ReactOS  0.4.15-dev-2985-g54406bf
ntifs.template.h File Reference
#include <ntddk.h>
#include <excpt.h>
#include <ntdef.h>
#include <ntnls.h>
#include <ntstatus.h>
#include <bugcodes.h>
#include <ntiologc.h>
#include <guiddef.h>
#include "csq.h"
Include dependency graph for ntifs.template.h:

Go to the source code of this file.

Classes

struct  _MSV1_0_INTERACTIVE_LOGON
 
struct  _MSV1_0_INTERACTIVE_PROFILE
 
struct  _MSV1_0_LM20_LOGON
 
struct  _MSV1_0_SUBAUTH_LOGON
 
struct  _MSV1_0_LM20_LOGON_PROFILE
 
struct  _MSV1_0_SUPPLEMENTAL_CREDENTIAL
 
struct  _MSV1_0_NTLM3_RESPONSE
 
struct  _MSV1_0_AV_PAIR
 
struct  _MSV1_0_LM20_CHALLENGE_REQUEST
 
struct  _MSV1_0_LM20_CHALLENGE_RESPONSE
 
struct  _MSV1_0_GETCHALLENRESP_REQUEST_V1
 
struct  _MSV1_0_GETCHALLENRESP_REQUEST
 
struct  _MSV1_0_GETCHALLENRESP_RESPONSE
 
struct  _MSV1_0_ENUMUSERS_REQUEST
 
struct  _MSV1_0_ENUMUSERS_RESPONSE
 
struct  _MSV1_0_GETUSERINFO_REQUEST
 
struct  _MSV1_0_GETUSERINFO_RESPONSE
 
struct  _PUBLIC_OBJECT_TYPE_INFORMATION
 
struct  _NETWORK_OPEN_ECP_CONTEXT
 
struct  _NETWORK_OPEN_ECP_CONTEXT_V0
 
struct  _PREFETCH_OPEN_ECP_CONTEXT
 
struct  _NFS_OPEN_ECP_CONTEXT
 
struct  _SRV_OPEN_ECP_CONTEXT
 
struct  _QUERY_PATH_REQUEST
 
struct  _QUERY_PATH_REQUEST_EX
 
struct  _QUERY_PATH_RESPONSE
 
struct  _OBJECT_BASIC_INFORMATION
 
struct  _FILE_COPY_ON_WRITE_INFORMATION
 
struct  _FILE_FULL_DIRECTORY_INFORMATION
 
struct  _FILE_SHARED_LOCK_ENTRY
 
struct  _FILE_EXCLUSIVE_LOCK_ENTRY
 
struct  _FILE_MAILSLOT_PEEK_BUFFER
 
struct  _FILE_OLE_CLASSID_INFORMATION
 
struct  _FILE_OLE_ALL_INFORMATION
 
struct  _FILE_OLE_DIR_INFORMATION
 
struct  _FILE_OLE_INFORMATION
 
struct  _FILE_OLE_STATE_BITS_INFORMATION
 
struct  _MAPPING_PAIR
 
struct  _GET_RETRIEVAL_DESCRIPTOR
 
struct  _MOVEFILE_DESCRIPTOR
 
struct  _OBJECT_BASIC_INFO
 
struct  _OBJECT_HANDLE_ATTRIBUTE_INFO
 
struct  _OBJECT_NAME_INFO
 
struct  _OBJECT_PROTECTION_INFO
 
struct  _OBJECT_TYPE_INFO
 
struct  _OBJECT_ALL_TYPES_INFO
 
struct  _PORT_MESSAGE
 
struct  _PORT_VIEW
 
struct  _REMOTE_PORT_VIEW
 
struct  _VAD_HEADER
 

Macros

#define _NTIFS_INCLUDED_
 
#define _GNU_NTIFS_
 
#define FlagOn(_F, _SF)   ((_F) & (_SF))
 
#define BooleanFlagOn(F, SF)   ((BOOLEAN)(((F) & (SF)) != 0))
 
#define SetFlag(_F, _SF)   ((_F) |= (_SF))
 
#define ClearFlag(_F, _SF)   ((_F) &= ~(_SF))
 
#define COMPRESSION_FORMAT_NONE   (0x0000)
 
#define COMPRESSION_FORMAT_DEFAULT   (0x0001)
 
#define COMPRESSION_FORMAT_LZNT1   (0x0002)
 
#define COMPRESSION_ENGINE_STANDARD   (0x0000)
 
#define COMPRESSION_ENGINE_MAXIMUM   (0x0100)
 
#define COMPRESSION_ENGINE_HIBER   (0x0200)
 
#define MAX_UNICODE_STACK_BUFFER_LENGTH   256
 
#define METHOD_FROM_CTL_CODE(ctrlCode)   ((ULONG)(ctrlCode & 3))
 
#define METHOD_DIRECT_TO_HARDWARE   METHOD_IN_DIRECT
 
#define METHOD_DIRECT_FROM_HARDWARE   METHOD_OUT_DIRECT
 
#define _NTLSA_AUDIT_
 
#define _NTLSA_IFS_
 
#define MSV1_0_PACKAGE_NAME   "MICROSOFT_AUTHENTICATION_PACKAGE_V1_0"
 
#define MSV1_0_PACKAGE_NAMEW   L"MICROSOFT_AUTHENTICATION_PACKAGE_V1_0"
 
#define MSV1_0_PACKAGE_NAMEW_LENGTH   sizeof(MSV1_0_PACKAGE_NAMEW) - sizeof(WCHAR)
 
#define MSV1_0_SUBAUTHENTICATION_KEY   "SYSTEM\\CurrentControlSet\\Control\\Lsa\\MSV1_0"
 
#define MSV1_0_SUBAUTHENTICATION_VALUE   "Auth"
 
#define MSV1_0_CHALLENGE_LENGTH   8
 
#define MSV1_0_USER_SESSION_KEY_LENGTH   16
 
#define MSV1_0_LANMAN_SESSION_KEY_LENGTH   8
 
#define MSV1_0_CLEARTEXT_PASSWORD_ALLOWED   0x02
 
#define MSV1_0_UPDATE_LOGON_STATISTICS   0x04
 
#define MSV1_0_RETURN_USER_PARAMETERS   0x08
 
#define MSV1_0_DONT_TRY_GUEST_ACCOUNT   0x10
 
#define MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT   0x20
 
#define MSV1_0_RETURN_PASSWORD_EXPIRY   0x40
 
#define MSV1_0_USE_CLIENT_CHALLENGE   0x80
 
#define MSV1_0_TRY_GUEST_ACCOUNT_ONLY   0x100
 
#define MSV1_0_RETURN_PROFILE_PATH   0x200
 
#define MSV1_0_TRY_SPECIFIED_DOMAIN_ONLY   0x400
 
#define MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT   0x800
 
#define MSV1_0_DISABLE_PERSONAL_FALLBACK   0x00001000
 
#define MSV1_0_ALLOW_FORCE_GUEST   0x00002000
 
#define MSV1_0_SUBAUTHENTICATION_DLL_EX   0x00100000
 
#define MSV1_0_ALLOW_MSVCHAPV2   0x00010000
 
#define MSV1_0_SUBAUTHENTICATION_DLL   0xFF000000
 
#define MSV1_0_SUBAUTHENTICATION_DLL_SHIFT   24
 
#define MSV1_0_MNS_LOGON   0x01000000
 
#define MSV1_0_SUBAUTHENTICATION_DLL_RAS   2
 
#define MSV1_0_SUBAUTHENTICATION_DLL_IIS   132
 
#define LOGON_GUEST   0x01
 
#define LOGON_NOENCRYPTION   0x02
 
#define LOGON_CACHED_ACCOUNT   0x04
 
#define LOGON_USED_LM_PASSWORD   0x08
 
#define LOGON_EXTRA_SIDS   0x20
 
#define LOGON_SUBAUTH_SESSION_KEY   0x40
 
#define LOGON_SERVER_TRUST_ACCOUNT   0x80
 
#define LOGON_NTLMV2_ENABLED   0x100
 
#define LOGON_RESOURCE_GROUPS   0x200
 
#define LOGON_PROFILE_PATH_RETURNED   0x400
 
#define LOGON_NT_V2   0x800
 
#define LOGON_LM_V2   0x1000
 
#define LOGON_NTLM_V2   0x2000
 
#define MSV1_0_SUBAUTHENTICATION_FLAGS   0xFF000000
 
#define LOGON_GRACE_LOGON   0x01000000
 
#define MSV1_0_OWF_PASSWORD_LENGTH   16
 
#define MSV1_0_CRED_LM_PRESENT   0x1
 
#define MSV1_0_CRED_NT_PRESENT   0x2
 
#define MSV1_0_CRED_VERSION   0
 
#define MSV1_0_NTLM3_RESPONSE_LENGTH   16
 
#define MSV1_0_NTLM3_OWF_LENGTH   16
 
#define MSV1_0_MAX_NTLM3_LIFE   129600
 
#define MSV1_0_MAX_AVL_SIZE   64000
 
#define MSV1_0_NTLM3_INPUT_LENGTH   (sizeof(MSV1_0_NTLM3_RESPONSE) - MSV1_0_NTLM3_RESPONSE_LENGTH)
 
#define USE_PRIMARY_PASSWORD   0x01
 
#define RETURN_PRIMARY_USERNAME   0x02
 
#define RETURN_PRIMARY_LOGON_DOMAINNAME   0x04
 
#define RETURN_NON_NT_USER_SESSION_KEY   0x08
 
#define GENERATE_CLIENT_CHALLENGE   0x10
 
#define GCR_NTLM3_PARMS   0x20
 
#define GCR_TARGET_INFO   0x40
 
#define RETURN_RESERVED_PARAMETER   0x80
 
#define GCR_ALLOW_NTLM   0x100
 
#define GCR_USE_OEM_SET   0x200
 
#define GCR_MACHINE_CREDENTIAL   0x400
 
#define GCR_USE_OWF_PASSWORD   0x800
 
#define GCR_ALLOW_LM   0x1000
 
#define GCR_ALLOW_NO_TARGET   0x2000
 
#define SYSTEM_PAGE_PRIORITY_BITS   3
 
#define SYSTEM_PAGE_PRIORITY_LEVELS   (1 << SYSTEM_PAGE_PRIORITY_BITS)
 
#define NLS_OEM_LEAD_BYTE_INFO   (*NlsOemLeadByteInfo)
 
#define NETWORK_OPEN_ECP_IN_FLAG_DISABLE_HANDLE_COLLAPSING   0x1
 
#define NETWORK_OPEN_ECP_IN_FLAG_DISABLE_HANDLE_DURABILITY   0x2
 
#define NETWORK_OPEN_ECP_IN_FLAG_FORCE_BUFFERED_SYNCHRONOUS_IO_HACK   0x80000000
 
#define PIN_WAIT   (1)
 
#define PIN_EXCLUSIVE   (2)
 
#define PIN_NO_READ   (4)
 
#define PIN_IF_BCB   (8)
 
#define PIN_CALLER_TRACKS_DIRTY_DATA   (32)
 
#define PIN_HIGH_PRIORITY   (64)
 
#define MAP_WAIT   1
 
#define MAP_NO_READ   (16)
 
#define MAP_HIGH_PRIORITY   (64)
 
#define IOCTL_REDIR_QUERY_PATH   CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 99, METHOD_NEITHER, FILE_ANY_ACCESS)
 
#define IOCTL_REDIR_QUERY_PATH_EX   CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 100, METHOD_NEITHER, FILE_ANY_ACCESS)
 
#define VOLSNAPCONTROLTYPE   0x00000053
 
#define IOCTL_VOLSNAP_FLUSH_AND_HOLD_WRITES   CTL_CODE(VOLSNAPCONTROLTYPE, 0, METHOD_BUFFERED, FILE_READ_ACCESS | FILE_WRITE_ACCESS)
 
#define VER_PRODUCTBUILD   10000
 
#define FS_LFN_APIS   0x00004000
 
#define FILE_STORAGE_TYPE_SPECIFIED   0x00000041 /* FILE_DIRECTORY_FILE | FILE_NON_DIRECTORY_FILE */
 
#define FILE_STORAGE_TYPE_DEFAULT   (StorageTypeDefault << FILE_STORAGE_TYPE_SHIFT)
 
#define FILE_STORAGE_TYPE_DIRECTORY   (StorageTypeDirectory << FILE_STORAGE_TYPE_SHIFT)
 
#define FILE_STORAGE_TYPE_FILE   (StorageTypeFile << FILE_STORAGE_TYPE_SHIFT)
 
#define FILE_STORAGE_TYPE_DOCFILE   (StorageTypeDocfile << FILE_STORAGE_TYPE_SHIFT)
 
#define FILE_STORAGE_TYPE_JUNCTION_POINT   (StorageTypeJunctionPoint << FILE_STORAGE_TYPE_SHIFT)
 
#define FILE_STORAGE_TYPE_CATALOG   (StorageTypeCatalog << FILE_STORAGE_TYPE_SHIFT)
 
#define FILE_STORAGE_TYPE_STRUCTURED_STORAGE   (StorageTypeStructuredStorage << FILE_STORAGE_TYPE_SHIFT)
 
#define FILE_STORAGE_TYPE_EMBEDDING   (StorageTypeEmbedding << FILE_STORAGE_TYPE_SHIFT)
 
#define FILE_STORAGE_TYPE_STREAM   (StorageTypeStream << FILE_STORAGE_TYPE_SHIFT)
 
#define FILE_MINIMUM_STORAGE_TYPE   FILE_STORAGE_TYPE_DEFAULT
 
#define FILE_MAXIMUM_STORAGE_TYPE   FILE_STORAGE_TYPE_STREAM
 
#define FILE_STORAGE_TYPE_MASK   0x000f0000
 
#define FILE_STORAGE_TYPE_SHIFT   16
 
#define FILE_VC_QUOTAS_LOG_VIOLATIONS   0x00000004
 
#define IO_ATTACH_DEVICE_API   0x80000000
 
#define IO_TYPE_APC   18
 
#define IO_TYPE_DPC   19
 
#define IO_TYPE_DEVICE_QUEUE   20
 
#define IO_TYPE_EVENT_PAIR   21
 
#define IO_TYPE_INTERRUPT   22
 
#define IO_TYPE_PROFILE   23
 
#define IRP_BEING_VERIFIED   0x10
 
#define MAILSLOT_CLASS_FIRSTCLASS   1
 
#define MAILSLOT_CLASS_SECONDCLASS   2
 
#define MAILSLOT_SIZE_AUTO   0
 
#define MEM_DOS_LIM   0x40000000
 
#define OB_TYPE_TYPE   1
 
#define OB_TYPE_DIRECTORY   2
 
#define OB_TYPE_SYMBOLIC_LINK   3
 
#define OB_TYPE_TOKEN   4
 
#define OB_TYPE_PROCESS   5
 
#define OB_TYPE_THREAD   6
 
#define OB_TYPE_EVENT   7
 
#define OB_TYPE_EVENT_PAIR   8
 
#define OB_TYPE_MUTANT   9
 
#define OB_TYPE_SEMAPHORE   10
 
#define OB_TYPE_TIMER   11
 
#define OB_TYPE_PROFILE   12
 
#define OB_TYPE_WINDOW_STATION   13
 
#define OB_TYPE_DESKTOP   14
 
#define OB_TYPE_SECTION   15
 
#define OB_TYPE_KEY   16
 
#define OB_TYPE_PORT   17
 
#define OB_TYPE_ADAPTER   18
 
#define OB_TYPE_CONTROLLER   19
 
#define OB_TYPE_DEVICE   20
 
#define OB_TYPE_DRIVER   21
 
#define OB_TYPE_IO_COMPLETION   22
 
#define OB_TYPE_FILE   23
 
#define SEC_BASED   0x00200000
 
#define FSCTL_GET_HFS_INFORMATION   CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 31, METHOD_BUFFERED, FILE_ANY_ACCESS)
 
#define FSCTL_READ_PROPERTY_DATA   CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 33, METHOD_NEITHER, FILE_ANY_ACCESS)
 
#define FSCTL_WRITE_PROPERTY_DATA   CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 34, METHOD_NEITHER, FILE_ANY_ACCESS)
 
#define FSCTL_DUMP_PROPERTY_DATA   CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 37, METHOD_NEITHER, FILE_ANY_ACCESS)
 
#define FSCTL_HSM_MSG   CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 66, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA)
 
#define FSCTL_NSS_CONTROL   CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 67, METHOD_BUFFERED, FILE_WRITE_DATA)
 
#define FSCTL_HSM_DATA   CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 68, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA)
 
#define FSCTL_NSS_RCONTROL   CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 70, METHOD_BUFFERED, FILE_READ_DATA)
 
#define FSCTL_NETWORK_SET_CONFIGURATION_INFO   CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 102, METHOD_IN_DIRECT, FILE_ANY_ACCESS)
 
#define FSCTL_NETWORK_GET_CONFIGURATION_INFO   CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 103, METHOD_OUT_DIRECT, FILE_ANY_ACCESS)
 
#define FSCTL_NETWORK_GET_CONNECTION_INFO   CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 104, METHOD_NEITHER, FILE_ANY_ACCESS)
 
#define FSCTL_NETWORK_ENUMERATE_CONNECTIONS   CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 105, METHOD_NEITHER, FILE_ANY_ACCESS)
 
#define FSCTL_NETWORK_DELETE_CONNECTION   CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 107, METHOD_BUFFERED, FILE_ANY_ACCESS)
 
#define FSCTL_NETWORK_GET_STATISTICS   CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 116, METHOD_BUFFERED, FILE_ANY_ACCESS)
 
#define FSCTL_NETWORK_SET_DOMAIN_NAME   CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 120, METHOD_BUFFERED, FILE_ANY_ACCESS)
 
#define FSCTL_NETWORK_REMOTE_BOOT_INIT_SCRT   CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 250, METHOD_BUFFERED, FILE_ANY_ACCESS)
 
#define LPC_CLIENT_ID   CLIENT_ID
 
#define LPC_SIZE_T   SIZE_T
 
#define LPC_PVOID   PVOID
 
#define LPC_HANDLE   HANDLE
 
#define LPC_KERNELMODE_MESSAGE   (CSHORT)((USHORT)0x8000)
 
#define PsDereferenceImpersonationToken(T)
 
#define SeEnableAccessToExports()   SeExports = *(PSE_EXPORTS *)SeExports;
 

