26#define _NTIFS_INCLUDED_
49#define FlagOn(_F,_SF) ((_F) & (_SF))
53#define BooleanFlagOn(F,SF) ((BOOLEAN)(((F) & (SF)) != 0))
57#define SetFlag(_F,_SF) ((_F) |= (_SF))
61#define ClearFlag(_F,_SF) ((_F) &= ~(_SF))
85#if (NTDDI_VERSION >= NTDDI_WIN2K)
372#if (NTDDI_VERSION >= NTDDI_WINXP)
647#define COMPRESSION_FORMAT_NONE (0x0000)
648#define COMPRESSION_FORMAT_DEFAULT (0x0001)
649#define COMPRESSION_FORMAT_LZNT1 (0x0002)
650#define COMPRESSION_ENGINE_STANDARD (0x0000)
651#define COMPRESSION_ENGINE_MAXIMUM (0x0100)
652#define COMPRESSION_ENGINE_HIBER (0x0200)
654#define MAX_UNICODE_STACK_BUFFER_LENGTH 256
656#define METHOD_FROM_CTL_CODE(ctrlCode) ((ULONG)(ctrlCode & 3))
658#define METHOD_DIRECT_TO_HARDWARE METHOD_IN_DIRECT
659#define METHOD_DIRECT_FROM_HARDWARE METHOD_OUT_DIRECT
673#if (_WIN32_WINNT >= 0x0501)
677#if (_WIN32_WINNT >= 0x0502)
678 CachedRemoteInteractive,
731#define MSV1_0_PACKAGE_NAME "MICROSOFT_AUTHENTICATION_PACKAGE_V1_0"
732#define MSV1_0_PACKAGE_NAMEW L"MICROSOFT_AUTHENTICATION_PACKAGE_V1_0"
733#define MSV1_0_PACKAGE_NAMEW_LENGTH sizeof(MSV1_0_PACKAGE_NAMEW) - sizeof(WCHAR)
735#define MSV1_0_SUBAUTHENTICATION_KEY "SYSTEM\\CurrentControlSet\\Control\\Lsa\\MSV1_0"
736#define MSV1_0_SUBAUTHENTICATION_VALUE "Auth"
738#define MSV1_0_CHALLENGE_LENGTH 8
739#define MSV1_0_USER_SESSION_KEY_LENGTH 16
740#define MSV1_0_LANMAN_SESSION_KEY_LENGTH 8
742#define MSV1_0_CLEARTEXT_PASSWORD_ALLOWED 0x02
743#define MSV1_0_UPDATE_LOGON_STATISTICS 0x04
744#define MSV1_0_RETURN_USER_PARAMETERS 0x08
745#define MSV1_0_DONT_TRY_GUEST_ACCOUNT 0x10
746#define MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT 0x20
747#define MSV1_0_RETURN_PASSWORD_EXPIRY 0x40
748#define MSV1_0_USE_CLIENT_CHALLENGE 0x80
749#define MSV1_0_TRY_GUEST_ACCOUNT_ONLY 0x100
750#define MSV1_0_RETURN_PROFILE_PATH 0x200
751#define MSV1_0_TRY_SPECIFIED_DOMAIN_ONLY 0x400
752#define MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT 0x800
754#define MSV1_0_DISABLE_PERSONAL_FALLBACK 0x00001000
755#define MSV1_0_ALLOW_FORCE_GUEST 0x00002000
757#if (_WIN32_WINNT >= 0x0502)
758#define MSV1_0_CLEARTEXT_PASSWORD_SUPPLIED 0x00004000
759#define MSV1_0_USE_DOMAIN_FOR_ROUTING_ONLY 0x00008000
762#define MSV1_0_SUBAUTHENTICATION_DLL_EX 0x00100000
763#define MSV1_0_ALLOW_MSVCHAPV2 0x00010000
765#if (_WIN32_WINNT >= 0x0600)
766#define MSV1_0_S4U2SELF 0x00020000
767#define MSV1_0_CHECK_LOGONHOURS_FOR_S4U 0x00040000
770#define MSV1_0_SUBAUTHENTICATION_DLL 0xFF000000
771#define MSV1_0_SUBAUTHENTICATION_DLL_SHIFT 24
772#define MSV1_0_MNS_LOGON 0x01000000
774#define MSV1_0_SUBAUTHENTICATION_DLL_RAS 2
775#define MSV1_0_SUBAUTHENTICATION_DLL_IIS 132
777#define LOGON_GUEST 0x01
778#define LOGON_NOENCRYPTION 0x02
779#define LOGON_CACHED_ACCOUNT 0x04
780#define LOGON_USED_LM_PASSWORD 0x08
781#define LOGON_EXTRA_SIDS 0x20
782#define LOGON_SUBAUTH_SESSION_KEY 0x40
783#define LOGON_SERVER_TRUST_ACCOUNT 0x80
784#define LOGON_NTLMV2_ENABLED 0x100
785#define LOGON_RESOURCE_GROUPS 0x200
786#define LOGON_PROFILE_PATH_RETURNED 0x400
787#define LOGON_NT_V2 0x800
788#define LOGON_LM_V2 0x1000
789#define LOGON_NTLM_V2 0x2000
791#if (_WIN32_WINNT >= 0x0600)
793#define LOGON_OPTIMIZED 0x4000
794#define LOGON_WINLOGON 0x8000
795#define LOGON_PKINIT 0x10000
796#define LOGON_NO_OPTIMIZED 0x20000
800#define MSV1_0_SUBAUTHENTICATION_FLAGS 0xFF000000
802#define LOGON_GRACE_LOGON 0x01000000
804#define MSV1_0_OWF_PASSWORD_LENGTH 16
805#define MSV1_0_CRED_LM_PRESENT 0x1
806#define MSV1_0_CRED_NT_PRESENT 0x2
807#define MSV1_0_CRED_VERSION 0
809#define MSV1_0_NTLM3_RESPONSE_LENGTH 16
810#define MSV1_0_NTLM3_OWF_LENGTH 16
812#if (_WIN32_WINNT == 0x0500)
813#define MSV1_0_MAX_NTLM3_LIFE 1800
815#define MSV1_0_MAX_NTLM3_LIFE 129600
817#define MSV1_0_MAX_AVL_SIZE 64000
819#if (_WIN32_WINNT >= 0x0501)
821#define MSV1_0_AV_FLAG_FORCE_GUEST 0x00000001
823#if (_WIN32_WINNT >= 0x0600)
824#define MSV1_0_AV_FLAG_MIC_HANDSHAKE_MESSAGES 0x00000002
829#define MSV1_0_NTLM3_INPUT_LENGTH (sizeof(MSV1_0_NTLM3_RESPONSE) - MSV1_0_NTLM3_RESPONSE_LENGTH)
831#if(_WIN32_WINNT >= 0x0502)
832#define MSV1_0_NTLM3_MIN_NT_RESPONSE_LENGTH RTL_SIZEOF_THROUGH_FIELD(MSV1_0_NTLM3_RESPONSE, AvPairsOff)
835#define USE_PRIMARY_PASSWORD 0x01
836#define RETURN_PRIMARY_USERNAME 0x02
837#define RETURN_PRIMARY_LOGON_DOMAINNAME 0x04
838#define RETURN_NON_NT_USER_SESSION_KEY 0x08
839#define GENERATE_CLIENT_CHALLENGE 0x10
840#define GCR_NTLM3_PARMS 0x20
841#define GCR_TARGET_INFO 0x40
842#define RETURN_RESERVED_PARAMETER 0x80
843#define GCR_ALLOW_NTLM 0x100
844#define GCR_USE_OEM_SET 0x200
845#define GCR_MACHINE_CREDENTIAL 0x400
846#define GCR_USE_OWF_PASSWORD 0x800
847#define GCR_ALLOW_LM 0x1000
848#define GCR_ALLOW_NO_TARGET 0x2000
915#if (_WIN32_WINNT >= 0x0600)
917#define MSV1_0_S4U_LOGON_FLAG_CHECK_LOGONHOURS 0x2
919typedef struct _MSV1_0_S4U_LOGON {
924} MSV1_0_S4U_LOGON, *PMSV1_0_S4U_LOGON;
965#if (_WIN32_WINNT >= 0x0501)
968#if (_WIN32_WINNT >= 0x0600)
972 MsvAvChannelBindings,
995#if (_WIN32_WINNT >= 0x0501)
998#if (_WIN32_WINNT >= 0x0600)
999 MsV1_0ConfigLocalAliases,
1000 MsV1_0ClearCachedCredentials,
1082#define SYSTEM_PAGE_PRIORITY_BITS 3
1083#define SYSTEM_PAGE_PRIORITY_LEVELS (1 << SYSTEM_PAGE_PRIORITY_BITS)
1117#if (NTDDI_VERSION >= NTDDI_WIN2K)
1122HalGetDmaAlignmentRequirement(
1127#if defined(_M_IX86) || defined(_M_AMD64)
1128#define HalGetDmaAlignmentRequirement() 1L
1133#define NLS_OEM_LEAD_BYTE_INFO NlsOemLeadByteInfo
1137#define NLS_OEM_LEAD_BYTE_INFO (*NlsOemLeadByteInfo)
1140#if (NTDDI_VERSION >= NTDDI_VISTA)
1156#if (NTDDI_VERSION >= NTDDI_WIN7)
