83 HaveBackupPriv =
TRUE;
116 HaveBackupPriv =
TRUE;
121 AccessState->RemainingDesiredAccess &= ~WriteAccess;
129 if (!HaveBackupPriv) *
CreateOptions &= ~FILE_OPEN_FOR_BACKUP_INTENT;
147 DPRINT1(
"You are seeing this because the following ROS driver: %wZ\n"
148 " sucks. Please fix it's AddDevice Routine\n",
154 !(OpenPacket->RelatedFileObject) &&
191 (DataBuffer->SymbolicLinkReparseBuffer.PrintNameLength +
192 DataBuffer->SymbolicLinkReparseBuffer.SubstituteNameLength +
203 DataBuffer->MountPointReparseBuffer.SubstituteNameOffset);
204 Length = DataBuffer->MountPointReparseBuffer.SubstituteNameLength;
225 if (NewBuffer ==
NULL)
237 if (DataBuffer->Reserved)
241 DataBuffer->Reserved);
312 if (OpenPacket->TraversedMountPoint)
314 OpenPacket->TraversedMountPoint =
FALSE;
345 BOOLEAN DirectOpen =
FALSE, OpenCancelled, UseDummyFile;
499 OriginalDeviceObject,
501 OriginalDeviceObject->SecurityDescriptor,
581 DPRINT1(
"Traverse access failed!\n");
631 if ((OriginalDeviceObject->Vpb) && !(DirectOpen))
635 OriginalDeviceObject,
725 OriginalDeviceObject->SecurityDescriptor,
767 Irp->Tail.Overlay.AuxiliaryBuffer =
NULL;
813 Irp->AssociatedIrp.SystemBuffer = OpenPacket->
EaBuffer;
922 FileObject->FileObjectExtension = FileObjectExtension;
947 FileObject->DeviceObject = OriginalDeviceObject;
1111 if (CompleteName->MaximumLength <
FileObject->FileName.Length)
1113 PWSTR NewCompleteName;
1117 if (NewCompleteName ==
NULL)
1124 if (CompleteName->Buffer !=
NULL)
1135 CompleteName->Buffer = NewCompleteName;
1136 CompleteName->MaximumLength =
FileObject->FileName.Length;
1189 KeBugCheckEx(DRIVER_RETURNED_STATUS_REPARSE_FOR_VOLUME_OPEN,
1264 sizeof(*FileBasicInfo),
1271 sizeof(*FileBasicInfo),
1403 Irp->UserIosb = &
Irp->IoStatus;
1429 DereferenceDone =
TRUE;
1476 if (!DereferenceDone)
1543 OldSecurityDescriptor =
DeviceObject->SecurityDescriptor;
1544 if (OldSecurityDescriptor !=
NULL)
1553 NewSecurityDescriptor = OldSecurityDescriptor;
1560 if (OldSecurityDescriptor !=
NULL)
1570 &CachedSecurityDescriptor, 1);
1581 if (
DeviceObject->SecurityDescriptor == OldSecurityDescriptor)
1584 DeviceObject->SecurityDescriptor = CachedSecurityDescriptor;
1631 if (CurrentDO == UpperDeviceObject)
1637 NextDevice = CurrentDO->AttachedDevice;
1645 CurrentDO = NextDevice;
1647 while (CurrentDO !=
NULL);
1705 if (OperationCode == QuerySecurityDescriptor)
1712 else if (OperationCode == DeleteSecurityDescriptor)
1717 else if (OperationCode == AssignSecurityDescriptor)
1734 DeviceObject->SecurityDescriptor = CachedSecurityDescriptor;
1744 else if (OperationCode == SetSecurityDescriptor)
1773 else if (OperationCode == DeleteSecurityDescriptor)
1817 Irp->Overlay.AsynchronousParameters.UserApcRoutine =
NULL;
1824 if (OperationCode == QuerySecurityDescriptor)
1889 if (OperationCode == QuerySecurityDescriptor)
1902 else if (OperationCode == QuerySecurityDescriptor)
1987 if (
Length < LocalReturnLength)
2015 &LocalReturnLength);
2030 p = (
PWCHAR)(ObjectNameInfo + 1);
2035 if (QueryDosName && NoObCall)
2056 (LocalReturnLength >
Length) ?
2057 Length : LocalReturnLength);
2061 ObjectNameInfo->Name.Buffer =
p;
2067 if (LocalReturnLength >
Length)
2072 LengthMismatch =
TRUE;
2092 &LocalReturnLength);
2100 &LocalReturnLength);
2164 ObjectNameInfo->Name.MaximumLength = (
USHORT)ObjectNameInfo->Name.Length +
2195 if (HandleCount != 1)
return;
2198 if ((
FileObject->LockOperation) && (SystemHandleCount != 1))
2232 Irp->UserIosb = &
Irp->IoStatus;
2237 Irp->Overlay.AsynchronousParameters.UserApcRoutine =
NULL;
2268 if (SystemHandleCount != 1)
return;
2301 Irp->UserIosb = &
Irp->IoStatus;
2304 Irp->Overlay.AsynchronousParameters.UserApcRoutine =
NULL;
2415 DPRINT(
"IopQueryAttributesFile failed for '%wZ' with 0x%lx\n",
2434 FileInformationSize);
2480 *LockFailed =
FALSE;
2502 FileObjectExtension =
FileObject->FileObjectExtension;
2523 FileObjectExtension =
FileObject->FileObjectExtension;
2577 ULONG EaErrorOffset;
2601 DPRINT1(
"File Create 'FileAttributes' Parameter contains invalid flags!\n");
2607 DPRINT1(
"File Create 'ShareAccess' Parameter contains invalid flags!\n");
2613 DPRINT1(
"File Create 'Disposition' Parameter is out of range!\n");
2619 DPRINT1(
"File Create 'CreateOptions' parameter contains invalid flags!\n");
2626 DPRINT1(
"File Create 'CreateOptions' parameter FILE_SYNCHRONOUS_IO_* requested, but 'DesiredAccess' does not have SYNCHRONIZE!\n");
2632 DPRINT1(
"File Create 'CreateOptions' parameter FILE_DELETE_ON_CLOSE requested, but 'DesiredAccess' does not have DELETE!\n");
2639 DPRINT1(
"File Create 'FileAttributes' parameter both FILE_SYNCHRONOUS_IO_NONALERT and FILE_SYNCHRONOUS_IO_ALERT specified!\n");
2656 DPRINT1(
"File Create 'CreateOptions' Parameter has flags incompatible with FILE_DIRECTORY_FILE!\n");
2663 DPRINT1(
"File Create 'CreateOptions' Parameter FILE_DIRECTORY_FILE requested, but 'Disposition' is not FILE_CREATE/FILE_OPEN/FILE_OPEN_IF!\n");
2669 DPRINT1(
"File Create 'CreateOptions' Parameter both FILE_COMPLETE_IF_OPLOCKED and FILE_RESERVE_OPFILTER specified!\n");
2675 DPRINT1(
"File Create 'CreateOptions' parameter FILE_NO_INTERMEDIATE_BUFFERING requested, but 'DesiredAccess' FILE_APPEND_DATA requires it!\n");
2683 if (!ExtraCreateParameters)
2685 DPRINT1(
"Invalid parameter: ExtraCreateParameters == 0!\n");
2690 NamedPipeCreateParameters = ExtraCreateParameters;
2699 DPRINT1(
"Invalid named pipe create\n");
2706 if (!ExtraCreateParameters)
2708 DPRINT1(
"Invalid parameter: ExtraCreateParameters == 0!\n");
2719 DPRINT1(
"Invalid mailslot create\n");
2750 if (SafeAllocationSize.
