ReactOS Development > Doxygen
ntifs.h
Go to the documentation of this file.
00001 /* 00002 * ntifs.h 00003 * 00004 * Windows NT Filesystem Driver Developer Kit 00005 * 00006 * This file is part of the ReactOS DDK package. 00007 * 00008 * Contributors: 00009 * Amine Khaldi 00010 * Timo Kreuzer (timo.kreuzer@reactos.org) 00011 * 00012 * THIS SOFTWARE IS NOT COPYRIGHTED 00013 * 00014 * This source code is offered for use in the public domain. You may 00015 * use, modify or distribute it freely. 00016 * 00017 * This code is distributed in the hope that it will be useful but 00018 * WITHOUT ANY WARRANTY. ALL WARRANTIES, EXPRESS OR IMPLIED ARE HEREBY 00019 * DISCLAIMED. This includes but is not limited to warranties of 00020 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 00021 * 00022 */ 00023 00024 #pragma once 00025 00026 #define _NTIFS_INCLUDED_ 00027 #define _GNU_NTIFS_ 00028 00029 #ifdef __cplusplus 00030 extern "C" { 00031 #endif 00032 00033 /* Dependencies */ 00034 #include <ntddk.h> 00035 #include <excpt.h> 00036 #include <ntdef.h> 00037 #include <ntnls.h> 00038 #include <ntstatus.h> 00039 #include <bugcodes.h> 00040 #include <ntiologc.h> 00041 00042 00043 #ifndef FlagOn 00044 #define FlagOn(_F,_SF) ((_F) & (_SF)) 00045 #endif 00046 00047 #ifndef BooleanFlagOn 00048 #define BooleanFlagOn(F,SF) ((BOOLEAN)(((F) & (SF)) != 0)) 00049 #endif 00050 00051 #ifndef SetFlag 00052 #define SetFlag(_F,_SF) ((_F) |= (_SF)) 00053 #endif 00054 00055 #ifndef ClearFlag 00056 #define ClearFlag(_F,_SF) ((_F) &= ~(_SF)) 00057 #endif 00058 00059 typedef UNICODE_STRING LSA_UNICODE_STRING, *PLSA_UNICODE_STRING; 00060 typedef STRING LSA_STRING, *PLSA_STRING; 00061 typedef OBJECT_ATTRIBUTES LSA_OBJECT_ATTRIBUTES, *PLSA_OBJECT_ATTRIBUTES; 00062 00063 /****************************************************************************** 00064 * Security Manager Types * 00065 ******************************************************************************/ 00066 #ifndef SID_IDENTIFIER_AUTHORITY_DEFINED 00067 #define SID_IDENTIFIER_AUTHORITY_DEFINED 00068 typedef struct _SID_IDENTIFIER_AUTHORITY { 00069 UCHAR Value[6]; 00070 } SID_IDENTIFIER_AUTHORITY,*PSID_IDENTIFIER_AUTHORITY,*LPSID_IDENTIFIER_AUTHORITY; 00071 #endif 00072 00073 #ifndef SID_DEFINED 00074 #define SID_DEFINED 00075 typedef struct _SID { 00076 UCHAR Revision; 00077 UCHAR SubAuthorityCount; 00078 SID_IDENTIFIER_AUTHORITY IdentifierAuthority; 00079 #ifdef MIDL_PASS 00080 [size_is(SubAuthorityCount)] ULONG SubAuthority[*]; 00081 #else 00082 ULONG SubAuthority[ANYSIZE_ARRAY]; 00083 #endif 00084 } SID, *PISID; 00085 #endif 00086 00087 #define SID_REVISION 1 00088 #define SID_MAX_SUB_AUTHORITIES 15 00089 #define SID_RECOMMENDED_SUB_AUTHORITIES 1 00090 00091 #ifndef MIDL_PASS 00092 #define SECURITY_MAX_SID_SIZE (sizeof(SID) - sizeof(ULONG) + (SID_MAX_SUB_AUTHORITIES * sizeof(ULONG))) 00093 #endif 00094 00095 typedef enum _SID_NAME_USE { 00096 SidTypeUser = 1, 00097 SidTypeGroup, 00098 SidTypeDomain, 00099 SidTypeAlias, 00100 SidTypeWellKnownGroup, 00101 SidTypeDeletedAccount, 00102 SidTypeInvalid, 00103 SidTypeUnknown, 00104 SidTypeComputer, 00105 SidTypeLabel 00106 } SID_NAME_USE, *PSID_NAME_USE; 00107 00108 typedef struct _SID_AND_ATTRIBUTES { 00109 #ifdef MIDL_PASS 00110 PISID Sid; 00111 #else 00112 PSID Sid; 00113 #endif 00114 ULONG Attributes; 00115 } SID_AND_ATTRIBUTES, *PSID_AND_ATTRIBUTES; 00116 typedef SID_AND_ATTRIBUTES SID_AND_ATTRIBUTES_ARRAY[ANYSIZE_ARRAY]; 00117 typedef SID_AND_ATTRIBUTES_ARRAY *PSID_AND_ATTRIBUTES_ARRAY; 00118 00119 #define SID_HASH_SIZE 32 00120 typedef ULONG_PTR SID_HASH_ENTRY, *PSID_HASH_ENTRY; 00121 00122 typedef struct _SID_AND_ATTRIBUTES_HASH { 00123 ULONG SidCount; 00124 PSID_AND_ATTRIBUTES SidAttr; 00125 SID_HASH_ENTRY Hash[SID_HASH_SIZE]; 00126 } SID_AND_ATTRIBUTES_HASH, *PSID_AND_ATTRIBUTES_HASH; 00127 00128 /* Universal well-known SIDs */ 00129 00130 #define SECURITY_NULL_SID_AUTHORITY {0,0,0,0,0,0} 00131 #define SECURITY_WORLD_SID_AUTHORITY {0,0,0,0,0,1} 00132 #define SECURITY_LOCAL_SID_AUTHORITY {0,0,0,0,0,2} 00133 #define SECURITY_CREATOR_SID_AUTHORITY {0,0,0,0,0,3} 00134 #define SECURITY_NON_UNIQUE_AUTHORITY {0,0,0,0,0,4} 00135 #define SECURITY_RESOURCE_MANAGER_AUTHORITY {0,0,0,0,0,9} 00136 00137 #define SECURITY_NULL_RID (0x00000000L) 00138 #define SECURITY_WORLD_RID (0x00000000L) 00139 #define SECURITY_LOCAL_RID (0x00000000L) 00140 #define SECURITY_LOCAL_LOGON_RID (0x00000001L) 00141 00142 #define SECURITY_CREATOR_OWNER_RID (0x00000000L) 00143 #define SECURITY_CREATOR_GROUP_RID (0x00000001L) 00144 #define SECURITY_CREATOR_OWNER_SERVER_RID (0x00000002L) 00145 #define SECURITY_CREATOR_GROUP_SERVER_RID (0x00000003L) 00146 #define SECURITY_CREATOR_OWNER_RIGHTS_RID (0x00000004L) 00147 00148 /* NT well-known SIDs */ 00149 00150 #define SECURITY_NT_AUTHORITY {0,0,0,0,0,5} 00151 00152 #define SECURITY_DIALUP_RID (0x00000001L) 00153 #define SECURITY_NETWORK_RID (0x00000002L) 00154 #define SECURITY_BATCH_RID (0x00000003L) 00155 #define SECURITY_INTERACTIVE_RID (0x00000004L) 00156 #define SECURITY_LOGON_IDS_RID (0x00000005L) 00157 #define SECURITY_LOGON_IDS_RID_COUNT (3L) 00158 #define SECURITY_SERVICE_RID (0x00000006L) 00159 #define SECURITY_ANONYMOUS_LOGON_RID (0x00000007L) 00160 #define SECURITY_PROXY_RID (0x00000008L) 00161 #define SECURITY_ENTERPRISE_CONTROLLERS_RID (0x00000009L) 00162 #define SECURITY_SERVER_LOGON_RID SECURITY_ENTERPRISE_CONTROLLERS_RID 00163 #define SECURITY_PRINCIPAL_SELF_RID (0x0000000AL) 00164 #define SECURITY_AUTHENTICATED_USER_RID (0x0000000BL) 00165 #define SECURITY_RESTRICTED_CODE_RID (0x0000000CL) 00166 #define SECURITY_TERMINAL_SERVER_RID (0x0000000DL) 00167 #define SECURITY_REMOTE_LOGON_RID (0x0000000EL) 00168 #define SECURITY_THIS_ORGANIZATION_RID (0x0000000FL) 00169 #define SECURITY_IUSER_RID (0x00000011L) 00170 #define SECURITY_LOCAL_SYSTEM_RID (0x00000012L) 00171 #define SECURITY_LOCAL_SERVICE_RID (0x00000013L) 00172 #define SECURITY_NETWORK_SERVICE_RID (0x00000014L) 00173 #define SECURITY_NT_NON_UNIQUE (0x00000015L) 00174 #define SECURITY_NT_NON_UNIQUE_SUB_AUTH_COUNT (3L) 00175 #define SECURITY_ENTERPRISE_READONLY_CONTROLLERS_RID (0x00000016L) 00176 00177 #define SECURITY_BUILTIN_DOMAIN_RID (0x00000020L) 00178 #define SECURITY_WRITE_RESTRICTED_CODE_RID (0x00000021L) 00179 00180 00181 #define SECURITY_PACKAGE_BASE_RID (0x00000040L) 00182 #define SECURITY_PACKAGE_RID_COUNT (2L) 00183 #define SECURITY_PACKAGE_NTLM_RID (0x0000000AL) 00184 #define SECURITY_PACKAGE_SCHANNEL_RID (0x0000000EL) 00185 #define SECURITY_PACKAGE_DIGEST_RID (0x00000015L) 00186 00187 #define SECURITY_CRED_TYPE_BASE_RID (0x00000041L) 00188 #define SECURITY_CRED_TYPE_RID_COUNT (2L) 00189 #define SECURITY_CRED_TYPE_THIS_ORG_CERT_RID (0x00000001L) 00190 00191 #define SECURITY_MIN_BASE_RID (0x00000050L) 00192 #define SECURITY_SERVICE_ID_BASE_RID (0x00000050L) 00193 #define SECURITY_SERVICE_ID_RID_COUNT (6L) 00194 #define SECURITY_RESERVED_ID_BASE_RID (0x00000051L) 00195 #define SECURITY_APPPOOL_ID_BASE_RID (0x00000052L) 00196 #define SECURITY_APPPOOL_ID_RID_COUNT (6L) 00197 #define SECURITY_VIRTUALSERVER_ID_BASE_RID (0x00000053L) 00198 #define SECURITY_VIRTUALSERVER_ID_RID_COUNT (6L) 00199 #define SECURITY_USERMODEDRIVERHOST_ID_BASE_RID (0x00000054L) 00200 #define SECURITY_USERMODEDRIVERHOST_ID_RID_COUNT (6L) 00201 #define SECURITY_CLOUD_INFRASTRUCTURE_SERVICES_ID_BASE_RID (0x00000055L) 00202 #define SECURITY_CLOUD_INFRASTRUCTURE_SERVICES_ID_RID_COUNT (6L) 00203 #define SECURITY_WMIHOST_ID_BASE_RID (0x00000056L) 00204 #define SECURITY_WMIHOST_ID_RID_COUNT (6L) 00205 #define SECURITY_TASK_ID_BASE_RID (0x00000057L) 00206 #define SECURITY_NFS_ID_BASE_RID (0x00000058L) 00207 #define SECURITY_COM_ID_BASE_RID (0x00000059L) 00208 #define SECURITY_VIRTUALACCOUNT_ID_RID_COUNT (6L) 00209 00210 #define SECURITY_MAX_BASE_RID (0x0000006FL) 00211 00212 #define SECURITY_MAX_ALWAYS_FILTERED (0x000003E7L) 00213 #define SECURITY_MIN_NEVER_FILTERED (0x000003E8L) 00214 00215 #define SECURITY_OTHER_ORGANIZATION_RID (0x000003E8L) 00216 00217 #define SECURITY_WINDOWSMOBILE_ID_BASE_RID (0x00000070L) 00218 00219 /* Well-known domain relative sub-authority values (RIDs) */ 00220 00221 #define DOMAIN_GROUP_RID_ENTERPRISE_READONLY_DOMAIN_CONTROLLERS (0x000001F2L) 00222 00223 #define FOREST_USER_RID_MAX (0x000001F3L) 00224 00225 /* Well-known users */ 00226 00227 #define DOMAIN_USER_RID_ADMIN (0x000001F4L) 00228 #define DOMAIN_USER_RID_GUEST (0x000001F5L) 00229 #define DOMAIN_USER_RID_KRBTGT (0x000001F6L) 00230 00231 #define DOMAIN_USER_RID_MAX (0x000003E7L) 00232 00233 /* Well-known groups */ 00234 00235 #define DOMAIN_GROUP_RID_ADMINS (0x00000200L) 00236 #define DOMAIN_GROUP_RID_USERS (0x00000201L) 00237 #define DOMAIN_GROUP_RID_GUESTS (0x00000202L) 00238 #define DOMAIN_GROUP_RID_COMPUTERS (0x00000203L) 00239 #define DOMAIN_GROUP_RID_CONTROLLERS (0x00000204L) 00240 #define DOMAIN_GROUP_RID_CERT_ADMINS (0x00000205L) 00241 #define DOMAIN_GROUP_RID_SCHEMA_ADMINS (0x00000206L) 00242 #define DOMAIN_GROUP_RID_ENTERPRISE_ADMINS (0x00000207L) 00243 #define DOMAIN_GROUP_RID_POLICY_ADMINS (0x00000208L) 00244 #define DOMAIN_GROUP_RID_READONLY_CONTROLLERS (0x00000209L) 00245 00246 /* Well-known aliases */ 00247 00248 #define DOMAIN_ALIAS_RID_ADMINS (0x00000220L) 00249 #define DOMAIN_ALIAS_RID_USERS (0x00000221L) 00250 #define DOMAIN_ALIAS_RID_GUESTS (0x00000222L) 00251 #define DOMAIN_ALIAS_RID_POWER_USERS (0x00000223L) 00252 00253 #define DOMAIN_ALIAS_RID_ACCOUNT_OPS (0x00000224L) 00254 #define DOMAIN_ALIAS_RID_SYSTEM_OPS (0x00000225L) 00255 #define DOMAIN_ALIAS_RID_PRINT_OPS (0x00000226L) 00256 #define DOMAIN_ALIAS_RID_BACKUP_OPS (0x00000227L) 00257 00258 #define DOMAIN_ALIAS_RID_REPLICATOR (0x00000228L) 00259 #define DOMAIN_ALIAS_RID_RAS_SERVERS (0x00000229L) 00260 #define DOMAIN_ALIAS_RID_PREW2KCOMPACCESS (0x0000022AL) 00261 #define DOMAIN_ALIAS_RID_REMOTE_DESKTOP_USERS (0x0000022BL) 00262 #define DOMAIN_ALIAS_RID_NETWORK_CONFIGURATION_OPS (0x0000022CL) 00263 #define DOMAIN_ALIAS_RID_INCOMING_FOREST_TRUST_BUILDERS (0x0000022DL) 00264 00265 #define DOMAIN_ALIAS_RID_MONITORING_USERS (0x0000022EL) 00266 #define DOMAIN_ALIAS_RID_LOGGING_USERS (0x0000022FL) 00267 #define DOMAIN_ALIAS_RID_AUTHORIZATIONACCESS (0x00000230L) 00268 #define DOMAIN_ALIAS_RID_TS_LICENSE_SERVERS (0x00000231L) 00269 #define DOMAIN_ALIAS_RID_DCOM_USERS (0x00000232L) 00270 #define DOMAIN_ALIAS_RID_IUSERS (0x00000238L) 00271 #define DOMAIN_ALIAS_RID_CRYPTO_OPERATORS (0x00000239L) 00272 #define DOMAIN_ALIAS_RID_CACHEABLE_PRINCIPALS_GROUP (0x0000023BL) 00273 #define DOMAIN_ALIAS_RID_NON_CACHEABLE_PRINCIPALS_GROUP (0x0000023CL) 00274 #define DOMAIN_ALIAS_RID_EVENT_LOG_READERS_GROUP (0x0000023DL) 00275 #define DOMAIN_ALIAS_RID_CERTSVC_DCOM_ACCESS_GROUP (0x0000023EL) 00276 00277 #define SECURITY_MANDATORY_LABEL_AUTHORITY {0,0,0,0,0,16} 00278 #define SECURITY_MANDATORY_UNTRUSTED_RID (0x00000000L) 00279 #define SECURITY_MANDATORY_LOW_RID (0x00001000L) 00280 #define SECURITY_MANDATORY_MEDIUM_RID (0x00002000L) 00281 #define SECURITY_MANDATORY_HIGH_RID (0x00003000L) 00282 #define SECURITY_MANDATORY_SYSTEM_RID (0x00004000L) 00283 #define SECURITY_MANDATORY_PROTECTED_PROCESS_RID (0x00005000L) 00284 00285 /* SECURITY_MANDATORY_MAXIMUM_USER_RID is the highest RID that 00286 can be set by a usermode caller.*/ 00287 00288 #define SECURITY_MANDATORY_MAXIMUM_USER_RID SECURITY_MANDATORY_SYSTEM_RID 00289 00290 #define MANDATORY_LEVEL_TO_MANDATORY_RID(IL) (IL * 0x1000) 00291 00292 /* Allocate the System Luid. The first 1000 LUIDs are reserved. 00293 Use #999 here (0x3e7 = 999) */ 00294 00295 #define SYSTEM_LUID {0x3e7, 0x0} 00296 #define ANONYMOUS_LOGON_LUID {0x3e6, 0x0} 00297 #define LOCALSERVICE_LUID {0x3e5, 0x0} 00298 #define NETWORKSERVICE_LUID {0x3e4, 0x0} 00299 #define IUSER_LUID {0x3e3, 0x0} 00300 00301 typedef struct _ACE_HEADER { 00302 UCHAR AceType; 00303 UCHAR AceFlags; 00304 USHORT AceSize; 00305 } ACE_HEADER, *PACE_HEADER; 00306 00307 /* also in winnt.h */ 00308 #define ACCESS_MIN_MS_ACE_TYPE (0x0) 00309 #define ACCESS_ALLOWED_ACE_TYPE (0x0) 00310 #define ACCESS_DENIED_ACE_TYPE (0x1) 00311 #define SYSTEM_AUDIT_ACE_TYPE (0x2) 00312 #define SYSTEM_ALARM_ACE_TYPE (0x3) 00313 #define ACCESS_MAX_MS_V2_ACE_TYPE (0x3) 00314 #define ACCESS_ALLOWED_COMPOUND_ACE_TYPE (0x4) 00315 #define ACCESS_MAX_MS_V3_ACE_TYPE (0x4) 00316 #define ACCESS_MIN_MS_OBJECT_ACE_TYPE (0x5) 00317 #define ACCESS_ALLOWED_OBJECT_ACE_TYPE (0x5) 00318 #define ACCESS_DENIED_OBJECT_ACE_TYPE (0x6) 00319 #define SYSTEM_AUDIT_OBJECT_ACE_TYPE (0x7) 00320 #define SYSTEM_ALARM_OBJECT_ACE_TYPE (0x8) 00321 #define ACCESS_MAX_MS_OBJECT_ACE_TYPE (0x8) 00322 #define ACCESS_MAX_MS_V4_ACE_TYPE (0x8) 00323 #define ACCESS_MAX_MS_ACE_TYPE (0x8) 00324 #define ACCESS_ALLOWED_CALLBACK_ACE_TYPE (0x9) 00325 #define ACCESS_DENIED_CALLBACK_ACE_TYPE (0xA) 00326 #define ACCESS_ALLOWED_CALLBACK_OBJECT_ACE_TYPE (0xB) 00327 #define ACCESS_DENIED_CALLBACK_OBJECT_ACE_TYPE (0xC) 00328 #define SYSTEM_AUDIT_CALLBACK_ACE_TYPE (0xD) 00329 #define SYSTEM_ALARM_CALLBACK_ACE_TYPE (0xE) 00330 #define SYSTEM_AUDIT_CALLBACK_OBJECT_ACE_TYPE (0xF) 00331 #define SYSTEM_ALARM_CALLBACK_OBJECT_ACE_TYPE (0x10) 00332 #define ACCESS_MAX_MS_V5_ACE_TYPE (0x11) 00333 #define SYSTEM_MANDATORY_LABEL_ACE_TYPE (0x11) 00334 00335 /* The following are the inherit flags that go into the AceFlags field 00336 of an Ace header. */ 00337 00338 #define OBJECT_INHERIT_ACE (0x1) 00339 #define CONTAINER_INHERIT_ACE (0x2) 00340 #define NO_PROPAGATE_INHERIT_ACE (0x4) 00341 #define INHERIT_ONLY_ACE (0x8) 00342 #define INHERITED_ACE (0x10) 00343 #define VALID_INHERIT_FLAGS (0x1F) 00344 00345 #define SUCCESSFUL_ACCESS_ACE_FLAG (0x40) 00346 #define FAILED_ACCESS_ACE_FLAG (0x80) 00347 00348 typedef struct _ACCESS_ALLOWED_ACE { 00349 ACE_HEADER Header; 00350 ACCESS_MASK Mask; 00351 ULONG SidStart; 00352 } ACCESS_ALLOWED_ACE, *PACCESS_ALLOWED_ACE; 00353 00354 typedef struct _ACCESS_DENIED_ACE { 00355 ACE_HEADER Header; 00356 ACCESS_MASK Mask; 00357 ULONG SidStart; 00358 } ACCESS_DENIED_ACE, *PACCESS_DENIED_ACE; 00359 00360 typedef struct _SYSTEM_AUDIT_ACE { 00361 ACE_HEADER Header; 00362 ACCESS_MASK Mask; 00363 ULONG SidStart; 00364 } SYSTEM_AUDIT_ACE, *PSYSTEM_AUDIT_ACE; 00365 00366 typedef struct _SYSTEM_ALARM_ACE { 00367 ACE_HEADER Header; 00368 ACCESS_MASK Mask; 00369 ULONG SidStart; 00370 } SYSTEM_ALARM_ACE, *PSYSTEM_ALARM_ACE; 00371 00372 typedef struct _SYSTEM_MANDATORY_LABEL_ACE { 00373 ACE_HEADER Header; 00374 ACCESS_MASK Mask; 00375 ULONG SidStart; 00376 } SYSTEM_MANDATORY_LABEL_ACE, *PSYSTEM_MANDATORY_LABEL_ACE; 00377 00378 #define SYSTEM_MANDATORY_LABEL_NO_WRITE_UP 0x1 00379 #define SYSTEM_MANDATORY_LABEL_NO_READ_UP 0x2 00380 #define SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP 0x4 00381 #define SYSTEM_MANDATORY_LABEL_VALID_MASK (SYSTEM_MANDATORY_LABEL_NO_WRITE_UP | \ 00382 SYSTEM_MANDATORY_LABEL_NO_READ_UP | \ 00383 SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP) 00384 00385 #define SECURITY_DESCRIPTOR_MIN_LENGTH (sizeof(SECURITY_DESCRIPTOR)) 00386 00387 typedef USHORT SECURITY_DESCRIPTOR_CONTROL,*PSECURITY_DESCRIPTOR_CONTROL; 00388 00389 #define SE_OWNER_DEFAULTED 0x0001 00390 #define SE_GROUP_DEFAULTED 0x0002 00391 #define SE_DACL_PRESENT 0x0004 00392 #define SE_DACL_DEFAULTED 0x0008 00393 #define SE_SACL_PRESENT 0x0010 00394 #define SE_SACL_DEFAULTED 0x0020 00395 #define SE_DACL_UNTRUSTED 0x0040 00396 #define SE_SERVER_SECURITY 0x0080 00397 #define SE_DACL_AUTO_INHERIT_REQ 0x0100 00398 #define SE_SACL_AUTO_INHERIT_REQ 0x0200 00399 #define SE_DACL_AUTO_INHERITED 0x0400 00400 #define SE_SACL_AUTO_INHERITED 0x0800 00401 #define SE_DACL_PROTECTED 0x1000 00402 #define SE_SACL_PROTECTED 0x2000 00403 #define SE_RM_CONTROL_VALID 0x4000 00404 #define SE_SELF_RELATIVE 0x8000 00405 00406 typedef struct _SECURITY_DESCRIPTOR_RELATIVE { 00407 UCHAR Revision; 00408 UCHAR Sbz1; 00409 SECURITY_DESCRIPTOR_CONTROL Control; 00410 ULONG Owner; 00411 ULONG Group; 00412 ULONG Sacl; 00413 ULONG Dacl; 00414 } SECURITY_DESCRIPTOR_RELATIVE, *PISECURITY_DESCRIPTOR_RELATIVE; 00415 00416 typedef struct _SECURITY_DESCRIPTOR { 00417 UCHAR Revision; 00418 UCHAR Sbz1; 00419 SECURITY_DESCRIPTOR_CONTROL Control; 00420 PSID Owner; 00421 PSID Group; 00422 PACL Sacl; 00423 PACL Dacl; 00424 } SECURITY_DESCRIPTOR, *PISECURITY_DESCRIPTOR; 00425 00426 typedef struct _OBJECT_TYPE_LIST { 00427 USHORT Level; 00428 USHORT Sbz; 00429 GUID *ObjectType; 00430 } OBJECT_TYPE_LIST, *POBJECT_TYPE_LIST; 00431 00432 #define ACCESS_OBJECT_GUID 0 00433 #define ACCESS_PROPERTY_SET_GUID 1 00434 #define ACCESS_PROPERTY_GUID 2 00435 #define ACCESS_MAX_LEVEL 4 00436 00437 typedef enum _AUDIT_EVENT_TYPE { 00438 AuditEventObjectAccess, 00439 AuditEventDirectoryServiceAccess 00440 } AUDIT_EVENT_TYPE, *PAUDIT_EVENT_TYPE; 00441 00442 #define AUDIT_ALLOW_NO_PRIVILEGE 0x1 00443 00444 #define ACCESS_DS_SOURCE_A "DS" 00445 #define ACCESS_DS_SOURCE_W L"DS" 00446 #define ACCESS_DS_OBJECT_TYPE_NAME_A "Directory Service Object" 00447 #define ACCESS_DS_OBJECT_TYPE_NAME_W L"Directory Service Object" 00448 00449 #define ACCESS_REASON_TYPE_MASK 0xffff0000 00450 #define ACCESS_REASON_DATA_MASK 0x0000ffff 00451 00452 typedef enum _ACCESS_REASON_TYPE { 00453 AccessReasonNone = 0x00000000, 00454 AccessReasonAllowedAce = 0x00010000, 00455 AccessReasonDeniedAce = 0x00020000, 00456 AccessReasonAllowedParentAce = 0x00030000, 00457 AccessReasonDeniedParentAce = 0x00040000, 00458 AccessReasonMissingPrivilege = 0x00100000, 00459 AccessReasonFromPrivilege = 0x00200000, 00460 AccessReasonIntegrityLevel = 0x00300000, 00461 AccessReasonOwnership = 0x00400000, 00462 AccessReasonNullDacl = 0x00500000, 00463 AccessReasonEmptyDacl = 0x00600000, 00464 AccessReasonNoSD = 0x00700000, 00465 AccessReasonNoGrant = 0x00800000 00466 } ACCESS_REASON_TYPE; 00467 00468 typedef ULONG ACCESS_REASON; 00469 00470 typedef struct _ACCESS_REASONS { 00471 ACCESS_REASON Data[32]; 00472 } ACCESS_REASONS, *PACCESS_REASONS; 00473 00474 #define SE_SECURITY_DESCRIPTOR_FLAG_NO_OWNER_ACE 0x00000001 00475 #define SE_SECURITY_DESCRIPTOR_FLAG_NO_LABEL_ACE 0x00000002 00476 #define SE_SECURITY_DESCRIPTOR_VALID_FLAGS 0x00000003 00477 00478 typedef struct _SE_SECURITY_DESCRIPTOR { 00479 ULONG Size; 00480 ULONG Flags; 00481 PSECURITY_DESCRIPTOR SecurityDescriptor; 00482 } SE_SECURITY_DESCRIPTOR, *PSE_SECURITY_DESCRIPTOR; 00483 00484 typedef struct _SE_ACCESS_REQUEST { 00485 ULONG Size; 00486 PSE_SECURITY_DESCRIPTOR SeSecurityDescriptor; 00487 ACCESS_MASK DesiredAccess; 00488 ACCESS_MASK PreviouslyGrantedAccess; 00489 PSID PrincipalSelfSid; 00490 PGENERIC_MAPPING GenericMapping; 00491 ULONG ObjectTypeListCount; 00492 POBJECT_TYPE_LIST ObjectTypeList; 00493 } SE_ACCESS_REQUEST, *PSE_ACCESS_REQUEST; 00494 00495 typedef struct _SE_ACCESS_REPLY { 00496 ULONG Size; 00497 ULONG ResultListCount; 00498 PACCESS_MASK GrantedAccess; 00499 PNTSTATUS AccessStatus; 00500 PACCESS_REASONS AccessReason; 00501 PPRIVILEGE_SET* Privileges; 00502 } SE_ACCESS_REPLY, *PSE_ACCESS_REPLY; 00503 00504 typedef enum _SE_AUDIT_OPERATION { 00505 AuditPrivilegeObject, 00506 AuditPrivilegeService, 00507 AuditAccessCheck, 00508 AuditOpenObject, 00509 AuditOpenObjectWithTransaction, 00510 AuditCloseObject, 00511 AuditDeleteObject, 00512 AuditOpenObjectForDelete, 00513 AuditOpenObjectForDeleteWithTransaction, 00514 AuditCloseNonObject, 00515 AuditOpenNonObject, 00516 AuditObjectReference, 00517 AuditHandleCreation, 00518 } SE_AUDIT_OPERATION, *PSE_AUDIT_OPERATION; 00519 00520 typedef struct _SE_AUDIT_INFO { 00521 ULONG Size; 00522 AUDIT_EVENT_TYPE AuditType; 00523 SE_AUDIT_OPERATION AuditOperation; 00524 ULONG AuditFlags; 00525 UNICODE_STRING SubsystemName; 00526 UNICODE_STRING ObjectTypeName; 00527 UNICODE_STRING ObjectName; 00528 PVOID HandleId; 00529 GUID* TransactionId; 00530 LUID* OperationId; 00531 BOOLEAN ObjectCreation; 00532 BOOLEAN GenerateOnClose; 00533 } SE_AUDIT_INFO, *PSE_AUDIT_INFO; 00534 00535 #define TOKEN_ASSIGN_PRIMARY (0x0001) 00536 #define TOKEN_DUPLICATE (0x0002) 00537 #define TOKEN_IMPERSONATE (0x0004) 00538 #define TOKEN_QUERY (0x0008) 00539 #define TOKEN_QUERY_SOURCE (0x0010) 00540 #define TOKEN_ADJUST_PRIVILEGES (0x0020) 00541 #define TOKEN_ADJUST_GROUPS (0x0040) 00542 #define TOKEN_ADJUST_DEFAULT (0x0080) 00543 #define TOKEN_ADJUST_SESSIONID (0x0100) 00544 00545 #define TOKEN_ALL_ACCESS_P (STANDARD_RIGHTS_REQUIRED |\ 00546 TOKEN_ASSIGN_PRIMARY |\ 00547 TOKEN_DUPLICATE |\ 00548 TOKEN_IMPERSONATE |\ 00549 TOKEN_QUERY |\ 00550 TOKEN_QUERY_SOURCE |\ 00551 TOKEN_ADJUST_PRIVILEGES |\ 00552 TOKEN_ADJUST_GROUPS |\ 00553 TOKEN_ADJUST_DEFAULT ) 00554 00555 #if ((defined(_WIN32_WINNT) && (_WIN32_WINNT > 0x0400)) || (!defined(_WIN32_WINNT))) 00556 #define TOKEN_ALL_ACCESS (TOKEN_ALL_ACCESS_P |\ 00557 TOKEN_ADJUST_SESSIONID ) 00558 #else 00559 #define TOKEN_ALL_ACCESS (TOKEN_ALL_ACCESS_P) 00560 #endif 00561 00562 #define TOKEN_READ (STANDARD_RIGHTS_READ |\ 00563 TOKEN_QUERY) 00564 00565 #define TOKEN_WRITE (STANDARD_RIGHTS_WRITE |\ 00566 TOKEN_ADJUST_PRIVILEGES |\ 00567 TOKEN_ADJUST_GROUPS |\ 00568 TOKEN_ADJUST_DEFAULT) 00569 00570 #define TOKEN_EXECUTE (STANDARD_RIGHTS_EXECUTE) 00571 00572 typedef enum _TOKEN_TYPE { 00573 TokenPrimary = 1, 00574 TokenImpersonation 00575 } TOKEN_TYPE,*PTOKEN_TYPE; 00576 00577 typedef enum _TOKEN_INFORMATION_CLASS { 00578 TokenUser = 1, 00579 TokenGroups, 00580 TokenPrivileges, 00581 TokenOwner, 00582 TokenPrimaryGroup, 00583 TokenDefaultDacl, 00584 TokenSource, 00585 TokenType, 00586 TokenImpersonationLevel, 00587 TokenStatistics, 00588 TokenRestrictedSids, 00589 TokenSessionId, 00590 TokenGroupsAndPrivileges, 00591 TokenSessionReference, 00592 TokenSandBoxInert, 00593 TokenAuditPolicy, 00594 TokenOrigin, 00595 TokenElevationType, 00596 TokenLinkedToken, 00597 TokenElevation, 00598 TokenHasRestrictions, 00599 TokenAccessInformation, 00600 TokenVirtualizationAllowed, 00601 TokenVirtualizationEnabled, 00602 TokenIntegrityLevel, 00603 TokenUIAccess, 00604 TokenMandatoryPolicy, 00605 TokenLogonSid, 00606 MaxTokenInfoClass 00607 } TOKEN_INFORMATION_CLASS, *PTOKEN_INFORMATION_CLASS; 00608 00609 typedef struct _TOKEN_USER { 00610 SID_AND_ATTRIBUTES User; 00611 } TOKEN_USER, *PTOKEN_USER; 00612 00613 typedef struct _TOKEN_GROUPS { 00614 ULONG GroupCount; 00615 #ifdef MIDL_PASS 00616 [size_is(GroupCount)] SID_AND_ATTRIBUTES Groups[*]; 00617 #else 00618 SID_AND_ATTRIBUTES Groups[ANYSIZE_ARRAY]; 00619 #endif 00620 } TOKEN_GROUPS,*PTOKEN_GROUPS,*LPTOKEN_GROUPS; 00621 00622 typedef struct _TOKEN_PRIVILEGES { 00623 ULONG PrivilegeCount; 00624 LUID_AND_ATTRIBUTES Privileges[ANYSIZE_ARRAY]; 00625 } TOKEN_PRIVILEGES,*PTOKEN_PRIVILEGES,*LPTOKEN_PRIVILEGES; 00626 00627 typedef struct _TOKEN_OWNER { 00628 PSID Owner; 00629 } TOKEN_OWNER,*PTOKEN_OWNER; 00630 00631 typedef struct _TOKEN_PRIMARY_GROUP { 00632 PSID PrimaryGroup; 00633 } TOKEN_PRIMARY_GROUP,*PTOKEN_PRIMARY_GROUP; 00634 00635 typedef struct _TOKEN_DEFAULT_DACL { 00636 PACL DefaultDacl; 00637 } TOKEN_DEFAULT_DACL,*PTOKEN_DEFAULT_DACL; 00638 00639 typedef struct _TOKEN_GROUPS_AND_PRIVILEGES { 00640 ULONG SidCount; 00641 ULONG SidLength; 00642 PSID_AND_ATTRIBUTES Sids; 00643 ULONG RestrictedSidCount; 00644 ULONG RestrictedSidLength; 00645 PSID_AND_ATTRIBUTES RestrictedSids; 00646 ULONG PrivilegeCount; 00647 ULONG PrivilegeLength; 00648 PLUID_AND_ATTRIBUTES Privileges; 00649 LUID AuthenticationId; 00650 } TOKEN_GROUPS_AND_PRIVILEGES, *PTOKEN_GROUPS_AND_PRIVILEGES; 00651 00652 typedef struct _TOKEN_LINKED_TOKEN { 00653 HANDLE LinkedToken; 00654 } TOKEN_LINKED_TOKEN, *PTOKEN_LINKED_TOKEN; 00655 00656 typedef struct _TOKEN_ELEVATION { 00657 ULONG TokenIsElevated; 00658 } TOKEN_ELEVATION, *PTOKEN_ELEVATION; 00659 00660 typedef struct _TOKEN_MANDATORY_LABEL { 00661 SID_AND_ATTRIBUTES Label; 00662 } TOKEN_MANDATORY_LABEL, *PTOKEN_MANDATORY_LABEL; 00663 00664 #define TOKEN_MANDATORY_POLICY_OFF 0x0 00665 #define TOKEN_MANDATORY_POLICY_NO_WRITE_UP 0x1 00666 #define TOKEN_MANDATORY_POLICY_NEW_PROCESS_MIN 0x2 00667 00668 #define TOKEN_MANDATORY_POLICY_VALID_MASK (TOKEN_MANDATORY_POLICY_NO_WRITE_UP | \ 00669 TOKEN_MANDATORY_POLICY_NEW_PROCESS_MIN) 00670 00671 typedef struct _TOKEN_MANDATORY_POLICY { 00672 ULONG Policy; 00673 } TOKEN_MANDATORY_POLICY, *PTOKEN_MANDATORY_POLICY; 00674 00675 typedef struct _TOKEN_ACCESS_INFORMATION { 00676 PSID_AND_ATTRIBUTES_HASH SidHash; 00677 PSID_AND_ATTRIBUTES_HASH RestrictedSidHash; 00678 PTOKEN_PRIVILEGES Privileges; 00679 LUID AuthenticationId; 00680 TOKEN_TYPE TokenType; 00681 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel; 00682 TOKEN_MANDATORY_POLICY MandatoryPolicy; 00683 ULONG Flags; 00684 } TOKEN_ACCESS_INFORMATION, *PTOKEN_ACCESS_INFORMATION; 00685 00686 #define POLICY_AUDIT_SUBCATEGORY_COUNT (53) 00687 00688 typedef struct _TOKEN_AUDIT_POLICY { 00689 UCHAR PerUserPolicy[((POLICY_AUDIT_SUBCATEGORY_COUNT) >> 1) + 1]; 00690 } TOKEN_AUDIT_POLICY, *PTOKEN_AUDIT_POLICY; 00691 00692 #define TOKEN_SOURCE_LENGTH 8 00693 00694 typedef struct _TOKEN_SOURCE { 00695 CHAR SourceName[TOKEN_SOURCE_LENGTH]; 00696 LUID SourceIdentifier; 00697 } TOKEN_SOURCE,*PTOKEN_SOURCE; 00698 00699 typedef struct _TOKEN_STATISTICS { 00700 LUID TokenId; 00701 LUID AuthenticationId; 00702 LARGE_INTEGER ExpirationTime; 00703 TOKEN_TYPE TokenType; 00704 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel; 00705 ULONG DynamicCharged; 00706 ULONG DynamicAvailable; 00707 ULONG GroupCount; 00708 ULONG PrivilegeCount; 00709 LUID ModifiedId; 00710 } TOKEN_STATISTICS, *PTOKEN_STATISTICS; 00711 00712 typedef struct _TOKEN_CONTROL { 00713 LUID TokenId; 00714 LUID AuthenticationId; 00715 LUID ModifiedId; 00716 TOKEN_SOURCE TokenSource; 00717 } TOKEN_CONTROL,*PTOKEN_CONTROL; 00718 00719 typedef struct _TOKEN_ORIGIN { 00720 LUID OriginatingLogonSession; 00721 } TOKEN_ORIGIN, *PTOKEN_ORIGIN; 00722 00723 typedef enum _MANDATORY_LEVEL { 00724 MandatoryLevelUntrusted = 0, 00725 MandatoryLevelLow, 00726 MandatoryLevelMedium, 00727 MandatoryLevelHigh, 00728 MandatoryLevelSystem, 00729 MandatoryLevelSecureProcess, 00730 MandatoryLevelCount 00731 } MANDATORY_LEVEL, *PMANDATORY_LEVEL; 00732 00733 #define TOKEN_HAS_TRAVERSE_PRIVILEGE 0x0001 00734 #define TOKEN_HAS_BACKUP_PRIVILEGE 0x0002 00735 #define TOKEN_HAS_RESTORE_PRIVILEGE 0x0004 00736 #define TOKEN_WRITE_RESTRICTED 0x0008 00737 #define TOKEN_IS_RESTRICTED 0x0010 00738 #define TOKEN_SESSION_NOT_REFERENCED 0x0020 00739 #define TOKEN_SANDBOX_INERT 0x0040 00740 #define TOKEN_HAS_IMPERSONATE_PRIVILEGE 0x0080 00741 #define SE_BACKUP_PRIVILEGES_CHECKED 0x0100 00742 #define TOKEN_VIRTUALIZE_ALLOWED 0x0200 00743 #define TOKEN_VIRTUALIZE_ENABLED 0x0400 00744 #define TOKEN_IS_FILTERED 0x0800 00745 #define TOKEN_UIACCESS 0x1000 00746 #define TOKEN_NOT_LOW 0x2000 00747 00748 typedef struct _SE_EXPORTS { 00749 LUID SeCreateTokenPrivilege; 00750 LUID SeAssignPrimaryTokenPrivilege; 00751 LUID SeLockMemoryPrivilege; 00752 LUID SeIncreaseQuotaPrivilege; 00753 LUID SeUnsolicitedInputPrivilege; 00754 LUID SeTcbPrivilege; 00755 LUID SeSecurityPrivilege; 00756 LUID SeTakeOwnershipPrivilege; 00757 LUID SeLoadDriverPrivilege; 00758 LUID SeCreatePagefilePrivilege; 00759 LUID SeIncreaseBasePriorityPrivilege; 00760 LUID SeSystemProfilePrivilege; 00761 LUID SeSystemtimePrivilege; 00762 LUID SeProfileSingleProcessPrivilege; 00763 LUID SeCreatePermanentPrivilege; 00764 LUID SeBackupPrivilege; 00765 LUID SeRestorePrivilege; 00766 LUID SeShutdownPrivilege; 00767 LUID SeDebugPrivilege; 00768 LUID SeAuditPrivilege; 00769 LUID SeSystemEnvironmentPrivilege; 00770 LUID SeChangeNotifyPrivilege; 00771 LUID SeRemoteShutdownPrivilege; 00772 PSID SeNullSid; 00773 PSID SeWorldSid; 00774 PSID SeLocalSid; 00775 PSID SeCreatorOwnerSid; 00776 PSID SeCreatorGroupSid; 00777 PSID SeNtAuthoritySid; 00778 PSID SeDialupSid; 00779 PSID SeNetworkSid; 00780 PSID SeBatchSid; 00781 PSID SeInteractiveSid; 00782 PSID SeLocalSystemSid; 00783 PSID SeAliasAdminsSid; 00784 PSID SeAliasUsersSid; 00785 PSID SeAliasGuestsSid; 00786 PSID SeAliasPowerUsersSid; 00787 PSID SeAliasAccountOpsSid; 00788 PSID SeAliasSystemOpsSid; 00789 PSID SeAliasPrintOpsSid; 00790 PSID SeAliasBackupOpsSid; 00791 PSID SeAuthenticatedUsersSid; 00792 PSID SeRestrictedSid; 00793 PSID SeAnonymousLogonSid; 00794 LUID SeUndockPrivilege; 00795 LUID SeSyncAgentPrivilege; 00796 LUID SeEnableDelegationPrivilege; 00797 PSID SeLocalServiceSid; 00798 PSID SeNetworkServiceSid; 00799 LUID SeManageVolumePrivilege; 00800 LUID SeImpersonatePrivilege; 00801 LUID SeCreateGlobalPrivilege; 00802 LUID SeTrustedCredManAccessPrivilege; 00803 LUID SeRelabelPrivilege; 00804 LUID SeIncreaseWorkingSetPrivilege; 00805 LUID SeTimeZonePrivilege; 00806 LUID SeCreateSymbolicLinkPrivilege; 00807 PSID SeIUserSid; 00808 PSID SeUntrustedMandatorySid; 00809 PSID SeLowMandatorySid; 00810 PSID SeMediumMandatorySid; 00811 PSID SeHighMandatorySid; 00812 PSID SeSystemMandatorySid; 00813 PSID SeOwnerRightsSid; 00814 } SE_EXPORTS, *PSE_EXPORTS; 00815 00816 typedef NTSTATUS 00817 (NTAPI *PSE_LOGON_SESSION_TERMINATED_ROUTINE)( 00818 IN PLUID LogonId); 00819 00820 typedef struct _SECURITY_CLIENT_CONTEXT { 00821 SECURITY_QUALITY_OF_SERVICE SecurityQos; 00822 PACCESS_TOKEN ClientToken; 00823 BOOLEAN DirectlyAccessClientToken; 00824 BOOLEAN DirectAccessEffectiveOnly; 00825 BOOLEAN ServerIsRemote; 00826 TOKEN_CONTROL ClientTokenControl; 00827 } SECURITY_CLIENT_CONTEXT, *PSECURITY_CLIENT_CONTEXT; 00828 00829 /****************************************************************************** 00830 * Object Manager Types * 00831 ******************************************************************************/ 00832 00833 typedef enum _OBJECT_INFORMATION_CLASS { 00834 ObjectBasicInformation = 0, 00835 ObjectTypeInformation = 2, 00836 /* Not for public use */ 00837 ObjectNameInformation = 1, 00838 ObjectTypesInformation = 3, 00839 ObjectHandleFlagInformation = 4, 00840 ObjectSessionInformation = 5, 00841 MaxObjectInfoClass 00842 } OBJECT_INFORMATION_CLASS; 00843 00844 00845 /****************************************************************************** 00846 * Runtime Library Types * 00847 ******************************************************************************/ 00848 00849 00850 #define RTL_SYSTEM_VOLUME_INFORMATION_FOLDER L"System Volume Information" 00851 00852 _Function_class_(RTL_ALLOCATE_STRING_ROUTINE) 00853 _IRQL_requires_max_(PASSIVE_LEVEL) 00854 __drv_allocatesMem(Mem) 00855 typedef PVOID 00856 (NTAPI *PRTL_ALLOCATE_STRING_ROUTINE)( 00857 _In_ SIZE_T NumberOfBytes); 00858 00859 #if _WIN32_WINNT >= 0x0600 00860 _Function_class_(RTL_REALLOCATE_STRING_ROUTINE) 00861 _IRQL_requires_max_(PASSIVE_LEVEL) 00862 __drv_allocatesMem(Mem) 00863 typedef PVOID 00864 (NTAPI *PRTL_REALLOCATE_STRING_ROUTINE)( 00865 _In_ SIZE_T NumberOfBytes, 00866 IN PVOID Buffer); 00867 #endif 00868 00869 typedef VOID 00870 (NTAPI *PRTL_FREE_STRING_ROUTINE)( 00871 _In_ __drv_freesMem(Mem) _Post_invalid_ PVOID Buffer); 00872 00873 extern const PRTL_ALLOCATE_STRING_ROUTINE RtlAllocateStringRoutine; 00874 extern const PRTL_FREE_STRING_ROUTINE RtlFreeStringRoutine; 00875 00876 #if _WIN32_WINNT >= 0x0600 00877 extern const PRTL_REALLOCATE_STRING_ROUTINE RtlReallocateStringRoutine; 00878 #endif 00879 00880 _Function_class_(RTL_HEAP_COMMIT_ROUTINE) 00881 _IRQL_requires_same_ 00882 typedef NTSTATUS 00883 (NTAPI *PRTL_HEAP_COMMIT_ROUTINE) ( 00884 _In_ PVOID Base, 00885 _Inout_ PVOID *CommitAddress, 00886 _Inout_ PSIZE_T CommitSize); 00887 00888 typedef struct _RTL_HEAP_PARAMETERS { 00889 ULONG Length; 00890 SIZE_T SegmentReserve; 00891 SIZE_T SegmentCommit; 00892 SIZE_T DeCommitFreeBlockThreshold; 00893 SIZE_T DeCommitTotalFreeThreshold; 00894 SIZE_T MaximumAllocationSize; 00895 SIZE_T VirtualMemoryThreshold; 00896 SIZE_T InitialCommit; 00897 SIZE_T InitialReserve; 00898 PRTL_HEAP_COMMIT_ROUTINE CommitRoutine; 00899 SIZE_T Reserved[2]; 00900 } RTL_HEAP_PARAMETERS, *PRTL_HEAP_PARAMETERS; 00901 00902 #if (NTDDI_VERSION >= NTDDI_WIN2K) 00903 00904 typedef struct _GENERATE_NAME_CONTEXT { 00905 USHORT Checksum; 00906 BOOLEAN CheckSumInserted; 00907 _Field_range_(<=, 8) UCHAR NameLength; 00908 WCHAR NameBuffer[8]; 00909 _Field_range_(<=, 4) ULONG ExtensionLength; 00910 WCHAR ExtensionBuffer[4]; 00911 ULONG LastIndexValue; 00912 } GENERATE_NAME_CONTEXT, *PGENERATE_NAME_CONTEXT; 00913 00914 typedef struct _PREFIX_TABLE_ENTRY { 00915 CSHORT NodeTypeCode; 00916 CSHORT NameLength; 00917 struct _PREFIX_TABLE_ENTRY *NextPrefixTree; 00918 RTL_SPLAY_LINKS Links; 00919 PSTRING Prefix; 00920 } PREFIX_TABLE_ENTRY, *PPREFIX_TABLE_ENTRY; 00921 00922 typedef struct _PREFIX_TABLE { 00923 CSHORT NodeTypeCode; 00924 CSHORT NameLength; 00925 PPREFIX_TABLE_ENTRY NextPrefixTree; 00926 } PREFIX_TABLE, *PPREFIX_TABLE; 00927 00928 typedef struct _UNICODE_PREFIX_TABLE_ENTRY { 00929 CSHORT NodeTypeCode; 00930 CSHORT NameLength; 00931 struct _UNICODE_PREFIX_TABLE_ENTRY *NextPrefixTree; 00932 struct _UNICODE_PREFIX_TABLE_ENTRY *CaseMatch; 00933 RTL_SPLAY_LINKS Links; 00934 PUNICODE_STRING Prefix; 00935 } UNICODE_PREFIX_TABLE_ENTRY, *PUNICODE_PREFIX_TABLE_ENTRY; 00936 00937 typedef struct _UNICODE_PREFIX_TABLE { 00938 CSHORT NodeTypeCode; 00939 CSHORT NameLength; 00940 PUNICODE_PREFIX_TABLE_ENTRY NextPrefixTree; 00941 PUNICODE_PREFIX_TABLE_ENTRY LastNextEntry; 00942 } UNICODE_PREFIX_TABLE, *PUNICODE_PREFIX_TABLE; 00943 00944 #endif /* (NTDDI_VERSION >= NTDDI_WIN2K) */ 00945 00946 #if (NTDDI_VERSION >= NTDDI_WINXP) 00947 typedef struct _COMPRESSED_DATA_INFO { 00948 USHORT CompressionFormatAndEngine; 00949 UCHAR CompressionUnitShift; 00950 UCHAR ChunkShift; 00951 UCHAR ClusterShift; 00952 UCHAR Reserved; 00953 USHORT NumberOfChunks; 00954 ULONG CompressedChunkSizes[ANYSIZE_ARRAY]; 00955 } COMPRESSED_DATA_INFO, *PCOMPRESSED_DATA_INFO; 00956 #endif 00957 /****************************************************************************** 00958 * Runtime Library Functions * 00959 ******************************************************************************/ 00960 00961 00962 #if (NTDDI_VERSION >= NTDDI_WIN2K) 00963 00964 00965 _Must_inspect_result_ 00966 _Ret_maybenull_ 00967 _Post_writable_byte_size_(Size) 00968 NTSYSAPI 00969 PVOID 00970 NTAPI 00971 RtlAllocateHeap( 00972 _In_ HANDLE HeapHandle, 00973 _In_opt_ ULONG Flags, 00974 _In_ SIZE_T Size); 00975 00976 _Success_(return != 0) 00977 NTSYSAPI 00978 BOOLEAN 00979 NTAPI 00980 RtlFreeHeap( 00981 _In_ PVOID HeapHandle, 00982 _In_opt_ ULONG Flags, 00983 _In_ _Post_invalid_ PVOID BaseAddress); 00984 00985 NTSYSAPI 00986 VOID 00987 NTAPI 00988 RtlCaptureContext( 00989 _Out_ PCONTEXT ContextRecord); 00990 00991 _Ret_range_(<, MAXLONG) 00992 NTSYSAPI 00993 ULONG 00994 NTAPI 00995 RtlRandom( 00996 _Inout_ PULONG Seed); 00997 00998 _IRQL_requires_max_(APC_LEVEL) 00999 _Success_(return != 0) 01000 _Must_inspect_result_ 01001 NTSYSAPI 01002 BOOLEAN 01003 NTAPI 01004 RtlCreateUnicodeString( 01005 _Out_ _At_(DestinationString->Buffer, __drv_allocatesMem(Mem)) 01006 PUNICODE_STRING DestinationString, 01007 _In_z_ PCWSTR SourceString); 01008 01009 _IRQL_requires_max_(APC_LEVEL) 01010 NTSYSAPI 01011 NTSTATUS 01012 NTAPI 01013 RtlAppendStringToString( 01014 _Inout_ PSTRING Destination, 01015 _In_ const STRING *Source); 01016 01017 _IRQL_requires_max_(PASSIVE_LEVEL) 01018 _Must_inspect_result_ 01019 NTSYSAPI 01020 NTSTATUS 01021 NTAPI 01022 RtlOemStringToUnicodeString( 01023 _When_(AllocateDestinationString, _Out_ _At_(DestinationString->Buffer, __drv_allocatesMem(Mem))) 01024 _When_(!AllocateDestinationString, _Inout_) 01025 PUNICODE_STRING DestinationString, 01026 _In_ PCOEM_STRING SourceString, 01027 _In_ BOOLEAN AllocateDestinationString); 01028 01029 _IRQL_requires_max_(PASSIVE_LEVEL) 01030 _Must_inspect_result_ 01031 NTSYSAPI 01032 NTSTATUS 01033 NTAPI 01034 RtlUnicodeStringToOemString( 01035 _When_(AllocateDestinationString, _Out_ _At_(DestinationString->Buffer, __drv_allocatesMem(Mem))) 01036 _When_(!AllocateDestinationString, _Inout_) 01037 POEM_STRING DestinationString, 01038 _In_ PCUNICODE_STRING SourceString, 01039 _In_ BOOLEAN AllocateDestinationString); 01040 01041 _IRQL_requires_max_(PASSIVE_LEVEL) 01042 _Must_inspect_result_ 01043 NTSYSAPI 01044 NTSTATUS 01045 NTAPI 01046 RtlUpcaseUnicodeStringToOemString( 01047 _When_(AllocateDestinationString, _Out_ _At_(DestinationString->Buffer, __drv_allocatesMem(Mem))) 01048 _When_(!AllocateDestinationString, _Inout_) 01049 POEM_STRING DestinationString, 01050 _In_ PCUNICODE_STRING SourceString, 01051 _In_ BOOLEAN AllocateDestinationString); 01052 01053 _IRQL_requires_max_(PASSIVE_LEVEL) 01054 _Must_inspect_result_ 01055 NTSYSAPI 01056 NTSTATUS 01057 NTAPI 01058 RtlOemStringToCountedUnicodeString( 01059 _When_(AllocateDestinationString, _Out_ _At_(DestinationString->Buffer, __drv_allocatesMem(Mem))) 01060 _When_(!AllocateDestinationString, _Inout_) 01061 PUNICODE_STRING DestinationString, 01062 _In_ PCOEM_STRING SourceString, 01063 _In_ BOOLEAN AllocateDestinationString); 01064 01065 _IRQL_requires_max_(PASSIVE_LEVEL) 01066 _Must_inspect_result_ 01067 NTSYSAPI 01068 NTSTATUS 01069 NTAPI 01070 RtlUnicodeStringToCountedOemString( 01071 _When_(AllocateDestinationString, _Out_ _At_(DestinationString->Buffer, __drv_allocatesMem(Mem))) 01072 _When_(!AllocateDestinationString, _Inout_) 01073 POEM_STRING DestinationString, 01074 _In_ PCUNICODE_STRING SourceString, 01075 _In_ BOOLEAN AllocateDestinationString); 01076 01077 _IRQL_requires_max_(PASSIVE_LEVEL) 01078 _Must_inspect_result_ 01079 NTSYSAPI 01080 NTSTATUS 01081 NTAPI 01082 RtlUpcaseUnicodeStringToCountedOemString( 01083 _When_(AllocateDestinationString, _Out_ _At_(DestinationString->Buffer, __drv_allocatesMem(Mem))) 01084 _When_(!AllocateDestinationString, _Inout_) 01085 POEM_STRING DestinationString, 01086 _In_ PCUNICODE_STRING SourceString, 01087 _In_ BOOLEAN AllocateDestinationString); 01088 01089 _IRQL_requires_max_(PASSIVE_LEVEL) 01090 _When_(AllocateDestinationString, _Must_inspect_result_) 01091 NTSYSAPI 01092 NTSTATUS 01093 NTAPI 01094 RtlDowncaseUnicodeString( 01095 _When_(AllocateDestinationString, _Out_ _At_(UniDest->Buffer, __drv_allocatesMem(Mem))) 01096 _When_(!AllocateDestinationString, _Inout_) 01097 PUNICODE_STRING UniDest, 01098 _In_ PCUNICODE_STRING UniSource, 01099 _In_ BOOLEAN AllocateDestinationString); 01100 01101 _IRQL_requires_max_(PASSIVE_LEVEL) 01102 NTSYSAPI 01103 VOID 01104 NTAPI 01105 RtlFreeOemString( 01106 _Inout_ _At_(OemString->Buffer, __drv_freesMem(Mem)) POEM_STRING OemString); 01107 01108 _IRQL_requires_max_(PASSIVE_LEVEL) 01109 NTSYSAPI 01110 ULONG 01111 NTAPI 01112 RtlxUnicodeStringToOemSize( 01113 _In_ PCUNICODE_STRING UnicodeString); 01114 01115 _IRQL_requires_max_(PASSIVE_LEVEL) 01116 NTSYSAPI 01117 ULONG 01118 NTAPI 01119 RtlxOemStringToUnicodeSize( 01120 _In_ PCOEM_STRING OemString); 01121 01122 _IRQL_requires_max_(PASSIVE_LEVEL) 01123 NTSYSAPI 01124 NTSTATUS 01125 NTAPI 01126 RtlMultiByteToUnicodeN( 01127 _Out_writes_bytes_to_(MaxBytesInUnicodeString, *BytesInUnicodeString) PWCH UnicodeString, 01128 _In_ ULONG MaxBytesInUnicodeString, 01129 _Out_opt_ PULONG BytesInUnicodeString, 01130 _In_reads_bytes_(BytesInMultiByteString) const CHAR *MultiByteString, 01131 _In_ ULONG BytesInMultiByteString); 01132 01133 _IRQL_requires_max_(PASSIVE_LEVEL) 01134 NTSYSAPI 01135 NTSTATUS 01136 NTAPI 01137 RtlMultiByteToUnicodeSize( 01138 _Out_ PULONG BytesInUnicodeString, 01139 _In_reads_bytes_(BytesInMultiByteString) const CHAR *MultiByteString, 01140 _In_ ULONG BytesInMultiByteString); 01141 01142 _IRQL_requires_max_(PASSIVE_LEVEL) 01143 NTSYSAPI 01144 NTSTATUS 01145 NTAPI 01146 RtlUnicodeToMultiByteSize( 01147 _Out_ PULONG BytesInMultiByteString, 01148 _In_reads_bytes_(BytesInUnicodeString) PCWCH UnicodeString, 01149 _In_ ULONG BytesInUnicodeString); 01150 01151 _IRQL_requires_max_(PASSIVE_LEVEL) 01152 NTSYSAPI 01153 NTSTATUS 01154 NTAPI 01155 RtlUnicodeToMultiByteN( 01156 _Out_writes_bytes_to_(MaxBytesInMultiByteString, *BytesInMultiByteString) PCHAR MultiByteString, 01157 _In_ ULONG MaxBytesInMultiByteString, 01158 _Out_opt_ PULONG BytesInMultiByteString, 01159 _In_reads_bytes_(BytesInUnicodeString) PCWCH UnicodeString, 01160 _In_ ULONG BytesInUnicodeString); 01161 01162 _IRQL_requires_max_(PASSIVE_LEVEL) 01163 NTSYSAPI 01164 NTSTATUS 01165 NTAPI 01166 RtlUpcaseUnicodeToMultiByteN( 01167 _Out_writes_bytes_to_(MaxBytesInMultiByteString, *BytesInMultiByteString) PCHAR MultiByteString, 01168 _In_ ULONG MaxBytesInMultiByteString, 01169 _Out_opt_ PULONG BytesInMultiByteString, 01170 _In_reads_bytes_(BytesInUnicodeString) PCWCH UnicodeString, 01171 _In_ ULONG BytesInUnicodeString); 01172 01173 _IRQL_requires_max_(PASSIVE_LEVEL) 01174 NTSYSAPI 01175 NTSTATUS 01176 NTAPI 01177 RtlOemToUnicodeN( 01178 _Out_writes_bytes_to_(MaxBytesInUnicodeString, *BytesInUnicodeString) PWSTR UnicodeString, 01179 _In_ ULONG MaxBytesInUnicodeString, 01180 _Out_opt_ PULONG BytesInUnicodeString, 01181 _In_reads_bytes_(BytesInOemString) PCCH OemString, 01182 _In_ ULONG BytesInOemString); 01183 01184 _IRQL_requires_max_(PASSIVE_LEVEL) 01185 NTSYSAPI 01186 NTSTATUS 01187 NTAPI 01188 RtlUnicodeToOemN( 01189 _Out_writes_bytes_to_(MaxBytesInOemString, *BytesInOemString) PCHAR OemString, 01190 _In_ ULONG MaxBytesInOemString, 01191 _Out_opt_ PULONG BytesInOemString, 01192 _In_reads_bytes_(BytesInUnicodeString) PCWCH UnicodeString, 01193 _In_ ULONG BytesInUnicodeString); 01194 01195 _IRQL_requires_max_(PASSIVE_LEVEL) 01196 NTSYSAPI 01197 NTSTATUS 01198 NTAPI 01199 RtlUpcaseUnicodeToOemN( 01200 _Out_writes_bytes_to_(MaxBytesInOemString, *BytesInOemString) PCHAR OemString, 01201 _In_ ULONG MaxBytesInOemString, 01202 _Out_opt_ PULONG BytesInOemString, 01203 _In_reads_bytes_(BytesInUnicodeString) PCWCH UnicodeString, 01204 _In_ ULONG BytesInUnicodeString); 01205 01206 #if (NTDDI_VERSION >= NTDDI_VISTASP1) 01207 _IRQL_requires_max_(PASSIVE_LEVEL) 01208 NTSYSAPI 01209 NTSTATUS 01210 NTAPI 01211 RtlGenerate8dot3Name( 01212 _In_ PCUNICODE_STRING Name, 01213 _In_ BOOLEAN AllowExtendedCharacters, 01214 _Inout_ PGENERATE_NAME_CONTEXT Context, 01215 _Inout_ PUNICODE_STRING Name8dot3); 01216 #else 01217 _IRQL_requires_max_(PASSIVE_LEVEL) 01218 NTSYSAPI 01219 VOID 01220 NTAPI 01221 RtlGenerate8dot3Name( 01222 _In_ PCUNICODE_STRING Name, 01223 _In_ BOOLEAN AllowExtendedCharacters, 01224 _Inout_ PGENERATE_NAME_CONTEXT Context, 01225 _Inout_ PUNICODE_STRING Name8dot3); 01226 #endif 01227 01228 _IRQL_requires_max_(PASSIVE_LEVEL) 01229 _Must_inspect_result_ 01230 NTSYSAPI 01231 BOOLEAN 01232 NTAPI 01233 RtlIsNameLegalDOS8Dot3( 01234 _In_ PCUNICODE_STRING Name, 01235 _Inout_opt_ POEM_STRING OemName, 01236 _Out_opt_ PBOOLEAN NameContainsSpaces); 01237 01238 _IRQL_requires_max_(PASSIVE_LEVEL) 01239 _Must_inspect_result_ 01240 NTSYSAPI 01241 BOOLEAN 01242 NTAPI 01243 RtlIsValidOemCharacter( 01244 _Inout_ PWCHAR Char); 01245 01246 _IRQL_requires_max_(PASSIVE_LEVEL) 01247 NTSYSAPI 01248 VOID 01249 NTAPI 01250 PfxInitialize( 01251 _Out_ PPREFIX_TABLE PrefixTable); 01252 01253 _IRQL_requires_max_(PASSIVE_LEVEL) 01254 NTSYSAPI 01255 BOOLEAN 01256 NTAPI 01257 PfxInsertPrefix( 01258 _In_ PPREFIX_TABLE PrefixTable, 01259 _In_ __drv_aliasesMem PSTRING Prefix, 01260 _Out_ PPREFIX_TABLE_ENTRY PrefixTableEntry); 01261 01262 _IRQL_requires_max_(PASSIVE_LEVEL) 01263 NTSYSAPI 01264 VOID 01265 NTAPI 01266 PfxRemovePrefix( 01267 _In_ PPREFIX_TABLE PrefixTable, 01268 _In_ PPREFIX_TABLE_ENTRY PrefixTableEntry); 01269 01270 _IRQL_requires_max_(PASSIVE_LEVEL) 01271 _Must_inspect_result_ 01272 NTSYSAPI 01273 PPREFIX_TABLE_ENTRY 01274 NTAPI 01275 PfxFindPrefix( 01276 _In_ PPREFIX_TABLE PrefixTable, 01277 _In_ PSTRING FullName); 01278 01279 _IRQL_requires_max_(PASSIVE_LEVEL) 01280 NTSYSAPI 01281 VOID 01282 NTAPI 01283 RtlInitializeUnicodePrefix( 01284 _Out_ PUNICODE_PREFIX_TABLE PrefixTable); 01285 01286 _IRQL_requires_max_(PASSIVE_LEVEL) 01287 NTSYSAPI 01288 BOOLEAN 01289 NTAPI 01290 RtlInsertUnicodePrefix( 01291 _In_ PUNICODE_PREFIX_TABLE PrefixTable, 01292 _In_ __drv_aliasesMem PUNICODE_STRING Prefix, 01293 _Out_ PUNICODE_PREFIX_TABLE_ENTRY PrefixTableEntry); 01294 01295 _IRQL_requires_max_(PASSIVE_LEVEL) 01296 NTSYSAPI 01297 VOID 01298 NTAPI 01299 RtlRemoveUnicodePrefix( 01300 _In_ PUNICODE_PREFIX_TABLE PrefixTable, 01301 _In_ PUNICODE_PREFIX_TABLE_ENTRY PrefixTableEntry); 01302 01303 _IRQL_requires_max_(PASSIVE_LEVEL) 01304 _Must_inspect_result_ 01305 NTSYSAPI 01306 PUNICODE_PREFIX_TABLE_ENTRY 01307 NTAPI 01308 RtlFindUnicodePrefix( 01309 _In_ PUNICODE_PREFIX_TABLE PrefixTable, 01310 _In_ PUNICODE_STRING FullName, 01311 _In_ ULONG CaseInsensitiveIndex); 01312 01313 _IRQL_requires_max_(PASSIVE_LEVEL) 01314 _Must_inspect_result_ 01315 NTSYSAPI 01316 PUNICODE_PREFIX_TABLE_ENTRY 01317 NTAPI 01318 RtlNextUnicodePrefix( 01319 _In_ PUNICODE_PREFIX_TABLE PrefixTable, 01320 _In_ BOOLEAN Restart); 01321 01322 _Must_inspect_result_ 01323 NTSYSAPI 01324 SIZE_T 01325 NTAPI 01326 RtlCompareMemoryUlong( 01327 _In_reads_bytes_(Length) PVOID Source, 01328 _In_ SIZE_T Length, 01329 _In_ ULONG Pattern); 01330 01331 _Success_(return != 0) 01332 NTSYSAPI 01333 BOOLEAN 01334 NTAPI 01335 RtlTimeToSecondsSince1980( 01336 _In_ PLARGE_INTEGER Time, 01337 _Out_ PULONG ElapsedSeconds); 01338 01339 NTSYSAPI 01340 VOID 01341 NTAPI 01342 RtlSecondsSince1980ToTime( 01343 _In_ ULONG ElapsedSeconds, 01344 _Out_ PLARGE_INTEGER Time); 01345 01346 _Success_(return != 0) 01347 NTSYSAPI 01348 BOOLEAN 01349 NTAPI 01350 RtlTimeToSecondsSince1970( 01351 _In_ PLARGE_INTEGER Time, 01352 _Out_ PULONG ElapsedSeconds); 01353 01354 NTSYSAPI 01355 VOID 01356 NTAPI 01357 RtlSecondsSince1970ToTime( 01358 _In_ ULONG ElapsedSeconds, 01359 _Out_ PLARGE_INTEGER Time); 01360 01361 _IRQL_requires_max_(APC_LEVEL) 01362 _Must_inspect_result_ 01363 NTSYSAPI 01364 BOOLEAN 01365 NTAPI 01366 RtlValidSid( 01367 _In_ PSID Sid); 01368 01369 _Must_inspect_result_ 01370 NTSYSAPI 01371 BOOLEAN 01372 NTAPI 01373 RtlEqualSid( 01374 _In_ PSID Sid1, 01375 _In_ PSID Sid2); 01376 01377 _IRQL_requires_max_(APC_LEVEL) 01378 _Must_inspect_result_ 01379 NTSYSAPI 01380 BOOLEAN 01381 NTAPI 01382 RtlEqualPrefixSid( 01383 _In_ PSID Sid1, 01384 _In_ PSID Sid2); 01385 01386 _IRQL_requires_max_(APC_LEVEL) 01387 NTSYSAPI 01388 ULONG 01389 NTAPI 01390 RtlLengthRequiredSid( 01391 _In_ ULONG SubAuthorityCount); 01392 01393 NTSYSAPI 01394 PVOID 01395 NTAPI 01396 RtlFreeSid( 01397 _In_ _Post_invalid_ PSID Sid); 01398 01399 _Must_inspect_result_ 01400 NTSYSAPI 01401 NTSTATUS 01402 NTAPI 01403 RtlAllocateAndInitializeSid( 01404 _In_ PSID_IDENTIFIER_AUTHORITY IdentifierAuthority, 01405 _In_ UCHAR SubAuthorityCount, 01406 _In_ ULONG SubAuthority0, 01407 _In_ ULONG SubAuthority1, 01408 _In_ ULONG SubAuthority2, 01409 _In_ ULONG SubAuthority3, 01410 _In_ ULONG SubAuthority4, 01411 _In_ ULONG SubAuthority5, 01412 _In_ ULONG SubAuthority6, 01413 _In_ ULONG SubAuthority7, 01414 _Outptr_ PSID *Sid); 01415 01416 _IRQL_requires_max_(APC_LEVEL) 01417 NTSYSAPI 01418 NTSTATUS 01419 NTAPI 01420 RtlInitializeSid( 01421 _Out_ PSID Sid, 01422 _In_ PSID_IDENTIFIER_AUTHORITY IdentifierAuthority, 01423 _In_ UCHAR SubAuthorityCount); 01424 01425 NTSYSAPI 01426 PULONG 01427 NTAPI 01428 RtlSubAuthoritySid( 01429 _In_ PSID Sid, 01430 _In_ ULONG SubAuthority); 01431 01432 _Post_satisfies_(return >= 8 && return <= SECURITY_MAX_SID_SIZE) 01433 NTSYSAPI 01434 ULONG 01435 NTAPI 01436 RtlLengthSid( 01437 _In_ PSID Sid); 01438 01439 _IRQL_requires_max_(APC_LEVEL) 01440 NTSYSAPI 01441 NTSTATUS 01442 NTAPI 01443 RtlCopySid( 01444 _In_ ULONG Length, 01445 _Out_writes_bytes_(Length) PSID Destination, 01446 _In_ PSID Source); 01447 01448 _IRQL_requires_max_(APC_LEVEL) 01449 NTSYSAPI 01450 NTSTATUS 01451 NTAPI 01452 RtlConvertSidToUnicodeString( 01453 _Inout_ PUNICODE_STRING UnicodeString, 01454 _In_ PSID Sid, 01455 _In_ BOOLEAN AllocateDestinationString); 01456 01457 _IRQL_requires_max_(APC_LEVEL) 01458 NTSYSAPI 01459 VOID 01460 NTAPI 01461 RtlCopyLuid( 01462 _Out_ PLUID DestinationLuid, 01463 _In_ PLUID SourceLuid); 01464 01465 _IRQL_requires_max_(APC_LEVEL) 01466 NTSYSAPI 01467 NTSTATUS 01468 NTAPI 01469 RtlCreateAcl( 01470 _Out_writes_bytes_(AclLength) PACL Acl, 01471 _In_ ULONG AclLength, 01472 _In_ ULONG AclRevision); 01473 01474 _IRQL_requires_max_(APC_LEVEL) 01475 NTSYSAPI 01476 NTSTATUS 01477 NTAPI 01478 RtlAddAce( 01479 _Inout_ PACL Acl, 01480 _In_ ULONG AceRevision, 01481 _In_ ULONG StartingAceIndex, 01482 _In_reads_bytes_(AceListLength) PVOID AceList, 01483 _In_ ULONG AceListLength); 01484 01485 _IRQL_requires_max_(APC_LEVEL) 01486 NTSYSAPI 01487 NTSTATUS 01488 NTAPI 01489 RtlDeleteAce( 01490 _Inout_ PACL Acl, 01491 _In_ ULONG AceIndex); 01492 01493 NTSYSAPI 01494 NTSTATUS 01495 NTAPI 01496 RtlGetAce( 01497 _In_ PACL Acl, 01498 _In_ ULONG AceIndex, 01499 _Outptr_ PVOID *Ace); 01500 01501 _IRQL_requires_max_(APC_LEVEL) 01502 NTSYSAPI 01503 NTSTATUS 01504 NTAPI 01505 RtlAddAccessAllowedAce( 01506 _Inout_ PACL Acl, 01507 _In_ ULONG AceRevision, 01508 _In_ ACCESS_MASK AccessMask, 01509 _In_ PSID Sid); 01510 01511 _IRQL_requires_max_(APC_LEVEL) 01512 NTSYSAPI 01513 NTSTATUS 01514 NTAPI 01515 RtlAddAccessAllowedAceEx( 01516 _Inout_ PACL Acl, 01517 _In_ ULONG AceRevision, 01518 _In_ ULONG AceFlags, 01519 _In_ ACCESS_MASK AccessMask, 01520 _In_ PSID Sid); 01521 01522 _IRQL_requires_max_(APC_LEVEL) 01523 NTSYSAPI 01524 NTSTATUS 01525 NTAPI 01526 RtlCreateSecurityDescriptorRelative( 01527 _Out_ PISECURITY_DESCRIPTOR_RELATIVE SecurityDescriptor, 01528 _In_ ULONG Revision); 01529 01530 NTSYSAPI 01531 NTSTATUS 01532 NTAPI 01533 RtlGetDaclSecurityDescriptor( 01534 _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, 01535 _Out_ PBOOLEAN DaclPresent, 01536 _Out_ PACL *Dacl, 01537 _Out_ PBOOLEAN DaclDefaulted); 01538 01539 _IRQL_requires_max_(APC_LEVEL) 01540 NTSYSAPI 01541 NTSTATUS 01542 NTAPI 01543 RtlSetOwnerSecurityDescriptor( 01544 _Inout_ PSECURITY_DESCRIPTOR SecurityDescriptor, 01545 _In_opt_ PSID Owner, 01546 _In_opt_ BOOLEAN OwnerDefaulted); 01547 01548 _IRQL_requires_max_(APC_LEVEL) 01549 NTSYSAPI 01550 NTSTATUS 01551 NTAPI 01552 RtlGetOwnerSecurityDescriptor( 01553 _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, 01554 _Out_ PSID *Owner, 01555 _Out_ PBOOLEAN OwnerDefaulted); 01556 01557 _IRQL_requires_max_(APC_LEVEL) 01558 _When_(Status < 0, _Out_range_(>, 0)) 01559 _When_(Status >= 0, _Out_range_(==, 0)) 01560 NTSYSAPI 01561 ULONG 01562 NTAPI 01563 RtlNtStatusToDosError( 01564 _In_ NTSTATUS Status); 01565 01566 _IRQL_requires_max_(PASSIVE_LEVEL) 01567 NTSYSAPI 01568 NTSTATUS 01569 NTAPI 01570 RtlCustomCPToUnicodeN( 01571 _In_ PCPTABLEINFO CustomCP, 01572 _Out_writes_bytes_to_(MaxBytesInUnicodeString, *BytesInUnicodeString) PWCH UnicodeString, 01573 _In_ ULONG MaxBytesInUnicodeString, 01574 _Out_opt_ PULONG BytesInUnicodeString, 01575 _In_reads_bytes_(BytesInCustomCPString) PCH CustomCPString, 01576 _In_ ULONG BytesInCustomCPString); 01577 01578 _IRQL_requires_max_(PASSIVE_LEVEL) 01579 NTSYSAPI 01580 NTSTATUS 01581 NTAPI 01582 RtlUnicodeToCustomCPN( 01583 _In_ PCPTABLEINFO CustomCP, 01584 _Out_writes_bytes_to_(MaxBytesInCustomCPString, *BytesInCustomCPString) PCH CustomCPString, 01585 _In_ ULONG MaxBytesInCustomCPString, 01586 _Out_opt_ PULONG BytesInCustomCPString, 01587 _In_reads_bytes_(BytesInUnicodeString) PWCH UnicodeString, 01588 _In_ ULONG BytesInUnicodeString); 01589 01590 _IRQL_requires_max_(PASSIVE_LEVEL) 01591 NTSYSAPI 01592 NTSTATUS 01593 NTAPI 01594 RtlUpcaseUnicodeToCustomCPN( 01595 _In_ PCPTABLEINFO CustomCP, 01596 _Out_writes_bytes_to_(MaxBytesInCustomCPString, *BytesInCustomCPString) PCH CustomCPString, 01597 _In_ ULONG MaxBytesInCustomCPString, 01598 _Out_opt_ PULONG BytesInCustomCPString, 01599 _In_reads_bytes_(BytesInUnicodeString) PWCH UnicodeString, 01600 _In_ ULONG BytesInUnicodeString); 01601 01602 _IRQL_requires_max_(PASSIVE_LEVEL) 01603 NTSYSAPI 01604 VOID 01605 NTAPI 01606 RtlInitCodePageTable( 01607 _In_ PUSHORT TableBase, 01608 _Inout_ PCPTABLEINFO CodePageTable); 01609 01610 01611 #endif /* (NTDDI_VERSION >= NTDDI_WIN2K) */ 01612 01613 01614 #if (NTDDI_VERSION >= NTDDI_WINXP) 01615 01616 01617 01618 _Must_inspect_result_ 01619 NTSYSAPI 01620 PVOID 01621 NTAPI 01622 RtlCreateHeap( 01623 _In_ ULONG Flags, 01624 _In_opt_ PVOID HeapBase, 01625 _In_opt_ SIZE_T ReserveSize, 01626 _In_opt_ SIZE_T CommitSize, 01627 _In_opt_ PVOID Lock, 01628 _In_opt_ PRTL_HEAP_PARAMETERS Parameters); 01629 01630 NTSYSAPI 01631 PVOID 01632 NTAPI 01633 RtlDestroyHeap( 01634 _In_ _Post_invalid_ PVOID HeapHandle); 01635 01636 NTSYSAPI 01637 USHORT 01638 NTAPI 01639 RtlCaptureStackBackTrace( 01640 _In_ ULONG FramesToSkip, 01641 _In_ ULONG FramesToCapture, 01642 _Out_writes_to_(FramesToCapture, return) PVOID *BackTrace, 01643 _Out_opt_ PULONG BackTraceHash); 01644 01645 _Ret_range_(<, MAXLONG) 01646 NTSYSAPI 01647 ULONG 01648 NTAPI 01649 RtlRandomEx( 01650 _Inout_ PULONG Seed); 01651 01652 _IRQL_requires_max_(DISPATCH_LEVEL) 01653 NTSYSAPI 01654 NTSTATUS 01655 NTAPI 01656 RtlInitUnicodeStringEx( 01657 _Out_ PUNICODE_STRING DestinationString, 01658 _In_opt_z_ __drv_aliasesMem PCWSTR SourceString); 01659 01660 _Must_inspect_result_ 01661 NTSYSAPI 01662 NTSTATUS 01663 NTAPI 01664 RtlValidateUnicodeString( 01665 _In_ ULONG Flags, 01666 _In_ PCUNICODE_STRING String); 01667 01668 _IRQL_requires_max_(PASSIVE_LEVEL) 01669 _Must_inspect_result_ 01670 NTSYSAPI 01671 NTSTATUS 01672 NTAPI 01673 RtlDuplicateUnicodeString( 01674 _In_ ULONG Flags, 01675 _In_ PCUNICODE_STRING SourceString, 01676 _Out_ _At_(DestinationString->Buffer, __drv_allocatesMem(Mem)) PUNICODE_STRING DestinationString); 01677 01678 NTSYSAPI 01679 NTSTATUS 01680 NTAPI 01681 RtlGetCompressionWorkSpaceSize( 01682 _In_ USHORT CompressionFormatAndEngine, 01683 _Out_ PULONG CompressBufferWorkSpaceSize, 01684 _Out_ PULONG CompressFragmentWorkSpaceSize); 01685 01686 NTSYSAPI 01687 NTSTATUS 01688 NTAPI 01689 RtlCompressBuffer( 01690 _In_ USHORT CompressionFormatAndEngine, 01691 _In_reads_bytes_(UncompressedBufferSize) PUCHAR UncompressedBuffer, 01692 _In_ ULONG UncompressedBufferSize, 01693 _Out_writes_bytes_to_(CompressedBufferSize, *FinalCompressedSize) PUCHAR CompressedBuffer, 01694 _In_ ULONG CompressedBufferSize, 01695 _In_ ULONG UncompressedChunkSize, 01696 _Out_ PULONG FinalCompressedSize, 01697 _In_ PVOID WorkSpace); 01698 01699 _IRQL_requires_max_(APC_LEVEL) 01700 NTSYSAPI 01701 NTSTATUS 01702 NTAPI 01703 RtlDecompressBuffer( 01704 _In_ USHORT CompressionFormat, 01705 _Out_writes_bytes_to_(UncompressedBufferSize, *FinalUncompressedSize) PUCHAR UncompressedBuffer, 01706 _In_ ULONG UncompressedBufferSize, 01707 _In_reads_bytes_(CompressedBufferSize) PUCHAR CompressedBuffer, 01708 _In_ ULONG CompressedBufferSize, 01709 _Out_ PULONG FinalUncompressedSize); 01710 01711 _IRQL_requires_max_(APC_LEVEL) 01712 NTSYSAPI 01713 NTSTATUS 01714 NTAPI 01715 RtlDecompressFragment( 01716 _In_ USHORT CompressionFormat, 01717 _Out_writes_bytes_to_(UncompressedFragmentSize, *FinalUncompressedSize) PUCHAR UncompressedFragment, 01718 _In_ ULONG UncompressedFragmentSize, 01719 _In_reads_bytes_(CompressedBufferSize) PUCHAR CompressedBuffer, 01720 _In_ ULONG CompressedBufferSize, 01721 _In_range_(<, CompressedBufferSize) ULONG FragmentOffset, 01722 _Out_ PULONG FinalUncompressedSize, 01723 _In_ PVOID WorkSpace); 01724 01725 _IRQL_requires_max_(APC_LEVEL) 01726 NTSYSAPI 01727 NTSTATUS 01728 NTAPI 01729 RtlDescribeChunk( 01730 _In_ USHORT CompressionFormat, 01731 _Inout_ PUCHAR *CompressedBuffer, 01732 _In_ PUCHAR EndOfCompressedBufferPlus1, 01733 _Out_ PUCHAR *ChunkBuffer, 01734 _Out_ PULONG ChunkSize); 01735 01736 _IRQL_requires_max_(APC_LEVEL) 01737 NTSYSAPI 01738 NTSTATUS 01739 NTAPI 01740 RtlReserveChunk( 01741 _In_ USHORT CompressionFormat, 01742 _Inout_ PUCHAR *CompressedBuffer, 01743 _In_ PUCHAR EndOfCompressedBufferPlus1, 01744 _Out_ PUCHAR *ChunkBuffer, 01745 _In_ ULONG ChunkSize); 01746 01747 _IRQL_requires_max_(APC_LEVEL) 01748 NTSYSAPI 01749 NTSTATUS 01750 NTAPI 01751 RtlDecompressChunks( 01752 _Out_writes_bytes_(UncompressedBufferSize) PUCHAR UncompressedBuffer, 01753 _In_ ULONG UncompressedBufferSize, 01754 _In_reads_bytes_(CompressedBufferSize) PUCHAR CompressedBuffer, 01755 _In_ ULONG CompressedBufferSize, 01756 _In_reads_bytes_(CompressedTailSize) PUCHAR CompressedTail, 01757 _In_ ULONG CompressedTailSize, 01758 _In_ PCOMPRESSED_DATA_INFO CompressedDataInfo); 01759 01760 _IRQL_requires_max_(APC_LEVEL) 01761 NTSYSAPI 01762 NTSTATUS 01763 NTAPI 01764 RtlCompressChunks( 01765 _In_reads_bytes_(UncompressedBufferSize) PUCHAR UncompressedBuffer, 01766 _In_ ULONG UncompressedBufferSize, 01767 _Out_writes_bytes_(CompressedBufferSize) PUCHAR CompressedBuffer, 01768 _In_range_(>=, (UncompressedBufferSize - (UncompressedBufferSize / 16))) ULONG CompressedBufferSize, 01769 _Inout_updates_bytes_(CompressedDataInfoLength) PCOMPRESSED_DATA_INFO CompressedDataInfo, 01770 _In_range_(>, sizeof(COMPRESSED_DATA_INFO)) ULONG CompressedDataInfoLength, 01771 _In_ PVOID WorkSpace); 01772 01773 _IRQL_requires_max_(APC_LEVEL) 01774 NTSYSAPI 01775 PSID_IDENTIFIER_AUTHORITY 01776 NTAPI 01777 RtlIdentifierAuthoritySid( 01778 _In_ PSID Sid); 01779 01780 NTSYSAPI 01781 PUCHAR 01782 NTAPI 01783 RtlSubAuthorityCountSid( 01784 _In_ PSID Sid); 01785 01786 _When_(Status < 0, _Out_range_(>, 0)) 01787 _When_(Status >= 0, _Out_range_(==, 0)) 01788 NTSYSAPI 01789 ULONG 01790 NTAPI 01791 RtlNtStatusToDosErrorNoTeb( 01792 _In_ NTSTATUS Status); 01793 01794 _IRQL_requires_max_(PASSIVE_LEVEL) 01795 NTSYSAPI 01796 NTSTATUS 01797 NTAPI 01798 RtlCreateSystemVolumeInformationFolder( 01799 _In_ PCUNICODE_STRING VolumeRootPath); 01800 01801 #if defined(_M_AMD64) 01802 01803 FORCEINLINE 01804 VOID 01805 RtlFillMemoryUlong( 01806 _Out_writes_bytes_all_(Length) PVOID Destination, 01807 _In_ SIZE_T Length, 01808 _In_ ULONG Pattern) 01809 { 01810 PULONG Address = (PULONG)Destination; 01811 if ((Length /= 4) != 0) { 01812 if (((ULONG64)Address & 4) != 0) { 01813 *Address = Pattern; 01814 if ((Length -= 1) == 0) { 01815 return; 01816 } 01817 Address += 1; 01818 } 01819 __stosq((PULONG64)(Address), Pattern | ((ULONG64)Pattern << 32), Length / 2); 01820 if ((Length & 1) != 0) Address[Length - 1] = Pattern; 01821 } 01822 return; 01823 } 01824 01825 #define RtlFillMemoryUlonglong(Destination, Length, Pattern) \ 01826 __stosq((PULONG64)(Destination), Pattern, (Length) / 8) 01827 01828 #else 01829 01830 NTSYSAPI 01831 VOID 01832 NTAPI 01833 RtlFillMemoryUlong( 01834 OUT PVOID Destination, 01835 IN SIZE_T Length, 01836 IN ULONG Pattern); 01837 01838 NTSYSAPI 01839 VOID 01840 NTAPI 01841 RtlFillMemoryUlonglong( 01842 _Out_writes_bytes_all_(Length) PVOID Destination, 01843 _In_ SIZE_T Length, 01844 _In_ ULONGLONG Pattern); 01845 01846 #endif /* defined(_M_AMD64) */ 01847 01848 #endif /* (NTDDI_VERSION >= NTDDI_WINXP) */ 01849 01850 #if (NTDDI_VERSION >= NTDDI_WS03) 01851 _IRQL_requires_max_(DISPATCH_LEVEL) 01852 NTSYSAPI 01853 NTSTATUS 01854 NTAPI 01855 RtlInitAnsiStringEx( 01856 _Out_ PANSI_STRING DestinationString, 01857 _In_opt_z_ __drv_aliasesMem PCSZ SourceString); 01858 #endif 01859 01860 #if (NTDDI_VERSION >= NTDDI_WS03SP1) 01861 01862 _IRQL_requires_max_(APC_LEVEL) 01863 NTSYSAPI 01864 NTSTATUS 01865 NTAPI 01866 RtlGetSaclSecurityDescriptor( 01867 _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, 01868 _Out_ PBOOLEAN SaclPresent, 01869 _Out_ PACL *Sacl, 01870 _Out_ PBOOLEAN SaclDefaulted); 01871 01872 _IRQL_requires_max_(APC_LEVEL) 01873 NTSYSAPI 01874 NTSTATUS 01875 NTAPI 01876 RtlSetGroupSecurityDescriptor( 01877 _Inout_ PSECURITY_DESCRIPTOR SecurityDescriptor, 01878 _In_opt_ PSID Group, 01879 _In_opt_ BOOLEAN GroupDefaulted); 01880 01881 _IRQL_requires_max_(APC_LEVEL) 01882 NTSYSAPI 01883 NTSTATUS 01884 NTAPI 01885 RtlGetGroupSecurityDescriptor( 01886 _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, 01887 _Out_ PSID *Group, 01888 _Out_ PBOOLEAN GroupDefaulted); 01889 01890 _IRQL_requires_max_(APC_LEVEL) 01891 NTSYSAPI 01892 NTSTATUS 01893 NTAPI 01894 RtlAbsoluteToSelfRelativeSD( 01895 _In_ PSECURITY_DESCRIPTOR AbsoluteSecurityDescriptor, 01896 _Out_writes_bytes_to_opt_(*BufferLength, *BufferLength) PSECURITY_DESCRIPTOR SelfRelativeSecurityDescriptor, 01897 _Inout_ PULONG BufferLength); 01898 01899 _IRQL_requires_max_(APC_LEVEL) 01900 NTSYSAPI 01901 NTSTATUS 01902 NTAPI 01903 RtlSelfRelativeToAbsoluteSD( 01904 _In_ PSECURITY_DESCRIPTOR SelfRelativeSecurityDescriptor, 01905 _Out_writes_bytes_to_opt_(*AbsoluteSecurityDescriptorSize, *AbsoluteSecurityDescriptorSize) PSECURITY_DESCRIPTOR AbsoluteSecurityDescriptor, 01906 _Inout_ PULONG AbsoluteSecurityDescriptorSize, 01907 _Out_writes_bytes_to_opt_(*DaclSize, *DaclSize) PACL Dacl, 01908 _Inout_ PULONG DaclSize, 01909 _Out_writes_bytes_to_opt_(*SaclSize, *SaclSize) PACL Sacl, 01910 _Inout_ PULONG SaclSize, 01911 _Out_writes_bytes_to_opt_(*OwnerSize, *OwnerSize) PSID Owner, 01912 _Inout_ PULONG OwnerSize, 01913 _Out_writes_bytes_to_opt_(*PrimaryGroupSize, *PrimaryGroupSize) PSID PrimaryGroup, 01914 _Inout_ PULONG PrimaryGroupSize); 01915 01916 #endif /* (NTDDI_VERSION >= NTDDI_WS03SP1) */ 01917 01918 #if (NTDDI_VERSION >= NTDDI_VISTA) 01919 01920 NTSYSAPI 01921 NTSTATUS 01922 NTAPI 01923 RtlNormalizeString( 01924 _In_ ULONG NormForm, 01925 _In_ PCWSTR SourceString, 01926 _In_ LONG SourceStringLength, 01927 _Out_writes_to_(*DestinationStringLength, *DestinationStringLength) PWSTR DestinationString, 01928 _Inout_ PLONG DestinationStringLength); 01929 01930 NTSYSAPI 01931 NTSTATUS 01932 NTAPI 01933 RtlIsNormalizedString( 01934 _In_ ULONG NormForm, 01935 _In_ PCWSTR SourceString, 01936 _In_ LONG SourceStringLength, 01937 _Out_ PBOOLEAN Normalized); 01938 01939 NTSYSAPI 01940 NTSTATUS 01941 NTAPI 01942 RtlIdnToAscii( 01943 _In_ ULONG Flags, 01944 _In_ PCWSTR SourceString, 01945 _In_ LONG SourceStringLength, 01946 _Out_writes_to_(*DestinationStringLength, *DestinationStringLength) PWSTR DestinationString, 01947 _Inout_ PLONG DestinationStringLength); 01948 01949 NTSYSAPI 01950 NTSTATUS 01951 NTAPI 01952 RtlIdnToUnicode( 01953 IN ULONG Flags, 01954 IN PCWSTR SourceString, 01955 IN LONG SourceStringLength, 01956 OUT PWSTR DestinationString, 01957 IN OUT PLONG DestinationStringLength); 01958 01959 NTSYSAPI 01960 NTSTATUS 01961 NTAPI 01962 RtlIdnToNameprepUnicode( 01963 _In_ ULONG Flags, 01964 _In_ PCWSTR SourceString, 01965 _In_ LONG SourceStringLength, 01966 _Out_writes_to_(*DestinationStringLength, *DestinationStringLength) PWSTR DestinationString, 01967 _Inout_ PLONG DestinationStringLength); 01968 01969 NTSYSAPI 01970 NTSTATUS 01971 NTAPI 01972 RtlCreateServiceSid( 01973 _In_ PUNICODE_STRING ServiceName, 01974 _Out_writes_bytes_opt_(*ServiceSidLength) PSID ServiceSid, 01975 _Inout_ PULONG ServiceSidLength); 01976 01977 NTSYSAPI 01978 LONG 01979 NTAPI 01980 RtlCompareAltitudes( 01981 _In_ PCUNICODE_STRING Altitude1, 01982 _In_ PCUNICODE_STRING Altitude2); 01983 01984 01985 #endif /* (NTDDI_VERSION >= NTDDI_VISTA) */ 01986 01987 #if (NTDDI_VERSION >= NTDDI_WIN7) 01988 01989 _IRQL_requires_max_(PASSIVE_LEVEL) 01990 _Must_inspect_result_ 01991 NTSYSAPI 01992 NTSTATUS 01993 NTAPI 01994 RtlUnicodeToUTF8N( 01995 _Out_writes_bytes_to_(UTF8StringMaxByteCount, *UTF8StringActualByteCount) PCHAR UTF8StringDestination, 01996 _In_ ULONG UTF8StringMaxByteCount, 01997 _Out_ PULONG UTF8StringActualByteCount, 01998 _In_reads_bytes_(UnicodeStringByteCount) PCWCH UnicodeStringSource, 01999 _In_ ULONG UnicodeStringByteCount); 02000 02001 _IRQL_requires_max_(PASSIVE_LEVEL) 02002 _Must_inspect_result_ 02003 NTSYSAPI 02004 NTSTATUS 02005 NTAPI 02006 RtlUTF8ToUnicodeN( 02007 _Out_writes_bytes_to_(UnicodeStringMaxByteCount, *UnicodeStringActualByteCount) PWSTR UnicodeStringDestination, 02008 _In_ ULONG UnicodeStringMaxByteCount, 02009 _Out_ PULONG UnicodeStringActualByteCount, 02010 _In_reads_bytes_(UTF8StringByteCount) PCCH UTF8StringSource, 02011 _In_ ULONG UTF8StringByteCount); 02012 02013 _IRQL_requires_max_(APC_LEVEL) 02014 NTSYSAPI 02015 NTSTATUS 02016 NTAPI 02017 RtlReplaceSidInSd( 02018 _Inout_ PSECURITY_DESCRIPTOR SecurityDescriptor, 02019 _In_ PSID OldSid, 02020 _In_ PSID NewSid, 02021 _Out_ ULONG *NumChanges); 02022 02023 NTSYSAPI 02024 NTSTATUS 02025 NTAPI 02026 RtlCreateVirtualAccountSid( 02027 _In_ PCUNICODE_STRING Name, 02028 _In_ ULONG BaseSubAuthority, 02029 _Out_writes_bytes_(*SidLength) PSID Sid, 02030 _Inout_ PULONG SidLength); 02031 02032 #endif /* (NTDDI_VERSION >= NTDDI_WIN7) */ 02033 02034 02035 #if defined(_AMD64_) || defined(_IA64_) 02036 02037 02038 02039 #endif /* defined(_AMD64_) || defined(_IA64_) */ 02040 02041 02042 02043 #define RTL_DUPLICATE_UNICODE_STRING_NULL_TERMINATE 1 02044 #define RTL_DUPLICATE_UNICODE_STRING_ALLOCATE_NULL_STRING 2 02045 02046 #define RtlUnicodeStringToOemSize(STRING) (NLS_MB_OEM_CODE_PAGE_TAG ? \ 02047 RtlxUnicodeStringToOemSize(STRING) : \ 02048 ((STRING)->Length + sizeof(UNICODE_NULL)) / sizeof(WCHAR) \ 02049 ) 02050 02051 #define RtlOemStringToUnicodeSize(STRING) ( \ 02052 NLS_MB_OEM_CODE_PAGE_TAG ? \ 02053 RtlxOemStringToUnicodeSize(STRING) : \ 02054 ((STRING)->Length + sizeof(ANSI_NULL)) * sizeof(WCHAR) \ 02055 ) 02056 02057 #define RtlOemStringToCountedUnicodeSize(STRING) ( \ 02058 (ULONG)(RtlOemStringToUnicodeSize(STRING) - sizeof(UNICODE_NULL)) \ 02059 ) 02060 02061 #define RtlOffsetToPointer(B,O) ((PCHAR)(((PCHAR)(B)) + ((ULONG_PTR)(O)))) 02062 #define RtlPointerToOffset(B,P) ((ULONG)(((PCHAR)(P)) - ((PCHAR)(B)))) 02063 02064 _IRQL_requires_max_(PASSIVE_LEVEL) 02065 __kernel_entry 02066 NTSYSCALLAPI 02067 NTSTATUS 02068 NTAPI 02069 NtQueryObject( 02070 _In_opt_ HANDLE Handle, 02071 _In_ OBJECT_INFORMATION_CLASS ObjectInformationClass, 02072 _Out_writes_bytes_opt_(ObjectInformationLength) PVOID ObjectInformation, 02073 _In_ ULONG ObjectInformationLength, 02074 _Out_opt_ PULONG ReturnLength); 02075 02076 #if (NTDDI_VERSION >= NTDDI_WIN2K) 02077 02078 _Must_inspect_result_ 02079 __kernel_entry 02080 NTSYSCALLAPI 02081 NTSTATUS 02082 NTAPI 02083 NtOpenThreadToken( 02084 _In_ HANDLE ThreadHandle, 02085 _In_ ACCESS_MASK DesiredAccess, 02086 _In_ BOOLEAN OpenAsSelf, 02087 _Out_ PHANDLE TokenHandle); 02088 02089 _Must_inspect_result_ 02090 __kernel_entry 02091 NTSYSCALLAPI 02092 NTSTATUS 02093 NTAPI 02094 NtOpenProcessToken( 02095 _In_ HANDLE ProcessHandle, 02096 _In_ ACCESS_MASK DesiredAccess, 02097 _Out_ PHANDLE TokenHandle); 02098 02099 _When_(TokenInformationClass == TokenAccessInformation, 02100 _At_(TokenInformationLength, 02101 _In_range_(>=, sizeof(TOKEN_ACCESS_INFORMATION)))) 02102 _Must_inspect_result_ 02103 __kernel_entry 02104 NTSYSCALLAPI 02105 NTSTATUS 02106 NTAPI 02107 NtQueryInformationToken( 02108 _In_ HANDLE TokenHandle, 02109 _In_ TOKEN_INFORMATION_CLASS TokenInformationClass, 02110 _Out_writes_bytes_to_opt_(TokenInformationLength, *ReturnLength) PVOID TokenInformation, 02111 _In_ ULONG TokenInformationLength, 02112 _Out_ PULONG ReturnLength); 02113 02114 _Must_inspect_result_ 02115 __kernel_entry 02116 NTSYSCALLAPI 02117 NTSTATUS 02118 NTAPI 02119 NtAdjustPrivilegesToken( 02120 _In_ HANDLE TokenHandle, 02121 _In_ BOOLEAN DisableAllPrivileges, 02122 _In_opt_ PTOKEN_PRIVILEGES NewState, 02123 _In_ ULONG BufferLength, 02124 _Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_PRIVILEGES PreviousState, 02125 _Out_ _When_(PreviousState == NULL, _Out_opt_) PULONG ReturnLength); 02126 02127 __kernel_entry 02128 NTSYSCALLAPI 02129 NTSTATUS 02130 NTAPI 02131 NtCreateFile( 02132 _Out_ PHANDLE FileHandle, 02133 _In_ ACCESS_MASK DesiredAccess, 02134 _In_ POBJECT_ATTRIBUTES ObjectAttributes, 02135 _Out_ PIO_STATUS_BLOCK IoStatusBlock, 02136 _In_opt_ PLARGE_INTEGER AllocationSize, 02137 _In_ ULONG FileAttributes, 02138 _In_ ULONG ShareAccess, 02139 _In_ ULONG CreateDisposition, 02140 _In_ ULONG CreateOptions, 02141 _In_reads_bytes_opt_(EaLength) PVOID EaBuffer, 02142 _In_ ULONG EaLength); 02143 02144 __kernel_entry 02145 NTSYSCALLAPI 02146 NTSTATUS 02147 NTAPI 02148 NtDeviceIoControlFile( 02149 _In_ HANDLE FileHandle, 02150 _In_opt_ HANDLE Event, 02151 _In_opt_ PIO_APC_ROUTINE ApcRoutine, 02152 _In_opt_ PVOID ApcContext, 02153 _Out_ PIO_STATUS_BLOCK IoStatusBlock, 02154 _In_ ULONG IoControlCode, 02155 _In_reads_bytes_opt_(InputBufferLength) PVOID InputBuffer, 02156 _In_ ULONG InputBufferLength, 02157 _Out_writes_bytes_opt_(OutputBufferLength) PVOID OutputBuffer, 02158 _In_ ULONG OutputBufferLength); 02159 02160 __kernel_entry 02161 NTSYSCALLAPI 02162 NTSTATUS 02163 NTAPI 02164 NtFsControlFile( 02165 _In_ HANDLE FileHandle, 02166 _In_opt_ HANDLE Event, 02167 _In_opt_ PIO_APC_ROUTINE ApcRoutine, 02168 _In_opt_ PVOID ApcContext, 02169 _Out_ PIO_STATUS_BLOCK IoStatusBlock, 02170 _In_ ULONG FsControlCode, 02171 _In_reads_bytes_opt_(InputBufferLength) PVOID InputBuffer, 02172 _In_ ULONG InputBufferLength, 02173 _Out_writes_bytes_opt_(OutputBufferLength) PVOID OutputBuffer, 02174 _In_ ULONG OutputBufferLength); 02175 02176 __kernel_entry 02177 NTSYSCALLAPI 02178 NTSTATUS 02179 NTAPI 02180 NtLockFile( 02181 _In_ HANDLE FileHandle, 02182 _In_opt_ HANDLE Event, 02183 _In_opt_ PIO_APC_ROUTINE ApcRoutine, 02184 _In_opt_ PVOID ApcContext, 02185 _Out_ PIO_STATUS_BLOCK IoStatusBlock, 02186 _In_ PLARGE_INTEGER ByteOffset, 02187 _In_ PLARGE_INTEGER Length, 02188 _In_ ULONG Key, 02189 _In_ BOOLEAN FailImmediately, 02190 _In_ BOOLEAN ExclusiveLock); 02191 02192 __kernel_entry 02193 NTSYSCALLAPI 02194 NTSTATUS 02195 NTAPI 02196 NtOpenFile( 02197 _Out_ PHANDLE FileHandle, 02198 _In_ ACCESS_MASK DesiredAccess, 02199 _In_ POBJECT_ATTRIBUTES ObjectAttributes, 02200 _Out_ PIO_STATUS_BLOCK IoStatusBlock, 02201 _In_ ULONG ShareAccess, 02202 _In_ ULONG OpenOptions); 02203 02204 __kernel_entry 02205 NTSYSCALLAPI 02206 NTSTATUS 02207 NTAPI 02208 NtQueryDirectoryFile( 02209 _In_ HANDLE FileHandle, 02210 _In_opt_ HANDLE Event, 02211 _In_opt_ PIO_APC_ROUTINE ApcRoutine, 02212 _In_opt_ PVOID ApcContext, 02213 _Out_ PIO_STATUS_BLOCK IoStatusBlock, 02214 _Out_writes_bytes_(Length) PVOID FileInformation, 02215 _In_ ULONG Length, 02216 _In_ FILE_INFORMATION_CLASS FileInformationClass, 02217 _In_ BOOLEAN ReturnSingleEntry, 02218 _In_opt_ PUNICODE_STRING FileName, 02219 _In_ BOOLEAN RestartScan); 02220 02221 __kernel_entry 02222 NTSYSCALLAPI 02223 NTSTATUS 02224 NTAPI 02225 NtQueryInformationFile( 02226 _In_ HANDLE FileHandle, 02227 _Out_ PIO_STATUS_BLOCK IoStatusBlock, 02228 _Out_writes_bytes_(Length) PVOID FileInformation, 02229 _In_ ULONG Length, 02230 _In_ FILE_INFORMATION_CLASS FileInformationClass); 02231 02232 __kernel_entry 02233 NTSYSCALLAPI 02234 NTSTATUS 02235 NTAPI 02236 NtQueryQuotaInformationFile( 02237 _In_ HANDLE FileHandle, 02238 _Out_ PIO_STATUS_BLOCK IoStatusBlock, 02239 _Out_writes_bytes_(Length) PVOID Buffer, 02240 _In_ ULONG Length, 02241 _In_ BOOLEAN ReturnSingleEntry, 02242 _In_reads_bytes_opt_(SidListLength) PVOID SidList, 02243 _In_ ULONG SidListLength, 02244 _In_reads_bytes_opt_((8 + (4 * ((SID *)StartSid)->SubAuthorityCount))) PSID StartSid, 02245 _In_ BOOLEAN RestartScan); 02246 02247 __kernel_entry 02248 NTSYSCALLAPI 02249 NTSTATUS 02250 NTAPI 02251 NtQueryVolumeInformationFile( 02252 _In_ HANDLE FileHandle, 02253 _Out_ PIO_STATUS_BLOCK IoStatusBlock, 02254 _Out_writes_bytes_(Length) PVOID FsInformation, 02255 _In_ ULONG Length, 02256 _In_ FS_INFORMATION_CLASS FsInformationClass); 02257 02258 __kernel_entry 02259 NTSYSCALLAPI 02260 NTSTATUS 02261 NTAPI 02262 NtReadFile( 02263 _In_ HANDLE FileHandle, 02264 _In_opt_ HANDLE Event, 02265 _In_opt_ PIO_APC_ROUTINE ApcRoutine, 02266 _In_opt_ PVOID ApcContext, 02267 _Out_ PIO_STATUS_BLOCK IoStatusBlock, 02268 _Out_writes_bytes_(Length) PVOID Buffer, 02269 _In_ ULONG Length, 02270 _In_opt_ PLARGE_INTEGER ByteOffset, 02271 _In_opt_ PULONG Key); 02272 02273 __kernel_entry 02274 NTSYSCALLAPI 02275 NTSTATUS 02276 NTAPI 02277 NtSetInformationFile( 02278 _In_ HANDLE FileHandle, 02279 _Out_ PIO_STATUS_BLOCK IoStatusBlock, 02280 _In_reads_bytes_(Length) PVOID FileInformation, 02281 _In_ ULONG Length, 02282 _In_ FILE_INFORMATION_CLASS FileInformationClass); 02283 02284 __kernel_entry 02285 NTSYSCALLAPI 02286 NTSTATUS 02287 NTAPI 02288 NtSetQuotaInformationFile( 02289 _In_ HANDLE FileHandle, 02290 _Out_ PIO_STATUS_BLOCK IoStatusBlock, 02291 _In_reads_bytes_(Length) PVOID Buffer, 02292 _In_ ULONG Length); 02293 02294 __kernel_entry 02295 NTSYSCALLAPI 02296 NTSTATUS 02297 NTAPI 02298 NtSetVolumeInformationFile( 02299 _In_ HANDLE FileHandle, 02300 _Out_ PIO_STATUS_BLOCK IoStatusBlock, 02301 _In_reads_bytes_(Length) PVOID FsInformation, 02302 _In_ ULONG Length, 02303 _In_ FS_INFORMATION_CLASS FsInformationClass); 02304 02305 __kernel_entry 02306 NTSYSCALLAPI 02307 NTSTATUS 02308 NTAPI 02309 NtWriteFile( 02310 _In_ HANDLE FileHandle, 02311 _In_opt_ HANDLE Event, 02312 _In_opt_ PIO_APC_ROUTINE ApcRoutine, 02313 _In_opt_ PVOID ApcContext, 02314 _Out_ PIO_STATUS_BLOCK IoStatusBlock, 02315 _In_reads_bytes_(Length) PVOID Buffer, 02316 _In_ ULONG Length, 02317 _In_opt_ PLARGE_INTEGER ByteOffset, 02318 _In_opt_ PULONG Key); 02319 02320 __kernel_entry 02321 NTSYSCALLAPI 02322 NTSTATUS 02323 NTAPI 02324 NtUnlockFile( 02325 _In_ HANDLE FileHandle, 02326 _Out_ PIO_STATUS_BLOCK IoStatusBlock, 02327 _In_ PLARGE_INTEGER ByteOffset, 02328 _In_ PLARGE_INTEGER Length, 02329 _In_ ULONG Key); 02330 02331 _IRQL_requires_max_(PASSIVE_LEVEL) 02332 __kernel_entry 02333 NTSYSCALLAPI 02334 NTSTATUS 02335 NTAPI 02336 NtSetSecurityObject( 02337 _In_ HANDLE Handle, 02338 _In_ SECURITY_INFORMATION SecurityInformation, 02339 _In_ PSECURITY_DESCRIPTOR SecurityDescriptor); 02340 02341 _IRQL_requires_max_(PASSIVE_LEVEL) 02342 __kernel_entry 02343 NTSYSCALLAPI 02344 NTSTATUS 02345 NTAPI 02346 NtQuerySecurityObject( 02347 _In_ HANDLE Handle, 02348 _In_ SECURITY_INFORMATION SecurityInformation, 02349 _Out_writes_bytes_opt_(Length) PSECURITY_DESCRIPTOR SecurityDescriptor, 02350 _In_ ULONG Length, 02351 _Out_ PULONG LengthNeeded); 02352 02353 _IRQL_requires_max_(PASSIVE_LEVEL) 02354 __kernel_entry 02355 NTSYSCALLAPI 02356 NTSTATUS 02357 NTAPI 02358 NtClose( 02359 _In_ HANDLE Handle); 02360 02361 _Must_inspect_result_ 02362 __drv_allocatesMem(Mem) 02363 __kernel_entry 02364 NTSYSCALLAPI 02365 NTSTATUS 02366 NTAPI 02367 NtAllocateVirtualMemory( 02368 _In_ HANDLE ProcessHandle, 02369 _Outptr_result_bytebuffer_(*RegionSize) PVOID *BaseAddress, 02370 _In_ ULONG_PTR ZeroBits, 02371 _Inout_ PSIZE_T RegionSize, 02372 _In_ ULONG AllocationType, 02373 _In_ ULONG Protect); 02374 02375 __kernel_entry 02376 NTSYSCALLAPI 02377 NTSTATUS 02378 NTAPI 02379 NtFreeVirtualMemory( 02380 _In_ HANDLE ProcessHandle, 02381 _Inout_ __drv_freesMem(Mem) PVOID *BaseAddress, 02382 _Inout_ PSIZE_T RegionSize, 02383 _In_ ULONG FreeType); 02384 02385 #endif 02386 02387 #if (NTDDI_VERSION >= NTDDI_WINXP) 02388 02389 _Must_inspect_result_ 02390 __kernel_entry 02391 NTSYSCALLAPI 02392 NTSTATUS 02393 NTAPI 02394 NtOpenThreadTokenEx( 02395 _In_ HANDLE ThreadHandle, 02396 _In_ ACCESS_MASK DesiredAccess, 02397 _In_ BOOLEAN OpenAsSelf, 02398 _In_ ULONG HandleAttributes, 02399 _Out_ PHANDLE TokenHandle); 02400 02401 _Must_inspect_result_ 02402 __kernel_entry 02403 NTSYSCALLAPI 02404 NTSTATUS 02405 NTAPI 02406 NtOpenProcessTokenEx( 02407 _In_ HANDLE ProcessHandle, 02408 _In_ ACCESS_MASK DesiredAccess, 02409 _In_ ULONG HandleAttributes, 02410 _Out_ PHANDLE TokenHandle); 02411 02412 _Must_inspect_result_ 02413 NTSYSAPI 02414 NTSTATUS 02415 NTAPI 02416 NtOpenJobObjectToken( 02417 _In_ HANDLE JobHandle, 02418 _In_ ACCESS_MASK DesiredAccess, 02419 _Out_ PHANDLE TokenHandle); 02420 02421 _Must_inspect_result_ 02422 __kernel_entry 02423 NTSYSCALLAPI 02424 NTSTATUS 02425 NTAPI 02426 NtDuplicateToken( 02427 _In_ HANDLE ExistingTokenHandle, 02428 _In_ ACCESS_MASK DesiredAccess, 02429 _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, 02430 _In_ BOOLEAN EffectiveOnly, 02431 _In_ TOKEN_TYPE TokenType, 02432 _Out_ PHANDLE NewTokenHandle); 02433 02434 _Must_inspect_result_ 02435 __kernel_entry 02436 NTSYSCALLAPI 02437 NTSTATUS 02438 NTAPI 02439 NtFilterToken( 02440 _In_ HANDLE ExistingTokenHandle, 02441 _In_ ULONG Flags, 02442 _In_opt_ PTOKEN_GROUPS SidsToDisable, 02443 _In_opt_ PTOKEN_PRIVILEGES PrivilegesToDelete, 02444 _In_opt_ PTOKEN_GROUPS RestrictedSids, 02445 _Out_ PHANDLE NewTokenHandle); 02446 02447 _Must_inspect_result_ 02448 __kernel_entry 02449 NTSYSCALLAPI 02450 NTSTATUS 02451 NTAPI 02452 NtImpersonateAnonymousToken( 02453 _In_ HANDLE ThreadHandle); 02454 02455 _Must_inspect_result_ 02456 __kernel_entry 02457 NTSYSCALLAPI 02458 NTSTATUS 02459 NTAPI 02460 NtSetInformationToken( 02461 _In_ HANDLE TokenHandle, 02462 _In_ TOKEN_INFORMATION_CLASS TokenInformationClass, 02463 _In_reads_bytes_(TokenInformationLength) PVOID TokenInformation, 02464 _In_ ULONG TokenInformationLength); 02465 02466 _Must_inspect_result_ 02467 __kernel_entry 02468 NTSYSCALLAPI 02469 NTSTATUS 02470 NTAPI 02471 NtAdjustGroupsToken( 02472 _In_ HANDLE TokenHandle, 02473 _In_ BOOLEAN ResetToDefault, 02474 _In_opt_ PTOKEN_GROUPS NewState, 02475 _In_opt_ ULONG BufferLength, 02476 _Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_GROUPS PreviousState, 02477 _Out_ PULONG ReturnLength); 02478 02479 _Must_inspect_result_ 02480 __kernel_entry 02481 NTSYSCALLAPI 02482 NTSTATUS 02483 NTAPI 02484 NtPrivilegeCheck( 02485 _In_ HANDLE ClientToken, 02486 _Inout_ PPRIVILEGE_SET RequiredPrivileges, 02487 _Out_ PBOOLEAN Result); 02488 02489 _Must_inspect_result_ 02490 __kernel_entry 02491 NTSYSCALLAPI 02492 NTSTATUS 02493 NTAPI 02494 NtAccessCheckAndAuditAlarm( 02495 _In_ PUNICODE_STRING SubsystemName, 02496 _In_opt_ PVOID HandleId, 02497 _In_ PUNICODE_STRING ObjectTypeName, 02498 _In_ PUNICODE_STRING ObjectName, 02499 _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, 02500 _In_ ACCESS_MASK DesiredAccess, 02501 _In_ PGENERIC_MAPPING GenericMapping, 02502 _In_ BOOLEAN ObjectCreation, 02503 _Out_ PACCESS_MASK GrantedAccess, 02504 _Out_ PNTSTATUS AccessStatus, 02505 _Out_ PBOOLEAN GenerateOnClose); 02506 02507 _Must_inspect_result_ 02508 __kernel_entry 02509 NTSYSCALLAPI 02510 NTSTATUS 02511 NTAPI 02512 NtAccessCheckByTypeAndAuditAlarm( 02513 _In_ PUNICODE_STRING SubsystemName, 02514 _In_opt_ PVOID HandleId, 02515 _In_ PUNICODE_STRING ObjectTypeName, 02516 _In_ PUNICODE_STRING ObjectName, 02517 _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, 02518 _In_opt_ PSID PrincipalSelfSid, 02519 _In_ ACCESS_MASK DesiredAccess, 02520 _In_ AUDIT_EVENT_TYPE AuditType, 02521 _In_ ULONG Flags, 02522 _In_reads_opt_(ObjectTypeLength) POBJECT_TYPE_LIST ObjectTypeList, 02523 _In_ ULONG ObjectTypeLength, 02524 _In_ PGENERIC_MAPPING GenericMapping, 02525 _In_ BOOLEAN ObjectCreation, 02526 _Out_ PACCESS_MASK GrantedAccess, 02527 _Out_ PNTSTATUS AccessStatus, 02528 _Out_ PBOOLEAN GenerateOnClose); 02529 02530 _Must_inspect_result_ 02531 __kernel_entry 02532 NTSYSCALLAPI 02533 NTSTATUS 02534 NTAPI 02535 NtAccessCheckByTypeResultListAndAuditAlarm( 02536 _In_ PUNICODE_STRING SubsystemName, 02537 _In_opt_ PVOID HandleId, 02538 _In_ PUNICODE_STRING ObjectTypeName, 02539 _In_ PUNICODE_STRING ObjectName, 02540 _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, 02541 _In_opt_ PSID PrincipalSelfSid, 02542 _In_ ACCESS_MASK DesiredAccess, 02543 _In_ AUDIT_EVENT_TYPE AuditType, 02544 _In_ ULONG Flags, 02545 _In_reads_opt_(ObjectTypeListLength) POBJECT_TYPE_LIST ObjectTypeList, 02546 _In_ ULONG ObjectTypeListLength, 02547 _In_ PGENERIC_MAPPING GenericMapping, 02548 _In_ BOOLEAN ObjectCreation, 02549 _Out_writes_(ObjectTypeListLength) PACCESS_MASK GrantedAccess, 02550 _Out_writes_(ObjectTypeListLength) PNTSTATUS AccessStatus, 02551 _Out_ PBOOLEAN GenerateOnClose); 02552 02553 _Must_inspect_result_ 02554 __kernel_entry 02555 NTSYSCALLAPI 02556 NTSTATUS 02557 NTAPI 02558 NtAccessCheckByTypeResultListAndAuditAlarmByHandle( 02559 _In_ PUNICODE_STRING SubsystemName, 02560 _In_opt_ PVOID HandleId, 02561 _In_ HANDLE ClientToken, 02562 _In_ PUNICODE_STRING ObjectTypeName, 02563 _In_ PUNICODE_STRING ObjectName, 02564 _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, 02565 _In_opt_ PSID PrincipalSelfSid, 02566 _In_ ACCESS_MASK DesiredAccess, 02567 _In_ AUDIT_EVENT_TYPE AuditType, 02568 _In_ ULONG Flags, 02569 _In_reads_opt_(ObjectTypeListLength) POBJECT_TYPE_LIST ObjectTypeList, 02570 _In_ ULONG ObjectTypeListLength, 02571 _In_ PGENERIC_MAPPING GenericMapping, 02572 _In_ BOOLEAN ObjectCreation, 02573 _Out_writes_(ObjectTypeListLength) PACCESS_MASK GrantedAccess, 02574 _Out_writes_(ObjectTypeListLength) PNTSTATUS AccessStatus, 02575 _Out_ PBOOLEAN GenerateOnClose); 02576 02577 __kernel_entry 02578 NTSYSCALLAPI 02579 NTSTATUS 02580 NTAPI 02581 NtOpenObjectAuditAlarm( 02582 _In_ PUNICODE_STRING SubsystemName, 02583 _In_opt_ PVOID HandleId, 02584 _In_ PUNICODE_STRING ObjectTypeName, 02585 _In_ PUNICODE_STRING ObjectName, 02586 _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor, 02587 _In_ HANDLE ClientToken, 02588 _In_ ACCESS_MASK DesiredAccess, 02589 _In_ ACCESS_MASK GrantedAccess, 02590 _In_opt_ PPRIVILEGE_SET Privileges, 02591 _In_ BOOLEAN ObjectCreation, 02592 _In_ BOOLEAN AccessGranted, 02593 _Out_ PBOOLEAN GenerateOnClose); 02594 02595 __kernel_entry 02596 NTSYSCALLAPI 02597 NTSTATUS 02598 NTAPI 02599 NtPrivilegeObjectAuditAlarm( 02600 _In_ PUNICODE_STRING SubsystemName, 02601 _In_opt_ PVOID HandleId, 02602 _In_ HANDLE ClientToken, 02603 _In_ ACCESS_MASK DesiredAccess, 02604 _In_ PPRIVILEGE_SET Privileges, 02605 _In_ BOOLEAN AccessGranted); 02606 02607 __kernel_entry 02608 NTSYSCALLAPI 02609 NTSTATUS 02610 NTAPI 02611 NtCloseObjectAuditAlarm( 02612 _In_ PUNICODE_STRING SubsystemName, 02613 _In_opt_ PVOID HandleId, 02614 _In_ BOOLEAN GenerateOnClose); 02615 02616 __kernel_entry 02617 NTSYSCALLAPI 02618 NTSTATUS 02619 NTAPI 02620 NtDeleteObjectAuditAlarm( 02621 _In_ PUNICODE_STRING SubsystemName, 02622 _In_opt_ PVOID HandleId, 02623 _In_ BOOLEAN GenerateOnClose); 02624 02625 __kernel_entry 02626 NTSYSCALLAPI 02627 NTSTATUS 02628 NTAPI 02629 NtPrivilegedServiceAuditAlarm( 02630 _In_ PUNICODE_STRING SubsystemName, 02631 _In_ PUNICODE_STRING ServiceName, 02632 _In_ HANDLE ClientToken, 02633 _In_ PPRIVILEGE_SET Privileges, 02634 _In_ BOOLEAN AccessGranted); 02635 02636 __kernel_entry 02637 NTSYSCALLAPI 02638 NTSTATUS 02639 NTAPI 02640 NtSetInformationThread( 02641 _In_ HANDLE ThreadHandle, 02642 _In_ THREADINFOCLASS ThreadInformationClass, 02643 _In_reads_bytes_(ThreadInformationLength) PVOID ThreadInformation, 02644 _In_ ULONG ThreadInformationLength); 02645 02646 _Must_inspect_result_ 02647 __kernel_entry 02648 NTSYSCALLAPI 02649 NTSTATUS 02650 NTAPI 02651 NtCreateSection( 02652 _Out_ PHANDLE SectionHandle, 02653 _In_ ACCESS_MASK DesiredAccess, 02654 _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, 02655 _In_opt_ PLARGE_INTEGER MaximumSize, 02656 _In_ ULONG SectionPageProtection, 02657 _In_ ULONG AllocationAttributes, 02658 _In_opt_ HANDLE FileHandle); 02659 02660 #endif 02661 02662 #define COMPRESSION_FORMAT_NONE (0x0000) 02663 #define COMPRESSION_FORMAT_DEFAULT (0x0001) 02664 #define COMPRESSION_FORMAT_LZNT1 (0x0002) 02665 #define COMPRESSION_ENGINE_STANDARD (0x0000) 02666 #define COMPRESSION_ENGINE_MAXIMUM (0x0100) 02667 #define COMPRESSION_ENGINE_HIBER (0x0200) 02668 02669 #define MAX_UNICODE_STACK_BUFFER_LENGTH 256 02670 02671 #define METHOD_FROM_CTL_CODE(ctrlCode) ((ULONG)(ctrlCode & 3)) 02672 02673 #define METHOD_DIRECT_TO_HARDWARE METHOD_IN_DIRECT 02674 #define METHOD_DIRECT_FROM_HARDWARE METHOD_OUT_DIRECT 02675 02676 typedef ULONG LSA_OPERATIONAL_MODE, *PLSA_OPERATIONAL_MODE; 02677 02678 typedef enum _SECURITY_LOGON_TYPE { 02679 UndefinedLogonType = 0, 02680 Interactive = 2, 02681 Network, 02682 Batch, 02683 Service, 02684 Proxy, 02685 Unlock, 02686 NetworkCleartext, 02687 NewCredentials, 02688 #if (_WIN32_WINNT >= 0x0501) 02689 RemoteInteractive, 02690 CachedInteractive, 02691 #endif 02692 #if (_WIN32_WINNT >= 0x0502) 02693 CachedRemoteInteractive, 02694 CachedUnlock 02695 #endif 02696 } SECURITY_LOGON_TYPE, *PSECURITY_LOGON_TYPE; 02697 02698 #ifndef _NTLSA_AUDIT_ 02699 #define _NTLSA_AUDIT_ 02700 02701 #ifndef GUID_DEFINED 02702 #include <guiddef.h> 02703 #endif 02704 02705 #endif /* _NTLSA_AUDIT_ */ 02706 02707 _IRQL_requires_same_ 02708 _IRQL_requires_max_(PASSIVE_LEVEL) 02709 NTSTATUS 02710 NTAPI 02711 LsaRegisterLogonProcess( 02712 _In_ PLSA_STRING LogonProcessName, 02713 _Out_ PHANDLE LsaHandle, 02714 _Out_ PLSA_OPERATIONAL_MODE SecurityMode); 02715 02716 _IRQL_requires_same_ 02717 _IRQL_requires_max_(PASSIVE_LEVEL) 02718 NTSTATUS 02719 NTAPI 02720 LsaLogonUser( 02721 _In_ HANDLE LsaHandle, 02722 _In_ PLSA_STRING OriginName, 02723 _In_ SECURITY_LOGON_TYPE LogonType, 02724 _In_ ULONG AuthenticationPackage, 02725 _In_reads_bytes_(AuthenticationInformationLength) PVOID AuthenticationInformation, 02726 _In_ ULONG AuthenticationInformationLength, 02727 _In_opt_ PTOKEN_GROUPS LocalGroups, 02728 _In_ PTOKEN_SOURCE SourceContext, 02729 _Out_ PVOID *ProfileBuffer, 02730 _Out_ PULONG ProfileBufferLength, 02731 _Inout_ PLUID LogonId, 02732 _Out_ PHANDLE Token, 02733 _Out_ PQUOTA_LIMITS Quotas, 02734 _Out_ PNTSTATUS SubStatus); 02735 02736 _IRQL_requires_same_ 02737 NTSTATUS 02738 NTAPI 02739 LsaFreeReturnBuffer( 02740 _In_ PVOID Buffer); 02741 02742 #ifndef _NTLSA_IFS_ 02743 #define _NTLSA_IFS_ 02744 #endif 02745 02746 #define MSV1_0_PACKAGE_NAME "MICROSOFT_AUTHENTICATION_PACKAGE_V1_0" 02747 #define MSV1_0_PACKAGE_NAMEW L"MICROSOFT_AUTHENTICATION_PACKAGE_V1_0" 02748 #define MSV1_0_PACKAGE_NAMEW_LENGTH sizeof(MSV1_0_PACKAGE_NAMEW) - sizeof(WCHAR) 02749 02750 #define MSV1_0_SUBAUTHENTICATION_KEY "SYSTEM\\CurrentControlSet\\Control\\Lsa\\MSV1_0" 02751 #define MSV1_0_SUBAUTHENTICATION_VALUE "Auth" 02752 02753 #define MSV1_0_CHALLENGE_LENGTH 8 02754 #define MSV1_0_USER_SESSION_KEY_LENGTH 16 02755 #define MSV1_0_LANMAN_SESSION_KEY_LENGTH 8 02756 02757 #define MSV1_0_CLEARTEXT_PASSWORD_ALLOWED 0x02 02758 #define MSV1_0_UPDATE_LOGON_STATISTICS 0x04 02759 #define MSV1_0_RETURN_USER_PARAMETERS 0x08 02760 #define MSV1_0_DONT_TRY_GUEST_ACCOUNT 0x10 02761 #define MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT 0x20 02762 #define MSV1_0_RETURN_PASSWORD_EXPIRY 0x40 02763 #define MSV1_0_USE_CLIENT_CHALLENGE 0x80 02764 #define MSV1_0_TRY_GUEST_ACCOUNT_ONLY 0x100 02765 #define MSV1_0_RETURN_PROFILE_PATH 0x200 02766 #define MSV1_0_TRY_SPECIFIED_DOMAIN_ONLY 0x400 02767 #define MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT 0x800 02768 02769 #define MSV1_0_DISABLE_PERSONAL_FALLBACK 0x00001000 02770 #define MSV1_0_ALLOW_FORCE_GUEST 0x00002000 02771 02772 #if (_WIN32_WINNT >= 0x0502) 02773 #define MSV1_0_CLEARTEXT_PASSWORD_SUPPLIED 0x00004000 02774 #define MSV1_0_USE_DOMAIN_FOR_ROUTING_ONLY 0x00008000 02775 #endif 02776 02777 #define MSV1_0_SUBAUTHENTICATION_DLL_EX 0x00100000 02778 #define MSV1_0_ALLOW_MSVCHAPV2 0x00010000 02779 02780 #if (_WIN32_WINNT >= 0x0600) 02781 #define MSV1_0_S4U2SELF 0x00020000 02782 #define MSV1_0_CHECK_LOGONHOURS_FOR_S4U 0x00040000 02783 #endif 02784 02785 #define MSV1_0_SUBAUTHENTICATION_DLL 0xFF000000 02786 #define MSV1_0_SUBAUTHENTICATION_DLL_SHIFT 24 02787 #define MSV1_0_MNS_LOGON 0x01000000 02788 02789 #define MSV1_0_SUBAUTHENTICATION_DLL_RAS 2 02790 #define MSV1_0_SUBAUTHENTICATION_DLL_IIS 132 02791 02792 #define LOGON_GUEST 0x01 02793 #define LOGON_NOENCRYPTION 0x02 02794 #define LOGON_CACHED_ACCOUNT 0x04 02795 #define LOGON_USED_LM_PASSWORD 0x08 02796 #define LOGON_EXTRA_SIDS 0x20 02797 #define LOGON_SUBAUTH_SESSION_KEY 0x40 02798 #define LOGON_SERVER_TRUST_ACCOUNT 0x80 02799 #define LOGON_NTLMV2_ENABLED 0x100 02800 #define LOGON_RESOURCE_GROUPS 0x200 02801 #define LOGON_PROFILE_PATH_RETURNED 0x400 02802 #define LOGON_NT_V2 0x800 02803 #define LOGON_LM_V2 0x1000 02804 #define LOGON_NTLM_V2 0x2000 02805 02806 #if (_WIN32_WINNT >= 0x0600) 02807 02808 #define LOGON_OPTIMIZED 0x4000 02809 #define LOGON_WINLOGON 0x8000 02810 #define LOGON_PKINIT 0x10000 02811 #define LOGON_NO_OPTIMIZED 0x20000 02812 02813 #endif 02814 02815 #define MSV1_0_SUBAUTHENTICATION_FLAGS 0xFF000000 02816 02817 #define LOGON_GRACE_LOGON 0x01000000 02818 02819 #define MSV1_0_OWF_PASSWORD_LENGTH 16 02820 #define MSV1_0_CRED_LM_PRESENT 0x1 02821 #define MSV1_0_CRED_NT_PRESENT 0x2 02822 #define MSV1_0_CRED_VERSION 0 02823 02824 #define MSV1_0_NTLM3_RESPONSE_LENGTH 16 02825 #define MSV1_0_NTLM3_OWF_LENGTH 16 02826 02827 #if (_WIN32_WINNT == 0x0500) 02828 #define MSV1_0_MAX_NTLM3_LIFE 1800 02829 #else 02830 #define MSV1_0_MAX_NTLM3_LIFE 129600 02831 #endif 02832 #define MSV1_0_MAX_AVL_SIZE 64000 02833 02834 #if (_WIN32_WINNT >= 0x0501) 02835 02836 #define MSV1_0_AV_FLAG_FORCE_GUEST 0x00000001 02837 02838 #if (_WIN32_WINNT >= 0x0600) 02839 #define MSV1_0_AV_FLAG_MIC_HANDSHAKE_MESSAGES 0x00000002 02840 #endif 02841 02842 #endif 02843 02844 #define MSV1_0_NTLM3_INPUT_LENGTH (sizeof(MSV1_0_NTLM3_RESPONSE) - MSV1_0_NTLM3_RESPONSE_LENGTH) 02845 02846 #if(_WIN32_WINNT >= 0x0502) 02847 #define MSV1_0_NTLM3_MIN_NT_RESPONSE_LENGTH RTL_SIZEOF_THROUGH_FIELD(MSV1_0_NTLM3_RESPONSE, AvPairsOff) 02848 #endif 02849 02850 #define USE_PRIMARY_PASSWORD 0x01 02851 #define RETURN_PRIMARY_USERNAME 0x02 02852 #define RETURN_PRIMARY_LOGON_DOMAINNAME 0x04 02853 #define RETURN_NON_NT_USER_SESSION_KEY 0x08 02854 #define GENERATE_CLIENT_CHALLENGE 0x10 02855 #define GCR_NTLM3_PARMS 0x20 02856 #define GCR_TARGET_INFO 0x40 02857 #define RETURN_RESERVED_PARAMETER 0x80 02858 #define GCR_ALLOW_NTLM 0x100 02859 #define GCR_USE_OEM_SET 0x200 02860 #define GCR_MACHINE_CREDENTIAL 0x400 02861 #define GCR_USE_OWF_PASSWORD 0x800 02862 #define GCR_ALLOW_LM 0x1000 02863 #define GCR_ALLOW_NO_TARGET 0x2000 02864 02865 typedef enum _MSV1_0_LOGON_SUBMIT_TYPE { 02866 MsV1_0InteractiveLogon = 2, 02867 MsV1_0Lm20Logon, 02868 MsV1_0NetworkLogon, 02869 MsV1_0SubAuthLogon, 02870 MsV1_0WorkstationUnlockLogon = 7, 02871 MsV1_0S4ULogon = 12, 02872 MsV1_0VirtualLogon = 82 02873 } MSV1_0_LOGON_SUBMIT_TYPE, *PMSV1_0_LOGON_SUBMIT_TYPE; 02874 02875 typedef enum _MSV1_0_PROFILE_BUFFER_TYPE { 02876 MsV1_0InteractiveProfile = 2, 02877 MsV1_0Lm20LogonProfile, 02878 MsV1_0SmartCardProfile 02879 } MSV1_0_PROFILE_BUFFER_TYPE, *PMSV1_0_PROFILE_BUFFER_TYPE; 02880 02881 typedef struct _MSV1_0_INTERACTIVE_LOGON { 02882 MSV1_0_LOGON_SUBMIT_TYPE MessageType; 02883 UNICODE_STRING LogonDomainName; 02884 UNICODE_STRING UserName; 02885 UNICODE_STRING Password; 02886 } MSV1_0_INTERACTIVE_LOGON, *PMSV1_0_INTERACTIVE_LOGON; 02887 02888 typedef struct _MSV1_0_INTERACTIVE_PROFILE { 02889 MSV1_0_PROFILE_BUFFER_TYPE MessageType; 02890 USHORT LogonCount; 02891 USHORT BadPasswordCount; 02892 LARGE_INTEGER LogonTime; 02893 LARGE_INTEGER LogoffTime; 02894 LARGE_INTEGER KickOffTime; 02895 LARGE_INTEGER PasswordLastSet; 02896 LARGE_INTEGER PasswordCanChange; 02897 LARGE_INTEGER PasswordMustChange; 02898 UNICODE_STRING LogonScript; 02899 UNICODE_STRING HomeDirectory; 02900 UNICODE_STRING FullName; 02901 UNICODE_STRING ProfilePath; 02902 UNICODE_STRING HomeDirectoryDrive; 02903 UNICODE_STRING LogonServer; 02904 ULONG UserFlags; 02905 } MSV1_0_INTERACTIVE_PROFILE, *PMSV1_0_INTERACTIVE_PROFILE; 02906 02907 typedef struct _MSV1_0_LM20_LOGON { 02908 MSV1_0_LOGON_SUBMIT_TYPE MessageType; 02909 UNICODE_STRING LogonDomainName; 02910 UNICODE_STRING UserName; 02911 UNICODE_STRING Workstation; 02912 UCHAR ChallengeToClient[MSV1_0_CHALLENGE_LENGTH]; 02913 STRING CaseSensitiveChallengeResponse; 02914 STRING CaseInsensitiveChallengeResponse; 02915 ULONG ParameterControl; 02916 } MSV1_0_LM20_LOGON, * PMSV1_0_LM20_LOGON; 02917 02918 typedef struct _MSV1_0_SUBAUTH_LOGON { 02919 MSV1_0_LOGON_SUBMIT_TYPE MessageType; 02920 UNICODE_STRING LogonDomainName; 02921 