ReactOS  0.4.15-dev-5487-ge7bbbf0
ntifs.template.h File Reference
#include <ntddk.h>
#include <excpt.h>
#include <ntdef.h>
#include <ntnls.h>
#include <ntstatus.h>
#include <bugcodes.h>
#include <ntiologc.h>
#include <guiddef.h>
#include "csq.h"
Include dependency graph for ntifs.template.h:

Go to the source code of this file.

Classes

struct  _MSV1_0_INTERACTIVE_LOGON
 
struct  _MSV1_0_INTERACTIVE_PROFILE
 
struct  _MSV1_0_LM20_LOGON
 
struct  _MSV1_0_SUBAUTH_LOGON
 
struct  _MSV1_0_LM20_LOGON_PROFILE
 
struct  _MSV1_0_SUPPLEMENTAL_CREDENTIAL
 
struct  _MSV1_0_NTLM3_RESPONSE
 
struct  _MSV1_0_AV_PAIR
 
struct  _MSV1_0_LM20_CHALLENGE_REQUEST
 
struct  _MSV1_0_LM20_CHALLENGE_RESPONSE
 
struct  _MSV1_0_GETCHALLENRESP_REQUEST_V1
 
struct  _MSV1_0_GETCHALLENRESP_REQUEST
 
struct  _MSV1_0_GETCHALLENRESP_RESPONSE
 
struct  _MSV1_0_ENUMUSERS_REQUEST
 
struct  _MSV1_0_ENUMUSERS_RESPONSE
 
struct  _MSV1_0_GETUSERINFO_REQUEST
 
struct  _MSV1_0_GETUSERINFO_RESPONSE
 
struct  _PUBLIC_OBJECT_TYPE_INFORMATION
 
struct  _NETWORK_OPEN_ECP_CONTEXT
 
struct  _NETWORK_OPEN_ECP_CONTEXT_V0
 
struct  _PREFETCH_OPEN_ECP_CONTEXT
 
struct  _NFS_OPEN_ECP_CONTEXT
 
struct  _SRV_OPEN_ECP_CONTEXT
 
struct  _QUERY_PATH_REQUEST
 
struct  _QUERY_PATH_REQUEST_EX
 
struct  _QUERY_PATH_RESPONSE
 
struct  _OBJECT_BASIC_INFORMATION
 
struct  _FILE_COPY_ON_WRITE_INFORMATION
 
struct  _FILE_FULL_DIRECTORY_INFORMATION
 
struct  _FILE_SHARED_LOCK_ENTRY
 
struct  _FILE_EXCLUSIVE_LOCK_ENTRY
 
struct  _FILE_MAILSLOT_PEEK_BUFFER
 
struct  _FILE_OLE_CLASSID_INFORMATION
 
struct  _FILE_OLE_ALL_INFORMATION
 
struct  _FILE_OLE_DIR_INFORMATION
 
struct  _FILE_OLE_INFORMATION
 
struct  _FILE_OLE_STATE_BITS_INFORMATION
 
struct  _MAPPING_PAIR
 
struct  _GET_RETRIEVAL_DESCRIPTOR
 
struct  _MOVEFILE_DESCRIPTOR
 
struct  _OBJECT_BASIC_INFO
 
struct  _OBJECT_HANDLE_ATTRIBUTE_INFO
 
struct  _OBJECT_NAME_INFO
 
struct  _OBJECT_PROTECTION_INFO
 
struct  _OBJECT_TYPE_INFO
 
struct  _OBJECT_ALL_TYPES_INFO
 
struct  _PORT_MESSAGE
 
struct  _PORT_VIEW
 
struct  _REMOTE_PORT_VIEW
 
struct  _VAD_HEADER
 

Macros

#define _NTIFS_INCLUDED_
 
#define _GNU_NTIFS_
 
#define FlagOn(_F, _SF)   ((_F) & (_SF))
 
#define BooleanFlagOn(F, SF)   ((BOOLEAN)(((F) & (SF)) != 0))
 
#define SetFlag(_F, _SF)   ((_F) |= (_SF))
 
#define ClearFlag(_F, _SF)   ((_F) &= ~(_SF))
 
#define COMPRESSION_FORMAT_NONE   (0x0000)
 
#define COMPRESSION_FORMAT_DEFAULT   (0x0001)
 
#define COMPRESSION_FORMAT_LZNT1   (0x0002)
 
#define COMPRESSION_ENGINE_STANDARD   (0x0000)
 
#define COMPRESSION_ENGINE_MAXIMUM   (0x0100)
 
#define COMPRESSION_ENGINE_HIBER   (0x0200)
 
#define MAX_UNICODE_STACK_BUFFER_LENGTH   256
 
#define METHOD_FROM_CTL_CODE(ctrlCode)   ((ULONG)(ctrlCode & 3))
 
#define METHOD_DIRECT_TO_HARDWARE   METHOD_IN_DIRECT
 
#define METHOD_DIRECT_FROM_HARDWARE   METHOD_OUT_DIRECT
 
#define _NTLSA_AUDIT_
 
#define _NTLSA_IFS_
 
#define MSV1_0_PACKAGE_NAME   "MICROSOFT_AUTHENTICATION_PACKAGE_V1_0"
 
#define MSV1_0_PACKAGE_NAMEW   L"MICROSOFT_AUTHENTICATION_PACKAGE_V1_0"
 
#define MSV1_0_PACKAGE_NAMEW_LENGTH   sizeof(MSV1_0_PACKAGE_NAMEW) - sizeof(WCHAR)
 
#define MSV1_0_SUBAUTHENTICATION_KEY   "SYSTEM\\CurrentControlSet\\Control\\Lsa\\MSV1_0"
 
#define MSV1_0_SUBAUTHENTICATION_VALUE   "Auth"
 
#define MSV1_0_CHALLENGE_LENGTH   8
 
#define MSV1_0_USER_SESSION_KEY_LENGTH   16
 
#define MSV1_0_LANMAN_SESSION_KEY_LENGTH   8
 
#define MSV1_0_CLEARTEXT_PASSWORD_ALLOWED   0x02
 
#define MSV1_0_UPDATE_LOGON_STATISTICS   0x04
 
#define MSV1_0_RETURN_USER_PARAMETERS   0x08
 
#define MSV1_0_DONT_TRY_GUEST_ACCOUNT   0x10
 
#define MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT   0x20
 
#define MSV1_0_RETURN_PASSWORD_EXPIRY   0x40
 
#define MSV1_0_USE_CLIENT_CHALLENGE   0x80
 
#define MSV1_0_TRY_GUEST_ACCOUNT_ONLY   0x100
 
#define MSV1_0_RETURN_PROFILE_PATH   0x200
 
#define MSV1_0_TRY_SPECIFIED_DOMAIN_ONLY   0x400
 
#define MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT   0x800
 
#define MSV1_0_DISABLE_PERSONAL_FALLBACK   0x00001000
 
#define MSV1_0_ALLOW_FORCE_GUEST   0x00002000
 
#define MSV1_0_SUBAUTHENTICATION_DLL_EX   0x00100000
 
#define MSV1_0_ALLOW_MSVCHAPV2   0x00010000
 
#define MSV1_0_SUBAUTHENTICATION_DLL   0xFF000000
 
#define MSV1_0_SUBAUTHENTICATION_DLL_SHIFT   24
 
#define MSV1_0_MNS_LOGON   0x01000000
 
#define MSV1_0_SUBAUTHENTICATION_DLL_RAS   2
 
#define MSV1_0_SUBAUTHENTICATION_DLL_IIS   132
 
#define LOGON_GUEST   0x01
 
#define LOGON_NOENCRYPTION   0x02
 
#define LOGON_CACHED_ACCOUNT   0x04
 
#define LOGON_USED_LM_PASSWORD   0x08
 
#define LOGON_EXTRA_SIDS   0x20
 
#define LOGON_SUBAUTH_SESSION_KEY   0x40
 
#define LOGON_SERVER_TRUST_ACCOUNT   0x80
 
#define LOGON_NTLMV2_ENABLED   0x100
 
#define LOGON_RESOURCE_GROUPS   0x200
 
#define LOGON_PROFILE_PATH_RETURNED   0x400
 
#define LOGON_NT_V2   0x800
 
#define LOGON_LM_V2   0x1000
 
#define LOGON_NTLM_V2   0x2000
 
#define MSV1_0_SUBAUTHENTICATION_FLAGS   0xFF000000
 
#define LOGON_GRACE_LOGON   0x01000000
 
#define MSV1_0_OWF_PASSWORD_LENGTH   16
 
#define MSV1_0_CRED_LM_PRESENT   0x1
 
#define MSV1_0_CRED_NT_PRESENT   0x2
 
#define MSV1_0_CRED_VERSION   0
 
#define MSV1_0_NTLM3_RESPONSE_LENGTH   16
 
#define MSV1_0_NTLM3_OWF_LENGTH   16
 
#define MSV1_0_MAX_NTLM3_LIFE   129600
 
#define MSV1_0_MAX_AVL_SIZE   64000
 
#define MSV1_0_NTLM3_INPUT_LENGTH   (sizeof(MSV1_0_NTLM3_RESPONSE) - MSV1_0_NTLM3_RESPONSE_LENGTH)
 
#define USE_PRIMARY_PASSWORD   0x01
 
#define RETURN_PRIMARY_USERNAME   0x02
 
#define RETURN_PRIMARY_LOGON_DOMAINNAME   0x04
 
#define RETURN_NON_NT_USER_SESSION_KEY   0x08
 
#define GENERATE_CLIENT_CHALLENGE   0x10
 
#define GCR_NTLM3_PARMS   0x20
 
#define GCR_TARGET_INFO   0x40
 
#define RETURN_RESERVED_PARAMETER   0x80
 
#define GCR_ALLOW_NTLM   0x100
 
#define GCR_USE_OEM_SET   0x200
 
#define GCR_MACHINE_CREDENTIAL   0x400
 
#define GCR_USE_OWF_PASSWORD   0x800
 
#define GCR_ALLOW_LM   0x1000
 
#define GCR_ALLOW_NO_TARGET   0x2000
 
#define SYSTEM_PAGE_PRIORITY_BITS   3
 
#define SYSTEM_PAGE_PRIORITY_LEVELS   (1 << SYSTEM_PAGE_PRIORITY_BITS)
 
#define NLS_OEM_LEAD_BYTE_INFO   (*NlsOemLeadByteInfo)
 
#define NETWORK_OPEN_ECP_IN_FLAG_DISABLE_HANDLE_COLLAPSING   0x1
 
#define NETWORK_OPEN_ECP_IN_FLAG_DISABLE_HANDLE_DURABILITY   0x2
 
#define NETWORK_OPEN_ECP_IN_FLAG_FORCE_BUFFERED_SYNCHRONOUS_IO_HACK   0x80000000
 
#define PIN_WAIT   (1)
 
#define PIN_EXCLUSIVE   (2)
 
#define PIN_NO_READ   (4)
 
#define PIN_IF_BCB   (8)
 
#define PIN_CALLER_TRACKS_DIRTY_DATA   (32)
 
#define PIN_HIGH_PRIORITY   (64)
 
#define MAP_WAIT   1
 
#define MAP_NO_READ   (16)
 
#define MAP_HIGH_PRIORITY   (64)
 
#define IOCTL_REDIR_QUERY_PATH   CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 99, METHOD_NEITHER, FILE_ANY_ACCESS)
 
#define IOCTL_REDIR_QUERY_PATH_EX   CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 100, METHOD_NEITHER, FILE_ANY_ACCESS)
 
#define VOLSNAPCONTROLTYPE   0x00000053
 
#define IOCTL_VOLSNAP_FLUSH_AND_HOLD_WRITES   CTL_CODE(VOLSNAPCONTROLTYPE, 0, METHOD_BUFFERED, FILE_READ_ACCESS | FILE_WRITE_ACCESS)
 
#define VER_PRODUCTBUILD   10000
 
#define FS_LFN_APIS   0x00004000
 
#define FILE_STORAGE_TYPE_SPECIFIED   0x00000041 /* FILE_DIRECTORY_FILE | FILE_NON_DIRECTORY_FILE */
 
#define FILE_STORAGE_TYPE_DEFAULT   (StorageTypeDefault << FILE_STORAGE_TYPE_SHIFT)
 
#define FILE_STORAGE_TYPE_DIRECTORY   (StorageTypeDirectory << FILE_STORAGE_TYPE_SHIFT)
 
#define FILE_STORAGE_TYPE_FILE   (StorageTypeFile << FILE_STORAGE_TYPE_SHIFT)
 
#define FILE_STORAGE_TYPE_DOCFILE   (StorageTypeDocfile << FILE_STORAGE_TYPE_SHIFT)
 
#define FILE_STORAGE_TYPE_JUNCTION_POINT   (StorageTypeJunctionPoint << FILE_STORAGE_TYPE_SHIFT)
 
#define FILE_STORAGE_TYPE_CATALOG   (StorageTypeCatalog << FILE_STORAGE_TYPE_SHIFT)
 
#define FILE_STORAGE_TYPE_STRUCTURED_STORAGE   (StorageTypeStructuredStorage << FILE_STORAGE_TYPE_SHIFT)
 
#define FILE_STORAGE_TYPE_EMBEDDING   (StorageTypeEmbedding << FILE_STORAGE_TYPE_SHIFT)
 
#define FILE_STORAGE_TYPE_STREAM   (StorageTypeStream << FILE_STORAGE_TYPE_SHIFT)
 
#define FILE_MINIMUM_STORAGE_TYPE   FILE_STORAGE_TYPE_DEFAULT
 
#define FILE_MAXIMUM_STORAGE_TYPE   FILE_STORAGE_TYPE_STREAM
 
#define FILE_STORAGE_TYPE_MASK   0x000f0000
 
#define FILE_STORAGE_TYPE_SHIFT   16
 
#define FILE_VC_QUOTAS_LOG_VIOLATIONS   0x00000004
 
#define IO_ATTACH_DEVICE_API   0x80000000
 
#define IO_TYPE_APC   18
 
#define IO_TYPE_DPC   19
 
#define IO_TYPE_DEVICE_QUEUE   20
 
#define IO_TYPE_EVENT_PAIR   21
 
#define IO_TYPE_INTERRUPT   22
 
#define IO_TYPE_PROFILE   23
 
#define IRP_BEING_VERIFIED   0x10
 
#define MAILSLOT_CLASS_FIRSTCLASS   1
 
#define MAILSLOT_CLASS_SECONDCLASS   2
 
#define MAILSLOT_SIZE_AUTO   0
 
#define MEM_DOS_LIM   0x40000000
 
#define OB_TYPE_TYPE   1
 
#define OB_TYPE_DIRECTORY   2
 
#define OB_TYPE_SYMBOLIC_LINK   3
 
#define OB_TYPE_TOKEN   4
 
#define OB_TYPE_PROCESS   5
 
#define OB_TYPE_THREAD   6
 
#define OB_TYPE_EVENT   7
 
#define OB_TYPE_EVENT_PAIR   8
 
#define OB_TYPE_MUTANT   9
 
#define OB_TYPE_SEMAPHORE   10
 
#define OB_TYPE_TIMER   11
 
#define OB_TYPE_PROFILE   12
 
#define OB_TYPE_WINDOW_STATION   13
 
#define OB_TYPE_DESKTOP   14
 
#define OB_TYPE_SECTION   15
 
#define OB_TYPE_KEY   16
 
#define OB_TYPE_PORT   17
 
#define OB_TYPE_ADAPTER   18
 
#define OB_TYPE_CONTROLLER   19
 
#define OB_TYPE_DEVICE   20
 
#define OB_TYPE_DRIVER   21
 
#define OB_TYPE_IO_COMPLETION   22
 
#define OB_TYPE_FILE   23
 
#define SEC_BASED   0x00200000
 
#define FSCTL_GET_HFS_INFORMATION   CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 31, METHOD_BUFFERED, FILE_ANY_ACCESS)
 
#define FSCTL_READ_PROPERTY_DATA   CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 33, METHOD_NEITHER, FILE_ANY_ACCESS)
 
#define FSCTL_WRITE_PROPERTY_DATA   CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 34, METHOD_NEITHER, FILE_ANY_ACCESS)
 
#define FSCTL_DUMP_PROPERTY_DATA   CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 37, METHOD_NEITHER, FILE_ANY_ACCESS)
 
#define FSCTL_HSM_MSG   CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 66, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA)
 
#define FSCTL_NSS_CONTROL   CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 67, METHOD_BUFFERED, FILE_WRITE_DATA)
 
#define FSCTL_HSM_DATA   CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 68, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA)
 
#define FSCTL_NSS_RCONTROL   CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 70, METHOD_BUFFERED, FILE_READ_DATA)
 
#define FSCTL_NETWORK_SET_CONFIGURATION_INFO   CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 102, METHOD_IN_DIRECT, FILE_ANY_ACCESS)
 
#define FSCTL_NETWORK_GET_CONFIGURATION_INFO   CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 103, METHOD_OUT_DIRECT, FILE_ANY_ACCESS)
 
#define FSCTL_NETWORK_GET_CONNECTION_INFO   CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 104, METHOD_NEITHER, FILE_ANY_ACCESS)
 
#define FSCTL_NETWORK_ENUMERATE_CONNECTIONS   CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 105, METHOD_NEITHER, FILE_ANY_ACCESS)
 
#define FSCTL_NETWORK_DELETE_CONNECTION   CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 107, METHOD_BUFFERED, FILE_ANY_ACCESS)
 
#define FSCTL_NETWORK_GET_STATISTICS   CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 116, METHOD_BUFFERED, FILE_ANY_ACCESS)
 
#define FSCTL_NETWORK_SET_DOMAIN_NAME   CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 120, METHOD_BUFFERED, FILE_ANY_ACCESS)
 
#define FSCTL_NETWORK_REMOTE_BOOT_INIT_SCRT   CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 250, METHOD_BUFFERED, FILE_ANY_ACCESS)
 
#define LPC_CLIENT_ID   CLIENT_ID
 
#define LPC_SIZE_T   SIZE_T
 
#define LPC_PVOID   PVOID
 
#define LPC_HANDLE   HANDLE
 
#define LPC_KERNELMODE_MESSAGE   (CSHORT)((USHORT)0x8000)
 
#define PsDereferenceImpersonationToken(T)
 
#define SeEnableAccessToExports()   SeExports = *(PSE_EXPORTS *)SeExports;
 