Typedefs

typedef STRING LSA_STRING
 
typedef STRINGPLSA_STRING
 
typedef OBJECT_ATTRIBUTES LSA_OBJECT_ATTRIBUTES
 
typedef OBJECT_ATTRIBUTESPLSA_OBJECT_ATTRIBUTES
 
typedef ULONG LSA_OPERATIONAL_MODE
 
typedef ULONGPLSA_OPERATIONAL_MODE
 
typedef enum _SECURITY_LOGON_TYPE SECURITY_LOGON_TYPE
 
typedef enum _SECURITY_LOGON_TYPEPSECURITY_LOGON_TYPE
 
typedef enum _MSV1_0_LOGON_SUBMIT_TYPE MSV1_0_LOGON_SUBMIT_TYPE
 
typedef enum _MSV1_0_LOGON_SUBMIT_TYPEPMSV1_0_LOGON_SUBMIT_TYPE
 
typedef enum _MSV1_0_PROFILE_BUFFER_TYPE MSV1_0_PROFILE_BUFFER_TYPE
 
typedef enum _MSV1_0_PROFILE_BUFFER_TYPEPMSV1_0_PROFILE_BUFFER_TYPE
 
typedef struct _MSV1_0_INTERACTIVE_LOGON MSV1_0_INTERACTIVE_LOGON
 
typedef struct _MSV1_0_INTERACTIVE_LOGONPMSV1_0_INTERACTIVE_LOGON
 
typedef struct _MSV1_0_INTERACTIVE_PROFILE MSV1_0_INTERACTIVE_PROFILE
 
typedef struct _MSV1_0_INTERACTIVE_PROFILEPMSV1_0_INTERACTIVE_PROFILE
 
typedef struct _MSV1_0_LM20_LOGON MSV1_0_LM20_LOGON
 
typedef struct _MSV1_0_LM20_LOGONPMSV1_0_LM20_LOGON
 
typedef struct _MSV1_0_SUBAUTH_LOGON MSV1_0_SUBAUTH_LOGON
 
typedef struct _MSV1_0_SUBAUTH_LOGONPMSV1_0_SUBAUTH_LOGON
 
typedef struct _MSV1_0_LM20_LOGON_PROFILE MSV1_0_LM20_LOGON_PROFILE
 
typedef struct _MSV1_0_LM20_LOGON_PROFILEPMSV1_0_LM20_LOGON_PROFILE
 
typedef struct _MSV1_0_SUPPLEMENTAL_CREDENTIAL MSV1_0_SUPPLEMENTAL_CREDENTIAL
 
typedef struct _MSV1_0_SUPPLEMENTAL_CREDENTIALPMSV1_0_SUPPLEMENTAL_CREDENTIAL
 
typedef struct _MSV1_0_NTLM3_RESPONSE MSV1_0_NTLM3_RESPONSE
 
typedef struct _MSV1_0_NTLM3_RESPONSEPMSV1_0_NTLM3_RESPONSE
 
typedef enum _MSV1_0_AVID MSV1_0_AVID
 
typedef struct _MSV1_0_AV_PAIR MSV1_0_AV_PAIR
 
typedef struct _MSV1_0_AV_PAIRPMSV1_0_AV_PAIR
 
typedef enum _MSV1_0_PROTOCOL_MESSAGE_TYPE MSV1_0_PROTOCOL_MESSAGE_TYPE
 
typedef enum _MSV1_0_PROTOCOL_MESSAGE_TYPEPMSV1_0_PROTOCOL_MESSAGE_TYPE
 
typedef struct _MSV1_0_LM20_CHALLENGE_REQUEST MSV1_0_LM20_CHALLENGE_REQUEST
 
typedef struct _MSV1_0_LM20_CHALLENGE_REQUESTPMSV1_0_LM20_CHALLENGE_REQUEST
 
typedef struct _MSV1_0_LM20_CHALLENGE_RESPONSE MSV1_0_LM20_CHALLENGE_RESPONSE
 
typedef struct _MSV1_0_LM20_CHALLENGE_RESPONSEPMSV1_0_LM20_CHALLENGE_RESPONSE
 
typedef struct _MSV1_0_GETCHALLENRESP_REQUEST_V1 MSV1_0_GETCHALLENRESP_REQUEST_V1
 
typedef struct _MSV1_0_GETCHALLENRESP_REQUEST_V1PMSV1_0_GETCHALLENRESP_REQUEST_V1
 
typedef struct _MSV1_0_GETCHALLENRESP_REQUEST MSV1_0_GETCHALLENRESP_REQUEST
 
typedef struct _MSV1_0_GETCHALLENRESP_REQUESTPMSV1_0_GETCHALLENRESP_REQUEST
 
typedef struct _MSV1_0_GETCHALLENRESP_RESPONSE MSV1_0_GETCHALLENRESP_RESPONSE
 
typedef struct _MSV1_0_GETCHALLENRESP_RESPONSEPMSV1_0_GETCHALLENRESP_RESPONSE
 
typedef struct _MSV1_0_ENUMUSERS_REQUEST MSV1_0_ENUMUSERS_REQUEST
 
typedef struct _MSV1_0_ENUMUSERS_REQUESTPMSV1_0_ENUMUSERS_REQUEST
 
typedef struct _MSV1_0_ENUMUSERS_RESPONSE MSV1_0_ENUMUSERS_RESPONSE
 
typedef struct _MSV1_0_ENUMUSERS_RESPONSEPMSV1_0_ENUMUSERS_RESPONSE
 
typedef struct _MSV1_0_GETUSERINFO_REQUEST MSV1_0_GETUSERINFO_REQUEST
 
typedef struct _MSV1_0_GETUSERINFO_REQUESTPMSV1_0_GETUSERINFO_REQUEST
 
typedef struct _MSV1_0_GETUSERINFO_RESPONSE MSV1_0_GETUSERINFO_RESPONSE
 
typedef struct _MSV1_0_GETUSERINFO_RESPONSEPMSV1_0_GETUSERINFO_RESPONSE
 
typedef struct _PUBLIC_OBJECT_TYPE_INFORMATION PUBLIC_OBJECT_TYPE_INFORMATION
 
typedef struct _PUBLIC_OBJECT_TYPE_INFORMATIONPPUBLIC_OBJECT_TYPE_INFORMATION
 
typedef enum _NETWORK_OPEN_LOCATION_QUALIFIER NETWORK_OPEN_LOCATION_QUALIFIER
 
typedef enum _NETWORK_OPEN_INTEGRITY_QUALIFIER NETWORK_OPEN_INTEGRITY_QUALIFIER
 
typedef struct _NETWORK_OPEN_ECP_CONTEXT NETWORK_OPEN_ECP_CONTEXT
 
typedef struct _NETWORK_OPEN_ECP_CONTEXTPNETWORK_OPEN_ECP_CONTEXT
 
typedef struct _NETWORK_OPEN_ECP_CONTEXT_V0 NETWORK_OPEN_ECP_CONTEXT_V0
 
typedef struct _NETWORK_OPEN_ECP_CONTEXT_V0PNETWORK_OPEN_ECP_CONTEXT_V0
 
typedef struct _PREFETCH_OPEN_ECP_CONTEXT PREFETCH_OPEN_ECP_CONTEXT
 
typedef struct _PREFETCH_OPEN_ECP_CONTEXTPPREFETCH_OPEN_ECP_CONTEXT
 
typedef struct sockaddr_storagePSOCKADDR_STORAGE_NFS
 
typedef struct _NFS_OPEN_ECP_CONTEXT NFS_OPEN_ECP_CONTEXT
 
typedef struct _NFS_OPEN_ECP_CONTEXTPNFS_OPEN_ECP_CONTEXT
 
typedef struct _NFS_OPEN_ECP_CONTEXT ** PPNFS_OPEN_ECP_CONTEXT
 
typedef struct _SRV_OPEN_ECP_CONTEXT SRV_OPEN_ECP_CONTEXT
 
typedef struct _SRV_OPEN_ECP_CONTEXTPSRV_OPEN_ECP_CONTEXT
 
typedef struct _QUERY_PATH_REQUEST QUERY_PATH_REQUEST
 
typedef struct _QUERY_PATH_REQUESTPQUERY_PATH_REQUEST
 
typedef struct _QUERY_PATH_REQUEST_EX QUERY_PATH_REQUEST_EX
 
typedef struct _QUERY_PATH_REQUEST_EXPQUERY_PATH_REQUEST_EX
 
typedef struct _QUERY_PATH_RESPONSE QUERY_PATH_RESPONSE
 
typedef struct _QUERY_PATH_RESPONSEPQUERY_PATH_RESPONSE
 
typedef enum _FILE_STORAGE_TYPE FILE_STORAGE_TYPE
 
typedef struct _OBJECT_BASIC_INFORMATION OBJECT_BASIC_INFORMATION
 
typedef struct _OBJECT_BASIC_INFORMATIONPOBJECT_BASIC_INFORMATION
 
typedef struct _FILE_COPY_ON_WRITE_INFORMATION FILE_COPY_ON_WRITE_INFORMATION
 
typedef struct _FILE_COPY_ON_WRITE_INFORMATIONPFILE_COPY_ON_WRITE_INFORMATION
 
typedef struct _FILE_FULL_DIRECTORY_INFORMATION FILE_FULL_DIRECTORY_INFORMATION
 
typedef struct _FILE_FULL_DIRECTORY_INFORMATIONPFILE_FULL_DIRECTORY_INFORMATION
 
typedef struct _FILE_SHARED_LOCK_ENTRY FILE_SHARED_LOCK_ENTRY
 
typedef struct _FILE_SHARED_LOCK_ENTRYPFILE_SHARED_LOCK_ENTRY
 
typedef struct _FILE_EXCLUSIVE_LOCK_ENTRY FILE_EXCLUSIVE_LOCK_ENTRY
 
typedef struct _FILE_EXCLUSIVE_LOCK_ENTRYPFILE_EXCLUSIVE_LOCK_ENTRY
 
typedef struct _FILE_MAILSLOT_PEEK_BUFFER FILE_MAILSLOT_PEEK_BUFFER
 
typedef struct _FILE_MAILSLOT_PEEK_BUFFERPFILE_MAILSLOT_PEEK_BUFFER
 
typedef struct _FILE_OLE_CLASSID_INFORMATION FILE_OLE_CLASSID_INFORMATION
 
typedef struct _FILE_OLE_CLASSID_INFORMATIONPFILE_OLE_CLASSID_INFORMATION
 
typedef struct _FILE_OLE_ALL_INFORMATION FILE_OLE_ALL_INFORMATION
 
typedef struct _FILE_OLE_ALL_INFORMATIONPFILE_OLE_ALL_INFORMATION
 
typedef struct _FILE_OLE_DIR_INFORMATION FILE_OLE_DIR_INFORMATION
 
typedef struct _FILE_OLE_DIR_INFORMATIONPFILE_OLE_DIR_INFORMATION
 
typedef struct _FILE_OLE_INFORMATION FILE_OLE_INFORMATION
 
typedef struct _FILE_OLE_INFORMATIONPFILE_OLE_INFORMATION
 
typedef struct _FILE_OLE_STATE_BITS_INFORMATION FILE_OLE_STATE_BITS_INFORMATION
 
typedef struct _FILE_OLE_STATE_BITS_INFORMATIONPFILE_OLE_STATE_BITS_INFORMATION
 
typedef struct _MAPPING_PAIR MAPPING_PAIR
 
typedef struct _MAPPING_PAIRPMAPPING_PAIR
 
typedef struct _GET_RETRIEVAL_DESCRIPTOR GET_RETRIEVAL_DESCRIPTOR
 
typedef struct _GET_RETRIEVAL_DESCRIPTORPGET_RETRIEVAL_DESCRIPTOR
 
typedef struct _MOVEFILE_DESCRIPTOR MOVEFILE_DESCRIPTOR
 
typedef struct _MOVEFILE_DESCRIPTORPMOVEFILE_DESCRIPTOR
 
typedef struct _OBJECT_BASIC_INFO OBJECT_BASIC_INFO
 
typedef struct _OBJECT_BASIC_INFOPOBJECT_BASIC_INFO
 
typedef struct _OBJECT_HANDLE_ATTRIBUTE_INFO OBJECT_HANDLE_ATTRIBUTE_INFO
 
typedef struct _OBJECT_HANDLE_ATTRIBUTE_INFOPOBJECT_HANDLE_ATTRIBUTE_INFO
 
typedef struct _OBJECT_NAME_INFO OBJECT_NAME_INFO
 
typedef struct _OBJECT_NAME_INFOPOBJECT_NAME_INFO
 
typedef struct _OBJECT_PROTECTION_INFO OBJECT_PROTECTION_INFO
 
typedef struct _OBJECT_PROTECTION_INFOPOBJECT_PROTECTION_INFO
 
typedef struct _OBJECT_TYPE_INFO OBJECT_TYPE_INFO
 
typedef struct _OBJECT_TYPE_INFOPOBJECT_TYPE_INFO
 
typedef struct _OBJECT_ALL_TYPES_INFO OBJECT_ALL_TYPES_INFO
 
typedef struct _OBJECT_ALL_TYPES_INFOPOBJECT_ALL_TYPES_INFO
 
typedef struct _PORT_MESSAGE PORT_MESSAGE
 
typedef struct _PORT_MESSAGEPPORT_MESSAGE
 
typedef struct _PORT_VIEW PORT_VIEW
 
typedef struct _PORT_VIEWPPORT_VIEW
 
typedef struct _REMOTE_PORT_VIEW REMOTE_PORT_VIEW
 
typedef struct _REMOTE_PORT_VIEWPREMOTE_PORT_VIEW
 
typedef struct _VAD_HEADER VAD_HEADER
 
typedef struct _VAD_HEADERPVAD_HEADER
 

Enumerations

enum  _SECURITY_LOGON_TYPE {
  Interactive = 2, Network, Batch, Service,
  Proxy, Unlock, UndefinedLogonType = 0, Interactive = 2,
  Network, Batch, Service, Proxy,
  Unlock, NetworkCleartext, NewCredentials
}
 
enum  _MSV1_0_LOGON_SUBMIT_TYPE {
  MsV1_0InteractiveLogon = 2, MsV1_0Lm20Logon, MsV1_0NetworkLogon, MsV1_0SubAuthLogon,
  MsV1_0WorkstationUnlockLogon = 7, MsV1_0InteractiveLogon = 2, MsV1_0Lm20Logon, MsV1_0NetworkLogon,
  MsV1_0SubAuthLogon, MsV1_0WorkstationUnlockLogon = 7, MsV1_0S4ULogon = 12, MsV1_0VirtualLogon = 82
}
 
enum  _MSV1_0_PROFILE_BUFFER_TYPE {
  MsV1_0InteractiveProfile = 2, MsV1_0Lm20LogonProfile, MsV1_0SmartCardProfile, MsV1_0InteractiveProfile = 2,
  MsV1_0Lm20LogonProfile, MsV1_0SmartCardProfile
}
 
enum  _MSV1_0_AVID {
  MsvAvEOL, MsvAvNbComputerName, MsvAvNbDomainName, MsvAvDnsComputerName,
  MsvAvDnsDomainName
}
 
enum  _MSV1_0_PROTOCOL_MESSAGE_TYPE {
  MsV1_0Lm20ChallengeRequest = 0, MsV1_0Lm20GetChallengeResponse, MsV1_0EnumerateUsers, MsV1_0GetUserInfo,
  MsV1_0ReLogonUsers, MsV1_0ChangePassword, MsV1_0ChangeCachedPassword, MsV1_0GenericPassthrough,
  MsV1_0CacheLogon, MsV1_0SubAuth, MsV1_0DeriveCredential, MsV1_0CacheLookup,
  MsV1_0SetProcessOption, MsV1_0Lm20ChallengeRequest = 0, MsV1_0Lm20GetChallengeResponse, MsV1_0EnumerateUsers,
  MsV1_0GetUserInfo, MsV1_0ReLogonUsers, MsV1_0ChangePassword, MsV1_0ChangeCachedPassword,
  MsV1_0GenericPassthrough, MsV1_0CacheLogon, MsV1_0SubAuth, MsV1_0DeriveCredential,
  MsV1_0CacheLookup
}
 
enum  _NETWORK_OPEN_LOCATION_QUALIFIER { NetworkOpenLocationAny, NetworkOpenLocationRemote, NetworkOpenLocationLoopback }
 
enum  _NETWORK_OPEN_INTEGRITY_QUALIFIER {
  NetworkOpenIntegrityAny, NetworkOpenIntegrityNone, NetworkOpenIntegritySigned, NetworkOpenIntegrityEncrypted,
  NetworkOpenIntegrityMaximum
}
 
enum  _FILE_STORAGE_TYPE {
  StorageTypeDefault = 1, StorageTypeDirectory, StorageTypeFile, StorageTypeJunctionPoint,
  StorageTypeCatalog, StorageTypeStructuredStorage, StorageTypeEmbedding, StorageTypeStream
}
 

Functions

 $define (UCHAR=UCHAR) $define(ULONG
 
 $include (setypes.h) $include(obtypes.h) $include(rtltypes.h) $include(rtlfuncs.h) _IRQL_requires_max_(PASSIVE_LEVEL) __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtQueryObject(_In_opt_ HANDLE Handle
 
_In_ OBJECT_INFORMATION_CLASS _Out_writes_bytes_opt_ (ObjectInformationLength) PVOID ObjectInformation
 
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtOpenThreadToken (_In_ HANDLE ThreadHandle, _In_ ACCESS_MASK DesiredAccess, _In_ BOOLEAN OpenAsSelf, _Out_ PHANDLE TokenHandle)
 
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtOpenProcessToken (_In_ HANDLE ProcessHandle, _In_ ACCESS_MASK DesiredAccess, _Out_ PHANDLE TokenHandle)
 
 _When_ (TokenInformationClass==TokenAccessInformation, _At_(TokenInformationLength, _In_range_(>=, sizeof(TOKEN_ACCESS_INFORMATION)))) _Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtQueryInformationToken(_In_ HANDLE TokenHandle
 
_In_ TOKEN_INFORMATION_CLASS _Out_writes_bytes_to_opt_ (TokenInformationLength, *ReturnLength) PVOID TokenInformation
 
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAdjustPrivilegesToken (_In_ HANDLE TokenHandle, _In_ BOOLEAN DisableAllPrivileges, _In_opt_ PTOKEN_PRIVILEGES NewState, _In_ ULONG BufferLength, _Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_PRIVILEGES PreviousState, _When_(PreviousState !=NULL, _Out_) PULONG ReturnLength)
 
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtCreateFile (_Out_ PHANDLE FileHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES ObjectAttributes, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _In_opt_ PLARGE_INTEGER AllocationSize, _In_ ULONG FileAttributes, _In_ ULONG ShareAccess, _In_ ULONG CreateDisposition, _In_ ULONG CreateOptions, _In_reads_bytes_opt_(EaLength) PVOID EaBuffer, _In_ ULONG EaLength)
 
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtDeviceIoControlFile (_In_ HANDLE FileHandle, _In_opt_ HANDLE Event, _In_opt_ PIO_APC_ROUTINE ApcRoutine, _In_opt_ PVOID ApcContext, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _In_ ULONG IoControlCode, _In_reads_bytes_opt_(InputBufferLength) PVOID InputBuffer, _In_ ULONG InputBufferLength, _Out_writes_bytes_opt_(OutputBufferLength) PVOID OutputBuffer, _In_ ULONG OutputBufferLength)
 
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtFsControlFile (_In_ HANDLE FileHandle, _In_opt_ HANDLE Event, _In_opt_ PIO_APC_ROUTINE ApcRoutine, _In_opt_ PVOID ApcContext, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _In_ ULONG FsControlCode, _In_reads_bytes_opt_(InputBufferLength) PVOID InputBuffer, _In_ ULONG InputBufferLength, _Out_writes_bytes_opt_(OutputBufferLength) PVOID OutputBuffer, _In_ ULONG OutputBufferLength)
 
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtLockFile (_In_ HANDLE FileHandle, _In_opt_ HANDLE Event, _In_opt_ PIO_APC_ROUTINE ApcRoutine, _In_opt_ PVOID ApcContext, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _In_ PLARGE_INTEGER ByteOffset, _In_ PLARGE_INTEGER Length, _In_ ULONG Key, _In_ BOOLEAN FailImmediately, _In_ BOOLEAN ExclusiveLock)
 
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtOpenFile (_Out_ PHANDLE FileHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES ObjectAttributes, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _In_ ULONG ShareAccess, _In_ ULONG OpenOptions)
 
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtQueryDirectoryFile (_In_ HANDLE FileHandle, _In_opt_ HANDLE Event, _In_opt_ PIO_APC_ROUTINE ApcRoutine, _In_opt_ PVOID ApcContext, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _Out_writes_bytes_(Length) PVOID FileInformation, _In_ ULONG Length, _In_ FILE_INFORMATION_CLASS FileInformationClass, _In_ BOOLEAN ReturnSingleEntry, _In_opt_ PUNICODE_STRING FileName, _In_ BOOLEAN RestartScan)
 
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtQueryInformationFile (_In_ HANDLE FileHandle, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _Out_writes_bytes_(Length) PVOID FileInformation, _In_ ULONG Length, _In_ FILE_INFORMATION_CLASS FileInformationClass)
 
