|
#define | _NTIFS_INCLUDED_ |
|
#define | _GNU_NTIFS_ |
|
#define | FlagOn(_F, _SF) ((_F) & (_SF)) |
|
#define | BooleanFlagOn(F, SF) ((BOOLEAN)(((F) & (SF)) != 0)) |
|
#define | SetFlag(_F, _SF) ((_F) |= (_SF)) |
|
#define | ClearFlag(_F, _SF) ((_F) &= ~(_SF)) |
|
#define | COMPRESSION_FORMAT_NONE (0x0000) |
|
#define | COMPRESSION_FORMAT_DEFAULT (0x0001) |
|
#define | COMPRESSION_FORMAT_LZNT1 (0x0002) |
|
#define | COMPRESSION_ENGINE_STANDARD (0x0000) |
|
#define | COMPRESSION_ENGINE_MAXIMUM (0x0100) |
|
#define | COMPRESSION_ENGINE_HIBER (0x0200) |
|
#define | MAX_UNICODE_STACK_BUFFER_LENGTH 256 |
|
#define | METHOD_FROM_CTL_CODE(ctrlCode) ((ULONG)(ctrlCode & 3)) |
|
#define | METHOD_DIRECT_TO_HARDWARE METHOD_IN_DIRECT |
|
#define | METHOD_DIRECT_FROM_HARDWARE METHOD_OUT_DIRECT |
|
#define | _NTLSA_AUDIT_ |
|
#define | _NTLSA_IFS_ |
|
#define | MSV1_0_PACKAGE_NAME "MICROSOFT_AUTHENTICATION_PACKAGE_V1_0" |
|
#define | MSV1_0_PACKAGE_NAMEW L"MICROSOFT_AUTHENTICATION_PACKAGE_V1_0" |
|
#define | MSV1_0_PACKAGE_NAMEW_LENGTH sizeof(MSV1_0_PACKAGE_NAMEW) - sizeof(WCHAR) |
|
#define | MSV1_0_SUBAUTHENTICATION_KEY "SYSTEM\\CurrentControlSet\\Control\\Lsa\\MSV1_0" |
|
#define | MSV1_0_SUBAUTHENTICATION_VALUE "Auth" |
|
#define | MSV1_0_CHALLENGE_LENGTH 8 |
|
#define | MSV1_0_USER_SESSION_KEY_LENGTH 16 |
|
#define | MSV1_0_LANMAN_SESSION_KEY_LENGTH 8 |
|
#define | MSV1_0_CLEARTEXT_PASSWORD_ALLOWED 0x02 |
|
#define | MSV1_0_UPDATE_LOGON_STATISTICS 0x04 |
|
#define | MSV1_0_RETURN_USER_PARAMETERS 0x08 |
|
#define | MSV1_0_DONT_TRY_GUEST_ACCOUNT 0x10 |
|
#define | MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT 0x20 |
|
#define | MSV1_0_RETURN_PASSWORD_EXPIRY 0x40 |
|
#define | MSV1_0_USE_CLIENT_CHALLENGE 0x80 |
|
#define | MSV1_0_TRY_GUEST_ACCOUNT_ONLY 0x100 |
|
#define | MSV1_0_RETURN_PROFILE_PATH 0x200 |
|
#define | MSV1_0_TRY_SPECIFIED_DOMAIN_ONLY 0x400 |
|
#define | MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT 0x800 |
|
#define | MSV1_0_DISABLE_PERSONAL_FALLBACK 0x00001000 |
|
#define | MSV1_0_ALLOW_FORCE_GUEST 0x00002000 |
|
#define | MSV1_0_SUBAUTHENTICATION_DLL_EX 0x00100000 |
|
#define | MSV1_0_ALLOW_MSVCHAPV2 0x00010000 |
|
#define | MSV1_0_SUBAUTHENTICATION_DLL 0xFF000000 |
|
#define | MSV1_0_SUBAUTHENTICATION_DLL_SHIFT 24 |
|
#define | MSV1_0_MNS_LOGON 0x01000000 |
|
#define | MSV1_0_SUBAUTHENTICATION_DLL_RAS 2 |
|
#define | MSV1_0_SUBAUTHENTICATION_DLL_IIS 132 |
|
#define | LOGON_GUEST 0x01 |
|
#define | LOGON_NOENCRYPTION 0x02 |
|
#define | LOGON_CACHED_ACCOUNT 0x04 |
|
#define | LOGON_USED_LM_PASSWORD 0x08 |
|
#define | LOGON_EXTRA_SIDS 0x20 |
|
#define | LOGON_SUBAUTH_SESSION_KEY 0x40 |
|
#define | LOGON_SERVER_TRUST_ACCOUNT 0x80 |
|
#define | LOGON_NTLMV2_ENABLED 0x100 |
|
#define | LOGON_RESOURCE_GROUPS 0x200 |
|
#define | LOGON_PROFILE_PATH_RETURNED 0x400 |
|
#define | LOGON_NT_V2 0x800 |
|
#define | LOGON_LM_V2 0x1000 |
|
#define | LOGON_NTLM_V2 0x2000 |
|
#define | MSV1_0_SUBAUTHENTICATION_FLAGS 0xFF000000 |
|
#define | LOGON_GRACE_LOGON 0x01000000 |
|
#define | MSV1_0_OWF_PASSWORD_LENGTH 16 |
|
#define | MSV1_0_CRED_LM_PRESENT 0x1 |
|
#define | MSV1_0_CRED_NT_PRESENT 0x2 |
|
#define | MSV1_0_CRED_VERSION 0 |
|
#define | MSV1_0_NTLM3_RESPONSE_LENGTH 16 |
|
#define | MSV1_0_NTLM3_OWF_LENGTH 16 |
|
#define | MSV1_0_MAX_NTLM3_LIFE 129600 |
|
#define | MSV1_0_MAX_AVL_SIZE 64000 |
|
