|
1 /* |
|
2 * ntifs.h |
|
3 * |
|
4 * Windows NT Filesystem Driver Developer Kit |
|
5 * |
|
6 * This file is part of the w32api package. |
|
7 * |
|
8 * Contributors: |
|
9 * Created by Bo Brantén <bosse@acc.umu.se> |
|
10 * |
|
11 * THIS SOFTWARE IS NOT COPYRIGHTED |
|
12 * |
|
13 * This source code is offered for use in the public domain. You may |
|
14 * use, modify or distribute it freely. |
|
15 * |
|
16 * This code is distributed in the hope that it will be useful but |
|
17 * WITHOUT ANY WARRANTY. ALL WARRANTIES, EXPRESS OR IMPLIED ARE HEREBY |
|
18 * DISCLAIMED. This includes but is not limited to warranties of |
|
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. |
|
20 * |
|
21 */ |
|
22 |
|
23 #ifndef _NTIFS_ |
|
24 #define _NTIFS_ |
|
25 #define _GNU_NTIFS_ |
|
26 |
|
27 #if __GNUC__ >= 3 |
|
28 #pragma GCC system_header |
|
29 #endif |
|
30 |
|
31 #ifdef __cplusplus |
|
32 extern "C" { |
|
33 #endif |
|
34 |
|
35 #include "ntddk.h" |
|
36 #include "ntapi.h" |
|
37 |
|
38 #define VER_PRODUCTBUILD 10000 |
|
39 |
|
40 #ifndef NTSYSAPI |
|
41 #define NTSYSAPI |
|
42 #endif |
|
43 |
|
44 #ifndef NTKERNELAPI |
|
45 #define NTKERNELAPI STDCALL |
|
46 #endif |
|
47 |
|
48 typedef struct _SE_EXPORTS *PSE_EXPORTS; |
|
49 |
|
50 extern PUCHAR *FsRtlLegalAnsiCharacterArray; |
|
51 extern PSE_EXPORTS SeExports; |
|
52 extern PACL SePublicDefaultDacl; |
|
53 extern PACL SeSystemDefaultDacl; |
|
54 |
|
55 #define ANSI_DOS_STAR ('<') |
|
56 #define ANSI_DOS_QM ('>') |
|
57 #define ANSI_DOS_DOT ('"') |
|
58 |
|
59 #define DOS_STAR (L'<') |
|
60 #define DOS_QM (L'>') |
|
61 #define DOS_DOT (L'"') |
|
62 |
|
63 /* also in winnt.h */ |
|
64 #define ACCESS_ALLOWED_ACE_TYPE (0x0) |
|
65 #define ACCESS_DENIED_ACE_TYPE (0x1) |
|
66 #define SYSTEM_AUDIT_ACE_TYPE (0x2) |
|
67 #define SYSTEM_ALARM_ACE_TYPE (0x3) |
|
68 |
|
69 #define COMPRESSION_FORMAT_NONE (0x0000) |
|
70 #define COMPRESSION_FORMAT_DEFAULT (0x0001) |
|
71 #define COMPRESSION_FORMAT_LZNT1 (0x0002) |
|
72 #define COMPRESSION_ENGINE_STANDARD (0x0000) |
|
73 #define COMPRESSION_ENGINE_MAXIMUM (0x0100) |
|
74 #define COMPRESSION_ENGINE_HIBER (0x0200) |
|
75 |
|
76 #define FILE_ACTION_ADDED 0x00000001 |
|
77 #define FILE_ACTION_REMOVED 0x00000002 |
|
78 #define FILE_ACTION_MODIFIED 0x00000003 |
|
79 #define FILE_ACTION_RENAMED_OLD_NAME 0x00000004 |
|
80 #define FILE_ACTION_RENAMED_NEW_NAME 0x00000005 |
|
81 #define FILE_ACTION_ADDED_STREAM 0x00000006 |
|
82 #define FILE_ACTION_REMOVED_STREAM 0x00000007 |
|
83 #define FILE_ACTION_MODIFIED_STREAM 0x00000008 |
|
84 #define FILE_ACTION_REMOVED_BY_DELETE 0x00000009 |
|
85 #define FILE_ACTION_ID_NOT_TUNNELLED 0x0000000A |
|
86 #define FILE_ACTION_TUNNELLED_ID_COLLISION 0x0000000B |
|
87 /* end winnt.h */ |
|
88 |
|
89 #define FILE_EA_TYPE_BINARY 0xfffe |
|
90 #define FILE_EA_TYPE_ASCII 0xfffd |
|
91 #define FILE_EA_TYPE_BITMAP 0xfffb |
|
92 #define FILE_EA_TYPE_METAFILE 0xfffa |
|
93 #define FILE_EA_TYPE_ICON 0xfff9 |
|
94 #define FILE_EA_TYPE_EA 0xffee |
|
95 #define FILE_EA_TYPE_MVMT 0xffdf |
|
96 #define FILE_EA_TYPE_MVST 0xffde |
|
97 #define FILE_EA_TYPE_ASN1 0xffdd |
|
98 #define FILE_EA_TYPE_FAMILY_IDS 0xff01 |
|
99 |
|
100 #define FILE_NEED_EA 0x00000080 |
|
101 |
|
102 /* also in winnt.h */ |
|
103 #define FILE_NOTIFY_CHANGE_FILE_NAME 0x00000001 |
|
104 #define FILE_NOTIFY_CHANGE_DIR_NAME 0x00000002 |
|
105 #define FILE_NOTIFY_CHANGE_NAME 0x00000003 |
|
106 #define FILE_NOTIFY_CHANGE_ATTRIBUTES 0x00000004 |
|
107 #define FILE_NOTIFY_CHANGE_SIZE 0x00000008 |
|
108 #define FILE_NOTIFY_CHANGE_LAST_WRITE 0x00000010 |
|
109 #define FILE_NOTIFY_CHANGE_LAST_ACCESS 0x00000020 |
|
110 #define FILE_NOTIFY_CHANGE_CREATION 0x00000040 |
|
111 #define FILE_NOTIFY_CHANGE_EA 0x00000080 |
|
112 #define FILE_NOTIFY_CHANGE_SECURITY 0x00000100 |
|
113 #define FILE_NOTIFY_CHANGE_STREAM_NAME 0x00000200 |
|