QuadPart < 0)
2775 DPRINT1(
"Invalid EA buffer\n");
2823 DPRINT1(
"Failed to allocate open packet EA buffer\n");
2838 DPRINT1(
"Invalid EA buffer\n");
2850 OpenPacket->
Size =
sizeof(*OpenPacket);
3039 ExtraCreateParameters,
3089 ExtraCreateParameters,
3127 (
PVOID*)&CreatedFileObject);
3150 (
PVOID*)&CreatedFileObject,
3179 return CreatedFileObject;
3224 (
PVOID*)&CreatedFileObject);
3259 return CreatedFileObject;
3623 Irp->UserIosb = &
Irp->IoStatus;
3624 Irp->Overlay.AsynchronousParameters.UserApcRoutine =
NULL;
3681 if (LocalInfo ==
NULL)
3733 if (Remote && !FlagSet)
3738 else if (!Remote && FlagSet)
3823 Buffer.ReadTimeout = *TimeOut;
3836 Buffer.MailslotQuota = MailslotQuota;
3837 Buffer.MaximumMessageSize = MaxMessageSize;
3899 Buffer.DefaultTimeout = *DefaultTimeout;
3912 Buffer.NamedPipeType = NamedPipeType;
3913 Buffer.ReadMode = ReadMode;
3914 Buffer.CompletionMode = CompletionMode;
3915 Buffer.MaximumInstances = MaximumInstances;
3916 Buffer.InboundQuota = InboundQuota;
3917 Buffer.OutboundQuota = OutboundQuota;
4071 NextEntry = ListHead->
Flink;
4072 while (ListHead != NextEntry)
4080 OurIrpsInList =
TRUE;
4084 NextEntry = NextEntry->
Flink;
4097 while (OurIrpsInList)
4101 OurIrpsInList =
FALSE;
4107 NextEntry = ListHead->
Flink;
4108 while (NextEntry != ListHead)
4115 OurIrpsInList =
TRUE;
4120 NextEntry = NextEntry->
Flink;
static GENERIC_MAPPING GenericMapping
BOOLEAN NTAPI SeAccessCheck(_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext, _In_ BOOLEAN SubjectContextLocked, _In_ ACCESS_MASK DesiredAccess, _In_ ACCESS_MASK PreviouslyGrantedAccess, _Out_ PPRIVILEGE_SET *Privileges, _In_ PGENERIC_MAPPING GenericMapping, _In_ KPROCESSOR_MODE AccessMode, _Out_ PACCESS_MASK GrantedAccess, _Out_ PNTSTATUS AccessStatus)
Determines whether security access rights can be given to an object depending on the security descrip...
