source: Daodan/MinGW/include/ddk/ntifs.h@ 1132

Last change on this file since 1132 was 1046, checked in by alloc, 8 years ago

Daodan: Added Windows MinGW and build batch file

File size: 140.3 KB
Line 
1/*
2 * ntifs.h
3 *
4 * Windows NT Filesystem Driver Developer Kit
5 *
6 * This file is part of the w32api package.
7 *
8 * Contributors:
9 * Created by Bo Brantén <bosse@acc.umu.se>
10 *
11 * THIS SOFTWARE IS NOT COPYRIGHTED
12 *
13 * This source code is offered for use in the public domain. You may
14 * use, modify or distribute it freely.
15 *
16 * This code is distributed in the hope that it will be useful but
17 * WITHOUT ANY WARRANTY. ALL WARRANTIES, EXPRESS OR IMPLIED ARE HEREBY
18 * DISCLAIMED. This includes but is not limited to warranties of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
20 *
21 */
22
23#ifndef _NTIFS_
24#define _NTIFS_
25#define _GNU_NTIFS_
26
27#if __GNUC__ >= 3
28#pragma GCC system_header
29#endif
30
31#ifdef __cplusplus
32extern "C" {
33#endif
34
35#include "ntddk.h"
36#include "ntapi.h"
37
38#define VER_PRODUCTBUILD 10000
39
40#ifndef NTSYSAPI
41#define NTSYSAPI
42#endif
43
44#ifndef NTKERNELAPI
45#define NTKERNELAPI STDCALL
46#endif
47
48typedef struct _SE_EXPORTS *PSE_EXPORTS;
49
50extern PUCHAR *FsRtlLegalAnsiCharacterArray;
51extern PSE_EXPORTS SeExports;
52extern PACL SePublicDefaultDacl;
53extern PACL SeSystemDefaultDacl;
54
55#define ANSI_DOS_STAR ('<')
56#define ANSI_DOS_QM ('>')
57#define ANSI_DOS_DOT ('"')
58
59#define DOS_STAR (L'<')
60#define DOS_QM (L'>')
61#define DOS_DOT (L'"')
62
63/* also in winnt.h */
64#define ACCESS_ALLOWED_ACE_TYPE (0x0)
65#define ACCESS_DENIED_ACE_TYPE (0x1)
66#define SYSTEM_AUDIT_ACE_TYPE (0x2)
67#define SYSTEM_ALARM_ACE_TYPE (0x3)
68
69#define COMPRESSION_FORMAT_NONE (0x0000)
70#define COMPRESSION_FORMAT_DEFAULT (0x0001)
71#define COMPRESSION_FORMAT_LZNT1 (0x0002)
72#define COMPRESSION_ENGINE_STANDARD (0x0000)
73#define COMPRESSION_ENGINE_MAXIMUM (0x0100)
74#define COMPRESSION_ENGINE_HIBER (0x0200)
75
76#define FILE_ACTION_ADDED 0x00000001
77#define FILE_ACTION_REMOVED 0x00000002
78#define FILE_ACTION_MODIFIED 0x00000003
79#define FILE_ACTION_RENAMED_OLD_NAME 0x00000004
80#define FILE_ACTION_RENAMED_NEW_NAME 0x00000005
81#define FILE_ACTION_ADDED_STREAM 0x00000006
82#define FILE_ACTION_REMOVED_STREAM 0x00000007
83#define FILE_ACTION_MODIFIED_STREAM 0x00000008
84#define FILE_ACTION_REMOVED_BY_DELETE 0x00000009
85#define FILE_ACTION_ID_NOT_TUNNELLED 0x0000000A
86#define FILE_ACTION_TUNNELLED_ID_COLLISION 0x0000000B
87/* end winnt.h */
88
89#define FILE_EA_TYPE_BINARY 0xfffe
90#define FILE_EA_TYPE_ASCII 0xfffd
91#define FILE_EA_TYPE_BITMAP 0xfffb
92#define FILE_EA_TYPE_METAFILE 0xfffa
93#define FILE_EA_TYPE_ICON 0xfff9
94#define FILE_EA_TYPE_EA 0xffee
95#define FILE_EA_TYPE_MVMT 0xffdf
96#define FILE_EA_TYPE_MVST 0xffde
97#define FILE_EA_TYPE_ASN1 0xffdd
98#define FILE_EA_TYPE_FAMILY_IDS 0xff01
99
100#define FILE_NEED_EA 0x00000080
101
102/* also in winnt.h */
103#define FILE_NOTIFY_CHANGE_FILE_NAME 0x00000001
104#define FILE_NOTIFY_CHANGE_DIR_NAME 0x00000002
105#define FILE_NOTIFY_CHANGE_NAME 0x00000003
106#define FILE_NOTIFY_CHANGE_ATTRIBUTES 0x00000004
107#define FILE_NOTIFY_CHANGE_SIZE 0x00000008
108#define FILE_NOTIFY_CHANGE_LAST_WRITE 0x00000010
109#define FILE_NOTIFY_CHANGE_LAST_ACCESS 0x00000020
110#define FILE_NOTIFY_CHANGE_CREATION 0x00000040
111#define FILE_NOTIFY_CHANGE_EA 0x00000080
112#define FILE_NOTIFY_CHANGE_SECURITY 0x00000100
113#define FILE_NOTIFY_CHANGE_STREAM_NAME 0x00000200
114#define FILE_NOTIFY_CHANGE_STREAM_SIZE 0x00000400
115#define FILE_NOTIFY_CHANGE_STREAM_WRITE 0x00000800
116#define FILE_NOTIFY_VALID_MASK 0x00000fff
117/* end winnt.h */
118
119#define FILE_OPLOCK_BROKEN_TO_LEVEL_2 0x00000007
120#define FILE_OPLOCK_BROKEN_TO_NONE 0x00000008
121
122#define FILE_OPBATCH_BREAK_UNDERWAY 0x00000009
123
124#define FILE_CASE_SENSITIVE_SEARCH 0x00000001
125#define FILE_CASE_PRESERVED_NAMES 0x00000002
126#define FILE_UNICODE_ON_DISK 0x00000004
127#define FILE_PERSISTENT_ACLS 0x00000008
128#define FILE_FILE_COMPRESSION 0x00000010
129#define FILE_VOLUME_QUOTAS 0x00000020
130#define FILE_SUPPORTS_SPARSE_FILES 0x00000040
131#define FILE_SUPPORTS_REPARSE_POINTS 0x00000080
132#define FILE_SUPPORTS_REMOTE_STORAGE 0x00000100
133#define FS_LFN_APIS 0x00004000
134#define FILE_VOLUME_IS_COMPRESSED 0x00008000
135#define FILE_SUPPORTS_OBJECT_IDS 0x00010000
136#define FILE_SUPPORTS_ENCRYPTION 0x00020000
137#define FILE_NAMED_STREAMS 0x00040000
138#define FILE_READ_ONLY_VOLUME 0x00080000
139#define FILE_SEQUENTIAL_WRITE_ONCE 0x00100000
140#define FILE_SUPPORTS_TRANSACTIONS 0x00200000
141/* Note: These flags only have a meaning starting with Windows 7/2008 R2.
142 Their absence on older OSes does NOT mean that a filesystem is missing
143 that property. */
144#define FILE_SUPPORTS_HARD_LINKS 0x00400000
145#define FILE_SUPPORTS_EXTENDED_ATTRIBUTES 0x00800000
146#define FILE_SUPPORTS_OPEN_BY_FILE_ID 0x01000000
147#define FILE_SUPPORTS_USN_JOURNAL 0x02000000
148
149#define FILE_PIPE_BYTE_STREAM_TYPE 0x00000000
150#define FILE_PIPE_MESSAGE_TYPE 0x00000001
151
152#define FILE_PIPE_BYTE_STREAM_MODE 0x00000000
153#define FILE_PIPE_MESSAGE_MODE 0x00000001
154
155#define FILE_PIPE_QUEUE_OPERATION 0x00000000
156#define FILE_PIPE_COMPLETE_OPERATION 0x00000001
157
158#define FILE_PIPE_INBOUND 0x00000000
159#define FILE_PIPE_OUTBOUND 0x00000001
160#define FILE_PIPE_FULL_DUPLEX 0x00000002
161
162#define FILE_PIPE_DISCONNECTED_STATE 0x00000001
163#define FILE_PIPE_LISTENING_STATE 0x00000002
164#define FILE_PIPE_CONNECTED_STATE 0x00000003
165#define FILE_PIPE_CLOSING_STATE 0x00000004
166
167#define FILE_PIPE_CLIENT_END 0x00000000
168#define FILE_PIPE_SERVER_END 0x00000001
169
170#define FILE_PIPE_READ_DATA 0x00000000
171#define FILE_PIPE_WRITE_SPACE 0x00000001
172
173#define FILE_STORAGE_TYPE_SPECIFIED 0x00000041 /* FILE_DIRECTORY_FILE | FILE_NON_DIRECTORY_FILE */
174#define FILE_STORAGE_TYPE_DEFAULT (StorageTypeDefault << FILE_STORAGE_TYPE_SHIFT)
175#define FILE_STORAGE_TYPE_DIRECTORY (StorageTypeDirectory << FILE_STORAGE_TYPE_SHIFT)
176#define FILE_STORAGE_TYPE_FILE (StorageTypeFile << FILE_STORAGE_TYPE_SHIFT)
177#define FILE_STORAGE_TYPE_DOCFILE (StorageTypeDocfile << FILE_STORAGE_TYPE_SHIFT)
178#define FILE_STORAGE_TYPE_JUNCTION_POINT (StorageTypeJunctionPoint << FILE_STORAGE_TYPE_SHIFT)
179#define FILE_STORAGE_TYPE_CATALOG (StorageTypeCatalog << FILE_STORAGE_TYPE_SHIFT)
180#define FILE_STORAGE_TYPE_STRUCTURED_STORAGE (StorageTypeStructuredStorage << FILE_STORAGE_TYPE_SHIFT)
181#define FILE_STORAGE_TYPE_EMBEDDING (StorageTypeEmbedding << FILE_STORAGE_TYPE_SHIFT)
182#define FILE_STORAGE_TYPE_STREAM (StorageTypeStream << FILE_STORAGE_TYPE_SHIFT)
183#define FILE_MINIMUM_STORAGE_TYPE FILE_STORAGE_TYPE_DEFAULT
184#define FILE_MAXIMUM_STORAGE_TYPE FILE_STORAGE_TYPE_STREAM
185#define FILE_STORAGE_TYPE_MASK 0x000f0000
186#define FILE_STORAGE_TYPE_SHIFT 16
187
188#define FILE_VC_QUOTA_NONE 0x00000000
189#define FILE_VC_QUOTA_TRACK 0x00000001
190#define FILE_VC_QUOTA_ENFORCE 0x00000002
191#define FILE_VC_QUOTA_MASK 0x00000003
192
193#define FILE_VC_QUOTAS_LOG_VIOLATIONS 0x00000004
194#define FILE_VC_CONTENT_INDEX_DISABLED 0x00000008
195
196#define FILE_VC_LOG_QUOTA_THRESHOLD 0x00000010
197#define FILE_VC_LOG_QUOTA_LIMIT 0x00000020
198#define FILE_VC_LOG_VOLUME_THRESHOLD 0x00000040
199#define FILE_VC_LOG_VOLUME_LIMIT 0x00000080
200
201#define FILE_VC_QUOTAS_INCOMPLETE 0x00000100
202#define FILE_VC_QUOTAS_REBUILDING 0x00000200
203
204#define FILE_VC_VALID_MASK 0x000003ff
205
206#define FSRTL_FLAG_FILE_MODIFIED (0x01)
207#define FSRTL_FLAG_FILE_LENGTH_CHANGED (0x02)
208#define FSRTL_FLAG_LIMIT_MODIFIED_PAGES (0x04)
209#define FSRTL_FLAG_ACQUIRE_MAIN_RSRC_EX (0x08)
210#define FSRTL_FLAG_ACQUIRE_MAIN_RSRC_SH (0x10)
211#define FSRTL_FLAG_USER_MAPPED_FILE (0x20)
212#define FSRTL_FLAG_EOF_ADVANCE_ACTIVE (0x80)
213
214#define FSRTL_FLAG2_DO_MODIFIED_WRITE (0x01)
215
216#define FSRTL_FSP_TOP_LEVEL_IRP (0x01)
217#define FSRTL_CACHE_TOP_LEVEL_IRP (0x02)
218#define FSRTL_MOD_WRITE_TOP_LEVEL_IRP (0x03)
219#define FSRTL_FAST_IO_TOP_LEVEL_IRP (0x04)
220#define FSRTL_MAX_TOP_LEVEL_IRP_FLAG (0x04)
221
222#define FSRTL_VOLUME_DISMOUNT 1
223#define FSRTL_VOLUME_DISMOUNT_FAILED 2
224#define FSRTL_VOLUME_LOCK 3
225#define FSRTL_VOLUME_LOCK_FAILED 4
226#define FSRTL_VOLUME_UNLOCK 5
227#define FSRTL_VOLUME_MOUNT 6
228
229#define FSRTL_WILD_CHARACTER 0x08
230
231#ifdef _X86_
232#define HARDWARE_PTE HARDWARE_PTE_X86
233#define PHARDWARE_PTE PHARDWARE_PTE_X86
234#else
235#define HARDWARE_PTE ULONG
236#define PHARDWARE_PTE PULONG
237#endif
238
239#define IO_CHECK_CREATE_PARAMETERS 0x0200
240#define IO_ATTACH_DEVICE 0x0400
241
242#define IO_ATTACH_DEVICE_API 0x80000000
243/* also in winnt.h */
244#define IO_COMPLETION_QUERY_STATE 0x0001
245#define IO_COMPLETION_MODIFY_STATE 0x0002
246#define IO_COMPLETION_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED|SYNCHRONIZE|0x3)
247/* end winnt.h */
248#define IO_FILE_OBJECT_NON_PAGED_POOL_CHARGE 64
249#define IO_FILE_OBJECT_PAGED_POOL_CHARGE 1024
250
251#define IO_TYPE_APC 18
252#define IO_TYPE_DPC 19
253#define IO_TYPE_DEVICE_QUEUE 20
254#define IO_TYPE_EVENT_PAIR 21
255#define IO_TYPE_INTERRUPT 22
256#define IO_TYPE_PROFILE 23
257
258#define IRP_BEING_VERIFIED 0x10
259
260#define MAILSLOT_CLASS_FIRSTCLASS 1
261#define MAILSLOT_CLASS_SECONDCLASS 2
262
263#define MAILSLOT_SIZE_AUTO 0
264
265#define MAP_PROCESS 1L
266#define MAP_SYSTEM 2L
267#define MEM_DOS_LIM 0x40000000
268/* also in winnt.h */
269#define MEM_IMAGE SEC_IMAGE
270/* end winnt.h */
271#define OB_TYPE_TYPE 1
272#define OB_TYPE_DIRECTORY 2
273#define OB_TYPE_SYMBOLIC_LINK 3
274#define OB_TYPE_TOKEN 4
275#define OB_TYPE_PROCESS 5
276#define OB_TYPE_THREAD 6
277#define OB_TYPE_EVENT 7
278#define OB_TYPE_EVENT_PAIR 8
279#define OB_TYPE_MUTANT 9
280#define OB_TYPE_SEMAPHORE 10
281#define OB_TYPE_TIMER 11
282#define OB_TYPE_PROFILE 12
283#define OB_TYPE_WINDOW_STATION 13
284#define OB_TYPE_DESKTOP 14
285#define OB_TYPE_SECTION 15
286#define OB_TYPE_KEY 16
287#define OB_TYPE_PORT 17
288#define OB_TYPE_ADAPTER 18
289#define OB_TYPE_CONTROLLER 19
290#define OB_TYPE_DEVICE 20
291#define OB_TYPE_DRIVER 21
292#define OB_TYPE_IO_COMPLETION 22
293#define OB_TYPE_FILE 23
294
295#define PIN_WAIT (1)
296#define PIN_EXCLUSIVE (2)
297#define PIN_NO_READ (4)
298#define PIN_IF_BCB (8)
299
300#define PORT_CONNECT 0x0001
301#define PORT_ALL_ACCESS (STANDARD_RIGHTS_ALL |\
302 PORT_CONNECT)
303/* also in winnt.h */
304#define SEC_BASED 0x00200000
305#define SEC_NO_CHANGE 0x00400000
306#define SEC_FILE 0x00800000
307#define SEC_IMAGE 0x01000000
308#define SEC_VLM 0x02000000
309#define SEC_RESERVE 0x04000000
310#define SEC_COMMIT 0x08000000
311#define SEC_NOCACHE 0x10000000
312
313#define SECURITY_WORLD_SID_AUTHORITY {0,0,0,0,0,1}
314#define SECURITY_WORLD_RID (0x00000000L)
315
316#define SID_REVISION 1
317
318#define TOKEN_ASSIGN_PRIMARY (0x0001)
319#define TOKEN_DUPLICATE (0x0002)
320#define TOKEN_IMPERSONATE (0x0004)
321#define TOKEN_QUERY (0x0008)
322#define TOKEN_QUERY_SOURCE (0x0010)
323#define TOKEN_ADJUST_PRIVILEGES (0x0020)
324#define TOKEN_ADJUST_GROUPS (0x0040)
325#define TOKEN_ADJUST_DEFAULT (0x0080)
326
327#define TOKEN_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED |\
328 TOKEN_ASSIGN_PRIMARY |\
329 TOKEN_DUPLICATE |\
330 TOKEN_IMPERSONATE |\
331 TOKEN_QUERY |\
332 TOKEN_QUERY_SOURCE |\
333 TOKEN_ADJUST_PRIVILEGES |\
334 TOKEN_ADJUST_GROUPS |\
335 TOKEN_ADJUST_DEFAULT)
336
337#define TOKEN_READ (STANDARD_RIGHTS_READ |\
338 TOKEN_QUERY)
339
340#define TOKEN_WRITE (STANDARD_RIGHTS_WRITE |\
341 TOKEN_ADJUST_PRIVILEGES |\
342 TOKEN_ADJUST_GROUPS |\
343 TOKEN_ADJUST_DEFAULT)
344
345#define TOKEN_EXECUTE (STANDARD_RIGHTS_EXECUTE)
346
347#define TOKEN_SOURCE_LENGTH 8
348/* end winnt.h */
349
350#define TOKEN_HAS_TRAVERSE_PRIVILEGE 0x01
351#define TOKEN_HAS_BACKUP_PRIVILEGE 0x02
352#define TOKEN_HAS_RESTORE_PRIVILEGE 0x04
353#define TOKEN_HAS_ADMIN_GROUP 0x08
354#define TOKEN_IS_RESTRICTED 0x10
355
356#define VACB_MAPPING_GRANULARITY (0x40000)
357#define VACB_OFFSET_SHIFT (18)
358
359#define FSCTL_REQUEST_OPLOCK_LEVEL_1 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 0, METHOD_BUFFERED, FILE_ANY_ACCESS)
360#define FSCTL_REQUEST_OPLOCK_LEVEL_2 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 1, METHOD_BUFFERED, FILE_ANY_ACCESS)
361#define FSCTL_REQUEST_BATCH_OPLOCK CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 2, METHOD_BUFFERED, FILE_ANY_ACCESS)
362#define FSCTL_OPLOCK_BREAK_ACKNOWLEDGE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 3, METHOD_BUFFERED, FILE_ANY_ACCESS)
363#define FSCTL_OPBATCH_ACK_CLOSE_PENDING CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 4, METHOD_BUFFERED, FILE_ANY_ACCESS)
364#define FSCTL_OPLOCK_BREAK_NOTIFY CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 5, METHOD_BUFFERED, FILE_ANY_ACCESS)
365#define FSCTL_LOCK_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 6, METHOD_BUFFERED, FILE_ANY_ACCESS)
366#define FSCTL_UNLOCK_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 7, METHOD_BUFFERED, FILE_ANY_ACCESS)
367#define FSCTL_DISMOUNT_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 8, METHOD_BUFFERED, FILE_ANY_ACCESS)
368
369#define FSCTL_IS_VOLUME_MOUNTED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 10, METHOD_BUFFERED, FILE_ANY_ACCESS)
370#define FSCTL_IS_PATHNAME_VALID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 11, METHOD_BUFFERED, FILE_ANY_ACCESS)
371#define FSCTL_MARK_VOLUME_DIRTY CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 12, METHOD_BUFFERED, FILE_ANY_ACCESS)
372
373#define FSCTL_QUERY_RETRIEVAL_POINTERS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 14, METHOD_NEITHER, FILE_ANY_ACCESS)
374#define FSCTL_GET_COMPRESSION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 15, METHOD_BUFFERED, FILE_ANY_ACCESS)
375#define FSCTL_SET_COMPRESSION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 16, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA)
376
377
378#define FSCTL_MARK_AS_SYSTEM_HIVE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 19, METHOD_NEITHER, FILE_ANY_ACCESS)
379#define FSCTL_OPLOCK_BREAK_ACK_NO_2 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 20, METHOD_BUFFERED, FILE_ANY_ACCESS)
380#define FSCTL_INVALIDATE_VOLUMES CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 21, METHOD_BUFFERED, FILE_ANY_ACCESS)
381#define FSCTL_QUERY_FAT_BPB CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 22, METHOD_BUFFERED, FILE_ANY_ACCESS)
382#define FSCTL_REQUEST_FILTER_OPLOCK CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 23, METHOD_BUFFERED, FILE_ANY_ACCESS)
383#define FSCTL_FILESYSTEM_GET_STATISTICS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 24, METHOD_BUFFERED, FILE_ANY_ACCESS)
384
385#if (VER_PRODUCTBUILD >= 1381)
386
387#define FSCTL_GET_NTFS_VOLUME_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 25, METHOD_BUFFERED, FILE_ANY_ACCESS)
388#define FSCTL_GET_NTFS_FILE_RECORD CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 26, METHOD_BUFFERED, FILE_ANY_ACCESS)
389#define FSCTL_GET_VOLUME_BITMAP CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 27, METHOD_NEITHER, FILE_ANY_ACCESS)
390#define FSCTL_GET_RETRIEVAL_POINTERS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 28, METHOD_NEITHER, FILE_ANY_ACCESS)
391#define FSCTL_MOVE_FILE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 29, METHOD_BUFFERED, FILE_ANY_ACCESS)
392#define FSCTL_IS_VOLUME_DIRTY CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 30, METHOD_BUFFERED, FILE_ANY_ACCESS)
393#define FSCTL_GET_HFS_INFORMATION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 31, METHOD_BUFFERED, FILE_ANY_ACCESS)
394#define FSCTL_ALLOW_EXTENDED_DASD_IO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 32, METHOD_NEITHER, FILE_ANY_ACCESS)
395
396#endif /* (VER_PRODUCTBUILD >= 1381) */
397
398#if (VER_PRODUCTBUILD >= 2195)
399
400#define FSCTL_READ_PROPERTY_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 33, METHOD_NEITHER, FILE_ANY_ACCESS)
401#define FSCTL_WRITE_PROPERTY_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 34, METHOD_NEITHER, FILE_ANY_ACCESS)
402#define FSCTL_FIND_FILES_BY_SID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 35, METHOD_NEITHER, FILE_ANY_ACCESS)
403
404#define FSCTL_DUMP_PROPERTY_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 37, METHOD_NEITHER, FILE_ANY_ACCESS)
405#define FSCTL_SET_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 38, METHOD_BUFFERED, FILE_WRITE_DATA)
406#define FSCTL_GET_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 39, METHOD_BUFFERED, FILE_ANY_ACCESS)
407#define FSCTL_DELETE_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 40, METHOD_BUFFERED, FILE_WRITE_DATA)
408#define FSCTL_SET_REPARSE_POINT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 41, METHOD_BUFFERED, FILE_WRITE_DATA)
409#define FSCTL_GET_REPARSE_POINT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 42, METHOD_BUFFERED, FILE_ANY_ACCESS)
410#define FSCTL_DELETE_REPARSE_POINT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 43, METHOD_BUFFERED, FILE_WRITE_DATA)
411#define FSCTL_ENUM_USN_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 44, METHOD_NEITHER, FILE_READ_DATA)
412#define FSCTL_SECURITY_ID_CHECK CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 45, METHOD_NEITHER, FILE_READ_DATA)
413#define FSCTL_READ_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 46, METHOD_NEITHER, FILE_READ_DATA)
414#define FSCTL_SET_OBJECT_ID_EXTENDED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 47, METHOD_BUFFERED, FILE_WRITE_DATA)
415#define FSCTL_CREATE_OR_GET_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 48, METHOD_BUFFERED, FILE_ANY_ACCESS)
416#define FSCTL_SET_SPARSE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 49, METHOD_BUFFERED, FILE_WRITE_DATA)
417#define FSCTL_SET_ZERO_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 50, METHOD_BUFFERED, FILE_WRITE_DATA)
418#define FSCTL_QUERY_ALLOCATED_RANGES CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 51, METHOD_NEITHER, FILE_READ_DATA)
