Doxygen

ntifs.h
Go to the documentation of this file.
00001 /*
00002  * ntifs.h
00003  *
00004  * Windows NT Filesystem Driver Developer Kit
00005  *
00006  * This file is part of the ReactOS DDK package.
00007  *
00008  * Contributors:
00009  *   Amine Khaldi
00010  *   Timo Kreuzer (timo.kreuzer@reactos.org)
00011  *
00012  * THIS SOFTWARE IS NOT COPYRIGHTED
00013  *
00014  * This source code is offered for use in the public domain. You may
00015  * use, modify or distribute it freely.
00016  *
00017  * This code is distributed in the hope that it will be useful but
00018  * WITHOUT ANY WARRANTY. ALL WARRANTIES, EXPRESS OR IMPLIED ARE HEREBY
00019  * DISCLAIMED. This includes but is not limited to warranties of
00020  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
00021  *
00022  */
00023 
00024 #pragma once
00025 
00026 #define _NTIFS_INCLUDED_
00027 #define _GNU_NTIFS_
00028 
00029 #ifdef __cplusplus
00030 extern "C" {
00031 #endif
00032 
00033 
00034 /* Dependencies */
00035 #include <ntddk.h>
00036 #include <excpt.h>
00037 #include <ntdef.h>
00038 #include <ntnls.h>
00039 #include <ntstatus.h>
00040 #include <bugcodes.h>
00041 #include <ntiologc.h>
00042 
00043 
00044 #ifndef FlagOn
00045 #define FlagOn(_F,_SF)        ((_F) & (_SF))
00046 #endif
00047 
00048 #ifndef BooleanFlagOn
00049 #define BooleanFlagOn(F,SF)   ((BOOLEAN)(((F) & (SF)) != 0))
00050 #endif
00051 
00052 #ifndef SetFlag
00053 #define SetFlag(_F,_SF)       ((_F) |= (_SF))
00054 #endif
00055 
00056 #ifndef ClearFlag
00057 #define ClearFlag(_F,_SF)     ((_F) &= ~(_SF))
00058 #endif
00059 
00060 typedef UNICODE_STRING LSA_UNICODE_STRING, *PLSA_UNICODE_STRING;
00061 typedef STRING LSA_STRING, *PLSA_STRING;
00062 typedef OBJECT_ATTRIBUTES LSA_OBJECT_ATTRIBUTES, *PLSA_OBJECT_ATTRIBUTES;
00063 
00064 /******************************************************************************
00065  *                            Security Manager Types                          *
00066  ******************************************************************************/
00067 
00068 #ifndef SID_IDENTIFIER_AUTHORITY_DEFINED
00069 #define SID_IDENTIFIER_AUTHORITY_DEFINED
00070 typedef struct _SID_IDENTIFIER_AUTHORITY {
00071   UCHAR Value[6];
00072 } SID_IDENTIFIER_AUTHORITY,*PSID_IDENTIFIER_AUTHORITY,*LPSID_IDENTIFIER_AUTHORITY;
00073 #endif
00074 
00075 #ifndef SID_DEFINED
00076 #define SID_DEFINED
00077 typedef struct _SID {
00078   UCHAR Revision;
00079   UCHAR SubAuthorityCount;
00080   SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
00081 #ifdef MIDL_PASS
00082   [size_is(SubAuthorityCount)] ULONG SubAuthority[*];
00083 #else
00084   ULONG SubAuthority[ANYSIZE_ARRAY];
00085 #endif
00086 } SID, *PISID;
00087 #endif
00088 
00089 #define SID_REVISION                    1
00090 #define SID_MAX_SUB_AUTHORITIES         15
00091 #define SID_RECOMMENDED_SUB_AUTHORITIES 1
00092 
00093 #ifndef MIDL_PASS
00094 #define SECURITY_MAX_SID_SIZE (sizeof(SID) - sizeof(ULONG) + (SID_MAX_SUB_AUTHORITIES * sizeof(ULONG)))
00095 #endif
00096 
00097 typedef enum _SID_NAME_USE {
00098   SidTypeUser = 1,
00099   SidTypeGroup,
00100   SidTypeDomain,
00101   SidTypeAlias,
00102   SidTypeWellKnownGroup,
00103   SidTypeDeletedAccount,
00104   SidTypeInvalid,
00105   SidTypeUnknown,
00106   SidTypeComputer,
00107   SidTypeLabel
00108 } SID_NAME_USE, *PSID_NAME_USE;
00109 
00110 typedef struct _SID_AND_ATTRIBUTES {
00111 #ifdef MIDL_PASS
00112   PISID Sid;
00113 #else
00114   PSID Sid;
00115 #endif
00116   ULONG Attributes;
00117 } SID_AND_ATTRIBUTES, *PSID_AND_ATTRIBUTES;
00118 typedef SID_AND_ATTRIBUTES SID_AND_ATTRIBUTES_ARRAY[ANYSIZE_ARRAY];
00119 typedef SID_AND_ATTRIBUTES_ARRAY *PSID_AND_ATTRIBUTES_ARRAY;
00120 
00121 #define SID_HASH_SIZE 32
00122 typedef ULONG_PTR SID_HASH_ENTRY, *PSID_HASH_ENTRY;
00123 
00124 typedef struct _SID_AND_ATTRIBUTES_HASH {
00125   ULONG SidCount;
00126   PSID_AND_ATTRIBUTES SidAttr;
00127   SID_HASH_ENTRY Hash[SID_HASH_SIZE];
00128 } SID_AND_ATTRIBUTES_HASH, *PSID_AND_ATTRIBUTES_HASH;
00129 
00130 /* Universal well-known SIDs */
00131 
00132 #define SECURITY_NULL_SID_AUTHORITY         {0,0,0,0,0,0}
00133 
00134 /* S-1-1 */
00135 #define SECURITY_WORLD_SID_AUTHORITY        {0,0,0,0,0,1}
00136 
00137 /* S-1-2 */
00138 #define SECURITY_LOCAL_SID_AUTHORITY        {0,0,0,0,0,2}
00139 
00140 /* S-1-3 */
00141 #define SECURITY_CREATOR_SID_AUTHORITY      {0,0,0,0,0,3}
00142 
00143 /* S-1-4 */
00144 #define SECURITY_NON_UNIQUE_AUTHORITY       {0,0,0,0,0,4}
00145 
00146 #define SECURITY_RESOURCE_MANAGER_AUTHORITY {0,0,0,0,0,9}
00147 
00148 #define SECURITY_NULL_RID                   (0x00000000L)
00149 #define SECURITY_WORLD_RID                  (0x00000000L)
00150 #define SECURITY_LOCAL_RID                  (0x00000000L)
00151 #define SECURITY_LOCAL_LOGON_RID            (0x00000001L)
00152 
00153 #define SECURITY_CREATOR_OWNER_RID          (0x00000000L)
00154 #define SECURITY_CREATOR_GROUP_RID          (0x00000001L)
00155 #define SECURITY_CREATOR_OWNER_SERVER_RID   (0x00000002L)
00156 #define SECURITY_CREATOR_GROUP_SERVER_RID   (0x00000003L)
00157 #define SECURITY_CREATOR_OWNER_RIGHTS_RID   (0x00000004L)
00158 
00159 /* NT well-known SIDs */
00160 
00161 /* S-1-5 */
00162 #define SECURITY_NT_AUTHORITY               {0,0,0,0,0,5}
00163 
00164 #define SECURITY_DIALUP_RID                          (0x00000001L)
00165 #define SECURITY_NETWORK_RID                         (0x00000002L)
00166 #define SECURITY_BATCH_RID                           (0x00000003L)
00167 #define SECURITY_INTERACTIVE_RID                     (0x00000004L)
00168 #define SECURITY_LOGON_IDS_RID                       (0x00000005L)
00169 #define SECURITY_LOGON_IDS_RID_COUNT                 (3L)
00170 #define SECURITY_SERVICE_RID                         (0x00000006L)
00171 #define SECURITY_ANONYMOUS_LOGON_RID                 (0x00000007L)
00172 #define SECURITY_PROXY_RID                           (0x00000008L)
00173 #define SECURITY_ENTERPRISE_CONTROLLERS_RID          (0x00000009L)
00174 #define SECURITY_SERVER_LOGON_RID                    SECURITY_ENTERPRISE_CONTROLLERS_RID
00175 #define SECURITY_PRINCIPAL_SELF_RID                  (0x0000000AL)
00176 #define SECURITY_AUTHENTICATED_USER_RID              (0x0000000BL)
00177 #define SECURITY_RESTRICTED_CODE_RID                 (0x0000000CL)
00178 #define SECURITY_TERMINAL_SERVER_RID                 (0x0000000DL)
00179 #define SECURITY_REMOTE_LOGON_RID                    (0x0000000EL)
00180 #define SECURITY_THIS_ORGANIZATION_RID               (0x0000000FL)
00181 #define SECURITY_IUSER_RID                           (0x00000011L)
00182 #define SECURITY_LOCAL_SYSTEM_RID                    (0x00000012L)
00183 #define SECURITY_LOCAL_SERVICE_RID                   (0x00000013L)
00184 #define SECURITY_NETWORK_SERVICE_RID                 (0x00000014L)
00185 #define SECURITY_NT_NON_UNIQUE                       (0x00000015L)
00186 #define SECURITY_NT_NON_UNIQUE_SUB_AUTH_COUNT        (3L)
00187 #define SECURITY_ENTERPRISE_READONLY_CONTROLLERS_RID (0x00000016L)
00188 
00189 #define SECURITY_BUILTIN_DOMAIN_RID        (0x00000020L)
00190 #define SECURITY_WRITE_RESTRICTED_CODE_RID (0x00000021L)
00191 
00192 
00193 #define SECURITY_PACKAGE_BASE_RID     (0x00000040L)
00194 #define SECURITY_PACKAGE_RID_COUNT    (2L)
00195 #define SECURITY_PACKAGE_NTLM_RID     (0x0000000AL)
00196 #define SECURITY_PACKAGE_SCHANNEL_RID (0x0000000EL)
00197 #define SECURITY_PACKAGE_DIGEST_RID   (0x00000015L)
00198 
00199 #define SECURITY_CRED_TYPE_BASE_RID          (0x00000041L)
00200 #define SECURITY_CRED_TYPE_RID_COUNT         (2L)
00201 #define SECURITY_CRED_TYPE_THIS_ORG_CERT_RID (0x00000001L)
00202 
00203 #define SECURITY_MIN_BASE_RID                               (0x00000050L)
00204 #define SECURITY_SERVICE_ID_BASE_RID                        (0x00000050L)
00205 #define SECURITY_SERVICE_ID_RID_COUNT                       (6L)
00206 #define SECURITY_RESERVED_ID_BASE_RID                       (0x00000051L)
00207 #define SECURITY_APPPOOL_ID_BASE_RID                        (0x00000052L)
00208 #define SECURITY_APPPOOL_ID_RID_COUNT                       (6L)
00209 #define SECURITY_VIRTUALSERVER_ID_BASE_RID                  (0x00000053L)
00210 #define SECURITY_VIRTUALSERVER_ID_RID_COUNT                 (6L)
00211 #define SECURITY_USERMODEDRIVERHOST_ID_BASE_RID             (0x00000054L)
00212 #define SECURITY_USERMODEDRIVERHOST_ID_RID_COUNT            (6L)
00213 #define SECURITY_CLOUD_INFRASTRUCTURE_SERVICES_ID_BASE_RID  (0x00000055L)
00214 #define SECURITY_CLOUD_INFRASTRUCTURE_SERVICES_ID_RID_COUNT (6L)
00215 #define SECURITY_WMIHOST_ID_BASE_RID                        (0x00000056L)
00216 #define SECURITY_WMIHOST_ID_RID_COUNT                       (6L)
00217 #define SECURITY_TASK_ID_BASE_RID                           (0x00000057L)
00218 #define SECURITY_NFS_ID_BASE_RID                            (0x00000058L)
00219 #define SECURITY_COM_ID_BASE_RID                            (0x00000059L)
00220 #define SECURITY_VIRTUALACCOUNT_ID_RID_COUNT                (6L)
00221 
00222 #define SECURITY_MAX_BASE_RID (0x0000006FL)
00223 
00224 #define SECURITY_MAX_ALWAYS_FILTERED (0x000003E7L)
00225 #define SECURITY_MIN_NEVER_FILTERED  (0x000003E8L)
00226 
00227 #define SECURITY_OTHER_ORGANIZATION_RID (0x000003E8L)
00228 
00229 #define SECURITY_WINDOWSMOBILE_ID_BASE_RID (0x00000070L)
00230 
00231 /* Well-known domain relative sub-authority values (RIDs) */
00232 
00233 #define DOMAIN_GROUP_RID_ENTERPRISE_READONLY_DOMAIN_CONTROLLERS (0x000001F2L)
00234 
00235 #define FOREST_USER_RID_MAX (0x000001F3L)
00236 
00237 /* Well-known users */
00238 
00239 #define DOMAIN_USER_RID_ADMIN  (0x000001F4L)
00240 #define DOMAIN_USER_RID_GUEST  (0x000001F5L)
00241 #define DOMAIN_USER_RID_KRBTGT (0x000001F6L)
00242 
00243 #define DOMAIN_USER_RID_MAX (0x000003E7L)
00244 
00245 /* Well-known groups */
00246 
00247 #define DOMAIN_GROUP_RID_ADMINS               (0x00000200L)
00248 #define DOMAIN_GROUP_RID_USERS                (0x00000201L)
00249 #define DOMAIN_GROUP_RID_GUESTS               (0x00000202L)
00250 #define DOMAIN_GROUP_RID_COMPUTERS            (0x00000203L)
00251 #define DOMAIN_GROUP_RID_CONTROLLERS          (0x00000204L)
00252 #define DOMAIN_GROUP_RID_CERT_ADMINS          (0x00000205L)
00253 #define DOMAIN_GROUP_RID_SCHEMA_ADMINS        (0x00000206L)
00254 #define DOMAIN_GROUP_RID_ENTERPRISE_ADMINS    (0x00000207L)
00255 #define DOMAIN_GROUP_RID_POLICY_ADMINS        (0x00000208L)
00256 #define DOMAIN_GROUP_RID_READONLY_CONTROLLERS (0x00000209L)
00257 
00258 /* Well-known aliases */
00259 
00260 #define DOMAIN_ALIAS_RID_ADMINS      (0x00000220L)
00261 #define DOMAIN_ALIAS_RID_USERS       (0x00000221L)
00262 #define DOMAIN_ALIAS_RID_GUESTS      (0x00000222L)
00263 #define DOMAIN_ALIAS_RID_POWER_USERS (0x00000223L)
00264 
00265 #define DOMAIN_ALIAS_RID_ACCOUNT_OPS (0x00000224L)
00266 #define DOMAIN_ALIAS_RID_SYSTEM_OPS  (0x00000225L)
00267 #define DOMAIN_ALIAS_RID_PRINT_OPS   (0x00000226L)
00268 #define DOMAIN_ALIAS_RID_BACKUP_OPS  (0x00000227L)
00269 
00270 #define DOMAIN_ALIAS_RID_REPLICATOR                     (0x00000228L)
00271 #define DOMAIN_ALIAS_RID_RAS_SERVERS                    (0x00000229L)
00272 #define DOMAIN_ALIAS_RID_PREW2KCOMPACCESS               (0x0000022AL)
00273 #define DOMAIN_ALIAS_RID_REMOTE_DESKTOP_USERS           (0x0000022BL)
00274 #define DOMAIN_ALIAS_RID_NETWORK_CONFIGURATION_OPS      (0x0000022CL)
00275 #define DOMAIN_ALIAS_RID_INCOMING_FOREST_TRUST_BUILDERS (0x0000022DL)
00276 
00277 #define DOMAIN_ALIAS_RID_MONITORING_USERS    (0x0000022EL)
00278 #define DOMAIN_ALIAS_RID_LOGGING_USERS       (0x0000022FL)
00279 #define DOMAIN_ALIAS_RID_AUTHORIZATIONACCESS (0x00000230L)
00280 #define DOMAIN_ALIAS_RID_TS_LICENSE_SERVERS  (0x00000231L)
00281 #define DOMAIN_ALIAS_RID_DCOM_USERS          (0x00000232L)
00282 
00283 #define DOMAIN_ALIAS_RID_IUSERS                         (0x00000238L)
00284 #define DOMAIN_ALIAS_RID_CRYPTO_OPERATORS               (0x00000239L)
00285 #define DOMAIN_ALIAS_RID_CACHEABLE_PRINCIPALS_GROUP     (0x0000023BL)
00286 #define DOMAIN_ALIAS_RID_NON_CACHEABLE_PRINCIPALS_GROUP (0x0000023CL)
00287 #define DOMAIN_ALIAS_RID_EVENT_LOG_READERS_GROUP        (0x0000023DL)
00288 #define DOMAIN_ALIAS_RID_CERTSVC_DCOM_ACCESS_GROUP      (0x0000023EL)
00289 
00290 #define SECURITY_MANDATORY_LABEL_AUTHORITY       {0,0,0,0,0,16}
00291 #define SECURITY_MANDATORY_UNTRUSTED_RID         (0x00000000L)
00292 #define SECURITY_MANDATORY_LOW_RID               (0x00001000L)
00293 #define SECURITY_MANDATORY_MEDIUM_RID            (0x00002000L)
00294 #define SECURITY_MANDATORY_HIGH_RID              (0x00003000L)
00295 #define SECURITY_MANDATORY_SYSTEM_RID            (0x00004000L)
00296 #define SECURITY_MANDATORY_PROTECTED_PROCESS_RID (0x00005000L)
00297 
00298 /* SECURITY_MANDATORY_MAXIMUM_USER_RID is the highest RID that
00299    can be set by a usermode caller.*/
00300 
00301 #define SECURITY_MANDATORY_MAXIMUM_USER_RID SECURITY_MANDATORY_SYSTEM_RID
00302 
00303 #define MANDATORY_LEVEL_TO_MANDATORY_RID(IL) (IL * 0x1000)
00304 
00305 /* Allocate the System Luid.  The first 1000 LUIDs are reserved.
00306    Use #999 here (0x3e7 = 999) */
00307 
00308 #define SYSTEM_LUID          {0x3e7, 0x0}
00309 #define ANONYMOUS_LOGON_LUID {0x3e6, 0x0}
00310 #define LOCALSERVICE_LUID    {0x3e5, 0x0}
00311 #define NETWORKSERVICE_LUID  {0x3e4, 0x0}
00312 #define IUSER_LUID           {0x3e3, 0x0}
00313 
00314 typedef struct _ACE_HEADER {
00315   UCHAR AceType;
00316   UCHAR AceFlags;
00317   USHORT AceSize;
00318 } ACE_HEADER, *PACE_HEADER;
00319 
00320 #define ACCESS_MIN_MS_ACE_TYPE                  (0x0)
00321 #define ACCESS_ALLOWED_ACE_TYPE                 (0x0)
00322 #define ACCESS_DENIED_ACE_TYPE                  (0x1)
00323 #define SYSTEM_AUDIT_ACE_TYPE                   (0x2)
00324 #define SYSTEM_ALARM_ACE_TYPE                   (0x3)
00325 #define ACCESS_MAX_MS_V2_ACE_TYPE               (0x3)
00326 #define ACCESS_ALLOWED_COMPOUND_ACE_TYPE        (0x4)
00327 #define ACCESS_MAX_MS_V3_ACE_TYPE               (0x4)
00328 #define ACCESS_MIN_MS_OBJECT_ACE_TYPE           (0x5)
00329 #define ACCESS_ALLOWED_OBJECT_ACE_TYPE          (0x5)
00330 #define ACCESS_DENIED_OBJECT_ACE_TYPE           (0x6)
00331 #define SYSTEM_AUDIT_OBJECT_ACE_TYPE            (0x7)
00332 #define SYSTEM_ALARM_OBJECT_ACE_TYPE            (0x8)
00333 #define ACCESS_MAX_MS_OBJECT_ACE_TYPE           (0x8)
00334 #define ACCESS_MAX_MS_V4_ACE_TYPE               (0x8)
00335 #define ACCESS_MAX_MS_ACE_TYPE                  (0x8)
00336 #define ACCESS_ALLOWED_CALLBACK_ACE_TYPE        (0x9)
00337 #define ACCESS_DENIED_CALLBACK_ACE_TYPE         (0xA)
00338 #define ACCESS_ALLOWED_CALLBACK_OBJECT_ACE_TYPE (0xB)
00339 #define ACCESS_DENIED_CALLBACK_OBJECT_ACE_TYPE  (0xC)
00340 #define SYSTEM_AUDIT_CALLBACK_ACE_TYPE          (0xD)
00341 #define SYSTEM_ALARM_CALLBACK_ACE_TYPE          (0xE)
00342 #define SYSTEM_AUDIT_CALLBACK_OBJECT_ACE_TYPE   (0xF)
00343 #define SYSTEM_ALARM_CALLBACK_OBJECT_ACE_TYPE   (0x10)
00344 #define ACCESS_MAX_MS_V5_ACE_TYPE               (0x11)
00345 #define SYSTEM_MANDATORY_LABEL_ACE_TYPE         (0x11)
00346 
00347 /* The following are the inherit flags that go into the AceFlags field
00348    of an Ace header. */
00349 
00350 #define OBJECT_INHERIT_ACE       (0x1)
00351 #define CONTAINER_INHERIT_ACE    (0x2)
00352 #define NO_PROPAGATE_INHERIT_ACE (0x4)
00353 #define INHERIT_ONLY_ACE         (0x8)
00354 #define INHERITED_ACE            (0x10)
00355 #define VALID_INHERIT_FLAGS      (0x1F)
00356 
00357 #define SUCCESSFUL_ACCESS_ACE_FLAG (0x40)
00358 #define FAILED_ACCESS_ACE_FLAG     (0x80)
00359 
00360 typedef struct _ACCESS_ALLOWED_ACE {
00361   ACE_HEADER Header;
00362   ACCESS_MASK Mask;
00363   ULONG SidStart;
00364 } ACCESS_ALLOWED_ACE, *PACCESS_ALLOWED_ACE;
00365 
00366 typedef struct _ACCESS_DENIED_ACE {
00367   ACE_HEADER Header;
00368   ACCESS_MASK Mask;
00369   ULONG SidStart;
00370 } ACCESS_DENIED_ACE, *PACCESS_DENIED_ACE;
00371 
00372 typedef struct _SYSTEM_AUDIT_ACE {
00373   ACE_HEADER Header;
00374   ACCESS_MASK Mask;
00375   ULONG SidStart;
00376 } SYSTEM_AUDIT_ACE, *PSYSTEM_AUDIT_ACE;
00377 
00378 typedef struct _SYSTEM_ALARM_ACE {
00379   ACE_HEADER Header;
00380   ACCESS_MASK Mask;
00381   ULONG SidStart;
00382 } SYSTEM_ALARM_ACE, *PSYSTEM_ALARM_ACE;
00383 
00384 typedef struct _SYSTEM_MANDATORY_LABEL_ACE {
00385   ACE_HEADER Header;
00386   ACCESS_MASK Mask;
00387   ULONG SidStart;
00388 } SYSTEM_MANDATORY_LABEL_ACE, *PSYSTEM_MANDATORY_LABEL_ACE;
00389 
00390 #define SYSTEM_MANDATORY_LABEL_NO_WRITE_UP   0x1
00391 #define SYSTEM_MANDATORY_LABEL_NO_READ_UP    0x2
00392 #define SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP 0x4
00393 #define SYSTEM_MANDATORY_LABEL_VALID_MASK    (SYSTEM_MANDATORY_LABEL_NO_WRITE_UP | \
00394                                               SYSTEM_MANDATORY_LABEL_NO_READ_UP  | \
00395                                               SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP)
00396 
00397 #define SECURITY_DESCRIPTOR_MIN_LENGTH (sizeof(SECURITY_DESCRIPTOR))
00398 
00399 typedef USHORT SECURITY_DESCRIPTOR_CONTROL, *PSECURITY_DESCRIPTOR_CONTROL;
00400 
00401 #define SE_OWNER_DEFAULTED       0x0001
00402 #define SE_GROUP_DEFAULTED       0x0002
00403 #define SE_DACL_PRESENT          0x0004
00404 #define SE_DACL_DEFAULTED        0x0008
00405 #define SE_SACL_PRESENT          0x0010
00406 #define SE_SACL_DEFAULTED        0x0020
00407 #define SE_DACL_UNTRUSTED        0x0040
00408 #define SE_SERVER_SECURITY       0x0080
00409 #define SE_DACL_AUTO_INHERIT_REQ 0x0100
00410 #define SE_SACL_AUTO_INHERIT_REQ 0x0200
00411 #define SE_DACL_AUTO_INHERITED   0x0400
00412 #define SE_SACL_AUTO_INHERITED   0x0800
00413 #define SE_DACL_PROTECTED        0x1000
00414 #define SE_SACL_PROTECTED        0x2000
00415 #define SE_RM_CONTROL_VALID      0x4000
00416 #define SE_SELF_RELATIVE         0x8000
00417 
00418 typedef struct _SECURITY_DESCRIPTOR_RELATIVE {
00419   UCHAR Revision;
00420   UCHAR Sbz1;
00421   SECURITY_DESCRIPTOR_CONTROL Control;
00422   ULONG Owner;
00423   ULONG Group;
00424   ULONG Sacl;
00425   ULONG Dacl;
00426 } SECURITY_DESCRIPTOR_RELATIVE, *PISECURITY_DESCRIPTOR_RELATIVE;
00427 
00428 typedef struct _SECURITY_DESCRIPTOR {
00429   UCHAR Revision;
00430   UCHAR Sbz1;
00431   SECURITY_DESCRIPTOR_CONTROL Control;
00432   PSID Owner;
00433   PSID Group;
00434   PACL Sacl;
00435   PACL Dacl;
00436 } SECURITY_DESCRIPTOR, *PISECURITY_DESCRIPTOR;
00437 
00438 typedef struct _OBJECT_TYPE_LIST {
00439   USHORT Level;
00440   USHORT Sbz;
00441   GUID *ObjectType;
00442 } OBJECT_TYPE_LIST, *POBJECT_TYPE_LIST;
00443 
00444 #define ACCESS_OBJECT_GUID       0
00445 #define ACCESS_PROPERTY_SET_GUID 1
00446 #define ACCESS_PROPERTY_GUID     2
00447 #define ACCESS_MAX_LEVEL         4
00448 
00449 typedef enum _AUDIT_EVENT_TYPE {
00450   AuditEventObjectAccess,
00451   AuditEventDirectoryServiceAccess
00452 } AUDIT_EVENT_TYPE, *PAUDIT_EVENT_TYPE;
00453 
00454 #define AUDIT_ALLOW_NO_PRIVILEGE 0x1
00455 
00456 #define ACCESS_DS_SOURCE_A "DS"
00457 #define ACCESS_DS_SOURCE_W L"DS"
00458 #define ACCESS_DS_OBJECT_TYPE_NAME_A "Directory Service Object"
00459 #define ACCESS_DS_OBJECT_TYPE_NAME_W L"Directory Service Object"
00460 
00461 #define ACCESS_REASON_TYPE_MASK 0xffff0000
00462 #define ACCESS_REASON_DATA_MASK 0x0000ffff
00463 
00464 typedef enum _ACCESS_REASON_TYPE {
00465   AccessReasonNone = 0x00000000,
00466   AccessReasonAllowedAce = 0x00010000,
00467   AccessReasonDeniedAce = 0x00020000,
00468   AccessReasonAllowedParentAce = 0x00030000,
00469   AccessReasonDeniedParentAce = 0x00040000,
00470   AccessReasonMissingPrivilege = 0x00100000,
00471   AccessReasonFromPrivilege = 0x00200000,
00472   AccessReasonIntegrityLevel = 0x00300000,
00473   AccessReasonOwnership = 0x00400000,
00474   AccessReasonNullDacl = 0x00500000,
00475   AccessReasonEmptyDacl = 0x00600000,
00476   AccessReasonNoSD = 0x00700000,
00477   AccessReasonNoGrant = 0x00800000
00478 } ACCESS_REASON_TYPE;
00479 
00480 typedef ULONG ACCESS_REASON;
00481 
00482 typedef struct _ACCESS_REASONS {
00483   ACCESS_REASON Data[32];
00484 } ACCESS_REASONS, *PACCESS_REASONS;
00485 
00486 #define SE_SECURITY_DESCRIPTOR_FLAG_NO_OWNER_ACE 0x00000001
00487 #define SE_SECURITY_DESCRIPTOR_FLAG_NO_LABEL_ACE 0x00000002
00488 #define SE_SECURITY_DESCRIPTOR_VALID_FLAGS       0x00000003
00489 
00490 typedef struct _SE_SECURITY_DESCRIPTOR {
00491   ULONG Size;
00492   ULONG Flags;
00493   PSECURITY_DESCRIPTOR SecurityDescriptor;
00494 } SE_SECURITY_DESCRIPTOR, *PSE_SECURITY_DESCRIPTOR;
00495 
00496 typedef struct _SE_ACCESS_REQUEST {
00497   ULONG Size;
00498   PSE_SECURITY_DESCRIPTOR SeSecurityDescriptor;
00499   ACCESS_MASK DesiredAccess;
00500   ACCESS_MASK PreviouslyGrantedAccess;
00501   PSID PrincipalSelfSid;
00502   PGENERIC_MAPPING GenericMapping;
00503   ULONG ObjectTypeListCount;
00504   POBJECT_TYPE_LIST ObjectTypeList;
00505 } SE_ACCESS_REQUEST, *PSE_ACCESS_REQUEST;
00506 
00507 #define TOKEN_ASSIGN_PRIMARY    (0x0001)
00508 #define TOKEN_DUPLICATE         (0x0002)
00509 #define TOKEN_IMPERSONATE       (0x0004)
00510 #define TOKEN_QUERY             (0x0008)
00511 #define TOKEN_QUERY_SOURCE      (0x0010)
00512 #define TOKEN_ADJUST_PRIVILEGES (0x0020)
00513 #define TOKEN_ADJUST_GROUPS     (0x0040)
00514 #define TOKEN_ADJUST_DEFAULT    (0x0080)
00515 #define TOKEN_ADJUST_SESSIONID  (0x0100)
00516 
00517 #define TOKEN_ALL_ACCESS_P (STANDARD_RIGHTS_REQUIRED |\
00518                             TOKEN_ASSIGN_PRIMARY     |\
00519                             TOKEN_DUPLICATE          |\
00520                             TOKEN_IMPERSONATE        |\
00521                             TOKEN_QUERY              |\
00522                             TOKEN_QUERY_SOURCE       |\
00523                             TOKEN_ADJUST_PRIVILEGES  |\
00524                             TOKEN_ADJUST_GROUPS      |\
00525                             TOKEN_ADJUST_DEFAULT)
00526 
