4 * Windows NT Filesystem Driver Developer Kit
6 * This file is part of the w32api package.
9 * Created by Bo Brantén <bosse@acc.umu.se>
11 * THIS SOFTWARE IS NOT COPYRIGHTED
13 * This source code is offered for use in the public domain. You may
14 * use, modify or distribute it freely.
16 * This code is distributed in the hope that it will be useful but
17 * WITHOUT ANY WARRANTY. ALL WARRANTIES, EXPRESS OR IMPLIED ARE HEREBY
18 * DISCLAIMED. This includes but is not limited to warranties of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
28 #pragma GCC system_header
38 #define VER_PRODUCTBUILD 10000
45 #define NTKERNELAPI STDCALL
48 typedef struct _SE_EXPORTS
*PSE_EXPORTS
;
50 extern PUCHAR
*FsRtlLegalAnsiCharacterArray
;
51 extern PSE_EXPORTS SeExports
;
52 extern PACL SePublicDefaultDacl
;
53 extern PACL SeSystemDefaultDacl
;
55 #define ANSI_DOS_STAR ('<')
56 #define ANSI_DOS_QM ('>')
57 #define ANSI_DOS_DOT ('"')
59 #define DOS_STAR (L'<')
61 #define DOS_DOT (L'"')
64 #define ACCESS_ALLOWED_ACE_TYPE (0x0)
65 #define ACCESS_DENIED_ACE_TYPE (0x1)
66 #define SYSTEM_AUDIT_ACE_TYPE (0x2)
67 #define SYSTEM_ALARM_ACE_TYPE (0x3)
69 #define COMPRESSION_FORMAT_NONE (0x0000)
70 #define COMPRESSION_FORMAT_DEFAULT (0x0001)
71 #define COMPRESSION_FORMAT_LZNT1 (0x0002)
72 #define COMPRESSION_ENGINE_STANDARD (0x0000)
73 #define COMPRESSION_ENGINE_MAXIMUM (0x0100)
74 #define COMPRESSION_ENGINE_HIBER (0x0200)
76 #define FILE_ACTION_ADDED 0x00000001
77 #define FILE_ACTION_REMOVED 0x00000002
78 #define FILE_ACTION_MODIFIED 0x00000003
79 #define FILE_ACTION_RENAMED_OLD_NAME 0x00000004
80 #define FILE_ACTION_RENAMED_NEW_NAME 0x00000005
81 #define FILE_ACTION_ADDED_STREAM 0x00000006
82 #define FILE_ACTION_REMOVED_STREAM 0x00000007
83 #define FILE_ACTION_MODIFIED_STREAM 0x00000008
84 #define FILE_ACTION_REMOVED_BY_DELETE 0x00000009
85 #define FILE_ACTION_ID_NOT_TUNNELLED 0x0000000A
86 #define FILE_ACTION_TUNNELLED_ID_COLLISION 0x0000000B
89 #define FILE_EA_TYPE_BINARY 0xfffe
90 #define FILE_EA_TYPE_ASCII 0xfffd
91 #define FILE_EA_TYPE_BITMAP 0xfffb
92 #define FILE_EA_TYPE_METAFILE 0xfffa
93 #define FILE_EA_TYPE_ICON 0xfff9
94 #define FILE_EA_TYPE_EA 0xffee
95 #define FILE_EA_TYPE_MVMT 0xffdf
96 #define FILE_EA_TYPE_MVST 0xffde
97 #define FILE_EA_TYPE_ASN1 0xffdd
98 #define FILE_EA_TYPE_FAMILY_IDS 0xff01
100 #define FILE_NEED_EA 0x00000080
102 /* also in winnt.h */
103 #define FILE_NOTIFY_CHANGE_FILE_NAME 0x00000001
104 #define FILE_NOTIFY_CHANGE_DIR_NAME 0x00000002
105 #define FILE_NOTIFY_CHANGE_NAME 0x00000003
106 #define FILE_NOTIFY_CHANGE_ATTRIBUTES 0x00000004
107 #define FILE_NOTIFY_CHANGE_SIZE 0x00000008
108 #define FILE_NOTIFY_CHANGE_LAST_WRITE 0x00000010
109 #define FILE_NOTIFY_CHANGE_LAST_ACCESS 0x00000020
110 #define FILE_NOTIFY_CHANGE_CREATION 0x00000040
111 #define FILE_NOTIFY_CHANGE_EA 0x00000080
112 #define FILE_NOTIFY_CHANGE_SECURITY 0x00000100
113 #define FILE_NOTIFY_CHANGE_STREAM_NAME 0x00000200
114 #define FILE_NOTIFY_CHANGE_STREAM_SIZE 0x00000400
115 #define FILE_NOTIFY_CHANGE_STREAM_WRITE 0x00000800
116 #define FILE_NOTIFY_VALID_MASK 0x00000fff
119 #define FILE_OPLOCK_BROKEN_TO_LEVEL_2 0x00000007
120 #define FILE_OPLOCK_BROKEN_TO_NONE 0x00000008
122 #define FILE_OPBATCH_BREAK_UNDERWAY 0x00000009
124 #define FILE_CASE_SENSITIVE_SEARCH 0x00000001
125 #define FILE_CASE_PRESERVED_NAMES 0x00000002
126 #define FILE_UNICODE_ON_DISK 0x00000004
127 #define FILE_PERSISTENT_ACLS 0x00000008
128 #define FILE_FILE_COMPRESSION 0x00000010
129 #define FILE_VOLUME_QUOTAS 0x00000020
130 #define FILE_SUPPORTS_SPARSE_FILES 0x00000040
131 #define FILE_SUPPORTS_REPARSE_POINTS 0x00000080
132 #define FILE_SUPPORTS_REMOTE_STORAGE 0x00000100
133 #define FS_LFN_APIS 0x00004000
134 #define FILE_VOLUME_IS_COMPRESSED 0x00008000
135 #define FILE_SUPPORTS_OBJECT_IDS 0x00010000
136 #define FILE_SUPPORTS_ENCRYPTION 0x00020000
137 #define FILE_NAMED_STREAMS 0x00040000
138 #define FILE_READ_ONLY_VOLUME 0x00080000
140 #define FILE_PIPE_BYTE_STREAM_TYPE 0x00000000
141 #define FILE_PIPE_MESSAGE_TYPE 0x00000001
143 #define FILE_PIPE_BYTE_STREAM_MODE 0x00000000
144 #define FILE_PIPE_MESSAGE_MODE 0x00000001
146 #define FILE_PIPE_QUEUE_OPERATION 0x00000000
147 #define FILE_PIPE_COMPLETE_OPERATION 0x00000001
149 #define FILE_PIPE_INBOUND 0x00000000
150 #define FILE_PIPE_OUTBOUND 0x00000001
151 #define FILE_PIPE_FULL_DUPLEX 0x00000002
153 #define FILE_PIPE_DISCONNECTED_STATE 0x00000001
154 #define FILE_PIPE_LISTENING_STATE 0x00000002
155 #define FILE_PIPE_CONNECTED_STATE 0x00000003
156 #define FILE_PIPE_CLOSING_STATE 0x00000004
158 #define FILE_PIPE_CLIENT_END 0x00000000
159 #define FILE_PIPE_SERVER_END 0x00000001
161 #define FILE_PIPE_READ_DATA 0x00000000
162 #define FILE_PIPE_WRITE_SPACE 0x00000001
164 #define FILE_STORAGE_TYPE_SPECIFIED 0x00000041 /* FILE_DIRECTORY_FILE | FILE_NON_DIRECTORY_FILE */
165 #define FILE_STORAGE_TYPE_DEFAULT (StorageTypeDefault << FILE_STORAGE_TYPE_SHIFT)
166 #define FILE_STORAGE_TYPE_DIRECTORY (StorageTypeDirectory << FILE_STORAGE_TYPE_SHIFT)
167 #define FILE_STORAGE_TYPE_FILE (StorageTypeFile << FILE_STORAGE_TYPE_SHIFT)
168 #define FILE_STORAGE_TYPE_DOCFILE (StorageTypeDocfile << FILE_STORAGE_TYPE_SHIFT)
169 #define FILE_STORAGE_TYPE_JUNCTION_POINT (StorageTypeJunctionPoint << FILE_STORAGE_TYPE_SHIFT)
170 #define FILE_STORAGE_TYPE_CATALOG (StorageTypeCatalog << FILE_STORAGE_TYPE_SHIFT)
171 #define FILE_STORAGE_TYPE_STRUCTURED_STORAGE (StorageTypeStructuredStorage << FILE_STORAGE_TYPE_SHIFT)
172 #define FILE_STORAGE_TYPE_EMBEDDING (StorageTypeEmbedding << FILE_STORAGE_TYPE_SHIFT)
173 #define FILE_STORAGE_TYPE_STREAM (StorageTypeStream << FILE_STORAGE_TYPE_SHIFT)
174 #define FILE_MINIMUM_STORAGE_TYPE FILE_STORAGE_TYPE_DEFAULT
175 #define FILE_MAXIMUM_STORAGE_TYPE FILE_STORAGE_TYPE_STREAM
176 #define FILE_STORAGE_TYPE_MASK 0x000f0000
177 #define FILE_STORAGE_TYPE_SHIFT 16
179 #define FILE_VC_QUOTA_NONE 0x00000000
180 #define FILE_VC_QUOTA_TRACK 0x00000001
181 #define FILE_VC_QUOTA_ENFORCE 0x00000002
182 #define FILE_VC_QUOTA_MASK 0x00000003
184 #define FILE_VC_QUOTAS_LOG_VIOLATIONS 0x00000004
185 #define FILE_VC_CONTENT_INDEX_DISABLED 0x00000008
187 #define FILE_VC_LOG_QUOTA_THRESHOLD 0x00000010
188 #define FILE_VC_LOG_QUOTA_LIMIT 0x00000020
189 #define FILE_VC_LOG_VOLUME_THRESHOLD 0x00000040
190 #define FILE_VC_LOG_VOLUME_LIMIT 0x00000080
192 #define FILE_VC_QUOTAS_INCOMPLETE 0x00000100
193 #define FILE_VC_QUOTAS_REBUILDING 0x00000200
195 #define FILE_VC_VALID_MASK 0x000003ff
197 #define FSRTL_FLAG_FILE_MODIFIED (0x01)
198 #define FSRTL_FLAG_FILE_LENGTH_CHANGED (0x02)
199 #define FSRTL_FLAG_LIMIT_MODIFIED_PAGES (0x04)
200 #define FSRTL_FLAG_ACQUIRE_MAIN_RSRC_EX (0x08)
201 #define FSRTL_FLAG_ACQUIRE_MAIN_RSRC_SH (0x10)
202 #define FSRTL_FLAG_USER_MAPPED_FILE (0x20)
203 #define FSRTL_FLAG_EOF_ADVANCE_ACTIVE (0x80)
205 #define FSRTL_FLAG2_DO_MODIFIED_WRITE (0x01)
207 #define FSRTL_FSP_TOP_LEVEL_IRP (0x01)
208 #define FSRTL_CACHE_TOP_LEVEL_IRP (0x02)
209 #define FSRTL_MOD_WRITE_TOP_LEVEL_IRP (0x03)
210 #define FSRTL_FAST_IO_TOP_LEVEL_IRP (0x04)
211 #define FSRTL_MAX_TOP_LEVEL_IRP_FLAG (0x04)
213 #define FSRTL_VOLUME_DISMOUNT 1
214 #define FSRTL_VOLUME_DISMOUNT_FAILED 2
215 #define FSRTL_VOLUME_LOCK 3
216 #define FSRTL_VOLUME_LOCK_FAILED 4
217 #define FSRTL_VOLUME_UNLOCK 5
218 #define FSRTL_VOLUME_MOUNT 6
220 #define FSRTL_WILD_CHARACTER 0x08
223 #define HARDWARE_PTE HARDWARE_PTE_X86
224 #define PHARDWARE_PTE PHARDWARE_PTE_X86
226 #define HARDWARE_PTE ULONG
227 #define PHARDWARE_PTE PULONG
230 #define IO_CHECK_CREATE_PARAMETERS 0x0200
231 #define IO_ATTACH_DEVICE 0x0400
233 #define IO_ATTACH_DEVICE_API 0x80000000
234 /* also in winnt.h */
235 #define IO_COMPLETION_QUERY_STATE 0x0001
236 #define IO_COMPLETION_MODIFY_STATE 0x0002
237 #define IO_COMPLETION_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED|SYNCHRONIZE|0x3)
239 #define IO_FILE_OBJECT_NON_PAGED_POOL_CHARGE 64
240 #define IO_FILE_OBJECT_PAGED_POOL_CHARGE 1024
242 #define IO_TYPE_APC 18
243 #define IO_TYPE_DPC 19
244 #define IO_TYPE_DEVICE_QUEUE 20
245 #define IO_TYPE_EVENT_PAIR 21
246 #define IO_TYPE_INTERRUPT 22
247 #define IO_TYPE_PROFILE 23
249 #define IRP_BEING_VERIFIED 0x10
251 #define MAILSLOT_CLASS_FIRSTCLASS 1
252 #define MAILSLOT_CLASS_SECONDCLASS 2
254 #define MAILSLOT_SIZE_AUTO 0
256 #define MAP_PROCESS 1L
257 #define MAP_SYSTEM 2L
258 #define MEM_DOS_LIM 0x40000000
259 /* also in winnt.h */
260 #define MEM_IMAGE SEC_IMAGE
262 #define OB_TYPE_TYPE 1
263 #define OB_TYPE_DIRECTORY 2
264 #define OB_TYPE_SYMBOLIC_LINK 3
265 #define OB_TYPE_TOKEN 4
266 #define OB_TYPE_PROCESS 5
267 #define OB_TYPE_THREAD 6
268 #define OB_TYPE_EVENT 7
269 #define OB_TYPE_EVENT_PAIR 8
270 #define OB_TYPE_MUTANT 9
271 #define OB_TYPE_SEMAPHORE 10
272 #define OB_TYPE_TIMER 11
273 #define OB_TYPE_PROFILE 12
274 #define OB_TYPE_WINDOW_STATION 13
275 #define OB_TYPE_DESKTOP 14
276 #define OB_TYPE_SECTION 15
277 #define OB_TYPE_KEY 16
278 #define OB_TYPE_PORT 17
279 #define OB_TYPE_ADAPTER 18
280 #define OB_TYPE_CONTROLLER 19
281 #define OB_TYPE_DEVICE 20
282 #define OB_TYPE_DRIVER 21
283 #define OB_TYPE_IO_COMPLETION 22
284 #define OB_TYPE_FILE 23
287 #define PIN_EXCLUSIVE (2)
288 #define PIN_NO_READ (4)
289 #define PIN_IF_BCB (8)
291 #define PORT_CONNECT 0x0001
292 #define PORT_ALL_ACCESS (STANDARD_RIGHTS_ALL |\
294 /* also in winnt.h */
295 #define SEC_BASED 0x00200000
296 #define SEC_NO_CHANGE 0x00400000
297 #define SEC_FILE 0x00800000
298 #define SEC_IMAGE 0x01000000
299 #define SEC_VLM 0x02000000
300 #define SEC_RESERVE 0x04000000
301 #define SEC_COMMIT 0x08000000
302 #define SEC_NOCACHE 0x10000000
304 #define SECURITY_WORLD_SID_AUTHORITY {0,0,0,0,0,1}
305 #define SECURITY_WORLD_RID (0x00000000L)
307 #define SID_REVISION 1
309 #define TOKEN_ASSIGN_PRIMARY (0x0001)
310 #define TOKEN_DUPLICATE (0x0002)
311 #define TOKEN_IMPERSONATE (0x0004)
312 #define TOKEN_QUERY (0x0008)
313 #define TOKEN_QUERY_SOURCE (0x0010)
314 #define TOKEN_ADJUST_PRIVILEGES (0x0020)
315 #define TOKEN_ADJUST_GROUPS (0x0040)
316 #define TOKEN_ADJUST_DEFAULT (0x0080)
318 #define TOKEN_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED |\
319 TOKEN_ASSIGN_PRIMARY |\
323 TOKEN_QUERY_SOURCE |\
324 TOKEN_ADJUST_PRIVILEGES |\
325 TOKEN_ADJUST_GROUPS |\
326 TOKEN_ADJUST_DEFAULT)
328 #define TOKEN_READ (STANDARD_RIGHTS_READ |\
331 #define TOKEN_WRITE (STANDARD_RIGHTS_WRITE |\
332 TOKEN_ADJUST_PRIVILEGES |\
333 TOKEN_ADJUST_GROUPS |\
334 TOKEN_ADJUST_DEFAULT)
336 #define TOKEN_EXECUTE (STANDARD_RIGHTS_EXECUTE)
338 #define TOKEN_SOURCE_LENGTH 8
341 #define TOKEN_HAS_TRAVERSE_PRIVILEGE 0x01
342 #define TOKEN_HAS_BACKUP_PRIVILEGE 0x02
343 #define TOKEN_HAS_RESTORE_PRIVILEGE 0x04
344 #define TOKEN_HAS_ADMIN_GROUP 0x08
345 #define TOKEN_IS_RESTRICTED 0x10
347 #define VACB_MAPPING_GRANULARITY (0x40000)
348 #define VACB_OFFSET_SHIFT (18)
350 #define FSCTL_REQUEST_OPLOCK_LEVEL_1 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 0, METHOD_BUFFERED, FILE_ANY_ACCESS)
351 #define FSCTL_REQUEST_OPLOCK_LEVEL_2 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 1, METHOD_BUFFERED, FILE_ANY_ACCESS)
352 #define FSCTL_REQUEST_BATCH_OPLOCK CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 2, METHOD_BUFFERED, FILE_ANY_ACCESS)
353 #define FSCTL_OPLOCK_BREAK_ACKNOWLEDGE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 3, METHOD_BUFFERED, FILE_ANY_ACCESS)
354 #define FSCTL_OPBATCH_ACK_CLOSE_PENDING CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 4, METHOD_BUFFERED, FILE_ANY_ACCESS)
355 #define FSCTL_OPLOCK_BREAK_NOTIFY CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 5, METHOD_BUFFERED, FILE_ANY_ACCESS)
356 #define FSCTL_LOCK_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 6, METHOD_BUFFERED, FILE_ANY_ACCESS)
357 #define FSCTL_UNLOCK_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 7, METHOD_BUFFERED, FILE_ANY_ACCESS)
358 #define FSCTL_DISMOUNT_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 8, METHOD_BUFFERED, FILE_ANY_ACCESS)
360 #define FSCTL_IS_VOLUME_MOUNTED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 10, METHOD_BUFFERED, FILE_ANY_ACCESS)
361 #define FSCTL_IS_PATHNAME_VALID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 11, METHOD_BUFFERED, FILE_ANY_ACCESS)
362 #define FSCTL_MARK_VOLUME_DIRTY CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 12, METHOD_BUFFERED, FILE_ANY_ACCESS)
364 #define FSCTL_QUERY_RETRIEVAL_POINTERS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 14, METHOD_NEITHER, FILE_ANY_ACCESS)
365 #define FSCTL_GET_COMPRESSION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 15, METHOD_BUFFERED, FILE_ANY_ACCESS)
366 #define FSCTL_SET_COMPRESSION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 16, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA)
369 #define FSCTL_MARK_AS_SYSTEM_HIVE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 19, METHOD_NEITHER, FILE_ANY_ACCESS)
370 #define FSCTL_OPLOCK_BREAK_ACK_NO_2 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 20, METHOD_BUFFERED, FILE_ANY_ACCESS)