419#define FSCTL_ENABLE_UPGRADE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 52, METHOD_BUFFERED, FILE_WRITE_DATA)
420#define FSCTL_SET_ENCRYPTION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 53, METHOD_BUFFERED, FILE_ANY_ACCESS)
421#define FSCTL_ENCRYPTION_FSCTL_IO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 54, METHOD_NEITHER, FILE_ANY_ACCESS)
422#define FSCTL_WRITE_RAW_ENCRYPTED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 55, METHOD_NEITHER, FILE_ANY_ACCESS)
423#define FSCTL_READ_RAW_ENCRYPTED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 56, METHOD_NEITHER, FILE_ANY_ACCESS)
424#define FSCTL_CREATE_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 57, METHOD_NEITHER, FILE_READ_DATA)
425#define FSCTL_READ_FILE_USN_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 58, METHOD_NEITHER, FILE_READ_DATA)
426#define FSCTL_WRITE_USN_CLOSE_RECORD CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 59, METHOD_NEITHER, FILE_READ_DATA)
427#define FSCTL_EXTEND_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 60, METHOD_BUFFERED, FILE_ANY_ACCESS)
428#define FSCTL_QUERY_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 61, METHOD_BUFFERED, FILE_ANY_ACCESS)
429#define FSCTL_DELETE_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 62, METHOD_BUFFERED, FILE_ANY_ACCESS)
430#define FSCTL_MARK_HANDLE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 63, METHOD_BUFFERED, FILE_ANY_ACCESS)
431#define FSCTL_SIS_COPYFILE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 64, METHOD_BUFFERED, FILE_ANY_ACCESS)
432#define FSCTL_SIS_LINK_FILES CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 65, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA)
433#define FSCTL_HSM_MSG CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 66, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA)
434#define FSCTL_NSS_CONTROL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 67, METHOD_BUFFERED, FILE_WRITE_DATA)
435#define FSCTL_HSM_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 68, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA)
436#define FSCTL_RECALL_FILE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 69, METHOD_NEITHER, FILE_ANY_ACCESS)
437#define FSCTL_NSS_RCONTROL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 70, METHOD_BUFFERED, FILE_READ_DATA)
438#define FSCTL_READ_FROM_PLEX CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 71, METHOD_OUT_DIRECT, FILE_READ_DATA)
439#define FSCTL_FILE_PREFETCH CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 72, METHOD_BUFFERED, FILE_SPECIAL_ACCESS)
440
441#endif /* (VER_PRODUCTBUILD >= 2195) */
442
443#define FSCTL_MAILSLOT_PEEK CTL_CODE(FILE_DEVICE_MAILSLOT, 0, METHOD_NEITHER, FILE_READ_DATA)
444
445#define FSCTL_NETWORK_SET_CONFIGURATION_INFO CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 102, METHOD_IN_DIRECT, FILE_ANY_ACCESS)
446#define FSCTL_NETWORK_GET_CONFIGURATION_INFO CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 103, METHOD_OUT_DIRECT, FILE_ANY_ACCESS)
447#define FSCTL_NETWORK_GET_CONNECTION_INFO CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 104, METHOD_NEITHER, FILE_ANY_ACCESS)
448#define FSCTL_NETWORK_ENUMERATE_CONNECTIONS CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 105, METHOD_NEITHER, FILE_ANY_ACCESS)
449#define FSCTL_NETWORK_DELETE_CONNECTION CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 107, METHOD_BUFFERED, FILE_ANY_ACCESS)
450#define FSCTL_NETWORK_GET_STATISTICS CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 116, METHOD_BUFFERED, FILE_ANY_ACCESS)
451#define FSCTL_NETWORK_SET_DOMAIN_NAME CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 120, METHOD_BUFFERED, FILE_ANY_ACCESS)
452#define FSCTL_NETWORK_REMOTE_BOOT_INIT_SCRT CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 250, METHOD_BUFFERED, FILE_ANY_ACCESS)
453
454#define FSCTL_PIPE_ASSIGN_EVENT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 0, METHOD_BUFFERED, FILE_ANY_ACCESS)
455#define FSCTL_PIPE_DISCONNECT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 1, METHOD_BUFFERED, FILE_ANY_ACCESS)
456#define FSCTL_PIPE_LISTEN CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2, METHOD_BUFFERED, FILE_ANY_ACCESS)
457#define FSCTL_PIPE_PEEK CTL_CODE(FILE_DEVICE_NAMED_PIPE, 3, METHOD_BUFFERED, FILE_READ_DATA)
458#define FSCTL_PIPE_QUERY_EVENT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 4, METHOD_BUFFERED, FILE_ANY_ACCESS)
459#define FSCTL_PIPE_TRANSCEIVE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 5, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA)
460#define FSCTL_PIPE_WAIT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 6, METHOD_BUFFERED, FILE_ANY_ACCESS)
461#define FSCTL_PIPE_IMPERSONATE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 7, METHOD_BUFFERED, FILE_ANY_ACCESS)
462#define FSCTL_PIPE_SET_CLIENT_PROCESS CTL_CODE(FILE_DEVICE_NAMED_PIPE, 8, METHOD_BUFFERED, FILE_ANY_ACCESS)
463#define FSCTL_PIPE_QUERY_CLIENT_PROCESS CTL_CODE(FILE_DEVICE_NAMED_PIPE, 9, METHOD_BUFFERED, FILE_ANY_ACCESS)
464#define FSCTL_PIPE_INTERNAL_READ CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2045, METHOD_BUFFERED, FILE_READ_DATA)
465#define FSCTL_PIPE_INTERNAL_WRITE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2046, METHOD_BUFFERED, FILE_WRITE_DATA)
466#define FSCTL_PIPE_INTERNAL_TRANSCEIVE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2047, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA)
467#define FSCTL_PIPE_INTERNAL_READ_OVFLOW CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2048, METHOD_BUFFERED, FILE_READ_DATA)
468
469#define IOCTL_REDIR_QUERY_PATH CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 99, METHOD_NEITHER, FILE_ANY_ACCESS)
470
471typedef PVOID PEJOB;
472typedef PVOID OPLOCK, *POPLOCK;
473typedef PVOID PWOW64_PROCESS;
474
475typedef struct _CACHE_MANAGER_CALLBACKS *PCACHE_MANAGER_CALLBACKS;
476typedef struct _EPROCESS_QUOTA_BLOCK *PEPROCESS_QUOTA_BLOCK;
477typedef struct _FILE_GET_QUOTA_INFORMATION *PFILE_GET_QUOTA_INFORMATION;
478typedef struct _HANDLE_TABLE *PHANDLE_TABLE;
479typedef struct _KEVENT_PAIR *PKEVENT_PAIR;
480typedef struct _KPROCESS *PKPROCESS;
481typedef struct _KQUEUE *PKQUEUE;
482typedef struct _KTRAP_FRAME *PKTRAP_FRAME;
483typedef struct _MAILSLOT_CREATE_PARAMETERS *PMAILSLOT_CREATE_PARAMETERS;
484typedef struct _MMWSL *PMMWSL;
485typedef struct _NAMED_PIPE_CREATE_PARAMETERS *PNAMED_PIPE_CREATE_PARAMETERS;
486typedef struct _OBJECT_DIRECTORY *POBJECT_DIRECTORY;
487typedef struct _PAGEFAULT_HISTORY *PPAGEFAULT_HISTORY;
488typedef struct _PS_IMPERSONATION_INFORMATION *PPS_IMPERSONATION_INFORMATION;
489typedef struct _SECTION_OBJECT *PSECTION_OBJECT;
490typedef struct _SHARED_CACHE_MAP *PSHARED_CACHE_MAP;
491typedef struct _TERMINATION_PORT *PTERMINATION_PORT;
492typedef struct _VACB *PVACB;
493typedef struct _VAD_HEADER *PVAD_HEADER;
494
495typedef struct _NOTIFY_SYNC
496{
497 ULONG Unknown0;
498 ULONG Unknown1;
499 ULONG Unknown2;
500 USHORT Unknown3;
501 USHORT Unknown4;
502 ULONG Unknown5;
503 ULONG Unknown6;
504 ULONG Unknown7;
505 ULONG Unknown8;
506 ULONG Unknown9;
507 ULONG Unknown10;
508} NOTIFY_SYNC, * PNOTIFY_SYNC;
509
510typedef enum _FAST_IO_POSSIBLE {
511 FastIoIsNotPossible,
512 FastIoIsPossible,
513 FastIoIsQuestionable
514} FAST_IO_POSSIBLE;
515
516typedef enum _FILE_STORAGE_TYPE {
517 StorageTypeDefault = 1,
518 StorageTypeDirectory,
519 StorageTypeFile,
520 StorageTypeJunctionPoint,
521 StorageTypeCatalog,
522 StorageTypeStructuredStorage,
523 StorageTypeEmbedding,
524 StorageTypeStream
525} FILE_STORAGE_TYPE;
526
527typedef enum _IO_COMPLETION_INFORMATION_CLASS {
528 IoCompletionBasicInformation
529} IO_COMPLETION_INFORMATION_CLASS;
530
531typedef enum _OBJECT_INFO_CLASS {
532 ObjectBasicInfo,
533 ObjectNameInfo,
534 ObjectTypeInfo,
535 ObjectAllTypesInfo,
536 ObjectProtectionInfo
537} OBJECT_INFO_CLASS;
538
539typedef struct _HARDWARE_PTE_X86 {
540 ULONG Valid : 1;
541 ULONG Write : 1;
542 ULONG Owner : 1;
543 ULONG WriteThrough : 1;
544 ULONG CacheDisable : 1;
545 ULONG Accessed : 1;
546 ULONG Dirty : 1;
547 ULONG LargePage : 1;
548 ULONG Global : 1;
549 ULONG CopyOnWrite : 1;
550 ULONG Prototype : 1;
551 ULONG reserved : 1;
552 ULONG PageFrameNumber : 20;
553} HARDWARE_PTE_X86, *PHARDWARE_PTE_X86;
554
555typedef struct _KAPC_STATE {
556 LIST_ENTRY ApcListHead[2];
557 PKPROCESS Process;
558 BOOLEAN KernelApcInProgress;
559 BOOLEAN KernelApcPending;
560 BOOLEAN UserApcPending;
561} KAPC_STATE, *PKAPC_STATE;
562
563typedef struct _KGDTENTRY {
564 USHORT LimitLow;
565 USHORT BaseLow;
566 union {
567 struct {
568 UCHAR BaseMid;
569 UCHAR Flags1;
570 UCHAR Flags2;
571 UCHAR BaseHi;
572 } Bytes;
573 struct {
574 ULONG BaseMid : 8;
575 ULONG Type : 5;
576 ULONG Dpl : 2;
577 ULONG Pres : 1;
578 ULONG LimitHi : 4;
579 ULONG Sys : 1;
580 ULONG Reserved_0 : 1;
581 ULONG Default_Big : 1;
582 ULONG Granularity : 1;
583 ULONG BaseHi : 8;
584 } Bits;
585 } HighWord;
586} KGDTENTRY, *PKGDTENTRY;
587
588typedef struct _KIDTENTRY {
589 USHORT Offset;
590 USHORT Selector;
591 USHORT Access;
592 USHORT ExtendedOffset;
593} KIDTENTRY, *PKIDTENTRY;
594
595#if (VER_PRODUCTBUILD >= 2600)
596
597typedef struct _MMSUPPORT_FLAGS {
598 ULONG SessionSpace : 1;
599 ULONG BeingTrimmed : 1;
600 ULONG SessionLeader : 1;
601 ULONG TrimHard : 1;
602 ULONG WorkingSetHard : 1;
603 ULONG AddressSpaceBeingDeleted : 1;
604 ULONG Available : 10;
605 ULONG AllowWorkingSetAdjustment : 8;
606 ULONG MemoryPriority : 8;
607} MMSUPPORT_FLAGS, *PMMSUPPORT_FLAGS;
608
609#else
610
611typedef struct _MMSUPPORT_FLAGS {
612 ULONG SessionSpace : 1;
613 ULONG BeingTrimmed : 1;
614 ULONG ProcessInSession : 1;
615 ULONG SessionLeader : 1;
616 ULONG TrimHard : 1;
617 ULONG WorkingSetHard : 1;
618 ULONG WriteWatch : 1;
619 ULONG Filler : 25;
620} MMSUPPORT_FLAGS, *PMMSUPPORT_FLAGS;
621
622#endif
623
624#if (VER_PRODUCTBUILD >= 2600)
625
626typedef struct _MMSUPPORT {
627 LARGE_INTEGER LastTrimTime;
628 MMSUPPORT_FLAGS Flags;
629 ULONG PageFaultCount;
630 ULONG PeakWorkingSetSize;
631 ULONG WorkingSetSize;
632 ULONG MinimumWorkingSetSize;
633 ULONG MaximumWorkingSetSize;
634 PMMWSL VmWorkingSetList;
635 LIST_ENTRY WorkingSetExpansionLinks;
636 ULONG Claim;
637 ULONG NextEstimationSlot;
638 ULONG NextAgingSlot;
639 ULONG EstimatedAvailable;
640 ULONG GrowthSinceLastEstimate;
641} MMSUPPORT, *PMMSUPPORT;
642
643#else
644
645typedef struct _MMSUPPORT {
646 LARGE_INTEGER LastTrimTime;
647 ULONG LastTrimFaultCount;
648 ULONG PageFaultCount;
649 ULONG PeakWorkingSetSize;
650 ULONG WorkingSetSize;
651 ULONG MinimumWorkingSetSize;
652 ULONG MaximumWorkingSetSize;
653 PMMWSL VmWorkingSetList;
654 LIST_ENTRY WorkingSetExpansionLinks;
655 BOOLEAN AllowWorkingSetAdjustment;
656 BOOLEAN AddressSpaceBeingDeleted;
657 UCHAR ForegroundSwitchCount;
658 UCHAR MemoryPriority;
659#if (VER_PRODUCTBUILD >= 2195)
660 union {
661 ULONG LongFlags;
662 MMSUPPORT_FLAGS Flags;
663 } u;
664 ULONG Claim;
665 ULONG NextEstimationSlot;
666 ULONG NextAgingSlot;
667 ULONG EstimatedAvailable;
668 ULONG GrowthSinceLastEstimate;
669#endif /* (VER_PRODUCTBUILD >= 2195) */
670} MMSUPPORT, *PMMSUPPORT;
671
672#endif
673
674typedef struct _SE_AUDIT_PROCESS_CREATION_INFO {
675 POBJECT_NAME_INFORMATION ImageFileName;
676} SE_AUDIT_PROCESS_CREATION_INFO, *PSE_AUDIT_PROCESS_CREATION_INFO;
677
678typedef struct _BITMAP_RANGE {
679 LIST_ENTRY Links;
680 LARGE_INTEGER BasePage;
681 ULONG FirstDirtyPage;
682 ULONG LastDirtyPage;
683 ULONG DirtyPages;
684 PULONG Bitmap;
685} BITMAP_RANGE, *PBITMAP_RANGE;
686
687typedef struct _CACHE_UNINITIALIZE_EVENT {
688 struct _CACHE_UNINITIALIZE_EVENT *Next;
689 KEVENT Event;
690} CACHE_UNINITIALIZE_EVENT, *PCACHE_UNINITIALIZE_EVENT;
691
692typedef struct _CC_FILE_SIZES {
693 LARGE_INTEGER AllocationSize;
694 LARGE_INTEGER FileSize;
695 LARGE_INTEGER ValidDataLength;
696} CC_FILE_SIZES, *PCC_FILE_SIZES;
697
698typedef struct _COMPRESSED_DATA_INFO {
699 USHORT CompressionFormatAndEngine;
700 UCHAR CompressionUnitShift;
701 UCHAR ChunkShift;
702 UCHAR ClusterShift;
703 UCHAR Reserved;
704 USHORT NumberOfChunks;
705 ULONG CompressedChunkSizes[ANYSIZE_ARRAY];
706} COMPRESSED_DATA_INFO, *PCOMPRESSED_DATA_INFO;
707
708typedef struct _DEVICE_MAP {
709 POBJECT_DIRECTORY DosDevicesDirectory;
710 POBJECT_DIRECTORY GlobalDosDevicesDirectory;
711 ULONG ReferenceCount;
712 ULONG DriveMap;
713 UCHAR DriveType[32];
714} DEVICE_MAP, *PDEVICE_MAP;
715
716#if (VER_PRODUCTBUILD >= 2600)
717
718typedef struct _EX_FAST_REF {
719 _ANONYMOUS_UNION union {
720 PVOID Object;
721 ULONG RefCnt : 3;
722 ULONG Value;
723 } DUMMYUNIONNAME;
724} EX_FAST_REF, *PEX_FAST_REF;
725
726typedef struct _EX_PUSH_LOCK {
727 _ANONYMOUS_UNION union {
728 _ANONYMOUS_STRUCT struct {
729 ULONG Waiting : 1;
730 ULONG Exclusive : 1;
731 ULONG Shared : 30;
732 } DUMMYSTRUCTNAME;
733 ULONG Value;
734 PVOID Ptr;
735 } DUMMYUNIONNAME;
736} EX_PUSH_LOCK, *PEX_PUSH_LOCK;
737
738typedef struct _EX_RUNDOWN_REF {
739 _ANONYMOUS_UNION union {
740 ULONG Count;
741 PVOID Ptr;
742 } DUMMYUNIONNAME;
743} EX_RUNDOWN_REF, *PEX_RUNDOWN_REF;
744
745#endif
746
747typedef struct _EPROCESS_QUOTA_ENTRY {
748 ULONG Usage;
749 ULONG Limit;
750 ULONG Peak;
751 ULONG Return;
752} EPROCESS_QUOTA_ENTRY, *PEPROCESS_QUOTA_ENTRY;
753
754typedef struct _EPROCESS_QUOTA_BLOCK {
755 EPROCESS_QUOTA_ENTRY QuotaEntry[3];
756 LIST_ENTRY QuotaList;
757 ULONG ReferenceCount;
758 ULONG ProcessCount;
759} EPROCESS_QUOTA_BLOCK, *PEPROCESS_QUOTA_BLOCK;
760
761/*
762 * When needing these parameters cast your PIO_STACK_LOCATION to
763 * PEXTENDED_IO_STACK_LOCATION
764 */
765#if !defined(_ALPHA_) && !defined(_M_ALPHA)
766#include <pshpack4.h>
767#endif
768typedef struct _EXTENDED_IO_STACK_LOCATION {
769
770 /* Included for padding */
771 UCHAR MajorFunction;
772 UCHAR MinorFunction;
773 UCHAR Flags;
774 UCHAR Control;
775
776 union {
777
778 struct {
779 PIO_SECURITY_CONTEXT SecurityContext;
780 ULONG Options;
781 USHORT Reserved;
782 USHORT ShareAccess;
783 PMAILSLOT_CREATE_PARAMETERS Parameters;
784 } CreateMailslot;
785
786 struct {
787 PIO_SECURITY_CONTEXT SecurityContext;
788 ULONG Options;
789 USHORT Reserved;
790 USHORT ShareAccess;
791 PNAMED_PIPE_CREATE_PARAMETERS Parameters;
792 } CreatePipe;
793
794 struct {
795 ULONG OutputBufferLength;
796 ULONG InputBufferLength;
797 ULONG FsControlCode;
798 PVOID Type3InputBuffer;
799 } FileSystemControl;
800
801 struct {
802 PLARGE_INTEGER Length;
803 ULONG Key;
804 LARGE_INTEGER ByteOffset;
805 } LockControl;
806
807 struct {
808 ULONG Length;
809 ULONG CompletionFilter;
810 } NotifyDirectory;
811
812 struct {
813 ULONG Length;
814 PUNICODE_STRING FileName;
815 FILE_INFORMATION_CLASS FileInformationClass;
816 ULONG FileIndex;
817 } QueryDirectory;
818
819 struct {
820 ULONG Length;
821 PVOID EaList;
822 ULONG EaListLength;
823 ULONG EaIndex;
824 } QueryEa;
825
826 struct {
827 ULONG Length;
828 PSID StartSid;
829 PFILE_GET_QUOTA_INFORMATION SidList;
830 ULONG SidListLength;
831 } QueryQuota;
832
833 struct {
834 ULONG Length;
835 } SetEa;
836
837 struct {
838 ULONG Length;
839 } SetQuota;
840
841 struct {
842 ULONG Length;
843 FS_INFORMATION_CLASS FsInformationClass;
844 } SetVolume;
845
846 } Parameters;
847 PDEVICE_OBJECT DeviceObject;
848 PFILE_OBJECT FileObject;
849 PIO_COMPLETION_ROUTINE CompletionRoutine;
850 PVOID Context;
851
852} EXTENDED_IO_STACK_LOCATION, *PEXTENDED_IO_STACK_LOCATION;
853#if !defined(_ALPHA_) && !defined(_M_ALPHA)
854#include <poppack.h>
855#endif
856
857typedef struct _FILE_ACCESS_INFORMATION {
858 ACCESS_MASK AccessFlags;
859} FILE_ACCESS_INFORMATION, *PFILE_ACCESS_INFORMATION;
860
861typedef struct _FILE_ALLOCATION_INFORMATION {
862 LARGE_INTEGER AllocationSize;
863} FILE_ALLOCATION_INFORMATION, *PFILE_ALLOCATION_INFORMATION;
864
865typedef struct _FILE_BOTH_DIR_INFORMATION {
866 ULONG NextEntryOffset;
867 ULONG FileIndex;
868 LARGE_INTEGER CreationTime;
869 LARGE_INTEGER LastAccessTime;
870 LARGE_INTEGER LastWriteTime;
871 LARGE_INTEGER ChangeTime;
872 LARGE_INTEGER EndOfFile;
873 LARGE_INTEGER AllocationSize;
874 ULONG FileAttributes;
875 ULONG FileNameLength;
876 ULONG EaSize;
877 CCHAR ShortNameLength;
878 WCHAR ShortName[12];
879 WCHAR FileName[1];
880} FILE_BOTH_DIR_INFORMATION, *PFILE_BOTH_DIR_INFORMATION;
881
882typedef struct _FILE_COMPLETION_INFORMATION {
883 HANDLE Port;
884 ULONG Key;
885} FILE_COMPLETION_INFORMATION, *PFILE_COMPLETION_INFORMATION;
886
887typedef struct _FILE_COMPRESSION_INFORMATION {
888 LARGE_INTEGER CompressedFileSize;
889 USHORT CompressionFormat;
890 UCHAR CompressionUnitShift;
891 UCHAR ChunkShift;
892 UCHAR ClusterShift;
893 UCHAR Reserved[3];
894} FILE_COMPRESSION_INFORMATION, *PFILE_COMPRESSION_INFORMATION;
895
896typedef struct _FILE_COPY_ON_WRITE_INFORMATION {
897 BOOLEAN ReplaceIfExists;
898 HANDLE RootDirectory;
899 ULONG FileNameLength;
900 WCHAR FileName[1];
901} FILE_COPY_ON_WRITE_INFORMATION, *PFILE_COPY_ON_WRITE_INFORMATION;
902
903typedef struct _FILE_DIRECTORY_INFORMATION {
904 ULONG NextEntryOffset;
905 ULONG FileIndex;
906 LARGE_INTEGER CreationTime;
907 LARGE_INTEGER LastAccessTime;
908 LARGE_INTEGER LastWriteTime;
909 LARGE_INTEGER ChangeTime;
910 LARGE_INTEGER EndOfFile;
911 LARGE_INTEGER AllocationSize;
912 ULONG FileAttributes;
913 ULONG FileNameLength;
914 WCHAR FileName[1];
915} FILE_DIRECTORY_INFORMATION, *PFILE_DIRECTORY_INFORMATION;
916
917typedef struct _FILE_FULL_DIRECTORY_INFORMATION {
918 ULONG NextEntryOffset;
919 ULONG FileIndex;
920 LARGE_INTEGER CreationTime;
921 LARGE_INTEGER LastAccessTime;
922 LARGE_INTEGER LastWriteTime;
923 LARGE_INTEGER ChangeTime;
924 LARGE_INTEGER EndOfFile;
925 LARGE_INTEGER AllocationSize;
926 ULONG FileAttributes;
927 ULONG FileNameLength;
928 ULONG EaSize;
929 WCHAR FileName[0];
930} FILE_FULL_DIRECTORY_INFORMATION, *PFILE_FULL_DIRECTORY_INFORMATION;
931
932typedef struct _FILE_BOTH_DIRECTORY_INFORMATION {
933 ULONG NextEntryOffset;
934 ULONG FileIndex;
935 LARGE_INTEGER CreationTime;
936 LARGE_INTEGER LastAccessTime;
937 LARGE_INTEGER LastWriteTime;
938 LARGE_INTEGER ChangeTime;
939 LARGE_INTEGER EndOfFile;
940 LARGE_INTEGER AllocationSize;
941 ULONG FileAttributes;