00527 #if ((defined(_WIN32_WINNT) && (_WIN32_WINNT > 0x0400)) || (!defined(_WIN32_WINNT)))
00528 #define TOKEN_ALL_ACCESS (TOKEN_ALL_ACCESS_P | TOKEN_ADJUST_SESSIONID)
00529 #else
00530 #define TOKEN_ALL_ACCESS (TOKEN_ALL_ACCESS_P)
00531 #endif
00532 
00533 #define TOKEN_READ (STANDARD_RIGHTS_READ | TOKEN_QUERY)
00534 
00535 #define TOKEN_WRITE (STANDARD_RIGHTS_WRITE   |\
00536                      TOKEN_ADJUST_PRIVILEGES |\
00537                      TOKEN_ADJUST_GROUPS     |\
00538                      TOKEN_ADJUST_DEFAULT)
00539 
00540 #define TOKEN_EXECUTE (STANDARD_RIGHTS_EXECUTE)
00541 
00542 typedef enum _TOKEN_TYPE {
00543   TokenPrimary = 1,
00544   TokenImpersonation
00545 } TOKEN_TYPE, *PTOKEN_TYPE;
00546 
00547 typedef enum _TOKEN_INFORMATION_CLASS {
00548   TokenUser = 1,
00549   TokenGroups,
00550   TokenPrivileges,
00551   TokenOwner,
00552   TokenPrimaryGroup,
00553   TokenDefaultDacl,
00554   TokenSource,
00555   TokenType,
00556   TokenImpersonationLevel,
00557   TokenStatistics,
00558   TokenRestrictedSids,
00559   TokenSessionId,
00560   TokenGroupsAndPrivileges,
00561   TokenSessionReference,
00562   TokenSandBoxInert,
00563   TokenAuditPolicy,
00564   TokenOrigin,
00565   TokenElevationType,
00566   TokenLinkedToken,
00567   TokenElevation,
00568   TokenHasRestrictions,
00569   TokenAccessInformation,
00570   TokenVirtualizationAllowed,
00571   TokenVirtualizationEnabled,
00572   TokenIntegrityLevel,
00573   TokenUIAccess,
00574   TokenMandatoryPolicy,
00575   TokenLogonSid,
00576   MaxTokenInfoClass
00577 } TOKEN_INFORMATION_CLASS, *PTOKEN_INFORMATION_CLASS;
00578 
00579 typedef struct _TOKEN_USER {
00580   SID_AND_ATTRIBUTES User;
00581 } TOKEN_USER, *PTOKEN_USER;
00582 
00583 typedef struct _TOKEN_GROUPS {
00584   ULONG GroupCount;
00585 #ifdef MIDL_PASS
00586   [size_is(GroupCount)] SID_AND_ATTRIBUTES Groups[*];
00587 #else
00588   SID_AND_ATTRIBUTES Groups[ANYSIZE_ARRAY];
00589 #endif
00590 } TOKEN_GROUPS, *PTOKEN_GROUPS, *LPTOKEN_GROUPS;
00591 
00592 typedef struct _TOKEN_PRIVILEGES {
00593   ULONG PrivilegeCount;
00594   LUID_AND_ATTRIBUTES Privileges[ANYSIZE_ARRAY];
00595 } TOKEN_PRIVILEGES, *PTOKEN_PRIVILEGES, *LPTOKEN_PRIVILEGES;
00596 
00597 typedef struct _TOKEN_OWNER {
00598   PSID Owner;
00599 } TOKEN_OWNER, *PTOKEN_OWNER;
00600 
00601 typedef struct _TOKEN_PRIMARY_GROUP {
00602   PSID PrimaryGroup;
00603 } TOKEN_PRIMARY_GROUP, *PTOKEN_PRIMARY_GROUP;
00604 
00605 typedef struct _TOKEN_DEFAULT_DACL {
00606   PACL DefaultDacl;
00607 } TOKEN_DEFAULT_DACL, *PTOKEN_DEFAULT_DACL;
00608 
00609 typedef struct _TOKEN_GROUPS_AND_PRIVILEGES {
00610   ULONG SidCount;
00611   ULONG SidLength;
00612   PSID_AND_ATTRIBUTES Sids;
00613   ULONG RestrictedSidCount;
00614   ULONG RestrictedSidLength;
00615   PSID_AND_ATTRIBUTES RestrictedSids;
00616   ULONG PrivilegeCount;
00617   ULONG PrivilegeLength;
00618   PLUID_AND_ATTRIBUTES Privileges;
00619   LUID AuthenticationId;
00620 } TOKEN_GROUPS_AND_PRIVILEGES, *PTOKEN_GROUPS_AND_PRIVILEGES;
00621 
00622 typedef struct _TOKEN_LINKED_TOKEN {
00623   HANDLE LinkedToken;
00624 } TOKEN_LINKED_TOKEN, *PTOKEN_LINKED_TOKEN;
00625 
00626 typedef struct _TOKEN_ELEVATION {
00627   ULONG TokenIsElevated;
00628 } TOKEN_ELEVATION, *PTOKEN_ELEVATION;
00629 
00630 typedef struct _TOKEN_MANDATORY_LABEL {
00631   SID_AND_ATTRIBUTES Label;
00632 } TOKEN_MANDATORY_LABEL, *PTOKEN_MANDATORY_LABEL;
00633 
00634 #define TOKEN_MANDATORY_POLICY_OFF             0x0
00635 #define TOKEN_MANDATORY_POLICY_NO_WRITE_UP     0x1
00636 #define TOKEN_MANDATORY_POLICY_NEW_PROCESS_MIN 0x2
00637 
00638 #define TOKEN_MANDATORY_POLICY_VALID_MASK (TOKEN_MANDATORY_POLICY_NO_WRITE_UP | \
00639                                            TOKEN_MANDATORY_POLICY_NEW_PROCESS_MIN)
00640 
00641 #define POLICY_AUDIT_SUBCATEGORY_COUNT (56)
00642 
00643 typedef struct _TOKEN_AUDIT_POLICY {
00644   UCHAR PerUserPolicy[((POLICY_AUDIT_SUBCATEGORY_COUNT) >> 1) + 1];
00645 } TOKEN_AUDIT_POLICY, *PTOKEN_AUDIT_POLICY;
00646 
00647 #define TOKEN_SOURCE_LENGTH 8
00648 
00649 typedef struct _TOKEN_SOURCE {
00650   CHAR SourceName[TOKEN_SOURCE_LENGTH];
00651   LUID SourceIdentifier;
00652 } TOKEN_SOURCE, *PTOKEN_SOURCE;
00653 
00654 #include <pshpack4.h>
00655 typedef struct _TOKEN_STATISTICS {
00656   LUID TokenId;
00657   LUID AuthenticationId;
00658   LARGE_INTEGER ExpirationTime;
00659   TOKEN_TYPE TokenType;
00660   SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
00661   ULONG DynamicCharged;
00662   ULONG DynamicAvailable;
00663   ULONG GroupCount;
00664   ULONG PrivilegeCount;
00665   LUID ModifiedId;
00666 } TOKEN_STATISTICS, *PTOKEN_STATISTICS;
00667 #include <poppack.h>
00668 
00669 typedef struct _TOKEN_CONTROL {
00670   LUID TokenId;
00671   LUID AuthenticationId;
00672   LUID ModifiedId;
00673   TOKEN_SOURCE TokenSource;
00674 } TOKEN_CONTROL, *PTOKEN_CONTROL;
00675 
00676 typedef struct _TOKEN_ORIGIN {
00677   LUID OriginatingLogonSession;
00678 } TOKEN_ORIGIN, *PTOKEN_ORIGIN;
00679 
00680 typedef enum _MANDATORY_LEVEL {
00681   MandatoryLevelUntrusted = 0,
00682   MandatoryLevelLow,
00683   MandatoryLevelMedium,
00684   MandatoryLevelHigh,
00685   MandatoryLevelSystem,
00686   MandatoryLevelSecureProcess,
00687   MandatoryLevelCount
00688 } MANDATORY_LEVEL, *PMANDATORY_LEVEL;
00689 
00690 
00691 typedef struct _SE_ACCESS_REPLY {
00692   ULONG Size;
00693   ULONG ResultListCount;
00694   PACCESS_MASK GrantedAccess;
00695   PNTSTATUS AccessStatus;
00696   PACCESS_REASONS AccessReason;
00697   PPRIVILEGE_SET* Privileges;
00698 } SE_ACCESS_REPLY, *PSE_ACCESS_REPLY;
00699 
00700 typedef enum _SE_AUDIT_OPERATION {
00701   AuditPrivilegeObject,
00702   AuditPrivilegeService,
00703   AuditAccessCheck,
00704   AuditOpenObject,
00705   AuditOpenObjectWithTransaction,
00706   AuditCloseObject,
00707   AuditDeleteObject,
00708   AuditOpenObjectForDelete,
00709   AuditOpenObjectForDeleteWithTransaction,
00710   AuditCloseNonObject,
00711   AuditOpenNonObject,
00712   AuditObjectReference,
00713   AuditHandleCreation,
00714 } SE_AUDIT_OPERATION, *PSE_AUDIT_OPERATION;
00715 
00716 typedef struct _SE_AUDIT_INFO {
00717   ULONG Size;
00718   AUDIT_EVENT_TYPE AuditType;
00719   SE_AUDIT_OPERATION AuditOperation;
00720   ULONG AuditFlags;
00721   UNICODE_STRING SubsystemName;
00722   UNICODE_STRING ObjectTypeName;
00723   UNICODE_STRING ObjectName;
00724   PVOID HandleId;
00725   GUID* TransactionId;
00726   LUID* OperationId;
00727   BOOLEAN ObjectCreation;
00728   BOOLEAN GenerateOnClose;
00729 } SE_AUDIT_INFO, *PSE_AUDIT_INFO;
00730 
00731 typedef struct _TOKEN_MANDATORY_POLICY {
00732   ULONG Policy;
00733 } TOKEN_MANDATORY_POLICY, *PTOKEN_MANDATORY_POLICY;
00734 
00735 typedef struct _TOKEN_ACCESS_INFORMATION {
00736   PSID_AND_ATTRIBUTES_HASH SidHash;
00737   PSID_AND_ATTRIBUTES_HASH RestrictedSidHash;
00738   PTOKEN_PRIVILEGES Privileges;
00739   LUID AuthenticationId;
00740   TOKEN_TYPE TokenType;
00741   SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
00742   TOKEN_MANDATORY_POLICY MandatoryPolicy;
00743   ULONG Flags;
00744 } TOKEN_ACCESS_INFORMATION, *PTOKEN_ACCESS_INFORMATION;
00745 
00746 #define TOKEN_HAS_TRAVERSE_PRIVILEGE    0x0001
00747 #define TOKEN_HAS_BACKUP_PRIVILEGE      0x0002
00748 #define TOKEN_HAS_RESTORE_PRIVILEGE     0x0004
00749 #define TOKEN_WRITE_RESTRICTED          0x0008
00750 #define TOKEN_IS_RESTRICTED             0x0010
00751 #define TOKEN_SESSION_NOT_REFERENCED    0x0020
00752 #define TOKEN_SANDBOX_INERT             0x0040
00753 #define TOKEN_HAS_IMPERSONATE_PRIVILEGE 0x0080
00754 #define SE_BACKUP_PRIVILEGES_CHECKED    0x0100
00755 #define TOKEN_VIRTUALIZE_ALLOWED        0x0200
00756 #define TOKEN_VIRTUALIZE_ENABLED        0x0400
00757 #define TOKEN_IS_FILTERED               0x0800
00758 #define TOKEN_UIACCESS                  0x1000
00759 #define TOKEN_NOT_LOW                   0x2000
00760 
00761 typedef struct _SE_EXPORTS {
00762   LUID SeCreateTokenPrivilege;
00763   LUID SeAssignPrimaryTokenPrivilege;
00764   LUID SeLockMemoryPrivilege;
00765   LUID SeIncreaseQuotaPrivilege;
00766   LUID SeUnsolicitedInputPrivilege;
00767   LUID SeTcbPrivilege;
00768   LUID SeSecurityPrivilege;
00769   LUID SeTakeOwnershipPrivilege;
00770   LUID SeLoadDriverPrivilege;
00771   LUID SeCreatePagefilePrivilege;
00772   LUID SeIncreaseBasePriorityPrivilege;
00773   LUID SeSystemProfilePrivilege;
00774   LUID SeSystemtimePrivilege;
00775   LUID SeProfileSingleProcessPrivilege;
00776   LUID SeCreatePermanentPrivilege;
00777   LUID SeBackupPrivilege;
00778   LUID SeRestorePrivilege;
00779   LUID SeShutdownPrivilege;
00780   LUID SeDebugPrivilege;
00781   LUID SeAuditPrivilege;
00782   LUID SeSystemEnvironmentPrivilege;
00783   LUID SeChangeNotifyPrivilege;
00784   LUID SeRemoteShutdownPrivilege;
00785   PSID SeNullSid;
00786   PSID SeWorldSid;
00787   PSID SeLocalSid;
00788   PSID SeCreatorOwnerSid;
00789   PSID SeCreatorGroupSid;
00790   PSID SeNtAuthoritySid;
00791   PSID SeDialupSid;
00792   PSID SeNetworkSid;
00793   PSID SeBatchSid;
00794   PSID SeInteractiveSid;
00795   PSID SeLocalSystemSid;
00796   PSID SeAliasAdminsSid;
00797   PSID SeAliasUsersSid;
00798   PSID SeAliasGuestsSid;
00799   PSID SeAliasPowerUsersSid;
00800   PSID SeAliasAccountOpsSid;
00801   PSID SeAliasSystemOpsSid;
00802   PSID SeAliasPrintOpsSid;
00803   PSID SeAliasBackupOpsSid;
00804   PSID SeAuthenticatedUsersSid;
00805   PSID SeRestrictedSid;
00806   PSID SeAnonymousLogonSid;
00807   LUID SeUndockPrivilege;
00808   LUID SeSyncAgentPrivilege;
00809   LUID SeEnableDelegationPrivilege;
00810   PSID SeLocalServiceSid;
00811   PSID SeNetworkServiceSid;
00812   LUID SeManageVolumePrivilege;
00813   LUID SeImpersonatePrivilege;
00814   LUID SeCreateGlobalPrivilege;
00815   LUID SeTrustedCredManAccessPrivilege;
00816   LUID SeRelabelPrivilege;
00817   LUID SeIncreaseWorkingSetPrivilege;
00818   LUID SeTimeZonePrivilege;
00819   LUID SeCreateSymbolicLinkPrivilege;
00820   PSID SeIUserSid;
00821   PSID SeUntrustedMandatorySid;
00822   PSID SeLowMandatorySid;
00823   PSID SeMediumMandatorySid;
00824   PSID SeHighMandatorySid;
00825   PSID SeSystemMandatorySid;
00826   PSID SeOwnerRightsSid;
00827 } SE_EXPORTS, *PSE_EXPORTS;
00828 
00829 typedef NTSTATUS
00830 (NTAPI *PSE_LOGON_SESSION_TERMINATED_ROUTINE)(
00831   IN PLUID LogonId);
00832 
00833 typedef struct _SECURITY_CLIENT_CONTEXT {
00834   SECURITY_QUALITY_OF_SERVICE SecurityQos;
00835   PACCESS_TOKEN ClientToken;
00836   BOOLEAN DirectlyAccessClientToken;
00837   BOOLEAN DirectAccessEffectiveOnly;
00838   BOOLEAN ServerIsRemote;
00839   TOKEN_CONTROL ClientTokenControl;
00840 } SECURITY_CLIENT_CONTEXT, *PSECURITY_CLIENT_CONTEXT;
00841 
00842 /******************************************************************************
00843  *                            Object Manager Types                            *
00844  ******************************************************************************/
00845 
00846 typedef enum _OBJECT_INFORMATION_CLASS {
00847   ObjectBasicInformation = 0,
00848   ObjectTypeInformation = 2,
00849   /* Not for public use */
00850   ObjectNameInformation = 1,
00851   ObjectTypesInformation = 3,
00852   ObjectHandleFlagInformation = 4,
00853   ObjectSessionInformation = 5,
00854   MaxObjectInfoClass
00855 } OBJECT_INFORMATION_CLASS;
00856 
00857 
00858 /******************************************************************************
00859  *                           Runtime Library Types                            *
00860  ******************************************************************************/
00861 
00862 
00863 #define RTL_SYSTEM_VOLUME_INFORMATION_FOLDER    L"System Volume Information"
00864 
00865 _Function_class_(RTL_ALLOCATE_STRING_ROUTINE)
00866 _IRQL_requires_max_(PASSIVE_LEVEL)
00867 __drv_allocatesMem(Mem)
00868 typedef PVOID
00869 (NTAPI *PRTL_ALLOCATE_STRING_ROUTINE)(
00870   _In_ SIZE_T NumberOfBytes);
00871 
00872 #if _WIN32_WINNT >= 0x0600
00873 _Function_class_(RTL_REALLOCATE_STRING_ROUTINE)
00874 _IRQL_requires_max_(PASSIVE_LEVEL)
00875 __drv_allocatesMem(Mem)
00876 typedef PVOID
00877 (NTAPI *PRTL_REALLOCATE_STRING_ROUTINE)(
00878   _In_ SIZE_T NumberOfBytes,
00879   IN PVOID Buffer);
00880 #endif
00881 
00882 typedef VOID
00883 (NTAPI *PRTL_FREE_STRING_ROUTINE)(
00884   _In_ __drv_freesMem(Mem) _Post_invalid_ PVOID Buffer);
00885 
00886 extern NTKERNELAPI const PRTL_ALLOCATE_STRING_ROUTINE RtlAllocateStringRoutine;
00887 extern NTKERNELAPI const PRTL_FREE_STRING_ROUTINE RtlFreeStringRoutine;
00888 
00889 #if _WIN32_WINNT >= 0x0600
00890 extern NTKERNELAPI const PRTL_REALLOCATE_STRING_ROUTINE RtlReallocateStringRoutine;
00891 #endif
00892 
00893 _Function_class_(RTL_HEAP_COMMIT_ROUTINE)
00894 _IRQL_requires_same_
00895 typedef NTSTATUS
00896 (NTAPI *PRTL_HEAP_COMMIT_ROUTINE) (
00897   _In_ PVOID Base,
00898   _Inout_ PVOID *CommitAddress,
00899   _Inout_ PSIZE_T CommitSize);
00900 
00901 typedef struct _RTL_HEAP_PARAMETERS {
00902   ULONG Length;
00903   SIZE_T SegmentReserve;
00904   SIZE_T SegmentCommit;
00905   SIZE_T DeCommitFreeBlockThreshold;
00906   SIZE_T DeCommitTotalFreeThreshold;
00907   SIZE_T MaximumAllocationSize;
00908   SIZE_T VirtualMemoryThreshold;
00909   SIZE_T InitialCommit;
00910   SIZE_T InitialReserve;
00911   PRTL_HEAP_COMMIT_ROUTINE CommitRoutine;
00912   SIZE_T Reserved[2];
00913 } RTL_HEAP_PARAMETERS, *PRTL_HEAP_PARAMETERS;
00914 
00915 #if (NTDDI_VERSION >= NTDDI_WIN2K)
00916 
00917 typedef struct _GENERATE_NAME_CONTEXT {
00918   USHORT Checksum;
00919   BOOLEAN CheckSumInserted;
00920   _Field_range_(<=, 8) UCHAR NameLength;
00921   WCHAR NameBuffer[8];
00922   _Field_range_(<=, 4) ULONG ExtensionLength;
00923   WCHAR ExtensionBuffer[4];
00924   ULONG LastIndexValue;
00925 } GENERATE_NAME_CONTEXT, *PGENERATE_NAME_CONTEXT;
00926 
00927 typedef struct _PREFIX_TABLE_ENTRY {
00928   CSHORT NodeTypeCode;
00929   CSHORT NameLength;
00930   struct _PREFIX_TABLE_ENTRY *NextPrefixTree;
00931   RTL_SPLAY_LINKS Links;
00932   PSTRING Prefix;
00933 } PREFIX_TABLE_ENTRY, *PPREFIX_TABLE_ENTRY;
00934 
00935 typedef struct _PREFIX_TABLE {
00936   CSHORT NodeTypeCode;
00937   CSHORT NameLength;
00938   PPREFIX_TABLE_ENTRY NextPrefixTree;
00939 } PREFIX_TABLE, *PPREFIX_TABLE;
00940 
00941 typedef struct _UNICODE_PREFIX_TABLE_ENTRY {
00942   CSHORT NodeTypeCode;
00943   CSHORT NameLength;
00944   struct _UNICODE_PREFIX_TABLE_ENTRY *NextPrefixTree;
00945   struct _UNICODE_PREFIX_TABLE_ENTRY *CaseMatch;
00946   RTL_SPLAY_LINKS Links;
00947   PUNICODE_STRING Prefix;
00948 } UNICODE_PREFIX_TABLE_ENTRY, *PUNICODE_PREFIX_TABLE_ENTRY;
00949 
00950 typedef struct _UNICODE_PREFIX_TABLE {
00951   CSHORT NodeTypeCode;
00952   CSHORT NameLength;
00953   PUNICODE_PREFIX_TABLE_ENTRY NextPrefixTree;
00954   PUNICODE_PREFIX_TABLE_ENTRY LastNextEntry;
00955 } UNICODE_PREFIX_TABLE, *PUNICODE_PREFIX_TABLE;
00956 
00957 #endif /* (NTDDI_VERSION >= NTDDI_WIN2K) */
00958 
00959 #if (NTDDI_VERSION >= NTDDI_WINXP)
00960 typedef struct _COMPRESSED_DATA_INFO {
00961   USHORT CompressionFormatAndEngine;
00962   UCHAR CompressionUnitShift;
00963   UCHAR ChunkShift;
00964   UCHAR ClusterShift;
00965   UCHAR Reserved;
00966   USHORT NumberOfChunks;
00967   ULONG CompressedChunkSizes[ANYSIZE_ARRAY];
00968 } COMPRESSED_DATA_INFO, *PCOMPRESSED_DATA_INFO;
00969 #endif
00970 /******************************************************************************
00971  *                         Runtime Library Functions                          *
00972  ******************************************************************************/
00973 
00974 
00975 #if (NTDDI_VERSION >= NTDDI_WIN2K)
00976 
00977 
00978 _Must_inspect_result_
00979 _Ret_maybenull_
00980 _Post_writable_byte_size_(Size)
00981 NTSYSAPI
00982 PVOID
00983 NTAPI
00984 RtlAllocateHeap(
00985   _In_ HANDLE HeapHandle,
00986   _In_opt_ ULONG Flags,
00987   _In_ SIZE_T Size);
00988 
00989 _Success_(return != 0)
00990 NTSYSAPI
00991 BOOLEAN
00992 NTAPI
00993 RtlFreeHeap(
00994   _In_ PVOID HeapHandle,
00995   _In_opt_ ULONG Flags,
00996   _In_ _Post_invalid_ PVOID BaseAddress);
00997 
00998 NTSYSAPI
00999 VOID
01000 NTAPI
01001 RtlCaptureContext(
01002   _Out_ PCONTEXT ContextRecord);
01003 
01004 _Ret_range_(<, MAXLONG)
01005 NTSYSAPI
01006 ULONG
01007 NTAPI
01008 RtlRandom(
01009   _Inout_ PULONG Seed);
01010 
01011 _IRQL_requires_max_(APC_LEVEL)
01012 _Success_(return != 0)
01013 _Must_inspect_result_
01014 NTSYSAPI
01015 BOOLEAN
01016 NTAPI
01017 RtlCreateUnicodeString(
01018   _Out_ _At_(DestinationString->Buffer, __drv_allocatesMem(Mem))
01019     PUNICODE_STRING DestinationString,
01020   _In_z_ PCWSTR SourceString);
01021 
01022 _IRQL_requires_max_(PASSIVE_LEVEL)
01023 _Must_inspect_result_
01024 NTSYSAPI
01025 BOOLEAN
01026 NTAPI
01027 RtlPrefixString(
01028   _In_ const STRING *String1,
01029   _In_ const STRING *String2,
01030   _In_ BOOLEAN CaseInsensitive);
01031 
01032 _IRQL_requires_max_(APC_LEVEL)
01033 NTSYSAPI
01034 NTSTATUS
01035 NTAPI
01036 RtlAppendStringToString(
01037   _Inout_ PSTRING Destination,
01038   _In_ const STRING *Source);
01039 
01040 _IRQL_requires_max_(PASSIVE_LEVEL)
01041 _Must_inspect_result_
01042 NTSYSAPI
01043 NTSTATUS
01044 NTAPI
01045 RtlOemStringToUnicodeString(
01046   _When_(AllocateDestinationString, _Out_ _At_(DestinationString->Buffer, __drv_allocatesMem(Mem)))
01047   _When_(!AllocateDestinationString, _Inout_)
01048     PUNICODE_STRING DestinationString,
01049   _In_ PCOEM_STRING SourceString,
01050   _In_ BOOLEAN AllocateDestinationString);
01051 
01052 _IRQL_requires_max_(PASSIVE_LEVEL)
01053 _Must_inspect_result_
01054 NTSYSAPI
01055 NTSTATUS
01056 NTAPI
01057 RtlUnicodeStringToOemString(
01058   _When_(AllocateDestinationString, _Out_ _At_(DestinationString->Buffer, __drv_allocatesMem(Mem)))
01059   _When_(!AllocateDestinationString, _Inout_)
01060     POEM_STRING DestinationString,
01061   _In_ PCUNICODE_STRING SourceString,
01062   _In_ BOOLEAN AllocateDestinationString);
01063 
01064 _IRQL_requires_max_(PASSIVE_LEVEL)
01065 _Must_inspect_result_
01066 NTSYSAPI
01067 NTSTATUS
01068 NTAPI
01069 RtlUpcaseUnicodeStringToOemString(
01070   _When_(AllocateDestinationString, _Out_ _At_(DestinationString->Buffer, __drv_allocatesMem(Mem)))
01071   _When_(!AllocateDestinationString, _Inout_)
01072     POEM_STRING DestinationString,
01073   _In_ PCUNICODE_STRING SourceString,
01074   _In_ BOOLEAN AllocateDestinationString);
01075 
01076 _IRQL_requires_max_(PASSIVE_LEVEL)
01077 _Must_inspect_result_
01078 NTSYSAPI
01079 NTSTATUS
01080 NTAPI
01081 RtlOemStringToCountedUnicodeString(
01082   _When_(AllocateDestinationString, _Out_ _At_(DestinationString->Buffer, __drv_allocatesMem(Mem)))
01083   _When_(!AllocateDestinationString, _Inout_)
01084     PUNICODE_STRING DestinationString,
01085   _In_ PCOEM_STRING SourceString,
01086   _In_ BOOLEAN AllocateDestinationString);
01087 
01088 _IRQL_requires_max_(PASSIVE_LEVEL)
01089 _Must_inspect_result_
01090 NTSYSAPI
01091 NTSTATUS
01092 NTAPI
01093 RtlUnicodeStringToCountedOemString(
01094   _When_(AllocateDestinationString, _Out_ _At_(DestinationString->Buffer, __drv_allocatesMem(Mem)))
01095   _When_(!AllocateDestinationString, _Inout_)
01096     POEM_STRING DestinationString,
01097   _In_ PCUNICODE_STRING SourceString,
01098   _In_ BOOLEAN AllocateDestinationString);
01099 
01100 _IRQL_requires_max_(PASSIVE_LEVEL)
01101 _Must_inspect_result_
01102 NTSYSAPI
01103 NTSTATUS
01104 NTAPI
01105 RtlUpcaseUnicodeStringToCountedOemString(
01106   _When_(AllocateDestinationString, _Out_ _At_(DestinationString->Buffer, __drv_allocatesMem(Mem)))
01107   _When_(!AllocateDestinationString, _Inout_)
01108     POEM_STRING DestinationString,
01109   _In_ PCUNICODE_STRING SourceString,
01110   _In_ BOOLEAN AllocateDestinationString);
01111 
01112 _IRQL_requires_max_(PASSIVE_LEVEL)
01113 _When_(AllocateDestinationString, _Must_inspect_result_)
01114 NTSYSAPI
01115 NTSTATUS
01116 NTAPI
01117 RtlDowncaseUnicodeString(
01118   _When_(AllocateDestinationString, _Out_ _At_(UniDest->Buffer, __drv_allocatesMem(Mem)))
01119   _When_(!AllocateDestinationString, _Inout_)
01120     PUNICODE_STRING UniDest,
01121   _In_ PCUNICODE_STRING UniSource,
01122   _In_ BOOLEAN AllocateDestinationString);
01123 
01124 _IRQL_requires_max_(PASSIVE_LEVEL)
01125 NTSYSAPI
01126 VOID
01127 NTAPI
01128 RtlFreeOemString(
01129   _Inout_ _At_(OemString->Buffer, __drv_freesMem(Mem)) POEM_STRING OemString);
01130 
01131 _IRQL_requires_max_(PASSIVE_LEVEL)
01132 NTSYSAPI
01133 ULONG
01134 NTAPI
01135 RtlxUnicodeStringToOemSize(
01136   _In_ PCUNICODE_STRING UnicodeString);
01137 
01138 _IRQL_requires_max_(PASSIVE_LEVEL)
01139 NTSYSAPI
01140 ULONG
01141 NTAPI
01142 RtlxOemStringToUnicodeSize(
01143   _In_ PCOEM_STRING OemString);
01144 
01145 _IRQL_requires_max_(PASSIVE_LEVEL)
01146 NTSYSAPI
01147 NTSTATUS
01148 NTAPI
01149 RtlMultiByteToUnicodeN(
01150   _Out_writes_bytes_to_(MaxBytesInUnicodeString, *BytesInUnicodeString) PWCH UnicodeString,
01151   _In_ ULONG MaxBytesInUnicodeString,
01152   _Out_opt_ PULONG BytesInUnicodeString,
01153   _In_reads_bytes_(BytesInMultiByteString) const CHAR *MultiByteString,
01154   _In_ ULONG BytesInMultiByteString);
01155 
01156 _IRQL_requires_max_(PASSIVE_LEVEL)
01157 NTSYSAPI
01158 NTSTATUS
01159 NTAPI
01160 RtlMultiByteToUnicodeSize(
01161   _Out_ PULONG BytesInUnicodeString,
01162   _In_reads_bytes_(BytesInMultiByteString) const CHAR *MultiByteString,
01163   _In_ ULONG BytesInMultiByteString);
01164 
01165 _IRQL_requires_max_(PASSIVE_LEVEL)
01166 NTSYSAPI
01167 NTSTATUS
01168 NTAPI
01169 RtlUnicodeToMultiByteSize(
01170   _Out_ PULONG BytesInMultiByteString,
01171   _In_reads_bytes_(BytesInUnicodeString) PCWCH UnicodeString,
01172   _In_ ULONG BytesInUnicodeString);
01173 
01174 _IRQL_requires_max_(PASSIVE_LEVEL)
01175 NTSYSAPI
01176 NTSTATUS
01177 NTAPI
01178 RtlUnicodeToMultiByteN(
01179   _Out_writes_bytes_to_(MaxBytesInMultiByteString, *BytesInMultiByteString) PCHAR MultiByteString,
01180   _In_ ULONG MaxBytesInMultiByteString,
