ReactOS  0.4.15-dev-2522-g9e0a3cd
ntifs.template.h File Reference
#include <ntddk.h>
#include <excpt.h>
#include <ntdef.h>
#include <ntnls.h>
#include <ntstatus.h>
#include <bugcodes.h>
#include <ntiologc.h>
#include <guiddef.h>
#include "csq.h"
Include dependency graph for ntifs.template.h:

Go to the source code of this file.

Classes

struct  _MSV1_0_INTERACTIVE_LOGON
 
struct  _MSV1_0_INTERACTIVE_PROFILE
 
struct  _MSV1_0_LM20_LOGON
 
struct  _MSV1_0_SUBAUTH_LOGON
 
struct  _MSV1_0_LM20_LOGON_PROFILE
 
struct  _MSV1_0_SUPPLEMENTAL_CREDENTIAL
 
struct  _MSV1_0_NTLM3_RESPONSE
 
struct  _MSV1_0_AV_PAIR
 
struct  _MSV1_0_LM20_CHALLENGE_REQUEST
 
struct  _MSV1_0_LM20_CHALLENGE_RESPONSE
 
struct  _MSV1_0_GETCHALLENRESP_REQUEST_V1
 
struct  _MSV1_0_GETCHALLENRESP_REQUEST
 
struct  _MSV1_0_GETCHALLENRESP_RESPONSE
 
struct  _MSV1_0_ENUMUSERS_REQUEST
 
struct  _MSV1_0_ENUMUSERS_RESPONSE
 
struct  _MSV1_0_GETUSERINFO_REQUEST
 
struct  _MSV1_0_GETUSERINFO_RESPONSE
 
struct  _PUBLIC_OBJECT_TYPE_INFORMATION
 
struct  _NETWORK_OPEN_ECP_CONTEXT
 
struct  _NETWORK_OPEN_ECP_CONTEXT_V0
 
struct  _PREFETCH_OPEN_ECP_CONTEXT
 
struct  _NFS_OPEN_ECP_CONTEXT
 
struct  _SRV_OPEN_ECP_CONTEXT
 
struct  _QUERY_PATH_REQUEST
 
struct  _QUERY_PATH_REQUEST_EX
 
struct  _QUERY_PATH_RESPONSE
 
struct  _OBJECT_BASIC_INFORMATION
 
struct  _FILE_COPY_ON_WRITE_INFORMATION
 
struct  _FILE_FULL_DIRECTORY_INFORMATION
 
struct  _FILE_SHARED_LOCK_ENTRY
 
struct  _FILE_EXCLUSIVE_LOCK_ENTRY
 
struct  _FILE_MAILSLOT_PEEK_BUFFER
 
struct  _FILE_OLE_CLASSID_INFORMATION
 
struct  _FILE_OLE_ALL_INFORMATION
 
struct  _FILE_OLE_DIR_INFORMATION
 
struct  _FILE_OLE_INFORMATION
 
struct  _FILE_OLE_STATE_BITS_INFORMATION
 
struct  _MAPPING_PAIR
 
struct  _GET_RETRIEVAL_DESCRIPTOR
 
struct  _MOVEFILE_DESCRIPTOR
 
struct  _OBJECT_BASIC_INFO
 
struct  _OBJECT_HANDLE_ATTRIBUTE_INFO
 
struct  _OBJECT_NAME_INFO
 
struct  _OBJECT_PROTECTION_INFO
 
struct  _OBJECT_TYPE_INFO
 
struct  _OBJECT_ALL_TYPES_INFO
 
struct  _PORT_MESSAGE
 
struct  _PORT_VIEW
 
struct  _REMOTE_PORT_VIEW
 
struct  _VAD_HEADER
 

Macros

#define _NTIFS_INCLUDED_
 
#define _GNU_NTIFS_
 
#define FlagOn(_F, _SF)   ((_F) & (_SF))
 
#define BooleanFlagOn(F, SF)   ((BOOLEAN)(((F) & (SF)) != 0))
 
#define SetFlag(_F, _SF)   ((_F) |= (_SF))
 
#define ClearFlag(_F, _SF)   ((_F) &= ~(_SF))
 
#define COMPRESSION_FORMAT_NONE   (0x0000)
 
#define COMPRESSION_FORMAT_DEFAULT   (0x0001)
 
#define COMPRESSION_FORMAT_LZNT1   (0x0002)
 
#define COMPRESSION_ENGINE_STANDARD   (0x0000)
 
#define COMPRESSION_ENGINE_MAXIMUM   (0x0100)
 
#define COMPRESSION_ENGINE_HIBER   (0x0200)
 
#define MAX_UNICODE_STACK_BUFFER_LENGTH   256
 
#define METHOD_FROM_CTL_CODE(ctrlCode)   ((ULONG)(ctrlCode & 3))
 
#define METHOD_DIRECT_TO_HARDWARE   METHOD_IN_DIRECT
 
#define METHOD_DIRECT_FROM_HARDWARE   METHOD_OUT_DIRECT
 
#define _NTLSA_AUDIT_
 
#define _NTLSA_IFS_
 
#define MSV1_0_PACKAGE_NAME   "MICROSOFT_AUTHENTICATION_PACKAGE_V1_0"
 
#define MSV1_0_PACKAGE_NAMEW   L"MICROSOFT_AUTHENTICATION_PACKAGE_V1_0"
 
#define MSV1_0_PACKAGE_NAMEW_LENGTH   sizeof(MSV1_0_PACKAGE_NAMEW) - sizeof(WCHAR)
 
#define MSV1_0_SUBAUTHENTICATION_KEY   "SYSTEM\\CurrentControlSet\\Control\\Lsa\\MSV1_0"
 
#define MSV1_0_SUBAUTHENTICATION_VALUE   "Auth"
 
#define MSV1_0_CHALLENGE_LENGTH   8
 
#define MSV1_0_USER_SESSION_KEY_LENGTH   16
 
#define MSV1_0_LANMAN_SESSION_KEY_LENGTH   8
 
#define MSV1_0_CLEARTEXT_PASSWORD_ALLOWED   0x02
 
#define MSV1_0_UPDATE_LOGON_STATISTICS   0x04
 
#define MSV1_0_RETURN_USER_PARAMETERS   0x08
 
#define MSV1_0_DONT_TRY_GUEST_ACCOUNT   0x10
 
#define MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT   0x20
 
#define MSV1_0_RETURN_PASSWORD_EXPIRY   0x40
 
#define MSV1_0_USE_CLIENT_CHALLENGE   0x80
 
#define MSV1_0_TRY_GUEST_ACCOUNT_ONLY   0x100
 
#define MSV1_0_RETURN_PROFILE_PATH   0x200
 
#define MSV1_0_TRY_SPECIFIED_DOMAIN_ONLY   0x400
 
#define MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT   0x800
 
#define MSV1_0_DISABLE_PERSONAL_FALLBACK   0x00001000
 
#define MSV1_0_ALLOW_FORCE_GUEST   0x00002000
 
#define MSV1_0_SUBAUTHENTICATION_DLL_EX   0x00100000
 
#define MSV1_0_ALLOW_MSVCHAPV2   0x00010000
 
#define MSV1_0_SUBAUTHENTICATION_DLL   0xFF000000
 
#define MSV1_0_SUBAUTHENTICATION_DLL_SHIFT   24
 
#define MSV1_0_MNS_LOGON   0x01000000
 
#define MSV1_0_SUBAUTHENTICATION_DLL_RAS   2
 
#define MSV1_0_SUBAUTHENTICATION_DLL_IIS   132
 
#define LOGON_GUEST   0x01
 
#define LOGON_NOENCRYPTION   0x02
 
#define LOGON_CACHED_ACCOUNT   0x04
 
#define LOGON_USED_LM_PASSWORD   0x08
 
#define LOGON_EXTRA_SIDS   0x20
 
#define LOGON_SUBAUTH_SESSION_KEY   0x40
 
#define LOGON_SERVER_TRUST_ACCOUNT   0x80
 
#define LOGON_NTLMV2_ENABLED   0x100
 
#define LOGON_RESOURCE_GROUPS   0x200
 
#define LOGON_PROFILE_PATH_RETURNED   0x400
 
#define LOGON_NT_V2   0x800
 
#define LOGON_LM_V2   0x1000
 
#define LOGON_NTLM_V2   0x2000
 
#define MSV1_0_SUBAUTHENTICATION_FLAGS   0xFF000000
 
#define LOGON_GRACE_LOGON   0x01000000
 
#define MSV1_0_OWF_PASSWORD_LENGTH   16
 
#define MSV1_0_CRED_LM_PRESENT   0x1
 
#define MSV1_0_CRED_NT_PRESENT   0x2
 
#define MSV1_0_CRED_VERSION   0
 
#define MSV1_0_NTLM3_RESPONSE_LENGTH   16
 
#define MSV1_0_NTLM3_OWF_LENGTH   16
 
#define MSV1_0_MAX_NTLM3_LIFE   129600
 
#define MSV1_0_MAX_AVL_SIZE   64000
 
#define MSV1_0_NTLM3_INPUT_LENGTH   (sizeof(MSV1_0_NTLM3_RESPONSE) - MSV1_0_NTLM3_RESPONSE_LENGTH)
 
#define USE_PRIMARY_PASSWORD   0x01
 
#define RETURN_PRIMARY_USERNAME   0x02
 
#define RETURN_PRIMARY_LOGON_DOMAINNAME   0x04
 
#define RETURN_NON_NT_USER_SESSION_KEY   0x08
 
#define GENERATE_CLIENT_CHALLENGE   0x10
 
#define GCR_NTLM3_PARMS   0x20
 
#define GCR_TARGET_INFO   0x40
 
#define RETURN_RESERVED_PARAMETER   0x80
 
#define GCR_ALLOW_NTLM   0x100
 
#define GCR_USE_OEM_SET   0x200
 
#define GCR_MACHINE_CREDENTIAL   0x400
 
#define GCR_USE_OWF_PASSWORD   0x800
 
#define GCR_ALLOW_LM   0x1000
 
#define GCR_ALLOW_NO_TARGET   0x2000
 
#define SYSTEM_PAGE_PRIORITY_BITS   3
 
#define SYSTEM_PAGE_PRIORITY_LEVELS   (1 << SYSTEM_PAGE_PRIORITY_BITS)
 
#define NLS_OEM_LEAD_BYTE_INFO   (*NlsOemLeadByteInfo)
 
#define NETWORK_OPEN_ECP_IN_FLAG_DISABLE_HANDLE_COLLAPSING   0x1
 
#define NETWORK_OPEN_ECP_IN_FLAG_DISABLE_HANDLE_DURABILITY   0x2
 
#define NETWORK_OPEN_ECP_IN_FLAG_FORCE_BUFFERED_SYNCHRONOUS_IO_HACK   0x80000000
 
#define PIN_WAIT   (1)
 
#define PIN_EXCLUSIVE   (2)
 
#define PIN_NO_READ   (4)
 
#define PIN_IF_BCB   (8)
 
#define PIN_CALLER_TRACKS_DIRTY_DATA   (32)
 
#define PIN_HIGH_PRIORITY   (64)
 
#define MAP_WAIT   1
 
#define MAP_NO_READ   (16)
 
#define MAP_HIGH_PRIORITY   (64)
 
#define IOCTL_REDIR_QUERY_PATH   CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 99, METHOD_NEITHER, FILE_ANY_ACCESS)
 
#define IOCTL_REDIR_QUERY_PATH_EX   CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 100, METHOD_NEITHER, FILE_ANY_ACCESS)
 
#define VOLSNAPCONTROLTYPE   0x00000053
 
#define IOCTL_VOLSNAP_FLUSH_AND_HOLD_WRITES   CTL_CODE(VOLSNAPCONTROLTYPE, 0, METHOD_BUFFERED, FILE_READ_ACCESS | FILE_WRITE_ACCESS)
 
#define VER_PRODUCTBUILD   10000
 
#define FS_LFN_APIS   0x00004000
 
#define FILE_STORAGE_TYPE_SPECIFIED   0x00000041 /* FILE_DIRECTORY_FILE | FILE_NON_DIRECTORY_FILE */
 
#define FILE_STORAGE_TYPE_DEFAULT   (StorageTypeDefault << FILE_STORAGE_TYPE_SHIFT)
 
#define FILE_STORAGE_TYPE_DIRECTORY   (StorageTypeDirectory << FILE_STORAGE_TYPE_SHIFT)
 
#define FILE_STORAGE_TYPE_FILE   (StorageTypeFile << FILE_STORAGE_TYPE_SHIFT)
 
#define FILE_STORAGE_TYPE_DOCFILE   (StorageTypeDocfile << FILE_STORAGE_TYPE_SHIFT)
 
#define FILE_STORAGE_TYPE_JUNCTION_POINT   (StorageTypeJunctionPoint << FILE_STORAGE_TYPE_SHIFT)
 
#define FILE_STORAGE_TYPE_CATALOG   (StorageTypeCatalog << FILE_STORAGE_TYPE_SHIFT)
 
#define FILE_STORAGE_TYPE_STRUCTURED_STORAGE   (StorageTypeStructuredStorage << FILE_STORAGE_TYPE_SHIFT)
 
#define FILE_STORAGE_TYPE_EMBEDDING   (StorageTypeEmbedding << FILE_STORAGE_TYPE_SHIFT)
 
#define FILE_STORAGE_TYPE_STREAM   (StorageTypeStream << FILE_STORAGE_TYPE_SHIFT)
 
#define FILE_MINIMUM_STORAGE_TYPE   FILE_STORAGE_TYPE_DEFAULT
 
#define FILE_MAXIMUM_STORAGE_TYPE   FILE_STORAGE_TYPE_STREAM
 
#define FILE_STORAGE_TYPE_MASK   0x000f0000
 
#define FILE_STORAGE_TYPE_SHIFT   16
 
#define FILE_VC_QUOTAS_LOG_VIOLATIONS   0x00000004
 
#define IO_ATTACH_DEVICE_API   0x80000000
 
#define IO_TYPE_APC   18
 
#define IO_TYPE_DPC   19
 
#define IO_TYPE_DEVICE_QUEUE   20
 
#define IO_TYPE_EVENT_PAIR   21
 
#define IO_TYPE_INTERRUPT   22
 
#define IO_TYPE_PROFILE   23
 
#define IRP_BEING_VERIFIED   0x10
 
#define MAILSLOT_CLASS_FIRSTCLASS   1
 
#define MAILSLOT_CLASS_SECONDCLASS   2
 
#define MAILSLOT_SIZE_AUTO   0
 
#define MEM_DOS_LIM   0x40000000
 
#define OB_TYPE_TYPE   1
 
#define OB_TYPE_DIRECTORY   2
 
#define OB_TYPE_SYMBOLIC_LINK   3
 
#define OB_TYPE_TOKEN   4
 
#define OB_TYPE_PROCESS   5
 
#define OB_TYPE_THREAD   6
 
#define OB_TYPE_EVENT   7
 
#define OB_TYPE_EVENT_PAIR   8
 
#define OB_TYPE_MUTANT   9
 
#define OB_TYPE_SEMAPHORE   10
 
#define OB_TYPE_TIMER   11
 
#define OB_TYPE_PROFILE   12
 
#define OB_TYPE_WINDOW_STATION   13
 
#define OB_TYPE_DESKTOP   14
 
#define OB_TYPE_SECTION   15
 
#define OB_TYPE_KEY   16
 
#define OB_TYPE_PORT   17
 
#define OB_TYPE_ADAPTER   18
 
#define OB_TYPE_CONTROLLER   19
 
#define OB_TYPE_DEVICE   20
 
#define OB_TYPE_DRIVER   21
 
#define OB_TYPE_IO_COMPLETION   22
 
#define OB_TYPE_FILE   23
 
#define SEC_BASED   0x00200000
 
#define FSCTL_GET_HFS_INFORMATION   CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 31, METHOD_BUFFERED, FILE_ANY_ACCESS)
 
#define FSCTL_READ_PROPERTY_DATA   CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 33, METHOD_NEITHER, FILE_ANY_ACCESS)
 
#define FSCTL_WRITE_PROPERTY_DATA   CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 34, METHOD_NEITHER, FILE_ANY_ACCESS)
 
#define FSCTL_DUMP_PROPERTY_DATA   CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 37, METHOD_NEITHER, FILE_ANY_ACCESS)
 
#define FSCTL_HSM_MSG   CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 66, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA)
 
#define FSCTL_NSS_CONTROL   CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 67, METHOD_BUFFERED, FILE_WRITE_DATA)
 
#define FSCTL_HSM_DATA   CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 68, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA)
 
#define FSCTL_NSS_RCONTROL   CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 70, METHOD_BUFFERED, FILE_READ_DATA)
 
#define FSCTL_NETWORK_SET_CONFIGURATION_INFO   CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 102, METHOD_IN_DIRECT, FILE_ANY_ACCESS)
 
#define FSCTL_NETWORK_GET_CONFIGURATION_INFO   CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 103, METHOD_OUT_DIRECT, FILE_ANY_ACCESS)
 
#define FSCTL_NETWORK_GET_CONNECTION_INFO   CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 104, METHOD_NEITHER, FILE_ANY_ACCESS)
 
#define FSCTL_NETWORK_ENUMERATE_CONNECTIONS   CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 105, METHOD_NEITHER, FILE_ANY_ACCESS)
 
#define FSCTL_NETWORK_DELETE_CONNECTION   CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 107, METHOD_BUFFERED, FILE_ANY_ACCESS)
 
#define FSCTL_NETWORK_GET_STATISTICS   CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 116, METHOD_BUFFERED, FILE_ANY_ACCESS)
 
#define FSCTL_NETWORK_SET_DOMAIN_NAME   CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 120, METHOD_BUFFERED, FILE_ANY_ACCESS)
 
#define FSCTL_NETWORK_REMOTE_BOOT_INIT_SCRT   CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 250, METHOD_BUFFERED, FILE_ANY_ACCESS)
 
#define LPC_CLIENT_ID   CLIENT_ID
 
#define LPC_SIZE_T   SIZE_T
 
#define LPC_PVOID   PVOID
 
#define LPC_HANDLE   HANDLE
 
#define LPC_KERNELMODE_MESSAGE   (CSHORT)((USHORT)0x8000)
 
#define PsDereferenceImpersonationToken(T)
 
#define SeEnableAccessToExports()   SeExports = *(PSE_EXPORTS *)SeExports;
 