#define | MSV1_0_NTLM3_INPUT_LENGTH (sizeof(MSV1_0_NTLM3_RESPONSE) - MSV1_0_NTLM3_RESPONSE_LENGTH) |
|
#define | USE_PRIMARY_PASSWORD 0x01 |
|
#define | RETURN_PRIMARY_USERNAME 0x02 |
|
#define | RETURN_PRIMARY_LOGON_DOMAINNAME 0x04 |
|
#define | RETURN_NON_NT_USER_SESSION_KEY 0x08 |
|
#define | GENERATE_CLIENT_CHALLENGE 0x10 |
|
#define | GCR_NTLM3_PARMS 0x20 |
|
#define | GCR_TARGET_INFO 0x40 |
|
#define | RETURN_RESERVED_PARAMETER 0x80 |
|
#define | GCR_ALLOW_NTLM 0x100 |
|
#define | GCR_USE_OEM_SET 0x200 |
|
#define | GCR_MACHINE_CREDENTIAL 0x400 |
|
#define | GCR_USE_OWF_PASSWORD 0x800 |
|
#define | GCR_ALLOW_LM 0x1000 |
|
#define | GCR_ALLOW_NO_TARGET 0x2000 |
|
#define | SYSTEM_PAGE_PRIORITY_BITS 3 |
|
#define | SYSTEM_PAGE_PRIORITY_LEVELS (1 << SYSTEM_PAGE_PRIORITY_BITS) |
|
#define | NLS_OEM_LEAD_BYTE_INFO (*NlsOemLeadByteInfo) |
|
#define | NETWORK_OPEN_ECP_IN_FLAG_DISABLE_HANDLE_COLLAPSING 0x1 |
|
#define | NETWORK_OPEN_ECP_IN_FLAG_DISABLE_HANDLE_DURABILITY 0x2 |
|
#define | NETWORK_OPEN_ECP_IN_FLAG_FORCE_BUFFERED_SYNCHRONOUS_IO_HACK 0x80000000 |
|
#define | PIN_WAIT (1) |
|
#define | PIN_EXCLUSIVE (2) |
|
#define | PIN_NO_READ (4) |
|
#define | PIN_IF_BCB (8) |
|
#define | PIN_CALLER_TRACKS_DIRTY_DATA (32) |
|
#define | PIN_HIGH_PRIORITY (64) |
|
#define | MAP_WAIT 1 |
|
#define | MAP_NO_READ (16) |
|
#define | MAP_HIGH_PRIORITY (64) |
|
#define | IOCTL_REDIR_QUERY_PATH CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 99, METHOD_NEITHER, FILE_ANY_ACCESS) |
|
#define | IOCTL_REDIR_QUERY_PATH_EX CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 100, METHOD_NEITHER, FILE_ANY_ACCESS) |
|
#define | VOLSNAPCONTROLTYPE 0x00000053 |
|
#define | IOCTL_VOLSNAP_FLUSH_AND_HOLD_WRITES CTL_CODE(VOLSNAPCONTROLTYPE, 0, METHOD_BUFFERED, FILE_READ_ACCESS | FILE_WRITE_ACCESS) |
|
#define | VER_PRODUCTBUILD 10000 |
|
#define | FS_LFN_APIS 0x00004000 |
|
#define | FILE_STORAGE_TYPE_SPECIFIED 0x00000041 /* FILE_DIRECTORY_FILE | FILE_NON_DIRECTORY_FILE */ |
|
#define | FILE_STORAGE_TYPE_DEFAULT (StorageTypeDefault << FILE_STORAGE_TYPE_SHIFT) |
|
#define | FILE_STORAGE_TYPE_DIRECTORY (StorageTypeDirectory << FILE_STORAGE_TYPE_SHIFT) |
|
#define | FILE_STORAGE_TYPE_FILE (StorageTypeFile << FILE_STORAGE_TYPE_SHIFT) |
|
#define | FILE_STORAGE_TYPE_DOCFILE (StorageTypeDocfile << FILE_STORAGE_TYPE_SHIFT) |
|
#define | FILE_STORAGE_TYPE_JUNCTION_POINT (StorageTypeJunctionPoint << FILE_STORAGE_TYPE_SHIFT) |
|
#define | FILE_STORAGE_TYPE_CATALOG (StorageTypeCatalog << FILE_STORAGE_TYPE_SHIFT) |
|
#define | FILE_STORAGE_TYPE_STRUCTURED_STORAGE (StorageTypeStructuredStorage << FILE_STORAGE_TYPE_SHIFT) |
|
#define | FILE_STORAGE_TYPE_EMBEDDING (StorageTypeEmbedding << FILE_STORAGE_TYPE_SHIFT) |
|
#define | FILE_STORAGE_TYPE_STREAM (StorageTypeStream << FILE_STORAGE_TYPE_SHIFT) |
|
#define | FILE_MINIMUM_STORAGE_TYPE FILE_STORAGE_TYPE_DEFAULT |
|
#define | FILE_MAXIMUM_STORAGE_TYPE FILE_STORAGE_TYPE_STREAM |
|
#define | FILE_STORAGE_TYPE_MASK 0x000f0000 |
|
#define | FILE_STORAGE_TYPE_SHIFT 16 |
|
#define | FILE_VC_QUOTAS_LOG_VIOLATIONS 0x00000004 |
|
#define | IO_ATTACH_DEVICE_API 0x80000000 |
|
#define | IO_TYPE_APC 18 |
|
#define | IO_TYPE_DPC 19 |
|
#define | IO_TYPE_DEVICE_QUEUE 20 |
|
#define | IO_TYPE_EVENT_PAIR 21 |
|
#define | IO_TYPE_INTERRUPT 22 |
|
#define | IO_TYPE_PROFILE 23 |
|
#define | IRP_BEING_VERIFIED 0x10 |
|
#define | MAILSLOT_CLASS_FIRSTCLASS 1 |
|
