#include <ntddk.h>
#include <excpt.h>
#include <ntdef.h>
#include <ntnls.h>
#include <ntstatus.h>
#include <bugcodes.h>
#include <ntiologc.h>
#include <guiddef.h>
#include "csq.h"

Include dependency graph for ntifs.template.h:

Go to the source code of this file.

Classes
struct	_MSV1_0_INTERACTIVE_LOGON

struct	_MSV1_0_INTERACTIVE_PROFILE

struct	_MSV1_0_LM20_LOGON

struct	_MSV1_0_SUBAUTH_LOGON

struct	_MSV1_0_LM20_LOGON_PROFILE

struct	_MSV1_0_SUPPLEMENTAL_CREDENTIAL

struct	_MSV1_0_NTLM3_RESPONSE

struct	_MSV1_0_AV_PAIR

struct	_MSV1_0_LM20_CHALLENGE_REQUEST

struct	_MSV1_0_LM20_CHALLENGE_RESPONSE

struct	_MSV1_0_GETCHALLENRESP_REQUEST_V1

struct	_MSV1_0_GETCHALLENRESP_REQUEST

struct	_MSV1_0_GETCHALLENRESP_RESPONSE

struct	_MSV1_0_ENUMUSERS_REQUEST

struct	_MSV1_0_ENUMUSERS_RESPONSE

struct	_MSV1_0_GETUSERINFO_REQUEST

struct	_MSV1_0_GETUSERINFO_RESPONSE

struct	_PUBLIC_OBJECT_TYPE_INFORMATION

struct	_NETWORK_OPEN_ECP_CONTEXT

struct	_NETWORK_OPEN_ECP_CONTEXT_V0

struct	_PREFETCH_OPEN_ECP_CONTEXT

struct	_NFS_OPEN_ECP_CONTEXT

struct	_SRV_OPEN_ECP_CONTEXT

struct	_QUERY_PATH_REQUEST

struct	_QUERY_PATH_REQUEST_EX

struct	_QUERY_PATH_RESPONSE

struct	_OBJECT_BASIC_INFORMATION

struct	_FILE_COPY_ON_WRITE_INFORMATION

struct	_FILE_FULL_DIRECTORY_INFORMATION

struct	_FILE_SHARED_LOCK_ENTRY

struct	_FILE_EXCLUSIVE_LOCK_ENTRY

struct	_FILE_MAILSLOT_PEEK_BUFFER

struct	_FILE_OLE_CLASSID_INFORMATION

struct	_FILE_OLE_ALL_INFORMATION

struct	_FILE_OLE_DIR_INFORMATION

struct	_FILE_OLE_INFORMATION

struct	_FILE_OLE_STATE_BITS_INFORMATION

struct	_MAPPING_PAIR

struct	_GET_RETRIEVAL_DESCRIPTOR

struct	_MOVEFILE_DESCRIPTOR

struct	_OBJECT_BASIC_INFO

struct	_OBJECT_HANDLE_ATTRIBUTE_INFO

struct	_OBJECT_NAME_INFO

struct	_OBJECT_PROTECTION_INFO

struct	_OBJECT_TYPE_INFO

struct	_OBJECT_ALL_TYPES_INFO

struct	_PORT_MESSAGE

struct	_PORT_VIEW

struct	_REMOTE_PORT_VIEW

struct	_VAD_HEADER

Macros
#define	_NTIFS_INCLUDED_

#define	_GNU_NTIFS_

#define	FlagOn(_F, _SF) ((_F) & (_SF))

#define	BooleanFlagOn(F, SF) ((BOOLEAN)(((F) & (SF)) != 0))

#define	SetFlag(_F, _SF) ((_F) \|= (_SF))

#define	ClearFlag(_F, _SF) ((_F) &= ~(_SF))

#define	COMPRESSION_FORMAT_NONE (0x0000)

#define	COMPRESSION_FORMAT_DEFAULT (0x0001)

#define	COMPRESSION_FORMAT_LZNT1 (0x0002)

#define	COMPRESSION_ENGINE_STANDARD (0x0000)

#define	COMPRESSION_ENGINE_MAXIMUM (0x0100)

#define	COMPRESSION_ENGINE_HIBER (0x0200)

#define	MAX_UNICODE_STACK_BUFFER_LENGTH 256

#define	METHOD_FROM_CTL_CODE(ctrlCode) ((ULONG)(ctrlCode & 3))

#define	METHOD_DIRECT_TO_HARDWARE METHOD_IN_DIRECT

#define	METHOD_DIRECT_FROM_HARDWARE METHOD_OUT_DIRECT

#define	_NTLSA_AUDIT_

#define	_NTLSA_IFS_

#define	MSV1_0_PACKAGE_NAME "MICROSOFT_AUTHENTICATION_PACKAGE_V1_0"

#define	MSV1_0_PACKAGE_NAMEW L"MICROSOFT_AUTHENTICATION_PACKAGE_V1_0"

#define	MSV1_0_PACKAGE_NAMEW_LENGTH sizeof(MSV1_0_PACKAGE_NAMEW) - sizeof(WCHAR)

#define	MSV1_0_SUBAUTHENTICATION_KEY "SYSTEM\\CurrentControlSet\\Control\\Lsa\\MSV1_0"

#define	MSV1_0_SUBAUTHENTICATION_VALUE "Auth"

#define	MSV1_0_CHALLENGE_LENGTH 8

#define	MSV1_0_USER_SESSION_KEY_LENGTH 16

#define	MSV1_0_LANMAN_SESSION_KEY_LENGTH 8

#define	MSV1_0_CLEARTEXT_PASSWORD_ALLOWED 0x02

#define	MSV1_0_UPDATE_LOGON_STATISTICS 0x04

#define	MSV1_0_RETURN_USER_PARAMETERS 0x08

#define	MSV1_0_DONT_TRY_GUEST_ACCOUNT 0x10

#define	MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT 0x20

#define	MSV1_0_RETURN_PASSWORD_EXPIRY 0x40

#define	MSV1_0_USE_CLIENT_CHALLENGE 0x80

#define	MSV1_0_TRY_GUEST_ACCOUNT_ONLY 0x100

#define	MSV1_0_RETURN_PROFILE_PATH 0x200

#define	MSV1_0_TRY_SPECIFIED_DOMAIN_ONLY 0x400

#define	MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT 0x800

#define	MSV1_0_DISABLE_PERSONAL_FALLBACK 0x00001000

#define	MSV1_0_ALLOW_FORCE_GUEST 0x00002000

#define	MSV1_0_SUBAUTHENTICATION_DLL_EX 0x00100000

#define	MSV1_0_ALLOW_MSVCHAPV2 0x00010000

#define	MSV1_0_SUBAUTHENTICATION_DLL 0xFF000000

#define	MSV1_0_SUBAUTHENTICATION_DLL_SHIFT 24

#define	MSV1_0_MNS_LOGON 0x01000000

#define	MSV1_0_SUBAUTHENTICATION_DLL_RAS 2

#define	MSV1_0_SUBAUTHENTICATION_DLL_IIS 132

#define	LOGON_GUEST 0x01

#define	LOGON_NOENCRYPTION 0x02

#define	LOGON_CACHED_ACCOUNT 0x04

#define	LOGON_USED_LM_PASSWORD 0x08

#define	LOGON_EXTRA_SIDS 0x20

#define	LOGON_SUBAUTH_SESSION_KEY 0x40

#define	LOGON_SERVER_TRUST_ACCOUNT 0x80

#define	LOGON_NTLMV2_ENABLED 0x100

#define	LOGON_RESOURCE_GROUPS 0x200

#define	LOGON_PROFILE_PATH_RETURNED 0x400

#define	LOGON_NT_V2 0x800

#define	LOGON_LM_V2 0x1000

#define	LOGON_NTLM_V2 0x2000

#define	MSV1_0_SUBAUTHENTICATION_FLAGS 0xFF000000

#define	LOGON_GRACE_LOGON 0x01000000

#define	MSV1_0_OWF_PASSWORD_LENGTH 16

#define	MSV1_0_CRED_LM_PRESENT 0x1

#define	MSV1_0_CRED_NT_PRESENT 0x2

#define	MSV1_0_CRED_VERSION 0

#define	MSV1_0_NTLM3_RESPONSE_LENGTH 16

#define	MSV1_0_NTLM3_OWF_LENGTH 16

#define	MSV1_0_MAX_NTLM3_LIFE 129600

#define	MSV1_0_MAX_AVL_SIZE 64000

#define	MSV1_0_NTLM3_INPUT_LENGTH (sizeof(MSV1_0_NTLM3_RESPONSE) - MSV1_0_NTLM3_RESPONSE_LENGTH)

#define	USE_PRIMARY_PASSWORD 0x01

#define	RETURN_PRIMARY_USERNAME 0x02

#define	RETURN_PRIMARY_LOGON_DOMAINNAME 0x04

#define	RETURN_NON_NT_USER_SESSION_KEY 0x08

#define	GENERATE_CLIENT_CHALLENGE 0x10

#define	GCR_NTLM3_PARMS 0x20

#define	GCR_TARGET_INFO 0x40

#define	RETURN_RESERVED_PARAMETER 0x80

#define	GCR_ALLOW_NTLM 0x100

#define	GCR_USE_OEM_SET 0x200

#define	GCR_MACHINE_CREDENTIAL 0x400

#define	GCR_USE_OWF_PASSWORD 0x800

#define	GCR_ALLOW_LM 0x1000

#define	GCR_ALLOW_NO_TARGET 0x2000

#define	SYSTEM_PAGE_PRIORITY_BITS 3

#define	SYSTEM_PAGE_PRIORITY_LEVELS (1 << SYSTEM_PAGE_PRIORITY_BITS)

#define	NLS_OEM_LEAD_BYTE_INFO (*NlsOemLeadByteInfo)

#define	NETWORK_OPEN_ECP_IN_FLAG_DISABLE_HANDLE_COLLAPSING 0x1

#define	NETWORK_OPEN_ECP_IN_FLAG_DISABLE_HANDLE_DURABILITY 0x2

#define	NETWORK_OPEN_ECP_IN_FLAG_FORCE_BUFFERED_SYNCHRONOUS_IO_HACK 0x80000000

#define	PIN_WAIT (1)

#define	PIN_EXCLUSIVE (2)

#define	PIN_NO_READ (4)

#define	PIN_IF_BCB (8)

#define	PIN_CALLER_TRACKS_DIRTY_DATA (32)

#define	PIN_HIGH_PRIORITY (64)

#define	MAP_WAIT 1

#define	MAP_NO_READ (16)

#define	MAP_HIGH_PRIORITY (64)

#define	IOCTL_REDIR_QUERY_PATH CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 99, METHOD_NEITHER, FILE_ANY_ACCESS)

#define	IOCTL_REDIR_QUERY_PATH_EX CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 100, METHOD_NEITHER, FILE_ANY_ACCESS)

#define	VOLSNAPCONTROLTYPE 0x00000053

#define	IOCTL_VOLSNAP_FLUSH_AND_HOLD_WRITES CTL_CODE(VOLSNAPCONTROLTYPE, 0, METHOD_BUFFERED, FILE_READ_ACCESS \| FILE_WRITE_ACCESS)

#define	VER_PRODUCTBUILD 10000

#define	FS_LFN_APIS 0x00004000

#define	FILE_STORAGE_TYPE_SPECIFIED 0x00000041 /* FILE_DIRECTORY_FILE \| FILE_NON_DIRECTORY_FILE */

#define	FILE_STORAGE_TYPE_DEFAULT (StorageTypeDefault << FILE_STORAGE_TYPE_SHIFT)

#define	FILE_STORAGE_TYPE_DIRECTORY (StorageTypeDirectory << FILE_STORAGE_TYPE_SHIFT)

#define	FILE_STORAGE_TYPE_FILE (StorageTypeFile << FILE_STORAGE_TYPE_SHIFT)

#define	FILE_STORAGE_TYPE_DOCFILE (StorageTypeDocfile << FILE_STORAGE_TYPE_SHIFT)

#define	FILE_STORAGE_TYPE_JUNCTION_POINT (StorageTypeJunctionPoint << FILE_STORAGE_TYPE_SHIFT)

#define	FILE_STORAGE_TYPE_CATALOG (StorageTypeCatalog << FILE_STORAGE_TYPE_SHIFT)

#define	FILE_STORAGE_TYPE_STRUCTURED_STORAGE (StorageTypeStructuredStorage << FILE_STORAGE_TYPE_SHIFT)

#define	FILE_STORAGE_TYPE_EMBEDDING (StorageTypeEmbedding << FILE_STORAGE_TYPE_SHIFT)

#define	FILE_STORAGE_TYPE_STREAM (StorageTypeStream << FILE_STORAGE_TYPE_SHIFT)

#define	FILE_MINIMUM_STORAGE_TYPE FILE_STORAGE_TYPE_DEFAULT

#define	FILE_MAXIMUM_STORAGE_TYPE FILE_STORAGE_TYPE_STREAM

#define	FILE_STORAGE_TYPE_MASK 0x000f0000

#define	FILE_STORAGE_TYPE_SHIFT 16

#define	FILE_VC_QUOTAS_LOG_VIOLATIONS 0x00000004

#define	IO_ATTACH_DEVICE_API 0x80000000

#define	IO_TYPE_APC 18

#define	IO_TYPE_DPC 19

#define	IO_TYPE_DEVICE_QUEUE 20

#define	IO_TYPE_EVENT_PAIR 21

#define	IO_TYPE_INTERRUPT 22

#define	IO_TYPE_PROFILE 23

#define	IRP_BEING_VERIFIED 0x10

#define	MAILSLOT_CLASS_FIRSTCLASS 1

#define	MAILSLOT_CLASS_SECONDCLASS 2

#define	MAILSLOT_SIZE_AUTO 0

#define	MEM_DOS_LIM 0x40000000

#define	OB_TYPE_TYPE 1

#define	OB_TYPE_DIRECTORY 2

#define	OB_TYPE_SYMBOLIC_LINK 3

#define	OB_TYPE_TOKEN 4

#define	OB_TYPE_PROCESS 5

#define	OB_TYPE_THREAD 6

#define	OB_TYPE_EVENT 7

#define	OB_TYPE_EVENT_PAIR 8

#define	OB_TYPE_MUTANT 9

#define	OB_TYPE_SEMAPHORE 10

#define	OB_TYPE_TIMER 11

#define	OB_TYPE_PROFILE 12

#define	OB_TYPE_WINDOW_STATION 13

#define	OB_TYPE_DESKTOP 14

#define	OB_TYPE_SECTION 15

#define	OB_TYPE_KEY 16

#define	OB_TYPE_PORT 17

#define	OB_TYPE_ADAPTER 18

#define	OB_TYPE_CONTROLLER 19

#define	OB_TYPE_DEVICE 20

#define	OB_TYPE_DRIVER 21

#define	OB_TYPE_IO_COMPLETION 22

#define	OB_TYPE_FILE 23

#define	SEC_BASED 0x00200000

#define	FSCTL_GET_HFS_INFORMATION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 31, METHOD_BUFFERED, FILE_ANY_ACCESS)

#define	FSCTL_READ_PROPERTY_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 33, METHOD_NEITHER, FILE_ANY_ACCESS)

#define	FSCTL_WRITE_PROPERTY_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 34, METHOD_NEITHER, FILE_ANY_ACCESS)

#define	FSCTL_DUMP_PROPERTY_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 37, METHOD_NEITHER, FILE_ANY_ACCESS)

#define	FSCTL_HSM_MSG CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 66, METHOD_BUFFERED, FILE_READ_DATA \| FILE_WRITE_DATA)

#define	FSCTL_NSS_CONTROL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 67, METHOD_BUFFERED, FILE_WRITE_DATA)

#define	FSCTL_HSM_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 68, METHOD_NEITHER, FILE_READ_DATA \| FILE_WRITE_DATA)

#define	FSCTL_NSS_RCONTROL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 70, METHOD_BUFFERED, FILE_READ_DATA)

#define	FSCTL_NETWORK_SET_CONFIGURATION_INFO CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 102, METHOD_IN_DIRECT, FILE_ANY_ACCESS)

#define	FSCTL_NETWORK_GET_CONFIGURATION_INFO CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 103, METHOD_OUT_DIRECT, FILE_ANY_ACCESS)

#define	FSCTL_NETWORK_GET_CONNECTION_INFO CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 104, METHOD_NEITHER, FILE_ANY_ACCESS)

#define	FSCTL_NETWORK_ENUMERATE_CONNECTIONS CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 105, METHOD_NEITHER, FILE_ANY_ACCESS)

#define	FSCTL_NETWORK_DELETE_CONNECTION CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 107, METHOD_BUFFERED, FILE_ANY_ACCESS)

#define	FSCTL_NETWORK_GET_STATISTICS CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 116, METHOD_BUFFERED, FILE_ANY_ACCESS)

#define	FSCTL_NETWORK_SET_DOMAIN_NAME CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 120, METHOD_BUFFERED, FILE_ANY_ACCESS)

#define	FSCTL_NETWORK_REMOTE_BOOT_INIT_SCRT CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 250, METHOD_BUFFERED, FILE_ANY_ACCESS)

#define	LPC_CLIENT_ID CLIENT_ID

#define	LPC_SIZE_T SIZE_T

#define	LPC_PVOID PVOID

#define	LPC_HANDLE HANDLE

#define	LPC_KERNELMODE_MESSAGE (CSHORT)((USHORT)0x8000)

#define	PsDereferenceImpersonationToken(T)

#define	SeEnableAccessToExports() SeExports = (PSE_EXPORTS )SeExports;

Typedefs
typedef STRING	LSA_STRING

typedef STRING *	PLSA_STRING

typedef OBJECT_ATTRIBUTES	LSA_OBJECT_ATTRIBUTES

typedef OBJECT_ATTRIBUTES *	PLSA_OBJECT_ATTRIBUTES

typedef ULONG	LSA_OPERATIONAL_MODE

typedef ULONG *	PLSA_OPERATIONAL_MODE

typedef enum _SECURITY_LOGON_TYPE	SECURITY_LOGON_TYPE

typedef enum _SECURITY_LOGON_TYPE *	PSECURITY_LOGON_TYPE

typedef enum _MSV1_0_LOGON_SUBMIT_TYPE	MSV1_0_LOGON_SUBMIT_TYPE

typedef enum _MSV1_0_LOGON_SUBMIT_TYPE *	PMSV1_0_LOGON_SUBMIT_TYPE

typedef enum _MSV1_0_PROFILE_BUFFER_TYPE	MSV1_0_PROFILE_BUFFER_TYPE

typedef enum _MSV1_0_PROFILE_BUFFER_TYPE *	PMSV1_0_PROFILE_BUFFER_TYPE

typedef struct _MSV1_0_INTERACTIVE_LOGON	MSV1_0_INTERACTIVE_LOGON

typedef struct _MSV1_0_INTERACTIVE_LOGON *	PMSV1_0_INTERACTIVE_LOGON

typedef struct _MSV1_0_INTERACTIVE_PROFILE	MSV1_0_INTERACTIVE_PROFILE

typedef struct _MSV1_0_INTERACTIVE_PROFILE *	PMSV1_0_INTERACTIVE_PROFILE

typedef struct _MSV1_0_LM20_LOGON	MSV1_0_LM20_LOGON

typedef struct _MSV1_0_LM20_LOGON *	PMSV1_0_LM20_LOGON

typedef struct _MSV1_0_SUBAUTH_LOGON	MSV1_0_SUBAUTH_LOGON

typedef struct _MSV1_0_SUBAUTH_LOGON *	PMSV1_0_SUBAUTH_LOGON

typedef struct _MSV1_0_LM20_LOGON_PROFILE	MSV1_0_LM20_LOGON_PROFILE

typedef struct _MSV1_0_LM20_LOGON_PROFILE *	PMSV1_0_LM20_LOGON_PROFILE

typedef struct _MSV1_0_SUPPLEMENTAL_CREDENTIAL	MSV1_0_SUPPLEMENTAL_CREDENTIAL

typedef struct _MSV1_0_SUPPLEMENTAL_CREDENTIAL *	PMSV1_0_SUPPLEMENTAL_CREDENTIAL

typedef struct _MSV1_0_NTLM3_RESPONSE	MSV1_0_NTLM3_RESPONSE

typedef struct _MSV1_0_NTLM3_RESPONSE *	PMSV1_0_NTLM3_RESPONSE

typedef enum _MSV1_0_AVID	MSV1_0_AVID

typedef struct _MSV1_0_AV_PAIR	MSV1_0_AV_PAIR

typedef struct _MSV1_0_AV_PAIR *	PMSV1_0_AV_PAIR

typedef enum _MSV1_0_PROTOCOL_MESSAGE_TYPE	MSV1_0_PROTOCOL_MESSAGE_TYPE

typedef enum _MSV1_0_PROTOCOL_MESSAGE_TYPE *	PMSV1_0_PROTOCOL_MESSAGE_TYPE

typedef struct _MSV1_0_LM20_CHALLENGE_REQUEST	MSV1_0_LM20_CHALLENGE_REQUEST

typedef struct _MSV1_0_LM20_CHALLENGE_REQUEST *	PMSV1_0_LM20_CHALLENGE_REQUEST

typedef struct _MSV1_0_LM20_CHALLENGE_RESPONSE	MSV1_0_LM20_CHALLENGE_RESPONSE

typedef struct _MSV1_0_LM20_CHALLENGE_RESPONSE *	PMSV1_0_LM20_CHALLENGE_RESPONSE

typedef struct _MSV1_0_GETCHALLENRESP_REQUEST_V1	MSV1_0_GETCHALLENRESP_REQUEST_V1

typedef struct _MSV1_0_GETCHALLENRESP_REQUEST_V1 *	PMSV1_0_GETCHALLENRESP_REQUEST_V1

typedef struct _MSV1_0_GETCHALLENRESP_REQUEST	MSV1_0_GETCHALLENRESP_REQUEST

typedef struct _MSV1_0_GETCHALLENRESP_REQUEST *	PMSV1_0_GETCHALLENRESP_REQUEST

typedef struct _MSV1_0_GETCHALLENRESP_RESPONSE	MSV1_0_GETCHALLENRESP_RESPONSE

typedef struct _MSV1_0_GETCHALLENRESP_RESPONSE *	PMSV1_0_GETCHALLENRESP_RESPONSE

typedef struct _MSV1_0_ENUMUSERS_REQUEST	MSV1_0_ENUMUSERS_REQUEST

typedef struct _MSV1_0_ENUMUSERS_REQUEST *	PMSV1_0_ENUMUSERS_REQUEST

typedef struct _MSV1_0_ENUMUSERS_RESPONSE	MSV1_0_ENUMUSERS_RESPONSE

typedef struct _MSV1_0_ENUMUSERS_RESPONSE *	PMSV1_0_ENUMUSERS_RESPONSE

typedef struct _MSV1_0_GETUSERINFO_REQUEST	MSV1_0_GETUSERINFO_REQUEST

typedef struct _MSV1_0_GETUSERINFO_REQUEST *	PMSV1_0_GETUSERINFO_REQUEST

typedef struct _MSV1_0_GETUSERINFO_RESPONSE	MSV1_0_GETUSERINFO_RESPONSE

typedef struct _MSV1_0_GETUSERINFO_RESPONSE *	PMSV1_0_GETUSERINFO_RESPONSE

typedef struct _PUBLIC_OBJECT_TYPE_INFORMATION	PUBLIC_OBJECT_TYPE_INFORMATION

typedef struct _PUBLIC_OBJECT_TYPE_INFORMATION *	PPUBLIC_OBJECT_TYPE_INFORMATION

typedef enum _NETWORK_OPEN_LOCATION_QUALIFIER	NETWORK_OPEN_LOCATION_QUALIFIER

typedef enum _NETWORK_OPEN_INTEGRITY_QUALIFIER	NETWORK_OPEN_INTEGRITY_QUALIFIER

typedef struct _NETWORK_OPEN_ECP_CONTEXT	NETWORK_OPEN_ECP_CONTEXT

typedef struct _NETWORK_OPEN_ECP_CONTEXT *	PNETWORK_OPEN_ECP_CONTEXT

typedef struct _NETWORK_OPEN_ECP_CONTEXT_V0	NETWORK_OPEN_ECP_CONTEXT_V0

typedef struct _NETWORK_OPEN_ECP_CONTEXT_V0 *	PNETWORK_OPEN_ECP_CONTEXT_V0

typedef struct _PREFETCH_OPEN_ECP_CONTEXT	PREFETCH_OPEN_ECP_CONTEXT

typedef struct _PREFETCH_OPEN_ECP_CONTEXT *	PPREFETCH_OPEN_ECP_CONTEXT

typedef struct sockaddr_storage *	PSOCKADDR_STORAGE_NFS

typedef struct _NFS_OPEN_ECP_CONTEXT	NFS_OPEN_ECP_CONTEXT

typedef struct _NFS_OPEN_ECP_CONTEXT *	PNFS_OPEN_ECP_CONTEXT

typedef struct _NFS_OPEN_ECP_CONTEXT **	PPNFS_OPEN_ECP_CONTEXT

typedef struct _SRV_OPEN_ECP_CONTEXT	SRV_OPEN_ECP_CONTEXT

typedef struct _SRV_OPEN_ECP_CONTEXT *	PSRV_OPEN_ECP_CONTEXT

typedef struct _QUERY_PATH_REQUEST	QUERY_PATH_REQUEST

typedef struct _QUERY_PATH_REQUEST *	PQUERY_PATH_REQUEST

typedef struct _QUERY_PATH_REQUEST_EX	QUERY_PATH_REQUEST_EX

typedef struct _QUERY_PATH_REQUEST_EX *	PQUERY_PATH_REQUEST_EX

typedef struct _QUERY_PATH_RESPONSE	QUERY_PATH_RESPONSE

typedef struct _QUERY_PATH_RESPONSE *	PQUERY_PATH_RESPONSE

typedef enum _FILE_STORAGE_TYPE	FILE_STORAGE_TYPE

typedef struct _OBJECT_BASIC_INFORMATION	OBJECT_BASIC_INFORMATION

typedef struct _OBJECT_BASIC_INFORMATION *	POBJECT_BASIC_INFORMATION

typedef struct _FILE_COPY_ON_WRITE_INFORMATION	FILE_COPY_ON_WRITE_INFORMATION

typedef struct _FILE_COPY_ON_WRITE_INFORMATION *	PFILE_COPY_ON_WRITE_INFORMATION

typedef struct _FILE_FULL_DIRECTORY_INFORMATION	FILE_FULL_DIRECTORY_INFORMATION

typedef struct _FILE_FULL_DIRECTORY_INFORMATION *	PFILE_FULL_DIRECTORY_INFORMATION

typedef struct _FILE_SHARED_LOCK_ENTRY	FILE_SHARED_LOCK_ENTRY

typedef struct _FILE_SHARED_LOCK_ENTRY *	PFILE_SHARED_LOCK_ENTRY

typedef struct _FILE_EXCLUSIVE_LOCK_ENTRY	FILE_EXCLUSIVE_LOCK_ENTRY

typedef struct _FILE_EXCLUSIVE_LOCK_ENTRY *	PFILE_EXCLUSIVE_LOCK_ENTRY

typedef struct _FILE_MAILSLOT_PEEK_BUFFER	FILE_MAILSLOT_PEEK_BUFFER

typedef struct _FILE_MAILSLOT_PEEK_BUFFER *	PFILE_MAILSLOT_PEEK_BUFFER

typedef struct _FILE_OLE_CLASSID_INFORMATION	FILE_OLE_CLASSID_INFORMATION

typedef struct _FILE_OLE_CLASSID_INFORMATION *	PFILE_OLE_CLASSID_INFORMATION

typedef struct _FILE_OLE_ALL_INFORMATION	FILE_OLE_ALL_INFORMATION

typedef struct _FILE_OLE_ALL_INFORMATION *	PFILE_OLE_ALL_INFORMATION

typedef struct _FILE_OLE_DIR_INFORMATION	FILE_OLE_DIR_INFORMATION

typedef struct _FILE_OLE_DIR_INFORMATION *	PFILE_OLE_DIR_INFORMATION

typedef struct _FILE_OLE_INFORMATION	FILE_OLE_INFORMATION

typedef struct _FILE_OLE_INFORMATION *	PFILE_OLE_INFORMATION

typedef struct _FILE_OLE_STATE_BITS_INFORMATION	FILE_OLE_STATE_BITS_INFORMATION

typedef struct _FILE_OLE_STATE_BITS_INFORMATION *	PFILE_OLE_STATE_BITS_INFORMATION

typedef struct _MAPPING_PAIR	MAPPING_PAIR

typedef struct _MAPPING_PAIR *	PMAPPING_PAIR

typedef struct _GET_RETRIEVAL_DESCRIPTOR	GET_RETRIEVAL_DESCRIPTOR

typedef struct _GET_RETRIEVAL_DESCRIPTOR *	PGET_RETRIEVAL_DESCRIPTOR

typedef struct _MOVEFILE_DESCRIPTOR	MOVEFILE_DESCRIPTOR

typedef struct _MOVEFILE_DESCRIPTOR *	PMOVEFILE_DESCRIPTOR

typedef struct _OBJECT_BASIC_INFO	OBJECT_BASIC_INFO

typedef struct _OBJECT_BASIC_INFO *	POBJECT_BASIC_INFO

typedef struct _OBJECT_HANDLE_ATTRIBUTE_INFO	OBJECT_HANDLE_ATTRIBUTE_INFO

typedef struct _OBJECT_HANDLE_ATTRIBUTE_INFO *	POBJECT_HANDLE_ATTRIBUTE_INFO

typedef struct _OBJECT_NAME_INFO	OBJECT_NAME_INFO

typedef struct _OBJECT_NAME_INFO *	POBJECT_NAME_INFO

typedef struct _OBJECT_PROTECTION_INFO	OBJECT_PROTECTION_INFO

typedef struct _OBJECT_PROTECTION_INFO *	POBJECT_PROTECTION_INFO

typedef struct _OBJECT_TYPE_INFO	OBJECT_TYPE_INFO

typedef struct _OBJECT_TYPE_INFO *	POBJECT_TYPE_INFO

typedef struct _OBJECT_ALL_TYPES_INFO	OBJECT_ALL_TYPES_INFO

typedef struct _OBJECT_ALL_TYPES_INFO *	POBJECT_ALL_TYPES_INFO

typedef struct _PORT_MESSAGE	PORT_MESSAGE

typedef struct _PORT_MESSAGE *	PPORT_MESSAGE

typedef struct _PORT_VIEW	PORT_VIEW

typedef struct _PORT_VIEW *	PPORT_VIEW

typedef struct _REMOTE_PORT_VIEW	REMOTE_PORT_VIEW

typedef struct _REMOTE_PORT_VIEW *	PREMOTE_PORT_VIEW

typedef struct _VAD_HEADER	VAD_HEADER

typedef struct _VAD_HEADER *	PVAD_HEADER

Enumerations
enum	_SECURITY_LOGON_TYPE { Interactive = 2 , Network , Batch , Service , Proxy , Unlock , UndefinedLogonType = 0 , Interactive = 2 , Network , Batch , Service , Proxy , Unlock , NetworkCleartext , NewCredentials }