114 #define FILE_NOTIFY_CHANGE_STREAM_SIZE 0x00000400 |
|
115 #define FILE_NOTIFY_CHANGE_STREAM_WRITE 0x00000800 |
|
116 #define FILE_NOTIFY_VALID_MASK 0x00000fff |
|
117 /* end winnt.h */ |
|
118 |
|
119 #define FILE_OPLOCK_BROKEN_TO_LEVEL_2 0x00000007 |
|
120 #define FILE_OPLOCK_BROKEN_TO_NONE 0x00000008 |
|
121 |
|
122 #define FILE_OPBATCH_BREAK_UNDERWAY 0x00000009 |
|
123 |
|
124 #define FILE_CASE_SENSITIVE_SEARCH 0x00000001 |
|
125 #define FILE_CASE_PRESERVED_NAMES 0x00000002 |
|
126 #define FILE_UNICODE_ON_DISK 0x00000004 |
|
127 #define FILE_PERSISTENT_ACLS 0x00000008 |
|
128 #define FILE_FILE_COMPRESSION 0x00000010 |
|
129 #define FILE_VOLUME_QUOTAS 0x00000020 |
|
130 #define FILE_SUPPORTS_SPARSE_FILES 0x00000040 |
|
131 #define FILE_SUPPORTS_REPARSE_POINTS 0x00000080 |
|
132 #define FILE_SUPPORTS_REMOTE_STORAGE 0x00000100 |
|
133 #define FS_LFN_APIS 0x00004000 |
|
134 #define FILE_VOLUME_IS_COMPRESSED 0x00008000 |
|
135 #define FILE_SUPPORTS_OBJECT_IDS 0x00010000 |
|
136 #define FILE_SUPPORTS_ENCRYPTION 0x00020000 |
|
137 #define FILE_NAMED_STREAMS 0x00040000 |
|
138 #define FILE_READ_ONLY_VOLUME 0x00080000 |
|
139 |
|
140 #define FILE_PIPE_BYTE_STREAM_TYPE 0x00000000 |
|
141 #define FILE_PIPE_MESSAGE_TYPE 0x00000001 |
|
142 |
|
143 #define FILE_PIPE_BYTE_STREAM_MODE 0x00000000 |
|
144 #define FILE_PIPE_MESSAGE_MODE 0x00000001 |
|
145 |
|
146 #define FILE_PIPE_QUEUE_OPERATION 0x00000000 |
|
147 #define FILE_PIPE_COMPLETE_OPERATION 0x00000001 |
|
148 |
|
149 #define FILE_PIPE_INBOUND 0x00000000 |
|
150 #define FILE_PIPE_OUTBOUND 0x00000001 |
|
151 #define FILE_PIPE_FULL_DUPLEX 0x00000002 |
|
152 |
|
153 #define FILE_PIPE_DISCONNECTED_STATE 0x00000001 |
|
154 #define FILE_PIPE_LISTENING_STATE 0x00000002 |
|
155 #define FILE_PIPE_CONNECTED_STATE 0x00000003 |
|
156 #define FILE_PIPE_CLOSING_STATE 0x00000004 |
|
157 |
|
158 #define FILE_PIPE_CLIENT_END 0x00000000 |
|
159 #define FILE_PIPE_SERVER_END 0x00000001 |
|
160 |
|
161 #define FILE_PIPE_READ_DATA 0x00000000 |
|
162 #define FILE_PIPE_WRITE_SPACE 0x00000001 |
|
163 |
|
164 #define FILE_STORAGE_TYPE_SPECIFIED 0x00000041 /* FILE_DIRECTORY_FILE | FILE_NON_DIRECTORY_FILE */ |
|
165 #define FILE_STORAGE_TYPE_DEFAULT (StorageTypeDefault << FILE_STORAGE_TYPE_SHIFT) |
|
166 #define FILE_STORAGE_TYPE_DIRECTORY (StorageTypeDirectory << FILE_STORAGE_TYPE_SHIFT) |
|
167 #define FILE_STORAGE_TYPE_FILE (StorageTypeFile << FILE_STORAGE_TYPE_SHIFT) |
|
168 #define FILE_STORAGE_TYPE_DOCFILE (StorageTypeDocfile << FILE_STORAGE_TYPE_SHIFT) |
|
169 #define FILE_STORAGE_TYPE_JUNCTION_POINT (StorageTypeJunctionPoint << FILE_STORAGE_TYPE_SHIFT) |
|
170 #define FILE_STORAGE_TYPE_CATALOG (StorageTypeCatalog << FILE_STORAGE_TYPE_SHIFT) |
|
171 #define FILE_STORAGE_TYPE_STRUCTURED_STORAGE (StorageTypeStructuredStorage << FILE_STORAGE_TYPE_SHIFT) |
|
172 #define FILE_STORAGE_TYPE_EMBEDDING (StorageTypeEmbedding << FILE_STORAGE_TYPE_SHIFT) |
|
173 #define FILE_STORAGE_TYPE_STREAM (StorageTypeStream << FILE_STORAGE_TYPE_SHIFT) |
|
174 #define FILE_MINIMUM_STORAGE_TYPE FILE_STORAGE_TYPE_DEFAULT |
|
175 #define FILE_MAXIMUM_STORAGE_TYPE FILE_STORAGE_TYPE_STREAM |
|
176 #define FILE_STORAGE_TYPE_MASK 0x000f0000 |
|
177 #define FILE_STORAGE_TYPE_SHIFT 16 |
|
178 |
|
179 #define FILE_VC_QUOTA_NONE 0x00000000 |
|
180 #define FILE_VC_QUOTA_TRACK 0x00000001 |
|
181 #define FILE_VC_QUOTA_ENFORCE 0x00000002 |
|
182 #define FILE_VC_QUOTA_MASK 0x00000003 |
|
183 |
|
184 #define FILE_VC_QUOTAS_LOG_VIOLATIONS 0x00000004 |
|
185 #define FILE_VC_CONTENT_INDEX_DISABLED 0x00000008 |
|
186 |
|
187 #define FILE_VC_LOG_QUOTA_THRESHOLD 0x00000010 |
|
188 #define FILE_VC_LOG_QUOTA_LIMIT 0x00000020 |
|
189 #define FILE_VC_LOG_VOLUME_THRESHOLD 0x00000040 |
|
190 #define FILE_VC_LOG_VOLUME_LIMIT 0x00000080 |
|
191 |
|
192 #define FILE_VC_QUOTAS_INCOMPLETE 0x00000100 |
|
193 #define FILE_VC_QUOTAS_REBUILDING 0x00000200 |
|
194 |
|