#define | MAILSLOT_CLASS_SECONDCLASS 2 |
|
#define | MAILSLOT_SIZE_AUTO 0 |
|
#define | MEM_DOS_LIM 0x40000000 |
|
#define | OB_TYPE_TYPE 1 |
|
#define | OB_TYPE_DIRECTORY 2 |
|
#define | OB_TYPE_SYMBOLIC_LINK 3 |
|
#define | OB_TYPE_TOKEN 4 |
|
#define | OB_TYPE_PROCESS 5 |
|
#define | OB_TYPE_THREAD 6 |
|
#define | OB_TYPE_EVENT 7 |
|
#define | OB_TYPE_EVENT_PAIR 8 |
|
#define | OB_TYPE_MUTANT 9 |
|
#define | OB_TYPE_SEMAPHORE 10 |
|
#define | OB_TYPE_TIMER 11 |
|
#define | OB_TYPE_PROFILE 12 |
|
#define | OB_TYPE_WINDOW_STATION 13 |
|
#define | OB_TYPE_DESKTOP 14 |
|
#define | OB_TYPE_SECTION 15 |
|
#define | OB_TYPE_KEY 16 |
|
#define | OB_TYPE_PORT 17 |
|
#define | OB_TYPE_ADAPTER 18 |
|
#define | OB_TYPE_CONTROLLER 19 |
|
#define | OB_TYPE_DEVICE 20 |
|
#define | OB_TYPE_DRIVER 21 |
|
#define | OB_TYPE_IO_COMPLETION 22 |
|
#define | OB_TYPE_FILE 23 |
|
#define | SEC_BASED 0x00200000 |
|
#define | FSCTL_GET_HFS_INFORMATION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 31, METHOD_BUFFERED, FILE_ANY_ACCESS) |
|
#define | FSCTL_READ_PROPERTY_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 33, METHOD_NEITHER, FILE_ANY_ACCESS) |
|
#define | FSCTL_WRITE_PROPERTY_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 34, METHOD_NEITHER, FILE_ANY_ACCESS) |
|
#define | FSCTL_DUMP_PROPERTY_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 37, METHOD_NEITHER, FILE_ANY_ACCESS) |
|
#define | FSCTL_HSM_MSG CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 66, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA) |
|
#define | FSCTL_NSS_CONTROL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 67, METHOD_BUFFERED, FILE_WRITE_DATA) |
|
#define | FSCTL_HSM_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 68, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA) |
|
#define | FSCTL_NSS_RCONTROL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 70, METHOD_BUFFERED, FILE_READ_DATA) |
|
#define | FSCTL_NETWORK_SET_CONFIGURATION_INFO CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 102, METHOD_IN_DIRECT, FILE_ANY_ACCESS) |
|
#define | FSCTL_NETWORK_GET_CONFIGURATION_INFO CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 103, METHOD_OUT_DIRECT, FILE_ANY_ACCESS) |
|
#define | FSCTL_NETWORK_GET_CONNECTION_INFO CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 104, METHOD_NEITHER, FILE_ANY_ACCESS) |
|
#define | FSCTL_NETWORK_ENUMERATE_CONNECTIONS CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 105, METHOD_NEITHER, FILE_ANY_ACCESS) |
|
#define | FSCTL_NETWORK_DELETE_CONNECTION CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 107, METHOD_BUFFERED, FILE_ANY_ACCESS) |
|
#define | FSCTL_NETWORK_GET_STATISTICS CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 116, METHOD_BUFFERED, FILE_ANY_ACCESS) |
|
#define | FSCTL_NETWORK_SET_DOMAIN_NAME CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 120, METHOD_BUFFERED, FILE_ANY_ACCESS) |
|
#define | FSCTL_NETWORK_REMOTE_BOOT_INIT_SCRT CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 250, METHOD_BUFFERED, FILE_ANY_ACCESS) |
|
#define | LPC_CLIENT_ID CLIENT_ID |
|
#define | LPC_SIZE_T SIZE_T |
|
#define | LPC_PVOID PVOID |
|
#define | LPC_HANDLE HANDLE |
|
#define | LPC_KERNELMODE_MESSAGE (CSHORT)((USHORT)0x8000) |
|
#define | PsDereferenceImpersonationToken(T) |
|
#define | SeEnableAccessToExports() SeExports = *(PSE_EXPORTS *)SeExports; |
|
|