enum	_MSV1_0_LOGON_SUBMIT_TYPE { MsV1_0InteractiveLogon = 2 , MsV1_0Lm20Logon , MsV1_0NetworkLogon , MsV1_0SubAuthLogon , MsV1_0WorkstationUnlockLogon = 7 , MsV1_0InteractiveLogon = 2 , MsV1_0Lm20Logon , MsV1_0NetworkLogon , MsV1_0SubAuthLogon , MsV1_0WorkstationUnlockLogon = 7 , MsV1_0S4ULogon = 12 , MsV1_0VirtualLogon = 82 }

enum	_MSV1_0_PROFILE_BUFFER_TYPE { MsV1_0InteractiveProfile = 2 , MsV1_0Lm20LogonProfile , MsV1_0SmartCardProfile , MsV1_0InteractiveProfile = 2 , MsV1_0Lm20LogonProfile , MsV1_0SmartCardProfile }

enum	_MSV1_0_AVID { MsvAvEOL , MsvAvNbComputerName , MsvAvNbDomainName , MsvAvDnsComputerName , MsvAvDnsDomainName }

enum	_MSV1_0_PROTOCOL_MESSAGE_TYPE { MsV1_0Lm20ChallengeRequest = 0 , MsV1_0Lm20GetChallengeResponse , MsV1_0EnumerateUsers , MsV1_0GetUserInfo , MsV1_0ReLogonUsers , MsV1_0ChangePassword , MsV1_0ChangeCachedPassword , MsV1_0GenericPassthrough , MsV1_0CacheLogon , MsV1_0SubAuth , MsV1_0DeriveCredential , MsV1_0CacheLookup , MsV1_0SetProcessOption , MsV1_0Lm20ChallengeRequest = 0 , MsV1_0Lm20GetChallengeResponse , MsV1_0EnumerateUsers , MsV1_0GetUserInfo , MsV1_0ReLogonUsers , MsV1_0ChangePassword , MsV1_0ChangeCachedPassword , MsV1_0GenericPassthrough , MsV1_0CacheLogon , MsV1_0SubAuth , MsV1_0DeriveCredential , MsV1_0CacheLookup }

enum	_NETWORK_OPEN_LOCATION_QUALIFIER { NetworkOpenLocationAny , NetworkOpenLocationRemote , NetworkOpenLocationLoopback }

enum	_NETWORK_OPEN_INTEGRITY_QUALIFIER { NetworkOpenIntegrityAny , NetworkOpenIntegrityNone , NetworkOpenIntegritySigned , NetworkOpenIntegrityEncrypted , NetworkOpenIntegrityMaximum }

enum	_FILE_STORAGE_TYPE { StorageTypeDefault = 1 , StorageTypeDirectory , StorageTypeFile , StorageTypeJunctionPoint , StorageTypeCatalog , StorageTypeStructuredStorage , StorageTypeEmbedding , StorageTypeStream }

Functions
	$define (UCHAR=UCHAR) $define(ULONG

	$include (setypes.h) $include(obtypes.h) $include(rtltypes.h) $include(rtlfuncs.h) _IRQL_requires_max_(PASSIVE_LEVEL) __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtQueryObject(_In_opt_ HANDLE Handle

_In_ OBJECT_INFORMATION_CLASS	_Out_writes_bytes_opt_ (ObjectInformationLength) PVOID ObjectInformation

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI	NtOpenThreadToken (_In_ HANDLE ThreadHandle, _In_ ACCESS_MASK DesiredAccess, _In_ BOOLEAN OpenAsSelf, _Out_ PHANDLE TokenHandle)
	Opens a token that is tied to a thread handle.

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI	NtOpenProcessToken (_In_ HANDLE ProcessHandle, _In_ ACCESS_MASK DesiredAccess, _Out_ PHANDLE TokenHandle)

	_When_ (TokenInformationClass==TokenAccessInformation, _At_(TokenInformationLength, _In_range_(>=, sizeof(TOKEN_ACCESS_INFORMATION)))) _Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtQueryInformationToken(_In_ HANDLE TokenHandle

_In_ TOKEN_INFORMATION_CLASS	_Out_writes_bytes_to_opt_ (TokenInformationLength, *ReturnLength) PVOID TokenInformation

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI	NtAdjustPrivilegesToken (_In_ HANDLE TokenHandle, _In_ BOOLEAN DisableAllPrivileges, _In_opt_ PTOKEN_PRIVILEGES NewState, _In_ ULONG BufferLength, _Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_PRIVILEGES PreviousState, _When_(PreviousState !=NULL, _Out_) PULONG ReturnLength)

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI	NtCreateFile (_Out_ PHANDLE FileHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES ObjectAttributes, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _In_opt_ PLARGE_INTEGER AllocationSize, _In_ ULONG FileAttributes, _In_ ULONG ShareAccess, _In_ ULONG CreateDisposition, _In_ ULONG CreateOptions, _In_reads_bytes_opt_(EaLength) PVOID EaBuffer, _In_ ULONG EaLength)

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI	NtDeviceIoControlFile (_In_ HANDLE FileHandle, _In_opt_ HANDLE Event, _In_opt_ PIO_APC_ROUTINE ApcRoutine, _In_opt_ PVOID ApcContext, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _In_ ULONG IoControlCode, _In_reads_bytes_opt_(InputBufferLength) PVOID InputBuffer, _In_ ULONG InputBufferLength, _Out_writes_bytes_opt_(OutputBufferLength) PVOID OutputBuffer, _In_ ULONG OutputBufferLength)

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI	NtFsControlFile (_In_ HANDLE FileHandle, _In_opt_ HANDLE Event, _In_opt_ PIO_APC_ROUTINE ApcRoutine, _In_opt_ PVOID ApcContext, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _In_ ULONG FsControlCode, _In_reads_bytes_opt_(InputBufferLength) PVOID InputBuffer, _In_ ULONG InputBufferLength, _Out_writes_bytes_opt_(OutputBufferLength) PVOID OutputBuffer, _In_ ULONG OutputBufferLength)

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI	NtLockFile (_In_ HANDLE FileHandle, _In_opt_ HANDLE Event, _In_opt_ PIO_APC_ROUTINE ApcRoutine, _In_opt_ PVOID ApcContext, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _In_ PLARGE_INTEGER ByteOffset, _In_ PLARGE_INTEGER Length, _In_ ULONG Key, _In_ BOOLEAN FailImmediately, _In_ BOOLEAN ExclusiveLock)

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI	NtOpenFile (_Out_ PHANDLE FileHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES ObjectAttributes, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _In_ ULONG ShareAccess, _In_ ULONG OpenOptions)

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI	NtQueryDirectoryFile (_In_ HANDLE FileHandle, _In_opt_ HANDLE Event, _In_opt_ PIO_APC_ROUTINE ApcRoutine, _In_opt_ PVOID ApcContext, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _Out_writes_bytes_(Length) PVOID FileInformation, _In_ ULONG Length, _In_ FILE_INFORMATION_CLASS FileInformationClass, _In_ BOOLEAN ReturnSingleEntry, _In_opt_ PUNICODE_STRING FileName, _In_ BOOLEAN RestartScan)

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI	NtQueryInformationFile (_In_ HANDLE FileHandle, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _Out_writes_bytes_(Length) PVOID FileInformation, _In_ ULONG Length, _In_ FILE_INFORMATION_CLASS FileInformationClass)

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI	NtQueryQuotaInformationFile (_In_ HANDLE FileHandle, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _Out_writes_bytes_(Length) PVOID Buffer, _In_ ULONG Length, _In_ BOOLEAN ReturnSingleEntry, _In_reads_bytes_opt_(SidListLength) PVOID SidList, _In_ ULONG SidListLength, _In_reads_bytes_opt_((8+(4 ((SID ) StartSid) ->SubAuthorityCount))) PSID StartSid, _In_ BOOLEAN RestartScan)

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI	NtQueryVolumeInformationFile (_In_ HANDLE FileHandle, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _Out_writes_bytes_(Length) PVOID FsInformation, _In_ ULONG Length, _In_ FS_INFORMATION_CLASS FsInformationClass)

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI	NtReadFile (_In_ HANDLE FileHandle, _In_opt_ HANDLE Event, _In_opt_ PIO_APC_ROUTINE ApcRoutine, _In_opt_ PVOID ApcContext, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _Out_writes_bytes_(Length) PVOID Buffer, _In_ ULONG Length, _In_opt_ PLARGE_INTEGER ByteOffset, _In_opt_ PULONG Key)

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI	NtSetInformationFile (_In_ HANDLE FileHandle, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _In_reads_bytes_(Length) PVOID FileInformation, _In_ ULONG Length, _In_ FILE_INFORMATION_CLASS FileInformationClass)

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI	NtSetQuotaInformationFile (_In_ HANDLE FileHandle, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _In_reads_bytes_(Length) PVOID Buffer, _In_ ULONG Length)

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI	NtSetVolumeInformationFile (_In_ HANDLE FileHandle, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _In_reads_bytes_(Length) PVOID FsInformation, _In_ ULONG Length, _In_ FS_INFORMATION_CLASS FsInformationClass)

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI	NtWriteFile (_In_ HANDLE FileHandle, _In_opt_ HANDLE Event, _In_opt_ PIO_APC_ROUTINE ApcRoutine, _In_opt_ PVOID ApcContext, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _In_reads_bytes_(Length) PVOID Buffer, _In_ ULONG Length, _In_opt_ PLARGE_INTEGER ByteOffset, _In_opt_ PULONG Key)

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI	NtUnlockFile (_In_ HANDLE FileHandle, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _In_ PLARGE_INTEGER ByteOffset, _In_ PLARGE_INTEGER Length, _In_ ULONG Key)

	_IRQL_requires_max_ (PASSIVE_LEVEL) __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtSetSecurityObject(_In_ HANDLE Handle
	Queries information details about a security descriptor.

_In_ SECURITY_INFORMATION	_Out_writes_bytes_opt_ (Length) PSECURITY_DESCRIPTOR SecurityDescriptor

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI	NtOpenThreadTokenEx (_In_ HANDLE ThreadHandle, _In_ ACCESS_MASK DesiredAccess, _In_ BOOLEAN OpenAsSelf, _In_ ULONG HandleAttributes, _Out_ PHANDLE TokenHandle)
	Opens a token that is tied to a thread handle.

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI	NtOpenProcessTokenEx (_In_ HANDLE ProcessHandle, _In_ ACCESS_MASK DesiredAccess, _In_ ULONG HandleAttributes, _Out_ PHANDLE TokenHandle)

_Must_inspect_result_ NTSYSAPI NTSTATUS NTAPI	NtOpenJobObjectToken (_In_ HANDLE JobHandle, _In_ ACCESS_MASK DesiredAccess, _Out_ PHANDLE TokenHandle)

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI	NtDuplicateToken (_In_ HANDLE ExistingTokenHandle, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ BOOLEAN EffectiveOnly, _In_ TOKEN_TYPE TokenType, _Out_ PHANDLE NewTokenHandle)
	Duplicates a token.

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI	NtFilterToken (_In_ HANDLE ExistingTokenHandle, _In_ ULONG Flags, _In_opt_ PTOKEN_GROUPS SidsToDisable, _In_opt_ PTOKEN_PRIVILEGES PrivilegesToDelete, _In_opt_ PTOKEN_GROUPS RestrictedSids, _Out_ PHANDLE NewTokenHandle)
	Creates an access token in a restricted form from the original existing token, that is, such action is called filtering.

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI	NtImpersonateAnonymousToken (_In_ HANDLE ThreadHandle)
	Allows the calling thread to impersonate the system's anonymous logon token.

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI	NtSetInformationToken (_In_ HANDLE TokenHandle, _In_ TOKEN_INFORMATION_CLASS TokenInformationClass, _In_reads_bytes_(TokenInformationLength) PVOID TokenInformation, _In_ ULONG TokenInformationLength)
	Sets (modifies) some specific information in regard of an access token. The calling thread must have specific access rights in order to modify token's information data.

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI	NtAdjustGroupsToken (_In_ HANDLE TokenHandle, _In_ BOOLEAN ResetToDefault, _In_opt_ PTOKEN_GROUPS NewState, _In_opt_ ULONG BufferLength, _Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_GROUPS PreviousState, _Out_ PULONG ReturnLength)

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI	NtPrivilegeCheck (_In_ HANDLE ClientToken, _Inout_ PPRIVILEGE_SET RequiredPrivileges, _Out_ PBOOLEAN Result)

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI	NtAccessCheckAndAuditAlarm (_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ PUNICODE_STRING ObjectTypeName, _In_ PUNICODE_STRING ObjectName, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ ACCESS_MASK DesiredAccess, _In_ PGENERIC_MAPPING GenericMapping, _In_ BOOLEAN ObjectCreation, _Out_ PACCESS_MASK GrantedAccess, _Out_ PNTSTATUS AccessStatus, _Out_ PBOOLEAN GenerateOnClose)
	Raises an alarm audit message when a caller attempts to access an object and determine if the access can be made.

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI	NtAccessCheckByTypeAndAuditAlarm (_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ PUNICODE_STRING ObjectTypeName, _In_ PUNICODE_STRING ObjectName, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_opt_ PSID PrincipalSelfSid, _In_ ACCESS_MASK DesiredAccess, _In_ AUDIT_EVENT_TYPE AuditType, _In_ ULONG Flags, _In_reads_opt_(ObjectTypeLength) POBJECT_TYPE_LIST ObjectTypeList, _In_ ULONG ObjectTypeLength, _In_ PGENERIC_MAPPING GenericMapping, _In_ BOOLEAN ObjectCreation, _Out_ PACCESS_MASK GrantedAccess, _Out_ PNTSTATUS AccessStatus, _Out_ PBOOLEAN GenerateOnClose)
	Raises an alarm audit message when a caller attempts to access an object and determine if the access can be made by type.

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI	NtAccessCheckByTypeResultListAndAuditAlarm (_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ PUNICODE_STRING ObjectTypeName, _In_ PUNICODE_STRING ObjectName, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_opt_ PSID PrincipalSelfSid, _In_ ACCESS_MASK DesiredAccess, _In_ AUDIT_EVENT_TYPE AuditType, _In_ ULONG Flags, _In_reads_opt_(ObjectTypeListLength) POBJECT_TYPE_LIST ObjectTypeList, _In_ ULONG ObjectTypeListLength, _In_ PGENERIC_MAPPING GenericMapping, _In_ BOOLEAN ObjectCreation, _Out_writes_(ObjectTypeListLength) PACCESS_MASK GrantedAccess, _Out_writes_(ObjectTypeListLength) PNTSTATUS AccessStatus, _Out_ PBOOLEAN GenerateOnClose)
	Raises an alarm audit message when a caller attempts to access an object and determine if the access can be made by given type result.

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI	NtAccessCheckByTypeResultListAndAuditAlarmByHandle (_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ HANDLE ClientToken, _In_ PUNICODE_STRING ObjectTypeName, _In_ PUNICODE_STRING ObjectName, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_opt_ PSID PrincipalSelfSid, _In_ ACCESS_MASK DesiredAccess, _In_ AUDIT_EVENT_TYPE AuditType, _In_ ULONG Flags, _In_reads_opt_(ObjectTypeListLength) POBJECT_TYPE_LIST ObjectTypeList, _In_ ULONG ObjectTypeListLength, _In_ PGENERIC_MAPPING GenericMapping, _In_ BOOLEAN ObjectCreation, _Out_writes_(ObjectTypeListLength) PACCESS_MASK GrantedAccess, _Out_writes_(ObjectTypeListLength) PNTSTATUS AccessStatus, _Out_ PBOOLEAN GenerateOnClose)
	Raises an alarm audit message when a caller attempts to access an object and determine if the access can be made by given type result and a token handle.

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI	NtOpenObjectAuditAlarm (_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ PUNICODE_STRING ObjectTypeName, _In_ PUNICODE_STRING ObjectName, _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ HANDLE ClientToken, _In_ ACCESS_MASK DesiredAccess, _In_ ACCESS_MASK GrantedAccess, _In_opt_ PPRIVILEGE_SET Privileges, _In_ BOOLEAN ObjectCreation, _In_ BOOLEAN AccessGranted, _Out_ PBOOLEAN GenerateOnClose)
	Raises an alarm audit message when an object is about to be opened.

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI	NtPrivilegeObjectAuditAlarm (_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ HANDLE ClientToken, _In_ ACCESS_MASK DesiredAccess, _In_ PPRIVILEGE_SET Privileges, _In_ BOOLEAN AccessGranted)

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI	NtCloseObjectAuditAlarm (_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ BOOLEAN GenerateOnClose)

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI	NtDeleteObjectAuditAlarm (_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ BOOLEAN GenerateOnClose)

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI	NtPrivilegedServiceAuditAlarm (_In_ PUNICODE_STRING SubsystemName, _In_ PUNICODE_STRING ServiceName, _In_ HANDLE ClientToken, _In_ PPRIVILEGE_SET Privileges, _In_ BOOLEAN AccessGranted)

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI	NtSetInformationThread (_In_ HANDLE ThreadHandle, _In_ THREADINFOCLASS ThreadInformationClass, _In_reads_bytes_(ThreadInformationLength) PVOID ThreadInformation, _In_ ULONG ThreadInformationLength)

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI	NtCreateSection (_Out_ PHANDLE SectionHandle, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_opt_ PLARGE_INTEGER MaximumSize, _In_ ULONG SectionPageProtection, _In_ ULONG AllocationAttributes, _In_opt_ HANDLE FileHandle)

_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG	_In_reads_bytes_ (AuthenticationInformationLength) PVOID AuthenticationInformation

_IRQL_requires_same_ NTSTATUS NTAPI	LsaFreeReturnBuffer (_In_ PVOID Buffer)

	$include (iotypes.h) typedef struct _PUBLIC_OBJECT_BASIC_INFORMATION

	$include (ketypes.h) $include(kefuncs.h) $include(extypes.h) $include(exfuncs.h) $include(sefuncs.h) $include(psfuncs.h) $include(iofuncs.h) $include(potypes.h) $include(pofuncs.h) $include(mmtypes.h) $include(mmfuncs.h) $include(obfuncs.h) $include(fsrtltypes.h) $include(fsrtlfuncs.h) $include(cctypes.h) $include(ccfuncs.h) $include(zwfuncs.h) $include(sspi.h) C_ASSERT(sizeof(ERESOURCE)

	C_ASSERT (FIELD_OFFSET(ERESOURCE, ActiveCount)==0x0c)

	C_ASSERT (FIELD_OFFSET(ERESOURCE, Flag)==0x0e)

	DEFINE_GUID (GUID_ECP_NETWORK_OPEN_CONTEXT, 0xc584edbf, 0x00df, 0x4d28, 0xb8, 0x84, 0x35, 0xba, 0xca, 0x89, 0x11, 0xe8)

	DEFINE_GUID (GUID_ECP_PREFETCH_OPEN, 0xe1777b21, 0x847e, 0x4837, 0xaa, 0x45, 0x64, 0x16, 0x1d, 0x28, 0x6, 0x55)

	DEFINE_GUID (GUID_ECP_NFS_OPEN, 0xf326d30c, 0xe5f8, 0x4fe7, 0xab, 0x74, 0xf5, 0xa3, 0x19, 0x6d, 0x92, 0xdb)

	DEFINE_GUID (GUID_ECP_SRV_OPEN, 0xbebfaebc, 0xaabf, 0x489d, 0x9d, 0x2c, 0xe9, 0xe3, 0x61, 0x10, 0x28, 0x53)

NTKERNELAPI LARGE_INTEGER NTAPI	CcGetLsnForFileObject (_In_ PFILE_OBJECT FileObject, _Out_opt_ PLARGE_INTEGER OldestLsn)

NTKERNELAPI PVOID NTAPI	FsRtlAllocatePool (_In_ POOL_TYPE PoolType, _In_ ULONG NumberOfBytes)

NTKERNELAPI PVOID NTAPI	FsRtlAllocatePoolWithQuota (_In_ POOL_TYPE PoolType, _In_ ULONG NumberOfBytes)

NTKERNELAPI PVOID NTAPI	FsRtlAllocatePoolWithQuotaTag (_In_ POOL_TYPE PoolType, _In_ ULONG NumberOfBytes, _In_ ULONG Tag)

NTKERNELAPI PVOID NTAPI	FsRtlAllocatePoolWithTag (_In_ POOL_TYPE PoolType, _In_ ULONG NumberOfBytes, _In_ ULONG Tag)

NTKERNELAPI BOOLEAN NTAPI	FsRtlMdlReadComplete (_In_ PFILE_OBJECT FileObject, _In_ PMDL MdlChain)

NTKERNELAPI BOOLEAN NTAPI	FsRtlMdlWriteComplete (_In_ PFILE_OBJECT FileObject, _In_ PLARGE_INTEGER FileOffset, _In_ PMDL MdlChain)

NTKERNELAPI VOID NTAPI	FsRtlNotifyChangeDirectory (_In_ PNOTIFY_SYNC NotifySync, _In_ PVOID FsContext, _In_ PSTRING FullDirectoryName, _In_ PLIST_ENTRY NotifyList, _In_ BOOLEAN WatchTree, _In_ ULONG CompletionFilter, _In_ PIRP NotifyIrp)

NTKERNELAPI NTSTATUS NTAPI	ObCreateObject (_In_opt_ KPROCESSOR_MODE ObjectAttributesAccessMode, _In_ POBJECT_TYPE ObjectType, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ KPROCESSOR_MODE AccessMode, _Inout_opt_ PVOID ParseContext, _In_ ULONG ObjectSize, _In_opt_ ULONG PagedPoolCharge, _In_opt_ ULONG NonPagedPoolCharge, _Out_ PVOID *Object)

NTKERNELAPI NTSTATUS NTAPI	ObReferenceObjectByName (_In_ PUNICODE_STRING ObjectName, _In_ ULONG Attributes, _In_opt_ PACCESS_STATE PassedAccessState, _In_opt_ ACCESS_MASK DesiredAccess, _In_ POBJECT_TYPE ObjectType, _In_ KPROCESSOR_MODE AccessMode, _Inout_opt_ PVOID ParseContext, _Out_ PVOID *Object)

NTKERNELAPI NTSTATUS NTAPI	PsLookupProcessThreadByCid (_In_ PCLIENT_ID Cid, _Out_opt_ PEPROCESS Process, _Out_ PETHREAD Thread)

NTSYSAPI NTSTATUS NTAPI	RtlSetSaclSecurityDescriptor (_Inout_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ BOOLEAN SaclPresent, _In_ PACL Sacl, _In_ BOOLEAN SaclDefaulted)

Variables
_In_ OBJECT_INFORMATION_CLASS	ObjectInformationClass

_In_ OBJECT_INFORMATION_CLASS _In_ ULONG	ObjectInformationLength

_In_ OBJECT_INFORMATION_CLASS _In_ ULONG _Out_opt_ PULONG	ReturnLength

_In_ TOKEN_INFORMATION_CLASS	TokenInformationClass

_In_ TOKEN_INFORMATION_CLASS _In_ ULONG	TokenInformationLength

_In_ SECURITY_INFORMATION	SecurityInformation

_In_ SECURITY_INFORMATION _In_ PSECURITY_DESCRIPTOR	SecurityDescriptor

_In_ SECURITY_INFORMATION _In_ ULONG	Length

_In_ SECURITY_INFORMATION _In_ ULONG _Out_ PULONG	LengthNeeded

_IRQL_requires_same_ _Out_ PHANDLE	LsaHandle

_IRQL_requires_same_ _Out_ PHANDLE _Out_ PLSA_OPERATIONAL_MODE	SecurityMode

_IRQL_requires_same_ _In_ PLSA_STRING	OriginName

_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE	LogonType

_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG	AuthenticationPackage

_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG	AuthenticationInformationLength

_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS	LocalGroups

_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE	SourceContext

_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID *	ProfileBuffer

_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG	ProfileBufferLength

_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID	LogonId

_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE	Token

_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE _Out_ PQUOTA_LIMITS	Quotas

_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE _Out_ PQUOTA_LIMITS _Out_ PNTSTATUS	SubStatus

	PUBLIC_OBJECT_BASIC_INFORMATION

*	PPUBLIC_OBJECT_BASIC_INFORMATION

PUSHORT *	NlsOemLeadByteInfo

Macro Definition Documentation

◆ _GNU_NTIFS_

#define _GNU_NTIFS_

Definition at line 27 of file ntifs.template.h.

◆ _NTIFS_INCLUDED_

#define _NTIFS_INCLUDED_

Definition at line 26 of file ntifs.template.h.

◆ _NTLSA_AUDIT_

#define _NTLSA_AUDIT_

Definition at line 684 of file ntifs.template.h.

◆ _NTLSA_IFS_

#define _NTLSA_IFS_

Definition at line 728 of file ntifs.template.h.

◆ BooleanFlagOn

#define BooleanFlagOn	(	F,
		SF
	)	((BOOLEAN)(((F) & (SF)) != 0))

◆ ClearFlag

#define ClearFlag	(	_F,
		_SF
	)	((_F) &= ~(_SF))

◆ COMPRESSION_ENGINE_HIBER

#define COMPRESSION_ENGINE_HIBER (0x0200)

Definition at line 652 of file ntifs.template.h.

