ReactOS  0.4.14-dev-49-gfb4591c
ntifs.template.h File Reference
#include <ntddk.h>
#include <excpt.h>
#include <ntdef.h>
#include <ntnls.h>
#include <ntstatus.h>
#include <bugcodes.h>
#include <ntiologc.h>
#include <guiddef.h>
#include "csq.h"
Include dependency graph for ntifs.template.h:

Go to the source code of this file.

Classes

struct  _MSV1_0_INTERACTIVE_LOGON
 
struct  _MSV1_0_INTERACTIVE_PROFILE
 
struct  _MSV1_0_LM20_LOGON
 
struct  _MSV1_0_SUBAUTH_LOGON
 
struct  _MSV1_0_LM20_LOGON_PROFILE
 
struct  _MSV1_0_SUPPLEMENTAL_CREDENTIAL
 
struct  _MSV1_0_NTLM3_RESPONSE
 
struct  _MSV1_0_AV_PAIR
 
struct  _MSV1_0_LM20_CHALLENGE_REQUEST
 
struct  _MSV1_0_LM20_CHALLENGE_RESPONSE
 
struct  _MSV1_0_GETCHALLENRESP_REQUEST_V1
 
struct  _MSV1_0_GETCHALLENRESP_REQUEST
 
struct  _MSV1_0_GETCHALLENRESP_RESPONSE
 
struct  _MSV1_0_ENUMUSERS_REQUEST
 
struct  _MSV1_0_ENUMUSERS_RESPONSE
 
struct  _MSV1_0_GETUSERINFO_REQUEST
 
struct  _MSV1_0_GETUSERINFO_RESPONSE
 
struct  _PUBLIC_OBJECT_TYPE_INFORMATION
 
struct  _NETWORK_OPEN_ECP_CONTEXT
 
struct  _NETWORK_OPEN_ECP_CONTEXT_V0
 
struct  _PREFETCH_OPEN_ECP_CONTEXT
 
struct  _NFS_OPEN_ECP_CONTEXT
 
struct  _SRV_OPEN_ECP_CONTEXT
 
struct  _QUERY_PATH_REQUEST
 
struct  _QUERY_PATH_REQUEST_EX
 
struct  _QUERY_PATH_RESPONSE
 
struct  _OBJECT_BASIC_INFORMATION
 
struct  _FILE_COPY_ON_WRITE_INFORMATION
 
struct  _FILE_FULL_DIRECTORY_INFORMATION
 
struct  _FILE_SHARED_LOCK_ENTRY
 
struct  _FILE_EXCLUSIVE_LOCK_ENTRY
 
struct  _FILE_MAILSLOT_PEEK_BUFFER
 
struct  _FILE_OLE_CLASSID_INFORMATION
 
struct  _FILE_OLE_ALL_INFORMATION
 
struct  _FILE_OLE_DIR_INFORMATION
 
struct  _FILE_OLE_INFORMATION
 
struct  _FILE_OLE_STATE_BITS_INFORMATION
 
struct  _MAPPING_PAIR
 
struct  _GET_RETRIEVAL_DESCRIPTOR
 
struct  _MOVEFILE_DESCRIPTOR
 
struct  _OBJECT_BASIC_INFO
 
struct  _OBJECT_HANDLE_ATTRIBUTE_INFO
 
struct  _OBJECT_NAME_INFO
 
struct  _OBJECT_PROTECTION_INFO
 
struct  _OBJECT_TYPE_INFO
 
struct  _OBJECT_ALL_TYPES_INFO
 
struct  _PORT_MESSAGE
 
struct  _PORT_VIEW
 
struct  _REMOTE_PORT_VIEW
 
struct  _VAD_HEADER
 

Macros

#define _NTIFS_INCLUDED_
 
#define _GNU_NTIFS_
 
#define FlagOn(_F, _SF)   ((_F) & (_SF))
 
#define BooleanFlagOn(F, SF)   ((BOOLEAN)(((F) & (SF)) != 0))
 
#define SetFlag(_F, _SF)   ((_F) |= (_SF))
 
#define ClearFlag(_F, _SF)   ((_F) &= ~(_SF))
 
#define COMPRESSION_FORMAT_NONE   (0x0000)
 
#define COMPRESSION_FORMAT_DEFAULT   (0x0001)
 
#define COMPRESSION_FORMAT_LZNT1   (0x0002)
 
#define COMPRESSION_ENGINE_STANDARD   (0x0000)
 
#define COMPRESSION_ENGINE_MAXIMUM   (0x0100)
 
#define COMPRESSION_ENGINE_HIBER   (0x0200)
 
#define MAX_UNICODE_STACK_BUFFER_LENGTH   256
 
#define METHOD_FROM_CTL_CODE(ctrlCode)   ((ULONG)(ctrlCode & 3))
 
#define METHOD_DIRECT_TO_HARDWARE   METHOD_IN_DIRECT
 
#define METHOD_DIRECT_FROM_HARDWARE   METHOD_OUT_DIRECT
 
#define _NTLSA_AUDIT_
 
#define _NTLSA_IFS_
 
#define MSV1_0_PACKAGE_NAME   "MICROSOFT_AUTHENTICATION_PACKAGE_V1_0"
 
#define MSV1_0_PACKAGE_NAMEW   L"MICROSOFT_AUTHENTICATION_PACKAGE_V1_0"
 
#define MSV1_0_PACKAGE_NAMEW_LENGTH   sizeof(MSV1_0_PACKAGE_NAMEW) - sizeof(WCHAR)
 
#define MSV1_0_SUBAUTHENTICATION_KEY   "SYSTEM\\CurrentControlSet\\Control\\Lsa\\MSV1_0"
 
#define MSV1_0_SUBAUTHENTICATION_VALUE   "Auth"
 
#define MSV1_0_CHALLENGE_LENGTH   8
 
#define MSV1_0_USER_SESSION_KEY_LENGTH   16
 
#define MSV1_0_LANMAN_SESSION_KEY_LENGTH   8
 
#define MSV1_0_CLEARTEXT_PASSWORD_ALLOWED   0x02
 
#define MSV1_0_UPDATE_LOGON_STATISTICS   0x04
 
#define MSV1_0_RETURN_USER_PARAMETERS   0x08
 
#define MSV1_0_DONT_TRY_GUEST_ACCOUNT   0x10
 
#define MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT   0x20
 
#define MSV1_0_RETURN_PASSWORD_EXPIRY   0x40
 
#define MSV1_0_USE_CLIENT_CHALLENGE   0x80
 
#define MSV1_0_TRY_GUEST_ACCOUNT_ONLY   0x100
 
#define MSV1_0_RETURN_PROFILE_PATH   0x200
 
#define MSV1_0_TRY_SPECIFIED_DOMAIN_ONLY   0x400
 
#define MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT   0x800
 
#define MSV1_0_DISABLE_PERSONAL_FALLBACK   0x00001000
 
#define MSV1_0_ALLOW_FORCE_GUEST   0x00002000
 
#define MSV1_0_SUBAUTHENTICATION_DLL_EX   0x00100000
 
#define MSV1_0_ALLOW_MSVCHAPV2   0x00010000
 
#define MSV1_0_SUBAUTHENTICATION_DLL   0xFF000000
 
#define MSV1_0_SUBAUTHENTICATION_DLL_SHIFT   24
 
#define MSV1_0_MNS_LOGON   0x01000000
 
#define MSV1_0_SUBAUTHENTICATION_DLL_RAS   2
 
#define MSV1_0_SUBAUTHENTICATION_DLL_IIS   132
 
#define LOGON_GUEST   0x01
 
#define LOGON_NOENCRYPTION   0x02
 
#define LOGON_CACHED_ACCOUNT   0x04
 
#define LOGON_USED_LM_PASSWORD   0x08
 
#define LOGON_EXTRA_SIDS   0x20
 
#define LOGON_SUBAUTH_SESSION_KEY   0x40
 
#define LOGON_SERVER_TRUST_ACCOUNT   0x80
 
#define LOGON_NTLMV2_ENABLED   0x100
 
#define LOGON_RESOURCE_GROUPS   0x200
 
#define LOGON_PROFILE_PATH_RETURNED   0x400
 
#define LOGON_NT_V2   0x800
 
#define LOGON_LM_V2   0x1000
 
#define LOGON_NTLM_V2   0x2000
 
#define MSV1_0_SUBAUTHENTICATION_FLAGS   0xFF000000
 
#define LOGON_GRACE_LOGON   0x01000000
 
#define MSV1_0_OWF_PASSWORD_LENGTH   16
 
#define MSV1_0_CRED_LM_PRESENT   0x1
 
#define MSV1_0_CRED_NT_PRESENT   0x2
 
#define MSV1_0_CRED_VERSION   0
 
#define MSV1_0_NTLM3_RESPONSE_LENGTH   16
 
#define MSV1_0_NTLM3_OWF_LENGTH   16
 
#define MSV1_0_MAX_NTLM3_LIFE   129600
 
#define MSV1_0_MAX_AVL_SIZE   64000
 
#define MSV1_0_NTLM3_INPUT_LENGTH   (sizeof(MSV1_0_NTLM3_RESPONSE) - MSV1_0_NTLM3_RESPONSE_LENGTH)
 
#define USE_PRIMARY_PASSWORD   0x01
 
#define RETURN_PRIMARY_USERNAME   0x02
 
#define RETURN_PRIMARY_LOGON_DOMAINNAME   0x04
 
#define RETURN_NON_NT_USER_SESSION_KEY   0x08
 
#define GENERATE_CLIENT_CHALLENGE   0x10
 
#define GCR_NTLM3_PARMS   0x20
 
#define GCR_TARGET_INFO   0x40
 
#define RETURN_RESERVED_PARAMETER   0x80
 
#define GCR_ALLOW_NTLM   0x100
 
#define GCR_USE_OEM_SET   0x200
 
#define GCR_MACHINE_CREDENTIAL   0x400
 
#define GCR_USE_OWF_PASSWORD   0x800
 
#define GCR_ALLOW_LM   0x1000
 
#define GCR_ALLOW_NO_TARGET   0x2000
 
#define SYSTEM_PAGE_PRIORITY_BITS   3
 
#define SYSTEM_PAGE_PRIORITY_LEVELS   (1 << SYSTEM_PAGE_PRIORITY_BITS)
 
#define NLS_OEM_LEAD_BYTE_INFO   (*NlsOemLeadByteInfo)
 
#define NETWORK_OPEN_ECP_IN_FLAG_DISABLE_HANDLE_COLLAPSING   0x1
 
#define NETWORK_OPEN_ECP_IN_FLAG_DISABLE_HANDLE_DURABILITY   0x2
 
#define NETWORK_OPEN_ECP_IN_FLAG_FORCE_BUFFERED_SYNCHRONOUS_IO_HACK   0x80000000
 
#define PIN_WAIT   (1)
 
#define PIN_EXCLUSIVE   (2)
 
#define PIN_NO_READ   (4)
 
#define PIN_IF_BCB   (8)
 
#define PIN_CALLER_TRACKS_DIRTY_DATA   (32)
 
#define PIN_HIGH_PRIORITY   (64)
 
#define MAP_WAIT   1
 
#define MAP_NO_READ   (16)
 
#define MAP_HIGH_PRIORITY   (64)
 
#define IOCTL_REDIR_QUERY_PATH   CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 99, METHOD_NEITHER, FILE_ANY_ACCESS)
 
#define IOCTL_REDIR_QUERY_PATH_EX   CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 100, METHOD_NEITHER, FILE_ANY_ACCESS)
 
#define VOLSNAPCONTROLTYPE   0x00000053
 
#define IOCTL_VOLSNAP_FLUSH_AND_HOLD_WRITES   CTL_CODE(VOLSNAPCONTROLTYPE, 0, METHOD_BUFFERED, FILE_READ_ACCESS | FILE_WRITE_ACCESS)
 
#define VER_PRODUCTBUILD   10000
 
#define FS_LFN_APIS   0x00004000
 
#define FILE_STORAGE_TYPE_SPECIFIED   0x00000041 /* FILE_DIRECTORY_FILE | FILE_NON_DIRECTORY_FILE */
 
#define FILE_STORAGE_TYPE_DEFAULT   (StorageTypeDefault << FILE_STORAGE_TYPE_SHIFT)
 
#define FILE_STORAGE_TYPE_DIRECTORY   (StorageTypeDirectory << FILE_STORAGE_TYPE_SHIFT)
 
#define FILE_STORAGE_TYPE_FILE   (StorageTypeFile << FILE_STORAGE_TYPE_SHIFT)
 
#define FILE_STORAGE_TYPE_DOCFILE   (StorageTypeDocfile << FILE_STORAGE_TYPE_SHIFT)
 
#define FILE_STORAGE_TYPE_JUNCTION_POINT   (StorageTypeJunctionPoint << FILE_STORAGE_TYPE_SHIFT)
 
#define FILE_STORAGE_TYPE_CATALOG   (StorageTypeCatalog << FILE_STORAGE_TYPE_SHIFT)
 
#define FILE_STORAGE_TYPE_STRUCTURED_STORAGE   (StorageTypeStructuredStorage << FILE_STORAGE_TYPE_SHIFT)
 
#define FILE_STORAGE_TYPE_EMBEDDING   (StorageTypeEmbedding << FILE_STORAGE_TYPE_SHIFT)
 
#define FILE_STORAGE_TYPE_STREAM   (StorageTypeStream << FILE_STORAGE_TYPE_SHIFT)
 
#define FILE_MINIMUM_STORAGE_TYPE   FILE_STORAGE_TYPE_DEFAULT
 
#define FILE_MAXIMUM_STORAGE_TYPE   FILE_STORAGE_TYPE_STREAM
 
#define FILE_STORAGE_TYPE_MASK   0x000f0000
 
#define FILE_STORAGE_TYPE_SHIFT   16
 
#define FILE_VC_QUOTAS_LOG_VIOLATIONS   0x00000004
 
#define IO_ATTACH_DEVICE_API   0x80000000
 
#define IO_TYPE_APC   18
 
#define IO_TYPE_DPC   19
 
#define IO_TYPE_DEVICE_QUEUE   20
 
#define IO_TYPE_EVENT_PAIR   21
 
#define IO_TYPE_INTERRUPT   22
 
#define IO_TYPE_PROFILE   23
 
#define IRP_BEING_VERIFIED   0x10
 
#define MAILSLOT_CLASS_FIRSTCLASS   1
 
#define MAILSLOT_CLASS_SECONDCLASS   2
 
#define MAILSLOT_SIZE_AUTO   0
 
#define MEM_DOS_LIM   0x40000000
 
#define OB_TYPE_TYPE   1
 
#define OB_TYPE_DIRECTORY   2
 
#define OB_TYPE_SYMBOLIC_LINK   3
 
#define OB_TYPE_TOKEN   4
 
#define OB_TYPE_PROCESS   5
 
#define OB_TYPE_THREAD   6
 
#define OB_TYPE_EVENT   7
 
#define OB_TYPE_EVENT_PAIR   8
 
#define OB_TYPE_MUTANT   9
 
#define OB_TYPE_SEMAPHORE   10
 
#define OB_TYPE_TIMER   11
 
#define OB_TYPE_PROFILE   12
 
#define OB_TYPE_WINDOW_STATION   13
 
#define OB_TYPE_DESKTOP   14
 
#define OB_TYPE_SECTION   15
 
#define OB_TYPE_KEY   16
 
#define OB_TYPE_PORT   17
 
#define OB_TYPE_ADAPTER   18
 
#define OB_TYPE_CONTROLLER   19
 
#define OB_TYPE_DEVICE   20
 
#define OB_TYPE_DRIVER   21
 
#define OB_TYPE_IO_COMPLETION   22
 
#define OB_TYPE_FILE   23
 
#define SEC_BASED   0x00200000
 
#define FSCTL_GET_HFS_INFORMATION   CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 31, METHOD_BUFFERED, FILE_ANY_ACCESS)
 
#define FSCTL_READ_PROPERTY_DATA   CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 33, METHOD_NEITHER, FILE_ANY_ACCESS)
 
#define FSCTL_WRITE_PROPERTY_DATA   CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 34, METHOD_NEITHER, FILE_ANY_ACCESS)
 
#define FSCTL_DUMP_PROPERTY_DATA   CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 37, METHOD_NEITHER, FILE_ANY_ACCESS)
 
#define FSCTL_HSM_MSG   CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 66, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA)
 
#define FSCTL_NSS_CONTROL   CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 67, METHOD_BUFFERED, FILE_WRITE_DATA)
 
#define FSCTL_HSM_DATA   CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 68, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA)
 
#define FSCTL_NSS_RCONTROL   CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 70, METHOD_BUFFERED, FILE_READ_DATA)
 
#define FSCTL_NETWORK_SET_CONFIGURATION_INFO   CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 102, METHOD_IN_DIRECT, FILE_ANY_ACCESS)
 
#define FSCTL_NETWORK_GET_CONFIGURATION_INFO   CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 103, METHOD_OUT_DIRECT, FILE_ANY_ACCESS)
 
#define FSCTL_NETWORK_GET_CONNECTION_INFO   CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 104, METHOD_NEITHER, FILE_ANY_ACCESS)
 
#define FSCTL_NETWORK_ENUMERATE_CONNECTIONS   CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 105, METHOD_NEITHER, FILE_ANY_ACCESS)
 
#define FSCTL_NETWORK_DELETE_CONNECTION   CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 107, METHOD_BUFFERED, FILE_ANY_ACCESS)
 
#define FSCTL_NETWORK_GET_STATISTICS   CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 116, METHOD_BUFFERED, FILE_ANY_ACCESS)
 
#define FSCTL_NETWORK_SET_DOMAIN_NAME   CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 120, METHOD_BUFFERED, FILE_ANY_ACCESS)
 
#define FSCTL_NETWORK_REMOTE_BOOT_INIT_SCRT   CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 250, METHOD_BUFFERED, FILE_ANY_ACCESS)
 
#define LPC_CLIENT_ID   CLIENT_ID
 
#define LPC_SIZE_T   SIZE_T
 
#define LPC_PVOID   PVOID
 
#define LPC_HANDLE   HANDLE
 
#define LPC_KERNELMODE_MESSAGE   (CSHORT)((USHORT)0x8000)
 
#define PsDereferenceImpersonationToken(T)
 
#define SeEnableAccessToExports()   SeExports = *(PSE_EXPORTS *)SeExports;
 