Typedefs

typedef STRING LSA_STRING
 
typedef STRINGPLSA_STRING
 
typedef OBJECT_ATTRIBUTES LSA_OBJECT_ATTRIBUTES
 
typedef OBJECT_ATTRIBUTESPLSA_OBJECT_ATTRIBUTES
 
typedef ULONG LSA_OPERATIONAL_MODE
 
typedef ULONGPLSA_OPERATIONAL_MODE
 
typedef enum _SECURITY_LOGON_TYPE SECURITY_LOGON_TYPE
 
typedef enum _SECURITY_LOGON_TYPEPSECURITY_LOGON_TYPE
 
typedef enum _MSV1_0_LOGON_SUBMIT_TYPE MSV1_0_LOGON_SUBMIT_TYPE
 
typedef enum _MSV1_0_LOGON_SUBMIT_TYPEPMSV1_0_LOGON_SUBMIT_TYPE
 
typedef enum _MSV1_0_PROFILE_BUFFER_TYPE MSV1_0_PROFILE_BUFFER_TYPE
 
typedef enum _MSV1_0_PROFILE_BUFFER_TYPEPMSV1_0_PROFILE_BUFFER_TYPE
 
typedef struct _MSV1_0_INTERACTIVE_LOGON MSV1_0_INTERACTIVE_LOGON
 
typedef struct _MSV1_0_INTERACTIVE_LOGONPMSV1_0_INTERACTIVE_LOGON
 
typedef struct _MSV1_0_INTERACTIVE_PROFILE MSV1_0_INTERACTIVE_PROFILE
 
typedef struct _MSV1_0_INTERACTIVE_PROFILEPMSV1_0_INTERACTIVE_PROFILE
 
typedef struct _MSV1_0_LM20_LOGON MSV1_0_LM20_LOGON
 
typedef struct _MSV1_0_LM20_LOGONPMSV1_0_LM20_LOGON
 
typedef struct _MSV1_0_SUBAUTH_LOGON MSV1_0_SUBAUTH_LOGON
 
typedef struct _MSV1_0_SUBAUTH_LOGONPMSV1_0_SUBAUTH_LOGON
 
typedef struct _MSV1_0_LM20_LOGON_PROFILE MSV1_0_LM20_LOGON_PROFILE
 
typedef struct _MSV1_0_LM20_LOGON_PROFILEPMSV1_0_LM20_LOGON_PROFILE
 
typedef struct _MSV1_0_SUPPLEMENTAL_CREDENTIAL MSV1_0_SUPPLEMENTAL_CREDENTIAL
 
typedef struct _MSV1_0_SUPPLEMENTAL_CREDENTIALPMSV1_0_SUPPLEMENTAL_CREDENTIAL
 
typedef struct _MSV1_0_NTLM3_RESPONSE MSV1_0_NTLM3_RESPONSE
 
typedef struct _MSV1_0_NTLM3_RESPONSEPMSV1_0_NTLM3_RESPONSE
 
typedef enum _MSV1_0_AVID MSV1_0_AVID
 
typedef struct _MSV1_0_AV_PAIR MSV1_0_AV_PAIR
 
typedef struct _MSV1_0_AV_PAIRPMSV1_0_AV_PAIR
 
typedef enum _MSV1_0_PROTOCOL_MESSAGE_TYPE MSV1_0_PROTOCOL_MESSAGE_TYPE
 
typedef enum _MSV1_0_PROTOCOL_MESSAGE_TYPEPMSV1_0_PROTOCOL_MESSAGE_TYPE
 
typedef struct _MSV1_0_LM20_CHALLENGE_REQUEST MSV1_0_LM20_CHALLENGE_REQUEST
 
typedef struct _MSV1_0_LM20_CHALLENGE_REQUESTPMSV1_0_LM20_CHALLENGE_REQUEST
 
typedef struct _MSV1_0_LM20_CHALLENGE_RESPONSE MSV1_0_LM20_CHALLENGE_RESPONSE
 
typedef struct _MSV1_0_LM20_CHALLENGE_RESPONSEPMSV1_0_LM20_CHALLENGE_RESPONSE
 
typedef struct _MSV1_0_GETCHALLENRESP_REQUEST_V1 MSV1_0_GETCHALLENRESP_REQUEST_V1
 
typedef struct _MSV1_0_GETCHALLENRESP_REQUEST_V1PMSV1_0_GETCHALLENRESP_REQUEST_V1
 
typedef struct _MSV1_0_GETCHALLENRESP_REQUEST MSV1_0_GETCHALLENRESP_REQUEST
 
typedef struct _MSV1_0_GETCHALLENRESP_REQUESTPMSV1_0_GETCHALLENRESP_REQUEST
 
typedef struct _MSV1_0_GETCHALLENRESP_RESPONSE MSV1_0_GETCHALLENRESP_RESPONSE
 
typedef struct _MSV1_0_GETCHALLENRESP_RESPONSEPMSV1_0_GETCHALLENRESP_RESPONSE
 
typedef struct _MSV1_0_ENUMUSERS_REQUEST MSV1_0_ENUMUSERS_REQUEST
 
typedef struct _MSV1_0_ENUMUSERS_REQUESTPMSV1_0_ENUMUSERS_REQUEST
 
typedef struct _MSV1_0_ENUMUSERS_RESPONSE MSV1_0_ENUMUSERS_RESPONSE
 
typedef struct _MSV1_0_ENUMUSERS_RESPONSEPMSV1_0_ENUMUSERS_RESPONSE
 
typedef struct _MSV1_0_GETUSERINFO_REQUEST MSV1_0_GETUSERINFO_REQUEST
 
typedef struct _MSV1_0_GETUSERINFO_REQUESTPMSV1_0_GETUSERINFO_REQUEST
 
typedef struct _MSV1_0_GETUSERINFO_RESPONSE MSV1_0_GETUSERINFO_RESPONSE
 
typedef struct _MSV1_0_GETUSERINFO_RESPONSEPMSV1_0_GETUSERINFO_RESPONSE
 
typedef struct _PUBLIC_OBJECT_TYPE_INFORMATION PUBLIC_OBJECT_TYPE_INFORMATION
 
typedef struct _PUBLIC_OBJECT_TYPE_INFORMATIONPPUBLIC_OBJECT_TYPE_INFORMATION
 
typedef enum _NETWORK_OPEN_LOCATION_QUALIFIER NETWORK_OPEN_LOCATION_QUALIFIER
 
typedef enum _NETWORK_OPEN_INTEGRITY_QUALIFIER NETWORK_OPEN_INTEGRITY_QUALIFIER
 
typedef struct _NETWORK_OPEN_ECP_CONTEXT NETWORK_OPEN_ECP_CONTEXT
 
typedef struct _NETWORK_OPEN_ECP_CONTEXTPNETWORK_OPEN_ECP_CONTEXT
 
typedef struct _NETWORK_OPEN_ECP_CONTEXT_V0 NETWORK_OPEN_ECP_CONTEXT_V0
 
typedef struct _NETWORK_OPEN_ECP_CONTEXT_V0PNETWORK_OPEN_ECP_CONTEXT_V0
 
typedef struct _PREFETCH_OPEN_ECP_CONTEXT PREFETCH_OPEN_ECP_CONTEXT
 
typedef struct _PREFETCH_OPEN_ECP_CONTEXTPPREFETCH_OPEN_ECP_CONTEXT
 
typedef struct sockaddr_storagePSOCKADDR_STORAGE_NFS
 
typedef struct _NFS_OPEN_ECP_CONTEXT NFS_OPEN_ECP_CONTEXT
 
typedef struct _NFS_OPEN_ECP_CONTEXTPNFS_OPEN_ECP_CONTEXT
 
typedef struct _NFS_OPEN_ECP_CONTEXT ** PPNFS_OPEN_ECP_CONTEXT
 
typedef struct _SRV_OPEN_ECP_CONTEXT SRV_OPEN_ECP_CONTEXT
 
typedef struct _SRV_OPEN_ECP_CONTEXTPSRV_OPEN_ECP_CONTEXT
 
typedef struct _QUERY_PATH_REQUEST QUERY_PATH_REQUEST
 
typedef struct _QUERY_PATH_REQUESTPQUERY_PATH_REQUEST
 
typedef struct _QUERY_PATH_REQUEST_EX QUERY_PATH_REQUEST_EX
 
typedef struct _QUERY_PATH_REQUEST_EXPQUERY_PATH_REQUEST_EX
 
typedef struct _QUERY_PATH_RESPONSE QUERY_PATH_RESPONSE
 
typedef struct _QUERY_PATH_RESPONSEPQUERY_PATH_RESPONSE
 
typedef enum _FILE_STORAGE_TYPE FILE_STORAGE_TYPE
 
typedef struct _OBJECT_BASIC_INFORMATION OBJECT_BASIC_INFORMATION
 
typedef struct _OBJECT_BASIC_INFORMATIONPOBJECT_BASIC_INFORMATION
 
typedef struct _FILE_COPY_ON_WRITE_INFORMATION FILE_COPY_ON_WRITE_INFORMATION
 
typedef struct _FILE_COPY_ON_WRITE_INFORMATIONPFILE_COPY_ON_WRITE_INFORMATION
 
typedef struct _FILE_FULL_DIRECTORY_INFORMATION FILE_FULL_DIRECTORY_INFORMATION
 
typedef struct _FILE_FULL_DIRECTORY_INFORMATIONPFILE_FULL_DIRECTORY_INFORMATION
 
typedef struct _FILE_SHARED_LOCK_ENTRY FILE_SHARED_LOCK_ENTRY
 
typedef struct _FILE_SHARED_LOCK_ENTRYPFILE_SHARED_LOCK_ENTRY
 
typedef struct _FILE_EXCLUSIVE_LOCK_ENTRY FILE_EXCLUSIVE_LOCK_ENTRY
 
typedef struct _FILE_EXCLUSIVE_LOCK_ENTRYPFILE_EXCLUSIVE_LOCK_ENTRY
 
typedef struct _FILE_MAILSLOT_PEEK_BUFFER FILE_MAILSLOT_PEEK_BUFFER
 
typedef struct _FILE_MAILSLOT_PEEK_BUFFERPFILE_MAILSLOT_PEEK_BUFFER
 
typedef struct _FILE_OLE_CLASSID_INFORMATION FILE_OLE_CLASSID_INFORMATION
 
typedef struct _FILE_OLE_CLASSID_INFORMATIONPFILE_OLE_CLASSID_INFORMATION
 
typedef struct _FILE_OLE_ALL_INFORMATION FILE_OLE_ALL_INFORMATION
 
typedef struct _FILE_OLE_ALL_INFORMATIONPFILE_OLE_ALL_INFORMATION
 
typedef struct _FILE_OLE_DIR_INFORMATION FILE_OLE_DIR_INFORMATION
 
typedef struct _FILE_OLE_DIR_INFORMATIONPFILE_OLE_DIR_INFORMATION
 
typedef struct _FILE_OLE_INFORMATION FILE_OLE_INFORMATION
 
typedef struct _FILE_OLE_INFORMATIONPFILE_OLE_INFORMATION
 
typedef struct _FILE_OLE_STATE_BITS_INFORMATION FILE_OLE_STATE_BITS_INFORMATION
 
typedef struct _FILE_OLE_STATE_BITS_INFORMATIONPFILE_OLE_STATE_BITS_INFORMATION
 
typedef struct _MAPPING_PAIR MAPPING_PAIR
 
typedef struct _MAPPING_PAIRPMAPPING_PAIR
 
typedef struct _GET_RETRIEVAL_DESCRIPTOR GET_RETRIEVAL_DESCRIPTOR
 
typedef struct _GET_RETRIEVAL_DESCRIPTORPGET_RETRIEVAL_DESCRIPTOR
 
typedef struct _MOVEFILE_DESCRIPTOR MOVEFILE_DESCRIPTOR
 
typedef struct _MOVEFILE_DESCRIPTORPMOVEFILE_DESCRIPTOR
 
typedef struct _OBJECT_BASIC_INFO OBJECT_BASIC_INFO
 
typedef struct _OBJECT_BASIC_INFOPOBJECT_BASIC_INFO
 
typedef struct _OBJECT_HANDLE_ATTRIBUTE_INFO OBJECT_HANDLE_ATTRIBUTE_INFO
 
typedef struct _OBJECT_HANDLE_ATTRIBUTE_INFOPOBJECT_HANDLE_ATTRIBUTE_INFO
 
typedef struct _OBJECT_NAME_INFO OBJECT_NAME_INFO
 
typedef struct _OBJECT_NAME_INFOPOBJECT_NAME_INFO
 
typedef struct _OBJECT_PROTECTION_INFO OBJECT_PROTECTION_INFO
 
typedef struct _OBJECT_PROTECTION_INFOPOBJECT_PROTECTION_INFO
 
typedef struct _OBJECT_TYPE_INFO OBJECT_TYPE_INFO
 
typedef struct _OBJECT_TYPE_INFOPOBJECT_TYPE_INFO
 
typedef struct _OBJECT_ALL_TYPES_INFO OBJECT_ALL_TYPES_INFO
 
typedef struct _OBJECT_ALL_TYPES_INFOPOBJECT_ALL_TYPES_INFO
 
typedef struct _PORT_MESSAGE PORT_MESSAGE
 
typedef struct _PORT_MESSAGEPPORT_MESSAGE
 
typedef struct _PORT_VIEW PORT_VIEW
 
typedef struct _PORT_VIEWPPORT_VIEW
 
typedef struct _REMOTE_PORT_VIEW REMOTE_PORT_VIEW
 
typedef struct _REMOTE_PORT_VIEWPREMOTE_PORT_VIEW
 
typedef struct _VAD_HEADER VAD_HEADER
 
typedef struct _VAD_HEADERPVAD_HEADER
 

Enumerations

enum  _SECURITY_LOGON_TYPE {
  Interactive = 2, Network, Batch, Service,
  Proxy, Unlock, UndefinedLogonType = 0, Interactive = 2,
  Network, Batch, Service, Proxy,
  Unlock, NetworkCleartext, NewCredentials
}
 
enum  _MSV1_0_LOGON_SUBMIT_TYPE {
  MsV1_0InteractiveLogon = 2, MsV1_0Lm20Logon, MsV1_0NetworkLogon, MsV1_0SubAuthLogon,
  MsV1_0WorkstationUnlockLogon = 7, MsV1_0InteractiveLogon = 2, MsV1_0Lm20Logon, MsV1_0NetworkLogon,
  MsV1_0SubAuthLogon, MsV1_0WorkstationUnlockLogon = 7, MsV1_0S4ULogon = 12, MsV1_0VirtualLogon = 82
}
 
enum  _MSV1_0_PROFILE_BUFFER_TYPE {
  MsV1_0InteractiveProfile = 2, MsV1_0Lm20LogonProfile, MsV1_0SmartCardProfile, MsV1_0InteractiveProfile = 2,
  MsV1_0Lm20LogonProfile, MsV1_0SmartCardProfile
}
 
enum  _MSV1_0_AVID {
  MsvAvEOL, MsvAvNbComputerName, MsvAvNbDomainName, MsvAvDnsComputerName,
  MsvAvDnsDomainName
}
 
enum  _MSV1_0_PROTOCOL_MESSAGE_TYPE {
  MsV1_0Lm20ChallengeRequest = 0, MsV1_0Lm20GetChallengeResponse, MsV1_0EnumerateUsers, MsV1_0GetUserInfo,
  MsV1_0ReLogonUsers, MsV1_0ChangePassword, MsV1_0ChangeCachedPassword, MsV1_0GenericPassthrough,
  MsV1_0CacheLogon, MsV1_0SubAuth, MsV1_0DeriveCredential, MsV1_0CacheLookup,
  MsV1_0SetProcessOption, MsV1_0Lm20ChallengeRequest = 0, MsV1_0Lm20GetChallengeResponse, MsV1_0EnumerateUsers,
  MsV1_0GetUserInfo, MsV1_0ReLogonUsers, MsV1_0ChangePassword, MsV1_0ChangeCachedPassword,
  MsV1_0GenericPassthrough, MsV1_0CacheLogon, MsV1_0SubAuth, MsV1_0DeriveCredential,
  MsV1_0CacheLookup
}
 
enum  _NETWORK_OPEN_LOCATION_QUALIFIER { NetworkOpenLocationAny, NetworkOpenLocationRemote, NetworkOpenLocationLoopback }
 
enum  _NETWORK_OPEN_INTEGRITY_QUALIFIER {
  NetworkOpenIntegrityAny, NetworkOpenIntegrityNone, NetworkOpenIntegritySigned, NetworkOpenIntegrityEncrypted,
  NetworkOpenIntegrityMaximum
}
 
enum  _FILE_STORAGE_TYPE {
  StorageTypeDefault = 1, StorageTypeDirectory, StorageTypeFile, StorageTypeJunctionPoint,
  StorageTypeCatalog, StorageTypeStructuredStorage, StorageTypeEmbedding, StorageTypeStream
}
 

Functions

 $define (UCHAR=UCHAR) $define(ULONG
 
 $include (setypes.h) $include(obtypes.h) $include(rtltypes.h) $include(rtlfuncs.h) _IRQL_requires_max_(PASSIVE_LEVEL) __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtQueryObject(_In_opt_ HANDLE Handle
 
_In_ OBJECT_INFORMATION_CLASS _Out_writes_bytes_opt_ (ObjectInformationLength) PVOID ObjectInformation
 
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtOpenThreadToken (_In_ HANDLE ThreadHandle, _In_ ACCESS_MASK DesiredAccess, _In_ BOOLEAN OpenAsSelf, _Out_ PHANDLE TokenHandle)
 Opens a token that is tied to a thread handle. More...
 
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtOpenProcessToken (_In_ HANDLE ProcessHandle, _In_ ACCESS_MASK DesiredAccess, _Out_ PHANDLE TokenHandle)
 
 _When_ (TokenInformationClass==TokenAccessInformation, _At_(TokenInformationLength, _In_range_(>=, sizeof(TOKEN_ACCESS_INFORMATION)))) _Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtQueryInformationToken(_In_ HANDLE TokenHandle
 
_In_ TOKEN_INFORMATION_CLASS _Out_writes_bytes_to_opt_ (TokenInformationLength, *ReturnLength) PVOID TokenInformation
 
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAdjustPrivilegesToken (_In_ HANDLE TokenHandle, _In_ BOOLEAN DisableAllPrivileges, _In_opt_ PTOKEN_PRIVILEGES NewState, _In_ ULONG BufferLength, _Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_PRIVILEGES PreviousState, _When_(PreviousState !=NULL, _Out_) PULONG ReturnLength)
 
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtCreateFile (_Out_ PHANDLE FileHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES ObjectAttributes, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _In_opt_ PLARGE_INTEGER AllocationSize, _In_ ULONG FileAttributes, _In_ ULONG ShareAccess, _In_ ULONG CreateDisposition, _In_ ULONG CreateOptions, _In_reads_bytes_opt_(EaLength) PVOID EaBuffer, _In_ ULONG EaLength)
 
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtDeviceIoControlFile (_In_ HANDLE FileHandle, _In_opt_ HANDLE Event, _In_opt_ PIO_APC_ROUTINE ApcRoutine, _In_opt_ PVOID ApcContext, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _In_ ULONG IoControlCode, _In_reads_bytes_opt_(InputBufferLength) PVOID InputBuffer, _In_ ULONG InputBufferLength, _Out_writes_bytes_opt_(OutputBufferLength) PVOID OutputBuffer, _In_ ULONG OutputBufferLength)
 
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtFsControlFile (_In_ HANDLE FileHandle, _In_opt_ HANDLE Event, _In_opt_ PIO_APC_ROUTINE ApcRoutine, _In_opt_ PVOID ApcContext, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _In_ ULONG FsControlCode, _In_reads_bytes_opt_(InputBufferLength) PVOID InputBuffer, _In_ ULONG InputBufferLength, _Out_writes_bytes_opt_(OutputBufferLength) PVOID OutputBuffer, _In_ ULONG OutputBufferLength)
 
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtLockFile (_In_ HANDLE FileHandle, _In_opt_ HANDLE Event, _In_opt_ PIO_APC_ROUTINE ApcRoutine, _In_opt_ PVOID ApcContext, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _In_ PLARGE_INTEGER ByteOffset, _In_ PLARGE_INTEGER Length, _In_ ULONG Key, _In_ BOOLEAN FailImmediately, _In_ BOOLEAN ExclusiveLock)
 
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtOpenFile (_Out_ PHANDLE FileHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES ObjectAttributes, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _In_ ULONG ShareAccess, _In_ ULONG OpenOptions)
 
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtQueryDirectoryFile (_In_ HANDLE FileHandle, _In_opt_ HANDLE Event, _In_opt_ PIO_APC_ROUTINE ApcRoutine, _In_opt_ PVOID ApcContext, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _Out_writes_bytes_(Length) PVOID FileInformation, _In_ ULONG Length, _In_ FILE_INFORMATION_CLASS FileInformationClass, _In_ BOOLEAN ReturnSingleEntry, _In_opt_ PUNICODE_STRING FileName, _In_ BOOLEAN RestartScan)
 
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtQueryInformationFile (_In_ HANDLE FileHandle, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _Out_writes_bytes_(Length) PVOID FileInformation, _In_ ULONG Length, _In_ FILE_INFORMATION_CLASS FileInformationClass)
 
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtQueryQuotaInformationFile (_In_ HANDLE FileHandle, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _Out_writes_bytes_(Length) PVOID Buffer, _In_ ULONG Length, _In_ BOOLEAN ReturnSingleEntry, _In_reads_bytes_opt_(SidListLength) PVOID SidList, _In_ ULONG SidListLength, _In_reads_bytes_opt_((8+(4 *((SID *) StartSid) ->SubAuthorityCount))) PSID StartSid, _In_ BOOLEAN RestartScan)
 
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtQueryVolumeInformationFile (_In_ HANDLE FileHandle, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _Out_writes_bytes_(Length) PVOID FsInformation, _In_ ULONG Length, _In_ FS_INFORMATION_CLASS FsInformationClass)
 
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtReadFile (_In_ HANDLE FileHandle, _In_opt_ HANDLE Event, _In_opt_ PIO_APC_ROUTINE ApcRoutine, _In_opt_ PVOID ApcContext, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _Out_writes_bytes_(Length) PVOID Buffer, _In_ ULONG Length, _In_opt_ PLARGE_INTEGER ByteOffset, _In_opt_ PULONG Key)
 
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtSetInformationFile (_In_ HANDLE FileHandle, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _In_reads_bytes_(Length) PVOID FileInformation, _In_ ULONG Length, _In_ FILE_INFORMATION_CLASS FileInformationClass)
 
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtSetQuotaInformationFile (_In_ HANDLE FileHandle, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _In_reads_bytes_(Length) PVOID Buffer, _In_ ULONG Length)
 
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtSetVolumeInformationFile (_In_ HANDLE FileHandle, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _In_reads_bytes_(Length) PVOID FsInformation, _In_ ULONG Length, _In_ FS_INFORMATION_CLASS FsInformationClass)
 
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtWriteFile (_In_ HANDLE FileHandle, _In_opt_ HANDLE Event, _In_opt_ PIO_APC_ROUTINE ApcRoutine, _In_opt_ PVOID ApcContext, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _In_reads_bytes_(Length) PVOID Buffer, _In_ ULONG Length, _In_opt_ PLARGE_INTEGER ByteOffset, _In_opt_ PULONG Key)
 
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtUnlockFile (_In_ HANDLE FileHandle, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _In_ PLARGE_INTEGER ByteOffset, _In_ PLARGE_INTEGER Length, _In_ ULONG Key)
 
 _IRQL_requires_max_ (PASSIVE_LEVEL) __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtSetSecurityObject(_In_ HANDLE Handle
 Queries information details about a security descriptor. More...
 
_In_ SECURITY_INFORMATION _Out_writes_bytes_opt_ (Length) PSECURITY_DESCRIPTOR SecurityDescriptor
 
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtOpenThreadTokenEx (_In_ HANDLE ThreadHandle, _In_ ACCESS_MASK DesiredAccess, _In_ BOOLEAN OpenAsSelf, _In_ ULONG HandleAttributes, _Out_ PHANDLE TokenHandle)
 Opens a token that is tied to a thread handle. More...
 