◆ COMPRESSION_ENGINE_MAXIMUM

#define COMPRESSION_ENGINE_MAXIMUM (0x0100)

Definition at line 651 of file ntifs.template.h.

◆ COMPRESSION_ENGINE_STANDARD

#define COMPRESSION_ENGINE_STANDARD (0x0000)

Definition at line 650 of file ntifs.template.h.

◆ COMPRESSION_FORMAT_DEFAULT

#define COMPRESSION_FORMAT_DEFAULT (0x0001)

Definition at line 648 of file ntifs.template.h.

◆ COMPRESSION_FORMAT_LZNT1

#define COMPRESSION_FORMAT_LZNT1 (0x0002)

Definition at line 649 of file ntifs.template.h.

◆ COMPRESSION_FORMAT_NONE

#define COMPRESSION_FORMAT_NONE (0x0000)

Definition at line 647 of file ntifs.template.h.

◆ FILE_MAXIMUM_STORAGE_TYPE

#define FILE_MAXIMUM_STORAGE_TYPE FILE_STORAGE_TYPE_STREAM

Definition at line 1304 of file ntifs.template.h.

◆ FILE_MINIMUM_STORAGE_TYPE

#define FILE_MINIMUM_STORAGE_TYPE FILE_STORAGE_TYPE_DEFAULT

Definition at line 1303 of file ntifs.template.h.

◆ FILE_STORAGE_TYPE_CATALOG

#define FILE_STORAGE_TYPE_CATALOG (StorageTypeCatalog << FILE_STORAGE_TYPE_SHIFT)

Definition at line 1299 of file ntifs.template.h.

◆ FILE_STORAGE_TYPE_DEFAULT

#define FILE_STORAGE_TYPE_DEFAULT (StorageTypeDefault << FILE_STORAGE_TYPE_SHIFT)

Definition at line 1294 of file ntifs.template.h.

◆ FILE_STORAGE_TYPE_DIRECTORY

#define FILE_STORAGE_TYPE_DIRECTORY (StorageTypeDirectory << FILE_STORAGE_TYPE_SHIFT)

Definition at line 1295 of file ntifs.template.h.

◆ FILE_STORAGE_TYPE_DOCFILE

#define FILE_STORAGE_TYPE_DOCFILE (StorageTypeDocfile << FILE_STORAGE_TYPE_SHIFT)

Definition at line 1297 of file ntifs.template.h.

◆ FILE_STORAGE_TYPE_EMBEDDING

#define FILE_STORAGE_TYPE_EMBEDDING (StorageTypeEmbedding << FILE_STORAGE_TYPE_SHIFT)

Definition at line 1301 of file ntifs.template.h.

◆ FILE_STORAGE_TYPE_FILE

#define FILE_STORAGE_TYPE_FILE (StorageTypeFile << FILE_STORAGE_TYPE_SHIFT)

Definition at line 1296 of file ntifs.template.h.

◆ FILE_STORAGE_TYPE_JUNCTION_POINT

#define FILE_STORAGE_TYPE_JUNCTION_POINT (StorageTypeJunctionPoint << FILE_STORAGE_TYPE_SHIFT)

Definition at line 1298 of file ntifs.template.h.

◆ FILE_STORAGE_TYPE_MASK

#define FILE_STORAGE_TYPE_MASK 0x000f0000

Definition at line 1305 of file ntifs.template.h.

◆ FILE_STORAGE_TYPE_SHIFT

#define FILE_STORAGE_TYPE_SHIFT 16

Definition at line 1306 of file ntifs.template.h.

◆ FILE_STORAGE_TYPE_SPECIFIED

#define FILE_STORAGE_TYPE_SPECIFIED 0x00000041 /* FILE_DIRECTORY_FILE | FILE_NON_DIRECTORY_FILE */

Definition at line 1293 of file ntifs.template.h.

◆ FILE_STORAGE_TYPE_STREAM

#define FILE_STORAGE_TYPE_STREAM (StorageTypeStream << FILE_STORAGE_TYPE_SHIFT)

Definition at line 1302 of file ntifs.template.h.

◆ FILE_STORAGE_TYPE_STRUCTURED_STORAGE

#define FILE_STORAGE_TYPE_STRUCTURED_STORAGE (StorageTypeStructuredStorage << FILE_STORAGE_TYPE_SHIFT)

Definition at line 1300 of file ntifs.template.h.

◆ FILE_VC_QUOTAS_LOG_VIOLATIONS

#define FILE_VC_QUOTAS_LOG_VIOLATIONS 0x00000004

Definition at line 1308 of file ntifs.template.h.

◆ FlagOn

#define FlagOn	(	_F,
		_SF
	)	((_F) & (_SF))

◆ FS_LFN_APIS

#define FS_LFN_APIS 0x00004000

Definition at line 1291 of file ntifs.template.h.

◆ FSCTL_DUMP_PROPERTY_DATA

#define FSCTL_DUMP_PROPERTY_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 37, METHOD_NEITHER, FILE_ANY_ACCESS)

Definition at line 1370 of file ntifs.template.h.

◆ FSCTL_GET_HFS_INFORMATION

#define FSCTL_GET_HFS_INFORMATION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 31, METHOD_BUFFERED, FILE_ANY_ACCESS)

Definition at line 1362 of file ntifs.template.h.

◆ FSCTL_HSM_DATA

#define FSCTL_HSM_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 68, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA)

Definition at line 1374 of file ntifs.template.h.

◆ FSCTL_HSM_MSG

#define FSCTL_HSM_MSG CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 66, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA)

Definition at line 1372 of file ntifs.template.h.

◆ FSCTL_NETWORK_DELETE_CONNECTION

#define FSCTL_NETWORK_DELETE_CONNECTION CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 107, METHOD_BUFFERED, FILE_ANY_ACCESS)

Definition at line 1382 of file ntifs.template.h.

◆ FSCTL_NETWORK_ENUMERATE_CONNECTIONS

#define FSCTL_NETWORK_ENUMERATE_CONNECTIONS CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 105, METHOD_NEITHER, FILE_ANY_ACCESS)

Definition at line 1381 of file ntifs.template.h.

◆ FSCTL_NETWORK_GET_CONFIGURATION_INFO

#define FSCTL_NETWORK_GET_CONFIGURATION_INFO CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 103, METHOD_OUT_DIRECT, FILE_ANY_ACCESS)

Definition at line 1379 of file ntifs.template.h.

◆ FSCTL_NETWORK_GET_CONNECTION_INFO

#define FSCTL_NETWORK_GET_CONNECTION_INFO CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 104, METHOD_NEITHER, FILE_ANY_ACCESS)

Definition at line 1380 of file ntifs.template.h.

◆ FSCTL_NETWORK_GET_STATISTICS

#define FSCTL_NETWORK_GET_STATISTICS CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 116, METHOD_BUFFERED, FILE_ANY_ACCESS)

Definition at line 1383 of file ntifs.template.h.

◆ FSCTL_NETWORK_REMOTE_BOOT_INIT_SCRT

#define FSCTL_NETWORK_REMOTE_BOOT_INIT_SCRT CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 250, METHOD_BUFFERED, FILE_ANY_ACCESS)

Definition at line 1385 of file ntifs.template.h.

◆ FSCTL_NETWORK_SET_CONFIGURATION_INFO

#define FSCTL_NETWORK_SET_CONFIGURATION_INFO CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 102, METHOD_IN_DIRECT, FILE_ANY_ACCESS)

Definition at line 1378 of file ntifs.template.h.

◆ FSCTL_NETWORK_SET_DOMAIN_NAME

#define FSCTL_NETWORK_SET_DOMAIN_NAME CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 120, METHOD_BUFFERED, FILE_ANY_ACCESS)

Definition at line 1384 of file ntifs.template.h.

◆ FSCTL_NSS_CONTROL

#define FSCTL_NSS_CONTROL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 67, METHOD_BUFFERED, FILE_WRITE_DATA)

Definition at line 1373 of file ntifs.template.h.

◆ FSCTL_NSS_RCONTROL

#define FSCTL_NSS_RCONTROL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 70, METHOD_BUFFERED, FILE_READ_DATA)

Definition at line 1375 of file ntifs.template.h.

◆ FSCTL_READ_PROPERTY_DATA

#define FSCTL_READ_PROPERTY_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 33, METHOD_NEITHER, FILE_ANY_ACCESS)

Definition at line 1367 of file ntifs.template.h.

◆ FSCTL_WRITE_PROPERTY_DATA

#define FSCTL_WRITE_PROPERTY_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 34, METHOD_NEITHER, FILE_ANY_ACCESS)

Definition at line 1368 of file ntifs.template.h.

◆ GCR_ALLOW_LM

#define GCR_ALLOW_LM 0x1000

Definition at line 847 of file ntifs.template.h.

◆ GCR_ALLOW_NO_TARGET

#define GCR_ALLOW_NO_TARGET 0x2000

Definition at line 848 of file ntifs.template.h.

◆ GCR_ALLOW_NTLM

#define GCR_ALLOW_NTLM 0x100

Definition at line 843 of file ntifs.template.h.

◆ GCR_MACHINE_CREDENTIAL

#define GCR_MACHINE_CREDENTIAL 0x400

Definition at line 845 of file ntifs.template.h.

◆ GCR_NTLM3_PARMS

#define GCR_NTLM3_PARMS 0x20

Definition at line 840 of file ntifs.template.h.

◆ GCR_TARGET_INFO

#define GCR_TARGET_INFO 0x40

Definition at line 841 of file ntifs.template.h.

◆ GCR_USE_OEM_SET

#define GCR_USE_OEM_SET 0x200

Definition at line 844 of file ntifs.template.h.

◆ GCR_USE_OWF_PASSWORD

#define GCR_USE_OWF_PASSWORD 0x800

Definition at line 846 of file ntifs.template.h.

◆ GENERATE_CLIENT_CHALLENGE

#define GENERATE_CLIENT_CHALLENGE 0x10

Definition at line 839 of file ntifs.template.h.

◆ IO_ATTACH_DEVICE_API

#define IO_ATTACH_DEVICE_API 0x80000000

Definition at line 1315 of file ntifs.template.h.

◆ IO_TYPE_APC

#define IO_TYPE_APC 18

Definition at line 1317 of file ntifs.template.h.

◆ IO_TYPE_DEVICE_QUEUE

#define IO_TYPE_DEVICE_QUEUE 20

Definition at line 1319 of file ntifs.template.h.

◆ IO_TYPE_DPC

#define IO_TYPE_DPC 19

Definition at line 1318 of file ntifs.template.h.

◆ IO_TYPE_EVENT_PAIR

#define IO_TYPE_EVENT_PAIR 21

Definition at line 1320 of file ntifs.template.h.

◆ IO_TYPE_INTERRUPT

#define IO_TYPE_INTERRUPT 22

Definition at line 1321 of file ntifs.template.h.

◆ IO_TYPE_PROFILE

#define IO_TYPE_PROFILE 23

Definition at line 1322 of file ntifs.template.h.

◆ IOCTL_REDIR_QUERY_PATH

#define IOCTL_REDIR_QUERY_PATH CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 99, METHOD_NEITHER, FILE_ANY_ACCESS)

Definition at line 1259 of file ntifs.template.h.

◆ IOCTL_REDIR_QUERY_PATH_EX

#define IOCTL_REDIR_QUERY_PATH_EX CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 100, METHOD_NEITHER, FILE_ANY_ACCESS)

Definition at line 1260 of file ntifs.template.h.

◆ IOCTL_VOLSNAP_FLUSH_AND_HOLD_WRITES

#define IOCTL_VOLSNAP_FLUSH_AND_HOLD_WRITES CTL_CODE(VOLSNAPCONTROLTYPE, 0, METHOD_BUFFERED, FILE_READ_ACCESS | FILE_WRITE_ACCESS)

Definition at line 1282 of file ntifs.template.h.

◆ IRP_BEING_VERIFIED

#define IRP_BEING_VERIFIED 0x10

Definition at line 1324 of file ntifs.template.h.

◆ LOGON_CACHED_ACCOUNT

#define LOGON_CACHED_ACCOUNT 0x04

Definition at line 779 of file ntifs.template.h.

◆ LOGON_EXTRA_SIDS

#define LOGON_EXTRA_SIDS 0x20

Definition at line 781 of file ntifs.template.h.

◆ LOGON_GRACE_LOGON

#define LOGON_GRACE_LOGON 0x01000000

Definition at line 802 of file ntifs.template.h.

◆ LOGON_GUEST

#define LOGON_GUEST 0x01

Definition at line 777 of file ntifs.template.h.

◆ LOGON_LM_V2

#define LOGON_LM_V2 0x1000

Definition at line 788 of file ntifs.template.h.

◆ LOGON_NOENCRYPTION

#define LOGON_NOENCRYPTION 0x02

Definition at line 778 of file ntifs.template.h.

◆ LOGON_NT_V2

#define LOGON_NT_V2 0x800

Definition at line 787 of file ntifs.template.h.

◆ LOGON_NTLM_V2

#define LOGON_NTLM_V2 0x2000

Definition at line 789 of file ntifs.template.h.

◆ LOGON_NTLMV2_ENABLED

#define LOGON_NTLMV2_ENABLED 0x100

Definition at line 784 of file ntifs.template.h.

◆ LOGON_PROFILE_PATH_RETURNED

#define LOGON_PROFILE_PATH_RETURNED 0x400

Definition at line 786 of file ntifs.template.h.

◆ LOGON_RESOURCE_GROUPS

#define LOGON_RESOURCE_GROUPS 0x200

Definition at line 785 of file ntifs.template.h.

◆ LOGON_SERVER_TRUST_ACCOUNT

#define LOGON_SERVER_TRUST_ACCOUNT 0x80

Definition at line 783 of file ntifs.template.h.

◆ LOGON_SUBAUTH_SESSION_KEY

#define LOGON_SUBAUTH_SESSION_KEY 0x40

Definition at line 782 of file ntifs.template.h.

◆ LOGON_USED_LM_PASSWORD

#define LOGON_USED_LM_PASSWORD 0x08

Definition at line 780 of file ntifs.template.h.

◆ LPC_CLIENT_ID

#define LPC_CLIENT_ID CLIENT_ID

Definition at line 1585 of file ntifs.template.h.

◆ LPC_HANDLE

#define LPC_HANDLE HANDLE

Definition at line 1588 of file ntifs.template.h.

◆ LPC_KERNELMODE_MESSAGE

#define LPC_KERNELMODE_MESSAGE (CSHORT)((USHORT)0x8000)

Definition at line 1624 of file ntifs.template.h.

◆ LPC_PVOID

#define LPC_PVOID PVOID

Definition at line 1587 of file ntifs.template.h.

◆ LPC_SIZE_T

#define LPC_SIZE_T SIZE_T

Definition at line 1586 of file ntifs.template.h.

◆ MAILSLOT_CLASS_FIRSTCLASS

#define MAILSLOT_CLASS_FIRSTCLASS 1

Definition at line 1326 of file ntifs.template.h.

◆ MAILSLOT_CLASS_SECONDCLASS

#define MAILSLOT_CLASS_SECONDCLASS 2

Definition at line 1327 of file ntifs.template.h.

◆ MAILSLOT_SIZE_AUTO

#define MAILSLOT_SIZE_AUTO 0

Definition at line 1329 of file ntifs.template.h.

◆ MAP_HIGH_PRIORITY

#define MAP_HIGH_PRIORITY (64)

Definition at line 1257 of file ntifs.template.h.

◆ MAP_NO_READ

#define MAP_NO_READ (16)

Definition at line 1256 of file ntifs.template.h.

◆ MAP_WAIT

#define MAP_WAIT 1

Definition at line 1255 of file ntifs.template.h.

◆ MAX_UNICODE_STACK_BUFFER_LENGTH

#define MAX_UNICODE_STACK_BUFFER_LENGTH 256

Definition at line 654 of file ntifs.template.h.

◆ MEM_DOS_LIM

#define MEM_DOS_LIM 0x40000000

Definition at line 1331 of file ntifs.template.h.

◆ METHOD_DIRECT_FROM_HARDWARE

#define METHOD_DIRECT_FROM_HARDWARE METHOD_OUT_DIRECT

Definition at line 659 of file ntifs.template.h.

◆ METHOD_DIRECT_TO_HARDWARE

#define METHOD_DIRECT_TO_HARDWARE METHOD_IN_DIRECT

Definition at line 658 of file ntifs.template.h.

◆ METHOD_FROM_CTL_CODE

#define METHOD_FROM_CTL_CODE ( ctrlCode ) ((ULONG)(ctrlCode & 3))

Definition at line 656 of file ntifs.template.h.

◆ MSV1_0_ALLOW_FORCE_GUEST

#define MSV1_0_ALLOW_FORCE_GUEST 0x00002000

Definition at line 755 of file ntifs.template.h.

◆ MSV1_0_ALLOW_MSVCHAPV2

#define MSV1_0_ALLOW_MSVCHAPV2 0x00010000

Definition at line 763 of file ntifs.template.h.

◆ MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT

#define MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT 0x20

Definition at line 746 of file ntifs.template.h.

◆ MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT

#define MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT 0x800

Definition at line 752 of file ntifs.template.h.

◆ MSV1_0_CHALLENGE_LENGTH

#define MSV1_0_CHALLENGE_LENGTH 8

Definition at line 738 of file ntifs.template.h.

◆ MSV1_0_CLEARTEXT_PASSWORD_ALLOWED

#define MSV1_0_CLEARTEXT_PASSWORD_ALLOWED 0x02

Definition at line 742 of file ntifs.template.h.

◆ MSV1_0_CRED_LM_PRESENT

#define MSV1_0_CRED_LM_PRESENT 0x1

Definition at line 805 of file ntifs.template.h.

◆ MSV1_0_CRED_NT_PRESENT

#define MSV1_0_CRED_NT_PRESENT 0x2

Definition at line 806 of file ntifs.template.h.

◆ MSV1_0_CRED_VERSION

#define MSV1_0_CRED_VERSION 0

Definition at line 807 of file ntifs.template.h.

◆ MSV1_0_DISABLE_PERSONAL_FALLBACK

#define MSV1_0_DISABLE_PERSONAL_FALLBACK 0x00001000

Definition at line 754 of file ntifs.template.h.

◆ MSV1_0_DONT_TRY_GUEST_ACCOUNT

#define MSV1_0_DONT_TRY_GUEST_ACCOUNT 0x10

Definition at line 745 of file ntifs.template.h.

◆ MSV1_0_LANMAN_SESSION_KEY_LENGTH

#define MSV1_0_LANMAN_SESSION_KEY_LENGTH 8

Definition at line 740 of file ntifs.template.h.

◆ MSV1_0_MAX_AVL_SIZE

#define MSV1_0_MAX_AVL_SIZE 64000

Definition at line 817 of file ntifs.template.h.

◆ MSV1_0_MAX_NTLM3_LIFE

#define MSV1_0_MAX_NTLM3_LIFE 129600

Definition at line 815 of file ntifs.template.h.

◆ MSV1_0_MNS_LOGON

#define MSV1_0_MNS_LOGON 0x01000000

Definition at line 772 of file ntifs.template.h.

◆ MSV1_0_NTLM3_INPUT_LENGTH

#define MSV1_0_NTLM3_INPUT_LENGTH (sizeof(MSV1_0_NTLM3_RESPONSE) - MSV1_0_NTLM3_RESPONSE_LENGTH)

Definition at line 829 of file ntifs.template.h.

◆ MSV1_0_NTLM3_OWF_LENGTH

#define MSV1_0_NTLM3_OWF_LENGTH 16

Definition at line 810 of file ntifs.template.h.

◆ MSV1_0_NTLM3_RESPONSE_LENGTH

#define MSV1_0_NTLM3_RESPONSE_LENGTH 16

Definition at line 809 of file ntifs.template.h.

◆ MSV1_0_OWF_PASSWORD_LENGTH

#define MSV1_0_OWF_PASSWORD_LENGTH 16

Definition at line 804 of file ntifs.template.h.

◆ MSV1_0_PACKAGE_NAME

#define MSV1_0_PACKAGE_NAME "MICROSOFT_AUTHENTICATION_PACKAGE_V1_0"

Definition at line 731 of file ntifs.template.h.

◆ MSV1_0_PACKAGE_NAMEW

#define MSV1_0_PACKAGE_NAMEW L"MICROSOFT_AUTHENTICATION_PACKAGE_V1_0"

Definition at line 732 of file ntifs.template.h.

◆ MSV1_0_PACKAGE_NAMEW_LENGTH

#define MSV1_0_PACKAGE_NAMEW_LENGTH sizeof(MSV1_0_PACKAGE_NAMEW) - sizeof(WCHAR)

Definition at line 733 of file ntifs.template.h.

◆ MSV1_0_RETURN_PASSWORD_EXPIRY

#define MSV1_0_RETURN_PASSWORD_EXPIRY 0x40

Definition at line 747 of file ntifs.template.h.

◆ MSV1_0_RETURN_PROFILE_PATH

#define MSV1_0_RETURN_PROFILE_PATH 0x200

Definition at line 750 of file ntifs.template.h.

◆ MSV1_0_RETURN_USER_PARAMETERS

#define MSV1_0_RETURN_USER_PARAMETERS 0x08

Definition at line 744 of file ntifs.template.h.

◆ MSV1_0_SUBAUTHENTICATION_DLL

#define MSV1_0_SUBAUTHENTICATION_DLL 0xFF000000

Definition at line 770 of file ntifs.template.h.

◆ MSV1_0_SUBAUTHENTICATION_DLL_EX

#define MSV1_0_SUBAUTHENTICATION_DLL_EX 0x00100000

Definition at line 762 of file ntifs.template.h.

◆ MSV1_0_SUBAUTHENTICATION_DLL_IIS

#define MSV1_0_SUBAUTHENTICATION_DLL_IIS 132

Definition at line 775 of file ntifs.template.h.

◆ MSV1_0_SUBAUTHENTICATION_DLL_RAS

#define MSV1_0_SUBAUTHENTICATION_DLL_RAS 2

Definition at line 774 of file ntifs.template.h.

◆ MSV1_0_SUBAUTHENTICATION_DLL_SHIFT

#define MSV1_0_SUBAUTHENTICATION_DLL_SHIFT 24

Definition at line 771 of file ntifs.template.h.

◆ MSV1_0_SUBAUTHENTICATION_FLAGS

#define MSV1_0_SUBAUTHENTICATION_FLAGS 0xFF000000

Definition at line 800 of file ntifs.template.h.

◆ MSV1_0_SUBAUTHENTICATION_KEY

#define MSV1_0_SUBAUTHENTICATION_KEY "SYSTEM\\CurrentControlSet\\Control\\Lsa\\MSV1_0"

Definition at line 735 of file ntifs.template.h.

◆ MSV1_0_SUBAUTHENTICATION_VALUE

#define MSV1_0_SUBAUTHENTICATION_VALUE "Auth"

Definition at line 736 of file ntifs.template.h.

◆ MSV1_0_TRY_GUEST_ACCOUNT_ONLY

#define MSV1_0_TRY_GUEST_ACCOUNT_ONLY 0x100

Definition at line 749 of file ntifs.template.h.

◆ MSV1_0_TRY_SPECIFIED_DOMAIN_ONLY

#define MSV1_0_TRY_SPECIFIED_DOMAIN_ONLY 0x400

Definition at line 751 of file ntifs.template.h.

◆ MSV1_0_UPDATE_LOGON_STATISTICS

#define MSV1_0_UPDATE_LOGON_STATISTICS 0x04

Definition at line 743 of file ntifs.template.h.

◆ MSV1_0_USE_CLIENT_CHALLENGE

#define MSV1_0_USE_CLIENT_CHALLENGE 0x80

Definition at line 748 of file ntifs.template.h.

◆ MSV1_0_USER_SESSION_KEY_LENGTH

#define MSV1_0_USER_SESSION_KEY_LENGTH 16

Definition at line 739 of file ntifs.template.h.

◆ NETWORK_OPEN_ECP_IN_FLAG_DISABLE_HANDLE_COLLAPSING

#define NETWORK_OPEN_ECP_IN_FLAG_DISABLE_HANDLE_COLLAPSING 0x1

Definition at line 1158 of file ntifs.template.h.

◆ NETWORK_OPEN_ECP_IN_FLAG_DISABLE_HANDLE_DURABILITY

#define NETWORK_OPEN_ECP_IN_FLAG_DISABLE_HANDLE_DURABILITY 0x2

Definition at line 1159 of file ntifs.template.h.

◆ NETWORK_OPEN_ECP_IN_FLAG_FORCE_BUFFERED_SYNCHRONOUS_IO_HACK

#define NETWORK_OPEN_ECP_IN_FLAG_FORCE_BUFFERED_SYNCHRONOUS_IO_HACK 0x80000000

Definition at line 1160 of file ntifs.template.h.

◆ NLS_OEM_LEAD_BYTE_INFO

#define NLS_OEM_LEAD_BYTE_INFO (*NlsOemLeadByteInfo)

Definition at line 1137 of file ntifs.template.h.

◆ OB_TYPE_ADAPTER

#define OB_TYPE_ADAPTER 18

Definition at line 1350 of file ntifs.template.h.

◆ OB_TYPE_CONTROLLER

#define OB_TYPE_CONTROLLER 19

Definition at line 1351 of file ntifs.template.h.

◆ OB_TYPE_DESKTOP

#define OB_TYPE_DESKTOP 14

Definition at line 1346 of file ntifs.template.h.

◆ OB_TYPE_DEVICE

#define OB_TYPE_DEVICE 20

Definition at line 1352 of file ntifs.template.h.

◆ OB_TYPE_DIRECTORY

#define OB_TYPE_DIRECTORY 2

Definition at line 1334 of file ntifs.template.h.

◆ OB_TYPE_DRIVER

#define OB_TYPE_DRIVER 21

Definition at line 1353 of file ntifs.template.h.

◆ OB_TYPE_EVENT

#define OB_TYPE_EVENT 7

Definition at line 1339 of file ntifs.template.h.

◆ OB_TYPE_EVENT_PAIR

#define OB_TYPE_EVENT_PAIR 8

Definition at line 1340 of file ntifs.template.h.

◆ OB_TYPE_FILE

#define OB_TYPE_FILE 23

Definition at line 1355 of file ntifs.template.h.

◆ OB_TYPE_IO_COMPLETION

#define OB_TYPE_IO_COMPLETION 22

Definition at line 1354 of file ntifs.template.h.

◆ OB_TYPE_KEY

#define OB_TYPE_KEY 16

Definition at line 1348 of file ntifs.template.h.

◆ OB_TYPE_MUTANT

#define OB_TYPE_MUTANT 9

Definition at line 1341 of file ntifs.template.h.

◆ OB_TYPE_PORT

#define OB_TYPE_PORT 17

Definition at line 1349 of file ntifs.template.h.

◆ OB_TYPE_PROCESS

#define OB_TYPE_PROCESS 5

Definition at line 1337 of file ntifs.template.h.

◆ OB_TYPE_PROFILE

#define OB_TYPE_PROFILE 12

Definition at line 1344 of file ntifs.template.h.

◆ OB_TYPE_SECTION

#define OB_TYPE_SECTION 15

Definition at line 1347 of file ntifs.template.h.

◆ OB_TYPE_SEMAPHORE

#define OB_TYPE_SEMAPHORE 10

Definition at line 1342 of file ntifs.template.h.

◆ OB_TYPE_SYMBOLIC_LINK

#define OB_TYPE_SYMBOLIC_LINK 3

Definition at line 1335 of file ntifs.template.h.

◆ OB_TYPE_THREAD

#define OB_TYPE_THREAD 6

Definition at line 1338 of file ntifs.template.h.

◆ OB_TYPE_TIMER

#define OB_TYPE_TIMER 11

Definition at line 1343 of file ntifs.template.h.

◆ OB_TYPE_TOKEN

#define OB_TYPE_TOKEN 4

Definition at line 1336 of file ntifs.template.h.