371 #define FSCTL_INVALIDATE_VOLUMES CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 21, METHOD_BUFFERED, FILE_ANY_ACCESS)
372 #define FSCTL_QUERY_FAT_BPB CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 22, METHOD_BUFFERED, FILE_ANY_ACCESS)
373 #define FSCTL_REQUEST_FILTER_OPLOCK CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 23, METHOD_BUFFERED, FILE_ANY_ACCESS)
374 #define FSCTL_FILESYSTEM_GET_STATISTICS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 24, METHOD_BUFFERED, FILE_ANY_ACCESS)
376 #if (VER_PRODUCTBUILD >= 1381)
378 #define FSCTL_GET_NTFS_VOLUME_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 25, METHOD_BUFFERED, FILE_ANY_ACCESS)
379 #define FSCTL_GET_NTFS_FILE_RECORD CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 26, METHOD_BUFFERED, FILE_ANY_ACCESS)
380 #define FSCTL_GET_VOLUME_BITMAP CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 27, METHOD_NEITHER, FILE_ANY_ACCESS)
381 #define FSCTL_GET_RETRIEVAL_POINTERS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 28, METHOD_NEITHER, FILE_ANY_ACCESS)
382 #define FSCTL_MOVE_FILE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 29, METHOD_BUFFERED, FILE_ANY_ACCESS)
383 #define FSCTL_IS_VOLUME_DIRTY CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 30, METHOD_BUFFERED, FILE_ANY_ACCESS)
384 #define FSCTL_GET_HFS_INFORMATION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 31, METHOD_BUFFERED, FILE_ANY_ACCESS)
385 #define FSCTL_ALLOW_EXTENDED_DASD_IO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 32, METHOD_NEITHER, FILE_ANY_ACCESS)
387 #endif /* (VER_PRODUCTBUILD >= 1381) */
389 #if (VER_PRODUCTBUILD >= 2195)
391 #define FSCTL_READ_PROPERTY_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 33, METHOD_NEITHER, FILE_ANY_ACCESS)
392 #define FSCTL_WRITE_PROPERTY_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 34, METHOD_NEITHER, FILE_ANY_ACCESS)
393 #define FSCTL_FIND_FILES_BY_SID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 35, METHOD_NEITHER, FILE_ANY_ACCESS)
395 #define FSCTL_DUMP_PROPERTY_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 37, METHOD_NEITHER, FILE_ANY_ACCESS)
396 #define FSCTL_SET_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 38, METHOD_BUFFERED, FILE_WRITE_DATA)
397 #define FSCTL_GET_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 39, METHOD_BUFFERED, FILE_ANY_ACCESS)
398 #define FSCTL_DELETE_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 40, METHOD_BUFFERED, FILE_WRITE_DATA)
399 #define FSCTL_SET_REPARSE_POINT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 41, METHOD_BUFFERED, FILE_WRITE_DATA)
400 #define FSCTL_GET_REPARSE_POINT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 42, METHOD_BUFFERED, FILE_ANY_ACCESS)
401 #define FSCTL_DELETE_REPARSE_POINT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 43, METHOD_BUFFERED, FILE_WRITE_DATA)
402 #define FSCTL_ENUM_USN_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 44, METHOD_NEITHER, FILE_READ_DATA)
403 #define FSCTL_SECURITY_ID_CHECK CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 45, METHOD_NEITHER, FILE_READ_DATA)
404 #define FSCTL_READ_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 46, METHOD_NEITHER, FILE_READ_DATA)
405 #define FSCTL_SET_OBJECT_ID_EXTENDED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 47, METHOD_BUFFERED, FILE_WRITE_DATA)
406 #define FSCTL_CREATE_OR_GET_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 48, METHOD_BUFFERED, FILE_ANY_ACCESS)
407 #define FSCTL_SET_SPARSE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 49, METHOD_BUFFERED, FILE_WRITE_DATA)
408 #define FSCTL_SET_ZERO_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 50, METHOD_BUFFERED, FILE_WRITE_DATA)
409 #define FSCTL_QUERY_ALLOCATED_RANGES CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 51, METHOD_NEITHER, FILE_READ_DATA)
410 #define FSCTL_ENABLE_UPGRADE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 52, METHOD_BUFFERED, FILE_WRITE_DATA)
411 #define FSCTL_SET_ENCRYPTION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 53, METHOD_BUFFERED, FILE_ANY_ACCESS)
412 #define FSCTL_ENCRYPTION_FSCTL_IO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 54, METHOD_NEITHER, FILE_ANY_ACCESS)
413 #define FSCTL_WRITE_RAW_ENCRYPTED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 55, METHOD_NEITHER, FILE_ANY_ACCESS)
414 #define FSCTL_READ_RAW_ENCRYPTED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 56, METHOD_NEITHER, FILE_ANY_ACCESS)
415 #define FSCTL_CREATE_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 57, METHOD_NEITHER, FILE_READ_DATA)
416 #define FSCTL_READ_FILE_USN_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 58, METHOD_NEITHER, FILE_READ_DATA)
417 #define FSCTL_WRITE_USN_CLOSE_RECORD CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 59, METHOD_NEITHER, FILE_READ_DATA)
418 #define FSCTL_EXTEND_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 60, METHOD_BUFFERED, FILE_ANY_ACCESS)
419 #define FSCTL_QUERY_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 61, METHOD_BUFFERED, FILE_ANY_ACCESS)
420 #define FSCTL_DELETE_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 62, METHOD_BUFFERED, FILE_ANY_ACCESS)
421 #define FSCTL_MARK_HANDLE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 63, METHOD_BUFFERED, FILE_ANY_ACCESS)
422 #define FSCTL_SIS_COPYFILE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 64, METHOD_BUFFERED, FILE_ANY_ACCESS)
423 #define FSCTL_SIS_LINK_FILES CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 65, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA)
424 #define FSCTL_HSM_MSG CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 66, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA)
425 #define FSCTL_NSS_CONTROL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 67, METHOD_BUFFERED, FILE_WRITE_DATA)
426 #define FSCTL_HSM_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 68, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA)
427 #define FSCTL_RECALL_FILE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 69, METHOD_NEITHER, FILE_ANY_ACCESS)
428 #define FSCTL_NSS_RCONTROL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 70, METHOD_BUFFERED, FILE_READ_DATA)
429 #define FSCTL_READ_FROM_PLEX CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 71, METHOD_OUT_DIRECT, FILE_READ_DATA)
430 #define FSCTL_FILE_PREFETCH CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 72, METHOD_BUFFERED, FILE_SPECIAL_ACCESS)
432 #endif /* (VER_PRODUCTBUILD >= 2195) */
434 #define FSCTL_MAILSLOT_PEEK CTL_CODE(FILE_DEVICE_MAILSLOT, 0, METHOD_NEITHER, FILE_READ_DATA)
436 #define FSCTL_NETWORK_SET_CONFIGURATION_INFO CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 102, METHOD_IN_DIRECT, FILE_ANY_ACCESS)
437 #define FSCTL_NETWORK_GET_CONFIGURATION_INFO CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 103, METHOD_OUT_DIRECT, FILE_ANY_ACCESS)
438 #define FSCTL_NETWORK_GET_CONNECTION_INFO CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 104, METHOD_NEITHER, FILE_ANY_ACCESS)
439 #define FSCTL_NETWORK_ENUMERATE_CONNECTIONS CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 105, METHOD_NEITHER, FILE_ANY_ACCESS)
440 #define FSCTL_NETWORK_DELETE_CONNECTION CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 107, METHOD_BUFFERED, FILE_ANY_ACCESS)
441 #define FSCTL_NETWORK_GET_STATISTICS CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 116, METHOD_BUFFERED, FILE_ANY_ACCESS)
442 #define FSCTL_NETWORK_SET_DOMAIN_NAME CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 120, METHOD_BUFFERED, FILE_ANY_ACCESS)
443 #define FSCTL_NETWORK_REMOTE_BOOT_INIT_SCRT CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 250, METHOD_BUFFERED, FILE_ANY_ACCESS)
445 #define FSCTL_PIPE_ASSIGN_EVENT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 0, METHOD_BUFFERED, FILE_ANY_ACCESS)
446 #define FSCTL_PIPE_DISCONNECT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 1, METHOD_BUFFERED, FILE_ANY_ACCESS)
447 #define FSCTL_PIPE_LISTEN CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2, METHOD_BUFFERED, FILE_ANY_ACCESS)
448 #define FSCTL_PIPE_PEEK CTL_CODE(FILE_DEVICE_NAMED_PIPE, 3, METHOD_BUFFERED, FILE_READ_DATA)
449 #define FSCTL_PIPE_QUERY_EVENT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 4, METHOD_BUFFERED, FILE_ANY_ACCESS)
450 #define FSCTL_PIPE_TRANSCEIVE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 5, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA)
451 #define FSCTL_PIPE_WAIT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 6, METHOD_BUFFERED, FILE_ANY_ACCESS)
452 #define FSCTL_PIPE_IMPERSONATE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 7, METHOD_BUFFERED, FILE_ANY_ACCESS)
453 #define FSCTL_PIPE_SET_CLIENT_PROCESS CTL_CODE(FILE_DEVICE_NAMED_PIPE, 8, METHOD_BUFFERED, FILE_ANY_ACCESS)
454 #define FSCTL_PIPE_QUERY_CLIENT_PROCESS CTL_CODE(FILE_DEVICE_NAMED_PIPE, 9, METHOD_BUFFERED, FILE_ANY_ACCESS)
455 #define FSCTL_PIPE_INTERNAL_READ CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2045, METHOD_BUFFERED, FILE_READ_DATA)
456 #define FSCTL_PIPE_INTERNAL_WRITE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2046, METHOD_BUFFERED, FILE_WRITE_DATA)
457 #define FSCTL_PIPE_INTERNAL_TRANSCEIVE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2047, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA)
458 #define FSCTL_PIPE_INTERNAL_READ_OVFLOW CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2048, METHOD_BUFFERED, FILE_READ_DATA)
460 #define IOCTL_REDIR_QUERY_PATH CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 99, METHOD_NEITHER, FILE_ANY_ACCESS)
463 typedef PVOID OPLOCK
, *POPLOCK
;
464 typedef PVOID PWOW64_PROCESS
;
466 typedef struct _CACHE_MANAGER_CALLBACKS
*PCACHE_MANAGER_CALLBACKS
;
467 typedef struct _EPROCESS_QUOTA_BLOCK
*PEPROCESS_QUOTA_BLOCK
;
468 typedef struct _FILE_GET_QUOTA_INFORMATION
*PFILE_GET_QUOTA_INFORMATION
;
469 typedef struct _HANDLE_TABLE
*PHANDLE_TABLE
;
470 typedef struct _KEVENT_PAIR
*PKEVENT_PAIR
;
471 typedef struct _KPROCESS
*PKPROCESS
;
472 typedef struct _KQUEUE
*PKQUEUE
;
473 typedef struct _KTRAP_FRAME
*PKTRAP_FRAME
;
474 typedef struct _MAILSLOT_CREATE_PARAMETERS
*PMAILSLOT_CREATE_PARAMETERS
;
475 typedef struct _MMWSL
*PMMWSL
;
476 typedef struct _NAMED_PIPE_CREATE_PARAMETERS
*PNAMED_PIPE_CREATE_PARAMETERS
;
477 typedef struct _OBJECT_DIRECTORY
*POBJECT_DIRECTORY
;
478 typedef struct _PAGEFAULT_HISTORY
*PPAGEFAULT_HISTORY
;
479 typedef struct _PS_IMPERSONATION_INFORMATION
*PPS_IMPERSONATION_INFORMATION
;
480 typedef struct _SECTION_OBJECT
*PSECTION_OBJECT
;
481 typedef struct _SHARED_CACHE_MAP
*PSHARED_CACHE_MAP
;
482 typedef struct _TERMINATION_PORT
*PTERMINATION_PORT
;
483 typedef struct _VACB
*PVACB
;
484 typedef struct _VAD_HEADER
*PVAD_HEADER
;
486 typedef struct _NOTIFY_SYNC
499 } NOTIFY_SYNC
, * PNOTIFY_SYNC
;
501 typedef enum _FAST_IO_POSSIBLE
{
507 typedef enum _FILE_STORAGE_TYPE
{
508 StorageTypeDefault
= 1,
509 StorageTypeDirectory
,
511 StorageTypeJunctionPoint
,
513 StorageTypeStructuredStorage
,
514 StorageTypeEmbedding
,
518 typedef enum _IO_COMPLETION_INFORMATION_CLASS
{
519 IoCompletionBasicInformation
520 } IO_COMPLETION_INFORMATION_CLASS
;
522 typedef enum _OBJECT_INFO_CLASS
{
530 typedef struct _HARDWARE_PTE_X86
{
534 ULONG WriteThrough
: 1;
535 ULONG CacheDisable
: 1;
540 ULONG CopyOnWrite
: 1;
543 ULONG PageFrameNumber
: 20;
544 } HARDWARE_PTE_X86
, *PHARDWARE_PTE_X86
;
546 typedef struct _KAPC_STATE
{
547 LIST_ENTRY ApcListHead
[2];
549 BOOLEAN KernelApcInProgress
;
550 BOOLEAN KernelApcPending
;
551 BOOLEAN UserApcPending
;
552 } KAPC_STATE
, *PKAPC_STATE
;
554 typedef struct _KGDTENTRY
{
571 ULONG Reserved_0
: 1;
572 ULONG Default_Big
: 1;
573 ULONG Granularity
: 1;
577 } KGDTENTRY
, *PKGDTENTRY
;
579 typedef struct _KIDTENTRY
{
583 USHORT ExtendedOffset
;
584 } KIDTENTRY
, *PKIDTENTRY
;
586 #if (VER_PRODUCTBUILD >= 2600)
588 typedef struct _MMSUPPORT_FLAGS
{
589 ULONG SessionSpace
: 1;
590 ULONG BeingTrimmed
: 1;
591 ULONG SessionLeader
: 1;
593 ULONG WorkingSetHard
: 1;
594 ULONG AddressSpaceBeingDeleted
: 1;
595 ULONG Available
: 10;
596 ULONG AllowWorkingSetAdjustment
: 8;
597 ULONG MemoryPriority
: 8;
598 } MMSUPPORT_FLAGS
, *PMMSUPPORT_FLAGS
;
602 typedef struct _MMSUPPORT_FLAGS
{
603 ULONG SessionSpace
: 1;
604 ULONG BeingTrimmed
: 1;
605 ULONG ProcessInSession
: 1;
606 ULONG SessionLeader
: 1;
608 ULONG WorkingSetHard
: 1;
609 ULONG WriteWatch
: 1;
611 } MMSUPPORT_FLAGS
, *PMMSUPPORT_FLAGS
;
615 #if (VER_PRODUCTBUILD >= 2600)
617 typedef struct _MMSUPPORT
{
618 LARGE_INTEGER LastTrimTime
;
619 MMSUPPORT_FLAGS Flags
;
620 ULONG PageFaultCount
;
621 ULONG PeakWorkingSetSize
;
622 ULONG WorkingSetSize
;
623 ULONG MinimumWorkingSetSize
;
624 ULONG MaximumWorkingSetSize
;
625 PMMWSL VmWorkingSetList
;
626 LIST_ENTRY WorkingSetExpansionLinks
;
628 ULONG NextEstimationSlot
;
630 ULONG EstimatedAvailable
;
631 ULONG GrowthSinceLastEstimate
;
632 } MMSUPPORT
, *PMMSUPPORT
;
636 typedef struct _MMSUPPORT