#define OBJ_NAME_PATH_SEPARATOR
#define InterlockedIncrement
#define InterlockedExchange
#define InterlockedDecrement
#define FILE_DIRECTORY_FILE
#define FILE_NON_DIRECTORY_FILE
#define FILE_OPEN_FOR_FREE_SPACE_QUERY
#define FILE_COMPLETE_IF_OPLOCKED
#define FILE_DELETE_ON_CLOSE
PDEVICE_OBJECT PhysicalDeviceObject
_Inout_ PFCB _Inout_ PUNICODE_STRING RemainingName
#define FILE_DEVICE_SECURE_OPEN
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
#define STATUS_NOT_IMPLEMENTED
#define STATUS_OBJECT_TYPE_MISMATCH
#define NT_SUCCESS(StatCode)
_In_ PIO_STACK_LOCATION _Inout_ PFILE_OBJECT _Inout_ PVCB _Outptr_result_maybenull_ PDCB _In_ PDCB _In_ PDIRENT _In_ ULONG _In_ ULONG _In_ PUNICODE_STRING _In_ PACCESS_MASK _In_ USHORT ShareAccess
IN CINT OUT PVOID IN ULONG OUT PULONG ReturnLength
#define ExAllocatePoolWithTag(hernya, size, tag)
#define PsGetCurrentThread()
#define KeRaiseIrql(irql, oldIrql)
#define KeWaitForSingleObject(pEvt, foo, a, b, c)
struct _DEVICE_OBJECT * PDEVICE_OBJECT
#define KeInitializeEvent(pEvt, foo, foo2)
#define KeLowerIrql(oldIrql)
#define KeSetEvent(pEvt, foo, foo2)
#define ExAcquireResourceExclusiveLite(res, wait)
#define DO_DEVICE_INITIALIZING
#define KeDelayExecutionThread(mode, foo, t)
#define DO_NEVER_LAST_DEVICE
#define ExAcquireResourceSharedLite(res, wait)
VOID NTAPI KeClearEvent(IN PKEVENT Event)
#define ExGetPreviousMode
VOID NTAPI ProbeForRead(IN CONST VOID *Address, IN SIZE_T Length, IN ULONG Alignment)
VOID NTAPI ProbeForWrite(IN PVOID Address, IN SIZE_T Length, IN ULONG Alignment)
#define BooleanFlagOn(F, SF)
IN OUT PVCB IN PDEVICE_OBJECT IN PVPB Vpb
IN PVCB IN PDIRENT OUT PULONG EaLength
IN PFCB IN PFILE_OBJECT FileObject IN ULONG AllocationSize
VOID NTAPI FsRtlPTeardownPerFileObjectContexts(IN PFILE_OBJECT FileObject)
_Must_inspect_result_ _In_opt_ PFLT_INSTANCE _Out_ PHANDLE _In_ ACCESS_MASK _In_ POBJECT_ATTRIBUTES _Out_ PIO_STATUS_BLOCK _In_opt_ PLARGE_INTEGER _In_ ULONG FileAttributes
_Must_inspect_result_ _In_opt_ PFLT_INSTANCE _Out_ PHANDLE FileHandle
_In_opt_ PFILE_OBJECT _In_opt_ PETHREAD Thread
_Must_inspect_result_ _In_ PFILE_OBJECT _In_ SECURITY_INFORMATION SecurityInformation
#define FILE_OPEN_BY_FILE_ID
@ FileNetworkOpenInformation
#define FILE_MAXIMUM_DISPOSITION
#define FILE_NO_COMPRESSION
enum _FILE_INFORMATION_CLASS FILE_INFORMATION_CLASS
#define FILE_OPEN_REPARSE_POINT
#define FILE_RESERVE_OPFILTER
#define FILE_SYNCHRONOUS_IO_NONALERT
#define FILE_NO_INTERMEDIATE_BUFFERING
#define FILE_RANDOM_ACCESS
#define FILE_WRITE_THROUGH
#define FILE_SEQUENTIAL_ONLY
#define FILE_SYNCHRONOUS_IO_ALERT
#define FILE_OPEN_FOR_BACKUP_INTENT
_In_ PLIST_ENTRY _In_ PSTRING _In_ USHORT _In_opt_ PSTRING _In_opt_ PSTRING _In_ ULONG _In_ ULONG _In_opt_ PVOID _In_opt_ PVOID FilterContext
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
VOID NTAPI KeFlushWriteBuffer(VOID)
VOID FASTCALL KeReleaseQueuedSpinLock(IN KSPIN_LOCK_QUEUE_NUMBER LockNumber, IN KIRQL OldIrql)
KIRQL FASTCALL KeAcquireQueuedSpinLock(IN KSPIN_LOCK_QUEUE_NUMBER LockNumber)
__in WDFOBJECT __in PCWDF_OBJECT_CONTEXT_TYPE_INFO TypeInfo
HLOCAL NTAPI LocalHandle(LPCVOID pMem)
#define EXCEPTION_EXECUTE_HANDLER
#define OBJ_CASE_INSENSITIVE
struct _FILE_NAME_INFORMATION * PFILE_NAME_INFORMATION
#define InterlockedCompareExchangePointer
static __inline NTSTATUS IopLockFileObject(_In_ PFILE_OBJECT FileObject, _In_ KPROCESSOR_MODE WaitMode)
static __inline BOOLEAN IopValidateOpenPacket(IN POPEN_PACKET OpenPacket)
FORCEINLINE VOID IopQueueIrpToThread(IN PIRP Irp)
static __inline VOID IopUpdateOperationCount(IN IOP_TRANSFER_TYPE Type)
static __inline VOID IopUnlockFileObject(IN PFILE_OBJECT FileObject)
FORCEINLINE VOID IopUnQueueIrpFromThread(IN PIRP Irp)
NTSTATUS NTAPI IoQueryFileInformation(IN PFILE_OBJECT FileObject, IN FILE_INFORMATION_CLASS FileInformationClass, IN ULONG Length, OUT PVOID FileInformation, OUT PULONG ReturnedLength)
POBJECT_TYPE IoFileObjectType
#define KeLeaveCriticalRegion()
#define KeEnterCriticalRegion()
#define REPARSE_DATA_BUFFER_HEADER_SIZE
