,
|
|
IN PLIST_ENTRY NotifyList,
|
|
IN PVOID FsContext,
|
|
IN PSTRING FullDirectoryName,
|
|
IN BOOLEAN WatchTree,
|
|
IN BOOLEAN IgnoreBuffer,
|
|
IN ULONG CompletionFilter,
|
|
IN PIRP NotifyIrp,
|
|
IN PCHECK_FOR_TRAVERSE_ACCESS TraverseCallback OPTIONAL,
|
|
IN PSECURITY_SUBJECT_CONTEXT SubjectContext OPTIONAL,
|
|
IN PFILTER_REPORT_CHANGE FilterCallback OPTIONAL);
|
|
|
|
NTKERNELAPI
|
|
VOID
|
|
NTAPI
|
|
FsRtlNotifyFilterReportChange (
|
|
IN PNOTIFY_SYNC NotifySync,
|
|
IN PLIST_ENTRY NotifyList,
|
|
IN PSTRING FullTargetName,
|
|
IN USHORT TargetNameOffset,
|
|
IN PSTRING StreamName OPTIONAL,
|
|
IN PSTRING NormalizedParentName OPTIONAL,
|
|
IN ULONG FilterMatch,
|
|
IN ULONG Action,
|
|
IN PVOID TargetContext,
|
|
IN PVOID FilterContext);
|
|
|
|
NTKERNELAPI
|
|
VOID
|
|
NTAPI
|
|
FsRtlNotifyFullChangeDirectory (
|
|
IN PNOTIFY_SYNC NotifySync,
|
|
IN PLIST_ENTRY NotifyList,
|
|
IN PVOID FsContext,
|
|
IN PSTRING FullDirectoryName,
|
|
IN BOOLEAN WatchTree,
|
|
IN BOOLEAN IgnoreBuffer,
|
|
IN ULONG CompletionFilter,
|
|
IN PIRP NotifyIrp,
|
|
IN PCHECK_FOR_TRAVERSE_ACCESS TraverseCallback OPTIONAL,
|
|
IN PSECURITY_SUBJECT_CONTEXT SubjectContext OPTIONAL
|
|
);
|
|
|
|
NTKERNELAPI
|
|
VOID
|
|
NTAPI
|
|
FsRtlNotifyFullReportChange (
|
|
IN PNOTIFY_SYNC NotifySync,
|
|
IN PLIST_ENTRY NotifyList,
|
|
IN PSTRING FullTargetName,
|
|
IN USHORT TargetNameOffset,
|
|
IN PSTRING StreamName OPTIONAL,
|
|
IN PSTRING NormalizedParentName OPTIONAL,
|
|
IN ULONG FilterMatch,
|
|
IN ULONG Action,
|
|
IN PVOID TargetContext
|
|
);
|
|
|
|
NTKERNELAPI
|
|
VOID
|
|
NTAPI
|
|
FsRtlNotifyInitializeSync (
|
|
IN PNOTIFY_SYNC *NotifySync
|
|
);
|
|
|
|
NTKERNELAPI
|
|
VOID
|
|
NTAPI
|
|
FsRtlNotifyUninitializeSync (
|
|
IN PNOTIFY_SYNC *NotifySync
|
|
);
|
|
|
|
#if (VER_PRODUCTBUILD >= 2195)
|
|
|
|
NTKERNELAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
FsRtlNotifyVolumeEvent (
|
|
IN PFILE_OBJECT FileObject,
|
|
IN ULONG EventCode
|
|
);
|
|
|
|
#endif /* (VER_PRODUCTBUILD >= 2195) */
|
|
|
|
NTKERNELAPI
|
|
ULONG
|
|
NTAPI
|
|
FsRtlNumberOfRunsInBaseMcb (
|
|
IN PBASE_MCB Mcb
|
|
);
|
|
|
|
NTKERNELAPI
|
|
ULONG
|
|
NTAPI
|
|
FsRtlNumberOfRunsInLargeMcb (
|
|
IN PLARGE_MCB Mcb
|
|
);
|
|
|
|
NTKERNELAPI
|
|
ULONG
|
|
NTAPI
|
|
FsRtlNumberOfRunsInMcb (
|
|
IN PMCB Mcb
|
|
);
|
|
|
|
NTKERNELAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
FsRtlOplockFsctrl (
|
|
IN POPLOCK Oplock,
|
|
IN PIRP Irp,
|
|
IN ULONG OpenCount
|
|
);
|
|
|
|
NTKERNELAPI
|
|
BOOLEAN
|
|
NTAPI
|
|
FsRtlOplockIsFastIoPossible (
|
|
IN POPLOCK Oplock
|
|
);
|
|
|
|
typedef VOID
|
|
(NTAPI *PFSRTL_STACK_OVERFLOW_ROUTINE) (
|
|
IN PVOID Context,
|
|
IN PKEVENT Event
|
|
);
|
|
|
|
NTKERNELAPI
|
|
VOID
|
|
NTAPI
|
|
FsRtlPostPagingFileStackOverflow (
|
|
IN PVOID Context,
|
|
IN PKEVENT Event,
|
|
IN PFSRTL_STACK_OVERFLOW_ROUTINE StackOverflowRoutine
|
|
);
|
|
|
|
NTKERNELAPI
|
|
VOID
|
|
NTAPI
|
|
FsRtlPostStackOverflow (
|
|
IN PVOID Context,
|
|
IN PKEVENT Event,
|
|
IN PFSRTL_STACK_OVERFLOW_ROUTINE StackOverflowRoutine
|
|
);
|
|
|
|
/*
|
|
FsRtlPrivateLock:
|
|
|
|
ret: IoStatus->Status: STATUS_PENDING, STATUS_LOCK_NOT_GRANTED
|
|
|
|
Internals:
|
|
-Calls IoCompleteRequest if Irp
|
|
-Uses exception handling / ExRaiseStatus with STATUS_INSUFFICIENT_RESOURCES
|
|
*/
|
|
NTKERNELAPI
|
|
BOOLEAN
|
|
NTAPI
|
|
FsRtlPrivateLock (
|
|
IN PFILE_LOCK FileLock,
|
|
IN PFILE_OBJECT FileObject,
|
|
IN PLARGE_INTEGER FileOffset,
|
|
IN PLARGE_INTEGER Length,
|
|
IN PEPROCESS Process,
|
|
IN ULONG Key,
|
|
IN BOOLEAN FailImmediately,
|
|
IN BOOLEAN ExclusiveLock,
|
|
OUT PIO_STATUS_BLOCK IoStatus,
|
|
IN PIRP Irp OPTIONAL,
|
|
IN PVOID Context,
|
|
IN BOOLEAN AlreadySynchronized
|
|
);
|
|
|
|
/*
|
|
FsRtlProcessFileLock:
|
|
|
|
ret:
|
|
-STATUS_INVALID_DEVICE_REQUEST
|
|
-STATUS_RANGE_NOT_LOCKED from unlock routines.
|
|
-STATUS_PENDING, STATUS_LOCK_NOT_GRANTED from FsRtlPrivateLock
|
|
(redirected IoStatus->Status).
|
|
|
|
Internals:
|
|
-switch ( Irp->CurrentStackLocation->MinorFunction )
|
|
lock: return FsRtlPrivateLock;
|
|
unlocksingle: return FsRtlFastUnlockSingle;
|
|
unlockall: return FsRtlFastUnlockAll;
|
|
unlockallbykey: return FsRtlFastUnlockAllByKey;
|
|
default: IofCompleteRequest with STATUS_INVALID_DEVICE_REQUEST;
|
|
return STATUS_INVALID_DEVICE_REQUEST;
|
|
|
|
-'AllwaysZero' is passed thru as 'AllwaysZero' to lock / unlock routines.
|
|
-'Irp' is passet thru as 'Irp' to FsRtlPrivateLock.