{
637 LARGE_INTEGER LastTrimTime
;
638 ULONG LastTrimFaultCount
;
639 ULONG PageFaultCount
;
640 ULONG PeakWorkingSetSize
;
641 ULONG WorkingSetSize
;
642 ULONG MinimumWorkingSetSize
;
643 ULONG MaximumWorkingSetSize
;
644 PMMWSL VmWorkingSetList
;
645 LIST_ENTRY WorkingSetExpansionLinks
;
646 BOOLEAN AllowWorkingSetAdjustment
;
647 BOOLEAN AddressSpaceBeingDeleted
;
648 UCHAR ForegroundSwitchCount
;
649 UCHAR MemoryPriority
;
650 #if (VER_PRODUCTBUILD >= 2195)
653 MMSUPPORT_FLAGS Flags
;
656 ULONG NextEstimationSlot
;
658 ULONG EstimatedAvailable
;
659 ULONG GrowthSinceLastEstimate
;
660 #endif /* (VER_PRODUCTBUILD >= 2195) */
661 } MMSUPPORT
, *PMMSUPPORT
;
665 typedef struct _SE_AUDIT_PROCESS_CREATION_INFO
{
666 POBJECT_NAME_INFORMATION ImageFileName
;
667 } SE_AUDIT_PROCESS_CREATION_INFO
, *PSE_AUDIT_PROCESS_CREATION_INFO
;
669 typedef struct _BITMAP_RANGE
{
671 LARGE_INTEGER BasePage
;
672 ULONG FirstDirtyPage
;
676 } BITMAP_RANGE
, *PBITMAP_RANGE
;
678 typedef struct _CACHE_UNINITIALIZE_EVENT
{
679 struct _CACHE_UNINITIALIZE_EVENT
*Next
;
681 } CACHE_UNINITIALIZE_EVENT
, *PCACHE_UNINITIALIZE_EVENT
;
683 typedef struct _CC_FILE_SIZES
{
684 LARGE_INTEGER AllocationSize
;
685 LARGE_INTEGER FileSize
;
686 LARGE_INTEGER ValidDataLength
;
687 } CC_FILE_SIZES
, *PCC_FILE_SIZES
;
689 typedef struct _COMPRESSED_DATA_INFO
{
690 USHORT CompressionFormatAndEngine
;
691 UCHAR CompressionUnitShift
;
695 USHORT NumberOfChunks
;
696 ULONG CompressedChunkSizes
[ANYSIZE_ARRAY
];
697 } COMPRESSED_DATA_INFO
, *PCOMPRESSED_DATA_INFO
;
699 typedef struct _DEVICE_MAP
{
700 POBJECT_DIRECTORY DosDevicesDirectory
;
701 POBJECT_DIRECTORY GlobalDosDevicesDirectory
;
702 ULONG ReferenceCount
;
705 } DEVICE_MAP
, *PDEVICE_MAP
;
707 #if (VER_PRODUCTBUILD >= 2600)
709 typedef struct _EX_FAST_REF
{
710 _ANONYMOUS_UNION
union {
715 } EX_FAST_REF
, *PEX_FAST_REF
;
717 typedef struct _EX_PUSH_LOCK
{
718 _ANONYMOUS_UNION
union {
719 _ANONYMOUS_STRUCT
struct {
727 } EX_PUSH_LOCK
, *PEX_PUSH_LOCK
;
729 typedef struct _EX_RUNDOWN_REF
{
730 _ANONYMOUS_UNION
union {
734 } EX_RUNDOWN_REF
, *PEX_RUNDOWN_REF
;
738 typedef struct _EPROCESS_QUOTA_ENTRY
{
743 } EPROCESS_QUOTA_ENTRY
, *PEPROCESS_QUOTA_ENTRY
;
745 typedef struct _EPROCESS_QUOTA_BLOCK
{
746 EPROCESS_QUOTA_ENTRY QuotaEntry
[3];
747 LIST_ENTRY QuotaList
;
748 ULONG ReferenceCount
;
750 } EPROCESS_QUOTA_BLOCK
, *PEPROCESS_QUOTA_BLOCK
;
753 * When needing these parameters cast your PIO_STACK_LOCATION to
754 * PEXTENDED_IO_STACK_LOCATION
756 #if !defined(_ALPHA_)
757 #include <pshpack4.h>
759 typedef struct _EXTENDED_IO_STACK_LOCATION
{
761 /* Included for padding */
770 PIO_SECURITY_CONTEXT SecurityContext
;
774 PMAILSLOT_CREATE_PARAMETERS Parameters
;
778 PIO_SECURITY_CONTEXT SecurityContext
;
782 PNAMED_PIPE_CREATE_PARAMETERS Parameters
;
786 ULONG OutputBufferLength
;
787 ULONG InputBufferLength
;
789 PVOID Type3InputBuffer
;
793 PLARGE_INTEGER Length
;
795 LARGE_INTEGER ByteOffset
;
800 ULONG CompletionFilter
;
805 PUNICODE_STRING FileName
;
806 FILE_INFORMATION_CLASS FileInformationClass
;
820 PFILE_GET_QUOTA_INFORMATION SidList
;
834 FS_INFORMATION_CLASS FsInformationClass
;
838 PDEVICE_OBJECT DeviceObject
;
839 PFILE_OBJECT FileObject
;
840 PIO_COMPLETION_ROUTINE CompletionRoutine
;
843 } EXTENDED_IO_STACK_LOCATION
, *PEXTENDED_IO_STACK_LOCATION
;
844 #if !defined(_ALPHA_)
848 typedef struct _FILE_ACCESS_INFORMATION
{
849 ACCESS_MASK AccessFlags
;
850 } FILE_ACCESS_INFORMATION
, *PFILE_ACCESS_INFORMATION
;
852 typedef struct _FILE_ALLOCATION_INFORMATION
{
853 LARGE_INTEGER AllocationSize
;
854 } FILE_ALLOCATION_INFORMATION
, *PFILE_ALLOCATION_INFORMATION
;
856 typedef struct _FILE_BOTH_DIR_INFORMATION
{
857 ULONG NextEntryOffset
;
859 LARGE_INTEGER CreationTime
;
860 LARGE_INTEGER LastAccessTime
;
861 LARGE_INTEGER LastWriteTime
;
862 LARGE_INTEGER ChangeTime
;
863 LARGE_INTEGER EndOfFile
;
864 LARGE_INTEGER AllocationSize
;
865 ULONG FileAttributes
;
866 ULONG FileNameLength
;
868 CCHAR ShortNameLength
;
871 } FILE_BOTH_DIR_INFORMATION
, *PFILE_BOTH_DIR_INFORMATION
;
873 typedef struct _FILE_COMPLETION_INFORMATION
{
876 } FILE_COMPLETION_INFORMATION
, *PFILE_COMPLETION_INFORMATION
;
878 typedef struct _FILE_COMPRESSION_INFORMATION
{
879 LARGE_INTEGER CompressedFileSize
;
880 USHORT CompressionFormat
;
881 UCHAR CompressionUnitShift
;
885 } FILE_COMPRESSION_INFORMATION
, *PFILE_COMPRESSION_INFORMATION
;
887 typedef struct _FILE_COPY_ON_WRITE_INFORMATION
{
888 BOOLEAN ReplaceIfExists
;
889 HANDLE RootDirectory
;
890 ULONG FileNameLength
;
892 } FILE_COPY_ON_WRITE_INFORMATION
, *PFILE_COPY_ON_WRITE_INFORMATION
;
894 typedef struct _FILE_DIRECTORY_INFORMATION
{
895 ULONG NextEntryOffset
;
897 LARGE_INTEGER CreationTime
;
898 LARGE_INTEGER LastAccessTime
;
899 LARGE_INTEGER LastWriteTime
;
900 LARGE_INTEGER ChangeTime
;
901 LARGE_INTEGER EndOfFile
;
902 LARGE_INTEGER AllocationSize
;
903 ULONG FileAttributes
;
904 ULONG FileNameLength
;
906 } FILE_DIRECTORY_INFORMATION
, *PFILE_DIRECTORY_INFORMATION
;
908 typedef struct _FILE_FULL_DIRECTORY_INFORMATION
{
909 ULONG NextEntryOffset
;
911 LARGE_INTEGER CreationTime
;
912 LARGE_INTEGER LastAccessTime
;
913 LARGE_INTEGER LastWriteTime
;
914 LARGE_INTEGER ChangeTime
;
915 LARGE_INTEGER EndOfFile
;
916 LARGE_INTEGER AllocationSize
;
917 ULONG FileAttributes
;
918 ULONG FileNameLength
;
921 } FILE_FULL_DIRECTORY_INFORMATION
, *PFILE_FULL_DIRECTORY_INFORMATION
;
923 typedef struct _FILE_BOTH_DIRECTORY_INFORMATION
{
924 ULONG NextEntryOffset
;
926 LARGE_INTEGER CreationTime
;
927 LARGE_INTEGER LastAccessTime
;
928 LARGE_INTEGER LastWriteTime
;
929 LARGE_INTEGER ChangeTime
;
930 LARGE_INTEGER EndOfFile
;
931 LARGE_INTEGER AllocationSize
;
932 ULONG FileAttributes
;
933 ULONG FileNameLength
;
935 CHAR ShortNameLength
;
938 } FILE_BOTH_DIRECTORY_INFORMATION
, *PFILE_BOTH_DIRECTORY_INFORMATION
;
940 #if (VER_PRODUCTBUILD >= 2600)
942 typedef struct _FILE_ID_FULL_DIRECTORY_INFORMATION
{
943 ULONG NextEntryOffset
;
945 LARGE_INTEGER CreationTime
;
946 LARGE_INTEGER LastAccessTime
;
947 LARGE_INTEGER LastWriteTime
;
948 LARGE_INTEGER ChangeTime
;
949 LARGE_INTEGER EndOfFile
;
950 LARGE_INTEGER AllocationSize
;
951 ULONG FileAttributes
;
952 ULONG FileNameLength
;
954 LARGE_INTEGER FileId
;
956 } FILE_ID_FULL_DIRECTORY_INFORMATION
, *PFILE_ID_FULL_DIRECTORY_INFORMATION
;
958 typedef struct _FILE_ID_BOTH_DIRECTORY_INFORMATION
{
959 ULONG NextEntryOffset
;
961 LARGE_INTEGER CreationTime
;
962 LARGE_INTEGER LastAccessTime
;
963 LARGE_INTEGER LastWriteTime
;
964 LARGE_INTEGER ChangeTime
;
965 LARGE_INTEGER EndOfFile
;
966 LARGE_INTEGER AllocationSize
;
967 ULONG FileAttributes
;
968 ULONG FileNameLength
;
970 CHAR ShortNameLength
;
972 LARGE_INTEGER FileId
;
974 } FILE_ID_BOTH_DIRECTORY_INFORMATION
, *PFILE_ID_BOTH_DIRECTORY_INFORMATION
;
978 typedef struct _FILE_EA_INFORMATION
{
980 } FILE_EA_INFORMATION
, *PFILE_EA_INFORMATION
;
982 typedef struct _FILE_FS_ATTRIBUTE_INFORMATION
{
983 ULONG FileSystemAttributes
;
984 ULONG MaximumComponentNameLength
;
985 ULONG FileSystemNameLength
;
986 WCHAR FileSystemName
[1];
987 } FILE_FS_ATTRIBUTE_INFORMATION
, *PFILE_FS_ATTRIBUTE_INFORMATION
;
989 typedef struct _FILE_FS_CONTROL_INFORMATION
{
990 LARGE_INTEGER FreeSpaceStartFiltering
;
991 LARGE_INTEGER FreeSpaceThreshold
;
992 LARGE_INTEGER FreeSpaceStopFiltering
;
993 LARGE_INTEGER DefaultQuotaThreshold
;
994 LARGE_INTEGER DefaultQuotaLimit
;
995 ULONG FileSystemControlFlags
;
996 } FILE_FS_CONTROL_INFORMATION
, *PFILE_FS_CONTROL_INFORMATION
;
998 typedef struct _FILE_FS_FULL_SIZE_INFORMATION
{
999 LARGE_INTEGER TotalAllocationUnits
;
1000 LARGE_INTEGER CallerAvailableAllocationUnits
;
1001 LARGE_INTEGER ActualAvailableAllocationUnits
;
1002 ULONG SectorsPerAllocationUnit
;
1003 ULONG BytesPerSector
;
1004 } FILE_FS_FULL_SIZE_INFORMATION
, *PFILE_FS_FULL_SIZE_INFORMATION
;
1006 typedef struct _FILE_FS_LABEL_INFORMATION
{
1007 ULONG VolumeLabelLength
;
1008 WCHAR VolumeLabel
[1];
1009 } FILE_FS_LABEL_INFORMATION
, *PFILE_FS_LABEL_INFORMATION
;
1011 #if (VER_PRODUCTBUILD >= 2195)
1013 typedef struct _FILE_FS_OBJECT_ID_INFORMATION
{
1015 UCHAR ExtendedInfo
[48];
1016 } FILE_FS_OBJECT_ID_INFORMATION
, *PFILE_FS_OBJECT_ID_INFORMATION
;
1018 #endif /* (VER_PRODUCTBUILD >= 2195) */
1020 typedef struct _FILE_FS_SIZE_INFORMATION
{
1021 LARGE_INTEGER TotalAllocationUnits
;
1022 LARGE_INTEGER AvailableAllocationUnits
;
1023 ULONG SectorsPerAllocationUnit
;
1024 ULONG BytesPerSector
;
1025 } FILE_FS_SIZE_INFORMATION
, *PFILE_FS_SIZE_INFORMATION
;
1027 typedef struct _FILE_FS_VOLUME_INFORMATION
{
1028 LARGE_INTEGER VolumeCreationTime
;
1029 ULONG VolumeSerialNumber
;
1030 ULONG VolumeLabelLength
;
1031 BOOLEAN SupportsObjects
;
1032 WCHAR VolumeLabel
[1];
1033 } FILE_FS_VOLUME_INFORMATION
, *PFILE_FS_VOLUME_INFORMATION
;
1035 typedef struct _FILE_FULL_DIR_INFORMATION
{
1036 ULONG NextEntryOffset
;
1038 LARGE_INTEGER CreationTime
;
1039 LARGE_INTEGER LastAccessTime
;
1040 LARGE_INTEGER LastWriteTime
;
1041 LARGE_INTEGER ChangeTime
;
1042 LARGE_INTEGER EndOfFile
;
1043 LARGE_INTEGER AllocationSize
;
1044 ULONG FileAttributes
;
1045 ULONG FileNameLength
;
1048 } FILE_FULL_DIR_INFORMATION
, *PFILE_FULL_DIR_INFORMATION
;
1050 typedef struct _FILE_GET_EA_INFORMATION
{
1051 ULONG NextEntryOffset
;
1054 } FILE_GET_EA_INFORMATION
, *PFILE_GET_EA_INFORMATION
;
1056 typedef struct _FILE_GET_QUOTA_INFORMATION
{
1057 ULONG NextEntryOffset
;
1060 } FILE_GET_QUOTA_INFORMATION
, *PFILE_GET_QUOTA_INFORMATION
;
1062 typedef struct _FILE_INTERNAL_INFORMATION
{
1063 LARGE_INTEGER IndexNumber
;
1064 } FILE_INTERNAL_INFORMATION
, *PFILE_INTERNAL_INFORMATION
;
1066 typedef struct _FILE_LINK_INFORMATION
{
1067 BOOLEAN ReplaceIfExists
;
1068 HANDLE RootDirectory
;
1069 ULONG FileNameLength
;
1071 } FILE_LINK_INFORMATION
, *PFILE_LINK_INFORMATION
;
1073 typedef struct _FILE_LOCK_INFO
{
1074 LARGE_INTEGER StartingByte
;
1075 LARGE_INTEGER Length
;
1076 BOOLEAN ExclusiveLock
;
1078 PFILE_OBJECT FileObject
;
1080 LARGE_INTEGER EndingByte
;
1081 } FILE_LOCK_INFO
, *PFILE_LOCK_INFO
;
1083 /* raw internal file lock struct returned from FsRtlGetNextFileLock */
1084 typedef struct _FILE_SHARED_LOCK_ENTRY
{
1087 FILE_LOCK_INFO FileLock
;
1088 } FILE_SHARED_LOCK_ENTRY
, *PFILE_SHARED_LOCK_ENTRY
;
1090 /* raw internal file lock struct returned from FsRtlGetNextFileLock */
1091 typedef struct _FILE_EXCLUSIVE_LOCK_ENTRY
{
1092 LIST_ENTRY ListEntry
;
1095 FILE_LOCK_INFO FileLock
;
1096 } FILE_EXCLUSIVE_LOCK_ENTRY
, *PFILE_EXCLUSIVE_LOCK_ENTRY
;
1098 typedef NTSTATUS (*PCOMPLETE_LOCK_IRP_ROUTINE
) (
1099 /*IN*/ PVOID Context
,
1103 typedef VOID (NTAPI
*PUNLOCK_ROUTINE
) (
1104 /*IN*/ PVOID Context
,
1105 /*IN*/ PFILE_LOCK_INFO FileLockInfo
1108 typedef struct _FILE_LOCK
{
1109 PCOMPLETE_LOCK_IRP_ROUTINE CompleteLockIrpRoutine
;
1110 PUNLOCK_ROUTINE UnlockRoutine
;
1111 BOOLEAN FastIoIsQuestionable
;
1113 PVOID LockInformation
;
1114 FILE_LOCK_INFO LastReturnedLockInfo
;
1115 PVOID LastReturnedLock
;
1116 } FILE_LOCK
, *PFILE_LOCK
;
1118 typedef struct _FILE_MAILSLOT_PEEK_BUFFER
{
1119 ULONG ReadDataAvailable
;
1120 ULONG NumberOfMessages
;
1121 ULONG MessageLength
;
1122 } FILE_MAILSLOT_PEEK_BUFFER
, *PFILE_MAILSLOT_PEEK_BUFFER
;
1124 typedef struct _FILE_MAILSLOT_QUERY_INFORMATION
{
1125 ULONG MaximumMessageSize
;
1126 ULONG MailslotQuota
;
1127 ULONG NextMessageSize
;
1128 ULONG MessagesAvailable
;
1129 LARGE_INTEGER ReadTimeout
;
1130 } FILE_MAILSLOT_QUERY_INFORMATION
, *PFILE_MAILSLOT_QUERY_INFORMATION
;
1132 typedef struct _FILE_MAILSLOT_SET_INFORMATION
{
1133 LARGE_INTEGER ReadTimeout
;
1134 } FILE_MAILSLOT_SET_INFORMATION
, *PFILE_MAILSLOT_SET_INFORMATION
;
1136 typedef struct _FILE_MODE_INFORMATION
{
1138 } FILE_MODE_INFORMATION
, *PFILE_MODE_INFORMATION
;
1140 typedef struct _FILE_ALL_INFORMATION
{
1141 FILE_BASIC_INFORMATION BasicInformation
;
1142 FILE_STANDARD_INFORMATION StandardInformation
;
1143 FILE_INTERNAL_INFORMATION InternalInformation
;
1144 FILE_EA_INFORMATION EaInformation
;
1145 FILE_ACCESS_INFORMATION AccessInformation
;
1146 FILE_POSITION_INFORMATION PositionInformation
;
1147 FILE_MODE_INFORMATION ModeInformation
;
1148 FILE_ALIGNMENT_INFORMATION AlignmentInformation
;
1149 FILE_NAME_INFORMATION NameInformation
;
1150 } FILE_ALL_INFORMATION
, *PFILE_ALL_INFORMATION
;
1152 typedef struct _FILE_NAMES_INFORMATION
{
1153 ULONG NextEntryOffset
;
1155 ULONG FileNameLength
;
1157 } FILE_NAMES_INFORMATION
, *PFILE_NAMES_INFORMATION
;
1159 typedef struct _FILE_OBJECTID_INFORMATION
{
1160 LONGLONG FileReference
;
1162 _ANONYMOUS_UNION
union {
1164 UCHAR BirthVolumeId
[16];
1165 UCHAR BirthObjectId
[16];
1168 UCHAR ExtendedInfo
[48];
1170 } FILE_OBJECTID_INFORMATION
, *PFILE_OBJECTID_INFORMATION
;
1172 typedef struct _FILE_OLE_CLASSID_INFORMATION
{
1174 } FILE_OLE_CLASSID_INFORMATION
, *PFILE_OLE_CLASSID_INFORMATION
;
1176 typedef struct _FILE_OLE_ALL_INFORMATION
{
1177 FILE_BASIC_INFORMATION BasicInformation
;
1178 FILE_STANDARD_INFORMATION StandardInformation
;