Typedefs

typedef STRING LSA_STRING
 
typedef STRINGPLSA_STRING
 
typedef OBJECT_ATTRIBUTES LSA_OBJECT_ATTRIBUTES
 
typedef OBJECT_ATTRIBUTESPLSA_OBJECT_ATTRIBUTES
 
typedef ULONG LSA_OPERATIONAL_MODE
 
typedef ULONGPLSA_OPERATIONAL_MODE
 
typedef enum _SECURITY_LOGON_TYPE SECURITY_LOGON_TYPE
 
typedef enum _SECURITY_LOGON_TYPEPSECURITY_LOGON_TYPE
 
typedef enum _MSV1_0_LOGON_SUBMIT_TYPE MSV1_0_LOGON_SUBMIT_TYPE
 
typedef enum _MSV1_0_LOGON_SUBMIT_TYPEPMSV1_0_LOGON_SUBMIT_TYPE
 
typedef enum _MSV1_0_PROFILE_BUFFER_TYPE MSV1_0_PROFILE_BUFFER_TYPE
 
typedef enum _MSV1_0_PROFILE_BUFFER_TYPEPMSV1_0_PROFILE_BUFFER_TYPE
 
typedef struct _MSV1_0_INTERACTIVE_LOGON MSV1_0_INTERACTIVE_LOGON
 
typedef struct _MSV1_0_INTERACTIVE_LOGONPMSV1_0_INTERACTIVE_LOGON
 
typedef struct _MSV1_0_INTERACTIVE_PROFILE MSV1_0_INTERACTIVE_PROFILE
 
typedef struct _MSV1_0_INTERACTIVE_PROFILEPMSV1_0_INTERACTIVE_PROFILE
 
typedef struct _MSV1_0_LM20_LOGON MSV1_0_LM20_LOGON
 
typedef struct _MSV1_0_LM20_LOGONPMSV1_0_LM20_LOGON
 
typedef struct _MSV1_0_SUBAUTH_LOGON MSV1_0_SUBAUTH_LOGON
 
typedef struct _MSV1_0_SUBAUTH_LOGONPMSV1_0_SUBAUTH_LOGON
 
typedef struct _MSV1_0_LM20_LOGON_PROFILE MSV1_0_LM20_LOGON_PROFILE
 
typedef struct _MSV1_0_LM20_LOGON_PROFILEPMSV1_0_LM20_LOGON_PROFILE
 
typedef struct _MSV1_0_SUPPLEMENTAL_CREDENTIAL MSV1_0_SUPPLEMENTAL_CREDENTIAL
 
typedef struct _MSV1_0_SUPPLEMENTAL_CREDENTIALPMSV1_0_SUPPLEMENTAL_CREDENTIAL
 
typedef struct _MSV1_0_NTLM3_RESPONSE MSV1_0_NTLM3_RESPONSE
 
typedef struct _MSV1_0_NTLM3_RESPONSEPMSV1_0_NTLM3_RESPONSE
 
typedef enum _MSV1_0_AVID MSV1_0_AVID
 
typedef struct _MSV1_0_AV_PAIR MSV1_0_AV_PAIR
 
typedef struct _MSV1_0_AV_PAIRPMSV1_0_AV_PAIR
 
typedef enum _MSV1_0_PROTOCOL_MESSAGE_TYPE MSV1_0_PROTOCOL_MESSAGE_TYPE
 
typedef enum _MSV1_0_PROTOCOL_MESSAGE_TYPEPMSV1_0_PROTOCOL_MESSAGE_TYPE
 
typedef struct _MSV1_0_LM20_CHALLENGE_REQUEST MSV1_0_LM20_CHALLENGE_REQUEST
 
typedef struct _MSV1_0_LM20_CHALLENGE_REQUESTPMSV1_0_LM20_CHALLENGE_REQUEST
 
typedef struct _MSV1_0_LM20_CHALLENGE_RESPONSE MSV1_0_LM20_CHALLENGE_RESPONSE
 
typedef struct _MSV1_0_LM20_CHALLENGE_RESPONSEPMSV1_0_LM20_CHALLENGE_RESPONSE
 
typedef struct _MSV1_0_GETCHALLENRESP_REQUEST_V1 MSV1_0_GETCHALLENRESP_REQUEST_V1
 
typedef struct _MSV1_0_GETCHALLENRESP_REQUEST_V1PMSV1_0_GETCHALLENRESP_REQUEST_V1
 
typedef struct _MSV1_0_GETCHALLENRESP_REQUEST MSV1_0_GETCHALLENRESP_REQUEST
 
typedef struct _MSV1_0_GETCHALLENRESP_REQUESTPMSV1_0_GETCHALLENRESP_REQUEST
 
typedef struct _MSV1_0_GETCHALLENRESP_RESPONSE MSV1_0_GETCHALLENRESP_RESPONSE
 
typedef struct _MSV1_0_GETCHALLENRESP_RESPONSEPMSV1_0_GETCHALLENRESP_RESPONSE
 
typedef struct _MSV1_0_ENUMUSERS_REQUEST MSV1_0_ENUMUSERS_REQUEST
 
typedef struct _MSV1_0_ENUMUSERS_REQUESTPMSV1_0_ENUMUSERS_REQUEST
 
typedef struct _MSV1_0_ENUMUSERS_RESPONSE MSV1_0_ENUMUSERS_RESPONSE
 
typedef struct _MSV1_0_ENUMUSERS_RESPONSEPMSV1_0_ENUMUSERS_RESPONSE
 
typedef struct _MSV1_0_GETUSERINFO_REQUEST MSV1_0_GETUSERINFO_REQUEST
 
typedef struct _MSV1_0_GETUSERINFO_REQUESTPMSV1_0_GETUSERINFO_REQUEST
 
typedef struct _MSV1_0_GETUSERINFO_RESPONSE MSV1_0_GETUSERINFO_RESPONSE
 
typedef struct _MSV1_0_GETUSERINFO_RESPONSEPMSV1_0_GETUSERINFO_RESPONSE
 
typedef struct _PUBLIC_OBJECT_TYPE_INFORMATION PUBLIC_OBJECT_TYPE_INFORMATION
 
typedef struct _PUBLIC_OBJECT_TYPE_INFORMATIONPPUBLIC_OBJECT_TYPE_INFORMATION
 
typedef enum _NETWORK_OPEN_LOCATION_QUALIFIER NETWORK_OPEN_LOCATION_QUALIFIER
 
typedef enum _NETWORK_OPEN_INTEGRITY_QUALIFIER NETWORK_OPEN_INTEGRITY_QUALIFIER
 
typedef struct _NETWORK_OPEN_ECP_CONTEXT NETWORK_OPEN_ECP_CONTEXT
 
typedef struct _NETWORK_OPEN_ECP_CONTEXTPNETWORK_OPEN_ECP_CONTEXT
 
typedef struct _NETWORK_OPEN_ECP_CONTEXT_V0 NETWORK_OPEN_ECP_CONTEXT_V0
 
typedef struct _NETWORK_OPEN_ECP_CONTEXT_V0PNETWORK_OPEN_ECP_CONTEXT_V0
 
typedef struct _PREFETCH_OPEN_ECP_CONTEXT PREFETCH_OPEN_ECP_CONTEXT
 
typedef struct _PREFETCH_OPEN_ECP_CONTEXTPPREFETCH_OPEN_ECP_CONTEXT
 
typedef struct sockaddr_storagePSOCKADDR_STORAGE_NFS
 
typedef struct _NFS_OPEN_ECP_CONTEXT NFS_OPEN_ECP_CONTEXT
 
typedef struct _NFS_OPEN_ECP_CONTEXTPNFS_OPEN_ECP_CONTEXT
 
typedef struct _NFS_OPEN_ECP_CONTEXT ** PPNFS_OPEN_ECP_CONTEXT
 
typedef struct _SRV_OPEN_ECP_CONTEXT SRV_OPEN_ECP_CONTEXT
 
typedef struct _SRV_OPEN_ECP_CONTEXTPSRV_OPEN_ECP_CONTEXT
 
typedef struct _QUERY_PATH_REQUEST QUERY_PATH_REQUEST
 
typedef struct _QUERY_PATH_REQUESTPQUERY_PATH_REQUEST
 
typedef struct _QUERY_PATH_REQUEST_EX QUERY_PATH_REQUEST_EX
 
typedef struct _QUERY_PATH_REQUEST_EXPQUERY_PATH_REQUEST_EX
 
typedef struct _QUERY_PATH_RESPONSE QUERY_PATH_RESPONSE
 
typedef struct _QUERY_PATH_RESPONSEPQUERY_PATH_RESPONSE
 
typedef enum _FILE_STORAGE_TYPE FILE_STORAGE_TYPE
 
typedef struct _OBJECT_BASIC_INFORMATION OBJECT_BASIC_INFORMATION
 
typedef struct _OBJECT_BASIC_INFORMATIONPOBJECT_BASIC_INFORMATION
 
typedef struct _FILE_COPY_ON_WRITE_INFORMATION FILE_COPY_ON_WRITE_INFORMATION
 
typedef struct _FILE_COPY_ON_WRITE_INFORMATIONPFILE_COPY_ON_WRITE_INFORMATION
 
typedef struct _FILE_FULL_DIRECTORY_INFORMATION FILE_FULL_DIRECTORY_INFORMATION
 
typedef struct _FILE_FULL_DIRECTORY_INFORMATIONPFILE_FULL_DIRECTORY_INFORMATION
 
typedef struct _FILE_SHARED_LOCK_ENTRY FILE_SHARED_LOCK_ENTRY
 
typedef struct _FILE_SHARED_LOCK_ENTRYPFILE_SHARED_LOCK_ENTRY
 
typedef struct _FILE_EXCLUSIVE_LOCK_ENTRY FILE_EXCLUSIVE_LOCK_ENTRY
 
typedef struct _FILE_EXCLUSIVE_LOCK_ENTRYPFILE_EXCLUSIVE_LOCK_ENTRY
 
typedef struct _FILE_MAILSLOT_PEEK_BUFFER FILE_MAILSLOT_PEEK_BUFFER
 
typedef struct _FILE_MAILSLOT_PEEK_BUFFERPFILE_MAILSLOT_PEEK_BUFFER
 
typedef struct _FILE_OLE_CLASSID_INFORMATION FILE_OLE_CLASSID_INFORMATION
 
typedef struct _FILE_OLE_CLASSID_INFORMATIONPFILE_OLE_CLASSID_INFORMATION
 
typedef struct _FILE_OLE_ALL_INFORMATION FILE_OLE_ALL_INFORMATION
 
typedef struct _FILE_OLE_ALL_INFORMATIONPFILE_OLE_ALL_INFORMATION
 
typedef struct _FILE_OLE_DIR_INFORMATION FILE_OLE_DIR_INFORMATION
 
typedef struct _FILE_OLE_DIR_INFORMATIONPFILE_OLE_DIR_INFORMATION
 
typedef struct _FILE_OLE_INFORMATION FILE_OLE_INFORMATION
 
typedef struct _FILE_OLE_INFORMATIONPFILE_OLE_INFORMATION
 
typedef struct _FILE_OLE_STATE_BITS_INFORMATION FILE_OLE_STATE_BITS_INFORMATION
 
typedef struct _FILE_OLE_STATE_BITS_INFORMATIONPFILE_OLE_STATE_BITS_INFORMATION
 
typedef struct _MAPPING_PAIR MAPPING_PAIR
 
typedef struct _MAPPING_PAIRPMAPPING_PAIR
 
typedef struct _GET_RETRIEVAL_DESCRIPTOR GET_RETRIEVAL_DESCRIPTOR
 
typedef struct _GET_RETRIEVAL_DESCRIPTORPGET_RETRIEVAL_DESCRIPTOR
 
typedef struct _MOVEFILE_DESCRIPTOR MOVEFILE_DESCRIPTOR
 
typedef struct _MOVEFILE_DESCRIPTORPMOVEFILE_DESCRIPTOR
 
typedef struct _OBJECT_BASIC_INFO OBJECT_BASIC_INFO
 
typedef struct _OBJECT_BASIC_INFOPOBJECT_BASIC_INFO
 
typedef struct _OBJECT_HANDLE_ATTRIBUTE_INFO OBJECT_HANDLE_ATTRIBUTE_INFO
 
typedef struct _OBJECT_HANDLE_ATTRIBUTE_INFOPOBJECT_HANDLE_ATTRIBUTE_INFO
 
typedef struct _OBJECT_NAME_INFO OBJECT_NAME_INFO
 
typedef struct _OBJECT_NAME_INFOPOBJECT_NAME_INFO
 
typedef struct _OBJECT_PROTECTION_INFO OBJECT_PROTECTION_INFO
 
typedef struct _OBJECT_PROTECTION_INFOPOBJECT_PROTECTION_INFO
 
typedef struct _OBJECT_TYPE_INFO OBJECT_TYPE_INFO
 
typedef struct _OBJECT_TYPE_INFOPOBJECT_TYPE_INFO
 
typedef struct _OBJECT_ALL_TYPES_INFO OBJECT_ALL_TYPES_INFO
 
typedef struct _OBJECT_ALL_TYPES_INFOPOBJECT_ALL_TYPES_INFO
 
typedef struct _PORT_MESSAGE PORT_MESSAGE
 
typedef struct _PORT_MESSAGEPPORT_MESSAGE
 
typedef struct _PORT_VIEW PORT_VIEW
 
typedef struct _PORT_VIEWPPORT_VIEW
 
typedef struct _REMOTE_PORT_VIEW REMOTE_PORT_VIEW
 
typedef struct _REMOTE_PORT_VIEWPREMOTE_PORT_VIEW
 
typedef struct _VAD_HEADER VAD_HEADER
 
typedef struct _VAD_HEADERPVAD_HEADER
 

Enumerations

enum  _SECURITY_LOGON_TYPE {
  Interactive = 2, Network, Batch, Service,
  Proxy, Unlock, UndefinedLogonType = 0, Interactive = 2,
  Network, Batch, Service, Proxy,
  Unlock, NetworkCleartext, NewCredentials
}
 
enum  _MSV1_0_LOGON_SUBMIT_TYPE {
  MsV1_0InteractiveLogon = 2, MsV1_0Lm20Logon, MsV1_0NetworkLogon, MsV1_0SubAuthLogon,
  MsV1_0WorkstationUnlockLogon = 7, MsV1_0InteractiveLogon = 2, MsV1_0Lm20Logon, MsV1_0NetworkLogon,
  MsV1_0SubAuthLogon, MsV1_0WorkstationUnlockLogon = 7, MsV1_0S4ULogon = 12, MsV1_0VirtualLogon = 82
}
 
enum  _MSV1_0_PROFILE_BUFFER_TYPE {
  MsV1_0InteractiveProfile = 2, MsV1_0Lm20LogonProfile, MsV1_0SmartCardProfile, MsV1_0InteractiveProfile = 2,
  MsV1_0Lm20LogonProfile, MsV1_0SmartCardProfile
}
 
enum  _MSV1_0_AVID {
  MsvAvEOL, MsvAvNbComputerName, MsvAvNbDomainName, MsvAvDnsComputerName,
  MsvAvDnsDomainName
}
 
enum  _MSV1_0_PROTOCOL_MESSAGE_TYPE {
  MsV1_0Lm20ChallengeRequest = 0, MsV1_0Lm20GetChallengeResponse, MsV1_0EnumerateUsers, MsV1_0GetUserInfo,
  MsV1_0ReLogonUsers, MsV1_0ChangePassword, MsV1_0ChangeCachedPassword, MsV1_0GenericPassthrough,
  MsV1_0CacheLogon, MsV1_0SubAuth, MsV1_0DeriveCredential, MsV1_0CacheLookup,
  MsV1_0Lm20ChallengeRequest = 0, MsV1_0Lm20GetChallengeResponse, MsV1_0EnumerateUsers, MsV1_0GetUserInfo,
  MsV1_0ReLogonUsers, MsV1_0ChangePassword, MsV1_0ChangeCachedPassword, MsV1_0GenericPassthrough,
  MsV1_0CacheLogon, MsV1_0SubAuth, MsV1_0DeriveCredential, MsV1_0CacheLookup
}
 
enum  _NETWORK_OPEN_LOCATION_QUALIFIER { NetworkOpenLocationAny, NetworkOpenLocationRemote, NetworkOpenLocationLoopback }
 
enum  _NETWORK_OPEN_INTEGRITY_QUALIFIER {
  NetworkOpenIntegrityAny, NetworkOpenIntegrityNone, NetworkOpenIntegritySigned, NetworkOpenIntegrityEncrypted,
  NetworkOpenIntegrityMaximum
}
 
enum  _FILE_STORAGE_TYPE {
  StorageTypeDefault = 1, StorageTypeDirectory, StorageTypeFile, StorageTypeJunctionPoint,
  StorageTypeCatalog, StorageTypeStructuredStorage, StorageTypeEmbedding, StorageTypeStream
}
 

Functions

 $define (UCHAR=UCHAR) $define(ULONG
 
 $include (setypes.h) $include(obtypes.h) $include(rtltypes.h) $include(rtlfuncs.h) _IRQL_requires_max_(PASSIVE_LEVEL) __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtQueryObject(_In_opt_ HANDLE Handle
 
_In_ OBJECT_INFORMATION_CLASS _Out_writes_bytes_opt_ (ObjectInformationLength) PVOID ObjectInformation
 
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtOpenThreadToken (_In_ HANDLE ThreadHandle, _In_ ACCESS_MASK DesiredAccess, _In_ BOOLEAN OpenAsSelf, _Out_ PHANDLE TokenHandle)
 
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtOpenProcessToken (_In_ HANDLE ProcessHandle, _In_ ACCESS_MASK DesiredAccess, _Out_ PHANDLE TokenHandle)
 
 _When_ (TokenInformationClass==TokenAccessInformation, _At_(TokenInformationLength, _In_range_(>=, sizeof(TOKEN_ACCESS_INFORMATION)))) _Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtQueryInformationToken(_In_ HANDLE TokenHandle
 
_In_ TOKEN_INFORMATION_CLASS _Out_writes_bytes_to_opt_ (TokenInformationLength, *ReturnLength) PVOID TokenInformation
 
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAdjustPrivilegesToken (_In_ HANDLE TokenHandle, _In_ BOOLEAN DisableAllPrivileges, _In_opt_ PTOKEN_PRIVILEGES NewState, _In_ ULONG BufferLength, _Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_PRIVILEGES PreviousState, _When_(PreviousState !=NULL, _Out_) PULONG ReturnLength)
 
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtCreateFile (_Out_ PHANDLE FileHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES ObjectAttributes, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _In_opt_ PLARGE_INTEGER AllocationSize, _In_ ULONG FileAttributes, _In_ ULONG ShareAccess, _In_ ULONG CreateDisposition, _In_ ULONG CreateOptions, _In_reads_bytes_opt_(EaLength) PVOID EaBuffer, _In_ ULONG EaLength)
 
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtDeviceIoControlFile (_In_ HANDLE FileHandle, _In_opt_ HANDLE Event, _In_opt_ PIO_APC_ROUTINE ApcRoutine, _In_opt_ PVOID ApcContext, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _In_ ULONG IoControlCode, _In_reads_bytes_opt_(InputBufferLength) PVOID InputBuffer, _In_ ULONG InputBufferLength, _Out_writes_bytes_opt_(OutputBufferLength) PVOID OutputBuffer, _In_ ULONG OutputBufferLength)
 
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtFsControlFile (_In_ HANDLE FileHandle, _In_opt_ HANDLE Event, _In_opt_ PIO_APC_ROUTINE ApcRoutine, _In_opt_ PVOID ApcContext, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _In_ ULONG FsControlCode, _In_reads_bytes_opt_(InputBufferLength) PVOID InputBuffer, _In_ ULONG InputBufferLength, _Out_writes_bytes_opt_(OutputBufferLength) PVOID OutputBuffer, _In_ ULONG OutputBufferLength)
 
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtLockFile (_In_ HANDLE FileHandle, _In_opt_ HANDLE Event, _In_opt_ PIO_APC_ROUTINE ApcRoutine, _In_opt_ PVOID ApcContext, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _In_ PLARGE_INTEGER ByteOffset, _In_ PLARGE_INTEGER Length, _In_ ULONG Key, _In_ BOOLEAN FailImmediately, _In_ BOOLEAN ExclusiveLock)
 
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtOpenFile (_Out_ PHANDLE FileHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES ObjectAttributes, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _In_ ULONG ShareAccess, _In_ ULONG OpenOptions)
 
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtQueryDirectoryFile (_In_ HANDLE FileHandle, _In_opt_ HANDLE Event, _In_opt_ PIO_APC_ROUTINE ApcRoutine, _In_opt_ PVOID ApcContext, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _Out_writes_bytes_(Length) PVOID FileInformation, _In_ ULONG Length, _In_ FILE_INFORMATION_CLASS FileInformationClass, _In_ BOOLEAN ReturnSingleEntry, _In_opt_ PUNICODE_STRING FileName, _In_ BOOLEAN RestartScan)
 
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtQueryInformationFile (_In_ HANDLE FileHandle, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _Out_writes_bytes_(Length) PVOID FileInformation, _In_ ULONG Length, _In_ FILE_INFORMATION_CLASS FileInformationClass)
 
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtQueryQuotaInformationFile (_In_ HANDLE FileHandle, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _Out_writes_bytes_(Length) PVOID Buffer, _In_ ULONG Length, _In_ BOOLEAN ReturnSingleEntry, _In_reads_bytes_opt_(SidListLength) PVOID SidList, _In_ ULONG SidListLength, _In_reads_bytes_opt_((8+(4 *((SID *) StartSid) ->SubAuthorityCount))) PSID StartSid, _In_ BOOLEAN RestartScan)
 