#define ExFreePoolWithTag(_P, _T)
#define FILE_BASIC_INFORMATION
static OUT PIO_STATUS_BLOCK IoStatusBlock
static OUT PIO_STATUS_BLOCK OUT PVOID FileInformation
static OUT PIO_STATUS_BLOCK OUT PVOID IN ULONG IN FILE_INFORMATION_CLASS FileInformationClass
#define InitializeObjectAttributes(p, n, a, r, s)
DWORD * PSECURITY_INFORMATION
__in UCHAR __in POWER_STATE __in_opt PVOID __in PIO_STATUS_BLOCK IoStatus
_Out_ PNDIS_HANDLE _Out_ PUINT FileLength
_Must_inspect_result_ _Out_ PNDIS_STATUS _Out_ PNDIS_STATUS _Out_ PNDIS_HANDLE _Out_ PUINT _In_ UINT _In_ NDIS_HANDLE _In_ NDIS_HANDLE _In_ PNDIS_STRING _In_ UINT OpenOptions
#define KeGetPreviousMode()
_In_ ACCESS_MASK _In_ POBJECT_ATTRIBUTES _Reserved_ ULONG _In_opt_ PUNICODE_STRING _In_ ULONG _Out_opt_ PULONG Disposition
_In_ PVOID _In_ BOOLEAN Alertable
struct _EXTENDED_DEVOBJ_EXTENSION * PEXTENDED_DEVOBJ_EXTENSION
#define DOE_DELETE_PENDING
#define FILE_PIPE_MESSAGE_TYPE
#define FO_FILE_OBJECT_HAS_EXTENSION
#define IO_ATTACH_DEVICE_API
#define DOE_REMOVE_PROCESSED
#define DOE_UNLOAD_PENDING
#define FILE_PIPE_COMPLETE_OPERATION
#define DOE_REMOVE_PENDING
#define FILE_PIPE_MESSAGE_MODE
NTSYSAPI NTSTATUS NTAPI ZwClose(_In_ HANDLE Handle)
#define OBJECT_TO_OBJECT_HEADER(o)
DECLSPEC_NORETURN NTSYSAPI VOID NTAPI RtlRaiseStatus(_In_ NTSTATUS Status)
NTSYSAPI VOID NTAPI RtlMapGenericMask(PACCESS_MASK AccessMask, PGENERIC_MAPPING GenericMapping)
NTSYSAPI VOID NTAPI RtlCopyUnicodeString(PUNICODE_STRING DestinationString, PUNICODE_STRING SourceString)
#define FILE_ATTRIBUTE_VALID_FLAGS
#define ACCESS_SYSTEM_SECURITY
#define FILE_READ_ATTRIBUTES
#define FILE_VALID_PIPE_OPTION_FLAGS
struct _OBJECT_NAME_INFORMATION OBJECT_NAME_INFORMATION
#define FILE_SHARE_DELETE
#define FILE_SHARE_VALID_FLAGS
#define FILE_VALID_OPTION_FLAGS
#define FILE_ADD_SUBDIRECTORY
#define FILE_VALID_MAILSLOT_OPTION_FLAGS
NTSTATUS NTAPI NtCreateFile(OUT PHANDLE FileHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, OUT PIO_STATUS_BLOCK IoStatusBlock, IN PLARGE_INTEGER AllocationSize OPTIONAL, IN ULONG FileAttributes, IN ULONG ShareAccess, IN ULONG CreateDisposition, IN ULONG CreateOptions, IN PVOID EaBuffer OPTIONAL, IN ULONG EaLength)
#define FILE_GENERIC_READ
#define FILE_GENERIC_WRITE
_In_ ULONG _In_ ULONG _In_ ULONG Length
VOID FASTCALL ExReleaseResourceLite(IN PERESOURCE Resource)
GENERIC_MAPPING IopFileMapping
#define IOP_USE_TOP_LEVEL_DEVICE_HINT
struct _OPEN_PACKET * POPEN_PACKET
PVPB NTAPI IopCheckVpbMounted(IN POPEN_PACKET OpenPacket, IN PDEVICE_OBJECT DeviceObject, IN PUNICODE_STRING RemainingName, OUT PNTSTATUS Status)
struct _FILE_OBJECT_EXTENSION FILE_OBJECT_EXTENSION
BOOLEAN NTAPI IopVerifyDeviceObjectOnStack(IN PDEVICE_OBJECT BaseDeviceObject, IN PDEVICE_OBJECT TopDeviceObjectHint)
VOID NTAPI IopDereferenceDeviceObject(IN PDEVICE_OBJECT DeviceObject, IN BOOLEAN ForceUnload)
NTSTATUS NTAPI IopCleanupFailedIrp(IN PFILE_OBJECT FileObject, IN PKEVENT EventObject, IN PVOID Buffer OPTIONAL)
PIRP NTAPI IopAllocateIrpMustSucceed(IN CCHAR StackSize)
#define IOP_CREATE_FILE_OBJECT_EXTENSION
#define IOP_MAX_REPARSE_TRAVERSAL
#define IOTRACE(x, fmt,...)
struct _FILE_OBJECT_EXTENSION * PFILE_OBJECT_EXTENSION
NTSTATUS NTAPI IopGetFileInformation(IN PFILE_OBJECT FileObject, IN ULONG Length, IN FILE_INFORMATION_CLASS FileInfoClass, OUT PVOID Buffer, OUT PULONG ReturnedLength)
VOID NTAPI IopDereferenceVpbAndFree(IN PVPB Vpb)
struct _OPEN_PACKET OPEN_PACKET
#define IoGetDevObjExtension(DeviceObject)
const LUID SeBackupPrivilege
const LUID SeRestorePrivilege
NTSTATUS NTAPI SeSetWorldSecurityDescriptor(_In_ SECURITY_INFORMATION SecurityInformation, _In_ PISECURITY_DESCRIPTOR SecurityDescriptor, _In_ PULONG BufferLength)
Sets a "World" security descriptor.
BOOLEAN NTAPI SeFastTraverseCheck(_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ PACCESS_STATE AccessState, _In_ ACCESS_MASK DesiredAccess, _In_ KPROCESSOR_MODE AccessMode)
Determines whether security access rights can be given to an object depending on the security descrip...
