26 #define _NTIFS_INCLUDED_ 49 #define FlagOn(_F,_SF) ((_F) & (_SF)) 53 #define BooleanFlagOn(F,SF) ((BOOLEAN)(((F) & (SF)) != 0)) 57 #define SetFlag(_F,_SF) ((_F) |= (_SF)) 61 #define ClearFlag(_F,_SF) ((_F) &= ~(_SF)) 85 #if (NTDDI_VERSION >= NTDDI_WIN2K) 372 #if (NTDDI_VERSION >= NTDDI_WINXP) 647 #define COMPRESSION_FORMAT_NONE (0x0000) 648 #define COMPRESSION_FORMAT_DEFAULT (0x0001) 649 #define COMPRESSION_FORMAT_LZNT1 (0x0002) 650 #define COMPRESSION_ENGINE_STANDARD (0x0000) 651 #define COMPRESSION_ENGINE_MAXIMUM (0x0100) 652 #define COMPRESSION_ENGINE_HIBER (0x0200) 654 #define MAX_UNICODE_STACK_BUFFER_LENGTH 256 656 #define METHOD_FROM_CTL_CODE(ctrlCode) ((ULONG)(ctrlCode & 3)) 658 #define METHOD_DIRECT_TO_HARDWARE METHOD_IN_DIRECT 659 #define METHOD_DIRECT_FROM_HARDWARE METHOD_OUT_DIRECT 673 #if (_WIN32_WINNT >= 0x0501) 677 #if (_WIN32_WINNT >= 0x0502) 678 CachedRemoteInteractive,
683 #ifndef _NTLSA_AUDIT_ 684 #define _NTLSA_AUDIT_ 731 #define MSV1_0_PACKAGE_NAME "MICROSOFT_AUTHENTICATION_PACKAGE_V1_0" 732 #define MSV1_0_PACKAGE_NAMEW L"MICROSOFT_AUTHENTICATION_PACKAGE_V1_0" 733 #define MSV1_0_PACKAGE_NAMEW_LENGTH sizeof(MSV1_0_PACKAGE_NAMEW) - sizeof(WCHAR) 735 #define MSV1_0_SUBAUTHENTICATION_KEY "SYSTEM\\CurrentControlSet\\Control\\Lsa\\MSV1_0" 736 #define MSV1_0_SUBAUTHENTICATION_VALUE "Auth" 738 #define MSV1_0_CHALLENGE_LENGTH 8 739 #define MSV1_0_USER_SESSION_KEY_LENGTH 16 740 #define MSV1_0_LANMAN_SESSION_KEY_LENGTH 8 742 #define MSV1_0_CLEARTEXT_PASSWORD_ALLOWED 0x02 743 #define MSV1_0_UPDATE_LOGON_STATISTICS 0x04 744 #define MSV1_0_RETURN_USER_PARAMETERS 0x08 745 #define MSV1_0_DONT_TRY_GUEST_ACCOUNT 0x10 746 #define MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT 0x20 747 #define MSV1_0_RETURN_PASSWORD_EXPIRY 0x40 748 #define MSV1_0_USE_CLIENT_CHALLENGE 0x80 749 #define MSV1_0_TRY_GUEST_ACCOUNT_ONLY 0x100 750 #define MSV1_0_RETURN_PROFILE_PATH 0x200 751 #define MSV1_0_TRY_SPECIFIED_DOMAIN_ONLY 0x400 752 #define MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT 0x800 754 #define MSV1_0_DISABLE_PERSONAL_FALLBACK 0x00001000 755 #define MSV1_0_ALLOW_FORCE_GUEST 0x00002000 757 #if (_WIN32_WINNT >= 0x0502) 758 #define MSV1_0_CLEARTEXT_PASSWORD_SUPPLIED 0x00004000 759 #define MSV1_0_USE_DOMAIN_FOR_ROUTING_ONLY 0x00008000 762 #define MSV1_0_SUBAUTHENTICATION_DLL_EX 0x00100000 763 #define MSV1_0_ALLOW_MSVCHAPV2 0x00010000 765 #if (_WIN32_WINNT >= 0x0600) 766 #define MSV1_0_S4U2SELF 0x00020000 767 #define MSV1_0_CHECK_LOGONHOURS_FOR_S4U 0x00040000 770 #define MSV1_0_SUBAUTHENTICATION_DLL 0xFF000000 771 #define MSV1_0_SUBAUTHENTICATION_DLL_SHIFT 24 772 #define MSV1_0_MNS_LOGON 0x01000000 774 #define MSV1_0_SUBAUTHENTICATION_DLL_RAS 2 775 #define MSV1_0_SUBAUTHENTICATION_DLL_IIS 132 777 #define LOGON_GUEST 0x01 778 #define LOGON_NOENCRYPTION 0x02 779 #define LOGON_CACHED_ACCOUNT 0x04 780 #define LOGON_USED_LM_PASSWORD 0x08 781 #define LOGON_EXTRA_SIDS 0x20 782 #define LOGON_SUBAUTH_SESSION_KEY 0x40 783 #define LOGON_SERVER_TRUST_ACCOUNT 0x80 784 #define LOGON_NTLMV2_ENABLED 0x100 785 #define LOGON_RESOURCE_GROUPS 0x200 786 #define LOGON_PROFILE_PATH_RETURNED 0x400 787 #define LOGON_NT_V2 0x800 788 #define LOGON_LM_V2 0x1000 789 #define LOGON_NTLM_V2 0x2000 791 #if (_WIN32_WINNT >= 0x0600) 793 #define LOGON_OPTIMIZED 0x4000 794 #define LOGON_WINLOGON 0x8000 795 #define LOGON_PKINIT 0x10000 796 #define LOGON_NO_OPTIMIZED 0x20000 800 #define MSV1_0_SUBAUTHENTICATION_FLAGS 0xFF000000 802 #define LOGON_GRACE_LOGON 0x01000000 804 #define MSV1_0_OWF_PASSWORD_LENGTH 16 805 #define MSV1_0_CRED_LM_PRESENT 0x1 806 #define MSV1_0_CRED_NT_PRESENT 0x2 807 #define MSV1_0_CRED_VERSION 0 809 #define MSV1_0_NTLM3_RESPONSE_LENGTH 16 810 #define MSV1_0_NTLM3_OWF_LENGTH 16 812 #if (_WIN32_WINNT == 0x0500) 813 #define MSV1_0_MAX_NTLM3_LIFE 1800 815 #define MSV1_0_MAX_NTLM3_LIFE 129600 817 #define MSV1_0_MAX_AVL_SIZE 64000 819 #if (_WIN32_WINNT >= 0x0501) 821 #define MSV1_0_AV_FLAG_FORCE_GUEST 0x00000001 823 #if (_WIN32_WINNT >= 0x0600) 824 #define MSV1_0_AV_FLAG_MIC_HANDSHAKE_MESSAGES 0x00000002 829 #define MSV1_0_NTLM3_INPUT_LENGTH (sizeof(MSV1_0_NTLM3_RESPONSE) - MSV1_0_NTLM3_RESPONSE_LENGTH) 831 #if(_WIN32_WINNT >= 0x0502) 832 #define MSV1_0_NTLM3_MIN_NT_RESPONSE_LENGTH RTL_SIZEOF_THROUGH_FIELD(MSV1_0_NTLM3_RESPONSE, AvPairsOff) 835 #define USE_PRIMARY_PASSWORD 0x01 836 #define RETURN_PRIMARY_USERNAME 0x02 837 #define RETURN_PRIMARY_LOGON_DOMAINNAME 0x04 838 #define RETURN_NON_NT_USER_SESSION_KEY 0x08 839 #define GENERATE_CLIENT_CHALLENGE 0x10 840 #define GCR_NTLM3_PARMS 0x20 841 #define GCR_TARGET_INFO 0x40 842 #define RETURN_RESERVED_PARAMETER 0x80 843 #define GCR_ALLOW_NTLM 0x100 844 #define GCR_USE_OEM_SET 0x200 845 #define GCR_MACHINE_CREDENTIAL 0x400 846 #define GCR_USE_OWF_PASSWORD 0x800 847 #define GCR_ALLOW_LM 0x1000 848 #define GCR_ALLOW_NO_TARGET 0x2000 915 #if (_WIN32_WINNT >= 0x0600) 917 #define MSV1_0_S4U_LOGON_FLAG_CHECK_LOGONHOURS 0x2 919 typedef struct _MSV1_0_S4U_LOGON {
924 } MSV1_0_S4U_LOGON, *PMSV1_0_S4U_LOGON;
965 #if (_WIN32_WINNT >= 0x0501) 968 #if (_WIN32_WINNT >= 0x0600) 972 MsvAvChannelBindings,
995 #if (_WIN32_WINNT >= 0x0501) 998 #if (_WIN32_WINNT >= 0x0600) 999 MsV1_0ConfigLocalAliases,
1000 MsV1_0ClearCachedCredentials,