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtQueryVolumeInformationFile (_In_ HANDLE FileHandle, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _Out_writes_bytes_(Length) PVOID FsInformation, _In_ ULONG Length, _In_ FS_INFORMATION_CLASS FsInformationClass)
 
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtReadFile (_In_ HANDLE FileHandle, _In_opt_ HANDLE Event, _In_opt_ PIO_APC_ROUTINE ApcRoutine, _In_opt_ PVOID ApcContext, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _Out_writes_bytes_(Length) PVOID Buffer, _In_ ULONG Length, _In_opt_ PLARGE_INTEGER ByteOffset, _In_opt_ PULONG Key)
 
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtSetInformationFile (_In_ HANDLE FileHandle, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _In_reads_bytes_(Length) PVOID FileInformation, _In_ ULONG Length, _In_ FILE_INFORMATION_CLASS FileInformationClass)
 
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtSetQuotaInformationFile (_In_ HANDLE FileHandle, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _In_reads_bytes_(Length) PVOID Buffer, _In_ ULONG Length)
 
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtSetVolumeInformationFile (_In_ HANDLE FileHandle, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _In_reads_bytes_(Length) PVOID FsInformation, _In_ ULONG Length, _In_ FS_INFORMATION_CLASS FsInformationClass)
 
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtWriteFile (_In_ HANDLE FileHandle, _In_opt_ HANDLE Event, _In_opt_ PIO_APC_ROUTINE ApcRoutine, _In_opt_ PVOID ApcContext, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _In_reads_bytes_(Length) PVOID Buffer, _In_ ULONG Length, _In_opt_ PLARGE_INTEGER ByteOffset, _In_opt_ PULONG Key)
 
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtUnlockFile (_In_ HANDLE FileHandle, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _In_ PLARGE_INTEGER ByteOffset, _In_ PLARGE_INTEGER Length, _In_ ULONG Key)
 
 _IRQL_requires_max_ (PASSIVE_LEVEL) __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtSetSecurityObject(_In_ HANDLE Handle
 
_In_ SECURITY_INFORMATION _Out_writes_bytes_opt_ (Length) PSECURITY_DESCRIPTOR SecurityDescriptor
 
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtOpenThreadTokenEx (_In_ HANDLE ThreadHandle, _In_ ACCESS_MASK DesiredAccess, _In_ BOOLEAN OpenAsSelf, _In_ ULONG HandleAttributes, _Out_ PHANDLE TokenHandle)
 
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtOpenProcessTokenEx (_In_ HANDLE ProcessHandle, _In_ ACCESS_MASK DesiredAccess, _In_ ULONG HandleAttributes, _Out_ PHANDLE TokenHandle)
 
_Must_inspect_result_ NTSYSAPI NTSTATUS NTAPI NtOpenJobObjectToken (_In_ HANDLE JobHandle, _In_ ACCESS_MASK DesiredAccess, _Out_ PHANDLE TokenHandle)
 
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtDuplicateToken (_In_ HANDLE ExistingTokenHandle, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ BOOLEAN EffectiveOnly, _In_ TOKEN_TYPE TokenType, _Out_ PHANDLE NewTokenHandle)
 
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtFilterToken (_In_ HANDLE ExistingTokenHandle, _In_ ULONG Flags, _In_opt_ PTOKEN_GROUPS SidsToDisable, _In_opt_ PTOKEN_PRIVILEGES PrivilegesToDelete, _In_opt_ PTOKEN_GROUPS RestrictedSids, _Out_ PHANDLE NewTokenHandle)
 
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtImpersonateAnonymousToken (_In_ HANDLE ThreadHandle)
 
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtSetInformationToken (_In_ HANDLE TokenHandle, _In_ TOKEN_INFORMATION_CLASS TokenInformationClass, _In_reads_bytes_(TokenInformationLength) PVOID TokenInformation, _In_ ULONG TokenInformationLength)
 
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAdjustGroupsToken (_In_ HANDLE TokenHandle, _In_ BOOLEAN ResetToDefault, _In_opt_ PTOKEN_GROUPS NewState, _In_opt_ ULONG BufferLength, _Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_GROUPS PreviousState, _Out_ PULONG ReturnLength)
 
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtPrivilegeCheck (_In_ HANDLE ClientToken, _Inout_ PPRIVILEGE_SET RequiredPrivileges, _Out_ PBOOLEAN Result)
 
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAccessCheckAndAuditAlarm (_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ PUNICODE_STRING ObjectTypeName, _In_ PUNICODE_STRING ObjectName, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ ACCESS_MASK DesiredAccess, _In_ PGENERIC_MAPPING GenericMapping, _In_ BOOLEAN ObjectCreation, _Out_ PACCESS_MASK GrantedAccess, _Out_ PNTSTATUS AccessStatus, _Out_ PBOOLEAN GenerateOnClose)
 
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAccessCheckByTypeAndAuditAlarm (_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ PUNICODE_STRING ObjectTypeName, _In_ PUNICODE_STRING ObjectName, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_opt_ PSID PrincipalSelfSid, _In_ ACCESS_MASK DesiredAccess, _In_ AUDIT_EVENT_TYPE AuditType, _In_ ULONG Flags, _In_reads_opt_(ObjectTypeLength) POBJECT_TYPE_LIST ObjectTypeList, _In_ ULONG ObjectTypeLength, _In_ PGENERIC_MAPPING GenericMapping, _In_ BOOLEAN ObjectCreation, _Out_ PACCESS_MASK GrantedAccess, _Out_ PNTSTATUS AccessStatus, _Out_ PBOOLEAN GenerateOnClose)
 
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAccessCheckByTypeResultListAndAuditAlarm (_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ PUNICODE_STRING ObjectTypeName, _In_ PUNICODE_STRING ObjectName, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_opt_ PSID PrincipalSelfSid, _In_ ACCESS_MASK DesiredAccess, _In_ AUDIT_EVENT_TYPE AuditType, _In_ ULONG Flags, _In_reads_opt_(ObjectTypeListLength) POBJECT_TYPE_LIST ObjectTypeList, _In_ ULONG ObjectTypeListLength, _In_ PGENERIC_MAPPING GenericMapping, _In_ BOOLEAN ObjectCreation, _Out_writes_(ObjectTypeListLength) PACCESS_MASK GrantedAccess, _Out_writes_(ObjectTypeListLength) PNTSTATUS AccessStatus, _Out_ PBOOLEAN GenerateOnClose)
 
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAccessCheckByTypeResultListAndAuditAlarmByHandle (_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ HANDLE ClientToken, _In_ PUNICODE_STRING ObjectTypeName, _In_ PUNICODE_STRING ObjectName, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_opt_ PSID PrincipalSelfSid, _In_ ACCESS_MASK DesiredAccess, _In_ AUDIT_EVENT_TYPE AuditType, _In_ ULONG Flags, _In_reads_opt_(ObjectTypeListLength) POBJECT_TYPE_LIST ObjectTypeList, _In_ ULONG ObjectTypeListLength, _In_ PGENERIC_MAPPING GenericMapping, _In_ BOOLEAN ObjectCreation, _Out_writes_(ObjectTypeListLength) PACCESS_MASK GrantedAccess, _Out_writes_(ObjectTypeListLength) PNTSTATUS AccessStatus, _Out_ PBOOLEAN GenerateOnClose)
 
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtOpenObjectAuditAlarm (_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ PUNICODE_STRING ObjectTypeName, _In_ PUNICODE_STRING ObjectName, _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ HANDLE ClientToken, _In_ ACCESS_MASK DesiredAccess, _In_ ACCESS_MASK GrantedAccess, _In_opt_ PPRIVILEGE_SET Privileges, _In_ BOOLEAN ObjectCreation, _In_ BOOLEAN AccessGranted, _Out_ PBOOLEAN GenerateOnClose)
 
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtPrivilegeObjectAuditAlarm (_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ HANDLE ClientToken, _In_ ACCESS_MASK DesiredAccess, _In_ PPRIVILEGE_SET Privileges, _In_ BOOLEAN AccessGranted)
 
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtCloseObjectAuditAlarm (_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ BOOLEAN GenerateOnClose)
 
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtDeleteObjectAuditAlarm (_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ BOOLEAN GenerateOnClose)
 
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtPrivilegedServiceAuditAlarm (_In_ PUNICODE_STRING SubsystemName, _In_ PUNICODE_STRING ServiceName, _In_ HANDLE ClientToken, _In_ PPRIVILEGE_SET Privileges, _In_ BOOLEAN AccessGranted)
 
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtSetInformationThread (_In_ HANDLE ThreadHandle, _In_ THREADINFOCLASS ThreadInformationClass, _In_reads_bytes_(ThreadInformationLength) PVOID ThreadInformation, _In_ ULONG ThreadInformationLength)
 
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtCreateSection (_Out_ PHANDLE SectionHandle, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_opt_ PLARGE_INTEGER MaximumSize, _In_ ULONG SectionPageProtection, _In_ ULONG AllocationAttributes, _In_opt_ HANDLE FileHandle)
 
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_reads_bytes_ (AuthenticationInformationLength) PVOID AuthenticationInformation
 
_IRQL_requires_same_ NTSTATUS NTAPI LsaFreeReturnBuffer (_In_ PVOID Buffer)
 
 $include (iotypes.h) typedef struct _PUBLIC_OBJECT_BASIC_INFORMATION
 
 $include (ketypes.h) $include(kefuncs.h) $include(extypes.h) $include(exfuncs.h) $include(sefuncs.h) $include(psfuncs.h) $include(iofuncs.h) $include(potypes.h) $include(pofuncs.h) $include(mmtypes.h) $include(mmfuncs.h) $include(obfuncs.h) $include(fsrtltypes.h) $include(fsrtlfuncs.h) $include(cctypes.h) $include(ccfuncs.h) $include(zwfuncs.h) $include(sspi.h) C_ASSERT(sizeof(ERESOURCE)
 
 C_ASSERT (FIELD_OFFSET(ERESOURCE, ActiveCount)==0x0c)
 
 C_ASSERT (FIELD_OFFSET(ERESOURCE, Flag)==0x0e)
 
 DEFINE_GUID (GUID_ECP_NETWORK_OPEN_CONTEXT, 0xc584edbf, 0x00df, 0x4d28, 0xb8, 0x84, 0x35, 0xba, 0xca, 0x89, 0x11, 0xe8)
 
 DEFINE_GUID (GUID_ECP_PREFETCH_OPEN, 0xe1777b21, 0x847e, 0x4837, 0xaa, 0x45, 0x64, 0x16, 0x1d, 0x28, 0x6, 0x55)
 
 DEFINE_GUID (GUID_ECP_NFS_OPEN, 0xf326d30c, 0xe5f8, 0x4fe7, 0xab, 0x74, 0xf5, 0xa3, 0x19, 0x6d, 0x92, 0xdb)
 
 DEFINE_GUID (GUID_ECP_SRV_OPEN, 0xbebfaebc, 0xaabf, 0x489d, 0x9d, 0x2c, 0xe9, 0xe3, 0x61, 0x10, 0x28, 0x53)
 
NTKERNELAPI LARGE_INTEGER NTAPI CcGetLsnForFileObject (_In_ PFILE_OBJECT FileObject, _Out_opt_ PLARGE_INTEGER OldestLsn)
 
NTKERNELAPI PVOID NTAPI FsRtlAllocatePool (_In_ POOL_TYPE PoolType, _In_ ULONG NumberOfBytes)
 
NTKERNELAPI PVOID NTAPI FsRtlAllocatePoolWithQuota (_In_ POOL_TYPE PoolType, _In_ ULONG NumberOfBytes)
 
NTKERNELAPI PVOID NTAPI FsRtlAllocatePoolWithQuotaTag (_In_ POOL_TYPE PoolType, _In_ ULONG NumberOfBytes, _In_ ULONG Tag)
 
NTKERNELAPI PVOID NTAPI FsRtlAllocatePoolWithTag (_In_ POOL_TYPE PoolType, _In_ ULONG NumberOfBytes, _In_ ULONG Tag)
 
NTKERNELAPI BOOLEAN NTAPI FsRtlMdlReadComplete (_In_ PFILE_OBJECT FileObject, _In_ PMDL MdlChain)
 
NTKERNELAPI BOOLEAN NTAPI FsRtlMdlWriteComplete (_In_ PFILE_OBJECT FileObject, _In_ PLARGE_INTEGER FileOffset, _In_ PMDL MdlChain)
 
NTKERNELAPI VOID NTAPI FsRtlNotifyChangeDirectory (_In_ PNOTIFY_SYNC NotifySync, _In_ PVOID FsContext, _In_ PSTRING FullDirectoryName, _In_ PLIST_ENTRY NotifyList, _In_ BOOLEAN WatchTree, _In_ ULONG CompletionFilter, _In_ PIRP NotifyIrp)
 
NTKERNELAPI NTSTATUS NTAPI ObCreateObject (_In_opt_ KPROCESSOR_MODE ObjectAttributesAccessMode, _In_ POBJECT_TYPE ObjectType, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ KPROCESSOR_MODE AccessMode, _Inout_opt_ PVOID ParseContext, _In_ ULONG ObjectSize, _In_opt_ ULONG PagedPoolCharge, _In_opt_ ULONG NonPagedPoolCharge, _Out_ PVOID *Object)
 
NTKERNELAPI NTSTATUS NTAPI ObReferenceObjectByName (_In_ PUNICODE_STRING ObjectName, _In_ ULONG Attributes, _In_opt_ PACCESS_STATE PassedAccessState, _In_opt_ ACCESS_MASK DesiredAccess, _In_ POBJECT_TYPE ObjectType, _In_ KPROCESSOR_MODE AccessMode, _Inout_opt_ PVOID ParseContext, _Out_ PVOID *Object)
 
NTKERNELAPI NTSTATUS NTAPI PsLookupProcessThreadByCid (_In_ PCLIENT_ID Cid, _Out_opt_ PEPROCESS *Process, _Out_ PETHREAD *Thread)
 
NTSYSAPI NTSTATUS NTAPI RtlSetSaclSecurityDescriptor (_Inout_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ BOOLEAN SaclPresent, _In_ PACL Sacl, _In_ BOOLEAN SaclDefaulted)
 

Variables

_In_ OBJECT_INFORMATION_CLASS ObjectInformationClass
 
_In_ OBJECT_INFORMATION_CLASS _In_ ULONG ObjectInformationLength
 
_In_ OBJECT_INFORMATION_CLASS _In_ ULONG _Out_opt_ PULONG ReturnLength
 
_In_ TOKEN_INFORMATION_CLASS TokenInformationClass
 
_In_ TOKEN_INFORMATION_CLASS _In_ ULONG TokenInformationLength
 
_In_ SECURITY_INFORMATION SecurityInformation
 
_In_ SECURITY_INFORMATION _In_ PSECURITY_DESCRIPTOR SecurityDescriptor
 
_In_ SECURITY_INFORMATION _In_ ULONG Length
 
_In_ SECURITY_INFORMATION _In_ ULONG _Out_ PULONG LengthNeeded
 
_IRQL_requires_same_ _Out_ PHANDLE LsaHandle
 
_IRQL_requires_same_ _Out_ PHANDLE _Out_ PLSA_OPERATIONAL_MODE SecurityMode
 
_IRQL_requires_same_ _In_ PLSA_STRING OriginName
 
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE LogonType
 
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG AuthenticationPackage
 
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG AuthenticationInformationLength
 
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS LocalGroups
 
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE SourceContext
 
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOIDProfileBuffer
 
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG ProfileBufferLength
 
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID LogonId
 
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
 
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE _Out_ PQUOTA_LIMITS Quotas
 
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE _Out_ PQUOTA_LIMITS _Out_ PNTSTATUS SubStatus
 
 PUBLIC_OBJECT_BASIC_INFORMATION
 
PPUBLIC_OBJECT_BASIC_INFORMATION
 
PUSHORTNlsOemLeadByteInfo
 

Macro Definition Documentation

◆ _GNU_NTIFS_

#define _GNU_NTIFS_

Definition at line 27 of file ntifs.template.h.

◆ _NTIFS_INCLUDED_

#define _NTIFS_INCLUDED_

Definition at line 26 of file ntifs.template.h.

◆ _NTLSA_AUDIT_

#define _NTLSA_AUDIT_

Definition at line 684 of file ntifs.template.h.

◆ _NTLSA_IFS_

#define _NTLSA_IFS_

Definition at line 728 of file ntifs.template.h.

◆ BooleanFlagOn

#define BooleanFlagOn (   F,
  SF 
)    ((BOOLEAN)(((F) & (SF)) != 0))

◆ ClearFlag

#define ClearFlag (   _F,
  _SF 
)    ((_F) &= ~(_SF))

◆ COMPRESSION_ENGINE_HIBER

#define COMPRESSION_ENGINE_HIBER   (0x0200)

Definition at line 652 of file ntifs.template.h.

◆ COMPRESSION_ENGINE_MAXIMUM

#define COMPRESSION_ENGINE_MAXIMUM   (0x0100)

Definition at line 651 of file ntifs.template.h.

◆ COMPRESSION_ENGINE_STANDARD

#define COMPRESSION_ENGINE_STANDARD   (0x0000)

Definition at line 650 of file ntifs.template.h.

◆ COMPRESSION_FORMAT_DEFAULT

#define COMPRESSION_FORMAT_DEFAULT   (0x0001)

Definition at line 648 of file ntifs.template.h.

◆ COMPRESSION_FORMAT_LZNT1

#define COMPRESSION_FORMAT_LZNT1   (0x0002)

Definition at line 649 of file ntifs.template.h.

◆ COMPRESSION_FORMAT_NONE

#define COMPRESSION_FORMAT_NONE   (0x0000)

Definition at line 647 of file ntifs.template.h.

◆ FILE_MAXIMUM_STORAGE_TYPE

#define FILE_MAXIMUM_STORAGE_TYPE   FILE_STORAGE_TYPE_STREAM

Definition at line 1304 of file ntifs.template.h.

◆ FILE_MINIMUM_STORAGE_TYPE

#define FILE_MINIMUM_STORAGE_TYPE   FILE_STORAGE_TYPE_DEFAULT

Definition at line 1303 of file ntifs.template.h.

◆ FILE_STORAGE_TYPE_CATALOG

#define FILE_STORAGE_TYPE_CATALOG   (StorageTypeCatalog << FILE_STORAGE_TYPE_SHIFT)

Definition at line 1299 of file ntifs.template.h.

◆ FILE_STORAGE_TYPE_DEFAULT

#define FILE_STORAGE_TYPE_DEFAULT   (StorageTypeDefault << FILE_STORAGE_TYPE_SHIFT)

Definition at line 1294 of file ntifs.template.h.

◆ FILE_STORAGE_TYPE_DIRECTORY

#define FILE_STORAGE_TYPE_DIRECTORY   (StorageTypeDirectory << FILE_STORAGE_TYPE_SHIFT)

Definition at line 1295 of file ntifs.template.h.

◆ FILE_STORAGE_TYPE_DOCFILE

#define FILE_STORAGE_TYPE_DOCFILE   (StorageTypeDocfile << FILE_STORAGE_TYPE_SHIFT)

Definition at line 1297 of file ntifs.template.h.

◆ FILE_STORAGE_TYPE_EMBEDDING

#define FILE_STORAGE_TYPE_EMBEDDING   (StorageTypeEmbedding << FILE_STORAGE_TYPE_SHIFT)

Definition at line 1301 of file ntifs.template.h.

◆ FILE_STORAGE_TYPE_FILE

#define FILE_STORAGE_TYPE_FILE   (StorageTypeFile << FILE_STORAGE_TYPE_SHIFT)

Definition at line 1296 of file ntifs.template.h.

◆ FILE_STORAGE_TYPE_JUNCTION_POINT

#define FILE_STORAGE_TYPE_JUNCTION_POINT   (StorageTypeJunctionPoint << FILE_STORAGE_TYPE_SHIFT)

Definition at line 1298 of file ntifs.template.h.

◆ FILE_STORAGE_TYPE_MASK

#define FILE_STORAGE_TYPE_MASK   0x000f0000

Definition at line 1305 of file ntifs.template.h.