1158#define NETWORK_OPEN_ECP_IN_FLAG_DISABLE_HANDLE_COLLAPSING 0x1
1159#define NETWORK_OPEN_ECP_IN_FLAG_DISABLE_HANDLE_DURABILITY 0x2
1160#define NETWORK_OPEN_ECP_IN_FLAG_FORCE_BUFFERED_SYNCHRONOUS_IO_HACK 0x80000000
1194#elif (NTDDI_VERSION >= NTDDI_VISTA)
1211DEFINE_GUID(GUID_ECP_NETWORK_OPEN_CONTEXT, 0xc584edbf, 0x00df, 0x4d28, 0xb8, 0x84, 0x35, 0xba, 0xca, 0x89, 0x11, 0xe8);
1216#if (NTDDI_VERSION >= NTDDI_VISTA)
1222DEFINE_GUID(GUID_ECP_PREFETCH_OPEN, 0xe1777b21, 0x847e, 0x4837, 0xaa, 0x45, 0x64, 0x16, 0x1d, 0x28, 0x6, 0x55);
1226#if (NTDDI_VERSION >= NTDDI_WIN7)
1228DEFINE_GUID (GUID_ECP_NFS_OPEN, 0xf326d30c, 0xe5f8, 0x4fe7, 0xab, 0x74, 0xf5, 0xa3, 0x19, 0x6d, 0x92, 0xdb);
1229DEFINE_GUID (GUID_ECP_SRV_OPEN, 0xbebfaebc, 0xaabf, 0x489d, 0x9d, 0x2c, 0xe9, 0xe3, 0x61, 0x10, 0x28, 0x53);
1249#define PIN_EXCLUSIVE (2)
1250#define PIN_NO_READ (4)
1251#define PIN_IF_BCB (8)
1252#define PIN_CALLER_TRACKS_DIRTY_DATA (32)
1253#define PIN_HIGH_PRIORITY (64)
1256#define MAP_NO_READ (16)
1257#define MAP_HIGH_PRIORITY (64)
1259#define IOCTL_REDIR_QUERY_PATH CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 99, METHOD_NEITHER, FILE_ANY_ACCESS)
1260#define IOCTL_REDIR_QUERY_PATH_EX CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 100, METHOD_NEITHER, FILE_ANY_ACCESS)
1281#define VOLSNAPCONTROLTYPE 0x00000053
1282#define IOCTL_VOLSNAP_FLUSH_AND_HOLD_WRITES CTL_CODE(VOLSNAPCONTROLTYPE, 0, METHOD_BUFFERED, FILE_READ_ACCESS | FILE_WRITE_ACCESS)
1285#ifndef VER_PRODUCTBUILD
1286#define VER_PRODUCTBUILD 10000
1291#define FS_LFN_APIS 0x00004000
1293#define FILE_STORAGE_TYPE_SPECIFIED 0x00000041
1294#define FILE_STORAGE_TYPE_DEFAULT (StorageTypeDefault << FILE_STORAGE_TYPE_SHIFT)
1295#define FILE_STORAGE_TYPE_DIRECTORY (StorageTypeDirectory << FILE_STORAGE_TYPE_SHIFT)
1296#define FILE_STORAGE_TYPE_FILE (StorageTypeFile << FILE_STORAGE_TYPE_SHIFT)
1297#define FILE_STORAGE_TYPE_DOCFILE (StorageTypeDocfile << FILE_STORAGE_TYPE_SHIFT)
1298#define FILE_STORAGE_TYPE_JUNCTION_POINT (StorageTypeJunctionPoint << FILE_STORAGE_TYPE_SHIFT)
1299#define FILE_STORAGE_TYPE_CATALOG (StorageTypeCatalog << FILE_STORAGE_TYPE_SHIFT)
1300#define FILE_STORAGE_TYPE_STRUCTURED_STORAGE (StorageTypeStructuredStorage << FILE_STORAGE_TYPE_SHIFT)
1301#define FILE_STORAGE_TYPE_EMBEDDING (StorageTypeEmbedding << FILE_STORAGE_TYPE_SHIFT)
1302#define FILE_STORAGE_TYPE_STREAM (StorageTypeStream << FILE_STORAGE_TYPE_SHIFT)
1303#define FILE_MINIMUM_STORAGE_TYPE FILE_STORAGE_TYPE_DEFAULT
1304#define FILE_MAXIMUM_STORAGE_TYPE FILE_STORAGE_TYPE_STREAM
1305#define FILE_STORAGE_TYPE_MASK 0x000f0000
1306#define FILE_STORAGE_TYPE_SHIFT 16
1308#define FILE_VC_QUOTAS_LOG_VIOLATIONS 0x00000004
1311#define HARDWARE_PTE HARDWARE_PTE_X86
1312#define PHARDWARE_PTE PHARDWARE_PTE_X86
1315#define IO_ATTACH_DEVICE_API 0x80000000
1317#define IO_TYPE_APC 18
1318#define IO_TYPE_DPC 19
1319#define IO_TYPE_DEVICE_QUEUE 20
1320#define IO_TYPE_EVENT_PAIR 21
1321#define IO_TYPE_INTERRUPT 22
1322#define IO_TYPE_PROFILE 23
1324#define IRP_BEING_VERIFIED 0x10
1326#define MAILSLOT_CLASS_FIRSTCLASS 1
1327#define MAILSLOT_CLASS_SECONDCLASS 2
1329#define MAILSLOT_SIZE_AUTO 0
1331#define MEM_DOS_LIM 0x40000000
1333#define OB_TYPE_TYPE 1
1334#define OB_TYPE_DIRECTORY 2
1335#define OB_TYPE_SYMBOLIC_LINK 3
1336#define OB_TYPE_TOKEN 4
1337#define OB_TYPE_PROCESS 5
1338#define OB_TYPE_THREAD 6
1339#define OB_TYPE_EVENT 7
1340#define OB_TYPE_EVENT_PAIR 8
1341#define OB_TYPE_MUTANT 9
1342#define OB_TYPE_SEMAPHORE 10
1343#define OB_TYPE_TIMER 11
1344#define OB_TYPE_PROFILE 12
1345#define OB_TYPE_WINDOW_STATION 13
1346#define OB_TYPE_DESKTOP 14
1347#define OB_TYPE_SECTION 15
1348#define OB_TYPE_KEY 16
1349#define OB_TYPE_PORT 17
1350#define OB_TYPE_ADAPTER 18
1351#define OB_TYPE_CONTROLLER 19
1352#define OB_TYPE_DEVICE 20
1353#define OB_TYPE_DRIVER 21
1354#define OB_TYPE_IO_COMPLETION 22
1355#define OB_TYPE_FILE 23
1357#define SEC_BASED 0x00200000
1361#if (VER_PRODUCTBUILD >= 1381)
1362#define FSCTL_GET_HFS_INFORMATION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 31, METHOD_BUFFERED, FILE_ANY_ACCESS)
1365#if (VER_PRODUCTBUILD >= 2195)
1367#define FSCTL_READ_PROPERTY_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 33, METHOD_NEITHER, FILE_ANY_ACCESS)
1368#define FSCTL_WRITE_PROPERTY_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 34, METHOD_NEITHER, FILE_ANY_ACCESS)
1370#define FSCTL_DUMP_PROPERTY_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 37, METHOD_NEITHER, FILE_ANY_ACCESS)
1372#define FSCTL_HSM_MSG CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 66, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA)
1373#define FSCTL_NSS_CONTROL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 67, METHOD_BUFFERED, FILE_WRITE_DATA)
1374#define FSCTL_HSM_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 68, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA)
1375#define FSCTL_NSS_RCONTROL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 70, METHOD_BUFFERED, FILE_READ_DATA)
1378#define FSCTL_NETWORK_SET_CONFIGURATION_INFO CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 102, METHOD_IN_DIRECT, FILE_ANY_ACCESS)
1379#define FSCTL_NETWORK_GET_CONFIGURATION_INFO CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 103, METHOD_OUT_DIRECT, FILE_ANY_ACCESS)
1380#define FSCTL_NETWORK_GET_CONNECTION_INFO CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 104, METHOD_NEITHER, FILE_ANY_ACCESS)
1381#define FSCTL_NETWORK_ENUMERATE_CONNECTIONS CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 105, METHOD_NEITHER, FILE_ANY_ACCESS)