1179 FILE_INTERNAL_INFORMATION InternalInformation
;
1180 FILE_EA_INFORMATION EaInformation
;
1181 FILE_ACCESS_INFORMATION AccessInformation
;
1182 FILE_POSITION_INFORMATION PositionInformation
;
1183 FILE_MODE_INFORMATION ModeInformation
;
1184 FILE_ALIGNMENT_INFORMATION AlignmentInformation
;
1187 LARGE_INTEGER SecurityChangeTime
;
1188 FILE_OLE_CLASSID_INFORMATION OleClassIdInformation
;
1189 FILE_OBJECTID_INFORMATION ObjectIdInformation
;
1190 FILE_STORAGE_TYPE StorageType
;
1193 ULONG NumberOfStreamReferences
;
1196 BOOLEAN ContentIndexDisable
;
1197 BOOLEAN InheritContentIndexDisable
;
1198 FILE_NAME_INFORMATION NameInformation
;
1199 } FILE_OLE_ALL_INFORMATION
, *PFILE_OLE_ALL_INFORMATION
;
1201 typedef struct _FILE_OLE_DIR_INFORMATION
{
1202 ULONG NextEntryOffset
;
1204 LARGE_INTEGER CreationTime
;
1205 LARGE_INTEGER LastAccessTime
;
1206 LARGE_INTEGER LastWriteTime
;
1207 LARGE_INTEGER ChangeTime
;
1208 LARGE_INTEGER EndOfFile
;
1209 LARGE_INTEGER AllocationSize
;
1210 ULONG FileAttributes
;
1211 ULONG FileNameLength
;
1212 FILE_STORAGE_TYPE StorageType
;
1215 BOOLEAN ContentIndexDisable
;
1216 BOOLEAN InheritContentIndexDisable
;
1218 } FILE_OLE_DIR_INFORMATION
, *PFILE_OLE_DIR_INFORMATION
;
1220 typedef struct _FILE_OLE_INFORMATION
{
1221 LARGE_INTEGER SecurityChangeTime
;
1222 FILE_OLE_CLASSID_INFORMATION OleClassIdInformation
;
1223 FILE_OBJECTID_INFORMATION ObjectIdInformation
;
1224 FILE_STORAGE_TYPE StorageType
;
1226 BOOLEAN ContentIndexDisable
;
1227 BOOLEAN InheritContentIndexDisable
;
1228 } FILE_OLE_INFORMATION
, *PFILE_OLE_INFORMATION
;
1230 typedef struct _FILE_OLE_STATE_BITS_INFORMATION
{
1232 ULONG StateBitsMask
;
1233 } FILE_OLE_STATE_BITS_INFORMATION
, *PFILE_OLE_STATE_BITS_INFORMATION
;
1235 typedef struct _FILE_PIPE_ASSIGN_EVENT_BUFFER
{
1238 } FILE_PIPE_ASSIGN_EVENT_BUFFER
, *PFILE_PIPE_ASSIGN_EVENT_BUFFER
;
1240 typedef struct _FILE_PIPE_CLIENT_PROCESS_BUFFER
{
1241 PVOID ClientSession
;
1242 PVOID ClientProcess
;
1243 } FILE_PIPE_CLIENT_PROCESS_BUFFER
, *PFILE_PIPE_CLIENT_PROCESS_BUFFER
;
1245 typedef struct _FILE_PIPE_EVENT_BUFFER
{
1246 ULONG NamedPipeState
;
1250 ULONG NumberRequests
;
1251 } FILE_PIPE_EVENT_BUFFER
, *PFILE_PIPE_EVENT_BUFFER
;
1253 typedef struct _FILE_PIPE_INFORMATION
{
1255 ULONG CompletionMode
;
1256 } FILE_PIPE_INFORMATION
, *PFILE_PIPE_INFORMATION
;
1258 typedef struct _FILE_PIPE_LOCAL_INFORMATION
{
1259 ULONG NamedPipeType
;
1260 ULONG NamedPipeConfiguration
;
1261 ULONG MaximumInstances
;
1262 ULONG CurrentInstances
;
1264 ULONG ReadDataAvailable
;
1265 ULONG OutboundQuota
;
1266 ULONG WriteQuotaAvailable
;
1267 ULONG NamedPipeState
;
1269 } FILE_PIPE_LOCAL_INFORMATION
, *PFILE_PIPE_LOCAL_INFORMATION
;
1271 typedef struct _FILE_PIPE_REMOTE_INFORMATION
{
1272 LARGE_INTEGER CollectDataTime
;
1273 ULONG MaximumCollectionCount
;
1274 } FILE_PIPE_REMOTE_INFORMATION
, *PFILE_PIPE_REMOTE_INFORMATION
;
1276 typedef struct _FILE_PIPE_WAIT_FOR_BUFFER
{
1277 LARGE_INTEGER Timeout
;
1279 BOOLEAN TimeoutSpecified
;
1281 } FILE_PIPE_WAIT_FOR_BUFFER
, *PFILE_PIPE_WAIT_FOR_BUFFER
;
1283 typedef struct _FILE_QUOTA_INFORMATION
{
1284 ULONG NextEntryOffset
;
1286 LARGE_INTEGER ChangeTime
;
1287 LARGE_INTEGER QuotaUsed
;
1288 LARGE_INTEGER QuotaThreshold
;
1289 LARGE_INTEGER QuotaLimit
;
1291 } FILE_QUOTA_INFORMATION
, *PFILE_QUOTA_INFORMATION
;
1293 typedef struct _FILE_RENAME_INFORMATION
{
1294 BOOLEAN ReplaceIfExists
;
1295 HANDLE RootDirectory
;
1296 ULONG FileNameLength
;
1298 } FILE_RENAME_INFORMATION
, *PFILE_RENAME_INFORMATION
;
1300 typedef struct _FILE_STREAM_INFORMATION
{
1301 ULONG NextEntryOffset
;
1302 ULONG StreamNameLength
;
1303 LARGE_INTEGER StreamSize
;
1304 LARGE_INTEGER StreamAllocationSize
;
1305 WCHAR StreamName
[1];
1306 } FILE_STREAM_INFORMATION
, *PFILE_STREAM_INFORMATION
;
1308 typedef struct _FILE_TRACKING_INFORMATION
{
1309 HANDLE DestinationFile
;
1310 ULONG ObjectInformationLength
;
1311 CHAR ObjectInformation
[1];
1312 } FILE_TRACKING_INFORMATION
, *PFILE_TRACKING_INFORMATION
;
1314 typedef struct _FSRTL_COMMON_FCB_HEADER
{
1315 CSHORT NodeTypeCode
;
1316 CSHORT NodeByteSize
;
1318 UCHAR IsFastIoPossible
;
1319 #if (VER_PRODUCTBUILD >= 1381)
1322 #endif /* (VER_PRODUCTBUILD >= 1381) */
1323 PERESOURCE Resource
;
1324 PERESOURCE PagingIoResource
;
1325 LARGE_INTEGER AllocationSize
;
1326 LARGE_INTEGER FileSize
;
1327 LARGE_INTEGER ValidDataLength
;
1328 } FSRTL_COMMON_FCB_HEADER
, *PFSRTL_COMMON_FCB_HEADER
;
1330 typedef struct _GENERATE_NAME_CONTEXT
{
1332 BOOLEAN CheckSumInserted
;
1334 WCHAR NameBuffer
[8];
1335 ULONG ExtensionLength
;
1336 WCHAR ExtensionBuffer
[4];
1337 ULONG LastIndexValue
;
1338 } GENERATE_NAME_CONTEXT
, *PGENERATE_NAME_CONTEXT
;
1340 typedef struct _HANDLE_TABLE_ENTRY
{
1342 ULONG ObjectAttributes
;
1343 ULONG GrantedAccess
;
1344 USHORT GrantedAccessIndex
;
1345 USHORT CreatorBackTraceIndex
;
1346 ULONG NextFreeTableEntry
;
1347 } HANDLE_TABLE_ENTRY
, *PHANDLE_TABLE_ENTRY
;
1349 typedef struct _MAPPING_PAIR
{
1352 } MAPPING_PAIR
, *PMAPPING_PAIR
;
1354 typedef struct _GET_RETRIEVAL_DESCRIPTOR
{
1355 ULONG NumberOfPairs
;
1357 MAPPING_PAIR Pair
[1];
1358 } GET_RETRIEVAL_DESCRIPTOR
, *PGET_RETRIEVAL_DESCRIPTOR
;
1360 typedef struct _IO_CLIENT_EXTENSION
{
1361 struct _IO_CLIENT_EXTENSION
*NextExtension
;
1362 PVOID ClientIdentificationAddress
;
1363 } IO_CLIENT_EXTENSION
, *PIO_CLIENT_EXTENSION
;
1365 typedef struct _IO_COMPLETION_BASIC_INFORMATION
{
1367 } IO_COMPLETION_BASIC_INFORMATION
, *PIO_COMPLETION_BASIC_INFORMATION
;
1369 typedef struct _KEVENT_PAIR
{
1374 } KEVENT_PAIR
, *PKEVENT_PAIR
;
1376 typedef struct _KQUEUE
{
1377 DISPATCHER_HEADER Header
;
1378 LIST_ENTRY EntryListHead
;
1381 LIST_ENTRY ThreadListHead
;
1382 } KQUEUE
, *PKQUEUE
, *RESTRICTED_POINTER PRKQUEUE
;
1384 typedef struct _MAILSLOT_CREATE_PARAMETERS
{
1385 ULONG MailslotQuota
;
1386 ULONG MaximumMessageSize
;
1387 LARGE_INTEGER ReadTimeout
;
1388 BOOLEAN TimeoutSpecified
;
1389 } MAILSLOT_CREATE_PARAMETERS
, *PMAILSLOT_CREATE_PARAMETERS
;
1391 typedef struct _MBCB
{
1392 CSHORT NodeTypeCode
;
1393 CSHORT NodeIsInZone
;
1397 LIST_ENTRY BitmapRanges
;
1398 LONGLONG ResumeWritePage
;
1399 BITMAP_RANGE BitmapRange1
;
1400 BITMAP_RANGE BitmapRange2
;
1401 BITMAP_RANGE BitmapRange3
;
1404 typedef struct _MOVEFILE_DESCRIPTOR
{
1407 LARGE_INTEGER StartVcn
;
1408 LARGE_INTEGER TargetLcn
;
1411 } MOVEFILE_DESCRIPTOR
, *PMOVEFILE_DESCRIPTOR
;
1413 typedef struct _NAMED_PIPE_CREATE_PARAMETERS
{
1414 ULONG NamedPipeType
;
1416 ULONG CompletionMode
;
1417 ULONG MaximumInstances
;
1419 ULONG OutboundQuota
;
1420 LARGE_INTEGER DefaultTimeout
;
1421 BOOLEAN TimeoutSpecified
;
1422 } NAMED_PIPE_CREATE_PARAMETERS
, *PNAMED_PIPE_CREATE_PARAMETERS
;
1424 typedef struct _OBJECT_BASIC_INFO
{
1426 ACCESS_MASK GrantedAccess
;
1428 ULONG ReferenceCount
;
1429 ULONG PagedPoolUsage
;
1430 ULONG NonPagedPoolUsage
;
1432 ULONG NameInformationLength
;
1433 ULONG TypeInformationLength
;
1434 ULONG SecurityDescriptorLength
;
1435 LARGE_INTEGER CreateTime
;
1436 } OBJECT_BASIC_INFO
, *POBJECT_BASIC_INFO
;
1438 typedef struct _OBJECT_HANDLE_ATTRIBUTE_INFO
{
1440 BOOLEAN ProtectFromClose
;
1441 } OBJECT_HANDLE_ATTRIBUTE_INFO
, *POBJECT_HANDLE_ATTRIBUTE_INFO
;
1443 typedef struct _OBJECT_NAME_INFO
{
1444 UNICODE_STRING ObjectName
;
1445 WCHAR ObjectNameBuffer
[1];
1446 } OBJECT_NAME_INFO
, *POBJECT_NAME_INFO
;
1448 typedef struct _OBJECT_PROTECTION_INFO
{
1450 BOOLEAN ProtectHandle
;
1451 } OBJECT_PROTECTION_INFO
, *POBJECT_PROTECTION_INFO
;
1453 typedef struct _OBJECT_TYPE_INFO
{
1454 UNICODE_STRING ObjectTypeName
;
1455 UCHAR Unknown
[0x58];
1456 WCHAR ObjectTypeNameBuffer
[1];
1457 } OBJECT_TYPE_INFO
, *POBJECT_TYPE_INFO
;
1459 typedef struct _OBJECT_ALL_TYPES_INFO
{
1460 ULONG NumberOfObjectTypes
;
1461 OBJECT_TYPE_INFO ObjectsTypeInfo
[1];
1462 } OBJECT_ALL_TYPES_INFO
, *POBJECT_ALL_TYPES_INFO
;
1464 typedef struct _PAGEFAULT_HISTORY
{
1467 KSPIN_LOCK SpinLock
;
1469 PROCESS_WS_WATCH_INFORMATION WatchInfo
[1];
1470 } PAGEFAULT_HISTORY
, *PPAGEFAULT_HISTORY
;
1472 typedef struct _PATHNAME_BUFFER
{
1473 ULONG PathNameLength
;
1475 } PATHNAME_BUFFER
, *PPATHNAME_BUFFER
;
1477 #if (VER_PRODUCTBUILD >= 2600)
1479 typedef struct _PRIVATE_CACHE_MAP_FLAGS
{
1481 ULONG ReadAheadActive
: 1;
1482 ULONG ReadAheadEnabled
: 1;
1483 ULONG Available
: 14;
1484 } PRIVATE_CACHE_MAP_FLAGS
, *PPRIVATE_CACHE_MAP_FLAGS
;
1486 typedef struct _PRIVATE_CACHE_MAP
{
1487 _ANONYMOUS_UNION
union {
1488 CSHORT NodeTypeCode
;
1489 PRIVATE_CACHE_MAP_FLAGS Flags
;
1492 ULONG ReadAheadMask
;
1493 PFILE_OBJECT FileObject
;
1494 LARGE_INTEGER FileOffset1
;
1495 LARGE_INTEGER BeyondLastByte1
;
1496 LARGE_INTEGER FileOffset2
;
1497 LARGE_INTEGER BeyondLastByte2
;
1498 LARGE_INTEGER ReadAheadOffset
[2];
1499 ULONG ReadAheadLength
[2];
1500 KSPIN_LOCK ReadAheadSpinLock
;
1501 LIST_ENTRY PrivateLinks
;
1502 } PRIVATE_CACHE_MAP
, *PPRIVATE_CACHE_MAP
;
1506 typedef struct _PS_IMPERSONATION_INFORMATION
{
1507 PACCESS_TOKEN Token
;
1509 BOOLEAN EffectiveOnly
;
1510 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
;
1511 } PS_IMPERSONATION_INFORMATION
, *PPS_IMPERSONATION_INFORMATION
;
1513 typedef struct _PUBLIC_BCB
{
1514 CSHORT NodeTypeCode
;
1515 CSHORT NodeByteSize
;
1517 LARGE_INTEGER MappedFileOffset
;
1518 } PUBLIC_BCB
, *PPUBLIC_BCB
;
1520 typedef struct _QUERY_PATH_REQUEST
{
1521 ULONG PathNameLength
;
1522 PIO_SECURITY_CONTEXT SecurityContext
;
1523 WCHAR FilePathName
[1];
1524 } QUERY_PATH_REQUEST
, *PQUERY_PATH_REQUEST
;
1526 typedef struct _QUERY_PATH_RESPONSE
{
1527 ULONG LengthAccepted
;
1528 } QUERY_PATH_RESPONSE
, *PQUERY_PATH_RESPONSE
;
1530 typedef struct _RETRIEVAL_POINTERS_BUFFER
{
1532 LARGE_INTEGER StartingVcn
;
1534 LARGE_INTEGER NextVcn
;
1537 } RETRIEVAL_POINTERS_BUFFER
, *PRETRIEVAL_POINTERS_BUFFER
;
1539 typedef struct _RTL_SPLAY_LINKS
{
1540 struct _RTL_SPLAY_LINKS
*Parent
;
1541 struct _RTL_SPLAY_LINKS
*LeftChild
;
1542 struct _RTL_SPLAY_LINKS
*RightChild
;
1543 } RTL_SPLAY_LINKS
, *PRTL_SPLAY_LINKS
;
1545 typedef struct _SE_EXPORTS
{
1547 LUID SeCreateTokenPrivilege
;
1548 LUID SeAssignPrimaryTokenPrivilege
;
1549 LUID SeLockMemoryPrivilege
;
1550 LUID SeIncreaseQuotaPrivilege
;
1551 LUID SeUnsolicitedInputPrivilege
;
1552 LUID SeTcbPrivilege
;
1553 LUID SeSecurityPrivilege
;
1554 LUID SeTakeOwnershipPrivilege
;
1555 LUID SeLoadDriverPrivilege
;
1556 LUID SeCreatePagefilePrivilege
;
1557 LUID SeIncreaseBasePriorityPrivilege
;
1558 LUID SeSystemProfilePrivilege
;
1559 LUID SeSystemtimePrivilege
;
1560 LUID SeProfileSingleProcessPrivilege
;
1561 LUID SeCreatePermanentPrivilege
;
1562 LUID SeBackupPrivilege
;
1563 LUID SeRestorePrivilege
;
1564 LUID SeShutdownPrivilege
;
1565 LUID SeDebugPrivilege
;
1566 LUID SeAuditPrivilege
;
1567 LUID SeSystemEnvironmentPrivilege
;
1568 LUID SeChangeNotifyPrivilege
;
1569 LUID SeRemoteShutdownPrivilege
;
1574 PSID SeCreatorOwnerSid
;
1575 PSID SeCreatorGroupSid
;
1577 PSID SeNtAuthoritySid
;
1581 PSID SeInteractiveSid
;
1582 PSID SeLocalSystemSid
;
1583 PSID SeAliasAdminsSid
;
1584 PSID SeAliasUsersSid
;
1585 PSID SeAliasGuestsSid
;
1586 PSID SeAliasPowerUsersSid
;
1587 PSID SeAliasAccountOpsSid
;
1588 PSID SeAliasSystemOpsSid
;
1589 PSID SeAliasPrintOpsSid
;
1590 PSID SeAliasBackupOpsSid
;
1592 PSID SeAuthenticatedUsersSid
;
1594 PSID SeRestrictedSid
;
1595 PSID SeAnonymousLogonSid
;
1597 LUID SeUndockPrivilege
;
1598 LUID SeSyncAgentPrivilege
;
1599 LUID SeEnableDelegationPrivilege
;
1601 } SE_EXPORTS
, *PSE_EXPORTS
;
1603 typedef struct _SECTION_BASIC_INFORMATION
{
1607 } SECTION_BASIC_INFORMATION
, *PSECTION_BASIC_INFORMATION
;
1609 typedef struct _SECTION_IMAGE_INFORMATION
{
1615 USHORT MinorSubsystemVersion
;
1616 USHORT MajorSubsystemVersion
;
1618 ULONG Characteristics
;
1623 } SECTION_IMAGE_INFORMATION
, *PSECTION_IMAGE_INFORMATION
;
1625 #if (VER_PRODUCTBUILD >= 2600)
1627 typedef struct _SHARED_CACHE_MAP
{
1628 CSHORT NodeTypeCode
;
1629 CSHORT NodeByteSize
;
1631 LARGE_INTEGER FileSize
;
1633 LARGE_INTEGER SectionSize
;
1634 LARGE_INTEGER ValidDataLength
;
1635 LARGE_INTEGER ValidDataGoal
;
1636 PVACB InitialVacbs
[4];
1638 PFILE_OBJECT FileObject
;
1642 ULONG NeedToZeroPage
;
1643 KSPIN_LOCK ActiveVacbSpinLock
;
1644 ULONG VacbActiveCount
;
1646 LIST_ENTRY SharedCacheMapLinks
;
1651 PKEVENT CreateEvent
;
1652 PKEVENT WaitOnActiveCount
;
1654 LONGLONG BeyondLastFlush
;
1655 PCACHE_MANAGER_CALLBACKS Callbacks
;
1656 PVOID LazyWriteContext
;
1657 LIST_ENTRY PrivateList
;
1659 PVOID FlushToLsnRoutine
;
1660 ULONG DirtyPageThreshold
;
1661 ULONG LazyWritePassCount
;
1662 PCACHE_UNINITIALIZE_EVENT UninitializeEvent
;
1663 PVACB NeedToZeroVacb
;
1664 KSPIN_LOCK BcbSpinLock
;
1667 EX_PUSH_LOCK VacbPushLock
;
1668 PRIVATE_CACHE_MAP PrivateCacheMap
;
1669 } SHARED_CACHE_MAP
, *PSHARED_CACHE_MAP
;
1673 typedef struct _STARTING_VCN_INPUT_BUFFER
{
1674 LARGE_INTEGER StartingVcn
;
1675 } STARTING_VCN_INPUT_BUFFER
, *PSTARTING_VCN_INPUT_BUFFER
;
1677 typedef struct _SYSTEM_CACHE_INFORMATION
{
1680 ULONG PageFaultCount
;
