ReactOS 0.4.15-dev-7788-g1ad9096
ntifs.template.h File Reference
#include <ntddk.h>
#include <excpt.h>
#include <ntdef.h>
#include <ntnls.h>
#include <ntstatus.h>
#include <bugcodes.h>
#include <ntiologc.h>
#include <guiddef.h>
#include "csq.h"
Include dependency graph for ntifs.template.h:

Go to the source code of this file.

Classes

struct  _MSV1_0_INTERACTIVE_LOGON
 
struct  _MSV1_0_INTERACTIVE_PROFILE
 
struct  _MSV1_0_LM20_LOGON
 
struct  _MSV1_0_SUBAUTH_LOGON
 
struct  _MSV1_0_LM20_LOGON_PROFILE
 
struct  _MSV1_0_SUPPLEMENTAL_CREDENTIAL
 
struct  _MSV1_0_NTLM3_RESPONSE
 
struct  _MSV1_0_AV_PAIR
 
struct  _MSV1_0_LM20_CHALLENGE_REQUEST
 
struct  _MSV1_0_LM20_CHALLENGE_RESPONSE
 
struct  _MSV1_0_GETCHALLENRESP_REQUEST_V1
 
struct  _MSV1_0_GETCHALLENRESP_REQUEST
 
struct  _MSV1_0_GETCHALLENRESP_RESPONSE
 
struct  _MSV1_0_ENUMUSERS_REQUEST
 
struct  _MSV1_0_ENUMUSERS_RESPONSE
 
struct  _MSV1_0_GETUSERINFO_REQUEST
 
struct  _MSV1_0_GETUSERINFO_RESPONSE
 
struct  _PUBLIC_OBJECT_TYPE_INFORMATION
 
struct  _NETWORK_OPEN_ECP_CONTEXT
 
struct  _NETWORK_OPEN_ECP_CONTEXT_V0
 
struct  _PREFETCH_OPEN_ECP_CONTEXT
 
struct  _NFS_OPEN_ECP_CONTEXT
 
struct  _SRV_OPEN_ECP_CONTEXT
 
struct  _QUERY_PATH_REQUEST
 
struct  _QUERY_PATH_REQUEST_EX
 
struct  _QUERY_PATH_RESPONSE
 
struct  _OBJECT_BASIC_INFORMATION
 
struct  _FILE_COPY_ON_WRITE_INFORMATION
 
struct  _FILE_FULL_DIRECTORY_INFORMATION
 
struct  _FILE_SHARED_LOCK_ENTRY
 
struct  _FILE_EXCLUSIVE_LOCK_ENTRY
 
struct  _FILE_MAILSLOT_PEEK_BUFFER
 
struct  _FILE_OLE_CLASSID_INFORMATION
 
struct  _FILE_OLE_ALL_INFORMATION
 
struct  _FILE_OLE_DIR_INFORMATION
 
struct  _FILE_OLE_INFORMATION
 
struct  _FILE_OLE_STATE_BITS_INFORMATION
 
struct  _MAPPING_PAIR
 
struct  _GET_RETRIEVAL_DESCRIPTOR
 
struct  _MOVEFILE_DESCRIPTOR
 
struct  _OBJECT_BASIC_INFO
 
struct  _OBJECT_HANDLE_ATTRIBUTE_INFO
 
struct  _OBJECT_NAME_INFO
 
struct  _OBJECT_PROTECTION_INFO
 
struct  _OBJECT_TYPE_INFO
 
struct  _OBJECT_ALL_TYPES_INFO
 
struct  _PORT_MESSAGE
 
struct  _PORT_VIEW
 
struct  _REMOTE_PORT_VIEW
 
struct  _VAD_HEADER
 

Macros

#define _NTIFS_INCLUDED_
 
#define _GNU_NTIFS_
 
#define FlagOn(_F, _SF)   ((_F) & (_SF))
 
#define BooleanFlagOn(F, SF)   ((BOOLEAN)(((F) & (SF)) != 0))
 
#define SetFlag(_F, _SF)   ((_F) |= (_SF))
 
#define ClearFlag(_F, _SF)   ((_F) &= ~(_SF))
 
#define COMPRESSION_FORMAT_NONE   (0x0000)
 
#define COMPRESSION_FORMAT_DEFAULT   (0x0001)
 
#define COMPRESSION_FORMAT_LZNT1   (0x0002)
 
#define COMPRESSION_ENGINE_STANDARD   (0x0000)
 
#define COMPRESSION_ENGINE_MAXIMUM   (0x0100)
 
#define COMPRESSION_ENGINE_HIBER   (0x0200)
 
#define MAX_UNICODE_STACK_BUFFER_LENGTH   256
 
#define METHOD_FROM_CTL_CODE(ctrlCode)   ((ULONG)(ctrlCode & 3))
 
#define METHOD_DIRECT_TO_HARDWARE   METHOD_IN_DIRECT
 
#define METHOD_DIRECT_FROM_HARDWARE   METHOD_OUT_DIRECT
 
#define _NTLSA_AUDIT_
 
#define _NTLSA_IFS_
 
#define MSV1_0_PACKAGE_NAME   "MICROSOFT_AUTHENTICATION_PACKAGE_V1_0"
 
#define MSV1_0_PACKAGE_NAMEW   L"MICROSOFT_AUTHENTICATION_PACKAGE_V1_0"
 
#define MSV1_0_PACKAGE_NAMEW_LENGTH   sizeof(MSV1_0_PACKAGE_NAMEW) - sizeof(WCHAR)
 
#define MSV1_0_SUBAUTHENTICATION_KEY   "SYSTEM\\CurrentControlSet\\Control\\Lsa\\MSV1_0"
 
#define MSV1_0_SUBAUTHENTICATION_VALUE   "Auth"
 
#define MSV1_0_CHALLENGE_LENGTH   8
 
#define MSV1_0_USER_SESSION_KEY_LENGTH   16
 
#define MSV1_0_LANMAN_SESSION_KEY_LENGTH   8
 
#define MSV1_0_CLEARTEXT_PASSWORD_ALLOWED   0x02
 
#define MSV1_0_UPDATE_LOGON_STATISTICS   0x04
 
#define MSV1_0_RETURN_USER_PARAMETERS   0x08
 
#define MSV1_0_DONT_TRY_GUEST_ACCOUNT   0x10
 
#define MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT   0x20
 
#define MSV1_0_RETURN_PASSWORD_EXPIRY   0x40
 
#define MSV1_0_USE_CLIENT_CHALLENGE   0x80
 
#define MSV1_0_TRY_GUEST_ACCOUNT_ONLY   0x100
 
#define MSV1_0_RETURN_PROFILE_PATH   0x200
 
#define MSV1_0_TRY_SPECIFIED_DOMAIN_ONLY   0x400
 
#define MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT   0x800
 
#define MSV1_0_DISABLE_PERSONAL_FALLBACK   0x00001000
 
#define MSV1_0_ALLOW_FORCE_GUEST   0x00002000
 
#define MSV1_0_SUBAUTHENTICATION_DLL_EX   0x00100000
 
#define MSV1_0_ALLOW_MSVCHAPV2   0x00010000
 
#define MSV1_0_SUBAUTHENTICATION_DLL   0xFF000000
 
#define MSV1_0_SUBAUTHENTICATION_DLL_SHIFT   24
 
#define MSV1_0_MNS_LOGON   0x01000000
 
#define MSV1_0_SUBAUTHENTICATION_DLL_RAS   2
 
#define MSV1_0_SUBAUTHENTICATION_DLL_IIS   132
 
#define LOGON_GUEST   0x01
 
#define LOGON_NOENCRYPTION   0x02
 
#define LOGON_CACHED_ACCOUNT   0x04
 
#define LOGON_USED_LM_PASSWORD   0x08
 
#define LOGON_EXTRA_SIDS   0x20
 
#define LOGON_SUBAUTH_SESSION_KEY   0x40
 
#define LOGON_SERVER_TRUST_ACCOUNT   0x80
 
#define LOGON_NTLMV2_ENABLED   0x100
 
#define LOGON_RESOURCE_GROUPS   0x200
 
#define LOGON_PROFILE_PATH_RETURNED   0x400
 
#define LOGON_NT_V2   0x800
 
#define LOGON_LM_V2   0x1000
 
#define LOGON_NTLM_V2   0x2000
 
#define MSV1_0_SUBAUTHENTICATION_FLAGS   0xFF000000
 
#define LOGON_GRACE_LOGON   0x01000000
 
#define MSV1_0_OWF_PASSWORD_LENGTH   16
 
#define MSV1_0_CRED_LM_PRESENT   0x1
 
#define MSV1_0_CRED_NT_PRESENT   0x2
 
#define MSV1_0_CRED_VERSION   0
 
#define MSV1_0_NTLM3_RESPONSE_LENGTH   16
 
#define MSV1_0_NTLM3_OWF_LENGTH   16
 
#define MSV1_0_MAX_NTLM3_LIFE   129600
 
#define MSV1_0_MAX_AVL_SIZE   64000
 
#define MSV1_0_NTLM3_INPUT_LENGTH   (sizeof(MSV1_0_NTLM3_RESPONSE) - MSV1_0_NTLM3_RESPONSE_LENGTH)
 
#define USE_PRIMARY_PASSWORD   0x01
 
#define RETURN_PRIMARY_USERNAME   0x02
 
#define RETURN_PRIMARY_LOGON_DOMAINNAME   0x04
 
#define RETURN_NON_NT_USER_SESSION_KEY   0x08
 
#define GENERATE_CLIENT_CHALLENGE   0x10
 
#define GCR_NTLM3_PARMS   0x20
 
#define GCR_TARGET_INFO   0x40
 
#define RETURN_RESERVED_PARAMETER   0x80
 
#define GCR_ALLOW_NTLM   0x100
 
#define GCR_USE_OEM_SET   0x200
 
#define GCR_MACHINE_CREDENTIAL   0x400
 
#define GCR_USE_OWF_PASSWORD   0x800
 
#define GCR_ALLOW_LM   0x1000
 
#define GCR_ALLOW_NO_TARGET   0x2000
 
#define SYSTEM_PAGE_PRIORITY_BITS   3
 
#define SYSTEM_PAGE_PRIORITY_LEVELS   (1 << SYSTEM_PAGE_PRIORITY_BITS)
 
#define NLS_OEM_LEAD_BYTE_INFO   (*NlsOemLeadByteInfo)
 
#define NETWORK_OPEN_ECP_IN_FLAG_DISABLE_HANDLE_COLLAPSING   0x1
 
#define NETWORK_OPEN_ECP_IN_FLAG_DISABLE_HANDLE_DURABILITY   0x2
 
#define NETWORK_OPEN_ECP_IN_FLAG_FORCE_BUFFERED_SYNCHRONOUS_IO_HACK   0x80000000
 
#define PIN_WAIT   (1)
 
#define PIN_EXCLUSIVE   (2)
 
#define PIN_NO_READ   (4)
 
#define PIN_IF_BCB   (8)
 
#define PIN_CALLER_TRACKS_DIRTY_DATA   (32)
 
#define PIN_HIGH_PRIORITY   (64)
 
#define MAP_WAIT   1
 
#define MAP_NO_READ   (16)
 
#define MAP_HIGH_PRIORITY   (64)
 
#define IOCTL_REDIR_QUERY_PATH   CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 99, METHOD_NEITHER, FILE_ANY_ACCESS)
 
#define IOCTL_REDIR_QUERY_PATH_EX   CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 100, METHOD_NEITHER, FILE_ANY_ACCESS)
 
#define VOLSNAPCONTROLTYPE   0x00000053
 
#define IOCTL_VOLSNAP_FLUSH_AND_HOLD_WRITES   CTL_CODE(VOLSNAPCONTROLTYPE, 0, METHOD_BUFFERED, FILE_READ_ACCESS | FILE_WRITE_ACCESS)
 
#define VER_PRODUCTBUILD   10000
 
#define FS_LFN_APIS   0x00004000
 
#define FILE_STORAGE_TYPE_SPECIFIED   0x00000041 /* FILE_DIRECTORY_FILE | FILE_NON_DIRECTORY_FILE */
 
#define FILE_STORAGE_TYPE_DEFAULT   (StorageTypeDefault << FILE_STORAGE_TYPE_SHIFT)
 
#define FILE_STORAGE_TYPE_DIRECTORY   (StorageTypeDirectory << FILE_STORAGE_TYPE_SHIFT)
 
#define FILE_STORAGE_TYPE_FILE   (StorageTypeFile << FILE_STORAGE_TYPE_SHIFT)
 
#define FILE_STORAGE_TYPE_DOCFILE   (StorageTypeDocfile << FILE_STORAGE_TYPE_SHIFT)
 
#define FILE_STORAGE_TYPE_JUNCTION_POINT   (StorageTypeJunctionPoint << FILE_STORAGE_TYPE_SHIFT)
 
#define FILE_STORAGE_TYPE_CATALOG   (StorageTypeCatalog << FILE_STORAGE_TYPE_SHIFT)
 
#define FILE_STORAGE_TYPE_STRUCTURED_STORAGE   (StorageTypeStructuredStorage << FILE_STORAGE_TYPE_SHIFT)
 
#define FILE_STORAGE_TYPE_EMBEDDING   (StorageTypeEmbedding << FILE_STORAGE_TYPE_SHIFT)
 
#define FILE_STORAGE_TYPE_STREAM   (StorageTypeStream << FILE_STORAGE_TYPE_SHIFT)
 
#define FILE_MINIMUM_STORAGE_TYPE   FILE_STORAGE_TYPE_DEFAULT
 
#define FILE_MAXIMUM_STORAGE_TYPE   FILE_STORAGE_TYPE_STREAM
 
#define FILE_STORAGE_TYPE_MASK   0x000f0000
 
#define FILE_STORAGE_TYPE_SHIFT   16
 
#define FILE_VC_QUOTAS_LOG_VIOLATIONS   0x00000004
 
#define IO_ATTACH_DEVICE_API   0x80000000
 
#define IO_TYPE_APC   18
 
#define IO_TYPE_DPC   19
 
#define IO_TYPE_DEVICE_QUEUE   20
 
#define IO_TYPE_EVENT_PAIR   21
 
#define IO_TYPE_INTERRUPT   22
 
#define IO_TYPE_PROFILE   23
 
#define IRP_BEING_VERIFIED   0x10
 
#define MAILSLOT_CLASS_FIRSTCLASS   1
 
#define MAILSLOT_CLASS_SECONDCLASS   2
 
#define MAILSLOT_SIZE_AUTO   0
 
#define MEM_DOS_LIM   0x40000000
 
#define OB_TYPE_TYPE   1
 
#define OB_TYPE_DIRECTORY   2
 
#define OB_TYPE_SYMBOLIC_LINK   3
 
#define OB_TYPE_TOKEN   4
 
#define OB_TYPE_PROCESS   5
 
#define OB_TYPE_THREAD   6
 
#define OB_TYPE_EVENT   7
 
#define OB_TYPE_EVENT_PAIR   8
 
#define OB_TYPE_MUTANT   9
 
#define OB_TYPE_SEMAPHORE   10
 
#define OB_TYPE_TIMER   11
 
#define OB_TYPE_PROFILE   12
 
#define OB_TYPE_WINDOW_STATION   13
 
#define OB_TYPE_DESKTOP   14
 
#define OB_TYPE_SECTION   15
 
#define OB_TYPE_KEY   16
 
#define OB_TYPE_PORT   17
 
#define OB_TYPE_ADAPTER   18
 
#define OB_TYPE_CONTROLLER   19
 
#define OB_TYPE_DEVICE   20
 
#define OB_TYPE_DRIVER   21
 
#define OB_TYPE_IO_COMPLETION   22
 
#define OB_TYPE_FILE   23
 
#define SEC_BASED   0x00200000
 
#define FSCTL_GET_HFS_INFORMATION   CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 31, METHOD_BUFFERED, FILE_ANY_ACCESS)
 
#define FSCTL_READ_PROPERTY_DATA   CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 33, METHOD_NEITHER, FILE_ANY_ACCESS)
 
#define FSCTL_WRITE_PROPERTY_DATA   CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 34, METHOD_NEITHER, FILE_ANY_ACCESS)
 
#define FSCTL_DUMP_PROPERTY_DATA   CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 37, METHOD_NEITHER, FILE_ANY_ACCESS)
 
#define FSCTL_HSM_MSG   CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 66, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA)
 
#define FSCTL_NSS_CONTROL   CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 67, METHOD_BUFFERED, FILE_WRITE_DATA)
 
#define FSCTL_HSM_DATA   CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 68, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA)
 
#define FSCTL_NSS_RCONTROL   CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 70, METHOD_BUFFERED, FILE_READ_DATA)
 
#define FSCTL_NETWORK_SET_CONFIGURATION_INFO   CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 102, METHOD_IN_DIRECT, FILE_ANY_ACCESS)
 
#define FSCTL_NETWORK_GET_CONFIGURATION_INFO   CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 103, METHOD_OUT_DIRECT, FILE_ANY_ACCESS)
 
#define FSCTL_NETWORK_GET_CONNECTION_INFO   CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 104, METHOD_NEITHER, FILE_ANY_ACCESS)
 
#define FSCTL_NETWORK_ENUMERATE_CONNECTIONS   CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 105, METHOD_NEITHER, FILE_ANY_ACCESS)
 
#define FSCTL_NETWORK_DELETE_CONNECTION   CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 107, METHOD_BUFFERED, FILE_ANY_ACCESS)
 
#define FSCTL_NETWORK_GET_STATISTICS   CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 116, METHOD_BUFFERED, FILE_ANY_ACCESS)
 
#define FSCTL_NETWORK_SET_DOMAIN_NAME   CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 120, METHOD_BUFFERED, FILE_ANY_ACCESS)
 
#define FSCTL_NETWORK_REMOTE_BOOT_INIT_SCRT   CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 250, METHOD_BUFFERED, FILE_ANY_ACCESS)
 
#define LPC_CLIENT_ID   CLIENT_ID
 
#define LPC_SIZE_T   SIZE_T
 
#define LPC_PVOID   PVOID
 
#define LPC_HANDLE   HANDLE
 
#define LPC_KERNELMODE_MESSAGE   (CSHORT)((USHORT)0x8000)
 
#define PsDereferenceImpersonationToken(T)
 
#define SeEnableAccessToExports()   SeExports = *(PSE_EXPORTS *)SeExports;
 

Typedefs

typedef STRING LSA_STRING
 
typedef STRINGPLSA_STRING
 
typedef OBJECT_ATTRIBUTES LSA_OBJECT_ATTRIBUTES
 
typedef OBJECT_ATTRIBUTESPLSA_OBJECT_ATTRIBUTES
 
typedef ULONG LSA_OPERATIONAL_MODE
 
typedef ULONGPLSA_OPERATIONAL_MODE
 
typedef enum _SECURITY_LOGON_TYPE SECURITY_LOGON_TYPE
 
typedef enum _SECURITY_LOGON_TYPEPSECURITY_LOGON_TYPE
 
typedef enum _MSV1_0_LOGON_SUBMIT_TYPE MSV1_0_LOGON_SUBMIT_TYPE
 
typedef enum _MSV1_0_LOGON_SUBMIT_TYPEPMSV1_0_LOGON_SUBMIT_TYPE
 
typedef enum _MSV1_0_PROFILE_BUFFER_TYPE MSV1_0_PROFILE_BUFFER_TYPE
 
typedef enum _MSV1_0_PROFILE_BUFFER_TYPEPMSV1_0_PROFILE_BUFFER_TYPE
 
typedef struct _MSV1_0_INTERACTIVE_LOGON MSV1_0_INTERACTIVE_LOGON
 
typedef struct _MSV1_0_INTERACTIVE_LOGONPMSV1_0_INTERACTIVE_LOGON
 
typedef struct _MSV1_0_INTERACTIVE_PROFILE MSV1_0_INTERACTIVE_PROFILE
 
typedef struct _MSV1_0_INTERACTIVE_PROFILEPMSV1_0_INTERACTIVE_PROFILE
 
typedef struct _MSV1_0_LM20_LOGON MSV1_0_LM20_LOGON
 
typedef struct _MSV1_0_LM20_LOGONPMSV1_0_LM20_LOGON
 
typedef struct _MSV1_0_SUBAUTH_LOGON MSV1_0_SUBAUTH_LOGON
 
typedef struct _MSV1_0_SUBAUTH_LOGONPMSV1_0_SUBAUTH_LOGON
 
typedef struct _MSV1_0_LM20_LOGON_PROFILE MSV1_0_LM20_LOGON_PROFILE
 
typedef struct _MSV1_0_LM20_LOGON_PROFILEPMSV1_0_LM20_LOGON_PROFILE
 
typedef struct _MSV1_0_SUPPLEMENTAL_CREDENTIAL MSV1_0_SUPPLEMENTAL_CREDENTIAL
 
typedef struct _MSV1_0_SUPPLEMENTAL_CREDENTIALPMSV1_0_SUPPLEMENTAL_CREDENTIAL
 
typedef struct _MSV1_0_NTLM3_RESPONSE MSV1_0_NTLM3_RESPONSE
 
typedef struct _MSV1_0_NTLM3_RESPONSEPMSV1_0_NTLM3_RESPONSE
 
typedef enum _MSV1_0_AVID MSV1_0_AVID
 
typedef struct _MSV1_0_AV_PAIR MSV1_0_AV_PAIR
 
typedef struct _MSV1_0_AV_PAIRPMSV1_0_AV_PAIR
 
typedef enum _MSV1_0_PROTOCOL_MESSAGE_TYPE MSV1_0_PROTOCOL_MESSAGE_TYPE
 
typedef enum _MSV1_0_PROTOCOL_MESSAGE_TYPEPMSV1_0_PROTOCOL_MESSAGE_TYPE
 
typedef struct _MSV1_0_LM20_CHALLENGE_REQUEST MSV1_0_LM20_CHALLENGE_REQUEST
 
typedef struct _MSV1_0_LM20_CHALLENGE_REQUESTPMSV1_0_LM20_CHALLENGE_REQUEST
 
typedef struct _MSV1_0_LM20_CHALLENGE_RESPONSE MSV1_0_LM20_CHALLENGE_RESPONSE
 
typedef struct _MSV1_0_LM20_CHALLENGE_RESPONSEPMSV1_0_LM20_CHALLENGE_RESPONSE
 
typedef struct _MSV1_0_GETCHALLENRESP_REQUEST_V1 MSV1_0_GETCHALLENRESP_REQUEST_V1
 
typedef struct _MSV1_0_GETCHALLENRESP_REQUEST_V1PMSV1_0_GETCHALLENRESP_REQUEST_V1
 