01181   _Out_opt_ PULONG BytesInMultiByteString,
01182   _In_reads_bytes_(BytesInUnicodeString) PCWCH UnicodeString,
01183   _In_ ULONG BytesInUnicodeString);
01184 
01185 _IRQL_requires_max_(PASSIVE_LEVEL)
01186 NTSYSAPI
01187 NTSTATUS
01188 NTAPI
01189 RtlUpcaseUnicodeToMultiByteN(
01190   _Out_writes_bytes_to_(MaxBytesInMultiByteString, *BytesInMultiByteString) PCHAR MultiByteString,
01191   _In_ ULONG MaxBytesInMultiByteString,
01192   _Out_opt_ PULONG BytesInMultiByteString,
01193   _In_reads_bytes_(BytesInUnicodeString) PCWCH UnicodeString,
01194   _In_ ULONG BytesInUnicodeString);
01195 
01196 _IRQL_requires_max_(PASSIVE_LEVEL)
01197 NTSYSAPI
01198 NTSTATUS
01199 NTAPI
01200 RtlOemToUnicodeN(
01201   _Out_writes_bytes_to_(MaxBytesInUnicodeString, *BytesInUnicodeString) PWSTR UnicodeString,
01202   _In_ ULONG MaxBytesInUnicodeString,
01203   _Out_opt_ PULONG BytesInUnicodeString,
01204   _In_reads_bytes_(BytesInOemString) PCCH OemString,
01205   _In_ ULONG BytesInOemString);
01206 
01207 _IRQL_requires_max_(PASSIVE_LEVEL)
01208 NTSYSAPI
01209 NTSTATUS
01210 NTAPI
01211 RtlUnicodeToOemN(
01212   _Out_writes_bytes_to_(MaxBytesInOemString, *BytesInOemString) PCHAR OemString,
01213   _In_ ULONG MaxBytesInOemString,
01214   _Out_opt_ PULONG BytesInOemString,
01215   _In_reads_bytes_(BytesInUnicodeString) PCWCH UnicodeString,
01216   _In_ ULONG BytesInUnicodeString);
01217 
01218 _IRQL_requires_max_(PASSIVE_LEVEL)
01219 NTSYSAPI
01220 NTSTATUS
01221 NTAPI
01222 RtlUpcaseUnicodeToOemN(
01223   _Out_writes_bytes_to_(MaxBytesInOemString, *BytesInOemString) PCHAR OemString,
01224   _In_ ULONG MaxBytesInOemString,
01225   _Out_opt_ PULONG BytesInOemString,
01226   _In_reads_bytes_(BytesInUnicodeString) PCWCH UnicodeString,
01227   _In_ ULONG BytesInUnicodeString);
01228 
01229 #if (NTDDI_VERSION >= NTDDI_VISTASP1)
01230 _IRQL_requires_max_(PASSIVE_LEVEL)
01231 NTSYSAPI
01232 NTSTATUS
01233 NTAPI
01234 RtlGenerate8dot3Name(
01235   _In_ PCUNICODE_STRING Name,
01236   _In_ BOOLEAN AllowExtendedCharacters,
01237   _Inout_ PGENERATE_NAME_CONTEXT Context,
01238   _Inout_ PUNICODE_STRING Name8dot3);
01239 #else
01240 _IRQL_requires_max_(PASSIVE_LEVEL)
01241 NTSYSAPI
01242 VOID
01243 NTAPI
01244 RtlGenerate8dot3Name(
01245   _In_ PCUNICODE_STRING Name,
01246   _In_ BOOLEAN AllowExtendedCharacters,
01247   _Inout_ PGENERATE_NAME_CONTEXT Context,
01248   _Inout_ PUNICODE_STRING Name8dot3);
01249 #endif
01250 
01251 _IRQL_requires_max_(PASSIVE_LEVEL)
01252 _Must_inspect_result_
01253 NTSYSAPI
01254 BOOLEAN
01255 NTAPI
01256 RtlIsNameLegalDOS8Dot3(
01257   _In_ PCUNICODE_STRING Name,
01258   _Inout_opt_ POEM_STRING OemName,
01259   _Out_opt_ PBOOLEAN NameContainsSpaces);
01260 
01261 _IRQL_requires_max_(PASSIVE_LEVEL)
01262 _Must_inspect_result_
01263 NTSYSAPI
01264 BOOLEAN
01265 NTAPI
01266 RtlIsValidOemCharacter(
01267   _Inout_ PWCHAR Char);
01268 
01269 _IRQL_requires_max_(PASSIVE_LEVEL)
01270 NTSYSAPI
01271 VOID
01272 NTAPI
01273 PfxInitialize(
01274   _Out_ PPREFIX_TABLE PrefixTable);
01275 
01276 _IRQL_requires_max_(PASSIVE_LEVEL)
01277 NTSYSAPI
01278 BOOLEAN
01279 NTAPI
01280 PfxInsertPrefix(
01281   _In_ PPREFIX_TABLE PrefixTable,
01282   _In_ __drv_aliasesMem PSTRING Prefix,
01283   _Out_ PPREFIX_TABLE_ENTRY PrefixTableEntry);
01284 
01285 _IRQL_requires_max_(PASSIVE_LEVEL)
01286 NTSYSAPI
01287 VOID
01288 NTAPI
01289 PfxRemovePrefix(
01290   _In_ PPREFIX_TABLE PrefixTable,
01291   _In_ PPREFIX_TABLE_ENTRY PrefixTableEntry);
01292 
01293 _IRQL_requires_max_(PASSIVE_LEVEL)
01294 _Must_inspect_result_
01295 NTSYSAPI
01296 PPREFIX_TABLE_ENTRY
01297 NTAPI
01298 PfxFindPrefix(
01299   _In_ PPREFIX_TABLE PrefixTable,
01300   _In_ PSTRING FullName);
01301 
01302 _IRQL_requires_max_(PASSIVE_LEVEL)
01303 NTSYSAPI
01304 VOID
01305 NTAPI
01306 RtlInitializeUnicodePrefix(
01307   _Out_ PUNICODE_PREFIX_TABLE PrefixTable);
01308 
01309 _IRQL_requires_max_(PASSIVE_LEVEL)
01310 NTSYSAPI
01311 BOOLEAN
01312 NTAPI
01313 RtlInsertUnicodePrefix(
01314   _In_ PUNICODE_PREFIX_TABLE PrefixTable,
01315   _In_ __drv_aliasesMem PUNICODE_STRING Prefix,
01316   _Out_ PUNICODE_PREFIX_TABLE_ENTRY PrefixTableEntry);
01317 
01318 _IRQL_requires_max_(PASSIVE_LEVEL)
01319 NTSYSAPI
01320 VOID
01321 NTAPI
01322 RtlRemoveUnicodePrefix(
01323   _In_ PUNICODE_PREFIX_TABLE PrefixTable,
01324   _In_ PUNICODE_PREFIX_TABLE_ENTRY PrefixTableEntry);
01325 
01326 _IRQL_requires_max_(PASSIVE_LEVEL)
01327 _Must_inspect_result_
01328 NTSYSAPI
01329 PUNICODE_PREFIX_TABLE_ENTRY
01330 NTAPI
01331 RtlFindUnicodePrefix(
01332   _In_ PUNICODE_PREFIX_TABLE PrefixTable,
01333   _In_ PUNICODE_STRING FullName,
01334   _In_ ULONG CaseInsensitiveIndex);
01335 
01336 _IRQL_requires_max_(PASSIVE_LEVEL)
01337 _Must_inspect_result_
01338 NTSYSAPI
01339 PUNICODE_PREFIX_TABLE_ENTRY
01340 NTAPI
01341 RtlNextUnicodePrefix(
01342   _In_ PUNICODE_PREFIX_TABLE PrefixTable,
01343   _In_ BOOLEAN Restart);
01344 
01345 _Must_inspect_result_
01346 NTSYSAPI
01347 SIZE_T
01348 NTAPI
01349 RtlCompareMemoryUlong(
01350   _In_reads_bytes_(Length) PVOID Source,
01351   _In_ SIZE_T Length,
01352   _In_ ULONG Pattern);
01353 
01354 _Success_(return != 0)
01355 NTSYSAPI
01356 BOOLEAN
01357 NTAPI
01358 RtlTimeToSecondsSince1980(
01359   _In_ PLARGE_INTEGER Time,
01360   _Out_ PULONG ElapsedSeconds);
01361 
01362 NTSYSAPI
01363 VOID
01364 NTAPI
01365 RtlSecondsSince1980ToTime(
01366   _In_ ULONG ElapsedSeconds,
01367   _Out_ PLARGE_INTEGER Time);
01368 
01369 _Success_(return != 0)
01370 _Must_inspect_result_
01371 NTSYSAPI
01372 BOOLEAN
01373 NTAPI
01374 RtlTimeToSecondsSince1970(
01375     _In_ PLARGE_INTEGER Time,
01376     _Out_ PULONG ElapsedSeconds);
01377 
01378 NTSYSAPI
01379 VOID
01380 NTAPI
01381 RtlSecondsSince1970ToTime(
01382   _In_ ULONG ElapsedSeconds,
01383   _Out_ PLARGE_INTEGER Time);
01384 
01385 _IRQL_requires_max_(APC_LEVEL)
01386 _Must_inspect_result_
01387 NTSYSAPI
01388 BOOLEAN
01389 NTAPI
01390 RtlValidSid(
01391   _In_ PSID Sid);
01392 
01393 _Must_inspect_result_
01394 NTSYSAPI
01395 BOOLEAN
01396 NTAPI
01397 RtlEqualSid(
01398   _In_ PSID Sid1,
01399   _In_ PSID Sid2);
01400 
01401 _IRQL_requires_max_(APC_LEVEL)
01402 _Must_inspect_result_
01403 NTSYSAPI
01404 BOOLEAN
01405 NTAPI
01406 RtlEqualPrefixSid(
01407   _In_ PSID Sid1,
01408   _In_ PSID Sid2);
01409 
01410 _IRQL_requires_max_(APC_LEVEL)
01411 NTSYSAPI
01412 ULONG
01413 NTAPI
01414 RtlLengthRequiredSid(
01415   _In_ ULONG SubAuthorityCount);
01416 
01417 NTSYSAPI
01418 PVOID
01419 NTAPI
01420 RtlFreeSid(
01421   _In_ _Post_invalid_ PSID Sid);
01422 
01423 _Must_inspect_result_
01424 NTSYSAPI
01425 NTSTATUS
01426 NTAPI
01427 RtlAllocateAndInitializeSid(
01428   _In_ PSID_IDENTIFIER_AUTHORITY IdentifierAuthority,
01429   _In_ UCHAR SubAuthorityCount,
01430   _In_ ULONG SubAuthority0,
01431   _In_ ULONG SubAuthority1,
01432   _In_ ULONG SubAuthority2,
01433   _In_ ULONG SubAuthority3,
01434   _In_ ULONG SubAuthority4,
01435   _In_ ULONG SubAuthority5,
01436   _In_ ULONG SubAuthority6,
01437   _In_ ULONG SubAuthority7,
01438   _Outptr_ PSID *Sid);
01439 
01440 _IRQL_requires_max_(APC_LEVEL)
01441 NTSYSAPI
01442 NTSTATUS
01443 NTAPI
01444 RtlInitializeSid(
01445   _Out_ PSID Sid,
01446   _In_ PSID_IDENTIFIER_AUTHORITY IdentifierAuthority,
01447   _In_ UCHAR SubAuthorityCount);
01448 
01449 NTSYSAPI
01450 PULONG
01451 NTAPI
01452 RtlSubAuthoritySid(
01453   _In_ PSID Sid,
01454   _In_ ULONG SubAuthority);
01455 
01456 _Post_satisfies_(return >= 8 && return <= SECURITY_MAX_SID_SIZE)
01457 NTSYSAPI
01458 ULONG
01459 NTAPI
01460 RtlLengthSid(
01461   _In_ PSID Sid);
01462 
01463 _IRQL_requires_max_(APC_LEVEL)
01464 NTSYSAPI
01465 NTSTATUS
01466 NTAPI
01467 RtlCopySid(
01468   _In_ ULONG DestinationSidLength,
01469   _Out_writes_bytes_(DestinationSidLength) PSID DestinationSid,
01470   _In_ PSID SourceSid);
01471 
01472 _IRQL_requires_max_(APC_LEVEL)
01473 NTSYSAPI
01474 NTSTATUS
01475 NTAPI
01476 RtlConvertSidToUnicodeString(
01477   _Inout_ PUNICODE_STRING UnicodeString,
01478   _In_ PSID Sid,
01479   _In_ BOOLEAN AllocateDestinationString);
01480 
01481 _IRQL_requires_max_(APC_LEVEL)
01482 NTSYSAPI
01483 VOID
01484 NTAPI
01485 RtlCopyLuid(
01486   _Out_ PLUID DestinationLuid,
01487   _In_ PLUID SourceLuid);
01488 
01489 _IRQL_requires_max_(APC_LEVEL)
01490 NTSYSAPI
01491 NTSTATUS
01492 NTAPI
01493 RtlCreateAcl(
01494   _Out_writes_bytes_(AclLength) PACL Acl,
01495   _In_ ULONG AclLength,
01496   _In_ ULONG AclRevision);
01497 
01498 _IRQL_requires_max_(APC_LEVEL)
01499 NTSYSAPI
01500 NTSTATUS
01501 NTAPI
01502 RtlAddAce(
01503   _Inout_ PACL Acl,
01504   _In_ ULONG AceRevision,
01505   _In_ ULONG StartingAceIndex,
01506   _In_reads_bytes_(AceListLength) PVOID AceList,
01507   _In_ ULONG AceListLength);
01508 
01509 _IRQL_requires_max_(APC_LEVEL)
01510 NTSYSAPI
01511 NTSTATUS
01512 NTAPI
01513 RtlDeleteAce(
01514   _Inout_ PACL Acl,
01515   _In_ ULONG AceIndex);
01516 
01517 NTSYSAPI
01518 NTSTATUS
01519 NTAPI
01520 RtlGetAce(
01521   _In_ PACL Acl,
01522   _In_ ULONG AceIndex,
01523   _Outptr_ PVOID *Ace);
01524 
01525 _IRQL_requires_max_(APC_LEVEL)
01526 NTSYSAPI
01527 NTSTATUS
01528 NTAPI
01529 RtlAddAccessAllowedAce(
01530   _Inout_ PACL Acl,
01531   _In_ ULONG AceRevision,
01532   _In_ ACCESS_MASK AccessMask,
01533   _In_ PSID Sid);
01534 
01535 _IRQL_requires_max_(APC_LEVEL)
01536 NTSYSAPI
01537 NTSTATUS
01538 NTAPI
01539 RtlAddAccessAllowedAceEx(
01540   _Inout_ PACL Acl,
01541   _In_ ULONG AceRevision,
01542   _In_ ULONG AceFlags,
01543   _In_ ACCESS_MASK AccessMask,
01544   _In_ PSID Sid);
01545 
01546 _IRQL_requires_max_(APC_LEVEL)
01547 NTSYSAPI
01548 NTSTATUS
01549 NTAPI
01550 RtlCreateSecurityDescriptorRelative(
01551   _Out_ PISECURITY_DESCRIPTOR_RELATIVE SecurityDescriptor,
01552   _In_ ULONG Revision);
01553 
01554 NTSYSAPI
01555 NTSTATUS
01556 NTAPI
01557 RtlGetDaclSecurityDescriptor(
01558   _In_ PSECURITY_DESCRIPTOR SecurityDescriptor,
01559   _Out_ PBOOLEAN DaclPresent,
01560   _Out_ PACL *Dacl,
01561   _Out_ PBOOLEAN DaclDefaulted);
01562 
01563 _IRQL_requires_max_(APC_LEVEL)
01564 NTSYSAPI
01565 NTSTATUS
01566 NTAPI
01567 RtlSetOwnerSecurityDescriptor(
01568   _Inout_ PSECURITY_DESCRIPTOR SecurityDescriptor,
01569   _In_opt_ PSID Owner,
01570   _In_opt_ BOOLEAN OwnerDefaulted);
01571 
01572 _IRQL_requires_max_(APC_LEVEL)
01573 NTSYSAPI
01574 NTSTATUS
01575 NTAPI
01576 RtlGetOwnerSecurityDescriptor(
01577   _In_ PSECURITY_DESCRIPTOR SecurityDescriptor,
01578   _Out_ PSID *Owner,
01579   _Out_ PBOOLEAN OwnerDefaulted);
01580 
01581 _IRQL_requires_max_(APC_LEVEL)
01582 _When_(Status < 0, _Out_range_(>, 0))
01583 _When_(Status >= 0, _Out_range_(==, 0))
01584 NTSYSAPI
01585 ULONG
01586 NTAPI
01587 RtlNtStatusToDosError(
01588   _In_ NTSTATUS Status);
01589 
01590 _IRQL_requires_max_(PASSIVE_LEVEL)
01591 NTSYSAPI
01592 NTSTATUS
01593 NTAPI
01594 RtlCustomCPToUnicodeN(
01595   _In_ PCPTABLEINFO CustomCP,
01596   _Out_writes_bytes_to_(MaxBytesInUnicodeString, *BytesInUnicodeString) PWCH UnicodeString,
01597   _In_ ULONG MaxBytesInUnicodeString,
01598   _Out_opt_ PULONG BytesInUnicodeString,
01599   _In_reads_bytes_(BytesInCustomCPString) PCH CustomCPString,
01600   _In_ ULONG BytesInCustomCPString);
01601 
01602 _IRQL_requires_max_(PASSIVE_LEVEL)
01603 NTSYSAPI
01604 NTSTATUS
01605 NTAPI
01606 RtlUnicodeToCustomCPN(
01607   _In_ PCPTABLEINFO CustomCP,
01608   _Out_writes_bytes_to_(MaxBytesInCustomCPString, *BytesInCustomCPString) PCH CustomCPString,
01609   _In_ ULONG MaxBytesInCustomCPString,
01610   _Out_opt_ PULONG BytesInCustomCPString,
01611   _In_reads_bytes_(BytesInUnicodeString) PWCH UnicodeString,
01612   _In_ ULONG BytesInUnicodeString);
01613 
01614 _IRQL_requires_max_(PASSIVE_LEVEL)
01615 NTSYSAPI
01616 NTSTATUS
01617 NTAPI
01618 RtlUpcaseUnicodeToCustomCPN(
01619   _In_ PCPTABLEINFO CustomCP,
01620   _Out_writes_bytes_to_(MaxBytesInCustomCPString, *BytesInCustomCPString) PCH CustomCPString,
01621   _In_ ULONG MaxBytesInCustomCPString,
01622   _Out_opt_ PULONG BytesInCustomCPString,
01623   _In_reads_bytes_(BytesInUnicodeString) PWCH UnicodeString,
01624   _In_ ULONG BytesInUnicodeString);
01625 
01626 _IRQL_requires_max_(PASSIVE_LEVEL)
01627 NTSYSAPI
01628 VOID
01629 NTAPI
01630 RtlInitCodePageTable(
01631   _In_ PUSHORT TableBase,
01632   _Out_ PCPTABLEINFO CodePageTable);
01633 
01634 
01635 #endif /* (NTDDI_VERSION >= NTDDI_WIN2K) */
01636 
01637 
01638 #if (NTDDI_VERSION >= NTDDI_WINXP)
01639 
01640 
01641 
01642 _Must_inspect_result_
01643 NTSYSAPI
01644 PVOID
01645 NTAPI
01646 RtlCreateHeap(
01647   _In_ ULONG Flags,
01648   _In_opt_ PVOID HeapBase,
01649   _In_opt_ SIZE_T ReserveSize,
01650   _In_opt_ SIZE_T CommitSize,
01651   _In_opt_ PVOID Lock,
01652   _In_opt_ PRTL_HEAP_PARAMETERS Parameters);
01653 
01654 NTSYSAPI
01655 PVOID
01656 NTAPI
01657 RtlDestroyHeap(
01658   _In_ _Post_invalid_ PVOID HeapHandle);
01659 
01660 NTSYSAPI
01661 USHORT
01662 NTAPI
01663 RtlCaptureStackBackTrace(
01664   _In_ ULONG FramesToSkip,
01665   _In_ ULONG FramesToCapture,
01666   _Out_writes_to_(FramesToCapture, return) PVOID *BackTrace,
01667   _Out_opt_ PULONG BackTraceHash);
01668 
01669 _Ret_range_(<, MAXLONG)
01670 NTSYSAPI
01671 ULONG
01672 NTAPI
01673 RtlRandomEx(
01674   _Inout_ PULONG Seed);
01675 
01676 _IRQL_requires_max_(DISPATCH_LEVEL)
01677 NTSYSAPI
01678 NTSTATUS
01679 NTAPI
01680 RtlInitUnicodeStringEx(
01681   _Out_ PUNICODE_STRING DestinationString,
01682   _In_opt_z_ __drv_aliasesMem PCWSTR SourceString);
01683 
01684 _Must_inspect_result_
01685 NTSYSAPI
01686 NTSTATUS
01687 NTAPI
01688 RtlValidateUnicodeString(
01689   _In_ ULONG Flags,
01690   _In_ PCUNICODE_STRING String);
01691 
01692 _IRQL_requires_max_(PASSIVE_LEVEL)
01693 _Must_inspect_result_
01694 NTSYSAPI
01695 NTSTATUS
01696 NTAPI
01697 RtlDuplicateUnicodeString(
01698   _In_ ULONG Flags,
01699   _In_ PCUNICODE_STRING SourceString,
01700   _Out_ _At_(DestinationString->Buffer, __drv_allocatesMem(Mem)) PUNICODE_STRING DestinationString);
01701 
01702 NTSYSAPI
01703 NTSTATUS
01704 NTAPI
01705 RtlGetCompressionWorkSpaceSize(
01706   _In_ USHORT CompressionFormatAndEngine,
01707   _Out_ PULONG CompressBufferWorkSpaceSize,
01708   _Out_ PULONG CompressFragmentWorkSpaceSize);
01709 
01710 NTSYSAPI
01711 NTSTATUS
01712 NTAPI
01713 RtlCompressBuffer(
01714   _In_ USHORT CompressionFormatAndEngine,
01715   _In_reads_bytes_(UncompressedBufferSize) PUCHAR UncompressedBuffer,
01716   _In_ ULONG UncompressedBufferSize,
01717   _Out_writes_bytes_to_(CompressedBufferSize, *FinalCompressedSize) PUCHAR CompressedBuffer,
01718   _In_ ULONG CompressedBufferSize,
01719   _In_ ULONG UncompressedChunkSize,
01720   _Out_ PULONG FinalCompressedSize,
01721   _In_ PVOID WorkSpace);
01722 
01723 _IRQL_requires_max_(APC_LEVEL)
01724 NTSYSAPI
01725 NTSTATUS
01726 NTAPI
01727 RtlDecompressBuffer(
01728   _In_ USHORT CompressionFormat,
01729   _Out_writes_bytes_to_(UncompressedBufferSize, *FinalUncompressedSize) PUCHAR UncompressedBuffer,
01730   _In_ ULONG UncompressedBufferSize,
01731   _In_reads_bytes_(CompressedBufferSize) PUCHAR CompressedBuffer,
01732   _In_ ULONG CompressedBufferSize,
01733   _Out_ PULONG FinalUncompressedSize);
01734 
01735 _IRQL_requires_max_(APC_LEVEL)
01736 NTSYSAPI
01737 NTSTATUS
01738 NTAPI
01739 RtlDecompressFragment(
01740   _In_ USHORT CompressionFormat,
01741   _Out_writes_bytes_to_(UncompressedFragmentSize, *FinalUncompressedSize) PUCHAR UncompressedFragment,
01742   _In_ ULONG UncompressedFragmentSize,
01743   _In_reads_bytes_(CompressedBufferSize) PUCHAR CompressedBuffer,
01744   _In_ ULONG CompressedBufferSize,
01745   _In_range_(<, CompressedBufferSize) ULONG FragmentOffset,
01746   _Out_ PULONG FinalUncompressedSize,
01747   _In_ PVOID WorkSpace);
01748 
01749 _IRQL_requires_max_(APC_LEVEL)
01750 NTSYSAPI
01751 NTSTATUS
01752 NTAPI
01753 RtlDescribeChunk(
01754   _In_ USHORT CompressionFormat,
01755   _Inout_ PUCHAR *CompressedBuffer,
01756   _In_ PUCHAR EndOfCompressedBufferPlus1,
01757   _Out_ PUCHAR *ChunkBuffer,
01758   _Out_ PULONG ChunkSize);
01759 
01760 _IRQL_requires_max_(APC_LEVEL)
01761 NTSYSAPI
01762 NTSTATUS
01763 NTAPI
01764 RtlReserveChunk(
01765   _In_ USHORT CompressionFormat,
01766   _Inout_ PUCHAR *CompressedBuffer,
01767   _In_ PUCHAR EndOfCompressedBufferPlus1,
01768   _Out_ PUCHAR *ChunkBuffer,
01769   _In_ ULONG ChunkSize);
01770 
01771 _IRQL_requires_max_(APC_LEVEL)
01772 NTSYSAPI
01773 NTSTATUS
01774 NTAPI
01775 RtlDecompressChunks(
01776   _Out_writes_bytes_(UncompressedBufferSize) PUCHAR UncompressedBuffer,
01777   _In_ ULONG UncompressedBufferSize,
01778   _In_reads_bytes_(CompressedBufferSize) PUCHAR CompressedBuffer,
01779   _In_ ULONG CompressedBufferSize,
01780   _In_reads_bytes_(CompressedTailSize) PUCHAR CompressedTail,
01781   _In_ ULONG CompressedTailSize,
01782   _In_ PCOMPRESSED_DATA_INFO CompressedDataInfo);
01783 
01784 _IRQL_requires_max_(APC_LEVEL)
01785 NTSYSAPI
01786 NTSTATUS
01787 NTAPI
01788 RtlCompressChunks(
01789   _In_reads_bytes_(UncompressedBufferSize) PUCHAR UncompressedBuffer,
01790   _In_ ULONG UncompressedBufferSize,
01791   _Out_writes_bytes_(CompressedBufferSize) PUCHAR CompressedBuffer,
01792   _In_range_(>=, (UncompressedBufferSize - (UncompressedBufferSize / 16))) ULONG CompressedBufferSize,
01793   _Inout_updates_bytes_(CompressedDataInfoLength) PCOMPRESSED_DATA_INFO CompressedDataInfo,
01794   _In_range_(>, sizeof(COMPRESSED_DATA_INFO)) ULONG CompressedDataInfoLength,
01795   _In_ PVOID WorkSpace);
01796 
01797 _IRQL_requires_max_(APC_LEVEL)
01798 NTSYSAPI
01799 PSID_IDENTIFIER_AUTHORITY
01800 NTAPI
01801 RtlIdentifierAuthoritySid(
01802   _In_ PSID Sid);
01803 
01804 NTSYSAPI
01805 PUCHAR
01806 NTAPI
01807 RtlSubAuthorityCountSid(
01808   _In_ PSID Sid);
01809 
01810 _When_(Status < 0, _Out_range_(>, 0))
01811 _When_(Status >= 0, _Out_range_(==, 0))
01812 NTSYSAPI
01813 ULONG
01814 NTAPI
01815 RtlNtStatusToDosErrorNoTeb(
01816   _In_ NTSTATUS Status);
01817 
01818 _IRQL_requires_max_(PASSIVE_LEVEL)
01819 NTSYSAPI
01820 NTSTATUS
01821 NTAPI
01822 RtlCreateSystemVolumeInformationFolder(
01823   _In_ PCUNICODE_STRING VolumeRootPath);
01824 
01825 #if defined(_M_AMD64)
01826 
01827 FORCEINLINE
01828 VOID
01829 RtlFillMemoryUlong(
01830   _Out_writes_bytes_all_(Length) PVOID Destination,
01831   _In_ SIZE_T Length,
01832   _In_ ULONG Pattern)
01833 {
01834   PULONG Address = (PULONG)Destination;
01835   if ((Length /= 4) != 0) {
01836     if (((ULONG64)Address & 4) != 0) {
01837       *Address = Pattern;
01838       if ((Length -= 1) == 0) {
01839         return;
01840       }
01841       Address += 1;
01842     }
01843     __stosq((PULONG64)(Address), Pattern | ((ULONG64)Pattern << 32), Length / 2);
01844     if ((Length & 1) != 0) Address[Length - 1] = Pattern;
01845   }
01846   return;
01847 }
01848 
01849 #define RtlFillMemoryUlonglong(Destination, Length, Pattern)                \
01850     __stosq((PULONG64)(Destination), Pattern, (Length) / 8)
01851 
01852 #else
01853 
01854 NTSYSAPI
01855 VOID
01856 NTAPI
01857 RtlFillMemoryUlong(
01858   OUT PVOID Destination,
01859   IN SIZE_T Length,
01860   IN ULONG Pattern);
01861 
01862 NTSYSAPI
01863 VOID
01864 NTAPI
01865 RtlFillMemoryUlonglong(
01866   _Out_writes_bytes_all_(Length) PVOID Destination,
01867   _In_ SIZE_T Length,
01868   _In_ ULONGLONG Pattern);
01869 
01870 #endif /* defined(_M_AMD64) */
01871 
01872 #endif /* (NTDDI_VERSION >= NTDDI_WINXP) */
01873 
01874 #if (NTDDI_VERSION >= NTDDI_WS03)
01875 _IRQL_requires_max_(DISPATCH_LEVEL)
01876 NTSYSAPI
01877 NTSTATUS
01878 NTAPI
01879 RtlInitAnsiStringEx(
01880   _Out_ PANSI_STRING DestinationString,
01881   _In_opt_z_ __drv_aliasesMem PCSZ SourceString);
01882 #endif
01883 
01884 #if (NTDDI_VERSION >= NTDDI_WS03SP1)
01885 
01886 _IRQL_requires_max_(APC_LEVEL)
01887 NTSYSAPI
01888 NTSTATUS
01889 NTAPI
01890 RtlGetSaclSecurityDescriptor(
01891   _In_ PSECURITY_DESCRIPTOR SecurityDescriptor,
01892   _Out_ PBOOLEAN SaclPresent,
01893   _Out_ PACL *Sacl,
01894   _Out_ PBOOLEAN SaclDefaulted);
01895 
01896 _IRQL_requires_max_(APC_LEVEL)
01897 NTSYSAPI
01898 NTSTATUS
01899 NTAPI
01900 RtlSetGroupSecurityDescriptor(
01901   _Inout_ PSECURITY_DESCRIPTOR SecurityDescriptor,
01902   _In_opt_ PSID Group,
01903   _In_opt_ BOOLEAN GroupDefaulted);
01904 
01905 _IRQL_requires_max_(APC_LEVEL)
01906 NTSYSAPI
01907 NTSTATUS
01908 NTAPI
01909 RtlGetGroupSecurityDescriptor(
01910   _In_ PSECURITY_DESCRIPTOR SecurityDescriptor,
01911   _Out_ PSID *Group,
01912   _Out_ PBOOLEAN GroupDefaulted);
01913 
01914 _IRQL_requires_max_(APC_LEVEL)
01915 NTSYSAPI
01916 NTSTATUS
01917 NTAPI
01918 RtlAbsoluteToSelfRelativeSD(
01919   _In_ PSECURITY_DESCRIPTOR AbsoluteSecurityDescriptor,
01920   _Out_writes_bytes_to_opt_(*BufferLength, *BufferLength) PSECURITY_DESCRIPTOR SelfRelativeSecurityDescriptor,
01921   _Inout_ PULONG BufferLength);
01922 
01923 _IRQL_requires_max_(APC_LEVEL)
01924 NTSYSAPI
01925 NTSTATUS
01926 NTAPI
01927 RtlSelfRelativeToAbsoluteSD(
01928   _In_ PSECURITY_DESCRIPTOR SelfRelativeSecurityDescriptor,
01929   _Out_writes_bytes_to_opt_(*AbsoluteSecurityDescriptorSize, *AbsoluteSecurityDescriptorSize) PSECURITY_DESCRIPTOR AbsoluteSecurityDescriptor,
01930   _Inout_ PULONG AbsoluteSecurityDescriptorSize,
01931   _Out_writes_bytes_to_opt_(*DaclSize, *DaclSize) PACL Dacl,
01932   _Inout_ PULONG DaclSize,
01933   _Out_writes_bytes_to_opt_(*SaclSize, *SaclSize) PACL Sacl,
01934   _Inout_ PULONG SaclSize,
01935   _Out_writes_bytes_to_opt_(*OwnerSize, *OwnerSize) PSID Owner,
01936   _Inout_ PULONG OwnerSize,
01937   _Out_writes_bytes_to_opt_(*PrimaryGroupSize, *PrimaryGroupSize) PSID PrimaryGroup,
01938   _Inout_ PULONG PrimaryGroupSize);
01939 
01940 #endif /* (NTDDI_VERSION >= NTDDI_WS03SP1) */
01941 
01942 #if (NTDDI_VERSION >= NTDDI_VISTA)
01943 
01944 NTSYSAPI
01945 NTSTATUS
01946 NTAPI
01947 RtlNormalizeString(
01948   _In_ ULONG NormForm,
01949   _In_ PCWSTR SourceString,
01950   _In_ LONG SourceStringLength,
01951   _Out_writes_to_(*DestinationStringLength, *DestinationStringLength) PWSTR DestinationString,