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtQueryQuotaInformationFile (_In_ HANDLE FileHandle, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _Out_writes_bytes_(Length) PVOID Buffer, _In_ ULONG Length, _In_ BOOLEAN ReturnSingleEntry, _In_reads_bytes_opt_(SidListLength) PVOID SidList, _In_ ULONG SidListLength, _In_reads_bytes_opt_((8+(4 *((SID *) StartSid) ->SubAuthorityCount))) PSID StartSid, _In_ BOOLEAN RestartScan)
 
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtQueryVolumeInformationFile (_In_ HANDLE FileHandle, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _Out_writes_bytes_(Length) PVOID FsInformation, _In_ ULONG Length, _In_ FS_INFORMATION_CLASS FsInformationClass)
 
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtReadFile (_In_ HANDLE FileHandle, _In_opt_ HANDLE Event, _In_opt_ PIO_APC_ROUTINE ApcRoutine, _In_opt_ PVOID ApcContext, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _Out_writes_bytes_(Length) PVOID Buffer, _In_ ULONG Length, _In_opt_ PLARGE_INTEGER ByteOffset, _In_opt_ PULONG Key)
 
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtSetInformationFile (_In_ HANDLE FileHandle, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _In_reads_bytes_(Length) PVOID FileInformation, _In_ ULONG Length, _In_ FILE_INFORMATION_CLASS FileInformationClass)
 
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtSetQuotaInformationFile (_In_ HANDLE FileHandle, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _In_reads_bytes_(Length) PVOID Buffer, _In_ ULONG Length)
 
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtSetVolumeInformationFile (_In_ HANDLE FileHandle, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _In_reads_bytes_(Length) PVOID FsInformation, _In_ ULONG Length, _In_ FS_INFORMATION_CLASS FsInformationClass)
 
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtWriteFile (_In_ HANDLE FileHandle, _In_opt_ HANDLE Event, _In_opt_ PIO_APC_ROUTINE ApcRoutine, _In_opt_ PVOID ApcContext, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _In_reads_bytes_(Length) PVOID Buffer, _In_ ULONG Length, _In_opt_ PLARGE_INTEGER ByteOffset, _In_opt_ PULONG Key)
 
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtUnlockFile (_In_ HANDLE FileHandle, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _In_ PLARGE_INTEGER ByteOffset, _In_ PLARGE_INTEGER Length, _In_ ULONG Key)
 
 _IRQL_requires_max_ (PASSIVE_LEVEL) __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtSetSecurityObject(_In_ HANDLE Handle
 
_In_ SECURITY_INFORMATION _Out_writes_bytes_opt_ (Length) PSECURITY_DESCRIPTOR SecurityDescriptor
 
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtOpenThreadTokenEx (_In_ HANDLE ThreadHandle, _In_ ACCESS_MASK DesiredAccess, _In_ BOOLEAN OpenAsSelf, _In_ ULONG HandleAttributes, _Out_ PHANDLE TokenHandle)
 
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtOpenProcessTokenEx (_In_ HANDLE ProcessHandle, _In_ ACCESS_MASK DesiredAccess, _In_ ULONG HandleAttributes, _Out_ PHANDLE TokenHandle)
 
_Must_inspect_result_ NTSYSAPI NTSTATUS NTAPI NtOpenJobObjectToken (_In_ HANDLE JobHandle, _In_ ACCESS_MASK DesiredAccess, _Out_ PHANDLE TokenHandle)
 
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtDuplicateToken (_In_ HANDLE ExistingTokenHandle, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ BOOLEAN EffectiveOnly, _In_ TOKEN_TYPE TokenType, _Out_ PHANDLE NewTokenHandle)
 
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtFilterToken (_In_ HANDLE ExistingTokenHandle, _In_ ULONG Flags, _In_opt_ PTOKEN_GROUPS SidsToDisable, _In_opt_ PTOKEN_PRIVILEGES PrivilegesToDelete, _In_opt_ PTOKEN_GROUPS RestrictedSids, _Out_ PHANDLE NewTokenHandle)
 
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtImpersonateAnonymousToken (_In_ HANDLE ThreadHandle)
 Allows the calling thread to impersonate the system's anonymous logon token. More...
 
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtSetInformationToken (_In_ HANDLE TokenHandle, _In_ TOKEN_INFORMATION_CLASS TokenInformationClass, _In_reads_bytes_(TokenInformationLength) PVOID TokenInformation, _In_ ULONG TokenInformationLength)
 
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAdjustGroupsToken (_In_ HANDLE TokenHandle, _In_ BOOLEAN ResetToDefault, _In_opt_ PTOKEN_GROUPS NewState, _In_opt_ ULONG BufferLength, _Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_GROUPS PreviousState, _Out_ PULONG ReturnLength)
 
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtPrivilegeCheck (_In_ HANDLE ClientToken, _Inout_ PPRIVILEGE_SET RequiredPrivileges, _Out_ PBOOLEAN Result)
 
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAccessCheckAndAuditAlarm (_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ PUNICODE_STRING ObjectTypeName, _In_ PUNICODE_STRING ObjectName, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ ACCESS_MASK DesiredAccess, _In_ PGENERIC_MAPPING GenericMapping, _In_ BOOLEAN ObjectCreation, _Out_ PACCESS_MASK GrantedAccess, _Out_ PNTSTATUS AccessStatus, _Out_ PBOOLEAN GenerateOnClose)
 
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAccessCheckByTypeAndAuditAlarm (_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ PUNICODE_STRING ObjectTypeName, _In_ PUNICODE_STRING ObjectName, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_opt_ PSID PrincipalSelfSid, _In_ ACCESS_MASK DesiredAccess, _In_ AUDIT_EVENT_TYPE AuditType, _In_ ULONG Flags, _In_reads_opt_(ObjectTypeLength) POBJECT_TYPE_LIST ObjectTypeList, _In_ ULONG ObjectTypeLength, _In_ PGENERIC_MAPPING GenericMapping, _In_ BOOLEAN ObjectCreation, _Out_ PACCESS_MASK GrantedAccess, _Out_ PNTSTATUS AccessStatus, _Out_ PBOOLEAN GenerateOnClose)
 
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAccessCheckByTypeResultListAndAuditAlarm (_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ PUNICODE_STRING ObjectTypeName, _In_ PUNICODE_STRING ObjectName, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_opt_ PSID PrincipalSelfSid, _In_ ACCESS_MASK DesiredAccess, _In_ AUDIT_EVENT_TYPE AuditType, _In_ ULONG Flags, _In_reads_opt_(ObjectTypeListLength) POBJECT_TYPE_LIST ObjectTypeList, _In_ ULONG ObjectTypeListLength, _In_ PGENERIC_MAPPING GenericMapping, _In_ BOOLEAN ObjectCreation, _Out_writes_(ObjectTypeListLength) PACCESS_MASK GrantedAccess, _Out_writes_(ObjectTypeListLength) PNTSTATUS AccessStatus, _Out_ PBOOLEAN GenerateOnClose)
 
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAccessCheckByTypeResultListAndAuditAlarmByHandle (_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ HANDLE ClientToken, _In_ PUNICODE_STRING ObjectTypeName, _In_ PUNICODE_STRING ObjectName, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_opt_ PSID PrincipalSelfSid, _In_ ACCESS_MASK DesiredAccess, _In_ AUDIT_EVENT_TYPE AuditType, _In_ ULONG Flags, _In_reads_opt_(ObjectTypeListLength) POBJECT_TYPE_LIST ObjectTypeList, _In_ ULONG ObjectTypeListLength, _In_ PGENERIC_MAPPING GenericMapping, _In_ BOOLEAN ObjectCreation, _Out_writes_(ObjectTypeListLength) PACCESS_MASK GrantedAccess, _Out_writes_(ObjectTypeListLength) PNTSTATUS AccessStatus, _Out_ PBOOLEAN GenerateOnClose)
 
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtOpenObjectAuditAlarm (_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ PUNICODE_STRING ObjectTypeName, _In_ PUNICODE_STRING ObjectName, _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ HANDLE ClientToken, _In_ ACCESS_MASK DesiredAccess, _In_ ACCESS_MASK GrantedAccess, _In_opt_ PPRIVILEGE_SET Privileges, _In_ BOOLEAN ObjectCreation, _In_ BOOLEAN AccessGranted, _Out_ PBOOLEAN GenerateOnClose)
 
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtPrivilegeObjectAuditAlarm (_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ HANDLE ClientToken, _In_ ACCESS_MASK DesiredAccess, _In_ PPRIVILEGE_SET Privileges, _In_ BOOLEAN AccessGranted)
 
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtCloseObjectAuditAlarm (_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ BOOLEAN GenerateOnClose)
 
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtDeleteObjectAuditAlarm (_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ BOOLEAN GenerateOnClose)
 
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtPrivilegedServiceAuditAlarm (_In_ PUNICODE_STRING SubsystemName, _In_ PUNICODE_STRING ServiceName, _In_ HANDLE ClientToken, _In_ PPRIVILEGE_SET Privileges, _In_ BOOLEAN AccessGranted)
 
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtSetInformationThread (_In_ HANDLE ThreadHandle, _In_ THREADINFOCLASS ThreadInformationClass, _In_reads_bytes_(ThreadInformationLength) PVOID ThreadInformation, _In_ ULONG ThreadInformationLength)
 
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtCreateSection (_Out_ PHANDLE SectionHandle, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_opt_ PLARGE_INTEGER MaximumSize, _In_ ULONG SectionPageProtection, _In_ ULONG AllocationAttributes, _In_opt_ HANDLE FileHandle)
 
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_reads_bytes_ (AuthenticationInformationLength) PVOID AuthenticationInformation
 
_IRQL_requires_same_ NTSTATUS NTAPI LsaFreeReturnBuffer (_In_ PVOID Buffer)
 
 $include (iotypes.h) typedef struct _PUBLIC_OBJECT_BASIC_INFORMATION
 
 $include (ketypes.h) $include(kefuncs.h) $include(extypes.h) $include(exfuncs.h) $include(sefuncs.h) $include(psfuncs.h) $include(iofuncs.h) $include(potypes.h) $include(pofuncs.h) $include(mmtypes.h) $include(mmfuncs.h) $include(obfuncs.h) $include(fsrtltypes.h) $include(fsrtlfuncs.h) $include(cctypes.h) $include(ccfuncs.h) $include(zwfuncs.h) $include(sspi.h) C_ASSERT(sizeof(ERESOURCE)
 
 C_ASSERT (FIELD_OFFSET(ERESOURCE, ActiveCount)==0x0c)
 
 C_ASSERT (FIELD_OFFSET(ERESOURCE, Flag)==0x0e)
 
 DEFINE_GUID (GUID_ECP_NETWORK_OPEN_CONTEXT, 0xc584edbf, 0x00df, 0x4d28, 0xb8, 0x84, 0x35, 0xba, 0xca, 0x89, 0x11, 0xe8)
 
 DEFINE_GUID (GUID_ECP_PREFETCH_OPEN, 0xe1777b21, 0x847e, 0x4837, 0xaa, 0x45, 0x64, 0x16, 0x1d, 0x28, 0x6, 0x55)
 
 DEFINE_GUID (GUID_ECP_NFS_OPEN, 0xf326d30c, 0xe5f8, 0x4fe7, 0xab, 0x74, 0xf5, 0xa3, 0x19, 0x6d, 0x92, 0xdb)
 
 DEFINE_GUID (GUID_ECP_SRV_OPEN, 0xbebfaebc, 0xaabf, 0x489d, 0x9d, 0x2c, 0xe9, 0xe3, 0x61, 0x10, 0x28, 0x53)
 
NTKERNELAPI LARGE_INTEGER NTAPI CcGetLsnForFileObject (_In_ PFILE_OBJECT FileObject, _Out_opt_ PLARGE_INTEGER OldestLsn)
 
NTKERNELAPI PVOID NTAPI FsRtlAllocatePool (_In_ POOL_TYPE PoolType, _In_ ULONG NumberOfBytes)
 
NTKERNELAPI PVOID NTAPI FsRtlAllocatePoolWithQuota (_In_ POOL_TYPE PoolType, _In_ ULONG NumberOfBytes)
 
NTKERNELAPI PVOID NTAPI FsRtlAllocatePoolWithQuotaTag (_In_ POOL_TYPE PoolType, _In_ ULONG NumberOfBytes, _In_ ULONG Tag)
 
NTKERNELAPI PVOID NTAPI FsRtlAllocatePoolWithTag (_In_ POOL_TYPE PoolType, _In_ ULONG NumberOfBytes, _In_ ULONG Tag)
 
NTKERNELAPI BOOLEAN NTAPI FsRtlMdlReadComplete (_In_ PFILE_OBJECT FileObject, _In_ PMDL MdlChain)
 
NTKERNELAPI BOOLEAN NTAPI FsRtlMdlWriteComplete (_In_ PFILE_OBJECT FileObject, _In_ PLARGE_INTEGER FileOffset, _In_ PMDL MdlChain)
 
NTKERNELAPI VOID NTAPI FsRtlNotifyChangeDirectory (_In_ PNOTIFY_SYNC NotifySync, _In_ PVOID FsContext, _In_ PSTRING FullDirectoryName, _In_ PLIST_ENTRY NotifyList, _In_ BOOLEAN WatchTree, _In_ ULONG CompletionFilter, _In_ PIRP NotifyIrp)
 
NTKERNELAPI NTSTATUS NTAPI ObCreateObject (_In_opt_ KPROCESSOR_MODE ObjectAttributesAccessMode, _In_ POBJECT_TYPE ObjectType, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ KPROCESSOR_MODE AccessMode, _Inout_opt_ PVOID ParseContext, _In_ ULONG ObjectSize, _In_opt_ ULONG PagedPoolCharge, _In_opt_ ULONG NonPagedPoolCharge, _Out_ PVOID *Object)
 
NTKERNELAPI NTSTATUS NTAPI ObReferenceObjectByName (_In_ PUNICODE_STRING ObjectName, _In_ ULONG Attributes, _In_opt_ PACCESS_STATE PassedAccessState, _In_opt_ ACCESS_MASK DesiredAccess, _In_ POBJECT_TYPE ObjectType, _In_ KPROCESSOR_MODE AccessMode, _Inout_opt_ PVOID ParseContext, _Out_ PVOID *Object)
 
NTKERNELAPI NTSTATUS NTAPI PsLookupProcessThreadByCid (_In_ PCLIENT_ID Cid, _Out_opt_ PEPROCESS *Process, _Out_ PETHREAD *Thread)
 
NTSYSAPI NTSTATUS NTAPI RtlSetSaclSecurityDescriptor (_Inout_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ BOOLEAN SaclPresent, _In_ PACL Sacl, _In_ BOOLEAN SaclDefaulted)
 

Variables

_In_ OBJECT_INFORMATION_CLASS ObjectInformationClass
 
_In_ OBJECT_INFORMATION_CLASS _In_ ULONG ObjectInformationLength
 
_In_ OBJECT_INFORMATION_CLASS _In_ ULONG _Out_opt_ PULONG ReturnLength
 
_In_ TOKEN_INFORMATION_CLASS TokenInformationClass
 
_In_ TOKEN_INFORMATION_CLASS _In_ ULONG TokenInformationLength
 
_In_ SECURITY_INFORMATION SecurityInformation
 
_In_ SECURITY_INFORMATION _In_ PSECURITY_DESCRIPTOR SecurityDescriptor
 
_In_ SECURITY_INFORMATION _In_ ULONG Length
 
_In_ SECURITY_INFORMATION _In_ ULONG _Out_ PULONG LengthNeeded
 
_IRQL_requires_same_ _Out_ PHANDLE LsaHandle
 
_IRQL_requires_same_ _Out_ PHANDLE _Out_ PLSA_OPERATIONAL_MODE SecurityMode
 
_IRQL_requires_same_ _In_ PLSA_STRING OriginName
 
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE LogonType
 
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG AuthenticationPackage
 
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG AuthenticationInformationLength
 
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS LocalGroups
 
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE SourceContext
 
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOIDProfileBuffer
 
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG ProfileBufferLength
 
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID LogonId
 
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
 
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE _Out_ PQUOTA_LIMITS Quotas
 
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE _Out_ PQUOTA_LIMITS _Out_ PNTSTATUS SubStatus
 
 PUBLIC_OBJECT_BASIC_INFORMATION
 
PPUBLIC_OBJECT_BASIC_INFORMATION
 
PUSHORTNlsOemLeadByteInfo
 

Macro Definition Documentation

◆ _GNU_NTIFS_

#define _GNU_NTIFS_

Definition at line 27 of file ntifs.template.h.

◆ _NTIFS_INCLUDED_

#define _NTIFS_INCLUDED_

Definition at line 26 of file ntifs.template.h.

◆ _NTLSA_AUDIT_

#define _NTLSA_AUDIT_

Definition at line 684 of file ntifs.template.h.

◆ _NTLSA_IFS_

#define _NTLSA_IFS_

Definition at line 728 of file ntifs.template.h.

◆ BooleanFlagOn

#define BooleanFlagOn (   F,
  SF 
)    ((BOOLEAN)(((F) & (SF)) != 0))

◆ ClearFlag

#define ClearFlag (   _F,
  _SF 
)    ((_F) &= ~(_SF))

◆ COMPRESSION_ENGINE_HIBER

#define COMPRESSION_ENGINE_HIBER   (0x0200)

Definition at line 652 of file ntifs.template.h.

◆ COMPRESSION_ENGINE_MAXIMUM

#define COMPRESSION_ENGINE_MAXIMUM   (0x0100)

Definition at line 651 of file ntifs.template.h.

◆ COMPRESSION_ENGINE_STANDARD

#define COMPRESSION_ENGINE_STANDARD   (0x0000)

Definition at line 650 of file ntifs.template.h.

◆ COMPRESSION_FORMAT_DEFAULT

#define COMPRESSION_FORMAT_DEFAULT   (0x0001)

Definition at line 648 of file ntifs.template.h.

◆ COMPRESSION_FORMAT_LZNT1

#define COMPRESSION_FORMAT_LZNT1   (0x0002)

Definition at line 649 of file ntifs.template.h.

◆ COMPRESSION_FORMAT_NONE

#define COMPRESSION_FORMAT_NONE   (0x0000)

Definition at line 647 of file ntifs.template.h.

◆ FILE_MAXIMUM_STORAGE_TYPE

#define FILE_MAXIMUM_STORAGE_TYPE   FILE_STORAGE_TYPE_STREAM

Definition at line 1304 of file ntifs.template.h.

◆ FILE_MINIMUM_STORAGE_TYPE

#define FILE_MINIMUM_STORAGE_TYPE   FILE_STORAGE_TYPE_DEFAULT

Definition at line 1303 of file ntifs.template.h.

◆ FILE_STORAGE_TYPE_CATALOG

#define FILE_STORAGE_TYPE_CATALOG   (StorageTypeCatalog << FILE_STORAGE_TYPE_SHIFT)

Definition at line 1299 of file ntifs.template.h.

◆ FILE_STORAGE_TYPE_DEFAULT

#define FILE_STORAGE_TYPE_DEFAULT   (StorageTypeDefault << FILE_STORAGE_TYPE_SHIFT)

Definition at line 1294 of file ntifs.template.h.

◆ FILE_STORAGE_TYPE_DIRECTORY

#define FILE_STORAGE_TYPE_DIRECTORY   (StorageTypeDirectory << FILE_STORAGE_TYPE_SHIFT)

Definition at line 1295 of file ntifs.template.h.

◆ FILE_STORAGE_TYPE_DOCFILE

#define FILE_STORAGE_TYPE_DOCFILE   (StorageTypeDocfile << FILE_STORAGE_TYPE_SHIFT)

Definition at line 1297 of file ntifs.template.h.

