master
1/*
2 * ntifs.h
3 *
4 * Windows NT Filesystem Driver Developer Kit
5 *
6 * This file is part of the ReactOS DDK package.
7 *
8 * Contributors:
9 * Amine Khaldi
10 * Timo Kreuzer (timo.kreuzer@reactos.org)
11 *
12 * THIS SOFTWARE IS NOT COPYRIGHTED
13 *
14 * This source code is offered for use in the public domain. You may
15 * use, modify or distribute it freely.
16 *
17 * This code is distributed in the hope that it will be useful but
18 * WITHOUT ANY WARRANTY. ALL WARRANTIES, EXPRESS OR IMPLIED ARE HEREBY
19 * DISCLAIMED. This includes but is not limited to warranties of
20 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
21 *
22 */
23
24#pragma once
25
26#define _NTIFS_INCLUDED_
27#define _GNU_NTIFS_
28
29#ifdef __cplusplus
30extern "C" {
31#endif
32
33/* Dependencies */
34#include <ntddk.h>
35#include <excpt.h>
36#include <ntdef.h>
37#include <ntnls.h>
38#include <ntstatus.h>
39#include <bugcodes.h>
40#include <ntiologc.h>
41
42
43#ifndef FlagOn
44#define FlagOn(_F,_SF) ((_F) & (_SF))
45#endif
46
47#ifndef BooleanFlagOn
48#define BooleanFlagOn(F,SF) ((BOOLEAN)(((F) & (SF)) != 0))
49#endif
50
51#ifndef SetFlag
52#define SetFlag(_F,_SF) ((_F) |= (_SF))
53#endif
54
55#ifndef ClearFlag
56#define ClearFlag(_F,_SF) ((_F) &= ~(_SF))
57#endif
58
59typedef UNICODE_STRING LSA_UNICODE_STRING, *PLSA_UNICODE_STRING;
60typedef STRING LSA_STRING, *PLSA_STRING;
61typedef OBJECT_ATTRIBUTES LSA_OBJECT_ATTRIBUTES, *PLSA_OBJECT_ATTRIBUTES;
62
63/******************************************************************************
64 * Security Manager Types *
65 ******************************************************************************/
66#ifndef SID_IDENTIFIER_AUTHORITY_DEFINED
67#define SID_IDENTIFIER_AUTHORITY_DEFINED
68typedef struct _SID_IDENTIFIER_AUTHORITY {
69 UCHAR Value[6];
70} SID_IDENTIFIER_AUTHORITY,*PSID_IDENTIFIER_AUTHORITY,*LPSID_IDENTIFIER_AUTHORITY;
71#endif
72
73#ifndef SID_DEFINED
74#define SID_DEFINED
75typedef struct _SID {
76 UCHAR Revision;
77 UCHAR SubAuthorityCount;
78 SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
79 ULONG SubAuthority[ANYSIZE_ARRAY];
80} SID, *PISID;
81#endif
82
83#define SID_REVISION 1
84#define SID_MAX_SUB_AUTHORITIES 15
85#define SID_RECOMMENDED_SUB_AUTHORITIES 1
86
87typedef enum _SID_NAME_USE {
88 SidTypeUser = 1,
89 SidTypeGroup,
90 SidTypeDomain,
91 SidTypeAlias,
92 SidTypeWellKnownGroup,
93 SidTypeDeletedAccount,
94 SidTypeInvalid,
95 SidTypeUnknown,
96 SidTypeComputer,
97 SidTypeLabel,
98 SidTypeLogonSession
99} SID_NAME_USE, *PSID_NAME_USE;
100
101typedef struct _SID_AND_ATTRIBUTES {
102 PSID Sid;
103 ULONG Attributes;
104} SID_AND_ATTRIBUTES, *PSID_AND_ATTRIBUTES;
105typedef SID_AND_ATTRIBUTES SID_AND_ATTRIBUTES_ARRAY[ANYSIZE_ARRAY];
106typedef SID_AND_ATTRIBUTES_ARRAY *PSID_AND_ATTRIBUTES_ARRAY;
107
108#define SID_HASH_SIZE 32
109typedef ULONG_PTR SID_HASH_ENTRY, *PSID_HASH_ENTRY;
110
111typedef struct _SID_AND_ATTRIBUTES_HASH {
112 ULONG SidCount;
113 PSID_AND_ATTRIBUTES SidAttr;
114 SID_HASH_ENTRY Hash[SID_HASH_SIZE];
115} SID_AND_ATTRIBUTES_HASH, *PSID_AND_ATTRIBUTES_HASH;
116
117/* Universal well-known SIDs */
118
119#define SECURITY_NULL_SID_AUTHORITY {0,0,0,0,0,0}
120#define SECURITY_WORLD_SID_AUTHORITY {0,0,0,0,0,1}
121#define SECURITY_LOCAL_SID_AUTHORITY {0,0,0,0,0,2}
122#define SECURITY_CREATOR_SID_AUTHORITY {0,0,0,0,0,3}
123#define SECURITY_NON_UNIQUE_AUTHORITY {0,0,0,0,0,4}
124#define SECURITY_RESOURCE_MANAGER_AUTHORITY {0,0,0,0,0,9}
125
126#define SECURITY_NULL_RID (0x00000000L)
127#define SECURITY_WORLD_RID (0x00000000L)
128#define SECURITY_LOCAL_RID (0x00000000L)
129#define SECURITY_LOCAL_LOGON_RID (0x00000001L)
130
131#define SECURITY_CREATOR_OWNER_RID (0x00000000L)
132#define SECURITY_CREATOR_GROUP_RID (0x00000001L)
133#define SECURITY_CREATOR_OWNER_SERVER_RID (0x00000002L)
134#define SECURITY_CREATOR_GROUP_SERVER_RID (0x00000003L)
135#define SECURITY_CREATOR_OWNER_RIGHTS_RID (0x00000004L)
136
137/* NT well-known SIDs */
138
139#define SECURITY_NT_AUTHORITY {0,0,0,0,0,5}
140
141#define SECURITY_DIALUP_RID (0x00000001L)
142#define SECURITY_NETWORK_RID (0x00000002L)
143#define SECURITY_BATCH_RID (0x00000003L)
144#define SECURITY_INTERACTIVE_RID (0x00000004L)
145#define SECURITY_LOGON_IDS_RID (0x00000005L)
146#define SECURITY_LOGON_IDS_RID_COUNT (3L)
147#define SECURITY_SERVICE_RID (0x00000006L)
148#define SECURITY_ANONYMOUS_LOGON_RID (0x00000007L)
149#define SECURITY_PROXY_RID (0x00000008L)
150#define SECURITY_ENTERPRISE_CONTROLLERS_RID (0x00000009L)
151#define SECURITY_SERVER_LOGON_RID SECURITY_ENTERPRISE_CONTROLLERS_RID
152#define SECURITY_PRINCIPAL_SELF_RID (0x0000000AL)
153#define SECURITY_AUTHENTICATED_USER_RID (0x0000000BL)
154#define SECURITY_RESTRICTED_CODE_RID (0x0000000CL)
155#define SECURITY_TERMINAL_SERVER_RID (0x0000000DL)
156#define SECURITY_REMOTE_LOGON_RID (0x0000000EL)
157#define SECURITY_THIS_ORGANIZATION_RID (0x0000000FL)
158#define SECURITY_IUSER_RID (0x00000011L)
159#define SECURITY_LOCAL_SYSTEM_RID (0x00000012L)
160#define SECURITY_LOCAL_SERVICE_RID (0x00000013L)
161#define SECURITY_NETWORK_SERVICE_RID (0x00000014L)
162#define SECURITY_NT_NON_UNIQUE (0x00000015L)
163#define SECURITY_NT_NON_UNIQUE_SUB_AUTH_COUNT (3L)
164#define SECURITY_ENTERPRISE_READONLY_CONTROLLERS_RID (0x00000016L)
165
166#define SECURITY_BUILTIN_DOMAIN_RID (0x00000020L)
167#define SECURITY_WRITE_RESTRICTED_CODE_RID (0x00000021L)
168
169
170#define SECURITY_PACKAGE_BASE_RID (0x00000040L)
171#define SECURITY_PACKAGE_RID_COUNT (2L)
172#define SECURITY_PACKAGE_NTLM_RID (0x0000000AL)
173#define SECURITY_PACKAGE_SCHANNEL_RID (0x0000000EL)
174#define SECURITY_PACKAGE_DIGEST_RID (0x00000015L)
175
176#define SECURITY_CRED_TYPE_BASE_RID (0x00000041L)
177#define SECURITY_CRED_TYPE_RID_COUNT (2L)
178#define SECURITY_CRED_TYPE_THIS_ORG_CERT_RID (0x00000001L)
179
180#define SECURITY_MIN_BASE_RID (0x00000050L)
181#define SECURITY_SERVICE_ID_BASE_RID (0x00000050L)
182#define SECURITY_SERVICE_ID_RID_COUNT (6L)
183#define SECURITY_RESERVED_ID_BASE_RID (0x00000051L)
184#define SECURITY_APPPOOL_ID_BASE_RID (0x00000052L)
185#define SECURITY_APPPOOL_ID_RID_COUNT (6L)
186#define SECURITY_VIRTUALSERVER_ID_BASE_RID (0x00000053L)
187#define SECURITY_VIRTUALSERVER_ID_RID_COUNT (6L)
188#define SECURITY_USERMODEDRIVERHOST_ID_BASE_RID (0x00000054L)
189#define SECURITY_USERMODEDRIVERHOST_ID_RID_COUNT (6L)
190#define SECURITY_CLOUD_INFRASTRUCTURE_SERVICES_ID_BASE_RID (0x00000055L)
191#define SECURITY_CLOUD_INFRASTRUCTURE_SERVICES_ID_RID_COUNT (6L)
192#define SECURITY_WMIHOST_ID_BASE_RID (0x00000056L)
193#define SECURITY_WMIHOST_ID_RID_COUNT (6L)
194#define SECURITY_TASK_ID_BASE_RID (0x00000057L)
195#define SECURITY_NFS_ID_BASE_RID (0x00000058L)
196#define SECURITY_COM_ID_BASE_RID (0x00000059L)
197#define SECURITY_VIRTUALACCOUNT_ID_RID_COUNT (6L)
198
199#define SECURITY_MAX_BASE_RID (0x0000006FL)
200
201#define SECURITY_MAX_ALWAYS_FILTERED (0x000003E7L)
202#define SECURITY_MIN_NEVER_FILTERED (0x000003E8L)
203
204#define SECURITY_OTHER_ORGANIZATION_RID (0x000003E8L)
205
206#define SECURITY_WINDOWSMOBILE_ID_BASE_RID (0x00000070L)
207
208/* Well-known domain relative sub-authority values (RIDs) */
209
210#define DOMAIN_GROUP_RID_ENTERPRISE_READONLY_DOMAIN_CONTROLLERS (0x000001F2L)
211
212#define FOREST_USER_RID_MAX (0x000001F3L)
213
214/* Well-known users */
215
216#define DOMAIN_USER_RID_ADMIN (0x000001F4L)
217#define DOMAIN_USER_RID_GUEST (0x000001F5L)
218#define DOMAIN_USER_RID_KRBTGT (0x000001F6L)
219
220#define DOMAIN_USER_RID_MAX (0x000003E7L)
221
222/* Well-known groups */
223
224#define DOMAIN_GROUP_RID_ADMINS (0x00000200L)
225#define DOMAIN_GROUP_RID_USERS (0x00000201L)
226#define DOMAIN_GROUP_RID_GUESTS (0x00000202L)
227#define DOMAIN_GROUP_RID_COMPUTERS (0x00000203L)
228#define DOMAIN_GROUP_RID_CONTROLLERS (0x00000204L)
229#define DOMAIN_GROUP_RID_CERT_ADMINS (0x00000205L)
230#define DOMAIN_GROUP_RID_SCHEMA_ADMINS (0x00000206L)
231#define DOMAIN_GROUP_RID_ENTERPRISE_ADMINS (0x00000207L)
232#define DOMAIN_GROUP_RID_POLICY_ADMINS (0x00000208L)
233#define DOMAIN_GROUP_RID_READONLY_CONTROLLERS (0x00000209L)
234
235/* Well-known aliases */
236
237#define DOMAIN_ALIAS_RID_ADMINS (0x00000220L)
238#define DOMAIN_ALIAS_RID_USERS (0x00000221L)
239#define DOMAIN_ALIAS_RID_GUESTS (0x00000222L)
240#define DOMAIN_ALIAS_RID_POWER_USERS (0x00000223L)
241
242#define DOMAIN_ALIAS_RID_ACCOUNT_OPS (0x00000224L)
243#define DOMAIN_ALIAS_RID_SYSTEM_OPS (0x00000225L)
244#define DOMAIN_ALIAS_RID_PRINT_OPS (0x00000226L)
245#define DOMAIN_ALIAS_RID_BACKUP_OPS (0x00000227L)
246
247#define DOMAIN_ALIAS_RID_REPLICATOR (0x00000228L)
248#define DOMAIN_ALIAS_RID_RAS_SERVERS (0x00000229L)
249#define DOMAIN_ALIAS_RID_PREW2KCOMPACCESS (0x0000022AL)
250#define DOMAIN_ALIAS_RID_REMOTE_DESKTOP_USERS (0x0000022BL)
251#define DOMAIN_ALIAS_RID_NETWORK_CONFIGURATION_OPS (0x0000022CL)
252#define DOMAIN_ALIAS_RID_INCOMING_FOREST_TRUST_BUILDERS (0x0000022DL)
253
254#define DOMAIN_ALIAS_RID_MONITORING_USERS (0x0000022EL)
255#define DOMAIN_ALIAS_RID_LOGGING_USERS (0x0000022FL)
256#define DOMAIN_ALIAS_RID_AUTHORIZATIONACCESS (0x00000230L)
257#define DOMAIN_ALIAS_RID_TS_LICENSE_SERVERS (0x00000231L)
258#define DOMAIN_ALIAS_RID_DCOM_USERS (0x00000232L)
259#define DOMAIN_ALIAS_RID_IUSERS (0x00000238L)
260#define DOMAIN_ALIAS_RID_CRYPTO_OPERATORS (0x00000239L)
261#define DOMAIN_ALIAS_RID_CACHEABLE_PRINCIPALS_GROUP (0x0000023BL)
262#define DOMAIN_ALIAS_RID_NON_CACHEABLE_PRINCIPALS_GROUP (0x0000023CL)
263#define DOMAIN_ALIAS_RID_EVENT_LOG_READERS_GROUP (0x0000023DL)
264#define DOMAIN_ALIAS_RID_CERTSVC_DCOM_ACCESS_GROUP (0x0000023EL)
265
266#define SECURITY_MANDATORY_LABEL_AUTHORITY {0,0,0,0,0,16}
267#define SECURITY_MANDATORY_UNTRUSTED_RID (0x00000000L)
268#define SECURITY_MANDATORY_LOW_RID (0x00001000L)
269#define SECURITY_MANDATORY_MEDIUM_RID (0x00002000L)
270#define SECURITY_MANDATORY_HIGH_RID (0x00003000L)
271#define SECURITY_MANDATORY_SYSTEM_RID (0x00004000L)
272#define SECURITY_MANDATORY_PROTECTED_PROCESS_RID (0x00005000L)
273
274/* SECURITY_MANDATORY_MAXIMUM_USER_RID is the highest RID that
275 can be set by a usermode caller.*/
276
277#define SECURITY_MANDATORY_MAXIMUM_USER_RID SECURITY_MANDATORY_SYSTEM_RID
278
279#define MANDATORY_LEVEL_TO_MANDATORY_RID(IL) (IL * 0x1000)
280
281/* Allocate the System Luid. The first 1000 LUIDs are reserved.
282 Use #999 here (0x3e7 = 999) */
283
284#define SYSTEM_LUID {0x3e7, 0x0}
285#define ANONYMOUS_LOGON_LUID {0x3e6, 0x0}
286#define LOCALSERVICE_LUID {0x3e5, 0x0}
287#define NETWORKSERVICE_LUID {0x3e4, 0x0}
288#define IUSER_LUID {0x3e3, 0x0}
289
290typedef struct _ACE_HEADER {
291 UCHAR AceType;
292 UCHAR AceFlags;
293 USHORT AceSize;
294} ACE_HEADER, *PACE_HEADER;
295
296/* also in winnt.h */
297#define ACCESS_MIN_MS_ACE_TYPE (0x0)
298#define ACCESS_ALLOWED_ACE_TYPE (0x0)
299#define ACCESS_DENIED_ACE_TYPE (0x1)
300#define SYSTEM_AUDIT_ACE_TYPE (0x2)
301#define SYSTEM_ALARM_ACE_TYPE (0x3)
302#define ACCESS_MAX_MS_V2_ACE_TYPE (0x3)
303#define ACCESS_ALLOWED_COMPOUND_ACE_TYPE (0x4)
304#define ACCESS_MAX_MS_V3_ACE_TYPE (0x4)
305#define ACCESS_MIN_MS_OBJECT_ACE_TYPE (0x5)
306#define ACCESS_ALLOWED_OBJECT_ACE_TYPE (0x5)
307#define ACCESS_DENIED_OBJECT_ACE_TYPE (0x6)
308#define SYSTEM_AUDIT_OBJECT_ACE_TYPE (0x7)
309#define SYSTEM_ALARM_OBJECT_ACE_TYPE (0x8)
310#define ACCESS_MAX_MS_OBJECT_ACE_TYPE (0x8)
311#define ACCESS_MAX_MS_V4_ACE_TYPE (0x8)
312#define ACCESS_MAX_MS_ACE_TYPE (0x8)
313#define ACCESS_ALLOWED_CALLBACK_ACE_TYPE (0x9)
314#define ACCESS_DENIED_CALLBACK_ACE_TYPE (0xA)
315#define ACCESS_ALLOWED_CALLBACK_OBJECT_ACE_TYPE (0xB)
316#define ACCESS_DENIED_CALLBACK_OBJECT_ACE_TYPE (0xC)
317#define SYSTEM_AUDIT_CALLBACK_ACE_TYPE (0xD)
318#define SYSTEM_ALARM_CALLBACK_ACE_TYPE (0xE)
319#define SYSTEM_AUDIT_CALLBACK_OBJECT_ACE_TYPE (0xF)
320#define SYSTEM_ALARM_CALLBACK_OBJECT_ACE_TYPE (0x10)
321#define ACCESS_MAX_MS_V5_ACE_TYPE (0x11)
322#define SYSTEM_MANDATORY_LABEL_ACE_TYPE (0x11)
323
324/* The following are the inherit flags that go into the AceFlags field
325 of an Ace header. */
326
327#define OBJECT_INHERIT_ACE (0x1)
328#define CONTAINER_INHERIT_ACE (0x2)
329#define NO_PROPAGATE_INHERIT_ACE (0x4)
330#define INHERIT_ONLY_ACE (0x8)
331#define INHERITED_ACE (0x10)
332#define VALID_INHERIT_FLAGS (0x1F)
333
334#define SUCCESSFUL_ACCESS_ACE_FLAG (0x40)
335#define FAILED_ACCESS_ACE_FLAG (0x80)
336
337typedef struct _ACCESS_ALLOWED_ACE {
338 ACE_HEADER Header;
339 ACCESS_MASK Mask;
340 ULONG SidStart;
341} ACCESS_ALLOWED_ACE, *PACCESS_ALLOWED_ACE;
342
343typedef struct _ACCESS_DENIED_ACE {
344 ACE_HEADER Header;
345 ACCESS_MASK Mask;
346 ULONG SidStart;
347} ACCESS_DENIED_ACE, *PACCESS_DENIED_ACE;
348
349typedef struct _SYSTEM_AUDIT_ACE {
350 ACE_HEADER Header;
351 ACCESS_MASK Mask;
352 ULONG SidStart;
353} SYSTEM_AUDIT_ACE, *PSYSTEM_AUDIT_ACE;
354
355typedef struct _SYSTEM_ALARM_ACE {
356 ACE_HEADER Header;
357 ACCESS_MASK Mask;
358 ULONG SidStart;
359} SYSTEM_ALARM_ACE, *PSYSTEM_ALARM_ACE;
360
361typedef struct _SYSTEM_MANDATORY_LABEL_ACE {
362 ACE_HEADER Header;
363 ACCESS_MASK Mask;
364 ULONG SidStart;
365} SYSTEM_MANDATORY_LABEL_ACE, *PSYSTEM_MANDATORY_LABEL_ACE;
366
367#define SYSTEM_MANDATORY_LABEL_NO_WRITE_UP 0x1
368#define SYSTEM_MANDATORY_LABEL_NO_READ_UP 0x2
369#define SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP 0x4
370#define SYSTEM_MANDATORY_LABEL_VALID_MASK (SYSTEM_MANDATORY_LABEL_NO_WRITE_UP | \
371 SYSTEM_MANDATORY_LABEL_NO_READ_UP | \
372 SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP)
373
374#define SECURITY_DESCRIPTOR_MIN_LENGTH (sizeof(SECURITY_DESCRIPTOR))
375
376typedef USHORT SECURITY_DESCRIPTOR_CONTROL,*PSECURITY_DESCRIPTOR_CONTROL;
377
378#define SE_OWNER_DEFAULTED 0x0001
379#define SE_GROUP_DEFAULTED 0x0002
380#define SE_DACL_PRESENT 0x0004
381#define SE_DACL_DEFAULTED 0x0008
382#define SE_SACL_PRESENT 0x0010
383#define SE_SACL_DEFAULTED 0x0020
384#define SE_DACL_UNTRUSTED 0x0040
385#define SE_SERVER_SECURITY 0x0080
386#define SE_DACL_AUTO_INHERIT_REQ 0x0100
387#define SE_SACL_AUTO_INHERIT_REQ 0x0200
388#define SE_DACL_AUTO_INHERITED 0x0400
389#define SE_SACL_AUTO_INHERITED 0x0800
390#define SE_DACL_PROTECTED 0x1000
391#define SE_SACL_PROTECTED 0x2000
392#define SE_RM_CONTROL_VALID 0x4000
393#define SE_SELF_RELATIVE 0x8000
394
395typedef struct _SECURITY_DESCRIPTOR_RELATIVE {
396 UCHAR Revision;
397 UCHAR Sbz1;
398 SECURITY_DESCRIPTOR_CONTROL Control;
399 ULONG Owner;
400 ULONG Group;
401 ULONG Sacl;
402 ULONG Dacl;
403} SECURITY_DESCRIPTOR_RELATIVE, *PISECURITY_DESCRIPTOR_RELATIVE;
404
405typedef struct _SECURITY_DESCRIPTOR {
406 UCHAR Revision;
407 UCHAR Sbz1;
408 SECURITY_DESCRIPTOR_CONTROL Control;
409 PSID Owner;
410 PSID Group;
411 PACL Sacl;
412 PACL Dacl;
413} SECURITY_DESCRIPTOR, *PISECURITY_DESCRIPTOR;
414
415typedef struct _OBJECT_TYPE_LIST {
416 USHORT Level;
417 USHORT Sbz;
418 GUID *ObjectType;
419} OBJECT_TYPE_LIST, *POBJECT_TYPE_LIST;
420
421#define ACCESS_OBJECT_GUID 0
422#define ACCESS_PROPERTY_SET_GUID 1
423#define ACCESS_PROPERTY_GUID 2
424#define ACCESS_MAX_LEVEL 4
425
426typedef enum _AUDIT_EVENT_TYPE {
427 AuditEventObjectAccess,
428 AuditEventDirectoryServiceAccess
429} AUDIT_EVENT_TYPE, *PAUDIT_EVENT_TYPE;
430
431#define AUDIT_ALLOW_NO_PRIVILEGE 0x1
432
433#define ACCESS_DS_SOURCE_A "DS"
434#define ACCESS_DS_SOURCE_W L"DS"
435#define ACCESS_DS_OBJECT_TYPE_NAME_A "Directory Service Object"
436#define ACCESS_DS_OBJECT_TYPE_NAME_W L"Directory Service Object"
437
438#define ACCESS_REASON_TYPE_MASK 0xffff0000
439#define ACCESS_REASON_DATA_MASK 0x0000ffff
440
441typedef enum _ACCESS_REASON_TYPE {
442 AccessReasonNone = 0x00000000,
443 AccessReasonAllowedAce = 0x00010000,
444 AccessReasonDeniedAce = 0x00020000,
445 AccessReasonAllowedParentAce = 0x00030000,
446 AccessReasonDeniedParentAce = 0x00040000,
447 AccessReasonMissingPrivilege = 0x00100000,
448 AccessReasonFromPrivilege = 0x00200000,
449 AccessReasonIntegrityLevel = 0x00300000,
450 AccessReasonOwnership = 0x00400000,
451 AccessReasonNullDacl = 0x00500000,
452 AccessReasonEmptyDacl = 0x00600000,
453 AccessReasonNoSD = 0x00700000,
454 AccessReasonNoGrant = 0x00800000
455} ACCESS_REASON_TYPE;
456
457typedef ULONG ACCESS_REASON;
458
459typedef struct _ACCESS_REASONS {
460 ACCESS_REASON Data[32];
461} ACCESS_REASONS, *PACCESS_REASONS;
462
463#define SE_SECURITY_DESCRIPTOR_FLAG_NO_OWNER_ACE 0x00000001
464#define SE_SECURITY_DESCRIPTOR_FLAG_NO_LABEL_ACE 0x00000002
465#define SE_SECURITY_DESCRIPTOR_VALID_FLAGS 0x00000003
466
467typedef struct _SE_SECURITY_DESCRIPTOR {
468 ULONG Size;
469 ULONG Flags;
470 PSECURITY_DESCRIPTOR SecurityDescriptor;
471} SE_SECURITY_DESCRIPTOR, *PSE_SECURITY_DESCRIPTOR;
472
473typedef struct _SE_ACCESS_REQUEST {
474 ULONG Size;
475 PSE_SECURITY_DESCRIPTOR SeSecurityDescriptor;
476 ACCESS_MASK DesiredAccess;
477 ACCESS_MASK PreviouslyGrantedAccess;
478 PSID PrincipalSelfSid;
479 PGENERIC_MAPPING GenericMapping;
480 ULONG ObjectTypeListCount;
481 POBJECT_TYPE_LIST ObjectTypeList;
482} SE_ACCESS_REQUEST, *PSE_ACCESS_REQUEST;
483
484typedef struct _SE_ACCESS_REPLY {
485 ULONG Size;
486 ULONG ResultListCount;
487 PACCESS_MASK GrantedAccess;
488 PNTSTATUS AccessStatus;
489 PACCESS_REASONS AccessReason;
490 PPRIVILEGE_SET* Privileges;
491} SE_ACCESS_REPLY, *PSE_ACCESS_REPLY;
492
493typedef enum _SE_AUDIT_OPERATION {
494 AuditPrivilegeObject,
495 AuditPrivilegeService,
496 AuditAccessCheck,
497 AuditOpenObject,
498 AuditOpenObjectWithTransaction,
499 AuditCloseObject,
500 AuditDeleteObject,
501 AuditOpenObjectForDelete,
502 AuditOpenObjectForDeleteWithTransaction,
503 AuditCloseNonObject,
504 AuditOpenNonObject,
505 AuditObjectReference,
506 AuditHandleCreation,
507} SE_AUDIT_OPERATION, *PSE_AUDIT_OPERATION;
508
509typedef struct _SE_AUDIT_INFO {
510 ULONG Size;
511 AUDIT_EVENT_TYPE AuditType;
512 SE_AUDIT_OPERATION AuditOperation;
513 ULONG AuditFlags;
514 UNICODE_STRING SubsystemName;
515 UNICODE_STRING ObjectTypeName;
516 UNICODE_STRING ObjectName;
517 PVOID HandleId;
518 GUID* TransactionId;
519 LUID* OperationId;
520 BOOLEAN ObjectCreation;
521 BOOLEAN GenerateOnClose;
522} SE_AUDIT_INFO, *PSE_AUDIT_INFO;
523
524#define TOKEN_ASSIGN_PRIMARY (0x0001)
525#define TOKEN_DUPLICATE (0x0002)
526#define TOKEN_IMPERSONATE (0x0004)
527#define TOKEN_QUERY (0x0008)
528#define TOKEN_QUERY_SOURCE (0x0010)
529#define TOKEN_ADJUST_PRIVILEGES (0x0020)
530#define TOKEN_ADJUST_GROUPS (0x0040)
531#define TOKEN_ADJUST_DEFAULT (0x0080)
532#define TOKEN_ADJUST_SESSIONID (0x0100)
533
534#define TOKEN_ALL_ACCESS_P (STANDARD_RIGHTS_REQUIRED |\
535 TOKEN_ASSIGN_PRIMARY |\
536 TOKEN_DUPLICATE |\
537 TOKEN_IMPERSONATE |\
538 TOKEN_QUERY |\
539 TOKEN_QUERY_SOURCE |\
540 TOKEN_ADJUST_PRIVILEGES |\
541 TOKEN_ADJUST_GROUPS |\
542 TOKEN_ADJUST_DEFAULT )
543
544#if ((defined(_WIN32_WINNT) && (_WIN32_WINNT > 0x0400)) || (!defined(_WIN32_WINNT)))
545#define TOKEN_ALL_ACCESS (TOKEN_ALL_ACCESS_P |\
546 TOKEN_ADJUST_SESSIONID )
547#else
548#define TOKEN_ALL_ACCESS (TOKEN_ALL_ACCESS_P)
549#endif
550
551#define TOKEN_READ (STANDARD_RIGHTS_READ |\
552 TOKEN_QUERY)
553
554#define TOKEN_WRITE (STANDARD_RIGHTS_WRITE |\
555 TOKEN_ADJUST_PRIVILEGES |\
556 TOKEN_ADJUST_GROUPS |\
557 TOKEN_ADJUST_DEFAULT)
558
559#define TOKEN_EXECUTE (STANDARD_RIGHTS_EXECUTE)
560
561typedef enum _TOKEN_TYPE {
562 TokenPrimary = 1,
563 TokenImpersonation
564} TOKEN_TYPE,*PTOKEN_TYPE;
565
566typedef enum _TOKEN_INFORMATION_CLASS {
567 TokenUser = 1,
568 TokenGroups,
569 TokenPrivileges,
570 TokenOwner,
571 TokenPrimaryGroup,
572 TokenDefaultDacl,
573 TokenSource,
574 TokenType,
575 TokenImpersonationLevel,
576 TokenStatistics,
577 TokenRestrictedSids,
578 TokenSessionId,
579 TokenGroupsAndPrivileges,
580 TokenSessionReference,
581 TokenSandBoxInert,
582 TokenAuditPolicy,
583 TokenOrigin,
584 TokenElevationType,
585 TokenLinkedToken,
586 TokenElevation,
587 TokenHasRestrictions,
588 TokenAccessInformation,
589 TokenVirtualizationAllowed,
590 TokenVirtualizationEnabled,
591 TokenIntegrityLevel,
592 TokenUIAccess,
593 TokenMandatoryPolicy,
594 TokenLogonSid,
595 MaxTokenInfoClass
596} TOKEN_INFORMATION_CLASS, *PTOKEN_INFORMATION_CLASS;
597
598typedef struct _TOKEN_USER {
599 SID_AND_ATTRIBUTES User;
600} TOKEN_USER, *PTOKEN_USER;
601
602typedef struct _TOKEN_GROUPS {
603 ULONG GroupCount;
604 SID_AND_ATTRIBUTES Groups[ANYSIZE_ARRAY];
605} TOKEN_GROUPS,*PTOKEN_GROUPS,*LPTOKEN_GROUPS;
606
607typedef struct _TOKEN_PRIVILEGES {
608 ULONG PrivilegeCount;
609 LUID_AND_ATTRIBUTES Privileges[ANYSIZE_ARRAY];
610} TOKEN_PRIVILEGES,*PTOKEN_PRIVILEGES,*LPTOKEN_PRIVILEGES;
611
612typedef struct _TOKEN_OWNER {
613 PSID Owner;
614} TOKEN_OWNER,*PTOKEN_OWNER;
615
616typedef struct _TOKEN_PRIMARY_GROUP {
617 PSID PrimaryGroup;
618} TOKEN_PRIMARY_GROUP,*PTOKEN_PRIMARY_GROUP;
619
620typedef struct _TOKEN_DEFAULT_DACL {
621 PACL DefaultDacl;
622} TOKEN_DEFAULT_DACL,*PTOKEN_DEFAULT_DACL;
623
624typedef struct _TOKEN_GROUPS_AND_PRIVILEGES {
625 ULONG SidCount;
626 ULONG SidLength;
627 PSID_AND_ATTRIBUTES Sids;
628 ULONG RestrictedSidCount;
629 ULONG RestrictedSidLength;
630 PSID_AND_ATTRIBUTES RestrictedSids;
631 ULONG PrivilegeCount;
632 ULONG PrivilegeLength;
633 PLUID_AND_ATTRIBUTES Privileges;
634 LUID AuthenticationId;
635} TOKEN_GROUPS_AND_PRIVILEGES, *PTOKEN_GROUPS_AND_PRIVILEGES;
636
637typedef struct _TOKEN_LINKED_TOKEN {
638 HANDLE LinkedToken;
639} TOKEN_LINKED_TOKEN, *PTOKEN_LINKED_TOKEN;
640
641typedef struct _TOKEN_ELEVATION {
642 ULONG TokenIsElevated;
643} TOKEN_ELEVATION, *PTOKEN_ELEVATION;
644
645typedef struct _TOKEN_MANDATORY_LABEL {
646 SID_AND_ATTRIBUTES Label;
647} TOKEN_MANDATORY_LABEL, *PTOKEN_MANDATORY_LABEL;
648
649#define TOKEN_MANDATORY_POLICY_OFF 0x0
650#define TOKEN_MANDATORY_POLICY_NO_WRITE_UP 0x1
651#define TOKEN_MANDATORY_POLICY_NEW_PROCESS_MIN 0x2
652
653#define TOKEN_MANDATORY_POLICY_VALID_MASK (TOKEN_MANDATORY_POLICY_NO_WRITE_UP | \
654 TOKEN_MANDATORY_POLICY_NEW_PROCESS_MIN)
655
656typedef struct _TOKEN_MANDATORY_POLICY {
657 ULONG Policy;
658} TOKEN_MANDATORY_POLICY, *PTOKEN_MANDATORY_POLICY;
659
660typedef struct _TOKEN_ACCESS_INFORMATION {
661 PSID_AND_ATTRIBUTES_HASH SidHash;
662 PSID_AND_ATTRIBUTES_HASH RestrictedSidHash;
663 PTOKEN_PRIVILEGES Privileges;
664 LUID AuthenticationId;
665 TOKEN_TYPE TokenType;
666 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
667 TOKEN_MANDATORY_POLICY MandatoryPolicy;
668 ULONG Flags;
669} TOKEN_ACCESS_INFORMATION, *PTOKEN_ACCESS_INFORMATION;
670
671#define POLICY_AUDIT_SUBCATEGORY_COUNT (53)
672
673typedef struct _TOKEN_AUDIT_POLICY {
674 UCHAR PerUserPolicy[((POLICY_AUDIT_SUBCATEGORY_COUNT) >> 1) + 1];
675} TOKEN_AUDIT_POLICY, *PTOKEN_AUDIT_POLICY;
676
677#define TOKEN_SOURCE_LENGTH 8
678
679typedef struct _TOKEN_SOURCE {
680 CHAR SourceName[TOKEN_SOURCE_LENGTH];
681 LUID SourceIdentifier;
682} TOKEN_SOURCE,*PTOKEN_SOURCE;
683
684typedef struct _TOKEN_STATISTICS {
685 LUID TokenId;
686 LUID AuthenticationId;
687 LARGE_INTEGER ExpirationTime;
688 TOKEN_TYPE TokenType;
689 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
690 ULONG DynamicCharged;
691 ULONG DynamicAvailable;
692 ULONG GroupCount;
693 ULONG PrivilegeCount;
694 LUID ModifiedId;
695} TOKEN_STATISTICS, *PTOKEN_STATISTICS;
696
697typedef struct _TOKEN_CONTROL {
698 LUID TokenId;
699 LUID AuthenticationId;
700 LUID ModifiedId;
701 TOKEN_SOURCE TokenSource;
702} TOKEN_CONTROL,*PTOKEN_CONTROL;
703
704typedef struct _TOKEN_ORIGIN {
705 LUID OriginatingLogonSession;
706} TOKEN_ORIGIN, *PTOKEN_ORIGIN;
707
708typedef enum _MANDATORY_LEVEL {
709 MandatoryLevelUntrusted = 0,
710 MandatoryLevelLow,
711 MandatoryLevelMedium,
712 MandatoryLevelHigh,
713 MandatoryLevelSystem,
714 MandatoryLevelSecureProcess,
715 MandatoryLevelCount
716} MANDATORY_LEVEL, *PMANDATORY_LEVEL;
717
718#define TOKEN_HAS_TRAVERSE_PRIVILEGE 0x0001
719#define TOKEN_HAS_BACKUP_PRIVILEGE 0x0002
720#define TOKEN_HAS_RESTORE_PRIVILEGE 0x0004
721#define TOKEN_WRITE_RESTRICTED 0x0008
722#define TOKEN_IS_RESTRICTED 0x0010
723#define TOKEN_SESSION_NOT_REFERENCED 0x0020
724#define TOKEN_SANDBOX_INERT 0x0040
725#define TOKEN_HAS_IMPERSONATE_PRIVILEGE 0x0080
726#define SE_BACKUP_PRIVILEGES_CHECKED 0x0100
727#define TOKEN_VIRTUALIZE_ALLOWED 0x0200
728#define TOKEN_VIRTUALIZE_ENABLED 0x0400
729#define TOKEN_IS_FILTERED 0x0800
730#define TOKEN_UIACCESS 0x1000
731#define TOKEN_NOT_LOW 0x2000
732
733typedef struct _SE_EXPORTS {
734 LUID SeCreateTokenPrivilege;
735 LUID SeAssignPrimaryTokenPrivilege;
736 LUID SeLockMemoryPrivilege;
737 LUID SeIncreaseQuotaPrivilege;
738 LUID SeUnsolicitedInputPrivilege;
739 LUID SeTcbPrivilege;
740 LUID SeSecurityPrivilege;
741 LUID SeTakeOwnershipPrivilege;
742 LUID SeLoadDriverPrivilege;
743 LUID SeCreatePagefilePrivilege;
744 LUID SeIncreaseBasePriorityPrivilege;
745 LUID SeSystemProfilePrivilege;
746 LUID SeSystemtimePrivilege;
747 LUID SeProfileSingleProcessPrivilege;
748 LUID SeCreatePermanentPrivilege;
749 LUID SeBackupPrivilege;
750 LUID SeRestorePrivilege;
751 LUID SeShutdownPrivilege;
752 LUID SeDebugPrivilege;
753 LUID SeAuditPrivilege;
754 LUID SeSystemEnvironmentPrivilege;
755 LUID SeChangeNotifyPrivilege;
756 LUID SeRemoteShutdownPrivilege;
757 PSID SeNullSid;
758 PSID SeWorldSid;
759 PSID SeLocalSid;
760 PSID SeCreatorOwnerSid;
761 PSID SeCreatorGroupSid;
762 PSID SeNtAuthoritySid;
763 PSID SeDialupSid;
764 PSID SeNetworkSid;
765 PSID SeBatchSid;
766 PSID SeInteractiveSid;
767 PSID SeLocalSystemSid;
768 PSID SeAliasAdminsSid;
769 PSID SeAliasUsersSid;
770 PSID SeAliasGuestsSid;
771 PSID SeAliasPowerUsersSid;
772 PSID SeAliasAccountOpsSid;
773 PSID SeAliasSystemOpsSid;
774 PSID SeAliasPrintOpsSid;
775 PSID SeAliasBackupOpsSid;
776 PSID SeAuthenticatedUsersSid;
777 PSID SeRestrictedSid;
778 PSID SeAnonymousLogonSid;
779 LUID SeUndockPrivilege;
780 LUID SeSyncAgentPrivilege;
781 LUID SeEnableDelegationPrivilege;
782 PSID SeLocalServiceSid;
783 PSID SeNetworkServiceSid;
784 LUID SeManageVolumePrivilege;
785 LUID SeImpersonatePrivilege;
786 LUID SeCreateGlobalPrivilege;
787 LUID SeTrustedCredManAccessPrivilege;
788 LUID SeRelabelPrivilege;
789 LUID SeIncreaseWorkingSetPrivilege;
790 LUID SeTimeZonePrivilege;
791 LUID SeCreateSymbolicLinkPrivilege;
792 PSID SeIUserSid;
793 PSID SeUntrustedMandatorySid;
794 PSID SeLowMandatorySid;
795 PSID SeMediumMandatorySid;
796 PSID SeHighMandatorySid;
797 PSID SeSystemMandatorySid;
798 PSID SeOwnerRightsSid;
799} SE_EXPORTS, *PSE_EXPORTS;
800
801typedef NTSTATUS
802(NTAPI *PSE_LOGON_SESSION_TERMINATED_ROUTINE)(
803 IN PLUID LogonId);
804/******************************************************************************
805 * Runtime Library Types *
806 ******************************************************************************/
807
808
809#define RTL_SYSTEM_VOLUME_INFORMATION_FOLDER L"System Volume Information"
810
811typedef PVOID
812(NTAPI *PRTL_ALLOCATE_STRING_ROUTINE)(
813 IN SIZE_T NumberOfBytes);
814
815#if _WIN32_WINNT >= 0x0600
816typedef PVOID
817(NTAPI *PRTL_REALLOCATE_STRING_ROUTINE)(
818 IN SIZE_T NumberOfBytes,
819 IN PVOID Buffer);
820#endif
821
822typedef VOID
823(NTAPI *PRTL_FREE_STRING_ROUTINE)(
824 IN PVOID Buffer);
825
826extern const PRTL_ALLOCATE_STRING_ROUTINE RtlAllocateStringRoutine;
827extern const PRTL_FREE_STRING_ROUTINE RtlFreeStringRoutine;
828
829#if _WIN32_WINNT >= 0x0600
830extern const PRTL_REALLOCATE_STRING_ROUTINE RtlReallocateStringRoutine;
831#endif
832
833typedef NTSTATUS
834(NTAPI * PRTL_HEAP_COMMIT_ROUTINE) (
835 IN PVOID Base,
836 IN OUT PVOID *CommitAddress,
837 IN OUT PSIZE_T CommitSize);
838
839typedef struct _RTL_HEAP_PARAMETERS {
840 ULONG Length;
841 SIZE_T SegmentReserve;
842 SIZE_T SegmentCommit;
843 SIZE_T DeCommitFreeBlockThreshold;
844 SIZE_T DeCommitTotalFreeThreshold;
845 SIZE_T MaximumAllocationSize;
846 SIZE_T VirtualMemoryThreshold;
847 SIZE_T InitialCommit;
848 SIZE_T InitialReserve;
849 PRTL_HEAP_COMMIT_ROUTINE CommitRoutine;
850 SIZE_T Reserved[2];
851} RTL_HEAP_PARAMETERS, *PRTL_HEAP_PARAMETERS;
852
853#if (NTDDI_VERSION >= NTDDI_WIN2K)
854
855typedef struct _GENERATE_NAME_CONTEXT {
856 USHORT Checksum;
857 BOOLEAN CheckSumInserted;
858 UCHAR NameLength;
859 WCHAR NameBuffer[8];
860 ULONG ExtensionLength;
861 WCHAR ExtensionBuffer[4];
862 ULONG LastIndexValue;
863} GENERATE_NAME_CONTEXT, *PGENERATE_NAME_CONTEXT;
864
865typedef struct _PREFIX_TABLE_ENTRY {
866 CSHORT NodeTypeCode;
867 CSHORT NameLength;
868 struct _PREFIX_TABLE_ENTRY *NextPrefixTree;
869 RTL_SPLAY_LINKS Links;
870 PSTRING Prefix;
871} PREFIX_TABLE_ENTRY, *PPREFIX_TABLE_ENTRY;
872
873typedef struct _PREFIX_TABLE {
874 CSHORT NodeTypeCode;
875 CSHORT NameLength;
876 PPREFIX_TABLE_ENTRY NextPrefixTree;
877} PREFIX_TABLE, *PPREFIX_TABLE;
878
879typedef struct _UNICODE_PREFIX_TABLE_ENTRY {
880 CSHORT NodeTypeCode;
881 CSHORT NameLength;
882 struct _UNICODE_PREFIX_TABLE_ENTRY *NextPrefixTree;
883 struct _UNICODE_PREFIX_TABLE_ENTRY *CaseMatch;
884 RTL_SPLAY_LINKS Links;
885 PUNICODE_STRING Prefix;
886} UNICODE_PREFIX_TABLE_ENTRY, *PUNICODE_PREFIX_TABLE_ENTRY;
887
888typedef struct _UNICODE_PREFIX_TABLE {
889 CSHORT NodeTypeCode;
890 CSHORT NameLength;
891 PUNICODE_PREFIX_TABLE_ENTRY NextPrefixTree;
892 PUNICODE_PREFIX_TABLE_ENTRY LastNextEntry;
893} UNICODE_PREFIX_TABLE, *PUNICODE_PREFIX_TABLE;
894
895#endif /* (NTDDI_VERSION >= NTDDI_WIN2K) */
896
897#if (NTDDI_VERSION >= NTDDI_WINXP)
898typedef struct _COMPRESSED_DATA_INFO {
899 USHORT CompressionFormatAndEngine;
900 UCHAR CompressionUnitShift;
901 UCHAR ChunkShift;
902 UCHAR ClusterShift;
903 UCHAR Reserved;
904 USHORT NumberOfChunks;
905 ULONG CompressedChunkSizes[ANYSIZE_ARRAY];
906} COMPRESSED_DATA_INFO, *PCOMPRESSED_DATA_INFO;
907#endif
908
909/******************************************************************************
910 * Runtime Library Functions *
911 ******************************************************************************/
912
913#if (NTDDI_VERSION >= NTDDI_WIN2K)
914
915NTSYSAPI
916PVOID
917NTAPI
918RtlAllocateHeap(
919 IN HANDLE HeapHandle,
920 IN ULONG Flags OPTIONAL,
921 IN SIZE_T Size);
922
923NTSYSAPI
924BOOLEAN
925NTAPI
926RtlFreeHeap(
927 IN PVOID HeapHandle,
928 IN ULONG Flags OPTIONAL,
929 IN PVOID BaseAddress);
930
931NTSYSAPI
932VOID
933NTAPI
934RtlCaptureContext(
935 OUT PCONTEXT ContextRecord);
936
937NTSYSAPI
938ULONG
939NTAPI
940RtlRandom(
941 IN OUT PULONG Seed);
942
943NTSYSAPI
944BOOLEAN
945NTAPI
946RtlCreateUnicodeString(
947 OUT PUNICODE_STRING DestinationString,
948 IN PCWSTR SourceString);
949
950NTSYSAPI
951NTSTATUS
952NTAPI
953RtlAppendStringToString(
954 IN OUT PSTRING Destination,
955 IN const STRING *Source);
956
957NTSYSAPI
958NTSTATUS
959NTAPI
960RtlOemStringToUnicodeString(
961 IN OUT PUNICODE_STRING DestinationString,
962 IN PCOEM_STRING SourceString,
963 IN BOOLEAN AllocateDestinationString);
964
965NTSYSAPI
966NTSTATUS
967NTAPI
968RtlUnicodeStringToOemString(
969 IN OUT POEM_STRING DestinationString,
970 IN PCUNICODE_STRING SourceString,
971 IN BOOLEAN AllocateDestinationString);
972
973NTSYSAPI
974NTSTATUS
975NTAPI
976RtlUpcaseUnicodeStringToOemString(
977 IN OUT POEM_STRING DestinationString,
978 IN PCUNICODE_STRING SourceString,
979 IN BOOLEAN AllocateDestinationString);
980
981NTSYSAPI
982NTSTATUS
983NTAPI
984RtlOemStringToCountedUnicodeString(
985 IN OUT PUNICODE_STRING DestinationString,
986 IN PCOEM_STRING SourceString,
987 IN BOOLEAN AllocateDestinationString);
988
989NTSYSAPI
990NTSTATUS
991NTAPI
992RtlUnicodeStringToCountedOemString(
993 IN OUT POEM_STRING DestinationString,
994 IN PCUNICODE_STRING SourceString,
995 IN BOOLEAN AllocateDestinationString);
996
997NTSYSAPI
998NTSTATUS
999NTAPI
1000RtlUpcaseUnicodeStringToCountedOemString(
1001 IN OUT POEM_STRING DestinationString,
1002 IN PCUNICODE_STRING SourceString,
1003 IN BOOLEAN AllocateDestinationString);
1004
1005NTSYSAPI
1006NTSTATUS
1007NTAPI
1008RtlDowncaseUnicodeString(
1009 IN OUT PUNICODE_STRING UniDest,
1010 IN PCUNICODE_STRING UniSource,
1011 IN BOOLEAN AllocateDestinationString);
1012
1013NTSYSAPI
1014VOID
1015NTAPI
1016RtlFreeOemString (
1017 IN OUT POEM_STRING OemString);
1018
1019NTSYSAPI
1020ULONG
1021NTAPI
1022RtlxUnicodeStringToOemSize(
1023 IN PCUNICODE_STRING UnicodeString);
1024
1025NTSYSAPI
1026ULONG
1027NTAPI
1028RtlxOemStringToUnicodeSize(
1029 IN PCOEM_STRING OemString);
1030
1031NTSYSAPI
1032NTSTATUS
1033NTAPI
1034RtlMultiByteToUnicodeN(
1035 OUT PWCH UnicodeString,
1036 IN ULONG MaxBytesInUnicodeString,
1037 OUT PULONG BytesInUnicodeString OPTIONAL,
1038 IN const CHAR *MultiByteString,
1039 IN ULONG BytesInMultiByteString);
1040
1041NTSYSAPI
1042NTSTATUS
1043NTAPI
1044RtlMultiByteToUnicodeSize(
1045 OUT PULONG BytesInUnicodeString,
1046 IN const CHAR *MultiByteString,
1047 IN ULONG BytesInMultiByteString);
1048
1049NTSYSAPI
1050NTSTATUS
1051NTAPI
1052RtlUnicodeToMultiByteSize(
1053 OUT PULONG BytesInMultiByteString,
1054 IN PCWCH UnicodeString,
1055 IN ULONG BytesInUnicodeString);
1056
1057NTSYSAPI
1058NTSTATUS
1059NTAPI
1060RtlUnicodeToMultiByteN(
1061 OUT PCHAR MultiByteString,
1062 IN ULONG MaxBytesInMultiByteString,
1063 OUT PULONG BytesInMultiByteString OPTIONAL,
1064 IN PCWCH UnicodeString,
1065 IN ULONG BytesInUnicodeString);
1066
1067NTSYSAPI
1068NTSTATUS
1069NTAPI
1070RtlUpcaseUnicodeToMultiByteN(
1071 OUT PCHAR MultiByteString,
1072 IN ULONG MaxBytesInMultiByteString,
1073 OUT PULONG BytesInMultiByteString OPTIONAL,
1074 IN PCWCH UnicodeString,
1075 IN ULONG BytesInUnicodeString);
1076
1077NTSYSAPI
1078NTSTATUS
1079NTAPI
1080RtlOemToUnicodeN(
1081 OUT PWSTR UnicodeString,
1082 IN ULONG MaxBytesInUnicodeString,
1083 OUT PULONG BytesInUnicodeString OPTIONAL,
1084 IN PCCH OemString,
1085 IN ULONG BytesInOemString);
1086
1087NTSYSAPI
1088NTSTATUS
1089NTAPI
1090RtlUnicodeToOemN(
1091 OUT PCHAR OemString,
1092 IN ULONG MaxBytesInOemString,
1093 OUT PULONG BytesInOemString OPTIONAL,
1094 IN PCWCH UnicodeString,
1095 IN ULONG BytesInUnicodeString);
1096
1097NTSYSAPI
1098NTSTATUS
1099NTAPI
1100RtlUpcaseUnicodeToOemN(
1101 OUT PCHAR OemString,
1102 IN ULONG MaxBytesInOemString,
1103 OUT PULONG BytesInOemString OPTIONAL,
1104 IN PCWCH UnicodeString,
1105 IN ULONG BytesInUnicodeString);
1106
1107#if (NTDDI_VERSION >= NTDDI_VISTASP1)
1108NTSYSAPI
1109NTSTATUS
1110NTAPI
1111RtlGenerate8dot3Name(
1112 IN PCUNICODE_STRING Name,