◆ FILE_STORAGE_TYPE_SHIFT

#define FILE_STORAGE_TYPE_SHIFT   16

Definition at line 1306 of file ntifs.template.h.

◆ FILE_STORAGE_TYPE_SPECIFIED

#define FILE_STORAGE_TYPE_SPECIFIED   0x00000041 /* FILE_DIRECTORY_FILE | FILE_NON_DIRECTORY_FILE */

Definition at line 1293 of file ntifs.template.h.

◆ FILE_STORAGE_TYPE_STREAM

#define FILE_STORAGE_TYPE_STREAM   (StorageTypeStream << FILE_STORAGE_TYPE_SHIFT)

Definition at line 1302 of file ntifs.template.h.

◆ FILE_STORAGE_TYPE_STRUCTURED_STORAGE

#define FILE_STORAGE_TYPE_STRUCTURED_STORAGE   (StorageTypeStructuredStorage << FILE_STORAGE_TYPE_SHIFT)

Definition at line 1300 of file ntifs.template.h.

◆ FILE_VC_QUOTAS_LOG_VIOLATIONS

#define FILE_VC_QUOTAS_LOG_VIOLATIONS   0x00000004

Definition at line 1308 of file ntifs.template.h.

◆ FlagOn

#define FlagOn (   _F,
  _SF 
)    ((_F) & (_SF))

◆ FS_LFN_APIS

#define FS_LFN_APIS   0x00004000

Definition at line 1291 of file ntifs.template.h.

◆ FSCTL_DUMP_PROPERTY_DATA

#define FSCTL_DUMP_PROPERTY_DATA   CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 37, METHOD_NEITHER, FILE_ANY_ACCESS)

Definition at line 1370 of file ntifs.template.h.

◆ FSCTL_GET_HFS_INFORMATION

#define FSCTL_GET_HFS_INFORMATION   CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 31, METHOD_BUFFERED, FILE_ANY_ACCESS)

Definition at line 1362 of file ntifs.template.h.

◆ FSCTL_HSM_DATA

Definition at line 1374 of file ntifs.template.h.

◆ FSCTL_HSM_MSG

◆ FSCTL_NETWORK_DELETE_CONNECTION

#define FSCTL_NETWORK_DELETE_CONNECTION   CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 107, METHOD_BUFFERED, FILE_ANY_ACCESS)

Definition at line 1382 of file ntifs.template.h.

◆ FSCTL_NETWORK_ENUMERATE_CONNECTIONS

#define FSCTL_NETWORK_ENUMERATE_CONNECTIONS   CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 105, METHOD_NEITHER, FILE_ANY_ACCESS)

Definition at line 1381 of file ntifs.template.h.

◆ FSCTL_NETWORK_GET_CONFIGURATION_INFO

#define FSCTL_NETWORK_GET_CONFIGURATION_INFO   CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 103, METHOD_OUT_DIRECT, FILE_ANY_ACCESS)

Definition at line 1379 of file ntifs.template.h.

◆ FSCTL_NETWORK_GET_CONNECTION_INFO

#define FSCTL_NETWORK_GET_CONNECTION_INFO   CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 104, METHOD_NEITHER, FILE_ANY_ACCESS)

Definition at line 1380 of file ntifs.template.h.

◆ FSCTL_NETWORK_GET_STATISTICS

Definition at line 1383 of file ntifs.template.h.

◆ FSCTL_NETWORK_REMOTE_BOOT_INIT_SCRT

#define FSCTL_NETWORK_REMOTE_BOOT_INIT_SCRT   CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 250, METHOD_BUFFERED, FILE_ANY_ACCESS)

Definition at line 1385 of file ntifs.template.h.

◆ FSCTL_NETWORK_SET_CONFIGURATION_INFO

#define FSCTL_NETWORK_SET_CONFIGURATION_INFO   CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 102, METHOD_IN_DIRECT, FILE_ANY_ACCESS)

Definition at line 1378 of file ntifs.template.h.

◆ FSCTL_NETWORK_SET_DOMAIN_NAME

#define FSCTL_NETWORK_SET_DOMAIN_NAME   CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 120, METHOD_BUFFERED, FILE_ANY_ACCESS)

Definition at line 1384 of file ntifs.template.h.

◆ FSCTL_NSS_CONTROL

Definition at line 1373 of file ntifs.template.h.

◆ FSCTL_NSS_RCONTROL

Definition at line 1375 of file ntifs.template.h.

◆ FSCTL_READ_PROPERTY_DATA

#define FSCTL_READ_PROPERTY_DATA   CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 33, METHOD_NEITHER, FILE_ANY_ACCESS)

Definition at line 1367 of file ntifs.template.h.

◆ FSCTL_WRITE_PROPERTY_DATA

#define FSCTL_WRITE_PROPERTY_DATA   CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 34, METHOD_NEITHER, FILE_ANY_ACCESS)

Definition at line 1368 of file ntifs.template.h.

◆ GCR_ALLOW_LM

#define GCR_ALLOW_LM   0x1000

Definition at line 847 of file ntifs.template.h.

◆ GCR_ALLOW_NO_TARGET

#define GCR_ALLOW_NO_TARGET   0x2000

Definition at line 848 of file ntifs.template.h.

◆ GCR_ALLOW_NTLM

#define GCR_ALLOW_NTLM   0x100

Definition at line 843 of file ntifs.template.h.

◆ GCR_MACHINE_CREDENTIAL

#define GCR_MACHINE_CREDENTIAL   0x400

Definition at line 845 of file ntifs.template.h.

◆ GCR_NTLM3_PARMS

#define GCR_NTLM3_PARMS   0x20

Definition at line 840 of file ntifs.template.h.

◆ GCR_TARGET_INFO

#define GCR_TARGET_INFO   0x40

Definition at line 841 of file ntifs.template.h.

◆ GCR_USE_OEM_SET

#define GCR_USE_OEM_SET   0x200

Definition at line 844 of file ntifs.template.h.

◆ GCR_USE_OWF_PASSWORD

#define GCR_USE_OWF_PASSWORD   0x800

Definition at line 846 of file ntifs.template.h.

◆ GENERATE_CLIENT_CHALLENGE

#define GENERATE_CLIENT_CHALLENGE   0x10

Definition at line 839 of file ntifs.template.h.

◆ IO_ATTACH_DEVICE_API

#define IO_ATTACH_DEVICE_API   0x80000000

Definition at line 1315 of file ntifs.template.h.

◆ IO_TYPE_APC

#define IO_TYPE_APC   18

Definition at line 1317 of file ntifs.template.h.

◆ IO_TYPE_DEVICE_QUEUE

#define IO_TYPE_DEVICE_QUEUE   20

Definition at line 1319 of file ntifs.template.h.

◆ IO_TYPE_DPC

#define IO_TYPE_DPC   19

Definition at line 1318 of file ntifs.template.h.

◆ IO_TYPE_EVENT_PAIR

#define IO_TYPE_EVENT_PAIR   21

Definition at line 1320 of file ntifs.template.h.

◆ IO_TYPE_INTERRUPT

#define IO_TYPE_INTERRUPT   22

Definition at line 1321 of file ntifs.template.h.

◆ IO_TYPE_PROFILE

#define IO_TYPE_PROFILE   23

Definition at line 1322 of file ntifs.template.h.

◆ IOCTL_REDIR_QUERY_PATH

Definition at line 1259 of file ntifs.template.h.

◆ IOCTL_REDIR_QUERY_PATH_EX

Definition at line 1260 of file ntifs.template.h.

◆ IOCTL_VOLSNAP_FLUSH_AND_HOLD_WRITES

#define IOCTL_VOLSNAP_FLUSH_AND_HOLD_WRITES   CTL_CODE(VOLSNAPCONTROLTYPE, 0, METHOD_BUFFERED, FILE_READ_ACCESS | FILE_WRITE_ACCESS)

Definition at line 1282 of file ntifs.template.h.

◆ IRP_BEING_VERIFIED

#define IRP_BEING_VERIFIED   0x10

Definition at line 1324 of file ntifs.template.h.

◆ LOGON_CACHED_ACCOUNT

#define LOGON_CACHED_ACCOUNT   0x04

Definition at line 779 of file ntifs.template.h.

◆ LOGON_EXTRA_SIDS

#define LOGON_EXTRA_SIDS   0x20

Definition at line 781 of file ntifs.template.h.

◆ LOGON_GRACE_LOGON

#define LOGON_GRACE_LOGON   0x01000000

Definition at line 802 of file ntifs.template.h.

◆ LOGON_GUEST

#define LOGON_GUEST   0x01

Definition at line 777 of file ntifs.template.h.

◆ LOGON_LM_V2

#define LOGON_LM_V2   0x1000

Definition at line 788 of file ntifs.template.h.

◆ LOGON_NOENCRYPTION

#define LOGON_NOENCRYPTION   0x02

Definition at line 778 of file ntifs.template.h.

◆ LOGON_NT_V2

#define LOGON_NT_V2   0x800

Definition at line 787 of file ntifs.template.h.

◆ LOGON_NTLM_V2

#define LOGON_NTLM_V2   0x2000

Definition at line 789 of file ntifs.template.h.

◆ LOGON_NTLMV2_ENABLED

#define LOGON_NTLMV2_ENABLED   0x100

Definition at line 784 of file ntifs.template.h.

◆ LOGON_PROFILE_PATH_RETURNED

#define LOGON_PROFILE_PATH_RETURNED   0x400

Definition at line 786 of file ntifs.template.h.

◆ LOGON_RESOURCE_GROUPS

#define LOGON_RESOURCE_GROUPS   0x200

Definition at line 785 of file ntifs.template.h.

◆ LOGON_SERVER_TRUST_ACCOUNT

#define LOGON_SERVER_TRUST_ACCOUNT   0x80

Definition at line 783 of file ntifs.template.h.

◆ LOGON_SUBAUTH_SESSION_KEY

#define LOGON_SUBAUTH_SESSION_KEY   0x40

Definition at line 782 of file ntifs.template.h.

◆ LOGON_USED_LM_PASSWORD

#define LOGON_USED_LM_PASSWORD   0x08

Definition at line 780 of file ntifs.template.h.

◆ LPC_CLIENT_ID

#define LPC_CLIENT_ID   CLIENT_ID

Definition at line 1585 of file ntifs.template.h.

◆ LPC_HANDLE

#define LPC_HANDLE   HANDLE

Definition at line 1588 of file ntifs.template.h.

◆ LPC_KERNELMODE_MESSAGE

#define LPC_KERNELMODE_MESSAGE   (CSHORT)((USHORT)0x8000)

Definition at line 1624 of file ntifs.template.h.

◆ LPC_PVOID

#define LPC_PVOID   PVOID

Definition at line 1587 of file ntifs.template.h.

◆ LPC_SIZE_T

#define LPC_SIZE_T   SIZE_T

Definition at line 1586 of file ntifs.template.h.

◆ MAILSLOT_CLASS_FIRSTCLASS

#define MAILSLOT_CLASS_FIRSTCLASS   1

Definition at line 1326 of file ntifs.template.h.

◆ MAILSLOT_CLASS_SECONDCLASS

#define MAILSLOT_CLASS_SECONDCLASS   2

Definition at line 1327 of file ntifs.template.h.

◆ MAILSLOT_SIZE_AUTO

#define MAILSLOT_SIZE_AUTO   0

Definition at line 1329 of file ntifs.template.h.

◆ MAP_HIGH_PRIORITY

#define MAP_HIGH_PRIORITY   (64)

Definition at line 1257 of file ntifs.template.h.

◆ MAP_NO_READ

#define MAP_NO_READ   (16)

Definition at line 1256 of file ntifs.template.h.

◆ MAP_WAIT

#define MAP_WAIT   1

Definition at line 1255 of file ntifs.template.h.

◆ MAX_UNICODE_STACK_BUFFER_LENGTH

#define MAX_UNICODE_STACK_BUFFER_LENGTH   256

Definition at line 654 of file ntifs.template.h.

◆ MEM_DOS_LIM

#define MEM_DOS_LIM   0x40000000

Definition at line 1331 of file ntifs.template.h.

◆ METHOD_DIRECT_FROM_HARDWARE

#define METHOD_DIRECT_FROM_HARDWARE   METHOD_OUT_DIRECT

Definition at line 659 of file ntifs.template.h.

◆ METHOD_DIRECT_TO_HARDWARE

#define METHOD_DIRECT_TO_HARDWARE   METHOD_IN_DIRECT

Definition at line 658 of file ntifs.template.h.

◆ METHOD_FROM_CTL_CODE

#define METHOD_FROM_CTL_CODE (   ctrlCode)    ((ULONG)(ctrlCode & 3))

Definition at line 656 of file ntifs.template.h.

◆ MSV1_0_ALLOW_FORCE_GUEST

#define MSV1_0_ALLOW_FORCE_GUEST   0x00002000

Definition at line 755 of file ntifs.template.h.

◆ MSV1_0_ALLOW_MSVCHAPV2

#define MSV1_0_ALLOW_MSVCHAPV2   0x00010000

Definition at line 763 of file ntifs.template.h.

◆ MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT

#define MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT   0x20

Definition at line 746 of file ntifs.template.h.

◆ MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT

#define MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT   0x800

Definition at line 752 of file ntifs.template.h.

◆ MSV1_0_CHALLENGE_LENGTH

#define MSV1_0_CHALLENGE_LENGTH   8

Definition at line 738 of file ntifs.template.h.

◆ MSV1_0_CLEARTEXT_PASSWORD_ALLOWED

#define MSV1_0_CLEARTEXT_PASSWORD_ALLOWED   0x02

Definition at line 742 of file ntifs.template.h.

◆ MSV1_0_CRED_LM_PRESENT

#define MSV1_0_CRED_LM_PRESENT   0x1

Definition at line 805 of file ntifs.template.h.

◆ MSV1_0_CRED_NT_PRESENT

#define MSV1_0_CRED_NT_PRESENT   0x2

Definition at line 806 of file ntifs.template.h.

◆ MSV1_0_CRED_VERSION

#define MSV1_0_CRED_VERSION   0

Definition at line 807 of file ntifs.template.h.

◆ MSV1_0_DISABLE_PERSONAL_FALLBACK

#define MSV1_0_DISABLE_PERSONAL_FALLBACK   0x00001000

Definition at line 754 of file ntifs.template.h.

◆ MSV1_0_DONT_TRY_GUEST_ACCOUNT

#define MSV1_0_DONT_TRY_GUEST_ACCOUNT   0x10

Definition at line 745 of file ntifs.template.h.

◆ MSV1_0_LANMAN_SESSION_KEY_LENGTH

#define MSV1_0_LANMAN_SESSION_KEY_LENGTH   8

Definition at line 740 of file ntifs.template.h.

◆ MSV1_0_MAX_AVL_SIZE

#define MSV1_0_MAX_AVL_SIZE   64000

Definition at line 817 of file ntifs.template.h.

◆ MSV1_0_MAX_NTLM3_LIFE

#define MSV1_0_MAX_NTLM3_LIFE   129600

Definition at line 815 of file ntifs.template.h.

◆ MSV1_0_MNS_LOGON

#define MSV1_0_MNS_LOGON   0x01000000

Definition at line 772 of file ntifs.template.h.

◆ MSV1_0_NTLM3_INPUT_LENGTH

#define MSV1_0_NTLM3_INPUT_LENGTH   (sizeof(MSV1_0_NTLM3_RESPONSE) - MSV1_0_NTLM3_RESPONSE_LENGTH)

Definition at line 829 of file ntifs.template.h.

◆ MSV1_0_NTLM3_OWF_LENGTH

#define MSV1_0_NTLM3_OWF_LENGTH   16

Definition at line 810 of file ntifs.template.h.

◆ MSV1_0_NTLM3_RESPONSE_LENGTH

#define MSV1_0_NTLM3_RESPONSE_LENGTH   16

Definition at line 809 of file ntifs.template.h.

◆ MSV1_0_OWF_PASSWORD_LENGTH

#define MSV1_0_OWF_PASSWORD_LENGTH   16

Definition at line 804 of file ntifs.template.h.

◆ MSV1_0_PACKAGE_NAME

#define MSV1_0_PACKAGE_NAME   "MICROSOFT_AUTHENTICATION_PACKAGE_V1_0"

Definition at line 731 of file ntifs.template.h.

◆ MSV1_0_PACKAGE_NAMEW

#define MSV1_0_PACKAGE_NAMEW   L"MICROSOFT_AUTHENTICATION_PACKAGE_V1_0"

Definition at line 732 of file ntifs.template.h.

◆ MSV1_0_PACKAGE_NAMEW_LENGTH

#define MSV1_0_PACKAGE_NAMEW_LENGTH   sizeof(MSV1_0_PACKAGE_NAMEW) - sizeof(WCHAR)

Definition at line 733 of file ntifs.template.h.

◆ MSV1_0_RETURN_PASSWORD_EXPIRY

#define MSV1_0_RETURN_PASSWORD_EXPIRY   0x40

Definition at line 747 of file ntifs.template.h.

◆ MSV1_0_RETURN_PROFILE_PATH

#define MSV1_0_RETURN_PROFILE_PATH   0x200

Definition at line 750 of file ntifs.template.h.

◆ MSV1_0_RETURN_USER_PARAMETERS

#define MSV1_0_RETURN_USER_PARAMETERS   0x08

Definition at line 744 of file ntifs.template.h.

◆ MSV1_0_SUBAUTHENTICATION_DLL

#define MSV1_0_SUBAUTHENTICATION_DLL   0xFF000000

Definition at line 770 of file ntifs.template.h.

◆ MSV1_0_SUBAUTHENTICATION_DLL_EX

#define MSV1_0_SUBAUTHENTICATION_DLL_EX   0x00100000

Definition at line 762 of file ntifs.template.h.

◆ MSV1_0_SUBAUTHENTICATION_DLL_IIS

#define MSV1_0_SUBAUTHENTICATION_DLL_IIS   132

Definition at line 775 of file ntifs.template.h.

◆ MSV1_0_SUBAUTHENTICATION_DLL_RAS

#define MSV1_0_SUBAUTHENTICATION_DLL_RAS   2

Definition at line 774 of file ntifs.template.h.

◆ MSV1_0_SUBAUTHENTICATION_DLL_SHIFT

#define MSV1_0_SUBAUTHENTICATION_DLL_SHIFT   24

Definition at line 771 of file ntifs.template.h.

◆ MSV1_0_SUBAUTHENTICATION_FLAGS

#define MSV1_0_SUBAUTHENTICATION_FLAGS   0xFF000000

Definition at line 800 of file ntifs.template.h.

◆ MSV1_0_SUBAUTHENTICATION_KEY

#define MSV1_0_SUBAUTHENTICATION_KEY   "SYSTEM\\CurrentControlSet\\Control\\Lsa\\MSV1_0"

Definition at line 735 of file ntifs.template.h.

◆ MSV1_0_SUBAUTHENTICATION_VALUE

#define MSV1_0_SUBAUTHENTICATION_VALUE   "Auth"

Definition at line 736 of file ntifs.template.h.

◆ MSV1_0_TRY_GUEST_ACCOUNT_ONLY

#define MSV1_0_TRY_GUEST_ACCOUNT_ONLY   0x100

Definition at line 749 of file ntifs.template.h.

◆ MSV1_0_TRY_SPECIFIED_DOMAIN_ONLY

#define MSV1_0_TRY_SPECIFIED_DOMAIN_ONLY   0x400

Definition at line 751 of file ntifs.template.h.

◆ MSV1_0_UPDATE_LOGON_STATISTICS

#define MSV1_0_UPDATE_LOGON_STATISTICS   0x04

Definition at line 743 of file ntifs.template.h.

◆ MSV1_0_USE_CLIENT_CHALLENGE

#define MSV1_0_USE_CLIENT_CHALLENGE   0x80

Definition at line 748 of file ntifs.template.h.

◆ MSV1_0_USER_SESSION_KEY_LENGTH

#define MSV1_0_USER_SESSION_KEY_LENGTH   16

Definition at line 739 of file ntifs.template.h.