|
|
*/
|
|
NTKERNELAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
FsRtlProcessFileLock (
|
|
IN PFILE_LOCK FileLock,
|
|
IN PIRP Irp,
|
|
IN PVOID Context OPTIONAL
|
|
);
|
|
|
|
NTKERNELAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
FsRtlRegisterUncProvider (
|
|
IN OUT PHANDLE MupHandle,
|
|
IN PUNICODE_STRING RedirectorDeviceName,
|
|
IN BOOLEAN MailslotsSupported
|
|
);
|
|
|
|
NTKERNELAPI
|
|
VOID
|
|
NTAPI
|
|
FsRtlRemoveBaseMcbEntry (
|
|
IN PBASE_MCB Mcb,
|
|
IN LONGLONG Vbn,
|
|
IN LONGLONG SectorCount
|
|
);
|
|
|
|
NTKERNELAPI
|
|
VOID
|
|
NTAPI
|
|
FsRtlRemoveLargeMcbEntry (
|
|
IN PLARGE_MCB Mcb,
|
|
IN LONGLONG Vbn,
|
|
IN LONGLONG SectorCount
|
|
);
|
|
|
|
NTKERNELAPI
|
|
VOID
|
|
NTAPI
|
|
FsRtlRemoveMcbEntry (
|
|
IN PMCB Mcb,
|
|
IN VBN Vbn,
|
|
IN ULONG SectorCount
|
|
);
|
|
|
|
NTKERNELAPI
|
|
PFSRTL_PER_STREAM_CONTEXT
|
|
NTAPI
|
|
FsRtlRemovePerStreamContext (
|
|
IN PFSRTL_ADVANCED_FCB_HEADER StreamContext,
|
|
IN PVOID OwnerId OPTIONAL,
|
|
IN PVOID InstanceId OPTIONAL
|
|
);
|
|
|
|
NTKERNELAPI
|
|
VOID
|
|
NTAPI
|
|
FsRtlResetBaseMcb (
|
|
IN PBASE_MCB Mcb
|
|
);
|
|
|
|
NTKERNELAPI
|
|
VOID
|
|
NTAPI
|
|
FsRtlResetLargeMcb (
|
|
IN PLARGE_MCB Mcb,
|
|
IN BOOLEAN SelfSynchronized
|
|
);
|
|
|
|
NTKERNELAPI
|
|
BOOLEAN
|
|
NTAPI
|
|
FsRtlSplitBaseMcb (
|
|
IN PBASE_MCB Mcb,
|
|
IN LONGLONG Vbn,
|
|
IN LONGLONG Amount
|
|
);
|
|
|
|
NTKERNELAPI
|
|
BOOLEAN
|
|
NTAPI
|
|
FsRtlSplitLargeMcb (
|
|
IN PLARGE_MCB Mcb,
|
|
IN LONGLONG Vbn,
|
|
IN LONGLONG Amount
|
|
);
|
|
|
|
#define FsRtlSupportsPerStreamContexts(FO) ( \
|
|
(BOOLEAN)((NULL != FsRtlGetPerStreamContextPointer(FO) && \
|
|
FlagOn(FsRtlGetPerStreamContextPointer(FO)->Flags2, \
|
|
FSRTL_FLAG2_SUPPORTS_FILTER_CONTEXTS)) \
|
|
)
|
|
|
|
NTKERNELAPI
|
|
VOID
|
|
NTAPI
|
|
FsRtlTruncateBaseMcb (
|
|
IN PBASE_MCB Mcb,
|
|
IN LONGLONG Vbn
|
|
);
|
|
|
|
NTKERNELAPI
|
|
VOID
|
|
NTAPI
|
|
FsRtlTruncateLargeMcb (
|
|
IN PLARGE_MCB Mcb,
|
|
IN LONGLONG Vbn
|
|
);
|
|
|
|
NTKERNELAPI
|
|
VOID
|
|
NTAPI
|
|
FsRtlTruncateMcb (
|
|
IN PMCB Mcb,
|
|
IN VBN Vbn
|
|
);
|
|
|
|
NTKERNELAPI
|
|
VOID
|
|
NTAPI
|
|
FsRtlUninitializeBaseMcb (
|
|
IN PBASE_MCB Mcb
|
|
);
|
|
|
|
NTKERNELAPI
|
|
VOID
|
|
NTAPI
|
|
FsRtlUninitializeFileLock (
|
|
IN PFILE_LOCK FileLock
|
|
);
|
|
|
|
NTKERNELAPI
|
|
VOID
|
|
NTAPI
|
|
FsRtlUninitializeLargeMcb (
|
|
IN PLARGE_MCB Mcb
|
|
);
|
|
|
|
NTKERNELAPI
|
|
VOID
|
|
NTAPI
|
|
FsRtlUninitializeMcb (
|
|
IN PMCB Mcb
|
|
);
|
|
|
|
NTKERNELAPI
|
|
VOID
|
|
NTAPI
|
|
FsRtlUninitializeOplock (
|
|
IN OUT POPLOCK Oplock
|
|
);
|
|
|
|
NTKERNELAPI
|
|
UCHAR
|
|
NTAPI
|
|
KeSetIdealProcessorThread(
|
|
IN OUT PKTHREAD Thread,
|
|
IN UCHAR Processor
|
|
);
|
|
|
|
NTKERNELAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
IoAttachDeviceToDeviceStackSafe(
|
|
IN PDEVICE_OBJECT SourceDevice,
|
|
IN PDEVICE_OBJECT TargetDevice,
|
|
OUT PDEVICE_OBJECT *AttachedToDeviceObject
|
|
);
|
|
|
|
NTKERNELAPI
|
|
VOID
|
|
NTAPI
|
|
IoAcquireVpbSpinLock (
|
|
OUT PKIRQL Irql
|
|
);
|
|
|
|
NTKERNELAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
IoCheckDesiredAccess (
|
|
IN OUT PACCESS_MASK DesiredAccess,
|
|
IN ACCESS_MASK GrantedAccess
|
|
);
|
|
|
|
NTKERNELAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
IoCheckEaBufferValidity (
|
|
IN PFILE_FULL_EA_INFORMATION EaBuffer,
|
|
IN ULONG EaLength,
|
|
OUT PULONG ErrorOffset
|
|
);
|
|
|
|
NTKERNELAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
IoCheckFunctionAccess (
|
|
IN ACCESS_MASK GrantedAccess,
|
|
IN UCHAR MajorFunction,
|
|
IN UCHAR MinorFunction,
|
|
IN ULONG IoControlCode,
|
|
IN PVOID Argument1 OPTIONAL,
|
|
IN PVOID Argument2 OPTIONAL
|
|
);
|
|
|
|
#if (VER_PRODUCTBUILD >= 2195)
|
|
|
|
NTKERNELAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
IoCheckQuotaBufferValidity (
|
|
IN PFILE_QUOTA_INFORMATION QuotaBuffer,
|
|
IN ULONG QuotaLength,
|
|
OUT PULONG ErrorOffset
|
|
);
|
|
|
|
#endif /* (VER_PRODUCTBUILD >= 2195) */
|
|
|
|
NTKERNELAPI
|
|
PFILE_OBJECT
|
|
NTAPI
|
|
IoCreateStreamFileObject (
|
|
IN PFILE_OBJECT FileObject OPTIONAL,
|
|
IN PDEVICE_OBJECT DeviceObject OPTIONAL
|
|
);
|
|
|
|
#if (VER_PRODUCTBUILD >= 2195)
|
|
|
|
NTKERNELAPI
|
|
PFILE_OBJECT
|
|
NTAPI
|
|
IoCreateStreamFileObjectLite (
|
|
IN PFILE_OBJECT FileObject OPTIONAL,
|
|
IN PDEVICE_OBJECT DeviceObject OPTIONAL
|
|
);
|
|
|
|
#endif /* (VER_PRODUCTBUILD >= 2195) */
|
|
|
|
NTKERNELAPI
|
|
BOOLEAN
|
|
NTAPI
|
|
IoFastQueryNetworkAttributes (
|
|
IN POBJECT_ATTRIBUTES ObjectAttributes,
|
|
IN ACCESS_MASK DesiredAccess,
|
|
IN ULONG OpenOptions,
|
|
OUT PIO_STATUS_BLOCK IoStatus,
|
|
OUT PFILE_NETWORK_OPEN_INFORMATION Buffer
|
|
);
|
|
|
|
NTKERNELAPI
|
|
PDEVICE_OBJECT
|
|
NTAPI
|
|
IoGetAttachedDevice (
|
|
IN PDEVICE_OBJECT DeviceObject
|
|
);
|
|
|
|
NTKERNELAPI
|
|
PDEVICE_OBJECT
|
|
NTAPI
|
|
IoGetBaseFileSystemDeviceObject (
|
|
IN PFILE_OBJECT FileObject
|
|
);
|
|
|
|
#if (VER_PRODUCTBUILD >= 2600)
|
|
|
|
NTKERNELAPI
|
|
PDEVICE_OBJECT
|
|
NTAPI
|
|
IoGetDeviceAttachmentBaseRef (
|
|
IN PDEVICE_OBJECT DeviceObject
|
|
);
|
|
|
|
NTKERNELAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
IoGetDiskDeviceObject (
|
|
IN PDEVICE_OBJECT FileSystemDeviceObject,
|
|
OUT PDEVICE_OBJECT *DiskDeviceObject
|
|
);
|
|
|
|
NTKERNELAPI
|
|
PDEVICE_OBJECT
|
|
NTAPI
|
|
IoGetLowerDeviceObject (
|
|
IN PDEVICE_OBJECT DeviceObject
|
|
);
|
|
|
|
#endif /* (VER_PRODUCTBUILD >= 2600) */
|
|
|
|
NTKERNELAPI
|
|
PEPROCESS
|
|
NTAPI
|
|
IoGetRequestorProcess (
|
|
IN PIRP Irp
|
|
);
|
|
|
|
#if (VER_PRODUCTBUILD >= 2195)
|
|
|
|
NTKERNELAPI
|
|
ULONG
|
|
NTAPI
|
|
IoGetRequestorProcessId (
|
|
IN PIRP Irp
|
|
);
|
|
|
|
#endif /* (VER_PRODUCTBUILD >= 2195) */
|
|
|
|
NTKERNELAPI
|
|
PIRP
|
|
NTAPI
|
|
IoGetTopLevelIrp (
|
|
VOID
|
|
);
|
|
|
|
#define IoIsFileOpenedExclusively(FileObject) ( \
|
|
(BOOLEAN) !( \
|
|
(FileObject)->SharedRead || \
|
|
(FileObject)->SharedWrite || \
|
|
(FileObject)->SharedDelete \
|
|
) \
|
|
)
|
|
|
|
NTKERNELAPI
|
|
BOOLEAN
|
|
NTAPI
|
|
IoIsOperationSynchronous (
|
|
IN PIRP Irp
|
|
);
|
|
|
|
NTKERNELAPI
|
|
BOOLEAN
|
|
NTAPI
|
|
IoIsSystemThread (
|
|
IN PETHREAD Thread
|
|
);
|
|
|
|
#if (VER_PRODUCTBUILD >= 2195)
|
|
|
|
NTKERNELAPI
|
|
BOOLEAN
|
|
NTAPI
|
|
IoIsValidNameGraftingBuffer (
|
|
IN PIRP Irp,
|
|
IN PREPARSE_DATA_BUFFER ReparseBuffer
|
|
);
|
|
|
|
#endif /* (VER_PRODUCTBUILD >= 2195) */
|
|
|
|
NTKERNELAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
IoPageRead (
|
|
IN PFILE_OBJECT FileObject,
|
|
IN PMDL Mdl,
|
|
IN PLARGE_INTEGER Offset,
|
|
IN PKEVENT Event,
|
|
OUT PIO_STATUS_BLOCK IoStatusBlock
|
|
);
|
|
|
|
NTKERNELAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
IoQueryFileInformation (
|
|
IN PFILE_OBJECT FileObject,
|
|
IN FILE_INFORMATION_CLASS FileInformationClass,
|
|
IN ULONG Length,
|
|
OUT PVOID FileInformation,
|
|
OUT PULONG ReturnedLength
|
|
);
|
|
|
|
NTKERNELAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
IoQueryVolumeInformation (
|
|
IN PFILE_OBJECT FileObject,
|
|
IN FS_INFORMATION_CLASS FsInformationClass,
|
|
IN ULONG Length,
|
|
OUT PVOID FsInformation,
|
|
OUT PULONG ReturnedLength
|
|
);
|
|
|
|
NTKERNELAPI
|
|
VOID
|
|
NTAPI
|
|
IoQueueThreadIrp(
|
|
IN PIRP Irp
|
|
);
|
|
|
|
NTKERNELAPI
|
|
VOID
|
|
NTAPI
|
|
IoRegisterFileSystem (
|
|
IN OUT PDEVICE_OBJECT DeviceObject
|
|
);
|
|
|
|
#if (VER_PRODUCTBUILD >= 1381)
|
|
|
|
typedef VOID (NTAPI *PDRIVER_FS_NOTIFICATION) (