typedef struct _MSV1_0_GETCHALLENRESP_REQUEST MSV1_0_GETCHALLENRESP_REQUEST
 
typedef struct _MSV1_0_GETCHALLENRESP_REQUESTPMSV1_0_GETCHALLENRESP_REQUEST
 
typedef struct _MSV1_0_GETCHALLENRESP_RESPONSE MSV1_0_GETCHALLENRESP_RESPONSE
 
typedef struct _MSV1_0_GETCHALLENRESP_RESPONSEPMSV1_0_GETCHALLENRESP_RESPONSE
 
typedef struct _MSV1_0_ENUMUSERS_REQUEST MSV1_0_ENUMUSERS_REQUEST
 
typedef struct _MSV1_0_ENUMUSERS_REQUESTPMSV1_0_ENUMUSERS_REQUEST
 
typedef struct _MSV1_0_ENUMUSERS_RESPONSE MSV1_0_ENUMUSERS_RESPONSE
 
typedef struct _MSV1_0_ENUMUSERS_RESPONSEPMSV1_0_ENUMUSERS_RESPONSE
 
typedef struct _MSV1_0_GETUSERINFO_REQUEST MSV1_0_GETUSERINFO_REQUEST
 
typedef struct _MSV1_0_GETUSERINFO_REQUESTPMSV1_0_GETUSERINFO_REQUEST
 
typedef struct _MSV1_0_GETUSERINFO_RESPONSE MSV1_0_GETUSERINFO_RESPONSE
 
typedef struct _MSV1_0_GETUSERINFO_RESPONSEPMSV1_0_GETUSERINFO_RESPONSE
 
typedef struct _PUBLIC_OBJECT_TYPE_INFORMATION PUBLIC_OBJECT_TYPE_INFORMATION
 
typedef struct _PUBLIC_OBJECT_TYPE_INFORMATIONPPUBLIC_OBJECT_TYPE_INFORMATION
 
typedef enum _NETWORK_OPEN_LOCATION_QUALIFIER NETWORK_OPEN_LOCATION_QUALIFIER
 
typedef enum _NETWORK_OPEN_INTEGRITY_QUALIFIER NETWORK_OPEN_INTEGRITY_QUALIFIER
 
typedef struct _NETWORK_OPEN_ECP_CONTEXT NETWORK_OPEN_ECP_CONTEXT
 
typedef struct _NETWORK_OPEN_ECP_CONTEXTPNETWORK_OPEN_ECP_CONTEXT
 
typedef struct _NETWORK_OPEN_ECP_CONTEXT_V0 NETWORK_OPEN_ECP_CONTEXT_V0
 
typedef struct _NETWORK_OPEN_ECP_CONTEXT_V0PNETWORK_OPEN_ECP_CONTEXT_V0
 
typedef struct _PREFETCH_OPEN_ECP_CONTEXT PREFETCH_OPEN_ECP_CONTEXT
 
typedef struct _PREFETCH_OPEN_ECP_CONTEXTPPREFETCH_OPEN_ECP_CONTEXT
 
typedef struct sockaddr_storagePSOCKADDR_STORAGE_NFS
 
typedef struct _NFS_OPEN_ECP_CONTEXT NFS_OPEN_ECP_CONTEXT
 
typedef struct _NFS_OPEN_ECP_CONTEXTPNFS_OPEN_ECP_CONTEXT
 
typedef struct _NFS_OPEN_ECP_CONTEXT ** PPNFS_OPEN_ECP_CONTEXT
 
typedef struct _SRV_OPEN_ECP_CONTEXT SRV_OPEN_ECP_CONTEXT
 
typedef struct _SRV_OPEN_ECP_CONTEXTPSRV_OPEN_ECP_CONTEXT
 
typedef struct _QUERY_PATH_REQUEST QUERY_PATH_REQUEST
 
typedef struct _QUERY_PATH_REQUESTPQUERY_PATH_REQUEST
 
typedef struct _QUERY_PATH_REQUEST_EX QUERY_PATH_REQUEST_EX
 
typedef struct _QUERY_PATH_REQUEST_EXPQUERY_PATH_REQUEST_EX
 
typedef struct _QUERY_PATH_RESPONSE QUERY_PATH_RESPONSE
 
typedef struct _QUERY_PATH_RESPONSEPQUERY_PATH_RESPONSE
 
typedef enum _FILE_STORAGE_TYPE FILE_STORAGE_TYPE
 
typedef struct _OBJECT_BASIC_INFORMATION OBJECT_BASIC_INFORMATION
 
typedef struct _OBJECT_BASIC_INFORMATIONPOBJECT_BASIC_INFORMATION
 
typedef struct _FILE_COPY_ON_WRITE_INFORMATION FILE_COPY_ON_WRITE_INFORMATION
 
typedef struct _FILE_COPY_ON_WRITE_INFORMATIONPFILE_COPY_ON_WRITE_INFORMATION
 
typedef struct _FILE_FULL_DIRECTORY_INFORMATION FILE_FULL_DIRECTORY_INFORMATION
 
typedef struct _FILE_FULL_DIRECTORY_INFORMATIONPFILE_FULL_DIRECTORY_INFORMATION
 
typedef struct _FILE_SHARED_LOCK_ENTRY FILE_SHARED_LOCK_ENTRY
 
typedef struct _FILE_SHARED_LOCK_ENTRYPFILE_SHARED_LOCK_ENTRY
 
typedef struct _FILE_EXCLUSIVE_LOCK_ENTRY FILE_EXCLUSIVE_LOCK_ENTRY
 
typedef struct _FILE_EXCLUSIVE_LOCK_ENTRYPFILE_EXCLUSIVE_LOCK_ENTRY
 
typedef struct _FILE_MAILSLOT_PEEK_BUFFER FILE_MAILSLOT_PEEK_BUFFER
 
typedef struct _FILE_MAILSLOT_PEEK_BUFFERPFILE_MAILSLOT_PEEK_BUFFER
 
typedef struct _FILE_OLE_CLASSID_INFORMATION FILE_OLE_CLASSID_INFORMATION
 
typedef struct _FILE_OLE_CLASSID_INFORMATIONPFILE_OLE_CLASSID_INFORMATION
 
typedef struct _FILE_OLE_ALL_INFORMATION FILE_OLE_ALL_INFORMATION
 
typedef struct _FILE_OLE_ALL_INFORMATIONPFILE_OLE_ALL_INFORMATION
 
typedef struct _FILE_OLE_DIR_INFORMATION FILE_OLE_DIR_INFORMATION
 
typedef struct _FILE_OLE_DIR_INFORMATIONPFILE_OLE_DIR_INFORMATION
 
typedef struct _FILE_OLE_INFORMATION FILE_OLE_INFORMATION
 
typedef struct _FILE_OLE_INFORMATIONPFILE_OLE_INFORMATION
 
typedef struct _FILE_OLE_STATE_BITS_INFORMATION FILE_OLE_STATE_BITS_INFORMATION
 
typedef struct _FILE_OLE_STATE_BITS_INFORMATIONPFILE_OLE_STATE_BITS_INFORMATION
 
typedef struct _MAPPING_PAIR MAPPING_PAIR
 
typedef struct _MAPPING_PAIRPMAPPING_PAIR
 
typedef struct _GET_RETRIEVAL_DESCRIPTOR GET_RETRIEVAL_DESCRIPTOR
 
typedef struct _GET_RETRIEVAL_DESCRIPTORPGET_RETRIEVAL_DESCRIPTOR
 
typedef struct _MOVEFILE_DESCRIPTOR MOVEFILE_DESCRIPTOR
 
typedef struct _MOVEFILE_DESCRIPTORPMOVEFILE_DESCRIPTOR
 
typedef struct _OBJECT_BASIC_INFO OBJECT_BASIC_INFO
 
typedef struct _OBJECT_BASIC_INFOPOBJECT_BASIC_INFO
 
typedef struct _OBJECT_HANDLE_ATTRIBUTE_INFO OBJECT_HANDLE_ATTRIBUTE_INFO
 
typedef struct _OBJECT_HANDLE_ATTRIBUTE_INFOPOBJECT_HANDLE_ATTRIBUTE_INFO
 
typedef struct _OBJECT_NAME_INFO OBJECT_NAME_INFO
 
typedef struct _OBJECT_NAME_INFOPOBJECT_NAME_INFO
 
typedef struct _OBJECT_PROTECTION_INFO OBJECT_PROTECTION_INFO
 
typedef struct _OBJECT_PROTECTION_INFOPOBJECT_PROTECTION_INFO
 
typedef struct _OBJECT_TYPE_INFO OBJECT_TYPE_INFO
 
typedef struct _OBJECT_TYPE_INFOPOBJECT_TYPE_INFO
 
typedef struct _OBJECT_ALL_TYPES_INFO OBJECT_ALL_TYPES_INFO
 
typedef struct _OBJECT_ALL_TYPES_INFOPOBJECT_ALL_TYPES_INFO
 
typedef struct _PORT_MESSAGE PORT_MESSAGE
 
typedef struct _PORT_MESSAGEPPORT_MESSAGE
 
typedef struct _PORT_VIEW PORT_VIEW
 
typedef struct _PORT_VIEWPPORT_VIEW
 
typedef struct _REMOTE_PORT_VIEW REMOTE_PORT_VIEW
 
typedef struct _REMOTE_PORT_VIEWPREMOTE_PORT_VIEW
 
typedef struct _VAD_HEADER VAD_HEADER
 
typedef struct _VAD_HEADERPVAD_HEADER
 

Enumerations

enum  _SECURITY_LOGON_TYPE {
  Interactive = 2 , Network , Batch , Service ,
  Proxy , Unlock , UndefinedLogonType = 0 , Interactive = 2 ,
  Network , Batch , Service , Proxy ,
  Unlock , NetworkCleartext , NewCredentials
}
 
enum  _MSV1_0_LOGON_SUBMIT_TYPE {
  MsV1_0InteractiveLogon = 2 , MsV1_0Lm20Logon , MsV1_0NetworkLogon , MsV1_0SubAuthLogon ,
  MsV1_0WorkstationUnlockLogon = 7 , MsV1_0InteractiveLogon = 2 , MsV1_0Lm20Logon , MsV1_0NetworkLogon ,
  MsV1_0SubAuthLogon , MsV1_0WorkstationUnlockLogon = 7 , MsV1_0S4ULogon = 12 , MsV1_0VirtualLogon = 82
}
 
enum  _MSV1_0_PROFILE_BUFFER_TYPE {
  MsV1_0InteractiveProfile = 2 , MsV1_0Lm20LogonProfile , MsV1_0SmartCardProfile , MsV1_0InteractiveProfile = 2 ,
  MsV1_0Lm20LogonProfile , MsV1_0SmartCardProfile
}
 
enum  _MSV1_0_AVID {
  MsvAvEOL , MsvAvNbComputerName , MsvAvNbDomainName , MsvAvDnsComputerName ,
  MsvAvDnsDomainName
}
 
enum  _MSV1_0_PROTOCOL_MESSAGE_TYPE {
  MsV1_0Lm20ChallengeRequest = 0 , MsV1_0Lm20GetChallengeResponse , MsV1_0EnumerateUsers , MsV1_0GetUserInfo ,
  MsV1_0ReLogonUsers , MsV1_0ChangePassword , MsV1_0ChangeCachedPassword , MsV1_0GenericPassthrough ,
  MsV1_0CacheLogon , MsV1_0SubAuth , MsV1_0DeriveCredential , MsV1_0CacheLookup ,
  MsV1_0SetProcessOption , MsV1_0Lm20ChallengeRequest = 0 , MsV1_0Lm20GetChallengeResponse , MsV1_0EnumerateUsers ,
  MsV1_0GetUserInfo , MsV1_0ReLogonUsers , MsV1_0ChangePassword , MsV1_0ChangeCachedPassword ,
  MsV1_0GenericPassthrough , MsV1_0CacheLogon , MsV1_0SubAuth , MsV1_0DeriveCredential ,
  MsV1_0CacheLookup
}
 
enum  _NETWORK_OPEN_LOCATION_QUALIFIER { NetworkOpenLocationAny , NetworkOpenLocationRemote , NetworkOpenLocationLoopback }
 
enum  _NETWORK_OPEN_INTEGRITY_QUALIFIER {
  NetworkOpenIntegrityAny , NetworkOpenIntegrityNone , NetworkOpenIntegritySigned , NetworkOpenIntegrityEncrypted ,
  NetworkOpenIntegrityMaximum
}
 
enum  _FILE_STORAGE_TYPE {
  StorageTypeDefault = 1 , StorageTypeDirectory , StorageTypeFile , StorageTypeJunctionPoint ,
  StorageTypeCatalog , StorageTypeStructuredStorage , StorageTypeEmbedding , StorageTypeStream
}
 

Functions

 $define (UCHAR=UCHAR) $define(ULONG
 
 $include (setypes.h) $include(obtypes.h) $include(rtltypes.h) $include(rtlfuncs.h) _IRQL_requires_max_(PASSIVE_LEVEL) __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtQueryObject(_In_opt_ HANDLE Handle
 
_In_ OBJECT_INFORMATION_CLASS _Out_writes_bytes_opt_ (ObjectInformationLength) PVOID ObjectInformation
 
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtOpenThreadToken (_In_ HANDLE ThreadHandle, _In_ ACCESS_MASK DesiredAccess, _In_ BOOLEAN OpenAsSelf, _Out_ PHANDLE TokenHandle)
 Opens a token that is tied to a thread handle.
 
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtOpenProcessToken (_In_ HANDLE ProcessHandle, _In_ ACCESS_MASK DesiredAccess, _Out_ PHANDLE TokenHandle)
 
 _When_ (TokenInformationClass==TokenAccessInformation, _At_(TokenInformationLength, _In_range_(>=, sizeof(TOKEN_ACCESS_INFORMATION)))) _Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtQueryInformationToken(_In_ HANDLE TokenHandle
 
_In_ TOKEN_INFORMATION_CLASS _Out_writes_bytes_to_opt_ (TokenInformationLength, *ReturnLength) PVOID TokenInformation
 
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAdjustPrivilegesToken (_In_ HANDLE TokenHandle, _In_ BOOLEAN DisableAllPrivileges, _In_opt_ PTOKEN_PRIVILEGES NewState, _In_ ULONG BufferLength, _Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_PRIVILEGES PreviousState, _When_(PreviousState !=NULL, _Out_) PULONG ReturnLength)
 
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtCreateFile (_Out_ PHANDLE FileHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES ObjectAttributes, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _In_opt_ PLARGE_INTEGER AllocationSize, _In_ ULONG FileAttributes, _In_ ULONG ShareAccess, _In_ ULONG CreateDisposition, _In_ ULONG CreateOptions, _In_reads_bytes_opt_(EaLength) PVOID EaBuffer, _In_ ULONG EaLength)
 
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtDeviceIoControlFile (_In_ HANDLE FileHandle, _In_opt_ HANDLE Event, _In_opt_ PIO_APC_ROUTINE ApcRoutine, _In_opt_ PVOID ApcContext, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _In_ ULONG IoControlCode, _In_reads_bytes_opt_(InputBufferLength) PVOID InputBuffer, _In_ ULONG InputBufferLength, _Out_writes_bytes_opt_(OutputBufferLength) PVOID OutputBuffer, _In_ ULONG OutputBufferLength)
 
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtFsControlFile (_In_ HANDLE FileHandle, _In_opt_ HANDLE Event, _In_opt_ PIO_APC_ROUTINE ApcRoutine, _In_opt_ PVOID ApcContext, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _In_ ULONG FsControlCode, _In_reads_bytes_opt_(InputBufferLength) PVOID InputBuffer, _In_ ULONG InputBufferLength, _Out_writes_bytes_opt_(OutputBufferLength) PVOID OutputBuffer, _In_ ULONG OutputBufferLength)
 
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtLockFile (_In_ HANDLE FileHandle, _In_opt_ HANDLE Event, _In_opt_ PIO_APC_ROUTINE ApcRoutine, _In_opt_ PVOID ApcContext, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _In_ PLARGE_INTEGER ByteOffset, _In_ PLARGE_INTEGER Length, _In_ ULONG Key, _In_ BOOLEAN FailImmediately, _In_ BOOLEAN ExclusiveLock)
 
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtOpenFile (_Out_ PHANDLE FileHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES ObjectAttributes, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _In_ ULONG ShareAccess, _In_ ULONG OpenOptions)
 
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtQueryDirectoryFile (_In_ HANDLE FileHandle, _In_opt_ HANDLE Event, _In_opt_ PIO_APC_ROUTINE ApcRoutine, _In_opt_ PVOID ApcContext, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _Out_writes_bytes_(Length) PVOID FileInformation, _In_ ULONG Length, _In_ FILE_INFORMATION_CLASS FileInformationClass, _In_ BOOLEAN ReturnSingleEntry, _In_opt_ PUNICODE_STRING FileName, _In_ BOOLEAN RestartScan)
 
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtQueryInformationFile (_In_ HANDLE FileHandle, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _Out_writes_bytes_(Length) PVOID FileInformation, _In_ ULONG Length, _In_ FILE_INFORMATION_CLASS FileInformationClass)
 
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtQueryQuotaInformationFile (_In_ HANDLE FileHandle, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _Out_writes_bytes_(Length) PVOID Buffer, _In_ ULONG Length, _In_ BOOLEAN ReturnSingleEntry, _In_reads_bytes_opt_(SidListLength) PVOID SidList, _In_ ULONG SidListLength, _In_reads_bytes_opt_((8+(4 *((SID *) StartSid) ->SubAuthorityCount))) PSID StartSid, _In_ BOOLEAN RestartScan)
 
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtQueryVolumeInformationFile (_In_ HANDLE FileHandle, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _Out_writes_bytes_(Length) PVOID FsInformation, _In_ ULONG Length, _In_ FS_INFORMATION_CLASS FsInformationClass)
 
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtReadFile (_In_ HANDLE FileHandle, _In_opt_ HANDLE Event, _In_opt_ PIO_APC_ROUTINE ApcRoutine, _In_opt_ PVOID ApcContext, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _Out_writes_bytes_(Length) PVOID Buffer, _In_ ULONG Length, _In_opt_ PLARGE_INTEGER ByteOffset, _In_opt_ PULONG Key)
 
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtSetInformationFile (_In_ HANDLE FileHandle, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _In_reads_bytes_(Length) PVOID FileInformation, _In_ ULONG Length, _In_ FILE_INFORMATION_CLASS FileInformationClass)
 
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtSetQuotaInformationFile (_In_ HANDLE FileHandle, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _In_reads_bytes_(Length) PVOID Buffer, _In_ ULONG Length)
 
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtSetVolumeInformationFile (_In_ HANDLE FileHandle, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _In_reads_bytes_(Length) PVOID FsInformation, _In_ ULONG Length, _In_ FS_INFORMATION_CLASS FsInformationClass)
 
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtWriteFile (_In_ HANDLE FileHandle, _In_opt_ HANDLE Event, _In_opt_ PIO_APC_ROUTINE ApcRoutine, _In_opt_ PVOID ApcContext, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _In_reads_bytes_(Length) PVOID Buffer, _In_ ULONG Length, _In_opt_ PLARGE_INTEGER ByteOffset, _In_opt_ PULONG Key)
 
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtUnlockFile (_In_ HANDLE FileHandle, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _In_ PLARGE_INTEGER ByteOffset, _In_ PLARGE_INTEGER Length, _In_ ULONG Key)
 
 _IRQL_requires_max_ (PASSIVE_LEVEL) __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtSetSecurityObject(_In_ HANDLE Handle
 Queries information details about a security descriptor.
 
_In_ SECURITY_INFORMATION _Out_writes_bytes_opt_ (Length) PSECURITY_DESCRIPTOR SecurityDescriptor
 
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtOpenThreadTokenEx (_In_ HANDLE ThreadHandle, _In_ ACCESS_MASK DesiredAccess, _In_ BOOLEAN OpenAsSelf, _In_ ULONG HandleAttributes, _Out_ PHANDLE TokenHandle)
 Opens a token that is tied to a thread handle.
 
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtOpenProcessTokenEx (_In_ HANDLE ProcessHandle, _In_ ACCESS_MASK DesiredAccess, _In_ ULONG HandleAttributes, _Out_ PHANDLE TokenHandle)
 
_Must_inspect_result_ NTSYSAPI NTSTATUS NTAPI NtOpenJobObjectToken (_In_ HANDLE JobHandle, _In_ ACCESS_MASK DesiredAccess, _Out_ PHANDLE TokenHandle)
 
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtDuplicateToken (_In_ HANDLE ExistingTokenHandle, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ BOOLEAN EffectiveOnly, _In_ TOKEN_TYPE TokenType, _Out_ PHANDLE NewTokenHandle)
 Duplicates a token.
 
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtFilterToken (_In_ HANDLE ExistingTokenHandle, _In_ ULONG Flags, _In_opt_ PTOKEN_GROUPS SidsToDisable, _In_opt_ PTOKEN_PRIVILEGES PrivilegesToDelete, _In_opt_ PTOKEN_GROUPS RestrictedSids, _Out_ PHANDLE NewTokenHandle)
 Creates an access token in a restricted form from the original existing token, that is, such action is called filtering.
 
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtImpersonateAnonymousToken (_In_ HANDLE ThreadHandle)
 Allows the calling thread to impersonate the system's anonymous logon token.
 
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtSetInformationToken (_In_ HANDLE TokenHandle, _In_ TOKEN_INFORMATION_CLASS TokenInformationClass, _In_reads_bytes_(TokenInformationLength) PVOID TokenInformation, _In_ ULONG TokenInformationLength)
 Sets (modifies) some specific information in regard of an access token. The calling thread must have specific access rights in order to modify token's information data.
 
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAdjustGroupsToken (_In_ HANDLE TokenHandle, _In_ BOOLEAN ResetToDefault, _In_opt_ PTOKEN_GROUPS NewState, _In_opt_ ULONG BufferLength, _Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_GROUPS PreviousState, _Out_ PULONG ReturnLength)
 
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtPrivilegeCheck (_In_ HANDLE ClientToken, _Inout_ PPRIVILEGE_SET RequiredPrivileges, _Out_ PBOOLEAN Result)
 
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAccessCheckAndAuditAlarm (_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ PUNICODE_STRING ObjectTypeName, _In_ PUNICODE_STRING ObjectName, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ ACCESS_MASK DesiredAccess, _In_ PGENERIC_MAPPING GenericMapping, _In_ BOOLEAN ObjectCreation, _Out_ PACCESS_MASK GrantedAccess, _Out_ PNTSTATUS AccessStatus, _Out_ PBOOLEAN GenerateOnClose)
 Raises an alarm audit message when a caller attempts to access an object and determine if the access can be made.
 
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAccessCheckByTypeAndAuditAlarm (_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ PUNICODE_STRING ObjectTypeName, _In_ PUNICODE_STRING ObjectName, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_opt_ PSID PrincipalSelfSid, _In_ ACCESS_MASK DesiredAccess, _In_ AUDIT_EVENT_TYPE AuditType, _In_ ULONG Flags, _In_reads_opt_(ObjectTypeLength) POBJECT_TYPE_LIST ObjectTypeList, _In_ ULONG ObjectTypeLength, _In_ PGENERIC_MAPPING GenericMapping, _In_ BOOLEAN ObjectCreation, _Out_ PACCESS_MASK GrantedAccess, _Out_ PNTSTATUS AccessStatus, _Out_ PBOOLEAN GenerateOnClose)
 Raises an alarm audit message when a caller attempts to access an object and determine if the access can be made by type.
 
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAccessCheckByTypeResultListAndAuditAlarm (_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ PUNICODE_STRING ObjectTypeName, _In_ PUNICODE_STRING ObjectName, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_opt_ PSID PrincipalSelfSid, _In_ ACCESS_MASK DesiredAccess, _In_ AUDIT_EVENT_TYPE AuditType, _In_ ULONG Flags, _In_reads_opt_(ObjectTypeListLength) POBJECT_TYPE_LIST ObjectTypeList, _In_ ULONG ObjectTypeListLength, _In_ PGENERIC_MAPPING GenericMapping, _In_ BOOLEAN ObjectCreation, _Out_writes_(ObjectTypeListLength) PACCESS_MASK GrantedAccess, _Out_writes_(ObjectTypeListLength) PNTSTATUS AccessStatus, _Out_ PBOOLEAN GenerateOnClose)
 Raises an alarm audit message when a caller attempts to access an object and determine if the access can be made by given type result.
 
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAccessCheckByTypeResultListAndAuditAlarmByHandle (_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ HANDLE ClientToken, _In_ PUNICODE_STRING ObjectTypeName, _In_ PUNICODE_STRING ObjectName, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_opt_ PSID PrincipalSelfSid, _In_ ACCESS_MASK DesiredAccess, _In_ AUDIT_EVENT_TYPE AuditType, _In_ ULONG Flags, _In_reads_opt_(ObjectTypeListLength) POBJECT_TYPE_LIST ObjectTypeList, _In_ ULONG ObjectTypeListLength, _In_ PGENERIC_MAPPING GenericMapping, _In_ BOOLEAN ObjectCreation, _Out_writes_(ObjectTypeListLength) PACCESS_MASK GrantedAccess, _Out_writes_(ObjectTypeListLength) PNTSTATUS AccessStatus, _Out_ PBOOLEAN GenerateOnClose)
 Raises an alarm audit message when a caller attempts to access an object and determine if the access can be made by given type result and a token handle.
 
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtOpenObjectAuditAlarm (_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ PUNICODE_STRING ObjectTypeName, _In_ PUNICODE_STRING ObjectName, _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ HANDLE ClientToken, _In_ ACCESS_MASK DesiredAccess, _In_ ACCESS_MASK GrantedAccess, _In_opt_ PPRIVILEGE_SET Privileges, _In_ BOOLEAN ObjectCreation, _In_ BOOLEAN AccessGranted, _Out_ PBOOLEAN GenerateOnClose)
 Raises an alarm audit message when an object is about to be opened.
 
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtPrivilegeObjectAuditAlarm (_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ HANDLE ClientToken, _In_ ACCESS_MASK DesiredAccess, _In_ PPRIVILEGE_SET Privileges, _In_ BOOLEAN AccessGranted)
 
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtCloseObjectAuditAlarm (_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ BOOLEAN GenerateOnClose)
 
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtDeleteObjectAuditAlarm (_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ BOOLEAN GenerateOnClose)
 
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtPrivilegedServiceAuditAlarm (_In_ PUNICODE_STRING SubsystemName, _In_ PUNICODE_STRING ServiceName, _In_ HANDLE ClientToken, _In_ PPRIVILEGE_SET Privileges, _In_ BOOLEAN AccessGranted)
 
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtSetInformationThread (_In_ HANDLE ThreadHandle, _In_ THREADINFOCLASS ThreadInformationClass, _In_reads_bytes_(ThreadInformationLength) PVOID ThreadInformation, _In_ ULONG ThreadInformationLength)
 
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtCreateSection (_Out_ PHANDLE SectionHandle, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_opt_ PLARGE_INTEGER MaximumSize, _In_ ULONG SectionPageProtection, _In_ ULONG AllocationAttributes, _In_opt_ HANDLE FileHandle)
 
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_reads_bytes_ (AuthenticationInformationLength) PVOID AuthenticationInformation
 
_IRQL_requires_same_ NTSTATUS NTAPI LsaFreeReturnBuffer (_In_ PVOID Buffer)
 
 $include (iotypes.h) typedef struct _PUBLIC_OBJECT_BASIC_INFORMATION
 
 $include (ketypes.h) $include(kefuncs.h) $include(extypes.h) $include(exfuncs.h) $include(sefuncs.h) $include(psfuncs.h) $include(iofuncs.h) $include(potypes.h) $include(pofuncs.h) $include(mmtypes.h) $include(mmfuncs.h) $include(obfuncs.h) $include(fsrtltypes.h) $include(fsrtlfuncs.h) $include(cctypes.h) $include(ccfuncs.h) $include(zwfuncs.h) $include(sspi.h) C_ASSERT(sizeof(ERESOURCE)
 
 C_ASSERT (FIELD_OFFSET(ERESOURCE, ActiveCount)==0x0c)
 
 C_ASSERT (FIELD_OFFSET(ERESOURCE, Flag)==0x0e)
 
 DEFINE_GUID (GUID_ECP_NETWORK_OPEN_CONTEXT, 0xc584edbf, 0x00df, 0x4d28, 0xb8, 0x84, 0x35, 0xba, 0xca, 0x89, 0x11, 0xe8)
 
 DEFINE_GUID (GUID_ECP_PREFETCH_OPEN, 0xe1777b21, 0x847e, 0x4837, 0xaa, 0x45, 0x64, 0x16, 0x1d, 0x28, 0x6, 0x55)
 
 DEFINE_GUID (GUID_ECP_NFS_OPEN, 0xf326d30c, 0xe5f8, 0x4fe7, 0xab, 0x74, 0xf5, 0xa3, 0x19, 0x6d, 0x92, 0xdb)
 
 DEFINE_GUID (GUID_ECP_SRV_OPEN, 0xbebfaebc, 0xaabf, 0x489d, 0x9d, 0x2c, 0xe9, 0xe3, 0x61, 0x10, 0x28, 0x53)
 
NTKERNELAPI LARGE_INTEGER NTAPI CcGetLsnForFileObject (_In_ PFILE_OBJECT FileObject, _Out_opt_ PLARGE_INTEGER OldestLsn)
 
NTKERNELAPI PVOID NTAPI FsRtlAllocatePool (_In_ POOL_TYPE PoolType, _In_ ULONG NumberOfBytes)
 
NTKERNELAPI PVOID NTAPI FsRtlAllocatePoolWithQuota (_In_ POOL_TYPE PoolType, _In_ ULONG NumberOfBytes)
 
NTKERNELAPI PVOID NTAPI FsRtlAllocatePoolWithQuotaTag (_In_ POOL_TYPE PoolType, _In_ ULONG NumberOfBytes, _In_ ULONG Tag)
 
NTKERNELAPI PVOID NTAPI FsRtlAllocatePoolWithTag (_In_ POOL_TYPE PoolType, _In_ ULONG NumberOfBytes, _In_ ULONG Tag)
 
NTKERNELAPI BOOLEAN NTAPI FsRtlMdlReadComplete (_In_ PFILE_OBJECT FileObject, _In_ PMDL MdlChain)
 
NTKERNELAPI BOOLEAN NTAPI FsRtlMdlWriteComplete (_In_ PFILE_OBJECT FileObject, _In_ PLARGE_INTEGER FileOffset, _In_ PMDL MdlChain)
 
NTKERNELAPI VOID NTAPI FsRtlNotifyChangeDirectory (_In_ PNOTIFY_SYNC NotifySync, _In_ PVOID FsContext, _In_ PSTRING FullDirectoryName, _In_ PLIST_ENTRY NotifyList, _In_ BOOLEAN WatchTree, _In_ ULONG CompletionFilter, _In_ PIRP NotifyIrp)
 
NTKERNELAPI NTSTATUS NTAPI ObCreateObject (_In_opt_ KPROCESSOR_MODE ObjectAttributesAccessMode, _In_ POBJECT_TYPE ObjectType, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ KPROCESSOR_MODE AccessMode, _Inout_opt_ PVOID ParseContext, _In_ ULONG ObjectSize, _In_opt_ ULONG PagedPoolCharge, _In_opt_ ULONG NonPagedPoolCharge, _Out_ PVOID *Object)
 
NTKERNELAPI NTSTATUS NTAPI ObReferenceObjectByName (_In_ PUNICODE_STRING ObjectName, _In_ ULONG Attributes, _In_opt_ PACCESS_STATE PassedAccessState, _In_opt_ ACCESS_MASK DesiredAccess, _In_ POBJECT_TYPE ObjectType, _In_ KPROCESSOR_MODE AccessMode, _Inout_opt_ PVOID ParseContext, _Out_ PVOID *Object)
 
NTKERNELAPI NTSTATUS NTAPI PsLookupProcessThreadByCid (_In_ PCLIENT_ID Cid, _Out_opt_ PEPROCESS *Process, _Out_ PETHREAD *Thread)
 
NTSYSAPI NTSTATUS NTAPI RtlSetSaclSecurityDescriptor (_Inout_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ BOOLEAN SaclPresent, _In_ PACL Sacl, _In_ BOOLEAN SaclDefaulted)
 

Variables

_In_ OBJECT_INFORMATION_CLASS ObjectInformationClass
 
_In_ OBJECT_INFORMATION_CLASS _In_ ULONG ObjectInformationLength
 
_In_ OBJECT_INFORMATION_CLASS _In_ ULONG _Out_opt_ PULONG ReturnLength
 
_In_ TOKEN_INFORMATION_CLASS TokenInformationClass
 
_In_ TOKEN_INFORMATION_CLASS _In_ ULONG TokenInformationLength
 
_In_ SECURITY_INFORMATION SecurityInformation
 
_In_ SECURITY_INFORMATION _In_ PSECURITY_DESCRIPTOR SecurityDescriptor
 
_In_ SECURITY_INFORMATION _In_ ULONG Length
 
_In_ SECURITY_INFORMATION _In_ ULONG _Out_ PULONG LengthNeeded
 
_IRQL_requires_same_ _Out_ PHANDLE LsaHandle
 
_IRQL_requires_same_ _Out_ PHANDLE _Out_ PLSA_OPERATIONAL_MODE SecurityMode
 
_IRQL_requires_same_ _In_ PLSA_STRING OriginName
 
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE LogonType
 
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG AuthenticationPackage
 
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG AuthenticationInformationLength
 
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS LocalGroups
 
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE SourceContext
 
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOIDProfileBuffer
 
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG ProfileBufferLength
 
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID LogonId
 
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
 
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE _Out_ PQUOTA_LIMITS Quotas
 
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE _Out_ PQUOTA_LIMITS _Out_ PNTSTATUS SubStatus
 
 PUBLIC_OBJECT_BASIC_INFORMATION
 
PPUBLIC_OBJECT_BASIC_INFORMATION
 
PUSHORTNlsOemLeadByteInfo
 

Macro Definition Documentation

◆ _GNU_NTIFS_

#define _GNU_NTIFS_

Definition at line 27 of file ntifs.template.h.