942 ULONG FileNameLength;
943 ULONG EaSize;
944 CHAR ShortNameLength;
945 WCHAR ShortName[12];
946 WCHAR FileName[0];
947} FILE_BOTH_DIRECTORY_INFORMATION, *PFILE_BOTH_DIRECTORY_INFORMATION;
948
949#if (VER_PRODUCTBUILD >= 2600)
950
951typedef struct _FILE_ID_FULL_DIRECTORY_INFORMATION {
952 ULONG NextEntryOffset;
953 ULONG FileIndex;
954 LARGE_INTEGER CreationTime;
955 LARGE_INTEGER LastAccessTime;
956 LARGE_INTEGER LastWriteTime;
957 LARGE_INTEGER ChangeTime;
958 LARGE_INTEGER EndOfFile;
959 LARGE_INTEGER AllocationSize;
960 ULONG FileAttributes;
961 ULONG FileNameLength;
962 ULONG EaSize;
963 LARGE_INTEGER FileId;
964 WCHAR FileName[0];
965} FILE_ID_FULL_DIRECTORY_INFORMATION, *PFILE_ID_FULL_DIRECTORY_INFORMATION;
966
967typedef struct _FILE_ID_BOTH_DIRECTORY_INFORMATION {
968 ULONG NextEntryOffset;
969 ULONG FileIndex;
970 LARGE_INTEGER CreationTime;
971 LARGE_INTEGER LastAccessTime;
972 LARGE_INTEGER LastWriteTime;
973 LARGE_INTEGER ChangeTime;
974 LARGE_INTEGER EndOfFile;
975 LARGE_INTEGER AllocationSize;
976 ULONG FileAttributes;
977 ULONG FileNameLength;
978 ULONG EaSize;
979 CHAR ShortNameLength;
980 WCHAR ShortName[12];
981 LARGE_INTEGER FileId;
982 WCHAR FileName[0];
983} FILE_ID_BOTH_DIRECTORY_INFORMATION, *PFILE_ID_BOTH_DIRECTORY_INFORMATION;
984
985#endif
986
987typedef struct _FILE_EA_INFORMATION {
988 ULONG EaSize;
989} FILE_EA_INFORMATION, *PFILE_EA_INFORMATION;
990
991typedef struct _FILE_FS_ATTRIBUTE_INFORMATION {
992 ULONG FileSystemAttributes;
993 ULONG MaximumComponentNameLength;
994 ULONG FileSystemNameLength;
995 WCHAR FileSystemName[1];
996} FILE_FS_ATTRIBUTE_INFORMATION, *PFILE_FS_ATTRIBUTE_INFORMATION;
997
998typedef struct _FILE_FS_CONTROL_INFORMATION {
999 LARGE_INTEGER FreeSpaceStartFiltering;
1000 LARGE_INTEGER FreeSpaceThreshold;
1001 LARGE_INTEGER FreeSpaceStopFiltering;
1002 LARGE_INTEGER DefaultQuotaThreshold;
1003 LARGE_INTEGER DefaultQuotaLimit;
1004 ULONG FileSystemControlFlags;
1005} FILE_FS_CONTROL_INFORMATION, *PFILE_FS_CONTROL_INFORMATION;
1006
1007typedef struct _FILE_FS_FULL_SIZE_INFORMATION {
1008 LARGE_INTEGER TotalAllocationUnits;
1009 LARGE_INTEGER CallerAvailableAllocationUnits;
1010 LARGE_INTEGER ActualAvailableAllocationUnits;
1011 ULONG SectorsPerAllocationUnit;
1012 ULONG BytesPerSector;
1013} FILE_FS_FULL_SIZE_INFORMATION, *PFILE_FS_FULL_SIZE_INFORMATION;
1014
1015typedef struct _FILE_FS_LABEL_INFORMATION {
1016 ULONG VolumeLabelLength;
1017 WCHAR VolumeLabel[1];
1018} FILE_FS_LABEL_INFORMATION, *PFILE_FS_LABEL_INFORMATION;
1019
1020#if (VER_PRODUCTBUILD >= 2195)
1021
1022typedef struct _FILE_FS_OBJECT_ID_INFORMATION {
1023 UCHAR ObjectId[16];
1024 UCHAR ExtendedInfo[48];
1025} FILE_FS_OBJECT_ID_INFORMATION, *PFILE_FS_OBJECT_ID_INFORMATION;
1026
1027#endif /* (VER_PRODUCTBUILD >= 2195) */
1028
1029typedef struct _FILE_FS_SIZE_INFORMATION {
1030 LARGE_INTEGER TotalAllocationUnits;
1031 LARGE_INTEGER AvailableAllocationUnits;
1032 ULONG SectorsPerAllocationUnit;
1033 ULONG BytesPerSector;
1034} FILE_FS_SIZE_INFORMATION, *PFILE_FS_SIZE_INFORMATION;
1035
1036typedef struct _FILE_FS_VOLUME_INFORMATION {
1037 LARGE_INTEGER VolumeCreationTime;
1038 ULONG VolumeSerialNumber;
1039 ULONG VolumeLabelLength;
1040 BOOLEAN SupportsObjects;
1041 WCHAR VolumeLabel[1];
1042} FILE_FS_VOLUME_INFORMATION, *PFILE_FS_VOLUME_INFORMATION;
1043
1044typedef struct _FILE_FULL_DIR_INFORMATION {
1045 ULONG NextEntryOffset;
1046 ULONG FileIndex;
1047 LARGE_INTEGER CreationTime;
1048 LARGE_INTEGER LastAccessTime;
1049 LARGE_INTEGER LastWriteTime;
1050 LARGE_INTEGER ChangeTime;
1051 LARGE_INTEGER EndOfFile;
1052 LARGE_INTEGER AllocationSize;
1053 ULONG FileAttributes;
1054 ULONG FileNameLength;
1055 ULONG EaSize;
1056 WCHAR FileName[1];
1057} FILE_FULL_DIR_INFORMATION, *PFILE_FULL_DIR_INFORMATION;
1058
1059typedef struct _FILE_GET_EA_INFORMATION {
1060 ULONG NextEntryOffset;
1061 UCHAR EaNameLength;
1062 CHAR EaName[1];
1063} FILE_GET_EA_INFORMATION, *PFILE_GET_EA_INFORMATION;
1064
1065typedef struct _FILE_GET_QUOTA_INFORMATION {
1066 ULONG NextEntryOffset;
1067 ULONG SidLength;
1068 SID Sid;
1069} FILE_GET_QUOTA_INFORMATION, *PFILE_GET_QUOTA_INFORMATION;
1070
1071typedef struct _FILE_INTERNAL_INFORMATION {
1072 LARGE_INTEGER IndexNumber;
1073} FILE_INTERNAL_INFORMATION, *PFILE_INTERNAL_INFORMATION;
1074
1075typedef struct _FILE_LINK_INFORMATION {
1076 BOOLEAN ReplaceIfExists;
1077 HANDLE RootDirectory;
1078 ULONG FileNameLength;
1079 WCHAR FileName[1];
1080} FILE_LINK_INFORMATION, *PFILE_LINK_INFORMATION;
1081
1082typedef struct _FILE_LOCK_INFO {
1083 LARGE_INTEGER StartingByte;
1084 LARGE_INTEGER Length;
1085 BOOLEAN ExclusiveLock;
1086 ULONG Key;
1087 PFILE_OBJECT FileObject;
1088 PEPROCESS Process;
1089 LARGE_INTEGER EndingByte;
1090} FILE_LOCK_INFO, *PFILE_LOCK_INFO;
1091
1092/* raw internal file lock struct returned from FsRtlGetNextFileLock */
1093typedef struct _FILE_SHARED_LOCK_ENTRY {
1094 PVOID Unknown1;
1095 PVOID Unknown2;
1096 FILE_LOCK_INFO FileLock;
1097} FILE_SHARED_LOCK_ENTRY, *PFILE_SHARED_LOCK_ENTRY;
1098
1099/* raw internal file lock struct returned from FsRtlGetNextFileLock */
1100typedef struct _FILE_EXCLUSIVE_LOCK_ENTRY {
1101 LIST_ENTRY ListEntry;
1102 PVOID Unknown1;
1103 PVOID Unknown2;
1104 FILE_LOCK_INFO FileLock;
1105} FILE_EXCLUSIVE_LOCK_ENTRY, *PFILE_EXCLUSIVE_LOCK_ENTRY;
1106
1107typedef NTSTATUS (*PCOMPLETE_LOCK_IRP_ROUTINE) (
1108 /*IN*/ PVOID Context,
1109 /*IN*/ PIRP Irp
1110);
1111
1112typedef VOID (NTAPI *PUNLOCK_ROUTINE) (
1113 /*IN*/ PVOID Context,
1114 /*IN*/ PFILE_LOCK_INFO FileLockInfo
1115);
1116
1117typedef struct _FILE_LOCK {
1118 PCOMPLETE_LOCK_IRP_ROUTINE CompleteLockIrpRoutine;
1119 PUNLOCK_ROUTINE UnlockRoutine;
1120 BOOLEAN FastIoIsQuestionable;
1121 BOOLEAN Pad[3];
1122 PVOID LockInformation;
1123 FILE_LOCK_INFO LastReturnedLockInfo;
1124 PVOID LastReturnedLock;
1125} FILE_LOCK, *PFILE_LOCK;
1126
1127typedef struct _FILE_MAILSLOT_PEEK_BUFFER {
1128 ULONG ReadDataAvailable;
1129 ULONG NumberOfMessages;
1130 ULONG MessageLength;
1131} FILE_MAILSLOT_PEEK_BUFFER, *PFILE_MAILSLOT_PEEK_BUFFER;
1132
1133typedef struct _FILE_MAILSLOT_QUERY_INFORMATION {
1134 ULONG MaximumMessageSize;
1135 ULONG MailslotQuota;
1136 ULONG NextMessageSize;
1137 ULONG MessagesAvailable;
1138 LARGE_INTEGER ReadTimeout;
1139} FILE_MAILSLOT_QUERY_INFORMATION, *PFILE_MAILSLOT_QUERY_INFORMATION;
1140
1141typedef struct _FILE_MAILSLOT_SET_INFORMATION {
1142 LARGE_INTEGER ReadTimeout;
1143} FILE_MAILSLOT_SET_INFORMATION, *PFILE_MAILSLOT_SET_INFORMATION;
1144
1145typedef struct _FILE_MODE_INFORMATION {
1146 ULONG Mode;
1147} FILE_MODE_INFORMATION, *PFILE_MODE_INFORMATION;
1148
1149typedef struct _FILE_ALL_INFORMATION {
1150 FILE_BASIC_INFORMATION BasicInformation;
1151 FILE_STANDARD_INFORMATION StandardInformation;
1152 FILE_INTERNAL_INFORMATION InternalInformation;
1153 FILE_EA_INFORMATION EaInformation;
1154 FILE_ACCESS_INFORMATION AccessInformation;
1155 FILE_POSITION_INFORMATION PositionInformation;
1156 FILE_MODE_INFORMATION ModeInformation;
1157 FILE_ALIGNMENT_INFORMATION AlignmentInformation;
1158 FILE_NAME_INFORMATION NameInformation;
1159} FILE_ALL_INFORMATION, *PFILE_ALL_INFORMATION;
1160
1161typedef struct _FILE_NAMES_INFORMATION {
1162 ULONG NextEntryOffset;
1163 ULONG FileIndex;
1164 ULONG FileNameLength;
1165 WCHAR FileName[1];
1166} FILE_NAMES_INFORMATION, *PFILE_NAMES_INFORMATION;
1167
1168typedef struct _FILE_OBJECTID_INFORMATION {
1169 LONGLONG FileReference;
1170 UCHAR ObjectId[16];
1171 _ANONYMOUS_UNION union {
1172 struct {
1173 UCHAR BirthVolumeId[16];
1174 UCHAR BirthObjectId[16];
1175 UCHAR DomainId[16];
1176 } ;
1177 UCHAR ExtendedInfo[48];
1178 } DUMMYUNIONNAME;
1179} FILE_OBJECTID_INFORMATION, *PFILE_OBJECTID_INFORMATION;
1180
1181typedef struct _FILE_OLE_CLASSID_INFORMATION {
1182 GUID ClassId;
1183} FILE_OLE_CLASSID_INFORMATION, *PFILE_OLE_CLASSID_INFORMATION;
1184
1185typedef struct _FILE_OLE_ALL_INFORMATION {
1186 FILE_BASIC_INFORMATION BasicInformation;
1187 FILE_STANDARD_INFORMATION StandardInformation;
1188 FILE_INTERNAL_INFORMATION InternalInformation;
1189 FILE_EA_INFORMATION EaInformation;
1190 FILE_ACCESS_INFORMATION AccessInformation;
1191 FILE_POSITION_INFORMATION PositionInformation;
1192 FILE_MODE_INFORMATION ModeInformation;
1193 FILE_ALIGNMENT_INFORMATION AlignmentInformation;
1194 USN LastChangeUsn;
1195 USN ReplicationUsn;
1196 LARGE_INTEGER SecurityChangeTime;
1197 FILE_OLE_CLASSID_INFORMATION OleClassIdInformation;
1198 FILE_OBJECTID_INFORMATION ObjectIdInformation;
1199 FILE_STORAGE_TYPE StorageType;
1200 ULONG OleStateBits;
1201 ULONG OleId;
1202 ULONG NumberOfStreamReferences;
1203 ULONG StreamIndex;
1204 ULONG SecurityId;
1205 BOOLEAN ContentIndexDisable;
1206 BOOLEAN InheritContentIndexDisable;
1207 FILE_NAME_INFORMATION NameInformation;
1208} FILE_OLE_ALL_INFORMATION, *PFILE_OLE_ALL_INFORMATION;
1209
1210typedef struct _FILE_OLE_DIR_INFORMATION {
1211 ULONG NextEntryOffset;
1212 ULONG FileIndex;
1213 LARGE_INTEGER CreationTime;
1214 LARGE_INTEGER LastAccessTime;
1215 LARGE_INTEGER LastWriteTime;
1216 LARGE_INTEGER ChangeTime;
1217 LARGE_INTEGER EndOfFile;
1218 LARGE_INTEGER AllocationSize;
1219 ULONG FileAttributes;
1220 ULONG FileNameLength;
1221 FILE_STORAGE_TYPE StorageType;
1222 GUID OleClassId;
1223 ULONG OleStateBits;
1224 BOOLEAN ContentIndexDisable;
1225 BOOLEAN InheritContentIndexDisable;
1226 WCHAR FileName[1];
1227} FILE_OLE_DIR_INFORMATION, *PFILE_OLE_DIR_INFORMATION;
1228
1229typedef struct _FILE_OLE_INFORMATION {
1230 LARGE_INTEGER SecurityChangeTime;
1231 FILE_OLE_CLASSID_INFORMATION OleClassIdInformation;
1232 FILE_OBJECTID_INFORMATION ObjectIdInformation;
1233 FILE_STORAGE_TYPE StorageType;
1234 ULONG OleStateBits;
1235 BOOLEAN ContentIndexDisable;
1236 BOOLEAN InheritContentIndexDisable;
1237} FILE_OLE_INFORMATION, *PFILE_OLE_INFORMATION;
1238
1239typedef struct _FILE_OLE_STATE_BITS_INFORMATION {
1240 ULONG StateBits;
1241 ULONG StateBitsMask;
1242} FILE_OLE_STATE_BITS_INFORMATION, *PFILE_OLE_STATE_BITS_INFORMATION;
1243
1244typedef struct _FILE_PIPE_ASSIGN_EVENT_BUFFER {
1245 HANDLE EventHandle;
1246 ULONG KeyValue;
1247} FILE_PIPE_ASSIGN_EVENT_BUFFER, *PFILE_PIPE_ASSIGN_EVENT_BUFFER;
1248
1249typedef struct _FILE_PIPE_CLIENT_PROCESS_BUFFER {
1250 PVOID ClientSession;
1251 PVOID ClientProcess;
1252} FILE_PIPE_CLIENT_PROCESS_BUFFER, *PFILE_PIPE_CLIENT_PROCESS_BUFFER;
1253
1254typedef struct _FILE_PIPE_EVENT_BUFFER {
1255 ULONG NamedPipeState;
1256 ULONG EntryType;
1257 ULONG ByteCount;
1258 ULONG KeyValue;
1259 ULONG NumberRequests;
1260} FILE_PIPE_EVENT_BUFFER, *PFILE_PIPE_EVENT_BUFFER;
1261
1262typedef struct _FILE_PIPE_INFORMATION {
1263 ULONG ReadMode;
1264 ULONG CompletionMode;
1265} FILE_PIPE_INFORMATION, *PFILE_PIPE_INFORMATION;
1266
1267typedef struct _FILE_PIPE_LOCAL_INFORMATION {
1268 ULONG NamedPipeType;
1269 ULONG NamedPipeConfiguration;
1270 ULONG MaximumInstances;
1271 ULONG CurrentInstances;
1272 ULONG InboundQuota;
1273 ULONG ReadDataAvailable;
1274 ULONG OutboundQuota;
1275 ULONG WriteQuotaAvailable;
1276 ULONG NamedPipeState;
1277 ULONG NamedPipeEnd;
1278} FILE_PIPE_LOCAL_INFORMATION, *PFILE_PIPE_LOCAL_INFORMATION;
1279
1280typedef struct _FILE_PIPE_REMOTE_INFORMATION {
1281 LARGE_INTEGER CollectDataTime;
1282 ULONG MaximumCollectionCount;
1283} FILE_PIPE_REMOTE_INFORMATION, *PFILE_PIPE_REMOTE_INFORMATION;
1284
1285typedef struct _FILE_PIPE_WAIT_FOR_BUFFER {
1286 LARGE_INTEGER Timeout;
1287 ULONG NameLength;
1288 BOOLEAN TimeoutSpecified;
1289 WCHAR Name[1];
1290} FILE_PIPE_WAIT_FOR_BUFFER, *PFILE_PIPE_WAIT_FOR_BUFFER;
1291
1292typedef struct _FILE_QUOTA_INFORMATION {
1293 ULONG NextEntryOffset;
1294 ULONG SidLength;
1295 LARGE_INTEGER ChangeTime;
1296 LARGE_INTEGER QuotaUsed;
1297 LARGE_INTEGER QuotaThreshold;
1298 LARGE_INTEGER QuotaLimit;
1299 SID Sid;
1300} FILE_QUOTA_INFORMATION, *PFILE_QUOTA_INFORMATION;
1301
1302typedef struct _FILE_RENAME_INFORMATION {
1303 BOOLEAN ReplaceIfExists;
1304 HANDLE RootDirectory;
1305 ULONG FileNameLength;
1306 WCHAR FileName[1];
1307} FILE_RENAME_INFORMATION, *PFILE_RENAME_INFORMATION;
1308
1309typedef struct _FILE_STREAM_INFORMATION {
1310 ULONG NextEntryOffset;
1311 ULONG StreamNameLength;
1312 LARGE_INTEGER StreamSize;
1313 LARGE_INTEGER StreamAllocationSize;
1314 WCHAR StreamName[1];
1315} FILE_STREAM_INFORMATION, *PFILE_STREAM_INFORMATION;
1316
1317typedef struct _FILE_TRACKING_INFORMATION {
1318 HANDLE DestinationFile;
1319 ULONG ObjectInformationLength;
1320 CHAR ObjectInformation[1];
1321} FILE_TRACKING_INFORMATION, *PFILE_TRACKING_INFORMATION;
1322
1323typedef struct _FSRTL_COMMON_FCB_HEADER {
1324 CSHORT NodeTypeCode;
1325 CSHORT NodeByteSize;
1326 UCHAR Flags;
1327 UCHAR IsFastIoPossible;
1328#if (VER_PRODUCTBUILD >= 1381)
1329 UCHAR Flags2;
1330 UCHAR Reserved;
1331#endif /* (VER_PRODUCTBUILD >= 1381) */
1332 PERESOURCE Resource;
1333 PERESOURCE PagingIoResource;
1334 LARGE_INTEGER AllocationSize;
1335 LARGE_INTEGER FileSize;
1336 LARGE_INTEGER ValidDataLength;
1337} FSRTL_COMMON_FCB_HEADER, *PFSRTL_COMMON_FCB_HEADER;
1338
1339typedef struct _GENERATE_NAME_CONTEXT {
1340 USHORT Checksum;
1341 BOOLEAN CheckSumInserted;
1342 UCHAR NameLength;
1343 WCHAR NameBuffer[8];
1344 ULONG ExtensionLength;
1345 WCHAR ExtensionBuffer[4];
1346 ULONG LastIndexValue;
1347} GENERATE_NAME_CONTEXT, *PGENERATE_NAME_CONTEXT;
1348
1349typedef struct _HANDLE_TABLE_ENTRY {
1350 PVOID Object;
1351 ULONG ObjectAttributes;
1352 ULONG GrantedAccess;
1353 USHORT GrantedAccessIndex;
1354 USHORT CreatorBackTraceIndex;
1355 ULONG NextFreeTableEntry;
1356} HANDLE_TABLE_ENTRY, *PHANDLE_TABLE_ENTRY;
1357
1358typedef struct _MAPPING_PAIR {
1359 ULONGLONG Vcn;
1360 ULONGLONG Lcn;
1361} MAPPING_PAIR, *PMAPPING_PAIR;
1362
1363typedef struct _GET_RETRIEVAL_DESCRIPTOR {
1364 ULONG NumberOfPairs;
1365 ULONGLONG StartVcn;
1366 MAPPING_PAIR Pair[1];
1367} GET_RETRIEVAL_DESCRIPTOR, *PGET_RETRIEVAL_DESCRIPTOR;
1368
1369typedef struct _IO_CLIENT_EXTENSION {
1370 struct _IO_CLIENT_EXTENSION *NextExtension;
1371 PVOID ClientIdentificationAddress;
1372} IO_CLIENT_EXTENSION, *PIO_CLIENT_EXTENSION;
1373
1374typedef struct _IO_COMPLETION_BASIC_INFORMATION {
1375 LONG Depth;
1376} IO_COMPLETION_BASIC_INFORMATION, *PIO_COMPLETION_BASIC_INFORMATION;
1377
1378typedef struct _KEVENT_PAIR {
1379 USHORT Type;
1380 USHORT Size;
1381 KEVENT Event1;
1382 KEVENT Event2;
1383} KEVENT_PAIR, *PKEVENT_PAIR;
1384
1385typedef struct _KQUEUE {
1386 DISPATCHER_HEADER Header;
1387 LIST_ENTRY EntryListHead;
1388 ULONG CurrentCount;
1389 ULONG MaximumCount;
1390 LIST_ENTRY ThreadListHead;
1391} KQUEUE, *PKQUEUE, *RESTRICTED_POINTER PRKQUEUE;
1392
1393typedef struct _MAILSLOT_CREATE_PARAMETERS {
1394 ULONG MailslotQuota;
1395 ULONG MaximumMessageSize;
1396 LARGE_INTEGER ReadTimeout;
1397 BOOLEAN TimeoutSpecified;
1398} MAILSLOT_CREATE_PARAMETERS, *PMAILSLOT_CREATE_PARAMETERS;
1399
1400typedef struct _MBCB {
1401 CSHORT NodeTypeCode;
1402 CSHORT NodeIsInZone;
1403 ULONG PagesToWrite;
1404 ULONG DirtyPages;
1405 ULONG Reserved;
1406 LIST_ENTRY BitmapRanges;
1407 LONGLONG ResumeWritePage;
1408 BITMAP_RANGE BitmapRange1;
1409 BITMAP_RANGE BitmapRange2;
1410 BITMAP_RANGE BitmapRange3;
1411} MBCB, *PMBCB;
1412
1413typedef struct _MOVEFILE_DESCRIPTOR {
1414 HANDLE FileHandle;
1415 ULONG Reserved;
1416 LARGE_INTEGER StartVcn;
1417 LARGE_INTEGER TargetLcn;
1418 ULONG NumVcns;
1419 ULONG Reserved1;
1420} MOVEFILE_DESCRIPTOR, *PMOVEFILE_DESCRIPTOR;
1421
1422typedef struct _NAMED_PIPE_CREATE_PARAMETERS {
1423 ULONG NamedPipeType;
1424 ULONG ReadMode;
1425 ULONG CompletionMode;
1426 ULONG MaximumInstances;
1427 ULONG InboundQuota;
1428 ULONG OutboundQuota;
1429 LARGE_INTEGER DefaultTimeout;
1430 BOOLEAN TimeoutSpecified;
1431} NAMED_PIPE_CREATE_PARAMETERS, *PNAMED_PIPE_CREATE_PARAMETERS;
1432
1433typedef struct _OBJECT_BASIC_INFO {
1434 ULONG Attributes;
1435 ACCESS_MASK GrantedAccess;
1436 ULONG HandleCount;
1437 ULONG ReferenceCount;
1438 ULONG PagedPoolUsage;
1439 ULONG NonPagedPoolUsage;
1440 ULONG Reserved[3];
1441 ULONG NameInformationLength;
1442 ULONG TypeInformationLength;
1443 ULONG SecurityDescriptorLength;
1444 LARGE_INTEGER CreateTime;
1445} OBJECT_BASIC_INFO, *POBJECT_BASIC_INFO;
1446
1447typedef struct _OBJECT_HANDLE_ATTRIBUTE_INFO {
1448 BOOLEAN Inherit;
1449 BOOLEAN ProtectFromClose;
1450} OBJECT_HANDLE_ATTRIBUTE_INFO, *POBJECT_HANDLE_ATTRIBUTE_INFO;
1451
1452typedef struct _OBJECT_NAME_INFO {
1453 UNICODE_STRING ObjectName;
1454 WCHAR ObjectNameBuffer[1];
1455} OBJECT_NAME_INFO, *POBJECT_NAME_INFO;
1456
1457typedef struct _OBJECT_PROTECTION_INFO {
1458 BOOLEAN Inherit;
1459 BOOLEAN ProtectHandle;
1460} OBJECT_PROTECTION_INFO, *POBJECT_PROTECTION_INFO;
1461
1462typedef struct _OBJECT_TYPE_INFO {
1463 UNICODE_STRING ObjectTypeName;
1464 UCHAR Unknown[0x58];
1465 WCHAR ObjectTypeNameBuffer[1];
1466} OBJECT_TYPE_INFO, *POBJECT_TYPE_INFO;
1467
1468typedef struct _OBJECT_ALL_TYPES_INFO {
1469 ULONG NumberOfObjectTypes;
1470 OBJECT_TYPE_INFO ObjectsTypeInfo[1];
1471} OBJECT_ALL_TYPES_INFO, *POBJECT_ALL_TYPES_INFO;
1472
1473typedef struct _PAGEFAULT_HISTORY {
1474 ULONG CurrentIndex;
1475 ULONG MaxIndex;
1476 KSPIN_LOCK SpinLock;
1477 PVOID Reserved;
1478 PROCESS_WS_WATCH_INFORMATION WatchInfo[1];
1479} PAGEFAULT_HISTORY, *PPAGEFAULT_HISTORY;
1480
1481typedef struct _PATHNAME_BUFFER {
1482 ULONG PathNameLength;
1483 WCHAR Name[1];
1484} PATHNAME_BUFFER, *PPATHNAME_BUFFER;
1485
1486#if (VER_PRODUCTBUILD >= 2600)
1487
1488typedef struct _PRIVATE_CACHE_MAP_FLAGS {
1489 ULONG DontUse : 16;
1490 ULONG ReadAheadActive : 1;
1491 ULONG ReadAheadEnabled : 1;
1492 ULONG Available : 14;
1493} PRIVATE_CACHE_MAP_FLAGS, *PPRIVATE_CACHE_MAP_FLAGS;
1494
1495typedef struct _PRIVATE_CACHE_MAP {
1496 _ANONYMOUS_UNION union {
1497 CSHORT NodeTypeCode;
1498 PRIVATE_CACHE_MAP_FLAGS Flags;
1499 ULONG UlongFlags;
1500 } DUMMYUNIONNAME;
1501 ULONG ReadAheadMask;
1502 PFILE_OBJECT FileObject;
1503 LARGE_INTEGER FileOffset1;
1504 LARGE_INTEGER BeyondLastByte1;
1505 LARGE_INTEGER FileOffset2;
1506 LARGE_INTEGER BeyondLastByte2;
1507 LARGE_INTEGER ReadAheadOffset[2];
1508 ULONG ReadAheadLength[2];
1509 KSPIN_LOCK ReadAheadSpinLock;
1510 LIST_ENTRY PrivateLinks;