◆ FILE_STORAGE_TYPE_EMBEDDING

#define FILE_STORAGE_TYPE_EMBEDDING   (StorageTypeEmbedding << FILE_STORAGE_TYPE_SHIFT)

Definition at line 1301 of file ntifs.template.h.

◆ FILE_STORAGE_TYPE_FILE

#define FILE_STORAGE_TYPE_FILE   (StorageTypeFile << FILE_STORAGE_TYPE_SHIFT)

Definition at line 1296 of file ntifs.template.h.

◆ FILE_STORAGE_TYPE_JUNCTION_POINT

#define FILE_STORAGE_TYPE_JUNCTION_POINT   (StorageTypeJunctionPoint << FILE_STORAGE_TYPE_SHIFT)

Definition at line 1298 of file ntifs.template.h.

◆ FILE_STORAGE_TYPE_MASK

#define FILE_STORAGE_TYPE_MASK   0x000f0000

Definition at line 1305 of file ntifs.template.h.

◆ FILE_STORAGE_TYPE_SHIFT

#define FILE_STORAGE_TYPE_SHIFT   16

Definition at line 1306 of file ntifs.template.h.

◆ FILE_STORAGE_TYPE_SPECIFIED

#define FILE_STORAGE_TYPE_SPECIFIED   0x00000041 /* FILE_DIRECTORY_FILE | FILE_NON_DIRECTORY_FILE */

Definition at line 1293 of file ntifs.template.h.

◆ FILE_STORAGE_TYPE_STREAM

#define FILE_STORAGE_TYPE_STREAM   (StorageTypeStream << FILE_STORAGE_TYPE_SHIFT)

Definition at line 1302 of file ntifs.template.h.

◆ FILE_STORAGE_TYPE_STRUCTURED_STORAGE

#define FILE_STORAGE_TYPE_STRUCTURED_STORAGE   (StorageTypeStructuredStorage << FILE_STORAGE_TYPE_SHIFT)

Definition at line 1300 of file ntifs.template.h.

◆ FILE_VC_QUOTAS_LOG_VIOLATIONS

#define FILE_VC_QUOTAS_LOG_VIOLATIONS   0x00000004

Definition at line 1308 of file ntifs.template.h.

◆ FlagOn

#define FlagOn (   _F,
  _SF 
)    ((_F) & (_SF))

◆ FS_LFN_APIS

#define FS_LFN_APIS   0x00004000

Definition at line 1291 of file ntifs.template.h.

◆ FSCTL_DUMP_PROPERTY_DATA

#define FSCTL_DUMP_PROPERTY_DATA   CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 37, METHOD_NEITHER, FILE_ANY_ACCESS)

Definition at line 1370 of file ntifs.template.h.

◆ FSCTL_GET_HFS_INFORMATION

#define FSCTL_GET_HFS_INFORMATION   CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 31, METHOD_BUFFERED, FILE_ANY_ACCESS)

Definition at line 1362 of file ntifs.template.h.

◆ FSCTL_HSM_DATA

Definition at line 1374 of file ntifs.template.h.

◆ FSCTL_HSM_MSG

◆ FSCTL_NETWORK_DELETE_CONNECTION

#define FSCTL_NETWORK_DELETE_CONNECTION   CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 107, METHOD_BUFFERED, FILE_ANY_ACCESS)

Definition at line 1382 of file ntifs.template.h.

◆ FSCTL_NETWORK_ENUMERATE_CONNECTIONS

#define FSCTL_NETWORK_ENUMERATE_CONNECTIONS   CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 105, METHOD_NEITHER, FILE_ANY_ACCESS)

Definition at line 1381 of file ntifs.template.h.

◆ FSCTL_NETWORK_GET_CONFIGURATION_INFO

#define FSCTL_NETWORK_GET_CONFIGURATION_INFO   CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 103, METHOD_OUT_DIRECT, FILE_ANY_ACCESS)

Definition at line 1379 of file ntifs.template.h.

◆ FSCTL_NETWORK_GET_CONNECTION_INFO

#define FSCTL_NETWORK_GET_CONNECTION_INFO   CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 104, METHOD_NEITHER, FILE_ANY_ACCESS)

Definition at line 1380 of file ntifs.template.h.

◆ FSCTL_NETWORK_GET_STATISTICS

Definition at line 1383 of file ntifs.template.h.

◆ FSCTL_NETWORK_REMOTE_BOOT_INIT_SCRT

#define FSCTL_NETWORK_REMOTE_BOOT_INIT_SCRT   CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 250, METHOD_BUFFERED, FILE_ANY_ACCESS)

Definition at line 1385 of file ntifs.template.h.

◆ FSCTL_NETWORK_SET_CONFIGURATION_INFO

#define FSCTL_NETWORK_SET_CONFIGURATION_INFO   CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 102, METHOD_IN_DIRECT, FILE_ANY_ACCESS)

Definition at line 1378 of file ntifs.template.h.

◆ FSCTL_NETWORK_SET_DOMAIN_NAME

#define FSCTL_NETWORK_SET_DOMAIN_NAME   CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 120, METHOD_BUFFERED, FILE_ANY_ACCESS)

Definition at line 1384 of file ntifs.template.h.

◆ FSCTL_NSS_CONTROL

Definition at line 1373 of file ntifs.template.h.

◆ FSCTL_NSS_RCONTROL

Definition at line 1375 of file ntifs.template.h.

◆ FSCTL_READ_PROPERTY_DATA

#define FSCTL_READ_PROPERTY_DATA   CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 33, METHOD_NEITHER, FILE_ANY_ACCESS)

Definition at line 1367 of file ntifs.template.h.

◆ FSCTL_WRITE_PROPERTY_DATA

#define FSCTL_WRITE_PROPERTY_DATA   CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 34, METHOD_NEITHER, FILE_ANY_ACCESS)

Definition at line 1368 of file ntifs.template.h.

◆ GCR_ALLOW_LM

#define GCR_ALLOW_LM   0x1000

Definition at line 847 of file ntifs.template.h.

◆ GCR_ALLOW_NO_TARGET

#define GCR_ALLOW_NO_TARGET   0x2000

Definition at line 848 of file ntifs.template.h.

◆ GCR_ALLOW_NTLM

#define GCR_ALLOW_NTLM   0x100

Definition at line 843 of file ntifs.template.h.

◆ GCR_MACHINE_CREDENTIAL

#define GCR_MACHINE_CREDENTIAL   0x400

Definition at line 845 of file ntifs.template.h.

◆ GCR_NTLM3_PARMS

#define GCR_NTLM3_PARMS   0x20

Definition at line 840 of file ntifs.template.h.

◆ GCR_TARGET_INFO

#define GCR_TARGET_INFO   0x40

Definition at line 841 of file ntifs.template.h.

◆ GCR_USE_OEM_SET

#define GCR_USE_OEM_SET   0x200

Definition at line 844 of file ntifs.template.h.

◆ GCR_USE_OWF_PASSWORD

#define GCR_USE_OWF_PASSWORD   0x800

Definition at line 846 of file ntifs.template.h.

◆ GENERATE_CLIENT_CHALLENGE

#define GENERATE_CLIENT_CHALLENGE   0x10

Definition at line 839 of file ntifs.template.h.

◆ IO_ATTACH_DEVICE_API

#define IO_ATTACH_DEVICE_API   0x80000000

Definition at line 1315 of file ntifs.template.h.

◆ IO_TYPE_APC

#define IO_TYPE_APC   18

Definition at line 1317 of file ntifs.template.h.

◆ IO_TYPE_DEVICE_QUEUE

#define IO_TYPE_DEVICE_QUEUE   20

Definition at line 1319 of file ntifs.template.h.

◆ IO_TYPE_DPC

#define IO_TYPE_DPC   19

Definition at line 1318 of file ntifs.template.h.

◆ IO_TYPE_EVENT_PAIR

#define IO_TYPE_EVENT_PAIR   21

Definition at line 1320 of file ntifs.template.h.

◆ IO_TYPE_INTERRUPT

#define IO_TYPE_INTERRUPT   22

Definition at line 1321 of file ntifs.template.h.

◆ IO_TYPE_PROFILE

#define IO_TYPE_PROFILE   23

Definition at line 1322 of file ntifs.template.h.

◆ IOCTL_REDIR_QUERY_PATH

Definition at line 1259 of file ntifs.template.h.

◆ IOCTL_REDIR_QUERY_PATH_EX

Definition at line 1260 of file ntifs.template.h.

◆ IOCTL_VOLSNAP_FLUSH_AND_HOLD_WRITES

#define IOCTL_VOLSNAP_FLUSH_AND_HOLD_WRITES   CTL_CODE(VOLSNAPCONTROLTYPE, 0, METHOD_BUFFERED, FILE_READ_ACCESS | FILE_WRITE_ACCESS)

Definition at line 1282 of file ntifs.template.h.

◆ IRP_BEING_VERIFIED

#define IRP_BEING_VERIFIED   0x10

Definition at line 1324 of file ntifs.template.h.

◆ LOGON_CACHED_ACCOUNT

#define LOGON_CACHED_ACCOUNT   0x04

Definition at line 779 of file ntifs.template.h.

◆ LOGON_EXTRA_SIDS

#define LOGON_EXTRA_SIDS   0x20

Definition at line 781 of file ntifs.template.h.

◆ LOGON_GRACE_LOGON

#define LOGON_GRACE_LOGON   0x01000000

Definition at line 802 of file ntifs.template.h.

◆ LOGON_GUEST

#define LOGON_GUEST   0x01

Definition at line 777 of file ntifs.template.h.

◆ LOGON_LM_V2

#define LOGON_LM_V2   0x1000

Definition at line 788 of file ntifs.template.h.

◆ LOGON_NOENCRYPTION

#define LOGON_NOENCRYPTION   0x02

Definition at line 778 of file ntifs.template.h.

◆ LOGON_NT_V2

#define LOGON_NT_V2   0x800

Definition at line 787 of file ntifs.template.h.

◆ LOGON_NTLM_V2

#define LOGON_NTLM_V2   0x2000

Definition at line 789 of file ntifs.template.h.

◆ LOGON_NTLMV2_ENABLED

#define LOGON_NTLMV2_ENABLED   0x100

Definition at line 784 of file ntifs.template.h.

◆ LOGON_PROFILE_PATH_RETURNED

#define LOGON_PROFILE_PATH_RETURNED   0x400

Definition at line 786 of file ntifs.template.h.

◆ LOGON_RESOURCE_GROUPS

#define LOGON_RESOURCE_GROUPS   0x200

Definition at line 785 of file ntifs.template.h.

◆ LOGON_SERVER_TRUST_ACCOUNT

#define LOGON_SERVER_TRUST_ACCOUNT   0x80

Definition at line 783 of file ntifs.template.h.

◆ LOGON_SUBAUTH_SESSION_KEY

#define LOGON_SUBAUTH_SESSION_KEY   0x40

Definition at line 782 of file ntifs.template.h.

◆ LOGON_USED_LM_PASSWORD

#define LOGON_USED_LM_PASSWORD   0x08

Definition at line 780 of file ntifs.template.h.

◆ LPC_CLIENT_ID

#define LPC_CLIENT_ID   CLIENT_ID

Definition at line 1585 of file ntifs.template.h.

◆ LPC_HANDLE

#define LPC_HANDLE   HANDLE

Definition at line 1588 of file ntifs.template.h.

◆ LPC_KERNELMODE_MESSAGE

#define LPC_KERNELMODE_MESSAGE   (CSHORT)((USHORT)0x8000)

Definition at line 1624 of file ntifs.template.h.

◆ LPC_PVOID

#define LPC_PVOID   PVOID

Definition at line 1587 of file ntifs.template.h.

◆ LPC_SIZE_T

#define LPC_SIZE_T   SIZE_T

Definition at line 1586 of file ntifs.template.h.

◆ MAILSLOT_CLASS_FIRSTCLASS

#define MAILSLOT_CLASS_FIRSTCLASS   1

Definition at line 1326 of file ntifs.template.h.

◆ MAILSLOT_CLASS_SECONDCLASS

#define MAILSLOT_CLASS_SECONDCLASS   2

Definition at line 1327 of file ntifs.template.h.

◆ MAILSLOT_SIZE_AUTO

#define MAILSLOT_SIZE_AUTO   0

Definition at line 1329 of file ntifs.template.h.

◆ MAP_HIGH_PRIORITY

#define MAP_HIGH_PRIORITY   (64)

Definition at line 1257 of file ntifs.template.h.

◆ MAP_NO_READ

#define MAP_NO_READ   (16)

Definition at line 1256 of file ntifs.template.h.

◆ MAP_WAIT

#define MAP_WAIT   1

Definition at line 1255 of file ntifs.template.h.

◆ MAX_UNICODE_STACK_BUFFER_LENGTH

#define MAX_UNICODE_STACK_BUFFER_LENGTH   256

Definition at line 654 of file ntifs.template.h.

◆ MEM_DOS_LIM

#define MEM_DOS_LIM   0x40000000

Definition at line 1331 of file ntifs.template.h.

◆ METHOD_DIRECT_FROM_HARDWARE

#define METHOD_DIRECT_FROM_HARDWARE   METHOD_OUT_DIRECT

Definition at line 659 of file ntifs.template.h.

◆ METHOD_DIRECT_TO_HARDWARE

#define METHOD_DIRECT_TO_HARDWARE   METHOD_IN_DIRECT

Definition at line 658 of file ntifs.template.h.

◆ METHOD_FROM_CTL_CODE

#define METHOD_FROM_CTL_CODE (   ctrlCode)    ((ULONG)(ctrlCode & 3))

Definition at line 656 of file ntifs.template.h.

◆ MSV1_0_ALLOW_FORCE_GUEST

#define MSV1_0_ALLOW_FORCE_GUEST   0x00002000

Definition at line 755 of file ntifs.template.h.

◆ MSV1_0_ALLOW_MSVCHAPV2

#define MSV1_0_ALLOW_MSVCHAPV2   0x00010000

Definition at line 763 of file ntifs.template.h.

◆ MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT

#define MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT   0x20

Definition at line 746 of file ntifs.template.h.

◆ MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT

#define MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT   0x800

Definition at line 752 of file ntifs.template.h.

◆ MSV1_0_CHALLENGE_LENGTH

#define MSV1_0_CHALLENGE_LENGTH   8

Definition at line 738 of file ntifs.template.h.

◆ MSV1_0_CLEARTEXT_PASSWORD_ALLOWED

#define MSV1_0_CLEARTEXT_PASSWORD_ALLOWED   0x02

Definition at line 742 of file ntifs.template.h.

◆ MSV1_0_CRED_LM_PRESENT

#define MSV1_0_CRED_LM_PRESENT   0x1

Definition at line 805 of file ntifs.template.h.

◆ MSV1_0_CRED_NT_PRESENT

#define MSV1_0_CRED_NT_PRESENT   0x2

Definition at line 806 of file ntifs.template.h.

◆ MSV1_0_CRED_VERSION

#define MSV1_0_CRED_VERSION   0

Definition at line 807 of file ntifs.template.h.

◆ MSV1_0_DISABLE_PERSONAL_FALLBACK

#define MSV1_0_DISABLE_PERSONAL_FALLBACK   0x00001000

Definition at line 754 of file ntifs.template.h.

◆ MSV1_0_DONT_TRY_GUEST_ACCOUNT

#define MSV1_0_DONT_TRY_GUEST_ACCOUNT   0x10

Definition at line 745 of file ntifs.template.h.

◆ MSV1_0_LANMAN_SESSION_KEY_LENGTH

#define MSV1_0_LANMAN_SESSION_KEY_LENGTH   8

Definition at line 740 of file ntifs.template.h.

◆ MSV1_0_MAX_AVL_SIZE

#define MSV1_0_MAX_AVL_SIZE   64000

Definition at line 817 of file ntifs.template.h.

◆ MSV1_0_MAX_NTLM3_LIFE

#define MSV1_0_MAX_NTLM3_LIFE   129600

Definition at line 815 of file ntifs.template.h.

◆ MSV1_0_MNS_LOGON

#define MSV1_0_MNS_LOGON   0x01000000

Definition at line 772 of file ntifs.template.h.

◆ MSV1_0_NTLM3_INPUT_LENGTH

#define MSV1_0_NTLM3_INPUT_LENGTH   (sizeof(MSV1_0_NTLM3_RESPONSE) - MSV1_0_NTLM3_RESPONSE_LENGTH)

Definition at line 829 of file ntifs.template.h.

◆ MSV1_0_NTLM3_OWF_LENGTH

#define MSV1_0_NTLM3_OWF_LENGTH   16

Definition at line 810 of file ntifs.template.h.

◆ MSV1_0_NTLM3_RESPONSE_LENGTH

#define MSV1_0_NTLM3_RESPONSE_LENGTH   16

Definition at line 809 of file ntifs.template.h.

◆ MSV1_0_OWF_PASSWORD_LENGTH

#define MSV1_0_OWF_PASSWORD_LENGTH   16

Definition at line 804 of file ntifs.template.h.

◆ MSV1_0_PACKAGE_NAME

#define MSV1_0_PACKAGE_NAME   "MICROSOFT_AUTHENTICATION_PACKAGE_V1_0"

Definition at line 731 of file ntifs.template.h.

◆ MSV1_0_PACKAGE_NAMEW

#define MSV1_0_PACKAGE_NAMEW   L"MICROSOFT_AUTHENTICATION_PACKAGE_V1_0"

Definition at line 732 of file ntifs.template.h.

◆ MSV1_0_PACKAGE_NAMEW_LENGTH

#define MSV1_0_PACKAGE_NAMEW_LENGTH   sizeof(MSV1_0_PACKAGE_NAMEW) - sizeof(WCHAR)

Definition at line 733 of file ntifs.template.h.

◆ MSV1_0_RETURN_PASSWORD_EXPIRY

#define MSV1_0_RETURN_PASSWORD_EXPIRY   0x40

Definition at line 747 of file ntifs.template.h.

◆ MSV1_0_RETURN_PROFILE_PATH

#define MSV1_0_RETURN_PROFILE_PATH   0x200

Definition at line 750 of file ntifs.template.h.

◆ MSV1_0_RETURN_USER_PARAMETERS

#define MSV1_0_RETURN_USER_PARAMETERS   0x08

Definition at line 744 of file ntifs.template.h.

◆ MSV1_0_SUBAUTHENTICATION_DLL

#define MSV1_0_SUBAUTHENTICATION_DLL   0xFF000000

Definition at line 770 of file ntifs.template.h.

◆ MSV1_0_SUBAUTHENTICATION_DLL_EX

#define MSV1_0_SUBAUTHENTICATION_DLL_EX   0x00100000

Definition at line 762 of file ntifs.template.h.

◆ MSV1_0_SUBAUTHENTICATION_DLL_IIS

#define MSV1_0_SUBAUTHENTICATION_DLL_IIS   132

Definition at line 775 of file ntifs.template.h.

◆ MSV1_0_SUBAUTHENTICATION_DLL_RAS

#define MSV1_0_SUBAUTHENTICATION_DLL_RAS   2

Definition at line 774 of file ntifs.template.h.

◆ MSV1_0_SUBAUTHENTICATION_DLL_SHIFT

#define MSV1_0_SUBAUTHENTICATION_DLL_SHIFT   24

Definition at line 771 of file ntifs.template.h.

◆ MSV1_0_SUBAUTHENTICATION_FLAGS

#define MSV1_0_SUBAUTHENTICATION_FLAGS   0xFF000000

Definition at line 800 of file ntifs.template.h.

◆ MSV1_0_SUBAUTHENTICATION_KEY

#define MSV1_0_SUBAUTHENTICATION_KEY   "SYSTEM\\CurrentControlSet\\Control\\Lsa\\MSV1_0"

Definition at line 735 of file ntifs.template.h.

◆ MSV1_0_SUBAUTHENTICATION_VALUE

#define MSV1_0_SUBAUTHENTICATION_VALUE   "Auth"

Definition at line 736 of file ntifs.template.h.