01952   _Inout_ PLONG DestinationStringLength);
01953 
01954 NTSYSAPI
01955 NTSTATUS
01956 NTAPI
01957 RtlIsNormalizedString(
01958   _In_ ULONG NormForm,
01959   _In_ PCWSTR SourceString,
01960   _In_ LONG SourceStringLength,
01961   _Out_ PBOOLEAN Normalized);
01962 
01963 NTSYSAPI
01964 NTSTATUS
01965 NTAPI
01966 RtlIdnToAscii(
01967   _In_ ULONG Flags,
01968   _In_ PCWSTR SourceString,
01969   _In_ LONG SourceStringLength,
01970   _Out_writes_to_(*DestinationStringLength, *DestinationStringLength) PWSTR DestinationString,
01971   _Inout_ PLONG DestinationStringLength);
01972 
01973 NTSYSAPI
01974 NTSTATUS
01975 NTAPI
01976 RtlIdnToUnicode(
01977   IN ULONG Flags,
01978   IN PCWSTR SourceString,
01979   IN LONG SourceStringLength,
01980   OUT PWSTR DestinationString,
01981   IN OUT PLONG DestinationStringLength);
01982 
01983 NTSYSAPI
01984 NTSTATUS
01985 NTAPI
01986 RtlIdnToNameprepUnicode(
01987   _In_ ULONG Flags,
01988   _In_ PCWSTR SourceString,
01989   _In_ LONG SourceStringLength,
01990   _Out_writes_to_(*DestinationStringLength, *DestinationStringLength) PWSTR DestinationString,
01991   _Inout_ PLONG DestinationStringLength);
01992 
01993 NTSYSAPI
01994 NTSTATUS
01995 NTAPI
01996 RtlCreateServiceSid(
01997   _In_ PUNICODE_STRING ServiceName,
01998   _Out_writes_bytes_opt_(*ServiceSidLength) PSID ServiceSid,
01999   _Inout_ PULONG ServiceSidLength);
02000 
02001 NTSYSAPI
02002 LONG
02003 NTAPI
02004 RtlCompareAltitudes(
02005   _In_ PCUNICODE_STRING Altitude1,
02006   _In_ PCUNICODE_STRING Altitude2);
02007 
02008 
02009 #endif /* (NTDDI_VERSION >= NTDDI_VISTA) */
02010 
02011 #if (NTDDI_VERSION >= NTDDI_WIN7)
02012 
02013 _IRQL_requires_max_(PASSIVE_LEVEL)
02014 _Must_inspect_result_
02015 NTSYSAPI
02016 NTSTATUS
02017 NTAPI
02018 RtlUnicodeToUTF8N(
02019   _Out_writes_bytes_to_(UTF8StringMaxByteCount, *UTF8StringActualByteCount) PCHAR UTF8StringDestination,
02020   _In_ ULONG UTF8StringMaxByteCount,
02021   _Out_ PULONG UTF8StringActualByteCount,
02022   _In_reads_bytes_(UnicodeStringByteCount) PCWCH UnicodeStringSource,
02023   _In_ ULONG UnicodeStringByteCount);
02024 
02025 _IRQL_requires_max_(PASSIVE_LEVEL)
02026 _Must_inspect_result_
02027 NTSYSAPI
02028 NTSTATUS
02029 NTAPI
02030 RtlUTF8ToUnicodeN(
02031   _Out_writes_bytes_to_(UnicodeStringMaxByteCount, *UnicodeStringActualByteCount) PWSTR UnicodeStringDestination,
02032   _In_ ULONG UnicodeStringMaxByteCount,
02033   _Out_ PULONG UnicodeStringActualByteCount,
02034   _In_reads_bytes_(UTF8StringByteCount) PCCH UTF8StringSource,
02035   _In_ ULONG UTF8StringByteCount);
02036 
02037 _IRQL_requires_max_(APC_LEVEL)
02038 NTSYSAPI
02039 NTSTATUS
02040 NTAPI
02041 RtlReplaceSidInSd(
02042   _Inout_ PSECURITY_DESCRIPTOR SecurityDescriptor,
02043   _In_ PSID OldSid,
02044   _In_ PSID NewSid,
02045   _Out_ ULONG *NumChanges);
02046 
02047 NTSYSAPI
02048 NTSTATUS
02049 NTAPI
02050 RtlCreateVirtualAccountSid(
02051   _In_ PCUNICODE_STRING Name,
02052   _In_ ULONG BaseSubAuthority,
02053   _Out_writes_bytes_(*SidLength) PSID Sid,
02054   _Inout_ PULONG SidLength);
02055 
02056 #endif /* (NTDDI_VERSION >= NTDDI_WIN7) */
02057 
02058 
02059 #if defined(_AMD64_) || defined(_IA64_)
02060 
02061 
02062 
02063 #endif /* defined(_AMD64_) || defined(_IA64_) */
02064 
02065 
02066 
02067 #define RTL_DUPLICATE_UNICODE_STRING_NULL_TERMINATE 1
02068 #define RTL_DUPLICATE_UNICODE_STRING_ALLOCATE_NULL_STRING 2
02069 
02070 #define RtlUnicodeStringToOemSize(STRING) (NLS_MB_OEM_CODE_PAGE_TAG ?                                \
02071                                            RtlxUnicodeStringToOemSize(STRING) :                      \
02072                                            ((STRING)->Length + sizeof(UNICODE_NULL)) / sizeof(WCHAR) \
02073 )
02074 
02075 #define RtlOemStringToUnicodeSize(STRING) (                 \
02076     NLS_MB_OEM_CODE_PAGE_TAG ?                              \
02077     RtlxOemStringToUnicodeSize(STRING) :                    \
02078     ((STRING)->Length + sizeof(ANSI_NULL)) * sizeof(WCHAR)  \
02079 )
02080 
02081 #define RtlOemStringToCountedUnicodeSize(STRING) (                    \
02082     (ULONG)(RtlOemStringToUnicodeSize(STRING) - sizeof(UNICODE_NULL)) \
02083 )
02084 
02085 #define RtlOffsetToPointer(B,O) ((PCHAR)(((PCHAR)(B)) + ((ULONG_PTR)(O))))
02086 #define RtlPointerToOffset(B,P) ((ULONG)(((PCHAR)(P)) - ((PCHAR)(B))))
02087 
02088 _IRQL_requires_max_(PASSIVE_LEVEL)
02089 __kernel_entry
02090 NTSYSCALLAPI
02091 NTSTATUS
02092 NTAPI
02093 NtQueryObject(
02094   _In_opt_ HANDLE Handle,
02095   _In_ OBJECT_INFORMATION_CLASS ObjectInformationClass,
02096   _Out_writes_bytes_opt_(ObjectInformationLength) PVOID ObjectInformation,
02097   _In_ ULONG ObjectInformationLength,
02098   _Out_opt_ PULONG ReturnLength);
02099 
02100 #if (NTDDI_VERSION >= NTDDI_WIN2K)
02101 
02102 _Must_inspect_result_
02103 __kernel_entry
02104 NTSYSCALLAPI
02105 NTSTATUS
02106 NTAPI
02107 NtOpenThreadToken(
02108   _In_ HANDLE ThreadHandle,
02109   _In_ ACCESS_MASK DesiredAccess,
02110   _In_ BOOLEAN OpenAsSelf,
02111   _Out_ PHANDLE TokenHandle);
02112 
02113 _Must_inspect_result_
02114 __kernel_entry
02115 NTSYSCALLAPI
02116 NTSTATUS
02117 NTAPI
02118 NtOpenProcessToken(
02119   _In_ HANDLE ProcessHandle,
02120   _In_ ACCESS_MASK DesiredAccess,
02121   _Out_ PHANDLE TokenHandle);
02122 
02123 _When_(TokenInformationClass == TokenAccessInformation,
02124   _At_(TokenInformationLength,
02125        _In_range_(>=, sizeof(TOKEN_ACCESS_INFORMATION))))
02126 _Must_inspect_result_
02127 __kernel_entry
02128 NTSYSCALLAPI
02129 NTSTATUS
02130 NTAPI
02131 NtQueryInformationToken(
02132   _In_ HANDLE TokenHandle,
02133   _In_ TOKEN_INFORMATION_CLASS TokenInformationClass,
02134   _Out_writes_bytes_to_opt_(TokenInformationLength, *ReturnLength) PVOID TokenInformation,
02135   _In_ ULONG TokenInformationLength,
02136   _Out_ PULONG ReturnLength);
02137 
02138 _Must_inspect_result_
02139 __kernel_entry
02140 NTSYSCALLAPI
02141 NTSTATUS
02142 NTAPI
02143 NtAdjustPrivilegesToken(
02144     _In_ HANDLE TokenHandle,
02145     _In_ BOOLEAN DisableAllPrivileges,
02146     _In_opt_ PTOKEN_PRIVILEGES NewState,
02147     _In_ ULONG BufferLength,
02148     _Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_PRIVILEGES PreviousState,
02149     _When_(PreviousState != NULL, _Out_) PULONG ReturnLength);
02150 
02151 __kernel_entry
02152 NTSYSCALLAPI
02153 NTSTATUS
02154 NTAPI
02155 NtCreateFile(
02156   _Out_ PHANDLE FileHandle,
02157   _In_ ACCESS_MASK DesiredAccess,
02158   _In_ POBJECT_ATTRIBUTES ObjectAttributes,
02159   _Out_ PIO_STATUS_BLOCK IoStatusBlock,
02160   _In_opt_ PLARGE_INTEGER AllocationSize,
02161   _In_ ULONG FileAttributes,
02162   _In_ ULONG ShareAccess,
02163   _In_ ULONG CreateDisposition,
02164   _In_ ULONG CreateOptions,
02165   _In_reads_bytes_opt_(EaLength) PVOID EaBuffer,
02166   _In_ ULONG EaLength);
02167 
02168 __kernel_entry
02169 NTSYSCALLAPI
02170 NTSTATUS
02171 NTAPI
02172 NtDeviceIoControlFile(
02173   _In_ HANDLE FileHandle,
02174   _In_opt_ HANDLE Event,
02175   _In_opt_ PIO_APC_ROUTINE ApcRoutine,
02176   _In_opt_ PVOID ApcContext,
02177   _Out_ PIO_STATUS_BLOCK IoStatusBlock,
02178   _In_ ULONG IoControlCode,
02179   _In_reads_bytes_opt_(InputBufferLength) PVOID InputBuffer,
02180   _In_ ULONG InputBufferLength,
02181   _Out_writes_bytes_opt_(OutputBufferLength) PVOID OutputBuffer,
02182   _In_ ULONG OutputBufferLength);
02183 
02184 __kernel_entry
02185 NTSYSCALLAPI
02186 NTSTATUS
02187 NTAPI
02188 NtFsControlFile(
02189   _In_ HANDLE FileHandle,
02190   _In_opt_ HANDLE Event,
02191   _In_opt_ PIO_APC_ROUTINE ApcRoutine,
02192   _In_opt_ PVOID ApcContext,
02193   _Out_ PIO_STATUS_BLOCK IoStatusBlock,
02194   _In_ ULONG FsControlCode,
02195   _In_reads_bytes_opt_(InputBufferLength) PVOID InputBuffer,
02196   _In_ ULONG InputBufferLength,
02197   _Out_writes_bytes_opt_(OutputBufferLength) PVOID OutputBuffer,
02198   _In_ ULONG OutputBufferLength);
02199 
02200 __kernel_entry
02201 NTSYSCALLAPI
02202 NTSTATUS
02203 NTAPI
02204 NtLockFile(
02205   _In_ HANDLE FileHandle,
02206   _In_opt_ HANDLE Event,
02207   _In_opt_ PIO_APC_ROUTINE ApcRoutine,
02208   _In_opt_ PVOID ApcContext,
02209   _Out_ PIO_STATUS_BLOCK IoStatusBlock,
02210   _In_ PLARGE_INTEGER ByteOffset,
02211   _In_ PLARGE_INTEGER Length,
02212   _In_ ULONG Key,
02213   _In_ BOOLEAN FailImmediately,
02214   _In_ BOOLEAN ExclusiveLock);
02215 
02216 __kernel_entry
02217 NTSYSCALLAPI
02218 NTSTATUS
02219 NTAPI
02220 NtOpenFile(
02221   _Out_ PHANDLE FileHandle,
02222   _In_ ACCESS_MASK DesiredAccess,
02223   _In_ POBJECT_ATTRIBUTES ObjectAttributes,
02224   _Out_ PIO_STATUS_BLOCK IoStatusBlock,
02225   _In_ ULONG ShareAccess,
02226   _In_ ULONG OpenOptions);
02227 
02228 __kernel_entry
02229 NTSYSCALLAPI
02230 NTSTATUS
02231 NTAPI
02232 NtQueryDirectoryFile(
02233   _In_ HANDLE FileHandle,
02234   _In_opt_ HANDLE Event,
02235   _In_opt_ PIO_APC_ROUTINE ApcRoutine,
02236   _In_opt_ PVOID ApcContext,
02237   _Out_ PIO_STATUS_BLOCK IoStatusBlock,
02238   _Out_writes_bytes_(Length) PVOID FileInformation,
02239   _In_ ULONG Length,
02240   _In_ FILE_INFORMATION_CLASS FileInformationClass,
02241   _In_ BOOLEAN ReturnSingleEntry,
02242   _In_opt_ PUNICODE_STRING FileName,
02243   _In_ BOOLEAN RestartScan);
02244 
02245 __kernel_entry
02246 NTSYSCALLAPI
02247 NTSTATUS
02248 NTAPI
02249 NtQueryInformationFile(
02250   _In_ HANDLE FileHandle,
02251   _Out_ PIO_STATUS_BLOCK IoStatusBlock,
02252   _Out_writes_bytes_(Length) PVOID FileInformation,
02253   _In_ ULONG Length,
02254   _In_ FILE_INFORMATION_CLASS FileInformationClass);
02255 
02256 __kernel_entry
02257 NTSYSCALLAPI
02258 NTSTATUS
02259 NTAPI
02260 NtQueryQuotaInformationFile(
02261   _In_ HANDLE FileHandle,
02262   _Out_ PIO_STATUS_BLOCK IoStatusBlock,
02263   _Out_writes_bytes_(Length) PVOID Buffer,
02264   _In_ ULONG Length,
02265   _In_ BOOLEAN ReturnSingleEntry,
02266   _In_reads_bytes_opt_(SidListLength) PVOID SidList,
02267   _In_ ULONG SidListLength,
02268   _In_reads_bytes_opt_((8 + (4 * ((SID *)StartSid)->SubAuthorityCount))) PSID StartSid,
02269   _In_ BOOLEAN RestartScan);
02270 
02271 __kernel_entry
02272 NTSYSCALLAPI
02273 NTSTATUS
02274 NTAPI
02275 NtQueryVolumeInformationFile(
02276   _In_ HANDLE FileHandle,
02277   _Out_ PIO_STATUS_BLOCK IoStatusBlock,
02278   _Out_writes_bytes_(Length) PVOID FsInformation,
02279   _In_ ULONG Length,
02280   _In_ FS_INFORMATION_CLASS FsInformationClass);
02281 
02282 __kernel_entry
02283 NTSYSCALLAPI
02284 NTSTATUS
02285 NTAPI
02286 NtReadFile(
02287   _In_ HANDLE FileHandle,
02288   _In_opt_ HANDLE Event,
02289   _In_opt_ PIO_APC_ROUTINE ApcRoutine,
02290   _In_opt_ PVOID ApcContext,
02291   _Out_ PIO_STATUS_BLOCK IoStatusBlock,
02292   _Out_writes_bytes_(Length) PVOID Buffer,
02293   _In_ ULONG Length,
02294   _In_opt_ PLARGE_INTEGER ByteOffset,
02295   _In_opt_ PULONG Key);
02296 
02297 __kernel_entry
02298 NTSYSCALLAPI
02299 NTSTATUS
02300 NTAPI
02301 NtSetInformationFile(
02302   _In_ HANDLE FileHandle,
02303   _Out_ PIO_STATUS_BLOCK IoStatusBlock,
02304   _In_reads_bytes_(Length) PVOID FileInformation,
02305   _In_ ULONG Length,
02306   _In_ FILE_INFORMATION_CLASS FileInformationClass);
02307 
02308 __kernel_entry
02309 NTSYSCALLAPI
02310 NTSTATUS
02311 NTAPI
02312 NtSetQuotaInformationFile(
02313   _In_ HANDLE FileHandle,
02314   _Out_ PIO_STATUS_BLOCK IoStatusBlock,
02315   _In_reads_bytes_(Length) PVOID Buffer,
02316   _In_ ULONG Length);
02317 
02318 __kernel_entry
02319 NTSYSCALLAPI
02320 NTSTATUS
02321 NTAPI
02322 NtSetVolumeInformationFile(
02323   _In_ HANDLE FileHandle,
02324   _Out_ PIO_STATUS_BLOCK IoStatusBlock,
02325   _In_reads_bytes_(Length) PVOID FsInformation,
02326   _In_ ULONG Length,
02327   _In_ FS_INFORMATION_CLASS FsInformationClass);
02328 
02329 __kernel_entry
02330 NTSYSCALLAPI
02331 NTSTATUS
02332 NTAPI
02333 NtWriteFile(
02334   _In_ HANDLE FileHandle,
02335   _In_opt_ HANDLE Event,
02336   _In_opt_ PIO_APC_ROUTINE ApcRoutine,
02337   _In_opt_ PVOID ApcContext,
02338   _Out_ PIO_STATUS_BLOCK IoStatusBlock,
02339   _In_reads_bytes_(Length) PVOID Buffer,
02340   _In_ ULONG Length,
02341   _In_opt_ PLARGE_INTEGER ByteOffset,
02342   _In_opt_ PULONG Key);
02343 
02344 __kernel_entry
02345 NTSYSCALLAPI
02346 NTSTATUS
02347 NTAPI
02348 NtUnlockFile(
02349   _In_ HANDLE FileHandle,
02350   _Out_ PIO_STATUS_BLOCK IoStatusBlock,
02351   _In_ PLARGE_INTEGER ByteOffset,
02352   _In_ PLARGE_INTEGER Length,
02353   _In_ ULONG Key);
02354 
02355 _IRQL_requires_max_(PASSIVE_LEVEL)
02356 __kernel_entry
02357 NTSYSCALLAPI
02358 NTSTATUS
02359 NTAPI
02360 NtSetSecurityObject(
02361   _In_ HANDLE Handle,
02362   _In_ SECURITY_INFORMATION SecurityInformation,
02363   _In_ PSECURITY_DESCRIPTOR SecurityDescriptor);
02364 
02365 _IRQL_requires_max_(PASSIVE_LEVEL)
02366 __kernel_entry
02367 NTSYSCALLAPI
02368 NTSTATUS
02369 NTAPI
02370 NtQuerySecurityObject(
02371   _In_ HANDLE Handle,
02372   _In_ SECURITY_INFORMATION SecurityInformation,
02373   _Out_writes_bytes_opt_(Length) PSECURITY_DESCRIPTOR SecurityDescriptor,
02374   _In_ ULONG Length,
02375   _Out_ PULONG LengthNeeded);
02376 
02377 _IRQL_requires_max_(PASSIVE_LEVEL)
02378 __kernel_entry
02379 NTSYSCALLAPI
02380 NTSTATUS
02381 NTAPI
02382 NtClose(
02383   _In_ HANDLE Handle);
02384 
02385 #endif
02386 
02387 #if (NTDDI_VERSION >= NTDDI_WINXP)
02388 
02389 _Must_inspect_result_
02390 __kernel_entry
02391 NTSYSCALLAPI
02392 NTSTATUS
02393 NTAPI
02394 NtOpenThreadTokenEx(
02395   _In_ HANDLE ThreadHandle,
02396   _In_ ACCESS_MASK DesiredAccess,
02397   _In_ BOOLEAN OpenAsSelf,
02398   _In_ ULONG HandleAttributes,
02399   _Out_ PHANDLE TokenHandle);
02400 
02401 _Must_inspect_result_
02402 __kernel_entry
02403 NTSYSCALLAPI
02404 NTSTATUS
02405 NTAPI
02406 NtOpenProcessTokenEx(
02407   _In_ HANDLE ProcessHandle,
02408   _In_ ACCESS_MASK DesiredAccess,
02409   _In_ ULONG HandleAttributes,
02410   _Out_ PHANDLE TokenHandle);
02411 
02412 _Must_inspect_result_
02413 NTSYSAPI
02414 NTSTATUS
02415 NTAPI
02416 NtOpenJobObjectToken(
02417   _In_ HANDLE JobHandle,
02418   _In_ ACCESS_MASK DesiredAccess,
02419   _Out_ PHANDLE TokenHandle);
02420 
02421 _Must_inspect_result_
02422 __kernel_entry
02423 NTSYSCALLAPI
02424 NTSTATUS
02425 NTAPI
02426 NtDuplicateToken(
02427   _In_ HANDLE ExistingTokenHandle,
02428   _In_ ACCESS_MASK DesiredAccess,
02429   _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
02430   _In_ BOOLEAN EffectiveOnly,
02431   _In_ TOKEN_TYPE TokenType,
02432   _Out_ PHANDLE NewTokenHandle);
02433 
02434 _Must_inspect_result_
02435 __kernel_entry
02436 NTSYSCALLAPI
02437 NTSTATUS
02438 NTAPI
02439 NtFilterToken(
02440   _In_ HANDLE ExistingTokenHandle,
02441   _In_ ULONG Flags,
02442   _In_opt_ PTOKEN_GROUPS SidsToDisable,
02443   _In_opt_ PTOKEN_PRIVILEGES PrivilegesToDelete,
02444   _In_opt_ PTOKEN_GROUPS RestrictedSids,
02445   _Out_ PHANDLE NewTokenHandle);
02446 
02447 _Must_inspect_result_
02448 __kernel_entry
02449 NTSYSCALLAPI
02450 NTSTATUS
02451 NTAPI
02452 NtImpersonateAnonymousToken(
02453   _In_ HANDLE ThreadHandle);
02454 
02455 _Must_inspect_result_
02456 __kernel_entry
02457 NTSYSCALLAPI
02458 NTSTATUS
02459 NTAPI
02460 NtSetInformationToken(
02461   _In_ HANDLE TokenHandle,
02462   _In_ TOKEN_INFORMATION_CLASS TokenInformationClass,
02463   _In_reads_bytes_(TokenInformationLength) PVOID TokenInformation,
02464   _In_ ULONG TokenInformationLength);
02465 
02466 _Must_inspect_result_
02467 __kernel_entry
02468 NTSYSCALLAPI
02469 NTSTATUS
02470 NTAPI
02471 NtAdjustGroupsToken(
02472   _In_ HANDLE TokenHandle,
02473   _In_ BOOLEAN ResetToDefault,
02474   _In_opt_ PTOKEN_GROUPS NewState,
02475   _In_opt_ ULONG BufferLength,
02476   _Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_GROUPS PreviousState,
02477   _Out_ PULONG ReturnLength);
02478 
02479 _Must_inspect_result_
02480 __kernel_entry
02481 NTSYSCALLAPI
02482 NTSTATUS
02483 NTAPI
02484 NtPrivilegeCheck(
02485   _In_ HANDLE ClientToken,
02486   _Inout_ PPRIVILEGE_SET RequiredPrivileges,
02487   _Out_ PBOOLEAN Result);
02488 
02489 _Must_inspect_result_
02490 __kernel_entry
02491 NTSYSCALLAPI
02492 NTSTATUS
02493 NTAPI
02494 NtAccessCheckAndAuditAlarm(
02495   _In_ PUNICODE_STRING SubsystemName,
02496   _In_opt_ PVOID HandleId,
02497   _In_ PUNICODE_STRING ObjectTypeName,
02498   _In_ PUNICODE_STRING ObjectName,
02499   _In_ PSECURITY_DESCRIPTOR SecurityDescriptor,
02500   _In_ ACCESS_MASK DesiredAccess,
02501   _In_ PGENERIC_MAPPING GenericMapping,
02502   _In_ BOOLEAN ObjectCreation,
02503   _Out_ PACCESS_MASK GrantedAccess,
02504   _Out_ PNTSTATUS AccessStatus,
02505   _Out_ PBOOLEAN GenerateOnClose);
02506 
02507 _Must_inspect_result_
02508 __kernel_entry
02509 NTSYSCALLAPI
02510 NTSTATUS
02511 NTAPI
02512 NtAccessCheckByTypeAndAuditAlarm(
02513   _In_ PUNICODE_STRING SubsystemName,
02514   _In_opt_ PVOID HandleId,
02515   _In_ PUNICODE_STRING ObjectTypeName,
02516   _In_ PUNICODE_STRING ObjectName,
02517   _In_ PSECURITY_DESCRIPTOR SecurityDescriptor,
02518   _In_opt_ PSID PrincipalSelfSid,
02519   _In_ ACCESS_MASK DesiredAccess,
02520   _In_ AUDIT_EVENT_TYPE AuditType,
02521   _In_ ULONG Flags,
02522   _In_reads_opt_(ObjectTypeLength) POBJECT_TYPE_LIST ObjectTypeList,
02523   _In_ ULONG ObjectTypeLength,
02524   _In_ PGENERIC_MAPPING GenericMapping,
02525   _In_ BOOLEAN ObjectCreation,
02526   _Out_ PACCESS_MASK GrantedAccess,
02527   _Out_ PNTSTATUS AccessStatus,
02528   _Out_ PBOOLEAN GenerateOnClose);
02529 
02530 _Must_inspect_result_
02531 __kernel_entry
02532 NTSYSCALLAPI
02533 NTSTATUS
02534 NTAPI
02535 NtAccessCheckByTypeResultListAndAuditAlarm(
02536   _In_ PUNICODE_STRING SubsystemName,
02537   _In_opt_ PVOID HandleId,
02538   _In_ PUNICODE_STRING ObjectTypeName,
02539   _In_ PUNICODE_STRING ObjectName,
02540   _In_ PSECURITY_DESCRIPTOR SecurityDescriptor,
02541   _In_opt_ PSID PrincipalSelfSid,
02542   _In_ ACCESS_MASK DesiredAccess,
02543   _In_ AUDIT_EVENT_TYPE AuditType,
02544   _In_ ULONG Flags,
02545   _In_reads_opt_(ObjectTypeListLength) POBJECT_TYPE_LIST ObjectTypeList,
02546   _In_ ULONG ObjectTypeListLength,
02547   _In_ PGENERIC_MAPPING GenericMapping,
02548   _In_ BOOLEAN ObjectCreation,
02549   _Out_writes_(ObjectTypeListLength) PACCESS_MASK GrantedAccess,
02550   _Out_writes_(ObjectTypeListLength) PNTSTATUS AccessStatus,
02551   _Out_ PBOOLEAN GenerateOnClose);
02552 
02553 _Must_inspect_result_
02554 __kernel_entry
02555 NTSYSCALLAPI
02556 NTSTATUS
02557 NTAPI
02558 NtAccessCheckByTypeResultListAndAuditAlarmByHandle(
02559   _In_ PUNICODE_STRING SubsystemName,
02560   _In_opt_ PVOID HandleId,
02561   _In_ HANDLE ClientToken,
02562   _In_ PUNICODE_STRING ObjectTypeName,
02563   _In_ PUNICODE_STRING ObjectName,
02564   _In_ PSECURITY_DESCRIPTOR SecurityDescriptor,
02565   _In_opt_ PSID PrincipalSelfSid,
02566   _In_ ACCESS_MASK DesiredAccess,
02567   _In_ AUDIT_EVENT_TYPE AuditType,
02568   _In_ ULONG Flags,
02569   _In_reads_opt_(ObjectTypeListLength) POBJECT_TYPE_LIST ObjectTypeList,
02570   _In_ ULONG ObjectTypeListLength,
02571   _In_ PGENERIC_MAPPING GenericMapping,
02572   _In_ BOOLEAN ObjectCreation,
02573   _Out_writes_(ObjectTypeListLength) PACCESS_MASK GrantedAccess,
02574   _Out_writes_(ObjectTypeListLength) PNTSTATUS AccessStatus,
02575   _Out_ PBOOLEAN GenerateOnClose);
02576 
02577 __kernel_entry
02578 NTSYSCALLAPI
02579 NTSTATUS
02580 NTAPI
02581 NtOpenObjectAuditAlarm(
02582   _In_ PUNICODE_STRING SubsystemName,
02583   _In_opt_ PVOID HandleId,
02584   _In_ PUNICODE_STRING ObjectTypeName,
02585   _In_ PUNICODE_STRING ObjectName,
02586   _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor,
02587   _In_ HANDLE ClientToken,
02588   _In_ ACCESS_MASK DesiredAccess,
02589   _In_ ACCESS_MASK GrantedAccess,
02590   _In_opt_ PPRIVILEGE_SET Privileges,
02591   _In_ BOOLEAN ObjectCreation,
02592   _In_ BOOLEAN AccessGranted,
02593   _Out_ PBOOLEAN GenerateOnClose);
02594 
02595 __kernel_entry
02596 NTSYSCALLAPI
02597 NTSTATUS
02598 NTAPI
02599 NtPrivilegeObjectAuditAlarm(
02600   _In_ PUNICODE_STRING SubsystemName,
02601   _In_opt_ PVOID HandleId,
02602   _In_ HANDLE ClientToken,
02603   _In_ ACCESS_MASK DesiredAccess,
02604   _In_ PPRIVILEGE_SET Privileges,
02605   _In_ BOOLEAN AccessGranted);
02606 
02607 __kernel_entry
02608 NTSYSCALLAPI
02609 NTSTATUS
02610 NTAPI
02611 NtCloseObjectAuditAlarm(
02612   _In_ PUNICODE_STRING SubsystemName,
02613   _In_opt_ PVOID HandleId,
02614   _In_ BOOLEAN GenerateOnClose);
02615 
02616 __kernel_entry
02617 NTSYSCALLAPI
02618 NTSTATUS
02619 NTAPI
02620 NtDeleteObjectAuditAlarm(
02621   _In_ PUNICODE_STRING SubsystemName,
02622   _In_opt_ PVOID HandleId,
02623   _In_ BOOLEAN GenerateOnClose);
02624 
02625 __kernel_entry
02626 NTSYSCALLAPI
02627 NTSTATUS
02628 NTAPI
02629 NtPrivilegedServiceAuditAlarm(
02630   _In_ PUNICODE_STRING SubsystemName,
02631   _In_ PUNICODE_STRING ServiceName,
02632   _In_ HANDLE ClientToken,
02633   _In_ PPRIVILEGE_SET Privileges,
02634   _In_ BOOLEAN AccessGranted);
02635 
02636 __kernel_entry
02637 NTSYSCALLAPI
02638 NTSTATUS
02639 NTAPI
02640 NtSetInformationThread(
02641   _In_ HANDLE ThreadHandle,
02642   _In_ THREADINFOCLASS ThreadInformationClass,
02643   _In_reads_bytes_(ThreadInformationLength) PVOID ThreadInformation,
02644   _In_ ULONG ThreadInformationLength);
02645 
02646 _Must_inspect_result_
02647 __kernel_entry
02648 NTSYSCALLAPI
02649 NTSTATUS
02650 NTAPI
02651 NtCreateSection(
02652   _Out_ PHANDLE SectionHandle,
02653   _In_ ACCESS_MASK DesiredAccess,
02654   _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
02655   _In_opt_ PLARGE_INTEGER MaximumSize,
02656   _In_ ULONG SectionPageProtection,
02657   _In_ ULONG AllocationAttributes,
02658   _In_opt_ HANDLE FileHandle);
02659 
02660 #endif
02661 
02662 #define COMPRESSION_FORMAT_NONE         (0x0000)
02663 #define COMPRESSION_FORMAT_DEFAULT      (0x0001)
02664 #define COMPRESSION_FORMAT_LZNT1        (0x0002)
02665 #define COMPRESSION_ENGINE_STANDARD     (0x0000)