1511} PRIVATE_CACHE_MAP, *PPRIVATE_CACHE_MAP;
1512
1513#endif
1514
1515typedef struct _PS_IMPERSONATION_INFORMATION {
1516 PACCESS_TOKEN Token;
1517 BOOLEAN CopyOnOpen;
1518 BOOLEAN EffectiveOnly;
1519 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
1520} PS_IMPERSONATION_INFORMATION, *PPS_IMPERSONATION_INFORMATION;
1521
1522typedef struct _PUBLIC_BCB {
1523 CSHORT NodeTypeCode;
1524 CSHORT NodeByteSize;
1525 ULONG MappedLength;
1526 LARGE_INTEGER MappedFileOffset;
1527} PUBLIC_BCB, *PPUBLIC_BCB;
1528
1529typedef struct _QUERY_PATH_REQUEST {
1530 ULONG PathNameLength;
1531 PIO_SECURITY_CONTEXT SecurityContext;
1532 WCHAR FilePathName[1];
1533} QUERY_PATH_REQUEST, *PQUERY_PATH_REQUEST;
1534
1535typedef struct _QUERY_PATH_RESPONSE {
1536 ULONG LengthAccepted;
1537} QUERY_PATH_RESPONSE, *PQUERY_PATH_RESPONSE;
1538
1539typedef struct _RETRIEVAL_POINTERS_BUFFER {
1540 ULONG ExtentCount;
1541 LARGE_INTEGER StartingVcn;
1542 struct {
1543 LARGE_INTEGER NextVcn;
1544 LARGE_INTEGER Lcn;
1545 } Extents[1];
1546} RETRIEVAL_POINTERS_BUFFER, *PRETRIEVAL_POINTERS_BUFFER;
1547
1548typedef struct _RTL_SPLAY_LINKS {
1549 struct _RTL_SPLAY_LINKS *Parent;
1550 struct _RTL_SPLAY_LINKS *LeftChild;
1551 struct _RTL_SPLAY_LINKS *RightChild;
1552} RTL_SPLAY_LINKS, *PRTL_SPLAY_LINKS;
1553
1554typedef struct _SE_EXPORTS {
1555
1556 LUID SeCreateTokenPrivilege;
1557 LUID SeAssignPrimaryTokenPrivilege;
1558 LUID SeLockMemoryPrivilege;
1559 LUID SeIncreaseQuotaPrivilege;
1560 LUID SeUnsolicitedInputPrivilege;
1561 LUID SeTcbPrivilege;
1562 LUID SeSecurityPrivilege;
1563 LUID SeTakeOwnershipPrivilege;
1564 LUID SeLoadDriverPrivilege;
1565 LUID SeCreatePagefilePrivilege;
1566 LUID SeIncreaseBasePriorityPrivilege;
1567 LUID SeSystemProfilePrivilege;
1568 LUID SeSystemtimePrivilege;
1569 LUID SeProfileSingleProcessPrivilege;
1570 LUID SeCreatePermanentPrivilege;
1571 LUID SeBackupPrivilege;
1572 LUID SeRestorePrivilege;
1573 LUID SeShutdownPrivilege;
1574 LUID SeDebugPrivilege;
1575 LUID SeAuditPrivilege;
1576 LUID SeSystemEnvironmentPrivilege;
1577 LUID SeChangeNotifyPrivilege;
1578 LUID SeRemoteShutdownPrivilege;
1579
1580 PSID SeNullSid;
1581 PSID SeWorldSid;
1582 PSID SeLocalSid;
1583 PSID SeCreatorOwnerSid;
1584 PSID SeCreatorGroupSid;
1585
1586 PSID SeNtAuthoritySid;
1587 PSID SeDialupSid;
1588 PSID SeNetworkSid;
1589 PSID SeBatchSid;
1590 PSID SeInteractiveSid;
1591 PSID SeLocalSystemSid;
1592 PSID SeAliasAdminsSid;
1593 PSID SeAliasUsersSid;
1594 PSID SeAliasGuestsSid;
1595 PSID SeAliasPowerUsersSid;
1596 PSID SeAliasAccountOpsSid;
1597 PSID SeAliasSystemOpsSid;
1598 PSID SeAliasPrintOpsSid;
1599 PSID SeAliasBackupOpsSid;
1600
1601 PSID SeAuthenticatedUsersSid;
1602
1603 PSID SeRestrictedSid;
1604 PSID SeAnonymousLogonSid;
1605
1606 LUID SeUndockPrivilege;
1607 LUID SeSyncAgentPrivilege;
1608 LUID SeEnableDelegationPrivilege;
1609
1610} SE_EXPORTS, *PSE_EXPORTS;
1611
1612typedef struct _SECTION_BASIC_INFORMATION {
1613 PVOID BaseAddress;
1614 ULONG Attributes;
1615 LARGE_INTEGER Size;
1616} SECTION_BASIC_INFORMATION, *PSECTION_BASIC_INFORMATION;
1617
1618typedef struct _SECTION_IMAGE_INFORMATION {
1619 PVOID EntryPoint;
1620 ULONG Unknown1;
1621 ULONG StackReserve;
1622 ULONG StackCommit;
1623 ULONG Subsystem;
1624 USHORT MinorSubsystemVersion;
1625 USHORT MajorSubsystemVersion;
1626 ULONG Unknown2;
1627 ULONG Characteristics;
1628 USHORT ImageNumber;
1629 BOOLEAN Executable;
1630 UCHAR Unknown3;
1631 ULONG Unknown4[3];
1632} SECTION_IMAGE_INFORMATION, *PSECTION_IMAGE_INFORMATION;
1633
1634#if (VER_PRODUCTBUILD >= 2600)
1635
1636typedef struct _SHARED_CACHE_MAP {
1637 CSHORT NodeTypeCode;
1638 CSHORT NodeByteSize;
1639 ULONG OpenCount;
1640 LARGE_INTEGER FileSize;
1641 LIST_ENTRY BcbList;
1642 LARGE_INTEGER SectionSize;
1643 LARGE_INTEGER ValidDataLength;
1644 LARGE_INTEGER ValidDataGoal;
1645 PVACB InitialVacbs[4];
1646 PVACB *Vacbs;
1647 PFILE_OBJECT FileObject;
1648 PVACB ActiveVacb;
1649 PVOID NeedToZero;
1650 ULONG ActivePage;
1651 ULONG NeedToZeroPage;
1652 KSPIN_LOCK ActiveVacbSpinLock;
1653 ULONG VacbActiveCount;
1654 ULONG DirtyPages;
1655 LIST_ENTRY SharedCacheMapLinks;
1656 ULONG Flags;
1657 NTSTATUS Status;
1658 PMBCB Mbcb;
1659 PVOID Section;
1660 PKEVENT CreateEvent;
1661 PKEVENT WaitOnActiveCount;
1662 ULONG PagesToWrite;
1663 LONGLONG BeyondLastFlush;
1664 PCACHE_MANAGER_CALLBACKS Callbacks;
1665 PVOID LazyWriteContext;
1666 LIST_ENTRY PrivateList;
1667 PVOID LogHandle;
1668 PVOID FlushToLsnRoutine;
1669 ULONG DirtyPageThreshold;
1670 ULONG LazyWritePassCount;
1671 PCACHE_UNINITIALIZE_EVENT UninitializeEvent;
1672 PVACB NeedToZeroVacb;
1673 KSPIN_LOCK BcbSpinLock;
1674 PVOID Reserved;
1675 KEVENT Event;
1676 EX_PUSH_LOCK VacbPushLock;
1677 PRIVATE_CACHE_MAP PrivateCacheMap;
1678} SHARED_CACHE_MAP, *PSHARED_CACHE_MAP;
1679
1680#endif
1681
1682typedef struct _STARTING_VCN_INPUT_BUFFER {
1683 LARGE_INTEGER StartingVcn;
1684} STARTING_VCN_INPUT_BUFFER, *PSTARTING_VCN_INPUT_BUFFER;
1685
1686typedef struct _SYSTEM_CACHE_INFORMATION {
1687 ULONG CurrentSize;
1688 ULONG PeakSize;
1689 ULONG PageFaultCount;
1690 ULONG MinimumWorkingSet;
1691 ULONG MaximumWorkingSet;
1692 ULONG Unused[4];
1693} SYSTEM_CACHE_INFORMATION, *PSYSTEM_CACHE_INFORMATION;
1694
1695typedef struct _TERMINATION_PORT {
1696 struct _TERMINATION_PORT* Next;
1697 PVOID Port;
1698} TERMINATION_PORT, *PTERMINATION_PORT;
1699
1700typedef struct _SECURITY_CLIENT_CONTEXT {
1701 SECURITY_QUALITY_OF_SERVICE SecurityQos;
1702 PACCESS_TOKEN ClientToken;
1703 BOOLEAN DirectlyAccessClientToken;
1704 BOOLEAN DirectAccessEffectiveOnly;
1705 BOOLEAN ServerIsRemote;
1706 TOKEN_CONTROL ClientTokenControl;
1707} SECURITY_CLIENT_CONTEXT, *PSECURITY_CLIENT_CONTEXT;
1708
1709typedef struct _TUNNEL {
1710 FAST_MUTEX Mutex;
1711 PRTL_SPLAY_LINKS Cache;
1712 LIST_ENTRY TimerQueue;
1713 USHORT NumEntries;
1714} TUNNEL, *PTUNNEL;
1715
1716typedef struct _VACB {
1717 PVOID BaseAddress;
1718 PSHARED_CACHE_MAP SharedCacheMap;
1719 union {
1720 LARGE_INTEGER FileOffset;
1721 USHORT ActiveCount;
1722 } Overlay;
1723 LIST_ENTRY LruList;
1724} VACB, *PVACB;
1725
1726typedef struct _VAD_HEADER {
1727 PVOID StartVPN;
1728 PVOID EndVPN;
1729 PVAD_HEADER ParentLink;
1730 PVAD_HEADER LeftLink;
1731 PVAD_HEADER RightLink;
1732 ULONG Flags; /* LSB = CommitCharge */
1733 PVOID ControlArea;
1734 PVOID FirstProtoPte;
1735 PVOID LastPTE;
1736 ULONG Unknown;
1737 LIST_ENTRY Secured;
1738} VAD_HEADER, *PVAD_HEADER;
1739
1740NTKERNELAPI
1741BOOLEAN
1742NTAPI
1743CcCanIWrite (
1744 /*IN*/ PFILE_OBJECT FileObject,
1745 /*IN*/ ULONG BytesToWrite,
1746 /*IN*/ BOOLEAN Wait,
1747 /*IN*/ BOOLEAN Retrying
1748);
1749
1750NTKERNELAPI
1751BOOLEAN
1752NTAPI
1753CcCopyRead (
1754 /*IN*/ PFILE_OBJECT FileObject,
1755 /*IN*/ PLARGE_INTEGER FileOffset,
1756 /*IN*/ ULONG Length,
1757 /*IN*/ BOOLEAN Wait,
1758 /*OUT*/ PVOID Buffer,
1759 /*OUT*/ PIO_STATUS_BLOCK IoStatus
1760);
1761
1762NTKERNELAPI
1763BOOLEAN
1764NTAPI
1765CcCopyWrite (
1766 /*IN*/ PFILE_OBJECT FileObject,
1767 /*IN*/ PLARGE_INTEGER FileOffset,
1768 /*IN*/ ULONG Length,
1769 /*IN*/ BOOLEAN Wait,
1770 /*IN*/ PVOID Buffer
1771);
1772
1773#define CcCopyWriteWontFlush(FO, FOFF, LEN) ((LEN) <= 0x10000)
1774
1775typedef VOID (NTAPI *PCC_POST_DEFERRED_WRITE) (
1776 /*IN*/ PVOID Context1,
1777 /*IN*/ PVOID Context2
1778);
1779
1780NTKERNELAPI
1781VOID
1782NTAPI
1783CcDeferWrite (
1784 /*IN*/ PFILE_OBJECT FileObject,
1785 /*IN*/ PCC_POST_DEFERRED_WRITE PostRoutine,
1786 /*IN*/ PVOID Context1,
1787 /*IN*/ PVOID Context2,
1788 /*IN*/ ULONG BytesToWrite,
1789 /*IN*/ BOOLEAN Retrying
1790);
1791
1792NTKERNELAPI
1793VOID
1794NTAPI
1795CcFastCopyRead (
1796 /*IN*/ PFILE_OBJECT FileObject,
1797 /*IN*/ ULONG FileOffset,
1798 /*IN*/ ULONG Length,
1799 /*IN*/ ULONG PageCount,
1800 /*OUT*/ PVOID Buffer,
1801 /*OUT*/ PIO_STATUS_BLOCK IoStatus
1802);
1803
1804NTKERNELAPI
1805VOID
1806NTAPI
1807CcFastCopyWrite (
1808 /*IN*/ PFILE_OBJECT FileObject,
1809 /*IN*/ ULONG FileOffset,
1810 /*IN*/ ULONG Length,
1811 /*IN*/ PVOID Buffer
1812);
1813
1814NTKERNELAPI
1815VOID
1816NTAPI
1817CcFlushCache (
1818 /*IN*/ PSECTION_OBJECT_POINTERS SectionObjectPointer,
1819 /*IN*/ PLARGE_INTEGER FileOffset /*OPTIONAL*/,
1820 /*IN*/ ULONG Length,
1821 /*OUT*/ PIO_STATUS_BLOCK IoStatus /*OPTIONAL*/
1822);
1823
1824typedef VOID (*PDIRTY_PAGE_ROUTINE) (
1825 /*IN*/ PFILE_OBJECT FileObject,
1826 /*IN*/ PLARGE_INTEGER FileOffset,
1827 /*IN*/ ULONG Length,
1828 /*IN*/ PLARGE_INTEGER OldestLsn,
1829 /*IN*/ PLARGE_INTEGER NewestLsn,
1830 /*IN*/ PVOID Context1,
1831 /*IN*/ PVOID Context2
1832);
1833
1834NTKERNELAPI
1835LARGE_INTEGER
1836NTAPI
1837CcGetDirtyPages (
1838 /*IN*/ PVOID LogHandle,
1839 /*IN*/ PDIRTY_PAGE_ROUTINE DirtyPageRoutine,
1840 /*IN*/ PVOID Context1,
1841 /*IN*/ PVOID Context2
1842);
1843
1844NTKERNELAPI
1845PFILE_OBJECT
1846NTAPI
1847CcGetFileObjectFromBcb (
1848 /*IN*/ PVOID Bcb
1849);
1850
1851NTKERNELAPI
1852PFILE_OBJECT
1853NTAPI
1854CcGetFileObjectFromSectionPtrs (
1855 /*IN*/ PSECTION_OBJECT_POINTERS SectionObjectPointer
1856);
1857
1858#define CcGetFileSizePointer(FO) ( \
1859 ((PLARGE_INTEGER)((FO)->SectionObjectPointer->SharedCacheMap) + 1) \
1860)
1861
1862#if (VER_PRODUCTBUILD >= 2195)
1863
1864NTKERNELAPI
1865LARGE_INTEGER
1866NTAPI
1867CcGetFlushedValidData (
1868 /*IN*/ PSECTION_OBJECT_POINTERS SectionObjectPointer,
1869 /*IN*/ BOOLEAN BcbListHeld
1870);
1871
1872#endif /* (VER_PRODUCTBUILD >= 2195) */
1873
1874NTKERNELAPI
1875LARGE_INTEGER
1876CcGetLsnForFileObject (
1877 /*IN*/ PFILE_OBJECT FileObject,
1878 /*OUT*/ PLARGE_INTEGER OldestLsn /*OPTIONAL*/
1879);
1880
1881typedef BOOLEAN (NTAPI *PACQUIRE_FOR_LAZY_WRITE) (
1882 /*IN*/ PVOID Context,
1883 /*IN*/ BOOLEAN Wait
1884);
1885
1886typedef VOID (NTAPI *PRELEASE_FROM_LAZY_WRITE) (
1887 /*IN*/ PVOID Context
1888);
1889
1890typedef BOOLEAN (NTAPI *PACQUIRE_FOR_READ_AHEAD) (
1891 /*IN*/ PVOID Context,
1892 /*IN*/ BOOLEAN Wait
1893);
1894
1895typedef VOID (NTAPI *PRELEASE_FROM_READ_AHEAD) (
1896 /*IN*/ PVOID Context
1897);
1898
1899typedef struct _CACHE_MANAGER_CALLBACKS {
1900 PACQUIRE_FOR_LAZY_WRITE AcquireForLazyWrite;
1901 PRELEASE_FROM_LAZY_WRITE ReleaseFromLazyWrite;
1902 PACQUIRE_FOR_READ_AHEAD AcquireForReadAhead;
1903 PRELEASE_FROM_READ_AHEAD ReleaseFromReadAhead;
1904} CACHE_MANAGER_CALLBACKS, *PCACHE_MANAGER_CALLBACKS;
1905
1906NTKERNELAPI
1907VOID
1908NTAPI
1909CcInitializeCacheMap (
1910 /*IN*/ PFILE_OBJECT FileObject,
1911 /*IN*/ PCC_FILE_SIZES FileSizes,
1912 /*IN*/ BOOLEAN PinAccess,
1913 /*IN*/ PCACHE_MANAGER_CALLBACKS Callbacks,
1914 /*IN*/ PVOID LazyWriteContext
1915);
1916
1917#define CcIsFileCached(FO) ( \
1918 ((FO)->SectionObjectPointer != NULL) && \
1919 (((PSECTION_OBJECT_POINTERS)(FO)->SectionObjectPointer)->SharedCacheMap != NULL) \
1920)
1921
1922NTKERNELAPI
1923BOOLEAN
1924NTAPI
1925CcIsThereDirtyData (
1926 /*IN*/ PVPB Vpb
1927);
1928
1929NTKERNELAPI
1930BOOLEAN
1931NTAPI
1932CcMapData (
1933 /*IN*/ PFILE_OBJECT FileObject,
1934 /*IN*/ PLARGE_INTEGER FileOffset,
1935 /*IN*/ ULONG Length,
1936 /*IN*/ BOOLEAN Wait,
1937 /*OUT*/ PVOID *Bcb,
1938 /*OUT*/ PVOID *Buffer
1939);
1940
1941NTKERNELAPI
1942VOID
1943NTAPI
1944CcMdlRead (
1945 /*IN*/ PFILE_OBJECT FileObject,
1946 /*IN*/ PLARGE_INTEGER FileOffset,
1947 /*IN*/ ULONG Length,
1948 /*OUT*/ PMDL *MdlChain,
1949 /*OUT*/ PIO_STATUS_BLOCK IoStatus
1950);
1951
1952NTKERNELAPI
1953VOID
1954NTAPI
1955CcMdlReadComplete (
1956 /*IN*/ PFILE_OBJECT FileObject,
1957 /*IN*/ PMDL MdlChain
1958);
1959
1960NTKERNELAPI
1961VOID
1962NTAPI
1963CcMdlWriteComplete (
1964 /*IN*/ PFILE_OBJECT FileObject,
1965 /*IN*/ PLARGE_INTEGER FileOffset,
1966 /*IN*/ PMDL MdlChain
1967);
1968
1969NTKERNELAPI
1970BOOLEAN
1971NTAPI
1972CcPinMappedData (
1973 /*IN*/ PFILE_OBJECT FileObject,
1974 /*IN*/ PLARGE_INTEGER FileOffset,
1975 /*IN*/ ULONG Length,
1976#if (VER_PRODUCTBUILD >= 2195)
1977 /*IN*/ ULONG Flags,
1978#else
1979 /*IN*/ BOOLEAN Wait,
1980#endif
1981 /*IN OUT*/ PVOID *Bcb
1982);
1983
1984NTKERNELAPI
1985BOOLEAN
1986NTAPI
1987CcPinRead (
1988 /*IN*/ PFILE_OBJECT FileObject,
1989 /*IN*/ PLARGE_INTEGER FileOffset,
1990 /*IN*/ ULONG Length,
1991#if (VER_PRODUCTBUILD >= 2195)
1992 /*IN*/ ULONG Flags,
1993#else
1994 /*IN*/ BOOLEAN Wait,
1995#endif
1996 /*OUT*/ PVOID *Bcb,
1997 /*OUT*/ PVOID *Buffer
1998);
1999
2000NTKERNELAPI
2001VOID
2002NTAPI
2003CcPrepareMdlWrite (
2004 /*IN*/ PFILE_OBJECT FileObject,
2005 /*IN*/ PLARGE_INTEGER FileOffset,
2006 /*IN*/ ULONG Length,
2007 /*OUT*/ PMDL *MdlChain,
2008 /*OUT*/ PIO_STATUS_BLOCK IoStatus
2009);
2010
2011NTKERNELAPI
2012BOOLEAN
2013NTAPI
2014CcPreparePinWrite (
2015 /*IN*/ PFILE_OBJECT FileObject,
2016 /*IN*/ PLARGE_INTEGER FileOffset,
2017 /*IN*/ ULONG Length,
2018 /*IN*/ BOOLEAN Zero,
2019#if (VER_PRODUCTBUILD >= 2195)
2020 /*IN*/ ULONG Flags,
2021#else
2022 /*IN*/ BOOLEAN Wait,
2023#endif
2024 /*OUT*/ PVOID *Bcb,
2025 /*OUT*/ PVOID *Buffer
2026);
2027
2028NTKERNELAPI
2029BOOLEAN
2030NTAPI
2031CcPurgeCacheSection (
2032 /*IN*/ PSECTION_OBJECT_POINTERS SectionObjectPointer,
2033 /*IN*/ PLARGE_INTEGER FileOffset /*OPTIONAL*/,
2034 /*IN*/ ULONG Length,
2035 /*IN*/ BOOLEAN UninitializeCacheMaps
2036);
2037
2038#define CcReadAhead(FO, FOFF, LEN) ( \
2039 if ((LEN) >= 256) { \
2040 CcScheduleReadAhead((FO), (FOFF), (LEN)); \
2041 } \
2042)
2043
2044#if (VER_PRODUCTBUILD >= 2195)
2045
2046NTKERNELAPI
2047PVOID
2048NTAPI
2049CcRemapBcb (
2050 /*IN*/ PVOID Bcb
2051);
2052
2053#endif /* (VER_PRODUCTBUILD >= 2195) */
2054
2055NTKERNELAPI
2056VOID
2057NTAPI
2058CcRepinBcb (
2059 /*IN*/ PVOID Bcb
2060);
2061
2062NTKERNELAPI
2063VOID
2064NTAPI
2065CcScheduleReadAhead (
2066 /*IN*/ PFILE_OBJECT FileObject,
2067 /*IN*/ PLARGE_INTEGER FileOffset,
2068 /*IN*/ ULONG Length
2069);
2070
2071NTKERNELAPI
2072VOID
2073NTAPI
2074CcSetAdditionalCacheAttributes (
2075 /*IN*/ PFILE_OBJECT FileObject,
2076 /*IN*/ BOOLEAN DisableReadAhead,
2077 /*IN*/ BOOLEAN DisableWriteBehind
2078);
2079
2080NTKERNELAPI
2081VOID
2082NTAPI
2083CcSetBcbOwnerPointer (
2084 /*IN*/ PVOID Bcb,
2085 /*IN*/ PVOID OwnerPointer
2086);
2087
2088NTKERNELAPI
2089VOID
2090NTAPI
2091CcSetDirtyPageThreshold (
2092 /*IN*/ PFILE_OBJECT FileObject,
2093 /*IN*/ ULONG DirtyPageThreshold
2094);
2095
2096NTKERNELAPI
2097VOID
2098NTAPI
2099CcSetDirtyPinnedData (
2100 /*IN*/ PVOID BcbVoid,
2101 /*IN*/ PLARGE_INTEGER Lsn /*OPTIONAL*/
2102);
2103
2104NTKERNELAPI
2105VOID
2106NTAPI
2107CcSetFileSizes (
2108 /*IN*/ PFILE_OBJECT FileObject,
2109 /*IN*/ PCC_FILE_SIZES FileSizes
2110);
2111
2112typedef VOID (NTAPI *PFLUSH_TO_LSN) (
2113 /*IN*/ PVOID LogHandle,
2114 /*IN*/ PLARGE_INTEGER Lsn
2115);
2116
2117NTKERNELAPI
2118VOID
2119NTAPI
2120CcSetLogHandleForFile (
2121 /*IN*/ PFILE_OBJECT FileObject,
2122 /*IN*/ PVOID LogHandle,
2123 /*IN*/ PFLUSH_TO_LSN FlushToLsnRoutine
2124);
2125
2126NTKERNELAPI
2127VOID
2128NTAPI
2129CcSetReadAheadGranularity (
2130 /*IN*/ PFILE_OBJECT FileObject,
2131 /*IN*/ ULONG Granularity /* default: PAGE_SIZE */
2132 /* allowed: 2^n * PAGE_SIZE */
2133);
2134
2135NTKERNELAPI
2136BOOLEAN
2137NTAPI
2138CcUninitializeCacheMap (
2139 /*IN*/ PFILE_OBJECT FileObject,
2140 /*IN*/ PLARGE_INTEGER TruncateSize /*OPTIONAL*/,
2141 /*IN*/ PCACHE_UNINITIALIZE_EVENT UninitializeCompleteEvent /*OPTIONAL*/
2142);
2143
2144NTKERNELAPI
2145VOID
2146NTAPI
2147CcUnpinData (
2148 /*IN*/ PVOID Bcb
2149);
2150
2151NTKERNELAPI
2152VOID
2153NTAPI
2154CcUnpinDataForThread (
2155 /*IN*/ PVOID Bcb,
2156 /*IN*/ ERESOURCE_THREAD ResourceThreadId
2157);
2158
2159NTKERNELAPI
2160VOID
2161NTAPI
2162CcUnpinRepinnedBcb (
2163 /*IN*/ PVOID Bcb,
2164 /*IN*/ BOOLEAN WriteThrough,
2165 /*OUT*/ PIO_STATUS_BLOCK IoStatus
2166);
2167
2168#if (VER_PRODUCTBUILD >= 2195)
2169
2170NTKERNELAPI
2171NTSTATUS
2172NTAPI
2173CcWaitForCurrentLazyWriterActivity (
2174 VOID
2175);
2176
2177#endif /* (VER_PRODUCTBUILD >= 2195) */
2178
2179NTKERNELAPI
2180BOOLEAN
2181NTAPI
2182CcZeroData (
2183 /*IN*/ PFILE_OBJECT FileObject,
2184 /*IN*/ PLARGE_INTEGER StartOffset,
2185 /*IN*/ PLARGE_INTEGER EndOffset,
2186 /*IN*/ BOOLEAN Wait
2187);
2188
2189NTKERNELAPI
2190VOID
2191NTAPI
2192ExDisableResourceBoostLite (
2193 /*IN*/ PERESOURCE Resource
2194);
2195
2196NTKERNELAPI
2197ULONG
2198NTAPI
2199ExQueryPoolBlockSize (
2200 /*IN*/ PVOID PoolBlock,
2201 /*OUT*/ PBOOLEAN QuotaCharged
2202);
2203
2204#define FlagOn(x, f) ((x) & (f))
2205
2206NTKERNELAPI
2207VOID
2208NTAPI
2209FsRtlAddToTunnelCache (
2210 /*IN*/ PTUNNEL Cache,
2211 /*IN*/ ULONGLONG DirectoryKey,
2212 /*IN*/ PUNICODE_STRING ShortName,
2213 /*IN*/ PUNICODE_STRING LongName,
2214 /*IN*/ BOOLEAN KeyByShortName,
2215 /*IN*/ ULONG DataLength,
2216 /*IN*/ PVOID Data
2217);
2218
2219#if (VER_PRODUCTBUILD >= 2195)
2220
2221PFILE_LOCK
2222NTAPI
2223FsRtlAllocateFileLock (
2224 /*IN*/ PCOMPLETE_LOCK_IRP_ROUTINE CompleteLockIrpRoutine /*OPTIONAL*/,
2225 /*IN*/ PUNLOCK_ROUTINE UnlockRoutine /*OPTIONAL*/
2226);
2227
2228#endif /* (VER_PRODUCTBUILD >= 2195) */
2229
2230NTKERNELAPI
2231PVOID
2232NTAPI
2233FsRtlAllocatePool (
2234 /*IN*/ POOL_TYPE PoolType,
2235 /*IN*/ ULONG NumberOfBytes
2236);
2237
2238NTKERNELAPI
2239PVOID
2240NTAPI
2241FsRtlAllocatePoolWithQuota (
2242 /*IN*/ POOL_TYPE PoolType,
2243 /*IN*/ ULONG NumberOfBytes
2244);
2245
2246NTKERNELAPI
2247PVOID
2248NTAPI
2249FsRtlAllocatePoolWithQuotaTag (
2250 /*IN*/ POOL_TYPE PoolType,
2251 /*IN*/ ULONG NumberOfBytes,
2252 /*IN*/ ULONG Tag
2253);
2254
2255NTKERNELAPI
2256PVOID
2257NTAPI
2258FsRtlAllocatePoolWithTag (
2259 /*IN*/ POOL_TYPE PoolType,
2260 /*IN*/ ULONG NumberOfBytes,
2261 /*IN*/ ULONG Tag
2262);
2263
2264NTKERNELAPI
2265BOOLEAN
2266NTAPI
2267FsRtlAreNamesEqual (
2268 /*IN*/ PUNICODE_STRING Name1,
2269 /*IN*/ PUNICODE_STRING Name2,
2270 /*IN*/ BOOLEAN IgnoreCase,
2271 /*IN*/ PWCHAR UpcaseTable /*OPTIONAL*/
2272);
2273
2274#define FsRtlAreThereCurrentFileLocks(FL) ( \
2275 ((FL)->FastIoIsQuestionable) \
2276)
2277
2278/*
2279 FsRtlCheckLockForReadAccess:
2280
2281 All this really does is pick out the lock parameters from the irp (io stack
2282 location?), get IoGetRequestorProcess, and pass values on to
2283 FsRtlFastCheckLockForRead.
2284*/
2285NTKERNELAPI
2286BOOLEAN
2287NTAPI
2288FsRtlCheckLockForReadAccess (
2289 /*IN*/ PFILE_LOCK FileLock,
2290 /*IN*/ PIRP Irp
2291);