◆ MSV1_0_TRY_GUEST_ACCOUNT_ONLY

#define MSV1_0_TRY_GUEST_ACCOUNT_ONLY   0x100

Definition at line 749 of file ntifs.template.h.

◆ MSV1_0_TRY_SPECIFIED_DOMAIN_ONLY

#define MSV1_0_TRY_SPECIFIED_DOMAIN_ONLY   0x400

Definition at line 751 of file ntifs.template.h.

◆ MSV1_0_UPDATE_LOGON_STATISTICS

#define MSV1_0_UPDATE_LOGON_STATISTICS   0x04

Definition at line 743 of file ntifs.template.h.

◆ MSV1_0_USE_CLIENT_CHALLENGE

#define MSV1_0_USE_CLIENT_CHALLENGE   0x80

Definition at line 748 of file ntifs.template.h.

◆ MSV1_0_USER_SESSION_KEY_LENGTH

#define MSV1_0_USER_SESSION_KEY_LENGTH   16

Definition at line 739 of file ntifs.template.h.

◆ NETWORK_OPEN_ECP_IN_FLAG_DISABLE_HANDLE_COLLAPSING

#define NETWORK_OPEN_ECP_IN_FLAG_DISABLE_HANDLE_COLLAPSING   0x1

Definition at line 1158 of file ntifs.template.h.

◆ NETWORK_OPEN_ECP_IN_FLAG_DISABLE_HANDLE_DURABILITY

#define NETWORK_OPEN_ECP_IN_FLAG_DISABLE_HANDLE_DURABILITY   0x2

Definition at line 1159 of file ntifs.template.h.

◆ NETWORK_OPEN_ECP_IN_FLAG_FORCE_BUFFERED_SYNCHRONOUS_IO_HACK

#define NETWORK_OPEN_ECP_IN_FLAG_FORCE_BUFFERED_SYNCHRONOUS_IO_HACK   0x80000000

Definition at line 1160 of file ntifs.template.h.

◆ NLS_OEM_LEAD_BYTE_INFO

#define NLS_OEM_LEAD_BYTE_INFO   (*NlsOemLeadByteInfo)

Definition at line 1137 of file ntifs.template.h.

◆ OB_TYPE_ADAPTER

#define OB_TYPE_ADAPTER   18

Definition at line 1350 of file ntifs.template.h.

◆ OB_TYPE_CONTROLLER

#define OB_TYPE_CONTROLLER   19

Definition at line 1351 of file ntifs.template.h.

◆ OB_TYPE_DESKTOP

#define OB_TYPE_DESKTOP   14

Definition at line 1346 of file ntifs.template.h.

◆ OB_TYPE_DEVICE

#define OB_TYPE_DEVICE   20

Definition at line 1352 of file ntifs.template.h.

◆ OB_TYPE_DIRECTORY

#define OB_TYPE_DIRECTORY   2

Definition at line 1334 of file ntifs.template.h.

◆ OB_TYPE_DRIVER

#define OB_TYPE_DRIVER   21

Definition at line 1353 of file ntifs.template.h.

◆ OB_TYPE_EVENT

#define OB_TYPE_EVENT   7

Definition at line 1339 of file ntifs.template.h.

◆ OB_TYPE_EVENT_PAIR

#define OB_TYPE_EVENT_PAIR   8

Definition at line 1340 of file ntifs.template.h.

◆ OB_TYPE_FILE

#define OB_TYPE_FILE   23

Definition at line 1355 of file ntifs.template.h.

◆ OB_TYPE_IO_COMPLETION

#define OB_TYPE_IO_COMPLETION   22

Definition at line 1354 of file ntifs.template.h.

◆ OB_TYPE_KEY

#define OB_TYPE_KEY   16

Definition at line 1348 of file ntifs.template.h.

◆ OB_TYPE_MUTANT

#define OB_TYPE_MUTANT   9

Definition at line 1341 of file ntifs.template.h.

◆ OB_TYPE_PORT

#define OB_TYPE_PORT   17

Definition at line 1349 of file ntifs.template.h.

◆ OB_TYPE_PROCESS

#define OB_TYPE_PROCESS   5

Definition at line 1337 of file ntifs.template.h.

◆ OB_TYPE_PROFILE

#define OB_TYPE_PROFILE   12

Definition at line 1344 of file ntifs.template.h.

◆ OB_TYPE_SECTION

#define OB_TYPE_SECTION   15

Definition at line 1347 of file ntifs.template.h.

◆ OB_TYPE_SEMAPHORE

#define OB_TYPE_SEMAPHORE   10

Definition at line 1342 of file ntifs.template.h.

◆ OB_TYPE_SYMBOLIC_LINK

#define OB_TYPE_SYMBOLIC_LINK   3

Definition at line 1335 of file ntifs.template.h.

◆ OB_TYPE_THREAD

#define OB_TYPE_THREAD   6

Definition at line 1338 of file ntifs.template.h.

◆ OB_TYPE_TIMER

#define OB_TYPE_TIMER   11

Definition at line 1343 of file ntifs.template.h.

◆ OB_TYPE_TOKEN

#define OB_TYPE_TOKEN   4

Definition at line 1336 of file ntifs.template.h.

◆ OB_TYPE_TYPE

#define OB_TYPE_TYPE   1

Definition at line 1333 of file ntifs.template.h.

◆ OB_TYPE_WINDOW_STATION

#define OB_TYPE_WINDOW_STATION   13

Definition at line 1345 of file ntifs.template.h.

◆ PIN_CALLER_TRACKS_DIRTY_DATA

#define PIN_CALLER_TRACKS_DIRTY_DATA   (32)

Definition at line 1252 of file ntifs.template.h.

◆ PIN_EXCLUSIVE

#define PIN_EXCLUSIVE   (2)

Definition at line 1249 of file ntifs.template.h.

◆ PIN_HIGH_PRIORITY

#define PIN_HIGH_PRIORITY   (64)

Definition at line 1253 of file ntifs.template.h.

◆ PIN_IF_BCB

#define PIN_IF_BCB   (8)

Definition at line 1251 of file ntifs.template.h.

◆ PIN_NO_READ

#define PIN_NO_READ   (4)

Definition at line 1250 of file ntifs.template.h.

◆ PIN_WAIT

#define PIN_WAIT   (1)

Definition at line 1248 of file ntifs.template.h.

◆ PsDereferenceImpersonationToken

#define PsDereferenceImpersonationToken (   T)
Value:
{if (ARGUMENT_PRESENT(T)) { \
} else { \
; \
} \
}
#define T
Definition: mbstring.h:31
#define ARGUMENT_PRESENT(ArgumentPointer)
#define ObDereferenceObject
Definition: obfuncs.h:203

Definition at line 1759 of file ntifs.template.h.

◆ RETURN_NON_NT_USER_SESSION_KEY

#define RETURN_NON_NT_USER_SESSION_KEY   0x08

Definition at line 838 of file ntifs.template.h.

◆ RETURN_PRIMARY_LOGON_DOMAINNAME

#define RETURN_PRIMARY_LOGON_DOMAINNAME   0x04

Definition at line 837 of file ntifs.template.h.

◆ RETURN_PRIMARY_USERNAME

#define RETURN_PRIMARY_USERNAME   0x02

Definition at line 836 of file ntifs.template.h.

◆ RETURN_RESERVED_PARAMETER

#define RETURN_RESERVED_PARAMETER   0x80

Definition at line 842 of file ntifs.template.h.

◆ SEC_BASED

#define SEC_BASED   0x00200000

Definition at line 1357 of file ntifs.template.h.

◆ SeEnableAccessToExports

#define SeEnableAccessToExports ( )    SeExports = *(PSE_EXPORTS *)SeExports;

Definition at line 1786 of file ntifs.template.h.

◆ SetFlag

#define SetFlag (   _F,
  _SF 
)    ((_F) |= (_SF))

◆ SYSTEM_PAGE_PRIORITY_BITS

#define SYSTEM_PAGE_PRIORITY_BITS   3

Definition at line 1082 of file ntifs.template.h.

◆ SYSTEM_PAGE_PRIORITY_LEVELS

#define SYSTEM_PAGE_PRIORITY_LEVELS   (1 << SYSTEM_PAGE_PRIORITY_BITS)

Definition at line 1083 of file ntifs.template.h.

◆ USE_PRIMARY_PASSWORD

#define USE_PRIMARY_PASSWORD   0x01

Definition at line 835 of file ntifs.template.h.

◆ VER_PRODUCTBUILD

#define VER_PRODUCTBUILD   10000

Definition at line 1286 of file ntifs.template.h.

◆ VOLSNAPCONTROLTYPE

#define VOLSNAPCONTROLTYPE   0x00000053

Definition at line 1281 of file ntifs.template.h.

Typedef Documentation

◆ FILE_COPY_ON_WRITE_INFORMATION

◆ FILE_EXCLUSIVE_LOCK_ENTRY

◆ FILE_FULL_DIRECTORY_INFORMATION

◆ FILE_MAILSLOT_PEEK_BUFFER

◆ FILE_OLE_ALL_INFORMATION

◆ FILE_OLE_CLASSID_INFORMATION

◆ FILE_OLE_DIR_INFORMATION

◆ FILE_OLE_INFORMATION

◆ FILE_OLE_STATE_BITS_INFORMATION

◆ FILE_SHARED_LOCK_ENTRY

◆ FILE_STORAGE_TYPE

◆ GET_RETRIEVAL_DESCRIPTOR

◆ LSA_OBJECT_ATTRIBUTES

Definition at line 66 of file ntifs.template.h.

◆ LSA_OPERATIONAL_MODE

Definition at line 661 of file ntifs.template.h.

◆ LSA_STRING

typedef STRING LSA_STRING

Definition at line 65 of file ntifs.template.h.

◆ MAPPING_PAIR

◆ MOVEFILE_DESCRIPTOR

◆ MSV1_0_AV_PAIR

◆ MSV1_0_AVID

◆ MSV1_0_ENUMUSERS_REQUEST

◆ MSV1_0_ENUMUSERS_RESPONSE

◆ MSV1_0_GETCHALLENRESP_REQUEST

◆ MSV1_0_GETCHALLENRESP_REQUEST_V1

◆ MSV1_0_GETCHALLENRESP_RESPONSE

◆ MSV1_0_GETUSERINFO_REQUEST

◆ MSV1_0_GETUSERINFO_RESPONSE

◆ MSV1_0_INTERACTIVE_LOGON

◆ MSV1_0_INTERACTIVE_PROFILE

◆ MSV1_0_LM20_CHALLENGE_REQUEST

◆ MSV1_0_LM20_CHALLENGE_RESPONSE

◆ MSV1_0_LM20_LOGON

◆ MSV1_0_LM20_LOGON_PROFILE

◆ MSV1_0_LOGON_SUBMIT_TYPE

◆ MSV1_0_NTLM3_RESPONSE

◆ MSV1_0_PROFILE_BUFFER_TYPE

◆ MSV1_0_PROTOCOL_MESSAGE_TYPE

◆ MSV1_0_SUBAUTH_LOGON

◆ MSV1_0_SUPPLEMENTAL_CREDENTIAL

◆ NETWORK_OPEN_ECP_CONTEXT

◆ NETWORK_OPEN_ECP_CONTEXT_V0

◆ NETWORK_OPEN_INTEGRITY_QUALIFIER

◆ NETWORK_OPEN_LOCATION_QUALIFIER

◆ NFS_OPEN_ECP_CONTEXT

◆ OBJECT_ALL_TYPES_INFO

◆ OBJECT_BASIC_INFO

◆ OBJECT_BASIC_INFORMATION

◆ OBJECT_HANDLE_ATTRIBUTE_INFO

◆ OBJECT_NAME_INFO

◆ OBJECT_PROTECTION_INFO

◆ OBJECT_TYPE_INFO

◆ PFILE_COPY_ON_WRITE_INFORMATION

◆ PFILE_EXCLUSIVE_LOCK_ENTRY

◆ PFILE_FULL_DIRECTORY_INFORMATION

◆ PFILE_MAILSLOT_PEEK_BUFFER

◆ PFILE_OLE_ALL_INFORMATION

◆ PFILE_OLE_CLASSID_INFORMATION

◆ PFILE_OLE_DIR_INFORMATION

◆ PFILE_OLE_INFORMATION

◆ PFILE_OLE_STATE_BITS_INFORMATION

◆ PFILE_SHARED_LOCK_ENTRY

◆ PGET_RETRIEVAL_DESCRIPTOR

◆ PLSA_OBJECT_ATTRIBUTES

Definition at line 66 of file ntifs.template.h.

◆ PLSA_OPERATIONAL_MODE

Definition at line 661 of file ntifs.template.h.

◆ PLSA_STRING

typedef STRING * PLSA_STRING

Definition at line 65 of file ntifs.template.h.

◆ PMAPPING_PAIR

◆ PMOVEFILE_DESCRIPTOR

◆ PMSV1_0_AV_PAIR

◆ PMSV1_0_ENUMUSERS_REQUEST

◆ PMSV1_0_ENUMUSERS_RESPONSE

◆ PMSV1_0_GETCHALLENRESP_REQUEST

◆ PMSV1_0_GETCHALLENRESP_REQUEST_V1

◆ PMSV1_0_GETCHALLENRESP_RESPONSE

◆ PMSV1_0_GETUSERINFO_REQUEST

◆ PMSV1_0_GETUSERINFO_RESPONSE

◆ PMSV1_0_INTERACTIVE_LOGON

◆ PMSV1_0_INTERACTIVE_PROFILE

◆ PMSV1_0_LM20_CHALLENGE_REQUEST

◆ PMSV1_0_LM20_CHALLENGE_RESPONSE

◆ PMSV1_0_LM20_LOGON

◆ PMSV1_0_LM20_LOGON_PROFILE

◆ PMSV1_0_LOGON_SUBMIT_TYPE

◆ PMSV1_0_NTLM3_RESPONSE

◆ PMSV1_0_PROFILE_BUFFER_TYPE

◆ PMSV1_0_PROTOCOL_MESSAGE_TYPE

◆ PMSV1_0_SUBAUTH_LOGON

◆ PMSV1_0_SUPPLEMENTAL_CREDENTIAL

◆ PNETWORK_OPEN_ECP_CONTEXT

◆ PNETWORK_OPEN_ECP_CONTEXT_V0

◆ PNFS_OPEN_ECP_CONTEXT

◆ POBJECT_ALL_TYPES_INFO

◆ POBJECT_BASIC_INFO

◆ POBJECT_BASIC_INFORMATION

◆ POBJECT_HANDLE_ATTRIBUTE_INFO

◆ POBJECT_NAME_INFO

◆ POBJECT_PROTECTION_INFO

◆ POBJECT_TYPE_INFO

◆ PORT_MESSAGE

◆ PORT_VIEW

◆ PPNFS_OPEN_ECP_CONTEXT

◆ PPORT_MESSAGE

◆ PPORT_VIEW

◆ PPREFETCH_OPEN_ECP_CONTEXT

◆ PPUBLIC_OBJECT_TYPE_INFORMATION

◆ PQUERY_PATH_REQUEST

◆ PQUERY_PATH_REQUEST_EX

◆ PQUERY_PATH_RESPONSE

◆ PREFETCH_OPEN_ECP_CONTEXT

◆ PREMOTE_PORT_VIEW

◆ PSECURITY_LOGON_TYPE

◆ PSOCKADDR_STORAGE_NFS

Definition at line 1231 of file ntifs.template.h.

◆ PSRV_OPEN_ECP_CONTEXT

◆ PUBLIC_OBJECT_TYPE_INFORMATION

◆ PVAD_HEADER

◆ QUERY_PATH_REQUEST

◆ QUERY_PATH_REQUEST_EX

◆ QUERY_PATH_RESPONSE

◆ REMOTE_PORT_VIEW

◆ SECURITY_LOGON_TYPE

◆ SRV_OPEN_ECP_CONTEXT

◆ VAD_HEADER

Enumeration Type Documentation

◆ _FILE_STORAGE_TYPE

Enumerator
StorageTypeDefault 
StorageTypeDirectory 
StorageTypeFile 
StorageTypeJunctionPoint 
StorageTypeCatalog 
StorageTypeStructuredStorage 
StorageTypeEmbedding 
StorageTypeStream 

Definition at line 1387 of file ntifs.template.h.

◆ _MSV1_0_AVID

Enumerator
MsvAvEOL 
MsvAvNbComputerName 
MsvAvNbDomainName 
MsvAvDnsComputerName 
MsvAvDnsDomainName 

Definition at line 959 of file ntifs.template.h.

959  {
960  MsvAvEOL,
965 #if (_WIN32_WINNT >= 0x0501)
966  MsvAvDnsTreeName,
967  MsvAvFlags,
968 #if (_WIN32_WINNT >= 0x0600)
969  MsvAvTimestamp,
970  MsvAvRestrictions,
971  MsvAvTargetName,
972  MsvAvChannelBindings,
973 #endif
974 #endif
975 } MSV1_0_AVID;
enum _MSV1_0_AVID MSV1_0_AVID

◆ _MSV1_0_LOGON_SUBMIT_TYPE

Enumerator
MsV1_0InteractiveLogon 
MsV1_0Lm20Logon 
MsV1_0NetworkLogon 
MsV1_0SubAuthLogon 
MsV1_0WorkstationUnlockLogon 
MsV1_0InteractiveLogon 
MsV1_0Lm20Logon 
MsV1_0NetworkLogon 
MsV1_0SubAuthLogon 
MsV1_0WorkstationUnlockLogon 
MsV1_0S4ULogon 
MsV1_0VirtualLogon 

Definition at line 850 of file ntifs.template.h.

◆ _MSV1_0_PROFILE_BUFFER_TYPE

Enumerator
MsV1_0InteractiveProfile 
MsV1_0Lm20LogonProfile 
MsV1_0SmartCardProfile 
MsV1_0InteractiveProfile 
MsV1_0Lm20LogonProfile 
MsV1_0SmartCardProfile 

Definition at line 860 of file ntifs.template.h.

860  {
enum _MSV1_0_PROFILE_BUFFER_TYPE * PMSV1_0_PROFILE_BUFFER_TYPE
enum _MSV1_0_PROFILE_BUFFER_TYPE MSV1_0_PROFILE_BUFFER_TYPE

◆ _MSV1_0_PROTOCOL_MESSAGE_TYPE

Enumerator
MsV1_0Lm20ChallengeRequest 
MsV1_0Lm20GetChallengeResponse 
MsV1_0EnumerateUsers 
MsV1_0GetUserInfo 
MsV1_0ReLogonUsers 
MsV1_0ChangePassword 
MsV1_0ChangeCachedPassword 
MsV1_0GenericPassthrough 
MsV1_0CacheLogon 
MsV1_0SubAuth 
MsV1_0DeriveCredential 
MsV1_0CacheLookup 
MsV1_0SetProcessOption 
MsV1_0Lm20ChallengeRequest 
MsV1_0Lm20GetChallengeResponse 
MsV1_0EnumerateUsers 
MsV1_0GetUserInfo 
MsV1_0ReLogonUsers 
MsV1_0ChangePassword 
MsV1_0ChangeCachedPassword 
MsV1_0GenericPassthrough 
MsV1_0CacheLogon 
MsV1_0SubAuth 
MsV1_0DeriveCredential 
MsV1_0CacheLookup 

Definition at line 982 of file ntifs.template.h.

