diff -r da7c1a80df0d -r d2d6724aef32 holdingarea/llvm/llvm-gcc4.2-2.7-x86-mingw32/include/ddk/ntifs.h --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/holdingarea/llvm/llvm-gcc4.2-2.7-x86-mingw32/include/ddk/ntifs.h Thu Sep 16 09:43:14 2010 +0100 @@ -0,0 +1,4726 @@ +/* + * ntifs.h + * + * Windows NT Filesystem Driver Developer Kit + * + * This file is part of the w32api package. + * + * Contributors: + * Created by Bo Brantén + * + * THIS SOFTWARE IS NOT COPYRIGHTED + * + * This source code is offered for use in the public domain. You may + * use, modify or distribute it freely. + * + * This code is distributed in the hope that it will be useful but + * WITHOUT ANY WARRANTY. ALL WARRANTIES, EXPRESS OR IMPLIED ARE HEREBY + * DISCLAIMED. This includes but is not limited to warranties of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + * + */ + +#ifndef _NTIFS_ +#define _NTIFS_ +#define _GNU_NTIFS_ + +#if __GNUC__ >= 3 +#pragma GCC system_header +#endif + +#ifdef __cplusplus +extern "C" { +#endif + +#include "ntddk.h" +#include "ntapi.h" + +#define VER_PRODUCTBUILD 10000 + +#ifndef NTSYSAPI +#define NTSYSAPI +#endif + +#ifndef NTKERNELAPI +#define NTKERNELAPI STDCALL +#endif + +typedef struct _SE_EXPORTS *PSE_EXPORTS; + +extern PUCHAR *FsRtlLegalAnsiCharacterArray; +extern PSE_EXPORTS SeExports; +extern PACL SePublicDefaultDacl; +extern PACL SeSystemDefaultDacl; + +#define ANSI_DOS_STAR ('<') +#define ANSI_DOS_QM ('>') +#define ANSI_DOS_DOT ('"') + +#define DOS_STAR (L'<') +#define DOS_QM (L'>') +#define DOS_DOT (L'"') + +/* also in winnt.h */ +#define ACCESS_ALLOWED_ACE_TYPE (0x0) +#define ACCESS_DENIED_ACE_TYPE (0x1) +#define SYSTEM_AUDIT_ACE_TYPE (0x2) +#define SYSTEM_ALARM_ACE_TYPE (0x3) + +#define COMPRESSION_FORMAT_NONE (0x0000) +#define COMPRESSION_FORMAT_DEFAULT (0x0001) +#define COMPRESSION_FORMAT_LZNT1 (0x0002) +#define COMPRESSION_ENGINE_STANDARD (0x0000) +#define COMPRESSION_ENGINE_MAXIMUM (0x0100) +#define COMPRESSION_ENGINE_HIBER (0x0200) + +#define FILE_ACTION_ADDED 0x00000001 +#define FILE_ACTION_REMOVED 0x00000002 +#define FILE_ACTION_MODIFIED 0x00000003 +#define FILE_ACTION_RENAMED_OLD_NAME 0x00000004 +#define FILE_ACTION_RENAMED_NEW_NAME 0x00000005 +#define FILE_ACTION_ADDED_STREAM 0x00000006 +#define FILE_ACTION_REMOVED_STREAM 0x00000007 +#define FILE_ACTION_MODIFIED_STREAM 0x00000008 +#define FILE_ACTION_REMOVED_BY_DELETE 0x00000009 +#define FILE_ACTION_ID_NOT_TUNNELLED 0x0000000A +#define FILE_ACTION_TUNNELLED_ID_COLLISION 0x0000000B +/* end winnt.h */ + +#define FILE_EA_TYPE_BINARY 0xfffe +#define FILE_EA_TYPE_ASCII 0xfffd +#define FILE_EA_TYPE_BITMAP 0xfffb +#define FILE_EA_TYPE_METAFILE 0xfffa +#define FILE_EA_TYPE_ICON 0xfff9 +#define FILE_EA_TYPE_EA 0xffee +#define FILE_EA_TYPE_MVMT 0xffdf +#define FILE_EA_TYPE_MVST 0xffde +#define FILE_EA_TYPE_ASN1 0xffdd +#define FILE_EA_TYPE_FAMILY_IDS 0xff01 + +#define FILE_NEED_EA 0x00000080 + +/* also in winnt.h */ +#define FILE_NOTIFY_CHANGE_FILE_NAME 0x00000001 +#define FILE_NOTIFY_CHANGE_DIR_NAME 0x00000002 +#define FILE_NOTIFY_CHANGE_NAME 0x00000003 +#define FILE_NOTIFY_CHANGE_ATTRIBUTES 0x00000004 +#define FILE_NOTIFY_CHANGE_SIZE 0x00000008 +#define FILE_NOTIFY_CHANGE_LAST_WRITE 0x00000010 +#define FILE_NOTIFY_CHANGE_LAST_ACCESS 0x00000020 +#define FILE_NOTIFY_CHANGE_CREATION 0x00000040 +#define FILE_NOTIFY_CHANGE_EA 0x00000080 +#define FILE_NOTIFY_CHANGE_SECURITY 0x00000100 +#define FILE_NOTIFY_CHANGE_STREAM_NAME 0x00000200 +#define FILE_NOTIFY_CHANGE_STREAM_SIZE 0x00000400 +#define FILE_NOTIFY_CHANGE_STREAM_WRITE 0x00000800 +#define FILE_NOTIFY_VALID_MASK 0x00000fff +/* end winnt.h */ + +#define FILE_OPLOCK_BROKEN_TO_LEVEL_2 0x00000007 +#define FILE_OPLOCK_BROKEN_TO_NONE 0x00000008 + +#define FILE_OPBATCH_BREAK_UNDERWAY 0x00000009 + +#define FILE_CASE_SENSITIVE_SEARCH 0x00000001 +#define FILE_CASE_PRESERVED_NAMES 0x00000002 +#define FILE_UNICODE_ON_DISK 0x00000004 +#define FILE_PERSISTENT_ACLS 0x00000008 +#define FILE_FILE_COMPRESSION 0x00000010 +#define FILE_VOLUME_QUOTAS 0x00000020 +#define FILE_SUPPORTS_SPARSE_FILES 0x00000040 +#define FILE_SUPPORTS_REPARSE_POINTS 0x00000080 +#define FILE_SUPPORTS_REMOTE_STORAGE 0x00000100 +#define FS_LFN_APIS 0x00004000 +#define FILE_VOLUME_IS_COMPRESSED 0x00008000 +#define FILE_SUPPORTS_OBJECT_IDS 0x00010000 +#define FILE_SUPPORTS_ENCRYPTION 0x00020000 +#define FILE_NAMED_STREAMS 0x00040000 +#define FILE_READ_ONLY_VOLUME 0x00080000 + +#define FILE_PIPE_BYTE_STREAM_TYPE 0x00000000 +#define FILE_PIPE_MESSAGE_TYPE 0x00000001 + +#define FILE_PIPE_BYTE_STREAM_MODE 0x00000000 +#define FILE_PIPE_MESSAGE_MODE 0x00000001 + +#define FILE_PIPE_QUEUE_OPERATION 0x00000000 +#define FILE_PIPE_COMPLETE_OPERATION 0x00000001 + +#define FILE_PIPE_INBOUND 0x00000000 +#define FILE_PIPE_OUTBOUND 0x00000001 +#define FILE_PIPE_FULL_DUPLEX 0x00000002 + +#define FILE_PIPE_DISCONNECTED_STATE 0x00000001 +#define FILE_PIPE_LISTENING_STATE 0x00000002 +#define FILE_PIPE_CONNECTED_STATE 0x00000003 +#define FILE_PIPE_CLOSING_STATE 0x00000004 + +#define FILE_PIPE_CLIENT_END 0x00000000 +#define FILE_PIPE_SERVER_END 0x00000001 + +#define FILE_PIPE_READ_DATA 0x00000000 +#define FILE_PIPE_WRITE_SPACE 0x00000001 + +#define FILE_STORAGE_TYPE_SPECIFIED 0x00000041 /* FILE_DIRECTORY_FILE | FILE_NON_DIRECTORY_FILE */ +#define FILE_STORAGE_TYPE_DEFAULT (StorageTypeDefault << FILE_STORAGE_TYPE_SHIFT) +#define FILE_STORAGE_TYPE_DIRECTORY (StorageTypeDirectory << FILE_STORAGE_TYPE_SHIFT) +#define FILE_STORAGE_TYPE_FILE (StorageTypeFile << FILE_STORAGE_TYPE_SHIFT) +#define FILE_STORAGE_TYPE_DOCFILE (StorageTypeDocfile << FILE_STORAGE_TYPE_SHIFT) +#define FILE_STORAGE_TYPE_JUNCTION_POINT (StorageTypeJunctionPoint << FILE_STORAGE_TYPE_SHIFT) +#define FILE_STORAGE_TYPE_CATALOG (StorageTypeCatalog << FILE_STORAGE_TYPE_SHIFT) +#define FILE_STORAGE_TYPE_STRUCTURED_STORAGE (StorageTypeStructuredStorage << FILE_STORAGE_TYPE_SHIFT) +#define FILE_STORAGE_TYPE_EMBEDDING (StorageTypeEmbedding << FILE_STORAGE_TYPE_SHIFT) +#define FILE_STORAGE_TYPE_STREAM (StorageTypeStream << FILE_STORAGE_TYPE_SHIFT) +#define FILE_MINIMUM_STORAGE_TYPE FILE_STORAGE_TYPE_DEFAULT +#define FILE_MAXIMUM_STORAGE_TYPE FILE_STORAGE_TYPE_STREAM +#define FILE_STORAGE_TYPE_MASK 0x000f0000 +#define FILE_STORAGE_TYPE_SHIFT 16 + +#define FILE_VC_QUOTA_NONE 0x00000000 +#define FILE_VC_QUOTA_TRACK 0x00000001 +#define FILE_VC_QUOTA_ENFORCE 0x00000002 +#define FILE_VC_QUOTA_MASK 0x00000003 + +#define FILE_VC_QUOTAS_LOG_VIOLATIONS 0x00000004 +#define FILE_VC_CONTENT_INDEX_DISABLED 0x00000008 + +#define FILE_VC_LOG_QUOTA_THRESHOLD 0x00000010 +#define FILE_VC_LOG_QUOTA_LIMIT 0x00000020 +#define FILE_VC_LOG_VOLUME_THRESHOLD 0x00000040 +#define FILE_VC_LOG_VOLUME_LIMIT 0x00000080 + +#define FILE_VC_QUOTAS_INCOMPLETE 0x00000100 +#define FILE_VC_QUOTAS_REBUILDING 0x00000200 + +#define FILE_VC_VALID_MASK 0x000003ff + +#define FSRTL_FLAG_FILE_MODIFIED (0x01) +#define FSRTL_FLAG_FILE_LENGTH_CHANGED (0x02) +#define FSRTL_FLAG_LIMIT_MODIFIED_PAGES (0x04) +#define FSRTL_FLAG_ACQUIRE_MAIN_RSRC_EX (0x08) +#define FSRTL_FLAG_ACQUIRE_MAIN_RSRC_SH (0x10) +#define FSRTL_FLAG_USER_MAPPED_FILE (0x20) +#define FSRTL_FLAG_EOF_ADVANCE_ACTIVE (0x80) + +#define FSRTL_FLAG2_DO_MODIFIED_WRITE (0x01) + +#define FSRTL_FSP_TOP_LEVEL_IRP (0x01) +#define FSRTL_CACHE_TOP_LEVEL_IRP (0x02) +#define FSRTL_MOD_WRITE_TOP_LEVEL_IRP (0x03) +#define FSRTL_FAST_IO_TOP_LEVEL_IRP (0x04) +#define FSRTL_MAX_TOP_LEVEL_IRP_FLAG (0x04) + +#define FSRTL_VOLUME_DISMOUNT 1 +#define FSRTL_VOLUME_DISMOUNT_FAILED 2 +#define FSRTL_VOLUME_LOCK 3 +#define FSRTL_VOLUME_LOCK_FAILED 4 +#define FSRTL_VOLUME_UNLOCK 5 +#define FSRTL_VOLUME_MOUNT 6 + +#define FSRTL_WILD_CHARACTER 0x08 + +#ifdef _X86_ +#define HARDWARE_PTE HARDWARE_PTE_X86 +#define PHARDWARE_PTE PHARDWARE_PTE_X86 +#else +#define HARDWARE_PTE ULONG +#define PHARDWARE_PTE PULONG +#endif + +#define IO_CHECK_CREATE_PARAMETERS 0x0200 +#define IO_ATTACH_DEVICE 0x0400 + +#define IO_ATTACH_DEVICE_API 0x80000000 +/* also in winnt.h */ +#define IO_COMPLETION_QUERY_STATE 0x0001 +#define IO_COMPLETION_MODIFY_STATE 0x0002 +#define IO_COMPLETION_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED|SYNCHRONIZE|0x3) +/* end winnt.h */ +#define IO_FILE_OBJECT_NON_PAGED_POOL_CHARGE 64 +#define IO_FILE_OBJECT_PAGED_POOL_CHARGE 1024 + +#define IO_TYPE_APC 18 +#define IO_TYPE_DPC 19 +#define IO_TYPE_DEVICE_QUEUE 20 +#define IO_TYPE_EVENT_PAIR 21 +#define IO_TYPE_INTERRUPT 22 +#define IO_TYPE_PROFILE 23 + +#define IRP_BEING_VERIFIED 0x10 + +#define MAILSLOT_CLASS_FIRSTCLASS 1 +#define MAILSLOT_CLASS_SECONDCLASS 2 + +#define MAILSLOT_SIZE_AUTO 0 + +#define MAP_PROCESS 1L +#define MAP_SYSTEM 2L +#define MEM_DOS_LIM 0x40000000 +/* also in winnt.h */ +#define MEM_IMAGE SEC_IMAGE +/* end winnt.h */ +#define OB_TYPE_TYPE 1 +#define OB_TYPE_DIRECTORY 2 +#define OB_TYPE_SYMBOLIC_LINK 3 +#define OB_TYPE_TOKEN 4 +#define OB_TYPE_PROCESS 5 +#define OB_TYPE_THREAD 6 +#define OB_TYPE_EVENT 7 +#define OB_TYPE_EVENT_PAIR 8 +#define OB_TYPE_MUTANT 9 +#define OB_TYPE_SEMAPHORE 10 +#define OB_TYPE_TIMER 11 +#define OB_TYPE_PROFILE 12 +#define OB_TYPE_WINDOW_STATION 13 +#define OB_TYPE_DESKTOP 14 +#define OB_TYPE_SECTION 15 +#define OB_TYPE_KEY 16 +#define OB_TYPE_PORT 17 +#define OB_TYPE_ADAPTER 18 +#define OB_TYPE_CONTROLLER 19 +#define OB_TYPE_DEVICE 20 +#define OB_TYPE_DRIVER 21 +#define OB_TYPE_IO_COMPLETION 22 +#define OB_TYPE_FILE 23 + +#define PIN_WAIT (1) +#define PIN_EXCLUSIVE (2) +#define PIN_NO_READ (4) +#define PIN_IF_BCB (8) + +#define PORT_CONNECT 0x0001 +#define PORT_ALL_ACCESS (STANDARD_RIGHTS_ALL |\ + PORT_CONNECT) +/* also in winnt.h */ +#define SEC_BASED 0x00200000 +#define SEC_NO_CHANGE 0x00400000 +#define SEC_FILE 0x00800000 +#define SEC_IMAGE 0x01000000 +#define SEC_VLM 0x02000000 +#define SEC_RESERVE 0x04000000 +#define SEC_COMMIT 0x08000000 +#define SEC_NOCACHE 0x10000000 + +#define SECURITY_WORLD_SID_AUTHORITY {0,0,0,0,0,1} +#define SECURITY_WORLD_RID (0x00000000L) + +#define SID_REVISION 1 + +#define TOKEN_ASSIGN_PRIMARY (0x0001) +#define TOKEN_DUPLICATE (0x0002) +#define TOKEN_IMPERSONATE (0x0004) +#define TOKEN_QUERY (0x0008) +#define TOKEN_QUERY_SOURCE (0x0010) +#define TOKEN_ADJUST_PRIVILEGES (0x0020) +#define TOKEN_ADJUST_GROUPS (0x0040) +#define TOKEN_ADJUST_DEFAULT (0x0080) + +#define TOKEN_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED |\ + TOKEN_ASSIGN_PRIMARY |\ + TOKEN_DUPLICATE |\ + TOKEN_IMPERSONATE |\ + TOKEN_QUERY |\ + TOKEN_QUERY_SOURCE |\ + TOKEN_ADJUST_PRIVILEGES |\ + TOKEN_ADJUST_GROUPS |\ + TOKEN_ADJUST_DEFAULT) + +#define TOKEN_READ (STANDARD_RIGHTS_READ |\ + TOKEN_QUERY) + +#define TOKEN_WRITE (STANDARD_RIGHTS_WRITE |\ + TOKEN_ADJUST_PRIVILEGES |\ + TOKEN_ADJUST_GROUPS |\ + TOKEN_ADJUST_DEFAULT) + +#define TOKEN_EXECUTE (STANDARD_RIGHTS_EXECUTE) + +#define TOKEN_SOURCE_LENGTH 8 +/* end winnt.h */ + +#define TOKEN_HAS_TRAVERSE_PRIVILEGE 0x01 +#define TOKEN_HAS_BACKUP_PRIVILEGE 0x02 +#define TOKEN_HAS_RESTORE_PRIVILEGE 0x04 +#define TOKEN_HAS_ADMIN_GROUP 0x08 +#define TOKEN_IS_RESTRICTED 0x10 + +#define VACB_MAPPING_GRANULARITY (0x40000) +#define VACB_OFFSET_SHIFT (18) + +#define FSCTL_REQUEST_OPLOCK_LEVEL_1 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 0, METHOD_BUFFERED, FILE_ANY_ACCESS) +#define FSCTL_REQUEST_OPLOCK_LEVEL_2 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 1, METHOD_BUFFERED, FILE_ANY_ACCESS) +#define FSCTL_REQUEST_BATCH_OPLOCK CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 2, METHOD_BUFFERED, FILE_ANY_ACCESS) +#define FSCTL_OPLOCK_BREAK_ACKNOWLEDGE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 3, METHOD_BUFFERED, FILE_ANY_ACCESS) +#define FSCTL_OPBATCH_ACK_CLOSE_PENDING CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 4, METHOD_BUFFERED, FILE_ANY_ACCESS) +#define FSCTL_OPLOCK_BREAK_NOTIFY CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 5, METHOD_BUFFERED, FILE_ANY_ACCESS) +#define FSCTL_LOCK_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 6, METHOD_BUFFERED, FILE_ANY_ACCESS) +#define FSCTL_UNLOCK_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 7, METHOD_BUFFERED, FILE_ANY_ACCESS) +#define FSCTL_DISMOUNT_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 8, METHOD_BUFFERED, FILE_ANY_ACCESS) + +#define FSCTL_IS_VOLUME_MOUNTED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 10, METHOD_BUFFERED, FILE_ANY_ACCESS) +#define FSCTL_IS_PATHNAME_VALID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 11, METHOD_BUFFERED, FILE_ANY_ACCESS) +#define FSCTL_MARK_VOLUME_DIRTY CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 12, METHOD_BUFFERED, FILE_ANY_ACCESS) + +#define FSCTL_QUERY_RETRIEVAL_POINTERS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 14, METHOD_NEITHER, FILE_ANY_ACCESS) +#define FSCTL_GET_COMPRESSION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 15, METHOD_BUFFERED, FILE_ANY_ACCESS) +#define FSCTL_SET_COMPRESSION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 16, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA) + + +#define FSCTL_MARK_AS_SYSTEM_HIVE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 19, METHOD_NEITHER, FILE_ANY_ACCESS) +#define FSCTL_OPLOCK_BREAK_ACK_NO_2 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 20, METHOD_BUFFERED, FILE_ANY_ACCESS) +#define FSCTL_INVALIDATE_VOLUMES CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 21, METHOD_BUFFERED, FILE_ANY_ACCESS) +#define FSCTL_QUERY_FAT_BPB CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 22, METHOD_BUFFERED, FILE_ANY_ACCESS) +#define FSCTL_REQUEST_FILTER_OPLOCK CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 23, METHOD_BUFFERED, FILE_ANY_ACCESS) +#define FSCTL_FILESYSTEM_GET_STATISTICS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 24, METHOD_BUFFERED, FILE_ANY_ACCESS) + +#if (VER_PRODUCTBUILD >= 1381) + +#define FSCTL_GET_NTFS_VOLUME_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 25, METHOD_BUFFERED, FILE_ANY_ACCESS) +#define FSCTL_GET_NTFS_FILE_RECORD CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 26, METHOD_BUFFERED, FILE_ANY_ACCESS) +#define FSCTL_GET_VOLUME_BITMAP CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 