2292
2293/*
2294 FsRtlCheckLockForWriteAccess:
2295
2296 All this really does is pick out the lock parameters from the irp (io stack
2297 location?), get IoGetRequestorProcess, and pass values on to
2298 FsRtlFastCheckLockForWrite.
2299*/
2300NTKERNELAPI
2301BOOLEAN
2302NTAPI
2303FsRtlCheckLockForWriteAccess (
2304 /*IN*/ PFILE_LOCK FileLock,
2305 /*IN*/ PIRP Irp
2306);
2307
2308typedef
2309VOID NTAPI
2310(*POPLOCK_WAIT_COMPLETE_ROUTINE) (
2311 /*IN*/ PVOID Context,
2312 /*IN*/ PIRP Irp
2313);
2314
2315typedef
2316VOID NTAPI
2317(*POPLOCK_FS_PREPOST_IRP) (
2318 /*IN*/ PVOID Context,
2319 /*IN*/ PIRP Irp
2320);
2321
2322NTKERNELAPI
2323NTSTATUS
2324NTAPI
2325FsRtlCheckOplock (
2326 /*IN*/ POPLOCK Oplock,
2327 /*IN*/ PIRP Irp,
2328 /*IN*/ PVOID Context,
2329 /*IN*/ POPLOCK_WAIT_COMPLETE_ROUTINE CompletionRoutine /*OPTIONAL*/,
2330 /*IN*/ POPLOCK_FS_PREPOST_IRP PostIrpRoutine /*OPTIONAL*/
2331);
2332
2333NTKERNELAPI
2334BOOLEAN
2335NTAPI
2336FsRtlCopyRead (
2337 /*IN*/ PFILE_OBJECT FileObject,
2338 /*IN*/ PLARGE_INTEGER FileOffset,
2339 /*IN*/ ULONG Length,
2340 /*IN*/ BOOLEAN Wait,
2341 /*IN*/ ULONG LockKey,
2342 /*OUT*/ PVOID Buffer,
2343 /*OUT*/ PIO_STATUS_BLOCK IoStatus,
2344 /*IN*/ PDEVICE_OBJECT DeviceObject
2345);
2346
2347NTKERNELAPI
2348BOOLEAN
2349NTAPI
2350FsRtlCopyWrite (
2351 /*IN*/ PFILE_OBJECT FileObject,
2352 /*IN*/ PLARGE_INTEGER FileOffset,
2353 /*IN*/ ULONG Length,
2354 /*IN*/ BOOLEAN Wait,
2355 /*IN*/ ULONG LockKey,
2356 /*IN*/ PVOID Buffer,
2357 /*OUT*/ PIO_STATUS_BLOCK IoStatus,
2358 /*IN*/ PDEVICE_OBJECT DeviceObject
2359);
2360
2361NTKERNELAPI
2362BOOLEAN
2363NTAPI
2364FsRtlCurrentBatchOplock (
2365 /*IN*/ POPLOCK Oplock
2366);
2367
2368NTKERNELAPI
2369VOID
2370NTAPI
2371FsRtlDeleteKeyFromTunnelCache (
2372 /*IN*/ PTUNNEL Cache,
2373 /*IN*/ ULONGLONG DirectoryKey
2374);
2375
2376NTKERNELAPI
2377VOID
2378NTAPI
2379FsRtlDeleteTunnelCache (
2380 /*IN*/ PTUNNEL Cache
2381);
2382
2383NTKERNELAPI
2384VOID
2385NTAPI
2386FsRtlDeregisterUncProvider (
2387 /*IN*/ HANDLE Handle
2388);
2389
2390NTKERNELAPI
2391BOOLEAN
2392NTAPI
2393FsRtlDoesNameContainWildCards (
2394 /*IN*/ PUNICODE_STRING Name
2395);
2396
2397#define FsRtlEnterFileSystem KeEnterCriticalRegion
2398
2399#define FsRtlExitFileSystem KeLeaveCriticalRegion
2400
2401NTKERNELAPI
2402BOOLEAN
2403NTAPI
2404FsRtlFastCheckLockForRead (
2405 /*IN*/ PFILE_LOCK FileLock,
2406 /*IN*/ PLARGE_INTEGER FileOffset,
2407 /*IN*/ PLARGE_INTEGER Length,
2408 /*IN*/ ULONG Key,
2409 /*IN*/ PFILE_OBJECT FileObject,
2410 /*IN*/ PEPROCESS Process
2411);
2412
2413NTKERNELAPI
2414BOOLEAN
2415NTAPI
2416FsRtlFastCheckLockForWrite (
2417 /*IN*/ PFILE_LOCK FileLock,
2418 /*IN*/ PLARGE_INTEGER FileOffset,
2419 /*IN*/ PLARGE_INTEGER Length,
2420 /*IN*/ ULONG Key,
2421 /*IN*/ PFILE_OBJECT FileObject,
2422 /*IN*/ PEPROCESS Process
2423);
2424
2425#define FsRtlFastLock(A1, A2, A3, A4, A5, A6, A7, A8, A9, A10, A11) ( \
2426 FsRtlPrivateLock(A1, A2, A3, A4, A5, A6, A7, A8, A9, NULL, A10, A11) \
2427)
2428
2429NTKERNELAPI
2430NTSTATUS
2431NTAPI
2432FsRtlFastUnlockAll (
2433 /*IN*/ PFILE_LOCK FileLock,
2434 /*IN*/ PFILE_OBJECT FileObject,
2435 /*IN*/ PEPROCESS Process,
2436 /*IN*/ PVOID Context /*OPTIONAL*/
2437);
2438/* ret: STATUS_RANGE_NOT_LOCKED */
2439
2440NTKERNELAPI
2441NTSTATUS
2442NTAPI
2443FsRtlFastUnlockAllByKey (
2444 /*IN*/ PFILE_LOCK FileLock,
2445 /*IN*/ PFILE_OBJECT FileObject,
2446 /*IN*/ PEPROCESS Process,
2447 /*IN*/ ULONG Key,
2448 /*IN*/ PVOID Context /*OPTIONAL*/
2449);
2450/* ret: STATUS_RANGE_NOT_LOCKED */
2451
2452NTKERNELAPI
2453NTSTATUS
2454NTAPI
2455FsRtlFastUnlockSingle (
2456 /*IN*/ PFILE_LOCK FileLock,
2457 /*IN*/ PFILE_OBJECT FileObject,
2458 /*IN*/ PLARGE_INTEGER FileOffset,
2459 /*IN*/ PLARGE_INTEGER Length,
2460 /*IN*/ PEPROCESS Process,
2461 /*IN*/ ULONG Key,
2462 /*IN*/ PVOID Context /*OPTIONAL*/,
2463 /*IN*/ BOOLEAN AlreadySynchronized
2464);
2465/* ret: STATUS_RANGE_NOT_LOCKED */
2466
2467NTKERNELAPI
2468BOOLEAN
2469NTAPI
2470FsRtlFindInTunnelCache (
2471 /*IN*/ PTUNNEL Cache,
2472 /*IN*/ ULONGLONG DirectoryKey,
2473 /*IN*/ PUNICODE_STRING Name,
2474 /*OUT*/ PUNICODE_STRING ShortName,
2475 /*OUT*/ PUNICODE_STRING LongName,
2476 /*IN OUT*/ PULONG DataLength,
2477 /*OUT*/ PVOID Data
2478);
2479
2480#if (VER_PRODUCTBUILD >= 2195)
2481
2482NTKERNELAPI
2483VOID
2484NTAPI
2485FsRtlFreeFileLock (
2486 /*IN*/ PFILE_LOCK FileLock
2487);
2488
2489#endif /* (VER_PRODUCTBUILD >= 2195) */
2490
2491NTKERNELAPI
2492NTSTATUS
2493NTAPI
2494FsRtlGetFileSize (
2495 /*IN*/ PFILE_OBJECT FileObject,
2496 /*IN OUT*/ PLARGE_INTEGER FileSize
2497);
2498
2499/*
2500 FsRtlGetNextFileLock:
2501
2502 ret: NULL if no more locks
2503
2504 Internals:
2505 FsRtlGetNextFileLock uses FileLock->LastReturnedLockInfo and
2506 FileLock->LastReturnedLock as storage.
2507 LastReturnedLock is a pointer to the 'raw' lock inkl. double linked
2508 list, and FsRtlGetNextFileLock needs this to get next lock on subsequent
2509 calls with Restart = FALSE.
2510*/
2511NTKERNELAPI
2512PFILE_LOCK_INFO
2513NTAPI
2514FsRtlGetNextFileLock (
2515 /*IN*/ PFILE_LOCK FileLock,
2516 /*IN*/ BOOLEAN Restart
2517);
2518
2519NTKERNELAPI
2520VOID
2521NTAPI
2522FsRtlInitializeFileLock (
2523 /*IN*/ PFILE_LOCK FileLock,
2524 /*IN*/ PCOMPLETE_LOCK_IRP_ROUTINE CompleteLockIrpRoutine /*OPTIONAL*/,
2525 /*IN*/ PUNLOCK_ROUTINE UnlockRoutine /*OPTIONAL*/
2526);
2527
2528NTKERNELAPI
2529VOID
2530NTAPI
2531FsRtlInitializeOplock (
2532 /*IN OUT*/ POPLOCK Oplock
2533);
2534
2535NTKERNELAPI
2536VOID
2537NTAPI
2538FsRtlInitializeTunnelCache (
2539 /*IN*/ PTUNNEL Cache
2540);
2541
2542NTKERNELAPI
2543BOOLEAN
2544NTAPI
2545FsRtlIsNameInExpression (
2546 /*IN*/ PUNICODE_STRING Expression,
2547 /*IN*/ PUNICODE_STRING Name,
2548 /*IN*/ BOOLEAN IgnoreCase,
2549 /*IN*/ PWCHAR UpcaseTable /*OPTIONAL*/
2550);
2551
2552NTKERNELAPI
2553BOOLEAN
2554NTAPI
2555FsRtlIsNtstatusExpected (
2556 /*IN*/ NTSTATUS Ntstatus
2557);
2558
2559#define FsRtlIsUnicodeCharacterWild(C) ( \
2560 (((C) >= 0x40) ? \
2561 FALSE : \
2562 FlagOn((*FsRtlLegalAnsiCharacterArray)[(C)], FSRTL_WILD_CHARACTER )) \
2563)
2564
2565NTKERNELAPI
2566BOOLEAN
2567NTAPI
2568FsRtlMdlReadComplete (
2569 /*IN*/ PFILE_OBJECT FileObject,
2570 /*IN*/ PMDL MdlChain
2571);
2572
2573NTKERNELAPI
2574BOOLEAN
2575NTAPI
2576FsRtlMdlReadCompleteDev (
2577 /*IN*/ PFILE_OBJECT FileObject,
2578 /*IN*/ PMDL MdlChain,
2579 /*IN*/ PDEVICE_OBJECT DeviceObject
2580);
2581
2582NTKERNELAPI
2583BOOLEAN
2584NTAPI
2585FsRtlMdlWriteComplete (
2586 /*IN*/ PFILE_OBJECT FileObject,
2587 /*IN*/ PLARGE_INTEGER FileOffset,
2588 /*IN*/ PMDL MdlChain
2589);
2590
2591NTKERNELAPI
2592BOOLEAN
2593NTAPI
2594FsRtlMdlWriteCompleteDev (
2595 /*IN*/ PFILE_OBJECT FileObject,
2596 /*IN*/ PLARGE_INTEGER FileOffset,
2597 /*IN*/ PMDL MdlChain,
2598 /*IN*/ PDEVICE_OBJECT DeviceObject
2599);
2600
2601NTKERNELAPI
2602NTSTATUS
2603NTAPI
2604FsRtlNormalizeNtstatus (
2605 /*IN*/ NTSTATUS Exception,
2606 /*IN*/ NTSTATUS GenericException
2607);
2608
2609NTKERNELAPI
2610VOID
2611NTAPI
2612FsRtlNotifyChangeDirectory (
2613 /*IN*/ PNOTIFY_SYNC NotifySync,
2614 /*IN*/ PVOID FsContext,
2615 /*IN*/ PSTRING FullDirectoryName,
2616 /*IN*/ PLIST_ENTRY NotifyList,
2617 /*IN*/ BOOLEAN WatchTree,
2618 /*IN*/ ULONG CompletionFilter,
2619 /*IN*/ PIRP NotifyIrp
2620);
2621
2622NTKERNELAPI
2623VOID
2624NTAPI
2625FsRtlNotifyCleanup (
2626 /*IN*/ PNOTIFY_SYNC NotifySync,
2627 /*IN*/ PLIST_ENTRY NotifyList,
2628 /*IN*/ PVOID FsContext
2629);
2630
2631typedef BOOLEAN (*PCHECK_FOR_TRAVERSE_ACCESS) (
2632 /*IN*/ PVOID NotifyContext,
2633 /*IN*/ PVOID TargetContext,
2634 /*IN*/ PSECURITY_SUBJECT_CONTEXT SubjectContext
2635);
2636
2637NTKERNELAPI
2638VOID
2639NTAPI
2640FsRtlNotifyFullChangeDirectory (
2641 /*IN*/ PNOTIFY_SYNC NotifySync,
2642 /*IN*/ PLIST_ENTRY NotifyList,
2643 /*IN*/ PVOID FsContext,
2644 /*IN*/ PSTRING FullDirectoryName,
2645 /*IN*/ BOOLEAN WatchTree,
2646 /*IN*/ BOOLEAN IgnoreBuffer,
2647 /*IN*/ ULONG CompletionFilter,
2648 /*IN*/ PIRP NotifyIrp,
2649 /*IN*/ PCHECK_FOR_TRAVERSE_ACCESS TraverseCallback /*OPTIONAL*/,
2650 /*IN*/ PSECURITY_SUBJECT_CONTEXT SubjectContext /*OPTIONAL*/
2651);
2652
2653NTKERNELAPI
2654VOID
2655NTAPI
2656FsRtlNotifyFullReportChange (
2657 /*IN*/ PNOTIFY_SYNC NotifySync,
2658 /*IN*/ PLIST_ENTRY NotifyList,
2659 /*IN*/ PSTRING FullTargetName,
2660 /*IN*/ USHORT TargetNameOffset,
2661 /*IN*/ PSTRING StreamName /*OPTIONAL*/,
2662 /*IN*/ PSTRING NormalizedParentName /*OPTIONAL*/,
2663 /*IN*/ ULONG FilterMatch,
2664 /*IN*/ ULONG Action,
2665 /*IN*/ PVOID TargetContext
2666);
2667
2668NTKERNELAPI
2669VOID
2670NTAPI
2671FsRtlNotifyInitializeSync (
2672 /*IN*/ PNOTIFY_SYNC NotifySync
2673);
2674
2675NTKERNELAPI
2676VOID
2677NTAPI
2678FsRtlNotifyReportChange (
2679 /*IN*/ PNOTIFY_SYNC NotifySync,
2680 /*IN*/ PLIST_ENTRY NotifyList,
2681 /*IN*/ PSTRING FullTargetName,
2682 /*IN*/ PUSHORT FileNamePartLength,
2683 /*IN*/ ULONG FilterMatch
2684);
2685
2686NTKERNELAPI
2687VOID
2688NTAPI
2689FsRtlNotifyUninitializeSync (
2690 /*IN*/ PNOTIFY_SYNC NotifySync
2691);
2692
2693#if (VER_PRODUCTBUILD >= 2195)
2694
2695NTKERNELAPI
2696NTSTATUS
2697NTAPI
2698FsRtlNotifyVolumeEvent (
2699 /*IN*/ PFILE_OBJECT FileObject,
2700 /*IN*/ ULONG EventCode
2701);
2702
2703#endif /* (VER_PRODUCTBUILD >= 2195) */
2704
2705NTKERNELAPI
2706NTSTATUS
2707NTAPI
2708FsRtlOplockFsctrl (
2709 /*IN*/ POPLOCK Oplock,
2710 /*IN*/ PIRP Irp,
2711 /*IN*/ ULONG OpenCount
2712);
2713
2714NTKERNELAPI
2715BOOLEAN
2716NTAPI
2717FsRtlOplockIsFastIoPossible (
2718 /*IN*/ POPLOCK Oplock
2719);
2720
2721/*
2722 FsRtlPrivateLock:
2723
2724 ret: IoStatus->Status: STATUS_PENDING, STATUS_LOCK_NOT_GRANTED
2725
2726 Internals:
2727 -Calls IoCompleteRequest if Irp
2728 -Uses exception handling / ExRaiseStatus with STATUS_INSUFFICIENT_RESOURCES
2729*/
2730NTKERNELAPI
2731BOOLEAN
2732NTAPI
2733FsRtlPrivateLock (
2734 /*IN*/ PFILE_LOCK FileLock,
2735 /*IN*/ PFILE_OBJECT FileObject,
2736 /*IN*/ PLARGE_INTEGER FileOffset,
2737 /*IN*/ PLARGE_INTEGER Length,
2738 /*IN*/ PEPROCESS Process,
2739 /*IN*/ ULONG Key,
2740 /*IN*/ BOOLEAN FailImmediately,
2741 /*IN*/ BOOLEAN ExclusiveLock,
2742 /*OUT*/ PIO_STATUS_BLOCK IoStatus,
2743 /*IN*/ PIRP Irp /*OPTIONAL*/,
2744 /*IN*/ PVOID Context,
2745 /*IN*/ BOOLEAN AlreadySynchronized
2746);
2747
2748/*
2749 FsRtlProcessFileLock:
2750
2751 ret:
2752 -STATUS_INVALID_DEVICE_REQUEST
2753 -STATUS_RANGE_NOT_LOCKED from unlock routines.
2754 -STATUS_PENDING, STATUS_LOCK_NOT_GRANTED from FsRtlPrivateLock
2755 (redirected IoStatus->Status).
2756
2757 Internals:
2758 -switch ( Irp->CurrentStackLocation->MinorFunction )
2759 lock: return FsRtlPrivateLock;
2760 unlocksingle: return FsRtlFastUnlockSingle;
2761 unlockall: return FsRtlFastUnlockAll;
2762 unlockallbykey: return FsRtlFastUnlockAllByKey;
2763 default: IofCompleteRequest with STATUS_INVALID_DEVICE_REQUEST;
2764 return STATUS_INVALID_DEVICE_REQUEST;
2765
2766 -'AllwaysZero' is passed thru as 'AllwaysZero' to lock / unlock routines.
2767 -'Irp' is passet thru as 'Irp' to FsRtlPrivateLock.
2768*/
2769NTKERNELAPI
2770NTSTATUS
2771NTAPI
2772FsRtlProcessFileLock (
2773 /*IN*/ PFILE_LOCK FileLock,
2774 /*IN*/ PIRP Irp,
2775 /*IN*/ PVOID Context /*OPTIONAL*/
2776);
2777
2778NTKERNELAPI
2779NTSTATUS
2780NTAPI
2781FsRtlRegisterUncProvider (
2782 /*IN OUT*/ PHANDLE MupHandle,
2783 /*IN*/ PUNICODE_STRING RedirectorDeviceName,
2784 /*IN*/ BOOLEAN MailslotsSupported
2785);
2786
2787NTKERNELAPI
2788VOID
2789NTAPI
2790FsRtlUninitializeFileLock (
2791 /*IN*/ PFILE_LOCK FileLock
2792);
2793
2794NTKERNELAPI
2795VOID
2796NTAPI
2797FsRtlUninitializeOplock (
2798 /*IN OUT*/ POPLOCK Oplock
2799);
2800
2801NTSYSAPI
2802VOID
2803NTAPI
2804HalDisplayString (
2805 /*IN*/ PCHAR String
2806);
2807
2808NTSYSAPI
2809VOID
2810NTAPI
2811HalQueryRealTimeClock (
2812 /*IN OUT*/ PTIME_FIELDS TimeFields
2813);
2814
2815NTSYSAPI
2816VOID
2817NTAPI
2818HalSetRealTimeClock (
2819 /*IN*/ PTIME_FIELDS TimeFields
2820);
2821
2822#define InitializeMessageHeader(m, l, t) { \
2823 (m)->Length = (USHORT)(l); \
2824 (m)->DataLength = (USHORT)(l - sizeof( LPC_MESSAGE )); \
2825 (m)->MessageType = (USHORT)(t); \
2826 (m)->DataInfoOffset = 0; \
2827}
2828
2829NTKERNELAPI
2830VOID
2831NTAPI
2832IoAcquireVpbSpinLock (
2833 /*OUT*/ PKIRQL Irql
2834);
2835
2836NTKERNELAPI
2837NTSTATUS
2838NTAPI
2839IoCheckDesiredAccess (
2840 /*IN OUT*/ PACCESS_MASK DesiredAccess,
2841 /*IN*/ ACCESS_MASK GrantedAccess
2842);
2843
2844NTKERNELAPI
2845NTSTATUS
2846NTAPI
2847IoCheckEaBufferValidity (
2848 /*IN*/ PFILE_FULL_EA_INFORMATION EaBuffer,
2849 /*IN*/ ULONG EaLength,
2850 /*OUT*/ PULONG ErrorOffset
2851);
2852
2853NTKERNELAPI
2854NTSTATUS
2855NTAPI
2856IoCheckFunctionAccess (
2857 /*IN*/ ACCESS_MASK GrantedAccess,
2858 /*IN*/ UCHAR MajorFunction,
2859 /*IN*/ UCHAR MinorFunction,
2860 /*IN*/ ULONG IoControlCode,
2861 /*IN*/ PFILE_INFORMATION_CLASS FileInformationClass /*OPTIONAL*/,
2862 /*IN*/ PFS_INFORMATION_CLASS FsInformationClass /*OPTIONAL*/
2863);
2864
2865#if (VER_PRODUCTBUILD >= 2195)
2866
2867NTKERNELAPI
2868NTSTATUS
2869NTAPI
2870IoCheckQuotaBufferValidity (
2871 /*IN*/ PFILE_QUOTA_INFORMATION QuotaBuffer,
2872 /*IN*/ ULONG QuotaLength,
2873 /*OUT*/ PULONG ErrorOffset
2874);
2875
2876#endif /* (VER_PRODUCTBUILD >= 2195) */
2877
2878NTKERNELAPI
2879PFILE_OBJECT
2880NTAPI
2881IoCreateStreamFileObject (
2882 /*IN*/ PFILE_OBJECT FileObject /*OPTIONAL*/,
2883 /*IN*/ PDEVICE_OBJECT DeviceObject /*OPTIONAL*/
2884);
2885
2886#if (VER_PRODUCTBUILD >= 2195)
2887
2888NTKERNELAPI
2889PFILE_OBJECT
2890NTAPI
2891IoCreateStreamFileObjectLite (
2892 /*IN*/ PFILE_OBJECT FileObject /*OPTIONAL*/,
2893 /*IN*/ PDEVICE_OBJECT DeviceObject /*OPTIONAL*/
2894);
2895
2896#endif /* (VER_PRODUCTBUILD >= 2195) */
2897
2898NTKERNELAPI
2899BOOLEAN
2900NTAPI
2901IoFastQueryNetworkAttributes (
2902 /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes,
2903 /*IN*/ ACCESS_MASK DesiredAccess,
2904 /*IN*/ ULONG OpenOptions,
2905 /*OUT*/ PIO_STATUS_BLOCK IoStatus,
2906 /*OUT*/ PFILE_NETWORK_OPEN_INFORMATION Buffer
2907);
2908
2909NTKERNELAPI
2910PDEVICE_OBJECT
2911NTAPI
2912IoGetAttachedDevice (
2913 /*IN*/ PDEVICE_OBJECT DeviceObject
2914);
2915
2916NTKERNELAPI
2917PDEVICE_OBJECT
2918NTAPI
2919IoGetBaseFileSystemDeviceObject (
2920 /*IN*/ PFILE_OBJECT FileObject
2921);
2922
2923NTKERNELAPI
2924PEPROCESS
2925NTAPI
2926IoGetRequestorProcess (
2927 /*IN*/ PIRP Irp
2928);
2929
2930#if (VER_PRODUCTBUILD >= 2195)
2931
2932NTKERNELAPI
2933ULONG
2934NTAPI
2935IoGetRequestorProcessId (
2936 /*IN*/ PIRP Irp
2937);
2938
2939#endif /* (VER_PRODUCTBUILD >= 2195) */
2940
2941NTKERNELAPI
2942PIRP
2943NTAPI
2944IoGetTopLevelIrp (
2945 VOID
2946);
2947
2948#define IoIsFileOpenedExclusively(FileObject) ( \
2949 (BOOLEAN) !( \
2950 (FileObject)->SharedRead || \
2951 (FileObject)->SharedWrite || \
2952 (FileObject)->SharedDelete \
2953 ) \
2954)
2955
2956NTKERNELAPI
2957BOOLEAN
2958NTAPI
2959IoIsOperationSynchronous (
2960 /*IN*/ PIRP Irp
2961);
2962
2963NTKERNELAPI
2964BOOLEAN
2965NTAPI
2966IoIsSystemThread (
2967 /*IN*/ PETHREAD Thread
2968);
2969
2970#if (VER_PRODUCTBUILD >= 2195)
2971
2972NTKERNELAPI
2973BOOLEAN
2974NTAPI
2975IoIsValidNameGraftingBuffer (
2976 /*IN*/ PIRP Irp,
2977 /*IN*/ PREPARSE_DATA_BUFFER ReparseBuffer
2978);
2979
2980#endif /* (VER_PRODUCTBUILD >= 2195) */
2981
2982NTKERNELAPI
2983NTSTATUS
2984NTAPI
2985IoPageRead (
2986 /*IN*/ PFILE_OBJECT FileObject,
2987 /*IN*/ PMDL Mdl,
2988 /*IN*/ PLARGE_INTEGER Offset,
2989 /*IN*/ PKEVENT Event,
2990 /*OUT*/ PIO_STATUS_BLOCK IoStatusBlock
2991);
2992
2993NTKERNELAPI
2994NTSTATUS
2995NTAPI
2996IoQueryFileInformation (
2997 /*IN*/ PFILE_OBJECT FileObject,
2998 /*IN*/ FILE_INFORMATION_CLASS FileInformationClass,
2999 /*IN*/ ULONG Length,
3000 /*OUT*/ PVOID FileInformation,
3001 /*OUT*/ PULONG ReturnedLength
3002);
3003
3004NTKERNELAPI
3005NTSTATUS
3006NTAPI
3007IoQueryVolumeInformation (
3008 /*IN*/ PFILE_OBJECT FileObject,
3009 /*IN*/ FS_INFORMATION_CLASS FsInformationClass,
3010 /*IN*/ ULONG Length,
3011 /*OUT*/ PVOID FsInformation,
3012 /*OUT*/ PULONG ReturnedLength
3013);
3014
3015NTKERNELAPI
3016VOID
3017NTAPI
3018IoRegisterFileSystem (
3019 /*IN OUT*/ PDEVICE_OBJECT DeviceObject
3020);
3021
3022#if (VER_PRODUCTBUILD >= 1381)
3023
3024typedef VOID (NTAPI *PDRIVER_FS_NOTIFICATION) (
3025 /*IN*/ PDEVICE_OBJECT DeviceObject,
3026 /*IN*/ BOOLEAN DriverActive
3027);
3028
3029NTKERNELAPI
3030NTSTATUS
3031NTAPI
3032IoRegisterFsRegistrationChange (
3033 /*IN*/ PDRIVER_OBJECT DriverObject,
3034 /*IN*/ PDRIVER_FS_NOTIFICATION DriverNotificationRoutine
3035);
3036
3037#endif /* (VER_PRODUCTBUILD >= 1381) */
3038
3039NTKERNELAPI
3040VOID
3041NTAPI
3042IoReleaseVpbSpinLock (
3043 /*IN*/ KIRQL Irql
3044);
3045
3046NTKERNELAPI
3047VOID
3048NTAPI
3049IoSetDeviceToVerify (
3050 /*IN*/ PETHREAD Thread,
3051 /*IN*/ PDEVICE_OBJECT DeviceObject
3052);
3053
3054NTKERNELAPI
3055NTSTATUS
3056NTAPI
3057IoSetInformation (
3058 /*IN*/ PFILE_OBJECT FileObject,
3059 /*IN*/ FILE_INFORMATION_CLASS FileInformationClass,
3060 /*IN*/ ULONG Length,
3061 /*IN*/ PVOID FileInformation
3062);
3063
3064NTKERNELAPI
3065VOID
3066NTAPI
3067IoSetTopLevelIrp (
3068 /*IN*/ PIRP Irp
3069);
3070
3071NTKERNELAPI
3072NTSTATUS