1382#define FSCTL_NETWORK_DELETE_CONNECTION CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 107, METHOD_BUFFERED, FILE_ANY_ACCESS)
1383#define FSCTL_NETWORK_GET_STATISTICS CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 116, METHOD_BUFFERED, FILE_ANY_ACCESS)
1384#define FSCTL_NETWORK_SET_DOMAIN_NAME CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 120, METHOD_BUFFERED, FILE_ANY_ACCESS)
1385#define FSCTL_NETWORK_REMOTE_BOOT_INIT_SCRT CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 250, METHOD_BUFFERED, FILE_ANY_ACCESS)
1579#if defined(USE_LPC6432)
1580#define LPC_CLIENT_ID CLIENT_ID64
1581#define LPC_SIZE_T ULONGLONG
1582#define LPC_PVOID ULONGLONG
1583#define LPC_HANDLE ULONGLONG
1585#define LPC_CLIENT_ID CLIENT_ID
1586#define LPC_SIZE_T SIZE_T
1587#define LPC_PVOID PVOID
1588#define LPC_HANDLE HANDLE
1624#define LPC_KERNELMODE_MESSAGE (CSHORT)((USHORT)0x8000)
1759#define PsDereferenceImpersonationToken(T) \
1760 {if (ARGUMENT_PRESENT(T)) { \
1761 (ObDereferenceObject((T))); \
1786#define SeEnableAccessToExports() SeExports = *(PSE_EXPORTS *)SeExports;
NTSTATUS NtQueryObject(IN HANDLE Handle, IN OBJECT_INFO_CLASS ObjectInformationClass, OUT PVOID ObjectInformation, IN ULONG ObjectInformationLength, OUT PULONG ReturnLength)
static GENERIC_MAPPING GenericMapping
static WCHAR ServiceName[]
_In_ PFCB _In_ LONGLONG FileOffset
IN CINT OUT PVOID ObjectInformation
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
enum _THREADINFOCLASS THREADINFOCLASS
_In_ PIO_STACK_LOCATION _Inout_ PFILE_OBJECT _Inout_ PVCB _Outptr_result_maybenull_ PDCB _In_ PDCB _In_ PDIRENT _In_ ULONG _In_ ULONG _In_ PUNICODE_STRING _In_ PACCESS_MASK _In_ USHORT ShareAccess
#define _IRQL_requires_same_
#define _IRQL_requires_max_(irql)
IN PLARGE_INTEGER IN PLARGE_INTEGER PEPROCESS ULONG BOOLEAN BOOLEAN ExclusiveLock
IN PLARGE_INTEGER IN PLARGE_INTEGER PEPROCESS ULONG BOOLEAN FailImmediately
IN PVCB IN PDIRENT OUT PULONG EaLength
IN PDCB IN PCCB IN VBO IN OUT PULONG OUT PDIRENT OUT PBCB OUT PVBO ByteOffset
IN PFCB IN PFILE_OBJECT FileObject IN ULONG AllocationSize
_Must_inspect_result_ _In_ PFILE_OBJECT _In_ ULONG _In_ BOOLEAN _In_ ULONG _In_opt_ PULONG _In_ BOOLEAN RestartScan
_Must_inspect_result_ _In_ PFILE_OBJECT _In_ ULONG _In_ FS_INFORMATION_CLASS FsInformationClass
_Must_inspect_result_ _In_opt_ PFLT_INSTANCE _Out_ PHANDLE _In_ ACCESS_MASK _In_ POBJECT_ATTRIBUTES _Out_ PIO_STATUS_BLOCK _In_opt_ PLARGE_INTEGER _In_ ULONG FileAttributes
_Must_inspect_result_ _In_ PFILE_OBJECT _In_ ULONG FsControlCode
_Must_inspect_result_ _In_opt_ PFLT_INSTANCE _Out_ PHANDLE FileHandle
_Must_inspect_result_ _In_ PFILE_OBJECT _In_ ULONG _In_ BOOLEAN ReturnSingleEntry
_Inout_ PLIST_ENTRY _In_ PVOID _In_ PSTRING FullDirectoryName
_Inout_ PLIST_ENTRY _In_ PVOID _In_ PSTRING _In_ BOOLEAN _In_ BOOLEAN _In_ ULONG CompletionFilter
_Inout_ PLIST_ENTRY _In_ PVOID _In_ PSTRING _In_ BOOLEAN WatchTree
_In_opt_ PFILE_OBJECT _In_opt_ PETHREAD Thread
_Inout_ PLIST_ENTRY NotifyList
_Inout_ PLIST_ENTRY _In_ PVOID FsContext
enum _FILE_INFORMATION_CLASS FILE_INFORMATION_CLASS
enum _FSINFOCLASS FS_INFORMATION_CLASS
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ ULONG _In_ ULONG _Outptr_ PMDL * MdlChain
_In_ PLIST_ENTRY _In_ PVOID _In_ PSTRING _In_ BOOLEAN _In_ BOOLEAN _In_ ULONG _In_opt_ PIRP NotifyIrp
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
GLfloat GLfloat GLfloat GLfloat h
enum _OBJECT_INFORMATION_CLASS OBJECT_INFORMATION_CLASS
static POBJECTS_AND_NAME_A SE_OBJECT_TYPE LPSTR ObjectTypeName
static OUT PIO_STATUS_BLOCK IoStatusBlock
static OUT PIO_STATUS_BLOCK OUT PVOID FileInformation
static OUT PIO_STATUS_BLOCK OUT PVOID IN ULONG IN FILE_INFORMATION_CLASS FileInformationClass
DWORD SECURITY_INFORMATION
#define _In_reads_bytes_(size)
#define _Out_writes_bytes_(size)
#define _Out_writes_(size)
#define _At_(target, annos)
#define _Must_inspect_result_
#define _In_reads_opt_(size)
#define _When_(expr, annos)
#define _Out_writes_bytes_to_opt_(size, count)
#define _In_reads_bytes_opt_(size)
#define _In_range_(lb, ub)
#define _Out_writes_bytes_opt_(size)
_Must_inspect_result_ _Out_ PNDIS_STATUS _Out_ PNDIS_STATUS _Out_ PNDIS_HANDLE _Out_ PUINT _In_ UINT _In_ NDIS_HANDLE _In_ NDIS_HANDLE _In_ PNDIS_STRING _In_ UINT OpenOptions
_In_opt_ HANDLE _In_opt_ PIO_APC_ROUTINE _In_opt_ PVOID ApcContext
_In_opt_ HANDLE _In_opt_ PIO_APC_ROUTINE ApcRoutine
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_opt_ PLARGE_INTEGER MaximumSize
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_opt_ PLARGE_INTEGER _In_ ULONG SectionPageProtection
_In_ HANDLE ProcessHandle
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_opt_ PLARGE_INTEGER _In_ ULONG _In_ ULONG AllocationAttributes
_In_ HANDLE _In_opt_ HANDLE _Out_opt_ PHANDLE _In_ ACCESS_MASK _In_ ULONG HandleAttributes
_In_ ACCESS_MASK _In_ ULONG _Out_ PHANDLE TokenHandle
_In_ THREADINFOCLASS _In_ ULONG ThreadInformationLength
_In_ THREADINFOCLASS ThreadInformationClass
_In_ PSID_IDENTIFIER_AUTHORITY _In_ UCHAR SubAuthorityCount
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL Sacl
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN EffectiveOnly
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE _Out_ PHANDLE NewTokenHandle
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE TokenType
ACCESS_MASK * PACCESS_MASK
NTSTATUS NTAPI NtClose(IN HANDLE Handle)
VOID(* PIO_APC_ROUTINE)(IN PVOID ApcContext, IN PIO_STATUS_BLOCK IoStatusBlock, IN ULONG Reserved)
#define _ANONYMOUS_STRUCT
_In_ ULONG _In_ ULONG _In_ ULONG Length