UNICODE_STRING UserName; 02922 UNICODE_STRING Workstation; 02923 UCHAR ChallengeToClient[MSV1_0_CHALLENGE_LENGTH]; 02924 STRING AuthenticationInfo1; 02925 STRING AuthenticationInfo2; 02926 ULONG ParameterControl; 02927 ULONG SubAuthPackageId; 02928 } MSV1_0_SUBAUTH_LOGON, * PMSV1_0_SUBAUTH_LOGON; 02929 02930 #if (_WIN32_WINNT >= 0x0600) 02931 02932 #define MSV1_0_S4U_LOGON_FLAG_CHECK_LOGONHOURS 0x2 02933 02934 typedef struct _MSV1_0_S4U_LOGON { 02935 MSV1_0_LOGON_SUBMIT_TYPE MessageType; 02936 ULONG Flags; 02937 UNICODE_STRING UserPrincipalName; 02938 UNICODE_STRING DomainName; 02939 } MSV1_0_S4U_LOGON, *PMSV1_0_S4U_LOGON; 02940 02941 #endif 02942 02943 typedef struct _MSV1_0_LM20_LOGON_PROFILE { 02944 MSV1_0_PROFILE_BUFFER_TYPE MessageType; 02945 LARGE_INTEGER KickOffTime; 02946 LARGE_INTEGER LogoffTime; 02947 ULONG UserFlags; 02948 UCHAR UserSessionKey[MSV1_0_USER_SESSION_KEY_LENGTH]; 02949 UNICODE_STRING LogonDomainName; 02950 UCHAR LanmanSessionKey[MSV1_0_LANMAN_SESSION_KEY_LENGTH]; 02951 UNICODE_STRING LogonServer; 02952 UNICODE_STRING UserParameters; 02953 } MSV1_0_LM20_LOGON_PROFILE, * PMSV1_0_LM20_LOGON_PROFILE; 02954 02955 typedef struct _MSV1_0_SUPPLEMENTAL_CREDENTIAL { 02956 ULONG Version; 02957 ULONG Flags; 02958 UCHAR LmPassword[MSV1_0_OWF_PASSWORD_LENGTH]; 02959 UCHAR NtPassword[MSV1_0_OWF_PASSWORD_LENGTH]; 02960 } MSV1_0_SUPPLEMENTAL_CREDENTIAL, *PMSV1_0_SUPPLEMENTAL_CREDENTIAL; 02961 02962 typedef struct _MSV1_0_NTLM3_RESPONSE { 02963 UCHAR Response[MSV1_0_NTLM3_RESPONSE_LENGTH]; 02964 UCHAR RespType; 02965 UCHAR HiRespType; 02966 USHORT Flags; 02967 ULONG MsgWord; 02968 ULONGLONG TimeStamp; 02969 UCHAR ChallengeFromClient[MSV1_0_CHALLENGE_LENGTH]; 02970 ULONG AvPairsOff; 02971 UCHAR Buffer[1]; 02972 } MSV1_0_NTLM3_RESPONSE, *PMSV1_0_NTLM3_RESPONSE; 02973 02974 typedef enum _MSV1_0_AVID { 02975 MsvAvEOL, 02976 MsvAvNbComputerName, 02977 MsvAvNbDomainName, 02978 MsvAvDnsComputerName, 02979 MsvAvDnsDomainName, 02980 #if (_WIN32_WINNT >= 0x0501) 02981 MsvAvDnsTreeName, 02982 MsvAvFlags, 02983 #if (_WIN32_WINNT >= 0x0600) 02984 MsvAvTimestamp, 02985 MsvAvRestrictions, 02986 MsvAvTargetName, 02987 MsvAvChannelBindings, 02988 #endif 02989 #endif 02990 } MSV1_0_AVID; 02991 02992 typedef struct _MSV1_0_AV_PAIR { 02993 USHORT AvId; 02994 USHORT AvLen; 02995 } MSV1_0_AV_PAIR, *PMSV1_0_AV_PAIR; 02996 02997 typedef enum _MSV1_0_PROTOCOL_MESSAGE_TYPE { 02998 MsV1_0Lm20ChallengeRequest = 0, 02999 MsV1_0Lm20GetChallengeResponse, 03000 MsV1_0EnumerateUsers, 03001 MsV1_0GetUserInfo, 03002 MsV1_0ReLogonUsers, 03003 MsV1_0ChangePassword, 03004 MsV1_0ChangeCachedPassword, 03005 MsV1_0GenericPassthrough, 03006 MsV1_0CacheLogon, 03007 MsV1_0SubAuth, 03008 MsV1_0DeriveCredential, 03009 MsV1_0CacheLookup, 03010 #if (_WIN32_WINNT >= 0x0501) 03011 MsV1_0SetProcessOption, 03012 #endif 03013 #if (_WIN32_WINNT >= 0x0600) 03014 MsV1_0ConfigLocalAliases, 03015 MsV1_0ClearCachedCredentials, 03016 #endif 03017 } MSV1_0_PROTOCOL_MESSAGE_TYPE, *PMSV1_0_PROTOCOL_MESSAGE_TYPE; 03018 03019 typedef struct _MSV1_0_LM20_CHALLENGE_REQUEST { 03020 MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType; 03021 } MSV1_0_LM20_CHALLENGE_REQUEST, *PMSV1_0_LM20_CHALLENGE_REQUEST; 03022 03023 typedef struct _MSV1_0_LM20_CHALLENGE_RESPONSE { 03024 MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType; 03025 UCHAR ChallengeToClient[MSV1_0_CHALLENGE_LENGTH]; 03026 } MSV1_0_LM20_CHALLENGE_RESPONSE, *PMSV1_0_LM20_CHALLENGE_RESPONSE; 03027 03028 typedef struct _MSV1_0_GETCHALLENRESP_REQUEST_V1 { 03029 MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType; 03030 ULONG ParameterControl; 03031 LUID LogonId; 03032 UNICODE_STRING Password; 03033 UCHAR ChallengeToClient[MSV1_0_CHALLENGE_LENGTH]; 03034 } MSV1_0_GETCHALLENRESP_REQUEST_V1, *PMSV1_0_GETCHALLENRESP_REQUEST_V1; 03035 03036 typedef struct _MSV1_0_GETCHALLENRESP_REQUEST { 03037 MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType; 03038 ULONG ParameterControl; 03039 LUID LogonId; 03040 UNICODE_STRING Password; 03041 UCHAR ChallengeToClient[MSV1_0_CHALLENGE_LENGTH]; 03042 UNICODE_STRING UserName; 03043 UNICODE_STRING LogonDomainName; 03044 UNICODE_STRING ServerName; 03045 } MSV1_0_GETCHALLENRESP_REQUEST, *PMSV1_0_GETCHALLENRESP_REQUEST; 03046 03047 typedef struct _MSV1_0_GETCHALLENRESP_RESPONSE { 03048 MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType; 03049 STRING CaseSensitiveChallengeResponse; 03050 STRING CaseInsensitiveChallengeResponse; 03051 UNICODE_STRING UserName; 03052 UNICODE_STRING LogonDomainName; 03053 UCHAR UserSessionKey[MSV1_0_USER_SESSION_KEY_LENGTH]; 03054 UCHAR LanmanSessionKey[MSV1_0_LANMAN_SESSION_KEY_LENGTH]; 03055 } MSV1_0_GETCHALLENRESP_RESPONSE, *PMSV1_0_GETCHALLENRESP_RESPONSE; 03056 03057 typedef struct _MSV1_0_ENUMUSERS_REQUEST { 03058 MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType; 03059 } MSV1_0_ENUMUSERS_REQUEST, *PMSV1_0_ENUMUSERS_REQUEST; 03060 03061 typedef struct _MSV1_0_ENUMUSERS_RESPONSE { 03062 MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType; 03063 ULONG NumberOfLoggedOnUsers; 03064 PLUID LogonIds; 03065 PULONG EnumHandles; 03066 } MSV1_0_ENUMUSERS_RESPONSE, *PMSV1_0_ENUMUSERS_RESPONSE; 03067 03068 typedef struct _MSV1_0_GETUSERINFO_REQUEST { 03069 MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType; 03070 LUID LogonId; 03071 } MSV1_0_GETUSERINFO_REQUEST, *PMSV1_0_GETUSERINFO_REQUEST; 03072 03073 typedef struct _MSV1_0_GETUSERINFO_RESPONSE { 03074 MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType; 03075 PSID UserSid; 03076 UNICODE_STRING UserName; 03077 UNICODE_STRING LogonDomainName; 03078 UNICODE_STRING LogonServer; 03079 SECURITY_LOGON_TYPE LogonType; 03080 } MSV1_0_GETUSERINFO_RESPONSE, *PMSV1_0_GETUSERINFO_RESPONSE; 03081 03082 03083 03084 #define FILE_OPLOCK_BROKEN_TO_LEVEL_2 0x00000007 03085 #define FILE_OPLOCK_BROKEN_TO_NONE 0x00000008 03086 #define FILE_OPBATCH_BREAK_UNDERWAY 0x00000009 03087 03088 /* also in winnt.h */ 03089 #define FILE_NOTIFY_CHANGE_FILE_NAME 0x00000001 03090 #define FILE_NOTIFY_CHANGE_DIR_NAME 0x00000002 03091 #define FILE_NOTIFY_CHANGE_NAME 0x00000003 03092 #define FILE_NOTIFY_CHANGE_ATTRIBUTES 0x00000004 03093 #define FILE_NOTIFY_CHANGE_SIZE 0x00000008 03094 #define FILE_NOTIFY_CHANGE_LAST_WRITE 0x00000010 03095 #define FILE_NOTIFY_CHANGE_LAST_ACCESS 0x00000020 03096 #define FILE_NOTIFY_CHANGE_CREATION 0x00000040 03097 #define FILE_NOTIFY_CHANGE_EA 0x00000080 03098 #define FILE_NOTIFY_CHANGE_SECURITY 0x00000100 03099 #define FILE_NOTIFY_CHANGE_STREAM_NAME 0x00000200 03100 #define FILE_NOTIFY_CHANGE_STREAM_SIZE 0x00000400 03101 #define FILE_NOTIFY_CHANGE_STREAM_WRITE 0x00000800 03102 #define FILE_NOTIFY_VALID_MASK 0x00000fff 03103 03104 #define FILE_ACTION_ADDED 0x00000001 03105 #define FILE_ACTION_REMOVED 0x00000002 03106 #define FILE_ACTION_MODIFIED 0x00000003 03107 #define FILE_ACTION_RENAMED_OLD_NAME 0x00000004 03108 #define FILE_ACTION_RENAMED_NEW_NAME 0x00000005 03109 #define FILE_ACTION_ADDED_STREAM 0x00000006 03110 #define FILE_ACTION_REMOVED_STREAM 0x00000007 03111 #define FILE_ACTION_MODIFIED_STREAM 0x00000008 03112 #define FILE_ACTION_REMOVED_BY_DELETE 0x00000009 03113 #define FILE_ACTION_ID_NOT_TUNNELLED 0x0000000A 03114 #define FILE_ACTION_TUNNELLED_ID_COLLISION 0x0000000B 03115 /* end winnt.h */ 03116 03117 #define FILE_PIPE_BYTE_STREAM_TYPE 0x00000000 03118 #define FILE_PIPE_MESSAGE_TYPE 0x00000001 03119 03120 #define FILE_PIPE_ACCEPT_REMOTE_CLIENTS 0x00000000 03121 #define FILE_PIPE_REJECT_REMOTE_CLIENTS 0x00000002 03122 03123 #define FILE_PIPE_ACCEPT_REMOTE_CLIENTS 0x00000000 03124 #define FILE_PIPE_REJECT_REMOTE_CLIENTS 0x00000002 03125 #define FILE_PIPE_TYPE_VALID_MASK 0x00000003 03126 03127 #define FILE_PIPE_BYTE_STREAM_MODE 0x00000000 03128 #define FILE_PIPE_MESSAGE_MODE 0x00000001 03129 03130 #define FILE_PIPE_QUEUE_OPERATION 0x00000000 03131 #define FILE_PIPE_COMPLETE_OPERATION 0x00000001 03132 03133 #define FILE_PIPE_INBOUND 0x00000000 03134 #define FILE_PIPE_OUTBOUND 0x00000001 03135 #define FILE_PIPE_FULL_DUPLEX 0x00000002 03136 03137 #define FILE_PIPE_DISCONNECTED_STATE 0x00000001 03138 #define FILE_PIPE_LISTENING_STATE 0x00000002 03139 #define FILE_PIPE_CONNECTED_STATE 0x00000003 03140 #define FILE_PIPE_CLOSING_STATE 0x00000004 03141 03142 #define FILE_PIPE_CLIENT_END 0x00000000 03143 #define FILE_PIPE_SERVER_END 0x00000001 03144 03145 #define FILE_CASE_SENSITIVE_SEARCH 0x00000001 03146 #define FILE_CASE_PRESERVED_NAMES 0x00000002 03147 #define FILE_UNICODE_ON_DISK 0x00000004 03148 #define FILE_PERSISTENT_ACLS 0x00000008 03149 #define FILE_FILE_COMPRESSION 0x00000010 03150 #define FILE_VOLUME_QUOTAS 0x00000020 03151 #define FILE_SUPPORTS_SPARSE_FILES 0x00000040 03152 #define FILE_SUPPORTS_REPARSE_POINTS 0x00000080 03153 #define FILE_SUPPORTS_REMOTE_STORAGE 0x00000100 03154 #define FILE_VOLUME_IS_COMPRESSED 0x00008000 03155 #define FILE_SUPPORTS_OBJECT_IDS 0x00010000 03156 #define FILE_SUPPORTS_ENCRYPTION 0x00020000 03157 #define FILE_NAMED_STREAMS 0x00040000 03158 #define FILE_READ_ONLY_VOLUME 0x00080000 03159 #define FILE_SEQUENTIAL_WRITE_ONCE 0x00100000 03160 #define FILE_SUPPORTS_TRANSACTIONS 0x00200000 03161 #define FILE_SUPPORTS_HARD_LINKS 0x00400000 03162 #define FILE_SUPPORTS_EXTENDED_ATTRIBUTES 0x00800000 03163 #define FILE_SUPPORTS_OPEN_BY_FILE_ID 0x01000000 03164 #define FILE_SUPPORTS_USN_JOURNAL 0x02000000 03165 03166 #define FILE_NEED_EA 0x00000080 03167 03168 #define FILE_EA_TYPE_BINARY 0xfffe 03169 #define FILE_EA_TYPE_ASCII 0xfffd 03170 #define FILE_EA_TYPE_BITMAP 0xfffb 03171 #define FILE_EA_TYPE_METAFILE 0xfffa 03172 #define FILE_EA_TYPE_ICON 0xfff9 03173 #define FILE_EA_TYPE_EA 0xffee 03174 #define FILE_EA_TYPE_MVMT 0xffdf 03175 #define FILE_EA_TYPE_MVST 0xffde 03176 #define FILE_EA_TYPE_ASN1 0xffdd 03177 #define FILE_EA_TYPE_FAMILY_IDS 0xff01 03178 03179 typedef struct _FILE_NOTIFY_INFORMATION { 03180 ULONG NextEntryOffset; 03181 ULONG Action; 03182 ULONG FileNameLength; 03183 WCHAR FileName[1]; 03184 } FILE_NOTIFY_INFORMATION, *PFILE_NOTIFY_INFORMATION; 03185 03186 typedef struct _FILE_DIRECTORY_INFORMATION { 03187 ULONG NextEntryOffset; 03188 ULONG FileIndex; 03189 LARGE_INTEGER CreationTime; 03190 LARGE_INTEGER LastAccessTime; 03191 LARGE_INTEGER LastWriteTime; 03192 LARGE_INTEGER ChangeTime; 03193 LARGE_INTEGER EndOfFile; 03194 LARGE_INTEGER AllocationSize; 03195 ULONG FileAttributes; 03196 ULONG FileNameLength; 03197 WCHAR FileName[1]; 03198 } FILE_DIRECTORY_INFORMATION, *PFILE_DIRECTORY_INFORMATION; 03199 03200 typedef struct _FILE_FULL_DIR_INFORMATION { 03201 ULONG NextEntryOffset; 03202 ULONG FileIndex; 03203 LARGE_INTEGER CreationTime; 03204 LARGE_INTEGER LastAccessTime; 03205 LARGE_INTEGER LastWriteTime; 03206 LARGE_INTEGER ChangeTime; 03207 LARGE_INTEGER EndOfFile; 03208 LARGE_INTEGER AllocationSize; 03209 ULONG FileAttributes; 03210 ULONG FileNameLength; 03211 ULONG EaSize; 03212 WCHAR FileName[1]; 03213 } FILE_FULL_DIR_INFORMATION, *PFILE_FULL_DIR_INFORMATION; 03214 03215 typedef struct _FILE_ID_FULL_DIR_INFORMATION { 03216 ULONG NextEntryOffset; 03217 ULONG FileIndex; 03218 LARGE_INTEGER CreationTime; 03219 LARGE_INTEGER LastAccessTime; 03220 LARGE_INTEGER LastWriteTime; 03221 LARGE_INTEGER ChangeTime; 03222 LARGE_INTEGER EndOfFile; 03223 LARGE_INTEGER AllocationSize; 03224 ULONG FileAttributes; 03225 ULONG FileNameLength; 03226 ULONG EaSize; 03227 LARGE_INTEGER FileId; 03228 WCHAR FileName[1]; 03229 } FILE_ID_FULL_DIR_INFORMATION, *PFILE_ID_FULL_DIR_INFORMATION; 03230 03231 typedef struct _FILE_BOTH_DIR_INFORMATION { 03232 ULONG NextEntryOffset; 03233 ULONG FileIndex; 03234 LARGE_INTEGER CreationTime; 03235 LARGE_INTEGER LastAccessTime; 03236 LARGE_INTEGER LastWriteTime; 03237 LARGE_INTEGER ChangeTime; 03238 LARGE_INTEGER EndOfFile; 03239 LARGE_INTEGER AllocationSize; 03240 ULONG FileAttributes; 03241 ULONG FileNameLength; 03242 ULONG EaSize; 03243 CCHAR ShortNameLength; 03244 WCHAR ShortName[12]; 03245 WCHAR FileName[1]; 03246 } FILE_BOTH_DIR_INFORMATION, *PFILE_BOTH_DIR_INFORMATION; 03247 03248 typedef struct _FILE_ID_BOTH_DIR_INFORMATION { 03249 ULONG NextEntryOffset; 03250 ULONG FileIndex; 03251 LARGE_INTEGER CreationTime; 03252 LARGE_INTEGER LastAccessTime; 03253 LARGE_INTEGER LastWriteTime; 03254 LARGE_INTEGER ChangeTime; 03255 LARGE_INTEGER EndOfFile; 03256 LARGE_INTEGER AllocationSize; 03257 ULONG FileAttributes; 03258 ULONG FileNameLength; 03259 ULONG EaSize; 03260 CCHAR ShortNameLength; 03261 WCHAR ShortName[12]; 03262 LARGE_INTEGER FileId; 03263 WCHAR FileName[1]; 03264 } FILE_ID_BOTH_DIR_INFORMATION, *PFILE_ID_BOTH_DIR_INFORMATION; 03265 03266 typedef struct _FILE_NAMES_INFORMATION { 03267 ULONG NextEntryOffset; 03268 ULONG FileIndex; 03269 ULONG FileNameLength; 03270 WCHAR FileName[1]; 03271 } FILE_NAMES_INFORMATION, *PFILE_NAMES_INFORMATION; 03272 03273 typedef struct _FILE_ID_GLOBAL_TX_DIR_INFORMATION { 03274 ULONG NextEntryOffset; 03275 ULONG FileIndex; 03276 LARGE_INTEGER CreationTime; 03277 LARGE_INTEGER LastAccessTime; 03278 LARGE_INTEGER LastWriteTime; 03279 LARGE_INTEGER ChangeTime; 03280 LARGE_INTEGER EndOfFile; 03281 LARGE_INTEGER AllocationSize; 03282 ULONG FileAttributes; 03283 ULONG FileNameLength; 03284 LARGE_INTEGER FileId; 03285 GUID LockingTransactionId; 03286 ULONG TxInfoFlags; 03287 WCHAR FileName[1]; 03288 } FILE_ID_GLOBAL_TX_DIR_INFORMATION, *PFILE_ID_GLOBAL_TX_DIR_INFORMATION; 03289 03290 #define FILE_ID_GLOBAL_TX_DIR_INFO_FLAG_WRITELOCKED 0x00000001 03291 #define FILE_ID_GLOBAL_TX_DIR_INFO_FLAG_VISIBLE_TO_TX 0x00000002 03292 #define FILE_ID_GLOBAL_TX_DIR_INFO_FLAG_VISIBLE_OUTSIDE_TX 0x00000004 03293 03294 typedef struct _FILE_OBJECTID_INFORMATION { 03295 LONGLONG FileReference; 03296 UCHAR ObjectId[16]; 03297 _ANONYMOUS_UNION union { 03298 _ANONYMOUS_STRUCT struct { 03299 UCHAR BirthVolumeId[16]; 03300 UCHAR BirthObjectId[16]; 03301 UCHAR DomainId[16]; 03302 } DUMMYSTRUCTNAME; 03303 UCHAR ExtendedInfo[48]; 03304 } DUMMYUNIONNAME; 03305 } FILE_OBJECTID_INFORMATION, *PFILE_OBJECTID_INFORMATION; 03306 03307 #define ANSI_DOS_STAR ('<') 03308 #define ANSI_DOS_QM ('>') 03309 #define ANSI_DOS_DOT ('"') 03310 03311 #define DOS_STAR (L'<') 03312 #define DOS_QM (L'>') 03313 #define DOS_DOT (L'"') 03314 03315 typedef struct _FILE_INTERNAL_INFORMATION { 03316 LARGE_INTEGER IndexNumber; 03317 } FILE_INTERNAL_INFORMATION, *PFILE_INTERNAL_INFORMATION; 03318 03319 typedef struct _FILE_EA_INFORMATION { 03320 ULONG EaSize; 03321 } FILE_EA_INFORMATION, *PFILE_EA_INFORMATION; 03322 03323 typedef struct _FILE_ACCESS_INFORMATION { 03324 ACCESS_MASK AccessFlags; 03325 } FILE_ACCESS_INFORMATION, *PFILE_ACCESS_INFORMATION; 03326 03327 typedef struct _FILE_MODE_INFORMATION { 03328 ULONG Mode; 03329 } FILE_MODE_INFORMATION, *PFILE_MODE_INFORMATION; 03330 03331 typedef struct _FILE_ALL_INFORMATION { 03332 FILE_BASIC_INFORMATION BasicInformation; 03333 FILE_STANDARD_INFORMATION StandardInformation; 03334 FILE_INTERNAL_INFORMATION InternalInformation; 03335 FILE_EA_INFORMATION EaInformation; 03336 FILE_ACCESS_INFORMATION AccessInformation; 03337 FILE_POSITION_INFORMATION PositionInformation; 03338 FILE_MODE_INFORMATION ModeInformation; 03339 FILE_ALIGNMENT_INFORMATION AlignmentInformation; 03340 FILE_NAME_INFORMATION NameInformation; 03341 } FILE_ALL_INFORMATION, *PFILE_ALL_INFORMATION; 03342 03343 typedef struct _FILE_ALLOCATION_INFORMATION { 03344 LARGE_INTEGER AllocationSize; 03345 } FILE_ALLOCATION_INFORMATION, *PFILE_ALLOCATION_INFORMATION; 03346 03347 typedef struct _FILE_COMPRESSION_INFORMATION { 03348 LARGE_INTEGER CompressedFileSize; 03349 USHORT CompressionFormat; 03350 UCHAR CompressionUnitShift; 03351 UCHAR ChunkShift; 03352 UCHAR ClusterShift; 03353 UCHAR Reserved[3]; 03354 } FILE_COMPRESSION_INFORMATION, *PFILE_COMPRESSION_INFORMATION; 03355 03356 typedef struct _FILE_LINK_INFORMATION { 03357 BOOLEAN ReplaceIfExists; 03358 HANDLE RootDirectory; 03359 ULONG FileNameLength; 03360 WCHAR FileName[1]; 03361 } FILE_LINK_INFORMATION, *PFILE_LINK_INFORMATION; 03362 03363 typedef struct _FILE_MOVE_CLUSTER_INFORMATION { 03364 ULONG ClusterCount; 03365 HANDLE RootDirectory; 03366 ULONG FileNameLength; 03367 WCHAR FileName[1]; 03368 } FILE_MOVE_CLUSTER_INFORMATION, *PFILE_MOVE_CLUSTER_INFORMATION; 03369 03370 typedef struct _FILE_RENAME_INFORMATION { 03371 BOOLEAN ReplaceIfExists; 03372 HANDLE RootDirectory; 03373 ULONG FileNameLength; 03374 WCHAR FileName[1]; 03375 } FILE_RENAME_INFORMATION, *PFILE_RENAME_INFORMATION; 03376 03377 typedef struct _FILE_STREAM_INFORMATION { 03378 ULONG NextEntryOffset; 03379 ULONG StreamNameLength; 03380 LARGE_INTEGER StreamSize; 03381 LARGE_INTEGER StreamAllocationSize; 03382 WCHAR StreamName[1]; 03383 } FILE_STREAM_INFORMATION, *PFILE_STREAM_INFORMATION; 03384 03385 typedef struct _FILE_TRACKING_INFORMATION { 03386 HANDLE DestinationFile; 03387 ULONG ObjectInformationLength; 03388 CHAR ObjectInformation[1]; 03389 } FILE_TRACKING_INFORMATION, *PFILE_TRACKING_INFORMATION; 03390 03391 typedef struct _FILE_COMPLETION_INFORMATION { 03392 HANDLE Port; 03393 PVOID Key; 03394 } FILE_COMPLETION_INFORMATION, *PFILE_COMPLETION_INFORMATION; 03395 03396 typedef struct _FILE_PIPE_INFORMATION { 03397 ULONG ReadMode; 03398 ULONG CompletionMode; 03399 } FILE_PIPE_INFORMATION, *PFILE_PIPE_INFORMATION; 03400 03401 typedef struct _FILE_PIPE_LOCAL_INFORMATION { 03402 ULONG NamedPipeType; 03403 ULONG NamedPipeConfiguration; 03404 ULONG MaximumInstances; 03405 ULONG CurrentInstances; 03406 ULONG InboundQuota; 03407 ULONG ReadDataAvailable; 03408 ULONG OutboundQuota; 03409 ULONG WriteQuotaAvailable; 03410 ULONG NamedPipeState; 03411 ULONG NamedPipeEnd; 03412 } FILE_PIPE_LOCAL_INFORMATION, *PFILE_PIPE_LOCAL_INFORMATION; 03413 03414 typedef struct _FILE_PIPE_REMOTE_INFORMATION { 03415 LARGE_INTEGER CollectDataTime; 03416 ULONG MaximumCollectionCount; 03417 } FILE_PIPE_REMOTE_INFORMATION, *PFILE_PIPE_REMOTE_INFORMATION; 03418 03419 typedef struct _FILE_MAILSLOT_QUERY_INFORMATION { 03420 ULONG MaximumMessageSize; 03421 ULONG MailslotQuota; 03422 ULONG NextMessageSize; 03423 ULONG MessagesAvailable; 03424 LARGE_INTEGER ReadTimeout; 03425 } FILE_MAILSLOT_QUERY_INFORMATION, *PFILE_MAILSLOT_QUERY_INFORMATION; 03426 03427 typedef struct _FILE_MAILSLOT_SET_INFORMATION { 03428 PLARGE_INTEGER ReadTimeout; 03429 } FILE_MAILSLOT_SET_INFORMATION, *PFILE_MAILSLOT_SET_INFORMATION; 03430 03431 typedef struct _FILE_REPARSE_POINT_INFORMATION { 03432 LONGLONG FileReference; 03433 ULONG Tag; 03434 } FILE_REPARSE_POINT_INFORMATION, *PFILE_REPARSE_POINT_INFORMATION; 03435 03436 typedef struct _FILE_LINK_ENTRY_INFORMATION { 03437 ULONG NextEntryOffset; 03438 LONGLONG ParentFileId; 03439 ULONG FileNameLength; 03440 WCHAR FileName[1]; 03441 } FILE_LINK_ENTRY_INFORMATION, *PFILE_LINK_ENTRY_INFORMATION; 03442 03443 typedef struct _FILE_LINKS_INFORMATION { 03444 ULONG BytesNeeded; 03445 ULONG EntriesReturned; 03446 FILE_LINK_ENTRY_INFORMATION Entry; 03447 } FILE_LINKS_INFORMATION, *PFILE_LINKS_INFORMATION; 03448 03449 typedef struct _FILE_NETWORK_PHYSICAL_NAME_INFORMATION { 03450 ULONG FileNameLength; 03451 WCHAR FileName[1]; 03452 } FILE_NETWORK_PHYSICAL_NAME_INFORMATION, *PFILE_NETWORK_PHYSICAL_NAME_INFORMATION; 03453 03454 typedef struct _FILE_STANDARD_LINK_INFORMATION { 03455 ULONG NumberOfAccessibleLinks; 03456 ULONG TotalNumberOfLinks; 03457 BOOLEAN DeletePending; 03458 BOOLEAN Directory; 03459 } FILE_STANDARD_LINK_INFORMATION, *PFILE_STANDARD_LINK_INFORMATION; 03460 03461 typedef struct _FILE_GET_EA_INFORMATION { 03462 ULONG NextEntryOffset; 03463 UCHAR EaNameLength; 03464 CHAR EaName[1]; 03465 } FILE_GET_EA_INFORMATION, *PFILE_GET_EA_INFORMATION; 03466 03467 #define REMOTE_PROTOCOL_FLAG_LOOPBACK 0x00000001 03468 #define REMOTE_PROTOCOL_FLAG_OFFLINE 0x00000002 03469 03470 typedef struct _FILE_REMOTE_PROTOCOL_INFORMATION { 03471 USHORT StructureVersion; 03472 USHORT StructureSize; 03473 ULONG Protocol; 03474 USHORT ProtocolMajorVersion; 03475 USHORT ProtocolMinorVersion; 03476 USHORT ProtocolRevision; 03477 USHORT Reserved; 03478 ULONG Flags; 03479 struct { 03480 ULONG Reserved[8]; 03481 } GenericReserved; 03482 struct { 03483 ULONG Reserved[16]; 03484 } ProtocolSpecificReserved; 03485 } FILE_REMOTE_PROTOCOL_INFORMATION, *PFILE_REMOTE_PROTOCOL_INFORMATION; 03486 03487 typedef struct _FILE_GET_QUOTA_INFORMATION { 03488 ULONG NextEntryOffset; 03489 ULONG SidLength; 03490 SID Sid; 03491 } FILE_GET_QUOTA_INFORMATION, *PFILE_GET_QUOTA_INFORMATION; 03492 03493 typedef struct _FILE_QUOTA_INFORMATION { 03494 ULONG NextEntryOffset; 03495 ULONG SidLength; 03496 LARGE_INTEGER ChangeTime; 03497 LARGE_INTEGER QuotaUsed; 03498 LARGE_INTEGER QuotaThreshold; 03499 LARGE_INTEGER QuotaLimit; 03500 SID Sid; 03501 } FILE_QUOTA_INFORMATION, *PFILE_QUOTA_INFORMATION; 03502 03503 typedef struct _FILE_FS_ATTRIBUTE_INFORMATION { 03504 ULONG FileSystemAttributes; 03505 ULONG MaximumComponentNameLength; 03506 ULONG FileSystemNameLength; 03507 WCHAR FileSystemName[1]; 03508 } FILE_FS_ATTRIBUTE_INFORMATION, *PFILE_FS_ATTRIBUTE_INFORMATION; 03509 03510 typedef struct _FILE_FS_DRIVER_PATH_INFORMATION { 03511 BOOLEAN DriverInPath; 03512 ULONG DriverNameLength; 03513 WCHAR DriverName[1]; 03514 } FILE_FS_DRIVER_PATH_INFORMATION, *PFILE_FS_DRIVER_PATH_INFORMATION; 03515 03516 typedef struct _FILE_FS_VOLUME_FLAGS_INFORMATION { 03517 ULONG Flags; 03518 } FILE_FS_VOLUME_FLAGS_INFORMATION, *PFILE_FS_VOLUME_FLAGS_INFORMATION; 03519 03520 #define FILE_VC_QUOTA_NONE 0x00000000 03521 #define FILE_VC_QUOTA_TRACK 0x00000001 03522 #define FILE_VC_QUOTA_ENFORCE 0x00000002 03523 #define FILE_VC_QUOTA_MASK 0x00000003 03524 #define FILE_VC_CONTENT_INDEX_DISABLED 0x00000008 03525 #define FILE_VC_LOG_QUOTA_THRESHOLD 0x00000010 03526 #define FILE_VC_LOG_QUOTA_LIMIT 0x00000020 03527 #define FILE_VC_LOG_VOLUME_THRESHOLD 0x00000040 03528 #define FILE_VC_LOG_VOLUME_LIMIT 0x00000080 03529 #define FILE_VC_QUOTAS_INCOMPLETE 0x00000100 03530 #define FILE_VC_QUOTAS_REBUILDING 0x00000200 03531 #define FILE_VC_VALID_MASK 0x000003ff 03532 03533 typedef struct _FILE_FS_CONTROL_INFORMATION { 03534 LARGE_INTEGER FreeSpaceStartFiltering; 03535 LARGE_INTEGER FreeSpaceThreshold; 03536 LARGE_INTEGER FreeSpaceStopFiltering; 03537 LARGE_INTEGER DefaultQuotaThreshold; 03538 LARGE_INTEGER DefaultQuotaLimit; 03539 ULONG FileSystemControlFlags; 03540 } FILE_FS_CONTROL_INFORMATION, *PFILE_FS_CONTROL_INFORMATION; 03541 03542 #ifndef _FILESYSTEMFSCTL_ 03543 #define _FILESYSTEMFSCTL_ 03544 03545 #define FSCTL_REQUEST_OPLOCK_LEVEL_1 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 0, METHOD_BUFFERED, FILE_ANY_ACCESS) 03546 #define FSCTL_REQUEST_OPLOCK_LEVEL_2 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 1, METHOD_BUFFERED, FILE_ANY_ACCESS) 03547 #define FSCTL_REQUEST_BATCH_OPLOCK CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 2, METHOD_BUFFERED, FILE_ANY_ACCESS) 03548 #define FSCTL_OPLOCK_BREAK_ACKNOWLEDGE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 3, METHOD_BUFFERED, FILE_ANY_ACCESS) 03549 #define FSCTL_OPBATCH_ACK_CLOSE_PENDING CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 4, METHOD_BUFFERED, FILE_ANY_ACCESS) 03550 #define FSCTL_OPLOCK_BREAK_NOTIFY CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 5, METHOD_BUFFERED, FILE_ANY_ACCESS) 03551 #define FSCTL_LOCK_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 6, METHOD_BUFFERED, FILE_ANY_ACCESS) 03552 #define FSCTL_UNLOCK_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 7, METHOD_BUFFERED, FILE_ANY_ACCESS) 03553 #define FSCTL_DISMOUNT_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 8, METHOD_BUFFERED, FILE_ANY_ACCESS) 03554 #define FSCTL_IS_VOLUME_MOUNTED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 10, METHOD_BUFFERED, FILE_ANY_ACCESS) 03555 #define FSCTL_IS_PATHNAME_VALID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 11, METHOD_BUFFERED, FILE_ANY_ACCESS) 03556 #define FSCTL_MARK_VOLUME_DIRTY CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 12, METHOD_BUFFERED, FILE_ANY_ACCESS) 03557 #define FSCTL_QUERY_RETRIEVAL_POINTERS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 14, METHOD_NEITHER, FILE_ANY_ACCESS) 03558 #define FSCTL_GET_COMPRESSION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 15, METHOD_BUFFERED, FILE_ANY_ACCESS) 03559 #define FSCTL_SET_COMPRESSION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 16, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA) 03560 #define FSCTL_SET_BOOTLOADER_ACCESSED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 19, METHOD_NEITHER, FILE_ANY_ACCESS) 03561 03562 #define FSCTL_OPLOCK_BREAK_ACK_NO_2 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 20, METHOD_BUFFERED, FILE_ANY_ACCESS) 03563 #define FSCTL_INVALIDATE_VOLUMES CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 21, METHOD_BUFFERED, FILE_ANY_ACCESS) 03564 #define FSCTL_QUERY_FAT_BPB CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 22, METHOD_BUFFERED, FILE_ANY_ACCESS) 03565 #define FSCTL_REQUEST_FILTER_OPLOCK CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 23, METHOD_BUFFERED, FILE_ANY_ACCESS) 03566 #define FSCTL_FILESYSTEM_GET_STATISTICS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 24, METHOD_BUFFERED, FILE_ANY_ACCESS) 03567 03568 #if (_WIN32_WINNT >= 0x0400) 03569 03570 #define FSCTL_GET_NTFS_VOLUME_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 25, METHOD_BUFFERED, FILE_ANY_ACCESS) 03571 #define FSCTL_GET_NTFS_FILE_RECORD CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 26, METHOD_BUFFERED, FILE_ANY_ACCESS) 03572 #define FSCTL_GET_VOLUME_BITMAP CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 27, METHOD_NEITHER, FILE_ANY_ACCESS) 03573 #define FSCTL_GET_RETRIEVAL_POINTERS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 28, METHOD_NEITHER, FILE_ANY_ACCESS) 03574 #define FSCTL_MOVE_FILE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 29, METHOD_BUFFERED, FILE_ANY_ACCESS) 03575 #define FSCTL_IS_VOLUME_DIRTY CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 30, METHOD_BUFFERED, FILE_ANY_ACCESS) 03576 #define FSCTL_ALLOW_EXTENDED_DASD_IO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 32, METHOD_NEITHER, FILE_ANY_ACCESS) 03577 03578 #endif 03579 03580 #if (_WIN32_WINNT >= 0x0500) 03581 03582 #define FSCTL_FIND_FILES_BY_SID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 35, METHOD_NEITHER, FILE_ANY_ACCESS) 03583 #define FSCTL_SET_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 38, METHOD_BUFFERED, FILE_WRITE_DATA) 03584 #define FSCTL_GET_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 39, METHOD_BUFFERED, FILE_ANY_ACCESS) 03585 #define FSCTL_DELETE_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 40, METHOD_BUFFERED, FILE_WRITE_DATA) 03586 #define FSCTL_SET_REPARSE_POINT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 41, METHOD_BUFFERED, FILE_WRITE_DATA) 03587 #define FSCTL_GET_REPARSE_POINT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 42, METHOD_BUFFERED, FILE_ANY_ACCESS) 03588 #define FSCTL_DELETE_REPARSE_POINT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 43, METHOD_BUFFERED, FILE_WRITE_DATA) 03589 #define FSCTL_ENUM_USN_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 44, METHOD_NEITHER, FILE_READ_DATA) 03590 #define FSCTL_SECURITY_ID_CHECK CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 45, METHOD_NEITHER, FILE_READ_DATA) 03591 #define FSCTL_READ_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 46, METHOD_NEITHER, FILE_READ_DATA) 03592 #define FSCTL_SET_OBJECT_ID_EXTENDED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 47, METHOD_BUFFERED, FILE_WRITE_DATA) 03593 #define FSCTL_CREATE_OR_GET_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 48, METHOD_BUFFERED, FILE_ANY_ACCESS) 03594 #define FSCTL_SET_SPARSE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 49, METHOD_BUFFERED, FILE_WRITE_DATA) 03595 #define FSCTL_SET_ZERO_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 50, METHOD_BUFFERED, FILE_WRITE_DATA) 03596 #define FSCTL_QUERY_ALLOCATED_RANGES CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 51, METHOD_NEITHER, FILE_READ_DATA) 03597 #define FSCTL_ENABLE_UPGRADE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 52, METHOD_BUFFERED, FILE_WRITE_DATA) 03598 #define FSCTL_SET_ENCRYPTION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 53, METHOD_BUFFERED, FILE_ANY_ACCESS) 03599 #define FSCTL_ENCRYPTION_FSCTL_IO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 54, METHOD_NEITHER, FILE_ANY_ACCESS) 03600 #define FSCTL_WRITE_RAW_ENCRYPTED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 55, METHOD_NEITHER, FILE_ANY_ACCESS) 03601 #define FSCTL_READ_RAW_ENCRYPTED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 56, METHOD_NEITHER, FILE_ANY_ACCESS) 03602 #define FSCTL_CREATE_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 57, METHOD_NEITHER, FILE_READ_DATA) 03603 #define FSCTL_READ_FILE_USN_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 58, METHOD_NEITHER, FILE_READ_DATA) 03604 #define FSCTL_WRITE_USN_CLOSE_RECORD CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 59, METHOD_NEITHER, FILE_READ_DATA) 03605 #define FSCTL_EXTEND_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 60, METHOD_BUFFERED, FILE_ANY_ACCESS) 03606 #define FSCTL_QUERY_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 61, METHOD_BUFFERED, FILE_ANY_ACCESS) 03607 #define FSCTL_DELETE_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 62, METHOD_BUFFERED, FILE_ANY_ACCESS) 03608 #define FSCTL_MARK_HANDLE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 63, METHOD_BUFFERED, FILE_ANY_ACCESS) 03609 #define FSCTL_SIS_COPYFILE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 64, METHOD_BUFFERED, FILE_ANY_ACCESS) 03610 #define FSCTL_SIS_LINK_FILES CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 65, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA) 03611 #define FSCTL_RECALL_FILE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 69, METHOD_NEITHER, FILE_ANY_ACCESS) 03612 #define FSCTL_READ_FROM_PLEX CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 71, METHOD_OUT_DIRECT, FILE_READ_DATA) 03613 #define FSCTL_FILE_PREFETCH CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 72, METHOD_BUFFERED, FILE_SPECIAL_ACCESS) 03614 03615 #endif 03616 03617 #if (_WIN32_WINNT >= 0x0600) 03618 03619 #define FSCTL_MAKE_MEDIA_COMPATIBLE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 76, METHOD_BUFFERED, FILE_WRITE_DATA) 03620 #define FSCTL_SET_DEFECT_MANAGEMENT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 77, METHOD_BUFFERED, FILE_WRITE_DATA) 03621 #define FSCTL_QUERY_SPARING_INFO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 78, METHOD_BUFFERED, FILE_ANY_ACCESS) 03622 #define FSCTL_QUERY_ON_DISK_VOLUME_INFO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 79, METHOD_BUFFERED, FILE_ANY_ACCESS) 03623 #define FSCTL_SET_VOLUME_COMPRESSION_STATE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 80, METHOD_BUFFERED, FILE_SPECIAL_ACCESS) 03624 #define FSCTL_TXFS_MODIFY_RM CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 81, METHOD_BUFFERED, FILE_WRITE_DATA) 03625 #define FSCTL_TXFS_QUERY_RM_INFORMATION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 82, METHOD_BUFFERED, FILE_READ_DATA) 03626 #define FSCTL_TXFS_ROLLFORWARD_REDO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 84, METHOD_BUFFERED, FILE_WRITE_DATA) 03627 #define FSCTL_TXFS_ROLLFORWARD_UNDO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 85, METHOD_BUFFERED, FILE_WRITE_DATA) 03628 #define FSCTL_TXFS_START_RM CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 86, METHOD_BUFFERED, FILE_WRITE_DATA) 03629 #define FSCTL_TXFS_SHUTDOWN_RM CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 87, METHOD_BUFFERED, FILE_WRITE_DATA) 03630 #define FSCTL_TXFS_READ_BACKUP_INFORMATION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 88, METHOD_BUFFERED, FILE_READ_DATA) 03631 #define FSCTL_TXFS_WRITE_BACKUP_INFORMATION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 89, METHOD_BUFFERED, FILE_WRITE_DATA) 03632 #define FSCTL_TXFS_CREATE_SECONDARY_RM CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 90, METHOD_BUFFERED, FILE_WRITE_DATA) 03633 #define FSCTL_TXFS_GET_METADATA_INFO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 91, METHOD_BUFFERED, FILE_READ_DATA) 03634 #define FSCTL_TXFS_GET_TRANSACTED_VERSION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 92, METHOD_BUFFERED, FILE_READ_DATA) 03635 #define FSCTL_TXFS_SAVEPOINT_INFORMATION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 94, METHOD_BUFFERED, FILE_WRITE_DATA) 03636 #define FSCTL_TXFS_CREATE_MINIVERSION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 95, METHOD_BUFFERED, FILE_WRITE_DATA) 03637 #define FSCTL_TXFS_TRANSACTION_ACTIVE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 99, METHOD_BUFFERED, FILE_READ_DATA) 03638 #define FSCTL_SET_ZERO_ON_DEALLOCATION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 101, METHOD_BUFFERED, FILE_SPECIAL_ACCESS) 03639 #define FSCTL_SET_REPAIR CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 102, METHOD_BUFFERED, FILE_ANY_ACCESS) 03640 #define FSCTL_GET_REPAIR CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 103, METHOD_BUFFERED, FILE_ANY_ACCESS) 03641 #define FSCTL_WAIT_FOR_REPAIR CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 104, METHOD_BUFFERED, FILE_ANY_ACCESS) 03642 #define FSCTL_INITIATE_REPAIR CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 106, METHOD_BUFFERED, FILE_ANY_ACCESS) 03643 #define FSCTL_CSC_INTERNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 107, METHOD_NEITHER, FILE_ANY_ACCESS) 03644 #define FSCTL_SHRINK_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 108, METHOD_BUFFERED, FILE_SPECIAL_ACCESS) 03645 #define FSCTL_SET_SHORT_NAME_BEHAVIOR CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 109, METHOD_BUFFERED, FILE_ANY_ACCESS) 03646 #define FSCTL_DFSR_SET_GHOST_HANDLE_STATE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 110, METHOD_BUFFERED, FILE_ANY_ACCESS) 03647 03648 #define FSCTL_TXFS_LIST_TRANSACTION_LOCKED_FILES \ 03649 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 120, METHOD_BUFFERED, FILE_READ_DATA) 03650 #define FSCTL_TXFS_LIST_TRANSACTIONS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 121, METHOD_BUFFERED, FILE_READ_DATA) 03651 #define FSCTL_QUERY_PAGEFILE_ENCRYPTION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 122, METHOD_BUFFERED, FILE_ANY_ACCESS) 03652 #define FSCTL_RESET_VOLUME_ALLOCATION_HINTS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 123, METHOD_BUFFERED, FILE_ANY_ACCESS) 03653 #define FSCTL_TXFS_READ_BACKUP_INFORMATION2 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 126, METHOD_BUFFERED, FILE_ANY_ACCESS) 03654 03655 #endif 03656 03657 #if (_WIN32_WINNT >= 0x0601) 03658 03659 #define FSCTL_QUERY_DEPENDENT_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 124, METHOD_BUFFERED, FILE_ANY_ACCESS) 03660 #define FSCTL_SD_GLOBAL_CHANGE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 125, METHOD_BUFFERED, FILE_ANY_ACCESS) 03661 #define FSCTL_LOOKUP_STREAM_FROM_CLUSTER CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 127, METHOD_BUFFERED, FILE_ANY_ACCESS) 03662 #define FSCTL_TXFS_WRITE_BACKUP_INFORMATION2 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 128, METHOD_BUFFERED, FILE_ANY_ACCESS) 03663 #define FSCTL_FILE_TYPE_NOTIFICATION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 129, METHOD_BUFFERED, FILE_ANY_ACCESS) 03664 #define FSCTL_GET_BOOT_AREA_INFO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 140, METHOD_BUFFERED, FILE_ANY_ACCESS) 03665 #define FSCTL_GET_RETRIEVAL_POINTER_BASE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 141, METHOD_BUFFERED, FILE_ANY_ACCESS) 03666 #define FSCTL_SET_PERSISTENT_VOLUME_STATE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 142, METHOD_BUFFERED, FILE_ANY_ACCESS) 03667 #define FSCTL_QUERY_PERSISTENT_VOLUME_STATE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 143, METHOD_BUFFERED, FILE_ANY_ACCESS) 03668 03669 #define FSCTL_REQUEST_OPLOCK CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 144, METHOD_BUFFERED, FILE_ANY_ACCESS) 03670 03671 #define FSCTL_CSV_TUNNEL_REQUEST CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 145, METHOD_BUFFERED, FILE_ANY_ACCESS) 03672 #define FSCTL_IS_CSV_FILE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 146, METHOD_BUFFERED, FILE_ANY_ACCESS) 03673 03674 #define FSCTL_QUERY_FILE_SYSTEM_RECOGNITION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 147, METHOD_BUFFERED, FILE_ANY_ACCESS) 03675 #define FSCTL_CSV_GET_VOLUME_PATH_NAME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 148, METHOD_BUFFERED, FILE_ANY_ACCESS) 03676 #define FSCTL_CSV_GET_VOLUME_NAME_FOR_VOLUME_MOUNT_POINT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 149, METHOD_BUFFERED, FILE_ANY_ACCESS) 03677 #define FSCTL_CSV_GET_VOLUME_PATH_NAMES_FOR_VOLUME_NAME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 150, METHOD_BUFFERED, FILE_ANY_ACCESS) 03678 #define FSCTL_IS_FILE_ON_CSV_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 151, METHOD_BUFFERED, FILE_ANY_ACCESS) 03679 03680 typedef struct _CSV_NAMESPACE_INFO { 03681 ULONG Version; 03682 ULONG DeviceNumber; 03683 LARGE_INTEGER StartingOffset; 03684 ULONG SectorSize; 03685 } CSV_NAMESPACE_INFO, *PCSV_NAMESPACE_INFO; 03686 03687 #define CSV_NAMESPACE_INFO_V1 (sizeof(CSV_NAMESPACE_INFO)) 03688 #define CSV_INVALID_DEVICE_NUMBER 0xFFFFFFFF 03689 03690 #endif 03691 03692 #define FSCTL_MARK_AS_SYSTEM_HIVE FSCTL_SET_BOOTLOADER_ACCESSED 03693 03694 typedef struct _PATHNAME_BUFFER { 03695 ULONG PathNameLength; 03696 WCHAR Name[1]; 03697 } PATHNAME_BUFFER, *PPATHNAME_BUFFER; 03698 03699 typedef struct _FSCTL_QUERY_FAT_BPB_BUFFER { 03700 UCHAR First0x24BytesOfBootSector[0x24]; 03701 } FSCTL_QUERY_FAT_BPB_BUFFER, *PFSCTL_QUERY_FAT_BPB_BUFFER; 03702 03703 #if (_WIN32_WINNT >= 0x0400) 03704 03705 typedef struct _NTFS_VOLUME_DATA_BUFFER { 03706 LARGE_INTEGER VolumeSerialNumber; 03707 LARGE_INTEGER NumberSectors; 03708 LARGE_INTEGER TotalClusters; 03709 LARGE_INTEGER FreeClusters; 03710 LARGE_INTEGER TotalReserved; 03711 ULONG BytesPerSector; 03712 ULONG BytesPerCluster; 03713 ULONG BytesPerFileRecordSegment; 03714 ULONG ClustersPerFileRecordSegment; 03715 LARGE_INTEGER MftValidDataLength; 03716 LARGE_INTEGER MftStartLcn; 03717 LARGE_INTEGER Mft2StartLcn; 03718 LARGE_INTEGER MftZoneStart; 03719 LARGE_INTEGER MftZoneEnd; 03720 } NTFS_VOLUME_DATA_BUFFER, *PNTFS_VOLUME_DATA_BUFFER; 03721 03722 typedef struct _NTFS_EXTENDED_VOLUME_DATA { 03723 ULONG ByteCount; 03724 USHORT MajorVersion; 03725 USHORT MinorVersion; 03726 } NTFS_EXTENDED_VOLUME_DATA, *PNTFS_EXTENDED_VOLUME_DATA; 03727 03728 typedef struct _STARTING_LCN_INPUT_BUFFER { 03729 LARGE_INTEGER StartingLcn; 03730 } STARTING_LCN_INPUT_BUFFER, *PSTARTING_LCN_INPUT_BUFFER; 03731 03732 typedef struct _VOLUME_BITMAP_BUFFER { 03733 LARGE_INTEGER StartingLcn; 03734 LARGE_INTEGER BitmapSize; 03735 UCHAR Buffer[1]; 03736 } VOLUME_BITMAP_BUFFER, *PVOLUME_BITMAP_BUFFER; 03737 03738 typedef struct _STARTING_VCN_INPUT_BUFFER { 03739 LARGE_INTEGER StartingVcn; 03740 } STARTING_VCN_INPUT_BUFFER, *PSTARTING_VCN_INPUT_BUFFER; 03741 03742 typedef struct _RETRIEVAL_POINTERS_BUFFER { 03743 ULONG ExtentCount; 03744 LARGE_INTEGER StartingVcn; 03745 struct { 03746 LARGE_INTEGER NextVcn; 03747 LARGE_INTEGER Lcn; 03748 } Extents[1]; 03749 } RETRIEVAL_POINTERS_BUFFER, *PRETRIEVAL_POINTERS_BUFFER; 03750 03751 typedef struct _NTFS_FILE_RECORD_INPUT_BUFFER { 03752 LARGE_INTEGER FileReferenceNumber; 03753 } NTFS_FILE_RECORD_INPUT_BUFFER, *PNTFS_FILE_RECORD_INPUT_BUFFER; 03754 03755 typedef struct _NTFS_FILE_RECORD_OUTPUT_BUFFER { 03756 LARGE_INTEGER FileReferenceNumber; 03757 ULONG FileRecordLength; 03758 UCHAR FileRecordBuffer[1]; 03759 } NTFS_FILE_RECORD_OUTPUT_BUFFER, *PNTFS_FILE_RECORD_OUTPUT_BUFFER; 03760 03761 typedef struct _MOVE_FILE_DATA { 03762 HANDLE FileHandle; 03763 LARGE_INTEGER StartingVcn; 03764 LARGE_INTEGER StartingLcn; 03765 ULONG ClusterCount; 03766 } MOVE_FILE_DATA, *PMOVE_FILE_DATA; 03767 03768 typedef struct _MOVE_FILE_RECORD_DATA { 03769 HANDLE FileHandle; 03770 LARGE_INTEGER SourceFileRecord; 03771 LARGE_INTEGER TargetFileRecord; 03772 } MOVE_FILE_RECORD_DATA, *PMOVE_FILE_RECORD_DATA; 03773 03774 #if defined(_WIN64) 03775 typedef struct _MOVE_FILE_DATA32 { 03776 UINT32 FileHandle; 03777 LARGE_INTEGER StartingVcn; 03778 LARGE_INTEGER StartingLcn; 03779 ULONG ClusterCount; 03780 } MOVE_FILE_DATA32, *PMOVE_FILE_DATA32; 03781 #endif 03782 03783 #endif /* (_WIN32_WINNT >= 0x0400) */ 03784 03785 #if (_WIN32_WINNT >= 0x0500) 03786 03787 typedef struct _FIND_BY_SID_DATA { 03788 ULONG Restart; 03789 SID Sid; 03790 } FIND_BY_SID_DATA, *PFIND_BY_SID_DATA; 03791 03792 typedef struct _FIND_BY_SID_OUTPUT { 03793 ULONG NextEntryOffset; 03794 ULONG FileIndex; 03795 ULONG FileNameLength; 03796 WCHAR FileName[1]; 03797 } FIND_BY_SID_OUTPUT, *PFIND_BY_SID_OUTPUT; 03798 03799 typedef struct _MFT_ENUM_DATA { 03800 ULONGLONG StartFileReferenceNumber; 03801 USN LowUsn; 03802 USN HighUsn; 03803 } MFT_ENUM_DATA, *PMFT_ENUM_DATA; 03804 03805 typedef struct _CREATE_USN_JOURNAL_DATA { 03806 ULONGLONG MaximumSize; 03807 ULONGLONG AllocationDelta; 03808 } CREATE_USN_JOURNAL_DATA, *PCREATE_USN_JOURNAL_DATA; 03809 03810 typedef struct _READ_USN_JOURNAL_DATA { 03811 USN StartUsn; 03812 ULONG ReasonMask; 03813 ULONG ReturnOnlyOnClose; 03814 ULONGLONG Timeout; 03815 ULONGLONG BytesToWaitFor; 03816 ULONGLONG UsnJournalID; 03817 } READ_USN_JOURNAL_DATA, *PREAD_USN_JOURNAL_DATA; 03818 03819 typedef struct _USN_RECORD { 03820 ULONG RecordLength; 03821 USHORT MajorVersion; 03822 USHORT MinorVersion; 03823 ULONGLONG FileReferenceNumber; 03824 ULONGLONG ParentFileReferenceNumber; 03825 USN Usn; 03826 LARGE_INTEGER TimeStamp; 03827 ULONG Reason; 03828 ULONG SourceInfo; 03829 ULONG SecurityId; 03830 ULONG FileAttributes; 03831 USHORT FileNameLength; 03832 USHORT FileNameOffset; 03833 WCHAR FileName[1]; 03834 } USN_RECORD, *PUSN_RECORD; 03835 03836 #define USN_PAGE_SIZE (0x1000) 03837 03838 #define USN_REASON_DATA_OVERWRITE (0x00000001) 03839 #define USN_REASON_DATA_EXTEND (0x00000002) 03840 #define USN_REASON_DATA_TRUNCATION (0x00000004) 03841 #define USN_REASON_NAMED_DATA_OVERWRITE (0x00000010) 03842 #define USN_REASON_NAMED_DATA_EXTEND (0x00000020) 03843 #define USN_REASON_NAMED_DATA_TRUNCATION (0x00000040) 03844 #define USN_REASON_FILE_CREATE (0x00000100) 03845 #define USN_REASON_FILE_DELETE (0x00000200) 03846 #define USN_REASON_EA_CHANGE (0x00000400) 03847 #define USN_REASON_SECURITY_CHANGE (0x00000800) 03848 #define USN_REASON_RENAME_OLD_NAME (0x00001000) 03849 #define USN_REASON_RENAME_NEW_NAME (0x00002000) 03850 #define USN_REASON_INDEXABLE_CHANGE (0x00004000) 03851 #define USN_REASON_BASIC_INFO_CHANGE (0x00008000) 03852 #define USN_REASON_HARD_LINK_CHANGE (0x00010000) 03853 #define USN_REASON_COMPRESSION_CHANGE (0x00020000) 03854 #define USN_REASON_ENCRYPTION_CHANGE (0x00040000) 03855 #define USN_REASON_OBJECT_ID_CHANGE (0x00080000) 03856 #define USN_REASON_REPARSE_POINT_CHANGE (0x00100000) 03857 #define USN_REASON_STREAM_CHANGE (0x00200000) 03858 #define USN_REASON_TRANSACTED_CHANGE (0x00400000) 03859 #define USN_REASON_CLOSE (0x80000000) 03860 03861 typedef struct _USN_JOURNAL_DATA { 03862 ULONGLONG UsnJournalID; 03863 USN FirstUsn; 03864 USN NextUsn; 03865 USN LowestValidUsn; 03866 USN MaxUsn; 03867 ULONGLONG MaximumSize; 03868 ULONGLONG AllocationDelta; 03869 } USN_JOURNAL_DATA, *PUSN_JOURNAL_DATA; 03870 03871 typedef struct _DELETE_USN_JOURNAL_DATA { 03872 ULONGLONG UsnJournalID; 03873 ULONG DeleteFlags; 03874 } DELETE_USN_JOURNAL_DATA, *PDELETE_USN_JOURNAL_DATA; 03875 03876 #define USN_DELETE_FLAG_DELETE (0x00000001) 03877 #define USN_DELETE_FLAG_NOTIFY (0x00000002) 03878 #define USN_DELETE_VALID_FLAGS (0x00000003) 03879 03880 typedef struct _MARK_HANDLE_INFO { 03881 ULONG UsnSourceInfo; 03882 HANDLE VolumeHandle; 03883 ULONG HandleInfo; 03884 } MARK_HANDLE_INFO, *PMARK_HANDLE_INFO; 03885 03886 #if defined(_WIN64) 03887 typedef struct _MARK_HANDLE_INFO32 { 03888 ULONG UsnSourceInfo; 03889 UINT32 VolumeHandle; 03890 ULONG HandleInfo; 03891 } MARK_HANDLE_INFO32, *PMARK_HANDLE_INFO32; 03892 #endif 03893 03894 #define USN_SOURCE_DATA_MANAGEMENT (0x00000001) 03895 #define USN_SOURCE_AUXILIARY_DATA (0x00000002) 03896 #define USN_SOURCE_REPLICATION_MANAGEMENT (0x00000004) 03897 03898 #define MARK_HANDLE_PROTECT_CLUSTERS (0x00000001) 03899 #define MARK_HANDLE_TXF_SYSTEM_LOG (0x00000004) 03900 #define MARK_HANDLE_NOT_TXF_SYSTEM_LOG (0x00000008) 03901 03902 typedef struct _BULK_SECURITY_TEST_DATA { 03903 ACCESS_MASK DesiredAccess; 03904 ULONG SecurityIds[1]; 03905 } BULK_SECURITY_TEST_DATA, *PBULK_SECURITY_TEST_DATA; 03906 03907 #define VOLUME_IS_DIRTY (0x00000001) 03908 #define VOLUME_UPGRADE_SCHEDULED (0x00000002) 03909 #define VOLUME_SESSION_OPEN (0x00000004) 03910 03911 typedef struct _FILE_PREFETCH { 03912 ULONG Type; 03913 ULONG Count; 03914 ULONGLONG Prefetch[1]; 03915 } FILE_PREFETCH, *PFILE_PREFETCH; 03916 03917 typedef struct _FILE_PREFETCH_EX { 03918 ULONG Type; 03919 ULONG Count; 03920 PVOID Context; 03921 ULONGLONG Prefetch[1]; 03922 } FILE_PREFETCH_EX, *PFILE_PREFETCH_EX; 03923 03924 #define FILE_PREFETCH_TYPE_FOR_CREATE 0x1 03925 #define FILE_PREFETCH_TYPE_FOR_DIRENUM 0x2 03926 #define FILE_PREFETCH_TYPE_FOR_CREATE_EX 0x3 03927 #define FILE_PREFETCH_TYPE_FOR_DIRENUM_EX 0x4 03928 03929 #define FILE_PREFETCH_TYPE_MAX 0x4 03930 03931 typedef struct _FILE_OBJECTID_BUFFER { 03932 UCHAR ObjectId[16]; 03933 _ANONYMOUS_UNION union { 03934 _ANONYMOUS_STRUCT struct { 03935 UCHAR BirthVolumeId[16]; 03936 UCHAR BirthObjectId[16]; 03937 UCHAR DomainId[16]; 03938 } DUMMYSTRUCTNAME; 03939 UCHAR