| $define (UCHAR=UCHAR) $define(ULONG |
|
| $include (setypes.h) $include(obtypes.h) $include(rtltypes.h) $include(rtlfuncs.h) _IRQL_requires_max_(PASSIVE_LEVEL) __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtQueryObject(_In_opt_ HANDLE Handle |
|
_In_ OBJECT_INFORMATION_CLASS | _Out_writes_bytes_opt_ (ObjectInformationLength) PVOID ObjectInformation |
|
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI | NtOpenThreadToken (_In_ HANDLE ThreadHandle, _In_ ACCESS_MASK DesiredAccess, _In_ BOOLEAN OpenAsSelf, _Out_ PHANDLE TokenHandle) |
| Opens a token that is tied to a thread handle.
|
|
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI | NtOpenProcessToken (_In_ HANDLE ProcessHandle, _In_ ACCESS_MASK DesiredAccess, _Out_ PHANDLE TokenHandle) |
|
| _When_ (TokenInformationClass==TokenAccessInformation, _At_(TokenInformationLength, _In_range_(>=, sizeof(TOKEN_ACCESS_INFORMATION)))) _Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtQueryInformationToken(_In_ HANDLE TokenHandle |
|
_In_ TOKEN_INFORMATION_CLASS | _Out_writes_bytes_to_opt_ (TokenInformationLength, *ReturnLength) PVOID TokenInformation |
|
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI | NtAdjustPrivilegesToken (_In_ HANDLE TokenHandle, _In_ BOOLEAN DisableAllPrivileges, _In_opt_ PTOKEN_PRIVILEGES NewState, _In_ ULONG BufferLength, _Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_PRIVILEGES PreviousState, _When_(PreviousState !=NULL, _Out_) PULONG ReturnLength) |
|
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI | NtCreateFile (_Out_ PHANDLE FileHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES ObjectAttributes, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _In_opt_ PLARGE_INTEGER AllocationSize, _In_ ULONG FileAttributes, _In_ ULONG ShareAccess, _In_ ULONG CreateDisposition, _In_ ULONG CreateOptions, _In_reads_bytes_opt_(EaLength) PVOID EaBuffer, _In_ ULONG EaLength) |
|
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI | NtDeviceIoControlFile (_In_ HANDLE FileHandle, _In_opt_ HANDLE Event, _In_opt_ PIO_APC_ROUTINE ApcRoutine, _In_opt_ PVOID ApcContext, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _In_ ULONG IoControlCode, _In_reads_bytes_opt_(InputBufferLength) PVOID InputBuffer, _In_ ULONG InputBufferLength, _Out_writes_bytes_opt_(OutputBufferLength) PVOID OutputBuffer, _In_ ULONG OutputBufferLength) |
|
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI | NtFsControlFile (_In_ HANDLE FileHandle, _In_opt_ HANDLE Event, _In_opt_ PIO_APC_ROUTINE ApcRoutine, _In_opt_ PVOID ApcContext, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _In_ ULONG FsControlCode, _In_reads_bytes_opt_(InputBufferLength) PVOID InputBuffer, _In_ ULONG InputBufferLength, _Out_writes_bytes_opt_(OutputBufferLength) PVOID OutputBuffer, _In_ ULONG OutputBufferLength) |
|
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI | NtLockFile (_In_ HANDLE FileHandle, _In_opt_ HANDLE Event, _In_opt_ PIO_APC_ROUTINE ApcRoutine, _In_opt_ PVOID ApcContext, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _In_ PLARGE_INTEGER ByteOffset, _In_ PLARGE_INTEGER Length, _In_ ULONG Key, _In_ BOOLEAN FailImmediately, _In_ BOOLEAN ExclusiveLock) |
|
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI | NtOpenFile (_Out_ PHANDLE FileHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES ObjectAttributes, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _In_ ULONG ShareAccess, _In_ ULONG OpenOptions) |