1113 IN BOOLEAN AllowExtendedCharacters,
1114 IN OUT PGENERATE_NAME_CONTEXT Context,
1115 IN OUT PUNICODE_STRING Name8dot3);
1116#else
1117NTSYSAPI
1118VOID
1119NTAPI
1120RtlGenerate8dot3Name(
1121 IN PCUNICODE_STRING Name,
1122 IN BOOLEAN AllowExtendedCharacters,
1123 IN OUT PGENERATE_NAME_CONTEXT Context,
1124 IN OUT PUNICODE_STRING Name8dot3);
1125#endif
1126
1127NTSYSAPI
1128BOOLEAN
1129NTAPI
1130RtlIsNameLegalDOS8Dot3(
1131 IN PCUNICODE_STRING Name,
1132 IN OUT POEM_STRING OemName OPTIONAL,
1133 IN OUT PBOOLEAN NameContainsSpaces OPTIONAL);
1134
1135NTSYSAPI
1136BOOLEAN
1137NTAPI
1138RtlIsValidOemCharacter(
1139 IN OUT PWCHAR Char);
1140
1141NTSYSAPI
1142VOID
1143NTAPI
1144PfxInitialize(
1145 OUT PPREFIX_TABLE PrefixTable);
1146
1147NTSYSAPI
1148BOOLEAN
1149NTAPI
1150PfxInsertPrefix(
1151 IN PPREFIX_TABLE PrefixTable,
1152 IN PSTRING Prefix,
1153 OUT PPREFIX_TABLE_ENTRY PrefixTableEntry);
1154
1155NTSYSAPI
1156VOID
1157NTAPI
1158PfxRemovePrefix(
1159 IN PPREFIX_TABLE PrefixTable,
1160 IN PPREFIX_TABLE_ENTRY PrefixTableEntry);
1161
1162NTSYSAPI
1163PPREFIX_TABLE_ENTRY
1164NTAPI
1165PfxFindPrefix(
1166 IN PPREFIX_TABLE PrefixTable,
1167 IN PSTRING FullName);
1168
1169NTSYSAPI
1170VOID
1171NTAPI
1172RtlInitializeUnicodePrefix(
1173 OUT PUNICODE_PREFIX_TABLE PrefixTable);
1174
1175NTSYSAPI
1176BOOLEAN
1177NTAPI
1178RtlInsertUnicodePrefix(
1179 IN PUNICODE_PREFIX_TABLE PrefixTable,
1180 IN PUNICODE_STRING Prefix,
1181 OUT PUNICODE_PREFIX_TABLE_ENTRY PrefixTableEntry);
1182
1183NTSYSAPI
1184VOID
1185NTAPI
1186RtlRemoveUnicodePrefix(
1187 IN PUNICODE_PREFIX_TABLE PrefixTable,
1188 IN PUNICODE_PREFIX_TABLE_ENTRY PrefixTableEntry);
1189
1190NTSYSAPI
1191PUNICODE_PREFIX_TABLE_ENTRY
1192NTAPI
1193RtlFindUnicodePrefix(
1194 IN PUNICODE_PREFIX_TABLE PrefixTable,
1195 IN PUNICODE_STRING FullName,
1196 IN ULONG CaseInsensitiveIndex);
1197
1198NTSYSAPI
1199PUNICODE_PREFIX_TABLE_ENTRY
1200NTAPI
1201RtlNextUnicodePrefix(
1202 IN PUNICODE_PREFIX_TABLE PrefixTable,
1203 IN BOOLEAN Restart);
1204
1205NTSYSAPI
1206SIZE_T
1207NTAPI
1208RtlCompareMemoryUlong(
1209 IN PVOID Source,
1210 IN SIZE_T Length,
1211 IN ULONG Pattern);
1212
1213NTSYSAPI
1214BOOLEAN
1215NTAPI
1216RtlTimeToSecondsSince1980(
1217 IN PLARGE_INTEGER Time,
1218 OUT PULONG ElapsedSeconds);
1219
1220NTSYSAPI
1221VOID
1222NTAPI
1223RtlSecondsSince1980ToTime(
1224 IN ULONG ElapsedSeconds,
1225 OUT PLARGE_INTEGER Time);
1226
1227NTSYSAPI
1228BOOLEAN
1229NTAPI
1230RtlTimeToSecondsSince1970(
1231 IN PLARGE_INTEGER Time,
1232 OUT PULONG ElapsedSeconds);
1233
1234NTSYSAPI
1235VOID
1236NTAPI
1237RtlSecondsSince1970ToTime(
1238 IN ULONG ElapsedSeconds,
1239 OUT PLARGE_INTEGER Time);
1240
1241NTSYSAPI
1242BOOLEAN
1243NTAPI
1244RtlValidSid(
1245 IN PSID Sid);
1246
1247NTSYSAPI
1248BOOLEAN
1249NTAPI
1250RtlEqualSid(
1251 IN PSID Sid1,
1252 IN PSID Sid2);
1253
1254NTSYSAPI
1255BOOLEAN
1256NTAPI
1257RtlEqualPrefixSid(
1258 IN PSID Sid1,
1259 IN PSID Sid2);
1260
1261NTSYSAPI
1262ULONG
1263NTAPI
1264RtlLengthRequiredSid(
1265 IN ULONG SubAuthorityCount);
1266
1267NTSYSAPI
1268PVOID
1269NTAPI
1270RtlFreeSid(
1271 IN PSID Sid);
1272
1273NTSYSAPI
1274NTSTATUS
1275NTAPI
1276RtlAllocateAndInitializeSid(
1277 IN PSID_IDENTIFIER_AUTHORITY IdentifierAuthority,
1278 IN UCHAR SubAuthorityCount,
1279 IN ULONG SubAuthority0,
1280 IN ULONG SubAuthority1,
1281 IN ULONG SubAuthority2,
1282 IN ULONG SubAuthority3,
1283 IN ULONG SubAuthority4,
1284 IN ULONG SubAuthority5,
1285 IN ULONG SubAuthority6,
1286 IN ULONG SubAuthority7,
1287 OUT PSID *Sid);
1288
1289NTSYSAPI
1290NTSTATUS
1291NTAPI
1292RtlInitializeSid(
1293 OUT PSID Sid,
1294 IN PSID_IDENTIFIER_AUTHORITY IdentifierAuthority,
1295 IN UCHAR SubAuthorityCount);
1296
1297NTSYSAPI
1298PULONG
1299NTAPI
1300RtlSubAuthoritySid(
1301 IN PSID Sid,
1302 IN ULONG SubAuthority);
1303
1304NTSYSAPI
1305ULONG
1306NTAPI
1307RtlLengthSid(
1308 IN PSID Sid);
1309
1310NTSYSAPI
1311NTSTATUS
1312NTAPI
1313RtlCopySid(
1314 IN ULONG Length,
1315 IN PSID Destination,
1316 IN PSID Source);
1317
1318NTSYSAPI
1319NTSTATUS
1320NTAPI
1321RtlConvertSidToUnicodeString(
1322 IN OUT PUNICODE_STRING UnicodeString,
1323 IN PSID Sid,
1324 IN BOOLEAN AllocateDestinationString);
1325
1326NTSYSAPI
1327VOID
1328NTAPI
1329RtlCopyLuid(
1330 OUT PLUID DestinationLuid,
1331 IN PLUID SourceLuid);
1332
1333NTSYSAPI
1334NTSTATUS
1335NTAPI
1336RtlCreateAcl(
1337 OUT PACL Acl,
1338 IN ULONG AclLength,
1339 IN ULONG AclRevision);
1340
1341NTSYSAPI
1342NTSTATUS
1343NTAPI
1344RtlAddAce(
1345 IN OUT PACL Acl,
1346 IN ULONG AceRevision,
1347 IN ULONG StartingAceIndex,
1348 IN PVOID AceList,
1349 IN ULONG AceListLength);
1350
1351NTSYSAPI
1352NTSTATUS
1353NTAPI
1354RtlDeleteAce(
1355 IN OUT PACL Acl,
1356 IN ULONG AceIndex);
1357
1358NTSYSAPI
1359NTSTATUS
1360NTAPI
1361RtlGetAce(
1362 IN PACL Acl,
1363 IN ULONG AceIndex,
1364 OUT PVOID *Ace);
1365
1366NTSYSAPI
1367NTSTATUS
1368NTAPI
1369RtlAddAccessAllowedAce(
1370 IN OUT PACL Acl,
1371 IN ULONG AceRevision,
1372 IN ACCESS_MASK AccessMask,
1373 IN PSID Sid);
1374
1375NTSYSAPI
1376NTSTATUS
1377NTAPI
1378RtlAddAccessAllowedAceEx(
1379 IN OUT PACL Acl,
1380 IN ULONG AceRevision,
1381 IN ULONG AceFlags,
1382 IN ACCESS_MASK AccessMask,
1383 IN PSID Sid);
1384
1385NTSYSAPI
1386NTSTATUS
1387NTAPI
1388RtlCreateSecurityDescriptorRelative(
1389 OUT PISECURITY_DESCRIPTOR_RELATIVE SecurityDescriptor,
1390 IN ULONG Revision);
1391
1392NTSYSAPI
1393NTSTATUS
1394NTAPI
1395RtlGetDaclSecurityDescriptor(
1396 IN PSECURITY_DESCRIPTOR SecurityDescriptor,
1397 OUT PBOOLEAN DaclPresent,
1398 OUT PACL *Dacl,
1399 OUT PBOOLEAN DaclDefaulted);
1400
1401NTSYSAPI
1402NTSTATUS
1403NTAPI
1404RtlSetOwnerSecurityDescriptor(
1405 IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor,
1406 IN PSID Owner OPTIONAL,
1407 IN BOOLEAN OwnerDefaulted);
1408
1409NTSYSAPI
1410NTSTATUS
1411NTAPI
1412RtlGetOwnerSecurityDescriptor(
1413 IN PSECURITY_DESCRIPTOR SecurityDescriptor,
1414 OUT PSID *Owner,
1415 OUT PBOOLEAN OwnerDefaulted);
1416
1417NTSYSAPI
1418ULONG
1419NTAPI
1420RtlNtStatusToDosError(
1421 IN NTSTATUS Status);
1422
1423NTSYSAPI
1424NTSTATUS
1425NTAPI
1426RtlCustomCPToUnicodeN(
1427 IN PCPTABLEINFO CustomCP,
1428 OUT PWCH UnicodeString,
1429 IN ULONG MaxBytesInUnicodeString,
1430 OUT PULONG BytesInUnicodeString OPTIONAL,
1431 IN PCH CustomCPString,
1432 IN ULONG BytesInCustomCPString);
1433
1434NTSYSAPI
1435NTSTATUS
1436NTAPI
1437RtlUnicodeToCustomCPN(
1438 IN PCPTABLEINFO CustomCP,
1439 OUT PCH CustomCPString,
1440 IN ULONG MaxBytesInCustomCPString,
1441 OUT PULONG BytesInCustomCPString OPTIONAL,
1442 IN PWCH UnicodeString,
1443 IN ULONG BytesInUnicodeString);
1444
1445NTSYSAPI
1446NTSTATUS
1447NTAPI
1448RtlUpcaseUnicodeToCustomCPN(
1449 IN PCPTABLEINFO CustomCP,
1450 OUT PCH CustomCPString,
1451 IN ULONG MaxBytesInCustomCPString,
1452 OUT PULONG BytesInCustomCPString OPTIONAL,
1453 IN PWCH UnicodeString,
1454 IN ULONG BytesInUnicodeString);
1455
1456NTSYSAPI
1457VOID
1458NTAPI
1459RtlInitCodePageTable(
1460 IN PUSHORT TableBase,
1461 IN OUT PCPTABLEINFO CodePageTable);
1462
1463
1464#endif /* (NTDDI_VERSION >= NTDDI_WIN2K) */
1465
1466
1467#if (NTDDI_VERSION >= NTDDI_WINXP)
1468
1469NTSYSAPI
1470PVOID
1471NTAPI
1472RtlCreateHeap(
1473 IN ULONG Flags,
1474 IN PVOID HeapBase OPTIONAL,
1475 IN SIZE_T ReserveSize OPTIONAL,
1476 IN SIZE_T CommitSize OPTIONAL,
1477 IN PVOID Lock OPTIONAL,
1478 IN PRTL_HEAP_PARAMETERS Parameters OPTIONAL);
1479
1480NTSYSAPI
1481PVOID
1482NTAPI
1483RtlDestroyHeap(
1484 IN PVOID HeapHandle);
1485
1486NTSYSAPI
1487USHORT
1488NTAPI
1489RtlCaptureStackBackTrace(
1490 IN ULONG FramesToSkip,
1491 IN ULONG FramesToCapture,
1492 OUT PVOID *BackTrace,
1493 OUT PULONG BackTraceHash OPTIONAL);
1494
1495NTSYSAPI
1496ULONG
1497NTAPI
1498RtlRandomEx(
1499 IN OUT PULONG Seed);
1500
1501NTSYSAPI
1502NTSTATUS
1503NTAPI
1504RtlInitUnicodeStringEx(
1505 OUT PUNICODE_STRING DestinationString,
1506 IN PCWSTR SourceString OPTIONAL);
1507
1508NTSYSAPI
1509NTSTATUS
1510NTAPI
1511RtlValidateUnicodeString(
1512 IN ULONG Flags,
1513 IN PCUNICODE_STRING String);
1514
1515NTSYSAPI
1516NTSTATUS
1517NTAPI
1518RtlDuplicateUnicodeString(
1519 IN ULONG Flags,
1520 IN PCUNICODE_STRING SourceString,
1521 OUT PUNICODE_STRING DestinationString);
1522
1523NTSYSAPI
1524NTSTATUS
1525NTAPI
1526RtlGetCompressionWorkSpaceSize(
1527 IN USHORT CompressionFormatAndEngine,
1528 OUT PULONG CompressBufferWorkSpaceSize,
1529 OUT PULONG CompressFragmentWorkSpaceSize);
1530
1531NTSYSAPI
1532NTSTATUS
1533NTAPI
1534RtlCompressBuffer(
1535 IN USHORT CompressionFormatAndEngine,
1536 IN PUCHAR UncompressedBuffer,
1537 IN ULONG UncompressedBufferSize,
1538 OUT PUCHAR CompressedBuffer,
1539 IN ULONG CompressedBufferSize,
1540 IN ULONG UncompressedChunkSize,
1541 OUT PULONG FinalCompressedSize,
1542 IN PVOID WorkSpace);
1543
1544NTSYSAPI
1545NTSTATUS
1546NTAPI
1547RtlDecompressBuffer(
1548 IN USHORT CompressionFormat,
1549 OUT PUCHAR UncompressedBuffer,
1550 IN ULONG UncompressedBufferSize,
1551 IN PUCHAR CompressedBuffer,
1552 IN ULONG CompressedBufferSize,
1553 OUT PULONG FinalUncompressedSize);
1554
1555NTSYSAPI
1556NTSTATUS
1557NTAPI
1558RtlDecompressFragment(
1559 IN USHORT CompressionFormat,
1560 OUT PUCHAR UncompressedFragment,
1561 IN ULONG UncompressedFragmentSize,
1562 IN PUCHAR CompressedBuffer,
1563 IN ULONG CompressedBufferSize,
1564 IN ULONG FragmentOffset,
1565 OUT PULONG FinalUncompressedSize,
1566 IN PVOID WorkSpace);
1567
1568NTSYSAPI
1569NTSTATUS
1570NTAPI
1571RtlDescribeChunk(
1572 IN USHORT CompressionFormat,
1573 IN OUT PUCHAR *CompressedBuffer,
1574 IN PUCHAR EndOfCompressedBufferPlus1,
1575 OUT PUCHAR *ChunkBuffer,
1576 OUT PULONG ChunkSize);
1577
1578NTSYSAPI
1579NTSTATUS
1580NTAPI
1581RtlReserveChunk(
1582 IN USHORT CompressionFormat,
1583 IN OUT PUCHAR *CompressedBuffer,
1584 IN PUCHAR EndOfCompressedBufferPlus1,
1585 OUT PUCHAR *ChunkBuffer,
1586 IN ULONG ChunkSize);
1587
1588NTSYSAPI
1589NTSTATUS
1590NTAPI
1591RtlDecompressChunks(
1592 OUT PUCHAR UncompressedBuffer,
1593 IN ULONG UncompressedBufferSize,
1594 IN PUCHAR CompressedBuffer,
1595 IN ULONG CompressedBufferSize,
1596 IN PUCHAR CompressedTail,
1597 IN ULONG CompressedTailSize,
1598 IN PCOMPRESSED_DATA_INFO CompressedDataInfo);
1599
1600NTSYSAPI
1601NTSTATUS
1602NTAPI
1603RtlCompressChunks(
1604 IN PUCHAR UncompressedBuffer,
1605 IN ULONG UncompressedBufferSize,
1606 OUT PUCHAR CompressedBuffer,
1607 IN ULONG CompressedBufferSize,
1608 IN OUT PCOMPRESSED_DATA_INFO CompressedDataInfo,
1609 IN ULONG CompressedDataInfoLength,
1610 IN PVOID WorkSpace);
1611
1612NTSYSAPI
1613PSID_IDENTIFIER_AUTHORITY
1614NTAPI
1615RtlIdentifierAuthoritySid(
1616 IN PSID Sid);
1617
1618NTSYSAPI
1619PUCHAR
1620NTAPI
1621RtlSubAuthorityCountSid(
1622 IN PSID Sid);
1623
1624NTSYSAPI
1625ULONG
1626NTAPI
1627RtlNtStatusToDosErrorNoTeb(
1628 IN NTSTATUS Status);
1629
1630NTSYSAPI
1631NTSTATUS
1632NTAPI
1633RtlCreateSystemVolumeInformationFolder(
1634 IN PCUNICODE_STRING VolumeRootPath);
1635
1636#if defined(_M_AMD64)
1637
1638FORCEINLINE
1639VOID
1640RtlFillMemoryUlong (
1641 OUT PVOID Destination,
1642 IN SIZE_T Length,
1643 IN ULONG Pattern)
1644{
1645 PULONG Address = (PULONG)Destination;
1646 if ((Length /= 4) != 0) {
1647 if (((ULONG64)Address & 4) != 0) {
1648 *Address = Pattern;
1649 if ((Length -= 1) == 0) {
1650 return;
1651 }
1652 Address += 1;
1653 }
1654 __stosq((PULONG64)(Address), Pattern | ((ULONG64)Pattern << 32), Length / 2);
1655 if ((Length & 1) != 0) Address[Length - 1] = Pattern;
1656 }
1657 return;
1658}
1659
1660#define RtlFillMemoryUlonglong(Destination, Length, Pattern) \
1661 __stosq((PULONG64)(Destination), Pattern, (Length) / 8)
1662
1663#else
1664
1665NTSYSAPI
1666VOID
1667NTAPI
1668RtlFillMemoryUlong(
1669 OUT PVOID Destination,
1670 IN SIZE_T Length,
1671 IN ULONG Pattern);
1672
1673NTSYSAPI
1674VOID
1675NTAPI
1676RtlFillMemoryUlonglong(
1677 OUT PVOID Destination,
1678 IN SIZE_T Length,
1679 IN ULONGLONG Pattern);
1680
1681#endif /* defined(_M_AMD64) */
1682
1683#endif /* (NTDDI_VERSION >= NTDDI_WINXP) */
1684
1685#if (NTDDI_VERSION >= NTDDI_WS03)
1686NTSYSAPI
1687NTSTATUS
1688NTAPI
1689RtlInitAnsiStringEx(
1690 OUT PANSI_STRING DestinationString,
1691 IN PCSZ SourceString OPTIONAL);
1692#endif
1693
1694#if (NTDDI_VERSION >= NTDDI_WS03SP1)
1695
1696NTSYSAPI
1697NTSTATUS
1698NTAPI
1699RtlGetSaclSecurityDescriptor(
1700 IN PSECURITY_DESCRIPTOR SecurityDescriptor,
1701 OUT PBOOLEAN SaclPresent,
1702 OUT PACL *Sacl,
1703 OUT PBOOLEAN SaclDefaulted);
1704
1705NTSYSAPI
1706NTSTATUS
1707NTAPI
1708RtlSetGroupSecurityDescriptor(
1709 IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor,
1710 IN PSID Group OPTIONAL,
1711 IN BOOLEAN GroupDefaulted OPTIONAL);
1712
1713NTSYSAPI
1714NTSTATUS
1715NTAPI
1716RtlGetGroupSecurityDescriptor(
1717 IN PSECURITY_DESCRIPTOR SecurityDescriptor,
1718 OUT PSID *Group,
1719 OUT PBOOLEAN GroupDefaulted);
1720
1721NTSYSAPI
1722NTSTATUS
1723NTAPI
1724RtlAbsoluteToSelfRelativeSD(
1725 IN PSECURITY_DESCRIPTOR AbsoluteSecurityDescriptor,
1726 OUT PSECURITY_DESCRIPTOR SelfRelativeSecurityDescriptor OPTIONAL,
1727 IN OUT PULONG BufferLength);
1728
1729NTSYSAPI
1730NTSTATUS
1731NTAPI
1732RtlSelfRelativeToAbsoluteSD(
1733 IN PSECURITY_DESCRIPTOR SelfRelativeSecurityDescriptor,
1734 OUT PSECURITY_DESCRIPTOR AbsoluteSecurityDescriptor OPTIONAL,
1735 IN OUT PULONG AbsoluteSecurityDescriptorSize,
1736 OUT PACL Dacl OPTIONAL,
1737 IN OUT PULONG DaclSize,
1738 OUT PACL Sacl OPTIONAL,
1739 IN OUT PULONG SaclSize,
1740 OUT PSID Owner OPTIONAL,
1741 IN OUT PULONG OwnerSize,
1742 OUT PSID PrimaryGroup OPTIONAL,
1743 IN OUT PULONG PrimaryGroupSize);
1744
1745#endif /* (NTDDI_VERSION >= NTDDI_WS03SP1) */
1746
1747#if (NTDDI_VERSION >= NTDDI_VISTA)
1748
1749NTSYSAPI
1750NTSTATUS
1751NTAPI
1752RtlNormalizeString(
1753 IN ULONG NormForm,
1754 IN PCWSTR SourceString,
1755 IN LONG SourceStringLength,
1756 OUT PWSTR DestinationString,
1757 IN OUT PLONG DestinationStringLength);
1758
1759NTSYSAPI
1760NTSTATUS
1761NTAPI
1762RtlIsNormalizedString(
1763 IN ULONG NormForm,
1764 IN PCWSTR SourceString,
1765 IN LONG SourceStringLength,
1766 OUT PBOOLEAN Normalized);
1767
1768NTSYSAPI
1769NTSTATUS
1770NTAPI
1771RtlIdnToAscii(
1772 IN ULONG Flags,
1773 IN PCWSTR SourceString,
1774 IN LONG SourceStringLength,
1775 OUT PWSTR DestinationString,
1776 IN OUT PLONG DestinationStringLength);
1777
1778NTSYSAPI
1779NTSTATUS
1780NTAPI
1781RtlIdnToUnicode(
1782 IN ULONG Flags,
1783 IN PCWSTR SourceString,
1784 IN LONG SourceStringLength,
1785 OUT PWSTR DestinationString,
1786 IN OUT PLONG DestinationStringLength);
1787
1788NTSYSAPI
1789NTSTATUS
1790NTAPI
1791RtlIdnToNameprepUnicode(
1792 IN ULONG Flags,
1793 IN PCWSTR SourceString,
1794 IN LONG SourceStringLength,
1795 OUT PWSTR DestinationString,
1796 IN OUT PLONG DestinationStringLength);
1797
1798NTSYSAPI
1799NTSTATUS
1800NTAPI
1801RtlCreateServiceSid(
1802 IN PUNICODE_STRING ServiceName,
1803 OUT PSID ServiceSid,
1804 IN OUT PULONG ServiceSidLength);
1805
1806NTSYSAPI
1807LONG
1808NTAPI
1809RtlCompareAltitudes(
1810 IN PCUNICODE_STRING Altitude1,
1811 IN PCUNICODE_STRING Altitude2);
1812
1813#endif /* (NTDDI_VERSION >= NTDDI_VISTA) */
1814
1815#if (NTDDI_VERSION >= NTDDI_WIN7)
1816
1817NTSYSAPI
1818NTSTATUS
1819NTAPI
1820RtlUnicodeToUTF8N(
1821 OUT PCHAR UTF8StringDestination,
1822 IN ULONG UTF8StringMaxByteCount,
1823 OUT PULONG UTF8StringActualByteCount,
1824 IN PCWCH UnicodeStringSource,
1825 IN ULONG UnicodeStringByteCount);
1826
1827NTSYSAPI
1828NTSTATUS
1829NTAPI
1830RtlUTF8ToUnicodeN(
1831 OUT PWSTR UnicodeStringDestination,
1832 IN ULONG UnicodeStringMaxByteCount,
1833 OUT PULONG UnicodeStringActualByteCount,
1834 IN PCCH UTF8StringSource,
1835 IN ULONG UTF8StringByteCount);
1836
1837NTSYSAPI
1838NTSTATUS
1839NTAPI
1840RtlReplaceSidInSd(
1841 IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor,
1842 IN PSID OldSid,
1843 IN PSID NewSid,
1844 OUT ULONG *NumChanges);
1845
1846NTSYSAPI
1847NTSTATUS
1848NTAPI
1849RtlCreateVirtualAccountSid(
1850 IN PCUNICODE_STRING Name,
1851 IN ULONG BaseSubAuthority,
1852 OUT PSID Sid,
1853 IN OUT PULONG SidLength);
1854
1855#endif /* (NTDDI_VERSION >= NTDDI_WIN7) */
1856
1857
1858#if defined(_AMD64_) || defined(_IA64_)
1859
1860
1861#endif /* defined(_AMD64_) || defined(_IA64_) */
1862
1863
1864
1865#define RTL_DUPLICATE_UNICODE_STRING_NULL_TERMINATE 1
1866#define RTL_DUPLICATE_UNICODE_STRING_ALLOCATE_NULL_STRING 2
1867
1868#define RtlUnicodeStringToOemSize(STRING) (NLS_MB_OEM_CODE_PAGE_TAG ? \
1869 RtlxUnicodeStringToOemSize(STRING) : \
1870 ((STRING)->Length + sizeof(UNICODE_NULL)) / sizeof(WCHAR) \
1871)
1872
1873#define RtlOemStringToUnicodeSize(STRING) ( \
1874 NLS_MB_OEM_CODE_PAGE_TAG ? \
1875 RtlxOemStringToUnicodeSize(STRING) : \
1876 ((STRING)->Length + sizeof(ANSI_NULL)) * sizeof(WCHAR) \
1877)
1878
1879#define RtlOemStringToCountedUnicodeSize(STRING) ( \
1880 (ULONG)(RtlOemStringToUnicodeSize(STRING) - sizeof(UNICODE_NULL)) \
1881)
1882
1883#define RtlOffsetToPointer(B,O) ((PCHAR)(((PCHAR)(B)) + ((ULONG_PTR)(O))))
1884#define RtlPointerToOffset(B,P) ((ULONG)(((PCHAR)(P)) - ((PCHAR)(B))))
1885
1886typedef enum _OBJECT_INFORMATION_CLASS {
1887 ObjectBasicInformation = 0,
1888 ObjectNameInformation = 1, /* FIXME, not in WDK */
1889 ObjectTypeInformation = 2,
1890 ObjectTypesInformation = 3, /* FIXME, not in WDK */
1891 ObjectHandleFlagInformation = 4, /* FIXME, not in WDK */
1892 ObjectSessionInformation = 5, /* FIXME, not in WDK */
1893 MaxObjectInfoClass /* FIXME, not in WDK */
1894} OBJECT_INFORMATION_CLASS;
1895
1896NTSYSCALLAPI
1897NTSTATUS
1898NTAPI
1899NtQueryObject(
1900 IN HANDLE Handle OPTIONAL,
1901 IN OBJECT_INFORMATION_CLASS ObjectInformationClass,
1902 OUT PVOID ObjectInformation OPTIONAL,
1903 IN ULONG ObjectInformationLength,
1904 OUT PULONG ReturnLength OPTIONAL);
1905
1906#if (NTDDI_VERSION >= NTDDI_WIN2K)
1907
1908NTSYSCALLAPI
1909NTSTATUS
1910NTAPI
1911NtOpenThreadToken(
1912 IN HANDLE ThreadHandle,
1913 IN ACCESS_MASK DesiredAccess,
1914 IN BOOLEAN OpenAsSelf,
1915 OUT PHANDLE TokenHandle);
1916
1917NTSYSCALLAPI
1918NTSTATUS
1919NTAPI
1920NtOpenProcessToken(
1921 IN HANDLE ProcessHandle,
1922 IN ACCESS_MASK DesiredAccess,
1923 OUT PHANDLE TokenHandle);
1924
1925NTSYSCALLAPI
1926NTSTATUS
1927NTAPI
1928NtQueryInformationToken(
1929 IN HANDLE TokenHandle,
1930 IN TOKEN_INFORMATION_CLASS TokenInformationClass,
1931 OUT PVOID TokenInformation OPTIONAL,
1932 IN ULONG TokenInformationLength,
1933 OUT PULONG ReturnLength);
1934
1935NTSYSCALLAPI
1936NTSTATUS
1937NTAPI
1938NtAdjustPrivilegesToken(
1939 IN HANDLE TokenHandle,
1940 IN BOOLEAN DisableAllPrivileges,
1941 IN PTOKEN_PRIVILEGES NewState OPTIONAL,
1942 IN ULONG BufferLength,
1943 OUT PTOKEN_PRIVILEGES PreviousState,
1944 OUT PULONG ReturnLength OPTIONAL);
1945
1946NTSYSCALLAPI
1947NTSTATUS
1948NTAPI
1949NtCreateFile(
1950 OUT PHANDLE FileHandle,
1951 IN ACCESS_MASK DesiredAccess,
1952 IN POBJECT_ATTRIBUTES ObjectAttributes,
1953 OUT PIO_STATUS_BLOCK IoStatusBlock,
1954 IN PLARGE_INTEGER AllocationSize OPTIONAL,
1955 IN ULONG FileAttributes,
1956 IN ULONG ShareAccess,
1957 IN ULONG CreateDisposition,
1958 IN ULONG CreateOptions,
1959 IN PVOID EaBuffer,
1960 IN ULONG EaLength);
1961
1962NTSYSCALLAPI
1963NTSTATUS
1964NTAPI
1965NtDeviceIoControlFile(
1966 IN HANDLE FileHandle,
1967 IN HANDLE Event OPTIONAL,
1968 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
1969 IN PVOID ApcContext OPTIONAL,
1970 OUT PIO_STATUS_BLOCK IoStatusBlock,
1971 IN ULONG IoControlCode,
1972 IN PVOID InputBuffer OPTIONAL,
1973 IN ULONG InputBufferLength,
1974 OUT PVOID OutputBuffer OPTIONAL,
1975 IN ULONG OutputBufferLength);
1976
1977NTSYSCALLAPI
1978NTSTATUS
1979NTAPI
1980NtFsControlFile(
1981 IN HANDLE FileHandle,
1982 IN HANDLE Event OPTIONAL,
1983 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
1984 IN PVOID ApcContext OPTIONAL,
1985 OUT PIO_STATUS_BLOCK IoStatusBlock,
1986 IN ULONG FsControlCode,
1987 IN PVOID InputBuffer OPTIONAL,
1988 IN ULONG InputBufferLength,
1989 OUT PVOID OutputBuffer OPTIONAL,
1990 IN ULONG OutputBufferLength);
1991
1992NTSYSCALLAPI
1993NTSTATUS
1994NTAPI
1995NtLockFile(
1996 IN HANDLE FileHandle,
1997 IN HANDLE Event OPTIONAL,
1998 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
1999 IN PVOID ApcContext OPTIONAL,
2000 OUT PIO_STATUS_BLOCK IoStatusBlock,
2001 IN PLARGE_INTEGER ByteOffset,
2002 IN PLARGE_INTEGER Length,
2003 IN ULONG Key,
2004 IN BOOLEAN FailImmediately,
2005 IN BOOLEAN ExclusiveLock);
2006
2007NTSYSCALLAPI
2008NTSTATUS
2009NTAPI
2010NtOpenFile(
2011 OUT PHANDLE FileHandle,
2012 IN ACCESS_MASK DesiredAccess,
2013 IN POBJECT_ATTRIBUTES ObjectAttributes,
2014 OUT PIO_STATUS_BLOCK IoStatusBlock,
2015 IN ULONG ShareAccess,
2016 IN ULONG OpenOptions);
2017
2018NTSYSCALLAPI
2019NTSTATUS
2020NTAPI
2021NtQueryDirectoryFile(
2022 IN HANDLE FileHandle,
2023 IN HANDLE Event OPTIONAL,
2024 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
2025 IN PVOID ApcContext OPTIONAL,
2026 OUT PIO_STATUS_BLOCK IoStatusBlock,
2027 OUT PVOID FileInformation,
2028 IN ULONG Length,
2029 IN FILE_INFORMATION_CLASS FileInformationClass,
2030 IN BOOLEAN ReturnSingleEntry,
2031 IN PUNICODE_STRING FileName OPTIONAL,
2032 IN BOOLEAN RestartScan);
2033
2034NTSYSCALLAPI
2035NTSTATUS
2036NTAPI
2037NtQueryInformationFile(
2038 IN HANDLE FileHandle,
2039 OUT PIO_STATUS_BLOCK IoStatusBlock,
2040 OUT PVOID FileInformation,
2041 IN ULONG Length,
2042 IN FILE_INFORMATION_CLASS FileInformationClass);
2043
2044NTSYSCALLAPI
2045NTSTATUS
2046NTAPI
2047NtQueryQuotaInformationFile(
2048 IN HANDLE FileHandle,
2049 OUT PIO_STATUS_BLOCK IoStatusBlock,
2050 OUT PVOID Buffer,
2051 IN ULONG Length,
2052 IN BOOLEAN ReturnSingleEntry,
2053 IN PVOID SidList,
2054 IN ULONG SidListLength,
2055 IN PSID StartSid OPTIONAL,
2056 IN BOOLEAN RestartScan);
2057
2058NTSYSCALLAPI
2059NTSTATUS
2060NTAPI
2061NtQueryVolumeInformationFile(
2062 IN HANDLE FileHandle,
2063 OUT PIO_STATUS_BLOCK IoStatusBlock,
2064 OUT PVOID FsInformation,
2065 IN ULONG Length,
2066 IN FS_INFORMATION_CLASS FsInformationClass);
2067
2068NTSYSCALLAPI
2069NTSTATUS
2070NTAPI
2071NtReadFile(
2072 IN HANDLE FileHandle,
2073 IN HANDLE Event OPTIONAL,
2074 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
2075 IN PVOID ApcContext OPTIONAL,
2076 OUT PIO_STATUS_BLOCK IoStatusBlock,
2077 OUT PVOID Buffer,
2078 IN ULONG Length,
2079 IN PLARGE_INTEGER ByteOffset OPTIONAL,
2080 IN PULONG Key OPTIONAL);
2081
2082NTSYSCALLAPI
2083NTSTATUS
2084NTAPI
2085NtSetInformationFile(
2086 IN HANDLE FileHandle,
2087 OUT PIO_STATUS_BLOCK IoStatusBlock,
2088 IN PVOID FileInformation,
2089 IN ULONG Length,
2090 IN FILE_INFORMATION_CLASS FileInformationClass);
2091
2092NTSYSCALLAPI
2093NTSTATUS
2094NTAPI
2095NtSetQuotaInformationFile(
2096 IN HANDLE FileHandle,
2097 OUT PIO_STATUS_BLOCK IoStatusBlock,
2098 IN PVOID Buffer,
2099 IN ULONG Length);
2100
2101NTSYSCALLAPI
2102NTSTATUS
2103NTAPI
2104NtSetVolumeInformationFile(
2105 IN HANDLE FileHandle,
2106 OUT PIO_STATUS_BLOCK IoStatusBlock,
2107 IN PVOID FsInformation,
2108 IN ULONG Length,
2109 IN FS_INFORMATION_CLASS FsInformationClass);
2110
2111NTSYSCALLAPI
2112NTSTATUS
2113NTAPI
2114NtWriteFile(
2115 IN HANDLE FileHandle,
2116 IN HANDLE Event OPTIONAL,
2117 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
2118 IN PVOID ApcContext OPTIONAL,
2119 OUT PIO_STATUS_BLOCK IoStatusBlock,
2120 IN PVOID Buffer,
2121 IN ULONG Length,
2122 IN PLARGE_INTEGER ByteOffset OPTIONAL,
2123 IN PULONG Key OPTIONAL);
2124
2125NTSYSCALLAPI
2126NTSTATUS
2127NTAPI
2128NtUnlockFile(
2129 IN HANDLE FileHandle,
2130 OUT PIO_STATUS_BLOCK IoStatusBlock,
2131 IN PLARGE_INTEGER ByteOffset,
2132 IN PLARGE_INTEGER Length,
2133 IN ULONG Key);
2134
2135NTSYSCALLAPI
2136NTSTATUS
2137NTAPI
2138NtSetSecurityObject(
2139 IN HANDLE Handle,
2140 IN SECURITY_INFORMATION SecurityInformation,
2141 IN PSECURITY_DESCRIPTOR SecurityDescriptor);
2142
2143NTSYSCALLAPI
2144NTSTATUS
2145NTAPI
2146NtQuerySecurityObject(
2147 IN HANDLE Handle,
2148 IN SECURITY_INFORMATION SecurityInformation,
2149 OUT PSECURITY_DESCRIPTOR SecurityDescriptor,
2150 IN ULONG Length,
2151 OUT PULONG LengthNeeded);
2152
2153NTSYSCALLAPI
2154NTSTATUS
2155NTAPI
2156NtClose(
2157 IN HANDLE Handle);
2158
2159NTSYSCALLAPI
2160NTSTATUS
2161NTAPI
2162NtAllocateVirtualMemory(
2163 IN HANDLE ProcessHandle,
2164 IN OUT PVOID *BaseAddress,
2165 IN ULONG_PTR ZeroBits,
2166 IN OUT PSIZE_T RegionSize,
2167 IN ULONG AllocationType,
2168 IN ULONG Protect);
2169
2170NTSYSCALLAPI
2171NTSTATUS
2172NTAPI
2173NtFreeVirtualMemory(
2174 IN HANDLE ProcessHandle,
2175 IN OUT PVOID *BaseAddress,
2176 IN OUT PSIZE_T RegionSize,
2177 IN ULONG FreeType);
2178
2179#endif /* (NTDDI_VERSION >= NTDDI_WIN2K) */
2180
2181#if (NTDDI_VERSION >= NTDDI_WINXP)
2182
2183NTSYSCALLAPI
2184NTSTATUS
2185NTAPI
2186NtOpenThreadTokenEx(
2187 IN HANDLE ThreadHandle,
2188 IN ACCESS_MASK DesiredAccess,
2189 IN BOOLEAN OpenAsSelf,
2190 IN ULONG HandleAttributes,
2191 OUT PHANDLE TokenHandle);
2192
2193NTSYSCALLAPI
2194NTSTATUS
2195NTAPI
2196NtOpenProcessTokenEx(
2197 IN HANDLE ProcessHandle,
2198 IN ACCESS_MASK DesiredAccess,
2199 IN ULONG HandleAttributes,
2200 OUT PHANDLE TokenHandle);
2201
2202NTSYSAPI
2203NTSTATUS
2204NTAPI
2205NtOpenJobObjectToken(
2206 IN HANDLE JobHandle,
2207 IN ACCESS_MASK DesiredAccess,
2208 OUT PHANDLE TokenHandle);
2209
2210NTSYSCALLAPI
2211NTSTATUS
2212NTAPI
2213NtDuplicateToken(
2214 IN HANDLE ExistingTokenHandle,
2215 IN ACCESS_MASK DesiredAccess,
2216 IN POBJECT_ATTRIBUTES ObjectAttributes,
2217 IN BOOLEAN EffectiveOnly,
2218 IN TOKEN_TYPE TokenType,
2219 OUT PHANDLE NewTokenHandle);
2220
2221NTSYSCALLAPI
2222NTSTATUS
2223NTAPI
2224NtFilterToken(
2225 IN HANDLE ExistingTokenHandle,
2226 IN ULONG Flags,
2227 IN PTOKEN_GROUPS SidsToDisable OPTIONAL,
2228 IN PTOKEN_PRIVILEGES PrivilegesToDelete OPTIONAL,
2229 IN PTOKEN_GROUPS RestrictedSids OPTIONAL,
2230 OUT PHANDLE NewTokenHandle);
2231
2232NTSYSCALLAPI
2233NTSTATUS
2234NTAPI
2235NtImpersonateAnonymousToken(
2236 IN HANDLE ThreadHandle);
2237
2238NTSYSCALLAPI
2239NTSTATUS
2240NTAPI
2241NtSetInformationToken(
2242 IN HANDLE TokenHandle,
2243 IN TOKEN_INFORMATION_CLASS TokenInformationClass,
2244 IN PVOID TokenInformation,
2245 IN ULONG TokenInformationLength);
2246
2247NTSYSCALLAPI
2248NTSTATUS
2249NTAPI
2250NtAdjustGroupsToken(
2251 IN HANDLE TokenHandle,
2252 IN BOOLEAN ResetToDefault,
2253 IN PTOKEN_GROUPS NewState OPTIONAL,
2254 IN ULONG BufferLength OPTIONAL,
2255 OUT PTOKEN_GROUPS PreviousState,
2256 OUT PULONG ReturnLength);
2257
2258NTSYSCALLAPI
2259NTSTATUS
2260NTAPI
2261NtPrivilegeCheck(
2262 IN HANDLE ClientToken,
2263 IN OUT PPRIVILEGE_SET RequiredPrivileges,
2264 OUT PBOOLEAN Result);
2265
2266NTSYSCALLAPI
2267NTSTATUS
2268NTAPI
2269NtAccessCheckAndAuditAlarm(
2270 IN PUNICODE_STRING SubsystemName,
2271 IN PVOID HandleId OPTIONAL,
2272 IN PUNICODE_STRING ObjectTypeName,
2273 IN PUNICODE_STRING ObjectName,
2274 IN PSECURITY_DESCRIPTOR SecurityDescriptor,
2275 IN ACCESS_MASK DesiredAccess,
2276 IN PGENERIC_MAPPING GenericMapping,
2277 IN BOOLEAN ObjectCreation,
2278 OUT PACCESS_MASK GrantedAccess,
2279 OUT PNTSTATUS AccessStatus,
2280 OUT PBOOLEAN GenerateOnClose);
2281
2282NTSYSCALLAPI
2283NTSTATUS
2284NTAPI
2285NtAccessCheckByTypeAndAuditAlarm(
2286 IN PUNICODE_STRING SubsystemName,
2287 IN PVOID HandleId,
2288 IN PUNICODE_STRING ObjectTypeName,
2289 IN PUNICODE_STRING ObjectName,
2290 IN PSECURITY_DESCRIPTOR SecurityDescriptor,
2291 IN PSID PrincipalSelfSid OPTIONAL,
2292 IN ACCESS_MASK DesiredAccess,
2293 IN AUDIT_EVENT_TYPE AuditType,
2294 IN ULONG Flags,
2295 IN POBJECT_TYPE_LIST ObjectTypeList OPTIONAL,
2296 IN ULONG ObjectTypeLength,
2297 IN PGENERIC_MAPPING GenericMapping,
2298 IN BOOLEAN ObjectCreation,
2299 OUT PACCESS_MASK GrantedAccess,
2300 OUT PNTSTATUS AccessStatus,
2301 OUT PBOOLEAN GenerateOnClose);
2302
2303NTSYSCALLAPI
2304NTSTATUS
2305NTAPI
2306NtAccessCheckByTypeResultListAndAuditAlarm(
2307 IN PUNICODE_STRING SubsystemName,
2308 IN PVOID HandleId OPTIONAL,
2309 IN PUNICODE_STRING ObjectTypeName,
2310 IN PUNICODE_STRING ObjectName,
2311 IN PSECURITY_DESCRIPTOR SecurityDescriptor,
2312 IN PSID PrincipalSelfSid OPTIONAL,
2313 IN ACCESS_MASK DesiredAccess,
2314 IN AUDIT_EVENT_TYPE AuditType,
2315 IN ULONG Flags,
2316 IN POBJECT_TYPE_LIST ObjectTypeList OPTIONAL,
2317 IN ULONG ObjectTypeLength,
2318 IN PGENERIC_MAPPING GenericMapping,
2319 IN BOOLEAN ObjectCreation,
2320 OUT PACCESS_MASK GrantedAccess,
2321 OUT PNTSTATUS AccessStatus,
2322 OUT PBOOLEAN GenerateOnClose);
2323
2324NTSTATUS
2325NTAPI
2326NtAccessCheckByTypeResultListAndAuditAlarmByHandle(
2327 IN PUNICODE_STRING SubsystemName,
2328 IN PVOID HandleId OPTIONAL,
2329 IN HANDLE ClientToken,
2330 IN PUNICODE_STRING ObjectTypeName,
2331 IN PUNICODE_STRING ObjectName,
2332 IN PSECURITY_DESCRIPTOR SecurityDescriptor,
2333 IN PSID PrincipalSelfSid OPTIONAL,
2334 IN ACCESS_MASK DesiredAccess,
2335 IN AUDIT_EVENT_TYPE AuditType,
2336 IN ULONG Flags,
2337 IN POBJECT_TYPE_LIST ObjectTypeList OPTIONAL,
2338 IN ULONG ObjectTypeLength,
2339 IN PGENERIC_MAPPING GenericMapping,
2340 IN BOOLEAN ObjectCreation,
2341 OUT PACCESS_MASK GrantedAccess,
2342 OUT PNTSTATUS AccessStatus,
2343 OUT PBOOLEAN GenerateOnClose);
2344
2345NTSYSCALLAPI
2346NTSTATUS
2347NTAPI
2348NtOpenObjectAuditAlarm(
2349 IN PUNICODE_STRING SubsystemName,
2350 IN PVOID HandleId OPTIONAL,
2351 IN PUNICODE_STRING ObjectTypeName,
2352 IN PUNICODE_STRING ObjectName,
2353 IN PSECURITY_DESCRIPTOR SecurityDescriptor OPTIONAL,
2354 IN HANDLE ClientToken,
2355 IN ACCESS_MASK DesiredAccess,
2356 IN ACCESS_MASK GrantedAccess,
2357 IN PPRIVILEGE_SET Privileges OPTIONAL,
2358 IN BOOLEAN ObjectCreation,
2359 IN BOOLEAN AccessGranted,
2360 OUT PBOOLEAN GenerateOnClose);
2361
2362NTSYSCALLAPI
2363NTSTATUS
2364NTAPI
2365NtPrivilegeObjectAuditAlarm(
2366 IN PUNICODE_STRING SubsystemName,
2367 IN PVOID HandleId OPTIONAL,
2368 IN HANDLE ClientToken,
2369 IN ACCESS_MASK DesiredAccess,
2370 IN PPRIVILEGE_SET Privileges,
2371 IN BOOLEAN AccessGranted);
2372
2373NTSYSCALLAPI
2374NTSTATUS
2375NTAPI
2376NtCloseObjectAuditAlarm(
2377 IN PUNICODE_STRING SubsystemName,
2378 IN PVOID HandleId OPTIONAL,
2379 IN BOOLEAN GenerateOnClose);
2380
2381NTSYSCALLAPI
2382NTSTATUS
2383NTAPI
2384NtDeleteObjectAuditAlarm(
2385 IN PUNICODE_STRING SubsystemName,
2386 IN PVOID HandleId OPTIONAL,
2387 IN BOOLEAN GenerateOnClose);
2388
2389NTSYSCALLAPI
2390NTSTATUS
2391NTAPI
2392NtPrivilegedServiceAuditAlarm(
2393 IN PUNICODE_STRING SubsystemName,
2394 IN PUNICODE_STRING ServiceName,
2395 IN HANDLE ClientToken,
2396 IN PPRIVILEGE_SET Privileges,
2397 IN BOOLEAN AccessGranted);
2398
2399NTSYSCALLAPI
2400NTSTATUS
2401NTAPI
2402NtSetInformationThread(
2403 IN HANDLE ThreadHandle,
2404 IN THREADINFOCLASS ThreadInformationClass,
2405 IN PVOID ThreadInformation,
2406 IN ULONG ThreadInformationLength);
2407
2408NTSYSCALLAPI
2409NTSTATUS
2410NTAPI
2411NtCreateSection(
2412 OUT PHANDLE SectionHandle,
2413 IN ACCESS_MASK DesiredAccess,
2414 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
2415 IN PLARGE_INTEGER MaximumSize OPTIONAL,
2416 IN ULONG SectionPageProtection,
2417 IN ULONG AllocationAttributes,
2418 IN HANDLE FileHandle OPTIONAL);
2419
2420#endif /* (NTDDI_VERSION >= NTDDI_WINXP) */
2421
2422#define COMPRESSION_FORMAT_NONE (0x0000)
2423#define COMPRESSION_FORMAT_DEFAULT (0x0001)
2424#define COMPRESSION_FORMAT_LZNT1 (0x0002)
2425#define COMPRESSION_ENGINE_STANDARD (0x0000)
2426#define COMPRESSION_ENGINE_MAXIMUM (0x0100)
2427#define COMPRESSION_ENGINE_HIBER (0x0200)
2428
2429#define MAX_UNICODE_STACK_BUFFER_LENGTH 256
2430
2431#define METHOD_FROM_CTL_CODE(ctrlCode) ((ULONG)(ctrlCode & 3))
2432
2433#define METHOD_DIRECT_TO_HARDWARE METHOD_IN_DIRECT
2434#define METHOD_DIRECT_FROM_HARDWARE METHOD_OUT_DIRECT
2435
2436typedef ULONG LSA_OPERATIONAL_MODE, *PLSA_OPERATIONAL_MODE;
2437
2438typedef enum _SECURITY_LOGON_TYPE {
2439 UndefinedLogonType = 0,
2440 Interactive = 2,
2441 Network,
2442 Batch,
2443 Service,
2444 Proxy,
2445 Unlock,
2446 NetworkCleartext,
2447 NewCredentials,
2448#if (_WIN32_WINNT >= 0x0501)
2449 RemoteInteractive,
2450 CachedInteractive,
2451#endif
2452#if (_WIN32_WINNT >= 0x0502)
2453 CachedRemoteInteractive,
2454 CachedUnlock
2455#endif
2456} SECURITY_LOGON_TYPE, *PSECURITY_LOGON_TYPE;
2457
2458#ifndef _NTLSA_AUDIT_
2459#define _NTLSA_AUDIT_
2460
2461#ifndef GUID_DEFINED
2462#include <guiddef.h>
2463#endif
2464
2465#endif /* _NTLSA_AUDIT_ */
2466
2467NTSTATUS
2468NTAPI
2469LsaRegisterLogonProcess(
2470 IN PLSA_STRING LogonProcessName,
2471 OUT PHANDLE LsaHandle,
2472 OUT PLSA_OPERATIONAL_MODE SecurityMode);
2473
2474NTSTATUS
2475NTAPI
2476LsaLogonUser(
2477 IN HANDLE LsaHandle,
2478 IN PLSA_STRING OriginName,
2479 IN SECURITY_LOGON_TYPE LogonType,
2480 IN ULONG AuthenticationPackage,
2481 IN PVOID AuthenticationInformation,
2482 IN ULONG AuthenticationInformationLength,
2483 IN PTOKEN_GROUPS LocalGroups OPTIONAL,
2484 IN PTOKEN_SOURCE SourceContext,
2485 OUT PVOID *ProfileBuffer,
2486 OUT PULONG ProfileBufferLength,
2487 OUT PLUID LogonId,
2488 OUT PHANDLE Token,
2489 OUT PQUOTA_LIMITS Quotas,
2490 OUT PNTSTATUS SubStatus);
2491
2492NTSTATUS
2493NTAPI
2494LsaFreeReturnBuffer(
2495 IN PVOID Buffer);
2496
2497#ifndef _NTLSA_IFS_
2498#define _NTLSA_IFS_
2499#endif
2500
2501#define MSV1_0_PACKAGE_NAME "MICROSOFT_AUTHENTICATION_PACKAGE_V1_0"
2502#define MSV1_0_PACKAGE_NAMEW L"MICROSOFT_AUTHENTICATION_PACKAGE_V1_0"
2503#define MSV1_0_PACKAGE_NAMEW_LENGTH sizeof(MSV1_0_PACKAGE_NAMEW) - sizeof(WCHAR)
2504
2505#define MSV1_0_SUBAUTHENTICATION_KEY "SYSTEM\\CurrentControlSet\\Control\\Lsa\\MSV1_0"
2506#define MSV1_0_SUBAUTHENTICATION_VALUE "Auth"
2507
2508#define MSV1_0_CHALLENGE_LENGTH 8
2509#define MSV1_0_USER_SESSION_KEY_LENGTH 16
2510#define MSV1_0_LANMAN_SESSION_KEY_LENGTH 8
2511
2512#define MSV1_0_CLEARTEXT_PASSWORD_ALLOWED 0x02
2513#define MSV1_0_UPDATE_LOGON_STATISTICS 0x04
2514#define MSV1_0_RETURN_USER_PARAMETERS 0x08
2515#define MSV1_0_DONT_TRY_GUEST_ACCOUNT 0x10
2516#define MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT 0x20
2517#define MSV1_0_RETURN_PASSWORD_EXPIRY 0x40
2518#define MSV1_0_USE_CLIENT_CHALLENGE 0x80
2519#define MSV1_0_TRY_GUEST_ACCOUNT_ONLY 0x100