◆ _NTIFS_INCLUDED_

#define _NTIFS_INCLUDED_

Definition at line 26 of file ntifs.template.h.

◆ _NTLSA_AUDIT_

#define _NTLSA_AUDIT_

Definition at line 684 of file ntifs.template.h.

◆ _NTLSA_IFS_

#define _NTLSA_IFS_

Definition at line 728 of file ntifs.template.h.

◆ BooleanFlagOn

#define BooleanFlagOn (   F,
  SF 
)    ((BOOLEAN)(((F) & (SF)) != 0))

◆ ClearFlag

#define ClearFlag (   _F,
  _SF 
)    ((_F) &= ~(_SF))

◆ COMPRESSION_ENGINE_HIBER

#define COMPRESSION_ENGINE_HIBER   (0x0200)

Definition at line 652 of file ntifs.template.h.

◆ COMPRESSION_ENGINE_MAXIMUM

#define COMPRESSION_ENGINE_MAXIMUM   (0x0100)

Definition at line 651 of file ntifs.template.h.

◆ COMPRESSION_ENGINE_STANDARD

#define COMPRESSION_ENGINE_STANDARD   (0x0000)

Definition at line 650 of file ntifs.template.h.

◆ COMPRESSION_FORMAT_DEFAULT

#define COMPRESSION_FORMAT_DEFAULT   (0x0001)

Definition at line 648 of file ntifs.template.h.

◆ COMPRESSION_FORMAT_LZNT1

#define COMPRESSION_FORMAT_LZNT1   (0x0002)

Definition at line 649 of file ntifs.template.h.

◆ COMPRESSION_FORMAT_NONE

#define COMPRESSION_FORMAT_NONE   (0x0000)

Definition at line 647 of file ntifs.template.h.

◆ FILE_MAXIMUM_STORAGE_TYPE

#define FILE_MAXIMUM_STORAGE_TYPE   FILE_STORAGE_TYPE_STREAM

Definition at line 1304 of file ntifs.template.h.

◆ FILE_MINIMUM_STORAGE_TYPE

#define FILE_MINIMUM_STORAGE_TYPE   FILE_STORAGE_TYPE_DEFAULT

Definition at line 1303 of file ntifs.template.h.

◆ FILE_STORAGE_TYPE_CATALOG

#define FILE_STORAGE_TYPE_CATALOG   (StorageTypeCatalog << FILE_STORAGE_TYPE_SHIFT)

Definition at line 1299 of file ntifs.template.h.

◆ FILE_STORAGE_TYPE_DEFAULT

#define FILE_STORAGE_TYPE_DEFAULT   (StorageTypeDefault << FILE_STORAGE_TYPE_SHIFT)

Definition at line 1294 of file ntifs.template.h.

◆ FILE_STORAGE_TYPE_DIRECTORY

#define FILE_STORAGE_TYPE_DIRECTORY   (StorageTypeDirectory << FILE_STORAGE_TYPE_SHIFT)

Definition at line 1295 of file ntifs.template.h.

◆ FILE_STORAGE_TYPE_DOCFILE

#define FILE_STORAGE_TYPE_DOCFILE   (StorageTypeDocfile << FILE_STORAGE_TYPE_SHIFT)

Definition at line 1297 of file ntifs.template.h.

◆ FILE_STORAGE_TYPE_EMBEDDING

#define FILE_STORAGE_TYPE_EMBEDDING   (StorageTypeEmbedding << FILE_STORAGE_TYPE_SHIFT)

Definition at line 1301 of file ntifs.template.h.

◆ FILE_STORAGE_TYPE_FILE

#define FILE_STORAGE_TYPE_FILE   (StorageTypeFile << FILE_STORAGE_TYPE_SHIFT)

Definition at line 1296 of file ntifs.template.h.

◆ FILE_STORAGE_TYPE_JUNCTION_POINT

#define FILE_STORAGE_TYPE_JUNCTION_POINT   (StorageTypeJunctionPoint << FILE_STORAGE_TYPE_SHIFT)

Definition at line 1298 of file ntifs.template.h.

◆ FILE_STORAGE_TYPE_MASK

#define FILE_STORAGE_TYPE_MASK   0x000f0000

Definition at line 1305 of file ntifs.template.h.

◆ FILE_STORAGE_TYPE_SHIFT

#define FILE_STORAGE_TYPE_SHIFT   16

Definition at line 1306 of file ntifs.template.h.

◆ FILE_STORAGE_TYPE_SPECIFIED

#define FILE_STORAGE_TYPE_SPECIFIED   0x00000041 /* FILE_DIRECTORY_FILE | FILE_NON_DIRECTORY_FILE */

Definition at line 1293 of file ntifs.template.h.

◆ FILE_STORAGE_TYPE_STREAM

#define FILE_STORAGE_TYPE_STREAM   (StorageTypeStream << FILE_STORAGE_TYPE_SHIFT)

Definition at line 1302 of file ntifs.template.h.

◆ FILE_STORAGE_TYPE_STRUCTURED_STORAGE

#define FILE_STORAGE_TYPE_STRUCTURED_STORAGE   (StorageTypeStructuredStorage << FILE_STORAGE_TYPE_SHIFT)

Definition at line 1300 of file ntifs.template.h.

◆ FILE_VC_QUOTAS_LOG_VIOLATIONS

#define FILE_VC_QUOTAS_LOG_VIOLATIONS   0x00000004

Definition at line 1308 of file ntifs.template.h.

◆ FlagOn

#define FlagOn (   _F,
  _SF 
)    ((_F) & (_SF))

◆ FS_LFN_APIS

#define FS_LFN_APIS   0x00004000

Definition at line 1291 of file ntifs.template.h.

◆ FSCTL_DUMP_PROPERTY_DATA

#define FSCTL_DUMP_PROPERTY_DATA   CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 37, METHOD_NEITHER, FILE_ANY_ACCESS)

Definition at line 1370 of file ntifs.template.h.

◆ FSCTL_GET_HFS_INFORMATION

#define FSCTL_GET_HFS_INFORMATION   CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 31, METHOD_BUFFERED, FILE_ANY_ACCESS)

Definition at line 1362 of file ntifs.template.h.

◆ FSCTL_HSM_DATA

Definition at line 1374 of file ntifs.template.h.

◆ FSCTL_HSM_MSG

◆ FSCTL_NETWORK_DELETE_CONNECTION

#define FSCTL_NETWORK_DELETE_CONNECTION   CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 107, METHOD_BUFFERED, FILE_ANY_ACCESS)

Definition at line 1382 of file ntifs.template.h.

◆ FSCTL_NETWORK_ENUMERATE_CONNECTIONS

#define FSCTL_NETWORK_ENUMERATE_CONNECTIONS   CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 105, METHOD_NEITHER, FILE_ANY_ACCESS)

Definition at line 1381 of file ntifs.template.h.

◆ FSCTL_NETWORK_GET_CONFIGURATION_INFO

#define FSCTL_NETWORK_GET_CONFIGURATION_INFO   CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 103, METHOD_OUT_DIRECT, FILE_ANY_ACCESS)

Definition at line 1379 of file ntifs.template.h.

◆ FSCTL_NETWORK_GET_CONNECTION_INFO

#define FSCTL_NETWORK_GET_CONNECTION_INFO   CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 104, METHOD_NEITHER, FILE_ANY_ACCESS)

Definition at line 1380 of file ntifs.template.h.

◆ FSCTL_NETWORK_GET_STATISTICS

Definition at line 1383 of file ntifs.template.h.

◆ FSCTL_NETWORK_REMOTE_BOOT_INIT_SCRT

#define FSCTL_NETWORK_REMOTE_BOOT_INIT_SCRT   CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 250, METHOD_BUFFERED, FILE_ANY_ACCESS)

Definition at line 1385 of file ntifs.template.h.

◆ FSCTL_NETWORK_SET_CONFIGURATION_INFO

#define FSCTL_NETWORK_SET_CONFIGURATION_INFO   CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 102, METHOD_IN_DIRECT, FILE_ANY_ACCESS)

Definition at line 1378 of file ntifs.template.h.

◆ FSCTL_NETWORK_SET_DOMAIN_NAME

#define FSCTL_NETWORK_SET_DOMAIN_NAME   CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 120, METHOD_BUFFERED, FILE_ANY_ACCESS)

Definition at line 1384 of file ntifs.template.h.

◆ FSCTL_NSS_CONTROL

Definition at line 1373 of file ntifs.template.h.

◆ FSCTL_NSS_RCONTROL

Definition at line 1375 of file ntifs.template.h.

◆ FSCTL_READ_PROPERTY_DATA

#define FSCTL_READ_PROPERTY_DATA   CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 33, METHOD_NEITHER, FILE_ANY_ACCESS)

Definition at line 1367 of file ntifs.template.h.

◆ FSCTL_WRITE_PROPERTY_DATA

#define FSCTL_WRITE_PROPERTY_DATA   CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 34, METHOD_NEITHER, FILE_ANY_ACCESS)

Definition at line 1368 of file ntifs.template.h.

◆ GCR_ALLOW_LM

#define GCR_ALLOW_LM   0x1000

Definition at line 847 of file ntifs.template.h.

◆ GCR_ALLOW_NO_TARGET

#define GCR_ALLOW_NO_TARGET   0x2000

Definition at line 848 of file ntifs.template.h.

◆ GCR_ALLOW_NTLM

#define GCR_ALLOW_NTLM   0x100

Definition at line 843 of file ntifs.template.h.

◆ GCR_MACHINE_CREDENTIAL

#define GCR_MACHINE_CREDENTIAL   0x400

Definition at line 845 of file ntifs.template.h.

◆ GCR_NTLM3_PARMS

#define GCR_NTLM3_PARMS   0x20

Definition at line 840 of file ntifs.template.h.

◆ GCR_TARGET_INFO

#define GCR_TARGET_INFO   0x40

Definition at line 841 of file ntifs.template.h.

◆ GCR_USE_OEM_SET

#define GCR_USE_OEM_SET   0x200

Definition at line 844 of file ntifs.template.h.

◆ GCR_USE_OWF_PASSWORD

#define GCR_USE_OWF_PASSWORD   0x800

Definition at line 846 of file ntifs.template.h.

◆ GENERATE_CLIENT_CHALLENGE

#define GENERATE_CLIENT_CHALLENGE   0x10

Definition at line 839 of file ntifs.template.h.

◆ IO_ATTACH_DEVICE_API

#define IO_ATTACH_DEVICE_API   0x80000000

Definition at line 1315 of file ntifs.template.h.

◆ IO_TYPE_APC

#define IO_TYPE_APC   18

Definition at line 1317 of file ntifs.template.h.

◆ IO_TYPE_DEVICE_QUEUE

#define IO_TYPE_DEVICE_QUEUE   20

Definition at line 1319 of file ntifs.template.h.

◆ IO_TYPE_DPC

#define IO_TYPE_DPC   19

Definition at line 1318 of file ntifs.template.h.

◆ IO_TYPE_EVENT_PAIR

#define IO_TYPE_EVENT_PAIR   21

Definition at line 1320 of file ntifs.template.h.

◆ IO_TYPE_INTERRUPT

#define IO_TYPE_INTERRUPT   22

Definition at line 1321 of file ntifs.template.h.

◆ IO_TYPE_PROFILE

#define IO_TYPE_PROFILE   23

Definition at line 1322 of file ntifs.template.h.

◆ IOCTL_REDIR_QUERY_PATH

Definition at line 1259 of file ntifs.template.h.

◆ IOCTL_REDIR_QUERY_PATH_EX

Definition at line 1260 of file ntifs.template.h.

◆ IOCTL_VOLSNAP_FLUSH_AND_HOLD_WRITES

#define IOCTL_VOLSNAP_FLUSH_AND_HOLD_WRITES   CTL_CODE(VOLSNAPCONTROLTYPE, 0, METHOD_BUFFERED, FILE_READ_ACCESS | FILE_WRITE_ACCESS)

Definition at line 1282 of file ntifs.template.h.

◆ IRP_BEING_VERIFIED

#define IRP_BEING_VERIFIED   0x10

Definition at line 1324 of file ntifs.template.h.

◆ LOGON_CACHED_ACCOUNT

#define LOGON_CACHED_ACCOUNT   0x04

Definition at line 779 of file ntifs.template.h.

◆ LOGON_EXTRA_SIDS

#define LOGON_EXTRA_SIDS   0x20

Definition at line 781 of file ntifs.template.h.

◆ LOGON_GRACE_LOGON

#define LOGON_GRACE_LOGON   0x01000000

Definition at line 802 of file ntifs.template.h.

◆ LOGON_GUEST

#define LOGON_GUEST   0x01

Definition at line 777 of file ntifs.template.h.

◆ LOGON_LM_V2

#define LOGON_LM_V2   0x1000

Definition at line 788 of file ntifs.template.h.

◆ LOGON_NOENCRYPTION

#define LOGON_NOENCRYPTION   0x02

Definition at line 778 of file ntifs.template.h.

◆ LOGON_NT_V2

#define LOGON_NT_V2   0x800

Definition at line 787 of file ntifs.template.h.

◆ LOGON_NTLM_V2

#define LOGON_NTLM_V2   0x2000

Definition at line 789 of file ntifs.template.h.

◆ LOGON_NTLMV2_ENABLED

#define LOGON_NTLMV2_ENABLED   0x100

Definition at line 784 of file ntifs.template.h.

◆ LOGON_PROFILE_PATH_RETURNED

#define LOGON_PROFILE_PATH_RETURNED   0x400

Definition at line 786 of file ntifs.template.h.

◆ LOGON_RESOURCE_GROUPS

#define LOGON_RESOURCE_GROUPS   0x200

Definition at line 785 of file ntifs.template.h.

◆ LOGON_SERVER_TRUST_ACCOUNT

#define LOGON_SERVER_TRUST_ACCOUNT   0x80

Definition at line 783 of file ntifs.template.h.

◆ LOGON_SUBAUTH_SESSION_KEY

#define LOGON_SUBAUTH_SESSION_KEY   0x40

Definition at line 782 of file ntifs.template.h.

◆ LOGON_USED_LM_PASSWORD

#define LOGON_USED_LM_PASSWORD   0x08

Definition at line 780 of file ntifs.template.h.

◆ LPC_CLIENT_ID

#define LPC_CLIENT_ID   CLIENT_ID

Definition at line 1585 of file ntifs.template.h.

◆ LPC_HANDLE

#define LPC_HANDLE   HANDLE

Definition at line 1588 of file ntifs.template.h.

◆ LPC_KERNELMODE_MESSAGE

#define LPC_KERNELMODE_MESSAGE   (CSHORT)((USHORT)0x8000)

Definition at line 1624 of file ntifs.template.h.

◆ LPC_PVOID

#define LPC_PVOID   PVOID

Definition at line 1587 of file ntifs.template.h.

◆ LPC_SIZE_T

#define LPC_SIZE_T   SIZE_T

Definition at line 1586 of file ntifs.template.h.

◆ MAILSLOT_CLASS_FIRSTCLASS

#define MAILSLOT_CLASS_FIRSTCLASS   1

Definition at line 1326 of file ntifs.template.h.

◆ MAILSLOT_CLASS_SECONDCLASS

#define MAILSLOT_CLASS_SECONDCLASS   2

Definition at line 1327 of file ntifs.template.h.

◆ MAILSLOT_SIZE_AUTO

#define MAILSLOT_SIZE_AUTO   0

Definition at line 1329 of file ntifs.template.h.

◆ MAP_HIGH_PRIORITY

#define MAP_HIGH_PRIORITY   (64)

Definition at line 1257 of file ntifs.template.h.

◆ MAP_NO_READ

#define MAP_NO_READ   (16)

Definition at line 1256 of file ntifs.template.h.

◆ MAP_WAIT

#define MAP_WAIT   1

Definition at line 1255 of file ntifs.template.h.

◆ MAX_UNICODE_STACK_BUFFER_LENGTH

#define MAX_UNICODE_STACK_BUFFER_LENGTH   256

Definition at line 654 of file ntifs.template.h.

◆ MEM_DOS_LIM

#define MEM_DOS_LIM   0x40000000

Definition at line 1331 of file ntifs.template.h.

◆ METHOD_DIRECT_FROM_HARDWARE

#define METHOD_DIRECT_FROM_HARDWARE   METHOD_OUT_DIRECT

Definition at line 659 of file ntifs.template.h.

◆ METHOD_DIRECT_TO_HARDWARE

#define METHOD_DIRECT_TO_HARDWARE   METHOD_IN_DIRECT

Definition at line 658 of file ntifs.template.h.

◆ METHOD_FROM_CTL_CODE

#define METHOD_FROM_CTL_CODE (   ctrlCode)    ((ULONG)(ctrlCode & 3))

Definition at line 656 of file ntifs.template.h.

◆ MSV1_0_ALLOW_FORCE_GUEST

#define MSV1_0_ALLOW_FORCE_GUEST   0x00002000

Definition at line 755 of file ntifs.template.h.

◆ MSV1_0_ALLOW_MSVCHAPV2

#define MSV1_0_ALLOW_MSVCHAPV2   0x00010000

Definition at line 763 of file ntifs.template.h.

◆ MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT

#define MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT   0x20

Definition at line 746 of file ntifs.template.h.

◆ MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT

#define MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT   0x800

Definition at line 752 of file ntifs.template.h.

◆ MSV1_0_CHALLENGE_LENGTH

#define MSV1_0_CHALLENGE_LENGTH   8

Definition at line 738 of file ntifs.template.h.

◆ MSV1_0_CLEARTEXT_PASSWORD_ALLOWED

#define MSV1_0_CLEARTEXT_PASSWORD_ALLOWED   0x02

Definition at line 742 of file ntifs.template.h.

◆ MSV1_0_CRED_LM_PRESENT

#define MSV1_0_CRED_LM_PRESENT   0x1

Definition at line 805 of file ntifs.template.h.

◆ MSV1_0_CRED_NT_PRESENT

#define MSV1_0_CRED_NT_PRESENT   0x2

Definition at line 806 of file ntifs.template.h.

◆ MSV1_0_CRED_VERSION

#define MSV1_0_CRED_VERSION   0

Definition at line 807 of file ntifs.template.h.

◆ MSV1_0_DISABLE_PERSONAL_FALLBACK

#define MSV1_0_DISABLE_PERSONAL_FALLBACK   0x00001000

Definition at line 754 of file ntifs.template.h.

◆ MSV1_0_DONT_TRY_GUEST_ACCOUNT

#define MSV1_0_DONT_TRY_GUEST_ACCOUNT   0x10

Definition at line 745 of file ntifs.template.h.

◆ MSV1_0_LANMAN_SESSION_KEY_LENGTH

#define MSV1_0_LANMAN_SESSION_KEY_LENGTH   8

Definition at line 740 of file ntifs.template.h.

◆ MSV1_0_MAX_AVL_SIZE

#define MSV1_0_MAX_AVL_SIZE   64000

Definition at line 817 of file ntifs.template.h.

◆ MSV1_0_MAX_NTLM3_LIFE

#define MSV1_0_MAX_NTLM3_LIFE   129600

Definition at line 815 of file ntifs.template.h.

◆ MSV1_0_MNS_LOGON

#define MSV1_0_MNS_LOGON   0x01000000

Definition at line 772 of file ntifs.template.h.

◆ MSV1_0_NTLM3_INPUT_LENGTH

#define MSV1_0_NTLM3_INPUT_LENGTH   (sizeof(MSV1_0_NTLM3_RESPONSE) - MSV1_0_NTLM3_RESPONSE_LENGTH)

Definition at line 829 of file ntifs.template.h.

◆ MSV1_0_NTLM3_OWF_LENGTH

#define MSV1_0_NTLM3_OWF_LENGTH   16

Definition at line 810 of file ntifs.template.h.

◆ MSV1_0_NTLM3_RESPONSE_LENGTH

#define MSV1_0_NTLM3_RESPONSE_LENGTH   16

Definition at line 809 of file ntifs.template.h.

◆ MSV1_0_OWF_PASSWORD_LENGTH

#define MSV1_0_OWF_PASSWORD_LENGTH   16

Definition at line 804 of file ntifs.template.h.

◆ MSV1_0_PACKAGE_NAME

#define MSV1_0_PACKAGE_NAME   "MICROSOFT_AUTHENTICATION_PACKAGE_V1_0"

Definition at line 731 of file ntifs.template.h.

◆ MSV1_0_PACKAGE_NAMEW

#define MSV1_0_PACKAGE_NAMEW   L"MICROSOFT_AUTHENTICATION_PACKAGE_V1_0"

Definition at line 732 of file ntifs.template.h.

◆ MSV1_0_PACKAGE_NAMEW_LENGTH

#define MSV1_0_PACKAGE_NAMEW_LENGTH   sizeof(MSV1_0_PACKAGE_NAMEW) - sizeof(WCHAR)

Definition at line 733 of file ntifs.template.h.

◆ MSV1_0_RETURN_PASSWORD_EXPIRY

#define MSV1_0_RETURN_PASSWORD_EXPIRY   0x40

Definition at line 747 of file ntifs.template.h.

◆ MSV1_0_RETURN_PROFILE_PATH

#define MSV1_0_RETURN_PROFILE_PATH   0x200

Definition at line 750 of file ntifs.template.h.

◆ MSV1_0_RETURN_USER_PARAMETERS

#define MSV1_0_RETURN_USER_PARAMETERS   0x08

Definition at line 744 of file ntifs.template.h.

◆ MSV1_0_SUBAUTHENTICATION_DLL

#define MSV1_0_SUBAUTHENTICATION_DLL   0xFF000000

Definition at line 770 of file ntifs.template.h.

◆ MSV1_0_SUBAUTHENTICATION_DLL_EX

#define MSV1_0_SUBAUTHENTICATION_DLL_EX   0x00100000

Definition at line 762 of file ntifs.template.h.

◆ MSV1_0_SUBAUTHENTICATION_DLL_IIS

#define MSV1_0_SUBAUTHENTICATION_DLL_IIS   132

Definition at line 775 of file ntifs.template.h.

◆ MSV1_0_SUBAUTHENTICATION_DLL_RAS

#define MSV1_0_SUBAUTHENTICATION_DLL_RAS   2

Definition at line 774 of file ntifs.template.h.

◆ MSV1_0_SUBAUTHENTICATION_DLL_SHIFT

#define MSV1_0_SUBAUTHENTICATION_DLL_SHIFT   24

Definition at line 771 of file ntifs.template.h.

◆ MSV1_0_SUBAUTHENTICATION_FLAGS

#define MSV1_0_SUBAUTHENTICATION_FLAGS   0xFF000000

Definition at line 800 of file ntifs.template.h.

◆ MSV1_0_SUBAUTHENTICATION_KEY

#define MSV1_0_SUBAUTHENTICATION_KEY   "SYSTEM\\CurrentControlSet\\Control\\Lsa\\MSV1_0"

Definition at line 735 of file ntifs.template.h.

◆ MSV1_0_SUBAUTHENTICATION_VALUE

#define MSV1_0_SUBAUTHENTICATION_VALUE   "Auth"

Definition at line 736 of file ntifs.template.h.

◆ MSV1_0_TRY_GUEST_ACCOUNT_ONLY

#define MSV1_0_TRY_GUEST_ACCOUNT_ONLY   0x100

Definition at line 749 of file ntifs.template.h.

◆ MSV1_0_TRY_SPECIFIED_DOMAIN_ONLY

#define MSV1_0_TRY_SPECIFIED_DOMAIN_ONLY   0x400

Definition at line 751 of file ntifs.template.h.

◆ MSV1_0_UPDATE_LOGON_STATISTICS

#define MSV1_0_UPDATE_LOGON_STATISTICS   0x04

Definition at line 743 of file ntifs.template.h.