1681 ULONG MinimumWorkingSet
;
1682 ULONG MaximumWorkingSet
;
1684 } SYSTEM_CACHE_INFORMATION
, *PSYSTEM_CACHE_INFORMATION
;
1686 typedef struct _TERMINATION_PORT
{
1687 struct _TERMINATION_PORT
* Next
;
1689 } TERMINATION_PORT
, *PTERMINATION_PORT
;
1691 typedef struct _SECURITY_CLIENT_CONTEXT
{
1692 SECURITY_QUALITY_OF_SERVICE SecurityQos
;
1693 PACCESS_TOKEN ClientToken
;
1694 BOOLEAN DirectlyAccessClientToken
;
1695 BOOLEAN DirectAccessEffectiveOnly
;
1696 BOOLEAN ServerIsRemote
;
1697 TOKEN_CONTROL ClientTokenControl
;
1698 } SECURITY_CLIENT_CONTEXT
, *PSECURITY_CLIENT_CONTEXT
;
1700 typedef struct _TUNNEL
{
1702 PRTL_SPLAY_LINKS Cache
;
1703 LIST_ENTRY TimerQueue
;
1707 typedef struct _VACB
{
1709 PSHARED_CACHE_MAP SharedCacheMap
;
1711 LARGE_INTEGER FileOffset
;
1717 typedef struct _VAD_HEADER
{
1720 PVAD_HEADER ParentLink
;
1721 PVAD_HEADER LeftLink
;
1722 PVAD_HEADER RightLink
;
1723 ULONG Flags
; /* LSB = CommitCharge */
1725 PVOID FirstProtoPte
;
1729 } VAD_HEADER
, *PVAD_HEADER
;
1735 /*IN*/ PFILE_OBJECT FileObject
,
1736 /*IN*/ ULONG BytesToWrite
,
1737 /*IN*/ BOOLEAN Wait
,
1738 /*IN*/ BOOLEAN Retrying
1745 /*IN*/ PFILE_OBJECT FileObject
,
1746 /*IN*/ PLARGE_INTEGER FileOffset
,
1747 /*IN*/ ULONG Length
,
1748 /*IN*/ BOOLEAN Wait
,
1749 /*OUT*/ PVOID Buffer
,
1750 /*OUT*/ PIO_STATUS_BLOCK IoStatus
1757 /*IN*/ PFILE_OBJECT FileObject
,
1758 /*IN*/ PLARGE_INTEGER FileOffset
,
1759 /*IN*/ ULONG Length
,
1760 /*IN*/ BOOLEAN Wait
,
1764 #define CcCopyWriteWontFlush(FO, FOFF, LEN) ((LEN) <= 0x10000)
1766 typedef VOID (NTAPI
*PCC_POST_DEFERRED_WRITE
) (
1767 /*IN*/ PVOID Context1
,
1768 /*IN*/ PVOID Context2
1775 /*IN*/ PFILE_OBJECT FileObject
,
1776 /*IN*/ PCC_POST_DEFERRED_WRITE PostRoutine
,
1777 /*IN*/ PVOID Context1
,
1778 /*IN*/ PVOID Context2
,
1779 /*IN*/ ULONG BytesToWrite
,
1780 /*IN*/ BOOLEAN Retrying
1787 /*IN*/ PFILE_OBJECT FileObject
,
1788 /*IN*/ ULONG FileOffset
,
1789 /*IN*/ ULONG Length
,
1790 /*IN*/ ULONG PageCount
,
1791 /*OUT*/ PVOID Buffer
,
1792 /*OUT*/ PIO_STATUS_BLOCK IoStatus
1799 /*IN*/ PFILE_OBJECT FileObject
,
1800 /*IN*/ ULONG FileOffset
,
1801 /*IN*/ ULONG Length
,
1809 /*IN*/ PSECTION_OBJECT_POINTERS SectionObjectPointer
,
1810 /*IN*/ PLARGE_INTEGER FileOffset
/*OPTIONAL*/,
1811 /*IN*/ ULONG Length
,
1812 /*OUT*/ PIO_STATUS_BLOCK IoStatus
/*OPTIONAL*/
1815 typedef VOID (*PDIRTY_PAGE_ROUTINE
) (
1816 /*IN*/ PFILE_OBJECT FileObject
,
1817 /*IN*/ PLARGE_INTEGER FileOffset
,
1818 /*IN*/ ULONG Length
,
1819 /*IN*/ PLARGE_INTEGER OldestLsn
,
1820 /*IN*/ PLARGE_INTEGER NewestLsn
,
1821 /*IN*/ PVOID Context1
,
1822 /*IN*/ PVOID Context2
1829 /*IN*/ PVOID LogHandle
,
1830 /*IN*/ PDIRTY_PAGE_ROUTINE DirtyPageRoutine
,
1831 /*IN*/ PVOID Context1
,
1832 /*IN*/ PVOID Context2
1838 CcGetFileObjectFromBcb (
1845 CcGetFileObjectFromSectionPtrs (
1846 /*IN*/ PSECTION_OBJECT_POINTERS SectionObjectPointer
1849 #define CcGetFileSizePointer(FO) ( \
1850 ((PLARGE_INTEGER)((FO)->SectionObjectPointer->SharedCacheMap) + 1) \
1853 #if (VER_PRODUCTBUILD >= 2195)
1858 CcGetFlushedValidData (
1859 /*IN*/ PSECTION_OBJECT_POINTERS SectionObjectPointer
,
1860 /*IN*/ BOOLEAN BcbListHeld
1863 #endif /* (VER_PRODUCTBUILD >= 2195) */
1867 CcGetLsnForFileObject (
1868 /*IN*/ PFILE_OBJECT FileObject
,
1869 /*OUT*/ PLARGE_INTEGER OldestLsn
/*OPTIONAL*/
1872 typedef BOOLEAN (NTAPI
*PACQUIRE_FOR_LAZY_WRITE
) (
1873 /*IN*/ PVOID Context
,
1877 typedef VOID (NTAPI
*PRELEASE_FROM_LAZY_WRITE
) (
1878 /*IN*/ PVOID Context
1881 typedef BOOLEAN (NTAPI
*PACQUIRE_FOR_READ_AHEAD
) (
1882 /*IN*/ PVOID Context
,
1886 typedef VOID (NTAPI
*PRELEASE_FROM_READ_AHEAD
) (
1887 /*IN*/ PVOID Context
1890 typedef struct _CACHE_MANAGER_CALLBACKS
{
1891 PACQUIRE_FOR_LAZY_WRITE AcquireForLazyWrite
;
1892 PRELEASE_FROM_LAZY_WRITE ReleaseFromLazyWrite
;
1893 PACQUIRE_FOR_READ_AHEAD AcquireForReadAhead
;
1894 PRELEASE_FROM_READ_AHEAD ReleaseFromReadAhead
;
1895 } CACHE_MANAGER_CALLBACKS
, *PCACHE_MANAGER_CALLBACKS
;
1900 CcInitializeCacheMap (
1901 /*IN*/ PFILE_OBJECT FileObject
,
1902 /*IN*/ PCC_FILE_SIZES FileSizes
,
1903 /*IN*/ BOOLEAN PinAccess
,
1904 /*IN*/ PCACHE_MANAGER_CALLBACKS Callbacks
,
1905 /*IN*/ PVOID LazyWriteContext
1908 #define CcIsFileCached(FO) ( \
1909 ((FO)->SectionObjectPointer != NULL) && \
1910 (((PSECTION_OBJECT_POINTERS)(FO)->SectionObjectPointer)->SharedCacheMap != NULL) \
1916 CcIsThereDirtyData (
1924 /*IN*/ PFILE_OBJECT FileObject
,
1925 /*IN*/ PLARGE_INTEGER FileOffset
,
1926 /*IN*/ ULONG Length
,
1927 /*IN*/ BOOLEAN Wait
,
1929 /*OUT*/ PVOID
*Buffer
1936 /*IN*/ PFILE_OBJECT FileObject
,
1937 /*IN*/ PLARGE_INTEGER FileOffset
,
1938 /*IN*/ ULONG Length
,
1939 /*OUT*/ PMDL
*MdlChain
,
1940 /*OUT*/ PIO_STATUS_BLOCK IoStatus
1947 /*IN*/ PFILE_OBJECT FileObject
,
1948 /*IN*/ PMDL MdlChain
1954 CcMdlWriteComplete (
1955 /*IN*/ PFILE_OBJECT FileObject
,
1956 /*IN*/ PLARGE_INTEGER FileOffset
,
1957 /*IN*/ PMDL MdlChain
1964 /*IN*/ PFILE_OBJECT FileObject
,
1965 /*IN*/ PLARGE_INTEGER FileOffset
,
1966 /*IN*/ ULONG Length
,
1967 #if (VER_PRODUCTBUILD >= 2195)
1970 /*IN*/ BOOLEAN Wait
,
1972 /*IN OUT*/ PVOID
*Bcb
1979 /*IN*/ PFILE_OBJECT FileObject
,
1980 /*IN*/ PLARGE_INTEGER FileOffset
,
1981 /*IN*/ ULONG Length
,
1982 #if (VER_PRODUCTBUILD >= 2195)
1985 /*IN*/ BOOLEAN Wait
,
1988 /*OUT*/ PVOID
*Buffer
1995 /*IN*/ PFILE_OBJECT FileObject
,
1996 /*IN*/ PLARGE_INTEGER FileOffset
,
1997 /*IN*/ ULONG Length
,
1998 /*OUT*/ PMDL
*MdlChain
,
1999 /*OUT*/ PIO_STATUS_BLOCK IoStatus
2006 /*IN*/ PFILE_OBJECT FileObject
,
2007 /*IN*/ PLARGE_INTEGER FileOffset
,
2008 /*IN*/ ULONG Length
,
2009 /*IN*/ BOOLEAN Zero
,
2010 #if (VER_PRODUCTBUILD >= 2195)
2013 /*IN*/ BOOLEAN Wait
,
2016 /*OUT*/ PVOID
*Buffer
2022 CcPurgeCacheSection (
2023 /*IN*/ PSECTION_OBJECT_POINTERS SectionObjectPointer
,
2024 /*IN*/ PLARGE_INTEGER FileOffset
/*OPTIONAL*/,
2025 /*IN*/ ULONG Length
,
2026 /*IN*/ BOOLEAN UninitializeCacheMaps
2029 #define CcReadAhead(FO, FOFF, LEN) ( \
2030 if ((LEN) >= 256) { \
2031 CcScheduleReadAhead((FO), (FOFF), (LEN)); \
2035 #if (VER_PRODUCTBUILD >= 2195)
2044 #endif /* (VER_PRODUCTBUILD >= 2195) */
2056 CcScheduleReadAhead (
2057 /*IN*/ PFILE_OBJECT FileObject
,
2058 /*IN*/ PLARGE_INTEGER FileOffset
,
2065 CcSetAdditionalCacheAttributes (
2066 /*IN*/ PFILE_OBJECT FileObject
,
2067 /*IN*/ BOOLEAN DisableReadAhead
,
2068 /*IN*/ BOOLEAN DisableWriteBehind
2074 CcSetBcbOwnerPointer (
2076 /*IN*/ PVOID OwnerPointer
2082 CcSetDirtyPageThreshold (
2083 /*IN*/ PFILE_OBJECT FileObject
,
2084 /*IN*/ ULONG DirtyPageThreshold
2090 CcSetDirtyPinnedData (
2091 /*IN*/ PVOID BcbVoid
,
2092 /*IN*/ PLARGE_INTEGER Lsn
/*OPTIONAL*/
2099 /*IN*/ PFILE_OBJECT FileObject
,
2100 /*IN*/ PCC_FILE_SIZES FileSizes
2103 typedef VOID (NTAPI
*PFLUSH_TO_LSN
) (
2104 /*IN*/ PVOID LogHandle
,
2105 /*IN*/ PLARGE_INTEGER Lsn
2111 CcSetLogHandleForFile (
2112 /*IN*/ PFILE_OBJECT FileObject
,
2113 /*IN*/ PVOID LogHandle
,
2114 /*IN*/ PFLUSH_TO_LSN FlushToLsnRoutine
2120 CcSetReadAheadGranularity (
2121 /*IN*/ PFILE_OBJECT FileObject
,
2122 /*IN*/ ULONG Granularity
/* default: PAGE_SIZE */
2123 /* allowed: 2^n * PAGE_SIZE */
2129 CcUninitializeCacheMap (
2130 /*IN*/ PFILE_OBJECT FileObject
,
2131 /*IN*/ PLARGE_INTEGER TruncateSize
/*OPTIONAL*/,
2132 /*IN*/ PCACHE_UNINITIALIZE_EVENT UninitializeCompleteEvent
/*OPTIONAL*/
2145 CcUnpinDataForThread (
2147 /*IN*/ ERESOURCE_THREAD ResourceThreadId
2153 CcUnpinRepinnedBcb (
2155 /*IN*/ BOOLEAN WriteThrough
,
2156 /*OUT*/ PIO_STATUS_BLOCK IoStatus
2159 #if (VER_PRODUCTBUILD >= 2195)
2164 CcWaitForCurrentLazyWriterActivity (
2168 #endif /* (VER_PRODUCTBUILD >= 2195) */
2174 /*IN*/ PFILE_OBJECT FileObject
,
2175 /*IN*/ PLARGE_INTEGER StartOffset
,
2176 /*IN*/ PLARGE_INTEGER EndOffset
,
2183 ExDisableResourceBoostLite (
2184 /*IN*/ PERESOURCE Resource
2190 ExQueryPoolBlockSize (
2191 /*IN*/ PVOID PoolBlock
,
2192 /*OUT*/ PBOOLEAN QuotaCharged
2195 #define FlagOn(x, f) ((x) & (f))
2200 FsRtlAddToTunnelCache (
2201 /*IN*/ PTUNNEL Cache
,
2202 /*IN*/ ULONGLONG DirectoryKey
,
2203 /*IN*/ PUNICODE_STRING ShortName
,
2204 /*IN*/ PUNICODE_STRING LongName
,
2205 /*IN*/ BOOLEAN KeyByShortName
,
2206 /*IN*/ ULONG DataLength
,
2210 #if (VER_PRODUCTBUILD >= 2195)
2214 FsRtlAllocateFileLock (
2215 /*IN*/ PCOMPLETE_LOCK_IRP_ROUTINE CompleteLockIrpRoutine
/*OPTIONAL*/,
2216 /*IN*/ PUNLOCK_ROUTINE UnlockRoutine
/*OPTIONAL*/
2219 #endif /* (VER_PRODUCTBUILD >= 2195) */
2225 /*IN*/ POOL_TYPE PoolType
,
2226 /*IN*/ ULONG NumberOfBytes
2232 FsRtlAllocatePoolWithQuota (
2233 /*IN*/ POOL_TYPE PoolType
,
2234 /*IN*/ ULONG NumberOfBytes
2240 FsRtlAllocatePoolWithQuotaTag (
2241 /*IN*/ POOL_TYPE PoolType
,
2242 /*IN*/ ULONG NumberOfBytes
,
2249 FsRtlAllocatePoolWithTag (
2250 /*IN*/ POOL_TYPE PoolType
,
2251 /*IN*/ ULONG NumberOfBytes
,
2258 FsRtlAreNamesEqual (
2259 /*IN*/ PUNICODE_STRING Name1
,
2260 /*IN*/ PUNICODE_STRING Name2
,
2261 /*IN*/ BOOLEAN IgnoreCase
,
2262 /*IN*/ PWCHAR UpcaseTable
/*OPTIONAL*/
2265 #define FsRtlAreThereCurrentFileLocks(FL) ( \
2266 ((FL)->FastIoIsQuestionable) \
2270 FsRtlCheckLockForReadAccess:
2272 All this really does is pick out the lock parameters from the irp (io stack
2273 location?), get IoGetRequestorProcess, and pass values on to
2274 FsRtlFastCheckLockForRead.
2279 FsRtlCheckLockForReadAccess (
2280 /*IN*/ PFILE_LOCK FileLock
,
2285 FsRtlCheckLockForWriteAccess:
2287 All this really does is pick out the lock parameters from the irp (io stack
2288 location?), get IoGetRequestorProcess, and pass values on to
2289 FsRtlFastCheckLockForWrite.
2294 FsRtlCheckLockForWriteAccess (
2295 /*IN*/ PFILE_LOCK FileLock
,
2301 (*POPLOCK_WAIT_COMPLETE_ROUTINE
) (
2302 /*IN*/ PVOID Context
,
2308 (*POPLOCK_FS_PREPOST_IRP
) (
2309 /*IN*/ PVOID Context
,
2317 /*IN*/ POPLOCK Oplock
,
2319 /*IN*/ PVOID Context
,
2320 /*IN*/ POPLOCK_WAIT_COMPLETE_ROUTINE CompletionRoutine
/*OPTIONAL*/,
2321 /*IN*/ POPLOCK_FS_PREPOST_IRP PostIrpRoutine
/*OPTIONAL*/
2328 /*IN*/ PFILE_OBJECT FileObject
,
2329 /*IN*/ PLARGE_INTEGER FileOffset
,
2330 /*IN*/ ULONG Length
,
2331 /*IN*/ BOOLEAN Wait
,
2332 /*IN*/ ULONG LockKey
,
2333 /*OUT*/ PVOID Buffer
,
2334 /*OUT*/ PIO_STATUS_BLOCK IoStatus
,
2335 /*IN*/ PDEVICE_OBJECT DeviceObject
2342 /*IN*/ PFILE_OBJECT FileObject
,
2343 /*IN*/ PLARGE_INTEGER FileOffset
,
2344 /*IN*/ ULONG Length
,
2345 /*IN*/ BOOLEAN Wait
,
2346 /*IN*/ ULONG LockKey
,
2347 /*IN*/ PVOID Buffer
,
2348 /*OUT*/ PIO_STATUS_BLOCK IoStatus
,
2349 /*IN*/ PDEVICE_OBJECT DeviceObject
2355 FsRtlCurrentBatchOplock (
2356 /*IN*/ POPLOCK Oplock
2362 FsRtlDeleteKeyFromTunnelCache (
2363 /*IN*/ PTUNNEL Cache
,
2364 /*IN*/ ULONGLONG DirectoryKey
2370 FsRtlDeleteTunnelCache (
2371 /*IN*/ PTUNNEL Cache
2377 FsRtlDeregisterUncProvider (
2378 /*IN*/ HANDLE Handle
2384 FsRtlDoesNameContainWildCards (
2385 /*IN*/ PUNICODE_STRING Name
2388 #define FsRtlEnterFileSystem KeEnterCriticalRegion
2390 #define FsRtlExitFileSystem KeLeaveCriticalRegion
2395 FsRtlFastCheckLockForRead (
2396 /*IN*/ PFILE_LOCK FileLock
,
2397 /*IN*/ PLARGE_INTEGER FileOffset
,
2398 /*IN*/ PLARGE_INTEGER Length
,
2400 /*IN*/ PFILE_OBJECT FileObject
,
2401 /*IN*/ PEPROCESS Process
2407 FsRtlFastCheckLockForWrite (
2408 /*IN*/ PFILE_LOCK FileLock
,
2409 /*IN*/ PLARGE_INTEGER FileOffset
,
2410 /*IN*/ PLARGE_INTEGER Length
,
2412 /*IN*/ PFILE_OBJECT FileObject
,
2413 /*IN*/ PEPROCESS Process
2416 #define FsRtlFastLock(A1, A2, A3, A4, A5, A6, A7, A8, A9, A10, A11) ( \
2417 FsRtlPrivateLock(A1, A2, A3, A4, A5, A6, A7, A8, A9, NULL, A10, A11) \
2423 FsRtlFastUnlockAll (
2424 /*IN*/ PFILE_LOCK FileLock
,
2425 /*IN*/ PFILE_OBJECT FileObject
,
2426 /*IN*/ PEPROCESS Process
,
2427 /*IN*/ PVOID Context
/*OPTIONAL*/
2429 /* ret: STATUS_RANGE_NOT_LOCKED */
2434 FsRtlFastUnlockAllByKey (
2435 /*IN*/ PFILE_LOCK FileLock
,
2436 /*IN*/ PFILE_OBJECT FileObject
,
2437 /*IN*/ PEPROCESS Process
,
2439 /*IN*/ PVOID Context
/*OPTIONAL*/
2441 /* ret: STATUS_RANGE_NOT_LOCKED */
2446 FsRtlFastUnlockSingle (
2447 /*IN*/ PFILE_LOCK FileLock
,
2448 /*IN*/ PFILE_OBJECT FileObject
,
2449 /*IN*/ PLARGE_INTEGER FileOffset
,
2450 /*IN*/ PLARGE_INTEGER Length
,
2451 /*IN*/ PEPROCESS Process
,
2453 /*IN*/ PVOID Context
/*OPTIONAL*/,
2454 /*IN*/ BOOLEAN AlreadySynchronized
2456 /* ret: STATUS_RANGE_NOT_LOCKED */
2461 FsRtlFindInTunnelCache (
2462 /*IN*/ PTUNNEL Cache
,
2463 /*IN*/ ULONGLONG DirectoryKey
,
2464 /*IN*/ PUNICODE_STRING Name
,
2465 /*OUT*/ PUNICODE_STRING ShortName
,
2466 /*OUT*/ PUNICODE_STRING LongName
,
2467 /*IN OUT*/ PULONG DataLength
,
2471 #if (VER_PRODUCTBUILD >= 2195)
2477 /*IN*/ PFILE_LOCK FileLock
2480 #endif /* (VER_PRODUCTBUILD >= 2195) */
2486 /*IN*/ PFILE_OBJECT FileObject
,
2487 /*IN OUT*/ PLARGE_INTEGER FileSize
2491 FsRtlGetNextFileLock:
2493 ret: NULL if no more locks
2496 FsRtlGetNextFileLock uses FileLock->LastReturnedLockInfo and
2497 FileLock->LastReturnedLock as storage.
2498 LastReturnedLock is a pointer to the 'raw' lock inkl. double linked
2499 list, and FsRtlGetNextFileLock needs this to get next lock on subsequent
2500 calls with Restart = FALSE.