Typedefs

typedef STRING LSA_STRING
 
typedef STRINGPLSA_STRING
 
typedef OBJECT_ATTRIBUTES LSA_OBJECT_ATTRIBUTES
 
typedef OBJECT_ATTRIBUTESPLSA_OBJECT_ATTRIBUTES
 
typedef ULONG LSA_OPERATIONAL_MODE
 
typedef ULONGPLSA_OPERATIONAL_MODE
 
typedef enum _SECURITY_LOGON_TYPE SECURITY_LOGON_TYPE
 
typedef enum _SECURITY_LOGON_TYPEPSECURITY_LOGON_TYPE
 
typedef enum _MSV1_0_LOGON_SUBMIT_TYPE MSV1_0_LOGON_SUBMIT_TYPE
 
typedef enum _MSV1_0_LOGON_SUBMIT_TYPEPMSV1_0_LOGON_SUBMIT_TYPE
 
typedef enum _MSV1_0_PROFILE_BUFFER_TYPE MSV1_0_PROFILE_BUFFER_TYPE
 
typedef enum _MSV1_0_PROFILE_BUFFER_TYPEPMSV1_0_PROFILE_BUFFER_TYPE
 
typedef struct _MSV1_0_INTERACTIVE_LOGON MSV1_0_INTERACTIVE_LOGON
 
typedef struct _MSV1_0_INTERACTIVE_LOGONPMSV1_0_INTERACTIVE_LOGON
 
typedef struct _MSV1_0_INTERACTIVE_PROFILE MSV1_0_INTERACTIVE_PROFILE
 
typedef struct _MSV1_0_INTERACTIVE_PROFILEPMSV1_0_INTERACTIVE_PROFILE
 
typedef struct _MSV1_0_LM20_LOGON MSV1_0_LM20_LOGON
 
typedef struct _MSV1_0_LM20_LOGONPMSV1_0_LM20_LOGON
 
typedef struct _MSV1_0_SUBAUTH_LOGON MSV1_0_SUBAUTH_LOGON
 
typedef struct _MSV1_0_SUBAUTH_LOGONPMSV1_0_SUBAUTH_LOGON
 
typedef struct _MSV1_0_LM20_LOGON_PROFILE MSV1_0_LM20_LOGON_PROFILE
 
typedef struct _MSV1_0_LM20_LOGON_PROFILEPMSV1_0_LM20_LOGON_PROFILE
 
typedef struct _MSV1_0_SUPPLEMENTAL_CREDENTIAL MSV1_0_SUPPLEMENTAL_CREDENTIAL
 
typedef struct _MSV1_0_SUPPLEMENTAL_CREDENTIALPMSV1_0_SUPPLEMENTAL_CREDENTIAL
 
typedef struct _MSV1_0_NTLM3_RESPONSE MSV1_0_NTLM3_RESPONSE
 
typedef struct _MSV1_0_NTLM3_RESPONSEPMSV1_0_NTLM3_RESPONSE
 
typedef enum _MSV1_0_AVID MSV1_0_AVID
 
typedef struct _MSV1_0_AV_PAIR MSV1_0_AV_PAIR
 
typedef struct _MSV1_0_AV_PAIRPMSV1_0_AV_PAIR
 
typedef enum _MSV1_0_PROTOCOL_MESSAGE_TYPE MSV1_0_PROTOCOL_MESSAGE_TYPE
 
typedef enum _MSV1_0_PROTOCOL_MESSAGE_TYPEPMSV1_0_PROTOCOL_MESSAGE_TYPE
 
typedef struct _MSV1_0_LM20_CHALLENGE_REQUEST MSV1_0_LM20_CHALLENGE_REQUEST
 
typedef struct _MSV1_0_LM20_CHALLENGE_REQUESTPMSV1_0_LM20_CHALLENGE_REQUEST
 
typedef struct _MSV1_0_LM20_CHALLENGE_RESPONSE MSV1_0_LM20_CHALLENGE_RESPONSE
 
typedef struct _MSV1_0_LM20_CHALLENGE_RESPONSEPMSV1_0_LM20_CHALLENGE_RESPONSE
 
typedef struct _MSV1_0_GETCHALLENRESP_REQUEST_V1 MSV1_0_GETCHALLENRESP_REQUEST_V1
 
typedef struct _MSV1_0_GETCHALLENRESP_REQUEST_V1PMSV1_0_GETCHALLENRESP_REQUEST_V1
 
typedef struct _MSV1_0_GETCHALLENRESP_REQUEST MSV1_0_GETCHALLENRESP_REQUEST
 
typedef struct _MSV1_0_GETCHALLENRESP_REQUESTPMSV1_0_GETCHALLENRESP_REQUEST
 
typedef struct _MSV1_0_GETCHALLENRESP_RESPONSE MSV1_0_GETCHALLENRESP_RESPONSE
 
typedef struct _MSV1_0_GETCHALLENRESP_RESPONSEPMSV1_0_GETCHALLENRESP_RESPONSE
 
typedef struct _MSV1_0_ENUMUSERS_REQUEST MSV1_0_ENUMUSERS_REQUEST
 
typedef struct _MSV1_0_ENUMUSERS_REQUESTPMSV1_0_ENUMUSERS_REQUEST
 
typedef struct _MSV1_0_ENUMUSERS_RESPONSE MSV1_0_ENUMUSERS_RESPONSE
 
typedef struct _MSV1_0_ENUMUSERS_RESPONSEPMSV1_0_ENUMUSERS_RESPONSE
 
typedef struct _MSV1_0_GETUSERINFO_REQUEST MSV1_0_GETUSERINFO_REQUEST
 
typedef struct _MSV1_0_GETUSERINFO_REQUESTPMSV1_0_GETUSERINFO_REQUEST
 
typedef struct _MSV1_0_GETUSERINFO_RESPONSE MSV1_0_GETUSERINFO_RESPONSE
 
typedef struct _MSV1_0_GETUSERINFO_RESPONSEPMSV1_0_GETUSERINFO_RESPONSE
 
typedef struct _PUBLIC_OBJECT_TYPE_INFORMATION PUBLIC_OBJECT_TYPE_INFORMATION
 
typedef struct _PUBLIC_OBJECT_TYPE_INFORMATIONPPUBLIC_OBJECT_TYPE_INFORMATION
 
typedef enum _NETWORK_OPEN_LOCATION_QUALIFIER NETWORK_OPEN_LOCATION_QUALIFIER
 
typedef enum _NETWORK_OPEN_INTEGRITY_QUALIFIER NETWORK_OPEN_INTEGRITY_QUALIFIER
 
typedef struct _NETWORK_OPEN_ECP_CONTEXT NETWORK_OPEN_ECP_CONTEXT
 
typedef struct _NETWORK_OPEN_ECP_CONTEXTPNETWORK_OPEN_ECP_CONTEXT
 
typedef struct _NETWORK_OPEN_ECP_CONTEXT_V0 NETWORK_OPEN_ECP_CONTEXT_V0
 
typedef struct _NETWORK_OPEN_ECP_CONTEXT_V0PNETWORK_OPEN_ECP_CONTEXT_V0
 
typedef struct _PREFETCH_OPEN_ECP_CONTEXT PREFETCH_OPEN_ECP_CONTEXT
 
typedef struct _PREFETCH_OPEN_ECP_CONTEXTPPREFETCH_OPEN_ECP_CONTEXT
 
typedef struct sockaddr_storagePSOCKADDR_STORAGE_NFS
 
typedef struct _NFS_OPEN_ECP_CONTEXT NFS_OPEN_ECP_CONTEXT
 
typedef struct _NFS_OPEN_ECP_CONTEXTPNFS_OPEN_ECP_CONTEXT
 
typedef struct _NFS_OPEN_ECP_CONTEXT ** PPNFS_OPEN_ECP_CONTEXT
 
typedef struct _SRV_OPEN_ECP_CONTEXT SRV_OPEN_ECP_CONTEXT
 
typedef struct _SRV_OPEN_ECP_CONTEXTPSRV_OPEN_ECP_CONTEXT
 
typedef struct _QUERY_PATH_REQUEST QUERY_PATH_REQUEST
 
typedef struct _QUERY_PATH_REQUESTPQUERY_PATH_REQUEST
 
typedef struct _QUERY_PATH_REQUEST_EX QUERY_PATH_REQUEST_EX
 
typedef struct _QUERY_PATH_REQUEST_EXPQUERY_PATH_REQUEST_EX
 
typedef struct _QUERY_PATH_RESPONSE QUERY_PATH_RESPONSE
 
typedef struct _QUERY_PATH_RESPONSEPQUERY_PATH_RESPONSE
 
typedef enum _FILE_STORAGE_TYPE FILE_STORAGE_TYPE
 
typedef struct _OBJECT_BASIC_INFORMATION OBJECT_BASIC_INFORMATION
 
typedef struct _OBJECT_BASIC_INFORMATIONPOBJECT_BASIC_INFORMATION
 
typedef struct _FILE_COPY_ON_WRITE_INFORMATION FILE_COPY_ON_WRITE_INFORMATION
 
typedef struct _FILE_COPY_ON_WRITE_INFORMATIONPFILE_COPY_ON_WRITE_INFORMATION
 
typedef struct _FILE_FULL_DIRECTORY_INFORMATION FILE_FULL_DIRECTORY_INFORMATION
 
typedef struct _FILE_FULL_DIRECTORY_INFORMATIONPFILE_FULL_DIRECTORY_INFORMATION
 
typedef struct _FILE_SHARED_LOCK_ENTRY FILE_SHARED_LOCK_ENTRY
 
typedef struct _FILE_SHARED_LOCK_ENTRYPFILE_SHARED_LOCK_ENTRY
 
typedef struct _FILE_EXCLUSIVE_LOCK_ENTRY FILE_EXCLUSIVE_LOCK_ENTRY
 
typedef struct _FILE_EXCLUSIVE_LOCK_ENTRYPFILE_EXCLUSIVE_LOCK_ENTRY
 
typedef struct _FILE_MAILSLOT_PEEK_BUFFER FILE_MAILSLOT_PEEK_BUFFER
 
typedef struct _FILE_MAILSLOT_PEEK_BUFFERPFILE_MAILSLOT_PEEK_BUFFER
 
typedef struct _FILE_OLE_CLASSID_INFORMATION FILE_OLE_CLASSID_INFORMATION
 
typedef struct _FILE_OLE_CLASSID_INFORMATIONPFILE_OLE_CLASSID_INFORMATION
 
typedef struct _FILE_OLE_ALL_INFORMATION FILE_OLE_ALL_INFORMATION
 
typedef struct _FILE_OLE_ALL_INFORMATIONPFILE_OLE_ALL_INFORMATION
 
typedef struct _FILE_OLE_DIR_INFORMATION FILE_OLE_DIR_INFORMATION
 
typedef struct _FILE_OLE_DIR_INFORMATIONPFILE_OLE_DIR_INFORMATION
 
typedef struct _FILE_OLE_INFORMATION FILE_OLE_INFORMATION
 
typedef struct _FILE_OLE_INFORMATIONPFILE_OLE_INFORMATION
 
typedef struct _FILE_OLE_STATE_BITS_INFORMATION FILE_OLE_STATE_BITS_INFORMATION
 
typedef struct _FILE_OLE_STATE_BITS_INFORMATIONPFILE_OLE_STATE_BITS_INFORMATION
 
typedef struct _MAPPING_PAIR MAPPING_PAIR
 
typedef struct _MAPPING_PAIRPMAPPING_PAIR
 
typedef struct _GET_RETRIEVAL_DESCRIPTOR GET_RETRIEVAL_DESCRIPTOR
 
typedef struct _GET_RETRIEVAL_DESCRIPTORPGET_RETRIEVAL_DESCRIPTOR
 
typedef struct _MOVEFILE_DESCRIPTOR MOVEFILE_DESCRIPTOR
 
typedef struct _MOVEFILE_DESCRIPTORPMOVEFILE_DESCRIPTOR
 
typedef struct _OBJECT_BASIC_INFO OBJECT_BASIC_INFO
 
typedef struct _OBJECT_BASIC_INFOPOBJECT_BASIC_INFO
 
typedef struct _OBJECT_HANDLE_ATTRIBUTE_INFO OBJECT_HANDLE_ATTRIBUTE_INFO
 
typedef struct _OBJECT_HANDLE_ATTRIBUTE_INFOPOBJECT_HANDLE_ATTRIBUTE_INFO
 
typedef struct _OBJECT_NAME_INFO OBJECT_NAME_INFO
 
typedef struct _OBJECT_NAME_INFOPOBJECT_NAME_INFO
 
typedef struct _OBJECT_PROTECTION_INFO OBJECT_PROTECTION_INFO
 
typedef struct _OBJECT_PROTECTION_INFOPOBJECT_PROTECTION_INFO
 
typedef struct _OBJECT_TYPE_INFO OBJECT_TYPE_INFO
 
typedef struct _OBJECT_TYPE_INFOPOBJECT_TYPE_INFO
 
typedef struct _OBJECT_ALL_TYPES_INFO OBJECT_ALL_TYPES_INFO
 
typedef struct _OBJECT_ALL_TYPES_INFOPOBJECT_ALL_TYPES_INFO
 
typedef struct _PORT_MESSAGE PORT_MESSAGE
 
typedef struct _PORT_MESSAGEPPORT_MESSAGE
 
typedef struct _PORT_VIEW PORT_VIEW
 
typedef struct _PORT_VIEWPPORT_VIEW
 
typedef struct _REMOTE_PORT_VIEW REMOTE_PORT_VIEW
 
typedef struct _REMOTE_PORT_VIEWPREMOTE_PORT_VIEW
 
typedef struct _VAD_HEADER VAD_HEADER
 
typedef struct _VAD_HEADERPVAD_HEADER
 

Enumerations

enum  _SECURITY_LOGON_TYPE {
  Interactive = 2, Network, Batch, Service,
  Proxy, Unlock, UndefinedLogonType = 0, Interactive = 2,
  Network, Batch, Service, Proxy,
  Unlock, NetworkCleartext, NewCredentials
}
 
enum  _MSV1_0_LOGON_SUBMIT_TYPE {
  MsV1_0InteractiveLogon = 2, MsV1_0Lm20Logon, MsV1_0NetworkLogon, MsV1_0SubAuthLogon,
  MsV1_0WorkstationUnlockLogon = 7, MsV1_0InteractiveLogon = 2, MsV1_0Lm20Logon, MsV1_0NetworkLogon,
  MsV1_0SubAuthLogon, MsV1_0WorkstationUnlockLogon = 7, MsV1_0S4ULogon = 12, MsV1_0VirtualLogon = 82
}
 
enum  _MSV1_0_PROFILE_BUFFER_TYPE {
  MsV1_0InteractiveProfile = 2, MsV1_0Lm20LogonProfile, MsV1_0SmartCardProfile, MsV1_0InteractiveProfile = 2,
  MsV1_0Lm20LogonProfile, MsV1_0SmartCardProfile
}
 
enum  _MSV1_0_AVID {
  MsvAvEOL, MsvAvNbComputerName, MsvAvNbDomainName, MsvAvDnsComputerName,
  MsvAvDnsDomainName
}
 
enum  _MSV1_0_PROTOCOL_MESSAGE_TYPE {
  MsV1_0Lm20ChallengeRequest = 0, MsV1_0Lm20GetChallengeResponse, MsV1_0EnumerateUsers, MsV1_0GetUserInfo,
  MsV1_0ReLogonUsers, MsV1_0ChangePassword, MsV1_0ChangeCachedPassword, MsV1_0GenericPassthrough,
  MsV1_0CacheLogon, MsV1_0SubAuth, MsV1_0DeriveCredential, MsV1_0CacheLookup,
  MsV1_0SetProcessOption, MsV1_0Lm20ChallengeRequest = 0, MsV1_0Lm20GetChallengeResponse, MsV1_0EnumerateUsers,
  MsV1_0GetUserInfo, MsV1_0ReLogonUsers, MsV1_0ChangePassword, MsV1_0ChangeCachedPassword,
  MsV1_0GenericPassthrough, MsV1_0CacheLogon, MsV1_0SubAuth, MsV1_0DeriveCredential,
  MsV1_0CacheLookup
}
 
enum  _NETWORK_OPEN_LOCATION_QUALIFIER { NetworkOpenLocationAny, NetworkOpenLocationRemote, NetworkOpenLocationLoopback }
 
enum  _NETWORK_OPEN_INTEGRITY_QUALIFIER {
  NetworkOpenIntegrityAny, NetworkOpenIntegrityNone, NetworkOpenIntegritySigned, NetworkOpenIntegrityEncrypted,
  NetworkOpenIntegrityMaximum
}
 
enum  _FILE_STORAGE_TYPE {
  StorageTypeDefault = 1, StorageTypeDirectory, StorageTypeFile, StorageTypeJunctionPoint,
  StorageTypeCatalog, StorageTypeStructuredStorage, StorageTypeEmbedding, StorageTypeStream
}
 

Functions

 $define (UCHAR=UCHAR) $define(ULONG
 
 $include (setypes.h) $include(obtypes.h) $include(rtltypes.h) $include(rtlfuncs.h) _IRQL_requires_max_(PASSIVE_LEVEL) __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtQueryObject(_In_opt_ HANDLE Handle
 
_In_ OBJECT_INFORMATION_CLASS _Out_writes_bytes_opt_ (ObjectInformationLength) PVOID ObjectInformation
 
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtOpenThreadToken (_In_ HANDLE ThreadHandle, _In_ ACCESS_MASK DesiredAccess, _In_ BOOLEAN OpenAsSelf, _Out_ PHANDLE TokenHandle)
 
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtOpenProcessToken (_In_ HANDLE ProcessHandle, _In_ ACCESS_MASK DesiredAccess, _Out_ PHANDLE TokenHandle)
 
 _When_ (TokenInformationClass==TokenAccessInformation, _At_(TokenInformationLength, _In_range_(>=, sizeof(TOKEN_ACCESS_INFORMATION)))) _Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtQueryInformationToken(_In_ HANDLE TokenHandle
 
_In_ TOKEN_INFORMATION_CLASS _Out_writes_bytes_to_opt_ (TokenInformationLength, *ReturnLength) PVOID TokenInformation
 
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAdjustPrivilegesToken (_In_ HANDLE TokenHandle, _In_ BOOLEAN DisableAllPrivileges, _In_opt_ PTOKEN_PRIVILEGES NewState, _In_ ULONG BufferLength, _Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_PRIVILEGES PreviousState, _When_(PreviousState !=NULL, _Out_) PULONG ReturnLength)
 
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtCreateFile (_Out_ PHANDLE FileHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES ObjectAttributes, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _In_opt_ PLARGE_INTEGER AllocationSize, _In_ ULONG FileAttributes, _In_ ULONG ShareAccess, _In_ ULONG CreateDisposition, _In_ ULONG CreateOptions, _In_reads_bytes_opt_(EaLength) PVOID EaBuffer, _In_ ULONG EaLength)
 
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtDeviceIoControlFile (_In_ HANDLE FileHandle, _In_opt_ HANDLE Event, _In_opt_ PIO_APC_ROUTINE ApcRoutine, _In_opt_ PVOID ApcContext, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _In_ ULONG IoControlCode, _In_reads_bytes_opt_(InputBufferLength) PVOID InputBuffer, _In_ ULONG InputBufferLength, _Out_writes_bytes_opt_(OutputBufferLength) PVOID OutputBuffer, _In_ ULONG OutputBufferLength)
 
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtFsControlFile (_In_ HANDLE FileHandle, _In_opt_ HANDLE Event, _In_opt_ PIO_APC_ROUTINE ApcRoutine, _In_opt_ PVOID ApcContext, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _In_ ULONG FsControlCode, _In_reads_bytes_opt_(InputBufferLength) PVOID InputBuffer, _In_ ULONG InputBufferLength, _Out_writes_bytes_opt_(OutputBufferLength) PVOID OutputBuffer, _In_ ULONG OutputBufferLength)
 
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtLockFile (_In_ HANDLE FileHandle, _In_opt_ HANDLE Event, _In_opt_ PIO_APC_ROUTINE ApcRoutine, _In_opt_ PVOID ApcContext, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _In_ PLARGE_INTEGER ByteOffset, _In_ PLARGE_INTEGER Length, _In_ ULONG Key, _In_ BOOLEAN FailImmediately, _In_ BOOLEAN ExclusiveLock)
 
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtOpenFile (_Out_ PHANDLE FileHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES ObjectAttributes, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _In_ ULONG ShareAccess, _In_ ULONG OpenOptions)
 
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtQueryDirectoryFile (_In_ HANDLE FileHandle, _In_opt_ HANDLE Event, _In_opt_ PIO_APC_ROUTINE ApcRoutine, _In_opt_ PVOID ApcContext, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _Out_writes_bytes_(Length) PVOID FileInformation, _In_ ULONG Length, _In_ FILE_INFORMATION_CLASS FileInformationClass, _In_ BOOLEAN ReturnSingleEntry, _In_opt_ PUNICODE_STRING FileName, _In_ BOOLEAN RestartScan)
 
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtQueryInformationFile (_In_ HANDLE FileHandle, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _Out_writes_bytes_(Length) PVOID FileInformation, _In_ ULONG Length, _In_ FILE_INFORMATION_CLASS FileInformationClass)
 