27, METHOD_NEITHER, FILE_ANY_ACCESS) +#define FSCTL_GET_RETRIEVAL_POINTERS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 28, METHOD_NEITHER, FILE_ANY_ACCESS) +#define FSCTL_MOVE_FILE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 29, METHOD_BUFFERED, FILE_ANY_ACCESS) +#define FSCTL_IS_VOLUME_DIRTY CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 30, METHOD_BUFFERED, FILE_ANY_ACCESS) +#define FSCTL_GET_HFS_INFORMATION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 31, METHOD_BUFFERED, FILE_ANY_ACCESS) +#define FSCTL_ALLOW_EXTENDED_DASD_IO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 32, METHOD_NEITHER, FILE_ANY_ACCESS) + +#endif /* (VER_PRODUCTBUILD >= 1381) */ + +#if (VER_PRODUCTBUILD >= 2195) + +#define FSCTL_READ_PROPERTY_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 33, METHOD_NEITHER, FILE_ANY_ACCESS) +#define FSCTL_WRITE_PROPERTY_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 34, METHOD_NEITHER, FILE_ANY_ACCESS) +#define FSCTL_FIND_FILES_BY_SID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 35, METHOD_NEITHER, FILE_ANY_ACCESS) + +#define FSCTL_DUMP_PROPERTY_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 37, METHOD_NEITHER, FILE_ANY_ACCESS) +#define FSCTL_SET_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 38, METHOD_BUFFERED, FILE_WRITE_DATA) +#define FSCTL_GET_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 39, METHOD_BUFFERED, FILE_ANY_ACCESS) +#define FSCTL_DELETE_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 40, METHOD_BUFFERED, FILE_WRITE_DATA) +#define FSCTL_SET_REPARSE_POINT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 41, METHOD_BUFFERED, FILE_WRITE_DATA) +#define FSCTL_GET_REPARSE_POINT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 42, METHOD_BUFFERED, FILE_ANY_ACCESS) +#define FSCTL_DELETE_REPARSE_POINT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 43, METHOD_BUFFERED, FILE_WRITE_DATA) +#define FSCTL_ENUM_USN_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 44, METHOD_NEITHER, FILE_READ_DATA) +#define FSCTL_SECURITY_ID_CHECK CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 45, METHOD_NEITHER, FILE_READ_DATA) +#define FSCTL_READ_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 46, METHOD_NEITHER, FILE_READ_DATA) +#define FSCTL_SET_OBJECT_ID_EXTENDED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 47, METHOD_BUFFERED, FILE_WRITE_DATA) +#define FSCTL_CREATE_OR_GET_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 48, METHOD_BUFFERED, FILE_ANY_ACCESS) +#define FSCTL_SET_SPARSE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 49, METHOD_BUFFERED, FILE_WRITE_DATA) +#define FSCTL_SET_ZERO_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 50, METHOD_BUFFERED, FILE_WRITE_DATA) +#define FSCTL_QUERY_ALLOCATED_RANGES CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 51, METHOD_NEITHER, FILE_READ_DATA) +#define FSCTL_ENABLE_UPGRADE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 52, METHOD_BUFFERED, FILE_WRITE_DATA) +#define FSCTL_SET_ENCRYPTION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 53, METHOD_BUFFERED, FILE_ANY_ACCESS) +#define FSCTL_ENCRYPTION_FSCTL_IO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 54, METHOD_NEITHER, FILE_ANY_ACCESS) +#define FSCTL_WRITE_RAW_ENCRYPTED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 55, METHOD_NEITHER, FILE_ANY_ACCESS) +#define FSCTL_READ_RAW_ENCRYPTED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 56, METHOD_NEITHER, FILE_ANY_ACCESS) +#define FSCTL_CREATE_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 57, METHOD_NEITHER, FILE_READ_DATA) +#define FSCTL_READ_FILE_USN_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 58, METHOD_NEITHER, FILE_READ_DATA) +#define FSCTL_WRITE_USN_CLOSE_RECORD CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 59, METHOD_NEITHER, FILE_READ_DATA) +#define FSCTL_EXTEND_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 60, METHOD_BUFFERED, FILE_ANY_ACCESS) +#define FSCTL_QUERY_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 61, METHOD_BUFFERED, FILE_ANY_ACCESS) +#define FSCTL_DELETE_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 62, METHOD_BUFFERED, FILE_ANY_ACCESS) +#define FSCTL_MARK_HANDLE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 63, METHOD_BUFFERED, FILE_ANY_ACCESS) +#define FSCTL_SIS_COPYFILE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 64, METHOD_BUFFERED, FILE_ANY_ACCESS) +#define FSCTL_SIS_LINK_FILES CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 65, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA) +#define FSCTL_HSM_MSG CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 66, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA) +#define FSCTL_NSS_CONTROL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 67, METHOD_BUFFERED, FILE_WRITE_DATA) +#define FSCTL_HSM_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 68, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA) +#define FSCTL_RECALL_FILE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 69, METHOD_NEITHER, FILE_ANY_ACCESS) +#define FSCTL_NSS_RCONTROL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 70, METHOD_BUFFERED, FILE_READ_DATA) +#define FSCTL_READ_FROM_PLEX CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 71, METHOD_OUT_DIRECT, FILE_READ_DATA) +#define FSCTL_FILE_PREFETCH CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 72, METHOD_BUFFERED, FILE_SPECIAL_ACCESS) + +#endif /* (VER_PRODUCTBUILD >= 2195) */ + +#define FSCTL_MAILSLOT_PEEK CTL_CODE(FILE_DEVICE_MAILSLOT, 0, METHOD_NEITHER, FILE_READ_DATA) + +#define FSCTL_NETWORK_SET_CONFIGURATION_INFO CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 102, METHOD_IN_DIRECT, FILE_ANY_ACCESS) +#define FSCTL_NETWORK_GET_CONFIGURATION_INFO CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 103, METHOD_OUT_DIRECT, FILE_ANY_ACCESS) +#define FSCTL_NETWORK_GET_CONNECTION_INFO CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 104, METHOD_NEITHER, FILE_ANY_ACCESS) +#define FSCTL_NETWORK_ENUMERATE_CONNECTIONS CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 105, METHOD_NEITHER, FILE_ANY_ACCESS) +#define FSCTL_NETWORK_DELETE_CONNECTION CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 107, METHOD_BUFFERED, FILE_ANY_ACCESS) +#define FSCTL_NETWORK_GET_STATISTICS CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 116, METHOD_BUFFERED, FILE_ANY_ACCESS) +#define FSCTL_NETWORK_SET_DOMAIN_NAME CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 120, METHOD_BUFFERED, FILE_ANY_ACCESS) +#define FSCTL_NETWORK_REMOTE_BOOT_INIT_SCRT CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 250, METHOD_BUFFERED, FILE_ANY_ACCESS) + +#define FSCTL_PIPE_ASSIGN_EVENT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 0, METHOD_BUFFERED, FILE_ANY_ACCESS) +#define FSCTL_PIPE_DISCONNECT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 1, METHOD_BUFFERED, FILE_ANY_ACCESS) +#define FSCTL_PIPE_LISTEN CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2, METHOD_BUFFERED, FILE_ANY_ACCESS) +#define FSCTL_PIPE_PEEK CTL_CODE(FILE_DEVICE_NAMED_PIPE, 3, METHOD_BUFFERED, FILE_READ_DATA) +#define FSCTL_PIPE_QUERY_EVENT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 4, METHOD_BUFFERED, FILE_ANY_ACCESS) +#define FSCTL_PIPE_TRANSCEIVE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 5, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA) +#define FSCTL_PIPE_WAIT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 6, METHOD_BUFFERED, FILE_ANY_ACCESS) +#define FSCTL_PIPE_IMPERSONATE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 7, METHOD_BUFFERED, FILE_ANY_ACCESS) +#define FSCTL_PIPE_SET_CLIENT_PROCESS CTL_CODE(FILE_DEVICE_NAMED_PIPE, 8, METHOD_BUFFERED, FILE_ANY_ACCESS) +#define FSCTL_PIPE_QUERY_CLIENT_PROCESS CTL_CODE(FILE_DEVICE_NAMED_PIPE, 9, METHOD_BUFFERED, FILE_ANY_ACCESS) +#define FSCTL_PIPE_INTERNAL_READ CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2045, METHOD_BUFFERED, FILE_READ_DATA) +#define FSCTL_PIPE_INTERNAL_WRITE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2046, METHOD_BUFFERED, FILE_WRITE_DATA) +#define FSCTL_PIPE_INTERNAL_TRANSCEIVE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2047, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA) +#define FSCTL_PIPE_INTERNAL_READ_OVFLOW CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2048, METHOD_BUFFERED, FILE_READ_DATA) + +#define IOCTL_REDIR_QUERY_PATH CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 99, METHOD_NEITHER, FILE_ANY_ACCESS) + +typedef PVOID PEJOB; +typedef PVOID OPLOCK, *POPLOCK; +typedef PVOID PWOW64_PROCESS; + +typedef struct _CACHE_MANAGER_CALLBACKS *PCACHE_MANAGER_CALLBACKS; +typedef struct _EPROCESS_QUOTA_BLOCK *PEPROCESS_QUOTA_BLOCK; +typedef struct _FILE_GET_QUOTA_INFORMATION *PFILE_GET_QUOTA_INFORMATION; +typedef struct _HANDLE_TABLE *PHANDLE_TABLE; +typedef struct _KEVENT_PAIR *PKEVENT_PAIR; +typedef struct _KPROCESS *PKPROCESS; +typedef struct _KQUEUE *PKQUEUE; +typedef struct _KTRAP_FRAME *PKTRAP_FRAME; +typedef struct _MAILSLOT_CREATE_PARAMETERS *PMAILSLOT_CREATE_PARAMETERS; +typedef struct _MMWSL *PMMWSL; +typedef struct _NAMED_PIPE_CREATE_PARAMETERS *PNAMED_PIPE_CREATE_PARAMETERS; +typedef struct _OBJECT_DIRECTORY *POBJECT_DIRECTORY; +typedef struct _PAGEFAULT_HISTORY *PPAGEFAULT_HISTORY; +typedef struct _PS_IMPERSONATION_INFORMATION *PPS_IMPERSONATION_INFORMATION; +typedef struct _SECTION_OBJECT *PSECTION_OBJECT; +typedef struct _SHARED_CACHE_MAP *PSHARED_CACHE_MAP; +typedef struct _TERMINATION_PORT *PTERMINATION_PORT; +typedef struct _VACB *PVACB; +typedef struct _VAD_HEADER *PVAD_HEADER; + +typedef struct _NOTIFY_SYNC +{ + ULONG Unknown0; + ULONG Unknown1; + ULONG Unknown2; + USHORT Unknown3; + USHORT Unknown4; + ULONG Unknown5; + ULONG Unknown6; + ULONG Unknown7; + ULONG Unknown8; + ULONG Unknown9; + ULONG Unknown10; +} NOTIFY_SYNC, * PNOTIFY_SYNC; + +typedef enum _FAST_IO_POSSIBLE { + FastIoIsNotPossible, + FastIoIsPossible, + FastIoIsQuestionable +} FAST_IO_POSSIBLE; + +typedef enum _FILE_STORAGE_TYPE { + StorageTypeDefault = 1, + StorageTypeDirectory, + StorageTypeFile, + StorageTypeJunctionPoint, + StorageTypeCatalog, + StorageTypeStructuredStorage, + StorageTypeEmbedding, + StorageTypeStream +} FILE_STORAGE_TYPE; + +typedef enum _IO_COMPLETION_INFORMATION_CLASS { + IoCompletionBasicInformation +} IO_COMPLETION_INFORMATION_CLASS; + +typedef enum _OBJECT_INFO_CLASS { + ObjectBasicInfo, + ObjectNameInfo, + ObjectTypeInfo, + ObjectAllTypesInfo, + ObjectProtectionInfo +} OBJECT_INFO_CLASS; + +typedef struct _HARDWARE_PTE_X86 { + ULONG Valid : 1; + ULONG Write : 1; + ULONG Owner : 1; + ULONG WriteThrough : 1; + ULONG CacheDisable : 1; + ULONG Accessed : 1; + ULONG Dirty : 1; + ULONG LargePage : 1; + ULONG Global : 1; + ULONG CopyOnWrite : 1; + ULONG Prototype : 1; + ULONG reserved : 1; + ULONG PageFrameNumber : 20; +} HARDWARE_PTE_X86, *PHARDWARE_PTE_X86; + +typedef struct _KAPC_STATE { + LIST_ENTRY ApcListHead[2]; + PKPROCESS Process; + BOOLEAN KernelApcInProgress; + BOOLEAN KernelApcPending; + BOOLEAN UserApcPending; +} KAPC_STATE, *PKAPC_STATE; + +typedef struct _KGDTENTRY { + USHORT LimitLow; + USHORT BaseLow; + union { + struct { + UCHAR BaseMid; + UCHAR Flags1; + UCHAR Flags2; + UCHAR BaseHi; + } Bytes; + struct { + ULONG BaseMid : 8; + ULONG Type : 5; + ULONG Dpl : 2; + ULONG Pres : 1; + ULONG LimitHi : 4; + ULONG Sys : 1; + ULONG Reserved_0 : 1; + ULONG Default_Big : 1; + ULONG Granularity : 1; + ULONG BaseHi : 8; + } Bits; + } HighWord; +} KGDTENTRY, *PKGDTENTRY; + +typedef struct _KIDTENTRY { + USHORT Offset; + USHORT Selector; + USHORT Access; + USHORT ExtendedOffset; +} KIDTENTRY, *PKIDTENTRY; + +#if (VER_PRODUCTBUILD >= 2600) + +typedef struct _MMSUPPORT_FLAGS { + ULONG SessionSpace : 1; + ULONG BeingTrimmed : 1; + ULONG SessionLeader : 1; + ULONG TrimHard : 1; + ULONG WorkingSetHard : 1; + ULONG AddressSpaceBeingDeleted : 1; + ULONG Available : 10; + ULONG AllowWorkingSetAdjustment : 8; + ULONG MemoryPriority : 8; +} MMSUPPORT_FLAGS, *PMMSUPPORT_FLAGS; + +#else + +typedef struct _MMSUPPORT_FLAGS { + ULONG SessionSpace : 1; + ULONG BeingTrimmed : 1; + ULONG ProcessInSession : 1; + ULONG SessionLeader : 1; + ULONG TrimHard : 1; + ULONG WorkingSetHard : 1; + ULONG WriteWatch : 1; + ULONG Filler : 25; +} MMSUPPORT_FLAGS, *PMMSUPPORT_FLAGS; + +#endif + +#if (VER_PRODUCTBUILD >= 2600) + +typedef struct _MMSUPPORT { + LARGE_INTEGER LastTrimTime; + MMSUPPORT_FLAGS Flags; + ULONG PageFaultCount; + ULONG PeakWorkingSetSize; + ULONG WorkingSetSize; + ULONG MinimumWorkingSetSize; + ULONG MaximumWorkingSetSize; + PMMWSL VmWorkingSetList; + LIST_ENTRY WorkingSetExpansionLinks; + ULONG Claim; + ULONG NextEstimationSlot; + ULONG NextAgingSlot; + ULONG EstimatedAvailable; + ULONG GrowthSinceLastEstimate; +} MMSUPPORT, *PMMSUPPORT; + +#else + +typedef struct _MMSUPPORT { + LARGE_INTEGER LastTrimTime; + ULONG LastTrimFaultCount; + ULONG PageFaultCount; + ULONG PeakWorkingSetSize; + ULONG WorkingSetSize; + ULONG MinimumWorkingSetSize; + ULONG MaximumWorkingSetSize; + PMMWSL VmWorkingSetList; + LIST_ENTRY WorkingSetExpansionLinks; + BOOLEAN AllowWorkingSetAdjustment; + BOOLEAN AddressSpaceBeingDeleted; + UCHAR ForegroundSwitchCount; + UCHAR MemoryPriority; +#if (VER_PRODUCTBUILD >= 2195) + union { + ULONG LongFlags; + MMSUPPORT_FLAGS Flags; + } u; + ULONG Claim; + ULONG NextEstimationSlot; + ULONG NextAgingSlot; + ULONG EstimatedAvailable; + ULONG GrowthSinceLastEstimate; +#endif /* (VER_PRODUCTBUILD >= 2195) */ +} MMSUPPORT, *PMMSUPPORT; + +#endif + +typedef struct _SE_AUDIT_PROCESS_CREATION_INFO { + POBJECT_NAME_INFORMATION ImageFileName; +} SE_AUDIT_PROCESS_CREATION_INFO, *PSE_AUDIT_PROCESS_CREATION_INFO; + +typedef struct _BITMAP_RANGE { + LIST_ENTRY Links; + LARGE_INTEGER BasePage; + ULONG FirstDirtyPage; + ULONG LastDirtyPage; + ULONG DirtyPages; + PULONG Bitmap; +} BITMAP_RANGE, *PBITMAP_RANGE; + +typedef struct _CACHE_UNINITIALIZE_EVENT { + struct _CACHE_UNINITIALIZE_EVENT *Next; + KEVENT Event; +} CACHE_UNINITIALIZE_EVENT, *PCACHE_UNINITIALIZE_EVENT; + +typedef struct _CC_FILE_SIZES { + LARGE_INTEGER AllocationSize; + LARGE_INTEGER FileSize; + LARGE_INTEGER