1082 #define SYSTEM_PAGE_PRIORITY_BITS 3 1083 #define SYSTEM_PAGE_PRIORITY_LEVELS (1 << SYSTEM_PAGE_PRIORITY_BITS) 1117 #if (NTDDI_VERSION >= NTDDI_WIN2K) 1122 HalGetDmaAlignmentRequirement(
1127 #if defined(_M_IX86) || defined(_M_AMD64) 1128 #define HalGetDmaAlignmentRequirement() 1L 1133 #define NLS_OEM_LEAD_BYTE_INFO NlsOemLeadByteInfo 1137 #define NLS_OEM_LEAD_BYTE_INFO (*NlsOemLeadByteInfo) 1140 #if (NTDDI_VERSION >= NTDDI_VISTA) 1156 #if (NTDDI_VERSION >= NTDDI_WIN7) 1158 #define NETWORK_OPEN_ECP_IN_FLAG_DISABLE_HANDLE_COLLAPSING 0x1 1159 #define NETWORK_OPEN_ECP_IN_FLAG_DISABLE_HANDLE_DURABILITY 0x2 1160 #define NETWORK_OPEN_ECP_IN_FLAG_FORCE_BUFFERED_SYNCHRONOUS_IO_HACK 0x80000000 1194 #elif (NTDDI_VERSION >= NTDDI_VISTA) 1211 DEFINE_GUID(GUID_ECP_NETWORK_OPEN_CONTEXT, 0xc584edbf, 0x00df, 0x4d28, 0xb8, 0x84, 0x35, 0xba, 0xca, 0x89, 0x11, 0xe8);
1216 #if (NTDDI_VERSION >= NTDDI_VISTA) 1222 DEFINE_GUID(GUID_ECP_PREFETCH_OPEN, 0xe1777b21, 0x847e, 0x4837, 0xaa, 0x45, 0x64, 0x16, 0x1d, 0x28, 0x6, 0x55);
1226 #if (NTDDI_VERSION >= NTDDI_WIN7) 1228 DEFINE_GUID (GUID_ECP_NFS_OPEN, 0xf326d30c, 0xe5f8, 0x4fe7, 0xab, 0x74, 0xf5, 0xa3, 0x19, 0x6d, 0x92, 0xdb);
1229 DEFINE_GUID (GUID_ECP_SRV_OPEN, 0xbebfaebc, 0xaabf, 0x489d, 0x9d, 0x2c, 0xe9, 0xe3, 0x61, 0x10, 0x28, 0x53);
1248 #define PIN_WAIT (1) 1249 #define PIN_EXCLUSIVE (2) 1250 #define PIN_NO_READ (4) 1251 #define PIN_IF_BCB (8) 1252 #define PIN_CALLER_TRACKS_DIRTY_DATA (32) 1253 #define PIN_HIGH_PRIORITY (64) 1256 #define MAP_NO_READ (16) 1257 #define MAP_HIGH_PRIORITY (64) 1259 #define IOCTL_REDIR_QUERY_PATH CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 99, METHOD_NEITHER, FILE_ANY_ACCESS) 1260 #define IOCTL_REDIR_QUERY_PATH_EX CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 100, METHOD_NEITHER, FILE_ANY_ACCESS) 1281 #define VOLSNAPCONTROLTYPE 0x00000053 1282 #define IOCTL_VOLSNAP_FLUSH_AND_HOLD_WRITES CTL_CODE(VOLSNAPCONTROLTYPE, 0, METHOD_BUFFERED, FILE_READ_ACCESS | FILE_WRITE_ACCESS) 1285 #ifndef VER_PRODUCTBUILD 1286 #define VER_PRODUCTBUILD 10000 1291 #define FS_LFN_APIS 0x00004000 1293 #define FILE_STORAGE_TYPE_SPECIFIED 0x00000041 1294 #define FILE_STORAGE_TYPE_DEFAULT (StorageTypeDefault << FILE_STORAGE_TYPE_SHIFT) 1295 #define FILE_STORAGE_TYPE_DIRECTORY (StorageTypeDirectory << FILE_STORAGE_TYPE_SHIFT) 1296 #define FILE_STORAGE_TYPE_FILE (StorageTypeFile << FILE_STORAGE_TYPE_SHIFT) 1297 #define FILE_STORAGE_TYPE_DOCFILE (StorageTypeDocfile << FILE_STORAGE_TYPE_SHIFT) 1298 #define FILE_STORAGE_TYPE_JUNCTION_POINT (StorageTypeJunctionPoint << FILE_STORAGE_TYPE_SHIFT) 1299 #define FILE_STORAGE_TYPE_CATALOG (StorageTypeCatalog << FILE_STORAGE_TYPE_SHIFT) 1300 #define FILE_STORAGE_TYPE_STRUCTURED_STORAGE (StorageTypeStructuredStorage << FILE_STORAGE_TYPE_SHIFT) 1301 #define FILE_STORAGE_TYPE_EMBEDDING (StorageTypeEmbedding << FILE_STORAGE_TYPE_SHIFT) 1302 #define FILE_STORAGE_TYPE_STREAM (StorageTypeStream << FILE_STORAGE_TYPE_SHIFT) 1303 #define FILE_MINIMUM_STORAGE_TYPE FILE_STORAGE_TYPE_DEFAULT 1304 #define FILE_MAXIMUM_STORAGE_TYPE FILE_STORAGE_TYPE_STREAM 1305 #define FILE_STORAGE_TYPE_MASK 0x000f0000 1306 #define FILE_STORAGE_TYPE_SHIFT 16 1308 #define FILE_VC_QUOTAS_LOG_VIOLATIONS 0x00000004 1311 #define HARDWARE_PTE HARDWARE_PTE_X86 1312 #define PHARDWARE_PTE PHARDWARE_PTE_X86 1315 #define IO_ATTACH_DEVICE_API 0x80000000 1317 #define IO_TYPE_APC 18 1318 #define IO_TYPE_DPC 19 1319 #define IO_TYPE_DEVICE_QUEUE 20 1320 #define IO_TYPE_EVENT_PAIR 21 1321 #define IO_TYPE_INTERRUPT 22 1322 #define IO_TYPE_PROFILE 23 1324 #define IRP_BEING_VERIFIED 0x10 1326 #define MAILSLOT_CLASS_FIRSTCLASS 1 1327 #define MAILSLOT_CLASS_SECONDCLASS 2 1329 #define MAILSLOT_SIZE_AUTO 0 1331 #define MEM_DOS_LIM 0x40000000 1333 #define OB_TYPE_TYPE 1 1334 #define OB_TYPE_DIRECTORY 2 1335 #define OB_TYPE_SYMBOLIC_LINK 3 1336 #define OB_TYPE_TOKEN 4 1337 #define OB_TYPE_PROCESS 5 1338 #define OB_TYPE_THREAD 6 1339 #define OB_TYPE_EVENT 7 1340 #define OB_TYPE_EVENT_PAIR 8 1341 #define OB_TYPE_MUTANT 9 1342 #define OB_TYPE_SEMAPHORE 10 1343 #define OB_TYPE_TIMER 11 1344 #define OB_TYPE_PROFILE 12 1345 #define OB_TYPE_WINDOW_STATION 13 1346 #define OB_TYPE_DESKTOP 14 1347 #define OB_TYPE_SECTION 15 1348 #define OB_TYPE_KEY 16 1349 #define OB_TYPE_PORT 17 1350 #define OB_TYPE_ADAPTER 18 1351 #define OB_TYPE_CONTROLLER 19 1352 #define OB_TYPE_DEVICE 20 1353 #define OB_TYPE_DRIVER 21 1354 #define OB_TYPE_IO_COMPLETION 22 1355 #define OB_TYPE_FILE 23 1357 #define SEC_BASED 0x00200000 1361 #if (VER_PRODUCTBUILD >= 1381) 1362 #define FSCTL_GET_HFS_INFORMATION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 31, METHOD_BUFFERED, FILE_ANY_ACCESS) 1365 #if (VER_PRODUCTBUILD >= 2195) 1367 #define FSCTL_READ_PROPERTY_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 33, METHOD_NEITHER, FILE_ANY_ACCESS) 1368 #define FSCTL_WRITE_PROPERTY_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 34, METHOD_NEITHER, FILE_ANY_ACCESS) 1370 #define FSCTL_DUMP_PROPERTY_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 37, METHOD_NEITHER, FILE_ANY_ACCESS) 1372 #define FSCTL_HSM_MSG CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 66, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA) 1373 #define FSCTL_NSS_CONTROL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 67, METHOD_BUFFERED, FILE_WRITE_DATA) 1374 #define