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtQueryQuotaInformationFile (_In_ HANDLE FileHandle, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _Out_writes_bytes_(Length) PVOID Buffer, _In_ ULONG Length, _In_ BOOLEAN ReturnSingleEntry, _In_reads_bytes_opt_(SidListLength) PVOID SidList, _In_ ULONG SidListLength, _In_reads_bytes_opt_((8+(4 *((SID *) StartSid) ->SubAuthorityCount))) PSID StartSid, _In_ BOOLEAN RestartScan)
 
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtQueryVolumeInformationFile (_In_ HANDLE FileHandle, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _Out_writes_bytes_(Length) PVOID FsInformation, _In_ ULONG Length, _In_ FS_INFORMATION_CLASS FsInformationClass)
 
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtReadFile (_In_ HANDLE FileHandle, _In_opt_ HANDLE Event, _In_opt_ PIO_APC_ROUTINE ApcRoutine, _In_opt_ PVOID ApcContext, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _Out_writes_bytes_(Length) PVOID Buffer, _In_ ULONG Length, _In_opt_ PLARGE_INTEGER ByteOffset, _In_opt_ PULONG Key)
 
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtSetInformationFile (_In_ HANDLE FileHandle, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _In_reads_bytes_(Length) PVOID FileInformation, _In_ ULONG Length, _In_ FILE_INFORMATION_CLASS FileInformationClass)
 
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtSetQuotaInformationFile (_In_ HANDLE FileHandle, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _In_reads_bytes_(Length) PVOID Buffer, _In_ ULONG Length)
 
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtSetVolumeInformationFile (_In_ HANDLE FileHandle, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _In_reads_bytes_(Length) PVOID FsInformation, _In_ ULONG Length, _In_ FS_INFORMATION_CLASS FsInformationClass)
 
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtWriteFile (_In_ HANDLE FileHandle, _In_opt_ HANDLE Event, _In_opt_ PIO_APC_ROUTINE ApcRoutine, _In_opt_ PVOID ApcContext, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _In_reads_bytes_(Length) PVOID Buffer, _In_ ULONG Length, _In_opt_ PLARGE_INTEGER ByteOffset, _In_opt_ PULONG Key)
 
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtUnlockFile (_In_ HANDLE FileHandle, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _In_ PLARGE_INTEGER ByteOffset, _In_ PLARGE_INTEGER Length, _In_ ULONG Key)
 
 _IRQL_requires_max_ (PASSIVE_LEVEL) __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtSetSecurityObject(_In_ HANDLE Handle
 
_In_ SECURITY_INFORMATION _Out_writes_bytes_opt_ (Length) PSECURITY_DESCRIPTOR SecurityDescriptor
 
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtOpenThreadTokenEx (_In_ HANDLE ThreadHandle, _In_ ACCESS_MASK DesiredAccess, _In_ BOOLEAN OpenAsSelf, _In_ ULONG HandleAttributes, _Out_ PHANDLE TokenHandle)
 
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtOpenProcessTokenEx (_In_ HANDLE ProcessHandle, _In_ ACCESS_MASK DesiredAccess, _In_ ULONG HandleAttributes, _Out_ PHANDLE TokenHandle)
 
_Must_inspect_result_ NTSYSAPI NTSTATUS NTAPI NtOpenJobObjectToken (_In_ HANDLE JobHandle, _In_ ACCESS_MASK DesiredAccess, _Out_ PHANDLE TokenHandle)
 
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtDuplicateToken (_In_ HANDLE ExistingTokenHandle, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ BOOLEAN EffectiveOnly, _In_ TOKEN_TYPE TokenType, _Out_ PHANDLE NewTokenHandle)
 
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtFilterToken (_In_ HANDLE ExistingTokenHandle, _In_ ULONG Flags, _In_opt_ PTOKEN_GROUPS SidsToDisable, _In_opt_ PTOKEN_PRIVILEGES PrivilegesToDelete, _In_opt_ PTOKEN_GROUPS RestrictedSids, _Out_ PHANDLE NewTokenHandle)
 
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtImpersonateAnonymousToken (_In_ HANDLE ThreadHandle)
 Allows the calling thread to impersonate the system's anonymous logon token. More...
 
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtSetInformationToken (_In_ HANDLE TokenHandle, _In_ TOKEN_INFORMATION_CLASS TokenInformationClass, _In_reads_bytes_(TokenInformationLength) PVOID TokenInformation, _In_ ULONG TokenInformationLength)
 
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAdjustGroupsToken (_In_ HANDLE TokenHandle, _In_ BOOLEAN ResetToDefault, _In_opt_ PTOKEN_GROUPS NewState, _In_opt_ ULONG BufferLength, _Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_GROUPS PreviousState, _Out_ PULONG ReturnLength)
 
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtPrivilegeCheck (_In_ HANDLE ClientToken, _Inout_ PPRIVILEGE_SET RequiredPrivileges, _Out_ PBOOLEAN Result)
 
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAccessCheckAndAuditAlarm (_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ PUNICODE_STRING ObjectTypeName, _In_ PUNICODE_STRING ObjectName, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ ACCESS_MASK DesiredAccess, _In_ PGENERIC_MAPPING GenericMapping, _In_ BOOLEAN ObjectCreation, _Out_ PACCESS_MASK GrantedAccess, _Out_ PNTSTATUS AccessStatus, _Out_ PBOOLEAN GenerateOnClose)
 
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAccessCheckByTypeAndAuditAlarm (_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ PUNICODE_STRING ObjectTypeName, _In_ PUNICODE_STRING ObjectName, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_opt_ PSID PrincipalSelfSid, _In_ ACCESS_MASK DesiredAccess, _In_ AUDIT_EVENT_TYPE AuditType, _In_ ULONG Flags, _In_reads_opt_(ObjectTypeLength) POBJECT_TYPE_LIST ObjectTypeList, _In_ ULONG ObjectTypeLength, _In_ PGENERIC_MAPPING GenericMapping, _In_ BOOLEAN ObjectCreation, _Out_ PACCESS_MASK GrantedAccess, _Out_ PNTSTATUS AccessStatus, _Out_ PBOOLEAN GenerateOnClose)
 
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAccessCheckByTypeResultListAndAuditAlarm (_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ PUNICODE_STRING ObjectTypeName, _In_ PUNICODE_STRING ObjectName, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_opt_ PSID PrincipalSelfSid, _In_ ACCESS_MASK DesiredAccess, _In_ AUDIT_EVENT_TYPE AuditType, _In_ ULONG Flags, _In_reads_opt_(ObjectTypeListLength) POBJECT_TYPE_LIST ObjectTypeList, _In_ ULONG ObjectTypeListLength, _In_ PGENERIC_MAPPING GenericMapping, _In_ BOOLEAN ObjectCreation, _Out_writes_(ObjectTypeListLength) PACCESS_MASK GrantedAccess, _Out_writes_(ObjectTypeListLength) PNTSTATUS AccessStatus, _Out_ PBOOLEAN GenerateOnClose)
 
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAccessCheckByTypeResultListAndAuditAlarmByHandle (_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ HANDLE ClientToken, _In_ PUNICODE_STRING ObjectTypeName, _In_ PUNICODE_STRING ObjectName, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_opt_ PSID PrincipalSelfSid, _In_ ACCESS_MASK DesiredAccess, _In_ AUDIT_EVENT_TYPE AuditType, _In_ ULONG Flags, _In_reads_opt_(ObjectTypeListLength) POBJECT_TYPE_LIST ObjectTypeList, _In_ ULONG ObjectTypeListLength, _In_ PGENERIC_MAPPING GenericMapping, _In_ BOOLEAN ObjectCreation, _Out_writes_(ObjectTypeListLength) PACCESS_MASK GrantedAccess, _Out_writes_(ObjectTypeListLength) PNTSTATUS AccessStatus, _Out_ PBOOLEAN GenerateOnClose)
 
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtOpenObjectAuditAlarm (_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ PUNICODE_STRING ObjectTypeName, _In_ PUNICODE_STRING ObjectName, _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ HANDLE ClientToken, _In_ ACCESS_MASK DesiredAccess, _In_ ACCESS_MASK GrantedAccess, _In_opt_ PPRIVILEGE_SET Privileges, _In_ BOOLEAN ObjectCreation, _In_ BOOLEAN AccessGranted, _Out_ PBOOLEAN GenerateOnClose)
 
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtPrivilegeObjectAuditAlarm (_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ HANDLE ClientToken, _In_ ACCESS_MASK DesiredAccess, _In_ PPRIVILEGE_SET Privileges, _In_ BOOLEAN AccessGranted)
 
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtCloseObjectAuditAlarm (_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ BOOLEAN GenerateOnClose)
 
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtDeleteObjectAuditAlarm (_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ BOOLEAN GenerateOnClose)
 
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtPrivilegedServiceAuditAlarm (_In_ PUNICODE_STRING SubsystemName, _In_ PUNICODE_STRING ServiceName, _In_ HANDLE ClientToken, _In_ PPRIVILEGE_SET Privileges, _In_ BOOLEAN AccessGranted)
 
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtSetInformationThread (_In_ HANDLE ThreadHandle, _In_ THREADINFOCLASS ThreadInformationClass, _In_reads_bytes_(ThreadInformationLength) PVOID ThreadInformation, _In_ ULONG ThreadInformationLength)
 
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtCreateSection (_Out_ PHANDLE SectionHandle, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_opt_ PLARGE_INTEGER MaximumSize, _In_ ULONG SectionPageProtection, _In_ ULONG AllocationAttributes, _In_opt_ HANDLE FileHandle)
 
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_reads_bytes_ (AuthenticationInformationLength) PVOID AuthenticationInformation
 
_IRQL_requires_same_ NTSTATUS NTAPI LsaFreeReturnBuffer (_In_ PVOID Buffer)
 
 $include (iotypes.h) typedef struct _PUBLIC_OBJECT_BASIC_INFORMATION
 
 $include (ketypes.h) $include(kefuncs.h) $include(extypes.h) $include(exfuncs.h) $include(sefuncs.h) $include(psfuncs.h) $include(iofuncs.h) $include(potypes.h) $include(pofuncs.h) $include(mmtypes.h) $include(mmfuncs.h) $include(obfuncs.h) $include(fsrtltypes.h) $include(fsrtlfuncs.h) $include(cctypes.h) $include(ccfuncs.h) $include(zwfuncs.h) $include(sspi.h) C_ASSERT(sizeof(ERESOURCE)
 
 C_ASSERT (FIELD_OFFSET(ERESOURCE, ActiveCount)==0x0c)
 
 C_ASSERT (FIELD_OFFSET(ERESOURCE, Flag)==0x0e)
 
 DEFINE_GUID (GUID_ECP_NETWORK_OPEN_CONTEXT, 0xc584edbf, 0x00df, 0x4d28, 0xb8, 0x84, 0x35, 0xba, 0xca, 0x89, 0x11, 0xe8)
 
 DEFINE_GUID (GUID_ECP_PREFETCH_OPEN, 0xe1777b21, 0x847e, 0x4837, 0xaa, 0x45, 0x64, 0x16, 0x1d, 0x28, 0x6, 0x55)
 
 DEFINE_GUID (GUID_ECP_NFS_OPEN, 0xf326d30c, 0xe5f8, 0x4fe7, 0xab, 0x74, 0xf5, 0xa3, 0x19, 0x6d, 0x92, 0xdb)
 
 DEFINE_GUID (GUID_ECP_SRV_OPEN, 0xbebfaebc, 0xaabf, 0x489d, 0x9d, 0x2c, 0xe9, 0xe3, 0x61, 0x10, 0x28, 0x53)
 
NTKERNELAPI LARGE_INTEGER NTAPI CcGetLsnForFileObject (_In_ PFILE_OBJECT FileObject, _Out_opt_ PLARGE_INTEGER OldestLsn)
 
NTKERNELAPI PVOID NTAPI FsRtlAllocatePool (_In_ POOL_TYPE PoolType, _In_ ULONG NumberOfBytes)
 
NTKERNELAPI PVOID NTAPI FsRtlAllocatePoolWithQuota (_In_ POOL_TYPE PoolType, _In_ ULONG NumberOfBytes)
 
NTKERNELAPI PVOID NTAPI FsRtlAllocatePoolWithQuotaTag (_In_ POOL_TYPE PoolType, _In_ ULONG NumberOfBytes, _In_ ULONG Tag)
 
NTKERNELAPI PVOID NTAPI FsRtlAllocatePoolWithTag (_In_ POOL_TYPE PoolType, _In_ ULONG NumberOfBytes, _In_ ULONG Tag)
 
NTKERNELAPI BOOLEAN NTAPI FsRtlMdlReadComplete (_In_ PFILE_OBJECT FileObject, _In_ PMDL MdlChain)
 
NTKERNELAPI BOOLEAN NTAPI FsRtlMdlWriteComplete (_In_ PFILE_OBJECT FileObject, _In_ PLARGE_INTEGER FileOffset, _In_ PMDL MdlChain)
 
NTKERNELAPI VOID NTAPI FsRtlNotifyChangeDirectory (_In_ PNOTIFY_SYNC NotifySync, _In_ PVOID FsContext, _In_ PSTRING FullDirectoryName, _In_ PLIST_ENTRY NotifyList, _In_ BOOLEAN WatchTree, _In_ ULONG CompletionFilter, _In_ PIRP NotifyIrp)
 
NTKERNELAPI NTSTATUS NTAPI ObCreateObject (_In_opt_ KPROCESSOR_MODE ObjectAttributesAccessMode, _In_ POBJECT_TYPE ObjectType, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ KPROCESSOR_MODE AccessMode, _Inout_opt_ PVOID ParseContext, _In_ ULONG ObjectSize, _In_opt_ ULONG PagedPoolCharge, _In_opt_ ULONG NonPagedPoolCharge, _Out_ PVOID *Object)
 
NTKERNELAPI NTSTATUS NTAPI ObReferenceObjectByName (_In_ PUNICODE_STRING ObjectName, _In_ ULONG Attributes, _In_opt_ PACCESS_STATE PassedAccessState, _In_opt_ ACCESS_MASK DesiredAccess, _In_ POBJECT_TYPE ObjectType, _In_ KPROCESSOR_MODE AccessMode, _Inout_opt_ PVOID ParseContext, _Out_ PVOID *Object)
 
NTKERNELAPI NTSTATUS NTAPI PsLookupProcessThreadByCid (_In_ PCLIENT_ID Cid, _Out_opt_ PEPROCESS *Process, _Out_ PETHREAD *Thread)
 
NTSYSAPI NTSTATUS NTAPI RtlSetSaclSecurityDescriptor (_Inout_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ BOOLEAN SaclPresent, _In_ PACL Sacl, _In_ BOOLEAN SaclDefaulted)
 

Variables

_In_ OBJECT_INFORMATION_CLASS ObjectInformationClass
 
_In_ OBJECT_INFORMATION_CLASS _In_ ULONG ObjectInformationLength
 
_In_ OBJECT_INFORMATION_CLASS _In_ ULONG _Out_opt_ PULONG ReturnLength
 
_In_ TOKEN_INFORMATION_CLASS TokenInformationClass
 
_In_ TOKEN_INFORMATION_CLASS _In_ ULONG TokenInformationLength
 
_In_ SECURITY_INFORMATION SecurityInformation
 
_In_ SECURITY_INFORMATION _In_ PSECURITY_DESCRIPTOR SecurityDescriptor
 
_In_ SECURITY_INFORMATION _In_ ULONG Length
 
_In_ SECURITY_INFORMATION _In_ ULONG _Out_ PULONG LengthNeeded
 
_IRQL_requires_same_ _Out_ PHANDLE LsaHandle
 
_IRQL_requires_same_ _Out_ PHANDLE _Out_ PLSA_OPERATIONAL_MODE SecurityMode
 
_IRQL_requires_same_ _In_ PLSA_STRING OriginName
 
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE LogonType
 
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG AuthenticationPackage
 
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG AuthenticationInformationLength
 
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS LocalGroups
 
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE SourceContext
 
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOIDProfileBuffer
 
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG ProfileBufferLength
 
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID LogonId
 
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
 
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE _Out_ PQUOTA_LIMITS Quotas
 
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE _Out_ PQUOTA_LIMITS _Out_ PNTSTATUS SubStatus
 
 PUBLIC_OBJECT_BASIC_INFORMATION
 
PPUBLIC_OBJECT_BASIC_INFORMATION
 
PUSHORTNlsOemLeadByteInfo
 

Macro Definition Documentation

◆ _GNU_NTIFS_

#define _GNU_NTIFS_

Definition at line 27 of file ntifs.template.h.

◆ _NTIFS_INCLUDED_

#define _NTIFS_INCLUDED_

Definition at line 26 of file ntifs.template.h.

◆ _NTLSA_AUDIT_

#define _NTLSA_AUDIT_

Definition at line 684 of file ntifs.template.h.

◆ _NTLSA_IFS_

#define _NTLSA_IFS_

Definition at line 728 of file ntifs.template.h.

◆ BooleanFlagOn

#define BooleanFlagOn (   F,
  SF 
)    ((BOOLEAN)(((F) & (SF)) != 0))

◆ ClearFlag

#define ClearFlag (   _F,
  _SF 
)    ((_F) &= ~(_SF))

◆ COMPRESSION_ENGINE_HIBER

#define COMPRESSION_ENGINE_HIBER   (0x0200)

Definition at line 652 of file ntifs.template.h.

◆ COMPRESSION_ENGINE_MAXIMUM

#define COMPRESSION_ENGINE_MAXIMUM   (0x0100)

Definition at line 651 of file ntifs.template.h.

◆ COMPRESSION_ENGINE_STANDARD

#define COMPRESSION_ENGINE_STANDARD   (0x0000)

Definition at line 650 of file ntifs.template.h.

◆ COMPRESSION_FORMAT_DEFAULT

#define COMPRESSION_FORMAT_DEFAULT   (0x0001)

Definition at line 648 of file ntifs.template.h.

◆ COMPRESSION_FORMAT_LZNT1

#define COMPRESSION_FORMAT_LZNT1   (0x0002)

Definition at line 649 of file ntifs.template.h.

◆ COMPRESSION_FORMAT_NONE

#define COMPRESSION_FORMAT_NONE   (0x0000)

Definition at line 647 of file ntifs.template.h.

◆ FILE_MAXIMUM_STORAGE_TYPE

#define FILE_MAXIMUM_STORAGE_TYPE   FILE_STORAGE_TYPE_STREAM

Definition at line 1304 of file ntifs.template.h.

◆ FILE_MINIMUM_STORAGE_TYPE

#define FILE_MINIMUM_STORAGE_TYPE   FILE_STORAGE_TYPE_DEFAULT

Definition at line 1303 of file ntifs.template.h.

◆ FILE_STORAGE_TYPE_CATALOG

#define FILE_STORAGE_TYPE_CATALOG   (StorageTypeCatalog << FILE_STORAGE_TYPE_SHIFT)

Definition at line 1299 of file ntifs.template.h.

◆ FILE_STORAGE_TYPE_DEFAULT

#define FILE_STORAGE_TYPE_DEFAULT   (StorageTypeDefault << FILE_STORAGE_TYPE_SHIFT)

Definition at line 1294 of file ntifs.template.h.

◆ FILE_STORAGE_TYPE_DIRECTORY

#define FILE_STORAGE_TYPE_DIRECTORY   (StorageTypeDirectory << FILE_STORAGE_TYPE_SHIFT)

Definition at line 1295 of file ntifs.template.h.

◆ FILE_STORAGE_TYPE_DOCFILE

#define FILE_STORAGE_TYPE_DOCFILE   (StorageTypeDocfile << FILE_STORAGE_TYPE_SHIFT)

Definition at line 1297 of file ntifs.template.h.

◆ FILE_STORAGE_TYPE_EMBEDDING

#define FILE_STORAGE_TYPE_EMBEDDING   (StorageTypeEmbedding << FILE_STORAGE_TYPE_SHIFT)

Definition at line 1301 of file ntifs.template.h.