PDEVICE_OBJECT NTAPI IoGetRelatedDeviceObject(IN PFILE_OBJECT FileObject)
PDEVICE_OBJECT NTAPI IoGetAttachedDevice(PDEVICE_OBJECT DeviceObject)
NTSTATUS NTAPI IopQueryAttributesFile(IN POBJECT_ATTRIBUTES ObjectAttributes, IN FILE_INFORMATION_CLASS FileInformationClass, IN ULONG FileInformationSize, OUT PVOID FileInformation)
VOID NTAPI IoCancelFileOpen(IN PDEVICE_OBJECT DeviceObject, IN PFILE_OBJECT FileObject)
NTSTATUS NTAPI IoChangeFileObjectFilterContext(IN PFILE_OBJECT FileObject, IN PVOID FilterContext, IN BOOLEAN Define)
VOID NTAPI IoSetShareAccess(IN ACCESS_MASK DesiredAccess, IN ULONG DesiredShareAccess, IN PFILE_OBJECT FileObject, OUT PSHARE_ACCESS ShareAccess)
NTSTATUS NTAPI NtQueryAttributesFile(IN POBJECT_ATTRIBUTES ObjectAttributes, OUT PFILE_BASIC_INFORMATION FileInformation)
NTSTATUS NTAPI NtCancelIoFile(IN HANDLE FileHandle, OUT PIO_STATUS_BLOCK IoStatusBlock)
NTSTATUS NTAPI IopSetDeviceSecurityDescriptor(IN PDEVICE_OBJECT DeviceObject, IN PSECURITY_INFORMATION SecurityInformation, IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN POOL_TYPE PoolType, IN PGENERIC_MAPPING GenericMapping)
NTSTATUS NTAPI IoSetFileOrigin(IN PFILE_OBJECT FileObject, IN BOOLEAN Remote)
NTSTATUS NTAPI IoCreateFile(OUT PHANDLE FileHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, OUT PIO_STATUS_BLOCK IoStatusBlock, IN PLARGE_INTEGER AllocationSize OPTIONAL, IN ULONG FileAttributes, IN ULONG ShareAccess, IN ULONG Disposition, IN ULONG CreateOptions, IN PVOID EaBuffer OPTIONAL, IN ULONG EaLength, IN CREATE_FILE_TYPE CreateFileType, IN PVOID ExtraCreateParameters OPTIONAL, IN ULONG Options)
ERESOURCE IopSecurityResource
BOOLEAN NTAPI IoFastQueryNetworkAttributes(IN POBJECT_ATTRIBUTES ObjectAttributes, IN ACCESS_MASK DesiredAccess, IN ULONG OpenOptions, OUT PIO_STATUS_BLOCK IoStatus, OUT PFILE_NETWORK_OPEN_INFORMATION Buffer)
NTSTATUS NTAPI IoCheckQuotaBufferValidity(IN PFILE_QUOTA_INFORMATION QuotaBuffer, IN ULONG QuotaLength, OUT PULONG ErrorOffset)
NTSTATUS NTAPI IoCheckShareAccess(IN ACCESS_MASK DesiredAccess, IN ULONG DesiredShareAccess, IN PFILE_OBJECT FileObject, IN PSHARE_ACCESS ShareAccess, IN BOOLEAN Update)
NTSTATUS NTAPI IopAcquireFileObjectLock(_In_ PFILE_OBJECT FileObject, _In_ KPROCESSOR_MODE WaitMode, _In_ BOOLEAN Alertable, _Out_ PBOOLEAN LockFailed)
NTSTATUS NTAPI IopQueryNameInternal(IN PVOID ObjectBody, IN BOOLEAN HasName, IN BOOLEAN QueryDosName, OUT POBJECT_NAME_INFORMATION ObjectNameInfo, IN ULONG Length, OUT PULONG ReturnLength, IN KPROCESSOR_MODE PreviousMode)
PDEVICE_OBJECT NTAPI IopGetDevicePDO(IN PDEVICE_OBJECT DeviceObject)
VOID NTAPI IoRemoveShareAccess(IN PFILE_OBJECT FileObject, IN PSHARE_ACCESS ShareAccess)
NTSTATUS IopCheckTopDeviceHint(IN OUT PDEVICE_OBJECT *DeviceObject, IN POPEN_PACKET OpenPacket, BOOLEAN DirectOpen)
NTSTATUS NTAPI IopGetSetSecurityObject(IN PVOID ObjectBody, IN SECURITY_OPERATION_CODE OperationCode, IN PSECURITY_INFORMATION SecurityInformation, IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN OUT PULONG BufferLength, IN OUT PSECURITY_DESCRIPTOR *OldSecurityDescriptor, IN POOL_TYPE PoolType, IN OUT PGENERIC_MAPPING GenericMapping)
NTSTATUS NTAPI IoCheckQuerySetFileInformation(IN FILE_INFORMATION_CLASS FileInformationClass, IN ULONG Length, IN BOOLEAN SetOperation)
VOID NTAPI IopCheckBackupRestorePrivilege(IN PACCESS_STATE AccessState, IN OUT PULONG CreateOptions, IN KPROCESSOR_MODE PreviousMode, IN ULONG Disposition)
NTSTATUS NTAPI IopParseFile(IN PVOID ParseObject, IN PVOID ObjectType, IN OUT PACCESS_STATE AccessState, IN KPROCESSOR_MODE AccessMode, IN ULONG Attributes, IN OUT PUNICODE_STRING CompleteName, IN OUT PUNICODE_STRING RemainingName, IN OUT PVOID Context OPTIONAL, IN PSECURITY_QUALITY_OF_SERVICE SecurityQos OPTIONAL, OUT PVOID *Object)
NTSTATUS NTAPI IoQueryFileDosDeviceName(IN PFILE_OBJECT FileObject, OUT POBJECT_NAME_INFORMATION *ObjectNameInformation)
VOID NTAPI IopDoNameTransmogrify(IN PIRP Irp, IN PFILE_OBJECT FileObject, IN PREPARSE_DATA_BUFFER DataBuffer)
PFILE_OBJECT NTAPI IoCreateStreamFileObjectEx(IN PFILE_OBJECT FileObject OPTIONAL, IN PDEVICE_OBJECT DeviceObject OPTIONAL, OUT PHANDLE FileObjectHandle OPTIONAL)
VOID NTAPI IopCloseFile(IN PEPROCESS Process OPTIONAL, IN PVOID ObjectBody, IN ACCESS_MASK GrantedAccess, IN ULONG HandleCount, IN ULONG SystemHandleCount)