195 #define FILE_VC_VALID_MASK 0x000003ff |
|
196 |
|
197 #define FSRTL_FLAG_FILE_MODIFIED (0x01) |
|
198 #define FSRTL_FLAG_FILE_LENGTH_CHANGED (0x02) |
|
199 #define FSRTL_FLAG_LIMIT_MODIFIED_PAGES (0x04) |
|
200 #define FSRTL_FLAG_ACQUIRE_MAIN_RSRC_EX (0x08) |
|
201 #define FSRTL_FLAG_ACQUIRE_MAIN_RSRC_SH (0x10) |
|
202 #define FSRTL_FLAG_USER_MAPPED_FILE (0x20) |
|
203 #define FSRTL_FLAG_EOF_ADVANCE_ACTIVE (0x80) |
|
204 |
|
205 #define FSRTL_FLAG2_DO_MODIFIED_WRITE (0x01) |
|
206 |
|
207 #define FSRTL_FSP_TOP_LEVEL_IRP (0x01) |
|
208 #define FSRTL_CACHE_TOP_LEVEL_IRP (0x02) |
|
209 #define FSRTL_MOD_WRITE_TOP_LEVEL_IRP (0x03) |
|
210 #define FSRTL_FAST_IO_TOP_LEVEL_IRP (0x04) |
|
211 #define FSRTL_MAX_TOP_LEVEL_IRP_FLAG (0x04) |
|
212 |
|
213 #define FSRTL_VOLUME_DISMOUNT 1 |
|
214 #define FSRTL_VOLUME_DISMOUNT_FAILED 2 |
|
215 #define FSRTL_VOLUME_LOCK 3 |
|
216 #define FSRTL_VOLUME_LOCK_FAILED 4 |
|
217 #define FSRTL_VOLUME_UNLOCK 5 |
|
218 #define FSRTL_VOLUME_MOUNT 6 |
|
219 |
|
220 #define FSRTL_WILD_CHARACTER 0x08 |
|
221 |
|
222 #ifdef _X86_ |
|
223 #define HARDWARE_PTE HARDWARE_PTE_X86 |
|
224 #define PHARDWARE_PTE PHARDWARE_PTE_X86 |
|
225 #else |
|
226 #define HARDWARE_PTE ULONG |
|
227 #define PHARDWARE_PTE PULONG |
|
228 #endif |
|
229 |
|
230 #define IO_CHECK_CREATE_PARAMETERS 0x0200 |
|
231 #define IO_ATTACH_DEVICE 0x0400 |
|
232 |
|
233 #define IO_ATTACH_DEVICE_API 0x80000000 |
|
234 /* also in winnt.h */ |
|
235 #define IO_COMPLETION_QUERY_STATE 0x0001 |
|
236 #define IO_COMPLETION_MODIFY_STATE 0x0002 |
|
237 #define IO_COMPLETION_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED|SYNCHRONIZE|0x3) |
|
238 /* end winnt.h */ |
|
239 #define IO_FILE_OBJECT_NON_PAGED_POOL_CHARGE 64 |
|
240 #define IO_FILE_OBJECT_PAGED_POOL_CHARGE 1024 |
|
241 |
|
242 #define IO_TYPE_APC 18 |
|
243 #define IO_TYPE_DPC 19 |
|
244 #define IO_TYPE_DEVICE_QUEUE 20 |
|
245 #define IO_TYPE_EVENT_PAIR 21 |
|
246 #define IO_TYPE_INTERRUPT 22 |
|
247 #define IO_TYPE_PROFILE 23 |
|
248 |
|
249 #define IRP_BEING_VERIFIED 0x10 |
|
250 |
|
251 #define MAILSLOT_CLASS_FIRSTCLASS 1 |
|
252 #define MAILSLOT_CLASS_SECONDCLASS 2 |
|
253 |
|
254 #define MAILSLOT_SIZE_AUTO 0 |
|
255 |
|
256 #define MAP_PROCESS 1L |
|
257 #define MAP_SYSTEM 2L |
|
258 #define MEM_DOS_LIM 0x40000000 |
|
259 /* also in winnt.h */ |
|
260 #define MEM_IMAGE SEC_IMAGE |
|
261 /* end winnt.h */ |
|
262 #define OB_TYPE_TYPE 1 |
|
263 #define OB_TYPE_DIRECTORY 2 |
|
264 #define OB_TYPE_SYMBOLIC_LINK 3 |
|
265 #define OB_TYPE_TOKEN 4 |
|
266 #define OB_TYPE_PROCESS 5 |
|
267 #define OB_TYPE_THREAD 6 |
|
268 #define OB_TYPE_EVENT 7 |
|
269 #define OB_TYPE_EVENT_PAIR 8 |
|
270 #define OB_TYPE_MUTANT 9 |
|
271 #define OB_TYPE_SEMAPHORE 10 |
|
272 #define OB_TYPE_TIMER 11 |
|
273 #define OB_TYPE_PROFILE 12 |
|
274 #define OB_TYPE_WINDOW_STATION 13 |
|
275 #define OB_TYPE_DESKTOP 14 |
|
276 #define OB_TYPE_SECTION 15 |
|
277 #define OB_TYPE_KEY 16 |
|
278 #define OB_TYPE_PORT 17 |
|
279 #define OB_TYPE_ADAPTER 18 |
|
280 #define OB_TYPE_CONTROLLER 19 |
|
281 #define OB_TYPE_DEVICE 20 |
|
282 #define OB_TYPE_DRIVER 21 |
|
283 #define OB_TYPE_IO_COMPLETION 22 |
|
284 #define OB_TYPE_FILE 23 |
|
285 |
|
286 #define PIN_WAIT (1) |
|
287 #define PIN_EXCLUSIVE (2) |
|
288 #define PIN_NO_READ (4) |
|
289 #define PIN_IF_BCB (8) |
|
290 |
|
291 #define PORT_CONNECT 0x0001 |
|
292 #define PORT_ALL_ACCESS (STANDARD_RIGHTS_ALL |\ |
|
293 PORT_CONNECT) |
|
294 /* also in winnt.h */ |
|
295 #define SEC_BASED 0x00200000 |
|
296 #define SEC_NO_CHANGE 0x00400000 |
|
297 #define SEC_FILE 0x00800000 |
|
298 #define SEC_IMAGE 0x01000000 |
|
299 #define SEC_VLM 0x02000000 |
|
300 #define SEC_RESERVE 0x04000000 |
|
301 #define SEC_COMMIT 0x08000000 |
|
302 #define SEC_NOCACHE 0x10000000 |
|
303 |
|
304 #define SECURITY_WORLD_SID_AUTHORITY {0,0,0,0,0,1} |
|
305 #define SECURITY_WORLD_RID (0x00000000L) |