3073NTAPI
3074IoSynchronousPageWrite (
3075 /*IN*/ PFILE_OBJECT FileObject,
3076 /*IN*/ PMDL Mdl,
3077 /*IN*/ PLARGE_INTEGER FileOffset,
3078 /*IN*/ PKEVENT Event,
3079 /*OUT*/ PIO_STATUS_BLOCK IoStatusBlock
3080);
3081
3082NTKERNELAPI
3083PEPROCESS
3084NTAPI
3085IoThreadToProcess (
3086 /*IN*/ PETHREAD Thread
3087);
3088
3089NTKERNELAPI
3090VOID
3091NTAPI
3092IoUnregisterFileSystem (
3093 /*IN OUT*/ PDEVICE_OBJECT DeviceObject
3094);
3095
3096#if (VER_PRODUCTBUILD >= 1381)
3097
3098NTKERNELAPI
3099NTSTATUS
3100NTAPI
3101IoUnregisterFsRegistrationChange (
3102 /*IN*/ PDRIVER_OBJECT DriverObject,
3103 /*IN*/ PDRIVER_FS_NOTIFICATION DriverNotificationRoutine
3104);
3105
3106#endif /* (VER_PRODUCTBUILD >= 1381) */
3107
3108NTKERNELAPI
3109NTSTATUS
3110NTAPI
3111IoVerifyVolume (
3112 /*IN*/ PDEVICE_OBJECT DeviceObject,
3113 /*IN*/ BOOLEAN AllowRawMount
3114);
3115
3116NTKERNELAPI
3117VOID
3118NTAPI
3119KeAttachProcess (
3120 /*IN*/ PEPROCESS Process
3121);
3122
3123NTKERNELAPI
3124VOID
3125NTAPI
3126KeDetachProcess (
3127 VOID
3128);
3129
3130NTKERNELAPI
3131VOID
3132NTAPI
3133KeInitializeQueue (
3134 /*IN*/ PRKQUEUE Queue,
3135 /*IN*/ ULONG Count /*OPTIONAL*/
3136);
3137
3138NTKERNELAPI
3139LONG
3140NTAPI
3141KeInsertHeadQueue (
3142 /*IN*/ PRKQUEUE Queue,
3143 /*IN*/ PLIST_ENTRY Entry
3144);
3145
3146NTKERNELAPI
3147LONG
3148NTAPI
3149KeInsertQueue (
3150 /*IN*/ PRKQUEUE Queue,
3151 /*IN*/ PLIST_ENTRY Entry
3152);
3153
3154NTKERNELAPI
3155BOOLEAN
3156NTAPI
3157KeInsertQueueApc (
3158 /*IN*/ PKAPC Apc,
3159 /*IN*/ PVOID SystemArgument1,
3160 /*IN*/ PVOID SystemArgument2,
3161 /*IN*/ KPRIORITY PriorityBoost
3162);
3163
3164NTKERNELAPI
3165LONG
3166NTAPI
3167KeReadStateQueue (
3168 /*IN*/ PRKQUEUE Queue
3169);
3170
3171NTKERNELAPI
3172PLIST_ENTRY
3173NTAPI
3174KeRemoveQueue (
3175 /*IN*/ PRKQUEUE Queue,
3176 /*IN*/ KPROCESSOR_MODE WaitMode,
3177 /*IN*/ PLARGE_INTEGER Timeout /*OPTIONAL*/
3178);
3179
3180NTKERNELAPI
3181PLIST_ENTRY
3182NTAPI
3183KeRundownQueue (
3184 /*IN*/ PRKQUEUE Queue
3185);
3186
3187#if (VER_PRODUCTBUILD >= 2195)
3188
3189NTKERNELAPI
3190VOID
3191NTAPI
3192KeStackAttachProcess (
3193 /*IN*/ PKPROCESS Process,
3194 /*OUT*/ PKAPC_STATE ApcState
3195);
3196
3197NTKERNELAPI
3198VOID
3199NTAPI
3200KeUnstackDetachProcess (
3201 /*IN*/ PKAPC_STATE ApcState
3202);
3203
3204#endif /* (VER_PRODUCTBUILD >= 2195) */
3205
3206NTKERNELAPI
3207BOOLEAN
3208NTAPI
3209MmCanFileBeTruncated (
3210 /*IN*/ PSECTION_OBJECT_POINTERS SectionObjectPointer,
3211 /*IN*/ PLARGE_INTEGER NewFileSize
3212);
3213
3214NTKERNELAPI
3215BOOLEAN
3216NTAPI
3217MmFlushImageSection (
3218 /*IN*/ PSECTION_OBJECT_POINTERS SectionObjectPointer,
3219 /*IN*/ MMFLUSH_TYPE FlushType
3220);
3221
3222NTKERNELAPI
3223BOOLEAN
3224NTAPI
3225MmForceSectionClosed (
3226 /*IN*/ PSECTION_OBJECT_POINTERS SectionObjectPointer,
3227 /*IN*/ BOOLEAN DelayClose
3228);
3229
3230#if (VER_PRODUCTBUILD >= 1381)
3231
3232NTKERNELAPI
3233BOOLEAN
3234NTAPI
3235MmIsRecursiveIoFault (
3236 VOID
3237);
3238
3239#else
3240
3241#define MmIsRecursiveIoFault() ( \
3242 (PsGetCurrentThread()->DisablePageFaultClustering) | \
3243 (PsGetCurrentThread()->ForwardClusterOnly) \
3244)
3245
3246#endif
3247
3248NTKERNELAPI
3249NTSTATUS
3250NTAPI
3251MmMapViewOfSection (
3252 /*IN*/ PVOID SectionObject,
3253 /*IN*/ PEPROCESS Process,
3254 /*IN OUT*/ PVOID *BaseAddress,
3255 /*IN*/ ULONG ZeroBits,
3256 /*IN*/ ULONG CommitSize,
3257 /*IN OUT*/ PLARGE_INTEGER SectionOffset /*OPTIONAL*/,
3258 /*IN OUT*/ PULONG ViewSize,
3259 /*IN*/ SECTION_INHERIT InheritDisposition,
3260 /*IN*/ ULONG AllocationType,
3261 /*IN*/ ULONG Protect
3262);
3263
3264NTKERNELAPI
3265BOOLEAN
3266NTAPI
3267MmSetAddressRangeModified (
3268 /*IN*/ PVOID Address,
3269 /*IN*/ ULONG Length
3270);
3271
3272NTKERNELAPI
3273NTSTATUS
3274NTAPI
3275ObCreateObject (
3276 /*IN*/ KPROCESSOR_MODE ObjectAttributesAccessMode /*OPTIONAL*/,
3277 /*IN*/ POBJECT_TYPE ObjectType,
3278 /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes /*OPTIONAL*/,
3279 /*IN*/ KPROCESSOR_MODE AccessMode,
3280 /*IN OUT*/ PVOID ParseContext /*OPTIONAL*/,
3281 /*IN*/ ULONG ObjectSize,
3282 /*IN*/ ULONG PagedPoolCharge /*OPTIONAL*/,
3283 /*IN*/ ULONG NonPagedPoolCharge /*OPTIONAL*/,
3284 /*OUT*/ PVOID *Object
3285);
3286
3287NTKERNELAPI
3288ULONG
3289NTAPI
3290ObGetObjectPointerCount (
3291 /*IN*/ PVOID Object
3292);
3293
3294NTKERNELAPI
3295NTSTATUS
3296NTAPI
3297ObInsertObject (
3298 /*IN*/ PVOID Object,
3299 /*IN*/ PACCESS_STATE PassedAccessState /*OPTIONAL*/,
3300 /*IN*/ ACCESS_MASK DesiredAccess,
3301 /*IN*/ ULONG AdditionalReferences,
3302 /*OUT*/ PVOID *ReferencedObject /*OPTIONAL*/,
3303 /*OUT*/ PHANDLE Handle
3304);
3305
3306NTKERNELAPI
3307VOID
3308NTAPI
3309ObMakeTemporaryObject (
3310 /*IN*/ PVOID Object
3311);
3312
3313NTKERNELAPI
3314NTSTATUS
3315NTAPI
3316ObOpenObjectByPointer (
3317 /*IN*/ PVOID Object,
3318 /*IN*/ ULONG HandleAttributes,
3319 /*IN*/ PACCESS_STATE PassedAccessState /*OPTIONAL*/,
3320 /*IN*/ ACCESS_MASK DesiredAccess /*OPTIONAL*/,
3321 /*IN*/ POBJECT_TYPE ObjectType /*OPTIONAL*/,
3322 /*IN*/ KPROCESSOR_MODE AccessMode,
3323 /*OUT*/ PHANDLE Handle
3324);
3325
3326NTKERNELAPI
3327NTSTATUS
3328NTAPI
3329ObQueryNameString (
3330 /*IN*/ PVOID Object,
3331 /*OUT*/ POBJECT_NAME_INFORMATION ObjectNameInfo,
3332 /*IN*/ ULONG Length,
3333 /*OUT*/ PULONG ReturnLength
3334);
3335
3336NTKERNELAPI
3337NTSTATUS
3338NTAPI
3339ObQueryObjectAuditingByHandle (
3340 /*IN*/ HANDLE Handle,
3341 /*OUT*/ PBOOLEAN GenerateOnClose
3342);
3343
3344NTKERNELAPI
3345NTSTATUS
3346NTAPI
3347ObReferenceObjectByName (
3348 /*IN*/ PUNICODE_STRING ObjectName,
3349 /*IN*/ ULONG Attributes,
3350 /*IN*/ PACCESS_STATE PassedAccessState /*OPTIONAL*/,
3351 /*IN*/ ACCESS_MASK DesiredAccess /*OPTIONAL*/,
3352 /*IN*/ POBJECT_TYPE ObjectType,
3353 /*IN*/ KPROCESSOR_MODE AccessMode,
3354 /*IN OUT*/ PVOID ParseContext /*OPTIONAL*/,
3355 /*OUT*/ PVOID *Object
3356);
3357
3358NTKERNELAPI
3359VOID
3360NTAPI
3361PsChargePoolQuota (
3362 /*IN*/ PEPROCESS Process,
3363 /*IN*/ POOL_TYPE PoolType,
3364 /*IN*/ ULONG Amount
3365);
3366
3367#define PsDereferenceImpersonationToken(T) \
3368 {if (ARGUMENT_PRESENT(T)) { \
3369 (ObDereferenceObject((T))); \
3370 } else { \
3371 ; \
3372 } \
3373}
3374
3375#define PsDereferencePrimaryToken(T) (ObDereferenceObject((T)))
3376
3377NTKERNELAPI
3378ULONGLONG
3379NTAPI
3380PsGetProcessExitTime (
3381 VOID
3382);
3383
3384NTKERNELAPI
3385BOOLEAN
3386NTAPI
3387PsIsThreadTerminating (
3388 /*IN*/ PETHREAD Thread
3389);
3390
3391NTKERNELAPI
3392NTSTATUS
3393NTAPI
3394PsLookupProcessByProcessId (
3395 /*IN*/ PVOID ProcessId,
3396 /*OUT*/ PEPROCESS *Process
3397);
3398
3399NTKERNELAPI
3400NTSTATUS
3401NTAPI
3402PsLookupProcessThreadByCid (
3403 /*IN*/ PCLIENT_ID Cid,
3404 /*OUT*/ PEPROCESS *Process /*OPTIONAL*/,
3405 /*OUT*/ PETHREAD *Thread
3406);
3407
3408NTKERNELAPI
3409NTSTATUS
3410NTAPI
3411PsLookupThreadByThreadId (
3412 /*IN*/ PVOID UniqueThreadId,
3413 /*OUT*/ PETHREAD *Thread
3414);
3415
3416NTKERNELAPI
3417PACCESS_TOKEN
3418NTAPI
3419PsReferenceImpersonationToken (
3420 /*IN*/ PETHREAD Thread,
3421 /*OUT*/ PBOOLEAN CopyOnUse,
3422 /*OUT*/ PBOOLEAN EffectiveOnly,
3423 /*OUT*/ PSECURITY_IMPERSONATION_LEVEL Level
3424);
3425
3426NTKERNELAPI
3427HANDLE
3428NTAPI
3429PsReferencePrimaryToken (
3430 /*IN*/ PEPROCESS Process
3431);
3432
3433NTKERNELAPI
3434VOID
3435NTAPI
3436PsReturnPoolQuota (
3437 /*IN*/ PEPROCESS Process,
3438 /*IN*/ POOL_TYPE PoolType,
3439 /*IN*/ ULONG Amount
3440);
3441
3442NTKERNELAPI
3443VOID
3444NTAPI
3445PsRevertToSelf (
3446 VOID
3447);
3448
3449NTSYSAPI
3450NTSTATUS
3451NTAPI
3452RtlAbsoluteToSelfRelativeSD (
3453 /*IN*/ PSECURITY_DESCRIPTOR AbsoluteSecurityDescriptor,
3454 /*IN OUT*/ PSECURITY_DESCRIPTOR SelfRelativeSecurityDescriptor,
3455 /*IN*/ PULONG BufferLength
3456);
3457
3458NTSYSAPI
3459PVOID
3460NTAPI
3461RtlAllocateHeap (
3462 /*IN*/ HANDLE HeapHandle,
3463 /*IN*/ ULONG Flags,
3464 /*IN*/ ULONG Size
3465);
3466
3467NTSYSAPI
3468NTSTATUS
3469NTAPI
3470RtlCompressBuffer (
3471 /*IN*/ USHORT CompressionFormatAndEngine,
3472 /*IN*/ PUCHAR UncompressedBuffer,
3473 /*IN*/ ULONG UncompressedBufferSize,
3474 /*OUT*/ PUCHAR CompressedBuffer,
3475 /*IN*/ ULONG CompressedBufferSize,
3476 /*IN*/ ULONG UncompressedChunkSize,
3477 /*OUT*/ PULONG FinalCompressedSize,
3478 /*IN*/ PVOID WorkSpace
3479);
3480
3481NTSYSAPI
3482NTSTATUS
3483NTAPI
3484RtlCompressChunks (
3485 /*IN*/ PUCHAR UncompressedBuffer,
3486 /*IN*/ ULONG UncompressedBufferSize,
3487 /*OUT*/ PUCHAR CompressedBuffer,
3488 /*IN*/ ULONG CompressedBufferSize,
3489 /*IN OUT*/ PCOMPRESSED_DATA_INFO CompressedDataInfo,
3490 /*IN*/ ULONG CompressedDataInfoLength,
3491 /*IN*/ PVOID WorkSpace
3492);
3493
3494NTSYSAPI
3495NTSTATUS
3496NTAPI
3497RtlConvertSidToUnicodeString (
3498 /*OUT*/ PUNICODE_STRING DestinationString,
3499 /*IN*/ PSID Sid,
3500 /*IN*/ BOOLEAN AllocateDestinationString
3501);
3502
3503NTSYSAPI
3504NTSTATUS
3505NTAPI
3506RtlCopySid (
3507 /*IN*/ ULONG Length,
3508 /*IN*/ PSID Destination,
3509 /*IN*/ PSID Source
3510);
3511
3512NTSYSAPI
3513NTSTATUS
3514NTAPI
3515RtlDecompressBuffer (
3516 /*IN*/ USHORT CompressionFormat,
3517 /*OUT*/ PUCHAR UncompressedBuffer,
3518 /*IN*/ ULONG UncompressedBufferSize,
3519 /*IN*/ PUCHAR CompressedBuffer,
3520 /*IN*/ ULONG CompressedBufferSize,
3521 /*OUT*/ PULONG FinalUncompressedSize
3522);
3523
3524NTSYSAPI
3525NTSTATUS
3526NTAPI
3527RtlDecompressChunks (
3528 /*OUT*/ PUCHAR UncompressedBuffer,
3529 /*IN*/ ULONG UncompressedBufferSize,
3530 /*IN*/ PUCHAR CompressedBuffer,
3531 /*IN*/ ULONG CompressedBufferSize,
3532 /*IN*/ PUCHAR CompressedTail,
3533 /*IN*/ ULONG CompressedTailSize,
3534 /*IN*/ PCOMPRESSED_DATA_INFO CompressedDataInfo
3535);
3536
3537NTSYSAPI
3538NTSTATUS
3539NTAPI
3540RtlDecompressFragment (
3541 /*IN*/ USHORT CompressionFormat,
3542 /*OUT*/ PUCHAR UncompressedFragment,
3543 /*IN*/ ULONG UncompressedFragmentSize,
3544 /*IN*/ PUCHAR CompressedBuffer,
3545 /*IN*/ ULONG CompressedBufferSize,
3546 /*IN*/ ULONG FragmentOffset,
3547 /*OUT*/ PULONG FinalUncompressedSize,
3548 /*IN*/ PVOID WorkSpace
3549);
3550
3551NTSYSAPI
3552NTSTATUS
3553NTAPI
3554RtlDescribeChunk (
3555 /*IN*/ USHORT CompressionFormat,
3556 /*IN OUT*/ PUCHAR *CompressedBuffer,
3557 /*IN*/ PUCHAR EndOfCompressedBufferPlus1,
3558 /*OUT*/ PUCHAR *ChunkBuffer,
3559 /*OUT*/ PULONG ChunkSize
3560);
3561
3562NTSYSAPI
3563BOOLEAN
3564NTAPI
3565RtlEqualSid (
3566 /*IN*/ PSID Sid1,
3567 /*IN*/ PSID Sid2
3568);
3569
3570NTSYSAPI
3571VOID
3572NTAPI
3573RtlFillMemoryUlong (
3574 /*IN*/ PVOID Destination,
3575 /*IN*/ ULONG Length,
3576 /*IN*/ ULONG Fill
3577);
3578
3579NTSYSAPI
3580BOOLEAN
3581NTAPI
3582RtlFreeHeap (
3583 /*IN*/ HANDLE HeapHandle,
3584 /*IN*/ ULONG Flags,
3585 /*IN*/ PVOID P
3586);
3587
3588NTSYSAPI
3589VOID
3590NTAPI
3591RtlGenerate8dot3Name (
3592 /*IN*/ PUNICODE_STRING Name,
3593 /*IN*/ BOOLEAN AllowExtendedCharacters,
3594 /*IN OUT*/ PGENERATE_NAME_CONTEXT Context,
3595 /*OUT*/ PUNICODE_STRING Name8dot3
3596);
3597
3598NTSYSAPI
3599NTSTATUS
3600NTAPI
3601RtlGetCompressionWorkSpaceSize (
3602 /*IN*/ USHORT CompressionFormatAndEngine,
3603 /*OUT*/ PULONG CompressBufferWorkSpaceSize,
3604 /*OUT*/ PULONG CompressFragmentWorkSpaceSize
3605);
3606
3607NTSYSAPI
3608NTSTATUS
3609NTAPI
3610RtlGetDaclSecurityDescriptor (
3611 /*IN*/ PSECURITY_DESCRIPTOR SecurityDescriptor,
3612 /*OUT*/ PBOOLEAN DaclPresent,
3613 /*OUT*/ PACL *Dacl,
3614 /*OUT*/ PBOOLEAN DaclDefaulted
3615);
3616
3617NTSYSAPI
3618NTSTATUS
3619NTAPI
3620RtlGetGroupSecurityDescriptor (
3621 /*IN*/ PSECURITY_DESCRIPTOR SecurityDescriptor,
3622 /*OUT*/ PSID *Group,
3623 /*OUT*/ PBOOLEAN GroupDefaulted
3624);
3625
3626NTSYSAPI
3627NTSTATUS
3628NTAPI
3629RtlGetOwnerSecurityDescriptor (
3630 /*IN*/ PSECURITY_DESCRIPTOR SecurityDescriptor,
3631 /*OUT*/ PSID *Owner,
3632 /*OUT*/ PBOOLEAN OwnerDefaulted
3633);
3634
3635NTSYSAPI
3636NTSTATUS
3637NTAPI
3638RtlInitializeSid (
3639 /*IN OUT*/ PSID Sid,
3640 /*IN*/ PSID_IDENTIFIER_AUTHORITY IdentifierAuthority,
3641 /*IN*/ UCHAR SubAuthorityCount
3642);
3643
3644NTSYSAPI
3645BOOLEAN
3646NTAPI
3647RtlIsNameLegalDOS8Dot3 (
3648 /*IN*/ PUNICODE_STRING UnicodeName,
3649 /*IN*/ PANSI_STRING AnsiName,
3650 PBOOLEAN Unknown
3651);
3652
3653NTSYSAPI
3654ULONG
3655NTAPI
3656RtlLengthRequiredSid (
3657 /*IN*/ UCHAR SubAuthorityCount
3658);
3659
3660NTSYSAPI
3661ULONG
3662NTAPI
3663RtlLengthSid (
3664 /*IN*/ PSID Sid
3665);
3666
3667NTSYSAPI
3668ULONG
3669NTAPI
3670RtlNtStatusToDosError (
3671 /*IN*/ NTSTATUS Status
3672);
3673
3674NTSYSAPI
3675NTSTATUS
3676NTAPI
3677RtlReserveChunk (
3678 /*IN*/ USHORT CompressionFormat,
3679 /*IN OUT*/ PUCHAR *CompressedBuffer,
3680 /*IN*/ PUCHAR EndOfCompressedBufferPlus1,
3681 /*OUT*/ PUCHAR *ChunkBuffer,
3682 /*IN*/ ULONG ChunkSize
3683);
3684
3685NTSYSAPI
3686VOID
3687NTAPI
3688RtlSecondsSince1970ToTime (
3689 /*IN*/ ULONG SecondsSince1970,
3690 /*OUT*/ PLARGE_INTEGER Time
3691);
3692
3693#if (VER_PRODUCTBUILD >= 2195)
3694
3695NTSYSAPI
3696NTSTATUS
3697NTAPI
3698RtlSelfRelativeToAbsoluteSD (
3699 /*IN*/ PSECURITY_DESCRIPTOR SelfRelativeSD,
3700 /*OUT*/ PSECURITY_DESCRIPTOR AbsoluteSD,
3701 /*IN*/ PULONG AbsoluteSDSize,
3702 /*IN*/ PACL Dacl,
3703 /*IN*/ PULONG DaclSize,
3704 /*IN*/ PACL Sacl,
3705 /*IN*/ PULONG SaclSize,
3706 /*IN*/ PSID Owner,
3707 /*IN*/ PULONG OwnerSize,
3708 /*IN*/ PSID PrimaryGroup,
3709 /*IN*/ PULONG PrimaryGroupSize
3710);
3711
3712#endif /* (VER_PRODUCTBUILD >= 2195) */
3713
3714NTSYSAPI
3715NTSTATUS
3716NTAPI
3717RtlSetGroupSecurityDescriptor (
3718 /*IN OUT*/ PSECURITY_DESCRIPTOR SecurityDescriptor,
3719 /*IN*/ PSID Group,
3720 /*IN*/ BOOLEAN GroupDefaulted
3721);
3722
3723NTSYSAPI
3724NTSTATUS
3725NTAPI
3726RtlSetOwnerSecurityDescriptor (
3727 /*IN OUT*/ PSECURITY_DESCRIPTOR SecurityDescriptor,
3728 /*IN*/ PSID Owner,
3729 /*IN*/ BOOLEAN OwnerDefaulted
3730);
3731
3732NTSYSAPI
3733NTSTATUS
3734NTAPI
3735RtlSetSaclSecurityDescriptor (
3736 /*IN OUT*/ PSECURITY_DESCRIPTOR SecurityDescriptor,
3737 /*IN*/ BOOLEAN SaclPresent,
3738 /*IN*/ PACL Sacl,
3739 /*IN*/ BOOLEAN SaclDefaulted
3740);
3741
3742NTSYSAPI
3743PUCHAR
3744NTAPI
3745RtlSubAuthorityCountSid (
3746 /*IN*/ PSID Sid
3747);
3748
3749NTSYSAPI
3750PULONG
3751NTAPI
3752RtlSubAuthoritySid (
3753 /*IN*/ PSID Sid,
3754 /*IN*/ ULONG SubAuthority
3755);
3756
3757NTSYSAPI
3758BOOLEAN
3759NTAPI
3760RtlValidSid (
3761 /*IN*/ PSID Sid
3762);
3763
3764NTKERNELAPI
3765NTSTATUS
3766NTAPI
3767SeAppendPrivileges (
3768 PACCESS_STATE AccessState,
3769 PPRIVILEGE_SET Privileges
3770);
3771
3772NTKERNELAPI
3773BOOLEAN
3774NTAPI
3775SeAuditingFileEvents (
3776 /*IN*/ BOOLEAN AccessGranted,
3777 /*IN*/ PSECURITY_DESCRIPTOR SecurityDescriptor
3778);
3779
3780NTKERNELAPI
3781BOOLEAN
3782NTAPI
3783SeAuditingFileOrGlobalEvents (
3784 /*IN*/ BOOLEAN AccessGranted,
3785 /*IN*/ PSECURITY_DESCRIPTOR SecurityDescriptor,
3786 /*IN*/ PSECURITY_SUBJECT_CONTEXT SubjectContext
3787);
3788
3789NTKERNELAPI
3790VOID
3791NTAPI
3792SeCaptureSubjectContext (
3793 /*OUT*/ PSECURITY_SUBJECT_CONTEXT SubjectContext
3794);
3795
3796NTKERNELAPI
3797NTSTATUS
3798NTAPI
3799SeCreateAccessState (
3800 /*OUT*/ PACCESS_STATE AccessState,
3801 /*IN*/ PVOID AuxData,
3802 /*IN*/ ACCESS_MASK AccessMask,
3803 /*IN*/ PGENERIC_MAPPING Mapping
3804);
3805
3806NTKERNELAPI
3807NTSTATUS
3808NTAPI
3809SeCreateClientSecurity (
3810 /*IN*/ PETHREAD Thread,
3811 /*IN*/ PSECURITY_QUALITY_OF_SERVICE QualityOfService,
3812 /*IN*/ BOOLEAN RemoteClient,
3813 /*OUT*/ PSECURITY_CLIENT_CONTEXT ClientContext
3814);
3815
3816#if (VER_PRODUCTBUILD >= 2195)
3817
3818NTKERNELAPI
3819NTSTATUS
3820NTAPI
3821SeCreateClientSecurityFromSubjectContext (
3822 /*IN*/ PSECURITY_SUBJECT_CONTEXT SubjectContext,
3823 /*IN*/ PSECURITY_QUALITY_OF_SERVICE QualityOfService,
3824 /*IN*/ BOOLEAN ServerIsRemote,
3825 /*OUT*/ PSECURITY_CLIENT_CONTEXT ClientContext
3826);
3827
3828#endif /* (VER_PRODUCTBUILD >= 2195) */
3829
3830#define SeDeleteClientSecurity(C) { \
3831 if (SeTokenType((C)->ClientToken) == TokenPrimary) { \
3832 PsDereferencePrimaryToken( (C)->ClientToken ); \
3833 } else { \
3834 PsDereferenceImpersonationToken( (C)->ClientToken ); \
3835 } \
3836}
3837
3838NTKERNELAPI
3839VOID
3840NTAPI
3841SeDeleteObjectAuditAlarm (
3842 /*IN*/ PVOID Object,
3843 /*IN*/ HANDLE Handle
3844);
3845
3846#define SeEnableAccessToExports() SeExports = *(PSE_EXPORTS *)SeExports;
3847
3848NTKERNELAPI
3849VOID
3850NTAPI
3851SeFreePrivileges (
3852 /*IN*/ PPRIVILEGE_SET Privileges
3853);
3854
3855NTKERNELAPI
3856VOID
3857NTAPI
3858SeImpersonateClient (
3859 /*IN*/ PSECURITY_CLIENT_CONTEXT ClientContext,
3860 /*IN*/ PETHREAD ServerThread /*OPTIONAL*/
3861);
3862
3863#if (VER_PRODUCTBUILD >= 2195)
3864
3865NTKERNELAPI
3866NTSTATUS
3867NTAPI
3868SeImpersonateClientEx (
3869 /*IN*/ PSECURITY_CLIENT_CONTEXT ClientContext,
3870 /*IN*/ PETHREAD ServerThread /*OPTIONAL*/
3871);
3872
3873#endif /* (VER_PRODUCTBUILD >= 2195) */
3874
3875NTKERNELAPI
3876VOID
3877NTAPI
3878SeLockSubjectContext (
3879 /*IN*/ PSECURITY_SUBJECT_CONTEXT SubjectContext
3880);
3881
3882NTKERNELAPI
3883NTSTATUS
3884NTAPI
3885SeMarkLogonSessionForTerminationNotification (
3886 /*IN*/ PLUID LogonId
3887);
3888