02666 #define COMPRESSION_ENGINE_MAXIMUM      (0x0100)
02667 #define COMPRESSION_ENGINE_HIBER        (0x0200)
02668 
02669 #define MAX_UNICODE_STACK_BUFFER_LENGTH 256
02670 
02671 #define METHOD_FROM_CTL_CODE(ctrlCode)  ((ULONG)(ctrlCode & 3))
02672 
02673 #define METHOD_DIRECT_TO_HARDWARE       METHOD_IN_DIRECT
02674 #define METHOD_DIRECT_FROM_HARDWARE     METHOD_OUT_DIRECT
02675 
02676 typedef ULONG LSA_OPERATIONAL_MODE, *PLSA_OPERATIONAL_MODE;
02677 
02678 typedef enum _SECURITY_LOGON_TYPE {
02679   UndefinedLogonType = 0,
02680   Interactive = 2,
02681   Network,
02682   Batch,
02683   Service,
02684   Proxy,
02685   Unlock,
02686   NetworkCleartext,
02687   NewCredentials,
02688 #if (_WIN32_WINNT >= 0x0501)
02689   RemoteInteractive,
02690   CachedInteractive,
02691 #endif
02692 #if (_WIN32_WINNT >= 0x0502)
02693   CachedRemoteInteractive,
02694   CachedUnlock
02695 #endif
02696 } SECURITY_LOGON_TYPE, *PSECURITY_LOGON_TYPE;
02697 
02698 #ifndef _NTLSA_AUDIT_
02699 #define _NTLSA_AUDIT_
02700 
02701 #ifndef GUID_DEFINED
02702 #include <guiddef.h>
02703 #endif
02704 
02705 #endif /* _NTLSA_AUDIT_ */
02706 
02707 _IRQL_requires_same_
02708 _IRQL_requires_max_(PASSIVE_LEVEL)
02709 NTSTATUS
02710 NTAPI
02711 LsaRegisterLogonProcess(
02712   _In_ PLSA_STRING LogonProcessName,
02713   _Out_ PHANDLE LsaHandle,
02714   _Out_ PLSA_OPERATIONAL_MODE SecurityMode);
02715 
02716 _IRQL_requires_same_
02717 _IRQL_requires_max_(PASSIVE_LEVEL)
02718 NTSTATUS
02719 NTAPI
02720 LsaLogonUser(
02721   _In_ HANDLE LsaHandle,
02722   _In_ PLSA_STRING OriginName,
02723   _In_ SECURITY_LOGON_TYPE LogonType,
02724   _In_ ULONG AuthenticationPackage,
02725   _In_reads_bytes_(AuthenticationInformationLength) PVOID AuthenticationInformation,
02726   _In_ ULONG AuthenticationInformationLength,
02727   _In_opt_ PTOKEN_GROUPS LocalGroups,
02728   _In_ PTOKEN_SOURCE SourceContext,
02729   _Out_ PVOID *ProfileBuffer,
02730   _Out_ PULONG ProfileBufferLength,
02731   _Inout_ PLUID LogonId,
02732   _Out_ PHANDLE Token,
02733   _Out_ PQUOTA_LIMITS Quotas,
02734   _Out_ PNTSTATUS SubStatus);
02735 
02736 _IRQL_requires_same_
02737 NTSTATUS
02738 NTAPI
02739 LsaFreeReturnBuffer(
02740   _In_ PVOID Buffer);
02741 
02742 #ifndef _NTLSA_IFS_
02743 #define _NTLSA_IFS_
02744 #endif
02745 
02746 #define MSV1_0_PACKAGE_NAME     "MICROSOFT_AUTHENTICATION_PACKAGE_V1_0"
02747 #define MSV1_0_PACKAGE_NAMEW    L"MICROSOFT_AUTHENTICATION_PACKAGE_V1_0"
02748 #define MSV1_0_PACKAGE_NAMEW_LENGTH sizeof(MSV1_0_PACKAGE_NAMEW) - sizeof(WCHAR)
02749 
02750 #define MSV1_0_SUBAUTHENTICATION_KEY "SYSTEM\\CurrentControlSet\\Control\\Lsa\\MSV1_0"
02751 #define MSV1_0_SUBAUTHENTICATION_VALUE "Auth"
02752 
02753 #define MSV1_0_CHALLENGE_LENGTH                8
02754 #define MSV1_0_USER_SESSION_KEY_LENGTH         16
02755 #define MSV1_0_LANMAN_SESSION_KEY_LENGTH       8
02756 
02757 #define MSV1_0_CLEARTEXT_PASSWORD_ALLOWED      0x02
02758 #define MSV1_0_UPDATE_LOGON_STATISTICS         0x04
02759 #define MSV1_0_RETURN_USER_PARAMETERS          0x08
02760 #define MSV1_0_DONT_TRY_GUEST_ACCOUNT          0x10
02761 #define MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT      0x20
02762 #define MSV1_0_RETURN_PASSWORD_EXPIRY          0x40
02763 #define MSV1_0_USE_CLIENT_CHALLENGE            0x80
02764 #define MSV1_0_TRY_GUEST_ACCOUNT_ONLY          0x100
02765 #define MSV1_0_RETURN_PROFILE_PATH             0x200
02766 #define MSV1_0_TRY_SPECIFIED_DOMAIN_ONLY       0x400
02767 #define MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT 0x800
02768 
02769 #define MSV1_0_DISABLE_PERSONAL_FALLBACK     0x00001000
02770 #define MSV1_0_ALLOW_FORCE_GUEST             0x00002000
02771 
02772 #if (_WIN32_WINNT >= 0x0502)
02773 #define MSV1_0_CLEARTEXT_PASSWORD_SUPPLIED   0x00004000
02774 #define MSV1_0_USE_DOMAIN_FOR_ROUTING_ONLY   0x00008000
02775 #endif
02776 
02777 #define MSV1_0_SUBAUTHENTICATION_DLL_EX      0x00100000
02778 #define MSV1_0_ALLOW_MSVCHAPV2               0x00010000
02779 
02780 #if (_WIN32_WINNT >= 0x0600)
02781 #define MSV1_0_S4U2SELF                      0x00020000
02782 #define MSV1_0_CHECK_LOGONHOURS_FOR_S4U      0x00040000
02783 #endif
02784 
02785 #define MSV1_0_SUBAUTHENTICATION_DLL         0xFF000000
02786 #define MSV1_0_SUBAUTHENTICATION_DLL_SHIFT   24
02787 #define MSV1_0_MNS_LOGON                     0x01000000
02788 
02789 #define MSV1_0_SUBAUTHENTICATION_DLL_RAS     2
02790 #define MSV1_0_SUBAUTHENTICATION_DLL_IIS     132
02791 
02792 #define LOGON_GUEST                 0x01
02793 #define LOGON_NOENCRYPTION          0x02
02794 #define LOGON_CACHED_ACCOUNT        0x04
02795 #define LOGON_USED_LM_PASSWORD      0x08
02796 #define LOGON_EXTRA_SIDS            0x20
02797 #define LOGON_SUBAUTH_SESSION_KEY   0x40
02798 #define LOGON_SERVER_TRUST_ACCOUNT  0x80
02799 #define LOGON_NTLMV2_ENABLED        0x100
02800 #define LOGON_RESOURCE_GROUPS       0x200
02801 #define LOGON_PROFILE_PATH_RETURNED 0x400
02802 #define LOGON_NT_V2                 0x800
02803 #define LOGON_LM_V2                 0x1000
02804 #define LOGON_NTLM_V2               0x2000
02805 
02806 #if (_WIN32_WINNT >= 0x0600)
02807 
02808 #define LOGON_OPTIMIZED             0x4000
02809 #define LOGON_WINLOGON              0x8000
02810 #define LOGON_PKINIT               0x10000
02811 #define LOGON_NO_OPTIMIZED         0x20000
02812 
02813 #endif
02814 
02815 #define MSV1_0_SUBAUTHENTICATION_FLAGS 0xFF000000
02816 
02817 #define LOGON_GRACE_LOGON              0x01000000
02818 
02819 #define MSV1_0_OWF_PASSWORD_LENGTH 16
02820 #define MSV1_0_CRED_LM_PRESENT 0x1
02821 #define MSV1_0_CRED_NT_PRESENT 0x2
02822 #define MSV1_0_CRED_VERSION 0
02823 
02824 #define MSV1_0_NTLM3_RESPONSE_LENGTH 16
02825 #define MSV1_0_NTLM3_OWF_LENGTH 16
02826 
02827 #if (_WIN32_WINNT == 0x0500)
02828 #define MSV1_0_MAX_NTLM3_LIFE 1800
02829 #else
02830 #define MSV1_0_MAX_NTLM3_LIFE 129600
02831 #endif
02832 #define MSV1_0_MAX_AVL_SIZE 64000
02833 
02834 #if (_WIN32_WINNT >= 0x0501)
02835 
02836 #define MSV1_0_AV_FLAG_FORCE_GUEST                  0x00000001
02837 
02838 #if (_WIN32_WINNT >= 0x0600)
02839 #define MSV1_0_AV_FLAG_MIC_HANDSHAKE_MESSAGES       0x00000002
02840 #endif
02841 
02842 #endif
02843 
02844 #define MSV1_0_NTLM3_INPUT_LENGTH (sizeof(MSV1_0_NTLM3_RESPONSE) - MSV1_0_NTLM3_RESPONSE_LENGTH)
02845 
02846 #if(_WIN32_WINNT >= 0x0502)
02847 #define MSV1_0_NTLM3_MIN_NT_RESPONSE_LENGTH RTL_SIZEOF_THROUGH_FIELD(MSV1_0_NTLM3_RESPONSE, AvPairsOff)
02848 #endif
02849 
02850 #define USE_PRIMARY_PASSWORD            0x01
02851 #define RETURN_PRIMARY_USERNAME         0x02
02852 #define RETURN_PRIMARY_LOGON_DOMAINNAME 0x04
02853 #define RETURN_NON_NT_USER_SESSION_KEY  0x08
02854 #define GENERATE_CLIENT_CHALLENGE       0x10
02855 #define GCR_NTLM3_PARMS                 0x20
02856 #define GCR_TARGET_INFO                 0x40
02857 #define RETURN_RESERVED_PARAMETER       0x80
02858 #define GCR_ALLOW_NTLM                 0x100
02859 #define GCR_USE_OEM_SET                0x200
02860 #define GCR_MACHINE_CREDENTIAL         0x400
02861 #define GCR_USE_OWF_PASSWORD           0x800
02862 #define GCR_ALLOW_LM                  0x1000
02863 #define GCR_ALLOW_NO_TARGET           0x2000
02864 
02865 typedef enum _MSV1_0_LOGON_SUBMIT_TYPE {
02866   MsV1_0InteractiveLogon = 2,
02867   MsV1_0Lm20Logon,
02868   MsV1_0NetworkLogon,
02869   MsV1_0SubAuthLogon,
02870   MsV1_0WorkstationUnlockLogon = 7,
02871   MsV1_0S4ULogon = 12,
02872   MsV1_0VirtualLogon = 82
02873 } MSV1_0_LOGON_SUBMIT_TYPE, *PMSV1_0_LOGON_SUBMIT_TYPE;
02874 
02875 typedef enum _MSV1_0_PROFILE_BUFFER_TYPE {
02876   MsV1_0InteractiveProfile = 2,
02877   MsV1_0Lm20LogonProfile,
02878   MsV1_0SmartCardProfile
02879 } MSV1_0_PROFILE_BUFFER_TYPE, *PMSV1_0_PROFILE_BUFFER_TYPE;
02880 
02881 typedef struct _MSV1_0_INTERACTIVE_LOGON {
02882   MSV1_0_LOGON_SUBMIT_TYPE MessageType;
02883   UNICODE_STRING LogonDomainName;
02884   UNICODE_STRING UserName;
02885   UNICODE_STRING Password;
02886 } MSV1_0_INTERACTIVE_LOGON, *PMSV1_0_INTERACTIVE_LOGON;
02887 
02888 typedef struct _MSV1_0_INTERACTIVE_PROFILE {
02889   MSV1_0_PROFILE_BUFFER_TYPE MessageType;
02890   USHORT LogonCount;
02891   USHORT BadPasswordCount;
02892   LARGE_INTEGER LogonTime;
02893   LARGE_INTEGER LogoffTime;
02894   LARGE_INTEGER KickOffTime;
02895   LARGE_INTEGER PasswordLastSet;
02896   LARGE_INTEGER PasswordCanChange;
02897   LARGE_INTEGER PasswordMustChange;
02898   UNICODE_STRING LogonScript;
02899   UNICODE_STRING HomeDirectory;
02900   UNICODE_STRING FullName;
02901   UNICODE_STRING ProfilePath;
02902   UNICODE_STRING HomeDirectoryDrive;
02903   UNICODE_STRING LogonServer;
02904   ULONG UserFlags;
02905 } MSV1_0_INTERACTIVE_PROFILE, *PMSV1_0_INTERACTIVE_PROFILE;
02906 
02907 typedef struct _MSV1_0_LM20_LOGON {
02908   MSV1_0_LOGON_SUBMIT_TYPE MessageType;
02909   UNICODE_STRING LogonDomainName;
02910   UNICODE_STRING UserName;
02911   UNICODE_STRING Workstation;
02912   UCHAR ChallengeToClient[MSV1_0_CHALLENGE_LENGTH];
02913   STRING CaseSensitiveChallengeResponse;
02914   STRING CaseInsensitiveChallengeResponse;
02915   ULONG ParameterControl;
02916 } MSV1_0_LM20_LOGON, * PMSV1_0_LM20_LOGON;
02917 
02918 typedef struct _MSV1_0_SUBAUTH_LOGON {
02919   MSV1_0_LOGON_SUBMIT_TYPE MessageType;
02920   UNICODE_STRING LogonDomainName;
02921   UNICODE_STRING UserName;
02922   UNICODE_STRING Workstation;
02923   UCHAR ChallengeToClient[MSV1_0_CHALLENGE_LENGTH];
02924   STRING AuthenticationInfo1;
02925   STRING AuthenticationInfo2;
02926   ULONG ParameterControl;
02927   ULONG SubAuthPackageId;
02928 } MSV1_0_SUBAUTH_LOGON, * PMSV1_0_SUBAUTH_LOGON;
02929 
02930 #if (_WIN32_WINNT >= 0x0600)
02931 
02932 #define MSV1_0_S4U_LOGON_FLAG_CHECK_LOGONHOURS 0x2
02933 
02934 typedef struct _MSV1_0_S4U_LOGON {
02935   MSV1_0_LOGON_SUBMIT_TYPE MessageType;
02936   ULONG Flags;
02937   UNICODE_STRING UserPrincipalName;
02938   UNICODE_STRING DomainName;
02939 } MSV1_0_S4U_LOGON, *PMSV1_0_S4U_LOGON;
02940 
02941 #endif
02942 
02943 typedef struct _MSV1_0_LM20_LOGON_PROFILE {
02944   MSV1_0_PROFILE_BUFFER_TYPE MessageType;
02945   LARGE_INTEGER KickOffTime;
02946   LARGE_INTEGER LogoffTime;
02947   ULONG UserFlags;
02948   UCHAR UserSessionKey[MSV1_0_USER_SESSION_KEY_LENGTH];
02949   UNICODE_STRING LogonDomainName;
02950   UCHAR LanmanSessionKey[MSV1_0_LANMAN_SESSION_KEY_LENGTH];
02951   UNICODE_STRING LogonServer;
02952   UNICODE_STRING UserParameters;
02953 } MSV1_0_LM20_LOGON_PROFILE, * PMSV1_0_LM20_LOGON_PROFILE;
02954 
02955 typedef struct _MSV1_0_SUPPLEMENTAL_CREDENTIAL {
02956   ULONG Version;
02957   ULONG Flags;
02958   UCHAR LmPassword[MSV1_0_OWF_PASSWORD_LENGTH];
02959   UCHAR NtPassword[MSV1_0_OWF_PASSWORD_LENGTH];
02960 } MSV1_0_SUPPLEMENTAL_CREDENTIAL, *PMSV1_0_SUPPLEMENTAL_CREDENTIAL;
02961 
02962 typedef struct _MSV1_0_NTLM3_RESPONSE {
02963   UCHAR Response[MSV1_0_NTLM3_RESPONSE_LENGTH];
02964   UCHAR RespType;
02965   UCHAR HiRespType;
02966   USHORT Flags;
02967   ULONG MsgWord;
02968   ULONGLONG TimeStamp;
02969   UCHAR ChallengeFromClient[MSV1_0_CHALLENGE_LENGTH];
02970   ULONG AvPairsOff;
02971   UCHAR Buffer[1];
02972 } MSV1_0_NTLM3_RESPONSE, *PMSV1_0_NTLM3_RESPONSE;
02973 
02974 typedef enum _MSV1_0_AVID {
02975   MsvAvEOL,
02976   MsvAvNbComputerName,
02977   MsvAvNbDomainName,
02978   MsvAvDnsComputerName,
02979   MsvAvDnsDomainName,
02980 #if (_WIN32_WINNT >= 0x0501)
02981   MsvAvDnsTreeName,
02982   MsvAvFlags,
02983 #if (_WIN32_WINNT >= 0x0600)
02984   MsvAvTimestamp,
02985   MsvAvRestrictions,
02986   MsvAvTargetName,
02987   MsvAvChannelBindings,
02988 #endif
02989 #endif
02990 } MSV1_0_AVID;
02991 
02992 typedef struct _MSV1_0_AV_PAIR {
02993   USHORT AvId;
02994   USHORT AvLen;
02995 } MSV1_0_AV_PAIR, *PMSV1_0_AV_PAIR;
02996 
02997 typedef enum _MSV1_0_PROTOCOL_MESSAGE_TYPE {
02998   MsV1_0Lm20ChallengeRequest = 0,
02999   MsV1_0Lm20GetChallengeResponse,
03000   MsV1_0EnumerateUsers,
03001   MsV1_0GetUserInfo,
03002   MsV1_0ReLogonUsers,
03003   MsV1_0ChangePassword,
03004   MsV1_0ChangeCachedPassword,
03005   MsV1_0GenericPassthrough,
03006   MsV1_0CacheLogon,
03007   MsV1_0SubAuth,
03008   MsV1_0DeriveCredential,
03009   MsV1_0CacheLookup,
03010 #if (_WIN32_WINNT >= 0x0501)
03011   MsV1_0SetProcessOption,
03012 #endif
03013 #if (_WIN32_WINNT >= 0x0600)
03014   MsV1_0ConfigLocalAliases,
03015   MsV1_0ClearCachedCredentials,
03016 #endif
03017 } MSV1_0_PROTOCOL_MESSAGE_TYPE, *PMSV1_0_PROTOCOL_MESSAGE_TYPE;
03018 
03019 typedef struct _MSV1_0_LM20_CHALLENGE_REQUEST {
03020   MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType;
03021 } MSV1_0_LM20_CHALLENGE_REQUEST, *PMSV1_0_LM20_CHALLENGE_REQUEST;
03022 
03023 typedef struct _MSV1_0_LM20_CHALLENGE_RESPONSE {
03024   MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType;
03025   UCHAR ChallengeToClient[MSV1_0_CHALLENGE_LENGTH];
03026 } MSV1_0_LM20_CHALLENGE_RESPONSE, *PMSV1_0_LM20_CHALLENGE_RESPONSE;
03027 
03028 typedef struct _MSV1_0_GETCHALLENRESP_REQUEST_V1 {
03029   MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType;
03030   ULONG ParameterControl;
03031   LUID LogonId;
03032   UNICODE_STRING Password;
03033   UCHAR ChallengeToClient[MSV1_0_CHALLENGE_LENGTH];
03034 } MSV1_0_GETCHALLENRESP_REQUEST_V1, *PMSV1_0_GETCHALLENRESP_REQUEST_V1;
03035 
03036 typedef struct _MSV1_0_GETCHALLENRESP_REQUEST {
03037   MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType;
03038   ULONG ParameterControl;
03039   LUID LogonId;
03040   UNICODE_STRING Password;
03041   UCHAR ChallengeToClient[MSV1_0_CHALLENGE_LENGTH];
03042   UNICODE_STRING UserName;
03043   UNICODE_STRING LogonDomainName;
03044   UNICODE_STRING ServerName;
03045 } MSV1_0_GETCHALLENRESP_REQUEST, *PMSV1_0_GETCHALLENRESP_REQUEST;
03046 
03047 typedef struct _MSV1_0_GETCHALLENRESP_RESPONSE {
03048   MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType;
03049   STRING CaseSensitiveChallengeResponse;
03050   STRING CaseInsensitiveChallengeResponse;
03051   UNICODE_STRING UserName;
03052   UNICODE_STRING LogonDomainName;
03053   UCHAR UserSessionKey[MSV1_0_USER_SESSION_KEY_LENGTH];
03054   UCHAR LanmanSessionKey[MSV1_0_LANMAN_SESSION_KEY_LENGTH];
03055 } MSV1_0_GETCHALLENRESP_RESPONSE, *PMSV1_0_GETCHALLENRESP_RESPONSE;
03056 
03057 typedef struct _MSV1_0_ENUMUSERS_REQUEST {
03058   MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType;
03059 } MSV1_0_ENUMUSERS_REQUEST, *PMSV1_0_ENUMUSERS_REQUEST;
03060 
03061 typedef struct _MSV1_0_ENUMUSERS_RESPONSE {
03062   MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType;
03063   ULONG NumberOfLoggedOnUsers;
03064   PLUID LogonIds;
03065   PULONG EnumHandles;
03066 } MSV1_0_ENUMUSERS_RESPONSE, *PMSV1_0_ENUMUSERS_RESPONSE;
03067 
03068 typedef struct _MSV1_0_GETUSERINFO_REQUEST {
03069   MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType;
03070   LUID LogonId;
03071 } MSV1_0_GETUSERINFO_REQUEST, *PMSV1_0_GETUSERINFO_REQUEST;
03072 
03073 typedef struct _MSV1_0_GETUSERINFO_RESPONSE {
03074   MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType;
03075   PSID UserSid;
03076   UNICODE_STRING UserName;
03077   UNICODE_STRING LogonDomainName;
03078   UNICODE_STRING LogonServer;
03079   SECURITY_LOGON_TYPE LogonType;
03080 } MSV1_0_GETUSERINFO_RESPONSE, *PMSV1_0_GETUSERINFO_RESPONSE;
03081 
03082 
03083 
03084 #define FILE_OPLOCK_BROKEN_TO_LEVEL_2   0x00000007
03085 #define FILE_OPLOCK_BROKEN_TO_NONE      0x00000008
03086 #define FILE_OPBATCH_BREAK_UNDERWAY     0x00000009
03087 
03088 /* also in winnt.h */
03089 #define FILE_NOTIFY_CHANGE_FILE_NAME    0x00000001
03090 #define FILE_NOTIFY_CHANGE_DIR_NAME     0x00000002
03091 #define FILE_NOTIFY_CHANGE_NAME         0x00000003
03092 #define FILE_NOTIFY_CHANGE_ATTRIBUTES   0x00000004
03093 #define FILE_NOTIFY_CHANGE_SIZE         0x00000008
03094 #define FILE_NOTIFY_CHANGE_LAST_WRITE   0x00000010
03095 #define FILE_NOTIFY_CHANGE_LAST_ACCESS  0x00000020
03096 #define FILE_NOTIFY_CHANGE_CREATION     0x00000040
03097 #define FILE_NOTIFY_CHANGE_EA           0x00000080
03098 #define FILE_NOTIFY_CHANGE_SECURITY     0x00000100
03099 #define FILE_NOTIFY_CHANGE_STREAM_NAME  0x00000200
03100 #define FILE_NOTIFY_CHANGE_STREAM_SIZE  0x00000400
03101 #define FILE_NOTIFY_CHANGE_STREAM_WRITE 0x00000800
03102 #define FILE_NOTIFY_VALID_MASK          0x00000fff
03103 
03104 #define FILE_ACTION_ADDED                   0x00000001
03105 #define FILE_ACTION_REMOVED                 0x00000002
03106 #define FILE_ACTION_MODIFIED                0x00000003
03107 #define FILE_ACTION_RENAMED_OLD_NAME        0x00000004
03108 #define FILE_ACTION_RENAMED_NEW_NAME        0x00000005
03109 #define FILE_ACTION_ADDED_STREAM            0x00000006
03110 #define FILE_ACTION_REMOVED_STREAM          0x00000007
03111 #define FILE_ACTION_MODIFIED_STREAM         0x00000008
03112 #define FILE_ACTION_REMOVED_BY_DELETE       0x00000009
03113 #define FILE_ACTION_ID_NOT_TUNNELLED        0x0000000A
03114 #define FILE_ACTION_TUNNELLED_ID_COLLISION  0x0000000B
03115 /* end  winnt.h */
03116 
03117 #define FILE_PIPE_BYTE_STREAM_TYPE          0x00000000
03118 #define FILE_PIPE_MESSAGE_TYPE              0x00000001
03119 
03120 #define FILE_PIPE_ACCEPT_REMOTE_CLIENTS     0x00000000
03121 #define FILE_PIPE_REJECT_REMOTE_CLIENTS     0x00000002
03122 
03123 #define FILE_PIPE_ACCEPT_REMOTE_CLIENTS     0x00000000
03124 #define FILE_PIPE_REJECT_REMOTE_CLIENTS     0x00000002
03125 #define FILE_PIPE_TYPE_VALID_MASK           0x00000003
03126 
03127 #define FILE_PIPE_BYTE_STREAM_MODE          0x00000000
03128 #define FILE_PIPE_MESSAGE_MODE              0x00000001
03129 
03130 #define FILE_PIPE_QUEUE_OPERATION           0x00000000
03131 #define FILE_PIPE_COMPLETE_OPERATION        0x00000001
03132 
03133 #define FILE_PIPE_INBOUND                   0x00000000
03134 #define FILE_PIPE_OUTBOUND                  0x00000001
03135 #define FILE_PIPE_FULL_DUPLEX               0x00000002
03136 
03137 #define FILE_PIPE_DISCONNECTED_STATE        0x00000001
03138 #define FILE_PIPE_LISTENING_STATE           0x00000002
03139 #define FILE_PIPE_CONNECTED_STATE           0x00000003
03140 #define FILE_PIPE_CLOSING_STATE             0x00000004
03141 
03142 #define FILE_PIPE_CLIENT_END                0x00000000
03143 #define FILE_PIPE_SERVER_END                0x00000001
03144 
03145 #define FILE_CASE_SENSITIVE_SEARCH          0x00000001
03146 #define FILE_CASE_PRESERVED_NAMES           0x00000002
03147 #define FILE_UNICODE_ON_DISK                0x00000004
03148 #define FILE_PERSISTENT_ACLS                0x00000008
03149 #define FILE_FILE_COMPRESSION               0x00000010
03150 #define FILE_VOLUME_QUOTAS                  0x00000020
03151 #define FILE_SUPPORTS_SPARSE_FILES          0x00000040
03152 #define FILE_SUPPORTS_REPARSE_POINTS        0x00000080
03153 #define FILE_SUPPORTS_REMOTE_STORAGE        0x00000100
03154 #define FILE_VOLUME_IS_COMPRESSED           0x00008000
03155 #define FILE_SUPPORTS_OBJECT_IDS            0x00010000
03156 #define FILE_SUPPORTS_ENCRYPTION            0x00020000
03157 #define FILE_NAMED_STREAMS                  0x00040000
03158 #define FILE_READ_ONLY_VOLUME               0x00080000
03159 #define FILE_SEQUENTIAL_WRITE_ONCE          0x00100000
03160 #define FILE_SUPPORTS_TRANSACTIONS          0x00200000
03161 #define FILE_SUPPORTS_HARD_LINKS            0x00400000
03162 #define FILE_SUPPORTS_EXTENDED_ATTRIBUTES   0x00800000
03163 #define FILE_SUPPORTS_OPEN_BY_FILE_ID       0x01000000
03164 #define FILE_SUPPORTS_USN_JOURNAL           0x02000000
03165 
03166 #define FILE_NEED_EA                    0x00000080
03167 
03168 #define FILE_EA_TYPE_BINARY             0xfffe
03169 #define FILE_EA_TYPE_ASCII              0xfffd
03170 #define FILE_EA_TYPE_BITMAP             0xfffb
03171 #define FILE_EA_TYPE_METAFILE           0xfffa
03172 #define FILE_EA_TYPE_ICON               0xfff9
03173 #define FILE_EA_TYPE_EA                 0xffee
03174 #define FILE_EA_TYPE_MVMT               0xffdf
03175 #define FILE_EA_TYPE_MVST               0xffde
03176 #define FILE_EA_TYPE_ASN1               0xffdd
03177 #define FILE_EA_TYPE_FAMILY_IDS         0xff01
03178 
03179 typedef struct _FILE_NOTIFY_INFORMATION {
03180   ULONG NextEntryOffset;
03181   ULONG Action;
03182   ULONG FileNameLength;
03183   WCHAR FileName[1];
03184 } FILE_NOTIFY_INFORMATION, *PFILE_NOTIFY_INFORMATION;
03185 
03186 typedef struct _FILE_DIRECTORY_INFORMATION {
03187   ULONG NextEntryOffset;
03188   ULONG FileIndex;
03189   LARGE_INTEGER CreationTime;
03190   LARGE_INTEGER LastAccessTime;
03191   LARGE_INTEGER LastWriteTime;
03192   LARGE_INTEGER ChangeTime;
03193   LARGE_INTEGER EndOfFile;
03194   LARGE_INTEGER AllocationSize;
03195   ULONG FileAttributes;
03196   ULONG FileNameLength;
03197   WCHAR FileName[1];
03198 } FILE_DIRECTORY_INFORMATION, *PFILE_DIRECTORY_INFORMATION;
03199 
03200 typedef struct _FILE_FULL_DIR_INFORMATION {
03201   ULONG NextEntryOffset;
03202   ULONG FileIndex;
03203   LARGE_INTEGER CreationTime;
03204   LARGE_INTEGER LastAccessTime;
03205   LARGE_INTEGER LastWriteTime;
03206   LARGE_INTEGER ChangeTime;
03207   LARGE_INTEGER EndOfFile;
03208   LARGE_INTEGER AllocationSize;
03209   ULONG FileAttributes;
03210   ULONG FileNameLength;
03211   ULONG EaSize;
03212   WCHAR FileName[1];
03213 } FILE_FULL_DIR_INFORMATION, *PFILE_FULL_DIR_INFORMATION;
03214 
03215 typedef struct _FILE_ID_FULL_DIR_INFORMATION {
03216   ULONG NextEntryOffset;
03217   ULONG FileIndex;
03218   LARGE_INTEGER CreationTime;
03219   LARGE_INTEGER LastAccessTime;
03220   LARGE_INTEGER LastWriteTime;
03221   LARGE_INTEGER ChangeTime;
03222   LARGE_INTEGER EndOfFile;
03223   LARGE_INTEGER AllocationSize;
03224   ULONG FileAttributes;
03225   ULONG FileNameLength;
03226   ULONG EaSize;
03227   LARGE_INTEGER FileId;
03228   WCHAR FileName[1];
03229 } FILE_ID_FULL_DIR_INFORMATION, *PFILE_ID_FULL_DIR_INFORMATION;
03230 
03231 typedef struct _FILE_BOTH_DIR_INFORMATION {
03232   ULONG NextEntryOffset;
03233   ULONG FileIndex;
03234   LARGE_INTEGER CreationTime;
03235   LARGE_INTEGER LastAccessTime;