◆ NETWORK_OPEN_ECP_IN_FLAG_DISABLE_HANDLE_COLLAPSING

#define NETWORK_OPEN_ECP_IN_FLAG_DISABLE_HANDLE_COLLAPSING   0x1

Definition at line 1158 of file ntifs.template.h.

◆ NETWORK_OPEN_ECP_IN_FLAG_DISABLE_HANDLE_DURABILITY

#define NETWORK_OPEN_ECP_IN_FLAG_DISABLE_HANDLE_DURABILITY   0x2

Definition at line 1159 of file ntifs.template.h.

◆ NETWORK_OPEN_ECP_IN_FLAG_FORCE_BUFFERED_SYNCHRONOUS_IO_HACK

#define NETWORK_OPEN_ECP_IN_FLAG_FORCE_BUFFERED_SYNCHRONOUS_IO_HACK   0x80000000

Definition at line 1160 of file ntifs.template.h.

◆ NLS_OEM_LEAD_BYTE_INFO

#define NLS_OEM_LEAD_BYTE_INFO   (*NlsOemLeadByteInfo)

Definition at line 1137 of file ntifs.template.h.

◆ OB_TYPE_ADAPTER

#define OB_TYPE_ADAPTER   18

Definition at line 1350 of file ntifs.template.h.

◆ OB_TYPE_CONTROLLER

#define OB_TYPE_CONTROLLER   19

Definition at line 1351 of file ntifs.template.h.

◆ OB_TYPE_DESKTOP

#define OB_TYPE_DESKTOP   14

Definition at line 1346 of file ntifs.template.h.

◆ OB_TYPE_DEVICE

#define OB_TYPE_DEVICE   20

Definition at line 1352 of file ntifs.template.h.

◆ OB_TYPE_DIRECTORY

#define OB_TYPE_DIRECTORY   2

Definition at line 1334 of file ntifs.template.h.

◆ OB_TYPE_DRIVER

#define OB_TYPE_DRIVER   21

Definition at line 1353 of file ntifs.template.h.

◆ OB_TYPE_EVENT

#define OB_TYPE_EVENT   7

Definition at line 1339 of file ntifs.template.h.

◆ OB_TYPE_EVENT_PAIR

#define OB_TYPE_EVENT_PAIR   8

Definition at line 1340 of file ntifs.template.h.

◆ OB_TYPE_FILE

#define OB_TYPE_FILE   23

Definition at line 1355 of file ntifs.template.h.

◆ OB_TYPE_IO_COMPLETION

#define OB_TYPE_IO_COMPLETION   22

Definition at line 1354 of file ntifs.template.h.

◆ OB_TYPE_KEY

#define OB_TYPE_KEY   16

Definition at line 1348 of file ntifs.template.h.

◆ OB_TYPE_MUTANT

#define OB_TYPE_MUTANT   9

Definition at line 1341 of file ntifs.template.h.

◆ OB_TYPE_PORT

#define OB_TYPE_PORT   17

Definition at line 1349 of file ntifs.template.h.

◆ OB_TYPE_PROCESS

#define OB_TYPE_PROCESS   5

Definition at line 1337 of file ntifs.template.h.

◆ OB_TYPE_PROFILE

#define OB_TYPE_PROFILE   12

Definition at line 1344 of file ntifs.template.h.

◆ OB_TYPE_SECTION

#define OB_TYPE_SECTION   15

Definition at line 1347 of file ntifs.template.h.

◆ OB_TYPE_SEMAPHORE

#define OB_TYPE_SEMAPHORE   10

Definition at line 1342 of file ntifs.template.h.

◆ OB_TYPE_SYMBOLIC_LINK

#define OB_TYPE_SYMBOLIC_LINK   3

Definition at line 1335 of file ntifs.template.h.

◆ OB_TYPE_THREAD

#define OB_TYPE_THREAD   6

Definition at line 1338 of file ntifs.template.h.

◆ OB_TYPE_TIMER

#define OB_TYPE_TIMER   11

Definition at line 1343 of file ntifs.template.h.

◆ OB_TYPE_TOKEN

#define OB_TYPE_TOKEN   4

Definition at line 1336 of file ntifs.template.h.

◆ OB_TYPE_TYPE

#define OB_TYPE_TYPE   1

Definition at line 1333 of file ntifs.template.h.

◆ OB_TYPE_WINDOW_STATION

#define OB_TYPE_WINDOW_STATION   13

Definition at line 1345 of file ntifs.template.h.

◆ PIN_CALLER_TRACKS_DIRTY_DATA

#define PIN_CALLER_TRACKS_DIRTY_DATA   (32)

Definition at line 1252 of file ntifs.template.h.

◆ PIN_EXCLUSIVE

#define PIN_EXCLUSIVE   (2)

Definition at line 1249 of file ntifs.template.h.

◆ PIN_HIGH_PRIORITY

#define PIN_HIGH_PRIORITY   (64)

Definition at line 1253 of file ntifs.template.h.

◆ PIN_IF_BCB

#define PIN_IF_BCB   (8)

Definition at line 1251 of file ntifs.template.h.

◆ PIN_NO_READ

#define PIN_NO_READ   (4)

Definition at line 1250 of file ntifs.template.h.

◆ PIN_WAIT

#define PIN_WAIT   (1)

Definition at line 1248 of file ntifs.template.h.

◆ PsDereferenceImpersonationToken

#define PsDereferenceImpersonationToken (   T)
Value:
{if (ARGUMENT_PRESENT(T)) { \
} else { \
; \
} \
}
VOID NTAPI ObDereferenceObject(IN PVOID Object)
Definition: obref.c:375
#define T
Definition: mbstring.h:31
#define ARGUMENT_PRESENT(ArgumentPointer)

Definition at line 1759 of file ntifs.template.h.

◆ RETURN_NON_NT_USER_SESSION_KEY

#define RETURN_NON_NT_USER_SESSION_KEY   0x08

Definition at line 838 of file ntifs.template.h.

◆ RETURN_PRIMARY_LOGON_DOMAINNAME

#define RETURN_PRIMARY_LOGON_DOMAINNAME   0x04

Definition at line 837 of file ntifs.template.h.

◆ RETURN_PRIMARY_USERNAME

#define RETURN_PRIMARY_USERNAME   0x02

Definition at line 836 of file ntifs.template.h.

◆ RETURN_RESERVED_PARAMETER

#define RETURN_RESERVED_PARAMETER   0x80

Definition at line 842 of file ntifs.template.h.

◆ SEC_BASED

#define SEC_BASED   0x00200000

Definition at line 1357 of file ntifs.template.h.

◆ SeEnableAccessToExports

#define SeEnableAccessToExports ( )    SeExports = *(PSE_EXPORTS *)SeExports;

Definition at line 1786 of file ntifs.template.h.

◆ SetFlag

#define SetFlag (   _F,
  _SF 
)    ((_F) |= (_SF))

◆ SYSTEM_PAGE_PRIORITY_BITS

#define SYSTEM_PAGE_PRIORITY_BITS   3

Definition at line 1082 of file ntifs.template.h.

◆ SYSTEM_PAGE_PRIORITY_LEVELS

#define SYSTEM_PAGE_PRIORITY_LEVELS   (1 << SYSTEM_PAGE_PRIORITY_BITS)

Definition at line 1083 of file ntifs.template.h.

◆ USE_PRIMARY_PASSWORD

#define USE_PRIMARY_PASSWORD   0x01

Definition at line 835 of file ntifs.template.h.

◆ VER_PRODUCTBUILD

#define VER_PRODUCTBUILD   10000

Definition at line 1286 of file ntifs.template.h.

◆ VOLSNAPCONTROLTYPE

#define VOLSNAPCONTROLTYPE   0x00000053

Definition at line 1281 of file ntifs.template.h.

Typedef Documentation

◆ FILE_COPY_ON_WRITE_INFORMATION

◆ FILE_EXCLUSIVE_LOCK_ENTRY

◆ FILE_FULL_DIRECTORY_INFORMATION

◆ FILE_MAILSLOT_PEEK_BUFFER

◆ FILE_OLE_ALL_INFORMATION

◆ FILE_OLE_CLASSID_INFORMATION

◆ FILE_OLE_DIR_INFORMATION

◆ FILE_OLE_INFORMATION

◆ FILE_OLE_STATE_BITS_INFORMATION

◆ FILE_SHARED_LOCK_ENTRY

◆ FILE_STORAGE_TYPE

◆ GET_RETRIEVAL_DESCRIPTOR

◆ LSA_OBJECT_ATTRIBUTES

Definition at line 66 of file ntifs.template.h.

◆ LSA_OPERATIONAL_MODE

Definition at line 661 of file ntifs.template.h.

◆ LSA_STRING

typedef STRING LSA_STRING

Definition at line 65 of file ntifs.template.h.

◆ MAPPING_PAIR

◆ MOVEFILE_DESCRIPTOR

◆ MSV1_0_AV_PAIR

◆ MSV1_0_AVID

◆ MSV1_0_ENUMUSERS_REQUEST

◆ MSV1_0_ENUMUSERS_RESPONSE

◆ MSV1_0_GETCHALLENRESP_REQUEST

◆ MSV1_0_GETCHALLENRESP_REQUEST_V1

◆ MSV1_0_GETCHALLENRESP_RESPONSE

◆ MSV1_0_GETUSERINFO_REQUEST

◆ MSV1_0_GETUSERINFO_RESPONSE

◆ MSV1_0_INTERACTIVE_LOGON

◆ MSV1_0_INTERACTIVE_PROFILE

◆ MSV1_0_LM20_CHALLENGE_REQUEST

◆ MSV1_0_LM20_CHALLENGE_RESPONSE

◆ MSV1_0_LM20_LOGON

◆ MSV1_0_LM20_LOGON_PROFILE

◆ MSV1_0_LOGON_SUBMIT_TYPE

◆ MSV1_0_NTLM3_RESPONSE

◆ MSV1_0_PROFILE_BUFFER_TYPE

◆ MSV1_0_PROTOCOL_MESSAGE_TYPE

◆ MSV1_0_SUBAUTH_LOGON

◆ MSV1_0_SUPPLEMENTAL_CREDENTIAL

◆ NETWORK_OPEN_ECP_CONTEXT

◆ NETWORK_OPEN_ECP_CONTEXT_V0

◆ NETWORK_OPEN_INTEGRITY_QUALIFIER

◆ NETWORK_OPEN_LOCATION_QUALIFIER

◆ NFS_OPEN_ECP_CONTEXT

◆ OBJECT_ALL_TYPES_INFO

◆ OBJECT_BASIC_INFO

◆ OBJECT_BASIC_INFORMATION

◆ OBJECT_HANDLE_ATTRIBUTE_INFO

◆ OBJECT_NAME_INFO

◆ OBJECT_PROTECTION_INFO

◆ OBJECT_TYPE_INFO

◆ PFILE_COPY_ON_WRITE_INFORMATION

◆ PFILE_EXCLUSIVE_LOCK_ENTRY

◆ PFILE_FULL_DIRECTORY_INFORMATION

◆ PFILE_MAILSLOT_PEEK_BUFFER

◆ PFILE_OLE_ALL_INFORMATION

◆ PFILE_OLE_CLASSID_INFORMATION

◆ PFILE_OLE_DIR_INFORMATION

◆ PFILE_OLE_INFORMATION

◆ PFILE_OLE_STATE_BITS_INFORMATION

◆ PFILE_SHARED_LOCK_ENTRY

◆ PGET_RETRIEVAL_DESCRIPTOR

◆ PLSA_OBJECT_ATTRIBUTES

Definition at line 66 of file ntifs.template.h.

◆ PLSA_OPERATIONAL_MODE

Definition at line 661 of file ntifs.template.h.

◆ PLSA_STRING

typedef STRING * PLSA_STRING

Definition at line 65 of file ntifs.template.h.

◆ PMAPPING_PAIR

◆ PMOVEFILE_DESCRIPTOR

◆ PMSV1_0_AV_PAIR

◆ PMSV1_0_ENUMUSERS_REQUEST

◆ PMSV1_0_ENUMUSERS_RESPONSE

◆ PMSV1_0_GETCHALLENRESP_REQUEST

◆ PMSV1_0_GETCHALLENRESP_REQUEST_V1

◆ PMSV1_0_GETCHALLENRESP_RESPONSE

◆ PMSV1_0_GETUSERINFO_REQUEST

◆ PMSV1_0_GETUSERINFO_RESPONSE

◆ PMSV1_0_INTERACTIVE_LOGON

◆ PMSV1_0_INTERACTIVE_PROFILE

◆ PMSV1_0_LM20_CHALLENGE_REQUEST

◆ PMSV1_0_LM20_CHALLENGE_RESPONSE

◆ PMSV1_0_LM20_LOGON

◆ PMSV1_0_LM20_LOGON_PROFILE

◆ PMSV1_0_LOGON_SUBMIT_TYPE

◆ PMSV1_0_NTLM3_RESPONSE

◆ PMSV1_0_PROFILE_BUFFER_TYPE

◆ PMSV1_0_PROTOCOL_MESSAGE_TYPE

◆ PMSV1_0_SUBAUTH_LOGON

◆ PMSV1_0_SUPPLEMENTAL_CREDENTIAL

◆ PNETWORK_OPEN_ECP_CONTEXT

◆ PNETWORK_OPEN_ECP_CONTEXT_V0

◆ PNFS_OPEN_ECP_CONTEXT

◆ POBJECT_ALL_TYPES_INFO

◆ POBJECT_BASIC_INFO

◆ POBJECT_BASIC_INFORMATION

◆ POBJECT_HANDLE_ATTRIBUTE_INFO

◆ POBJECT_NAME_INFO

◆ POBJECT_PROTECTION_INFO

◆ POBJECT_TYPE_INFO

◆ PORT_MESSAGE

◆ PORT_VIEW

◆ PPNFS_OPEN_ECP_CONTEXT

◆ PPORT_MESSAGE

◆ PPORT_VIEW

◆ PPREFETCH_OPEN_ECP_CONTEXT

◆ PPUBLIC_OBJECT_TYPE_INFORMATION

◆ PQUERY_PATH_REQUEST

◆ PQUERY_PATH_REQUEST_EX

◆ PQUERY_PATH_RESPONSE

◆ PREFETCH_OPEN_ECP_CONTEXT

◆ PREMOTE_PORT_VIEW

◆ PSECURITY_LOGON_TYPE

◆ PSOCKADDR_STORAGE_NFS

Definition at line 1231 of file ntifs.template.h.

◆ PSRV_OPEN_ECP_CONTEXT

◆ PUBLIC_OBJECT_TYPE_INFORMATION

◆ PVAD_HEADER

◆ QUERY_PATH_REQUEST

◆ QUERY_PATH_REQUEST_EX

◆ QUERY_PATH_RESPONSE

◆ REMOTE_PORT_VIEW

◆ SECURITY_LOGON_TYPE

◆ SRV_OPEN_ECP_CONTEXT

◆ VAD_HEADER

Enumeration Type Documentation

◆ _FILE_STORAGE_TYPE

Enumerator
StorageTypeDefault 
StorageTypeDirectory 
StorageTypeFile 
StorageTypeJunctionPoint 
StorageTypeCatalog 
StorageTypeStructuredStorage 
StorageTypeEmbedding 
StorageTypeStream 

Definition at line 1387 of file ntifs.template.h.

◆ _MSV1_0_AVID

Enumerator
MsvAvEOL 
MsvAvNbComputerName 
MsvAvNbDomainName 
MsvAvDnsComputerName 
MsvAvDnsDomainName 

Definition at line 959 of file ntifs.template.h.

959  {
960  MsvAvEOL,
965 #if (_WIN32_WINNT >= 0x0501)
966  MsvAvDnsTreeName,
967  MsvAvFlags,
968 #if (_WIN32_WINNT >= 0x0600)
969  MsvAvTimestamp,
970  MsvAvRestrictions,
971  MsvAvTargetName,
972  MsvAvChannelBindings,
973 #endif
974 #endif
975 } MSV1_0_AVID;
enum _MSV1_0_AVID MSV1_0_AVID

◆ _MSV1_0_LOGON_SUBMIT_TYPE

Enumerator
MsV1_0InteractiveLogon 
MsV1_0Lm20Logon 
MsV1_0NetworkLogon 
MsV1_0SubAuthLogon 
MsV1_0WorkstationUnlockLogon 
MsV1_0InteractiveLogon 
MsV1_0Lm20Logon 
MsV1_0NetworkLogon 
MsV1_0SubAuthLogon 
MsV1_0WorkstationUnlockLogon 
MsV1_0S4ULogon 
MsV1_0VirtualLogon 

Definition at line 850 of file ntifs.template.h.

◆ _MSV1_0_PROFILE_BUFFER_TYPE

Enumerator
MsV1_0InteractiveProfile 
MsV1_0Lm20LogonProfile 
MsV1_0SmartCardProfile 
MsV1_0InteractiveProfile 
MsV1_0Lm20LogonProfile 
MsV1_0SmartCardProfile 

Definition at line 860 of file ntifs.template.h.

860  {
enum _MSV1_0_PROFILE_BUFFER_TYPE * PMSV1_0_PROFILE_BUFFER_TYPE
enum _MSV1_0_PROFILE_BUFFER_TYPE MSV1_0_PROFILE_BUFFER_TYPE

◆ _MSV1_0_PROTOCOL_MESSAGE_TYPE

Enumerator
MsV1_0Lm20ChallengeRequest 
MsV1_0Lm20GetChallengeResponse 
MsV1_0EnumerateUsers 
MsV1_0GetUserInfo 
MsV1_0ReLogonUsers 
MsV1_0ChangePassword 
MsV1_0ChangeCachedPassword 
MsV1_0GenericPassthrough 
MsV1_0CacheLogon 
MsV1_0SubAuth 
MsV1_0DeriveCredential 
MsV1_0CacheLookup 
MsV1_0Lm20ChallengeRequest 
MsV1_0Lm20GetChallengeResponse 
MsV1_0EnumerateUsers 
MsV1_0GetUserInfo 
MsV1_0ReLogonUsers 
MsV1_0ChangePassword 
MsV1_0ChangeCachedPassword 
MsV1_0GenericPassthrough 
MsV1_0CacheLogon 
MsV1_0SubAuth 
MsV1_0DeriveCredential 
MsV1_0CacheLookup 

Definition at line 982 of file ntifs.template.h.

982  {
995 #if (_WIN32_WINNT >= 0x0501)
996  MsV1_0SetProcessOption,
997 #endif
998 #if (_WIN32_WINNT >= 0x0600)
999  MsV1_0ConfigLocalAliases,
1000  MsV1_0ClearCachedCredentials,
1001 #endif
enum _MSV1_0_PROTOCOL_MESSAGE_TYPE * PMSV1_0_PROTOCOL_MESSAGE_TYPE
enum _MSV1_0_PROTOCOL_MESSAGE_TYPE MSV1_0_PROTOCOL_MESSAGE_TYPE

◆ _NETWORK_OPEN_INTEGRITY_QUALIFIER

Enumerator
NetworkOpenIntegrityAny 
NetworkOpenIntegrityNone 
NetworkOpenIntegritySigned 
NetworkOpenIntegrityEncrypted 
NetworkOpenIntegrityMaximum 

Definition at line 1148 of file ntifs.template.h.

◆ _NETWORK_OPEN_LOCATION_QUALIFIER

Enumerator
NetworkOpenLocationAny 
NetworkOpenLocationRemote 
NetworkOpenLocationLoopback 

Definition at line 1142 of file ntifs.template.h.

◆ _SECURITY_LOGON_TYPE

Enumerator
Interactive 
Network 
Batch 
Service 
Proxy 
Unlock 
UndefinedLogonType 
Interactive 
Network 
Batch 
Service 
Proxy 
Unlock 
NetworkCleartext 
NewCredentials 

Definition at line 663 of file ntifs.template.h.