NTSTATUS NTAPI NtCreateMailslotFile(OUT PHANDLE FileHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, OUT PIO_STATUS_BLOCK IoStatusBlock, IN ULONG CreateOptions, IN ULONG MailslotQuota, IN ULONG MaxMessageSize, IN PLARGE_INTEGER TimeOut)
NTSTATUS NTAPI NtFlushWriteBuffer(VOID)
PVOID NTAPI IoGetFileObjectFilterContext(IN PFILE_OBJECT FileObject)
NTSTATUS NTAPI IopQueryName(IN PVOID ObjectBody, IN BOOLEAN HasName, OUT POBJECT_NAME_INFORMATION ObjectNameInfo, IN ULONG Length, OUT PULONG ReturnLength, IN KPROCESSOR_MODE PreviousMode)
NTSTATUS NTAPI NtQueryFullAttributesFile(IN POBJECT_ATTRIBUTES ObjectAttributes, OUT PFILE_NETWORK_OPEN_INFORMATION FileInformation)
NTSTATUS NTAPI IopCreateFile(OUT PHANDLE FileHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, OUT PIO_STATUS_BLOCK IoStatusBlock, IN PLARGE_INTEGER AllocationSize OPTIONAL, IN ULONG FileAttributes, IN ULONG ShareAccess, IN ULONG Disposition, IN ULONG CreateOptions, IN PVOID EaBuffer OPTIONAL, IN ULONG EaLength, IN CREATE_FILE_TYPE CreateFileType, IN PVOID ExtraCreateParameters OPTIONAL, IN ULONG Options, IN ULONG Flags, IN PDEVICE_OBJECT DeviceObject OPTIONAL)
PGENERIC_MAPPING NTAPI IoGetFileObjectGenericMapping(VOID)
PFILE_OBJECT NTAPI IoCreateStreamFileObject(IN PFILE_OBJECT FileObject, IN PDEVICE_OBJECT DeviceObject)
NTSTATUS NTAPI NtDeleteFile(IN POBJECT_ATTRIBUTES ObjectAttributes)
NTSTATUS NTAPI IopCheckDeviceAndDriver(IN POPEN_PACKET OpenPacket, IN PDEVICE_OBJECT DeviceObject)
PDEVICE_OBJECT NTAPI IopGetDeviceAttachmentBase(IN PDEVICE_OBJECT DeviceObject)
PFILE_OBJECT NTAPI IoCreateStreamFileObjectLite(IN PFILE_OBJECT FileObject OPTIONAL, IN PDEVICE_OBJECT DeviceObject OPTIONAL)
BOOLEAN NTAPI IoIsFileOriginRemote(IN PFILE_OBJECT FileObject)
NTSTATUS NTAPI NtCreateNamedPipeFile(OUT PHANDLE FileHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, OUT PIO_STATUS_BLOCK IoStatusBlock, IN ULONG ShareAccess, IN ULONG CreateDisposition, IN ULONG CreateOptions, IN ULONG NamedPipeType, IN ULONG ReadMode, IN ULONG CompletionMode, IN ULONG MaximumInstances, IN ULONG InboundQuota, IN ULONG OutboundQuota, IN PLARGE_INTEGER DefaultTimeout)
VOID NTAPI IopDeleteFile(IN PVOID ObjectBody)
VOID NTAPI IoUpdateShareAccess(IN PFILE_OBJECT FileObject, OUT PSHARE_ACCESS ShareAccess)
NTSTATUS NTAPI IopParseDevice(IN PVOID ParseObject, IN PVOID ObjectType, IN OUT PACCESS_STATE AccessState, IN KPROCESSOR_MODE AccessMode, IN ULONG Attributes, IN OUT PUNICODE_STRING CompleteName, IN OUT PUNICODE_STRING RemainingName, IN OUT PVOID Context, IN PSECURITY_QUALITY_OF_SERVICE SecurityQos OPTIONAL, OUT PVOID *Object)
NTSTATUS NTAPI IopSetDeviceSecurityDescriptors(IN PDEVICE_OBJECT UpperDeviceObject, IN PDEVICE_OBJECT PhysicalDeviceObject, IN PSECURITY_INFORMATION SecurityInformation, IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN POOL_TYPE PoolType, IN PGENERIC_MAPPING GenericMapping)
NTSTATUS NTAPI NtOpenFile(OUT PHANDLE FileHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, OUT PIO_STATUS_BLOCK IoStatusBlock, IN ULONG ShareAccess, IN ULONG OpenOptions)
NTSTATUS NTAPI IoCreateFileSpecifyDeviceObjectHint(OUT PHANDLE FileHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, OUT PIO_STATUS_BLOCK IoStatusBlock, IN PLARGE_INTEGER AllocationSize OPTIONAL, IN ULONG FileAttributes, IN ULONG ShareAccess, IN ULONG Disposition, IN ULONG CreateOptions, IN PVOID EaBuffer OPTIONAL, IN ULONG EaLength, IN CREATE_FILE_TYPE CreateFileType, IN PVOID ExtraCreateParameters OPTIONAL, IN ULONG Options, IN PVOID DeviceObject)
PIRP NTAPI IoAllocateIrp(IN CCHAR StackSize, IN BOOLEAN ChargeQuota)
BOOLEAN NTAPI IoCancelIrp(IN PIRP Irp)
VOID NTAPI IoFreeIrp(IN PIRP Irp)
NTSTATUS NTAPI IoCheckEaBufferValidity(IN PFILE_FULL_EA_INFORMATION EaBuffer, IN ULONG EaLength, OUT PULONG ErrorOffset)
NTSTATUS NTAPI IoVolumeDeviceToDosName(IN PVOID VolumeDeviceObject, OUT PUNICODE_STRING DosName)
VOID NTAPI SeSetAccessStateGenericMapping(_In_ PACCESS_STATE AccessState, _In_ PGENERIC_MAPPING GenericMapping)
Sets a new generic mapping for an allocated access state.
VOID NTAPI SeOpenObjectAuditAlarm(_In_ PUNICODE_STRING ObjectTypeName, _In_opt_ PVOID Object, _In_opt_ PUNICODE_STRING AbsoluteObjectName, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ PACCESS_STATE AccessState, _In_ BOOLEAN ObjectCreated, _In_ BOOLEAN AccessGranted, _In_ KPROCESSOR_MODE AccessMode, _Out_ PBOOLEAN GenerateOnClose)
Creates an audit with alarm notification of an object that is being opened.