◆ MSV1_0_USE_CLIENT_CHALLENGE

#define MSV1_0_USE_CLIENT_CHALLENGE   0x80

Definition at line 748 of file ntifs.template.h.

◆ MSV1_0_USER_SESSION_KEY_LENGTH

#define MSV1_0_USER_SESSION_KEY_LENGTH   16

Definition at line 739 of file ntifs.template.h.

◆ NETWORK_OPEN_ECP_IN_FLAG_DISABLE_HANDLE_COLLAPSING

#define NETWORK_OPEN_ECP_IN_FLAG_DISABLE_HANDLE_COLLAPSING   0x1

Definition at line 1158 of file ntifs.template.h.

◆ NETWORK_OPEN_ECP_IN_FLAG_DISABLE_HANDLE_DURABILITY

#define NETWORK_OPEN_ECP_IN_FLAG_DISABLE_HANDLE_DURABILITY   0x2

Definition at line 1159 of file ntifs.template.h.

◆ NETWORK_OPEN_ECP_IN_FLAG_FORCE_BUFFERED_SYNCHRONOUS_IO_HACK

#define NETWORK_OPEN_ECP_IN_FLAG_FORCE_BUFFERED_SYNCHRONOUS_IO_HACK   0x80000000

Definition at line 1160 of file ntifs.template.h.

◆ NLS_OEM_LEAD_BYTE_INFO

#define NLS_OEM_LEAD_BYTE_INFO   (*NlsOemLeadByteInfo)

Definition at line 1137 of file ntifs.template.h.

◆ OB_TYPE_ADAPTER

#define OB_TYPE_ADAPTER   18

Definition at line 1350 of file ntifs.template.h.

◆ OB_TYPE_CONTROLLER

#define OB_TYPE_CONTROLLER   19

Definition at line 1351 of file ntifs.template.h.

◆ OB_TYPE_DESKTOP

#define OB_TYPE_DESKTOP   14

Definition at line 1346 of file ntifs.template.h.

◆ OB_TYPE_DEVICE

#define OB_TYPE_DEVICE   20

Definition at line 1352 of file ntifs.template.h.

◆ OB_TYPE_DIRECTORY

#define OB_TYPE_DIRECTORY   2

Definition at line 1334 of file ntifs.template.h.

◆ OB_TYPE_DRIVER

#define OB_TYPE_DRIVER   21

Definition at line 1353 of file ntifs.template.h.

◆ OB_TYPE_EVENT

#define OB_TYPE_EVENT   7

Definition at line 1339 of file ntifs.template.h.

◆ OB_TYPE_EVENT_PAIR

#define OB_TYPE_EVENT_PAIR   8

Definition at line 1340 of file ntifs.template.h.

◆ OB_TYPE_FILE

#define OB_TYPE_FILE   23

Definition at line 1355 of file ntifs.template.h.

◆ OB_TYPE_IO_COMPLETION

#define OB_TYPE_IO_COMPLETION   22

Definition at line 1354 of file ntifs.template.h.

◆ OB_TYPE_KEY

#define OB_TYPE_KEY   16

Definition at line 1348 of file ntifs.template.h.

◆ OB_TYPE_MUTANT

#define OB_TYPE_MUTANT   9

Definition at line 1341 of file ntifs.template.h.

◆ OB_TYPE_PORT

#define OB_TYPE_PORT   17

Definition at line 1349 of file ntifs.template.h.

◆ OB_TYPE_PROCESS

#define OB_TYPE_PROCESS   5

Definition at line 1337 of file ntifs.template.h.

◆ OB_TYPE_PROFILE

#define OB_TYPE_PROFILE   12

Definition at line 1344 of file ntifs.template.h.

◆ OB_TYPE_SECTION

#define OB_TYPE_SECTION   15

Definition at line 1347 of file ntifs.template.h.

◆ OB_TYPE_SEMAPHORE

#define OB_TYPE_SEMAPHORE   10

Definition at line 1342 of file ntifs.template.h.

◆ OB_TYPE_SYMBOLIC_LINK

#define OB_TYPE_SYMBOLIC_LINK   3

Definition at line 1335 of file ntifs.template.h.

◆ OB_TYPE_THREAD

#define OB_TYPE_THREAD   6

Definition at line 1338 of file ntifs.template.h.

◆ OB_TYPE_TIMER

#define OB_TYPE_TIMER   11

Definition at line 1343 of file ntifs.template.h.

◆ OB_TYPE_TOKEN

#define OB_TYPE_TOKEN   4

Definition at line 1336 of file ntifs.template.h.

◆ OB_TYPE_TYPE

#define OB_TYPE_TYPE   1

Definition at line 1333 of file ntifs.template.h.

◆ OB_TYPE_WINDOW_STATION

#define OB_TYPE_WINDOW_STATION   13

Definition at line 1345 of file ntifs.template.h.

◆ PIN_CALLER_TRACKS_DIRTY_DATA

#define PIN_CALLER_TRACKS_DIRTY_DATA   (32)

Definition at line 1252 of file ntifs.template.h.

◆ PIN_EXCLUSIVE

#define PIN_EXCLUSIVE   (2)

Definition at line 1249 of file ntifs.template.h.

◆ PIN_HIGH_PRIORITY

#define PIN_HIGH_PRIORITY   (64)

Definition at line 1253 of file ntifs.template.h.

◆ PIN_IF_BCB

#define PIN_IF_BCB   (8)

Definition at line 1251 of file ntifs.template.h.

◆ PIN_NO_READ

#define PIN_NO_READ   (4)

Definition at line 1250 of file ntifs.template.h.

◆ PIN_WAIT

#define PIN_WAIT   (1)

Definition at line 1248 of file ntifs.template.h.

◆ PsDereferenceImpersonationToken

#define PsDereferenceImpersonationToken (   T)
Value:
{if (ARGUMENT_PRESENT(T)) { \
} else { \
; \
} \
}
#define T
Definition: mbstring.h:31
#define ARGUMENT_PRESENT(ArgumentPointer)
#define ObDereferenceObject
Definition: obfuncs.h:203

Definition at line 1759 of file ntifs.template.h.

◆ RETURN_NON_NT_USER_SESSION_KEY

#define RETURN_NON_NT_USER_SESSION_KEY   0x08

Definition at line 838 of file ntifs.template.h.

◆ RETURN_PRIMARY_LOGON_DOMAINNAME

#define RETURN_PRIMARY_LOGON_DOMAINNAME   0x04

Definition at line 837 of file ntifs.template.h.

◆ RETURN_PRIMARY_USERNAME

#define RETURN_PRIMARY_USERNAME   0x02

Definition at line 836 of file ntifs.template.h.

◆ RETURN_RESERVED_PARAMETER

#define RETURN_RESERVED_PARAMETER   0x80

Definition at line 842 of file ntifs.template.h.

◆ SEC_BASED

#define SEC_BASED   0x00200000

Definition at line 1357 of file ntifs.template.h.

◆ SeEnableAccessToExports

#define SeEnableAccessToExports ( )    SeExports = *(PSE_EXPORTS *)SeExports;

Definition at line 1786 of file ntifs.template.h.

◆ SetFlag

#define SetFlag (   _F,
  _SF 
)    ((_F) |= (_SF))

◆ SYSTEM_PAGE_PRIORITY_BITS

#define SYSTEM_PAGE_PRIORITY_BITS   3

Definition at line 1082 of file ntifs.template.h.

◆ SYSTEM_PAGE_PRIORITY_LEVELS

#define SYSTEM_PAGE_PRIORITY_LEVELS   (1 << SYSTEM_PAGE_PRIORITY_BITS)

Definition at line 1083 of file ntifs.template.h.

◆ USE_PRIMARY_PASSWORD

#define USE_PRIMARY_PASSWORD   0x01

Definition at line 835 of file ntifs.template.h.

◆ VER_PRODUCTBUILD

#define VER_PRODUCTBUILD   10000

Definition at line 1286 of file ntifs.template.h.

◆ VOLSNAPCONTROLTYPE

#define VOLSNAPCONTROLTYPE   0x00000053

Definition at line 1281 of file ntifs.template.h.

Typedef Documentation

◆ FILE_COPY_ON_WRITE_INFORMATION

◆ FILE_EXCLUSIVE_LOCK_ENTRY

◆ FILE_FULL_DIRECTORY_INFORMATION

◆ FILE_MAILSLOT_PEEK_BUFFER

◆ FILE_OLE_ALL_INFORMATION

◆ FILE_OLE_CLASSID_INFORMATION

◆ FILE_OLE_DIR_INFORMATION

◆ FILE_OLE_INFORMATION

◆ FILE_OLE_STATE_BITS_INFORMATION

◆ FILE_SHARED_LOCK_ENTRY

◆ FILE_STORAGE_TYPE

◆ GET_RETRIEVAL_DESCRIPTOR

◆ LSA_OBJECT_ATTRIBUTES

Definition at line 66 of file ntifs.template.h.

◆ LSA_OPERATIONAL_MODE

Definition at line 661 of file ntifs.template.h.

◆ LSA_STRING

typedef STRING LSA_STRING

Definition at line 65 of file ntifs.template.h.

◆ MAPPING_PAIR

◆ MOVEFILE_DESCRIPTOR

◆ MSV1_0_AV_PAIR

◆ MSV1_0_AVID

◆ MSV1_0_ENUMUSERS_REQUEST

◆ MSV1_0_ENUMUSERS_RESPONSE

◆ MSV1_0_GETCHALLENRESP_REQUEST

◆ MSV1_0_GETCHALLENRESP_REQUEST_V1

◆ MSV1_0_GETCHALLENRESP_RESPONSE

◆ MSV1_0_GETUSERINFO_REQUEST

◆ MSV1_0_GETUSERINFO_RESPONSE

◆ MSV1_0_INTERACTIVE_LOGON

◆ MSV1_0_INTERACTIVE_PROFILE

◆ MSV1_0_LM20_CHALLENGE_REQUEST

◆ MSV1_0_LM20_CHALLENGE_RESPONSE

◆ MSV1_0_LM20_LOGON

◆ MSV1_0_LM20_LOGON_PROFILE

◆ MSV1_0_LOGON_SUBMIT_TYPE

◆ MSV1_0_NTLM3_RESPONSE

◆ MSV1_0_PROFILE_BUFFER_TYPE

◆ MSV1_0_PROTOCOL_MESSAGE_TYPE

◆ MSV1_0_SUBAUTH_LOGON

◆ MSV1_0_SUPPLEMENTAL_CREDENTIAL

◆ NETWORK_OPEN_ECP_CONTEXT

◆ NETWORK_OPEN_ECP_CONTEXT_V0

◆ NETWORK_OPEN_INTEGRITY_QUALIFIER

◆ NETWORK_OPEN_LOCATION_QUALIFIER

◆ NFS_OPEN_ECP_CONTEXT

◆ OBJECT_ALL_TYPES_INFO

◆ OBJECT_BASIC_INFO

◆ OBJECT_BASIC_INFORMATION

◆ OBJECT_HANDLE_ATTRIBUTE_INFO

◆ OBJECT_NAME_INFO

◆ OBJECT_PROTECTION_INFO

◆ OBJECT_TYPE_INFO

◆ PFILE_COPY_ON_WRITE_INFORMATION

◆ PFILE_EXCLUSIVE_LOCK_ENTRY

◆ PFILE_FULL_DIRECTORY_INFORMATION

◆ PFILE_MAILSLOT_PEEK_BUFFER

◆ PFILE_OLE_ALL_INFORMATION

◆ PFILE_OLE_CLASSID_INFORMATION

◆ PFILE_OLE_DIR_INFORMATION

◆ PFILE_OLE_INFORMATION

◆ PFILE_OLE_STATE_BITS_INFORMATION

◆ PFILE_SHARED_LOCK_ENTRY

◆ PGET_RETRIEVAL_DESCRIPTOR

◆ PLSA_OBJECT_ATTRIBUTES

Definition at line 66 of file ntifs.template.h.

◆ PLSA_OPERATIONAL_MODE

Definition at line 661 of file ntifs.template.h.

◆ PLSA_STRING

typedef STRING * PLSA_STRING

Definition at line 65 of file ntifs.template.h.

◆ PMAPPING_PAIR

◆ PMOVEFILE_DESCRIPTOR

◆ PMSV1_0_AV_PAIR

◆ PMSV1_0_ENUMUSERS_REQUEST

◆ PMSV1_0_ENUMUSERS_RESPONSE

◆ PMSV1_0_GETCHALLENRESP_REQUEST

◆ PMSV1_0_GETCHALLENRESP_REQUEST_V1

◆ PMSV1_0_GETCHALLENRESP_RESPONSE

◆ PMSV1_0_GETUSERINFO_REQUEST

◆ PMSV1_0_GETUSERINFO_RESPONSE

◆ PMSV1_0_INTERACTIVE_LOGON

◆ PMSV1_0_INTERACTIVE_PROFILE

◆ PMSV1_0_LM20_CHALLENGE_REQUEST

◆ PMSV1_0_LM20_CHALLENGE_RESPONSE

◆ PMSV1_0_LM20_LOGON

◆ PMSV1_0_LM20_LOGON_PROFILE

◆ PMSV1_0_LOGON_SUBMIT_TYPE

◆ PMSV1_0_NTLM3_RESPONSE

◆ PMSV1_0_PROFILE_BUFFER_TYPE

◆ PMSV1_0_PROTOCOL_MESSAGE_TYPE

◆ PMSV1_0_SUBAUTH_LOGON

◆ PMSV1_0_SUPPLEMENTAL_CREDENTIAL

◆ PNETWORK_OPEN_ECP_CONTEXT

◆ PNETWORK_OPEN_ECP_CONTEXT_V0

◆ PNFS_OPEN_ECP_CONTEXT

◆ POBJECT_ALL_TYPES_INFO

◆ POBJECT_BASIC_INFO

◆ POBJECT_BASIC_INFORMATION

◆ POBJECT_HANDLE_ATTRIBUTE_INFO

◆ POBJECT_NAME_INFO

◆ POBJECT_PROTECTION_INFO

◆ POBJECT_TYPE_INFO

◆ PORT_MESSAGE

◆ PORT_VIEW

◆ PPNFS_OPEN_ECP_CONTEXT

◆ PPORT_MESSAGE

◆ PPORT_VIEW

◆ PPREFETCH_OPEN_ECP_CONTEXT

◆ PPUBLIC_OBJECT_TYPE_INFORMATION

◆ PQUERY_PATH_REQUEST

◆ PQUERY_PATH_REQUEST_EX

◆ PQUERY_PATH_RESPONSE

◆ PREFETCH_OPEN_ECP_CONTEXT

◆ PREMOTE_PORT_VIEW

◆ PSECURITY_LOGON_TYPE

◆ PSOCKADDR_STORAGE_NFS

Definition at line 1231 of file ntifs.template.h.

◆ PSRV_OPEN_ECP_CONTEXT

◆ PUBLIC_OBJECT_TYPE_INFORMATION

◆ PVAD_HEADER

◆ QUERY_PATH_REQUEST

◆ QUERY_PATH_REQUEST_EX

◆ QUERY_PATH_RESPONSE

◆ REMOTE_PORT_VIEW

◆ SECURITY_LOGON_TYPE

◆ SRV_OPEN_ECP_CONTEXT

◆ VAD_HEADER

Enumeration Type Documentation

◆ _FILE_STORAGE_TYPE

Enumerator
StorageTypeDefault 
StorageTypeDirectory 
StorageTypeFile 
StorageTypeJunctionPoint 
StorageTypeCatalog 
StorageTypeStructuredStorage 
StorageTypeEmbedding 
StorageTypeStream 

Definition at line 1387 of file ntifs.template.h.

1387 {
enum _FILE_STORAGE_TYPE FILE_STORAGE_TYPE
@ StorageTypeStructuredStorage
@ StorageTypeEmbedding
@ StorageTypeDefault
@ StorageTypeFile
@ StorageTypeCatalog
@ StorageTypeStream
@ StorageTypeDirectory
@ StorageTypeJunctionPoint

◆ _MSV1_0_AVID

Enumerator
MsvAvEOL 
MsvAvNbComputerName 
MsvAvNbDomainName 
MsvAvDnsComputerName 
MsvAvDnsDomainName 

Definition at line 959 of file ntifs.template.h.

959 {
960 MsvAvEOL,
965#if (_WIN32_WINNT >= 0x0501)
966 MsvAvDnsTreeName,
967 MsvAvFlags,
968#if (_WIN32_WINNT >= 0x0600)
969 MsvAvTimestamp,
970 MsvAvRestrictions,
971 MsvAvTargetName,
972 MsvAvChannelBindings,
973#endif
974#endif
enum _MSV1_0_AVID MSV1_0_AVID
@ MsvAvNbDomainName
@ MsvAvNbComputerName
@ MsvAvDnsComputerName
@ MsvAvEOL
@ MsvAvDnsDomainName

◆ _MSV1_0_LOGON_SUBMIT_TYPE

Enumerator
MsV1_0InteractiveLogon 
MsV1_0Lm20Logon 
MsV1_0NetworkLogon 
MsV1_0SubAuthLogon 
MsV1_0WorkstationUnlockLogon 
MsV1_0InteractiveLogon 
MsV1_0Lm20Logon 
MsV1_0NetworkLogon 
MsV1_0SubAuthLogon 
MsV1_0WorkstationUnlockLogon 
MsV1_0S4ULogon 
MsV1_0VirtualLogon 

Definition at line 850 of file ntifs.template.h.

850 {
856 MsV1_0S4ULogon = 12,
enum _MSV1_0_LOGON_SUBMIT_TYPE * PMSV1_0_LOGON_SUBMIT_TYPE
enum _MSV1_0_LOGON_SUBMIT_TYPE MSV1_0_LOGON_SUBMIT_TYPE
@ MsV1_0VirtualLogon
@ MsV1_0NetworkLogon
@ MsV1_0WorkstationUnlockLogon
@ MsV1_0SubAuthLogon
@ MsV1_0S4ULogon
@ MsV1_0Lm20Logon
@ MsV1_0InteractiveLogon

◆ _MSV1_0_PROFILE_BUFFER_TYPE

Enumerator
MsV1_0InteractiveProfile 
MsV1_0Lm20LogonProfile 
MsV1_0SmartCardProfile 
MsV1_0InteractiveProfile 
MsV1_0Lm20LogonProfile 
MsV1_0SmartCardProfile 

Definition at line 860 of file ntifs.template.h.

860 {
enum _MSV1_0_PROFILE_BUFFER_TYPE * PMSV1_0_PROFILE_BUFFER_TYPE
@ MsV1_0InteractiveProfile
@ MsV1_0SmartCardProfile
@ MsV1_0Lm20LogonProfile
enum _MSV1_0_PROFILE_BUFFER_TYPE MSV1_0_PROFILE_BUFFER_TYPE

◆ _MSV1_0_PROTOCOL_MESSAGE_TYPE

Enumerator
MsV1_0Lm20ChallengeRequest 
MsV1_0Lm20GetChallengeResponse 
MsV1_0EnumerateUsers 
MsV1_0GetUserInfo 
MsV1_0ReLogonUsers 
MsV1_0ChangePassword 
MsV1_0ChangeCachedPassword 
MsV1_0GenericPassthrough 
MsV1_0CacheLogon 
MsV1_0SubAuth 
MsV1_0DeriveCredential 
MsV1_0CacheLookup 
MsV1_0SetProcessOption 
MsV1_0Lm20ChallengeRequest 
MsV1_0Lm20GetChallengeResponse 
MsV1_0EnumerateUsers 
MsV1_0GetUserInfo 
MsV1_0ReLogonUsers 
MsV1_0ChangePassword 
MsV1_0ChangeCachedPassword 
MsV1_0GenericPassthrough 
MsV1_0CacheLogon 
MsV1_0SubAuth 
MsV1_0DeriveCredential 
MsV1_0CacheLookup 

Definition at line 982 of file ntifs.template.h.

982 {
995#if (_WIN32_WINNT >= 0x0501)
997#endif
998#if (_WIN32_WINNT >= 0x0600)
999 MsV1_0ConfigLocalAliases,
1000 MsV1_0ClearCachedCredentials,
1001#endif
@ MsV1_0ChangeCachedPassword
@ MsV1_0GenericPassthrough
@ MsV1_0Lm20GetChallengeResponse
@ MsV1_0CacheLookup
@ MsV1_0DeriveCredential
@ MsV1_0ReLogonUsers
@ MsV1_0ChangePassword
@ MsV1_0Lm20ChallengeRequest
@ MsV1_0EnumerateUsers
@ MsV1_0CacheLogon
@ MsV1_0GetUserInfo
@ MsV1_0SubAuth
enum _MSV1_0_PROTOCOL_MESSAGE_TYPE * PMSV1_0_PROTOCOL_MESSAGE_TYPE
enum _MSV1_0_PROTOCOL_MESSAGE_TYPE MSV1_0_PROTOCOL_MESSAGE_TYPE
@ MsV1_0SetProcessOption
Definition: ntsecapi.h:231

◆ _NETWORK_OPEN_INTEGRITY_QUALIFIER

Enumerator
NetworkOpenIntegrityAny 
NetworkOpenIntegrityNone 
NetworkOpenIntegritySigned 
NetworkOpenIntegrityEncrypted 
NetworkOpenIntegrityMaximum 

Definition at line 1148 of file ntifs.template.h.

1148 {
enum _NETWORK_OPEN_INTEGRITY_QUALIFIER NETWORK_OPEN_INTEGRITY_QUALIFIER
@ NetworkOpenIntegrityNone
@ NetworkOpenIntegrityEncrypted
@ NetworkOpenIntegrityMaximum
@ NetworkOpenIntegritySigned
@ NetworkOpenIntegrityAny

◆ _NETWORK_OPEN_LOCATION_QUALIFIER

Enumerator
NetworkOpenLocationAny 
NetworkOpenLocationRemote 
NetworkOpenLocationLoopback 

Definition at line 1142 of file ntifs.template.h.

1142 {
enum _NETWORK_OPEN_LOCATION_QUALIFIER NETWORK_OPEN_LOCATION_QUALIFIER
@ NetworkOpenLocationLoopback
@ NetworkOpenLocationAny
@ NetworkOpenLocationRemote

◆ _SECURITY_LOGON_TYPE

Enumerator
Interactive 
Network 
Batch 
Service 
Proxy 
Unlock 
UndefinedLogonType 
Interactive 
Network 
Batch 
Service 
Proxy 
Unlock 
NetworkCleartext 
NewCredentials 

Definition at line 663 of file ntifs.template.h.

663 {
665 Interactive = 2,
666 Network,
667 Batch,
668 Service,
669 Proxy,
670 Unlock,
673#if (_WIN32_WINNT >= 0x0501)
674 RemoteInteractive,
675 CachedInteractive,
676#endif
677#if (_WIN32_WINNT >= 0x0502)
678 CachedRemoteInteractive,
679 CachedUnlock
680#endif
enum _SECURITY_LOGON_TYPE * PSECURITY_LOGON_TYPE
@ UndefinedLogonType
@ Unlock
@ Interactive
@ Proxy
@ Network
@ NetworkCleartext
@ Service
@ NewCredentials
@ Batch
enum _SECURITY_LOGON_TYPE SECURITY_LOGON_TYPE

Function Documentation

◆ $define()

$define ( UCHAR  = UCHAR)

◆ $include() [1/3]

$include ( iotypes.  h)

Definition at line 1067 of file ntifs.template.h.

1069 {
1072 ULONG HandleCount;
1073 ULONG PointerCount;
1074 ULONG Reserved[10];
ULONG ACCESS_MASK
Definition: nt_native.h:40
PUBLIC_OBJECT_BASIC_INFORMATION
* PPUBLIC_OBJECT_BASIC_INFORMATION
uint32_t ULONG
Definition: typedefs.h:59
_Must_inspect_result_ _In_ WDFDMAENABLER _In_ _In_opt_ PWDF_OBJECT_ATTRIBUTES Attributes
_Reserved_ PVOID Reserved
Definition: winddi.h:3974
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK GrantedAccess
Definition: sefuncs.h:20

◆ $include() [2/3]

$include ( ketypes.  h)

◆ $include() [3/3]

$include ( setypes.  h)

Referenced by $if().

◆ _In_reads_bytes_()

◆ _IRQL_requires_max_()

_IRQL_requires_max_ ( PASSIVE_LEVEL  )

Queries information details about a security descriptor.

Computes the quota size of a security descriptor.

Assigns a security descriptor for a new object.

An extended function that assigns a security descriptor for a new object.

Frees a security descriptor.

An extended function that sets new information data to a security descriptor.

Modifies some information data about a security descriptor.

Parameters
[in]SecurityInformationSecurity information details to be queried from a security descriptor.
[out]SecurityDescriptorThe returned security descriptor with security information data.
[in,out]LengthThe returned length of a security descriptor.
[in,out]ObjectsSecurityDescriptorThe returned object security descriptor.
Returns
Returns STATUS_SUCCESS if the operations have been completed successfully and that the specific information about the security descriptor has been queried. STATUS_BUFFER_TOO_SMALL is returned if the buffer size is too small to contain the queried info about the security descriptor.
Parameters
[in]ObjectIf specified, the function will use this arbitrary object that points to an object security descriptor.
[in]SecurityInformationSecurity information details to be set.
[in]SecurityDescriptorA security descriptor where its info is to be changed.
[in,out]ObjectsSecurityDescriptorThe returned pointer to security descriptor objects.
[in]PoolTypePool type for the new security descriptor to allocate.
[in]GenericMappingThe generic mapping of access rights masks.
Returns
See SeSetSecurityDescriptorInfoEx.
Parameters
[in]ObjectIf specified, the function will use this arbitrary object that points to an object security descriptor.
[in]SecurityInformationSecurity information details to be set.
[in]SecurityDescriptorA security descriptor where its info is to be changed.
[in,out]ObjectsSecurityDescriptorThe returned pointer to security descriptor objects.
[in]AutoInheritFlagsFlags bitmask inheritation, influencing how the security descriptor can be inherited and if it can be in the first place.
[in]PoolTypePool type for the new security descriptor to allocate.
[in]GenericMappingThe generic mapping of access rights masks.
Returns
Returns STATUS_SUCCESS if the operations have been completed without problems and that new info has been set to the security descriptor. STATUS_NO_SECURITY_ON_OBJECT is returned if the object does not have a security descriptor. STATUS_INSUFFICIENT_RESOURCES is returned if memory pool allocation for the new security descriptor with new info set has failed.
Parameters
[in]SecurityDescriptorA security descriptor to be freed from memory.
Returns
Returns STATUS_SUCCESS.
Parameters
[in]_ParentDescriptorA security descriptor of the parent object that is being created.
[in]_ExplicitDescriptorAn explicit security descriptor that is applied to a new object.
[out]NewDescriptorThe new allocated security descriptor.
[in]ObjectTypeThe type of the new object.
[in]IsDirectoryObjectSet this to TRUE if the newly created object is a directory object, otherwise set this to FALSE.
[in]AutoInheritFlagsAutomatic inheritance flags that influence how access control entries within ACLs from security descriptors are inherited.
[in]SubjectContextSecurity subject context of the new object.
[in]GenericMappingGeneric mapping of access mask rights.
[in]PoolTypeThis parameter is unused.
Returns
Returns STATUS_SUCCESS if the operations have been completed successfully and that the security descriptor has been assigned to the new object. STATUS_NO_TOKEN is returned if the caller hasn't supplied a valid argument to a security subject context. STATUS_INVALID_OWNER is returned if the caller hasn't supplied a parent descriptor that belongs to the main user (owner). STATUS_INVALID_PRIMARY_GROUP is returned by the same reason as with the previous NTSTATUS code. The two NTSTATUS codes are returned if the calling thread stated that the owner and/or group is defaulted to the parent descriptor (SEF_DEFAULT_OWNER_FROM_PARENT and/or SEF_DEFAULT_GROUP_FROM_PARENT respectively). STATUS_INSUFFICIENT_RESOURCES is returned if memory pool allocation for the descriptor buffer has failed. A failure NTSTATUS is returned otherwise.
Parameters
[in]ParentDescriptorA security descriptor of the parent object that is being created.
[in]ExplicitDescriptorAn explicit security descriptor that is applied to a new object.
[out]NewDescriptorThe new allocated security descriptor.
[in]IsDirectoryObjectSet this to TRUE if the newly created object is a directory object, otherwise set this to FALSE.
[in]SubjectContextSecurity subject context of the new object.
[in]GenericMappingGeneric mapping of access mask rights.
[in]PoolTypeThis parameter is unused.
Returns
See SeAssignSecurityEx.
Parameters
[in]SecurityDescriptorA security descriptor.
[out]QuotaInfoSizeThe returned quota size of the given security descriptor to the caller. The function may return 0 to this parameter if the descriptor doesn't have a group or a discretionary access control list (DACL) even.
Returns
Returns STATUS_SUCCESS if the quota size of a security descriptor has been computed successfully. STATUS_UNKNOWN_REVISION is returned if the security descriptor has an invalid revision.