663  {
664  UndefinedLogonType = 0,
665  Interactive = 2,
666  Network,
667  Batch,
668  Service,
669  Proxy,
670  Unlock,
673 #if (_WIN32_WINNT >= 0x0501)
674  RemoteInteractive,
675  CachedInteractive,
676 #endif
677 #if (_WIN32_WINNT >= 0x0502)
678  CachedRemoteInteractive,
679  CachedUnlock
680 #endif
enum _SECURITY_LOGON_TYPE SECURITY_LOGON_TYPE
enum _SECURITY_LOGON_TYPE * PSECURITY_LOGON_TYPE

Function Documentation

◆ $define()

$define ( UCHAR  = UCHAR)

◆ $include() [1/3]

$include ( setypes.  h)

◆ $include() [2/3]

$include ( iotypes.  h)

Definition at line 1067 of file ntifs.template.h.

1069  {
1070  ULONG Attributes;
1072  ULONG HandleCount;
1073  ULONG PointerCount;
1074  ULONG Reserved[10];
_Reserved_ PVOID Reserved
Definition: winddi.h:3974
PUBLIC_OBJECT_BASIC_INFORMATION
* PPUBLIC_OBJECT_BASIC_INFORMATION
_Must_inspect_result_ _In_ USHORT _In_ PHIDP_PREPARSED_DATA _Out_writes_to_ LengthAttributes PHIDP_EXTENDED_ATTRIBUTES Attributes
Definition: hidpi.h:348
unsigned int ULONG
Definition: retypes.h:1
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK GrantedAccess
Definition: sefuncs.h:13
ULONG ACCESS_MASK
Definition: nt_native.h:40

◆ $include() [3/3]

$include ( ketypes.  h)

◆ _In_reads_bytes_()

◆ _IRQL_requires_max_()

_IRQL_requires_max_ ( PASSIVE_LEVEL  )

Definition at line 64 of file Messaging.c.

75 {
76  PFLT_SERVER_PORT_OBJECT PortObject;
78 
79  /* The caller must allow at least one connection */
80  if (MaxConnections == 0)
81  {
83  }
84 
85  /* The request must be for a kernel handle */
86  if (!(ObjectAttributes->Attributes & OBJ_KERNEL_HANDLE))
87  {
89  }
90 
91  /*
92  * Get rundown protection on the target to stop the owner
93  * from unloading whilst this port object is open. It gets
94  * removed in the FltpServerPortClose callback
95  */
97  if (!NT_SUCCESS(Status))
98  {
99  return Status;
100  }
101 
102  /* Create the server port object for this filter */
106  KernelMode,
107  NULL,
108  sizeof(FLT_SERVER_PORT_OBJECT),
109  0,
110  0,
111  (PVOID *)&PortObject);
112  if (NT_SUCCESS(Status))
113  {
114  /* Zero out the struct */
115  RtlZeroMemory(PortObject, sizeof(FLT_SERVER_PORT_OBJECT));
116 
117  /* Increment the ref count on the target filter */
119 
120  /* Setup the filter port object */
121  PortObject->Filter = Filter;
122  PortObject->ConnectNotify = ConnectNotifyCallback;
124  PortObject->MessageNotify = MessageNotifyCallback;
125  PortObject->Cookie = ServerPortCookie;
126  PortObject->MaxConnections = MaxConnections;
127 
128  /* Insert the object */
129  Status = ObInsertObject(PortObject,
130  NULL,
132  0,
133  NULL,
135  if (NT_SUCCESS(Status))
136  {
137  /* Lock the connection list */
139 
140  /* Add the new port object to the connection list and increment the count */
143 
144  /* Unlock the connection list*/
146  }
147  }
148 
149  if (!NT_SUCCESS(Status))
150  {
151  /* Allow the filter to be cleaned up */
153  }
154 
155  return Status;
156 }
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:35
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
_Must_inspect_result_ _Outptr_ PFLT_PORT * ServerPort
Definition: fltkernel.h:1873
PFLT_CONNECT_NOTIFY ConnectNotify
Definition: fltmgrint.h:191
VOID FLTAPI FltObjectDereference(_Inout_ PVOID Object)
Definition: Object.c:53
LONG NTSTATUS
Definition: precomp.h:26
#define InsertTailList(ListHead, Entry)
VOID FASTCALL ExReleaseFastMutex(IN PFAST_MUTEX FastMutex)
Definition: fmutex.c:31
ULONG FltpObjectPointerReference(_In_ PFLT_OBJECT Object)
Definition: Object.c:322
LIST_ENTRY mList
Definition: fltmgrint.h:56
_Must_inspect_result_ _In_opt_ PFLT_FILTER Filter
Definition: fltkernel.h:1802
#define FILE_READ_DATA
Definition: nt_native.h:628
smooth NULL
Definition: ftsmooth.c:416
NTSTATUS NTAPI ObCreateObject(IN KPROCESSOR_MODE ProbeMode OPTIONAL, IN POBJECT_TYPE Type, IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN KPROCESSOR_MODE AccessMode, IN OUT PVOID ParseContext OPTIONAL, IN ULONG ObjectSize, IN ULONG PagedPoolCharge OPTIONAL, IN ULONG NonPagedPoolCharge OPTIONAL, OUT PVOID *Object)
Definition: oblife.c:952
POBJECT_TYPE ServerPortObjectType
Definition: Messaging.c:24
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
_Must_inspect_result_ _Outptr_ PFLT_PORT _In_ POBJECT_ATTRIBUTES _In_opt_ PVOID _In_ PFLT_CONNECT_NOTIFY _In_ PFLT_DISCONNECT_NOTIFY DisconnectNotifyCallback
Definition: fltkernel.h:1873
PVOID *typedef PHANDLE
Definition: ntsecpkg.h:414
_Must_inspect_result_ _Outptr_ PFLT_PORT _In_ POBJECT_ATTRIBUTES _In_opt_ PVOID _In_ PFLT_CONNECT_NOTIFY ConnectNotifyCallback
Definition: fltkernel.h:1873
Status
Definition: gdiplustypes.h:24
NTSTATUS NTAPI ObInsertObject(IN PVOID Object, IN PACCESS_STATE AccessState OPTIONAL, IN ACCESS_MASK DesiredAccess, IN ULONG ObjectPointerBias, OUT PVOID *NewObject OPTIONAL, OUT PHANDLE Handle)
Definition: obhandle.c:2932
#define STANDARD_RIGHTS_ALL
Definition: nt_native.h:69
VOID FASTCALL ExAcquireFastMutex(IN PFAST_MUTEX FastMutex)
Definition: fmutex.c:23
NTSTATUS FLTAPI FltObjectReference(_Inout_ PVOID Object)
Definition: Object.c:41
_Must_inspect_result_ _Outptr_ PFLT_PORT _In_ POBJECT_ATTRIBUTES _In_opt_ PVOID ServerPortCookie
Definition: fltkernel.h:1873
FAST_MUTEX mLock
Definition: fltmgrint.h:55
PFLT_MESSAGE_NOTIFY MessageNotify
Definition: fltmgrint.h:193
#define RtlZeroMemory(Destination, Length)
Definition: typedefs.h:261
_Must_inspect_result_ _Outptr_ PFLT_PORT _In_ POBJECT_ATTRIBUTES _In_opt_ PVOID _In_ PFLT_CONNECT_NOTIFY _In_ PFLT_DISCONNECT_NOTIFY _In_opt_ PFLT_MESSAGE_NOTIFY _In_ LONG MaxConnections
Definition: fltkernel.h:1873
PFLT_DISCONNECT_NOTIFY DisconnectNotify
Definition: fltmgrint.h:192
#define OBJ_KERNEL_HANDLE
Definition: winternl.h:231
_Must_inspect_result_ _Outptr_ PFLT_PORT _In_ POBJECT_ATTRIBUTES _In_opt_ PVOID _In_ PFLT_CONNECT_NOTIFY _In_ PFLT_DISCONNECT_NOTIFY _In_opt_ PFLT_MESSAGE_NOTIFY MessageNotifyCallback
Definition: fltkernel.h:1873
FLT_MUTEX_LIST_HEAD ConnectionList
Definition: fltmgrint.h:121

◆ _Out_writes_bytes_opt_() [1/2]

◆ _Out_writes_bytes_opt_() [2/2]

_In_ SECURITY_INFORMATION _Out_writes_bytes_opt_ ( Length  )

◆ _Out_writes_bytes_to_opt_()

_In_ TOKEN_INFORMATION_CLASS _Out_writes_bytes_to_opt_ ( TokenInformationLength  ,
ReturnLength 
)

◆ _When_()

◆ C_ASSERT() [1/2]

C_ASSERT ( FIELD_OFFSET(ERESOURCE, ActiveCount)  = =0x0c)

◆ C_ASSERT() [2/2]

C_ASSERT ( FIELD_OFFSET(ERESOURCE, Flag = =0x0e)

◆ CcGetLsnForFileObject()

NTKERNELAPI LARGE_INTEGER NTAPI CcGetLsnForFileObject ( _In_ PFILE_OBJECT  FileObject,
_Out_opt_ PLARGE_INTEGER  OldestLsn 
)

◆ DEFINE_GUID() [1/4]

DEFINE_GUID ( GUID_ECP_NETWORK_OPEN_CONTEXT  ,
0xc584edbf  ,
0x00df  ,
0x4d28  ,
0xb8  ,
0x84  ,
0x35  ,
0xba  ,
0xca  ,
0x89  ,
0x11  ,
0xe8   
)

◆ DEFINE_GUID() [2/4]

DEFINE_GUID ( GUID_ECP_PREFETCH_OPEN  ,
0xe1777b21  ,
0x847e  ,
0x4837  ,
0xaa  ,
0x45  ,
0x64  ,
0x16  ,
0x1d  ,
0x28  ,
0x6  ,
0x55   
)

◆ DEFINE_GUID() [3/4]

DEFINE_GUID ( GUID_ECP_NFS_OPEN  ,
0xf326d30c  ,
0xe5f8  ,
0x4fe7  ,
0xab  ,
0x74  ,
0xf5  ,
0xa3  ,
0x19  ,
0x6d  ,
0x92  ,
0xdb   
)

◆ DEFINE_GUID() [4/4]

DEFINE_GUID ( GUID_ECP_SRV_OPEN  ,
0xbebfaebc  ,
0xaabf  ,
0x489d  ,
0x9d  ,
0x2c  ,
0xe9  ,
0xe3  ,
0x61  ,
0x10  ,
0x28  ,
0x53   
)

◆ FsRtlAllocatePool()

NTKERNELAPI PVOID NTAPI FsRtlAllocatePool ( _In_ POOL_TYPE  PoolType,
_In_ ULONG  NumberOfBytes 
)

◆ FsRtlAllocatePoolWithQuota()

NTKERNELAPI PVOID NTAPI FsRtlAllocatePoolWithQuota ( _In_ POOL_TYPE  PoolType,
_In_ ULONG  NumberOfBytes 
)

◆ FsRtlAllocatePoolWithQuotaTag()

NTKERNELAPI PVOID NTAPI FsRtlAllocatePoolWithQuotaTag ( _In_ POOL_TYPE  PoolType,
_In_ ULONG  NumberOfBytes,
_In_ ULONG  Tag 
)

◆ FsRtlAllocatePoolWithTag()

NTKERNELAPI PVOID NTAPI FsRtlAllocatePoolWithTag ( _In_ POOL_TYPE  PoolType,
_In_ ULONG  NumberOfBytes,
_In_ ULONG  Tag 
)

◆ FsRtlMdlReadComplete()

NTKERNELAPI BOOLEAN NTAPI FsRtlMdlReadComplete ( _In_ PFILE_OBJECT  FileObject,
_In_ PMDL  MdlChain 
)

◆ FsRtlMdlWriteComplete()

NTKERNELAPI BOOLEAN NTAPI FsRtlMdlWriteComplete ( _In_ PFILE_OBJECT  FileObject,
_In_ PLARGE_INTEGER  FileOffset,
_In_ PMDL  MdlChain 
)

◆ FsRtlNotifyChangeDirectory()

NTKERNELAPI VOID NTAPI FsRtlNotifyChangeDirectory ( _In_ PNOTIFY_SYNC  NotifySync,
_In_ PVOID  FsContext,
_In_ PSTRING  FullDirectoryName,
_In_ PLIST_ENTRY  NotifyList,
_In_ BOOLEAN  WatchTree,
_In_ ULONG  CompletionFilter,
_In_ PIRP  NotifyIrp 
)

◆ LsaFreeReturnBuffer()

_IRQL_requires_same_ NTSTATUS NTAPI LsaFreeReturnBuffer ( _In_ PVOID  Buffer)

◆ NtAccessCheckAndAuditAlarm()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAccessCheckAndAuditAlarm ( _In_ PUNICODE_STRING  SubsystemName,
_In_opt_ PVOID  HandleId,
_In_ PUNICODE_STRING  ObjectTypeName,
_In_ PUNICODE_STRING  ObjectName,
_In_ PSECURITY_DESCRIPTOR  SecurityDescriptor,
_In_ ACCESS_MASK  DesiredAccess,
_In_ PGENERIC_MAPPING  GenericMapping,
_In_ BOOLEAN  ObjectCreation,
_Out_ PACCESS_MASK  GrantedAccess,
_Out_ PNTSTATUS  AccessStatus,
_Out_ PBOOLEAN  GenerateOnClose 
)

Definition at line 1406 of file audit.c.

1418 {
1419  /* Call the internal function */
1420  return SepAccessCheckAndAuditAlarm(SubsystemName,
1421  HandleId,
1422  NULL,
1424  ObjectName,
1426  NULL,
1427  DesiredAccess,
1429  0,
1430  NULL,
1431  0,
1433  GrantedAccess,
1434  AccessStatus,
1436  FALSE);
1437 }
static POBJECTS_AND_NAME_A SE_OBJECT_TYPE LPSTR ObjectTypeName
Definition: security.c:77
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK _Out_ PNTSTATUS AccessStatus
Definition: sefuncs.h:13
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:182
_In_ PVOID _Out_opt_ PULONG_PTR _Outptr_opt_ PCUNICODE_STRING * ObjectName
Definition: cmfuncs.h:62
smooth NULL
Definition: ftsmooth.c:416
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE _In_ BOOLEAN _In_ BOOLEAN _In_ KPROCESSOR_MODE _In_opt_ GUID _Out_ PBOOLEAN GenerateOnClose
Definition: sefuncs.h:414
static GENERIC_MAPPING GenericMapping
Definition: SeInheritance.c:11
_In_ PIO_STACK_LOCATION _Inout_ PFILE_OBJECT _Inout_ PVCB _Outptr_result_maybenull_ PDCB _In_ PDCB _In_ PDIRENT _In_ ULONG _In_ ULONG _In_ PUNICODE_STRING _In_ PACCESS_MASK DesiredAccess
Definition: create.c:4157
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK GrantedAccess
Definition: sefuncs.h:13
_Must_inspect_result_ NTSTATUS NTAPI SepAccessCheckAndAuditAlarm(_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ PHANDLE ClientTokenHandle, _In_ PUNICODE_STRING ObjectTypeName, _In_ PUNICODE_STRING ObjectName, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_opt_ PSID PrincipalSelfSid, _In_ ACCESS_MASK DesiredAccess, _In_ AUDIT_EVENT_TYPE AuditType, _In_ ULONG Flags, _In_reads_opt_(ObjectTypeListLength) POBJECT_TYPE_LIST ObjectTypeList, _In_ ULONG ObjectTypeListLength, _In_ PGENERIC_MAPPING GenericMapping, _Out_writes_(ObjectTypeListLength) PACCESS_MASK GrantedAccessList, _Out_writes_(ObjectTypeListLength) PNTSTATUS AccessStatusList, _Out_ PBOOLEAN GenerateOnClose, _In_ BOOLEAN UseResultList)
Definition: audit.c:371

Referenced by AccessCheckAndAuditAlarmA(), and AccessCheckAndAuditAlarmW().

◆ NtAccessCheckByTypeAndAuditAlarm()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAccessCheckByTypeAndAuditAlarm ( _In_ PUNICODE_STRING  SubsystemName,
_In_opt_ PVOID  HandleId,
_In_ PUNICODE_STRING  ObjectTypeName,
_In_ PUNICODE_STRING  ObjectName,
_In_ PSECURITY_DESCRIPTOR  SecurityDescriptor,
_In_opt_ PSID  PrincipalSelfSid,
_In_ ACCESS_MASK  DesiredAccess,
_In_ AUDIT_EVENT_TYPE  AuditType,
_In_ ULONG  Flags,
_In_reads_opt_(ObjectTypeLength) POBJECT_TYPE_LIST  ObjectTypeList,
_In_ ULONG  ObjectTypeLength,
_In_ PGENERIC_MAPPING  GenericMapping,
_In_ BOOLEAN  ObjectCreation,
_Out_ PACCESS_MASK  GrantedAccess,
_Out_ PNTSTATUS  AccessStatus,
_Out_ PBOOLEAN  GenerateOnClose 
)

Definition at line 1443 of file audit.c.

1460 {
1461  /* Call the internal function */
1462  return SepAccessCheckAndAuditAlarm(SubsystemName,
1463  HandleId,
1464  NULL,
1466  ObjectName,
1468  PrincipalSelfSid,
1469  DesiredAccess,
1470  AuditType,
1471  Flags,
1472  ObjectTypeList,
1473  ObjectTypeLength,
1475  GrantedAccess,
1476  AccessStatus,
1478  FALSE);
1479 }
static POBJECTS_AND_NAME_A SE_OBJECT_TYPE LPSTR ObjectTypeName
Definition: security.c:77
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK _Out_ PNTSTATUS AccessStatus
Definition: sefuncs.h:13
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:182
_In_ PVOID _Out_opt_ PULONG_PTR _Outptr_opt_ PCUNICODE_STRING * ObjectName
Definition: cmfuncs.h:62
_Must_inspect_result_ _In_ ULONG Flags
Definition: wsk.h:170
smooth NULL
Definition: ftsmooth.c:416
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE _In_ BOOLEAN _In_ BOOLEAN _In_ KPROCESSOR_MODE _In_opt_ GUID _Out_ PBOOLEAN GenerateOnClose
Definition: sefuncs.h:414
static GENERIC_MAPPING GenericMapping
Definition: SeInheritance.c:11
_In_ PIO_STACK_LOCATION _Inout_ PFILE_OBJECT _Inout_ PVCB _Outptr_result_maybenull_ PDCB _In_ PDCB _In_ PDIRENT _In_ ULONG _In_ ULONG _In_ PUNICODE_STRING _In_ PACCESS_MASK DesiredAccess
Definition: create.c:4157
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK GrantedAccess
Definition: sefuncs.h:13
_Must_inspect_result_ NTSTATUS NTAPI SepAccessCheckAndAuditAlarm(_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ PHANDLE ClientTokenHandle, _In_ PUNICODE_STRING ObjectTypeName, _In_ PUNICODE_STRING ObjectName, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_opt_ PSID PrincipalSelfSid, _In_ ACCESS_MASK DesiredAccess, _In_ AUDIT_EVENT_TYPE AuditType, _In_ ULONG Flags, _In_reads_opt_(ObjectTypeListLength) POBJECT_TYPE_LIST ObjectTypeList, _In_ ULONG ObjectTypeListLength, _In_ PGENERIC_MAPPING GenericMapping, _Out_writes_(ObjectTypeListLength) PACCESS_MASK GrantedAccessList, _Out_writes_(ObjectTypeListLength) PNTSTATUS AccessStatusList, _Out_ PBOOLEAN GenerateOnClose, _In_ BOOLEAN UseResultList)
Definition: audit.c:371

◆ NtAccessCheckByTypeResultListAndAuditAlarm()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAccessCheckByTypeResultListAndAuditAlarm ( _In_ PUNICODE_STRING  SubsystemName,
_In_opt_ PVOID  HandleId,
_In_ PUNICODE_STRING  ObjectTypeName,
_In_ PUNICODE_STRING  ObjectName,
_In_ PSECURITY_DESCRIPTOR  SecurityDescriptor,
_In_opt_ PSID  PrincipalSelfSid,
_In_ ACCESS_MASK  DesiredAccess,
_In_ AUDIT_EVENT_TYPE  AuditType,
_In_ ULONG  Flags,
_In_reads_opt_(ObjectTypeListLength) POBJECT_TYPE_LIST  ObjectTypeList,
_In_ ULONG  ObjectTypeListLength,
_In_ PGENERIC_MAPPING  GenericMapping,
_In_ BOOLEAN  ObjectCreation,
_Out_writes_(ObjectTypeListLength) PACCESS_MASK  GrantedAccess,
_Out_writes_(ObjectTypeListLength) PNTSTATUS  AccessStatus,
_Out_ PBOOLEAN  GenerateOnClose 
)

Definition at line 1485 of file audit.c.