FSCTL_HSM_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 68, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA) 1375 #define FSCTL_NSS_RCONTROL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 70, METHOD_BUFFERED, FILE_READ_DATA) 1378 #define FSCTL_NETWORK_SET_CONFIGURATION_INFO CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 102, METHOD_IN_DIRECT, FILE_ANY_ACCESS) 1379 #define FSCTL_NETWORK_GET_CONFIGURATION_INFO CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 103, METHOD_OUT_DIRECT, FILE_ANY_ACCESS) 1380 #define FSCTL_NETWORK_GET_CONNECTION_INFO CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 104, METHOD_NEITHER, FILE_ANY_ACCESS) 1381 #define FSCTL_NETWORK_ENUMERATE_CONNECTIONS CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 105, METHOD_NEITHER, FILE_ANY_ACCESS) 1382 #define FSCTL_NETWORK_DELETE_CONNECTION CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 107, METHOD_BUFFERED, FILE_ANY_ACCESS) 1383 #define FSCTL_NETWORK_GET_STATISTICS CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 116, METHOD_BUFFERED, FILE_ANY_ACCESS) 1384 #define FSCTL_NETWORK_SET_DOMAIN_NAME CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 120, METHOD_BUFFERED, FILE_ANY_ACCESS) 1385 #define FSCTL_NETWORK_REMOTE_BOOT_INIT_SCRT CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 250, METHOD_BUFFERED, FILE_ANY_ACCESS) 1579 #if defined(USE_LPC6432) 1580 #define LPC_CLIENT_ID CLIENT_ID64 1581 #define LPC_SIZE_T ULONGLONG 1582 #define LPC_PVOID ULONGLONG 1583 #define LPC_HANDLE ULONGLONG 1585 #define LPC_CLIENT_ID CLIENT_ID 1586 #define LPC_SIZE_T SIZE_T 1587 #define LPC_PVOID PVOID 1588 #define LPC_HANDLE HANDLE 1624 #define LPC_KERNELMODE_MESSAGE (CSHORT)((USHORT)0x8000) 1759 #define PsDereferenceImpersonationToken(T) \ 1760 {if (ARGUMENT_PRESENT(T)) { \ 1761 (ObDereferenceObject((T))); \ 1786 #define SeEnableAccessToExports() SeExports = *(PSE_EXPORTS *)SeExports; struct _FILE_COPY_ON_WRITE_INFORMATION FILE_COPY_ON_WRITE_INFORMATION
_Inout_ PLIST_ENTRY _In_ PVOID FsContext
static POBJECTS_AND_NAME_A SE_OBJECT_TYPE LPSTR ObjectTypeName
NETWORK_OPEN_LOCATION_QUALIFIER Location
struct _MSV1_0_GETCHALLENRESP_REQUEST_V1 MSV1_0_GETCHALLENRESP_REQUEST_V1
NTSTATUS NTAPI LsaLogonUser(HANDLE, PLSA_STRING, SECURITY_LOGON_TYPE, ULONG, PVOID, ULONG, PTOKEN_GROUPS, PTOKEN_SOURCE, PVOID *, PULONG, PLUID, PHANDLE, PQUOTA_LIMITS, PNTSTATUS)
struct _MSV1_0_GETCHALLENRESP_RESPONSE MSV1_0_GETCHALLENRESP_RESPONSE
struct _FILE_OLE_ALL_INFORMATION FILE_OLE_ALL_INFORMATION
struct _PORT_MESSAGE::@3895::@3901 s1
struct _QUERY_PATH_REQUEST * PQUERY_PATH_REQUEST
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
_In_ SECURITY_INFORMATION _In_ ULONG _Out_ PULONG LengthNeeded
enum _MSV1_0_PROTOCOL_MESSAGE_TYPE * PMSV1_0_PROTOCOL_MESSAGE_TYPE
_In_ HANDLE _In_opt_ HANDLE _Out_opt_ PHANDLE _In_ ACCESS_MASK _In_ ULONG HandleAttributes
struct _NETWORK_OPEN_ECP_CONTEXT_V0 NETWORK_OPEN_ECP_CONTEXT_V0
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtQueryInformationFile(_In_ HANDLE FileHandle, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _Out_writes_bytes_(Length) PVOID FileInformation, _In_ ULONG Length, _In_ FILE_INFORMATION_CLASS FileInformationClass)
struct _NETWORK_OPEN_ECP_CONTEXT_V0::@3892::@3894 out
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ ULONG BufferLength
_In_opt_ HANDLE _In_opt_ PIO_APC_ROUTINE _In_opt_ PVOID ApcContext
struct _MOVEFILE_DESCRIPTOR MOVEFILE_DESCRIPTOR
UNICODE_STRING LogonDomainName
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
struct _PORT_VIEW PORT_VIEW
#define __CREATE_NTOS_DATA_IMPORT_ALIAS(_Name)
struct _NETWORK_OPEN_ECP_CONTEXT::@3889::@3891 out
MSV1_0_PROFILE_BUFFER_TYPE MessageType
_When_(TokenInformationClass==TokenAccessInformation, _At_(TokenInformationLength, _In_range_(>=, sizeof(TOKEN_ACCESS_INFORMATION)))) _Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtQueryInformationToken(_In_ HANDLE TokenHandle
ULONG TypeInformationLength
struct _NETWORK_OPEN_ECP_CONTEXT_V0 * PNETWORK_OPEN_ECP_CONTEXT_V0
_Must_inspect_result_ _In_ PFILE_OBJECT _In_ ULONG _In_ FS_INFORMATION_CLASS FsInformationClass
VOID(* PIO_APC_ROUTINE)(IN PVOID ApcContext, IN PIO_STATUS_BLOCK IoStatusBlock, IN ULONG Reserved)
_In_ OBJECT_INFORMATION_CLASS _In_ ULONG ObjectInformationLength
struct _FILE_MAILSLOT_PEEK_BUFFER FILE_MAILSLOT_PEEK_BUFFER
_In_ ULONG _In_ ULONG _In_ ULONG Length
struct _FILE_OLE_CLASSID_INFORMATION * PFILE_OLE_CLASSID_INFORMATION
#define _In_range_(lb, ub)
MSV1_0_LOGON_SUBMIT_TYPE MessageType
MSV1_0_LOGON_SUBMIT_TYPE MessageType
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_opt_ PLARGE_INTEGER _In_ ULONG _In_ ULONG AllocationAttributes
_Must_inspect_result_ _In_ PFILE_OBJECT _In_ ULONG _In_ BOOLEAN _In_ ULONG _In_opt_ PULONG _In_ BOOLEAN RestartScan
struct _QUERY_PATH_RESPONSE * PQUERY_PATH_RESPONSE
UNICODE_STRING ProfilePath
_Must_inspect_result_ _Out_ PNDIS_STATUS _Out_ PNDIS_STATUS _Out_ PNDIS_HANDLE _Out_ PUINT _In_ UINT _In_ NDIS_HANDLE _In_ NDIS_HANDLE _In_ PNDIS_STRING _In_ UINT OpenOptions
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtDuplicateToken(_In_ HANDLE ExistingTokenHandle, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ BOOLEAN EffectiveOnly, _In_ TOKEN_TYPE TokenType, _Out_ PHANDLE NewTokenHandle)
Duplicates a token.