◆ FILE_STORAGE_TYPE_FILE

#define FILE_STORAGE_TYPE_FILE   (StorageTypeFile << FILE_STORAGE_TYPE_SHIFT)

Definition at line 1296 of file ntifs.template.h.

◆ FILE_STORAGE_TYPE_JUNCTION_POINT

#define FILE_STORAGE_TYPE_JUNCTION_POINT   (StorageTypeJunctionPoint << FILE_STORAGE_TYPE_SHIFT)

Definition at line 1298 of file ntifs.template.h.

◆ FILE_STORAGE_TYPE_MASK

#define FILE_STORAGE_TYPE_MASK   0x000f0000

Definition at line 1305 of file ntifs.template.h.

◆ FILE_STORAGE_TYPE_SHIFT

#define FILE_STORAGE_TYPE_SHIFT   16

Definition at line 1306 of file ntifs.template.h.

◆ FILE_STORAGE_TYPE_SPECIFIED

#define FILE_STORAGE_TYPE_SPECIFIED   0x00000041 /* FILE_DIRECTORY_FILE | FILE_NON_DIRECTORY_FILE */

Definition at line 1293 of file ntifs.template.h.

◆ FILE_STORAGE_TYPE_STREAM

#define FILE_STORAGE_TYPE_STREAM   (StorageTypeStream << FILE_STORAGE_TYPE_SHIFT)

Definition at line 1302 of file ntifs.template.h.

◆ FILE_STORAGE_TYPE_STRUCTURED_STORAGE

#define FILE_STORAGE_TYPE_STRUCTURED_STORAGE   (StorageTypeStructuredStorage << FILE_STORAGE_TYPE_SHIFT)

Definition at line 1300 of file ntifs.template.h.

◆ FILE_VC_QUOTAS_LOG_VIOLATIONS

#define FILE_VC_QUOTAS_LOG_VIOLATIONS   0x00000004

Definition at line 1308 of file ntifs.template.h.

◆ FlagOn

#define FlagOn (   _F,
  _SF 
)    ((_F) & (_SF))

◆ FS_LFN_APIS

#define FS_LFN_APIS   0x00004000

Definition at line 1291 of file ntifs.template.h.

◆ FSCTL_DUMP_PROPERTY_DATA

#define FSCTL_DUMP_PROPERTY_DATA   CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 37, METHOD_NEITHER, FILE_ANY_ACCESS)

Definition at line 1370 of file ntifs.template.h.

◆ FSCTL_GET_HFS_INFORMATION

#define FSCTL_GET_HFS_INFORMATION   CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 31, METHOD_BUFFERED, FILE_ANY_ACCESS)

Definition at line 1362 of file ntifs.template.h.

◆ FSCTL_HSM_DATA

Definition at line 1374 of file ntifs.template.h.

◆ FSCTL_HSM_MSG

◆ FSCTL_NETWORK_DELETE_CONNECTION

#define FSCTL_NETWORK_DELETE_CONNECTION   CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 107, METHOD_BUFFERED, FILE_ANY_ACCESS)

Definition at line 1382 of file ntifs.template.h.

◆ FSCTL_NETWORK_ENUMERATE_CONNECTIONS

#define FSCTL_NETWORK_ENUMERATE_CONNECTIONS   CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 105, METHOD_NEITHER, FILE_ANY_ACCESS)

Definition at line 1381 of file ntifs.template.h.

◆ FSCTL_NETWORK_GET_CONFIGURATION_INFO

#define FSCTL_NETWORK_GET_CONFIGURATION_INFO   CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 103, METHOD_OUT_DIRECT, FILE_ANY_ACCESS)

Definition at line 1379 of file ntifs.template.h.

◆ FSCTL_NETWORK_GET_CONNECTION_INFO

#define FSCTL_NETWORK_GET_CONNECTION_INFO   CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 104, METHOD_NEITHER, FILE_ANY_ACCESS)

Definition at line 1380 of file ntifs.template.h.

◆ FSCTL_NETWORK_GET_STATISTICS

Definition at line 1383 of file ntifs.template.h.

◆ FSCTL_NETWORK_REMOTE_BOOT_INIT_SCRT

#define FSCTL_NETWORK_REMOTE_BOOT_INIT_SCRT   CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 250, METHOD_BUFFERED, FILE_ANY_ACCESS)

Definition at line 1385 of file ntifs.template.h.

◆ FSCTL_NETWORK_SET_CONFIGURATION_INFO

#define FSCTL_NETWORK_SET_CONFIGURATION_INFO   CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 102, METHOD_IN_DIRECT, FILE_ANY_ACCESS)

Definition at line 1378 of file ntifs.template.h.

◆ FSCTL_NETWORK_SET_DOMAIN_NAME

#define FSCTL_NETWORK_SET_DOMAIN_NAME   CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 120, METHOD_BUFFERED, FILE_ANY_ACCESS)

Definition at line 1384 of file ntifs.template.h.

◆ FSCTL_NSS_CONTROL

Definition at line 1373 of file ntifs.template.h.

◆ FSCTL_NSS_RCONTROL

Definition at line 1375 of file ntifs.template.h.

◆ FSCTL_READ_PROPERTY_DATA

#define FSCTL_READ_PROPERTY_DATA   CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 33, METHOD_NEITHER, FILE_ANY_ACCESS)

Definition at line 1367 of file ntifs.template.h.

◆ FSCTL_WRITE_PROPERTY_DATA

#define FSCTL_WRITE_PROPERTY_DATA   CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 34, METHOD_NEITHER, FILE_ANY_ACCESS)

Definition at line 1368 of file ntifs.template.h.

◆ GCR_ALLOW_LM

#define GCR_ALLOW_LM   0x1000

Definition at line 847 of file ntifs.template.h.

◆ GCR_ALLOW_NO_TARGET

#define GCR_ALLOW_NO_TARGET   0x2000

Definition at line 848 of file ntifs.template.h.

◆ GCR_ALLOW_NTLM

#define GCR_ALLOW_NTLM   0x100

Definition at line 843 of file ntifs.template.h.

◆ GCR_MACHINE_CREDENTIAL

#define GCR_MACHINE_CREDENTIAL   0x400

Definition at line 845 of file ntifs.template.h.

◆ GCR_NTLM3_PARMS

#define GCR_NTLM3_PARMS   0x20

Definition at line 840 of file ntifs.template.h.

◆ GCR_TARGET_INFO

#define GCR_TARGET_INFO   0x40

Definition at line 841 of file ntifs.template.h.

◆ GCR_USE_OEM_SET

#define GCR_USE_OEM_SET   0x200

Definition at line 844 of file ntifs.template.h.

◆ GCR_USE_OWF_PASSWORD

#define GCR_USE_OWF_PASSWORD   0x800

Definition at line 846 of file ntifs.template.h.

◆ GENERATE_CLIENT_CHALLENGE

#define GENERATE_CLIENT_CHALLENGE   0x10

Definition at line 839 of file ntifs.template.h.

◆ IO_ATTACH_DEVICE_API

#define IO_ATTACH_DEVICE_API   0x80000000

Definition at line 1315 of file ntifs.template.h.

◆ IO_TYPE_APC

#define IO_TYPE_APC   18

Definition at line 1317 of file ntifs.template.h.

◆ IO_TYPE_DEVICE_QUEUE

#define IO_TYPE_DEVICE_QUEUE   20

Definition at line 1319 of file ntifs.template.h.

◆ IO_TYPE_DPC

#define IO_TYPE_DPC   19

Definition at line 1318 of file ntifs.template.h.

◆ IO_TYPE_EVENT_PAIR

#define IO_TYPE_EVENT_PAIR   21

Definition at line 1320 of file ntifs.template.h.

◆ IO_TYPE_INTERRUPT

#define IO_TYPE_INTERRUPT   22

Definition at line 1321 of file ntifs.template.h.

◆ IO_TYPE_PROFILE

#define IO_TYPE_PROFILE   23

Definition at line 1322 of file ntifs.template.h.

◆ IOCTL_REDIR_QUERY_PATH

Definition at line 1259 of file ntifs.template.h.

◆ IOCTL_REDIR_QUERY_PATH_EX

Definition at line 1260 of file ntifs.template.h.

◆ IOCTL_VOLSNAP_FLUSH_AND_HOLD_WRITES

#define IOCTL_VOLSNAP_FLUSH_AND_HOLD_WRITES   CTL_CODE(VOLSNAPCONTROLTYPE, 0, METHOD_BUFFERED, FILE_READ_ACCESS | FILE_WRITE_ACCESS)

Definition at line 1282 of file ntifs.template.h.

◆ IRP_BEING_VERIFIED

#define IRP_BEING_VERIFIED   0x10

Definition at line 1324 of file ntifs.template.h.

◆ LOGON_CACHED_ACCOUNT

#define LOGON_CACHED_ACCOUNT   0x04

Definition at line 779 of file ntifs.template.h.

◆ LOGON_EXTRA_SIDS

#define LOGON_EXTRA_SIDS   0x20

Definition at line 781 of file ntifs.template.h.

◆ LOGON_GRACE_LOGON

#define LOGON_GRACE_LOGON   0x01000000

Definition at line 802 of file ntifs.template.h.

◆ LOGON_GUEST

#define LOGON_GUEST   0x01

Definition at line 777 of file ntifs.template.h.

◆ LOGON_LM_V2

#define LOGON_LM_V2   0x1000

Definition at line 788 of file ntifs.template.h.

◆ LOGON_NOENCRYPTION

#define LOGON_NOENCRYPTION   0x02

Definition at line 778 of file ntifs.template.h.

◆ LOGON_NT_V2

#define LOGON_NT_V2   0x800

Definition at line 787 of file ntifs.template.h.

◆ LOGON_NTLM_V2

#define LOGON_NTLM_V2   0x2000

Definition at line 789 of file ntifs.template.h.

◆ LOGON_NTLMV2_ENABLED

#define LOGON_NTLMV2_ENABLED   0x100

Definition at line 784 of file ntifs.template.h.

◆ LOGON_PROFILE_PATH_RETURNED

#define LOGON_PROFILE_PATH_RETURNED   0x400

Definition at line 786 of file ntifs.template.h.

◆ LOGON_RESOURCE_GROUPS

#define LOGON_RESOURCE_GROUPS   0x200

Definition at line 785 of file ntifs.template.h.

◆ LOGON_SERVER_TRUST_ACCOUNT

#define LOGON_SERVER_TRUST_ACCOUNT   0x80

Definition at line 783 of file ntifs.template.h.

◆ LOGON_SUBAUTH_SESSION_KEY

#define LOGON_SUBAUTH_SESSION_KEY   0x40

Definition at line 782 of file ntifs.template.h.

◆ LOGON_USED_LM_PASSWORD

#define LOGON_USED_LM_PASSWORD   0x08

Definition at line 780 of file ntifs.template.h.

◆ LPC_CLIENT_ID

#define LPC_CLIENT_ID   CLIENT_ID

Definition at line 1585 of file ntifs.template.h.

◆ LPC_HANDLE

#define LPC_HANDLE   HANDLE

Definition at line 1588 of file ntifs.template.h.

◆ LPC_KERNELMODE_MESSAGE

#define LPC_KERNELMODE_MESSAGE   (CSHORT)((USHORT)0x8000)

Definition at line 1624 of file ntifs.template.h.

◆ LPC_PVOID

#define LPC_PVOID   PVOID

Definition at line 1587 of file ntifs.template.h.

◆ LPC_SIZE_T

#define LPC_SIZE_T   SIZE_T

Definition at line 1586 of file ntifs.template.h.

◆ MAILSLOT_CLASS_FIRSTCLASS

#define MAILSLOT_CLASS_FIRSTCLASS   1

Definition at line 1326 of file ntifs.template.h.

◆ MAILSLOT_CLASS_SECONDCLASS

#define MAILSLOT_CLASS_SECONDCLASS   2

Definition at line 1327 of file ntifs.template.h.

◆ MAILSLOT_SIZE_AUTO

#define MAILSLOT_SIZE_AUTO   0

Definition at line 1329 of file ntifs.template.h.

◆ MAP_HIGH_PRIORITY

#define MAP_HIGH_PRIORITY   (64)

Definition at line 1257 of file ntifs.template.h.

◆ MAP_NO_READ

#define MAP_NO_READ   (16)

Definition at line 1256 of file ntifs.template.h.

◆ MAP_WAIT

#define MAP_WAIT   1

Definition at line 1255 of file ntifs.template.h.

◆ MAX_UNICODE_STACK_BUFFER_LENGTH

#define MAX_UNICODE_STACK_BUFFER_LENGTH   256

Definition at line 654 of file ntifs.template.h.

◆ MEM_DOS_LIM

#define MEM_DOS_LIM   0x40000000

Definition at line 1331 of file ntifs.template.h.

◆ METHOD_DIRECT_FROM_HARDWARE

#define METHOD_DIRECT_FROM_HARDWARE   METHOD_OUT_DIRECT

Definition at line 659 of file ntifs.template.h.

◆ METHOD_DIRECT_TO_HARDWARE

#define METHOD_DIRECT_TO_HARDWARE   METHOD_IN_DIRECT

Definition at line 658 of file ntifs.template.h.

◆ METHOD_FROM_CTL_CODE

#define METHOD_FROM_CTL_CODE (   ctrlCode)    ((ULONG)(ctrlCode & 3))

Definition at line 656 of file ntifs.template.h.

◆ MSV1_0_ALLOW_FORCE_GUEST

#define MSV1_0_ALLOW_FORCE_GUEST   0x00002000

Definition at line 755 of file ntifs.template.h.

◆ MSV1_0_ALLOW_MSVCHAPV2

#define MSV1_0_ALLOW_MSVCHAPV2   0x00010000

Definition at line 763 of file ntifs.template.h.

◆ MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT

#define MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT   0x20

Definition at line 746 of file ntifs.template.h.

◆ MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT

#define MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT   0x800

Definition at line 752 of file ntifs.template.h.

◆ MSV1_0_CHALLENGE_LENGTH

#define MSV1_0_CHALLENGE_LENGTH   8

Definition at line 738 of file ntifs.template.h.

◆ MSV1_0_CLEARTEXT_PASSWORD_ALLOWED

#define MSV1_0_CLEARTEXT_PASSWORD_ALLOWED   0x02

Definition at line 742 of file ntifs.template.h.

◆ MSV1_0_CRED_LM_PRESENT

#define MSV1_0_CRED_LM_PRESENT   0x1

Definition at line 805 of file ntifs.template.h.

◆ MSV1_0_CRED_NT_PRESENT

#define MSV1_0_CRED_NT_PRESENT   0x2

Definition at line 806 of file ntifs.template.h.

◆ MSV1_0_CRED_VERSION

#define MSV1_0_CRED_VERSION   0

Definition at line 807 of file ntifs.template.h.

◆ MSV1_0_DISABLE_PERSONAL_FALLBACK

#define MSV1_0_DISABLE_PERSONAL_FALLBACK   0x00001000

Definition at line 754 of file ntifs.template.h.

◆ MSV1_0_DONT_TRY_GUEST_ACCOUNT

#define MSV1_0_DONT_TRY_GUEST_ACCOUNT   0x10

Definition at line 745 of file ntifs.template.h.

◆ MSV1_0_LANMAN_SESSION_KEY_LENGTH

#define MSV1_0_LANMAN_SESSION_KEY_LENGTH   8

Definition at line 740 of file ntifs.template.h.

◆ MSV1_0_MAX_AVL_SIZE

#define MSV1_0_MAX_AVL_SIZE   64000

Definition at line 817 of file ntifs.template.h.

◆ MSV1_0_MAX_NTLM3_LIFE

#define MSV1_0_MAX_NTLM3_LIFE   129600

Definition at line 815 of file ntifs.template.h.

◆ MSV1_0_MNS_LOGON

#define MSV1_0_MNS_LOGON   0x01000000

Definition at line 772 of file ntifs.template.h.

◆ MSV1_0_NTLM3_INPUT_LENGTH

#define MSV1_0_NTLM3_INPUT_LENGTH   (sizeof(MSV1_0_NTLM3_RESPONSE) - MSV1_0_NTLM3_RESPONSE_LENGTH)

Definition at line 829 of file ntifs.template.h.

◆ MSV1_0_NTLM3_OWF_LENGTH

#define MSV1_0_NTLM3_OWF_LENGTH   16

Definition at line 810 of file ntifs.template.h.

◆ MSV1_0_NTLM3_RESPONSE_LENGTH

#define MSV1_0_NTLM3_RESPONSE_LENGTH   16

Definition at line 809 of file ntifs.template.h.

◆ MSV1_0_OWF_PASSWORD_LENGTH

#define MSV1_0_OWF_PASSWORD_LENGTH   16

Definition at line 804 of file ntifs.template.h.

◆ MSV1_0_PACKAGE_NAME

#define MSV1_0_PACKAGE_NAME   "MICROSOFT_AUTHENTICATION_PACKAGE_V1_0"

Definition at line 731 of file ntifs.template.h.

◆ MSV1_0_PACKAGE_NAMEW

#define MSV1_0_PACKAGE_NAMEW   L"MICROSOFT_AUTHENTICATION_PACKAGE_V1_0"

Definition at line 732 of file ntifs.template.h.

◆ MSV1_0_PACKAGE_NAMEW_LENGTH

#define MSV1_0_PACKAGE_NAMEW_LENGTH   sizeof(MSV1_0_PACKAGE_NAMEW) - sizeof(WCHAR)

Definition at line 733 of file ntifs.template.h.

◆ MSV1_0_RETURN_PASSWORD_EXPIRY

#define MSV1_0_RETURN_PASSWORD_EXPIRY   0x40

Definition at line 747 of file ntifs.template.h.

◆ MSV1_0_RETURN_PROFILE_PATH

#define MSV1_0_RETURN_PROFILE_PATH   0x200

Definition at line 750 of file ntifs.template.h.

◆ MSV1_0_RETURN_USER_PARAMETERS

#define MSV1_0_RETURN_USER_PARAMETERS   0x08

Definition at line 744 of file ntifs.template.h.

◆ MSV1_0_SUBAUTHENTICATION_DLL

#define MSV1_0_SUBAUTHENTICATION_DLL   0xFF000000

Definition at line 770 of file ntifs.template.h.

◆ MSV1_0_SUBAUTHENTICATION_DLL_EX

#define MSV1_0_SUBAUTHENTICATION_DLL_EX   0x00100000

Definition at line 762 of file ntifs.template.h.

◆ MSV1_0_SUBAUTHENTICATION_DLL_IIS

#define MSV1_0_SUBAUTHENTICATION_DLL_IIS   132

Definition at line 775 of file ntifs.template.h.

◆ MSV1_0_SUBAUTHENTICATION_DLL_RAS

#define MSV1_0_SUBAUTHENTICATION_DLL_RAS   2

Definition at line 774 of file ntifs.template.h.

◆ MSV1_0_SUBAUTHENTICATION_DLL_SHIFT

#define MSV1_0_SUBAUTHENTICATION_DLL_SHIFT   24

Definition at line 771 of file ntifs.template.h.

◆ MSV1_0_SUBAUTHENTICATION_FLAGS

#define MSV1_0_SUBAUTHENTICATION_FLAGS   0xFF000000

Definition at line 800 of file ntifs.template.h.

◆ MSV1_0_SUBAUTHENTICATION_KEY

#define MSV1_0_SUBAUTHENTICATION_KEY   "SYSTEM\\CurrentControlSet\\Control\\Lsa\\MSV1_0"

Definition at line 735 of file ntifs.template.h.

◆ MSV1_0_SUBAUTHENTICATION_VALUE

#define MSV1_0_SUBAUTHENTICATION_VALUE   "Auth"

Definition at line 736 of file ntifs.template.h.

◆ MSV1_0_TRY_GUEST_ACCOUNT_ONLY

#define MSV1_0_TRY_GUEST_ACCOUNT_ONLY   0x100

Definition at line 749 of file ntifs.template.h.