ValidDataLength; +} CC_FILE_SIZES, *PCC_FILE_SIZES; + +typedef struct _COMPRESSED_DATA_INFO { + USHORT CompressionFormatAndEngine; + UCHAR CompressionUnitShift; + UCHAR ChunkShift; + UCHAR ClusterShift; + UCHAR Reserved; + USHORT NumberOfChunks; + ULONG CompressedChunkSizes[ANYSIZE_ARRAY]; +} COMPRESSED_DATA_INFO, *PCOMPRESSED_DATA_INFO; + +typedef struct _DEVICE_MAP { + POBJECT_DIRECTORY DosDevicesDirectory; + POBJECT_DIRECTORY GlobalDosDevicesDirectory; + ULONG ReferenceCount; + ULONG DriveMap; + UCHAR DriveType[32]; +} DEVICE_MAP, *PDEVICE_MAP; + +#if (VER_PRODUCTBUILD >= 2600) + +typedef struct _EX_FAST_REF { + _ANONYMOUS_UNION union { + PVOID Object; + ULONG RefCnt : 3; + ULONG Value; + } DUMMYUNIONNAME; +} EX_FAST_REF, *PEX_FAST_REF; + +typedef struct _EX_PUSH_LOCK { + _ANONYMOUS_UNION union { + _ANONYMOUS_STRUCT struct { + ULONG Waiting : 1; + ULONG Exclusive : 1; + ULONG Shared : 30; + } DUMMYSTRUCTNAME; + ULONG Value; + PVOID Ptr; + } DUMMYUNIONNAME; +} EX_PUSH_LOCK, *PEX_PUSH_LOCK; + +typedef struct _EX_RUNDOWN_REF { + _ANONYMOUS_UNION union { + ULONG Count; + PVOID Ptr; + } DUMMYUNIONNAME; +} EX_RUNDOWN_REF, *PEX_RUNDOWN_REF; + +#endif + +typedef struct _EPROCESS_QUOTA_ENTRY { + ULONG Usage; + ULONG Limit; + ULONG Peak; + ULONG Return; +} EPROCESS_QUOTA_ENTRY, *PEPROCESS_QUOTA_ENTRY; + +typedef struct _EPROCESS_QUOTA_BLOCK { + EPROCESS_QUOTA_ENTRY QuotaEntry[3]; + LIST_ENTRY QuotaList; + ULONG ReferenceCount; + ULONG ProcessCount; +} EPROCESS_QUOTA_BLOCK, *PEPROCESS_QUOTA_BLOCK; + +/* + * When needing these parameters cast your PIO_STACK_LOCATION to + * PEXTENDED_IO_STACK_LOCATION + */ +#if !defined(_ALPHA_) +#include +#endif +typedef struct _EXTENDED_IO_STACK_LOCATION { + + /* Included for padding */ + UCHAR MajorFunction; + UCHAR MinorFunction; + UCHAR Flags; + UCHAR Control; + + union { + + struct { + PIO_SECURITY_CONTEXT SecurityContext; + ULONG Options; + USHORT Reserved; + USHORT ShareAccess; + PMAILSLOT_CREATE_PARAMETERS Parameters; + } CreateMailslot; + + struct { + PIO_SECURITY_CONTEXT SecurityContext; + ULONG Options; + USHORT Reserved; + USHORT ShareAccess; + PNAMED_PIPE_CREATE_PARAMETERS Parameters; + } CreatePipe; + + struct { + ULONG OutputBufferLength; + ULONG InputBufferLength; + ULONG FsControlCode; + PVOID Type3InputBuffer; + } FileSystemControl; + + struct { + PLARGE_INTEGER Length; + ULONG Key; + LARGE_INTEGER ByteOffset; + } LockControl; + + struct { + ULONG Length; + ULONG CompletionFilter; + } NotifyDirectory; + + struct { + ULONG Length; + PUNICODE_STRING FileName; + FILE_INFORMATION_CLASS FileInformationClass; + ULONG FileIndex; + } QueryDirectory; + + struct { + ULONG Length; + PVOID EaList; + ULONG EaListLength; + ULONG EaIndex; + } QueryEa; + + struct { + ULONG Length; + PSID StartSid; + PFILE_GET_QUOTA_INFORMATION SidList; + ULONG SidListLength; + } QueryQuota; + + struct { + ULONG Length; + } SetEa; + + struct { + ULONG Length; + } SetQuota; + + struct { + ULONG Length; + FS_INFORMATION_CLASS FsInformationClass; + } SetVolume; + + } Parameters; + PDEVICE_OBJECT DeviceObject; + PFILE_OBJECT FileObject; + PIO_COMPLETION_ROUTINE CompletionRoutine; + PVOID Context; + +} EXTENDED_IO_STACK_LOCATION, *PEXTENDED_IO_STACK_LOCATION; +#if !defined(_ALPHA_) +#include +#endif + +typedef struct _FILE_ACCESS_INFORMATION { + ACCESS_MASK AccessFlags; +} FILE_ACCESS_INFORMATION, *PFILE_ACCESS_INFORMATION; + +typedef struct _FILE_ALLOCATION_INFORMATION { + LARGE_INTEGER AllocationSize; +} FILE_ALLOCATION_INFORMATION, *PFILE_ALLOCATION_INFORMATION; + +typedef struct _FILE_BOTH_DIR_INFORMATION { + ULONG NextEntryOffset; + ULONG FileIndex; + LARGE_INTEGER CreationTime; + LARGE_INTEGER LastAccessTime; + LARGE_INTEGER LastWriteTime; + LARGE_INTEGER ChangeTime; + LARGE_INTEGER EndOfFile; + LARGE_INTEGER AllocationSize; + ULONG FileAttributes; + ULONG FileNameLength; + ULONG EaSize; + CCHAR ShortNameLength; + WCHAR ShortName[12]; + WCHAR FileName[1]; +} FILE_BOTH_DIR_INFORMATION, *PFILE_BOTH_DIR_INFORMATION; + +typedef struct _FILE_COMPLETION_INFORMATION { + HANDLE Port; + ULONG Key; +} FILE_COMPLETION_INFORMATION, *PFILE_COMPLETION_INFORMATION; + +typedef struct _FILE_COMPRESSION_INFORMATION { + LARGE_INTEGER CompressedFileSize; + USHORT CompressionFormat; + UCHAR CompressionUnitShift; + UCHAR ChunkShift; + UCHAR ClusterShift; + UCHAR Reserved[3]; +} FILE_COMPRESSION_INFORMATION, *PFILE_COMPRESSION_INFORMATION; + +typedef struct _FILE_COPY_ON_WRITE_INFORMATION { + BOOLEAN ReplaceIfExists; + HANDLE RootDirectory; + ULONG FileNameLength; + WCHAR FileName[1]; +} FILE_COPY_ON_WRITE_INFORMATION, *PFILE_COPY_ON_WRITE_INFORMATION; + +typedef struct _FILE_DIRECTORY_INFORMATION { + ULONG NextEntryOffset; + ULONG FileIndex; + LARGE_INTEGER CreationTime; + LARGE_INTEGER LastAccessTime; + LARGE_INTEGER LastWriteTime; + LARGE_INTEGER ChangeTime; + LARGE_INTEGER EndOfFile; + LARGE_INTEGER AllocationSize; + ULONG FileAttributes; + ULONG FileNameLength; + WCHAR FileName[1]; +} FILE_DIRECTORY_INFORMATION, *PFILE_DIRECTORY_INFORMATION; + +typedef struct _FILE_FULL_DIRECTORY_INFORMATION { + ULONG NextEntryOffset; + ULONG FileIndex; + LARGE_INTEGER CreationTime; + LARGE_INTEGER LastAccessTime; + LARGE_INTEGER LastWriteTime; + LARGE_INTEGER ChangeTime; + LARGE_INTEGER EndOfFile; + LARGE_INTEGER AllocationSize; + ULONG FileAttributes; + ULONG FileNameLength; + ULONG EaSize; + WCHAR FileName[0]; +} FILE_FULL_DIRECTORY_INFORMATION, *PFILE_FULL_DIRECTORY_INFORMATION; + +typedef struct _FILE_BOTH_DIRECTORY_INFORMATION { + ULONG NextEntryOffset; + ULONG FileIndex; + LARGE_INTEGER CreationTime; + LARGE_INTEGER LastAccessTime; + LARGE_INTEGER LastWriteTime; + LARGE_INTEGER ChangeTime; + LARGE_INTEGER EndOfFile; + LARGE_INTEGER AllocationSize; + ULONG FileAttributes; + ULONG FileNameLength; + ULONG EaSize; + CHAR ShortNameLength; + WCHAR ShortName[12]; + WCHAR FileName[0]; +} FILE_BOTH_DIRECTORY_INFORMATION, *PFILE_BOTH_DIRECTORY_INFORMATION; + +#if (VER_PRODUCTBUILD >= 2600) + +typedef struct _FILE_ID_FULL_DIRECTORY_INFORMATION { + ULONG NextEntryOffset; + ULONG FileIndex; + LARGE_INTEGER CreationTime; + LARGE_INTEGER LastAccessTime; + LARGE_INTEGER LastWriteTime; + LARGE_INTEGER ChangeTime; + LARGE_INTEGER EndOfFile; + LARGE_INTEGER AllocationSize; + ULONG FileAttributes; + ULONG FileNameLength; + ULONG EaSize; + LARGE_INTEGER FileId; + WCHAR FileName[0]; +} FILE_ID_FULL_DIRECTORY_INFORMATION, *PFILE_ID_FULL_DIRECTORY_INFORMATION; + +typedef struct _FILE_ID_BOTH_DIRECTORY_INFORMATION { + ULONG NextEntryOffset; + ULONG FileIndex; + LARGE_INTEGER CreationTime; + LARGE_INTEGER LastAccessTime; + LARGE_INTEGER LastWriteTime; + LARGE_INTEGER ChangeTime; + LARGE_INTEGER EndOfFile; + LARGE_INTEGER AllocationSize; + ULONG FileAttributes; + ULONG FileNameLength; + ULONG EaSize; + CHAR ShortNameLength; + WCHAR ShortName[12]; + LARGE_INTEGER FileId; + WCHAR FileName[0]; +} FILE_ID_BOTH_DIRECTORY_INFORMATION, *PFILE_ID_BOTH_DIRECTORY_INFORMATION; + +#endif + +typedef struct _FILE_EA_INFORMATION { + ULONG EaSize; +} FILE_EA_INFORMATION, *PFILE_EA_INFORMATION; + +typedef struct _FILE_FS_ATTRIBUTE_INFORMATION { + ULONG FileSystemAttributes; + ULONG MaximumComponentNameLength; + ULONG FileSystemNameLength; + WCHAR FileSystemName[1]; +} FILE_FS_ATTRIBUTE_INFORMATION, *PFILE_FS_ATTRIBUTE_INFORMATION; + +typedef struct _FILE_FS_CONTROL_INFORMATION { + LARGE_INTEGER FreeSpaceStartFiltering; + LARGE_INTEGER FreeSpaceThreshold; + LARGE_INTEGER FreeSpaceStopFiltering; + LARGE_INTEGER DefaultQuotaThreshold; + LARGE_INTEGER DefaultQuotaLimit; + ULONG FileSystemControlFlags; +} FILE_FS_CONTROL_INFORMATION, *PFILE_FS_CONTROL_INFORMATION; + +typedef struct _FILE_FS_FULL_SIZE_INFORMATION { + LARGE_INTEGER TotalAllocationUnits; + LARGE_INTEGER CallerAvailableAllocationUnits; + LARGE_INTEGER ActualAvailableAllocationUnits; + ULONG SectorsPerAllocationUnit; + ULONG BytesPerSector; +} FILE_FS_FULL_SIZE_INFORMATION, *PFILE_FS_FULL_SIZE_INFORMATION; + +typedef struct _FILE_FS_LABEL_INFORMATION { + ULONG VolumeLabelLength; + WCHAR VolumeLabel[1]; +} FILE_FS_LABEL_INFORMATION, *PFILE_FS_LABEL_INFORMATION; + +#if (VER_PRODUCTBUILD >= 2195) + +typedef struct _FILE_FS_OBJECT_ID_INFORMATION { + UCHAR ObjectId[16]; + UCHAR ExtendedInfo[48]; +} FILE_FS_OBJECT_ID_INFORMATION, *PFILE_FS_OBJECT_ID_INFORMATION; + +#endif /* (VER_PRODUCTBUILD >= 2195) */ + +typedef struct _FILE_FS_SIZE_INFORMATION { + LARGE_INTEGER TotalAllocationUnits; + LARGE_INTEGER AvailableAllocationUnits; + ULONG SectorsPerAllocationUnit; + ULONG BytesPerSector; +} FILE_FS_SIZE_INFORMATION, *PFILE_FS_SIZE_INFORMATION; + +typedef struct _FILE_FS_VOLUME_INFORMATION { + LARGE_INTEGER VolumeCreationTime; + ULONG VolumeSerialNumber; + ULONG VolumeLabelLength; + BOOLEAN SupportsObjects; + WCHAR VolumeLabel[1]; +} FILE_FS_VOLUME_INFORMATION, *PFILE_FS_VOLUME_INFORMATION; + +typedef struct _FILE_FULL_DIR_INFORMATION { + ULONG NextEntryOffset; + ULONG FileIndex; + LARGE_INTEGER CreationTime; + LARGE_INTEGER LastAccessTime; + LARGE_INTEGER LastWriteTime; + LARGE_INTEGER ChangeTime; + LARGE_INTEGER EndOfFile; + LARGE_INTEGER AllocationSize; + ULONG FileAttributes; + ULONG FileNameLength; + ULONG EaSize; + WCHAR FileName[1]; +} FILE_FULL_DIR_INFORMATION, *PFILE_FULL_DIR_INFORMATION; + +typedef struct _FILE_GET_EA_INFORMATION { + ULONG NextEntryOffset; + UCHAR EaNameLength; + CHAR EaName[1]; +} FILE_GET_EA_INFORMATION, *PFILE_GET_EA_INFORMATION; + +typedef struct _FILE_GET_QUOTA_INFORMATION { + ULONG NextEntryOffset; + ULONG SidLength; + SID Sid; +} FILE_GET_QUOTA_INFORMATION, *PFILE_GET_QUOTA_INFORMATION; + +typedef struct _FILE_INTERNAL_INFORMATION { + LARGE_INTEGER IndexNumber; +} FILE_INTERNAL_INFORMATION, *PFILE_INTERNAL_INFORMATION; + +typedef struct _FILE_LINK_INFORMATION { + BOOLEAN ReplaceIfExists; + HANDLE RootDirectory; + ULONG FileNameLength; + WCHAR FileName[1]; +} FILE_LINK_INFORMATION, *PFILE_LINK_INFORMATION; + +typedef struct _FILE_LOCK_INFO { + LARGE_INTEGER StartingByte; + LARGE_INTEGER Length; + BOOLEAN ExclusiveLock; + ULONG Key; + PFILE_OBJECT FileObject; + PEPROCESS Process; + LARGE_INTEGER EndingByte; +} FILE_LOCK_INFO, *PFILE_LOCK_INFO; + +/* raw internal file lock struct returned from FsRtlGetNextFileLock */ +typedef struct _FILE_SHARED_LOCK_ENTRY { + PVOID Unknown1; + PVOID Unknown2; + FILE_LOCK_INFO FileLock; +} FILE_SHARED_LOCK_ENTRY, *PFILE_SHARED_LOCK_ENTRY; + +/* raw internal file lock struct returned from FsRtlGetNextFileLock */ +typedef struct _FILE_EXCLUSIVE_LOCK_ENTRY { + LIST_ENTRY ListEntry; + PVOID Unknown1; + PVOID Unknown2; + FILE_LOCK_INFO FileLock; +} FILE_EXCLUSIVE_LOCK_ENTRY, *PFILE_EXCLUSIVE_LOCK_ENTRY; + +typedef NTSTATUS (*PCOMPLETE_LOCK_IRP_ROUTINE) ( + /*IN*/ PVOID Context, + /*IN*/ PIRP Irp +); + +typedef VOID (NTAPI *PUNLOCK_ROUTINE) ( + /*IN*/ PVOID Context, + /*IN*/ PFILE_LOCK_INFO FileLockInfo +); + +typedef struct _FILE_LOCK { + PCOMPLETE_LOCK_IRP_ROUTINE CompleteLockIrpRoutine; + PUNLOCK_ROUTINE UnlockRoutine; + BOOLEAN FastIoIsQuestionable; + BOOLEAN Pad[3]; + PVOID LockInformation; + FILE_LOCK_INFO LastReturnedLockInfo; + PVOID LastReturnedLock; +} FILE_LOCK, *PFILE_LOCK; + +typedef struct _FILE_MAILSLOT_PEEK_BUFFER { + ULONG ReadDataAvailable; + ULONG NumberOfMessages; + ULONG MessageLength; +} FILE_MAILSLOT_PEEK_BUFFER, *PFILE_MAILSLOT_PEEK_BUFFER; + +typedef struct _FILE_MAILSLOT_QUERY_INFORMATION { + ULONG MaximumMessageSize; + ULONG MailslotQuota; + ULONG NextMessageSize; + ULONG MessagesAvailable; + LARGE_INTEGER ReadTimeout; +} FILE_MAILSLOT_QUERY_INFORMATION, *PFILE_MAILSLOT_QUERY_INFORMATION; + +typedef struct _FILE_MAILSLOT_SET_INFORMATION { + LARGE_INTEGER ReadTimeout; +} FILE_MAILSLOT_SET_INFORMATION, *PFILE_MAILSLOT_SET_INFORMATION; + +typedef struct _FILE_MODE_INFORMATION { + ULONG Mode; +} FILE_MODE_INFORMATION, *PFILE_MODE_INFORMATION; + +typedef struct _FILE_ALL_INFORMATION { + FILE_BASIC_INFORMATION BasicInformation; + FILE_STANDARD_INFORMATION StandardInformation; + FILE_INTERNAL_INFORMATION InternalInformation; + FILE_EA_INFORMATION EaInformation; + FILE_ACCESS_INFORMATION AccessInformation; + FILE_POSITION_INFORMATION PositionInformation; + FILE_MODE_INFORMATION ModeInformation; + FILE_ALIGNMENT_INFORMATION AlignmentInformation; + FILE_NAME_INFORMATION NameInformation; +} FILE_ALL_INFORMATION, *PFILE_ALL_INFORMATION; + +typedef struct _FILE_NAMES_INFORMATION { + ULONG NextEntryOffset; + ULONG FileIndex; + ULONG FileNameLength; + WCHAR FileName[1]; +} FILE_NAMES_INFORMATION, *PFILE_NAMES_INFORMATION; + +typedef struct _FILE_OBJECTID_INFORMATION { + LONGLONG FileReference; + UCHAR ObjectId[16]; + _ANONYMOUS_UNION union { + struct { + UCHAR BirthVolumeId[16]; + UCHAR BirthObjectId[16]; + UCHAR DomainId[16]; + } ; + UCHAR ExtendedInfo[48]; + } DUMMYUNIONNAME; +} FILE_OBJECTID_INFORMATION, *PFILE_OBJECTID_INFORMATION; + +typedef struct _FILE_OLE_CLASSID_INFORMATION { + GUID ClassId; +} FILE_OLE_CLASSID_INFORMATION, *PFILE_OLE_CLASSID_INFORMATION; + +typedef struct _FILE_OLE_ALL_INFORMATION { + FILE_BASIC_INFORMATION BasicInformation; + FILE_STANDARD_INFORMATION StandardInformation; + FILE_INTERNAL_INFORMATION InternalInformation; + FILE_EA_INFORMATION EaInformation; + FILE_ACCESS_INFORMATION AccessInformation; + FILE_POSITION_INFORMATION PositionInformation; + FILE_MODE_INFORMATION ModeInformation; + FILE_ALIGNMENT_INFORMATION AlignmentInformation; + USN LastChangeUsn; + USN ReplicationUsn; + LARGE_INTEGER SecurityChangeTime; + FILE_OLE_CLASSID_INFORMATION OleClassIdInformation; + FILE_OBJECTID_INFORMATION ObjectIdInformation; + FILE_STORAGE_TYPE StorageType; + ULONG OleStateBits; + ULONG OleId; + ULONG NumberOfStreamReferences; + ULONG StreamIndex; + ULONG SecurityId; + BOOLEAN ContentIndexDisable; + BOOLEAN InheritContentIndexDisable; + FILE_NAME_INFORMATION NameInformation; +} FILE_OLE_ALL_INFORMATION, *PFILE_OLE_ALL_INFORMATION; + +typedef struct _FILE_OLE_DIR_INFORMATION { + ULONG NextEntryOffset; + ULONG FileIndex; + LARGE_INTEGER CreationTime; + LARGE_INTEGER LastAccessTime; + LARGE_INTEGER LastWriteTime; + LARGE_INTEGER ChangeTime; + LARGE_INTEGER EndOfFile; + LARGE_INTEGER AllocationSize; + ULONG FileAttributes; + ULONG