982  {
995 #if (_WIN32_WINNT >= 0x0501)
997 #endif
998 #if (_WIN32_WINNT >= 0x0600)
999  MsV1_0ConfigLocalAliases,
1000  MsV1_0ClearCachedCredentials,
1001 #endif
enum _MSV1_0_PROTOCOL_MESSAGE_TYPE * PMSV1_0_PROTOCOL_MESSAGE_TYPE
enum _MSV1_0_PROTOCOL_MESSAGE_TYPE MSV1_0_PROTOCOL_MESSAGE_TYPE

◆ _NETWORK_OPEN_INTEGRITY_QUALIFIER

Enumerator
NetworkOpenIntegrityAny 
NetworkOpenIntegrityNone 
NetworkOpenIntegritySigned 
NetworkOpenIntegrityEncrypted 
NetworkOpenIntegrityMaximum 

Definition at line 1148 of file ntifs.template.h.

◆ _NETWORK_OPEN_LOCATION_QUALIFIER

Enumerator
NetworkOpenLocationAny 
NetworkOpenLocationRemote 
NetworkOpenLocationLoopback 

Definition at line 1142 of file ntifs.template.h.

◆ _SECURITY_LOGON_TYPE

Enumerator
Interactive 
Network 
Batch 
Service 
Proxy 
Unlock 
UndefinedLogonType 
Interactive 
Network 
Batch 
Service 
Proxy 
Unlock 
NetworkCleartext 
NewCredentials 

Definition at line 663 of file ntifs.template.h.

663  {
664  UndefinedLogonType = 0,
665  Interactive = 2,
666  Network,
667  Batch,
668  Service,
669  Proxy,
670  Unlock,
673 #if (_WIN32_WINNT >= 0x0501)
674  RemoteInteractive,
675  CachedInteractive,
676 #endif
677 #if (_WIN32_WINNT >= 0x0502)
678  CachedRemoteInteractive,
679  CachedUnlock
680 #endif
enum _SECURITY_LOGON_TYPE SECURITY_LOGON_TYPE
enum _SECURITY_LOGON_TYPE * PSECURITY_LOGON_TYPE

Function Documentation

◆ $define()

$define ( UCHAR  = UCHAR)

◆ $include() [1/3]

$include ( setypes.  h)

◆ $include() [2/3]

$include ( iotypes.  h)

Definition at line 1067 of file ntifs.template.h.

1069  {
1070  ULONG Attributes;
1072  ULONG HandleCount;
1073  ULONG PointerCount;
1074  ULONG Reserved[10];
_Reserved_ PVOID Reserved
Definition: winddi.h:3974
PUBLIC_OBJECT_BASIC_INFORMATION
* PPUBLIC_OBJECT_BASIC_INFORMATION
unsigned int ULONG
Definition: retypes.h:1
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK GrantedAccess
Definition: sefuncs.h:13
ULONG ACCESS_MASK
Definition: nt_native.h:40
_Must_inspect_result_ _In_ WDFDMAENABLER _In_ _In_opt_ PWDF_OBJECT_ATTRIBUTES Attributes

◆ $include() [3/3]

$include ( ketypes.  h)

◆ _In_reads_bytes_()

◆ _IRQL_requires_max_()

_IRQL_requires_max_ ( PASSIVE_LEVEL  )

Definition at line 64 of file Messaging.c.

75 {
76  PFLT_SERVER_PORT_OBJECT PortObject;
78 
79  /* The caller must allow at least one connection */
80  if (MaxConnections == 0)
81  {
83  }
84 
85  /* The request must be for a kernel handle */
86  if (!(ObjectAttributes->Attributes & OBJ_KERNEL_HANDLE))
87  {
89  }
90 
91  /*
92  * Get rundown protection on the target to stop the owner
93  * from unloading whilst this port object is open. It gets
94  * removed in the FltpServerPortClose callback
95  */
97  if (!NT_SUCCESS(Status))
98  {
99  return Status;
100  }
101 
102  /* Create the server port object for this filter */
106  KernelMode,
107  NULL,
108  sizeof(FLT_SERVER_PORT_OBJECT),
109  0,
110  0,
111  (PVOID *)&PortObject);
112  if (NT_SUCCESS(Status))
113  {
114  /* Zero out the struct */
115  RtlZeroMemory(PortObject, sizeof(FLT_SERVER_PORT_OBJECT));
116 
117  /* Increment the ref count on the target filter */
119 
120  /* Setup the filter port object */
121  PortObject->Filter = Filter;
122  PortObject->ConnectNotify = ConnectNotifyCallback;
124  PortObject->MessageNotify = MessageNotifyCallback;
125  PortObject->Cookie = ServerPortCookie;
126  PortObject->MaxConnections = MaxConnections;
127 
128  /* Insert the object */
129  Status = ObInsertObject(PortObject,
130  NULL,
132  0,
133  NULL,
135  if (NT_SUCCESS(Status))
136  {
137  /* Lock the connection list */
139 
140  /* Add the new port object to the connection list and increment the count */
143 
144  /* Unlock the connection list*/
146  }
147  }
148 
149  if (!NT_SUCCESS(Status))
150  {
151  /* Allow the filter to be cleaned up */
153  }
154 
155  return Status;
156 }
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:35
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
_Must_inspect_result_ _Outptr_ PFLT_PORT * ServerPort
Definition: fltkernel.h:1872
PFLT_CONNECT_NOTIFY ConnectNotify
Definition: fltmgrint.h:191
VOID FLTAPI FltObjectDereference(_Inout_ PVOID Object)
Definition: Object.c:53
LONG NTSTATUS
Definition: precomp.h:26
#define InsertTailList(ListHead, Entry)
#define OBJ_KERNEL_HANDLE
Definition: winternl.h:231
VOID FASTCALL ExReleaseFastMutex(IN PFAST_MUTEX FastMutex)
Definition: fmutex.c:31
ULONG FltpObjectPointerReference(_In_ PFLT_OBJECT Object)
Definition: Object.c:322
LIST_ENTRY mList
Definition: fltmgrint.h:56
_Must_inspect_result_ _In_opt_ PFLT_FILTER Filter
Definition: fltkernel.h:1801
#define FILE_READ_DATA
Definition: nt_native.h:628
NTSTATUS NTAPI ObCreateObject(IN KPROCESSOR_MODE ProbeMode OPTIONAL, IN POBJECT_TYPE Type, IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN KPROCESSOR_MODE AccessMode, IN OUT PVOID ParseContext OPTIONAL, IN ULONG ObjectSize, IN ULONG PagedPoolCharge OPTIONAL, IN ULONG NonPagedPoolCharge OPTIONAL, OUT PVOID *Object)
Definition: oblife.c:952
Status
Definition: gdiplustypes.h:24
POBJECT_TYPE ServerPortObjectType
Definition: Messaging.c:24
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
_Must_inspect_result_ _Outptr_ PFLT_PORT _In_ POBJECT_ATTRIBUTES _In_opt_ PVOID _In_ PFLT_CONNECT_NOTIFY _In_ PFLT_DISCONNECT_NOTIFY DisconnectNotifyCallback
Definition: fltkernel.h:1872
PVOID *typedef PHANDLE
Definition: ntsecpkg.h:454
_Must_inspect_result_ _Outptr_ PFLT_PORT _In_ POBJECT_ATTRIBUTES _In_opt_ PVOID _In_ PFLT_CONNECT_NOTIFY ConnectNotifyCallback
Definition: fltkernel.h:1872
NTSTATUS NTAPI ObInsertObject(IN PVOID Object, IN PACCESS_STATE AccessState OPTIONAL, IN ACCESS_MASK DesiredAccess, IN ULONG ObjectPointerBias, OUT PVOID *NewObject OPTIONAL, OUT PHANDLE Handle)
Definition: obhandle.c:2931
#define STANDARD_RIGHTS_ALL
Definition: nt_native.h:69
VOID FASTCALL ExAcquireFastMutex(IN PFAST_MUTEX FastMutex)
Definition: fmutex.c:23
NTSTATUS FLTAPI FltObjectReference(_Inout_ PVOID Object)
Definition: Object.c:41
_Must_inspect_result_ _Outptr_ PFLT_PORT _In_ POBJECT_ATTRIBUTES _In_opt_ PVOID ServerPortCookie
Definition: fltkernel.h:1872
#define NULL
Definition: types.h:112
FAST_MUTEX mLock
Definition: fltmgrint.h:55
PFLT_MESSAGE_NOTIFY MessageNotify
Definition: fltmgrint.h:193
#define RtlZeroMemory(Destination, Length)
Definition: typedefs.h:262
_Must_inspect_result_ _Outptr_ PFLT_PORT _In_ POBJECT_ATTRIBUTES _In_opt_ PVOID _In_ PFLT_CONNECT_NOTIFY _In_ PFLT_DISCONNECT_NOTIFY _In_opt_ PFLT_MESSAGE_NOTIFY _In_ LONG MaxConnections
Definition: fltkernel.h:1872
PFLT_DISCONNECT_NOTIFY DisconnectNotify
Definition: fltmgrint.h:192
_Must_inspect_result_ _Outptr_ PFLT_PORT _In_ POBJECT_ATTRIBUTES _In_opt_ PVOID _In_ PFLT_CONNECT_NOTIFY _In_ PFLT_DISCONNECT_NOTIFY _In_opt_ PFLT_MESSAGE_NOTIFY MessageNotifyCallback
Definition: fltkernel.h:1872
FLT_MUTEX_LIST_HEAD ConnectionList
Definition: fltmgrint.h:121

◆ _Out_writes_bytes_opt_() [1/2]

◆ _Out_writes_bytes_opt_() [2/2]

_In_ SECURITY_INFORMATION _Out_writes_bytes_opt_ ( Length  )

◆ _Out_writes_bytes_to_opt_()

_In_ TOKEN_INFORMATION_CLASS _Out_writes_bytes_to_opt_ ( TokenInformationLength  ,
ReturnLength 
)

◆ _When_()

◆ C_ASSERT() [1/2]

C_ASSERT ( FIELD_OFFSET(ERESOURCE, ActiveCount)  = =0x0c)

◆ C_ASSERT() [2/2]

C_ASSERT ( FIELD_OFFSET(ERESOURCE, Flag = =0x0e)

◆ CcGetLsnForFileObject()

NTKERNELAPI LARGE_INTEGER NTAPI CcGetLsnForFileObject ( _In_ PFILE_OBJECT  FileObject,
_Out_opt_ PLARGE_INTEGER  OldestLsn 
)

◆ DEFINE_GUID() [1/4]

DEFINE_GUID ( GUID_ECP_NETWORK_OPEN_CONTEXT  ,
0xc584edbf  ,
0x00df  ,
0x4d28  ,
0xb8  ,
0x84  ,
0x35  ,
0xba  ,
0xca  ,
0x89  ,
0x11  ,
0xe8   
)

◆ DEFINE_GUID() [2/4]

DEFINE_GUID ( GUID_ECP_PREFETCH_OPEN  ,
0xe1777b21  ,
0x847e  ,
0x4837  ,
0xaa  ,
0x45  ,
0x64  ,
0x16  ,
0x1d  ,
0x28  ,
0x6  ,
0x55   
)

◆ DEFINE_GUID() [3/4]

DEFINE_GUID ( GUID_ECP_NFS_OPEN  ,
0xf326d30c  ,
0xe5f8  ,
0x4fe7  ,
0xab  ,
0x74  ,
0xf5  ,
0xa3  ,
0x19  ,
0x6d  ,
0x92  ,
0xdb   
)

◆ DEFINE_GUID() [4/4]

DEFINE_GUID ( GUID_ECP_SRV_OPEN  ,
0xbebfaebc  ,
0xaabf  ,
0x489d  ,
0x9d  ,
0x2c  ,
0xe9  ,
0xe3  ,
0x61  ,
0x10  ,
0x28  ,
0x53   
)

◆ FsRtlAllocatePool()

NTKERNELAPI PVOID NTAPI FsRtlAllocatePool ( _In_ POOL_TYPE  PoolType,
_In_ ULONG  NumberOfBytes 
)

◆ FsRtlAllocatePoolWithQuota()

NTKERNELAPI PVOID NTAPI FsRtlAllocatePoolWithQuota ( _In_ POOL_TYPE  PoolType,
_In_ ULONG  NumberOfBytes 
)

◆ FsRtlAllocatePoolWithQuotaTag()

NTKERNELAPI PVOID NTAPI FsRtlAllocatePoolWithQuotaTag ( _In_ POOL_TYPE  PoolType,
_In_ ULONG  NumberOfBytes,
_In_ ULONG  Tag 
)

◆ FsRtlAllocatePoolWithTag()

NTKERNELAPI PVOID NTAPI FsRtlAllocatePoolWithTag ( _In_ POOL_TYPE  PoolType,
_In_ ULONG  NumberOfBytes,
_In_ ULONG  Tag 
)

◆ FsRtlMdlReadComplete()

NTKERNELAPI BOOLEAN NTAPI FsRtlMdlReadComplete ( _In_ PFILE_OBJECT  FileObject,
_In_ PMDL  MdlChain 
)

◆ FsRtlMdlWriteComplete()

NTKERNELAPI BOOLEAN NTAPI FsRtlMdlWriteComplete ( _In_ PFILE_OBJECT  FileObject,
_In_ PLARGE_INTEGER  FileOffset,
_In_ PMDL  MdlChain 
)

◆ FsRtlNotifyChangeDirectory()

NTKERNELAPI VOID NTAPI FsRtlNotifyChangeDirectory ( _In_ PNOTIFY_SYNC  NotifySync,
_In_ PVOID  FsContext,
_In_ PSTRING  FullDirectoryName,
_In_ PLIST_ENTRY  NotifyList,
_In_ BOOLEAN  WatchTree,
_In_ ULONG  CompletionFilter,
_In_ PIRP  NotifyIrp 
)

◆ LsaFreeReturnBuffer()

_IRQL_requires_same_ NTSTATUS NTAPI LsaFreeReturnBuffer ( _In_ PVOID  Buffer)

◆ NtAccessCheckAndAuditAlarm()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAccessCheckAndAuditAlarm ( _In_ PUNICODE_STRING  SubsystemName,
_In_opt_ PVOID  HandleId,
_In_ PUNICODE_STRING  ObjectTypeName,
_In_ PUNICODE_STRING  ObjectName,
_In_ PSECURITY_DESCRIPTOR  SecurityDescriptor,
_In_ ACCESS_MASK  DesiredAccess,
_In_ PGENERIC_MAPPING  GenericMapping,
_In_ BOOLEAN  ObjectCreation,
_Out_ PACCESS_MASK  GrantedAccess,
_Out_ PNTSTATUS  AccessStatus,
_Out_ PBOOLEAN  GenerateOnClose 
)

Definition at line 1408 of file audit.c.

1420 {
1421  /* Call the internal function */
1422  return SepAccessCheckAndAuditAlarm(SubsystemName,
1423  HandleId,
1424  NULL,
1426  ObjectName,
1428  NULL,
1429  DesiredAccess,
1431  0,
1432  NULL,
1433  0,
1435  GrantedAccess,
1436  AccessStatus,
1438  FALSE);
1439 }
static POBJECTS_AND_NAME_A SE_OBJECT_TYPE LPSTR ObjectTypeName
Definition: security.c:77
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
Definition: wdfdevice.h:2654
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK _Out_ PNTSTATUS AccessStatus
Definition: sefuncs.h:13
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:182
_In_ PVOID _Out_opt_ PULONG_PTR _Outptr_opt_ PCUNICODE_STRING * ObjectName
Definition: cmfuncs.h:62
#define FALSE
Definition: types.h:117
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE _In_ BOOLEAN _In_ BOOLEAN _In_ KPROCESSOR_MODE _In_opt_ GUID _Out_ PBOOLEAN GenerateOnClose
Definition: sefuncs.h:414
static GENERIC_MAPPING GenericMapping
Definition: SeInheritance.c:11
#define NULL
Definition: types.h:112
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK GrantedAccess
Definition: sefuncs.h:13
_Must_inspect_result_ NTSTATUS NTAPI SepAccessCheckAndAuditAlarm(_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ PHANDLE ClientTokenHandle, _In_ PUNICODE_STRING ObjectTypeName, _In_ PUNICODE_STRING ObjectName, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_opt_ PSID PrincipalSelfSid, _In_ ACCESS_MASK DesiredAccess, _In_ AUDIT_EVENT_TYPE AuditType, _In_ ULONG Flags, _In_reads_opt_(ObjectTypeListLength) POBJECT_TYPE_LIST ObjectTypeList, _In_ ULONG ObjectTypeListLength, _In_ PGENERIC_MAPPING GenericMapping, _Out_writes_(ObjectTypeListLength) PACCESS_MASK GrantedAccessList, _Out_writes_(ObjectTypeListLength) PNTSTATUS AccessStatusList, _Out_ PBOOLEAN GenerateOnClose, _In_ BOOLEAN UseResultList)
Definition: audit.c:371

Referenced by AccessCheckAndAuditAlarmA(), and AccessCheckAndAuditAlarmW().

◆ NtAccessCheckByTypeAndAuditAlarm()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAccessCheckByTypeAndAuditAlarm ( _In_ PUNICODE_STRING  SubsystemName,
_In_opt_ PVOID  HandleId,
_In_ PUNICODE_STRING  ObjectTypeName,
_In_ PUNICODE_STRING  ObjectName,
_In_ PSECURITY_DESCRIPTOR  SecurityDescriptor,
_In_opt_ PSID  PrincipalSelfSid,
_In_ ACCESS_MASK  DesiredAccess,
_In_ AUDIT_EVENT_TYPE  AuditType,
_In_ ULONG  Flags,
_In_reads_opt_(ObjectTypeLength) POBJECT_TYPE_LIST  ObjectTypeList,
_In_ ULONG  ObjectTypeLength,
_In_ PGENERIC_MAPPING  GenericMapping,
_In_ BOOLEAN  ObjectCreation,
_Out_ PACCESS_MASK  GrantedAccess,
_Out_ PNTSTATUS  AccessStatus,
_Out_ PBOOLEAN  GenerateOnClose 
)

Definition at line 1445 of file audit.c.

1462 {
1463  /* Call the internal function */
1464  return SepAccessCheckAndAuditAlarm(SubsystemName,
1465  HandleId,
1466  NULL,
1468  ObjectName,
1470  PrincipalSelfSid,
1471  DesiredAccess,
1472  AuditType,
1473  Flags,
1474  ObjectTypeList,
1475  ObjectTypeLength,
1477  GrantedAccess,
1478  AccessStatus,
1480  FALSE);
1481 }
static POBJECTS_AND_NAME_A SE_OBJECT_TYPE LPSTR ObjectTypeName
Definition: security.c:77
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
Definition: wdfdevice.h:2654
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK _Out_ PNTSTATUS AccessStatus
Definition: sefuncs.h:13
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:182
_In_ PVOID _Out_opt_ PULONG_PTR _Outptr_opt_ PCUNICODE_STRING * ObjectName
Definition: cmfuncs.h:62
#define FALSE
Definition: types.h:117
_Must_inspect_result_ _In_ ULONG Flags
Definition: wsk.h:170
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE _In_ BOOLEAN _In_ BOOLEAN _In_ KPROCESSOR_MODE _In_opt_ GUID _Out_ PBOOLEAN GenerateOnClose
Definition: sefuncs.h:414
static GENERIC_MAPPING GenericMapping
Definition: SeInheritance.c:11
#define NULL
Definition: types.h:112
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK GrantedAccess
Definition: sefuncs.h:13
_Must_inspect_result_ NTSTATUS NTAPI SepAccessCheckAndAuditAlarm(_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ PHANDLE ClientTokenHandle, _In_ PUNICODE_STRING ObjectTypeName, _In_ PUNICODE_STRING ObjectName, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_opt_ PSID PrincipalSelfSid, _In_ ACCESS_MASK DesiredAccess, _In_ AUDIT_EVENT_TYPE AuditType, _In_ ULONG Flags, _In_reads_opt_(ObjectTypeListLength) POBJECT_TYPE_LIST ObjectTypeList, _In_ ULONG ObjectTypeListLength, _In_ PGENERIC_MAPPING GenericMapping, _Out_writes_(ObjectTypeListLength) PACCESS_MASK GrantedAccessList, _Out_writes_(ObjectTypeListLength) PNTSTATUS AccessStatusList, _Out_ PBOOLEAN GenerateOnClose, _In_ BOOLEAN UseResultList)
Definition: audit.c:371

◆ NtAccessCheckByTypeResultListAndAuditAlarm()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAccessCheckByTypeResultListAndAuditAlarm ( _In_ PUNICODE_STRING  SubsystemName,
_In_opt_ PVOID  HandleId,
_In_ PUNICODE_STRING  ObjectTypeName,
_In_ PUNICODE_STRING  ObjectName,
_In_ PSECURITY_DESCRIPTOR  SecurityDescriptor,
_In_opt_ PSID  PrincipalSelfSid,
_In_ ACCESS_MASK  DesiredAccess,
_In_ AUDIT_EVENT_TYPE  AuditType,
_In_ ULONG  Flags,
_In_reads_opt_(ObjectTypeListLength) POBJECT_TYPE_LIST  ObjectTypeList,
_In_ ULONG  ObjectTypeListLength,
_In_ PGENERIC_MAPPING  GenericMapping,
_In_ BOOLEAN  ObjectCreation,
_Out_writes_(ObjectTypeListLength) PACCESS_MASK  GrantedAccess,
_Out_writes_(ObjectTypeListLength) PNTSTATUS  AccessStatus,
_Out_ PBOOLEAN  GenerateOnClose 
)

Definition at line 1487 of file audit.c.