◆ MSV1_0_TRY_SPECIFIED_DOMAIN_ONLY

#define MSV1_0_TRY_SPECIFIED_DOMAIN_ONLY   0x400

Definition at line 751 of file ntifs.template.h.

◆ MSV1_0_UPDATE_LOGON_STATISTICS

#define MSV1_0_UPDATE_LOGON_STATISTICS   0x04

Definition at line 743 of file ntifs.template.h.

◆ MSV1_0_USE_CLIENT_CHALLENGE

#define MSV1_0_USE_CLIENT_CHALLENGE   0x80

Definition at line 748 of file ntifs.template.h.

◆ MSV1_0_USER_SESSION_KEY_LENGTH

#define MSV1_0_USER_SESSION_KEY_LENGTH   16

Definition at line 739 of file ntifs.template.h.

◆ NETWORK_OPEN_ECP_IN_FLAG_DISABLE_HANDLE_COLLAPSING

#define NETWORK_OPEN_ECP_IN_FLAG_DISABLE_HANDLE_COLLAPSING   0x1

Definition at line 1158 of file ntifs.template.h.

◆ NETWORK_OPEN_ECP_IN_FLAG_DISABLE_HANDLE_DURABILITY

#define NETWORK_OPEN_ECP_IN_FLAG_DISABLE_HANDLE_DURABILITY   0x2

Definition at line 1159 of file ntifs.template.h.

◆ NETWORK_OPEN_ECP_IN_FLAG_FORCE_BUFFERED_SYNCHRONOUS_IO_HACK

#define NETWORK_OPEN_ECP_IN_FLAG_FORCE_BUFFERED_SYNCHRONOUS_IO_HACK   0x80000000

Definition at line 1160 of file ntifs.template.h.

◆ NLS_OEM_LEAD_BYTE_INFO

#define NLS_OEM_LEAD_BYTE_INFO   (*NlsOemLeadByteInfo)

Definition at line 1137 of file ntifs.template.h.

◆ OB_TYPE_ADAPTER

#define OB_TYPE_ADAPTER   18

Definition at line 1350 of file ntifs.template.h.

◆ OB_TYPE_CONTROLLER

#define OB_TYPE_CONTROLLER   19

Definition at line 1351 of file ntifs.template.h.

◆ OB_TYPE_DESKTOP

#define OB_TYPE_DESKTOP   14

Definition at line 1346 of file ntifs.template.h.

◆ OB_TYPE_DEVICE

#define OB_TYPE_DEVICE   20

Definition at line 1352 of file ntifs.template.h.

◆ OB_TYPE_DIRECTORY

#define OB_TYPE_DIRECTORY   2

Definition at line 1334 of file ntifs.template.h.

◆ OB_TYPE_DRIVER

#define OB_TYPE_DRIVER   21

Definition at line 1353 of file ntifs.template.h.

◆ OB_TYPE_EVENT

#define OB_TYPE_EVENT   7

Definition at line 1339 of file ntifs.template.h.

◆ OB_TYPE_EVENT_PAIR

#define OB_TYPE_EVENT_PAIR   8

Definition at line 1340 of file ntifs.template.h.

◆ OB_TYPE_FILE

#define OB_TYPE_FILE   23

Definition at line 1355 of file ntifs.template.h.

◆ OB_TYPE_IO_COMPLETION

#define OB_TYPE_IO_COMPLETION   22

Definition at line 1354 of file ntifs.template.h.

◆ OB_TYPE_KEY

#define OB_TYPE_KEY   16

Definition at line 1348 of file ntifs.template.h.

◆ OB_TYPE_MUTANT

#define OB_TYPE_MUTANT   9

Definition at line 1341 of file ntifs.template.h.

◆ OB_TYPE_PORT

#define OB_TYPE_PORT   17

Definition at line 1349 of file ntifs.template.h.

◆ OB_TYPE_PROCESS

#define OB_TYPE_PROCESS   5

Definition at line 1337 of file ntifs.template.h.

◆ OB_TYPE_PROFILE

#define OB_TYPE_PROFILE   12

Definition at line 1344 of file ntifs.template.h.

◆ OB_TYPE_SECTION

#define OB_TYPE_SECTION   15

Definition at line 1347 of file ntifs.template.h.

◆ OB_TYPE_SEMAPHORE

#define OB_TYPE_SEMAPHORE   10

Definition at line 1342 of file ntifs.template.h.

◆ OB_TYPE_SYMBOLIC_LINK

#define OB_TYPE_SYMBOLIC_LINK   3

Definition at line 1335 of file ntifs.template.h.

◆ OB_TYPE_THREAD

#define OB_TYPE_THREAD   6

Definition at line 1338 of file ntifs.template.h.

◆ OB_TYPE_TIMER

#define OB_TYPE_TIMER   11

Definition at line 1343 of file ntifs.template.h.

◆ OB_TYPE_TOKEN

#define OB_TYPE_TOKEN   4

Definition at line 1336 of file ntifs.template.h.

◆ OB_TYPE_TYPE

#define OB_TYPE_TYPE   1

Definition at line 1333 of file ntifs.template.h.

◆ OB_TYPE_WINDOW_STATION

#define OB_TYPE_WINDOW_STATION   13

Definition at line 1345 of file ntifs.template.h.

◆ PIN_CALLER_TRACKS_DIRTY_DATA

#define PIN_CALLER_TRACKS_DIRTY_DATA   (32)

Definition at line 1252 of file ntifs.template.h.

◆ PIN_EXCLUSIVE

#define PIN_EXCLUSIVE   (2)

Definition at line 1249 of file ntifs.template.h.

◆ PIN_HIGH_PRIORITY

#define PIN_HIGH_PRIORITY   (64)

Definition at line 1253 of file ntifs.template.h.

◆ PIN_IF_BCB

#define PIN_IF_BCB   (8)

Definition at line 1251 of file ntifs.template.h.

◆ PIN_NO_READ

#define PIN_NO_READ   (4)

Definition at line 1250 of file ntifs.template.h.

◆ PIN_WAIT

#define PIN_WAIT   (1)

Definition at line 1248 of file ntifs.template.h.

◆ PsDereferenceImpersonationToken

#define PsDereferenceImpersonationToken (   T)
Value:
{if (ARGUMENT_PRESENT(T)) { \
} else { \
; \
} \
}
#define T
Definition: mbstring.h:31
#define ARGUMENT_PRESENT(ArgumentPointer)
#define ObDereferenceObject
Definition: obfuncs.h:203

Definition at line 1759 of file ntifs.template.h.

◆ RETURN_NON_NT_USER_SESSION_KEY

#define RETURN_NON_NT_USER_SESSION_KEY   0x08

Definition at line 838 of file ntifs.template.h.

◆ RETURN_PRIMARY_LOGON_DOMAINNAME

#define RETURN_PRIMARY_LOGON_DOMAINNAME   0x04

Definition at line 837 of file ntifs.template.h.

◆ RETURN_PRIMARY_USERNAME

#define RETURN_PRIMARY_USERNAME   0x02

Definition at line 836 of file ntifs.template.h.

◆ RETURN_RESERVED_PARAMETER

#define RETURN_RESERVED_PARAMETER   0x80

Definition at line 842 of file ntifs.template.h.

◆ SEC_BASED

#define SEC_BASED   0x00200000

Definition at line 1357 of file ntifs.template.h.

◆ SeEnableAccessToExports

#define SeEnableAccessToExports ( )    SeExports = *(PSE_EXPORTS *)SeExports;

Definition at line 1786 of file ntifs.template.h.

◆ SetFlag

#define SetFlag (   _F,
  _SF 
)    ((_F) |= (_SF))

◆ SYSTEM_PAGE_PRIORITY_BITS

#define SYSTEM_PAGE_PRIORITY_BITS   3

Definition at line 1082 of file ntifs.template.h.

◆ SYSTEM_PAGE_PRIORITY_LEVELS

#define SYSTEM_PAGE_PRIORITY_LEVELS   (1 << SYSTEM_PAGE_PRIORITY_BITS)

Definition at line 1083 of file ntifs.template.h.

◆ USE_PRIMARY_PASSWORD

#define USE_PRIMARY_PASSWORD   0x01

Definition at line 835 of file ntifs.template.h.

◆ VER_PRODUCTBUILD

#define VER_PRODUCTBUILD   10000

Definition at line 1286 of file ntifs.template.h.

◆ VOLSNAPCONTROLTYPE

#define VOLSNAPCONTROLTYPE   0x00000053

Definition at line 1281 of file ntifs.template.h.

Typedef Documentation

◆ FILE_COPY_ON_WRITE_INFORMATION

◆ FILE_EXCLUSIVE_LOCK_ENTRY

◆ FILE_FULL_DIRECTORY_INFORMATION

◆ FILE_MAILSLOT_PEEK_BUFFER

◆ FILE_OLE_ALL_INFORMATION

◆ FILE_OLE_CLASSID_INFORMATION

◆ FILE_OLE_DIR_INFORMATION

◆ FILE_OLE_INFORMATION

◆ FILE_OLE_STATE_BITS_INFORMATION

◆ FILE_SHARED_LOCK_ENTRY

◆ FILE_STORAGE_TYPE

◆ GET_RETRIEVAL_DESCRIPTOR

◆ LSA_OBJECT_ATTRIBUTES

Definition at line 66 of file ntifs.template.h.

◆ LSA_OPERATIONAL_MODE

Definition at line 661 of file ntifs.template.h.

◆ LSA_STRING

typedef STRING LSA_STRING

Definition at line 65 of file ntifs.template.h.

◆ MAPPING_PAIR

◆ MOVEFILE_DESCRIPTOR

◆ MSV1_0_AV_PAIR

◆ MSV1_0_AVID

◆ MSV1_0_ENUMUSERS_REQUEST

◆ MSV1_0_ENUMUSERS_RESPONSE

◆ MSV1_0_GETCHALLENRESP_REQUEST

◆ MSV1_0_GETCHALLENRESP_REQUEST_V1

◆ MSV1_0_GETCHALLENRESP_RESPONSE

◆ MSV1_0_GETUSERINFO_REQUEST

◆ MSV1_0_GETUSERINFO_RESPONSE

◆ MSV1_0_INTERACTIVE_LOGON

◆ MSV1_0_INTERACTIVE_PROFILE

◆ MSV1_0_LM20_CHALLENGE_REQUEST

◆ MSV1_0_LM20_CHALLENGE_RESPONSE

◆ MSV1_0_LM20_LOGON

◆ MSV1_0_LM20_LOGON_PROFILE

◆ MSV1_0_LOGON_SUBMIT_TYPE

◆ MSV1_0_NTLM3_RESPONSE

◆ MSV1_0_PROFILE_BUFFER_TYPE

◆ MSV1_0_PROTOCOL_MESSAGE_TYPE

◆ MSV1_0_SUBAUTH_LOGON

◆ MSV1_0_SUPPLEMENTAL_CREDENTIAL

◆ NETWORK_OPEN_ECP_CONTEXT

◆ NETWORK_OPEN_ECP_CONTEXT_V0

◆ NETWORK_OPEN_INTEGRITY_QUALIFIER

◆ NETWORK_OPEN_LOCATION_QUALIFIER

◆ NFS_OPEN_ECP_CONTEXT

◆ OBJECT_ALL_TYPES_INFO

◆ OBJECT_BASIC_INFO

◆ OBJECT_BASIC_INFORMATION

◆ OBJECT_HANDLE_ATTRIBUTE_INFO

◆ OBJECT_NAME_INFO

◆ OBJECT_PROTECTION_INFO

◆ OBJECT_TYPE_INFO

◆ PFILE_COPY_ON_WRITE_INFORMATION

◆ PFILE_EXCLUSIVE_LOCK_ENTRY

◆ PFILE_FULL_DIRECTORY_INFORMATION

◆ PFILE_MAILSLOT_PEEK_BUFFER

◆ PFILE_OLE_ALL_INFORMATION

◆ PFILE_OLE_CLASSID_INFORMATION

◆ PFILE_OLE_DIR_INFORMATION

◆ PFILE_OLE_INFORMATION

◆ PFILE_OLE_STATE_BITS_INFORMATION

◆ PFILE_SHARED_LOCK_ENTRY

◆ PGET_RETRIEVAL_DESCRIPTOR

◆ PLSA_OBJECT_ATTRIBUTES

Definition at line 66 of file ntifs.template.h.

◆ PLSA_OPERATIONAL_MODE

Definition at line 661 of file ntifs.template.h.

◆ PLSA_STRING

typedef STRING * PLSA_STRING

Definition at line 65 of file ntifs.template.h.

◆ PMAPPING_PAIR

◆ PMOVEFILE_DESCRIPTOR

◆ PMSV1_0_AV_PAIR

◆ PMSV1_0_ENUMUSERS_REQUEST

◆ PMSV1_0_ENUMUSERS_RESPONSE

◆ PMSV1_0_GETCHALLENRESP_REQUEST

◆ PMSV1_0_GETCHALLENRESP_REQUEST_V1

◆ PMSV1_0_GETCHALLENRESP_RESPONSE

◆ PMSV1_0_GETUSERINFO_REQUEST

◆ PMSV1_0_GETUSERINFO_RESPONSE

◆ PMSV1_0_INTERACTIVE_LOGON

◆ PMSV1_0_INTERACTIVE_PROFILE

◆ PMSV1_0_LM20_CHALLENGE_REQUEST

◆ PMSV1_0_LM20_CHALLENGE_RESPONSE

◆ PMSV1_0_LM20_LOGON

◆ PMSV1_0_LM20_LOGON_PROFILE

◆ PMSV1_0_LOGON_SUBMIT_TYPE

◆ PMSV1_0_NTLM3_RESPONSE

◆ PMSV1_0_PROFILE_BUFFER_TYPE

◆ PMSV1_0_PROTOCOL_MESSAGE_TYPE

◆ PMSV1_0_SUBAUTH_LOGON

◆ PMSV1_0_SUPPLEMENTAL_CREDENTIAL

◆ PNETWORK_OPEN_ECP_CONTEXT

◆ PNETWORK_OPEN_ECP_CONTEXT_V0

◆ PNFS_OPEN_ECP_CONTEXT

◆ POBJECT_ALL_TYPES_INFO

◆ POBJECT_BASIC_INFO

◆ POBJECT_BASIC_INFORMATION

◆ POBJECT_HANDLE_ATTRIBUTE_INFO

◆ POBJECT_NAME_INFO

◆ POBJECT_PROTECTION_INFO

◆ POBJECT_TYPE_INFO

◆ PORT_MESSAGE

◆ PORT_VIEW

◆ PPNFS_OPEN_ECP_CONTEXT

◆ PPORT_MESSAGE

◆ PPORT_VIEW

◆ PPREFETCH_OPEN_ECP_CONTEXT

◆ PPUBLIC_OBJECT_TYPE_INFORMATION

◆ PQUERY_PATH_REQUEST

◆ PQUERY_PATH_REQUEST_EX

◆ PQUERY_PATH_RESPONSE

◆ PREFETCH_OPEN_ECP_CONTEXT

◆ PREMOTE_PORT_VIEW

◆ PSECURITY_LOGON_TYPE

◆ PSOCKADDR_STORAGE_NFS

Definition at line 1231 of file ntifs.template.h.

◆ PSRV_OPEN_ECP_CONTEXT

◆ PUBLIC_OBJECT_TYPE_INFORMATION

◆ PVAD_HEADER

◆ QUERY_PATH_REQUEST

◆ QUERY_PATH_REQUEST_EX

◆ QUERY_PATH_RESPONSE

◆ REMOTE_PORT_VIEW

◆ SECURITY_LOGON_TYPE

◆ SRV_OPEN_ECP_CONTEXT

◆ VAD_HEADER

Enumeration Type Documentation

◆ _FILE_STORAGE_TYPE

Enumerator
StorageTypeDefault 
StorageTypeDirectory 
StorageTypeFile 
StorageTypeJunctionPoint 
StorageTypeCatalog 
StorageTypeStructuredStorage 
StorageTypeEmbedding 
StorageTypeStream 

Definition at line 1387 of file ntifs.template.h.

◆ _MSV1_0_AVID

Enumerator
MsvAvEOL 
MsvAvNbComputerName 
MsvAvNbDomainName 
MsvAvDnsComputerName 
MsvAvDnsDomainName 

Definition at line 959 of file ntifs.template.h.

959  {
960  MsvAvEOL,
965 #if (_WIN32_WINNT >= 0x0501)
966  MsvAvDnsTreeName,
967  MsvAvFlags,
968 #if (_WIN32_WINNT >= 0x0600)
969  MsvAvTimestamp,
970  MsvAvRestrictions,
971  MsvAvTargetName,
972  MsvAvChannelBindings,
973 #endif
974 #endif
975 } MSV1_0_AVID;
enum _MSV1_0_AVID MSV1_0_AVID

◆ _MSV1_0_LOGON_SUBMIT_TYPE

Enumerator
MsV1_0InteractiveLogon 
MsV1_0Lm20Logon 
MsV1_0NetworkLogon 
MsV1_0SubAuthLogon 
MsV1_0WorkstationUnlockLogon 
MsV1_0InteractiveLogon 
MsV1_0Lm20Logon 
MsV1_0NetworkLogon 
MsV1_0SubAuthLogon 
MsV1_0WorkstationUnlockLogon 
MsV1_0S4ULogon 
MsV1_0VirtualLogon 

Definition at line 850 of file ntifs.template.h.

◆ _MSV1_0_PROFILE_BUFFER_TYPE

Enumerator
MsV1_0InteractiveProfile 
MsV1_0Lm20LogonProfile 
MsV1_0SmartCardProfile 
MsV1_0InteractiveProfile 
MsV1_0Lm20LogonProfile 
MsV1_0SmartCardProfile 

Definition at line 860 of file ntifs.template.h.

860  {
enum _MSV1_0_PROFILE_BUFFER_TYPE * PMSV1_0_PROFILE_BUFFER_TYPE
enum _MSV1_0_PROFILE_BUFFER_TYPE MSV1_0_PROFILE_BUFFER_TYPE

◆ _MSV1_0_PROTOCOL_MESSAGE_TYPE

Enumerator
MsV1_0Lm20ChallengeRequest 
MsV1_0Lm20GetChallengeResponse 
MsV1_0EnumerateUsers 
MsV1_0GetUserInfo 
MsV1_0ReLogonUsers 
MsV1_0ChangePassword 
MsV1_0ChangeCachedPassword 
MsV1_0GenericPassthrough 
MsV1_0CacheLogon 
MsV1_0SubAuth 
MsV1_0DeriveCredential 
MsV1_0CacheLookup 
MsV1_0SetProcessOption 
MsV1_0Lm20ChallengeRequest 
MsV1_0Lm20GetChallengeResponse 
MsV1_0EnumerateUsers 
MsV1_0GetUserInfo 
MsV1_0ReLogonUsers 
MsV1_0ChangePassword 
MsV1_0ChangeCachedPassword 
MsV1_0GenericPassthrough 
MsV1_0CacheLogon 
MsV1_0SubAuth 
MsV1_0DeriveCredential 
MsV1_0CacheLookup 

Definition at line 982 of file ntifs.template.h.

982  {
995 #if (_WIN32_WINNT >= 0x0501)
997 #endif
998 #if (_WIN32_WINNT >= 0x0600)
999  MsV1_0ConfigLocalAliases,
1000  MsV1_0ClearCachedCredentials,
1001 #endif
enum _MSV1_0_PROTOCOL_MESSAGE_TYPE * PMSV1_0_PROTOCOL_MESSAGE_TYPE
enum _MSV1_0_PROTOCOL_MESSAGE_TYPE MSV1_0_PROTOCOL_MESSAGE_TYPE

◆ _NETWORK_OPEN_INTEGRITY_QUALIFIER

Enumerator
NetworkOpenIntegrityAny 
NetworkOpenIntegrityNone 
NetworkOpenIntegritySigned 
NetworkOpenIntegrityEncrypted 
NetworkOpenIntegrityMaximum 

Definition at line 1148 of file ntifs.template.h.