BOOLEAN NTAPI SePrivilegeCheck(_In_ PPRIVILEGE_SET Privileges, _In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, _In_ KPROCESSOR_MODE PreviousMode)
Checks if a set of privileges exist and match within a security subject context.
VOID NTAPI SeFreePrivileges(_In_ PPRIVILEGE_SET Privileges)
Frees a set of privileges.
NTSTATUS NTAPI SeAppendPrivileges(_Inout_ PACCESS_STATE AccessState, _In_ PPRIVILEGE_SET Privileges)
Appends additional privileges.
#define STATUS_INVALID_DEVICE_OBJECT_PARAMETER
#define STATUS_MOUNT_POINT_NOT_RESOLVED
#define STATUS_INVALID_PARAMETER_MIX
#define STATUS_ALREADY_COMMITTED
#define STATUS_IO_REPARSE_DATA_INVALID
#define STATUS_OBJECT_PATH_INVALID
#define STATUS_INVALID_INFO_CLASS
VOID NTAPI ObFreeObjectCreateInfoBuffer(IN POBJECT_CREATE_INFORMATION ObjectCreateInfo)
NTSTATUS NTAPI ObCloseHandle(IN HANDLE Handle, IN KPROCESSOR_MODE AccessMode)
NTSTATUS NTAPI ObInsertObject(IN PVOID Object, IN PACCESS_STATE AccessState OPTIONAL, IN ACCESS_MASK DesiredAccess, IN ULONG ObjectPointerBias, OUT PVOID *NewObject OPTIONAL, OUT PHANDLE Handle)
NTSTATUS NTAPI ObOpenObjectByName(IN POBJECT_ATTRIBUTES ObjectAttributes, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, IN PACCESS_STATE PassedAccessState, IN ACCESS_MASK DesiredAccess, IN OUT PVOID ParseContext, OUT PHANDLE Handle)
NTSTATUS NTAPI ObCreateObject(IN KPROCESSOR_MODE ProbeMode OPTIONAL, IN POBJECT_TYPE Type, IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN KPROCESSOR_MODE AccessMode, IN OUT PVOID ParseContext OPTIONAL, IN ULONG ObjectSize, IN ULONG PagedPoolCharge OPTIONAL, IN ULONG NonPagedPoolCharge OPTIONAL, OUT PVOID *Object)
NTSTATUS NTAPI ObQueryNameString(IN PVOID Object, OUT POBJECT_NAME_INFORMATION ObjectNameInfo, IN ULONG Length, OUT PULONG ReturnLength)
NTSTATUS NTAPI ObReferenceObjectByHandle(IN HANDLE Handle, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation OPTIONAL)
NTSTATUS NTAPI ObLogSecurityDescriptor(IN PSECURITY_DESCRIPTOR InputSecurityDescriptor, OUT PSECURITY_DESCRIPTOR *OutputSecurityDescriptor, IN ULONG RefBias)
VOID NTAPI ObDereferenceSecurityDescriptor(IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN ULONG Count)
VOID NTAPI ObReferenceSecurityDescriptor(IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN ULONG Count)
#define FILE_DEVICE_FILE_SYSTEM
#define FILE_DEVICE_DISK_FILE_SYSTEM
#define FILE_DEVICE_TAPE_FILE_SYSTEM
#define FILE_DEVICE_CD_ROM
#define FILE_DEVICE_CD_ROM_FILE_SYSTEM
#define FILE_DEVICE_NETWORK_FILE_SYSTEM
#define FILE_DEVICE_DFS_FILE_SYSTEM
#define FILE_DEVICE_VIRTUAL_DISK
#define _SEH2_GetExceptionCode()
#define _SEH2_EXCEPT(...)
#define _SEH2_YIELD(__stmt)
#define IRP_MJ_LOCK_CONTROL
VOID NTAPI KeBugCheckEx(_In_ ULONG BugCheckCode, _In_ ULONG_PTR BugCheckParameter1, _In_ ULONG_PTR BugCheckParameter2, _In_ ULONG_PTR BugCheckParameter3, _In_ ULONG_PTR BugCheckParameter4)
#define ProbeForWriteHandle(Ptr)
#define ProbeForWriteIoStatusBlock(Ptr)
#define ProbeForReadLargeInteger(Ptr)
#define STATUS_BUFFER_TOO_SMALL
#define STATUS_BUFFER_OVERFLOW
struct _REPARSE_DATA_BUFFER * PREPARSE_DATA_BUFFER
PULONG MinorVersion OPTIONAL
OBJECT_HEADER ObjectHeader
PDEVICE_OBJECT TopDeviceObjectHint
PACCESS_STATE AccessState
PSECURITY_QUALITY_OF_SERVICE SecurityQos
ACCESS_MASK DesiredAccess
struct _IO_STACK_LOCATION::@3974::@3992 QuerySecurity
struct _IO_STACK_LOCATION::@3974::@3976 CreatePipe
struct _IO_STACK_LOCATION::@3974::@3977 CreateMailslot
struct _IO_STACK_LOCATION::@3974::@3993 SetSecurity
struct _IO_STACK_LOCATION::@3974::@3975 Create
union _IO_STACK_LOCATION::@1575 Parameters
struct _LIST_ENTRY * Flink
GENERIC_MAPPING GenericMapping
OBJECT_TYPE_INITIALIZER TypeInfo
LARGE_INTEGER AllocationSize
PFILE_BASIC_INFORMATION BasicInformation
PVOID ExtraCreateParameters
PFILE_NETWORK_OPEN_INFORMATION NetworkInformation
CREATE_FILE_TYPE CreateFileType
PDUMMY_FILE_OBJECT LocalFileObject
PDEVICE_OBJECT TopDeviceObjectHint
BOOLEAN TraversedMountPoint
PFILE_OBJECT RelatedFileObject
VOID NTAPI SeLockSubjectContext(_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext)
Locks both the referenced primary and client access tokens of a security subject context.