2520#define MSV1_0_RETURN_PROFILE_PATH 0x200
2521#define MSV1_0_TRY_SPECIFIED_DOMAIN_ONLY 0x400
2522#define MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT 0x800
2523
2524#define MSV1_0_DISABLE_PERSONAL_FALLBACK 0x00001000
2525#define MSV1_0_ALLOW_FORCE_GUEST 0x00002000
2526
2527#if (_WIN32_WINNT >= 0x0502)
2528#define MSV1_0_CLEARTEXT_PASSWORD_SUPPLIED 0x00004000
2529#define MSV1_0_USE_DOMAIN_FOR_ROUTING_ONLY 0x00008000
2530#endif
2531
2532#define MSV1_0_SUBAUTHENTICATION_DLL_EX 0x00100000
2533#define MSV1_0_ALLOW_MSVCHAPV2 0x00010000
2534
2535#if (_WIN32_WINNT >= 0x0600)
2536#define MSV1_0_S4U2SELF 0x00020000
2537#define MSV1_0_CHECK_LOGONHOURS_FOR_S4U 0x00040000
2538#endif
2539
2540#define MSV1_0_SUBAUTHENTICATION_DLL 0xFF000000
2541#define MSV1_0_SUBAUTHENTICATION_DLL_SHIFT 24
2542#define MSV1_0_MNS_LOGON 0x01000000
2543
2544#define MSV1_0_SUBAUTHENTICATION_DLL_RAS 2
2545#define MSV1_0_SUBAUTHENTICATION_DLL_IIS 132
2546
2547#define LOGON_GUEST 0x01
2548#define LOGON_NOENCRYPTION 0x02
2549#define LOGON_CACHED_ACCOUNT 0x04
2550#define LOGON_USED_LM_PASSWORD 0x08
2551#define LOGON_EXTRA_SIDS 0x20
2552#define LOGON_SUBAUTH_SESSION_KEY 0x40
2553#define LOGON_SERVER_TRUST_ACCOUNT 0x80
2554#define LOGON_NTLMV2_ENABLED 0x100
2555#define LOGON_RESOURCE_GROUPS 0x200
2556#define LOGON_PROFILE_PATH_RETURNED 0x400
2557#define LOGON_NT_V2 0x800
2558#define LOGON_LM_V2 0x1000
2559#define LOGON_NTLM_V2 0x2000
2560
2561#if (_WIN32_WINNT >= 0x0600)
2562
2563#define LOGON_OPTIMIZED 0x4000
2564#define LOGON_WINLOGON 0x8000
2565#define LOGON_PKINIT 0x10000
2566#define LOGON_NO_OPTIMIZED 0x20000
2567
2568#endif
2569
2570#define MSV1_0_SUBAUTHENTICATION_FLAGS 0xFF000000
2571
2572#define LOGON_GRACE_LOGON 0x01000000
2573
2574#define MSV1_0_OWF_PASSWORD_LENGTH 16
2575#define MSV1_0_CRED_LM_PRESENT 0x1
2576#define MSV1_0_CRED_NT_PRESENT 0x2
2577#define MSV1_0_CRED_VERSION 0
2578
2579#define MSV1_0_NTLM3_RESPONSE_LENGTH 16
2580#define MSV1_0_NTLM3_OWF_LENGTH 16
2581
2582#if (_WIN32_WINNT == 0x0500)
2583#define MSV1_0_MAX_NTLM3_LIFE 1800
2584#else
2585#define MSV1_0_MAX_NTLM3_LIFE 129600
2586#endif
2587#define MSV1_0_MAX_AVL_SIZE 64000
2588
2589#if (_WIN32_WINNT >= 0x0501)
2590
2591#define MSV1_0_AV_FLAG_FORCE_GUEST 0x00000001
2592
2593#if (_WIN32_WINNT >= 0x0600)
2594#define MSV1_0_AV_FLAG_MIC_HANDSHAKE_MESSAGES 0x00000002
2595#endif
2596
2597#endif
2598
2599#define MSV1_0_NTLM3_INPUT_LENGTH (sizeof(MSV1_0_NTLM3_RESPONSE) - MSV1_0_NTLM3_RESPONSE_LENGTH)
2600
2601#if(_WIN32_WINNT >= 0x0502)
2602#define MSV1_0_NTLM3_MIN_NT_RESPONSE_LENGTH RTL_SIZEOF_THROUGH_FIELD(MSV1_0_NTLM3_RESPONSE, AvPairsOff)
2603#endif
2604
2605#define USE_PRIMARY_PASSWORD 0x01
2606#define RETURN_PRIMARY_USERNAME 0x02
2607#define RETURN_PRIMARY_LOGON_DOMAINNAME 0x04
2608#define RETURN_NON_NT_USER_SESSION_KEY 0x08
2609#define GENERATE_CLIENT_CHALLENGE 0x10
2610#define GCR_NTLM3_PARMS 0x20
2611#define GCR_TARGET_INFO 0x40
2612#define RETURN_RESERVED_PARAMETER 0x80
2613#define GCR_ALLOW_NTLM 0x100
2614#define GCR_USE_OEM_SET 0x200
2615#define GCR_MACHINE_CREDENTIAL 0x400
2616#define GCR_USE_OWF_PASSWORD 0x800
2617#define GCR_ALLOW_LM 0x1000
2618#define GCR_ALLOW_NO_TARGET 0x2000
2619
2620typedef enum _MSV1_0_LOGON_SUBMIT_TYPE {
2621 MsV1_0InteractiveLogon = 2,
2622 MsV1_0Lm20Logon,
2623 MsV1_0NetworkLogon,
2624 MsV1_0SubAuthLogon,
2625 MsV1_0WorkstationUnlockLogon = 7,
2626 MsV1_0S4ULogon = 12,
2627 MsV1_0VirtualLogon = 82
2628} MSV1_0_LOGON_SUBMIT_TYPE, *PMSV1_0_LOGON_SUBMIT_TYPE;
2629
2630typedef enum _MSV1_0_PROFILE_BUFFER_TYPE {
2631 MsV1_0InteractiveProfile = 2,
2632 MsV1_0Lm20LogonProfile,
2633 MsV1_0SmartCardProfile
2634} MSV1_0_PROFILE_BUFFER_TYPE, *PMSV1_0_PROFILE_BUFFER_TYPE;
2635
2636typedef struct _MSV1_0_INTERACTIVE_LOGON {
2637 MSV1_0_LOGON_SUBMIT_TYPE MessageType;
2638 UNICODE_STRING LogonDomainName;
2639 UNICODE_STRING UserName;
2640 UNICODE_STRING Password;
2641} MSV1_0_INTERACTIVE_LOGON, *PMSV1_0_INTERACTIVE_LOGON;
2642
2643typedef struct _MSV1_0_INTERACTIVE_PROFILE {
2644 MSV1_0_PROFILE_BUFFER_TYPE MessageType;
2645 USHORT LogonCount;
2646 USHORT BadPasswordCount;
2647 LARGE_INTEGER LogonTime;
2648 LARGE_INTEGER LogoffTime;
2649 LARGE_INTEGER KickOffTime;
2650 LARGE_INTEGER PasswordLastSet;
2651 LARGE_INTEGER PasswordCanChange;
2652 LARGE_INTEGER PasswordMustChange;
2653 UNICODE_STRING LogonScript;
2654 UNICODE_STRING HomeDirectory;
2655 UNICODE_STRING FullName;
2656 UNICODE_STRING ProfilePath;
2657 UNICODE_STRING HomeDirectoryDrive;
2658 UNICODE_STRING LogonServer;
2659 ULONG UserFlags;
2660} MSV1_0_INTERACTIVE_PROFILE, *PMSV1_0_INTERACTIVE_PROFILE;
2661
2662typedef struct _MSV1_0_LM20_LOGON {
2663 MSV1_0_LOGON_SUBMIT_TYPE MessageType;
2664 UNICODE_STRING LogonDomainName;
2665 UNICODE_STRING UserName;
2666 UNICODE_STRING Workstation;
2667 UCHAR ChallengeToClient[MSV1_0_CHALLENGE_LENGTH];
2668 STRING CaseSensitiveChallengeResponse;
2669 STRING CaseInsensitiveChallengeResponse;
2670 ULONG ParameterControl;
2671} MSV1_0_LM20_LOGON, * PMSV1_0_LM20_LOGON;
2672
2673typedef struct _MSV1_0_SUBAUTH_LOGON {
2674 MSV1_0_LOGON_SUBMIT_TYPE MessageType;
2675 UNICODE_STRING LogonDomainName;
2676 UNICODE_STRING UserName;
2677 UNICODE_STRING Workstation;
2678 UCHAR ChallengeToClient[MSV1_0_CHALLENGE_LENGTH];
2679 STRING AuthenticationInfo1;
2680 STRING AuthenticationInfo2;
2681 ULONG ParameterControl;
2682 ULONG SubAuthPackageId;
2683} MSV1_0_SUBAUTH_LOGON, * PMSV1_0_SUBAUTH_LOGON;
2684
2685#if (_WIN32_WINNT >= 0x0600)
2686
2687#define MSV1_0_S4U_LOGON_FLAG_CHECK_LOGONHOURS 0x2
2688
2689typedef struct _MSV1_0_S4U_LOGON {
2690 MSV1_0_LOGON_SUBMIT_TYPE MessageType;
2691 ULONG Flags;
2692 UNICODE_STRING UserPrincipalName;
2693 UNICODE_STRING DomainName;
2694} MSV1_0_S4U_LOGON, *PMSV1_0_S4U_LOGON;
2695
2696#endif
2697
2698typedef struct _MSV1_0_LM20_LOGON_PROFILE {
2699 MSV1_0_PROFILE_BUFFER_TYPE MessageType;
2700 LARGE_INTEGER KickOffTime;
2701 LARGE_INTEGER LogoffTime;
2702 ULONG UserFlags;
2703 UCHAR UserSessionKey[MSV1_0_USER_SESSION_KEY_LENGTH];
2704 UNICODE_STRING LogonDomainName;
2705 UCHAR LanmanSessionKey[MSV1_0_LANMAN_SESSION_KEY_LENGTH];
2706 UNICODE_STRING LogonServer;
2707 UNICODE_STRING UserParameters;
2708} MSV1_0_LM20_LOGON_PROFILE, * PMSV1_0_LM20_LOGON_PROFILE;
2709
2710typedef struct _MSV1_0_SUPPLEMENTAL_CREDENTIAL {
2711 ULONG Version;
2712 ULONG Flags;
2713 UCHAR LmPassword[MSV1_0_OWF_PASSWORD_LENGTH];
2714 UCHAR NtPassword[MSV1_0_OWF_PASSWORD_LENGTH];
2715} MSV1_0_SUPPLEMENTAL_CREDENTIAL, *PMSV1_0_SUPPLEMENTAL_CREDENTIAL;
2716
2717typedef struct _MSV1_0_NTLM3_RESPONSE {
2718 UCHAR Response[MSV1_0_NTLM3_RESPONSE_LENGTH];
2719 UCHAR RespType;
2720 UCHAR HiRespType;
2721 USHORT Flags;
2722 ULONG MsgWord;
2723 ULONGLONG TimeStamp;
2724 UCHAR ChallengeFromClient[MSV1_0_CHALLENGE_LENGTH];
2725 ULONG AvPairsOff;
2726 UCHAR Buffer[1];
2727} MSV1_0_NTLM3_RESPONSE, *PMSV1_0_NTLM3_RESPONSE;
2728
2729/* MsvAvSingleHost present in MS-NLMP specifications but not in WinSDK */
2730typedef enum _MSV1_0_AVID {
2731 MsvAvEOL,
2732 MsvAvNbComputerName,
2733 MsvAvNbDomainName,
2734 MsvAvDnsComputerName,
2735 MsvAvDnsDomainName,
2736#if (_WIN32_WINNT >= 0x0501)
2737 MsvAvDnsTreeName,
2738 MsvAvFlags,
2739#if (_WIN32_WINNT >= 0x0600)
2740 MsvAvTimestamp,
2741 MsvAvRestrictions,
2742 MsvAvSingleHost = MsvAvRestrictions,
2743 MsvAvTargetName,
2744 MsvAvChannelBindings,
2745#endif
2746#endif
2747} MSV1_0_AVID;
2748
2749typedef struct _MSV1_0_AV_PAIR {
2750 USHORT AvId;
2751 USHORT AvLen;
2752} MSV1_0_AV_PAIR, *PMSV1_0_AV_PAIR;
2753
2754typedef enum _MSV1_0_PROTOCOL_MESSAGE_TYPE {
2755 MsV1_0Lm20ChallengeRequest = 0,
2756 MsV1_0Lm20GetChallengeResponse,
2757 MsV1_0EnumerateUsers,
2758 MsV1_0GetUserInfo,
2759 MsV1_0ReLogonUsers,
2760 MsV1_0ChangePassword,
2761 MsV1_0ChangeCachedPassword,
2762 MsV1_0GenericPassthrough,
2763 MsV1_0CacheLogon,
2764 MsV1_0SubAuth,
2765 MsV1_0DeriveCredential,
2766 MsV1_0CacheLookup,
2767#if (_WIN32_WINNT >= 0x0501)
2768 MsV1_0SetProcessOption,
2769#endif
2770#if (_WIN32_WINNT >= 0x0600)
2771 MsV1_0ConfigLocalAliases,
2772 MsV1_0ClearCachedCredentials,
2773#endif
2774} MSV1_0_PROTOCOL_MESSAGE_TYPE, *PMSV1_0_PROTOCOL_MESSAGE_TYPE;
2775
2776typedef struct _MSV1_0_LM20_CHALLENGE_REQUEST {
2777 MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType;
2778} MSV1_0_LM20_CHALLENGE_REQUEST, *PMSV1_0_LM20_CHALLENGE_REQUEST;
2779
2780typedef struct _MSV1_0_LM20_CHALLENGE_RESPONSE {
2781 MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType;
2782 UCHAR ChallengeToClient[MSV1_0_CHALLENGE_LENGTH];
2783} MSV1_0_LM20_CHALLENGE_RESPONSE, *PMSV1_0_LM20_CHALLENGE_RESPONSE;
2784
2785typedef struct _MSV1_0_GETCHALLENRESP_REQUEST_V1 {
2786 MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType;
2787 ULONG ParameterControl;
2788 LUID LogonId;
2789 UNICODE_STRING Password;
2790 UCHAR ChallengeToClient[MSV1_0_CHALLENGE_LENGTH];
2791} MSV1_0_GETCHALLENRESP_REQUEST_V1, *PMSV1_0_GETCHALLENRESP_REQUEST_V1;
2792
2793typedef struct _MSV1_0_GETCHALLENRESP_REQUEST {
2794 MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType;
2795 ULONG ParameterControl;
2796 LUID LogonId;
2797 UNICODE_STRING Password;
2798 UCHAR ChallengeToClient[MSV1_0_CHALLENGE_LENGTH];
2799 UNICODE_STRING UserName;
2800 UNICODE_STRING LogonDomainName;
2801 UNICODE_STRING ServerName;
2802} MSV1_0_GETCHALLENRESP_REQUEST, *PMSV1_0_GETCHALLENRESP_REQUEST;
2803
2804typedef struct _MSV1_0_GETCHALLENRESP_RESPONSE {
2805 MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType;
2806 STRING CaseSensitiveChallengeResponse;
2807 STRING CaseInsensitiveChallengeResponse;
2808 UNICODE_STRING UserName;
2809 UNICODE_STRING LogonDomainName;
2810 UCHAR UserSessionKey[MSV1_0_USER_SESSION_KEY_LENGTH];
2811 UCHAR LanmanSessionKey[MSV1_0_LANMAN_SESSION_KEY_LENGTH];
2812} MSV1_0_GETCHALLENRESP_RESPONSE, *PMSV1_0_GETCHALLENRESP_RESPONSE;
2813
2814typedef struct _MSV1_0_ENUMUSERS_REQUEST {
2815 MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType;
2816} MSV1_0_ENUMUSERS_REQUEST, *PMSV1_0_ENUMUSERS_REQUEST;
2817
2818typedef struct _MSV1_0_ENUMUSERS_RESPONSE {
2819 MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType;
2820 ULONG NumberOfLoggedOnUsers;
2821 PLUID LogonIds;
2822 PULONG EnumHandles;
2823} MSV1_0_ENUMUSERS_RESPONSE, *PMSV1_0_ENUMUSERS_RESPONSE;
2824
2825typedef struct _MSV1_0_GETUSERINFO_REQUEST {
2826 MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType;
2827 LUID LogonId;
2828} MSV1_0_GETUSERINFO_REQUEST, *PMSV1_0_GETUSERINFO_REQUEST;
2829
2830typedef struct _MSV1_0_GETUSERINFO_RESPONSE {
2831 MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType;
2832 PSID UserSid;
2833 UNICODE_STRING UserName;
2834 UNICODE_STRING LogonDomainName;
2835 UNICODE_STRING LogonServer;
2836 SECURITY_LOGON_TYPE LogonType;
2837} MSV1_0_GETUSERINFO_RESPONSE, *PMSV1_0_GETUSERINFO_RESPONSE;
2838
2839
2840
2841#define FILE_OPLOCK_BROKEN_TO_LEVEL_2 0x00000007
2842#define FILE_OPLOCK_BROKEN_TO_NONE 0x00000008
2843#define FILE_OPBATCH_BREAK_UNDERWAY 0x00000009
2844
2845/* also in winnt.h */
2846#define FILE_NOTIFY_CHANGE_FILE_NAME 0x00000001
2847#define FILE_NOTIFY_CHANGE_DIR_NAME 0x00000002
2848#define FILE_NOTIFY_CHANGE_NAME 0x00000003
2849#define FILE_NOTIFY_CHANGE_ATTRIBUTES 0x00000004
2850#define FILE_NOTIFY_CHANGE_SIZE 0x00000008
2851#define FILE_NOTIFY_CHANGE_LAST_WRITE 0x00000010
2852#define FILE_NOTIFY_CHANGE_LAST_ACCESS 0x00000020
2853#define FILE_NOTIFY_CHANGE_CREATION 0x00000040
2854#define FILE_NOTIFY_CHANGE_EA 0x00000080
2855#define FILE_NOTIFY_CHANGE_SECURITY 0x00000100
2856#define FILE_NOTIFY_CHANGE_STREAM_NAME 0x00000200
2857#define FILE_NOTIFY_CHANGE_STREAM_SIZE 0x00000400
2858#define FILE_NOTIFY_CHANGE_STREAM_WRITE 0x00000800
2859#define FILE_NOTIFY_VALID_MASK 0x00000fff
2860
2861#define FILE_ACTION_ADDED 0x00000001
2862#define FILE_ACTION_REMOVED 0x00000002
2863#define FILE_ACTION_MODIFIED 0x00000003
2864#define FILE_ACTION_RENAMED_OLD_NAME 0x00000004
2865#define FILE_ACTION_RENAMED_NEW_NAME 0x00000005
2866#define FILE_ACTION_ADDED_STREAM 0x00000006
2867#define FILE_ACTION_REMOVED_STREAM 0x00000007
2868#define FILE_ACTION_MODIFIED_STREAM 0x00000008
2869#define FILE_ACTION_REMOVED_BY_DELETE 0x00000009
2870#define FILE_ACTION_ID_NOT_TUNNELLED 0x0000000A
2871#define FILE_ACTION_TUNNELLED_ID_COLLISION 0x0000000B
2872/* end winnt.h */
2873
2874#define FILE_PIPE_BYTE_STREAM_TYPE 0x00000000
2875#define FILE_PIPE_MESSAGE_TYPE 0x00000001
2876
2877#define FILE_PIPE_ACCEPT_REMOTE_CLIENTS 0x00000000
2878#define FILE_PIPE_REJECT_REMOTE_CLIENTS 0x00000002
2879
2880#define FILE_PIPE_TYPE_VALID_MASK 0x00000003
2881
2882#define FILE_PIPE_BYTE_STREAM_MODE 0x00000000
2883#define FILE_PIPE_MESSAGE_MODE 0x00000001
2884
2885#define FILE_PIPE_QUEUE_OPERATION 0x00000000
2886#define FILE_PIPE_COMPLETE_OPERATION 0x00000001
2887
2888#define FILE_PIPE_INBOUND 0x00000000
2889#define FILE_PIPE_OUTBOUND 0x00000001
2890#define FILE_PIPE_FULL_DUPLEX 0x00000002
2891
2892#define FILE_PIPE_DISCONNECTED_STATE 0x00000001
2893#define FILE_PIPE_LISTENING_STATE 0x00000002
2894#define FILE_PIPE_CONNECTED_STATE 0x00000003
2895#define FILE_PIPE_CLOSING_STATE 0x00000004
2896
2897#define FILE_PIPE_CLIENT_END 0x00000000
2898#define FILE_PIPE_SERVER_END 0x00000001
2899
2900#define FILE_CASE_SENSITIVE_SEARCH 0x00000001
2901#define FILE_CASE_PRESERVED_NAMES 0x00000002
2902#define FILE_UNICODE_ON_DISK 0x00000004
2903#define FILE_PERSISTENT_ACLS 0x00000008
2904#define FILE_FILE_COMPRESSION 0x00000010
2905#define FILE_VOLUME_QUOTAS 0x00000020
2906#define FILE_SUPPORTS_SPARSE_FILES 0x00000040
2907#define FILE_SUPPORTS_REPARSE_POINTS 0x00000080
2908#define FILE_SUPPORTS_REMOTE_STORAGE 0x00000100
2909#define FILE_VOLUME_IS_COMPRESSED 0x00008000
2910#define FILE_SUPPORTS_OBJECT_IDS 0x00010000
2911#define FILE_SUPPORTS_ENCRYPTION 0x00020000
2912#define FILE_NAMED_STREAMS 0x00040000
2913#define FILE_READ_ONLY_VOLUME 0x00080000
2914#define FILE_SEQUENTIAL_WRITE_ONCE 0x00100000
2915#define FILE_SUPPORTS_TRANSACTIONS 0x00200000
2916#define FILE_SUPPORTS_HARD_LINKS 0x00400000
2917#define FILE_SUPPORTS_EXTENDED_ATTRIBUTES 0x00800000
2918#define FILE_SUPPORTS_OPEN_BY_FILE_ID 0x01000000
2919#define FILE_SUPPORTS_USN_JOURNAL 0x02000000
2920
2921#define FILE_NEED_EA 0x00000080
2922
2923#define FILE_EA_TYPE_BINARY 0xfffe
2924#define FILE_EA_TYPE_ASCII 0xfffd
2925#define FILE_EA_TYPE_BITMAP 0xfffb
2926#define FILE_EA_TYPE_METAFILE 0xfffa
2927#define FILE_EA_TYPE_ICON 0xfff9
2928#define FILE_EA_TYPE_EA 0xffee
2929#define FILE_EA_TYPE_MVMT 0xffdf
2930#define FILE_EA_TYPE_MVST 0xffde
2931#define FILE_EA_TYPE_ASN1 0xffdd
2932#define FILE_EA_TYPE_FAMILY_IDS 0xff01
2933
2934typedef struct _FILE_NOTIFY_INFORMATION {
2935 ULONG NextEntryOffset;
2936 ULONG Action;
2937 ULONG FileNameLength;
2938 WCHAR FileName[1];
2939} FILE_NOTIFY_INFORMATION, *PFILE_NOTIFY_INFORMATION;
2940
2941typedef struct _FILE_DIRECTORY_INFORMATION {
2942 ULONG NextEntryOffset;
2943 ULONG FileIndex;
2944 LARGE_INTEGER CreationTime;
2945 LARGE_INTEGER LastAccessTime;
2946 LARGE_INTEGER LastWriteTime;
2947 LARGE_INTEGER ChangeTime;
2948 LARGE_INTEGER EndOfFile;
2949 LARGE_INTEGER AllocationSize;
2950 ULONG FileAttributes;
2951 ULONG FileNameLength;
2952 WCHAR FileName[1];
2953} FILE_DIRECTORY_INFORMATION, *PFILE_DIRECTORY_INFORMATION;
2954
2955typedef struct _FILE_FULL_DIR_INFORMATION {
2956 ULONG NextEntryOffset;
2957 ULONG FileIndex;
2958 LARGE_INTEGER CreationTime;
2959 LARGE_INTEGER LastAccessTime;
2960 LARGE_INTEGER LastWriteTime;
2961 LARGE_INTEGER ChangeTime;
2962 LARGE_INTEGER EndOfFile;
2963 LARGE_INTEGER AllocationSize;
2964 ULONG FileAttributes;
2965 ULONG FileNameLength;
2966 ULONG EaSize;
2967 WCHAR FileName[1];
2968} FILE_FULL_DIR_INFORMATION, *PFILE_FULL_DIR_INFORMATION;
2969
2970typedef struct _FILE_ID_FULL_DIR_INFORMATION {
2971 ULONG NextEntryOffset;
2972 ULONG FileIndex;
2973 LARGE_INTEGER CreationTime;
2974 LARGE_INTEGER LastAccessTime;
2975 LARGE_INTEGER LastWriteTime;
2976 LARGE_INTEGER ChangeTime;
2977 LARGE_INTEGER EndOfFile;
2978 LARGE_INTEGER AllocationSize;
2979 ULONG FileAttributes;
2980 ULONG FileNameLength;
2981 ULONG EaSize;
2982 LARGE_INTEGER FileId;
2983 WCHAR FileName[1];
2984} FILE_ID_FULL_DIR_INFORMATION, *PFILE_ID_FULL_DIR_INFORMATION;
2985
2986typedef struct _FILE_BOTH_DIR_INFORMATION {
2987 ULONG NextEntryOffset;
2988 ULONG FileIndex;
2989 LARGE_INTEGER CreationTime;
2990 LARGE_INTEGER LastAccessTime;
2991 LARGE_INTEGER LastWriteTime;
2992 LARGE_INTEGER ChangeTime;
2993 LARGE_INTEGER EndOfFile;
2994 LARGE_INTEGER AllocationSize;
2995 ULONG FileAttributes;
2996 ULONG FileNameLength;
2997 ULONG EaSize;
2998 CCHAR ShortNameLength;
2999 WCHAR ShortName[12];
3000 WCHAR FileName[1];
3001} FILE_BOTH_DIR_INFORMATION, *PFILE_BOTH_DIR_INFORMATION;
3002
3003typedef struct _FILE_ID_BOTH_DIR_INFORMATION {
3004 ULONG NextEntryOffset;
3005 ULONG FileIndex;
3006 LARGE_INTEGER CreationTime;
3007 LARGE_INTEGER LastAccessTime;
3008 LARGE_INTEGER LastWriteTime;
3009 LARGE_INTEGER ChangeTime;
3010 LARGE_INTEGER EndOfFile;
3011 LARGE_INTEGER AllocationSize;
3012 ULONG FileAttributes;
3013 ULONG FileNameLength;
3014 ULONG EaSize;
3015 CCHAR ShortNameLength;
3016 WCHAR ShortName[12];
3017 LARGE_INTEGER FileId;
3018 WCHAR FileName[1];
3019} FILE_ID_BOTH_DIR_INFORMATION, *PFILE_ID_BOTH_DIR_INFORMATION;
3020
3021typedef struct _FILE_NAMES_INFORMATION {
3022 ULONG NextEntryOffset;
3023 ULONG FileIndex;
3024 ULONG FileNameLength;
3025 WCHAR FileName[1];
3026} FILE_NAMES_INFORMATION, *PFILE_NAMES_INFORMATION;
3027
3028typedef struct _FILE_ID_GLOBAL_TX_DIR_INFORMATION {
3029 ULONG NextEntryOffset;
3030 ULONG FileIndex;
3031 LARGE_INTEGER CreationTime;
3032 LARGE_INTEGER LastAccessTime;
3033 LARGE_INTEGER LastWriteTime;
3034 LARGE_INTEGER ChangeTime;
3035 LARGE_INTEGER EndOfFile;
3036 LARGE_INTEGER AllocationSize;
3037 ULONG FileAttributes;
3038 ULONG FileNameLength;
3039 LARGE_INTEGER FileId;
3040 GUID LockingTransactionId;
3041 ULONG TxInfoFlags;
3042 WCHAR FileName[1];
3043} FILE_ID_GLOBAL_TX_DIR_INFORMATION, *PFILE_ID_GLOBAL_TX_DIR_INFORMATION;
3044
3045#define FILE_ID_GLOBAL_TX_DIR_INFO_FLAG_WRITELOCKED 0x00000001
3046#define FILE_ID_GLOBAL_TX_DIR_INFO_FLAG_VISIBLE_TO_TX 0x00000002
3047#define FILE_ID_GLOBAL_TX_DIR_INFO_FLAG_VISIBLE_OUTSIDE_TX 0x00000004
3048
3049typedef struct _FILE_OBJECTID_INFORMATION {
3050 LONGLONG FileReference;
3051 UCHAR ObjectId[16];
3052 _ANONYMOUS_UNION union {
3053 _ANONYMOUS_STRUCT struct {
3054 UCHAR BirthVolumeId[16];
3055 UCHAR BirthObjectId[16];
3056 UCHAR DomainId[16];
3057 } DUMMYSTRUCTNAME;
3058 UCHAR ExtendedInfo[48];
3059 } DUMMYUNIONNAME;
3060} FILE_OBJECTID_INFORMATION, *PFILE_OBJECTID_INFORMATION;
3061
3062#define ANSI_DOS_STAR ('<')
3063#define ANSI_DOS_QM ('>')
3064#define ANSI_DOS_DOT ('"')
3065
3066#define DOS_STAR (L'<')
3067#define DOS_QM (L'>')
3068#define DOS_DOT (L'"')
3069
3070typedef struct _FILE_INTERNAL_INFORMATION {
3071 LARGE_INTEGER IndexNumber;
3072} FILE_INTERNAL_INFORMATION, *PFILE_INTERNAL_INFORMATION;
3073
3074typedef struct _FILE_EA_INFORMATION {
3075 ULONG EaSize;
3076} FILE_EA_INFORMATION, *PFILE_EA_INFORMATION;
3077
3078typedef struct _FILE_ACCESS_INFORMATION {
3079 ACCESS_MASK AccessFlags;
3080} FILE_ACCESS_INFORMATION, *PFILE_ACCESS_INFORMATION;
3081
3082typedef struct _FILE_MODE_INFORMATION {
3083 ULONG Mode;
3084} FILE_MODE_INFORMATION, *PFILE_MODE_INFORMATION;
3085
3086typedef struct _FILE_ALL_INFORMATION {
3087 FILE_BASIC_INFORMATION BasicInformation;
3088 FILE_STANDARD_INFORMATION StandardInformation;
3089 FILE_INTERNAL_INFORMATION InternalInformation;
3090 FILE_EA_INFORMATION EaInformation;
3091 FILE_ACCESS_INFORMATION AccessInformation;
3092 FILE_POSITION_INFORMATION PositionInformation;
3093 FILE_MODE_INFORMATION ModeInformation;
3094 FILE_ALIGNMENT_INFORMATION AlignmentInformation;
3095 FILE_NAME_INFORMATION NameInformation;
3096} FILE_ALL_INFORMATION, *PFILE_ALL_INFORMATION;
3097
3098typedef struct _FILE_ALLOCATION_INFORMATION {
3099 LARGE_INTEGER AllocationSize;
3100} FILE_ALLOCATION_INFORMATION, *PFILE_ALLOCATION_INFORMATION;
3101
3102typedef struct _FILE_COMPRESSION_INFORMATION {
3103 LARGE_INTEGER CompressedFileSize;
3104 USHORT CompressionFormat;
3105 UCHAR CompressionUnitShift;
3106 UCHAR ChunkShift;
3107 UCHAR ClusterShift;
3108 UCHAR Reserved[3];
3109} FILE_COMPRESSION_INFORMATION, *PFILE_COMPRESSION_INFORMATION;
3110
3111typedef struct _FILE_LINK_INFORMATION {
3112 BOOLEAN ReplaceIfExists;
3113 HANDLE RootDirectory;
3114 ULONG FileNameLength;
3115 WCHAR FileName[1];
3116} FILE_LINK_INFORMATION, *PFILE_LINK_INFORMATION;
3117
3118typedef struct _FILE_MOVE_CLUSTER_INFORMATION {
3119 ULONG ClusterCount;
3120 HANDLE RootDirectory;
3121 ULONG FileNameLength;
3122 WCHAR FileName[1];
3123} FILE_MOVE_CLUSTER_INFORMATION, *PFILE_MOVE_CLUSTER_INFORMATION;
3124
3125typedef struct _FILE_RENAME_INFORMATION {
3126 BOOLEAN ReplaceIfExists;
3127 HANDLE RootDirectory;
3128 ULONG FileNameLength;
3129 WCHAR FileName[1];
3130} FILE_RENAME_INFORMATION, *PFILE_RENAME_INFORMATION;
3131
3132typedef struct _FILE_STREAM_INFORMATION {
3133 ULONG NextEntryOffset;
3134 ULONG StreamNameLength;
3135 LARGE_INTEGER StreamSize;
3136 LARGE_INTEGER StreamAllocationSize;
3137 WCHAR StreamName[1];
3138} FILE_STREAM_INFORMATION, *PFILE_STREAM_INFORMATION;
3139
3140typedef struct _FILE_TRACKING_INFORMATION {
3141 HANDLE DestinationFile;
3142 ULONG ObjectInformationLength;
3143 CHAR ObjectInformation[1];
3144} FILE_TRACKING_INFORMATION, *PFILE_TRACKING_INFORMATION;
3145
3146typedef struct _FILE_COMPLETION_INFORMATION {
3147 HANDLE Port;
3148 PVOID Key;
3149} FILE_COMPLETION_INFORMATION, *PFILE_COMPLETION_INFORMATION;
3150
3151typedef struct _FILE_PIPE_INFORMATION {
3152 ULONG ReadMode;
3153 ULONG CompletionMode;
3154} FILE_PIPE_INFORMATION, *PFILE_PIPE_INFORMATION;
3155
3156typedef struct _FILE_PIPE_LOCAL_INFORMATION {
3157 ULONG NamedPipeType;
3158 ULONG NamedPipeConfiguration;
3159 ULONG MaximumInstances;
3160 ULONG CurrentInstances;
3161 ULONG InboundQuota;
3162 ULONG ReadDataAvailable;
3163 ULONG OutboundQuota;
3164 ULONG WriteQuotaAvailable;
3165 ULONG NamedPipeState;
3166 ULONG NamedPipeEnd;
3167} FILE_PIPE_LOCAL_INFORMATION, *PFILE_PIPE_LOCAL_INFORMATION;
3168
3169typedef struct _FILE_PIPE_REMOTE_INFORMATION {
3170 LARGE_INTEGER CollectDataTime;
3171 ULONG MaximumCollectionCount;
3172} FILE_PIPE_REMOTE_INFORMATION, *PFILE_PIPE_REMOTE_INFORMATION;
3173
3174typedef struct _FILE_MAILSLOT_QUERY_INFORMATION {
3175 ULONG MaximumMessageSize;
3176 ULONG MailslotQuota;
3177 ULONG NextMessageSize;
3178 ULONG MessagesAvailable;
3179 LARGE_INTEGER ReadTimeout;
3180} FILE_MAILSLOT_QUERY_INFORMATION, *PFILE_MAILSLOT_QUERY_INFORMATION;
3181
3182typedef struct _FILE_MAILSLOT_SET_INFORMATION {
3183 PLARGE_INTEGER ReadTimeout;
3184} FILE_MAILSLOT_SET_INFORMATION, *PFILE_MAILSLOT_SET_INFORMATION;
3185
3186typedef struct _FILE_REPARSE_POINT_INFORMATION {
3187 LONGLONG FileReference;
3188 ULONG Tag;
3189} FILE_REPARSE_POINT_INFORMATION, *PFILE_REPARSE_POINT_INFORMATION;
3190
3191typedef struct _FILE_LINK_ENTRY_INFORMATION {
3192 ULONG NextEntryOffset;
3193 LONGLONG ParentFileId;
3194 ULONG FileNameLength;
3195 WCHAR FileName[1];
3196} FILE_LINK_ENTRY_INFORMATION, *PFILE_LINK_ENTRY_INFORMATION;
3197
3198typedef struct _FILE_LINKS_INFORMATION {
3199 ULONG BytesNeeded;
3200 ULONG EntriesReturned;
3201 FILE_LINK_ENTRY_INFORMATION Entry;
3202} FILE_LINKS_INFORMATION, *PFILE_LINKS_INFORMATION;
3203
3204typedef struct _FILE_NETWORK_PHYSICAL_NAME_INFORMATION {
3205 ULONG FileNameLength;
3206 WCHAR FileName[1];
3207} FILE_NETWORK_PHYSICAL_NAME_INFORMATION, *PFILE_NETWORK_PHYSICAL_NAME_INFORMATION;
3208
3209typedef struct _FILE_STANDARD_LINK_INFORMATION {
3210 ULONG NumberOfAccessibleLinks;
3211 ULONG TotalNumberOfLinks;
3212 BOOLEAN DeletePending;
3213 BOOLEAN Directory;
3214} FILE_STANDARD_LINK_INFORMATION, *PFILE_STANDARD_LINK_INFORMATION;
3215
3216typedef struct _FILE_GET_EA_INFORMATION {
3217 ULONG NextEntryOffset;
3218 UCHAR EaNameLength;
3219 CHAR EaName[1];
3220} FILE_GET_EA_INFORMATION, *PFILE_GET_EA_INFORMATION;
3221
3222#define REMOTE_PROTOCOL_FLAG_LOOPBACK 0x00000001
3223#define REMOTE_PROTOCOL_FLAG_OFFLINE 0x00000002
3224
3225typedef struct _FILE_REMOTE_PROTOCOL_INFORMATION {
3226 USHORT StructureVersion;
3227 USHORT StructureSize;
3228 ULONG Protocol;
3229 USHORT ProtocolMajorVersion;
3230 USHORT ProtocolMinorVersion;
3231 USHORT ProtocolRevision;
3232 USHORT Reserved;
3233 ULONG Flags;
3234 struct {
3235 ULONG Reserved[8];
3236 } GenericReserved;
3237 struct {
3238 ULONG Reserved[16];
3239 } ProtocolSpecificReserved;
3240} FILE_REMOTE_PROTOCOL_INFORMATION, *PFILE_REMOTE_PROTOCOL_INFORMATION;
3241
3242typedef struct _FILE_GET_QUOTA_INFORMATION {
3243 ULONG NextEntryOffset;
3244 ULONG SidLength;
3245 SID Sid;
3246} FILE_GET_QUOTA_INFORMATION, *PFILE_GET_QUOTA_INFORMATION;
3247
3248typedef struct _FILE_QUOTA_INFORMATION {
3249 ULONG NextEntryOffset;
3250 ULONG SidLength;
3251 LARGE_INTEGER ChangeTime;
3252 LARGE_INTEGER QuotaUsed;
3253 LARGE_INTEGER QuotaThreshold;
3254 LARGE_INTEGER QuotaLimit;
3255 SID Sid;
3256} FILE_QUOTA_INFORMATION, *PFILE_QUOTA_INFORMATION;
3257
3258typedef struct _FILE_FS_ATTRIBUTE_INFORMATION {
3259 ULONG FileSystemAttributes;
3260 ULONG MaximumComponentNameLength;
3261 ULONG FileSystemNameLength;
3262 WCHAR FileSystemName[1];
3263} FILE_FS_ATTRIBUTE_INFORMATION, *PFILE_FS_ATTRIBUTE_INFORMATION;
3264
3265typedef struct _FILE_FS_DRIVER_PATH_INFORMATION {
3266 BOOLEAN DriverInPath;
3267 ULONG DriverNameLength;
3268 WCHAR DriverName[1];
3269} FILE_FS_DRIVER_PATH_INFORMATION, *PFILE_FS_DRIVER_PATH_INFORMATION;
3270
3271typedef struct _FILE_FS_VOLUME_FLAGS_INFORMATION {
3272 ULONG Flags;
3273} FILE_FS_VOLUME_FLAGS_INFORMATION, *PFILE_FS_VOLUME_FLAGS_INFORMATION;
3274
3275#define FILE_VC_QUOTA_NONE 0x00000000
3276#define FILE_VC_QUOTA_TRACK 0x00000001
3277#define FILE_VC_QUOTA_ENFORCE 0x00000002
3278#define FILE_VC_QUOTA_MASK 0x00000003
3279#define FILE_VC_CONTENT_INDEX_DISABLED 0x00000008
3280#define FILE_VC_LOG_QUOTA_THRESHOLD 0x00000010
3281#define FILE_VC_LOG_QUOTA_LIMIT 0x00000020
3282#define FILE_VC_LOG_VOLUME_THRESHOLD 0x00000040
3283#define FILE_VC_LOG_VOLUME_LIMIT 0x00000080
3284#define FILE_VC_QUOTAS_INCOMPLETE 0x00000100
3285#define FILE_VC_QUOTAS_REBUILDING 0x00000200
3286#define FILE_VC_VALID_MASK 0x000003ff
3287
3288typedef struct _FILE_FS_CONTROL_INFORMATION {
3289 LARGE_INTEGER FreeSpaceStartFiltering;
3290 LARGE_INTEGER FreeSpaceThreshold;
3291 LARGE_INTEGER FreeSpaceStopFiltering;
3292 LARGE_INTEGER DefaultQuotaThreshold;
3293 LARGE_INTEGER DefaultQuotaLimit;
3294 ULONG FileSystemControlFlags;
3295} FILE_FS_CONTROL_INFORMATION, *PFILE_FS_CONTROL_INFORMATION;
3296
3297#ifndef _FILESYSTEMFSCTL_
3298#define _FILESYSTEMFSCTL_
3299
3300#define FSCTL_REQUEST_OPLOCK_LEVEL_1 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 0, METHOD_BUFFERED, FILE_ANY_ACCESS)
3301#define FSCTL_REQUEST_OPLOCK_LEVEL_2 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 1, METHOD_BUFFERED, FILE_ANY_ACCESS)
3302#define FSCTL_REQUEST_BATCH_OPLOCK CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 2, METHOD_BUFFERED, FILE_ANY_ACCESS)
3303#define FSCTL_OPLOCK_BREAK_ACKNOWLEDGE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 3, METHOD_BUFFERED, FILE_ANY_ACCESS)
3304#define FSCTL_OPBATCH_ACK_CLOSE_PENDING CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 4, METHOD_BUFFERED, FILE_ANY_ACCESS)
3305#define FSCTL_OPLOCK_BREAK_NOTIFY CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 5, METHOD_BUFFERED, FILE_ANY_ACCESS)
3306#define FSCTL_LOCK_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 6, METHOD_BUFFERED, FILE_ANY_ACCESS)
3307#define FSCTL_UNLOCK_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 7, METHOD_BUFFERED, FILE_ANY_ACCESS)
3308#define FSCTL_DISMOUNT_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 8, METHOD_BUFFERED, FILE_ANY_ACCESS)
3309#define FSCTL_IS_VOLUME_MOUNTED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 10, METHOD_BUFFERED, FILE_ANY_ACCESS)
3310#define FSCTL_IS_PATHNAME_VALID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 11, METHOD_BUFFERED, FILE_ANY_ACCESS)
3311#define FSCTL_MARK_VOLUME_DIRTY CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 12, METHOD_BUFFERED, FILE_ANY_ACCESS)
3312#define FSCTL_QUERY_RETRIEVAL_POINTERS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 14, METHOD_NEITHER, FILE_ANY_ACCESS)
3313#define FSCTL_GET_COMPRESSION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 15, METHOD_BUFFERED, FILE_ANY_ACCESS)
3314#define FSCTL_SET_COMPRESSION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 16, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA)
3315#define FSCTL_SET_BOOTLOADER_ACCESSED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 19, METHOD_NEITHER, FILE_ANY_ACCESS)
3316
3317#define FSCTL_OPLOCK_BREAK_ACK_NO_2 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 20, METHOD_BUFFERED, FILE_ANY_ACCESS)
3318#define FSCTL_INVALIDATE_VOLUMES CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 21, METHOD_BUFFERED, FILE_ANY_ACCESS)
3319#define FSCTL_QUERY_FAT_BPB CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 22, METHOD_BUFFERED, FILE_ANY_ACCESS)
3320#define FSCTL_REQUEST_FILTER_OPLOCK CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 23, METHOD_BUFFERED, FILE_ANY_ACCESS)
3321#define FSCTL_FILESYSTEM_GET_STATISTICS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 24, METHOD_BUFFERED, FILE_ANY_ACCESS)
3322
3323#if (_WIN32_WINNT >= 0x0400)
3324
3325#define FSCTL_GET_NTFS_VOLUME_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 25, METHOD_BUFFERED, FILE_ANY_ACCESS)
3326#define FSCTL_GET_NTFS_FILE_RECORD CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 26, METHOD_BUFFERED, FILE_ANY_ACCESS)
3327#define FSCTL_GET_VOLUME_BITMAP CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 27, METHOD_NEITHER, FILE_ANY_ACCESS)
3328#define FSCTL_GET_RETRIEVAL_POINTERS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 28, METHOD_NEITHER, FILE_ANY_ACCESS)
3329#define FSCTL_MOVE_FILE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 29, METHOD_BUFFERED, FILE_SPECIAL_ACCESS)
3330#define FSCTL_IS_VOLUME_DIRTY CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 30, METHOD_BUFFERED, FILE_ANY_ACCESS)
3331#define FSCTL_ALLOW_EXTENDED_DASD_IO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 32, METHOD_NEITHER, FILE_ANY_ACCESS)
3332
3333#endif
3334
3335#if (_WIN32_WINNT >= 0x0500)
3336
3337#define FSCTL_FIND_FILES_BY_SID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 35, METHOD_NEITHER, FILE_ANY_ACCESS)
3338#define FSCTL_SET_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 38, METHOD_BUFFERED, FILE_SPECIAL_ACCESS)
3339#define FSCTL_GET_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 39, METHOD_BUFFERED, FILE_ANY_ACCESS)
3340#define FSCTL_DELETE_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 40, METHOD_BUFFERED, FILE_SPECIAL_ACCESS)
3341#define FSCTL_SET_REPARSE_POINT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 41, METHOD_BUFFERED, FILE_SPECIAL_ACCESS)
3342#define FSCTL_GET_REPARSE_POINT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 42, METHOD_BUFFERED, FILE_ANY_ACCESS)
3343#define FSCTL_DELETE_REPARSE_POINT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 43, METHOD_BUFFERED, FILE_SPECIAL_ACCESS)
3344#define FSCTL_ENUM_USN_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 44, METHOD_NEITHER, FILE_ANY_ACCESS)
3345#define FSCTL_SECURITY_ID_CHECK CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 45, METHOD_NEITHER, FILE_READ_DATA)
3346#define FSCTL_READ_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 46, METHOD_NEITHER, FILE_ANY_ACCESS)
3347#define FSCTL_SET_OBJECT_ID_EXTENDED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 47, METHOD_BUFFERED, FILE_SPECIAL_ACCESS)
3348#define FSCTL_CREATE_OR_GET_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 48, METHOD_BUFFERED, FILE_ANY_ACCESS)
3349#define FSCTL_SET_SPARSE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 49, METHOD_BUFFERED, FILE_SPECIAL_ACCESS)
3350#define FSCTL_SET_ZERO_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 50, METHOD_BUFFERED, FILE_WRITE_DATA)
3351#define FSCTL_QUERY_ALLOCATED_RANGES CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 51, METHOD_NEITHER, FILE_READ_DATA)
3352#define FSCTL_ENABLE_UPGRADE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 52, METHOD_BUFFERED, FILE_WRITE_DATA)
3353#define FSCTL_SET_ENCRYPTION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 53, METHOD_NEITHER, FILE_ANY_ACCESS)
3354#define FSCTL_ENCRYPTION_FSCTL_IO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 54, METHOD_NEITHER, FILE_ANY_ACCESS)
3355#define FSCTL_WRITE_RAW_ENCRYPTED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 55, METHOD_NEITHER, FILE_SPECIAL_ACCESS)
3356#define FSCTL_READ_RAW_ENCRYPTED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 56, METHOD_NEITHER, FILE_SPECIAL_ACCESS)
3357#define FSCTL_CREATE_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 57, METHOD_NEITHER, FILE_ANY_ACCESS)
3358#define FSCTL_READ_FILE_USN_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 58, METHOD_NEITHER, FILE_ANY_ACCESS)
3359#define FSCTL_WRITE_USN_CLOSE_RECORD CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 59, METHOD_NEITHER, FILE_ANY_ACCESS)
3360#define FSCTL_EXTEND_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 60, METHOD_BUFFERED, FILE_ANY_ACCESS)
3361#define FSCTL_QUERY_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 61, METHOD_BUFFERED, FILE_ANY_ACCESS)
3362#define FSCTL_DELETE_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 62, METHOD_BUFFERED, FILE_ANY_ACCESS)
3363#define FSCTL_MARK_HANDLE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 63, METHOD_BUFFERED, FILE_ANY_ACCESS)
3364#define FSCTL_SIS_COPYFILE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 64, METHOD_BUFFERED, FILE_ANY_ACCESS)
3365#define FSCTL_SIS_LINK_FILES CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 65, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA)
3366#define FSCTL_RECALL_FILE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 69, METHOD_NEITHER, FILE_ANY_ACCESS)