struct _MSV1_0_LM20_LOGON * PMSV1_0_LM20_LOGON
struct _SRV_OPEN_ECP_CONTEXT * PSRV_OPEN_ECP_CONTEXT
#define _At_(target, annos)
ULONG NumberOfObjectTypes
UNICODE_STRING HomeDirectory
C_ASSERT(FIELD_OFFSET(ERESOURCE, ActiveCount)==0x0c)
struct _VAD_HEADER VAD_HEADER
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG AuthenticationPackage
$include(setypes.h) $include(obtypes.h) $include(rtltypes.h) $include(rtlfuncs.h) _IRQL_requires_max_(PASSIVE_LEVEL) __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtQueryObject(_In_opt_ HANDLE Handle
struct _FILE_OLE_STATE_BITS_INFORMATION * PFILE_OLE_STATE_BITS_INFORMATION
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK _Out_ PNTSTATUS AccessStatus
NTKERNELAPI NTSTATUS NTAPI PsLookupProcessThreadByCid(_In_ PCLIENT_ID Cid, _Out_opt_ PEPROCESS *Process, _Out_ PETHREAD *Thread)
STRING CaseSensitiveChallengeResponse
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
UCHAR ChallengeToClient[MSV1_0_CHALLENGE_LENGTH]
enum _MSV1_0_PROTOCOL_MESSAGE_TYPE MSV1_0_PROTOCOL_MESSAGE_TYPE
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtDeviceIoControlFile(_In_ HANDLE FileHandle, _In_opt_ HANDLE Event, _In_opt_ PIO_APC_ROUTINE ApcRoutine, _In_opt_ PVOID ApcContext, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _In_ ULONG IoControlCode, _In_reads_bytes_opt_(InputBufferLength) PVOID InputBuffer, _In_ ULONG InputBufferLength, _Out_writes_bytes_opt_(OutputBufferLength) PVOID OutputBuffer, _In_ ULONG OutputBufferLength)
MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_reads_bytes_(AuthenticationInformationLength) PVOID AuthenticationInformation
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAccessCheckByTypeResultListAndAuditAlarmByHandle(_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ HANDLE ClientToken, _In_ PUNICODE_STRING ObjectTypeName, _In_ PUNICODE_STRING ObjectName, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_opt_ PSID PrincipalSelfSid, _In_ ACCESS_MASK DesiredAccess, _In_ AUDIT_EVENT_TYPE AuditType, _In_ ULONG Flags, _In_reads_opt_(ObjectTypeListLength) POBJECT_TYPE_LIST ObjectTypeList, _In_ ULONG ObjectTypeListLength, _In_ PGENERIC_MAPPING GenericMapping, _In_ BOOLEAN ObjectCreation, _Out_writes_(ObjectTypeListLength) PACCESS_MASK GrantedAccess, _Out_writes_(ObjectTypeListLength) PNTSTATUS AccessStatus, _Out_ PBOOLEAN GenerateOnClose)
Raises an alarm audit message when a caller attempts to access an object and determine if the access ...
NTKERNELAPI PVOID NTAPI FsRtlAllocatePoolWithQuota(_In_ POOL_TYPE PoolType, _In_ ULONG NumberOfBytes)
_Out_ PIO_STATUS_BLOCK _In_ ULONG _In_ BOOLEAN _In_ ULONG SidListLength
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ ULONG _In_ ULONG _Outptr_ PMDL * MdlChain
struct _FILE_OLE_DIR_INFORMATION * PFILE_OLE_DIR_INFORMATION
enum _FILE_STORAGE_TYPE FILE_STORAGE_TYPE
UNICODE_STRING Workstation
struct _MSV1_0_INTERACTIVE_PROFILE * PMSV1_0_INTERACTIVE_PROFILE
enum _SECURITY_LOGON_TYPE SECURITY_LOGON_TYPE
_In_ ACCESS_MASK _In_ POBJECT_ATTRIBUTES _Out_ PIO_STATUS_BLOCK _In_opt_ PLARGE_INTEGER _In_ ULONG _In_ ULONG _In_ ULONG _In_ ULONG _In_opt_ PVOID EaBuffer
struct _NETWORK_OPEN_ECP_CONTEXT * PNETWORK_OPEN_ECP_CONTEXT
struct _MSV1_0_ENUMUSERS_RESPONSE MSV1_0_ENUMUSERS_RESPONSE
struct _MSV1_0_SUPPLEMENTAL_CREDENTIAL MSV1_0_SUPPLEMENTAL_CREDENTIAL
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE _Out_ PQUOTA_LIMITS Quotas
struct _FILE_EXCLUSIVE_LOCK_ENTRY FILE_EXCLUSIVE_LOCK_ENTRY
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtOpenProcessToken(_In_ HANDLE ProcessHandle, _In_ ACCESS_MASK DesiredAccess, _Out_ PHANDLE TokenHandle)
enum _MSV1_0_LOGON_SUBMIT_TYPE MSV1_0_LOGON_SUBMIT_TYPE
_Must_inspect_result_ _In_ PFILE_OBJECT _In_ ULONG _In_ BOOLEAN ReturnSingleEntry
struct _MSV1_0_AV_PAIR * PMSV1_0_AV_PAIR
_Inout_opt_ PACCESS_STATE PassedAccessState
struct _MSV1_0_NTLM3_RESPONSE MSV1_0_NTLM3_RESPONSE
PUNICODE_STRING ShareName
OBJECT_ATTRIBUTES * PLSA_OBJECT_ATTRIBUTES
struct _OBJECT_NAME_INFO OBJECT_NAME_INFO
static OUT PIO_STATUS_BLOCK OUT PVOID FileInformation
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAdjustPrivilegesToken(_In_ HANDLE TokenHandle, _In_ BOOLEAN DisableAllPrivileges, _In_opt_ PTOKEN_PRIVILEGES NewState, _In_ ULONG BufferLength, _Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_PRIVILEGES PreviousState, _When_(PreviousState !=NULL, _Out_) PULONG ReturnLength)
UNICODE_STRING LogonScript
struct _OBJECT_HANDLE_ATTRIBUTE_INFO * POBJECT_HANDLE_ATTRIBUTE_INFO
struct _PORT_MESSAGE * PPORT_MESSAGE
UNICODE_STRING ServerName
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtCreateSection(_Out_ PHANDLE SectionHandle, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_opt_ PLARGE_INTEGER MaximumSize, _In_ ULONG SectionPageProtection, _In_ ULONG AllocationAttributes, _In_opt_ HANDLE FileHandle)
_Inout_ PLIST_ENTRY _In_ PVOID _In_ PSTRING _In_ BOOLEAN WatchTree
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtOpenThreadTokenEx(_In_ HANDLE ThreadHandle, _In_ ACCESS_MASK DesiredAccess, _In_ BOOLEAN OpenAsSelf, _In_ ULONG HandleAttributes, _Out_ PHANDLE TokenHandle)
Opens a token that is tied to a thread handle.
PUSHORT * NlsOemLeadByteInfo
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG ProfileBufferLength
struct _MSV1_0_NTLM3_RESPONSE * PMSV1_0_NTLM3_RESPONSE
struct _MAPPING_PAIR * PMAPPING_PAIR
IN CINT OUT PVOID ObjectInformation
static OUT PIO_STATUS_BLOCK OUT PVOID IN ULONG IN FILE_INFORMATION_CLASS FileInformationClass
struct _PREFETCH_OPEN_ECP_CONTEXT * PPREFETCH_OPEN_ECP_CONTEXT
_In_ WDFREQUEST _In_ size_t _In_ size_t InputBufferLength
_Must_inspect_result_ NTSYSAPI NTSTATUS NTAPI NtOpenJobObjectToken(_In_ HANDLE JobHandle, _In_ ACCESS_MASK DesiredAccess, _Out_ PHANDLE TokenHandle)
UNICODE_STRING LogonDomainName
_In_ PVOID _Out_opt_ PULONG_PTR _Outptr_opt_ PCUNICODE_STRING * ObjectName
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG AuthenticationInformationLength
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS LocalGroups
struct _FILE_OLE_ALL_INFORMATION * PFILE_OLE_ALL_INFORMATION
struct _FILE_OLE_INFORMATION FILE_OLE_INFORMATION
struct _FILE_SHARED_LOCK_ENTRY * PFILE_SHARED_LOCK_ENTRY
NETWORK_OPEN_INTEGRITY_QUALIFIER Integrity
struct _FILE_OLE_DIR_INFORMATION FILE_OLE_DIR_INFORMATION
NTKERNELAPI BOOLEAN NTAPI FsRtlMdlWriteComplete(_In_ PFILE_OBJECT FileObject, _In_ PLARGE_INTEGER FileOffset, _In_ PMDL MdlChain)
ULONG NameInformationLength
LARGE_INTEGER PasswordMustChange
$define(UCHAR=UCHAR) $define(ULONG
#define _In_reads_opt_(size)
NTKERNELAPI VOID NTAPI FsRtlNotifyChangeDirectory(_In_ PNOTIFY_SYNC NotifySync, _In_ PVOID FsContext, _In_ PSTRING FullDirectoryName, _In_ PLIST_ENTRY NotifyList, _In_ BOOLEAN WatchTree, _In_ ULONG CompletionFilter, _In_ PIRP NotifyIrp)
_IRQL_requires_same_ _In_ PLSA_STRING OriginName
_In_ PIO_STACK_LOCATION _Inout_ PFILE_OBJECT _Inout_ PVCB _Outptr_result_maybenull_ PDCB _In_ PDCB _In_ PDIRENT _In_ ULONG _In_ ULONG _In_ PUNICODE_STRING _In_ PACCESS_MASK _In_ USHORT ShareAccess
struct _MSV1_0_GETCHALLENRESP_REQUEST_V1 * PMSV1_0_GETCHALLENRESP_REQUEST_V1
enum _OBJECT_INFORMATION_CLASS OBJECT_INFORMATION_CLASS
struct _QUERY_PATH_REQUEST_EX QUERY_PATH_REQUEST_EX
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtPrivilegedServiceAuditAlarm(_In_ PUNICODE_STRING SubsystemName, _In_ PUNICODE_STRING ServiceName, _In_ HANDLE ClientToken, _In_ PPRIVILEGE_SET Privileges, _In_ BOOLEAN AccessGranted)
GLfloat GLfloat GLfloat GLfloat h
WCHAR ObjectTypeNameBuffer[1]
struct _MAPPING_PAIR MAPPING_PAIR
UCHAR LanmanSessionKey[MSV1_0_LANMAN_SESSION_KEY_LENGTH]
union _PORT_MESSAGE::@3895 u1
_In_ WDFREQUEST _In_ size_t OutputBufferLength
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_opt_ PLARGE_INTEGER _In_ ULONG SectionPageProtection
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAccessCheckByTypeAndAuditAlarm(_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ PUNICODE_STRING ObjectTypeName, _In_ PUNICODE_STRING ObjectName, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_opt_ PSID PrincipalSelfSid, _In_ ACCESS_MASK DesiredAccess, _In_ AUDIT_EVENT_TYPE AuditType, _In_ ULONG Flags, _In_reads_opt_(ObjectTypeLength) POBJECT_TYPE_LIST ObjectTypeList, _In_ ULONG ObjectTypeLength, _In_ PGENERIC_MAPPING GenericMapping, _In_ BOOLEAN ObjectCreation, _Out_ PACCESS_MASK GrantedAccess, _Out_ PNTSTATUS AccessStatus, _Out_ PBOOLEAN GenerateOnClose)
Raises an alarm audit message when a caller attempts to access an object and determine if the access ...