struct _MSV1_0_SUBAUTH_LOGON * PMSV1_0_SUBAUTH_LOGON
enum _MSV1_0_LOGON_SUBMIT_TYPE * PMSV1_0_LOGON_SUBMIT_TYPE
struct _NETWORK_OPEN_ECP_CONTEXT_V0 * PNETWORK_OPEN_ECP_CONTEXT_V0
#define MSV1_0_OWF_PASSWORD_LENGTH
struct _MAPPING_PAIR MAPPING_PAIR
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE LogonType
struct _OBJECT_TYPE_INFO OBJECT_TYPE_INFO
_In_ OBJECT_INFORMATION_CLASS ObjectInformationClass
struct _FILE_COPY_ON_WRITE_INFORMATION * PFILE_COPY_ON_WRITE_INFORMATION
struct _FILE_FULL_DIRECTORY_INFORMATION * PFILE_FULL_DIRECTORY_INFORMATION
struct _MSV1_0_INTERACTIVE_PROFILE * PMSV1_0_INTERACTIVE_PROFILE
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtFsControlFile(_In_ HANDLE FileHandle, _In_opt_ HANDLE Event, _In_opt_ PIO_APC_ROUTINE ApcRoutine, _In_opt_ PVOID ApcContext, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _In_ ULONG FsControlCode, _In_reads_bytes_opt_(InputBufferLength) PVOID InputBuffer, _In_ ULONG InputBufferLength, _Out_writes_bytes_opt_(OutputBufferLength) PVOID OutputBuffer, _In_ ULONG OutputBufferLength)
OBJECT_ATTRIBUTES * PLSA_OBJECT_ATTRIBUTES
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS LocalGroups
struct _OBJECT_NAME_INFO * POBJECT_NAME_INFO
struct _SRV_OPEN_ECP_CONTEXT * PSRV_OPEN_ECP_CONTEXT
struct _FILE_SHARED_LOCK_ENTRY * PFILE_SHARED_LOCK_ENTRY
struct _FILE_MAILSLOT_PEEK_BUFFER * PFILE_MAILSLOT_PEEK_BUFFER
struct _FILE_OLE_CLASSID_INFORMATION * PFILE_OLE_CLASSID_INFORMATION
_IRQL_requires_same_ NTSTATUS NTAPI LsaFreeReturnBuffer(_In_ PVOID Buffer)
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE _Out_ PQUOTA_LIMITS Quotas
struct _NETWORK_OPEN_ECP_CONTEXT * PNETWORK_OPEN_ECP_CONTEXT
NTKERNELAPI LARGE_INTEGER NTAPI CcGetLsnForFileObject(_In_ PFILE_OBJECT FileObject, _Out_opt_ PLARGE_INTEGER OldestLsn)
_In_ TOKEN_INFORMATION_CLASS TokenInformationClass
NTKERNELAPI PVOID NTAPI FsRtlAllocatePoolWithQuotaTag(_In_ POOL_TYPE PoolType, _In_ ULONG NumberOfBytes, _In_ ULONG Tag)
struct _OBJECT_NAME_INFO OBJECT_NAME_INFO
struct _MSV1_0_AV_PAIR MSV1_0_AV_PAIR
struct _GET_RETRIEVAL_DESCRIPTOR GET_RETRIEVAL_DESCRIPTOR
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtDeviceIoControlFile(_In_ HANDLE FileHandle, _In_opt_ HANDLE Event, _In_opt_ PIO_APC_ROUTINE ApcRoutine, _In_opt_ PVOID ApcContext, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _In_ ULONG IoControlCode, _In_reads_bytes_opt_(InputBufferLength) PVOID InputBuffer, _In_ ULONG InputBufferLength, _Out_writes_bytes_opt_(OutputBufferLength) PVOID OutputBuffer, _In_ ULONG OutputBufferLength)
ULONG * PLSA_OPERATIONAL_MODE
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtOpenObjectAuditAlarm(_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ PUNICODE_STRING ObjectTypeName, _In_ PUNICODE_STRING ObjectName, _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ HANDLE ClientToken, _In_ ACCESS_MASK DesiredAccess, _In_ ACCESS_MASK GrantedAccess, _In_opt_ PPRIVILEGE_SET Privileges, _In_ BOOLEAN ObjectCreation, _In_ BOOLEAN AccessGranted, _Out_ PBOOLEAN GenerateOnClose)
Raises an alarm audit message when an object is about to be opened.
struct _MSV1_0_GETUSERINFO_REQUEST MSV1_0_GETUSERINFO_REQUEST
NTKERNELAPI PVOID NTAPI FsRtlAllocatePool(_In_ POOL_TYPE PoolType, _In_ ULONG NumberOfBytes)
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE SourceContext
struct _PORT_MESSAGE PORT_MESSAGE
enum _SECURITY_LOGON_TYPE * PSECURITY_LOGON_TYPE
NTKERNELAPI BOOLEAN NTAPI FsRtlMdlReadComplete(_In_ PFILE_OBJECT FileObject, _In_ PMDL MdlChain)
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG AuthenticationPackage
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAccessCheckByTypeResultListAndAuditAlarmByHandle(_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ HANDLE ClientToken, _In_ PUNICODE_STRING ObjectTypeName, _In_ PUNICODE_STRING ObjectName, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_opt_ PSID PrincipalSelfSid, _In_ ACCESS_MASK DesiredAccess, _In_ AUDIT_EVENT_TYPE AuditType, _In_ ULONG Flags, _In_reads_opt_(ObjectTypeListLength) POBJECT_TYPE_LIST ObjectTypeList, _In_ ULONG ObjectTypeListLength, _In_ PGENERIC_MAPPING GenericMapping, _In_ BOOLEAN ObjectCreation, _Out_writes_(ObjectTypeListLength) PACCESS_MASK GrantedAccess, _Out_writes_(ObjectTypeListLength) PNTSTATUS AccessStatus, _Out_ PBOOLEAN GenerateOnClose)
Raises an alarm audit message when a caller attempts to access an object and determine if the access ...
@ MsV1_0ChangeCachedPassword
@ MsV1_0GenericPassthrough
@ MsV1_0Lm20GetChallengeResponse
@ MsV1_0Lm20ChallengeRequest
NTKERNELAPI VOID NTAPI FsRtlNotifyChangeDirectory(_In_ PNOTIFY_SYNC NotifySync, _In_ PVOID FsContext, _In_ PSTRING FullDirectoryName, _In_ PLIST_ENTRY NotifyList, _In_ BOOLEAN WatchTree, _In_ ULONG CompletionFilter, _In_ PIRP NotifyIrp)
PUBLIC_OBJECT_BASIC_INFORMATION
#define MSV1_0_USER_SESSION_KEY_LENGTH
enum _MSV1_0_AVID MSV1_0_AVID
NTSYSAPI NTSTATUS NTAPI RtlSetSaclSecurityDescriptor(_Inout_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ BOOLEAN SaclPresent, _In_ PACL Sacl, _In_ BOOLEAN SaclDefaulted)
struct _MOVEFILE_DESCRIPTOR * PMOVEFILE_DESCRIPTOR
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE _Out_ PQUOTA_LIMITS _Out_ PNTSTATUS SubStatus
struct _FILE_OLE_INFORMATION * PFILE_OLE_INFORMATION
struct _MSV1_0_GETCHALLENRESP_REQUEST_V1 MSV1_0_GETCHALLENRESP_REQUEST_V1
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtDuplicateToken(_In_ HANDLE ExistingTokenHandle, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ BOOLEAN EffectiveOnly, _In_ TOKEN_TYPE TokenType, _Out_ PHANDLE NewTokenHandle)
Duplicates a token.