3367#define FSCTL_READ_FROM_PLEX CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 71, METHOD_OUT_DIRECT, FILE_READ_DATA)
3368#define FSCTL_FILE_PREFETCH CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 72, METHOD_BUFFERED, FILE_SPECIAL_ACCESS)
3369
3370#endif
3371
3372#if (_WIN32_WINNT >= 0x0600)
3373
3374#define FSCTL_MAKE_MEDIA_COMPATIBLE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 76, METHOD_BUFFERED, FILE_WRITE_DATA)
3375#define FSCTL_SET_DEFECT_MANAGEMENT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 77, METHOD_BUFFERED, FILE_WRITE_DATA)
3376#define FSCTL_QUERY_SPARING_INFO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 78, METHOD_BUFFERED, FILE_ANY_ACCESS)
3377#define FSCTL_QUERY_ON_DISK_VOLUME_INFO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 79, METHOD_BUFFERED, FILE_ANY_ACCESS)
3378#define FSCTL_SET_VOLUME_COMPRESSION_STATE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 80, METHOD_BUFFERED, FILE_SPECIAL_ACCESS)
3379#define FSCTL_TXFS_MODIFY_RM CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 81, METHOD_BUFFERED, FILE_WRITE_DATA)
3380#define FSCTL_TXFS_QUERY_RM_INFORMATION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 82, METHOD_BUFFERED, FILE_READ_DATA)
3381#define FSCTL_TXFS_ROLLFORWARD_REDO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 84, METHOD_BUFFERED, FILE_WRITE_DATA)
3382#define FSCTL_TXFS_ROLLFORWARD_UNDO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 85, METHOD_BUFFERED, FILE_WRITE_DATA)
3383#define FSCTL_TXFS_START_RM CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 86, METHOD_BUFFERED, FILE_WRITE_DATA)
3384#define FSCTL_TXFS_SHUTDOWN_RM CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 87, METHOD_BUFFERED, FILE_WRITE_DATA)
3385#define FSCTL_TXFS_READ_BACKUP_INFORMATION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 88, METHOD_BUFFERED, FILE_READ_DATA)
3386#define FSCTL_TXFS_WRITE_BACKUP_INFORMATION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 89, METHOD_BUFFERED, FILE_WRITE_DATA)
3387#define FSCTL_TXFS_CREATE_SECONDARY_RM CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 90, METHOD_BUFFERED, FILE_WRITE_DATA)
3388#define FSCTL_TXFS_GET_METADATA_INFO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 91, METHOD_BUFFERED, FILE_READ_DATA)
3389#define FSCTL_TXFS_GET_TRANSACTED_VERSION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 92, METHOD_BUFFERED, FILE_READ_DATA)
3390#define FSCTL_TXFS_SAVEPOINT_INFORMATION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 94, METHOD_BUFFERED, FILE_WRITE_DATA)
3391#define FSCTL_TXFS_CREATE_MINIVERSION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 95, METHOD_BUFFERED, FILE_WRITE_DATA)
3392#define FSCTL_TXFS_TRANSACTION_ACTIVE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 99, METHOD_BUFFERED, FILE_READ_DATA)
3393#define FSCTL_SET_ZERO_ON_DEALLOCATION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 101, METHOD_BUFFERED, FILE_SPECIAL_ACCESS)
3394#define FSCTL_SET_REPAIR CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 102, METHOD_BUFFERED, FILE_ANY_ACCESS)
3395#define FSCTL_GET_REPAIR CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 103, METHOD_BUFFERED, FILE_ANY_ACCESS)
3396#define FSCTL_WAIT_FOR_REPAIR CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 104, METHOD_BUFFERED, FILE_ANY_ACCESS)
3397#define FSCTL_INITIATE_REPAIR CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 106, METHOD_BUFFERED, FILE_ANY_ACCESS)
3398#define FSCTL_CSC_INTERNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 107, METHOD_NEITHER, FILE_ANY_ACCESS)
3399#define FSCTL_SHRINK_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 108, METHOD_BUFFERED, FILE_SPECIAL_ACCESS)
3400#define FSCTL_SET_SHORT_NAME_BEHAVIOR CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 109, METHOD_BUFFERED, FILE_ANY_ACCESS)
3401#define FSCTL_DFSR_SET_GHOST_HANDLE_STATE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 110, METHOD_BUFFERED, FILE_ANY_ACCESS)
3402
3403#define FSCTL_TXFS_LIST_TRANSACTION_LOCKED_FILES \
3404 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 120, METHOD_BUFFERED, FILE_READ_DATA)
3405#define FSCTL_TXFS_LIST_TRANSACTIONS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 121, METHOD_BUFFERED, FILE_READ_DATA)
3406#define FSCTL_QUERY_PAGEFILE_ENCRYPTION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 122, METHOD_BUFFERED, FILE_ANY_ACCESS)
3407#define FSCTL_RESET_VOLUME_ALLOCATION_HINTS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 123, METHOD_BUFFERED, FILE_ANY_ACCESS)
3408#define FSCTL_TXFS_READ_BACKUP_INFORMATION2 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 126, METHOD_BUFFERED, FILE_ANY_ACCESS)
3409
3410#endif
3411
3412#if (_WIN32_WINNT >= 0x0601)
3413
3414#define FSCTL_QUERY_DEPENDENT_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 124, METHOD_BUFFERED, FILE_ANY_ACCESS)
3415#define FSCTL_SD_GLOBAL_CHANGE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 125, METHOD_BUFFERED, FILE_ANY_ACCESS)
3416#define FSCTL_LOOKUP_STREAM_FROM_CLUSTER CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 127, METHOD_BUFFERED, FILE_ANY_ACCESS)
3417#define FSCTL_TXFS_WRITE_BACKUP_INFORMATION2 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 128, METHOD_BUFFERED, FILE_ANY_ACCESS)
3418#define FSCTL_FILE_TYPE_NOTIFICATION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 129, METHOD_BUFFERED, FILE_ANY_ACCESS)
3419#define FSCTL_GET_BOOT_AREA_INFO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 140, METHOD_BUFFERED, FILE_ANY_ACCESS)
3420#define FSCTL_GET_RETRIEVAL_POINTER_BASE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 141, METHOD_BUFFERED, FILE_ANY_ACCESS)
3421#define FSCTL_SET_PERSISTENT_VOLUME_STATE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 142, METHOD_BUFFERED, FILE_ANY_ACCESS)
3422#define FSCTL_QUERY_PERSISTENT_VOLUME_STATE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 143, METHOD_BUFFERED, FILE_ANY_ACCESS)
3423
3424#define FSCTL_REQUEST_OPLOCK CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 144, METHOD_BUFFERED, FILE_ANY_ACCESS)
3425
3426#define FSCTL_CSV_TUNNEL_REQUEST CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 145, METHOD_BUFFERED, FILE_ANY_ACCESS)
3427#define FSCTL_IS_CSV_FILE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 146, METHOD_BUFFERED, FILE_ANY_ACCESS)
3428
3429#define FSCTL_QUERY_FILE_SYSTEM_RECOGNITION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 147, METHOD_BUFFERED, FILE_ANY_ACCESS)
3430#define FSCTL_CSV_GET_VOLUME_PATH_NAME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 148, METHOD_BUFFERED, FILE_ANY_ACCESS)
3431#define FSCTL_CSV_GET_VOLUME_NAME_FOR_VOLUME_MOUNT_POINT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 149, METHOD_BUFFERED, FILE_ANY_ACCESS)
3432#define FSCTL_CSV_GET_VOLUME_PATH_NAMES_FOR_VOLUME_NAME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 150, METHOD_BUFFERED, FILE_ANY_ACCESS)
3433#define FSCTL_IS_FILE_ON_CSV_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 151, METHOD_BUFFERED, FILE_ANY_ACCESS)
3434
3435typedef struct _CSV_NAMESPACE_INFO {
3436 ULONG Version;
3437 ULONG DeviceNumber;
3438 LARGE_INTEGER StartingOffset;
3439 ULONG SectorSize;
3440} CSV_NAMESPACE_INFO, *PCSV_NAMESPACE_INFO;
3441
3442#define CSV_NAMESPACE_INFO_V1 (sizeof(CSV_NAMESPACE_INFO))
3443#define CSV_INVALID_DEVICE_NUMBER 0xFFFFFFFF
3444
3445#endif
3446
3447#define FSCTL_MARK_AS_SYSTEM_HIVE FSCTL_SET_BOOTLOADER_ACCESSED
3448
3449typedef struct _PATHNAME_BUFFER {
3450 ULONG PathNameLength;
3451 WCHAR Name[1];
3452} PATHNAME_BUFFER, *PPATHNAME_BUFFER;
3453
3454typedef struct _FSCTL_QUERY_FAT_BPB_BUFFER {
3455 UCHAR First0x24BytesOfBootSector[0x24];
3456} FSCTL_QUERY_FAT_BPB_BUFFER, *PFSCTL_QUERY_FAT_BPB_BUFFER;
3457
3458#if (_WIN32_WINNT >= 0x0400)
3459
3460typedef struct _NTFS_VOLUME_DATA_BUFFER {
3461 LARGE_INTEGER VolumeSerialNumber;
3462 LARGE_INTEGER NumberSectors;
3463 LARGE_INTEGER TotalClusters;
3464 LARGE_INTEGER FreeClusters;
3465 LARGE_INTEGER TotalReserved;
3466 ULONG BytesPerSector;
3467 ULONG BytesPerCluster;
3468 ULONG BytesPerFileRecordSegment;
3469 ULONG ClustersPerFileRecordSegment;
3470 LARGE_INTEGER MftValidDataLength;
3471 LARGE_INTEGER MftStartLcn;
3472 LARGE_INTEGER Mft2StartLcn;
3473 LARGE_INTEGER MftZoneStart;
3474 LARGE_INTEGER MftZoneEnd;
3475} NTFS_VOLUME_DATA_BUFFER, *PNTFS_VOLUME_DATA_BUFFER;
3476
3477typedef struct _NTFS_EXTENDED_VOLUME_DATA {
3478 ULONG ByteCount;
3479 USHORT MajorVersion;
3480 USHORT MinorVersion;
3481} NTFS_EXTENDED_VOLUME_DATA, *PNTFS_EXTENDED_VOLUME_DATA;
3482
3483typedef struct _STARTING_LCN_INPUT_BUFFER {
3484 LARGE_INTEGER StartingLcn;
3485} STARTING_LCN_INPUT_BUFFER, *PSTARTING_LCN_INPUT_BUFFER;
3486
3487typedef struct _VOLUME_BITMAP_BUFFER {
3488 LARGE_INTEGER StartingLcn;
3489 LARGE_INTEGER BitmapSize;
3490 UCHAR Buffer[1];
3491} VOLUME_BITMAP_BUFFER, *PVOLUME_BITMAP_BUFFER;
3492
3493typedef struct _STARTING_VCN_INPUT_BUFFER {
3494 LARGE_INTEGER StartingVcn;
3495} STARTING_VCN_INPUT_BUFFER, *PSTARTING_VCN_INPUT_BUFFER;
3496
3497typedef struct _RETRIEVAL_POINTERS_BUFFER {
3498 ULONG ExtentCount;
3499 LARGE_INTEGER StartingVcn;
3500 struct {
3501 LARGE_INTEGER NextVcn;
3502 LARGE_INTEGER Lcn;
3503 } Extents[1];
3504} RETRIEVAL_POINTERS_BUFFER, *PRETRIEVAL_POINTERS_BUFFER;
3505
3506typedef struct _NTFS_FILE_RECORD_INPUT_BUFFER {
3507 LARGE_INTEGER FileReferenceNumber;
3508} NTFS_FILE_RECORD_INPUT_BUFFER, *PNTFS_FILE_RECORD_INPUT_BUFFER;
3509
3510typedef struct _NTFS_FILE_RECORD_OUTPUT_BUFFER {
3511 LARGE_INTEGER FileReferenceNumber;
3512 ULONG FileRecordLength;
3513 UCHAR FileRecordBuffer[1];
3514} NTFS_FILE_RECORD_OUTPUT_BUFFER, *PNTFS_FILE_RECORD_OUTPUT_BUFFER;
3515
3516typedef struct _MOVE_FILE_DATA {
3517 HANDLE FileHandle;
3518 LARGE_INTEGER StartingVcn;
3519 LARGE_INTEGER StartingLcn;
3520 ULONG ClusterCount;
3521} MOVE_FILE_DATA, *PMOVE_FILE_DATA;
3522
3523typedef struct _MOVE_FILE_RECORD_DATA {
3524 HANDLE FileHandle;
3525 LARGE_INTEGER SourceFileRecord;
3526 LARGE_INTEGER TargetFileRecord;
3527} MOVE_FILE_RECORD_DATA, *PMOVE_FILE_RECORD_DATA;
3528
3529#if defined(_WIN64)
3530typedef struct _MOVE_FILE_DATA32 {
3531 UINT32 FileHandle;
3532 LARGE_INTEGER StartingVcn;
3533 LARGE_INTEGER StartingLcn;
3534 ULONG ClusterCount;
3535} MOVE_FILE_DATA32, *PMOVE_FILE_DATA32;
3536#endif
3537
3538#endif /* (_WIN32_WINNT >= 0x0400) */
3539
3540#if (_WIN32_WINNT >= 0x0500)
3541
3542typedef struct _FIND_BY_SID_DATA {
3543 ULONG Restart;
3544 SID Sid;
3545} FIND_BY_SID_DATA, *PFIND_BY_SID_DATA;
3546
3547typedef struct _FIND_BY_SID_OUTPUT {
3548 ULONG NextEntryOffset;
3549 ULONG FileIndex;
3550 ULONG FileNameLength;
3551 WCHAR FileName[1];
3552} FIND_BY_SID_OUTPUT, *PFIND_BY_SID_OUTPUT;
3553
3554typedef struct _MFT_ENUM_DATA {
3555 ULONGLONG StartFileReferenceNumber;
3556 USN LowUsn;
3557 USN HighUsn;
3558} MFT_ENUM_DATA, *PMFT_ENUM_DATA;
3559
3560typedef struct _CREATE_USN_JOURNAL_DATA {
3561 ULONGLONG MaximumSize;
3562 ULONGLONG AllocationDelta;
3563} CREATE_USN_JOURNAL_DATA, *PCREATE_USN_JOURNAL_DATA;
3564
3565typedef struct _READ_USN_JOURNAL_DATA {
3566 USN StartUsn;
3567 ULONG ReasonMask;
3568 ULONG ReturnOnlyOnClose;
3569 ULONGLONG Timeout;
3570 ULONGLONG BytesToWaitFor;
3571 ULONGLONG UsnJournalID;
3572} READ_USN_JOURNAL_DATA, *PREAD_USN_JOURNAL_DATA;
3573
3574typedef struct _USN_RECORD {
3575 ULONG RecordLength;
3576 USHORT MajorVersion;
3577 USHORT MinorVersion;
3578 ULONGLONG FileReferenceNumber;
3579 ULONGLONG ParentFileReferenceNumber;
3580 USN Usn;
3581 LARGE_INTEGER TimeStamp;
3582 ULONG Reason;
3583 ULONG SourceInfo;
3584 ULONG SecurityId;
3585 ULONG FileAttributes;
3586 USHORT FileNameLength;
3587 USHORT FileNameOffset;
3588 WCHAR FileName[1];
3589} USN_RECORD, *PUSN_RECORD;
3590
3591#define USN_PAGE_SIZE (0x1000)
3592
3593#define USN_REASON_DATA_OVERWRITE (0x00000001)
3594#define USN_REASON_DATA_EXTEND (0x00000002)
3595#define USN_REASON_DATA_TRUNCATION (0x00000004)
3596#define USN_REASON_NAMED_DATA_OVERWRITE (0x00000010)
3597#define USN_REASON_NAMED_DATA_EXTEND (0x00000020)
3598#define USN_REASON_NAMED_DATA_TRUNCATION (0x00000040)
3599#define USN_REASON_FILE_CREATE (0x00000100)
3600#define USN_REASON_FILE_DELETE (0x00000200)
3601#define USN_REASON_EA_CHANGE (0x00000400)
3602#define USN_REASON_SECURITY_CHANGE (0x00000800)
3603#define USN_REASON_RENAME_OLD_NAME (0x00001000)
3604#define USN_REASON_RENAME_NEW_NAME (0x00002000)
3605#define USN_REASON_INDEXABLE_CHANGE (0x00004000)
3606#define USN_REASON_BASIC_INFO_CHANGE (0x00008000)
3607#define USN_REASON_HARD_LINK_CHANGE (0x00010000)
3608#define USN_REASON_COMPRESSION_CHANGE (0x00020000)
3609#define USN_REASON_ENCRYPTION_CHANGE (0x00040000)
3610#define USN_REASON_OBJECT_ID_CHANGE (0x00080000)
3611#define USN_REASON_REPARSE_POINT_CHANGE (0x00100000)
3612#define USN_REASON_STREAM_CHANGE (0x00200000)
3613#define USN_REASON_TRANSACTED_CHANGE (0x00400000)
3614#define USN_REASON_CLOSE (0x80000000)
3615
3616typedef struct _USN_JOURNAL_DATA {
3617 ULONGLONG UsnJournalID;
3618 USN FirstUsn;
3619 USN NextUsn;
3620 USN LowestValidUsn;
3621 USN MaxUsn;
3622 ULONGLONG MaximumSize;
3623 ULONGLONG AllocationDelta;
3624} USN_JOURNAL_DATA, *PUSN_JOURNAL_DATA;
3625
3626typedef struct _DELETE_USN_JOURNAL_DATA {
3627 ULONGLONG UsnJournalID;
3628 ULONG DeleteFlags;
3629} DELETE_USN_JOURNAL_DATA, *PDELETE_USN_JOURNAL_DATA;
3630
3631#define USN_DELETE_FLAG_DELETE (0x00000001)
3632#define USN_DELETE_FLAG_NOTIFY (0x00000002)
3633#define USN_DELETE_VALID_FLAGS (0x00000003)
3634
3635typedef struct _MARK_HANDLE_INFO {
3636 ULONG UsnSourceInfo;
3637 HANDLE VolumeHandle;
3638 ULONG HandleInfo;
3639} MARK_HANDLE_INFO, *PMARK_HANDLE_INFO;
3640
3641#if defined(_WIN64)
3642typedef struct _MARK_HANDLE_INFO32 {
3643 ULONG UsnSourceInfo;
3644 UINT32 VolumeHandle;
3645 ULONG HandleInfo;
3646} MARK_HANDLE_INFO32, *PMARK_HANDLE_INFO32;
3647#endif
3648
3649#define USN_SOURCE_DATA_MANAGEMENT (0x00000001)
3650#define USN_SOURCE_AUXILIARY_DATA (0x00000002)
3651#define USN_SOURCE_REPLICATION_MANAGEMENT (0x00000004)
3652
3653#define MARK_HANDLE_PROTECT_CLUSTERS (0x00000001)
3654#define MARK_HANDLE_TXF_SYSTEM_LOG (0x00000004)
3655#define MARK_HANDLE_NOT_TXF_SYSTEM_LOG (0x00000008)
3656
3657typedef struct _BULK_SECURITY_TEST_DATA {
3658 ACCESS_MASK DesiredAccess;
3659 ULONG SecurityIds[1];
3660} BULK_SECURITY_TEST_DATA, *PBULK_SECURITY_TEST_DATA;
3661
3662#define VOLUME_IS_DIRTY (0x00000001)
3663#define VOLUME_UPGRADE_SCHEDULED (0x00000002)
3664#define VOLUME_SESSION_OPEN (0x00000004)
3665
3666typedef struct _FILE_PREFETCH {
3667 ULONG Type;
3668 ULONG Count;
3669 ULONGLONG Prefetch[1];
3670} FILE_PREFETCH, *PFILE_PREFETCH;
3671
3672typedef struct _FILE_PREFETCH_EX {
3673 ULONG Type;
3674 ULONG Count;
3675 PVOID Context;
3676 ULONGLONG Prefetch[1];
3677} FILE_PREFETCH_EX, *PFILE_PREFETCH_EX;
3678
3679#define FILE_PREFETCH_TYPE_FOR_CREATE 0x1
3680#define FILE_PREFETCH_TYPE_FOR_DIRENUM 0x2
3681#define FILE_PREFETCH_TYPE_FOR_CREATE_EX 0x3
3682#define FILE_PREFETCH_TYPE_FOR_DIRENUM_EX 0x4
3683
3684#define FILE_PREFETCH_TYPE_MAX 0x4
3685
3686typedef struct _FILE_OBJECTID_BUFFER {
3687 UCHAR ObjectId[16];
3688 _ANONYMOUS_UNION union {
3689 _ANONYMOUS_STRUCT struct {
3690 UCHAR BirthVolumeId[16];
3691 UCHAR BirthObjectId[16];
3692 UCHAR DomainId[16];
3693 } DUMMYSTRUCTNAME;
3694 UCHAR ExtendedInfo[48];
3695 } DUMMYUNIONNAME;
3696} FILE_OBJECTID_BUFFER, *PFILE_OBJECTID_BUFFER;
3697
3698typedef struct _FILE_SET_SPARSE_BUFFER {
3699 BOOLEAN SetSparse;
3700} FILE_SET_SPARSE_BUFFER, *PFILE_SET_SPARSE_BUFFER;
3701
3702typedef struct _FILE_ZERO_DATA_INFORMATION {
3703 LARGE_INTEGER FileOffset;
3704 LARGE_INTEGER BeyondFinalZero;
3705} FILE_ZERO_DATA_INFORMATION, *PFILE_ZERO_DATA_INFORMATION;
3706
3707typedef struct _FILE_ALLOCATED_RANGE_BUFFER {
3708 LARGE_INTEGER FileOffset;
3709 LARGE_INTEGER Length;
3710} FILE_ALLOCATED_RANGE_BUFFER, *PFILE_ALLOCATED_RANGE_BUFFER;
3711
3712typedef struct _ENCRYPTION_BUFFER {
3713 ULONG EncryptionOperation;
3714 UCHAR Private[1];
3715} ENCRYPTION_BUFFER, *PENCRYPTION_BUFFER;
3716
3717#define FILE_SET_ENCRYPTION 0x00000001
3718#define FILE_CLEAR_ENCRYPTION 0x00000002
3719#define STREAM_SET_ENCRYPTION 0x00000003
3720#define STREAM_CLEAR_ENCRYPTION 0x00000004
3721
3722#define MAXIMUM_ENCRYPTION_VALUE 0x00000004
3723
3724typedef struct _DECRYPTION_STATUS_BUFFER {
3725 BOOLEAN NoEncryptedStreams;
3726} DECRYPTION_STATUS_BUFFER, *PDECRYPTION_STATUS_BUFFER;
3727
3728#define ENCRYPTION_FORMAT_DEFAULT (0x01)
3729
3730#define COMPRESSION_FORMAT_SPARSE (0x4000)
3731
3732typedef struct _REQUEST_RAW_ENCRYPTED_DATA {
3733 LONGLONG FileOffset;
3734 ULONG Length;
3735} REQUEST_RAW_ENCRYPTED_DATA, *PREQUEST_RAW_ENCRYPTED_DATA;
3736
3737typedef struct _ENCRYPTED_DATA_INFO {
3738 ULONGLONG StartingFileOffset;
3739 ULONG OutputBufferOffset;
3740 ULONG BytesWithinFileSize;
3741 ULONG BytesWithinValidDataLength;
3742 USHORT CompressionFormat;
3743 UCHAR DataUnitShift;
3744 UCHAR ChunkShift;
3745 UCHAR ClusterShift;
3746 UCHAR EncryptionFormat;
3747 USHORT NumberOfDataBlocks;
3748 ULONG DataBlockSize[ANYSIZE_ARRAY];
3749} ENCRYPTED_DATA_INFO, *PENCRYPTED_DATA_INFO;
3750
3751typedef struct _PLEX_READ_DATA_REQUEST {
3752 LARGE_INTEGER ByteOffset;
3753 ULONG ByteLength;
3754 ULONG PlexNumber;
3755} PLEX_READ_DATA_REQUEST, *PPLEX_READ_DATA_REQUEST;
3756
3757typedef struct _SI_COPYFILE {
3758 ULONG SourceFileNameLength;
3759 ULONG DestinationFileNameLength;
3760 ULONG Flags;
3761 WCHAR FileNameBuffer[1];
3762} SI_COPYFILE, *PSI_COPYFILE;
3763
3764#define COPYFILE_SIS_LINK 0x0001
3765#define COPYFILE_SIS_REPLACE 0x0002
3766#define COPYFILE_SIS_FLAGS 0x0003
3767
3768#endif /* (_WIN32_WINNT >= 0x0500) */
3769
3770#if (_WIN32_WINNT >= 0x0600)
3771
3772typedef struct _FILE_MAKE_COMPATIBLE_BUFFER {
3773 BOOLEAN CloseDisc;
3774} FILE_MAKE_COMPATIBLE_BUFFER, *PFILE_MAKE_COMPATIBLE_BUFFER;
3775
3776typedef struct _FILE_SET_DEFECT_MGMT_BUFFER {
3777 BOOLEAN Disable;
3778} FILE_SET_DEFECT_MGMT_BUFFER, *PFILE_SET_DEFECT_MGMT_BUFFER;
3779
3780typedef struct _FILE_QUERY_SPARING_BUFFER {
3781 ULONG SparingUnitBytes;
3782 BOOLEAN SoftwareSparing;
3783 ULONG TotalSpareBlocks;
3784 ULONG FreeSpareBlocks;
3785} FILE_QUERY_SPARING_BUFFER, *PFILE_QUERY_SPARING_BUFFER;
3786
3787typedef struct _FILE_QUERY_ON_DISK_VOL_INFO_BUFFER {
3788 LARGE_INTEGER DirectoryCount;
3789 LARGE_INTEGER FileCount;
3790 USHORT FsFormatMajVersion;
3791 USHORT FsFormatMinVersion;
3792 WCHAR FsFormatName[12];
3793 LARGE_INTEGER FormatTime;
3794 LARGE_INTEGER LastUpdateTime;
3795 WCHAR CopyrightInfo[34];
3796 WCHAR AbstractInfo[34];
3797 WCHAR FormattingImplementationInfo[34];
3798 WCHAR LastModifyingImplementationInfo[34];
3799} FILE_QUERY_ON_DISK_VOL_INFO_BUFFER, *PFILE_QUERY_ON_DISK_VOL_INFO_BUFFER;
3800
3801#define SET_REPAIR_ENABLED (0x00000001)
3802#define SET_REPAIR_VOLUME_BITMAP_SCAN (0x00000002)
3803#define SET_REPAIR_DELETE_CROSSLINK (0x00000004)
3804#define SET_REPAIR_WARN_ABOUT_DATA_LOSS (0x00000008)
3805#define SET_REPAIR_DISABLED_AND_BUGCHECK_ON_CORRUPT (0x00000010)
3806#define SET_REPAIR_VALID_MASK (0x0000001F)
3807
3808typedef enum _SHRINK_VOLUME_REQUEST_TYPES {
3809 ShrinkPrepare = 1,
3810 ShrinkCommit,
3811 ShrinkAbort
3812} SHRINK_VOLUME_REQUEST_TYPES, *PSHRINK_VOLUME_REQUEST_TYPES;
3813
3814typedef struct _SHRINK_VOLUME_INFORMATION {
3815 SHRINK_VOLUME_REQUEST_TYPES ShrinkRequestType;
3816 ULONGLONG Flags;
3817 LONGLONG NewNumberOfSectors;
3818} SHRINK_VOLUME_INFORMATION, *PSHRINK_VOLUME_INFORMATION;
3819
3820#define TXFS_RM_FLAG_LOGGING_MODE 0x00000001
3821#define TXFS_RM_FLAG_RENAME_RM 0x00000002
3822#define TXFS_RM_FLAG_LOG_CONTAINER_COUNT_MAX 0x00000004
3823#define TXFS_RM_FLAG_LOG_CONTAINER_COUNT_MIN 0x00000008
3824#define TXFS_RM_FLAG_LOG_GROWTH_INCREMENT_NUM_CONTAINERS 0x00000010
3825#define TXFS_RM_FLAG_LOG_GROWTH_INCREMENT_PERCENT 0x00000020
3826#define TXFS_RM_FLAG_LOG_AUTO_SHRINK_PERCENTAGE 0x00000040
3827#define TXFS_RM_FLAG_LOG_NO_CONTAINER_COUNT_MAX 0x00000080
3828#define TXFS_RM_FLAG_LOG_NO_CONTAINER_COUNT_MIN 0x00000100
3829#define TXFS_RM_FLAG_GROW_LOG 0x00000400
3830#define TXFS_RM_FLAG_SHRINK_LOG 0x00000800
3831#define TXFS_RM_FLAG_ENFORCE_MINIMUM_SIZE 0x00001000
3832#define TXFS_RM_FLAG_PRESERVE_CHANGES 0x00002000
3833#define TXFS_RM_FLAG_RESET_RM_AT_NEXT_START 0x00004000
3834#define TXFS_RM_FLAG_DO_NOT_RESET_RM_AT_NEXT_START 0x00008000
3835#define TXFS_RM_FLAG_PREFER_CONSISTENCY 0x00010000
3836#define TXFS_RM_FLAG_PREFER_AVAILABILITY 0x00020000
3837
3838#define TXFS_LOGGING_MODE_SIMPLE (0x0001)
3839#define TXFS_LOGGING_MODE_FULL (0x0002)
3840
3841#define TXFS_TRANSACTION_STATE_NONE 0x00
3842#define TXFS_TRANSACTION_STATE_ACTIVE 0x01
3843#define TXFS_TRANSACTION_STATE_PREPARED 0x02
3844#define TXFS_TRANSACTION_STATE_NOTACTIVE 0x03
3845
3846#define TXFS_MODIFY_RM_VALID_FLAGS (TXFS_RM_FLAG_LOGGING_MODE | \
3847 TXFS_RM_FLAG_RENAME_RM | \
3848 TXFS_RM_FLAG_LOG_CONTAINER_COUNT_MAX | \
3849 TXFS_RM_FLAG_LOG_CONTAINER_COUNT_MIN | \
3850 TXFS_RM_FLAG_LOG_GROWTH_INCREMENT_NUM_CONTAINERS | \
3851 TXFS_RM_FLAG_LOG_GROWTH_INCREMENT_PERCENT | \
3852 TXFS_RM_FLAG_LOG_AUTO_SHRINK_PERCENTAGE | \
3853 TXFS_RM_FLAG_LOG_NO_CONTAINER_COUNT_MAX | \
3854 TXFS_RM_FLAG_LOG_NO_CONTAINER_COUNT_MIN | \
3855 TXFS_RM_FLAG_SHRINK_LOG | \
3856 TXFS_RM_FLAG_GROW_LOG | \
3857 TXFS_RM_FLAG_ENFORCE_MINIMUM_SIZE | \
3858 TXFS_RM_FLAG_PRESERVE_CHANGES | \
3859 TXFS_RM_FLAG_RESET_RM_AT_NEXT_START | \
3860 TXFS_RM_FLAG_DO_NOT_RESET_RM_AT_NEXT_START | \
3861 TXFS_RM_FLAG_PREFER_CONSISTENCY | \
3862 TXFS_RM_FLAG_PREFER_AVAILABILITY)
3863
3864typedef struct _TXFS_MODIFY_RM {
3865 ULONG Flags;
3866 ULONG LogContainerCountMax;
3867 ULONG LogContainerCountMin;
3868 ULONG LogContainerCount;
3869 ULONG LogGrowthIncrement;
3870 ULONG LogAutoShrinkPercentage;
3871 ULONGLONG Reserved;
3872 USHORT LoggingMode;
3873} TXFS_MODIFY_RM, *PTXFS_MODIFY_RM;
3874
3875#define TXFS_RM_STATE_NOT_STARTED 0
3876#define TXFS_RM_STATE_STARTING 1
3877#define TXFS_RM_STATE_ACTIVE 2
3878#define TXFS_RM_STATE_SHUTTING_DOWN 3
3879
3880#define TXFS_QUERY_RM_INFORMATION_VALID_FLAGS \
3881 (TXFS_RM_FLAG_LOG_GROWTH_INCREMENT_NUM_CONTAINERS | \
3882 TXFS_RM_FLAG_LOG_GROWTH_INCREMENT_PERCENT | \
3883 TXFS_RM_FLAG_LOG_NO_CONTAINER_COUNT_MAX | \
3884 TXFS_RM_FLAG_LOG_NO_CONTAINER_COUNT_MIN | \
3885 TXFS_RM_FLAG_RESET_RM_AT_NEXT_START | \
3886 TXFS_RM_FLAG_DO_NOT_RESET_RM_AT_NEXT_START | \
3887 TXFS_RM_FLAG_PREFER_CONSISTENCY | \
3888 TXFS_RM_FLAG_PREFER_AVAILABILITY)
3889
3890typedef struct _TXFS_QUERY_RM_INFORMATION {
3891 ULONG BytesRequired;
3892 ULONGLONG TailLsn;
3893 ULONGLONG CurrentLsn;
3894 ULONGLONG ArchiveTailLsn;
3895 ULONGLONG LogContainerSize;
3896 LARGE_INTEGER HighestVirtualClock;
3897 ULONG LogContainerCount;
3898 ULONG LogContainerCountMax;
3899 ULONG LogContainerCountMin;
3900 ULONG LogGrowthIncrement;
3901 ULONG LogAutoShrinkPercentage;
3902 ULONG Flags;
3903 USHORT LoggingMode;
3904 USHORT Reserved;
3905 ULONG RmState;
3906 ULONGLONG LogCapacity;
3907 ULONGLONG LogFree;
3908 ULONGLONG TopsSize;
3909 ULONGLONG TopsUsed;
3910 ULONGLONG TransactionCount;
3911 ULONGLONG OnePCCount;
3912 ULONGLONG TwoPCCount;
3913 ULONGLONG NumberLogFileFull;
3914 ULONGLONG OldestTransactionAge;
3915 GUID RMName;
3916 ULONG TmLogPathOffset;
3917} TXFS_QUERY_RM_INFORMATION, *PTXFS_QUERY_RM_INFORMATION;
3918
3919#define TXFS_ROLLFORWARD_REDO_FLAG_USE_LAST_REDO_LSN 0x01
3920#define TXFS_ROLLFORWARD_REDO_FLAG_USE_LAST_VIRTUAL_CLOCK 0x02
3921
3922#define TXFS_ROLLFORWARD_REDO_VALID_FLAGS \
3923 (TXFS_ROLLFORWARD_REDO_FLAG_USE_LAST_REDO_LSN | \
3924 TXFS_ROLLFORWARD_REDO_FLAG_USE_LAST_VIRTUAL_CLOCK)
3925
3926typedef struct _TXFS_ROLLFORWARD_REDO_INFORMATION {
3927 LARGE_INTEGER LastVirtualClock;
3928 ULONGLONG LastRedoLsn;
3929 ULONGLONG HighestRecoveryLsn;
3930 ULONG Flags;
3931} TXFS_ROLLFORWARD_REDO_INFORMATION, *PTXFS_ROLLFORWARD_REDO_INFORMATION;
3932
3933#define TXFS_START_RM_FLAG_LOG_CONTAINER_COUNT_MAX 0x00000001
3934#define TXFS_START_RM_FLAG_LOG_CONTAINER_COUNT_MIN 0x00000002
3935#define TXFS_START_RM_FLAG_LOG_CONTAINER_SIZE 0x00000004
3936#define TXFS_START_RM_FLAG_LOG_GROWTH_INCREMENT_NUM_CONTAINERS 0x00000008
3937#define TXFS_START_RM_FLAG_LOG_GROWTH_INCREMENT_PERCENT 0x00000010
3938#define TXFS_START_RM_FLAG_LOG_AUTO_SHRINK_PERCENTAGE 0x00000020
3939#define TXFS_START_RM_FLAG_LOG_NO_CONTAINER_COUNT_MAX 0x00000040
3940#define TXFS_START_RM_FLAG_LOG_NO_CONTAINER_COUNT_MIN 0x00000080
3941
3942#define TXFS_START_RM_FLAG_RECOVER_BEST_EFFORT 0x00000200
3943#define TXFS_START_RM_FLAG_LOGGING_MODE 0x00000400
3944#define TXFS_START_RM_FLAG_PRESERVE_CHANGES 0x00000800
3945
3946#define TXFS_START_RM_FLAG_PREFER_CONSISTENCY 0x00001000
3947#define TXFS_START_RM_FLAG_PREFER_AVAILABILITY 0x00002000
3948
3949#define TXFS_START_RM_VALID_FLAGS \
3950 (TXFS_START_RM_FLAG_LOG_CONTAINER_COUNT_MAX | \
3951 TXFS_START_RM_FLAG_LOG_CONTAINER_COUNT_MIN | \
3952 TXFS_START_RM_FLAG_LOG_CONTAINER_SIZE | \
3953 TXFS_START_RM_FLAG_LOG_GROWTH_INCREMENT_NUM_CONTAINERS | \
3954 TXFS_START_RM_FLAG_LOG_GROWTH_INCREMENT_PERCENT | \
3955 TXFS_START_RM_FLAG_LOG_AUTO_SHRINK_PERCENTAGE | \
3956 TXFS_START_RM_FLAG_RECOVER_BEST_EFFORT | \
3957 TXFS_START_RM_FLAG_LOG_NO_CONTAINER_COUNT_MAX | \
3958 TXFS_START_RM_FLAG_LOGGING_MODE | \
3959 TXFS_START_RM_FLAG_PRESERVE_CHANGES | \
3960 TXFS_START_RM_FLAG_PREFER_CONSISTENCY | \
3961 TXFS_START_RM_FLAG_PREFER_AVAILABILITY)
3962
3963typedef struct _TXFS_START_RM_INFORMATION {
3964 ULONG Flags;
3965 ULONGLONG LogContainerSize;
3966 ULONG LogContainerCountMin;
3967 ULONG LogContainerCountMax;
3968 ULONG LogGrowthIncrement;
3969 ULONG LogAutoShrinkPercentage;
3970 ULONG TmLogPathOffset;
3971 USHORT TmLogPathLength;
3972 USHORT LoggingMode;
3973 USHORT LogPathLength;
3974 USHORT Reserved;
3975 WCHAR LogPath[1];
3976} TXFS_START_RM_INFORMATION, *PTXFS_START_RM_INFORMATION;
3977
3978typedef struct _TXFS_GET_METADATA_INFO_OUT {
3979 struct {
3980 LONGLONG LowPart;
3981 LONGLONG HighPart;
3982 } TxfFileId;
3983 GUID LockingTransaction;
3984 ULONGLONG LastLsn;
3985 ULONG TransactionState;
3986} TXFS_GET_METADATA_INFO_OUT, *PTXFS_GET_METADATA_INFO_OUT;
3987
3988#define TXFS_LIST_TRANSACTION_LOCKED_FILES_ENTRY_FLAG_CREATED 0x00000001
3989#define TXFS_LIST_TRANSACTION_LOCKED_FILES_ENTRY_FLAG_DELETED 0x00000002
3990
3991typedef struct _TXFS_LIST_TRANSACTION_LOCKED_FILES_ENTRY {
3992 ULONGLONG Offset;
3993 ULONG NameFlags;
3994 LONGLONG FileId;
3995 ULONG Reserved1;
3996 ULONG Reserved2;
3997 LONGLONG Reserved3;
3998 WCHAR FileName[1];
3999} TXFS_LIST_TRANSACTION_LOCKED_FILES_ENTRY, *PTXFS_LIST_TRANSACTION_LOCKED_FILES_ENTRY;
4000
4001typedef struct _TXFS_LIST_TRANSACTION_LOCKED_FILES {
4002 GUID KtmTransaction;
4003 ULONGLONG NumberOfFiles;
4004 ULONGLONG BufferSizeRequired;
4005 ULONGLONG Offset;
4006} TXFS_LIST_TRANSACTION_LOCKED_FILES, *PTXFS_LIST_TRANSACTION_LOCKED_FILES;
4007
4008typedef struct _TXFS_LIST_TRANSACTIONS_ENTRY {
4009 GUID TransactionId;
4010 ULONG TransactionState;
4011 ULONG Reserved1;
4012 ULONG Reserved2;
4013 LONGLONG Reserved3;
4014} TXFS_LIST_TRANSACTIONS_ENTRY, *PTXFS_LIST_TRANSACTIONS_ENTRY;
4015
4016typedef struct _TXFS_LIST_TRANSACTIONS {
4017 ULONGLONG NumberOfTransactions;
4018 ULONGLONG BufferSizeRequired;
4019} TXFS_LIST_TRANSACTIONS, *PTXFS_LIST_TRANSACTIONS;
4020
4021typedef struct _TXFS_READ_BACKUP_INFORMATION_OUT {
4022 _ANONYMOUS_UNION union {
4023 ULONG BufferLength;
4024 UCHAR Buffer[1];
4025 } DUMMYUNIONNAME;
4026} TXFS_READ_BACKUP_INFORMATION_OUT, *PTXFS_READ_BACKUP_INFORMATION_OUT;
4027
4028typedef struct _TXFS_WRITE_BACKUP_INFORMATION {
4029 UCHAR Buffer[1];
4030} TXFS_WRITE_BACKUP_INFORMATION, *PTXFS_WRITE_BACKUP_INFORMATION;
4031
4032#define TXFS_TRANSACTED_VERSION_NONTRANSACTED 0xFFFFFFFE
4033#define TXFS_TRANSACTED_VERSION_UNCOMMITTED 0xFFFFFFFF
4034
4035typedef struct _TXFS_GET_TRANSACTED_VERSION {
4036 ULONG ThisBaseVersion;
4037 ULONG LatestVersion;
4038 USHORT ThisMiniVersion;
4039 USHORT FirstMiniVersion;
4040 USHORT LatestMiniVersion;
4041} TXFS_GET_TRANSACTED_VERSION, *PTXFS_GET_TRANSACTED_VERSION;
4042
4043#define TXFS_SAVEPOINT_SET 0x00000001
4044#define TXFS_SAVEPOINT_ROLLBACK 0x00000002
4045#define TXFS_SAVEPOINT_CLEAR 0x00000004
4046#define TXFS_SAVEPOINT_CLEAR_ALL 0x00000010
4047
4048typedef struct _TXFS_SAVEPOINT_INFORMATION {
4049 HANDLE KtmTransaction;
4050 ULONG ActionCode;
4051 ULONG SavepointId;
4052} TXFS_SAVEPOINT_INFORMATION, *PTXFS_SAVEPOINT_INFORMATION;
4053
4054typedef struct _TXFS_CREATE_MINIVERSION_INFO {
4055 USHORT StructureVersion;
4056 USHORT StructureLength;
4057 ULONG BaseVersion;
4058 USHORT MiniVersion;
4059} TXFS_CREATE_MINIVERSION_INFO, *PTXFS_CREATE_MINIVERSION_INFO;
4060
4061typedef struct _TXFS_TRANSACTION_ACTIVE_INFO {
4062 BOOLEAN TransactionsActiveAtSnapshot;
4063} TXFS_TRANSACTION_ACTIVE_INFO, *PTXFS_TRANSACTION_ACTIVE_INFO;
4064
4065#endif /* (_WIN32_WINNT >= 0x0600) */
4066
4067#if (_WIN32_WINNT >= 0x0601)
4068
4069#define MARK_HANDLE_REALTIME (0x00000020)
4070#define MARK_HANDLE_NOT_REALTIME (0x00000040)
4071
4072#define NO_8DOT3_NAME_PRESENT (0x00000001)
4073#define REMOVED_8DOT3_NAME (0x00000002)
4074
4075#define PERSISTENT_VOLUME_STATE_SHORT_NAME_CREATION_DISABLED (0x00000001)
4076
4077typedef struct _BOOT_AREA_INFO {
4078 ULONG BootSectorCount;
4079 struct {
4080 LARGE_INTEGER Offset;
4081 } BootSectors[2];
4082} BOOT_AREA_INFO, *PBOOT_AREA_INFO;
4083
4084typedef struct _RETRIEVAL_POINTER_BASE {
4085 LARGE_INTEGER FileAreaOffset;
4086} RETRIEVAL_POINTER_BASE, *PRETRIEVAL_POINTER_BASE;
4087
4088typedef struct _FILE_FS_PERSISTENT_VOLUME_INFORMATION {
4089 ULONG VolumeFlags;
4090 ULONG FlagMask;
4091 ULONG Version;
4092 ULONG Reserved;
4093} FILE_FS_PERSISTENT_VOLUME_INFORMATION, *PFILE_FS_PERSISTENT_VOLUME_INFORMATION;
4094
4095typedef struct _FILE_SYSTEM_RECOGNITION_INFORMATION {
4096 CHAR FileSystem[9];
4097} FILE_SYSTEM_RECOGNITION_INFORMATION, *PFILE_SYSTEM_RECOGNITION_INFORMATION;
4098
4099#define OPLOCK_LEVEL_CACHE_READ (0x00000001)
4100#define OPLOCK_LEVEL_CACHE_HANDLE (0x00000002)
4101#define OPLOCK_LEVEL_CACHE_WRITE (0x00000004)
4102
4103#define REQUEST_OPLOCK_INPUT_FLAG_REQUEST (0x00000001)
4104#define REQUEST_OPLOCK_INPUT_FLAG_ACK (0x00000002)
4105#define REQUEST_OPLOCK_INPUT_FLAG_COMPLETE_ACK_ON_CLOSE (0x00000004)
4106
4107#define REQUEST_OPLOCK_CURRENT_VERSION 1
4108
4109typedef struct _REQUEST_OPLOCK_INPUT_BUFFER {
4110 USHORT StructureVersion;
4111 USHORT StructureLength;
4112 ULONG RequestedOplockLevel;
4113 ULONG Flags;
4114} REQUEST_OPLOCK_INPUT_BUFFER, *PREQUEST_OPLOCK_INPUT_BUFFER;
4115
4116#define REQUEST_OPLOCK_OUTPUT_FLAG_ACK_REQUIRED (0x00000001)
4117#define REQUEST_OPLOCK_OUTPUT_FLAG_MODES_PROVIDED (0x00000002)
4118
4119typedef struct _REQUEST_OPLOCK_OUTPUT_BUFFER {
4120 USHORT StructureVersion;
4121 USHORT StructureLength;
4122 ULONG OriginalOplockLevel;
4123 ULONG NewOplockLevel;
4124 ULONG Flags;
4125 ACCESS_MASK AccessMode;
4126 USHORT ShareMode;
4127} REQUEST_OPLOCK_OUTPUT_BUFFER, *PREQUEST_OPLOCK_OUTPUT_BUFFER;
4128
4129#define SD_GLOBAL_CHANGE_TYPE_MACHINE_SID 1
4130
4131typedef struct _SD_CHANGE_MACHINE_SID_INPUT {
4132 USHORT CurrentMachineSIDOffset;
4133 USHORT CurrentMachineSIDLength;
4134 USHORT NewMachineSIDOffset;
4135 USHORT NewMachineSIDLength;
4136} SD_CHANGE_MACHINE_SID_INPUT, *PSD_CHANGE_MACHINE_SID_INPUT;
4137
4138typedef struct _SD_CHANGE_MACHINE_SID_OUTPUT {
4139 ULONGLONG NumSDChangedSuccess;
4140 ULONGLONG NumSDChangedFail;
4141 ULONGLONG NumSDUnused;
4142 ULONGLONG NumSDTotal;
4143 ULONGLONG NumMftSDChangedSuccess;
4144 ULONGLONG NumMftSDChangedFail;
4145 ULONGLONG NumMftSDTotal;
4146} SD_CHANGE_MACHINE_SID_OUTPUT, *PSD_CHANGE_MACHINE_SID_OUTPUT;
4147
4148typedef struct _SD_GLOBAL_CHANGE_INPUT {
4149 ULONG Flags;
4150 ULONG ChangeType;
4151 _ANONYMOUS_UNION union {
4152 SD_CHANGE_MACHINE_SID_INPUT SdChange;
4153 } DUMMYUNIONNAME;
4154} SD_GLOBAL_CHANGE_INPUT, *PSD_GLOBAL_CHANGE_INPUT;
4155
4156typedef struct _SD_GLOBAL_CHANGE_OUTPUT {
4157 ULONG Flags;
4158 ULONG ChangeType;
4159 _ANONYMOUS_UNION union {
4160 SD_CHANGE_MACHINE_SID_OUTPUT SdChange;
4161 } DUMMYUNIONNAME;
4162} SD_GLOBAL_CHANGE_OUTPUT, *PSD_GLOBAL_CHANGE_OUTPUT;
4163
4164#define ENCRYPTED_DATA_INFO_SPARSE_FILE 1
4165
4166typedef struct _EXTENDED_ENCRYPTED_DATA_INFO {
4167 ULONG ExtendedCode;
4168 ULONG Length;
4169 ULONG Flags;
4170 ULONG Reserved;
4171} EXTENDED_ENCRYPTED_DATA_INFO, *PEXTENDED_ENCRYPTED_DATA_INFO;
4172
4173typedef struct _LOOKUP_STREAM_FROM_CLUSTER_INPUT {
4174 ULONG Flags;
4175 ULONG NumberOfClusters;
4176 LARGE_INTEGER Cluster[1];
4177} LOOKUP_STREAM_FROM_CLUSTER_INPUT, *PLOOKUP_STREAM_FROM_CLUSTER_INPUT;
4178
4179typedef struct _LOOKUP_STREAM_FROM_CLUSTER_OUTPUT {
4180 ULONG Offset;
4181 ULONG NumberOfMatches;
4182 ULONG BufferSizeRequired;
4183} LOOKUP_STREAM_FROM_CLUSTER_OUTPUT, *PLOOKUP_STREAM_FROM_CLUSTER_OUTPUT;
4184
4185#define LOOKUP_STREAM_FROM_CLUSTER_ENTRY_FLAG_PAGE_FILE 0x00000001
4186#define LOOKUP_STREAM_FROM_CLUSTER_ENTRY_FLAG_DENY_DEFRAG_SET 0x00000002
4187#define LOOKUP_STREAM_FROM_CLUSTER_ENTRY_FLAG_FS_SYSTEM_FILE 0x00000004
4188#define LOOKUP_STREAM_FROM_CLUSTER_ENTRY_FLAG_TXF_SYSTEM_FILE 0x00000008
4189
4190#define LOOKUP_STREAM_FROM_CLUSTER_ENTRY_ATTRIBUTE_MASK 0xff000000
4191#define LOOKUP_STREAM_FROM_CLUSTER_ENTRY_ATTRIBUTE_DATA 0x01000000
4192#define LOOKUP_STREAM_FROM_CLUSTER_ENTRY_ATTRIBUTE_INDEX 0x02000000
4193#define LOOKUP_STREAM_FROM_CLUSTER_ENTRY_ATTRIBUTE_SYSTEM 0x03000000
4194
4195typedef struct _LOOKUP_STREAM_FROM_CLUSTER_ENTRY {
4196 ULONG OffsetToNext;
4197 ULONG Flags;
4198 LARGE_INTEGER Reserved;
4199 LARGE_INTEGER Cluster;
4200 WCHAR FileName[1];
4201} LOOKUP_STREAM_FROM_CLUSTER_ENTRY, *PLOOKUP_STREAM_FROM_CLUSTER_ENTRY;
4202
4203typedef struct _FILE_TYPE_NOTIFICATION_INPUT {
4204 ULONG Flags;
4205 ULONG NumFileTypeIDs;
4206 GUID FileTypeID[1];
4207} FILE_TYPE_NOTIFICATION_INPUT, *PFILE_TYPE_NOTIFICATION_INPUT;
4208
4209#define FILE_TYPE_NOTIFICATION_FLAG_USAGE_BEGIN 0x00000001
4210#define FILE_TYPE_NOTIFICATION_FLAG_USAGE_END 0x00000002
4211
4212DEFINE_GUID(FILE_TYPE_NOTIFICATION_GUID_PAGE_FILE, 0x0d0a64a1, 0x38fc, 0x4db8, 0x9f, 0xe7, 0x3f, 0x43, 0x52, 0xcd, 0x7c, 0x5c);
4213DEFINE_GUID(FILE_TYPE_NOTIFICATION_GUID_HIBERNATION_FILE, 0xb7624d64, 0xb9a3, 0x4cf8, 0x80, 0x11, 0x5b, 0x86, 0xc9, 0x40, 0xe7, 0xb7);