VOID NTAPI SeUnlockSubjectContext(_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext)
Unlocks both the referenced primary and client access tokens of a security subject context.
#define FIELD_OFFSET(t, f)
#define RtlCopyMemory(Destination, Source, Length)
#define RtlZeroMemory(Destination, Length)
#define RtlMoveMemory(Destination, Source, Length)
#define CONTAINING_RECORD(address, type, field)
#define STATUS_INVALID_DEVICE_REQUEST
#define STATUS_ACCESS_DENIED
#define STATUS_INVALID_PARAMETER
#define STATUS_NO_SUCH_DEVICE
#define STATUS_UNSUCCESSFUL
#define STATUS_INFO_LENGTH_MISMATCH
#define STATUS_SHARING_VIOLATION
#define STATUS_INSUFFICIENT_RESOURCES
#define NT_WARNING(Status)
_Must_inspect_result_ _In_ WDFCOLLECTION _In_ WDFOBJECT Object
_Must_inspect_result_ _In_ WDFDMAENABLER _In_ _In_opt_ PWDF_OBJECT_ATTRIBUTES Attributes
_In_ PDEVICE_OBJECT DeviceObject
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ _Strict_type_match_ POOL_TYPE PoolType
_In_ WDFREQUEST _In_ WDFFILEOBJECT FileObject
_In_ PWDFDEVICE_INIT _In_ PWDF_REMOVE_LOCK_OPTIONS Options
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ ULONG BufferLength
_Must_inspect_result_ _In_opt_ WDFKEY _In_ PCUNICODE_STRING _In_ ACCESS_MASK _In_ ULONG _Out_opt_ PULONG CreateDisposition
_Must_inspect_result_ _In_opt_ WDFKEY _In_ PCUNICODE_STRING _In_ ACCESS_MASK _In_ ULONG CreateOptions
_In_ WDFREQUEST _In_ PIO_STACK_LOCATION Stack
_In_ ULONG _Out_opt_ PULONG RequiredLength
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
_Must_inspect_result_ _In_ ULONG Flags
__drv_aliasesMem FORCEINLINE PIO_STACK_LOCATION IoGetNextIrpStackLocation(_In_ PIRP Irp)
_In_ ACCESS_MASK _In_ POBJECT_ATTRIBUTES _Out_ PIO_STATUS_BLOCK _In_opt_ PLARGE_INTEGER _In_ ULONG _In_ ULONG _In_ ULONG _In_ ULONG _In_opt_ PVOID EaBuffer
_In_opt_ PDEVICE_OBJECT _Out_opt_ PHANDLE FileObjectHandle
_In_ ULONG DesiredShareAccess
_In_ ACCESS_MASK _In_ POBJECT_ATTRIBUTES _Out_ PIO_STATUS_BLOCK _In_opt_ PLARGE_INTEGER _In_ ULONG _In_ ULONG _In_ ULONG _In_ ULONG _In_opt_ PVOID _In_ ULONG _In_ CREATE_FILE_TYPE CreateFileType
#define IRP_MN_UNLOCK_ALL
#define FO_FILE_OPEN_CANCELLED
#define IRP_DEALLOCATE_BUFFER
#define FO_SEQUENTIAL_ONLY
#define IRP_CLOSE_OPERATION
#define IRP_SYNCHRONOUS_API
#define IO_FORCE_ACCESS_CHECK
#define IRP_MJ_CREATE_NAMED_PIPE
#define IRP_MJ_CREATE_MAILSLOT
#define IO_NO_PARAMETER_CHECKING
#define IO_CHECK_CREATE_PARAMETERS
#define DO_BUS_ENUMERATED_DEVICE
#define FO_OPENED_CASE_SENSITIVE
#define FO_HANDLE_CREATED
#define IRP_CREATE_OPERATION
#define IRP_MJ_QUERY_SECURITY
#define IRP_DEFER_IO_COMPLETION
#define FO_DIRECT_DEVICE_OPEN
#define MAXIMUM_REPARSE_DATA_BUFFER_SIZE
#define FO_NO_INTERMEDIATE_BUFFERING
@ CreateFileTypeNamedPipe
#define IO_REPARSE_TAG_MOUNT_POINT
#define FO_SYNCHRONOUS_IO
enum _CREATE_FILE_TYPE CREATE_FILE_TYPE
#define IO_TYPE_OPEN_PACKET
#define IRP_MJ_SET_SECURITY
#define SL_CASE_SENSITIVE
_Requires_lock_held_ Interrupt _Releases_lock_ Interrupt _In_ _IRQL_restores_ KIRQL OldIrql
@ LockQueueIoDatabaseLock
_In_ PEPROCESS _In_ KPROCESSOR_MODE AccessMode
#define ObDereferenceObject
#define ObReferenceObject
#define PsGetCurrentProcess
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET * Privileges
NTKERNELAPI NTSTATUS NTAPI SeSetSecurityDescriptorInfo(_In_opt_ PVOID Object, _In_ PSECURITY_INFORMATION SecurityInformation, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _Inout_ PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor, _In_ POOL_TYPE PoolType, _In_ PGENERIC_MAPPING GenericMapping)
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE _In_ BOOLEAN _In_ BOOLEAN AccessGranted
NTKERNELAPI NTSTATUS NTAPI SeQuerySecurityDescriptorInfo(_In_ PSECURITY_INFORMATION SecurityInformation, _Out_writes_bytes_(*Length) PSECURITY_DESCRIPTOR SecurityDescriptor, _Inout_ PULONG Length, _Inout_ PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor)
_In_ KPROCESSOR_MODE PreviousMode
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE AccessState
_In_ PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK GrantedAccess
#define TOKEN_HAS_TRAVERSE_PRIVILEGE
#define TOKEN_HAS_BACKUP_PRIVILEGE
#define TOKEN_HAS_RESTORE_PRIVILEGE
#define TOKEN_IS_RESTRICTED
#define PRIVILEGE_SET_ALL_NECESSARY
#define SE_BACKUP_PRIVILEGES_CHECKED