1504 {
1505  /* Call the internal function */
1506  return SepAccessCheckAndAuditAlarm(SubsystemName,
1507  HandleId,
1508  NULL,
1510  ObjectName,
1512  PrincipalSelfSid,
1513  DesiredAccess,
1514  AuditType,
1515  Flags,
1516  ObjectTypeList,
1517  ObjectTypeListLength,
1519  GrantedAccessList,
1520  AccessStatusList,
1522  TRUE);
1523 }
static POBJECTS_AND_NAME_A SE_OBJECT_TYPE LPSTR ObjectTypeName
Definition: security.c:77
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
Definition: wdfdevice.h:2654
#define TRUE
Definition: types.h:120
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:182
_In_ PVOID _Out_opt_ PULONG_PTR _Outptr_opt_ PCUNICODE_STRING * ObjectName
Definition: cmfuncs.h:62
_Must_inspect_result_ _In_ ULONG Flags
Definition: wsk.h:170
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE _In_ BOOLEAN _In_ BOOLEAN _In_ KPROCESSOR_MODE _In_opt_ GUID _Out_ PBOOLEAN GenerateOnClose
Definition: sefuncs.h:414
static GENERIC_MAPPING GenericMapping
Definition: SeInheritance.c:11
#define NULL
Definition: types.h:112
_Must_inspect_result_ NTSTATUS NTAPI SepAccessCheckAndAuditAlarm(_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ PHANDLE ClientTokenHandle, _In_ PUNICODE_STRING ObjectTypeName, _In_ PUNICODE_STRING ObjectName, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_opt_ PSID PrincipalSelfSid, _In_ ACCESS_MASK DesiredAccess, _In_ AUDIT_EVENT_TYPE AuditType, _In_ ULONG Flags, _In_reads_opt_(ObjectTypeListLength) POBJECT_TYPE_LIST ObjectTypeList, _In_ ULONG ObjectTypeListLength, _In_ PGENERIC_MAPPING GenericMapping, _Out_writes_(ObjectTypeListLength) PACCESS_MASK GrantedAccessList, _Out_writes_(ObjectTypeListLength) PNTSTATUS AccessStatusList, _Out_ PBOOLEAN GenerateOnClose, _In_ BOOLEAN UseResultList)
Definition: audit.c:371

◆ NtAccessCheckByTypeResultListAndAuditAlarmByHandle()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAccessCheckByTypeResultListAndAuditAlarmByHandle ( _In_ PUNICODE_STRING  SubsystemName,
_In_opt_ PVOID  HandleId,
_In_ HANDLE  ClientToken,
_In_ PUNICODE_STRING  ObjectTypeName,
_In_ PUNICODE_STRING  ObjectName,
_In_ PSECURITY_DESCRIPTOR  SecurityDescriptor,
_In_opt_ PSID  PrincipalSelfSid,
_In_ ACCESS_MASK  DesiredAccess,
_In_ AUDIT_EVENT_TYPE  AuditType,
_In_ ULONG  Flags,
_In_reads_opt_(ObjectTypeListLength) POBJECT_TYPE_LIST  ObjectTypeList,
_In_ ULONG  ObjectTypeListLength,
_In_ PGENERIC_MAPPING  GenericMapping,
_In_ BOOLEAN  ObjectCreation,
_Out_writes_(ObjectTypeListLength) PACCESS_MASK  GrantedAccess,
_Out_writes_(ObjectTypeListLength) PNTSTATUS  AccessStatus,
_Out_ PBOOLEAN  GenerateOnClose 
)

Definition at line 1529 of file audit.c.

1547 {
1548  UNREFERENCED_PARAMETER(ObjectCreation);
1549 
1550  /* Call the internal function */
1551  return SepAccessCheckAndAuditAlarm(SubsystemName,
1552  HandleId,
1553  &ClientToken,
1555  ObjectName,
1557  PrincipalSelfSid,
1558  DesiredAccess,
1559  AuditType,
1560  Flags,
1561  ObjectTypeList,
1562  ObjectTypeListLength,
1564  GrantedAccessList,
1565  AccessStatusList,
1567  TRUE);
1568 }
static POBJECTS_AND_NAME_A SE_OBJECT_TYPE LPSTR ObjectTypeName
Definition: security.c:77
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
Definition: wdfdevice.h:2654
#define TRUE
Definition: types.h:120
#define UNREFERENCED_PARAMETER(P)
Definition: ntbasedef.h:317
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:182
_In_ PVOID _Out_opt_ PULONG_PTR _Outptr_opt_ PCUNICODE_STRING * ObjectName
Definition: cmfuncs.h:62
_Must_inspect_result_ _In_ ULONG Flags
Definition: wsk.h:170
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE _In_ BOOLEAN _In_ BOOLEAN _In_ KPROCESSOR_MODE _In_opt_ GUID _Out_ PBOOLEAN GenerateOnClose
Definition: sefuncs.h:414
static GENERIC_MAPPING GenericMapping
Definition: SeInheritance.c:11
_Must_inspect_result_ NTSTATUS NTAPI SepAccessCheckAndAuditAlarm(_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ PHANDLE ClientTokenHandle, _In_ PUNICODE_STRING ObjectTypeName, _In_ PUNICODE_STRING ObjectName, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_opt_ PSID PrincipalSelfSid, _In_ ACCESS_MASK DesiredAccess, _In_ AUDIT_EVENT_TYPE AuditType, _In_ ULONG Flags, _In_reads_opt_(ObjectTypeListLength) POBJECT_TYPE_LIST ObjectTypeList, _In_ ULONG ObjectTypeListLength, _In_ PGENERIC_MAPPING GenericMapping, _Out_writes_(ObjectTypeListLength) PACCESS_MASK GrantedAccessList, _Out_writes_(ObjectTypeListLength) PNTSTATUS AccessStatusList, _Out_ PBOOLEAN GenerateOnClose, _In_ BOOLEAN UseResultList)
Definition: audit.c:371

◆ NtAdjustGroupsToken()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAdjustGroupsToken ( _In_ HANDLE  TokenHandle,
_In_ BOOLEAN  ResetToDefault,
_In_opt_ PTOKEN_GROUPS  NewState,
_In_opt_ ULONG  BufferLength,
_Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_GROUPS  PreviousState,
_Out_ PULONG  ReturnLength 
)

◆ NtAdjustPrivilegesToken()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAdjustPrivilegesToken ( _In_ HANDLE  TokenHandle,
_In_ BOOLEAN  DisableAllPrivileges,
_In_opt_ PTOKEN_PRIVILEGES  NewState,
_In_ ULONG  BufferLength,
_Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_PRIVILEGES  PreviousState,
_When_(PreviousState !=NULL, _Out_) PULONG  ReturnLength 
)

◆ NtCloseObjectAuditAlarm()

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtCloseObjectAuditAlarm ( _In_ PUNICODE_STRING  SubsystemName,
_In_opt_ PVOID  HandleId,
_In_ BOOLEAN  GenerateOnClose 
)

◆ NtCreateFile()

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtCreateFile ( _Out_ PHANDLE  FileHandle,
_In_ ACCESS_MASK  DesiredAccess,
_In_ POBJECT_ATTRIBUTES  ObjectAttributes,
_Out_ PIO_STATUS_BLOCK  IoStatusBlock,
_In_opt_ PLARGE_INTEGER  AllocationSize,
_In_ ULONG  FileAttributes,
_In_ ULONG  ShareAccess,
_In_ ULONG  CreateDisposition,
_In_ ULONG  CreateOptions,
_In_reads_bytes_opt_(EaLength) PVOID  EaBuffer,
_In_ ULONG  EaLength 
)

◆ NtCreateSection()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtCreateSection ( _Out_ PHANDLE  SectionHandle,
_In_ ACCESS_MASK  DesiredAccess,
_In_opt_ POBJECT_ATTRIBUTES  ObjectAttributes,
_In_opt_ PLARGE_INTEGER  MaximumSize,
_In_ ULONG  SectionPageProtection,
_In_ ULONG  AllocationAttributes,
_In_opt_ HANDLE  FileHandle 
)

◆ NtDeleteObjectAuditAlarm()

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtDeleteObjectAuditAlarm ( _In_ PUNICODE_STRING  SubsystemName,
_In_opt_ PVOID  HandleId,
_In_ BOOLEAN  GenerateOnClose 
)

◆ NtDeviceIoControlFile()

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtDeviceIoControlFile ( _In_ HANDLE  FileHandle,
_In_opt_ HANDLE  Event,
_In_opt_ PIO_APC_ROUTINE  ApcRoutine,
_In_opt_ PVOID  ApcContext,
_Out_ PIO_STATUS_BLOCK  IoStatusBlock,
_In_ ULONG  IoControlCode,
_In_reads_bytes_opt_(InputBufferLength) PVOID  InputBuffer,
_In_ ULONG  InputBufferLength,
_Out_writes_bytes_opt_(OutputBufferLength) PVOID  OutputBuffer,
_In_ ULONG  OutputBufferLength 
)

◆ NtDuplicateToken()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtDuplicateToken ( _In_ HANDLE  ExistingTokenHandle,
_In_ ACCESS_MASK  DesiredAccess,
_In_opt_ POBJECT_ATTRIBUTES  ObjectAttributes,
_In_ BOOLEAN  EffectiveOnly,
_In_ TOKEN_TYPE  TokenType,
_Out_ PHANDLE  NewTokenHandle 
)

Definition at line 3475 of file token.c.

3482 {
3484  HANDLE hToken;
3485  PTOKEN Token;
3486  PTOKEN NewToken;
3487  PSECURITY_QUALITY_OF_SERVICE CapturedSecurityQualityOfService;
3488  BOOLEAN QoSPresent;
3490  NTSTATUS Status;
3491 
3492  PAGED_CODE();
3493 
3494  if (TokenType != TokenImpersonation &&
3496  {
3497  return STATUS_INVALID_PARAMETER;
3498  }
3499 
3501 
3502  if (PreviousMode != KernelMode)
3503  {
3504  _SEH2_TRY
3505  {
3507  }
3509  {
3510  /* Return the exception code */
3512  }
3513  _SEH2_END;
3514  }
3515 
3517  PreviousMode,
3518  PagedPool,
3519  FALSE,
3520  &CapturedSecurityQualityOfService,
3521  &QoSPresent);
3522  if (!NT_SUCCESS(Status))
3523  {
3524  DPRINT1("NtDuplicateToken() failed to capture QoS! Status: 0x%x\n", Status);
3525  return Status;
3526  }
3527 
3528  Status = ObReferenceObjectByHandle(ExistingTokenHandle,
3531  PreviousMode,
3532  (PVOID*)&Token,
3534  if (!NT_SUCCESS(Status))
3535  {
3536  DPRINT1("Failed to reference token (Status 0x%lx)\n", Status);
3537  SepReleaseSecurityQualityOfService(CapturedSecurityQualityOfService,
3538  PreviousMode,
3539  FALSE);
3540  return Status;
3541  }
3542 
3543  /*
3544  * Fail, if the original token is an impersonation token and the caller
3545  * tries to raise the impersonation level of the new token above the
3546  * impersonation level of the original token.
3547  */
3548  if (Token->TokenType == TokenImpersonation)
3549  {
3550  if (QoSPresent &&
3551  CapturedSecurityQualityOfService->ImpersonationLevel >Token->ImpersonationLevel)
3552  {
3554  SepReleaseSecurityQualityOfService(CapturedSecurityQualityOfService,
3555  PreviousMode,
3556  FALSE);
3558  }
3559  }
3560 
3561  /*
3562  * Fail, if a primary token is to be created from an impersonation token
3563  * and and the impersonation level of the impersonation token is below SecurityImpersonation.
3564  */
3565  if (Token->TokenType == TokenImpersonation &&
3566  TokenType == TokenPrimary &&
3567  Token->ImpersonationLevel < SecurityImpersonation)
3568  {
3570  SepReleaseSecurityQualityOfService(CapturedSecurityQualityOfService,
3571  PreviousMode,
3572  FALSE);
3574  }
3575 
3578  EffectiveOnly,
3579  TokenType,
3580  (QoSPresent ? CapturedSecurityQualityOfService->ImpersonationLevel : SecurityAnonymous),
3581  PreviousMode,
3582  &NewToken);
3583 
3585 
3586  if (NT_SUCCESS(Status))
3587  {
3588  Status = ObInsertObject(NewToken,
3589  NULL,
3590  (DesiredAccess ? DesiredAccess : HandleInformation.GrantedAccess),
3591  0,
3592  NULL,
3593  &hToken);
3594  if (NT_SUCCESS(Status))
3595  {
3596  _SEH2_TRY
3597  {
3598  *NewTokenHandle = hToken;
3599  }
3601  {
3603  }
3604  _SEH2_END;
3605  }
3606  }
3607 
3608  /* Free the captured structure */
3609  SepReleaseSecurityQualityOfService(CapturedSecurityQualityOfService,
3610  PreviousMode,
3611  FALSE);
3612 
3613  return Status;
3614 }
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:35
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
Definition: wdfdevice.h:2654
#define STATUS_BAD_IMPERSONATION_LEVEL
Definition: ntstatus.h:401
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
#define KeGetPreviousMode()
Definition: ketypes.h:1107
LONG NTSTATUS
Definition: precomp.h:26
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
_SEH2_TRY
Definition: create.c:4226
NTSTATUS NTAPI SepDuplicateToken(_In_ PTOKEN Token, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ BOOLEAN EffectiveOnly, _In_ TOKEN_TYPE TokenType, _In_ SECURITY_IMPERSONATION_LEVEL Level, _In_ KPROCESSOR_MODE PreviousMode, _Out_ PTOKEN *NewAccessToken)
Definition: token.c:785
NTSTATUS NTAPI ObReferenceObjectByHandle(IN HANDLE Handle, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation OPTIONAL)
Definition: obref.c:494
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE _Out_ PHANDLE NewTokenHandle
Definition: sefuncs.h:417
#define FALSE
Definition: types.h:117
unsigned char BOOLEAN
POBJECT_TYPE SeTokenObjectType
Definition: token.c:19
Status
Definition: gdiplustypes.h:24
_In_ KPROCESSOR_MODE PreviousMode
Definition: sefuncs.h:103
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
#define ObDereferenceObject
Definition: obfuncs.h:203
#define ProbeForWriteHandle(Ptr)
Definition: probe.h:43
_In_ ACCESS_MASK _In_opt_ POBJECT_TYPE _In_ KPROCESSOR_MODE _Out_ PVOID _Out_opt_ POBJECT_HANDLE_INFORMATION HandleInformation
Definition: obfuncs.h:40
CCHAR KPROCESSOR_MODE
Definition: ketypes.h:7
#define TOKEN_DUPLICATE
Definition: setypes.h:876
VOID NTAPI SepReleaseSecurityQualityOfService(_In_opt_ PSECURITY_QUALITY_OF_SERVICE CapturedSecurityQualityOfService, _In_ KPROCESSOR_MODE AccessMode, _In_ BOOLEAN CaptureIfKernel)
Releases (frees) the captured SQOS data from an object in the memory pool.
Definition: sqos.c:225
_SEH2_END
Definition: create.c:4400
NTSTATUS NTAPI ObInsertObject(IN PVOID Object, IN PACCESS_STATE AccessState OPTIONAL, IN ACCESS_MASK DesiredAccess, IN ULONG ObjectPointerBias, OUT PVOID *NewObject OPTIONAL, OUT PHANDLE Handle)
Definition: obhandle.c:2931
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
Definition: lsa.idl:65
#define NULL
Definition: types.h:112
#define DPRINT1
Definition: precomp.h:8
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:40
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:165
#define _SEH2_YIELD(__stmt)
Definition: pseh2_64.h:168
NTSTATUS NTAPI SepCaptureSecurityQualityOfService(_In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ KPROCESSOR_MODE AccessMode, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PSECURITY_QUALITY_OF_SERVICE *CapturedSecurityQualityOfService, _Out_ PBOOLEAN Present)
Captures the security quality of service data given the object attributes from an object.
Definition: sqos.c:52
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN EffectiveOnly
Definition: sefuncs.h:417
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE TokenType
Definition: sefuncs.h:417
#define PAGED_CODE()

Referenced by CreateProcessAsUserCommon(), DuplicateTokenEx(), and ImpersonateLoggedOnUser().

◆ NtFilterToken()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtFilterToken ( _In_ HANDLE  ExistingTokenHandle,
_In_ ULONG  Flags,
_In_opt_ PTOKEN_GROUPS  SidsToDisable,
_In_opt_ PTOKEN_PRIVILEGES  PrivilegesToDelete,
_In_opt_ PTOKEN_GROUPS  RestrictedSids,
_Out_ PHANDLE  NewTokenHandle 
)

◆ NtFsControlFile()

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtFsControlFile ( _In_ HANDLE  FileHandle,
_In_opt_ HANDLE  Event,
_In_opt_ PIO_APC_ROUTINE  ApcRoutine,
_In_opt_ PVOID  ApcContext,
_Out_ PIO_STATUS_BLOCK  IoStatusBlock,
_In_ ULONG  FsControlCode,
_In_reads_bytes_opt_(InputBufferLength) PVOID  InputBuffer,
_In_ ULONG  InputBufferLength,
_Out_writes_bytes_opt_(OutputBufferLength) PVOID  OutputBuffer,
_In_ ULONG  OutputBufferLength 
)

◆ NtImpersonateAnonymousToken()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtImpersonateAnonymousToken ( _In_ HANDLE  ThreadHandle)

Allows the calling thread to impersonate the system's anonymous logon token.

Parameters
[in]ThreadHandleA handle to the thread to start the procedure of logon token impersonation. The thread must have the THREAD_IMPERSONATE access right.
Returns
Returns STATUS_SUCCESS if the thread has successfully impersonated the anonymous logon token, otherwise a failure NTSTATUS code is returned.
Remarks
By default the system gives the opportunity to the caller to impersonate the anonymous logon token without including the Everyone Group SID. In cases where the caller wants to impersonate the token including such group, the EveryoneIncludesAnonymous registry value setting has to be set to 1, from HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa registry path. The calling thread must invoke PsRevertToSelf when impersonation is no longer needed or RevertToSelf if the calling execution is done in user mode.

Definition at line 4561 of file token.c.