|
|
IN PDEVICE_OBJECT DeviceObject,
|
|
IN BOOLEAN DriverActive
|
|
);
|
|
|
|
NTKERNELAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
IoRegisterFsRegistrationChange (
|
|
IN PDRIVER_OBJECT DriverObject,
|
|
IN PDRIVER_FS_NOTIFICATION DriverNotificationRoutine
|
|
);
|
|
|
|
#endif /* (VER_PRODUCTBUILD >= 1381) */
|
|
|
|
NTKERNELAPI
|
|
VOID
|
|
NTAPI
|
|
IoReleaseVpbSpinLock (
|
|
IN KIRQL Irql
|
|
);
|
|
|
|
NTKERNELAPI
|
|
VOID
|
|
NTAPI
|
|
IoSetDeviceToVerify (
|
|
IN PETHREAD Thread,
|
|
IN PDEVICE_OBJECT DeviceObject
|
|
);
|
|
|
|
NTKERNELAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
IoSetInformation (
|
|
IN PFILE_OBJECT FileObject,
|
|
IN FILE_INFORMATION_CLASS FileInformationClass,
|
|
IN ULONG Length,
|
|
IN PVOID FileInformation
|
|
);
|
|
|
|
NTKERNELAPI
|
|
VOID
|
|
NTAPI
|
|
IoSetTopLevelIrp (
|
|
IN PIRP Irp
|
|
);
|
|
|
|
NTKERNELAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
IoSynchronousPageWrite (
|
|
IN PFILE_OBJECT FileObject,
|
|
IN PMDL Mdl,
|
|
IN PLARGE_INTEGER FileOffset,
|
|
IN PKEVENT Event,
|
|
OUT PIO_STATUS_BLOCK IoStatusBlock
|
|
);
|
|
|
|
NTKERNELAPI
|
|
PEPROCESS
|
|
NTAPI
|
|
IoThreadToProcess (
|
|
IN PETHREAD Thread
|
|
);
|
|
|
|
NTKERNELAPI
|
|
VOID
|
|
NTAPI
|
|
IoUnregisterFileSystem (
|
|
IN OUT PDEVICE_OBJECT DeviceObject
|
|
);
|
|
|
|
#if (VER_PRODUCTBUILD >= 1381)
|
|
|
|
NTKERNELAPI
|
|
VOID
|
|
NTAPI
|
|
IoUnregisterFsRegistrationChange (
|
|
IN PDRIVER_OBJECT DriverObject,
|
|
IN PDRIVER_FS_NOTIFICATION DriverNotificationRoutine
|
|
);
|
|
|
|
#endif /* (VER_PRODUCTBUILD >= 1381) */
|
|
|
|
NTKERNELAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
IoVerifyVolume (
|
|
IN PDEVICE_OBJECT DeviceObject,
|
|
IN BOOLEAN AllowRawMount
|
|
);
|
|
|
|
#if !defined (_M_AMD64)
|
|
|
|
NTHALAPI
|
|
KIRQL
|
|
FASTCALL
|
|
KeAcquireQueuedSpinLock (
|
|
IN KSPIN_LOCK_QUEUE_NUMBER Number
|
|
);
|
|
|
|
NTHALAPI
|
|
VOID
|
|
FASTCALL
|
|
KeReleaseQueuedSpinLock (
|
|
IN KSPIN_LOCK_QUEUE_NUMBER Number,
|
|
IN KIRQL OldIrql
|
|
);
|
|
|
|
NTHALAPI
|
|
KIRQL
|
|
FASTCALL
|
|
KeAcquireSpinLockRaiseToSynch(
|
|
IN OUT PKSPIN_LOCK SpinLock
|
|
);
|
|
|
|
NTHALAPI
|
|
LOGICAL
|
|
FASTCALL
|
|
KeTryToAcquireQueuedSpinLock(
|
|
KSPIN_LOCK_QUEUE_NUMBER Number,
|
|
PKIRQL OldIrql);
|
|
|
|
#else
|
|
|
|
NTKERNELAPI
|
|
KIRQL
|
|
FASTCALL
|
|
KeAcquireQueuedSpinLock (
|
|
IN KSPIN_LOCK_QUEUE_NUMBER Number
|
|
);
|
|
|
|
NTKERNELAPI
|
|
VOID
|
|
FASTCALL
|
|
KeReleaseQueuedSpinLock (
|
|
IN KSPIN_LOCK_QUEUE_NUMBER Number,
|
|
IN KIRQL OldIrql
|
|
);
|
|
|
|
NTKERNELAPI
|
|
KIRQL
|
|
KeAcquireSpinLockRaiseToSynch(
|
|
IN OUT PKSPIN_LOCK SpinLock
|
|
);
|
|
|
|
NTKERNELAPI
|
|
LOGICAL
|
|
KeTryToAcquireQueuedSpinLock(
|
|
KSPIN_LOCK_QUEUE_NUMBER Number,
|
|
PKIRQL OldIrql);
|
|
|
|
#endif
|
|
|
|
NTKERNELAPI
|
|
VOID
|
|
NTAPI
|
|
KeAttachProcess (
|
|
IN PKPROCESS Process
|
|
);
|
|
|
|
NTKERNELAPI
|
|
VOID
|
|
NTAPI
|
|
KeDetachProcess (
|
|
VOID
|
|
);
|
|
|
|
NTKERNELAPI
|
|
VOID
|
|
NTAPI
|
|
KeInitializeQueue (
|
|
IN PRKQUEUE Queue,
|
|
IN ULONG Count OPTIONAL
|
|
);
|
|
|
|
NTKERNELAPI
|
|
LONG
|
|
NTAPI
|
|
KeInsertHeadQueue (
|
|
IN PRKQUEUE Queue,
|
|
IN PLIST_ENTRY Entry
|
|
);
|
|
|
|
NTKERNELAPI
|
|
LONG
|
|
NTAPI
|
|
KeInsertQueue (
|
|
IN PRKQUEUE Queue,
|
|
IN PLIST_ENTRY Entry
|
|
);
|
|
|
|
NTKERNELAPI
|
|
LONG
|
|
NTAPI
|
|
KeReadStateQueue (
|
|
IN PRKQUEUE Queue
|
|
);
|
|
|
|
NTKERNELAPI
|
|
PLIST_ENTRY
|
|
NTAPI
|
|
KeRemoveQueue (
|
|
IN PRKQUEUE Queue,
|
|
IN KPROCESSOR_MODE WaitMode,
|
|
IN PLARGE_INTEGER Timeout OPTIONAL
|
|
);
|
|
|
|
NTKERNELAPI
|
|
PLIST_ENTRY
|
|
NTAPI
|
|
KeRundownQueue (
|
|
IN PRKQUEUE Queue
|
|
);
|
|
|
|
NTKERNELAPI
|
|
VOID
|
|
NTAPI
|
|
KeInitializeMutant (
|
|
IN PRKMUTANT Mutant,
|
|
IN BOOLEAN InitialOwner
|
|
);
|
|
|
|
NTKERNELAPI
|
|
LONG
|
|
NTAPI
|
|
KeReadStateMutant (
|
|
IN PRKMUTANT Mutant
|
|
);
|
|
|
|
NTKERNELAPI
|
|
LONG
|
|
NTAPI
|
|
KeReleaseMutant (
|
|
IN PRKMUTANT Mutant,
|
|
IN KPRIORITY Increment,
|
|
IN BOOLEAN Abandoned,
|
|
IN BOOLEAN Wait
|
|
);
|
|
|
|
#if (VER_PRODUCTBUILD >= 2195)
|
|
|
|
NTKERNELAPI
|
|
VOID
|
|
NTAPI
|
|
KeStackAttachProcess (
|
|
IN PKPROCESS Process,
|
|
OUT PKAPC_STATE ApcState
|
|
);
|
|
|
|
NTKERNELAPI
|
|
VOID
|
|
NTAPI
|
|
KeUnstackDetachProcess (
|
|
IN PKAPC_STATE ApcState
|
|
);
|
|
|
|
#endif /* (VER_PRODUCTBUILD >= 2195) */
|
|
|
|
NTKERNELAPI
|
|
BOOLEAN
|
|
NTAPI
|
|
KeSetKernelStackSwapEnable(
|
|
IN BOOLEAN Enable
|
|
);
|
|
|
|
NTKERNELAPI
|
|
BOOLEAN
|
|
NTAPI
|
|
MmCanFileBeTruncated (
|
|
IN PSECTION_OBJECT_POINTERS SectionObjectPointer,
|
|
IN PLARGE_INTEGER NewFileSize
|
|
);
|
|
|
|
NTKERNELAPI
|
|
BOOLEAN
|
|
NTAPI
|
|
MmFlushImageSection (
|
|
IN PSECTION_OBJECT_POINTERS SectionObjectPointer,
|
|
IN MMFLUSH_TYPE FlushType
|
|
);
|
|
|
|
NTKERNELAPI
|
|
BOOLEAN
|
|
NTAPI
|
|
MmForceSectionClosed (
|
|
IN PSECTION_OBJECT_POINTERS SectionObjectPointer,
|
|
IN BOOLEAN DelayClose
|
|
);
|
|
|
|
#if (VER_PRODUCTBUILD >= 1381)
|
|
|
|
NTKERNELAPI
|
|
BOOLEAN
|
|
NTAPI
|
|
MmIsRecursiveIoFault (
|
|
VOID
|
|
);
|
|
|
|
#else
|
|
|
|
#define MmIsRecursiveIoFault() ( \
|
|
(PsGetCurrentThread()->DisablePageFaultClustering) | \
|
|
(PsGetCurrentThread()->ForwardClusterOnly) \
|
|
)
|
|
|
|
#endif
|
|
|
|
|
|
NTKERNELAPI
|
|
BOOLEAN
|
|
NTAPI
|
|
MmSetAddressRangeModified (
|
|
IN PVOID Address,
|
|
IN SIZE_T Length
|
|
);
|
|
|
|
NTKERNELAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ObCreateObject (
|
|
IN KPROCESSOR_MODE ObjectAttributesAccessMode OPTIONAL,
|
|
IN POBJECT_TYPE ObjectType,
|
|
IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
|
|
IN KPROCESSOR_MODE AccessMode,
|
|
IN OUT PVOID ParseContext OPTIONAL,
|
|
IN ULONG ObjectSize,
|
|
IN ULONG PagedPoolCharge OPTIONAL,
|
|
IN ULONG NonPagedPoolCharge OPTIONAL,
|
|
OUT PVOID *Object
|
|
);
|
|
|
|
NTKERNELAPI
|
|
ULONG
|
|
NTAPI
|
|
ObGetObjectPointerCount (
|
|
IN PVOID Object
|
|
);
|
|
|
|
NTKERNELAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ObInsertObject (
|
|
IN PVOID Object,
|
|
IN PACCESS_STATE PassedAccessState OPTIONAL,
|
|
IN ACCESS_MASK DesiredAccess,
|
|
IN ULONG AdditionalReferences,
|
|
OUT PVOID *ReferencedObject OPTIONAL,
|
|
OUT PHANDLE Handle
|
|
);
|
|
|
|
NTKERNELAPI
|
|
VOID
|
|
NTAPI
|
|
ObMakeTemporaryObject (
|
|
IN PVOID Object
|
|
);
|
|
|
|
NTKERNELAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ObOpenObjectByPointer (
|
|
IN PVOID Object,
|
|
IN ULONG HandleAttributes,
|
|
IN PACCESS_STATE PassedAccessState OPTIONAL,
|
|
IN ACCESS_MASK DesiredAccess OPTIONAL,
|
|
IN POBJECT_TYPE ObjectType OPTIONAL,
|
|
IN KPROCESSOR_MODE AccessMode,
|
|
OUT PHANDLE Handle
|
|
);
|
|
|
|
NTKERNELAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ObQueryNameString (
|
|
IN PVOID Object,
|
|
OUT POBJECT_NAME_INFORMATION ObjectNameInfo,
|
|
IN ULONG Length,
|
|
OUT PULONG ReturnLength
|
|
);
|
|
|
|
NTKERNELAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ObQueryObjectAuditingByHandle (
|
|
IN HANDLE Handle,
|
|
OUT PBOOLEAN GenerateOnClose
|
|
);
|
|
|
|
NTKERNELAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ObReferenceObjectByName (
|
|
IN PUNICODE_STRING ObjectName,
|
|
IN ULONG Attributes,
|
|
IN PACCESS_STATE PassedAccessState OPTIONAL,
|
|
IN ACCESS_MASK DesiredAccess OPTIONAL,
|
|
IN POBJECT_TYPE ObjectType,
|
|
IN KPROCESSOR_MODE AccessMode,
|
|
IN OUT PVOID ParseContext OPTIONAL,
|
|
OUT PVOID *Object
|
|
);
|