2505 FsRtlGetNextFileLock (
2506 /*IN*/ PFILE_LOCK FileLock
,
2507 /*IN*/ BOOLEAN Restart
2513 FsRtlInitializeFileLock (
2514 /*IN*/ PFILE_LOCK FileLock
,
2515 /*IN*/ PCOMPLETE_LOCK_IRP_ROUTINE CompleteLockIrpRoutine
/*OPTIONAL*/,
2516 /*IN*/ PUNLOCK_ROUTINE UnlockRoutine
/*OPTIONAL*/
2522 FsRtlInitializeOplock (
2523 /*IN OUT*/ POPLOCK Oplock
2529 FsRtlInitializeTunnelCache (
2530 /*IN*/ PTUNNEL Cache
2536 FsRtlIsNameInExpression (
2537 /*IN*/ PUNICODE_STRING Expression
,
2538 /*IN*/ PUNICODE_STRING Name
,
2539 /*IN*/ BOOLEAN IgnoreCase
,
2540 /*IN*/ PWCHAR UpcaseTable
/*OPTIONAL*/
2546 FsRtlIsNtstatusExpected (
2547 /*IN*/ NTSTATUS Ntstatus
2550 #define FsRtlIsUnicodeCharacterWild(C) ( \
2553 FlagOn((*FsRtlLegalAnsiCharacterArray)[(C)], FSRTL_WILD_CHARACTER )) \
2559 FsRtlMdlReadComplete (
2560 /*IN*/ PFILE_OBJECT FileObject
,
2561 /*IN*/ PMDL MdlChain
2567 FsRtlMdlReadCompleteDev (
2568 /*IN*/ PFILE_OBJECT FileObject
,
2569 /*IN*/ PMDL MdlChain
,
2570 /*IN*/ PDEVICE_OBJECT DeviceObject
2576 FsRtlMdlWriteComplete (
2577 /*IN*/ PFILE_OBJECT FileObject
,
2578 /*IN*/ PLARGE_INTEGER FileOffset
,
2579 /*IN*/ PMDL MdlChain
2585 FsRtlMdlWriteCompleteDev (
2586 /*IN*/ PFILE_OBJECT FileObject
,
2587 /*IN*/ PLARGE_INTEGER FileOffset
,
2588 /*IN*/ PMDL MdlChain
,
2589 /*IN*/ PDEVICE_OBJECT DeviceObject
2595 FsRtlNormalizeNtstatus (
2596 /*IN*/ NTSTATUS Exception
,
2597 /*IN*/ NTSTATUS GenericException
2603 FsRtlNotifyChangeDirectory (
2604 /*IN*/ PNOTIFY_SYNC NotifySync
,
2605 /*IN*/ PVOID FsContext
,
2606 /*IN*/ PSTRING FullDirectoryName
,
2607 /*IN*/ PLIST_ENTRY NotifyList
,
2608 /*IN*/ BOOLEAN WatchTree
,
2609 /*IN*/ ULONG CompletionFilter
,
2610 /*IN*/ PIRP NotifyIrp
2616 FsRtlNotifyCleanup (
2617 /*IN*/ PNOTIFY_SYNC NotifySync
,
2618 /*IN*/ PLIST_ENTRY NotifyList
,
2619 /*IN*/ PVOID FsContext
2622 typedef BOOLEAN (*PCHECK_FOR_TRAVERSE_ACCESS
) (
2623 /*IN*/ PVOID NotifyContext
,
2624 /*IN*/ PVOID TargetContext
,
2625 /*IN*/ PSECURITY_SUBJECT_CONTEXT SubjectContext
2631 FsRtlNotifyFullChangeDirectory (
2632 /*IN*/ PNOTIFY_SYNC NotifySync
,
2633 /*IN*/ PLIST_ENTRY NotifyList
,
2634 /*IN*/ PVOID FsContext
,
2635 /*IN*/ PSTRING FullDirectoryName
,
2636 /*IN*/ BOOLEAN WatchTree
,
2637 /*IN*/ BOOLEAN IgnoreBuffer
,
2638 /*IN*/ ULONG CompletionFilter
,
2639 /*IN*/ PIRP NotifyIrp
,
2640 /*IN*/ PCHECK_FOR_TRAVERSE_ACCESS TraverseCallback
/*OPTIONAL*/,
2641 /*IN*/ PSECURITY_SUBJECT_CONTEXT SubjectContext
/*OPTIONAL*/
2647 FsRtlNotifyFullReportChange (
2648 /*IN*/ PNOTIFY_SYNC NotifySync
,
2649 /*IN*/ PLIST_ENTRY NotifyList
,
2650 /*IN*/ PSTRING FullTargetName
,
2651 /*IN*/ USHORT TargetNameOffset
,
2652 /*IN*/ PSTRING StreamName
/*OPTIONAL*/,
2653 /*IN*/ PSTRING NormalizedParentName
/*OPTIONAL*/,
2654 /*IN*/ ULONG FilterMatch
,
2655 /*IN*/ ULONG Action
,
2656 /*IN*/ PVOID TargetContext
2662 FsRtlNotifyInitializeSync (
2663 /*IN*/ PNOTIFY_SYNC NotifySync
2669 FsRtlNotifyReportChange (
2670 /*IN*/ PNOTIFY_SYNC NotifySync
,
2671 /*IN*/ PLIST_ENTRY NotifyList
,
2672 /*IN*/ PSTRING FullTargetName
,
2673 /*IN*/ PUSHORT FileNamePartLength
,
2674 /*IN*/ ULONG FilterMatch
2680 FsRtlNotifyUninitializeSync (
2681 /*IN*/ PNOTIFY_SYNC NotifySync
2684 #if (VER_PRODUCTBUILD >= 2195)
2689 FsRtlNotifyVolumeEvent (
2690 /*IN*/ PFILE_OBJECT FileObject
,
2691 /*IN*/ ULONG EventCode
2694 #endif /* (VER_PRODUCTBUILD >= 2195) */
2700 /*IN*/ POPLOCK Oplock
,
2702 /*IN*/ ULONG OpenCount
2708 FsRtlOplockIsFastIoPossible (
2709 /*IN*/ POPLOCK Oplock
2715 ret: IoStatus->Status: STATUS_PENDING, STATUS_LOCK_NOT_GRANTED
2718 -Calls IoCompleteRequest if Irp
2719 -Uses exception handling / ExRaiseStatus with STATUS_INSUFFICIENT_RESOURCES
2725 /*IN*/ PFILE_LOCK FileLock
,
2726 /*IN*/ PFILE_OBJECT FileObject
,
2727 /*IN*/ PLARGE_INTEGER FileOffset
,
2728 /*IN*/ PLARGE_INTEGER Length
,
2729 /*IN*/ PEPROCESS Process
,
2731 /*IN*/ BOOLEAN FailImmediately
,
2732 /*IN*/ BOOLEAN ExclusiveLock
,
2733 /*OUT*/ PIO_STATUS_BLOCK IoStatus
,
2734 /*IN*/ PIRP Irp
/*OPTIONAL*/,
2735 /*IN*/ PVOID Context
,
2736 /*IN*/ BOOLEAN AlreadySynchronized
2740 FsRtlProcessFileLock:
2743 -STATUS_INVALID_DEVICE_REQUEST
2744 -STATUS_RANGE_NOT_LOCKED from unlock routines.
2745 -STATUS_PENDING, STATUS_LOCK_NOT_GRANTED from FsRtlPrivateLock
2746 (redirected IoStatus->Status).
2749 -switch ( Irp->CurrentStackLocation->MinorFunction )
2750 lock: return FsRtlPrivateLock;
2751 unlocksingle: return FsRtlFastUnlockSingle;
2752 unlockall: return FsRtlFastUnlockAll;
2753 unlockallbykey: return FsRtlFastUnlockAllByKey;
2754 default: IofCompleteRequest with STATUS_INVALID_DEVICE_REQUEST;
2755 return STATUS_INVALID_DEVICE_REQUEST;
2757 -'AllwaysZero' is passed thru as 'AllwaysZero' to lock / unlock routines.
2758 -'Irp' is passet thru as 'Irp' to FsRtlPrivateLock.
2763 FsRtlProcessFileLock (
2764 /*IN*/ PFILE_LOCK FileLock
,
2766 /*IN*/ PVOID Context
/*OPTIONAL*/
2772 FsRtlRegisterUncProvider (
2773 /*IN OUT*/ PHANDLE MupHandle
,
2774 /*IN*/ PUNICODE_STRING RedirectorDeviceName
,
2775 /*IN*/ BOOLEAN MailslotsSupported
2781 FsRtlUninitializeFileLock (
2782 /*IN*/ PFILE_LOCK FileLock
2788 FsRtlUninitializeOplock (
2789 /*IN OUT*/ POPLOCK Oplock
2802 HalQueryRealTimeClock (
2803 /*IN OUT*/ PTIME_FIELDS TimeFields
2809 HalSetRealTimeClock (
2810 /*IN*/ PTIME_FIELDS TimeFields
2813 #define InitializeMessageHeader(m, l, t) { \
2814 (m)->Length = (USHORT)(l); \
2815 (m)->DataLength = (USHORT)(l - sizeof( LPC_MESSAGE )); \
2816 (m)->MessageType = (USHORT)(t); \
2817 (m)->DataInfoOffset = 0; \
2823 IoAcquireVpbSpinLock (
2830 IoCheckDesiredAccess (
2831 /*IN OUT*/ PACCESS_MASK DesiredAccess
,
2832 /*IN*/ ACCESS_MASK GrantedAccess
2838 IoCheckEaBufferValidity (
2839 /*IN*/ PFILE_FULL_EA_INFORMATION EaBuffer
,
2840 /*IN*/ ULONG EaLength
,
2841 /*OUT*/ PULONG ErrorOffset
2847 IoCheckFunctionAccess (
2848 /*IN*/ ACCESS_MASK GrantedAccess
,
2849 /*IN*/ UCHAR MajorFunction
,
2850 /*IN*/ UCHAR MinorFunction
,
2851 /*IN*/ ULONG IoControlCode
,
2852 /*IN*/ PFILE_INFORMATION_CLASS FileInformationClass
/*OPTIONAL*/,
2853 /*IN*/ PFS_INFORMATION_CLASS FsInformationClass
/*OPTIONAL*/
2856 #if (VER_PRODUCTBUILD >= 2195)
2861 IoCheckQuotaBufferValidity (
2862 /*IN*/ PFILE_QUOTA_INFORMATION QuotaBuffer
,
2863 /*IN*/ ULONG QuotaLength
,
2864 /*OUT*/ PULONG ErrorOffset
2867 #endif /* (VER_PRODUCTBUILD >= 2195) */
2872 IoCreateStreamFileObject (
2873 /*IN*/ PFILE_OBJECT FileObject
/*OPTIONAL*/,
2874 /*IN*/ PDEVICE_OBJECT DeviceObject
/*OPTIONAL*/
2877 #if (VER_PRODUCTBUILD >= 2195)
2882 IoCreateStreamFileObjectLite (
2883 /*IN*/ PFILE_OBJECT FileObject
/*OPTIONAL*/,
2884 /*IN*/ PDEVICE_OBJECT DeviceObject
/*OPTIONAL*/
2887 #endif /* (VER_PRODUCTBUILD >= 2195) */
2892 IoFastQueryNetworkAttributes (
2893 /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes
,
2894 /*IN*/ ACCESS_MASK DesiredAccess
,
2895 /*IN*/ ULONG OpenOptions
,
2896 /*OUT*/ PIO_STATUS_BLOCK IoStatus
,
2897 /*OUT*/ PFILE_NETWORK_OPEN_INFORMATION Buffer
2903 IoGetAttachedDevice (
2904 /*IN*/ PDEVICE_OBJECT DeviceObject
2910 IoGetBaseFileSystemDeviceObject (
2911 /*IN*/ PFILE_OBJECT FileObject
2917 IoGetRequestorProcess (
2921 #if (VER_PRODUCTBUILD >= 2195)
2926 IoGetRequestorProcessId (
2930 #endif /* (VER_PRODUCTBUILD >= 2195) */
2939 #define IoIsFileOpenedExclusively(FileObject) ( \
2941 (FileObject)->SharedRead || \
2942 (FileObject)->SharedWrite || \
2943 (FileObject)->SharedDelete \
2950 IoIsOperationSynchronous (
2958 /*IN*/ PETHREAD Thread
2961 #if (VER_PRODUCTBUILD >= 2195)
2966 IoIsValidNameGraftingBuffer (
2968 /*IN*/ PREPARSE_DATA_BUFFER ReparseBuffer
2971 #endif /* (VER_PRODUCTBUILD >= 2195) */
2977 /*IN*/ PFILE_OBJECT FileObject
,
2979 /*IN*/ PLARGE_INTEGER Offset
,
2980 /*IN*/ PKEVENT Event
,
2981 /*OUT*/ PIO_STATUS_BLOCK IoStatusBlock
2987 IoQueryFileInformation (
2988 /*IN*/ PFILE_OBJECT FileObject
,
2989 /*IN*/ FILE_INFORMATION_CLASS FileInformationClass
,
2990 /*IN*/ ULONG Length
,
2991 /*OUT*/ PVOID FileInformation
,
2992 /*OUT*/ PULONG ReturnedLength
2998 IoQueryVolumeInformation (
2999 /*IN*/ PFILE_OBJECT FileObject
,
3000 /*IN*/ FS_INFORMATION_CLASS FsInformationClass
,
3001 /*IN*/ ULONG Length
,
3002 /*OUT*/ PVOID FsInformation
,
3003 /*OUT*/ PULONG ReturnedLength
3009 IoRegisterFileSystem (
3010 /*IN OUT*/ PDEVICE_OBJECT DeviceObject
3013 #if (VER_PRODUCTBUILD >= 1381)
3015 typedef VOID (NTAPI
*PDRIVER_FS_NOTIFICATION
) (
3016 /*IN*/ PDEVICE_OBJECT DeviceObject
,
3017 /*IN*/ BOOLEAN DriverActive
3023 IoRegisterFsRegistrationChange (
3024 /*IN*/ PDRIVER_OBJECT DriverObject
,
3025 /*IN*/ PDRIVER_FS_NOTIFICATION DriverNotificationRoutine
3028 #endif /* (VER_PRODUCTBUILD >= 1381) */
3033 IoReleaseVpbSpinLock (
3040 IoSetDeviceToVerify (
3041 /*IN*/ PETHREAD Thread
,
3042 /*IN*/ PDEVICE_OBJECT DeviceObject
3049 /*IN*/ PFILE_OBJECT FileObject
,
3050 /*IN*/ FILE_INFORMATION_CLASS FileInformationClass
,
3051 /*IN*/ ULONG Length
,
3052 /*IN*/ PVOID FileInformation
3065 IoSynchronousPageWrite (
3066 /*IN*/ PFILE_OBJECT FileObject
,
3068 /*IN*/ PLARGE_INTEGER FileOffset
,
3069 /*IN*/ PKEVENT Event
,
3070 /*OUT*/ PIO_STATUS_BLOCK IoStatusBlock
3077 /*IN*/ PETHREAD Thread
3083 IoUnregisterFileSystem (
3084 /*IN OUT*/ PDEVICE_OBJECT DeviceObject
3087 #if (VER_PRODUCTBUILD >= 1381)
3092 IoUnregisterFsRegistrationChange (
3093 /*IN*/ PDRIVER_OBJECT DriverObject
,
3094 /*IN*/ PDRIVER_FS_NOTIFICATION DriverNotificationRoutine
3097 #endif /* (VER_PRODUCTBUILD >= 1381) */
3103 /*IN*/ PDEVICE_OBJECT DeviceObject
,
3104 /*IN*/ BOOLEAN AllowRawMount
3111 /*IN*/ PEPROCESS Process
3125 /*IN*/ PRKQUEUE Queue
,
3126 /*IN*/ ULONG Count
/*OPTIONAL*/
3133 /*IN*/ PRKQUEUE Queue
,
3134 /*IN*/ PLIST_ENTRY Entry
3141 /*IN*/ PRKQUEUE Queue
,
3142 /*IN*/ PLIST_ENTRY Entry
3150 /*IN*/ PVOID SystemArgument1
,
3151 /*IN*/ PVOID SystemArgument2
,
3152 /*IN*/ KPRIORITY PriorityBoost
3159 /*IN*/ PRKQUEUE Queue
3166 /*IN*/ PRKQUEUE Queue
,
3167 /*IN*/ KPROCESSOR_MODE WaitMode
,
3168 /*IN*/ PLARGE_INTEGER Timeout
/*OPTIONAL*/
3175 /*IN*/ PRKQUEUE Queue
3178 #if (VER_PRODUCTBUILD >= 2195)
3183 KeStackAttachProcess (
3184 /*IN*/ PKPROCESS Process
,
3185 /*OUT*/ PKAPC_STATE ApcState
3191 KeUnstackDetachProcess (
3192 /*IN*/ PKAPC_STATE ApcState
3195 #endif /* (VER_PRODUCTBUILD >= 2195) */
3200 MmCanFileBeTruncated (
3201 /*IN*/ PSECTION_OBJECT_POINTERS SectionObjectPointer
,
3202 /*IN*/ PLARGE_INTEGER NewFileSize
3208 MmFlushImageSection (
3209 /*IN*/ PSECTION_OBJECT_POINTERS SectionObjectPointer
,
3210 /*IN*/ MMFLUSH_TYPE FlushType
3216 MmForceSectionClosed (
3217 /*IN*/ PSECTION_OBJECT_POINTERS SectionObjectPointer
,
3218 /*IN*/ BOOLEAN DelayClose
3221 #if (VER_PRODUCTBUILD >= 1381)
3226 MmIsRecursiveIoFault (
3232 #define MmIsRecursiveIoFault() ( \
3233 (PsGetCurrentThread()->DisablePageFaultClustering) | \
3234 (PsGetCurrentThread()->ForwardClusterOnly) \
3242 MmMapViewOfSection (
3243 /*IN*/ PVOID SectionObject
,
3244 /*IN*/ PEPROCESS Process
,
3245 /*IN OUT*/ PVOID
*BaseAddress
,
3246 /*IN*/ ULONG ZeroBits
,
3247 /*IN*/ ULONG CommitSize
,
3248 /*IN OUT*/ PLARGE_INTEGER SectionOffset
/*OPTIONAL*/,
3249 /*IN OUT*/ PULONG ViewSize
,
3250 /*IN*/ SECTION_INHERIT InheritDisposition
,
3251 /*IN*/ ULONG AllocationType
,
3252 /*IN*/ ULONG Protect
3258 MmSetAddressRangeModified (
3259 /*IN*/ PVOID Address
,
3267 /*IN*/ KPROCESSOR_MODE ObjectAttributesAccessMode
/*OPTIONAL*/,
3268 /*IN*/ POBJECT_TYPE ObjectType
,
3269 /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes
/*OPTIONAL*/,
3270 /*IN*/ KPROCESSOR_MODE AccessMode
,
3271 /*IN OUT*/ PVOID ParseContext
/*OPTIONAL*/,
3272 /*IN*/ ULONG ObjectSize
,
3273 /*IN*/ ULONG PagedPoolCharge
/*OPTIONAL*/,
3274 /*IN*/ ULONG NonPagedPoolCharge
/*OPTIONAL*/,
3275 /*OUT*/ PVOID
*Object
3281 ObGetObjectPointerCount (
3289 /*IN*/ PVOID Object
,
3290 /*IN*/ PACCESS_STATE PassedAccessState
/*OPTIONAL*/,
3291 /*IN*/ ACCESS_MASK DesiredAccess
,
3292 /*IN*/ ULONG AdditionalReferences
,
3293 /*OUT*/ PVOID
*ReferencedObject
/*OPTIONAL*/,
3294 /*OUT*/ PHANDLE Handle
3300 ObMakeTemporaryObject (