|
306 |
|
307 #define SID_REVISION 1 |
|
308 |
|
309 #define TOKEN_ASSIGN_PRIMARY (0x0001) |
|
310 #define TOKEN_DUPLICATE (0x0002) |
|
311 #define TOKEN_IMPERSONATE (0x0004) |
|
312 #define TOKEN_QUERY (0x0008) |
|
313 #define TOKEN_QUERY_SOURCE (0x0010) |
|
314 #define TOKEN_ADJUST_PRIVILEGES (0x0020) |
|
315 #define TOKEN_ADJUST_GROUPS (0x0040) |
|
316 #define TOKEN_ADJUST_DEFAULT (0x0080) |
|
317 |
|
318 #define TOKEN_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED |\ |
|
319 TOKEN_ASSIGN_PRIMARY |\ |
|
320 TOKEN_DUPLICATE |\ |
|
321 TOKEN_IMPERSONATE |\ |
|
322 TOKEN_QUERY |\ |
|
323 TOKEN_QUERY_SOURCE |\ |
|
324 TOKEN_ADJUST_PRIVILEGES |\ |
|
325 TOKEN_ADJUST_GROUPS |\ |
|
326 TOKEN_ADJUST_DEFAULT) |
|
327 |
|
328 #define TOKEN_READ (STANDARD_RIGHTS_READ |\ |
|
329 TOKEN_QUERY) |
|
330 |
|
331 #define TOKEN_WRITE (STANDARD_RIGHTS_WRITE |\ |
|
332 TOKEN_ADJUST_PRIVILEGES |\ |
|
333 TOKEN_ADJUST_GROUPS |\ |
|
334 TOKEN_ADJUST_DEFAULT) |
|
335 |
|
336 #define TOKEN_EXECUTE (STANDARD_RIGHTS_EXECUTE) |
|
337 |
|
338 #define TOKEN_SOURCE_LENGTH 8 |
|
339 /* end winnt.h */ |
|
340 |
|
341 #define TOKEN_HAS_TRAVERSE_PRIVILEGE 0x01 |
|
342 #define TOKEN_HAS_BACKUP_PRIVILEGE 0x02 |
|
343 #define TOKEN_HAS_RESTORE_PRIVILEGE 0x04 |
|
344 #define TOKEN_HAS_ADMIN_GROUP 0x08 |
|
345 #define TOKEN_IS_RESTRICTED 0x10 |
|
346 |
|
347 #define VACB_MAPPING_GRANULARITY (0x40000) |
|
348 #define VACB_OFFSET_SHIFT (18) |
|
349 |
|
350 #define FSCTL_REQUEST_OPLOCK_LEVEL_1 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 0, METHOD_BUFFERED, FILE_ANY_ACCESS) |
|
351 #define FSCTL_REQUEST_OPLOCK_LEVEL_2 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 1, METHOD_BUFFERED, FILE_ANY_ACCESS) |
|
352 #define FSCTL_REQUEST_BATCH_OPLOCK CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 2, METHOD_BUFFERED, FILE_ANY_ACCESS) |
|
353 #define FSCTL_OPLOCK_BREAK_ACKNOWLEDGE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 3, METHOD_BUFFERED, FILE_ANY_ACCESS) |
|
354 #define FSCTL_OPBATCH_ACK_CLOSE_PENDING CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 4, METHOD_BUFFERED, FILE_ANY_ACCESS) |
|
355 #define FSCTL_OPLOCK_BREAK_NOTIFY CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 5, METHOD_BUFFERED, FILE_ANY_ACCESS) |
|
356 #define FSCTL_LOCK_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 6, METHOD_BUFFERED, FILE_ANY_ACCESS) |
|
357 #define FSCTL_UNLOCK_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 7, METHOD_BUFFERED, FILE_ANY_ACCESS) |
|
358 #define FSCTL_DISMOUNT_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 8, METHOD_BUFFERED, FILE_ANY_ACCESS) |
|
359 |
|
360 #define FSCTL_IS_VOLUME_MOUNTED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 10, METHOD_BUFFERED, FILE_ANY_ACCESS) |
|
361 #define FSCTL_IS_PATHNAME_VALID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 11, METHOD_BUFFERED, FILE_ANY_ACCESS) |
|
362 #define FSCTL_MARK_VOLUME_DIRTY CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 12, METHOD_BUFFERED, FILE_ANY_ACCESS) |
|
363 |
|
364 #define FSCTL_QUERY_RETRIEVAL_POINTERS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 14, METHOD_NEITHER, FILE_ANY_ACCESS) |
|
365 #define FSCTL_GET_COMPRESSION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 15, METHOD_BUFFERED, FILE_ANY_ACCESS) |
|
366 #define FSCTL_SET_COMPRESSION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 16, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA) |
|
367 |
|
368 |
|
369 #define FSCTL_MARK_AS_SYSTEM_HIVE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 19, METHOD_NEITHER, FILE_ANY_ACCESS) |
|
370 #define FSCTL_OPLOCK_BREAK_ACK_NO_2 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 20, METHOD_BUFFERED, FILE_ANY_ACCESS) |
|
371 #define FSCTL_INVALIDATE_VOLUMES CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 21, METHOD_BUFFERED, FILE_ANY_ACCESS) |
|