4214DEFINE_GUID(FILE_TYPE_NOTIFICATION_GUID_CRASHDUMP_FILE, 0x9d453eb7, 0xd2a6, 0x4dbd, 0xa2, 0xe3, 0xfb, 0xd0, 0xed, 0x91, 0x09, 0xa9);
4215
4216#ifndef _VIRTUAL_STORAGE_TYPE_DEFINED
4217#define _VIRTUAL_STORAGE_TYPE_DEFINED
4218typedef struct _VIRTUAL_STORAGE_TYPE {
4219 ULONG DeviceId;
4220 GUID VendorId;
4221} VIRTUAL_STORAGE_TYPE, *PVIRTUAL_STORAGE_TYPE;
4222#endif
4223
4224typedef struct _STORAGE_QUERY_DEPENDENT_VOLUME_REQUEST {
4225 ULONG RequestLevel;
4226 ULONG RequestFlags;
4227} STORAGE_QUERY_DEPENDENT_VOLUME_REQUEST, *PSTORAGE_QUERY_DEPENDENT_VOLUME_REQUEST;
4228
4229#define QUERY_DEPENDENT_VOLUME_REQUEST_FLAG_HOST_VOLUMES 0x1
4230#define QUERY_DEPENDENT_VOLUME_REQUEST_FLAG_GUEST_VOLUMES 0x2
4231
4232typedef struct _STORAGE_QUERY_DEPENDENT_VOLUME_LEV1_ENTRY {
4233 ULONG EntryLength;
4234 ULONG DependencyTypeFlags;
4235 ULONG ProviderSpecificFlags;
4236 VIRTUAL_STORAGE_TYPE VirtualStorageType;
4237} STORAGE_QUERY_DEPENDENT_VOLUME_LEV1_ENTRY, *PSTORAGE_QUERY_DEPENDENT_VOLUME_LEV1_ENTRY;
4238
4239typedef struct _STORAGE_QUERY_DEPENDENT_VOLUME_LEV2_ENTRY {
4240 ULONG EntryLength;
4241 ULONG DependencyTypeFlags;
4242 ULONG ProviderSpecificFlags;
4243 VIRTUAL_STORAGE_TYPE VirtualStorageType;
4244 ULONG AncestorLevel;
4245 ULONG HostVolumeNameOffset;
4246 ULONG HostVolumeNameSize;
4247 ULONG DependentVolumeNameOffset;
4248 ULONG DependentVolumeNameSize;
4249 ULONG RelativePathOffset;
4250 ULONG RelativePathSize;
4251 ULONG DependentDeviceNameOffset;
4252 ULONG DependentDeviceNameSize;
4253} STORAGE_QUERY_DEPENDENT_VOLUME_LEV2_ENTRY, *PSTORAGE_QUERY_DEPENDENT_VOLUME_LEV2_ENTRY;
4254
4255typedef struct _STORAGE_QUERY_DEPENDENT_VOLUME_RESPONSE {
4256 ULONG ResponseLevel;
4257 ULONG NumberEntries;
4258 _ANONYMOUS_UNION union {
4259 STORAGE_QUERY_DEPENDENT_VOLUME_LEV1_ENTRY Lev1Depends[0];
4260 STORAGE_QUERY_DEPENDENT_VOLUME_LEV2_ENTRY Lev2Depends[0];
4261 } DUMMYUNIONNAME;
4262} STORAGE_QUERY_DEPENDENT_VOLUME_RESPONSE, *PSTORAGE_QUERY_DEPENDENT_VOLUME_RESPONSE;
4263
4264#endif /* (_WIN32_WINNT >= 0x0601) */
4265
4266typedef struct _FILESYSTEM_STATISTICS {
4267 USHORT FileSystemType;
4268 USHORT Version;
4269 ULONG SizeOfCompleteStructure;
4270 ULONG UserFileReads;
4271 ULONG UserFileReadBytes;
4272 ULONG UserDiskReads;
4273 ULONG UserFileWrites;
4274 ULONG UserFileWriteBytes;
4275 ULONG UserDiskWrites;
4276 ULONG MetaDataReads;
4277 ULONG MetaDataReadBytes;
4278 ULONG MetaDataDiskReads;
4279 ULONG MetaDataWrites;
4280 ULONG MetaDataWriteBytes;
4281 ULONG MetaDataDiskWrites;
4282} FILESYSTEM_STATISTICS, *PFILESYSTEM_STATISTICS;
4283
4284#define FILESYSTEM_STATISTICS_TYPE_NTFS 1
4285#define FILESYSTEM_STATISTICS_TYPE_FAT 2
4286#define FILESYSTEM_STATISTICS_TYPE_EXFAT 3
4287
4288typedef struct _FAT_STATISTICS {
4289 ULONG CreateHits;
4290 ULONG SuccessfulCreates;
4291 ULONG FailedCreates;
4292 ULONG NonCachedReads;
4293 ULONG NonCachedReadBytes;
4294 ULONG NonCachedWrites;
4295 ULONG NonCachedWriteBytes;
4296 ULONG NonCachedDiskReads;
4297 ULONG NonCachedDiskWrites;
4298} FAT_STATISTICS, *PFAT_STATISTICS;
4299
4300typedef struct _EXFAT_STATISTICS {
4301 ULONG CreateHits;
4302 ULONG SuccessfulCreates;
4303 ULONG FailedCreates;
4304 ULONG NonCachedReads;
4305 ULONG NonCachedReadBytes;
4306 ULONG NonCachedWrites;
4307 ULONG NonCachedWriteBytes;
4308 ULONG NonCachedDiskReads;
4309 ULONG NonCachedDiskWrites;
4310} EXFAT_STATISTICS, *PEXFAT_STATISTICS;
4311
4312typedef struct _NTFS_STATISTICS {
4313 ULONG LogFileFullExceptions;
4314 ULONG OtherExceptions;
4315 ULONG MftReads;
4316 ULONG MftReadBytes;
4317 ULONG MftWrites;
4318 ULONG MftWriteBytes;
4319 struct {
4320 USHORT Write;
4321 USHORT Create;
4322 USHORT SetInfo;
4323 USHORT Flush;
4324 } MftWritesUserLevel;
4325 USHORT MftWritesFlushForLogFileFull;
4326 USHORT MftWritesLazyWriter;
4327 USHORT MftWritesUserRequest;
4328 ULONG Mft2Writes;
4329 ULONG Mft2WriteBytes;
4330 struct {
4331 USHORT Write;
4332 USHORT Create;
4333 USHORT SetInfo;
4334 USHORT Flush;
4335 } Mft2WritesUserLevel;
4336 USHORT Mft2WritesFlushForLogFileFull;
4337 USHORT Mft2WritesLazyWriter;
4338 USHORT Mft2WritesUserRequest;
4339 ULONG RootIndexReads;
4340 ULONG RootIndexReadBytes;
4341 ULONG RootIndexWrites;
4342 ULONG RootIndexWriteBytes;
4343 ULONG BitmapReads;
4344 ULONG BitmapReadBytes;
4345 ULONG BitmapWrites;
4346 ULONG BitmapWriteBytes;
4347 USHORT BitmapWritesFlushForLogFileFull;
4348 USHORT BitmapWritesLazyWriter;
4349 USHORT BitmapWritesUserRequest;
4350 struct {
4351 USHORT Write;
4352 USHORT Create;
4353 USHORT SetInfo;
4354 } BitmapWritesUserLevel;
4355 ULONG MftBitmapReads;
4356 ULONG MftBitmapReadBytes;
4357 ULONG MftBitmapWrites;
4358 ULONG MftBitmapWriteBytes;
4359 USHORT MftBitmapWritesFlushForLogFileFull;
4360 USHORT MftBitmapWritesLazyWriter;
4361 USHORT MftBitmapWritesUserRequest;
4362 struct {
4363 USHORT Write;
4364 USHORT Create;
4365 USHORT SetInfo;
4366 USHORT Flush;
4367 } MftBitmapWritesUserLevel;
4368 ULONG UserIndexReads;
4369 ULONG UserIndexReadBytes;
4370 ULONG UserIndexWrites;
4371 ULONG UserIndexWriteBytes;
4372 ULONG LogFileReads;
4373 ULONG LogFileReadBytes;
4374 ULONG LogFileWrites;
4375 ULONG LogFileWriteBytes;
4376 struct {
4377 ULONG Calls;
4378 ULONG Clusters;
4379 ULONG Hints;
4380 ULONG RunsReturned;
4381 ULONG HintsHonored;
4382 ULONG HintsClusters;
4383 ULONG Cache;
4384 ULONG CacheClusters;
4385 ULONG CacheMiss;
4386 ULONG CacheMissClusters;
4387 } Allocate;
4388} NTFS_STATISTICS, *PNTFS_STATISTICS;
4389
4390#endif /* _FILESYSTEMFSCTL_ */
4391
4392#define SYMLINK_FLAG_RELATIVE 1
4393
4394typedef struct _REPARSE_DATA_BUFFER {
4395 ULONG ReparseTag;
4396 USHORT ReparseDataLength;
4397 USHORT Reserved;
4398 _ANONYMOUS_UNION union {
4399 struct {
4400 USHORT SubstituteNameOffset;
4401 USHORT SubstituteNameLength;
4402 USHORT PrintNameOffset;
4403 USHORT PrintNameLength;
4404 ULONG Flags;
4405 WCHAR PathBuffer[1];
4406 } SymbolicLinkReparseBuffer;
4407 struct {
4408 USHORT SubstituteNameOffset;
4409 USHORT SubstituteNameLength;
4410 USHORT PrintNameOffset;
4411 USHORT PrintNameLength;
4412 WCHAR PathBuffer[1];
4413 } MountPointReparseBuffer;
4414 struct {
4415 UCHAR DataBuffer[1];
4416 } GenericReparseBuffer;
4417 } DUMMYUNIONNAME;
4418} REPARSE_DATA_BUFFER, *PREPARSE_DATA_BUFFER;
4419
4420#define REPARSE_DATA_BUFFER_HEADER_SIZE FIELD_OFFSET(REPARSE_DATA_BUFFER, GenericReparseBuffer)
4421
4422typedef struct _REPARSE_GUID_DATA_BUFFER {
4423 ULONG ReparseTag;
4424 USHORT ReparseDataLength;
4425 USHORT Reserved;
4426 GUID ReparseGuid;
4427 struct {
4428 UCHAR DataBuffer[1];
4429 } GenericReparseBuffer;
4430} REPARSE_GUID_DATA_BUFFER, *PREPARSE_GUID_DATA_BUFFER;
4431
4432#define REPARSE_GUID_DATA_BUFFER_HEADER_SIZE FIELD_OFFSET(REPARSE_GUID_DATA_BUFFER, GenericReparseBuffer)
4433
4434#define MAXIMUM_REPARSE_DATA_BUFFER_SIZE ( 16 * 1024 )
4435
4436/* Reserved reparse tags */
4437#define IO_REPARSE_TAG_RESERVED_ZERO (0)
4438#define IO_REPARSE_TAG_RESERVED_ONE (1)
4439#define IO_REPARSE_TAG_RESERVED_RANGE IO_REPARSE_TAG_RESERVED_ONE
4440
4441#define IsReparseTagMicrosoft(_tag) (((_tag) & 0x80000000))
4442#define IsReparseTagNameSurrogate(_tag) (((_tag) & 0x20000000))
4443
4444#define IO_REPARSE_TAG_VALID_VALUES (0xF000FFFF)
4445
4446#define IsReparseTagValid(tag) ( \
4447 !((tag) & ~IO_REPARSE_TAG_VALID_VALUES) && \
4448 ((tag) > IO_REPARSE_TAG_RESERVED_RANGE) \
4449 )
4450
4451/* MicroSoft reparse point tags */
4452#define IO_REPARSE_TAG_MOUNT_POINT (0xA0000003L)
4453#define IO_REPARSE_TAG_HSM (0xC0000004L)
4454#define IO_REPARSE_TAG_DRIVE_EXTENDER (0x80000005L)
4455#define IO_REPARSE_TAG_HSM2 (0x80000006L)
4456#define IO_REPARSE_TAG_SIS (0x80000007L)
4457#define IO_REPARSE_TAG_WIM (0x80000008L)
4458#define IO_REPARSE_TAG_CSV (0x80000009L)
4459#define IO_REPARSE_TAG_DFS (0x8000000AL)
4460#define IO_REPARSE_TAG_FILTER_MANAGER (0x8000000BL)
4461#define IO_REPARSE_TAG_SYMLINK (0xA000000CL)
4462#define IO_REPARSE_TAG_IIS_CACHE (0xA0000010L)
4463#define IO_REPARSE_TAG_DFSR (0x80000012L)
4464
4465#pragma pack(4)
4466typedef struct _REPARSE_INDEX_KEY {
4467 ULONG FileReparseTag;
4468 LARGE_INTEGER FileId;
4469} REPARSE_INDEX_KEY, *PREPARSE_INDEX_KEY;
4470#pragma pack()
4471
4472#define FSCTL_LMR_GET_LINK_TRACKING_INFORMATION CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM,58,METHOD_BUFFERED,FILE_ANY_ACCESS)
4473#define FSCTL_LMR_SET_LINK_TRACKING_INFORMATION CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM,59,METHOD_BUFFERED,FILE_ANY_ACCESS)
4474#define IOCTL_LMR_ARE_FILE_OBJECTS_ON_SAME_SERVER CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM,60,METHOD_BUFFERED,FILE_ANY_ACCESS)
4475
4476#define FSCTL_PIPE_ASSIGN_EVENT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 0, METHOD_BUFFERED, FILE_ANY_ACCESS)
4477#define FSCTL_PIPE_DISCONNECT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 1, METHOD_BUFFERED, FILE_ANY_ACCESS)
4478#define FSCTL_PIPE_LISTEN CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2, METHOD_BUFFERED, FILE_ANY_ACCESS)
4479#define FSCTL_PIPE_PEEK CTL_CODE(FILE_DEVICE_NAMED_PIPE, 3, METHOD_BUFFERED, FILE_READ_DATA)
4480#define FSCTL_PIPE_QUERY_EVENT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 4, METHOD_BUFFERED, FILE_ANY_ACCESS)
4481#define FSCTL_PIPE_TRANSCEIVE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 5, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA)
4482#define FSCTL_PIPE_WAIT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 6, METHOD_BUFFERED, FILE_ANY_ACCESS)
4483#define FSCTL_PIPE_IMPERSONATE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 7, METHOD_BUFFERED, FILE_ANY_ACCESS)
4484#define FSCTL_PIPE_SET_CLIENT_PROCESS CTL_CODE(FILE_DEVICE_NAMED_PIPE, 8, METHOD_BUFFERED, FILE_ANY_ACCESS)
4485#define FSCTL_PIPE_QUERY_CLIENT_PROCESS CTL_CODE(FILE_DEVICE_NAMED_PIPE, 9, METHOD_BUFFERED, FILE_ANY_ACCESS)
4486#define FSCTL_PIPE_GET_PIPE_ATTRIBUTE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 10, METHOD_BUFFERED, FILE_ANY_ACCESS)
4487#define FSCTL_PIPE_SET_PIPE_ATTRIBUTE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 11, METHOD_BUFFERED, FILE_ANY_ACCESS)
4488#define FSCTL_PIPE_GET_CONNECTION_ATTRIBUTE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 12, METHOD_BUFFERED, FILE_ANY_ACCESS)
4489#define FSCTL_PIPE_SET_CONNECTION_ATTRIBUTE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 13, METHOD_BUFFERED, FILE_ANY_ACCESS)
4490#define FSCTL_PIPE_GET_HANDLE_ATTRIBUTE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 14, METHOD_BUFFERED, FILE_ANY_ACCESS)
4491#define FSCTL_PIPE_SET_HANDLE_ATTRIBUTE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 15, METHOD_BUFFERED, FILE_ANY_ACCESS)
4492#define FSCTL_PIPE_FLUSH CTL_CODE(FILE_DEVICE_NAMED_PIPE, 16, METHOD_BUFFERED, FILE_WRITE_DATA)
4493
4494#define FSCTL_PIPE_INTERNAL_READ CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2045, METHOD_BUFFERED, FILE_READ_DATA)
4495#define FSCTL_PIPE_INTERNAL_WRITE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2046, METHOD_BUFFERED, FILE_WRITE_DATA)
4496#define FSCTL_PIPE_INTERNAL_TRANSCEIVE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2047, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA)
4497#define FSCTL_PIPE_INTERNAL_READ_OVFLOW CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2048, METHOD_BUFFERED, FILE_READ_DATA)
4498
4499#define FILE_PIPE_READ_DATA 0x00000000
4500#define FILE_PIPE_WRITE_SPACE 0x00000001
4501
4502typedef struct _FILE_PIPE_ASSIGN_EVENT_BUFFER {
4503 HANDLE EventHandle;
4504 ULONG KeyValue;
4505} FILE_PIPE_ASSIGN_EVENT_BUFFER, *PFILE_PIPE_ASSIGN_EVENT_BUFFER;
4506
4507typedef struct _FILE_PIPE_EVENT_BUFFER {
4508 ULONG NamedPipeState;
4509 ULONG EntryType;
4510 ULONG ByteCount;
4511 ULONG KeyValue;
4512 ULONG NumberRequests;
4513} FILE_PIPE_EVENT_BUFFER, *PFILE_PIPE_EVENT_BUFFER;
4514
4515typedef struct _FILE_PIPE_PEEK_BUFFER {
4516 ULONG NamedPipeState;
4517 ULONG ReadDataAvailable;
4518 ULONG NumberOfMessages;
4519 ULONG MessageLength;
4520 CHAR Data[1];
4521} FILE_PIPE_PEEK_BUFFER, *PFILE_PIPE_PEEK_BUFFER;
4522
4523typedef struct _FILE_PIPE_WAIT_FOR_BUFFER {
4524 LARGE_INTEGER Timeout;
4525 ULONG NameLength;
4526 BOOLEAN TimeoutSpecified;
4527 WCHAR Name[1];
4528} FILE_PIPE_WAIT_FOR_BUFFER, *PFILE_PIPE_WAIT_FOR_BUFFER;
4529
4530typedef struct _FILE_PIPE_CLIENT_PROCESS_BUFFER {
4531#if !defined(BUILD_WOW6432)
4532 PVOID ClientSession;
4533 PVOID ClientProcess;
4534#else
4535 ULONGLONG ClientSession;
4536 ULONGLONG ClientProcess;
4537#endif
4538} FILE_PIPE_CLIENT_PROCESS_BUFFER, *PFILE_PIPE_CLIENT_PROCESS_BUFFER;
4539
4540#define FILE_PIPE_COMPUTER_NAME_LENGTH 15
4541
4542typedef struct _FILE_PIPE_CLIENT_PROCESS_BUFFER_EX {
4543#if !defined(BUILD_WOW6432)
4544 PVOID ClientSession;
4545 PVOID ClientProcess;
4546#else
4547 ULONGLONG ClientSession;
4548 ULONGLONG ClientProcess;
4549#endif
4550 USHORT ClientComputerNameLength;
4551 WCHAR ClientComputerBuffer[FILE_PIPE_COMPUTER_NAME_LENGTH+1];
4552} FILE_PIPE_CLIENT_PROCESS_BUFFER_EX, *PFILE_PIPE_CLIENT_PROCESS_BUFFER_EX;
4553
4554#define FSCTL_MAILSLOT_PEEK CTL_CODE(FILE_DEVICE_MAILSLOT, 0, METHOD_NEITHER, FILE_READ_DATA)
4555
4556typedef enum _LINK_TRACKING_INFORMATION_TYPE {
4557 NtfsLinkTrackingInformation,
4558 DfsLinkTrackingInformation
4559} LINK_TRACKING_INFORMATION_TYPE, *PLINK_TRACKING_INFORMATION_TYPE;
4560
4561typedef struct _LINK_TRACKING_INFORMATION {
4562 LINK_TRACKING_INFORMATION_TYPE Type;
4563 UCHAR VolumeId[16];
4564} LINK_TRACKING_INFORMATION, *PLINK_TRACKING_INFORMATION;
4565
4566typedef struct _REMOTE_LINK_TRACKING_INFORMATION {
4567 PVOID TargetFileObject;
4568 ULONG TargetLinkTrackingInformationLength;
4569 UCHAR TargetLinkTrackingInformationBuffer[1];
4570} REMOTE_LINK_TRACKING_INFORMATION, *PREMOTE_LINK_TRACKING_INFORMATION;
4571
4572#define IO_OPEN_PAGING_FILE 0x0002
4573#define IO_OPEN_TARGET_DIRECTORY 0x0004
4574#define IO_STOP_ON_SYMLINK 0x0008
4575#define IO_MM_PAGING_FILE 0x0010
4576
4577typedef VOID
4578(NTAPI *PDRIVER_FS_NOTIFICATION) (
4579 IN PDEVICE_OBJECT DeviceObject,
4580 IN BOOLEAN FsActive);
4581
4582typedef enum _FS_FILTER_SECTION_SYNC_TYPE {
4583 SyncTypeOther = 0,
4584 SyncTypeCreateSection
4585} FS_FILTER_SECTION_SYNC_TYPE, *PFS_FILTER_SECTION_SYNC_TYPE;
4586
4587typedef enum _FS_FILTER_STREAM_FO_NOTIFICATION_TYPE {
4588 NotifyTypeCreate = 0,
4589 NotifyTypeRetired
4590} FS_FILTER_STREAM_FO_NOTIFICATION_TYPE, *PFS_FILTER_STREAM_FO_NOTIFICATION_TYPE;
4591
4592typedef union _FS_FILTER_PARAMETERS {
4593 struct {
4594 PLARGE_INTEGER EndingOffset;
4595 PERESOURCE *ResourceToRelease;
4596 } AcquireForModifiedPageWriter;
4597 struct {
4598 PERESOURCE ResourceToRelease;
4599 } ReleaseForModifiedPageWriter;
4600 struct {
4601 FS_FILTER_SECTION_SYNC_TYPE SyncType;
4602 ULONG PageProtection;
4603 } AcquireForSectionSynchronization;
4604 struct {
4605 FS_FILTER_STREAM_FO_NOTIFICATION_TYPE NotificationType;
4606 BOOLEAN POINTER_ALIGNMENT SafeToRecurse;
4607 } NotifyStreamFileObject;
4608 struct {
4609 PVOID Argument1;
4610 PVOID Argument2;
4611 PVOID Argument3;
4612 PVOID Argument4;
4613 PVOID Argument5;
4614 } Others;
4615} FS_FILTER_PARAMETERS, *PFS_FILTER_PARAMETERS;
4616
4617#define FS_FILTER_ACQUIRE_FOR_SECTION_SYNCHRONIZATION (UCHAR)-1
4618#define FS_FILTER_RELEASE_FOR_SECTION_SYNCHRONIZATION (UCHAR)-2
4619#define FS_FILTER_ACQUIRE_FOR_MOD_WRITE (UCHAR)-3
4620#define FS_FILTER_RELEASE_FOR_MOD_WRITE (UCHAR)-4
4621#define FS_FILTER_ACQUIRE_FOR_CC_FLUSH (UCHAR)-5
4622#define FS_FILTER_RELEASE_FOR_CC_FLUSH (UCHAR)-6
4623
4624typedef struct _FS_FILTER_CALLBACK_DATA {
4625 ULONG SizeOfFsFilterCallbackData;
4626 UCHAR Operation;
4627 UCHAR Reserved;
4628 struct _DEVICE_OBJECT *DeviceObject;
4629 struct _FILE_OBJECT *FileObject;
4630 FS_FILTER_PARAMETERS Parameters;
4631} FS_FILTER_CALLBACK_DATA, *PFS_FILTER_CALLBACK_DATA;
4632
4633typedef NTSTATUS
4634(NTAPI *PFS_FILTER_CALLBACK) (
4635 IN PFS_FILTER_CALLBACK_DATA Data,
4636 OUT PVOID *CompletionContext);
4637
4638typedef VOID
4639(NTAPI *PFS_FILTER_COMPLETION_CALLBACK) (
4640 IN PFS_FILTER_CALLBACK_DATA Data,
4641 IN NTSTATUS OperationStatus,
4642 IN PVOID CompletionContext);
4643
4644typedef struct _FS_FILTER_CALLBACKS {
4645 ULONG SizeOfFsFilterCallbacks;
4646 ULONG Reserved;
4647 PFS_FILTER_CALLBACK PreAcquireForSectionSynchronization;
4648 PFS_FILTER_COMPLETION_CALLBACK PostAcquireForSectionSynchronization;
4649 PFS_FILTER_CALLBACK PreReleaseForSectionSynchronization;
4650 PFS_FILTER_COMPLETION_CALLBACK PostReleaseForSectionSynchronization;
4651 PFS_FILTER_CALLBACK PreAcquireForCcFlush;
4652 PFS_FILTER_COMPLETION_CALLBACK PostAcquireForCcFlush;
4653 PFS_FILTER_CALLBACK PreReleaseForCcFlush;
4654 PFS_FILTER_COMPLETION_CALLBACK PostReleaseForCcFlush;
4655 PFS_FILTER_CALLBACK PreAcquireForModifiedPageWriter;
4656 PFS_FILTER_COMPLETION_CALLBACK PostAcquireForModifiedPageWriter;
4657 PFS_FILTER_CALLBACK PreReleaseForModifiedPageWriter;
4658 PFS_FILTER_COMPLETION_CALLBACK PostReleaseForModifiedPageWriter;
4659} FS_FILTER_CALLBACKS, *PFS_FILTER_CALLBACKS;
4660
4661#if (NTDDI_VERSION >= NTDDI_WINXP)
4662NTKERNELAPI
4663NTSTATUS
4664NTAPI
4665FsRtlRegisterFileSystemFilterCallbacks(
4666 IN struct _DRIVER_OBJECT *FilterDriverObject,
4667 IN PFS_FILTER_CALLBACKS Callbacks);
4668#endif /* (NTDDI_VERSION >= NTDDI_WINXP) */
4669
4670#if (NTDDI_VERSION >= NTDDI_VISTA)
4671NTKERNELAPI
4672NTSTATUS
4673NTAPI
4674FsRtlNotifyStreamFileObject(
4675 IN struct _FILE_OBJECT * StreamFileObject,
4676 IN struct _DEVICE_OBJECT *DeviceObjectHint OPTIONAL,
4677 IN FS_FILTER_STREAM_FO_NOTIFICATION_TYPE NotificationType,
4678 IN BOOLEAN SafeToRecurse);
4679#endif /* (NTDDI_VERSION >= NTDDI_VISTA) */
4680
4681#define DO_VERIFY_VOLUME 0x00000002
4682#define DO_BUFFERED_IO 0x00000004
4683#define DO_EXCLUSIVE 0x00000008
4684#define DO_DIRECT_IO 0x00000010
4685#define DO_MAP_IO_BUFFER 0x00000020
4686#define DO_DEVICE_HAS_NAME 0x00000040
4687#define DO_DEVICE_INITIALIZING 0x00000080
4688#define DO_SYSTEM_BOOT_PARTITION 0x00000100
4689#define DO_LONG_TERM_REQUESTS 0x00000200
4690#define DO_NEVER_LAST_DEVICE 0x00000400
4691#define DO_SHUTDOWN_REGISTERED 0x00000800
4692#define DO_BUS_ENUMERATED_DEVICE 0x00001000
4693#define DO_POWER_PAGABLE 0x00002000
4694#define DO_POWER_INRUSH 0x00004000
4695#define DO_LOW_PRIORITY_FILESYSTEM 0x00010000
4696#define DO_SUPPORTS_TRANSACTIONS 0x00040000
4697#define DO_FORCE_NEITHER_IO 0x00080000
4698#define DO_VOLUME_DEVICE_OBJECT 0x00100000
4699#define DO_SYSTEM_SYSTEM_PARTITION 0x00200000
4700#define DO_SYSTEM_CRITICAL_PARTITION 0x00400000
4701#define DO_DISALLOW_EXECUTE 0x00800000
4702
4703extern KSPIN_LOCK IoStatisticsLock;
4704extern ULONG IoReadOperationCount;
4705extern ULONG IoWriteOperationCount;
4706extern ULONG IoOtherOperationCount;
4707extern LARGE_INTEGER IoReadTransferCount;
4708extern LARGE_INTEGER IoWriteTransferCount;
4709extern LARGE_INTEGER IoOtherTransferCount;
4710
4711#define IO_FILE_OBJECT_NON_PAGED_POOL_CHARGE 64
4712#define IO_FILE_OBJECT_PAGED_POOL_CHARGE 1024
4713
4714#if (NTDDI_VERSION >= NTDDI_VISTA)
4715typedef struct _IO_PRIORITY_INFO {
4716 ULONG Size;
4717 ULONG ThreadPriority;
4718 ULONG PagePriority;
4719 IO_PRIORITY_HINT IoPriority;
4720} IO_PRIORITY_INFO, *PIO_PRIORITY_INFO;
4721#endif
4722
4723typedef struct _PUBLIC_OBJECT_BASIC_INFORMATION {
4724 ULONG Attributes;
4725 ACCESS_MASK GrantedAccess;
4726 ULONG HandleCount;
4727 ULONG PointerCount;
4728 ULONG Reserved[10];
4729} PUBLIC_OBJECT_BASIC_INFORMATION, *PPUBLIC_OBJECT_BASIC_INFORMATION;
4730
4731typedef struct _PUBLIC_OBJECT_TYPE_INFORMATION {
4732 UNICODE_STRING TypeName;
4733 ULONG Reserved [22];
4734} PUBLIC_OBJECT_TYPE_INFORMATION, *PPUBLIC_OBJECT_TYPE_INFORMATION;
4735
4736typedef struct _SECURITY_CLIENT_CONTEXT {
4737 SECURITY_QUALITY_OF_SERVICE SecurityQos;
4738 PACCESS_TOKEN ClientToken;
4739 BOOLEAN DirectlyAccessClientToken;
4740 BOOLEAN DirectAccessEffectiveOnly;
4741 BOOLEAN ServerIsRemote;
4742 TOKEN_CONTROL ClientTokenControl;
4743} SECURITY_CLIENT_CONTEXT, *PSECURITY_CLIENT_CONTEXT;
4744
4745#define SYSTEM_PAGE_PRIORITY_BITS 3
4746#define SYSTEM_PAGE_PRIORITY_LEVELS (1 << SYSTEM_PAGE_PRIORITY_BITS)
4747
4748typedef struct _KAPC_STATE {
4749 LIST_ENTRY ApcListHead[MaximumMode];
4750 PKPROCESS Process;
4751 BOOLEAN KernelApcInProgress;
4752 BOOLEAN KernelApcPending;
4753 BOOLEAN UserApcPending;
4754} KAPC_STATE, *PKAPC_STATE, *RESTRICTED_POINTER PRKAPC_STATE;
4755
4756#define KAPC_STATE_ACTUAL_LENGTH (FIELD_OFFSET(KAPC_STATE, UserApcPending) + sizeof(BOOLEAN))
4757
4758#define ASSERT_QUEUE(Q) ASSERT(((Q)->Header.Type & KOBJECT_TYPE_MASK) == QueueObject);
4759
4760typedef struct _KQUEUE {
4761 DISPATCHER_HEADER Header;
4762 LIST_ENTRY EntryListHead;
4763 volatile ULONG CurrentCount;
4764 ULONG MaximumCount;
4765 LIST_ENTRY ThreadListHead;
4766} KQUEUE, *PKQUEUE, *RESTRICTED_POINTER PRKQUEUE;
4767
4768/******************************************************************************
4769 * Kernel Functions *
4770 ******************************************************************************/
4771
4772NTSTATUS
4773NTAPI
4774KeGetProcessorNumberFromIndex(
4775 IN ULONG ProcIndex,
4776 OUT PPROCESSOR_NUMBER ProcNumber);
4777
4778ULONG
4779NTAPI
4780KeGetProcessorIndexFromNumber(
4781 IN PPROCESSOR_NUMBER ProcNumber);
4782
4783#if (NTDDI_VERSION >= NTDDI_WIN2K)
4784
4785
4786
4787
4788NTKERNELAPI
4789VOID
4790NTAPI
4791KeInitializeMutant(
4792 OUT PRKMUTANT Mutant,
4793 IN BOOLEAN InitialOwner);
4794
4795NTKERNELAPI
4796LONG
4797NTAPI
4798KeReadStateMutant(
4799 IN PRKMUTANT Mutant);
4800
4801NTKERNELAPI
4802LONG
4803NTAPI
4804KeReleaseMutant(
4805 IN OUT PRKMUTANT Mutant,
4806 IN KPRIORITY Increment,
4807 IN BOOLEAN Abandoned,
4808 IN BOOLEAN Wait);
4809
4810NTKERNELAPI
4811VOID
4812NTAPI
4813KeInitializeQueue(
4814 OUT PRKQUEUE Queue,
4815 IN ULONG Count);
4816
4817NTKERNELAPI
4818LONG
4819NTAPI
4820KeReadStateQueue(
4821 IN PRKQUEUE Queue);
4822
4823NTKERNELAPI
4824LONG
4825NTAPI
4826KeInsertQueue(
4827 IN OUT PRKQUEUE Queue,
4828 IN OUT PLIST_ENTRY Entry);
4829
4830NTKERNELAPI
4831LONG
4832NTAPI
4833KeInsertHeadQueue(
4834 IN OUT PRKQUEUE Queue,
4835 IN OUT PLIST_ENTRY Entry);
4836
4837NTKERNELAPI
4838PLIST_ENTRY
4839NTAPI
4840KeRemoveQueue(
4841 IN OUT PRKQUEUE Queue,
4842 IN KPROCESSOR_MODE WaitMode,
4843 IN PLARGE_INTEGER Timeout OPTIONAL);
4844
4845NTKERNELAPI
4846VOID
4847NTAPI
4848KeAttachProcess(
4849 IN OUT PKPROCESS Process);
4850
4851NTKERNELAPI
4852VOID
4853NTAPI
4854KeDetachProcess(
4855 VOID);
4856
4857NTKERNELAPI
4858PLIST_ENTRY
4859NTAPI
4860KeRundownQueue(
4861 IN OUT PRKQUEUE Queue);
4862
4863NTKERNELAPI
4864VOID
4865NTAPI
4866KeStackAttachProcess(
4867 IN OUT PKPROCESS Process,
4868 OUT PKAPC_STATE ApcState);
4869
4870NTKERNELAPI
4871VOID
4872NTAPI
4873KeUnstackDetachProcess(
4874 IN PKAPC_STATE ApcState);
4875
4876NTKERNELAPI
4877UCHAR
4878NTAPI
4879KeSetIdealProcessorThread(
4880 IN OUT PKTHREAD Thread,
4881 IN UCHAR Processor);
4882
4883NTKERNELAPI
4884BOOLEAN
4885NTAPI
4886KeSetKernelStackSwapEnable(
4887 IN BOOLEAN Enable);
4888
4889#if defined(_X86_)
4890NTHALAPI
4891KIRQL
4892FASTCALL
4893KeAcquireSpinLockRaiseToSynch(
4894 IN OUT PKSPIN_LOCK SpinLock);
4895#else
4896NTKERNELAPI
4897KIRQL
4898KeAcquireSpinLockRaiseToSynch(
4899 IN OUT PKSPIN_LOCK SpinLock);
4900#endif
4901
4902#endif /* (NTDDI_VERSION >= NTDDI_WIN2K) */
4903
4904#if (NTDDI_VERSION >= NTDDI_WINXP)
4905
4906_DECL_HAL_KE_IMPORT
4907KIRQL
4908FASTCALL
4909KeAcquireQueuedSpinLock(
4910 IN OUT KSPIN_LOCK_QUEUE_NUMBER Number);
4911
4912_DECL_HAL_KE_IMPORT
4913VOID
4914FASTCALL
4915KeReleaseQueuedSpinLock(
4916 IN OUT KSPIN_LOCK_QUEUE_NUMBER Number,
4917 IN KIRQL OldIrql);
4918
4919_DECL_HAL_KE_IMPORT
4920LOGICAL
4921FASTCALL
4922KeTryToAcquireQueuedSpinLock(
4923 IN KSPIN_LOCK_QUEUE_NUMBER Number,
4924 OUT PKIRQL OldIrql);
4925
4926#endif /* (NTDDI_VERSION >= NTDDI_WINXP) */
4927
4928
4929
4930#if (NTDDI_VERSION >= NTDDI_VISTA)
4931
4932NTKERNELAPI
4933VOID
4934KeQueryOwnerMutant(
4935 IN PKMUTANT Mutant,
4936 OUT PCLIENT_ID ClientId);
4937
4938NTKERNELAPI
4939ULONG
4940KeRemoveQueueEx (
4941 IN OUT PKQUEUE Queue,
4942 IN KPROCESSOR_MODE WaitMode,
4943 IN BOOLEAN Alertable,
4944 IN PLARGE_INTEGER Timeout OPTIONAL,
4945 OUT PLIST_ENTRY *EntryArray,
4946 IN ULONG Count);
4947
4948#endif /* (NTDDI_VERSION >= NTDDI_VISTA) */
4949
4950
4951
4952#define INVALID_PROCESSOR_INDEX 0xffffffff
4953
4954#define EX_PUSH_LOCK ULONG_PTR
4955#define PEX_PUSH_LOCK PULONG_PTR
4956
4957/******************************************************************************
4958 * Executive Functions *
4959 ******************************************************************************/
4960
4961#define ExDisableResourceBoost ExDisableResourceBoostLite
4962
4963VOID
4964ExInitializePushLock (
4965 OUT PEX_PUSH_LOCK PushLock);
4966
4967#if (NTDDI_VERSION >= NTDDI_WIN2K)
4968
4969NTKERNELAPI
4970SIZE_T
4971NTAPI
4972ExQueryPoolBlockSize(
4973 IN PVOID PoolBlock,
4974 OUT PBOOLEAN QuotaCharged);
4975
4976VOID
4977ExAdjustLookasideDepth(
4978 VOID);
4979
4980NTKERNELAPI
4981VOID
4982NTAPI
4983ExDisableResourceBoostLite(
4984 IN PERESOURCE Resource);
4985#endif /* (NTDDI_VERSION >= NTDDI_WIN2K) */
4986
4987#if (NTDDI_VERSION >= NTDDI_WINXP)
4988
4989PSLIST_ENTRY
4990FASTCALL
4991InterlockedPushListSList(
4992 IN OUT PSLIST_HEADER ListHead,
4993 IN OUT PSLIST_ENTRY List,
4994 IN OUT PSLIST_ENTRY ListEnd,
4995 IN ULONG Count);
4996#endif /* (NTDDI_VERSION >= NTDDI_WINXP) */
4997
4998/******************************************************************************
4999 * Security Manager Functions *
5000 ******************************************************************************/
5001
5002#if (NTDDI_VERSION >= NTDDI_WIN2K)
5003
5004NTKERNELAPI
5005VOID
5006NTAPI
5007SeReleaseSubjectContext(
5008 IN PSECURITY_SUBJECT_CONTEXT SubjectContext);
5009
5010NTKERNELAPI
5011BOOLEAN
5012NTAPI
5013SePrivilegeCheck(
5014 IN OUT PPRIVILEGE_SET RequiredPrivileges,
5015 IN PSECURITY_SUBJECT_CONTEXT SubjectContext,
5016 IN KPROCESSOR_MODE AccessMode);
5017
5018NTKERNELAPI
5019VOID
5020NTAPI
5021SeOpenObjectAuditAlarm(
5022 IN PUNICODE_STRING ObjectTypeName,
5023 IN PVOID Object OPTIONAL,
5024 IN PUNICODE_STRING AbsoluteObjectName OPTIONAL,
5025 IN PSECURITY_DESCRIPTOR SecurityDescriptor,
5026 IN PACCESS_STATE AccessState,
5027 IN BOOLEAN ObjectCreated,
5028 IN BOOLEAN AccessGranted,
5029 IN KPROCESSOR_MODE AccessMode,
5030 OUT PBOOLEAN GenerateOnClose);
5031
5032NTKERNELAPI
5033VOID
5034NTAPI
5035SeOpenObjectForDeleteAuditAlarm(
5036 IN PUNICODE_STRING ObjectTypeName,
5037 IN PVOID Object OPTIONAL,
5038 IN PUNICODE_STRING AbsoluteObjectName OPTIONAL,
5039 IN PSECURITY_DESCRIPTOR SecurityDescriptor,
5040 IN PACCESS_STATE AccessState,
5041 IN BOOLEAN ObjectCreated,
5042 IN BOOLEAN AccessGranted,
5043 IN KPROCESSOR_MODE AccessMode,
5044 OUT PBOOLEAN GenerateOnClose);
5045
5046NTKERNELAPI
5047VOID
5048NTAPI
5049SeDeleteObjectAuditAlarm(
5050 IN PVOID Object,
5051 IN HANDLE Handle);
5052
5053NTKERNELAPI
5054TOKEN_TYPE
5055NTAPI
5056SeTokenType(
5057 IN PACCESS_TOKEN Token);
5058
5059NTKERNELAPI
5060BOOLEAN
5061NTAPI
5062SeTokenIsAdmin(
5063 IN PACCESS_TOKEN Token);
5064
5065NTKERNELAPI
5066BOOLEAN
5067NTAPI
5068SeTokenIsRestricted(
5069 IN PACCESS_TOKEN Token);
5070
5071NTKERNELAPI
5072NTSTATUS
5073NTAPI
5074SeQueryAuthenticationIdToken(
5075 IN PACCESS_TOKEN Token,
5076 OUT PLUID AuthenticationId);
5077
5078NTKERNELAPI
5079NTSTATUS
5080NTAPI
5081SeQuerySessionIdToken(
5082 IN PACCESS_TOKEN Token,
5083 OUT PULONG SessionId);
5084
5085NTKERNELAPI
5086NTSTATUS
5087NTAPI
5088SeCreateClientSecurity(
5089 IN PETHREAD ClientThread,
5090 IN PSECURITY_QUALITY_OF_SERVICE ClientSecurityQos,
5091 IN BOOLEAN RemoteSession,
5092 OUT PSECURITY_CLIENT_CONTEXT ClientContext);
5093
5094NTKERNELAPI
5095VOID
5096NTAPI
5097SeImpersonateClient(
5098 IN PSECURITY_CLIENT_CONTEXT ClientContext,
5099 IN PETHREAD ServerThread OPTIONAL);
5100
5101NTKERNELAPI
5102NTSTATUS
5103NTAPI
5104SeImpersonateClientEx(
5105 IN PSECURITY_CLIENT_CONTEXT ClientContext,
5106 IN PETHREAD ServerThread OPTIONAL);
5107
5108NTKERNELAPI
5109NTSTATUS
5110NTAPI
5111SeCreateClientSecurityFromSubjectContext(
5112 IN PSECURITY_SUBJECT_CONTEXT SubjectContext,
5113 IN PSECURITY_QUALITY_OF_SERVICE ClientSecurityQos,
5114 IN BOOLEAN ServerIsRemote,
5115 OUT PSECURITY_CLIENT_CONTEXT ClientContext);
5116
5117NTKERNELAPI
5118NTSTATUS
5119NTAPI
5120SeQuerySecurityDescriptorInfo(
5121 IN PSECURITY_INFORMATION SecurityInformation,
5122 OUT PSECURITY_DESCRIPTOR SecurityDescriptor,
5123 IN OUT PULONG Length,
5124 IN OUT PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor);
5125
5126NTKERNELAPI
5127NTSTATUS
5128NTAPI
5129SeSetSecurityDescriptorInfo(
5130 IN PVOID Object OPTIONAL,
5131 IN PSECURITY_INFORMATION SecurityInformation,
5132 IN PSECURITY_DESCRIPTOR SecurityDescriptor,
5133 IN OUT PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor,
5134 IN POOL_TYPE PoolType,
5135 IN PGENERIC_MAPPING GenericMapping);
5136
5137NTKERNELAPI
5138NTSTATUS
5139NTAPI
5140SeSetSecurityDescriptorInfoEx(
5141 IN PVOID Object OPTIONAL,
5142 IN PSECURITY_INFORMATION SecurityInformation,
5143 IN PSECURITY_DESCRIPTOR ModificationDescriptor,
5144 IN OUT PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor,
5145 IN ULONG AutoInheritFlags,
5146 IN POOL_TYPE PoolType,
5147 IN PGENERIC_MAPPING GenericMapping);
5148
5149NTKERNELAPI
5150NTSTATUS
5151NTAPI
5152SeAppendPrivileges(
5153 IN OUT PACCESS_STATE AccessState,
5154 IN PPRIVILEGE_SET Privileges);
5155
5156NTKERNELAPI
5157BOOLEAN
5158NTAPI
5159SeAuditingFileEvents(
5160 IN BOOLEAN AccessGranted,
5161 IN PSECURITY_DESCRIPTOR SecurityDescriptor);
5162
5163NTKERNELAPI
5164BOOLEAN
5165NTAPI
5166SeAuditingFileOrGlobalEvents(
5167 IN BOOLEAN AccessGranted,
5168 IN PSECURITY_DESCRIPTOR SecurityDescriptor,
5169 IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext);
5170
5171VOID
5172NTAPI
5173SeSetAccessStateGenericMapping(
5174 IN OUT PACCESS_STATE AccessState,
5175 IN PGENERIC_MAPPING GenericMapping);
5176
5177NTKERNELAPI
5178NTSTATUS
5179NTAPI
5180SeRegisterLogonSessionTerminatedRoutine(
5181 IN PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine);
5182
5183NTKERNELAPI
5184NTSTATUS
5185NTAPI
5186SeUnregisterLogonSessionTerminatedRoutine(
5187 IN PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine);
5188
5189NTKERNELAPI
5190NTSTATUS
5191NTAPI
5192SeMarkLogonSessionForTerminationNotification(
5193 IN PLUID LogonId);
5194
5195NTKERNELAPI
5196NTSTATUS
5197NTAPI
5198SeQueryInformationToken(
5199 IN PACCESS_TOKEN Token,
5200 IN TOKEN_INFORMATION_CLASS TokenInformationClass,
5201 OUT PVOID *TokenInformation);
5202
5203#endif /* (NTDDI_VERSION >= NTDDI_WIN2K) */
5204#if (NTDDI_VERSION >= NTDDI_WIN2KSP3)
5205NTKERNELAPI
5206BOOLEAN
5207NTAPI
5208SeAuditingHardLinkEvents(
5209 IN BOOLEAN AccessGranted,
5210 IN PSECURITY_DESCRIPTOR SecurityDescriptor);
5211#endif
5212
5213#if (NTDDI_VERSION >= NTDDI_WINXP)
5214
5215NTKERNELAPI
5216NTSTATUS
5217NTAPI
5218SeFilterToken(
5219 IN PACCESS_TOKEN ExistingToken,
5220 IN ULONG Flags,
5221 IN PTOKEN_GROUPS SidsToDisable OPTIONAL,
5222 IN PTOKEN_PRIVILEGES PrivilegesToDelete OPTIONAL,
5223 IN PTOKEN_GROUPS RestrictedSids OPTIONAL,
5224 OUT PACCESS_TOKEN *FilteredToken);
5225
5226NTKERNELAPI
5227VOID
5228NTAPI
5229SeAuditHardLinkCreation(
5230 IN PUNICODE_STRING FileName,
5231 IN PUNICODE_STRING LinkName,
5232 IN BOOLEAN bSuccess);
5233
5234#endif /* (NTDDI_VERSION >= NTDDI_WINXP) */
5235
5236#if (NTDDI_VERSION >= NTDDI_WINXPSP2)
5237
5238NTKERNELAPI
5239BOOLEAN
5240NTAPI
5241SeAuditingFileEventsWithContext(
5242 IN BOOLEAN AccessGranted,
5243 IN PSECURITY_DESCRIPTOR SecurityDescriptor,
5244 IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext OPTIONAL);
5245
5246NTKERNELAPI
5247BOOLEAN
5248NTAPI
5249SeAuditingHardLinkEventsWithContext(
5250 IN BOOLEAN AccessGranted,
5251 IN PSECURITY_DESCRIPTOR SecurityDescriptor,
5252 IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext OPTIONAL);
5253
5254#endif
5255
5256
5257#if (NTDDI_VERSION >= NTDDI_VISTA)
5258
5259NTKERNELAPI
5260VOID
5261NTAPI
5262SeOpenObjectAuditAlarmWithTransaction(
5263 IN PUNICODE_STRING ObjectTypeName,
5264 IN PVOID Object OPTIONAL,
5265 IN PUNICODE_STRING AbsoluteObjectName OPTIONAL,
5266 IN PSECURITY_DESCRIPTOR SecurityDescriptor,
5267 IN PACCESS_STATE AccessState,
5268 IN BOOLEAN ObjectCreated,
5269 IN BOOLEAN AccessGranted,
5270 IN KPROCESSOR_MODE AccessMode,
5271 IN GUID *TransactionId OPTIONAL,
5272 OUT PBOOLEAN GenerateOnClose);
5273
5274NTKERNELAPI
5275VOID
5276NTAPI
5277SeOpenObjectForDeleteAuditAlarmWithTransaction(
5278 IN PUNICODE_STRING ObjectTypeName,
5279 IN PVOID Object OPTIONAL,
5280 IN PUNICODE_STRING AbsoluteObjectName OPTIONAL,
5281 IN PSECURITY_DESCRIPTOR SecurityDescriptor,
5282 IN PACCESS_STATE AccessState,
5283 IN BOOLEAN ObjectCreated,
5284 IN BOOLEAN AccessGranted,
5285 IN KPROCESSOR_MODE AccessMode,
5286 IN GUID *TransactionId OPTIONAL,
5287 OUT PBOOLEAN GenerateOnClose);
5288
5289NTKERNELAPI
5290VOID
5291NTAPI
5292SeExamineSacl(
5293 IN PACL Sacl,
5294 IN PACCESS_TOKEN Token,
5295 IN ACCESS_MASK DesiredAccess,
5296 IN BOOLEAN AccessGranted,
5297 OUT PBOOLEAN GenerateAudit,
5298 OUT PBOOLEAN GenerateAlarm);
5299
5300NTKERNELAPI
5301VOID
5302NTAPI
5303SeDeleteObjectAuditAlarmWithTransaction(
5304 IN PVOID Object,
5305 IN HANDLE Handle,
5306 IN GUID *TransactionId OPTIONAL);
5307
5308NTKERNELAPI
5309VOID
5310NTAPI
5311SeQueryTokenIntegrity(
5312 IN PACCESS_TOKEN Token,
5313 IN OUT PSID_AND_ATTRIBUTES IntegritySA);
5314
5315NTKERNELAPI
5316NTSTATUS
5317NTAPI
5318SeSetSessionIdToken(
5319 IN PACCESS_TOKEN Token,
5320 IN ULONG SessionId);
5321
5322NTKERNELAPI
5323VOID
5324NTAPI
5325SeAuditHardLinkCreationWithTransaction(
5326 IN PUNICODE_STRING FileName,
5327 IN PUNICODE_STRING LinkName,
5328 IN BOOLEAN bSuccess,
5329 IN GUID *TransactionId OPTIONAL);
5330
5331NTKERNELAPI
5332VOID
5333NTAPI
5334SeAuditTransactionStateChange(
5335 IN GUID *TransactionId,
5336 IN GUID *ResourceManagerId,
5337 IN ULONG NewTransactionState);
5338#endif /* (NTDDI_VERSION >= NTDDI_VISTA) */
5339
5340#if (NTDDI_VERSION >= NTDDI_VISTA || (NTDDI_VERSION >= NTDDI_WINXPSP2 && NTDDI_VERSION < NTDDI_WS03))
5341NTKERNELAPI
5342BOOLEAN