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtReadFile(_In_ HANDLE FileHandle, _In_opt_ HANDLE Event, _In_opt_ PIO_APC_ROUTINE ApcRoutine, _In_opt_ PVOID ApcContext, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _Out_writes_bytes_(Length) PVOID Buffer, _In_ ULONG Length, _In_opt_ PLARGE_INTEGER ByteOffset, _In_opt_ PULONG Key)
UCHAR UserSessionKey[MSV1_0_USER_SESSION_KEY_LENGTH]
STRING CaseInsensitiveChallengeResponse
ULONG * PLSA_OPERATIONAL_MODE
_IRQL_requires_same_ _Out_ PHANDLE LsaHandle
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtOpenObjectAuditAlarm(_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ PUNICODE_STRING ObjectTypeName, _In_ PUNICODE_STRING ObjectName, _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ HANDLE ClientToken, _In_ ACCESS_MASK DesiredAccess, _In_ ACCESS_MASK GrantedAccess, _In_opt_ PPRIVILEGE_SET Privileges, _In_ BOOLEAN ObjectCreation, _In_ BOOLEAN AccessGranted, _Out_ PBOOLEAN GenerateOnClose)
Raises an alarm audit message when an object is about to be opened.
union _PORT_MESSAGE::@3896 u2
_In_ PLIST_ENTRY _In_ PVOID _In_ PSTRING _In_ BOOLEAN _In_ BOOLEAN _In_ ULONG _In_opt_ PIRP NotifyIrp
struct _FILE_COPY_ON_WRITE_INFORMATION * PFILE_COPY_ON_WRITE_INFORMATION
struct _GET_RETRIEVAL_DESCRIPTOR GET_RETRIEVAL_DESCRIPTOR
_MSV1_0_PROFILE_BUFFER_TYPE
ULONG SecurityDescriptorLength
struct _MSV1_0_ENUMUSERS_REQUEST MSV1_0_ENUMUSERS_REQUEST
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE _Out_ PHANDLE NewTokenHandle
enum _MSV1_0_PROFILE_BUFFER_TYPE * PMSV1_0_PROFILE_BUFFER_TYPE
#define MSV1_0_USER_SESSION_KEY_LENGTH
enum _AUDIT_EVENT_TYPE AUDIT_EVENT_TYPE
NTSTATUS(* NTAPI)(IN PFILE_FULL_EA_INFORMATION EaBuffer, IN ULONG EaLength, OUT PULONG ErrorOffset)
struct sockaddr_storage * PSOCKADDR_STORAGE_NFS
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE _Out_ PQUOTA_LIMITS _Out_ PNTSTATUS SubStatus
_IRQL_requires_max_(PASSIVE_LEVEL) __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtSetSecurityObject(_In_ HANDLE Handle
Queries information details about a security descriptor.
_MSV1_0_PROTOCOL_MESSAGE_TYPE
DWORD SECURITY_INFORMATION
struct _FILE_OLE_STATE_BITS_INFORMATION FILE_OLE_STATE_BITS_INFORMATION
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE SourceContext
IN PLARGE_INTEGER IN PLARGE_INTEGER PEPROCESS ULONG BOOLEAN FailImmediately
LARGE_INTEGER PasswordLastSet
_In_ PEPROCESS _In_ KPROCESSOR_MODE AccessMode
UCHAR LmPassword[MSV1_0_OWF_PASSWORD_LENGTH]
UNICODE_STRING LogonDomainName
_Out_ PBOOLEAN SaclPresent
_In_ THREADINFOCLASS ThreadInformationClass
UCHAR ChallengeToClient[MSV1_0_CHALLENGE_LENGTH]
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtOpenFile(_Out_ PHANDLE FileHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES ObjectAttributes, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _In_ ULONG ShareAccess, _In_ ULONG OpenOptions)
struct _VAD_HEADER * PVAD_HEADER
WCHAR ObjectNameBuffer[1]
ULONG LSA_OPERATIONAL_MODE
DEFINE_GUID(GUID_ECP_NETWORK_OPEN_CONTEXT, 0xc584edbf, 0x00df, 0x4d28, 0xb8, 0x84, 0x35, 0xba, 0xca, 0x89, 0x11, 0xe8)
_IRQL_requires_same_ NTSTATUS NTAPI LsaFreeReturnBuffer(_In_ PVOID Buffer)
STRING AuthenticationInfo2
_IRQL_requires_same_ _Out_ PHANDLE _Out_ PLSA_OPERATIONAL_MODE SecurityMode
STRING AuthenticationInfo1
struct _OBJECT_HANDLE_ATTRIBUTE_INFO OBJECT_HANDLE_ATTRIBUTE_INFO
OBJECT_TYPE_INFO ObjectsTypeInfo[1]
struct _FILE_OLE_INFORMATION * PFILE_OLE_INFORMATION
MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType
UCHAR UserSessionKey[MSV1_0_USER_SESSION_KEY_LENGTH]
_Must_inspect_result_ __kernel_entry NTSTATUS NTAPI NtQueryInformationToken(_In_ HANDLE TokenHandle, _In_ TOKEN_INFORMATION_CLASS TokenInformationClass, _Out_writes_bytes_to_opt_(TokenInformationLength, *ReturnLength) PVOID TokenInformation, _In_ ULONG TokenInformationLength, _Out_ PULONG ReturnLength)
Queries a specific type of information in regard of an access token based upon the information class....
_At_(*)(_In_ PWSK_CLIENT Client, _In_opt_ PUNICODE_STRING NodeName, _In_opt_ PUNICODE_STRING ServiceName, _In_opt_ ULONG NameSpace, _In_opt_ GUID *Provider, _In_opt_ PADDRINFOEXW Hints, _Outptr_ PADDRINFOEXW *Result, _In_opt_ PEPROCESS OwningProcess, _In_opt_ PETHREAD OwningThread, _Inout_ PIRP Irp Result)(Mem)) NTSTATUS(WSKAPI *PFN_WSK_GET_ADDRESS_INFO
struct _REMOTE_PORT_VIEW REMOTE_PORT_VIEW
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtDeleteObjectAuditAlarm(_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ BOOLEAN GenerateOnClose)
NTKERNELAPI PVOID NTAPI FsRtlAllocatePoolWithTag(_In_ POOL_TYPE PoolType, _In_ ULONG NumberOfBytes, _In_ ULONG Tag)
struct _NETWORK_OPEN_ECP_CONTEXT NETWORK_OPEN_ECP_CONTEXT
struct _QUERY_PATH_REQUEST_EX * PQUERY_PATH_REQUEST_EX
#define _IRQL_requires_same_
_Reserved_ PVOID Reserved
_In_ ACCESS_MASK _In_ ULONG _Out_ PHANDLE TokenHandle
struct _FILE_MAILSLOT_PEEK_BUFFER * PFILE_MAILSLOT_PEEK_BUFFER
_Must_inspect_result_ _In_opt_ PFLT_INSTANCE _Out_ PHANDLE _In_ ACCESS_MASK _In_ POBJECT_ATTRIBUTES _Out_ PIO_STATUS_BLOCK _In_opt_ PLARGE_INTEGER _In_ ULONG FileAttributes
struct _MSV1_0_GETUSERINFO_RESPONSE * PMSV1_0_GETUSERINFO_RESPONSE
struct _MSV1_0_SUBAUTH_LOGON * PMSV1_0_SUBAUTH_LOGON
_In_ WDFREQUEST _In_ WDFFILEOBJECT FileObject
NTKERNELAPI PVOID NTAPI FsRtlAllocatePoolWithQuotaTag(_In_ POOL_TYPE PoolType, _In_ ULONG NumberOfBytes, _In_ ULONG Tag)
struct _LSA_UNICODE_STRING LSA_UNICODE_STRING
enum _FSINFOCLASS FS_INFORMATION_CLASS
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtSetInformationToken(_In_ HANDLE TokenHandle, _In_ TOKEN_INFORMATION_CLASS TokenInformationClass, _In_reads_bytes_(TokenInformationLength) PVOID TokenInformation, _In_ ULONG TokenInformationLength)
Sets (modifies) some specific information in regard of an access token. The calling thread must have ...