372 #define FSCTL_QUERY_FAT_BPB CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 22, METHOD_BUFFERED, FILE_ANY_ACCESS) |
|
373 #define FSCTL_REQUEST_FILTER_OPLOCK CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 23, METHOD_BUFFERED, FILE_ANY_ACCESS) |
|
374 #define FSCTL_FILESYSTEM_GET_STATISTICS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 24, METHOD_BUFFERED, FILE_ANY_ACCESS) |
|
375 |
|
376 #if (VER_PRODUCTBUILD >= 1381) |
|
377 |
|
378 #define FSCTL_GET_NTFS_VOLUME_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 25, METHOD_BUFFERED, FILE_ANY_ACCESS) |
|
379 #define FSCTL_GET_NTFS_FILE_RECORD CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 26, METHOD_BUFFERED, FILE_ANY_ACCESS) |
|
380 #define FSCTL_GET_VOLUME_BITMAP CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 27, METHOD_NEITHER, FILE_ANY_ACCESS) |
|
381 #define FSCTL_GET_RETRIEVAL_POINTERS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 28, METHOD_NEITHER, FILE_ANY_ACCESS) |
|
382 #define FSCTL_MOVE_FILE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 29, METHOD_BUFFERED, FILE_ANY_ACCESS) |
|
383 #define FSCTL_IS_VOLUME_DIRTY CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 30, METHOD_BUFFERED, FILE_ANY_ACCESS) |
|
384 #define FSCTL_GET_HFS_INFORMATION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 31, METHOD_BUFFERED, FILE_ANY_ACCESS) |
|
385 #define FSCTL_ALLOW_EXTENDED_DASD_IO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 32, METHOD_NEITHER, FILE_ANY_ACCESS) |
|
386 |
|
387 #endif /* (VER_PRODUCTBUILD >= 1381) */ |
|
388 |
|
389 #if (VER_PRODUCTBUILD >= 2195) |
|
390 |
|
391 #define FSCTL_READ_PROPERTY_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 33, METHOD_NEITHER, FILE_ANY_ACCESS) |
|
392 #define FSCTL_WRITE_PROPERTY_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 34, METHOD_NEITHER, FILE_ANY_ACCESS) |
|
393 #define FSCTL_FIND_FILES_BY_SID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 35, METHOD_NEITHER, FILE_ANY_ACCESS) |
|
394 |
|
395 #define FSCTL_DUMP_PROPERTY_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 37, METHOD_NEITHER, FILE_ANY_ACCESS) |
|
396 #define FSCTL_SET_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 38, METHOD_BUFFERED, FILE_WRITE_DATA) |
|
397 #define FSCTL_GET_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 39, METHOD_BUFFERED, FILE_ANY_ACCESS) |
|
398 #define FSCTL_DELETE_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 40, METHOD_BUFFERED, FILE_WRITE_DATA) |
|
399 #define FSCTL_SET_REPARSE_POINT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 41, METHOD_BUFFERED, FILE_WRITE_DATA) |
|
400 #define FSCTL_GET_REPARSE_POINT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 42, METHOD_BUFFERED, FILE_ANY_ACCESS) |
|
401 #define FSCTL_DELETE_REPARSE_POINT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 43, METHOD_BUFFERED, FILE_WRITE_DATA) |
|
402 #define FSCTL_ENUM_USN_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 44, METHOD_NEITHER, FILE_READ_DATA) |
|
403 #define FSCTL_SECURITY_ID_CHECK CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 45, METHOD_NEITHER, FILE_READ_DATA) |
|
404 #define FSCTL_READ_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 46, METHOD_NEITHER, FILE_READ_DATA) |
|
405 #define FSCTL_SET_OBJECT_ID_EXTENDED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 47, METHOD_BUFFERED, FILE_WRITE_DATA) |
|
406 #define FSCTL_CREATE_OR_GET_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 48, METHOD_BUFFERED, FILE_ANY_ACCESS) |
|
407 #define FSCTL_SET_SPARSE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 49, METHOD_BUFFERED, FILE_WRITE_DATA) |
|
408 #define FSCTL_SET_ZERO_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 50, METHOD_BUFFERED, FILE_WRITE_DATA) |
|
409 #define FSCTL_QUERY_ALLOCATED_RANGES CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 51, METHOD_NEITHER, FILE_READ_DATA) |