3889NTKERNELAPI
3890VOID
3891NTAPI
3892SeOpenObjectAuditAlarm (
3893 /*IN*/ PUNICODE_STRING ObjectTypeName,
3894 /*IN*/ PVOID Object /*OPTIONAL*/,
3895 /*IN*/ PUNICODE_STRING AbsoluteObjectName /*OPTIONAL*/,
3896 /*IN*/ PSECURITY_DESCRIPTOR SecurityDescriptor,
3897 /*IN*/ PACCESS_STATE AccessState,
3898 /*IN*/ BOOLEAN ObjectCreated,
3899 /*IN*/ BOOLEAN AccessGranted,
3900 /*IN*/ KPROCESSOR_MODE AccessMode,
3901 /*OUT*/ PBOOLEAN GenerateOnClose
3902);
3903
3904NTKERNELAPI
3905VOID
3906NTAPI
3907SeOpenObjectForDeleteAuditAlarm (
3908 /*IN*/ PUNICODE_STRING ObjectTypeName,
3909 /*IN*/ PVOID Object /*OPTIONAL*/,
3910 /*IN*/ PUNICODE_STRING AbsoluteObjectName /*OPTIONAL*/,
3911 /*IN*/ PSECURITY_DESCRIPTOR SecurityDescriptor,
3912 /*IN*/ PACCESS_STATE AccessState,
3913 /*IN*/ BOOLEAN ObjectCreated,
3914 /*IN*/ BOOLEAN AccessGranted,
3915 /*IN*/ KPROCESSOR_MODE AccessMode,
3916 /*OUT*/ PBOOLEAN GenerateOnClose
3917);
3918
3919NTKERNELAPI
3920BOOLEAN
3921NTAPI
3922SePrivilegeCheck (
3923 /*IN OUT*/ PPRIVILEGE_SET RequiredPrivileges,
3924 /*IN*/ PSECURITY_SUBJECT_CONTEXT SubjectContext,
3925 /*IN*/ KPROCESSOR_MODE AccessMode
3926);
3927
3928NTKERNELAPI
3929NTSTATUS
3930NTAPI
3931SeQueryAuthenticationIdToken (
3932 /*IN*/ PACCESS_TOKEN Token,
3933 /*OUT*/ PLUID LogonId
3934);
3935
3936#if (VER_PRODUCTBUILD >= 2195)
3937
3938NTKERNELAPI
3939NTSTATUS
3940NTAPI
3941SeQueryInformationToken (
3942 /*IN*/ PACCESS_TOKEN Token,
3943 /*IN*/ TOKEN_INFORMATION_CLASS TokenInformationClass,
3944 /*OUT*/ PVOID *TokenInformation
3945);
3946
3947#endif /* (VER_PRODUCTBUILD >= 2195) */
3948
3949NTKERNELAPI
3950NTSTATUS
3951NTAPI
3952SeQuerySecurityDescriptorInfo (
3953 /*IN*/ PSECURITY_INFORMATION SecurityInformation,
3954 /*OUT*/ PSECURITY_DESCRIPTOR SecurityDescriptor,
3955 /*IN OUT*/ PULONG Length,
3956 /*IN*/ PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor
3957);
3958
3959#if (VER_PRODUCTBUILD >= 2195)
3960
3961NTKERNELAPI
3962NTSTATUS
3963NTAPI
3964SeQuerySessionIdToken (
3965 /*IN*/ PACCESS_TOKEN Token,
3966 /*IN*/ PULONG SessionId
3967);
3968
3969#endif /* (VER_PRODUCTBUILD >= 2195) */
3970
3971#define SeQuerySubjectContextToken( SubjectContext ) \
3972 ( ARGUMENT_PRESENT( \
3973 ((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->ClientToken \
3974 ) ? \
3975 ((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->ClientToken : \
3976 ((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->PrimaryToken )
3977
3978typedef NTSTATUS (*PSE_LOGON_SESSION_TERMINATED_ROUTINE) (
3979 /*IN*/ PLUID LogonId
3980);
3981
3982NTKERNELAPI
3983NTSTATUS
3984NTAPI
3985SeRegisterLogonSessionTerminatedRoutine (
3986 /*IN*/ PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine
3987);
3988
3989NTKERNELAPI
3990VOID
3991NTAPI
3992SeReleaseSubjectContext (
3993 /*IN*/ PSECURITY_SUBJECT_CONTEXT SubjectContext
3994);
3995
3996NTKERNELAPI
3997VOID
3998NTAPI
3999SeSetAccessStateGenericMapping (
4000 PACCESS_STATE AccessState,
4001 PGENERIC_MAPPING GenericMapping
4002);
4003
4004NTKERNELAPI
4005NTSTATUS
4006NTAPI
4007SeSetSecurityDescriptorInfo (
4008 /*IN*/ PVOID Object /*OPTIONAL*/,
4009 /*IN*/ PSECURITY_INFORMATION SecurityInformation,
4010 /*IN*/ PSECURITY_DESCRIPTOR SecurityDescriptor,
4011 /*IN OUT*/ PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor,
4012 /*IN*/ POOL_TYPE PoolType,
4013 /*IN*/ PGENERIC_MAPPING GenericMapping
4014);
4015
4016#if (VER_PRODUCTBUILD >= 2195)
4017
4018NTKERNELAPI
4019NTSTATUS
4020NTAPI
4021SeSetSecurityDescriptorInfoEx (
4022 /*IN*/ PVOID Object /*OPTIONAL*/,
4023 /*IN*/ PSECURITY_INFORMATION SecurityInformation,
4024 /*IN*/ PSECURITY_DESCRIPTOR ModificationDescriptor,
4025 /*IN OUT*/ PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor,
4026 /*IN*/ ULONG AutoInheritFlags,
4027 /*IN*/ POOL_TYPE PoolType,
4028 /*IN*/ PGENERIC_MAPPING GenericMapping
4029);
4030
4031NTKERNELAPI
4032BOOLEAN
4033NTAPI
4034SeTokenIsAdmin (
4035 /*IN*/ PACCESS_TOKEN Token
4036);
4037
4038NTKERNELAPI
4039BOOLEAN
4040NTAPI
4041SeTokenIsRestricted (
4042 /*IN*/ PACCESS_TOKEN Token
4043);
4044
4045#endif /* (VER_PRODUCTBUILD >= 2195) */
4046
4047NTKERNELAPI
4048TOKEN_TYPE
4049NTAPI
4050SeTokenType (
4051 /*IN*/ PACCESS_TOKEN Token
4052);
4053
4054NTKERNELAPI
4055VOID
4056NTAPI
4057SeUnlockSubjectContext (
4058 /*IN*/ PSECURITY_SUBJECT_CONTEXT SubjectContext
4059);
4060
4061NTKERNELAPI
4062NTSTATUS
4063SeUnregisterLogonSessionTerminatedRoutine (
4064 /*IN*/ PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine
4065);
4066
4067#if (VER_PRODUCTBUILD >= 2195)
4068
4069NTSYSAPI
4070NTSTATUS
4071NTAPI
4072NtAdjustPrivilegesToken (
4073 /*IN*/ HANDLE TokenHandle,
4074 /*IN*/ BOOLEAN DisableAllPrivileges,
4075 /*IN*/ PTOKEN_PRIVILEGES NewState,
4076 /*IN*/ ULONG BufferLength,
4077 /*OUT*/ PTOKEN_PRIVILEGES PreviousState /*OPTIONAL*/,
4078 /*OUT*/ PULONG ReturnLength
4079);
4080
4081NTSYSAPI
4082NTSTATUS
4083NTAPI
4084ZwAdjustPrivilegesToken (
4085 /*IN*/ HANDLE TokenHandle,
4086 /*IN*/ BOOLEAN DisableAllPrivileges,
4087 /*IN*/ PTOKEN_PRIVILEGES NewState,
4088 /*IN*/ ULONG BufferLength,
4089 /*OUT*/ PTOKEN_PRIVILEGES PreviousState /*OPTIONAL*/,
4090 /*OUT*/ PULONG ReturnLength
4091);
4092
4093#endif /* (VER_PRODUCTBUILD >= 2195) */
4094
4095NTSYSAPI
4096NTSTATUS
4097NTAPI
4098NtAlertThread (
4099 /*IN*/ HANDLE ThreadHandle
4100);
4101
4102NTSYSAPI
4103NTSTATUS
4104NTAPI
4105ZwAlertThread (
4106 /*IN*/ HANDLE ThreadHandle
4107);
4108
4109NTSYSAPI
4110NTSTATUS
4111NTAPI
4112NtAllocateVirtualMemory (
4113 /*IN*/ HANDLE ProcessHandle,
4114 /*IN OUT*/ PVOID *BaseAddress,
4115 /*IN*/ ULONG ZeroBits,
4116 /*IN OUT*/ PULONG RegionSize,
4117 /*IN*/ ULONG AllocationType,
4118 /*IN*/ ULONG Protect
4119);
4120
4121NTSYSAPI
4122NTSTATUS
4123NTAPI
4124ZwAllocateVirtualMemory (
4125 /*IN*/ HANDLE ProcessHandle,
4126 /*IN OUT*/ PVOID *BaseAddress,
4127 /*IN*/ ULONG ZeroBits,
4128 /*IN OUT*/ PULONG RegionSize,
4129 /*IN*/ ULONG AllocationType,
4130 /*IN*/ ULONG Protect
4131);
4132
4133NTSYSAPI
4134NTSTATUS
4135NTAPI
4136NtAccessCheckAndAuditAlarm (
4137 /*IN*/ PUNICODE_STRING SubsystemName,
4138 /*IN*/ PVOID HandleId,
4139 /*IN*/ PUNICODE_STRING ObjectTypeName,
4140 /*IN*/ PUNICODE_STRING ObjectName,
4141 /*IN*/ PSECURITY_DESCRIPTOR SecurityDescriptor,
4142 /*IN*/ ACCESS_MASK DesiredAccess,
4143 /*IN*/ PGENERIC_MAPPING GenericMapping,
4144 /*IN*/ BOOLEAN ObjectCreation,
4145 /*OUT*/ PACCESS_MASK GrantedAccess,
4146 /*OUT*/ PBOOLEAN AccessStatus,
4147 /*OUT*/ PBOOLEAN GenerateOnClose
4148);
4149
4150NTSYSAPI
4151NTSTATUS
4152NTAPI
4153ZwAccessCheckAndAuditAlarm (
4154 /*IN*/ PUNICODE_STRING SubsystemName,
4155 /*IN*/ PVOID HandleId,
4156 /*IN*/ PUNICODE_STRING ObjectTypeName,
4157 /*IN*/ PUNICODE_STRING ObjectName,
4158 /*IN*/ PSECURITY_DESCRIPTOR SecurityDescriptor,
4159 /*IN*/ ACCESS_MASK DesiredAccess,
4160 /*IN*/ PGENERIC_MAPPING GenericMapping,
4161 /*IN*/ BOOLEAN ObjectCreation,
4162 /*OUT*/ PACCESS_MASK GrantedAccess,
4163 /*OUT*/ PBOOLEAN AccessStatus,
4164 /*OUT*/ PBOOLEAN GenerateOnClose
4165);
4166
4167#if (VER_PRODUCTBUILD >= 2195)
4168
4169NTSYSAPI
4170NTSTATUS
4171NTAPI
4172NtCancelIoFile (
4173 /*IN*/ HANDLE FileHandle,
4174 /*OUT*/ PIO_STATUS_BLOCK IoStatusBlock
4175);
4176
4177NTSYSAPI
4178NTSTATUS
4179NTAPI
4180ZwCancelIoFile (
4181 /*IN*/ HANDLE FileHandle,
4182 /*OUT*/ PIO_STATUS_BLOCK IoStatusBlock
4183);
4184
4185#endif /* (VER_PRODUCTBUILD >= 2195) */
4186
4187NTSYSAPI
4188NTSTATUS
4189NTAPI
4190NtClearEvent (
4191 /*IN*/ HANDLE EventHandle
4192);
4193
4194NTSYSAPI
4195NTSTATUS
4196NTAPI
4197ZwClearEvent (
4198 /*IN*/ HANDLE EventHandle
4199);
4200
4201NTSYSAPI
4202NTSTATUS
4203NTAPI
4204NtCloseObjectAuditAlarm (
4205 /*IN*/ PUNICODE_STRING SubsystemName,
4206 /*IN*/ PVOID HandleId,
4207 /*IN*/ BOOLEAN GenerateOnClose
4208);
4209
4210NTSYSAPI
4211NTSTATUS
4212NTAPI
4213ZwCloseObjectAuditAlarm (
4214 /*IN*/ PUNICODE_STRING SubsystemName,
4215 /*IN*/ PVOID HandleId,
4216 /*IN*/ BOOLEAN GenerateOnClose
4217);
4218
4219NTSYSAPI
4220NTSTATUS
4221NTAPI
4222NtCreateSection (
4223 /*OUT*/ PHANDLE SectionHandle,
4224 /*IN*/ ACCESS_MASK DesiredAccess,
4225 /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes /*OPTIONAL*/,
4226 /*IN*/ PLARGE_INTEGER MaximumSize /*OPTIONAL*/,
4227 /*IN*/ ULONG SectionPageProtection,
4228 /*IN*/ ULONG AllocationAttributes,
4229 /*IN*/ HANDLE FileHandle /*OPTIONAL*/
4230);
4231
4232NTSYSAPI
4233NTSTATUS
4234NTAPI
4235ZwCreateSection (
4236 /*OUT*/ PHANDLE SectionHandle,
4237 /*IN*/ ACCESS_MASK DesiredAccess,
4238 /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes /*OPTIONAL*/,
4239 /*IN*/ PLARGE_INTEGER MaximumSize /*OPTIONAL*/,
4240 /*IN*/ ULONG SectionPageProtection,
4241 /*IN*/ ULONG AllocationAttributes,
4242 /*IN*/ HANDLE FileHandle /*OPTIONAL*/
4243);
4244
4245NTSYSAPI
4246NTSTATUS
4247NTAPI
4248NtCreateSymbolicLinkObject (
4249 /*OUT*/ PHANDLE SymbolicLinkHandle,
4250 /*IN*/ ACCESS_MASK DesiredAccess,
4251 /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes,
4252 /*IN*/ PUNICODE_STRING TargetName
4253);
4254
4255NTSYSAPI
4256NTSTATUS
4257NTAPI
4258ZwCreateSymbolicLinkObject (
4259 /*OUT*/ PHANDLE SymbolicLinkHandle,
4260 /*IN*/ ACCESS_MASK DesiredAccess,
4261 /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes,
4262 /*IN*/ PUNICODE_STRING TargetName
4263);
4264
4265NTSYSAPI
4266NTSTATUS
4267NTAPI
4268NtDeleteFile (
4269 /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes
4270);
4271
4272NTSYSAPI
4273NTSTATUS
4274NTAPI
4275ZwDeleteFile (
4276 /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes
4277);
4278
4279NTSYSAPI
4280NTSTATUS
4281NTAPI
4282NtDeleteValueKey (
4283 /*IN*/ HANDLE Handle,
4284 /*IN*/ PUNICODE_STRING Name
4285);
4286
4287NTSYSAPI
4288NTSTATUS
4289NTAPI
4290ZwDeleteValueKey (
4291 /*IN*/ HANDLE Handle,
4292 /*IN*/ PUNICODE_STRING Name
4293);
4294
4295NTSYSAPI
4296NTSTATUS
4297NTAPI
4298NtDeviceIoControlFile (
4299 /*IN*/ HANDLE FileHandle,
4300 /*IN*/ HANDLE Event /*OPTIONAL*/,
4301 /*IN*/ PIO_APC_ROUTINE ApcRoutine /*OPTIONAL*/,
4302 /*IN*/ PVOID ApcContext /*OPTIONAL*/,
4303 /*OUT*/ PIO_STATUS_BLOCK IoStatusBlock,
4304 /*IN*/ ULONG IoControlCode,
4305 /*IN*/ PVOID InputBuffer /*OPTIONAL*/,
4306 /*IN*/ ULONG InputBufferLength,
4307 /*OUT*/ PVOID OutputBuffer /*OPTIONAL*/,
4308 /*IN*/ ULONG OutputBufferLength
4309);
4310
4311NTSYSAPI
4312NTSTATUS
4313NTAPI
4314ZwDeviceIoControlFile (
4315 /*IN*/ HANDLE FileHandle,
4316 /*IN*/ HANDLE Event /*OPTIONAL*/,
4317 /*IN*/ PIO_APC_ROUTINE ApcRoutine /*OPTIONAL*/,
4318 /*IN*/ PVOID ApcContext /*OPTIONAL*/,
4319 /*OUT*/ PIO_STATUS_BLOCK IoStatusBlock,
4320 /*IN*/ ULONG IoControlCode,
4321 /*IN*/ PVOID InputBuffer /*OPTIONAL*/,
4322 /*IN*/ ULONG InputBufferLength,
4323 /*OUT*/ PVOID OutputBuffer /*OPTIONAL*/,
4324 /*IN*/ ULONG OutputBufferLength
4325);
4326
4327NTSYSAPI
4328NTSTATUS
4329NTAPI
4330NtDisplayString (
4331 /*IN*/ PUNICODE_STRING String
4332);
4333
4334NTSYSAPI
4335NTSTATUS
4336NTAPI
4337ZwDisplayString (
4338 /*IN*/ PUNICODE_STRING String
4339);
4340
4341NTSYSAPI
4342NTSTATUS
4343NTAPI
4344NtDuplicateObject (
4345 /*IN*/ HANDLE SourceProcessHandle,
4346 /*IN*/ HANDLE SourceHandle,
4347 /*IN*/ HANDLE TargetProcessHandle /*OPTIONAL*/,
4348 /*OUT*/ PHANDLE TargetHandle /*OPTIONAL*/,
4349 /*IN*/ ACCESS_MASK DesiredAccess,
4350 /*IN*/ ULONG HandleAttributes,
4351 /*IN*/ ULONG Options
4352);
4353
4354NTSYSAPI
4355NTSTATUS
4356NTAPI
4357ZwDuplicateObject (
4358 /*IN*/ HANDLE SourceProcessHandle,
4359 /*IN*/ HANDLE SourceHandle,
4360 /*IN*/ HANDLE TargetProcessHandle /*OPTIONAL*/,
4361 /*OUT*/ PHANDLE TargetHandle /*OPTIONAL*/,
4362 /*IN*/ ACCESS_MASK DesiredAccess,
4363 /*IN*/ ULONG HandleAttributes,
4364 /*IN*/ ULONG Options
4365);
4366
4367NTSYSAPI
4368NTSTATUS
4369NTAPI
4370NtDuplicateToken (
4371 /*IN*/ HANDLE ExistingTokenHandle,
4372 /*IN*/ ACCESS_MASK DesiredAccess,
4373 /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes,
4374 /*IN*/ BOOLEAN EffectiveOnly,
4375 /*IN*/ TOKEN_TYPE TokenType,
4376 /*OUT*/ PHANDLE NewTokenHandle
4377);
4378
4379NTSYSAPI
4380NTSTATUS
4381NTAPI
4382ZwDuplicateToken (
4383 /*IN*/ HANDLE ExistingTokenHandle,
4384 /*IN*/ ACCESS_MASK DesiredAccess,
4385 /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes,
4386 /*IN*/ BOOLEAN EffectiveOnly,
4387 /*IN*/ TOKEN_TYPE TokenType,
4388 /*OUT*/ PHANDLE NewTokenHandle
4389);
4390
4391NTSYSAPI
4392NTSTATUS
4393NTAPI
4394NtFlushInstructionCache (
4395 /*IN*/ HANDLE ProcessHandle,
4396 /*IN*/ PVOID BaseAddress /*OPTIONAL*/,
4397 /*IN*/ ULONG FlushSize
4398);
4399
4400NTSYSAPI
4401NTSTATUS
4402NTAPI
4403ZwFlushInstructionCache (
4404 /*IN*/ HANDLE ProcessHandle,
4405 /*IN*/ PVOID BaseAddress /*OPTIONAL*/,
4406 /*IN*/ ULONG FlushSize
4407);
4408
4409#if (VER_PRODUCTBUILD >= 2195)
4410
4411NTSYSAPI
4412NTSTATUS
4413NTAPI
4414NtFlushVirtualMemory (
4415 /*IN*/ HANDLE ProcessHandle,
4416 /*IN OUT*/ PVOID *BaseAddress,
4417 /*IN OUT*/ PULONG FlushSize,
4418 /*OUT*/ PIO_STATUS_BLOCK IoStatusBlock
4419);
4420
4421NTSYSAPI
4422NTSTATUS
4423NTAPI
4424ZwFlushVirtualMemory (
4425 /*IN*/ HANDLE ProcessHandle,
4426 /*IN OUT*/ PVOID *BaseAddress,
4427 /*IN OUT*/ PULONG FlushSize,
4428 /*OUT*/ PIO_STATUS_BLOCK IoStatusBlock
4429);
4430
4431#endif /* (VER_PRODUCTBUILD >= 2195) */
4432
4433NTSYSAPI
4434NTSTATUS
4435NTAPI
4436NtFreeVirtualMemory (
4437 /*IN*/ HANDLE ProcessHandle,
4438 /*IN OUT*/ PVOID *BaseAddress,
4439 /*IN OUT*/ PULONG RegionSize,
4440 /*IN*/ ULONG FreeType
4441);
4442
4443NTSYSAPI
4444NTSTATUS
4445NTAPI
4446ZwFreeVirtualMemory (
4447 /*IN*/ HANDLE ProcessHandle,
4448 /*IN OUT*/ PVOID *BaseAddress,
4449 /*IN OUT*/ PULONG RegionSize,
4450 /*IN*/ ULONG FreeType
4451);
4452
4453NTSYSAPI
4454NTSTATUS
4455NTAPI
4456NtFsControlFile (
4457 /*IN*/ HANDLE FileHandle,
4458 /*IN*/ HANDLE Event /*OPTIONAL*/,
4459 /*IN*/ PIO_APC_ROUTINE ApcRoutine /*OPTIONAL*/,
4460 /*IN*/ PVOID ApcContext /*OPTIONAL*/,
4461 /*OUT*/ PIO_STATUS_BLOCK IoStatusBlock,
4462 /*IN*/ ULONG FsControlCode,
4463 /*IN*/ PVOID InputBuffer /*OPTIONAL*/,
4464 /*IN*/ ULONG InputBufferLength,
4465 /*OUT*/ PVOID OutputBuffer /*OPTIONAL*/,
4466 /*IN*/ ULONG OutputBufferLength
4467);
4468
4469NTSYSAPI
4470NTSTATUS
4471NTAPI
4472ZwFsControlFile (
4473 /*IN*/ HANDLE FileHandle,
4474 /*IN*/ HANDLE Event /*OPTIONAL*/,
4475 /*IN*/ PIO_APC_ROUTINE ApcRoutine /*OPTIONAL*/,
4476 /*IN*/ PVOID ApcContext /*OPTIONAL*/,
4477 /*OUT*/ PIO_STATUS_BLOCK IoStatusBlock,
4478 /*IN*/ ULONG FsControlCode,
4479 /*IN*/ PVOID InputBuffer /*OPTIONAL*/,
4480 /*IN*/ ULONG InputBufferLength,
4481 /*OUT*/ PVOID OutputBuffer /*OPTIONAL*/,
4482 /*IN*/ ULONG OutputBufferLength
4483);
4484
4485#if (VER_PRODUCTBUILD >= 2195)
4486
4487NTSYSAPI
4488NTSTATUS
4489NTAPI
4490NtInitiatePowerAction (
4491 /*IN*/ POWER_ACTION SystemAction,
4492 /*IN*/ SYSTEM_POWER_STATE MinSystemState,
4493 /*IN*/ ULONG Flags,
4494 /*IN*/ BOOLEAN Asynchronous
4495);
4496
4497NTSYSAPI
4498NTSTATUS
4499NTAPI
4500ZwInitiatePowerAction (
4501 /*IN*/ POWER_ACTION SystemAction,
4502 /*IN*/ SYSTEM_POWER_STATE MinSystemState,
4503 /*IN*/ ULONG Flags,
4504 /*IN*/ BOOLEAN Asynchronous
4505);
4506
4507#endif /* (VER_PRODUCTBUILD >= 2195) */
4508
4509NTSYSAPI
4510NTSTATUS
4511NTAPI
4512NtLoadDriver (
4513 /* "\\Registry\\Machine\\System\\CurrentControlSet\\Services\\<DriverName>" */
4514 /*IN*/ PUNICODE_STRING RegistryPath
4515);
4516
4517NTSYSAPI
4518NTSTATUS
4519NTAPI
4520ZwLoadDriver (
4521 /* "\\Registry\\Machine\\System\\CurrentControlSet\\Services\\<DriverName>" */
4522 /*IN*/ PUNICODE_STRING RegistryPath
4523);
4524
4525NTSYSAPI
4526NTSTATUS
4527NTAPI
4528NtLoadKey (
4529 /*IN*/ POBJECT_ATTRIBUTES KeyObjectAttributes,
4530 /*IN*/ POBJECT_ATTRIBUTES FileObjectAttributes
4531);
4532
4533NTSYSAPI
4534NTSTATUS
4535NTAPI
4536ZwLoadKey (
4537 /*IN*/ POBJECT_ATTRIBUTES KeyObjectAttributes,
4538 /*IN*/ POBJECT_ATTRIBUTES FileObjectAttributes
4539);
4540
4541NTSYSAPI
4542NTSTATUS
4543NTAPI
4544NtNotifyChangeKey (
4545 /*IN*/ HANDLE KeyHandle,
4546 /*IN*/ HANDLE EventHandle /*OPTIONAL*/,
4547 /*IN*/ PIO_APC_ROUTINE ApcRoutine /*OPTIONAL*/,
4548 /*IN*/ PVOID ApcContext /*OPTIONAL*/,
4549 /*OUT*/ PIO_STATUS_BLOCK IoStatusBlock,
4550 /*IN*/ ULONG NotifyFilter,
4551 /*IN*/ BOOLEAN WatchSubtree,
4552 /*IN*/ PVOID Buffer,
4553 /*IN*/ ULONG BufferLength,
4554 /*IN*/ BOOLEAN Asynchronous
4555);
4556
4557NTSYSAPI
4558NTSTATUS
4559NTAPI
4560ZwNotifyChangeKey (
4561 /*IN*/ HANDLE KeyHandle,
4562 /*IN*/ HANDLE EventHandle /*OPTIONAL*/,
4563 /*IN*/ PIO_APC_ROUTINE ApcRoutine /*OPTIONAL*/,
4564 /*IN*/ PVOID ApcContext /*OPTIONAL*/,
4565 /*OUT*/ PIO_STATUS_BLOCK IoStatusBlock,
4566 /*IN*/ ULONG NotifyFilter,
4567 /*IN*/ BOOLEAN WatchSubtree,
4568 /*IN*/ PVOID Buffer,
4569 /*IN*/ ULONG BufferLength,
4570 /*IN*/ BOOLEAN Asynchronous
4571);
4572
4573NTSYSAPI
4574NTSTATUS
4575NTAPI
4576NtOpenDirectoryObject (
4577 /*OUT*/ PHANDLE DirectoryHandle,
4578 /*IN*/ ACCESS_MASK DesiredAccess,
4579 /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes
4580);
4581
4582NTSYSAPI
4583NTSTATUS
4584NTAPI
4585ZwOpenDirectoryObject (
4586 /*OUT*/ PHANDLE DirectoryHandle,
4587 /*IN*/ ACCESS_MASK DesiredAccess,
4588 /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes
4589);
4590
4591NTSYSAPI
4592NTSTATUS
4593NTAPI
4594NtOpenEvent (