3307 ObOpenObjectByPointer (
3308 /*IN*/ PVOID Object
,
3309 /*IN*/ ULONG HandleAttributes
,
3310 /*IN*/ PACCESS_STATE PassedAccessState
/*OPTIONAL*/,
3311 /*IN*/ ACCESS_MASK DesiredAccess
/*OPTIONAL*/,
3312 /*IN*/ POBJECT_TYPE ObjectType
/*OPTIONAL*/,
3313 /*IN*/ KPROCESSOR_MODE AccessMode
,
3314 /*OUT*/ PHANDLE Handle
3321 /*IN*/ PVOID Object
,
3322 /*OUT*/ POBJECT_NAME_INFORMATION ObjectNameInfo
,
3323 /*IN*/ ULONG Length
,
3324 /*OUT*/ PULONG ReturnLength
3330 ObQueryObjectAuditingByHandle (
3331 /*IN*/ HANDLE Handle
,
3332 /*OUT*/ PBOOLEAN GenerateOnClose
3338 ObReferenceObjectByName (
3339 /*IN*/ PUNICODE_STRING ObjectName
,
3340 /*IN*/ ULONG Attributes
,
3341 /*IN*/ PACCESS_STATE PassedAccessState
/*OPTIONAL*/,
3342 /*IN*/ ACCESS_MASK DesiredAccess
/*OPTIONAL*/,
3343 /*IN*/ POBJECT_TYPE ObjectType
,
3344 /*IN*/ KPROCESSOR_MODE AccessMode
,
3345 /*IN OUT*/ PVOID ParseContext
/*OPTIONAL*/,
3346 /*OUT*/ PVOID
*Object
3353 /*IN*/ PEPROCESS Process
,
3354 /*IN*/ POOL_TYPE PoolType
,
3358 #define PsDereferenceImpersonationToken(T) \
3359 {if (ARGUMENT_PRESENT(T)) { \
3360 (ObDereferenceObject((T))); \
3366 #define PsDereferencePrimaryToken(T) (ObDereferenceObject((T)))
3371 PsGetProcessExitTime (
3378 PsIsThreadTerminating (
3379 /*IN*/ PETHREAD Thread
3385 PsLookupProcessByProcessId (
3386 /*IN*/ PVOID ProcessId
,
3387 /*OUT*/ PEPROCESS
*Process
3393 PsLookupProcessThreadByCid (
3394 /*IN*/ PCLIENT_ID Cid
,
3395 /*OUT*/ PEPROCESS
*Process
/*OPTIONAL*/,
3396 /*OUT*/ PETHREAD
*Thread
3402 PsLookupThreadByThreadId (
3403 /*IN*/ PVOID UniqueThreadId
,
3404 /*OUT*/ PETHREAD
*Thread
3410 PsReferenceImpersonationToken (
3411 /*IN*/ PETHREAD Thread
,
3412 /*OUT*/ PBOOLEAN CopyOnUse
,
3413 /*OUT*/ PBOOLEAN EffectiveOnly
,
3414 /*OUT*/ PSECURITY_IMPERSONATION_LEVEL Level
3420 PsReferencePrimaryToken (
3421 /*IN*/ PEPROCESS Process
3428 /*IN*/ PEPROCESS Process
,
3429 /*IN*/ POOL_TYPE PoolType
,
3443 RtlAbsoluteToSelfRelativeSD (
3444 /*IN*/ PSECURITY_DESCRIPTOR AbsoluteSecurityDescriptor
,
3445 /*IN OUT*/ PSECURITY_DESCRIPTOR SelfRelativeSecurityDescriptor
,
3446 /*IN*/ PULONG BufferLength
3453 /*IN*/ HANDLE HeapHandle
,
3462 /*IN*/ USHORT CompressionFormatAndEngine
,
3463 /*IN*/ PUCHAR UncompressedBuffer
,
3464 /*IN*/ ULONG UncompressedBufferSize
,
3465 /*OUT*/ PUCHAR CompressedBuffer
,
3466 /*IN*/ ULONG CompressedBufferSize
,
3467 /*IN*/ ULONG UncompressedChunkSize
,
3468 /*OUT*/ PULONG FinalCompressedSize
,
3469 /*IN*/ PVOID WorkSpace
3476 /*IN*/ PUCHAR UncompressedBuffer
,
3477 /*IN*/ ULONG UncompressedBufferSize
,
3478 /*OUT*/ PUCHAR CompressedBuffer
,
3479 /*IN*/ ULONG CompressedBufferSize
,
3480 /*IN OUT*/ PCOMPRESSED_DATA_INFO CompressedDataInfo
,
3481 /*IN*/ ULONG CompressedDataInfoLength
,
3482 /*IN*/ PVOID WorkSpace
3488 RtlConvertSidToUnicodeString (
3489 /*OUT*/ PUNICODE_STRING DestinationString
,
3491 /*IN*/ BOOLEAN AllocateDestinationString
3498 /*IN*/ ULONG Length
,
3499 /*IN*/ PSID Destination
,
3506 RtlDecompressBuffer (
3507 /*IN*/ USHORT CompressionFormat
,
3508 /*OUT*/ PUCHAR UncompressedBuffer
,
3509 /*IN*/ ULONG UncompressedBufferSize
,
3510 /*IN*/ PUCHAR CompressedBuffer
,
3511 /*IN*/ ULONG CompressedBufferSize
,
3512 /*OUT*/ PULONG FinalUncompressedSize
3518 RtlDecompressChunks (
3519 /*OUT*/ PUCHAR UncompressedBuffer
,
3520 /*IN*/ ULONG UncompressedBufferSize
,
3521 /*IN*/ PUCHAR CompressedBuffer
,
3522 /*IN*/ ULONG CompressedBufferSize
,
3523 /*IN*/ PUCHAR CompressedTail
,
3524 /*IN*/ ULONG CompressedTailSize
,
3525 /*IN*/ PCOMPRESSED_DATA_INFO CompressedDataInfo
3531 RtlDecompressFragment (
3532 /*IN*/ USHORT CompressionFormat
,
3533 /*OUT*/ PUCHAR UncompressedFragment
,
3534 /*IN*/ ULONG UncompressedFragmentSize
,
3535 /*IN*/ PUCHAR CompressedBuffer
,
3536 /*IN*/ ULONG CompressedBufferSize
,
3537 /*IN*/ ULONG FragmentOffset
,
3538 /*OUT*/ PULONG FinalUncompressedSize
,
3539 /*IN*/ PVOID WorkSpace
3546 /*IN*/ USHORT CompressionFormat
,
3547 /*IN OUT*/ PUCHAR
*CompressedBuffer
,
3548 /*IN*/ PUCHAR EndOfCompressedBufferPlus1
,
3549 /*OUT*/ PUCHAR
*ChunkBuffer
,
3550 /*OUT*/ PULONG ChunkSize
3564 RtlFillMemoryUlong (
3565 /*IN*/ PVOID Destination
,
3566 /*IN*/ ULONG Length
,
3574 /*IN*/ HANDLE HeapHandle
,
3582 RtlGenerate8dot3Name (
3583 /*IN*/ PUNICODE_STRING Name
,
3584 /*IN*/ BOOLEAN AllowExtendedCharacters
,
3585 /*IN OUT*/ PGENERATE_NAME_CONTEXT Context
,
3586 /*OUT*/ PUNICODE_STRING Name8dot3
3592 RtlGetCompressionWorkSpaceSize (
3593 /*IN*/ USHORT CompressionFormatAndEngine
,
3594 /*OUT*/ PULONG CompressBufferWorkSpaceSize
,
3595 /*OUT*/ PULONG CompressFragmentWorkSpaceSize
3601 RtlGetDaclSecurityDescriptor (
3602 /*IN*/ PSECURITY_DESCRIPTOR SecurityDescriptor
,
3603 /*OUT*/ PBOOLEAN DaclPresent
,
3605 /*OUT*/ PBOOLEAN DaclDefaulted
3611 RtlGetGroupSecurityDescriptor (
3612 /*IN*/ PSECURITY_DESCRIPTOR SecurityDescriptor
,
3613 /*OUT*/ PSID
*Group
,
3614 /*OUT*/ PBOOLEAN GroupDefaulted
3620 RtlGetOwnerSecurityDescriptor (
3621 /*IN*/ PSECURITY_DESCRIPTOR SecurityDescriptor
,
3622 /*OUT*/ PSID
*Owner
,
3623 /*OUT*/ PBOOLEAN OwnerDefaulted
3630 /*IN OUT*/ PSID Sid
,
3631 /*IN*/ PSID_IDENTIFIER_AUTHORITY IdentifierAuthority
,
3632 /*IN*/ UCHAR SubAuthorityCount
3638 RtlIsNameLegalDOS8Dot3 (
3639 /*IN*/ PUNICODE_STRING UnicodeName
,
3640 /*IN*/ PANSI_STRING AnsiName
,
3647 RtlLengthRequiredSid (
3648 /*IN*/ UCHAR SubAuthorityCount
3661 RtlNtStatusToDosError (
3662 /*IN*/ NTSTATUS Status
3669 /*IN*/ USHORT CompressionFormat
,
3670 /*IN OUT*/ PUCHAR
*CompressedBuffer
,
3671 /*IN*/ PUCHAR EndOfCompressedBufferPlus1
,
3672 /*OUT*/ PUCHAR
*ChunkBuffer
,
3673 /*IN*/ ULONG ChunkSize
3679 RtlSecondsSince1970ToTime (
3680 /*IN*/ ULONG SecondsSince1970
,
3681 /*OUT*/ PLARGE_INTEGER Time
3684 #if (VER_PRODUCTBUILD >= 2195)
3689 RtlSelfRelativeToAbsoluteSD (
3690 /*IN*/ PSECURITY_DESCRIPTOR SelfRelativeSD
,
3691 /*OUT*/ PSECURITY_DESCRIPTOR AbsoluteSD
,
3692 /*IN*/ PULONG AbsoluteSDSize
,
3694 /*IN*/ PULONG DaclSize
,
3696 /*IN*/ PULONG SaclSize
,
3698 /*IN*/ PULONG OwnerSize
,
3699 /*IN*/ PSID PrimaryGroup
,
3700 /*IN*/ PULONG PrimaryGroupSize
3703 #endif /* (VER_PRODUCTBUILD >= 2195) */
3708 RtlSetGroupSecurityDescriptor (
3709 /*IN OUT*/ PSECURITY_DESCRIPTOR SecurityDescriptor
,
3711 /*IN*/ BOOLEAN GroupDefaulted
3717 RtlSetOwnerSecurityDescriptor (
3718 /*IN OUT*/ PSECURITY_DESCRIPTOR SecurityDescriptor
,
3720 /*IN*/ BOOLEAN OwnerDefaulted
3726 RtlSetSaclSecurityDescriptor (
3727 /*IN OUT*/ PSECURITY_DESCRIPTOR SecurityDescriptor
,
3728 /*IN*/ BOOLEAN SaclPresent
,
3730 /*IN*/ BOOLEAN SaclDefaulted
3736 RtlSubAuthorityCountSid (
3743 RtlSubAuthoritySid (
3745 /*IN*/ ULONG SubAuthority
3758 SeAppendPrivileges (
3759 PACCESS_STATE AccessState
,
3760 PPRIVILEGE_SET Privileges
3766 SeAuditingFileEvents (
3767 /*IN*/ BOOLEAN AccessGranted
,
3768 /*IN*/ PSECURITY_DESCRIPTOR SecurityDescriptor
3774 SeAuditingFileOrGlobalEvents (
3775 /*IN*/ BOOLEAN AccessGranted
,
3776 /*IN*/ PSECURITY_DESCRIPTOR SecurityDescriptor
,
3777 /*IN*/ PSECURITY_SUBJECT_CONTEXT SubjectContext
3783 SeCaptureSubjectContext (
3784 /*OUT*/ PSECURITY_SUBJECT_CONTEXT SubjectContext
3790 SeCreateAccessState (
3791 /*OUT*/ PACCESS_STATE AccessState
,
3792 /*IN*/ PVOID AuxData
,
3793 /*IN*/ ACCESS_MASK AccessMask
,
3794 /*IN*/ PGENERIC_MAPPING Mapping
3800 SeCreateClientSecurity (
3801 /*IN*/ PETHREAD Thread
,
3802 /*IN*/ PSECURITY_QUALITY_OF_SERVICE QualityOfService
,
3803 /*IN*/ BOOLEAN RemoteClient
,
3804 /*OUT*/ PSECURITY_CLIENT_CONTEXT ClientContext
3807 #if (VER_PRODUCTBUILD >= 2195)
3812 SeCreateClientSecurityFromSubjectContext (
3813 /*IN*/ PSECURITY_SUBJECT_CONTEXT SubjectContext
,
3814 /*IN*/ PSECURITY_QUALITY_OF_SERVICE QualityOfService
,
3815 /*IN*/ BOOLEAN ServerIsRemote
,
3816 /*OUT*/ PSECURITY_CLIENT_CONTEXT ClientContext
3819 #endif /* (VER_PRODUCTBUILD >= 2195) */
3821 #define SeDeleteClientSecurity(C) { \
3822 if (SeTokenType((C)->ClientToken) == TokenPrimary) { \
3823 PsDereferencePrimaryToken( (C)->ClientToken ); \
3825 PsDereferenceImpersonationToken( (C)->ClientToken ); \
3832 SeDeleteObjectAuditAlarm (
3833 /*IN*/ PVOID Object
,
3834 /*IN*/ HANDLE Handle
3837 #define SeEnableAccessToExports() SeExports = *(PSE_EXPORTS *)SeExports;
3843 /*IN*/ PPRIVILEGE_SET Privileges
3849 SeImpersonateClient (
3850 /*IN*/ PSECURITY_CLIENT_CONTEXT ClientContext
,
3851 /*IN*/ PETHREAD ServerThread
/*OPTIONAL*/
3854 #if (VER_PRODUCTBUILD >= 2195)
3859 SeImpersonateClientEx (
3860 /*IN*/ PSECURITY_CLIENT_CONTEXT ClientContext
,
3861 /*IN*/ PETHREAD ServerThread
/*OPTIONAL*/
3864 #endif /* (VER_PRODUCTBUILD >= 2195) */
3869 SeLockSubjectContext (
3870 /*IN*/ PSECURITY_SUBJECT_CONTEXT SubjectContext
3876 SeMarkLogonSessionForTerminationNotification (
3877 /*IN*/ PLUID LogonId
3883 SeOpenObjectAuditAlarm (
3884 /*IN*/ PUNICODE_STRING ObjectTypeName
,
3885 /*IN*/ PVOID Object
/*OPTIONAL*/,
3886 /*IN*/ PUNICODE_STRING AbsoluteObjectName
/*OPTIONAL*/,
3887 /*IN*/ PSECURITY_DESCRIPTOR SecurityDescriptor
,
3888 /*IN*/ PACCESS_STATE AccessState
,
3889 /*IN*/ BOOLEAN ObjectCreated
,
3890 /*IN*/ BOOLEAN AccessGranted
,
3891 /*IN*/ KPROCESSOR_MODE AccessMode
,
3892 /*OUT*/ PBOOLEAN GenerateOnClose
3898 SeOpenObjectForDeleteAuditAlarm (
3899 /*IN*/ PUNICODE_STRING ObjectTypeName
,
3900 /*IN*/ PVOID Object
/*OPTIONAL*/,
3901 /*IN*/ PUNICODE_STRING AbsoluteObjectName
/*OPTIONAL*/,
3902 /*IN*/ PSECURITY_DESCRIPTOR SecurityDescriptor
,
3903 /*IN*/ PACCESS_STATE AccessState
,
3904 /*IN*/ BOOLEAN ObjectCreated
,
3905 /*IN*/ BOOLEAN AccessGranted
,
3906 /*IN*/ KPROCESSOR_MODE AccessMode
,
3907 /*OUT*/ PBOOLEAN GenerateOnClose
3914 /*IN OUT*/ PPRIVILEGE_SET RequiredPrivileges
,
3915 /*IN*/ PSECURITY_SUBJECT_CONTEXT SubjectContext
,
3916 /*IN*/ KPROCESSOR_MODE AccessMode
3922 SeQueryAuthenticationIdToken (
3923 /*IN*/ PACCESS_TOKEN Token
,
3924 /*OUT*/ PLUID LogonId
3927 #if (VER_PRODUCTBUILD >= 2195)
3932 SeQueryInformationToken (
3933 /*IN*/ PACCESS_TOKEN Token
,
3934 /*IN*/ TOKEN_INFORMATION_CLASS TokenInformationClass
,
3935 /*OUT*/ PVOID
*TokenInformation
3938 #endif /* (VER_PRODUCTBUILD >= 2195) */
3943 SeQuerySecurityDescriptorInfo (
3944 /*IN*/ PSECURITY_INFORMATION SecurityInformation
,
3945 /*OUT*/ PSECURITY_DESCRIPTOR SecurityDescriptor
,
3946 /*IN OUT*/ PULONG Length
,
3947 /*IN*/ PSECURITY_DESCRIPTOR
*ObjectsSecurityDescriptor
3950 #if (VER_PRODUCTBUILD >= 2195)
3955 SeQuerySessionIdToken (
3956 /*IN*/ PACCESS_TOKEN Token
,
3957 /*IN*/ PULONG SessionId
3960 #endif /* (VER_PRODUCTBUILD >= 2195) */
3962 #define SeQuerySubjectContextToken( SubjectContext ) \
3963 ( ARGUMENT_PRESENT( \
3964 ((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->ClientToken \
3966 ((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->ClientToken : \
3967 ((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->PrimaryToken )
3969 typedef NTSTATUS (*PSE_LOGON_SESSION_TERMINATED_ROUTINE
) (
3970 /*IN*/ PLUID LogonId
3976 SeRegisterLogonSessionTerminatedRoutine (
3977 /*IN*/ PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine
3983 SeReleaseSubjectContext (
3984 /*IN*/ PSECURITY_SUBJECT_CONTEXT SubjectContext
3990 SeSetAccessStateGenericMapping (
3991 PACCESS_STATE AccessState
,
3992 PGENERIC_MAPPING GenericMapping
3998 SeSetSecurityDescriptorInfo (
3999 /*IN*/ PVOID Object
/*OPTIONAL*/,
4000 /*IN*/ PSECURITY_INFORMATION SecurityInformation
,
4001 /*IN*/ PSECURITY_DESCRIPTOR SecurityDescriptor
,
4002 /*IN OUT*/ PSECURITY_DESCRIPTOR
*ObjectsSecurityDescriptor
,
4003 /*IN*/ POOL_TYPE PoolType
,
4004 /*IN*/ PGENERIC_MAPPING GenericMapping
4007 #if (VER_PRODUCTBUILD >= 2195)
4012 SeSetSecurityDescriptorInfoEx (
4013 /*IN*/ PVOID Object
/*OPTIONAL*/,
4014 /*IN*/ PSECURITY_INFORMATION SecurityInformation
,
4015 /*IN*/ PSECURITY_DESCRIPTOR ModificationDescriptor
,
4016 /*IN OUT*/ PSECURITY_DESCRIPTOR
*ObjectsSecurityDescriptor
,
4017 /*IN*/ ULONG AutoInheritFlags
,
4018 /*IN*/ POOL_TYPE PoolType
,
4019 /*IN*/ PGENERIC_MAPPING GenericMapping
4026 /*IN*/ PACCESS_TOKEN Token
4032 SeTokenIsRestricted (
4033 /*IN*/ PACCESS_TOKEN Token