struct _NFS_OPEN_ECP_CONTEXT ** PPNFS_OPEN_ECP_CONTEXT
struct _VAD_HEADER VAD_HEADER
struct _MSV1_0_LM20_LOGON MSV1_0_LM20_LOGON
struct _MSV1_0_LM20_LOGON * PMSV1_0_LM20_LOGON
struct _MSV1_0_SUPPLEMENTAL_CREDENTIAL * PMSV1_0_SUPPLEMENTAL_CREDENTIAL
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtLockFile(_In_ HANDLE FileHandle, _In_opt_ HANDLE Event, _In_opt_ PIO_APC_ROUTINE ApcRoutine, _In_opt_ PVOID ApcContext, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _In_ PLARGE_INTEGER ByteOffset, _In_ PLARGE_INTEGER Length, _In_ ULONG Key, _In_ BOOLEAN FailImmediately, _In_ BOOLEAN ExclusiveLock)
NTKERNELAPI BOOLEAN NTAPI FsRtlMdlWriteComplete(_In_ PFILE_OBJECT FileObject, _In_ PLARGE_INTEGER FileOffset, _In_ PMDL MdlChain)
struct _OBJECT_BASIC_INFORMATION OBJECT_BASIC_INFORMATION
enum _NETWORK_OPEN_INTEGRITY_QUALIFIER NETWORK_OPEN_INTEGRITY_QUALIFIER
struct _FILE_OLE_STATE_BITS_INFORMATION * PFILE_OLE_STATE_BITS_INFORMATION
struct _MSV1_0_LM20_LOGON_PROFILE MSV1_0_LM20_LOGON_PROFILE
NTKERNELAPI PVOID NTAPI FsRtlAllocatePoolWithTag(_In_ POOL_TYPE PoolType, _In_ ULONG NumberOfBytes, _In_ ULONG Tag)
struct _MSV1_0_INTERACTIVE_PROFILE MSV1_0_INTERACTIVE_PROFILE
struct _FILE_EXCLUSIVE_LOCK_ENTRY FILE_EXCLUSIVE_LOCK_ENTRY
struct _MSV1_0_ENUMUSERS_REQUEST * PMSV1_0_ENUMUSERS_REQUEST
struct _FILE_MAILSLOT_PEEK_BUFFER FILE_MAILSLOT_PEEK_BUFFER
struct _QUERY_PATH_REQUEST_EX * PQUERY_PATH_REQUEST_EX
struct _FILE_FULL_DIRECTORY_INFORMATION FILE_FULL_DIRECTORY_INFORMATION
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtOpenFile(_Out_ PHANDLE FileHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES ObjectAttributes, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _In_ ULONG ShareAccess, _In_ ULONG OpenOptions)
struct _OBJECT_ALL_TYPES_INFO OBJECT_ALL_TYPES_INFO
struct _GET_RETRIEVAL_DESCRIPTOR * PGET_RETRIEVAL_DESCRIPTOR
struct _REMOTE_PORT_VIEW * PREMOTE_PORT_VIEW
enum _SECURITY_LOGON_TYPE SECURITY_LOGON_TYPE
struct _QUERY_PATH_REQUEST QUERY_PATH_REQUEST
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG AuthenticationInformationLength
struct sockaddr_storage * PSOCKADDR_STORAGE_NFS
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtWriteFile(_In_ HANDLE FileHandle, _In_opt_ HANDLE Event, _In_opt_ PIO_APC_ROUTINE ApcRoutine, _In_opt_ PVOID ApcContext, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _In_reads_bytes_(Length) PVOID Buffer, _In_ ULONG Length, _In_opt_ PLARGE_INTEGER ByteOffset, _In_opt_ PULONG Key)
struct _MSV1_0_GETCHALLENRESP_RESPONSE MSV1_0_GETCHALLENRESP_RESPONSE
struct _MSV1_0_LM20_CHALLENGE_RESPONSE MSV1_0_LM20_CHALLENGE_RESPONSE
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtCreateFile(_Out_ PHANDLE FileHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES ObjectAttributes, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _In_opt_ PLARGE_INTEGER AllocationSize, _In_ ULONG FileAttributes, _In_ ULONG ShareAccess, _In_ ULONG CreateDisposition, _In_ ULONG CreateOptions, _In_reads_bytes_opt_(EaLength) PVOID EaBuffer, _In_ ULONG EaLength)
struct _MSV1_0_NTLM3_RESPONSE * PMSV1_0_NTLM3_RESPONSE
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtOpenProcessTokenEx(_In_ HANDLE ProcessHandle, _In_ ACCESS_MASK DesiredAccess, _In_ ULONG HandleAttributes, _Out_ PHANDLE TokenHandle)
struct _MSV1_0_GETCHALLENRESP_REQUEST_V1 * PMSV1_0_GETCHALLENRESP_REQUEST_V1
ULONG LSA_OPERATIONAL_MODE
struct _PUBLIC_OBJECT_TYPE_INFORMATION PUBLIC_OBJECT_TYPE_INFORMATION
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtCreateSection(_Out_ PHANDLE SectionHandle, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_opt_ PLARGE_INTEGER MaximumSize, _In_ ULONG SectionPageProtection, _In_ ULONG AllocationAttributes, _In_opt_ HANDLE FileHandle)
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtQueryQuotaInformationFile(_In_ HANDLE FileHandle, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _Out_writes_bytes_(Length) PVOID Buffer, _In_ ULONG Length, _In_ BOOLEAN ReturnSingleEntry, _In_reads_bytes_opt_(SidListLength) PVOID SidList, _In_ ULONG SidListLength, _In_reads_bytes_opt_((8+(4 *((SID *) StartSid) ->SubAuthorityCount))) PSID StartSid, _In_ BOOLEAN RestartScan)
* PPUBLIC_OBJECT_BASIC_INFORMATION
enum _FILE_STORAGE_TYPE FILE_STORAGE_TYPE
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtOpenThreadToken(_In_ HANDLE ThreadHandle, _In_ ACCESS_MASK DesiredAccess, _In_ BOOLEAN OpenAsSelf, _Out_ PHANDLE TokenHandle)
Opens a token that is tied to a thread handle.
struct _FILE_OLE_DIR_INFORMATION * PFILE_OLE_DIR_INFORMATION
struct _MSV1_0_GETCHALLENRESP_REQUEST * PMSV1_0_GETCHALLENRESP_REQUEST
_Must_inspect_result_ NTSYSAPI NTSTATUS NTAPI NtOpenJobObjectToken(_In_ HANDLE JobHandle, _In_ ACCESS_MASK DesiredAccess, _Out_ PHANDLE TokenHandle)
NTKERNELAPI NTSTATUS NTAPI PsLookupProcessThreadByCid(_In_ PCLIENT_ID Cid, _Out_opt_ PEPROCESS *Process, _Out_ PETHREAD *Thread)
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtSetInformationToken(_In_ HANDLE TokenHandle, _In_ TOKEN_INFORMATION_CLASS TokenInformationClass, _In_reads_bytes_(TokenInformationLength) PVOID TokenInformation, _In_ ULONG TokenInformationLength)
Sets (modifies) some specific information in regard of an access token. The calling thread must have ...
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtCloseObjectAuditAlarm(_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ BOOLEAN GenerateOnClose)
_IRQL_requires_same_ _Out_ PHANDLE LsaHandle
struct _PUBLIC_OBJECT_TYPE_INFORMATION * PPUBLIC_OBJECT_TYPE_INFORMATION
struct _OBJECT_ALL_TYPES_INFO * POBJECT_ALL_TYPES_INFO
struct _PORT_VIEW PORT_VIEW
struct _FILE_COPY_ON_WRITE_INFORMATION FILE_COPY_ON_WRITE_INFORMATION
struct _QUERY_PATH_RESPONSE * PQUERY_PATH_RESPONSE
struct _FILE_OLE_INFORMATION FILE_OLE_INFORMATION
struct _PREFETCH_OPEN_ECP_CONTEXT * PPREFETCH_OPEN_ECP_CONTEXT
$include(setypes.h) $include(obtypes.h) $include(rtltypes.h) $include(rtlfuncs.h) _IRQL_requires_max_(PASSIVE_LEVEL) __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtQueryObject(_In_opt_ HANDLE Handle
struct _MSV1_0_NTLM3_RESPONSE MSV1_0_NTLM3_RESPONSE
struct _FILE_OLE_ALL_INFORMATION FILE_OLE_ALL_INFORMATION
struct _OBJECT_PROTECTION_INFO OBJECT_PROTECTION_INFO
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAccessCheckByTypeAndAuditAlarm(_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ PUNICODE_STRING ObjectTypeName, _In_ PUNICODE_STRING ObjectName, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_opt_ PSID PrincipalSelfSid, _In_ ACCESS_MASK DesiredAccess, _In_ AUDIT_EVENT_TYPE AuditType, _In_ ULONG Flags, _In_reads_opt_(ObjectTypeLength) POBJECT_TYPE_LIST ObjectTypeList, _In_ ULONG ObjectTypeLength, _In_ PGENERIC_MAPPING GenericMapping, _In_ BOOLEAN ObjectCreation, _Out_ PACCESS_MASK GrantedAccess, _Out_ PNTSTATUS AccessStatus, _Out_ PBOOLEAN GenerateOnClose)
Raises an alarm audit message when a caller attempts to access an object and determine if the access ...