ExtendedInfo[48]; 03940 } DUMMYUNIONNAME; 03941 } FILE_OBJECTID_BUFFER, *PFILE_OBJECTID_BUFFER; 03942 03943 typedef struct _FILE_SET_SPARSE_BUFFER { 03944 BOOLEAN SetSparse; 03945 } FILE_SET_SPARSE_BUFFER, *PFILE_SET_SPARSE_BUFFER; 03946 03947 typedef struct _FILE_ZERO_DATA_INFORMATION { 03948 LARGE_INTEGER FileOffset; 03949 LARGE_INTEGER BeyondFinalZero; 03950 } FILE_ZERO_DATA_INFORMATION, *PFILE_ZERO_DATA_INFORMATION; 03951 03952 typedef struct _FILE_ALLOCATED_RANGE_BUFFER { 03953 LARGE_INTEGER FileOffset; 03954 LARGE_INTEGER Length; 03955 } FILE_ALLOCATED_RANGE_BUFFER, *PFILE_ALLOCATED_RANGE_BUFFER; 03956 03957 typedef struct _ENCRYPTION_BUFFER { 03958 ULONG EncryptionOperation; 03959 UCHAR Private[1]; 03960 } ENCRYPTION_BUFFER, *PENCRYPTION_BUFFER; 03961 03962 #define FILE_SET_ENCRYPTION 0x00000001 03963 #define FILE_CLEAR_ENCRYPTION 0x00000002 03964 #define STREAM_SET_ENCRYPTION 0x00000003 03965 #define STREAM_CLEAR_ENCRYPTION 0x00000004 03966 03967 #define MAXIMUM_ENCRYPTION_VALUE 0x00000004 03968 03969 typedef struct _DECRYPTION_STATUS_BUFFER { 03970 BOOLEAN NoEncryptedStreams; 03971 } DECRYPTION_STATUS_BUFFER, *PDECRYPTION_STATUS_BUFFER; 03972 03973 #define ENCRYPTION_FORMAT_DEFAULT (0x01) 03974 03975 #define COMPRESSION_FORMAT_SPARSE (0x4000) 03976 03977 typedef struct _REQUEST_RAW_ENCRYPTED_DATA { 03978 LONGLONG FileOffset; 03979 ULONG Length; 03980 } REQUEST_RAW_ENCRYPTED_DATA, *PREQUEST_RAW_ENCRYPTED_DATA; 03981 03982 typedef struct _ENCRYPTED_DATA_INFO { 03983 ULONGLONG StartingFileOffset; 03984 ULONG OutputBufferOffset; 03985 ULONG BytesWithinFileSize; 03986 ULONG BytesWithinValidDataLength; 03987 USHORT CompressionFormat; 03988 UCHAR DataUnitShift; 03989 UCHAR ChunkShift; 03990 UCHAR ClusterShift; 03991 UCHAR EncryptionFormat; 03992 USHORT NumberOfDataBlocks; 03993 ULONG DataBlockSize[ANYSIZE_ARRAY]; 03994 } ENCRYPTED_DATA_INFO, *PENCRYPTED_DATA_INFO; 03995 03996 typedef struct _PLEX_READ_DATA_REQUEST { 03997 LARGE_INTEGER ByteOffset; 03998 ULONG ByteLength; 03999 ULONG PlexNumber; 04000 } PLEX_READ_DATA_REQUEST, *PPLEX_READ_DATA_REQUEST; 04001 04002 typedef struct _SI_COPYFILE { 04003 ULONG SourceFileNameLength; 04004 ULONG DestinationFileNameLength; 04005 ULONG Flags; 04006 WCHAR FileNameBuffer[1]; 04007 } SI_COPYFILE, *PSI_COPYFILE; 04008 04009 #define COPYFILE_SIS_LINK 0x0001 04010 #define COPYFILE_SIS_REPLACE 0x0002 04011 #define COPYFILE_SIS_FLAGS 0x0003 04012 04013 #endif /* (_WIN32_WINNT >= 0x0500) */ 04014 04015 #if (_WIN32_WINNT >= 0x0600) 04016 04017 typedef struct _FILE_MAKE_COMPATIBLE_BUFFER { 04018 BOOLEAN CloseDisc; 04019 } FILE_MAKE_COMPATIBLE_BUFFER, *PFILE_MAKE_COMPATIBLE_BUFFER; 04020 04021 typedef struct _FILE_SET_DEFECT_MGMT_BUFFER { 04022 BOOLEAN Disable; 04023 } FILE_SET_DEFECT_MGMT_BUFFER, *PFILE_SET_DEFECT_MGMT_BUFFER; 04024 04025 typedef struct _FILE_QUERY_SPARING_BUFFER { 04026 ULONG SparingUnitBytes; 04027 BOOLEAN SoftwareSparing; 04028 ULONG TotalSpareBlocks; 04029 ULONG FreeSpareBlocks; 04030 } FILE_QUERY_SPARING_BUFFER, *PFILE_QUERY_SPARING_BUFFER; 04031 04032 typedef struct _FILE_QUERY_ON_DISK_VOL_INFO_BUFFER { 04033 LARGE_INTEGER DirectoryCount; 04034 LARGE_INTEGER FileCount; 04035 USHORT FsFormatMajVersion; 04036 USHORT FsFormatMinVersion; 04037 WCHAR FsFormatName[12]; 04038 LARGE_INTEGER FormatTime; 04039 LARGE_INTEGER LastUpdateTime; 04040 WCHAR CopyrightInfo[34]; 04041 WCHAR AbstractInfo[34]; 04042 WCHAR FormattingImplementationInfo[34]; 04043 WCHAR LastModifyingImplementationInfo[34]; 04044 } FILE_QUERY_ON_DISK_VOL_INFO_BUFFER, *PFILE_QUERY_ON_DISK_VOL_INFO_BUFFER; 04045 04046 #define SET_REPAIR_ENABLED (0x00000001) 04047 #define SET_REPAIR_VOLUME_BITMAP_SCAN (0x00000002) 04048 #define SET_REPAIR_DELETE_CROSSLINK (0x00000004) 04049 #define SET_REPAIR_WARN_ABOUT_DATA_LOSS (0x00000008) 04050 #define SET_REPAIR_DISABLED_AND_BUGCHECK_ON_CORRUPT (0x00000010) 04051 #define SET_REPAIR_VALID_MASK (0x0000001F) 04052 04053 typedef enum _SHRINK_VOLUME_REQUEST_TYPES { 04054 ShrinkPrepare = 1, 04055 ShrinkCommit, 04056 ShrinkAbort 04057 } SHRINK_VOLUME_REQUEST_TYPES, *PSHRINK_VOLUME_REQUEST_TYPES; 04058 04059 typedef struct _SHRINK_VOLUME_INFORMATION { 04060 SHRINK_VOLUME_REQUEST_TYPES ShrinkRequestType; 04061 ULONGLONG Flags; 04062 LONGLONG NewNumberOfSectors; 04063 } SHRINK_VOLUME_INFORMATION, *PSHRINK_VOLUME_INFORMATION; 04064 04065 #define TXFS_RM_FLAG_LOGGING_MODE 0x00000001 04066 #define TXFS_RM_FLAG_RENAME_RM 0x00000002 04067 #define TXFS_RM_FLAG_LOG_CONTAINER_COUNT_MAX 0x00000004 04068 #define TXFS_RM_FLAG_LOG_CONTAINER_COUNT_MIN 0x00000008 04069 #define TXFS_RM_FLAG_LOG_GROWTH_INCREMENT_NUM_CONTAINERS 0x00000010 04070 #define TXFS_RM_FLAG_LOG_GROWTH_INCREMENT_PERCENT 0x00000020 04071 #define TXFS_RM_FLAG_LOG_AUTO_SHRINK_PERCENTAGE 0x00000040 04072 #define TXFS_RM_FLAG_LOG_NO_CONTAINER_COUNT_MAX 0x00000080 04073 #define TXFS_RM_FLAG_LOG_NO_CONTAINER_COUNT_MIN 0x00000100 04074 #define TXFS_RM_FLAG_GROW_LOG 0x00000400 04075 #define TXFS_RM_FLAG_SHRINK_LOG 0x00000800 04076 #define TXFS_RM_FLAG_ENFORCE_MINIMUM_SIZE 0x00001000 04077 #define TXFS_RM_FLAG_PRESERVE_CHANGES 0x00002000 04078 #define TXFS_RM_FLAG_RESET_RM_AT_NEXT_START 0x00004000 04079 #define TXFS_RM_FLAG_DO_NOT_RESET_RM_AT_NEXT_START 0x00008000 04080 #define TXFS_RM_FLAG_PREFER_CONSISTENCY 0x00010000 04081 #define TXFS_RM_FLAG_PREFER_AVAILABILITY 0x00020000 04082 04083 #define TXFS_LOGGING_MODE_SIMPLE (0x0001) 04084 #define TXFS_LOGGING_MODE_FULL (0x0002) 04085 04086 #define TXFS_TRANSACTION_STATE_NONE 0x00 04087 #define TXFS_TRANSACTION_STATE_ACTIVE 0x01 04088 #define TXFS_TRANSACTION_STATE_PREPARED 0x02 04089 #define TXFS_TRANSACTION_STATE_NOTACTIVE 0x03 04090 04091 #define TXFS_MODIFY_RM_VALID_FLAGS (TXFS_RM_FLAG_LOGGING_MODE | \ 04092 TXFS_RM_FLAG_RENAME_RM | \ 04093 TXFS_RM_FLAG_LOG_CONTAINER_COUNT_MAX | \ 04094 TXFS_RM_FLAG_LOG_CONTAINER_COUNT_MIN | \ 04095 TXFS_RM_FLAG_LOG_GROWTH_INCREMENT_NUM_CONTAINERS | \ 04096 TXFS_RM_FLAG_LOG_GROWTH_INCREMENT_PERCENT | \ 04097 TXFS_RM_FLAG_LOG_AUTO_SHRINK_PERCENTAGE | \ 04098 TXFS_RM_FLAG_LOG_NO_CONTAINER_COUNT_MAX | \ 04099 TXFS_RM_FLAG_LOG_NO_CONTAINER_COUNT_MIN | \ 04100 TXFS_RM_FLAG_SHRINK_LOG | \ 04101 TXFS_RM_FLAG_GROW_LOG | \ 04102 TXFS_RM_FLAG_ENFORCE_MINIMUM_SIZE | \ 04103 TXFS_RM_FLAG_PRESERVE_CHANGES | \ 04104 TXFS_RM_FLAG_RESET_RM_AT_NEXT_START | \ 04105 TXFS_RM_FLAG_DO_NOT_RESET_RM_AT_NEXT_START | \ 04106 TXFS_RM_FLAG_PREFER_CONSISTENCY | \ 04107 TXFS_RM_FLAG_PREFER_AVAILABILITY) 04108 04109 typedef struct _TXFS_MODIFY_RM { 04110 ULONG Flags; 04111 ULONG LogContainerCountMax; 04112 ULONG LogContainerCountMin; 04113 ULONG LogContainerCount; 04114 ULONG LogGrowthIncrement; 04115 ULONG LogAutoShrinkPercentage; 04116 ULONGLONG Reserved; 04117 USHORT LoggingMode; 04118 } TXFS_MODIFY_RM, *PTXFS_MODIFY_RM; 04119 04120 #define TXFS_RM_STATE_NOT_STARTED 0 04121 #define TXFS_RM_STATE_STARTING 1 04122 #define TXFS_RM_STATE_ACTIVE 2 04123 #define TXFS_RM_STATE_SHUTTING_DOWN 3 04124 04125 #define TXFS_QUERY_RM_INFORMATION_VALID_FLAGS \ 04126 (TXFS_RM_FLAG_LOG_GROWTH_INCREMENT_NUM_CONTAINERS | \ 04127 TXFS_RM_FLAG_LOG_GROWTH_INCREMENT_PERCENT | \ 04128 TXFS_RM_FLAG_LOG_NO_CONTAINER_COUNT_MAX | \ 04129 TXFS_RM_FLAG_LOG_NO_CONTAINER_COUNT_MIN | \ 04130 TXFS_RM_FLAG_RESET_RM_AT_NEXT_START | \ 04131 TXFS_RM_FLAG_DO_NOT_RESET_RM_AT_NEXT_START | \ 04132 TXFS_RM_FLAG_PREFER_CONSISTENCY | \ 04133 TXFS_RM_FLAG_PREFER_AVAILABILITY) 04134 04135 typedef struct _TXFS_QUERY_RM_INFORMATION { 04136 ULONG BytesRequired; 04137 ULONGLONG TailLsn; 04138 ULONGLONG CurrentLsn; 04139 ULONGLONG ArchiveTailLsn; 04140 ULONGLONG LogContainerSize; 04141 LARGE_INTEGER HighestVirtualClock; 04142 ULONG LogContainerCount; 04143 ULONG LogContainerCountMax; 04144 ULONG LogContainerCountMin; 04145 ULONG LogGrowthIncrement; 04146 ULONG LogAutoShrinkPercentage; 04147 ULONG Flags; 04148 USHORT LoggingMode; 04149 USHORT Reserved; 04150 ULONG RmState; 04151 ULONGLONG LogCapacity; 04152 ULONGLONG LogFree; 04153 ULONGLONG TopsSize; 04154 ULONGLONG TopsUsed; 04155 ULONGLONG TransactionCount; 04156 ULONGLONG OnePCCount; 04157 ULONGLONG TwoPCCount; 04158 ULONGLONG NumberLogFileFull; 04159 ULONGLONG OldestTransactionAge; 04160 GUID RMName; 04161 ULONG TmLogPathOffset; 04162 } TXFS_QUERY_RM_INFORMATION, *PTXFS_QUERY_RM_INFORMATION; 04163 04164 #define TXFS_ROLLFORWARD_REDO_FLAG_USE_LAST_REDO_LSN 0x01 04165 #define TXFS_ROLLFORWARD_REDO_FLAG_USE_LAST_VIRTUAL_CLOCK 0x02 04166 04167 #define TXFS_ROLLFORWARD_REDO_VALID_FLAGS \ 04168 (TXFS_ROLLFORWARD_REDO_FLAG_USE_LAST_REDO_LSN | \ 04169 TXFS_ROLLFORWARD_REDO_FLAG_USE_LAST_VIRTUAL_CLOCK) 04170 04171 typedef struct _TXFS_ROLLFORWARD_REDO_INFORMATION { 04172 LARGE_INTEGER LastVirtualClock; 04173 ULONGLONG LastRedoLsn; 04174 ULONGLONG HighestRecoveryLsn; 04175 ULONG Flags; 04176 } TXFS_ROLLFORWARD_REDO_INFORMATION, *PTXFS_ROLLFORWARD_REDO_INFORMATION; 04177 04178 #define TXFS_START_RM_FLAG_LOG_CONTAINER_COUNT_MAX 0x00000001 04179 #define TXFS_START_RM_FLAG_LOG_CONTAINER_COUNT_MIN 0x00000002 04180 #define TXFS_START_RM_FLAG_LOG_CONTAINER_SIZE 0x00000004 04181 #define TXFS_START_RM_FLAG_LOG_GROWTH_INCREMENT_NUM_CONTAINERS 0x00000008 04182 #define TXFS_START_RM_FLAG_LOG_GROWTH_INCREMENT_PERCENT 0x00000010 04183 #define TXFS_START_RM_FLAG_LOG_AUTO_SHRINK_PERCENTAGE 0x00000020 04184 #define TXFS_START_RM_FLAG_LOG_NO_CONTAINER_COUNT_MAX 0x00000040 04185 #define TXFS_START_RM_FLAG_LOG_NO_CONTAINER_COUNT_MIN 0x00000080 04186 04187 #define TXFS_START_RM_FLAG_RECOVER_BEST_EFFORT 0x00000200 04188 #define TXFS_START_RM_FLAG_LOGGING_MODE 0x00000400 04189 #define TXFS_START_RM_FLAG_PRESERVE_CHANGES 0x00000800 04190 04191 #define TXFS_START_RM_FLAG_PREFER_CONSISTENCY 0x00001000 04192 #define TXFS_START_RM_FLAG_PREFER_AVAILABILITY 0x00002000 04193 04194 #define TXFS_START_RM_VALID_FLAGS \ 04195 (TXFS_START_RM_FLAG_LOG_CONTAINER_COUNT_MAX | \ 04196 TXFS_START_RM_FLAG_LOG_CONTAINER_COUNT_MIN | \ 04197 TXFS_START_RM_FLAG_LOG_CONTAINER_SIZE | \ 04198 TXFS_START_RM_FLAG_LOG_GROWTH_INCREMENT_NUM_CONTAINERS | \ 04199 TXFS_START_RM_FLAG_LOG_GROWTH_INCREMENT_PERCENT | \ 04200 TXFS_START_RM_FLAG_LOG_AUTO_SHRINK_PERCENTAGE | \ 04201 TXFS_START_RM_FLAG_RECOVER_BEST_EFFORT | \ 04202 TXFS_START_RM_FLAG_LOG_NO_CONTAINER_COUNT_MAX | \ 04203 TXFS_START_RM_FLAG_LOGGING_MODE | \ 04204 TXFS_START_RM_FLAG_PRESERVE_CHANGES | \ 04205 TXFS_START_RM_FLAG_PREFER_CONSISTENCY | \ 04206 TXFS_START_RM_FLAG_PREFER_AVAILABILITY) 04207 04208 typedef struct _TXFS_START_RM_INFORMATION { 04209 ULONG Flags; 04210 ULONGLONG LogContainerSize; 04211 ULONG LogContainerCountMin; 04212 ULONG LogContainerCountMax; 04213 ULONG LogGrowthIncrement; 04214 ULONG LogAutoShrinkPercentage; 04215 ULONG TmLogPathOffset; 04216 USHORT TmLogPathLength; 04217 USHORT LoggingMode; 04218 USHORT LogPathLength; 04219 USHORT Reserved; 04220 WCHAR LogPath[1]; 04221 } TXFS_START_RM_INFORMATION, *PTXFS_START_RM_INFORMATION; 04222 04223 typedef struct _TXFS_GET_METADATA_INFO_OUT { 04224 struct { 04225 LONGLONG LowPart; 04226 LONGLONG HighPart; 04227 } TxfFileId; 04228 GUID LockingTransaction; 04229 ULONGLONG LastLsn; 04230 ULONG TransactionState; 04231 } TXFS_GET_METADATA_INFO_OUT, *PTXFS_GET_METADATA_INFO_OUT; 04232 04233 #define TXFS_LIST_TRANSACTION_LOCKED_FILES_ENTRY_FLAG_CREATED 0x00000001 04234 #define TXFS_LIST_TRANSACTION_LOCKED_FILES_ENTRY_FLAG_DELETED 0x00000002 04235 04236 typedef struct _TXFS_LIST_TRANSACTION_LOCKED_FILES_ENTRY { 04237 ULONGLONG Offset; 04238 ULONG NameFlags; 04239 LONGLONG FileId; 04240 ULONG Reserved1; 04241 ULONG Reserved2; 04242 LONGLONG Reserved3; 04243 WCHAR FileName[1]; 04244 } TXFS_LIST_TRANSACTION_LOCKED_FILES_ENTRY, *PTXFS_LIST_TRANSACTION_LOCKED_FILES_ENTRY; 04245 04246 typedef struct _TXFS_LIST_TRANSACTION_LOCKED_FILES { 04247 GUID KtmTransaction; 04248 ULONGLONG NumberOfFiles; 04249 ULONGLONG BufferSizeRequired; 04250 ULONGLONG Offset; 04251 } TXFS_LIST_TRANSACTION_LOCKED_FILES, *PTXFS_LIST_TRANSACTION_LOCKED_FILES; 04252 04253 typedef struct _TXFS_LIST_TRANSACTIONS_ENTRY { 04254 GUID TransactionId; 04255 ULONG TransactionState; 04256 ULONG Reserved1; 04257 ULONG Reserved2; 04258 LONGLONG Reserved3; 04259 } TXFS_LIST_TRANSACTIONS_ENTRY, *PTXFS_LIST_TRANSACTIONS_ENTRY; 04260 04261 typedef struct _TXFS_LIST_TRANSACTIONS { 04262 ULONGLONG NumberOfTransactions; 04263 ULONGLONG BufferSizeRequired; 04264 } TXFS_LIST_TRANSACTIONS, *PTXFS_LIST_TRANSACTIONS; 04265 04266 typedef struct _TXFS_READ_BACKUP_INFORMATION_OUT { 04267 _ANONYMOUS_UNION union { 04268 ULONG BufferLength; 04269 UCHAR Buffer[1]; 04270 } DUMMYUNIONNAME; 04271 } TXFS_READ_BACKUP_INFORMATION_OUT, *PTXFS_READ_BACKUP_INFORMATION_OUT; 04272 04273 typedef struct _TXFS_WRITE_BACKUP_INFORMATION { 04274 UCHAR Buffer[1]; 04275 } TXFS_WRITE_BACKUP_INFORMATION, *PTXFS_WRITE_BACKUP_INFORMATION; 04276 04277 #define TXFS_TRANSACTED_VERSION_NONTRANSACTED 0xFFFFFFFE 04278 #define TXFS_TRANSACTED_VERSION_UNCOMMITTED 0xFFFFFFFF 04279 04280 typedef struct _TXFS_GET_TRANSACTED_VERSION { 04281 ULONG ThisBaseVersion; 04282 ULONG LatestVersion; 04283 USHORT ThisMiniVersion; 04284 USHORT FirstMiniVersion; 04285 USHORT LatestMiniVersion; 04286 } TXFS_GET_TRANSACTED_VERSION, *PTXFS_GET_TRANSACTED_VERSION; 04287 04288 #define TXFS_SAVEPOINT_SET 0x00000001 04289 #define TXFS_SAVEPOINT_ROLLBACK 0x00000002 04290 #define TXFS_SAVEPOINT_CLEAR 0x00000004 04291 #define TXFS_SAVEPOINT_CLEAR_ALL 0x00000010 04292 04293 typedef struct _TXFS_SAVEPOINT_INFORMATION { 04294 HANDLE KtmTransaction; 04295 ULONG ActionCode; 04296 ULONG SavepointId; 04297 } TXFS_SAVEPOINT_INFORMATION, *PTXFS_SAVEPOINT_INFORMATION; 04298 04299 typedef struct _TXFS_CREATE_MINIVERSION_INFO { 04300 USHORT StructureVersion; 04301 USHORT StructureLength; 04302 ULONG BaseVersion; 04303 USHORT MiniVersion; 04304 } TXFS_CREATE_MINIVERSION_INFO, *PTXFS_CREATE_MINIVERSION_INFO; 04305 04306 typedef struct _TXFS_TRANSACTION_ACTIVE_INFO { 04307 BOOLEAN TransactionsActiveAtSnapshot; 04308 } TXFS_TRANSACTION_ACTIVE_INFO, *PTXFS_TRANSACTION_ACTIVE_INFO; 04309 04310 #endif /* (_WIN32_WINNT >= 0x0600) */ 04311 04312 #if (_WIN32_WINNT >= 0x0601) 04313 04314 #define MARK_HANDLE_REALTIME (0x00000020) 04315 #define MARK_HANDLE_NOT_REALTIME (0x00000040) 04316 04317 #define NO_8DOT3_NAME_PRESENT (0x00000001) 04318 #define REMOVED_8DOT3_NAME (0x00000002) 04319 04320 #define PERSISTENT_VOLUME_STATE_SHORT_NAME_CREATION_DISABLED (0x00000001) 04321 04322 typedef struct _BOOT_AREA_INFO { 04323 ULONG BootSectorCount; 04324 struct { 04325 LARGE_INTEGER Offset; 04326 } BootSectors[2]; 04327 } BOOT_AREA_INFO, *PBOOT_AREA_INFO; 04328 04329 typedef struct _RETRIEVAL_POINTER_BASE { 04330 LARGE_INTEGER FileAreaOffset; 04331 } RETRIEVAL_POINTER_BASE, *PRETRIEVAL_POINTER_BASE; 04332 04333 typedef struct _FILE_FS_PERSISTENT_VOLUME_INFORMATION { 04334 ULONG VolumeFlags; 04335 ULONG FlagMask; 04336 ULONG Version; 04337 ULONG Reserved; 04338 } FILE_FS_PERSISTENT_VOLUME_INFORMATION, *PFILE_FS_PERSISTENT_VOLUME_INFORMATION; 04339 04340 typedef struct _FILE_SYSTEM_RECOGNITION_INFORMATION { 04341 CHAR FileSystem[9]; 04342 } FILE_SYSTEM_RECOGNITION_INFORMATION, *PFILE_SYSTEM_RECOGNITION_INFORMATION; 04343 04344 #define OPLOCK_LEVEL_CACHE_READ (0x00000001) 04345 #define OPLOCK_LEVEL_CACHE_HANDLE (0x00000002) 04346 #define OPLOCK_LEVEL_CACHE_WRITE (0x00000004) 04347 04348 #define REQUEST_OPLOCK_INPUT_FLAG_REQUEST (0x00000001) 04349 #define REQUEST_OPLOCK_INPUT_FLAG_ACK (0x00000002) 04350 #define REQUEST_OPLOCK_INPUT_FLAG_COMPLETE_ACK_ON_CLOSE (0x00000004) 04351 04352 #define REQUEST_OPLOCK_CURRENT_VERSION 1 04353 04354 typedef struct _REQUEST_OPLOCK_INPUT_BUFFER { 04355 USHORT StructureVersion; 04356 USHORT StructureLength; 04357 ULONG RequestedOplockLevel; 04358 ULONG Flags; 04359 } REQUEST_OPLOCK_INPUT_BUFFER, *PREQUEST_OPLOCK_INPUT_BUFFER; 04360 04361 #define REQUEST_OPLOCK_OUTPUT_FLAG_ACK_REQUIRED (0x00000001) 04362 #define REQUEST_OPLOCK_OUTPUT_FLAG_MODES_PROVIDED (0x00000002) 04363 04364 typedef struct _REQUEST_OPLOCK_OUTPUT_BUFFER { 04365 USHORT StructureVersion; 04366 USHORT StructureLength; 04367 ULONG OriginalOplockLevel; 04368 ULONG NewOplockLevel; 04369 ULONG Flags; 04370 ACCESS_MASK AccessMode; 04371 USHORT ShareMode; 04372 } REQUEST_OPLOCK_OUTPUT_BUFFER, *PREQUEST_OPLOCK_OUTPUT_BUFFER; 04373 04374 #define SD_GLOBAL_CHANGE_TYPE_MACHINE_SID 1 04375 04376 typedef struct _SD_CHANGE_MACHINE_SID_INPUT { 04377 USHORT CurrentMachineSIDOffset; 04378 USHORT CurrentMachineSIDLength; 04379 USHORT NewMachineSIDOffset; 04380 USHORT NewMachineSIDLength; 04381 } SD_CHANGE_MACHINE_SID_INPUT, *PSD_CHANGE_MACHINE_SID_INPUT; 04382 04383 typedef struct _SD_CHANGE_MACHINE_SID_OUTPUT { 04384 ULONGLONG NumSDChangedSuccess; 04385 ULONGLONG NumSDChangedFail; 04386 ULONGLONG NumSDUnused; 04387 ULONGLONG NumSDTotal; 04388 ULONGLONG NumMftSDChangedSuccess; 04389 ULONGLONG NumMftSDChangedFail; 04390 ULONGLONG NumMftSDTotal; 04391 } SD_CHANGE_MACHINE_SID_OUTPUT, *PSD_CHANGE_MACHINE_SID_OUTPUT; 04392 04393 typedef struct _SD_GLOBAL_CHANGE_INPUT { 04394 ULONG Flags; 04395 ULONG ChangeType; 04396 _ANONYMOUS_UNION union { 04397 SD_CHANGE_MACHINE_SID_INPUT SdChange; 04398 } DUMMYUNIONNAME; 04399 } SD_GLOBAL_CHANGE_INPUT, *PSD_GLOBAL_CHANGE_INPUT; 04400 04401 typedef struct _SD_GLOBAL_CHANGE_OUTPUT { 04402 ULONG Flags; 04403 ULONG ChangeType; 04404 _ANONYMOUS_UNION union { 04405 SD_CHANGE_MACHINE_SID_OUTPUT SdChange; 04406 } DUMMYUNIONNAME; 04407 } SD_GLOBAL_CHANGE_OUTPUT, *PSD_GLOBAL_CHANGE_OUTPUT; 04408 04409 #define ENCRYPTED_DATA_INFO_SPARSE_FILE 1 04410 04411 typedef struct _EXTENDED_ENCRYPTED_DATA_INFO { 04412 ULONG ExtendedCode; 04413 ULONG Length; 04414 ULONG Flags; 04415 ULONG Reserved; 04416 } EXTENDED_ENCRYPTED_DATA_INFO, *PEXTENDED_ENCRYPTED_DATA_INFO; 04417 04418 typedef struct _LOOKUP_STREAM_FROM_CLUSTER_INPUT { 04419 ULONG Flags; 04420 ULONG NumberOfClusters; 04421 LARGE_INTEGER Cluster[1]; 04422 } LOOKUP_STREAM_FROM_CLUSTER_INPUT, *PLOOKUP_STREAM_FROM_CLUSTER_INPUT; 04423 04424 typedef struct _LOOKUP_STREAM_FROM_CLUSTER_OUTPUT { 04425 ULONG Offset; 04426 ULONG NumberOfMatches; 04427 ULONG BufferSizeRequired; 04428 } LOOKUP_STREAM_FROM_CLUSTER_OUTPUT, *PLOOKUP_STREAM_FROM_CLUSTER_OUTPUT; 04429 04430 #define LOOKUP_STREAM_FROM_CLUSTER_ENTRY_FLAG_PAGE_FILE 0x00000001 04431 #define LOOKUP_STREAM_FROM_CLUSTER_ENTRY_FLAG_DENY_DEFRAG_SET 0x00000002 04432 #define LOOKUP_STREAM_FROM_CLUSTER_ENTRY_FLAG_FS_SYSTEM_FILE 0x00000004 04433 #define LOOKUP_STREAM_FROM_CLUSTER_ENTRY_FLAG_TXF_SYSTEM_FILE 0x00000008 04434 04435 #define LOOKUP_STREAM_FROM_CLUSTER_ENTRY_ATTRIBUTE_MASK 0xff000000 04436 #define LOOKUP_STREAM_FROM_CLUSTER_ENTRY_ATTRIBUTE_DATA 0x01000000 04437 #define LOOKUP_STREAM_FROM_CLUSTER_ENTRY_ATTRIBUTE_INDEX 0x02000000 04438 #define LOOKUP_STREAM_FROM_CLUSTER_ENTRY_ATTRIBUTE_SYSTEM 0x03000000 04439 04440 typedef struct _LOOKUP_STREAM_FROM_CLUSTER_ENTRY { 04441 ULONG OffsetToNext; 04442 ULONG Flags; 04443 LARGE_INTEGER Reserved; 04444 LARGE_INTEGER Cluster; 04445 WCHAR FileName[1]; 04446 } LOOKUP_STREAM_FROM_CLUSTER_ENTRY, *PLOOKUP_STREAM_FROM_CLUSTER_ENTRY; 04447 04448 typedef struct _FILE_TYPE_NOTIFICATION_INPUT { 04449 ULONG Flags; 04450 ULONG NumFileTypeIDs; 04451 GUID FileTypeID[1]; 04452 } FILE_TYPE_NOTIFICATION_INPUT, *PFILE_TYPE_NOTIFICATION_INPUT; 04453 04454 #define FILE_TYPE_NOTIFICATION_FLAG_USAGE_BEGIN 0x00000001 04455 #define FILE_TYPE_NOTIFICATION_FLAG_USAGE_END 0x00000002 04456 04457 DEFINE_GUID(FILE_TYPE_NOTIFICATION_GUID_PAGE_FILE, 0x0d0a64a1, 0x38fc, 0x4db8, 0x9f, 0xe7, 0x3f, 0x43, 0x52, 0xcd, 0x7c, 0x5c); 04458 DEFINE_GUID(FILE_TYPE_NOTIFICATION_GUID_HIBERNATION_FILE, 0xb7624d64, 0xb9a3, 0x4cf8, 0x80, 0x11, 0x5b, 0x86, 0xc9, 0x40, 0xe7, 0xb7); 04459 DEFINE_GUID(FILE_TYPE_NOTIFICATION_GUID_CRASHDUMP_FILE, 0x9d453eb7, 0xd2a6, 0x4dbd, 0xa2, 0xe3, 0xfb, 0xd0, 0xed, 0x91, 0x09, 0xa9); 04460 04461 #ifndef _VIRTUAL_STORAGE_TYPE_DEFINED 04462 #define _VIRTUAL_STORAGE_TYPE_DEFINED 04463 typedef struct _VIRTUAL_STORAGE_TYPE { 04464 ULONG DeviceId; 04465 GUID VendorId; 04466 } VIRTUAL_STORAGE_TYPE, *PVIRTUAL_STORAGE_TYPE; 04467 #endif 04468 04469 typedef struct _STORAGE_QUERY_DEPENDENT_VOLUME_REQUEST { 04470 ULONG RequestLevel; 04471 ULONG RequestFlags; 04472 } STORAGE_QUERY_DEPENDENT_VOLUME_REQUEST, *PSTORAGE_QUERY_DEPENDENT_VOLUME_REQUEST; 04473 04474 #define QUERY_DEPENDENT_VOLUME_REQUEST_FLAG_HOST_VOLUMES 0x1 04475 #define QUERY_DEPENDENT_VOLUME_REQUEST_FLAG_GUEST_VOLUMES 0x2 04476 04477 typedef struct _STORAGE_QUERY_DEPENDENT_VOLUME_LEV1_ENTRY { 04478 ULONG EntryLength; 04479 ULONG DependencyTypeFlags; 04480 ULONG ProviderSpecificFlags; 04481 VIRTUAL_STORAGE_TYPE VirtualStorageType; 04482 } STORAGE_QUERY_DEPENDENT_VOLUME_LEV1_ENTRY, *PSTORAGE_QUERY_DEPENDENT_VOLUME_LEV1_ENTRY; 04483 04484 typedef struct _STORAGE_QUERY_DEPENDENT_VOLUME_LEV2_ENTRY { 04485 ULONG EntryLength; 04486 ULONG DependencyTypeFlags; 04487 ULONG ProviderSpecificFlags; 04488 VIRTUAL_STORAGE_TYPE VirtualStorageType; 04489 ULONG AncestorLevel; 04490 ULONG HostVolumeNameOffset; 04491 ULONG HostVolumeNameSize; 04492 ULONG DependentVolumeNameOffset; 04493 ULONG DependentVolumeNameSize; 04494 ULONG RelativePathOffset; 04495 ULONG RelativePathSize; 04496 ULONG DependentDeviceNameOffset; 04497 ULONG DependentDeviceNameSize; 04498 } STORAGE_QUERY_DEPENDENT_VOLUME_LEV2_ENTRY, *PSTORAGE_QUERY_DEPENDENT_VOLUME_LEV2_ENTRY; 04499 04500 typedef struct _STORAGE_QUERY_DEPENDENT_VOLUME_RESPONSE { 04501 ULONG ResponseLevel; 04502 ULONG NumberEntries; 04503 _ANONYMOUS_UNION union { 04504 STORAGE_QUERY_DEPENDENT_VOLUME_LEV1_ENTRY Lev1Depends[0]; 04505 STORAGE_QUERY_DEPENDENT_VOLUME_LEV2_ENTRY Lev2Depends[0]; 04506 } DUMMYUNIONNAME; 04507 } STORAGE_QUERY_DEPENDENT_VOLUME_RESPONSE, *PSTORAGE_QUERY_DEPENDENT_VOLUME_RESPONSE; 04508 04509 #endif /* (_WIN32_WINNT >= 0x0601) */ 04510 04511 typedef struct _FILESYSTEM_STATISTICS { 04512 USHORT FileSystemType; 04513 USHORT Version; 04514 ULONG SizeOfCompleteStructure; 04515 ULONG UserFileReads; 04516 ULONG UserFileReadBytes; 04517 ULONG UserDiskReads; 04518 ULONG UserFileWrites; 04519 ULONG UserFileWriteBytes; 04520 ULONG UserDiskWrites; 04521 ULONG MetaDataReads; 04522 ULONG MetaDataReadBytes; 04523 ULONG MetaDataDiskReads; 04524 ULONG MetaDataWrites; 04525 ULONG MetaDataWriteBytes; 04526 ULONG MetaDataDiskWrites; 04527 } FILESYSTEM_STATISTICS, *PFILESYSTEM_STATISTICS; 04528 04529 #define FILESYSTEM_STATISTICS_TYPE_NTFS 1 04530 #define FILESYSTEM_STATISTICS_TYPE_FAT 2 04531 #define FILESYSTEM_STATISTICS_TYPE_EXFAT 3 04532 04533 typedef struct _FAT_STATISTICS { 04534 ULONG CreateHits; 04535 ULONG SuccessfulCreates; 04536 ULONG FailedCreates; 04537 ULONG NonCachedReads; 04538 ULONG NonCachedReadBytes; 04539 ULONG NonCachedWrites; 04540 ULONG NonCachedWriteBytes; 04541 ULONG NonCachedDiskReads; 04542 ULONG NonCachedDiskWrites; 04543 } FAT_STATISTICS, *PFAT_STATISTICS; 04544 04545 typedef struct _EXFAT_STATISTICS { 04546 ULONG CreateHits; 04547 ULONG SuccessfulCreates; 04548 ULONG FailedCreates; 04549 ULONG NonCachedReads; 04550 ULONG NonCachedReadBytes; 04551 ULONG NonCachedWrites; 04552 ULONG NonCachedWriteBytes; 04553 ULONG NonCachedDiskReads; 04554 ULONG NonCachedDiskWrites; 04555 } EXFAT_STATISTICS, *PEXFAT_STATISTICS; 04556 04557 typedef struct _NTFS_STATISTICS { 04558 ULONG LogFileFullExceptions; 04559 ULONG OtherExceptions; 04560 ULONG MftReads; 04561 ULONG MftReadBytes; 04562 ULONG MftWrites; 04563 ULONG MftWriteBytes; 04564 struct { 04565 USHORT Write; 04566 USHORT Create; 04567 USHORT SetInfo; 04568 USHORT Flush; 04569 } MftWritesUserLevel; 04570 USHORT MftWritesFlushForLogFileFull; 04571 USHORT MftWritesLazyWriter; 04572 USHORT MftWritesUserRequest; 04573 ULONG Mft2Writes; 04574 ULONG Mft2WriteBytes; 04575 struct { 04576 USHORT Write; 04577 USHORT Create; 04578 USHORT SetInfo; 04579 USHORT Flush; 04580 } Mft2WritesUserLevel; 04581 USHORT Mft2WritesFlushForLogFileFull; 04582 USHORT Mft2WritesLazyWriter; 04583 USHORT Mft2WritesUserRequest; 04584 ULONG RootIndexReads; 04585 ULONG RootIndexReadBytes; 04586 ULONG RootIndexWrites; 04587 ULONG RootIndexWriteBytes; 04588 ULONG BitmapReads; 04589 ULONG BitmapReadBytes; 04590 ULONG BitmapWrites; 04591 ULONG BitmapWriteBytes; 04592 USHORT BitmapWritesFlushForLogFileFull; 04593 USHORT BitmapWritesLazyWriter; 04594 USHORT BitmapWritesUserRequest; 04595 struct { 04596 USHORT Write; 04597 USHORT Create; 04598 USHORT SetInfo; 04599 } BitmapWritesUserLevel; 04600 ULONG MftBitmapReads; 04601 ULONG MftBitmapReadBytes; 04602 ULONG MftBitmapWrites; 04603 ULONG MftBitmapWriteBytes; 04604 USHORT MftBitmapWritesFlushForLogFileFull; 04605 USHORT MftBitmapWritesLazyWriter; 04606 USHORT MftBitmapWritesUserRequest; 04607 struct { 04608 USHORT Write; 04609 USHORT Create; 04610 USHORT SetInfo; 04611 USHORT Flush; 04612 } MftBitmapWritesUserLevel; 04613 ULONG UserIndexReads; 04614 ULONG UserIndexReadBytes; 04615 ULONG UserIndexWrites; 04616 ULONG UserIndexWriteBytes; 04617 ULONG LogFileReads; 04618 ULONG LogFileReadBytes; 04619 ULONG LogFileWrites; 04620 ULONG LogFileWriteBytes; 04621 struct { 04622 ULONG Calls; 04623 ULONG Clusters; 04624 ULONG Hints; 04625 ULONG RunsReturned; 04626 ULONG HintsHonored; 04627 ULONG HintsClusters; 04628 ULONG Cache; 04629 ULONG CacheClusters; 04630 ULONG CacheMiss; 04631 ULONG CacheMissClusters; 04632 } Allocate; 04633 } NTFS_STATISTICS, *PNTFS_STATISTICS; 04634 04635 #endif /* _FILESYSTEMFSCTL_ */ 04636 04637 #define SYMLINK_FLAG_RELATIVE 1 04638 04639 typedef struct _REPARSE_DATA_BUFFER { 04640 ULONG ReparseTag; 04641 USHORT ReparseDataLength; 04642 USHORT Reserved; 04643 _ANONYMOUS_UNION union { 04644 struct { 04645 USHORT SubstituteNameOffset; 04646 USHORT SubstituteNameLength; 04647 USHORT PrintNameOffset; 04648 USHORT PrintNameLength; 04649 ULONG Flags; 04650 WCHAR PathBuffer[1]; 04651 } SymbolicLinkReparseBuffer; 04652 struct { 04653 USHORT SubstituteNameOffset; 04654 USHORT SubstituteNameLength; 04655 USHORT PrintNameOffset; 04656 USHORT PrintNameLength; 04657 WCHAR PathBuffer[1]; 04658 } MountPointReparseBuffer; 04659 struct { 04660 UCHAR DataBuffer[1]; 04661 } GenericReparseBuffer; 04662 } DUMMYUNIONNAME; 04663 } REPARSE_DATA_BUFFER, *PREPARSE_DATA_BUFFER; 04664 04665 #define REPARSE_DATA_BUFFER_HEADER_SIZE FIELD_OFFSET(REPARSE_DATA_BUFFER, GenericReparseBuffer) 04666 04667 typedef struct _REPARSE_GUID_DATA_BUFFER { 04668 ULONG ReparseTag; 04669 USHORT ReparseDataLength; 04670 USHORT Reserved; 04671 GUID ReparseGuid; 04672 struct { 04673 UCHAR DataBuffer[1]; 04674 } GenericReparseBuffer; 04675 } REPARSE_GUID_DATA_BUFFER, *PREPARSE_GUID_DATA_BUFFER; 04676 04677 #define REPARSE_GUID_DATA_BUFFER_HEADER_SIZE FIELD_OFFSET(REPARSE_GUID_DATA_BUFFER, GenericReparseBuffer) 04678 04679 #define MAXIMUM_REPARSE_DATA_BUFFER_SIZE ( 16 * 1024 ) 04680 04681 /* Reserved reparse tags */ 04682 #define IO_REPARSE_TAG_RESERVED_ZERO (0) 04683 #define IO_REPARSE_TAG_RESERVED_ONE (1) 04684 #define IO_REPARSE_TAG_RESERVED_RANGE IO_REPARSE_TAG_RESERVED_ONE 04685 04686 #define IsReparseTagMicrosoft(_tag) (((_tag) & 0x80000000)) 04687 #define IsReparseTagNameSurrogate(_tag) (((_tag) & 0x20000000)) 04688 04689 #define IO_REPARSE_TAG_VALID_VALUES (0xF000FFFF) 04690 04691 #define IsReparseTagValid(tag) ( \ 04692 !((tag) & ~IO_REPARSE_TAG_VALID_VALUES) && \ 04693 ((tag) > IO_REPARSE_TAG_RESERVED_RANGE) \ 04694 ) 04695 04696 /* MicroSoft reparse point tags */ 04697 #define IO_REPARSE_TAG_MOUNT_POINT (0xA0000003L) 04698 #define IO_REPARSE_TAG_HSM (0xC0000004L) 04699 #define IO_REPARSE_TAG_DRIVE_EXTENDER (0x80000005L) 04700 #define IO_REPARSE_TAG_HSM2 (0x80000006L) 04701 #define IO_REPARSE_TAG_SIS (0x80000007L) 04702 #define IO_REPARSE_TAG_WIM (0x80000008L) 04703 #define IO_REPARSE_TAG_CSV (0x80000009L) 04704 #define IO_REPARSE_TAG_DFS (0x8000000AL) 04705 #define IO_REPARSE_TAG_FILTER_MANAGER (0x8000000BL) 04706 #define IO_REPARSE_TAG_SYMLINK (0xA000000CL) 04707 #define IO_REPARSE_TAG_IIS_CACHE (0xA0000010L) 04708 #define IO_REPARSE_TAG_DFSR (0x80000012L) 04709 04710 #pragma pack(4) 04711 typedef struct _REPARSE_INDEX_KEY { 04712 ULONG FileReparseTag; 04713 LARGE_INTEGER FileId; 04714 } REPARSE_INDEX_KEY, *PREPARSE_INDEX_KEY; 04715 #pragma pack() 04716 04717 #define FSCTL_LMR_GET_LINK_TRACKING_INFORMATION CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM,58,METHOD_BUFFERED,FILE_ANY_ACCESS) 04718 #define FSCTL_LMR_SET_LINK_TRACKING_INFORMATION CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM,59,METHOD_BUFFERED,FILE_ANY_ACCESS) 04719 #define IOCTL_LMR_ARE_FILE_OBJECTS_ON_SAME_SERVER CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM,60,METHOD_BUFFERED,FILE_ANY_ACCESS) 04720 04721 #define FSCTL_PIPE_ASSIGN_EVENT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 0, METHOD_BUFFERED, FILE_ANY_ACCESS) 04722 #define FSCTL_PIPE_DISCONNECT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 1, METHOD_BUFFERED, FILE_ANY_ACCESS) 04723 #define FSCTL_PIPE_LISTEN CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2, METHOD_BUFFERED, FILE_ANY_ACCESS) 04724 #define FSCTL_PIPE_PEEK CTL_CODE(FILE_DEVICE_NAMED_PIPE, 3, METHOD_BUFFERED, FILE_READ_DATA) 04725 #define FSCTL_PIPE_QUERY_EVENT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 4, METHOD_BUFFERED, FILE_ANY_ACCESS) 04726 #define FSCTL_PIPE_TRANSCEIVE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 5, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA) 04727 #define FSCTL_PIPE_WAIT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 6, METHOD_BUFFERED, FILE_ANY_ACCESS) 04728 #define FSCTL_PIPE_IMPERSONATE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 7, METHOD_BUFFERED, FILE_ANY_ACCESS) 04729 #define FSCTL_PIPE_SET_CLIENT_PROCESS CTL_CODE(FILE_DEVICE_NAMED_PIPE, 8, METHOD_BUFFERED, FILE_ANY_ACCESS) 04730 #define FSCTL_PIPE_QUERY_CLIENT_PROCESS CTL_CODE(FILE_DEVICE_NAMED_PIPE, 9, METHOD_BUFFERED, FILE_ANY_ACCESS) 04731 #define FSCTL_PIPE_GET_PIPE_ATTRIBUTE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 10, METHOD_BUFFERED, FILE_ANY_ACCESS) 04732 #define FSCTL_PIPE_SET_PIPE_ATTRIBUTE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 11, METHOD_BUFFERED, FILE_ANY_ACCESS) 04733 #define FSCTL_PIPE_GET_CONNECTION_ATTRIBUTE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 12, METHOD_BUFFERED, FILE_ANY_ACCESS) 04734 #define FSCTL_PIPE_SET_CONNECTION_ATTRIBUTE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 13, METHOD_BUFFERED, FILE_ANY_ACCESS) 04735 #define FSCTL_PIPE_GET_HANDLE_ATTRIBUTE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 14, METHOD_BUFFERED, FILE_ANY_ACCESS) 04736 #define FSCTL_PIPE_SET_HANDLE_ATTRIBUTE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 15, METHOD_BUFFERED, FILE_ANY_ACCESS) 04737 #define FSCTL_PIPE_FLUSH CTL_CODE(FILE_DEVICE_NAMED_PIPE, 16, METHOD_BUFFERED, FILE_WRITE_DATA) 04738 04739 #define FSCTL_PIPE_INTERNAL_READ CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2045, METHOD_BUFFERED, FILE_READ_DATA) 04740 #define FSCTL_PIPE_INTERNAL_WRITE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2046, METHOD_BUFFERED, FILE_WRITE_DATA) 04741 #define FSCTL_PIPE_INTERNAL_TRANSCEIVE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2047, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA) 04742 #define FSCTL_PIPE_INTERNAL_READ_OVFLOW CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2048, METHOD_BUFFERED, FILE_READ_DATA) 04743 04744 #define FILE_PIPE_READ_DATA 0x00000000 04745 #define FILE_PIPE_WRITE_SPACE 0x00000001 04746 04747 typedef struct _FILE_PIPE_ASSIGN_EVENT_BUFFER { 04748 HANDLE EventHandle; 04749 ULONG KeyValue; 04750 } FILE_PIPE_ASSIGN_EVENT_BUFFER, *PFILE_PIPE_ASSIGN_EVENT_BUFFER; 04751 04752 typedef struct _FILE_PIPE_EVENT_BUFFER { 04753 ULONG NamedPipeState; 04754 ULONG EntryType; 04755 ULONG ByteCount; 04756 ULONG KeyValue; 04757 ULONG NumberRequests; 04758 } FILE_PIPE_EVENT_BUFFER, *PFILE_PIPE_EVENT_BUFFER; 04759 04760 typedef struct _FILE_PIPE_PEEK_BUFFER { 04761 ULONG NamedPipeState; 04762 ULONG ReadDataAvailable; 04763 ULONG NumberOfMessages; 04764 ULONG MessageLength; 04765 CHAR Data[1]; 04766 } FILE_PIPE_PEEK_BUFFER, *PFILE_PIPE_PEEK_BUFFER; 04767 04768 typedef struct _FILE_PIPE_WAIT_FOR_BUFFER { 04769 LARGE_INTEGER Timeout; 04770 ULONG NameLength; 04771 BOOLEAN TimeoutSpecified; 04772 WCHAR Name[1]; 04773 } FILE_PIPE_WAIT_FOR_BUFFER, *PFILE_PIPE_WAIT_FOR_BUFFER; 04774 04775 typedef struct _FILE_PIPE_CLIENT_PROCESS_BUFFER { 04776 #if !defined(BUILD_WOW6432) 04777 PVOID ClientSession; 04778 PVOID ClientProcess; 04779 #else 04780 ULONGLONG ClientSession; 04781 ULONGLONG ClientProcess; 04782 #endif 04783 } FILE_PIPE_CLIENT_PROCESS_BUFFER, *PFILE_PIPE_CLIENT_PROCESS_BUFFER; 04784 04785 #define FILE_PIPE_COMPUTER_NAME_LENGTH 15 04786 04787 typedef struct _FILE_PIPE_CLIENT_PROCESS_BUFFER_EX { 04788 #if !defined(BUILD_WOW6432) 04789 PVOID ClientSession; 04790 PVOID ClientProcess; 04791 #else 04792 ULONGLONG ClientSession; 04793 ULONGLONG ClientProcess; 04794 #endif 04795 USHORT ClientComputerNameLength; 04796 WCHAR ClientComputerBuffer[FILE_PIPE_COMPUTER_NAME_LENGTH+1]; 04797 } FILE_PIPE_CLIENT_PROCESS_BUFFER_EX, *PFILE_PIPE_CLIENT_PROCESS_BUFFER_EX; 04798 04799 #define FSCTL_MAILSLOT_PEEK CTL_CODE(FILE_DEVICE_MAILSLOT, 0, METHOD_NEITHER, FILE_READ_DATA) 04800 04801 typedef enum _LINK_TRACKING_INFORMATION_TYPE { 04802 NtfsLinkTrackingInformation, 04803 DfsLinkTrackingInformation 04804 } LINK_TRACKING_INFORMATION_TYPE, *PLINK_TRACKING_INFORMATION_TYPE; 04805 04806 typedef struct _LINK_TRACKING_INFORMATION { 04807 LINK_TRACKING_INFORMATION_TYPE Type; 04808 UCHAR VolumeId[16]; 04809 } LINK_TRACKING_INFORMATION, *PLINK_TRACKING_INFORMATION; 04810 04811 typedef struct _REMOTE_LINK_TRACKING_INFORMATION { 04812 PVOID TargetFileObject; 04813 ULONG TargetLinkTrackingInformationLength; 04814 UCHAR TargetLinkTrackingInformationBuffer[1]; 04815 } REMOTE_LINK_TRACKING_INFORMATION, *PREMOTE_LINK_TRACKING_INFORMATION; 04816 04817 #define IO_OPEN_PAGING_FILE 0x0002 04818 #define IO_OPEN_TARGET_DIRECTORY 0x0004 04819 #define IO_STOP_ON_SYMLINK 0x0008 04820 #define IO_MM_PAGING_FILE 0x0010 04821 04822 typedef VOID 04823 (NTAPI *PDRIVER_FS_NOTIFICATION) ( 04824 _In_ PDEVICE_OBJECT DeviceObject, 04825 _In_ BOOLEAN FsActive); 04826 04827 typedef enum _FS_FILTER_SECTION_SYNC_TYPE { 04828 SyncTypeOther = 0, 04829 SyncTypeCreateSection 04830 } FS_FILTER_SECTION_SYNC_TYPE, *PFS_FILTER_SECTION_SYNC_TYPE; 04831 04832 typedef enum _FS_FILTER_STREAM_FO_NOTIFICATION_TYPE { 04833 NotifyTypeCreate = 0, 04834 NotifyTypeRetired 04835 } FS_FILTER_STREAM_FO_NOTIFICATION_TYPE, *PFS_FILTER_STREAM_FO_NOTIFICATION_TYPE; 04836 04837 typedef union _FS_FILTER_PARAMETERS { 04838 struct { 04839 PLARGE_INTEGER EndingOffset; 04840 PERESOURCE *ResourceToRelease; 04841 } AcquireForModifiedPageWriter; 04842 struct { 04843 PERESOURCE ResourceToRelease; 04844 } ReleaseForModifiedPageWriter; 04845 struct { 04846 FS_FILTER_SECTION_SYNC_TYPE SyncType; 04847 ULONG PageProtection; 04848 } AcquireForSectionSynchronization; 04849 struct { 04850 FS_FILTER_STREAM_FO_NOTIFICATION_TYPE NotificationType; 04851 BOOLEAN POINTER_ALIGNMENT SafeToRecurse; 04852 } NotifyStreamFileObject; 04853 struct { 04854 PVOID Argument1; 04855 PVOID Argument2; 04856 PVOID Argument3; 04857 PVOID Argument4; 04858 PVOID Argument5; 04859 } Others; 04860 } FS_FILTER_PARAMETERS, *PFS_FILTER_PARAMETERS; 04861 04862 #define FS_FILTER_ACQUIRE_FOR_SECTION_SYNCHRONIZATION (UCHAR)-1 04863 #define FS_FILTER_RELEASE_FOR_SECTION_SYNCHRONIZATION (UCHAR)-2 04864 #define FS_FILTER_ACQUIRE_FOR_MOD_WRITE (UCHAR)-3 04865 #define FS_FILTER_RELEASE_FOR_MOD_WRITE (UCHAR)-4 04866 #define FS_FILTER_ACQUIRE_FOR_CC_FLUSH (UCHAR)-5 04867 #define FS_FILTER_RELEASE_FOR_CC_FLUSH (UCHAR)-6 04868 04869 typedef struct _FS_FILTER_CALLBACK_DATA { 04870 ULONG SizeOfFsFilterCallbackData; 04871 UCHAR Operation; 04872 UCHAR Reserved; 04873 struct _DEVICE_OBJECT *DeviceObject; 04874 struct _FILE_OBJECT *FileObject; 04875 FS_FILTER_PARAMETERS Parameters; 04876 } FS_FILTER_CALLBACK_DATA, *PFS_FILTER_CALLBACK_DATA; 04877 04878 typedef NTSTATUS 04879 (NTAPI *PFS_FILTER_CALLBACK) ( 04880 _In_ PFS_FILTER_CALLBACK_DATA Data, 04881 _Out_ PVOID *CompletionContext); 04882 04883 typedef VOID 04884 (NTAPI *PFS_FILTER_COMPLETION_CALLBACK) ( 04885 _In_ PFS_FILTER_CALLBACK_DATA Data, 04886 _In_ NTSTATUS OperationStatus, 04887 _In_ PVOID CompletionContext); 04888 04889 typedef struct _FS_FILTER_CALLBACKS { 04890 ULONG SizeOfFsFilterCallbacks; 04891 ULONG Reserved; 04892 PFS_FILTER_CALLBACK PreAcquireForSectionSynchronization; 04893 PFS_FILTER_COMPLETION_CALLBACK PostAcquireForSectionSynchronization; 04894 PFS_FILTER_CALLBACK PreReleaseForSectionSynchronization; 04895 PFS_FILTER_COMPLETION_CALLBACK PostReleaseForSectionSynchronization; 04896 PFS_FILTER_CALLBACK PreAcquireForCcFlush; 04897 PFS_FILTER_COMPLETION_CALLBACK PostAcquireForCcFlush; 04898 PFS_FILTER_CALLBACK PreReleaseForCcFlush; 04899 PFS_FILTER_COMPLETION_CALLBACK PostReleaseForCcFlush; 04900 PFS_FILTER_CALLBACK PreAcquireForModifiedPageWriter; 04901 PFS_FILTER_COMPLETION_CALLBACK PostAcquireForModifiedPageWriter; 04902 PFS_FILTER_CALLBACK PreReleaseForModifiedPageWriter; 04903 PFS_FILTER_COMPLETION_CALLBACK PostReleaseForModifiedPageWriter; 04904 } FS_FILTER_CALLBACKS, *PFS_FILTER_CALLBACKS; 04905 04906 #if (NTDDI_VERSION >= NTDDI_WINXP) 04907 NTKERNELAPI 04908 NTSTATUS 04909 NTAPI 04910 FsRtlRegisterFileSystemFilterCallbacks( 04911 _In_ struct _DRIVER_OBJECT *FilterDriverObject, 04912 _In_ PFS_FILTER_CALLBACKS Callbacks); 04913 #endif /* (NTDDI_VERSION >= NTDDI_WINXP) */ 04914 04915 #if (NTDDI_VERSION >= NTDDI_VISTA) 04916 NTKERNELAPI 04917 NTSTATUS 04918 NTAPI 04919 FsRtlNotifyStreamFileObject( 04920 _In_ struct _FILE_OBJECT * StreamFileObject, 04921 _In_opt_ struct _DEVICE_OBJECT *DeviceObjectHint, 04922 _In_ FS_FILTER_STREAM_FO_NOTIFICATION_TYPE NotificationType, 04923 _In_ BOOLEAN SafeToRecurse); 04924 #endif /* (NTDDI_VERSION >= NTDDI_VISTA) */ 04925 04926 #define DO_VERIFY_VOLUME 0x00000002 04927 #define DO_BUFFERED_IO 0x00000004 04928 #define DO_EXCLUSIVE 0x00000008 04929 #define DO_DIRECT_IO 0x00000010 04930 #define DO_MAP_IO_BUFFER 0x00000020 04931 #define DO_DEVICE_HAS_NAME 0x00000040 04932 #define DO_DEVICE_INITIALIZING 0x00000080 04933 #define DO_SYSTEM_BOOT_PARTITION 0x00000100 04934 #define DO_LONG_TERM_REQUESTS 0x00000200 04935 #define DO_NEVER_LAST_DEVICE 0x00000400 04936 #define DO_SHUTDOWN_REGISTERED 0x00000800 04937 #define DO_BUS_ENUMERATED_DEVICE 0x00001000 04938 #define DO_POWER_PAGABLE 0x00002000 04939 #define DO_POWER_INRUSH 0x00004000 04940 #define DO_LOW_PRIORITY_FILESYSTEM 0x00010000 04941 #define DO_SUPPORTS_TRANSACTIONS 0x00040000 04942 #define DO_FORCE_NEITHER_IO 0x00080000 04943 #define DO_VOLUME_DEVICE_OBJECT 0x00100000 04944 #define DO_SYSTEM_SYSTEM_PARTITION 0x00200000 04945 #define DO_SYSTEM_CRITICAL_PARTITION 0x00400000 04946 #define DO_DISALLOW_EXECUTE 0x00800000 04947 04948 extern KSPIN_LOCK IoStatisticsLock; 04949 extern ULONG IoReadOperationCount; 04950 extern ULONG IoWriteOperationCount; 04951 extern ULONG IoOtherOperationCount; 04952 extern LARGE_INTEGER IoReadTransferCount; 04953 extern LARGE_INTEGER IoWriteTransferCount; 04954 extern LARGE_INTEGER IoOtherTransferCount; 04955 04956 #define IO_FILE_OBJECT_NON_PAGED_POOL_CHARGE 64 04957 #define IO_FILE_OBJECT_PAGED_POOL_CHARGE 1024 04958 04959 #if (NTDDI_VERSION >= NTDDI_VISTA) 04960 typedef struct _IO_PRIORITY_INFO { 04961 ULONG Size; 04962 ULONG ThreadPriority; 04963 ULONG PagePriority; 04964 IO_PRIORITY_HINT IoPriority; 04965 } IO_PRIORITY_INFO, *PIO_PRIORITY_INFO; 04966 #endif 04967 04968 typedef struct _PUBLIC_OBJECT_BASIC_INFORMATION { 04969 ULONG Attributes; 04970 ACCESS_MASK GrantedAccess; 04971 ULONG HandleCount; 04972 ULONG PointerCount; 04973 ULONG Reserved[10]; 04974 } PUBLIC_OBJECT_BASIC_INFORMATION, *PPUBLIC_OBJECT_BASIC_INFORMATION; 04975 04976 typedef struct _PUBLIC_OBJECT_TYPE_INFORMATION { 04977 UNICODE_STRING TypeName; 04978 ULONG Reserved [22]; 04979 } PUBLIC_OBJECT_TYPE_INFORMATION, *PPUBLIC_OBJECT_TYPE_INFORMATION; 04980 04981 #define SYSTEM_PAGE_PRIORITY_BITS 3 04982 #define SYSTEM_PAGE_PRIORITY_LEVELS (1 << SYSTEM_PAGE_PRIORITY_BITS) 04983 04984 /****************************************************************************** 04985 * Kernel Types * 04986 ******************************************************************************/ 04987 typedef struct _KAPC_STATE { 04988 LIST_ENTRY ApcListHead[MaximumMode]; 04989 PKPROCESS Process; 04990 BOOLEAN KernelApcInProgress; 04991 BOOLEAN KernelApcPending; 04992 BOOLEAN UserApcPending; 04993 } KAPC_STATE, *PKAPC_STATE, *RESTRICTED_POINTER PRKAPC_STATE; 04994 04995 #define KAPC_STATE_ACTUAL_LENGTH (FIELD_OFFSET(KAPC_STATE, UserApcPending) + sizeof(BOOLEAN)) 04996 04997 #define ASSERT_QUEUE(Q) ASSERT(((Q)->Header.Type & KOBJECT_TYPE_MASK) == QueueObject); 04998 04999 typedef struct _KQUEUE { 05000 DISPATCHER_HEADER Header; 05001 LIST_ENTRY EntryListHead; 05002 volatile ULONG CurrentCount; 05003 ULONG MaximumCount; 05004 LIST_ENTRY ThreadListHead; 05005 } KQUEUE, *PKQUEUE, *RESTRICTED_POINTER PRKQUEUE; 05006 05007 05008 /****************************************************************************** 05009 * Kernel Functions * 05010 ******************************************************************************/ 05011 05012 NTSTATUS 05013 NTAPI 05014 KeGetProcessorNumberFromIndex( 05015 _In_ ULONG ProcIndex, 05016 _Out_ PPROCESSOR_NUMBER ProcNumber); 05017 05018 ULONG 05019 NTAPI 05020 KeGetProcessorIndexFromNumber( 05021 _In_ PPROCESSOR_NUMBER ProcNumber); 05022 05023 #if (NTDDI_VERSION >= NTDDI_WIN2K) 05024 05025 05026 05027 05028 NTKERNELAPI 05029 VOID 05030 NTAPI 05031 KeInitializeMutant( 05032 _Out_ PRKMUTANT Mutant, 05033 _In_ BOOLEAN InitialOwner); 05034 05035 _IRQL_requires_max_(DISPATCH_LEVEL) 05036 NTKERNELAPI 05037 LONG 05038 NTAPI 05039 KeReadStateMutant( 05040 _In_ PRKMUTANT Mutant); 05041 05042 _When_(Wait==0, _IRQL_requires_max_(DISPATCH_LEVEL)) 05043 _When_(Wait==1, _IRQL_requires_max_(APC_LEVEL)) 05044 NTKERNELAPI 05045 LONG 05046 NTAPI 05047 KeReleaseMutant( 05048 _Inout_ PRKMUTANT Mutant, 05049 _In_ KPRIORITY Increment, 05050 _In_ BOOLEAN Abandoned, 05051 _In_ BOOLEAN Wait); 05052 05053 NTKERNELAPI 05054 VOID 05055 NTAPI 05056 KeInitializeQueue( 05057 _Out_ PRKQUEUE Queue, 05058 _In_ ULONG Count); 05059 05060 _IRQL_requires_max_(DISPATCH_LEVEL) 05061 NTKERNELAPI 05062 LONG 05063 NTAPI 05064 KeReadStateQueue( 05065 _In_ PRKQUEUE Queue); 05066 05067 _IRQL_requires_min_(PASSIVE_LEVEL) 05068 _IRQL_requires_max_(DISPATCH_LEVEL) 05069 NTKERNELAPI 05070 LONG 05071 NTAPI 05072 KeInsertQueue( 05073 _Inout_ PRKQUEUE Queue, 05074 _Inout_ PLIST_ENTRY Entry); 05075 05076 _IRQL_requires_min_(PASSIVE_LEVEL) 05077 _IRQL_requires_max_(DISPATCH_LEVEL) 05078 NTKERNELAPI 05079 LONG 05080 NTAPI 05081 KeInsertHeadQueue( 05082 _Inout_ PRKQUEUE Queue, 05083 _Inout_ PLIST_ENTRY Entry); 05084 05085 _IRQL_requires_min_(PASSIVE_LEVEL) 05086 _When_((Timeout==NULL || *Timeout!=0), _IRQL_requires_max_(APC_LEVEL)) 05087 _When_((Timeout!=NULL && *Timeout==0), _IRQL_requires_max_(DISPATCH_LEVEL)) 05088 NTKERNELAPI 05089 PLIST_ENTRY 05090 NTAPI 05091 KeRemoveQueue( 05092 _Inout_ PRKQUEUE Queue, 05093 _In_ KPROCESSOR_MODE WaitMode, 05094 _In_opt_ PLARGE_INTEGER Timeout); 05095 05096 _IRQL_requires_max_(APC_LEVEL) 05097 NTKERNELAPI 05098 VOID 05099 NTAPI 05100 KeAttachProcess( 05101 _Inout_ PKPROCESS Process); 05102 05103 _IRQL_requires_max_(APC_LEVEL) 05104 NTKERNELAPI 05105 VOID 05106 NTAPI 05107 KeDetachProcess(VOID); 05108 05109 _IRQL_requires_max_(DISPATCH_LEVEL) 05110 NTKERNELAPI 05111 PLIST_ENTRY 05112 NTAPI 05113 KeRundownQueue( 05114 _Inout_ PRKQUEUE Queue); 05115 05116 _IRQL_requires_max_(APC_LEVEL) 05117 NTKERNELAPI 05118 VOID 05119 NTAPI 05120 KeStackAttachProcess( 05121 _Inout_ PKPROCESS Process, 05122 _Out_ PKAPC_STATE ApcState); 05123 05124 _IRQL_requires_max_(APC_LEVEL) 05125 NTKERNELAPI 05126 VOID 05127 NTAPI 05128 KeUnstackDetachProcess( 05129 _In_ PKAPC_STATE ApcState); 05130 05131 _IRQL_requires_min_(PASSIVE_LEVEL) 05132 _IRQL_requires_max_(DISPATCH_LEVEL) 05133 NTKERNELAPI 05134 UCHAR 05135 NTAPI 05136 KeSetIdealProcessorThread( 05137 _Inout_ PKTHREAD Thread, 05138 _In_ UCHAR Processor); 05139 05140 _IRQL_requires_max_(APC_LEVEL) 05141 NTKERNELAPI 05142 BOOLEAN 05143 NTAPI 05144 KeSetKernelStackSwapEnable( 05145 _In_ BOOLEAN Enable); 05146 05147 #if defined(_X86_) 05148 _Requires_lock_not_held_(*SpinLock) 05149 _Acquires_lock_(*SpinLock) 05150 _IRQL_raises_(SYNCH_LEVEL) 05151 _IRQL_saves_ 05152 NTHALAPI 05153 KIRQL 05154 FASTCALL 05155 KeAcquireSpinLockRaiseToSynch( 05156 _Inout_ PKSPIN_LOCK SpinLock); 05157 #else 05158 _Requires_lock_not_held_(*SpinLock) 05159 _Acquires_lock_(*SpinLock) 05160 _IRQL_raises_(SYNCH_LEVEL) 05161 _IRQL_saves_ 05162 NTKERNELAPI 05163 KIRQL 05164 KeAcquireSpinLockRaiseToSynch( 05165 _Inout_ PKSPIN_LOCK SpinLock); 05166 #endif 05167 05168 #endif /* (NTDDI_VERSION >= NTDDI_WIN2K) */ 05169 05170 #if (NTDDI_VERSION >= NTDDI_WINXP) 05171 05172 05173 _Requires_lock_not_held_(Number) 05174 _Acquires_lock_(Number) 05175 _IRQL_raises_(DISPATCH_LEVEL) 05176 _DECL_HAL_KE_IMPORT 05177 KIRQL 05178 FASTCALL 05179 KeAcquireQueuedSpinLock( 05180 _In_ KSPIN_LOCK_QUEUE_NUMBER Number); 05181 05182 _Requires_lock_held_(Number) 05183 _Releases_lock_(Number) 05184 _DECL_HAL_KE_IMPORT 05185 VOID 05186 FASTCALL 05187 KeReleaseQueuedSpinLock( 05188 _In_ KSPIN_LOCK_QUEUE_NUMBER Number, 05189 _In_ KIRQL OldIrql); 05190 05191 _Must_inspect_result_ 05192 _Post_satisfies_(return == 1 || return == 0) 05193 _DECL_HAL_KE_IMPORT 05194 LOGICAL 05195 FASTCALL 05196 KeTryToAcquireQueuedSpinLock( 05197 _In_ KSPIN_LOCK_QUEUE_NUMBER Number, 05198 _Out_ _At_(*OldIrql, _IRQL_saves_) PKIRQL OldIrql); 05199 05200 #endif /* (NTDDI_VERSION >= NTDDI_WINXP) */ 05201 05202 05203 05204 05205 05206 #if (NTDDI_VERSION >= NTDDI_VISTA) 05207 05208 _IRQL_requires_max_(DISPATCH_LEVEL) 05209 NTKERNELAPI 05210 VOID 05211 KeQueryOwnerMutant( 05212 _In_ PKMUTANT Mutant, 05213 _Out_ PCLIENT_ID ClientId); 05214 05215 _IRQL_requires_min_(PASSIVE_LEVEL) 05216 _When_((Timeout==NULL || *Timeout!