03236   LARGE_INTEGER LastWriteTime;
03237   LARGE_INTEGER ChangeTime;
03238   LARGE_INTEGER EndOfFile;
03239   LARGE_INTEGER AllocationSize;
03240   ULONG FileAttributes;
03241   ULONG FileNameLength;
03242   ULONG EaSize;
03243   CCHAR ShortNameLength;
03244   WCHAR ShortName[12];
03245   WCHAR FileName[1];
03246 } FILE_BOTH_DIR_INFORMATION, *PFILE_BOTH_DIR_INFORMATION;
03247 
03248 typedef struct _FILE_ID_BOTH_DIR_INFORMATION {
03249   ULONG NextEntryOffset;
03250   ULONG FileIndex;
03251   LARGE_INTEGER CreationTime;
03252   LARGE_INTEGER LastAccessTime;
03253   LARGE_INTEGER LastWriteTime;
03254   LARGE_INTEGER ChangeTime;
03255   LARGE_INTEGER EndOfFile;
03256   LARGE_INTEGER AllocationSize;
03257   ULONG FileAttributes;
03258   ULONG FileNameLength;
03259   ULONG EaSize;
03260   CCHAR ShortNameLength;
03261   WCHAR ShortName[12];
03262   LARGE_INTEGER FileId;
03263   WCHAR FileName[1];
03264 } FILE_ID_BOTH_DIR_INFORMATION, *PFILE_ID_BOTH_DIR_INFORMATION;
03265 
03266 typedef struct _FILE_NAMES_INFORMATION {
03267   ULONG NextEntryOffset;
03268   ULONG FileIndex;
03269   ULONG FileNameLength;
03270   WCHAR FileName[1];
03271 } FILE_NAMES_INFORMATION, *PFILE_NAMES_INFORMATION;
03272 
03273 typedef struct _FILE_ID_GLOBAL_TX_DIR_INFORMATION {
03274   ULONG NextEntryOffset;
03275   ULONG FileIndex;
03276   LARGE_INTEGER CreationTime;
03277   LARGE_INTEGER LastAccessTime;
03278   LARGE_INTEGER LastWriteTime;
03279   LARGE_INTEGER ChangeTime;
03280   LARGE_INTEGER EndOfFile;
03281   LARGE_INTEGER AllocationSize;
03282   ULONG FileAttributes;
03283   ULONG FileNameLength;
03284   LARGE_INTEGER FileId;
03285   GUID LockingTransactionId;
03286   ULONG TxInfoFlags;
03287   WCHAR FileName[1];
03288 } FILE_ID_GLOBAL_TX_DIR_INFORMATION, *PFILE_ID_GLOBAL_TX_DIR_INFORMATION;
03289 
03290 #define FILE_ID_GLOBAL_TX_DIR_INFO_FLAG_WRITELOCKED         0x00000001
03291 #define FILE_ID_GLOBAL_TX_DIR_INFO_FLAG_VISIBLE_TO_TX       0x00000002
03292 #define FILE_ID_GLOBAL_TX_DIR_INFO_FLAG_VISIBLE_OUTSIDE_TX  0x00000004
03293 
03294 typedef struct _FILE_OBJECTID_INFORMATION {
03295   LONGLONG FileReference;
03296   UCHAR ObjectId[16];
03297   _ANONYMOUS_UNION union {
03298     _ANONYMOUS_STRUCT struct {
03299       UCHAR BirthVolumeId[16];
03300       UCHAR BirthObjectId[16];
03301       UCHAR DomainId[16];
03302     } DUMMYSTRUCTNAME;
03303     UCHAR ExtendedInfo[48];
03304   } DUMMYUNIONNAME;
03305 } FILE_OBJECTID_INFORMATION, *PFILE_OBJECTID_INFORMATION;
03306 
03307 #define ANSI_DOS_STAR                   ('<')
03308 #define ANSI_DOS_QM                     ('>')
03309 #define ANSI_DOS_DOT                    ('"')
03310 
03311 #define DOS_STAR                        (L'<')
03312 #define DOS_QM                          (L'>')
03313 #define DOS_DOT                         (L'"')
03314 
03315 typedef struct _FILE_INTERNAL_INFORMATION {
03316   LARGE_INTEGER IndexNumber;
03317 } FILE_INTERNAL_INFORMATION, *PFILE_INTERNAL_INFORMATION;
03318 
03319 typedef struct _FILE_EA_INFORMATION {
03320   ULONG EaSize;
03321 } FILE_EA_INFORMATION, *PFILE_EA_INFORMATION;
03322 
03323 typedef struct _FILE_ACCESS_INFORMATION {
03324   ACCESS_MASK AccessFlags;
03325 } FILE_ACCESS_INFORMATION, *PFILE_ACCESS_INFORMATION;
03326 
03327 typedef struct _FILE_MODE_INFORMATION {
03328   ULONG Mode;
03329 } FILE_MODE_INFORMATION, *PFILE_MODE_INFORMATION;
03330 
03331 typedef struct _FILE_ALL_INFORMATION {
03332   FILE_BASIC_INFORMATION BasicInformation;
03333   FILE_STANDARD_INFORMATION StandardInformation;
03334   FILE_INTERNAL_INFORMATION InternalInformation;
03335   FILE_EA_INFORMATION EaInformation;
03336   FILE_ACCESS_INFORMATION AccessInformation;
03337   FILE_POSITION_INFORMATION PositionInformation;
03338   FILE_MODE_INFORMATION ModeInformation;
03339   FILE_ALIGNMENT_INFORMATION AlignmentInformation;
03340   FILE_NAME_INFORMATION NameInformation;
03341 } FILE_ALL_INFORMATION, *PFILE_ALL_INFORMATION;
03342 
03343 typedef struct _FILE_ALLOCATION_INFORMATION {
03344   LARGE_INTEGER AllocationSize;
03345 } FILE_ALLOCATION_INFORMATION, *PFILE_ALLOCATION_INFORMATION;
03346 
03347 typedef struct _FILE_COMPRESSION_INFORMATION {
03348   LARGE_INTEGER CompressedFileSize;
03349   USHORT CompressionFormat;
03350   UCHAR CompressionUnitShift;
03351   UCHAR ChunkShift;
03352   UCHAR ClusterShift;
03353   UCHAR Reserved[3];
03354 } FILE_COMPRESSION_INFORMATION, *PFILE_COMPRESSION_INFORMATION;
03355 
03356 typedef struct _FILE_LINK_INFORMATION {
03357   BOOLEAN ReplaceIfExists;
03358   HANDLE RootDirectory;
03359   ULONG FileNameLength;
03360   WCHAR FileName[1];
03361 } FILE_LINK_INFORMATION, *PFILE_LINK_INFORMATION;
03362 
03363 typedef struct _FILE_MOVE_CLUSTER_INFORMATION {
03364   ULONG ClusterCount;
03365   HANDLE RootDirectory;
03366   ULONG FileNameLength;
03367   WCHAR FileName[1];
03368 } FILE_MOVE_CLUSTER_INFORMATION, *PFILE_MOVE_CLUSTER_INFORMATION;
03369 
03370 typedef struct _FILE_RENAME_INFORMATION {
03371   BOOLEAN ReplaceIfExists;
03372   HANDLE RootDirectory;
03373   ULONG FileNameLength;
03374   WCHAR FileName[1];
03375 } FILE_RENAME_INFORMATION, *PFILE_RENAME_INFORMATION;
03376 
03377 typedef struct _FILE_STREAM_INFORMATION {
03378   ULONG NextEntryOffset;
03379   ULONG StreamNameLength;
03380   LARGE_INTEGER StreamSize;
03381   LARGE_INTEGER StreamAllocationSize;
03382   WCHAR StreamName[1];
03383 } FILE_STREAM_INFORMATION, *PFILE_STREAM_INFORMATION;
03384 
03385 typedef struct _FILE_TRACKING_INFORMATION {
03386   HANDLE DestinationFile;
03387   ULONG ObjectInformationLength;
03388   CHAR ObjectInformation[1];
03389 } FILE_TRACKING_INFORMATION, *PFILE_TRACKING_INFORMATION;
03390 
03391 typedef struct _FILE_COMPLETION_INFORMATION {
03392   HANDLE Port;
03393   PVOID Key;
03394 } FILE_COMPLETION_INFORMATION, *PFILE_COMPLETION_INFORMATION;
03395 
03396 typedef struct _FILE_PIPE_INFORMATION {
03397   ULONG ReadMode;
03398   ULONG CompletionMode;
03399 } FILE_PIPE_INFORMATION, *PFILE_PIPE_INFORMATION;
03400 
03401 typedef struct _FILE_PIPE_LOCAL_INFORMATION {
03402   ULONG NamedPipeType;
03403   ULONG NamedPipeConfiguration;
03404   ULONG MaximumInstances;
03405   ULONG CurrentInstances;
03406   ULONG InboundQuota;
03407   ULONG ReadDataAvailable;
03408   ULONG OutboundQuota;
03409   ULONG WriteQuotaAvailable;
03410   ULONG NamedPipeState;
03411   ULONG NamedPipeEnd;
03412 } FILE_PIPE_LOCAL_INFORMATION, *PFILE_PIPE_LOCAL_INFORMATION;
03413 
03414 typedef struct _FILE_PIPE_REMOTE_INFORMATION {
03415   LARGE_INTEGER CollectDataTime;
03416   ULONG MaximumCollectionCount;
03417 } FILE_PIPE_REMOTE_INFORMATION, *PFILE_PIPE_REMOTE_INFORMATION;
03418 
03419 typedef struct _FILE_MAILSLOT_QUERY_INFORMATION {
03420   ULONG MaximumMessageSize;
03421   ULONG MailslotQuota;
03422   ULONG NextMessageSize;
03423   ULONG MessagesAvailable;
03424   LARGE_INTEGER ReadTimeout;
03425 } FILE_MAILSLOT_QUERY_INFORMATION, *PFILE_MAILSLOT_QUERY_INFORMATION;
03426 
03427 typedef struct _FILE_MAILSLOT_SET_INFORMATION {
03428   PLARGE_INTEGER ReadTimeout;
03429 } FILE_MAILSLOT_SET_INFORMATION, *PFILE_MAILSLOT_SET_INFORMATION;
03430 
03431 typedef struct _FILE_REPARSE_POINT_INFORMATION {
03432   LONGLONG FileReference;
03433   ULONG Tag;
03434 } FILE_REPARSE_POINT_INFORMATION, *PFILE_REPARSE_POINT_INFORMATION;
03435 
03436 typedef struct _FILE_LINK_ENTRY_INFORMATION {
03437   ULONG NextEntryOffset;
03438   LONGLONG ParentFileId;
03439   ULONG FileNameLength;
03440   WCHAR FileName[1];
03441 } FILE_LINK_ENTRY_INFORMATION, *PFILE_LINK_ENTRY_INFORMATION;
03442 
03443 typedef struct _FILE_LINKS_INFORMATION {
03444   ULONG BytesNeeded;
03445   ULONG EntriesReturned;
03446   FILE_LINK_ENTRY_INFORMATION Entry;
03447 } FILE_LINKS_INFORMATION, *PFILE_LINKS_INFORMATION;
03448 
03449 typedef struct _FILE_NETWORK_PHYSICAL_NAME_INFORMATION {
03450   ULONG FileNameLength;
03451   WCHAR FileName[1];
03452 } FILE_NETWORK_PHYSICAL_NAME_INFORMATION, *PFILE_NETWORK_PHYSICAL_NAME_INFORMATION;
03453 
03454 typedef struct _FILE_STANDARD_LINK_INFORMATION {
03455   ULONG NumberOfAccessibleLinks;
03456   ULONG TotalNumberOfLinks;
03457   BOOLEAN DeletePending;
03458   BOOLEAN Directory;
03459 } FILE_STANDARD_LINK_INFORMATION, *PFILE_STANDARD_LINK_INFORMATION;
03460 
03461 typedef struct _FILE_GET_EA_INFORMATION {
03462   ULONG NextEntryOffset;
03463   UCHAR EaNameLength;
03464   CHAR  EaName[1];
03465 } FILE_GET_EA_INFORMATION, *PFILE_GET_EA_INFORMATION;
03466 
03467 #define REMOTE_PROTOCOL_FLAG_LOOPBACK       0x00000001
03468 #define REMOTE_PROTOCOL_FLAG_OFFLINE        0x00000002
03469 
03470 typedef struct _FILE_REMOTE_PROTOCOL_INFORMATION {
03471   USHORT StructureVersion;
03472   USHORT StructureSize;
03473   ULONG  Protocol;
03474   USHORT ProtocolMajorVersion;
03475   USHORT ProtocolMinorVersion;
03476   USHORT ProtocolRevision;
03477   USHORT Reserved;
03478   ULONG  Flags;
03479   struct {
03480     ULONG Reserved[8];
03481   } GenericReserved;
03482   struct {
03483     ULONG Reserved[16];
03484   } ProtocolSpecificReserved;
03485 } FILE_REMOTE_PROTOCOL_INFORMATION, *PFILE_REMOTE_PROTOCOL_INFORMATION;
03486 
03487 typedef struct _FILE_GET_QUOTA_INFORMATION {
03488   ULONG NextEntryOffset;
03489   ULONG SidLength;
03490   SID Sid;
03491 } FILE_GET_QUOTA_INFORMATION, *PFILE_GET_QUOTA_INFORMATION;
03492 
03493 typedef struct _FILE_QUOTA_INFORMATION {
03494   ULONG NextEntryOffset;
03495   ULONG SidLength;
03496   LARGE_INTEGER ChangeTime;
03497   LARGE_INTEGER QuotaUsed;
03498   LARGE_INTEGER QuotaThreshold;
03499   LARGE_INTEGER QuotaLimit;
03500   SID Sid;
03501 } FILE_QUOTA_INFORMATION, *PFILE_QUOTA_INFORMATION;
03502 
03503 typedef struct _FILE_FS_ATTRIBUTE_INFORMATION {
03504   ULONG FileSystemAttributes;
03505   ULONG MaximumComponentNameLength;
03506   ULONG FileSystemNameLength;
03507   WCHAR FileSystemName[1];
03508 } FILE_FS_ATTRIBUTE_INFORMATION, *PFILE_FS_ATTRIBUTE_INFORMATION;
03509 
03510 typedef struct _FILE_FS_DRIVER_PATH_INFORMATION {
03511   BOOLEAN DriverInPath;
03512   ULONG DriverNameLength;
03513   WCHAR DriverName[1];
03514 } FILE_FS_DRIVER_PATH_INFORMATION, *PFILE_FS_DRIVER_PATH_INFORMATION;
03515 
03516 typedef struct _FILE_FS_VOLUME_FLAGS_INFORMATION {
03517   ULONG Flags;
03518 } FILE_FS_VOLUME_FLAGS_INFORMATION, *PFILE_FS_VOLUME_FLAGS_INFORMATION;
03519 
03520 #define FILE_VC_QUOTA_NONE              0x00000000
03521 #define FILE_VC_QUOTA_TRACK             0x00000001
03522 #define FILE_VC_QUOTA_ENFORCE           0x00000002
03523 #define FILE_VC_QUOTA_MASK              0x00000003
03524 #define FILE_VC_CONTENT_INDEX_DISABLED  0x00000008
03525 #define FILE_VC_LOG_QUOTA_THRESHOLD     0x00000010
03526 #define FILE_VC_LOG_QUOTA_LIMIT         0x00000020
03527 #define FILE_VC_LOG_VOLUME_THRESHOLD    0x00000040
03528 #define FILE_VC_LOG_VOLUME_LIMIT        0x00000080
03529 #define FILE_VC_QUOTAS_INCOMPLETE       0x00000100
03530 #define FILE_VC_QUOTAS_REBUILDING       0x00000200
03531 #define FILE_VC_VALID_MASK              0x000003ff
03532 
03533 typedef struct _FILE_FS_CONTROL_INFORMATION {
03534   LARGE_INTEGER FreeSpaceStartFiltering;
03535   LARGE_INTEGER FreeSpaceThreshold;
03536   LARGE_INTEGER FreeSpaceStopFiltering;
03537   LARGE_INTEGER DefaultQuotaThreshold;
03538   LARGE_INTEGER DefaultQuotaLimit;
03539   ULONG FileSystemControlFlags;
03540 } FILE_FS_CONTROL_INFORMATION, *PFILE_FS_CONTROL_INFORMATION;
03541 
03542 #ifndef _FILESYSTEMFSCTL_
03543 #define _FILESYSTEMFSCTL_
03544 
03545 #define FSCTL_REQUEST_OPLOCK_LEVEL_1    CTL_CODE(FILE_DEVICE_FILE_SYSTEM,  0, METHOD_BUFFERED, FILE_ANY_ACCESS)
03546 #define FSCTL_REQUEST_OPLOCK_LEVEL_2    CTL_CODE(FILE_DEVICE_FILE_SYSTEM,  1, METHOD_BUFFERED, FILE_ANY_ACCESS)
03547 #define FSCTL_REQUEST_BATCH_OPLOCK      CTL_CODE(FILE_DEVICE_FILE_SYSTEM,  2, METHOD_BUFFERED, FILE_ANY_ACCESS)
03548 #define FSCTL_OPLOCK_BREAK_ACKNOWLEDGE  CTL_CODE(FILE_DEVICE_FILE_SYSTEM,  3, METHOD_BUFFERED, FILE_ANY_ACCESS)
03549 #define FSCTL_OPBATCH_ACK_CLOSE_PENDING CTL_CODE(FILE_DEVICE_FILE_SYSTEM,  4, METHOD_BUFFERED, FILE_ANY_ACCESS)
03550 #define FSCTL_OPLOCK_BREAK_NOTIFY       CTL_CODE(FILE_DEVICE_FILE_SYSTEM,  5, METHOD_BUFFERED, FILE_ANY_ACCESS)
03551 #define FSCTL_LOCK_VOLUME               CTL_CODE(FILE_DEVICE_FILE_SYSTEM,  6, METHOD_BUFFERED, FILE_ANY_ACCESS)
03552 #define FSCTL_UNLOCK_VOLUME             CTL_CODE(FILE_DEVICE_FILE_SYSTEM,  7, METHOD_BUFFERED, FILE_ANY_ACCESS)
03553 #define FSCTL_DISMOUNT_VOLUME           CTL_CODE(FILE_DEVICE_FILE_SYSTEM,  8, METHOD_BUFFERED, FILE_ANY_ACCESS)
03554 #define FSCTL_IS_VOLUME_MOUNTED         CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 10, METHOD_BUFFERED, FILE_ANY_ACCESS)
03555 #define FSCTL_IS_PATHNAME_VALID         CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 11, METHOD_BUFFERED, FILE_ANY_ACCESS)
03556 #define FSCTL_MARK_VOLUME_DIRTY         CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 12, METHOD_BUFFERED, FILE_ANY_ACCESS)
03557 #define FSCTL_QUERY_RETRIEVAL_POINTERS  CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 14, METHOD_NEITHER,  FILE_ANY_ACCESS)
03558 #define FSCTL_GET_COMPRESSION           CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 15, METHOD_BUFFERED, FILE_ANY_ACCESS)
03559 #define FSCTL_SET_COMPRESSION           CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 16, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA)
03560 #define FSCTL_SET_BOOTLOADER_ACCESSED   CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 19, METHOD_NEITHER,  FILE_ANY_ACCESS)
03561 
03562 #define FSCTL_OPLOCK_BREAK_ACK_NO_2     CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 20, METHOD_BUFFERED, FILE_ANY_ACCESS)
03563 #define FSCTL_INVALIDATE_VOLUMES        CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 21, METHOD_BUFFERED, FILE_ANY_ACCESS)
03564 #define FSCTL_QUERY_FAT_BPB             CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 22, METHOD_BUFFERED, FILE_ANY_ACCESS)
03565 #define FSCTL_REQUEST_FILTER_OPLOCK     CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 23, METHOD_BUFFERED, FILE_ANY_ACCESS)
03566 #define FSCTL_FILESYSTEM_GET_STATISTICS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 24, METHOD_BUFFERED, FILE_ANY_ACCESS)
03567 
03568 #if (_WIN32_WINNT >= 0x0400)
03569 
03570 #define FSCTL_GET_NTFS_VOLUME_DATA      CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 25, METHOD_BUFFERED, FILE_ANY_ACCESS)
03571 #define FSCTL_GET_NTFS_FILE_RECORD      CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 26, METHOD_BUFFERED, FILE_ANY_ACCESS)
03572 #define FSCTL_GET_VOLUME_BITMAP         CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 27, METHOD_NEITHER,  FILE_ANY_ACCESS)
03573 #define FSCTL_GET_RETRIEVAL_POINTERS    CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 28, METHOD_NEITHER,  FILE_ANY_ACCESS)
03574 #define FSCTL_MOVE_FILE                 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 29, METHOD_BUFFERED, FILE_SPECIAL_ACCESS)
03575 #define FSCTL_IS_VOLUME_DIRTY           CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 30, METHOD_BUFFERED, FILE_ANY_ACCESS)
03576 #define FSCTL_ALLOW_EXTENDED_DASD_IO    CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 32, METHOD_NEITHER,  FILE_ANY_ACCESS)
03577 
03578 #endif
03579 
03580 #if (_WIN32_WINNT >= 0x0500)
03581 
03582 #define FSCTL_FIND_FILES_BY_SID         CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 35, METHOD_NEITHER,  FILE_ANY_ACCESS)
03583 #define FSCTL_SET_OBJECT_ID             CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 38, METHOD_BUFFERED, FILE_SPECIAL_ACCESS)
03584 #define FSCTL_GET_OBJECT_ID             CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 39, METHOD_BUFFERED, FILE_ANY_ACCESS)
03585 #define FSCTL_DELETE_OBJECT_ID          CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 40, METHOD_BUFFERED, FILE_SPECIAL_ACCESS)
03586 #define FSCTL_SET_REPARSE_POINT         CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 41, METHOD_BUFFERED, FILE_SPECIAL_ACCESS)
03587 #define FSCTL_GET_REPARSE_POINT         CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 42, METHOD_BUFFERED, FILE_ANY_ACCESS)
03588 #define FSCTL_DELETE_REPARSE_POINT      CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 43, METHOD_BUFFERED, FILE_SPECIAL_ACCESS)
03589 #define FSCTL_ENUM_USN_DATA             CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 44, METHOD_NEITHER,  FILE_ANY_ACCESS)
03590 #define FSCTL_SECURITY_ID_CHECK         CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 45, METHOD_NEITHER,  FILE_READ_DATA)
03591 #define FSCTL_READ_USN_JOURNAL          CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 46, METHOD_NEITHER,  FILE_ANY_ACCESS)
03592 #define FSCTL_SET_OBJECT_ID_EXTENDED    CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 47, METHOD_BUFFERED, FILE_SPECIAL_ACCESS)
03593 #define FSCTL_CREATE_OR_GET_OBJECT_ID   CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 48, METHOD_BUFFERED, FILE_ANY_ACCESS)
03594 #define FSCTL_SET_SPARSE                CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 49, METHOD_BUFFERED, FILE_SPECIAL_ACCESS)
03595 #define FSCTL_SET_ZERO_DATA             CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 50, METHOD_BUFFERED, FILE_WRITE_DATA)
03596 #define FSCTL_QUERY_ALLOCATED_RANGES    CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 51, METHOD_NEITHER,  FILE_READ_DATA)
03597 #define FSCTL_ENABLE_UPGRADE            CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 52, METHOD_BUFFERED, FILE_WRITE_DATA)
03598 #define FSCTL_SET_ENCRYPTION            CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 53, METHOD_NEITHER,  FILE_ANY_ACCESS)
03599 #define FSCTL_ENCRYPTION_FSCTL_IO       CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 54, METHOD_NEITHER,  FILE_ANY_ACCESS)
03600 #define FSCTL_WRITE_RAW_ENCRYPTED       CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 55, METHOD_NEITHER,  FILE_SPECIAL_ACCESS)
03601 #define FSCTL_READ_RAW_ENCRYPTED        CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 56, METHOD_NEITHER,  FILE_SPECIAL_ACCESS)
03602 #define FSCTL_CREATE_USN_JOURNAL        CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 57, METHOD_NEITHER,  FILE_ANY_ACCESS)
03603 #define FSCTL_READ_FILE_USN_DATA        CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 58, METHOD_NEITHER,  FILE_ANY_ACCESS)
03604 #define FSCTL_WRITE_USN_CLOSE_RECORD    CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 59, METHOD_NEITHER,  FILE_ANY_ACCESS)
03605 #define FSCTL_EXTEND_VOLUME             CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 60, METHOD_BUFFERED, FILE_ANY_ACCESS)
03606 #define FSCTL_QUERY_USN_JOURNAL         CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 61, METHOD_BUFFERED, FILE_ANY_ACCESS)
03607 #define FSCTL_DELETE_USN_JOURNAL        CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 62, METHOD_BUFFERED, FILE_ANY_ACCESS)
03608 #define FSCTL_MARK_HANDLE               CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 63, METHOD_BUFFERED, FILE_ANY_ACCESS)
03609 #define FSCTL_SIS_COPYFILE              CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 64, METHOD_BUFFERED, FILE_ANY_ACCESS)
03610 #define FSCTL_SIS_LINK_FILES            CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 65, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA)
03611 #define FSCTL_RECALL_FILE               CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 69, METHOD_NEITHER, FILE_ANY_ACCESS)
03612 #define FSCTL_READ_FROM_PLEX            CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 71, METHOD_OUT_DIRECT, FILE_READ_DATA)
03613 #define FSCTL_FILE_PREFETCH             CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 72, METHOD_BUFFERED, FILE_SPECIAL_ACCESS)
03614 
03615 #endif
03616 
03617 #if (_WIN32_WINNT >= 0x0600)
03618 
03619 #define FSCTL_MAKE_MEDIA_COMPATIBLE         CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 76, METHOD_BUFFERED, FILE_WRITE_DATA)
03620 #define FSCTL_SET_DEFECT_MANAGEMENT         CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 77, METHOD_BUFFERED, FILE_WRITE_DATA)
03621 #define FSCTL_QUERY_SPARING_INFO            CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 78, METHOD_BUFFERED, FILE_ANY_ACCESS)
03622 #define FSCTL_QUERY_ON_DISK_VOLUME_INFO     CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 79, METHOD_BUFFERED, FILE_ANY_ACCESS)
03623 #define FSCTL_SET_VOLUME_COMPRESSION_STATE  CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 80, METHOD_BUFFERED, FILE_SPECIAL_ACCESS)
03624 #define FSCTL_TXFS_MODIFY_RM                CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 81, METHOD_BUFFERED, FILE_WRITE_DATA)
03625 #define FSCTL_TXFS_QUERY_RM_INFORMATION     CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 82, METHOD_BUFFERED, FILE_READ_DATA)
03626 #define FSCTL_TXFS_ROLLFORWARD_REDO         CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 84, METHOD_BUFFERED, FILE_WRITE_DATA)
03627 #define FSCTL_TXFS_ROLLFORWARD_UNDO         CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 85, METHOD_BUFFERED, FILE_WRITE_DATA)
03628 #define FSCTL_TXFS_START_RM                 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 86, METHOD_BUFFERED, FILE_WRITE_DATA)
03629 #define FSCTL_TXFS_SHUTDOWN_RM              CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 87, METHOD_BUFFERED, FILE_WRITE_DATA)
03630 #define FSCTL_TXFS_READ_BACKUP_INFORMATION  CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 88, METHOD_BUFFERED, FILE_READ_DATA)
03631 #define FSCTL_TXFS_WRITE_BACKUP_INFORMATION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 89, METHOD_BUFFERED, FILE_WRITE_DATA)
03632 #define FSCTL_TXFS_CREATE_SECONDARY_RM      CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 90, METHOD_BUFFERED, FILE_WRITE_DATA)
03633 #define FSCTL_TXFS_GET_METADATA_INFO        CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 91, METHOD_BUFFERED, FILE_READ_DATA)