Definition at line 923 of file Messaging.c.

75{
76 PFLT_SERVER_PORT_OBJECT PortObject;
78
79 /* The caller must allow at least one connection */
80 if (MaxConnections == 0)
81 {
83 }
84
85 /* The request must be for a kernel handle */
86 if (!(ObjectAttributes->Attributes & OBJ_KERNEL_HANDLE))
87 {
89 }
90
91 /*
92 * Get rundown protection on the target to stop the owner
93 * from unloading whilst this port object is open. It gets
94 * removed in the FltpServerPortClose callback
95 */
97 if (!NT_SUCCESS(Status))
98 {
99 return Status;
100 }
101
102 /* Create the server port object for this filter */
107 NULL,
109 0,
110 0,
111 (PVOID *)&PortObject);
112 if (NT_SUCCESS(Status))
113 {
114 /* Zero out the struct */
115 RtlZeroMemory(PortObject, sizeof(FLT_SERVER_PORT_OBJECT));
116
117 /* Increment the ref count on the target filter */
119
120 /* Setup the filter port object */
121 PortObject->Filter = Filter;
125 PortObject->Cookie = ServerPortCookie;
126 PortObject->MaxConnections = MaxConnections;
127
128 /* Insert the object */
129 Status = ObInsertObject(PortObject,
130 NULL,
132 0,
133 NULL,
135 if (NT_SUCCESS(Status))
136 {
137 /* Lock the connection list */
139
140 /* Add the new port object to the connection list and increment the count */
143
144 /* Unlock the connection list*/
146 }
147 }
148
149 if (!NT_SUCCESS(Status))
150 {
151 /* Allow the filter to be cleaned up */
153 }
154
155 return Status;
156}
static const INTERNET_PORT ServerPort
Definition: CWebService.cpp:11
POBJECT_TYPE ServerPortObjectType
Definition: Messaging.c:24
VOID FLTAPI FltObjectDereference(_Inout_ PVOID Object)
Definition: Object.c:53
NTSTATUS FLTAPI FltObjectReference(_Inout_ PVOID Object)
Definition: Object.c:41
LONG NTSTATUS
Definition: precomp.h:26
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:36
#define NULL
Definition: types.h:112
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
#define InsertTailList(ListHead, Entry)
_Must_inspect_result_ _In_opt_ PFLT_FILTER Filter
Definition: fltkernel.h:1801
_Must_inspect_result_ _Outptr_ PFLT_PORT _In_ POBJECT_ATTRIBUTES _In_opt_ PVOID _In_ PFLT_CONNECT_NOTIFY _In_ PFLT_DISCONNECT_NOTIFY _In_opt_ PFLT_MESSAGE_NOTIFY MessageNotifyCallback
Definition: fltkernel.h:1877
_Must_inspect_result_ _Outptr_ PFLT_PORT _In_ POBJECT_ATTRIBUTES _In_opt_ PVOID _In_ PFLT_CONNECT_NOTIFY ConnectNotifyCallback
Definition: fltkernel.h:1875
_Must_inspect_result_ _Outptr_ PFLT_PORT _In_ POBJECT_ATTRIBUTES _In_opt_ PVOID ServerPortCookie
Definition: fltkernel.h:1874
_Must_inspect_result_ _Outptr_ PFLT_PORT _In_ POBJECT_ATTRIBUTES _In_opt_ PVOID _In_ PFLT_CONNECT_NOTIFY _In_ PFLT_DISCONNECT_NOTIFY DisconnectNotifyCallback
Definition: fltkernel.h:1876
ULONG FltpObjectPointerReference(_In_ PFLT_OBJECT Object)
Definition: Object.c:322
Status
Definition: gdiplustypes.h:25
VOID FASTCALL ExAcquireFastMutex(IN PFAST_MUTEX FastMutex)
Definition: fmutex.c:23
VOID FASTCALL ExReleaseFastMutex(IN PFAST_MUTEX FastMutex)
Definition: fmutex.c:31
#define OBJ_KERNEL_HANDLE
Definition: winternl.h:231
static LONG MaxConnections
#define KernelMode
Definition: asm.h:34
#define FILE_READ_DATA
Definition: nt_native.h:628
#define STANDARD_RIGHTS_ALL
Definition: nt_native.h:69
PVOID *typedef PHANDLE
Definition: ntsecpkg.h:455
NTSTATUS NTAPI ObInsertObject(IN PVOID Object, IN PACCESS_STATE AccessState OPTIONAL, IN ACCESS_MASK DesiredAccess, IN ULONG ObjectPointerBias, OUT PVOID *NewObject OPTIONAL, OUT PHANDLE Handle)
Definition: obhandle.c:2935
NTSTATUS NTAPI ObCreateObject(IN KPROCESSOR_MODE ProbeMode OPTIONAL, IN POBJECT_TYPE Type, IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN KPROCESSOR_MODE AccessMode, IN OUT PVOID ParseContext OPTIONAL, IN ULONG ObjectSize, IN ULONG PagedPoolCharge OPTIONAL, IN ULONG NonPagedPoolCharge OPTIONAL, OUT PVOID *Object)
Definition: oblife.c:1039
FLT_MUTEX_LIST_HEAD ConnectionList
Definition: fltmgrint.h:121
LIST_ENTRY mList
Definition: fltmgrint.h:56
FAST_MUTEX mLock
Definition: fltmgrint.h:55
PFLT_DISCONNECT_NOTIFY DisconnectNotify
Definition: fltmgrint.h:192
PFLT_MESSAGE_NOTIFY MessageNotify
Definition: fltmgrint.h:193
PFLT_CONNECT_NOTIFY ConnectNotify
Definition: fltmgrint.h:191
#define RtlZeroMemory(Destination, Length)
Definition: typedefs.h:262
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135

◆ _Out_writes_bytes_opt_() [1/2]

_In_ SECURITY_INFORMATION _Out_writes_bytes_opt_ ( Length  )

◆ _Out_writes_bytes_opt_() [2/2]

◆ _Out_writes_bytes_to_opt_()

_In_ TOKEN_INFORMATION_CLASS _Out_writes_bytes_to_opt_ ( TokenInformationLength  ,
ReturnLength 
)

◆ _When_()

◆ C_ASSERT() [1/2]

C_ASSERT ( FIELD_OFFSET(ERESOURCE, ActiveCount)  = =0x0c)

◆ C_ASSERT() [2/2]

C_ASSERT ( FIELD_OFFSET(ERESOURCE, Flag = =0x0e)

◆ CcGetLsnForFileObject()

NTKERNELAPI LARGE_INTEGER NTAPI CcGetLsnForFileObject ( _In_ PFILE_OBJECT  FileObject,
_Out_opt_ PLARGE_INTEGER  OldestLsn 
)

◆ DEFINE_GUID() [1/4]

DEFINE_GUID ( GUID_ECP_NETWORK_OPEN_CONTEXT  ,
0xc584edbf  ,
0x00df  ,
0x4d28  ,
0xb8  ,
0x84  ,
0x35  ,
0xba  ,
0xca  ,
0x89  ,
0x11  ,
0xe8   
)

◆ DEFINE_GUID() [2/4]

DEFINE_GUID ( GUID_ECP_NFS_OPEN  ,
0xf326d30c  ,
0xe5f8  ,
0x4fe7  ,
0xab  ,
0x74  ,
0xf5  ,
0xa3  ,
0x19  ,
0x6d  ,
0x92  ,
0xdb   
)

◆ DEFINE_GUID() [3/4]

DEFINE_GUID ( GUID_ECP_PREFETCH_OPEN  ,
0xe1777b21  ,
0x847e  ,
0x4837  ,
0xaa  ,
0x45  ,
0x64  ,
0x16  ,
0x1d  ,
0x28  ,
0x6  ,
0x55   
)

◆ DEFINE_GUID() [4/4]

DEFINE_GUID ( GUID_ECP_SRV_OPEN  ,
0xbebfaebc  ,
0xaabf  ,
0x489d  ,
0x9d  ,
0x2c  ,
0xe9  ,
0xe3  ,
0x61  ,
0x10  ,
0x28  ,
0x53   
)

◆ FsRtlAllocatePool()

NTKERNELAPI PVOID NTAPI FsRtlAllocatePool ( _In_ POOL_TYPE  PoolType,
_In_ ULONG  NumberOfBytes 
)

◆ FsRtlAllocatePoolWithQuota()

NTKERNELAPI PVOID NTAPI FsRtlAllocatePoolWithQuota ( _In_ POOL_TYPE  PoolType,
_In_ ULONG  NumberOfBytes 
)

◆ FsRtlAllocatePoolWithQuotaTag()

NTKERNELAPI PVOID NTAPI FsRtlAllocatePoolWithQuotaTag ( _In_ POOL_TYPE  PoolType,
_In_ ULONG  NumberOfBytes,
_In_ ULONG  Tag 
)

◆ FsRtlAllocatePoolWithTag()

NTKERNELAPI PVOID NTAPI FsRtlAllocatePoolWithTag ( _In_ POOL_TYPE  PoolType,
_In_ ULONG  NumberOfBytes,
_In_ ULONG  Tag 
)

◆ FsRtlMdlReadComplete()

NTKERNELAPI BOOLEAN NTAPI FsRtlMdlReadComplete ( _In_ PFILE_OBJECT  FileObject,
_In_ PMDL  MdlChain 
)

◆ FsRtlMdlWriteComplete()

NTKERNELAPI BOOLEAN NTAPI FsRtlMdlWriteComplete ( _In_ PFILE_OBJECT  FileObject,
_In_ PLARGE_INTEGER  FileOffset,
_In_ PMDL  MdlChain 
)

◆ FsRtlNotifyChangeDirectory()

NTKERNELAPI VOID NTAPI FsRtlNotifyChangeDirectory ( _In_ PNOTIFY_SYNC  NotifySync,
_In_ PVOID  FsContext,
_In_ PSTRING  FullDirectoryName,
_In_ PLIST_ENTRY  NotifyList,
_In_ BOOLEAN  WatchTree,
_In_ ULONG  CompletionFilter,
_In_ PIRP  NotifyIrp 
)

◆ LsaFreeReturnBuffer()

_IRQL_requires_same_ NTSTATUS NTAPI LsaFreeReturnBuffer ( _In_ PVOID  Buffer)

◆ NtAccessCheckAndAuditAlarm()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAccessCheckAndAuditAlarm ( _In_ PUNICODE_STRING  SubsystemName,
_In_opt_ PVOID  HandleId,
_In_ PUNICODE_STRING  ObjectTypeName,
_In_ PUNICODE_STRING  ObjectName,
_In_ PSECURITY_DESCRIPTOR  SecurityDescriptor,
_In_ ACCESS_MASK  DesiredAccess,
_In_ PGENERIC_MAPPING  GenericMapping,
_In_ BOOLEAN  ObjectCreation,
_Out_ PACCESS_MASK  GrantedAccess,
_Out_ PNTSTATUS  AccessStatus,
_Out_ PBOOLEAN  GenerateOnClose 
)

Raises an alarm audit message when a caller attempts to access an object and determine if the access can be made.

Parameters
[in]SubsystemNameA Unicode string that points to a name of the subsystem.
[in]HandleIdA handle to an ID that is used as identification instance for auditing.
[in]ObjectTypeNameThe name of the object type.
[in]ObjectNameThe object name.
[in]SecurityDescriptorA security descriptor.
[in]DesiredAccessThe desired access rights masks requested by the caller.
[in]GenericMappingThe generic mapping of access mask rights.
[in]ObjectCreationSet this to TRUE if the object has just been created.
[out]GrantedAccessReturns the granted access rights.
[out]AccessStatusReturns a NTSTATUS status code indicating whether access check can be granted or not.
[out]GenerateOnCloseReturns TRUE if the function has generated a list of granted access rights and status codes on termination, FALSE otherwise.
Returns
See SepAccessCheckAndAuditAlarm.

Definition at line 2125 of file audit.c.

2137{
2138 /* Call the internal function */
2139 return SepAccessCheckAndAuditAlarm(SubsystemName,
2140 HandleId,
2141 NULL,
2143 ObjectName,
2145 NULL,
2148 0,
2149 NULL,
2150 0,
2155 FALSE);
2156}
static GENERIC_MAPPING GenericMapping
Definition: SeInheritance.c:11
#define FALSE
Definition: types.h:117
static POBJECTS_AND_NAME_A SE_OBJECT_TYPE LPSTR ObjectTypeName
Definition: security.c:79
_Must_inspect_result_ NTSTATUS NTAPI SepAccessCheckAndAuditAlarm(_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ PHANDLE ClientTokenHandle, _In_ PUNICODE_STRING ObjectTypeName, _In_ PUNICODE_STRING ObjectName, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_opt_ PSID PrincipalSelfSid, _In_ ACCESS_MASK DesiredAccess, _In_ AUDIT_EVENT_TYPE AuditType, _In_ ULONG Flags, _In_reads_opt_(ObjectTypeListLength) POBJECT_TYPE_LIST ObjectTypeList, _In_ ULONG ObjectTypeListLength, _In_ PGENERIC_MAPPING GenericMapping, _Out_writes_(ObjectTypeListLength) PACCESS_MASK GrantedAccessList, _Out_writes_(ObjectTypeListLength) PNTSTATUS AccessStatusList, _Out_ PBOOLEAN GenerateOnClose, _In_ BOOLEAN UseResultList)
Performs security auditing, if the specific object can be granted security access or not.
Definition: audit.c:614
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
Definition: wdfdevice.h:2658
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:191
_In_ PVOID _Out_opt_ PULONG_PTR _Outptr_opt_ PCUNICODE_STRING * ObjectName
Definition: cmfuncs.h:64
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE _In_ BOOLEAN _In_ BOOLEAN _In_ KPROCESSOR_MODE _In_opt_ GUID _Out_ PBOOLEAN GenerateOnClose
Definition: sefuncs.h:422
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK _Out_ PNTSTATUS AccessStatus
Definition: sefuncs.h:21
@ AuditEventObjectAccess
Definition: setypes.h:868

Referenced by AccessCheckAndAuditAlarmA(), and AccessCheckAndAuditAlarmW().

◆ NtAccessCheckByTypeAndAuditAlarm()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAccessCheckByTypeAndAuditAlarm ( _In_ PUNICODE_STRING  SubsystemName,
_In_opt_ PVOID  HandleId,
_In_ PUNICODE_STRING  ObjectTypeName,
_In_ PUNICODE_STRING  ObjectName,
_In_ PSECURITY_DESCRIPTOR  SecurityDescriptor,
_In_opt_ PSID  PrincipalSelfSid,
_In_ ACCESS_MASK  DesiredAccess,
_In_ AUDIT_EVENT_TYPE  AuditType,
_In_ ULONG  Flags,
_In_reads_opt_(ObjectTypeLength) POBJECT_TYPE_LIST  ObjectTypeList,
_In_ ULONG  ObjectTypeLength,
_In_ PGENERIC_MAPPING  GenericMapping,
_In_ BOOLEAN  ObjectCreation,
_Out_ PACCESS_MASK  GrantedAccess,
_Out_ PNTSTATUS  AccessStatus,
_Out_ PBOOLEAN  GenerateOnClose 
)

Raises an alarm audit message when a caller attempts to access an object and determine if the access can be made by type.

Parameters
[in]SubsystemNameA Unicode string that points to a name of the subsystem.
[in]HandleIdA handle to an ID that is used as identification instance for auditing.
[in]ObjectTypeNameThe name of the object type.
[in]ObjectNameThe object name.
[in]SecurityDescriptorA security descriptor.
[in]PrincipalSelfSidA principal self user SID.
[in]DesiredAccessThe desired access rights masks requested by the caller.
[in]AuditTypeType of audit to start, influencing how the audit should be done.
[in]FlagsFlag bitmask, used to check if auditing can be done without privileges.
[in]ObjectTypeListA list of object types.
[in]ObjectTypeLengthThe length size of the list.
[in]GenericMappingThe generic mapping of access mask rights.
[in]ObjectCreationSet this to TRUE if the object has just been created.
[out]GrantedAccessReturns the granted access rights.
[out]AccessStatusReturns a NTSTATUS status code indicating whether access check can be granted or not.
[out]GenerateOnCloseReturns TRUE if the function has generated a list of granted access rights and status codes on termination, FALSE otherwise.
Returns
See SepAccessCheckAndAuditAlarm.

Definition at line 2222 of file audit.c.

2239{
2240 /* Call the internal function */
2241 return SepAccessCheckAndAuditAlarm(SubsystemName,
2242 HandleId,
2243 NULL,
2245 ObjectName,
2247 PrincipalSelfSid,
2249 AuditType,
2250 Flags,
2251 ObjectTypeList,
2252 ObjectTypeLength,
2257 FALSE);
2258}
_Must_inspect_result_ _In_ ULONG Flags
Definition: wsk.h:170

◆ NtAccessCheckByTypeResultListAndAuditAlarm()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAccessCheckByTypeResultListAndAuditAlarm ( _In_ PUNICODE_STRING  SubsystemName,
_In_opt_ PVOID  HandleId,
_In_ PUNICODE_STRING  ObjectTypeName,
_In_ PUNICODE_STRING  ObjectName,
_In_ PSECURITY_DESCRIPTOR  SecurityDescriptor,
_In_opt_ PSID  PrincipalSelfSid,
_In_ ACCESS_MASK  DesiredAccess,
_In_ AUDIT_EVENT_TYPE  AuditType,
_In_ ULONG  Flags,
_In_reads_opt_(ObjectTypeListLength) POBJECT_TYPE_LIST  ObjectTypeList,
_In_ ULONG  ObjectTypeListLength,
_In_ PGENERIC_MAPPING  GenericMapping,
_In_ BOOLEAN  ObjectCreation,
_Out_writes_(ObjectTypeListLength) PACCESS_MASK  GrantedAccessList,
_Out_writes_(ObjectTypeListLength) PNTSTATUS  AccessStatusList,
_Out_ PBOOLEAN  GenerateOnClose 
)

Raises an alarm audit message when a caller attempts to access an object and determine if the access can be made by given type result.

Parameters
[in]SubsystemNameA Unicode string that points to a name of the subsystem.
[in]HandleIdA handle to an ID that is used as identification instance for auditing.
[in]ObjectTypeNameThe name of the object type.
[in]ObjectNameThe object name.
[in]SecurityDescriptorA security descriptor.
[in]PrincipalSelfSidA principal self user SID.
[in]DesiredAccessThe desired access rights masks requested by the caller.
[in]AuditTypeType of audit to start, influencing how the audit should be done.
[in]FlagsFlag bitmask, used to check if auditing can be done without privileges.
[in]ObjectTypeListA list of object types.
[in]ObjectTypeLengthThe length size of the list.
[in]GenericMappingThe generic mapping of access mask rights.
[in]ObjectCreationSet this to TRUE if the object has just been created.
[out]GrantedAccessListReturns the granted access rights.
[out]AccessStatusListReturns a NTSTATUS status code indicating whether access check can be granted or not.
[out]GenerateOnCloseReturns TRUE if the function has generated a list of granted access rights and status codes on termination, FALSE otherwise.
Returns
See SepAccessCheckAndAuditAlarm.

Definition at line 2324 of file audit.c.

2341{
2342 /* Call the internal function */
2343 return SepAccessCheckAndAuditAlarm(SubsystemName,
2344 HandleId,
2345 NULL,
2347 ObjectName,
2349 PrincipalSelfSid,
2351 AuditType,
2352 Flags,
2353 ObjectTypeList,
2354 ObjectTypeListLength,
2356 GrantedAccessList,
2357 AccessStatusList,
2359 TRUE);
2360}
#define TRUE
Definition: types.h:120

◆ NtAccessCheckByTypeResultListAndAuditAlarmByHandle()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAccessCheckByTypeResultListAndAuditAlarmByHandle ( _In_ PUNICODE_STRING  SubsystemName,
_In_opt_ PVOID  HandleId,
_In_ HANDLE  ClientToken,
_In_ PUNICODE_STRING  ObjectTypeName,
_In_ PUNICODE_STRING  ObjectName,
_In_ PSECURITY_DESCRIPTOR  SecurityDescriptor,
_In_opt_ PSID  PrincipalSelfSid,
_In_ ACCESS_MASK  DesiredAccess,
_In_ AUDIT_EVENT_TYPE  AuditType,
_In_ ULONG  Flags,
_In_reads_opt_(ObjectTypeListLength) POBJECT_TYPE_LIST  ObjectTypeList,
_In_ ULONG  ObjectTypeListLength,
_In_ PGENERIC_MAPPING  GenericMapping,
_In_ BOOLEAN  ObjectCreation,
_Out_writes_(ObjectTypeListLength) PACCESS_MASK  GrantedAccessList,
_Out_writes_(ObjectTypeListLength) PNTSTATUS  AccessStatusList,
_Out_ PBOOLEAN  GenerateOnClose 
)

Raises an alarm audit message when a caller attempts to access an object and determine if the access can be made by given type result and a token handle.

Parameters
[in]SubsystemNameA Unicode string that points to a name of the subsystem.
[in]HandleIdA handle to an ID that is used as identification instance for auditing.
[in]ClientTokenA handle to a client access token.
[in]ObjectTypeNameThe name of the object type.
[in]ObjectNameThe object name.
[in]SecurityDescriptorA security descriptor.
[in]PrincipalSelfSidA principal self user SID.
[in]DesiredAccessThe desired access rights masks requested by the caller.
[in]AuditTypeType of audit to start, influencing how the audit should be done.
[in]FlagsFlag bitmask, used to check if auditing can be done without privileges.
[in]ObjectTypeListA list of object types.
[in]ObjectTypeLengthThe length size of the list.
[in]GenericMappingThe generic mapping of access mask rights.
[in]ObjectCreationSet this to TRUE if the object has just been created.
[out]GrantedAccessListReturns the granted access rights.
[out]AccessStatusListReturns a NTSTATUS status code indicating whether access check can be granted or not.
[out]GenerateOnCloseReturns TRUE if the function has generated a list of granted access rights and status codes on termination, FALSE otherwise.
Returns
See SepAccessCheckAndAuditAlarm.

Definition at line 2430 of file audit.c.

2448{
2449 UNREFERENCED_PARAMETER(ObjectCreation);
2450
2451 /* Call the internal function */
2452 return SepAccessCheckAndAuditAlarm(SubsystemName,
2453 HandleId,
2454 &ClientToken,
2456 ObjectName,
2458 PrincipalSelfSid,
2460 AuditType,
2461 Flags,
2462 ObjectTypeList,
2463 ObjectTypeListLength,
2465 GrantedAccessList,
2466 AccessStatusList,
2468 TRUE);
2469}
#define UNREFERENCED_PARAMETER(P)
Definition: ntbasedef.h:317

◆ NtAdjustGroupsToken()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAdjustGroupsToken ( _In_ HANDLE  TokenHandle,
_In_ BOOLEAN  ResetToDefault,
_In_opt_ PTOKEN_GROUPS  NewState,
_In_opt_ ULONG  BufferLength,
_Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_GROUPS  PreviousState,
_Out_ PULONG  ReturnLength 
)

◆ NtAdjustPrivilegesToken()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAdjustPrivilegesToken ( _In_ HANDLE  TokenHandle,
_In_ BOOLEAN  DisableAllPrivileges,
_In_opt_ PTOKEN_PRIVILEGES  NewState,
_In_ ULONG  BufferLength,
_Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_PRIVILEGES  PreviousState,
_When_(PreviousState !=NULL, _Out_) PULONG  ReturnLength 
)

◆ NtCloseObjectAuditAlarm()

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtCloseObjectAuditAlarm ( _In_ PUNICODE_STRING  SubsystemName,
_In_opt_ PVOID  HandleId,
_In_ BOOLEAN  GenerateOnClose 
)

◆ NtCreateFile()

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtCreateFile ( _Out_ PHANDLE  FileHandle,
_In_ ACCESS_MASK  DesiredAccess,
_In_ POBJECT_ATTRIBUTES  ObjectAttributes,
_Out_ PIO_STATUS_BLOCK  IoStatusBlock,
_In_opt_ PLARGE_INTEGER  AllocationSize,
_In_ ULONG  FileAttributes,
_In_ ULONG  ShareAccess,
_In_ ULONG  CreateDisposition,
_In_ ULONG  CreateOptions,
_In_reads_bytes_opt_(EaLength) PVOID  EaBuffer,
_In_ ULONG  EaLength 
)

◆ NtCreateSection()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtCreateSection ( _Out_ PHANDLE  SectionHandle,
_In_ ACCESS_MASK  DesiredAccess,
_In_opt_ POBJECT_ATTRIBUTES  ObjectAttributes,
_In_opt_ PLARGE_INTEGER  MaximumSize,
_In_ ULONG  SectionPageProtection,
_In_ ULONG  AllocationAttributes,
_In_opt_ HANDLE  FileHandle 
)

◆ NtDeleteObjectAuditAlarm()

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtDeleteObjectAuditAlarm ( _In_ PUNICODE_STRING  SubsystemName,
_In_opt_ PVOID  HandleId,
_In_ BOOLEAN  GenerateOnClose 
)

◆ NtDeviceIoControlFile()

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtDeviceIoControlFile ( _In_ HANDLE  FileHandle,
_In_opt_ HANDLE  Event,
_In_opt_ PIO_APC_ROUTINE  ApcRoutine,
_In_opt_ PVOID  ApcContext,
_Out_ PIO_STATUS_BLOCK  IoStatusBlock,
_In_ ULONG  IoControlCode,
_In_reads_bytes_opt_(InputBufferLength) PVOID  InputBuffer,
_In_ ULONG  InputBufferLength,
_Out_writes_bytes_opt_(OutputBufferLength) PVOID  OutputBuffer,
_In_ ULONG  OutputBufferLength 
)

◆ NtDuplicateToken()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtDuplicateToken ( _In_ HANDLE  ExistingTokenHandle,
_In_ ACCESS_MASK  DesiredAccess,
_In_opt_ POBJECT_ATTRIBUTES  ObjectAttributes,
_In_ BOOLEAN  EffectiveOnly,
_In_ TOKEN_TYPE  TokenType,
_Out_ PHANDLE  NewTokenHandle 
)

Duplicates a token.