|
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI | NtQueryDirectoryFile (_In_ HANDLE FileHandle, _In_opt_ HANDLE Event, _In_opt_ PIO_APC_ROUTINE ApcRoutine, _In_opt_ PVOID ApcContext, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _Out_writes_bytes_(Length) PVOID FileInformation, _In_ ULONG Length, _In_ FILE_INFORMATION_CLASS FileInformationClass, _In_ BOOLEAN ReturnSingleEntry, _In_opt_ PUNICODE_STRING FileName, _In_ BOOLEAN RestartScan) |
|
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI | NtQueryInformationFile (_In_ HANDLE FileHandle, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _Out_writes_bytes_(Length) PVOID FileInformation, _In_ ULONG Length, _In_ FILE_INFORMATION_CLASS FileInformationClass) |
|
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI | NtQueryQuotaInformationFile (_In_ HANDLE FileHandle, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _Out_writes_bytes_(Length) PVOID Buffer, _In_ ULONG Length, _In_ BOOLEAN ReturnSingleEntry, _In_reads_bytes_opt_(SidListLength) PVOID SidList, _In_ ULONG SidListLength, _In_reads_bytes_opt_((8+(4 *((SID *) StartSid) ->SubAuthorityCount))) PSID StartSid, _In_ BOOLEAN RestartScan) |
|
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI | NtQueryVolumeInformationFile (_In_ HANDLE FileHandle, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _Out_writes_bytes_(Length) PVOID FsInformation, _In_ ULONG Length, _In_ FS_INFORMATION_CLASS FsInformationClass) |
|
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI | NtReadFile (_In_ HANDLE FileHandle, _In_opt_ HANDLE Event, _In_opt_ PIO_APC_ROUTINE ApcRoutine, _In_opt_ PVOID ApcContext, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _Out_writes_bytes_(Length) PVOID Buffer, _In_ ULONG Length, _In_opt_ PLARGE_INTEGER ByteOffset, _In_opt_ PULONG Key) |
|
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI | NtSetInformationFile (_In_ HANDLE FileHandle, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _In_reads_bytes_(Length) PVOID FileInformation, _In_ ULONG Length, _In_ FILE_INFORMATION_CLASS FileInformationClass) |
|
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI | NtSetQuotaInformationFile (_In_ HANDLE FileHandle, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _In_reads_bytes_(Length) PVOID Buffer, _In_ ULONG Length) |
|
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI | NtSetVolumeInformationFile (_In_ HANDLE FileHandle, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _In_reads_bytes_(Length) PVOID FsInformation, _In_ ULONG Length, _In_ FS_INFORMATION_CLASS FsInformationClass) |
|
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI | NtWriteFile (_In_ HANDLE FileHandle, _In_opt_ HANDLE Event, _In_opt_ PIO_APC_ROUTINE ApcRoutine, _In_opt_ PVOID ApcContext, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _In_reads_bytes_(Length) PVOID Buffer, _In_ ULONG Length, _In_opt_ PLARGE_INTEGER ByteOffset, _In_opt_ PULONG Key) |
|
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI | NtUnlockFile (_In_ HANDLE FileHandle, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _In_ PLARGE_INTEGER ByteOffset, _In_ PLARGE_INTEGER Length, _In_ ULONG Key) |
|
| _IRQL_requires_max_ (PASSIVE_LEVEL) __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtSetSecurityObject(_In_ HANDLE Handle |
| Queries information details about a security descriptor.