◆ _NETWORK_OPEN_LOCATION_QUALIFIER

Enumerator
NetworkOpenLocationAny 
NetworkOpenLocationRemote 
NetworkOpenLocationLoopback 

Definition at line 1142 of file ntifs.template.h.

◆ _SECURITY_LOGON_TYPE

Enumerator
Interactive 
Network 
Batch 
Service 
Proxy 
Unlock 
UndefinedLogonType 
Interactive 
Network 
Batch 
Service 
Proxy 
Unlock 
NetworkCleartext 
NewCredentials 

Definition at line 663 of file ntifs.template.h.

663  {
664  UndefinedLogonType = 0,
665  Interactive = 2,
666  Network,
667  Batch,
668  Service,
669  Proxy,
670  Unlock,
673 #if (_WIN32_WINNT >= 0x0501)
674  RemoteInteractive,
675  CachedInteractive,
676 #endif
677 #if (_WIN32_WINNT >= 0x0502)
678  CachedRemoteInteractive,
679  CachedUnlock
680 #endif
enum _SECURITY_LOGON_TYPE SECURITY_LOGON_TYPE
enum _SECURITY_LOGON_TYPE * PSECURITY_LOGON_TYPE

Function Documentation

◆ $define()

$define ( UCHAR  = UCHAR)

◆ $include() [1/3]

$include ( setypes.  h)

◆ $include() [2/3]

$include ( iotypes.  h)

Definition at line 1067 of file ntifs.template.h.

1069  {
1070  ULONG Attributes;
1072  ULONG HandleCount;
1073  ULONG PointerCount;
1074  ULONG Reserved[10];
_Reserved_ PVOID Reserved
Definition: winddi.h:3974
PUBLIC_OBJECT_BASIC_INFORMATION
* PPUBLIC_OBJECT_BASIC_INFORMATION
unsigned int ULONG
Definition: retypes.h:1
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK GrantedAccess
Definition: sefuncs.h:13
ULONG ACCESS_MASK
Definition: nt_native.h:40
_Must_inspect_result_ _In_ WDFDMAENABLER _In_ _In_opt_ PWDF_OBJECT_ATTRIBUTES Attributes

◆ $include() [3/3]

$include ( ketypes.  h)

◆ _In_reads_bytes_()

◆ _IRQL_requires_max_()

_IRQL_requires_max_ ( PASSIVE_LEVEL  )

Definition at line 64 of file Messaging.c.

75 {
76  PFLT_SERVER_PORT_OBJECT PortObject;
78 
79  /* The caller must allow at least one connection */
80  if (MaxConnections == 0)
81  {
83  }
84 
85  /* The request must be for a kernel handle */
86  if (!(ObjectAttributes->Attributes & OBJ_KERNEL_HANDLE))
87  {
89  }
90 
91  /*
92  * Get rundown protection on the target to stop the owner
93  * from unloading whilst this port object is open. It gets
94  * removed in the FltpServerPortClose callback
95  */
97  if (!NT_SUCCESS(Status))
98  {
99  return Status;
100  }
101 
102  /* Create the server port object for this filter */
106  KernelMode,
107  NULL,
108  sizeof(FLT_SERVER_PORT_OBJECT),
109  0,
110  0,
111  (PVOID *)&PortObject);
112  if (NT_SUCCESS(Status))
113  {
114  /* Zero out the struct */
115  RtlZeroMemory(PortObject, sizeof(FLT_SERVER_PORT_OBJECT));
116 
117  /* Increment the ref count on the target filter */
119 
120  /* Setup the filter port object */
121  PortObject->Filter = Filter;
122  PortObject->ConnectNotify = ConnectNotifyCallback;
124  PortObject->MessageNotify = MessageNotifyCallback;
125  PortObject->Cookie = ServerPortCookie;
126  PortObject->MaxConnections = MaxConnections;
127 
128  /* Insert the object */
129  Status = ObInsertObject(PortObject,
130  NULL,
132  0,
133  NULL,
135  if (NT_SUCCESS(Status))
136  {
137  /* Lock the connection list */
139 
140  /* Add the new port object to the connection list and increment the count */
143 
144  /* Unlock the connection list*/
146  }
147  }
148 
149  if (!NT_SUCCESS(Status))
150  {
151  /* Allow the filter to be cleaned up */
153  }
154 
155  return Status;
156 }
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:35
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
_Must_inspect_result_ _Outptr_ PFLT_PORT * ServerPort
Definition: fltkernel.h:1873
PFLT_CONNECT_NOTIFY ConnectNotify
Definition: fltmgrint.h:191
VOID FLTAPI FltObjectDereference(_Inout_ PVOID Object)
Definition: Object.c:53
LONG NTSTATUS
Definition: precomp.h:26
#define InsertTailList(ListHead, Entry)
#define OBJ_KERNEL_HANDLE
Definition: winternl.h:231
VOID FASTCALL ExReleaseFastMutex(IN PFAST_MUTEX FastMutex)
Definition: fmutex.c:31
ULONG FltpObjectPointerReference(_In_ PFLT_OBJECT Object)
Definition: Object.c:322
LIST_ENTRY mList
Definition: fltmgrint.h:56
_Must_inspect_result_ _In_opt_ PFLT_FILTER Filter
Definition: fltkernel.h:1802
#define FILE_READ_DATA
Definition: nt_native.h:628
NTSTATUS NTAPI ObCreateObject(IN KPROCESSOR_MODE ProbeMode OPTIONAL, IN POBJECT_TYPE Type, IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN KPROCESSOR_MODE AccessMode, IN OUT PVOID ParseContext OPTIONAL, IN ULONG ObjectSize, IN ULONG PagedPoolCharge OPTIONAL, IN ULONG NonPagedPoolCharge OPTIONAL, OUT PVOID *Object)
Definition: oblife.c:952
Status
Definition: gdiplustypes.h:24
POBJECT_TYPE ServerPortObjectType
Definition: Messaging.c:24
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
_Must_inspect_result_ _Outptr_ PFLT_PORT _In_ POBJECT_ATTRIBUTES _In_opt_ PVOID _In_ PFLT_CONNECT_NOTIFY _In_ PFLT_DISCONNECT_NOTIFY DisconnectNotifyCallback
Definition: fltkernel.h:1873
PVOID *typedef PHANDLE
Definition: ntsecpkg.h:454
_Must_inspect_result_ _Outptr_ PFLT_PORT _In_ POBJECT_ATTRIBUTES _In_opt_ PVOID _In_ PFLT_CONNECT_NOTIFY ConnectNotifyCallback
Definition: fltkernel.h:1873
NTSTATUS NTAPI ObInsertObject(IN PVOID Object, IN PACCESS_STATE AccessState OPTIONAL, IN ACCESS_MASK DesiredAccess, IN ULONG ObjectPointerBias, OUT PVOID *NewObject OPTIONAL, OUT PHANDLE Handle)
Definition: obhandle.c:2931
#define STANDARD_RIGHTS_ALL
Definition: nt_native.h:69
VOID FASTCALL ExAcquireFastMutex(IN PFAST_MUTEX FastMutex)
Definition: fmutex.c:23
NTSTATUS FLTAPI FltObjectReference(_Inout_ PVOID Object)
Definition: Object.c:41
_Must_inspect_result_ _Outptr_ PFLT_PORT _In_ POBJECT_ATTRIBUTES _In_opt_ PVOID ServerPortCookie
Definition: fltkernel.h:1873
#define NULL
Definition: types.h:112
FAST_MUTEX mLock
Definition: fltmgrint.h:55
PFLT_MESSAGE_NOTIFY MessageNotify
Definition: fltmgrint.h:193
#define RtlZeroMemory(Destination, Length)
Definition: typedefs.h:262
_Must_inspect_result_ _Outptr_ PFLT_PORT _In_ POBJECT_ATTRIBUTES _In_opt_ PVOID _In_ PFLT_CONNECT_NOTIFY _In_ PFLT_DISCONNECT_NOTIFY _In_opt_ PFLT_MESSAGE_NOTIFY _In_ LONG MaxConnections
Definition: fltkernel.h:1873
PFLT_DISCONNECT_NOTIFY DisconnectNotify
Definition: fltmgrint.h:192
_Must_inspect_result_ _Outptr_ PFLT_PORT _In_ POBJECT_ATTRIBUTES _In_opt_ PVOID _In_ PFLT_CONNECT_NOTIFY _In_ PFLT_DISCONNECT_NOTIFY _In_opt_ PFLT_MESSAGE_NOTIFY MessageNotifyCallback
Definition: fltkernel.h:1873
FLT_MUTEX_LIST_HEAD ConnectionList
Definition: fltmgrint.h:121

◆ _Out_writes_bytes_opt_() [1/2]

◆ _Out_writes_bytes_opt_() [2/2]

_In_ SECURITY_INFORMATION _Out_writes_bytes_opt_ ( Length  )

◆ _Out_writes_bytes_to_opt_()

_In_ TOKEN_INFORMATION_CLASS _Out_writes_bytes_to_opt_ ( TokenInformationLength  ,
ReturnLength 
)

◆ _When_()

◆ C_ASSERT() [1/2]

C_ASSERT ( FIELD_OFFSET(ERESOURCE, ActiveCount)  = =0x0c)

◆ C_ASSERT() [2/2]

C_ASSERT ( FIELD_OFFSET(ERESOURCE, Flag = =0x0e)

◆ CcGetLsnForFileObject()

NTKERNELAPI LARGE_INTEGER NTAPI CcGetLsnForFileObject ( _In_ PFILE_OBJECT  FileObject,
_Out_opt_ PLARGE_INTEGER  OldestLsn 
)

◆ DEFINE_GUID() [1/4]

DEFINE_GUID ( GUID_ECP_NETWORK_OPEN_CONTEXT  ,
0xc584edbf  ,
0x00df  ,
0x4d28  ,
0xb8  ,
0x84  ,
0x35  ,
0xba  ,
0xca  ,
0x89  ,
0x11  ,
0xe8   
)

◆ DEFINE_GUID() [2/4]

DEFINE_GUID ( GUID_ECP_PREFETCH_OPEN  ,
0xe1777b21  ,
0x847e  ,
0x4837  ,
0xaa  ,
0x45  ,
0x64  ,
0x16  ,
0x1d  ,
0x28  ,
0x6  ,
0x55   
)

◆ DEFINE_GUID() [3/4]

DEFINE_GUID ( GUID_ECP_NFS_OPEN  ,
0xf326d30c  ,
0xe5f8  ,
0x4fe7  ,
0xab  ,
0x74  ,
0xf5  ,
0xa3  ,
0x19  ,
0x6d  ,
0x92  ,
0xdb   
)

◆ DEFINE_GUID() [4/4]

DEFINE_GUID ( GUID_ECP_SRV_OPEN  ,
0xbebfaebc  ,
0xaabf  ,
0x489d  ,
0x9d  ,
0x2c  ,
0xe9  ,
0xe3  ,
0x61  ,
0x10  ,
0x28  ,
0x53   
)

◆ FsRtlAllocatePool()

NTKERNELAPI PVOID NTAPI FsRtlAllocatePool ( _In_ POOL_TYPE  PoolType,
_In_ ULONG  NumberOfBytes 
)

◆ FsRtlAllocatePoolWithQuota()

NTKERNELAPI PVOID NTAPI FsRtlAllocatePoolWithQuota ( _In_ POOL_TYPE  PoolType,
_In_ ULONG  NumberOfBytes 
)

◆ FsRtlAllocatePoolWithQuotaTag()

NTKERNELAPI PVOID NTAPI FsRtlAllocatePoolWithQuotaTag ( _In_ POOL_TYPE  PoolType,
_In_ ULONG  NumberOfBytes,
_In_ ULONG  Tag 
)

◆ FsRtlAllocatePoolWithTag()

NTKERNELAPI PVOID NTAPI FsRtlAllocatePoolWithTag ( _In_ POOL_TYPE  PoolType,
_In_ ULONG  NumberOfBytes,
_In_ ULONG  Tag 
)

◆ FsRtlMdlReadComplete()

NTKERNELAPI BOOLEAN NTAPI FsRtlMdlReadComplete ( _In_ PFILE_OBJECT  FileObject,
_In_ PMDL  MdlChain 
)

◆ FsRtlMdlWriteComplete()

NTKERNELAPI BOOLEAN NTAPI FsRtlMdlWriteComplete ( _In_ PFILE_OBJECT  FileObject,
_In_ PLARGE_INTEGER  FileOffset,
_In_ PMDL  MdlChain 
)

◆ FsRtlNotifyChangeDirectory()

NTKERNELAPI VOID NTAPI FsRtlNotifyChangeDirectory ( _In_ PNOTIFY_SYNC  NotifySync,
_In_ PVOID  FsContext,
_In_ PSTRING  FullDirectoryName,
_In_ PLIST_ENTRY  NotifyList,
_In_ BOOLEAN  WatchTree,
_In_ ULONG  CompletionFilter,
_In_ PIRP  NotifyIrp 
)

◆ LsaFreeReturnBuffer()

_IRQL_requires_same_ NTSTATUS NTAPI LsaFreeReturnBuffer ( _In_ PVOID  Buffer)

◆ NtAccessCheckAndAuditAlarm()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAccessCheckAndAuditAlarm ( _In_ PUNICODE_STRING  SubsystemName,
_In_opt_ PVOID  HandleId,
_In_ PUNICODE_STRING  ObjectTypeName,
_In_ PUNICODE_STRING  ObjectName,
_In_ PSECURITY_DESCRIPTOR  SecurityDescriptor,
_In_ ACCESS_MASK  DesiredAccess,
_In_ PGENERIC_MAPPING  GenericMapping,
_In_ BOOLEAN  ObjectCreation,
_Out_ PACCESS_MASK  GrantedAccess,
_Out_ PNTSTATUS  AccessStatus,
_Out_ PBOOLEAN  GenerateOnClose 
)

Definition at line 1406 of file audit.c.

1418 {
1419  /* Call the internal function */
1420  return SepAccessCheckAndAuditAlarm(SubsystemName,
1421  HandleId,
1422  NULL,
1424  ObjectName,
1426  NULL,
1427  DesiredAccess,
1429  0,
1430  NULL,
1431  0,
1433  GrantedAccess,
1434  AccessStatus,
1436  FALSE);
1437 }
static POBJECTS_AND_NAME_A SE_OBJECT_TYPE LPSTR ObjectTypeName
Definition: security.c:77
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
Definition: wdfdevice.h:2654
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK _Out_ PNTSTATUS AccessStatus
Definition: sefuncs.h:13
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:182
_In_ PVOID _Out_opt_ PULONG_PTR _Outptr_opt_ PCUNICODE_STRING * ObjectName
Definition: cmfuncs.h:62
#define FALSE
Definition: types.h:117
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE _In_ BOOLEAN _In_ BOOLEAN _In_ KPROCESSOR_MODE _In_opt_ GUID _Out_ PBOOLEAN GenerateOnClose
Definition: sefuncs.h:414
static GENERIC_MAPPING GenericMapping
Definition: SeInheritance.c:11
#define NULL
Definition: types.h:112
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK GrantedAccess
Definition: sefuncs.h:13
_Must_inspect_result_ NTSTATUS NTAPI SepAccessCheckAndAuditAlarm(_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ PHANDLE ClientTokenHandle, _In_ PUNICODE_STRING ObjectTypeName, _In_ PUNICODE_STRING ObjectName, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_opt_ PSID PrincipalSelfSid, _In_ ACCESS_MASK DesiredAccess, _In_ AUDIT_EVENT_TYPE AuditType, _In_ ULONG Flags, _In_reads_opt_(ObjectTypeListLength) POBJECT_TYPE_LIST ObjectTypeList, _In_ ULONG ObjectTypeListLength, _In_ PGENERIC_MAPPING GenericMapping, _Out_writes_(ObjectTypeListLength) PACCESS_MASK GrantedAccessList, _Out_writes_(ObjectTypeListLength) PNTSTATUS AccessStatusList, _Out_ PBOOLEAN GenerateOnClose, _In_ BOOLEAN UseResultList)
Definition: audit.c:371

Referenced by AccessCheckAndAuditAlarmA(), and AccessCheckAndAuditAlarmW().

◆ NtAccessCheckByTypeAndAuditAlarm()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAccessCheckByTypeAndAuditAlarm ( _In_ PUNICODE_STRING  SubsystemName,
_In_opt_ PVOID  HandleId,
_In_ PUNICODE_STRING  ObjectTypeName,
_In_ PUNICODE_STRING  ObjectName,
_In_ PSECURITY_DESCRIPTOR  SecurityDescriptor,
_In_opt_ PSID  PrincipalSelfSid,
_In_ ACCESS_MASK  DesiredAccess,
_In_ AUDIT_EVENT_TYPE  AuditType,
_In_ ULONG  Flags,
_In_reads_opt_(ObjectTypeLength) POBJECT_TYPE_LIST  ObjectTypeList,
_In_ ULONG  ObjectTypeLength,
_In_ PGENERIC_MAPPING  GenericMapping,
_In_ BOOLEAN  ObjectCreation,
_Out_ PACCESS_MASK  GrantedAccess,
_Out_ PNTSTATUS  AccessStatus,
_Out_ PBOOLEAN  GenerateOnClose 
)

Definition at line 1443 of file audit.c.

1460 {
1461  /* Call the internal function */
1462  return SepAccessCheckAndAuditAlarm(SubsystemName,
1463  HandleId,
1464  NULL,
1466  ObjectName,
1468  PrincipalSelfSid,
1469  DesiredAccess,
1470  AuditType,
1471  Flags,
1472  ObjectTypeList,
1473  ObjectTypeLength,
1475  GrantedAccess,
1476  AccessStatus,
1478  FALSE);
1479 }
static POBJECTS_AND_NAME_A SE_OBJECT_TYPE LPSTR ObjectTypeName
Definition: security.c:77
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
Definition: wdfdevice.h:2654
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK _Out_ PNTSTATUS AccessStatus
Definition: sefuncs.h:13
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:182
_In_ PVOID _Out_opt_ PULONG_PTR _Outptr_opt_ PCUNICODE_STRING * ObjectName
Definition: cmfuncs.h:62
#define FALSE
Definition: types.h:117
_Must_inspect_result_ _In_ ULONG Flags
Definition: wsk.h:170
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE _In_ BOOLEAN _In_ BOOLEAN _In_ KPROCESSOR_MODE _In_opt_ GUID _Out_ PBOOLEAN GenerateOnClose
Definition: sefuncs.h:414
static GENERIC_MAPPING GenericMapping
Definition: SeInheritance.c:11
#define NULL
Definition: types.h:112
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK GrantedAccess
Definition: sefuncs.h:13
_Must_inspect_result_ NTSTATUS NTAPI SepAccessCheckAndAuditAlarm(_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ PHANDLE ClientTokenHandle, _In_ PUNICODE_STRING ObjectTypeName, _In_ PUNICODE_STRING ObjectName, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_opt_ PSID PrincipalSelfSid, _In_ ACCESS_MASK DesiredAccess, _In_ AUDIT_EVENT_TYPE AuditType, _In_ ULONG Flags, _In_reads_opt_(ObjectTypeListLength) POBJECT_TYPE_LIST ObjectTypeList, _In_ ULONG ObjectTypeListLength, _In_ PGENERIC_MAPPING GenericMapping, _Out_writes_(ObjectTypeListLength) PACCESS_MASK GrantedAccessList, _Out_writes_(ObjectTypeListLength) PNTSTATUS AccessStatusList, _Out_ PBOOLEAN GenerateOnClose, _In_ BOOLEAN UseResultList)
Definition: audit.c:371

◆ NtAccessCheckByTypeResultListAndAuditAlarm()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAccessCheckByTypeResultListAndAuditAlarm ( _In_ PUNICODE_STRING  SubsystemName,
_In_opt_ PVOID  HandleId,
_In_ PUNICODE_STRING  ObjectTypeName,
_In_ PUNICODE_STRING  ObjectName,
_In_ PSECURITY_DESCRIPTOR  SecurityDescriptor,
_In_opt_ PSID  PrincipalSelfSid,
_In_ ACCESS_MASK  DesiredAccess,
_In_ AUDIT_EVENT_TYPE  AuditType,
_In_ ULONG  Flags,
_In_reads_opt_(ObjectTypeListLength) POBJECT_TYPE_LIST  ObjectTypeList,
_In_ ULONG  ObjectTypeListLength,
_In_ PGENERIC_MAPPING  GenericMapping,
_In_ BOOLEAN  ObjectCreation,
_Out_writes_(ObjectTypeListLength) PACCESS_MASK  GrantedAccess,
_Out_writes_(ObjectTypeListLength) PNTSTATUS  AccessStatus,
_Out_ PBOOLEAN  GenerateOnClose 
)

Definition at line 1485 of file audit.c.