FileNameLength; + FILE_STORAGE_TYPE StorageType; + GUID OleClassId; + ULONG OleStateBits; + BOOLEAN ContentIndexDisable; + BOOLEAN InheritContentIndexDisable; + WCHAR FileName[1]; +} FILE_OLE_DIR_INFORMATION, *PFILE_OLE_DIR_INFORMATION; + +typedef struct _FILE_OLE_INFORMATION { + LARGE_INTEGER SecurityChangeTime; + FILE_OLE_CLASSID_INFORMATION OleClassIdInformation; + FILE_OBJECTID_INFORMATION ObjectIdInformation; + FILE_STORAGE_TYPE StorageType; + ULONG OleStateBits; + BOOLEAN ContentIndexDisable; + BOOLEAN InheritContentIndexDisable; +} FILE_OLE_INFORMATION, *PFILE_OLE_INFORMATION; + +typedef struct _FILE_OLE_STATE_BITS_INFORMATION { + ULONG StateBits; + ULONG StateBitsMask; +} FILE_OLE_STATE_BITS_INFORMATION, *PFILE_OLE_STATE_BITS_INFORMATION; + +typedef struct _FILE_PIPE_ASSIGN_EVENT_BUFFER { + HANDLE EventHandle; + ULONG KeyValue; +} FILE_PIPE_ASSIGN_EVENT_BUFFER, *PFILE_PIPE_ASSIGN_EVENT_BUFFER; + +typedef struct _FILE_PIPE_CLIENT_PROCESS_BUFFER { + PVOID ClientSession; + PVOID ClientProcess; +} FILE_PIPE_CLIENT_PROCESS_BUFFER, *PFILE_PIPE_CLIENT_PROCESS_BUFFER; + +typedef struct _FILE_PIPE_EVENT_BUFFER { + ULONG NamedPipeState; + ULONG EntryType; + ULONG ByteCount; + ULONG KeyValue; + ULONG NumberRequests; +} FILE_PIPE_EVENT_BUFFER, *PFILE_PIPE_EVENT_BUFFER; + +typedef struct _FILE_PIPE_INFORMATION { + ULONG ReadMode; + ULONG CompletionMode; +} FILE_PIPE_INFORMATION, *PFILE_PIPE_INFORMATION; + +typedef struct _FILE_PIPE_LOCAL_INFORMATION { + ULONG NamedPipeType; + ULONG NamedPipeConfiguration; + ULONG MaximumInstances; + ULONG CurrentInstances; + ULONG InboundQuota; + ULONG ReadDataAvailable; + ULONG OutboundQuota; + ULONG WriteQuotaAvailable; + ULONG NamedPipeState; + ULONG NamedPipeEnd; +} FILE_PIPE_LOCAL_INFORMATION, *PFILE_PIPE_LOCAL_INFORMATION; + +typedef struct _FILE_PIPE_REMOTE_INFORMATION { + LARGE_INTEGER CollectDataTime; + ULONG MaximumCollectionCount; +} FILE_PIPE_REMOTE_INFORMATION, *PFILE_PIPE_REMOTE_INFORMATION; + +typedef struct _FILE_PIPE_WAIT_FOR_BUFFER { + LARGE_INTEGER Timeout; + ULONG NameLength; + BOOLEAN TimeoutSpecified; + WCHAR Name[1]; +} FILE_PIPE_WAIT_FOR_BUFFER, *PFILE_PIPE_WAIT_FOR_BUFFER; + +typedef struct _FILE_QUOTA_INFORMATION { + ULONG NextEntryOffset; + ULONG SidLength; + LARGE_INTEGER ChangeTime; + LARGE_INTEGER QuotaUsed; + LARGE_INTEGER QuotaThreshold; + LARGE_INTEGER QuotaLimit; + SID Sid; +} FILE_QUOTA_INFORMATION, *PFILE_QUOTA_INFORMATION; + +typedef struct _FILE_RENAME_INFORMATION { + BOOLEAN ReplaceIfExists; + HANDLE RootDirectory; + ULONG FileNameLength; + WCHAR FileName[1]; +} FILE_RENAME_INFORMATION, *PFILE_RENAME_INFORMATION; + +typedef struct _FILE_STREAM_INFORMATION { + ULONG NextEntryOffset; + ULONG StreamNameLength; + LARGE_INTEGER StreamSize; + LARGE_INTEGER StreamAllocationSize; + WCHAR StreamName[1]; +} FILE_STREAM_INFORMATION, *PFILE_STREAM_INFORMATION; + +typedef struct _FILE_TRACKING_INFORMATION { + HANDLE DestinationFile; + ULONG ObjectInformationLength; + CHAR ObjectInformation[1]; +} FILE_TRACKING_INFORMATION, *PFILE_TRACKING_INFORMATION; + +typedef struct _FSRTL_COMMON_FCB_HEADER { + CSHORT NodeTypeCode; + CSHORT NodeByteSize; + UCHAR Flags; + UCHAR IsFastIoPossible; +#if (VER_PRODUCTBUILD >= 1381) + UCHAR Flags2; + UCHAR Reserved; +#endif /* (VER_PRODUCTBUILD >= 1381) */ + PERESOURCE Resource; + PERESOURCE PagingIoResource; + LARGE_INTEGER AllocationSize; + LARGE_INTEGER FileSize; + LARGE_INTEGER ValidDataLength; +} FSRTL_COMMON_FCB_HEADER, *PFSRTL_COMMON_FCB_HEADER; + +typedef struct _GENERATE_NAME_CONTEXT { + USHORT Checksum; + BOOLEAN CheckSumInserted; + UCHAR NameLength; + WCHAR NameBuffer[8]; + ULONG ExtensionLength; + WCHAR ExtensionBuffer[4]; + ULONG LastIndexValue; +} GENERATE_NAME_CONTEXT, *PGENERATE_NAME_CONTEXT; + +typedef struct _HANDLE_TABLE_ENTRY { + PVOID Object; + ULONG ObjectAttributes; + ULONG GrantedAccess; + USHORT GrantedAccessIndex; + USHORT CreatorBackTraceIndex; + ULONG NextFreeTableEntry; +} HANDLE_TABLE_ENTRY, *PHANDLE_TABLE_ENTRY; + +typedef struct _MAPPING_PAIR { + ULONGLONG Vcn; + ULONGLONG Lcn; +} MAPPING_PAIR, *PMAPPING_PAIR; + +typedef struct _GET_RETRIEVAL_DESCRIPTOR { + ULONG NumberOfPairs; + ULONGLONG StartVcn; + MAPPING_PAIR Pair[1]; +} GET_RETRIEVAL_DESCRIPTOR, *PGET_RETRIEVAL_DESCRIPTOR; + +typedef struct _IO_CLIENT_EXTENSION { + struct _IO_CLIENT_EXTENSION *NextExtension; + PVOID ClientIdentificationAddress; +} IO_CLIENT_EXTENSION, *PIO_CLIENT_EXTENSION; + +typedef struct _IO_COMPLETION_BASIC_INFORMATION { + LONG Depth; +} IO_COMPLETION_BASIC_INFORMATION, *PIO_COMPLETION_BASIC_INFORMATION; + +typedef struct _KEVENT_PAIR { + USHORT Type; + USHORT Size; + KEVENT Event1; + KEVENT Event2; +} KEVENT_PAIR, *PKEVENT_PAIR; + +typedef struct _KQUEUE { + DISPATCHER_HEADER Header; + LIST_ENTRY EntryListHead; + ULONG CurrentCount; + ULONG MaximumCount; + LIST_ENTRY ThreadListHead; +} KQUEUE, *PKQUEUE, *RESTRICTED_POINTER PRKQUEUE; + +typedef struct _MAILSLOT_CREATE_PARAMETERS { + ULONG MailslotQuota; + ULONG MaximumMessageSize; + LARGE_INTEGER ReadTimeout; + BOOLEAN TimeoutSpecified; +} MAILSLOT_CREATE_PARAMETERS, *PMAILSLOT_CREATE_PARAMETERS; + +typedef struct _MBCB { + CSHORT NodeTypeCode; + CSHORT NodeIsInZone; + ULONG PagesToWrite; + ULONG DirtyPages; + ULONG Reserved; + LIST_ENTRY BitmapRanges; + LONGLONG ResumeWritePage; + BITMAP_RANGE BitmapRange1; + BITMAP_RANGE BitmapRange2; + BITMAP_RANGE BitmapRange3; +} MBCB, *PMBCB; + +typedef struct _MOVEFILE_DESCRIPTOR { + HANDLE FileHandle; + ULONG Reserved; + LARGE_INTEGER StartVcn; + LARGE_INTEGER TargetLcn; + ULONG NumVcns; + ULONG Reserved1; +} MOVEFILE_DESCRIPTOR, *PMOVEFILE_DESCRIPTOR; + +typedef struct _NAMED_PIPE_CREATE_PARAMETERS { + ULONG NamedPipeType; + ULONG ReadMode; + ULONG CompletionMode; + ULONG MaximumInstances; + ULONG InboundQuota; + ULONG OutboundQuota; + LARGE_INTEGER DefaultTimeout; + BOOLEAN TimeoutSpecified; +} NAMED_PIPE_CREATE_PARAMETERS, *PNAMED_PIPE_CREATE_PARAMETERS; + +typedef struct _OBJECT_BASIC_INFO { + ULONG Attributes; + ACCESS_MASK GrantedAccess; + ULONG HandleCount; + ULONG ReferenceCount; + ULONG PagedPoolUsage; + ULONG NonPagedPoolUsage; + ULONG Reserved[3]; + ULONG NameInformationLength; + ULONG TypeInformationLength; + ULONG SecurityDescriptorLength; + LARGE_INTEGER CreateTime; +} OBJECT_BASIC_INFO, *POBJECT_BASIC_INFO; + +typedef struct _OBJECT_HANDLE_ATTRIBUTE_INFO { + BOOLEAN Inherit; + BOOLEAN ProtectFromClose; +} OBJECT_HANDLE_ATTRIBUTE_INFO, *POBJECT_HANDLE_ATTRIBUTE_INFO; + +typedef struct _OBJECT_NAME_INFO { + UNICODE_STRING ObjectName; + WCHAR ObjectNameBuffer[1]; +} OBJECT_NAME_INFO, *POBJECT_NAME_INFO; + +typedef struct _OBJECT_PROTECTION_INFO { + BOOLEAN Inherit; + BOOLEAN ProtectHandle; +} OBJECT_PROTECTION_INFO, *POBJECT_PROTECTION_INFO; + +typedef struct _OBJECT_TYPE_INFO { + UNICODE_STRING ObjectTypeName; + UCHAR Unknown[0x58]; + WCHAR ObjectTypeNameBuffer[1]; +} OBJECT_TYPE_INFO, *POBJECT_TYPE_INFO; + +typedef struct _OBJECT_ALL_TYPES_INFO { + ULONG NumberOfObjectTypes; + OBJECT_TYPE_INFO ObjectsTypeInfo[1]; +} OBJECT_ALL_TYPES_INFO, *POBJECT_ALL_TYPES_INFO; + +typedef struct _PAGEFAULT_HISTORY { + ULONG CurrentIndex; + ULONG MaxIndex; + KSPIN_LOCK SpinLock; + PVOID Reserved; + PROCESS_WS_WATCH_INFORMATION WatchInfo[1]; +} PAGEFAULT_HISTORY, *PPAGEFAULT_HISTORY; + +typedef struct _PATHNAME_BUFFER { + ULONG PathNameLength; + WCHAR Name[1]; +} PATHNAME_BUFFER, *PPATHNAME_BUFFER; + +#if (VER_PRODUCTBUILD >= 2600) + +typedef struct _PRIVATE_CACHE_MAP_FLAGS { + ULONG DontUse : 16; + ULONG ReadAheadActive : 1; + ULONG ReadAheadEnabled : 1; + ULONG Available : 14; +} PRIVATE_CACHE_MAP_FLAGS, *PPRIVATE_CACHE_MAP_FLAGS; + +typedef struct _PRIVATE_CACHE_MAP { + _ANONYMOUS_UNION union { + CSHORT NodeTypeCode; + PRIVATE_CACHE_MAP_FLAGS Flags; + ULONG UlongFlags; + } DUMMYUNIONNAME; + ULONG ReadAheadMask; + PFILE_OBJECT FileObject; + LARGE_INTEGER FileOffset1; + LARGE_INTEGER BeyondLastByte1; + LARGE_INTEGER FileOffset2; + LARGE_INTEGER BeyondLastByte2; + LARGE_INTEGER ReadAheadOffset[2]; + ULONG ReadAheadLength[2]; + KSPIN_LOCK ReadAheadSpinLock; + LIST_ENTRY PrivateLinks; +} PRIVATE_CACHE_MAP, *PPRIVATE_CACHE_MAP; + +#endif + +typedef struct _PS_IMPERSONATION_INFORMATION { + PACCESS_TOKEN Token; + BOOLEAN CopyOnOpen; + BOOLEAN EffectiveOnly; + SECURITY_IMPERSONATION_LEVEL ImpersonationLevel; +} PS_IMPERSONATION_INFORMATION, *PPS_IMPERSONATION_INFORMATION; + +typedef struct _PUBLIC_BCB { + CSHORT NodeTypeCode; + CSHORT NodeByteSize; + ULONG MappedLength; + LARGE_INTEGER MappedFileOffset; +} PUBLIC_BCB, *PPUBLIC_BCB; + +typedef struct _QUERY_PATH_REQUEST { + ULONG PathNameLength; + PIO_SECURITY_CONTEXT SecurityContext; + WCHAR FilePathName[1]; +} QUERY_PATH_REQUEST, *PQUERY_PATH_REQUEST; + +typedef struct _QUERY_PATH_RESPONSE { + ULONG LengthAccepted; +} QUERY_PATH_RESPONSE, *PQUERY_PATH_RESPONSE; + +typedef struct _RETRIEVAL_POINTERS_BUFFER { + ULONG ExtentCount; + LARGE_INTEGER StartingVcn; + struct { + LARGE_INTEGER NextVcn; + LARGE_INTEGER Lcn; + } Extents[1]; +} RETRIEVAL_POINTERS_BUFFER, *PRETRIEVAL_POINTERS_BUFFER; + +typedef struct _RTL_SPLAY_LINKS { + struct _RTL_SPLAY_LINKS *Parent; + struct _RTL_SPLAY_LINKS *LeftChild; + struct _RTL_SPLAY_LINKS *RightChild; +} RTL_SPLAY_LINKS, *PRTL_SPLAY_LINKS; + +typedef struct _SE_EXPORTS { + + LUID SeCreateTokenPrivilege; + LUID SeAssignPrimaryTokenPrivilege; + LUID SeLockMemoryPrivilege; + LUID SeIncreaseQuotaPrivilege; + LUID SeUnsolicitedInputPrivilege; + LUID SeTcbPrivilege; + LUID SeSecurityPrivilege; + LUID SeTakeOwnershipPrivilege; + LUID SeLoadDriverPrivilege; + LUID SeCreatePagefilePrivilege; + LUID SeIncreaseBasePriorityPrivilege; + LUID SeSystemProfilePrivilege; + LUID SeSystemtimePrivilege; + LUID SeProfileSingleProcessPrivilege; + LUID SeCreatePermanentPrivilege; + LUID SeBackupPrivilege; + LUID SeRestorePrivilege; + LUID SeShutdownPrivilege; + LUID SeDebugPrivilege; + LUID SeAuditPrivilege; + LUID SeSystemEnvironmentPrivilege; + LUID SeChangeNotifyPrivilege; + LUID SeRemoteShutdownPrivilege; + + PSID SeNullSid; + PSID SeWorldSid; + PSID SeLocalSid; + PSID SeCreatorOwnerSid; + PSID SeCreatorGroupSid; + + PSID SeNtAuthoritySid; + PSID SeDialupSid; + PSID SeNetworkSid; + PSID SeBatchSid; + PSID SeInteractiveSid; + PSID SeLocalSystemSid; + PSID SeAliasAdminsSid; + PSID SeAliasUsersSid; + PSID SeAliasGuestsSid; + PSID SeAliasPowerUsersSid; + PSID SeAliasAccountOpsSid; + PSID SeAliasSystemOpsSid; + PSID SeAliasPrintOpsSid; + PSID SeAliasBackupOpsSid; + + PSID SeAuthenticatedUsersSid; + + PSID SeRestrictedSid; + PSID SeAnonymousLogonSid; + + LUID SeUndockPrivilege; + LUID SeSyncAgentPrivilege; + LUID SeEnableDelegationPrivilege; + +} SE_EXPORTS, *PSE_EXPORTS; + +typedef struct _SECTION_BASIC_INFORMATION { + PVOID BaseAddress; + ULONG Attributes; + LARGE_INTEGER Size; +} SECTION_BASIC_INFORMATION, *PSECTION_BASIC_INFORMATION; + +typedef struct _SECTION_IMAGE_INFORMATION { + PVOID EntryPoint; + ULONG Unknown1; + ULONG StackReserve; + ULONG StackCommit; + ULONG Subsystem; + USHORT MinorSubsystemVersion; + USHORT MajorSubsystemVersion; + ULONG Unknown2; + ULONG Characteristics; + USHORT ImageNumber; + BOOLEAN Executable; + UCHAR Unknown3; + ULONG Unknown4[3]; +} SECTION_IMAGE_INFORMATION, *PSECTION_IMAGE_INFORMATION; + +#if (VER_PRODUCTBUILD >= 2600) + +typedef struct _SHARED_CACHE_MAP { + CSHORT NodeTypeCode; + CSHORT NodeByteSize; + ULONG OpenCount; + LARGE_INTEGER FileSize; + LIST_ENTRY BcbList; + LARGE_INTEGER SectionSize; + LARGE_INTEGER ValidDataLength; + LARGE_INTEGER ValidDataGoal; + PVACB InitialVacbs[4]; + PVACB *Vacbs; + PFILE_OBJECT FileObject; + PVACB ActiveVacb; + PVOID NeedToZero; + ULONG ActivePage; + ULONG NeedToZeroPage; + KSPIN_LOCK ActiveVacbSpinLock; + ULONG VacbActiveCount; + ULONG DirtyPages; + LIST_ENTRY SharedCacheMapLinks; + ULONG Flags; + NTSTATUS Status; + PMBCB Mbcb; + PVOID Section; + PKEVENT CreateEvent; + PKEVENT WaitOnActiveCount; + ULONG PagesToWrite; + LONGLONG BeyondLastFlush; + PCACHE_MANAGER_CALLBACKS Callbacks; + PVOID LazyWriteContext; + LIST_ENTRY PrivateList; + PVOID LogHandle; + PVOID FlushToLsnRoutine; + ULONG DirtyPageThreshold; + ULONG LazyWritePassCount; + PCACHE_UNINITIALIZE_EVENT UninitializeEvent; + PVACB NeedToZeroVacb; + KSPIN_LOCK BcbSpinLock; + PVOID Reserved; + KEVENT Event; + EX_PUSH_LOCK VacbPushLock; + PRIVATE_CACHE_MAP PrivateCacheMap; +} SHARED_CACHE_MAP, *PSHARED_CACHE_MAP; + +#endif + +typedef struct _STARTING_VCN_INPUT_BUFFER { + LARGE_INTEGER StartingVcn; +} STARTING_VCN_INPUT_BUFFER, *PSTARTING_VCN_INPUT_BUFFER; + +typedef struct _SYSTEM_CACHE_INFORMATION { + ULONG CurrentSize; + ULONG PeakSize; + ULONG PageFaultCount; + ULONG MinimumWorkingSet; + ULONG MaximumWorkingSet; + ULONG Unused[4]; +} SYSTEM_CACHE_INFORMATION, *PSYSTEM_CACHE_INFORMATION; + +typedef struct _TERMINATION_PORT { + struct _TERMINATION_PORT* Next; + PVOID Port; +} TERMINATION_PORT, *PTERMINATION_PORT; + +typedef struct _SECURITY_CLIENT_CONTEXT { + SECURITY_QUALITY_OF_SERVICE SecurityQos; + PACCESS_TOKEN ClientToken; + BOOLEAN DirectlyAccessClientToken; + BOOLEAN DirectAccessEffectiveOnly; + BOOLEAN ServerIsRemote; + TOKEN_CONTROL ClientTokenControl; +} SECURITY_CLIENT_CONTEXT, *PSECURITY_CLIENT_CONTEXT; + +typedef struct _TUNNEL { + FAST_MUTEX Mutex; + PRTL_SPLAY_LINKS Cache; + LIST_ENTRY TimerQueue; + USHORT NumEntries; +} TUNNEL, *PTUNNEL; + +typedef struct _VACB { + PVOID BaseAddress; + PSHARED_CACHE_MAP SharedCacheMap; + union { + LARGE_INTEGER FileOffset; + USHORT ActiveCount; + } Overlay; + LIST_ENTRY LruList; +} VACB, *PVACB; + +typedef struct _VAD_HEADER { + PVOID StartVPN; + PVOID EndVPN; + PVAD_HEADER ParentLink; + PVAD_HEADER LeftLink; + PVAD_HEADER RightLink; + ULONG Flags; /* LSB = CommitCharge */ + PVOID ControlArea; + PVOID FirstProtoPte; + PVOID LastPTE; + ULONG Unknown; + LIST_ENTRY Secured; +} VAD_HEADER, *PVAD_HEADER; + +NTKERNELAPI +BOOLEAN +NTAPI +CcCanIWrite ( + /*IN*/ PFILE_OBJECT FileObject, + /*IN*/ ULONG BytesToWrite, + /*IN*/ BOOLEAN Wait, + /*IN*/ BOOLEAN Retrying +); + +NTKERNELAPI +BOOLEAN +NTAPI +CcCopyRead ( + /*IN*/ PFILE_OBJECT FileObject, + /*IN*/ PLARGE_INTEGER FileOffset, + /*IN*/ ULONG