Parameters
[in]ExistingTokenHandleAn existing token to duplicate.
[in]DesiredAccessThe desired access rights for the new duplicated token.
[in]ObjectAttributesObject attributes for the new duplicated token.
[in]EffectiveOnlyIf set to TRUE, the function removes all the disabled privileges and groups of the token to duplicate.
[in]TokenTypeType of token to assign to the duplicated token.
[out]NewTokenHandleThe returned duplicated token handle.
Returns
STATUS_SUCCESS is returned if token duplication has completed successfully. STATUS_BAD_IMPERSONATION_LEVEL is returned if the caller erroneously wants to raise the impersonation level even though the conditions do not permit it. A failure NTSTATUS code is returned otherwise.
Remarks
Some sources claim 4th param is ImpersonationLevel, but on W2K this is certainly NOT true, although I can't say for sure that EffectiveOnly is correct either. -Gunnar This is true. EffectiveOnly overrides SQOS.EffectiveOnly. - IAI NOTE for readers: http://hex.pp.ua/nt/NtDuplicateToken.php is therefore wrong in that regard, while MSDN documentation is correct.

Definition at line 1869 of file tokenlif.c.

1876{
1878 HANDLE hToken;
1879 PTOKEN Token;
1880 PTOKEN NewToken;
1881 PSECURITY_QUALITY_OF_SERVICE CapturedSecurityQualityOfService;
1882 BOOLEAN QoSPresent;
1885
1886 PAGED_CODE();
1887
1890 {
1892 }
1893
1895
1896 if (PreviousMode != KernelMode)
1897 {
1898 _SEH2_TRY
1899 {
1901 }
1903 {
1904 /* Return the exception code */
1906 }
1907 _SEH2_END;
1908 }
1909
1912 PagedPool,
1913 FALSE,
1914 &CapturedSecurityQualityOfService,
1915 &QoSPresent);
1916 if (!NT_SUCCESS(Status))
1917 {
1918 DPRINT1("NtDuplicateToken() failed to capture QoS! Status: 0x%x\n", Status);
1919 return Status;
1920 }
1921
1922 Status = ObReferenceObjectByHandle(ExistingTokenHandle,
1926 (PVOID*)&Token,
1928 if (!NT_SUCCESS(Status))
1929 {
1930 DPRINT1("Failed to reference token (Status 0x%lx)\n", Status);
1931 SepReleaseSecurityQualityOfService(CapturedSecurityQualityOfService,
1933 FALSE);
1934 return Status;
1935 }
1936
1937 /*
1938 * Fail, if the original token is an impersonation token and the caller
1939 * tries to raise the impersonation level of the new token above the
1940 * impersonation level of the original token.
1941 */
1942 if (Token->TokenType == TokenImpersonation)
1943 {
1944 if (QoSPresent &&
1945 CapturedSecurityQualityOfService->ImpersonationLevel >Token->ImpersonationLevel)
1946 {
1948 SepReleaseSecurityQualityOfService(CapturedSecurityQualityOfService,
1950 FALSE);
1952 }
1953 }
1954
1955 /*
1956 * Fail, if a primary token is to be created from an impersonation token
1957 * and and the impersonation level of the impersonation token is below SecurityImpersonation.
1958 */
1959 if (Token->TokenType == TokenImpersonation &&
1961 Token->ImpersonationLevel < SecurityImpersonation)
1962 {
1964 SepReleaseSecurityQualityOfService(CapturedSecurityQualityOfService,
1966 FALSE);
1968 }
1969
1973 TokenType,
1974 (QoSPresent ? CapturedSecurityQualityOfService->ImpersonationLevel : SecurityAnonymous),
1976 &NewToken);
1977
1979
1980 if (NT_SUCCESS(Status))
1981 {
1982 Status = ObInsertObject(NewToken,
1983 NULL,
1984 (DesiredAccess ? DesiredAccess : HandleInformation.GrantedAccess),
1985 0,
1986 NULL,
1987 &hToken);
1988 if (NT_SUCCESS(Status))
1989 {
1990 _SEH2_TRY
1991 {
1992 *NewTokenHandle = hToken;
1993 }
1995 {
1997 }
1998 _SEH2_END;
1999 }
2000 }
2001
2002 /* Free the captured structure */
2003 SepReleaseSecurityQualityOfService(CapturedSecurityQualityOfService,
2005 FALSE);
2006
2007 return Status;
2008}
#define PAGED_CODE()
unsigned char BOOLEAN
#define DPRINT1
Definition: precomp.h:8
#define PagedPool
Definition: env_spec_w32.h:308
#define _SEH2_END
Definition: filesup.c:22
#define _SEH2_TRY
Definition: filesup.c:19
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
@ SecurityImpersonation
Definition: lsa.idl:57
@ SecurityAnonymous
Definition: lsa.idl:55
@ TokenImpersonation
Definition: imports.h:274
@ TokenPrimary
Definition: imports.h:273
#define KeGetPreviousMode()
Definition: ketypes.h:1115
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN EffectiveOnly
Definition: sefuncs.h:410
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE _Out_ PHANDLE NewTokenHandle
Definition: sefuncs.h:412
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE TokenType
Definition: sefuncs.h:411
NTSTATUS NTAPI SepCaptureSecurityQualityOfService(_In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ KPROCESSOR_MODE AccessMode, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PSECURITY_QUALITY_OF_SERVICE *CapturedSecurityQualityOfService, _Out_ PBOOLEAN Present)
Captures the security quality of service data given the object attributes from an object.
Definition: sqos.c:52
VOID NTAPI SepReleaseSecurityQualityOfService(_In_opt_ PSECURITY_QUALITY_OF_SERVICE CapturedSecurityQualityOfService, _In_ KPROCESSOR_MODE AccessMode, _In_ BOOLEAN CaptureIfKernel)
Releases (frees) the captured SQOS data from an object in the memory pool.
Definition: sqos.c:225
POBJECT_TYPE SeTokenObjectType
Definition: token.c:17
#define STATUS_BAD_IMPERSONATION_LEVEL
Definition: ntstatus.h:401
NTSTATUS NTAPI ObReferenceObjectByHandle(IN HANDLE Handle, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation OPTIONAL)
Definition: obref.c:494
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:159
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:34
#define _SEH2_YIELD(__stmt)
Definition: pseh2_64.h:162
#define ProbeForWriteHandle(Ptr)
Definition: probe.h:43
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
Definition: lsa.idl:65
NTSTATUS NTAPI SepDuplicateToken(_In_ PTOKEN Token, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ BOOLEAN EffectiveOnly, _In_ TOKEN_TYPE TokenType, _In_ SECURITY_IMPERSONATION_LEVEL Level, _In_ KPROCESSOR_MODE PreviousMode, _Out_ PTOKEN *NewAccessToken)
Duplicates an access token, from an existing valid token.
Definition: tokenlif.c:471
CCHAR KPROCESSOR_MODE
Definition: ketypes.h:7
_In_ ACCESS_MASK _In_opt_ POBJECT_TYPE _In_ KPROCESSOR_MODE _Out_ PVOID _Out_opt_ POBJECT_HANDLE_INFORMATION HandleInformation
Definition: obfuncs.h:44
_In_ KPROCESSOR_MODE PreviousMode
Definition: sefuncs.h:103
#define TOKEN_DUPLICATE
Definition: setypes.h:926

Referenced by CreateProcessAsUserCommon(), DuplicateTokenAsEffective(), DuplicateTokenEx(), GetToken(), GetTokenProcess(), ImpersonateLoggedOnUser(), QueryTokenImpersonationTests(), and START_TEST().

◆ NtFilterToken()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtFilterToken ( _In_ HANDLE  ExistingTokenHandle,
_In_ ULONG  Flags,
_In_opt_ PTOKEN_GROUPS  SidsToDisable,
_In_opt_ PTOKEN_PRIVILEGES  PrivilegesToDelete,
_In_opt_ PTOKEN_GROUPS  RestrictedSids,
_Out_ PHANDLE  NewTokenHandle 
)

Creates an access token in a restricted form from the original existing token, that is, such action is called filtering.

Parameters
[in]ExistingTokenHandleA handle to an access token which is to be filtered.
[in]FlagsPrivilege flag options. This parameter argument influences how the token's privileges are filtered. For further details see remarks.
[in]SidsToDisableArray of SIDs to disable. The action of doing so assigns the SE_GROUP_USE_FOR_DENY_ONLY attribute to the respective group SID and takes away SE_GROUP_ENABLED and SE_GROUP_ENABLED_BY_DEFAULT. This parameter can be NULL. This can be a UM pointer.
[in]PrivilegesToDeleteArray of privileges to delete. The function will walk within this array to determine if the specified privileges do exist in the access token. Any missing privileges gets ignored. This parameter can be NULL. This can be a UM pointer.
[in]RestrictedSidsAn array list of restricted groups SID to be added in the access token. A token that is already restricted the newly added restricted SIDs are redundant information in addition to the existing restricted SIDs in the token. This parameter can be NULL. This can be a UM pointer.
[out]NewTokenHandleA new handle to the restricted (filtered) access token. This can be a UM pointer.
Returns
Returns STATUS_SUCCESS if the routine has successfully filtered the access token. STATUS_INVALID_PARAMETER is returned if one or more parameters are not valid (see SepPerformTokenFiltering routine call for more information). A failure NTSTATUS code is returned otherwise.
Remarks
The Flags parameter determines the final outcome of how the privileges in an access token are filtered. This parameter can take these supported values (these can be combined):

0 – Filter the token's privileges in the usual way. The function expects that the caller MUST PROVIDE a valid array list of privileges to be deleted (that is, PrivilegesToDelete MUSTN'T BE NULL).

DISABLE_MAX_PRIVILEGE – Disables (deletes) all the privileges except SeChangeNotifyPrivilege in the new access token. Bear in mind if this flag is specified the routine ignores PrivilegesToDelete.

SANDBOX_INERT – Stores the TOKEN_SANDBOX_INERT token flag within the access token.

LUA_TOKEN – The newly filtered access token is a LUA token. This flag is not supported in Windows Server 2003.

WRITE_RESTRICTED – The newly filtered token has the restricted SIDs that are considered only when evaluating write access onto the token. This value is not supported in Windows Server 2003.

Definition at line 2075 of file tokenlif.c.

2082{
2083 PTOKEN Token, FilteredToken;
2084 HANDLE FilteredTokenHandle;
2087 OBJECT_HANDLE_INFORMATION HandleInfo;
2089 ULONG CapturedSidsCount = 0;
2090 ULONG CapturedPrivilegesCount = 0;
2091 ULONG CapturedRestrictedSidsCount = 0;
2092 ULONG ProbeSize = 0;
2093 PSID_AND_ATTRIBUTES CapturedSids = NULL;
2094 PSID_AND_ATTRIBUTES CapturedRestrictedSids = NULL;
2095 PLUID_AND_ATTRIBUTES CapturedPrivileges = NULL;
2096
2097 PAGED_CODE();
2098
2100
2101 _SEH2_TRY
2102 {
2103 /* Probe SidsToDisable */
2104 if (SidsToDisable != NULL)
2105 {
2106 /* Probe the header */
2107 ProbeForRead(SidsToDisable, sizeof(*SidsToDisable), sizeof(ULONG));
2108
2109 CapturedSidsCount = SidsToDisable->GroupCount;
2110 ProbeSize = FIELD_OFFSET(TOKEN_GROUPS, Groups[CapturedSidsCount]);
2111
2112 ProbeForRead(SidsToDisable, ProbeSize, sizeof(ULONG));
2113 }
2114
2115 /* Probe PrivilegesToDelete */
2116 if (PrivilegesToDelete != NULL)
2117 {
2118 /* Probe the header */
2119 ProbeForRead(PrivilegesToDelete, sizeof(*PrivilegesToDelete), sizeof(ULONG));
2120
2121 CapturedPrivilegesCount = PrivilegesToDelete->PrivilegeCount;
2122 ProbeSize = FIELD_OFFSET(TOKEN_PRIVILEGES, Privileges[CapturedPrivilegesCount]);
2123
2124 ProbeForRead(PrivilegesToDelete, ProbeSize, sizeof(ULONG));
2125 }
2126
2127 /* Probe RestrictedSids */
2128 if (RestrictedSids != NULL)
2129 {
2130 /* Probe the header */
2131 ProbeForRead(RestrictedSids, sizeof(*RestrictedSids), sizeof(ULONG));
2132
2133 CapturedRestrictedSidsCount = RestrictedSids->GroupCount;
2134 ProbeSize = FIELD_OFFSET(TOKEN_GROUPS, Groups[CapturedRestrictedSidsCount]);
2135
2136 ProbeForRead(RestrictedSids, ProbeSize, sizeof(ULONG));
2137 }
2138
2139 /* Probe the handle */
2141 }
2143 {
2144 /* Return the exception code */
2146 }
2147 _SEH2_END;
2148
2149 /* Reference the token */
2150 Status = ObReferenceObjectByHandle(ExistingTokenHandle,
2154 (PVOID*)&Token,
2155 &HandleInfo);
2156 if (!NT_SUCCESS(Status))
2157 {
2158 DPRINT1("NtFilterToken(): Failed to reference the token (Status 0x%lx)\n", Status);
2159 return Status;
2160 }
2161
2162 /* Capture the group SIDs */
2163 if (SidsToDisable != NULL)
2164 {
2165 Status = SeCaptureSidAndAttributesArray(SidsToDisable->Groups,
2166 CapturedSidsCount,
2168 NULL,
2169 0,
2170 PagedPool,
2171 TRUE,
2172 &CapturedSids,
2173 &ResultLength);
2174 if (!NT_SUCCESS(Status))
2175 {
2176 DPRINT1("NtFilterToken(): Failed to capture the SIDs (Status 0x%lx)\n", Status);
2177 goto Quit;
2178 }
2179 }
2180
2181 /* Capture the privileges */
2182 if (PrivilegesToDelete != NULL)
2183 {
2184 Status = SeCaptureLuidAndAttributesArray(PrivilegesToDelete->Privileges,
2185 CapturedPrivilegesCount,
2187 NULL,
2188 0,
2189 PagedPool,
2190 TRUE,
2191 &CapturedPrivileges,
2192 &ResultLength);
2193 if (!NT_SUCCESS(Status))
2194 {
2195 DPRINT1("NtFilterToken(): Failed to capture the privileges (Status 0x%lx)\n", Status);
2196 goto Quit;
2197 }
2198 }
2199
2200 /* Capture the restricted SIDs */
2201 if (RestrictedSids != NULL)
2202 {
2203 Status = SeCaptureSidAndAttributesArray(RestrictedSids->Groups,
2204 CapturedRestrictedSidsCount,
2206 NULL,
2207 0,
2208 PagedPool,
2209 TRUE,
2210 &CapturedRestrictedSids,
2211 &ResultLength);
2212 if (!NT_SUCCESS(Status))
2213 {
2214 DPRINT1("NtFilterToken(): Failed to capture the restricted SIDs (Status 0x%lx)\n", Status);
2215 goto Quit;
2216 }
2217 }
2218
2219 /* Call the internal API */
2221 CapturedPrivileges,
2222 CapturedSids,
2223 CapturedRestrictedSids,
2224 CapturedPrivilegesCount,
2225 CapturedSidsCount,
2226 CapturedRestrictedSidsCount,
2227 Flags,
2229 &FilteredToken);
2230 if (!NT_SUCCESS(Status))
2231 {
2232 DPRINT1("NtFilterToken(): Failed to filter the token (Status 0x%lx)\n", Status);
2233 goto Quit;
2234 }
2235
2236 /* Insert the filtered token and retrieve a handle to it */
2237 Status = ObInsertObject(FilteredToken,
2238 NULL,
2239 HandleInfo.GrantedAccess,
2240 0,
2241 NULL,
2242 &FilteredTokenHandle);
2243 if (!NT_SUCCESS(Status))
2244 {
2245 DPRINT1("NtFilterToken(): Failed to insert the filtered token (Status 0x%lx)\n", Status);
2246 goto Quit;
2247 }
2248
2249 /* And return it to the caller once we're done */
2250 _SEH2_TRY
2251 {
2252 *NewTokenHandle = FilteredTokenHandle;
2253 }
2255 {
2257 _SEH2_YIELD(goto Quit);
2258 }
2259 _SEH2_END;
2260
2261Quit:
2262 /* Dereference the token */
2264
2265 /* Release all the captured data */
2266 if (CapturedSids != NULL)
2267 {
2268 SeReleaseSidAndAttributesArray(CapturedSids,
2270 TRUE);
2271 }
2272
2273 if (CapturedPrivileges != NULL)
2274 {
2275 SeReleaseLuidAndAttributesArray(CapturedPrivileges,
2277 TRUE);
2278 }
2279
2280 if (CapturedRestrictedSids != NULL)
2281 {
2282 SeReleaseSidAndAttributesArray(CapturedRestrictedSids,
2284 TRUE);
2285 }
2286
2287 return Status;
2288}
#define ExGetPreviousMode
Definition: ex.h:140
VOID NTAPI ProbeForRead(IN CONST VOID *Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:102
VOID NTAPI SeReleaseSidAndAttributesArray(_In_ _Post_invalid_ PSID_AND_ATTRIBUTES CapturedSidAndAttributes, _In_ KPROCESSOR_MODE AccessMode, _In_ BOOLEAN CaptureIfKernel)
Releases a captured SID with attributes.
Definition: sid.c:976
VOID NTAPI SeReleaseLuidAndAttributesArray(_In_ PLUID_AND_ATTRIBUTES Privilege, _In_ KPROCESSOR_MODE PreviousMode, _In_ BOOLEAN CaptureIfKernel)
Releases a LUID with attributes structure.
Definition: priv.c:554
NTSTATUS NTAPI SeCaptureSidAndAttributesArray(_In_ PSID_AND_ATTRIBUTES SrcSidAndAttributes, _In_ ULONG AttributeCount, _In_ KPROCESSOR_MODE PreviousMode, _In_opt_ PVOID AllocatedMem, _In_ ULONG AllocatedLength, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PSID_AND_ATTRIBUTES *CapturedSidAndAttributes, _Out_ PULONG ResultLength)
Captures a SID with attributes.
Definition: sid.c:693
NTSTATUS NTAPI SeCaptureLuidAndAttributesArray(_In_ PLUID_AND_ATTRIBUTES Src, _In_ ULONG PrivilegeCount, _In_ KPROCESSOR_MODE PreviousMode, _In_ PLUID_AND_ATTRIBUTES AllocatedMem, _In_ ULONG AllocatedLength, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PLUID_AND_ATTRIBUTES *Dest, _Inout_ PULONG Length)
ACCESS_MASK GrantedAccess
Definition: iotypes.h:181
static NTSTATUS SepPerformTokenFiltering(_In_ PTOKEN Token, _In_opt_ PLUID_AND_ATTRIBUTES PrivilegesToBeDeleted, _In_opt_ PSID_AND_ATTRIBUTES SidsToBeDisabled, _In_opt_ PSID_AND_ATTRIBUTES RestrictedSidsIntoToken, _When_(PrivilegesToBeDeleted !=NULL, _In_) ULONG PrivilegesCount, _When_(SidsToBeDisabled !=NULL, _In_) ULONG RegularGroupsSidCount, _When_(RestrictedSidsIntoToken !=NULL, _In_) ULONG RestrictedSidsCount, _In_ ULONG PrivilegeFlags, _In_ KPROCESSOR_MODE PreviousMode, _Out_ PTOKEN *FilteredToken)
Private helper function responsible for creating a restricted access token, that is,...
Definition: tokenlif.c:859
#define FIELD_OFFSET(t, f)
Definition: typedefs.h:255
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ ULONG _Out_ PULONG ResultLength
Definition: wdfdevice.h:3776
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET * Privileges
Definition: sefuncs.h:17

Referenced by CreateRestrictedToken(), QueryTokenIsSandboxInert(), QueryTokenPrivilegesAndGroupsTests(), QueryTokenRestrictedSidsTest(), and START_TEST().

◆ NtFsControlFile()

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtFsControlFile ( _In_ HANDLE  FileHandle,
_In_opt_ HANDLE  Event,
_In_opt_ PIO_APC_ROUTINE  ApcRoutine,
_In_opt_ PVOID  ApcContext,
_Out_ PIO_STATUS_BLOCK  IoStatusBlock,
_In_ ULONG  FsControlCode,
_In_reads_bytes_opt_(InputBufferLength) PVOID  InputBuffer,
_In_ ULONG  InputBufferLength,
_Out_writes_bytes_opt_(OutputBufferLength) PVOID  OutputBuffer,
_In_ ULONG  OutputBufferLength 
)

◆ NtImpersonateAnonymousToken()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtImpersonateAnonymousToken ( _In_ HANDLE  ThreadHandle)

Allows the calling thread to impersonate the system's anonymous logon token.

Parameters
[in]ThreadHandleA handle to the thread to start the procedure of logon token impersonation. The thread must have the THREAD_IMPERSONATE access right.
Returns
Returns STATUS_SUCCESS if the thread has successfully impersonated the anonymous logon token, otherwise a failure NTSTATUS code is returned.
Remarks
By default the system gives the opportunity to the caller to impersonate the anonymous logon token without including the Everyone Group SID. In cases where the caller wants to impersonate the token including such group, the EveryoneIncludesAnonymous registry value setting has to be set to 1, from HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa registry path. The calling thread must invoke PsRevertToSelf when impersonation is no longer needed or RevertToSelf if the calling execution is done in user mode.

Definition at line 2612 of file token.c.

2614{
2618 PAGED_CODE();
2619
2621
2622 /* Obtain the thread object from the handle */
2623 Status = ObReferenceObjectByHandle(ThreadHandle,
2627 (PVOID*)&Thread,
2628 NULL);
2629 if (!NT_SUCCESS(Status))
2630 {
2631 DPRINT1("NtImpersonateAnonymousToken(): Failed to reference the object (Status 0x%lx)\n", Status);
2632 return Status;
2633 }
2634
2635 /* Call the private routine to impersonate the token */
2637 if (!NT_SUCCESS(Status))
2638 {
2639 DPRINT1("NtImpersonateAnonymousToken(): Failed to impersonate the token (Status 0x%lx)\n", Status);
2640 }
2641
2643 return Status;
2644}
_In_opt_ PFILE_OBJECT _In_opt_ PETHREAD Thread
Definition: fltkernel.h:2653
#define THREAD_IMPERSONATE
Definition: pstypes.h:151
POBJECT_TYPE PsThreadType
Definition: thread.c:20
static NTSTATUS SepImpersonateAnonymousToken(_In_ PETHREAD Thread, _In_ KPROCESSOR_MODE PreviousMode)
Private function that impersonates the system's anonymous logon token. The major bulk of the imperson...
Definition: token.c:334

Referenced by ImpersonateAnonymousToken(), and START_TEST().

◆ NtLockFile()

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtLockFile ( _In_ HANDLE  FileHandle,
_In_opt_ HANDLE  Event,
_In_opt_ PIO_APC_ROUTINE  ApcRoutine,
_In_opt_ PVOID  ApcContext,
_Out_ PIO_STATUS_BLOCK  IoStatusBlock,
_In_ PLARGE_INTEGER  ByteOffset,
_In_ PLARGE_INTEGER  Length,
_In_ ULONG  Key,
_In_ BOOLEAN  FailImmediately,
_In_ BOOLEAN  ExclusiveLock 
)

◆ NtOpenFile()

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtOpenFile ( _Out_ PHANDLE  FileHandle,
_In_ ACCESS_MASK  DesiredAccess,
_In_ POBJECT_ATTRIBUTES  ObjectAttributes,
_Out_ PIO_STATUS_BLOCK  IoStatusBlock,
_In_ ULONG  ShareAccess,
_In_ ULONG  OpenOptions 
)

◆ NtOpenJobObjectToken()

_Must_inspect_result_ NTSYSAPI NTSTATUS NTAPI NtOpenJobObjectToken ( _In_ HANDLE  JobHandle,
_In_ ACCESS_MASK  DesiredAccess,
_Out_ PHANDLE  TokenHandle 
)

◆ NtOpenObjectAuditAlarm()

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtOpenObjectAuditAlarm ( _In_ PUNICODE_STRING  SubsystemName,
_In_opt_ PVOID  HandleId,
_In_ PUNICODE_STRING  ObjectTypeName,
_In_ PUNICODE_STRING  ObjectName,
_In_opt_ PSECURITY_DESCRIPTOR  SecurityDescriptor,
_In_ HANDLE  ClientTokenHandle,
_In_ ACCESS_MASK  DesiredAccess,
_In_ ACCESS_MASK  GrantedAccess,
_In_opt_ PPRIVILEGE_SET  PrivilegeSet,
_In_ BOOLEAN  ObjectCreation,
_In_ BOOLEAN  AccessGranted,
_Out_ PBOOLEAN  GenerateOnClose 
)

Raises an alarm audit message when an object is about to be opened.