|
|
|
NTKERNELAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
PsAssignImpersonationToken (
|
|
IN PETHREAD Thread,
|
|
IN HANDLE Token
|
|
);
|
|
|
|
NTKERNELAPI
|
|
VOID
|
|
NTAPI
|
|
PsChargePoolQuota (
|
|
IN PEPROCESS Process,
|
|
IN POOL_TYPE PoolType,
|
|
IN SIZE_T Amount
|
|
);
|
|
|
|
NTKERNELAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
PsChargeProcessPoolQuota (
|
|
IN PEPROCESS Process,
|
|
IN POOL_TYPE PoolType,
|
|
IN SIZE_T Amount
|
|
);
|
|
|
|
#define PsDereferenceImpersonationToken(T) \
|
|
{if (ARGUMENT_PRESENT(T)) { \
|
|
(ObDereferenceObject((T))); \
|
|
} else { \
|
|
; \
|
|
} \
|
|
}
|
|
|
|
#define PsDereferencePrimaryToken(T) (ObDereferenceObject((T)))
|
|
|
|
NTKERNELAPI
|
|
BOOLEAN
|
|
NTAPI
|
|
PsDisableImpersonation(
|
|
IN PETHREAD Thread,
|
|
IN PSE_IMPERSONATION_STATE ImpersonationState
|
|
);
|
|
|
|
NTKERNELAPI
|
|
LARGE_INTEGER
|
|
NTAPI
|
|
PsGetProcessExitTime (
|
|
VOID
|
|
);
|
|
|
|
NTKERNELAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
PsImpersonateClient(
|
|
IN PETHREAD Thread,
|
|
IN PACCESS_TOKEN Token,
|
|
IN BOOLEAN CopyOnOpen,
|
|
IN BOOLEAN EffectiveOnly,
|
|
IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
|
|
);
|
|
|
|
NTKERNELAPI
|
|
BOOLEAN
|
|
NTAPI
|
|
PsIsSystemThread(
|
|
IN PETHREAD Thread
|
|
);
|
|
|
|
NTKERNELAPI
|
|
BOOLEAN
|
|
NTAPI
|
|
PsIsThreadTerminating (
|
|
IN PETHREAD Thread
|
|
);
|
|
|
|
NTKERNELAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
PsLookupProcessByProcessId (
|
|
IN HANDLE ProcessId,
|
|
OUT PEPROCESS *Process
|
|
);
|
|
|
|
NTKERNELAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
PsLookupProcessThreadByCid (
|
|
IN PCLIENT_ID Cid,
|
|
OUT PEPROCESS *Process OPTIONAL,
|
|
OUT PETHREAD *Thread
|
|
);
|
|
|
|
NTKERNELAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
PsLookupThreadByThreadId (
|
|
IN HANDLE UniqueThreadId,
|
|
OUT PETHREAD *Thread
|
|
);
|
|
|
|
NTKERNELAPI
|
|
PACCESS_TOKEN
|
|
NTAPI
|
|
PsReferenceImpersonationToken (
|
|
IN PETHREAD Thread,
|
|
OUT PBOOLEAN CopyOnUse,
|
|
OUT PBOOLEAN EffectiveOnly,
|
|
OUT PSECURITY_IMPERSONATION_LEVEL Level
|
|
);
|
|
|
|
NTKERNELAPI
|
|
HANDLE
|
|
NTAPI
|
|
PsReferencePrimaryToken (
|
|
IN PEPROCESS Process
|
|
);
|
|
|
|
NTKERNELAPI
|
|
VOID
|
|
NTAPI
|
|
PsRestoreImpersonation(
|
|
IN PETHREAD Thread,
|
|
IN PSE_IMPERSONATION_STATE ImpersonationState
|
|
);
|
|
|
|
NTKERNELAPI
|
|
VOID
|
|
NTAPI
|
|
PsReturnPoolQuota (
|
|
IN PEPROCESS Process,
|
|
IN POOL_TYPE PoolType,
|
|
IN SIZE_T Amount
|
|
);
|
|
|
|
NTKERNELAPI
|
|
VOID
|
|
NTAPI
|
|
PsRevertToSelf (
|
|
VOID
|
|
);
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
RtlAbsoluteToSelfRelativeSD (
|
|
IN PSECURITY_DESCRIPTOR AbsoluteSecurityDescriptor,
|
|
IN OUT PSECURITY_DESCRIPTOR SelfRelativeSecurityDescriptor,
|
|
IN PULONG BufferLength
|
|
);
|
|
|
|
NTSYSAPI
|
|
PVOID
|
|
NTAPI
|
|
RtlAllocateHeap (
|
|
IN HANDLE HeapHandle,
|
|
IN ULONG Flags,
|
|
IN SIZE_T Size
|
|
);
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
RtlAppendStringToString(
|
|
PSTRING Destination,
|
|
const STRING *Source
|
|
);
|
|
|
|
NTSYSAPI
|
|
USHORT
|
|
NTAPI
|
|
RtlCaptureStackBackTrace (
|
|
IN ULONG FramesToSkip,
|
|
IN ULONG FramesToCapture,
|
|
OUT PVOID *BackTrace,
|
|
OUT PULONG BackTraceHash OPTIONAL
|
|
);
|
|
|
|
NTSYSAPI
|
|
SIZE_T
|
|
NTAPI
|
|
RtlCompareMemoryUlong (
|
|
PVOID Source,
|
|
SIZE_T Length,
|
|
ULONG Pattern
|
|
);
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
RtlCompressBuffer (
|
|
IN USHORT CompressionFormatAndEngine,
|
|
IN PUCHAR UncompressedBuffer,
|
|
IN ULONG UncompressedBufferSize,
|
|
OUT PUCHAR CompressedBuffer,
|
|
IN ULONG CompressedBufferSize,
|
|
IN ULONG UncompressedChunkSize,
|
|
OUT PULONG FinalCompressedSize,
|
|
IN PVOID WorkSpace
|
|
);
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
RtlCompressChunks (
|
|
IN PUCHAR UncompressedBuffer,
|
|
IN ULONG UncompressedBufferSize,
|
|
OUT PUCHAR CompressedBuffer,
|
|
IN ULONG CompressedBufferSize,
|
|
IN OUT PCOMPRESSED_DATA_INFO CompressedDataInfo,
|
|
IN ULONG CompressedDataInfoLength,
|
|
IN PVOID WorkSpace
|
|
);
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
RtlConvertSidToUnicodeString (
|
|
OUT PUNICODE_STRING DestinationString,
|
|
IN PSID Sid,
|
|
IN BOOLEAN AllocateDestinationString
|
|
);
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
RtlCopySid (
|
|
IN ULONG Length,
|
|
IN PSID Destination,
|
|
IN PSID Source
|
|
);
|
|
|
|
NTSYSAPI
|
|
BOOLEAN
|
|
NTAPI
|
|
RtlCreateUnicodeString(
|
|
PUNICODE_STRING DestinationString,
|
|
PCWSTR SourceString
|
|
);
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
RtlDecompressBuffer (
|
|
IN USHORT CompressionFormat,
|
|
OUT PUCHAR UncompressedBuffer,
|
|
IN ULONG UncompressedBufferSize,
|
|
IN PUCHAR CompressedBuffer,
|
|
IN ULONG CompressedBufferSize,
|
|
OUT PULONG FinalUncompressedSize
|
|
);
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
RtlDecompressChunks (
|
|
OUT PUCHAR UncompressedBuffer,
|
|
IN ULONG UncompressedBufferSize,
|
|
IN PUCHAR CompressedBuffer,
|
|
IN ULONG CompressedBufferSize,
|
|
IN PUCHAR CompressedTail,
|
|
IN ULONG CompressedTailSize,
|
|
IN PCOMPRESSED_DATA_INFO CompressedDataInfo
|
|
);
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
RtlDecompressFragment (
|
|
IN USHORT CompressionFormat,
|
|
OUT PUCHAR UncompressedFragment,
|
|
IN ULONG UncompressedFragmentSize,
|
|
IN PUCHAR CompressedBuffer,
|
|
IN ULONG CompressedBufferSize,
|
|
IN ULONG FragmentOffset,
|
|
OUT PULONG FinalUncompressedSize,
|
|
IN PVOID WorkSpace
|
|
);
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
RtlDescribeChunk (
|
|
IN USHORT CompressionFormat,
|
|
IN OUT PUCHAR *CompressedBuffer,
|
|
IN PUCHAR EndOfCompressedBufferPlus1,
|
|
OUT PUCHAR *ChunkBuffer,
|
|
OUT PULONG ChunkSize
|
|
);
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
RtlDowncaseUnicodeString(
|
|
IN OUT PUNICODE_STRING UniDest,
|
|
IN PCUNICODE_STRING UniSource,
|
|
IN BOOLEAN AllocateDestinationString
|
|
);
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
RtlDuplicateUnicodeString(
|
|
IN ULONG Flags,
|
|
IN PCUNICODE_STRING SourceString,
|
|
OUT PUNICODE_STRING DestinationString
|
|
);
|
|
|
|
NTSYSAPI
|
|
BOOLEAN
|
|
NTAPI
|
|
RtlEqualSid (
|
|
IN PSID Sid1,
|
|
IN PSID Sid2
|
|
);
|
|
|
|
NTSYSAPI
|
|
VOID
|
|
NTAPI
|
|
RtlFillMemoryUlong (
|
|
IN PVOID Destination,
|
|
IN ULONG Length,
|
|
IN ULONG Fill
|
|
);
|
|
|
|
NTSYSAPI
|
|
BOOLEAN
|
|
NTAPI
|
|
RtlFreeHeap (
|
|
IN HANDLE HeapHandle,
|
|
IN ULONG Flags,
|
|
IN PVOID P
|
|
);
|
|
|
|
NTSYSAPI
|
|
VOID
|
|
NTAPI
|
|
RtlFreeOemString (
|
|
IN POEM_STRING OemString
|
|
);
|
|
|
|
NTSYSAPI
|
|
VOID
|
|
NTAPI
|
|
RtlGenerate8dot3Name (
|
|
IN PUNICODE_STRING Name,
|
|
IN BOOLEAN AllowExtendedCharacters,
|
|
IN OUT PGENERATE_NAME_CONTEXT Context,
|
|
OUT PUNICODE_STRING Name8dot3
|
|
);
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
RtlGetCompressionWorkSpaceSize (
|
|
IN USHORT CompressionFormatAndEngine,
|
|
OUT PULONG CompressBufferWorkSpaceSize,
|
|
OUT PULONG CompressFragmentWorkSpaceSize
|
|
);
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
RtlGetDaclSecurityDescriptor (
|
|
IN PSECURITY_DESCRIPTOR SecurityDescriptor,
|
|
OUT PBOOLEAN DaclPresent,
|
|
OUT PACL *Dacl,
|
|
OUT PBOOLEAN DaclDefaulted
|
|
);
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
RtlGetGroupSecurityDescriptor (
|
|
IN PSECURITY_DESCRIPTOR SecurityDescriptor,