1502 {
1503  /* Call the internal function */
1504  return SepAccessCheckAndAuditAlarm(SubsystemName,
1505  HandleId,
1506  NULL,
1508  ObjectName,
1510  PrincipalSelfSid,
1511  DesiredAccess,
1512  AuditType,
1513  Flags,
1514  ObjectTypeList,
1515  ObjectTypeListLength,
1517  GrantedAccessList,
1518  AccessStatusList,
1520  TRUE);
1521 }
static POBJECTS_AND_NAME_A SE_OBJECT_TYPE LPSTR ObjectTypeName
Definition: security.c:77
#define TRUE
Definition: types.h:120
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:182
_In_ PVOID _Out_opt_ PULONG_PTR _Outptr_opt_ PCUNICODE_STRING * ObjectName
Definition: cmfuncs.h:62
_Must_inspect_result_ _In_ ULONG Flags
Definition: wsk.h:170
smooth NULL
Definition: ftsmooth.c:416
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE _In_ BOOLEAN _In_ BOOLEAN _In_ KPROCESSOR_MODE _In_opt_ GUID _Out_ PBOOLEAN GenerateOnClose
Definition: sefuncs.h:414
static GENERIC_MAPPING GenericMapping
Definition: SeInheritance.c:11
_In_ PIO_STACK_LOCATION _Inout_ PFILE_OBJECT _Inout_ PVCB _Outptr_result_maybenull_ PDCB _In_ PDCB _In_ PDIRENT _In_ ULONG _In_ ULONG _In_ PUNICODE_STRING _In_ PACCESS_MASK DesiredAccess
Definition: create.c:4157
_Must_inspect_result_ NTSTATUS NTAPI SepAccessCheckAndAuditAlarm(_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ PHANDLE ClientTokenHandle, _In_ PUNICODE_STRING ObjectTypeName, _In_ PUNICODE_STRING ObjectName, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_opt_ PSID PrincipalSelfSid, _In_ ACCESS_MASK DesiredAccess, _In_ AUDIT_EVENT_TYPE AuditType, _In_ ULONG Flags, _In_reads_opt_(ObjectTypeListLength) POBJECT_TYPE_LIST ObjectTypeList, _In_ ULONG ObjectTypeListLength, _In_ PGENERIC_MAPPING GenericMapping, _Out_writes_(ObjectTypeListLength) PACCESS_MASK GrantedAccessList, _Out_writes_(ObjectTypeListLength) PNTSTATUS AccessStatusList, _Out_ PBOOLEAN GenerateOnClose, _In_ BOOLEAN UseResultList)
Definition: audit.c:371

◆ NtAccessCheckByTypeResultListAndAuditAlarmByHandle()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAccessCheckByTypeResultListAndAuditAlarmByHandle ( _In_ PUNICODE_STRING  SubsystemName,
_In_opt_ PVOID  HandleId,
_In_ HANDLE  ClientToken,
_In_ PUNICODE_STRING  ObjectTypeName,
_In_ PUNICODE_STRING  ObjectName,
_In_ PSECURITY_DESCRIPTOR  SecurityDescriptor,
_In_opt_ PSID  PrincipalSelfSid,
_In_ ACCESS_MASK  DesiredAccess,
_In_ AUDIT_EVENT_TYPE  AuditType,
_In_ ULONG  Flags,
_In_reads_opt_(ObjectTypeListLength) POBJECT_TYPE_LIST  ObjectTypeList,
_In_ ULONG  ObjectTypeListLength,
_In_ PGENERIC_MAPPING  GenericMapping,
_In_ BOOLEAN  ObjectCreation,
_Out_writes_(ObjectTypeListLength) PACCESS_MASK  GrantedAccess,
_Out_writes_(ObjectTypeListLength) PNTSTATUS  AccessStatus,
_Out_ PBOOLEAN  GenerateOnClose 
)

Definition at line 1527 of file audit.c.

1545 {
1546  UNREFERENCED_PARAMETER(ObjectCreation);
1547 
1548  /* Call the internal function */
1549  return SepAccessCheckAndAuditAlarm(SubsystemName,
1550  HandleId,
1551  &ClientToken,
1553  ObjectName,
1555  PrincipalSelfSid,
1556  DesiredAccess,
1557  AuditType,
1558  Flags,
1559  ObjectTypeList,
1560  ObjectTypeListLength,
1562  GrantedAccessList,
1563  AccessStatusList,
1565  TRUE);
1566 }
static POBJECTS_AND_NAME_A SE_OBJECT_TYPE LPSTR ObjectTypeName
Definition: security.c:77
#define TRUE
Definition: types.h:120
#define UNREFERENCED_PARAMETER(P)
Definition: ntbasedef.h:323
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:182
_In_ PVOID _Out_opt_ PULONG_PTR _Outptr_opt_ PCUNICODE_STRING * ObjectName
Definition: cmfuncs.h:62
_Must_inspect_result_ _In_ ULONG Flags
Definition: wsk.h:170
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE _In_ BOOLEAN _In_ BOOLEAN _In_ KPROCESSOR_MODE _In_opt_ GUID _Out_ PBOOLEAN GenerateOnClose
Definition: sefuncs.h:414
static GENERIC_MAPPING GenericMapping
Definition: SeInheritance.c:11
_In_ PIO_STACK_LOCATION _Inout_ PFILE_OBJECT _Inout_ PVCB _Outptr_result_maybenull_ PDCB _In_ PDCB _In_ PDIRENT _In_ ULONG _In_ ULONG _In_ PUNICODE_STRING _In_ PACCESS_MASK DesiredAccess
Definition: create.c:4157
_Must_inspect_result_ NTSTATUS NTAPI SepAccessCheckAndAuditAlarm(_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ PHANDLE ClientTokenHandle, _In_ PUNICODE_STRING ObjectTypeName, _In_ PUNICODE_STRING ObjectName, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_opt_ PSID PrincipalSelfSid, _In_ ACCESS_MASK DesiredAccess, _In_ AUDIT_EVENT_TYPE AuditType, _In_ ULONG Flags, _In_reads_opt_(ObjectTypeListLength) POBJECT_TYPE_LIST ObjectTypeList, _In_ ULONG ObjectTypeListLength, _In_ PGENERIC_MAPPING GenericMapping, _Out_writes_(ObjectTypeListLength) PACCESS_MASK GrantedAccessList, _Out_writes_(ObjectTypeListLength) PNTSTATUS AccessStatusList, _Out_ PBOOLEAN GenerateOnClose, _In_ BOOLEAN UseResultList)
Definition: audit.c:371

◆ NtAdjustGroupsToken()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAdjustGroupsToken ( _In_ HANDLE  TokenHandle,
_In_ BOOLEAN  ResetToDefault,
_In_opt_ PTOKEN_GROUPS  NewState,
_In_opt_ ULONG  BufferLength,
_Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_GROUPS  PreviousState,
_Out_ PULONG  ReturnLength 
)

◆ NtAdjustPrivilegesToken()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAdjustPrivilegesToken ( _In_ HANDLE  TokenHandle,
_In_ BOOLEAN  DisableAllPrivileges,
_In_opt_ PTOKEN_PRIVILEGES  NewState,
_In_ ULONG  BufferLength,
_Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_PRIVILEGES  PreviousState,
_When_(PreviousState !=NULL, _Out_) PULONG  ReturnLength 
)

◆ NtCloseObjectAuditAlarm()

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtCloseObjectAuditAlarm ( _In_ PUNICODE_STRING  SubsystemName,
_In_opt_ PVOID  HandleId,
_In_ BOOLEAN  GenerateOnClose 
)

◆ NtCreateFile()

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtCreateFile ( _Out_ PHANDLE  FileHandle,
_In_ ACCESS_MASK  DesiredAccess,
_In_ POBJECT_ATTRIBUTES  ObjectAttributes,
_Out_ PIO_STATUS_BLOCK  IoStatusBlock,
_In_opt_ PLARGE_INTEGER  AllocationSize,
_In_ ULONG  FileAttributes,
_In_ ULONG  ShareAccess,
_In_ ULONG  CreateDisposition,
_In_ ULONG  CreateOptions,
_In_reads_bytes_opt_(EaLength) PVOID  EaBuffer,
_In_ ULONG  EaLength 
)

◆ NtCreateSection()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtCreateSection ( _Out_ PHANDLE  SectionHandle,
_In_ ACCESS_MASK  DesiredAccess,
_In_opt_ POBJECT_ATTRIBUTES  ObjectAttributes,
_In_opt_ PLARGE_INTEGER  MaximumSize,
_In_ ULONG  SectionPageProtection,
_In_ ULONG  AllocationAttributes,
_In_opt_ HANDLE  FileHandle 
)

◆ NtDeleteObjectAuditAlarm()

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtDeleteObjectAuditAlarm ( _In_ PUNICODE_STRING  SubsystemName,
_In_opt_ PVOID  HandleId,
_In_ BOOLEAN  GenerateOnClose 
)

◆ NtDeviceIoControlFile()

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtDeviceIoControlFile ( _In_ HANDLE  FileHandle,
_In_opt_ HANDLE  Event,
_In_opt_ PIO_APC_ROUTINE  ApcRoutine,
_In_opt_ PVOID  ApcContext,
_Out_ PIO_STATUS_BLOCK  IoStatusBlock,
_In_ ULONG  IoControlCode,
_In_reads_bytes_opt_(InputBufferLength) PVOID  InputBuffer,
_In_ ULONG  InputBufferLength,
_Out_writes_bytes_opt_(OutputBufferLength) PVOID  OutputBuffer,
_In_ ULONG  OutputBufferLength 
)

◆ NtDuplicateToken()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtDuplicateToken ( _In_ HANDLE  ExistingTokenHandle,
_In_ ACCESS_MASK  DesiredAccess,
_In_opt_ POBJECT_ATTRIBUTES  ObjectAttributes,
_In_ BOOLEAN  EffectiveOnly,
_In_ TOKEN_TYPE  TokenType,
_Out_ PHANDLE  NewTokenHandle 
)

Definition at line 2941 of file token.c.

2948 {
2950  HANDLE hToken;
2951  PTOKEN Token;
2952  PTOKEN NewToken;
2953  PSECURITY_QUALITY_OF_SERVICE CapturedSecurityQualityOfService;
2954  BOOLEAN QoSPresent;
2956  NTSTATUS Status;
2957 
2958  PAGED_CODE();
2959 
2960  if (TokenType != TokenImpersonation &&
2962  {
2963  return STATUS_INVALID_PARAMETER;
2964  }
2965 
2967 
2968  if (PreviousMode != KernelMode)
2969  {
2970  _SEH2_TRY
2971  {
2973  }
2975  {
2976  /* Return the exception code */
2978  }
2979  _SEH2_END;
2980  }
2981 
2983  PreviousMode,
2984  PagedPool,
2985  FALSE,
2986  &CapturedSecurityQualityOfService,
2987  &QoSPresent);
2988  if (!NT_SUCCESS(Status))
2989  {
2990  DPRINT1("NtDuplicateToken() failed to capture QoS! Status: 0x%x\n", Status);
2991  return Status;
2992  }
2993 
2994  Status = ObReferenceObjectByHandle(ExistingTokenHandle,
2997  PreviousMode,
2998  (PVOID*)&Token,
3000  if (!NT_SUCCESS(Status))
3001  {
3002  DPRINT1("Failed to reference token (Status 0x%lx)\n", Status);
3003  SepReleaseSecurityQualityOfService(CapturedSecurityQualityOfService,
3004  PreviousMode,
3005  FALSE);
3006  return Status;
3007  }
3008 
3009  /*
3010  * Fail, if the original token is an impersonation token and the caller
3011  * tries to raise the impersonation level of the new token above the
3012  * impersonation level of the original token.
3013  */
3014  if (Token->TokenType == TokenImpersonation)
3015  {
3016  if (QoSPresent &&
3017  CapturedSecurityQualityOfService->ImpersonationLevel >Token->ImpersonationLevel)
3018  {
3020  SepReleaseSecurityQualityOfService(CapturedSecurityQualityOfService,
3021  PreviousMode,
3022  FALSE);
3024  }
3025  }
3026 
3027  /*
3028  * Fail, if a primary token is to be created from an impersonation token
3029  * and and the impersonation level of the impersonation token is below SecurityImpersonation.
3030  */
3031  if (Token->TokenType == TokenImpersonation &&
3032  TokenType == TokenPrimary &&
3033  Token->ImpersonationLevel < SecurityImpersonation)
3034  {
3036  SepReleaseSecurityQualityOfService(CapturedSecurityQualityOfService,
3037  PreviousMode,
3038  FALSE);
3040  }
3041 
3044  EffectiveOnly,
3045  TokenType,
3046  (QoSPresent ? CapturedSecurityQualityOfService->ImpersonationLevel : SecurityAnonymous),
3047  PreviousMode,
3048  &NewToken);
3049 
3051 
3052  if (NT_SUCCESS(Status))
3053  {
3054  Status = ObInsertObject(NewToken,
3055  NULL,
3056  (DesiredAccess ? DesiredAccess : HandleInformation.GrantedAccess),
3057  0,
3058  NULL,
3059  &hToken);
3060  if (NT_SUCCESS(Status))
3061  {
3062  _SEH2_TRY
3063  {
3064  *NewTokenHandle = hToken;
3065  }
3067  {
3069  }
3070  _SEH2_END;
3071  }
3072  }
3073 
3074  /* Free the captured structure */
3075  SepReleaseSecurityQualityOfService(CapturedSecurityQualityOfService,
3076  PreviousMode,
3077  FALSE);
3078 
3079  return Status;
3080 }
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:35
#define STATUS_BAD_IMPERSONATION_LEVEL
Definition: ntstatus.h:387
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
#define KeGetPreviousMode()
Definition: ketypes.h:1107
LONG NTSTATUS
Definition: precomp.h:26
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
NTSTATUS NTAPI SepCaptureSecurityQualityOfService(IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN KPROCESSOR_MODE AccessMode, IN POOL_TYPE PoolType, IN BOOLEAN CaptureIfKernel, OUT PSECURITY_QUALITY_OF_SERVICE *CapturedSecurityQualityOfService, OUT PBOOLEAN Present)
Definition: sd.c:211
VOID NTAPI ObDereferenceObject(IN PVOID Object)
Definition: obref.c:375
#define PAGED_CODE()
Definition: video.h:57
_SEH2_TRY
Definition: create.c:4250
NTSTATUS NTAPI SepDuplicateToken(_In_ PTOKEN Token, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ BOOLEAN EffectiveOnly, _In_ TOKEN_TYPE TokenType, _In_ SECURITY_IMPERSONATION_LEVEL Level, _In_ KPROCESSOR_MODE PreviousMode, _Out_ PTOKEN *NewAccessToken)
Definition: token.c:441
NTSTATUS NTAPI ObReferenceObjectByHandle(IN HANDLE Handle, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation OPTIONAL)
Definition: obref.c:496
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE _Out_ PHANDLE NewTokenHandle
Definition: sefuncs.h:417
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
unsigned char BOOLEAN
smooth NULL
Definition: ftsmooth.c:416
POBJECT_TYPE SeTokenObjectType
Definition: token.c:34
_In_ KPROCESSOR_MODE PreviousMode
Definition: sefuncs.h:103
#define _SEH2_YIELD(STMT_)
Definition: pseh2_64.h:8
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
#define ProbeForWriteHandle(Ptr)
Definition: probe.h:43
_In_ ACCESS_MASK _In_opt_ POBJECT_TYPE _In_ KPROCESSOR_MODE _Out_ PVOID _Out_opt_ POBJECT_HANDLE_INFORMATION HandleInformation
Definition: obfuncs.h:40
VOID NTAPI SepReleaseSecurityQualityOfService(IN PSECURITY_QUALITY_OF_SERVICE CapturedSecurityQualityOfService OPTIONAL, IN KPROCESSOR_MODE AccessMode, IN BOOLEAN CaptureIfKernel)
Definition: sd.c:367
CCHAR KPROCESSOR_MODE
Definition: ketypes.h:7
#define TOKEN_DUPLICATE
Definition: setypes.h:872
Status
Definition: gdiplustypes.h:24
_SEH2_END
Definition: create.c:4424
NTSTATUS NTAPI ObInsertObject(IN PVOID Object, IN PACCESS_STATE AccessState OPTIONAL, IN ACCESS_MASK DesiredAccess, IN ULONG ObjectPointerBias, OUT PVOID *NewObject OPTIONAL, OUT PHANDLE Handle)
Definition: obhandle.c:2932
_In_ PIO_STACK_LOCATION _Inout_ PFILE_OBJECT _Inout_ PVCB _Outptr_result_maybenull_ PDCB _In_ PDCB _In_ PDIRENT _In_ ULONG _In_ ULONG _In_ PUNICODE_STRING _In_ PACCESS_MASK DesiredAccess
Definition: create.c:4157
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
Definition: lsa.idl:65
#define DPRINT1
Definition: precomp.h:8
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:6
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:12
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN EffectiveOnly
Definition: sefuncs.h:417
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE TokenType
Definition: sefuncs.h:417

Referenced by CreateProcessAsUserCommon(), DuplicateTokenEx(), and ImpersonateLoggedOnUser().

◆ NtFilterToken()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtFilterToken ( _In_ HANDLE  ExistingTokenHandle,
_In_ ULONG  Flags,
_In_opt_ PTOKEN_GROUPS  SidsToDisable,
_In_opt_ PTOKEN_PRIVILEGES  PrivilegesToDelete,
_In_opt_ PTOKEN_GROUPS  RestrictedSids,
_Out_ PHANDLE  NewTokenHandle 
)

◆ NtFsControlFile()

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtFsControlFile ( _In_ HANDLE  FileHandle,
_In_opt_ HANDLE  Event,
_In_opt_ PIO_APC_ROUTINE  ApcRoutine,
_In_opt_ PVOID  ApcContext,
_Out_ PIO_STATUS_BLOCK  IoStatusBlock,
_In_ ULONG  FsControlCode,
_In_reads_bytes_opt_(InputBufferLength) PVOID  InputBuffer,
_In_ ULONG  InputBufferLength,
_Out_writes_bytes_opt_(OutputBufferLength) PVOID  OutputBuffer,
_In_ ULONG  OutputBufferLength 
)

◆ NtImpersonateAnonymousToken()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtImpersonateAnonymousToken ( _In_ HANDLE  ThreadHandle)

◆ NtLockFile()

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtLockFile ( _In_ HANDLE  FileHandle,
_In_opt_ HANDLE  Event,
_In_opt_ PIO_APC_ROUTINE  ApcRoutine,
_In_opt_ PVOID  ApcContext,
_Out_ PIO_STATUS_BLOCK  IoStatusBlock,
_In_ PLARGE_INTEGER  ByteOffset,
_In_ PLARGE_INTEGER  Length,
_In_ ULONG  Key,
_In_ BOOLEAN  FailImmediately,
_In_ BOOLEAN  ExclusiveLock 
)

◆ NtOpenFile()

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtOpenFile ( _Out_ PHANDLE  FileHandle,
_In_ ACCESS_MASK  DesiredAccess,
_In_ POBJECT_ATTRIBUTES  ObjectAttributes,
_Out_ PIO_STATUS_BLOCK  IoStatusBlock,
_In_ ULONG  ShareAccess,
_In_ ULONG  OpenOptions 
)

◆ NtOpenJobObjectToken()

_Must_inspect_result_ NTSYSAPI NTSTATUS NTAPI NtOpenJobObjectToken ( _In_ HANDLE  JobHandle,
_In_ ACCESS_MASK  DesiredAccess,
_Out_ PHANDLE  TokenHandle 
)

◆ NtOpenObjectAuditAlarm()

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtOpenObjectAuditAlarm ( _In_ PUNICODE_STRING  SubsystemName,
_In_opt_ PVOID  HandleId,
_In_ PUNICODE_STRING  ObjectTypeName,
_In_ PUNICODE_STRING  ObjectName,
_In_opt_ PSECURITY_DESCRIPTOR  SecurityDescriptor,
_In_ HANDLE  ClientToken,
_In_ ACCESS_MASK  DesiredAccess,
_In_ ACCESS_MASK  GrantedAccess,
_In_opt_ PPRIVILEGE_SET  Privileges,
_In_ BOOLEAN  ObjectCreation,
_In_ BOOLEAN  AccessGranted,
_Out_ PBOOLEAN  GenerateOnClose 
)

Definition at line 1001 of file audit.c.