03634 #define FSCTL_TXFS_GET_TRANSACTED_VERSION   CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 92, METHOD_BUFFERED, FILE_READ_DATA)
03635 #define FSCTL_TXFS_SAVEPOINT_INFORMATION    CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 94, METHOD_BUFFERED, FILE_WRITE_DATA)
03636 #define FSCTL_TXFS_CREATE_MINIVERSION       CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 95, METHOD_BUFFERED, FILE_WRITE_DATA)
03637 #define FSCTL_TXFS_TRANSACTION_ACTIVE       CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 99, METHOD_BUFFERED, FILE_READ_DATA)
03638 #define FSCTL_SET_ZERO_ON_DEALLOCATION      CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 101, METHOD_BUFFERED, FILE_SPECIAL_ACCESS)
03639 #define FSCTL_SET_REPAIR                    CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 102, METHOD_BUFFERED, FILE_ANY_ACCESS)
03640 #define FSCTL_GET_REPAIR                    CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 103, METHOD_BUFFERED, FILE_ANY_ACCESS)
03641 #define FSCTL_WAIT_FOR_REPAIR               CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 104, METHOD_BUFFERED, FILE_ANY_ACCESS)
03642 #define FSCTL_INITIATE_REPAIR               CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 106, METHOD_BUFFERED, FILE_ANY_ACCESS)
03643 #define FSCTL_CSC_INTERNAL                  CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 107, METHOD_NEITHER,  FILE_ANY_ACCESS)
03644 #define FSCTL_SHRINK_VOLUME                 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 108, METHOD_BUFFERED, FILE_SPECIAL_ACCESS)
03645 #define FSCTL_SET_SHORT_NAME_BEHAVIOR       CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 109, METHOD_BUFFERED, FILE_ANY_ACCESS)
03646 #define FSCTL_DFSR_SET_GHOST_HANDLE_STATE   CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 110, METHOD_BUFFERED, FILE_ANY_ACCESS)
03647 #define FSCTL_TXFS_LIST_TRANSACTION_LOCKED_FILES \
03648                                             CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 120, METHOD_BUFFERED, FILE_READ_DATA)
03649 #define FSCTL_TXFS_LIST_TRANSACTIONS        CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 121, METHOD_BUFFERED, FILE_READ_DATA)
03650 #define FSCTL_QUERY_PAGEFILE_ENCRYPTION     CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 122, METHOD_BUFFERED, FILE_ANY_ACCESS)
03651 #define FSCTL_RESET_VOLUME_ALLOCATION_HINTS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 123, METHOD_BUFFERED, FILE_ANY_ACCESS)
03652 #define FSCTL_TXFS_READ_BACKUP_INFORMATION2 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 126, METHOD_BUFFERED, FILE_ANY_ACCESS)
03653 
03654 #endif
03655 
03656 #if (_WIN32_WINNT >= 0x0601)
03657 
03658 #define FSCTL_QUERY_DEPENDENT_VOLUME        CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 124, METHOD_BUFFERED, FILE_ANY_ACCESS)
03659 #define FSCTL_SD_GLOBAL_CHANGE              CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 125, METHOD_BUFFERED, FILE_ANY_ACCESS)
03660 #define FSCTL_LOOKUP_STREAM_FROM_CLUSTER    CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 127, METHOD_BUFFERED, FILE_ANY_ACCESS)
03661 #define FSCTL_TXFS_WRITE_BACKUP_INFORMATION2 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 128, METHOD_BUFFERED, FILE_ANY_ACCESS)
03662 #define FSCTL_FILE_TYPE_NOTIFICATION        CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 129, METHOD_BUFFERED, FILE_ANY_ACCESS)
03663 #define FSCTL_GET_BOOT_AREA_INFO            CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 140, METHOD_BUFFERED, FILE_ANY_ACCESS)
03664 #define FSCTL_GET_RETRIEVAL_POINTER_BASE    CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 141, METHOD_BUFFERED, FILE_ANY_ACCESS)
03665 #define FSCTL_SET_PERSISTENT_VOLUME_STATE   CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 142, METHOD_BUFFERED, FILE_ANY_ACCESS)
03666 #define FSCTL_QUERY_PERSISTENT_VOLUME_STATE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 143, METHOD_BUFFERED, FILE_ANY_ACCESS)
03667 #define FSCTL_REQUEST_OPLOCK                CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 144, METHOD_BUFFERED, FILE_ANY_ACCESS)
03668 #define FSCTL_CSV_TUNNEL_REQUEST            CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 145, METHOD_BUFFERED, FILE_ANY_ACCESS)
03669 #define FSCTL_IS_CSV_FILE                   CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 146, METHOD_BUFFERED, FILE_ANY_ACCESS)
03670 #define FSCTL_QUERY_FILE_SYSTEM_RECOGNITION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 147, METHOD_BUFFERED, FILE_ANY_ACCESS)
03671 #define FSCTL_CSV_GET_VOLUME_PATH_NAME      CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 148, METHOD_BUFFERED, FILE_ANY_ACCESS)
03672 #define FSCTL_CSV_GET_VOLUME_NAME_FOR_VOLUME_MOUNT_POINT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 149, METHOD_BUFFERED, FILE_ANY_ACCESS)
03673 #define FSCTL_CSV_GET_VOLUME_PATH_NAMES_FOR_VOLUME_NAME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 150,  METHOD_BUFFERED, FILE_ANY_ACCESS)
03674 #define FSCTL_IS_FILE_ON_CSV_VOLUME         CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 151,  METHOD_BUFFERED, FILE_ANY_ACCESS)
03675 #define FSCTL_CSV_INTERNAL                  CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 155,  METHOD_BUFFERED, FILE_ANY_ACCESS)
03676 
03677 typedef struct _CSV_NAMESPACE_INFO {
03678   ULONG Version;
03679   ULONG DeviceNumber;
03680   LARGE_INTEGER StartingOffset;
03681   ULONG SectorSize;
03682 } CSV_NAMESPACE_INFO, *PCSV_NAMESPACE_INFO;
03683 
03684 #define CSV_NAMESPACE_INFO_V1 (sizeof(CSV_NAMESPACE_INFO))
03685 #define CSV_INVALID_DEVICE_NUMBER 0xFFFFFFFF
03686 
03687 #endif
03688 
03689 #if (_WIN32_WINNT >= 0x0602)
03690 
03691 #define FSCTL_FILE_LEVEL_TRIM               CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 130, METHOD_BUFFERED, FILE_WRITE_DATA)
03692 #define FSCTL_CORRUPTION_HANDLING           CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 152, METHOD_BUFFERED, FILE_ANY_ACCESS)
03693 #define FSCTL_OFFLOAD_READ                  CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 153, METHOD_BUFFERED, FILE_READ_ACCESS)
03694 #define FSCTL_OFFLOAD_WRITE                 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 154, METHOD_BUFFERED, FILE_WRITE_ACCESS)
03695 #define FSCTL_SET_PURGE_FAILURE_MODE        CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 156, METHOD_BUFFERED, FILE_ANY_ACCESS)
03696 #define FSCTL_QUERY_FILE_LAYOUT             CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 157, METHOD_NEITHER,  FILE_ANY_ACCESS)
03697 #define FSCTL_IS_VOLUME_OWNED_BYCSVFS       CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 158, METHOD_BUFFERED, FILE_ANY_ACCESS)
03698 #define FSCTL_GET_INTEGRITY_INFORMATION     CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 159, METHOD_BUFFERED, FILE_ANY_ACCESS)
03699 #define FSCTL_SET_INTEGRITY_INFORMATION     CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 160, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA)
03700 #define FSCTL_QUERY_FILE_REGIONS            CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 161, METHOD_BUFFERED, FILE_ANY_ACCESS)
03701 #define FSCTL_DEDUP_FILE                    CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 165, METHOD_BUFFERED, FILE_ANY_ACCESS)
03702 #define FSCTL_DEDUP_QUERY_FILE_HASHES       CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 166, METHOD_NEITHER,  FILE_READ_DATA)
03703 #define FSCTL_RKF_INTERNAL                  CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 171, METHOD_NEITHER,  FILE_ANY_ACCESS)
03704 #define FSCTL_SCRUB_DATA                    CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 172, METHOD_BUFFERED, FILE_ANY_ACCESS)
03705 #define FSCTL_REPAIR_COPIES                 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 173, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA)
03706 #define FSCTL_DISABLE_LOCAL_BUFFERING       CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 174, METHOD_BUFFERED, FILE_ANY_ACCESS)
03707 #define FSCTL_CSV_MGMT_LOCK                 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 175, METHOD_BUFFERED, FILE_ANY_ACCESS)
03708 #define FSCTL_CSV_QUERY_DOWN_LEVEL_FILE_SYSTEM_CHARACTERISTICS \
03709                                             CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 176, METHOD_BUFFERED, FILE_ANY_ACCESS)
03710 #define FSCTL_ADVANCE_FILE_ID               CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 177, METHOD_BUFFERED, FILE_ANY_ACCESS)
03711 #define FSCTL_CSV_SYNC_TUNNEL_REQUEST       CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 178, METHOD_BUFFERED, FILE_ANY_ACCESS)
03712 #define FSCTL_CSV_QUERY_VETO_FILE_DIRECT_IO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 179, METHOD_BUFFERED, FILE_ANY_ACCESS)
03713 #define FSCTL_WRITE_USN_REASON              CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 180, METHOD_BUFFERED, FILE_ANY_ACCESS)
03714 #define FSCTL_CSV_CONTROL                   CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 181, METHOD_BUFFERED, FILE_ANY_ACCESS)
03715 #define FSCTL_GET_REFS_VOLUME_DATA          CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 182, METHOD_BUFFERED, FILE_ANY_ACCESS)
03716 
03717 #endif
03718 
03719 #define FSCTL_MARK_AS_SYSTEM_HIVE           FSCTL_SET_BOOTLOADER_ACCESSED
03720 
03721 typedef struct _PATHNAME_BUFFER {
03722   ULONG PathNameLength;
03723   WCHAR Name[1];
03724 } PATHNAME_BUFFER, *PPATHNAME_BUFFER;
03725 
03726 typedef struct _FSCTL_QUERY_FAT_BPB_BUFFER {
03727   UCHAR First0x24BytesOfBootSector[0x24];
03728 } FSCTL_QUERY_FAT_BPB_BUFFER, *PFSCTL_QUERY_FAT_BPB_BUFFER;
03729 
03730 #if (_WIN32_WINNT >= 0x0400)
03731 
03732 typedef struct _NTFS_VOLUME_DATA_BUFFER {
03733   LARGE_INTEGER VolumeSerialNumber;
03734   LARGE_INTEGER NumberSectors;
03735   LARGE_INTEGER TotalClusters;
03736   LARGE_INTEGER FreeClusters;
03737   LARGE_INTEGER TotalReserved;
03738   ULONG BytesPerSector;
03739   ULONG BytesPerCluster;
03740   ULONG BytesPerFileRecordSegment;
03741   ULONG ClustersPerFileRecordSegment;
03742   LARGE_INTEGER MftValidDataLength;
03743   LARGE_INTEGER MftStartLcn;
03744   LARGE_INTEGER Mft2StartLcn;
03745   LARGE_INTEGER MftZoneStart;
03746   LARGE_INTEGER MftZoneEnd;
03747 } NTFS_VOLUME_DATA_BUFFER, *PNTFS_VOLUME_DATA_BUFFER;
03748 
03749 typedef struct _NTFS_EXTENDED_VOLUME_DATA {
03750   ULONG ByteCount;
03751   USHORT MajorVersion;
03752   USHORT MinorVersion;
03753 } NTFS_EXTENDED_VOLUME_DATA, *PNTFS_EXTENDED_VOLUME_DATA;
03754 
03755 typedef struct _STARTING_LCN_INPUT_BUFFER {
03756   LARGE_INTEGER StartingLcn;
03757 } STARTING_LCN_INPUT_BUFFER, *PSTARTING_LCN_INPUT_BUFFER;
03758 
03759 typedef struct _VOLUME_BITMAP_BUFFER {
03760   LARGE_INTEGER StartingLcn;
03761   LARGE_INTEGER BitmapSize;
03762   UCHAR Buffer[1];
03763 } VOLUME_BITMAP_BUFFER, *PVOLUME_BITMAP_BUFFER;
03764 
03765 typedef struct _STARTING_VCN_INPUT_BUFFER {
03766   LARGE_INTEGER StartingVcn;
03767 } STARTING_VCN_INPUT_BUFFER, *PSTARTING_VCN_INPUT_BUFFER;
03768 
03769 typedef struct _RETRIEVAL_POINTERS_BUFFER {
03770   ULONG ExtentCount;
03771   LARGE_INTEGER StartingVcn;
03772   struct {
03773     LARGE_INTEGER NextVcn;
03774     LARGE_INTEGER Lcn;
03775   } Extents[1];
03776 } RETRIEVAL_POINTERS_BUFFER, *PRETRIEVAL_POINTERS_BUFFER;
03777 
03778 typedef struct _NTFS_FILE_RECORD_INPUT_BUFFER {
03779   LARGE_INTEGER FileReferenceNumber;
03780 } NTFS_FILE_RECORD_INPUT_BUFFER, *PNTFS_FILE_RECORD_INPUT_BUFFER;
03781 
03782 typedef struct _NTFS_FILE_RECORD_OUTPUT_BUFFER {
03783   LARGE_INTEGER FileReferenceNumber;
03784   ULONG FileRecordLength;
03785   UCHAR FileRecordBuffer[1];
03786 } NTFS_FILE_RECORD_OUTPUT_BUFFER, *PNTFS_FILE_RECORD_OUTPUT_BUFFER;
03787 
03788 typedef struct _MOVE_FILE_DATA {
03789   HANDLE FileHandle;
03790   LARGE_INTEGER StartingVcn;
03791   LARGE_INTEGER StartingLcn;
03792   ULONG ClusterCount;
03793 } MOVE_FILE_DATA, *PMOVE_FILE_DATA;
03794 
03795 typedef struct _MOVE_FILE_RECORD_DATA {
03796   HANDLE FileHandle;
03797   LARGE_INTEGER SourceFileRecord;
03798   LARGE_INTEGER TargetFileRecord;
03799 } MOVE_FILE_RECORD_DATA, *PMOVE_FILE_RECORD_DATA;
03800 
03801 #if defined(_WIN64)
03802 typedef struct _MOVE_FILE_DATA32 {
03803   UINT32 FileHandle;
03804   LARGE_INTEGER StartingVcn;
03805   LARGE_INTEGER StartingLcn;
03806   ULONG ClusterCount;
03807 } MOVE_FILE_DATA32, *PMOVE_FILE_DATA32;
03808 #endif
03809 
03810 #endif /* (_WIN32_WINNT >= 0x0400) */
03811 
03812 #if (_WIN32_WINNT >= 0x0500)
03813 
03814 typedef struct _FIND_BY_SID_DATA {
03815   ULONG Restart;
03816   SID Sid;
03817 } FIND_BY_SID_DATA, *PFIND_BY_SID_DATA;
03818 
03819 typedef struct _FIND_BY_SID_OUTPUT {
03820   ULONG NextEntryOffset;
03821   ULONG FileIndex;
03822   ULONG FileNameLength;
03823   WCHAR FileName[1];
03824 } FIND_BY_SID_OUTPUT, *PFIND_BY_SID_OUTPUT;
03825 
03826 typedef struct _MFT_ENUM_DATA {
03827   ULONGLONG StartFileReferenceNumber;
03828   USN LowUsn;
03829   USN HighUsn;
03830 } MFT_ENUM_DATA, *PMFT_ENUM_DATA;
03831 
03832 typedef struct _CREATE_USN_JOURNAL_DATA {
03833   ULONGLONG MaximumSize;
03834   ULONGLONG AllocationDelta;
03835 } CREATE_USN_JOURNAL_DATA, *PCREATE_USN_JOURNAL_DATA;
03836 
03837 typedef struct _READ_USN_JOURNAL_DATA {
03838   USN StartUsn;
03839   ULONG ReasonMask;
03840   ULONG ReturnOnlyOnClose;
03841   ULONGLONG Timeout;
03842   ULONGLONG BytesToWaitFor;
03843   ULONGLONG UsnJournalID;
03844 } READ_USN_JOURNAL_DATA, *PREAD_USN_JOURNAL_DATA;
03845 
03846 typedef struct _USN_RECORD {
03847   ULONG RecordLength;
03848   USHORT MajorVersion;
03849   USHORT MinorVersion;
03850   ULONGLONG FileReferenceNumber;
03851   ULONGLONG ParentFileReferenceNumber;
03852   USN Usn;
03853   LARGE_INTEGER TimeStamp;
03854   ULONG Reason;
03855   ULONG SourceInfo;
03856   ULONG SecurityId;
03857   ULONG FileAttributes;
03858   USHORT FileNameLength;
03859   USHORT FileNameOffset;
03860   WCHAR FileName[1];
03861 } USN_RECORD, *PUSN_RECORD;
03862 
03863 #define USN_PAGE_SIZE                    (0x1000)
03864 
03865 #define USN_REASON_DATA_OVERWRITE        (0x00000001)
03866 #define USN_REASON_DATA_EXTEND           (0x00000002)
03867 #define USN_REASON_DATA_TRUNCATION       (0x00000004)
03868 #define USN_REASON_NAMED_DATA_OVERWRITE  (0x00000010)
03869 #define USN_REASON_NAMED_DATA_EXTEND     (0x00000020)
03870 #define USN_REASON_NAMED_DATA_TRUNCATION (0x00000040)
03871 #define USN_REASON_FILE_CREATE           (0x00000100)
03872 #define USN_REASON_FILE_DELETE           (0x00000200)
03873 #define USN_REASON_EA_CHANGE             (0x00000400)
03874 #define USN_REASON_SECURITY_CHANGE       (0x00000800)
03875 #define USN_REASON_RENAME_OLD_NAME       (0x00001000)
03876 #define USN_REASON_RENAME_NEW_NAME       (0x00002000)
03877 #define USN_REASON_INDEXABLE_CHANGE      (0x00004000)
03878 #define USN_REASON_BASIC_INFO_CHANGE     (0x00008000)
03879 #define USN_REASON_HARD_LINK_CHANGE      (0x00010000)
03880 #define USN_REASON_COMPRESSION_CHANGE    (0x00020000)
03881 #define USN_REASON_ENCRYPTION_CHANGE     (0x00040000)
03882 #define USN_REASON_OBJECT_ID_CHANGE      (0x00080000)
03883 #define USN_REASON_REPARSE_POINT_CHANGE  (0x00100000)
03884 #define USN_REASON_STREAM_CHANGE         (0x00200000)
03885 #define USN_REASON_TRANSACTED_CHANGE     (0x00400000)
03886 #define USN_REASON_CLOSE                 (0x80000000)
03887 
03888 typedef struct _USN_JOURNAL_DATA {
03889   ULONGLONG UsnJournalID;
03890   USN FirstUsn;
03891   USN NextUsn;
03892   USN LowestValidUsn;
03893   USN MaxUsn;
03894   ULONGLONG MaximumSize;
03895   ULONGLONG AllocationDelta;
03896 } USN_JOURNAL_DATA, *PUSN_JOURNAL_DATA;
03897 
03898 typedef struct _DELETE_USN_JOURNAL_DATA {
03899   ULONGLONG UsnJournalID;
03900   ULONG DeleteFlags;
03901 } DELETE_USN_JOURNAL_DATA, *PDELETE_USN_JOURNAL_DATA;
03902 
03903 #define USN_DELETE_FLAG_DELETE              (0x00000001)
03904 #define USN_DELETE_FLAG_NOTIFY              (0x00000002)
03905 #define USN_DELETE_VALID_FLAGS              (0x00000003)
03906 
03907 typedef struct _MARK_HANDLE_INFO {
03908   ULONG UsnSourceInfo;
03909   HANDLE VolumeHandle;
03910   ULONG HandleInfo;
03911 } MARK_HANDLE_INFO, *PMARK_HANDLE_INFO;
03912 
03913 #if defined(_WIN64)
03914 typedef struct _MARK_HANDLE_INFO32 {
03915   ULONG UsnSourceInfo;
03916   UINT32 VolumeHandle;
03917   ULONG HandleInfo;
03918 } MARK_HANDLE_INFO32, *PMARK_HANDLE_INFO32;
03919 #endif
03920 
03921 #define USN_SOURCE_DATA_MANAGEMENT          (0x00000001)
03922 #define USN_SOURCE_AUXILIARY_DATA           (0x00000002)
03923 #define USN_SOURCE_REPLICATION_MANAGEMENT   (0x00000004)
03924 
03925 #define MARK_HANDLE_PROTECT_CLUSTERS        (0x00000001)
03926 #define MARK_HANDLE_TXF_SYSTEM_LOG          (0x00000004)
03927 #define MARK_HANDLE_NOT_TXF_SYSTEM_LOG      (0x00000008)
03928 
03929 typedef struct _BULK_SECURITY_TEST_DATA {
03930   ACCESS_MASK DesiredAccess;
03931   ULONG SecurityIds[1];
03932 } BULK_SECURITY_TEST_DATA, *PBULK_SECURITY_TEST_DATA;
03933 
03934 #define VOLUME_IS_DIRTY                  (0x00000001)
03935 #define VOLUME_UPGRADE_SCHEDULED         (0x00000002)
03936 #define VOLUME_SESSION_OPEN              (0x00000004)
03937 
03938 typedef struct _FILE_PREFETCH {
03939   ULONG Type;
03940   ULONG Count;
03941   ULONGLONG Prefetch[1];
03942 } FILE_PREFETCH, *PFILE_PREFETCH;
03943 
03944 typedef struct _FILE_PREFETCH_EX {
03945   ULONG Type;
03946   ULONG Count;
03947   PVOID Context;
03948   ULONGLONG Prefetch[1];
03949 } FILE_PREFETCH_EX, *PFILE_PREFETCH_EX;
03950 
03951 #define FILE_PREFETCH_TYPE_FOR_CREATE       0x1
03952 #define FILE_PREFETCH_TYPE_FOR_DIRENUM      0x2
03953 #define FILE_PREFETCH_TYPE_FOR_CREATE_EX    0x3
03954 #define FILE_PREFETCH_TYPE_FOR_DIRENUM_EX   0x4
03955 
03956 #define FILE_PREFETCH_TYPE_MAX              0x4
03957 
03958 typedef struct _FILE_OBJECTID_BUFFER {
03959   UCHAR ObjectId[16];
03960   _ANONYMOUS_UNION union {
03961     _ANONYMOUS_STRUCT struct {
03962       UCHAR BirthVolumeId[16];
03963       UCHAR BirthObjectId[16];
03964       UCHAR DomainId[16];
03965     } DUMMYSTRUCTNAME;
03966     UCHAR ExtendedInfo[48];
03967   } DUMMYUNIONNAME;
03968 } FILE_OBJECTID_BUFFER, *PFILE_OBJECTID_BUFFER;
03969 
03970 typedef struct _FILE_SET_SPARSE_BUFFER {
03971   BOOLEAN SetSparse;
03972 } FILE_SET_SPARSE_BUFFER, *PFILE_SET_SPARSE_BUFFER;
03973 
03974 typedef struct _FILE_ZERO_DATA_INFORMATION {
03975   LARGE_INTEGER FileOffset;
03976   LARGE_INTEGER BeyondFinalZero;
03977 } FILE_ZERO_DATA_INFORMATION, *PFILE_ZERO_DATA_INFORMATION;
03978 
03979 typedef struct _FILE_ALLOCATED_RANGE_BUFFER {
03980   LARGE_INTEGER FileOffset;
03981   LARGE_INTEGER Length;
03982 } FILE_ALLOCATED_RANGE_BUFFER, *PFILE_ALLOCATED_RANGE_BUFFER;
03983 
03984 typedef struct _ENCRYPTION_BUFFER {
03985   ULONG EncryptionOperation;
03986   UCHAR Private[1];
03987 } ENCRYPTION_BUFFER, *PENCRYPTION_BUFFER;
03988 
03989 #define FILE_SET_ENCRYPTION         0x00000001
03990 #define FILE_CLEAR_ENCRYPTION       0x00000002
03991 #define STREAM_SET_ENCRYPTION       0x00000003
03992 #define STREAM_CLEAR_ENCRYPTION     0x00000004
03993 
03994 #define MAXIMUM_ENCRYPTION_VALUE    0x00000004
03995 
03996 typedef struct _DECRYPTION_STATUS_BUFFER {
03997   BOOLEAN NoEncryptedStreams;
03998 } DECRYPTION_STATUS_BUFFER, *PDECRYPTION_STATUS_BUFFER;
03999 
04000 #define ENCRYPTION_FORMAT_DEFAULT        (0x01)
04001 
04002 #define COMPRESSION_FORMAT_SPARSE        (0x4000)
04003 
04004 typedef struct _REQUEST_RAW_ENCRYPTED_DATA {
04005   LONGLONG FileOffset;
04006   ULONG Length;
04007 } REQUEST_RAW_ENCRYPTED_DATA, *PREQUEST_RAW_ENCRYPTED_DATA;
04008 
04009 typedef struct _ENCRYPTED_DATA_INFO {
04010   ULONGLONG StartingFileOffset;
04011   ULONG OutputBufferOffset;
04012   ULONG BytesWithinFileSize;
04013   ULONG BytesWithinValidDataLength;
04014   USHORT CompressionFormat;
04015   UCHAR DataUnitShift;
04016   UCHAR ChunkShift;
04017   UCHAR ClusterShift;
04018   UCHAR EncryptionFormat;
04019   USHORT NumberOfDataBlocks;
04020   ULONG DataBlockSize[ANYSIZE_ARRAY];
04021 } ENCRYPTED_DATA_INFO, *PENCRYPTED_DATA_INFO;
04022 
04023 typedef struct _PLEX_READ_DATA_REQUEST {
04024   LARGE_INTEGER ByteOffset;
04025   ULONG ByteLength;
04026   ULONG PlexNumber;
04027 } PLEX_READ_DATA_REQUEST, *PPLEX_READ_DATA_REQUEST;
04028 
04029 typedef struct _SI_COPYFILE {
04030   ULONG SourceFileNameLength;
04031   ULONG DestinationFileNameLength;
04032   ULONG Flags;
04033   WCHAR FileNameBuffer[1];
04034 } SI_COPYFILE, *PSI_COPYFILE;
04035 
04036 #define COPYFILE_SIS_LINK       0x0001
04037 #define COPYFILE_SIS_REPLACE    0x0002
04038 #define COPYFILE_SIS_FLAGS      0x0003
04039 
04040 #endif /* (_WIN32_WINNT >= 0x0500) */
04041 
04042 #if (_WIN32_WINNT >= 0x0600)
04043 
04044 typedef struct _FILE_MAKE_COMPATIBLE_BUFFER {
04045   BOOLEAN CloseDisc;
04046 } FILE_MAKE_COMPATIBLE_BUFFER, *PFILE_MAKE_COMPATIBLE_BUFFER;
04047 
04048 typedef struct _FILE_SET_DEFECT_MGMT_BUFFER {
04049   BOOLEAN Disable;
04050 } FILE_SET_DEFECT_MGMT_BUFFER, *PFILE_SET_DEFECT_MGMT_BUFFER;
04051 
04052 typedef struct _FILE_QUERY_SPARING_BUFFER {
04053   ULONG SparingUnitBytes;
04054   BOOLEAN SoftwareSparing;
04055   ULONG TotalSpareBlocks;
04056   ULONG FreeSpareBlocks;
04057 } FILE_QUERY_SPARING_BUFFER, *PFILE_QUERY_SPARING_BUFFER;
04058 
04059 typedef struct _FILE_QUERY_ON_DISK_VOL_INFO_BUFFER {
04060   LARGE_INTEGER DirectoryCount;
04061   LARGE_INTEGER FileCount;
04062   USHORT FsFormatMajVersion;
04063   USHORT FsFormatMinVersion;
04064   WCHAR FsFormatName[12];
04065   LARGE_INTEGER FormatTime;
04066   LARGE_INTEGER LastUpdateTime;
04067   WCHAR CopyrightInfo[34];
04068   WCHAR AbstractInfo[34];
04069   WCHAR FormattingImplementationInfo[34];
04070   WCHAR LastModifyingImplementationInfo[34];
04071 } FILE_QUERY_ON_DISK_VOL_INFO_BUFFER, *PFILE_QUERY_ON_DISK_VOL_INFO_BUFFER;
04072 
04073 #define SET_REPAIR_ENABLED                                      (0x00000001)