|
|
OUT PSID *Group,
|
|
OUT PBOOLEAN GroupDefaulted
|
|
);
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
RtlGetOwnerSecurityDescriptor (
|
|
IN PSECURITY_DESCRIPTOR SecurityDescriptor,
|
|
OUT PSID *Owner,
|
|
OUT PBOOLEAN OwnerDefaulted
|
|
);
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
RtlInitializeSid (
|
|
IN OUT PSID Sid,
|
|
IN PSID_IDENTIFIER_AUTHORITY IdentifierAuthority,
|
|
IN UCHAR SubAuthorityCount
|
|
);
|
|
|
|
NTSYSAPI
|
|
BOOLEAN
|
|
NTAPI
|
|
RtlIsNameLegalDOS8Dot3(
|
|
IN PCUNICODE_STRING Name,
|
|
IN OUT POEM_STRING OemName OPTIONAL,
|
|
IN OUT PBOOLEAN NameContainsSpaces OPTIONAL
|
|
);
|
|
|
|
NTSYSAPI
|
|
ULONG
|
|
NTAPI
|
|
RtlLengthRequiredSid (
|
|
IN ULONG SubAuthorityCount
|
|
);
|
|
|
|
NTSYSAPI
|
|
ULONG
|
|
NTAPI
|
|
RtlLengthSid (
|
|
IN PSID Sid
|
|
);
|
|
|
|
NTSYSAPI
|
|
ULONG
|
|
NTAPI
|
|
RtlNtStatusToDosError (
|
|
IN NTSTATUS Status
|
|
);
|
|
|
|
NTSYSAPI
|
|
ULONG
|
|
NTAPI
|
|
RtlxUnicodeStringToOemSize(
|
|
PCUNICODE_STRING UnicodeString
|
|
);
|
|
|
|
NTSYSAPI
|
|
ULONG
|
|
NTAPI
|
|
RtlxOemStringToUnicodeSize(
|
|
PCOEM_STRING OemString
|
|
);
|
|
|
|
#define RtlOemStringToUnicodeSize(STRING) ( \
|
|
NLS_MB_OEM_CODE_PAGE_TAG ? \
|
|
RtlxOemStringToUnicodeSize(STRING) : \
|
|
((STRING)->Length + sizeof(ANSI_NULL)) * sizeof(WCHAR) \
|
|
)
|
|
|
|
#define RtlOemStringToCountedUnicodeSize(STRING) ( \
|
|
(ULONG)(RtlOemStringToUnicodeSize(STRING) - sizeof(UNICODE_NULL)) \
|
|
)
|
|
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
RtlOemStringToUnicodeString(
|
|
IN OUT PUNICODE_STRING DestinationString,
|
|
IN PCOEM_STRING SourceString,
|
|
IN BOOLEAN AllocateDestinationString
|
|
);
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
RtlUnicodeStringToOemString(
|
|
IN OUT POEM_STRING DestinationString,
|
|
IN PCUNICODE_STRING SourceString,
|
|
IN BOOLEAN AllocateDestinationString
|
|
);
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
RtlOemStringToCountedUnicodeString(
|
|
IN OUT PUNICODE_STRING DestinationString,
|
|
IN PCOEM_STRING SourceString,
|
|
IN BOOLEAN AllocateDestinationString
|
|
);
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
RtlUnicodeStringToCountedOemString(
|
|
IN OUT POEM_STRING DestinationString,
|
|
IN PCUNICODE_STRING SourceString,
|
|
IN BOOLEAN AllocateDestinationString
|
|
);
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
RtlReserveChunk (
|
|
IN USHORT CompressionFormat,
|
|
IN OUT PUCHAR *CompressedBuffer,
|
|
IN PUCHAR EndOfCompressedBufferPlus1,
|
|
OUT PUCHAR *ChunkBuffer,
|
|
IN ULONG ChunkSize
|
|
);
|
|
|
|
NTSYSAPI
|
|
VOID
|
|
NTAPI
|
|
RtlSecondsSince1970ToTime (
|
|
IN ULONG SecondsSince1970,
|
|
OUT PLARGE_INTEGER Time
|
|
);
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
RtlSetGroupSecurityDescriptor (
|
|
IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor,
|
|
IN PSID Group,
|
|
IN BOOLEAN GroupDefaulted
|
|
);
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
RtlSetOwnerSecurityDescriptor (
|
|
IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor,
|
|
IN PSID Owner,
|
|
IN BOOLEAN OwnerDefaulted
|
|
);
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
RtlSetSaclSecurityDescriptor (
|
|
IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor,
|
|
IN BOOLEAN SaclPresent,
|
|
IN PACL Sacl,
|
|
IN BOOLEAN SaclDefaulted
|
|
);
|
|
|
|
NTSYSAPI
|
|
PUCHAR
|
|
NTAPI
|
|
RtlSubAuthorityCountSid (
|
|
IN PSID Sid
|
|
);
|
|
|
|
NTSYSAPI
|
|
PULONG
|
|
NTAPI
|
|
RtlSubAuthoritySid (
|
|
IN PSID Sid,
|
|
IN ULONG SubAuthority
|
|
);
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
RtlUnicodeStringToCountedOemString (
|
|
IN OUT POEM_STRING DestinationString,
|
|
IN PCUNICODE_STRING SourceString,
|
|
IN BOOLEAN AllocateDestinationString
|
|
);
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
RtlUnicodeToMultiByteN(
|
|
OUT PCHAR MultiByteString,
|
|
IN ULONG MaxBytesInMultiByteString,
|
|
OUT PULONG BytesInMultiByteString OPTIONAL,
|
|
IN PWCH UnicodeString,
|
|
IN ULONG BytesInUnicodeString
|
|
);
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
RtlOemToUnicodeN(
|
|
OUT PWSTR UnicodeString,
|
|
IN ULONG MaxBytesInUnicodeString,
|
|
OUT PULONG BytesInUnicodeString OPTIONAL,
|
|
IN PCH OemString,
|
|
IN ULONG BytesInOemString
|
|
);
|
|
|
|
/* RTL Splay Tree Functions */
|
|
NTSYSAPI
|
|
PRTL_SPLAY_LINKS
|
|
NTAPI
|
|
RtlSplay(PRTL_SPLAY_LINKS Links);
|
|
|
|
NTSYSAPI
|
|
PRTL_SPLAY_LINKS
|
|
NTAPI
|
|
RtlDelete(PRTL_SPLAY_LINKS Links);
|
|
|
|
NTSYSAPI
|
|
VOID
|
|
NTAPI
|
|
RtlDeleteNoSplay(
|
|
PRTL_SPLAY_LINKS Links,
|
|
PRTL_SPLAY_LINKS *Root
|
|
);
|
|
|
|
NTSYSAPI
|
|
PRTL_SPLAY_LINKS
|
|
NTAPI
|
|
RtlSubtreeSuccessor(PRTL_SPLAY_LINKS Links);
|
|
|
|
NTSYSAPI
|
|
PRTL_SPLAY_LINKS
|
|
NTAPI
|
|
RtlSubtreePredecessor(PRTL_SPLAY_LINKS Links);
|
|
|
|
NTSYSAPI
|
|
PRTL_SPLAY_LINKS
|
|
NTAPI
|
|
RtlRealSuccessor(PRTL_SPLAY_LINKS Links);
|
|
|
|
NTSYSAPI
|
|
PRTL_SPLAY_LINKS
|
|
NTAPI
|
|
RtlRealPredecessor(PRTL_SPLAY_LINKS Links);
|
|
|
|
#define RtlIsLeftChild(Links) \
|
|
(RtlLeftChild(RtlParent(Links)) == (PRTL_SPLAY_LINKS)(Links))
|
|
|
|
#define RtlIsRightChild(Links) \
|
|
(RtlRightChild(RtlParent(Links)) == (PRTL_SPLAY_LINKS)(Links))
|
|
|
|
#define RtlRightChild(Links) \
|
|
((PRTL_SPLAY_LINKS)(Links))->RightChild
|
|
|
|
#define RtlIsRoot(Links) \
|
|
(RtlParent(Links) == (PRTL_SPLAY_LINKS)(Links))
|
|
|
|
#define RtlLeftChild(Links) \
|
|
((PRTL_SPLAY_LINKS)(Links))->LeftChild
|
|
|
|
#define RtlParent(Links) \
|
|
((PRTL_SPLAY_LINKS)(Links))->Parent
|
|
|
|
#define RtlInitializeSplayLinks(Links) \
|
|
{ \
|
|
PRTL_SPLAY_LINKS _SplayLinks; \
|
|
_SplayLinks = (PRTL_SPLAY_LINKS)(Links); \
|
|
_SplayLinks->Parent = _SplayLinks; \
|
|
_SplayLinks->LeftChild = NULL; \
|
|
_SplayLinks->RightChild = NULL; \
|
|
}
|
|
|
|
#define RtlInsertAsLeftChild(ParentLinks,ChildLinks) \
|
|
{ \
|
|
PRTL_SPLAY_LINKS _SplayParent; \
|
|
PRTL_SPLAY_LINKS _SplayChild; \
|
|
_SplayParent = (PRTL_SPLAY_LINKS)(ParentLinks); \
|
|
_SplayChild = (PRTL_SPLAY_LINKS)(ChildLinks); \
|
|
_SplayParent->LeftChild = _SplayChild; \
|
|
_SplayChild->Parent = _SplayParent; \
|
|
}
|
|
|
|
#define RtlInsertAsRightChild(ParentLinks,ChildLinks) \
|
|
{ \
|
|
PRTL_SPLAY_LINKS _SplayParent; \
|
|
PRTL_SPLAY_LINKS _SplayChild; \
|
|
_SplayParent = (PRTL_SPLAY_LINKS)(ParentLinks); \
|
|
_SplayChild = (PRTL_SPLAY_LINKS)(ChildLinks); \
|
|
_SplayParent->RightChild = _SplayChild; \
|
|
_SplayChild->Parent = _SplayParent; \
|
|
}
|
|
|
|
NTSYSAPI
|
|
BOOLEAN
|
|
NTAPI
|
|
RtlValidSid (
|
|
IN PSID Sid
|
|
);
|
|
|
|
//
|
|
// RTL time functions
|
|
//
|
|
|
|
NTSYSAPI
|
|
BOOLEAN
|
|
NTAPI
|
|
RtlTimeToSecondsSince1980 (
|
|
PLARGE_INTEGER Time,
|
|
PULONG ElapsedSeconds
|
|
);
|
|
|
|
NTSYSAPI
|
|
VOID
|
|
NTAPI
|
|
RtlSecondsSince1980ToTime (
|
|
ULONG ElapsedSeconds,
|
|
PLARGE_INTEGER Time
|
|
);
|
|
|
|
NTSYSAPI
|
|
BOOLEAN
|
|
NTAPI
|
|
RtlTimeToSecondsSince1970 (
|
|
PLARGE_INTEGER Time,
|
|
PULONG ElapsedSeconds
|
|
);
|
|
|
|
NTSYSAPI
|
|
VOID
|
|
NTAPI
|
|
RtlSecondsSince1970ToTime (
|
|
ULONG ElapsedSeconds,
|
|
PLARGE_INTEGER Time
|
|
);
|
|
|
|
NTKERNELAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
SeAppendPrivileges (
|
|
PACCESS_STATE AccessState,
|
|
PPRIVILEGE_SET Privileges
|
|
);
|
|
|
|
NTKERNELAPI
|
|
BOOLEAN
|
|
NTAPI
|
|
SeAuditingFileEvents (
|
|
IN BOOLEAN AccessGranted,
|
|
IN PSECURITY_DESCRIPTOR SecurityDescriptor
|
|
);
|
|
|
|
NTKERNELAPI
|
|
BOOLEAN
|
|