struct _MSV1_0_AV_PAIR * PMSV1_0_AV_PAIR
struct _NFS_OPEN_ECP_CONTEXT * PNFS_OPEN_ECP_CONTEXT
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtQueryInformationFile(_In_ HANDLE FileHandle, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _Out_writes_bytes_(Length) PVOID FileInformation, _In_ ULONG Length, _In_ FILE_INFORMATION_CLASS FileInformationClass)
struct _MSV1_0_GETCHALLENRESP_REQUEST MSV1_0_GETCHALLENRESP_REQUEST
struct _PORT_VIEW * PPORT_VIEW
struct _MSV1_0_ENUMUSERS_REQUEST MSV1_0_ENUMUSERS_REQUEST
@ StorageTypeStructuredStorage
@ StorageTypeJunctionPoint
enum _MSV1_0_PROFILE_BUFFER_TYPE * PMSV1_0_PROFILE_BUFFER_TYPE
enum _MSV1_0_PROTOCOL_MESSAGE_TYPE * PMSV1_0_PROTOCOL_MESSAGE_TYPE
struct _PREFETCH_OPEN_ECP_CONTEXT PREFETCH_OPEN_ECP_CONTEXT
struct _FILE_OLE_CLASSID_INFORMATION FILE_OLE_CLASSID_INFORMATION
struct _MSV1_0_ENUMUSERS_RESPONSE * PMSV1_0_ENUMUSERS_RESPONSE
struct _VAD_HEADER * PVAD_HEADER
struct _OBJECT_HANDLE_ATTRIBUTE_INFO OBJECT_HANDLE_ATTRIBUTE_INFO
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtSetVolumeInformationFile(_In_ HANDLE FileHandle, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _In_reads_bytes_(Length) PVOID FsInformation, _In_ ULONG Length, _In_ FS_INFORMATION_CLASS FsInformationClass)
_NETWORK_OPEN_INTEGRITY_QUALIFIER
@ NetworkOpenIntegrityNone
@ NetworkOpenIntegrityEncrypted
@ NetworkOpenIntegrityMaximum
@ NetworkOpenIntegritySigned
@ NetworkOpenIntegrityAny
struct _MSV1_0_GETCHALLENRESP_RESPONSE * PMSV1_0_GETCHALLENRESP_RESPONSE
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtImpersonateAnonymousToken(_In_ HANDLE ThreadHandle)
Allows the calling thread to impersonate the system's anonymous logon token.
struct _QUERY_PATH_RESPONSE QUERY_PATH_RESPONSE
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtFilterToken(_In_ HANDLE ExistingTokenHandle, _In_ ULONG Flags, _In_opt_ PTOKEN_GROUPS SidsToDisable, _In_opt_ PTOKEN_PRIVILEGES PrivilegesToDelete, _In_opt_ PTOKEN_GROUPS RestrictedSids, _Out_ PHANDLE NewTokenHandle)
Creates an access token in a restricted form from the original existing token, that is,...
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtReadFile(_In_ HANDLE FileHandle, _In_opt_ HANDLE Event, _In_opt_ PIO_APC_ROUTINE ApcRoutine, _In_opt_ PVOID ApcContext, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _Out_writes_bytes_(Length) PVOID Buffer, _In_ ULONG Length, _In_opt_ PLARGE_INTEGER ByteOffset, _In_opt_ PULONG Key)
_IRQL_requires_same_ _Out_ PHANDLE _Out_ PLSA_OPERATIONAL_MODE SecurityMode
struct _FILE_EXCLUSIVE_LOCK_ENTRY * PFILE_EXCLUSIVE_LOCK_ENTRY
struct _NFS_OPEN_ECP_CONTEXT NFS_OPEN_ECP_CONTEXT
NTKERNELAPI NTSTATUS NTAPI ObCreateObject(_In_opt_ KPROCESSOR_MODE ObjectAttributesAccessMode, _In_ POBJECT_TYPE ObjectType, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ KPROCESSOR_MODE AccessMode, _Inout_opt_ PVOID ParseContext, _In_ ULONG ObjectSize, _In_opt_ ULONG PagedPoolCharge, _In_opt_ ULONG NonPagedPoolCharge, _Out_ PVOID *Object)
struct _PORT_MESSAGE * PPORT_MESSAGE
@ MsV1_0InteractiveProfile
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAdjustPrivilegesToken(_In_ HANDLE TokenHandle, _In_ BOOLEAN DisableAllPrivileges, _In_opt_ PTOKEN_PRIVILEGES NewState, _In_ ULONG BufferLength, _Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_PRIVILEGES PreviousState, _When_(PreviousState !=NULL, _Out_) PULONG ReturnLength)
struct _OBJECT_BASIC_INFO OBJECT_BASIC_INFO
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtPrivilegeCheck(_In_ HANDLE ClientToken, _Inout_ PPRIVILEGE_SET RequiredPrivileges, _Out_ PBOOLEAN Result)
struct _FILE_OLE_STATE_BITS_INFORMATION FILE_OLE_STATE_BITS_INFORMATION
struct _REMOTE_PORT_VIEW REMOTE_PORT_VIEW
enum _MSV1_0_PROFILE_BUFFER_TYPE MSV1_0_PROFILE_BUFFER_TYPE
struct _OBJECT_PROTECTION_INFO * POBJECT_PROTECTION_INFO
_In_ TOKEN_INFORMATION_CLASS _In_ ULONG TokenInformationLength
_In_ SECURITY_INFORMATION SecurityInformation
struct _MSV1_0_ENUMUSERS_RESPONSE MSV1_0_ENUMUSERS_RESPONSE
NTKERNELAPI NTSTATUS NTAPI ObReferenceObjectByName(_In_ PUNICODE_STRING ObjectName, _In_ ULONG Attributes, _In_opt_ PACCESS_STATE PassedAccessState, _In_opt_ ACCESS_MASK DesiredAccess, _In_ POBJECT_TYPE ObjectType, _In_ KPROCESSOR_MODE AccessMode, _Inout_opt_ PVOID ParseContext, _Out_ PVOID *Object)
struct _OBJECT_HANDLE_ATTRIBUTE_INFO * POBJECT_HANDLE_ATTRIBUTE_INFO
struct _MSV1_0_LM20_LOGON_PROFILE * PMSV1_0_LM20_LOGON_PROFILE
struct _MSV1_0_SUPPLEMENTAL_CREDENTIAL MSV1_0_SUPPLEMENTAL_CREDENTIAL
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAccessCheckAndAuditAlarm(_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ PUNICODE_STRING ObjectTypeName, _In_ PUNICODE_STRING ObjectName, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ ACCESS_MASK DesiredAccess, _In_ PGENERIC_MAPPING GenericMapping, _In_ BOOLEAN ObjectCreation, _Out_ PACCESS_MASK GrantedAccess, _Out_ PNTSTATUS AccessStatus, _Out_ PBOOLEAN GenerateOnClose)
Raises an alarm audit message when a caller attempts to access an object and determine if the access ...
struct _MSV1_0_SUBAUTH_LOGON MSV1_0_SUBAUTH_LOGON
struct _MAPPING_PAIR * PMAPPING_PAIR
struct _NETWORK_OPEN_ECP_CONTEXT_V0 NETWORK_OPEN_ECP_CONTEXT_V0
OBJECT_ATTRIBUTES LSA_OBJECT_ATTRIBUTES
#define MSV1_0_LANMAN_SESSION_KEY_LENGTH
struct _OBJECT_TYPE_INFO * POBJECT_TYPE_INFO
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID * ProfileBuffer
struct _MSV1_0_GETUSERINFO_RESPONSE * PMSV1_0_GETUSERINFO_RESPONSE
struct _MSV1_0_INTERACTIVE_LOGON * PMSV1_0_INTERACTIVE_LOGON
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAccessCheckByTypeResultListAndAuditAlarm(_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ PUNICODE_STRING ObjectTypeName, _In_ PUNICODE_STRING ObjectName, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_opt_ PSID PrincipalSelfSid, _In_ ACCESS_MASK DesiredAccess, _In_ AUDIT_EVENT_TYPE AuditType, _In_ ULONG Flags, _In_reads_opt_(ObjectTypeListLength) POBJECT_TYPE_LIST ObjectTypeList, _In_ ULONG ObjectTypeListLength, _In_ PGENERIC_MAPPING GenericMapping, _In_ BOOLEAN ObjectCreation, _Out_writes_(ObjectTypeListLength) PACCESS_MASK GrantedAccess, _Out_writes_(ObjectTypeListLength) PNTSTATUS AccessStatus, _Out_ PBOOLEAN GenerateOnClose)
Raises an alarm audit message when a caller attempts to access an object and determine if the access ...