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtOpenProcessTokenEx (_In_ HANDLE ProcessHandle, _In_ ACCESS_MASK DesiredAccess, _In_ ULONG HandleAttributes, _Out_ PHANDLE TokenHandle)
 
_Must_inspect_result_ NTSYSAPI NTSTATUS NTAPI NtOpenJobObjectToken (_In_ HANDLE JobHandle, _In_ ACCESS_MASK DesiredAccess, _Out_ PHANDLE TokenHandle)
 
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtDuplicateToken (_In_ HANDLE ExistingTokenHandle, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ BOOLEAN EffectiveOnly, _In_ TOKEN_TYPE TokenType, _Out_ PHANDLE NewTokenHandle)
 Duplicates a token. More...
 
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtFilterToken (_In_ HANDLE ExistingTokenHandle, _In_ ULONG Flags, _In_opt_ PTOKEN_GROUPS SidsToDisable, _In_opt_ PTOKEN_PRIVILEGES PrivilegesToDelete, _In_opt_ PTOKEN_GROUPS RestrictedSids, _Out_ PHANDLE NewTokenHandle)
 Creates an access token in a restricted form from the original existing token, that is, such action is called filtering. More...
 
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtImpersonateAnonymousToken (_In_ HANDLE ThreadHandle)
 Allows the calling thread to impersonate the system's anonymous logon token. More...
 
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtSetInformationToken (_In_ HANDLE TokenHandle, _In_ TOKEN_INFORMATION_CLASS TokenInformationClass, _In_reads_bytes_(TokenInformationLength) PVOID TokenInformation, _In_ ULONG TokenInformationLength)
 Sets (modifies) some specific information in regard of an access token. The calling thread must have specific access rights in order to modify token's information data. More...
 
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAdjustGroupsToken (_In_ HANDLE TokenHandle, _In_ BOOLEAN ResetToDefault, _In_opt_ PTOKEN_GROUPS NewState, _In_opt_ ULONG BufferLength, _Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_GROUPS PreviousState, _Out_ PULONG ReturnLength)
 
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtPrivilegeCheck (_In_ HANDLE ClientToken, _Inout_ PPRIVILEGE_SET RequiredPrivileges, _Out_ PBOOLEAN Result)
 
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAccessCheckAndAuditAlarm (_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ PUNICODE_STRING ObjectTypeName, _In_ PUNICODE_STRING ObjectName, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ ACCESS_MASK DesiredAccess, _In_ PGENERIC_MAPPING GenericMapping, _In_ BOOLEAN ObjectCreation, _Out_ PACCESS_MASK GrantedAccess, _Out_ PNTSTATUS AccessStatus, _Out_ PBOOLEAN GenerateOnClose)
 Raises an alarm audit message when a caller attempts to access an object and determine if the access can be made. More...
 
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAccessCheckByTypeAndAuditAlarm (_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ PUNICODE_STRING ObjectTypeName, _In_ PUNICODE_STRING ObjectName, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_opt_ PSID PrincipalSelfSid, _In_ ACCESS_MASK DesiredAccess, _In_ AUDIT_EVENT_TYPE AuditType, _In_ ULONG Flags, _In_reads_opt_(ObjectTypeLength) POBJECT_TYPE_LIST ObjectTypeList, _In_ ULONG ObjectTypeLength, _In_ PGENERIC_MAPPING GenericMapping, _In_ BOOLEAN ObjectCreation, _Out_ PACCESS_MASK GrantedAccess, _Out_ PNTSTATUS AccessStatus, _Out_ PBOOLEAN GenerateOnClose)
 Raises an alarm audit message when a caller attempts to access an object and determine if the access can be made by type. More...
 
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAccessCheckByTypeResultListAndAuditAlarm (_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ PUNICODE_STRING ObjectTypeName, _In_ PUNICODE_STRING ObjectName, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_opt_ PSID PrincipalSelfSid, _In_ ACCESS_MASK DesiredAccess, _In_ AUDIT_EVENT_TYPE AuditType, _In_ ULONG Flags, _In_reads_opt_(ObjectTypeListLength) POBJECT_TYPE_LIST ObjectTypeList, _In_ ULONG ObjectTypeListLength, _In_ PGENERIC_MAPPING GenericMapping, _In_ BOOLEAN ObjectCreation, _Out_writes_(ObjectTypeListLength) PACCESS_MASK GrantedAccess, _Out_writes_(ObjectTypeListLength) PNTSTATUS AccessStatus, _Out_ PBOOLEAN GenerateOnClose)
 Raises an alarm audit message when a caller attempts to access an object and determine if the access can be made by given type result. More...
 
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAccessCheckByTypeResultListAndAuditAlarmByHandle (_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ HANDLE ClientToken, _In_ PUNICODE_STRING ObjectTypeName, _In_ PUNICODE_STRING ObjectName, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_opt_ PSID PrincipalSelfSid, _In_ ACCESS_MASK DesiredAccess, _In_ AUDIT_EVENT_TYPE AuditType, _In_ ULONG Flags, _In_reads_opt_(ObjectTypeListLength) POBJECT_TYPE_LIST ObjectTypeList, _In_ ULONG ObjectTypeListLength, _In_ PGENERIC_MAPPING GenericMapping, _In_ BOOLEAN ObjectCreation, _Out_writes_(ObjectTypeListLength) PACCESS_MASK GrantedAccess, _Out_writes_(ObjectTypeListLength) PNTSTATUS AccessStatus, _Out_ PBOOLEAN GenerateOnClose)
 Raises an alarm audit message when a caller attempts to access an object and determine if the access can be made by given type result and a token handle. More...
 
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtOpenObjectAuditAlarm (_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ PUNICODE_STRING ObjectTypeName, _In_ PUNICODE_STRING ObjectName, _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ HANDLE ClientToken, _In_ ACCESS_MASK DesiredAccess, _In_ ACCESS_MASK GrantedAccess, _In_opt_ PPRIVILEGE_SET Privileges, _In_ BOOLEAN ObjectCreation, _In_ BOOLEAN AccessGranted, _Out_ PBOOLEAN GenerateOnClose)
 Raises an alarm audit message when an object is about to be opened. More...
 
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtPrivilegeObjectAuditAlarm (_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ HANDLE ClientToken, _In_ ACCESS_MASK DesiredAccess, _In_ PPRIVILEGE_SET Privileges, _In_ BOOLEAN AccessGranted)
 
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtCloseObjectAuditAlarm (_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ BOOLEAN GenerateOnClose)
 
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtDeleteObjectAuditAlarm (_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ BOOLEAN GenerateOnClose)
 
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtPrivilegedServiceAuditAlarm (_In_ PUNICODE_STRING SubsystemName, _In_ PUNICODE_STRING ServiceName, _In_ HANDLE ClientToken, _In_ PPRIVILEGE_SET Privileges, _In_ BOOLEAN AccessGranted)
 
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtSetInformationThread (_In_ HANDLE ThreadHandle, _In_ THREADINFOCLASS ThreadInformationClass, _In_reads_bytes_(ThreadInformationLength) PVOID ThreadInformation, _In_ ULONG ThreadInformationLength)
 
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtCreateSection (_Out_ PHANDLE SectionHandle, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_opt_ PLARGE_INTEGER MaximumSize, _In_ ULONG SectionPageProtection, _In_ ULONG AllocationAttributes, _In_opt_ HANDLE FileHandle)
 
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_reads_bytes_ (AuthenticationInformationLength) PVOID AuthenticationInformation
 
_IRQL_requires_same_ NTSTATUS NTAPI LsaFreeReturnBuffer (_In_ PVOID Buffer)
 
 $include (iotypes.h) typedef struct _PUBLIC_OBJECT_BASIC_INFORMATION
 
 $include (ketypes.h) $include(kefuncs.h) $include(extypes.h) $include(exfuncs.h) $include(sefuncs.h) $include(psfuncs.h) $include(iofuncs.h) $include(potypes.h) $include(pofuncs.h) $include(mmtypes.h) $include(mmfuncs.h) $include(obfuncs.h) $include(fsrtltypes.h) $include(fsrtlfuncs.h) $include(cctypes.h) $include(ccfuncs.h) $include(zwfuncs.h) $include(sspi.h) C_ASSERT(sizeof(ERESOURCE)
 
 C_ASSERT (FIELD_OFFSET(ERESOURCE, ActiveCount)==0x0c)
 
 C_ASSERT (FIELD_OFFSET(ERESOURCE, Flag)==0x0e)
 
 DEFINE_GUID (GUID_ECP_NETWORK_OPEN_CONTEXT, 0xc584edbf, 0x00df, 0x4d28, 0xb8, 0x84, 0x35, 0xba, 0xca, 0x89, 0x11, 0xe8)
 
 DEFINE_GUID (GUID_ECP_PREFETCH_OPEN, 0xe1777b21, 0x847e, 0x4837, 0xaa, 0x45, 0x64, 0x16, 0x1d, 0x28, 0x6, 0x55)
 
 DEFINE_GUID (GUID_ECP_NFS_OPEN, 0xf326d30c, 0xe5f8, 0x4fe7, 0xab, 0x74, 0xf5, 0xa3, 0x19, 0x6d, 0x92, 0xdb)
 
 DEFINE_GUID (GUID_ECP_SRV_OPEN, 0xbebfaebc, 0xaabf, 0x489d, 0x9d, 0x2c, 0xe9, 0xe3, 0x61, 0x10, 0x28, 0x53)
 
NTKERNELAPI LARGE_INTEGER NTAPI CcGetLsnForFileObject (_In_ PFILE_OBJECT FileObject, _Out_opt_ PLARGE_INTEGER OldestLsn)
 
NTKERNELAPI PVOID NTAPI FsRtlAllocatePool (_In_ POOL_TYPE PoolType, _In_ ULONG NumberOfBytes)
 
NTKERNELAPI PVOID NTAPI FsRtlAllocatePoolWithQuota (_In_ POOL_TYPE PoolType, _In_ ULONG NumberOfBytes)
 
NTKERNELAPI PVOID NTAPI FsRtlAllocatePoolWithQuotaTag (_In_ POOL_TYPE PoolType, _In_ ULONG NumberOfBytes, _In_ ULONG Tag)
 
NTKERNELAPI PVOID NTAPI FsRtlAllocatePoolWithTag (_In_ POOL_TYPE PoolType, _In_ ULONG NumberOfBytes, _In_ ULONG Tag)
 
NTKERNELAPI BOOLEAN NTAPI FsRtlMdlReadComplete (_In_ PFILE_OBJECT FileObject, _In_ PMDL MdlChain)
 
NTKERNELAPI BOOLEAN NTAPI FsRtlMdlWriteComplete (_In_ PFILE_OBJECT FileObject, _In_ PLARGE_INTEGER FileOffset, _In_ PMDL MdlChain)
 
NTKERNELAPI VOID NTAPI FsRtlNotifyChangeDirectory (_In_ PNOTIFY_SYNC NotifySync, _In_ PVOID FsContext, _In_ PSTRING FullDirectoryName, _In_ PLIST_ENTRY NotifyList, _In_ BOOLEAN WatchTree, _In_ ULONG CompletionFilter, _In_ PIRP NotifyIrp)
 
NTKERNELAPI NTSTATUS NTAPI ObCreateObject (_In_opt_ KPROCESSOR_MODE ObjectAttributesAccessMode, _In_ POBJECT_TYPE ObjectType, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ KPROCESSOR_MODE AccessMode, _Inout_opt_ PVOID ParseContext, _In_ ULONG ObjectSize, _In_opt_ ULONG PagedPoolCharge, _In_opt_ ULONG NonPagedPoolCharge, _Out_ PVOID *Object)
 
NTKERNELAPI NTSTATUS NTAPI ObReferenceObjectByName (_In_ PUNICODE_STRING ObjectName, _In_ ULONG Attributes, _In_opt_ PACCESS_STATE PassedAccessState, _In_opt_ ACCESS_MASK DesiredAccess, _In_ POBJECT_TYPE ObjectType, _In_ KPROCESSOR_MODE AccessMode, _Inout_opt_ PVOID ParseContext, _Out_ PVOID *Object)
 
NTKERNELAPI NTSTATUS NTAPI PsLookupProcessThreadByCid (_In_ PCLIENT_ID Cid, _Out_opt_ PEPROCESS *Process, _Out_ PETHREAD *Thread)
 
NTSYSAPI NTSTATUS NTAPI RtlSetSaclSecurityDescriptor (_Inout_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ BOOLEAN SaclPresent, _In_ PACL Sacl, _In_ BOOLEAN SaclDefaulted)
 

Variables

_In_ OBJECT_INFORMATION_CLASS ObjectInformationClass
 
_In_ OBJECT_INFORMATION_CLASS _In_ ULONG ObjectInformationLength
 
_In_ OBJECT_INFORMATION_CLASS _In_ ULONG _Out_opt_ PULONG ReturnLength
 
_In_ TOKEN_INFORMATION_CLASS TokenInformationClass
 
_In_ TOKEN_INFORMATION_CLASS _In_ ULONG TokenInformationLength
 
_In_ SECURITY_INFORMATION SecurityInformation
 
_In_ SECURITY_INFORMATION _In_ PSECURITY_DESCRIPTOR SecurityDescriptor
 
_In_ SECURITY_INFORMATION _In_ ULONG Length
 
_In_ SECURITY_INFORMATION _In_ ULONG _Out_ PULONG LengthNeeded
 
_IRQL_requires_same_ _Out_ PHANDLE LsaHandle
 
_IRQL_requires_same_ _Out_ PHANDLE _Out_ PLSA_OPERATIONAL_MODE SecurityMode
 
_IRQL_requires_same_ _In_ PLSA_STRING OriginName
 
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE LogonType
 
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG AuthenticationPackage
 
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG AuthenticationInformationLength
 
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS LocalGroups
 
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE SourceContext
 
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOIDProfileBuffer
 
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG ProfileBufferLength
 
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID LogonId
 
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
 
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE _Out_ PQUOTA_LIMITS Quotas
 
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE _Out_ PQUOTA_LIMITS _Out_ PNTSTATUS SubStatus
 
 PUBLIC_OBJECT_BASIC_INFORMATION
 
PPUBLIC_OBJECT_BASIC_INFORMATION
 
PUSHORTNlsOemLeadByteInfo
 

Macro Definition Documentation

◆ _GNU_NTIFS_

#define _GNU_NTIFS_

Definition at line 27 of file ntifs.template.h.

◆ _NTIFS_INCLUDED_

#define _NTIFS_INCLUDED_

Definition at line 26 of file ntifs.template.h.

◆ _NTLSA_AUDIT_

#define _NTLSA_AUDIT_

Definition at line 684 of file ntifs.template.h.

◆ _NTLSA_IFS_

#define _NTLSA_IFS_

Definition at line 728 of file ntifs.template.h.

◆ BooleanFlagOn

#define BooleanFlagOn (   F,
  SF 
)    ((BOOLEAN)(((F) & (SF)) != 0))

◆ ClearFlag

#define ClearFlag (   _F,
  _SF 
)    ((_F) &= ~(_SF))

◆ COMPRESSION_ENGINE_HIBER

#define COMPRESSION_ENGINE_HIBER   (0x0200)

Definition at line 652 of file ntifs.template.h.

◆ COMPRESSION_ENGINE_MAXIMUM

#define COMPRESSION_ENGINE_MAXIMUM   (0x0100)

Definition at line 651 of file ntifs.template.h.

◆ COMPRESSION_ENGINE_STANDARD

#define COMPRESSION_ENGINE_STANDARD   (0x0000)

Definition at line 650 of file ntifs.template.h.

◆ COMPRESSION_FORMAT_DEFAULT

#define COMPRESSION_FORMAT_DEFAULT   (0x0001)

Definition at line 648 of file ntifs.template.h.

◆ COMPRESSION_FORMAT_LZNT1

#define COMPRESSION_FORMAT_LZNT1   (0x0002)

Definition at line 649 of file ntifs.template.h.

◆ COMPRESSION_FORMAT_NONE

#define COMPRESSION_FORMAT_NONE   (0x0000)

Definition at line 647 of file ntifs.template.h.

◆ FILE_MAXIMUM_STORAGE_TYPE

#define FILE_MAXIMUM_STORAGE_TYPE   FILE_STORAGE_TYPE_STREAM

Definition at line 1304 of file ntifs.template.h.

◆ FILE_MINIMUM_STORAGE_TYPE

#define FILE_MINIMUM_STORAGE_TYPE   FILE_STORAGE_TYPE_DEFAULT

Definition at line 1303 of file ntifs.template.h.

◆ FILE_STORAGE_TYPE_CATALOG

#define FILE_STORAGE_TYPE_CATALOG   (StorageTypeCatalog << FILE_STORAGE_TYPE_SHIFT)

Definition at line 1299 of file ntifs.template.h.

◆ FILE_STORAGE_TYPE_DEFAULT

#define FILE_STORAGE_TYPE_DEFAULT   (StorageTypeDefault << FILE_STORAGE_TYPE_SHIFT)

Definition at line 1294 of file ntifs.template.h.

◆ FILE_STORAGE_TYPE_DIRECTORY

#define FILE_STORAGE_TYPE_DIRECTORY   (StorageTypeDirectory << FILE_STORAGE_TYPE_SHIFT)

Definition at line 1295 of file ntifs.template.h.

◆ FILE_STORAGE_TYPE_DOCFILE

#define FILE_STORAGE_TYPE_DOCFILE   (StorageTypeDocfile << FILE_STORAGE_TYPE_SHIFT)

Definition at line 1297 of file ntifs.template.h.

◆ FILE_STORAGE_TYPE_EMBEDDING

#define FILE_STORAGE_TYPE_EMBEDDING   (StorageTypeEmbedding << FILE_STORAGE_TYPE_SHIFT)

Definition at line 1301 of file ntifs.template.h.

◆ FILE_STORAGE_TYPE_FILE

#define FILE_STORAGE_TYPE_FILE   (StorageTypeFile << FILE_STORAGE_TYPE_SHIFT)

Definition at line 1296 of file ntifs.template.h.

◆ FILE_STORAGE_TYPE_JUNCTION_POINT

#define FILE_STORAGE_TYPE_JUNCTION_POINT   (StorageTypeJunctionPoint << FILE_STORAGE_TYPE_SHIFT)

Definition at line 1298 of file ntifs.template.h.

◆ FILE_STORAGE_TYPE_MASK

#define FILE_STORAGE_TYPE_MASK   0x000f0000

Definition at line 1305 of file ntifs.template.h.

◆ FILE_STORAGE_TYPE_SHIFT

#define FILE_STORAGE_TYPE_SHIFT   16

Definition at line 1306 of file ntifs.template.h.

◆ FILE_STORAGE_TYPE_SPECIFIED

#define FILE_STORAGE_TYPE_SPECIFIED   0x00000041 /* FILE_DIRECTORY_FILE | FILE_NON_DIRECTORY_FILE */

Definition at line 1293 of file ntifs.template.h.

◆ FILE_STORAGE_TYPE_STREAM

#define FILE_STORAGE_TYPE_STREAM   (StorageTypeStream << FILE_STORAGE_TYPE_SHIFT)

Definition at line 1302 of file ntifs.template.h.

◆ FILE_STORAGE_TYPE_STRUCTURED_STORAGE

#define FILE_STORAGE_TYPE_STRUCTURED_STORAGE   (StorageTypeStructuredStorage << FILE_STORAGE_TYPE_SHIFT)

Definition at line 1300 of file ntifs.template.h.

◆ FILE_VC_QUOTAS_LOG_VIOLATIONS

#define FILE_VC_QUOTAS_LOG_VIOLATIONS   0x00000004

Definition at line 1308 of file ntifs.template.h.

◆ FlagOn

#define FlagOn (   _F,
  _SF 
)    ((_F) & (_SF))

◆ FS_LFN_APIS

#define FS_LFN_APIS   0x00004000

Definition at line 1291 of file ntifs.template.h.

◆ FSCTL_DUMP_PROPERTY_DATA

#define FSCTL_DUMP_PROPERTY_DATA   CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 37, METHOD_NEITHER, FILE_ANY_ACCESS)

Definition at line 1370 of file ntifs.template.h.

◆ FSCTL_GET_HFS_INFORMATION

#define FSCTL_GET_HFS_INFORMATION   CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 31, METHOD_BUFFERED, FILE_ANY_ACCESS)

Definition at line 1362 of file ntifs.template.h.

◆ FSCTL_HSM_DATA

Definition at line 1374 of file ntifs.template.h.

◆ FSCTL_HSM_MSG

◆ FSCTL_NETWORK_DELETE_CONNECTION

#define FSCTL_NETWORK_DELETE_CONNECTION   CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 107, METHOD_BUFFERED, FILE_ANY_ACCESS)

Definition at line 1382 of file ntifs.template.h.

◆ FSCTL_NETWORK_ENUMERATE_CONNECTIONS

#define FSCTL_NETWORK_ENUMERATE_CONNECTIONS   CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 105, METHOD_NEITHER, FILE_ANY_ACCESS)

Definition at line 1381 of file ntifs.template.h.

◆ FSCTL_NETWORK_GET_CONFIGURATION_INFO

#define FSCTL_NETWORK_GET_CONFIGURATION_INFO   CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 103, METHOD_OUT_DIRECT, FILE_ANY_ACCESS)

Definition at line 1379 of file ntifs.template.h.