4563 {
4564  PETHREAD Thread;
4566  NTSTATUS Status;
4567  PAGED_CODE();
4568 
4570 
4571  /* Obtain the thread object from the handle */
4572  Status = ObReferenceObjectByHandle(ThreadHandle,
4574  PsThreadType,
4575  PreviousMode,
4576  (PVOID*)&Thread,
4577  NULL);
4578  if (!NT_SUCCESS(Status))
4579  {
4580  DPRINT1("NtImpersonateAnonymousToken(): Failed to reference the object (Status 0x%lx)\n", Status);
4581  return Status;
4582  }
4583 
4584  /* Call the private routine to impersonate the token */
4586  if (!NT_SUCCESS(Status))
4587  {
4588  DPRINT1("NtImpersonateAnonymousToken(): Failed to impersonate the token (Status 0x%lx)\n", Status);
4589  }
4590 
4592  return Status;
4593 }
#define THREAD_IMPERSONATE
Definition: pstypes.h:151
LONG NTSTATUS
Definition: precomp.h:26
static NTSTATUS SepImpersonateAnonymousToken(_In_ PETHREAD Thread, _In_ KPROCESSOR_MODE PreviousMode)
Private function that impersonates the system's anonymous logon token. The major bulk of the imperson...
Definition: token.c:379
KPROCESSOR_MODE NTAPI ExGetPreviousMode(VOID)
Definition: sysinfo.c:3070
NTSTATUS NTAPI ObReferenceObjectByHandle(IN HANDLE Handle, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation OPTIONAL)
Definition: obref.c:494
Status
Definition: gdiplustypes.h:24
_In_ KPROCESSOR_MODE PreviousMode
Definition: sefuncs.h:103
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
#define ObDereferenceObject
Definition: obfuncs.h:203
_In_opt_ PFILE_OBJECT _In_opt_ PETHREAD Thread
Definition: fltkernel.h:2652
CCHAR KPROCESSOR_MODE
Definition: ketypes.h:7
POBJECT_TYPE PsThreadType
Definition: thread.c:20
#define NULL
Definition: types.h:112
#define DPRINT1
Definition: precomp.h:8
#define PAGED_CODE()

Referenced by ImpersonateAnonymousToken(), and START_TEST().

◆ NtLockFile()

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtLockFile ( _In_ HANDLE  FileHandle,
_In_opt_ HANDLE  Event,
_In_opt_ PIO_APC_ROUTINE  ApcRoutine,
_In_opt_ PVOID  ApcContext,
_Out_ PIO_STATUS_BLOCK  IoStatusBlock,
_In_ PLARGE_INTEGER  ByteOffset,
_In_ PLARGE_INTEGER  Length,
_In_ ULONG  Key,
_In_ BOOLEAN  FailImmediately,
_In_ BOOLEAN  ExclusiveLock 
)

◆ NtOpenFile()

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtOpenFile ( _Out_ PHANDLE  FileHandle,
_In_ ACCESS_MASK  DesiredAccess,
_In_ POBJECT_ATTRIBUTES  ObjectAttributes,
_Out_ PIO_STATUS_BLOCK  IoStatusBlock,
_In_ ULONG  ShareAccess,
_In_ ULONG  OpenOptions 
)

◆ NtOpenJobObjectToken()

_Must_inspect_result_ NTSYSAPI NTSTATUS NTAPI NtOpenJobObjectToken ( _In_ HANDLE  JobHandle,
_In_ ACCESS_MASK  DesiredAccess,
_Out_ PHANDLE  TokenHandle 
)

◆ NtOpenObjectAuditAlarm()

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtOpenObjectAuditAlarm ( _In_ PUNICODE_STRING  SubsystemName,
_In_opt_ PVOID  HandleId,
_In_ PUNICODE_STRING  ObjectTypeName,
_In_ PUNICODE_STRING  ObjectName,
_In_opt_ PSECURITY_DESCRIPTOR  SecurityDescriptor,
_In_ HANDLE  ClientToken,
_In_ ACCESS_MASK  DesiredAccess,
_In_ ACCESS_MASK  GrantedAccess,
_In_opt_ PPRIVILEGE_SET  Privileges,
_In_ BOOLEAN  ObjectCreation,
_In_ BOOLEAN  AccessGranted,
_Out_ PBOOLEAN  GenerateOnClose 
)

Definition at line 1003 of file audit.c.

1016 {
1017  PTOKEN ClientToken;
1018  PSECURITY_DESCRIPTOR CapturedSecurityDescriptor;
1019  UNICODE_STRING CapturedSubsystemName, CapturedObjectTypeName, CapturedObjectName;
1020  ULONG PrivilegeCount, PrivilegeSetSize;
1021  volatile PPRIVILEGE_SET CapturedPrivilegeSet;
1022  BOOLEAN LocalGenerateOnClose;
1023  PVOID CapturedHandleId;
1025  NTSTATUS Status;
1026  PAGED_CODE();
1027 
1028  /* Only user mode is supported! */
1030 
1031  /* Start clean */
1032  ClientToken = NULL;
1033  CapturedSecurityDescriptor = NULL;
1034  CapturedPrivilegeSet = NULL;
1035  CapturedSubsystemName.Buffer = NULL;
1036  CapturedObjectTypeName.Buffer = NULL;
1037  CapturedObjectName.Buffer = NULL;
1038 
1039  /* Reference the client token */
1040  Status = ObReferenceObjectByHandle(ClientTokenHandle,
1041  TOKEN_QUERY,
1043  UserMode,
1044  (PVOID*)&ClientToken,
1045  NULL);
1046  if (!NT_SUCCESS(Status))
1047  {
1048  DPRINT1("Failed to reference token handle %p: %lx\n",
1049  ClientTokenHandle, Status);
1050  return Status;
1051  }
1052 
1053  /* Capture the security subject context */
1055 
1056  /* Validate the token's impersonation level */
1057  if ((ClientToken->TokenType == TokenImpersonation) &&
1058  (ClientToken->ImpersonationLevel < SecurityIdentification))
1059  {
1060  DPRINT1("Invalid impersonation level (%u)\n", ClientToken->ImpersonationLevel);
1062  goto Cleanup;
1063  }
1064 
1065  /* Check for audit privilege */
1067  {
1068  DPRINT1("Caller does not have SeAuditPrivilege\n");
1070  goto Cleanup;
1071  }
1072 
1073  /* Check for NULL SecurityDescriptor */
1074  if (SecurityDescriptor == NULL)
1075  {
1076  /* Nothing to do */
1078  goto Cleanup;
1079  }
1080 
1081  /* Capture the security descriptor */
1083  UserMode,
1084  PagedPool,
1085  FALSE,
1086  &CapturedSecurityDescriptor);
1087  if (!NT_SUCCESS(Status))
1088  {
1089  DPRINT1("Failed to capture security descriptor!\n");
1090  goto Cleanup;
1091  }
1092 
1093  _SEH2_TRY
1094  {
1095  /* Check if we have a privilege set */
1096  if (PrivilegeSet != NULL)
1097  {
1098  /* Probe the basic privilege set structure */
1099  ProbeForRead(PrivilegeSet, sizeof(PRIVILEGE_SET), sizeof(ULONG));
1100 
1101  /* Validate privilege count */
1102  PrivilegeCount = PrivilegeSet->PrivilegeCount;
1103  if (PrivilegeCount > SEP_PRIVILEGE_SET_MAX_COUNT)
1104  {
1106  _SEH2_YIELD(goto Cleanup);
1107  }
1108 
1109  /* Calculate the size of the PrivilegeSet structure */
1110  PrivilegeSetSize = FIELD_OFFSET(PRIVILEGE_SET, Privilege[PrivilegeCount]);
1111 
1112  /* Probe the whole structure */
1113  ProbeForRead(PrivilegeSet, PrivilegeSetSize, sizeof(ULONG));
1114 
1115  /* Allocate a temp buffer */
1116  CapturedPrivilegeSet = ExAllocatePoolWithTag(PagedPool,
1117  PrivilegeSetSize,
1119  if (CapturedPrivilegeSet == NULL)
1120  {
1121  DPRINT1("Failed to allocate %u bytes\n", PrivilegeSetSize);
1123  _SEH2_YIELD(goto Cleanup);
1124  }
1125 
1126  /* Copy the privileges */
1127  RtlCopyMemory(CapturedPrivilegeSet, PrivilegeSet, PrivilegeSetSize);
1128  }
1129 
1130  if (HandleId != NULL)
1131  {
1132  ProbeForRead(HandleId, sizeof(PVOID), sizeof(PVOID));
1133  CapturedHandleId = *(PVOID*)HandleId;
1134  }
1135 
1136  ProbeForWrite(GenerateOnClose, sizeof(BOOLEAN), sizeof(BOOLEAN));
1137  }
1139  {
1141  DPRINT1("Exception while probing parameters: 0x%lx\n", Status);
1142  _SEH2_YIELD(goto Cleanup);
1143  }
1144  _SEH2_END;
1145 
1146  /* Probe and capture the subsystem name */
1147  Status = ProbeAndCaptureUnicodeString(&CapturedSubsystemName,
1148  UserMode,
1149  SubsystemName);
1150  if (!NT_SUCCESS(Status))
1151  {
1152  DPRINT1("Failed to capture subsystem name!\n");
1153  goto Cleanup;
1154  }
1155 
1156  /* Probe and capture the object type name */
1157  Status = ProbeAndCaptureUnicodeString(&CapturedObjectTypeName,
1158  UserMode,
1159  ObjectTypeName);
1160  if (!NT_SUCCESS(Status))
1161  {
1162  DPRINT1("Failed to capture object type name!\n");
1163  goto Cleanup;
1164  }
1165 
1166  /* Probe and capture the object name */
1167  Status = ProbeAndCaptureUnicodeString(&CapturedObjectName,
1168  UserMode,
1169  ObjectName);
1170  if (!NT_SUCCESS(Status))
1171  {
1172  DPRINT1("Failed to capture object name!\n");
1173  goto Cleanup;
1174  }
1175 
1176  /* Call the internal function */
1178  &CapturedSubsystemName,
1179  CapturedHandleId,
1180  &CapturedObjectTypeName,
1181  &CapturedObjectName,
1182  CapturedSecurityDescriptor,
1183  ClientToken,
1184  DesiredAccess,
1185  GrantedAccess,
1186  CapturedPrivilegeSet,
1187  ObjectCreation,
1188  AccessGranted,
1189  &LocalGenerateOnClose);
1190 
1192 
1193  /* Enter SEH to copy the data back to user mode */
1194  _SEH2_TRY
1195  {
1196  *GenerateOnClose = LocalGenerateOnClose;
1197  }
1199  {
1201  DPRINT1("Exception while copying back data: 0x%lx\n", Status);
1202  }
1203  _SEH2_END;
1204 
1205 Cleanup:
1206 
1207  if (CapturedObjectName.Buffer != NULL)
1208  ReleaseCapturedUnicodeString(&CapturedObjectName, UserMode);
1209 
1210  if (CapturedObjectTypeName.Buffer != NULL)
1211  ReleaseCapturedUnicodeString(&CapturedObjectTypeName, UserMode);
1212 
1213  if (CapturedSubsystemName.Buffer != NULL)
1214  ReleaseCapturedUnicodeString(&CapturedSubsystemName, UserMode);
1215 
1216  if (CapturedSecurityDescriptor != NULL)
1217  SeReleaseSecurityDescriptor(CapturedSecurityDescriptor, UserMode, FALSE);
1218 
1219  if (CapturedPrivilegeSet != NULL)
1220  ExFreePoolWithTag(CapturedPrivilegeSet, TAG_PRIVILEGE_SET);
1221 
1222  /* Release the security subject context */
1224 
1225  ObDereferenceObject(ClientToken);
1226 
1227  return Status;
1228 }
static __inline NTSTATUS ProbeAndCaptureUnicodeString(OUT PUNICODE_STRING Dest, IN KPROCESSOR_MODE CurrentMode, IN const UNICODE_STRING *UnsafeSrc)
Definition: probe.h:142
static POBJECTS_AND_NAME_A SE_OBJECT_TYPE LPSTR ObjectTypeName
Definition: security.c:77
TOKEN_TYPE TokenType
Definition: setypes.h:221
VOID NTAPI SeCaptureSubjectContext(OUT PSECURITY_SUBJECT_CONTEXT SubjectContext)
Definition: access.c:301
#define STATUS_PRIVILEGE_NOT_HELD
Definition: DriverTester.h:9
_Inout_ PLIST_ENTRY _In_ PVOID _In_ PSTRING _In_ BOOLEAN _In_ BOOLEAN _In_ ULONG _In_ PFLT_CALLBACK_DATA _In_opt_ PCHECK_FOR_TRAVERSE_ACCESS _In_opt_ PSECURITY_SUBJECT_CONTEXT SubjectContext
Definition: fltkernel.h:2238
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
Definition: wdfdevice.h:2654
VOID NTAPI SeReleaseSubjectContext(IN PSECURITY_SUBJECT_CONTEXT SubjectContext)
Definition: access.c:360
#define STATUS_BAD_IMPERSONATION_LEVEL
Definition: ntstatus.h:401
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:182
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
LONG NTSTATUS
Definition: precomp.h:26
KPROCESSOR_MODE NTAPI ExGetPreviousMode(VOID)
Definition: sysinfo.c:3070
_In_ PVOID _Out_opt_ PULONG_PTR _Outptr_opt_ PCUNICODE_STRING * ObjectName
Definition: cmfuncs.h:62
#define SEP_PRIVILEGE_SET_MAX_COUNT
Definition: audit.c:17
VOID NTAPI ProbeForWrite(IN PVOID Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:143
NTSTATUS NTAPI SeReleaseSecurityDescriptor(IN PSECURITY_DESCRIPTOR CapturedSecurityDescriptor, IN KPROCESSOR_MODE CurrentMode, IN BOOLEAN CaptureIfKernelMode)
Definition: sd.c:608
_SEH2_TRY
Definition: create.c:4226
NTSTATUS NTAPI ObReferenceObjectByHandle(IN HANDLE Handle, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation OPTIONAL)
Definition: obref.c:494
#define FALSE
Definition: types.h:117
unsigned char BOOLEAN
POBJECT_TYPE SeTokenObjectType
Definition: token.c:19
Status
Definition: gdiplustypes.h:24
static __inline VOID ReleaseCapturedUnicodeString(IN PUNICODE_STRING CapturedString, IN KPROCESSOR_MODE CurrentMode)
Definition: probe.h:239
#define TOKEN_QUERY
Definition: setypes.h:878
#define ASSERT(a)
Definition: mode.c:44
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
#define ObDereferenceObject
Definition: obfuncs.h:203
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE _In_ BOOLEAN _In_ BOOLEAN _In_ KPROCESSOR_MODE _In_opt_ GUID _Out_ PBOOLEAN GenerateOnClose
Definition: sefuncs.h:414
BOOL Privilege(LPTSTR pszPrivilege, BOOL bEnable)
Definition: user_lib.cpp:531
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
VOID NTAPI ProbeForRead(IN CONST VOID *Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:102
static const WCHAR Cleanup[]
Definition: register.c:80
_SEH2_END
Definition: create.c:4400
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE _In_ BOOLEAN _In_ BOOLEAN AccessGranted
Definition: sefuncs.h:414
#define FIELD_OFFSET(t, f)
Definition: typedefs.h:255
#define NULL
Definition: types.h:112
BOOLEAN NTAPI SeCheckAuditPrivilege(_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, _In_ KPROCESSOR_MODE PreviousMode)
Definition: priv.c:253
#define DPRINT1
Definition: precomp.h:8
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
Definition: setypes.h:222
unsigned int ULONG
Definition: retypes.h:1
#define RtlCopyMemory(Destination, Source, Length)
Definition: typedefs.h:263
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:40
NTSTATUS NTAPI SeCaptureSecurityDescriptor(IN PSECURITY_DESCRIPTOR _OriginalSecurityDescriptor, IN KPROCESSOR_MODE CurrentMode, IN POOL_TYPE PoolType, IN BOOLEAN CaptureIfKernel, OUT PSECURITY_DESCRIPTOR *CapturedSecurityDescriptor)
Definition: sd.c:272
#define TAG_PRIVILEGE_SET
Definition: tag.h:179
#define STATUS_SUCCESS
Definition: shellext.h:65
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:165
#define _SEH2_YIELD(__stmt)
Definition: pseh2_64.h:168
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK GrantedAccess
Definition: sefuncs.h:13
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1099
VOID NTAPI SepOpenObjectAuditAlarm(_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, _In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ PUNICODE_STRING ObjectTypeName, _In_ PUNICODE_STRING ObjectName, _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ PTOKEN ClientToken, _In_ ACCESS_MASK DesiredAccess, _In_ ACCESS_MASK GrantedAccess, _In_opt_ PPRIVILEGE_SET Privileges, _In_ BOOLEAN ObjectCreation, _In_ BOOLEAN AccessGranted, _Out_ PBOOLEAN GenerateOnClose)
Definition: audit.c:969
#define PAGED_CODE()

Referenced by ObjectOpenAuditAlarmA(), and ObjectOpenAuditAlarmW().

◆ NtOpenProcessToken()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtOpenProcessToken ( _In_ HANDLE  ProcessHandle,
_In_ ACCESS_MASK  DesiredAccess,
_Out_ PHANDLE  TokenHandle 
)

◆ NtOpenProcessTokenEx()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtOpenProcessTokenEx ( _In_ HANDLE  ProcessHandle,
_In_ ACCESS_MASK  DesiredAccess,
_In_ ULONG  HandleAttributes,
_Out_ PHANDLE  TokenHandle 
)

◆ NtOpenThreadToken()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtOpenThreadToken ( _In_ HANDLE  ThreadHandle,
_In_ ACCESS_MASK  DesiredAccess,
_In_ BOOLEAN  OpenAsSelf,
_Out_ PHANDLE  TokenHandle 
)

◆ NtOpenThreadTokenEx()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtOpenThreadTokenEx ( _In_ HANDLE  ThreadHandle,
_In_ ACCESS_MASK  DesiredAccess,
_In_ BOOLEAN  OpenAsSelf,
_In_ ULONG  HandleAttributes,
_Out_ PHANDLE  TokenHandle 
)

◆ NtPrivilegeCheck()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtPrivilegeCheck ( _In_ HANDLE  ClientToken,
_Inout_ PPRIVILEGE_SET  RequiredPrivileges,
_Out_ PBOOLEAN  Result 
)

◆ NtPrivilegedServiceAuditAlarm()

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtPrivilegedServiceAuditAlarm ( _In_ PUNICODE_STRING  SubsystemName,
_In_ PUNICODE_STRING  ServiceName,
_In_ HANDLE  ClientToken,
_In_ PPRIVILEGE_SET  Privileges,
_In_ BOOLEAN  AccessGranted 
)

◆ NtPrivilegeObjectAuditAlarm()

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtPrivilegeObjectAuditAlarm ( _In_ PUNICODE_STRING  SubsystemName,
_In_opt_ PVOID  HandleId,
_In_ HANDLE  ClientToken,
_In_ ACCESS_MASK  DesiredAccess,
_In_ PPRIVILEGE_SET  Privileges,
_In_ BOOLEAN  AccessGranted 
)

◆ NtQueryDirectoryFile()

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtQueryDirectoryFile ( _In_ HANDLE  FileHandle,
_In_opt_ HANDLE  Event,
_In_opt_ PIO_APC_ROUTINE  ApcRoutine,
_In_opt_ PVOID  ApcContext,
_Out_ PIO_STATUS_BLOCK  IoStatusBlock,
_Out_writes_bytes_(Length) PVOID  FileInformation,
_In_ ULONG  Length,
_In_ FILE_INFORMATION_CLASS  FileInformationClass,
_In_ BOOLEAN  ReturnSingleEntry,
_In_opt_ PUNICODE_STRING  FileName,
_In_ BOOLEAN  RestartScan 
)

◆ NtQueryInformationFile()

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtQueryInformationFile ( _In_ HANDLE  FileHandle,