|
410 #define FSCTL_ENABLE_UPGRADE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 52, METHOD_BUFFERED, FILE_WRITE_DATA) |
|
411 #define FSCTL_SET_ENCRYPTION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 53, METHOD_BUFFERED, FILE_ANY_ACCESS) |
|
412 #define FSCTL_ENCRYPTION_FSCTL_IO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 54, METHOD_NEITHER, FILE_ANY_ACCESS) |
|
413 #define FSCTL_WRITE_RAW_ENCRYPTED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 55, METHOD_NEITHER, FILE_ANY_ACCESS) |
|
414 #define FSCTL_READ_RAW_ENCRYPTED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 56, METHOD_NEITHER, FILE_ANY_ACCESS) |
|
415 #define FSCTL_CREATE_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 57, METHOD_NEITHER, FILE_READ_DATA) |
|
416 #define FSCTL_READ_FILE_USN_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 58, METHOD_NEITHER, FILE_READ_DATA) |
|
417 #define FSCTL_WRITE_USN_CLOSE_RECORD CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 59, METHOD_NEITHER, FILE_READ_DATA) |
|
418 #define FSCTL_EXTEND_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 60, METHOD_BUFFERED, FILE_ANY_ACCESS) |
|
419 #define FSCTL_QUERY_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 61, METHOD_BUFFERED, FILE_ANY_ACCESS) |
|
420 #define FSCTL_DELETE_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 62, METHOD_BUFFERED, FILE_ANY_ACCESS) |
|
421 #define FSCTL_MARK_HANDLE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 63, METHOD_BUFFERED, FILE_ANY_ACCESS) |
|
422 #define FSCTL_SIS_COPYFILE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 64, METHOD_BUFFERED, FILE_ANY_ACCESS) |
|
423 #define FSCTL_SIS_LINK_FILES CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 65, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA) |
|
424 #define FSCTL_HSM_MSG CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 66, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA) |
|
425 #define FSCTL_NSS_CONTROL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 67, METHOD_BUFFERED, FILE_WRITE_DATA) |
|
426 #define FSCTL_HSM_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 68, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA) |
|
427 #define FSCTL_RECALL_FILE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 69, METHOD_NEITHER, FILE_ANY_ACCESS) |
|
428 #define FSCTL_NSS_RCONTROL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 70, METHOD_BUFFERED, FILE_READ_DATA) |
|
429 #define FSCTL_READ_FROM_PLEX CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 71, METHOD_OUT_DIRECT, FILE_READ_DATA) |
|
430 #define FSCTL_FILE_PREFETCH CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 72, METHOD_BUFFERED, FILE_SPECIAL_ACCESS) |
|
431 |
|
432 #endif /* (VER_PRODUCTBUILD >= 2195) */ |
|
433 |
|
434 #define FSCTL_MAILSLOT_PEEK CTL_CODE(FILE_DEVICE_MAILSLOT, 0, METHOD_NEITHER, FILE_READ_DATA) |
|
435 |
|
436 #define FSCTL_NETWORK_SET_CONFIGURATION_INFO CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 102, METHOD_IN_DIRECT, FILE_ANY_ACCESS) |
|
437 #define FSCTL_NETWORK_GET_CONFIGURATION_INFO CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 103, METHOD_OUT_DIRECT, FILE_ANY_ACCESS) |
|
438 #define FSCTL_NETWORK_GET_CONNECTION_INFO CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 104, METHOD_NEITHER, FILE_ANY_ACCESS) |
|
439 #define FSCTL_NETWORK_ENUMERATE_CONNECTIONS CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 105, METHOD_NEITHER, FILE_ANY_ACCESS) |
|
440 #define FSCTL_NETWORK_DELETE_CONNECTION CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 107, METHOD_BUFFERED, FILE_ANY_ACCESS) |
|
441 #define FSCTL_NETWORK_GET_STATISTICS CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 116, METHOD_BUFFERED, FILE_ANY_ACCESS) |
|
442 #define FSCTL_NETWORK_SET_DOMAIN_NAME CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 120, METHOD_BUFFERED, FILE_ANY_ACCESS) |