◆ OB_TYPE_TYPE

#define OB_TYPE_TYPE 1

Definition at line 1333 of file ntifs.template.h.

◆ OB_TYPE_WINDOW_STATION

#define OB_TYPE_WINDOW_STATION 13

Definition at line 1345 of file ntifs.template.h.

◆ PIN_CALLER_TRACKS_DIRTY_DATA

#define PIN_CALLER_TRACKS_DIRTY_DATA (32)

Definition at line 1252 of file ntifs.template.h.

◆ PIN_EXCLUSIVE

#define PIN_EXCLUSIVE (2)

Definition at line 1249 of file ntifs.template.h.

◆ PIN_HIGH_PRIORITY

#define PIN_HIGH_PRIORITY (64)

Definition at line 1253 of file ntifs.template.h.

◆ PIN_IF_BCB

#define PIN_IF_BCB (8)

Definition at line 1251 of file ntifs.template.h.

◆ PIN_NO_READ

#define PIN_NO_READ (4)

Definition at line 1250 of file ntifs.template.h.

◆ PIN_WAIT

#define PIN_WAIT (1)

Definition at line 1248 of file ntifs.template.h.

◆ PsDereferenceImpersonationToken

#define PsDereferenceImpersonationToken ( T )

Value:

            {if (ARGUMENT_PRESENT(T)) {     \
                (ObDereferenceObject((T))); \
            } else {                        \
                ;                           \
            }                               \
}

Definition at line 1759 of file ntifs.template.h.

◆ RETURN_NON_NT_USER_SESSION_KEY

#define RETURN_NON_NT_USER_SESSION_KEY 0x08

Definition at line 838 of file ntifs.template.h.

◆ RETURN_PRIMARY_LOGON_DOMAINNAME

#define RETURN_PRIMARY_LOGON_DOMAINNAME 0x04

Definition at line 837 of file ntifs.template.h.

◆ RETURN_PRIMARY_USERNAME

#define RETURN_PRIMARY_USERNAME 0x02

Definition at line 836 of file ntifs.template.h.

◆ RETURN_RESERVED_PARAMETER

#define RETURN_RESERVED_PARAMETER 0x80

Definition at line 842 of file ntifs.template.h.

◆ SEC_BASED

#define SEC_BASED 0x00200000

Definition at line 1357 of file ntifs.template.h.

◆ SeEnableAccessToExports

#define SeEnableAccessToExports ( ) SeExports = *(PSE_EXPORTS *)SeExports;

Definition at line 1786 of file ntifs.template.h.

◆ SetFlag

#define SetFlag	(	_F,
		_SF
	)	((_F) \|= (_SF))

◆ SYSTEM_PAGE_PRIORITY_BITS

#define SYSTEM_PAGE_PRIORITY_BITS 3

Definition at line 1082 of file ntifs.template.h.

◆ SYSTEM_PAGE_PRIORITY_LEVELS

#define SYSTEM_PAGE_PRIORITY_LEVELS (1 << SYSTEM_PAGE_PRIORITY_BITS)

Definition at line 1083 of file ntifs.template.h.

◆ USE_PRIMARY_PASSWORD

#define USE_PRIMARY_PASSWORD 0x01

Definition at line 835 of file ntifs.template.h.

◆ VER_PRODUCTBUILD

#define VER_PRODUCTBUILD 10000

Definition at line 1286 of file ntifs.template.h.

◆ VOLSNAPCONTROLTYPE

#define VOLSNAPCONTROLTYPE 0x00000053

Definition at line 1281 of file ntifs.template.h.

Typedef Documentation

◆ FILE_COPY_ON_WRITE_INFORMATION

typedef struct _FILE_COPY_ON_WRITE_INFORMATION FILE_COPY_ON_WRITE_INFORMATION

◆ FILE_EXCLUSIVE_LOCK_ENTRY

typedef struct _FILE_EXCLUSIVE_LOCK_ENTRY FILE_EXCLUSIVE_LOCK_ENTRY

◆ FILE_FULL_DIRECTORY_INFORMATION

typedef struct _FILE_FULL_DIRECTORY_INFORMATION FILE_FULL_DIRECTORY_INFORMATION

◆ FILE_MAILSLOT_PEEK_BUFFER

typedef struct _FILE_MAILSLOT_PEEK_BUFFER FILE_MAILSLOT_PEEK_BUFFER

◆ FILE_OLE_ALL_INFORMATION

typedef struct _FILE_OLE_ALL_INFORMATION FILE_OLE_ALL_INFORMATION

◆ FILE_OLE_CLASSID_INFORMATION

typedef struct _FILE_OLE_CLASSID_INFORMATION FILE_OLE_CLASSID_INFORMATION

◆ FILE_OLE_DIR_INFORMATION

typedef struct _FILE_OLE_DIR_INFORMATION FILE_OLE_DIR_INFORMATION

◆ FILE_OLE_INFORMATION

typedef struct _FILE_OLE_INFORMATION FILE_OLE_INFORMATION

◆ FILE_OLE_STATE_BITS_INFORMATION

typedef struct _FILE_OLE_STATE_BITS_INFORMATION FILE_OLE_STATE_BITS_INFORMATION

◆ FILE_SHARED_LOCK_ENTRY

typedef struct _FILE_SHARED_LOCK_ENTRY FILE_SHARED_LOCK_ENTRY

◆ FILE_STORAGE_TYPE

typedef enum _FILE_STORAGE_TYPE FILE_STORAGE_TYPE

◆ GET_RETRIEVAL_DESCRIPTOR

typedef struct _GET_RETRIEVAL_DESCRIPTOR GET_RETRIEVAL_DESCRIPTOR

◆ LSA_OBJECT_ATTRIBUTES

typedef OBJECT_ATTRIBUTES LSA_OBJECT_ATTRIBUTES

Definition at line 66 of file ntifs.template.h.

◆ LSA_OPERATIONAL_MODE

typedef ULONG LSA_OPERATIONAL_MODE

Definition at line 661 of file ntifs.template.h.

◆ LSA_STRING

typedef STRING LSA_STRING

Definition at line 65 of file ntifs.template.h.

◆ MAPPING_PAIR

typedef struct _MAPPING_PAIR MAPPING_PAIR

◆ MOVEFILE_DESCRIPTOR

typedef struct _MOVEFILE_DESCRIPTOR MOVEFILE_DESCRIPTOR

◆ MSV1_0_AV_PAIR

typedef struct _MSV1_0_AV_PAIR MSV1_0_AV_PAIR

◆ MSV1_0_AVID

typedef enum _MSV1_0_AVID MSV1_0_AVID

◆ MSV1_0_ENUMUSERS_REQUEST

typedef struct _MSV1_0_ENUMUSERS_REQUEST MSV1_0_ENUMUSERS_REQUEST

◆ MSV1_0_ENUMUSERS_RESPONSE

typedef struct _MSV1_0_ENUMUSERS_RESPONSE MSV1_0_ENUMUSERS_RESPONSE

◆ MSV1_0_GETCHALLENRESP_REQUEST

typedef struct _MSV1_0_GETCHALLENRESP_REQUEST MSV1_0_GETCHALLENRESP_REQUEST

◆ MSV1_0_GETCHALLENRESP_REQUEST_V1

typedef struct _MSV1_0_GETCHALLENRESP_REQUEST_V1 MSV1_0_GETCHALLENRESP_REQUEST_V1

◆ MSV1_0_GETCHALLENRESP_RESPONSE

typedef struct _MSV1_0_GETCHALLENRESP_RESPONSE MSV1_0_GETCHALLENRESP_RESPONSE

◆ MSV1_0_GETUSERINFO_REQUEST

typedef struct _MSV1_0_GETUSERINFO_REQUEST MSV1_0_GETUSERINFO_REQUEST

◆ MSV1_0_GETUSERINFO_RESPONSE

typedef struct _MSV1_0_GETUSERINFO_RESPONSE MSV1_0_GETUSERINFO_RESPONSE

◆ MSV1_0_INTERACTIVE_LOGON

typedef struct _MSV1_0_INTERACTIVE_LOGON MSV1_0_INTERACTIVE_LOGON

◆ MSV1_0_INTERACTIVE_PROFILE

typedef struct _MSV1_0_INTERACTIVE_PROFILE MSV1_0_INTERACTIVE_PROFILE

◆ MSV1_0_LM20_CHALLENGE_REQUEST

typedef struct _MSV1_0_LM20_CHALLENGE_REQUEST MSV1_0_LM20_CHALLENGE_REQUEST

◆ MSV1_0_LM20_CHALLENGE_RESPONSE

typedef struct _MSV1_0_LM20_CHALLENGE_RESPONSE MSV1_0_LM20_CHALLENGE_RESPONSE

◆ MSV1_0_LM20_LOGON

typedef struct _MSV1_0_LM20_LOGON MSV1_0_LM20_LOGON

◆ MSV1_0_LM20_LOGON_PROFILE

typedef struct _MSV1_0_LM20_LOGON_PROFILE MSV1_0_LM20_LOGON_PROFILE

◆ MSV1_0_LOGON_SUBMIT_TYPE

typedef enum _MSV1_0_LOGON_SUBMIT_TYPE MSV1_0_LOGON_SUBMIT_TYPE

◆ MSV1_0_NTLM3_RESPONSE

typedef struct _MSV1_0_NTLM3_RESPONSE MSV1_0_NTLM3_RESPONSE

◆ MSV1_0_PROFILE_BUFFER_TYPE

typedef enum _MSV1_0_PROFILE_BUFFER_TYPE MSV1_0_PROFILE_BUFFER_TYPE

◆ MSV1_0_PROTOCOL_MESSAGE_TYPE

typedef enum _MSV1_0_PROTOCOL_MESSAGE_TYPE MSV1_0_PROTOCOL_MESSAGE_TYPE

◆ MSV1_0_SUBAUTH_LOGON

typedef struct _MSV1_0_SUBAUTH_LOGON MSV1_0_SUBAUTH_LOGON

◆ MSV1_0_SUPPLEMENTAL_CREDENTIAL

typedef struct _MSV1_0_SUPPLEMENTAL_CREDENTIAL MSV1_0_SUPPLEMENTAL_CREDENTIAL

◆ NETWORK_OPEN_ECP_CONTEXT

typedef struct _NETWORK_OPEN_ECP_CONTEXT NETWORK_OPEN_ECP_CONTEXT

◆ NETWORK_OPEN_ECP_CONTEXT_V0

typedef struct _NETWORK_OPEN_ECP_CONTEXT_V0 NETWORK_OPEN_ECP_CONTEXT_V0

◆ NETWORK_OPEN_INTEGRITY_QUALIFIER

typedef enum _NETWORK_OPEN_INTEGRITY_QUALIFIER NETWORK_OPEN_INTEGRITY_QUALIFIER

◆ NETWORK_OPEN_LOCATION_QUALIFIER

typedef enum _NETWORK_OPEN_LOCATION_QUALIFIER NETWORK_OPEN_LOCATION_QUALIFIER

◆ NFS_OPEN_ECP_CONTEXT

typedef struct _NFS_OPEN_ECP_CONTEXT NFS_OPEN_ECP_CONTEXT

◆ OBJECT_ALL_TYPES_INFO

typedef struct _OBJECT_ALL_TYPES_INFO OBJECT_ALL_TYPES_INFO

◆ OBJECT_BASIC_INFO

typedef struct _OBJECT_BASIC_INFO OBJECT_BASIC_INFO

◆ OBJECT_BASIC_INFORMATION

typedef struct _OBJECT_BASIC_INFORMATION OBJECT_BASIC_INFORMATION

◆ OBJECT_HANDLE_ATTRIBUTE_INFO

typedef struct _OBJECT_HANDLE_ATTRIBUTE_INFO OBJECT_HANDLE_ATTRIBUTE_INFO

◆ OBJECT_NAME_INFO

typedef struct _OBJECT_NAME_INFO OBJECT_NAME_INFO

◆ OBJECT_PROTECTION_INFO

typedef struct _OBJECT_PROTECTION_INFO OBJECT_PROTECTION_INFO

◆ OBJECT_TYPE_INFO

typedef struct _OBJECT_TYPE_INFO OBJECT_TYPE_INFO

◆ PFILE_COPY_ON_WRITE_INFORMATION

typedef struct _FILE_COPY_ON_WRITE_INFORMATION * PFILE_COPY_ON_WRITE_INFORMATION

◆ PFILE_EXCLUSIVE_LOCK_ENTRY

typedef struct _FILE_EXCLUSIVE_LOCK_ENTRY * PFILE_EXCLUSIVE_LOCK_ENTRY

◆ PFILE_FULL_DIRECTORY_INFORMATION

typedef struct _FILE_FULL_DIRECTORY_INFORMATION * PFILE_FULL_DIRECTORY_INFORMATION

◆ PFILE_MAILSLOT_PEEK_BUFFER

typedef struct _FILE_MAILSLOT_PEEK_BUFFER * PFILE_MAILSLOT_PEEK_BUFFER

◆ PFILE_OLE_ALL_INFORMATION

typedef struct _FILE_OLE_ALL_INFORMATION * PFILE_OLE_ALL_INFORMATION

◆ PFILE_OLE_CLASSID_INFORMATION

typedef struct _FILE_OLE_CLASSID_INFORMATION * PFILE_OLE_CLASSID_INFORMATION

◆ PFILE_OLE_DIR_INFORMATION

typedef struct _FILE_OLE_DIR_INFORMATION * PFILE_OLE_DIR_INFORMATION

◆ PFILE_OLE_INFORMATION

typedef struct _FILE_OLE_INFORMATION * PFILE_OLE_INFORMATION

◆ PFILE_OLE_STATE_BITS_INFORMATION

typedef struct _FILE_OLE_STATE_BITS_INFORMATION * PFILE_OLE_STATE_BITS_INFORMATION

◆ PFILE_SHARED_LOCK_ENTRY

typedef struct _FILE_SHARED_LOCK_ENTRY * PFILE_SHARED_LOCK_ENTRY

◆ PGET_RETRIEVAL_DESCRIPTOR

typedef struct _GET_RETRIEVAL_DESCRIPTOR * PGET_RETRIEVAL_DESCRIPTOR

◆ PLSA_OBJECT_ATTRIBUTES

typedef OBJECT_ATTRIBUTES * PLSA_OBJECT_ATTRIBUTES

Definition at line 66 of file ntifs.template.h.

◆ PLSA_OPERATIONAL_MODE

typedef ULONG * PLSA_OPERATIONAL_MODE

Definition at line 661 of file ntifs.template.h.

◆ PLSA_STRING

typedef STRING * PLSA_STRING

Definition at line 65 of file ntifs.template.h.

◆ PMAPPING_PAIR

typedef struct _MAPPING_PAIR * PMAPPING_PAIR

◆ PMOVEFILE_DESCRIPTOR

typedef struct _MOVEFILE_DESCRIPTOR * PMOVEFILE_DESCRIPTOR

◆ PMSV1_0_AV_PAIR

typedef struct _MSV1_0_AV_PAIR * PMSV1_0_AV_PAIR

◆ PMSV1_0_ENUMUSERS_REQUEST

typedef struct _MSV1_0_ENUMUSERS_REQUEST * PMSV1_0_ENUMUSERS_REQUEST

◆ PMSV1_0_ENUMUSERS_RESPONSE

typedef struct _MSV1_0_ENUMUSERS_RESPONSE * PMSV1_0_ENUMUSERS_RESPONSE

◆ PMSV1_0_GETCHALLENRESP_REQUEST

typedef struct _MSV1_0_GETCHALLENRESP_REQUEST * PMSV1_0_GETCHALLENRESP_REQUEST

◆ PMSV1_0_GETCHALLENRESP_REQUEST_V1

typedef struct _MSV1_0_GETCHALLENRESP_REQUEST_V1 * PMSV1_0_GETCHALLENRESP_REQUEST_V1

◆ PMSV1_0_GETCHALLENRESP_RESPONSE

typedef struct _MSV1_0_GETCHALLENRESP_RESPONSE * PMSV1_0_GETCHALLENRESP_RESPONSE

◆ PMSV1_0_GETUSERINFO_REQUEST

typedef struct _MSV1_0_GETUSERINFO_REQUEST * PMSV1_0_GETUSERINFO_REQUEST

◆ PMSV1_0_GETUSERINFO_RESPONSE

typedef struct _MSV1_0_GETUSERINFO_RESPONSE * PMSV1_0_GETUSERINFO_RESPONSE

◆ PMSV1_0_INTERACTIVE_LOGON

typedef struct _MSV1_0_INTERACTIVE_LOGON * PMSV1_0_INTERACTIVE_LOGON

◆ PMSV1_0_INTERACTIVE_PROFILE

typedef struct _MSV1_0_INTERACTIVE_PROFILE * PMSV1_0_INTERACTIVE_PROFILE

◆ PMSV1_0_LM20_CHALLENGE_REQUEST

typedef struct _MSV1_0_LM20_CHALLENGE_REQUEST * PMSV1_0_LM20_CHALLENGE_REQUEST

◆ PMSV1_0_LM20_CHALLENGE_RESPONSE

typedef struct _MSV1_0_LM20_CHALLENGE_RESPONSE * PMSV1_0_LM20_CHALLENGE_RESPONSE

◆ PMSV1_0_LM20_LOGON

typedef struct _MSV1_0_LM20_LOGON * PMSV1_0_LM20_LOGON

◆ PMSV1_0_LM20_LOGON_PROFILE

typedef struct _MSV1_0_LM20_LOGON_PROFILE * PMSV1_0_LM20_LOGON_PROFILE

◆ PMSV1_0_LOGON_SUBMIT_TYPE

typedef enum _MSV1_0_LOGON_SUBMIT_TYPE * PMSV1_0_LOGON_SUBMIT_TYPE

◆ PMSV1_0_NTLM3_RESPONSE

typedef struct _MSV1_0_NTLM3_RESPONSE * PMSV1_0_NTLM3_RESPONSE

◆ PMSV1_0_PROFILE_BUFFER_TYPE

typedef enum _MSV1_0_PROFILE_BUFFER_TYPE * PMSV1_0_PROFILE_BUFFER_TYPE

◆ PMSV1_0_PROTOCOL_MESSAGE_TYPE

typedef enum _MSV1_0_PROTOCOL_MESSAGE_TYPE * PMSV1_0_PROTOCOL_MESSAGE_TYPE

◆ PMSV1_0_SUBAUTH_LOGON

typedef struct _MSV1_0_SUBAUTH_LOGON * PMSV1_0_SUBAUTH_LOGON

◆ PMSV1_0_SUPPLEMENTAL_CREDENTIAL

typedef struct _MSV1_0_SUPPLEMENTAL_CREDENTIAL * PMSV1_0_SUPPLEMENTAL_CREDENTIAL

◆ PNETWORK_OPEN_ECP_CONTEXT

typedef struct _NETWORK_OPEN_ECP_CONTEXT * PNETWORK_OPEN_ECP_CONTEXT

◆ PNETWORK_OPEN_ECP_CONTEXT_V0

typedef struct _NETWORK_OPEN_ECP_CONTEXT_V0 * PNETWORK_OPEN_ECP_CONTEXT_V0

◆ PNFS_OPEN_ECP_CONTEXT

typedef struct _NFS_OPEN_ECP_CONTEXT * PNFS_OPEN_ECP_CONTEXT

◆ POBJECT_ALL_TYPES_INFO

typedef struct _OBJECT_ALL_TYPES_INFO * POBJECT_ALL_TYPES_INFO

◆ POBJECT_BASIC_INFO

typedef struct _OBJECT_BASIC_INFO * POBJECT_BASIC_INFO

◆ POBJECT_BASIC_INFORMATION

typedef struct _OBJECT_BASIC_INFORMATION * POBJECT_BASIC_INFORMATION

◆ POBJECT_HANDLE_ATTRIBUTE_INFO

typedef struct _OBJECT_HANDLE_ATTRIBUTE_INFO * POBJECT_HANDLE_ATTRIBUTE_INFO

◆ POBJECT_NAME_INFO

typedef struct _OBJECT_NAME_INFO * POBJECT_NAME_INFO

◆ POBJECT_PROTECTION_INFO

typedef struct _OBJECT_PROTECTION_INFO * POBJECT_PROTECTION_INFO

◆ POBJECT_TYPE_INFO

typedef struct _OBJECT_TYPE_INFO * POBJECT_TYPE_INFO

◆ PORT_MESSAGE

typedef struct _PORT_MESSAGE PORT_MESSAGE

◆ PORT_VIEW

typedef struct _PORT_VIEW PORT_VIEW

◆ PPNFS_OPEN_ECP_CONTEXT

typedef struct _NFS_OPEN_ECP_CONTEXT ** PPNFS_OPEN_ECP_CONTEXT

◆ PPORT_MESSAGE

typedef struct _PORT_MESSAGE * PPORT_MESSAGE

◆ PPORT_VIEW

typedef struct _PORT_VIEW * PPORT_VIEW

◆ PPREFETCH_OPEN_ECP_CONTEXT

typedef struct _PREFETCH_OPEN_ECP_CONTEXT * PPREFETCH_OPEN_ECP_CONTEXT

◆ PPUBLIC_OBJECT_TYPE_INFORMATION

typedef struct _PUBLIC_OBJECT_TYPE_INFORMATION * PPUBLIC_OBJECT_TYPE_INFORMATION

◆ PQUERY_PATH_REQUEST

typedef struct _QUERY_PATH_REQUEST * PQUERY_PATH_REQUEST

◆ PQUERY_PATH_REQUEST_EX

typedef struct _QUERY_PATH_REQUEST_EX * PQUERY_PATH_REQUEST_EX

◆ PQUERY_PATH_RESPONSE

typedef struct _QUERY_PATH_RESPONSE * PQUERY_PATH_RESPONSE

◆ PREFETCH_OPEN_ECP_CONTEXT

typedef struct _PREFETCH_OPEN_ECP_CONTEXT PREFETCH_OPEN_ECP_CONTEXT

◆ PREMOTE_PORT_VIEW

typedef struct _REMOTE_PORT_VIEW * PREMOTE_PORT_VIEW

◆ PSECURITY_LOGON_TYPE

typedef enum _SECURITY_LOGON_TYPE * PSECURITY_LOGON_TYPE

◆ PSOCKADDR_STORAGE_NFS

typedef struct sockaddr_storage* PSOCKADDR_STORAGE_NFS

Definition at line 1231 of file ntifs.template.h.

◆ PSRV_OPEN_ECP_CONTEXT

typedef struct _SRV_OPEN_ECP_CONTEXT * PSRV_OPEN_ECP_CONTEXT

◆ PUBLIC_OBJECT_TYPE_INFORMATION

typedef struct _PUBLIC_OBJECT_TYPE_INFORMATION PUBLIC_OBJECT_TYPE_INFORMATION

◆ PVAD_HEADER

typedef struct _VAD_HEADER * PVAD_HEADER

◆ QUERY_PATH_REQUEST

typedef struct _QUERY_PATH_REQUEST QUERY_PATH_REQUEST

◆ QUERY_PATH_REQUEST_EX

typedef struct _QUERY_PATH_REQUEST_EX QUERY_PATH_REQUEST_EX

◆ QUERY_PATH_RESPONSE

typedef struct _QUERY_PATH_RESPONSE QUERY_PATH_RESPONSE

◆ REMOTE_PORT_VIEW

typedef struct _REMOTE_PORT_VIEW REMOTE_PORT_VIEW

◆ SECURITY_LOGON_TYPE

typedef enum _SECURITY_LOGON_TYPE SECURITY_LOGON_TYPE

◆ SRV_OPEN_ECP_CONTEXT

typedef struct _SRV_OPEN_ECP_CONTEXT SRV_OPEN_ECP_CONTEXT

◆ VAD_HEADER

typedef struct _VAD_HEADER VAD_HEADER

Enumeration Type Documentation

◆ _FILE_STORAGE_TYPE

enum _FILE_STORAGE_TYPE

Enumerator
StorageTypeDefault
StorageTypeDirectory
StorageTypeFile
StorageTypeJunctionPoint
StorageTypeCatalog
StorageTypeStructuredStorage
StorageTypeEmbedding
StorageTypeStream

Definition at line 1387 of file ntifs.template.h.

                                {
    StorageTypeDefault = 1,
    StorageTypeDirectory,
    StorageTypeFile,
    StorageTypeJunctionPoint,
    StorageTypeCatalog,
    StorageTypeStructuredStorage,
    StorageTypeEmbedding,
    StorageTypeStream
} FILE_STORAGE_TYPE;

◆ _MSV1_0_AVID

enum _MSV1_0_AVID

Enumerator
MsvAvEOL
MsvAvNbComputerName
MsvAvNbDomainName
MsvAvDnsComputerName
MsvAvDnsDomainName

Definition at line 959 of file ntifs.template.h.

                          {
  MsvAvEOL,
  MsvAvNbComputerName,
  MsvAvNbDomainName,
  MsvAvDnsComputerName,
  MsvAvDnsDomainName,
#if (_WIN32_WINNT >= 0x0501)
  MsvAvDnsTreeName,
  MsvAvFlags,
#if (_WIN32_WINNT >= 0x0600)
  MsvAvTimestamp,
  MsvAvRestrictions,
  MsvAvTargetName,
  MsvAvChannelBindings,
#endif
#endif
} MSV1_0_AVID;

◆ _MSV1_0_LOGON_SUBMIT_TYPE

enum _MSV1_0_LOGON_SUBMIT_TYPE

Enumerator
MsV1_0InteractiveLogon
MsV1_0Lm20Logon
MsV1_0NetworkLogon
MsV1_0SubAuthLogon
MsV1_0WorkstationUnlockLogon
MsV1_0InteractiveLogon
MsV1_0Lm20Logon
MsV1_0NetworkLogon
MsV1_0SubAuthLogon
MsV1_0WorkstationUnlockLogon
MsV1_0S4ULogon
MsV1_0VirtualLogon

Definition at line 850 of file ntifs.template.h.

                                       {
  MsV1_0InteractiveLogon = 2,
  MsV1_0Lm20Logon,
  MsV1_0NetworkLogon,
  MsV1_0SubAuthLogon,
  MsV1_0WorkstationUnlockLogon = 7,
  MsV1_0S4ULogon = 12,
  MsV1_0VirtualLogon = 82
} MSV1_0_LOGON_SUBMIT_TYPE, *PMSV1_0_LOGON_SUBMIT_TYPE;

◆ _MSV1_0_PROFILE_BUFFER_TYPE

enum _MSV1_0_PROFILE_BUFFER_TYPE

Enumerator
MsV1_0InteractiveProfile
MsV1_0Lm20LogonProfile
MsV1_0SmartCardProfile
MsV1_0InteractiveProfile
MsV1_0Lm20LogonProfile
MsV1_0SmartCardProfile

Definition at line 860 of file ntifs.template.h.

                                         {
  MsV1_0InteractiveProfile = 2,
  MsV1_0Lm20LogonProfile,
  MsV1_0SmartCardProfile
} MSV1_0_PROFILE_BUFFER_TYPE, *PMSV1_0_PROFILE_BUFFER_TYPE;

◆ _MSV1_0_PROTOCOL_MESSAGE_TYPE

enum _MSV1_0_PROTOCOL_MESSAGE_TYPE

Enumerator
MsV1_0Lm20ChallengeRequest
MsV1_0Lm20GetChallengeResponse
MsV1_0EnumerateUsers
MsV1_0GetUserInfo
MsV1_0ReLogonUsers
MsV1_0ChangePassword
MsV1_0ChangeCachedPassword
MsV1_0GenericPassthrough
MsV1_0CacheLogon
MsV1_0SubAuth
MsV1_0DeriveCredential
MsV1_0CacheLookup
MsV1_0SetProcessOption
MsV1_0Lm20ChallengeRequest
MsV1_0Lm20GetChallengeResponse
MsV1_0EnumerateUsers
MsV1_0GetUserInfo
MsV1_0ReLogonUsers
MsV1_0ChangePassword
MsV1_0ChangeCachedPassword
MsV1_0GenericPassthrough
MsV1_0CacheLogon
MsV1_0SubAuth
MsV1_0DeriveCredential
MsV1_0CacheLookup

Definition at line 982 of file ntifs.template.h.