1502 {
1503  /* Call the internal function */
1504  return SepAccessCheckAndAuditAlarm(SubsystemName,
1505  HandleId,
1506  NULL,
1508  ObjectName,
1510  PrincipalSelfSid,
1511  DesiredAccess,
1512  AuditType,
1513  Flags,
1514  ObjectTypeList,
1515  ObjectTypeListLength,
1517  GrantedAccessList,
1518  AccessStatusList,
1520  TRUE);
1521 }
static POBJECTS_AND_NAME_A SE_OBJECT_TYPE LPSTR ObjectTypeName
Definition: security.c:77
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
Definition: wdfdevice.h:2654
#define TRUE
Definition: types.h:120
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:182
_In_ PVOID _Out_opt_ PULONG_PTR _Outptr_opt_ PCUNICODE_STRING * ObjectName
Definition: cmfuncs.h:62
_Must_inspect_result_ _In_ ULONG Flags
Definition: wsk.h:170
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE _In_ BOOLEAN _In_ BOOLEAN _In_ KPROCESSOR_MODE _In_opt_ GUID _Out_ PBOOLEAN GenerateOnClose
Definition: sefuncs.h:414
static GENERIC_MAPPING GenericMapping
Definition: SeInheritance.c:11
#define NULL
Definition: types.h:112
_Must_inspect_result_ NTSTATUS NTAPI SepAccessCheckAndAuditAlarm(_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ PHANDLE ClientTokenHandle, _In_ PUNICODE_STRING ObjectTypeName, _In_ PUNICODE_STRING ObjectName, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_opt_ PSID PrincipalSelfSid, _In_ ACCESS_MASK DesiredAccess, _In_ AUDIT_EVENT_TYPE AuditType, _In_ ULONG Flags, _In_reads_opt_(ObjectTypeListLength) POBJECT_TYPE_LIST ObjectTypeList, _In_ ULONG ObjectTypeListLength, _In_ PGENERIC_MAPPING GenericMapping, _Out_writes_(ObjectTypeListLength) PACCESS_MASK GrantedAccessList, _Out_writes_(ObjectTypeListLength) PNTSTATUS AccessStatusList, _Out_ PBOOLEAN GenerateOnClose, _In_ BOOLEAN UseResultList)
Definition: audit.c:371

◆ NtAccessCheckByTypeResultListAndAuditAlarmByHandle()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAccessCheckByTypeResultListAndAuditAlarmByHandle ( _In_ PUNICODE_STRING  SubsystemName,
_In_opt_ PVOID  HandleId,
_In_ HANDLE  ClientToken,
_In_ PUNICODE_STRING  ObjectTypeName,
_In_ PUNICODE_STRING  ObjectName,
_In_ PSECURITY_DESCRIPTOR  SecurityDescriptor,
_In_opt_ PSID  PrincipalSelfSid,
_In_ ACCESS_MASK  DesiredAccess,
_In_ AUDIT_EVENT_TYPE  AuditType,
_In_ ULONG  Flags,
_In_reads_opt_(ObjectTypeListLength) POBJECT_TYPE_LIST  ObjectTypeList,
_In_ ULONG  ObjectTypeListLength,
_In_ PGENERIC_MAPPING  GenericMapping,
_In_ BOOLEAN  ObjectCreation,
_Out_writes_(ObjectTypeListLength) PACCESS_MASK  GrantedAccess,
_Out_writes_(ObjectTypeListLength) PNTSTATUS  AccessStatus,
_Out_ PBOOLEAN  GenerateOnClose 
)

Definition at line 1527 of file audit.c.

1545 {
1546  UNREFERENCED_PARAMETER(ObjectCreation);
1547 
1548  /* Call the internal function */
1549  return SepAccessCheckAndAuditAlarm(SubsystemName,
1550  HandleId,
1551  &ClientToken,
1553  ObjectName,
1555  PrincipalSelfSid,
1556  DesiredAccess,
1557  AuditType,
1558  Flags,
1559  ObjectTypeList,
1560  ObjectTypeListLength,
1562  GrantedAccessList,
1563  AccessStatusList,
1565  TRUE);
1566 }
static POBJECTS_AND_NAME_A SE_OBJECT_TYPE LPSTR ObjectTypeName
Definition: security.c:77
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
Definition: wdfdevice.h:2654
#define TRUE
Definition: types.h:120
#define UNREFERENCED_PARAMETER(P)
Definition: ntbasedef.h:317
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:182
_In_ PVOID _Out_opt_ PULONG_PTR _Outptr_opt_ PCUNICODE_STRING * ObjectName
Definition: cmfuncs.h:62
_Must_inspect_result_ _In_ ULONG Flags
Definition: wsk.h:170
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE _In_ BOOLEAN _In_ BOOLEAN _In_ KPROCESSOR_MODE _In_opt_ GUID _Out_ PBOOLEAN GenerateOnClose
Definition: sefuncs.h:414
static GENERIC_MAPPING GenericMapping
Definition: SeInheritance.c:11
_Must_inspect_result_ NTSTATUS NTAPI SepAccessCheckAndAuditAlarm(_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ PHANDLE ClientTokenHandle, _In_ PUNICODE_STRING ObjectTypeName, _In_ PUNICODE_STRING ObjectName, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_opt_ PSID PrincipalSelfSid, _In_ ACCESS_MASK DesiredAccess, _In_ AUDIT_EVENT_TYPE AuditType, _In_ ULONG Flags, _In_reads_opt_(ObjectTypeListLength) POBJECT_TYPE_LIST ObjectTypeList, _In_ ULONG ObjectTypeListLength, _In_ PGENERIC_MAPPING GenericMapping, _Out_writes_(ObjectTypeListLength) PACCESS_MASK GrantedAccessList, _Out_writes_(ObjectTypeListLength) PNTSTATUS AccessStatusList, _Out_ PBOOLEAN GenerateOnClose, _In_ BOOLEAN UseResultList)
Definition: audit.c:371

◆ NtAdjustGroupsToken()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAdjustGroupsToken ( _In_ HANDLE  TokenHandle,
_In_ BOOLEAN  ResetToDefault,
_In_opt_ PTOKEN_GROUPS  NewState,
_In_opt_ ULONG  BufferLength,
_Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_GROUPS  PreviousState,
_Out_ PULONG  ReturnLength 
)

◆ NtAdjustPrivilegesToken()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAdjustPrivilegesToken ( _In_ HANDLE  TokenHandle,
_In_ BOOLEAN  DisableAllPrivileges,
_In_opt_ PTOKEN_PRIVILEGES  NewState,
_In_ ULONG  BufferLength,
_Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_PRIVILEGES  PreviousState,
_When_(PreviousState !=NULL, _Out_) PULONG  ReturnLength 
)

◆ NtCloseObjectAuditAlarm()

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtCloseObjectAuditAlarm ( _In_ PUNICODE_STRING  SubsystemName,
_In_opt_ PVOID  HandleId,
_In_ BOOLEAN  GenerateOnClose 
)

◆ NtCreateFile()

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtCreateFile ( _Out_ PHANDLE  FileHandle,
_In_ ACCESS_MASK  DesiredAccess,
_In_ POBJECT_ATTRIBUTES  ObjectAttributes,
_Out_ PIO_STATUS_BLOCK  IoStatusBlock,
_In_opt_ PLARGE_INTEGER  AllocationSize,
_In_ ULONG  FileAttributes,
_In_ ULONG  ShareAccess,
_In_ ULONG  CreateDisposition,
_In_ ULONG  CreateOptions,
_In_reads_bytes_opt_(EaLength) PVOID  EaBuffer,
_In_ ULONG  EaLength 
)

◆ NtCreateSection()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtCreateSection ( _Out_ PHANDLE  SectionHandle,
_In_ ACCESS_MASK  DesiredAccess,
_In_opt_ POBJECT_ATTRIBUTES  ObjectAttributes,
_In_opt_ PLARGE_INTEGER  MaximumSize,
_In_ ULONG  SectionPageProtection,
_In_ ULONG  AllocationAttributes,
_In_opt_ HANDLE  FileHandle 
)

◆ NtDeleteObjectAuditAlarm()

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtDeleteObjectAuditAlarm ( _In_ PUNICODE_STRING  SubsystemName,
_In_opt_ PVOID  HandleId,
_In_ BOOLEAN  GenerateOnClose 
)

◆ NtDeviceIoControlFile()

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtDeviceIoControlFile ( _In_ HANDLE  FileHandle,
_In_opt_ HANDLE  Event,
_In_opt_ PIO_APC_ROUTINE  ApcRoutine,
_In_opt_ PVOID  ApcContext,
_Out_ PIO_STATUS_BLOCK  IoStatusBlock,
_In_ ULONG  IoControlCode,
_In_reads_bytes_opt_(InputBufferLength) PVOID  InputBuffer,
_In_ ULONG  InputBufferLength,
_Out_writes_bytes_opt_(OutputBufferLength) PVOID  OutputBuffer,
_In_ ULONG  OutputBufferLength 
)

◆ NtDuplicateToken()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtDuplicateToken ( _In_ HANDLE  ExistingTokenHandle,
_In_ ACCESS_MASK  DesiredAccess,
_In_opt_ POBJECT_ATTRIBUTES  ObjectAttributes,
_In_ BOOLEAN  EffectiveOnly,
_In_ TOKEN_TYPE  TokenType,
_Out_ PHANDLE  NewTokenHandle 
)

Definition at line 3484 of file token.c.

3491 {
3493  HANDLE hToken;
3494  PTOKEN Token;
3495  PTOKEN NewToken;
3496  PSECURITY_QUALITY_OF_SERVICE CapturedSecurityQualityOfService;
3497  BOOLEAN QoSPresent;
3499  NTSTATUS Status;
3500 
3501  PAGED_CODE();
3502 
3503  if (TokenType != TokenImpersonation &&
3505  {
3506  return STATUS_INVALID_PARAMETER;
3507  }
3508 
3510 
3511  if (PreviousMode != KernelMode)
3512  {
3513  _SEH2_TRY
3514  {
3516  }
3518  {
3519  /* Return the exception code */
3521  }
3522  _SEH2_END;
3523  }
3524 
3526  PreviousMode,
3527  PagedPool,
3528  FALSE,
3529  &CapturedSecurityQualityOfService,
3530  &QoSPresent);
3531  if (!NT_SUCCESS(Status))
3532  {
3533  DPRINT1("NtDuplicateToken() failed to capture QoS! Status: 0x%x\n", Status);
3534  return Status;
3535  }
3536 
3537  Status = ObReferenceObjectByHandle(ExistingTokenHandle,
3540  PreviousMode,
3541  (PVOID*)&Token,
3543  if (!NT_SUCCESS(Status))
3544  {
3545  DPRINT1("Failed to reference token (Status 0x%lx)\n", Status);
3546  SepReleaseSecurityQualityOfService(CapturedSecurityQualityOfService,
3547  PreviousMode,
3548  FALSE);
3549  return Status;
3550  }
3551 
3552  /*
3553  * Fail, if the original token is an impersonation token and the caller
3554  * tries to raise the impersonation level of the new token above the
3555  * impersonation level of the original token.
3556  */
3557  if (Token->TokenType == TokenImpersonation)
3558  {
3559  if (QoSPresent &&
3560  CapturedSecurityQualityOfService->ImpersonationLevel >Token->ImpersonationLevel)
3561  {
3563  SepReleaseSecurityQualityOfService(CapturedSecurityQualityOfService,
3564  PreviousMode,
3565  FALSE);
3567  }
3568  }
3569 
3570  /*
3571  * Fail, if a primary token is to be created from an impersonation token
3572  * and and the impersonation level of the impersonation token is below SecurityImpersonation.
3573  */
3574  if (Token->TokenType == TokenImpersonation &&
3575  TokenType == TokenPrimary &&
3576  Token->ImpersonationLevel < SecurityImpersonation)
3577  {
3579  SepReleaseSecurityQualityOfService(CapturedSecurityQualityOfService,
3580  PreviousMode,
3581  FALSE);
3583  }
3584 
3587  EffectiveOnly,
3588  TokenType,
3589  (QoSPresent ? CapturedSecurityQualityOfService->ImpersonationLevel : SecurityAnonymous),
3590  PreviousMode,
3591  &NewToken);
3592 
3594 
3595  if (NT_SUCCESS(Status))
3596  {
3597  Status = ObInsertObject(NewToken,
3598  NULL,
3599  (DesiredAccess ? DesiredAccess : HandleInformation.GrantedAccess),
3600  0,
3601  NULL,
3602  &hToken);
3603  if (NT_SUCCESS(Status))
3604  {
3605  _SEH2_TRY
3606  {
3607  *NewTokenHandle = hToken;
3608  }
3610  {
3612  }
3613  _SEH2_END;
3614  }
3615  }
3616 
3617  /* Free the captured structure */
3618  SepReleaseSecurityQualityOfService(CapturedSecurityQualityOfService,
3619  PreviousMode,
3620  FALSE);
3621 
3622  return Status;
3623 }
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:35
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
Definition: wdfdevice.h:2654
#define STATUS_BAD_IMPERSONATION_LEVEL
Definition: ntstatus.h:401
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
#define KeGetPreviousMode()
Definition: ketypes.h:1107
LONG NTSTATUS
Definition: precomp.h:26
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
NTSTATUS NTAPI SepCaptureSecurityQualityOfService(IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN KPROCESSOR_MODE AccessMode, IN POOL_TYPE PoolType, IN BOOLEAN CaptureIfKernel, OUT PSECURITY_QUALITY_OF_SERVICE *CapturedSecurityQualityOfService, OUT PBOOLEAN Present)
Definition: sd.c:221
_SEH2_TRY
Definition: create.c:4226
NTSTATUS NTAPI SepDuplicateToken(_In_ PTOKEN Token, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ BOOLEAN EffectiveOnly, _In_ TOKEN_TYPE TokenType, _In_ SECURITY_IMPERSONATION_LEVEL Level, _In_ KPROCESSOR_MODE PreviousMode, _Out_ PTOKEN *NewAccessToken)
Definition: token.c:794
NTSTATUS NTAPI ObReferenceObjectByHandle(IN HANDLE Handle, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation OPTIONAL)
Definition: obref.c:494
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE _Out_ PHANDLE NewTokenHandle
Definition: sefuncs.h:417
#define FALSE
Definition: types.h:117
unsigned char BOOLEAN
POBJECT_TYPE SeTokenObjectType
Definition: token.c:28
Status
Definition: gdiplustypes.h:24
_In_ KPROCESSOR_MODE PreviousMode
Definition: sefuncs.h:103
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
#define ObDereferenceObject
Definition: obfuncs.h:203
#define ProbeForWriteHandle(Ptr)
Definition: probe.h:43
_In_ ACCESS_MASK _In_opt_ POBJECT_TYPE _In_ KPROCESSOR_MODE _Out_ PVOID _Out_opt_ POBJECT_HANDLE_INFORMATION HandleInformation
Definition: obfuncs.h:40
VOID NTAPI SepReleaseSecurityQualityOfService(IN PSECURITY_QUALITY_OF_SERVICE CapturedSecurityQualityOfService OPTIONAL, IN KPROCESSOR_MODE AccessMode, IN BOOLEAN CaptureIfKernel)
Definition: sd.c:377
CCHAR KPROCESSOR_MODE
Definition: ketypes.h:7
#define TOKEN_DUPLICATE
Definition: setypes.h:872
_SEH2_END
Definition: create.c:4400
NTSTATUS NTAPI ObInsertObject(IN PVOID Object, IN PACCESS_STATE AccessState OPTIONAL, IN ACCESS_MASK DesiredAccess, IN ULONG ObjectPointerBias, OUT PVOID *NewObject OPTIONAL, OUT PHANDLE Handle)
Definition: obhandle.c:2931
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
Definition: lsa.idl:65
#define NULL
Definition: types.h:112
#define DPRINT1
Definition: precomp.h:8
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:40
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:165
#define _SEH2_YIELD(__stmt)
Definition: pseh2_64.h:168
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN EffectiveOnly
Definition: sefuncs.h:417
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE TokenType
Definition: sefuncs.h:417
#define PAGED_CODE()

Referenced by CreateProcessAsUserCommon(), DuplicateTokenEx(), and ImpersonateLoggedOnUser().

◆ NtFilterToken()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtFilterToken ( _In_ HANDLE  ExistingTokenHandle,
_In_ ULONG  Flags,
_In_opt_ PTOKEN_GROUPS  SidsToDisable,
_In_opt_ PTOKEN_PRIVILEGES  PrivilegesToDelete,
_In_opt_ PTOKEN_GROUPS  RestrictedSids,
_Out_ PHANDLE  NewTokenHandle 
)

◆ NtFsControlFile()

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtFsControlFile ( _In_ HANDLE  FileHandle,
_In_opt_ HANDLE  Event,
_In_opt_ PIO_APC_ROUTINE  ApcRoutine,
_In_opt_ PVOID  ApcContext,
_Out_ PIO_STATUS_BLOCK  IoStatusBlock,
_In_ ULONG  FsControlCode,
_In_reads_bytes_opt_(InputBufferLength) PVOID  InputBuffer,
_In_ ULONG  InputBufferLength,
_Out_writes_bytes_opt_(OutputBufferLength) PVOID  OutputBuffer,
_In_ ULONG  OutputBufferLength 
)

◆ NtImpersonateAnonymousToken()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtImpersonateAnonymousToken ( _In_ HANDLE  ThreadHandle)

Allows the calling thread to impersonate the system's anonymous logon token.

Parameters
[in]ThreadHandleA handle to the thread to start the procedure of logon token impersonation. The thread must have the THREAD_IMPERSONATE access right.
Returns
Returns STATUS_SUCCESS if the thread has successfully impersonated the anonymous logon token, otherwise a failure NTSTATUS code is returned.
Remarks
By default the system gives the opportunity to the caller to impersonate the anonymous logon token without including the Everyone Group SID. In cases where the caller wants to impersonate the token including such group, the EveryoneIncludesAnonymous registry value setting has to be set to 1, from HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa registry path. The calling thread must invoke PsRevertToSelf when impersonation is no longer needed or RevertToSelf if the calling execution is done in user mode.

Definition at line 4551 of file token.c.