|
|
_In_ SECURITY_INFORMATION | _Out_writes_bytes_opt_ (Length) PSECURITY_DESCRIPTOR SecurityDescriptor |
|
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI | NtOpenThreadTokenEx (_In_ HANDLE ThreadHandle, _In_ ACCESS_MASK DesiredAccess, _In_ BOOLEAN OpenAsSelf, _In_ ULONG HandleAttributes, _Out_ PHANDLE TokenHandle) |
| Opens a token that is tied to a thread handle.
|
|
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI | NtOpenProcessTokenEx (_In_ HANDLE ProcessHandle, _In_ ACCESS_MASK DesiredAccess, _In_ ULONG HandleAttributes, _Out_ PHANDLE TokenHandle) |
|
_Must_inspect_result_ NTSYSAPI NTSTATUS NTAPI | NtOpenJobObjectToken (_In_ HANDLE JobHandle, _In_ ACCESS_MASK DesiredAccess, _Out_ PHANDLE TokenHandle) |
|
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI | NtDuplicateToken (_In_ HANDLE ExistingTokenHandle, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ BOOLEAN EffectiveOnly, _In_ TOKEN_TYPE TokenType, _Out_ PHANDLE NewTokenHandle) |
| Duplicates a token.
|
|
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI | NtFilterToken (_In_ HANDLE ExistingTokenHandle, _In_ ULONG Flags, _In_opt_ PTOKEN_GROUPS SidsToDisable, _In_opt_ PTOKEN_PRIVILEGES PrivilegesToDelete, _In_opt_ PTOKEN_GROUPS RestrictedSids, _Out_ PHANDLE NewTokenHandle) |
| Creates an access token in a restricted form from the original existing token, that is, such action is called filtering.
|
|
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI | NtImpersonateAnonymousToken (_In_ HANDLE ThreadHandle) |
| Allows the calling thread to impersonate the system's anonymous logon token.
|
|
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI | NtSetInformationToken (_In_ HANDLE TokenHandle, _In_ TOKEN_INFORMATION_CLASS TokenInformationClass, _In_reads_bytes_(TokenInformationLength) PVOID TokenInformation, _In_ ULONG TokenInformationLength) |
| Sets (modifies) some specific information in regard of an access token. The calling thread must have specific access rights in order to modify token's information data.
|
|
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI | NtAdjustGroupsToken (_In_ HANDLE TokenHandle, _In_ BOOLEAN ResetToDefault, _In_opt_ PTOKEN_GROUPS NewState, _In_opt_ ULONG BufferLength, _Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_GROUPS PreviousState, _Out_ PULONG ReturnLength) |
|
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI | NtPrivilegeCheck (_In_ HANDLE ClientToken, _Inout_ PPRIVILEGE_SET RequiredPrivileges, _Out_ PBOOLEAN Result) |
|
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI | NtAccessCheckAndAuditAlarm (_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ PUNICODE_STRING ObjectTypeName, _In_ PUNICODE_STRING ObjectName, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ ACCESS_MASK DesiredAccess, _In_ PGENERIC_MAPPING GenericMapping, _In_ BOOLEAN ObjectCreation, _Out_ PACCESS_MASK GrantedAccess, _Out_ PNTSTATUS AccessStatus, _Out_ PBOOLEAN GenerateOnClose) |
| Raises an alarm audit message when a caller attempts to access an object and determine if the access can be made.
|
|
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI | NtAccessCheckByTypeAndAuditAlarm (_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ PUNICODE_STRING ObjectTypeName, _In_ PUNICODE_STRING ObjectName, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_opt_ PSID PrincipalSelfSid, _In_ ACCESS_MASK DesiredAccess, _In_ AUDIT_EVENT_TYPE AuditType, _In_ ULONG Flags, _In_reads_opt_(ObjectTypeLength) POBJECT_TYPE_LIST ObjectTypeList, _In_ ULONG ObjectTypeLength, _In_ PGENERIC_MAPPING GenericMapping, _In_ BOOLEAN ObjectCreation, _Out_ PACCESS_MASK GrantedAccess, _Out_ PNTSTATUS AccessStatus, _Out_ PBOOLEAN GenerateOnClose) |
| Raises an alarm audit message when a caller attempts to access an object and determine if the access can be made by type.