struct _FILE_FULL_DIRECTORY_INFORMATION FILE_FULL_DIRECTORY_INFORMATION
_In_ OBJECT_INFORMATION_CLASS ObjectInformationClass
struct _OBJECT_BASIC_INFO OBJECT_BASIC_INFO
_Must_inspect_result_ _In_ WDFIOTARGET _In_opt_ WDFREQUEST _In_opt_ PWDF_MEMORY_DESCRIPTOR OutputBuffer
struct _SRV_OPEN_ECP_CONTEXT SRV_OPEN_ECP_CONTEXT
struct _MSV1_0_GETCHALLENRESP_REQUEST * PMSV1_0_GETCHALLENRESP_REQUEST
struct _MSV1_0_LM20_CHALLENGE_RESPONSE * PMSV1_0_LM20_CHALLENGE_RESPONSE
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtQueryDirectoryFile(_In_ HANDLE FileHandle, _In_opt_ HANDLE Event, _In_opt_ PIO_APC_ROUTINE ApcRoutine, _In_opt_ PVOID ApcContext, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _Out_writes_bytes_(Length) PVOID FileInformation, _In_ ULONG Length, _In_ FILE_INFORMATION_CLASS FileInformationClass, _In_ BOOLEAN ReturnSingleEntry, _In_opt_ PUNICODE_STRING FileName, _In_ BOOLEAN RestartScan)
PSOCKADDR_STORAGE_NFS SocketAddress
SECURITY_LOGON_TYPE LogonType
enum _FILE_INFORMATION_CLASS FILE_INFORMATION_CLASS
#define MSV1_0_CHALLENGE_LENGTH
_Must_inspect_result_ _In_ WDFIOTARGET _In_opt_ WDFREQUEST _In_opt_ PWDF_MEMORY_DESCRIPTOR InputBuffer
struct _MSV1_0_LM20_CHALLENGE_REQUEST * PMSV1_0_LM20_CHALLENGE_REQUEST
struct _GET_RETRIEVAL_DESCRIPTOR * PGET_RETRIEVAL_DESCRIPTOR
NTSTATUS NTAPI NtQuerySecurityObject(IN HANDLE Handle, IN SECURITY_INFORMATION SecurityInformation, OUT PSECURITY_DESCRIPTOR SecurityDescriptor, IN ULONG Length, OUT PULONG ResultLength)
struct _MSV1_0_INTERACTIVE_LOGON * PMSV1_0_INTERACTIVE_LOGON
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtSetInformationFile(_In_ HANDLE FileHandle, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _In_reads_bytes_(Length) PVOID FileInformation, _In_ ULONG Length, _In_ FILE_INFORMATION_CLASS FileInformationClass)
NTSYSAPI NTSTATUS NTAPI RtlSetSaclSecurityDescriptor(_Inout_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ BOOLEAN SaclPresent, _In_ PACL Sacl, _In_ BOOLEAN SaclDefaulted)
LARGE_INTEGER KickOffTime
STRING CaseInsensitiveChallengeResponse
_Must_inspect_result_ _In_opt_ WDFKEY _In_ PCUNICODE_STRING _In_ ACCESS_MASK _In_ ULONG _Out_opt_ PULONG CreateDisposition
_Must_inspect_result_ _In_ ULONG Flags
struct _PORT_VIEW * PPORT_VIEW
struct _OBJECT_BASIC_INFO * POBJECT_BASIC_INFO
IN PVCB IN PDIRENT OUT PULONG EaLength
NTSTATUS NtQueryObject(IN HANDLE Handle, IN OBJECT_INFO_CLASS ObjectInformationClass, OUT PVOID ObjectInformation, IN ULONG ObjectInformationLength, OUT PULONG ReturnLength)
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtCreateFile(_Out_ PHANDLE FileHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES ObjectAttributes, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _In_opt_ PLARGE_INTEGER AllocationSize, _In_ ULONG FileAttributes, _In_ ULONG ShareAccess, _In_ ULONG CreateDisposition, _In_ ULONG CreateOptions, _In_reads_bytes_opt_(EaLength) PVOID EaBuffer, _In_ ULONG EaLength)
OBJECT_ATTRIBUTES LSA_OBJECT_ATTRIBUTES
struct _OBJECT_TYPE_INFO OBJECT_TYPE_INFO
UNICODE_STRING DomainServiceName
struct _MSV1_0_AV_PAIR MSV1_0_AV_PAIR
MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType
struct _NETWORK_OPEN_ECP_CONTEXT_V0::@3892::@3893 in
UCHAR ChallengeToClient[MSV1_0_CHALLENGE_LENGTH]
_Out_ PIO_STATUS_BLOCK _In_ ULONG _In_ BOOLEAN _In_ ULONG _In_opt_ PSID StartSid
ULONG NumberOfLoggedOnUsers
LARGE_INTEGER KickOffTime
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtWriteFile(_In_ HANDLE FileHandle, _In_opt_ HANDLE Event, _In_opt_ PIO_APC_ROUTINE ApcRoutine, _In_opt_ PVOID ApcContext, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _In_reads_bytes_(Length) PVOID Buffer, _In_ ULONG Length, _In_opt_ PLARGE_INTEGER ByteOffset, _In_opt_ PULONG Key)
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE _In_ BOOLEAN _In_ BOOLEAN _In_ KPROCESSOR_MODE _In_opt_ GUID _Out_ PBOOLEAN GenerateOnClose
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtFilterToken(_In_ HANDLE ExistingTokenHandle, _In_ ULONG Flags, _In_opt_ PTOKEN_GROUPS SidsToDisable, _In_opt_ PTOKEN_PRIVILEGES PrivilegesToDelete, _In_opt_ PTOKEN_GROUPS RestrictedSids, _Out_ PHANDLE NewTokenHandle)
Creates an access token in a restricted form from the original existing token, that is,...