4036 #endif /* (VER_PRODUCTBUILD >= 2195) */
4042 /*IN*/ PACCESS_TOKEN Token
4048 SeUnlockSubjectContext (
4049 /*IN*/ PSECURITY_SUBJECT_CONTEXT SubjectContext
4054 SeUnregisterLogonSessionTerminatedRoutine (
4055 /*IN*/ PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine
4058 #if (VER_PRODUCTBUILD >= 2195)
4063 ZwAdjustPrivilegesToken (
4064 /*IN*/ HANDLE TokenHandle
,
4065 /*IN*/ BOOLEAN DisableAllPrivileges
,
4066 /*IN*/ PTOKEN_PRIVILEGES NewState
,
4067 /*IN*/ ULONG BufferLength
,
4068 /*OUT*/ PTOKEN_PRIVILEGES PreviousState
/*OPTIONAL*/,
4069 /*OUT*/ PULONG ReturnLength
4072 #endif /* (VER_PRODUCTBUILD >= 2195) */
4078 /*IN*/ HANDLE ThreadHandle
4084 ZwAllocateVirtualMemory (
4085 /*IN*/ HANDLE ProcessHandle
,
4086 /*IN OUT*/ PVOID
*BaseAddress
,
4087 /*IN*/ ULONG ZeroBits
,
4088 /*IN OUT*/ PULONG RegionSize
,
4089 /*IN*/ ULONG AllocationType
,
4090 /*IN*/ ULONG Protect
4096 ZwAccessCheckAndAuditAlarm (
4097 /*IN*/ PUNICODE_STRING SubsystemName
,
4098 /*IN*/ PVOID HandleId
,
4099 /*IN*/ PUNICODE_STRING ObjectTypeName
,
4100 /*IN*/ PUNICODE_STRING ObjectName
,
4101 /*IN*/ PSECURITY_DESCRIPTOR SecurityDescriptor
,
4102 /*IN*/ ACCESS_MASK DesiredAccess
,
4103 /*IN*/ PGENERIC_MAPPING GenericMapping
,
4104 /*IN*/ BOOLEAN ObjectCreation
,
4105 /*OUT*/ PACCESS_MASK GrantedAccess
,
4106 /*OUT*/ PBOOLEAN AccessStatus
,
4107 /*OUT*/ PBOOLEAN GenerateOnClose
4110 #if (VER_PRODUCTBUILD >= 2195)
4116 /*IN*/ HANDLE FileHandle
,
4117 /*OUT*/ PIO_STATUS_BLOCK IoStatusBlock
4120 #endif /* (VER_PRODUCTBUILD >= 2195) */
4126 /*IN*/ HANDLE EventHandle
4132 ZwCloseObjectAuditAlarm (
4133 /*IN*/ PUNICODE_STRING SubsystemName
,
4134 /*IN*/ PVOID HandleId
,
4135 /*IN*/ BOOLEAN GenerateOnClose
4142 /*OUT*/ PHANDLE SectionHandle
,
4143 /*IN*/ ACCESS_MASK DesiredAccess
,
4144 /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes
/*OPTIONAL*/,
4145 /*IN*/ PLARGE_INTEGER MaximumSize
/*OPTIONAL*/,
4146 /*IN*/ ULONG SectionPageProtection
,
4147 /*IN*/ ULONG AllocationAttributes
,
4148 /*IN*/ HANDLE FileHandle
/*OPTIONAL*/
4154 ZwCreateSymbolicLinkObject (
4155 /*OUT*/ PHANDLE SymbolicLinkHandle
,
4156 /*IN*/ ACCESS_MASK DesiredAccess
,
4157 /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes
,
4158 /*IN*/ PUNICODE_STRING TargetName
4165 /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes
4172 /*IN*/ HANDLE Handle
,
4173 /*IN*/ PUNICODE_STRING Name
4179 ZwDeviceIoControlFile (
4180 /*IN*/ HANDLE FileHandle
,
4181 /*IN*/ HANDLE Event
/*OPTIONAL*/,
4182 /*IN*/ PIO_APC_ROUTINE ApcRoutine
/*OPTIONAL*/,
4183 /*IN*/ PVOID ApcContext
/*OPTIONAL*/,
4184 /*OUT*/ PIO_STATUS_BLOCK IoStatusBlock
,
4185 /*IN*/ ULONG IoControlCode
,
4186 /*IN*/ PVOID InputBuffer
/*OPTIONAL*/,
4187 /*IN*/ ULONG InputBufferLength
,
4188 /*OUT*/ PVOID OutputBuffer
/*OPTIONAL*/,
4189 /*IN*/ ULONG OutputBufferLength
4196 /*IN*/ PUNICODE_STRING String
4203 /*IN*/ HANDLE SourceProcessHandle
,
4204 /*IN*/ HANDLE SourceHandle
,
4205 /*IN*/ HANDLE TargetProcessHandle
/*OPTIONAL*/,
4206 /*OUT*/ PHANDLE TargetHandle
/*OPTIONAL*/,
4207 /*IN*/ ACCESS_MASK DesiredAccess
,
4208 /*IN*/ ULONG HandleAttributes
,
4209 /*IN*/ ULONG Options
4216 /*IN*/ HANDLE ExistingTokenHandle
,
4217 /*IN*/ ACCESS_MASK DesiredAccess
,
4218 /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes
,
4219 /*IN*/ BOOLEAN EffectiveOnly
,
4220 /*IN*/ TOKEN_TYPE TokenType
,
4221 /*OUT*/ PHANDLE NewTokenHandle
4227 ZwFlushInstructionCache (
4228 /*IN*/ HANDLE ProcessHandle
,
4229 /*IN*/ PVOID BaseAddress
/*OPTIONAL*/,
4230 /*IN*/ ULONG FlushSize
4233 #if (VER_PRODUCTBUILD >= 2195)
4238 ZwFlushVirtualMemory (
4239 /*IN*/ HANDLE ProcessHandle
,
4240 /*IN OUT*/ PVOID
*BaseAddress
,
4241 /*IN OUT*/ PULONG FlushSize
,
4242 /*OUT*/ PIO_STATUS_BLOCK IoStatusBlock
4245 #endif /* (VER_PRODUCTBUILD >= 2195) */
4250 ZwFreeVirtualMemory (
4251 /*IN*/ HANDLE ProcessHandle
,
4252 /*IN OUT*/ PVOID
*BaseAddress
,
4253 /*IN OUT*/ PULONG RegionSize
,
4254 /*IN*/ ULONG FreeType
4261 /*IN*/ HANDLE FileHandle
,
4262 /*IN*/ HANDLE Event
/*OPTIONAL*/,
4263 /*IN*/ PIO_APC_ROUTINE ApcRoutine
/*OPTIONAL*/,
4264 /*IN*/ PVOID ApcContext
/*OPTIONAL*/,
4265 /*OUT*/ PIO_STATUS_BLOCK IoStatusBlock
,
4266 /*IN*/ ULONG FsControlCode
,
4267 /*IN*/ PVOID InputBuffer
/*OPTIONAL*/,
4268 /*IN*/ ULONG InputBufferLength
,
4269 /*OUT*/ PVOID OutputBuffer
/*OPTIONAL*/,
4270 /*IN*/ ULONG OutputBufferLength
4273 #if (VER_PRODUCTBUILD >= 2195)
4278 ZwInitiatePowerAction (
4279 /*IN*/ POWER_ACTION SystemAction
,
4280 /*IN*/ SYSTEM_POWER_STATE MinSystemState
,
4282 /*IN*/ BOOLEAN Asynchronous
4285 #endif /* (VER_PRODUCTBUILD >= 2195) */
4291 /* "\\Registry\\Machine\\System\\CurrentControlSet\\Services\\<DriverName>" */
4292 /*IN*/ PUNICODE_STRING RegistryPath
4299 /*IN*/ POBJECT_ATTRIBUTES KeyObjectAttributes
,
4300 /*IN*/ POBJECT_ATTRIBUTES FileObjectAttributes
4307 /*IN*/ HANDLE KeyHandle
,
4308 /*IN*/ HANDLE EventHandle
/*OPTIONAL*/,
4309 /*IN*/ PIO_APC_ROUTINE ApcRoutine
/*OPTIONAL*/,
4310 /*IN*/ PVOID ApcContext
/*OPTIONAL*/,
4311 /*OUT*/ PIO_STATUS_BLOCK IoStatusBlock
,
4312 /*IN*/ ULONG NotifyFilter
,
4313 /*IN*/ BOOLEAN WatchSubtree
,
4314 /*IN*/ PVOID Buffer
,
4315 /*IN*/ ULONG BufferLength
,
4316 /*IN*/ BOOLEAN Asynchronous
4322 ZwOpenDirectoryObject (
4323 /*OUT*/ PHANDLE DirectoryHandle
,
4324 /*IN*/ ACCESS_MASK DesiredAccess
,
4325 /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes
4332 /*OUT*/ PHANDLE EventHandle
,
4333 /*IN*/ ACCESS_MASK DesiredAccess
,
4334 /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes
4341 /*OUT*/ PHANDLE ProcessHandle
,
4342 /*IN*/ ACCESS_MASK DesiredAccess
,
4343 /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes
,
4344 /*IN*/ PCLIENT_ID ClientId
/*OPTIONAL*/
4350 ZwOpenProcessToken (
4351 /*IN*/ HANDLE ProcessHandle
,
4352 /*IN*/ ACCESS_MASK DesiredAccess
,
4353 /*OUT*/ PHANDLE TokenHandle
4360 /*OUT*/ PHANDLE ThreadHandle
,
4361 /*IN*/ ACCESS_MASK DesiredAccess
,
4362 /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes
,
4363 /*IN*/ PCLIENT_ID ClientId
4370 /*IN*/ HANDLE ThreadHandle
,
4371 /*IN*/ ACCESS_MASK DesiredAccess
,
4372 /*IN*/ BOOLEAN OpenAsSelf
,
4373 /*OUT*/ PHANDLE TokenHandle
4376 #if (VER_PRODUCTBUILD >= 2195)
4381 ZwPowerInformation (
4382 /*IN*/ POWER_INFORMATION_LEVEL PowerInformationLevel
,
4383 /*IN*/ PVOID InputBuffer
/*OPTIONAL*/,
4384 /*IN*/ ULONG InputBufferLength
,
4385 /*OUT*/ PVOID OutputBuffer
/*OPTIONAL*/,
4386 /*IN*/ ULONG OutputBufferLength
4389 #endif /* (VER_PRODUCTBUILD >= 2195) */
4395 /*IN*/ HANDLE EventHandle
,
4396 /*OUT*/ PULONG PreviousState
/*OPTIONAL*/
4402 ZwQueryDefaultLocale (
4403 /*IN*/ BOOLEAN ThreadOrSystem
,
4404 /*OUT*/ PLCID Locale
4410 ZwQueryDirectoryFile (
4411 /*IN*/ HANDLE FileHandle
,
4412 /*IN*/ HANDLE Event
/*OPTIONAL*/,
4413 /*IN*/ PIO_APC_ROUTINE ApcRoutine
/*OPTIONAL*/,
4414 /*IN*/ PVOID ApcContext
/*OPTIONAL*/,
4415 /*OUT*/ PIO_STATUS_BLOCK IoStatusBlock
,
4416 /*OUT*/ PVOID FileInformation
,
4417 /*IN*/ ULONG Length
,
4418 /*IN*/ FILE_INFORMATION_CLASS FileInformationClass
,
4419 /*IN*/ BOOLEAN ReturnSingleEntry
,
4420 /*IN*/ PUNICODE_STRING FileName
/*OPTIONAL*/,
4421 /*IN*/ BOOLEAN RestartScan
4424 #if (VER_PRODUCTBUILD >= 2195)
4429 ZwQueryDirectoryObject (
4430 /*IN*/ HANDLE DirectoryHandle
,
4431 /*OUT*/ PVOID Buffer
,
4432 /*IN*/ ULONG Length
,
4433 /*IN*/ BOOLEAN ReturnSingleEntry
,
4434 /*IN*/ BOOLEAN RestartScan
,
4435 /*IN OUT*/ PULONG Context
,
4436 /*OUT*/ PULONG ReturnLength
/*OPTIONAL*/
4443 /*IN*/ HANDLE FileHandle
,
4444 /*OUT*/ PIO_STATUS_BLOCK IoStatusBlock
,
4445 /*OUT*/ PVOID Buffer
,
4446 /*IN*/ ULONG Length
,
4447 /*IN*/ BOOLEAN ReturnSingleEntry
,
4448 /*IN*/ PVOID EaList
/*OPTIONAL*/,
4449 /*IN*/ ULONG EaListLength
,
4450 /*IN*/ PULONG EaIndex
/*OPTIONAL*/,
4451 /*IN*/ BOOLEAN RestartScan
4454 #endif /* (VER_PRODUCTBUILD >= 2195) */
4459 ZwQueryInformationProcess (
4460 /*IN*/ HANDLE ProcessHandle
,
4461 /*IN*/ PROCESSINFOCLASS ProcessInformationClass
,
4462 /*OUT*/ PVOID ProcessInformation
,
4463 /*IN*/ ULONG ProcessInformationLength
,
4464 /*OUT*/ PULONG ReturnLength
/*OPTIONAL*/
4470 ZwQueryInformationToken (
4471 /*IN*/ HANDLE TokenHandle
,
4472 /*IN*/ TOKEN_INFORMATION_CLASS TokenInformationClass
,
4473 /*OUT*/ PVOID TokenInformation
,
4474 /*IN*/ ULONG Length
,
4475 /*OUT*/ PULONG ResultLength
4482 /*IN*/ HANDLE ObjectHandle
,
4483 /*IN*/ OBJECT_INFORMATION_CLASS ObjectInformationClass
,
4484 /*OUT*/ PVOID ObjectInformation
,
4485 /*IN*/ ULONG Length
,
4486 /*OUT*/ PULONG ResultLength
4493 /*IN*/ HANDLE SectionHandle
,
4494 /*IN*/ SECTION_INFORMATION_CLASS SectionInformationClass
,
4495 /*OUT*/ PVOID SectionInformation
,
4496 /*IN*/ ULONG SectionInformationLength
,
4497 /*OUT*/ PULONG ResultLength
/*OPTIONAL*/
4503 ZwQuerySecurityObject (
4504 /*IN*/ HANDLE FileHandle
,
4505 /*IN*/ SECURITY_INFORMATION SecurityInformation
,
4506 /*OUT*/ PSECURITY_DESCRIPTOR SecurityDescriptor
,
4507 /*IN*/ ULONG Length
,
4508 /*OUT*/ PULONG ResultLength
4514 ZwQuerySystemInformation (
4515 /*IN*/ SYSTEM_INFORMATION_CLASS SystemInformationClass
,
4516 /*OUT*/ PVOID SystemInformation
,
4517 /*IN*/ ULONG Length
,
4518 /*OUT*/ PULONG ReturnLength
4524 ZwQueryVolumeInformationFile (
4525 /*IN*/ HANDLE FileHandle
,
4526 /*OUT*/ PIO_STATUS_BLOCK IoStatusBlock
,
4527 /*OUT*/ PVOID FsInformation
,
4528 /*IN*/ ULONG Length
,
4529 /*IN*/ FS_INFORMATION_CLASS FsInformationClass
4536 /*IN*/ POBJECT_ATTRIBUTES NewFileObjectAttributes
,
4537 /*IN*/ HANDLE KeyHandle
,
4538 /*IN*/ POBJECT_ATTRIBUTES OldFileObjectAttributes
4545 /*IN*/ HANDLE EventHandle
,
4546 /*OUT*/ PULONG PreviousState
/*OPTIONAL*/
4549 #if (VER_PRODUCTBUILD >= 2195)
4555 /*IN*/ HANDLE KeyHandle
,
4556 /*IN*/ HANDLE FileHandle
,
4560 #endif /* (VER_PRODUCTBUILD >= 2195) */
4566 /*IN*/ HANDLE KeyHandle
,
4567 /*IN*/ HANDLE FileHandle
4573 ZwSetDefaultLocale (
4574 /*IN*/ BOOLEAN ThreadOrSystem
,
4578 #if (VER_PRODUCTBUILD >= 2195)
4583 ZwSetDefaultUILanguage (
4584 /*IN*/ LANGID LanguageId
4591 /*IN*/ HANDLE FileHandle
,
4592 /*OUT*/ PIO_STATUS_BLOCK IoStatusBlock
,
4593 /*OUT*/ PVOID Buffer
,
4597 #endif /* (VER_PRODUCTBUILD >= 2195) */
4603 /*IN*/ HANDLE EventHandle
,
4604 /*OUT*/ PULONG PreviousState
/*OPTIONAL*/
4610 ZwSetInformationObject (
4611 /*IN*/ HANDLE ObjectHandle
,
4612 /*IN*/ OBJECT_INFORMATION_CLASS ObjectInformationClass
,
4613 /*IN*/ PVOID ObjectInformation
,
4614 /*IN*/ ULONG ObjectInformationLength
4620 ZwSetInformationProcess (
4621 /*IN*/ HANDLE ProcessHandle
,
4622 /*IN*/ PROCESSINFOCLASS ProcessInformationClass
,
4623 /*IN*/ PVOID ProcessInformation
,
4624 /*IN*/ ULONG ProcessInformationLength
4627 #if (VER_PRODUCTBUILD >= 2195)
4632 ZwSetSecurityObject (
4633 /*IN*/ HANDLE Handle
,
4634 /*IN*/ SECURITY_INFORMATION SecurityInformation
,
4635 /*IN*/ PSECURITY_DESCRIPTOR SecurityDescriptor
4638 #endif /* (VER_PRODUCTBUILD >= 2195) */
4643 ZwSetSystemInformation (
4644 /*IN*/ SYSTEM_INFORMATION_CLASS SystemInformationClass
,
4645 /*IN*/ PVOID SystemInformation
,
4653 /*IN*/ PLARGE_INTEGER NewTime
,
4654 /*OUT*/ PLARGE_INTEGER OldTime
/*OPTIONAL*/
4657 #if (VER_PRODUCTBUILD >= 2195)
4662 ZwSetVolumeInformationFile (
4663 /*IN*/ HANDLE FileHandle
,
4664 /*OUT*/ PIO_STATUS_BLOCK IoStatusBlock
,
4665 /*IN*/ PVOID FsInformation
,
4666 /*IN*/ ULONG Length
,
4667 /*IN*/ FS_INFORMATION_CLASS FsInformationClass
4670 #endif /* (VER_PRODUCTBUILD >= 2195) */
4675 ZwTerminateProcess (
4676 /*IN*/ HANDLE ProcessHandle
/*OPTIONAL*/,
4677 /*IN*/ NTSTATUS ExitStatus
4684 /* "\\Registry\\Machine\\System\\CurrentControlSet\\Services\\<DriverName>" */
4685 /*IN*/ PUNICODE_STRING RegistryPath
4692 /*IN*/ POBJECT_ATTRIBUTES KeyObjectAttributes
4698 ZwWaitForSingleObject (
4699 /*IN*/ HANDLE Handle
,
4700 /*IN*/ BOOLEAN Alertable
,
4701 /*IN*/ PLARGE_INTEGER Timeout
/*OPTIONAL*/
4707 ZwWaitForMultipleObjects (
4708 /*IN*/ ULONG HandleCount
,
4709 /*IN*/ PHANDLE Handles
,
4710 /*IN*/ WAIT_TYPE WaitType
,
4711 /*IN*/ BOOLEAN Alertable
,
4712 /*IN*/ PLARGE_INTEGER Timeout
/*OPTIONAL*/
4726 #endif /* _NTIFS_ */