NTAPI
|
|
SeAuditingFileOrGlobalEvents (
|
|
IN BOOLEAN AccessGranted,
|
|
IN PSECURITY_DESCRIPTOR SecurityDescriptor,
|
|
IN PSECURITY_SUBJECT_CONTEXT SubjectContext
|
|
);
|
|
|
|
NTKERNELAPI
|
|
VOID
|
|
NTAPI
|
|
SeCaptureSubjectContext (
|
|
OUT PSECURITY_SUBJECT_CONTEXT SubjectContext
|
|
);
|
|
|
|
NTKERNELAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
SeCreateClientSecurity (
|
|
IN PETHREAD Thread,
|
|
IN PSECURITY_QUALITY_OF_SERVICE QualityOfService,
|
|
IN BOOLEAN RemoteClient,
|
|
OUT PSECURITY_CLIENT_CONTEXT ClientContext
|
|
);
|
|
|
|
#if (VER_PRODUCTBUILD >= 2195)
|
|
|
|
NTKERNELAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
SeCreateClientSecurityFromSubjectContext (
|
|
IN PSECURITY_SUBJECT_CONTEXT SubjectContext,
|
|
IN PSECURITY_QUALITY_OF_SERVICE QualityOfService,
|
|
IN BOOLEAN ServerIsRemote,
|
|
OUT PSECURITY_CLIENT_CONTEXT ClientContext
|
|
);
|
|
|
|
#endif /* (VER_PRODUCTBUILD >= 2195) */
|
|
|
|
|
|
#define SeLengthSid( Sid ) \
|
|
(8 + (4 * ((SID *)Sid)->SubAuthorityCount))
|
|
|
|
#define SeDeleteClientSecurity(C) { \
|
|
if (SeTokenType((C)->ClientToken) == TokenPrimary) { \
|
|
PsDereferencePrimaryToken( (C)->ClientToken ); \
|
|
} else { \
|
|
PsDereferenceImpersonationToken( (C)->ClientToken ); \
|
|
} \
|
|
}
|
|
|
|
NTKERNELAPI
|
|
VOID
|
|
NTAPI
|
|
SeDeleteObjectAuditAlarm (
|
|
IN PVOID Object,
|
|
IN HANDLE Handle
|
|
);
|
|
|
|
#define SeEnableAccessToExports() SeExports = *(PSE_EXPORTS *)SeExports;
|
|
|
|
NTKERNELAPI
|
|
VOID
|
|
NTAPI
|
|
SeFreePrivileges (
|
|
IN PPRIVILEGE_SET Privileges
|
|
);
|
|
|
|
NTKERNELAPI
|
|
VOID
|
|
NTAPI
|
|
SeImpersonateClient (
|
|
IN PSECURITY_CLIENT_CONTEXT ClientContext,
|
|
IN PETHREAD ServerThread OPTIONAL
|
|
);
|
|
|
|
#if (VER_PRODUCTBUILD >= 2195)
|
|
|
|
NTKERNELAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
SeImpersonateClientEx (
|
|
IN PSECURITY_CLIENT_CONTEXT ClientContext,
|
|
IN PETHREAD ServerThread OPTIONAL
|
|
);
|
|
|
|
#endif /* (VER_PRODUCTBUILD >= 2195) */
|
|
|
|
NTKERNELAPI
|
|
VOID
|
|
NTAPI
|
|
SeLockSubjectContext (
|
|
IN PSECURITY_SUBJECT_CONTEXT SubjectContext
|
|
);
|
|
|
|
NTKERNELAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
SeMarkLogonSessionForTerminationNotification (
|
|
IN PLUID LogonId
|
|
);
|
|
|
|
NTKERNELAPI
|
|
VOID
|
|
NTAPI
|
|
SeOpenObjectAuditAlarm (
|
|
IN PUNICODE_STRING ObjectTypeName,
|
|
IN PVOID Object OPTIONAL,
|
|
IN PUNICODE_STRING AbsoluteObjectName OPTIONAL,
|
|
IN PSECURITY_DESCRIPTOR SecurityDescriptor,
|
|
IN PACCESS_STATE AccessState,
|
|
IN BOOLEAN ObjectCreated,
|
|
IN BOOLEAN AccessGranted,
|
|
IN KPROCESSOR_MODE AccessMode,
|
|
OUT PBOOLEAN GenerateOnClose
|
|
);
|
|
|
|
NTKERNELAPI
|
|
VOID
|
|
NTAPI
|
|
SeOpenObjectForDeleteAuditAlarm (
|
|
IN PUNICODE_STRING ObjectTypeName,
|
|
IN PVOID Object OPTIONAL,
|
|
IN PUNICODE_STRING AbsoluteObjectName OPTIONAL,
|
|
IN PSECURITY_DESCRIPTOR SecurityDescriptor,
|
|
IN PACCESS_STATE AccessState,
|
|
IN BOOLEAN ObjectCreated,
|
|
IN BOOLEAN AccessGranted,
|
|
IN KPROCESSOR_MODE AccessMode,
|
|
OUT PBOOLEAN GenerateOnClose
|
|
);
|
|
|
|
NTKERNELAPI
|
|
BOOLEAN
|
|
NTAPI
|
|
SePrivilegeCheck (
|
|
IN OUT PPRIVILEGE_SET RequiredPrivileges,
|
|
IN PSECURITY_SUBJECT_CONTEXT SubjectContext,
|
|
IN KPROCESSOR_MODE AccessMode
|
|
);
|
|
|
|
NTKERNELAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
SeQueryAuthenticationIdToken (
|
|
IN PACCESS_TOKEN Token,
|
|
OUT PLUID LogonId
|
|
);
|
|
|
|
#if (VER_PRODUCTBUILD >= 2195)
|
|
|
|
NTKERNELAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
SeQueryInformationToken (
|
|
IN PACCESS_TOKEN Token,
|
|
IN TOKEN_INFORMATION_CLASS TokenInformationClass,
|
|
OUT PVOID *TokenInformation
|
|
);
|
|
|
|
#endif /* (VER_PRODUCTBUILD >= 2195) */
|
|
|
|
NTKERNELAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
SeQuerySecurityDescriptorInfo (
|
|
IN PSECURITY_INFORMATION SecurityInformation,
|
|
OUT PSECURITY_DESCRIPTOR SecurityDescriptor,
|
|
IN OUT PULONG Length,
|
|
IN PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor
|
|
);
|
|
|
|
#if (VER_PRODUCTBUILD >= 2195)
|
|
|
|
NTKERNELAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
SeQuerySessionIdToken (
|
|
IN PACCESS_TOKEN Token,
|
|
IN PULONG SessionId
|
|
);
|
|
|
|
#endif /* (VER_PRODUCTBUILD >= 2195) */
|
|
|
|
#define SeQuerySubjectContextToken( SubjectContext ) \
|
|
( ARGUMENT_PRESENT( \
|
|
((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->ClientToken \
|
|
) ? \
|
|
((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->ClientToken : \
|
|
((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->PrimaryToken )
|
|
|
|
typedef NTSTATUS (NTAPI *PSE_LOGON_SESSION_TERMINATED_ROUTINE) (
|
|
IN PLUID LogonId
|
|
);
|
|
|
|
NTKERNELAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
SeRegisterLogonSessionTerminatedRoutine (
|
|
IN PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine
|
|
);
|
|
|
|
NTKERNELAPI
|
|
VOID
|
|
NTAPI
|
|
SeReleaseSubjectContext (
|
|
IN PSECURITY_SUBJECT_CONTEXT SubjectContext
|
|
);
|
|
|
|
NTKERNELAPI
|
|
VOID
|
|
NTAPI
|
|
SeSetAccessStateGenericMapping (
|
|
PACCESS_STATE AccessState,
|
|
PGENERIC_MAPPING GenericMapping
|
|
);
|
|
|
|
NTKERNELAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
SeSetSecurityDescriptorInfo (
|
|
IN PVOID Object OPTIONAL,
|
|
IN PSECURITY_INFORMATION SecurityInformation,
|
|
IN PSECURITY_DESCRIPTOR SecurityDescriptor,
|
|
IN OUT PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor,
|
|
IN POOL_TYPE PoolType,
|
|
IN PGENERIC_MAPPING GenericMapping
|
|
);
|
|
|
|
#if (VER_PRODUCTBUILD >= 2195)
|
|
|
|
NTKERNELAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
SeSetSecurityDescriptorInfoEx (
|
|
IN PVOID Object OPTIONAL,
|
|
IN PSECURITY_INFORMATION SecurityInformation,
|
|
IN PSECURITY_DESCRIPTOR ModificationDescriptor,
|
|
IN OUT PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor,
|
|
IN ULONG AutoInheritFlags,
|
|
IN POOL_TYPE PoolType,
|
|
IN PGENERIC_MAPPING GenericMapping
|
|
);
|
|
|
|
NTKERNELAPI
|
|
BOOLEAN
|
|
NTAPI
|
|
SeTokenIsAdmin (
|
|
IN PACCESS_TOKEN Token
|
|
);
|
|
|
|
NTKERNELAPI
|
|
BOOLEAN
|
|
NTAPI
|
|
SeTokenIsRestricted (
|
|
IN PACCESS_TOKEN Token
|
|
);
|
|
|
|
|
|
NTSTATUS
|
|
NTAPI
|
|
SeLocateProcessImageName(
|
|
IN PEPROCESS Process,
|
|
OUT PUNICODE_STRING *pImageFileName
|
|
);
|
|
|
|
#endif /* (VER_PRODUCTBUILD >= 2195) */
|
|
|
|
NTKERNELAPI
|
|
TOKEN_TYPE
|
|
NTAPI
|
|
SeTokenType (
|
|
IN PACCESS_TOKEN Token
|
|
);
|
|
|
|
NTKERNELAPI
|
|
VOID
|
|
NTAPI
|
|
SeUnlockSubjectContext (
|
|
IN PSECURITY_SUBJECT_CONTEXT SubjectContext
|
|
);
|
|
|
|
NTKERNELAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
SeUnregisterLogonSessionTerminatedRoutine (
|
|
IN PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine
|
|
);
|
|
|
|
#if (VER_PRODUCTBUILD >= 2195)
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwAdjustPrivilegesToken (
|
|
IN HANDLE TokenHandle,
|
|
IN BOOLEAN DisableAllPrivileges,
|
|
IN PTOKEN_PRIVILEGES NewState,
|
|
IN ULONG BufferLength,
|
|
OUT PTOKEN_PRIVILEGES PreviousState OPTIONAL,
|
|
OUT PULONG ReturnLength
|
|
);
|
|
|
|
#endif /* (VER_PRODUCTBUILD >= 2195) */
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwAlertThread (
|
|
IN HANDLE ThreadHandle
|
|
);
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwAllocateVirtualMemory (
|
|
IN HANDLE ProcessHandle,
|
|
IN OUT PVOID *BaseAddress,
|
|
IN ULONG_PTR ZeroBits,
|
|