Parameters
[in]SubsystemNameA Unicode string that points to a name of the subsystem.
[in]HandleIdA handle to an ID used for identification instance for auditing.
[in]ObjectTypeNameA Unicode string that points to an object type name.
[in]ObjectNameThe name of the object.
[in]SecurityDescriptorA security descriptor.
[in]ClientTokenHandleA handle to a client access token.
[in]DesiredAccessThe desired access rights masks requested by the caller.
[in]GrantedAccessThe granted access mask rights.
[in]PrivilegeSetIf specified, the function will use this set of privileges to audit.
[in]ObjectCreationSet this to TRUE if the object has just been created.
[in]AccessGrantedSet this to TRUE if the access attempt was deemed as granted.
[out]GenerateOnCloseA boolean flag returned to the caller once audit generation procedure finishes.
Returns
Returns STATUS_SUCCESS if all the operations have been completed successfully. STATUS_PRIVILEGE_NOT_HELD is returned if the given subject context does not hold the required audit privilege to actually begin auditing in the first place. STATUS_BAD_IMPERSONATION_LEVEL is returned if the security impersonation level of the client token is not on par with the impersonation level that alllows impersonation. STATUS_INVALID_PARAMETER is returned if the caller has submitted a bogus set of privileges as such array set exceeds the maximum count of privileges that the kernel can accept. A failure NTSTATUS code is returned otherwise.

Definition at line 1622 of file audit.c.

1635{
1636 PTOKEN ClientToken;
1637 PSECURITY_DESCRIPTOR CapturedSecurityDescriptor;
1638 UNICODE_STRING CapturedSubsystemName, CapturedObjectTypeName, CapturedObjectName;
1639 ULONG PrivilegeCount, PrivilegeSetSize;
1640 volatile PPRIVILEGE_SET CapturedPrivilegeSet;
1641 BOOLEAN LocalGenerateOnClose;
1642 PVOID CapturedHandleId;
1645 PAGED_CODE();
1646
1647 /* Only user mode is supported! */
1649
1650 /* Start clean */
1651 ClientToken = NULL;
1652 CapturedSecurityDescriptor = NULL;
1653 CapturedPrivilegeSet = NULL;
1654 CapturedSubsystemName.Buffer = NULL;
1655 CapturedObjectTypeName.Buffer = NULL;
1656 CapturedObjectName.Buffer = NULL;
1657
1658 /* Reference the client token */
1659 Status = ObReferenceObjectByHandle(ClientTokenHandle,
1662 UserMode,
1663 (PVOID*)&ClientToken,
1664 NULL);
1665 if (!NT_SUCCESS(Status))
1666 {
1667 DPRINT1("Failed to reference token handle %p: %lx\n",
1668 ClientTokenHandle, Status);
1669 return Status;
1670 }
1671
1672 /* Capture the security subject context */
1674
1675 /* Validate the token's impersonation level */
1676 if ((ClientToken->TokenType == TokenImpersonation) &&
1678 {
1679 DPRINT1("Invalid impersonation level (%u)\n", ClientToken->ImpersonationLevel);
1681 goto Cleanup;
1682 }
1683
1684 /* Check for audit privilege */
1686 {
1687 DPRINT1("Caller does not have SeAuditPrivilege\n");
1689 goto Cleanup;
1690 }
1691
1692 /* Check for NULL SecurityDescriptor */
1693 if (SecurityDescriptor == NULL)
1694 {
1695 /* Nothing to do */
1697 goto Cleanup;
1698 }
1699
1700 /* Capture the security descriptor */
1702 UserMode,
1703 PagedPool,
1704 FALSE,
1705 &CapturedSecurityDescriptor);
1706 if (!NT_SUCCESS(Status))
1707 {
1708 DPRINT1("Failed to capture security descriptor!\n");
1709 goto Cleanup;
1710 }
1711
1712 _SEH2_TRY
1713 {
1714 /* Check if we have a privilege set */
1715 if (PrivilegeSet != NULL)
1716 {
1717 /* Probe the basic privilege set structure */
1718 ProbeForRead(PrivilegeSet, sizeof(PRIVILEGE_SET), sizeof(ULONG));
1719
1720 /* Validate privilege count */
1721 PrivilegeCount = PrivilegeSet->PrivilegeCount;
1722 if (PrivilegeCount > SEP_PRIVILEGE_SET_MAX_COUNT)
1723 {
1725 _SEH2_YIELD(goto Cleanup);
1726 }
1727
1728 /* Calculate the size of the PrivilegeSet structure */
1729 PrivilegeSetSize = FIELD_OFFSET(PRIVILEGE_SET, Privilege[PrivilegeCount]);
1730
1731 /* Probe the whole structure */
1732 ProbeForRead(PrivilegeSet, PrivilegeSetSize, sizeof(ULONG));
1733
1734 /* Allocate a temp buffer */
1735 CapturedPrivilegeSet = ExAllocatePoolWithTag(PagedPool,
1736 PrivilegeSetSize,
1738 if (CapturedPrivilegeSet == NULL)
1739 {
1740 DPRINT1("Failed to allocate %u bytes\n", PrivilegeSetSize);
1742 _SEH2_YIELD(goto Cleanup);
1743 }
1744
1745 /* Copy the privileges */
1746 RtlCopyMemory(CapturedPrivilegeSet, PrivilegeSet, PrivilegeSetSize);
1747 }
1748
1749 if (HandleId != NULL)
1750 {
1751 ProbeForRead(HandleId, sizeof(PVOID), sizeof(PVOID));
1752 CapturedHandleId = *(PVOID*)HandleId;
1753 }
1754
1755 ProbeForWrite(GenerateOnClose, sizeof(BOOLEAN), sizeof(BOOLEAN));
1756 }
1758 {
1760 DPRINT1("Exception while probing parameters: 0x%lx\n", Status);
1761 _SEH2_YIELD(goto Cleanup);
1762 }
1763 _SEH2_END;
1764
1765 /* Probe and capture the subsystem name */
1766 Status = ProbeAndCaptureUnicodeString(&CapturedSubsystemName,
1767 UserMode,
1768 SubsystemName);
1769 if (!NT_SUCCESS(Status))
1770 {
1771 DPRINT1("Failed to capture subsystem name!\n");
1772 goto Cleanup;
1773 }
1774
1775 /* Probe and capture the object type name */
1776 Status = ProbeAndCaptureUnicodeString(&CapturedObjectTypeName,
1777 UserMode,
1779 if (!NT_SUCCESS(Status))
1780 {
1781 DPRINT1("Failed to capture object type name!\n");
1782 goto Cleanup;
1783 }
1784
1785 /* Probe and capture the object name */
1786 Status = ProbeAndCaptureUnicodeString(&CapturedObjectName,
1787 UserMode,
1788 ObjectName);
1789 if (!NT_SUCCESS(Status))
1790 {
1791 DPRINT1("Failed to capture object name!\n");
1792 goto Cleanup;
1793 }
1794
1795 /* Call the internal function */
1797 &CapturedSubsystemName,
1798 CapturedHandleId,
1799 &CapturedObjectTypeName,
1800 &CapturedObjectName,
1801 CapturedSecurityDescriptor,
1802 ClientToken,
1805 CapturedPrivilegeSet,
1806 ObjectCreation,
1808 &LocalGenerateOnClose);
1809
1811
1812 /* Enter SEH to copy the data back to user mode */
1813 _SEH2_TRY
1814 {
1815 *GenerateOnClose = LocalGenerateOnClose;
1816 }
1818 {
1820 DPRINT1("Exception while copying back data: 0x%lx\n", Status);
1821 }
1822 _SEH2_END;
1823
1824Cleanup:
1825
1826 if (CapturedObjectName.Buffer != NULL)
1827 ReleaseCapturedUnicodeString(&CapturedObjectName, UserMode);
1828
1829 if (CapturedObjectTypeName.Buffer != NULL)
1830 ReleaseCapturedUnicodeString(&CapturedObjectTypeName, UserMode);
1831
1832 if (CapturedSubsystemName.Buffer != NULL)
1833 ReleaseCapturedUnicodeString(&CapturedSubsystemName, UserMode);
1834
1835 if (CapturedSecurityDescriptor != NULL)
1836 SeReleaseSecurityDescriptor(CapturedSecurityDescriptor, UserMode, FALSE);
1837
1838 if (CapturedPrivilegeSet != NULL)
1839 ExFreePoolWithTag(CapturedPrivilegeSet, TAG_PRIVILEGE_SET);
1840
1841 /* Release the security subject context */
1843
1844 ObDereferenceObject(ClientToken);
1845
1846 return Status;
1847}
#define STATUS_PRIVILEGE_NOT_HELD
Definition: DriverTester.h:9
static const WCHAR Cleanup[]
Definition: register.c:80
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
VOID NTAPI ProbeForWrite(IN PVOID Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:143
_Inout_ PLIST_ENTRY _In_ PVOID _In_ PSTRING _In_ BOOLEAN _In_ BOOLEAN _In_ ULONG _In_ PFLT_CALLBACK_DATA _In_opt_ PCHECK_FOR_TRAVERSE_ACCESS _In_opt_ PSECURITY_SUBJECT_CONTEXT SubjectContext
Definition: fltkernel.h:2246
@ SecurityIdentification
Definition: lsa.idl:56
#define ASSERT(a)
Definition: mode.c:44
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1109
#define UserMode
Definition: asm.h:35
BOOLEAN NTAPI SeCheckAuditPrivilege(_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, _In_ KPROCESSOR_MODE PreviousMode)
Checks a single privilege and performs an audit against a privileged service based on a security subj...
Definition: priv.c:360
#define SEP_PRIVILEGE_SET_MAX_COUNT
Definition: audit.c:15
VOID NTAPI SepOpenObjectAuditAlarm(_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, _In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ PUNICODE_STRING ObjectTypeName, _In_ PUNICODE_STRING ObjectName, _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ PTOKEN ClientToken, _In_ ACCESS_MASK DesiredAccess, _In_ ACCESS_MASK GrantedAccess, _In_opt_ PPRIVILEGE_SET Privileges, _In_ BOOLEAN ObjectCreation, _In_ BOOLEAN AccessGranted, _Out_ PBOOLEAN GenerateOnClose)
Raises an alarm audit message when an object is about to be opened.
Definition: audit.c:1535
NTSTATUS NTAPI SeCaptureSecurityDescriptor(_In_ PSECURITY_DESCRIPTOR _OriginalSecurityDescriptor, _In_ KPROCESSOR_MODE CurrentMode, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PSECURITY_DESCRIPTOR *CapturedSecurityDescriptor)
Captures a security descriptor.
Definition: sd.c:386
NTSTATUS NTAPI SeReleaseSecurityDescriptor(_In_ PSECURITY_DESCRIPTOR CapturedSecurityDescriptor, _In_ KPROCESSOR_MODE CurrentMode, _In_ BOOLEAN CaptureIfKernelMode)
Releases a captured security descriptor buffer.
Definition: sd.c:760
static __inline NTSTATUS ProbeAndCaptureUnicodeString(OUT PUNICODE_STRING Dest, IN KPROCESSOR_MODE CurrentMode, IN const UNICODE_STRING *UnsafeSrc)
Definition: probe.h:142
static __inline VOID ReleaseCapturedUnicodeString(IN PUNICODE_STRING CapturedString, IN KPROCESSOR_MODE CurrentMode)
Definition: probe.h:239
#define STATUS_SUCCESS
Definition: shellext.h:65
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
Definition: setypes.h:240
TOKEN_TYPE TokenType
Definition: setypes.h:239
VOID NTAPI SeReleaseSubjectContext(_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext)
Releases both the primary and client tokens of a security subject context.
Definition: subject.c:171
VOID NTAPI SeCaptureSubjectContext(_Out_ PSECURITY_SUBJECT_CONTEXT SubjectContext)
Captures the security subject context of the calling thread and calling process.
Definition: subject.c:85
#define TAG_PRIVILEGE_SET
Definition: tag.h:157
#define RtlCopyMemory(Destination, Source, Length)
Definition: typedefs.h:263
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
BOOL Privilege(LPTSTR pszPrivilege, BOOL bEnable)
Definition: user_lib.cpp:531
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE _In_ BOOLEAN _In_ BOOLEAN AccessGranted
Definition: sefuncs.h:419
#define TOKEN_QUERY
Definition: setypes.h:928

Referenced by ObjectOpenAuditAlarmA(), and ObjectOpenAuditAlarmW().

◆ NtOpenProcessToken()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtOpenProcessToken ( _In_ HANDLE  ProcessHandle,
_In_ ACCESS_MASK  DesiredAccess,
_Out_ PHANDLE  TokenHandle 
)

◆ NtOpenProcessTokenEx()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtOpenProcessTokenEx ( _In_ HANDLE  ProcessHandle,
_In_ ACCESS_MASK  DesiredAccess,
_In_ ULONG  HandleAttributes,
_Out_ PHANDLE  TokenHandle 
)

◆ NtOpenThreadToken()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtOpenThreadToken ( _In_ HANDLE  ThreadHandle,
_In_ ACCESS_MASK  DesiredAccess,
_In_ BOOLEAN  OpenAsSelf,
_Out_ PHANDLE  TokenHandle 
)

Opens a token that is tied to a thread handle.

Parameters
[out]ThreadHandleThread handle where the token is about to be opened.
[in]DesiredAccessThe request access right for the token.
[in]OpenAsSelfIf set to TRUE, the access check will be made with the security context of the process of the calling thread (opening as self). Otherwise the access check will be made with the security context of the calling thread instead.
[out]TokenHandleThe opened token handle returned to the caller for use.
Returns
See NtOpenThreadTokenEx.

Definition at line 2474 of file token.c.

2479{
2480 return NtOpenThreadTokenEx(ThreadHandle, DesiredAccess, OpenAsSelf, 0,
2481 TokenHandle);
2482}
_In_ ACCESS_MASK _In_ ULONG _Out_ PHANDLE TokenHandle
Definition: psfuncs.h:726
NTSTATUS NTAPI NtOpenThreadTokenEx(_In_ HANDLE ThreadHandle, _In_ ACCESS_MASK DesiredAccess, _In_ BOOLEAN OpenAsSelf, _In_ ULONG HandleAttributes, _Out_ PHANDLE TokenHandle)
Opens a token that is tied to a thread handle.
Definition: token.c:2331
_In_ ACCESS_MASK _In_ BOOLEAN OpenAsSelf
Definition: zwfuncs.h:700

Referenced by BaseGetNamedObjectDirectory(), CheckTokenMembership(), CreateProcessAsUserCommon(), CsrGetProcessLuid(), GetCallerLuid(), LsarSetSecurityObject(), NpGetUserNamep(), OpenThreadToken(), RSetServiceObjectSecurity(), RtlDefaultNpAcl(), RtlNewSecurityGrantedAccess(), RtlpGetImpersonationToken(), and START_TEST().

◆ NtOpenThreadTokenEx()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtOpenThreadTokenEx ( _In_ HANDLE  ThreadHandle,
_In_ ACCESS_MASK  DesiredAccess,
_In_ BOOLEAN  OpenAsSelf,
_In_ ULONG  HandleAttributes,
_Out_ PHANDLE  TokenHandle 
)

Opens a token that is tied to a thread handle.

Parameters
[out]ThreadHandleThread handle where the token is about to be opened.
[in]DesiredAccessThe request access right for the token.
[in]OpenAsSelfIf set to TRUE, the access check will be made with the security context of the process of the calling thread (opening as self). Otherwise the access check will be made with the security context of the calling thread instead.
[in]HandleAttributesHandle attributes for the opened thread token handle.
[out]TokenHandleThe opened token handle returned to the caller for use.
Returns
Returns STATUS_SUCCESS if the function has successfully opened the thread token. STATUS_CANT_OPEN_ANONYMOUS is returned if a token has SecurityAnonymous as impersonation level and we cannot open it. A failure NTSTATUS code is returned otherwise.

Definition at line 2331 of file token.c.

2337{
2339 HANDLE hToken;
2340 PTOKEN Token;
2346 BOOLEAN RestoreImpersonation = FALSE;
2347
2348 PAGED_CODE();
2349
2351
2352 /* Ensure that we can give the handle to the caller */
2353 if (PreviousMode != KernelMode)
2354 {
2355 _SEH2_TRY
2356 {
2358 }
2360 {
2361 /* Return the exception code */
2363 }
2364 _SEH2_END;
2365 }
2366
2367 /* Validate object attributes */
2369
2370 /*
2371 * At first open the thread token for information access and verify
2372 * that the token associated with the thread is valid.
2373 */
2376 NULL);
2377 if (!NT_SUCCESS(Status))
2378 {
2379 DPRINT1("Failed to reference the object thread (Status 0x%lx)\n", Status);
2380 return Status;
2381 }
2382
2383 /* Reference the token from the thread */
2386 if (Token == NULL)
2387 {
2388 DPRINT("Failed to reference the thread's impersonation token, thread has no token\n");
2390 return STATUS_NO_TOKEN;
2391 }
2392
2393 /* Ensure the token has no anonymous security */
2395 {
2396 DPRINT1("The thread token has anonymous security, can't open it\n");
2400 }
2401
2402 /* Revert to self if OpenAsSelf is specified */
2403 if (OpenAsSelf)
2404 {
2405 RestoreImpersonation = PsDisableImpersonation(PsGetCurrentThread(),
2407 }
2408
2409 /* Call the private function to do the job */
2411 ThreadHandle,
2412 Token,
2416 CopyOnOpen,
2419 &hToken);
2420
2421 /* Restore the impersonation back if needed */
2422 if (RestoreImpersonation)
2423 {
2425 }
2426
2427 /* Dereference the access token and the associated thread */
2430
2431 if (!NT_SUCCESS(Status))
2432 {
2433 DPRINT1("Failed to open the thread's token (Status 0x%lx)\n", Status);
2434 return Status;
2435 }
2436
2437 /* Give the opened token handle to the caller */
2438 _SEH2_TRY
2439 {
2440 *TokenHandle = hToken;
2441 }
2443 {
2445 }
2446 _SEH2_END;
2447
2448 return Status;
2449}
#define PsGetCurrentThread()
Definition: env_spec_w32.h:81
#define THREAD_QUERY_INFORMATION
Definition: pstypes.h:149
enum _SECURITY_IMPERSONATION_LEVEL SECURITY_IMPERSONATION_LEVEL
#define PsDereferenceImpersonationToken(T)
Definition: imports.h:298
_In_ HANDLE _In_opt_ HANDLE _Out_opt_ PHANDLE _In_ ACCESS_MASK _In_ ULONG HandleAttributes
Definition: obfuncs.h:433
BOOLEAN NTAPI PsDisableImpersonation(IN PETHREAD Thread, OUT PSE_IMPERSONATION_STATE ImpersonationState)
Definition: security.c:937
VOID NTAPI PsRestoreImpersonation(IN PETHREAD Thread, IN PSE_IMPERSONATION_STATE ImpersonationState)
Definition: security.c:987
PACCESS_TOKEN NTAPI PsReferenceImpersonationToken(IN PETHREAD Thread, OUT PBOOLEAN CopyOnOpen, OUT PBOOLEAN EffectiveOnly, OUT PSECURITY_IMPERSONATION_LEVEL ImpersonationLevel)
Definition: security.c:871
static NTSTATUS SepOpenThreadToken(_In_ PETHREAD Thread, _In_ HANDLE ThreadHandle, _In_ PTOKEN ThreadToken, _In_ ACCESS_MASK DesiredAccess, _In_ ULONG HandleAttributes, _In_ BOOLEAN EffectiveOnly, _In_ BOOLEAN CopyOnOpen, _In_ SECURITY_IMPERSONATION_LEVEL ImpersonationLevel, _In_ KPROCESSOR_MODE PreviousMode, _Out_ PHANDLE OpenedTokenHandle)
Internal private function that returns an opened handle of an access token associated with a thread.
Definition: token.c:1170
#define STATUS_NO_TOKEN
Definition: ntstatus.h:360
#define STATUS_CANT_OPEN_ANONYMOUS
Definition: ntstatus.h:402
FORCEINLINE ULONG ObpValidateAttributes(IN ULONG Attributes, IN KPROCESSOR_MODE PreviousMode)
Definition: ob_x.h:22
#define DPRINT
Definition: sndvol32.h:71
_Out_ PBOOLEAN CopyOnOpen
Definition: psfuncs.h:154
_Inout_ PSE_IMPERSONATION_STATE ImpersonationState
Definition: psfuncs.h:189
_Out_ PBOOLEAN _Out_ PBOOLEAN _Out_ PSECURITY_IMPERSONATION_LEVEL ImpersonationLevel
Definition: psfuncs.h:156

Referenced by NtOpenThreadToken(), and START_TEST().

◆ NtPrivilegeCheck()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtPrivilegeCheck ( _In_ HANDLE  ClientToken,
_Inout_ PPRIVILEGE_SET  RequiredPrivileges,
_Out_ PBOOLEAN  Result 
)

◆ NtPrivilegedServiceAuditAlarm()

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtPrivilegedServiceAuditAlarm ( _In_ PUNICODE_STRING  SubsystemName,
_In_ PUNICODE_STRING  ServiceName,
_In_ HANDLE  ClientToken,
_In_ PPRIVILEGE_SET  Privileges,
_In_ BOOLEAN  AccessGranted 
)

◆ NtPrivilegeObjectAuditAlarm()

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtPrivilegeObjectAuditAlarm ( _In_ PUNICODE_STRING  SubsystemName,
_In_opt_ PVOID  HandleId,
_In_ HANDLE  ClientToken,
_In_ ACCESS_MASK  DesiredAccess,
_In_ PPRIVILEGE_SET  Privileges,
_In_ BOOLEAN  AccessGranted 
)

◆ NtQueryDirectoryFile()

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtQueryDirectoryFile ( _In_ HANDLE  FileHandle,
_In_opt_ HANDLE  Event,
_In_opt_ PIO_APC_ROUTINE  ApcRoutine,
_In_opt_ PVOID  ApcContext,
_Out_ PIO_STATUS_BLOCK  IoStatusBlock,
_Out_writes_bytes_(Length) PVOID  FileInformation,
_In_ ULONG  Length,
_In_ FILE_INFORMATION_CLASS  FileInformationClass,
_In_ BOOLEAN  ReturnSingleEntry,
_In_opt_ PUNICODE_STRING  FileName,
_In_ BOOLEAN  RestartScan 
)

◆ NtQueryInformationFile()

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtQueryInformationFile ( _In_ HANDLE  FileHandle,
_Out_ PIO_STATUS_BLOCK  IoStatusBlock,
_Out_writes_bytes_(Length) PVOID  FileInformation,
_In_ ULONG  Length,
_In_ FILE_INFORMATION_CLASS  FileInformationClass 
)

◆ NtQueryQuotaInformationFile()

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtQueryQuotaInformationFile ( _In_ HANDLE  FileHandle,
_Out_ PIO_STATUS_BLOCK  IoStatusBlock,
_Out_writes_bytes_(Length) PVOID  Buffer,
_In_ ULONG  Length,
_In_ BOOLEAN  ReturnSingleEntry,
_In_reads_bytes_opt_(SidListLength) PVOID  SidList,
_In_ ULONG  SidListLength,
_In_reads_bytes_opt_((8+(4 *((SID *) StartSid) ->SubAuthorityCount))) PSID  StartSid,
_In_ BOOLEAN  RestartScan 
)

◆ NtQueryVolumeInformationFile()

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtQueryVolumeInformationFile ( _In_ HANDLE  FileHandle,
_Out_ PIO_STATUS_BLOCK  IoStatusBlock,
_Out_writes_bytes_(Length) PVOID  FsInformation,
_In_ ULONG  Length,
_In_ FS_INFORMATION_CLASS  FsInformationClass 
)

◆ NtReadFile()

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtReadFile ( _In_ HANDLE  FileHandle,
_In_opt_ HANDLE  Event,
_In_opt_ PIO_APC_ROUTINE  ApcRoutine,
_In_opt_ PVOID  ApcContext,
_Out_ PIO_STATUS_BLOCK  IoStatusBlock,
_Out_writes_bytes_(Length) PVOID  Buffer,
_In_ ULONG  Length,
_In_opt_ PLARGE_INTEGER  ByteOffset,
_In_opt_ PULONG  Key 
)

◆ NtSetInformationFile()

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtSetInformationFile ( _In_ HANDLE  FileHandle,
_Out_ PIO_STATUS_BLOCK  IoStatusBlock,
_In_reads_bytes_(Length) PVOID  FileInformation,
_In_ ULONG  Length,
_In_ FILE_INFORMATION_CLASS  FileInformationClass 
)

◆ NtSetInformationThread()

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtSetInformationThread ( _In_ HANDLE  ThreadHandle,
_In_ THREADINFOCLASS  ThreadInformationClass,
_In_reads_bytes_(ThreadInformationLength) PVOID  ThreadInformation,
_In_ ULONG  ThreadInformationLength 
)

◆ NtSetInformationToken()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtSetInformationToken ( _In_ HANDLE  TokenHandle,
_In_ TOKEN_INFORMATION_CLASS  TokenInformationClass,
_In_reads_bytes_(TokenInformationLength) PVOID  TokenInformation,
_In_ ULONG  TokenInformationLength 
)

Sets (modifies) some specific information in regard of an access token. The calling thread must have specific access rights in order to modify token's information data.

@unimplemented

Parameters
[in]TokenHandleA handle of a token where information is to be modified.
[in]TokenInformationClassToken information class.
[in]TokenInformationAn arbitrary pointer to a buffer with token information to set. Such arbitrary buffer depends on the information class chosen that the caller wants to modify such information data of a token.
[in]TokenInformationLengthLength of the token information buffer, in bytes.
Returns
Returns STATUS_SUCCESS if information setting has completed successfully. STATUS_INFO_LENGTH_MISMATCH is returned if the information length of the buffer is less than the required length. STATUS_INSUFFICIENT_RESOURCES is returned if memory pool allocation has failed. STATUS_PRIVILEGE_NOT_HELD is returned if the calling thread hasn't the required privileges to perform the operation in question. A failure NTSTATUS code is returned otherwise.
Remarks
The function is partly implemented, mainly TokenOrigin.

Definition at line 1125 of file tokencls.c.