◆ FSCTL_NETWORK_GET_CONNECTION_INFO

#define FSCTL_NETWORK_GET_CONNECTION_INFO   CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 104, METHOD_NEITHER, FILE_ANY_ACCESS)

Definition at line 1380 of file ntifs.template.h.

◆ FSCTL_NETWORK_GET_STATISTICS

Definition at line 1383 of file ntifs.template.h.

◆ FSCTL_NETWORK_REMOTE_BOOT_INIT_SCRT

#define FSCTL_NETWORK_REMOTE_BOOT_INIT_SCRT   CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 250, METHOD_BUFFERED, FILE_ANY_ACCESS)

Definition at line 1385 of file ntifs.template.h.

◆ FSCTL_NETWORK_SET_CONFIGURATION_INFO

#define FSCTL_NETWORK_SET_CONFIGURATION_INFO   CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 102, METHOD_IN_DIRECT, FILE_ANY_ACCESS)

Definition at line 1378 of file ntifs.template.h.

◆ FSCTL_NETWORK_SET_DOMAIN_NAME

#define FSCTL_NETWORK_SET_DOMAIN_NAME   CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 120, METHOD_BUFFERED, FILE_ANY_ACCESS)

Definition at line 1384 of file ntifs.template.h.

◆ FSCTL_NSS_CONTROL

Definition at line 1373 of file ntifs.template.h.

◆ FSCTL_NSS_RCONTROL

Definition at line 1375 of file ntifs.template.h.

◆ FSCTL_READ_PROPERTY_DATA

#define FSCTL_READ_PROPERTY_DATA   CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 33, METHOD_NEITHER, FILE_ANY_ACCESS)

Definition at line 1367 of file ntifs.template.h.

◆ FSCTL_WRITE_PROPERTY_DATA

#define FSCTL_WRITE_PROPERTY_DATA   CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 34, METHOD_NEITHER, FILE_ANY_ACCESS)

Definition at line 1368 of file ntifs.template.h.

◆ GCR_ALLOW_LM

#define GCR_ALLOW_LM   0x1000

Definition at line 847 of file ntifs.template.h.

◆ GCR_ALLOW_NO_TARGET

#define GCR_ALLOW_NO_TARGET   0x2000

Definition at line 848 of file ntifs.template.h.

◆ GCR_ALLOW_NTLM

#define GCR_ALLOW_NTLM   0x100

Definition at line 843 of file ntifs.template.h.

◆ GCR_MACHINE_CREDENTIAL

#define GCR_MACHINE_CREDENTIAL   0x400

Definition at line 845 of file ntifs.template.h.

◆ GCR_NTLM3_PARMS

#define GCR_NTLM3_PARMS   0x20

Definition at line 840 of file ntifs.template.h.

◆ GCR_TARGET_INFO

#define GCR_TARGET_INFO   0x40

Definition at line 841 of file ntifs.template.h.

◆ GCR_USE_OEM_SET

#define GCR_USE_OEM_SET   0x200

Definition at line 844 of file ntifs.template.h.

◆ GCR_USE_OWF_PASSWORD

#define GCR_USE_OWF_PASSWORD   0x800

Definition at line 846 of file ntifs.template.h.

◆ GENERATE_CLIENT_CHALLENGE

#define GENERATE_CLIENT_CHALLENGE   0x10

Definition at line 839 of file ntifs.template.h.

◆ IO_ATTACH_DEVICE_API

#define IO_ATTACH_DEVICE_API   0x80000000

Definition at line 1315 of file ntifs.template.h.

◆ IO_TYPE_APC

#define IO_TYPE_APC   18

Definition at line 1317 of file ntifs.template.h.

◆ IO_TYPE_DEVICE_QUEUE

#define IO_TYPE_DEVICE_QUEUE   20

Definition at line 1319 of file ntifs.template.h.

◆ IO_TYPE_DPC

#define IO_TYPE_DPC   19

Definition at line 1318 of file ntifs.template.h.

◆ IO_TYPE_EVENT_PAIR

#define IO_TYPE_EVENT_PAIR   21

Definition at line 1320 of file ntifs.template.h.

◆ IO_TYPE_INTERRUPT

#define IO_TYPE_INTERRUPT   22

Definition at line 1321 of file ntifs.template.h.

◆ IO_TYPE_PROFILE

#define IO_TYPE_PROFILE   23

Definition at line 1322 of file ntifs.template.h.

◆ IOCTL_REDIR_QUERY_PATH

Definition at line 1259 of file ntifs.template.h.

◆ IOCTL_REDIR_QUERY_PATH_EX

Definition at line 1260 of file ntifs.template.h.

◆ IOCTL_VOLSNAP_FLUSH_AND_HOLD_WRITES

#define IOCTL_VOLSNAP_FLUSH_AND_HOLD_WRITES   CTL_CODE(VOLSNAPCONTROLTYPE, 0, METHOD_BUFFERED, FILE_READ_ACCESS | FILE_WRITE_ACCESS)

Definition at line 1282 of file ntifs.template.h.

◆ IRP_BEING_VERIFIED

#define IRP_BEING_VERIFIED   0x10

Definition at line 1324 of file ntifs.template.h.

◆ LOGON_CACHED_ACCOUNT

#define LOGON_CACHED_ACCOUNT   0x04

Definition at line 779 of file ntifs.template.h.

◆ LOGON_EXTRA_SIDS

#define LOGON_EXTRA_SIDS   0x20

Definition at line 781 of file ntifs.template.h.

◆ LOGON_GRACE_LOGON

#define LOGON_GRACE_LOGON   0x01000000

Definition at line 802 of file ntifs.template.h.

◆ LOGON_GUEST

#define LOGON_GUEST   0x01

Definition at line 777 of file ntifs.template.h.

◆ LOGON_LM_V2

#define LOGON_LM_V2   0x1000

Definition at line 788 of file ntifs.template.h.

◆ LOGON_NOENCRYPTION

#define LOGON_NOENCRYPTION   0x02

Definition at line 778 of file ntifs.template.h.

◆ LOGON_NT_V2

#define LOGON_NT_V2   0x800

Definition at line 787 of file ntifs.template.h.

◆ LOGON_NTLM_V2

#define LOGON_NTLM_V2   0x2000

Definition at line 789 of file ntifs.template.h.

◆ LOGON_NTLMV2_ENABLED

#define LOGON_NTLMV2_ENABLED   0x100

Definition at line 784 of file ntifs.template.h.

◆ LOGON_PROFILE_PATH_RETURNED

#define LOGON_PROFILE_PATH_RETURNED   0x400

Definition at line 786 of file ntifs.template.h.

◆ LOGON_RESOURCE_GROUPS

#define LOGON_RESOURCE_GROUPS   0x200

Definition at line 785 of file ntifs.template.h.

◆ LOGON_SERVER_TRUST_ACCOUNT

#define LOGON_SERVER_TRUST_ACCOUNT   0x80

Definition at line 783 of file ntifs.template.h.

◆ LOGON_SUBAUTH_SESSION_KEY

#define LOGON_SUBAUTH_SESSION_KEY   0x40

Definition at line 782 of file ntifs.template.h.

◆ LOGON_USED_LM_PASSWORD

#define LOGON_USED_LM_PASSWORD   0x08

Definition at line 780 of file ntifs.template.h.

◆ LPC_CLIENT_ID

#define LPC_CLIENT_ID   CLIENT_ID

Definition at line 1585 of file ntifs.template.h.

◆ LPC_HANDLE

#define LPC_HANDLE   HANDLE

Definition at line 1588 of file ntifs.template.h.

◆ LPC_KERNELMODE_MESSAGE

#define LPC_KERNELMODE_MESSAGE   (CSHORT)((USHORT)0x8000)

Definition at line 1624 of file ntifs.template.h.

◆ LPC_PVOID

#define LPC_PVOID   PVOID

Definition at line 1587 of file ntifs.template.h.

◆ LPC_SIZE_T

#define LPC_SIZE_T   SIZE_T

Definition at line 1586 of file ntifs.template.h.

◆ MAILSLOT_CLASS_FIRSTCLASS

#define MAILSLOT_CLASS_FIRSTCLASS   1

Definition at line 1326 of file ntifs.template.h.

◆ MAILSLOT_CLASS_SECONDCLASS

#define MAILSLOT_CLASS_SECONDCLASS   2

Definition at line 1327 of file ntifs.template.h.

◆ MAILSLOT_SIZE_AUTO

#define MAILSLOT_SIZE_AUTO   0

Definition at line 1329 of file ntifs.template.h.

◆ MAP_HIGH_PRIORITY

#define MAP_HIGH_PRIORITY   (64)

Definition at line 1257 of file ntifs.template.h.

◆ MAP_NO_READ

#define MAP_NO_READ   (16)

Definition at line 1256 of file ntifs.template.h.

◆ MAP_WAIT

#define MAP_WAIT   1

Definition at line 1255 of file ntifs.template.h.

◆ MAX_UNICODE_STACK_BUFFER_LENGTH

#define MAX_UNICODE_STACK_BUFFER_LENGTH   256

Definition at line 654 of file ntifs.template.h.

◆ MEM_DOS_LIM

#define MEM_DOS_LIM   0x40000000

Definition at line 1331 of file ntifs.template.h.

◆ METHOD_DIRECT_FROM_HARDWARE

#define METHOD_DIRECT_FROM_HARDWARE   METHOD_OUT_DIRECT

Definition at line 659 of file ntifs.template.h.

◆ METHOD_DIRECT_TO_HARDWARE

#define METHOD_DIRECT_TO_HARDWARE   METHOD_IN_DIRECT

Definition at line 658 of file ntifs.template.h.

◆ METHOD_FROM_CTL_CODE

#define METHOD_FROM_CTL_CODE (   ctrlCode)    ((ULONG)(ctrlCode & 3))

Definition at line 656 of file ntifs.template.h.

◆ MSV1_0_ALLOW_FORCE_GUEST

#define MSV1_0_ALLOW_FORCE_GUEST   0x00002000

Definition at line 755 of file ntifs.template.h.

◆ MSV1_0_ALLOW_MSVCHAPV2

#define MSV1_0_ALLOW_MSVCHAPV2   0x00010000

Definition at line 763 of file ntifs.template.h.

◆ MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT

#define MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT   0x20

Definition at line 746 of file ntifs.template.h.

◆ MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT

#define MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT   0x800

Definition at line 752 of file ntifs.template.h.

◆ MSV1_0_CHALLENGE_LENGTH

#define MSV1_0_CHALLENGE_LENGTH   8

Definition at line 738 of file ntifs.template.h.

◆ MSV1_0_CLEARTEXT_PASSWORD_ALLOWED

#define MSV1_0_CLEARTEXT_PASSWORD_ALLOWED   0x02

Definition at line 742 of file ntifs.template.h.

◆ MSV1_0_CRED_LM_PRESENT

#define MSV1_0_CRED_LM_PRESENT   0x1

Definition at line 805 of file ntifs.template.h.

◆ MSV1_0_CRED_NT_PRESENT

#define MSV1_0_CRED_NT_PRESENT   0x2

Definition at line 806 of file ntifs.template.h.

◆ MSV1_0_CRED_VERSION

#define MSV1_0_CRED_VERSION   0

Definition at line 807 of file ntifs.template.h.

◆ MSV1_0_DISABLE_PERSONAL_FALLBACK

#define MSV1_0_DISABLE_PERSONAL_FALLBACK   0x00001000

Definition at line 754 of file ntifs.template.h.

◆ MSV1_0_DONT_TRY_GUEST_ACCOUNT

#define MSV1_0_DONT_TRY_GUEST_ACCOUNT   0x10

Definition at line 745 of file ntifs.template.h.

◆ MSV1_0_LANMAN_SESSION_KEY_LENGTH

#define MSV1_0_LANMAN_SESSION_KEY_LENGTH   8

Definition at line 740 of file ntifs.template.h.

◆ MSV1_0_MAX_AVL_SIZE

#define MSV1_0_MAX_AVL_SIZE   64000

Definition at line 817 of file ntifs.template.h.

◆ MSV1_0_MAX_NTLM3_LIFE

#define MSV1_0_MAX_NTLM3_LIFE   129600

Definition at line 815 of file ntifs.template.h.

◆ MSV1_0_MNS_LOGON

#define MSV1_0_MNS_LOGON   0x01000000

Definition at line 772 of file ntifs.template.h.

◆ MSV1_0_NTLM3_INPUT_LENGTH

#define MSV1_0_NTLM3_INPUT_LENGTH   (sizeof(MSV1_0_NTLM3_RESPONSE) - MSV1_0_NTLM3_RESPONSE_LENGTH)

Definition at line 829 of file ntifs.template.h.

◆ MSV1_0_NTLM3_OWF_LENGTH

#define MSV1_0_NTLM3_OWF_LENGTH   16

Definition at line 810 of file ntifs.template.h.

◆ MSV1_0_NTLM3_RESPONSE_LENGTH

#define MSV1_0_NTLM3_RESPONSE_LENGTH   16

Definition at line 809 of file ntifs.template.h.

◆ MSV1_0_OWF_PASSWORD_LENGTH

#define MSV1_0_OWF_PASSWORD_LENGTH   16

Definition at line 804 of file ntifs.template.h.

◆ MSV1_0_PACKAGE_NAME

#define MSV1_0_PACKAGE_NAME   "MICROSOFT_AUTHENTICATION_PACKAGE_V1_0"

Definition at line 731 of file ntifs.template.h.

◆ MSV1_0_PACKAGE_NAMEW

#define MSV1_0_PACKAGE_NAMEW   L"MICROSOFT_AUTHENTICATION_PACKAGE_V1_0"

Definition at line 732 of file ntifs.template.h.

◆ MSV1_0_PACKAGE_NAMEW_LENGTH

#define MSV1_0_PACKAGE_NAMEW_LENGTH   sizeof(MSV1_0_PACKAGE_NAMEW) - sizeof(WCHAR)

Definition at line 733 of file ntifs.template.h.

◆ MSV1_0_RETURN_PASSWORD_EXPIRY

#define MSV1_0_RETURN_PASSWORD_EXPIRY   0x40

Definition at line 747 of file ntifs.template.h.

◆ MSV1_0_RETURN_PROFILE_PATH

#define MSV1_0_RETURN_PROFILE_PATH   0x200

Definition at line 750 of file ntifs.template.h.

◆ MSV1_0_RETURN_USER_PARAMETERS

#define MSV1_0_RETURN_USER_PARAMETERS   0x08

Definition at line 744 of file ntifs.template.h.

◆ MSV1_0_SUBAUTHENTICATION_DLL

#define MSV1_0_SUBAUTHENTICATION_DLL   0xFF000000

Definition at line 770 of file ntifs.template.h.

◆ MSV1_0_SUBAUTHENTICATION_DLL_EX

#define MSV1_0_SUBAUTHENTICATION_DLL_EX   0x00100000

Definition at line 762 of file ntifs.template.h.

◆ MSV1_0_SUBAUTHENTICATION_DLL_IIS

#define MSV1_0_SUBAUTHENTICATION_DLL_IIS   132

Definition at line 775 of file ntifs.template.h.

◆ MSV1_0_SUBAUTHENTICATION_DLL_RAS

#define MSV1_0_SUBAUTHENTICATION_DLL_RAS   2

Definition at line 774 of file ntifs.template.h.

◆ MSV1_0_SUBAUTHENTICATION_DLL_SHIFT

#define MSV1_0_SUBAUTHENTICATION_DLL_SHIFT   24

Definition at line 771 of file ntifs.template.h.

◆ MSV1_0_SUBAUTHENTICATION_FLAGS

#define MSV1_0_SUBAUTHENTICATION_FLAGS   0xFF000000

Definition at line 800 of file ntifs.template.h.

◆ MSV1_0_SUBAUTHENTICATION_KEY

#define MSV1_0_SUBAUTHENTICATION_KEY   "SYSTEM\\CurrentControlSet\\Control\\Lsa\\MSV1_0"

Definition at line 735 of file ntifs.template.h.

◆ MSV1_0_SUBAUTHENTICATION_VALUE

#define MSV1_0_SUBAUTHENTICATION_VALUE   "Auth"

Definition at line 736 of file ntifs.template.h.

◆ MSV1_0_TRY_GUEST_ACCOUNT_ONLY

#define MSV1_0_TRY_GUEST_ACCOUNT_ONLY   0x100

Definition at line 749 of file ntifs.template.h.

◆ MSV1_0_TRY_SPECIFIED_DOMAIN_ONLY

#define MSV1_0_TRY_SPECIFIED_DOMAIN_ONLY   0x400

Definition at line 751 of file ntifs.template.h.

◆ MSV1_0_UPDATE_LOGON_STATISTICS

#define MSV1_0_UPDATE_LOGON_STATISTICS   0x04

Definition at line 743 of file ntifs.template.h.

◆ MSV1_0_USE_CLIENT_CHALLENGE

#define MSV1_0_USE_CLIENT_CHALLENGE   0x80

Definition at line 748 of file ntifs.template.h.

◆ MSV1_0_USER_SESSION_KEY_LENGTH

#define MSV1_0_USER_SESSION_KEY_LENGTH   16

Definition at line 739 of file ntifs.template.h.

◆ NETWORK_OPEN_ECP_IN_FLAG_DISABLE_HANDLE_COLLAPSING

#define NETWORK_OPEN_ECP_IN_FLAG_DISABLE_HANDLE_COLLAPSING   0x1

Definition at line 1158 of file ntifs.template.h.

◆ NETWORK_OPEN_ECP_IN_FLAG_DISABLE_HANDLE_DURABILITY

#define NETWORK_OPEN_ECP_IN_FLAG_DISABLE_HANDLE_DURABILITY   0x2

Definition at line 1159 of file ntifs.template.h.

◆ NETWORK_OPEN_ECP_IN_FLAG_FORCE_BUFFERED_SYNCHRONOUS_IO_HACK

#define NETWORK_OPEN_ECP_IN_FLAG_FORCE_BUFFERED_SYNCHRONOUS_IO_HACK   0x80000000

Definition at line 1160 of file ntifs.template.h.

◆ NLS_OEM_LEAD_BYTE_INFO

#define NLS_OEM_LEAD_BYTE_INFO   (*NlsOemLeadByteInfo)

Definition at line 1137 of file ntifs.template.h.

◆ OB_TYPE_ADAPTER

#define OB_TYPE_ADAPTER   18

Definition at line 1350 of file ntifs.template.h.

◆ OB_TYPE_CONTROLLER

#define OB_TYPE_CONTROLLER   19

Definition at line 1351 of file ntifs.template.h.

◆ OB_TYPE_DESKTOP

#define OB_TYPE_DESKTOP   14

Definition at line 1346 of file ntifs.template.h.

◆ OB_TYPE_DEVICE

#define OB_TYPE_DEVICE   20

Definition at line 1352 of file ntifs.template.h.

◆ OB_TYPE_DIRECTORY

#define OB_TYPE_DIRECTORY   2

Definition at line 1334 of file ntifs.template.h.

◆ OB_TYPE_DRIVER

#define OB_TYPE_DRIVER   21

Definition at line 1353 of file ntifs.template.h.

◆ OB_TYPE_EVENT

#define OB_TYPE_EVENT   7

Definition at line 1339 of file ntifs.template.h.

◆ OB_TYPE_EVENT_PAIR

#define OB_TYPE_EVENT_PAIR   8

Definition at line 1340 of file ntifs.template.h.

◆ OB_TYPE_FILE

#define OB_TYPE_FILE   23

Definition at line 1355 of file ntifs.template.h.

◆ OB_TYPE_IO_COMPLETION

#define OB_TYPE_IO_COMPLETION   22

Definition at line 1354 of file ntifs.template.h.

◆ OB_TYPE_KEY

#define OB_TYPE_KEY   16

Definition at line 1348 of file ntifs.template.h.

◆ OB_TYPE_MUTANT

#define OB_TYPE_MUTANT   9

Definition at line 1341 of file ntifs.template.h.

◆ OB_TYPE_PORT

#define OB_TYPE_PORT   17

Definition at line 1349 of file ntifs.template.h.

◆ OB_TYPE_PROCESS

#define OB_TYPE_PROCESS   5

Definition at line 1337 of file ntifs.template.h.

◆ OB_TYPE_PROFILE

#define OB_TYPE_PROFILE   12

Definition at line 1344 of file ntifs.template.h.

◆ OB_TYPE_SECTION

#define OB_TYPE_SECTION   15

Definition at line 1347 of file ntifs.template.h.

◆ OB_TYPE_SEMAPHORE

#define OB_TYPE_SEMAPHORE   10

Definition at line 1342 of file ntifs.template.h.

◆ OB_TYPE_SYMBOLIC_LINK

#define OB_TYPE_SYMBOLIC_LINK   3

Definition at line 1335 of file ntifs.template.h.

◆ OB_TYPE_THREAD

#define OB_TYPE_THREAD   6

Definition at line 1338 of file ntifs.template.h.

◆ OB_TYPE_TIMER

#define OB_TYPE_TIMER   11

Definition at line 1343 of file ntifs.template.h.

◆ OB_TYPE_TOKEN

#define OB_TYPE_TOKEN   4

Definition at line 1336 of file ntifs.template.h.

◆ OB_TYPE_TYPE

#define OB_TYPE_TYPE   1

Definition at line 1333 of file ntifs.template.h.