5343NTAPI
5344SeTokenIsWriteRestricted(
5345 IN PACCESS_TOKEN Token);
5346#endif
5347
5348#if (NTDDI_VERSION >= NTDDI_WIN7)
5349
5350NTKERNELAPI
5351BOOLEAN
5352NTAPI
5353SeAuditingAnyFileEventsWithContext(
5354 IN PSECURITY_DESCRIPTOR SecurityDescriptor,
5355 IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext OPTIONAL);
5356
5357NTKERNELAPI
5358VOID
5359NTAPI
5360SeExamineGlobalSacl(
5361 IN PUNICODE_STRING ObjectType,
5362 IN PACCESS_TOKEN Token,
5363 IN ACCESS_MASK DesiredAccess,
5364 IN BOOLEAN AccessGranted,
5365 IN OUT PBOOLEAN GenerateAudit,
5366 IN OUT PBOOLEAN GenerateAlarm OPTIONAL);
5367
5368NTKERNELAPI
5369VOID
5370NTAPI
5371SeMaximumAuditMaskFromGlobalSacl(
5372 IN PUNICODE_STRING ObjectTypeName OPTIONAL,
5373 IN ACCESS_MASK GrantedAccess,
5374 IN PACCESS_TOKEN Token,
5375 IN OUT PACCESS_MASK AuditMask);
5376
5377#endif /* (NTDDI_VERSION >= NTDDI_WIN7) */
5378
5379NTSTATUS
5380NTAPI
5381SeReportSecurityEventWithSubCategory(
5382 IN ULONG Flags,
5383 IN PUNICODE_STRING SourceName,
5384 IN PSID UserSid OPTIONAL,
5385 IN PSE_ADT_PARAMETER_ARRAY AuditParameters,
5386 IN ULONG AuditSubcategoryId);
5387
5388BOOLEAN
5389NTAPI
5390SeAccessCheckFromState(
5391 IN PSECURITY_DESCRIPTOR SecurityDescriptor,
5392 IN PTOKEN_ACCESS_INFORMATION PrimaryTokenInformation,
5393 IN PTOKEN_ACCESS_INFORMATION ClientTokenInformation OPTIONAL,
5394 IN ACCESS_MASK DesiredAccess,
5395 IN ACCESS_MASK PreviouslyGrantedAccess,
5396 OUT PPRIVILEGE_SET *Privileges OPTIONAL,
5397 IN PGENERIC_MAPPING GenericMapping,
5398 IN KPROCESSOR_MODE AccessMode,
5399 OUT PACCESS_MASK GrantedAccess,
5400 OUT PNTSTATUS AccessStatus);
5401
5402NTKERNELAPI
5403VOID
5404NTAPI
5405SeFreePrivileges(
5406 IN PPRIVILEGE_SET Privileges);
5407
5408NTSTATUS
5409NTAPI
5410SeLocateProcessImageName(
5411 IN OUT PEPROCESS Process,
5412 OUT PUNICODE_STRING *pImageFileName);
5413
5414#define SeLengthSid( Sid ) \
5415 (8 + (4 * ((SID *)Sid)->SubAuthorityCount))
5416
5417#define SeDeleteClientSecurity(C) { \
5418 if (SeTokenType((C)->ClientToken) == TokenPrimary) { \
5419 PsDereferencePrimaryToken( (C)->ClientToken ); \
5420 } else { \
5421 PsDereferenceImpersonationToken( (C)->ClientToken ); \
5422 } \
5423}
5424
5425#define SeStopImpersonatingClient() PsRevertToSelf()
5426
5427#define SeQuerySubjectContextToken( SubjectContext ) \
5428 ( ARGUMENT_PRESENT( \
5429 ((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->ClientToken \
5430 ) ? \
5431 ((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->ClientToken : \
5432 ((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->PrimaryToken )
5433
5434extern NTKERNELAPI PSE_EXPORTS SeExports;
5435/******************************************************************************
5436 * Process Manager Functions *
5437 ******************************************************************************/
5438
5439NTKERNELAPI
5440NTSTATUS
5441NTAPI
5442PsLookupProcessByProcessId(
5443 IN HANDLE ProcessId,
5444 OUT PEPROCESS *Process);
5445
5446NTKERNELAPI
5447NTSTATUS
5448NTAPI
5449PsLookupThreadByThreadId(
5450 IN HANDLE UniqueThreadId,
5451 OUT PETHREAD *Thread);
5452
5453#if (NTDDI_VERSION >= NTDDI_WIN2K)
5454
5455
5456NTKERNELAPI
5457PACCESS_TOKEN
5458NTAPI
5459PsReferenceImpersonationToken(
5460 IN OUT PETHREAD Thread,
5461 OUT PBOOLEAN CopyOnOpen,
5462 OUT PBOOLEAN EffectiveOnly,
5463 OUT PSECURITY_IMPERSONATION_LEVEL ImpersonationLevel);
5464
5465NTKERNELAPI
5466LARGE_INTEGER
5467NTAPI
5468PsGetProcessExitTime(VOID);
5469
5470NTKERNELAPI
5471BOOLEAN
5472NTAPI
5473PsIsThreadTerminating(
5474 IN PETHREAD Thread);
5475
5476NTKERNELAPI
5477NTSTATUS
5478NTAPI
5479PsImpersonateClient(
5480 IN OUT PETHREAD Thread,
5481 IN PACCESS_TOKEN Token,
5482 IN BOOLEAN CopyOnOpen,
5483 IN BOOLEAN EffectiveOnly,
5484 IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel);
5485
5486NTKERNELAPI
5487BOOLEAN
5488NTAPI
5489PsDisableImpersonation(
5490 IN OUT PETHREAD Thread,
5491 IN OUT PSE_IMPERSONATION_STATE ImpersonationState);
5492
5493NTKERNELAPI
5494VOID
5495NTAPI
5496PsRestoreImpersonation(
5497 IN PETHREAD Thread,
5498 IN PSE_IMPERSONATION_STATE ImpersonationState);
5499
5500NTKERNELAPI
5501VOID
5502NTAPI
5503PsRevertToSelf(VOID);
5504
5505NTKERNELAPI
5506VOID
5507NTAPI
5508PsChargePoolQuota(
5509 IN PEPROCESS Process,
5510 IN POOL_TYPE PoolType,
5511 IN ULONG_PTR Amount);
5512
5513NTKERNELAPI
5514VOID
5515NTAPI
5516PsReturnPoolQuota(
5517 IN PEPROCESS Process,
5518 IN POOL_TYPE PoolType,
5519 IN ULONG_PTR Amount);
5520
5521NTKERNELAPI
5522NTSTATUS
5523NTAPI
5524PsAssignImpersonationToken(
5525 IN PETHREAD Thread,
5526 IN HANDLE Token OPTIONAL);
5527
5528NTKERNELAPI
5529HANDLE
5530NTAPI
5531PsReferencePrimaryToken(
5532 IN OUT PEPROCESS Process);
5533#endif /* (NTDDI_VERSION >= NTDDI_WIN2K) */
5534#if (NTDDI_VERSION >= NTDDI_WINXP)
5535
5536
5537NTKERNELAPI
5538VOID
5539NTAPI
5540PsDereferencePrimaryToken(
5541 IN PACCESS_TOKEN PrimaryToken);
5542
5543NTKERNELAPI
5544VOID
5545NTAPI
5546PsDereferenceImpersonationToken(
5547 IN PACCESS_TOKEN ImpersonationToken);
5548
5549NTKERNELAPI
5550NTSTATUS
5551NTAPI
5552PsChargeProcessPoolQuota(
5553 IN PEPROCESS Process,
5554 IN POOL_TYPE PoolType,
5555 IN ULONG_PTR Amount);
5556
5557NTKERNELAPI
5558BOOLEAN
5559NTAPI
5560PsIsSystemThread(
5561 IN PETHREAD Thread);
5562#endif /* (NTDDI_VERSION >= NTDDI_WINXP) */
5563
5564/******************************************************************************
5565 * I/O Manager Functions *
5566 ******************************************************************************/
5567
5568#define IoIsFileOpenedExclusively(FileObject) ( \
5569 (BOOLEAN) !( \
5570 (FileObject)->SharedRead || \
5571 (FileObject)->SharedWrite || \
5572 (FileObject)->SharedDelete \
5573 ) \
5574)
5575
5576#if (NTDDI_VERSION == NTDDI_WIN2K)
5577NTKERNELAPI
5578NTSTATUS
5579NTAPI
5580IoRegisterFsRegistrationChangeEx(
5581 IN PDRIVER_OBJECT DriverObject,
5582 IN PDRIVER_FS_NOTIFICATION DriverNotificationRoutine);
5583#endif
5584#if (NTDDI_VERSION >= NTDDI_WIN2K)
5585
5586
5587NTKERNELAPI
5588VOID
5589NTAPI
5590IoAcquireVpbSpinLock(
5591 OUT PKIRQL Irql);
5592
5593NTKERNELAPI
5594NTSTATUS
5595NTAPI
5596IoCheckDesiredAccess(
5597 IN OUT PACCESS_MASK DesiredAccess,
5598 IN ACCESS_MASK GrantedAccess);
5599
5600NTKERNELAPI
5601NTSTATUS
5602NTAPI
5603IoCheckEaBufferValidity(
5604 IN PFILE_FULL_EA_INFORMATION EaBuffer,
5605 IN ULONG EaLength,
5606 OUT PULONG ErrorOffset);
5607
5608NTKERNELAPI
5609NTSTATUS
5610NTAPI
5611IoCheckFunctionAccess(
5612 IN ACCESS_MASK GrantedAccess,
5613 IN UCHAR MajorFunction,
5614 IN UCHAR MinorFunction,
5615 IN ULONG IoControlCode,
5616 IN PVOID Argument1 OPTIONAL,
5617 IN PVOID Argument2 OPTIONAL);
5618
5619NTKERNELAPI
5620NTSTATUS
5621NTAPI
5622IoCheckQuerySetFileInformation(
5623 IN FILE_INFORMATION_CLASS FileInformationClass,
5624 IN ULONG Length,
5625 IN BOOLEAN SetOperation);
5626
5627NTKERNELAPI
5628NTSTATUS
5629NTAPI
5630IoCheckQuerySetVolumeInformation(
5631 IN FS_INFORMATION_CLASS FsInformationClass,
5632 IN ULONG Length,
5633 IN BOOLEAN SetOperation);
5634
5635NTKERNELAPI
5636NTSTATUS
5637NTAPI
5638IoCheckQuotaBufferValidity(
5639 IN PFILE_QUOTA_INFORMATION QuotaBuffer,
5640 IN ULONG QuotaLength,
5641 OUT PULONG ErrorOffset);
5642
5643NTKERNELAPI
5644PFILE_OBJECT
5645NTAPI
5646IoCreateStreamFileObject(
5647 IN PFILE_OBJECT FileObject OPTIONAL,
5648 IN PDEVICE_OBJECT DeviceObject OPTIONAL);
5649
5650NTKERNELAPI
5651PFILE_OBJECT
5652NTAPI
5653IoCreateStreamFileObjectLite(
5654 IN PFILE_OBJECT FileObject OPTIONAL,
5655 IN PDEVICE_OBJECT DeviceObject OPTIONAL);
5656
5657NTKERNELAPI
5658BOOLEAN
5659NTAPI
5660IoFastQueryNetworkAttributes(
5661 IN POBJECT_ATTRIBUTES ObjectAttributes,
5662 IN ACCESS_MASK DesiredAccess,
5663 IN ULONG OpenOptions,
5664 OUT PIO_STATUS_BLOCK IoStatus,
5665 OUT PFILE_NETWORK_OPEN_INFORMATION Buffer);
5666
5667NTKERNELAPI
5668NTSTATUS
5669NTAPI
5670IoPageRead(
5671 IN PFILE_OBJECT FileObject,
5672 IN PMDL Mdl,
5673 IN PLARGE_INTEGER Offset,
5674 IN PKEVENT Event,
5675 OUT PIO_STATUS_BLOCK IoStatusBlock);
5676
5677NTKERNELAPI
5678PDEVICE_OBJECT
5679NTAPI
5680IoGetBaseFileSystemDeviceObject(
5681 IN PFILE_OBJECT FileObject);
5682
5683NTKERNELAPI
5684PCONFIGURATION_INFORMATION
5685NTAPI
5686IoGetConfigurationInformation(VOID);
5687
5688NTKERNELAPI
5689ULONG
5690NTAPI
5691IoGetRequestorProcessId(
5692 IN PIRP Irp);
5693
5694NTKERNELAPI
5695PEPROCESS
5696NTAPI
5697IoGetRequestorProcess(
5698 IN PIRP Irp);
5699
5700NTKERNELAPI
5701PIRP
5702NTAPI
5703IoGetTopLevelIrp(VOID);
5704
5705NTKERNELAPI
5706BOOLEAN
5707NTAPI
5708IoIsOperationSynchronous(
5709 IN PIRP Irp);
5710
5711NTKERNELAPI
5712BOOLEAN
5713NTAPI
5714IoIsSystemThread(
5715 IN PETHREAD Thread);
5716
5717NTKERNELAPI
5718BOOLEAN
5719NTAPI
5720IoIsValidNameGraftingBuffer(
5721 IN PIRP Irp,
5722 IN PREPARSE_DATA_BUFFER ReparseBuffer);
5723
5724NTKERNELAPI
5725NTSTATUS
5726NTAPI
5727IoQueryFileInformation(
5728 IN PFILE_OBJECT FileObject,
5729 IN FILE_INFORMATION_CLASS FileInformationClass,
5730 IN ULONG Length,
5731 OUT PVOID FileInformation,
5732 OUT PULONG ReturnedLength);
5733
5734NTKERNELAPI
5735NTSTATUS
5736NTAPI
5737IoQueryVolumeInformation(
5738 IN PFILE_OBJECT FileObject,
5739 IN FS_INFORMATION_CLASS FsInformationClass,
5740 IN ULONG Length,
5741 OUT PVOID FsInformation,
5742 OUT PULONG ReturnedLength);
5743
5744NTKERNELAPI
5745VOID
5746NTAPI
5747IoQueueThreadIrp(
5748 IN PIRP Irp);
5749
5750NTKERNELAPI
5751VOID
5752NTAPI
5753IoRegisterFileSystem(
5754 IN PDEVICE_OBJECT DeviceObject);
5755
5756NTKERNELAPI
5757NTSTATUS
5758NTAPI
5759IoRegisterFsRegistrationChange(
5760 IN PDRIVER_OBJECT DriverObject,
5761 IN PDRIVER_FS_NOTIFICATION DriverNotificationRoutine);
5762
5763NTKERNELAPI
5764VOID
5765NTAPI
5766IoReleaseVpbSpinLock(
5767 IN KIRQL Irql);
5768
5769NTKERNELAPI
5770VOID
5771NTAPI
5772IoSetDeviceToVerify(
5773 IN PETHREAD Thread,
5774 IN PDEVICE_OBJECT DeviceObject OPTIONAL);
5775
5776NTKERNELAPI
5777NTSTATUS
5778NTAPI
5779IoSetInformation(
5780 IN PFILE_OBJECT FileObject,
5781 IN FILE_INFORMATION_CLASS FileInformationClass,
5782 IN ULONG Length,
5783 IN PVOID FileInformation);
5784
5785NTKERNELAPI
5786VOID
5787NTAPI
5788IoSetTopLevelIrp(
5789 IN PIRP Irp OPTIONAL);
5790
5791NTKERNELAPI
5792NTSTATUS
5793NTAPI
5794IoSynchronousPageWrite(
5795 IN PFILE_OBJECT FileObject,
5796 IN PMDL Mdl,
5797 IN PLARGE_INTEGER FileOffset,
5798 IN PKEVENT Event,
5799 OUT PIO_STATUS_BLOCK IoStatusBlock);
5800
5801NTKERNELAPI
5802PEPROCESS
5803NTAPI
5804IoThreadToProcess(
5805 IN PETHREAD Thread);
5806
5807NTKERNELAPI
5808VOID
5809NTAPI
5810IoUnregisterFileSystem(
5811 IN PDEVICE_OBJECT DeviceObject);
5812
5813NTKERNELAPI
5814VOID
5815NTAPI
5816IoUnregisterFsRegistrationChange(
5817 IN PDRIVER_OBJECT DriverObject,
5818 IN PDRIVER_FS_NOTIFICATION DriverNotificationRoutine);
5819
5820NTKERNELAPI
5821NTSTATUS
5822NTAPI
5823IoVerifyVolume(
5824 IN PDEVICE_OBJECT DeviceObject,
5825 IN BOOLEAN AllowRawMount);
5826
5827NTKERNELAPI
5828NTSTATUS
5829NTAPI
5830IoGetRequestorSessionId(
5831 IN PIRP Irp,
5832 OUT PULONG pSessionId);
5833
5834#endif /* (NTDDI_VERSION >= NTDDI_WIN2K) */
5835
5836
5837#if (NTDDI_VERSION >= NTDDI_WINXP)
5838
5839NTKERNELAPI
5840PFILE_OBJECT
5841NTAPI
5842IoCreateStreamFileObjectEx(
5843 IN PFILE_OBJECT FileObject OPTIONAL,
5844 IN PDEVICE_OBJECT DeviceObject OPTIONAL,
5845 OUT PHANDLE FileObjectHandle OPTIONAL);
5846
5847NTKERNELAPI
5848NTSTATUS
5849NTAPI
5850IoQueryFileDosDeviceName(
5851 IN PFILE_OBJECT FileObject,
5852 OUT POBJECT_NAME_INFORMATION *ObjectNameInformation);
5853
5854NTKERNELAPI
5855NTSTATUS
5856NTAPI
5857IoEnumerateDeviceObjectList(
5858 IN PDRIVER_OBJECT DriverObject,
5859 OUT PDEVICE_OBJECT *DeviceObjectList,
5860 IN ULONG DeviceObjectListSize,
5861 OUT PULONG ActualNumberDeviceObjects);
5862
5863NTKERNELAPI
5864PDEVICE_OBJECT
5865NTAPI
5866IoGetLowerDeviceObject(
5867 IN PDEVICE_OBJECT DeviceObject);
5868
5869NTKERNELAPI
5870PDEVICE_OBJECT
5871NTAPI
5872IoGetDeviceAttachmentBaseRef(
5873 IN PDEVICE_OBJECT DeviceObject);
5874
5875NTKERNELAPI
5876NTSTATUS
5877NTAPI
5878IoGetDiskDeviceObject(
5879 IN PDEVICE_OBJECT FileSystemDeviceObject,
5880 OUT PDEVICE_OBJECT *DiskDeviceObject);
5881
5882#endif /* (NTDDI_VERSION >= NTDDI_WINXP) */
5883
5884#if (NTDDI_VERSION >= NTDDI_WS03SP1)
5885
5886NTKERNELAPI
5887NTSTATUS
5888NTAPI
5889IoEnumerateRegisteredFiltersList(
5890 OUT PDRIVER_OBJECT *DriverObjectList,
5891 IN ULONG DriverObjectListSize,
5892 OUT PULONG ActualNumberDriverObjects);
5893#endif /* (NTDDI_VERSION >= NTDDI_WS03SP1) */
5894
5895#if (NTDDI_VERSION >= NTDDI_VISTA)
5896
5897FORCEINLINE
5898VOID
5899NTAPI
5900IoInitializePriorityInfo(
5901 IN PIO_PRIORITY_INFO PriorityInfo)
5902{
5903 PriorityInfo->Size = sizeof(IO_PRIORITY_INFO);
5904 PriorityInfo->ThreadPriority = 0xffff;
5905 PriorityInfo->IoPriority = IoPriorityNormal;
5906 PriorityInfo->PagePriority = 0;
5907}
5908#endif /* (NTDDI_VERSION >= NTDDI_VISTA) */
5909
5910#if (NTDDI_VERSION >= NTDDI_WIN7)
5911
5912NTKERNELAPI
5913NTSTATUS
5914NTAPI
5915IoRegisterFsRegistrationChangeMountAware(
5916 IN PDRIVER_OBJECT DriverObject,
5917 IN PDRIVER_FS_NOTIFICATION DriverNotificationRoutine,
5918 IN BOOLEAN SynchronizeWithMounts);
5919
5920NTKERNELAPI
5921NTSTATUS
5922NTAPI
5923IoReplaceFileObjectName(
5924 IN PFILE_OBJECT FileObject,
5925 IN PWSTR NewFileName,
5926 IN USHORT FileNameLength);
5927#endif /* (NTDDI_VERSION >= NTDDI_WIN7) */
5928
5929
5930#define PO_CB_SYSTEM_POWER_POLICY 0
5931#define PO_CB_AC_STATUS 1
5932#define PO_CB_BUTTON_COLLISION 2
5933#define PO_CB_SYSTEM_STATE_LOCK 3
5934#define PO_CB_LID_SWITCH_STATE 4
5935#define PO_CB_PROCESSOR_POWER_POLICY 5
5936
5937
5938#if (NTDDI_VERSION >= NTDDI_WINXP)
5939NTKERNELAPI
5940NTSTATUS
5941NTAPI
5942PoQueueShutdownWorkItem(
5943 IN OUT PWORK_QUEUE_ITEM WorkItem);
5944#endif
5945
5946/******************************************************************************
5947 * Memory manager Types *
5948 ******************************************************************************/
5949
5950typedef enum _MMFLUSH_TYPE {
5951 MmFlushForDelete,
5952 MmFlushForWrite
5953} MMFLUSH_TYPE;
5954
5955typedef struct _READ_LIST {
5956 PFILE_OBJECT FileObject;
5957 ULONG NumberOfEntries;
5958 LOGICAL IsImage;
5959 FILE_SEGMENT_ELEMENT List[ANYSIZE_ARRAY];
5960} READ_LIST, *PREAD_LIST;
5961
5962#if (NTDDI_VERSION >= NTDDI_WINXP)
5963
5964typedef union _MM_PREFETCH_FLAGS {
5965 struct {
5966 ULONG Priority : SYSTEM_PAGE_PRIORITY_BITS;
5967 ULONG RepurposePriority : SYSTEM_PAGE_PRIORITY_BITS;
5968 } Flags;
5969 ULONG AllFlags;
5970} MM_PREFETCH_FLAGS, *PMM_PREFETCH_FLAGS;
5971
5972#define MM_PREFETCH_FLAGS_MASK ((1 << (2*SYSTEM_PAGE_PRIORITY_BITS)) - 1)
5973
5974#endif /* (NTDDI_VERSION >= NTDDI_WINXP) */
5975
5976#define HEAP_NO_SERIALIZE 0x00000001
5977#define HEAP_GROWABLE 0x00000002
5978#define HEAP_GENERATE_EXCEPTIONS 0x00000004
5979#define HEAP_ZERO_MEMORY 0x00000008
5980#define HEAP_REALLOC_IN_PLACE_ONLY 0x00000010
5981#define HEAP_TAIL_CHECKING_ENABLED 0x00000020
5982#define HEAP_FREE_CHECKING_ENABLED 0x00000040
5983#define HEAP_DISABLE_COALESCE_ON_FREE 0x00000080
5984
5985#define HEAP_CREATE_ALIGN_16 0x00010000
5986#define HEAP_CREATE_ENABLE_TRACING 0x00020000
5987#define HEAP_CREATE_ENABLE_EXECUTE 0x00040000
5988
5989#define HEAP_SETTABLE_USER_VALUE 0x00000100
5990#define HEAP_SETTABLE_USER_FLAG1 0x00000200
5991#define HEAP_SETTABLE_USER_FLAG2 0x00000400
5992#define HEAP_SETTABLE_USER_FLAG3 0x00000800
5993#define HEAP_SETTABLE_USER_FLAGS 0x00000E00
5994
5995#define HEAP_CLASS_0 0x00000000
5996#define HEAP_CLASS_1 0x00001000
5997#define HEAP_CLASS_2 0x00002000
5998#define HEAP_CLASS_3 0x00003000
5999#define HEAP_CLASS_4 0x00004000
6000#define HEAP_CLASS_5 0x00005000
6001#define HEAP_CLASS_6 0x00006000
6002#define HEAP_CLASS_7 0x00007000
6003#define HEAP_CLASS_8 0x00008000
6004#define HEAP_CLASS_MASK 0x0000F000
6005
6006#define HEAP_MAXIMUM_TAG 0x0FFF
6007#define HEAP_GLOBAL_TAG 0x0800
6008#define HEAP_PSEUDO_TAG_FLAG 0x8000
6009#define HEAP_TAG_SHIFT 18
6010#define HEAP_TAG_MASK (HEAP_MAXIMUM_TAG << HEAP_TAG_SHIFT)
6011
6012#define HEAP_CREATE_VALID_MASK (HEAP_NO_SERIALIZE | \
6013 HEAP_GROWABLE | \
6014 HEAP_GENERATE_EXCEPTIONS | \
6015 HEAP_ZERO_MEMORY | \
6016 HEAP_REALLOC_IN_PLACE_ONLY | \
6017 HEAP_TAIL_CHECKING_ENABLED | \
6018 HEAP_FREE_CHECKING_ENABLED | \
6019 HEAP_DISABLE_COALESCE_ON_FREE | \
6020 HEAP_CLASS_MASK | \
6021 HEAP_CREATE_ALIGN_16 | \
6022 HEAP_CREATE_ENABLE_TRACING | \
6023 HEAP_CREATE_ENABLE_EXECUTE)
6024
6025/******************************************************************************
6026 * Memory manager Functions *
6027 ******************************************************************************/
6028
6029FORCEINLINE
6030ULONG
6031HEAP_MAKE_TAG_FLAGS(
6032 IN ULONG TagBase,
6033 IN ULONG Tag)
6034{
6035 //__assume_bound(TagBase); // FIXME
6036 return ((ULONG)((TagBase) + ((Tag) << HEAP_TAG_SHIFT)));
6037}
6038
6039#if (NTDDI_VERSION >= NTDDI_WIN2K)
6040
6041NTKERNELAPI
6042BOOLEAN
6043NTAPI
6044MmIsRecursiveIoFault(
6045 VOID);
6046
6047NTKERNELAPI
6048BOOLEAN
6049NTAPI
6050MmForceSectionClosed(
6051 IN PSECTION_OBJECT_POINTERS SectionObjectPointer,
6052 IN BOOLEAN DelayClose);
6053
6054NTKERNELAPI
6055BOOLEAN
6056NTAPI
6057MmFlushImageSection(
6058 IN PSECTION_OBJECT_POINTERS SectionObjectPointer,
6059 IN MMFLUSH_TYPE FlushType);
6060
6061NTKERNELAPI
6062BOOLEAN
6063NTAPI
6064MmCanFileBeTruncated(
6065 IN PSECTION_OBJECT_POINTERS SectionObjectPointer,
6066 IN PLARGE_INTEGER NewFileSize OPTIONAL);
6067
6068NTKERNELAPI
6069BOOLEAN
6070NTAPI
6071MmSetAddressRangeModified(
6072 IN PVOID Address,
6073 IN SIZE_T Length);
6074
6075#endif /* (NTDDI_VERSION >= NTDDI_WIN2K) */
6076
6077#if (NTDDI_VERSION >= NTDDI_WINXP)
6078
6079NTKERNELAPI
6080NTSTATUS
6081NTAPI
6082MmPrefetchPages(
6083 IN ULONG NumberOfLists,
6084 IN PREAD_LIST *ReadLists);
6085
6086#endif /* (NTDDI_VERSION >= NTDDI_WINXP) */
6087
6088
6089#if (NTDDI_VERSION >= NTDDI_VISTA)
6090
6091NTKERNELAPI
6092ULONG
6093NTAPI
6094MmDoesFileHaveUserWritableReferences(
6095 IN PSECTION_OBJECT_POINTERS SectionPointer);
6096#endif /* (NTDDI_VERSION >= NTDDI_VISTA) */
6097
6098
6099#if (NTDDI_VERSION >= NTDDI_WIN2K)
6100
6101NTKERNELAPI
6102NTSTATUS
6103NTAPI
6104ObInsertObject(
6105 IN PVOID Object,
6106 IN OUT PACCESS_STATE PassedAccessState OPTIONAL,
6107 IN ACCESS_MASK DesiredAccess OPTIONAL,
6108 IN ULONG ObjectPointerBias,
6109 OUT PVOID *NewObject OPTIONAL,
6110 OUT PHANDLE Handle OPTIONAL);
6111
6112NTKERNELAPI
6113NTSTATUS
6114NTAPI
6115ObOpenObjectByPointer(
6116 IN PVOID Object,
6117 IN ULONG HandleAttributes,
6118 IN PACCESS_STATE PassedAccessState OPTIONAL,
6119 IN ACCESS_MASK DesiredAccess OPTIONAL,
6120 IN POBJECT_TYPE ObjectType OPTIONAL,
6121 IN KPROCESSOR_MODE AccessMode,
6122 OUT PHANDLE Handle);
6123
6124NTKERNELAPI
6125VOID
6126NTAPI
6127ObMakeTemporaryObject(
6128 IN PVOID Object);
6129
6130NTKERNELAPI
6131NTSTATUS
6132NTAPI
6133ObQueryNameString(
6134 IN PVOID Object,
6135 OUT POBJECT_NAME_INFORMATION ObjectNameInfo OPTIONAL,
6136 IN ULONG Length,
6137 OUT PULONG ReturnLength);
6138
6139NTKERNELAPI
6140NTSTATUS
6141NTAPI
6142ObQueryObjectAuditingByHandle(
6143 IN HANDLE Handle,
6144 OUT PBOOLEAN GenerateOnClose);
6145#endif /* (NTDDI_VERSION >= NTDDI_WIN2K) */
6146
6147#if (NTDDI_VERSION >= NTDDI_VISTA)
6148
6149NTKERNELAPI
6150BOOLEAN
6151NTAPI
6152ObIsKernelHandle(
6153 IN HANDLE Handle);
6154#endif
6155
6156
6157#if (NTDDI_VERSION >= NTDDI_WIN7)
6158
6159NTKERNELAPI
6160NTSTATUS
6161NTAPI
6162ObOpenObjectByPointerWithTag(
6163 IN PVOID Object,
6164 IN ULONG HandleAttributes,
6165 IN PACCESS_STATE PassedAccessState OPTIONAL,
6166 IN ACCESS_MASK DesiredAccess,
6167 IN POBJECT_TYPE ObjectType OPTIONAL,
6168 IN KPROCESSOR_MODE AccessMode,
6169 IN ULONG Tag,
6170 OUT PHANDLE Handle);
6171#endif /* (NTDDI_VERSION >= NTDDI_WIN7) */
6172
6173/* FSRTL Types */
6174
6175typedef ULONG LBN;
6176typedef LBN *PLBN;
6177
6178typedef ULONG VBN;
6179typedef VBN *PVBN;
6180
6181#define FSRTL_COMMON_FCB_HEADER_LAYOUT \
6182 CSHORT NodeTypeCode; \
6183 CSHORT NodeByteSize; \
6184 UCHAR Flags; \
6185 UCHAR IsFastIoPossible; \
6186 UCHAR Flags2; \
6187 UCHAR Reserved:4; \
6188 UCHAR Version:4; \
6189 PERESOURCE Resource; \
6190 PERESOURCE PagingIoResource; \
6191 LARGE_INTEGER AllocationSize; \
6192 LARGE_INTEGER FileSize; \
6193 LARGE_INTEGER ValidDataLength;
6194
6195typedef struct _FSRTL_COMMON_FCB_HEADER {
6196 FSRTL_COMMON_FCB_HEADER_LAYOUT
6197} FSRTL_COMMON_FCB_HEADER, *PFSRTL_COMMON_FCB_HEADER;
6198
6199#ifdef __cplusplus
6200typedef struct _FSRTL_ADVANCED_FCB_HEADER:FSRTL_COMMON_FCB_HEADER {
6201#else /* __cplusplus */
6202typedef struct _FSRTL_ADVANCED_FCB_HEADER {
6203 FSRTL_COMMON_FCB_HEADER_LAYOUT
6204#endif /* __cplusplus */
6205 PFAST_MUTEX FastMutex;
6206 LIST_ENTRY FilterContexts;
6207#if (NTDDI_VERSION >= NTDDI_VISTA)
6208 EX_PUSH_LOCK PushLock;
6209 PVOID *FileContextSupportPointer;
6210#endif
6211} FSRTL_ADVANCED_FCB_HEADER, *PFSRTL_ADVANCED_FCB_HEADER;
6212
6213#define FSRTL_FCB_HEADER_V0 (0x00)
6214#define FSRTL_FCB_HEADER_V1 (0x01)
6215
6216#define FSRTL_FLAG_FILE_MODIFIED (0x01)
6217#define FSRTL_FLAG_FILE_LENGTH_CHANGED (0x02)
6218#define FSRTL_FLAG_LIMIT_MODIFIED_PAGES (0x04)
6219#define FSRTL_FLAG_ACQUIRE_MAIN_RSRC_EX (0x08)
6220#define FSRTL_FLAG_ACQUIRE_MAIN_RSRC_SH (0x10)
6221#define FSRTL_FLAG_USER_MAPPED_FILE (0x20)
6222#define FSRTL_FLAG_ADVANCED_HEADER (0x40)
6223#define FSRTL_FLAG_EOF_ADVANCE_ACTIVE (0x80)
6224
6225#define FSRTL_FLAG2_DO_MODIFIED_WRITE (0x01)
6226#define FSRTL_FLAG2_SUPPORTS_FILTER_CONTEXTS (0x02)
6227#define FSRTL_FLAG2_PURGE_WHEN_MAPPED (0x04)
6228#define FSRTL_FLAG2_IS_PAGING_FILE (0x08)
6229
6230#define FSRTL_FSP_TOP_LEVEL_IRP (0x01)
6231#define FSRTL_CACHE_TOP_LEVEL_IRP (0x02)
6232#define FSRTL_MOD_WRITE_TOP_LEVEL_IRP (0x03)
6233#define FSRTL_FAST_IO_TOP_LEVEL_IRP (0x04)
6234#define FSRTL_NETWORK1_TOP_LEVEL_IRP ((LONG_PTR)0x05)
6235#define FSRTL_NETWORK2_TOP_LEVEL_IRP ((LONG_PTR)0x06)
6236#define FSRTL_MAX_TOP_LEVEL_IRP_FLAG ((LONG_PTR)0xFFFF)
6237
6238typedef struct _FSRTL_AUXILIARY_BUFFER {
6239 PVOID Buffer;
6240 ULONG Length;
6241 ULONG Flags;
6242 PMDL Mdl;
6243} FSRTL_AUXILIARY_BUFFER, *PFSRTL_AUXILIARY_BUFFER;
6244
6245#define FSRTL_AUXILIARY_FLAG_DEALLOCATE 0x00000001
6246
6247typedef enum _FSRTL_COMPARISON_RESULT {
6248 LessThan = -1,
6249 EqualTo = 0,
6250 GreaterThan = 1
6251} FSRTL_COMPARISON_RESULT;
6252
6253#define FSRTL_FAT_LEGAL 0x01
6254#define FSRTL_HPFS_LEGAL 0x02
6255#define FSRTL_NTFS_LEGAL 0x04
6256#define FSRTL_WILD_CHARACTER 0x08
6257#define FSRTL_OLE_LEGAL 0x10
6258#define FSRTL_NTFS_STREAM_LEGAL (FSRTL_NTFS_LEGAL | FSRTL_OLE_LEGAL)
6259
6260#define FSRTL_VOLUME_DISMOUNT 1
6261#define FSRTL_VOLUME_DISMOUNT_FAILED 2
6262#define FSRTL_VOLUME_LOCK 3
6263#define FSRTL_VOLUME_LOCK_FAILED 4
6264#define FSRTL_VOLUME_UNLOCK 5
6265#define FSRTL_VOLUME_MOUNT 6
6266#define FSRTL_VOLUME_NEEDS_CHKDSK 7
6267#define FSRTL_VOLUME_WORM_NEAR_FULL 8
6268#define FSRTL_VOLUME_WEARING_OUT 9
6269#define FSRTL_VOLUME_FORCED_CLOSED 10
6270#define FSRTL_VOLUME_INFO_MAKE_COMPAT 11
6271#define FSRTL_VOLUME_PREPARING_EJECT 12
6272#define FSRTL_VOLUME_CHANGE_SIZE 13
6273#define FSRTL_VOLUME_BACKGROUND_FORMAT 14
6274
6275typedef VOID
6276(NTAPI *PFSRTL_STACK_OVERFLOW_ROUTINE) (
6277 IN PVOID Context,
6278 IN PKEVENT Event);
6279
6280#if (NTDDI_VERSION >= NTDDI_VISTA)
6281
6282#define FSRTL_UNC_PROVIDER_FLAGS_MAILSLOTS_SUPPORTED 0x00000001
6283#define FSRTL_UNC_PROVIDER_FLAGS_CSC_ENABLED 0x00000002
6284#define FSRTL_UNC_PROVIDER_FLAGS_DOMAIN_SVC_AWARE 0x00000004
6285
6286#define FSRTL_ALLOCATE_ECPLIST_FLAG_CHARGE_QUOTA 0x00000001
6287
6288#define FSRTL_ALLOCATE_ECP_FLAG_CHARGE_QUOTA 0x00000001
6289#define FSRTL_ALLOCATE_ECP_FLAG_NONPAGED_POOL 0x00000002
6290
6291#define FSRTL_ECP_LOOKASIDE_FLAG_NONPAGED_POOL 0x00000002
6292
6293#define FSRTL_VIRTDISK_FULLY_ALLOCATED 0x00000001
6294#define FSRTL_VIRTDISK_NO_DRIVE_LETTER 0x00000002
6295
6296typedef struct _FSRTL_MUP_PROVIDER_INFO_LEVEL_1 {
6297 ULONG32 ProviderId;
6298} FSRTL_MUP_PROVIDER_INFO_LEVEL_1, *PFSRTL_MUP_PROVIDER_INFO_LEVEL_1;
6299
6300typedef struct _FSRTL_MUP_PROVIDER_INFO_LEVEL_2 {
6301 ULONG32 ProviderId;
6302 UNICODE_STRING ProviderName;
6303} FSRTL_MUP_PROVIDER_INFO_LEVEL_2, *PFSRTL_MUP_PROVIDER_INFO_LEVEL_2;
6304
6305typedef VOID
6306(*PFSRTL_EXTRA_CREATE_PARAMETER_CLEANUP_CALLBACK) (
6307 IN OUT PVOID EcpContext,
6308 IN LPCGUID EcpType);
6309
6310typedef struct _ECP_LIST ECP_LIST, *PECP_LIST;
6311
6312typedef ULONG FSRTL_ALLOCATE_ECPLIST_FLAGS;
6313typedef ULONG FSRTL_ALLOCATE_ECP_FLAGS;
6314typedef ULONG FSRTL_ECP_LOOKASIDE_FLAGS;
6315
6316typedef enum _FSRTL_CHANGE_BACKING_TYPE {
6317 ChangeDataControlArea,
6318 ChangeImageControlArea,
6319 ChangeSharedCacheMap
6320} FSRTL_CHANGE_BACKING_TYPE, *PFSRTL_CHANGE_BACKING_TYPE;
6321
6322#endif /* (NTDDI_VERSION >= NTDDI_VISTA) */
6323
6324typedef struct _FSRTL_PER_FILE_CONTEXT {
6325 LIST_ENTRY Links;
6326 PVOID OwnerId;
6327 PVOID InstanceId;
6328 PFREE_FUNCTION FreeCallback;
6329} FSRTL_PER_FILE_CONTEXT, *PFSRTL_PER_FILE_CONTEXT;
6330
6331typedef struct _FSRTL_PER_STREAM_CONTEXT {
6332 LIST_ENTRY Links;
6333 PVOID OwnerId;
6334 PVOID InstanceId;
6335 PFREE_FUNCTION FreeCallback;
6336} FSRTL_PER_STREAM_CONTEXT, *PFSRTL_PER_STREAM_CONTEXT;
6337
6338#if (NTDDI_VERSION >= NTDDI_WIN2K)
6339typedef VOID
6340(*PFN_FSRTLTEARDOWNPERSTREAMCONTEXTS) (
6341 IN PFSRTL_ADVANCED_FCB_HEADER AdvancedHeader);
6342#endif
6343
6344typedef struct _FSRTL_PER_FILEOBJECT_CONTEXT {
6345 LIST_ENTRY Links;
6346 PVOID OwnerId;
6347 PVOID InstanceId;
6348} FSRTL_PER_FILEOBJECT_CONTEXT, *PFSRTL_PER_FILEOBJECT_CONTEXT;
6349
6350#define FSRTL_CC_FLUSH_ERROR_FLAG_NO_HARD_ERROR 0x1
6351#define FSRTL_CC_FLUSH_ERROR_FLAG_NO_LOG_ENTRY 0x2
6352
6353typedef NTSTATUS
6354(NTAPI *PCOMPLETE_LOCK_IRP_ROUTINE) (
6355 IN PVOID Context,
6356 IN PIRP Irp);
6357
6358typedef struct _FILE_LOCK_INFO {
6359 LARGE_INTEGER StartingByte;
6360 LARGE_INTEGER Length;
6361 BOOLEAN ExclusiveLock;
6362 ULONG Key;
6363 PFILE_OBJECT FileObject;
6364 PVOID ProcessId;
6365 LARGE_INTEGER EndingByte;
6366} FILE_LOCK_INFO, *PFILE_LOCK_INFO;
6367
6368typedef VOID
6369(NTAPI *PUNLOCK_ROUTINE) (
6370 IN PVOID Context,
6371 IN PFILE_LOCK_INFO FileLockInfo);
6372
6373typedef struct _FILE_LOCK {
6374 PCOMPLETE_LOCK_IRP_ROUTINE CompleteLockIrpRoutine;
6375 PUNLOCK_ROUTINE UnlockRoutine;
6376 BOOLEAN FastIoIsQuestionable;
6377 BOOLEAN SpareC[3];
6378 PVOID LockInformation;
6379 FILE_LOCK_INFO LastReturnedLockInfo;
6380 PVOID LastReturnedLock;
6381 LONG volatile LockRequestsInProgress;
6382} FILE_LOCK, *PFILE_LOCK;
6383
6384typedef struct _TUNNEL {
6385 FAST_MUTEX Mutex;
6386 PRTL_SPLAY_LINKS Cache;
6387 LIST_ENTRY TimerQueue;
6388 USHORT NumEntries;
6389} TUNNEL, *PTUNNEL;
6390
6391typedef struct _BASE_MCB {
6392 ULONG MaximumPairCount;
6393 ULONG PairCount;
6394 USHORT PoolType;
6395 USHORT Flags;
6396 PVOID Mapping;
6397} BASE_MCB, *PBASE_MCB;
6398
6399typedef struct _LARGE_MCB {
6400 PKGUARDED_MUTEX GuardedMutex;
6401 BASE_MCB BaseMcb;
6402} LARGE_MCB, *PLARGE_MCB;
6403
6404#define MCB_FLAG_RAISE_ON_ALLOCATION_FAILURE 1
6405
6406typedef struct _MCB {
6407 LARGE_MCB DummyFieldThatSizesThisStructureCorrectly;
6408} MCB, *PMCB;
6409
6410typedef enum _FAST_IO_POSSIBLE {
6411 FastIoIsNotPossible = 0,
6412 FastIoIsPossible,
6413 FastIoIsQuestionable
6414} FAST_IO_POSSIBLE;
6415
6416typedef struct _EOF_WAIT_BLOCK {
6417 LIST_ENTRY EofWaitLinks;
6418 KEVENT Event;
6419} EOF_WAIT_BLOCK, *PEOF_WAIT_BLOCK;
6420
6421typedef PVOID OPLOCK, *POPLOCK;
6422
6423typedef VOID
6424(NTAPI *POPLOCK_WAIT_COMPLETE_ROUTINE) (
6425 IN PVOID Context,
6426 IN PIRP Irp);
6427
6428typedef VOID
6429(NTAPI *POPLOCK_FS_PREPOST_IRP) (
6430 IN PVOID Context,
6431 IN PIRP Irp);
6432
6433#if (NTDDI_VERSION >= NTDDI_VISTASP1)
6434#define OPLOCK_FLAG_COMPLETE_IF_OPLOCKED 0x00000001
6435#endif
6436
6437#if (NTDDI_VERSION >= NTDDI_WIN7)
6438#define OPLOCK_FLAG_OPLOCK_KEY_CHECK_ONLY 0x00000002
6439#define OPLOCK_FLAG_BACK_OUT_ATOMIC_OPLOCK 0x00000004
6440#define OPLOCK_FLAG_IGNORE_OPLOCK_KEYS 0x00000008
6441#define OPLOCK_FSCTRL_FLAG_ALL_KEYS_MATCH 0x00000001
6442#endif
6443
6444#if (NTDDI_VERSION >= NTDDI_WIN7)
6445
6446typedef struct _OPLOCK_KEY_ECP_CONTEXT {
6447 GUID OplockKey;
6448 ULONG Reserved;
6449} OPLOCK_KEY_ECP_CONTEXT, *POPLOCK_KEY_ECP_CONTEXT;
6450
6451DEFINE_GUID(GUID_ECP_OPLOCK_KEY, 0x48850596, 0x3050, 0x4be7, 0x98, 0x63, 0xfe, 0xc3, 0x50, 0xce, 0x8d, 0x7f);
6452
6453#endif
6454
6455typedef PVOID PNOTIFY_SYNC;
6456
6457#if (NTDDI_VERSION >= NTDDI_WIN7)
6458typedef struct _ECP_HEADER ECP_HEADER, *PECP_HEADER;
6459#endif
6460
6461typedef BOOLEAN
6462(NTAPI *PCHECK_FOR_TRAVERSE_ACCESS) (
6463 IN PVOID NotifyContext,
6464 IN PVOID TargetContext OPTIONAL,
6465 IN PSECURITY_SUBJECT_CONTEXT SubjectContext);
6466
6467typedef BOOLEAN
6468(NTAPI *PFILTER_REPORT_CHANGE) (
6469 IN PVOID NotifyContext,
6470 IN PVOID FilterContext);
6471/* FSRTL Functions */
6472
6473#define FsRtlEnterFileSystem KeEnterCriticalRegion
6474#define FsRtlExitFileSystem KeLeaveCriticalRegion
6475
6476#if (NTDDI_VERSION >= NTDDI_WIN2K)
6477
6478NTKERNELAPI
6479BOOLEAN
6480NTAPI
6481FsRtlCopyRead(
6482 IN PFILE_OBJECT FileObject,
6483 IN PLARGE_INTEGER FileOffset,
6484 IN ULONG Length,
6485 IN BOOLEAN Wait,
6486 IN ULONG LockKey,
6487 OUT PVOID Buffer,
6488 OUT PIO_STATUS_BLOCK IoStatus,
6489 IN PDEVICE_OBJECT DeviceObject);
6490
6491NTKERNELAPI
6492BOOLEAN
6493NTAPI
6494FsRtlCopyWrite(
6495 IN PFILE_OBJECT FileObject,
6496 IN PLARGE_INTEGER FileOffset,
6497 IN ULONG Length,
6498 IN BOOLEAN Wait,
6499 IN ULONG LockKey,
6500 IN PVOID Buffer,
6501 OUT PIO_STATUS_BLOCK IoStatus,
6502 IN PDEVICE_OBJECT DeviceObject);
6503
6504NTKERNELAPI
6505BOOLEAN
6506NTAPI
6507FsRtlMdlReadDev(
6508 IN PFILE_OBJECT FileObject,
6509 IN PLARGE_INTEGER FileOffset,
6510 IN ULONG Length,
6511 IN ULONG LockKey,
6512 OUT PMDL *MdlChain,
6513 OUT PIO_STATUS_BLOCK IoStatus,
6514 IN PDEVICE_OBJECT DeviceObject OPTIONAL);
6515
6516NTKERNELAPI
6517BOOLEAN
6518NTAPI
6519FsRtlMdlReadCompleteDev(
6520 IN PFILE_OBJECT FileObject,
6521 IN PMDL MdlChain,
6522 IN PDEVICE_OBJECT DeviceObject OPTIONAL);
6523
6524NTKERNELAPI
6525BOOLEAN
6526NTAPI
6527FsRtlPrepareMdlWriteDev(
6528 IN PFILE_OBJECT FileObject,
6529 IN PLARGE_INTEGER FileOffset,
6530 IN ULONG Length,
6531 IN ULONG LockKey,
6532 OUT PMDL *MdlChain,
6533 OUT PIO_STATUS_BLOCK IoStatus,
6534 IN PDEVICE_OBJECT DeviceObject);
6535
6536NTKERNELAPI
6537BOOLEAN
6538NTAPI
6539FsRtlMdlWriteCompleteDev(
6540 IN PFILE_OBJECT FileObject,
6541 IN PLARGE_INTEGER FileOffset,
6542 IN PMDL MdlChain,
6543 IN PDEVICE_OBJECT DeviceObject);
6544
6545NTKERNELAPI
6546VOID
6547NTAPI
6548FsRtlAcquireFileExclusive(
6549 IN PFILE_OBJECT FileObject);
6550
6551NTKERNELAPI
6552VOID
6553NTAPI
6554FsRtlReleaseFile(
6555 IN PFILE_OBJECT FileObject);
6556
6557NTKERNELAPI
6558NTSTATUS
6559NTAPI
6560FsRtlGetFileSize(
6561 IN PFILE_OBJECT FileObject,
6562 OUT PLARGE_INTEGER FileSize);
6563
6564NTKERNELAPI
6565BOOLEAN
6566NTAPI
6567FsRtlIsTotalDeviceFailure(
6568 IN NTSTATUS Status);
6569
6570NTKERNELAPI
6571PFILE_LOCK
6572NTAPI
6573FsRtlAllocateFileLock(
6574 IN PCOMPLETE_LOCK_IRP_ROUTINE CompleteLockIrpRoutine OPTIONAL,
6575 IN PUNLOCK_ROUTINE UnlockRoutine OPTIONAL);
6576
6577NTKERNELAPI
6578VOID
6579NTAPI
6580FsRtlFreeFileLock(
6581 IN PFILE_LOCK FileLock);
6582
6583NTKERNELAPI
6584VOID
6585NTAPI
6586FsRtlInitializeFileLock(
6587 IN PFILE_LOCK FileLock,
6588 IN PCOMPLETE_LOCK_IRP_ROUTINE CompleteLockIrpRoutine OPTIONAL,
6589 IN PUNLOCK_ROUTINE UnlockRoutine OPTIONAL);
6590
6591NTKERNELAPI
6592VOID
6593NTAPI
6594FsRtlUninitializeFileLock(
6595 IN PFILE_LOCK FileLock);
6596
6597/*
6598 FsRtlProcessFileLock:
6599
6600 ret:
6601 -STATUS_INVALID_DEVICE_REQUEST
6602 -STATUS_RANGE_NOT_LOCKED from unlock routines.
6603 -STATUS_PENDING, STATUS_LOCK_NOT_GRANTED from FsRtlPrivateLock
6604 (redirected IoStatus->Status).
6605
6606 Internals:
6607 -switch ( Irp->CurrentStackLocation->MinorFunction )
6608 lock: return FsRtlPrivateLock;
6609 unlocksingle: return FsRtlFastUnlockSingle;
6610 unlockall: return FsRtlFastUnlockAll;
6611 unlockallbykey: return FsRtlFastUnlockAllByKey;
6612 default: IofCompleteRequest with STATUS_INVALID_DEVICE_REQUEST;
6613 return STATUS_INVALID_DEVICE_REQUEST;
6614
6615 -'AllwaysZero' is passed thru as 'AllwaysZero' to lock / unlock routines.
6616 -'Irp' is passet thru as 'Irp' to FsRtlPrivateLock.
6617*/
6618NTKERNELAPI
6619NTSTATUS
6620NTAPI
6621FsRtlProcessFileLock(
6622 IN PFILE_LOCK FileLock,
6623 IN PIRP Irp,
6624 IN PVOID Context OPTIONAL);
6625
6626/*
6627 FsRtlCheckLockForReadAccess:
6628
6629 All this really does is pick out the lock parameters from the irp (io stack
6630 location?), get IoGetRequestorProcess, and pass values on to
6631 FsRtlFastCheckLockForRead.
6632*/
6633NTKERNELAPI
6634BOOLEAN
6635NTAPI
6636FsRtlCheckLockForReadAccess(
6637 IN PFILE_LOCK FileLock,
6638 IN PIRP Irp);
6639
6640/*
6641 FsRtlCheckLockForWriteAccess:
6642
6643 All this really does is pick out the lock parameters from the irp (io stack
6644 location?), get IoGetRequestorProcess, and pass values on to
6645 FsRtlFastCheckLockForWrite.
6646*/
6647NTKERNELAPI
6648BOOLEAN
6649NTAPI
6650FsRtlCheckLockForWriteAccess(
6651 IN PFILE_LOCK FileLock,
6652 IN PIRP Irp);
6653
6654NTKERNELAPI
6655BOOLEAN
6656NTAPI
6657FsRtlFastCheckLockForRead(
6658 IN PFILE_LOCK FileLock,
6659 IN PLARGE_INTEGER FileOffset,
6660 IN PLARGE_INTEGER Length,
6661 IN ULONG Key,
6662 IN PFILE_OBJECT FileObject,
6663 IN PVOID Process);
6664
6665NTKERNELAPI
6666BOOLEAN
6667NTAPI
6668FsRtlFastCheckLockForWrite(
6669 IN PFILE_LOCK FileLock,
6670 IN PLARGE_INTEGER FileOffset,
6671 IN PLARGE_INTEGER Length,
6672 IN ULONG Key,
6673 IN PFILE_OBJECT FileObject,
6674 IN PVOID Process);
6675
6676/*
6677 FsRtlGetNextFileLock:
6678
6679 ret: NULL if no more locks
6680
6681 Internals:
6682 FsRtlGetNextFileLock uses FileLock->LastReturnedLockInfo and
6683 FileLock->LastReturnedLock as storage.
6684 LastReturnedLock is a pointer to the 'raw' lock inkl. double linked
6685 list, and FsRtlGetNextFileLock needs this to get next lock on subsequent
6686 calls with Restart = FALSE.