|
|
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI | NtAccessCheckByTypeResultListAndAuditAlarm (_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ PUNICODE_STRING ObjectTypeName, _In_ PUNICODE_STRING ObjectName, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_opt_ PSID PrincipalSelfSid, _In_ ACCESS_MASK DesiredAccess, _In_ AUDIT_EVENT_TYPE AuditType, _In_ ULONG Flags, _In_reads_opt_(ObjectTypeListLength) POBJECT_TYPE_LIST ObjectTypeList, _In_ ULONG ObjectTypeListLength, _In_ PGENERIC_MAPPING GenericMapping, _In_ BOOLEAN ObjectCreation, _Out_writes_(ObjectTypeListLength) PACCESS_MASK GrantedAccess, _Out_writes_(ObjectTypeListLength) PNTSTATUS AccessStatus, _Out_ PBOOLEAN GenerateOnClose) |
| Raises an alarm audit message when a caller attempts to access an object and determine if the access can be made by given type result.
|
|
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI | NtAccessCheckByTypeResultListAndAuditAlarmByHandle (_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ HANDLE ClientToken, _In_ PUNICODE_STRING ObjectTypeName, _In_ PUNICODE_STRING ObjectName, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_opt_ PSID PrincipalSelfSid, _In_ ACCESS_MASK DesiredAccess, _In_ AUDIT_EVENT_TYPE AuditType, _In_ ULONG Flags, _In_reads_opt_(ObjectTypeListLength) POBJECT_TYPE_LIST ObjectTypeList, _In_ ULONG ObjectTypeListLength, _In_ PGENERIC_MAPPING GenericMapping, _In_ BOOLEAN ObjectCreation, _Out_writes_(ObjectTypeListLength) PACCESS_MASK GrantedAccess, _Out_writes_(ObjectTypeListLength) PNTSTATUS AccessStatus, _Out_ PBOOLEAN GenerateOnClose) |
| Raises an alarm audit message when a caller attempts to access an object and determine if the access can be made by given type result and a token handle.
|
|
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI | NtOpenObjectAuditAlarm (_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ PUNICODE_STRING ObjectTypeName, _In_ PUNICODE_STRING ObjectName, _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ HANDLE ClientToken, _In_ ACCESS_MASK DesiredAccess, _In_ ACCESS_MASK GrantedAccess, _In_opt_ PPRIVILEGE_SET Privileges, _In_ BOOLEAN ObjectCreation, _In_ BOOLEAN AccessGranted, _Out_ PBOOLEAN GenerateOnClose) |
| Raises an alarm audit message when an object is about to be opened.
|
|
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI | NtPrivilegeObjectAuditAlarm (_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ HANDLE ClientToken, _In_ ACCESS_MASK DesiredAccess, _In_ PPRIVILEGE_SET Privileges, _In_ BOOLEAN AccessGranted) |
|
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI | NtCloseObjectAuditAlarm (_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ BOOLEAN GenerateOnClose) |
|
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI | NtDeleteObjectAuditAlarm (_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ BOOLEAN GenerateOnClose) |
|
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI | NtPrivilegedServiceAuditAlarm (_In_ PUNICODE_STRING SubsystemName, _In_ PUNICODE_STRING ServiceName, _In_ HANDLE ClientToken, _In_ PPRIVILEGE_SET Privileges, _In_ BOOLEAN AccessGranted) |
|
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI | NtSetInformationThread (_In_ HANDLE ThreadHandle, _In_ THREADINFOCLASS ThreadInformationClass, _In_reads_bytes_(ThreadInformationLength) PVOID ThreadInformation, _In_ ULONG ThreadInformationLength) |
|