Length, + /*IN*/ BOOLEAN Wait, + /*OUT*/ PVOID Buffer, + /*OUT*/ PIO_STATUS_BLOCK IoStatus +); + +NTKERNELAPI +BOOLEAN +NTAPI +CcCopyWrite ( + /*IN*/ PFILE_OBJECT FileObject, + /*IN*/ PLARGE_INTEGER FileOffset, + /*IN*/ ULONG Length, + /*IN*/ BOOLEAN Wait, + /*IN*/ PVOID Buffer +); + +#define CcCopyWriteWontFlush(FO, FOFF, LEN) ((LEN) <= 0x10000) + +typedef VOID (NTAPI *PCC_POST_DEFERRED_WRITE) ( + /*IN*/ PVOID Context1, + /*IN*/ PVOID Context2 +); + +NTKERNELAPI +VOID +NTAPI +CcDeferWrite ( + /*IN*/ PFILE_OBJECT FileObject, + /*IN*/ PCC_POST_DEFERRED_WRITE PostRoutine, + /*IN*/ PVOID Context1, + /*IN*/ PVOID Context2, + /*IN*/ ULONG BytesToWrite, + /*IN*/ BOOLEAN Retrying +); + +NTKERNELAPI +VOID +NTAPI +CcFastCopyRead ( + /*IN*/ PFILE_OBJECT FileObject, + /*IN*/ ULONG FileOffset, + /*IN*/ ULONG Length, + /*IN*/ ULONG PageCount, + /*OUT*/ PVOID Buffer, + /*OUT*/ PIO_STATUS_BLOCK IoStatus +); + +NTKERNELAPI +VOID +NTAPI +CcFastCopyWrite ( + /*IN*/ PFILE_OBJECT FileObject, + /*IN*/ ULONG FileOffset, + /*IN*/ ULONG Length, + /*IN*/ PVOID Buffer +); + +NTKERNELAPI +VOID +NTAPI +CcFlushCache ( + /*IN*/ PSECTION_OBJECT_POINTERS SectionObjectPointer, + /*IN*/ PLARGE_INTEGER FileOffset /*OPTIONAL*/, + /*IN*/ ULONG Length, + /*OUT*/ PIO_STATUS_BLOCK IoStatus /*OPTIONAL*/ +); + +typedef VOID (*PDIRTY_PAGE_ROUTINE) ( + /*IN*/ PFILE_OBJECT FileObject, + /*IN*/ PLARGE_INTEGER FileOffset, + /*IN*/ ULONG Length, + /*IN*/ PLARGE_INTEGER OldestLsn, + /*IN*/ PLARGE_INTEGER NewestLsn, + /*IN*/ PVOID Context1, + /*IN*/ PVOID Context2 +); + +NTKERNELAPI +LARGE_INTEGER +NTAPI +CcGetDirtyPages ( + /*IN*/ PVOID LogHandle, + /*IN*/ PDIRTY_PAGE_ROUTINE DirtyPageRoutine, + /*IN*/ PVOID Context1, + /*IN*/ PVOID Context2 +); + +NTKERNELAPI +PFILE_OBJECT +NTAPI +CcGetFileObjectFromBcb ( + /*IN*/ PVOID Bcb +); + +NTKERNELAPI +PFILE_OBJECT +NTAPI +CcGetFileObjectFromSectionPtrs ( + /*IN*/ PSECTION_OBJECT_POINTERS SectionObjectPointer +); + +#define CcGetFileSizePointer(FO) ( \ + ((PLARGE_INTEGER)((FO)->SectionObjectPointer->SharedCacheMap) + 1) \ +) + +#if (VER_PRODUCTBUILD >= 2195) + +NTKERNELAPI +LARGE_INTEGER +NTAPI +CcGetFlushedValidData ( + /*IN*/ PSECTION_OBJECT_POINTERS SectionObjectPointer, + /*IN*/ BOOLEAN BcbListHeld +); + +#endif /* (VER_PRODUCTBUILD >= 2195) */ + +NTKERNELAPI +LARGE_INTEGER +CcGetLsnForFileObject ( + /*IN*/ PFILE_OBJECT FileObject, + /*OUT*/ PLARGE_INTEGER OldestLsn /*OPTIONAL*/ +); + +typedef BOOLEAN (NTAPI *PACQUIRE_FOR_LAZY_WRITE) ( + /*IN*/ PVOID Context, + /*IN*/ BOOLEAN Wait +); + +typedef VOID (NTAPI *PRELEASE_FROM_LAZY_WRITE) ( + /*IN*/ PVOID Context +); + +typedef BOOLEAN (NTAPI *PACQUIRE_FOR_READ_AHEAD) ( + /*IN*/ PVOID Context, + /*IN*/ BOOLEAN Wait +); + +typedef VOID (NTAPI *PRELEASE_FROM_READ_AHEAD) ( + /*IN*/ PVOID Context +); + +typedef struct _CACHE_MANAGER_CALLBACKS { + PACQUIRE_FOR_LAZY_WRITE AcquireForLazyWrite; + PRELEASE_FROM_LAZY_WRITE ReleaseFromLazyWrite; + PACQUIRE_FOR_READ_AHEAD AcquireForReadAhead; + PRELEASE_FROM_READ_AHEAD ReleaseFromReadAhead; +} CACHE_MANAGER_CALLBACKS, *PCACHE_MANAGER_CALLBACKS; + +NTKERNELAPI +VOID +NTAPI +CcInitializeCacheMap ( + /*IN*/ PFILE_OBJECT FileObject, + /*IN*/ PCC_FILE_SIZES FileSizes, + /*IN*/ BOOLEAN PinAccess, + /*IN*/ PCACHE_MANAGER_CALLBACKS Callbacks, + /*IN*/ PVOID LazyWriteContext +); + +#define CcIsFileCached(FO) ( \ + ((FO)->SectionObjectPointer != NULL) && \ + (((PSECTION_OBJECT_POINTERS)(FO)->SectionObjectPointer)->SharedCacheMap != NULL) \ +) + +NTKERNELAPI +BOOLEAN +NTAPI +CcIsThereDirtyData ( + /*IN*/ PVPB Vpb +); + +NTKERNELAPI +BOOLEAN +NTAPI +CcMapData ( + /*IN*/ PFILE_OBJECT FileObject, + /*IN*/ PLARGE_INTEGER FileOffset, + /*IN*/ ULONG Length, + /*IN*/ BOOLEAN Wait, + /*OUT*/ PVOID *Bcb, + /*OUT*/ PVOID *Buffer +); + +NTKERNELAPI +VOID +NTAPI +CcMdlRead ( + /*IN*/ PFILE_OBJECT FileObject, + /*IN*/ PLARGE_INTEGER FileOffset, + /*IN*/ ULONG Length, + /*OUT*/ PMDL *MdlChain, + /*OUT*/ PIO_STATUS_BLOCK IoStatus +); + +NTKERNELAPI +VOID +NTAPI +CcMdlReadComplete ( + /*IN*/ PFILE_OBJECT FileObject, + /*IN*/ PMDL MdlChain +); + +NTKERNELAPI +VOID +NTAPI +CcMdlWriteComplete ( + /*IN*/ PFILE_OBJECT FileObject, + /*IN*/ PLARGE_INTEGER FileOffset, + /*IN*/ PMDL MdlChain +); + +NTKERNELAPI +BOOLEAN +NTAPI +CcPinMappedData ( + /*IN*/ PFILE_OBJECT FileObject, + /*IN*/ PLARGE_INTEGER FileOffset, + /*IN*/ ULONG Length, +#if (VER_PRODUCTBUILD >= 2195) + /*IN*/ ULONG Flags, +#else + /*IN*/ BOOLEAN Wait, +#endif + /*IN OUT*/ PVOID *Bcb +); + +NTKERNELAPI +BOOLEAN +NTAPI +CcPinRead ( + /*IN*/ PFILE_OBJECT FileObject, + /*IN*/ PLARGE_INTEGER FileOffset, + /*IN*/ ULONG Length, +#if (VER_PRODUCTBUILD >= 2195) + /*IN*/ ULONG Flags, +#else + /*IN*/ BOOLEAN Wait, +#endif + /*OUT*/ PVOID *Bcb, + /*OUT*/ PVOID *Buffer +); + +NTKERNELAPI +VOID +NTAPI +CcPrepareMdlWrite ( + /*IN*/ PFILE_OBJECT FileObject, + /*IN*/ PLARGE_INTEGER FileOffset, + /*IN*/ ULONG Length, + /*OUT*/ PMDL *MdlChain, + /*OUT*/ PIO_STATUS_BLOCK IoStatus +); + +NTKERNELAPI +BOOLEAN +NTAPI +CcPreparePinWrite ( + /*IN*/ PFILE_OBJECT FileObject, + /*IN*/ PLARGE_INTEGER FileOffset, + /*IN*/ ULONG Length, + /*IN*/ BOOLEAN Zero, +#if (VER_PRODUCTBUILD >= 2195) + /*IN*/ ULONG Flags, +#else + /*IN*/ BOOLEAN Wait, +#endif + /*OUT*/ PVOID *Bcb, + /*OUT*/ PVOID *Buffer +); + +NTKERNELAPI +BOOLEAN +NTAPI +CcPurgeCacheSection ( + /*IN*/ PSECTION_OBJECT_POINTERS SectionObjectPointer, + /*IN*/ PLARGE_INTEGER FileOffset /*OPTIONAL*/, + /*IN*/ ULONG Length, + /*IN*/ BOOLEAN UninitializeCacheMaps +); + +#define CcReadAhead(FO, FOFF, LEN) ( \ + if ((LEN) >= 256) { \ + CcScheduleReadAhead((FO), (FOFF), (LEN)); \ + } \ +) + +#if (VER_PRODUCTBUILD >= 2195) + +NTKERNELAPI +PVOID +NTAPI +CcRemapBcb ( + /*IN*/ PVOID Bcb +); + +#endif /* (VER_PRODUCTBUILD >= 2195) */ + +NTKERNELAPI +VOID +NTAPI +CcRepinBcb ( + /*IN*/ PVOID Bcb +); + +NTKERNELAPI +VOID +NTAPI +CcScheduleReadAhead ( + /*IN*/ PFILE_OBJECT FileObject, + /*IN*/ PLARGE_INTEGER FileOffset, + /*IN*/ ULONG Length +); + +NTKERNELAPI +VOID +NTAPI +CcSetAdditionalCacheAttributes ( + /*IN*/ PFILE_OBJECT FileObject, + /*IN*/ BOOLEAN DisableReadAhead, + /*IN*/ BOOLEAN DisableWriteBehind +); + +NTKERNELAPI +VOID +NTAPI +CcSetBcbOwnerPointer ( + /*IN*/ PVOID Bcb, + /*IN*/ PVOID OwnerPointer +); + +NTKERNELAPI +VOID +NTAPI +CcSetDirtyPageThreshold ( + /*IN*/ PFILE_OBJECT FileObject, + /*IN*/ ULONG DirtyPageThreshold +); + +NTKERNELAPI +VOID +NTAPI +CcSetDirtyPinnedData ( + /*IN*/ PVOID BcbVoid, + /*IN*/ PLARGE_INTEGER Lsn /*OPTIONAL*/ +); + +NTKERNELAPI +VOID +NTAPI +CcSetFileSizes ( + /*IN*/ PFILE_OBJECT FileObject, + /*IN*/ PCC_FILE_SIZES FileSizes +); + +typedef VOID (NTAPI *PFLUSH_TO_LSN) ( + /*IN*/ PVOID LogHandle, + /*IN*/ PLARGE_INTEGER Lsn +); + +NTKERNELAPI +VOID +NTAPI +CcSetLogHandleForFile ( + /*IN*/ PFILE_OBJECT FileObject, + /*IN*/ PVOID LogHandle, + /*IN*/ PFLUSH_TO_LSN FlushToLsnRoutine +); + +NTKERNELAPI +VOID +NTAPI +CcSetReadAheadGranularity ( + /*IN*/ PFILE_OBJECT FileObject, + /*IN*/ ULONG Granularity /* default: PAGE_SIZE */ + /* allowed: 2^n * PAGE_SIZE */ +); + +NTKERNELAPI +BOOLEAN +NTAPI +CcUninitializeCacheMap ( + /*IN*/ PFILE_OBJECT FileObject, + /*IN*/ PLARGE_INTEGER TruncateSize /*OPTIONAL*/, + /*IN*/ PCACHE_UNINITIALIZE_EVENT UninitializeCompleteEvent /*OPTIONAL*/ +); + +NTKERNELAPI +VOID +NTAPI +CcUnpinData ( + /*IN*/ PVOID Bcb +); + +NTKERNELAPI +VOID +NTAPI +CcUnpinDataForThread ( + /*IN*/ PVOID Bcb, + /*IN*/ ERESOURCE_THREAD ResourceThreadId +); + +NTKERNELAPI +VOID +NTAPI +CcUnpinRepinnedBcb ( + /*IN*/ PVOID Bcb, + /*IN*/ BOOLEAN WriteThrough, + /*OUT*/ PIO_STATUS_BLOCK IoStatus +); + +#if (VER_PRODUCTBUILD >= 2195) + +NTKERNELAPI +NTSTATUS +NTAPI +CcWaitForCurrentLazyWriterActivity ( + VOID +); + +#endif /* (VER_PRODUCTBUILD >= 2195) */ + +NTKERNELAPI +BOOLEAN +NTAPI +CcZeroData ( + /*IN*/ PFILE_OBJECT FileObject, + /*IN*/ PLARGE_INTEGER StartOffset, + /*IN*/ PLARGE_INTEGER EndOffset, + /*IN*/ BOOLEAN Wait +); + +NTKERNELAPI +VOID +NTAPI +ExDisableResourceBoostLite ( + /*IN*/ PERESOURCE Resource +); + +NTKERNELAPI +ULONG +NTAPI +ExQueryPoolBlockSize ( + /*IN*/ PVOID PoolBlock, + /*OUT*/ PBOOLEAN QuotaCharged +); + +#define FlagOn(x, f) ((x) & (f)) + +NTKERNELAPI +VOID +NTAPI +FsRtlAddToTunnelCache ( + /*IN*/ PTUNNEL Cache, + /*IN*/ ULONGLONG DirectoryKey, + /*IN*/ PUNICODE_STRING ShortName, + /*IN*/ PUNICODE_STRING LongName, + /*IN*/ BOOLEAN KeyByShortName, + /*IN*/ ULONG DataLength, + /*IN*/ PVOID Data +); + +#if (VER_PRODUCTBUILD >= 2195) + +PFILE_LOCK +NTAPI +FsRtlAllocateFileLock ( + /*IN*/ PCOMPLETE_LOCK_IRP_ROUTINE CompleteLockIrpRoutine /*OPTIONAL*/, + /*IN*/ PUNLOCK_ROUTINE UnlockRoutine /*OPTIONAL*/ +); + +#endif /* (VER_PRODUCTBUILD >= 2195) */ + +NTKERNELAPI +PVOID +NTAPI +FsRtlAllocatePool ( + /*IN*/ POOL_TYPE PoolType, + /*IN*/ ULONG NumberOfBytes +); + +NTKERNELAPI +PVOID +NTAPI +FsRtlAllocatePoolWithQuota ( + /*IN*/ POOL_TYPE PoolType, + /*IN*/ ULONG NumberOfBytes +); + +NTKERNELAPI +PVOID +NTAPI +FsRtlAllocatePoolWithQuotaTag ( + /*IN*/ POOL_TYPE PoolType, + /*IN*/ ULONG NumberOfBytes, + /*IN*/ ULONG Tag +); + +NTKERNELAPI +PVOID +NTAPI +FsRtlAllocatePoolWithTag ( + /*IN*/ POOL_TYPE PoolType, + /*IN*/ ULONG NumberOfBytes, + /*IN*/ ULONG Tag +); + +NTKERNELAPI +BOOLEAN +NTAPI +FsRtlAreNamesEqual ( + /*IN*/ PUNICODE_STRING Name1, + /*IN*/ PUNICODE_STRING Name2, + /*IN*/ BOOLEAN IgnoreCase, + /*IN*/ PWCHAR UpcaseTable /*OPTIONAL*/ +); + +#define FsRtlAreThereCurrentFileLocks(FL) ( \ + ((FL)->FastIoIsQuestionable) \ +) + +/* + FsRtlCheckLockForReadAccess: + + All this really does is pick out the lock parameters from the irp (io stack + location?), get IoGetRequestorProcess, and pass values on to + FsRtlFastCheckLockForRead. +*/ +NTKERNELAPI +BOOLEAN +NTAPI +FsRtlCheckLockForReadAccess ( + /*IN*/ PFILE_LOCK FileLock, + /*IN*/ PIRP Irp +); + +/* + FsRtlCheckLockForWriteAccess: + + All this really does is pick out the lock parameters from the irp (io stack + location?), get IoGetRequestorProcess, and pass values on to + FsRtlFastCheckLockForWrite. +*/ +NTKERNELAPI +BOOLEAN +NTAPI +FsRtlCheckLockForWriteAccess ( + /*IN*/ PFILE_LOCK FileLock, + /*IN*/ PIRP Irp +); + +typedef +VOID NTAPI +(*POPLOCK_WAIT_COMPLETE_ROUTINE) ( + /*IN*/ PVOID Context, + /*IN*/ PIRP Irp +); + +typedef +VOID NTAPI +(*POPLOCK_FS_PREPOST_IRP) ( + /*IN*/ PVOID Context, + /*IN*/ PIRP Irp +); + +NTKERNELAPI +NTSTATUS +NTAPI +FsRtlCheckOplock ( + /*IN*/ POPLOCK Oplock, + /*IN*/ PIRP Irp, + /*IN*/ PVOID Context, + /*IN*/ POPLOCK_WAIT_COMPLETE_ROUTINE CompletionRoutine /*OPTIONAL*/, + /*IN*/ POPLOCK_FS_PREPOST_IRP PostIrpRoutine /*OPTIONAL*/ +); + +NTKERNELAPI +BOOLEAN +NTAPI +FsRtlCopyRead ( + /*IN*/ PFILE_OBJECT FileObject, + /*IN*/ PLARGE_INTEGER FileOffset, + /*IN*/ ULONG Length, + /*IN*/ BOOLEAN Wait, + /*IN*/ ULONG LockKey, + /*OUT*/ PVOID Buffer, + /*OUT*/ PIO_STATUS_BLOCK IoStatus, + /*IN*/ PDEVICE_OBJECT DeviceObject +); + +NTKERNELAPI +BOOLEAN +NTAPI +FsRtlCopyWrite ( + /*IN*/ PFILE_OBJECT FileObject, + /*IN*/ PLARGE_INTEGER FileOffset, + /*IN*/ ULONG Length, + /*IN*/ BOOLEAN Wait, + /*IN*/ ULONG LockKey, + /*IN*/ PVOID Buffer, + /*OUT*/ PIO_STATUS_BLOCK IoStatus, + /*IN*/ PDEVICE_OBJECT DeviceObject +); + +NTKERNELAPI +BOOLEAN +NTAPI +FsRtlCurrentBatchOplock ( + /*IN*/ POPLOCK Oplock +); + +NTKERNELAPI +VOID +NTAPI +FsRtlDeleteKeyFromTunnelCache ( + /*IN*/ PTUNNEL Cache, + /*IN*/ ULONGLONG DirectoryKey +); + +NTKERNELAPI +VOID +NTAPI +FsRtlDeleteTunnelCache ( + /*IN*/ PTUNNEL Cache +); + +NTKERNELAPI +VOID +NTAPI +FsRtlDeregisterUncProvider ( + /*IN*/ HANDLE Handle +); + +NTKERNELAPI +BOOLEAN +NTAPI +FsRtlDoesNameContainWildCards ( + /*IN*/ PUNICODE_STRING Name +); + +#define FsRtlEnterFileSystem KeEnterCriticalRegion + +#define FsRtlExitFileSystem KeLeaveCriticalRegion + +NTKERNELAPI +BOOLEAN +NTAPI +FsRtlFastCheckLockForRead ( + /*IN*/ PFILE_LOCK FileLock, + /*IN*/ PLARGE_INTEGER FileOffset, + /*IN*/ PLARGE_INTEGER Length, + /*IN*/ ULONG Key, + /*IN*/ PFILE_OBJECT FileObject, + /*IN*/ PEPROCESS Process +); + +NTKERNELAPI +BOOLEAN +NTAPI +FsRtlFastCheckLockForWrite ( + /*IN*/ PFILE_LOCK FileLock, + /*IN*/ PLARGE_INTEGER FileOffset, + /*IN*/ PLARGE_INTEGER Length, + /*IN*/ ULONG Key, + /*IN*/ PFILE_OBJECT FileObject, + /*IN*/ PEPROCESS Process +); + +#define FsRtlFastLock(A1, A2, A3, A4, A5, A6, A7, A8, A9, A10, A11) ( \ + FsRtlPrivateLock(A1, A2, A3, A4, A5, A6, A7, A8, A9, NULL, A10, A11) \ +) + +NTKERNELAPI +NTSTATUS +NTAPI +FsRtlFastUnlockAll ( + /*IN*/ PFILE_LOCK FileLock, + /*IN*/ PFILE_OBJECT FileObject, + /*IN*/ PEPROCESS Process, + /*IN*/ PVOID Context /*OPTIONAL*/ +); +/* ret: STATUS_RANGE_NOT_LOCKED */ + +NTKERNELAPI +NTSTATUS +NTAPI +FsRtlFastUnlockAllByKey ( + /*IN*/ PFILE_LOCK FileLock, + /*IN*/ PFILE_OBJECT FileObject, + /*IN*/ PEPROCESS Process, + /*IN*/ ULONG Key, + /*IN*/ PVOID Context /*OPTIONAL*/ +); +/* ret: STATUS_RANGE_NOT_LOCKED */ + +NTKERNELAPI +NTSTATUS +NTAPI +FsRtlFastUnlockSingle ( + /*IN*/ PFILE_LOCK FileLock, + /*IN*/ PFILE_OBJECT FileObject, + /*IN*/ PLARGE_INTEGER FileOffset, + /*IN*/ PLARGE_INTEGER Length, + /*IN*/ PEPROCESS Process, + /*IN*/ ULONG Key, + /*IN*/ PVOID Context /*OPTIONAL*/, + /*IN*/ BOOLEAN AlreadySynchronized +); +/* ret: STATUS_RANGE_NOT_LOCKED */ + +NTKERNELAPI +BOOLEAN +NTAPI +FsRtlFindInTunnelCache ( + /*IN*/ PTUNNEL Cache, + /*IN*/ ULONGLONG DirectoryKey, + /*IN*/ PUNICODE_STRING Name, + /*OUT*/ PUNICODE_STRING ShortName, + /*OUT*/ PUNICODE_STRING LongName, + /*IN OUT*/ PULONG DataLength, + /*OUT*/ PVOID Data +); + +#if (VER_PRODUCTBUILD >= 2195) + +NTKERNELAPI +VOID +NTAPI +FsRtlFreeFileLock ( + /*IN*/ PFILE_LOCK FileLock +); + +#endif /* (VER_PRODUCTBUILD >= 2195) */ + +NTKERNELAPI +NTSTATUS +NTAPI +FsRtlGetFileSize ( + /*IN*/ PFILE_OBJECT FileObject, + /*IN OUT*/ PLARGE_INTEGER FileSize +); + +/* + FsRtlGetNextFileLock: + + ret: NULL if no more locks + + Internals: + FsRtlGetNextFileLock uses FileLock->LastReturnedLockInfo and + FileLock->LastReturnedLock as storage. + LastReturnedLock is a pointer to the 'raw' lock inkl. double linked + list, and FsRtlGetNextFileLock needs this to get next lock on subsequent + calls with Restart = FALSE. +*/ +NTKERNELAPI +PFILE_LOCK_INFO +NTAPI +FsRtlGetNextFileLock ( + /*IN*/ PFILE_LOCK FileLock, + /*IN*/ BOOLEAN Restart +); + +NTKERNELAPI +VOID +NTAPI +FsRtlInitializeFileLock ( + /*IN*/ PFILE_LOCK FileLock, + /*IN*/ PCOMPLETE_LOCK_IRP_ROUTINE CompleteLockIrpRoutine /*OPTIONAL*/, + /*IN*/ PUNLOCK_ROUTINE UnlockRoutine /*OPTIONAL*/ +); + +NTKERNELAPI +VOID +NTAPI +FsRtlInitializeOplock ( + /*IN OUT*/ POPLOCK Oplock +); + +NTKERNELAPI +VOID +NTAPI +FsRtlInitializeTunnelCache ( + /*IN*/ PTUNNEL Cache +); + +NTKERNELAPI +BOOLEAN +NTAPI +FsRtlIsNameInExpression ( + /*IN*/ PUNICODE_STRING Expression, + /*IN*/ PUNICODE_STRING Name, + /*IN*/ BOOLEAN IgnoreCase, + /*IN*/ PWCHAR UpcaseTable /*OPTIONAL*/ +); + +NTKERNELAPI +BOOLEAN +NTAPI +FsRtlIsNtstatusExpected ( + /*IN*/ NTSTATUS Ntstatus +); + +#define FsRtlIsUnicodeCharacterWild(C) ( \ + (((C) >= 0x40) ? \ + FALSE : \ + FlagOn((*FsRtlLegalAnsiCharacterArray)[(C)], FSRTL_WILD_CHARACTER )) \ +) + +NTKERNELAPI +BOOLEAN +NTAPI +FsRtlMdlReadComplete ( + /*IN*/ PFILE_OBJECT FileObject, + /*IN*/ PMDL MdlChain +); + +NTKERNELAPI +BOOLEAN +NTAPI +FsRtlMdlReadCompleteDev ( + /*IN*/ PFILE_OBJECT FileObject, + /*IN*/ PMDL MdlChain, + /*IN*/ PDEVICE_OBJECT DeviceObject +); + +NTKERNELAPI +BOOLEAN +NTAPI +FsRtlMdlWriteComplete ( + /*IN*/ PFILE_OBJECT FileObject, + /*IN*/ PLARGE_INTEGER FileOffset, + /*IN*/ PMDL MdlChain +); + +NTKERNELAPI +BOOLEAN +NTAPI +FsRtlMdlWriteCompleteDev ( + /*IN*/ PFILE_OBJECT FileObject, + /*IN*/ PLARGE_INTEGER FileOffset, + /*IN*/ PMDL MdlChain, + /*IN*/ PDEVICE_OBJECT DeviceObject +); + +NTKERNELAPI +NTSTATUS +NTAPI +FsRtlNormalizeNtstatus ( + /*IN*/ NTSTATUS Exception, + /*IN*/ NTSTATUS GenericException +); + +NTKERNELAPI +VOID +NTAPI +FsRtlNotifyChangeDirectory ( + /*IN*/ PNOTIFY_SYNC NotifySync, + /*IN*/ PVOID FsContext, + /*IN*/ PSTRING FullDirectoryName, + /*IN*/ PLIST_ENTRY NotifyList, + /*IN*/ BOOLEAN WatchTree, + /*IN*/ ULONG CompletionFilter, + /*IN*/ PIRP NotifyIrp +); + +NTKERNELAPI +VOID +NTAPI +FsRtlNotifyCleanup ( + /*IN*/ PNOTIFY_SYNC NotifySync, + /*IN*/ PLIST_ENTRY NotifyList, + /*IN*/ PVOID FsContext +); + +typedef BOOLEAN (*PCHECK_FOR_TRAVERSE_ACCESS) ( + /*IN*/ PVOID NotifyContext, + /*IN*/ PVOID TargetContext, + /*IN*/ PSECURITY_SUBJECT_CONTEXT SubjectContext +); + +NTKERNELAPI +VOID +NTAPI +FsRtlNotifyFullChangeDirectory ( + /*IN*/ PNOTIFY_SYNC NotifySync, + /*IN*/ PLIST_ENTRY NotifyList, + /*IN*/ PVOID FsContext, + /*IN*/ PSTRING FullDirectoryName, + /*IN*/ BOOLEAN WatchTree, + /*IN*/ BOOLEAN IgnoreBuffer, + /*IN*/ ULONG CompletionFilter, + /*IN*/ PIRP NotifyIrp, + /*IN*/ PCHECK_FOR_TRAVERSE_ACCESS TraverseCallback /*OPTIONAL*/, + /*IN*/ PSECURITY_SUBJECT_CONTEXT SubjectContext /*OPTIONAL*/ +); + +NTKERNELAPI +VOID +NTAPI +FsRtlNotifyFullReportChange ( + /*IN*/ PNOTIFY_SYNC NotifySync, + /*IN*/ PLIST_ENTRY NotifyList, + /*IN*/ PSTRING FullTargetName, + /*IN*/ USHORT TargetNameOffset, + /*IN*/ PSTRING StreamName /*OPTIONAL*/, + /*IN*/ PSTRING NormalizedParentName /*OPTIONAL*/, + /*IN*/ ULONG FilterMatch, + /*IN*/ ULONG Action, + /*IN*/ PVOID TargetContext +); + +NTKERNELAPI +VOID +NTAPI +FsRtlNotifyInitializeSync ( + /*IN*/ PNOTIFY_SYNC NotifySync +); + +NTKERNELAPI +VOID +NTAPI +FsRtlNotifyReportChange ( + /*IN*/ PNOTIFY_SYNC NotifySync, + /*IN*/ PLIST_ENTRY NotifyList, + /*IN*/ PSTRING FullTargetName, + /*IN*/ PUSHORT FileNamePartLength, + /*IN*/ ULONG FilterMatch +); + +NTKERNELAPI +VOID +NTAPI +FsRtlNotifyUninitializeSync ( + /*IN*/ PNOTIFY_SYNC NotifySync +); + +#if (VER_PRODUCTBUILD >= 2195) + +NTKERNELAPI +NTSTATUS +NTAPI +FsRtlNotifyVolumeEvent ( + /*IN*/ PFILE_OBJECT FileObject, + /*IN*/ ULONG EventCode +); + +#endif /* (VER_PRODUCTBUILD >= 2195) */ + +NTKERNELAPI +NTSTATUS +NTAPI +FsRtlOplockFsctrl ( + /*IN*/ POPLOCK Oplock, + /*IN*/ PIRP Irp, + /*IN*/ ULONG OpenCount +); + +NTKERNELAPI +BOOLEAN +NTAPI +FsRtlOplockIsFastIoPossible ( + /*IN*/ POPLOCK Oplock +); + +/* + FsRtlPrivateLock: + + ret: IoStatus->Status: STATUS_PENDING, STATUS_LOCK_NOT_GRANTED + + Internals: + -Calls IoCompleteRequest if Irp + -Uses exception handling / ExRaiseStatus with STATUS_INSUFFICIENT_RESOURCES +*/ +NTKERNELAPI +BOOLEAN +NTAPI +FsRtlPrivateLock ( + /*IN*/ PFILE_LOCK FileLock, + /*IN*/ PFILE_OBJECT FileObject, + /*IN*/ PLARGE_INTEGER FileOffset, + /*IN*/ PLARGE_INTEGER Length, + /*IN*/ PEPROCESS Process, + /*IN*/ ULONG Key, + /*IN*/ BOOLEAN FailImmediately, + /*IN*/ BOOLEAN ExclusiveLock, + /*OUT*/ PIO_STATUS_BLOCK IoStatus, + /*IN*/ PIRP Irp /*OPTIONAL*/, + /*IN*/ PVOID Context, + /*IN*/ BOOLEAN AlreadySynchronized +); + +/* + FsRtlProcessFileLock: + + ret: + -STATUS_INVALID_DEVICE_REQUEST + -STATUS_RANGE_NOT_LOCKED from unlock routines. + -STATUS_PENDING, STATUS_LOCK_NOT_GRANTED from FsRtlPrivateLock + (redirected IoStatus->Status). + + Internals: + -switch ( Irp->CurrentStackLocation->MinorFunction ) + lock: return FsRtlPrivateLock; + unlocksingle: return FsRtlFastUnlockSingle; + unlockall: return FsRtlFastUnlockAll; + unlockallbykey: return FsRtlFastUnlockAllByKey; + default: IofCompleteRequest with STATUS_INVALID_DEVICE_REQUEST; + return STATUS_INVALID_DEVICE_REQUEST; + + -'AllwaysZero' is passed thru as 'AllwaysZero' to lock / unlock routines. + -'Irp' is passet thru as 'Irp' to FsRtlPrivateLock. +*/ +NTKERNELAPI +NTSTATUS +NTAPI +FsRtlProcessFileLock ( + /*IN*/ PFILE_LOCK FileLock, + /*IN*/ PIRP Irp, + /*IN*/ PVOID Context /*OPTIONAL*/ +); + +NTKERNELAPI +NTSTATUS +NTAPI +FsRtlRegisterUncProvider ( + /*IN OUT*/ PHANDLE MupHandle, + /*IN*/ PUNICODE_STRING RedirectorDeviceName, + /*IN*/ BOOLEAN MailslotsSupported +); + +NTKERNELAPI +VOID +NTAPI +FsRtlUninitializeFileLock ( + /*IN*/ PFILE_LOCK FileLock +); + +NTKERNELAPI +VOID +NTAPI +FsRtlUninitializeOplock ( + /*IN OUT*/ POPLOCK Oplock +); + +NTSYSAPI +VOID +NTAPI +HalDisplayString ( + /*IN*/ PCHAR String +); + +NTSYSAPI +VOID +NTAPI +HalQueryRealTimeClock ( + /*IN OUT*/ PTIME_FIELDS TimeFields +); + +NTSYSAPI +VOID +NTAPI +HalSetRealTimeClock ( + /*IN*/ PTIME_FIELDS TimeFields +); + +#define InitializeMessageHeader(m, l, t) { \ + (m)->Length = (USHORT)(l); \ + (m)->DataLength = (USHORT)(l - sizeof( LPC_MESSAGE )); \ + (m)->MessageType = (USHORT)(t); \ + (m)->DataInfoOffset = 0; \ +} + +NTKERNELAPI +VOID +NTAPI +IoAcquireVpbSpinLock ( + /*OUT*/ PKIRQL Irql +); + +NTKERNELAPI +NTSTATUS +NTAPI +IoCheckDesiredAccess ( + /*IN OUT*/ PACCESS_MASK DesiredAccess, + /*IN*/ ACCESS_MASK GrantedAccess +); + +NTKERNELAPI +NTSTATUS +NTAPI +IoCheckEaBufferValidity ( + /*IN*/ PFILE_FULL_EA_INFORMATION EaBuffer, + /*IN*/ ULONG EaLength, + /*OUT*/ PULONG ErrorOffset +); + +NTKERNELAPI +NTSTATUS +NTAPI +IoCheckFunctionAccess ( + /*IN*/ ACCESS_MASK GrantedAccess, + /*IN*/ UCHAR MajorFunction, + /*IN*/ UCHAR MinorFunction, + /*IN*/ ULONG IoControlCode, + /*IN*/ PFILE_INFORMATION_CLASS FileInformationClass /*OPTIONAL*/, + /*IN*/ PFS_INFORMATION_CLASS FsInformationClass /*OPTIONAL*/ +); + +#if (VER_PRODUCTBUILD >= 2195) + +NTKERNELAPI +NTSTATUS +NTAPI +IoCheckQuotaBufferValidity ( + /*IN*/ PFILE_QUOTA_INFORMATION QuotaBuffer, + /*IN*/ ULONG QuotaLength, + /*OUT*/ PULONG ErrorOffset +); + +#endif /* (VER_PRODUCTBUILD >= 2195) */ + +NTKERNELAPI +PFILE_OBJECT +NTAPI +IoCreateStreamFileObject ( + /*IN*/ PFILE_OBJECT FileObject /*OPTIONAL*/, + /*IN*/ PDEVICE_OBJECT DeviceObject /*OPTIONAL*/ +); + +#if (VER_PRODUCTBUILD >= 2195) + +NTKERNELAPI +PFILE_OBJECT +NTAPI +IoCreateStreamFileObjectLite ( + /*IN*/ PFILE_OBJECT FileObject /*OPTIONAL*/, + /*IN*/ PDEVICE_OBJECT DeviceObject /*OPTIONAL*/ +); + +#endif /* (VER_PRODUCTBUILD >= 2195) */ + +NTKERNELAPI +BOOLEAN +NTAPI +IoFastQueryNetworkAttributes ( + /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes, + /*IN*/ ACCESS_MASK DesiredAccess, + /*IN*/ ULONG OpenOptions, + /*OUT*/ PIO_STATUS_BLOCK IoStatus, + /*OUT*/ PFILE_NETWORK_OPEN_INFORMATION Buffer +); + +NTKERNELAPI +PDEVICE_OBJECT +NTAPI +IoGetAttachedDevice ( + /*IN*/ PDEVICE_OBJECT DeviceObject +); + +NTKERNELAPI +PDEVICE_OBJECT +NTAPI +IoGetBaseFileSystemDeviceObject ( + /*IN*/ PFILE_OBJECT FileObject +); + +NTKERNELAPI +PEPROCESS +NTAPI +IoGetRequestorProcess ( + /*IN*/ PIRP Irp +); + +#if (VER_PRODUCTBUILD >= 2195) + +NTKERNELAPI +ULONG +NTAPI +IoGetRequestorProcessId ( + /*IN*/ PIRP Irp +); + +#endif /* (VER_PRODUCTBUILD >= 2195) */ + +NTKERNELAPI +PIRP +NTAPI +IoGetTopLevelIrp ( + VOID +); + +#define IoIsFileOpenedExclusively(FileObject) ( \ + (BOOLEAN) !( \ + (FileObject)->SharedRead || \ + (FileObject)->SharedWrite || \ + (FileObject)->SharedDelete \ + ) \ +) + +NTKERNELAPI +BOOLEAN +NTAPI +IoIsOperationSynchronous ( + /*IN*/ PIRP Irp +); + +NTKERNELAPI +BOOLEAN +NTAPI +IoIsSystemThread ( + /*IN*/ PETHREAD Thread +); + +#if (VER_PRODUCTBUILD >= 2195) + +NTKERNELAPI +BOOLEAN +NTAPI +IoIsValidNameGraftingBuffer ( + /*IN*/ PIRP Irp, + /*IN*/ PREPARSE_DATA_BUFFER ReparseBuffer +); + +#endif /* (VER_PRODUCTBUILD >= 2195) */ + +NTKERNELAPI +NTSTATUS +NTAPI +IoPageRead ( + /*IN*/ PFILE_OBJECT FileObject, + /*IN*/ PMDL Mdl, + /*IN*/ PLARGE_INTEGER Offset, + /*IN*/ PKEVENT Event, + /*OUT*/ PIO_STATUS_BLOCK IoStatusBlock +); + +NTKERNELAPI +NTSTATUS +NTAPI +IoQueryFileInformation ( + /*IN*/ PFILE_OBJECT FileObject, + /*IN*/ FILE_INFORMATION_CLASS FileInformationClass, + /*IN*/ ULONG Length, + /*OUT*/ PVOID FileInformation, + /*OUT*/ PULONG ReturnedLength +); + +NTKERNELAPI +NTSTATUS +NTAPI +IoQueryVolumeInformation ( + /*IN*/ PFILE_OBJECT FileObject, + /*IN*/ FS_INFORMATION_CLASS FsInformationClass, + /*IN*/ ULONG Length, + /*OUT*/ PVOID FsInformation, + /*OUT*/ PULONG ReturnedLength +); + +NTKERNELAPI +VOID +NTAPI +IoRegisterFileSystem ( + /*IN OUT*/ PDEVICE_OBJECT DeviceObject +); + +#if (VER_PRODUCTBUILD >= 1381) + +typedef VOID (NTAPI *PDRIVER_FS_NOTIFICATION) ( + /*IN*/ PDEVICE_OBJECT DeviceObject, + /*IN*/ BOOLEAN DriverActive +); + +NTKERNELAPI +NTSTATUS +NTAPI +IoRegisterFsRegistrationChange ( + /*IN*/ PDRIVER_OBJECT DriverObject, + /*IN*/ PDRIVER_FS_NOTIFICATION DriverNotificationRoutine +); + +#endif /* (VER_PRODUCTBUILD >= 1381) */ + +NTKERNELAPI +VOID +NTAPI +IoReleaseVpbSpinLock ( + /*IN*/ KIRQL Irql +); + +NTKERNELAPI +VOID +NTAPI +IoSetDeviceToVerify ( + /*IN*/ PETHREAD Thread, + /*IN*/ PDEVICE_OBJECT DeviceObject +); + +NTKERNELAPI +NTSTATUS +NTAPI +IoSetInformation ( + /*IN*/ PFILE_OBJECT FileObject, + /*IN*/ FILE_INFORMATION_CLASS FileInformationClass, + /*IN*/ ULONG Length, + /*IN*/ PVOID FileInformation +); + +NTKERNELAPI +VOID +NTAPI +IoSetTopLevelIrp ( + /*IN*/ PIRP Irp +); + +NTKERNELAPI +NTSTATUS +NTAPI +IoSynchronousPageWrite ( + /*IN*/ PFILE_OBJECT FileObject, + /*IN*/ PMDL Mdl, + /*IN*/ PLARGE_INTEGER FileOffset, + /*IN*/ PKEVENT Event, + /*OUT*/ PIO_STATUS_BLOCK IoStatusBlock +); + +NTKERNELAPI +PEPROCESS +NTAPI +IoThreadToProcess ( + /*IN*/ PETHREAD Thread +); + +NTKERNELAPI +VOID +NTAPI +IoUnregisterFileSystem ( + /*IN OUT*/ PDEVICE_OBJECT DeviceObject +); + +#if (VER_PRODUCTBUILD >= 1381) + +NTKERNELAPI +NTSTATUS +NTAPI +IoUnregisterFsRegistrationChange ( + /*IN*/ PDRIVER_OBJECT DriverObject, + /*IN*/ PDRIVER_FS_NOTIFICATION DriverNotificationRoutine +); + +#endif /* (VER_PRODUCTBUILD >= 1381) */ + +NTKERNELAPI +NTSTATUS +NTAPI +IoVerifyVolume ( + /*IN*/ PDEVICE_OBJECT DeviceObject, + /*IN*/ BOOLEAN AllowRawMount +); + +NTKERNELAPI +VOID +NTAPI +KeAttachProcess ( + /*IN*/ PEPROCESS Process +); + +NTKERNELAPI +VOID +NTAPI +KeDetachProcess ( + VOID +); + +NTKERNELAPI +VOID +NTAPI +KeInitializeQueue ( + /*IN*/ PRKQUEUE Queue, + /*IN*/ ULONG Count /*OPTIONAL*/ +); + +NTKERNELAPI +LONG +NTAPI +KeInsertHeadQueue ( + /*IN*/ PRKQUEUE Queue, + /*IN*/ PLIST_ENTRY Entry +); + +NTKERNELAPI +LONG +NTAPI +KeInsertQueue ( + /*IN*/ PRKQUEUE Queue, + /*IN*/ PLIST_ENTRY Entry +); + +NTKERNELAPI +BOOLEAN +NTAPI +KeInsertQueueApc ( + /*IN*/ PKAPC Apc, + /*IN*/ PVOID SystemArgument1, + /*IN*/ PVOID SystemArgument2, + /*IN*/ KPRIORITY PriorityBoost +); + +NTKERNELAPI +LONG +NTAPI +KeReadStateQueue ( + /*IN*/ PRKQUEUE Queue +); + +NTKERNELAPI +PLIST_ENTRY +NTAPI +KeRemoveQueue ( + /*IN*/ PRKQUEUE Queue, + /*IN*/ KPROCESSOR_MODE WaitMode, + /*IN*/ PLARGE_INTEGER Timeout /*OPTIONAL*/ +); + +NTKERNELAPI +PLIST_ENTRY +NTAPI +KeRundownQueue ( + /*IN*/ PRKQUEUE Queue +); + +#if (VER_PRODUCTBUILD >= 2195) + +NTKERNELAPI +VOID +NTAPI +KeStackAttachProcess ( + /*IN*/ PKPROCESS Process, + /*OUT*/ PKAPC_STATE ApcState +); + +NTKERNELAPI +VOID +NTAPI +KeUnstackDetachProcess ( + /*IN*/ PKAPC_STATE ApcState +); + +#endif /* (VER_PRODUCTBUILD >= 2195) */ + +NTKERNELAPI +BOOLEAN +NTAPI +MmCanFileBeTruncated ( + /*IN*/ PSECTION_OBJECT_POINTERS SectionObjectPointer, + /*IN*/ PLARGE_INTEGER NewFileSize +); + +NTKERNELAPI +BOOLEAN +NTAPI +MmFlushImageSection ( + /*IN*/ PSECTION_OBJECT_POINTERS SectionObjectPointer, + /*IN*/ MMFLUSH_TYPE FlushType +); + +NTKERNELAPI +BOOLEAN +NTAPI +MmForceSectionClosed ( + /*IN*/ PSECTION_OBJECT_POINTERS SectionObjectPointer, + /*IN*/ BOOLEAN DelayClose +); + +#if (VER_PRODUCTBUILD >= 1381) + +NTKERNELAPI +BOOLEAN +NTAPI +MmIsRecursiveIoFault ( + VOID +); + +#else + +#define MmIsRecursiveIoFault() ( \ + (PsGetCurrentThread()->DisablePageFaultClustering) | \ + (PsGetCurrentThread()->ForwardClusterOnly) \ +) + +#endif + +NTKERNELAPI +NTSTATUS +NTAPI +MmMapViewOfSection ( + /*IN*/ PVOID SectionObject, + /*IN*/ PEPROCESS Process, + /*IN OUT*/ PVOID *BaseAddress, + /*IN*/ ULONG ZeroBits, + /*IN*/ ULONG CommitSize, + /*IN OUT*/ PLARGE_INTEGER SectionOffset /*OPTIONAL*/, + /*IN OUT*/ PULONG ViewSize, + /*IN*/ SECTION_INHERIT InheritDisposition, + /*IN*/ ULONG AllocationType, + /*IN*/ ULONG Protect +); + +NTKERNELAPI +BOOLEAN +NTAPI +MmSetAddressRangeModified ( + /*IN*/ PVOID Address, + /*IN*/ ULONG Length +); + +NTKERNELAPI +NTSTATUS +NTAPI +ObCreateObject ( + /*IN*/ KPROCESSOR_MODE ObjectAttributesAccessMode /*OPTIONAL*/, + /*IN*/ POBJECT_TYPE ObjectType, + /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes /*OPTIONAL*/, + /*IN*/ KPROCESSOR_MODE AccessMode, + /*IN OUT*/ PVOID ParseContext /*OPTIONAL*/, + /*IN*/ ULONG ObjectSize, + /*IN*/ ULONG PagedPoolCharge /*OPTIONAL*/, + /*IN*/ ULONG NonPagedPoolCharge /*OPTIONAL*/, + /*OUT*/ PVOID *Object +); + +NTKERNELAPI +ULONG +NTAPI +ObGetObjectPointerCount ( + /*IN*/ PVOID Object +); + +NTKERNELAPI +NTSTATUS +NTAPI +ObInsertObject ( + /*IN*/ PVOID Object, + /*IN*/ PACCESS_STATE PassedAccessState /*OPTIONAL*/, + /*IN*/ ACCESS_MASK DesiredAccess, + /*IN*/ ULONG AdditionalReferences, + /*OUT*/ PVOID *ReferencedObject /*OPTIONAL*/, + /*OUT*/ PHANDLE Handle +); + +NTKERNELAPI +VOID +NTAPI +ObMakeTemporaryObject ( + /*IN*/ PVOID Object +); + +NTKERNELAPI +NTSTATUS +NTAPI +ObOpenObjectByPointer ( + /*IN*/ PVOID Object, + /*IN*/ ULONG HandleAttributes, + /*IN*/ PACCESS_STATE PassedAccessState /*OPTIONAL*/, + /*IN*/ ACCESS_MASK DesiredAccess /*OPTIONAL*/, + /*IN*/ POBJECT_TYPE ObjectType /*OPTIONAL*/, + /*IN*/ KPROCESSOR_MODE AccessMode, + /*OUT*/ PHANDLE Handle +); + +NTKERNELAPI +NTSTATUS +NTAPI +ObQueryNameString ( + /*IN*/ PVOID Object, + /*OUT*/ POBJECT_NAME_INFORMATION ObjectNameInfo, + /*IN*/ ULONG Length, + /*OUT*/ PULONG ReturnLength +); + +NTKERNELAPI +NTSTATUS +NTAPI +ObQueryObjectAuditingByHandle ( + /*IN*/ HANDLE Handle, + /*OUT*/ PBOOLEAN GenerateOnClose +); + +NTKERNELAPI +NTSTATUS +NTAPI +ObReferenceObjectByName ( + /*IN*/ PUNICODE_STRING ObjectName, + /*IN*/ ULONG Attributes, + /*IN*/ PACCESS_STATE PassedAccessState /*OPTIONAL*/, + /*IN*/ ACCESS_MASK DesiredAccess /*OPTIONAL*/, + /*IN*/ POBJECT_TYPE ObjectType, + /*IN*/ KPROCESSOR_MODE AccessMode, + /*IN OUT*/ PVOID ParseContext /*OPTIONAL*/, + /*OUT*/ PVOID *Object +); + +NTKERNELAPI +VOID +NTAPI +PsChargePoolQuota ( + /*IN*/ PEPROCESS Process, + /*IN*/ POOL_TYPE PoolType, + /*IN*/ ULONG Amount +); + +#define PsDereferenceImpersonationToken(T) \ + {if (ARGUMENT_PRESENT(T)) { \ + (ObDereferenceObject((T))); \ + } else { \ + ; \ + } \ +} + +#define PsDereferencePrimaryToken(T) (ObDereferenceObject((T))) + +NTKERNELAPI +ULONGLONG +NTAPI +PsGetProcessExitTime ( + VOID +); + +NTKERNELAPI +BOOLEAN +NTAPI +PsIsThreadTerminating ( + /*IN*/ PETHREAD Thread +); + +NTKERNELAPI +NTSTATUS +NTAPI +PsLookupProcessByProcessId ( + /*IN*/ PVOID ProcessId, + /*OUT*/ PEPROCESS *Process +); + +NTKERNELAPI +NTSTATUS +NTAPI +PsLookupProcessThreadByCid ( + /*IN*/ PCLIENT_ID Cid, + /*OUT*/ PEPROCESS *Process /*OPTIONAL*/, + /*OUT*/ PETHREAD *Thread +); + +NTKERNELAPI +NTSTATUS +NTAPI +PsLookupThreadByThreadId ( + /*IN*/ PVOID UniqueThreadId, + /*OUT*/ PETHREAD *Thread +); + +NTKERNELAPI +PACCESS_TOKEN +NTAPI +PsReferenceImpersonationToken ( + /*IN*/ PETHREAD Thread, + /*OUT*/ PBOOLEAN CopyOnUse, + /*OUT*/ PBOOLEAN EffectiveOnly, + /*OUT*/ PSECURITY_IMPERSONATION_LEVEL Level +); + +NTKERNELAPI +HANDLE +NTAPI +PsReferencePrimaryToken ( + /*IN*/ PEPROCESS Process +); + +NTKERNELAPI +VOID +NTAPI +PsReturnPoolQuota ( + /*IN*/ PEPROCESS Process, + /*IN*/ POOL_TYPE PoolType, + /*IN*/ ULONG Amount +); + +NTKERNELAPI +VOID +NTAPI +PsRevertToSelf ( + VOID +); + +NTSYSAPI +NTSTATUS +NTAPI +RtlAbsoluteToSelfRelativeSD ( + /*IN*/ PSECURITY_DESCRIPTOR AbsoluteSecurityDescriptor, + /*IN OUT*/ PSECURITY_DESCRIPTOR SelfRelativeSecurityDescriptor, + /*IN*/ PULONG BufferLength +); + +NTSYSAPI +PVOID +NTAPI +RtlAllocateHeap ( + /*IN*/ HANDLE HeapHandle, + /*IN*/ ULONG Flags, + /*IN*/ ULONG Size +); + +NTSYSAPI +NTSTATUS +NTAPI +RtlCompressBuffer ( + /*IN*/ USHORT CompressionFormatAndEngine, + /*IN*/ PUCHAR UncompressedBuffer, + /*IN*/ ULONG UncompressedBufferSize, + /*OUT*/ PUCHAR CompressedBuffer, + /*IN*/ ULONG CompressedBufferSize, + /*IN*/ ULONG UncompressedChunkSize, + /*OUT*/ PULONG FinalCompressedSize, + /*IN*/ PVOID WorkSpace +); + +NTSYSAPI +NTSTATUS +NTAPI +RtlCompressChunks ( + /*IN*/ PUCHAR UncompressedBuffer, + /*IN*/ ULONG UncompressedBufferSize, + /*OUT*/ PUCHAR CompressedBuffer, + /*IN*/ ULONG CompressedBufferSize, + /*IN OUT*/ PCOMPRESSED_DATA_INFO CompressedDataInfo, + /*IN*/ ULONG CompressedDataInfoLength, + /*IN*/ PVOID WorkSpace +); + +NTSYSAPI +NTSTATUS +NTAPI +RtlConvertSidToUnicodeString ( + /*OUT*/ PUNICODE_STRING DestinationString, + /*IN*/ PSID Sid, + /*IN*/ BOOLEAN AllocateDestinationString +); + +NTSYSAPI +NTSTATUS +NTAPI +RtlCopySid ( + /*IN*/ ULONG Length, + /*IN*/ PSID Destination, + /*IN*/ PSID Source +); + +NTSYSAPI +NTSTATUS +NTAPI +RtlDecompressBuffer ( + /*IN*/ USHORT CompressionFormat, + /*OUT*/ PUCHAR UncompressedBuffer, + /*IN*/ ULONG UncompressedBufferSize, + /*IN*/ PUCHAR CompressedBuffer, + /*IN*/ ULONG CompressedBufferSize, + /*OUT*/ PULONG FinalUncompressedSize +); + +NTSYSAPI +NTSTATUS +NTAPI +RtlDecompressChunks ( + /*OUT*/ PUCHAR UncompressedBuffer, + /*IN*/ ULONG UncompressedBufferSize, + /*IN*/ PUCHAR CompressedBuffer, + /*IN*/ ULONG CompressedBufferSize, + /*IN*/ PUCHAR CompressedTail, + /*IN*/ ULONG CompressedTailSize, + /*IN*/ PCOMPRESSED_DATA_INFO CompressedDataInfo +); + +NTSYSAPI +NTSTATUS +NTAPI +RtlDecompressFragment ( + /*IN*/ USHORT CompressionFormat, + /*OUT*/ PUCHAR UncompressedFragment, + /*IN*/ ULONG UncompressedFragmentSize, + /*IN*/ PUCHAR CompressedBuffer, + /*IN*/ ULONG CompressedBufferSize, + /*IN*/ ULONG FragmentOffset, + /*OUT*/ PULONG FinalUncompressedSize, + /*IN*/ PVOID WorkSpace +); + +NTSYSAPI +NTSTATUS +NTAPI +RtlDescribeChunk ( + /*IN*/ USHORT CompressionFormat, + /*IN OUT*/ PUCHAR *CompressedBuffer, + /*IN*/ PUCHAR EndOfCompressedBufferPlus1, + /*OUT*/ PUCHAR *ChunkBuffer, + /*OUT*/ PULONG ChunkSize +); + +NTSYSAPI +BOOLEAN +NTAPI +RtlEqualSid ( + /*IN*/ PSID Sid1, + /*IN*/ PSID Sid2 +); + +NTSYSAPI +VOID +NTAPI +RtlFillMemoryUlong ( + /*IN*/ PVOID Destination, + /*IN*/ ULONG Length, + /*IN*/ ULONG Fill +); + +NTSYSAPI +BOOLEAN +NTAPI +RtlFreeHeap ( + /*IN*/ HANDLE HeapHandle, + /*IN*/ ULONG Flags, + /*IN*/ PVOID P +); + +NTSYSAPI +VOID +NTAPI +RtlGenerate8dot3Name ( + /*IN*/ PUNICODE_STRING Name, + /*IN*/ BOOLEAN AllowExtendedCharacters, + /*IN OUT*/ PGENERATE_NAME_CONTEXT Context, + /*OUT*/ PUNICODE_STRING Name8dot3 +); + +NTSYSAPI +NTSTATUS +NTAPI +RtlGetCompressionWorkSpaceSize ( + /*IN*/ USHORT CompressionFormatAndEngine, + /*OUT*/ PULONG CompressBufferWorkSpaceSize, + /*OUT*/ PULONG CompressFragmentWorkSpaceSize +); + +NTSYSAPI +NTSTATUS +NTAPI +RtlGetDaclSecurityDescriptor ( + /*IN*/ PSECURITY_DESCRIPTOR SecurityDescriptor, + /*OUT*/ PBOOLEAN DaclPresent, + /*OUT*/ PACL *Dacl, + /*OUT*/ PBOOLEAN DaclDefaulted +); + +NTSYSAPI +NTSTATUS +NTAPI +RtlGetGroupSecurityDescriptor ( + /*IN*/ PSECURITY_DESCRIPTOR SecurityDescriptor, + /*OUT*/ PSID *Group, + /*OUT*/ PBOOLEAN GroupDefaulted +); + +NTSYSAPI +NTSTATUS +NTAPI +RtlGetOwnerSecurityDescriptor ( + /*IN*/ PSECURITY_DESCRIPTOR SecurityDescriptor, + /*OUT*/ PSID *Owner, + /*OUT*/ PBOOLEAN OwnerDefaulted +); + +NTSYSAPI +NTSTATUS +NTAPI +RtlInitializeSid ( + /*IN OUT*/ PSID Sid, + /*IN*/ PSID_IDENTIFIER_AUTHORITY IdentifierAuthority, + /*IN*/ UCHAR SubAuthorityCount +); + +NTSYSAPI +BOOLEAN +NTAPI +RtlIsNameLegalDOS8Dot3 ( + /*IN*/ PUNICODE_STRING UnicodeName, + /*IN*/ PANSI_STRING AnsiName, + PBOOLEAN Unknown +); + +NTSYSAPI +ULONG +NTAPI +RtlLengthRequiredSid ( + /*IN*/ UCHAR SubAuthorityCount +); + +NTSYSAPI +ULONG +NTAPI +RtlLengthSid ( + /*IN*/ PSID Sid +); + +NTSYSAPI +ULONG +NTAPI +RtlNtStatusToDosError ( + /*IN*/ NTSTATUS Status +); + +NTSYSAPI +NTSTATUS +NTAPI +RtlReserveChunk ( + /*IN*/ USHORT CompressionFormat, + /*IN OUT*/ PUCHAR *CompressedBuffer, + /*IN*/ PUCHAR EndOfCompressedBufferPlus1, + /*OUT*/ PUCHAR *ChunkBuffer, + /*IN*/ ULONG ChunkSize +); + +NTSYSAPI +VOID +NTAPI +RtlSecondsSince1970ToTime ( + /*IN*/ ULONG SecondsSince1970, + /*OUT*/ PLARGE_INTEGER Time +); + +#if (VER_PRODUCTBUILD >= 2195) + +NTSYSAPI +NTSTATUS +NTAPI +RtlSelfRelativeToAbsoluteSD ( + /*IN*/ PSECURITY_DESCRIPTOR SelfRelativeSD, + /*OUT*/ PSECURITY_DESCRIPTOR AbsoluteSD, + /*IN*/ PULONG AbsoluteSDSize, + /*IN*/ PACL Dacl, + /*IN*/ PULONG DaclSize, + /*IN*/ PACL Sacl, + /*IN*/ PULONG SaclSize, + /*IN*/ PSID Owner, + /*IN*/ PULONG OwnerSize, + /*IN*/ PSID PrimaryGroup, + /*IN*/ PULONG PrimaryGroupSize +); + +#endif /* (VER_PRODUCTBUILD >= 2195) */ + +NTSYSAPI +NTSTATUS +NTAPI +RtlSetGroupSecurityDescriptor ( + /*IN OUT*/ PSECURITY_DESCRIPTOR SecurityDescriptor, + /*IN*/ PSID Group, + /*IN*/ BOOLEAN GroupDefaulted +); + +NTSYSAPI +NTSTATUS +NTAPI +RtlSetOwnerSecurityDescriptor ( + /*IN OUT*/ PSECURITY_DESCRIPTOR SecurityDescriptor, + /*IN*/ PSID Owner, + /*IN*/ BOOLEAN OwnerDefaulted +); + +NTSYSAPI +NTSTATUS +NTAPI +RtlSetSaclSecurityDescriptor ( + /*IN OUT*/ PSECURITY_DESCRIPTOR SecurityDescriptor, + /*IN*/ BOOLEAN SaclPresent, + /*IN*/ PACL Sacl, + /*IN*/ BOOLEAN SaclDefaulted +); + +NTSYSAPI +PUCHAR +NTAPI +RtlSubAuthorityCountSid ( + /*IN*/ PSID Sid +); + +NTSYSAPI +PULONG +NTAPI +RtlSubAuthoritySid ( + /*IN*/ PSID Sid, + /*IN*/ ULONG SubAuthority +); + +NTSYSAPI +BOOLEAN +NTAPI +RtlValidSid ( + /*IN*/ PSID Sid +); + +NTKERNELAPI +NTSTATUS +NTAPI +SeAppendPrivileges ( + PACCESS_STATE AccessState, + PPRIVILEGE_SET Privileges +); + +NTKERNELAPI +BOOLEAN +NTAPI +SeAuditingFileEvents ( + /*IN*/ BOOLEAN AccessGranted, + /*IN*/ PSECURITY_DESCRIPTOR SecurityDescriptor +); + +NTKERNELAPI +BOOLEAN +NTAPI +SeAuditingFileOrGlobalEvents ( + /*IN*/ BOOLEAN AccessGranted, + /*IN*/ PSECURITY_DESCRIPTOR SecurityDescriptor, + /*IN*/ PSECURITY_SUBJECT_CONTEXT SubjectContext +); + +NTKERNELAPI +VOID +NTAPI +SeCaptureSubjectContext ( + /*OUT*/ PSECURITY_SUBJECT_CONTEXT SubjectContext +); + +NTKERNELAPI +NTSTATUS +NTAPI +SeCreateAccessState ( + /*OUT*/ PACCESS_STATE AccessState, + /*IN*/ PVOID AuxData, + /*IN*/ ACCESS_MASK AccessMask, + /*IN*/ PGENERIC_MAPPING Mapping +); + +NTKERNELAPI +NTSTATUS +NTAPI +SeCreateClientSecurity ( + /*IN*/ PETHREAD Thread, + /*IN*/ PSECURITY_QUALITY_OF_SERVICE QualityOfService, + /*IN*/ BOOLEAN RemoteClient, + /*OUT*/ PSECURITY_CLIENT_CONTEXT ClientContext +); + +#if (VER_PRODUCTBUILD >= 2195) + +NTKERNELAPI +NTSTATUS +NTAPI +SeCreateClientSecurityFromSubjectContext ( + /*IN*/ PSECURITY_SUBJECT_CONTEXT SubjectContext, + /*IN*/ PSECURITY_QUALITY_OF_SERVICE QualityOfService, + /*IN*/ BOOLEAN ServerIsRemote, + /*OUT*/ PSECURITY_CLIENT_CONTEXT ClientContext +); + +#endif /* (VER_PRODUCTBUILD >= 2195) */ + +#define SeDeleteClientSecurity(C) { \ + if (SeTokenType((C)->ClientToken) == TokenPrimary) { \ + PsDereferencePrimaryToken( (C)->ClientToken ); \ + } else { \ + PsDereferenceImpersonationToken( (C)->ClientToken ); \ + } \ +} + +NTKERNELAPI +VOID +NTAPI +SeDeleteObjectAuditAlarm ( + /*IN*/ PVOID Object, + /*IN*/ HANDLE Handle +); + +#define SeEnableAccessToExports() SeExports = *(PSE_EXPORTS *)SeExports; + +NTKERNELAPI +VOID +NTAPI +SeFreePrivileges ( + /*IN*/ PPRIVILEGE_SET Privileges +); + +NTKERNELAPI +VOID +NTAPI +SeImpersonateClient ( + /*IN*/ PSECURITY_CLIENT_CONTEXT ClientContext, + /*IN*/ PETHREAD ServerThread /*OPTIONAL*/ +); + +#if (VER_PRODUCTBUILD >= 2195) + +NTKERNELAPI +NTSTATUS +NTAPI +SeImpersonateClientEx ( + /*IN*/ PSECURITY_CLIENT_CONTEXT ClientContext, + /*IN*/ PETHREAD ServerThread /*OPTIONAL*/ +); + +#endif /* (VER_PRODUCTBUILD >= 2195) */ + +NTKERNELAPI +VOID +NTAPI +SeLockSubjectContext ( + /*IN*/ PSECURITY_SUBJECT_CONTEXT SubjectContext +); + +NTKERNELAPI +NTSTATUS +NTAPI +SeMarkLogonSessionForTerminationNotification ( + /*IN*/ PLUID LogonId +); + +NTKERNELAPI +VOID +NTAPI +SeOpenObjectAuditAlarm ( + /*IN*/ PUNICODE_STRING ObjectTypeName, + /*IN*/ PVOID Object /*OPTIONAL*/, + /*IN*/ PUNICODE_STRING AbsoluteObjectName /*OPTIONAL*/, + /*IN*/ PSECURITY_DESCRIPTOR SecurityDescriptor, + /*IN*/ PACCESS_STATE AccessState, + /*IN*/ BOOLEAN ObjectCreated, + /*IN*/ BOOLEAN AccessGranted, + /*IN*/ KPROCESSOR_MODE AccessMode, + /*OUT*/ PBOOLEAN GenerateOnClose +); + +NTKERNELAPI +VOID +NTAPI +SeOpenObjectForDeleteAuditAlarm ( + /*IN*/ PUNICODE_STRING ObjectTypeName, + /*IN*/ PVOID Object /*OPTIONAL*/, + /*IN*/ PUNICODE_STRING AbsoluteObjectName /*OPTIONAL*/, + /*IN*/ PSECURITY_DESCRIPTOR SecurityDescriptor, + /*IN*/ PACCESS_STATE AccessState, + /*IN*/ BOOLEAN ObjectCreated, + /*IN*/ BOOLEAN AccessGranted, + /*IN*/ KPROCESSOR_MODE AccessMode, + /*OUT*/ PBOOLEAN GenerateOnClose +); + +NTKERNELAPI +BOOLEAN +NTAPI +SePrivilegeCheck ( + /*IN OUT*/ PPRIVILEGE_SET RequiredPrivileges, + /*IN*/ PSECURITY_SUBJECT_CONTEXT SubjectContext, + /*IN*/ KPROCESSOR_MODE AccessMode +); + +NTKERNELAPI +NTSTATUS +NTAPI +SeQueryAuthenticationIdToken ( + /*IN*/ PACCESS_TOKEN Token, + /*OUT*/ PLUID LogonId +); + +#if (VER_PRODUCTBUILD >= 2195) + +NTKERNELAPI +NTSTATUS +NTAPI +SeQueryInformationToken ( + /*IN*/ PACCESS_TOKEN Token, + /*IN*/ TOKEN_INFORMATION_CLASS TokenInformationClass, + /*OUT*/ PVOID *TokenInformation +); + +#endif /* (VER_PRODUCTBUILD >= 2195) */ + +NTKERNELAPI +NTSTATUS +NTAPI +SeQuerySecurityDescriptorInfo ( + /*IN*/ PSECURITY_INFORMATION SecurityInformation, + /*OUT*/ PSECURITY_DESCRIPTOR SecurityDescriptor, + /*IN OUT*/ PULONG Length, + /*IN*/ PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor +); + +#if (VER_PRODUCTBUILD >= 2195) + +NTKERNELAPI +NTSTATUS +NTAPI +SeQuerySessionIdToken ( + /*IN*/ PACCESS_TOKEN Token, + /*IN*/ PULONG SessionId +); + +#endif /* (VER_PRODUCTBUILD >= 2195) */ + +#define SeQuerySubjectContextToken( SubjectContext ) \ + ( ARGUMENT_PRESENT( \ + ((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->ClientToken \ + ) ? \ + ((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->ClientToken : \ + ((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->PrimaryToken ) + +typedef NTSTATUS (*PSE_LOGON_SESSION_TERMINATED_ROUTINE) ( + /*IN*/ PLUID LogonId +); + +NTKERNELAPI +NTSTATUS +NTAPI +SeRegisterLogonSessionTerminatedRoutine ( + /*IN*/ PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine +); + +NTKERNELAPI +VOID +NTAPI +SeReleaseSubjectContext ( + /*IN*/ PSECURITY_SUBJECT_CONTEXT SubjectContext +); + +NTKERNELAPI +VOID +NTAPI +SeSetAccessStateGenericMapping ( + PACCESS_STATE AccessState, + PGENERIC_MAPPING GenericMapping +); + +NTKERNELAPI +NTSTATUS +NTAPI +SeSetSecurityDescriptorInfo ( + /*IN*/ PVOID Object /*OPTIONAL*/, + /*IN*/ PSECURITY_INFORMATION SecurityInformation, + /*IN*/ PSECURITY_DESCRIPTOR SecurityDescriptor, + /*IN OUT*/ PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor, + /*IN*/ POOL_TYPE PoolType, + /*IN*/ PGENERIC_MAPPING GenericMapping +); + +#if (VER_PRODUCTBUILD >= 2195) + +NTKERNELAPI +NTSTATUS +NTAPI +SeSetSecurityDescriptorInfoEx ( + /*IN*/ PVOID Object /*OPTIONAL*/, + /*IN*/ PSECURITY_INFORMATION SecurityInformation, + /*IN*/ PSECURITY_DESCRIPTOR ModificationDescriptor, + /*IN OUT*/ PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor, + /*IN*/ ULONG AutoInheritFlags, + /*IN*/ POOL_TYPE PoolType, + /*IN*/ PGENERIC_MAPPING GenericMapping +); + +NTKERNELAPI +BOOLEAN +NTAPI +SeTokenIsAdmin ( + /*IN*/ PACCESS_TOKEN Token +); + +NTKERNELAPI +BOOLEAN +NTAPI +SeTokenIsRestricted ( + /*IN*/ PACCESS_TOKEN Token +); + +#endif /* (VER_PRODUCTBUILD >= 2195) */ + +NTKERNELAPI +TOKEN_TYPE +NTAPI +SeTokenType ( + /*IN*/ PACCESS_TOKEN Token +); + +NTKERNELAPI +VOID +NTAPI +SeUnlockSubjectContext ( + /*IN*/ PSECURITY_SUBJECT_CONTEXT SubjectContext +); + +NTKERNELAPI +NTSTATUS +SeUnregisterLogonSessionTerminatedRoutine ( + /*IN*/ PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine +); + +#if (VER_PRODUCTBUILD >= 2195) + +NTSYSAPI +NTSTATUS +NTAPI +ZwAdjustPrivilegesToken ( + /*IN*/ HANDLE TokenHandle, + /*IN*/ BOOLEAN DisableAllPrivileges, + /*IN*/ PTOKEN_PRIVILEGES NewState, + /*IN*/ ULONG BufferLength, + /*OUT*/ PTOKEN_PRIVILEGES PreviousState /*OPTIONAL*/, + /*OUT*/ PULONG ReturnLength +); + +#endif /* (VER_PRODUCTBUILD >= 2195) */ + +NTSYSAPI +NTSTATUS +NTAPI +ZwAlertThread ( + /*IN*/ HANDLE ThreadHandle +); + +NTSYSAPI +NTSTATUS +NTAPI +ZwAllocateVirtualMemory ( + /*IN*/ HANDLE ProcessHandle, + /*IN OUT*/ PVOID *BaseAddress, + /*IN*/ ULONG ZeroBits, + /*IN OUT*/ PULONG RegionSize, + /*IN*/ ULONG AllocationType, + /*IN*/ ULONG Protect +); + +NTSYSAPI +NTSTATUS +NTAPI +ZwAccessCheckAndAuditAlarm ( + /*IN*/ PUNICODE_STRING SubsystemName, + /*IN*/ PVOID HandleId, + /*IN*/ PUNICODE_STRING ObjectTypeName, + /*IN*/ PUNICODE_STRING ObjectName, + /*IN*/ PSECURITY_DESCRIPTOR SecurityDescriptor, + /*IN*/ ACCESS_MASK DesiredAccess, + /*IN*/ PGENERIC_MAPPING GenericMapping, + /*IN*/ BOOLEAN ObjectCreation, + /*OUT*/ PACCESS_MASK GrantedAccess, + /*OUT*/ PBOOLEAN AccessStatus, + /*OUT*/ PBOOLEAN GenerateOnClose +); + +#if (VER_PRODUCTBUILD >= 2195) + +NTSYSAPI +NTSTATUS +NTAPI +ZwCancelIoFile ( + /*IN*/ HANDLE FileHandle, + /*OUT*/ PIO_STATUS_BLOCK IoStatusBlock +); + +#endif /* (VER_PRODUCTBUILD >= 2195) */ + +NTSYSAPI +NTSTATUS +NTAPI +ZwClearEvent ( + /*IN*/ HANDLE EventHandle +); + +NTSYSAPI +NTSTATUS +NTAPI +ZwCloseObjectAuditAlarm ( + /*IN*/ PUNICODE_STRING SubsystemName, + /*IN*/ PVOID HandleId, + /*IN*/ BOOLEAN GenerateOnClose +); + +NTSYSAPI +NTSTATUS +NTAPI +ZwCreateSection ( + /*OUT*/ PHANDLE SectionHandle, + /*IN*/ ACCESS_MASK DesiredAccess, + /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes /*OPTIONAL*/, + /*IN*/ PLARGE_INTEGER MaximumSize /*OPTIONAL*/, + /*IN*/ ULONG SectionPageProtection, + /*IN*/ ULONG AllocationAttributes, + /*IN*/ HANDLE FileHandle /*OPTIONAL*/ +); + +NTSYSAPI +NTSTATUS +NTAPI +ZwCreateSymbolicLinkObject ( + /*OUT*/ PHANDLE SymbolicLinkHandle, + /*IN*/ ACCESS_MASK DesiredAccess, + /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes, + /*IN*/ PUNICODE_STRING TargetName +); + +NTSYSAPI +NTSTATUS +NTAPI +ZwDeleteFile ( + /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes +); + +NTSYSAPI +NTSTATUS +NTAPI +ZwDeleteValueKey ( + /*IN*/ HANDLE Handle, + /*IN*/ PUNICODE_STRING Name +); + +NTSYSAPI +NTSTATUS +NTAPI +ZwDeviceIoControlFile ( + /*IN*/ HANDLE FileHandle, + /*IN*/ HANDLE Event /*OPTIONAL*/, + /*IN*/ PIO_APC_ROUTINE ApcRoutine /*OPTIONAL*/, + /*IN*/ PVOID ApcContext /*OPTIONAL*/, + /*OUT*/ PIO_STATUS_BLOCK IoStatusBlock, + /*IN*/ ULONG IoControlCode, + /*IN*/ PVOID InputBuffer /*OPTIONAL*/, + /*IN*/ ULONG InputBufferLength, + /*OUT*/ PVOID OutputBuffer /*OPTIONAL*/, + /*IN*/ ULONG OutputBufferLength +); + +NTSYSAPI +NTSTATUS +NTAPI +ZwDisplayString ( + /*IN*/ PUNICODE_STRING String +); + +NTSYSAPI +NTSTATUS +NTAPI +ZwDuplicateObject ( + /*IN*/ HANDLE SourceProcessHandle, + /*IN*/ HANDLE SourceHandle, + /*IN*/ HANDLE TargetProcessHandle /*OPTIONAL*/, + /*OUT*/ PHANDLE TargetHandle /*OPTIONAL*/, + /*IN*/ ACCESS_MASK DesiredAccess, + /*IN*/ ULONG HandleAttributes, + /*IN*/ ULONG Options +); + +NTSYSAPI +NTSTATUS +NTAPI +ZwDuplicateToken ( + /*IN*/ HANDLE ExistingTokenHandle, + /*IN*/ ACCESS_MASK DesiredAccess, + /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes, + /*IN*/ BOOLEAN EffectiveOnly, + /*IN*/ TOKEN_TYPE TokenType, + /*OUT*/ PHANDLE NewTokenHandle +); + +NTSYSAPI +NTSTATUS +NTAPI +ZwFlushInstructionCache ( + /*IN*/ HANDLE ProcessHandle, + /*IN*/ PVOID BaseAddress /*OPTIONAL*/, + /*IN*/ ULONG FlushSize +); + +#if (VER_PRODUCTBUILD >= 2195) + +NTSYSAPI +NTSTATUS +NTAPI +ZwFlushVirtualMemory ( + /*IN*/ HANDLE ProcessHandle, + /*IN OUT*/ PVOID *BaseAddress, + /*IN OUT*/ PULONG FlushSize, + /*OUT*/ PIO_STATUS_BLOCK IoStatusBlock +); + +#endif /* (VER_PRODUCTBUILD >= 2195) */ + +NTSYSAPI +NTSTATUS +NTAPI +ZwFreeVirtualMemory ( + /*IN*/ HANDLE ProcessHandle, + /*IN OUT*/ PVOID *BaseAddress, + /*IN OUT*/ PULONG RegionSize, + /*IN*/ ULONG FreeType +); + +NTSYSAPI +NTSTATUS +NTAPI +ZwFsControlFile ( + /*IN*/ HANDLE FileHandle, + /*IN*/ HANDLE Event /*OPTIONAL*/, + /*IN*/ PIO_APC_ROUTINE ApcRoutine /*OPTIONAL*/, + /*IN*/ PVOID ApcContext /*OPTIONAL*/, + /*OUT*/ PIO_STATUS_BLOCK IoStatusBlock, + /*IN*/ ULONG FsControlCode, + /*IN*/ PVOID InputBuffer /*OPTIONAL*/, + /*IN*/ ULONG InputBufferLength, + /*OUT*/ PVOID OutputBuffer /*OPTIONAL*/, + /*IN*/ ULONG OutputBufferLength +); + +#if (VER_PRODUCTBUILD >= 2195) + +NTSYSAPI +NTSTATUS +NTAPI +ZwInitiatePowerAction ( + /*IN*/ POWER_ACTION SystemAction, + /*IN*/ SYSTEM_POWER_STATE MinSystemState, + /*IN*/ ULONG Flags, + /*IN*/ BOOLEAN Asynchronous +); + +#endif /* (VER_PRODUCTBUILD >= 2195) */ + +NTSYSAPI +NTSTATUS +NTAPI +ZwLoadDriver ( + /* "\\Registry\\Machine\\System\\CurrentControlSet\\Services\\" */ + /*IN*/ PUNICODE_STRING RegistryPath +); + +NTSYSAPI +NTSTATUS +NTAPI +ZwLoadKey ( + /*IN*/ POBJECT_ATTRIBUTES KeyObjectAttributes, + /*IN*/ POBJECT_ATTRIBUTES FileObjectAttributes +); + +NTSYSAPI +NTSTATUS +NTAPI +ZwNotifyChangeKey ( + /*IN*/ HANDLE KeyHandle, + /*IN*/ HANDLE EventHandle /*OPTIONAL*/, + /*IN*/ PIO_APC_ROUTINE ApcRoutine /*OPTIONAL*/, + /*IN*/ PVOID ApcContext /*OPTIONAL*/, + /*OUT*/ PIO_STATUS_BLOCK IoStatusBlock, + /*IN*/ ULONG NotifyFilter, + /*IN*/ BOOLEAN WatchSubtree, + /*IN*/ PVOID Buffer, + /*IN*/ ULONG BufferLength, + /*IN*/ BOOLEAN Asynchronous +); + +NTSYSAPI +NTSTATUS +NTAPI +ZwOpenDirectoryObject ( + /*OUT*/ PHANDLE DirectoryHandle, + /*IN*/ ACCESS_MASK DesiredAccess, + /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes +); + +NTSYSAPI +NTSTATUS +NTAPI +ZwOpenEvent ( + /*OUT*/ PHANDLE EventHandle, + /*IN*/ ACCESS_MASK DesiredAccess, + /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes +); + +NTSYSAPI +NTSTATUS +NTAPI +ZwOpenProcess ( + /*OUT*/ PHANDLE ProcessHandle, + /*IN*/ ACCESS_MASK DesiredAccess, + /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes, + /*IN*/ PCLIENT_ID ClientId /*OPTIONAL*/ +); + +NTSYSAPI +NTSTATUS +NTAPI +ZwOpenProcessToken ( + /*IN*/ HANDLE ProcessHandle, + /*IN*/ ACCESS_MASK DesiredAccess, + /*OUT*/ PHANDLE TokenHandle +); + +NTSYSAPI +NTSTATUS +NTAPI +ZwOpenThread ( + /*OUT*/ PHANDLE ThreadHandle, + /*IN*/ ACCESS_MASK DesiredAccess, + /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes, + /*IN*/ PCLIENT_ID ClientId +); + +NTSYSAPI +NTSTATUS +NTAPI +ZwOpenThreadToken ( + /*IN*/ HANDLE ThreadHandle, + /*IN*/ ACCESS_MASK DesiredAccess, + /*IN*/ BOOLEAN OpenAsSelf, + /*OUT*/ PHANDLE TokenHandle +); + +#if (VER_PRODUCTBUILD >= 2195) + +NTSYSAPI +NTSTATUS +NTAPI +ZwPowerInformation ( + /*IN*/ POWER_INFORMATION_LEVEL PowerInformationLevel, + /*IN*/ PVOID InputBuffer /*OPTIONAL*/, + /*IN*/ ULONG InputBufferLength, + /*OUT*/ PVOID OutputBuffer /*OPTIONAL*/, + /*IN*/ ULONG OutputBufferLength +); + +#endif /* (VER_PRODUCTBUILD >= 2195) */ + +NTSYSAPI +NTSTATUS +NTAPI +ZwPulseEvent ( + /*IN*/ HANDLE EventHandle, + /*OUT*/ PULONG PreviousState /*OPTIONAL*/ +); + +NTSYSAPI +NTSTATUS +NTAPI +ZwQueryDefaultLocale ( + /*IN*/ BOOLEAN ThreadOrSystem, + /*OUT*/ PLCID Locale +); + +NTSYSAPI +NTSTATUS +NTAPI +ZwQueryDirectoryFile ( + /*IN*/ HANDLE FileHandle, + /*IN*/ HANDLE Event /*OPTIONAL*/, + /*IN*/ PIO_APC_ROUTINE ApcRoutine /*OPTIONAL*/, + /*IN*/ PVOID ApcContext /*OPTIONAL*/, + /*OUT*/ PIO_STATUS_BLOCK IoStatusBlock, + /*OUT*/ PVOID FileInformation, + /*IN*/ ULONG Length, + /*IN*/ FILE_INFORMATION_CLASS FileInformationClass, + /*IN*/ BOOLEAN ReturnSingleEntry, + /*IN*/ PUNICODE_STRING FileName /*OPTIONAL*/, + /*IN*/ BOOLEAN RestartScan +); + +#if (VER_PRODUCTBUILD >= 2195) + +NTSYSAPI +NTSTATUS +NTAPI +ZwQueryDirectoryObject ( + /*IN*/ HANDLE DirectoryHandle, + /*OUT*/ PVOID Buffer, + /*IN*/ ULONG Length, + /*IN*/ BOOLEAN ReturnSingleEntry, + /*IN*/ BOOLEAN RestartScan, + /*IN OUT*/ PULONG Context, + /*OUT*/ PULONG ReturnLength /*OPTIONAL*/ +); + +NTSYSAPI +NTSTATUS +NTAPI +ZwQueryEaFile ( + /*IN*/ HANDLE FileHandle, + /*OUT*/ PIO_STATUS_BLOCK IoStatusBlock, + /*OUT*/ PVOID Buffer, + /*IN*/ ULONG Length, + /*IN*/ BOOLEAN ReturnSingleEntry, + /*IN*/ PVOID EaList /*OPTIONAL*/, + /*IN*/ ULONG EaListLength, + /*IN*/ PULONG EaIndex /*OPTIONAL*/, + /*IN*/ BOOLEAN RestartScan +); + +#endif /* (VER_PRODUCTBUILD >= 2195) */ + +NTSYSAPI +NTSTATUS +NTAPI +ZwQueryInformationProcess ( + /*IN*/ HANDLE ProcessHandle, + /*IN*/ PROCESSINFOCLASS ProcessInformationClass, + /*OUT*/ PVOID ProcessInformation, + /*IN*/ ULONG ProcessInformationLength, + /*OUT*/ PULONG ReturnLength /*OPTIONAL*/ +); + +NTSYSAPI +NTSTATUS +NTAPI +ZwQueryInformationToken ( + /*IN*/ HANDLE TokenHandle, + /*IN*/ TOKEN_INFORMATION_CLASS TokenInformationClass, + /*OUT*/ PVOID TokenInformation, + /*IN*/ ULONG Length, + /*OUT*/ PULONG ResultLength +); + +NTSYSAPI +NTSTATUS +NTAPI +ZwQueryObject ( + /*IN*/ HANDLE ObjectHandle, + /*IN*/ OBJECT_INFORMATION_CLASS ObjectInformationClass, + /*OUT*/ PVOID ObjectInformation, + /*IN*/ ULONG Length, + /*OUT*/ PULONG ResultLength +); + +NTSYSAPI +NTSTATUS +NTAPI +ZwQuerySection ( + /*IN*/ HANDLE SectionHandle, + /*IN*/ SECTION_INFORMATION_CLASS SectionInformationClass, + /*OUT*/ PVOID SectionInformation, + /*IN*/ ULONG SectionInformationLength, + /*OUT*/ PULONG ResultLength /*OPTIONAL*/ +); + +NTSYSAPI +NTSTATUS +NTAPI +ZwQuerySecurityObject ( + /*IN*/ HANDLE FileHandle, + /*IN*/ SECURITY_INFORMATION SecurityInformation, + /*OUT*/ PSECURITY_DESCRIPTOR SecurityDescriptor, + /*IN*/ ULONG Length, + /*OUT*/ PULONG ResultLength +); + +NTSYSAPI +NTSTATUS +NTAPI +ZwQuerySystemInformation ( + /*IN*/ SYSTEM_INFORMATION_CLASS SystemInformationClass, + /*OUT*/ PVOID SystemInformation, + /*IN*/ ULONG Length, + /*OUT*/ PULONG ReturnLength +); + +NTSYSAPI +NTSTATUS +NTAPI +ZwQueryVolumeInformationFile ( + /*IN*/ HANDLE FileHandle, + /*OUT*/ PIO_STATUS_BLOCK IoStatusBlock, + /*OUT*/ PVOID FsInformation, + /*IN*/ ULONG Length, + /*IN*/ FS_INFORMATION_CLASS FsInformationClass +); + +NTSYSAPI +NTSTATUS +NTAPI +ZwReplaceKey ( + /*IN*/ POBJECT_ATTRIBUTES NewFileObjectAttributes, + /*IN*/ HANDLE KeyHandle, + /*IN*/ POBJECT_ATTRIBUTES OldFileObjectAttributes +); + +NTSYSAPI +NTSTATUS +NTAPI +ZwResetEvent ( + /*IN*/ HANDLE EventHandle, + /*OUT*/ PULONG PreviousState /*OPTIONAL*/ +); + +#if (VER_PRODUCTBUILD >= 2195) + +NTSYSAPI +NTSTATUS +NTAPI +ZwRestoreKey ( + /*IN*/ HANDLE KeyHandle, + /*IN*/ HANDLE FileHandle, + /*IN*/ ULONG Flags +); + +#endif /* (VER_PRODUCTBUILD >= 2195) */ + +NTSYSAPI +NTSTATUS +NTAPI +ZwSaveKey ( + /*IN*/ HANDLE KeyHandle, + /*IN*/ HANDLE FileHandle +); + +NTSYSAPI +NTSTATUS +NTAPI +ZwSetDefaultLocale ( + /*IN*/ BOOLEAN ThreadOrSystem, + /*IN*/ LCID Locale +); + +#if (VER_PRODUCTBUILD >= 2195) + +NTSYSAPI +NTSTATUS +NTAPI +ZwSetDefaultUILanguage ( + /*IN*/ LANGID LanguageId +); + +NTSYSAPI +NTSTATUS +NTAPI +ZwSetEaFile ( + /*IN*/ HANDLE FileHandle, + /*OUT*/ PIO_STATUS_BLOCK IoStatusBlock, + /*OUT*/ PVOID Buffer, + /*IN*/ ULONG Length +); + +#endif /* (VER_PRODUCTBUILD >= 2195) */ + +NTSYSAPI +NTSTATUS +NTAPI +ZwSetEvent ( + /*IN*/ HANDLE EventHandle, + /*OUT*/ PULONG PreviousState /*OPTIONAL*/ +); + +NTSYSAPI +NTSTATUS +NTAPI +ZwSetInformationObject ( + /*IN*/ HANDLE ObjectHandle, + /*IN*/ OBJECT_INFORMATION_CLASS ObjectInformationClass, + /*IN*/ PVOID ObjectInformation, + /*IN*/ ULONG ObjectInformationLength +); + +NTSYSAPI +NTSTATUS +NTAPI +ZwSetInformationProcess ( + /*IN*/ HANDLE ProcessHandle, + /*IN*/ PROCESSINFOCLASS ProcessInformationClass, + /*IN*/ PVOID ProcessInformation, + /*IN*/ ULONG ProcessInformationLength +); + +#if (VER_PRODUCTBUILD >= 2195) + +NTSYSAPI +NTSTATUS +NTAPI +ZwSetSecurityObject ( + /*IN*/ HANDLE Handle, + /*IN*/ SECURITY_INFORMATION SecurityInformation, + /*IN*/ PSECURITY_DESCRIPTOR SecurityDescriptor +); + +#endif /* (VER_PRODUCTBUILD >= 2195) */ + +NTSYSAPI +NTSTATUS +NTAPI +ZwSetSystemInformation ( + /*IN*/ SYSTEM_INFORMATION_CLASS SystemInformationClass, + /*IN*/ PVOID SystemInformation, + /*IN*/ ULONG Length +); + +NTSYSAPI +NTSTATUS +NTAPI +ZwSetSystemTime ( + /*IN*/ PLARGE_INTEGER NewTime, + /*OUT*/ PLARGE_INTEGER OldTime /*OPTIONAL*/ +); + +#if (VER_PRODUCTBUILD >= 2195) + +NTSYSAPI +NTSTATUS +NTAPI +ZwSetVolumeInformationFile ( + /*IN*/ HANDLE FileHandle, + /*OUT*/ PIO_STATUS_BLOCK IoStatusBlock, + /*IN*/ PVOID FsInformation, + /*IN*/ ULONG Length, + /*IN*/ FS_INFORMATION_CLASS FsInformationClass +); + +#endif /* (VER_PRODUCTBUILD >= 2195) */ + +NTSYSAPI +NTSTATUS +NTAPI +ZwTerminateProcess ( + /*IN*/ HANDLE ProcessHandle /*OPTIONAL*/, + /*IN*/ NTSTATUS ExitStatus +); + +NTSYSAPI +NTSTATUS +NTAPI +ZwUnloadDriver ( + /* "\\Registry\\Machine\\System\\CurrentControlSet\\Services\\" */ + /*IN*/ PUNICODE_STRING RegistryPath +); + +NTSYSAPI +NTSTATUS +NTAPI +ZwUnloadKey ( + /*IN*/ POBJECT_ATTRIBUTES KeyObjectAttributes +); + +NTSYSAPI +NTSTATUS +NTAPI +ZwWaitForSingleObject ( + /*IN*/ HANDLE Handle, + /*IN*/ BOOLEAN Alertable, + /*IN*/ PLARGE_INTEGER Timeout /*OPTIONAL*/ +); + +NTSYSAPI +NTSTATUS +NTAPI +ZwWaitForMultipleObjects ( + /*IN*/ ULONG HandleCount, + /*IN*/ PHANDLE Handles, + /*IN*/ WAIT_TYPE WaitType, + /*IN*/ BOOLEAN Alertable, + /*IN*/ PLARGE_INTEGER Timeout /*OPTIONAL*/ +); + +NTSYSAPI +NTSTATUS +NTAPI +ZwYieldExecution ( + VOID +); + +#ifdef __cplusplus +} +#endif + +#endif /* _NTIFS_ */