6687*/
6688NTKERNELAPI
6689PFILE_LOCK_INFO
6690NTAPI
6691FsRtlGetNextFileLock(
6692 IN PFILE_LOCK FileLock,
6693 IN BOOLEAN Restart);
6694
6695NTKERNELAPI
6696NTSTATUS
6697NTAPI
6698FsRtlFastUnlockSingle(
6699 IN PFILE_LOCK FileLock,
6700 IN PFILE_OBJECT FileObject,
6701 IN PLARGE_INTEGER FileOffset,
6702 IN PLARGE_INTEGER Length,
6703 IN PEPROCESS Process,
6704 IN ULONG Key,
6705 IN PVOID Context OPTIONAL,
6706 IN BOOLEAN AlreadySynchronized);
6707
6708NTKERNELAPI
6709NTSTATUS
6710NTAPI
6711FsRtlFastUnlockAll(
6712 IN PFILE_LOCK FileLock,
6713 IN PFILE_OBJECT FileObject,
6714 IN PEPROCESS Process,
6715 IN PVOID Context OPTIONAL);
6716
6717NTKERNELAPI
6718NTSTATUS
6719NTAPI
6720FsRtlFastUnlockAllByKey(
6721 IN PFILE_LOCK FileLock,
6722 IN PFILE_OBJECT FileObject,
6723 IN PEPROCESS Process,
6724 IN ULONG Key,
6725 IN PVOID Context OPTIONAL);
6726
6727/*
6728 FsRtlPrivateLock:
6729
6730 ret: IoStatus->Status: STATUS_PENDING, STATUS_LOCK_NOT_GRANTED
6731
6732 Internals:
6733 -Calls IoCompleteRequest if Irp
6734 -Uses exception handling / ExRaiseStatus with STATUS_INSUFFICIENT_RESOURCES
6735*/
6736NTKERNELAPI
6737BOOLEAN
6738NTAPI
6739FsRtlPrivateLock(
6740 IN PFILE_LOCK FileLock,
6741 IN PFILE_OBJECT FileObject,
6742 IN PLARGE_INTEGER FileOffset,
6743 IN PLARGE_INTEGER Length,
6744 IN PEPROCESS Process,
6745 IN ULONG Key,
6746 IN BOOLEAN FailImmediately,
6747 IN BOOLEAN ExclusiveLock,
6748 OUT PIO_STATUS_BLOCK IoStatus,
6749 IN PIRP Irp OPTIONAL,
6750 IN PVOID Context,
6751 IN BOOLEAN AlreadySynchronized);
6752
6753NTKERNELAPI
6754VOID
6755NTAPI
6756FsRtlInitializeTunnelCache(
6757 IN PTUNNEL Cache);
6758
6759NTKERNELAPI
6760VOID
6761NTAPI
6762FsRtlAddToTunnelCache(
6763 IN PTUNNEL Cache,
6764 IN ULONGLONG DirectoryKey,
6765 IN PUNICODE_STRING ShortName,
6766 IN PUNICODE_STRING LongName,
6767 IN BOOLEAN KeyByShortName,
6768 IN ULONG DataLength,
6769 IN PVOID Data);
6770
6771NTKERNELAPI
6772BOOLEAN
6773NTAPI
6774FsRtlFindInTunnelCache(
6775 IN PTUNNEL Cache,
6776 IN ULONGLONG DirectoryKey,
6777 IN PUNICODE_STRING Name,
6778 OUT PUNICODE_STRING ShortName,
6779 OUT PUNICODE_STRING LongName,
6780 IN OUT PULONG DataLength,
6781 OUT PVOID Data);
6782
6783NTKERNELAPI
6784VOID
6785NTAPI
6786FsRtlDeleteKeyFromTunnelCache(
6787 IN PTUNNEL Cache,
6788 IN ULONGLONG DirectoryKey);
6789
6790NTKERNELAPI
6791VOID
6792NTAPI
6793FsRtlDeleteTunnelCache(
6794 IN PTUNNEL Cache);
6795
6796NTKERNELAPI
6797VOID
6798NTAPI
6799FsRtlDissectDbcs(
6800 IN ANSI_STRING Name,
6801 OUT PANSI_STRING FirstPart,
6802 OUT PANSI_STRING RemainingPart);
6803
6804NTKERNELAPI
6805BOOLEAN
6806NTAPI
6807FsRtlDoesDbcsContainWildCards(
6808 IN PANSI_STRING Name);
6809
6810NTKERNELAPI
6811BOOLEAN
6812NTAPI
6813FsRtlIsDbcsInExpression(
6814 IN PANSI_STRING Expression,
6815 IN PANSI_STRING Name);
6816
6817NTKERNELAPI
6818BOOLEAN
6819NTAPI
6820FsRtlIsFatDbcsLegal(
6821 IN ANSI_STRING DbcsName,
6822 IN BOOLEAN WildCardsPermissible,
6823 IN BOOLEAN PathNamePermissible,
6824 IN BOOLEAN LeadingBackslashPermissible);
6825
6826NTKERNELAPI
6827BOOLEAN
6828NTAPI
6829FsRtlIsHpfsDbcsLegal(
6830 IN ANSI_STRING DbcsName,
6831 IN BOOLEAN WildCardsPermissible,
6832 IN BOOLEAN PathNamePermissible,
6833 IN BOOLEAN LeadingBackslashPermissible);
6834
6835NTKERNELAPI
6836NTSTATUS
6837NTAPI
6838FsRtlNormalizeNtstatus(
6839 IN NTSTATUS Exception,
6840 IN NTSTATUS GenericException);
6841
6842NTKERNELAPI
6843BOOLEAN
6844NTAPI
6845FsRtlIsNtstatusExpected(
6846 IN NTSTATUS Ntstatus);
6847
6848NTKERNELAPI
6849PERESOURCE
6850NTAPI
6851FsRtlAllocateResource(
6852 VOID);
6853
6854NTKERNELAPI
6855VOID
6856NTAPI
6857FsRtlInitializeLargeMcb(
6858 IN PLARGE_MCB Mcb,
6859 IN POOL_TYPE PoolType);
6860
6861NTKERNELAPI
6862VOID
6863NTAPI
6864FsRtlUninitializeLargeMcb(
6865 IN PLARGE_MCB Mcb);
6866
6867NTKERNELAPI
6868VOID
6869NTAPI
6870FsRtlResetLargeMcb(
6871 IN PLARGE_MCB Mcb,
6872 IN BOOLEAN SelfSynchronized);
6873
6874NTKERNELAPI
6875VOID
6876NTAPI
6877FsRtlTruncateLargeMcb(
6878 IN PLARGE_MCB Mcb,
6879 IN LONGLONG Vbn);
6880
6881NTKERNELAPI
6882BOOLEAN
6883NTAPI
6884FsRtlAddLargeMcbEntry(
6885 IN PLARGE_MCB Mcb,
6886 IN LONGLONG Vbn,
6887 IN LONGLONG Lbn,
6888 IN LONGLONG SectorCount);
6889
6890NTKERNELAPI
6891VOID
6892NTAPI
6893FsRtlRemoveLargeMcbEntry(
6894 IN PLARGE_MCB Mcb,
6895 IN LONGLONG Vbn,
6896 IN LONGLONG SectorCount);
6897
6898NTKERNELAPI
6899BOOLEAN
6900NTAPI
6901FsRtlLookupLargeMcbEntry(
6902 IN PLARGE_MCB Mcb,
6903 IN LONGLONG Vbn,
6904 OUT PLONGLONG Lbn OPTIONAL,
6905 OUT PLONGLONG SectorCountFromLbn OPTIONAL,
6906 OUT PLONGLONG StartingLbn OPTIONAL,
6907 OUT PLONGLONG SectorCountFromStartingLbn OPTIONAL,
6908 OUT PULONG Index OPTIONAL);
6909
6910NTKERNELAPI
6911BOOLEAN
6912NTAPI
6913FsRtlLookupLastLargeMcbEntry(
6914 IN PLARGE_MCB Mcb,
6915 OUT PLONGLONG Vbn,
6916 OUT PLONGLONG Lbn);
6917
6918NTKERNELAPI
6919BOOLEAN
6920NTAPI
6921FsRtlLookupLastLargeMcbEntryAndIndex(
6922 IN PLARGE_MCB OpaqueMcb,
6923 OUT PLONGLONG LargeVbn,
6924 OUT PLONGLONG LargeLbn,
6925 OUT PULONG Index);
6926
6927NTKERNELAPI
6928ULONG
6929NTAPI
6930FsRtlNumberOfRunsInLargeMcb(
6931 IN PLARGE_MCB Mcb);
6932
6933NTKERNELAPI
6934BOOLEAN
6935NTAPI
6936FsRtlGetNextLargeMcbEntry(
6937 IN PLARGE_MCB Mcb,
6938 IN ULONG RunIndex,
6939 OUT PLONGLONG Vbn,
6940 OUT PLONGLONG Lbn,
6941 OUT PLONGLONG SectorCount);
6942
6943NTKERNELAPI
6944BOOLEAN
6945NTAPI
6946FsRtlSplitLargeMcb(
6947 IN PLARGE_MCB Mcb,
6948 IN LONGLONG Vbn,
6949 IN LONGLONG Amount);
6950
6951NTKERNELAPI
6952VOID
6953NTAPI
6954FsRtlInitializeMcb(
6955 IN PMCB Mcb,
6956 IN POOL_TYPE PoolType);
6957
6958NTKERNELAPI
6959VOID
6960NTAPI
6961FsRtlUninitializeMcb(
6962 IN PMCB Mcb);
6963
6964NTKERNELAPI
6965VOID
6966NTAPI
6967FsRtlTruncateMcb(
6968 IN PMCB Mcb,
6969 IN VBN Vbn);
6970
6971NTKERNELAPI
6972BOOLEAN
6973NTAPI
6974FsRtlAddMcbEntry(
6975 IN PMCB Mcb,
6976 IN VBN Vbn,
6977 IN LBN Lbn,
6978 IN ULONG SectorCount);
6979
6980NTKERNELAPI
6981VOID
6982NTAPI
6983FsRtlRemoveMcbEntry(
6984 IN PMCB Mcb,
6985 IN VBN Vbn,
6986 IN ULONG SectorCount);
6987
6988NTKERNELAPI
6989BOOLEAN
6990NTAPI
6991FsRtlLookupMcbEntry(
6992 IN PMCB Mcb,
6993 IN VBN Vbn,
6994 OUT PLBN Lbn,
6995 OUT PULONG SectorCount OPTIONAL,
6996 OUT PULONG Index);
6997
6998NTKERNELAPI
6999BOOLEAN
7000NTAPI
7001FsRtlLookupLastMcbEntry(
7002 IN PMCB Mcb,
7003 OUT PVBN Vbn,
7004 OUT PLBN Lbn);
7005
7006NTKERNELAPI
7007ULONG
7008NTAPI
7009FsRtlNumberOfRunsInMcb(
7010 IN PMCB Mcb);
7011
7012NTKERNELAPI
7013BOOLEAN
7014NTAPI
7015FsRtlGetNextMcbEntry(
7016 IN PMCB Mcb,
7017 IN ULONG RunIndex,
7018 OUT PVBN Vbn,
7019 OUT PLBN Lbn,
7020 OUT PULONG SectorCount);
7021
7022NTKERNELAPI
7023NTSTATUS
7024NTAPI
7025FsRtlBalanceReads(
7026 IN PDEVICE_OBJECT TargetDevice);
7027
7028NTKERNELAPI
7029VOID
7030NTAPI
7031FsRtlInitializeOplock(
7032 IN OUT POPLOCK Oplock);
7033
7034NTKERNELAPI
7035VOID
7036NTAPI
7037FsRtlUninitializeOplock(
7038 IN OUT POPLOCK Oplock);
7039
7040NTKERNELAPI
7041NTSTATUS
7042NTAPI
7043FsRtlOplockFsctrl(
7044 IN POPLOCK Oplock,
7045 IN PIRP Irp,
7046 IN ULONG OpenCount);
7047
7048NTKERNELAPI
7049NTSTATUS
7050NTAPI
7051FsRtlCheckOplock(
7052 IN POPLOCK Oplock,
7053 IN PIRP Irp,
7054 IN PVOID Context,
7055 IN POPLOCK_WAIT_COMPLETE_ROUTINE CompletionRoutine OPTIONAL,
7056 IN POPLOCK_FS_PREPOST_IRP PostIrpRoutine OPTIONAL);
7057
7058NTKERNELAPI
7059BOOLEAN
7060NTAPI
7061FsRtlOplockIsFastIoPossible(
7062 IN POPLOCK Oplock);
7063
7064NTKERNELAPI
7065BOOLEAN
7066NTAPI
7067FsRtlCurrentBatchOplock(
7068 IN POPLOCK Oplock);
7069
7070NTKERNELAPI
7071NTSTATUS
7072NTAPI
7073FsRtlNotifyVolumeEvent(
7074 IN PFILE_OBJECT FileObject,
7075 IN ULONG EventCode);
7076
7077NTKERNELAPI
7078VOID
7079NTAPI
7080FsRtlNotifyInitializeSync(
7081 IN PNOTIFY_SYNC *NotifySync);
7082
7083NTKERNELAPI
7084VOID
7085NTAPI
7086FsRtlNotifyUninitializeSync(
7087 IN PNOTIFY_SYNC *NotifySync);
7088
7089NTKERNELAPI
7090VOID
7091NTAPI
7092FsRtlNotifyFullChangeDirectory(
7093 IN PNOTIFY_SYNC NotifySync,
7094 IN PLIST_ENTRY NotifyList,
7095 IN PVOID FsContext,
7096 IN PSTRING FullDirectoryName,
7097 IN BOOLEAN WatchTree,
7098 IN BOOLEAN IgnoreBuffer,
7099 IN ULONG CompletionFilter,
7100 IN PIRP NotifyIrp OPTIONAL,
7101 IN PCHECK_FOR_TRAVERSE_ACCESS TraverseCallback OPTIONAL,
7102 IN PSECURITY_SUBJECT_CONTEXT SubjectContext OPTIONAL);
7103
7104NTKERNELAPI
7105VOID
7106NTAPI
7107FsRtlNotifyFilterReportChange(
7108 IN PNOTIFY_SYNC NotifySync,
7109 IN PLIST_ENTRY NotifyList,
7110 IN PSTRING FullTargetName,
7111 IN USHORT TargetNameOffset,
7112 IN PSTRING StreamName OPTIONAL,
7113 IN PSTRING NormalizedParentName OPTIONAL,
7114 IN ULONG FilterMatch,
7115 IN ULONG Action,
7116 IN PVOID TargetContext OPTIONAL,
7117 IN PVOID FilterContext OPTIONAL);
7118
7119NTKERNELAPI
7120VOID
7121NTAPI
7122FsRtlNotifyFullReportChange(
7123 IN PNOTIFY_SYNC NotifySync,
7124 IN PLIST_ENTRY NotifyList,
7125 IN PSTRING FullTargetName,
7126 IN USHORT TargetNameOffset,
7127 IN PSTRING StreamName OPTIONAL,
7128 IN PSTRING NormalizedParentName OPTIONAL,
7129 IN ULONG FilterMatch,
7130 IN ULONG Action,
7131 IN PVOID TargetContext OPTIONAL);
7132
7133NTKERNELAPI
7134VOID
7135NTAPI
7136FsRtlNotifyCleanup(
7137 IN PNOTIFY_SYNC NotifySync,
7138 IN PLIST_ENTRY NotifyList,
7139 IN PVOID FsContext);
7140
7141NTKERNELAPI
7142VOID
7143NTAPI
7144FsRtlDissectName(
7145 IN UNICODE_STRING Name,
7146 OUT PUNICODE_STRING FirstPart,
7147 OUT PUNICODE_STRING RemainingPart);
7148
7149NTKERNELAPI
7150BOOLEAN
7151NTAPI
7152FsRtlDoesNameContainWildCards(
7153 IN PUNICODE_STRING Name);
7154
7155NTKERNELAPI
7156BOOLEAN
7157NTAPI
7158FsRtlAreNamesEqual(
7159 IN PCUNICODE_STRING Name1,
7160 IN PCUNICODE_STRING Name2,
7161 IN BOOLEAN IgnoreCase,
7162 IN PCWCH UpcaseTable OPTIONAL);
7163
7164NTKERNELAPI
7165BOOLEAN
7166NTAPI
7167FsRtlIsNameInExpression(
7168 IN PUNICODE_STRING Expression,
7169 IN PUNICODE_STRING Name,
7170 IN BOOLEAN IgnoreCase,
7171 IN PWCHAR UpcaseTable OPTIONAL);
7172
7173NTKERNELAPI
7174VOID
7175NTAPI
7176FsRtlPostPagingFileStackOverflow(
7177 IN PVOID Context,
7178 IN PKEVENT Event,
7179 IN PFSRTL_STACK_OVERFLOW_ROUTINE StackOverflowRoutine);
7180
7181NTKERNELAPI
7182VOID
7183NTAPI
7184FsRtlPostStackOverflow (
7185 IN PVOID Context,
7186 IN PKEVENT Event,
7187 IN PFSRTL_STACK_OVERFLOW_ROUTINE StackOverflowRoutine);
7188
7189NTKERNELAPI
7190NTSTATUS
7191NTAPI
7192FsRtlRegisterUncProvider(
7193 OUT PHANDLE MupHandle,
7194 IN PUNICODE_STRING RedirectorDeviceName,
7195 IN BOOLEAN MailslotsSupported);
7196
7197NTKERNELAPI
7198VOID
7199NTAPI
7200FsRtlDeregisterUncProvider(
7201 IN HANDLE Handle);
7202
7203NTKERNELAPI
7204VOID
7205NTAPI
7206FsRtlTeardownPerStreamContexts(
7207 IN PFSRTL_ADVANCED_FCB_HEADER AdvancedHeader);
7208
7209NTKERNELAPI
7210NTSTATUS
7211NTAPI
7212FsRtlCreateSectionForDataScan(
7213 OUT PHANDLE SectionHandle,
7214 OUT PVOID *SectionObject,
7215 OUT PLARGE_INTEGER SectionFileSize OPTIONAL,
7216 IN PFILE_OBJECT FileObject,
7217 IN ACCESS_MASK DesiredAccess,
7218 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
7219 IN PLARGE_INTEGER MaximumSize OPTIONAL,
7220 IN ULONG SectionPageProtection,
7221 IN ULONG AllocationAttributes,
7222 IN ULONG Flags);
7223
7224#endif /* (NTDDI_VERSION >= NTDDI_WIN2K) */
7225
7226#if (NTDDI_VERSION >= NTDDI_WINXP)
7227
7228NTKERNELAPI
7229VOID
7230NTAPI
7231FsRtlNotifyFilterChangeDirectory(
7232 IN PNOTIFY_SYNC NotifySync,
7233 IN PLIST_ENTRY NotifyList,
7234 IN PVOID FsContext,
7235 IN PSTRING FullDirectoryName,
7236 IN BOOLEAN WatchTree,
7237 IN BOOLEAN IgnoreBuffer,
7238 IN ULONG CompletionFilter,
7239 IN PIRP NotifyIrp OPTIONAL,
7240 IN PCHECK_FOR_TRAVERSE_ACCESS TraverseCallback OPTIONAL,
7241 IN PSECURITY_SUBJECT_CONTEXT SubjectContext OPTIONAL,
7242 IN PFILTER_REPORT_CHANGE FilterCallback OPTIONAL);
7243
7244NTKERNELAPI
7245NTSTATUS
7246NTAPI
7247FsRtlInsertPerStreamContext(
7248 IN PFSRTL_ADVANCED_FCB_HEADER PerStreamContext,
7249 IN PFSRTL_PER_STREAM_CONTEXT Ptr);
7250
7251NTKERNELAPI
7252PFSRTL_PER_STREAM_CONTEXT
7253NTAPI
7254FsRtlLookupPerStreamContextInternal(
7255 IN PFSRTL_ADVANCED_FCB_HEADER StreamContext,
7256 IN PVOID OwnerId OPTIONAL,
7257 IN PVOID InstanceId OPTIONAL);
7258
7259NTKERNELAPI
7260PFSRTL_PER_STREAM_CONTEXT
7261NTAPI
7262FsRtlRemovePerStreamContext(
7263 IN PFSRTL_ADVANCED_FCB_HEADER StreamContext,
7264 IN PVOID OwnerId OPTIONAL,
7265 IN PVOID InstanceId OPTIONAL);
7266
7267NTKERNELAPI
7268VOID
7269NTAPI
7270FsRtlIncrementCcFastReadNotPossible(
7271 VOID);
7272
7273NTKERNELAPI
7274VOID
7275NTAPI
7276FsRtlIncrementCcFastReadWait(
7277 VOID);
7278
7279NTKERNELAPI
7280VOID
7281NTAPI
7282FsRtlIncrementCcFastReadNoWait(
7283 VOID);
7284
7285NTKERNELAPI
7286VOID
7287NTAPI
7288FsRtlIncrementCcFastReadResourceMiss(
7289 VOID);
7290
7291NTKERNELAPI
7292LOGICAL
7293NTAPI
7294FsRtlIsPagingFile(
7295 IN PFILE_OBJECT FileObject);
7296
7297#endif /* (NTDDI_VERSION >= NTDDI_WINXP) */
7298
7299#if (NTDDI_VERSION >= NTDDI_WS03)
7300
7301NTKERNELAPI
7302VOID
7303NTAPI
7304FsRtlInitializeBaseMcb(
7305 IN PBASE_MCB Mcb,
7306 IN POOL_TYPE PoolType);
7307
7308NTKERNELAPI
7309VOID
7310NTAPI
7311FsRtlUninitializeBaseMcb(
7312 IN PBASE_MCB Mcb);
7313
7314NTKERNELAPI
7315VOID
7316NTAPI
7317FsRtlResetBaseMcb(
7318 IN PBASE_MCB Mcb);
7319
7320NTKERNELAPI
7321VOID
7322NTAPI
7323FsRtlTruncateBaseMcb(
7324 IN PBASE_MCB Mcb,
7325 IN LONGLONG Vbn);
7326
7327NTKERNELAPI
7328BOOLEAN
7329NTAPI
7330FsRtlAddBaseMcbEntry(
7331 IN PBASE_MCB Mcb,
7332 IN LONGLONG Vbn,
7333 IN LONGLONG Lbn,
7334 IN LONGLONG SectorCount);
7335
7336NTKERNELAPI
7337BOOLEAN
7338NTAPI
7339FsRtlRemoveBaseMcbEntry(
7340 IN PBASE_MCB Mcb,
7341 IN LONGLONG Vbn,
7342 IN LONGLONG SectorCount);
7343
7344NTKERNELAPI
7345BOOLEAN
7346NTAPI
7347FsRtlLookupBaseMcbEntry(
7348 IN PBASE_MCB Mcb,
7349 IN LONGLONG Vbn,
7350 OUT PLONGLONG Lbn OPTIONAL,
7351 OUT PLONGLONG SectorCountFromLbn OPTIONAL,
7352 OUT PLONGLONG StartingLbn OPTIONAL,
7353 OUT PLONGLONG SectorCountFromStartingLbn OPTIONAL,
7354 OUT PULONG Index OPTIONAL);
7355
7356NTKERNELAPI
7357BOOLEAN
7358NTAPI
7359FsRtlLookupLastBaseMcbEntry(
7360 IN PBASE_MCB Mcb,
7361 OUT PLONGLONG Vbn,
7362 OUT PLONGLONG Lbn);
7363
7364NTKERNELAPI
7365BOOLEAN
7366NTAPI
7367FsRtlLookupLastBaseMcbEntryAndIndex(
7368 IN PBASE_MCB OpaqueMcb,
7369 IN OUT PLONGLONG LargeVbn,
7370 IN OUT PLONGLONG LargeLbn,
7371 IN OUT PULONG Index);
7372
7373NTKERNELAPI
7374ULONG
7375NTAPI
7376FsRtlNumberOfRunsInBaseMcb(
7377 IN PBASE_MCB Mcb);
7378
7379NTKERNELAPI
7380BOOLEAN
7381NTAPI
7382FsRtlGetNextBaseMcbEntry(
7383 IN PBASE_MCB Mcb,
7384 IN ULONG RunIndex,
7385 OUT PLONGLONG Vbn,
7386 OUT PLONGLONG Lbn,
7387 OUT PLONGLONG SectorCount);
7388
7389NTKERNELAPI
7390BOOLEAN
7391NTAPI
7392FsRtlSplitBaseMcb(
7393 IN PBASE_MCB Mcb,
7394 IN LONGLONG Vbn,
7395 IN LONGLONG Amount);
7396
7397#endif /* (NTDDI_VERSION >= NTDDI_WS03) */
7398
7399#if (NTDDI_VERSION >= NTDDI_VISTA)
7400
7401BOOLEAN
7402NTAPI
7403FsRtlInitializeBaseMcbEx(
7404 IN PBASE_MCB Mcb,
7405 IN POOL_TYPE PoolType,
7406 IN USHORT Flags);
7407
7408NTSTATUS
7409NTAPI
7410FsRtlAddBaseMcbEntryEx(
7411 IN PBASE_MCB Mcb,
7412 IN LONGLONG Vbn,
7413 IN LONGLONG Lbn,
7414 IN LONGLONG SectorCount);
7415
7416NTKERNELAPI
7417BOOLEAN
7418NTAPI
7419FsRtlCurrentOplock(
7420 IN POPLOCK Oplock);
7421
7422NTKERNELAPI
7423NTSTATUS
7424NTAPI
7425FsRtlOplockBreakToNone(
7426 IN OUT POPLOCK Oplock,
7427 IN PIO_STACK_LOCATION IrpSp OPTIONAL,
7428 IN PIRP Irp,
7429 IN PVOID Context OPTIONAL,
7430 IN POPLOCK_WAIT_COMPLETE_ROUTINE CompletionRoutine OPTIONAL,
7431 IN POPLOCK_FS_PREPOST_IRP PostIrpRoutine OPTIONAL);
7432
7433NTKERNELAPI
7434NTSTATUS
7435NTAPI
7436FsRtlNotifyVolumeEventEx(
7437 IN PFILE_OBJECT FileObject,
7438 IN ULONG EventCode,
7439 IN PTARGET_DEVICE_CUSTOM_NOTIFICATION Event);
7440
7441NTKERNELAPI
7442VOID
7443NTAPI
7444FsRtlNotifyCleanupAll(
7445 IN PNOTIFY_SYNC NotifySync,
7446 IN PLIST_ENTRY NotifyList);
7447
7448NTSTATUS
7449NTAPI
7450FsRtlRegisterUncProviderEx(
7451 OUT PHANDLE MupHandle,
7452 IN PUNICODE_STRING RedirDevName,
7453 IN PDEVICE_OBJECT DeviceObject,
7454 IN ULONG Flags);
7455
7456NTKERNELAPI
7457NTSTATUS
7458NTAPI
7459FsRtlCancellableWaitForSingleObject(
7460 IN PVOID Object,
7461 IN PLARGE_INTEGER Timeout OPTIONAL,
7462 IN PIRP Irp OPTIONAL);
7463
7464NTKERNELAPI
7465NTSTATUS
7466NTAPI
7467FsRtlCancellableWaitForMultipleObjects(
7468 IN ULONG Count,
7469 IN PVOID ObjectArray[],
7470 IN WAIT_TYPE WaitType,
7471 IN PLARGE_INTEGER Timeout OPTIONAL,
7472 IN PKWAIT_BLOCK WaitBlockArray OPTIONAL,
7473 IN PIRP Irp OPTIONAL);
7474
7475NTKERNELAPI
7476NTSTATUS
7477NTAPI
7478FsRtlMupGetProviderInfoFromFileObject(
7479 IN PFILE_OBJECT pFileObject,
7480 IN ULONG Level,
7481 OUT PVOID pBuffer,
7482 IN OUT PULONG pBufferSize);
7483
7484NTKERNELAPI
7485NTSTATUS
7486NTAPI
7487FsRtlMupGetProviderIdFromName(
7488 IN PUNICODE_STRING pProviderName,
7489 OUT PULONG32 pProviderId);
7490
7491NTKERNELAPI
7492VOID
7493NTAPI
7494FsRtlIncrementCcFastMdlReadWait(
7495 VOID);
7496
7497NTKERNELAPI
7498NTSTATUS
7499NTAPI
7500FsRtlValidateReparsePointBuffer(
7501 IN ULONG BufferLength,
7502 IN PREPARSE_DATA_BUFFER ReparseBuffer);
7503
7504NTKERNELAPI
7505NTSTATUS
7506NTAPI
7507FsRtlRemoveDotsFromPath(
7508 IN OUT PWSTR OriginalString,
7509 IN USHORT PathLength,
7510 OUT USHORT *NewLength);
7511
7512NTKERNELAPI
7513NTSTATUS
7514NTAPI
7515FsRtlAllocateExtraCreateParameterList(
7516 IN FSRTL_ALLOCATE_ECPLIST_FLAGS Flags,
7517 OUT PECP_LIST *EcpList);
7518
7519NTKERNELAPI
7520VOID
7521NTAPI
7522FsRtlFreeExtraCreateParameterList(
7523 IN PECP_LIST EcpList);
7524
7525NTKERNELAPI
7526NTSTATUS
7527NTAPI
7528FsRtlAllocateExtraCreateParameter(
7529 IN LPCGUID EcpType,
7530 IN ULONG SizeOfContext,
7531 IN FSRTL_ALLOCATE_ECP_FLAGS Flags,
7532 IN PFSRTL_EXTRA_CREATE_PARAMETER_CLEANUP_CALLBACK CleanupCallback OPTIONAL,
7533 IN ULONG PoolTag,
7534 OUT PVOID *EcpContext);
7535
7536NTKERNELAPI
7537VOID
7538NTAPI
7539FsRtlFreeExtraCreateParameter(
7540 IN PVOID EcpContext);
7541
7542NTKERNELAPI
7543VOID
7544NTAPI
7545FsRtlInitExtraCreateParameterLookasideList(
7546 IN OUT PVOID Lookaside,
7547 IN FSRTL_ECP_LOOKASIDE_FLAGS Flags,
7548 IN SIZE_T Size,
7549 IN ULONG Tag);
7550
7551VOID
7552NTAPI
7553FsRtlDeleteExtraCreateParameterLookasideList(
7554 IN OUT PVOID Lookaside,
7555 IN FSRTL_ECP_LOOKASIDE_FLAGS Flags);
7556
7557NTKERNELAPI
7558NTSTATUS
7559NTAPI
7560FsRtlAllocateExtraCreateParameterFromLookasideList(
7561 IN LPCGUID EcpType,
7562 IN ULONG SizeOfContext,
7563 IN FSRTL_ALLOCATE_ECP_FLAGS Flags,
7564 IN PFSRTL_EXTRA_CREATE_PARAMETER_CLEANUP_CALLBACK CleanupCallback OPTIONAL,
7565 IN OUT PVOID LookasideList,
7566 OUT PVOID *EcpContext);
7567
7568NTKERNELAPI
7569NTSTATUS
7570NTAPI
7571FsRtlInsertExtraCreateParameter(
7572 IN OUT PECP_LIST EcpList,
7573 IN OUT PVOID EcpContext);
7574
7575NTKERNELAPI
7576NTSTATUS
7577NTAPI
7578FsRtlFindExtraCreateParameter(
7579 IN PECP_LIST EcpList,
7580 IN LPCGUID EcpType,
7581 OUT PVOID *EcpContext OPTIONAL,
7582 OUT ULONG *EcpContextSize OPTIONAL);
7583
7584NTKERNELAPI
7585NTSTATUS
7586NTAPI
7587FsRtlRemoveExtraCreateParameter(
7588 IN OUT PECP_LIST EcpList,
7589 IN LPCGUID EcpType,
7590 OUT PVOID *EcpContext,
7591 OUT ULONG *EcpContextSize OPTIONAL);
7592
7593NTKERNELAPI
7594NTSTATUS
7595NTAPI
7596FsRtlGetEcpListFromIrp(
7597 IN PIRP Irp,
7598 OUT PECP_LIST *EcpList OPTIONAL);
7599
7600NTKERNELAPI
7601NTSTATUS
7602NTAPI
7603FsRtlSetEcpListIntoIrp(
7604 IN OUT PIRP Irp,
7605 IN PECP_LIST EcpList);
7606
7607NTKERNELAPI
7608NTSTATUS
7609NTAPI
7610FsRtlGetNextExtraCreateParameter(
7611 IN PECP_LIST EcpList,
7612 IN PVOID CurrentEcpContext OPTIONAL,
7613 OUT LPGUID NextEcpType OPTIONAL,
7614 OUT PVOID *NextEcpContext OPTIONAL,
7615 OUT ULONG *NextEcpContextSize OPTIONAL);
7616
7617NTKERNELAPI
7618VOID
7619NTAPI
7620FsRtlAcknowledgeEcp(
7621 IN PVOID EcpContext);
7622
7623NTKERNELAPI
7624BOOLEAN
7625NTAPI
7626FsRtlIsEcpAcknowledged(
7627 IN PVOID EcpContext);
7628
7629NTKERNELAPI
7630BOOLEAN
7631NTAPI
7632FsRtlIsEcpFromUserMode(
7633 IN PVOID EcpContext);
7634
7635NTKERNELAPI
7636NTSTATUS
7637NTAPI
7638FsRtlChangeBackingFileObject(
7639 IN PFILE_OBJECT CurrentFileObject OPTIONAL,
7640 IN PFILE_OBJECT NewFileObject,
7641 IN FSRTL_CHANGE_BACKING_TYPE ChangeBackingType,
7642 IN ULONG Flags);
7643
7644NTKERNELAPI
7645NTSTATUS
7646NTAPI
7647FsRtlLogCcFlushError(
7648 IN PUNICODE_STRING FileName,
7649 IN PDEVICE_OBJECT DeviceObject,
7650 IN PSECTION_OBJECT_POINTERS SectionObjectPointer,
7651 IN NTSTATUS FlushError,
7652 IN ULONG Flags);
7653
7654NTKERNELAPI
7655BOOLEAN
7656NTAPI
7657FsRtlAreVolumeStartupApplicationsComplete(
7658 VOID);
7659
7660NTKERNELAPI
7661ULONG
7662NTAPI
7663FsRtlQueryMaximumVirtualDiskNestingLevel(
7664 VOID);
7665
7666NTKERNELAPI
7667NTSTATUS
7668NTAPI
7669FsRtlGetVirtualDiskNestingLevel(
7670 IN PDEVICE_OBJECT DeviceObject,
7671 OUT PULONG NestingLevel,
7672 OUT PULONG NestingFlags OPTIONAL);
7673
7674#endif /* (NTDDI_VERSION >= NTDDI_VISTA) */
7675
7676#if (NTDDI_VERSION >= NTDDI_VISTASP1)
7677NTKERNELAPI
7678NTSTATUS
7679NTAPI
7680FsRtlCheckOplockEx(
7681 IN POPLOCK Oplock,
7682 IN PIRP Irp,
7683 IN ULONG Flags,
7684 IN PVOID Context OPTIONAL,
7685 IN POPLOCK_WAIT_COMPLETE_ROUTINE CompletionRoutine OPTIONAL,
7686 IN POPLOCK_FS_PREPOST_IRP PostIrpRoutine OPTIONAL);
7687
7688#endif
7689
7690#if (NTDDI_VERSION >= NTDDI_WIN7)
7691
7692NTKERNELAPI
7693BOOLEAN
7694NTAPI
7695FsRtlAreThereCurrentOrInProgressFileLocks(
7696 IN PFILE_LOCK FileLock);
7697
7698NTKERNELAPI
7699BOOLEAN
7700NTAPI
7701FsRtlOplockIsSharedRequest(
7702 IN PIRP Irp);
7703
7704NTKERNELAPI
7705NTSTATUS
7706NTAPI
7707FsRtlOplockBreakH(
7708 IN POPLOCK Oplock,
7709 IN PIRP Irp,
7710 IN ULONG Flags,
7711 IN PVOID Context OPTIONAL,
7712 IN POPLOCK_WAIT_COMPLETE_ROUTINE CompletionRoutine OPTIONAL,
7713 IN POPLOCK_FS_PREPOST_IRP PostIrpRoutine OPTIONAL);
7714
7715NTKERNELAPI
7716BOOLEAN
7717NTAPI
7718FsRtlCurrentOplockH(
7719 IN POPLOCK Oplock);
7720
7721NTKERNELAPI
7722NTSTATUS
7723NTAPI
7724FsRtlOplockBreakToNoneEx(
7725 IN OUT POPLOCK Oplock,
7726 IN PIRP Irp,
7727 IN ULONG Flags,
7728 IN PVOID Context OPTIONAL,
7729 IN POPLOCK_WAIT_COMPLETE_ROUTINE CompletionRoutine OPTIONAL,
7730 IN POPLOCK_FS_PREPOST_IRP PostIrpRoutine OPTIONAL);
7731
7732NTKERNELAPI
7733NTSTATUS
7734NTAPI
7735FsRtlOplockFsctrlEx(
7736 IN POPLOCK Oplock,
7737 IN PIRP Irp,
7738 IN ULONG OpenCount,
7739 IN ULONG Flags);
7740
7741NTKERNELAPI
7742BOOLEAN
7743NTAPI
7744FsRtlOplockKeysEqual(
7745 IN PFILE_OBJECT Fo1 OPTIONAL,
7746 IN PFILE_OBJECT Fo2 OPTIONAL);
7747
7748NTKERNELAPI
7749NTSTATUS
7750NTAPI
7751FsRtlInitializeExtraCreateParameterList(
7752 IN OUT PECP_LIST EcpList);
7753
7754NTKERNELAPI
7755VOID
7756NTAPI
7757FsRtlInitializeExtraCreateParameter(
7758 IN PECP_HEADER Ecp,
7759 IN ULONG EcpFlags,
7760 IN PFSRTL_EXTRA_CREATE_PARAMETER_CLEANUP_CALLBACK CleanupCallback OPTIONAL,
7761 IN ULONG TotalSize,
7762 IN LPCGUID EcpType,
7763 IN PVOID ListAllocatedFrom OPTIONAL);
7764
7765#endif /* (NTDDI_VERSION >= NTDDI_WIN7) */
7766
7767NTKERNELAPI
7768NTSTATUS
7769NTAPI
7770FsRtlInsertPerFileContext(
7771 IN PVOID* PerFileContextPointer,
7772 IN PFSRTL_PER_FILE_CONTEXT Ptr);
7773
7774NTKERNELAPI
7775PFSRTL_PER_FILE_CONTEXT
7776NTAPI
7777FsRtlLookupPerFileContext(
7778 IN PVOID* PerFileContextPointer,
7779 IN PVOID OwnerId OPTIONAL,
7780 IN PVOID InstanceId OPTIONAL);
7781
7782NTKERNELAPI
7783PFSRTL_PER_FILE_CONTEXT
7784NTAPI
7785FsRtlRemovePerFileContext(
7786 IN PVOID* PerFileContextPointer,
7787 IN PVOID OwnerId OPTIONAL,
7788 IN PVOID InstanceId OPTIONAL);
7789
7790NTKERNELAPI
7791VOID
7792NTAPI
7793FsRtlTeardownPerFileContexts(
7794 IN PVOID* PerFileContextPointer);
7795
7796NTKERNELAPI
7797NTSTATUS
7798NTAPI
7799FsRtlInsertPerFileObjectContext(
7800 IN PFILE_OBJECT FileObject,
7801 IN PFSRTL_PER_FILEOBJECT_CONTEXT Ptr);
7802
7803NTKERNELAPI
7804PFSRTL_PER_FILEOBJECT_CONTEXT
7805NTAPI
7806FsRtlLookupPerFileObjectContext(
7807 IN PFILE_OBJECT FileObject,
7808 IN PVOID OwnerId OPTIONAL,
7809 IN PVOID InstanceId OPTIONAL);
7810
7811NTKERNELAPI
7812PFSRTL_PER_FILEOBJECT_CONTEXT
7813NTAPI
7814FsRtlRemovePerFileObjectContext(
7815 IN PFILE_OBJECT FileObject,
7816 IN PVOID OwnerId OPTIONAL,
7817 IN PVOID InstanceId OPTIONAL);
7818
7819#define FsRtlFastLock(A1, A2, A3, A4, A5, A6, A7, A8, A9, A10, A11) ( \
7820 FsRtlPrivateLock(A1, A2, A3, A4, A5, A6, A7, A8, A9, NULL, A10, A11) \
7821)
7822
7823#define FsRtlAreThereCurrentFileLocks(FL) ( \
7824 ((FL)->FastIoIsQuestionable) \
7825)
7826
7827#define FsRtlIncrementLockRequestsInProgress(FL) { \
7828 ASSERT( (FL)->LockRequestsInProgress >= 0 ); \
7829 (void) \
7830 (InterlockedIncrement((LONG volatile *)&((FL)->LockRequestsInProgress)));\
7831}
7832
7833#define FsRtlDecrementLockRequestsInProgress(FL) { \
7834 ASSERT( (FL)->LockRequestsInProgress > 0 ); \
7835 (void) \
7836 (InterlockedDecrement((LONG volatile *)&((FL)->LockRequestsInProgress)));\
7837}
7838
7839/* GCC compatible definition, MS one is retarded */
7840extern NTKERNELAPI const UCHAR * const FsRtlLegalAnsiCharacterArray;
7841#define LEGAL_ANSI_CHARACTER_ARRAY FsRtlLegalAnsiCharacterArray
7842
7843#define FsRtlIsAnsiCharacterWild(C) ( \
7844 FlagOn(FsRtlLegalAnsiCharacterArray[(UCHAR)(C)], FSRTL_WILD_CHARACTER ) \
7845)
7846
7847#define FsRtlIsAnsiCharacterLegalFat(C, WILD) ( \
7848 FlagOn(FsRtlLegalAnsiCharacterArray[(UCHAR)(C)], (FSRTL_FAT_LEGAL) | \
7849 ((WILD) ? FSRTL_WILD_CHARACTER : 0 )) \
7850)
7851
7852#define FsRtlIsAnsiCharacterLegalHpfs(C, WILD) ( \
7853 FlagOn(FsRtlLegalAnsiCharacterArray[(UCHAR)(C)], (FSRTL_HPFS_LEGAL) | \
7854 ((WILD) ? FSRTL_WILD_CHARACTER : 0 )) \
7855)
7856
7857#define FsRtlIsAnsiCharacterLegalNtfs(C, WILD) ( \
7858 FlagOn(FsRtlLegalAnsiCharacterArray[(UCHAR)(C)], (FSRTL_NTFS_LEGAL) | \
7859 ((WILD) ? FSRTL_WILD_CHARACTER : 0 )) \
7860)
7861
7862#define FsRtlIsAnsiCharacterLegalNtfsStream(C,WILD_OK) ( \
7863 FsRtlTestAnsiCharacter((C), TRUE, (WILD_OK), FSRTL_NTFS_STREAM_LEGAL) \
7864)
7865
7866#define FsRtlIsAnsiCharacterLegal(C,FLAGS) ( \
7867 FsRtlTestAnsiCharacter((C), TRUE, FALSE, (FLAGS)) \
7868)
7869
7870#define FsRtlTestAnsiCharacter(C, DEFAULT_RET, WILD_OK, FLAGS) ( \
7871 ((SCHAR)(C) < 0) ? DEFAULT_RET : \
7872 FlagOn( LEGAL_ANSI_CHARACTER_ARRAY[(C)], \
7873 (FLAGS) | \
7874 ((WILD_OK) ? FSRTL_WILD_CHARACTER : 0) ) \
7875)
7876
7877#define FsRtlIsLeadDbcsCharacter(DBCS_CHAR) ( \
7878 (BOOLEAN)((UCHAR)(DBCS_CHAR) < 0x80 ? FALSE : \
7879 (NLS_MB_CODE_PAGE_TAG && \
7880 (NLS_OEM_LEAD_BYTE_INFO[(UCHAR)(DBCS_CHAR)] != 0))) \
7881)
7882
7883#define FsRtlIsUnicodeCharacterWild(C) ( \
7884 (((C) >= 0x40) ? \
7885 FALSE : \
7886 FlagOn(FsRtlLegalAnsiCharacterArray[(C)], FSRTL_WILD_CHARACTER )) \
7887)
7888
7889#define FsRtlInitPerFileContext( _fc, _owner, _inst, _cb) \
7890 ((_fc)->OwnerId = (_owner), \
7891 (_fc)->InstanceId = (_inst), \
7892 (_fc)->FreeCallback = (_cb))
7893
7894#define FsRtlGetPerFileContextPointer(_fo) \
7895 (FsRtlSupportsPerFileContexts(_fo) ? \
7896 FsRtlGetPerStreamContextPointer(_fo)->FileContextSupportPointer : \
7897 NULL)
7898
7899#define FsRtlSupportsPerFileContexts(_fo) \
7900 ((FsRtlGetPerStreamContextPointer(_fo) != NULL) && \
7901 (FsRtlGetPerStreamContextPointer(_fo)->Version >= FSRTL_FCB_HEADER_V1) && \
7902 (FsRtlGetPerStreamContextPointer(_fo)->FileContextSupportPointer != NULL))
7903
7904#define FsRtlSetupAdvancedHeaderEx( _advhdr, _fmutx, _fctxptr ) \
7905{ \
7906 FsRtlSetupAdvancedHeader( _advhdr, _fmutx ); \
7907 if ((_fctxptr) != NULL) { \
7908 (_advhdr)->FileContextSupportPointer = (_fctxptr); \
7909 } \
7910}
7911
7912#define FsRtlGetPerStreamContextPointer(FO) ( \
7913 (PFSRTL_ADVANCED_FCB_HEADER)(FO)->FsContext \
7914)
7915
7916#define FsRtlInitPerStreamContext(PSC, O, I, FC) ( \
7917 (PSC)->OwnerId = (O), \
7918 (PSC)->InstanceId = (I), \
7919 (PSC)->FreeCallback = (FC) \
7920)
7921
7922#define FsRtlSupportsPerStreamContexts(FO) ( \
7923 (BOOLEAN)((NULL != FsRtlGetPerStreamContextPointer(FO) && \
7924 FlagOn(FsRtlGetPerStreamContextPointer(FO)->Flags2, \
7925 FSRTL_FLAG2_SUPPORTS_FILTER_CONTEXTS)) \
7926)
7927
7928#define FsRtlLookupPerStreamContext(_sc, _oid, _iid) \
7929 (((NULL != (_sc)) && \
7930 FlagOn((_sc)->Flags2,FSRTL_FLAG2_SUPPORTS_FILTER_CONTEXTS) && \
7931 !IsListEmpty(&(_sc)->FilterContexts)) ? \
7932 FsRtlLookupPerStreamContextInternal((_sc), (_oid), (_iid)) : \
7933 NULL)
7934
7935FORCEINLINE
7936VOID
7937NTAPI
7938FsRtlSetupAdvancedHeader(
7939 IN PVOID AdvHdr,
7940 IN PFAST_MUTEX FMutex )
7941{
7942 PFSRTL_ADVANCED_FCB_HEADER localAdvHdr = (PFSRTL_ADVANCED_FCB_HEADER)AdvHdr;
7943
7944 localAdvHdr->Flags |= FSRTL_FLAG_ADVANCED_HEADER;
7945 localAdvHdr->Flags2 |= FSRTL_FLAG2_SUPPORTS_FILTER_CONTEXTS;
7946#if (NTDDI_VERSION >= NTDDI_VISTA)
7947 localAdvHdr->Version = FSRTL_FCB_HEADER_V1;
7948#else
7949 localAdvHdr->Version = FSRTL_FCB_HEADER_V0;
7950#endif
7951 InitializeListHead( &localAdvHdr->FilterContexts );
7952 if (FMutex != NULL) {
7953 localAdvHdr->FastMutex = FMutex;
7954 }
7955#if (NTDDI_VERSION >= NTDDI_VISTA)
7956 *((PULONG_PTR)(&localAdvHdr->PushLock)) = 0;
7957 localAdvHdr->FileContextSupportPointer = NULL;
7958#endif
7959}
7960
7961#define FsRtlInitPerFileObjectContext(_fc, _owner, _inst) \
7962 ((_fc)->OwnerId = (_owner), (_fc)->InstanceId = (_inst))
7963
7964#define FsRtlCompleteRequest(IRP,STATUS) { \
7965 (IRP)->IoStatus.Status = (STATUS); \
7966 IoCompleteRequest( (IRP), IO_DISK_INCREMENT ); \
7967}
7968/* Common Cache Types */
7969
7970#define VACB_MAPPING_GRANULARITY (0x40000)
7971#define VACB_OFFSET_SHIFT (18)
7972
7973typedef struct _PUBLIC_BCB {
7974 CSHORT NodeTypeCode;
7975 CSHORT NodeByteSize;
7976 ULONG MappedLength;
7977 LARGE_INTEGER MappedFileOffset;
7978} PUBLIC_BCB, *PPUBLIC_BCB;
7979
7980typedef struct _CC_FILE_SIZES {
7981 LARGE_INTEGER AllocationSize;
7982 LARGE_INTEGER FileSize;
7983 LARGE_INTEGER ValidDataLength;
7984} CC_FILE_SIZES, *PCC_FILE_SIZES;
7985
7986typedef BOOLEAN
7987(NTAPI *PACQUIRE_FOR_LAZY_WRITE) (
7988 IN PVOID Context,
7989 IN BOOLEAN Wait);
7990
7991typedef VOID
7992(NTAPI *PRELEASE_FROM_LAZY_WRITE) (
7993 IN PVOID Context);
7994
7995typedef BOOLEAN
7996(NTAPI *PACQUIRE_FOR_READ_AHEAD) (
7997 IN PVOID Context,
7998 IN BOOLEAN Wait);
7999
8000typedef VOID
8001(NTAPI *PRELEASE_FROM_READ_AHEAD) (
8002 IN PVOID Context);
8003
8004typedef struct _CACHE_MANAGER_CALLBACKS {
8005 PACQUIRE_FOR_LAZY_WRITE AcquireForLazyWrite;
8006 PRELEASE_FROM_LAZY_WRITE ReleaseFromLazyWrite;
8007 PACQUIRE_FOR_READ_AHEAD AcquireForReadAhead;
8008 PRELEASE_FROM_READ_AHEAD ReleaseFromReadAhead;
8009} CACHE_MANAGER_CALLBACKS, *PCACHE_MANAGER_CALLBACKS;
8010
8011typedef struct _CACHE_UNINITIALIZE_EVENT {
8012 struct _CACHE_UNINITIALIZE_EVENT *Next;
8013 KEVENT Event;
8014} CACHE_UNINITIALIZE_EVENT, *PCACHE_UNINITIALIZE_EVENT;
8015
8016typedef VOID
8017(NTAPI *PDIRTY_PAGE_ROUTINE) (
8018 IN PFILE_OBJECT FileObject,
8019 IN PLARGE_INTEGER FileOffset,
8020 IN ULONG Length,
8021 IN PLARGE_INTEGER OldestLsn,
8022 IN PLARGE_INTEGER NewestLsn,
8023 IN PVOID Context1,
8024 IN PVOID Context2);
8025
8026typedef VOID
8027(NTAPI *PFLUSH_TO_LSN) (
8028 IN PVOID LogHandle,
8029 IN LARGE_INTEGER Lsn);
8030
8031typedef VOID
8032(NTAPI *PCC_POST_DEFERRED_WRITE) (
8033 IN PVOID Context1,
8034 IN PVOID Context2);
8035
8036#define UNINITIALIZE_CACHE_MAPS (1)
8037#define DO_NOT_RETRY_PURGE (2)
8038#define DO_NOT_PURGE_DIRTY_PAGES (0x4)
8039
8040#define CC_FLUSH_AND_PURGE_NO_PURGE (0x1)
8041/* Common Cache Functions */
8042
8043#define CcIsFileCached(FO) ( \
8044 ((FO)->SectionObjectPointer != NULL) && \
8045 (((PSECTION_OBJECT_POINTERS)(FO)->SectionObjectPointer)->SharedCacheMap != NULL) \
8046)
8047
8048extern ULONG CcFastMdlReadWait;
8049
8050#if (NTDDI_VERSION >= NTDDI_WIN2K)
8051
8052NTKERNELAPI
8053VOID
8054NTAPI
8055CcInitializeCacheMap(
8056 IN PFILE_OBJECT FileObject,
8057 IN PCC_FILE_SIZES FileSizes,
8058 IN BOOLEAN PinAccess,
8059 IN PCACHE_MANAGER_CALLBACKS Callbacks,
8060 IN PVOID LazyWriteContext);
8061
8062NTKERNELAPI
8063BOOLEAN
8064NTAPI
8065CcUninitializeCacheMap(
8066 IN PFILE_OBJECT FileObject,
8067 IN PLARGE_INTEGER TruncateSize OPTIONAL,
8068 IN PCACHE_UNINITIALIZE_EVENT UninitializeCompleteEvent OPTIONAL);
8069
8070NTKERNELAPI
8071VOID
8072NTAPI
8073CcSetFileSizes(
8074 IN PFILE_OBJECT FileObject,
8075 IN PCC_FILE_SIZES FileSizes);
8076
8077NTKERNELAPI
8078VOID
8079NTAPI
8080CcSetDirtyPageThreshold(
8081 IN PFILE_OBJECT FileObject,
8082 IN ULONG DirtyPageThreshold);
8083
8084NTKERNELAPI
8085VOID
8086NTAPI
8087CcFlushCache(
8088 IN PSECTION_OBJECT_POINTERS SectionObjectPointer,
8089 IN PLARGE_INTEGER FileOffset OPTIONAL,
8090 IN ULONG Length,
8091 OUT PIO_STATUS_BLOCK IoStatus OPTIONAL);
8092
8093NTKERNELAPI
8094LARGE_INTEGER
8095NTAPI
8096CcGetFlushedValidData(
8097 IN PSECTION_OBJECT_POINTERS SectionObjectPointer,
8098 IN BOOLEAN BcbListHeld);
8099
8100NTKERNELAPI
8101BOOLEAN
8102NTAPI
8103CcZeroData(
8104 IN PFILE_OBJECT FileObject,
8105 IN PLARGE_INTEGER StartOffset,
8106 IN PLARGE_INTEGER EndOffset,
8107 IN BOOLEAN Wait);
8108
8109NTKERNELAPI
8110PVOID
8111NTAPI
8112CcRemapBcb(
8113 IN PVOID Bcb);
8114
8115NTKERNELAPI
8116VOID
8117NTAPI
8118CcRepinBcb(
8119 IN PVOID Bcb);
8120
8121NTKERNELAPI
8122VOID
8123NTAPI
8124CcUnpinRepinnedBcb(
8125 IN PVOID Bcb,
8126 IN BOOLEAN WriteThrough,
8127 OUT PIO_STATUS_BLOCK IoStatus);
8128
8129NTKERNELAPI
8130PFILE_OBJECT
8131NTAPI
8132CcGetFileObjectFromSectionPtrs(
8133 IN PSECTION_OBJECT_POINTERS SectionObjectPointer);
8134
8135NTKERNELAPI
8136PFILE_OBJECT
8137NTAPI
8138CcGetFileObjectFromBcb(
8139 IN PVOID Bcb);
8140
8141NTKERNELAPI
8142BOOLEAN
8143NTAPI
8144CcCanIWrite(
8145 IN PFILE_OBJECT FileObject,
8146 IN ULONG BytesToWrite,
8147 IN BOOLEAN Wait,
8148 IN BOOLEAN Retrying);
8149
8150NTKERNELAPI
8151VOID
8152NTAPI
8153CcDeferWrite(
8154 IN PFILE_OBJECT FileObject,
8155 IN PCC_POST_DEFERRED_WRITE PostRoutine,
8156 IN PVOID Context1,
8157 IN PVOID Context2,
8158 IN ULONG BytesToWrite,
8159 IN BOOLEAN Retrying);
8160
8161NTKERNELAPI
8162BOOLEAN
8163NTAPI
8164CcCopyRead(
8165 IN PFILE_OBJECT FileObject,
8166 IN PLARGE_INTEGER FileOffset,
8167 IN ULONG Length,
8168 IN BOOLEAN Wait,
8169 OUT PVOID Buffer,
8170 OUT PIO_STATUS_BLOCK IoStatus);
8171
8172NTKERNELAPI
8173VOID
8174NTAPI
8175CcFastCopyRead(
8176 IN PFILE_OBJECT FileObject,
8177 IN ULONG FileOffset,
8178 IN ULONG Length,
8179 IN ULONG PageCount,
8180 OUT PVOID Buffer,
8181 OUT PIO_STATUS_BLOCK IoStatus);
8182
8183NTKERNELAPI
8184BOOLEAN
8185NTAPI
8186CcCopyWrite(
8187 IN PFILE_OBJECT FileObject,
8188 IN PLARGE_INTEGER FileOffset,
8189 IN ULONG Length,
8190 IN BOOLEAN Wait,
8191 IN PVOID Buffer);
8192
8193NTKERNELAPI
8194VOID
8195NTAPI
8196CcFastCopyWrite(
8197 IN PFILE_OBJECT FileObject,
8198 IN ULONG FileOffset,
8199 IN ULONG Length,
8200 IN PVOID Buffer);
8201
8202NTKERNELAPI
8203VOID
8204NTAPI
8205CcMdlRead(
8206 IN PFILE_OBJECT FileObject,
8207 IN PLARGE_INTEGER FileOffset,
8208 IN ULONG Length,
8209 OUT PMDL *MdlChain,
8210 OUT PIO_STATUS_BLOCK IoStatus);
8211
8212NTKERNELAPI
8213VOID
8214NTAPI
8215CcMdlReadComplete(
8216 IN PFILE_OBJECT FileObject,
8217 IN PMDL MdlChain);
8218
8219NTKERNELAPI
8220VOID
8221NTAPI
8222CcPrepareMdlWrite(
8223 IN PFILE_OBJECT FileObject,
8224 IN PLARGE_INTEGER FileOffset,
8225 IN ULONG Length,
8226 OUT PMDL *MdlChain,
8227 OUT PIO_STATUS_BLOCK IoStatus);
8228
8229NTKERNELAPI
8230VOID
8231NTAPI
8232CcMdlWriteComplete(
8233 IN PFILE_OBJECT FileObject,
8234 IN PLARGE_INTEGER FileOffset,
8235 IN PMDL MdlChain);
8236
8237NTKERNELAPI
8238VOID
8239NTAPI
8240CcScheduleReadAhead(
8241 IN PFILE_OBJECT FileObject,
8242 IN PLARGE_INTEGER FileOffset,
8243 IN ULONG Length);
8244
8245NTKERNELAPI
8246NTSTATUS
8247NTAPI
8248CcWaitForCurrentLazyWriterActivity(
8249 VOID);
8250
8251NTKERNELAPI
8252VOID
8253NTAPI
8254CcSetReadAheadGranularity(
8255 IN PFILE_OBJECT FileObject,
8256 IN ULONG Granularity);
8257
8258NTKERNELAPI
8259BOOLEAN
8260NTAPI
8261CcPinRead(
8262 IN PFILE_OBJECT FileObject,
8263 IN PLARGE_INTEGER FileOffset,
8264 IN ULONG Length,
8265 IN ULONG Flags,
8266 OUT PVOID *Bcb,
8267 OUT PVOID *Buffer);
8268
8269NTKERNELAPI
8270BOOLEAN
8271NTAPI
8272CcPinMappedData(
8273 IN PFILE_OBJECT FileObject,
8274 IN PLARGE_INTEGER FileOffset,
8275 IN ULONG Length,
8276 IN ULONG Flags,
8277 IN OUT PVOID *Bcb);
8278
8279NTKERNELAPI
8280BOOLEAN
8281NTAPI
8282CcPreparePinWrite(
8283 IN PFILE_OBJECT FileObject,
8284 IN PLARGE_INTEGER FileOffset,
8285 IN ULONG Length,
8286 IN BOOLEAN Zero,
8287 IN ULONG Flags,
8288 OUT PVOID *Bcb,
8289 OUT PVOID *Buffer);
8290
8291NTKERNELAPI
8292VOID
8293NTAPI
8294CcSetDirtyPinnedData(
8295 IN PVOID BcbVoid,
8296 IN PLARGE_INTEGER Lsn OPTIONAL);
8297
8298NTKERNELAPI
8299VOID
8300NTAPI
8301CcUnpinData(
8302 IN PVOID Bcb);
8303
8304NTKERNELAPI
8305VOID
8306NTAPI
8307CcSetBcbOwnerPointer(
8308 IN PVOID Bcb,
8309 IN PVOID OwnerPointer);
8310
8311NTKERNELAPI
8312VOID
8313NTAPI
8314CcUnpinDataForThread(
8315 IN PVOID Bcb,
8316 IN ERESOURCE_THREAD ResourceThreadId);
8317
8318NTKERNELAPI
8319VOID
8320NTAPI
8321CcSetAdditionalCacheAttributes(
8322 IN PFILE_OBJECT FileObject,
8323 IN BOOLEAN DisableReadAhead,
8324 IN BOOLEAN DisableWriteBehind);
8325
8326NTKERNELAPI
8327BOOLEAN
8328NTAPI
8329CcIsThereDirtyData(
8330 IN PVPB Vpb);
8331
8332#endif /* (NTDDI_VERSION >= NTDDI_WIN2K) */
8333
8334#if (NTDDI_VERSION >= NTDDI_WINXP)
8335
8336NTKERNELAPI
8337VOID
8338NTAPI
8339CcMdlWriteAbort(
8340 IN PFILE_OBJECT FileObject,
8341 IN PMDL MdlChain);
8342
8343NTKERNELAPI
8344VOID
8345NTAPI
8346CcSetLogHandleForFile(
8347 IN PFILE_OBJECT FileObject,
8348 IN PVOID LogHandle,
8349 IN PFLUSH_TO_LSN FlushToLsnRoutine);
8350
8351NTKERNELAPI
8352LARGE_INTEGER
8353NTAPI
8354CcGetDirtyPages(
8355 IN PVOID LogHandle,
8356 IN PDIRTY_PAGE_ROUTINE DirtyPageRoutine,
8357 IN PVOID Context1,
8358 IN PVOID Context2);
8359
8360#endif
8361
8362#if (NTDDI_VERSION >= NTDDI_WINXP)
8363NTKERNELAPI
8364BOOLEAN
8365NTAPI
8366CcMapData(
8367 IN PFILE_OBJECT FileObject,
8368 IN PLARGE_INTEGER FileOffset,
8369 IN ULONG Length,
8370 IN ULONG Flags,
8371 OUT PVOID *Bcb,
8372 OUT PVOID *Buffer);
8373#elif (NTDDI_VERSION >= NTDDI_WIN2K)
8374NTKERNELAPI
8375BOOLEAN
8376NTAPI
8377CcMapData(
8378 IN PFILE_OBJECT FileObject,
8379 IN PLARGE_INTEGER FileOffset,