IN OUT PSIZE_T RegionSize,
|
|
IN ULONG AllocationType,
|
|
IN ULONG Protect
|
|
);
|
|
|
|
NTSTATUS
|
|
NTAPI
|
|
NtAccessCheckByTypeAndAuditAlarm(
|
|
IN PUNICODE_STRING SubsystemName,
|
|
IN HANDLE HandleId,
|
|
IN PUNICODE_STRING ObjectTypeName,
|
|
IN PUNICODE_STRING ObjectName,
|
|
IN PSECURITY_DESCRIPTOR SecurityDescriptor,
|
|
IN PSID PrincipalSelfSid,
|
|
IN ACCESS_MASK DesiredAccess,
|
|
IN AUDIT_EVENT_TYPE AuditType,
|
|
IN ULONG Flags,
|
|
IN POBJECT_TYPE_LIST ObjectTypeList,
|
|
IN ULONG ObjectTypeLength,
|
|
IN PGENERIC_MAPPING GenericMapping,
|
|
IN BOOLEAN ObjectCreation,
|
|
OUT PACCESS_MASK GrantedAccess,
|
|
OUT PNTSTATUS AccessStatus,
|
|
OUT PBOOLEAN GenerateOnClose
|
|
);
|
|
|
|
NTSTATUS
|
|
NTAPI
|
|
NtAccessCheckByTypeResultListAndAuditAlarm(
|
|
IN PUNICODE_STRING SubsystemName,
|
|
IN HANDLE HandleId,
|
|
IN PUNICODE_STRING ObjectTypeName,
|
|
IN PUNICODE_STRING ObjectName,
|
|
IN PSECURITY_DESCRIPTOR SecurityDescriptor,
|
|
IN PSID PrincipalSelfSid,
|
|
IN ACCESS_MASK DesiredAccess,
|
|
IN AUDIT_EVENT_TYPE AuditType,
|
|
IN ULONG Flags,
|
|
IN POBJECT_TYPE_LIST ObjectTypeList,
|
|
IN ULONG ObjectTypeLength,
|
|
IN PGENERIC_MAPPING GenericMapping,
|
|
IN BOOLEAN ObjectCreation,
|
|
OUT PACCESS_MASK GrantedAccess,
|
|
OUT PNTSTATUS AccessStatus,
|
|
OUT PBOOLEAN GenerateOnClose
|
|
);
|
|
|
|
NTSTATUS
|
|
NTAPI
|
|
NtAccessCheckByTypeResultListAndAuditAlarmByHandle(
|
|
IN PUNICODE_STRING SubsystemName,
|
|
IN HANDLE HandleId,
|
|
IN HANDLE ClientToken,
|
|
IN PUNICODE_STRING ObjectTypeName,
|
|
IN PUNICODE_STRING ObjectName,
|
|
IN PSECURITY_DESCRIPTOR SecurityDescriptor,
|
|
IN PSID PrincipalSelfSid,
|
|
IN ACCESS_MASK DesiredAccess,
|
|
IN AUDIT_EVENT_TYPE AuditType,
|
|
IN ULONG Flags,
|
|
IN POBJECT_TYPE_LIST ObjectTypeList,
|
|
IN ULONG ObjectTypeLength,
|
|
IN PGENERIC_MAPPING GenericMapping,
|
|
IN BOOLEAN ObjectCreation,
|
|
OUT PACCESS_MASK GrantedAccess,
|
|
OUT PNTSTATUS AccessStatus,
|
|
OUT PBOOLEAN GenerateOnClose
|
|
);
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwAccessCheckAndAuditAlarm (
|
|
IN PUNICODE_STRING SubsystemName,
|
|
IN PVOID HandleId,
|
|
IN PUNICODE_STRING ObjectTypeName,
|
|
IN PUNICODE_STRING ObjectName,
|
|
IN PSECURITY_DESCRIPTOR SecurityDescriptor,
|
|
IN ACCESS_MASK DesiredAccess,
|
|
IN PGENERIC_MAPPING GenericMapping,
|
|
IN BOOLEAN ObjectCreation,
|
|
OUT PACCESS_MASK GrantedAccess,
|
|
OUT PBOOLEAN AccessStatus,
|
|
OUT PBOOLEAN GenerateOnClose
|
|
);
|
|
|
|
#if (VER_PRODUCTBUILD >= 2195)
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwCancelIoFile (
|
|
IN HANDLE FileHandle,
|
|
OUT PIO_STATUS_BLOCK IoStatusBlock
|
|
);
|
|
|
|
#endif /* (VER_PRODUCTBUILD >= 2195) */
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwClearEvent (
|
|
IN HANDLE EventHandle
|
|
);
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwCloseObjectAuditAlarm (
|
|
IN PUNICODE_STRING SubsystemName,
|
|
IN PVOID HandleId,
|
|
IN BOOLEAN GenerateOnClose
|
|
);
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwCreateSection (
|
|
OUT PHANDLE SectionHandle,
|
|
IN ACCESS_MASK DesiredAccess,
|
|
IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
|
|
IN PLARGE_INTEGER MaximumSize OPTIONAL,
|
|
IN ULONG SectionPageProtection,
|
|
IN ULONG AllocationAttributes,
|
|
IN HANDLE FileHandle OPTIONAL
|
|
);
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwCreateSymbolicLinkObject (
|
|
OUT PHANDLE SymbolicLinkHandle,
|
|
IN ACCESS_MASK DesiredAccess,
|
|
IN POBJECT_ATTRIBUTES ObjectAttributes,
|
|
IN PUNICODE_STRING TargetName
|
|
);
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwDeleteFile (
|
|
IN POBJECT_ATTRIBUTES ObjectAttributes
|
|
);
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwDeleteValueKey (
|
|
IN HANDLE Handle,
|
|
IN PUNICODE_STRING Name
|
|
);
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwDeviceIoControlFile (
|
|
IN HANDLE FileHandle,
|
|
IN HANDLE Event OPTIONAL,
|
|
IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
|
|
IN PVOID ApcContext OPTIONAL,
|
|
OUT PIO_STATUS_BLOCK IoStatusBlock,
|
|
IN ULONG IoControlCode,
|
|
IN PVOID InputBuffer OPTIONAL,
|
|
IN ULONG InputBufferLength,
|
|
OUT PVOID OutputBuffer OPTIONAL,
|
|
IN ULONG OutputBufferLength
|
|
);
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwDisplayString (
|
|
IN PUNICODE_STRING String
|
|
);
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwDuplicateObject (
|
|
IN HANDLE SourceProcessHandle,
|
|
IN HANDLE SourceHandle,
|
|
IN HANDLE TargetProcessHandle OPTIONAL,
|
|
OUT PHANDLE TargetHandle OPTIONAL,
|
|
IN ACCESS_MASK DesiredAccess,
|
|
IN ULONG HandleAttributes,
|
|
IN ULONG Options
|
|
);
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwDuplicateToken (
|
|
IN HANDLE ExistingTokenHandle,
|
|
IN ACCESS_MASK DesiredAccess,
|
|
IN POBJECT_ATTRIBUTES ObjectAttributes,
|
|
IN BOOLEAN EffectiveOnly,
|
|
IN TOKEN_TYPE TokenType,
|
|
OUT PHANDLE NewTokenHandle
|
|
);
|
|
|
|
NTSTATUS
|
|
NTAPI
|
|
NtFilterToken(
|
|
IN HANDLE ExistingTokenHandle,
|
|
IN ULONG Flags,
|
|
IN PTOKEN_GROUPS SidsToDisable OPTIONAL,
|
|
IN PTOKEN_PRIVILEGES PrivilegesToDelete OPTIONAL,
|
|
IN PTOKEN_GROUPS RestrictedSids OPTIONAL,
|
|
OUT PHANDLE NewTokenHandle
|
|
);
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwFlushInstructionCache (
|
|
IN HANDLE ProcessHandle,
|
|
IN PVOID BaseAddress OPTIONAL,
|
|
IN ULONG FlushSize
|
|
);
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwFlushBuffersFile(
|
|
IN HANDLE FileHandle,
|
|
OUT PIO_STATUS_BLOCK IoStatusBlock
|
|
);
|
|
|
|
#if (VER_PRODUCTBUILD >= 2195)
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwFlushVirtualMemory (
|
|
IN HANDLE ProcessHandle,
|
|
IN OUT PVOID *BaseAddress,
|
|
IN OUT PULONG FlushSize,
|
|
OUT PIO_STATUS_BLOCK IoStatusBlock
|
|
);
|
|
|
|
#endif /* (VER_PRODUCTBUILD >= 2195) */
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwFreeVirtualMemory (
|
|
IN HANDLE ProcessHandle,
|
|
IN OUT PVOID *BaseAddress,
|
|
IN OUT PSIZE_T RegionSize,
|
|
IN ULONG FreeType
|
|
);
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwFsControlFile (
|
|
IN HANDLE FileHandle,
|
|
IN HANDLE Event OPTIONAL,
|
|
IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
|
|
IN PVOID ApcContext OPTIONAL,
|
|
OUT PIO_STATUS_BLOCK IoStatusBlock,
|
|
IN ULONG FsControlCode,
|
|
IN PVOID InputBuffer OPTIONAL,
|
|
IN ULONG InputBufferLength,
|
|
OUT PVOID OutputBuffer OPTIONAL,
|
|
IN ULONG OutputBufferLength
|
|
);
|
|
|
|
#if (VER_PRODUCTBUILD >= 2195)
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwInitiatePowerAction (
|
|
IN POWER_ACTION SystemAction,
|
|
IN SYSTEM_POWER_STATE MinSystemState,
|
|
IN ULONG Flags,
|
|
IN BOOLEAN Asynchronous
|
|
);
|
|
|
|
#endif /* (VER_PRODUCTBUILD >= 2195) */
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwLoadDriver (
|
|
/* "\\Registry\\Machine\\System\\CurrentControlSet\\Services\\<DriverName>" */
|
|
IN PUNICODE_STRING RegistryPath
|
|
);
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwLoadKey (
|
|
IN POBJECT_ATTRIBUTES KeyObjectAttributes,
|
|
IN POBJECT_ATTRIBUTES FileObjectAttributes
|
|
);
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwNotifyChangeKey (
|
|
IN HANDLE KeyHandle,
|
|
IN HANDLE EventHandle OPTIONAL,
|
|
IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
|
|
IN PVOID ApcContext OPTIONAL,
|
|
OUT PIO_STATUS_BLOCK IoStatusBlock,
|
|
IN ULONG NotifyFilter,
|
|
IN BOOLEAN WatchSubtree,
|
|
IN PVOID Buffer,
|