enum _MSV1_0_PROTOCOL_MESSAGE_TYPE MSV1_0_PROTOCOL_MESSAGE_TYPE
struct _OBJECT_BASIC_INFO * POBJECT_BASIC_INFO
struct _MSV1_0_GETUSERINFO_RESPONSE MSV1_0_GETUSERINFO_RESPONSE
struct _SRV_OPEN_ECP_CONTEXT SRV_OPEN_ECP_CONTEXT
enum _MSV1_0_LOGON_SUBMIT_TYPE MSV1_0_LOGON_SUBMIT_TYPE
$define(UCHAR=UCHAR) $define(ULONG
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAdjustGroupsToken(_In_ HANDLE TokenHandle, _In_ BOOLEAN ResetToDefault, _In_opt_ PTOKEN_GROUPS NewState, _In_opt_ ULONG BufferLength, _Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_GROUPS PreviousState, _Out_ PULONG ReturnLength)
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG ProfileBufferLength
struct _QUERY_PATH_REQUEST * PQUERY_PATH_REQUEST
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtQueryVolumeInformationFile(_In_ HANDLE FileHandle, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _Out_writes_bytes_(Length) PVOID FsInformation, _In_ ULONG Length, _In_ FS_INFORMATION_CLASS FsInformationClass)
enum _NETWORK_OPEN_LOCATION_QUALIFIER NETWORK_OPEN_LOCATION_QUALIFIER
struct _QUERY_PATH_REQUEST_EX QUERY_PATH_REQUEST_EX
struct _FILE_OLE_ALL_INFORMATION * PFILE_OLE_ALL_INFORMATION
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtSetQuotaInformationFile(_In_ HANDLE FileHandle, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _In_reads_bytes_(Length) PVOID Buffer, _In_ ULONG Length)
struct _OBJECT_BASIC_INFORMATION * POBJECT_BASIC_INFORMATION
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID LogonId
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtUnlockFile(_In_ HANDLE FileHandle, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _In_ PLARGE_INTEGER ByteOffset, _In_ PLARGE_INTEGER Length, _In_ ULONG Key)
#define MSV1_0_CHALLENGE_LENGTH
#define MSV1_0_NTLM3_RESPONSE_LENGTH
struct _MSV1_0_LM20_CHALLENGE_REQUEST MSV1_0_LM20_CHALLENGE_REQUEST
struct _FILE_OLE_DIR_INFORMATION FILE_OLE_DIR_INFORMATION
struct _MOVEFILE_DESCRIPTOR MOVEFILE_DESCRIPTOR
struct _FILE_SHARED_LOCK_ENTRY FILE_SHARED_LOCK_ENTRY
struct _MSV1_0_LM20_CHALLENGE_REQUEST * PMSV1_0_LM20_CHALLENGE_REQUEST
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtPrivilegedServiceAuditAlarm(_In_ PUNICODE_STRING SubsystemName, _In_ PUNICODE_STRING ServiceName, _In_ HANDLE ClientToken, _In_ PPRIVILEGE_SET Privileges, _In_ BOOLEAN AccessGranted)
_In_ SECURITY_INFORMATION _In_ ULONG _Out_ PULONG LengthNeeded
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtPrivilegeObjectAuditAlarm(_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ HANDLE ClientToken, _In_ ACCESS_MASK DesiredAccess, _In_ PPRIVILEGE_SET Privileges, _In_ BOOLEAN AccessGranted)
NTKERNELAPI PVOID NTAPI FsRtlAllocatePoolWithQuota(_In_ POOL_TYPE PoolType, _In_ ULONG NumberOfBytes)
_In_ OBJECT_INFORMATION_CLASS _In_ ULONG _Out_opt_ PULONG ReturnLength
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtOpenProcessToken(_In_ HANDLE ProcessHandle, _In_ ACCESS_MASK DesiredAccess, _Out_ PHANDLE TokenHandle)
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtSetInformationFile(_In_ HANDLE FileHandle, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _In_reads_bytes_(Length) PVOID FileInformation, _In_ ULONG Length, _In_ FILE_INFORMATION_CLASS FileInformationClass)
struct _NETWORK_OPEN_ECP_CONTEXT NETWORK_OPEN_ECP_CONTEXT
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtOpenThreadTokenEx(_In_ HANDLE ThreadHandle, _In_ ACCESS_MASK DesiredAccess, _In_ BOOLEAN OpenAsSelf, _In_ ULONG HandleAttributes, _Out_ PHANDLE TokenHandle)
Opens a token that is tied to a thread handle.
_In_ OBJECT_INFORMATION_CLASS _In_ ULONG ObjectInformationLength
struct _MSV1_0_INTERACTIVE_LOGON MSV1_0_INTERACTIVE_LOGON
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtSetInformationThread(_In_ HANDLE ThreadHandle, _In_ THREADINFOCLASS ThreadInformationClass, _In_reads_bytes_(ThreadInformationLength) PVOID ThreadInformation, _In_ ULONG ThreadInformationLength)
_IRQL_requires_same_ _In_ PLSA_STRING OriginName
_NETWORK_OPEN_LOCATION_QUALIFIER
@ NetworkOpenLocationLoopback
@ NetworkOpenLocationRemote
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtDeleteObjectAuditAlarm(_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ BOOLEAN GenerateOnClose)
struct _MSV1_0_LM20_CHALLENGE_RESPONSE * PMSV1_0_LM20_CHALLENGE_RESPONSE
@ MsV1_0WorkstationUnlockLogon
PUSHORT * NlsOemLeadByteInfo
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtQueryDirectoryFile(_In_ HANDLE FileHandle, _In_opt_ HANDLE Event, _In_opt_ PIO_APC_ROUTINE ApcRoutine, _In_opt_ PVOID ApcContext, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _Out_writes_bytes_(Length) PVOID FileInformation, _In_ ULONG Length, _In_ FILE_INFORMATION_CLASS FileInformationClass, _In_ BOOLEAN ReturnSingleEntry, _In_opt_ PUNICODE_STRING FileName, _In_ BOOLEAN RestartScan)
struct _MSV1_0_GETUSERINFO_REQUEST * PMSV1_0_GETUSERINFO_REQUEST
NTSTATUS NTAPI LsaLogonUser(HANDLE, PLSA_STRING, SECURITY_LOGON_TYPE, ULONG, PVOID, ULONG, PTOKEN_GROUPS, PTOKEN_SOURCE, PVOID *, PULONG, PLUID, PHANDLE, PQUOTA_LIMITS, PNTSTATUS)
ULONG * PLSA_OPERATIONAL_MODE
_MSV1_0_PROTOCOL_MESSAGE_TYPE
struct _LSA_UNICODE_STRING * PLSA_UNICODE_STRING
struct _LSA_UNICODE_STRING LSA_UNICODE_STRING
enum _SECURITY_LOGON_TYPE SECURITY_LOGON_TYPE
_MSV1_0_PROFILE_BUFFER_TYPE
enum _MSV1_0_PROFILE_BUFFER_TYPE MSV1_0_PROFILE_BUFFER_TYPE
enum _MSV1_0_PROTOCOL_MESSAGE_TYPE MSV1_0_PROTOCOL_MESSAGE_TYPE
enum _MSV1_0_LOGON_SUBMIT_TYPE MSV1_0_LOGON_SUBMIT_TYPE
NTSTATUS NTAPI LsaRegisterLogonProcess(PLSA_STRING, PHANDLE, PLSA_OPERATIONAL_MODE)
_MSV1_0_LOGON_SUBMIT_TYPE
NTSTATUS NTAPI NtQuerySecurityObject(IN HANDLE Handle, IN SECURITY_INFORMATION SecurityInformation, OUT PSECURITY_DESCRIPTOR SecurityDescriptor, IN ULONG Length, OUT PULONG ResultLength)
#define DEFINE_GUID(name, l, w1, w2, b1, b2, b3, b4, b5, b6, b7, b8)
NTSTATUS WINAPI NtSetSecurityObject(HANDLE Handle, SECURITY_INFORMATION SecurityInformation, PSECURITY_DESCRIPTOR SecurityDescriptor)
MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType
ULONG NumberOfLoggedOnUsers
MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType
UCHAR ChallengeToClient[MSV1_0_CHALLENGE_LENGTH]
MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType
UNICODE_STRING LogonDomainName
UCHAR ChallengeToClient[MSV1_0_CHALLENGE_LENGTH]
UNICODE_STRING ServerName
MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType
UNICODE_STRING LogonDomainName
UCHAR LanmanSessionKey[MSV1_0_LANMAN_SESSION_KEY_LENGTH]
STRING CaseInsensitiveChallengeResponse
UCHAR UserSessionKey[MSV1_0_USER_SESSION_KEY_LENGTH]
STRING CaseSensitiveChallengeResponse
MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType
MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType
MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType
UNICODE_STRING LogonServer
SECURITY_LOGON_TYPE LogonType
UNICODE_STRING LogonDomainName
MSV1_0_LOGON_SUBMIT_TYPE MessageType
UNICODE_STRING LogonDomainName
MSV1_0_PROFILE_BUFFER_TYPE MessageType
LARGE_INTEGER KickOffTime
LARGE_INTEGER PasswordMustChange
UNICODE_STRING LogonScript
LARGE_INTEGER PasswordCanChange
LARGE_INTEGER PasswordLastSet
UNICODE_STRING ProfilePath
UNICODE_STRING LogonServer
UNICODE_STRING HomeDirectory
UNICODE_STRING HomeDirectoryDrive
MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType
MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType
UCHAR ChallengeToClient[MSV1_0_CHALLENGE_LENGTH]
MSV1_0_PROFILE_BUFFER_TYPE MessageType
UCHAR UserSessionKey[MSV1_0_USER_SESSION_KEY_LENGTH]
UNICODE_STRING LogonServer
UCHAR LanmanSessionKey[MSV1_0_LANMAN_SESSION_KEY_LENGTH]
UNICODE_STRING LogonDomainName
UNICODE_STRING UserParameters
LARGE_INTEGER KickOffTime
UCHAR ChallengeToClient[MSV1_0_CHALLENGE_LENGTH]
STRING CaseInsensitiveChallengeResponse
UNICODE_STRING LogonDomainName
UNICODE_STRING Workstation
STRING CaseSensitiveChallengeResponse
MSV1_0_LOGON_SUBMIT_TYPE MessageType
UCHAR ChallengeFromClient[MSV1_0_CHALLENGE_LENGTH]
STRING AuthenticationInfo2
UCHAR ChallengeToClient[MSV1_0_CHALLENGE_LENGTH]
UNICODE_STRING Workstation
UNICODE_STRING LogonDomainName
MSV1_0_LOGON_SUBMIT_TYPE MessageType
STRING AuthenticationInfo1
UCHAR LmPassword[MSV1_0_OWF_PASSWORD_LENGTH]
UCHAR NtPassword[MSV1_0_OWF_PASSWORD_LENGTH]
NETWORK_OPEN_INTEGRITY_QUALIFIER Integrity
struct _NETWORK_OPEN_ECP_CONTEXT_V0::@4144::@4146 out
NETWORK_OPEN_LOCATION_QUALIFIER Location
_ANONYMOUS_STRUCT struct _NETWORK_OPEN_ECP_CONTEXT_V0::@4144 DUMMYSTRUCTNAME
struct _NETWORK_OPEN_ECP_CONTEXT_V0::@4144::@4145 in
_ANONYMOUS_STRUCT struct _NETWORK_OPEN_ECP_CONTEXT::@4141 DUMMYSTRUCTNAME
NETWORK_OPEN_LOCATION_QUALIFIER Location
NETWORK_OPEN_INTEGRITY_QUALIFIER Integrity
struct _NETWORK_OPEN_ECP_CONTEXT::@4141::@4142 in
struct _NETWORK_OPEN_ECP_CONTEXT::@4141::@4143 out
PSOCKADDR_STORAGE_NFS ClientSocketAddress
PUNICODE_STRING ExportAlias
ULONG NumberOfObjectTypes
OBJECT_TYPE_INFO ObjectsTypeInfo[1]
ULONG TypeInformationLength
ACCESS_MASK GrantedAccess
ULONG NameInformationLength
ULONG SecurityDescriptorLength
UNICODE_STRING ObjectName
WCHAR ObjectNameBuffer[1]
WCHAR ObjectTypeNameBuffer[1]
UNICODE_STRING ObjectTypeName
struct _PORT_MESSAGE::@4148::@4154 s2
union _PORT_MESSAGE::@4147 u1
LPC_SIZE_T ClientViewSize
union _PORT_MESSAGE::@4148 u2
struct _PORT_MESSAGE::@4147::@4153 s1
PIO_SECURITY_CONTEXT pSecurityContext
UNICODE_STRING DomainServiceName
PIO_SECURITY_CONTEXT SecurityContext
PUNICODE_STRING ShareName
PSOCKADDR_STORAGE_NFS SocketAddress
_Must_inspect_result_ __kernel_entry NTSTATUS NTAPI NtQueryInformationToken(_In_ HANDLE TokenHandle, _In_ TOKEN_INFORMATION_CLASS TokenInformationClass, _Out_writes_bytes_to_opt_(TokenInformationLength, *ReturnLength) PVOID TokenInformation, _In_ ULONG TokenInformationLength, _Out_ PULONG ReturnLength)
Queries a specific type of information in regard of an access token based upon the information class....
#define FIELD_OFFSET(t, f)
_Must_inspect_result_ _In_ WDFCOLLECTION _In_ WDFOBJECT Object
_Must_inspect_result_ _In_ WDFDMAENABLER _In_ _In_opt_ PWDF_OBJECT_ATTRIBUTES Attributes
_In_ WDF_POWER_DEVICE_STATE PreviousState
_Must_inspect_result_ _In_ WDFDEVICE _In_ BOOLEAN _In_opt_ PVOID Tag
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ _Strict_type_match_ POOL_TYPE PoolType
_In_ WDFREQUEST _In_ WDFFILEOBJECT FileObject
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ ULONG BufferLength
_In_ WDFREQUEST _In_ size_t _In_ size_t _In_ ULONG IoControlCode
_In_ WDFREQUEST _In_ size_t OutputBufferLength
_In_ WDFREQUEST _In_ size_t _In_ size_t InputBufferLength
_Must_inspect_result_ _In_ WDFIOTARGET _In_opt_ WDFREQUEST _In_opt_ PWDF_MEMORY_DESCRIPTOR OutputBuffer
_Must_inspect_result_ _In_ WDFIOTARGET _In_opt_ WDFREQUEST _In_opt_ PWDF_MEMORY_DESCRIPTOR InputBuffer
_Must_inspect_result_ _In_opt_ WDFKEY _In_ PCUNICODE_STRING _In_ ACCESS_MASK _In_ ULONG _Out_opt_ PULONG CreateDisposition
_Must_inspect_result_ _In_opt_ WDFKEY _In_ PCUNICODE_STRING _In_ ACCESS_MASK _In_ ULONG CreateOptions
#define __CREATE_NTOS_DATA_IMPORT_ALIAS(_Name)
_Reserved_ PVOID Reserved
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
_At_(*)(_In_ PWSK_CLIENT Client, _In_opt_ PUNICODE_STRING NodeName, _In_opt_ PUNICODE_STRING ServiceName, _In_opt_ ULONG NameSpace, _In_opt_ GUID *Provider, _In_opt_ PADDRINFOEXW Hints, _Outptr_ PADDRINFOEXW *Result, _In_opt_ PEPROCESS OwningProcess, _In_opt_ PETHREAD OwningThread, _Inout_ PIRP Irp Result)(Mem)) NTSTATUS(WSKAPI *PFN_WSK_GET_ADDRESS_INFO
_Must_inspect_result_ _In_ ULONG Flags
_In_ PVOID _Out_opt_ PULONG_PTR _Outptr_opt_ PCUNICODE_STRING * ObjectName
_In_ ACCESS_MASK _In_ POBJECT_ATTRIBUTES _Out_ PIO_STATUS_BLOCK _In_opt_ PLARGE_INTEGER _In_ ULONG _In_ ULONG _In_ ULONG _In_ ULONG _In_opt_ PVOID EaBuffer
_Must_inspect_result_ typedef _In_ PHYSICAL_ADDRESS _Inout_ PLARGE_INTEGER NumberOfBytes
_In_ PEPROCESS _In_ KPROCESSOR_MODE AccessMode
_Inout_opt_ PACCESS_STATE PassedAccessState
_Out_ PBOOLEAN SaclPresent
_Out_ PBOOLEAN _Out_ PACL _Out_ PBOOLEAN SaclDefaulted
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET * Privileges
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE _In_ BOOLEAN _In_ BOOLEAN _In_ KPROCESSOR_MODE _In_opt_ GUID _Out_ PBOOLEAN GenerateOnClose
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE _In_ BOOLEAN _In_ BOOLEAN AccessGranted
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK _Out_ PNTSTATUS AccessStatus
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK GrantedAccess
enum _TOKEN_INFORMATION_CLASS TOKEN_INFORMATION_CLASS
enum _AUDIT_EVENT_TYPE AUDIT_EVENT_TYPE
_Out_ PIO_STATUS_BLOCK _In_ ULONG _In_ BOOLEAN _In_ ULONG _In_opt_ PSID StartSid
_In_ ACCESS_MASK _In_ BOOLEAN OpenAsSelf
_Out_ PIO_STATUS_BLOCK _In_ ULONG _In_ BOOLEAN _In_ ULONG SidListLength