◆ OB_TYPE_WINDOW_STATION

#define OB_TYPE_WINDOW_STATION   13

Definition at line 1345 of file ntifs.template.h.

◆ PIN_CALLER_TRACKS_DIRTY_DATA

#define PIN_CALLER_TRACKS_DIRTY_DATA   (32)

Definition at line 1252 of file ntifs.template.h.

◆ PIN_EXCLUSIVE

#define PIN_EXCLUSIVE   (2)

Definition at line 1249 of file ntifs.template.h.

◆ PIN_HIGH_PRIORITY

#define PIN_HIGH_PRIORITY   (64)

Definition at line 1253 of file ntifs.template.h.

◆ PIN_IF_BCB

#define PIN_IF_BCB   (8)

Definition at line 1251 of file ntifs.template.h.

◆ PIN_NO_READ

#define PIN_NO_READ   (4)

Definition at line 1250 of file ntifs.template.h.

◆ PIN_WAIT

#define PIN_WAIT   (1)

Definition at line 1248 of file ntifs.template.h.

◆ PsDereferenceImpersonationToken

#define PsDereferenceImpersonationToken (   T)
Value:
{if (ARGUMENT_PRESENT(T)) { \
} else { \
; \
} \
}
#define T
Definition: mbstring.h:31
#define ARGUMENT_PRESENT(ArgumentPointer)
#define ObDereferenceObject
Definition: obfuncs.h:203

Definition at line 1759 of file ntifs.template.h.

◆ RETURN_NON_NT_USER_SESSION_KEY

#define RETURN_NON_NT_USER_SESSION_KEY   0x08

Definition at line 838 of file ntifs.template.h.

◆ RETURN_PRIMARY_LOGON_DOMAINNAME

#define RETURN_PRIMARY_LOGON_DOMAINNAME   0x04

Definition at line 837 of file ntifs.template.h.

◆ RETURN_PRIMARY_USERNAME

#define RETURN_PRIMARY_USERNAME   0x02

Definition at line 836 of file ntifs.template.h.

◆ RETURN_RESERVED_PARAMETER

#define RETURN_RESERVED_PARAMETER   0x80

Definition at line 842 of file ntifs.template.h.

◆ SEC_BASED

#define SEC_BASED   0x00200000

Definition at line 1357 of file ntifs.template.h.

◆ SeEnableAccessToExports

#define SeEnableAccessToExports ( )    SeExports = *(PSE_EXPORTS *)SeExports;

Definition at line 1786 of file ntifs.template.h.

◆ SetFlag

#define SetFlag (   _F,
  _SF 
)    ((_F) |= (_SF))

◆ SYSTEM_PAGE_PRIORITY_BITS

#define SYSTEM_PAGE_PRIORITY_BITS   3

Definition at line 1082 of file ntifs.template.h.

◆ SYSTEM_PAGE_PRIORITY_LEVELS

#define SYSTEM_PAGE_PRIORITY_LEVELS   (1 << SYSTEM_PAGE_PRIORITY_BITS)

Definition at line 1083 of file ntifs.template.h.

◆ USE_PRIMARY_PASSWORD

#define USE_PRIMARY_PASSWORD   0x01

Definition at line 835 of file ntifs.template.h.

◆ VER_PRODUCTBUILD

#define VER_PRODUCTBUILD   10000

Definition at line 1286 of file ntifs.template.h.

◆ VOLSNAPCONTROLTYPE

#define VOLSNAPCONTROLTYPE   0x00000053

Definition at line 1281 of file ntifs.template.h.

Typedef Documentation

◆ FILE_COPY_ON_WRITE_INFORMATION

◆ FILE_EXCLUSIVE_LOCK_ENTRY

◆ FILE_FULL_DIRECTORY_INFORMATION

◆ FILE_MAILSLOT_PEEK_BUFFER

◆ FILE_OLE_ALL_INFORMATION

◆ FILE_OLE_CLASSID_INFORMATION

◆ FILE_OLE_DIR_INFORMATION

◆ FILE_OLE_INFORMATION

◆ FILE_OLE_STATE_BITS_INFORMATION

◆ FILE_SHARED_LOCK_ENTRY

◆ FILE_STORAGE_TYPE

◆ GET_RETRIEVAL_DESCRIPTOR

◆ LSA_OBJECT_ATTRIBUTES

Definition at line 66 of file ntifs.template.h.

◆ LSA_OPERATIONAL_MODE

Definition at line 661 of file ntifs.template.h.

◆ LSA_STRING

typedef STRING LSA_STRING

Definition at line 65 of file ntifs.template.h.

◆ MAPPING_PAIR

◆ MOVEFILE_DESCRIPTOR

◆ MSV1_0_AV_PAIR

◆ MSV1_0_AVID

◆ MSV1_0_ENUMUSERS_REQUEST

◆ MSV1_0_ENUMUSERS_RESPONSE

◆ MSV1_0_GETCHALLENRESP_REQUEST

◆ MSV1_0_GETCHALLENRESP_REQUEST_V1

◆ MSV1_0_GETCHALLENRESP_RESPONSE

◆ MSV1_0_GETUSERINFO_REQUEST

◆ MSV1_0_GETUSERINFO_RESPONSE

◆ MSV1_0_INTERACTIVE_LOGON

◆ MSV1_0_INTERACTIVE_PROFILE

◆ MSV1_0_LM20_CHALLENGE_REQUEST

◆ MSV1_0_LM20_CHALLENGE_RESPONSE

◆ MSV1_0_LM20_LOGON

◆ MSV1_0_LM20_LOGON_PROFILE

◆ MSV1_0_LOGON_SUBMIT_TYPE

◆ MSV1_0_NTLM3_RESPONSE

◆ MSV1_0_PROFILE_BUFFER_TYPE

◆ MSV1_0_PROTOCOL_MESSAGE_TYPE

◆ MSV1_0_SUBAUTH_LOGON

◆ MSV1_0_SUPPLEMENTAL_CREDENTIAL

◆ NETWORK_OPEN_ECP_CONTEXT

◆ NETWORK_OPEN_ECP_CONTEXT_V0

◆ NETWORK_OPEN_INTEGRITY_QUALIFIER

◆ NETWORK_OPEN_LOCATION_QUALIFIER

◆ NFS_OPEN_ECP_CONTEXT

◆ OBJECT_ALL_TYPES_INFO

◆ OBJECT_BASIC_INFO

◆ OBJECT_BASIC_INFORMATION

◆ OBJECT_HANDLE_ATTRIBUTE_INFO

◆ OBJECT_NAME_INFO

◆ OBJECT_PROTECTION_INFO

◆ OBJECT_TYPE_INFO

◆ PFILE_COPY_ON_WRITE_INFORMATION

◆ PFILE_EXCLUSIVE_LOCK_ENTRY

◆ PFILE_FULL_DIRECTORY_INFORMATION

◆ PFILE_MAILSLOT_PEEK_BUFFER

◆ PFILE_OLE_ALL_INFORMATION

◆ PFILE_OLE_CLASSID_INFORMATION

◆ PFILE_OLE_DIR_INFORMATION

◆ PFILE_OLE_INFORMATION

◆ PFILE_OLE_STATE_BITS_INFORMATION

◆ PFILE_SHARED_LOCK_ENTRY

◆ PGET_RETRIEVAL_DESCRIPTOR

◆ PLSA_OBJECT_ATTRIBUTES

Definition at line 66 of file ntifs.template.h.

◆ PLSA_OPERATIONAL_MODE

Definition at line 661 of file ntifs.template.h.

◆ PLSA_STRING

typedef STRING * PLSA_STRING

Definition at line 65 of file ntifs.template.h.

◆ PMAPPING_PAIR

◆ PMOVEFILE_DESCRIPTOR

◆ PMSV1_0_AV_PAIR

◆ PMSV1_0_ENUMUSERS_REQUEST

◆ PMSV1_0_ENUMUSERS_RESPONSE

◆ PMSV1_0_GETCHALLENRESP_REQUEST

◆ PMSV1_0_GETCHALLENRESP_REQUEST_V1

◆ PMSV1_0_GETCHALLENRESP_RESPONSE

◆ PMSV1_0_GETUSERINFO_REQUEST

◆ PMSV1_0_GETUSERINFO_RESPONSE

◆ PMSV1_0_INTERACTIVE_LOGON

◆ PMSV1_0_INTERACTIVE_PROFILE

◆ PMSV1_0_LM20_CHALLENGE_REQUEST

◆ PMSV1_0_LM20_CHALLENGE_RESPONSE

◆ PMSV1_0_LM20_LOGON

◆ PMSV1_0_LM20_LOGON_PROFILE

◆ PMSV1_0_LOGON_SUBMIT_TYPE

◆ PMSV1_0_NTLM3_RESPONSE

◆ PMSV1_0_PROFILE_BUFFER_TYPE

◆ PMSV1_0_PROTOCOL_MESSAGE_TYPE

◆ PMSV1_0_SUBAUTH_LOGON

◆ PMSV1_0_SUPPLEMENTAL_CREDENTIAL

◆ PNETWORK_OPEN_ECP_CONTEXT

◆ PNETWORK_OPEN_ECP_CONTEXT_V0

◆ PNFS_OPEN_ECP_CONTEXT

◆ POBJECT_ALL_TYPES_INFO

◆ POBJECT_BASIC_INFO

◆ POBJECT_BASIC_INFORMATION

◆ POBJECT_HANDLE_ATTRIBUTE_INFO

◆ POBJECT_NAME_INFO

◆ POBJECT_PROTECTION_INFO

◆ POBJECT_TYPE_INFO

◆ PORT_MESSAGE

◆ PORT_VIEW

◆ PPNFS_OPEN_ECP_CONTEXT

◆ PPORT_MESSAGE

◆ PPORT_VIEW

◆ PPREFETCH_OPEN_ECP_CONTEXT

◆ PPUBLIC_OBJECT_TYPE_INFORMATION

◆ PQUERY_PATH_REQUEST

◆ PQUERY_PATH_REQUEST_EX

◆ PQUERY_PATH_RESPONSE

◆ PREFETCH_OPEN_ECP_CONTEXT

◆ PREMOTE_PORT_VIEW

◆ PSECURITY_LOGON_TYPE

◆ PSOCKADDR_STORAGE_NFS

Definition at line 1231 of file ntifs.template.h.

◆ PSRV_OPEN_ECP_CONTEXT

◆ PUBLIC_OBJECT_TYPE_INFORMATION

◆ PVAD_HEADER

◆ QUERY_PATH_REQUEST

◆ QUERY_PATH_REQUEST_EX

◆ QUERY_PATH_RESPONSE

◆ REMOTE_PORT_VIEW

◆ SECURITY_LOGON_TYPE

◆ SRV_OPEN_ECP_CONTEXT

◆ VAD_HEADER

Enumeration Type Documentation

◆ _FILE_STORAGE_TYPE

Enumerator
StorageTypeDefault 
StorageTypeDirectory 
StorageTypeFile 
StorageTypeJunctionPoint 
StorageTypeCatalog 
StorageTypeStructuredStorage 
StorageTypeEmbedding 
StorageTypeStream 

Definition at line 1387 of file ntifs.template.h.

◆ _MSV1_0_AVID

Enumerator
MsvAvEOL 
MsvAvNbComputerName 
MsvAvNbDomainName 
MsvAvDnsComputerName 
MsvAvDnsDomainName 

Definition at line 959 of file ntifs.template.h.

959  {
960  MsvAvEOL,
965 #if (_WIN32_WINNT >= 0x0501)
966  MsvAvDnsTreeName,
967  MsvAvFlags,
968 #if (_WIN32_WINNT >= 0x0600)
969  MsvAvTimestamp,
970  MsvAvRestrictions,
971  MsvAvTargetName,
972  MsvAvChannelBindings,
973 #endif
974 #endif
975 } MSV1_0_AVID;
enum _MSV1_0_AVID MSV1_0_AVID

◆ _MSV1_0_LOGON_SUBMIT_TYPE

Enumerator
MsV1_0InteractiveLogon 
MsV1_0Lm20Logon 
MsV1_0NetworkLogon 
MsV1_0SubAuthLogon 
MsV1_0WorkstationUnlockLogon 
MsV1_0InteractiveLogon 
MsV1_0Lm20Logon 
MsV1_0NetworkLogon 
MsV1_0SubAuthLogon 
MsV1_0WorkstationUnlockLogon 
MsV1_0S4ULogon 
MsV1_0VirtualLogon 

Definition at line 850 of file ntifs.template.h.

◆ _MSV1_0_PROFILE_BUFFER_TYPE

Enumerator
MsV1_0InteractiveProfile 
MsV1_0Lm20LogonProfile 
MsV1_0SmartCardProfile 
MsV1_0InteractiveProfile 
MsV1_0Lm20LogonProfile 
MsV1_0SmartCardProfile 

Definition at line 860 of file ntifs.template.h.

860  {
enum _MSV1_0_PROFILE_BUFFER_TYPE * PMSV1_0_PROFILE_BUFFER_TYPE
enum _MSV1_0_PROFILE_BUFFER_TYPE MSV1_0_PROFILE_BUFFER_TYPE

◆ _MSV1_0_PROTOCOL_MESSAGE_TYPE

Enumerator
MsV1_0Lm20ChallengeRequest 
MsV1_0Lm20GetChallengeResponse 
MsV1_0EnumerateUsers 
MsV1_0GetUserInfo 
MsV1_0ReLogonUsers 
MsV1_0ChangePassword 
MsV1_0ChangeCachedPassword 
MsV1_0GenericPassthrough 
MsV1_0CacheLogon 
MsV1_0SubAuth 
MsV1_0DeriveCredential 
MsV1_0CacheLookup 
MsV1_0SetProcessOption 
MsV1_0Lm20ChallengeRequest 
MsV1_0Lm20GetChallengeResponse 
MsV1_0EnumerateUsers 
MsV1_0GetUserInfo 
MsV1_0ReLogonUsers 
MsV1_0ChangePassword 
MsV1_0ChangeCachedPassword 
MsV1_0GenericPassthrough 
MsV1_0CacheLogon 
MsV1_0SubAuth 
MsV1_0DeriveCredential 
MsV1_0CacheLookup 

Definition at line 982 of file ntifs.template.h.

982  {
995 #if (_WIN32_WINNT >= 0x0501)
997 #endif
998 #if (_WIN32_WINNT >= 0x0600)
999  MsV1_0ConfigLocalAliases,
1000  MsV1_0ClearCachedCredentials,
1001 #endif
enum _MSV1_0_PROTOCOL_MESSAGE_TYPE * PMSV1_0_PROTOCOL_MESSAGE_TYPE
enum _MSV1_0_PROTOCOL_MESSAGE_TYPE MSV1_0_PROTOCOL_MESSAGE_TYPE

◆ _NETWORK_OPEN_INTEGRITY_QUALIFIER

Enumerator
NetworkOpenIntegrityAny 
NetworkOpenIntegrityNone 
NetworkOpenIntegritySigned 
NetworkOpenIntegrityEncrypted 
NetworkOpenIntegrityMaximum 

Definition at line 1148 of file ntifs.template.h.

◆ _NETWORK_OPEN_LOCATION_QUALIFIER

Enumerator
NetworkOpenLocationAny 
NetworkOpenLocationRemote 
NetworkOpenLocationLoopback 

Definition at line 1142 of file ntifs.template.h.

◆ _SECURITY_LOGON_TYPE

Enumerator
Interactive 
Network 
Batch 
Service 
Proxy 
Unlock 
UndefinedLogonType 
Interactive 
Network 
Batch 
Service 
Proxy 
Unlock 
NetworkCleartext 
NewCredentials 

Definition at line 663 of file ntifs.template.h.

663  {
664  UndefinedLogonType = 0,
665  Interactive = 2,
666  Network,
667  Batch,
668  Service,
669  Proxy,
670  Unlock,
673 #if (_WIN32_WINNT >= 0x0501)
674  RemoteInteractive,
675  CachedInteractive,
676 #endif
677 #if (_WIN32_WINNT >= 0x0502)
678  CachedRemoteInteractive,
679  CachedUnlock
680 #endif
enum _SECURITY_LOGON_TYPE SECURITY_LOGON_TYPE
enum _SECURITY_LOGON_TYPE * PSECURITY_LOGON_TYPE

Function Documentation

◆ $define()

$define ( UCHAR  = UCHAR)

◆ $include() [1/3]

$include ( setypes.  h)

◆ $include() [2/3]

$include ( iotypes.  h)

Definition at line 1067 of file ntifs.template.h.

1069  {
1070  ULONG Attributes;
1072  ULONG HandleCount;
1073  ULONG PointerCount;
1074  ULONG Reserved[10];
_Reserved_ PVOID Reserved
Definition: winddi.h:3974
PUBLIC_OBJECT_BASIC_INFORMATION
* PPUBLIC_OBJECT_BASIC_INFORMATION
unsigned int ULONG
Definition: retypes.h:1
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK GrantedAccess
Definition: sefuncs.h:13
ULONG ACCESS_MASK
Definition: nt_native.h:40
_Must_inspect_result_ _In_ WDFDMAENABLER _In_ _In_opt_ PWDF_OBJECT_ATTRIBUTES Attributes

◆ $include() [3/3]

$include ( ketypes.  h)

◆ _In_reads_bytes_()

◆ _IRQL_requires_max_()

_IRQL_requires_max_ ( PASSIVE_LEVEL  )

Queries information details about a security descriptor.

Computes the quota size of a security descriptor.

Assigns a security descriptor for a new object.

An extended function that assigns a security descriptor for a new object.

Frees a security descriptor.

An extended function that sets new information data to a security descriptor.

Modifies some information data about a security descriptor.

Parameters
[in]SecurityInformationSecurity information details to be queried from a security descriptor.
[out]SecurityDescriptorThe returned security descriptor with security information data.
[in,out]LengthThe returned length of a security descriptor.
[in,out]ObjectsSecurityDescriptorThe returned object security descriptor.
Returns
Returns STATUS_SUCCESS if the operations have been completed successfully and that the specific information about the security descriptor has been queried. STATUS_BUFFER_TOO_SMALL is returned if the buffer size is too small to contain the queried info about the security descriptor.
Parameters
[in]ObjectIf specified, the function will use this arbitrary object that points to an object security descriptor.
[in]SecurityInformationSecurity information details to be set.
[in]SecurityDescriptorA security descriptor where its info is to be changed.
[in,out]ObjectsSecurityDescriptorThe returned pointer to security descriptor objects.
[in]PoolTypePool type for the new security descriptor to allocate.
[in]GenericMappingThe generic mapping of access rights masks.
Returns
See SeSetSecurityDescriptorInfoEx.
Parameters
[in]ObjectIf specified, the function will use this arbitrary object that points to an object security descriptor.
[in]SecurityInformationSecurity information details to be set.
[in]SecurityDescriptorA security descriptor where its info is to be changed.
[in,out]ObjectsSecurityDescriptorThe returned pointer to security descriptor objects.
[in]AutoInheritFlagsFlags bitmask inheritation, influencing how the security descriptor can be inherited and if it can be in the first place.
[in]PoolTypePool type for the new security descriptor to allocate.
[in]GenericMappingThe generic mapping of access rights masks.
Returns
Returns STATUS_SUCCESS if the operations have been completed without problems and that new info has been set to the security descriptor. STATUS_NO_SECURITY_ON_OBJECT is returned if the object does not have a security descriptor. STATUS_INSUFFICIENT_RESOURCES is returned if memory pool allocation for the new security descriptor with new info set has failed.
Parameters
[in]SecurityDescriptorA security descriptor to be freed from memory.
Returns
Returns STATUS_SUCCESS.
Parameters
[in]_ParentDescriptorA security descriptor of the parent object that is being created.
[in]_ExplicitDescriptorAn explicit security descriptor that is applied to a new object.
[out]NewDescriptorThe new allocated security descriptor.
[in]ObjectTypeThe type of the new object.
[in]IsDirectoryObjectSet this to TRUE if the newly created object is a directory object, otherwise set this to FALSE.
[in]AutoInheritFlagsAutomatic inheritance flags that influence how access control entries within ACLs from security descriptors are inherited.
[in]SubjectContextSecurity subject context of the new object.
[in]GenericMappingGeneric mapping of access mask rights.
[in]PoolTypeThis parameter is unused.
Returns
Returns STATUS_SUCCESS if the operations have been completed successfully and that the security descriptor has been assigned to the new object. STATUS_NO_TOKEN is returned if the caller hasn't supplied a valid argument to a security subject context. STATUS_INVALID_OWNER is returned if the caller hasn't supplied a parent descriptor that belongs to the main user (owner). STATUS_INVALID_PRIMARY_GROUP is returned by the same reason as with the previous NTSTATUS code. The two NTSTATUS codes are returned if the calling thread stated that the owner and/or group is defaulted to the parent descriptor (SEF_DEFAULT_OWNER_FROM_PARENT and/or SEF_DEFAULT_GROUP_FROM_PARENT respectively). STATUS_INSUFFICIENT_RESOURCES is returned if memory pool allocation for the descriptor buffer has failed. A failure NTSTATUS is returned otherwise.
Parameters
[in]ParentDescriptorA security descriptor of the parent object that is being created.
[in]ExplicitDescriptorAn explicit security descriptor that is applied to a new object.
[out]NewDescriptorThe new allocated security descriptor.
[in]IsDirectoryObjectSet this to TRUE if the newly created object is a directory object, otherwise set this to FALSE.
[in]SubjectContextSecurity subject context of the new object.
[in]GenericMappingGeneric mapping of access mask rights.
[in]PoolTypeThis parameter is unused.
Returns
See SeAssignSecurityEx.
Parameters
[in]SecurityDescriptorA security descriptor.
[out]QuotaInfoSizeThe returned quota size of the given security descriptor to the caller. The function may return 0 to this parameter if the descriptor doesn't have a group or a discretionary access control list (DACL) even.
Returns
Returns STATUS_SUCCESS if the quota size of a security descriptor has been computed successfully. STATUS_UNKNOWN_REVISION is returned if the security descriptor has an invalid revision.