4595 /*OUT*/ PHANDLE EventHandle,
4596 /*IN*/ ACCESS_MASK DesiredAccess,
4597 /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes
4598);
4599
4600NTSYSAPI
4601NTSTATUS
4602NTAPI
4603ZwOpenEvent (
4604 /*OUT*/ PHANDLE EventHandle,
4605 /*IN*/ ACCESS_MASK DesiredAccess,
4606 /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes
4607);
4608
4609NTSYSAPI
4610NTSTATUS
4611NTAPI
4612NtOpenProcess (
4613 /*OUT*/ PHANDLE ProcessHandle,
4614 /*IN*/ ACCESS_MASK DesiredAccess,
4615 /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes,
4616 /*IN*/ PCLIENT_ID ClientId /*OPTIONAL*/
4617);
4618
4619NTSYSAPI
4620NTSTATUS
4621NTAPI
4622ZwOpenProcess (
4623 /*OUT*/ PHANDLE ProcessHandle,
4624 /*IN*/ ACCESS_MASK DesiredAccess,
4625 /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes,
4626 /*IN*/ PCLIENT_ID ClientId /*OPTIONAL*/
4627);
4628
4629NTSYSAPI
4630NTSTATUS
4631NTAPI
4632NtOpenProcessToken (
4633 /*IN*/ HANDLE ProcessHandle,
4634 /*IN*/ ACCESS_MASK DesiredAccess,
4635 /*OUT*/ PHANDLE TokenHandle
4636);
4637
4638NTSYSAPI
4639NTSTATUS
4640NTAPI
4641ZwOpenProcessToken (
4642 /*IN*/ HANDLE ProcessHandle,
4643 /*IN*/ ACCESS_MASK DesiredAccess,
4644 /*OUT*/ PHANDLE TokenHandle
4645);
4646
4647NTSYSAPI
4648NTSTATUS
4649NTAPI
4650NtOpenThread (
4651 /*OUT*/ PHANDLE ThreadHandle,
4652 /*IN*/ ACCESS_MASK DesiredAccess,
4653 /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes,
4654 /*IN*/ PCLIENT_ID ClientId
4655);
4656
4657NTSYSAPI
4658NTSTATUS
4659NTAPI
4660ZwOpenThread (
4661 /*OUT*/ PHANDLE ThreadHandle,
4662 /*IN*/ ACCESS_MASK DesiredAccess,
4663 /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes,
4664 /*IN*/ PCLIENT_ID ClientId
4665);
4666
4667NTSYSAPI
4668NTSTATUS
4669NTAPI
4670NtOpenThreadToken (
4671 /*IN*/ HANDLE ThreadHandle,
4672 /*IN*/ ACCESS_MASK DesiredAccess,
4673 /*IN*/ BOOLEAN OpenAsSelf,
4674 /*OUT*/ PHANDLE TokenHandle
4675);
4676
4677NTSYSAPI
4678NTSTATUS
4679NTAPI
4680ZwOpenThreadToken (
4681 /*IN*/ HANDLE ThreadHandle,
4682 /*IN*/ ACCESS_MASK DesiredAccess,
4683 /*IN*/ BOOLEAN OpenAsSelf,
4684 /*OUT*/ PHANDLE TokenHandle
4685);
4686
4687#if (VER_PRODUCTBUILD >= 2195)
4688
4689NTSYSAPI
4690NTSTATUS
4691NTAPI
4692NtPowerInformation (
4693 /*IN*/ POWER_INFORMATION_LEVEL PowerInformationLevel,
4694 /*IN*/ PVOID InputBuffer /*OPTIONAL*/,
4695 /*IN*/ ULONG InputBufferLength,
4696 /*OUT*/ PVOID OutputBuffer /*OPTIONAL*/,
4697 /*IN*/ ULONG OutputBufferLength
4698);
4699
4700NTSYSAPI
4701NTSTATUS
4702NTAPI
4703ZwPowerInformation (
4704 /*IN*/ POWER_INFORMATION_LEVEL PowerInformationLevel,
4705 /*IN*/ PVOID InputBuffer /*OPTIONAL*/,
4706 /*IN*/ ULONG InputBufferLength,
4707 /*OUT*/ PVOID OutputBuffer /*OPTIONAL*/,
4708 /*IN*/ ULONG OutputBufferLength
4709);
4710
4711#endif /* (VER_PRODUCTBUILD >= 2195) */
4712
4713NTSYSAPI
4714NTSTATUS
4715NTAPI
4716NtPulseEvent (
4717 /*IN*/ HANDLE EventHandle,
4718 /*OUT*/ PULONG PreviousState /*OPTIONAL*/
4719);
4720
4721NTSYSAPI
4722NTSTATUS
4723NTAPI
4724ZwPulseEvent (
4725 /*IN*/ HANDLE EventHandle,
4726 /*OUT*/ PULONG PreviousState /*OPTIONAL*/
4727);
4728
4729NTSYSAPI
4730NTSTATUS
4731NTAPI
4732NtQueryDefaultLocale (
4733 /*IN*/ BOOLEAN ThreadOrSystem,
4734 /*OUT*/ PLCID Locale
4735);
4736
4737NTSYSAPI
4738NTSTATUS
4739NTAPI
4740ZwQueryDefaultLocale (
4741 /*IN*/ BOOLEAN ThreadOrSystem,
4742 /*OUT*/ PLCID Locale
4743);
4744
4745NTSYSAPI
4746NTSTATUS
4747NTAPI
4748NtQueryDirectoryFile (
4749 /*IN*/ HANDLE FileHandle,
4750 /*IN*/ HANDLE Event /*OPTIONAL*/,
4751 /*IN*/ PIO_APC_ROUTINE ApcRoutine /*OPTIONAL*/,
4752 /*IN*/ PVOID ApcContext /*OPTIONAL*/,
4753 /*OUT*/ PIO_STATUS_BLOCK IoStatusBlock,
4754 /*OUT*/ PVOID FileInformation,
4755 /*IN*/ ULONG Length,
4756 /*IN*/ FILE_INFORMATION_CLASS FileInformationClass,
4757 /*IN*/ BOOLEAN ReturnSingleEntry,
4758 /*IN*/ PUNICODE_STRING FileName /*OPTIONAL*/,
4759 /*IN*/ BOOLEAN RestartScan
4760);
4761
4762NTSYSAPI
4763NTSTATUS
4764NTAPI
4765ZwQueryDirectoryFile (
4766 /*IN*/ HANDLE FileHandle,
4767 /*IN*/ HANDLE Event /*OPTIONAL*/,
4768 /*IN*/ PIO_APC_ROUTINE ApcRoutine /*OPTIONAL*/,
4769 /*IN*/ PVOID ApcContext /*OPTIONAL*/,
4770 /*OUT*/ PIO_STATUS_BLOCK IoStatusBlock,
4771 /*OUT*/ PVOID FileInformation,
4772 /*IN*/ ULONG Length,
4773 /*IN*/ FILE_INFORMATION_CLASS FileInformationClass,
4774 /*IN*/ BOOLEAN ReturnSingleEntry,
4775 /*IN*/ PUNICODE_STRING FileName /*OPTIONAL*/,
4776 /*IN*/ BOOLEAN RestartScan
4777);
4778
4779#if (VER_PRODUCTBUILD >= 2195)
4780
4781NTSYSAPI
4782NTSTATUS
4783NTAPI
4784NtQueryDirectoryObject (
4785 /*IN*/ HANDLE DirectoryHandle,
4786 /*OUT*/ PVOID Buffer,
4787 /*IN*/ ULONG Length,
4788 /*IN*/ BOOLEAN ReturnSingleEntry,
4789 /*IN*/ BOOLEAN RestartScan,
4790 /*IN OUT*/ PULONG Context,
4791 /*OUT*/ PULONG ReturnLength /*OPTIONAL*/
4792);
4793
4794NTSYSAPI
4795NTSTATUS
4796NTAPI
4797ZwQueryDirectoryObject (
4798 /*IN*/ HANDLE DirectoryHandle,
4799 /*OUT*/ PVOID Buffer,
4800 /*IN*/ ULONG Length,
4801 /*IN*/ BOOLEAN ReturnSingleEntry,
4802 /*IN*/ BOOLEAN RestartScan,
4803 /*IN OUT*/ PULONG Context,
4804 /*OUT*/ PULONG ReturnLength /*OPTIONAL*/
4805);
4806
4807NTSYSAPI
4808NTSTATUS
4809NTAPI
4810NtQueryEaFile (
4811 /*IN*/ HANDLE FileHandle,
4812 /*OUT*/ PIO_STATUS_BLOCK IoStatusBlock,
4813 /*OUT*/ PVOID Buffer,
4814 /*IN*/ ULONG Length,
4815 /*IN*/ BOOLEAN ReturnSingleEntry,
4816 /*IN*/ PVOID EaList /*OPTIONAL*/,
4817 /*IN*/ ULONG EaListLength,
4818 /*IN*/ PULONG EaIndex /*OPTIONAL*/,
4819 /*IN*/ BOOLEAN RestartScan
4820);
4821
4822NTSYSAPI
4823NTSTATUS
4824NTAPI
4825ZwQueryEaFile (
4826 /*IN*/ HANDLE FileHandle,
4827 /*OUT*/ PIO_STATUS_BLOCK IoStatusBlock,
4828 /*OUT*/ PVOID Buffer,
4829 /*IN*/ ULONG Length,
4830 /*IN*/ BOOLEAN ReturnSingleEntry,
4831 /*IN*/ PVOID EaList /*OPTIONAL*/,
4832 /*IN*/ ULONG EaListLength,
4833 /*IN*/ PULONG EaIndex /*OPTIONAL*/,
4834 /*IN*/ BOOLEAN RestartScan
4835);
4836
4837#endif /* (VER_PRODUCTBUILD >= 2195) */
4838
4839NTSYSAPI
4840NTSTATUS
4841NTAPI
4842NtQueryInformationProcess (
4843 /*IN*/ HANDLE ProcessHandle,
4844 /*IN*/ PROCESSINFOCLASS ProcessInformationClass,
4845 /*OUT*/ PVOID ProcessInformation,
4846 /*IN*/ ULONG ProcessInformationLength,
4847 /*OUT*/ PULONG ReturnLength /*OPTIONAL*/
4848);
4849
4850NTSYSAPI
4851NTSTATUS
4852NTAPI
4853ZwQueryInformationProcess (
4854 /*IN*/ HANDLE ProcessHandle,
4855 /*IN*/ PROCESSINFOCLASS ProcessInformationClass,
4856 /*OUT*/ PVOID ProcessInformation,
4857 /*IN*/ ULONG ProcessInformationLength,
4858 /*OUT*/ PULONG ReturnLength /*OPTIONAL*/
4859);
4860
4861NTSYSAPI
4862NTSTATUS
4863NTAPI
4864NtQueryInformationToken (
4865 /*IN*/ HANDLE TokenHandle,
4866 /*IN*/ TOKEN_INFORMATION_CLASS TokenInformationClass,
4867 /*OUT*/ PVOID TokenInformation,
4868 /*IN*/ ULONG Length,
4869 /*OUT*/ PULONG ResultLength
4870);
4871
4872NTSYSAPI
4873NTSTATUS
4874NTAPI
4875ZwQueryInformationToken (
4876 /*IN*/ HANDLE TokenHandle,
4877 /*IN*/ TOKEN_INFORMATION_CLASS TokenInformationClass,
4878 /*OUT*/ PVOID TokenInformation,
4879 /*IN*/ ULONG Length,
4880 /*OUT*/ PULONG ResultLength
4881);
4882
4883NTSYSAPI
4884NTSTATUS
4885NTAPI
4886NtQueryObject (
4887 /*IN*/ HANDLE ObjectHandle,
4888 /*IN*/ OBJECT_INFORMATION_CLASS ObjectInformationClass,
4889 /*OUT*/ PVOID ObjectInformation,
4890 /*IN*/ ULONG Length,
4891 /*OUT*/ PULONG ResultLength
4892);
4893
4894NTSYSAPI
4895NTSTATUS
4896NTAPI
4897ZwQueryObject (
4898 /*IN*/ HANDLE ObjectHandle,
4899 /*IN*/ OBJECT_INFORMATION_CLASS ObjectInformationClass,
4900 /*OUT*/ PVOID ObjectInformation,
4901 /*IN*/ ULONG Length,
4902 /*OUT*/ PULONG ResultLength
4903);
4904
4905NTSYSAPI
4906NTSTATUS
4907NTAPI
4908NtQuerySection (
4909 /*IN*/ HANDLE SectionHandle,
4910 /*IN*/ SECTION_INFORMATION_CLASS SectionInformationClass,
4911 /*OUT*/ PVOID SectionInformation,
4912 /*IN*/ ULONG SectionInformationLength,
4913 /*OUT*/ PULONG ResultLength /*OPTIONAL*/
4914);
4915
4916NTSYSAPI
4917NTSTATUS
4918NTAPI
4919ZwQuerySection (
4920 /*IN*/ HANDLE SectionHandle,
4921 /*IN*/ SECTION_INFORMATION_CLASS SectionInformationClass,
4922 /*OUT*/ PVOID SectionInformation,
4923 /*IN*/ ULONG SectionInformationLength,
4924 /*OUT*/ PULONG ResultLength /*OPTIONAL*/
4925);
4926
4927NTSYSAPI
4928NTSTATUS
4929NTAPI
4930NtQuerySecurityObject (
4931 /*IN*/ HANDLE FileHandle,
4932 /*IN*/ SECURITY_INFORMATION SecurityInformation,
4933 /*OUT*/ PSECURITY_DESCRIPTOR SecurityDescriptor,
4934 /*IN*/ ULONG Length,
4935 /*OUT*/ PULONG ResultLength
4936);
4937
4938NTSYSAPI
4939NTSTATUS
4940NTAPI
4941ZwQuerySecurityObject (
4942 /*IN*/ HANDLE FileHandle,
4943 /*IN*/ SECURITY_INFORMATION SecurityInformation,
4944 /*OUT*/ PSECURITY_DESCRIPTOR SecurityDescriptor,
4945 /*IN*/ ULONG Length,
4946 /*OUT*/ PULONG ResultLength
4947);
4948
4949NTSYSAPI
4950NTSTATUS
4951NTAPI
4952NtQuerySystemInformation (
4953 /*IN*/ SYSTEM_INFORMATION_CLASS SystemInformationClass,
4954 /*OUT*/ PVOID SystemInformation,
4955 /*IN*/ ULONG Length,
4956 /*OUT*/ PULONG ReturnLength
4957);
4958
4959NTSYSAPI
4960NTSTATUS
4961NTAPI
4962ZwQuerySystemInformation (
4963 /*IN*/ SYSTEM_INFORMATION_CLASS SystemInformationClass,
4964 /*OUT*/ PVOID SystemInformation,
4965 /*IN*/ ULONG Length,
4966 /*OUT*/ PULONG ReturnLength
4967);
4968
4969NTSYSAPI
4970NTSTATUS
4971NTAPI
4972NtQueryVolumeInformationFile (
4973 /*IN*/ HANDLE FileHandle,
4974 /*OUT*/ PIO_STATUS_BLOCK IoStatusBlock,
4975 /*OUT*/ PVOID FsInformation,
4976 /*IN*/ ULONG Length,
4977 /*IN*/ FS_INFORMATION_CLASS FsInformationClass
4978);
4979
4980NTSYSAPI
4981NTSTATUS
4982NTAPI
4983ZwQueryVolumeInformationFile (
4984 /*IN*/ HANDLE FileHandle,
4985 /*OUT*/ PIO_STATUS_BLOCK IoStatusBlock,
4986 /*OUT*/ PVOID FsInformation,
4987 /*IN*/ ULONG Length,
4988 /*IN*/ FS_INFORMATION_CLASS FsInformationClass
4989);
4990
4991NTSYSAPI
4992NTSTATUS
4993NTAPI
4994NtReplaceKey (
4995 /*IN*/ POBJECT_ATTRIBUTES NewFileObjectAttributes,
4996 /*IN*/ HANDLE KeyHandle,
4997 /*IN*/ POBJECT_ATTRIBUTES OldFileObjectAttributes
4998);
4999
5000NTSYSAPI
5001NTSTATUS
5002NTAPI
5003ZwReplaceKey (
5004 /*IN*/ POBJECT_ATTRIBUTES NewFileObjectAttributes,
5005 /*IN*/ HANDLE KeyHandle,
5006 /*IN*/ POBJECT_ATTRIBUTES OldFileObjectAttributes
5007);
5008
5009NTSYSAPI
5010NTSTATUS
5011NTAPI
5012NtResetEvent (
5013 /*IN*/ HANDLE EventHandle,
5014 /*OUT*/ PULONG PreviousState /*OPTIONAL*/
5015);
5016
5017NTSYSAPI
5018NTSTATUS
5019NTAPI
5020ZwResetEvent (
5021 /*IN*/ HANDLE EventHandle,
5022 /*OUT*/ PULONG PreviousState /*OPTIONAL*/
5023);
5024
5025#if (VER_PRODUCTBUILD >= 2195)
5026
5027NTSYSAPI
5028NTSTATUS
5029NTAPI
5030NtRestoreKey (
5031 /*IN*/ HANDLE KeyHandle,
5032 /*IN*/ HANDLE FileHandle,
5033 /*IN*/ ULONG Flags
5034);
5035
5036NTSYSAPI
5037NTSTATUS
5038NTAPI
5039ZwRestoreKey (
5040 /*IN*/ HANDLE KeyHandle,
5041 /*IN*/ HANDLE FileHandle,
5042 /*IN*/ ULONG Flags
5043);
5044
5045#endif /* (VER_PRODUCTBUILD >= 2195) */
5046
5047NTSYSAPI
5048NTSTATUS
5049NTAPI
5050NtSaveKey (
5051 /*IN*/ HANDLE KeyHandle,
5052 /*IN*/ HANDLE FileHandle
5053);
5054
5055NTSYSAPI
5056NTSTATUS
5057NTAPI
5058ZwSaveKey (
5059 /*IN*/ HANDLE KeyHandle,
5060 /*IN*/ HANDLE FileHandle
5061);
5062
5063NTSYSAPI
5064NTSTATUS
5065NTAPI
5066NtSetDefaultLocale (
5067 /*IN*/ BOOLEAN ThreadOrSystem,
5068 /*IN*/ LCID Locale
5069);
5070
5071NTSYSAPI
5072NTSTATUS
5073NTAPI
5074ZwSetDefaultLocale (
5075 /*IN*/ BOOLEAN ThreadOrSystem,
5076 /*IN*/ LCID Locale
5077);
5078
5079#if (VER_PRODUCTBUILD >= 2195)
5080
5081NTSYSAPI
5082NTSTATUS
5083NTAPI
5084NtSetDefaultUILanguage (
5085 /*IN*/ LANGID LanguageId
5086);
5087
5088NTSYSAPI
5089NTSTATUS
5090NTAPI
5091ZwSetDefaultUILanguage (
5092 /*IN*/ LANGID LanguageId
5093);
5094
5095NTSYSAPI
5096NTSTATUS
5097NTAPI
5098NtSetEaFile (
5099 /*IN*/ HANDLE FileHandle,
5100 /*OUT*/ PIO_STATUS_BLOCK IoStatusBlock,
5101 /*OUT*/ PVOID Buffer,
5102 /*IN*/ ULONG Length
5103);
5104
5105NTSYSAPI
5106NTSTATUS
5107NTAPI
5108ZwSetEaFile (
5109 /*IN*/ HANDLE FileHandle,
5110 /*OUT*/ PIO_STATUS_BLOCK IoStatusBlock,
5111 /*OUT*/ PVOID Buffer,
5112 /*IN*/ ULONG Length
5113);
5114
5115#endif /* (VER_PRODUCTBUILD >= 2195) */
5116
5117NTSYSAPI
5118NTSTATUS
5119NTAPI
5120NtSetEvent (
5121 /*IN*/ HANDLE EventHandle,
5122 /*OUT*/ PULONG PreviousState /*OPTIONAL*/
5123);
5124
5125NTSYSAPI
5126NTSTATUS
5127NTAPI
5128ZwSetEvent (
5129 /*IN*/ HANDLE EventHandle,
5130 /*OUT*/ PULONG PreviousState /*OPTIONAL*/
5131);
5132
5133NTSYSAPI
5134NTSTATUS
5135NTAPI
5136NtSetInformationObject (
5137 /*IN*/ HANDLE ObjectHandle,
5138 /*IN*/ OBJECT_INFORMATION_CLASS ObjectInformationClass,
5139 /*IN*/ PVOID ObjectInformation,
5140 /*IN*/ ULONG ObjectInformationLength
5141);
5142
5143NTSYSAPI
5144NTSTATUS
5145NTAPI
5146ZwSetInformationObject (
5147 /*IN*/ HANDLE ObjectHandle,
5148 /*IN*/ OBJECT_INFORMATION_CLASS ObjectInformationClass,
5149 /*IN*/ PVOID ObjectInformation,
5150 /*IN*/ ULONG ObjectInformationLength
5151);
5152
5153NTSYSAPI
5154NTSTATUS
5155NTAPI
5156NtSetInformationProcess (
5157 /*IN*/ HANDLE ProcessHandle,
5158 /*IN*/ PROCESSINFOCLASS ProcessInformationClass,
5159 /*IN*/ PVOID ProcessInformation,
5160 /*IN*/ ULONG ProcessInformationLength
5161);
5162
5163NTSYSAPI
5164NTSTATUS
5165NTAPI
5166ZwSetInformationProcess (
5167 /*IN*/ HANDLE ProcessHandle,
5168 /*IN*/ PROCESSINFOCLASS ProcessInformationClass,
5169 /*IN*/ PVOID ProcessInformation,
5170 /*IN*/ ULONG ProcessInformationLength
5171);
5172
5173#if (VER_PRODUCTBUILD >= 2195)
5174
5175NTSYSAPI
5176NTSTATUS
5177NTAPI
5178NtSetSecurityObject (
5179 /*IN*/ HANDLE Handle,
5180 /*IN*/ SECURITY_INFORMATION SecurityInformation,
5181 /*IN*/ PSECURITY_DESCRIPTOR SecurityDescriptor
5182);
5183
5184NTSYSAPI
5185NTSTATUS
5186NTAPI
5187ZwSetSecurityObject (
5188 /*IN*/ HANDLE Handle,
5189 /*IN*/ SECURITY_INFORMATION SecurityInformation,
5190 /*IN*/ PSECURITY_DESCRIPTOR SecurityDescriptor
5191);
5192
5193#endif /* (VER_PRODUCTBUILD >= 2195) */
5194
5195NTSYSAPI
5196NTSTATUS
5197NTAPI
5198NtSetSystemInformation (
5199 /*IN*/ SYSTEM_INFORMATION_CLASS SystemInformationClass,
5200 /*IN*/ PVOID SystemInformation,
5201 /*IN*/ ULONG Length
5202);
5203
5204NTSYSAPI
5205NTSTATUS
5206NTAPI
5207ZwSetSystemInformation (
5208 /*IN*/ SYSTEM_INFORMATION_CLASS SystemInformationClass,
5209 /*IN*/ PVOID SystemInformation,
5210 /*IN*/ ULONG Length
5211);
5212
5213NTSYSAPI
5214NTSTATUS
5215NTAPI
5216NtSetSystemTime (
5217 /*IN*/ PLARGE_INTEGER NewTime,
5218 /*OUT*/ PLARGE_INTEGER OldTime /*OPTIONAL*/
5219);
5220
5221NTSYSAPI
5222NTSTATUS
5223NTAPI
5224ZwSetSystemTime (
5225 /*IN*/ PLARGE_INTEGER NewTime,
5226 /*OUT*/ PLARGE_INTEGER OldTime /*OPTIONAL*/
5227);
5228
5229#if (VER_PRODUCTBUILD >= 2195)
5230
5231NTSYSAPI
5232NTSTATUS
5233NTAPI
5234NtSetVolumeInformationFile (
5235 /*IN*/ HANDLE FileHandle,
5236 /*OUT*/ PIO_STATUS_BLOCK IoStatusBlock,
5237 /*IN*/ PVOID FsInformation,
5238 /*IN*/ ULONG Length,
5239 /*IN*/ FS_INFORMATION_CLASS FsInformationClass
5240);
5241
5242NTSYSAPI
5243NTSTATUS
5244NTAPI
5245ZwSetVolumeInformationFile (
5246 /*IN*/ HANDLE FileHandle,
5247 /*OUT*/ PIO_STATUS_BLOCK IoStatusBlock,
5248 /*IN*/ PVOID FsInformation,
5249 /*IN*/ ULONG Length,
5250 /*IN*/ FS_INFORMATION_CLASS FsInformationClass
5251);
5252
5253#endif /* (VER_PRODUCTBUILD >= 2195) */
5254
5255NTSYSAPI
5256NTSTATUS
5257NTAPI
5258NtTerminateProcess (
5259 /*IN*/ HANDLE ProcessHandle /*OPTIONAL*/,
5260 /*IN*/ NTSTATUS ExitStatus
5261);
5262
5263NTSYSAPI
5264NTSTATUS
5265NTAPI
5266ZwTerminateProcess (
5267 /*IN*/ HANDLE ProcessHandle /*OPTIONAL*/,
5268 /*IN*/ NTSTATUS ExitStatus
5269);
5270
5271NTSYSAPI
5272NTSTATUS
5273NTAPI
5274NtUnloadDriver (
5275 /* "\\Registry\\Machine\\System\\CurrentControlSet\\Services\\<DriverName>" */
5276 /*IN*/ PUNICODE_STRING RegistryPath
5277);
5278
5279NTSYSAPI
5280NTSTATUS
5281NTAPI
5282ZwUnloadDriver (
5283 /* "\\Registry\\Machine\\System\\CurrentControlSet\\Services\\<DriverName>" */
5284 /*IN*/ PUNICODE_STRING RegistryPath
5285);
5286
5287NTSYSAPI
5288NTSTATUS
5289NTAPI
5290NtUnloadKey (
5291 /*IN*/ POBJECT_ATTRIBUTES KeyObjectAttributes
5292);
5293
5294NTSYSAPI
5295NTSTATUS
5296NTAPI
5297ZwUnloadKey (
5298 /*IN*/ POBJECT_ATTRIBUTES KeyObjectAttributes
5299);
5300
5301NTSYSAPI
5302NTSTATUS
5303NTAPI
5304NtWaitForSingleObject (
5305 /*IN*/ HANDLE Handle,
5306 /*IN*/ BOOLEAN Alertable,
5307 /*IN*/ PLARGE_INTEGER Timeout /*OPTIONAL*/
5308);
5309
5310NTSYSAPI
5311NTSTATUS
5312NTAPI
5313ZwWaitForSingleObject (
5314 /*IN*/ HANDLE Handle,
5315 /*IN*/ BOOLEAN Alertable,
5316 /*IN*/ PLARGE_INTEGER Timeout /*OPTIONAL*/
5317);
5318
5319NTSYSAPI
5320NTSTATUS
5321NTAPI
5322NtWaitForMultipleObjects (
5323 /*IN*/ ULONG HandleCount,
5324 /*IN*/ PHANDLE Handles,
5325 /*IN*/ WAIT_TYPE WaitType,
5326 /*IN*/ BOOLEAN Alertable,
5327 /*IN*/ PLARGE_INTEGER Timeout /*OPTIONAL*/
5328);
5329
5330NTSYSAPI
5331NTSTATUS
5332NTAPI
5333ZwWaitForMultipleObjects (
5334 /*IN*/ ULONG HandleCount,
5335 /*IN*/ PHANDLE Handles,
5336 /*IN*/ WAIT_TYPE WaitType,
5337 /*IN*/ BOOLEAN Alertable,
5338 /*IN*/ PLARGE_INTEGER Timeout /*OPTIONAL*/
5339);
5340
5341NTSYSAPI
5342NTSTATUS
5343NTAPI
5344NtYieldExecution (
5345 VOID
5346);
5347
5348NTSYSAPI
5349NTSTATUS
5350NTAPI
5351ZwYieldExecution (
5352 VOID
5353);
5354
5355#ifdef __cplusplus
5356}
5357#endif
5358
5359#endif /* _NTIFS_ */
Note: See TracBrowser for help on using the repository browser.