1014 {
1015  PTOKEN ClientToken;
1016  PSECURITY_DESCRIPTOR CapturedSecurityDescriptor;
1017  UNICODE_STRING CapturedSubsystemName, CapturedObjectTypeName, CapturedObjectName;
1018  ULONG PrivilegeCount, PrivilegeSetSize;
1019  volatile PPRIVILEGE_SET CapturedPrivilegeSet;
1020  BOOLEAN LocalGenerateOnClose;
1021  PVOID CapturedHandleId;
1023  NTSTATUS Status;
1024  PAGED_CODE();
1025 
1026  /* Only user mode is supported! */
1028 
1029  /* Start clean */
1030  ClientToken = NULL;
1031  CapturedSecurityDescriptor = NULL;
1032  CapturedPrivilegeSet = NULL;
1033  CapturedSubsystemName.Buffer = NULL;
1034  CapturedObjectTypeName.Buffer = NULL;
1035  CapturedObjectName.Buffer = NULL;
1036 
1037  /* Reference the client token */
1038  Status = ObReferenceObjectByHandle(ClientTokenHandle,
1039  TOKEN_QUERY,
1041  UserMode,
1042  (PVOID*)&ClientToken,
1043  NULL);
1044  if (!NT_SUCCESS(Status))
1045  {
1046  DPRINT1("Failed to reference token handle %p: %lx\n",
1047  ClientTokenHandle, Status);
1048  return Status;
1049  }
1050 
1051  /* Capture the security subject context */
1053 
1054  /* Validate the token's impersonation level */
1055  if ((ClientToken->TokenType == TokenImpersonation) &&
1056  (ClientToken->ImpersonationLevel < SecurityIdentification))
1057  {
1058  DPRINT1("Invalid impersonation level (%u)\n", ClientToken->ImpersonationLevel);
1060  goto Cleanup;
1061  }
1062 
1063  /* Check for audit privilege */
1065  {
1066  DPRINT1("Caller does not have SeAuditPrivilege\n");
1068  goto Cleanup;
1069  }
1070 
1071  /* Check for NULL SecurityDescriptor */
1072  if (SecurityDescriptor == NULL)
1073  {
1074  /* Nothing to do */
1076  goto Cleanup;
1077  }
1078 
1079  /* Capture the security descriptor */
1081  UserMode,
1082  PagedPool,
1083  FALSE,
1084  &CapturedSecurityDescriptor);
1085  if (!NT_SUCCESS(Status))
1086  {
1087  DPRINT1("Failed to capture security descriptor!\n");
1088  goto Cleanup;
1089  }
1090 
1091  _SEH2_TRY
1092  {
1093  /* Check if we have a privilege set */
1094  if (PrivilegeSet != NULL)
1095  {
1096  /* Probe the basic privilege set structure */
1097  ProbeForRead(PrivilegeSet, sizeof(PRIVILEGE_SET), sizeof(ULONG));
1098 
1099  /* Validate privilege count */
1100  PrivilegeCount = PrivilegeSet->PrivilegeCount;
1101  if (PrivilegeCount > SEP_PRIVILEGE_SET_MAX_COUNT)
1102  {
1104  _SEH2_YIELD(goto Cleanup);
1105  }
1106 
1107  /* Calculate the size of the PrivilegeSet structure */
1108  PrivilegeSetSize = FIELD_OFFSET(PRIVILEGE_SET, Privilege[PrivilegeCount]);
1109 
1110  /* Probe the whole structure */
1111  ProbeForRead(PrivilegeSet, PrivilegeSetSize, sizeof(ULONG));
1112 
1113  /* Allocate a temp buffer */
1114  CapturedPrivilegeSet = ExAllocatePoolWithTag(PagedPool,
1115  PrivilegeSetSize,
1117  if (CapturedPrivilegeSet == NULL)
1118  {
1119  DPRINT1("Failed to allocate %u bytes\n", PrivilegeSetSize);
1121  _SEH2_YIELD(goto Cleanup);
1122  }
1123 
1124  /* Copy the privileges */
1125  RtlCopyMemory(CapturedPrivilegeSet, PrivilegeSet, PrivilegeSetSize);
1126  }
1127 
1128  if (HandleId != NULL)
1129  {
1130  ProbeForRead(HandleId, sizeof(PVOID), sizeof(PVOID));
1131  CapturedHandleId = *(PVOID*)HandleId;
1132  }
1133 
1134  ProbeForWrite(GenerateOnClose, sizeof(BOOLEAN), sizeof(BOOLEAN));
1135  }
1137  {
1139  DPRINT1("Exception while probing parameters: 0x%lx\n", Status);
1140  _SEH2_YIELD(goto Cleanup);
1141  }
1142  _SEH2_END;
1143 
1144  /* Probe and capture the subsystem name */
1145  Status = ProbeAndCaptureUnicodeString(&CapturedSubsystemName,
1146  UserMode,
1147  SubsystemName);
1148  if (!NT_SUCCESS(Status))
1149  {
1150  DPRINT1("Failed to capture subsystem name!\n");
1151  goto Cleanup;
1152  }
1153 
1154  /* Probe and capture the object type name */
1155  Status = ProbeAndCaptureUnicodeString(&CapturedObjectTypeName,
1156  UserMode,
1157  ObjectTypeName);
1158  if (!NT_SUCCESS(Status))
1159  {
1160  DPRINT1("Failed to capture object type name!\n");
1161  goto Cleanup;
1162  }
1163 
1164  /* Probe and capture the object name */
1165  Status = ProbeAndCaptureUnicodeString(&CapturedObjectName,
1166  UserMode,
1167  ObjectName);
1168  if (!NT_SUCCESS(Status))
1169  {
1170  DPRINT1("Failed to capture object name!\n");
1171  goto Cleanup;
1172  }
1173 
1174  /* Call the internal function */
1176  &CapturedSubsystemName,
1177  CapturedHandleId,
1178  &CapturedObjectTypeName,
1179  &CapturedObjectName,
1180  CapturedSecurityDescriptor,
1181  ClientToken,
1182  DesiredAccess,
1183  GrantedAccess,
1184  CapturedPrivilegeSet,
1185  ObjectCreation,
1186  AccessGranted,
1187  &LocalGenerateOnClose);
1188 
1190 
1191  /* Enter SEH to copy the data back to user mode */
1192  _SEH2_TRY
1193  {
1194  *GenerateOnClose = LocalGenerateOnClose;
1195  }
1197  {
1199  DPRINT1("Exception while copying back data: 0x%lx\n", Status);
1200  }
1201  _SEH2_END;
1202 
1203 Cleanup:
1204 
1205  if (CapturedObjectName.Buffer != NULL)
1206  ReleaseCapturedUnicodeString(&CapturedObjectName, UserMode);
1207 
1208  if (CapturedObjectTypeName.Buffer != NULL)
1209  ReleaseCapturedUnicodeString(&CapturedObjectTypeName, UserMode);
1210 
1211  if (CapturedSubsystemName.Buffer != NULL)
1212  ReleaseCapturedUnicodeString(&CapturedSubsystemName, UserMode);
1213 
1214  if (CapturedSecurityDescriptor != NULL)
1215  SeReleaseSecurityDescriptor(CapturedSecurityDescriptor, UserMode, FALSE);
1216 
1217  if (CapturedPrivilegeSet != NULL)
1218  ExFreePoolWithTag(CapturedPrivilegeSet, TAG_PRIVILEGE_SET);
1219 
1220  /* Release the security subject context */
1222 
1223  ObDereferenceObject(ClientToken);
1224 
1225  return Status;
1226 }
static __inline NTSTATUS ProbeAndCaptureUnicodeString(OUT PUNICODE_STRING Dest, IN KPROCESSOR_MODE CurrentMode, IN const UNICODE_STRING *UnsafeSrc)
Definition: probe.h:142
static POBJECTS_AND_NAME_A SE_OBJECT_TYPE LPSTR ObjectTypeName
Definition: security.c:77
TOKEN_TYPE TokenType
Definition: setypes.h:175
VOID NTAPI SeCaptureSubjectContext(OUT PSECURITY_SUBJECT_CONTEXT SubjectContext)
Definition: access.c:301
#define STATUS_PRIVILEGE_NOT_HELD
Definition: DriverTester.h:9
_Inout_ PLIST_ENTRY _In_ PVOID _In_ PSTRING _In_ BOOLEAN _In_ BOOLEAN _In_ ULONG _In_ PFLT_CALLBACK_DATA _In_opt_ PCHECK_FOR_TRAVERSE_ACCESS _In_opt_ PSECURITY_SUBJECT_CONTEXT SubjectContext
Definition: fltkernel.h:2239
VOID NTAPI SeReleaseSubjectContext(IN PSECURITY_SUBJECT_CONTEXT SubjectContext)
Definition: access.c:360
NTSYSAPI VOID NTAPI RtlCopyMemory(VOID UNALIGNED *Destination, CONST VOID UNALIGNED *Source, ULONG Length)
#define STATUS_BAD_IMPERSONATION_LEVEL
Definition: ntstatus.h:387
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:182
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
LONG NTSTATUS
Definition: precomp.h:26
KPROCESSOR_MODE NTAPI ExGetPreviousMode(VOID)
Definition: sysinfo.c:3066
VOID NTAPI ObDereferenceObject(IN PVOID Object)
Definition: obref.c:375
_In_ PVOID _Out_opt_ PULONG_PTR _Outptr_opt_ PCUNICODE_STRING * ObjectName
Definition: cmfuncs.h:62
#define SEP_PRIVILEGE_SET_MAX_COUNT
Definition: audit.c:17
VOID NTAPI ProbeForWrite(IN PVOID Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:143
#define PAGED_CODE()
Definition: video.h:57
NTSTATUS NTAPI SeReleaseSecurityDescriptor(IN PSECURITY_DESCRIPTOR CapturedSecurityDescriptor, IN KPROCESSOR_MODE CurrentMode, IN BOOLEAN CaptureIfKernelMode)
Definition: sd.c:766
_SEH2_TRY
Definition: create.c:4250
NTSTATUS NTAPI ObReferenceObjectByHandle(IN HANDLE Handle, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation OPTIONAL)
Definition: obref.c:496
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
unsigned char BOOLEAN
smooth NULL
Definition: ftsmooth.c:416
POBJECT_TYPE SeTokenObjectType
Definition: token.c:34
static __inline VOID ReleaseCapturedUnicodeString(IN PUNICODE_STRING CapturedString, IN KPROCESSOR_MODE CurrentMode)
Definition: probe.h:228
#define TOKEN_QUERY
Definition: setypes.h:874
#define _SEH2_YIELD(STMT_)
Definition: pseh2_64.h:8
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE _In_ BOOLEAN _In_ BOOLEAN _In_ KPROCESSOR_MODE _In_opt_ GUID _Out_ PBOOLEAN GenerateOnClose
Definition: sefuncs.h:414
BOOL Privilege(LPTSTR pszPrivilege, BOOL bEnable)
Definition: user_lib.cpp:531
ASSERT((InvokeOnSuccess||InvokeOnError||InvokeOnCancel) ?(CompletionRoutine !=NULL) :TRUE)
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
VOID NTAPI ProbeForRead(IN CONST VOID *Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:102
static const WCHAR Cleanup[]
Definition: register.c:80
Status
Definition: gdiplustypes.h:24
_SEH2_END
Definition: create.c:4424
_In_ PIO_STACK_LOCATION _Inout_ PFILE_OBJECT _Inout_ PVCB _Outptr_result_maybenull_ PDCB _In_ PDCB _In_ PDIRENT _In_ ULONG _In_ ULONG _In_ PUNICODE_STRING _In_ PACCESS_MASK DesiredAccess
Definition: create.c:4157
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE _In_ BOOLEAN _In_ BOOLEAN AccessGranted
Definition: sefuncs.h:414
#define FIELD_OFFSET(t, f)
Definition: typedefs.h:254
BOOLEAN NTAPI SeCheckAuditPrivilege(_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, _In_ KPROCESSOR_MODE PreviousMode)
Definition: priv.c:257
#define DPRINT1
Definition: precomp.h:8
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
Definition: setypes.h:176
unsigned int ULONG
Definition: retypes.h:1
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:6
NTSTATUS NTAPI SeCaptureSecurityDescriptor(IN PSECURITY_DESCRIPTOR _OriginalSecurityDescriptor, IN KPROCESSOR_MODE CurrentMode, IN POOL_TYPE PoolType, IN BOOLEAN CaptureIfKernel, OUT PSECURITY_DESCRIPTOR *CapturedSecurityDescriptor)
Definition: sd.c:434
#define TAG_PRIVILEGE_SET
Definition: tag.h:179
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1099
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:12
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK GrantedAccess
Definition: sefuncs.h:13
return STATUS_SUCCESS
Definition: btrfs.c:2966
VOID NTAPI SepOpenObjectAuditAlarm(_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, _In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ PUNICODE_STRING ObjectTypeName, _In_ PUNICODE_STRING ObjectName, _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ PTOKEN ClientToken, _In_ ACCESS_MASK DesiredAccess, _In_ ACCESS_MASK GrantedAccess, _In_opt_ PPRIVILEGE_SET Privileges, _In_ BOOLEAN ObjectCreation, _In_ BOOLEAN AccessGranted, _Out_ PBOOLEAN GenerateOnClose)
Definition: audit.c:967

Referenced by ObjectOpenAuditAlarmA(), and ObjectOpenAuditAlarmW().

◆ NtOpenProcessToken()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtOpenProcessToken ( _In_ HANDLE  ProcessHandle,
_In_ ACCESS_MASK  DesiredAccess,
_Out_ PHANDLE  TokenHandle 
)

◆ NtOpenProcessTokenEx()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtOpenProcessTokenEx ( _In_ HANDLE  ProcessHandle,
_In_ ACCESS_MASK  DesiredAccess,
_In_ ULONG  HandleAttributes,
_Out_ PHANDLE  TokenHandle 
)

◆ NtOpenThreadToken()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtOpenThreadToken ( _In_ HANDLE  ThreadHandle,
_In_ ACCESS_MASK  DesiredAccess,
_In_ BOOLEAN  OpenAsSelf,
_Out_ PHANDLE  TokenHandle 
)

◆ NtOpenThreadTokenEx()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtOpenThreadTokenEx ( _In_ HANDLE  ThreadHandle,
_In_ ACCESS_MASK  DesiredAccess,
_In_ BOOLEAN  OpenAsSelf,
_In_ ULONG  HandleAttributes,
_Out_ PHANDLE  TokenHandle 
)

◆ NtPrivilegeCheck()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtPrivilegeCheck ( _In_ HANDLE  ClientToken,
_Inout_ PPRIVILEGE_SET  RequiredPrivileges,
_Out_ PBOOLEAN  Result 
)

◆ NtPrivilegedServiceAuditAlarm()

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtPrivilegedServiceAuditAlarm ( _In_ PUNICODE_STRING  SubsystemName,
_In_ PUNICODE_STRING  ServiceName,
_In_ HANDLE  ClientToken,
_In_ PPRIVILEGE_SET  Privileges,
_In_ BOOLEAN  AccessGranted 
)

◆ NtPrivilegeObjectAuditAlarm()

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtPrivilegeObjectAuditAlarm ( _In_ PUNICODE_STRING  SubsystemName,
_In_opt_ PVOID  HandleId,
_In_ HANDLE  ClientToken,
_In_ ACCESS_MASK  DesiredAccess,
_In_ PPRIVILEGE_SET  Privileges,
_In_ BOOLEAN  AccessGranted 
)

◆ NtQueryDirectoryFile()

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtQueryDirectoryFile ( _In_ HANDLE  FileHandle,
_In_opt_ HANDLE  Event,
_In_opt_ PIO_APC_ROUTINE  ApcRoutine,
_In_opt_ PVOID  ApcContext,
_Out_ PIO_STATUS_BLOCK  IoStatusBlock,
_Out_writes_bytes_(Length) PVOID  FileInformation,
_In_ ULONG  Length,
_In_ FILE_INFORMATION_CLASS  FileInformationClass,
_In_ BOOLEAN  ReturnSingleEntry,
_In_opt_ PUNICODE_STRING  FileName,
_In_ BOOLEAN  RestartScan 
)

◆ NtQueryInformationFile()

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtQueryInformationFile ( _In_ HANDLE  FileHandle,
_Out_ PIO_STATUS_BLOCK  IoStatusBlock,
_Out_writes_bytes_(Length) PVOID  FileInformation,
_In_ ULONG  Length,
_In_ FILE_INFORMATION_CLASS  FileInformationClass 
)

◆ NtQueryQuotaInformationFile()

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtQueryQuotaInformationFile ( _In_ HANDLE  FileHandle,
_Out_ PIO_STATUS_BLOCK  IoStatusBlock,
_Out_writes_bytes_(Length) PVOID  Buffer,
_In_ ULONG  Length,
_In_ BOOLEAN  ReturnSingleEntry,
_In_reads_bytes_opt_(SidListLength) PVOID  SidList,
_In_ ULONG  SidListLength,
_In_reads_bytes_opt_((8+(4 *((SID *) StartSid) ->SubAuthorityCount))) PSID  StartSid,
_In_ BOOLEAN  RestartScan 
)

◆ NtQueryVolumeInformationFile()

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtQueryVolumeInformationFile ( _In_ HANDLE  FileHandle,
_Out_ PIO_STATUS_BLOCK  IoStatusBlock,
_Out_writes_bytes_(Length) PVOID  FsInformation,
_In_ ULONG  Length,
_In_ FS_INFORMATION_CLASS  FsInformationClass 
)

◆ NtReadFile()

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtReadFile ( _In_ HANDLE  FileHandle,
_In_opt_ HANDLE  Event,
_In_opt_ PIO_APC_ROUTINE  ApcRoutine,
_In_opt_ PVOID  ApcContext,
_Out_ PIO_STATUS_BLOCK  IoStatusBlock,
_Out_writes_bytes_(Length) PVOID  Buffer,
_In_ ULONG  Length,
_In_opt_ PLARGE_INTEGER  ByteOffset,
_In_opt_ PULONG  Key 
)

◆ NtSetInformationFile()

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtSetInformationFile ( _In_ HANDLE  FileHandle,
_Out_ PIO_STATUS_BLOCK  IoStatusBlock,
_In_reads_bytes_(Length) PVOID  FileInformation,
_In_ ULONG  Length,
_In_ FILE_INFORMATION_CLASS  FileInformationClass 
)

◆ NtSetInformationThread()

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtSetInformationThread ( _In_ HANDLE  ThreadHandle,
_In_ THREADINFOCLASS  ThreadInformationClass,
_In_reads_bytes_(ThreadInformationLength) PVOID  ThreadInformation,
_In_ ULONG  ThreadInformationLength 
)

◆ NtSetInformationToken()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtSetInformationToken ( _In_ HANDLE  TokenHandle,
_In_ TOKEN_INFORMATION_CLASS  TokenInformationClass,
_In_reads_bytes_(TokenInformationLength) PVOID  TokenInformation,
_In_ ULONG  TokenInformationLength 
)

Definition at line 2414 of file token.c.

2419 {
2420  NTSTATUS Status;
2421  PTOKEN Token;
2423  ULONG NeededAccess = TOKEN_ADJUST_DEFAULT;