Definition at line 64 of file Messaging.c.

75 {
76  PFLT_SERVER_PORT_OBJECT PortObject;
78 
79  /* The caller must allow at least one connection */
80  if (MaxConnections == 0)
81  {
83  }
84 
85  /* The request must be for a kernel handle */
86  if (!(ObjectAttributes->Attributes & OBJ_KERNEL_HANDLE))
87  {
89  }
90 
91  /*
92  * Get rundown protection on the target to stop the owner
93  * from unloading whilst this port object is open. It gets
94  * removed in the FltpServerPortClose callback
95  */
97  if (!NT_SUCCESS(Status))
98  {
99  return Status;
100  }
101 
102  /* Create the server port object for this filter */
106  KernelMode,
107  NULL,
108  sizeof(FLT_SERVER_PORT_OBJECT),
109  0,
110  0,
111  (PVOID *)&PortObject);
112  if (NT_SUCCESS(Status))
113  {
114  /* Zero out the struct */
115  RtlZeroMemory(PortObject, sizeof(FLT_SERVER_PORT_OBJECT));
116 
117  /* Increment the ref count on the target filter */
119 
120  /* Setup the filter port object */
121  PortObject->Filter = Filter;
122  PortObject->ConnectNotify = ConnectNotifyCallback;
124  PortObject->MessageNotify = MessageNotifyCallback;
125  PortObject->Cookie = ServerPortCookie;
126  PortObject->MaxConnections = MaxConnections;
127 
128  /* Insert the object */
129  Status = ObInsertObject(PortObject,
130  NULL,
132  0,
133  NULL,
135  if (NT_SUCCESS(Status))
136  {
137  /* Lock the connection list */
139 
140  /* Add the new port object to the connection list and increment the count */
143 
144  /* Unlock the connection list*/
146  }
147  }
148 
149  if (!NT_SUCCESS(Status))
150  {
151  /* Allow the filter to be cleaned up */
153  }
154 
155  return Status;
156 }
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:35
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
_Must_inspect_result_ _Outptr_ PFLT_PORT * ServerPort
Definition: fltkernel.h:1872
PFLT_CONNECT_NOTIFY ConnectNotify
Definition: fltmgrint.h:191
VOID FLTAPI FltObjectDereference(_Inout_ PVOID Object)
Definition: Object.c:53
LONG NTSTATUS
Definition: precomp.h:26
#define InsertTailList(ListHead, Entry)
#define OBJ_KERNEL_HANDLE
Definition: winternl.h:231
VOID FASTCALL ExReleaseFastMutex(IN PFAST_MUTEX FastMutex)
Definition: fmutex.c:31
ULONG FltpObjectPointerReference(_In_ PFLT_OBJECT Object)
Definition: Object.c:322
LIST_ENTRY mList
Definition: fltmgrint.h:56
_Must_inspect_result_ _In_opt_ PFLT_FILTER Filter
Definition: fltkernel.h:1801
#define FILE_READ_DATA
Definition: nt_native.h:628
NTSTATUS NTAPI ObCreateObject(IN KPROCESSOR_MODE ProbeMode OPTIONAL, IN POBJECT_TYPE Type, IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN KPROCESSOR_MODE AccessMode, IN OUT PVOID ParseContext OPTIONAL, IN ULONG ObjectSize, IN ULONG PagedPoolCharge OPTIONAL, IN ULONG NonPagedPoolCharge OPTIONAL, OUT PVOID *Object)
Definition: oblife.c:951
Status
Definition: gdiplustypes.h:24
POBJECT_TYPE ServerPortObjectType
Definition: Messaging.c:24
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
_Must_inspect_result_ _Outptr_ PFLT_PORT _In_ POBJECT_ATTRIBUTES _In_opt_ PVOID _In_ PFLT_CONNECT_NOTIFY _In_ PFLT_DISCONNECT_NOTIFY DisconnectNotifyCallback
Definition: fltkernel.h:1872
PVOID *typedef PHANDLE
Definition: ntsecpkg.h:454
_Must_inspect_result_ _Outptr_ PFLT_PORT _In_ POBJECT_ATTRIBUTES _In_opt_ PVOID _In_ PFLT_CONNECT_NOTIFY ConnectNotifyCallback
Definition: fltkernel.h:1872
NTSTATUS NTAPI ObInsertObject(IN PVOID Object, IN PACCESS_STATE AccessState OPTIONAL, IN ACCESS_MASK DesiredAccess, IN ULONG ObjectPointerBias, OUT PVOID *NewObject OPTIONAL, OUT PHANDLE Handle)
Definition: obhandle.c:2935
#define STANDARD_RIGHTS_ALL
Definition: nt_native.h:69
VOID FASTCALL ExAcquireFastMutex(IN PFAST_MUTEX FastMutex)
Definition: fmutex.c:23
NTSTATUS FLTAPI FltObjectReference(_Inout_ PVOID Object)
Definition: Object.c:41
_Must_inspect_result_ _Outptr_ PFLT_PORT _In_ POBJECT_ATTRIBUTES _In_opt_ PVOID ServerPortCookie
Definition: fltkernel.h:1872
#define NULL
Definition: types.h:112
FAST_MUTEX mLock
Definition: fltmgrint.h:55
PFLT_MESSAGE_NOTIFY MessageNotify
Definition: fltmgrint.h:193
#define RtlZeroMemory(Destination, Length)
Definition: typedefs.h:262
_Must_inspect_result_ _Outptr_ PFLT_PORT _In_ POBJECT_ATTRIBUTES _In_opt_ PVOID _In_ PFLT_CONNECT_NOTIFY _In_ PFLT_DISCONNECT_NOTIFY _In_opt_ PFLT_MESSAGE_NOTIFY _In_ LONG MaxConnections
Definition: fltkernel.h:1872
PFLT_DISCONNECT_NOTIFY DisconnectNotify
Definition: fltmgrint.h:192
_Must_inspect_result_ _Outptr_ PFLT_PORT _In_ POBJECT_ATTRIBUTES _In_opt_ PVOID _In_ PFLT_CONNECT_NOTIFY _In_ PFLT_DISCONNECT_NOTIFY _In_opt_ PFLT_MESSAGE_NOTIFY MessageNotifyCallback
Definition: fltkernel.h:1872
FLT_MUTEX_LIST_HEAD ConnectionList
Definition: fltmgrint.h:121

◆ _Out_writes_bytes_opt_() [1/2]

◆ _Out_writes_bytes_opt_() [2/2]

_In_ SECURITY_INFORMATION _Out_writes_bytes_opt_ ( Length  )

◆ _Out_writes_bytes_to_opt_()

_In_ TOKEN_INFORMATION_CLASS _Out_writes_bytes_to_opt_ ( TokenInformationLength  ,
ReturnLength 
)

◆ _When_()

◆ C_ASSERT() [1/2]

C_ASSERT ( FIELD_OFFSET(ERESOURCE, ActiveCount)  = =0x0c)

◆ C_ASSERT() [2/2]

C_ASSERT ( FIELD_OFFSET(ERESOURCE, Flag = =0x0e)

◆ CcGetLsnForFileObject()

NTKERNELAPI LARGE_INTEGER NTAPI CcGetLsnForFileObject ( _In_ PFILE_OBJECT  FileObject,
_Out_opt_ PLARGE_INTEGER  OldestLsn 
)

◆ DEFINE_GUID() [1/4]

DEFINE_GUID ( GUID_ECP_NETWORK_OPEN_CONTEXT  ,
0xc584edbf  ,
0x00df  ,
0x4d28  ,
0xb8  ,
0x84  ,
0x35  ,
0xba  ,
0xca  ,
0x89  ,
0x11  ,
0xe8   
)

◆ DEFINE_GUID() [2/4]

DEFINE_GUID ( GUID_ECP_PREFETCH_OPEN  ,
0xe1777b21  ,
0x847e  ,
0x4837  ,
0xaa  ,
0x45  ,
0x64  ,
0x16  ,
0x1d  ,
0x28  ,
0x6  ,
0x55   
)

◆ DEFINE_GUID() [3/4]

DEFINE_GUID ( GUID_ECP_NFS_OPEN  ,
0xf326d30c  ,
0xe5f8  ,
0x4fe7  ,
0xab  ,
0x74  ,
0xf5  ,
0xa3  ,
0x19  ,
0x6d  ,
0x92  ,
0xdb   
)

◆ DEFINE_GUID() [4/4]

DEFINE_GUID ( GUID_ECP_SRV_OPEN  ,
0xbebfaebc  ,
0xaabf  ,
0x489d  ,
0x9d  ,
0x2c  ,
0xe9  ,
0xe3  ,
0x61  ,
0x10  ,
0x28  ,
0x53   
)

◆ FsRtlAllocatePool()

NTKERNELAPI PVOID NTAPI FsRtlAllocatePool ( _In_ POOL_TYPE  PoolType,
_In_ ULONG  NumberOfBytes 
)

◆ FsRtlAllocatePoolWithQuota()

NTKERNELAPI PVOID NTAPI FsRtlAllocatePoolWithQuota ( _In_ POOL_TYPE  PoolType,
_In_ ULONG  NumberOfBytes 
)

◆ FsRtlAllocatePoolWithQuotaTag()

NTKERNELAPI PVOID NTAPI FsRtlAllocatePoolWithQuotaTag ( _In_ POOL_TYPE  PoolType,
_In_ ULONG  NumberOfBytes,
_In_ ULONG  Tag 
)

◆ FsRtlAllocatePoolWithTag()

NTKERNELAPI PVOID NTAPI FsRtlAllocatePoolWithTag ( _In_ POOL_TYPE  PoolType,
_In_ ULONG  NumberOfBytes,
_In_ ULONG  Tag 
)

◆ FsRtlMdlReadComplete()

NTKERNELAPI BOOLEAN NTAPI FsRtlMdlReadComplete ( _In_ PFILE_OBJECT  FileObject,
_In_ PMDL  MdlChain 
)

◆ FsRtlMdlWriteComplete()

NTKERNELAPI BOOLEAN NTAPI FsRtlMdlWriteComplete ( _In_ PFILE_OBJECT  FileObject,
_In_ PLARGE_INTEGER  FileOffset,
_In_ PMDL  MdlChain 
)

◆ FsRtlNotifyChangeDirectory()

NTKERNELAPI VOID NTAPI FsRtlNotifyChangeDirectory ( _In_ PNOTIFY_SYNC  NotifySync,
_In_ PVOID  FsContext,
_In_ PSTRING  FullDirectoryName,
_In_ PLIST_ENTRY  NotifyList,
_In_ BOOLEAN  WatchTree,
_In_ ULONG  CompletionFilter,
_In_ PIRP  NotifyIrp 
)

◆ LsaFreeReturnBuffer()

_IRQL_requires_same_ NTSTATUS NTAPI LsaFreeReturnBuffer ( _In_ PVOID  Buffer)

◆ NtAccessCheckAndAuditAlarm()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAccessCheckAndAuditAlarm ( _In_ PUNICODE_STRING  SubsystemName,
_In_opt_ PVOID  HandleId,
_In_ PUNICODE_STRING  ObjectTypeName,
_In_ PUNICODE_STRING  ObjectName,
_In_ PSECURITY_DESCRIPTOR  SecurityDescriptor,
_In_ ACCESS_MASK  DesiredAccess,
_In_ PGENERIC_MAPPING  GenericMapping,
_In_ BOOLEAN  ObjectCreation,
_Out_ PACCESS_MASK  GrantedAccess,
_Out_ PNTSTATUS  AccessStatus,
_Out_ PBOOLEAN  GenerateOnClose 
)

Raises an alarm audit message when a caller attempts to access an object and determine if the access can be made.

Parameters
[in]SubsystemNameA Unicode string that points to a name of the subsystem.
[in]HandleIdA handle to an ID that is used as identification instance for auditing.
[in]ObjectTypeNameThe name of the object type.
[in]ObjectNameThe object name.
[in]SecurityDescriptorA security descriptor.
[in]DesiredAccessThe desired access rights masks requested by the caller.
[in]GenericMappingThe generic mapping of access mask rights.
[in]ObjectCreationSet this to TRUE if the object has just been created.
[out]GrantedAccessReturns the granted access rights.
[out]AccessStatusReturns a NTSTATUS status code indicating whether access check can be granted or not.
[out]GenerateOnCloseReturns TRUE if the function has generated a list of granted access rights and status codes on termination, FALSE otherwise.
Returns
See SepAccessCheckAndAuditAlarm.

Definition at line 2125 of file audit.c.

2137 {
2138  /* Call the internal function */
2139  return SepAccessCheckAndAuditAlarm(SubsystemName,
2140  HandleId,
2141  NULL,
2143  ObjectName,
2145  NULL,
2146  DesiredAccess,
2148  0,
2149  NULL,
2150  0,
2152  GrantedAccess,
2153  AccessStatus,
2155  FALSE);
2156 }
static POBJECTS_AND_NAME_A SE_OBJECT_TYPE LPSTR ObjectTypeName
Definition: security.c:77
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
Definition: wdfdevice.h:2654
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK _Out_ PNTSTATUS AccessStatus
Definition: sefuncs.h:13
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:182
_In_ PVOID _Out_opt_ PULONG_PTR _Outptr_opt_ PCUNICODE_STRING * ObjectName
Definition: cmfuncs.h:62
#define FALSE
Definition: types.h:117
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE _In_ BOOLEAN _In_ BOOLEAN _In_ KPROCESSOR_MODE _In_opt_ GUID _Out_ PBOOLEAN GenerateOnClose
Definition: sefuncs.h:414
static GENERIC_MAPPING GenericMapping
Definition: SeInheritance.c:11
#define NULL
Definition: types.h:112
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK GrantedAccess
Definition: sefuncs.h:13
_Must_inspect_result_ NTSTATUS NTAPI SepAccessCheckAndAuditAlarm(_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ PHANDLE ClientTokenHandle, _In_ PUNICODE_STRING ObjectTypeName, _In_ PUNICODE_STRING ObjectName, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_opt_ PSID PrincipalSelfSid, _In_ ACCESS_MASK DesiredAccess, _In_ AUDIT_EVENT_TYPE AuditType, _In_ ULONG Flags, _In_reads_opt_(ObjectTypeListLength) POBJECT_TYPE_LIST ObjectTypeList, _In_ ULONG ObjectTypeListLength, _In_ PGENERIC_MAPPING GenericMapping, _Out_writes_(ObjectTypeListLength) PACCESS_MASK GrantedAccessList, _Out_writes_(ObjectTypeListLength) PNTSTATUS AccessStatusList, _Out_ PBOOLEAN GenerateOnClose, _In_ BOOLEAN UseResultList)
Performs security auditing, if the specific object can be granted security access or not.
Definition: audit.c:614

Referenced by AccessCheckAndAuditAlarmA(), and AccessCheckAndAuditAlarmW().

◆ NtAccessCheckByTypeAndAuditAlarm()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAccessCheckByTypeAndAuditAlarm ( _In_ PUNICODE_STRING  SubsystemName,
_In_opt_ PVOID  HandleId,
_In_ PUNICODE_STRING  ObjectTypeName,
_In_ PUNICODE_STRING  ObjectName,
_In_ PSECURITY_DESCRIPTOR  SecurityDescriptor,
_In_opt_ PSID  PrincipalSelfSid,
_In_ ACCESS_MASK  DesiredAccess,
_In_ AUDIT_EVENT_TYPE  AuditType,
_In_ ULONG  Flags,
_In_reads_opt_(ObjectTypeLength) POBJECT_TYPE_LIST  ObjectTypeList,
_In_ ULONG  ObjectTypeLength,
_In_ PGENERIC_MAPPING  GenericMapping,
_In_ BOOLEAN  ObjectCreation,
_Out_ PACCESS_MASK  GrantedAccess,
_Out_ PNTSTATUS  AccessStatus,
_Out_ PBOOLEAN  GenerateOnClose 
)

Raises an alarm audit message when a caller attempts to access an object and determine if the access can be made by type.

Parameters
[in]SubsystemNameA Unicode string that points to a name of the subsystem.
[in]HandleIdA handle to an ID that is used as identification instance for auditing.
[in]ObjectTypeNameThe name of the object type.
[in]ObjectNameThe object name.
[in]SecurityDescriptorA security descriptor.
[in]PrincipalSelfSidA principal self user SID.
[in]DesiredAccessThe desired access rights masks requested by the caller.
[in]AuditTypeType of audit to start, influencing how the audit should be done.
[in]FlagsFlag bitmask, used to check if auditing can be done without privileges.
[in]ObjectTypeListA list of object types.
[in]ObjectTypeLengthThe length size of the list.
[in]GenericMappingThe generic mapping of access mask rights.
[in]ObjectCreationSet this to TRUE if the object has just been created.
[out]GrantedAccessReturns the granted access rights.
[out]AccessStatusReturns a NTSTATUS status code indicating whether access check can be granted or not.
[out]GenerateOnCloseReturns TRUE if the function has generated a list of granted access rights and status codes on termination, FALSE otherwise.
Returns
See SepAccessCheckAndAuditAlarm.

Definition at line 2222 of file audit.c.

2239 {
2240  /* Call the internal function */
2241  return SepAccessCheckAndAuditAlarm(SubsystemName,
2242  HandleId,
2243  NULL,
2245  ObjectName,
2247  PrincipalSelfSid,
2248  DesiredAccess,
2249  AuditType,
2250  Flags,
2251  ObjectTypeList,
2252  ObjectTypeLength,
2254  GrantedAccess,
2255  AccessStatus,
2257  FALSE);
2258 }
static POBJECTS_AND_NAME_A SE_OBJECT_TYPE LPSTR ObjectTypeName
Definition: security.c:77
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
Definition: wdfdevice.h:2654
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK _Out_ PNTSTATUS AccessStatus
Definition: sefuncs.h:13
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:182
_In_ PVOID _Out_opt_ PULONG_PTR _Outptr_opt_ PCUNICODE_STRING * ObjectName
Definition: cmfuncs.h:62
#define FALSE
Definition: types.h:117
_Must_inspect_result_ _In_ ULONG Flags
Definition: wsk.h:170
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE _In_ BOOLEAN _In_ BOOLEAN _In_ KPROCESSOR_MODE _In_opt_ GUID _Out_ PBOOLEAN GenerateOnClose
Definition: sefuncs.h:414
static GENERIC_MAPPING GenericMapping
Definition: SeInheritance.c:11
#define NULL
Definition: types.h:112
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK GrantedAccess
Definition: sefuncs.h:13
_Must_inspect_result_ NTSTATUS NTAPI SepAccessCheckAndAuditAlarm(_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ PHANDLE ClientTokenHandle, _In_ PUNICODE_STRING ObjectTypeName, _In_ PUNICODE_STRING ObjectName, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_opt_ PSID PrincipalSelfSid, _In_ ACCESS_MASK DesiredAccess, _In_ AUDIT_EVENT_TYPE AuditType, _In_ ULONG Flags, _In_reads_opt_(ObjectTypeListLength) POBJECT_TYPE_LIST ObjectTypeList, _In_ ULONG ObjectTypeListLength, _In_ PGENERIC_MAPPING GenericMapping, _Out_writes_(ObjectTypeListLength) PACCESS_MASK GrantedAccessList, _Out_writes_(ObjectTypeListLength) PNTSTATUS AccessStatusList, _Out_ PBOOLEAN GenerateOnClose, _In_ BOOLEAN UseResultList)
Performs security auditing, if the specific object can be granted security access or not.
Definition: audit.c:614

◆ NtAccessCheckByTypeResultListAndAuditAlarm()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAccessCheckByTypeResultListAndAuditAlarm ( _In_ PUNICODE_STRING  SubsystemName,
_In_opt_ PVOID  HandleId,
_In_ PUNICODE_STRING  ObjectTypeName,
_In_ PUNICODE_STRING  ObjectName,
_In_ PSECURITY_DESCRIPTOR  SecurityDescriptor,
_In_opt_ PSID  PrincipalSelfSid,
_In_ ACCESS_MASK  DesiredAccess,
_In_ AUDIT_EVENT_TYPE  AuditType,
_In_ ULONG  Flags,
_In_reads_opt_(ObjectTypeListLength) POBJECT_TYPE_LIST  ObjectTypeList,
_In_ ULONG  ObjectTypeListLength,
_In_ PGENERIC_MAPPING  GenericMapping,
_In_ BOOLEAN  ObjectCreation,
_Out_writes_(ObjectTypeListLength) PACCESS_MASK  GrantedAccessList,
_Out_writes_(ObjectTypeListLength) PNTSTATUS  AccessStatusList,
_Out_ PBOOLEAN  GenerateOnClose 
)

Raises an alarm audit message when a caller attempts to access an object and determine if the access can be made by given type result.