=0), _IRQL_requires_max_(APC_LEVEL)) 05217 _When_((Timeout!=NULL && *Timeout==0), _IRQL_requires_max_(DISPATCH_LEVEL)) 05218 NTKERNELAPI 05219 ULONG 05220 NTAPI 05221 KeRemoveQueueEx( 05222 _Inout_ PKQUEUE Queue, 05223 _In_ KPROCESSOR_MODE WaitMode, 05224 _In_ BOOLEAN Alertable, 05225 _In_opt_ PLARGE_INTEGER Timeout, 05226 _Out_writes_to_(Count, return) PLIST_ENTRY *EntryArray, 05227 _In_ ULONG Count); 05228 05229 #endif /* (NTDDI_VERSION >= NTDDI_VISTA) */ 05230 05231 05232 #define INVALID_PROCESSOR_INDEX 0xffffffff 05233 05234 #define EX_PUSH_LOCK ULONG_PTR 05235 #define PEX_PUSH_LOCK PULONG_PTR 05236 /****************************************************************************** 05237 * Executive Functions * 05238 ******************************************************************************/ 05239 05240 05241 #define ExDisableResourceBoost ExDisableResourceBoostLite 05242 05243 VOID 05244 ExInitializePushLock( 05245 _Out_ PEX_PUSH_LOCK PushLock); 05246 05247 #if (NTDDI_VERSION >= NTDDI_WIN2K) 05248 05249 _IRQL_requires_max_(DISPATCH_LEVEL) 05250 NTKERNELAPI 05251 SIZE_T 05252 NTAPI 05253 ExQueryPoolBlockSize( 05254 _In_ PVOID PoolBlock, 05255 _Out_ PBOOLEAN QuotaCharged); 05256 05257 _IRQL_requires_max_(DISPATCH_LEVEL) 05258 VOID 05259 ExAdjustLookasideDepth(VOID); 05260 05261 _IRQL_requires_max_(DISPATCH_LEVEL) 05262 NTKERNELAPI 05263 VOID 05264 NTAPI 05265 ExDisableResourceBoostLite( 05266 _In_ PERESOURCE Resource); 05267 #endif /* (NTDDI_VERSION >= NTDDI_WIN2K) */ 05268 05269 #if (NTDDI_VERSION >= NTDDI_WINXP) 05270 05271 PSLIST_ENTRY 05272 FASTCALL 05273 InterlockedPushListSList( 05274 _Inout_ PSLIST_HEADER ListHead, 05275 _Inout_ __drv_aliasesMem PSLIST_ENTRY List, 05276 _Inout_ PSLIST_ENTRY ListEnd, 05277 _In_ ULONG Count); 05278 #endif /* (NTDDI_VERSION >= NTDDI_WINXP) */ 05279 05280 /****************************************************************************** 05281 * Security Manager Functions * 05282 ******************************************************************************/ 05283 05284 #if (NTDDI_VERSION >= NTDDI_WIN2K) 05285 05286 05287 NTKERNELAPI 05288 VOID 05289 NTAPI 05290 SeReleaseSubjectContext( 05291 _Inout_ PSECURITY_SUBJECT_CONTEXT SubjectContext); 05292 05293 NTKERNELAPI 05294 BOOLEAN 05295 NTAPI 05296 SePrivilegeCheck( 05297 _Inout_ PPRIVILEGE_SET RequiredPrivileges, 05298 _In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, 05299 _In_ KPROCESSOR_MODE AccessMode); 05300 05301 NTKERNELAPI 05302 VOID 05303 NTAPI 05304 SeOpenObjectAuditAlarm( 05305 _In_ PUNICODE_STRING ObjectTypeName, 05306 _In_opt_ PVOID Object, 05307 _In_opt_ PUNICODE_STRING AbsoluteObjectName, 05308 _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, 05309 _In_ PACCESS_STATE AccessState, 05310 _In_ BOOLEAN ObjectCreated, 05311 _In_ BOOLEAN AccessGranted, 05312 _In_ KPROCESSOR_MODE AccessMode, 05313 _Out_ PBOOLEAN GenerateOnClose); 05314 05315 NTKERNELAPI 05316 VOID 05317 NTAPI 05318 SeOpenObjectForDeleteAuditAlarm( 05319 _In_ PUNICODE_STRING ObjectTypeName, 05320 _In_opt_ PVOID Object, 05321 _In_opt_ PUNICODE_STRING AbsoluteObjectName, 05322 _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, 05323 _In_ PACCESS_STATE AccessState, 05324 _In_ BOOLEAN ObjectCreated, 05325 _In_ BOOLEAN AccessGranted, 05326 _In_ KPROCESSOR_MODE AccessMode, 05327 _Out_ PBOOLEAN GenerateOnClose); 05328 05329 NTKERNELAPI 05330 VOID 05331 NTAPI 05332 SeDeleteObjectAuditAlarm( 05333 _In_ PVOID Object, 05334 _In_ HANDLE Handle); 05335 05336 NTKERNELAPI 05337 TOKEN_TYPE 05338 NTAPI 05339 SeTokenType( 05340 _In_ PACCESS_TOKEN Token); 05341 05342 NTKERNELAPI 05343 BOOLEAN 05344 NTAPI 05345 SeTokenIsAdmin( 05346 _In_ PACCESS_TOKEN Token); 05347 05348 NTKERNELAPI 05349 BOOLEAN 05350 NTAPI 05351 SeTokenIsRestricted( 05352 _In_ PACCESS_TOKEN Token); 05353 05354 NTKERNELAPI 05355 NTSTATUS 05356 NTAPI 05357 SeQueryAuthenticationIdToken( 05358 _In_ PACCESS_TOKEN Token, 05359 _Out_ PLUID AuthenticationId); 05360 05361 NTKERNELAPI 05362 NTSTATUS 05363 NTAPI 05364 SeQuerySessionIdToken( 05365 _In_ PACCESS_TOKEN Token, 05366 _Out_ PULONG SessionId); 05367 05368 NTKERNELAPI 05369 NTSTATUS 05370 NTAPI 05371 SeCreateClientSecurity( 05372 _In_ PETHREAD ClientThread, 05373 _In_ PSECURITY_QUALITY_OF_SERVICE ClientSecurityQos, 05374 _In_ BOOLEAN RemoteSession, 05375 _Out_ PSECURITY_CLIENT_CONTEXT ClientContext); 05376 05377 NTKERNELAPI 05378 VOID 05379 NTAPI 05380 SeImpersonateClient( 05381 _In_ PSECURITY_CLIENT_CONTEXT ClientContext, 05382 _In_opt_ PETHREAD ServerThread); 05383 05384 NTKERNELAPI 05385 NTSTATUS 05386 NTAPI 05387 SeImpersonateClientEx( 05388 _In_ PSECURITY_CLIENT_CONTEXT ClientContext, 05389 _In_opt_ PETHREAD ServerThread); 05390 05391 NTKERNELAPI 05392 NTSTATUS 05393 NTAPI 05394 SeCreateClientSecurityFromSubjectContext( 05395 _In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, 05396 _In_ PSECURITY_QUALITY_OF_SERVICE ClientSecurityQos, 05397 _In_ BOOLEAN ServerIsRemote, 05398 _Out_ PSECURITY_CLIENT_CONTEXT ClientContext); 05399 05400 NTKERNELAPI 05401 NTSTATUS 05402 NTAPI 05403 SeQuerySecurityDescriptorInfo( 05404 _In_ PSECURITY_INFORMATION SecurityInformation, 05405 _Out_writes_bytes_(*Length) PSECURITY_DESCRIPTOR SecurityDescriptor, 05406 _Inout_ PULONG Length, 05407 _Inout_ PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor); 05408 05409 NTKERNELAPI 05410 NTSTATUS 05411 NTAPI 05412 SeSetSecurityDescriptorInfo( 05413 _In_opt_ PVOID Object, 05414 _In_ PSECURITY_INFORMATION SecurityInformation, 05415 _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, 05416 _Inout_ PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor, 05417 _In_ POOL_TYPE PoolType, 05418 _In_ PGENERIC_MAPPING GenericMapping); 05419 05420 NTKERNELAPI 05421 NTSTATUS 05422 NTAPI 05423 SeSetSecurityDescriptorInfoEx( 05424 _In_opt_ PVOID Object, 05425 _In_ PSECURITY_INFORMATION SecurityInformation, 05426 _In_ PSECURITY_DESCRIPTOR ModificationDescriptor, 05427 _Inout_ PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor, 05428 _In_ ULONG AutoInheritFlags, 05429 _In_ POOL_TYPE PoolType, 05430 _In_ PGENERIC_MAPPING GenericMapping); 05431 05432 NTKERNELAPI 05433 NTSTATUS 05434 NTAPI 05435 SeAppendPrivileges( 05436 _Inout_ PACCESS_STATE AccessState, 05437 _In_ PPRIVILEGE_SET Privileges); 05438 05439 NTKERNELAPI 05440 BOOLEAN 05441 NTAPI 05442 SeAuditingFileEvents( 05443 _In_ BOOLEAN AccessGranted, 05444 _In_ PSECURITY_DESCRIPTOR SecurityDescriptor); 05445 05446 NTKERNELAPI 05447 BOOLEAN 05448 NTAPI 05449 SeAuditingFileOrGlobalEvents( 05450 _In_ BOOLEAN AccessGranted, 05451 _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, 05452 _In_ PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext); 05453 05454 VOID 05455 NTAPI 05456 SeSetAccessStateGenericMapping( 05457 _Inout_ PACCESS_STATE AccessState, 05458 _In_ PGENERIC_MAPPING GenericMapping); 05459 05460 NTKERNELAPI 05461 NTSTATUS 05462 NTAPI 05463 SeRegisterLogonSessionTerminatedRoutine( 05464 _In_ PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine); 05465 05466 NTKERNELAPI 05467 NTSTATUS 05468 NTAPI 05469 SeUnregisterLogonSessionTerminatedRoutine( 05470 _In_ PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine); 05471 05472 NTKERNELAPI 05473 NTSTATUS 05474 NTAPI 05475 SeMarkLogonSessionForTerminationNotification( 05476 _In_ PLUID LogonId); 05477 05478 NTKERNELAPI 05479 NTSTATUS 05480 NTAPI 05481 SeQueryInformationToken( 05482 _In_ PACCESS_TOKEN Token, 05483 _In_ TOKEN_INFORMATION_CLASS TokenInformationClass, 05484 _Outptr_result_buffer_(_Inexpressible_(token-dependent)) PVOID *TokenInformation); 05485 05486 #endif /* (NTDDI_VERSION >= NTDDI_WIN2K) */ 05487 #if (NTDDI_VERSION >= NTDDI_WIN2KSP3) 05488 NTKERNELAPI 05489 BOOLEAN 05490 NTAPI 05491 SeAuditingHardLinkEvents( 05492 _In_ BOOLEAN AccessGranted, 05493 _In_ PSECURITY_DESCRIPTOR SecurityDescriptor); 05494 #endif 05495 05496 #if (NTDDI_VERSION >= NTDDI_WINXP) 05497 05498 NTKERNELAPI 05499 NTSTATUS 05500 NTAPI 05501 SeFilterToken( 05502 _In_ PACCESS_TOKEN ExistingToken, 05503 _In_ ULONG Flags, 05504 _In_opt_ PTOKEN_GROUPS SidsToDisable, 05505 _In_opt_ PTOKEN_PRIVILEGES PrivilegesToDelete, 05506 _In_opt_ PTOKEN_GROUPS RestrictedSids, 05507 _Outptr_ PACCESS_TOKEN *FilteredToken); 05508 05509 NTKERNELAPI 05510 VOID 05511 NTAPI 05512 SeAuditHardLinkCreation( 05513 _In_ PUNICODE_STRING FileName, 05514 _In_ PUNICODE_STRING LinkName, 05515 _In_ BOOLEAN bSuccess); 05516 05517 #endif /* (NTDDI_VERSION >= NTDDI_WINXP) */ 05518 05519 #if (NTDDI_VERSION >= NTDDI_WINXPSP2) 05520 05521 NTKERNELAPI 05522 BOOLEAN 05523 NTAPI 05524 SeAuditingFileEventsWithContext( 05525 _In_ BOOLEAN AccessGranted, 05526 _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, 05527 _In_opt_ PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext); 05528 05529 NTKERNELAPI 05530 BOOLEAN 05531 NTAPI 05532 SeAuditingHardLinkEventsWithContext( 05533 _In_ BOOLEAN AccessGranted, 05534 _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, 05535 _In_opt_ PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext); 05536 05537 #endif 05538 05539 05540 #if (NTDDI_VERSION >= NTDDI_VISTA) 05541 05542 NTKERNELAPI 05543 VOID 05544 NTAPI 05545 SeOpenObjectAuditAlarmWithTransaction( 05546 _In_ PUNICODE_STRING ObjectTypeName, 05547 _In_opt_ PVOID Object, 05548 _In_opt_ PUNICODE_STRING AbsoluteObjectName, 05549 _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, 05550 _In_ PACCESS_STATE AccessState, 05551 _In_ BOOLEAN ObjectCreated, 05552 _In_ BOOLEAN AccessGranted, 05553 _In_ KPROCESSOR_MODE AccessMode, 05554 _In_opt_ GUID *TransactionId, 05555 _Out_ PBOOLEAN GenerateOnClose); 05556 05557 NTKERNELAPI 05558 VOID 05559 NTAPI 05560 SeOpenObjectForDeleteAuditAlarmWithTransaction( 05561 _In_ PUNICODE_STRING ObjectTypeName, 05562 _In_opt_ PVOID Object, 05563 _In_opt_ PUNICODE_STRING AbsoluteObjectName, 05564 _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, 05565 _In_ PACCESS_STATE AccessState, 05566 _In_ BOOLEAN ObjectCreated, 05567 _In_ BOOLEAN AccessGranted, 05568 _In_ KPROCESSOR_MODE AccessMode, 05569 _In_opt_ GUID *TransactionId, 05570 _Out_ PBOOLEAN GenerateOnClose); 05571 05572 NTKERNELAPI 05573 VOID 05574 NTAPI 05575 SeExamineSacl( 05576 _In_ PACL Sacl, 05577 _In_ PACCESS_TOKEN Token, 05578 _In_ ACCESS_MASK DesiredAccess, 05579 _In_ BOOLEAN AccessGranted, 05580 _Out_ PBOOLEAN GenerateAudit, 05581 _Out_ PBOOLEAN GenerateAlarm); 05582 05583 NTKERNELAPI 05584 VOID 05585 NTAPI 05586 SeDeleteObjectAuditAlarmWithTransaction( 05587 _In_ PVOID Object, 05588 _In_ HANDLE Handle, 05589 _In_opt_ GUID *TransactionId); 05590 05591 NTKERNELAPI 05592 VOID 05593 NTAPI 05594 SeQueryTokenIntegrity( 05595 _In_ PACCESS_TOKEN Token, 05596 _Inout_ PSID_AND_ATTRIBUTES IntegritySA); 05597 05598 NTKERNELAPI 05599 NTSTATUS 05600 NTAPI 05601 SeSetSessionIdToken( 05602 _In_ PACCESS_TOKEN Token, 05603 _In_ ULONG SessionId); 05604 05605 NTKERNELAPI 05606 VOID 05607 NTAPI 05608 SeAuditHardLinkCreationWithTransaction( 05609 _In_ PUNICODE_STRING FileName, 05610 _In_ PUNICODE_STRING LinkName, 05611 _In_ BOOLEAN bSuccess, 05612 _In_opt_ GUID *TransactionId); 05613 05614 NTKERNELAPI 05615 VOID 05616 NTAPI 05617 SeAuditTransactionStateChange( 05618 _In_ GUID *TransactionId, 05619 _In_ GUID *ResourceManagerId, 05620 _In_ ULONG NewTransactionState); 05621 #endif /* (NTDDI_VERSION >= NTDDI_VISTA) */ 05622 05623 #if (NTDDI_VERSION >= NTDDI_VISTA || (NTDDI_VERSION >= NTDDI_WINXPSP2 && NTDDI_VERSION < NTDDI_WS03)) 05624 NTKERNELAPI 05625 BOOLEAN 05626 NTAPI 05627 SeTokenIsWriteRestricted( 05628 _In_ PACCESS_TOKEN Token); 05629 #endif 05630 05631 #if (NTDDI_VERSION >= NTDDI_WIN7) 05632 05633 NTKERNELAPI 05634 BOOLEAN 05635 NTAPI 05636 SeAuditingAnyFileEventsWithContext( 05637 _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, 05638 _In_opt_ PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext, 05639 _Out_opt_ PBOOLEAN StagingEnabled); 05640 05641 NTKERNELAPI 05642 VOID 05643 NTAPI 05644 SeExamineGlobalSacl( 05645 _In_ PUNICODE_STRING ObjectType, 05646 _In_ PACL ResourceSacl, 05647 _In_ PACCESS_TOKEN Token, 05648 _In_ ACCESS_MASK DesiredAccess, 05649 _In_ BOOLEAN AccessGranted, 05650 _Inout_ PBOOLEAN GenerateAudit, 05651 _Inout_opt_ PBOOLEAN GenerateAlarm); 05652 05653 NTKERNELAPI 05654 VOID 05655 NTAPI 05656 SeMaximumAuditMaskFromGlobalSacl( 05657 _In_opt_ PUNICODE_STRING ObjectTypeName, 05658 _In_ ACCESS_MASK GrantedAccess, 05659 _In_ PACCESS_TOKEN Token, 05660 _Inout_ PACCESS_MASK AuditMask); 05661 05662 #endif /* (NTDDI_VERSION >= NTDDI_WIN7) */ 05663 05664 NTSTATUS 05665 NTAPI 05666 SeReportSecurityEventWithSubCategory( 05667 _In_ ULONG Flags, 05668 _In_ PUNICODE_STRING SourceName, 05669 _In_opt_ PSID UserSid, 05670 _In_ PSE_ADT_PARAMETER_ARRAY AuditParameters, 05671 _In_ ULONG AuditSubcategoryId); 05672 05673 BOOLEAN 05674 NTAPI 05675 SeAccessCheckFromState( 05676 _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, 05677 _In_ PTOKEN_ACCESS_INFORMATION PrimaryTokenInformation, 05678 _In_opt_ PTOKEN_ACCESS_INFORMATION ClientTokenInformation, 05679 _In_ ACCESS_MASK DesiredAccess, 05680 _In_ ACCESS_MASK PreviouslyGrantedAccess, 05681 _Outptr_opt_result_maybenull_ PPRIVILEGE_SET *Privileges, 05682 _In_ PGENERIC_MAPPING GenericMapping, 05683 _In_ KPROCESSOR_MODE AccessMode, 05684 _Out_ PACCESS_MASK GrantedAccess, 05685 _Out_ PNTSTATUS AccessStatus); 05686 05687 NTKERNELAPI 05688 VOID 05689 NTAPI 05690 SeFreePrivileges( 05691 _In_ PPRIVILEGE_SET Privileges); 05692 05693 NTSTATUS 05694 NTAPI 05695 SeLocateProcessImageName( 05696 _Inout_ PEPROCESS Process, 05697 _Outptr_ PUNICODE_STRING *pImageFileName); 05698 05699 #define SeLengthSid( Sid ) \ 05700 (8 + (4 * ((SID *)Sid)->SubAuthorityCount)) 05701 05702 #define SeDeleteClientSecurity(C) { \ 05703 if (SeTokenType((C)->ClientToken) == TokenPrimary) { \ 05704 PsDereferencePrimaryToken( (C)->ClientToken ); \ 05705 } else { \ 05706 PsDereferenceImpersonationToken( (C)->ClientToken ); \ 05707 } \ 05708 } 05709 05710 #define SeStopImpersonatingClient() PsRevertToSelf() 05711 05712 #define SeQuerySubjectContextToken( SubjectContext ) \ 05713 ( ARGUMENT_PRESENT( \ 05714 ((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->ClientToken \ 05715 ) ? \ 05716 ((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->ClientToken : \ 05717 ((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->PrimaryToken ) 05718 05719 extern NTKERNELAPI PSE_EXPORTS SeExports; 05720 /****************************************************************************** 05721 * Process Manager Functions * 05722 ******************************************************************************/ 05723 05724 _Must_inspect_result_ 05725 _IRQL_requires_max_(APC_LEVEL) 05726 NTKERNELAPI 05727 NTSTATUS 05728 NTAPI 05729 PsLookupProcessByProcessId( 05730 _In_ HANDLE ProcessId, 05731 _Outptr_ PEPROCESS *Process); 05732 05733 _Must_inspect_result_ 05734 _IRQL_requires_max_(APC_LEVEL) 05735 NTKERNELAPI 05736 NTSTATUS 05737 NTAPI 05738 PsLookupThreadByThreadId( 05739 _In_ HANDLE UniqueThreadId, 05740 _Outptr_ PETHREAD *Thread); 05741 05742 #if (NTDDI_VERSION >= NTDDI_WIN2K) 05743 05744 05745 _IRQL_requires_max_(APC_LEVEL) 05746 NTKERNELAPI 05747 PACCESS_TOKEN 05748 NTAPI 05749 PsReferenceImpersonationToken( 05750 _Inout_ PETHREAD Thread, 05751 _Out_ PBOOLEAN CopyOnOpen, 05752 _Out_ PBOOLEAN EffectiveOnly, 05753 _Out_ PSECURITY_IMPERSONATION_LEVEL ImpersonationLevel); 05754 05755 _IRQL_requires_max_(APC_LEVEL) 05756 NTKERNELAPI 05757 LARGE_INTEGER 05758 NTAPI 05759 PsGetProcessExitTime(VOID); 05760 05761 _IRQL_requires_max_(DISPATCH_LEVEL) 05762 NTKERNELAPI 05763 BOOLEAN 05764 NTAPI 05765 PsIsThreadTerminating( 05766 _In_ PETHREAD Thread); 05767 05768 _Must_inspect_result_ 05769 _IRQL_requires_max_(PASSIVE_LEVEL) 05770 NTKERNELAPI 05771 NTSTATUS 05772 NTAPI 05773 PsImpersonateClient( 05774 _Inout_ PETHREAD Thread, 05775 _In_opt_ PACCESS_TOKEN Token, 05776 _In_ BOOLEAN CopyOnOpen, 05777 _In_ BOOLEAN EffectiveOnly, 05778 _In_ SECURITY_IMPERSONATION_LEVEL ImpersonationLevel); 05779 05780 _IRQL_requires_max_(PASSIVE_LEVEL) 05781 NTKERNELAPI 05782 BOOLEAN 05783 NTAPI 05784 PsDisableImpersonation( 05785 _Inout_ PETHREAD Thread, 05786 _Inout_ PSE_IMPERSONATION_STATE ImpersonationState); 05787 05788 _IRQL_requires_max_(PASSIVE_LEVEL) 05789 NTKERNELAPI 05790 VOID 05791 NTAPI 05792 PsRestoreImpersonation( 05793 _Inout_ PETHREAD Thread, 05794 _In_ PSE_IMPERSONATION_STATE ImpersonationState); 05795 05796 _IRQL_requires_max_(PASSIVE_LEVEL) 05797 NTKERNELAPI 05798 VOID 05799 NTAPI 05800 PsRevertToSelf(VOID); 05801 05802 _IRQL_requires_max_(APC_LEVEL) 05803 NTKERNELAPI 05804 VOID 05805 NTAPI 05806 PsChargePoolQuota( 05807 _In_ PEPROCESS Process, 05808 _In_ POOL_TYPE PoolType, 05809 _In_ ULONG_PTR Amount); 05810 05811 _IRQL_requires_max_(APC_LEVEL) 05812 NTKERNELAPI 05813 VOID 05814 NTAPI 05815 PsReturnPoolQuota( 05816 _In_ PEPROCESS Process, 05817 _In_ POOL_TYPE PoolType, 05818 _In_ ULONG_PTR Amount); 05819 05820 _IRQL_requires_max_(PASSIVE_LEVEL) 05821 NTKERNELAPI 05822 NTSTATUS 05823 NTAPI 05824 PsAssignImpersonationToken( 05825 _In_ PETHREAD Thread, 05826 _In_opt_ HANDLE Token); 05827 05828 _IRQL_requires_max_(PASSIVE_LEVEL) 05829 NTKERNELAPI 05830 HANDLE 05831 NTAPI 05832 PsReferencePrimaryToken( 05833 _Inout_ PEPROCESS Process); 05834 #endif /* (NTDDI_VERSION >= NTDDI_WIN2K) */ 05835 #if (NTDDI_VERSION >= NTDDI_WINXP) 05836 05837 05838 _IRQL_requires_max_(PASSIVE_LEVEL) 05839 NTKERNELAPI 05840 VOID 05841 NTAPI 05842 PsDereferencePrimaryToken( 05843 _In_ PACCESS_TOKEN PrimaryToken); 05844 05845 _IRQL_requires_max_(PASSIVE_LEVEL) 05846 NTKERNELAPI 05847 VOID 05848 NTAPI 05849 PsDereferenceImpersonationToken( 05850 _In_ PACCESS_TOKEN ImpersonationToken); 05851 05852 _Must_inspect_result_ 05853 _IRQL_requires_max_(APC_LEVEL) 05854 NTKERNELAPI 05855 NTSTATUS 05856 NTAPI 05857 PsChargeProcessPoolQuota( 05858 _In_ PEPROCESS Process, 05859 _In_ POOL_TYPE PoolType, 05860 _In_ ULONG_PTR Amount); 05861 05862 NTKERNELAPI 05863 BOOLEAN 05864 NTAPI 05865 PsIsSystemThread( 05866 _In_ PETHREAD Thread); 05867 #endif /* (NTDDI_VERSION >= NTDDI_WINXP) */ 05868 05869 /****************************************************************************** 05870 * I/O Manager Functions * 05871 ******************************************************************************/ 05872 05873 #define IoIsFileOpenedExclusively(FileObject) ( \ 05874 (BOOLEAN) !( \ 05875 (FileObject)->SharedRead || \ 05876 (FileObject)->SharedWrite || \ 05877 (FileObject)->SharedDelete \ 05878 ) \ 05879 ) 05880 05881 #if (NTDDI_VERSION == NTDDI_WIN2K) 05882 NTKERNELAPI 05883 NTSTATUS 05884 NTAPI 05885 IoRegisterFsRegistrationChangeEx( 05886 _In_ PDRIVER_OBJECT DriverObject, 05887 _In_ PDRIVER_FS_NOTIFICATION DriverNotificationRoutine); 05888 #endif 05889 #if (NTDDI_VERSION >= NTDDI_WIN2K) 05890 05891 05892 NTKERNELAPI 05893 VOID 05894 NTAPI 05895 IoAcquireVpbSpinLock( 05896 _Out_ PKIRQL Irql); 05897 05898 NTKERNELAPI 05899 NTSTATUS 05900 NTAPI 05901 IoCheckDesiredAccess( 05902 _Inout_ PACCESS_MASK DesiredAccess, 05903 _In_ ACCESS_MASK GrantedAccess); 05904 05905 NTKERNELAPI 05906 NTSTATUS 05907 NTAPI 05908 IoCheckEaBufferValidity( 05909 _In_ PFILE_FULL_EA_INFORMATION EaBuffer, 05910 _In_ ULONG EaLength, 05911 _Out_ PULONG ErrorOffset); 05912 05913 NTKERNELAPI 05914 NTSTATUS 05915 NTAPI 05916 IoCheckFunctionAccess( 05917 _In_ ACCESS_MASK GrantedAccess, 05918 _In_ UCHAR MajorFunction, 05919 _In_ UCHAR MinorFunction, 05920 _In_ ULONG IoControlCode, 05921 _In_opt_ PVOID Argument1, 05922 _In_opt_ PVOID Argument2); 05923 05924 NTKERNELAPI 05925 NTSTATUS 05926 NTAPI 05927 IoCheckQuerySetFileInformation( 05928 _In_ FILE_INFORMATION_CLASS FileInformationClass, 05929 _In_ ULONG Length, 05930 _In_ BOOLEAN SetOperation); 05931 05932 NTKERNELAPI 05933 NTSTATUS 05934 NTAPI 05935 IoCheckQuerySetVolumeInformation( 05936 _In_ FS_INFORMATION_CLASS FsInformationClass, 05937 _In_ ULONG Length, 05938 _In_ BOOLEAN SetOperation); 05939 05940 NTKERNELAPI 05941 NTSTATUS 05942 NTAPI 05943 IoCheckQuotaBufferValidity( 05944 _In_ PFILE_QUOTA_INFORMATION QuotaBuffer, 05945 _In_ ULONG QuotaLength, 05946 _Out_ PULONG ErrorOffset); 05947 05948 NTKERNELAPI 05949 PFILE_OBJECT 05950 NTAPI 05951 IoCreateStreamFileObject( 05952 _In_opt_ PFILE_OBJECT FileObject, 05953 _In_opt_ PDEVICE_OBJECT DeviceObject); 05954 05955 NTKERNELAPI 05956 PFILE_OBJECT 05957 NTAPI 05958 IoCreateStreamFileObjectLite( 05959 _In_opt_ PFILE_OBJECT FileObject, 05960 _In_opt_ PDEVICE_OBJECT DeviceObject); 05961 05962 NTKERNELAPI 05963 BOOLEAN 05964 NTAPI 05965 IoFastQueryNetworkAttributes( 05966 _In_ POBJECT_ATTRIBUTES ObjectAttributes, 05967 _In_ ACCESS_MASK DesiredAccess, 05968 _In_ ULONG OpenOptions, 05969 _Out_ PIO_STATUS_BLOCK IoStatus, 05970 _Out_ PFILE_NETWORK_OPEN_INFORMATION Buffer); 05971 05972 NTKERNELAPI 05973 NTSTATUS 05974 NTAPI 05975 IoPageRead( 05976 _In_ PFILE_OBJECT FileObject, 05977 _In_ PMDL Mdl, 05978 _In_ PLARGE_INTEGER Offset, 05979 _In_ PKEVENT Event, 05980 _Out_ PIO_STATUS_BLOCK IoStatusBlock); 05981 05982 NTKERNELAPI 05983 PDEVICE_OBJECT 05984 NTAPI 05985 IoGetBaseFileSystemDeviceObject( 05986 _In_ PFILE_OBJECT FileObject); 05987 05988 _IRQL_requires_max_(PASSIVE_LEVEL) 05989 NTKERNELAPI 05990 PCONFIGURATION_INFORMATION 05991 NTAPI 05992 IoGetConfigurationInformation(VOID); 05993 05994 NTKERNELAPI 05995 ULONG 05996 NTAPI 05997 IoGetRequestorProcessId( 05998 _In_ PIRP Irp); 05999 06000 NTKERNELAPI 06001 PEPROCESS 06002 NTAPI 06003 IoGetRequestorProcess( 06004 _In_ PIRP Irp); 06005 06006 NTKERNELAPI 06007 PIRP 06008 NTAPI 06009 IoGetTopLevelIrp(VOID); 06010 06011 NTKERNELAPI 06012 BOOLEAN 06013 NTAPI 06014 IoIsOperationSynchronous( 06015 _In_ PIRP Irp); 06016 06017 NTKERNELAPI 06018 BOOLEAN 06019 NTAPI 06020 IoIsSystemThread( 06021 _In_ PETHREAD Thread); 06022 06023 NTKERNELAPI 06024 BOOLEAN 06025 NTAPI 06026 IoIsValidNameGraftingBuffer( 06027 _In_ PIRP Irp, 06028 _In_ PREPARSE_DATA_BUFFER ReparseBuffer); 06029 06030 NTKERNELAPI 06031 NTSTATUS 06032 NTAPI 06033 IoQueryFileInformation( 06034 _In_ PFILE_OBJECT FileObject, 06035 _In_ FILE_INFORMATION_CLASS FileInformationClass, 06036 _In_ ULONG Length, 06037 _Out_ PVOID FileInformation, 06038 _Out_ PULONG ReturnedLength); 06039 06040 NTKERNELAPI 06041 NTSTATUS 06042 NTAPI 06043 IoQueryVolumeInformation( 06044 _In_ PFILE_OBJECT FileObject, 06045 _In_ FS_INFORMATION_CLASS FsInformationClass, 06046 _In_ ULONG Length, 06047 _Out_ PVOID FsInformation, 06048 _Out_ PULONG ReturnedLength); 06049 06050 NTKERNELAPI 06051 VOID 06052 NTAPI 06053 IoQueueThreadIrp( 06054 _In_ PIRP Irp); 06055 06056 NTKERNELAPI 06057 VOID 06058 NTAPI 06059 IoRegisterFileSystem( 06060 _In_ __drv_aliasesMem PDEVICE_OBJECT DeviceObject); 06061 06062 NTKERNELAPI 06063 NTSTATUS 06064 NTAPI 06065 IoRegisterFsRegistrationChange( 06066 _In_ PDRIVER_OBJECT DriverObject, 06067 _In_ PDRIVER_FS_NOTIFICATION DriverNotificationRoutine); 06068 06069 NTKERNELAPI 06070 VOID 06071 NTAPI 06072 IoReleaseVpbSpinLock( 06073 _In_ KIRQL Irql); 06074 06075 NTKERNELAPI 06076 VOID 06077 NTAPI 06078 IoSetDeviceToVerify( 06079 _In_ PETHREAD Thread, 06080 _In_opt_ PDEVICE_OBJECT DeviceObject); 06081 06082 NTKERNELAPI 06083 NTSTATUS 06084 NTAPI 06085 IoSetInformation( 06086 _In_ PFILE_OBJECT FileObject, 06087 _In_ FILE_INFORMATION_CLASS FileInformationClass, 06088 _In_ ULONG Length, 06089 _In_ PVOID FileInformation); 06090 06091 NTKERNELAPI 06092 VOID 06093 NTAPI 06094 IoSetTopLevelIrp( 06095 _In_opt_ PIRP Irp); 06096 06097 NTKERNELAPI 06098 NTSTATUS 06099 NTAPI 06100 IoSynchronousPageWrite( 06101 _In_ PFILE_OBJECT FileObject, 06102 _In_ PMDL Mdl, 06103 _In_ PLARGE_INTEGER FileOffset, 06104 _In_ PKEVENT Event, 06105 _Out_ PIO_STATUS_BLOCK IoStatusBlock); 06106 06107 NTKERNELAPI 06108 PEPROCESS 06109 NTAPI 06110 IoThreadToProcess( 06111 _In_ PETHREAD Thread); 06112 06113 NTKERNELAPI 06114 VOID 06115 NTAPI 06116 IoUnregisterFileSystem( 06117 _In_ PDEVICE_OBJECT DeviceObject); 06118 06119 NTKERNELAPI 06120 VOID 06121 NTAPI 06122 IoUnregisterFsRegistrationChange( 06123 _In_ PDRIVER_OBJECT DriverObject, 06124 _In_ PDRIVER_FS_NOTIFICATION DriverNotificationRoutine); 06125 06126 NTKERNELAPI 06127 NTSTATUS 06128 NTAPI 06129 IoVerifyVolume( 06130 _In_ PDEVICE_OBJECT DeviceObject, 06131 _In_ BOOLEAN AllowRawMount); 06132 06133 NTKERNELAPI 06134 NTSTATUS 06135 NTAPI 06136 IoGetRequestorSessionId( 06137 _In_ PIRP Irp, 06138 _Out_ PULONG pSessionId); 06139 06140 #endif /* (NTDDI_VERSION >= NTDDI_WIN2K) */ 06141 06142 06143 #if (NTDDI_VERSION >= NTDDI_WINXP) 06144 06145 06146 NTKERNELAPI 06147 PFILE_OBJECT 06148 NTAPI 06149 IoCreateStreamFileObjectEx( 06150 _In_opt_ PFILE_OBJECT FileObject, 06151 _In_opt_ PDEVICE_OBJECT DeviceObject, 06152 _Out_opt_ PHANDLE FileObjectHandle); 06153 06154 NTKERNELAPI 06155 NTSTATUS 06156 NTAPI 06157 IoQueryFileDosDeviceName( 06158 _In_ PFILE_OBJECT FileObject, 06159 _Out_ POBJECT_NAME_INFORMATION *ObjectNameInformation); 06160 06161 NTKERNELAPI 06162 NTSTATUS 06163 NTAPI 06164 IoEnumerateDeviceObjectList( 06165 _In_ PDRIVER_OBJECT DriverObject, 06166 _Out_writes_bytes_to_opt_(DeviceObjectListSize,(*ActualNumberDeviceObjects)*sizeof(PDEVICE_OBJECT)) 06167 PDEVICE_OBJECT *DeviceObjectList, 06168 _In_ ULONG DeviceObjectListSize, 06169 _Out_ PULONG ActualNumberDeviceObjects); 06170 06171 NTKERNELAPI 06172 PDEVICE_OBJECT 06173 NTAPI 06174 IoGetLowerDeviceObject( 06175 _In_ PDEVICE_OBJECT DeviceObject); 06176 06177 NTKERNELAPI 06178 PDEVICE_OBJECT 06179 NTAPI 06180 IoGetDeviceAttachmentBaseRef( 06181 _In_ PDEVICE_OBJECT DeviceObject); 06182 06183 NTKERNELAPI 06184 NTSTATUS 06185 NTAPI 06186 IoGetDiskDeviceObject( 06187 _In_ PDEVICE_OBJECT FileSystemDeviceObject, 06188 _Out_ PDEVICE_OBJECT *DiskDeviceObject); 06189 06190 #endif /* (NTDDI_VERSION >= NTDDI_WINXP) */ 06191 06192 #if (NTDDI_VERSION >= NTDDI_WS03SP1) 06193 06194 06195 NTKERNELAPI 06196 NTSTATUS 06197 NTAPI 06198 IoEnumerateRegisteredFiltersList( 06199 _Out_writes_bytes_to_opt_(DriverObjectListSize,(*ActualNumberDriverObjects)*sizeof(PDRIVER_OBJECT)) 06200 PDRIVER_OBJECT *DriverObjectList, 06201 _In_ ULONG DriverObjectListSize, 06202 _Out_ PULONG ActualNumberDriverObjects); 06203 #endif /* (NTDDI_VERSION >= NTDDI_WS03SP1) */ 06204 06205 #if (NTDDI_VERSION >= NTDDI_VISTA) 06206 06207 FORCEINLINE 06208 VOID 06209 NTAPI 06210 IoInitializePriorityInfo( 06211 _In_ PIO_PRIORITY_INFO PriorityInfo) 06212 { 06213 PriorityInfo->Size = sizeof(IO_PRIORITY_INFO); 06214 PriorityInfo->ThreadPriority = 0xffff; 06215 PriorityInfo->IoPriority = IoPriorityNormal; 06216 PriorityInfo->PagePriority = 0; 06217 } 06218 #endif /* (NTDDI_VERSION >= NTDDI_VISTA) */ 06219 06220 #if (NTDDI_VERSION >= NTDDI_WIN7) 06221 06222 06223 NTKERNELAPI 06224 NTSTATUS 06225 NTAPI 06226 IoRegisterFsRegistrationChangeMountAware( 06227 _In_ PDRIVER_OBJECT DriverObject, 06228 _In_ PDRIVER_FS_NOTIFICATION DriverNotificationRoutine, 06229 _In_ BOOLEAN SynchronizeWithMounts); 06230 06231 NTKERNELAPI 06232 NTSTATUS 06233 NTAPI 06234 IoReplaceFileObjectName( 06235 _In_ PFILE_OBJECT FileObject, 06236 _In_reads_bytes_(FileNameLength) PWSTR NewFileName, 06237 _In_ USHORT FileNameLength); 06238 #endif /* (NTDDI_VERSION >= NTDDI_WIN7) */ 06239 06240 06241 #define PO_CB_SYSTEM_POWER_POLICY 0 06242 #define PO_CB_AC_STATUS 1 06243 #define PO_CB_BUTTON_COLLISION 2 06244 #define PO_CB_SYSTEM_STATE_LOCK 3 06245 #define PO_CB_LID_SWITCH_STATE 4 06246 #define PO_CB_PROCESSOR_POWER_POLICY 5 06247 06248 06249 #if (NTDDI_VERSION >= NTDDI_WINXP) 06250 _IRQL_requires_max_(APC_LEVEL) 06251 NTKERNELAPI 06252 NTSTATUS 06253 NTAPI 06254 PoQueueShutdownWorkItem( 06255 _Inout_ __drv_aliasesMem PWORK_QUEUE_ITEM WorkItem); 06256 #endif 06257 /****************************************************************************** 06258 * Memory manager Types * 06259 ******************************************************************************/ 06260 typedef enum _MMFLUSH_TYPE { 06261 MmFlushForDelete, 06262 MmFlushForWrite 06263 } MMFLUSH_TYPE; 06264 06265 typedef struct _READ_LIST { 06266 PFILE_OBJECT FileObject; 06267 ULONG NumberOfEntries; 06268 LOGICAL IsImage; 06269 FILE_SEGMENT_ELEMENT List[ANYSIZE_ARRAY]; 06270 } READ_LIST, *PREAD_LIST; 06271 06272 #if (NTDDI_VERSION >= NTDDI_WINXP) 06273 06274 typedef union _MM_PREFETCH_FLAGS { 06275 struct { 06276 ULONG Priority : SYSTEM_PAGE_PRIORITY_BITS; 06277 ULONG RepurposePriority : SYSTEM_PAGE_PRIORITY_BITS; 06278 } Flags; 06279 ULONG AllFlags; 06280 } MM_PREFETCH_FLAGS, *PMM_PREFETCH_FLAGS; 06281 06282 #define MM_PREFETCH_FLAGS_MASK ((1 << (2*SYSTEM_PAGE_PRIORITY_BITS)) - 1) 06283 06284 #endif /* (NTDDI_VERSION >= NTDDI_WINXP) */ 06285 06286 #define HEAP_NO_SERIALIZE 0x00000001 06287 #define HEAP_GROWABLE 0x00000002 06288 #define HEAP_GENERATE_EXCEPTIONS 0x00000004 06289 #define HEAP_ZERO_MEMORY 0x00000008 06290 #define HEAP_REALLOC_IN_PLACE_ONLY 0x00000010 06291 #define HEAP_TAIL_CHECKING_ENABLED 0x00000020 06292 #define HEAP_FREE_CHECKING_ENABLED 0x00000040 06293 #define HEAP_DISABLE_COALESCE_ON_FREE 0x00000080 06294 06295 #define HEAP_CREATE_ALIGN_16 0x00010000 06296 #define HEAP_CREATE_ENABLE_TRACING 0x00020000 06297 #define HEAP_CREATE_ENABLE_EXECUTE 0x00040000 06298 06299 #define HEAP_SETTABLE_USER_VALUE 0x00000100 06300 #define HEAP_SETTABLE_USER_FLAG1 0x00000200 06301 #define HEAP_SETTABLE_USER_FLAG2 0x00000400 06302 #define HEAP_SETTABLE_USER_FLAG3 0x00000800 06303 #define HEAP_SETTABLE_USER_FLAGS 0x00000E00 06304 06305 #define HEAP_CLASS_0 0x00000000 06306 #define HEAP_CLASS_1 0x00001000 06307 #define HEAP_CLASS_2 0x00002000 06308 #define HEAP_CLASS_3 0x00003000 06309 #define HEAP_CLASS_4 0x00004000 06310 #define HEAP_CLASS_5 0x00005000 06311 #define HEAP_CLASS_6 0x00006000 06312 #define HEAP_CLASS_7 0x00007000 06313 #define HEAP_CLASS_8 0x00008000 06314 #define HEAP_CLASS_MASK 0x0000F000 06315 06316 #define HEAP_MAXIMUM_TAG 0x0FFF 06317 #define HEAP_GLOBAL_TAG 0x0800 06318 #define HEAP_PSEUDO_TAG_FLAG 0x8000 06319 #define HEAP_TAG_SHIFT 18 06320 #define HEAP_TAG_MASK (HEAP_MAXIMUM_TAG << HEAP_TAG_SHIFT) 06321 06322 #define HEAP_CREATE_VALID_MASK (HEAP_NO_SERIALIZE | \ 06323 HEAP_GROWABLE | \ 06324 HEAP_GENERATE_EXCEPTIONS | \ 06325 HEAP_ZERO_MEMORY | \ 06326 HEAP_REALLOC_IN_PLACE_ONLY | \ 06327 HEAP_TAIL_CHECKING_ENABLED | \ 06328 HEAP_FREE_CHECKING_ENABLED | \ 06329 HEAP_DISABLE_COALESCE_ON_FREE | \ 06330 HEAP_CLASS_MASK | \ 06331 HEAP_CREATE_ALIGN_16 | \ 06332 HEAP_CREATE_ENABLE_TRACING | \ 06333 HEAP_CREATE_ENABLE_EXECUTE) 06334 06335 /****************************************************************************** 06336 * Memory manager Functions * 06337 ******************************************************************************/ 06338 06339 FORCEINLINE 06340 ULONG 06341 HEAP_MAKE_TAG_FLAGS( 06342 _In_ ULONG TagBase, 06343 _In_ ULONG Tag) 06344 { 06345 //__assume_bound(TagBase); // FIXME 06346 return ((ULONG)((TagBase) + ((Tag) << HEAP_TAG_SHIFT))); 06347 } 06348 06349 #if (NTDDI_VERSION >= NTDDI_WIN2K) 06350 06351 NTKERNELAPI 06352 BOOLEAN 06353 NTAPI 06354 MmIsRecursiveIoFault(VOID); 06355 06356 _IRQL_requires_max_ (APC_LEVEL) 06357 NTKERNELAPI 06358 BOOLEAN 06359 NTAPI 06360 MmForceSectionClosed( 06361 _In_ PSECTION_OBJECT_POINTERS SectionObjectPointer, 06362 _In_ BOOLEAN DelayClose); 06363 06364 _IRQL_requires_max_ (APC_LEVEL) 06365 NTKERNELAPI 06366 BOOLEAN 06367 NTAPI 06368 MmFlushImageSection( 06369 _In_ PSECTION_OBJECT_POINTERS SectionObjectPointer, 06370 _In_ MMFLUSH_TYPE FlushType); 06371 06372 _IRQL_requires_max_ (APC_LEVEL) 06373 NTKERNELAPI 06374 BOOLEAN 06375 NTAPI 06376 MmCanFileBeTruncated( 06377 _In_ PSECTION_OBJECT_POINTERS SectionObjectPointer, 06378 _In_opt_ PLARGE_INTEGER NewFileSize); 06379 06380 _IRQL_requires_max_ (APC_LEVEL) 06381 NTKERNELAPI 06382 BOOLEAN 06383 NTAPI 06384 MmSetAddressRangeModified( 06385 _In_reads_bytes_ (Length) PVOID Address, 06386 _In_ SIZE_T Length); 06387 06388 #endif /* (NTDDI_VERSION >= NTDDI_WIN2K) */ 06389 06390 #if (NTDDI_VERSION >= NTDDI_WINXP) 06391 06392 06393 _IRQL_requires_max_ (PASSIVE_LEVEL) 06394 NTKERNELAPI 06395 NTSTATUS 06396 NTAPI 06397 MmPrefetchPages( 06398 _In_ ULONG NumberOfLists, 06399 _In_reads_ (NumberOfLists) PREAD_LIST *ReadLists); 06400 06401 #endif /* (NTDDI_VERSION >= NTDDI_WINXP) */ 06402 06403 06404 #if (NTDDI_VERSION >= NTDDI_VISTA) 06405 06406 _IRQL_requires_max_ (APC_LEVEL) 06407 NTKERNELAPI 06408 ULONG 06409 NTAPI 06410 MmDoesFileHaveUserWritableReferences( 06411 _In_ PSECTION_OBJECT_POINTERS SectionPointer); 06412 #endif /* (NTDDI_VERSION >= NTDDI_VISTA) */ 06413 06414 06415 #if (NTDDI_VERSION >= NTDDI_WIN2K) 06416 06417 NTKERNELAPI 06418 NTSTATUS 06419 NTAPI 06420 ObInsertObject( 06421 _In_ PVOID Object, 06422 _Inout_opt_ PACCESS_STATE PassedAccessState, 06423 _In_opt_ ACCESS_MASK DesiredAccess, 06424 _In_ ULONG ObjectPointerBias, 06425 _Out_opt_ PVOID *NewObject, 06426 _Out_opt_ PHANDLE Handle); 06427 06428 NTKERNELAPI 06429 NTSTATUS 06430 NTAPI 06431 ObOpenObjectByPointer( 06432 _In_ PVOID Object, 06433 _In_ ULONG HandleAttributes, 06434 _In_opt_ PACCESS_STATE PassedAccessState, 06435 _In_ ACCESS_MASK DesiredAccess, 06436 _In_opt_ POBJECT_TYPE ObjectType, 06437 _In_ KPROCESSOR_MODE AccessMode, 06438 _Out_ PHANDLE Handle); 06439 06440 NTKERNELAPI 06441 VOID 06442 NTAPI 06443 ObMakeTemporaryObject( 06444 _In_ PVOID Object); 06445 06446 NTKERNELAPI 06447 NTSTATUS 06448 NTAPI 06449 ObQueryNameString( 06450 _In_ PVOID Object, 06451 _Out_writes_bytes_opt_(Length) POBJECT_NAME_INFORMATION ObjectNameInfo, 06452 _In_ ULONG Length, 06453 _Out_ PULONG ReturnLength); 06454 06455 NTKERNELAPI 06456 NTSTATUS 06457 NTAPI 06458 ObQueryObjectAuditingByHandle( 06459 _In_ HANDLE Handle, 06460 _Out_ PBOOLEAN GenerateOnClose); 06461 #endif /* (NTDDI_VERSION >= NTDDI_WIN2K) */ 06462 06463 #if (NTDDI_VERSION >= NTDDI_VISTA) 06464 06465 NTKERNELAPI 06466 BOOLEAN 06467 NTAPI 06468 ObIsKernelHandle( 06469 _In_ HANDLE Handle); 06470 #endif 06471 06472 06473 #if (NTDDI_VERSION >= NTDDI_WIN7) 06474 06475 NTKERNELAPI 06476 NTSTATUS 06477 NTAPI 06478 ObOpenObjectByPointerWithTag( 06479 _In_ PVOID Object, 06480 _In_ ULONG HandleAttributes, 06481 _In_opt_ PACCESS_STATE PassedAccessState, 06482 _In_ ACCESS_MASK DesiredAccess, 06483 _In_opt_ POBJECT_TYPE ObjectType, 06484 _In_ KPROCESSOR_MODE AccessMode, 06485 _In_ ULONG Tag, 06486 _Out_ PHANDLE Handle); 06487 #endif /* (NTDDI_VERSION >= NTDDI_WIN7) */ 06488 06489 /* FSRTL Types */ 06490 06491 typedef ULONG LBN; 06492 typedef LBN *PLBN; 06493 06494 typedef ULONG VBN; 06495 typedef VBN *PVBN; 06496 06497 #define FSRTL_COMMON_FCB_HEADER_LAYOUT \ 06498 CSHORT NodeTypeCode; \ 06499 CSHORT NodeByteSize; \ 06500 UCHAR Flags; \ 06501 UCHAR IsFastIoPossible; \ 06502 UCHAR Flags2; \ 06503 UCHAR Reserved:4; \ 06504 UCHAR Version:4; \ 06505 PERESOURCE Resource; \ 06506 PERESOURCE PagingIoResource; \ 06507 LARGE_INTEGER AllocationSize; \ 06508 LARGE_INTEGER FileSize; \ 06509 LARGE_INTEGER ValidDataLength; 06510 06511 typedef struct _FSRTL_COMMON_FCB_HEADER { 06512 FSRTL_COMMON_FCB_HEADER_LAYOUT 06513 } FSRTL_COMMON_FCB_HEADER, *PFSRTL_COMMON_FCB_HEADER; 06514 06515 #ifdef __cplusplus 06516 typedef struct _FSRTL_ADVANCED_FCB_HEADER:FSRTL_COMMON_FCB_HEADER { 06517 #else /* __cplusplus */ 06518 typedef struct _FSRTL_ADVANCED_FCB_HEADER { 06519 FSRTL_COMMON_FCB_HEADER_LAYOUT 06520 #endif /* __cplusplus */ 06521 PFAST_MUTEX FastMutex; 06522 LIST_ENTRY FilterContexts; 06523 #if (NTDDI_VERSION >= NTDDI_VISTA) 06524 EX_PUSH_LOCK PushLock; 06525 PVOID *FileContextSupportPointer; 06526 #endif 06527 } FSRTL_ADVANCED_FCB_HEADER, *PFSRTL_ADVANCED_FCB_HEADER; 06528 06529 #define FSRTL_FCB_HEADER_V0 (0x00) 06530 #define FSRTL_FCB_HEADER_V1 (0x01) 06531 06532 #define FSRTL_FLAG_FILE_MODIFIED (0x01) 06533 #define FSRTL_FLAG_FILE_LENGTH_CHANGED (0x02) 06534 #define FSRTL_FLAG_LIMIT_MODIFIED_PAGES (0x04) 06535 #define FSRTL_FLAG_ACQUIRE_MAIN_RSRC_EX (0x08) 06536 #define FSRTL_FLAG_ACQUIRE_MAIN_RSRC_SH (0x10) 06537 #define FSRTL_FLAG_USER_MAPPED_FILE (0x20) 06538 #define FSRTL_FLAG_ADVANCED_HEADER (0x40) 06539 #define FSRTL_FLAG_EOF_ADVANCE_ACTIVE (0x80) 06540 06541 #define FSRTL_FLAG2_DO_MODIFIED_WRITE (0x01) 06542 #define FSRTL_FLAG2_SUPPORTS_FILTER_CONTEXTS (0x02) 06543 #define FSRTL_FLAG2_PURGE_WHEN_MAPPED (0x04) 06544 #define FSRTL_FLAG2_IS_PAGING_FILE (0x08) 06545 06546 #define FSRTL_FSP_TOP_LEVEL_IRP (0x01) 06547 #define FSRTL_CACHE_TOP_LEVEL_IRP (0x02) 06548 #define FSRTL_MOD_WRITE_TOP_LEVEL_IRP (0x03) 06549 #define FSRTL_FAST_IO_TOP_LEVEL_IRP (0x04) 06550 #define FSRTL_NETWORK1_TOP_LEVEL_IRP ((LONG_PTR)0x05) 06551 #define FSRTL_NETWORK2_TOP_LEVEL_IRP ((LONG_PTR)0x06) 06552 #define FSRTL_MAX_TOP_LEVEL_IRP_FLAG ((LONG_PTR)0xFFFF) 06553 06554 typedef struct _FSRTL_AUXILIARY_BUFFER { 06555 PVOID Buffer; 06556 ULONG Length; 06557 ULONG Flags; 06558 PMDL Mdl; 06559 } FSRTL_AUXILIARY_BUFFER, *PFSRTL_AUXILIARY_BUFFER; 06560 06561 #define FSRTL_AUXILIARY_FLAG_DEALLOCATE 0x00000001 06562 06563 typedef enum _FSRTL_COMPARISON_RESULT { 06564 LessThan = -1, 06565 EqualTo = 0, 06566 GreaterThan = 1 06567 } FSRTL_COMPARISON_RESULT; 06568 06569 #define FSRTL_FAT_LEGAL 0x01 06570 #define FSRTL_HPFS_LEGAL 0x02 06571 #define FSRTL_NTFS_LEGAL 0x04 06572 #define FSRTL_WILD_CHARACTER 0x08 06573 #define FSRTL_OLE_LEGAL 0x10 06574 #define FSRTL_NTFS_STREAM_LEGAL (FSRTL_NTFS_LEGAL | FSRTL_OLE_LEGAL) 06575 06576 #define FSRTL_VOLUME_DISMOUNT 1 06577 #define FSRTL_VOLUME_DISMOUNT_FAILED 2 06578 #define FSRTL_VOLUME_LOCK 3 06579 #define FSRTL_VOLUME_LOCK_FAILED 4 06580 #define FSRTL_VOLUME_UNLOCK 5 06581 #define FSRTL_VOLUME_MOUNT 6 06582 #define FSRTL_VOLUME_NEEDS_CHKDSK 7 06583 #define FSRTL_VOLUME_WORM_NEAR_FULL 8 06584 #define FSRTL_VOLUME_WEARING_OUT 9 06585 #define FSRTL_VOLUME_FORCED_CLOSED 10 06586 #define FSRTL_VOLUME_INFO_MAKE_COMPAT 11 06587 #define FSRTL_VOLUME_PREPARING_EJECT 12 06588 #define FSRTL_VOLUME_CHANGE_SIZE 13 06589 #define FSRTL_VOLUME_BACKGROUND_FORMAT 14 06590 06591 typedef VOID 06592 (NTAPI *PFSRTL_STACK_OVERFLOW_ROUTINE)( 06593 _In_ PVOID Context, 06594 _In_ PKEVENT Event); 06595 06596 #if (NTDDI_VERSION >= NTDDI_VISTA) 06597 06598 #define FSRTL_UNC_PROVIDER_FLAGS_MAILSLOTS_SUPPORTED 0x00000001 06599 #define FSRTL_UNC_PROVIDER_FLAGS_CSC_ENABLED 0x00000002 06600 #define FSRTL_UNC_PROVIDER_FLAGS_DOMAIN_SVC_AWARE 0x00000004 06601 06602 #define FSRTL_ALLOCATE_ECPLIST_FLAG_CHARGE_QUOTA 0x00000001 06603 06604 #define FSRTL_ALLOCATE_ECP_FLAG_CHARGE_QUOTA 0x00000001 06605 #define FSRTL_ALLOCATE_ECP_FLAG_NONPAGED_POOL 0x00000002 06606 06607 #define FSRTL_ECP_LOOKASIDE_FLAG_NONPAGED_POOL 0x00000002 06608 06609 #define FSRTL_VIRTDISK_FULLY_ALLOCATED 0x00000001 06610 #define FSRTL_VIRTDISK_NO_DRIVE_LETTER 0x00000002 06611 06612 typedef struct _FSRTL_MUP_PROVIDER_INFO_LEVEL_1 { 06613 ULONG32 ProviderId; 06614 } FSRTL_MUP_PROVIDER_INFO_LEVEL_1, *PFSRTL_MUP_PROVIDER_INFO_LEVEL_1; 06615 06616 typedef struct _FSRTL_MUP_PROVIDER_INFO_LEVEL_2 { 06617 ULONG32 ProviderId; 06618 UNICODE_STRING ProviderName; 06619 } FSRTL_MUP_PROVIDER_INFO_LEVEL_2, *PFSRTL_MUP_PROVIDER_INFO_LEVEL_2; 06620 06621 typedef VOID 06622 (*PFSRTL_EXTRA_CREATE_PARAMETER_CLEANUP_CALLBACK) ( 06623 _Inout_ PVOID EcpContext, 06624 _In_ LPCGUID EcpType); 06625 06626 typedef struct _ECP_LIST ECP_LIST, *PECP_LIST; 06627 06628 typedef ULONG FSRTL_ALLOCATE_ECPLIST_FLAGS; 06629 typedef ULONG FSRTL_ALLOCATE_ECP_FLAGS; 06630 typedef ULONG FSRTL_ECP_LOOKASIDE_FLAGS; 06631 06632 typedef enum _FSRTL_CHANGE_BACKING_TYPE { 06633 ChangeDataControlArea, 06634 ChangeImageControlArea, 06635 ChangeSharedCacheMap 06636 } FSRTL_CHANGE_BACKING_TYPE, *PFSRTL_CHANGE_BACKING_TYPE; 06637 06638 #endif /* (NTDDI_VERSION >= NTDDI_VISTA) */ 06639 06640 typedef struct _FSRTL_PER_FILE_CONTEXT { 06641 LIST_ENTRY Links; 06642 PVOID OwnerId; 06643 PVOID InstanceId; 06644 PFREE_FUNCTION FreeCallback; 06645 } FSRTL_PER_FILE_CONTEXT, *PFSRTL_PER_FILE_CONTEXT; 06646 06647 typedef struct _FSRTL_PER_STREAM_CONTEXT { 06648 LIST_ENTRY Links; 06649 PVOID OwnerId; 06650 PVOID InstanceId; 06651 PFREE_FUNCTION FreeCallback; 06652 } FSRTL_PER_STREAM_CONTEXT, *PFSRTL_PER_STREAM_CONTEXT; 06653 06654 #if (NTDDI_VERSION >= NTDDI_WIN2K) 06655 typedef VOID 06656 (*PFN_FSRTLTEARDOWNPERSTREAMCONTEXTS) ( 06657 _In_ PFSRTL_ADVANCED_FCB_HEADER AdvancedHeader); 06658 #endif 06659 06660 typedef struct _FSRTL_PER_FILEOBJECT_CONTEXT { 06661 LIST_ENTRY Links; 06662 PVOID OwnerId; 06663 PVOID InstanceId; 06664 } FSRTL_PER_FILEOBJECT_CONTEXT, *PFSRTL_PER_FILEOBJECT_CONTEXT; 06665 06666 #define FSRTL_CC_FLUSH_ERROR_FLAG_NO_HARD_ERROR 0x1 06667 #define FSRTL_CC_FLUSH_ERROR_FLAG_NO_LOG_ENTRY 0x2 06668 06669 typedef NTSTATUS 06670 (NTAPI *PCOMPLETE_LOCK_IRP_ROUTINE) ( 06671 _In_ PVOID Context, 06672 _In_ PIRP Irp); 06673 06674 typedef struct _FILE_LOCK_INFO { 06675 LARGE_INTEGER StartingByte; 06676 LARGE_INTEGER Length; 06677 BOOLEAN ExclusiveLock; 06678 ULONG Key; 06679 PFILE_OBJECT FileObject; 06680 PVOID ProcessId; 06681 LARGE_INTEGER EndingByte; 06682 } FILE_LOCK_INFO, *PFILE_LOCK_INFO; 06683 06684 typedef VOID 06685 (NTAPI *PUNLOCK_ROUTINE) ( 06686 _In_ PVOID Context, 06687 _In_ PFILE_LOCK_INFO FileLockInfo); 06688 06689 typedef struct _FILE_LOCK { 06690 PCOMPLETE_LOCK_IRP_ROUTINE CompleteLockIrpRoutine; 06691 PUNLOCK_ROUTINE UnlockRoutine; 06692 BOOLEAN FastIoIsQuestionable; 06693 BOOLEAN SpareC[3]; 06694 PVOID LockInformation; 06695 FILE_LOCK_INFO LastReturnedLockInfo; 06696 PVOID LastReturnedLock; 06697 LONG volatile LockRequestsInProgress; 06698 } FILE_LOCK, *PFILE_LOCK; 06699 06700 typedef struct _TUNNEL { 06701 FAST_MUTEX Mutex; 06702 PRTL_SPLAY_LINKS Cache; 06703 LIST_ENTRY TimerQueue; 06704 USHORT NumEntries; 06705 } TUNNEL, *PTUNNEL; 06706 06707 typedef struct _BASE_MCB { 06708 ULONG MaximumPairCount; 06709 ULONG PairCount; 06710 USHORT PoolType; 06711 USHORT Flags; 06712 PVOID Mapping; 06713 } BASE_MCB, *PBASE_MCB; 06714 06715 typedef struct _LARGE_MCB { 06716 PKGUARDED_MUTEX GuardedMutex; 06717 BASE_MCB BaseMcb; 06718 } LARGE_MCB, *PLARGE_MCB; 06719 06720 #define MCB_FLAG_RAISE_ON_ALLOCATION_FAILURE 1 06721 06722 typedef struct _MCB { 06723 LARGE_MCB DummyFieldThatSizesThisStructureCorrectly; 06724 } MCB, *PMCB; 06725 06726 typedef enum _FAST_IO_POSSIBLE { 06727 FastIoIsNotPossible = 0, 06728 FastIoIsPossible, 06729 FastIoIsQuestionable 06730 } FAST_IO_POSSIBLE; 06731 06732 typedef struct _EOF_WAIT_BLOCK { 06733 LIST_ENTRY EofWaitLinks; 06734 KEVENT Event; 06735 } EOF_WAIT_BLOCK, *PEOF_WAIT_BLOCK; 06736 06737 typedef PVOID OPLOCK, *POPLOCK; 06738 06739 typedef VOID 06740 (NTAPI *POPLOCK_WAIT_COMPLETE_ROUTINE) ( 06741 _In_ PVOID Context, 06742 _In_ PIRP Irp); 06743 06744 typedef VOID 06745 (NTAPI *POPLOCK_FS_PREPOST_IRP) ( 06746 _In_ PVOID Context, 06747 _In_ PIRP Irp); 06748 06749 #if (NTDDI_VERSION >= NTDDI_VISTASP1) 06750 #define OPLOCK_FLAG_COMPLETE_IF_OPLOCKED 0x00000001 06751 #endif 06752 06753 #if (NTDDI_VERSION >= NTDDI_WIN7) 06754 #define OPLOCK_FLAG_OPLOCK_KEY_CHECK_ONLY 0x00000002 06755 #define OPLOCK_FLAG_BACK_OUT_ATOMIC_OPLOCK 0x00000004 06756 #define OPLOCK_FLAG_IGNORE_OPLOCK_KEYS 0x00000008 06757 #define OPLOCK_FSCTRL_FLAG_ALL_KEYS_MATCH 0x00000001 06758 #endif 06759 06760 #if (NTDDI_VERSION >= NTDDI_WIN7) 06761 06762 typedef struct _OPLOCK_KEY_ECP_CONTEXT { 06763 GUID OplockKey; 06764 ULONG Reserved; 06765 } OPLOCK_KEY_ECP_CONTEXT, *POPLOCK_KEY_ECP_CONTEXT; 06766 06767 DEFINE_GUID(GUID_ECP_OPLOCK_KEY, 0x48850596, 0x3050, 0x4be7, 0x98, 0x63, 0xfe, 0xc3, 0x50, 0xce, 0x8d, 0x7f); 06768 06769 #endif 06770 06771 typedef PVOID PNOTIFY_SYNC; 06772 06773 #if (NTDDI_VERSION >= NTDDI_WIN7) 06774 typedef struct _ECP_HEADER ECP_HEADER, *PECP_HEADER; 06775 #endif 06776 06777 typedef BOOLEAN 06778 (NTAPI *PCHECK_FOR_TRAVERSE_ACCESS) ( 06779 _In_ PVOID NotifyContext, 06780 _In_opt_ PVOID TargetContext, 06781 _In_ PSECURITY_SUBJECT_CONTEXT SubjectContext); 06782 06783 typedef BOOLEAN 06784 (NTAPI *PFILTER_REPORT_CHANGE) ( 06785 _In_ PVOID NotifyContext, 06786 _In_ PVOID FilterContext); 06787 /* FSRTL Functions */ 06788 06789 #define FsRtlEnterFileSystem KeEnterCriticalRegion 06790 #define FsRtlExitFileSystem KeLeaveCriticalRegion 06791 06792 #if (NTDDI_VERSION >= NTDDI_WIN2K) 06793 06794 _Must_inspect_result_ 06795 _IRQL_requires_max_(PASSIVE_LEVEL) 06796 NTKERNELAPI 06797 BOOLEAN 06798 NTAPI 06799 FsRtlCopyRead( 06800 _In_ PFILE_OBJECT FileObject, 06801 _In_ PLARGE_INTEGER FileOffset, 06802 _In_ ULONG Length, 06803 _In_ BOOLEAN Wait, 06804 _In_ ULONG LockKey, 06805 _Out_writes_bytes_(Length) PVOID Buffer, 06806 _Out_ PIO_STATUS_BLOCK IoStatus, 06807 _In_ PDEVICE_OBJECT DeviceObject); 06808 06809 _Must_inspect_result_ 06810 _IRQL_requires_max_(PASSIVE_LEVEL) 06811 NTKERNELAPI 06812 BOOLEAN 06813 NTAPI 06814 FsRtlCopyWrite( 06815 _In_ PFILE_OBJECT FileObject, 06816 _In_ PLARGE_INTEGER FileOffset, 06817 _In_ ULONG Length, 06818 _In_ BOOLEAN Wait, 06819 _In_ ULONG LockKey, 06820 _In_reads_bytes_(Length) PVOID Buffer, 06821 _Out_ PIO_STATUS_BLOCK IoStatus, 06822 _In_ PDEVICE_OBJECT DeviceObject); 06823 06824 _Must_inspect_result_ 06825 _IRQL_requires_max_(APC_LEVEL) 06826 NTKERNELAPI 06827 BOOLEAN 06828 NTAPI 06829 FsRtlMdlReadDev( 06830 _In_ PFILE_OBJECT FileObject, 06831 _In_ PLARGE_INTEGER FileOffset, 06832 _In_ ULONG Length, 06833 _In_ ULONG LockKey, 06834 _Outptr_ PMDL *MdlChain, 06835 _Out_ PIO_STATUS_BLOCK IoStatus, 06836 _In_opt_ PDEVICE_OBJECT DeviceObject); 06837 06838 _IRQL_requires_max_(PASSIVE_LEVEL) 06839 NTKERNELAPI 06840 BOOLEAN 06841 NTAPI 06842 FsRtlMdlReadCompleteDev( 06843 _In_ PFILE_OBJECT FileObject, 06844 _In_ PMDL MdlChain, 06845 _In_opt_ PDEVICE_OBJECT DeviceObject); 06846 06847 _Must_inspect_result_ 06848 _IRQL_requires_max_(APC_LEVEL) 06849 NTKERNELAPI 06850 BOOLEAN 06851 NTAPI 06852 FsRtlPrepareMdlWriteDev( 06853 _In_ PFILE_OBJECT FileObject, 06854 _In_ PLARGE_INTEGER FileOffset, 06855 _In_ ULONG Length, 06856 _In_ ULONG LockKey, 06857 _Outptr_ PMDL *MdlChain, 06858 _Out_ PIO_STATUS_BLOCK IoStatus, 06859 _In_ PDEVICE_OBJECT DeviceObject); 06860 06861 _Must_inspect_result_ 06862 _IRQL_requires_max_(PASSIVE_LEVEL) 06863 NTKERNELAPI 06864 BOOLEAN 06865 NTAPI 06866 FsRtlMdlWriteCompleteDev( 06867 _In_ PFILE_OBJECT FileObject, 06868 _In_ PLARGE_INTEGER FileOffset, 06869 _In_ PMDL MdlChain, 06870 _In_opt_ PDEVICE_OBJECT DeviceObject); 06871 06872 _IRQL_requires_max_(PASSIVE_LEVEL) 06873 NTKERNELAPI 06874 VOID 06875 NTAPI 06876 FsRtlAcquireFileExclusive( 06877 _In_ PFILE_OBJECT FileObject); 06878 06879 _IRQL_requires_max_(APC_LEVEL) 06880 NTKERNELAPI 06881 VOID 06882 NTAPI 06883 FsRtlReleaseFile( 06884 _In_ PFILE_OBJECT FileObject); 06885 06886 _Must_inspect_result_ 06887 _IRQL_requires_max_(PASSIVE_LEVEL) 06888 NTKERNELAPI 06889 NTSTATUS 06890 NTAPI 06891 FsRtlGetFileSize( 06892 _In_ PFILE_OBJECT FileObject, 06893 _Out_ PLARGE_INTEGER FileSize); 06894 06895 _Must_inspect_result_ 06896 NTKERNELAPI 06897 BOOLEAN 06898 NTAPI 06899 FsRtlIsTotalDeviceFailure( 06900 _In_ NTSTATUS Status); 06901 06902 _Must_inspect_result_ 06903 _IRQL_requires_max_(APC_LEVEL) 06904 NTKERNELAPI 06905 PFILE_LOCK 06906 NTAPI 06907 FsRtlAllocateFileLock( 06908 _In_opt_ PCOMPLETE_LOCK_IRP_ROUTINE CompleteLockIrpRoutine, 06909 _In_opt_ PUNLOCK_ROUTINE UnlockRoutine); 06910 06911 _IRQL_requires_max_(APC_LEVEL) 06912 NTKERNELAPI 06913 VOID 06914 NTAPI 06915 FsRtlFreeFileLock( 06916 _In_ PFILE_LOCK FileLock); 06917 06918 _IRQL_requires_max_(APC_LEVEL) 06919 NTKERNELAPI 06920 VOID 06921 NTAPI 06922 FsRtlInitializeFileLock( 06923 _Out_ PFILE_LOCK FileLock, 06924 _In_opt_ PCOMPLETE_LOCK_IRP_ROUTINE CompleteLockIrpRoutine, 06925 _In_opt_ PUNLOCK_ROUTINE UnlockRoutine); 06926 06927 _IRQL_requires_max_(APC_LEVEL) 06928 NTKERNELAPI 06929 VOID 06930 NTAPI 06931 FsRtlUninitializeFileLock( 06932 _Inout_ PFILE_LOCK FileLock); 06933 06934 /* 06935 FsRtlProcessFileLock: 06936 06937 ret: 06938 -STATUS_INVALID_DEVICE_REQUEST 06939 -STATUS_RANGE_NOT_LOCKED from unlock routines. 