                                           {
  MsV1_0Lm20ChallengeRequest = 0,
  MsV1_0Lm20GetChallengeResponse,
  MsV1_0EnumerateUsers,
  MsV1_0GetUserInfo,
  MsV1_0ReLogonUsers,
  MsV1_0ChangePassword,
  MsV1_0ChangeCachedPassword,
  MsV1_0GenericPassthrough,
  MsV1_0CacheLogon,
  MsV1_0SubAuth,
  MsV1_0DeriveCredential,
  MsV1_0CacheLookup,
#if (_WIN32_WINNT >= 0x0501)
  MsV1_0SetProcessOption,
#endif
#if (_WIN32_WINNT >= 0x0600)
  MsV1_0ConfigLocalAliases,
  MsV1_0ClearCachedCredentials,
#endif
} MSV1_0_PROTOCOL_MESSAGE_TYPE, *PMSV1_0_PROTOCOL_MESSAGE_TYPE;

◆ _NETWORK_OPEN_INTEGRITY_QUALIFIER

enum _NETWORK_OPEN_INTEGRITY_QUALIFIER

Enumerator
NetworkOpenIntegrityAny
NetworkOpenIntegrityNone
NetworkOpenIntegritySigned
NetworkOpenIntegrityEncrypted
NetworkOpenIntegrityMaximum

Definition at line 1148 of file ntifs.template.h.

                                               {
  NetworkOpenIntegrityAny,
  NetworkOpenIntegrityNone,
  NetworkOpenIntegritySigned,
  NetworkOpenIntegrityEncrypted,
  NetworkOpenIntegrityMaximum
} NETWORK_OPEN_INTEGRITY_QUALIFIER;

◆ _NETWORK_OPEN_LOCATION_QUALIFIER

enum _NETWORK_OPEN_LOCATION_QUALIFIER

Enumerator
NetworkOpenLocationAny
NetworkOpenLocationRemote
NetworkOpenLocationLoopback

Definition at line 1142 of file ntifs.template.h.

                                              {
  NetworkOpenLocationAny,
  NetworkOpenLocationRemote,
  NetworkOpenLocationLoopback
} NETWORK_OPEN_LOCATION_QUALIFIER;

◆ _SECURITY_LOGON_TYPE

enum _SECURITY_LOGON_TYPE

Enumerator
Interactive
Network
Batch
Service
Proxy
Unlock
UndefinedLogonType
Interactive
Network
Batch
Service
Proxy
Unlock
NetworkCleartext
NewCredentials

Definition at line 663 of file ntifs.template.h.

                                  {
  UndefinedLogonType = 0,
  Interactive = 2,
  Network,
  Batch,
  Service,
  Proxy,
  Unlock,
  NetworkCleartext,
  NewCredentials,
#if (_WIN32_WINNT >= 0x0501)
  RemoteInteractive,
  CachedInteractive,
#endif
#if (_WIN32_WINNT >= 0x0502)
  CachedRemoteInteractive,
  CachedUnlock
#endif
} SECURITY_LOGON_TYPE, *PSECURITY_LOGON_TYPE;

Function Documentation

◆ $define()

$define ( UCHAR = UCHAR )

◆ $include() [1/3]

$include ( iotypes. h )

Definition at line 1067 of file ntifs.template.h.

                                                {
  ULONG Attributes;
  ACCESS_MASK GrantedAccess;
  ULONG HandleCount;
  ULONG PointerCount;
  ULONG Reserved[10];
} PUBLIC_OBJECT_BASIC_INFORMATION, *PPUBLIC_OBJECT_BASIC_INFORMATION;

◆ $include() [2/3]

$include ( ketypes. h )

◆ $include() [3/3]

$include ( setypes. h )

Referenced by $if().

◆ _In_reads_bytes_()

_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_reads_bytes_ ( AuthenticationInformationLength )

◆ _IRQL_requires_max_()

_IRQL_requires_max_ ( PASSIVE_LEVEL )

Queries information details about a security descriptor.

Computes the quota size of a security descriptor.

Assigns a security descriptor for a new object.

An extended function that assigns a security descriptor for a new object.

Frees a security descriptor.

An extended function that sets new information data to a security descriptor.

Modifies some information data about a security descriptor.

Parameters

[in]	SecurityInformation	Security information details to be queried from a security descriptor.
[out]	SecurityDescriptor	The returned security descriptor with security information data.
[in,out]	Length	The returned length of a security descriptor.
[in,out]	ObjectsSecurityDescriptor	The returned object security descriptor.

Returns: Returns STATUS_SUCCESS if the operations have been completed successfully and that the specific information about the security descriptor has been queried. STATUS_BUFFER_TOO_SMALL is returned if the buffer size is too small to contain the queried info about the security descriptor.

Parameters

[in]	Object	If specified, the function will use this arbitrary object that points to an object security descriptor.
[in]	SecurityInformation	Security information details to be set.
[in]	SecurityDescriptor	A security descriptor where its info is to be changed.
[in,out]	ObjectsSecurityDescriptor	The returned pointer to security descriptor objects.
[in]	PoolType	Pool type for the new security descriptor to allocate.
[in]	GenericMapping	The generic mapping of access rights masks.

Returns: See SeSetSecurityDescriptorInfoEx.

Parameters

[in]	Object	If specified, the function will use this arbitrary object that points to an object security descriptor.
[in]	SecurityInformation	Security information details to be set.
[in]	SecurityDescriptor	A security descriptor where its info is to be changed.
[in,out]	ObjectsSecurityDescriptor	The returned pointer to security descriptor objects.
[in]	AutoInheritFlags	Flags bitmask inheritation, influencing how the security descriptor can be inherited and if it can be in the first place.
[in]	PoolType	Pool type for the new security descriptor to allocate.
[in]	GenericMapping	The generic mapping of access rights masks.

Returns: Returns STATUS_SUCCESS if the operations have been completed without problems and that new info has been set to the security descriptor. STATUS_NO_SECURITY_ON_OBJECT is returned if the object does not have a security descriptor. STATUS_INSUFFICIENT_RESOURCES is returned if memory pool allocation for the new security descriptor with new info set has failed.

Parameters

[in] SecurityDescriptor A security descriptor to be freed from memory.

Returns: Returns STATUS_SUCCESS.

Parameters

[in]	_ParentDescriptor	A security descriptor of the parent object that is being created.
[in]	_ExplicitDescriptor	An explicit security descriptor that is applied to a new object.
[out]	NewDescriptor	The new allocated security descriptor.
[in]	ObjectType	The type of the new object.
[in]	IsDirectoryObject	Set this to TRUE if the newly created object is a directory object, otherwise set this to FALSE.
[in]	AutoInheritFlags	Automatic inheritance flags that influence how access control entries within ACLs from security descriptors are inherited.
[in]	SubjectContext	Security subject context of the new object.
[in]	GenericMapping	Generic mapping of access mask rights.
[in]	PoolType	This parameter is unused.

Returns: Returns STATUS_SUCCESS if the operations have been completed successfully and that the security descriptor has been assigned to the new object. STATUS_NO_TOKEN is returned if the caller hasn't supplied a valid argument to a security subject context. STATUS_INVALID_OWNER is returned if the caller hasn't supplied a parent descriptor that belongs to the main user (owner). STATUS_INVALID_PRIMARY_GROUP is returned by the same reason as with the previous NTSTATUS code. The two NTSTATUS codes are returned if the calling thread stated that the owner and/or group is defaulted to the parent descriptor (SEF_DEFAULT_OWNER_FROM_PARENT and/or SEF_DEFAULT_GROUP_FROM_PARENT respectively). STATUS_INSUFFICIENT_RESOURCES is returned if memory pool allocation for the descriptor buffer has failed. A failure NTSTATUS is returned otherwise.

Parameters

[in]	ParentDescriptor	A security descriptor of the parent object that is being created.
[in]	ExplicitDescriptor	An explicit security descriptor that is applied to a new object.
[out]	NewDescriptor	The new allocated security descriptor.
[in]	IsDirectoryObject	Set this to TRUE if the newly created object is a directory object, otherwise set this to FALSE.
[in]	SubjectContext	Security subject context of the new object.
[in]	GenericMapping	Generic mapping of access mask rights.
[in]	PoolType	This parameter is unused.

Returns: See SeAssignSecurityEx.

Parameters

[in]	SecurityDescriptor	A security descriptor.
[out]	QuotaInfoSize	The returned quota size of the given security descriptor to the caller. The function may return 0 to this parameter if the descriptor doesn't have a group or a discretionary access control list (DACL) even.

Returns: Returns STATUS_SUCCESS if the quota size of a security descriptor has been computed successfully. STATUS_UNKNOWN_REVISION is returned if the security descriptor has an invalid revision.

Definition at line 923 of file Messaging.c.

{
    PFLT_SERVER_PORT_OBJECT PortObject;
    NTSTATUS Status;
 
    /* The caller must allow at least one connection */
    if (MaxConnections == 0)
    {
        return STATUS_INVALID_PARAMETER;
    }
 
    /* The request must be for a kernel handle */
    if (!(ObjectAttributes->Attributes & OBJ_KERNEL_HANDLE))
    {
        return STATUS_INVALID_PARAMETER;
    }
 
    /*
     * Get rundown protection on the target to stop the owner
     * from unloading whilst this port object is open. It gets
     * removed in the FltpServerPortClose callback
     */
    Status = FltObjectReference(Filter);
    if (!NT_SUCCESS(Status))
    {
        return Status;
    }
 
    /* Create the server port object for this filter */
    Status = ObCreateObject(KernelMode,
                            ServerPortObjectType,
                            ObjectAttributes,
                            KernelMode,
                            NULL,
                            sizeof(FLT_SERVER_PORT_OBJECT),
                            0,
                            0,
                            (PVOID *)&PortObject);
    if (NT_SUCCESS(Status))
    {
        /* Zero out the struct */
        RtlZeroMemory(PortObject, sizeof(FLT_SERVER_PORT_OBJECT));
 
        /* Increment the ref count on the target filter */
        FltpObjectPointerReference((PFLT_OBJECT)Filter);
 
        /* Setup the filter port object */
        PortObject->Filter = Filter;
        PortObject->ConnectNotify = ConnectNotifyCallback;
        PortObject->DisconnectNotify = DisconnectNotifyCallback;
        PortObject->MessageNotify = MessageNotifyCallback;
        PortObject->Cookie = ServerPortCookie;
        PortObject->MaxConnections = MaxConnections;
 
        /* Insert the object */
        Status = ObInsertObject(PortObject,
                                NULL,
                                STANDARD_RIGHTS_ALL | FILE_READ_DATA,
                                0,
                                NULL,
                                (PHANDLE)ServerPort);
        if (NT_SUCCESS(Status))
        {
            /* Lock the connection list */
            ExAcquireFastMutex(&Filter->ConnectionList.mLock);
 
            /* Add the new port object to the connection list and increment the count */
            InsertTailList(&Filter->ConnectionList.mList, &PortObject->FilterLink);
            Filter->ConnectionList.mCount++;
 
            /* Unlock the connection list*/
            ExReleaseFastMutex(&Filter->ConnectionList.mLock);
        }
    }
 
    if (!NT_SUCCESS(Status))
    {
        /* Allow the filter to be cleaned up */
        FltObjectDereference(Filter);
    }
 
    return Status;
}

◆ _Out_writes_bytes_opt_() [1/2]

_In_ SECURITY_INFORMATION _Out_writes_bytes_opt_ ( Length )

◆ _Out_writes_bytes_opt_() [2/2]

_In_ OBJECT_INFORMATION_CLASS _Out_writes_bytes_opt_ ( ObjectInformationLength )

◆ _Out_writes_bytes_to_opt_()

_In_ TOKEN_INFORMATION_CLASS _Out_writes_bytes_to_opt_	(	TokenInformationLength	,
		*	ReturnLength
	)

◆ _When_()

_When_	(	TokenInformationClass	= `= TokenAccessInformation`,
		_At_(TokenInformationLength, _In_range_(>=, sizeof(TOKEN_ACCESS_INFORMATION)))
	)

◆ C_ASSERT() [1/2]

C_ASSERT ( FIELD_OFFSET(ERESOURCE, ActiveCount) = =0x0c )

◆ C_ASSERT() [2/2]

C_ASSERT ( FIELD_OFFSET(ERESOURCE, Flag) = =0x0e )

◆ CcGetLsnForFileObject()

NTKERNELAPI LARGE_INTEGER NTAPI CcGetLsnForFileObject	(	_In_ PFILE_OBJECT	FileObject,
		_Out_opt_ PLARGE_INTEGER	OldestLsn
	)

◆ DEFINE_GUID() [1/4]

DEFINE_GUID	(	GUID_ECP_NETWORK_OPEN_CONTEXT	,
		0xc584edbf	,
		0x00df	,
		0x4d28	,
		0xb8	,
		0x84	,
		0x35	,
		0xba	,
		0xca	,
		0x89	,
		0x11	,
		0xe8
	)

◆ DEFINE_GUID() [2/4]

DEFINE_GUID	(	GUID_ECP_NFS_OPEN	,
		0xf326d30c	,
		0xe5f8	,
		0x4fe7	,
		0xab	,
		0x74	,
		0xf5	,
		0xa3	,
		0x19	,
		0x6d	,
		0x92	,
		0xdb
	)

◆ DEFINE_GUID() [3/4]

DEFINE_GUID	(	GUID_ECP_PREFETCH_OPEN	,
		0xe1777b21	,
		0x847e	,
		0x4837	,
		0xaa	,
		0x45	,
		0x64	,
		0x16	,
		0x1d	,
		0x28	,
		0x6	,
		0x55
	)

◆ DEFINE_GUID() [4/4]

DEFINE_GUID	(	GUID_ECP_SRV_OPEN	,
		0xbebfaebc	,
		0xaabf	,
		0x489d	,
		0x9d	,
		0x2c	,
		0xe9	,
		0xe3	,
		0x61	,
		0x10	,
		0x28	,
		0x53
	)

◆ FsRtlAllocatePool()

NTKERNELAPI PVOID NTAPI FsRtlAllocatePool	(	_In_ POOL_TYPE	PoolType,
		_In_ ULONG	NumberOfBytes
	)

◆ FsRtlAllocatePoolWithQuota()

NTKERNELAPI PVOID NTAPI FsRtlAllocatePoolWithQuota	(	_In_ POOL_TYPE	PoolType,
		_In_ ULONG	NumberOfBytes
	)

◆ FsRtlAllocatePoolWithQuotaTag()

NTKERNELAPI PVOID NTAPI FsRtlAllocatePoolWithQuotaTag	(	_In_ POOL_TYPE	PoolType,
		_In_ ULONG	NumberOfBytes,
		_In_ ULONG	Tag
	)

◆ FsRtlAllocatePoolWithTag()

NTKERNELAPI PVOID NTAPI FsRtlAllocatePoolWithTag	(	_In_ POOL_TYPE	PoolType,
		_In_ ULONG	NumberOfBytes,
		_In_ ULONG	Tag
	)

◆ FsRtlMdlReadComplete()

NTKERNELAPI BOOLEAN NTAPI FsRtlMdlReadComplete	(	_In_ PFILE_OBJECT	FileObject,
		_In_ PMDL	MdlChain
	)

◆ FsRtlMdlWriteComplete()

NTKERNELAPI BOOLEAN NTAPI FsRtlMdlWriteComplete	(	_In_ PFILE_OBJECT	FileObject,
		_In_ PLARGE_INTEGER	FileOffset,
		_In_ PMDL	MdlChain
	)

◆ FsRtlNotifyChangeDirectory()

NTKERNELAPI VOID NTAPI FsRtlNotifyChangeDirectory	(	_In_ PNOTIFY_SYNC	NotifySync,
		_In_ PVOID	FsContext,
		_In_ PSTRING	FullDirectoryName,
		_In_ PLIST_ENTRY	NotifyList,
		_In_ BOOLEAN	WatchTree,
		_In_ ULONG	CompletionFilter,
		_In_ PIRP	NotifyIrp
	)

◆ LsaFreeReturnBuffer()

_IRQL_requires_same_ NTSTATUS NTAPI LsaFreeReturnBuffer ( _In_ PVOID Buffer )

◆ NtAccessCheckAndAuditAlarm()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAccessCheckAndAuditAlarm	(	_In_ PUNICODE_STRING	SubsystemName,
		_In_opt_ PVOID	HandleId,
		_In_ PUNICODE_STRING	ObjectTypeName,
		_In_ PUNICODE_STRING	ObjectName,
		_In_ PSECURITY_DESCRIPTOR	SecurityDescriptor,
		_In_ ACCESS_MASK	DesiredAccess,
		_In_ PGENERIC_MAPPING	GenericMapping,
		_In_ BOOLEAN	ObjectCreation,
		_Out_ PACCESS_MASK	GrantedAccess,
		_Out_ PNTSTATUS	AccessStatus,
		_Out_ PBOOLEAN	GenerateOnClose
	)

Raises an alarm audit message when a caller attempts to access an object and determine if the access can be made.

Parameters

[in]	SubsystemName	A Unicode string that points to a name of the subsystem.
[in]	HandleId	A handle to an ID that is used as identification instance for auditing.
[in]	ObjectTypeName	The name of the object type.
[in]	ObjectName	The object name.
[in]	SecurityDescriptor	A security descriptor.
[in]	DesiredAccess	The desired access rights masks requested by the caller.
[in]	GenericMapping	The generic mapping of access mask rights.
[in]	ObjectCreation	Set this to TRUE if the object has just been created.
[out]	GrantedAccess	Returns the granted access rights.
[out]	AccessStatus	Returns a NTSTATUS status code indicating whether access check can be granted or not.
[out]	GenerateOnClose	Returns TRUE if the function has generated a list of granted access rights and status codes on termination, FALSE otherwise.

Returns: See SepAccessCheckAndAuditAlarm.

Definition at line 2125 of file audit.c.

{
    /* Call the internal function */
    return SepAccessCheckAndAuditAlarm(SubsystemName,
                                       HandleId,
                                       NULL,
                                       ObjectTypeName,
                                       ObjectName,
                                       SecurityDescriptor,
                                       NULL,
                                       DesiredAccess,
                                       AuditEventObjectAccess,
                                       0,
                                       NULL,
                                       0,
                                       GenericMapping,
                                       GrantedAccess,
                                       AccessStatus,
                                       GenerateOnClose,
                                       FALSE);
}

Referenced by AccessCheckAndAuditAlarmA(), and AccessCheckAndAuditAlarmW().

◆ NtAccessCheckByTypeAndAuditAlarm()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAccessCheckByTypeAndAuditAlarm	(	_In_ PUNICODE_STRING	SubsystemName,
		_In_opt_ PVOID	HandleId,
		_In_ PUNICODE_STRING	ObjectTypeName,
		_In_ PUNICODE_STRING	ObjectName,
		_In_ PSECURITY_DESCRIPTOR	SecurityDescriptor,
		_In_opt_ PSID	PrincipalSelfSid,
		_In_ ACCESS_MASK	DesiredAccess,
		_In_ AUDIT_EVENT_TYPE	AuditType,
		_In_ ULONG	Flags,
		_In_reads_opt_(ObjectTypeLength) POBJECT_TYPE_LIST	ObjectTypeList,
		_In_ ULONG	ObjectTypeLength,
		_In_ PGENERIC_MAPPING	GenericMapping,
		_In_ BOOLEAN	ObjectCreation,
		_Out_ PACCESS_MASK	GrantedAccess,
		_Out_ PNTSTATUS	AccessStatus,
		_Out_ PBOOLEAN	GenerateOnClose
	)

Raises an alarm audit message when a caller attempts to access an object and determine if the access can be made by type.

Parameters

[in]	SubsystemName	A Unicode string that points to a name of the subsystem.
[in]	HandleId	A handle to an ID that is used as identification instance for auditing.
[in]	ObjectTypeName	The name of the object type.
[in]	ObjectName	The object name.
[in]	SecurityDescriptor	A security descriptor.
[in]	PrincipalSelfSid	A principal self user SID.
[in]	DesiredAccess	The desired access rights masks requested by the caller.
[in]	AuditType	Type of audit to start, influencing how the audit should be done.
[in]	Flags	Flag bitmask, used to check if auditing can be done without privileges.
[in]	ObjectTypeList	A list of object types.
[in]	ObjectTypeLength	The length size of the list.
[in]	GenericMapping	The generic mapping of access mask rights.
[in]	ObjectCreation	Set this to TRUE if the object has just been created.
[out]	GrantedAccess	Returns the granted access rights.
[out]	AccessStatus	Returns a NTSTATUS status code indicating whether access check can be granted or not.
[out]	GenerateOnClose	Returns TRUE if the function has generated a list of granted access rights and status codes on termination, FALSE otherwise.

Returns: See SepAccessCheckAndAuditAlarm.

Definition at line 2222 of file audit.c.

{
    /* Call the internal function */
    return SepAccessCheckAndAuditAlarm(SubsystemName,
                                       HandleId,
                                       NULL,
                                       ObjectTypeName,
                                       ObjectName,
                                       SecurityDescriptor,
                                       PrincipalSelfSid,
                                       DesiredAccess,
                                       AuditType,
                                       Flags,
                                       ObjectTypeList,
                                       ObjectTypeLength,
                                       GenericMapping,
                                       GrantedAccess,
                                       AccessStatus,
                                       GenerateOnClose,
                                       FALSE);
}

◆ NtAccessCheckByTypeResultListAndAuditAlarm()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAccessCheckByTypeResultListAndAuditAlarm	(	_In_ PUNICODE_STRING	SubsystemName,
		_In_opt_ PVOID	HandleId,
		_In_ PUNICODE_STRING	ObjectTypeName,
		_In_ PUNICODE_STRING	ObjectName,
		_In_ PSECURITY_DESCRIPTOR	SecurityDescriptor,
		_In_opt_ PSID	PrincipalSelfSid,
		_In_ ACCESS_MASK	DesiredAccess,
		_In_ AUDIT_EVENT_TYPE	AuditType,
		_In_ ULONG	Flags,
		_In_reads_opt_(ObjectTypeListLength) POBJECT_TYPE_LIST	ObjectTypeList,
		_In_ ULONG	ObjectTypeListLength,
		_In_ PGENERIC_MAPPING	GenericMapping,
		_In_ BOOLEAN	ObjectCreation,
		_Out_writes_(ObjectTypeListLength) PACCESS_MASK	GrantedAccessList,
		_Out_writes_(ObjectTypeListLength) PNTSTATUS	AccessStatusList,
		_Out_ PBOOLEAN	GenerateOnClose
	)

Raises an alarm audit message when a caller attempts to access an object and determine if the access can be made by given type result.

Parameters

[in]	SubsystemName	A Unicode string that points to a name of the subsystem.
[in]	HandleId	A handle to an ID that is used as identification instance for auditing.
[in]	ObjectTypeName	The name of the object type.
[in]	ObjectName	The object name.
[in]	SecurityDescriptor	A security descriptor.
[in]	PrincipalSelfSid	A principal self user SID.
[in]	DesiredAccess	The desired access rights masks requested by the caller.
[in]	AuditType	Type of audit to start, influencing how the audit should be done.
[in]	Flags	Flag bitmask, used to check if auditing can be done without privileges.
[in]	ObjectTypeList	A list of object types.
[in]	ObjectTypeLength	The length size of the list.
[in]	GenericMapping	The generic mapping of access mask rights.
[in]	ObjectCreation	Set this to TRUE if the object has just been created.
[out]	GrantedAccessList	Returns the granted access rights.
[out]	AccessStatusList	Returns a NTSTATUS status code indicating whether access check can be granted or not.
[out]	GenerateOnClose	Returns TRUE if the function has generated a list of granted access rights and status codes on termination, FALSE otherwise.

Returns: See SepAccessCheckAndAuditAlarm.

Definition at line 2324 of file audit.c.

{
    /* Call the internal function */
    return SepAccessCheckAndAuditAlarm(SubsystemName,
                                       HandleId,
                                       NULL,
                                       ObjectTypeName,
                                       ObjectName,
                                       SecurityDescriptor,
                                       PrincipalSelfSid,
                                       DesiredAccess,
                                       AuditType,
                                       Flags,
                                       ObjectTypeList,
                                       ObjectTypeListLength,
                                       GenericMapping,
                                       GrantedAccessList,
                                       AccessStatusList,
                                       GenerateOnClose,
                                       TRUE);
}

◆ NtAccessCheckByTypeResultListAndAuditAlarmByHandle()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAccessCheckByTypeResultListAndAuditAlarmByHandle	(	_In_ PUNICODE_STRING	SubsystemName,
		_In_opt_ PVOID	HandleId,
		_In_ HANDLE	ClientToken,
		_In_ PUNICODE_STRING	ObjectTypeName,
		_In_ PUNICODE_STRING	ObjectName,
		_In_ PSECURITY_DESCRIPTOR	SecurityDescriptor,
		_In_opt_ PSID	PrincipalSelfSid,
		_In_ ACCESS_MASK	DesiredAccess,
		_In_ AUDIT_EVENT_TYPE	AuditType,
		_In_ ULONG	Flags,
		_In_reads_opt_(ObjectTypeListLength) POBJECT_TYPE_LIST	ObjectTypeList,
		_In_ ULONG	ObjectTypeListLength,
		_In_ PGENERIC_MAPPING	GenericMapping,
		_In_ BOOLEAN	ObjectCreation,
		_Out_writes_(ObjectTypeListLength) PACCESS_MASK	GrantedAccessList,
		_Out_writes_(ObjectTypeListLength) PNTSTATUS	AccessStatusList,
		_Out_ PBOOLEAN	GenerateOnClose
	)

Raises an alarm audit message when a caller attempts to access an object and determine if the access can be made by given type result and a token handle.

Parameters

[in]	SubsystemName	A Unicode string that points to a name of the subsystem.
[in]	HandleId	A handle to an ID that is used as identification instance for auditing.
[in]	ClientToken	A handle to a client access token.
[in]	ObjectTypeName	The name of the object type.
[in]	ObjectName	The object name.
[in]	SecurityDescriptor	A security descriptor.
[in]	PrincipalSelfSid	A principal self user SID.
[in]	DesiredAccess	The desired access rights masks requested by the caller.
[in]	AuditType	Type of audit to start, influencing how the audit should be done.
[in]	Flags	Flag bitmask, used to check if auditing can be done without privileges.
[in]	ObjectTypeList	A list of object types.
[in]	ObjectTypeLength	The length size of the list.
[in]	GenericMapping	The generic mapping of access mask rights.
[in]	ObjectCreation	Set this to TRUE if the object has just been created.
[out]	GrantedAccessList	Returns the granted access rights.
[out]	AccessStatusList	Returns a NTSTATUS status code indicating whether access check can be granted or not.
[out]	GenerateOnClose	Returns TRUE if the function has generated a list of granted access rights and status codes on termination, FALSE otherwise.

Returns: See SepAccessCheckAndAuditAlarm.

Definition at line 2430 of file audit.c.