1130{
1132 PTOKEN Token;
1134 ULONG NeededAccess = TOKEN_ADJUST_DEFAULT;
1135
1136 PAGED_CODE();
1137
1139
1143 TokenInformation,
1145 PreviousMode);
1146 if (!NT_SUCCESS(Status))
1147 {
1148 /* Invalid buffers */
1149 DPRINT("NtSetInformationToken() failed, Status: 0x%x\n", Status);
1150 return Status;
1151 }
1152
1154 {
1155 NeededAccess |= TOKEN_ADJUST_SESSIONID;
1156 }
1157
1159 NeededAccess,
1162 (PVOID*)&Token,
1163 NULL);
1164 if (NT_SUCCESS(Status))
1165 {
1166 switch (TokenInformationClass)
1167 {
1168 case TokenOwner:
1169 {
1170 if (TokenInformationLength >= sizeof(TOKEN_OWNER))
1171 {
1172 PTOKEN_OWNER to = (PTOKEN_OWNER)TokenInformation;
1173 PSID InputSid = NULL, CapturedSid;
1174 ULONG DefaultOwnerIndex;
1175
1176 _SEH2_TRY
1177 {
1178 InputSid = to->Owner;
1179 }
1181 {
1183 _SEH2_YIELD(goto Cleanup);
1184 }
1185 _SEH2_END;
1186
1187 Status = SepCaptureSid(InputSid,
1189 PagedPool,
1190 FALSE,
1191 &CapturedSid);
1192 if (NT_SUCCESS(Status))
1193 {
1194 /* Lock the token */
1196
1197 /* Find the owner amongst the existing token user and groups */
1199 NULL,
1200 CapturedSid,
1201 NULL,
1202 &DefaultOwnerIndex);
1203 if (NT_SUCCESS(Status))
1204 {
1205 /* Found it */
1206 Token->DefaultOwnerIndex = DefaultOwnerIndex;
1207 ExAllocateLocallyUniqueId(&Token->ModifiedId);
1208 }
1209
1210 /* Unlock the token */
1212
1213 SepReleaseSid(CapturedSid,
1215 FALSE);
1216 }
1217 }
1218 else
1219 {
1221 }
1222 break;
1223 }
1224
1225 case TokenPrimaryGroup:
1226 {
1228 {
1229 PTOKEN_PRIMARY_GROUP tpg = (PTOKEN_PRIMARY_GROUP)TokenInformation;
1230 ULONG AclSize;
1232 PSID InputSid = NULL, CapturedSid;
1233 ULONG PrimaryGroupIndex, NewDynamicLength;
1234
1235 _SEH2_TRY
1236 {
1237 InputSid = tpg->PrimaryGroup;
1238 }
1240 {
1242 _SEH2_YIELD(goto Cleanup);
1243 }
1244 _SEH2_END;
1245
1246 Status = SepCaptureSid(InputSid,
1248 PagedPool,
1249 FALSE,
1250 &CapturedSid);
1251 if (NT_SUCCESS(Status))
1252 {
1253 /* Lock the token */
1255
1256 /*
1257 * We can whack the token's primary group only if
1258 * the charged dynamic space boundary allows us
1259 * to do so. Exceeding this boundary and we're
1260 * busted out.
1261 */
1262 AclSize = Token->DefaultDacl ? Token->DefaultDacl->AclSize : 0;
1263 NewDynamicLength = RtlLengthSid(CapturedSid) + AclSize;
1264 if (NewDynamicLength > Token->DynamicCharged)
1265 {
1267 SepReleaseSid(CapturedSid, PreviousMode, FALSE);
1269 DPRINT1("NtSetInformationToken(): Couldn't assign new primary group, space exceeded (current length %u, new length %lu)\n",
1270 Token->DynamicCharged, NewDynamicLength);
1271 goto Cleanup;
1272 }
1273
1274 /*
1275 * The dynamic part of the token may require a rebuild
1276 * if the current dynamic area is too small. If not then
1277 * we're pretty much good as is.
1278 */
1279 Status = SepRebuildDynamicPartOfToken(Token, NewDynamicLength);
1280 if (NT_SUCCESS(Status))
1281 {
1282 /* Find the primary group amongst the existing token user and groups */
1284 CapturedSid,
1285 NULL,
1286 &PrimaryGroupIndex,
1287 NULL);
1288 if (NT_SUCCESS(Status))
1289 {
1290 /*
1291 * We have found it. Add the length of
1292 * the previous primary group SID to the
1293 * available dynamic area.
1294 */
1295 Token->DynamicAvailable += RtlLengthSid(Token->PrimaryGroup);
1296
1297 /*
1298 * Move the default DACL if it's not at the
1299 * head of the dynamic part.
1300 */
1301 if ((Token->DefaultDacl) &&
1302 ((PULONG)(Token->DefaultDacl) != Token->DynamicPart))
1303 {
1304 RtlMoveMemory(Token->DynamicPart,
1305 Token->DefaultDacl,
1306 RtlLengthSid(Token->PrimaryGroup));
1307 Token->DefaultDacl = (PACL)(Token->DynamicPart);
1308 }
1309
1310 /* Take away available space from the dynamic area */
1311 Token->DynamicAvailable -= RtlLengthSid(Token->UserAndGroups[PrimaryGroupIndex].Sid);
1312
1313 /*
1314 * And assign the new primary group. For that
1315 * we have to make sure where the primary group
1316 * is going to stay in memory, so if this token
1317 * has a default DACL then add up its size with
1318 * the address of the dynamic part.
1319 */
1320 PrimaryGroup = (ULONG_PTR)(Token->DynamicPart) + AclSize;
1321 RtlCopySid(RtlLengthSid(Token->UserAndGroups[PrimaryGroupIndex].Sid),
1323 Token->UserAndGroups[PrimaryGroupIndex].Sid);
1324 Token->PrimaryGroup = (PSID)PrimaryGroup;
1325
1326 ExAllocateLocallyUniqueId(&Token->ModifiedId);
1327 }
1328 }
1329
1330 /* Unlock the token */
1332
1333 SepReleaseSid(CapturedSid,
1335 FALSE);
1336 }
1337 }
1338 else
1339 {
1341 }
1342 break;
1343 }
1344
1345 case TokenDefaultDacl:
1346 {
1348 {
1349 PTOKEN_DEFAULT_DACL tdd = (PTOKEN_DEFAULT_DACL)TokenInformation;
1350 PACL InputAcl = NULL;
1351
1352 _SEH2_TRY
1353 {
1354 InputAcl = tdd->DefaultDacl;
1355 }
1357 {
1359 _SEH2_YIELD(goto Cleanup);
1360 }
1361 _SEH2_END;
1362
1363 if (InputAcl != NULL)
1364 {
1365 PACL CapturedAcl;
1366
1367 /* Capture, validate, and copy the DACL */
1368 Status = SepCaptureAcl(InputAcl,
1370 PagedPool,
1371 TRUE,
1372 &CapturedAcl);
1373 if (NT_SUCCESS(Status))
1374 {
1375 ULONG NewDynamicLength;
1376 ULONG_PTR Acl;
1377
1378 /* Lock the token */
1380
1381 /*
1382 * We can whack the token's default DACL only if
1383 * the charged dynamic space boundary allows us
1384 * to do so. Exceeding this boundary and we're
1385 * busted out.
1386 */
1387 NewDynamicLength = CapturedAcl->AclSize + RtlLengthSid(Token->PrimaryGroup);
1388 if (NewDynamicLength > Token->DynamicCharged)
1389 {
1391 SepReleaseAcl(CapturedAcl, PreviousMode, TRUE);
1393 DPRINT1("NtSetInformationToken(): Couldn't assign new default DACL, space exceeded (current length %u, new length %lu)\n",
1394 Token->DynamicCharged, NewDynamicLength);
1395 goto Cleanup;
1396 }
1397
1398 /*
1399 * The dynamic part of the token may require a rebuild
1400 * if the current dynamic area is too small. If not then
1401 * we're pretty much good as is.
1402 */
1403 Status = SepRebuildDynamicPartOfToken(Token, NewDynamicLength);
1404 if (NT_SUCCESS(Status))
1405 {
1406 /*
1407 * Before setting up a new DACL for the
1408 * token object we add up the size of
1409 * the old DACL to the available dynamic
1410 * area
1411 */
1412 if (Token->DefaultDacl)
1413 {
1414 Token->DynamicAvailable += Token->DefaultDacl->AclSize;
1415 }
1416
1417 /*
1418 * Move the primary group if it's not at the
1419 * head of the dynamic part.
1420 */
1421 if ((PULONG)(Token->PrimaryGroup) != Token->DynamicPart)
1422 {
1423 RtlMoveMemory(Token->DynamicPart,
1424 Token->PrimaryGroup,
1425 RtlLengthSid(Token->PrimaryGroup));
1426 Token->PrimaryGroup = (PSID)(Token->DynamicPart);
1427 }
1428
1429 /* Take away available space from the dynamic area */
1430 Token->DynamicAvailable -= CapturedAcl->AclSize;
1431
1432 /* Set the new dacl */
1433 Acl = (ULONG_PTR)(Token->DynamicPart) + RtlLengthSid(Token->PrimaryGroup);
1434 RtlCopyMemory((PVOID)Acl,
1435 CapturedAcl,
1436 CapturedAcl->AclSize);
1437 Token->DefaultDacl = (PACL)Acl;
1438
1439 ExAllocateLocallyUniqueId(&Token->ModifiedId);
1440 }
1441
1442 /* Unlock the token and release the ACL */
1444 SepReleaseAcl(CapturedAcl, PreviousMode, TRUE);
1445 }
1446 }
1447 else
1448 {
1449 /* Lock the token */
1451
1452 /* Clear the default dacl if present */
1453 if (Token->DefaultDacl != NULL)
1454 {
1455 Token->DynamicAvailable += Token->DefaultDacl->AclSize;
1456 RtlZeroMemory(Token->DefaultDacl, Token->DefaultDacl->AclSize);
1457 Token->DefaultDacl = NULL;
1458
1459 ExAllocateLocallyUniqueId(&Token->ModifiedId);
1460 }
1461
1462 /* Unlock the token */
1464 }
1465 }
1466 else
1467 {
1469 }
1470 break;
1471 }
1472
1473 case TokenSessionId:
1474 {
1475 ULONG SessionId = 0;
1476
1477 _SEH2_TRY
1478 {
1479 /* Buffer size was already verified, no need to check here again */
1480 SessionId = *(PULONG)TokenInformation;
1481 }
1483 {
1485 _SEH2_YIELD(goto Cleanup);
1486 }
1487 _SEH2_END;
1488
1489 /* Check for TCB privilege */
1491 {
1493 break;
1494 }
1495
1496 /* Lock the token */
1498
1499 Token->SessionId = SessionId;
1500 ExAllocateLocallyUniqueId(&Token->ModifiedId);
1501
1502 /* Unlock the token */
1504
1505 break;
1506 }
1507
1509 {
1510 ULONG SessionReference;
1511
1512 _SEH2_TRY
1513 {
1514 /* Buffer size was already verified, no need to check here again */
1515 SessionReference = *(PULONG)TokenInformation;
1516 }
1518 {
1520 _SEH2_YIELD(goto Cleanup);
1521 }
1522 _SEH2_END;
1523
1524 /* Check for TCB privilege */
1526 {
1528 goto Cleanup;
1529 }
1530
1531 /* Check if it is 0 */
1532 if (SessionReference == 0)
1533 {
1534 ULONG OldTokenFlags;
1535
1536 /* Lock the token */
1538
1539 /* Atomically set the flag in the token */
1540 OldTokenFlags = RtlInterlockedSetBits(&Token->TokenFlags,
1542 /*
1543 * If the flag was already set, do not dereference again
1544 * the logon session. Use SessionReference as an indicator
1545 * to know whether to really dereference the session.
1546 */
1547 if (OldTokenFlags == Token->TokenFlags)
1548 SessionReference = ULONG_MAX;
1549
1550 /*
1551 * Otherwise if the flag was never set but just for this first time then
1552 * remove the referenced logon session data from the token and dereference
1553 * the logon session when needed.
1554 */
1555 if (SessionReference == 0)
1556 {
1558 SepRmDereferenceLogonSession(&Token->AuthenticationId);
1559 }
1560
1561 /* Unlock the token */
1563 }
1564 break;
1565 }
1566
1567 case TokenAuditPolicy:
1568 {
1569 PTOKEN_AUDIT_POLICY_INFORMATION PolicyInformation =
1570 (PTOKEN_AUDIT_POLICY_INFORMATION)TokenInformation;
1571 SEP_AUDIT_POLICY AuditPolicy;
1572 ULONG i;
1573
1574 _SEH2_TRY
1575 {
1576 ProbeForRead(PolicyInformation,
1578 Policies[PolicyInformation->PolicyCount]),
1579 sizeof(ULONG));
1580
1581 /* Loop all policies in the structure */
1582 for (i = 0; i < PolicyInformation->PolicyCount; i++)
1583 {
1584 /* Set the corresponding bits in the packed structure */
1585 switch (PolicyInformation->Policies[i].Category)
1586 {
1588 AuditPolicy.PolicyElements.System = PolicyInformation->Policies[i].Value;
1589 break;
1590
1591 case AuditCategoryLogon:
1592 AuditPolicy.PolicyElements.Logon = PolicyInformation->Policies[i].Value;
1593 break;
1594
1596 AuditPolicy.PolicyElements.ObjectAccess = PolicyInformation->Policies[i].Value;
1597 break;
1598
1600 AuditPolicy.PolicyElements.PrivilegeUse = PolicyInformation->Policies[i].Value;
1601 break;
1602
1604 AuditPolicy.PolicyElements.DetailedTracking = PolicyInformation->Policies[i].Value;
1605 break;
1606
1608 AuditPolicy.PolicyElements.PolicyChange = PolicyInformation->Policies[i].Value;
1609 break;
1610
1612 AuditPolicy.PolicyElements.AccountManagement = PolicyInformation->Policies[i].Value;
1613 break;
1614
1616 AuditPolicy.PolicyElements.DirectoryServiceAccess = PolicyInformation->Policies[i].Value;
1617 break;
1618
1620 AuditPolicy.PolicyElements.AccountLogon = PolicyInformation->Policies[i].Value;
1621 break;
1622 }
1623 }
1624 }
1626 {
1628 _SEH2_YIELD(goto Cleanup);
1629 }
1630 _SEH2_END;
1631
1632 /* Check for TCB privilege */
1634 {
1636 break;
1637 }
1638
1639 /* Lock the token */
1641
1642 /* Set the new audit policy */
1643 Token->AuditPolicy = AuditPolicy;
1644 ExAllocateLocallyUniqueId(&Token->ModifiedId);
1645
1646 /* Unlock the token */
1648
1649 break;
1650 }
1651
1652 case TokenOrigin:
1653 {
1655
1656 _SEH2_TRY
1657 {
1658 /* Copy the token origin */
1659 TokenOrigin = *(PTOKEN_ORIGIN)TokenInformation;
1660 }
1662 {
1664 _SEH2_YIELD(goto Cleanup);
1665 }
1666 _SEH2_END;
1667
1668 /* Check for TCB privilege */
1670 {
1672 break;
1673 }
1674
1675 /* Lock the token */
1677
1678 /* Check if there is no token origin set yet */
1679 if (RtlIsZeroLuid(&Token->OriginatingLogonSession))
1680 {
1681 /* Set the token origin */
1682 Token->OriginatingLogonSession =
1683 TokenOrigin.OriginatingLogonSession;
1684
1685 ExAllocateLocallyUniqueId(&Token->ModifiedId);
1686 }
1687
1688 /* Unlock the token */
1690
1691 break;
1692 }
1693
1694 default:
1695 {
1696 DPRINT1("Invalid TokenInformationClass: 0x%lx\n",
1699 break;
1700 }
1701 }
1702Cleanup:
1704 }
1705
1706 if (!NT_SUCCESS(Status))
1707 {
1708 DPRINT1("NtSetInformationToken failed with Status 0x%lx\n", Status);
1709 }
1710
1711 return Status;
1712}
#define RTL_NUMBER_OF(x)
Definition: RtlRegistry.c:12
ULONG SessionId
Definition: dllmain.c:28
#define ULONG_PTR
Definition: config.h:101
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
#define ULONG_MAX
Definition: limits.h:44
NTSYSAPI BOOLEAN WINAPI RtlCopySid(DWORD, PSID, PSID)
struct _SID * PSID
Definition: eventlog.c:35
struct _ACL * PACL
Definition: security.c:105
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ OwnerSize PSID _Inout_ PULONG _Out_writes_bytes_to_opt_ PrimaryGroupSize PSID PrimaryGroup
Definition: rtlfuncs.h:1599
NTSYSAPI ULONG NTAPI RtlLengthSid(IN PSID Sid)
Definition: sid.c:150
_In_ TOKEN_INFORMATION_CLASS TokenInformationClass
Definition: sefuncs.h:317
_In_ TOKEN_INFORMATION_CLASS _In_ ULONG TokenInformationLength
Definition: sefuncs.h:319
VOID NTAPI ExAllocateLocallyUniqueId(OUT LUID *LocallyUniqueId)
Definition: uuid.c:335
static __inline NTSTATUS DefaultSetInfoBufferCheck(_In_ ULONG Class, _In_ const INFORMATION_CLASS_INFO *ClassList, _In_ ULONG ClassListEntries, _In_ PVOID Buffer, _In_ ULONG BufferLength, _In_ KPROCESSOR_MODE PreviousMode)
Probe helper that validates the provided parameters whenever a NtSet*** system call is invoked from u...
Definition: probe.h:70
NTSTATUS NTAPI SepRmRemoveLogonSessionFromToken(_Inout_ PTOKEN Token)
Removes a logon session from an access token.
Definition: srm.c:449
VOID NTAPI SepReleaseSid(_In_ PSID CapturedSid, _In_ KPROCESSOR_MODE AccessMode, _In_ BOOLEAN CaptureIfKernel)
Releases a captured SID.
Definition: sid.c:400
NTSTATUS SepRmDereferenceLogonSession(_Inout_ PLUID LogonLuid)
NTSTATUS NTAPI SepCaptureSid(_In_ PSID InputSid, _In_ KPROCESSOR_MODE AccessMode, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PSID *CapturedSid)
Captures a SID.
Definition: sid.c:314
NTSTATUS SepFindPrimaryGroupAndDefaultOwner(_In_ PTOKEN Token, _In_ PSID PrimaryGroup, _In_opt_ PSID DefaultOwner, _Out_opt_ PULONG PrimaryGroupIndex, _Out_opt_ PULONG DefaultOwnerIndex)
Finds the primary group and default owner entity based on the submitted primary group instance and an...
Definition: token.c:1011
VOID NTAPI SepReleaseAcl(_In_ PACL CapturedAcl, _In_ KPROCESSOR_MODE AccessMode, _In_ BOOLEAN CaptureIfKernel)
Releases (frees) a captured ACL from the memory pool.
Definition: acl.c:464
const LUID SeTcbPrivilege
Definition: priv.c:26
#define SepAcquireTokenLockExclusive(Token)
Definition: se.h:285
NTSTATUS NTAPI SepCaptureAcl(_In_ PACL InputAcl, _In_ KPROCESSOR_MODE AccessMode, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PACL *CapturedAcl)
Captures an access control list from an already valid input ACL.
Definition: acl.c:352
struct _TOKEN_AUDIT_POLICY_INFORMATION * PTOKEN_AUDIT_POLICY_INFORMATION
#define SepReleaseTokenLock(Token)
Definition: se.h:296
NTSTATUS SepRebuildDynamicPartOfToken(_In_ PTOKEN Token, _In_ ULONG NewDynamicPartSize)
BOOLEAN NTAPI SeSinglePrivilegeCheck(_In_ LUID PrivilegeValue, _In_ KPROCESSOR_MODE PreviousMode)
Checks if a single privilege is present in the context of the calling thread.
Definition: priv.c:744
@ AuditCategoryLogon
Definition: ntsecapi.h:261
@ AuditCategoryAccountManagement
Definition: ntsecapi.h:266
@ AuditCategoryAccountLogon
Definition: ntsecapi.h:268
@ AuditCategoryPolicyChange
Definition: ntsecapi.h:265
@ AuditCategorySystem
Definition: ntsecapi.h:260
@ AuditCategoryObjectAccess
Definition: ntsecapi.h:262
@ AuditCategoryDirectoryServiceAccess
Definition: ntsecapi.h:267
@ AuditCategoryDetailedTracking
Definition: ntsecapi.h:264
@ AuditCategoryPrivilegeUse
Definition: ntsecapi.h:263
#define STATUS_ALLOTTED_SPACE_EXCEEDED
Definition: ntstatus.h:389
#define STATUS_INVALID_INFO_CLASS
Definition: ntstatus.h:240
USHORT AclSize
Definition: ms-dtyp.idl:296
SEP_AUDIT_POLICY_CATEGORIES PolicyElements
Definition: setypes.h:158
struct _TOKEN_AUDIT_POLICY_INFORMATION::@1801 Policies[1]
PSID Owner
Definition: setypes.h:1028
static const INFORMATION_CLASS_INFO SeTokenInformationClass[]
Definition: tokencls.c:19
uint32_t * PULONG
Definition: typedefs.h:59
uint32_t ULONG_PTR
Definition: typedefs.h:65
#define RtlMoveMemory(Destination, Source, Length)
Definition: typedefs.h:264
#define STATUS_INFO_LENGTH_MISMATCH
Definition: udferr_usr.h:133
#define RtlIsZeroLuid(_L1)
Definition: rtlfuncs.h:753
#define RtlInterlockedSetBits(Flags, Flag)
Definition: rtlfuncs.h:3434
struct _TOKEN_PRIMARY_GROUP * PTOKEN_PRIMARY_GROUP
#define TOKEN_SESSION_NOT_REFERENCED
Definition: setypes.h:1184
struct _TOKEN_DEFAULT_DACL * PTOKEN_DEFAULT_DACL
struct _TOKEN_ORIGIN * PTOKEN_ORIGIN
#define TOKEN_ADJUST_SESSIONID
Definition: setypes.h:933
@ TokenDefaultDacl
Definition: setypes.h:971
@ TokenAuditPolicy
Definition: setypes.h:981
@ TokenOrigin
Definition: setypes.h:982
@ TokenPrimaryGroup
Definition: setypes.h:970
@ TokenSessionId
Definition: setypes.h:977
@ TokenSessionReference
Definition: setypes.h:979
@ TokenOwner
Definition: setypes.h:969
#define TOKEN_ADJUST_DEFAULT
Definition: setypes.h:932
struct _TOKEN_OWNER * PTOKEN_OWNER

Referenced by SetTokenDefaultDaclTests(), SetTokenInformation(), SetTokenSessionIdTests(), and START_TEST().

◆ NtSetQuotaInformationFile()

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtSetQuotaInformationFile ( _In_ HANDLE  FileHandle,
_Out_ PIO_STATUS_BLOCK  IoStatusBlock,
_In_reads_bytes_(Length) PVOID  Buffer,
_In_ ULONG  Length 
)

◆ NtSetVolumeInformationFile()

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtSetVolumeInformationFile ( _In_ HANDLE  FileHandle,
_Out_ PIO_STATUS_BLOCK  IoStatusBlock,
_In_reads_bytes_(Length) PVOID  FsInformation,
_In_ ULONG  Length,
_In_ FS_INFORMATION_CLASS  FsInformationClass 
)

◆ NtUnlockFile()

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtUnlockFile ( _In_ HANDLE  FileHandle,
_Out_ PIO_STATUS_BLOCK  IoStatusBlock,
_In_ PLARGE_INTEGER  ByteOffset,
_In_ PLARGE_INTEGER  Length,
_In_ ULONG  Key 
)

◆ NtWriteFile()

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtWriteFile ( _In_ HANDLE  FileHandle,
_In_opt_ HANDLE  Event,
_In_opt_ PIO_APC_ROUTINE  ApcRoutine,
_In_opt_ PVOID  ApcContext,
_Out_ PIO_STATUS_BLOCK  IoStatusBlock,
_In_reads_bytes_(Length) PVOID  Buffer,
_In_ ULONG  Length,
_In_opt_ PLARGE_INTEGER  ByteOffset,
_In_opt_ PULONG  Key 
)

◆ ObCreateObject()

NTKERNELAPI NTSTATUS NTAPI ObCreateObject ( _In_opt_ KPROCESSOR_MODE  ObjectAttributesAccessMode,
_In_ POBJECT_TYPE  ObjectType,
_In_opt_ POBJECT_ATTRIBUTES  ObjectAttributes,
_In_ KPROCESSOR_MODE  AccessMode,
_Inout_opt_ PVOID  ParseContext,
_In_ ULONG  ObjectSize,
_In_opt_ ULONG  PagedPoolCharge,
_In_opt_ ULONG  NonPagedPoolCharge,
_Out_ PVOID Object 
)

◆ ObReferenceObjectByName()

NTKERNELAPI NTSTATUS NTAPI ObReferenceObjectByName ( _In_ PUNICODE_STRING  ObjectName,
_In_ ULONG  Attributes,
_In_opt_ PACCESS_STATE  PassedAccessState,
_In_opt_ ACCESS_MASK  DesiredAccess,
_In_ POBJECT_TYPE  ObjectType,
_In_ KPROCESSOR_MODE  AccessMode,
_Inout_opt_ PVOID  ParseContext,
_Out_ PVOID Object 
)

◆ PsLookupProcessThreadByCid()

NTKERNELAPI NTSTATUS NTAPI PsLookupProcessThreadByCid ( _In_ PCLIENT_ID  Cid,
_Out_opt_ PEPROCESS Process,
_Out_ PETHREAD Thread 
)

◆ RtlSetSaclSecurityDescriptor()

NTSYSAPI NTSTATUS NTAPI RtlSetSaclSecurityDescriptor ( _Inout_ PSECURITY_DESCRIPTOR  SecurityDescriptor,
_In_ BOOLEAN  SaclPresent,
_In_ PACL  Sacl,
_In_ BOOLEAN  SaclDefaulted 
)

Variable Documentation

◆ AuthenticationInformationLength

Definition at line 711 of file ntifs.template.h.

Referenced by LsaLogonUser().

◆ AuthenticationPackage

Definition at line 709 of file ntifs.template.h.

◆ Length

◆ LengthNeeded

Definition at line 360 of file ntifs.template.h.

◆ LocalGroups

◆ LogonId

◆ LogonType

◆ LsaHandle

◆ NlsOemLeadByteInfo

PUSHORT* NlsOemLeadByteInfo
extern

Definition at line 23 of file nlsboot.c.

◆ ObjectInformationClass

_In_ OBJECT_INFORMATION_CLASS ObjectInformationClass

Definition at line 80 of file ntifs.template.h.

◆ ObjectInformationLength

_In_ OBJECT_INFORMATION_CLASS _In_ ULONG ObjectInformationLength

Definition at line 82 of file ntifs.template.h.

◆ OriginName

Definition at line 707 of file ntifs.template.h.

Referenced by LogonUserExW(), LsaLogonUser(), and MyLogonUser().

◆ PPUBLIC_OBJECT_BASIC_INFORMATION

◆ ProfileBuffer

◆ ProfileBufferLength

◆ PUBLIC_OBJECT_BASIC_INFORMATION

◆ Quotas

◆ ReturnLength

Definition at line 83 of file ntifs.template.h.

◆ SecurityDescriptor

◆ SecurityInformation

_In_ SECURITY_INFORMATION SecurityInformation

Definition at line 347 of file ntifs.template.h.

◆ SecurityMode

◆ SourceContext

◆ SubStatus

◆ Token

Definition at line 717 of file ntifs.template.h.

◆ TokenInformationClass

_In_ TOKEN_INFORMATION_CLASS TokenInformationClass

Definition at line 118 of file ntifs.template.h.

◆ TokenInformationLength

_In_ TOKEN_INFORMATION_CLASS _In_ ULONG TokenInformationLength

Definition at line 120 of file ntifs.template.h.