8380 IN ULONG Length,
8381 IN BOOLEAN Wait,
8382 OUT PVOID *Bcb,
8383 OUT PVOID *Buffer);
8384#endif
8385
8386#if (NTDDI_VERSION >= NTDDI_VISTA)
8387
8388NTKERNELAPI
8389NTSTATUS
8390NTAPI
8391CcSetFileSizesEx(
8392 IN PFILE_OBJECT FileObject,
8393 IN PCC_FILE_SIZES FileSizes);
8394
8395NTKERNELAPI
8396PFILE_OBJECT
8397NTAPI
8398CcGetFileObjectFromSectionPtrsRef(
8399 IN PSECTION_OBJECT_POINTERS SectionObjectPointer);
8400
8401NTKERNELAPI
8402VOID
8403NTAPI
8404CcSetParallelFlushFile(
8405 IN PFILE_OBJECT FileObject,
8406 IN BOOLEAN EnableParallelFlush);
8407
8408NTKERNELAPI
8409BOOLEAN
8410CcIsThereDirtyDataEx(
8411 IN PVPB Vpb,
8412 IN PULONG NumberOfDirtyPages OPTIONAL);
8413
8414#endif
8415
8416#if (NTDDI_VERSION >= NTDDI_WIN7)
8417NTKERNELAPI
8418VOID
8419NTAPI
8420CcCoherencyFlushAndPurgeCache(
8421 IN PSECTION_OBJECT_POINTERS SectionObjectPointer,
8422 IN PLARGE_INTEGER FileOffset OPTIONAL,
8423 IN ULONG Length,
8424 OUT PIO_STATUS_BLOCK IoStatus,
8425 IN ULONG Flags OPTIONAL);
8426#endif
8427
8428#define CcGetFileSizePointer(FO) ( \
8429 ((PLARGE_INTEGER)((FO)->SectionObjectPointer->SharedCacheMap) + 1) \
8430)
8431
8432#if (NTDDI_VERSION >= NTDDI_VISTA)
8433NTKERNELAPI
8434BOOLEAN
8435NTAPI
8436CcPurgeCacheSection(
8437 IN PSECTION_OBJECT_POINTERS SectionObjectPointer,
8438 IN PLARGE_INTEGER FileOffset OPTIONAL,
8439 IN ULONG Length,
8440 IN ULONG Flags);
8441#elif (NTDDI_VERSION >= NTDDI_WIN2K)
8442NTKERNELAPI
8443BOOLEAN
8444NTAPI
8445CcPurgeCacheSection(
8446 IN PSECTION_OBJECT_POINTERS SectionObjectPointer,
8447 IN PLARGE_INTEGER FileOffset OPTIONAL,
8448 IN ULONG Length,
8449 IN BOOLEAN UninitializeCacheMaps);
8450#endif
8451
8452#if (NTDDI_VERSION >= NTDDI_WIN7)
8453NTKERNELAPI
8454BOOLEAN
8455NTAPI
8456CcCopyWriteWontFlush(
8457 IN PFILE_OBJECT FileObject,
8458 IN PLARGE_INTEGER FileOffset,
8459 IN ULONG Length);
8460#else
8461#define CcCopyWriteWontFlush(FO, FOFF, LEN) ((LEN) <= 0x10000)
8462#endif
8463
8464#define CcReadAhead(FO, FOFF, LEN) ( \
8465 if ((LEN) >= 256) { \
8466 CcScheduleReadAhead((FO), (FOFF), (LEN)); \
8467 } \
8468)
8469
8470
8471/******************************************************************************
8472 * ZwXxx Functions *
8473 ******************************************************************************/
8474
8475NTSYSAPI
8476NTSTATUS
8477NTAPI
8478ZwQueryEaFile(
8479 IN HANDLE FileHandle,
8480 OUT PIO_STATUS_BLOCK IoStatusBlock,
8481 OUT PVOID Buffer,
8482 IN ULONG Length,
8483 IN BOOLEAN ReturnSingleEntry,
8484 IN PVOID EaList OPTIONAL,
8485 IN ULONG EaListLength,
8486 IN PULONG EaIndex OPTIONAL,
8487 IN BOOLEAN RestartScan);
8488
8489NTSYSAPI
8490NTSTATUS
8491NTAPI
8492ZwSetEaFile(
8493 IN HANDLE FileHandle,
8494 OUT PIO_STATUS_BLOCK IoStatusBlock,
8495 OUT PVOID Buffer,
8496 IN ULONG Length);
8497
8498NTSYSAPI
8499NTSTATUS
8500NTAPI
8501ZwDuplicateToken(
8502 IN HANDLE ExistingTokenHandle,
8503 IN ACCESS_MASK DesiredAccess,
8504 IN POBJECT_ATTRIBUTES ObjectAttributes,
8505 IN BOOLEAN EffectiveOnly,
8506 IN TOKEN_TYPE TokenType,
8507 OUT PHANDLE NewTokenHandle);
8508
8509#if (NTDDI_VERSION >= NTDDI_WIN2K)
8510
8511NTSYSAPI
8512NTSTATUS
8513NTAPI
8514ZwQueryObject(
8515 IN HANDLE Handle OPTIONAL,
8516 IN OBJECT_INFORMATION_CLASS ObjectInformationClass,
8517 OUT PVOID ObjectInformation OPTIONAL,
8518 IN ULONG ObjectInformationLength,
8519 OUT PULONG ReturnLength OPTIONAL);
8520
8521NTSYSAPI
8522NTSTATUS
8523NTAPI
8524ZwNotifyChangeKey(
8525 IN HANDLE KeyHandle,
8526 IN HANDLE EventHandle OPTIONAL,
8527 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
8528 IN PVOID ApcContext OPTIONAL,
8529 OUT PIO_STATUS_BLOCK IoStatusBlock,
8530 IN ULONG NotifyFilter,
8531 IN BOOLEAN WatchSubtree,
8532 OUT PVOID Buffer,
8533 IN ULONG BufferLength,
8534 IN BOOLEAN Asynchronous);
8535
8536NTSYSAPI
8537NTSTATUS
8538NTAPI
8539ZwCreateEvent(
8540 OUT PHANDLE EventHandle,
8541 IN ACCESS_MASK DesiredAccess,
8542 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
8543 IN EVENT_TYPE EventType,
8544 IN BOOLEAN InitialState);
8545
8546NTSYSAPI
8547NTSTATUS
8548NTAPI
8549ZwDeleteFile(
8550 IN POBJECT_ATTRIBUTES ObjectAttributes);
8551
8552NTSYSAPI
8553NTSTATUS
8554NTAPI
8555ZwQueryDirectoryFile(
8556 IN HANDLE FileHandle,
8557 IN HANDLE Event OPTIONAL,
8558 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
8559 IN PVOID ApcContext OPTIONAL,
8560 OUT PIO_STATUS_BLOCK IoStatusBlock,
8561 OUT PVOID FileInformation,
8562 IN ULONG Length,
8563 IN FILE_INFORMATION_CLASS FileInformationClass,
8564 IN BOOLEAN ReturnSingleEntry,
8565 IN PUNICODE_STRING FileName OPTIONAL,
8566 IN BOOLEAN RestartScan);
8567
8568NTSYSAPI
8569NTSTATUS
8570NTAPI
8571ZwSetVolumeInformationFile(
8572 IN HANDLE FileHandle,
8573 OUT PIO_STATUS_BLOCK IoStatusBlock,
8574 IN PVOID FsInformation,
8575 IN ULONG Length,
8576 IN FS_INFORMATION_CLASS FsInformationClass);
8577
8578NTSYSAPI
8579NTSTATUS
8580NTAPI
8581ZwFsControlFile(
8582 IN HANDLE FileHandle,
8583 IN HANDLE Event OPTIONAL,
8584 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
8585 IN PVOID ApcContext OPTIONAL,
8586 OUT PIO_STATUS_BLOCK IoStatusBlock,
8587 IN ULONG FsControlCode,
8588 IN PVOID InputBuffer OPTIONAL,
8589 IN ULONG InputBufferLength,
8590 OUT PVOID OutputBuffer OPTIONAL,
8591 IN ULONG OutputBufferLength);
8592
8593NTSYSAPI
8594NTSTATUS
8595NTAPI
8596ZwDuplicateObject(
8597 IN HANDLE SourceProcessHandle,
8598 IN HANDLE SourceHandle,
8599 IN HANDLE TargetProcessHandle OPTIONAL,
8600 OUT PHANDLE TargetHandle OPTIONAL,
8601 IN ACCESS_MASK DesiredAccess,
8602 IN ULONG HandleAttributes,
8603 IN ULONG Options);
8604
8605NTSYSAPI
8606NTSTATUS
8607NTAPI
8608ZwOpenDirectoryObject(
8609 OUT PHANDLE DirectoryHandle,
8610 IN ACCESS_MASK DesiredAccess,
8611 IN POBJECT_ATTRIBUTES ObjectAttributes);
8612
8613NTSYSAPI
8614NTSTATUS
8615NTAPI
8616ZwAllocateVirtualMemory(
8617 IN HANDLE ProcessHandle,
8618 IN OUT PVOID *BaseAddress,
8619 IN ULONG_PTR ZeroBits,
8620 IN OUT PSIZE_T RegionSize,
8621 IN ULONG AllocationType,
8622 IN ULONG Protect);
8623
8624NTSYSAPI
8625NTSTATUS
8626NTAPI
8627ZwFreeVirtualMemory(
8628 IN HANDLE ProcessHandle,
8629 IN OUT PVOID *BaseAddress,
8630 IN OUT PSIZE_T RegionSize,
8631 IN ULONG FreeType);
8632
8633NTSYSAPI
8634NTSTATUS
8635NTAPI
8636ZwWaitForSingleObject(
8637 IN HANDLE Handle,
8638 IN BOOLEAN Alertable,
8639 IN PLARGE_INTEGER Timeout OPTIONAL);
8640
8641NTSYSAPI
8642NTSTATUS
8643NTAPI
8644ZwSetEvent(
8645 IN HANDLE EventHandle,
8646 OUT PLONG PreviousState OPTIONAL);
8647
8648NTSYSAPI
8649NTSTATUS
8650NTAPI
8651ZwFlushVirtualMemory(
8652 IN HANDLE ProcessHandle,
8653 IN OUT PVOID *BaseAddress,
8654 IN OUT PSIZE_T RegionSize,
8655 OUT PIO_STATUS_BLOCK IoStatusBlock);
8656
8657NTSYSAPI
8658NTSTATUS
8659NTAPI
8660ZwQueryInformationToken(
8661 IN HANDLE TokenHandle,
8662 IN TOKEN_INFORMATION_CLASS TokenInformationClass,
8663 OUT PVOID TokenInformation,
8664 IN ULONG Length,
8665 OUT PULONG ResultLength);
8666
8667NTSYSAPI
8668NTSTATUS
8669NTAPI
8670ZwSetSecurityObject(
8671 IN HANDLE Handle,
8672 IN SECURITY_INFORMATION SecurityInformation,
8673 IN PSECURITY_DESCRIPTOR SecurityDescriptor);
8674
8675NTSYSAPI
8676NTSTATUS
8677NTAPI
8678ZwQuerySecurityObject(
8679 IN HANDLE FileHandle,
8680 IN SECURITY_INFORMATION SecurityInformation,
8681 OUT PSECURITY_DESCRIPTOR SecurityDescriptor,
8682 IN ULONG Length,
8683 OUT PULONG ResultLength);
8684#endif /* (NTDDI_VERSION >= NTDDI_WIN2K) */
8685
8686#if (NTDDI_VERSION >= NTDDI_WINXP)
8687
8688NTSYSAPI
8689NTSTATUS
8690NTAPI
8691ZwOpenProcessTokenEx(
8692 IN HANDLE ProcessHandle,
8693 IN ACCESS_MASK DesiredAccess,
8694 IN ULONG HandleAttributes,
8695 OUT PHANDLE TokenHandle);
8696
8697NTSYSAPI
8698NTSTATUS
8699NTAPI
8700ZwOpenThreadTokenEx(
8701 IN HANDLE ThreadHandle,
8702 IN ACCESS_MASK DesiredAccess,
8703 IN BOOLEAN OpenAsSelf,
8704 IN ULONG HandleAttributes,
8705 OUT PHANDLE TokenHandle);
8706
8707#endif /* (NTDDI_VERSION >= NTDDI_WINXP) */
8708
8709#if (NTDDI_VERSION >= NTDDI_VISTA)
8710
8711NTSYSAPI
8712NTSTATUS
8713NTAPI
8714ZwLockFile(
8715 IN HANDLE FileHandle,
8716 IN HANDLE Event OPTIONAL,
8717 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
8718 IN PVOID ApcContext OPTIONAL,
8719 OUT PIO_STATUS_BLOCK IoStatusBlock,
8720 IN PLARGE_INTEGER ByteOffset,
8721 IN PLARGE_INTEGER Length,
8722 IN ULONG Key,
8723 IN BOOLEAN FailImmediately,
8724 IN BOOLEAN ExclusiveLock);
8725
8726NTSYSAPI
8727NTSTATUS
8728NTAPI
8729ZwUnlockFile(
8730 IN HANDLE FileHandle,
8731 OUT PIO_STATUS_BLOCK IoStatusBlock,
8732 IN PLARGE_INTEGER ByteOffset,
8733 IN PLARGE_INTEGER Length,
8734 IN ULONG Key);
8735
8736NTSYSAPI
8737NTSTATUS
8738NTAPI
8739ZwQueryQuotaInformationFile(
8740 IN HANDLE FileHandle,
8741 OUT PIO_STATUS_BLOCK IoStatusBlock,
8742 OUT PVOID Buffer,
8743 IN ULONG Length,
8744 IN BOOLEAN ReturnSingleEntry,
8745 IN PVOID SidList,
8746 IN ULONG SidListLength,
8747 IN PSID StartSid OPTIONAL,
8748 IN BOOLEAN RestartScan);
8749
8750NTSYSAPI
8751NTSTATUS
8752NTAPI
8753ZwSetQuotaInformationFile(
8754 IN HANDLE FileHandle,
8755 OUT PIO_STATUS_BLOCK IoStatusBlock,
8756 IN PVOID Buffer,
8757 IN ULONG Length);
8758
8759NTSYSAPI
8760NTSTATUS
8761NTAPI
8762ZwFlushBuffersFile(
8763 IN HANDLE FileHandle,
8764 OUT PIO_STATUS_BLOCK IoStatusBlock);
8765#endif /* (NTDDI_VERSION >= NTDDI_VISTA) */
8766
8767#if (NTDDI_VERSION >= NTDDI_WIN7)
8768
8769NTSYSAPI
8770NTSTATUS
8771NTAPI
8772ZwSetInformationToken(
8773 IN HANDLE TokenHandle,
8774 IN TOKEN_INFORMATION_CLASS TokenInformationClass,
8775 IN PVOID TokenInformation,
8776 IN ULONG TokenInformationLength);
8777#endif /* (NTDDI_VERSION >= NTDDI_WIN7) */
8778
8779
8780/* #if !defined(_X86AMD64_) FIXME : WHAT ?! */
8781#if defined(_WIN64)
8782
8783C_ASSERT(sizeof(ERESOURCE) == 0x68);
8784C_ASSERT(FIELD_OFFSET(ERESOURCE,ActiveCount) == 0x18);
8785C_ASSERT(FIELD_OFFSET(ERESOURCE,Flag) == 0x1a);
8786
8787#else
8788
8789C_ASSERT(sizeof(ERESOURCE) == 0x38);
8790C_ASSERT(FIELD_OFFSET(ERESOURCE,ActiveCount) == 0x0c);
8791C_ASSERT(FIELD_OFFSET(ERESOURCE,Flag) == 0x0e);
8792
8793#endif
8794/* #endif */
8795
8796#if defined(_IA64_)
8797#if (NTDDI_VERSION >= NTDDI_WIN2K)
8798//DECLSPEC_DEPRECATED_DDK
8799NTHALAPI
8800ULONG
8801NTAPI
8802HalGetDmaAlignmentRequirement(
8803 VOID);
8804#endif
8805#endif
8806
8807#if defined(_M_IX86) || defined(_M_AMD64)
8808#define HalGetDmaAlignmentRequirement() 1L
8809#endif
8810
8811extern NTKERNELAPI PUSHORT NlsOemLeadByteInfo;
8812#define NLS_OEM_LEAD_BYTE_INFO NlsOemLeadByteInfo
8813
8814#ifdef NLS_MB_CODE_PAGE_TAG
8815#undef NLS_MB_CODE_PAGE_TAG
8816#endif
8817#define NLS_MB_CODE_PAGE_TAG NlsMbOemCodePageTag
8818
8819#if (NTDDI_VERSION >= NTDDI_VISTA)
8820
8821typedef enum _NETWORK_OPEN_LOCATION_QUALIFIER {
8822 NetworkOpenLocationAny,
8823 NetworkOpenLocationRemote,
8824 NetworkOpenLocationLoopback
8825} NETWORK_OPEN_LOCATION_QUALIFIER;
8826
8827typedef enum _NETWORK_OPEN_INTEGRITY_QUALIFIER {
8828 NetworkOpenIntegrityAny,
8829 NetworkOpenIntegrityNone,
8830 NetworkOpenIntegritySigned,
8831 NetworkOpenIntegrityEncrypted,
8832 NetworkOpenIntegrityMaximum
8833} NETWORK_OPEN_INTEGRITY_QUALIFIER;
8834
8835#if (NTDDI_VERSION >= NTDDI_WIN7)
8836
8837#define NETWORK_OPEN_ECP_IN_FLAG_DISABLE_HANDLE_COLLAPSING 0x1
8838#define NETWORK_OPEN_ECP_IN_FLAG_DISABLE_HANDLE_DURABILITY 0x2
8839#define NETWORK_OPEN_ECP_IN_FLAG_FORCE_BUFFERED_SYNCHRONOUS_IO_HACK 0x80000000
8840
8841typedef struct _NETWORK_OPEN_ECP_CONTEXT {
8842 USHORT Size;
8843 USHORT Reserved;
8844 _ANONYMOUS_STRUCT struct {
8845 struct {
8846 NETWORK_OPEN_LOCATION_QUALIFIER Location;
8847 NETWORK_OPEN_INTEGRITY_QUALIFIER Integrity;
8848 ULONG Flags;
8849 } in;
8850 struct {
8851 NETWORK_OPEN_LOCATION_QUALIFIER Location;
8852 NETWORK_OPEN_INTEGRITY_QUALIFIER Integrity;
8853 ULONG Flags;
8854 } out;
8855 } DUMMYSTRUCTNAME;
8856} NETWORK_OPEN_ECP_CONTEXT, *PNETWORK_OPEN_ECP_CONTEXT;
8857
8858typedef struct _NETWORK_OPEN_ECP_CONTEXT_V0 {
8859 USHORT Size;
8860 USHORT Reserved;
8861 _ANONYMOUS_STRUCT struct {
8862 struct {
8863 NETWORK_OPEN_LOCATION_QUALIFIER Location;
8864 NETWORK_OPEN_INTEGRITY_QUALIFIER Integrity;
8865 } in;
8866 struct {
8867 NETWORK_OPEN_LOCATION_QUALIFIER Location;
8868 NETWORK_OPEN_INTEGRITY_QUALIFIER Integrity;
8869 } out;
8870 } DUMMYSTRUCTNAME;
8871} NETWORK_OPEN_ECP_CONTEXT_V0, *PNETWORK_OPEN_ECP_CONTEXT_V0;
8872
8873#elif (NTDDI_VERSION >= NTDDI_VISTA)
8874typedef struct _NETWORK_OPEN_ECP_CONTEXT {
8875 USHORT Size;
8876 USHORT Reserved;
8877 _ANONYMOUS_STRUCT struct {
8878 struct {
8879 NETWORK_OPEN_LOCATION_QUALIFIER Location;
8880 NETWORK_OPEN_INTEGRITY_QUALIFIER Integrity;
8881 } in;
8882 struct {
8883 NETWORK_OPEN_LOCATION_QUALIFIER Location;
8884 NETWORK_OPEN_INTEGRITY_QUALIFIER Integrity;
8885 } out;
8886 } DUMMYSTRUCTNAME;
8887} NETWORK_OPEN_ECP_CONTEXT, *PNETWORK_OPEN_ECP_CONTEXT;
8888#endif
8889
8890DEFINE_GUID(GUID_ECP_NETWORK_OPEN_CONTEXT, 0xc584edbf, 0x00df, 0x4d28, 0xb8, 0x84, 0x35, 0xba, 0xca, 0x89, 0x11, 0xe8);
8891
8892#endif /* (NTDDI_VERSION >= NTDDI_VISTA) */
8893
8894
8895#if (NTDDI_VERSION >= NTDDI_VISTA)
8896
8897typedef struct _PREFETCH_OPEN_ECP_CONTEXT {
8898 PVOID Context;
8899} PREFETCH_OPEN_ECP_CONTEXT, *PPREFETCH_OPEN_ECP_CONTEXT;
8900
8901DEFINE_GUID(GUID_ECP_PREFETCH_OPEN, 0xe1777b21, 0x847e, 0x4837, 0xaa, 0x45, 0x64, 0x16, 0x1d, 0x28, 0x6, 0x55);
8902
8903#endif /* (NTDDI_VERSION >= NTDDI_VISTA) */
8904
8905#if (NTDDI_VERSION >= NTDDI_WIN7)
8906
8907DEFINE_GUID (GUID_ECP_NFS_OPEN, 0xf326d30c, 0xe5f8, 0x4fe7, 0xab, 0x74, 0xf5, 0xa3, 0x19, 0x6d, 0x92, 0xdb);
8908DEFINE_GUID (GUID_ECP_SRV_OPEN, 0xbebfaebc, 0xaabf, 0x489d, 0x9d, 0x2c, 0xe9, 0xe3, 0x61, 0x10, 0x28, 0x53);
8909
8910typedef struct sockaddr_storage *PSOCKADDR_STORAGE_NFS;
8911
8912typedef struct _NFS_OPEN_ECP_CONTEXT {
8913 PUNICODE_STRING ExportAlias;
8914 PSOCKADDR_STORAGE_NFS ClientSocketAddress;
8915} NFS_OPEN_ECP_CONTEXT, *PNFS_OPEN_ECP_CONTEXT, **PPNFS_OPEN_ECP_CONTEXT;
8916
8917typedef struct _SRV_OPEN_ECP_CONTEXT {
8918 PUNICODE_STRING ShareName;
8919 PSOCKADDR_STORAGE_NFS SocketAddress;
8920 BOOLEAN OplockBlockState;
8921 BOOLEAN OplockAppState;
8922 BOOLEAN OplockFinalState;
8923} SRV_OPEN_ECP_CONTEXT, *PSRV_OPEN_ECP_CONTEXT;
8924
8925#endif /* (NTDDI_VERSION >= NTDDI_WIN7) */
8926
8927#define PIN_WAIT (1)
8928#define PIN_EXCLUSIVE (2)
8929#define PIN_NO_READ (4)
8930#define PIN_IF_BCB (8)
8931#define PIN_CALLER_TRACKS_DIRTY_DATA (32)
8932#define PIN_HIGH_PRIORITY (64)
8933
8934#define MAP_WAIT 1
8935#define MAP_NO_READ (16)
8936#define MAP_HIGH_PRIORITY (64)
8937
8938#define IOCTL_REDIR_QUERY_PATH CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 99, METHOD_NEITHER, FILE_ANY_ACCESS)
8939#define IOCTL_REDIR_QUERY_PATH_EX CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 100, METHOD_NEITHER, FILE_ANY_ACCESS)
8940
8941typedef struct _QUERY_PATH_REQUEST {
8942 ULONG PathNameLength;
8943 PIO_SECURITY_CONTEXT SecurityContext;
8944 WCHAR FilePathName[1];
8945} QUERY_PATH_REQUEST, *PQUERY_PATH_REQUEST;
8946
8947typedef struct _QUERY_PATH_REQUEST_EX {
8948 PIO_SECURITY_CONTEXT pSecurityContext;
8949 ULONG EaLength;
8950 PVOID pEaBuffer;
8951 UNICODE_STRING PathName;
8952 UNICODE_STRING DomainServiceName;
8953 ULONG_PTR Reserved[ 3 ];
8954} QUERY_PATH_REQUEST_EX, *PQUERY_PATH_REQUEST_EX;
8955
8956typedef struct _QUERY_PATH_RESPONSE {
8957 ULONG LengthAccepted;
8958} QUERY_PATH_RESPONSE, *PQUERY_PATH_RESPONSE;
8959
8960#define VOLSNAPCONTROLTYPE 0x00000053
8961#define IOCTL_VOLSNAP_FLUSH_AND_HOLD_WRITES CTL_CODE(VOLSNAPCONTROLTYPE, 0, METHOD_BUFFERED, FILE_READ_ACCESS | FILE_WRITE_ACCESS)
8962
8963/* FIXME : These definitions below don't belong here (or anywhere in ddk really) */
8964#pragma pack(push,4)
8965
8966#ifndef VER_PRODUCTBUILD
8967#define VER_PRODUCTBUILD 10000
8968#endif
8969
8970#include "csq.h"
8971
8972extern PACL SePublicDefaultDacl;
8973extern PACL SeSystemDefaultDacl;
8974
8975#define FS_LFN_APIS 0x00004000
8976
8977#define FILE_STORAGE_TYPE_SPECIFIED 0x00000041 /* FILE_DIRECTORY_FILE | FILE_NON_DIRECTORY_FILE */
8978#define FILE_STORAGE_TYPE_DEFAULT (StorageTypeDefault << FILE_STORAGE_TYPE_SHIFT)
8979#define FILE_STORAGE_TYPE_DIRECTORY (StorageTypeDirectory << FILE_STORAGE_TYPE_SHIFT)
8980#define FILE_STORAGE_TYPE_FILE (StorageTypeFile << FILE_STORAGE_TYPE_SHIFT)
8981#define FILE_STORAGE_TYPE_DOCFILE (StorageTypeDocfile << FILE_STORAGE_TYPE_SHIFT)
8982#define FILE_STORAGE_TYPE_JUNCTION_POINT (StorageTypeJunctionPoint << FILE_STORAGE_TYPE_SHIFT)
8983#define FILE_STORAGE_TYPE_CATALOG (StorageTypeCatalog << FILE_STORAGE_TYPE_SHIFT)
8984#define FILE_STORAGE_TYPE_STRUCTURED_STORAGE (StorageTypeStructuredStorage << FILE_STORAGE_TYPE_SHIFT)
8985#define FILE_STORAGE_TYPE_EMBEDDING (StorageTypeEmbedding << FILE_STORAGE_TYPE_SHIFT)
8986#define FILE_STORAGE_TYPE_STREAM (StorageTypeStream << FILE_STORAGE_TYPE_SHIFT)
8987#define FILE_MINIMUM_STORAGE_TYPE FILE_STORAGE_TYPE_DEFAULT
8988#define FILE_MAXIMUM_STORAGE_TYPE FILE_STORAGE_TYPE_STREAM
8989#define FILE_STORAGE_TYPE_MASK 0x000f0000
8990#define FILE_STORAGE_TYPE_SHIFT 16
8991
8992#define FILE_VC_QUOTAS_LOG_VIOLATIONS 0x00000004
8993
8994#ifdef _X86_
8995#define HARDWARE_PTE HARDWARE_PTE_X86
8996#define PHARDWARE_PTE PHARDWARE_PTE_X86
8997#endif
8998
8999#define IO_ATTACH_DEVICE_API 0x80000000
9000
9001#define IO_TYPE_APC 18
9002#define IO_TYPE_DPC 19
9003#define IO_TYPE_DEVICE_QUEUE 20
9004#define IO_TYPE_EVENT_PAIR 21
9005#define IO_TYPE_INTERRUPT 22
9006#define IO_TYPE_PROFILE 23
9007
9008#define IRP_BEING_VERIFIED 0x10
9009
9010#define MAILSLOT_CLASS_FIRSTCLASS 1
9011#define MAILSLOT_CLASS_SECONDCLASS 2
9012
9013#define MAILSLOT_SIZE_AUTO 0
9014
9015#define MEM_DOS_LIM 0x40000000
9016
9017#define OB_TYPE_TYPE 1
9018#define OB_TYPE_DIRECTORY 2
9019#define OB_TYPE_SYMBOLIC_LINK 3
9020#define OB_TYPE_TOKEN 4
9021#define OB_TYPE_PROCESS 5
9022#define OB_TYPE_THREAD 6
9023#define OB_TYPE_EVENT 7
9024#define OB_TYPE_EVENT_PAIR 8
9025#define OB_TYPE_MUTANT 9
9026#define OB_TYPE_SEMAPHORE 10
9027#define OB_TYPE_TIMER 11
9028#define OB_TYPE_PROFILE 12
9029#define OB_TYPE_WINDOW_STATION 13
9030#define OB_TYPE_DESKTOP 14
9031#define OB_TYPE_SECTION 15
9032#define OB_TYPE_KEY 16
9033#define OB_TYPE_PORT 17
9034#define OB_TYPE_ADAPTER 18
9035#define OB_TYPE_CONTROLLER 19
9036#define OB_TYPE_DEVICE 20
9037#define OB_TYPE_DRIVER 21
9038#define OB_TYPE_IO_COMPLETION 22
9039#define OB_TYPE_FILE 23
9040
9041#define SEC_BASED 0x00200000
9042
9043/* end winnt.h */
9044
9045#define TOKEN_HAS_ADMIN_GROUP 0x08
9046
9047#if (VER_PRODUCTBUILD >= 1381)
9048#define FSCTL_GET_HFS_INFORMATION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 31, METHOD_BUFFERED, FILE_ANY_ACCESS)
9049#endif /* (VER_PRODUCTBUILD >= 1381) */
9050
9051#if (VER_PRODUCTBUILD >= 2195)
9052
9053#define FSCTL_READ_PROPERTY_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 33, METHOD_NEITHER, FILE_ANY_ACCESS)
9054#define FSCTL_WRITE_PROPERTY_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 34, METHOD_NEITHER, FILE_ANY_ACCESS)
9055
9056#define FSCTL_DUMP_PROPERTY_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 37, METHOD_NEITHER, FILE_ANY_ACCESS)
9057
9058#define FSCTL_HSM_MSG CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 66, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA)
9059#define FSCTL_NSS_CONTROL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 67, METHOD_BUFFERED, FILE_WRITE_DATA)
9060#define FSCTL_HSM_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 68, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA)
9061#define FSCTL_NSS_RCONTROL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 70, METHOD_BUFFERED, FILE_READ_DATA)
9062#endif /* (VER_PRODUCTBUILD >= 2195) */
9063
9064#define FSCTL_NETWORK_SET_CONFIGURATION_INFO CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 102, METHOD_IN_DIRECT, FILE_ANY_ACCESS)
9065#define FSCTL_NETWORK_GET_CONFIGURATION_INFO CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 103, METHOD_OUT_DIRECT, FILE_ANY_ACCESS)
9066#define FSCTL_NETWORK_GET_CONNECTION_INFO CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 104, METHOD_NEITHER, FILE_ANY_ACCESS)
9067#define FSCTL_NETWORK_ENUMERATE_CONNECTIONS CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 105, METHOD_NEITHER, FILE_ANY_ACCESS)
9068#define FSCTL_NETWORK_DELETE_CONNECTION CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 107, METHOD_BUFFERED, FILE_ANY_ACCESS)
9069#define FSCTL_NETWORK_GET_STATISTICS CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 116, METHOD_BUFFERED, FILE_ANY_ACCESS)
9070#define FSCTL_NETWORK_SET_DOMAIN_NAME CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 120, METHOD_BUFFERED, FILE_ANY_ACCESS)
9071#define FSCTL_NETWORK_REMOTE_BOOT_INIT_SCRT CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 250, METHOD_BUFFERED, FILE_ANY_ACCESS)
9072
9073typedef enum _FILE_STORAGE_TYPE {
9074 StorageTypeDefault = 1,
9075 StorageTypeDirectory,
9076 StorageTypeFile,
9077 StorageTypeJunctionPoint,
9078 StorageTypeCatalog,
9079 StorageTypeStructuredStorage,
9080 StorageTypeEmbedding,
9081 StorageTypeStream
9082} FILE_STORAGE_TYPE;
9083
9084typedef struct _OBJECT_BASIC_INFORMATION
9085{
9086 ULONG Attributes;
9087 ACCESS_MASK GrantedAccess;
9088 ULONG HandleCount;
9089 ULONG PointerCount;
9090 ULONG PagedPoolCharge;
9091 ULONG NonPagedPoolCharge;
9092 ULONG Reserved[ 3 ];
9093 ULONG NameInfoSize;
9094 ULONG TypeInfoSize;
9095 ULONG SecurityDescriptorSize;
9096 LARGE_INTEGER CreationTime;
9097} OBJECT_BASIC_INFORMATION, *POBJECT_BASIC_INFORMATION;
9098
9099typedef struct _BITMAP_RANGE {
9100 LIST_ENTRY Links;
9101 LONGLONG BasePage;
9102 ULONG FirstDirtyPage;
9103 ULONG LastDirtyPage;
9104 ULONG DirtyPages;
9105 PULONG Bitmap;
9106} BITMAP_RANGE, *PBITMAP_RANGE;
9107
9108typedef struct _FILE_COPY_ON_WRITE_INFORMATION {
9109 BOOLEAN ReplaceIfExists;
9110 HANDLE RootDirectory;
9111 ULONG FileNameLength;
9112 WCHAR FileName[1];
9113} FILE_COPY_ON_WRITE_INFORMATION, *PFILE_COPY_ON_WRITE_INFORMATION;
9114
9115typedef struct _FILE_FULL_DIRECTORY_INFORMATION {
9116 ULONG NextEntryOffset;
9117 ULONG FileIndex;
9118 LARGE_INTEGER CreationTime;
9119 LARGE_INTEGER LastAccessTime;
9120 LARGE_INTEGER LastWriteTime;
9121 LARGE_INTEGER ChangeTime;
9122 LARGE_INTEGER EndOfFile;
9123 LARGE_INTEGER AllocationSize;
9124 ULONG FileAttributes;
9125 ULONG FileNameLength;
9126 ULONG EaSize;
9127 WCHAR FileName[ANYSIZE_ARRAY];
9128} FILE_FULL_DIRECTORY_INFORMATION, *PFILE_FULL_DIRECTORY_INFORMATION;
9129
9130/* raw internal file lock struct returned from FsRtlGetNextFileLock */
9131typedef struct _FILE_SHARED_LOCK_ENTRY {
9132 PVOID Unknown1;
9133 PVOID Unknown2;
9134 FILE_LOCK_INFO FileLock;
9135} FILE_SHARED_LOCK_ENTRY, *PFILE_SHARED_LOCK_ENTRY;
9136
9137/* raw internal file lock struct returned from FsRtlGetNextFileLock */
9138typedef struct _FILE_EXCLUSIVE_LOCK_ENTRY {
9139 LIST_ENTRY ListEntry;
9140 PVOID Unknown1;
9141 PVOID Unknown2;
9142 FILE_LOCK_INFO FileLock;
9143} FILE_EXCLUSIVE_LOCK_ENTRY, *PFILE_EXCLUSIVE_LOCK_ENTRY;
9144
9145typedef struct _FILE_MAILSLOT_PEEK_BUFFER {
9146 ULONG ReadDataAvailable;
9147 ULONG NumberOfMessages;
9148 ULONG MessageLength;
9149} FILE_MAILSLOT_PEEK_BUFFER, *PFILE_MAILSLOT_PEEK_BUFFER;
9150
9151typedef struct _FILE_OLE_CLASSID_INFORMATION {
9152 GUID ClassId;
9153} FILE_OLE_CLASSID_INFORMATION, *PFILE_OLE_CLASSID_INFORMATION;
9154
9155typedef struct _FILE_OLE_ALL_INFORMATION {
9156 FILE_BASIC_INFORMATION BasicInformation;
9157 FILE_STANDARD_INFORMATION StandardInformation;
9158 FILE_INTERNAL_INFORMATION InternalInformation;
9159 FILE_EA_INFORMATION EaInformation;
9160 FILE_ACCESS_INFORMATION AccessInformation;
9161 FILE_POSITION_INFORMATION PositionInformation;
9162 FILE_MODE_INFORMATION ModeInformation;
9163 FILE_ALIGNMENT_INFORMATION AlignmentInformation;
9164 USN LastChangeUsn;
9165 USN ReplicationUsn;
9166 LARGE_INTEGER SecurityChangeTime;
9167 FILE_OLE_CLASSID_INFORMATION OleClassIdInformation;
9168 FILE_OBJECTID_INFORMATION ObjectIdInformation;
9169 FILE_STORAGE_TYPE StorageType;
9170 ULONG OleStateBits;
9171 ULONG OleId;
9172 ULONG NumberOfStreamReferences;
9173 ULONG StreamIndex;
9174 ULONG SecurityId;
9175 BOOLEAN ContentIndexDisable;
9176 BOOLEAN InheritContentIndexDisable;
9177 FILE_NAME_INFORMATION NameInformation;
9178} FILE_OLE_ALL_INFORMATION, *PFILE_OLE_ALL_INFORMATION;
9179
9180typedef struct _FILE_OLE_DIR_INFORMATION {
9181 ULONG NextEntryOffset;
9182 ULONG FileIndex;
9183 LARGE_INTEGER CreationTime;
9184 LARGE_INTEGER LastAccessTime;
9185 LARGE_INTEGER LastWriteTime;
9186 LARGE_INTEGER ChangeTime;
9187 LARGE_INTEGER EndOfFile;
9188 LARGE_INTEGER AllocationSize;
9189 ULONG FileAttributes;
9190 ULONG FileNameLength;
9191 FILE_STORAGE_TYPE StorageType;
9192 GUID OleClassId;
9193 ULONG OleStateBits;
9194 BOOLEAN ContentIndexDisable;
9195 BOOLEAN InheritContentIndexDisable;
9196 WCHAR FileName[1];
9197} FILE_OLE_DIR_INFORMATION, *PFILE_OLE_DIR_INFORMATION;
9198
9199typedef struct _FILE_OLE_INFORMATION {
9200 LARGE_INTEGER SecurityChangeTime;
9201 FILE_OLE_CLASSID_INFORMATION OleClassIdInformation;
9202 FILE_OBJECTID_INFORMATION ObjectIdInformation;
9203 FILE_STORAGE_TYPE StorageType;
9204 ULONG OleStateBits;
9205 BOOLEAN ContentIndexDisable;
9206 BOOLEAN InheritContentIndexDisable;
9207} FILE_OLE_INFORMATION, *PFILE_OLE_INFORMATION;
9208
9209typedef struct _FILE_OLE_STATE_BITS_INFORMATION {
9210 ULONG StateBits;
9211 ULONG StateBitsMask;
9212} FILE_OLE_STATE_BITS_INFORMATION, *PFILE_OLE_STATE_BITS_INFORMATION;
9213
9214typedef struct _MAPPING_PAIR {
9215 ULONGLONG Vcn;
9216 ULONGLONG Lcn;
9217} MAPPING_PAIR, *PMAPPING_PAIR;
9218
9219typedef struct _GET_RETRIEVAL_DESCRIPTOR {
9220 ULONG NumberOfPairs;
9221 ULONGLONG StartVcn;
9222 MAPPING_PAIR Pair[1];
9223} GET_RETRIEVAL_DESCRIPTOR, *PGET_RETRIEVAL_DESCRIPTOR;
9224
9225typedef struct _MBCB {
9226 CSHORT NodeTypeCode;
9227 CSHORT NodeIsInZone;
9228 ULONG PagesToWrite;
9229 ULONG DirtyPages;
9230 ULONG Reserved;
9231 LIST_ENTRY BitmapRanges;
9232 LONGLONG ResumeWritePage;
9233 BITMAP_RANGE BitmapRange1;
9234 BITMAP_RANGE BitmapRange2;
9235 BITMAP_RANGE BitmapRange3;
9236} MBCB, *PMBCB;
9237
9238typedef struct _MOVEFILE_DESCRIPTOR {
9239 HANDLE FileHandle;
9240 ULONG Reserved;
9241 LARGE_INTEGER StartVcn;
9242 LARGE_INTEGER TargetLcn;
9243 ULONG NumVcns;
9244 ULONG Reserved1;
9245} MOVEFILE_DESCRIPTOR, *PMOVEFILE_DESCRIPTOR;
9246
9247typedef struct _OBJECT_BASIC_INFO {
9248 ULONG Attributes;
9249 ACCESS_MASK GrantedAccess;
9250 ULONG HandleCount;
9251 ULONG ReferenceCount;
9252 ULONG PagedPoolUsage;
9253 ULONG NonPagedPoolUsage;
9254 ULONG Reserved[3];
9255 ULONG NameInformationLength;
9256 ULONG TypeInformationLength;
9257 ULONG SecurityDescriptorLength;
9258 LARGE_INTEGER CreateTime;
9259} OBJECT_BASIC_INFO, *POBJECT_BASIC_INFO;
9260
9261typedef struct _OBJECT_HANDLE_ATTRIBUTE_INFO {
9262 BOOLEAN Inherit;
9263 BOOLEAN ProtectFromClose;
9264} OBJECT_HANDLE_ATTRIBUTE_INFO, *POBJECT_HANDLE_ATTRIBUTE_INFO;
9265
9266typedef struct _OBJECT_NAME_INFO {
9267 UNICODE_STRING ObjectName;
9268 WCHAR ObjectNameBuffer[1];
9269} OBJECT_NAME_INFO, *POBJECT_NAME_INFO;
9270
9271typedef struct _OBJECT_PROTECTION_INFO {
9272 BOOLEAN Inherit;
9273 BOOLEAN ProtectHandle;
9274} OBJECT_PROTECTION_INFO, *POBJECT_PROTECTION_INFO;
9275
9276typedef struct _OBJECT_TYPE_INFO {
9277 UNICODE_STRING ObjectTypeName;
9278 UCHAR Unknown[0x58];
9279 WCHAR ObjectTypeNameBuffer[1];
9280} OBJECT_TYPE_INFO, *POBJECT_TYPE_INFO;
9281
9282typedef struct _OBJECT_ALL_TYPES_INFO {
9283 ULONG NumberOfObjectTypes;
9284 OBJECT_TYPE_INFO ObjectsTypeInfo[1];
9285} OBJECT_ALL_TYPES_INFO, *POBJECT_ALL_TYPES_INFO;
9286
9287#if defined(USE_LPC6432)
9288#define LPC_CLIENT_ID CLIENT_ID64
9289#define LPC_SIZE_T ULONGLONG
9290#define LPC_PVOID ULONGLONG
9291#define LPC_HANDLE ULONGLONG
9292#else
9293#define LPC_CLIENT_ID CLIENT_ID
9294#define LPC_SIZE_T SIZE_T
9295#define LPC_PVOID PVOID
9296#define LPC_HANDLE HANDLE
9297#endif
9298
9299typedef struct _PORT_MESSAGE
9300{
9301 union
9302 {
9303 struct
9304 {
9305 CSHORT DataLength;
9306 CSHORT TotalLength;
9307 } s1;
9308 ULONG Length;
9309 } u1;
9310 union
9311 {
9312 struct
9313 {
9314 CSHORT Type;
9315 CSHORT DataInfoOffset;
9316 } s2;
9317 ULONG ZeroInit;
9318 } u2;
9319 __GNU_EXTENSION union
9320 {
9321 LPC_CLIENT_ID ClientId;
9322 double DoNotUseThisField;
9323 };
9324 ULONG MessageId;
9325 __GNU_EXTENSION union
9326 {
9327 LPC_SIZE_T ClientViewSize;
9328 ULONG CallbackId;
9329 };
9330} PORT_MESSAGE, *PPORT_MESSAGE;
9331
9332#define LPC_KERNELMODE_MESSAGE (CSHORT)((USHORT)0x8000)
9333
9334typedef struct _PORT_VIEW
9335{
9336 ULONG Length;
9337 LPC_HANDLE SectionHandle;
9338 ULONG SectionOffset;
9339 LPC_SIZE_T ViewSize;
9340 LPC_PVOID ViewBase;
9341 LPC_PVOID ViewRemoteBase;
9342} PORT_VIEW, *PPORT_VIEW;
9343
9344typedef struct _REMOTE_PORT_VIEW
9345{
9346 ULONG Length;
9347 LPC_SIZE_T ViewSize;
9348 LPC_PVOID ViewBase;
9349} REMOTE_PORT_VIEW, *PREMOTE_PORT_VIEW;
9350
9351typedef struct _VAD_HEADER {
9352 PVOID StartVPN;
9353 PVOID EndVPN;
9354 struct _VAD_HEADER* ParentLink;
9355 struct _VAD_HEADER* LeftLink;
9356 struct _VAD_HEADER* RightLink;
9357 ULONG Flags; /* LSB = CommitCharge */
9358 PVOID ControlArea;
9359 PVOID FirstProtoPte;
9360 PVOID LastPTE;
9361 ULONG Unknown;
9362 LIST_ENTRY Secured;
9363} VAD_HEADER, *PVAD_HEADER;
9364
9365NTKERNELAPI
9366LARGE_INTEGER
9367NTAPI
9368CcGetLsnForFileObject (
9369 IN PFILE_OBJECT FileObject,
9370 OUT PLARGE_INTEGER OldestLsn OPTIONAL
9371);
9372
9373NTKERNELAPI
9374PVOID
9375NTAPI
9376FsRtlAllocatePool (
9377 IN POOL_TYPE PoolType,
9378 IN ULONG NumberOfBytes
9379);
9380
9381NTKERNELAPI
9382PVOID
9383NTAPI
9384FsRtlAllocatePoolWithQuota (
9385 IN POOL_TYPE PoolType,
9386 IN ULONG NumberOfBytes
9387);
9388
9389NTKERNELAPI
9390PVOID
9391NTAPI
9392FsRtlAllocatePoolWithQuotaTag (
9393 IN POOL_TYPE PoolType,
9394 IN ULONG NumberOfBytes,
9395 IN ULONG Tag
9396);
9397
9398NTKERNELAPI
9399PVOID
9400NTAPI
9401FsRtlAllocatePoolWithTag (
9402 IN POOL_TYPE PoolType,
9403 IN ULONG NumberOfBytes,
9404 IN ULONG Tag
9405);
9406
9407NTKERNELAPI
9408BOOLEAN
9409NTAPI
9410FsRtlIsFatDbcsLegal (
9411 IN ANSI_STRING DbcsName,
9412 IN BOOLEAN WildCardsPermissible,
9413 IN BOOLEAN PathNamePermissible,
9414 IN BOOLEAN LeadingBackslashPermissible
9415);
9416
9417NTKERNELAPI
9418BOOLEAN
9419NTAPI
9420FsRtlMdlReadComplete (
9421 IN PFILE_OBJECT FileObject,
9422 IN PMDL MdlChain
9423);
9424
9425NTKERNELAPI
9426BOOLEAN
9427NTAPI
9428FsRtlMdlWriteComplete (
9429 IN PFILE_OBJECT FileObject,
9430 IN PLARGE_INTEGER FileOffset,
9431 IN PMDL MdlChain
9432);
9433
9434NTKERNELAPI
9435VOID
9436NTAPI
9437FsRtlNotifyChangeDirectory (
9438 IN PNOTIFY_SYNC NotifySync,
9439 IN PVOID FsContext,
9440 IN PSTRING FullDirectoryName,
9441 IN PLIST_ENTRY NotifyList,
9442 IN BOOLEAN WatchTree,
9443 IN ULONG CompletionFilter,
9444 IN PIRP NotifyIrp
9445);
9446
9447NTKERNELAPI
9448NTSTATUS
9449NTAPI
9450ObCreateObject (
9451 IN KPROCESSOR_MODE ObjectAttributesAccessMode OPTIONAL,
9452 IN POBJECT_TYPE ObjectType,
9453 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
9454 IN KPROCESSOR_MODE AccessMode,
9455 IN OUT PVOID ParseContext OPTIONAL,
9456 IN ULONG ObjectSize,
9457 IN ULONG PagedPoolCharge OPTIONAL,
9458 IN ULONG NonPagedPoolCharge OPTIONAL,
9459 OUT PVOID *Object
9460);
9461
9462NTKERNELAPI
9463ULONG
9464NTAPI
9465ObGetObjectPointerCount (
9466 IN PVOID Object
9467);
9468
9469NTKERNELAPI
9470NTSTATUS
9471NTAPI
9472ObReferenceObjectByName (
9473 IN PUNICODE_STRING ObjectName,
9474 IN ULONG Attributes,
9475 IN PACCESS_STATE PassedAccessState OPTIONAL,
9476 IN ACCESS_MASK DesiredAccess OPTIONAL,
9477 IN POBJECT_TYPE ObjectType,
9478 IN KPROCESSOR_MODE AccessMode,
9479 IN OUT PVOID ParseContext OPTIONAL,
9480 OUT PVOID *Object
9481);
9482
9483#define PsDereferenceImpersonationToken(T) \
9484 {if (ARGUMENT_PRESENT(T)) { \
9485 (ObDereferenceObject((T))); \
9486 } else { \
9487 ; \
9488 } \
9489}
9490
9491NTKERNELAPI
9492NTSTATUS
9493NTAPI
9494PsLookupProcessThreadByCid (
9495 IN PCLIENT_ID Cid,
9496 OUT PEPROCESS *Process OPTIONAL,
9497 OUT PETHREAD *Thread
9498);
9499
9500NTSYSAPI
9501NTSTATUS
9502NTAPI
9503RtlSetSaclSecurityDescriptor (
9504 IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor,
9505 IN BOOLEAN SaclPresent,
9506 IN PACL Sacl,
9507 IN BOOLEAN SaclDefaulted
9508);
9509
9510#define SeEnableAccessToExports() SeExports = *(PSE_EXPORTS *)SeExports;
9511
9512#if (VER_PRODUCTBUILD >= 2195)
9513
9514NTSYSAPI
9515NTSTATUS
9516NTAPI
9517ZwAdjustPrivilegesToken (
9518 IN HANDLE TokenHandle,
9519 IN BOOLEAN DisableAllPrivileges,
9520 IN PTOKEN_PRIVILEGES NewState,
9521 IN ULONG BufferLength,
9522 OUT PTOKEN_PRIVILEGES PreviousState OPTIONAL,
9523 OUT PULONG ReturnLength
9524);
9525
9526#endif /* (VER_PRODUCTBUILD >= 2195) */
9527
9528NTSYSAPI
9529NTSTATUS
9530NTAPI
9531ZwAlertThread (
9532 IN HANDLE ThreadHandle
9533);
9534
9535NTSYSAPI
9536NTSTATUS
9537NTAPI
9538ZwAccessCheckAndAuditAlarm (
9539 IN PUNICODE_STRING SubsystemName,
9540 IN PVOID HandleId,
9541 IN PUNICODE_STRING ObjectTypeName,
9542 IN PUNICODE_STRING ObjectName,
9543 IN PSECURITY_DESCRIPTOR SecurityDescriptor,
9544 IN ACCESS_MASK DesiredAccess,
9545 IN PGENERIC_MAPPING GenericMapping,
9546 IN BOOLEAN ObjectCreation,
9547 OUT PACCESS_MASK GrantedAccess,
9548 OUT PBOOLEAN AccessStatus,
9549 OUT PBOOLEAN GenerateOnClose
9550);
9551
9552#if (VER_PRODUCTBUILD >= 2195)
9553
9554NTSYSAPI
9555NTSTATUS
9556NTAPI
9557ZwCancelIoFile (
9558 IN HANDLE FileHandle,
9559 OUT PIO_STATUS_BLOCK IoStatusBlock
9560);
9561
9562#endif /* (VER_PRODUCTBUILD >= 2195) */
9563
9564NTSYSAPI
9565NTSTATUS
9566NTAPI
9567ZwClearEvent (
9568 IN HANDLE EventHandle
9569);
9570
9571NTSYSAPI
9572NTSTATUS
9573NTAPI
9574ZwCloseObjectAuditAlarm (
9575 IN PUNICODE_STRING SubsystemName,
9576 IN PVOID HandleId,
9577 IN BOOLEAN GenerateOnClose
9578);
9579
9580NTSYSAPI
9581NTSTATUS
9582NTAPI
9583ZwCreateSymbolicLinkObject (
9584 OUT PHANDLE SymbolicLinkHandle,
9585 IN ACCESS_MASK DesiredAccess,
9586 IN POBJECT_ATTRIBUTES ObjectAttributes,
9587 IN PUNICODE_STRING TargetName
9588);
9589
9590NTSYSAPI
9591NTSTATUS
9592NTAPI
9593ZwFlushInstructionCache (
9594 IN HANDLE ProcessHandle,
9595 IN PVOID BaseAddress OPTIONAL,
9596 IN ULONG FlushSize
9597);
9598
9599NTSYSAPI
9600NTSTATUS
9601NTAPI
9602ZwFlushBuffersFile(
9603 IN HANDLE FileHandle,
9604 OUT PIO_STATUS_BLOCK IoStatusBlock
9605);
9606
9607#if (VER_PRODUCTBUILD >= 2195)
9608
9609NTSYSAPI
9610NTSTATUS
9611NTAPI
9612ZwInitiatePowerAction (
9613 IN POWER_ACTION SystemAction,
9614 IN SYSTEM_POWER_STATE MinSystemState,
9615 IN ULONG Flags,
9616 IN BOOLEAN Asynchronous
9617);
9618
9619#endif /* (VER_PRODUCTBUILD >= 2195) */
9620
9621NTSYSAPI
9622NTSTATUS
9623NTAPI
9624ZwLoadKey (
9625 IN POBJECT_ATTRIBUTES KeyObjectAttributes,
9626 IN POBJECT_ATTRIBUTES FileObjectAttributes
9627);
9628
9629NTSYSAPI
9630NTSTATUS
9631NTAPI
9632ZwOpenProcessToken (
9633 IN HANDLE ProcessHandle,
9634 IN ACCESS_MASK DesiredAccess,
9635 OUT PHANDLE TokenHandle
9636);
9637
9638NTSYSAPI
9639NTSTATUS
9640NTAPI
9641ZwOpenThread (
9642 OUT PHANDLE ThreadHandle,
9643 IN ACCESS_MASK DesiredAccess,
9644 IN POBJECT_ATTRIBUTES ObjectAttributes,
9645 IN PCLIENT_ID ClientId
9646);
9647
9648NTSYSAPI
9649NTSTATUS
9650NTAPI
9651ZwOpenThreadToken (
9652 IN HANDLE ThreadHandle,
9653 IN ACCESS_MASK DesiredAccess,
9654 IN BOOLEAN OpenAsSelf,
9655 OUT PHANDLE TokenHandle
9656);
9657
9658NTSYSAPI
9659NTSTATUS
9660NTAPI
9661ZwPulseEvent (
9662 IN HANDLE EventHandle,
9663 OUT PLONG PreviousState OPTIONAL
9664);
9665
9666NTSYSAPI
9667NTSTATUS
9668NTAPI
9669ZwQueryDefaultLocale (
9670 IN BOOLEAN ThreadOrSystem,
9671 OUT PLCID Locale
9672);
9673
9674#if (VER_PRODUCTBUILD >= 2195)
9675
9676NTSYSAPI
9677NTSTATUS
9678NTAPI
9679ZwQueryDirectoryObject (
9680 IN HANDLE DirectoryHandle,
9681 OUT PVOID Buffer,
9682 IN ULONG Length,
9683 IN BOOLEAN ReturnSingleEntry,
9684 IN BOOLEAN RestartScan,
9685 IN OUT PULONG Context,
9686 OUT PULONG ReturnLength OPTIONAL
9687);
9688
9689#endif /* (VER_PRODUCTBUILD >= 2195) */
9690
9691NTSYSAPI
9692NTSTATUS
9693NTAPI
9694ZwQueryInformationProcess (
9695 IN HANDLE ProcessHandle,
9696 IN PROCESSINFOCLASS ProcessInformationClass,
9697 OUT PVOID ProcessInformation,
9698 IN ULONG ProcessInformationLength,
9699 OUT PULONG ReturnLength OPTIONAL
9700);
9701
9702NTSYSAPI
9703NTSTATUS
9704NTAPI
9705ZwReplaceKey (
9706 IN POBJECT_ATTRIBUTES NewFileObjectAttributes,
9707 IN HANDLE KeyHandle,
9708 IN POBJECT_ATTRIBUTES OldFileObjectAttributes
9709);
9710
9711NTSYSAPI
9712NTSTATUS
9713NTAPI
9714ZwResetEvent (
9715 IN HANDLE EventHandle,
9716 OUT PLONG PreviousState OPTIONAL
9717);
9718
9719#if (VER_PRODUCTBUILD >= 2195)
9720
9721NTSYSAPI
9722NTSTATUS
9723NTAPI
9724ZwRestoreKey (
9725 IN HANDLE KeyHandle,
9726 IN HANDLE FileHandle,
9727 IN ULONG Flags
9728);
9729
9730#endif /* (VER_PRODUCTBUILD >= 2195) */
9731
9732NTSYSAPI
9733NTSTATUS
9734NTAPI
9735ZwSaveKey (
9736 IN HANDLE KeyHandle,
9737 IN HANDLE FileHandle
9738);
9739
9740NTSYSAPI
9741NTSTATUS
9742NTAPI
9743ZwSetDefaultLocale (
9744 IN BOOLEAN ThreadOrSystem,
9745 IN LCID Locale
9746);
9747
9748#if (VER_PRODUCTBUILD >= 2195)
9749
9750NTSYSAPI
9751NTSTATUS
9752NTAPI
9753ZwSetDefaultUILanguage (
9754 IN LANGID LanguageId
9755);
9756
9757#endif /* (VER_PRODUCTBUILD >= 2195) */
9758
9759NTSYSAPI
9760NTSTATUS
9761NTAPI
9762ZwSetInformationProcess (
9763 IN HANDLE ProcessHandle,
9764 IN PROCESSINFOCLASS ProcessInformationClass,
9765 IN PVOID ProcessInformation,
9766 IN ULONG ProcessInformationLength
9767);
9768
9769NTSYSAPI
9770NTSTATUS
9771NTAPI
9772ZwSetSystemTime (
9773 IN PLARGE_INTEGER NewTime,
9774 OUT PLARGE_INTEGER OldTime OPTIONAL
9775);
9776
9777NTSYSAPI
9778NTSTATUS
9779NTAPI
9780ZwUnloadKey (
9781 IN POBJECT_ATTRIBUTES KeyObjectAttributes
9782);
9783
9784NTSYSAPI
9785NTSTATUS
9786NTAPI
9787ZwWaitForMultipleObjects (
9788 IN ULONG HandleCount,
9789 IN PHANDLE Handles,
9790 IN WAIT_TYPE WaitType,
9791 IN BOOLEAN Alertable,
9792 IN PLARGE_INTEGER Timeout OPTIONAL
9793);
9794
9795NTSYSAPI
9796NTSTATUS
9797NTAPI
9798ZwYieldExecution (
9799 VOID
9800);
9801
9802#pragma pack(pop)
9803
9804#ifdef __cplusplus
9805}
9806#endif