06940 -STATUS_PENDING, STATUS_LOCK_NOT_GRANTED from FsRtlPrivateLock 06941 (redirected IoStatus->Status). 06942 06943 Internals: 06944 -switch ( Irp->CurrentStackLocation->MinorFunction ) 06945 lock: return FsRtlPrivateLock; 06946 unlocksingle: return FsRtlFastUnlockSingle; 06947 unlockall: return FsRtlFastUnlockAll; 06948 unlockallbykey: return FsRtlFastUnlockAllByKey; 06949 default: IofCompleteRequest with STATUS_INVALID_DEVICE_REQUEST; 06950 return STATUS_INVALID_DEVICE_REQUEST; 06951 06952 -'AllwaysZero' is passed thru as 'AllwaysZero' to lock / unlock routines. 06953 -'Irp' is passet thru as 'Irp' to FsRtlPrivateLock. 06954 */ 06955 _Must_inspect_result_ 06956 _IRQL_requires_max_(APC_LEVEL) 06957 NTKERNELAPI 06958 NTSTATUS 06959 NTAPI 06960 FsRtlProcessFileLock( 06961 _In_ PFILE_LOCK FileLock, 06962 _In_ PIRP Irp, 06963 _In_opt_ PVOID Context); 06964 06965 /* 06966 FsRtlCheckLockForReadAccess: 06967 06968 All this really does is pick out the lock parameters from the irp (io stack 06969 location?), get IoGetRequestorProcess, and pass values on to 06970 FsRtlFastCheckLockForRead. 06971 */ 06972 _Must_inspect_result_ 06973 _IRQL_requires_max_(APC_LEVEL) 06974 NTKERNELAPI 06975 BOOLEAN 06976 NTAPI 06977 FsRtlCheckLockForReadAccess( 06978 _In_ PFILE_LOCK FileLock, 06979 _In_ PIRP Irp); 06980 06981 /* 06982 FsRtlCheckLockForWriteAccess: 06983 06984 All this really does is pick out the lock parameters from the irp (io stack 06985 location?), get IoGetRequestorProcess, and pass values on to 06986 FsRtlFastCheckLockForWrite. 06987 */ 06988 _Must_inspect_result_ 06989 _IRQL_requires_max_(APC_LEVEL) 06990 NTKERNELAPI 06991 BOOLEAN 06992 NTAPI 06993 FsRtlCheckLockForWriteAccess( 06994 _In_ PFILE_LOCK FileLock, 06995 _In_ PIRP Irp); 06996 06997 _Must_inspect_result_ 06998 _IRQL_requires_max_(APC_LEVEL) 06999 NTKERNELAPI 07000 BOOLEAN 07001 NTAPI 07002 FsRtlFastCheckLockForRead( 07003 _In_ PFILE_LOCK FileLock, 07004 _In_ PLARGE_INTEGER FileOffset, 07005 _In_ PLARGE_INTEGER Length, 07006 _In_ ULONG Key, 07007 _In_ PFILE_OBJECT FileObject, 07008 _In_ PVOID Process); 07009 07010 _Must_inspect_result_ 07011 _IRQL_requires_max_(APC_LEVEL) 07012 NTKERNELAPI 07013 BOOLEAN 07014 NTAPI 07015 FsRtlFastCheckLockForWrite( 07016 _In_ PFILE_LOCK FileLock, 07017 _In_ PLARGE_INTEGER FileOffset, 07018 _In_ PLARGE_INTEGER Length, 07019 _In_ ULONG Key, 07020 _In_ PFILE_OBJECT FileObject, 07021 _In_ PVOID Process); 07022 07023 /* 07024 FsRtlGetNextFileLock: 07025 07026 ret: NULL if no more locks 07027 07028 Internals: 07029 FsRtlGetNextFileLock uses FileLock->LastReturnedLockInfo and 07030 FileLock->LastReturnedLock as storage. 07031 LastReturnedLock is a pointer to the 'raw' lock inkl. double linked 07032 list, and FsRtlGetNextFileLock needs this to get next lock on subsequent 07033 calls with Restart = FALSE. 07034 */ 07035 _Must_inspect_result_ 07036 _IRQL_requires_max_(APC_LEVEL) 07037 NTKERNELAPI 07038 PFILE_LOCK_INFO 07039 NTAPI 07040 FsRtlGetNextFileLock( 07041 _In_ PFILE_LOCK FileLock, 07042 _In_ BOOLEAN Restart); 07043 07044 _IRQL_requires_max_(APC_LEVEL) 07045 NTKERNELAPI 07046 NTSTATUS 07047 NTAPI 07048 FsRtlFastUnlockSingle( 07049 _In_ PFILE_LOCK FileLock, 07050 _In_ PFILE_OBJECT FileObject, 07051 _In_ PLARGE_INTEGER FileOffset, 07052 _In_ PLARGE_INTEGER Length, 07053 _In_ PEPROCESS Process, 07054 _In_ ULONG Key, 07055 _In_opt_ PVOID Context, 07056 _In_ BOOLEAN AlreadySynchronized); 07057 07058 _IRQL_requires_max_(APC_LEVEL) 07059 NTKERNELAPI 07060 NTSTATUS 07061 NTAPI 07062 FsRtlFastUnlockAll( 07063 _In_ PFILE_LOCK FileLock, 07064 _In_ PFILE_OBJECT FileObject, 07065 _In_ PEPROCESS Process, 07066 _In_opt_ PVOID Context); 07067 07068 _IRQL_requires_max_(APC_LEVEL) 07069 NTKERNELAPI 07070 NTSTATUS 07071 NTAPI 07072 FsRtlFastUnlockAllByKey( 07073 _In_ PFILE_LOCK FileLock, 07074 _In_ PFILE_OBJECT FileObject, 07075 _In_ PEPROCESS Process, 07076 _In_ ULONG Key, 07077 _In_opt_ PVOID Context); 07078 07079 /* 07080 FsRtlPrivateLock: 07081 07082 ret: IoStatus->Status: STATUS_PENDING, STATUS_LOCK_NOT_GRANTED 07083 07084 Internals: 07085 -Calls IoCompleteRequest if Irp 07086 -Uses exception handling / ExRaiseStatus with STATUS_INSUFFICIENT_RESOURCES 07087 */ 07088 _Must_inspect_result_ 07089 _IRQL_requires_max_(APC_LEVEL) 07090 __drv_preferredFunction(FsRtlFastLock, "Obsolete") 07091 NTKERNELAPI 07092 BOOLEAN 07093 NTAPI 07094 FsRtlPrivateLock( 07095 _In_ PFILE_LOCK FileLock, 07096 _In_ PFILE_OBJECT FileObject, 07097 _In_ PLARGE_INTEGER FileOffset, 07098 _In_ PLARGE_INTEGER Length, 07099 _In_ PEPROCESS Process, 07100 _In_ ULONG Key, 07101 _In_ BOOLEAN FailImmediately, 07102 _In_ BOOLEAN ExclusiveLock, 07103 _Out_ PIO_STATUS_BLOCK IoStatus, 07104 _In_opt_ PIRP Irp, 07105 _In_opt_ __drv_aliasesMem PVOID Context, 07106 _In_ BOOLEAN AlreadySynchronized); 07107 07108 _IRQL_requires_max_(APC_LEVEL) 07109 NTKERNELAPI 07110 VOID 07111 NTAPI 07112 FsRtlInitializeTunnelCache( 07113 _In_ PTUNNEL Cache); 07114 07115 _IRQL_requires_max_(APC_LEVEL) 07116 NTKERNELAPI 07117 VOID 07118 NTAPI 07119 FsRtlAddToTunnelCache( 07120 _In_ PTUNNEL Cache, 07121 _In_ ULONGLONG DirectoryKey, 07122 _In_ PUNICODE_STRING ShortName, 07123 _In_ PUNICODE_STRING LongName, 07124 _In_ BOOLEAN KeyByShortName, 07125 _In_ ULONG DataLength, 07126 _In_reads_bytes_(DataLength) PVOID Data); 07127 07128 _Must_inspect_result_ 07129 _IRQL_requires_max_(APC_LEVEL) 07130 NTKERNELAPI 07131 BOOLEAN 07132 NTAPI 07133 FsRtlFindInTunnelCache( 07134 _In_ PTUNNEL Cache, 07135 _In_ ULONGLONG DirectoryKey, 07136 _In_ PUNICODE_STRING Name, 07137 _Out_ PUNICODE_STRING ShortName, 07138 _Out_ PUNICODE_STRING LongName, 07139 _Inout_ PULONG DataLength, 07140 _Out_writes_bytes_to_(*DataLength, *DataLength) PVOID Data); 07141 07142 _IRQL_requires_max_(APC_LEVEL) 07143 NTKERNELAPI 07144 VOID 07145 NTAPI 07146 FsRtlDeleteKeyFromTunnelCache( 07147 _In_ PTUNNEL Cache, 07148 _In_ ULONGLONG DirectoryKey); 07149 07150 _IRQL_requires_max_(APC_LEVEL) 07151 NTKERNELAPI 07152 VOID 07153 NTAPI 07154 FsRtlDeleteTunnelCache( 07155 _In_ PTUNNEL Cache); 07156 07157 _IRQL_requires_max_(APC_LEVEL) 07158 NTKERNELAPI 07159 VOID 07160 NTAPI 07161 FsRtlDissectDbcs( 07162 _In_ ANSI_STRING Name, 07163 _Out_ PANSI_STRING FirstPart, 07164 _Out_ PANSI_STRING RemainingPart); 07165 07166 _Must_inspect_result_ 07167 _IRQL_requires_max_(APC_LEVEL) 07168 NTKERNELAPI 07169 BOOLEAN 07170 NTAPI 07171 FsRtlDoesDbcsContainWildCards( 07172 _In_ PANSI_STRING Name); 07173 07174 _Must_inspect_result_ 07175 _IRQL_requires_max_(APC_LEVEL) 07176 NTKERNELAPI 07177 BOOLEAN 07178 NTAPI 07179 FsRtlIsDbcsInExpression( 07180 _In_ PANSI_STRING Expression, 07181 _In_ PANSI_STRING Name); 07182 07183 _Must_inspect_result_ 07184 _IRQL_requires_max_(APC_LEVEL) 07185 NTKERNELAPI 07186 BOOLEAN 07187 NTAPI 07188 FsRtlIsFatDbcsLegal( 07189 _In_ ANSI_STRING DbcsName, 07190 _In_ BOOLEAN WildCardsPermissible, 07191 _In_ BOOLEAN PathNamePermissible, 07192 _In_ BOOLEAN LeadingBackslashPermissible); 07193 07194 _Must_inspect_result_ 07195 _IRQL_requires_max_(APC_LEVEL) 07196 NTKERNELAPI 07197 BOOLEAN 07198 NTAPI 07199 FsRtlIsHpfsDbcsLegal( 07200 _In_ ANSI_STRING DbcsName, 07201 _In_ BOOLEAN WildCardsPermissible, 07202 _In_ BOOLEAN PathNamePermissible, 07203 _In_ BOOLEAN LeadingBackslashPermissible); 07204 07205 NTKERNELAPI 07206 NTSTATUS 07207 NTAPI 07208 FsRtlNormalizeNtstatus( 07209 _In_ NTSTATUS Exception, 07210 _In_ NTSTATUS GenericException); 07211 07212 _Must_inspect_result_ 07213 NTKERNELAPI 07214 BOOLEAN 07215 NTAPI 07216 FsRtlIsNtstatusExpected( 07217 _In_ NTSTATUS Ntstatus); 07218 07219 _IRQL_requires_max_(APC_LEVEL) 07220 __drv_preferredFunction(ExAllocateFromNPagedLookasideList, "The FsRtlAllocateResource routine is obsolete, but is exported to support existing driver binaries. Use ExAllocateFromNPagedLookasideList and ExInitializeResourceLite instead.") 07221 NTKERNELAPI 07222 PERESOURCE 07223 NTAPI 07224 FsRtlAllocateResource(VOID); 07225 07226 _IRQL_requires_max_(APC_LEVEL) 07227 NTKERNELAPI 07228 VOID 07229 NTAPI 07230 FsRtlInitializeLargeMcb( 07231 _Out_ PLARGE_MCB Mcb, 07232 _In_ POOL_TYPE PoolType); 07233 07234 _IRQL_requires_max_(APC_LEVEL) 07235 NTKERNELAPI 07236 VOID 07237 NTAPI 07238 FsRtlUninitializeLargeMcb( 07239 _Inout_ PLARGE_MCB Mcb); 07240 07241 _IRQL_requires_max_(APC_LEVEL) 07242 NTKERNELAPI 07243 VOID 07244 NTAPI 07245 FsRtlResetLargeMcb( 07246 _Inout_ PLARGE_MCB Mcb, 07247 _In_ BOOLEAN SelfSynchronized); 07248 07249 _IRQL_requires_max_(APC_LEVEL) 07250 NTKERNELAPI 07251 VOID 07252 NTAPI 07253 FsRtlTruncateLargeMcb( 07254 _Inout_ PLARGE_MCB Mcb, 07255 _In_ LONGLONG Vbn); 07256 07257 _Must_inspect_result_ 07258 _IRQL_requires_max_(APC_LEVEL) 07259 NTKERNELAPI 07260 BOOLEAN 07261 NTAPI 07262 FsRtlAddLargeMcbEntry( 07263 _Inout_ PLARGE_MCB Mcb, 07264 _In_ LONGLONG Vbn, 07265 _In_ LONGLONG Lbn, 07266 _In_ LONGLONG SectorCount); 07267 07268 _IRQL_requires_max_(APC_LEVEL) 07269 NTKERNELAPI 07270 VOID 07271 NTAPI 07272 FsRtlRemoveLargeMcbEntry( 07273 _Inout_ PLARGE_MCB Mcb, 07274 _In_ LONGLONG Vbn, 07275 _In_ LONGLONG SectorCount); 07276 07277 _IRQL_requires_max_(APC_LEVEL) 07278 NTKERNELAPI 07279 BOOLEAN 07280 NTAPI 07281 FsRtlLookupLargeMcbEntry( 07282 _In_ PLARGE_MCB Mcb, 07283 _In_ LONGLONG Vbn, 07284 _Out_opt_ PLONGLONG Lbn, 07285 _Out_opt_ PLONGLONG SectorCountFromLbn, 07286 _Out_opt_ PLONGLONG StartingLbn, 07287 _Out_opt_ PLONGLONG SectorCountFromStartingLbn, 07288 _Out_opt_ PULONG Index); 07289 07290 _IRQL_requires_max_(APC_LEVEL) 07291 NTKERNELAPI 07292 BOOLEAN 07293 NTAPI 07294 FsRtlLookupLastLargeMcbEntry( 07295 _In_ PLARGE_MCB Mcb, 07296 _Out_ PLONGLONG Vbn, 07297 _Out_ PLONGLONG Lbn); 07298 07299 _IRQL_requires_max_(APC_LEVEL) 07300 NTKERNELAPI 07301 BOOLEAN 07302 NTAPI 07303 FsRtlLookupLastLargeMcbEntryAndIndex( 07304 _In_ PLARGE_MCB OpaqueMcb, 07305 _Out_ PLONGLONG LargeVbn, 07306 _Out_ PLONGLONG LargeLbn, 07307 _Out_ PULONG Index); 07308 07309 _IRQL_requires_max_(APC_LEVEL) 07310 NTKERNELAPI 07311 ULONG 07312 NTAPI 07313 FsRtlNumberOfRunsInLargeMcb( 07314 _In_ PLARGE_MCB Mcb); 07315 07316 _Must_inspect_result_ 07317 _IRQL_requires_max_(APC_LEVEL) 07318 NTKERNELAPI 07319 BOOLEAN 07320 NTAPI 07321 FsRtlGetNextLargeMcbEntry( 07322 _In_ PLARGE_MCB Mcb, 07323 _In_ ULONG RunIndex, 07324 _Out_ PLONGLONG Vbn, 07325 _Out_ PLONGLONG Lbn, 07326 _Out_ PLONGLONG SectorCount); 07327 07328 _Must_inspect_result_ 07329 _IRQL_requires_max_(APC_LEVEL) 07330 NTKERNELAPI 07331 BOOLEAN 07332 NTAPI 07333 FsRtlSplitLargeMcb( 07334 _Inout_ PLARGE_MCB Mcb, 07335 _In_ LONGLONG Vbn, 07336 _In_ LONGLONG Amount); 07337 07338 _IRQL_requires_max_(APC_LEVEL) 07339 __drv_preferredFunction(FsRtlInitializeLargeMcb, "Obsolete") 07340 NTKERNELAPI 07341 VOID 07342 NTAPI 07343 FsRtlInitializeMcb( 07344 _Out_ PMCB Mcb, 07345 _In_ POOL_TYPE PoolType); 07346 07347 _IRQL_requires_max_(APC_LEVEL) 07348 NTKERNELAPI 07349 VOID 07350 NTAPI 07351 FsRtlUninitializeMcb( 07352 _Inout_ PMCB Mcb); 07353 07354 _IRQL_requires_max_(APC_LEVEL) 07355 NTKERNELAPI 07356 VOID 07357 NTAPI 07358 FsRtlTruncateMcb( 07359 _Inout_ PMCB Mcb, 07360 _In_ VBN Vbn); 07361 07362 _IRQL_requires_max_(APC_LEVEL) 07363 NTKERNELAPI 07364 BOOLEAN 07365 NTAPI 07366 FsRtlAddMcbEntry( 07367 _Inout_ PMCB Mcb, 07368 _In_ VBN Vbn, 07369 _In_ LBN Lbn, 07370 _In_ ULONG SectorCount); 07371 07372 _IRQL_requires_max_(APC_LEVEL) 07373 NTKERNELAPI 07374 VOID 07375 NTAPI 07376 FsRtlRemoveMcbEntry( 07377 _Inout_ PMCB Mcb, 07378 _In_ VBN Vbn, 07379 _In_ ULONG SectorCount); 07380 07381 _IRQL_requires_max_(APC_LEVEL) 07382 NTKERNELAPI 07383 BOOLEAN 07384 NTAPI 07385 FsRtlLookupMcbEntry( 07386 _In_ PMCB Mcb, 07387 _In_ VBN Vbn, 07388 _Out_ PLBN Lbn, 07389 _Out_opt_ PULONG SectorCount, 07390 _Out_ PULONG Index); 07391 07392 _IRQL_requires_max_(APC_LEVEL) 07393 NTKERNELAPI 07394 BOOLEAN 07395 NTAPI 07396 FsRtlLookupLastMcbEntry( 07397 _In_ PMCB Mcb, 07398 _Out_ PVBN Vbn, 07399 _Out_ PLBN Lbn); 07400 07401 _IRQL_requires_max_(APC_LEVEL) 07402 NTKERNELAPI 07403 ULONG 07404 NTAPI 07405 FsRtlNumberOfRunsInMcb( 07406 _In_ PMCB Mcb); 07407 07408 _Must_inspect_result_ 07409 _IRQL_requires_max_(APC_LEVEL) 07410 NTKERNELAPI 07411 BOOLEAN 07412 NTAPI 07413 FsRtlGetNextMcbEntry( 07414 _In_ PMCB Mcb, 07415 _In_ ULONG RunIndex, 07416 _Out_ PVBN Vbn, 07417 _Out_ PLBN Lbn, 07418 _Out_ PULONG SectorCount); 07419 07420 _IRQL_requires_max_(PASSIVE_LEVEL) 07421 NTKERNELAPI 07422 NTSTATUS 07423 NTAPI 07424 FsRtlBalanceReads( 07425 _In_ PDEVICE_OBJECT TargetDevice); 07426 07427 _IRQL_requires_max_(APC_LEVEL) 07428 NTKERNELAPI 07429 VOID 07430 NTAPI 07431 FsRtlInitializeOplock( 07432 _Inout_ POPLOCK Oplock); 07433 07434 _IRQL_requires_max_(APC_LEVEL) 07435 NTKERNELAPI 07436 VOID 07437 NTAPI 07438 FsRtlUninitializeOplock( 07439 _Inout_ POPLOCK Oplock); 07440 07441 _Must_inspect_result_ 07442 _IRQL_requires_max_(APC_LEVEL) 07443 NTKERNELAPI 07444 NTSTATUS 07445 NTAPI 07446 FsRtlOplockFsctrl( 07447 _In_ POPLOCK Oplock, 07448 _In_ PIRP Irp, 07449 _In_ ULONG OpenCount); 07450 07451 _When_(CompletionRoutine != NULL, _Must_inspect_result_) 07452 _IRQL_requires_max_(APC_LEVEL) 07453 NTKERNELAPI 07454 NTSTATUS 07455 NTAPI 07456 FsRtlCheckOplock( 07457 _In_ POPLOCK Oplock, 07458 _In_ PIRP Irp, 07459 _In_opt_ PVOID Context, 07460 _In_opt_ POPLOCK_WAIT_COMPLETE_ROUTINE CompletionRoutine, 07461 _In_opt_ POPLOCK_FS_PREPOST_IRP PostIrpRoutine); 07462 07463 _Must_inspect_result_ 07464 _IRQL_requires_max_(APC_LEVEL) 07465 NTKERNELAPI 07466 BOOLEAN 07467 NTAPI 07468 FsRtlOplockIsFastIoPossible( 07469 _In_ POPLOCK Oplock); 07470 07471 _Must_inspect_result_ 07472 _IRQL_requires_max_(APC_LEVEL) 07473 NTKERNELAPI 07474 BOOLEAN 07475 NTAPI 07476 FsRtlCurrentBatchOplock( 07477 _In_ POPLOCK Oplock); 07478 07479 _IRQL_requires_max_(APC_LEVEL) 07480 NTKERNELAPI 07481 NTSTATUS 07482 NTAPI 07483 FsRtlNotifyVolumeEvent( 07484 _In_ PFILE_OBJECT FileObject, 07485 _In_ ULONG EventCode); 07486 07487 _IRQL_requires_max_(APC_LEVEL) 07488 NTKERNELAPI 07489 VOID 07490 NTAPI 07491 FsRtlNotifyInitializeSync( 07492 _In_ PNOTIFY_SYNC *NotifySync); 07493 07494 _IRQL_requires_max_(APC_LEVEL) 07495 NTKERNELAPI 07496 VOID 07497 NTAPI 07498 FsRtlNotifyUninitializeSync( 07499 _In_ PNOTIFY_SYNC *NotifySync); 07500 07501 _IRQL_requires_max_(PASSIVE_LEVEL) 07502 NTKERNELAPI 07503 VOID 07504 NTAPI 07505 FsRtlNotifyFullChangeDirectory( 07506 _In_ PNOTIFY_SYNC NotifySync, 07507 _In_ PLIST_ENTRY NotifyList, 07508 _In_ PVOID FsContext, 07509 _In_ PSTRING FullDirectoryName, 07510 _In_ BOOLEAN WatchTree, 07511 _In_ BOOLEAN IgnoreBuffer, 07512 _In_ ULONG CompletionFilter, 07513 _In_opt_ PIRP NotifyIrp, 07514 _In_opt_ PCHECK_FOR_TRAVERSE_ACCESS TraverseCallback, 07515 _In_opt_ PSECURITY_SUBJECT_CONTEXT SubjectContext); 07516 07517 _IRQL_requires_max_(PASSIVE_LEVEL) 07518 NTKERNELAPI 07519 VOID 07520 NTAPI 07521 FsRtlNotifyFilterReportChange( 07522 _In_ PNOTIFY_SYNC NotifySync, 07523 _In_ PLIST_ENTRY NotifyList, 07524 _In_ PSTRING FullTargetName, 07525 _In_ USHORT TargetNameOffset, 07526 _In_opt_ PSTRING StreamName, 07527 _In_opt_ PSTRING NormalizedParentName, 07528 _In_ ULONG FilterMatch, 07529 _In_ ULONG Action, 07530 _In_opt_ PVOID TargetContext, 07531 _In_opt_ PVOID FilterContext); 07532 07533 _IRQL_requires_max_(PASSIVE_LEVEL) 07534 NTKERNELAPI 07535 VOID 07536 NTAPI 07537 FsRtlNotifyFullReportChange( 07538 _In_ PNOTIFY_SYNC NotifySync, 07539 _In_ PLIST_ENTRY NotifyList, 07540 _In_ PSTRING FullTargetName, 07541 _In_ USHORT TargetNameOffset, 07542 _In_opt_ PSTRING StreamName, 07543 _In_opt_ PSTRING NormalizedParentName, 07544 _In_ ULONG FilterMatch, 07545 _In_ ULONG Action, 07546 _In_opt_ PVOID TargetContext); 07547 07548 _IRQL_requires_max_(APC_LEVEL) 07549 NTKERNELAPI 07550 VOID 07551 NTAPI 07552 FsRtlNotifyCleanup( 07553 _In_ PNOTIFY_SYNC NotifySync, 07554 _In_ PLIST_ENTRY NotifyList, 07555 _In_ PVOID FsContext); 07556 07557 _IRQL_requires_max_(PASSIVE_LEVEL) 07558 NTKERNELAPI 07559 VOID 07560 NTAPI 07561 FsRtlDissectName( 07562 _In_ UNICODE_STRING Name, 07563 _Out_ PUNICODE_STRING FirstPart, 07564 _Out_ PUNICODE_STRING RemainingPart); 07565 07566 _Must_inspect_result_ 07567 _IRQL_requires_max_(PASSIVE_LEVEL) 07568 NTKERNELAPI 07569 BOOLEAN 07570 NTAPI 07571 FsRtlDoesNameContainWildCards( 07572 _In_ PUNICODE_STRING Name); 07573 07574 _Must_inspect_result_ 07575 _IRQL_requires_max_(PASSIVE_LEVEL) 07576 NTKERNELAPI 07577 BOOLEAN 07578 NTAPI 07579 FsRtlAreNamesEqual( 07580 _In_ PCUNICODE_STRING Name1, 07581 _In_ PCUNICODE_STRING Name2, 07582 _In_ BOOLEAN IgnoreCase, 07583 _In_reads_opt_(0x10000) PCWCH UpcaseTable); 07584 07585 _Must_inspect_result_ 07586 _IRQL_requires_max_(PASSIVE_LEVEL) 07587 NTKERNELAPI 07588 BOOLEAN 07589 NTAPI 07590 FsRtlIsNameInExpression( 07591 _In_ PUNICODE_STRING Expression, 07592 _In_ PUNICODE_STRING Name, 07593 _In_ BOOLEAN IgnoreCase, 07594 _In_opt_ PWCHAR UpcaseTable); 07595 07596 _IRQL_requires_max_(DISPATCH_LEVEL) 07597 NTKERNELAPI 07598 VOID 07599 NTAPI 07600 FsRtlPostPagingFileStackOverflow( 07601 _In_ PVOID Context, 07602 _In_ PKEVENT Event, 07603 _In_ PFSRTL_STACK_OVERFLOW_ROUTINE StackOverflowRoutine); 07604 07605 _IRQL_requires_max_(DISPATCH_LEVEL) 07606 NTKERNELAPI 07607 VOID 07608 NTAPI 07609 FsRtlPostStackOverflow ( 07610 _In_ PVOID Context, 07611 _In_ PKEVENT Event, 07612 _In_ PFSRTL_STACK_OVERFLOW_ROUTINE StackOverflowRoutine); 07613 07614 _Must_inspect_result_ 07615 _IRQL_requires_max_(PASSIVE_LEVEL) 07616 NTKERNELAPI 07617 NTSTATUS 07618 NTAPI 07619 FsRtlRegisterUncProvider( 07620 _Out_ PHANDLE MupHandle, 07621 _In_ PUNICODE_STRING RedirectorDeviceName, 07622 _In_ BOOLEAN MailslotsSupported); 07623 07624 _IRQL_requires_max_(PASSIVE_LEVEL) 07625 NTKERNELAPI 07626 VOID 07627 NTAPI 07628 FsRtlDeregisterUncProvider( 07629 _In_ HANDLE Handle); 07630 07631 _IRQL_requires_max_(APC_LEVEL) 07632 NTKERNELAPI 07633 VOID 07634 NTAPI 07635 FsRtlTeardownPerStreamContexts( 07636 _In_ PFSRTL_ADVANCED_FCB_HEADER AdvancedHeader); 07637 07638 _Must_inspect_result_ 07639 _IRQL_requires_max_(APC_LEVEL) 07640 NTKERNELAPI 07641 NTSTATUS 07642 NTAPI 07643 FsRtlCreateSectionForDataScan( 07644 _Out_ PHANDLE SectionHandle, 07645 _Outptr_ PVOID *SectionObject, 07646 _Out_opt_ PLARGE_INTEGER SectionFileSize, 07647 _In_ PFILE_OBJECT FileObject, 07648 _In_ ACCESS_MASK DesiredAccess, 07649 _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, 07650 _In_opt_ PLARGE_INTEGER MaximumSize, 07651 _In_ ULONG SectionPageProtection, 07652 _In_ ULONG AllocationAttributes, 07653 _In_ ULONG Flags); 07654 07655 #endif /* (NTDDI_VERSION >= NTDDI_WIN2K) */ 07656 07657 #if (NTDDI_VERSION >= NTDDI_WINXP) 07658 07659 _IRQL_requires_max_(PASSIVE_LEVEL) 07660 NTKERNELAPI 07661 VOID 07662 NTAPI 07663 FsRtlNotifyFilterChangeDirectory( 07664 _In_ PNOTIFY_SYNC NotifySync, 07665 _In_ PLIST_ENTRY NotifyList, 07666 _In_ PVOID FsContext, 07667 _In_ PSTRING FullDirectoryName, 07668 _In_ BOOLEAN WatchTree, 07669 _In_ BOOLEAN IgnoreBuffer, 07670 _In_ ULONG CompletionFilter, 07671 _In_opt_ PIRP NotifyIrp, 07672 _In_opt_ PCHECK_FOR_TRAVERSE_ACCESS TraverseCallback, 07673 _In_opt_ PSECURITY_SUBJECT_CONTEXT SubjectContext, 07674 _In_opt_ PFILTER_REPORT_CHANGE FilterCallback); 07675 07676 _Must_inspect_result_ 07677 _IRQL_requires_max_(APC_LEVEL) 07678 NTKERNELAPI 07679 NTSTATUS 07680 NTAPI 07681 FsRtlInsertPerStreamContext( 07682 _In_ PFSRTL_ADVANCED_FCB_HEADER PerStreamContext, 07683 _In_ PFSRTL_PER_STREAM_CONTEXT Ptr); 07684 07685 _Must_inspect_result_ 07686 _IRQL_requires_max_(APC_LEVEL) 07687 NTKERNELAPI 07688 PFSRTL_PER_STREAM_CONTEXT 07689 NTAPI 07690 FsRtlLookupPerStreamContextInternal( 07691 _In_ PFSRTL_ADVANCED_FCB_HEADER StreamContext, 07692 _In_opt_ PVOID OwnerId, 07693 _In_opt_ PVOID InstanceId); 07694 07695 _Must_inspect_result_ 07696 _IRQL_requires_max_(APC_LEVEL) 07697 NTKERNELAPI 07698 PFSRTL_PER_STREAM_CONTEXT 07699 NTAPI 07700 FsRtlRemovePerStreamContext( 07701 _In_ PFSRTL_ADVANCED_FCB_HEADER StreamContext, 07702 _In_opt_ PVOID OwnerId, 07703 _In_opt_ PVOID InstanceId); 07704 07705 NTKERNELAPI 07706 VOID 07707 NTAPI 07708 FsRtlIncrementCcFastReadNotPossible( 07709 VOID); 07710 07711 NTKERNELAPI 07712 VOID 07713 NTAPI 07714 FsRtlIncrementCcFastReadWait(VOID); 07715 07716 NTKERNELAPI 07717 VOID 07718 NTAPI 07719 FsRtlIncrementCcFastReadNoWait(VOID); 07720 07721 NTKERNELAPI 07722 VOID 07723 NTAPI 07724 FsRtlIncrementCcFastReadResourceMiss(VOID); 07725 07726 _IRQL_requires_max_(APC_LEVEL) 07727 NTKERNELAPI 07728 LOGICAL 07729 NTAPI 07730 FsRtlIsPagingFile( 07731 _In_ PFILE_OBJECT FileObject); 07732 07733 #endif /* (NTDDI_VERSION >= NTDDI_WINXP) */ 07734 07735 #if (NTDDI_VERSION >= NTDDI_WS03) 07736 07737 _IRQL_requires_max_(APC_LEVEL) 07738 NTKERNELAPI 07739 VOID 07740 NTAPI 07741 FsRtlInitializeBaseMcb( 07742 _Out_ PBASE_MCB Mcb, 07743 _In_ POOL_TYPE PoolType); 07744 07745 _IRQL_requires_max_(APC_LEVEL) 07746 NTKERNELAPI 07747 VOID 07748 NTAPI 07749 FsRtlUninitializeBaseMcb( 07750 _In_ PBASE_MCB Mcb); 07751 07752 _IRQL_requires_max_(APC_LEVEL) 07753 NTKERNELAPI 07754 VOID 07755 NTAPI 07756 FsRtlResetBaseMcb( 07757 _Out_ PBASE_MCB Mcb); 07758 07759 _IRQL_requires_max_(APC_LEVEL) 07760 NTKERNELAPI 07761 VOID 07762 NTAPI 07763 FsRtlTruncateBaseMcb( 07764 _Inout_ PBASE_MCB Mcb, 07765 _In_ LONGLONG Vbn); 07766 07767 _IRQL_requires_max_(APC_LEVEL) 07768 NTKERNELAPI 07769 BOOLEAN 07770 NTAPI 07771 FsRtlAddBaseMcbEntry( 07772 _Inout_ PBASE_MCB Mcb, 07773 _In_ LONGLONG Vbn, 07774 _In_ LONGLONG Lbn, 07775 _In_ LONGLONG SectorCount); 07776 07777 _IRQL_requires_max_(APC_LEVEL) 07778 NTKERNELAPI 07779 BOOLEAN 07780 NTAPI 07781 FsRtlRemoveBaseMcbEntry( 07782 _Inout_ PBASE_MCB Mcb, 07783 _In_ LONGLONG Vbn, 07784 _In_ LONGLONG SectorCount); 07785 07786 _IRQL_requires_max_(APC_LEVEL) 07787 NTKERNELAPI 07788 BOOLEAN 07789 NTAPI 07790 FsRtlLookupBaseMcbEntry( 07791 _In_ PBASE_MCB Mcb, 07792 _In_ LONGLONG Vbn, 07793 _Out_opt_ PLONGLONG Lbn, 07794 _Out_opt_ PLONGLONG SectorCountFromLbn, 07795 _Out_opt_ PLONGLONG StartingLbn, 07796 _Out_opt_ PLONGLONG SectorCountFromStartingLbn, 07797 _Out_opt_ PULONG Index); 07798 07799 _IRQL_requires_max_(APC_LEVEL) 07800 NTKERNELAPI 07801 BOOLEAN 07802 NTAPI 07803 FsRtlLookupLastBaseMcbEntry( 07804 _In_ PBASE_MCB Mcb, 07805 _Out_ PLONGLONG Vbn, 07806 _Out_ PLONGLONG Lbn); 07807 07808 _IRQL_requires_max_(APC_LEVEL) 07809 NTKERNELAPI 07810 BOOLEAN 07811 NTAPI 07812 FsRtlLookupLastBaseMcbEntryAndIndex( 07813 _In_ PBASE_MCB OpaqueMcb, 07814 _Inout_ PLONGLONG LargeVbn, 07815 _Inout_ PLONGLONG LargeLbn, 07816 _Inout_ PULONG Index); 07817 07818 _IRQL_requires_max_(APC_LEVEL) 07819 NTKERNELAPI 07820 ULONG 07821 NTAPI 07822 FsRtlNumberOfRunsInBaseMcb( 07823 _In_ PBASE_MCB Mcb); 07824 07825 _IRQL_requires_max_(APC_LEVEL) 07826 NTKERNELAPI 07827 BOOLEAN 07828 NTAPI 07829 FsRtlGetNextBaseMcbEntry( 07830 _In_ PBASE_MCB Mcb, 07831 _In_ ULONG RunIndex, 07832 _Out_ PLONGLONG Vbn, 07833 _Out_ PLONGLONG Lbn, 07834 _Out_ PLONGLONG SectorCount); 07835 07836 _IRQL_requires_max_(APC_LEVEL) 07837 NTKERNELAPI 07838 BOOLEAN 07839 NTAPI 07840 FsRtlSplitBaseMcb( 07841 _Inout_ PBASE_MCB Mcb, 07842 _In_ LONGLONG Vbn, 07843 _In_ LONGLONG Amount); 07844 07845 #endif /* (NTDDI_VERSION >= NTDDI_WS03) */ 07846 07847 #if (NTDDI_VERSION >= NTDDI_VISTA) 07848 07849 _When_(!Flags & MCB_FLAG_RAISE_ON_ALLOCATION_FAILURE, _Must_inspect_result_) 07850 _IRQL_requires_max_(APC_LEVEL) 07851 BOOLEAN 07852 NTAPI 07853 FsRtlInitializeBaseMcbEx( 07854 _Out_ PBASE_MCB Mcb, 07855 _In_ POOL_TYPE PoolType, 07856 _In_ USHORT Flags); 07857 07858 _Must_inspect_result_ 07859 _IRQL_requires_max_(APC_LEVEL) 07860 NTSTATUS 07861 NTAPI 07862 FsRtlAddBaseMcbEntryEx( 07863 _Inout_ PBASE_MCB Mcb, 07864 _In_ LONGLONG Vbn, 07865 _In_ LONGLONG Lbn, 07866 _In_ LONGLONG SectorCount); 07867 07868 _Must_inspect_result_ 07869 _IRQL_requires_max_(APC_LEVEL) 07870 NTKERNELAPI 07871 BOOLEAN 07872 NTAPI 07873 FsRtlCurrentOplock( 07874 _In_ POPLOCK Oplock); 07875 07876 _Must_inspect_result_ 07877 _IRQL_requires_max_(APC_LEVEL) 07878 NTKERNELAPI 07879 NTSTATUS 07880 NTAPI 07881 FsRtlOplockBreakToNone( 07882 _Inout_ POPLOCK Oplock, 07883 _In_opt_ PIO_STACK_LOCATION IrpSp, 07884 _In_ PIRP Irp, 07885 _In_opt_ PVOID Context, 07886 _In_opt_ POPLOCK_WAIT_COMPLETE_ROUTINE CompletionRoutine, 07887 _In_opt_ POPLOCK_FS_PREPOST_IRP PostIrpRoutine); 07888 07889 _IRQL_requires_max_(DISPATCH_LEVEL) 07890 NTKERNELAPI 07891 NTSTATUS 07892 NTAPI 07893 FsRtlNotifyVolumeEventEx( 07894 _In_ PFILE_OBJECT FileObject, 07895 _In_ ULONG EventCode, 07896 _In_ PTARGET_DEVICE_CUSTOM_NOTIFICATION Event); 07897 07898 _IRQL_requires_max_(APC_LEVEL) 07899 NTKERNELAPI 07900 VOID 07901 NTAPI 07902 FsRtlNotifyCleanupAll( 07903 _In_ PNOTIFY_SYNC NotifySync, 07904 _In_ PLIST_ENTRY NotifyList); 07905 07906 _Must_inspect_result_ 07907 _IRQL_requires_max_(PASSIVE_LEVEL) 07908 NTSTATUS 07909 NTAPI 07910 FsRtlRegisterUncProviderEx( 07911 _Out_ PHANDLE MupHandle, 07912 _In_ PUNICODE_STRING RedirDevName, 07913 _In_ PDEVICE_OBJECT DeviceObject, 07914 _In_ ULONG Flags); 07915 07916 _Must_inspect_result_ 07917 _When_(Irp!=NULL, _IRQL_requires_max_(PASSIVE_LEVEL)) 07918 _When_(Irp==NULL, _IRQL_requires_max_(APC_LEVEL)) 07919 NTKERNELAPI 07920 NTSTATUS 07921 NTAPI 07922 FsRtlCancellableWaitForSingleObject( 07923 _In_ PVOID Object, 07924 _In_opt_ PLARGE_INTEGER Timeout, 07925 _In_opt_ PIRP Irp); 07926 07927 _Must_inspect_result_ 07928 _When_(Irp != NULL, _IRQL_requires_max_(PASSIVE_LEVEL)) 07929 _When_(Irp == NULL, _IRQL_requires_max_(APC_LEVEL)) 07930 NTKERNELAPI 07931 NTSTATUS 07932 NTAPI 07933 FsRtlCancellableWaitForMultipleObjects( 07934 _In_ ULONG Count, 07935 _In_reads_(Count) PVOID ObjectArray[], 07936 _In_ WAIT_TYPE WaitType, 07937 _In_opt_ PLARGE_INTEGER Timeout, 07938 _In_opt_ PKWAIT_BLOCK WaitBlockArray, 07939 _In_opt_ PIRP Irp); 07940 07941 _Must_inspect_result_ 07942 _IRQL_requires_max_(APC_LEVEL) 07943 NTKERNELAPI 07944 NTSTATUS 07945 NTAPI 07946 FsRtlMupGetProviderInfoFromFileObject( 07947 _In_ PFILE_OBJECT pFileObject, 07948 _In_ ULONG Level, 07949 _Out_writes_bytes_(*pBufferSize) PVOID pBuffer, 07950 _Inout_ PULONG pBufferSize); 07951 07952 _Must_inspect_result_ 07953 _IRQL_requires_max_(APC_LEVEL) 07954 NTKERNELAPI 07955 NTSTATUS 07956 NTAPI 07957 FsRtlMupGetProviderIdFromName( 07958 _In_ PUNICODE_STRING pProviderName, 07959 _Out_ PULONG32 pProviderId); 07960 07961 NTKERNELAPI 07962 VOID 07963 NTAPI 07964 FsRtlIncrementCcFastMdlReadWait(VOID); 07965 07966 _Must_inspect_result_ 07967 _IRQL_requires_max_(PASSIVE_LEVEL) 07968 NTKERNELAPI 07969 NTSTATUS 07970 NTAPI 07971 FsRtlValidateReparsePointBuffer( 07972 _In_ ULONG BufferLength, 07973 _In_reads_bytes_(BufferLength) PREPARSE_DATA_BUFFER ReparseBuffer); 07974 07975 _Must_inspect_result_ 07976 _IRQL_requires_max_(PASSIVE_LEVEL) 07977 NTKERNELAPI 07978 NTSTATUS 07979 NTAPI 07980 FsRtlRemoveDotsFromPath( 07981 _Inout_updates_bytes_(PathLength) PWSTR OriginalString, 07982 _In_ USHORT PathLength, 07983 _Out_ USHORT *NewLength); 07984 07985 _Must_inspect_result_ 07986 _IRQL_requires_max_(APC_LEVEL) 07987 NTKERNELAPI 07988 NTSTATUS 07989 NTAPI 07990 FsRtlAllocateExtraCreateParameterList( 07991 _In_ FSRTL_ALLOCATE_ECPLIST_FLAGS Flags, 07992 _Outptr_ PECP_LIST *EcpList); 07993 07994 _IRQL_requires_max_(APC_LEVEL) 07995 NTKERNELAPI 07996 VOID 07997 NTAPI 07998 FsRtlFreeExtraCreateParameterList( 07999 _In_ PECP_LIST EcpList); 08000 08001 _Must_inspect_result_ 08002 _IRQL_requires_max_(APC_LEVEL) 08003 NTKERNELAPI 08004 NTSTATUS 08005 NTAPI 08006 FsRtlAllocateExtraCreateParameter( 08007 _In_ LPCGUID EcpType, 08008 _In_ ULONG SizeOfContext, 08009 _In_ FSRTL_ALLOCATE_ECP_FLAGS Flags, 08010 _In_opt_ PFSRTL_EXTRA_CREATE_PARAMETER_CLEANUP_CALLBACK CleanupCallback, 08011 _In_ ULONG PoolTag, 08012 _Outptr_result_bytebuffer_(SizeOfContext) PVOID *EcpContext); 08013 08014 _IRQL_requires_max_(APC_LEVEL) 08015 NTKERNELAPI 08016 VOID 08017 NTAPI 08018 FsRtlFreeExtraCreateParameter( 08019 _In_ PVOID EcpContext); 08020 08021 _When_(Flags|FSRTL_ECP_LOOKASIDE_FLAG_NONPAGED_POOL, _IRQL_requires_max_(DISPATCH_LEVEL)) 08022 _When_(!(Flags|FSRTL_ECP_LOOKASIDE_FLAG_NONPAGED_POOL), _IRQL_requires_max_(APC_LEVEL)) 08023 NTKERNELAPI 08024 VOID 08025 NTAPI 08026 FsRtlInitExtraCreateParameterLookasideList( 08027 _Inout_ PVOID Lookaside, 08028 _In_ FSRTL_ECP_LOOKASIDE_FLAGS Flags, 08029 _In_ SIZE_T Size, 08030 _In_ ULONG Tag); 08031 08032 _When_(Flags|FSRTL_ECP_LOOKASIDE_FLAG_NONPAGED_POOL, _IRQL_requires_max_(DISPATCH_LEVEL)) 08033 _When_(!(Flags|FSRTL_ECP_LOOKASIDE_FLAG_NONPAGED_POOL), _IRQL_requires_max_(APC_LEVEL)) 08034 VOID 08035 NTAPI 08036 FsRtlDeleteExtraCreateParameterLookasideList( 08037 _Inout_ PVOID Lookaside, 08038 _In_ FSRTL_ECP_LOOKASIDE_FLAGS Flags); 08039 08040 _Must_inspect_result_ 08041 _IRQL_requires_max_(APC_LEVEL) 08042 NTKERNELAPI 08043 NTSTATUS 08044 NTAPI 08045 FsRtlAllocateExtraCreateParameterFromLookasideList( 08046 _In_ LPCGUID EcpType, 08047 ULONG SizeOfContext, 08048 _In_ FSRTL_ALLOCATE_ECP_FLAGS Flags, 08049 _In_opt_ PFSRTL_EXTRA_CREATE_PARAMETER_CLEANUP_CALLBACK CleanupCallback, 08050 _Inout_ PVOID LookasideList, 08051 _Outptr_ PVOID *EcpContext); 08052 08053 _Must_inspect_result_ 08054 _IRQL_requires_max_(APC_LEVEL) 08055 NTKERNELAPI 08056 NTSTATUS 08057 NTAPI 08058 FsRtlInsertExtraCreateParameter( 08059 _Inout_ PECP_LIST EcpList, 08060 _Inout_ PVOID EcpContext); 08061 08062 _Must_inspect_result_ 08063 _IRQL_requires_max_(APC_LEVEL) 08064 NTKERNELAPI 08065 NTSTATUS 08066 NTAPI 08067 FsRtlFindExtraCreateParameter( 08068 _In_ PECP_LIST EcpList, 08069 _In_ LPCGUID EcpType, 08070 _Outptr_opt_ PVOID *EcpContext, 08071 _Out_opt_ ULONG *EcpContextSize); 08072 08073 _Must_inspect_result_ 08074 _IRQL_requires_max_(APC_LEVEL) 08075 NTKERNELAPI 08076 NTSTATUS 08077 NTAPI 08078 FsRtlRemoveExtraCreateParameter( 08079 _Inout_ PECP_LIST EcpList, 08080 _In_ LPCGUID EcpType, 08081 _Outptr_ PVOID *EcpContext, 08082 _Out_opt_ ULONG *EcpContextSize); 08083 08084 _Must_inspect_result_ 08085 _IRQL_requires_max_(APC_LEVEL) 08086 NTKERNELAPI 08087 NTSTATUS 08088 NTAPI 08089 FsRtlGetEcpListFromIrp( 08090 _In_ PIRP Irp, 08091 _Outptr_result_maybenull_ PECP_LIST *EcpList); 08092 08093 _Must_inspect_result_ 08094 _IRQL_requires_max_(APC_LEVEL) 08095 NTKERNELAPI 08096 NTSTATUS 08097 NTAPI 08098 FsRtlSetEcpListIntoIrp( 08099 _Inout_ PIRP Irp, 08100 _In_ PECP_LIST EcpList); 08101 08102 _Must_inspect_result_ 08103 _IRQL_requires_max_(APC_LEVEL) 08104 NTKERNELAPI 08105 NTSTATUS 08106 NTAPI 08107 FsRtlGetNextExtraCreateParameter( 08108 _In_ PECP_LIST EcpList, 08109 _In_opt_ PVOID CurrentEcpContext, 08110 _Out_opt_ LPGUID NextEcpType, 08111 _Outptr_opt_ PVOID *NextEcpContext, 08112 _Out_opt_ ULONG *NextEcpContextSize); 08113 08114 _IRQL_requires_max_(APC_LEVEL) 08115 NTKERNELAPI 08116 VOID 08117 NTAPI 08118 FsRtlAcknowledgeEcp( 08119 _In_ PVOID EcpContext); 08120 08121 _IRQL_requires_max_(APC_LEVEL) 08122 NTKERNELAPI 08123 BOOLEAN 08124 NTAPI 08125 FsRtlIsEcpAcknowledged( 08126 _In_ PVOID EcpContext); 08127 08128 _IRQL_requires_max_(APC_LEVEL) 08129 NTKERNELAPI 08130 BOOLEAN 08131 NTAPI 08132 FsRtlIsEcpFromUserMode( 08133 _In_ PVOID EcpContext); 08134 08135 _Must_inspect_result_ 08136 _IRQL_requires_max_(PASSIVE_LEVEL) 08137 NTKERNELAPI 08138 NTSTATUS 08139 NTAPI 08140 FsRtlChangeBackingFileObject( 08141 _In_opt_ PFILE_OBJECT CurrentFileObject, 08142 _In_ PFILE_OBJECT NewFileObject, 08143 _In_ FSRTL_CHANGE_BACKING_TYPE ChangeBackingType, 08144 _In_ ULONG Flags); 08145 08146 _Must_inspect_result_ 08147 _IRQL_requires_max_(APC_LEVEL) 08148 NTKERNELAPI 08149 NTSTATUS 08150 NTAPI 08151 FsRtlLogCcFlushError( 08152 _In_ PUNICODE_STRING FileName, 08153 _In_ PDEVICE_OBJECT DeviceObject, 08154 _In_ PSECTION_OBJECT_POINTERS SectionObjectPointer, 08155 _In_ NTSTATUS FlushError, 08156 _In_ ULONG Flags); 08157 08158 _IRQL_requires_max_(APC_LEVEL) 08159 NTKERNELAPI 08160 BOOLEAN 08161 NTAPI 08162 FsRtlAreVolumeStartupApplicationsComplete(VOID); 08163 08164 NTKERNELAPI 08165 ULONG 08166 NTAPI 08167 FsRtlQueryMaximumVirtualDiskNestingLevel(VOID); 08168 08169 NTKERNELAPI 08170 NTSTATUS 08171 NTAPI 08172 FsRtlGetVirtualDiskNestingLevel( 08173 _In_ PDEVICE_OBJECT DeviceObject, 08174 _Out_ PULONG NestingLevel, 08175 _Out_opt_ PULONG NestingFlags); 08176 08177 #endif /* (NTDDI_VERSION >= NTDDI_VISTA) */ 08178 08179 #if (NTDDI_VERSION >= NTDDI_VISTASP1) 08180 _When_(Flags | OPLOCK_FLAG_BACK_OUT_ATOMIC_OPLOCK, _Must_inspect_result_) 08181 _IRQL_requires_max_(APC_LEVEL) 08182 NTKERNELAPI 08183 NTSTATUS 08184 NTAPI 08185 FsRtlCheckOplockEx( 08186 _In_ POPLOCK Oplock, 08187 _In_ PIRP Irp, 08188 _In_ ULONG Flags, 08189 _In_opt_ PVOID Context, 08190 _In_opt_ POPLOCK_WAIT_COMPLETE_ROUTINE CompletionRoutine, 08191 _In_opt_ POPLOCK_FS_PREPOST_IRP PostIrpRoutine); 08192 08193 #endif 08194 08195 #if (NTDDI_VERSION >= NTDDI_WIN7) 08196 08197 _IRQL_requires_max_(APC_LEVEL) 08198 NTKERNELAPI 08199 BOOLEAN 08200 NTAPI 08201 FsRtlAreThereCurrentOrInProgressFileLocks( 08202 _In_ PFILE_LOCK FileLock); 08203 08204 _Must_inspect_result_ 08205 _IRQL_requires_max_(APC_LEVEL) 08206 NTKERNELAPI 08207 BOOLEAN 08208 NTAPI 08209 FsRtlOplockIsSharedRequest( 08210 _In_ PIRP Irp); 08211 08212 _Must_inspect_result_ 08213 _IRQL_requires_max_(APC_LEVEL) 08214 NTKERNELAPI 08215 NTSTATUS 08216 NTAPI 08217 FsRtlOplockBreakH( 08218 _In_ POPLOCK Oplock, 08219 _In_ PIRP Irp, 08220 _In_ ULONG Flags, 08221 _In_opt_ PVOID Context, 08222 _In_opt_ POPLOCK_WAIT_COMPLETE_ROUTINE CompletionRoutine, 08223 _In_opt_ POPLOCK_FS_PREPOST_IRP PostIrpRoutine); 08224 08225 _IRQL_requires_max_(APC_LEVEL) 08226 NTKERNELAPI 08227 BOOLEAN 08228 NTAPI 08229 FsRtlCurrentOplockH( 08230 _In_ POPLOCK Oplock); 08231 08232 _Must_inspect_result_ 08233 _IRQL_requires_max_(APC_LEVEL) 08234 NTKERNELAPI 08235 NTSTATUS 08236 NTAPI 08237 FsRtlOplockBreakToNoneEx( 08238 _Inout_ POPLOCK Oplock, 08239 _In_ PIRP Irp, 08240 _In_ ULONG Flags, 08241 _In_opt_ PVOID Context, 08242 _In_opt_ POPLOCK_WAIT_COMPLETE_ROUTINE CompletionRoutine, 08243 _In_opt_ POPLOCK_FS_PREPOST_IRP PostIrpRoutine); 08244 08245 _Must_inspect_result_ 08246 _IRQL_requires_max_(APC_LEVEL) 08247 NTKERNELAPI 08248 NTSTATUS 08249 NTAPI 08250 FsRtlOplockFsctrlEx( 08251 _In_ POPLOCK Oplock, 08252 _In_ PIRP Irp, 08253 _In_ ULONG OpenCount, 08254 _In_ ULONG Flags); 08255 08256 _IRQL_requires_max_(APC_LEVEL) 08257 NTKERNELAPI 08258 BOOLEAN 08259 NTAPI 08260 FsRtlOplockKeysEqual( 08261 _In_opt_ PFILE_OBJECT Fo1, 08262 _In_opt_ PFILE_OBJECT Fo2); 08263 08264 NTKERNELAPI 08265 NTSTATUS 08266 NTAPI 08267 FsRtlInitializeExtraCreateParameterList( 08268 _Inout_ PECP_LIST EcpList); 08269 08270 NTKERNELAPI 08271 VOID 08272 NTAPI 08273 FsRtlInitializeExtraCreateParameter( 08274 _Out_ PECP_HEADER Ecp, 08275 _In_ ULONG EcpFlags, 08276 _In_opt_ PFSRTL_EXTRA_CREATE_PARAMETER_CLEANUP_CALLBACK CleanupCallback, 08277 _In_ ULONG TotalSize, 08278 _In_ LPCGUID EcpType, 08279 _In_opt_ PVOID ListAllocatedFrom); 08280 08281 #endif /* (NTDDI_VERSION >= NTDDI_WIN7) */ 08282 08283 _Must_inspect_result_ 08284 _IRQL_requires_max_(APC_LEVEL) 08285 NTKERNELAPI 08286 NTSTATUS 08287 NTAPI 08288 FsRtlInsertPerFileContext( 08289 _In_ PVOID* PerFileContextPointer, 08290 _In_ PFSRTL_PER_FILE_CONTEXT Ptr); 08291 08292 _Must_inspect_result_ 08293 _IRQL_requires_max_(APC_LEVEL) 08294 NTKERNELAPI 08295 PFSRTL_PER_FILE_CONTEXT 08296 NTAPI 08297 FsRtlLookupPerFileContext( 08298 _In_ PVOID* PerFileContextPointer, 08299 _In_opt_ PVOID OwnerId, 08300 _In_opt_ PVOID InstanceId); 08301 08302 _Must_inspect_result_ 08303 _IRQL_requires_max_(APC_LEVEL) 08304 NTKERNELAPI 08305 PFSRTL_PER_FILE_CONTEXT 08306 NTAPI 08307 FsRtlRemovePerFileContext( 08308 _In_ PVOID* PerFileContextPointer, 08309 _In_opt_ PVOID OwnerId, 08310 _In_opt_ PVOID InstanceId); 08311 08312 _IRQL_requires_max_(APC_LEVEL) 08313 NTKERNELAPI 08314 VOID 08315 NTAPI 08316 FsRtlTeardownPerFileContexts( 08317 _In_ PVOID* PerFileContextPointer); 08318 08319 _Must_inspect_result_ 08320 _IRQL_requires_max_(APC_LEVEL) 08321 NTKERNELAPI 08322 NTSTATUS 08323 NTAPI 08324 FsRtlInsertPerFileObjectContext( 08325 _In_ PFILE_OBJECT FileObject, 08326 _In_ PFSRTL_PER_FILEOBJECT_CONTEXT Ptr); 08327 08328 _Must_inspect_result_ 08329 _IRQL_requires_max_(APC_LEVEL) 08330 NTKERNELAPI 08331 PFSRTL_PER_FILEOBJECT_CONTEXT 08332 NTAPI 08333 FsRtlLookupPerFileObjectContext( 08334 _In_ PFILE_OBJECT FileObject, 08335 _In_opt_ PVOID OwnerId, 08336 _In_opt_ PVOID InstanceId); 08337 08338 _Must_inspect_result_ 08339 _IRQL_requires_max_(APC_LEVEL) 08340 NTKERNELAPI 08341 PFSRTL_PER_FILEOBJECT_CONTEXT 08342 NTAPI 08343 FsRtlRemovePerFileObjectContext( 08344 _In_ PFILE_OBJECT FileObject, 08345 _In_opt_ PVOID OwnerId, 08346 _In_opt_ PVOID InstanceId); 08347 08348 #define FsRtlFastLock(A1, A2, A3, A4, A5, A6, A7, A8, A9, A10, A11) ( \ 08349 FsRtlPrivateLock(A1, A2, A3, A4, A5, A6, A7, A8, A9, NULL, A10, A11) \ 08350 ) 08351 08352 #define FsRtlAreThereCurrentFileLocks(FL) ( \ 08353 ((FL)->FastIoIsQuestionable) \ 08354 ) 08355 08356 #define FsRtlIncrementLockRequestsInProgress(FL) { \ 08357 ASSERT( (FL)->LockRequestsInProgress >= 0 ); \ 08358 (void) \ 08359 (InterlockedIncrement((LONG volatile *)&((FL)->LockRequestsInProgress)));\ 08360 } 08361 08362 #define FsRtlDecrementLockRequestsInProgress(FL) { \ 08363 ASSERT( (FL)->LockRequestsInProgress > 0 ); \ 08364 (void) \ 08365 (InterlockedDecrement((LONG volatile *)&((FL)->LockRequestsInProgress)));\ 08366 } 08367 08368 /* GCC compatible definition, MS one is retarded */ 08369 extern NTKERNELAPI const UCHAR * const FsRtlLegalAnsiCharacterArray; 08370 #define LEGAL_ANSI_CHARACTER_ARRAY FsRtlLegalAnsiCharacterArray 08371 08372 #define FsRtlIsAnsiCharacterWild(C) ( \ 08373 FlagOn(FsRtlLegalAnsiCharacterArray[(UCHAR)(C)], FSRTL_WILD_CHARACTER ) \ 08374 ) 08375 08376 #define FsRtlIsAnsiCharacterLegalFat(C, WILD) ( \ 08377 FlagOn(FsRtlLegalAnsiCharacterArray[(UCHAR)(C)], (FSRTL_FAT_LEGAL) | \ 08378 ((WILD) ? FSRTL_WILD_CHARACTER : 0 )) \ 08379 ) 08380 08381 #define FsRtlIsAnsiCharacterLegalHpfs(C, WILD) ( \ 08382 FlagOn(FsRtlLegalAnsiCharacterArray[(UCHAR)(C)], (FSRTL_HPFS_LEGAL) | \ 08383 ((WILD) ? FSRTL_WILD_CHARACTER : 0 )) \ 08384 ) 08385 08386 #define FsRtlIsAnsiCharacterLegalNtfs(C, WILD) ( \ 08387 FlagOn(FsRtlLegalAnsiCharacterArray[(UCHAR)(C)], (FSRTL_NTFS_LEGAL) | \ 08388 ((WILD) ? FSRTL_WILD_CHARACTER : 0 )) \ 08389 ) 08390 08391 #define FsRtlIsAnsiCharacterLegalNtfsStream(C,WILD_OK) ( \ 08392 FsRtlTestAnsiCharacter((C), TRUE, (WILD_OK), FSRTL_NTFS_STREAM_LEGAL) \ 08393 ) 08394 08395 #define FsRtlIsAnsiCharacterLegal(C,FLAGS) ( \ 08396 FsRtlTestAnsiCharacter((C), TRUE, FALSE, (FLAGS)) \ 08397 ) 08398 08399 #define FsRtlTestAnsiCharacter(C, DEFAULT_RET, WILD_OK, FLAGS) ( \ 08400 ((SCHAR)(C) < 0) ? DEFAULT_RET : \ 08401 FlagOn( LEGAL_ANSI_CHARACTER_ARRAY[(C)], \ 08402 (FLAGS) | \ 08403 ((WILD_OK) ? FSRTL_WILD_CHARACTER : 0) ) \ 08404 ) 08405 08406 #define FsRtlIsLeadDbcsCharacter(DBCS_CHAR) ( \ 08407 (BOOLEAN)((UCHAR)(DBCS_CHAR) < 0x80 ? FALSE : \ 08408 (NLS_MB_CODE_PAGE_TAG && \ 08409 (NLS_OEM_LEAD_BYTE_INFO[(UCHAR)(DBCS_CHAR)] != 0))) \ 08410 ) 08411 08412 #define FsRtlIsUnicodeCharacterWild(C) ( \ 08413 (((C) >= 0x40) ? \ 08414 FALSE : \ 08415 FlagOn(FsRtlLegalAnsiCharacterArray[(C)], FSRTL_WILD_CHARACTER )) \ 08416 ) 08417 08418 #define FsRtlInitPerFileContext( _fc, _owner, _inst, _cb) \ 08419 ((_fc)->OwnerId = (_owner), \ 08420 (_fc)->InstanceId = (_inst), \ 08421 (_fc)->FreeCallback = (_cb)) 08422 08423 #define FsRtlGetPerFileContextPointer(_fo) \ 08424 (FsRtlSupportsPerFileContexts(_fo) ? \ 08425 FsRtlGetPerStreamContextPointer(_fo)->FileContextSupportPointer : \ 08426 NULL) 08427 08428 #define FsRtlSupportsPerFileContexts(_fo) \ 08429 ((FsRtlGetPerStreamContextPointer(_fo) != NULL) && \ 08430 (FsRtlGetPerStreamContextPointer(_fo)->Version >= FSRTL_FCB_HEADER_V1) && \ 08431 (FsRtlGetPerStreamContextPointer(_fo)->FileContextSupportPointer != NULL)) 08432 08433 #define FsRtlSetupAdvancedHeaderEx( _advhdr, _fmutx, _fctxptr ) \ 08434 { \ 08435 FsRtlSetupAdvancedHeader( _advhdr, _fmutx ); \ 08436 if ((_fctxptr) != NULL) { \ 08437 (_advhdr)->FileContextSupportPointer = (_fctxptr); \ 08438 } \ 08439 } 08440 08441 #define FsRtlGetPerStreamContextPointer(FO) ( \ 08442 (PFSRTL_ADVANCED_FCB_HEADER)(FO)->FsContext \ 08443 ) 08444 08445 #define FsRtlInitPerStreamContext(PSC, O, I, FC) ( \ 08446 (PSC)->OwnerId = (O), \ 08447 (PSC)->InstanceId = (I), \ 08448 (PSC)->FreeCallback = (FC) \ 08449 ) 08450 08451 #define FsRtlSupportsPerStreamContexts(FO) ( \ 08452 (BOOLEAN)((NULL != FsRtlGetPerStreamContextPointer(FO) && \ 08453 FlagOn(FsRtlGetPerStreamContextPointer(FO)->Flags2, \ 08454 FSRTL_FLAG2_SUPPORTS_FILTER_CONTEXTS)) \ 08455 ) 08456 08457 #define FsRtlLookupPerStreamContext(_sc, _oid, _iid) \ 08458 (((NULL != (_sc)) && \ 08459 FlagOn((_sc)->Flags2,FSRTL_FLAG2_SUPPORTS_FILTER_CONTEXTS) && \ 08460 !IsListEmpty(&(_sc)->FilterContexts)) ? \ 08461 FsRtlLookupPerStreamContextInternal((_sc), (_oid), (_iid)) : \ 08462 NULL) 08463 08464 _IRQL_requires_max_(APC_LEVEL) 08465 FORCEINLINE 08466 VOID 08467 NTAPI 08468 FsRtlSetupAdvancedHeader( 08469 _In_ PVOID AdvHdr, 08470 _In_ PFAST_MUTEX FMutex ) 08471 { 08472 PFSRTL_ADVANCED_FCB_HEADER localAdvHdr = (PFSRTL_ADVANCED_FCB_HEADER)AdvHdr; 08473 08474 localAdvHdr->Flags |= FSRTL_FLAG_ADVANCED_HEADER; 08475 localAdvHdr->Flags2 |= FSRTL_FLAG2_SUPPORTS_FILTER_CONTEXTS; 08476 #if (NTDDI_VERSION >= NTDDI_VISTA) 08477 localAdvHdr->Version = FSRTL_FCB_HEADER_V1; 08478 #else 08479 localAdvHdr->Version = FSRTL_FCB_HEADER_V0; 08480 #endif 08481 InitializeListHead( &localAdvHdr->FilterContexts ); 08482 if (FMutex != NULL) { 08483 localAdvHdr->FastMutex = FMutex; 08484 } 08485 #if (NTDDI_VERSION >= NTDDI_VISTA) 08486 *((PULONG_PTR)(&localAdvHdr->PushLock)) = 0; 08487 localAdvHdr->FileContextSupportPointer = NULL; 08488 #endif 08489 } 08490 08491 #define FsRtlInitPerFileObjectContext(_fc, _owner, _inst) \ 08492 ((_fc)->OwnerId = (_owner), (_fc)->InstanceId = (_inst)) 08493 08494 #define FsRtlCompleteRequest(IRP,STATUS) { \ 08495 (IRP)->IoStatus.Status = (STATUS); \ 08496 IoCompleteRequest( (IRP), IO_DISK_INCREMENT ); \ 08497 } 08498 /* Common Cache Types */ 08499 08500 #define VACB_MAPPING_GRANULARITY (0x40000) 08501 #define VACB_OFFSET_SHIFT (18) 08502 08503 typedef struct _PUBLIC_BCB { 08504 CSHORT NodeTypeCode; 08505 CSHORT NodeByteSize; 08506 ULONG MappedLength; 08507 LARGE_INTEGER MappedFileOffset; 08508 } PUBLIC_BCB, *PPUBLIC_BCB; 08509 08510 typedef struct _CC_FILE_SIZES { 08511 LARGE_INTEGER AllocationSize; 08512 LARGE_INTEGER FileSize; 08513 LARGE_INTEGER ValidDataLength; 08514 } CC_FILE_SIZES, *PCC_FILE_SIZES; 08515 08516 typedef BOOLEAN 08517 (NTAPI *PACQUIRE_FOR_LAZY_WRITE) ( 08518 _In_ PVOID Context, 08519 _In_ BOOLEAN Wait); 08520 08521 typedef VOID 08522 (NTAPI *PRELEASE_FROM_LAZY_WRITE) ( 08523 _In_ PVOID Context); 08524 08525 typedef BOOLEAN 08526 (NTAPI *PACQUIRE_FOR_READ_AHEAD) ( 08527 _In_ PVOID Context, 08528 _In_ BOOLEAN Wait); 08529 08530 typedef VOID 08531 (NTAPI *PRELEASE_FROM_READ_AHEAD) ( 08532 _In_ PVOID Context); 08533 08534 typedef struct _CACHE_MANAGER_CALLBACKS { 08535 PACQUIRE_FOR_LAZY_WRITE AcquireForLazyWrite; 08536 PRELEASE_FROM_LAZY_WRITE ReleaseFromLazyWrite; 08537 PACQUIRE_FOR_READ_AHEAD AcquireForReadAhead; 08538 PRELEASE_FROM_READ_AHEAD ReleaseFromReadAhead; 08539 } CACHE_MANAGER_CALLBACKS, *PCACHE_MANAGER_CALLBACKS; 08540 08541 typedef struct _CACHE_UNINITIALIZE_EVENT { 08542 struct _CACHE_UNINITIALIZE_EVENT *Next; 08543 KEVENT Event; 08544 } CACHE_UNINITIALIZE_EVENT, *PCACHE_UNINITIALIZE_EVENT; 08545 08546 typedef VOID 08547 (NTAPI *PDIRTY_PAGE_ROUTINE) ( 08548 _In_ PFILE_OBJECT FileObject, 08549 _In_ PLARGE_INTEGER FileOffset, 08550 _In_ ULONG Length, 08551 _In_ PLARGE_INTEGER OldestLsn, 08552 _In_ PLARGE_INTEGER NewestLsn, 08553 _In_ PVOID Context1, 08554 _In_ PVOID Context2); 08555 08556 typedef VOID 08557 (NTAPI *PFLUSH_TO_LSN) ( 08558 _In_ PVOID LogHandle, 08559 _In_ LARGE_INTEGER Lsn); 08560 08561 typedef VOID 08562 (NTAPI *PCC_POST_DEFERRED_WRITE) ( 08563 _In_ PVOID Context1, 08564 _In_ PVOID Context2); 08565 08566 #define UNINITIALIZE_CACHE_MAPS (1) 08567 #define DO_NOT_RETRY_PURGE (2) 08568 #define DO_NOT_PURGE_DIRTY_PAGES (0x4) 08569 08570 #define CC_FLUSH_AND_PURGE_NO_PURGE (0x1) 08571 /* Common Cache Functions */ 08572 08573 #define CcIsFileCached(FO) ( \ 08574 ((FO)->SectionObjectPointer != NULL) && \ 08575 (((PSECTION_OBJECT_POINTERS)(FO)->SectionObjectPointer)->SharedCacheMap != NULL) \ 08576 ) 08577 08578 extern ULONG CcFastMdlReadWait; 08579 08580 #if (NTDDI_VERSION >= NTDDI_WIN2K) 08581 08582 NTKERNELAPI 08583 VOID 08584 NTAPI 08585 CcInitializeCacheMap( 08586 _In_ PFILE_OBJECT FileObject, 08587 _In_ PCC_FILE_SIZES FileSizes, 08588 _In_ BOOLEAN PinAccess, 08589 _In_ PCACHE_MANAGER_CALLBACKS Callbacks, 08590 _In_ PVOID LazyWriteContext); 08591 08592 NTKERNELAPI 08593 BOOLEAN 08594 NTAPI 08595 CcUninitializeCacheMap( 08596 _In_ PFILE_OBJECT FileObject, 08597 _In_opt_ PLARGE_INTEGER TruncateSize, 08598 _In_opt_ PCACHE_UNINITIALIZE_EVENT UninitializeCompleteEvent); 08599 08600 NTKERNELAPI 08601 VOID 08602 NTAPI 08603 CcSetFileSizes( 08604 IN PFILE_OBJECT FileObject, 08605 IN PCC_FILE_SIZES FileSizes); 08606 08607 NTKERNELAPI 08608 VOID 08609 NTAPI 08610 CcSetDirtyPageThreshold( 08611 _In_ PFILE_OBJECT FileObject, 08612 _In_ ULONG DirtyPageThreshold); 08613 08614 NTKERNELAPI 08615 VOID 08616 NTAPI 08617 CcFlushCache( 08618 _In_ PSECTION_OBJECT_POINTERS SectionObjectPointer, 08619 _In_opt_ PLARGE_INTEGER FileOffset, 08620 _In_ ULONG Length, 08621 _Out_opt_ PIO_STATUS_BLOCK IoStatus); 08622 08623 NTKERNELAPI 08624 LARGE_INTEGER 08625 NTAPI 08626 CcGetFlushedValidData( 08627 _In_ PSECTION_OBJECT_POINTERS SectionObjectPointer, 08628 _In_ BOOLEAN BcbListHeld); 08629 08630 NTKERNELAPI 08631 BOOLEAN 08632 NTAPI 08633 CcZeroData( 08634 _In_ PFILE_OBJECT FileObject, 08635 _In_ PLARGE_INTEGER StartOffset, 08636 _In_ PLARGE_INTEGER EndOffset, 08637 _In_ BOOLEAN Wait); 08638 08639 NTKERNELAPI 08640 PVOID 08641 NTAPI 08642 CcRemapBcb( 08643 _In_ PVOID Bcb); 08644 08645 NTKERNELAPI 08646 VOID 08647 NTAPI 08648 CcRepinBcb( 08649 _In_ PVOID Bcb); 08650 08651 NTKERNELAPI 08652 VOID 08653 NTAPI 08654 CcUnpinRepinnedBcb( 08655 _In_ PVOID Bcb, 08656 _In_ BOOLEAN WriteThrough, 08657 _Out_ PIO_STATUS_BLOCK IoStatus); 08658 08659 NTKERNELAPI 08660 PFILE_OBJECT 08661 NTAPI 08662 CcGetFileObjectFromSectionPtrs( 08663 _In_ PSECTION_OBJECT_POINTERS SectionObjectPointer); 08664 08665 NTKERNELAPI 08666 PFILE_OBJECT 08667 NTAPI 08668 CcGetFileObjectFromBcb( 08669 _In_ PVOID Bcb); 08670 08671 NTKERNELAPI 08672 BOOLEAN 08673 NTAPI 08674 CcCanIWrite( 08675 _In_opt_ PFILE_OBJECT FileObject, 08676 _In_ ULONG BytesToWrite, 08677 _In_ BOOLEAN Wait, 08678 _In_ BOOLEAN Retrying); 08679 08680 NTKERNELAPI 08681 VOID 08682 NTAPI 08683 CcDeferWrite( 08684 _In_ PFILE_OBJECT FileObject, 08685 _In_ PCC_POST_DEFERRED_WRITE PostRoutine, 08686 _In_ PVOID Context1, 08687 _In_ PVOID Context2, 08688 _In_ ULONG BytesToWrite, 08689 _In_ BOOLEAN Retrying); 08690 08691 NTKERNELAPI 08692 BOOLEAN 08693 NTAPI 08694 CcCopyRead( 08695 _In_ PFILE_OBJECT FileObject, 08696 _In_ PLARGE_INTEGER FileOffset, 08697 _In_ ULONG Length, 08698 _In_ BOOLEAN Wait, 08699 _Out_writes_bytes_(Length) PVOID Buffer, 08700 _Out_ PIO_STATUS_BLOCK IoStatus); 08701 08702 NTKERNELAPI 08703 VOID 08704 NTAPI 08705 CcFastCopyRead( 08706 _In_ PFILE_OBJECT FileObject, 08707 _In_ ULONG FileOffset, 08708 _In_ ULONG Length, 08709 _In_ ULONG PageCount, 08710 _Out_writes_bytes_(Length) PVOID Buffer, 08711 _Out_ PIO_STATUS_BLOCK IoStatus); 08712 08713 NTKERNELAPI 08714 BOOLEAN 08715 NTAPI 08716 CcCopyWrite( 08717 _In_ PFILE_OBJECT FileObject, 08718 _In_ PLARGE_INTEGER FileOffset, 08719 _In_ ULONG Length, 08720 _In_ BOOLEAN Wait, 08721 _In_reads_bytes_(Length) PVOID Buffer); 08722 08723 NTKERNELAPI 08724 VOID 08725 NTAPI 08726 CcFastCopyWrite( 08727 _In_ PFILE_OBJECT FileObject, 08728 _In_ ULONG FileOffset, 08729 _In_ ULONG Length, 08730 _In_reads_bytes_(Length) PVOID Buffer); 08731 08732 NTKERNELAPI 08733 VOID 08734 NTAPI 08735 CcMdlRead( 08736 _In_ PFILE_OBJECT FileObject, 08737 _In_ PLARGE_INTEGER FileOffset, 08738 _In_ ULONG Length, 08739 _Out_ PMDL *MdlChain, 08740 _Out_ PIO_STATUS_BLOCK IoStatus); 08741 08742 NTKERNELAPI 08743 VOID 08744 NTAPI 08745 CcMdlReadComplete( 08746 _In_ PFILE_OBJECT FileObject, 08747 _In_ PMDL MdlChain); 08748 08749 NTKERNELAPI 08750 VOID 08751 NTAPI 08752 CcPrepareMdlWrite( 08753 _In_ PFILE_OBJECT FileObject, 08754 _In_ PLARGE_INTEGER FileOffset, 08755 _In_ ULONG Length, 08756 _Out_ PMDL *MdlChain, 08757 _Out_ PIO_STATUS_BLOCK IoStatus); 08758 08759 NTKERNELAPI 08760 VOID 08761 NTAPI 08762 CcMdlWriteComplete( 08763 _In_ PFILE_OBJECT FileObject, 08764 _In_ PLARGE_INTEGER FileOffset, 08765 _In_ PMDL MdlChain); 08766 08767 NTKERNELAPI 08768 VOID 08769 NTAPI 08770 CcScheduleReadAhead( 08771 _In_ PFILE_OBJECT FileObject, 08772 _In_ PLARGE_INTEGER FileOffset, 08773 _In_ ULONG Length); 08774 08775 NTKERNELAPI 08776 NTSTATUS 08777 NTAPI 08778 CcWaitForCurrentLazyWriterActivity(VOID); 08779 08780 NTKERNELAPI 08781 VOID 08782 NTAPI 08783 CcSetReadAheadGranularity( 08784 _In_ PFILE_OBJECT FileObject, 08785 _In_ ULONG Granularity); 08786 08787 NTKERNELAPI 08788 BOOLEAN 08789 NTAPI 08790 CcPinRead( 08791 _In_ PFILE_OBJECT FileObject, 08792 _In_ PLARGE_INTEGER FileOffset, 08793 _In_ ULONG Length, 08794 _In_ ULONG Flags, 08795 _Outptr_ PVOID *Bcb, 08796 _Outptr_result_bytebuffer_(Length) PVOID *Buffer); 08797 08798 NTKERNELAPI 08799 BOOLEAN 08800 NTAPI 08801 CcPinMappedData( 08802 _In_ PFILE_OBJECT FileObject, 08803 _In_ PLARGE_INTEGER FileOffset, 08804 _In_ ULONG Length, 08805 _In_ ULONG Flags, 08806 _Inout_ PVOID *Bcb); 08807 08808 NTKERNELAPI 08809 BOOLEAN 08810 NTAPI 08811 CcPreparePinWrite( 08812 _In_ PFILE_OBJECT FileObject, 08813 _In_ PLARGE_INTEGER FileOffset, 08814 _In_ ULONG Length, 08815 _In_ BOOLEAN Zero, 08816 _In_ ULONG Flags, 08817 _Outptr_ PVOID *Bcb, 08818 _Outptr_result_bytebuffer_(Length) PVOID *Buffer); 08819 08820 NTKERNELAPI 08821 VOID 08822 NTAPI 08823 CcSetDirtyPinnedData( 08824 _In_ PVOID BcbVoid, 08825 _In_opt_ PLARGE_INTEGER Lsn); 08826 08827 NTKERNELAPI 08828 VOID 08829 NTAPI 08830 CcUnpinData( 08831 _In_ PVOID Bcb); 08832 08833 NTKERNELAPI 08834 VOID 08835 NTAPI 08836 CcSetBcbOwnerPointer( 08837 _In_ PVOID Bcb, 08838 _In_ PVOID OwnerPointer); 08839 08840 NTKERNELAPI 08841 VOID 08842 NTAPI 08843 CcUnpinDataForThread( 08844 _In_ PVOID Bcb, 08845 _In_ ERESOURCE_THREAD ResourceThreadId); 08846 08847 NTKERNELAPI 08848 VOID 08849 NTAPI 08850 CcSetAdditionalCacheAttributes( 08851 _In_ PFILE_OBJECT FileObject, 08852 _In_ BOOLEAN DisableReadAhead, 08853 _In_ BOOLEAN DisableWriteBehind); 08854 08855 NTKERNELAPI 08856 BOOLEAN 08857 NTAPI 08858 CcIsThereDirtyData( 08859 _In_ PVPB Vpb); 08860 08861 #endif /* (NTDDI_VERSION >= NTDDI_WIN2K) */ 08862 08863 #if (NTDDI_VERSION >= NTDDI_WINXP) 08864 08865 NTKERNELAPI 08866 VOID 08867 NTAPI 08868 CcMdlWriteAbort( 08869 _In_ PFILE_OBJECT FileObject, 08870 _In_ PMDL MdlChain); 08871 08872 NTKERNELAPI 08873 VOID 08874 NTAPI 08875 CcSetLogHandleForFile( 08876 _In_ PFILE_OBJECT FileObject, 08877 _In_ PVOID LogHandle, 08878 _In_ PFLUSH_TO_LSN FlushToLsnRoutine); 08879 08880 NTKERNELAPI 08881 LARGE_INTEGER 08882 NTAPI 08883 CcGetDirtyPages( 08884 _In_ PVOID LogHandle, 08885 _In_ PDIRTY_PAGE_ROUTINE DirtyPageRoutine, 08886 _In_ PVOID Context1, 08887 _In_ PVOID Context2); 08888 08889 #endif 08890 08891 #if (NTDDI_VERSION >= NTDDI_WINXP) 08892 NTKERNELAPI 08893 BOOLEAN 08894 NTAPI 08895 CcMapData( 08896 _In_ PFILE_OBJECT FileObject, 08897 _In_ PLARGE_INTEGER FileOffset, 08898 _In_ ULONG Length, 08899 _In_ ULONG Flags, 08900 _Outptr_ PVOID *Bcb, 08901 _Outptr_result_bytebuffer_(Length) PVOID *Buffer); 08902 #elif (NTDDI_VERSION >= NTDDI_WIN2K) 08903 NTKERNELAPI 08904 BOOLEAN 08905 NTAPI 08906 CcMapData( 08907 _In_ PFILE_OBJECT FileObject, 08908 _In_ PLARGE_INTEGER FileOffset, 08909 _In_ ULONG Length, 08910 _In_ BOOLEAN Wait, 08911 _Outptr_ PVOID *Bcb, 08912 _Outptr_result_bytebuffer_(Length) PVOID *Buffer); 08913 #endif 08914 08915 #if (NTDDI_VERSION >= NTDDI_VISTA) 08916 08917 NTKERNELAPI 08918 NTSTATUS 08919 NTAPI 08920 CcSetFileSizesEx( 08921 _In_ PFILE_OBJECT FileObject, 08922 _In_ PCC_FILE_SIZES FileSizes); 08923 08924 NTKERNELAPI 08925 PFILE_OBJECT 08926 NTAPI 08927 CcGetFileObjectFromSectionPtrsRef( 08928 _In_ PSECTION_OBJECT_POINTERS SectionObjectPointer); 08929 08930 NTKERNELAPI 08931 VOID 08932 NTAPI 08933 CcSetParallelFlushFile( 08934 _In_ PFILE_OBJECT FileObject, 08935 _In_ BOOLEAN EnableParallelFlush); 08936 08937 NTKERNELAPI 08938 BOOLEAN 08939 CcIsThereDirtyDataEx( 08940 _In_ PVPB Vpb, 08941 _In_opt_ PULONG NumberOfDirtyPages); 08942 08943 #endif 08944 08945 #if (NTDDI_VERSION >= NTDDI_WIN7) 08946 NTKERNELAPI 08947 VOID 08948 NTAPI 08949 CcCoherencyFlushAndPurgeCache( 08950 _In_ PSECTION_OBJECT_POINTERS SectionObjectPointer, 08951 _In_opt_ PLARGE_INTEGER FileOffset, 08952 _In_ ULONG Length, 08953 _Out_ PIO_STATUS_BLOCK IoStatus, 08954 _In_opt_ ULONG Flags); 08955 #endif 08956 08957 #define CcGetFileSizePointer(FO) ( \ 08958 ((PLARGE_INTEGER)((FO)->SectionObjectPointer->SharedCacheMap) + 1) \ 08959 ) 08960 08961 #if (NTDDI_VERSION >= NTDDI_VISTA) 08962 NTKERNELAPI 08963 BOOLEAN 08964 NTAPI 08965 CcPurgeCacheSection( 08966 _In_ PSECTION_OBJECT_POINTERS SectionObjectPointer, 08967 _In_opt_ PLARGE_INTEGER FileOffset, 08968 _In_ ULONG Length, 08969 _In_ ULONG Flags); 08970 #elif (NTDDI_VERSION >= NTDDI_WIN2K) 08971 NTKERNELAPI 08972 BOOLEAN 08973 NTAPI 08974 CcPurgeCacheSection( 08975 _In_ PSECTION_OBJECT_POINTERS SectionObjectPointer, 08976 _In_opt_ PLARGE_INTEGER FileOffset, 08977 _In_ ULONG Length, 08978 _In_ BOOLEAN UninitializeCacheMaps); 08979 #endif 08980 08981 #if (NTDDI_VERSION >= NTDDI_WIN7) 08982 NTKERNELAPI 08983 BOOLEAN 08984 NTAPI 08985 CcCopyWriteWontFlush( 08986 _In_ PFILE_OBJECT FileObject, 08987 _In_ PLARGE_INTEGER FileOffset, 08988 _In_ ULONG Length); 08989 #else 08990 #define CcCopyWriteWontFlush(FO, FOFF, LEN) ((LEN) <= 0x10000) 08991 #endif 08992 08993 #define CcReadAhead(FO, FOFF, LEN) ( \ 08994 if ((LEN) >= 256) { \ 08995 CcScheduleReadAhead((FO), (FOFF), (LEN)); \ 08996 } \ 08997 ) 08998 /****************************************************************************** 08999 * ZwXxx Functions * 09000 ******************************************************************************/ 09001 09002 09003 09004 _IRQL_requires_max_(PASSIVE_LEVEL) 09005 NTSYSAPI 09006 NTSTATUS 09007 NTAPI 09008 ZwQueryEaFile( 09009 _In_ HANDLE FileHandle, 09010 _Out_ PIO_STATUS_BLOCK IoStatusBlock, 09011 _Out_writes_bytes_(Length) PVOID Buffer, 09012 _In_ ULONG Length, 09013 _In_ BOOLEAN ReturnSingleEntry, 09014 _In_reads_bytes_opt_(EaListLength) PVOID EaList, 09015 _In_ ULONG EaListLength, 09016 _In_opt_ PULONG EaIndex, 09017 _In_ BOOLEAN RestartScan); 09018 09019 _IRQL_requires_max_(PASSIVE_LEVEL) 09020 NTSYSAPI 09021 NTSTATUS 09022 NTAPI 09023 ZwSetEaFile( 09024 _In_ HANDLE FileHandle, 09025 _Out_ PIO_STATUS_BLOCK IoStatusBlock, 09026 _In_reads_bytes_(Length) PVOID Buffer, 09027 _In_ ULONG Length); 09028 09029 _IRQL_requires_max_(PASSIVE_LEVEL) 09030 NTSYSAPI 09031 NTSTATUS 09032 NTAPI 09033 ZwDuplicateToken( 09034 _In_ HANDLE ExistingTokenHandle, 09035 _In_ ACCESS_MASK DesiredAccess, 09036 _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, 09037 _In_ BOOLEAN EffectiveOnly, 09038 _In_ TOKEN_TYPE TokenType, 09039 _Out_ PHANDLE NewTokenHandle); 09040 09041 #if (NTDDI_VERSION >= NTDDI_WIN2K) 09042 09043 _IRQL_requires_max_(PASSIVE_LEVEL) 09044 NTSYSAPI 09045 NTSTATUS 09046 NTAPI 09047 ZwQueryObject( 09048 _In_opt_ HANDLE Handle, 09049 _In_ OBJECT_INFORMATION_CLASS ObjectInformationClass, 09050 _Out_writes_bytes_opt_(ObjectInformationLength) PVOID ObjectInformation, 09051 _In_ ULONG ObjectInformationLength, 09052 _Out_opt_ PULONG ReturnLength); 09053 09054 _IRQL_requires_max_(PASSIVE_LEVEL) 09055 NTSYSAPI 09056 NTSTATUS 09057 NTAPI 09058 ZwNotifyChangeKey( 09059 _In_ HANDLE KeyHandle, 09060 _In_opt_ HANDLE EventHandle, 09061 _In_opt_ PIO_APC_ROUTINE ApcRoutine, 09062 _In_opt_ PVOID ApcContext, 09063 _Out_ PIO_STATUS_BLOCK IoStatusBlock, 09064 _In_ ULONG NotifyFilter, 09065 _In_ BOOLEAN WatchSubtree, 09066 _Out_writes_bytes_opt_(BufferLength) PVOID Buffer, 09067 _In_ ULONG BufferLength, 09068 _In_ BOOLEAN Asynchronous); 09069 09070 _IRQL_requires_max_(PASSIVE_LEVEL) 09071 NTSYSAPI 09072 NTSTATUS 09073 NTAPI 09074 ZwCreateEvent( 09075 _Out_ PHANDLE EventHandle, 09076 _In_ ACCESS_MASK DesiredAccess, 09077 _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, 09078 _In_ EVENT_TYPE EventType, 09079 _In_ BOOLEAN InitialState); 09080 09081 _IRQL_requires_max_(PASSIVE_LEVEL) 09082 NTSYSAPI 09083 NTSTATUS 09084 NTAPI 09085 ZwDeleteFile( 09086 _In_ POBJECT_ATTRIBUTES ObjectAttributes); 09087 09088 _IRQL_requires_max_(PASSIVE_LEVEL) 09089 NTSYSAPI 09090 NTSTATUS 09091 NTAPI 09092 ZwQueryDirectoryFile( 09093 _In_ HANDLE FileHandle, 09094 _In_opt_ HANDLE Event, 09095 _In_opt_ PIO_APC_ROUTINE ApcRoutine, 09096 _In_opt_ PVOID ApcContext, 09097 _Out_ PIO_STATUS_BLOCK IoStatusBlock, 09098 _Out_writes_bytes_(Length) PVOID FileInformation, 09099 _In_ ULONG Length, 09100 _In_ FILE_INFORMATION_CLASS FileInformationClass, 09101 _In_ BOOLEAN ReturnSingleEntry, 09102 _In_opt_ PUNICODE_STRING FileName, 09103 _In_ BOOLEAN RestartScan); 09104 09105 _IRQL_requires_max_(PASSIVE_LEVEL) 09106 NTSYSAPI 09107 NTSTATUS 09108 NTAPI 09109 ZwSetVolumeInformationFile( 09110 _In_ HANDLE FileHandle, 09111 _Out_ PIO_STATUS_BLOCK IoStatusBlock, 09112 _In_reads_bytes_(Length) PVOID FsInformation, 09113 _In_ ULONG Length, 09114 _In_ FS_INFORMATION_CLASS FsInformationClass); 09115 09116 _IRQL_requires_max_(PASSIVE_LEVEL) 09117 NTSYSAPI 09118 NTSTATUS 09119 NTAPI 09120 ZwFsControlFile( 09121 _In_ HANDLE FileHandle, 09122 _In_opt_ HANDLE Event, 09123 _In_opt_ PIO_APC_ROUTINE ApcRoutine, 09124 _In_opt_ PVOID ApcContext, 09125 _Out_ PIO_STATUS_BLOCK IoStatusBlock, 09126 _In_ ULONG FsControlCode, 09127 _In_reads_bytes_opt_(InputBufferLength) PVOID InputBuffer, 09128 _In_ ULONG InputBufferLength, 09129 _Out_writes_bytes_opt_(OutputBufferLength) PVOID OutputBuffer, 09130 _In_ ULONG OutputBufferLength); 09131 09132 _IRQL_requires_max_(PASSIVE_LEVEL) 09133 NTSYSAPI 09134 NTSTATUS 09135 NTAPI 09136 ZwDuplicateObject( 09137 _In_ HANDLE SourceProcessHandle, 09138 _In_ HANDLE SourceHandle, 09139 _In_opt_ HANDLE TargetProcessHandle, 09140 _Out_opt_ PHANDLE TargetHandle, 09141 _In_ ACCESS_MASK DesiredAccess, 09142 _In_ ULONG HandleAttributes, 09143 _In_ ULONG Options); 09144 09145 _IRQL_requires_max_(PASSIVE_LEVEL) 09146 NTSYSAPI 09147 NTSTATUS 09148 NTAPI 09149 ZwOpenDirectoryObject( 09150 _Out_ PHANDLE DirectoryHandle, 09151 _In_ ACCESS_MASK DesiredAccess, 09152 _In_ POBJECT_ATTRIBUTES ObjectAttributes); 09153 09154 _IRQL_requires_max_(PASSIVE_LEVEL) 09155 _When_(return==0, __drv_allocatesMem(Region)) 09156 NTSYSAPI 09157 NTSTATUS 09158 NTAPI 09159 ZwAllocateVirtualMemory( 09160 _In_ HANDLE ProcessHandle, 09161 _Inout_ PVOID *BaseAddress, 09162 _In_ ULONG_PTR ZeroBits, 09163 _Inout_ PSIZE_T RegionSize, 09164 _In_ ULONG AllocationType, 09165 _In_ ULONG Protect); 09166 09167 _IRQL_requires_max_(PASSIVE_LEVEL) 09168 _When_(return==0, __drv_freesMem(Region)) 09169 NTSYSAPI 09170 NTSTATUS 09171 NTAPI 09172 ZwFreeVirtualMemory( 09173 _In_ HANDLE ProcessHandle, 09174 _Inout_ PVOID *BaseAddress, 09175 _Inout_ PSIZE_T RegionSize, 09176 _In_ ULONG FreeType); 09177 09178 _When_(Timeout == NULL, _IRQL_requires_max_(APC_LEVEL)) 09179 _When_(Timeout->QuadPart != 0, _IRQL_requires_max_(APC_LEVEL)) 09180 _When_(Timeout->QuadPart == 0, _IRQL_requires_max_(DISPATCH_LEVEL)) 09181 NTSYSAPI 09182 NTSTATUS 09183 NTAPI 09184 ZwWaitForSingleObject( 09185 _In_ HANDLE Handle, 09186 _In_ BOOLEAN Alertable, 09187 _In_opt_ PLARGE_INTEGER Timeout); 09188 09189 _IRQL_requires_max_(DISPATCH_LEVEL) 09190 NTSYSAPI 09191 NTSTATUS 09192 NTAPI 09193 ZwSetEvent( 09194 _In_ HANDLE EventHandle, 09195 _Out_opt_ PLONG PreviousState); 09196 09197 _IRQL_requires_max_(APC_LEVEL) 09198 NTSYSAPI 09199 NTSTATUS 09200 NTAPI 09201 ZwFlushVirtualMemory( 09202 _In_ HANDLE ProcessHandle, 09203 _Inout_ PVOID *BaseAddress, 09204 _Inout_ PSIZE_T RegionSize, 09205 _Out_ PIO_STATUS_BLOCK IoStatusBlock); 09206 09207 _IRQL_requires_max_(PASSIVE_LEVEL) 09208 NTSYSAPI 09209 NTSTATUS 09210 NTAPI 09211 ZwQueryInformationToken( 09212 _In_ HANDLE TokenHandle, 09213 _In_ TOKEN_INFORMATION_CLASS TokenInformationClass, 09214 _Out_writes_bytes_to_opt_(Length,*ResultLength) PVOID TokenInformation, 09215 _In_ ULONG Length, 09216 _Out_ PULONG ResultLength); 09217 09218 _IRQL_requires_max_(PASSIVE_LEVEL) 09219 NTSYSAPI 09220 NTSTATUS 09221 NTAPI 09222 ZwSetSecurityObject( 09223 _In_ HANDLE Handle, 09224 _In_ SECURITY_INFORMATION SecurityInformation, 09225 _In_ PSECURITY_DESCRIPTOR SecurityDescriptor); 09226 09227 _IRQL_requires_max_(PASSIVE_LEVEL) 09228 NTSYSAPI 09229 NTSTATUS 09230 NTAPI 09231 ZwQuerySecurityObject( 09232 _In_ HANDLE FileHandle, 09233 _In_ SECURITY_INFORMATION SecurityInformation, 09234 _Out_writes_bytes_to_(Length,*ResultLength) PSECURITY_DESCRIPTOR SecurityDescriptor, 09235 _In_ ULONG Length, 09236 _Out_ PULONG ResultLength); 09237 #endif /* (NTDDI_VERSION >= NTDDI_WIN2K) */ 09238 09239 #if (NTDDI_VERSION >= NTDDI_WINXP) 09240 09241 _IRQL_requires_max_(PASSIVE_LEVEL) 09242 NTSYSAPI 09243 NTSTATUS 09244 NTAPI 09245 ZwOpenProcessTokenEx( 09246 _In_ HANDLE ProcessHandle, 09247 _In_ ACCESS_MASK DesiredAccess, 09248 _In_ ULONG HandleAttributes, 09249 _Out_ PHANDLE TokenHandle); 09250 09251 _IRQL_requires_max_(PASSIVE_LEVEL) 09252 NTSYSAPI 09253 NTSTATUS 09254 NTAPI 09255 ZwOpenThreadTokenEx( 09256 _In_ HANDLE ThreadHandle, 09257 _In_ ACCESS_MASK DesiredAccess, 09258 _In_ BOOLEAN OpenAsSelf, 09259 _In_ ULONG HandleAttributes, 09260 _Out_ PHANDLE TokenHandle); 09261 09262 #endif /* (NTDDI_VERSION >= NTDDI_WINXP) */ 09263 09264 #if (NTDDI_VERSION >= NTDDI_VISTA) 09265 09266 _IRQL_requires_max_(PASSIVE_LEVEL) 09267 NTSYSAPI 09268 NTSTATUS 09269 NTAPI 09270 ZwLockFile( 09271 _In_ HANDLE FileHandle, 09272 _In_opt_ HANDLE Event, 09273 _In_opt_ PIO_APC_ROUTINE ApcRoutine, 09274 _In_opt_ PVOID ApcContext, 09275 _Out_ PIO_STATUS_BLOCK IoStatusBlock, 09276 _In_ PLARGE_INTEGER ByteOffset, 09277 _In_ PLARGE_INTEGER Length, 09278 _In_ ULONG Key, 09279 _In_ BOOLEAN FailImmediately, 09280 _In_ BOOLEAN ExclusiveLock); 09281 09282 _IRQL_requires_max_(PASSIVE_LEVEL) 09283 NTSYSAPI 09284 NTSTATUS 09285 NTAPI 09286 ZwUnlockFile( 09287 _In_ HANDLE FileHandle, 09288 _Out_ PIO_STATUS_BLOCK IoStatusBlock, 09289 _In_ PLARGE_INTEGER ByteOffset, 09290 _In_ PLARGE_INTEGER Length, 09291 _In_ ULONG Key); 09292 09293 _IRQL_requires_max_(PASSIVE_LEVEL) 09294 NTSYSAPI 09295 NTSTATUS 09296 NTAPI 09297 ZwQueryQuotaInformationFile( 09298 _In_ HANDLE FileHandle, 09299 _Out_ PIO_STATUS_BLOCK IoStatusBlock, 09300 _Out_writes_bytes_(Length) PVOID Buffer, 09301 _In_ ULONG Length, 09302 _In_ BOOLEAN ReturnSingleEntry, 09303 _In_reads_bytes_opt_(SidListLength) PVOID SidList, 09304 _In_ ULONG SidListLength, 09305 _In_opt_ PSID StartSid, 09306 _In_ BOOLEAN RestartScan); 09307 09308 _IRQL_requires_max_(PASSIVE_LEVEL) 09309 NTSYSAPI 09310 NTSTATUS 09311 NTAPI 09312 ZwSetQuotaInformationFile( 09313 _In_ HANDLE FileHandle, 09314 _Out_ PIO_STATUS_BLOCK IoStatusBlock, 09315 _In_reads_bytes_(Length) PVOID Buffer, 09316 _In_ ULONG Length); 09317 09318 _IRQL_requires_max_(PASSIVE_LEVEL) 09319 NTSYSAPI 09320 NTSTATUS 09321 NTAPI 09322 ZwFlushBuffersFile( 09323 _In_ HANDLE FileHandle, 09324 _Out_ PIO_STATUS_BLOCK IoStatusBlock); 09325 #endif /* (NTDDI_VERSION >= NTDDI_VISTA) */ 09326 #if (NTDDI_VERSION >= NTDDI_WIN7) 09327 09328 _IRQL_requires_max_(PASSIVE_LEVEL) 09329 NTSYSAPI 09330 NTSTATUS 09331 NTAPI 09332 ZwSetInformationToken( 09333 _In_ HANDLE TokenHandle, 09334 _In_ TOKEN_INFORMATION_CLASS TokenInformationClass, 09335 _In_reads_bytes_(TokenInformationLength) PVOID TokenInformation, 09336 _In_ ULONG TokenInformationLength); 09337 #endif /* (NTDDI_VERSION >= NTDDI_WIN7) */ 09338 09339 #ifndef __SSPI_H__ 09340 #define __SSPI_H__ 09341 09342 // for ntifs.h: 09343 #define ISSP_LEVEL 32 09344 #define ISSP_MODE 0 09345 09346 #ifdef MIDL_PASS 09347 #define MIDL_PROP(x) x 09348 #else 09349 #define MIDL_PROP(x) 09350 #endif 09351 09352 #define SEC_TEXT TEXT 09353 #define SEC_FAR 09354 #define SEC_ENTRY __stdcall 09355 09356 #if defined(_NO_KSECDD_IMPORT_) 09357 #define KSECDDDECLSPEC 09358 #else 09359 #define KSECDDDECLSPEC __declspec(dllimport) 09360 #endif 09361 09362 #define SECQOP_WRAP_NO_ENCRYPT 0x80000001 09363 #define SECQOP_WRAP_OOB_DATA 0x40000000 09364 09365 #define SECURITY_ENTRYPOINTW SEC_TEXT("InitSecurityInterfaceW") 09366 #define SECURITY_ENTRYPOINT SECURITY_ENTRYPOINTW 09367 09368 #define SECURITY_SUPPORT_PROVIDER_INTERFACE_VERSION 1 09369 #define SECURITY_SUPPORT_PROVIDER_INTERFACE_VERSION_2 2 09370 #define SECURITY_SUPPORT_PROVIDER_INTERFACE_VERSION_3 3 09371 #define SECURITY_SUPPORT_PROVIDER_INTERFACE_VERSION_4 4 09372 09373 #define SECURITY_NATIVE_DREP 0x00000010 09374 #define SECURITY_NETWORK_DREP 0x00000000 09375 09376 #define SECPKG_ID_NONE 0xFFFF 09377 09378 #define SECPKG_CRED_ATTR_NAMES 1 09379 #define SECPKG_CRED_ATTR_SSI_PROVIDER 2 09380 09381 #define SECPKG_ATTR_SIZES 0 09382 #define SECPKG_ATTR_NAMES 1 09383 #define SECPKG_ATTR_LIFESPAN 2 09384 #define SECPKG_ATTR_DCE_INFO 3 09385 #define SECPKG_ATTR_STREAM_SIZES 4 09386 #define SECPKG_ATTR_KEY_INFO 5 09387 #define SECPKG_ATTR_AUTHORITY 6 09388 #define SECPKG_ATTR_PROTO_INFO 7 09389 #define SECPKG_ATTR_PASSWORD_EXPIRY 8 09390 #define SECPKG_ATTR_SESSION_KEY 9 09391 #define SECPKG_ATTR_PACKAGE_INFO 10 09392 #define SECPKG_ATTR_USER_FLAGS 11 09393 #define SECPKG_ATTR_NEGOTIATION_INFO 12 09394 #define SECPKG_ATTR_NATIVE_NAMES 13 09395 #define SECPKG_ATTR_FLAGS 14 09396 #define SECPKG_ATTR_USE_VALIDATED 15 09397 #define SECPKG_ATTR_CREDENTIAL_NAME 16 09398 #define SECPKG_ATTR_TARGET_INFORMATION 17 09399 #define SECPKG_ATTR_ACCESS_TOKEN 18 09400 #define SECPKG_ATTR_TARGET 19 09401 #define SECPKG_ATTR_AUTHENTICATION_ID 20 09402 #define SECPKG_ATTR_LOGOFF_TIME 21 09403 #define SECPKG_ATTR_NEGO_KEYS 22 09404 #define SECPKG_ATTR_PROMPTING_NEEDED 24 09405 #define SECPKG_ATTR_UNIQUE_BINDINGS 25 09406 #define SECPKG_ATTR_ENDPOINT_BINDINGS 26 09407 #define SECPKG_ATTR_CLIENT_SPECIFIED_TARGET 27 09408 #define SECPKG_ATTR_LAST_CLIENT_TOKEN_STATUS 30 09409 #define SECPKG_ATTR_NEGO_PKG_INFO 31 09410 #define SECPKG_ATTR_NEGO_STATUS 32 09411 #define SECPKG_ATTR_CONTEXT_DELETED 33 09412 09413 #define SECPKG_FLAG_INTEGRITY 0x00000001 09414 #define SECPKG_FLAG_PRIVACY 0x00000002 09415 #define SECPKG_FLAG_TOKEN_ONLY 0x00000004 09416 #define SECPKG_FLAG_DATAGRAM 0x00000008 09417 #define SECPKG_FLAG_CONNECTION 0x00000010 09418 #define SECPKG_FLAG_MULTI_REQUIRED 0x00000020 09419 #define SECPKG_FLAG_CLIENT_ONLY 0x00000040 09420 #define SECPKG_FLAG_EXTENDED_ERROR 0x00000080 09421 #define SECPKG_FLAG_IMPERSONATION 0x00000100 09422 #define SECPKG_FLAG_ACCEPT_WIN32_NAME 0x00000200 09423 #define SECPKG_FLAG_STREAM 0x00000400 09424 #define SECPKG_FLAG_NEGOTIABLE 0x00000800 09425 #define SECPKG_FLAG_GSS_COMPATIBLE 0x00001000 09426 #define SECPKG_FLAG_LOGON 0x00002000 09427 #define SECPKG_FLAG_ASCII_BUFFERS 0x00004000 09428 #define SECPKG_FLAG_FRAGMENT 0x00008000 09429 #define SECPKG_FLAG_MUTUAL_AUTH 0x00010000 09430 #define SECPKG_FLAG_DELEGATION 0x00020000 09431 #define SECPKG_FLAG_READONLY_WITH_CHECKSUM 0x00040000 09432 #define SECPKG_FLAG_RESTRICTED_TOKENS 0x00080000 09433 #define SECPKG_FLAG_NEGO_EXTENDER 0x00100000 09434 #define SECPKG_FLAG_NEGOTIABLE2 0x00200000 09435 09436 #define SECPKG_CRED_INBOUND 0x00000001 09437 #define SECPKG_CRED_OUTBOUND 0x00000002 09438 #define SECPKG_CRED_BOTH 0x00000003 09439 #define SECPKG_CRED_DEFAULT 0x00000004 09440 #define SECPKG_CRED_RESERVED 0xF0000000 09441 #define SECPKG_CRED_AUTOLOGON_RESTRICTED 0x00000010 09442 #define SECPKG_CRED_PROCESS_POLICY_ONLY 0x00000020 09443 09444 #define SECPKG_CONTEXT_EXPORT_RESET_NEW 0x00000001 09445 #define SECPKG_CONTEXT_EXPORT_DELETE_OLD 0x00000002 09446 #define SECPKG_CONTEXT_EXPORT_TO_KERNEL 0x00000004 09447 09448 #define SECPKG_ATTR_SUBJECT_SECURITY_ATTRIBUTES 128 09449 #define SECPKG_ATTR_NEGO_INFO_FLAG_NO_KERBEROS 0x1 09450 #define SECPKG_ATTR_NEGO_INFO_FLAG_NO_NTLM 0x2 09451 09452 #define SecPkgContext_NativeNames SecPkgContext_NativeNamesW 09453 #define PSecPkgContext_NativeNames PSecPkgContext_NativeNamesW 09454 09455 #define SECBUFFER_VERSION 0 09456 09457 #define SECBUFFER_EMPTY 0 09458 #define SECBUFFER_DATA 1 09459 #define SECBUFFER_TOKEN 2 09460 #define SECBUFFER_PKG_PARAMS 3 09461 #define SECBUFFER_MISSING 4 09462 #define SECBUFFER_EXTRA 5 09463 #define SECBUFFER_STREAM_TRAILER 6 09464 #define SECBUFFER_STREAM_HEADER 7 09465 #define SECBUFFER_NEGOTIATION_INFO 8 09466 #define SECBUFFER_PADDING 9 09467 #define SECBUFFER_STREAM 10 09468 #define SECBUFFER_MECHLIST 11 09469 #define SECBUFFER_MECHLIST_SIGNATURE 12 09470 #define SECBUFFER_TARGET 13 09471 #define SECBUFFER_CHANNEL_BINDINGS 14 09472 #define SECBUFFER_CHANGE_PASS_RESPONSE 15 09473 #define SECBUFFER_TARGET_HOST 16 09474 #define SECBUFFER_ALERT 17 09475 09476 #define SECBUFFER_ATTRMASK 0xF0000000 09477 #define SECBUFFER_READONLY 0x80000000 09478 #define SECBUFFER_READONLY_WITH_CHECKSUM 0x10000000 09479 #define SECBUFFER_RESERVED 0x60000000 09480 09481 #define ISC_REQ_DELEGATE 0x00000001 09482 #define ISC_REQ_MUTUAL_AUTH 0x00000002 09483 #define ISC_REQ_REPLAY_DETECT 0x00000004 09484 #define ISC_REQ_SEQUENCE_DETECT 0x00000008 09485 #define ISC_REQ_CONFIDENTIALITY 0x00000010 09486 #define ISC_REQ_USE_SESSION_KEY 0x00000020 09487 #define ISC_REQ_PROMPT_FOR_CREDS 0x00000040 09488 #define ISC_REQ_USE_SUPPLIED_CREDS 0x00000080 09489 #define ISC_REQ_ALLOCATE_MEMORY 0x00000100 09490 #define ISC_REQ_USE_DCE_STYLE 0x00000200 09491 #define ISC_REQ_DATAGRAM 0x00000400 09492 #define ISC_REQ_CONNECTION 0x00000800 09493 #define ISC_REQ_CALL_LEVEL 0x00001000 09494 #define ISC_REQ_FRAGMENT_SUPPLIED 0x00002000 09495 #define ISC_REQ_EXTENDED_ERROR 0x00004000 09496 #define ISC_REQ_STREAM 0x00008000 09497 #define ISC_REQ_INTEGRITY 0x00010000 09498 #define ISC_REQ_IDENTIFY 0x00020000 09499 #define ISC_REQ_NULL_SESSION 0x00040000 09500 #define ISC_REQ_MANUAL_CRED_VALIDATION 0x00080000 09501 #define ISC_REQ_RESERVED1 0x00100000 09502 #define ISC_REQ_FRAGMENT_TO_FIT 0x00200000 09503 #define ISC_REQ_FORWARD_CREDENTIALS 0x00400000 09504 #define ISC_REQ_NO_INTEGRITY 0x00800000 09505 #define ISC_REQ_USE_HTTP_STYLE 0x01000000 09506 09507 #define ISC_RET_DELEGATE 0x00000001 09508 #define ISC_RET_MUTUAL_AUTH 0x00000002 09509 #define ISC_RET_REPLAY_DETECT 0x00000004 09510 #define ISC_RET_SEQUENCE_DETECT 0x00000008 09511 #define ISC_RET_CONFIDENTIALITY 0x00000010 09512 #define ISC_RET_USE_SESSION_KEY 0x00000020 09513 #define ISC_RET_USED_COLLECTED_CREDS 0x00000040 09514 #define ISC_RET_USED_SUPPLIED_CREDS 0x00000080 09515 #define ISC_RET_ALLOCATED_MEMORY 0x00000100 09516 #define ISC_RET_USED_DCE_STYLE 0x00000200 09517 #define ISC_RET_DATAGRAM 0x00000400 09518 #define ISC_RET_CONNECTION 0x00000800 09519 #define ISC_RET_INTERMEDIATE_RETURN 0x00001000 09520 #define ISC_RET_CALL_LEVEL 0x00002000 09521 #define ISC_RET_EXTENDED_ERROR 0x00004000 09522 #define ISC_RET_STREAM 0x00008000 09523 #define ISC_RET_INTEGRITY 0x00010000 09524 #define ISC_RET_IDENTIFY 0x00020000 09525 #define ISC_RET_NULL_SESSION 0x00040000 09526 #define ISC_RET_MANUAL_CRED_VALIDATION 0x00080000 09527 #define ISC_RET_RESERVED1 0x00100000 09528 #define ISC_RET_FRAGMENT_ONLY 0x00200000 09529 #define ISC_RET_FORWARD_CREDENTIALS 0x00400000 09530 #define ISC_RET_USED_HTTP_STYLE 0x01000000 09531 #define ISC_RET_NO_ADDITIONAL_TOKEN 0x02000000 09532 #define ISC_RET_REAUTHENTICATION 0x08000000 09533 09534 #define ASC_REQ_DELEGATE 0x00000001 09535 #define ASC_REQ_MUTUAL_AUTH 0x00000002 09536 #define ASC_REQ_REPLAY_DETECT 0x00000004 09537 #define ASC_REQ_SEQUENCE_DETECT 0x00000008 09538 #define ASC_REQ_CONFIDENTIALITY 0x00000010 09539 #define ASC_REQ_USE_SESSION_KEY 0x00000020 09540 #define ASC_REQ_ALLOCATE_MEMORY 0x00000100 09541 #define ASC_REQ_USE_DCE_STYLE 0x00000200 09542 #define ASC_REQ_DATAGRAM 0x00000400 09543 #define ASC_REQ_CONNECTION 0x00000800 09544 #define ASC_REQ_CALL_LEVEL 0x00001000 09545 #define ASC_REQ_EXTENDED_ERROR 0x00008000 09546 #define ASC_REQ_STREAM 0x00010000 09547 #define ASC_REQ_INTEGRITY 0x00020000 09548 #define ASC_REQ_LICENSING 0x00040000 09549 #define ASC_REQ_IDENTIFY 0x00080000 09550 #define ASC_REQ_ALLOW_NULL_SESSION 0x00100000 09551 #define ASC_REQ_ALLOW_NON_USER_LOGONS 0x00200000 09552 #define ASC_REQ_ALLOW_CONTEXT_REPLAY 0x00400000 09553 #define ASC_REQ_FRAGMENT_TO_FIT 0x00800000 09554 #define ASC_REQ_FRAGMENT_SUPPLIED 0x00002000 09555 #define ASC_REQ_NO_TOKEN 0x01000000 09556 #define ASC_REQ_PROXY_BINDINGS 0x04000000 09557 //#define SSP_RET_REAUTHENTICATION 0x08000000 // internal 09558 09559 #define ASC_REQ_ALLOW_MISSING_BINDINGS 0x10000000 09560 #define ASC_RET_DELEGATE 0x00000001 09561 #define ASC_RET_MUTUAL_AUTH 0x00000002 09562 #define ASC_RET_REPLAY_DETECT 0x00000004 09563 #define ASC_RET_SEQUENCE_DETECT 0x00000008 09564 #define ASC_RET_CONFIDENTIALITY 0x00000010 09565 #define ASC_RET_USE_SESSION_KEY 0x00000020 09566 #define ASC_RET_ALLOCATED_MEMORY 0x00000100 09567 #define ASC_RET_USED_DCE_STYLE 0x00000200 09568 #define ASC_RET_DATAGRAM 0x00000400 09569 #define ASC_RET_CONNECTION 0x00000800 09570 #define ASC_RET_CALL_LEVEL 0x00002000 09571 #define ASC_RET_THIRD_LEG_FAILED 0x00004000 09572 #define ASC_RET_EXTENDED_ERROR 0x00008000 09573 #define ASC_RET_STREAM 0x00010000 09574 #define ASC_RET_INTEGRITY 0x00020000 09575 #define ASC_RET_LICENSING 0x00040000 09576 #define ASC_RET_IDENTIFY 0x00080000 09577 #define ASC_RET_NULL_SESSION 0x00100000 09578 #define ASC_RET_ALLOW_NON_USER_LOGONS 0x00200000 09579 #define ASC_RET_ALLOW_CONTEXT_REPLAY 0x00400000 09580 #define ASC_RET_FRAGMENT_ONLY 0x00800000 09581 #define ASC_RET_NO_TOKEN 0x01000000 09582 #define ASC_RET_NO_ADDITIONAL_TOKEN 0x02000000 09583 #define ASC_RET_NO_PROXY_BINDINGS 0x04000000 09584 //#define SSP_RET_REAUTHENTICATION 0x08000000 // internal 09585 #define ASC_RET_MISSING_BINDINGS 0x10000000 09586 09587 #define SEC_DELETED_HANDLE ((ULONG_PTR)(-2)) 09588 09589 #define SecInvalidateHandle(x) \ 09590 ((PSecHandle)(x))->dwLower = ((PSecHandle)(x))->dwUpper = ((ULONG_PTR)((INT_PTR)-1)); 09591 09592 #define SecIsValidHandle(x) \ 09593 ( ( ((PSecHandle)(x))->dwLower != (ULONG_PTR)(INT_PTR)-1 ) && \ 09594 ( ((PSecHandle)(x))->dwUpper != (ULONG_PTR)(INT_PTR)-1 ) ) 09595 09596 typedef WCHAR SEC_WCHAR; 09597 typedef CHAR SEC_CHAR; 09598 typedef LARGE_INTEGER _SECURITY_INTEGER, SECURITY_INTEGER, *PSECURITY_INTEGER; 09599 typedef SECURITY_INTEGER TimeStamp, *PTimeStamp; 09600 typedef UNICODE_STRING SECURITY_STRING, *PSECURITY_STRING; 09601 #if ISSP_MODE == 0 09602 #define PSSPI_SEC_STRING PSECURITY_STRING 09603 #else 09604 #define PSSPI_SEC_STRING SEC_WCHAR* 09605 #endif 09606 09607 typedef PVOID PSEC_WINNT_AUTH_IDENTITY_OPAQUE; 09608 09609 #ifndef __SECSTATUS_DEFINED__ 09610 typedef LONG SECURITY_STATUS; 09611 #define __SECSTATUS_DEFINED__ 09612 #endif 09613 09614 typedef enum _SECPKG_CRED_CLASS 09615 { 09616 SecPkgCredClass_None = 0, 09617 SecPkgCredClass_Ephemeral = 10, 09618 SecPkgCredClass_PersistedGeneric = 20, 09619 SecPkgCredClass_PersistedSpecific = 30, 09620 SecPkgCredClass_Explicit = 40, 09621 } SECPKG_CRED_CLASS, *PSECPKG_CRED_CLASS; 09622 09623 typedef struct _SEC_NEGOTIATION_INFO 09624 { 09625 ULONG Size; 09626 ULONG NameLength; 09627 SEC_WCHAR *Name; 09628 PVOID Reserved; 09629 } SEC_NEGOTIATION_INFO, *PSEC_NEGOTIATION_INFO; 09630 09631 typedef struct _SEC_CHANNEL_BINDINGS 09632 { 09633 ULONG dwInitiatorAddrType; 09634 ULONG cbInitiatorLength; 09635 ULONG dwInitiatorOffset; 09636 ULONG dwAcceptorAddrType; 09637 ULONG cbAcceptorLength; 09638 ULONG dwAcceptorOffset; 09639 ULONG cbApplicationDataLength; 09640 ULONG dwApplicationDataOffset; 09641 } SEC_CHANNEL_BINDINGS, *PSEC_CHANNEL_BINDINGS; 09642 09643 #ifndef _AUTH_IDENTITY_EX2_DEFINED 09644 #define _AUTH_IDENTITY_EX2_DEFINED 09645 typedef struct _SEC_WINNT_AUTH_IDENTITY_EX2 09646 { 09647 ULONG Version; 09648 USHORT cbHeaderLength; 09649 ULONG cbStructureLength; 09650 ULONG UserOffset; 09651 USHORT UserLength; 09652 ULONG DomainOffset; 09653 USHORT DomainLength; 09654 ULONG PackedCredentialsOffset; 09655 USHORT PackedCredentialsLength; 09656 ULONG Flags; 09657 ULONG PackageListOffset; 09658 USHORT PackageListLength; 09659 } SEC_WINNT_AUTH_IDENTITY_EX2, *PSEC_WINNT_AUTH_IDENTITY_EX2; 09660 #define SEC_WINNT_AUTH_IDENTITY_VERSION_2 0x201 09661 #endif 09662 09663 #ifndef _AUTH_IDENTITY_DEFINED 09664 #define _AUTH_IDENTITY_DEFINED 09665 typedef struct _SEC_WINNT_AUTH_IDENTITY_W 09666 { 09667 PUSHORT User; 09668 ULONG UserLength; 09669 PUSHORT Domain; 09670 ULONG DomainLength; 09671 PUSHORT Password; 09672 ULONG PasswordLength; 09673 ULONG Flags; 09674 } SEC_WINNT_AUTH_IDENTITY_W, *PSEC_WINNT_AUTH_IDENTITY_W; 09675 #define SEC_WINNT_AUTH_IDENTITY_ANSI 0x1 09676 #define SEC_WINNT_AUTH_IDENTITY_UNICODE 0x2 09677 #define SEC_WINNT_AUTH_IDENTITY SEC_WINNT_AUTH_IDENTITY_W 09678 #define PSEC_WINNT_AUTH_IDENTITY PSEC_WINNT_AUTH_IDENTITY_W 09679 #define _SEC_WINNT_AUTH_IDENTITY _SEC_WINNT_AUTH_IDENTITY_W 09680 #endif 09681 09682 #ifndef SEC_WINNT_AUTH_IDENTITY_VERSION 09683 #define SEC_WINNT_AUTH_IDENTITY_VERSION 0x200 09684 typedef struct _SEC_WINNT_AUTH_IDENTITY_EXW 09685 { 09686 ULONG Version; 09687 ULONG Length; 09688 PUSHORT User; 09689 ULONG UserLength; 09690 PUSHORT Domain; 09691 ULONG DomainLength; 09692 PUSHORT Password; 09693 ULONG PasswordLength; 09694 ULONG Flags; 09695 PUSHORT PackageList; 09696 ULONG PackageListLength; 09697 } SEC_WINNT_AUTH_IDENTITY_EXW, *PSEC_WINNT_AUTH_IDENTITY_EXW; 09698 #define SEC_WINNT_AUTH_IDENTITY_EX SEC_WINNT_AUTH_IDENTITY_EXW 09699 #define PSEC_WINNT_AUTH_IDENTITY_EX PSEC_WINNT_AUTH_IDENTITY_EXW 09700 #endif 09701 09702 #ifndef __SECHANDLE_DEFINED__ 09703 typedef struct _SecHandle 09704 { 09705 ULONG_PTR dwLower; 09706 ULONG_PTR dwUpper; 09707 } SecHandle, *PSecHandle; 09708 #define __SECHANDLE_DEFINED__ 09709 #endif 09710 09711 typedef SecHandle CredHandle, *PCredHandle, CtxtHandle, *PCtxtHandle; 09712 09713 typedef struct _SecBuffer 09714 { 09715 ULONG cbBuffer; 09716 ULONG BufferType; 09717 #ifdef MIDL_PASS 09718 MIDL_PROP([size_is(cbBuffer)]) PCHAR pvBuffer; 09719 #else 09720 __field_bcount(cbBuffer) void SEC_FAR *pvBuffer; 09721 #endif 09722 } SecBuffer, *PSecBuffer; 09723 09724 typedef struct _SecBufferDesc 09725 { 09726 ULONG ulVersion; 09727 ULONG cBuffers; 09728 MIDL_PROP([size_is(cBuffers)]) __field_ecount(cBuffers) PSecBuffer pBuffers; 09729 } SecBufferDesc, SEC_FAR *PSecBufferDesc; 09730 09731 typedef struct _SecPkgInfoW 09732 { 09733 ULONG fCapabilities; 09734 USHORT wVersion; 09735 USHORT wRPCID; 09736 ULONG cbMaxToken; 09737 MIDL_PROP([string]) SEC_WCHAR *Name; 09738 MIDL_PROP([string]) SEC_WCHAR *Comment; 09739 } SecPkgInfoW, *PSecPkgInfoW; 09740 #define SecPkgInfo SecPkgInfoW 09741 #define PSecPkgInfo PSecPkgInfoW 09742 09743 typedef struct _SecPkgCredentials_NamesW 09744 { 09745 MIDL_PROP([string]) SEC_WCHAR *sUserName; 09746 } SecPkgCredentials_NamesW, *PSecPkgCredentials_NamesW; 09747 #define SecPkgCredentials_Names SecPkgCredentials_NamesW 09748 #define PSecPkgCredentials_Names PSecPkgCredentials_NamesW 09749 09750 typedef struct _SecPkgContext_NamesW 09751 { 09752 SEC_WCHAR *sUserName; 09753 } SecPkgContext_NamesW, *PSecPkgContext_NamesW; 09754 #define SecPkgContext_Names SecPkgContext_NamesW 09755 #define PSecPkgContext_Names PSecPkgContext_NamesW 09756 09757 #if OSVER(NTDDI_VERSION) > NTDDI_WIN2K 09758 typedef struct _SecPkgContext_CredentialNameW 09759 { 09760 ULONG CredentialType; 09761 SEC_WCHAR *sCredentialName; 09762 } SecPkgContext_CredentialNameW, *PSecPkgContext_CredentialNameW; 09763 #endif 09764 #define SecPkgContext_CredentialName SecPkgContext_CredentialNameW 09765 #define PSecPkgContext_CredentialName PSecPkgContext_CredentialNameW 09766 09767 typedef struct _SecPkgContext_SubjectAttributes 09768 { 09769 PVOID AttributeInfo; 09770 } SecPkgContext_SubjectAttributes, *PSecPkgContext_SubjectAttributes; 09771 09772 typedef struct _SecPkgContext_CredInfo 09773 { 09774 SECPKG_CRED_CLASS CredClass; 09775 ULONG IsPromptingNeeded; 09776 } SecPkgContext_CredInfo, *PSecPkgContext_CredInfo; 09777 09778 typedef struct _SecPkgContext_NegoPackageInfo 09779 { 09780 ULONG PackageMask; 09781 } SecPkgContext_NegoPackageInfo, *PSecPkgContext_NegoPackageInfo; 09782 09783 typedef struct _SecPkgContext_NegoStatus 09784 { 09785 ULONG LastStatus; 09786 } SecPkgContext_NegoStatus, *PSecPkgContext_NegoStatus; 09787 09788 typedef struct _SecPkgContext_Sizes 09789 { 09790 ULONG cbMaxToken; 09791 ULONG cbMaxSignature; 09792 ULONG cbBlockSize; 09793 ULONG cbSecurityTrailer; 09794 } SecPkgContext_Sizes, *PSecPkgContext_Sizes; 09795 09796 typedef struct _SecPkgContext_StreamSizes 09797 { 09798 ULONG cbHeader; 09799 ULONG cbTrailer; 09800 ULONG cbMaximumMessage; 09801 ULONG cBuffers; 09802 ULONG cbBlockSize; 09803 } SecPkgContext_StreamSizes, *PSecPkgContext_StreamSizes; 09804 09805 typedef struct _SecPkgContext_Lifespan 09806 { 09807 TimeStamp tsStart; 09808 TimeStamp tsExpiry; 09809 } SecPkgContext_Lifespan, *PSecPkgContext_Lifespan; 09810 09811 typedef struct _SecPkgContext_PasswordExpiry 09812 { 09813 TimeStamp tsPasswordExpires; 09814 } SecPkgContext_PasswordExpiry, *PSecPkgContext_PasswordExpiry; 09815 09816 typedef struct _SecPkgContext_ProtoInfoW 09817 { 09818 SEC_WCHAR *sProtocolName; 09819 ULONG majorVersion; 09820 ULONG minorVersion; 09821 } SecPkgContext_ProtoInfoW, *PSecPkgContext_ProtoInfoW; 09822 #define SecPkgContext_ProtoInfo SecPkgContext_ProtoInfoW 09823 #define PSecPkgContext_ProtoInfo PSecPkgContext_ProtoInfoW 09824 09825 typedef struct _SecPkgContext_KeyInfoW 09826 { 09827 SEC_WCHAR *sSignatureAlgorithmName; 09828 SEC_WCHAR *sEncryptAlgorithmName; 09829 ULONG KeySize; 09830 ULONG SignatureAlgorithm; 09831 ULONG EncryptAlgorithm; 09832 } SecPkgContext_KeyInfoW, *PSecPkgContext_KeyInfoW; 09833 #define SecPkgContext_KeyInfo SecPkgContext_KeyInfoW 09834 #define PSecPkgContext_KeyInfo PSecPkgContext_KeyInfoW 09835 09836 typedef struct _SecPkgContext_SessionKey 09837 { 09838 ULONG SessionKeyLength; 09839 __field_bcount(SessionKeyLength) PUCHAR SessionKey; 09840 } SecPkgContext_SessionKey, *PSecPkgContext_SessionKey; 09841 09842 typedef struct _SecPkgContext_NegoKeys 09843 { 09844 ULONG KeyType; 09845 USHORT KeyLength; 09846 __field_bcount(KeyLength) PUCHAR KeyValue; 09847 ULONG VerifyKeyType; 09848 USHORT VerifyKeyLength; 09849 __field_bcount(VerifyKeyLength) PUCHAR VerifyKeyValue; 09850 } SecPkgContext_NegoKeys, *PSecPkgContext_NegoKeys; 09851 09852 typedef struct _SecPkgContext_DceInfo 09853 { 09854 ULONG AuthzSvc; 09855 PVOID pPac; 09856 } SecPkgContext_DceInfo, *PSecPkgContext_DceInfo; 09857 09858 typedef struct _SecPkgContext_PackageInfoW 09859 { 09860 PSecPkgInfoW PackageInfo; 09861 } SecPkgContext_PackageInfoW, *PSecPkgContext_PackageInfoW; 09862 #define SecPkgContext_PackageInfo SecPkgContext_PackageInfoW 09863 #define PSecPkgContext_PackageInfo PSecPkgContext_PackageInfoW 09864 09865 typedef struct _SecPkgContext_UserFlags 09866 { 09867 ULONG UserFlags; 09868 } SecPkgContext_UserFlags, *PSecPkgContext_UserFlags; 09869 09870 typedef struct _SecPkgContext_Flags 09871 { 09872 ULONG Flags; 09873 } SecPkgContext_Flags, *PSecPkgContext_Flags; 09874 09875 typedef struct _SecPkgContext_NegotiationInfoW 09876 { 09877 PSecPkgInfoW PackageInfo ; 09878 ULONG NegotiationState ; 09879 } SecPkgContext_NegotiationInfoW, *PSecPkgContext_NegotiationInfoW; 09880 09881 typedef struct _SecPkgContext_AuthorityW 09882 { 09883 SEC_WCHAR *sAuthorityName; 09884 } SecPkgContext_AuthorityW, *PSecPkgContext_AuthorityW; 09885 #define SecPkgContext_Authority SecPkgContext_AuthorityW 09886 #define PSecPkgContext_Authority PSecPkgContext_AuthorityW 09887 09888 09889 #if NTDDI_VERSION > NTDDI_WS03 09890 typedef struct _SecPkgCredentials_SSIProviderW 09891 { 09892 SEC_WCHAR *sProviderName; 09893 ULONG ProviderInfoLength; 09894 PCHAR ProviderInfo; 09895 } SecPkgCredentials_SSIProviderW, *PSecPkgCredentials_SSIProviderW; 09896 #define SecPkgCredentials_SSIProvider SecPkgCredentials_SSIProviderW 09897 #define PSecPkgCredentials_SSIProvider PSecPkgCredentials_SSIProviderW 09898 09899 typedef struct _SecPkgContext_LogoffTime 09900 { 09901 TimeStamp tsLogoffTime; 09902 } SecPkgContext_LogoffTime, *PSecPkgContext_LogoffTime; 09903 #endif 09904 09905 /* forward declaration */ 09906 typedef struct _SECURITY_FUNCTION_TABLE_W SecurityFunctionTableW, *PSecurityFunctionTableW; 09907 #define SecurityFunctionTable SecurityFunctionTableW 09908 #define PSecurityFunctionTable PSecurityFunctionTableW 09909 09910 typedef 09911 VOID 09912 (SEC_ENTRY * SEC_GET_KEY_FN)( 09913 PVOID Arg, 09914 PVOID Principal, 09915 ULONG KeyVer, 09916 PVOID *Key, 09917 SECURITY_STATUS *Status); 09918 09919 KSECDDDECLSPEC 09920 SECURITY_STATUS 09921 SEC_ENTRY 09922 AcceptSecurityContext( 09923 _In_opt_ PCredHandle phCredential, 09924 _In_opt_ PCtxtHandle phContext, 09925 _In_opt_ PSecBufferDesc pInput, 09926 _In_ ULONG fContextReq, 09927 _In_ ULONG TargetDataRep, 09928 _In_opt_ PCtxtHandle phNewContext, 09929 _In_opt_ PSecBufferDesc pOutput, 09930 _Out_ PULONG pfContextAttr, 09931 _Out_opt_ PTimeStamp ptsExpiry); 09932 09933 typedef 09934 SECURITY_STATUS 09935 (SEC_ENTRY * ACCEPT_SECURITY_CONTEXT_FN)( 09936 PCredHandle, 09937 PCtxtHandle, 09938 PSecBufferDesc, 09939 ULONG, 09940 ULONG, 09941 PCtxtHandle, 09942 PSecBufferDesc, 09943 PULONG, 09944 PTimeStamp); 09945 09946 KSECDDDECLSPEC 09947 SECURITY_STATUS 09948 SEC_ENTRY 09949 AcquireCredentialsHandleW( 09950 _In_opt_ PSSPI_SEC_STRING pPrincipal, 09951 _In_ PSSPI_SEC_STRING pPackage, 09952 _In_ ULONG fCredentialUse, 09953 _In_opt_ PVOID pvLogonId, 09954 _In_opt_ PVOID pAuthData, 09955 _In_opt_ SEC_GET_KEY_FN pGetKeyFn, 09956 _In_opt_ PVOID pvGetKeyArgument, 09957 _Out_ PCredHandle phCredential, 09958 _Out_opt_ PTimeStamp ptsExpiry); 09959 #define AcquireCredentialsHandle AcquireCredentialsHandleW 09960 09961 typedef 09962 SECURITY_STATUS 09963 (SEC_ENTRY * ACQUIRE_CREDENTIALS_HANDLE_FN_W)( 09964 PSSPI_SEC_STRING, 09965 PSSPI_SEC_STRING, 09966 ULONG, 09967 PVOID, 09968 PVOID, 09969 SEC_GET_KEY_FN, 09970 PVOID, 09971 PCredHandle, 09972 PTimeStamp); 09973 #define ACQUIRE_CREDENTIALS_HANDLE_FN ACQUIRE_CREDENTIALS_HANDLE_FN_W 09974 09975 SECURITY_STATUS 09976 SEC_ENTRY 09977 AddCredentialsA( 09978 _In_ PCredHandle hCredentials, 09979 _In_opt_ LPSTR pszPrincipal, 09980 _In_ LPSTR pszPackage, 09981 _In_ ULONG fCredentialUse, 09982 _In_opt_ PVOID pAuthData, 09983 _In_opt_ SEC_GET_KEY_FN pGetKeyFn, 09984 _In_opt_ PVOID pvGetKeyArgument, 09985 _Out_opt_ PTimeStamp ptsExpiry); 09986 09987 typedef 09988 SECURITY_STATUS 09989 (SEC_ENTRY * ADD_CREDENTIALS_FN_A)( 09990 PCredHandle, 09991 SEC_CHAR *, 09992 SEC_CHAR *, 09993 ULONG, 09994 PVOID, 09995 SEC_GET_KEY_FN, 09996 PVOID, 09997 PTimeStamp); 09998 09999 KSECDDDECLSPEC 10000 SECURITY_STATUS 10001 SEC_ENTRY 10002 AddCredentialsW( 10003 _In_ PCredHandle hCredentials, 10004 _In_opt_ PSSPI_SEC_STRING pPrincipal, 10005 _In_ PSSPI_SEC_STRING pPackage, 10006 _In_ ULONG fCredentialUse, 10007 _In_opt_ PVOID pAuthData, 10008 _In_opt_ SEC_GET_KEY_FN pGetKeyFn, 10009 _In_opt_ PVOID pvGetKeyArgument, 10010 _Out_opt_ PTimeStamp ptsExpiry); 10011 10012 typedef 10013 SECURITY_STATUS 10014 (SEC_ENTRY * ADD_CREDENTIALS_FN_W)( 10015 PCredHandle, 10016 PSSPI_SEC_STRING, 10017 PSSPI_SEC_STRING, 10018 ULONG, 10019 PVOID, 10020 SEC_GET_KEY_FN, 10021 PVOID, 10022 PTimeStamp); 10023 10024 #ifdef UNICODE 10025 #define AddCredentials AddCredentialsW 10026 #define ADD_CREDENTIALS_FN ADD_CREDENTIALS_FN_W 10027 #else 10028 #define AddCredentials AddCredentialsA 10029 #define ADD_CREDENTIALS_FN ADD_CREDENTIALS_FN_A 10030 #endif 10031 10032 KSECDDDECLSPEC 10033 SECURITY_STATUS 10034 SEC_ENTRY 10035 ApplyControlToken( 10036 _In_ PCtxtHandle phContext, 10037 _In_ PSecBufferDesc pInput); 10038 10039 typedef 10040 SECURITY_STATUS 10041 (SEC_ENTRY * APPLY_CONTROL_TOKEN_FN)( 10042 PCtxtHandle, PSecBufferDesc); 10043 10044 #if (ISSP_MODE != 0) 10045 10046 SECURITY_STATUS 10047 SEC_ENTRY 10048 ChangeAccountPasswordA( 10049 _In_ SEC_CHAR* pszPackageName, 10050 _In_ SEC_CHAR* pszDomainName, 10051 _In_ SEC_CHAR* pszAccountName, 10052 _In_ SEC_CHAR* pszOldPassword, 10053 _In_ SEC_CHAR* pszNewPassword, 10054 _In_ BOOLEAN bImpersonating, 10055 _In_ ULONG dwReserved, 10056 _Inout_ PSecBufferDesc pOutput); 10057 10058 typedef 10059 SECURITY_STATUS 10060 (SEC_ENTRY * CHANGE_PASSWORD_FN_A)( 10061 SEC_CHAR *, 10062 SEC_CHAR *, 10063 SEC_CHAR *, 10064 SEC_CHAR *, 10065 SEC_CHAR *, 10066 BOOLEAN, 10067 ULONG, 10068 PSecBufferDesc); 10069 10070 SECURITY_STATUS 10071 SEC_ENTRY 10072 ChangeAccountPasswordW( 10073 _In_ SEC_WCHAR* pszPackageName, 10074 _In_ SEC_WCHAR* pszDomainName, 10075 _In_ SEC_WCHAR* pszAccountName, 10076 _In_ SEC_WCHAR* pszOldPassword, 10077 _In_ SEC_WCHAR* pszNewPassword, 10078 _In_ BOOLEAN bImpersonating, 10079 _In_ ULONG dwReserved, 10080 _Inout_ PSecBufferDesc pOutput); 10081 10082 typedef 10083 SECURITY_STATUS 10084 (SEC_ENTRY * CHANGE_PASSWORD_FN_W)( 10085 SEC_WCHAR *, 10086 SEC_WCHAR *, 10087 SEC_WCHAR *, 10088 SEC_WCHAR *, 10089 SEC_WCHAR *, 10090 BOOLEAN, 10091 ULONG, 10092 PSecBufferDesc); 10093 10094 #ifdef UNICODE 10095 #define ChangeAccountPassword ChangeAccountPasswordW 10096 #define CHANGE_PASSWORD_FN CHANGE_PASSWORD_FN_W 10097 #else 10098 #define ChangeAccountPassword ChangeAccountPasswordA 10099 #define CHANGE_PASSWORD_FN CHANGE_PASSWORD_FN_A 10100 #endif 10101 10102 #endif /* ISSP_MODE != 0 */ 10103 10104 SECURITY_STATUS 10105 SEC_ENTRY 10106 CompleteAuthToken( 10107 _In_ PCtxtHandle phContext, 10108 _In_ PSecBufferDesc pToken); 10109 10110 typedef 10111 SECURITY_STATUS 10112 (SEC_ENTRY * COMPLETE_AUTH_TOKEN_FN)( 10113 PCtxtHandle, 10114 PSecBufferDesc); 10115 10116 SECURITY_STATUS 10117 SEC_ENTRY 10118 DecryptMessage( 10119 _In_ PCtxtHandle phContext, 10120 _Inout_ PSecBufferDesc pMessage, 10121 _In_ ULONG MessageSeqNo, 10122 _Out_opt_ PULONG pfQOP); 10123 10124 typedef 10125 SECURITY_STATUS 10126 (SEC_ENTRY * DECRYPT_MESSAGE_FN)( 10127 PCtxtHandle, 10128 PSecBufferDesc, 10129 ULONG, 10130 PULONG); 10131 10132 KSECDDDECLSPEC 10133 SECURITY_STATUS 10134 SEC_ENTRY 10135 DeleteSecurityContext( 10136 _In_ PCtxtHandle phContext); 10137 10138 typedef 10139 SECURITY_STATUS 10140 (SEC_ENTRY * DELETE_SECURITY_CONTEXT_FN)( 10141 PCtxtHandle); 10142 10143 SECURITY_STATUS 10144 SEC_ENTRY 10145 EncryptMessage( 10146 _In_ PCtxtHandle phContext, 10147 _In_ ULONG fQOP, 10148 _Inout_ PSecBufferDesc pMessage, 10149 _In_ ULONG MessageSeqNo); 10150 10151 typedef 10152 SECURITY_STATUS 10153 (SEC_ENTRY * ENCRYPT_MESSAGE_FN)( 10154 PCtxtHandle, 10155 ULONG, 10156 PSecBufferDesc, 10157 ULONG); 10158 10159 KSECDDDECLSPEC 10160 SECURITY_STATUS 10161 SEC_ENTRY 10162 EnumerateSecurityPackagesW( 10163 _Out_ PULONG pcPackages, 10164 _Deref_out_ PSecPkgInfoW* ppPackageInfo); 10165 #define EnumerateSecurityPackages EnumerateSecurityPackagesW 10166 10167 typedef 10168 SECURITY_STATUS 10169 (SEC_ENTRY * ENUMERATE_SECURITY_PACKAGES_FN_W)( 10170 PULONG, 10171 PSecPkgInfoW*); 10172 #define ENUMERATE_SECURITY_PACKAGES_FN ENUMERATE_SECURITY_PACKAGES_FN_W 10173 10174 KSECDDDECLSPEC 10175 SECURITY_STATUS 10176 SEC_ENTRY 10177 ExportSecurityContext( 10178 _In_ PCtxtHandle phContext, 10179 _In_ ULONG fFlags, 10180 _Out_ PSecBuffer pPackedContext, 10181 _Out_ PVOID* pToken); 10182 10183 typedef 10184 SECURITY_STATUS 10185 (SEC_ENTRY * EXPORT_SECURITY_CONTEXT_FN)( 10186 PCtxtHandle, 10187 ULONG, 10188 PSecBuffer, 10189 PVOID*); 10190 10191 SECURITY_STATUS 10192 SEC_ENTRY 10193 FreeContextBuffer( 10194 _Inout_ PVOID pvContextBuffer); 10195 10196 typedef 10197 SECURITY_STATUS 10198 (SEC_ENTRY * FREE_CONTEXT_BUFFER_FN)( 10199 _Inout_ PVOID); 10200 10201 KSECDDDECLSPEC 10202 SECURITY_STATUS 10203 SEC_ENTRY 10204 FreeCredentialsHandle( 10205 _In_ PCredHandle phCredential); 10206 10207 typedef 10208 SECURITY_STATUS 10209 (SEC_ENTRY * FREE_CREDENTIALS_HANDLE_FN)( 10210 PCredHandle); 10211 10212 KSECDDDECLSPEC 10213 SECURITY_STATUS 10214 SEC_ENTRY 10215 ImpersonateSecurityContext( 10216 _In_ PCtxtHandle phContext); 10217 10218 typedef 10219 SECURITY_STATUS 10220 (SEC_ENTRY * IMPERSONATE_SECURITY_CONTEXT_FN)( 10221 PCtxtHandle); 10222 10223 KSECDDDECLSPEC 10224 SECURITY_STATUS 10225 SEC_ENTRY 10226 ImportSecurityContextW( 10227 _In_ PSSPI_SEC_STRING pszPackage, 10228 _In_ PSecBuffer pPackedContext, 10229 _In_ PVOID Token, 10230 _Out_ PCtxtHandle phContext); 10231 #define ImportSecurityContext ImportSecurityContextW 10232 10233 typedef 10234 SECURITY_STATUS 10235 (SEC_ENTRY * IMPORT_SECURITY_CONTEXT_FN_W)( 10236 PSSPI_SEC_STRING, 10237 PSecBuffer, 10238 PVOID, 10239 PCtxtHandle); 10240 #define IMPORT_SECURITY_CONTEXT_FN IMPORT_SECURITY_CONTEXT_FN_W 10241 10242 KSECDDDECLSPEC 10243 SECURITY_STATUS 10244 SEC_ENTRY 10245 InitializeSecurityContextW( 10246 _In_opt_ PCredHandle phCredential, 10247 _In_opt_ PCtxtHandle phContext, 10248 _In_opt_ PSSPI_SEC_STRING pTargetName, 10249 _In_ ULONG fContextReq, 10250 _In_ ULONG Reserved1, 10251 _In_ ULONG TargetDataRep, 10252 _In_opt_ PSecBufferDesc pInput, 10253 _In_ ULONG Reserved2, 10254 _Inout_opt_ PCtxtHandle phNewContext, 10255 _Inout_opt_ PSecBufferDesc pOutput, 10256 _Out_ PULONG pfContextAttr, 10257 _Out_opt_ PTimeStamp ptsExpiry); 10258 #define InitializeSecurityContext InitializeSecurityContextW 10259 10260 typedef 10261 SECURITY_STATUS 10262 (SEC_ENTRY * INITIALIZE_SECURITY_CONTEXT_FN_W)( 10263 PCredHandle, 10264 PCtxtHandle, 10265 PSSPI_SEC_STRING, 10266 ULONG, 10267 ULONG, 10268 ULONG, 10269 PSecBufferDesc, 10270 ULONG, 10271 PCtxtHandle, 10272 PSecBufferDesc, 10273 PULONG, 10274 PTimeStamp); 10275 #define INITIALIZE_SECURITY_CONTEXT_FN INITIALIZE_SECURITY_CONTEXT_FN_W 10276 10277 KSECDDDECLSPEC 10278 PSecurityFunctionTableW 10279 SEC_ENTRY 10280 InitSecurityInterfaceW(VOID); 10281 #define InitSecurityInterface InitSecurityInterfaceW 10282 10283 typedef 10284 PSecurityFunctionTableW 10285 (SEC_ENTRY * INIT_SECURITY_INTERFACE_W)(VOID); 10286 #define INIT_SECURITY_INTERFACE INIT_SECURITY_INTERFACE_W 10287 10288 KSECDDDECLSPEC 10289 SECURITY_STATUS 10290 SEC_ENTRY 10291 MakeSignature( 10292 _In_ PCtxtHandle phContext, 10293 _In_ ULONG fQOP, 10294 _In_ PSecBufferDesc pMessage, 10295 _In_ ULONG MessageSeqNo); 10296 10297 typedef 10298 SECURITY_STATUS 10299 (SEC_ENTRY * MAKE_SIGNATURE_FN)( 10300 PCtxtHandle, 10301 ULONG, 10302 PSecBufferDesc, 10303 ULONG); 10304 10305 KSECDDDECLSPEC 10306 SECURITY_STATUS 10307 SEC_ENTRY 10308 QueryContextAttributesW( 10309 _In_ PCtxtHandle phContext, 10310 _In_ ULONG ulAttribute, 10311 _Out_ PVOID pBuffer); 10312 #define QueryContextAttributes QueryContextAttributesW 10313 10314 typedef 10315 SECURITY_STATUS 10316 (SEC_ENTRY * QUERY_CONTEXT_ATTRIBUTES_FN_W)( 10317 PCtxtHandle, 10318 ULONG, 10319 PVOID); 10320 #define QUERY_CONTEXT_ATTRIBUTES_FN QUERY_CONTEXT_ATTRIBUTES_FN_W 10321 10322 KSECDDDECLSPEC 10323 SECURITY_STATUS 10324 SEC_ENTRY 10325 QueryCredentialsAttributesW( 10326 _In_ PCredHandle phCredential, 10327 _In_ ULONG ulAttribute, 10328 _Inout_ PVOID pBuffer); 10329 #define QueryCredentialsAttributes QueryCredentialsAttributesW 10330 10331 typedef 10332 SECURITY_STATUS 10333 (SEC_ENTRY * QUERY_CREDENTIALS_ATTRIBUTES_FN_W)( 10334 PCredHandle, 10335 ULONG, 10336 PVOID); 10337 #define QUERY_CREDENTIALS_ATTRIBUTES_FN QUERY_CREDENTIALS_ATTRIBUTES_FN_W 10338 10339 KSECDDDECLSPEC 10340 SECURITY_STATUS 10341 SEC_ENTRY 10342 QuerySecurityContextToken( 10343 _In_ PCtxtHandle phContext, 10344 _Out_ PVOID* Token); 10345 10346 typedef 10347 SECURITY_STATUS 10348 (SEC_ENTRY * QUERY_SECURITY_CONTEXT_TOKEN_FN)( 10349 PCtxtHandle, PVOID *); 10350 10351 KSECDDDECLSPEC 10352 SECURITY_STATUS 10353 SEC_ENTRY 10354 QuerySecurityPackageInfoW( 10355 _In_ PSSPI_SEC_STRING pPackageName, 10356 _Deref_out_ PSecPkgInfoW *ppPackageInfo); 10357 #define QuerySecurityPackageInfo QuerySecurityPackageInfoW 10358 10359 typedef 10360 SECURITY_STATUS 10361 (SEC_ENTRY * QUERY_SECURITY_PACKAGE_INFO_FN_W)( 10362 PSSPI_SEC_STRING, 10363 PSecPkgInfoW *); 10364 #define QUERY_SECURITY_PACKAGE_INFO_FN QUERY_SECURITY_PACKAGE_INFO_FN_W 10365 10366 KSECDDDECLSPEC 10367 SECURITY_STATUS 10368 SEC_ENTRY 10369 RevertSecurityContext( 10370 _In_ PCtxtHandle phContext); 10371 10372 typedef 10373 SECURITY_STATUS 10374 (SEC_ENTRY * REVERT_SECURITY_CONTEXT_FN)( 10375 PCtxtHandle); 10376 10377 #if (OSVER(NTDDI_VERSION) > NTDDI_WIN2K) 10378 SECURITY_STATUS 10379 SEC_ENTRY 10380 SetContextAttributesW( 10381 _In_ PCtxtHandle phContext, 10382 _In_ ULONG ulAttribute, 10383 _In_bytecount_(cbBuffer) PVOID pBuffer, 10384 _In_ ULONG cbBuffer); 10385 #define SetContextAttributes SetContextAttributesW 10386 10387 typedef 10388 SECURITY_STATUS 10389 (SEC_ENTRY * SET_CONTEXT_ATTRIBUTES_FN_W)( 10390 PCtxtHandle, 10391 ULONG, 10392 PVOID, 10393 ULONG); 10394 #define SET_CONTEXT_ATTRIBUTES_FN SET_CONTEXT_ATTRIBUTES_FN_W 10395 #endif 10396 10397 #if (NTDDI_VERSION > NTDDI_WS03) 10398 KSECDDDECLSPEC 10399 SECURITY_STATUS 10400 SEC_ENTRY 10401 SetCredentialsAttributesW( 10402 _In_ PCredHandle phCredential, 10403 _In_ ULONG ulAttribute, 10404 _In_bytecount_(cbBuffer) PVOID pBuffer, 10405 _In_ ULONG cbBuffer); 10406 #define SetCredentialsAttributes SetCredentialsAttributesW 10407 10408 typedef 10409 SECURITY_STATUS 10410 (SEC_ENTRY * SET_CREDENTIALS_ATTRIBUTES_FN_W)( 10411 PCredHandle, 10412 ULONG, 10413 PVOID, 10414 ULONG); 10415 #define SET_CREDENTIALS_ATTRIBUTES_FN SET_CREDENTIALS_ATTRIBUTES_FN_W 10416 #endif /* NTDDI_VERSION > NTDDI_WS03 */ 10417 10418 KSECDDDECLSPEC 10419 SECURITY_STATUS 10420 SEC_ENTRY 10421 VerifySignature( 10422 _In_ PCtxtHandle phContext, 10423 _In_ PSecBufferDesc pMessage, 10424 _In_ ULONG MessageSeqNo, 10425 _Out_ PULONG pfQOP); 10426 10427 typedef 10428 SECURITY_STATUS 10429 (SEC_ENTRY * VERIFY_SIGNATURE_FN)( 10430 PCtxtHandle, 10431 PSecBufferDesc, 10432 ULONG, 10433 PULONG); 10434 10435 #if (ISSP_MODE == 0) 10436 10437 KSECDDDECLSPEC 10438 NTSTATUS 10439 NTAPI 10440 SecMakeSPN( 10441 _In_ PUNICODE_STRING ServiceClass, 10442 _In_ PUNICODE_STRING ServiceName, 10443 _In_opt_ PUNICODE_STRING InstanceName, 10444 _In_opt_ USHORT InstancePort, 10445 _In_opt_ PUNICODE_STRING Referrer, 10446 _Inout_ PUNICODE_STRING Spn, 10447 _Out_opt_ PULONG Length, 10448 _In_ BOOLEAN Allocate); 10449 10450 #if (NTDDI_VERSION >= NTDDI_WINXP) 10451 KSECDDDECLSPEC 10452 NTSTATUS 10453 NTAPI 10454 SecMakeSPNEx( 10455 _In_ PUNICODE_STRING ServiceClass, 10456 _In_ PUNICODE_STRING ServiceName, 10457 _In_opt_ PUNICODE_STRING InstanceName, 10458 _In_opt_ USHORT InstancePort, 10459 _In_opt_ PUNICODE_STRING Referrer, 10460 _In_opt_ PUNICODE_STRING TargetInfo, 10461 _Inout_ PUNICODE_STRING Spn, 10462 _Out_ PULONG Length OPTIONAL, 10463 _In_ BOOLEAN Allocate); 10464 10465 KSECDDDECLSPEC 10466 NTSTATUS 10467 SEC_ENTRY 10468 SecLookupAccountSid( 10469 _In_ PSID Sid, 10470 _Out_ PULONG NameSize, 10471 _Inout_ PUNICODE_STRING NameBuffer, 10472 _Out_ PULONG DomainSize OPTIONAL, 10473 _Out_opt_ PUNICODE_STRING DomainBuffer, 10474 _Out_ PSID_NAME_USE NameUse); 10475 10476 KSECDDDECLSPEC 10477 NTSTATUS 10478 SEC_ENTRY 10479 SecLookupAccountName( 10480 _In_ PUNICODE_STRING Name, 10481 _Inout_ PULONG SidSize, 10482 _Out_ PSID Sid, 10483 _Out_ PSID_NAME_USE NameUse, 10484 _Out_opt_ PULONG DomainSize, // WDK says _Out_ only + ... OPTIONAL 10485 _Inout_opt_ PUNICODE_STRING ReferencedDomain); 10486 #endif 10487 10488 #if (NTDDI_VERSION >= NTDDI_WS03) 10489 KSECDDDECLSPEC 10490 NTSTATUS 10491 SEC_ENTRY 10492 SecLookupWellKnownSid( 10493 _In_ WELL_KNOWN_SID_TYPE SidType, 10494 _Out_ PSID Sid, 10495 _In_ ULONG SidBufferSize, 10496 _Inout_opt_ PULONG SidSize); 10497 #endif 10498 10499 #if (NTDDI_VERSION >= NTDDI_VISTA) 10500 KSECDDDECLSPEC 10501 NTSTATUS 10502 NTAPI 10503 SecMakeSPNEx2( 10504 _In_ PUNICODE_STRING ServiceClass, 10505 _In_ PUNICODE_STRING ServiceName, 10506 _In_opt_ PUNICODE_STRING InstanceName, 10507 _In_opt_ USHORT InstancePort, 10508 _In_opt_ PUNICODE_STRING Referrer, 10509 _In_opt_ PUNICODE_STRING InTargetInfo, 10510 _Inout_ PUNICODE_STRING Spn, 10511 _Out_opt_ PULONG TotalSize, 10512 _In_ BOOLEAN Allocate, 10513 _In_ BOOLEAN IsTargetInfoMarshaled); 10514 #endif 10515 10516 #endif /* ISSP_MODE == 0 */ 10517 10518 #if (NTDDI_VERSION >= NTDDI_WIN7) 10519 10520 SECURITY_STATUS 10521 SEC_ENTRY 10522 SspiEncodeAuthIdentityAsStrings( 10523 _In_ PSEC_WINNT_AUTH_IDENTITY_OPAQUE pAuthIdentity, 10524 _Deref_out_opt_ PCWSTR* ppszUserName, 10525 _Deref_out_opt_ PCWSTR* ppszDomainName, 10526 _Deref_opt_out_opt_ PCWSTR* ppszPackedCredentialsString); 10527 10528 SECURITY_STATUS 10529 SEC_ENTRY 10530 SspiValidateAuthIdentity( 10531 _In_ PSEC_WINNT_AUTH_IDENTITY_OPAQUE AuthData); 10532 10533 SECURITY_STATUS 10534 SEC_ENTRY 10535 SspiCopyAuthIdentity( 10536 _In_ PSEC_WINNT_AUTH_IDENTITY_OPAQUE AuthData, 10537 _Deref_out_ PSEC_WINNT_AUTH_IDENTITY_OPAQUE* AuthDataCopy); 10538 10539 VOID 10540 SEC_ENTRY 10541 SspiFreeAuthIdentity( 10542 _In_opt_ PSEC_WINNT_AUTH_IDENTITY_OPAQUE AuthData); 10543 10544 VOID 10545 SEC_ENTRY 10546 SspiZeroAuthIdentity( 10547 _In_opt_ PSEC_WINNT_AUTH_IDENTITY_OPAQUE AuthData); 10548 10549 VOID 10550 SEC_ENTRY 10551 SspiLocalFree( 10552 _In_opt_ PVOID DataBuffer); 10553 10554 SECURITY_STATUS 10555 SEC_ENTRY 10556 SspiEncodeStringsAsAuthIdentity( 10557 _In_opt_ PCWSTR pszUserName, 10558 _In_opt_ PCWSTR pszDomainName, 10559 _In_opt_ PCWSTR pszPackedCredentialsString, 10560 _Deref_out_ PSEC_WINNT_AUTH_IDENTITY_OPAQUE* ppAuthIdentity); 10561 10562 SECURITY_STATUS 10563 SEC_ENTRY 10564 SspiCompareAuthIdentities( 10565 _In_opt_ PSEC_WINNT_AUTH_IDENTITY_OPAQUE AuthIdentity1, 10566 _In_opt_ PSEC_WINNT_AUTH_IDENTITY_OPAQUE AuthIdentity2, 10567 _Out_opt_ PBOOLEAN SameSuppliedUser, 10568 _Out_opt_ PBOOLEAN SameSuppliedIdentity); 10569 10570 SECURITY_STATUS 10571 SEC_ENTRY 10572 SspiMarshalAuthIdentity( 10573 _In_ PSEC_WINNT_AUTH_IDENTITY_OPAQUE AuthIdentity, 10574 _Out_ PULONG AuthIdentityLength, 10575 _Outptr_result_bytebuffer_(*AuthIdentityLength) PCHAR* AuthIdentityByteArray); 10576 10577 SECURITY_STATUS 10578 SEC_ENTRY 10579 SspiUnmarshalAuthIdentity( 10580 _In_ PULONG AuthIdentityLength, 10581 _In_reads_bytes_(AuthIdentityLength) PCHAR AuthIdentityByteArray, 10582 _Outptr_ PSEC_WINNT_AUTH_IDENTITY_OPAQUE* ppAuthIdentity); 10583 10584 BOOLEAN 10585 SEC_ENTRY 10586 SspiIsPromptingNeeded( 10587 _In_ PULONG ErrorOrNtStatus); 10588 10589 SECURITY_STATUS 10590 SEC_ENTRY 10591 SspiGetTargetHostName( 10592 _In_ PCWSTR pszTargetName, 10593 _Outptr_ PWSTR* pszHostName); 10594 10595 SECURITY_STATUS 10596 SEC_ENTRY 10597 SspiExcludePackage( 10598 _In_opt_ PSEC_WINNT_AUTH_IDENTITY_OPAQUE AuthIdentity, 10599 _In_ PCWSTR pszPackageName, 10600 _Outptr_ PSEC_WINNT_AUTH_IDENTITY_OPAQUE* ppNewAuthIdentity); 10601 10602 #define SEC_WINNT_AUTH_IDENTITY_MARSHALLED 0x04 10603 #define SEC_WINNT_AUTH_IDENTITY_ONLY 0x08 10604 10605 #endif /* NTDDI_VERSION >= NTDDI_WIN7 */ 10606 10607 #define FreeCredentialHandle FreeCredentialsHandle 10608 struct _SECURITY_FUNCTION_TABLE_W 10609 { 10610 ULONG dwVersion; 10611 ENUMERATE_SECURITY_PACKAGES_FN_W EnumerateSecurityPackagesW; 10612 QUERY_CREDENTIALS_ATTRIBUTES_FN_W QueryCredentialsAttributesW; 10613 ACQUIRE_CREDENTIALS_HANDLE_FN_W AcquireCredentialsHandleW; 10614 FREE_CREDENTIALS_HANDLE_FN FreeCredentialsHandle; 10615 PVOID Reserved2; 10616 INITIALIZE_SECURITY_CONTEXT_FN_W InitializeSecurityContextW; 10617 ACCEPT_SECURITY_CONTEXT_FN AcceptSecurityContext; 10618 COMPLETE_AUTH_TOKEN_FN CompleteAuthToken; 10619 DELETE_SECURITY_CONTEXT_FN DeleteSecurityContext; 10620 APPLY_CONTROL_TOKEN_FN ApplyControlToken; 10621 QUERY_CONTEXT_ATTRIBUTES_FN_W QueryContextAttributesW; 10622 IMPERSONATE_SECURITY_CONTEXT_FN ImpersonateSecurityContext; 10623 REVERT_SECURITY_CONTEXT_FN RevertSecurityContext; 10624 MAKE_SIGNATURE_FN MakeSignature; 10625 VERIFY_SIGNATURE_FN VerifySignature; 10626 FREE_CONTEXT_BUFFER_FN FreeContextBuffer; 10627 QUERY_SECURITY_PACKAGE_INFO_FN_W QuerySecurityPackageInfoW; 10628 PVOID Reserved3; 10629 PVOID Reserved4; 10630 EXPORT_SECURITY_CONTEXT_FN ExportSecurityContext; 10631 IMPORT_SECURITY_CONTEXT_FN_W ImportSecurityContextW; 10632 ADD_CREDENTIALS_FN_W AddCredentialsW ; 10633 PVOID Reserved8; 10634 QUERY_SECURITY_CONTEXT_TOKEN_FN QuerySecurityContextToken; 10635 ENCRYPT_MESSAGE_FN EncryptMessage; 10636 DECRYPT_MESSAGE_FN DecryptMessage; 10637 #if OSVER(NTDDI_VERSION) > NTDDI_WIN2K 10638 SET_CONTEXT_ATTRIBUTES_FN_W SetContextAttributesW; 10639 #endif 10640 #if NTDDI_VERSION > NTDDI_WS03SP1 10641 SET_CREDENTIALS_ATTRIBUTES_FN_W SetCredentialsAttributesW; 10642 #endif 10643 #if ISSP_MODE != 0 10644 CHANGE_PASSWORD_FN_W ChangeAccountPasswordW; 10645 #else 10646 PVOID Reserved9; 10647 #endif 10648 }; 10649 10650 #endif /* !__SSPI_H__ */ 10651 10652 /* #if !defined(_X86AMD64_) FIXME : WHAT ?! */ 10653 #if defined(_WIN64) 10654 C_ASSERT(sizeof(ERESOURCE) == 0x68); 10655 C_ASSERT(FIELD_OFFSET(ERESOURCE,ActiveCount) == 0x18); 10656 C_ASSERT(FIELD_OFFSET(ERESOURCE,Flag) == 0x1a); 10657 #else 10658 C_ASSERT(sizeof(ERESOURCE) == 0x38); 10659 C_ASSERT(FIELD_OFFSET(ERESOURCE,ActiveCount) == 0x0c); 10660 C_ASSERT(FIELD_OFFSET(ERESOURCE,Flag) == 0x0e); 10661 #endif 10662 /* #endif */ 10663 10664 #if defined(_IA64_) 10665 #if (NTDDI_VERSION >= NTDDI_WIN2K) 10666 //DECLSPEC_DEPRECATED_DDK 10667 NTHALAPI 10668 ULONG 10669 NTAPI 10670 HalGetDmaAlignmentRequirement( 10671 VOID); 10672 #endif 10673 #endif 10674 10675 #if defined(_M_IX86) || defined(_M_AMD64) 10676 #define HalGetDmaAlignmentRequirement() 1L 10677 #endif 10678 10679 extern NTKERNELAPI PUSHORT NlsOemLeadByteInfo; 10680 #define NLS_OEM_LEAD_BYTE_INFO NlsOemLeadByteInfo 10681 10682 #ifdef NLS_MB_CODE_PAGE_TAG 10683 #undef NLS_MB_CODE_PAGE_TAG 10684 #endif 10685 #define NLS_MB_CODE_PAGE_TAG NlsMbOemCodePageTag 10686 10687 #if (NTDDI_VERSION >= NTDDI_VISTA) 10688 10689 typedef enum _NETWORK_OPEN_LOCATION_QUALIFIER { 10690 NetworkOpenLocationAny, 10691 NetworkOpenLocationRemote, 10692 NetworkOpenLocationLoopback 10693 } NETWORK_OPEN_LOCATION_QUALIFIER; 10694 10695 typedef enum _NETWORK_OPEN_INTEGRITY_QUALIFIER { 10696 NetworkOpenIntegrityAny, 10697 NetworkOpenIntegrityNone, 10698 NetworkOpenIntegritySigned, 10699 NetworkOpenIntegrityEncrypted, 10700 NetworkOpenIntegrityMaximum 10701 } NETWORK_OPEN_INTEGRITY_QUALIFIER; 10702 10703 #if (NTDDI_VERSION >= NTDDI_WIN7) 10704 10705 #define NETWORK_OPEN_ECP_IN_FLAG_DISABLE_HANDLE_COLLAPSING 0x1 10706 #define NETWORK_OPEN_ECP_IN_FLAG_DISABLE_HANDLE_DURABILITY 0x2 10707 #define NETWORK_OPEN_ECP_IN_FLAG_FORCE_BUFFERED_SYNCHRONOUS_IO_HACK 0x80000000 10708 10709 typedef struct _NETWORK_OPEN_ECP_CONTEXT { 10710 USHORT Size; 10711 USHORT Reserved; 10712 _ANONYMOUS_STRUCT struct { 10713 struct { 10714 NETWORK_OPEN_LOCATION_QUALIFIER Location; 10715 NETWORK_OPEN_INTEGRITY_QUALIFIER Integrity; 10716 ULONG Flags; 10717 } in; 10718 struct { 10719 NETWORK_OPEN_LOCATION_QUALIFIER Location; 10720 NETWORK_OPEN_INTEGRITY_QUALIFIER Integrity; 10721 ULONG Flags; 10722 } out; 10723 } DUMMYSTRUCTNAME; 10724 } NETWORK_OPEN_ECP_CONTEXT, *PNETWORK_OPEN_ECP_CONTEXT; 10725 10726 typedef struct _NETWORK_OPEN_ECP_CONTEXT_V0 { 10727 USHORT Size; 10728 USHORT Reserved; 10729 _ANONYMOUS_STRUCT struct { 10730 struct { 10731 NETWORK_OPEN_LOCATION_QUALIFIER Location; 10732 NETWORK_OPEN_INTEGRITY_QUALIFIER Integrity; 10733 } in; 10734 struct { 10735 NETWORK_OPEN_LOCATION_QUALIFIER Location; 10736 NETWORK_OPEN_INTEGRITY_QUALIFIER Integrity; 10737 } out; 10738 } DUMMYSTRUCTNAME; 10739 } NETWORK_OPEN_ECP_CONTEXT_V0, *PNETWORK_OPEN_ECP_CONTEXT_V0; 10740 10741 #elif (NTDDI_VERSION >= NTDDI_VISTA) 10742 typedef struct _NETWORK_OPEN_ECP_CONTEXT { 10743 USHORT Size; 10744 USHORT Reserved; 10745 _ANONYMOUS_STRUCT struct { 10746 struct { 10747 NETWORK_OPEN_LOCATION_QUALIFIER Location; 10748 NETWORK_OPEN_INTEGRITY_QUALIFIER Integrity; 10749 } in; 10750 struct { 10751 NETWORK_OPEN_LOCATION_QUALIFIER Location; 10752 NETWORK_OPEN_INTEGRITY_QUALIFIER Integrity; 10753 } out; 10754 } DUMMYSTRUCTNAME; 10755 } NETWORK_OPEN_ECP_CONTEXT, *PNETWORK_OPEN_ECP_CONTEXT; 10756 #endif 10757 10758 DEFINE_GUID(GUID_ECP_NETWORK_OPEN_CONTEXT, 0xc584edbf, 0x00df, 0x4d28, 0xb8, 0x84, 0x35, 0xba, 0xca, 0x89, 0x11, 0xe8); 10759 10760 #endif /* (NTDDI_VERSION >= NTDDI_VISTA) */ 10761 10762 10763 #if (NTDDI_VERSION >= NTDDI_VISTA) 10764 10765 typedef struct _PREFETCH_OPEN_ECP_CONTEXT { 10766 PVOID Context; 10767 } PREFETCH_OPEN_ECP_CONTEXT, *PPREFETCH_OPEN_ECP_CONTEXT; 10768 10769 DEFINE_GUID(GUID_ECP_PREFETCH_OPEN, 0xe1777b21, 0x847e, 0x4837, 0xaa, 0x45, 0x64, 0x16, 0x1d, 0x28, 0x6, 0x55); 10770 10771 #endif /* (NTDDI_VERSION >= NTDDI_VISTA) */ 10772 10773 #if (NTDDI_VERSION >= NTDDI_WIN7) 10774 10775 DEFINE_GUID (GUID_ECP_NFS_OPEN, 0xf326d30c, 0xe5f8, 0x4fe7, 0xab, 0x74, 0xf5, 0xa3, 0x19, 0x6d, 0x92, 0xdb); 10776 DEFINE_GUID (GUID_ECP_SRV_OPEN, 0xbebfaebc, 0xaabf, 0x489d, 0x9d, 0x2c, 0xe9, 0xe3, 0x61, 0x10, 0x28, 0x53); 10777 10778 typedef struct sockaddr_storage *PSOCKADDR_STORAGE_NFS; 10779 10780 typedef struct _NFS_OPEN_ECP_CONTEXT { 10781 PUNICODE_STRING ExportAlias; 10782 PSOCKADDR_STORAGE_NFS ClientSocketAddress; 10783 } NFS_OPEN_ECP_CONTEXT, *PNFS_OPEN_ECP_CONTEXT, **PPNFS_OPEN_ECP_CONTEXT; 10784 10785 typedef struct _SRV_OPEN_ECP_CONTEXT { 10786 PUNICODE_STRING ShareName; 10787 PSOCKADDR_STORAGE_NFS SocketAddress; 10788 BOOLEAN OplockBlockState; 10789 BOOLEAN OplockAppState; 10790 BOOLEAN OplockFinalState; 10791 } SRV_OPEN_ECP_CONTEXT, *PSRV_OPEN_ECP_CONTEXT; 10792 10793 #endif /* (NTDDI_VERSION >= NTDDI_WIN7) */ 10794 10795 #define PIN_WAIT (1) 10796 #define PIN_EXCLUSIVE (2) 10797 #define PIN_NO_READ (4) 10798 #define PIN_IF_BCB (8) 10799 #define PIN_CALLER_TRACKS_DIRTY_DATA (32) 10800 #define PIN_HIGH_PRIORITY (64) 10801 10802 #define MAP_WAIT 1 10803 #define MAP_NO_READ (16) 10804 #define MAP_HIGH_PRIORITY (64) 10805 10806 #define IOCTL_REDIR_QUERY_PATH CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 99, METHOD_NEITHER, FILE_ANY_ACCESS) 10807 #define IOCTL_REDIR_QUERY_PATH_EX CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 100, METHOD_NEITHER, FILE_ANY_ACCESS) 10808 10809 typedef struct _QUERY_PATH_REQUEST { 10810 ULONG PathNameLength; 10811 PIO_SECURITY_CONTEXT SecurityContext; 10812 WCHAR FilePathName[1]; 10813 } QUERY_PATH_REQUEST, *PQUERY_PATH_REQUEST; 10814 10815 typedef struct _QUERY_PATH_REQUEST_EX { 10816 PIO_SECURITY_CONTEXT pSecurityContext; 10817 ULONG EaLength; 10818 PVOID pEaBuffer; 10819 UNICODE_STRING PathName; 10820 UNICODE_STRING DomainServiceName; 10821 ULONG_PTR Reserved[ 3 ]; 10822 } QUERY_PATH_REQUEST_EX, *PQUERY_PATH_REQUEST_EX; 10823 10824 typedef struct _QUERY_PATH_RESPONSE { 10825 ULONG LengthAccepted; 10826 } QUERY_PATH_RESPONSE, *PQUERY_PATH_RESPONSE; 10827 10828 #define VOLSNAPCONTROLTYPE 0x00000053 10829 #define IOCTL_VOLSNAP_FLUSH_AND_HOLD_WRITES CTL_CODE(VOLSNAPCONTROLTYPE, 0, METHOD_BUFFERED, FILE_READ_ACCESS | FILE_WRITE_ACCESS) 10830 10831 /* FIXME : These definitions below don't belong here (or anywhere in ddk really) */ 10832 #pragma pack(push,4) 10833 10834 #ifndef VER_PRODUCTBUILD 10835 #define VER_PRODUCTBUILD 10000 10836 #endif 10837 10838 #include "csq.h" 10839 10840 #define FS_LFN_APIS 0x00004000 10841 10842 #define FILE_STORAGE_TYPE_SPECIFIED 0x00000041 /* FILE_DIRECTORY_FILE | FILE_NON_DIRECTORY_FILE */ 10843 #define FILE_STORAGE_TYPE_DEFAULT (StorageTypeDefault << FILE_STORAGE_TYPE_SHIFT) 10844 #define FILE_STORAGE_TYPE_DIRECTORY (StorageTypeDirectory << FILE_STORAGE_TYPE_SHIFT) 10845 #define FILE_STORAGE_TYPE_FILE (StorageTypeFile << FILE_STORAGE_TYPE_SHIFT) 10846 #define FILE_STORAGE_TYPE_DOCFILE (StorageTypeDocfile << FILE_STORAGE_TYPE_SHIFT) 10847 #define FILE_STORAGE_TYPE_JUNCTION_POINT (StorageTypeJunctionPoint << FILE_STORAGE_TYPE_SHIFT) 10848 #define FILE_STORAGE_TYPE_CATALOG (StorageTypeCatalog << FILE_STORAGE_TYPE_SHIFT) 10849 #define FILE_STORAGE_TYPE_STRUCTURED_STORAGE (StorageTypeStructuredStorage << FILE_STORAGE_TYPE_SHIFT) 10850 #define FILE_STORAGE_TYPE_EMBEDDING (StorageTypeEmbedding << FILE_STORAGE_TYPE_SHIFT) 10851 #define FILE_STORAGE_TYPE_STREAM (StorageTypeStream << FILE_STORAGE_TYPE_SHIFT) 10852 #define FILE_MINIMUM_STORAGE_TYPE FILE_STORAGE_TYPE_DEFAULT 10853 #define FILE_MAXIMUM_STORAGE_TYPE FILE_STORAGE_TYPE_STREAM 10854 #define FILE_STORAGE_TYPE_MASK 0x000f0000 10855 #define FILE_STORAGE_TYPE_SHIFT 16 10856 10857 #define FILE_VC_QUOTAS_LOG_VIOLATIONS 0x00000004 10858 10859 #ifdef _X86_ 10860 #define HARDWARE_PTE HARDWARE_PTE_X86 10861 #define PHARDWARE_PTE PHARDWARE_PTE_X86 10862 #endif 10863 10864 #define IO_ATTACH_DEVICE_API 0x80000000 10865 10866 #define IO_TYPE_APC 18 10867 #define IO_TYPE_DPC 19 10868 #define IO_TYPE_DEVICE_QUEUE 20 10869 #define IO_TYPE_EVENT_PAIR 21 10870 #define IO_TYPE_INTERRUPT 22 10871 #define IO_TYPE_PROFILE 23 10872 10873 #define IRP_BEING_VERIFIED 0x10 10874 10875 #define MAILSLOT_CLASS_FIRSTCLASS 1 10876 #define MAILSLOT_CLASS_SECONDCLASS 2 10877 10878 #define MAILSLOT_SIZE_AUTO 0 10879 10880 #define MEM_DOS_LIM 0x40000000 10881 10882 #define OB_TYPE_TYPE 1 10883 #define OB_TYPE_DIRECTORY 2 10884 #define OB_TYPE_SYMBOLIC_LINK 3 10885 #define OB_TYPE_TOKEN 4 10886 #define OB_TYPE_PROCESS 5 10887 #define OB_TYPE_THREAD 6 10888 #define OB_TYPE_EVENT 7 10889 #define OB_TYPE_EVENT_PAIR 8 10890 #define OB_TYPE_MUTANT 9 10891 #define OB_TYPE_SEMAPHORE 10 10892 #define OB_TYPE_TIMER 11 10893 #define OB_TYPE_PROFILE 12 10894 #define OB_TYPE_WINDOW_STATION 13 10895 #define OB_TYPE_DESKTOP 14 10896 #define OB_TYPE_SECTION 15 10897 #define OB_TYPE_KEY 16 10898 #define OB_TYPE_PORT 17 10899 #define OB_TYPE_ADAPTER 18 10900 #define OB_TYPE_CONTROLLER 19 10901 #define OB_TYPE_DEVICE 20 10902 #define OB_TYPE_DRIVER 21 10903 #define OB_TYPE_IO_COMPLETION 22 10904 #define OB_TYPE_FILE 23 10905 10906 #define SEC_BASED 0x00200000 10907 10908 /* end winnt.h */ 10909 10910 #define TOKEN_HAS_ADMIN_GROUP 0x08 10911 10912 #if (VER_PRODUCTBUILD >= 1381) 10913 #define FSCTL_GET_HFS_INFORMATION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 31, METHOD_BUFFERED, FILE_ANY_ACCESS) 10914 #endif /* (VER_PRODUCTBUILD >= 1381) */ 10915 10916 #if (VER_PRODUCTBUILD >= 2195) 10917 10918 #define FSCTL_READ_PROPERTY_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 33, METHOD_NEITHER, FILE_ANY_ACCESS) 10919 #define FSCTL_WRITE_PROPERTY_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 34, METHOD_NEITHER, FILE_ANY_ACCESS) 10920 10921 #define FSCTL_DUMP_PROPERTY_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 37, METHOD_NEITHER, FILE_ANY_ACCESS) 10922 10923 #define FSCTL_HSM_MSG CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 66, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA) 10924 #define FSCTL_NSS_CONTROL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 67, METHOD_BUFFERED, FILE_WRITE_DATA) 10925 #define FSCTL_HSM_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 68, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA) 10926 #define FSCTL_NSS_RCONTROL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 70, METHOD_BUFFERED, FILE_READ_DATA) 10927 #endif /* (VER_PRODUCTBUILD >= 2195) */ 10928 10929 #define FSCTL_NETWORK_SET_CONFIGURATION_INFO CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 102, METHOD_IN_DIRECT, FILE_ANY_ACCESS) 10930 #define FSCTL_NETWORK_GET_CONFIGURATION_INFO CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 103, METHOD_OUT_DIRECT, FILE_ANY_ACCESS) 10931 #define FSCTL_NETWORK_GET_CONNECTION_INFO CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 104, METHOD_NEITHER, FILE_ANY_ACCESS) 10932 #define FSCTL_NETWORK_ENUMERATE_CONNECTIONS CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 105, METHOD_NEITHER, FILE_ANY_ACCESS) 10933 #define FSCTL_NETWORK_DELETE_CONNECTION CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 107, METHOD_BUFFERED, FILE_ANY_ACCESS) 10934 #define FSCTL_NETWORK_GET_STATISTICS CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 116, METHOD_BUFFERED, FILE_ANY_ACCESS) 10935 #define FSCTL_NETWORK_SET_DOMAIN_NAME CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 120, METHOD_BUFFERED, FILE_ANY_ACCESS) 10936 #define FSCTL_NETWORK_REMOTE_BOOT_INIT_SCRT CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 250, METHOD_BUFFERED, FILE_ANY_ACCESS) 10937 10938 typedef enum _FILE_STORAGE_TYPE { 10939 StorageTypeDefault = 1, 10940 StorageTypeDirectory, 10941 StorageTypeFile, 10942 StorageTypeJunctionPoint, 10943 StorageTypeCatalog, 10944 StorageTypeStructuredStorage, 10945 StorageTypeEmbedding, 10946 StorageTypeStream 10947 } FILE_STORAGE_TYPE; 10948 10949 typedef struct _OBJECT_BASIC_INFORMATION 10950 { 10951 ULONG Attributes; 10952 ACCESS_MASK GrantedAccess; 10953 ULONG HandleCount; 10954 ULONG PointerCount; 10955 ULONG PagedPoolCharge; 10956 ULONG NonPagedPoolCharge; 10957 ULONG Reserved[ 3 ]; 10958 ULONG NameInfoSize; 10959 ULONG TypeInfoSize; 10960 ULONG SecurityDescriptorSize; 10961 LARGE_INTEGER CreationTime; 10962 } OBJECT_BASIC_INFORMATION, *POBJECT_BASIC_INFORMATION; 10963 10964 typedef struct _BITMAP_RANGE { 10965 LIST_ENTRY Links; 10966 LONGLONG BasePage; 10967 ULONG FirstDirtyPage; 10968 ULONG LastDirtyPage; 10969 ULONG DirtyPages; 10970 PULONG Bitmap; 10971 } BITMAP_RANGE, *PBITMAP_RANGE; 10972 10973 typedef struct _FILE_COPY_ON_WRITE_INFORMATION { 10974 BOOLEAN ReplaceIfExists; 10975 HANDLE RootDirectory; 10976 ULONG FileNameLength; 10977 WCHAR FileName[1]; 10978 } FILE_COPY_ON_WRITE_INFORMATION, *PFILE_COPY_ON_WRITE_INFORMATION; 10979 10980 typedef struct _FILE_FULL_DIRECTORY_INFORMATION { 10981 ULONG NextEntryOffset; 10982 ULONG FileIndex; 10983 LARGE_INTEGER CreationTime; 10984 LARGE_INTEGER LastAccessTime; 10985 LARGE_INTEGER LastWriteTime; 10986 LARGE_INTEGER ChangeTime; 10987 LARGE_INTEGER EndOfFile; 10988 LARGE_INTEGER AllocationSize; 10989 ULONG FileAttributes; 10990 ULONG FileNameLength; 10991 ULONG EaSize; 10992 WCHAR FileName[ANYSIZE_ARRAY]; 10993 } FILE_FULL_DIRECTORY_INFORMATION, *PFILE_FULL_DIRECTORY_INFORMATION; 10994 10995 /* raw internal file lock struct returned from FsRtlGetNextFileLock */ 10996 typedef struct _FILE_SHARED_LOCK_ENTRY { 10997 PVOID Unknown1; 10998 PVOID Unknown2; 10999 FILE_LOCK_INFO FileLock; 11000 } FILE_SHARED_LOCK_ENTRY, *PFILE_SHARED_LOCK_ENTRY; 11001 11002 /* raw internal file lock struct returned from FsRtlGetNextFileLock */ 11003 typedef struct _FILE_EXCLUSIVE_LOCK_ENTRY { 11004 LIST_ENTRY ListEntry; 11005 PVOID Unknown1; 11006 PVOID Unknown2; 11007 FILE_LOCK_INFO FileLock; 11008 } FILE_EXCLUSIVE_LOCK_ENTRY, *PFILE_EXCLUSIVE_LOCK_ENTRY; 11009 11010 typedef struct _FILE_MAILSLOT_PEEK_BUFFER { 11011 ULONG ReadDataAvailable; 11012 ULONG NumberOfMessages; 11013 ULONG MessageLength; 11014 } FILE_MAILSLOT_PEEK_BUFFER, *PFILE_MAILSLOT_PEEK_BUFFER; 11015 11016 typedef struct _FILE_OLE_CLASSID_INFORMATION { 11017 GUID ClassId; 11018 } FILE_OLE_CLASSID_INFORMATION, *PFILE_OLE_CLASSID_INFORMATION; 11019 11020 typedef struct _FILE_OLE_ALL_INFORMATION { 11021 FILE_BASIC_INFORMATION BasicInformation; 11022 FILE_STANDARD_INFORMATION StandardInformation; 11023 FILE_INTERNAL_INFORMATION InternalInformation; 11024 FILE_EA_INFORMATION EaInformation; 11025 FILE_ACCESS_INFORMATION AccessInformation; 11026 FILE_POSITION_INFORMATION PositionInformation; 11027 FILE_MODE_INFORMATION ModeInformation; 11028 FILE_ALIGNMENT_INFORMATION AlignmentInformation; 11029 USN LastChangeUsn; 11030 USN ReplicationUsn; 11031 LARGE_INTEGER SecurityChangeTime; 11032 FILE_OLE_CLASSID_INFORMATION OleClassIdInformation; 11033 FILE_OBJECTID_INFORMATION ObjectIdInformation; 11034 FILE_STORAGE_TYPE StorageType; 11035 ULONG OleStateBits; 11036 ULONG OleId; 11037 ULONG NumberOfStreamReferences; 11038 ULONG StreamIndex; 11039 ULONG SecurityId; 11040 BOOLEAN ContentIndexDisable; 11041 BOOLEAN InheritContentIndexDisable; 11042 FILE_NAME_INFORMATION NameInformation; 11043 } FILE_OLE_ALL_INFORMATION, *PFILE_OLE_ALL_INFORMATION; 11044 11045 typedef struct _FILE_OLE_DIR_INFORMATION { 11046 ULONG NextEntryOffset; 11047 ULONG FileIndex; 11048 LARGE_INTEGER CreationTime; 11049 LARGE_INTEGER LastAccessTime; 11050 LARGE_INTEGER LastWriteTime; 11051 LARGE_INTEGER ChangeTime; 11052 LARGE_INTEGER EndOfFile; 11053 LARGE_INTEGER AllocationSize; 11054 ULONG FileAttributes; 11055 ULONG FileNameLength; 11056 FILE_STORAGE_TYPE StorageType; 11057 GUID OleClassId; 11058 ULONG OleStateBits; 11059 BOOLEAN ContentIndexDisable; 11060 BOOLEAN InheritContentIndexDisable; 11061 WCHAR FileName[1]; 11062 } FILE_OLE_DIR_INFORMATION, *PFILE_OLE_DIR_INFORMATION; 11063 11064 typedef struct _FILE_OLE_INFORMATION { 11065 LARGE_INTEGER SecurityChangeTime; 11066 FILE_OLE_CLASSID_INFORMATION OleClassIdInformation; 11067 FILE_OBJECTID_INFORMATION ObjectIdInformation; 11068 FILE_STORAGE_TYPE StorageType; 11069 ULONG OleStateBits; 11070 BOOLEAN ContentIndexDisable; 11071 BOOLEAN InheritContentIndexDisable; 11072 } FILE_OLE_INFORMATION, *PFILE_OLE_INFORMATION; 11073 11074 typedef struct _FILE_OLE_STATE_BITS_INFORMATION { 11075 ULONG StateBits; 11076 ULONG StateBitsMask; 11077 } FILE_OLE_STATE_BITS_INFORMATION, *PFILE_OLE_STATE_BITS_INFORMATION; 11078 11079 typedef struct _MAPPING_PAIR { 11080 ULONGLONG Vcn; 11081 ULONGLONG Lcn; 11082 } MAPPING_PAIR, *PMAPPING_PAIR; 11083 11084 typedef struct _GET_RETRIEVAL_DESCRIPTOR { 11085 ULONG NumberOfPairs; 11086 ULONGLONG StartVcn; 11087 MAPPING_PAIR Pair[1]; 11088 } GET_RETRIEVAL_DESCRIPTOR, *PGET_RETRIEVAL_DESCRIPTOR; 11089 11090 typedef struct _MBCB { 11091 CSHORT NodeTypeCode; 11092 CSHORT NodeIsInZone; 11093 ULONG PagesToWrite; 11094 ULONG DirtyPages; 11095 ULONG Reserved; 11096 LIST_ENTRY BitmapRanges; 11097 LONGLONG ResumeWritePage; 11098 BITMAP_RANGE BitmapRange1; 11099 BITMAP_RANGE BitmapRange2; 11100 BITMAP_RANGE BitmapRange3; 11101 } MBCB, *PMBCB; 11102 11103 typedef struct _MOVEFILE_DESCRIPTOR { 11104 HANDLE FileHandle; 11105 ULONG Reserved; 11106 LARGE_INTEGER StartVcn; 11107 LARGE_INTEGER TargetLcn; 11108 ULONG NumVcns; 11109 ULONG Reserved1; 11110 } MOVEFILE_DESCRIPTOR, *PMOVEFILE_DESCRIPTOR; 11111 11112 typedef struct _OBJECT_BASIC_INFO { 11113 ULONG Attributes; 11114 ACCESS_MASK GrantedAccess; 11115 ULONG HandleCount; 11116 ULONG ReferenceCount; 11117 ULONG PagedPoolUsage; 11118 ULONG NonPagedPoolUsage; 11119 ULONG Reserved[3]; 11120 ULONG NameInformationLength; 11121 ULONG TypeInformationLength; 11122 ULONG SecurityDescriptorLength; 11123 LARGE_INTEGER CreateTime; 11124 } OBJECT_BASIC_INFO, *POBJECT_BASIC_INFO; 11125 11126 typedef struct _OBJECT_HANDLE_ATTRIBUTE_INFO { 11127 BOOLEAN Inherit; 11128 BOOLEAN ProtectFromClose; 11129 } OBJECT_HANDLE_ATTRIBUTE_INFO, *POBJECT_HANDLE_ATTRIBUTE_INFO; 11130 11131 typedef struct _OBJECT_NAME_INFO { 11132 UNICODE_STRING ObjectName; 11133 WCHAR ObjectNameBuffer[1]; 11134 } OBJECT_NAME_INFO, *POBJECT_NAME_INFO; 11135 11136 typedef struct _OBJECT_PROTECTION_INFO { 11137 BOOLEAN Inherit; 11138 BOOLEAN ProtectHandle; 11139 } OBJECT_PROTECTION_INFO, *POBJECT_PROTECTION_INFO; 11140 11141 typedef struct _OBJECT_TYPE_INFO { 11142 UNICODE_STRING ObjectTypeName; 11143 UCHAR Unknown[0x58]; 11144 WCHAR ObjectTypeNameBuffer[1]; 11145 } OBJECT_TYPE_INFO, *POBJECT_TYPE_INFO; 11146 11147 typedef struct _OBJECT_ALL_TYPES_INFO { 11148 ULONG NumberOfObjectTypes; 11149 OBJECT_TYPE_INFO ObjectsTypeInfo[1]; 11150 } OBJECT_ALL_TYPES_INFO, *POBJECT_ALL_TYPES_INFO; 11151 11152 #if defined(USE_LPC6432) 11153 #define LPC_CLIENT_ID CLIENT_ID64 11154 #define LPC_SIZE_T ULONGLONG 11155 #define LPC_PVOID ULONGLONG 11156 #define LPC_HANDLE ULONGLONG 11157 #else 11158 #define LPC_CLIENT_ID CLIENT_ID 11159 #define LPC_SIZE_T SIZE_T 11160 #define LPC_PVOID PVOID 11161 #define LPC_HANDLE HANDLE 11162 #endif 11163 11164 typedef struct _PORT_MESSAGE 11165 { 11166 union 11167 { 11168 struct 11169 { 11170 CSHORT DataLength; 11171 CSHORT TotalLength; 11172 } s1; 11173 ULONG Length; 11174 } u1; 11175 union 11176 { 11177 struct 11178 { 11179 CSHORT Type; 11180 CSHORT DataInfoOffset; 11181 } s2; 11182 ULONG ZeroInit; 11183 } u2; 11184 __GNU_EXTENSION union 11185 { 11186 LPC_CLIENT_ID ClientId; 11187 double DoNotUseThisField; 11188 }; 11189 ULONG MessageId; 11190 __GNU_EXTENSION union 11191 { 11192 LPC_SIZE_T ClientViewSize; 11193 ULONG CallbackId; 11194 }; 11195 } PORT_MESSAGE, *PPORT_MESSAGE; 11196 11197 #define LPC_KERNELMODE_MESSAGE (CSHORT)((USHORT)0x8000) 11198 11199 typedef struct _PORT_VIEW 11200 { 11201 ULONG Length; 11202 LPC_HANDLE SectionHandle; 11203 ULONG SectionOffset; 11204 LPC_SIZE_T ViewSize; 11205 LPC_PVOID ViewBase; 11206 LPC_PVOID ViewRemoteBase; 11207 } PORT_VIEW, *PPORT_VIEW; 11208 11209 typedef struct _REMOTE_PORT_VIEW 11210 { 11211 ULONG Length; 11212 LPC_SIZE_T ViewSize; 11213 LPC_PVOID ViewBase; 11214 } REMOTE_PORT_VIEW, *PREMOTE_PORT_VIEW; 11215 11216 typedef struct _VAD_HEADER { 11217 PVOID StartVPN; 11218 PVOID EndVPN; 11219 struct _VAD_HEADER* ParentLink; 11220 struct _VAD_HEADER* LeftLink; 11221 struct _VAD_HEADER* RightLink; 11222 ULONG Flags; /* LSB = CommitCharge */ 11223 PVOID ControlArea; 11224 PVOID FirstProtoPte; 11225 PVOID LastPTE; 11226 ULONG Unknown; 11227 LIST_ENTRY Secured; 11228 } VAD_HEADER, *PVAD_HEADER; 11229 11230 NTKERNELAPI 11231 LARGE_INTEGER 11232 NTAPI 11233 CcGetLsnForFileObject ( 11234 IN PFILE_OBJECT FileObject, 11235 OUT PLARGE_INTEGER OldestLsn OPTIONAL 11236 ); 11237 11238 NTKERNELAPI 11239 PVOID 11240 NTAPI 11241 FsRtlAllocatePool ( 11242 IN POOL_TYPE PoolType, 11243 IN ULONG NumberOfBytes 11244 ); 11245 11246 NTKERNELAPI 11247 PVOID 11248 NTAPI 11249 FsRtlAllocatePoolWithQuota ( 11250 IN POOL_TYPE PoolType, 11251 IN ULONG NumberOfBytes 11252 ); 11253 11254 NTKERNELAPI 11255 PVOID 11256 NTAPI 11257 FsRtlAllocatePoolWithQuotaTag ( 11258 IN POOL_TYPE PoolType, 11259 IN ULONG NumberOfBytes, 11260 IN ULONG Tag 11261 ); 11262 11263 NTKERNELAPI 11264 PVOID 11265 NTAPI 11266 FsRtlAllocatePoolWithTag ( 11267 IN POOL_TYPE PoolType, 11268 IN ULONG NumberOfBytes, 11269 IN ULONG Tag 11270 ); 11271 11272 NTKERNELAPI 11273 BOOLEAN 11274 NTAPI 11275 FsRtlMdlReadComplete ( 11276 IN PFILE_OBJECT FileObject, 11277 IN PMDL MdlChain 11278 ); 11279 11280 NTKERNELAPI 11281 BOOLEAN 11282 NTAPI 11283 FsRtlMdlWriteComplete ( 11284 IN PFILE_OBJECT FileObject, 11285 IN PLARGE_INTEGER FileOffset, 11286 IN PMDL MdlChain 11287 ); 11288 11289 NTKERNELAPI 11290 VOID 11291 NTAPI 11292 FsRtlNotifyChangeDirectory ( 11293 IN PNOTIFY_SYNC NotifySync, 11294 IN PVOID FsContext, 11295 IN PSTRING FullDirectoryName, 11296 IN PLIST_ENTRY NotifyList, 11297 IN BOOLEAN WatchTree, 11298 IN ULONG CompletionFilter, 11299 IN PIRP NotifyIrp 11300 ); 11301 11302 NTKERNELAPI 11303 NTSTATUS 11304 NTAPI 11305 ObCreateObject ( 11306 IN KPROCESSOR_MODE ObjectAttributesAccessMode OPTIONAL, 11307 IN POBJECT_TYPE ObjectType, 11308 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, 11309 IN KPROCESSOR_MODE AccessMode, 11310 IN OUT PVOID ParseContext OPTIONAL, 11311 IN ULONG ObjectSize, 11312 IN ULONG PagedPoolCharge OPTIONAL, 11313 IN ULONG NonPagedPoolCharge OPTIONAL, 11314 OUT PVOID *Object 11315 ); 11316 11317 NTKERNELAPI 11318 ULONG 11319 NTAPI 11320 ObGetObjectPointerCount ( 11321 IN PVOID Object 11322 ); 11323 11324 NTKERNELAPI 11325 NTSTATUS 11326 NTAPI 11327 ObReferenceObjectByName ( 11328 IN PUNICODE_STRING ObjectName, 11329 IN ULONG Attributes, 11330 IN PACCESS_STATE PassedAccessState OPTIONAL, 11331 IN ACCESS_MASK DesiredAccess OPTIONAL, 11332 IN POBJECT_TYPE ObjectType, 11333 IN KPROCESSOR_MODE AccessMode, 11334 IN OUT PVOID ParseContext OPTIONAL, 11335 OUT PVOID *Object 11336 ); 11337 11338 #define PsDereferenceImpersonationToken(T) \ 11339 {if (ARGUMENT_PRESENT(T)) { \ 11340 (ObDereferenceObject((T))); \ 11341 } else { \ 11342 ; \ 11343 } \ 11344 } 11345 11346 NTKERNELAPI 11347 NTSTATUS 11348 NTAPI 11349 PsLookupProcessThreadByCid ( 11350 IN PCLIENT_ID Cid, 11351 OUT PEPROCESS *Process OPTIONAL, 11352 OUT PETHREAD *Thread 11353 ); 11354 11355 NTSYSAPI 11356 NTSTATUS 11357 NTAPI 11358 RtlSetSaclSecurityDescriptor ( 11359 IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor, 11360 IN BOOLEAN SaclPresent, 11361 IN PACL Sacl, 11362 IN BOOLEAN SaclDefaulted 11363 ); 11364 11365 #define SeEnableAccessToExports() SeExports = *(PSE_EXPORTS *)SeExports; 11366 11367 #if (VER_PRODUCTBUILD >= 2195) 11368 11369 NTSYSAPI 11370 NTSTATUS 11371 NTAPI 11372 ZwAdjustPrivilegesToken ( 11373 IN HANDLE TokenHandle, 11374 IN BOOLEAN DisableAllPrivileges, 11375 IN PTOKEN_PRIVILEGES NewState, 11376 IN ULONG BufferLength, 11377 OUT PTOKEN_PRIVILEGES PreviousState OPTIONAL, 11378 OUT PULONG ReturnLength 11379 ); 11380 11381 #endif /* (VER_PRODUCTBUILD >= 2195) */ 11382 11383 NTSYSAPI 11384 NTSTATUS 11385 NTAPI 11386 ZwAlertThread ( 11387 IN HANDLE ThreadHandle 11388 ); 11389 11390 NTSYSAPI 11391 NTSTATUS 11392 NTAPI 11393 ZwAccessCheckAndAuditAlarm ( 11394 IN PUNICODE_STRING SubsystemName, 11395 IN PVOID HandleId, 11396 IN PUNICODE_STRING ObjectTypeName, 11397 IN PUNICODE_STRING ObjectName, 11398 IN PSECURITY_DESCRIPTOR SecurityDescriptor, 11399 IN ACCESS_MASK DesiredAccess, 11400 IN PGENERIC_MAPPING GenericMapping, 11401 IN BOOLEAN ObjectCreation, 11402 OUT PACCESS_MASK GrantedAccess, 11403 OUT PBOOLEAN AccessStatus, 11404 OUT PBOOLEAN GenerateOnClose 11405 ); 11406 11407 #if (VER_PRODUCTBUILD >= 2195) 11408 11409 NTSYSAPI 11410 NTSTATUS 11411 NTAPI 11412 ZwCancelIoFile ( 11413 IN HANDLE FileHandle, 11414 OUT PIO_STATUS_BLOCK IoStatusBlock 11415 ); 11416 11417 #endif /* (VER_PRODUCTBUILD >= 2195) */ 11418 11419 NTSYSAPI 11420 NTSTATUS 11421 NTAPI 11422 ZwClearEvent ( 11423 IN HANDLE EventHandle 11424 ); 11425 11426 NTSYSAPI 11427 NTSTATUS 11428 NTAPI 11429 ZwCloseObjectAuditAlarm ( 11430 IN PUNICODE_STRING SubsystemName, 11431 IN PVOID HandleId, 11432 IN BOOLEAN GenerateOnClose 11433 ); 11434 11435 NTSYSAPI 11436 NTSTATUS 11437 NTAPI 11438 ZwCreateSymbolicLinkObject ( 11439 OUT PHANDLE SymbolicLinkHandle, 11440 IN ACCESS_MASK DesiredAccess, 11441 IN POBJECT_ATTRIBUTES ObjectAttributes, 11442 IN PUNICODE_STRING TargetName 11443 ); 11444 11445 NTSYSAPI 11446 NTSTATUS 11447 NTAPI 11448 ZwFlushInstructionCache ( 11449 IN HANDLE ProcessHandle, 11450 IN PVOID BaseAddress OPTIONAL, 11451 IN ULONG FlushSize 11452 ); 11453 11454 NTSYSAPI 11455 NTSTATUS 11456 NTAPI 11457 ZwFlushBuffersFile( 11458 IN HANDLE FileHandle, 11459 OUT PIO_STATUS_BLOCK IoStatusBlock 11460 ); 11461 11462 #if (VER_PRODUCTBUILD >= 2195) 11463 11464 NTSYSAPI 11465 NTSTATUS 11466 NTAPI 11467 ZwInitiatePowerAction ( 11468 IN POWER_ACTION SystemAction, 11469 IN SYSTEM_POWER_STATE MinSystemState, 11470 IN ULONG Flags, 11471 IN BOOLEAN Asynchronous 11472 ); 11473 11474 #endif /* (VER_PRODUCTBUILD >= 2195) */ 11475 11476 NTSYSAPI 11477 NTSTATUS 11478 NTAPI 11479 ZwLoadKey ( 11480 IN POBJECT_ATTRIBUTES KeyObjectAttributes, 11481 IN POBJECT_ATTRIBUTES FileObjectAttributes 11482 ); 11483 11484 NTSYSAPI 11485 NTSTATUS 11486 NTAPI 11487 ZwOpenProcessToken ( 11488 IN HANDLE ProcessHandle, 11489 IN ACCESS_MASK DesiredAccess, 11490 OUT PHANDLE TokenHandle 11491 ); 11492 11493 NTSYSAPI 11494 NTSTATUS 11495 NTAPI 11496 ZwOpenThread ( 11497 OUT PHANDLE ThreadHandle, 11498 IN ACCESS_MASK DesiredAccess, 11499 IN POBJECT_ATTRIBUTES ObjectAttributes, 11500 IN PCLIENT_ID ClientId 11501 ); 11502 11503 NTSYSAPI 11504 NTSTATUS 11505 NTAPI 11506 ZwOpenThreadToken ( 11507 IN HANDLE ThreadHandle, 11508 IN ACCESS_MASK DesiredAccess, 11509 IN BOOLEAN OpenAsSelf, 11510 OUT PHANDLE TokenHandle 11511 ); 11512 11513 NTSYSAPI 11514 NTSTATUS 11515 NTAPI 11516 ZwPulseEvent ( 11517 IN HANDLE EventHandle, 11518 OUT PLONG PreviousState OPTIONAL 11519 ); 11520 11521 NTSYSAPI 11522 NTSTATUS 11523 NTAPI 11524 ZwQueryDefaultLocale ( 11525 IN BOOLEAN ThreadOrSystem, 11526 OUT PLCID Locale 11527 ); 11528 11529 #if (VER_PRODUCTBUILD >= 2195) 11530 11531 NTSYSAPI 11532 NTSTATUS 11533 NTAPI 11534 ZwQueryDirectoryObject ( 11535 IN HANDLE DirectoryHandle, 11536 OUT PVOID Buffer, 11537 IN ULONG Length, 11538 IN BOOLEAN ReturnSingleEntry, 11539 IN BOOLEAN RestartScan, 11540 IN OUT PULONG Context, 11541 OUT PULONG ReturnLength OPTIONAL 11542 ); 11543 11544 #endif /* (VER_PRODUCTBUILD >= 2195) */ 11545 11546 NTSYSAPI 11547 NTSTATUS 11548 NTAPI 11549 ZwQueryInformationProcess ( 11550 IN HANDLE ProcessHandle, 11551 IN PROCESSINFOCLASS ProcessInformationClass, 11552 OUT PVOID ProcessInformation, 11553 IN ULONG ProcessInformationLength, 11554 OUT PULONG ReturnLength OPTIONAL 11555 ); 11556 11557 NTSYSAPI 11558 NTSTATUS 11559 NTAPI 11560 ZwReplaceKey ( 11561 IN POBJECT_ATTRIBUTES NewFileObjectAttributes, 11562 IN HANDLE KeyHandle, 11563 IN POBJECT_ATTRIBUTES OldFileObjectAttributes 11564 ); 11565 11566 NTSYSAPI 11567 NTSTATUS 11568 NTAPI 11569 ZwResetEvent ( 11570 IN HANDLE EventHandle, 11571 OUT PLONG PreviousState OPTIONAL 11572 ); 11573 11574 #if (VER_PRODUCTBUILD >= 2195) 11575 11576 NTSYSAPI 11577 NTSTATUS 11578 NTAPI 11579 ZwRestoreKey ( 11580 IN HANDLE KeyHandle, 11581 IN HANDLE FileHandle, 11582 IN ULONG Flags 11583 ); 11584 11585 #endif /* (VER_PRODUCTBUILD >= 2195) */ 11586 11587 NTSYSAPI 11588 NTSTATUS 11589 NTAPI 11590 ZwSaveKey ( 11591 IN HANDLE KeyHandle, 11592 IN HANDLE FileHandle 11593 ); 11594 11595 NTSYSAPI 11596 NTSTATUS 11597 NTAPI 11598 ZwSetDefaultLocale ( 11599 IN BOOLEAN ThreadOrSystem, 11600 IN LCID Locale 11601 ); 11602 11603 #if (VER_PRODUCTBUILD >= 2195) 11604 11605 NTSYSAPI 11606 NTSTATUS 11607 NTAPI 11608 ZwSetDefaultUILanguage ( 11609 IN LANGID LanguageId 11610 ); 11611 11612 #endif /* (VER_PRODUCTBUILD >= 2195) */ 11613 11614 NTSYSAPI 11615 NTSTATUS 11616 NTAPI 11617 ZwSetInformationProcess ( 11618 IN HANDLE ProcessHandle, 11619 IN PROCESSINFOCLASS ProcessInformationClass, 11620 IN PVOID ProcessInformation, 11621 IN ULONG ProcessInformationLength 11622 ); 11623 11624 NTSYSAPI 11625 NTSTATUS 11626 NTAPI 11627 ZwSetSystemTime ( 11628 IN PLARGE_INTEGER NewTime, 11629 OUT PLARGE_INTEGER OldTime OPTIONAL 11630 ); 11631 11632 NTSYSAPI 11633 NTSTATUS 11634 NTAPI 11635 ZwUnloadKey ( 11636 IN POBJECT_ATTRIBUTES KeyObjectAttributes 11637 ); 11638 11639 NTSYSAPI 11640 NTSTATUS 11641 NTAPI 11642 ZwWaitForMultipleObjects ( 11643 IN ULONG HandleCount, 11644 IN PHANDLE Handles, 11645 IN WAIT_TYPE WaitType, 11646 IN BOOLEAN Alertable, 11647 IN PLARGE_INTEGER Timeout OPTIONAL 11648 ); 11649 11650 NTSYSAPI 11651 NTSTATUS 11652 NTAPI 11653 ZwYieldExecution ( 11654 VOID 11655 ); 11656 11657 #pragma pack(pop) 11658 11659 #ifdef __cplusplus 11660 } 11661 #endif
Generated on Sun May 27 2012 04:30:13 for ReactOS by
1.7.6.1