{
    UNREFERENCED_PARAMETER(ObjectCreation);
 
    /* Call the internal function */
    return SepAccessCheckAndAuditAlarm(SubsystemName,
                                       HandleId,
                                       &ClientToken,
                                       ObjectTypeName,
                                       ObjectName,
                                       SecurityDescriptor,
                                       PrincipalSelfSid,
                                       DesiredAccess,
                                       AuditType,
                                       Flags,
                                       ObjectTypeList,
                                       ObjectTypeListLength,
                                       GenericMapping,
                                       GrantedAccessList,
                                       AccessStatusList,
                                       GenerateOnClose,
                                       TRUE);
}

◆ NtAdjustGroupsToken()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAdjustGroupsToken	(	_In_ HANDLE	TokenHandle,
		_In_ BOOLEAN	ResetToDefault,
		_In_opt_ PTOKEN_GROUPS	NewState,
		_In_opt_ ULONG	BufferLength,
		_Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_GROUPS	PreviousState,
		_Out_ PULONG	ReturnLength
	)

◆ NtAdjustPrivilegesToken()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAdjustPrivilegesToken	(	_In_ HANDLE	TokenHandle,
		_In_ BOOLEAN	DisableAllPrivileges,
		_In_opt_ PTOKEN_PRIVILEGES	NewState,
		_In_ ULONG	BufferLength,
		_Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_PRIVILEGES	PreviousState,
		_When_(PreviousState !=NULL, _Out_) PULONG	ReturnLength
	)

◆ NtCloseObjectAuditAlarm()

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtCloseObjectAuditAlarm	(	_In_ PUNICODE_STRING	SubsystemName,
		_In_opt_ PVOID	HandleId,
		_In_ BOOLEAN	GenerateOnClose
	)

◆ NtCreateFile()

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtCreateFile	(	_Out_ PHANDLE	FileHandle,
		_In_ ACCESS_MASK	DesiredAccess,
		_In_ POBJECT_ATTRIBUTES	ObjectAttributes,
		_Out_ PIO_STATUS_BLOCK	IoStatusBlock,
		_In_opt_ PLARGE_INTEGER	AllocationSize,
		_In_ ULONG	FileAttributes,
		_In_ ULONG	ShareAccess,
		_In_ ULONG	CreateDisposition,
		_In_ ULONG	CreateOptions,
		_In_reads_bytes_opt_(EaLength) PVOID	EaBuffer,
		_In_ ULONG	EaLength
	)

◆ NtCreateSection()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtCreateSection	(	_Out_ PHANDLE	SectionHandle,
		_In_ ACCESS_MASK	DesiredAccess,
		_In_opt_ POBJECT_ATTRIBUTES	ObjectAttributes,
		_In_opt_ PLARGE_INTEGER	MaximumSize,
		_In_ ULONG	SectionPageProtection,
		_In_ ULONG	AllocationAttributes,
		_In_opt_ HANDLE	FileHandle
	)

◆ NtDeleteObjectAuditAlarm()

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtDeleteObjectAuditAlarm	(	_In_ PUNICODE_STRING	SubsystemName,
		_In_opt_ PVOID	HandleId,
		_In_ BOOLEAN	GenerateOnClose
	)

◆ NtDeviceIoControlFile()

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtDeviceIoControlFile	(	_In_ HANDLE	FileHandle,
		_In_opt_ HANDLE	Event,
		_In_opt_ PIO_APC_ROUTINE	ApcRoutine,
		_In_opt_ PVOID	ApcContext,
		_Out_ PIO_STATUS_BLOCK	IoStatusBlock,
		_In_ ULONG	IoControlCode,
		_In_reads_bytes_opt_(InputBufferLength) PVOID	InputBuffer,
		_In_ ULONG	InputBufferLength,
		_Out_writes_bytes_opt_(OutputBufferLength) PVOID	OutputBuffer,
		_In_ ULONG	OutputBufferLength
	)

◆ NtDuplicateToken()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtDuplicateToken	(	_In_ HANDLE	ExistingTokenHandle,
		_In_ ACCESS_MASK	DesiredAccess,
		_In_opt_ POBJECT_ATTRIBUTES	ObjectAttributes,
		_In_ BOOLEAN	EffectiveOnly,
		_In_ TOKEN_TYPE	TokenType,
		_Out_ PHANDLE	NewTokenHandle
	)

Duplicates a token.

Parameters

[in]	ExistingTokenHandle	An existing token to duplicate.
[in]	DesiredAccess	The desired access rights for the new duplicated token.
[in]	ObjectAttributes	Object attributes for the new duplicated token.
[in]	EffectiveOnly	If set to TRUE, the function removes all the disabled privileges and groups of the token to duplicate.
[in]	TokenType	Type of token to assign to the duplicated token.
[out]	NewTokenHandle	The returned duplicated token handle.

Returns: STATUS_SUCCESS is returned if token duplication has completed successfully. STATUS_BAD_IMPERSONATION_LEVEL is returned if the caller erroneously wants to raise the impersonation level even though the conditions do not permit it. A failure NTSTATUS code is returned otherwise.

Remarks: Some sources claim 4th param is ImpersonationLevel, but on W2K this is certainly NOT true, although I can't say for sure that EffectiveOnly is correct either. -Gunnar This is true. EffectiveOnly overrides SQOS.EffectiveOnly. - IAI NOTE for readers: https://hex.pp.ua/nt/NtDuplicateToken.php is therefore wrong in that regard, while MSDN documentation is correct.

Definition at line 1871 of file tokenlif.c.

{
    KPROCESSOR_MODE PreviousMode;
    HANDLE hToken;
    PTOKEN Token;
    PTOKEN NewToken;
    PSECURITY_QUALITY_OF_SERVICE CapturedSecurityQualityOfService;
    BOOLEAN QoSPresent;
    OBJECT_HANDLE_INFORMATION HandleInformation;
    NTSTATUS Status;
 
    PAGED_CODE();
 
    if (TokenType != TokenImpersonation &&
        TokenType != TokenPrimary)
    {
        return STATUS_INVALID_PARAMETER;
    }
 
    PreviousMode = KeGetPreviousMode();
 
    if (PreviousMode != KernelMode)
    {
        _SEH2_TRY
        {
            ProbeForWriteHandle(NewTokenHandle);
        }
        _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
        {
            /* Return the exception code */
            _SEH2_YIELD(return _SEH2_GetExceptionCode());
        }
        _SEH2_END;
    }
 
    Status = SepCaptureSecurityQualityOfService(ObjectAttributes,
                                                PreviousMode,
                                                PagedPool,
                                                FALSE,
                                                &CapturedSecurityQualityOfService,
                                                &QoSPresent);
    if (!NT_SUCCESS(Status))
    {
        DPRINT1("NtDuplicateToken() failed to capture QoS! Status: 0x%x\n", Status);
        return Status;
    }
 
    Status = ObReferenceObjectByHandle(ExistingTokenHandle,
                                       TOKEN_DUPLICATE,
                                       SeTokenObjectType,
                                       PreviousMode,
                                       (PVOID*)&Token,
                                       &HandleInformation);
    if (!NT_SUCCESS(Status))
    {
        DPRINT1("Failed to reference token (Status 0x%lx)\n", Status);
        SepReleaseSecurityQualityOfService(CapturedSecurityQualityOfService,
                                           PreviousMode,
                                           FALSE);
        return Status;
    }
 
    /*
     * Fail, if the original token is an impersonation token and the caller
     * tries to raise the impersonation level of the new token above the
     * impersonation level of the original token.
     */
    if (Token->TokenType == TokenImpersonation)
    {
        if (QoSPresent &&
            CapturedSecurityQualityOfService->ImpersonationLevel >Token->ImpersonationLevel)
        {
            ObDereferenceObject(Token);
            SepReleaseSecurityQualityOfService(CapturedSecurityQualityOfService,
                                               PreviousMode,
                                               FALSE);
            return STATUS_BAD_IMPERSONATION_LEVEL;
        }
    }
 
    /*
     * Fail, if a primary token is to be created from an impersonation token
     * and and the impersonation level of the impersonation token is below SecurityImpersonation.
     */
    if (Token->TokenType == TokenImpersonation &&
        TokenType == TokenPrimary &&
        Token->ImpersonationLevel < SecurityImpersonation)
    {
        ObDereferenceObject(Token);
        SepReleaseSecurityQualityOfService(CapturedSecurityQualityOfService,
                                           PreviousMode,
                                           FALSE);
        return STATUS_BAD_IMPERSONATION_LEVEL;
    }
 
    Status = SepDuplicateToken(Token,
                               ObjectAttributes,
                               EffectiveOnly,
                               TokenType,
                               (QoSPresent ? CapturedSecurityQualityOfService->ImpersonationLevel : SecurityAnonymous),
                               PreviousMode,
                               &NewToken);
 
    ObDereferenceObject(Token);
 
    if (NT_SUCCESS(Status))
    {
        Status = ObInsertObject(NewToken,
                                NULL,
                                (DesiredAccess ? DesiredAccess : HandleInformation.GrantedAccess),
                                0,
                                NULL,
                                &hToken);
        if (NT_SUCCESS(Status))
        {
            _SEH2_TRY
            {
                *NewTokenHandle = hToken;
            }
            _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
            {
                Status = _SEH2_GetExceptionCode();
            }
            _SEH2_END;
        }
    }
 
    /* Free the captured structure */
    SepReleaseSecurityQualityOfService(CapturedSecurityQualityOfService,
                                       PreviousMode,
                                       FALSE);
 
    return Status;
}

Referenced by CreateProcessAsUserCommon(), DuplicateTokenAsEffective(), DuplicateTokenEx(), GetToken(), GetTokenProcess(), ImpersonateLoggedOnUser(), QueryTokenImpersonationTests(), and START_TEST().

◆ NtFilterToken()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtFilterToken	(	_In_ HANDLE	ExistingTokenHandle,
		_In_ ULONG	Flags,
		_In_opt_ PTOKEN_GROUPS	SidsToDisable,
		_In_opt_ PTOKEN_PRIVILEGES	PrivilegesToDelete,
		_In_opt_ PTOKEN_GROUPS	RestrictedSids,
		_Out_ PHANDLE	NewTokenHandle
	)

Creates an access token in a restricted form from the original existing token, that is, such action is called filtering.

Parameters

[in]	ExistingTokenHandle	A handle to an access token which is to be filtered.
[in]	Flags	Privilege flag options. This parameter argument influences how the token's privileges are filtered. For further details see remarks.
[in]	SidsToDisable	Array of SIDs to disable. The action of doing so assigns the SE_GROUP_USE_FOR_DENY_ONLY attribute to the respective group SID and takes away SE_GROUP_ENABLED and SE_GROUP_ENABLED_BY_DEFAULT. This parameter can be NULL. This can be a UM pointer.
[in]	PrivilegesToDelete	Array of privileges to delete. The function will walk within this array to determine if the specified privileges do exist in the access token. Any missing privileges gets ignored. This parameter can be NULL. This can be a UM pointer.
[in]	RestrictedSids	An array list of restricted groups SID to be added in the access token. A token that is already restricted the newly added restricted SIDs are redundant information in addition to the existing restricted SIDs in the token. This parameter can be NULL. This can be a UM pointer.
[out]	NewTokenHandle	A new handle to the restricted (filtered) access token. This can be a UM pointer.

Returns: Returns STATUS_SUCCESS if the routine has successfully filtered the access token. STATUS_INVALID_PARAMETER is returned if one or more parameters are not valid (see SepPerformTokenFiltering routine call for more information). A failure NTSTATUS code is returned otherwise.

Remarks: The Flags parameter determines the final outcome of how the privileges in an access token are filtered. This parameter can take these supported values (these can be combined):

0 – Filter the token's privileges in the usual way. The function expects that the caller MUST PROVIDE a valid array list of privileges to be deleted (that is, PrivilegesToDelete MUSTN'T BE NULL).

DISABLE_MAX_PRIVILEGE – Disables (deletes) all the privileges except SeChangeNotifyPrivilege in the new access token. Bear in mind if this flag is specified the routine ignores PrivilegesToDelete.

SANDBOX_INERT – Stores the TOKEN_SANDBOX_INERT token flag within the access token.

LUA_TOKEN – The newly filtered access token is a LUA token. This flag is not supported in Windows Server 2003.

WRITE_RESTRICTED – The newly filtered token has the restricted SIDs that are considered only when evaluating write access onto the token. This value is not supported in Windows Server 2003.

Definition at line 2077 of file tokenlif.c.

{
    PTOKEN Token, FilteredToken;
    HANDLE FilteredTokenHandle;
    NTSTATUS Status;
    KPROCESSOR_MODE PreviousMode;
    OBJECT_HANDLE_INFORMATION HandleInfo;
    ULONG ResultLength;
    ULONG CapturedSidsCount = 0;
    ULONG CapturedPrivilegesCount = 0;
    ULONG CapturedRestrictedSidsCount = 0;
    ULONG ProbeSize = 0;
    PSID_AND_ATTRIBUTES CapturedSids = NULL;
    PSID_AND_ATTRIBUTES CapturedRestrictedSids = NULL;
    PLUID_AND_ATTRIBUTES CapturedPrivileges = NULL;
 
    PAGED_CODE();
 
    PreviousMode = ExGetPreviousMode();
 
    _SEH2_TRY
    {
        /* Probe SidsToDisable */
        if (SidsToDisable != NULL)
        {
            /* Probe the header */
            ProbeForRead(SidsToDisable, sizeof(*SidsToDisable), sizeof(ULONG));
 
            CapturedSidsCount = SidsToDisable->GroupCount;
            ProbeSize = FIELD_OFFSET(TOKEN_GROUPS, Groups[CapturedSidsCount]);
 
            ProbeForRead(SidsToDisable, ProbeSize, sizeof(ULONG));
        }
 
        /* Probe PrivilegesToDelete */
        if (PrivilegesToDelete != NULL)
        {
            /* Probe the header */
            ProbeForRead(PrivilegesToDelete, sizeof(*PrivilegesToDelete), sizeof(ULONG));
 
            CapturedPrivilegesCount = PrivilegesToDelete->PrivilegeCount;
            ProbeSize = FIELD_OFFSET(TOKEN_PRIVILEGES, Privileges[CapturedPrivilegesCount]);
 
            ProbeForRead(PrivilegesToDelete, ProbeSize, sizeof(ULONG));
        }
 
        /* Probe RestrictedSids */
        if (RestrictedSids != NULL)
        {
            /* Probe the header */
            ProbeForRead(RestrictedSids, sizeof(*RestrictedSids), sizeof(ULONG));
 
            CapturedRestrictedSidsCount = RestrictedSids->GroupCount;
            ProbeSize = FIELD_OFFSET(TOKEN_GROUPS, Groups[CapturedRestrictedSidsCount]);
 
            ProbeForRead(RestrictedSids, ProbeSize, sizeof(ULONG));
        }
 
        /* Probe the handle */
        ProbeForWriteHandle(NewTokenHandle);
    }
    _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
    {
        /* Return the exception code */
        _SEH2_YIELD(return _SEH2_GetExceptionCode());
    }
    _SEH2_END;
 
    /* Reference the token */
    Status = ObReferenceObjectByHandle(ExistingTokenHandle,
                                       TOKEN_DUPLICATE,
                                       SeTokenObjectType,
                                       PreviousMode,
                                       (PVOID*)&Token,
                                       &HandleInfo);
    if (!NT_SUCCESS(Status))
    {
        DPRINT1("NtFilterToken(): Failed to reference the token (Status 0x%lx)\n", Status);
        return Status;
    }
 
    /* Capture the group SIDs */
    if (SidsToDisable != NULL)
    {
        Status = SeCaptureSidAndAttributesArray(SidsToDisable->Groups,
                                                CapturedSidsCount,
                                                PreviousMode,
                                                NULL,
                                                0,
                                                PagedPool,
                                                TRUE,
                                                &CapturedSids,
                                                &ResultLength);
        if (!NT_SUCCESS(Status))
        {
            DPRINT1("NtFilterToken(): Failed to capture the SIDs (Status 0x%lx)\n", Status);
            goto Quit;
        }
    }
 
    /* Capture the privileges */
    if (PrivilegesToDelete != NULL)
    {
        Status = SeCaptureLuidAndAttributesArray(PrivilegesToDelete->Privileges,
                                                 CapturedPrivilegesCount,
                                                 PreviousMode,
                                                 NULL,
                                                 0,
                                                 PagedPool,
                                                 TRUE,
                                                 &CapturedPrivileges,
                                                 &ResultLength);
        if (!NT_SUCCESS(Status))
        {
            DPRINT1("NtFilterToken(): Failed to capture the privileges (Status 0x%lx)\n", Status);
            goto Quit;
        }
    }
 
    /* Capture the restricted SIDs */
    if (RestrictedSids != NULL)
    {
        Status = SeCaptureSidAndAttributesArray(RestrictedSids->Groups,
                                                CapturedRestrictedSidsCount,
                                                PreviousMode,
                                                NULL,
                                                0,
                                                PagedPool,
                                                TRUE,
                                                &CapturedRestrictedSids,
                                                &ResultLength);
        if (!NT_SUCCESS(Status))
        {
            DPRINT1("NtFilterToken(): Failed to capture the restricted SIDs (Status 0x%lx)\n", Status);
            goto Quit;
        }
    }
 
    /* Call the internal API */
    Status = SepPerformTokenFiltering(Token,
                                      CapturedPrivileges,
                                      CapturedSids,
                                      CapturedRestrictedSids,
                                      CapturedPrivilegesCount,
                                      CapturedSidsCount,
                                      CapturedRestrictedSidsCount,
                                      Flags,
                                      PreviousMode,
                                      &FilteredToken);
    if (!NT_SUCCESS(Status))
    {
        DPRINT1("NtFilterToken(): Failed to filter the token (Status 0x%lx)\n", Status);
        goto Quit;
    }
 
    /* Insert the filtered token and retrieve a handle to it */
    Status = ObInsertObject(FilteredToken,
                            NULL,
                            HandleInfo.GrantedAccess,
                            0,
                            NULL,
                            &FilteredTokenHandle);
    if (!NT_SUCCESS(Status))
    {
        DPRINT1("NtFilterToken(): Failed to insert the filtered token (Status 0x%lx)\n", Status);
        /* Note: ObInsertObject dereferences FilteredToken on failure */
        goto Quit;
    }
 
    /* And return it to the caller once we're done */
    _SEH2_TRY
    {
        *NewTokenHandle = FilteredTokenHandle;
    }
    _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
    {
        Status = _SEH2_GetExceptionCode();
        _SEH2_YIELD(goto Quit);
    }
    _SEH2_END;
 
Quit:
    /* Dereference the token */
    ObDereferenceObject(Token);
 
    /* Release all the captured data */
    if (CapturedSids != NULL)
    {
        SeReleaseSidAndAttributesArray(CapturedSids,
                                       PreviousMode,
                                       TRUE);
    }
 
    if (CapturedPrivileges != NULL)
    {
        SeReleaseLuidAndAttributesArray(CapturedPrivileges,
                                        PreviousMode,
                                        TRUE);
    }
 
    if (CapturedRestrictedSids != NULL)
    {
        SeReleaseSidAndAttributesArray(CapturedRestrictedSids,
                                       PreviousMode,
                                       TRUE);
    }
 
    return Status;
}

Referenced by CreateRestrictedToken(), QueryTokenIsSandboxInert(), QueryTokenPrivilegesAndGroupsTests(), QueryTokenRestrictedSidsTest(), and START_TEST().

◆ NtFsControlFile()

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtFsControlFile	(	_In_ HANDLE	FileHandle,
		_In_opt_ HANDLE	Event,
		_In_opt_ PIO_APC_ROUTINE	ApcRoutine,
		_In_opt_ PVOID	ApcContext,
		_Out_ PIO_STATUS_BLOCK	IoStatusBlock,
		_In_ ULONG	FsControlCode,
		_In_reads_bytes_opt_(InputBufferLength) PVOID	InputBuffer,
		_In_ ULONG	InputBufferLength,
		_Out_writes_bytes_opt_(OutputBufferLength) PVOID	OutputBuffer,
		_In_ ULONG	OutputBufferLength
	)

◆ NtImpersonateAnonymousToken()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtImpersonateAnonymousToken ( _In_ HANDLE ThreadHandle )

Allows the calling thread to impersonate the system's anonymous logon token.

Parameters

[in] ThreadHandle A handle to the thread to start the procedure of logon token impersonation. The thread must have the THREAD_IMPERSONATE access right.

Returns: Returns STATUS_SUCCESS if the thread has successfully impersonated the anonymous logon token, otherwise a failure NTSTATUS code is returned.

Remarks: By default the system gives the opportunity to the caller to impersonate the anonymous logon token without including the Everyone Group SID. In cases where the caller wants to impersonate the token including such group, the EveryoneIncludesAnonymous registry value setting has to be set to 1, from HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa registry path. The calling thread must invoke PsRevertToSelf when impersonation is no longer needed or RevertToSelf if the calling execution is done in user mode.

Definition at line 2613 of file token.c.

{
    PETHREAD Thread;
    KPROCESSOR_MODE PreviousMode;
    NTSTATUS Status;
    PAGED_CODE();
 
    PreviousMode = ExGetPreviousMode();
 
    /* Obtain the thread object from the handle */
    Status = ObReferenceObjectByHandle(ThreadHandle,
                                       THREAD_IMPERSONATE,
                                       PsThreadType,
                                       PreviousMode,
                                       (PVOID*)&Thread,
                                       NULL);
    if (!NT_SUCCESS(Status))
    {
        DPRINT1("NtImpersonateAnonymousToken(): Failed to reference the object (Status 0x%lx)\n", Status);
        return Status;
    }
 
    /* Call the private routine to impersonate the token */
    Status = SepImpersonateAnonymousToken(Thread, PreviousMode);
    if (!NT_SUCCESS(Status))
    {
        DPRINT1("NtImpersonateAnonymousToken(): Failed to impersonate the token (Status 0x%lx)\n", Status);
    }
 
    ObDereferenceObject(Thread);
    return Status;
}

Referenced by ImpersonateAnonymousToken(), and START_TEST().

◆ NtLockFile()

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtLockFile	(	_In_ HANDLE	FileHandle,
		_In_opt_ HANDLE	Event,
		_In_opt_ PIO_APC_ROUTINE	ApcRoutine,
		_In_opt_ PVOID	ApcContext,
		_Out_ PIO_STATUS_BLOCK	IoStatusBlock,
		_In_ PLARGE_INTEGER	ByteOffset,
		_In_ PLARGE_INTEGER	Length,
		_In_ ULONG	Key,
		_In_ BOOLEAN	FailImmediately,
		_In_ BOOLEAN	ExclusiveLock
	)

◆ NtOpenFile()

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtOpenFile	(	_Out_ PHANDLE	FileHandle,
		_In_ ACCESS_MASK	DesiredAccess,
		_In_ POBJECT_ATTRIBUTES	ObjectAttributes,
		_Out_ PIO_STATUS_BLOCK	IoStatusBlock,
		_In_ ULONG	ShareAccess,
		_In_ ULONG	OpenOptions
	)

◆ NtOpenJobObjectToken()

_Must_inspect_result_ NTSYSAPI NTSTATUS NTAPI NtOpenJobObjectToken	(	_In_ HANDLE	JobHandle,
		_In_ ACCESS_MASK	DesiredAccess,
		_Out_ PHANDLE	TokenHandle
	)

◆ NtOpenObjectAuditAlarm()

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtOpenObjectAuditAlarm	(	_In_ PUNICODE_STRING	SubsystemName,
		_In_opt_ PVOID	HandleId,
		_In_ PUNICODE_STRING	ObjectTypeName,
		_In_ PUNICODE_STRING	ObjectName,
		_In_opt_ PSECURITY_DESCRIPTOR	SecurityDescriptor,
		_In_ HANDLE	ClientTokenHandle,
		_In_ ACCESS_MASK	DesiredAccess,
		_In_ ACCESS_MASK	GrantedAccess,
		_In_opt_ PPRIVILEGE_SET	PrivilegeSet,
		_In_ BOOLEAN	ObjectCreation,
		_In_ BOOLEAN	AccessGranted,
		_Out_ PBOOLEAN	GenerateOnClose
	)

Raises an alarm audit message when an object is about to be opened.

Parameters

[in]	SubsystemName	A Unicode string that points to a name of the subsystem.
[in]	HandleId	A handle to an ID used for identification instance for auditing.
[in]	ObjectTypeName	A Unicode string that points to an object type name.
[in]	ObjectName	The name of the object.
[in]	SecurityDescriptor	A security descriptor.
[in]	ClientTokenHandle	A handle to a client access token.
[in]	DesiredAccess	The desired access rights masks requested by the caller.
[in]	GrantedAccess	The granted access mask rights.
[in]	PrivilegeSet	If specified, the function will use this set of privileges to audit.
[in]	ObjectCreation	Set this to TRUE if the object has just been created.
[in]	AccessGranted	Set this to TRUE if the access attempt was deemed as granted.
[out]	GenerateOnClose	A boolean flag returned to the caller once audit generation procedure finishes.

Returns: Returns STATUS_SUCCESS if all the operations have been completed successfully. STATUS_PRIVILEGE_NOT_HELD is returned if the given subject context does not hold the required audit privilege to actually begin auditing in the first place. STATUS_BAD_IMPERSONATION_LEVEL is returned if the security impersonation level of the client token is not on par with the impersonation level that alllows impersonation. STATUS_INVALID_PARAMETER is returned if the caller has submitted a bogus set of privileges as such array set exceeds the maximum count of privileges that the kernel can accept. A failure NTSTATUS code is returned otherwise.

Definition at line 1622 of file audit.c.