04074 #define SET_REPAIR_VOLUME_BITMAP_SCAN                           (0x00000002)
04075 #define SET_REPAIR_DELETE_CROSSLINK                             (0x00000004)
04076 #define SET_REPAIR_WARN_ABOUT_DATA_LOSS                         (0x00000008)
04077 #define SET_REPAIR_DISABLED_AND_BUGCHECK_ON_CORRUPT             (0x00000010)
04078 #define SET_REPAIR_VALID_MASK                                   (0x0000001F)
04079 
04080 typedef enum _SHRINK_VOLUME_REQUEST_TYPES {
04081   ShrinkPrepare = 1,
04082   ShrinkCommit,
04083   ShrinkAbort
04084 } SHRINK_VOLUME_REQUEST_TYPES, *PSHRINK_VOLUME_REQUEST_TYPES;
04085 
04086 typedef struct _SHRINK_VOLUME_INFORMATION {
04087   SHRINK_VOLUME_REQUEST_TYPES ShrinkRequestType;
04088   ULONGLONG Flags;
04089   LONGLONG NewNumberOfSectors;
04090 } SHRINK_VOLUME_INFORMATION, *PSHRINK_VOLUME_INFORMATION;
04091 
04092 #define TXFS_RM_FLAG_LOGGING_MODE                           0x00000001
04093 #define TXFS_RM_FLAG_RENAME_RM                              0x00000002
04094 #define TXFS_RM_FLAG_LOG_CONTAINER_COUNT_MAX                0x00000004
04095 #define TXFS_RM_FLAG_LOG_CONTAINER_COUNT_MIN                0x00000008
04096 #define TXFS_RM_FLAG_LOG_GROWTH_INCREMENT_NUM_CONTAINERS    0x00000010
04097 #define TXFS_RM_FLAG_LOG_GROWTH_INCREMENT_PERCENT           0x00000020
04098 #define TXFS_RM_FLAG_LOG_AUTO_SHRINK_PERCENTAGE             0x00000040
04099 #define TXFS_RM_FLAG_LOG_NO_CONTAINER_COUNT_MAX             0x00000080
04100 #define TXFS_RM_FLAG_LOG_NO_CONTAINER_COUNT_MIN             0x00000100
04101 #define TXFS_RM_FLAG_GROW_LOG                               0x00000400
04102 #define TXFS_RM_FLAG_SHRINK_LOG                             0x00000800
04103 #define TXFS_RM_FLAG_ENFORCE_MINIMUM_SIZE                   0x00001000
04104 #define TXFS_RM_FLAG_PRESERVE_CHANGES                       0x00002000
04105 #define TXFS_RM_FLAG_RESET_RM_AT_NEXT_START                 0x00004000
04106 #define TXFS_RM_FLAG_DO_NOT_RESET_RM_AT_NEXT_START          0x00008000
04107 #define TXFS_RM_FLAG_PREFER_CONSISTENCY                     0x00010000
04108 #define TXFS_RM_FLAG_PREFER_AVAILABILITY                    0x00020000
04109 
04110 #define TXFS_LOGGING_MODE_SIMPLE        (0x0001)
04111 #define TXFS_LOGGING_MODE_FULL          (0x0002)
04112 
04113 #define TXFS_TRANSACTION_STATE_NONE         0x00
04114 #define TXFS_TRANSACTION_STATE_ACTIVE       0x01
04115 #define TXFS_TRANSACTION_STATE_PREPARED     0x02
04116 #define TXFS_TRANSACTION_STATE_NOTACTIVE    0x03
04117 
04118 #define TXFS_MODIFY_RM_VALID_FLAGS (TXFS_RM_FLAG_LOGGING_MODE                        | \
04119                                     TXFS_RM_FLAG_RENAME_RM                           | \
04120                                     TXFS_RM_FLAG_LOG_CONTAINER_COUNT_MAX             | \
04121                                     TXFS_RM_FLAG_LOG_CONTAINER_COUNT_MIN             | \
04122                                     TXFS_RM_FLAG_LOG_GROWTH_INCREMENT_NUM_CONTAINERS | \
04123                                     TXFS_RM_FLAG_LOG_GROWTH_INCREMENT_PERCENT        | \
04124                                     TXFS_RM_FLAG_LOG_AUTO_SHRINK_PERCENTAGE          | \
04125                                     TXFS_RM_FLAG_LOG_NO_CONTAINER_COUNT_MAX          | \
04126                                     TXFS_RM_FLAG_LOG_NO_CONTAINER_COUNT_MIN          | \
04127                                     TXFS_RM_FLAG_SHRINK_LOG                          | \
04128                                     TXFS_RM_FLAG_GROW_LOG                            | \
04129                                     TXFS_RM_FLAG_ENFORCE_MINIMUM_SIZE                | \
04130                                     TXFS_RM_FLAG_PRESERVE_CHANGES                    | \
04131                                     TXFS_RM_FLAG_RESET_RM_AT_NEXT_START              | \
04132                                     TXFS_RM_FLAG_DO_NOT_RESET_RM_AT_NEXT_START       | \
04133                                     TXFS_RM_FLAG_PREFER_CONSISTENCY                  | \
04134                                     TXFS_RM_FLAG_PREFER_AVAILABILITY)
04135 
04136 typedef struct _TXFS_MODIFY_RM {
04137   ULONG Flags;
04138   ULONG LogContainerCountMax;
04139   ULONG LogContainerCountMin;
04140   ULONG LogContainerCount;
04141   ULONG LogGrowthIncrement;
04142   ULONG LogAutoShrinkPercentage;
04143   ULONGLONG Reserved;
04144   USHORT LoggingMode;
04145 } TXFS_MODIFY_RM, *PTXFS_MODIFY_RM;
04146 
04147 #define TXFS_RM_STATE_NOT_STARTED       0
04148 #define TXFS_RM_STATE_STARTING          1
04149 #define TXFS_RM_STATE_ACTIVE            2
04150 #define TXFS_RM_STATE_SHUTTING_DOWN     3
04151 
04152 #define TXFS_QUERY_RM_INFORMATION_VALID_FLAGS                           \
04153                 (TXFS_RM_FLAG_LOG_GROWTH_INCREMENT_NUM_CONTAINERS   |   \
04154                  TXFS_RM_FLAG_LOG_GROWTH_INCREMENT_PERCENT          |   \
04155                  TXFS_RM_FLAG_LOG_NO_CONTAINER_COUNT_MAX            |   \
04156                  TXFS_RM_FLAG_LOG_NO_CONTAINER_COUNT_MIN            |   \
04157                  TXFS_RM_FLAG_RESET_RM_AT_NEXT_START                |   \
04158                  TXFS_RM_FLAG_DO_NOT_RESET_RM_AT_NEXT_START         |   \
04159                  TXFS_RM_FLAG_PREFER_CONSISTENCY                    |   \
04160                  TXFS_RM_FLAG_PREFER_AVAILABILITY)
04161 
04162 typedef struct _TXFS_QUERY_RM_INFORMATION {
04163   ULONG BytesRequired;
04164   ULONGLONG TailLsn;
04165   ULONGLONG CurrentLsn;
04166   ULONGLONG ArchiveTailLsn;
04167   ULONGLONG LogContainerSize;
04168   LARGE_INTEGER HighestVirtualClock;
04169   ULONG LogContainerCount;
04170   ULONG LogContainerCountMax;
04171   ULONG LogContainerCountMin;
04172   ULONG LogGrowthIncrement;
04173   ULONG LogAutoShrinkPercentage;
04174   ULONG Flags;
04175   USHORT LoggingMode;
04176   USHORT Reserved;
04177   ULONG RmState;
04178   ULONGLONG LogCapacity;
04179   ULONGLONG LogFree;
04180   ULONGLONG TopsSize;
04181   ULONGLONG TopsUsed;
04182   ULONGLONG TransactionCount;
04183   ULONGLONG OnePCCount;
04184   ULONGLONG TwoPCCount;
04185   ULONGLONG NumberLogFileFull;
04186   ULONGLONG OldestTransactionAge;
04187   GUID RMName;
04188   ULONG TmLogPathOffset;
04189 } TXFS_QUERY_RM_INFORMATION, *PTXFS_QUERY_RM_INFORMATION;
04190 
04191 #define TXFS_ROLLFORWARD_REDO_FLAG_USE_LAST_REDO_LSN        0x01
04192 #define TXFS_ROLLFORWARD_REDO_FLAG_USE_LAST_VIRTUAL_CLOCK   0x02
04193 
04194 #define TXFS_ROLLFORWARD_REDO_VALID_FLAGS                               \
04195                 (TXFS_ROLLFORWARD_REDO_FLAG_USE_LAST_REDO_LSN |         \
04196                  TXFS_ROLLFORWARD_REDO_FLAG_USE_LAST_VIRTUAL_CLOCK)
04197 
04198 typedef struct _TXFS_ROLLFORWARD_REDO_INFORMATION {
04199   LARGE_INTEGER LastVirtualClock;
04200   ULONGLONG LastRedoLsn;
04201   ULONGLONG HighestRecoveryLsn;
04202   ULONG Flags;
04203 } TXFS_ROLLFORWARD_REDO_INFORMATION, *PTXFS_ROLLFORWARD_REDO_INFORMATION;
04204 
04205 #define TXFS_START_RM_FLAG_LOG_CONTAINER_COUNT_MAX              0x00000001
04206 #define TXFS_START_RM_FLAG_LOG_CONTAINER_COUNT_MIN              0x00000002
04207 #define TXFS_START_RM_FLAG_LOG_CONTAINER_SIZE                   0x00000004
04208 #define TXFS_START_RM_FLAG_LOG_GROWTH_INCREMENT_NUM_CONTAINERS  0x00000008
04209 #define TXFS_START_RM_FLAG_LOG_GROWTH_INCREMENT_PERCENT         0x00000010
04210 #define TXFS_START_RM_FLAG_LOG_AUTO_SHRINK_PERCENTAGE           0x00000020
04211 #define TXFS_START_RM_FLAG_LOG_NO_CONTAINER_COUNT_MAX           0x00000040
04212 #define TXFS_START_RM_FLAG_LOG_NO_CONTAINER_COUNT_MIN           0x00000080
04213 
04214 #define TXFS_START_RM_FLAG_RECOVER_BEST_EFFORT                  0x00000200
04215 #define TXFS_START_RM_FLAG_LOGGING_MODE                         0x00000400
04216 #define TXFS_START_RM_FLAG_PRESERVE_CHANGES                     0x00000800
04217 
04218 #define TXFS_START_RM_FLAG_PREFER_CONSISTENCY                   0x00001000
04219 #define TXFS_START_RM_FLAG_PREFER_AVAILABILITY                  0x00002000
04220 
04221 #define TXFS_START_RM_VALID_FLAGS                                           \
04222                 (TXFS_START_RM_FLAG_LOG_CONTAINER_COUNT_MAX             |   \
04223                  TXFS_START_RM_FLAG_LOG_CONTAINER_COUNT_MIN             |   \
04224                  TXFS_START_RM_FLAG_LOG_CONTAINER_SIZE                  |   \
04225                  TXFS_START_RM_FLAG_LOG_GROWTH_INCREMENT_NUM_CONTAINERS |   \
04226                  TXFS_START_RM_FLAG_LOG_GROWTH_INCREMENT_PERCENT        |   \
04227                  TXFS_START_RM_FLAG_LOG_AUTO_SHRINK_PERCENTAGE          |   \
04228                  TXFS_START_RM_FLAG_RECOVER_BEST_EFFORT                 |   \
04229                  TXFS_START_RM_FLAG_LOG_NO_CONTAINER_COUNT_MAX          |   \
04230                  TXFS_START_RM_FLAG_LOGGING_MODE                        |   \
04231                  TXFS_START_RM_FLAG_PRESERVE_CHANGES                    |   \
04232                  TXFS_START_RM_FLAG_PREFER_CONSISTENCY                  |   \
04233                  TXFS_START_RM_FLAG_PREFER_AVAILABILITY)
04234 
04235 typedef struct _TXFS_START_RM_INFORMATION {
04236   ULONG Flags;
04237   ULONGLONG LogContainerSize;
04238   ULONG LogContainerCountMin;
04239   ULONG LogContainerCountMax;
04240   ULONG LogGrowthIncrement;
04241   ULONG LogAutoShrinkPercentage;
04242   ULONG TmLogPathOffset;
04243   USHORT TmLogPathLength;
04244   USHORT LoggingMode;
04245   USHORT LogPathLength;
04246   USHORT Reserved;
04247   WCHAR LogPath[1];
04248 } TXFS_START_RM_INFORMATION, *PTXFS_START_RM_INFORMATION;
04249 
04250 typedef struct _TXFS_GET_METADATA_INFO_OUT {
04251   struct {
04252     LONGLONG LowPart;
04253     LONGLONG HighPart;
04254   } TxfFileId;
04255   GUID LockingTransaction;
04256   ULONGLONG LastLsn;
04257   ULONG TransactionState;
04258 } TXFS_GET_METADATA_INFO_OUT, *PTXFS_GET_METADATA_INFO_OUT;
04259 
04260 #define TXFS_LIST_TRANSACTION_LOCKED_FILES_ENTRY_FLAG_CREATED   0x00000001
04261 #define TXFS_LIST_TRANSACTION_LOCKED_FILES_ENTRY_FLAG_DELETED   0x00000002
04262 
04263 typedef struct _TXFS_LIST_TRANSACTION_LOCKED_FILES_ENTRY {
04264   ULONGLONG Offset;
04265   ULONG NameFlags;
04266   LONGLONG FileId;
04267   ULONG Reserved1;
04268   ULONG Reserved2;
04269   LONGLONG Reserved3;
04270   WCHAR FileName[1];
04271 } TXFS_LIST_TRANSACTION_LOCKED_FILES_ENTRY, *PTXFS_LIST_TRANSACTION_LOCKED_FILES_ENTRY;
04272 
04273 typedef struct _TXFS_LIST_TRANSACTION_LOCKED_FILES {
04274   GUID KtmTransaction;
04275   ULONGLONG NumberOfFiles;
04276   ULONGLONG BufferSizeRequired;
04277   ULONGLONG Offset;
04278 } TXFS_LIST_TRANSACTION_LOCKED_FILES, *PTXFS_LIST_TRANSACTION_LOCKED_FILES;
04279 
04280 typedef struct _TXFS_LIST_TRANSACTIONS_ENTRY {
04281   GUID TransactionId;
04282   ULONG TransactionState;
04283   ULONG Reserved1;
04284   ULONG Reserved2;
04285   LONGLONG Reserved3;
04286 } TXFS_LIST_TRANSACTIONS_ENTRY, *PTXFS_LIST_TRANSACTIONS_ENTRY;
04287 
04288 typedef struct _TXFS_LIST_TRANSACTIONS {
04289   ULONGLONG NumberOfTransactions;
04290   ULONGLONG BufferSizeRequired;
04291 } TXFS_LIST_TRANSACTIONS, *PTXFS_LIST_TRANSACTIONS;
04292 
04293 typedef struct _TXFS_READ_BACKUP_INFORMATION_OUT {
04294   _ANONYMOUS_UNION union {
04295     ULONG BufferLength;
04296     UCHAR Buffer[1];
04297   } DUMMYUNIONNAME;
04298 } TXFS_READ_BACKUP_INFORMATION_OUT, *PTXFS_READ_BACKUP_INFORMATION_OUT;
04299 
04300 typedef struct _TXFS_WRITE_BACKUP_INFORMATION {
04301   UCHAR Buffer[1];
04302 } TXFS_WRITE_BACKUP_INFORMATION, *PTXFS_WRITE_BACKUP_INFORMATION;
04303 
04304 #define TXFS_TRANSACTED_VERSION_NONTRANSACTED   0xFFFFFFFE
04305 #define TXFS_TRANSACTED_VERSION_UNCOMMITTED     0xFFFFFFFF
04306 
04307 typedef struct _TXFS_GET_TRANSACTED_VERSION {
04308   ULONG ThisBaseVersion;
04309   ULONG LatestVersion;
04310   USHORT ThisMiniVersion;
04311   USHORT FirstMiniVersion;
04312   USHORT LatestMiniVersion;
04313 } TXFS_GET_TRANSACTED_VERSION, *PTXFS_GET_TRANSACTED_VERSION;
04314 
04315 #define TXFS_SAVEPOINT_SET                      0x00000001
04316 #define TXFS_SAVEPOINT_ROLLBACK                 0x00000002
04317 #define TXFS_SAVEPOINT_CLEAR                    0x00000004
04318 #define TXFS_SAVEPOINT_CLEAR_ALL                0x00000010
04319 
04320 typedef struct _TXFS_SAVEPOINT_INFORMATION {
04321   HANDLE KtmTransaction;
04322   ULONG ActionCode;
04323   ULONG SavepointId;
04324 } TXFS_SAVEPOINT_INFORMATION, *PTXFS_SAVEPOINT_INFORMATION;
04325 
04326 typedef struct _TXFS_CREATE_MINIVERSION_INFO {
04327   USHORT StructureVersion;
04328   USHORT StructureLength;
04329   ULONG BaseVersion;
04330   USHORT MiniVersion;
04331 } TXFS_CREATE_MINIVERSION_INFO, *PTXFS_CREATE_MINIVERSION_INFO;
04332 
04333 typedef struct _TXFS_TRANSACTION_ACTIVE_INFO {
04334   BOOLEAN TransactionsActiveAtSnapshot;
04335 } TXFS_TRANSACTION_ACTIVE_INFO, *PTXFS_TRANSACTION_ACTIVE_INFO;
04336 
04337 #endif /* (_WIN32_WINNT >= 0x0600) */
04338 
04339 #if (_WIN32_WINNT >= 0x0601)
04340 
04341 #define MARK_HANDLE_REALTIME                (0x00000020)
04342 #define MARK_HANDLE_NOT_REALTIME            (0x00000040)
04343 
04344 #define NO_8DOT3_NAME_PRESENT               (0x00000001)
04345 #define REMOVED_8DOT3_NAME                  (0x00000002)
04346 
04347 #define PERSISTENT_VOLUME_STATE_SHORT_NAME_CREATION_DISABLED        (0x00000001)
04348 
04349 typedef struct _BOOT_AREA_INFO {
04350   ULONG BootSectorCount;
04351   struct {
04352     LARGE_INTEGER Offset;
04353   } BootSectors[2];
04354 } BOOT_AREA_INFO, *PBOOT_AREA_INFO;
04355 
04356 typedef struct _RETRIEVAL_POINTER_BASE {
04357   LARGE_INTEGER FileAreaOffset;
04358 } RETRIEVAL_POINTER_BASE, *PRETRIEVAL_POINTER_BASE;
04359 
04360 typedef struct _FILE_FS_PERSISTENT_VOLUME_INFORMATION {
04361   ULONG VolumeFlags;
04362   ULONG FlagMask;
04363   ULONG Version;
04364   ULONG Reserved;
04365 } FILE_FS_PERSISTENT_VOLUME_INFORMATION, *PFILE_FS_PERSISTENT_VOLUME_INFORMATION;
04366 
04367 typedef struct _FILE_SYSTEM_RECOGNITION_INFORMATION {
04368   CHAR FileSystem[9];
04369 } FILE_SYSTEM_RECOGNITION_INFORMATION, *PFILE_SYSTEM_RECOGNITION_INFORMATION;
04370 
04371 #define OPLOCK_LEVEL_CACHE_READ         (0x00000001)
04372 #define OPLOCK_LEVEL_CACHE_HANDLE       (0x00000002)
04373 #define OPLOCK_LEVEL_CACHE_WRITE        (0x00000004)
04374 
04375 #define REQUEST_OPLOCK_INPUT_FLAG_REQUEST               (0x00000001)
04376 #define REQUEST_OPLOCK_INPUT_FLAG_ACK                   (0x00000002)
04377 #define REQUEST_OPLOCK_INPUT_FLAG_COMPLETE_ACK_ON_CLOSE (0x00000004)
04378 
04379 #define REQUEST_OPLOCK_CURRENT_VERSION          1
04380 
04381 typedef struct _REQUEST_OPLOCK_INPUT_BUFFER {
04382   USHORT StructureVersion;
04383   USHORT StructureLength;
04384   ULONG RequestedOplockLevel;
04385   ULONG Flags;
04386 } REQUEST_OPLOCK_INPUT_BUFFER, *PREQUEST_OPLOCK_INPUT_BUFFER;
04387 
04388 #define REQUEST_OPLOCK_OUTPUT_FLAG_ACK_REQUIRED     (0x00000001)
04389 #define REQUEST_OPLOCK_OUTPUT_FLAG_MODES_PROVIDED   (0x00000002)
04390 
04391 typedef struct _REQUEST_OPLOCK_OUTPUT_BUFFER {
04392   USHORT StructureVersion;
04393   USHORT StructureLength;
04394   ULONG OriginalOplockLevel;
04395   ULONG NewOplockLevel;
04396   ULONG Flags;
04397   ACCESS_MASK AccessMode;
04398   USHORT ShareMode;
04399 } REQUEST_OPLOCK_OUTPUT_BUFFER, *PREQUEST_OPLOCK_OUTPUT_BUFFER;
04400 
04401 #define SD_GLOBAL_CHANGE_TYPE_MACHINE_SID   1
04402 
04403 typedef struct _SD_CHANGE_MACHINE_SID_INPUT {
04404   USHORT CurrentMachineSIDOffset;
04405   USHORT CurrentMachineSIDLength;
04406   USHORT NewMachineSIDOffset;
04407   USHORT NewMachineSIDLength;
04408 } SD_CHANGE_MACHINE_SID_INPUT, *PSD_CHANGE_MACHINE_SID_INPUT;
04409 
04410 typedef struct _SD_CHANGE_MACHINE_SID_OUTPUT {
04411   ULONGLONG NumSDChangedSuccess;
04412   ULONGLONG NumSDChangedFail;
04413   ULONGLONG NumSDUnused;
04414   ULONGLONG NumSDTotal;
04415   ULONGLONG NumMftSDChangedSuccess;
04416   ULONGLONG NumMftSDChangedFail;
04417   ULONGLONG NumMftSDTotal;
04418 } SD_CHANGE_MACHINE_SID_OUTPUT, *PSD_CHANGE_MACHINE_SID_OUTPUT;
04419 
04420 typedef struct _SD_GLOBAL_CHANGE_INPUT {
04421   ULONG Flags;
04422   ULONG ChangeType;
04423   _ANONYMOUS_UNION union {
04424     SD_CHANGE_MACHINE_SID_INPUT SdChange;
04425   } DUMMYUNIONNAME;
04426 } SD_GLOBAL_CHANGE_INPUT, *PSD_GLOBAL_CHANGE_INPUT;
04427 
04428 typedef struct _SD_GLOBAL_CHANGE_OUTPUT {
04429   ULONG Flags;
04430   ULONG ChangeType;
04431   _ANONYMOUS_UNION union {
04432     SD_CHANGE_MACHINE_SID_OUTPUT SdChange;
04433   } DUMMYUNIONNAME;
04434 } SD_GLOBAL_CHANGE_OUTPUT, *PSD_GLOBAL_CHANGE_OUTPUT;
04435 
04436 #define ENCRYPTED_DATA_INFO_SPARSE_FILE    1
04437 
04438 typedef struct _EXTENDED_ENCRYPTED_DATA_INFO {
04439   ULONG ExtendedCode;
04440   ULONG Length;
04441   ULONG Flags;
04442   ULONG Reserved;
04443 } EXTENDED_ENCRYPTED_DATA_INFO, *PEXTENDED_ENCRYPTED_DATA_INFO;
04444 
04445 typedef struct _LOOKUP_STREAM_FROM_CLUSTER_INPUT {
04446   ULONG Flags;
04447   ULONG NumberOfClusters;
04448   LARGE_INTEGER Cluster[1];
04449 } LOOKUP_STREAM_FROM_CLUSTER_INPUT, *PLOOKUP_STREAM_FROM_CLUSTER_INPUT;
04450 
04451 typedef struct _LOOKUP_STREAM_FROM_CLUSTER_OUTPUT {
04452   ULONG Offset;
04453   ULONG NumberOfMatches;
04454   ULONG BufferSizeRequired;
04455 } LOOKUP_STREAM_FROM_CLUSTER_OUTPUT, *PLOOKUP_STREAM_FROM_CLUSTER_OUTPUT;
04456 
04457 #define LOOKUP_STREAM_FROM_CLUSTER_ENTRY_FLAG_PAGE_FILE          0x00000001
04458 #define LOOKUP_STREAM_FROM_CLUSTER_ENTRY_FLAG_DENY_DEFRAG_SET    0x00000002
04459 #define LOOKUP_STREAM_FROM_CLUSTER_ENTRY_FLAG_FS_SYSTEM_FILE     0x00000004
04460 #define LOOKUP_STREAM_FROM_CLUSTER_ENTRY_FLAG_TXF_SYSTEM_FILE    0x00000008
04461 
04462 #define LOOKUP_STREAM_FROM_CLUSTER_ENTRY_ATTRIBUTE_MASK          0xff000000
04463 #define LOOKUP_STREAM_FROM_CLUSTER_ENTRY_ATTRIBUTE_DATA          0x01000000
04464 #define LOOKUP_STREAM_FROM_CLUSTER_ENTRY_ATTRIBUTE_INDEX         0x02000000
04465 #define LOOKUP_STREAM_FROM_CLUSTER_ENTRY_ATTRIBUTE_SYSTEM        0x03000000
04466 
04467 typedef struct _LOOKUP_STREAM_FROM_CLUSTER_ENTRY {
04468   ULONG OffsetToNext;
04469   ULONG Flags;
04470   LARGE_INTEGER Reserved;
04471   LARGE_INTEGER Cluster;
04472   WCHAR FileName[1];
04473 } LOOKUP_STREAM_FROM_CLUSTER_ENTRY, *PLOOKUP_STREAM_FROM_CLUSTER_ENTRY;
04474 
04475 typedef struct _FILE_TYPE_NOTIFICATION_INPUT {
04476   ULONG Flags;
04477   ULONG NumFileTypeIDs;
04478   GUID FileTypeID[1];
04479 } FILE_TYPE_NOTIFICATION_INPUT, *PFILE_TYPE_NOTIFICATION_INPUT;
04480 
04481 #define FILE_TYPE_NOTIFICATION_FLAG_USAGE_BEGIN     0x00000001
04482 #define FILE_TYPE_NOTIFICATION_FLAG_USAGE_END       0x00000002
04483 
04484 DEFINE_GUID(FILE_TYPE_NOTIFICATION_GUID_PAGE_FILE,         0x0d0a64a1, 0x38fc, 0x4db8, 0x9f, 0xe7, 0x3f, 0x43, 0x52, 0xcd, 0x7c, 0x5c);
04485 DEFINE_GUID(FILE_TYPE_NOTIFICATION_GUID_HIBERNATION_FILE,  0xb7624d64, 0xb9a3, 0x4cf8, 0x80, 0x11, 0x5b, 0x86, 0xc9, 0x40, 0xe7, 0xb7);
04486 DEFINE_GUID(FILE_TYPE_NOTIFICATION_GUID_CRASHDUMP_FILE,    0x9d453eb7, 0xd2a6, 0x4dbd, 0xa2, 0xe3, 0xfb, 0xd0, 0xed, 0x91, 0x09, 0xa9);
04487 
04488 #ifndef _VIRTUAL_STORAGE_TYPE_DEFINED
04489 #define _VIRTUAL_STORAGE_TYPE_DEFINED
04490 typedef struct _VIRTUAL_STORAGE_TYPE {
04491   ULONG DeviceId;
04492   GUID VendorId;
04493 } VIRTUAL_STORAGE_TYPE, *PVIRTUAL_STORAGE_TYPE;
04494 #endif
04495 
04496 typedef struct _STORAGE_QUERY_DEPENDENT_VOLUME_REQUEST {
04497   ULONG RequestLevel;
04498   ULONG RequestFlags;
04499 } STORAGE_QUERY_DEPENDENT_VOLUME_REQUEST, *PSTORAGE_QUERY_DEPENDENT_VOLUME_REQUEST;
04500 
04501 #define QUERY_DEPENDENT_VOLUME_REQUEST_FLAG_HOST_VOLUMES    0x1
04502 #define QUERY_DEPENDENT_VOLUME_REQUEST_FLAG_GUEST_VOLUMES   0x2
04503 
04504 typedef struct _STORAGE_QUERY_DEPENDENT_VOLUME_LEV1_ENTRY {
04505   ULONG EntryLength;
04506   ULONG DependencyTypeFlags;
04507   ULONG ProviderSpecificFlags;
04508   VIRTUAL_STORAGE_TYPE VirtualStorageType;
04509 } STORAGE_QUERY_DEPENDENT_VOLUME_LEV1_ENTRY, *PSTORAGE_QUERY_DEPENDENT_VOLUME_LEV1_ENTRY;
04510 
04511 typedef struct _STORAGE_QUERY_DEPENDENT_VOLUME_LEV2_ENTRY {
04512   ULONG EntryLength;
04513   ULONG DependencyTypeFlags;
04514   ULONG ProviderSpecificFlags;
04515   VIRTUAL_STORAGE_TYPE VirtualStorageType;
04516   ULONG AncestorLevel;
04517   ULONG HostVolumeNameOffset;
04518   ULONG HostVolumeNameSize;
04519   ULONG DependentVolumeNameOffset;
04520   ULONG DependentVolumeNameSize;
04521   ULONG RelativePathOffset;
04522   ULONG RelativePathSize;
04523   ULONG DependentDeviceNameOffset;
04524   ULONG DependentDeviceNameSize;
04525 } STORAGE_QUERY_DEPENDENT_VOLUME_LEV2_ENTRY, *PSTORAGE_QUERY_DEPENDENT_VOLUME_LEV2_ENTRY;
04526 
04527 typedef struct _STORAGE_QUERY_DEPENDENT_VOLUME_RESPONSE {
04528   ULONG ResponseLevel;
04529   ULONG NumberEntries;
04530   _ANONYMOUS_UNION union {
04531     STORAGE_QUERY_DEPENDENT_VOLUME_LEV1_ENTRY Lev1Depends[0];
04532     STORAGE_QUERY_DEPENDENT_VOLUME_LEV2_ENTRY Lev2Depends[0];
04533   } DUMMYUNIONNAME;
04534 } STORAGE_QUERY_DEPENDENT_VOLUME_RESPONSE, *PSTORAGE_QUERY_DEPENDENT_VOLUME_RESPONSE;
04535 
04536 #endif /* (_WIN32_WINNT >= 0x0601) */
04537 
04538 typedef struct _FILESYSTEM_STATISTICS {
04539   USHORT FileSystemType;
04540   USHORT Version;
04541   ULONG SizeOfCompleteStructure;
04542   ULONG UserFileReads;
04543   ULONG UserFileReadBytes;
04544   ULONG UserDiskReads;
04545   ULONG UserFileWrites;
04546   ULONG UserFileWriteBytes;
04547   ULONG UserDiskWrites;
04548   ULONG MetaDataReads;
04549   ULONG MetaDataReadBytes;
04550   ULONG MetaDataDiskReads;
04551   ULONG MetaDataWrites;
04552   ULONG MetaDataWriteBytes;
04553   ULONG MetaDataDiskWrites;
04554 } FILESYSTEM_STATISTICS, *PFILESYSTEM_STATISTICS;
04555 
04556 #define FILESYSTEM_STATISTICS_TYPE_NTFS     1
04557 #define FILESYSTEM_STATISTICS_TYPE_FAT      2
04558 #define FILESYSTEM_STATISTICS_TYPE_EXFAT    3
04559 
04560 typedef struct _FAT_STATISTICS {
04561   ULONG CreateHits;
04562   ULONG SuccessfulCreates;
04563   ULONG FailedCreates;
04564   ULONG NonCachedReads;
04565   ULONG NonCachedReadBytes;