4553 {
4554  PETHREAD Thread;
4556  NTSTATUS Status;
4557  PAGED_CODE();
4558 
4560 
4561  /* Obtain the thread object from the handle */
4562  Status = ObReferenceObjectByHandle(ThreadHandle,
4564  PsThreadType,
4565  PreviousMode,
4566  (PVOID*)&Thread,
4567  NULL);
4568  if (!NT_SUCCESS(Status))
4569  {
4570  DPRINT1("NtImpersonateAnonymousToken(): Failed to reference the object (Status 0x%lx)\n", Status);
4571  return Status;
4572  }
4573 
4574  /* Call the private routine to impersonate the token */
4576  if (!NT_SUCCESS(Status))
4577  {
4578  DPRINT1("NtImpersonateAnonymousToken(): Failed to impersonate the token (Status 0x%lx)\n", Status);
4579  }
4580 
4582  return Status;
4583 }
#define THREAD_IMPERSONATE
Definition: pstypes.h:151
LONG NTSTATUS
Definition: precomp.h:26
static NTSTATUS SepImpersonateAnonymousToken(_In_ PETHREAD Thread, _In_ KPROCESSOR_MODE PreviousMode)
Private function that impersonates the system's anonymous logon token. The major bulk of the imperson...
Definition: token.c:388
KPROCESSOR_MODE NTAPI ExGetPreviousMode(VOID)
Definition: sysinfo.c:3066
NTSTATUS NTAPI ObReferenceObjectByHandle(IN HANDLE Handle, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation OPTIONAL)
Definition: obref.c:494
Status
Definition: gdiplustypes.h:24
_In_ KPROCESSOR_MODE PreviousMode
Definition: sefuncs.h:103
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
#define ObDereferenceObject
Definition: obfuncs.h:203
_In_opt_ PFILE_OBJECT _In_opt_ PETHREAD Thread
Definition: fltkernel.h:2653
CCHAR KPROCESSOR_MODE
Definition: ketypes.h:7
POBJECT_TYPE PsThreadType
Definition: thread.c:20
#define NULL
Definition: types.h:112
#define DPRINT1
Definition: precomp.h:8
#define PAGED_CODE()

Referenced by ImpersonateAnonymousToken(), and START_TEST().

◆ NtLockFile()

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtLockFile ( _In_ HANDLE  FileHandle,
_In_opt_ HANDLE  Event,
_In_opt_ PIO_APC_ROUTINE  ApcRoutine,
_In_opt_ PVOID  ApcContext,
_Out_ PIO_STATUS_BLOCK  IoStatusBlock,
_In_ PLARGE_INTEGER  ByteOffset,
_In_ PLARGE_INTEGER  Length,
_In_ ULONG  Key,
_In_ BOOLEAN  FailImmediately,
_In_ BOOLEAN  ExclusiveLock 
)

◆ NtOpenFile()

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtOpenFile ( _Out_ PHANDLE  FileHandle,
_In_ ACCESS_MASK  DesiredAccess,
_In_ POBJECT_ATTRIBUTES  ObjectAttributes,
_Out_ PIO_STATUS_BLOCK  IoStatusBlock,
_In_ ULONG  ShareAccess,
_In_ ULONG  OpenOptions 
)

◆ NtOpenJobObjectToken()

_Must_inspect_result_ NTSYSAPI NTSTATUS NTAPI NtOpenJobObjectToken ( _In_ HANDLE  JobHandle,
_In_ ACCESS_MASK  DesiredAccess,
_Out_ PHANDLE  TokenHandle 
)

◆ NtOpenObjectAuditAlarm()

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtOpenObjectAuditAlarm ( _In_ PUNICODE_STRING  SubsystemName,
_In_opt_ PVOID  HandleId,
_In_ PUNICODE_STRING  ObjectTypeName,
_In_ PUNICODE_STRING  ObjectName,
_In_opt_ PSECURITY_DESCRIPTOR  SecurityDescriptor,
_In_ HANDLE  ClientToken,
_In_ ACCESS_MASK  DesiredAccess,
_In_ ACCESS_MASK  GrantedAccess,
_In_opt_ PPRIVILEGE_SET  Privileges,
_In_ BOOLEAN  ObjectCreation,
_In_ BOOLEAN  AccessGranted,
_Out_ PBOOLEAN  GenerateOnClose 
)

Definition at line 1001 of file audit.c.

1014 {
1015  PTOKEN ClientToken;
1016  PSECURITY_DESCRIPTOR CapturedSecurityDescriptor;
1017  UNICODE_STRING CapturedSubsystemName, CapturedObjectTypeName, CapturedObjectName;
1018  ULONG PrivilegeCount, PrivilegeSetSize;
1019  volatile PPRIVILEGE_SET CapturedPrivilegeSet;
1020  BOOLEAN LocalGenerateOnClose;
1021  PVOID CapturedHandleId;
1023  NTSTATUS Status;
1024  PAGED_CODE();
1025 
1026  /* Only user mode is supported! */
1028 
1029  /* Start clean */
1030  ClientToken = NULL;
1031  CapturedSecurityDescriptor = NULL;
1032  CapturedPrivilegeSet = NULL;
1033  CapturedSubsystemName.Buffer = NULL;
1034  CapturedObjectTypeName.Buffer = NULL;
1035  CapturedObjectName.Buffer = NULL;
1036 
1037  /* Reference the client token */
1038  Status = ObReferenceObjectByHandle(ClientTokenHandle,
1039  TOKEN_QUERY,
1041  UserMode,
1042  (PVOID*)&ClientToken,
1043  NULL);
1044  if (!NT_SUCCESS(Status))
1045  {
1046  DPRINT1("Failed to reference token handle %p: %lx\n",
1047  ClientTokenHandle, Status);
1048  return Status;
1049  }
1050 
1051  /* Capture the security subject context */
1053 
1054  /* Validate the token's impersonation level */
1055  if ((ClientToken->TokenType == TokenImpersonation) &&
1056  (ClientToken->ImpersonationLevel < SecurityIdentification))
1057  {
1058  DPRINT1("Invalid impersonation level (%u)\n", ClientToken->ImpersonationLevel);
1060  goto Cleanup;
1061  }
1062 
1063  /* Check for audit privilege */
1065  {
1066  DPRINT1("Caller does not have SeAuditPrivilege\n");
1068  goto Cleanup;
1069  }
1070 
1071  /* Check for NULL SecurityDescriptor */
1072  if (SecurityDescriptor == NULL)
1073  {
1074  /* Nothing to do */
1076  goto Cleanup;
1077  }
1078 
1079  /* Capture the security descriptor */
1081  UserMode,
1082  PagedPool,
1083  FALSE,
1084  &CapturedSecurityDescriptor);
1085  if (!NT_SUCCESS(Status))
1086  {
1087  DPRINT1("Failed to capture security descriptor!\n");
1088  goto Cleanup;
1089  }
1090 
1091  _SEH2_TRY
1092  {
1093  /* Check if we have a privilege set */
1094  if (PrivilegeSet != NULL)
1095  {
1096  /* Probe the basic privilege set structure */
1097  ProbeForRead(PrivilegeSet, sizeof(PRIVILEGE_SET), sizeof(ULONG));
1098 
1099  /* Validate privilege count */
1100  PrivilegeCount = PrivilegeSet->PrivilegeCount;
1101  if (PrivilegeCount > SEP_PRIVILEGE_SET_MAX_COUNT)
1102  {
1104  _SEH2_YIELD(goto Cleanup);
1105  }
1106 
1107  /* Calculate the size of the PrivilegeSet structure */
1108  PrivilegeSetSize = FIELD_OFFSET(PRIVILEGE_SET, Privilege[PrivilegeCount]);
1109 
1110  /* Probe the whole structure */
1111  ProbeForRead(PrivilegeSet, PrivilegeSetSize, sizeof(ULONG));
1112 
1113  /* Allocate a temp buffer */
1114  CapturedPrivilegeSet = ExAllocatePoolWithTag(PagedPool,
1115  PrivilegeSetSize,
1117  if (CapturedPrivilegeSet == NULL)
1118  {
1119  DPRINT1("Failed to allocate %u bytes\n", PrivilegeSetSize);
1121  _SEH2_YIELD(goto Cleanup);
1122  }
1123 
1124  /* Copy the privileges */
1125  RtlCopyMemory(CapturedPrivilegeSet, PrivilegeSet, PrivilegeSetSize);
1126  }
1127 
1128  if (HandleId != NULL)
1129  {
1130  ProbeForRead(HandleId, sizeof(PVOID), sizeof(PVOID));
1131  CapturedHandleId = *(PVOID*)HandleId;
1132  }
1133 
1134  ProbeForWrite(GenerateOnClose, sizeof(BOOLEAN), sizeof(BOOLEAN));
1135  }
1137  {
1139  DPRINT1("Exception while probing parameters: 0x%lx\n", Status);
1140  _SEH2_YIELD(goto Cleanup);
1141  }
1142  _SEH2_END;
1143 
1144  /* Probe and capture the subsystem name */
1145  Status = ProbeAndCaptureUnicodeString(&CapturedSubsystemName,
1146  UserMode,
1147  SubsystemName);
1148  if (!NT_SUCCESS(Status))
1149  {
1150  DPRINT1("Failed to capture subsystem name!\n");
1151  goto Cleanup;
1152  }
1153 
1154  /* Probe and capture the object type name */
1155  Status = ProbeAndCaptureUnicodeString(&CapturedObjectTypeName,
1156  UserMode,
1157  ObjectTypeName);
1158  if (!NT_SUCCESS(Status))
1159  {
1160  DPRINT1("Failed to capture object type name!\n");
1161  goto Cleanup;
1162  }
1163 
1164  /* Probe and capture the object name */
1165  Status = ProbeAndCaptureUnicodeString(&CapturedObjectName,
1166  UserMode,
1167  ObjectName);
1168  if (!NT_SUCCESS(Status))
1169  {
1170  DPRINT1("Failed to capture object name!\n");
1171  goto Cleanup;
1172  }
1173 
1174  /* Call the internal function */
1176  &CapturedSubsystemName,
1177  CapturedHandleId,
1178  &CapturedObjectTypeName,
1179  &CapturedObjectName,
1180  CapturedSecurityDescriptor,
1181  ClientToken,
1182  DesiredAccess,
1183  GrantedAccess,
1184  CapturedPrivilegeSet,
1185  ObjectCreation,
1186  AccessGranted,
1187  &LocalGenerateOnClose);
1188 
1190 
1191  /* Enter SEH to copy the data back to user mode */
1192  _SEH2_TRY
1193  {
1194  *GenerateOnClose = LocalGenerateOnClose;
1195  }
1197  {
1199  DPRINT1("Exception while copying back data: 0x%lx\n", Status);
1200  }
1201  _SEH2_END;
1202 
1203 Cleanup:
1204 
1205  if (CapturedObjectName.Buffer != NULL)
1206  ReleaseCapturedUnicodeString(&CapturedObjectName, UserMode);
1207 
1208  if (CapturedObjectTypeName.Buffer != NULL)
1209  ReleaseCapturedUnicodeString(&CapturedObjectTypeName, UserMode);
1210 
1211  if (CapturedSubsystemName.Buffer != NULL)
1212  ReleaseCapturedUnicodeString(&CapturedSubsystemName, UserMode);
1213 
1214  if (CapturedSecurityDescriptor != NULL)
1215  SeReleaseSecurityDescriptor(CapturedSecurityDescriptor, UserMode, FALSE);
1216 
1217  if (CapturedPrivilegeSet != NULL)
1218  ExFreePoolWithTag(CapturedPrivilegeSet, TAG_PRIVILEGE_SET);
1219 
1220  /* Release the security subject context */
1222 
1223  ObDereferenceObject(ClientToken);
1224 
1225  return Status;
1226 }
static __inline NTSTATUS ProbeAndCaptureUnicodeString(OUT PUNICODE_STRING Dest, IN KPROCESSOR_MODE CurrentMode, IN const UNICODE_STRING *UnsafeSrc)
Definition: probe.h:142
static POBJECTS_AND_NAME_A SE_OBJECT_TYPE LPSTR ObjectTypeName
Definition: security.c:77
TOKEN_TYPE TokenType
Definition: setypes.h:208
VOID NTAPI SeCaptureSubjectContext(OUT PSECURITY_SUBJECT_CONTEXT SubjectContext)
Definition: access.c:301
#define STATUS_PRIVILEGE_NOT_HELD
Definition: DriverTester.h:9
_Inout_ PLIST_ENTRY _In_ PVOID _In_ PSTRING _In_ BOOLEAN _In_ BOOLEAN _In_ ULONG _In_ PFLT_CALLBACK_DATA _In_opt_ PCHECK_FOR_TRAVERSE_ACCESS _In_opt_ PSECURITY_SUBJECT_CONTEXT SubjectContext
Definition: fltkernel.h:2239
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
Definition: wdfdevice.h:2654
VOID NTAPI SeReleaseSubjectContext(IN PSECURITY_SUBJECT_CONTEXT SubjectContext)
Definition: access.c:360
#define STATUS_BAD_IMPERSONATION_LEVEL
Definition: ntstatus.h:401
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:182
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
LONG NTSTATUS
Definition: precomp.h:26
KPROCESSOR_MODE NTAPI ExGetPreviousMode(VOID)
Definition: sysinfo.c:3066
_In_ PVOID _Out_opt_ PULONG_PTR _Outptr_opt_ PCUNICODE_STRING * ObjectName
Definition: cmfuncs.h:62
#define SEP_PRIVILEGE_SET_MAX_COUNT
Definition: audit.c:17
VOID NTAPI ProbeForWrite(IN PVOID Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:143
NTSTATUS NTAPI SeReleaseSecurityDescriptor(IN PSECURITY_DESCRIPTOR CapturedSecurityDescriptor, IN KPROCESSOR_MODE CurrentMode, IN BOOLEAN CaptureIfKernelMode)
Definition: sd.c:780
_SEH2_TRY
Definition: create.c:4226
NTSTATUS NTAPI ObReferenceObjectByHandle(IN HANDLE Handle, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation OPTIONAL)
Definition: obref.c:494
#define FALSE
Definition: types.h:117
unsigned char BOOLEAN
POBJECT_TYPE SeTokenObjectType
Definition: token.c:28
Status
Definition: gdiplustypes.h:24
static __inline VOID ReleaseCapturedUnicodeString(IN PUNICODE_STRING CapturedString, IN KPROCESSOR_MODE CurrentMode)
Definition: probe.h:239
#define TOKEN_QUERY
Definition: setypes.h:874
#define ASSERT(a)
Definition: mode.c:45
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
#define ObDereferenceObject
Definition: obfuncs.h:203
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE _In_ BOOLEAN _In_ BOOLEAN _In_ KPROCESSOR_MODE _In_opt_ GUID _Out_ PBOOLEAN GenerateOnClose
Definition: sefuncs.h:414
BOOL Privilege(LPTSTR pszPrivilege, BOOL bEnable)
Definition: user_lib.cpp:531
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
VOID NTAPI ProbeForRead(IN CONST VOID *Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:102
static const WCHAR Cleanup[]
Definition: register.c:80
_SEH2_END
Definition: create.c:4400
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE _In_ BOOLEAN _In_ BOOLEAN AccessGranted
Definition: sefuncs.h:414
#define FIELD_OFFSET(t, f)
Definition: typedefs.h:255
#define NULL
Definition: types.h:112
BOOLEAN NTAPI SeCheckAuditPrivilege(_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, _In_ KPROCESSOR_MODE PreviousMode)
Definition: priv.c:253
#define DPRINT1
Definition: precomp.h:8
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
Definition: setypes.h:209
unsigned int ULONG
Definition: retypes.h:1
#define RtlCopyMemory(Destination, Source, Length)
Definition: typedefs.h:263
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:40
NTSTATUS NTAPI SeCaptureSecurityDescriptor(IN PSECURITY_DESCRIPTOR _OriginalSecurityDescriptor, IN KPROCESSOR_MODE CurrentMode, IN POOL_TYPE PoolType, IN BOOLEAN CaptureIfKernel, OUT PSECURITY_DESCRIPTOR *CapturedSecurityDescriptor)
Definition: sd.c:444
#define TAG_PRIVILEGE_SET
Definition: tag.h:179
#define STATUS_SUCCESS
Definition: shellext.h:65
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1099
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:165
#define _SEH2_YIELD(__stmt)
Definition: pseh2_64.h:168
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK GrantedAccess
Definition: sefuncs.h:13
VOID NTAPI SepOpenObjectAuditAlarm(_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, _In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ PUNICODE_STRING ObjectTypeName, _In_ PUNICODE_STRING ObjectName, _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ PTOKEN ClientToken, _In_ ACCESS_MASK DesiredAccess, _In_ ACCESS_MASK GrantedAccess, _In_opt_ PPRIVILEGE_SET Privileges, _In_ BOOLEAN ObjectCreation, _In_ BOOLEAN AccessGranted, _Out_ PBOOLEAN GenerateOnClose)
Definition: audit.c:967
#define PAGED_CODE()

Referenced by ObjectOpenAuditAlarmA(), and ObjectOpenAuditAlarmW().

◆ NtOpenProcessToken()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtOpenProcessToken ( _In_ HANDLE  ProcessHandle,
_In_ ACCESS_MASK  DesiredAccess,
_Out_ PHANDLE  TokenHandle 
)

◆ NtOpenProcessTokenEx()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtOpenProcessTokenEx ( _In_ HANDLE  ProcessHandle,
_In_ ACCESS_MASK  DesiredAccess,
_In_ ULONG  HandleAttributes,
_Out_ PHANDLE  TokenHandle 
)

◆ NtOpenThreadToken()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtOpenThreadToken ( _In_ HANDLE  ThreadHandle,
_In_ ACCESS_MASK  DesiredAccess,
_In_ BOOLEAN  OpenAsSelf,
_Out_ PHANDLE  TokenHandle 
)

◆ NtOpenThreadTokenEx()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtOpenThreadTokenEx ( _In_ HANDLE  ThreadHandle,
_In_ ACCESS_MASK  DesiredAccess,
_In_ BOOLEAN  OpenAsSelf,
_In_ ULONG  HandleAttributes,
_Out_ PHANDLE  TokenHandle 
)

◆ NtPrivilegeCheck()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtPrivilegeCheck ( _In_ HANDLE  ClientToken,
_Inout_ PPRIVILEGE_SET  RequiredPrivileges,
_Out_ PBOOLEAN  Result 
)

◆ NtPrivilegedServiceAuditAlarm()

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtPrivilegedServiceAuditAlarm ( _In_ PUNICODE_STRING  SubsystemName,
_In_ PUNICODE_STRING  ServiceName,
_In_ HANDLE  ClientToken,
_In_ PPRIVILEGE_SET  Privileges,
_In_ BOOLEAN  AccessGranted 
)

◆ NtPrivilegeObjectAuditAlarm()

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtPrivilegeObjectAuditAlarm ( _In_ PUNICODE_STRING  SubsystemName,
_In_opt_ PVOID  HandleId,
_In_ HANDLE  ClientToken,
_In_ ACCESS_MASK  DesiredAccess,
_In_ PPRIVILEGE_SET  Privileges,
_In_ BOOLEAN  AccessGranted 
)

◆ NtQueryDirectoryFile()

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtQueryDirectoryFile ( _In_ HANDLE  FileHandle,
_In_opt_ HANDLE  Event,
_In_opt_ PIO_APC_ROUTINE  ApcRoutine,
_In_opt_ PVOID  ApcContext,
_Out_ PIO_STATUS_BLOCK  IoStatusBlock,
_Out_writes_bytes_(Length) PVOID  FileInformation,
_In_ ULONG  Length,
_In_ FILE_INFORMATION_CLASS  FileInformationClass,
_In_ BOOLEAN  ReturnSingleEntry,
_In_opt_ PUNICODE_STRING  FileName,
_In_ BOOLEAN  RestartScan 
)

◆ NtQueryInformationFile()

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtQueryInformationFile ( _In_ HANDLE  FileHandle,
_Out_ PIO_STATUS_BLOCK  IoStatusBlock,
_Out_writes_bytes_(Length) PVOID  FileInformation,
_In_ ULONG  Length,
_In_ FILE_INFORMATION_CLASS  FileInformationClass 
)

◆ NtQueryQuotaInformationFile()

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtQueryQuotaInformationFile ( _In_ HANDLE  FileHandle,
_Out_ PIO_STATUS_BLOCK  IoStatusBlock,
_Out_writes_bytes