{
    PTOKEN ClientToken;
    PSECURITY_DESCRIPTOR CapturedSecurityDescriptor;
    UNICODE_STRING CapturedSubsystemName, CapturedObjectTypeName, CapturedObjectName;
    ULONG PrivilegeCount, PrivilegeSetSize;
    volatile PPRIVILEGE_SET CapturedPrivilegeSet;
    BOOLEAN LocalGenerateOnClose;
    PVOID CapturedHandleId;
    SECURITY_SUBJECT_CONTEXT SubjectContext;
    NTSTATUS Status;
    PAGED_CODE();
 
    /* Only user mode is supported! */
    ASSERT(ExGetPreviousMode() != KernelMode);
 
    /* Start clean */
    ClientToken = NULL;
    CapturedSecurityDescriptor = NULL;
    CapturedPrivilegeSet = NULL;
    CapturedSubsystemName.Buffer = NULL;
    CapturedObjectTypeName.Buffer = NULL;
    CapturedObjectName.Buffer = NULL;
 
    /* Reference the client token */
    Status = ObReferenceObjectByHandle(ClientTokenHandle,
                                       TOKEN_QUERY,
                                       SeTokenObjectType,
                                       UserMode,
                                       (PVOID*)&ClientToken,
                                       NULL);
    if (!NT_SUCCESS(Status))
    {
        DPRINT1("Failed to reference token handle %p: %lx\n",
                ClientTokenHandle, Status);
        return Status;
    }
 
    /* Capture the security subject context */
    SeCaptureSubjectContext(&SubjectContext);
 
    /* Validate the token's impersonation level */
    if ((ClientToken->TokenType == TokenImpersonation) &&
        (ClientToken->ImpersonationLevel < SecurityIdentification))
    {
        DPRINT1("Invalid impersonation level (%u)\n", ClientToken->ImpersonationLevel);
        Status = STATUS_BAD_IMPERSONATION_LEVEL;
        goto Cleanup;
    }
 
    /* Check for audit privilege */
    if (!SeCheckAuditPrivilege(&SubjectContext, UserMode))
    {
        DPRINT1("Caller does not have SeAuditPrivilege\n");
        Status = STATUS_PRIVILEGE_NOT_HELD;
        goto Cleanup;
    }
 
    /* Check for NULL SecurityDescriptor */
    if (SecurityDescriptor == NULL)
    {
        /* Nothing to do */
        Status = STATUS_SUCCESS;
        goto Cleanup;
    }
 
    /* Capture the security descriptor */
    Status = SeCaptureSecurityDescriptor(SecurityDescriptor,
                                         UserMode,
                                         PagedPool,
                                         FALSE,
                                         &CapturedSecurityDescriptor);
    if (!NT_SUCCESS(Status))
    {
        DPRINT1("Failed to capture security descriptor!\n");
        goto Cleanup;
    }
 
    _SEH2_TRY
    {
        /* Check if we have a privilege set */
        if (PrivilegeSet != NULL)
        {
            /* Probe the basic privilege set structure */
            ProbeForRead(PrivilegeSet, sizeof(PRIVILEGE_SET), sizeof(ULONG));
 
            /* Validate privilege count */
            PrivilegeCount = PrivilegeSet->PrivilegeCount;
            if (PrivilegeCount > SEP_PRIVILEGE_SET_MAX_COUNT)
            {
                Status = STATUS_INVALID_PARAMETER;
                _SEH2_YIELD(goto Cleanup);
            }
 
            /* Calculate the size of the PrivilegeSet structure */
            PrivilegeSetSize = FIELD_OFFSET(PRIVILEGE_SET, Privilege[PrivilegeCount]);
 
            /* Probe the whole structure */
            ProbeForRead(PrivilegeSet, PrivilegeSetSize, sizeof(ULONG));
 
            /* Allocate a temp buffer */
            CapturedPrivilegeSet = ExAllocatePoolWithTag(PagedPool,
                                                         PrivilegeSetSize,
                                                         TAG_PRIVILEGE_SET);
            if (CapturedPrivilegeSet == NULL)
            {
                DPRINT1("Failed to allocate %u bytes\n", PrivilegeSetSize);
                Status = STATUS_INSUFFICIENT_RESOURCES;
                _SEH2_YIELD(goto Cleanup);
            }
 
            /* Copy the privileges */
            RtlCopyMemory(CapturedPrivilegeSet, PrivilegeSet, PrivilegeSetSize);
        }
 
        if (HandleId != NULL)
        {
            ProbeForRead(HandleId, sizeof(PVOID), sizeof(PVOID));
            CapturedHandleId = *(PVOID*)HandleId;
        }
 
        ProbeForWrite(GenerateOnClose, sizeof(BOOLEAN), sizeof(BOOLEAN));
    }
    _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
    {
        Status = _SEH2_GetExceptionCode();
        DPRINT1("Exception while probing parameters: 0x%lx\n", Status);
        _SEH2_YIELD(goto Cleanup);
    }
    _SEH2_END;
 
    /* Probe and capture the subsystem name */
    Status = ProbeAndCaptureUnicodeString(&CapturedSubsystemName,
                                          UserMode,
                                          SubsystemName);
    if (!NT_SUCCESS(Status))
    {
        DPRINT1("Failed to capture subsystem name!\n");
        goto Cleanup;
    }
 
    /* Probe and capture the object type name */
    Status = ProbeAndCaptureUnicodeString(&CapturedObjectTypeName,
                                          UserMode,
                                          ObjectTypeName);
    if (!NT_SUCCESS(Status))
    {
        DPRINT1("Failed to capture object type name!\n");
        goto Cleanup;
    }
 
    /* Probe and capture the object name */
    Status = ProbeAndCaptureUnicodeString(&CapturedObjectName,
                                          UserMode,
                                          ObjectName);
    if (!NT_SUCCESS(Status))
    {
        DPRINT1("Failed to capture object name!\n");
        goto Cleanup;
    }
 
    /* Call the internal function */
    SepOpenObjectAuditAlarm(&SubjectContext,
                            &CapturedSubsystemName,
                            CapturedHandleId,
                            &CapturedObjectTypeName,
                            &CapturedObjectName,
                            CapturedSecurityDescriptor,
                            ClientToken,
                            DesiredAccess,
                            GrantedAccess,
                            CapturedPrivilegeSet,
                            ObjectCreation,
                            AccessGranted,
                            &LocalGenerateOnClose);
 
    Status = STATUS_SUCCESS;
 
    /* Enter SEH to copy the data back to user mode */
    _SEH2_TRY
    {
        *GenerateOnClose = LocalGenerateOnClose;
    }
    _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
    {
        Status = _SEH2_GetExceptionCode();
        DPRINT1("Exception while copying back data: 0x%lx\n", Status);
    }
    _SEH2_END;
 
Cleanup:
 
    if (CapturedObjectName.Buffer != NULL)
        ReleaseCapturedUnicodeString(&CapturedObjectName, UserMode);
 
    if (CapturedObjectTypeName.Buffer != NULL)
        ReleaseCapturedUnicodeString(&CapturedObjectTypeName, UserMode);
 
    if (CapturedSubsystemName.Buffer != NULL)
        ReleaseCapturedUnicodeString(&CapturedSubsystemName, UserMode);
 
    if (CapturedSecurityDescriptor != NULL)
        SeReleaseSecurityDescriptor(CapturedSecurityDescriptor, UserMode, FALSE);
 
    if (CapturedPrivilegeSet != NULL)
        ExFreePoolWithTag(CapturedPrivilegeSet, TAG_PRIVILEGE_SET);
 
    /* Release the security subject context */
    SeReleaseSubjectContext(&SubjectContext);
 
    ObDereferenceObject(ClientToken);
 
    return Status;
}

Referenced by ObjectOpenAuditAlarmA(), and ObjectOpenAuditAlarmW().

◆ NtOpenProcessToken()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtOpenProcessToken	(	_In_ HANDLE	ProcessHandle,
		_In_ ACCESS_MASK	DesiredAccess,
		_Out_ PHANDLE	TokenHandle
	)

◆ NtOpenProcessTokenEx()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtOpenProcessTokenEx	(	_In_ HANDLE	ProcessHandle,
		_In_ ACCESS_MASK	DesiredAccess,
		_In_ ULONG	HandleAttributes,
		_Out_ PHANDLE	TokenHandle
	)

◆ NtOpenThreadToken()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtOpenThreadToken	(	_In_ HANDLE	ThreadHandle,
		_In_ ACCESS_MASK	DesiredAccess,
		_In_ BOOLEAN	OpenAsSelf,
		_Out_ PHANDLE	TokenHandle
	)

Opens a token that is tied to a thread handle.

Parameters

[out]	ThreadHandle	Thread handle where the token is about to be opened.
[in]	DesiredAccess	The request access right for the token.
[in]	OpenAsSelf	If set to TRUE, the access check will be made with the security context of the process of the calling thread (opening as self). Otherwise the access check will be made with the security context of the calling thread instead.
[out]	TokenHandle	The opened token handle returned to the caller for use.

Returns: See NtOpenThreadTokenEx.

Definition at line 2475 of file token.c.

{
    return NtOpenThreadTokenEx(ThreadHandle, DesiredAccess, OpenAsSelf, 0,
                               TokenHandle);
}

Referenced by BaseGetNamedObjectDirectory(), CheckTokenMembership(), CreateProcessAsUserCommon(), CsrGetProcessLuid(), GetCallerLuid(), LsarSetSecurityObject(), NetpGetClientLogonId(), NpGetUserNamep(), OpenThreadToken(), RSetServiceObjectSecurity(), RtlDefaultNpAcl(), RtlNewSecurityGrantedAccess(), RtlpGetImpersonationToken(), and START_TEST().

◆ NtOpenThreadTokenEx()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtOpenThreadTokenEx	(	_In_ HANDLE	ThreadHandle,
		_In_ ACCESS_MASK	DesiredAccess,
		_In_ BOOLEAN	OpenAsSelf,
		_In_ ULONG	HandleAttributes,
		_Out_ PHANDLE	TokenHandle
	)

Opens a token that is tied to a thread handle.

Parameters

[out]	ThreadHandle	Thread handle where the token is about to be opened.
[in]	DesiredAccess	The request access right for the token.
[in]	OpenAsSelf	If set to TRUE, the access check will be made with the security context of the process of the calling thread (opening as self). Otherwise the access check will be made with the security context of the calling thread instead.
[in]	HandleAttributes	Handle attributes for the opened thread token handle.
[out]	TokenHandle	The opened token handle returned to the caller for use.

Returns: Returns STATUS_SUCCESS if the function has successfully opened the thread token. STATUS_CANT_OPEN_ANONYMOUS is returned if a token has SecurityAnonymous as impersonation level and we cannot open it. A failure NTSTATUS code is returned otherwise.

Definition at line 2332 of file token.c.

{
    PETHREAD Thread;
    HANDLE hToken;
    PTOKEN Token;
    BOOLEAN CopyOnOpen, EffectiveOnly;
    SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
    SE_IMPERSONATION_STATE ImpersonationState;
    KPROCESSOR_MODE PreviousMode;
    NTSTATUS Status;
    BOOLEAN RestoreImpersonation = FALSE;
 
    PAGED_CODE();
 
    PreviousMode = ExGetPreviousMode();
 
    /* Ensure that we can give the handle to the caller */
    if (PreviousMode != KernelMode)
    {
        _SEH2_TRY
        {
            ProbeForWriteHandle(TokenHandle);
        }
        _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
        {
            /* Return the exception code */
            _SEH2_YIELD(return _SEH2_GetExceptionCode());
        }
        _SEH2_END;
    }
 
    /* Validate object attributes */
    HandleAttributes = ObpValidateAttributes(HandleAttributes, PreviousMode);
 
    /*
     * At first open the thread token for information access and verify
     * that the token associated with the thread is valid.
     */
    Status = ObReferenceObjectByHandle(ThreadHandle, THREAD_QUERY_INFORMATION,
                                       PsThreadType, PreviousMode, (PVOID*)&Thread,
                                       NULL);
    if (!NT_SUCCESS(Status))
    {
        DPRINT1("Failed to reference the object thread (Status 0x%lx)\n", Status);
        return Status;
    }
 
    /* Reference the token from the thread */
    Token = PsReferenceImpersonationToken(Thread, &CopyOnOpen, &EffectiveOnly,
                                          &ImpersonationLevel);
    if (Token == NULL)
    {
        DPRINT("Failed to reference the thread's impersonation token, thread has no token\n");
        ObDereferenceObject(Thread);
        return STATUS_NO_TOKEN;
    }
 
    /* Ensure the token has no anonymous security */
    if (ImpersonationLevel == SecurityAnonymous)
    {
        DPRINT1("The thread token has anonymous security, can't open it\n");
        PsDereferenceImpersonationToken(Token);
        ObDereferenceObject(Thread);
        return STATUS_CANT_OPEN_ANONYMOUS;
    }
 
    /* Revert to self if OpenAsSelf is specified */
    if (OpenAsSelf)
    {
        RestoreImpersonation = PsDisableImpersonation(PsGetCurrentThread(),
                                                      &ImpersonationState);
    }
 
    /* Call the private function to do the job */
    Status = SepOpenThreadToken(Thread,
                                ThreadHandle,
                                Token,
                                DesiredAccess,
                                HandleAttributes,
                                EffectiveOnly,
                                CopyOnOpen,
                                ImpersonationLevel,
                                PreviousMode,
                                &hToken);
 
    /* Restore the impersonation back if needed */
    if (RestoreImpersonation)
    {
        PsRestoreImpersonation(PsGetCurrentThread(), &ImpersonationState);
    }
 
    /* Dereference the access token and the associated thread */
    ObDereferenceObject(Token);
    ObDereferenceObject(Thread);
 
    if (!NT_SUCCESS(Status))
    {
        DPRINT1("Failed to open the thread's token (Status 0x%lx)\n", Status);
        return Status;
    }
 
    /* Give the opened token handle to the caller */
    _SEH2_TRY
    {
        *TokenHandle = hToken;
    }
    _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
    {
        Status = _SEH2_GetExceptionCode();
    }
    _SEH2_END;
 
    return Status;
}

Referenced by NtOpenThreadToken(), and START_TEST().

◆ NtPrivilegeCheck()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtPrivilegeCheck	(	_In_ HANDLE	ClientToken,
		_Inout_ PPRIVILEGE_SET	RequiredPrivileges,
		_Out_ PBOOLEAN	Result
	)

◆ NtPrivilegedServiceAuditAlarm()

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtPrivilegedServiceAuditAlarm	(	_In_ PUNICODE_STRING	SubsystemName,
		_In_ PUNICODE_STRING	ServiceName,
		_In_ HANDLE	ClientToken,
		_In_ PPRIVILEGE_SET	Privileges,
		_In_ BOOLEAN	AccessGranted
	)

◆ NtPrivilegeObjectAuditAlarm()

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtPrivilegeObjectAuditAlarm	(	_In_ PUNICODE_STRING	SubsystemName,
		_In_opt_ PVOID	HandleId,
		_In_ HANDLE	ClientToken,
		_In_ ACCESS_MASK	DesiredAccess,
		_In_ PPRIVILEGE_SET	Privileges,
		_In_ BOOLEAN	AccessGranted
	)

◆ NtQueryDirectoryFile()

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtQueryDirectoryFile	(	_In_ HANDLE	FileHandle,
		_In_opt_ HANDLE	Event,
		_In_opt_ PIO_APC_ROUTINE	ApcRoutine,
		_In_opt_ PVOID	ApcContext,
		_Out_ PIO_STATUS_BLOCK	IoStatusBlock,
		_Out_writes_bytes_(Length) PVOID	FileInformation,
		_In_ ULONG	Length,
		_In_ FILE_INFORMATION_CLASS	FileInformationClass,
		_In_ BOOLEAN	ReturnSingleEntry,
		_In_opt_ PUNICODE_STRING	FileName,
		_In_ BOOLEAN	RestartScan
	)

◆ NtQueryInformationFile()

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtQueryInformationFile	(	_In_ HANDLE	FileHandle,
		_Out_ PIO_STATUS_BLOCK	IoStatusBlock,
		_Out_writes_bytes_(Length) PVOID	FileInformation,
		_In_ ULONG	Length,
		_In_ FILE_INFORMATION_CLASS	FileInformationClass
	)

◆ NtQueryQuotaInformationFile()

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtQueryQuotaInformationFile	(	_In_ HANDLE	FileHandle,
		_Out_ PIO_STATUS_BLOCK	IoStatusBlock,
		_Out_writes_bytes_(Length) PVOID	Buffer,
		_In_ ULONG	Length,
		_In_ BOOLEAN	ReturnSingleEntry,
		_In_reads_bytes_opt_(SidListLength) PVOID	SidList,
		_In_ ULONG	SidListLength,
		_In_reads_bytes_opt_((8+(4 ((SID ) StartSid) ->SubAuthorityCount))) PSID	StartSid,
		_In_ BOOLEAN	RestartScan
	)

◆ NtQueryVolumeInformationFile()

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtQueryVolumeInformationFile	(	_In_ HANDLE	FileHandle,
		_Out_ PIO_STATUS_BLOCK	IoStatusBlock,
		_Out_writes_bytes_(Length) PVOID	FsInformation,
		_In_ ULONG	Length,
		_In_ FS_INFORMATION_CLASS	FsInformationClass
	)

◆ NtReadFile()

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtReadFile	(	_In_ HANDLE	FileHandle,
		_In_opt_ HANDLE	Event,
		_In_opt_ PIO_APC_ROUTINE	ApcRoutine,
		_In_opt_ PVOID	ApcContext,
		_Out_ PIO_STATUS_BLOCK	IoStatusBlock,
		_Out_writes_bytes_(Length) PVOID	Buffer,
		_In_ ULONG	Length,
		_In_opt_ PLARGE_INTEGER	ByteOffset,
		_In_opt_ PULONG	Key
	)

◆ NtSetInformationFile()

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtSetInformationFile	(	_In_ HANDLE	FileHandle,
		_Out_ PIO_STATUS_BLOCK	IoStatusBlock,
		_In_reads_bytes_(Length) PVOID	FileInformation,
		_In_ ULONG	Length,
		_In_ FILE_INFORMATION_CLASS	FileInformationClass
	)

◆ NtSetInformationThread()

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtSetInformationThread	(	_In_ HANDLE	ThreadHandle,
		_In_ THREADINFOCLASS	ThreadInformationClass,
		_In_reads_bytes_(ThreadInformationLength) PVOID	ThreadInformation,
		_In_ ULONG	ThreadInformationLength
	)

Definition at line 2268 of file query.c.

{
    PETHREAD Thread;
    KPROCESSOR_MODE PreviousMode = ExGetPreviousMode();
    NTSTATUS Status;
    HANDLE TokenHandle = NULL;
    KPRIORITY Priority = 0;
    KAFFINITY Affinity = 0, CombinedAffinity;
    PVOID Address = NULL;
    PEPROCESS Process;
    ULONG_PTR DisableBoost = 0;
    ULONG_PTR IdealProcessor = 0;
    ULONG_PTR Break = 0;
    PTEB Teb;
    ULONG_PTR TlsIndex = 0;
    PVOID *ExpansionSlots;
    PETHREAD ProcThread;
    BOOLEAN HasPrivilege;
    PAGED_CODE();
 
    /* Validate the information class */
    Status = DefaultSetInfoBufferCheck(ThreadInformationClass,
                                       PsThreadInfoClass,
                                       RTL_NUMBER_OF(PsThreadInfoClass),
                                       ThreadInformation,
                                       ThreadInformationLength,
                                       PreviousMode);
    if (!NT_SUCCESS(Status))
    {
#if DBG
        DPRINT1("NtSetInformationThread(ThreadInformationClass: %s): Class validation failed! (Status: 0x%lx)\n",
                PspDumpThreadInfoClassName(ThreadInformationClass), Status);
#endif
        return Status;
    }
 
    /* Check what kind of information class this is */
    switch (ThreadInformationClass)
    {
        /* Thread priority */
        case ThreadPriority:
 
            /* Check buffer length */
            if (ThreadInformationLength != sizeof(KPRIORITY))
            {
                Status = STATUS_INFO_LENGTH_MISMATCH;
                break;
            }
 
            /* Use SEH for capture */
            _SEH2_TRY
            {
                /* Get the priority */
                Priority = *(PLONG)ThreadInformation;
            }
            _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
            {
                /* Get the exception code */
                Status = _SEH2_GetExceptionCode();
                _SEH2_YIELD(break);
            }
            _SEH2_END;
 
            /* Validate it */
            if ((Priority > HIGH_PRIORITY) ||
                (Priority <= LOW_PRIORITY))
            {
                /* Fail */
                Status = STATUS_INVALID_PARAMETER;
                break;
            }
 
            /* Check for the required privilege */
            if (Priority >= LOW_REALTIME_PRIORITY)
            {
                HasPrivilege = SeCheckPrivilegedObject(SeIncreaseBasePriorityPrivilege,
                                                       ThreadHandle,
                                                       THREAD_SET_INFORMATION,
                                                       PreviousMode);
                if (!HasPrivilege)
                {
                    DPRINT1("Privilege to change priority to %lx lacking\n", Priority);
                    return STATUS_PRIVILEGE_NOT_HELD;
                }
            }
 
            /* Reference the thread */
            Status = ObReferenceObjectByHandle(ThreadHandle,
                                               THREAD_SET_INFORMATION,
                                               PsThreadType,
                                               PreviousMode,
                                               (PVOID*)&Thread,
                                               NULL);
            if (!NT_SUCCESS(Status))
                break;
 
            /* Set the priority */
            KeSetPriorityThread(&Thread->Tcb, Priority);
 
            /* Dereference the thread */
            ObDereferenceObject(Thread);
            break;
 
        case ThreadBasePriority:
 
            /* Check buffer length */
            if (ThreadInformationLength != sizeof(LONG))
            {
                Status = STATUS_INFO_LENGTH_MISMATCH;
                break;
            }
 
            /* Use SEH for capture */
            _SEH2_TRY
            {
                /* Get the priority */
                Priority = *(PLONG)ThreadInformation;
            }
            _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
            {
                /* Get the exception code */
                Status = _SEH2_GetExceptionCode();
                _SEH2_YIELD(break);
            }
            _SEH2_END;
 
            /* Validate it */
            if ((Priority > THREAD_BASE_PRIORITY_MAX) ||
                (Priority < THREAD_BASE_PRIORITY_MIN))
            {
                /* These ones are OK */
                if ((Priority != THREAD_BASE_PRIORITY_LOWRT + 1) &&
                    (Priority != THREAD_BASE_PRIORITY_IDLE - 1))
                {
                    /* Check if the process is real time */
                    if (PsGetCurrentProcess()->PriorityClass !=
                        PROCESS_PRIORITY_CLASS_REALTIME)
                    {
                        /* It isn't, fail */
                        Status = STATUS_INVALID_PARAMETER;
                        break;
                    }
                }
            }
 
            /* Reference the thread */
            Status = ObReferenceObjectByHandle(ThreadHandle,
                                               THREAD_SET_INFORMATION,
                                               PsThreadType,
                                               PreviousMode,
                                               (PVOID*)&Thread,
                                               NULL);
            if (!NT_SUCCESS(Status))
                break;
 
            /* Set the base priority */
            KeSetBasePriorityThread(&Thread->Tcb, Priority);
 
            /* Dereference the thread */
            ObDereferenceObject(Thread);
            break;
 
        case ThreadAffinityMask:
 
            /* Check buffer length */
            if (ThreadInformationLength != sizeof(ULONG_PTR))
            {
                Status = STATUS_INFO_LENGTH_MISMATCH;
                break;
            }
 
            /* Use SEH for capture */
            _SEH2_TRY
            {
                /* Get the priority */
                Affinity = *(PULONG_PTR)ThreadInformation;
            }
            _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
            {
                /* Get the exception code */
                Status = _SEH2_GetExceptionCode();
                _SEH2_YIELD(break);
            }
            _SEH2_END;
 
            /* Validate it */
            if (!Affinity)
            {
                /* Fail */
                Status = STATUS_INVALID_PARAMETER;
                break;
            }
 
            /* Reference the thread */
            Status = ObReferenceObjectByHandle(ThreadHandle,
                                               THREAD_SET_INFORMATION,
                                               PsThreadType,
                                               PreviousMode,
                                               (PVOID*)&Thread,
                                               NULL);
            if (!NT_SUCCESS(Status))
                break;
 
            /* Get the process */
            Process = Thread->ThreadsProcess;
 
            /* Try to acquire rundown */
            if (ExAcquireRundownProtection(&Process->RundownProtect))
            {
                /* Lock it */
                KeEnterCriticalRegion();
                ExAcquirePushLockShared(&Process->ProcessLock);
 
                /* Combine masks */
                CombinedAffinity = Affinity & Process->Pcb.Affinity;
                if (CombinedAffinity != Affinity)
                {
                    /* Fail */
                    Status = STATUS_INVALID_PARAMETER;
                }
                else
                {
                    /* Set the affinity */
                    KeSetAffinityThread(&Thread->Tcb, CombinedAffinity);
                }
 
                /* Release the lock and rundown */
                ExReleasePushLockShared(&Process->ProcessLock);
                KeLeaveCriticalRegion();
                ExReleaseRundownProtection(&Process->RundownProtect);
            }
            else
            {
                /* Too late */
                Status = STATUS_PROCESS_IS_TERMINATING;
            }
 
            /* Dereference the thread */
            ObDereferenceObject(Thread);
            break;
 
        case ThreadImpersonationToken:
 
            /* Check buffer length */
            if (ThreadInformationLength != sizeof(HANDLE))
            {
                Status = STATUS_INFO_LENGTH_MISMATCH;
                break;
            }
 
            /* Use SEH for capture */
            _SEH2_TRY
            {
                /* Save the token handle */
                TokenHandle = *(PHANDLE)ThreadInformation;
            }
            _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
            {
                /* Get the exception code */
                Status = _SEH2_GetExceptionCode();
                _SEH2_YIELD(break);
            }
            _SEH2_END;
 
            /* Reference the thread */
            Status = ObReferenceObjectByHandle(ThreadHandle,
                                               THREAD_SET_THREAD_TOKEN,
                                               PsThreadType,
                                               PreviousMode,
                                               (PVOID*)&Thread,
                                               NULL);
            if (!NT_SUCCESS(Status))
                break;
 
            /* Assign the actual token */
            Status = PsAssignImpersonationToken(Thread, TokenHandle);
 
            /* Dereference the thread */
            ObDereferenceObject(Thread);
            break;
 
        case ThreadQuerySetWin32StartAddress:
 
            /* Check buffer length */
            if (ThreadInformationLength != sizeof(ULONG_PTR))
            {
                Status = STATUS_INFO_LENGTH_MISMATCH;
                break;
            }
 
            /* Use SEH for capture */
            _SEH2_TRY
            {
                /* Get the priority */
                Address = *(PVOID*)ThreadInformation;
            }
            _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
            {
                /* Get the exception code */
                Status = _SEH2_GetExceptionCode();
                _SEH2_YIELD(break);
            }
            _SEH2_END;
 
            /* Reference the thread */
            Status = ObReferenceObjectByHandle(ThreadHandle,
                                               THREAD_SET_INFORMATION,
                                               PsThreadType,
                                               PreviousMode,
                                               (PVOID*)&Thread,
                                               NULL);
            if (!NT_SUCCESS(Status))
                break;
 
            /* Set the address */
            Thread->Win32StartAddress = Address;
 
            /* Dereference the thread */
            ObDereferenceObject(Thread);
            break;
 
        case ThreadIdealProcessor:
 
            /* Check buffer length */
            if (ThreadInformationLength != sizeof(ULONG_PTR))
            {
                Status = STATUS_INFO_LENGTH_MISMATCH;
                break;
            }
 
            /* Use SEH for capture */
            _SEH2_TRY
            {
                /* Get the priority */
                IdealProcessor = *(PULONG_PTR)ThreadInformation;
            }
            _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
            {
                /* Get the exception code */
                Status = _SEH2_GetExceptionCode();
                _SEH2_YIELD(break);
            }
            _SEH2_END;
 
            /* Validate it */
            if (IdealProcessor > MAXIMUM_PROCESSORS)
            {
                /* Fail */
                Status = STATUS_INVALID_PARAMETER;
                break;
            }
 
            /* Reference the thread */
            Status = ObReferenceObjectByHandle(ThreadHandle,
                                               THREAD_SET_INFORMATION,
                                               PsThreadType,
                                               PreviousMode,
                                               (PVOID*)&Thread,
                                               NULL);
            if (!NT_SUCCESS(Status))
                break;
 
            /* Set the ideal */
            Status = KeSetIdealProcessorThread(&Thread->Tcb,
                                               (CCHAR)IdealProcessor);
 
            /* Get the TEB and protect the thread */
            Teb = Thread->Tcb.Teb;
            if ((Teb) && (ExAcquireRundownProtection(&Thread->RundownProtect)))
            {
                /* Save the ideal processor */
                Teb->IdealProcessor = Thread->Tcb.IdealProcessor;
 
                /* Release rundown protection */
                ExReleaseRundownProtection(&Thread->RundownProtect);
            }
 
            /* Dereference the thread */
            ObDereferenceObject(Thread);
            break;
 
        case ThreadPriorityBoost:
 
            /* Check buffer length */
            if (ThreadInformationLength != sizeof(ULONG_PTR))
            {
                Status = STATUS_INFO_LENGTH_MISMATCH;
                break;
            }
 
            /* Use SEH for capture */
            _SEH2_TRY
            {
                /* Get the priority */
                DisableBoost = *(PULONG_PTR)ThreadInformation;
            }
            _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
            {
                /* Get the exception code */
                Status = _SEH2_GetExceptionCode();
                _SEH2_YIELD(break);
            }
            _SEH2_END;
 
            /* Reference the thread */
            Status = ObReferenceObjectByHandle(ThreadHandle,
                                               THREAD_SET_INFORMATION,
                                               PsThreadType,
                                               PreviousMode,
                                               (PVOID*)&Thread,
                                               NULL);
            if (!NT_SUCCESS(Status))
                break;
 
            /* Call the kernel */
            KeSetDisableBoostThread(&Thread->Tcb, (BOOLEAN)DisableBoost);
 
            /* Dereference the thread */
            ObDereferenceObject(Thread);
            break;
 
        case ThreadZeroTlsCell:
 
            /* Check buffer length */
            if (ThreadInformationLength != sizeof(ULONG))
            {
                Status = STATUS_INFO_LENGTH_MISMATCH;
                break;
            }
 
            /* Use SEH for capture */
            _SEH2_TRY
            {
                /* Get the priority */
                TlsIndex = *(PULONG)ThreadInformation;
            }
            _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
            {
                /* Get the exception code */
                Status = _SEH2_GetExceptionCode();
                _SEH2_YIELD(break);
            }
            _SEH2_END;
 
            /* Reference the thread */
            Status = ObReferenceObjectByHandle(ThreadHandle,
                                               THREAD_SET_INFORMATION,
                                               PsThreadType,
                                               PreviousMode,
                                               (PVOID*)&Thread,
                                               NULL);
            if (!NT_SUCCESS(Status))
                break;
 
            /* This is only valid for the current thread */
            if (Thread != PsGetCurrentThread())
            {
                /* Fail */
                Status = STATUS_INVALID_PARAMETER;
                ObDereferenceObject(Thread);
                break;
            }
 
            /* Get the process */
            Process = Thread->ThreadsProcess;
 