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI | NtCreateSection (_Out_ PHANDLE SectionHandle, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_opt_ PLARGE_INTEGER MaximumSize, _In_ ULONG SectionPageProtection, _In_ ULONG AllocationAttributes, _In_opt_ HANDLE FileHandle) |
|
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG | _In_reads_bytes_ (AuthenticationInformationLength) PVOID AuthenticationInformation |
|
_IRQL_requires_same_ NTSTATUS NTAPI | LsaFreeReturnBuffer (_In_ PVOID Buffer) |
|
| $include (iotypes.h) typedef struct _PUBLIC_OBJECT_BASIC_INFORMATION |
|
| $include (ketypes.h) $include(kefuncs.h) $include(extypes.h) $include(exfuncs.h) $include(sefuncs.h) $include(psfuncs.h) $include(iofuncs.h) $include(potypes.h) $include(pofuncs.h) $include(mmtypes.h) $include(mmfuncs.h) $include(obfuncs.h) $include(fsrtltypes.h) $include(fsrtlfuncs.h) $include(cctypes.h) $include(ccfuncs.h) $include(zwfuncs.h) $include(sspi.h) C_ASSERT(sizeof(ERESOURCE) |
|
| C_ASSERT (FIELD_OFFSET(ERESOURCE, ActiveCount)==0x0c) |
|
| C_ASSERT (FIELD_OFFSET(ERESOURCE, Flag)==0x0e) |
|
| DEFINE_GUID (GUID_ECP_NETWORK_OPEN_CONTEXT, 0xc584edbf, 0x00df, 0x4d28, 0xb8, 0x84, 0x35, 0xba, 0xca, 0x89, 0x11, 0xe8) |
|
| DEFINE_GUID (GUID_ECP_PREFETCH_OPEN, 0xe1777b21, 0x847e, 0x4837, 0xaa, 0x45, 0x64, 0x16, 0x1d, 0x28, 0x6, 0x55) |
|
| DEFINE_GUID (GUID_ECP_NFS_OPEN, 0xf326d30c, 0xe5f8, 0x4fe7, 0xab, 0x74, 0xf5, 0xa3, 0x19, 0x6d, 0x92, 0xdb) |
|
| DEFINE_GUID (GUID_ECP_SRV_OPEN, 0xbebfaebc, 0xaabf, 0x489d, 0x9d, 0x2c, 0xe9, 0xe3, 0x61, 0x10, 0x28, 0x53) |
|
NTKERNELAPI LARGE_INTEGER NTAPI | CcGetLsnForFileObject (_In_ PFILE_OBJECT FileObject, _Out_opt_ PLARGE_INTEGER OldestLsn) |
|
NTKERNELAPI PVOID NTAPI | FsRtlAllocatePool (_In_ POOL_TYPE PoolType, _In_ ULONG NumberOfBytes) |
|
NTKERNELAPI PVOID NTAPI | FsRtlAllocatePoolWithQuota (_In_ POOL_TYPE PoolType, _In_ ULONG NumberOfBytes) |
|
NTKERNELAPI PVOID NTAPI | FsRtlAllocatePoolWithQuotaTag (_In_ POOL_TYPE PoolType, _In_ ULONG NumberOfBytes, _In_ ULONG Tag) |
|
NTKERNELAPI PVOID NTAPI | FsRtlAllocatePoolWithTag (_In_ POOL_TYPE PoolType, _In_ ULONG NumberOfBytes, _In_ ULONG Tag) |
|
NTKERNELAPI BOOLEAN NTAPI | FsRtlMdlReadComplete (_In_ PFILE_OBJECT FileObject, _In_ PMDL MdlChain) |
|
NTKERNELAPI BOOLEAN NTAPI | FsRtlMdlWriteComplete (_In_ PFILE_OBJECT FileObject, _In_ PLARGE_INTEGER FileOffset, _In_ PMDL MdlChain) |
|
NTKERNELAPI VOID NTAPI | FsRtlNotifyChangeDirectory (_In_ PNOTIFY_SYNC NotifySync, _In_ PVOID FsContext, _In_ PSTRING FullDirectoryName, _In_ PLIST_ENTRY NotifyList, _In_ BOOLEAN WatchTree, _In_ ULONG CompletionFilter, _In_ PIRP NotifyIrp) |
|
NTKERNELAPI NTSTATUS NTAPI | ObCreateObject (_In_opt_ KPROCESSOR_MODE ObjectAttributesAccessMode, _In_ POBJECT_TYPE ObjectType, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ KPROCESSOR_MODE AccessMode, _Inout_opt_ PVOID ParseContext, _In_ ULONG ObjectSize, _In_opt_ ULONG PagedPoolCharge, _In_opt_ ULONG NonPagedPoolCharge, _Out_ PVOID *Object) |
|
NTKERNELAPI NTSTATUS NTAPI | ObReferenceObjectByName (_In_ PUNICODE_STRING ObjectName, _In_ ULONG Attributes, _In_opt_ PACCESS_STATE PassedAccessState, _In_opt_ ACCESS_MASK DesiredAccess, _In_ POBJECT_TYPE ObjectType, _In_ KPROCESSOR_MODE AccessMode, _Inout_opt_ PVOID ParseContext, _Out_ PVOID *Object) |
|
NTKERNELAPI NTSTATUS NTAPI | PsLookupProcessThreadByCid (_In_ PCLIENT_ID Cid, _Out_opt_ PEPROCESS *Process, _Out_ PETHREAD *Thread) |
|
NTSYSAPI NTSTATUS NTAPI | RtlSetSaclSecurityDescriptor (_Inout_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ BOOLEAN SaclPresent, _In_ PACL Sacl, _In_ BOOLEAN SaclDefaulted) |
|