Parameters
[in]SubsystemNameA Unicode string that points to a name of the subsystem.
[in]HandleIdA handle to an ID that is used as identification instance for auditing.
[in]ObjectTypeNameThe name of the object type.
[in]ObjectNameThe object name.
[in]SecurityDescriptorA security descriptor.
[in]PrincipalSelfSidA principal self user SID.
[in]DesiredAccessThe desired access rights masks requested by the caller.
[in]AuditTypeType of audit to start, influencing how the audit should be done.
[in]FlagsFlag bitmask, used to check if auditing can be done without privileges.
[in]ObjectTypeListA list of object types.
[in]ObjectTypeLengthThe length size of the list.
[in]GenericMappingThe generic mapping of access mask rights.
[in]ObjectCreationSet this to TRUE if the object has just been created.
[out]GrantedAccessListReturns the granted access rights.
[out]AccessStatusListReturns a NTSTATUS status code indicating whether access check can be granted or not.
[out]GenerateOnCloseReturns TRUE if the function has generated a list of granted access rights and status codes on termination, FALSE otherwise.
Returns
See SepAccessCheckAndAuditAlarm.

Definition at line 2324 of file audit.c.

2341 {
2342  /* Call the internal function */
2343  return SepAccessCheckAndAuditAlarm(SubsystemName,
2344  HandleId,
2345  NULL,
2347  ObjectName,
2349  PrincipalSelfSid,
2350  DesiredAccess,
2351  AuditType,
2352  Flags,
2353  ObjectTypeList,
2354  ObjectTypeListLength,
2356  GrantedAccessList,
2357  AccessStatusList,
2359  TRUE);
2360 }
static POBJECTS_AND_NAME_A SE_OBJECT_TYPE LPSTR ObjectTypeName
Definition: security.c:77
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
Definition: wdfdevice.h:2654
#define TRUE
Definition: types.h:120
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:182
_In_ PVOID _Out_opt_ PULONG_PTR _Outptr_opt_ PCUNICODE_STRING * ObjectName
Definition: cmfuncs.h:62
_Must_inspect_result_ _In_ ULONG Flags
Definition: wsk.h:170
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE _In_ BOOLEAN _In_ BOOLEAN _In_ KPROCESSOR_MODE _In_opt_ GUID _Out_ PBOOLEAN GenerateOnClose
Definition: sefuncs.h:414
static GENERIC_MAPPING GenericMapping
Definition: SeInheritance.c:11
#define NULL
Definition: types.h:112
_Must_inspect_result_ NTSTATUS NTAPI SepAccessCheckAndAuditAlarm(_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ PHANDLE ClientTokenHandle, _In_ PUNICODE_STRING ObjectTypeName, _In_ PUNICODE_STRING ObjectName, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_opt_ PSID PrincipalSelfSid, _In_ ACCESS_MASK DesiredAccess, _In_ AUDIT_EVENT_TYPE AuditType, _In_ ULONG Flags, _In_reads_opt_(ObjectTypeListLength) POBJECT_TYPE_LIST ObjectTypeList, _In_ ULONG ObjectTypeListLength, _In_ PGENERIC_MAPPING GenericMapping, _Out_writes_(ObjectTypeListLength) PACCESS_MASK GrantedAccessList, _Out_writes_(ObjectTypeListLength) PNTSTATUS AccessStatusList, _Out_ PBOOLEAN GenerateOnClose, _In_ BOOLEAN UseResultList)
Performs security auditing, if the specific object can be granted security access or not.
Definition: audit.c:614

◆ NtAccessCheckByTypeResultListAndAuditAlarmByHandle()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAccessCheckByTypeResultListAndAuditAlarmByHandle ( _In_ PUNICODE_STRING  SubsystemName,
_In_opt_ PVOID  HandleId,
_In_ HANDLE  ClientToken,
_In_ PUNICODE_STRING  ObjectTypeName,
_In_ PUNICODE_STRING  ObjectName,
_In_ PSECURITY_DESCRIPTOR  SecurityDescriptor,
_In_opt_ PSID  PrincipalSelfSid,
_In_ ACCESS_MASK  DesiredAccess,
_In_ AUDIT_EVENT_TYPE  AuditType,
_In_ ULONG  Flags,
_In_reads_opt_(ObjectTypeListLength) POBJECT_TYPE_LIST  ObjectTypeList,
_In_ ULONG  ObjectTypeListLength,
_In_ PGENERIC_MAPPING  GenericMapping,
_In_ BOOLEAN  ObjectCreation,
_Out_writes_(ObjectTypeListLength) PACCESS_MASK  GrantedAccessList,
_Out_writes_(ObjectTypeListLength) PNTSTATUS  AccessStatusList,
_Out_ PBOOLEAN  GenerateOnClose 
)

Raises an alarm audit message when a caller attempts to access an object and determine if the access can be made by given type result and a token handle.

Parameters
[in]SubsystemNameA Unicode string that points to a name of the subsystem.
[in]HandleIdA handle to an ID that is used as identification instance for auditing.
[in]ClientTokenA handle to a client access token.
[in]ObjectTypeNameThe name of the object type.
[in]ObjectNameThe object name.
[in]SecurityDescriptorA security descriptor.
[in]PrincipalSelfSidA principal self user SID.
[in]DesiredAccessThe desired access rights masks requested by the caller.
[in]AuditTypeType of audit to start, influencing how the audit should be done.
[in]FlagsFlag bitmask, used to check if auditing can be done without privileges.
[in]ObjectTypeListA list of object types.
[in]ObjectTypeLengthThe length size of the list.
[in]GenericMappingThe generic mapping of access mask rights.
[in]ObjectCreationSet this to TRUE if the object has just been created.
[out]GrantedAccessListReturns the granted access rights.
[out]AccessStatusListReturns a NTSTATUS status code indicating whether access check can be granted or not.
[out]GenerateOnCloseReturns TRUE if the function has generated a list of granted access rights and status codes on termination, FALSE otherwise.
Returns
See SepAccessCheckAndAuditAlarm.

Definition at line 2430 of file audit.c.

2448 {
2449  UNREFERENCED_PARAMETER(ObjectCreation);
2450 
2451  /* Call the internal function */
2452  return SepAccessCheckAndAuditAlarm(SubsystemName,
2453  HandleId,
2454  &ClientToken,
2456  ObjectName,
2458  PrincipalSelfSid,
2459  DesiredAccess,
2460  AuditType,
2461  Flags,
2462  ObjectTypeList,
2463  ObjectTypeListLength,
2465  GrantedAccessList,
2466  AccessStatusList,
2468  TRUE);
2469 }
static POBJECTS_AND_NAME_A SE_OBJECT_TYPE LPSTR ObjectTypeName
Definition: security.c:77
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
Definition: wdfdevice.h:2654
#define TRUE
Definition: types.h:120
#define UNREFERENCED_PARAMETER(P)
Definition: ntbasedef.h:317
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:182
_In_ PVOID _Out_opt_ PULONG_PTR _Outptr_opt_ PCUNICODE_STRING * ObjectName
Definition: cmfuncs.h:62
_Must_inspect_result_ _In_ ULONG Flags
Definition: wsk.h:170
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE _In_ BOOLEAN _In_ BOOLEAN _In_ KPROCESSOR_MODE _In_opt_ GUID _Out_ PBOOLEAN GenerateOnClose
Definition: sefuncs.h:414
static GENERIC_MAPPING GenericMapping
Definition: SeInheritance.c:11
_Must_inspect_result_ NTSTATUS NTAPI SepAccessCheckAndAuditAlarm(_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ PHANDLE ClientTokenHandle, _In_ PUNICODE_STRING ObjectTypeName, _In_ PUNICODE_STRING ObjectName, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_opt_ PSID PrincipalSelfSid, _In_ ACCESS_MASK DesiredAccess, _In_ AUDIT_EVENT_TYPE AuditType, _In_ ULONG Flags, _In_reads_opt_(ObjectTypeListLength) POBJECT_TYPE_LIST ObjectTypeList, _In_ ULONG ObjectTypeListLength, _In_ PGENERIC_MAPPING GenericMapping, _Out_writes_(ObjectTypeListLength) PACCESS_MASK GrantedAccessList, _Out_writes_(ObjectTypeListLength) PNTSTATUS AccessStatusList, _Out_ PBOOLEAN GenerateOnClose, _In_ BOOLEAN UseResultList)
Performs security auditing, if the specific object can be granted security access or not.
Definition: audit.c:614

◆ NtAdjustGroupsToken()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAdjustGroupsToken ( _In_ HANDLE  TokenHandle,
_In_ BOOLEAN  ResetToDefault,
_In_opt_ PTOKEN_GROUPS  NewState,
_In_opt_ ULONG  BufferLength,
_Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_GROUPS  PreviousState,
_Out_ PULONG  ReturnLength 
)

◆ NtAdjustPrivilegesToken()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAdjustPrivilegesToken ( _In_ HANDLE  TokenHandle,
_In_ BOOLEAN  DisableAllPrivileges,
_In_opt_ PTOKEN_PRIVILEGES  NewState,
_In_ ULONG  BufferLength,
_Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_PRIVILEGES  PreviousState,
_When_(PreviousState !=NULL, _Out_) PULONG  ReturnLength 
)

◆ NtCloseObjectAuditAlarm()

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtCloseObjectAuditAlarm ( _In_ PUNICODE_STRING  SubsystemName,
_In_opt_ PVOID  HandleId,
_In_ BOOLEAN  GenerateOnClose 
)

◆ NtCreateFile()

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtCreateFile ( _Out_ PHANDLE  FileHandle,
_In_ ACCESS_MASK  DesiredAccess,
_In_ POBJECT_ATTRIBUTES  ObjectAttributes,
_Out_ PIO_STATUS_BLOCK  IoStatusBlock,
_In_opt_ PLARGE_INTEGER  AllocationSize,
_In_ ULONG  FileAttributes,
_In_ ULONG  ShareAccess,
_In_ ULONG  CreateDisposition,
_In_ ULONG  CreateOptions,
_In_reads_bytes_opt_(EaLength) PVOID  EaBuffer,
_In_ ULONG  EaLength 
)

◆ NtCreateSection()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtCreateSection ( _Out_ PHANDLE  SectionHandle,
_In_ ACCESS_MASK  DesiredAccess,
_In_opt_ POBJECT_ATTRIBUTES  ObjectAttributes,
_In_opt_ PLARGE_INTEGER  MaximumSize,
_In_ ULONG  SectionPageProtection,
_In_ ULONG  AllocationAttributes,
_In_opt_ HANDLE  FileHandle 
)

◆ NtDeleteObjectAuditAlarm()

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtDeleteObjectAuditAlarm ( _In_ PUNICODE_STRING  SubsystemName,
_In_opt_ PVOID  HandleId,
_In_ BOOLEAN  GenerateOnClose 
)

◆ NtDeviceIoControlFile()

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtDeviceIoControlFile ( _In_ HANDLE  FileHandle,
_In_opt_ HANDLE  Event,
_In_opt_ PIO_APC_ROUTINE  ApcRoutine,
_In_opt_ PVOID  ApcContext,
_Out_ PIO_STATUS_BLOCK  IoStatusBlock,
_In_ ULONG  IoControlCode,
_In_reads_bytes_opt_(InputBufferLength) PVOID  InputBuffer,
_In_ ULONG  InputBufferLength,
_Out_writes_bytes_opt_(OutputBufferLength) PVOID  OutputBuffer,
_In_ ULONG  OutputBufferLength 
)

◆ NtDuplicateToken()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtDuplicateToken ( _In_ HANDLE  ExistingTokenHandle,
_In_ ACCESS_MASK  DesiredAccess,
_In_opt_ POBJECT_ATTRIBUTES  ObjectAttributes,
_In_ BOOLEAN  EffectiveOnly,
_In_ TOKEN_TYPE  TokenType,
_Out_ PHANDLE  NewTokenHandle 
)

Duplicates a token.

Parameters
[in]ExistingTokenHandleAn existing token to duplicate.
[in]DesiredAccessThe desired access rights for the new duplicated token.
[in]ObjectAttributesObject attributes for the new duplicated token.
[in]EffectiveOnlyIf set to TRUE, the function removes all the disabled privileges and groups of the token to duplicate.
[in]TokenTypeType of token to assign to the duplicated token.
[out]NewTokenHandleThe returned duplicated token handle.
Returns
STATUS_SUCCESS is returned if token duplication has completed successfully. STATUS_BAD_IMPERSONATION_LEVEL is returned if the caller erroneously wants to raise the impersonation level even though the conditions do not permit it. A failure NTSTATUS code is returned otherwise.
Remarks
Some sources claim 4th param is ImpersonationLevel, but on W2K this is certainly NOT true, although I can't say for sure that EffectiveOnly is correct either. -Gunnar This is true. EffectiveOnly overrides SQOS.EffectiveOnly. - IAI NOTE for readers: http://hex.pp.ua/nt/NtDuplicateToken.php is therefore wrong in that regard, while MSDN documentation is correct.

Definition at line 1865 of file tokenlif.c.

1872 {
1874  HANDLE hToken;
1875  PTOKEN Token;
1876  PTOKEN NewToken;
1877  PSECURITY_QUALITY_OF_SERVICE CapturedSecurityQualityOfService;
1878  BOOLEAN QoSPresent;
1880  NTSTATUS Status;
1881 
1882  PAGED_CODE();
1883 
1884  if (TokenType != TokenImpersonation &&
1886  {
1887  return STATUS_INVALID_PARAMETER;
1888  }
1889 
1891 
1892  if (PreviousMode != KernelMode)
1893  {
1894  _SEH2_TRY
1895  {
1897  }
1899  {
1900  /* Return the exception code */
1902  }
1903  _SEH2_END;
1904  }
1905 
1907  PreviousMode,
1908  PagedPool,
1909  FALSE,
1910  &CapturedSecurityQualityOfService,
1911  &QoSPresent);
1912  if (!NT_SUCCESS(Status))
1913  {
1914  DPRINT1("NtDuplicateToken() failed to capture QoS! Status: 0x%x\n", Status);
1915  return Status;
1916  }
1917 
1918  Status = ObReferenceObjectByHandle(ExistingTokenHandle,
1921  PreviousMode,
1922  (PVOID*)&Token,
1924  if (!NT_SUCCESS(Status))
1925  {
1926  DPRINT1("Failed to reference token (Status 0x%lx)\n", Status);
1927  SepReleaseSecurityQualityOfService(CapturedSecurityQualityOfService,
1928  PreviousMode,
1929  FALSE);
1930  return Status;
1931  }
1932 
1933  /*
1934  * Fail, if the original token is an impersonation token and the caller
1935  * tries to raise the impersonation level of the new token above the
1936  * impersonation level of the original token.
1937  */
1938  if (Token->TokenType == TokenImpersonation)
1939  {
1940  if (QoSPresent &&
1941  CapturedSecurityQualityOfService->ImpersonationLevel >Token->ImpersonationLevel)
1942  {
1944  SepReleaseSecurityQualityOfService(CapturedSecurityQualityOfService,
1945  PreviousMode,
1946  FALSE);
1948  }
1949  }
1950 
1951  /*
1952  * Fail, if a primary token is to be created from an impersonation token
1953  * and and the impersonation level of the impersonation token is below SecurityImpersonation.
1954  */
1955  if (Token->TokenType == TokenImpersonation &&
1956  TokenType == TokenPrimary &&
1957  Token->ImpersonationLevel < SecurityImpersonation)
1958  {
1960  SepReleaseSecurityQualityOfService(CapturedSecurityQualityOfService,
1961  PreviousMode,
1962  FALSE);
1964  }
1965 
1968  EffectiveOnly,
1969  TokenType,
1970  (QoSPresent ? CapturedSecurityQualityOfService->ImpersonationLevel : SecurityAnonymous),
1971  PreviousMode,
1972  &NewToken);
1973 
1975 
1976  if (NT_SUCCESS(Status))
1977  {
1978  Status = ObInsertObject(NewToken,
1979  NULL,
1980  (DesiredAccess ? DesiredAccess : HandleInformation.GrantedAccess),
1981  0,
1982  NULL,
1983  &hToken);
1984  if (NT_SUCCESS(Status))
1985  {
1986  _SEH2_TRY
1987  {
1988  *NewTokenHandle = hToken;
1989  }
1991  {
1993  }
1994  _SEH2_END;
1995  }
1996  }
1997 
1998  /* Free the captured structure */
1999  SepReleaseSecurityQualityOfService(CapturedSecurityQualityOfService,
2000  PreviousMode,
2001  FALSE);
2002 
2003  return Status;
2004 }
_SEH2_TRY
Definition: create.c:4226
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:35
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
Definition: wdfdevice.h:2654
#define STATUS_BAD_IMPERSONATION_LEVEL
Definition: ntstatus.h:401
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
#define KeGetPreviousMode()
Definition: ketypes.h:1108
LONG NTSTATUS
Definition: precomp.h:26
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
_SEH2_END
Definition: create.c:4400
NTSTATUS NTAPI ObReferenceObjectByHandle(IN HANDLE Handle, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation OPTIONAL)
Definition: obref.c:494
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE _Out_ PHANDLE NewTokenHandle
Definition: sefuncs.h:401
#define FALSE
Definition: types.h:117
unsigned char BOOLEAN
POBJECT_TYPE SeTokenObjectType
Definition: token.c:17
Status
Definition: gdiplustypes.h:24
_In_ KPROCESSOR_MODE PreviousMode
Definition: sefuncs.h:103
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
#define ObDereferenceObject
Definition: obfuncs.h:203
#define ProbeForWriteHandle(Ptr)
Definition: probe.h:43
_In_ ACCESS_MASK _In_opt_ POBJECT_TYPE _In_ KPROCESSOR_MODE _Out_ PVOID _Out_opt_ POBJECT_HANDLE_INFORMATION HandleInformation
Definition: obfuncs.h:40
CCHAR KPROCESSOR_MODE
Definition: ketypes.h:7
#define TOKEN_DUPLICATE
Definition: setypes.h:922
VOID NTAPI SepReleaseSecurityQualityOfService(_In_opt_ PSECURITY_QUALITY_OF_SERVICE CapturedSecurityQualityOfService, _In_ KPROCESSOR_MODE AccessMode, _In_ BOOLEAN CaptureIfKernel)
Releases (frees) the captured SQOS data from an object in the memory pool.
Definition: sqos.c:225
NTSTATUS NTAPI ObInsertObject(IN PVOID Object, IN PACCESS_STATE AccessState OPTIONAL, IN ACCESS_MASK DesiredAccess, IN ULONG ObjectPointerBias, OUT PVOID *NewObject OPTIONAL, OUT PHANDLE Handle)
Definition: obhandle.c:2935
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
Definition: lsa.idl:65
#define NULL
Definition: types.h:112
#define DPRINT1
Definition: precomp.h:8
NTSTATUS NTAPI SepDuplicateToken(_In_ PTOKEN Token, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ BOOLEAN EffectiveOnly, _In_ TOKEN_TYPE TokenType, _In_ SECURITY_IMPERSONATION_LEVEL Level, _In_ KPROCESSOR_MODE PreviousMode, _Out_ PTOKEN *NewAccessToken)
Duplicates an access token, from an existing valid token.
Definition: tokenlif.c:471
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:40
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:165
#define _SEH2_YIELD(__stmt)
Definition: pseh2_64.h:168
NTSTATUS NTAPI SepCaptureSecurityQualityOfService(_In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ KPROCESSOR_MODE AccessMode, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PSECURITY_QUALITY_OF_SERVICE *CapturedSecurityQualityOfService, _Out_ PBOOLEAN Present)
Captures the security quality of service data given the object attributes from an object.
Definition: sqos.c:52
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN EffectiveOnly
Definition: sefuncs.h:401
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE TokenType
Definition: sefuncs.h:401
#define PAGED_CODE()

Referenced by CreateProcessAsUserCommon(), DuplicateTokenAsEffective(), DuplicateTokenEx(), ImpersonateLoggedOnUser(), QueryTokenImpersonationTests(), and START_TEST().

◆ NtFilterToken()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtFilterToken ( _In_ HANDLE  ExistingTokenHandle,
_In_ ULONG  Flags,
_In_opt_ PTOKEN_GROUPS  SidsToDisable,
_In_opt_ PTOKEN_PRIVILEGES  PrivilegesToDelete,
_In_opt_ PTOKEN_GROUPS  RestrictedSids,
_Out_ PHANDLE  NewTokenHandle 
)

Creates an access token in a restricted form from the original existing token, that is, such action is called filtering.