|
443 #define FSCTL_NETWORK_REMOTE_BOOT_INIT_SCRT CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 250, METHOD_BUFFERED, FILE_ANY_ACCESS) |
|
444 |
|
445 #define FSCTL_PIPE_ASSIGN_EVENT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 0, METHOD_BUFFERED, FILE_ANY_ACCESS) |
|
446 #define FSCTL_PIPE_DISCONNECT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 1, METHOD_BUFFERED, FILE_ANY_ACCESS) |
|
447 #define FSCTL_PIPE_LISTEN CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2, METHOD_BUFFERED, FILE_ANY_ACCESS) |
|
448 #define FSCTL_PIPE_PEEK CTL_CODE(FILE_DEVICE_NAMED_PIPE, 3, METHOD_BUFFERED, FILE_READ_DATA) |
|
449 #define FSCTL_PIPE_QUERY_EVENT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 4, METHOD_BUFFERED, FILE_ANY_ACCESS) |
|
450 #define FSCTL_PIPE_TRANSCEIVE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 5, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA) |
|
451 #define FSCTL_PIPE_WAIT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 6, METHOD_BUFFERED, FILE_ANY_ACCESS) |
|
452 #define FSCTL_PIPE_IMPERSONATE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 7, METHOD_BUFFERED, FILE_ANY_ACCESS) |
|
453 #define FSCTL_PIPE_SET_CLIENT_PROCESS CTL_CODE(FILE_DEVICE_NAMED_PIPE, 8, METHOD_BUFFERED, FILE_ANY_ACCESS) |
|
454 #define FSCTL_PIPE_QUERY_CLIENT_PROCESS CTL_CODE(FILE_DEVICE_NAMED_PIPE, 9, METHOD_BUFFERED, FILE_ANY_ACCESS) |
|
455 #define FSCTL_PIPE_INTERNAL_READ CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2045, METHOD_BUFFERED, FILE_READ_DATA) |
|
456 #define FSCTL_PIPE_INTERNAL_WRITE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2046, METHOD_BUFFERED, FILE_WRITE_DATA) |
|
457 #define FSCTL_PIPE_INTERNAL_TRANSCEIVE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2047, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA) |
|
458 #define FSCTL_PIPE_INTERNAL_READ_OVFLOW CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2048, METHOD_BUFFERED, FILE_READ_DATA) |
|
459 |
|
460 #define IOCTL_REDIR_QUERY_PATH CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 99, METHOD_NEITHER, FILE_ANY_ACCESS) |
|
461 |
|
462 typedef PVOID PEJOB; |
|
463 typedef PVOID OPLOCK, *POPLOCK; |
|
464 typedef PVOID PWOW64_PROCESS; |
|
465 |
|
466 typedef struct _CACHE_MANAGER_CALLBACKS *PCACHE_MANAGER_CALLBACKS; |
|
467 typedef struct _EPROCESS_QUOTA_BLOCK *PEPROCESS_QUOTA_BLOCK; |
|
468 typedef struct _FILE_GET_QUOTA_INFORMATION *PFILE_GET_QUOTA_INFORMATION; |
|
469 typedef struct _HANDLE_TABLE *PHANDLE_TABLE; |
|
470 typedef struct _KEVENT_PAIR *PKEVENT_PAIR; |
|
471 typedef struct _KPROCESS *PKPROCESS; |
|
472 typedef struct _KQUEUE *PKQUEUE; |
|
473 typedef struct _KTRAP_FRAME *PKTRAP_FRAME; |
|
474 typedef struct _MAILSLOT_CREATE_PARAMETERS *PMAILSLOT_CREATE_PARAMETERS; |
|
475 typedef struct _MMWSL *PMMWSL; |
|
476 typedef struct _NAMED_PIPE_CREATE_PARAMETERS *PNAMED_PIPE_CREATE_PARAMETERS; |
|
477 typedef struct _OBJECT_DIRECTORY *POBJECT_DIRECTORY; |
|
478 typedef struct _PAGEFAULT_HISTORY *PPAGEFAULT_HISTORY; |
|
479 typedef struct _PS_IMPERSONATION_INFORMATION *PPS_IMPERSONATION_INFORMATION; |
|
480 typedef struct _SECTION_OBJECT *PSECTION_OBJECT; |
|
481 typedef struct _SHARED_CACHE_MAP *PSHARED_CACHE_MAP; |
|
482 typedef struct _TERMINATION_PORT *PTERMINATION_PORT; |
|
483 typedef struct _VACB *PVACB; |
|
484 typedef struct _VAD_HEADER *PVAD_HEADER; |
|
485 |
|
486 typedef struct _NOTIFY_SYNC |
|
487 { |
|
488 ULONG Unknown0; |
|
489 ULONG Unknown1; |
|
490 ULONG Unknown2; |
|
491 USHORT Unknown3; |
|
492 USHORT Unknown4; |
|
493 ULONG Unknown5; |
|
494 ULONG Unknown6; |
|
495 ULONG Unknown7; |
|
496 ULONG Unknown8; |
|
497 ULONG Unknown9; |
|
498 ULONG Unknown10; |
|
499 } NOTIFY_SYNC, * PNOTIFY_SYNC; |
|
500 |
|
501 typedef enum _FAST_IO_POSSIBLE { |
|
502 FastIoIsNotPossible, |
|
503 FastIoIsPossible, |
|
504 FastIoIsQuestionable |