            /* Loop the threads */
            ProcThread = PsGetNextProcessThread(Process, NULL);
            while (ProcThread)
            {
                /* Acquire rundown */
                if (ExAcquireRundownProtection(&ProcThread->RundownProtect))
                {
                    /* Get the TEB */
                    Teb = ProcThread->Tcb.Teb;
                    if (Teb)
                    {
                        /* Check if we're in the expansion range */
                        if (TlsIndex > TLS_MINIMUM_AVAILABLE - 1)
                        {
                            if (TlsIndex < (TLS_MINIMUM_AVAILABLE +
                                            TLS_EXPANSION_SLOTS) - 1)
                            {
                                /* Check if we have expansion slots */
                                ExpansionSlots = Teb->TlsExpansionSlots;
                                if (ExpansionSlots)
                                {
                                    /* Clear the index */
                                    ExpansionSlots[TlsIndex - TLS_MINIMUM_AVAILABLE] = 0;
                                }
                            }
                        }
                        else
                        {
                            /* Clear the index */
                            Teb->TlsSlots[TlsIndex] = NULL;
                        }
                    }
 
                    /* Release rundown */
                    ExReleaseRundownProtection(&ProcThread->RundownProtect);
                }
 
                /* Go to the next thread */
                ProcThread = PsGetNextProcessThread(Process, ProcThread);
            }
 
            /* Dereference the thread */
            ObDereferenceObject(Thread);
            break;
 
        case ThreadBreakOnTermination:
 
            /* Check buffer length */
            if (ThreadInformationLength != sizeof(ULONG))
            {
                Status = STATUS_INFO_LENGTH_MISMATCH;
                break;
            }
 
            /* Enter SEH for direct buffer read */
            _SEH2_TRY
            {
                Break = *(PULONG)ThreadInformation;
            }
            _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
            {
                /* Get exception code */
                Break = 0;
                Status = _SEH2_GetExceptionCode();
                _SEH2_YIELD(break);
            }
            _SEH2_END;
 
            /* Setting 'break on termination' requires the SeDebugPrivilege */
            if (!SeSinglePrivilegeCheck(SeDebugPrivilege, PreviousMode))
            {
                /* We don't hold the privilege, bail out */
                Status = STATUS_PRIVILEGE_NOT_HELD;
                break;
            }
 
            /* Reference the thread */
            Status = ObReferenceObjectByHandle(ThreadHandle,
                                               THREAD_SET_INFORMATION,
                                               PsThreadType,
                                               PreviousMode,
                                               (PVOID*)&Thread,
                                               NULL);
            if (!NT_SUCCESS(Status))
                break;
 
            /* Set or clear the flag */
            if (Break)
            {
                PspSetCrossThreadFlag(Thread, CT_BREAK_ON_TERMINATION_BIT);
            }
            else
            {
                PspClearCrossThreadFlag(Thread, CT_BREAK_ON_TERMINATION_BIT);
            }
 
            /* Dereference the thread */
            ObDereferenceObject(Thread);
            break;
 
        case ThreadHideFromDebugger:
 
            /* Check buffer length */
            if (ThreadInformationLength != 0)
            {
                Status = STATUS_INFO_LENGTH_MISMATCH;
                break;
            }
 
            /* Reference the thread */
            Status = ObReferenceObjectByHandle(ThreadHandle,
                                               THREAD_SET_INFORMATION,
                                               PsThreadType,
                                               PreviousMode,
                                               (PVOID*)&Thread,
                                               NULL);
            if (!NT_SUCCESS(Status))
                break;
 
            /* Set the flag */
            PspSetCrossThreadFlag(Thread, CT_HIDE_FROM_DEBUGGER_BIT);
 
            /* Dereference the thread */
            ObDereferenceObject(Thread);
            break;
 
        /* Anything else */
        default:
            /* Not yet implemented */
#if DBG
            DPRINT1("Not implemented: %s\n", PspDumpThreadInfoClassName(ThreadInformationClass));
#endif
            Status = STATUS_NOT_IMPLEMENTED;
    }
 
    return Status;
}

Referenced by BaseGetNamedObjectDirectory(), BaseProcessStartup(), CreateProcessAsUserCommon(), CsrRevertToSelf(), ImpersonateLoggedOnUser(), init_funcs(), InitFunctionPtrs(), InitializeDeviceData(), MiInitBalancerThread(), NpGetUserNamep(), QuerySetThreadValidator(), RevertToSelf(), RtlpExecuteIoWorkItem(), RtlpExecuteWorkItem(), set_thread_name(), SetThreadAffinityMask(), SetThreadDescription(), SetThreadGroupAffinity(), SetThreadIdealProcessor(), SetThreadInformation(), SetThreadPriority(), SetThreadPriorityBoost(), SetThreadToken(), START_TEST(), Test_ThreadPriorityClass(), and TlsFree().

◆ NtSetInformationToken()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtSetInformationToken	(	_In_ HANDLE	TokenHandle,
		_In_ TOKEN_INFORMATION_CLASS	TokenInformationClass,
		_In_reads_bytes_(TokenInformationLength) PVOID	TokenInformation,
		_In_ ULONG	TokenInformationLength
	)

Sets (modifies) some specific information in regard of an access token. The calling thread must have specific access rights in order to modify token's information data.

@unimplemented

Parameters

[in]	TokenHandle	A handle of a token where information is to be modified.
[in]	TokenInformationClass	Token information class.
[in]	TokenInformation	An arbitrary pointer to a buffer with token information to set. Such arbitrary buffer depends on the information class chosen that the caller wants to modify such information data of a token.
[in]	TokenInformationLength	Length of the token information buffer, in bytes.

Returns: Returns STATUS_SUCCESS if information setting has completed successfully. STATUS_INFO_LENGTH_MISMATCH is returned if the information length of the buffer is less than the required length. STATUS_INSUFFICIENT_RESOURCES is returned if memory pool allocation has failed. STATUS_PRIVILEGE_NOT_HELD is returned if the calling thread hasn't the required privileges to perform the operation in question. A failure NTSTATUS code is returned otherwise.

Remarks: The function is partly implemented, mainly TokenOrigin.

Definition at line 1125 of file tokencls.c.

{
    NTSTATUS Status;
    PTOKEN Token;
    KPROCESSOR_MODE PreviousMode;
    ULONG NeededAccess = TOKEN_ADJUST_DEFAULT;
 
    PAGED_CODE();
 
    PreviousMode = ExGetPreviousMode();
 
    Status = DefaultSetInfoBufferCheck(TokenInformationClass,
                                       SeTokenInformationClass,
                                       RTL_NUMBER_OF(SeTokenInformationClass),
                                       TokenInformation,
                                       TokenInformationLength,
                                       PreviousMode);
    if (!NT_SUCCESS(Status))
    {
        /* Invalid buffers */
        DPRINT("NtSetInformationToken() failed, Status: 0x%x\n", Status);
        return Status;
    }
 
    if (TokenInformationClass == TokenSessionId)
    {
        NeededAccess |= TOKEN_ADJUST_SESSIONID;
    }
 
    Status = ObReferenceObjectByHandle(TokenHandle,
                                       NeededAccess,
                                       SeTokenObjectType,
                                       PreviousMode,
                                       (PVOID*)&Token,
                                       NULL);
    if (NT_SUCCESS(Status))
    {
        switch (TokenInformationClass)
        {
            case TokenOwner:
            {
                if (TokenInformationLength >= sizeof(TOKEN_OWNER))
                {
                    PTOKEN_OWNER to = (PTOKEN_OWNER)TokenInformation;
                    PSID InputSid = NULL, CapturedSid;
                    ULONG DefaultOwnerIndex;
 
                    _SEH2_TRY
                    {
                        InputSid = to->Owner;
                    }
                    _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
                    {
                        Status = _SEH2_GetExceptionCode();
                        _SEH2_YIELD(goto Cleanup);
                    }
                    _SEH2_END;
 
                    Status = SepCaptureSid(InputSid,
                                           PreviousMode,
                                           PagedPool,
                                           FALSE,
                                           &CapturedSid);
                    if (NT_SUCCESS(Status))
                    {
                        /* Lock the token */
                        SepAcquireTokenLockExclusive(Token);
 
                        /* Find the owner amongst the existing token user and groups */
                        Status = SepFindPrimaryGroupAndDefaultOwner(Token,
                                                                    NULL,
                                                                    CapturedSid,
                                                                    NULL,
                                                                    &DefaultOwnerIndex);
                        if (NT_SUCCESS(Status))
                        {
                            /* Found it */
                            Token->DefaultOwnerIndex = DefaultOwnerIndex;
                            ExAllocateLocallyUniqueId(&Token->ModifiedId);
                        }
 
                        /* Unlock the token */
                        SepReleaseTokenLock(Token);
 
                        SepReleaseSid(CapturedSid,
                                      PreviousMode,
                                      FALSE);
                    }
                }
                else
                {
                    Status = STATUS_INFO_LENGTH_MISMATCH;
                }
                break;
            }
 
            case TokenPrimaryGroup:
            {
                if (TokenInformationLength >= sizeof(TOKEN_PRIMARY_GROUP))
                {
                    PTOKEN_PRIMARY_GROUP tpg = (PTOKEN_PRIMARY_GROUP)TokenInformation;
                    ULONG AclSize;
                    ULONG_PTR PrimaryGroup;
                    PSID InputSid = NULL, CapturedSid;
                    ULONG PrimaryGroupIndex, NewDynamicLength;
 
                    _SEH2_TRY
                    {
                        InputSid = tpg->PrimaryGroup;
                    }
                    _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
                    {
                        Status = _SEH2_GetExceptionCode();
                        _SEH2_YIELD(goto Cleanup);
                    }
                    _SEH2_END;
 
                    Status = SepCaptureSid(InputSid,
                                           PreviousMode,
                                           PagedPool,
                                           FALSE,
                                           &CapturedSid);
                    if (NT_SUCCESS(Status))
                    {
                        /* Lock the token */
                        SepAcquireTokenLockExclusive(Token);
 
                        /*
                         * We can whack the token's primary group only if
                         * the charged dynamic space boundary allows us
                         * to do so. Exceeding this boundary and we're
                         * busted out.
                         */
                        AclSize = Token->DefaultDacl ? Token->DefaultDacl->AclSize : 0;
                        NewDynamicLength = RtlLengthSid(CapturedSid) + AclSize;
                        if (NewDynamicLength > Token->DynamicCharged)
                        {
                            SepReleaseTokenLock(Token);
                            SepReleaseSid(CapturedSid, PreviousMode, FALSE);
                            Status = STATUS_ALLOTTED_SPACE_EXCEEDED;
                            DPRINT1("NtSetInformationToken(): Couldn't assign new primary group, space exceeded (current length %u, new length %lu)\n",
                                    Token->DynamicCharged, NewDynamicLength);
                            goto Cleanup;
                        }
 
                        /*
                         * The dynamic part of the token may require a rebuild
                         * if the current dynamic area is too small. If not then
                         * we're pretty much good as is.
                         */
                        Status = SepRebuildDynamicPartOfToken(Token, NewDynamicLength);
                        if (NT_SUCCESS(Status))
                        {
                            /* Find the primary group amongst the existing token user and groups */
                            Status = SepFindPrimaryGroupAndDefaultOwner(Token,
                                                                        CapturedSid,
                                                                        NULL,
                                                                        &PrimaryGroupIndex,
                                                                        NULL);
                            if (NT_SUCCESS(Status))
                            {
                                /*
                                 * We have found it. Add the length of
                                 * the previous primary group SID to the
                                 * available dynamic area.
                                 */
                                Token->DynamicAvailable += RtlLengthSid(Token->PrimaryGroup);
 
                                /*
                                 * Move the default DACL if it's not at the
                                 * head of the dynamic part.
                                 */
                                if ((Token->DefaultDacl) &&
                                    ((PULONG)(Token->DefaultDacl) != Token->DynamicPart))
                                {
                                    RtlMoveMemory(Token->DynamicPart,
                                                  Token->DefaultDacl,
                                                  RtlLengthSid(Token->PrimaryGroup));
                                    Token->DefaultDacl = (PACL)(Token->DynamicPart);
                                }
 
                                /* Take away available space from the dynamic area */
                                Token->DynamicAvailable -= RtlLengthSid(Token->UserAndGroups[PrimaryGroupIndex].Sid);
 
                                /*
                                 * And assign the new primary group. For that
                                 * we have to make sure where the primary group
                                 * is going to stay in memory, so if this token
                                 * has a default DACL then add up its size with
                                 * the address of the dynamic part.
                                 */
                                PrimaryGroup = (ULONG_PTR)(Token->DynamicPart) + AclSize;
                                RtlCopySid(RtlLengthSid(Token->UserAndGroups[PrimaryGroupIndex].Sid),
                                           (PVOID)PrimaryGroup,
                                           Token->UserAndGroups[PrimaryGroupIndex].Sid);
                                Token->PrimaryGroup = (PSID)PrimaryGroup;
 
                                ExAllocateLocallyUniqueId(&Token->ModifiedId);
                            }
                        }
 
                        /* Unlock the token */
                        SepReleaseTokenLock(Token);
 
                        SepReleaseSid(CapturedSid,
                                      PreviousMode,
                                      FALSE);
                    }
                }
                else
                {
                    Status = STATUS_INFO_LENGTH_MISMATCH;
                }
                break;
            }
 
            case TokenDefaultDacl:
            {
                if (TokenInformationLength >= sizeof(TOKEN_DEFAULT_DACL))
                {
                    PTOKEN_DEFAULT_DACL tdd = (PTOKEN_DEFAULT_DACL)TokenInformation;
                    PACL InputAcl = NULL;
 
                    _SEH2_TRY
                    {
                        InputAcl = tdd->DefaultDacl;
                    }
                    _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
                    {
                        Status = _SEH2_GetExceptionCode();
                        _SEH2_YIELD(goto Cleanup);
                    }
                    _SEH2_END;
 
                    if (InputAcl != NULL)
                    {
                        PACL CapturedAcl;
 
                        /* Capture, validate, and copy the DACL */
                        Status = SepCaptureAcl(InputAcl,
                                               PreviousMode,
                                               PagedPool,
                                               TRUE,
                                               &CapturedAcl);
                        if (NT_SUCCESS(Status))
                        {
                            ULONG NewDynamicLength;
                            ULONG_PTR Acl;
 
                            /* Lock the token */
                            SepAcquireTokenLockExclusive(Token);
 
                            /*
                             * We can whack the token's default DACL only if
                             * the charged dynamic space boundary allows us
                             * to do so. Exceeding this boundary and we're
                             * busted out.
                             */
                            NewDynamicLength = CapturedAcl->AclSize + RtlLengthSid(Token->PrimaryGroup);
                            if (NewDynamicLength > Token->DynamicCharged)
                            {
                                SepReleaseTokenLock(Token);
                                SepReleaseAcl(CapturedAcl, PreviousMode, TRUE);
                                Status = STATUS_ALLOTTED_SPACE_EXCEEDED;
                                DPRINT1("NtSetInformationToken(): Couldn't assign new default DACL, space exceeded (current length %u, new length %lu)\n",
                                        Token->DynamicCharged, NewDynamicLength);
                                goto Cleanup;
                            }
 
                            /*
                             * The dynamic part of the token may require a rebuild
                             * if the current dynamic area is too small. If not then
                             * we're pretty much good as is.
                             */
                            Status = SepRebuildDynamicPartOfToken(Token, NewDynamicLength);
                            if (NT_SUCCESS(Status))
                            {
                                /*
                                 * Before setting up a new DACL for the
                                 * token object we add up the size of
                                 * the old DACL to the available dynamic
                                 * area
                                 */
                                if (Token->DefaultDacl)
                                {
                                    Token->DynamicAvailable += Token->DefaultDacl->AclSize;
                                }
 
                                /*
                                 * Move the primary group if it's not at the
                                 * head of the dynamic part.
                                 */
                                if ((PULONG)(Token->PrimaryGroup) != Token->DynamicPart)
                                {
                                    RtlMoveMemory(Token->DynamicPart,
                                                  Token->PrimaryGroup,
                                                  RtlLengthSid(Token->PrimaryGroup));
                                    Token->PrimaryGroup = (PSID)(Token->DynamicPart);
                                }
 
                                /* Take away available space from the dynamic area */
                                Token->DynamicAvailable -= CapturedAcl->AclSize;
 
                                /* Set the new dacl */
                                Acl = (ULONG_PTR)(Token->DynamicPart) + RtlLengthSid(Token->PrimaryGroup);
                                RtlCopyMemory((PVOID)Acl,
                                              CapturedAcl,
                                              CapturedAcl->AclSize);
                                Token->DefaultDacl = (PACL)Acl;
 
                                ExAllocateLocallyUniqueId(&Token->ModifiedId);
                            }
 
                            /* Unlock the token and release the ACL */
                            SepReleaseTokenLock(Token);
                            SepReleaseAcl(CapturedAcl, PreviousMode, TRUE);
                        }
                    }
                    else
                    {
                        /* Lock the token */
                        SepAcquireTokenLockExclusive(Token);
 
                        /* Clear the default dacl if present */
                        if (Token->DefaultDacl != NULL)
                        {
                            Token->DynamicAvailable += Token->DefaultDacl->AclSize;
                            RtlZeroMemory(Token->DefaultDacl, Token->DefaultDacl->AclSize);
                            Token->DefaultDacl = NULL;
 
                            ExAllocateLocallyUniqueId(&Token->ModifiedId);
                        }
 
                        /* Unlock the token */
                        SepReleaseTokenLock(Token);
                    }
                }
                else
                {
                    Status = STATUS_INFO_LENGTH_MISMATCH;
                }
                break;
            }
 
            case TokenSessionId:
            {
                ULONG SessionId = 0;
 
                _SEH2_TRY
                {
                    /* Buffer size was already verified, no need to check here again */
                    SessionId = *(PULONG)TokenInformation;
                }
                _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
                {
                    Status = _SEH2_GetExceptionCode();
                    _SEH2_YIELD(goto Cleanup);
                }
                _SEH2_END;
 
                /* Check for TCB privilege */
                if (!SeSinglePrivilegeCheck(SeTcbPrivilege, PreviousMode))
                {
                    Status = STATUS_PRIVILEGE_NOT_HELD;
                    break;
                }
 
                /* Lock the token */
                SepAcquireTokenLockExclusive(Token);
 
                Token->SessionId = SessionId;
                ExAllocateLocallyUniqueId(&Token->ModifiedId);
 
                /* Unlock the token */
                SepReleaseTokenLock(Token);
 
                break;
            }
 
            case TokenSessionReference:
            {
                ULONG SessionReference;
 
                _SEH2_TRY
                {
                    /* Buffer size was already verified, no need to check here again */
                    SessionReference = *(PULONG)TokenInformation;
                }
                _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
                {
                    Status = _SEH2_GetExceptionCode();
                    _SEH2_YIELD(goto Cleanup);
                }
                _SEH2_END;
 
                /* Check for TCB privilege */
                if (!SeSinglePrivilegeCheck(SeTcbPrivilege, PreviousMode))
                {
                    Status = STATUS_PRIVILEGE_NOT_HELD;
                    goto Cleanup;
                }
 
                /* Check if it is 0 */
                if (SessionReference == 0)
                {
                    ULONG OldTokenFlags;
 
                    /* Lock the token */
                    SepAcquireTokenLockExclusive(Token);
 
                    /* Atomically set the flag in the token */
                    OldTokenFlags = RtlInterlockedSetBits(&Token->TokenFlags,
                                                          TOKEN_SESSION_NOT_REFERENCED);
                    /*
                     * If the flag was already set, do not dereference again
                     * the logon session. Use SessionReference as an indicator
                     * to know whether to really dereference the session.
                     */
                    if (OldTokenFlags == Token->TokenFlags)
                        SessionReference = ULONG_MAX;
 
                    /*
                     * Otherwise if the flag was never set but just for this first time then
                     * remove the referenced logon session data from the token and dereference
                     * the logon session when needed.
                     */
                    if (SessionReference == 0)
                    {
                        SepRmRemoveLogonSessionFromToken(Token);
                        SepRmDereferenceLogonSession(&Token->AuthenticationId);
                    }
 
                    /* Unlock the token */
                    SepReleaseTokenLock(Token);
                }
                break;
            }
 
            case TokenAuditPolicy:
            {
                PTOKEN_AUDIT_POLICY_INFORMATION PolicyInformation =
                    (PTOKEN_AUDIT_POLICY_INFORMATION)TokenInformation;
                SEP_AUDIT_POLICY AuditPolicy;
                ULONG i;
 
                _SEH2_TRY
                {
                    ProbeForRead(PolicyInformation,
                                 FIELD_OFFSET(TOKEN_AUDIT_POLICY_INFORMATION,
                                              Policies[PolicyInformation->PolicyCount]),
                                 sizeof(ULONG));
 
                    /* Loop all policies in the structure */
                    for (i = 0; i < PolicyInformation->PolicyCount; i++)
                    {
                        /* Set the corresponding bits in the packed structure */
                        switch (PolicyInformation->Policies[i].Category)
                        {
                            case AuditCategorySystem:
                                AuditPolicy.PolicyElements.System = PolicyInformation->Policies[i].Value;
                                break;
 
                            case AuditCategoryLogon:
                                AuditPolicy.PolicyElements.Logon = PolicyInformation->Policies[i].Value;
                                break;
 
                            case AuditCategoryObjectAccess:
                                AuditPolicy.PolicyElements.ObjectAccess = PolicyInformation->Policies[i].Value;
                                break;
 
                            case AuditCategoryPrivilegeUse:
                                AuditPolicy.PolicyElements.PrivilegeUse = PolicyInformation->Policies[i].Value;
                                break;
 
                            case AuditCategoryDetailedTracking:
                                AuditPolicy.PolicyElements.DetailedTracking = PolicyInformation->Policies[i].Value;
                                break;
 
                            case AuditCategoryPolicyChange:
                                AuditPolicy.PolicyElements.PolicyChange = PolicyInformation->Policies[i].Value;
                                break;
 
                            case AuditCategoryAccountManagement:
                                AuditPolicy.PolicyElements.AccountManagement = PolicyInformation->Policies[i].Value;
                                break;
 
                            case AuditCategoryDirectoryServiceAccess:
                                AuditPolicy.PolicyElements.DirectoryServiceAccess = PolicyInformation->Policies[i].Value;
                                break;
 
                            case AuditCategoryAccountLogon:
                                AuditPolicy.PolicyElements.AccountLogon = PolicyInformation->Policies[i].Value;
                                break;
                        }
                    }
                }
                _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
                {
                    Status = _SEH2_GetExceptionCode();
                    _SEH2_YIELD(goto Cleanup);
                }
                _SEH2_END;
 
                /* Check for TCB privilege */
                if (!SeSinglePrivilegeCheck(SeTcbPrivilege, PreviousMode))
                {
                    Status = STATUS_PRIVILEGE_NOT_HELD;
                    break;
                }
 
                /* Lock the token */
                SepAcquireTokenLockExclusive(Token);
 
                /* Set the new audit policy */
                Token->AuditPolicy = AuditPolicy;
                ExAllocateLocallyUniqueId(&Token->ModifiedId);
 
                /* Unlock the token */
                SepReleaseTokenLock(Token);
 
                break;
            }
 
            case TokenOrigin:
            {
                TOKEN_ORIGIN TokenOrigin;
 
                _SEH2_TRY
                {
                    /* Copy the token origin */
                    TokenOrigin = *(PTOKEN_ORIGIN)TokenInformation;
                }
                _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
                {
                    Status = _SEH2_GetExceptionCode();
                    _SEH2_YIELD(goto Cleanup);
                }
                _SEH2_END;
 
                /* Check for TCB privilege */
                if (!SeSinglePrivilegeCheck(SeTcbPrivilege, PreviousMode))
                {
                    Status = STATUS_PRIVILEGE_NOT_HELD;
                    break;
                }
 
                /* Lock the token */
                SepAcquireTokenLockExclusive(Token);
 
                /* Check if there is no token origin set yet */
                if (RtlIsZeroLuid(&Token->OriginatingLogonSession))
                {
                    /* Set the token origin */
                    Token->OriginatingLogonSession =
                        TokenOrigin.OriginatingLogonSession;
 
                    ExAllocateLocallyUniqueId(&Token->ModifiedId);
                }
 
                /* Unlock the token */
                SepReleaseTokenLock(Token);
 
                break;
            }
 
            default:
            {
                DPRINT1("Invalid TokenInformationClass: 0x%lx\n",
                        TokenInformationClass);
                Status = STATUS_INVALID_INFO_CLASS;
                break;
            }
        }
Cleanup:
        ObDereferenceObject(Token);
    }
 
    if (!NT_SUCCESS(Status))
    {
        DPRINT1("NtSetInformationToken failed with Status 0x%lx\n", Status);
    }
 
    return Status;
}

Referenced by SetTokenDefaultDaclTests(), SetTokenInformation(), SetTokenSessionIdTests(), and START_TEST().

◆ NtSetQuotaInformationFile()

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtSetQuotaInformationFile	(	_In_ HANDLE	FileHandle,
		_Out_ PIO_STATUS_BLOCK	IoStatusBlock,
		_In_reads_bytes_(Length) PVOID	Buffer,
		_In_ ULONG	Length
	)

◆ NtSetVolumeInformationFile()

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtSetVolumeInformationFile	(	_In_ HANDLE	FileHandle,
		_Out_ PIO_STATUS_BLOCK	IoStatusBlock,
		_In_reads_bytes_(Length) PVOID	FsInformation,
		_In_ ULONG	Length,
		_In_ FS_INFORMATION_CLASS	FsInformationClass
	)

◆ NtUnlockFile()

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtUnlockFile	(	_In_ HANDLE	FileHandle,
		_Out_ PIO_STATUS_BLOCK	IoStatusBlock,
		_In_ PLARGE_INTEGER	ByteOffset,
		_In_ PLARGE_INTEGER	Length,
		_In_ ULONG	Key
	)

◆ NtWriteFile()

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtWriteFile	(	_In_ HANDLE	FileHandle,
		_In_opt_ HANDLE	Event,
		_In_opt_ PIO_APC_ROUTINE	ApcRoutine,
		_In_opt_ PVOID	ApcContext,
		_Out_ PIO_STATUS_BLOCK	IoStatusBlock,
		_In_reads_bytes_(Length) PVOID	Buffer,
		_In_ ULONG	Length,
		_In_opt_ PLARGE_INTEGER	ByteOffset,
		_In_opt_ PULONG	Key
	)

◆ ObCreateObject()

NTKERNELAPI NTSTATUS NTAPI ObCreateObject	(	_In_opt_ KPROCESSOR_MODE	ObjectAttributesAccessMode,
		_In_ POBJECT_TYPE	ObjectType,
		_In_opt_ POBJECT_ATTRIBUTES	ObjectAttributes,
		_In_ KPROCESSOR_MODE	AccessMode,
		_Inout_opt_ PVOID	ParseContext,
		_In_ ULONG	ObjectSize,
		_In_opt_ ULONG	PagedPoolCharge,
		_In_opt_ ULONG	NonPagedPoolCharge,
		_Out_ PVOID *	Object
	)

◆ ObReferenceObjectByName()

NTKERNELAPI NTSTATUS NTAPI ObReferenceObjectByName	(	_In_ PUNICODE_STRING	ObjectName,
		_In_ ULONG	Attributes,
		_In_opt_ PACCESS_STATE	PassedAccessState,
		_In_opt_ ACCESS_MASK	DesiredAccess,
		_In_ POBJECT_TYPE	ObjectType,
		_In_ KPROCESSOR_MODE	AccessMode,
		_Inout_opt_ PVOID	ParseContext,
		_Out_ PVOID *	Object
	)

◆ PsLookupProcessThreadByCid()

NTKERNELAPI NTSTATUS NTAPI PsLookupProcessThreadByCid	(	_In_ PCLIENT_ID	Cid,
		_Out_opt_ PEPROCESS *	Process,
		_Out_ PETHREAD *	Thread
	)

◆ RtlSetSaclSecurityDescriptor()

NTSYSAPI NTSTATUS NTAPI RtlSetSaclSecurityDescriptor	(	_Inout_ PSECURITY_DESCRIPTOR	SecurityDescriptor,
		_In_ BOOLEAN	SaclPresent,
		_In_ PACL	Sacl,
		_In_ BOOLEAN	SaclDefaulted
	)