Parameters
[in]ExistingTokenHandleA handle to an access token which is to be filtered.
[in]FlagsPrivilege flag options. This parameter argument influences how the token's privileges are filtered. For further details see remarks.
[in]SidsToDisableArray of SIDs to disable. The action of doing so assigns the SE_GROUP_USE_FOR_DENY_ONLY attribute to the respective group SID and takes away SE_GROUP_ENABLED and SE_GROUP_ENABLED_BY_DEFAULT. This parameter can be NULL. This can be a UM pointer.
[in]PrivilegesToDeleteArray of privileges to delete. The function will walk within this array to determine if the specified privileges do exist in the access token. Any missing privileges gets ignored. This parameter can be NULL. This can be a UM pointer.
[in]RestrictedSidsAn array list of restricted groups SID to be added in the access token. A token that is already restricted the newly added restricted SIDs are redundant information in addition to the existing restricted SIDs in the token. This parameter can be NULL. This can be a UM pointer.
[out]NewTokenHandleA new handle to the restricted (filtered) access token. This can be a UM pointer.
Returns
Returns STATUS_SUCCESS if the routine has successfully filtered the access token. STATUS_INVALID_PARAMETER is returned if one or more parameters are not valid (see SepPerformTokenFiltering routine call for more information). A failure NTSTATUS code is returned otherwise.
Remarks
The Flags parameter determines the final outcome of how the privileges in an access token are filtered. This parameter can take these supported values (these can be combined):

0 – Filter the token's privileges in the usual way. The function expects that the caller MUST PROVIDE a valid array list of privileges to be deleted (that is, PrivilegesToDelete MUSTN'T BE NULL).

DISABLE_MAX_PRIVILEGE – Disables (deletes) all the privileges except SeChangeNotifyPrivilege in the new access token. Bear in mind if this flag is specified the routine ignores PrivilegesToDelete.

SANDBOX_INERT – Stores the TOKEN_SANDBOX_INERT token flag within the access token.

LUA_TOKEN – The newly filtered access token is a LUA token. This flag is not supported in Windows Server 2003.

WRITE_RESTRICTED – The newly filtered token has the restricted SIDs that are considered only when evaluating write access onto the token. This value is not supported in Windows Server 2003.

Definition at line 2071 of file tokenlif.c.

2078 {
2079  PTOKEN Token, FilteredToken;
2080  HANDLE FilteredTokenHandle;
2081  NTSTATUS Status;
2083  OBJECT_HANDLE_INFORMATION HandleInfo;
2085  ULONG CapturedSidsCount = 0;
2086  ULONG CapturedPrivilegesCount = 0;
2087  ULONG CapturedRestrictedSidsCount = 0;
2088  ULONG ProbeSize = 0;
2089  PSID_AND_ATTRIBUTES CapturedSids = NULL;
2090  PSID_AND_ATTRIBUTES CapturedRestrictedSids = NULL;
2091  PLUID_AND_ATTRIBUTES CapturedPrivileges = NULL;
2092 
2093  PAGED_CODE();
2094 
2096 
2097  _SEH2_TRY
2098  {
2099  /* Probe SidsToDisable */
2100  if (SidsToDisable != NULL)
2101  {
2102  /* Probe the header */
2103  ProbeForRead(SidsToDisable, sizeof(*SidsToDisable), sizeof(ULONG));
2104 
2105  CapturedSidsCount = SidsToDisable->GroupCount;
2106  ProbeSize = FIELD_OFFSET(TOKEN_GROUPS, Groups[CapturedSidsCount]);
2107 
2108  ProbeForRead(SidsToDisable, ProbeSize, sizeof(ULONG));
2109  }
2110 
2111  /* Probe PrivilegesToDelete */
2112  if (PrivilegesToDelete != NULL)
2113  {
2114  /* Probe the header */
2115  ProbeForRead(PrivilegesToDelete, sizeof(*PrivilegesToDelete), sizeof(ULONG));
2116 
2117  CapturedPrivilegesCount = PrivilegesToDelete->PrivilegeCount;
2118  ProbeSize = FIELD_OFFSET(TOKEN_PRIVILEGES, Privileges[CapturedPrivilegesCount]);
2119 
2120  ProbeForRead(PrivilegesToDelete, ProbeSize, sizeof(ULONG));
2121  }
2122 
2123  /* Probe RestrictedSids */
2124  if (RestrictedSids != NULL)
2125  {
2126  /* Probe the header */
2127  ProbeForRead(RestrictedSids, sizeof(*RestrictedSids), sizeof(ULONG));
2128 
2129  CapturedRestrictedSidsCount = RestrictedSids->GroupCount;
2130  ProbeSize = FIELD_OFFSET(TOKEN_GROUPS, Groups[CapturedRestrictedSidsCount]);
2131 
2132  ProbeForRead(RestrictedSids, ProbeSize, sizeof(ULONG));
2133  }
2134 
2135  /* Probe the handle */
2137  }
2139  {
2140  /* Return the exception code */
2142  }
2143  _SEH2_END;
2144 
2145  /* Reference the token */
2146  Status = ObReferenceObjectByHandle(ExistingTokenHandle,
2149  PreviousMode,
2150  (PVOID*)&Token,
2151  &HandleInfo);
2152  if (!NT_SUCCESS(Status))
2153  {
2154  DPRINT1("NtFilterToken(): Failed to reference the token (Status 0x%lx)\n", Status);
2155  return Status;
2156  }
2157 
2158  /* Capture the group SIDs */
2159  if (SidsToDisable != NULL)
2160  {
2161  Status = SeCaptureSidAndAttributesArray(SidsToDisable->Groups,
2162  CapturedSidsCount,
2163  PreviousMode,
2164  NULL,
2165  0,
2166  PagedPool,
2167  TRUE,
2168  &CapturedSids,
2169  &ResultLength);
2170  if (!NT_SUCCESS(Status))
2171  {
2172  DPRINT1("NtFilterToken(): Failed to capture the SIDs (Status 0x%lx)\n", Status);
2173  goto Quit;
2174  }
2175  }
2176 
2177  /* Capture the privileges */
2178  if (PrivilegesToDelete != NULL)
2179  {
2180  Status = SeCaptureLuidAndAttributesArray(PrivilegesToDelete->Privileges,
2181  CapturedPrivilegesCount,
2182  PreviousMode,
2183  NULL,
2184  0,
2185  PagedPool,
2186  TRUE,
2187  &CapturedPrivileges,
2188  &ResultLength);
2189  if (!NT_SUCCESS(Status))
2190  {
2191  DPRINT1("NtFilterToken(): Failed to capture the privileges (Status 0x%lx)\n", Status);
2192  goto Quit;
2193  }
2194  }
2195 
2196  /* Capture the restricted SIDs */
2197  if (RestrictedSids != NULL)
2198  {
2199  Status = SeCaptureSidAndAttributesArray(RestrictedSids->Groups,
2200  CapturedRestrictedSidsCount,
2201  PreviousMode,
2202  NULL,
2203  0,
2204  PagedPool,
2205  TRUE,
2206  &CapturedRestrictedSids,
2207  &ResultLength);
2208  if (!NT_SUCCESS(Status))
2209  {
2210  DPRINT1("NtFilterToken(): Failed to capture the restricted SIDs (Status 0x%lx)\n", Status);
2211  goto Quit;
2212  }
2213  }
2214 
2215  /* Call the internal API */
2217  CapturedPrivileges,
2218  CapturedSids,
2219  CapturedRestrictedSids,
2220  CapturedPrivilegesCount,
2221  CapturedSidsCount,
2222  CapturedRestrictedSidsCount,
2223  Flags,
2224  PreviousMode,
2225  &FilteredToken);
2226  if (!NT_SUCCESS(Status))
2227  {
2228  DPRINT1("NtFilterToken(): Failed to filter the token (Status 0x%lx)\n", Status);
2229  goto Quit;
2230  }
2231 
2232  /* Insert the filtered token and retrieve a handle to it */
2233  Status = ObInsertObject(FilteredToken,
2234  NULL,
2235  HandleInfo.GrantedAccess,
2236  0,
2237  NULL,
2238  &FilteredTokenHandle);
2239  if (!NT_SUCCESS(Status))
2240  {
2241  DPRINT1("NtFilterToken(): Failed to insert the filtered token (Status 0x%lx)\n", Status);
2242  goto Quit;
2243  }
2244 
2245  /* And return it to the caller once we're done */
2246  _SEH2_TRY
2247  {
2248  *NewTokenHandle = FilteredTokenHandle;
2249  }
2251  {
2253  _SEH2_YIELD(goto Quit);
2254  }
2255  _SEH2_END;
2256 
2257 Quit:
2258  /* Dereference the token */
2260 
2261  /* Release all the captured data */
2262  if (CapturedSids != NULL)
2263  {
2264  SeReleaseSidAndAttributesArray(CapturedSids,
2265  PreviousMode,
2266  TRUE);
2267  }
2268 
2269  if (CapturedPrivileges != NULL)
2270  {
2271  SeReleaseLuidAndAttributesArray(CapturedPrivileges,
2272  PreviousMode,
2273  TRUE);
2274  }
2275 
2276  if (CapturedRestrictedSids != NULL)
2277  {
2278  SeReleaseSidAndAttributesArray(CapturedRestrictedSids,
2279  PreviousMode,
2280  TRUE);
2281  }
2282 
2283  return Status;
2284 }
_SEH2_TRY
Definition: create.c:4226
static NTSTATUS SepPerformTokenFiltering(_In_ PTOKEN Token, _In_opt_ PLUID_AND_ATTRIBUTES PrivilegesToBeDeleted, _In_opt_ PSID_AND_ATTRIBUTES SidsToBeDisabled, _In_opt_ PSID_AND_ATTRIBUTES RestrictedSidsIntoToken, _When_(PrivilegesToBeDeleted !=NULL, _In_) ULONG PrivilegesCount, _When_(SidsToBeDisabled !=NULL, _In_) ULONG RegularGroupsSidCount, _When_(RestrictedSidsIntoToken !=NULL, _In_) ULONG RestrictedSidsCount, _In_ ULONG PrivilegeFlags, _In_ KPROCESSOR_MODE PreviousMode, _Out_ PTOKEN *FilteredToken)
Private helper function responsible for creating a restricted access token, that is,...
Definition: tokenlif.c:855
VOID NTAPI SeReleaseSidAndAttributesArray(_In_ _Post_invalid_ PSID_AND_ATTRIBUTES CapturedSidAndAttributes, _In_ KPROCESSOR_MODE AccessMode, _In_ BOOLEAN CaptureIfKernel)
Releases a captured SID with attributes.
Definition: sid.c:994
NTSTATUS NTAPI SeCaptureLuidAndAttributesArray(_In_ PLUID_AND_ATTRIBUTES Src, _In_ ULONG PrivilegeCount, _In_ KPROCESSOR_MODE PreviousMode, _In_ PLUID_AND_ATTRIBUTES AllocatedMem, _In_ ULONG AllocatedLength, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PLUID_AND_ATTRIBUTES *Dest, _Inout_ PULONG Length)
#define TRUE
Definition: types.h:120
LONG NTSTATUS
Definition: precomp.h:26
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
KPROCESSOR_MODE NTAPI ExGetPreviousMode(VOID)
Definition: sysinfo.c:3062
_SEH2_END
Definition: create.c:4400
TOpcodeData Groups[17][8]
NTSTATUS NTAPI ObReferenceObjectByHandle(IN HANDLE Handle, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation OPTIONAL)
Definition: obref.c:494
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE _Out_ PHANDLE NewTokenHandle
Definition: sefuncs.h:401
ACCESS_MASK GrantedAccess
Definition: iotypes.h:181
POBJECT_TYPE SeTokenObjectType
Definition: token.c:17
Status
Definition: gdiplustypes.h:24
_In_ KPROCESSOR_MODE PreviousMode
Definition: sefuncs.h:103
_Must_inspect_result_ _In_ ULONG Flags
Definition: wsk.h:170
VOID NTAPI SeReleaseLuidAndAttributesArray(_In_ PLUID_AND_ATTRIBUTES Privilege, _In_ KPROCESSOR_MODE PreviousMode, _In_ BOOLEAN CaptureIfKernel)
Releases a LUID with attributes structure.
Definition: priv.c:554
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
#define ObDereferenceObject
Definition: obfuncs.h:203
#define ProbeForWriteHandle(Ptr)
Definition: probe.h:43
CCHAR KPROCESSOR_MODE
Definition: ketypes.h:7
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET * Privileges
Definition: sefuncs.h:13
#define TOKEN_DUPLICATE
Definition: setypes.h:922
VOID NTAPI ProbeForRead(IN CONST VOID *Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:102
NTSTATUS NTAPI SeCaptureSidAndAttributesArray(_In_ PSID_AND_ATTRIBUTES SrcSidAndAttributes, _In_ ULONG AttributeCount, _In_ KPROCESSOR_MODE PreviousMode, _In_opt_ PVOID AllocatedMem, _In_ ULONG AllocatedLength, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PSID_AND_ATTRIBUTES *CapturedSidAndAttributes, _Out_ PULONG ResultLength)
Captures a SID with attributes.
Definition: sid.c:711
NTSTATUS NTAPI ObInsertObject(IN PVOID Object, IN PACCESS_STATE AccessState OPTIONAL, IN ACCESS_MASK DesiredAccess, IN ULONG ObjectPointerBias, OUT PVOID *NewObject OPTIONAL, OUT PHANDLE Handle)
Definition: obhandle.c:2935
#define FIELD_OFFSET(t, f)
Definition: typedefs.h:255
#define NULL
Definition: types.h:112
#define DPRINT1
Definition: precomp.h:8
unsigned int ULONG
Definition: retypes.h:1
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ ULONG _Out_ PULONG ResultLength
Definition: wdfdevice.h:3776
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:40
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:165
#define _SEH2_YIELD(__stmt)
Definition: pseh2_64.h:168
#define PAGED_CODE()

Referenced by CreateRestrictedToken(), QueryTokenIsSandboxInert(), QueryTokenPrivilegesAndGroupsTests(), QueryTokenRestrictedSidsTest(), and START_TEST().

◆ NtFsControlFile()

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtFsControlFile ( _In_ HANDLE  FileHandle,
_In_opt_ HANDLE  Event,
_In_opt_ PIO_APC_ROUTINE  ApcRoutine,
_In_opt_ PVOID  ApcContext,
_Out_ PIO_STATUS_BLOCK  IoStatusBlock,
_In_ ULONG  FsControlCode,
_In_reads_bytes_opt_(InputBufferLength) PVOID  InputBuffer,
_In_ ULONG  InputBufferLength,
_Out_writes_bytes_opt_(OutputBufferLength) PVOID  OutputBuffer,
_In_ ULONG  OutputBufferLength 
)

◆ NtImpersonateAnonymousToken()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtImpersonateAnonymousToken ( _In_ HANDLE  ThreadHandle)

Allows the calling thread to impersonate the system's anonymous logon token.

Parameters
[in]ThreadHandleA handle to the thread to start the procedure of logon token impersonation. The thread must have the THREAD_IMPERSONATE access right.
Returns
Returns STATUS_SUCCESS if the thread has successfully impersonated the anonymous logon token, otherwise a failure NTSTATUS code is returned.
Remarks
By default the system gives the opportunity to the caller to impersonate the anonymous logon token without including the Everyone Group SID. In cases where the caller wants to impersonate the token including such group, the EveryoneIncludesAnonymous registry value setting has to be set to 1, from HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa registry path. The calling thread must invoke PsRevertToSelf when impersonation is no longer needed or RevertToSelf if the calling execution is done in user mode.

Definition at line 2419 of file token.c.

2421 {
2422  PETHREAD Thread;
2424  NTSTATUS Status;
2425  PAGED_CODE();
2426 
2428 
2429  /* Obtain the thread object from the handle */
2430  Status = ObReferenceObjectByHandle(ThreadHandle,
2432  PsThreadType,
2433  PreviousMode,
2434  (PVOID*)&Thread,
2435  NULL);
2436  if (!NT_SUCCESS(Status))
2437  {
2438  DPRINT1("NtImpersonateAnonymousToken(): Failed to reference the object (Status 0x%lx)\n", Status);
2439  return Status;
2440  }
2441 
2442  /* Call the private routine to impersonate the token */
2444  if (!NT_SUCCESS(Status))
2445  {
2446  DPRINT1("NtImpersonateAnonymousToken(): Failed to impersonate the token (Status 0x%lx)\n", Status);
2447  }
2448 
2450  return Status;
2451 }
#define THREAD_IMPERSONATE
Definition: pstypes.h:151
LONG NTSTATUS
Definition: precomp.h:26
static NTSTATUS SepImpersonateAnonymousToken(_In_ PETHREAD Thread, _In_ KPROCESSOR_MODE PreviousMode)
Private function that impersonates the system's anonymous logon token. The major bulk of the imperson...
Definition: token.c:334
KPROCESSOR_MODE NTAPI ExGetPreviousMode(VOID)
Definition: sysinfo.c:3062
NTSTATUS NTAPI ObReferenceObjectByHandle(IN HANDLE Handle, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation OPTIONAL)
Definition: obref.c:494
Status
Definition: gdiplustypes.h:24
_In_ KPROCESSOR_MODE PreviousMode
Definition: sefuncs.h:103
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
#define ObDereferenceObject
Definition: obfuncs.h:203
_In_opt_ PFILE_OBJECT _In_opt_ PETHREAD Thread
Definition: fltkernel.h:2652
CCHAR KPROCESSOR_MODE
Definition: ketypes.h:7
POBJECT_TYPE PsThreadType
Definition: thread.c:20
#define NULL
Definition: types.h:112
#define DPRINT1
Definition: precomp.h:8
#define PAGED_CODE()

Referenced by ImpersonateAnonymousToken(), and START_TEST().

◆ NtLockFile()

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtLockFile ( _In_ HANDLE  FileHandle,
_In_opt_ HANDLE  Event,
_In_opt_ PIO_APC_ROUTINE  ApcRoutine,
_In_opt_ PVOID  ApcContext,
_Out_ PIO_STATUS_BLOCK  IoStatusBlock,
_In_ PLARGE_INTEGER  ByteOffset,
_In_ PLARGE_INTEGER  Length,
_In_ ULONG  Key,
_In_ BOOLEAN  FailImmediately,
_In_ BOOLEAN  ExclusiveLock 
)

◆ NtOpenFile()

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtOpenFile ( _Out_ PHANDLE  FileHandle,
_In_ ACCESS_MASK  DesiredAccess,
_In_ POBJECT_ATTRIBUTES  ObjectAttributes,
_Out_ PIO_STATUS_BLOCK  IoStatusBlock,
_In_ ULONG  ShareAccess,
_In_ ULONG  OpenOptions 
)

◆ NtOpenJobObjectToken()

_Must_inspect_result_ NTSYSAPI NTSTATUS NTAPI NtOpenJobObjectToken ( _In_ HANDLE  JobHandle,
_In_ ACCESS_MASK  DesiredAccess,
_Out_ PHANDLE  TokenHandle 
)

◆ NtOpenObjectAuditAlarm()

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtOpenObjectAuditAlarm ( _In_ PUNICODE_STRING  SubsystemName,
_In_opt_ PVOID  HandleId,
_In_ PUNICODE_STRING  ObjectTypeName,
_In_ PUNICODE_STRING  ObjectName,
_In_opt_ PSECURITY_DESCRIPTOR  SecurityDescriptor,
_In_ HANDLE  ClientTokenHandle,
_In_ ACCESS_MASK  DesiredAccess,
_In_ ACCESS_MASK  GrantedAccess,
_In_opt_ PPRIVILEGE_SET  PrivilegeSet,
_In_ BOOLEAN  ObjectCreation,
_In_ BOOLEAN  AccessGranted,
_Out_ PBOOLEAN  GenerateOnClose 
)

Raises an alarm audit message when an object is about to be opened.

Parameters
[in]SubsystemNameA Unicode string that points to a name of the subsystem.
[in]HandleIdA handle to an ID used for identification instance for auditing.
[in]ObjectTypeNameA Unicode string that points to an object type name.
[in]ObjectNameThe name of the object.
[in]SecurityDescriptorA security descriptor.
[in]ClientTokenHandleA handle to a client access token.
[in]DesiredAccessThe desired access rights masks requested by the caller.
[in]GrantedAccessThe granted access mask rights.
[in]PrivilegeSetIf specified, the function will use this set of privileges to audit.
[in]ObjectCreationSet this to TRUE if the object has just been created.
[in]AccessGrantedSet this to TRUE if the access attempt was deemed as granted.
[out]GenerateOnCloseA boolean flag returned to the caller once audit generation procedure finishes.
Returns
Returns STATUS_SUCCESS if all the operations have been completed successfully. STATUS_PRIVILEGE_NOT_HELD is returned if the given subject context does not hold the required audit privilege to actually begin auditing in the first place. STATUS_BAD_IMPERSONATION_LEVEL is returned if the security impersonation level of the client token is not on par with the impersonation level that alllows impersonation. STATUS_INVALID_PARAMETER is returned if the caller has submitted a bogus set of privileges as such array set exceeds the maximum count of privileges that the kernel can accept. A failure NTSTATUS code is returned otherwise.

Definition at line 1622 of file audit.c.

1635 {
1636  PTOKEN ClientToken;
1637  PSECURITY_DESCRIPTOR CapturedSecurityDescriptor;
1638  UNICODE_STRING CapturedSubsystemName, CapturedObjectTypeName, CapturedObjectName;
1639  ULONG PrivilegeCount, PrivilegeSetSize;
1640  volatile PPRIVILEGE_SET CapturedPrivilegeSet;
1641  BOOLEAN LocalGenerateOnClose;
1642  PVOID CapturedHandleId;
1644  NTSTATUS Status;
1645  PAGED_CODE();
1646 
1647  /* Only user mode is supported! */
1649 
1650  /* Start clean */
1651  ClientToken = NULL;
1652  CapturedSecurityDescriptor = NULL;
1653  CapturedPrivilegeSet =