|
IN ULONG BufferLength,
|
|
IN BOOLEAN Asynchronous
|
|
);
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwOpenDirectoryObject (
|
|
OUT PHANDLE DirectoryHandle,
|
|
IN ACCESS_MASK DesiredAccess,
|
|
IN POBJECT_ATTRIBUTES ObjectAttributes
|
|
);
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwOpenEvent (
|
|
OUT PHANDLE EventHandle,
|
|
IN ACCESS_MASK DesiredAccess,
|
|
IN POBJECT_ATTRIBUTES ObjectAttributes
|
|
);
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwOpenProcess (
|
|
OUT PHANDLE ProcessHandle,
|
|
IN ACCESS_MASK DesiredAccess,
|
|
IN POBJECT_ATTRIBUTES ObjectAttributes,
|
|
IN PCLIENT_ID ClientId OPTIONAL
|
|
);
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwOpenProcessToken (
|
|
IN HANDLE ProcessHandle,
|
|
IN ACCESS_MASK DesiredAccess,
|
|
OUT PHANDLE TokenHandle
|
|
);
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwOpenThread (
|
|
OUT PHANDLE ThreadHandle,
|
|
IN ACCESS_MASK DesiredAccess,
|
|
IN POBJECT_ATTRIBUTES ObjectAttributes,
|
|
IN PCLIENT_ID ClientId
|
|
);
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwOpenThreadToken (
|
|
IN HANDLE ThreadHandle,
|
|
IN ACCESS_MASK DesiredAccess,
|
|
IN BOOLEAN OpenAsSelf,
|
|
OUT PHANDLE TokenHandle
|
|
);
|
|
|
|
#if (VER_PRODUCTBUILD >= 2195)
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwPowerInformation (
|
|
IN POWER_INFORMATION_LEVEL PowerInformationLevel,
|
|
IN PVOID InputBuffer OPTIONAL,
|
|
IN ULONG InputBufferLength,
|
|
OUT PVOID OutputBuffer OPTIONAL,
|
|
IN ULONG OutputBufferLength
|
|
);
|
|
|
|
#endif /* (VER_PRODUCTBUILD >= 2195) */
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwPulseEvent (
|
|
IN HANDLE EventHandle,
|
|
OUT PLONG PreviousState OPTIONAL
|
|
);
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwQueryDefaultLocale (
|
|
IN BOOLEAN ThreadOrSystem,
|
|
OUT PLCID Locale
|
|
);
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwQueryDirectoryFile (
|
|
IN HANDLE FileHandle,
|
|
IN HANDLE Event OPTIONAL,
|
|
IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
|
|
IN PVOID ApcContext OPTIONAL,
|
|
OUT PIO_STATUS_BLOCK IoStatusBlock,
|
|
OUT PVOID FileInformation,
|
|
IN ULONG Length,
|
|
IN FILE_INFORMATION_CLASS FileInformationClass,
|
|
IN BOOLEAN ReturnSingleEntry,
|
|
IN PUNICODE_STRING FileName OPTIONAL,
|
|
IN BOOLEAN RestartScan
|
|
);
|
|
|
|
#if (VER_PRODUCTBUILD >= 2195)
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwQueryDirectoryObject (
|
|
IN HANDLE DirectoryHandle,
|
|
OUT PVOID Buffer,
|
|
IN ULONG Length,
|
|
IN BOOLEAN ReturnSingleEntry,
|
|
IN BOOLEAN RestartScan,
|
|
IN OUT PULONG Context,
|
|
OUT PULONG ReturnLength OPTIONAL
|
|
);
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwQueryEaFile (
|
|
IN HANDLE FileHandle,
|
|
OUT PIO_STATUS_BLOCK IoStatusBlock,
|
|
OUT PVOID Buffer,
|
|
IN ULONG Length,
|
|
IN BOOLEAN ReturnSingleEntry,
|
|
IN PVOID EaList OPTIONAL,
|
|
IN ULONG EaListLength,
|
|
IN PULONG EaIndex OPTIONAL,
|
|
IN BOOLEAN RestartScan
|
|
);
|
|
|
|
#endif /* (VER_PRODUCTBUILD >= 2195) */
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwQueryInformationProcess (
|
|
IN HANDLE ProcessHandle,
|
|
IN PROCESSINFOCLASS ProcessInformationClass,
|
|
OUT PVOID ProcessInformation,
|
|
IN ULONG ProcessInformationLength,
|
|
OUT PULONG ReturnLength OPTIONAL
|
|
);
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwQueryInformationToken (
|
|
IN HANDLE TokenHandle,
|
|
IN TOKEN_INFORMATION_CLASS TokenInformationClass,
|
|
OUT PVOID TokenInformation,
|
|
IN ULONG Length,
|
|
OUT PULONG ResultLength
|
|
);
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwQuerySecurityObject (
|
|
IN HANDLE FileHandle,
|
|
IN SECURITY_INFORMATION SecurityInformation,
|
|
OUT PSECURITY_DESCRIPTOR SecurityDescriptor,
|
|
IN ULONG Length,
|
|
OUT PULONG ResultLength
|
|
);
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwQueryVolumeInformationFile (
|
|
IN HANDLE FileHandle,
|
|
OUT PIO_STATUS_BLOCK IoStatusBlock,
|
|
OUT PVOID FsInformation,
|
|
IN ULONG Length,
|
|
IN FS_INFORMATION_CLASS FsInformationClass
|
|
);
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwReplaceKey (
|
|
IN POBJECT_ATTRIBUTES NewFileObjectAttributes,
|
|
IN HANDLE KeyHandle,
|
|
IN POBJECT_ATTRIBUTES OldFileObjectAttributes
|
|
);
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwResetEvent (
|
|
IN HANDLE EventHandle,
|
|
OUT PLONG PreviousState OPTIONAL
|
|
);
|
|
|
|
#if (VER_PRODUCTBUILD >= 2195)
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwRestoreKey (
|
|
IN HANDLE KeyHandle,
|
|
IN HANDLE FileHandle,
|
|
IN ULONG Flags
|
|
);
|
|
|
|
#endif /* (VER_PRODUCTBUILD >= 2195) */
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwSaveKey (
|
|
IN HANDLE KeyHandle,
|
|
IN HANDLE FileHandle
|
|
);
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwSetDefaultLocale (
|
|
IN BOOLEAN ThreadOrSystem,
|
|
IN LCID Locale
|
|
);
|
|
|
|
#if (VER_PRODUCTBUILD >= 2195)
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwSetDefaultUILanguage (
|
|
IN LANGID LanguageId
|
|
);
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwSetEaFile (
|
|
IN HANDLE FileHandle,
|
|
OUT PIO_STATUS_BLOCK IoStatusBlock,
|
|
OUT PVOID Buffer,
|
|
IN ULONG Length
|
|
);
|
|
|
|
#endif /* (VER_PRODUCTBUILD >= 2195) */
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwSetEvent (
|
|
IN HANDLE EventHandle,
|
|
OUT PLONG PreviousState OPTIONAL
|
|
);
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwSetInformationProcess (
|
|
IN HANDLE ProcessHandle,
|
|
IN PROCESSINFOCLASS ProcessInformationClass,
|
|
IN PVOID ProcessInformation,
|
|
IN ULONG ProcessInformationLength
|
|
);
|
|
|
|
#if (VER_PRODUCTBUILD >= 2195)
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwSetSecurityObject (
|
|
IN HANDLE Handle,
|
|
IN SECURITY_INFORMATION SecurityInformation,
|
|
IN PSECURITY_DESCRIPTOR SecurityDescriptor
|
|
);
|
|
|
|
#endif /* (VER_PRODUCTBUILD >= 2195) */
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwSetSystemTime (
|
|
IN PLARGE_INTEGER NewTime,
|
|
OUT PLARGE_INTEGER OldTime OPTIONAL
|
|
);
|
|
|
|
#if (VER_PRODUCTBUILD >= 2195)
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwSetVolumeInformationFile (
|
|
IN HANDLE FileHandle,
|
|
OUT PIO_STATUS_BLOCK IoStatusBlock,
|
|
IN PVOID FsInformation,
|
|
IN ULONG Length,
|
|
IN FS_INFORMATION_CLASS FsInformationClass
|
|
);
|
|
|
|
#endif /* (VER_PRODUCTBUILD >= 2195) */
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwTerminateProcess (
|
|
IN HANDLE ProcessHandle OPTIONAL,
|
|
IN NTSTATUS ExitStatus
|
|
);
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwUnloadDriver (
|
|
/* "\\Registry\\Machine\\System\\CurrentControlSet\\Services\\<DriverName>" */
|
|
IN PUNICODE_STRING RegistryPath
|
|
);
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwUnloadKey (
|
|
IN POBJECT_ATTRIBUTES KeyObjectAttributes
|
|
);
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwWaitForSingleObject (
|
|
IN HANDLE Handle,
|
|
IN BOOLEAN Alertable,
|
|
IN PLARGE_INTEGER Timeout OPTIONAL
|
|
);
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwWaitForMultipleObjects (
|
|
IN ULONG HandleCount,
|
|
IN PHANDLE Handles,
|
|
IN WAIT_TYPE WaitType,
|
|
IN BOOLEAN Alertable,
|
|
IN PLARGE_INTEGER Timeout OPTIONAL
|
|
);
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwYieldExecution (
|
|
VOID
|
|
);
|
|
|
|
#pragma pack(pop)
|
|
|
|
#ifdef __cplusplus
|
|
}
|
|
#endif
|
|
|
|
#endif /* _NTIFS_ */
|