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtSetInformationThread(_In_ HANDLE ThreadHandle, _In_ THREADINFOCLASS ThreadInformationClass, _In_reads_bytes_(ThreadInformationLength) PVOID ThreadInformation, _In_ ULONG ThreadInformationLength)
_In_opt_ PFILE_OBJECT _In_opt_ PETHREAD Thread
NTSTATUS WINAPI NtSetSecurityObject(HANDLE Handle, SECURITY_INFORMATION SecurityInformation, PSECURITY_DESCRIPTOR SecurityDescriptor)
NTKERNELAPI NTSTATUS NTAPI ObCreateObject(_In_opt_ KPROCESSOR_MODE ObjectAttributesAccessMode, _In_ POBJECT_TYPE ObjectType, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ KPROCESSOR_MODE AccessMode, _Inout_opt_ PVOID ParseContext, _In_ ULONG ObjectSize, _In_opt_ ULONG PagedPoolCharge, _In_opt_ ULONG NonPagedPoolCharge, _Out_ PVOID *Object)
_In_ OBJECT_INFORMATION_CLASS _In_ ULONG _Out_opt_ PULONG ReturnLength
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtCloseObjectAuditAlarm(_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ BOOLEAN GenerateOnClose)
struct _MSV1_0_LM20_LOGON_PROFILE MSV1_0_LM20_LOGON_PROFILE
PIO_SECURITY_CONTEXT pSecurityContext
enum _MSV1_0_AVID MSV1_0_AVID
enum _TOKEN_INFORMATION_CLASS TOKEN_INFORMATION_CLASS
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtSetVolumeInformationFile(_In_ HANDLE FileHandle, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _In_reads_bytes_(Length) PVOID FsInformation, _In_ ULONG Length, _In_ FS_INFORMATION_CLASS FsInformationClass)
UNICODE_STRING LogonServer
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtPrivilegeCheck(_In_ HANDLE ClientToken, _Inout_ PPRIVILEGE_SET RequiredPrivileges, _Out_ PBOOLEAN Result)
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET * Privileges
NTSTATUS NTAPI NtClose(IN HANDLE Handle)
_In_opt_ HANDLE _In_opt_ PIO_APC_ROUTINE ApcRoutine
MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType
struct _MSV1_0_GETUSERINFO_REQUEST MSV1_0_GETUSERINFO_REQUEST
_NETWORK_OPEN_INTEGRITY_QUALIFIER
UNICODE_STRING ObjectTypeName
NTKERNELAPI BOOLEAN NTAPI FsRtlMdlReadComplete(_In_ PFILE_OBJECT FileObject, _In_ PMDL MdlChain)
struct _MSV1_0_LM20_LOGON MSV1_0_LM20_LOGON
struct _FILE_FULL_DIRECTORY_INFORMATION * PFILE_FULL_DIRECTORY_INFORMATION
UNICODE_STRING Workstation
struct _PUBLIC_OBJECT_TYPE_INFORMATION PUBLIC_OBJECT_TYPE_INFORMATION
UCHAR ChallengeFromClient[MSV1_0_CHALLENGE_LENGTH]
enum _NETWORK_OPEN_INTEGRITY_QUALIFIER NETWORK_OPEN_INTEGRITY_QUALIFIER
struct _NFS_OPEN_ECP_CONTEXT NFS_OPEN_ECP_CONTEXT
_In_ WDFREQUEST _In_ size_t _In_ size_t _In_ ULONG IoControlCode
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID * ProfileBuffer
MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType
LPC_SIZE_T ClientViewSize
UCHAR NtPassword[MSV1_0_OWF_PASSWORD_LENGTH]
_In_ PSID_IDENTIFIER_AUTHORITY _In_ UCHAR SubAuthorityCount
UNICODE_STRING LogonDomainName
_In_ TOKEN_INFORMATION_CLASS _Out_writes_bytes_to_opt_(TokenInformationLength, *ReturnLength) PVOID TokenInformation
#define _Must_inspect_result_
struct _NETWORK_OPEN_ECP_CONTEXT::@3889::@3890 in
_Must_inspect_result_ _In_ WDFDEVICE _In_ BOOLEAN _In_opt_ PVOID Tag
enum _TOKEN_TYPE TOKEN_TYPE
PUBLIC_OBJECT_BASIC_INFORMATION
struct _LSA_UNICODE_STRING * PLSA_UNICODE_STRING
struct _MOVEFILE_DESCRIPTOR * PMOVEFILE_DESCRIPTOR
#define _ANONYMOUS_STRUCT
struct _MSV1_0_GETUSERINFO_RESPONSE MSV1_0_GETUSERINFO_RESPONSE
_Must_inspect_result_ _In_ WDFCOLLECTION _In_ WDFOBJECT Object
* PPUBLIC_OBJECT_BASIC_INFORMATION
_Must_inspect_result_ _In_opt_ WDFKEY _In_ PCUNICODE_STRING _In_ ACCESS_MASK _In_ ULONG CreateOptions
struct _PREFETCH_OPEN_ECP_CONTEXT PREFETCH_OPEN_ECP_CONTEXT
struct _MSV1_0_LM20_LOGON_PROFILE * PMSV1_0_LM20_LOGON_PROFILE
UCHAR ChallengeToClient[MSV1_0_CHALLENGE_LENGTH]
struct _MSV1_0_GETUSERINFO_REQUEST * PMSV1_0_GETUSERINFO_REQUEST
MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType
_In_ TOKEN_INFORMATION_CLASS _In_ ULONG TokenInformationLength
IN PFCB IN PFILE_OBJECT FileObject IN ULONG AllocationSize
struct _MSV1_0_LM20_CHALLENGE_REQUEST MSV1_0_LM20_CHALLENGE_REQUEST
static GENERIC_MAPPING GenericMapping
UCHAR LanmanSessionKey[MSV1_0_LANMAN_SESSION_KEY_LENGTH]
PIO_SECURITY_CONTEXT SecurityContext
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAccessCheckAndAuditAlarm(_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ PUNICODE_STRING ObjectTypeName, _In_ PUNICODE_STRING ObjectName, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ ACCESS_MASK DesiredAccess, _In_ PGENERIC_MAPPING GenericMapping, _In_ BOOLEAN ObjectCreation, _Out_ PACCESS_MASK GrantedAccess, _Out_ PNTSTATUS AccessStatus, _Out_ PBOOLEAN GenerateOnClose)
Raises an alarm audit message when a caller attempts to access an object and determine if the access ...
struct _MSV1_0_ENUMUSERS_REQUEST * PMSV1_0_ENUMUSERS_REQUEST
LARGE_INTEGER PasswordCanChange
enum _THREADINFOCLASS THREADINFOCLASS
#define MSV1_0_OWF_PASSWORD_LENGTH
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtOpenThreadToken(_In_ HANDLE ThreadHandle, _In_ ACCESS_MASK DesiredAccess, _In_ BOOLEAN OpenAsSelf, _Out_ PHANDLE TokenHandle)
Opens a token that is tied to a thread handle.
struct _MSV1_0_GETCHALLENRESP_REQUEST MSV1_0_GETCHALLENRESP_REQUEST
struct _FILE_EXCLUSIVE_LOCK_ENTRY * PFILE_EXCLUSIVE_LOCK_ENTRY
MSV1_0_LOGON_SUBMIT_TYPE MessageType
_In_ THREADINFOCLASS _In_ ULONG ThreadInformationLength
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtQueryVolumeInformationFile(_In_ HANDLE FileHandle, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _Out_writes_bytes_(Length) PVOID FsInformation, _In_ ULONG Length, _In_ FS_INFORMATION_CLASS FsInformationClass)
struct _QUERY_PATH_RESPONSE QUERY_PATH_RESPONSE
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE LogonType
struct _PUBLIC_OBJECT_TYPE_INFORMATION * PPUBLIC_OBJECT_TYPE_INFORMATION
UNICODE_STRING LogonDomainName
struct _OBJECT_PROTECTION_INFO * POBJECT_PROTECTION_INFO
struct _OBJECT_TYPE_INFO * POBJECT_TYPE_INFO
_In_ PFCB _In_ LONGLONG FileOffset
UCHAR ChallengeToClient[MSV1_0_CHALLENGE_LENGTH]
MSV1_0_PROFILE_BUFFER_TYPE MessageType
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtLockFile(_In_ HANDLE FileHandle, _In_opt_ HANDLE Event, _In_opt_ PIO_APC_ROUTINE ApcRoutine, _In_opt_ PVOID ApcContext, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _In_ PLARGE_INTEGER ByteOffset, _In_ PLARGE_INTEGER Length, _In_ ULONG Key, _In_ BOOLEAN FailImmediately, _In_ BOOLEAN ExclusiveLock)
struct _NFS_OPEN_ECP_CONTEXT * PNFS_OPEN_ECP_CONTEXT
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE _In_ BOOLEAN _In_ BOOLEAN AccessGranted
enum _SECURITY_LOGON_TYPE SECURITY_LOGON_TYPE
_Inout_ PLIST_ENTRY NotifyList
#define FIELD_OFFSET(t, f)
NETWORK_OPEN_LOCATION_QUALIFIER Location
struct _OBJECT_PROTECTION_INFO OBJECT_PROTECTION_INFO
UNICODE_STRING HomeDirectoryDrive
static OUT PIO_STATUS_BLOCK IoStatusBlock
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtPrivilegeObjectAuditAlarm(_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ HANDLE ClientToken, _In_ ACCESS_MASK DesiredAccess, _In_ PPRIVILEGE_SET Privileges, _In_ BOOLEAN AccessGranted)
NTKERNELAPI NTSTATUS NTAPI ObReferenceObjectByName(_In_ PUNICODE_STRING ObjectName, _In_ ULONG Attributes, _In_opt_ PACCESS_STATE PassedAccessState, _In_opt_ ACCESS_MASK DesiredAccess, _In_ POBJECT_TYPE ObjectType, _In_ KPROCESSOR_MODE AccessMode, _Inout_opt_ PVOID ParseContext, _Out_ PVOID *Object)
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtQueryQuotaInformationFile(_In_ HANDLE FileHandle, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _Out_writes_bytes_(Length) PVOID Buffer, _In_ ULONG Length, _In_ BOOLEAN ReturnSingleEntry, _In_reads_bytes_opt_(SidListLength) PVOID SidList, _In_ ULONG SidListLength, _In_reads_bytes_opt_((8+(4 *((SID *) StartSid) ->SubAuthorityCount))) PSID StartSid, _In_ BOOLEAN RestartScan)
_Must_inspect_result_ typedef _In_ PHYSICAL_ADDRESS _Inout_ PLARGE_INTEGER NumberOfBytes
struct _FILE_SHARED_LOCK_ENTRY FILE_SHARED_LOCK_ENTRY
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID LogonId
_Inout_ PLIST_ENTRY _In_ PVOID _In_ PSTRING _In_ BOOLEAN _In_ BOOLEAN _In_ ULONG CompletionFilter
UNICODE_STRING UserParameters
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtUnlockFile(_In_ HANDLE FileHandle, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _In_ PLARGE_INTEGER ByteOffset, _In_ PLARGE_INTEGER Length, _In_ ULONG Key)
_ANONYMOUS_STRUCT struct _NETWORK_OPEN_ECP_CONTEXT::@3889 DUMMYSTRUCTNAME
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_opt_ PLARGE_INTEGER MaximumSize
struct _MSV1_0_ENUMUSERS_RESPONSE * PMSV1_0_ENUMUSERS_RESPONSE
IN PLARGE_INTEGER IN PLARGE_INTEGER PEPROCESS ULONG BOOLEAN BOOLEAN ExclusiveLock
_MSV1_0_LOGON_SUBMIT_TYPE
_Must_inspect_result_ _In_ PFILE_OBJECT _In_ ULONG FsControlCode
struct _QUERY_PATH_REQUEST QUERY_PATH_REQUEST
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtOpenProcessTokenEx(_In_ HANDLE ProcessHandle, _In_ ACCESS_MASK DesiredAccess, _In_ ULONG HandleAttributes, _Out_ PHANDLE TokenHandle)
struct _MSV1_0_INTERACTIVE_PROFILE MSV1_0_INTERACTIVE_PROFILE
enum _MSV1_0_PROFILE_BUFFER_TYPE MSV1_0_PROFILE_BUFFER_TYPE
enum _NETWORK_OPEN_LOCATION_QUALIFIER NETWORK_OPEN_LOCATION_QUALIFIER
#define _In_reads_bytes_opt_(size)
_ANONYMOUS_STRUCT struct _NETWORK_OPEN_ECP_CONTEXT_V0::@3892 DUMMYSTRUCTNAME
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
struct _PORT_MESSAGE PORT_MESSAGE
STRING CaseSensitiveChallengeResponse
struct _MSV1_0_SUBAUTH_LOGON MSV1_0_SUBAUTH_LOGON
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ _Strict_type_match_ POOL_TYPE PoolType
struct _MSV1_0_LM20_CHALLENGE_RESPONSE MSV1_0_LM20_CHALLENGE_RESPONSE
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtImpersonateAnonymousToken(_In_ HANDLE ThreadHandle)
Allows the calling thread to impersonate the system's anonymous logon token.
MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType
ACCESS_MASK * PACCESS_MASK
NTSTATUS NTAPI LsaRegisterLogonProcess(PLSA_STRING, PHANDLE, PLSA_OPERATIONAL_MODE)
_In_ ACCESS_MASK _In_ BOOLEAN OpenAsSelf
struct _MSV1_0_GETCHALLENRESP_RESPONSE * PMSV1_0_GETCHALLENRESP_RESPONSE
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL Sacl
PUNICODE_STRING ExportAlias
ACCESS_MASK GrantedAccess
UNICODE_STRING LogonServer
enum _MSV1_0_LOGON_SUBMIT_TYPE MSV1_0_LOGON_SUBMIT_TYPE
enum _MSV1_0_LOGON_SUBMIT_TYPE * PMSV1_0_LOGON_SUBMIT_TYPE
struct _REMOTE_PORT_VIEW * PREMOTE_PORT_VIEW
enum _MSV1_0_PROTOCOL_MESSAGE_TYPE MSV1_0_PROTOCOL_MESSAGE_TYPE
NTKERNELAPI LARGE_INTEGER NTAPI CcGetLsnForFileObject(_In_ PFILE_OBJECT FileObject, _Out_opt_ PLARGE_INTEGER OldestLsn)
#define MSV1_0_NTLM3_RESPONSE_LENGTH
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAdjustGroupsToken(_In_ HANDLE TokenHandle, _In_ BOOLEAN ResetToDefault, _In_opt_ PTOKEN_GROUPS NewState, _In_opt_ ULONG BufferLength, _Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_GROUPS PreviousState, _Out_ PULONG ReturnLength)
enum _MSV1_0_PROFILE_BUFFER_TYPE MSV1_0_PROFILE_BUFFER_TYPE
MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType
struct _FILE_OLE_CLASSID_INFORMATION FILE_OLE_CLASSID_INFORMATION
struct _OBJECT_ALL_TYPES_INFO OBJECT_ALL_TYPES_INFO
_Out_ PBOOLEAN _Out_ PACL _Out_ PBOOLEAN SaclDefaulted
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAccessCheckByTypeResultListAndAuditAlarm(_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ PUNICODE_STRING ObjectTypeName, _In_ PUNICODE_STRING ObjectName, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_opt_ PSID PrincipalSelfSid, _In_ ACCESS_MASK DesiredAccess, _In_ AUDIT_EVENT_TYPE AuditType, _In_ ULONG Flags, _In_reads_opt_(ObjectTypeListLength) POBJECT_TYPE_LIST ObjectTypeList, _In_ ULONG ObjectTypeListLength, _In_ PGENERIC_MAPPING GenericMapping, _In_ BOOLEAN ObjectCreation, _Out_writes_(ObjectTypeListLength) PACCESS_MASK GrantedAccess, _Out_writes_(ObjectTypeListLength) PNTSTATUS AccessStatus, _Out_ PBOOLEAN GenerateOnClose)
Raises an alarm audit message when a caller attempts to access an object and determine if the access ...
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN EffectiveOnly
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK GrantedAccess
_In_ HANDLE ProcessHandle
ULONG * PLSA_OPERATIONAL_MODE
struct _OBJECT_BASIC_INFORMATION OBJECT_BASIC_INFORMATION
struct _MSV1_0_SUPPLEMENTAL_CREDENTIAL * PMSV1_0_SUPPLEMENTAL_CREDENTIAL
#define _Out_writes_bytes_(size)
UNICODE_STRING ObjectName
struct _PORT_MESSAGE::@3896::@3902 s2
PSOCKADDR_STORAGE_NFS ClientSocketAddress
NTKERNELAPI PVOID NTAPI FsRtlAllocatePool(_In_ POOL_TYPE PoolType, _In_ ULONG NumberOfBytes)
UNICODE_STRING LogonDomainName
struct _NFS_OPEN_ECP_CONTEXT ** PPNFS_OPEN_ECP_CONTEXT
_Inout_ PLIST_ENTRY _In_ PVOID _In_ PSTRING FullDirectoryName
_In_ SECURITY_INFORMATION SecurityInformation
struct _OBJECT_ALL_TYPES_INFO * POBJECT_ALL_TYPES_INFO
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtFsControlFile(_In_ HANDLE FileHandle, _In_opt_ HANDLE Event, _In_opt_ PIO_APC_ROUTINE ApcRoutine, _In_opt_ PVOID ApcContext, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _In_ ULONG FsControlCode, _In_reads_bytes_opt_(InputBufferLength) PVOID InputBuffer, _In_ ULONG InputBufferLength, _Out_writes_bytes_opt_(OutputBufferLength) PVOID OutputBuffer, _In_ ULONG OutputBufferLength)
#define MSV1_0_LANMAN_SESSION_KEY_LENGTH
struct _OBJECT_BASIC_INFORMATION * POBJECT_BASIC_INFORMATION
MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType
_In_ WDF_POWER_DEVICE_STATE PreviousState
_In_ OBJECT_INFORMATION_CLASS _Out_writes_bytes_opt_(ObjectInformationLength) PVOID ObjectInformation
IN PDCB IN PCCB IN VBO IN OUT PULONG OUT PDIRENT OUT PBCB OUT PVBO ByteOffset
_NETWORK_OPEN_LOCATION_QUALIFIER
UNICODE_STRING LogonDomainName
_In_ TOKEN_INFORMATION_CLASS TokenInformationClass
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtSetQuotaInformationFile(_In_ HANDLE FileHandle, _Out_ PIO_STATUS_BLOCK IoStatusBlock, _In_reads_bytes_(Length) PVOID Buffer, _In_ ULONG Length)
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE TokenType
UNICODE_STRING LogonServer
_Must_inspect_result_ _In_ WDFDMAENABLER _In_ _In_opt_ PWDF_OBJECT_ATTRIBUTES Attributes
struct _OBJECT_NAME_INFO * POBJECT_NAME_INFO
struct _MSV1_0_INTERACTIVE_LOGON MSV1_0_INTERACTIVE_LOGON
#define _Out_writes_(size)
enum _SECURITY_LOGON_TYPE * PSECURITY_LOGON_TYPE
NETWORK_OPEN_INTEGRITY_QUALIFIER Integrity
1.8.15