|
505 } FAST_IO_POSSIBLE; |
|
506 |
|
507 typedef enum _FILE_STORAGE_TYPE { |
|
508 StorageTypeDefault = 1, |
|
509 StorageTypeDirectory, |
|
510 StorageTypeFile, |
|
511 StorageTypeJunctionPoint, |
|
512 StorageTypeCatalog, |
|
513 StorageTypeStructuredStorage, |
|
514 StorageTypeEmbedding, |
|
515 StorageTypeStream |
|
516 } FILE_STORAGE_TYPE; |
|
517 |
|
518 typedef enum _IO_COMPLETION_INFORMATION_CLASS { |
|
519 IoCompletionBasicInformation |
|
520 } IO_COMPLETION_INFORMATION_CLASS; |
|
521 |
|
522 typedef enum _OBJECT_INFO_CLASS { |
|
523 ObjectBasicInfo, |
|
524 ObjectNameInfo, |
|
525 ObjectTypeInfo, |
|
526 ObjectAllTypesInfo, |
|
527 ObjectProtectionInfo |
|
528 } OBJECT_INFO_CLASS; |
|
529 |
|
530 typedef struct _HARDWARE_PTE_X86 { |
|
531 ULONG Valid : 1; |
|
532 ULONG Write : 1; |
|
533 ULONG Owner : 1; |
|
534 ULONG WriteThrough : 1; |
|
535 ULONG CacheDisable : 1; |
|
536 ULONG Accessed : 1; |
|
537 ULONG Dirty : 1; |
|
538 ULONG LargePage : 1; |
|
539 ULONG Global : 1; |
|
540 ULONG CopyOnWrite : 1; |
|
541 ULONG Prototype : 1; |
|
542 ULONG reserved : 1; |
|
543 ULONG PageFrameNumber : 20; |
|
544 } HARDWARE_PTE_X86, *PHARDWARE_PTE_X86; |
|
545 |
|
546 typedef struct _KAPC_STATE { |
|
547 LIST_ENTRY ApcListHead[2]; |
|
548 PKPROCESS Process; |
|
549 BOOLEAN KernelApcInProgress; |
|
550 BOOLEAN KernelApcPending; |
|
551 BOOLEAN UserApcPending; |
|
552 } KAPC_STATE, *PKAPC_STATE; |
|
553 |
|
554 typedef struct _KGDTENTRY { |
|
555 USHORT LimitLow; |
|
556 USHORT BaseLow; |
|
557 union { |
|
558 struct { |
|
559 UCHAR BaseMid; |
|
560 UCHAR Flags1; |
|
561 UCHAR Flags2; |
|
562 UCHAR BaseHi; |
|
563 } Bytes; |
|
564 struct { |
|
565 ULONG BaseMid : 8; |
|
566 ULONG Type : 5; |
|
567 ULONG Dpl : 2; |
|
568 ULONG Pres : 1; |
|
569 ULONG LimitHi : 4; |
|
570 ULONG Sys : 1; |
|
571 ULONG Reserved_0 : 1; |
|
572 ULONG Default_Big : 1; |
|
573 ULONG Granularity : 1; |
|
574 ULONG BaseHi : 8; |
|
575 } Bits; |
|
576 } HighWord; |
|
577 } KGDTENTRY, *PKGDTENTRY; |
|
578 |
|
579 typedef struct _KIDTENTRY { |
|
580 USHORT Offset; |
|
581 USHORT Selector; |
|
582 USHORT Access; |
|
583 USHORT ExtendedOffset; |
|
584 } KIDTENTRY, *PKIDTENTRY; |
|
585 |
|
586 #if (VER_PRODUCTBUILD >= 2600) |
|
587 |
|
588 typedef struct _MMSUPPORT_FLAGS { |
|
589 ULONG SessionSpace : 1; |
|
590 ULONG BeingTrimmed : 1; |
|
591 ULONG SessionLeader : 1; |
|
592 ULONG TrimHard : 1; |
|
593 ULONG WorkingSetHard : 1; |
|
594 ULONG AddressSpaceBeingDeleted : 1; |
|
595 ULONG Available : 10; |
|
596 ULONG AllowWorkingSetAdjustment : 8; |
|
597 ULONG MemoryPriority : 8; |
|
598 } MMSUPPORT_FLAGS, *PMMSUPPORT_FLAGS; |
|
599 |
|
600 #else |
|
601 |
|
602 typedef struct _MMSUPPORT_FLAGS { |
|
603 ULONG SessionSpace : 1; |
|
604 ULONG BeingTrimmed : 1; |
|
605 ULONG ProcessInSession : 1; |
|
606 ULONG SessionLeader : 1; |
|
607 ULONG TrimHard : 1; |
|
608 ULONG WorkingSetHard : 1; |
|
609 ULONG WriteWatch : 1; |
|
610 ULONG Filler : 25; |
|
611 } MMSUPPORT_FLAGS, *PMMSUPPORT_FLAGS; |
|
612 |
|
613 #endif |
|
614 |
|
615 #if (VER_PRODUCTBUILD >= 2600) |
|
616 |
|
617 typedef struct _MMSUPPORT { |
|
618 LARGE_INTEGER LastTrimTime; |
|
619 MMSUPPORT_FLAGS Flags; |
|
620 ULONG PageFaultCount; |
|
621 ULONG PeakWorkingSetSize; |
|
622 ULONG WorkingSetSize; |
|
623 ULONG MinimumWorkingSetSize; |
|
624 ULONG MaximumWorkingSetSize; |
|
625 PMMWSL VmWorkingSetList; |
|
626 LIST_ENTRY WorkingSetExpansionLinks; |
|
627 ULONG Claim; |
|
628 ULONG NextEstimationSlot; |
|
629 ULONG NextAgingSlot; |
|
630 ULONG EstimatedAvailable; |
|
631 ULONG GrowthSinceLastEstimate; |
|
632 } MMSUPPORT, *PMMSUPPORT; |
|
633 |
|
634 #else |
|
635 |
|
636 typedef struct _MMSUPPORT { |
|
637 LARGE_INTEGER LastTrimTime; |
|
638 ULONG LastTrimFaultCount; |
|
639 ULONG PageFaultCount; |
|
640 ULONG PeakWorkingSetSize; |
|
641 ULONG WorkingSetSize; |
|
642 ULONG MinimumWorkingSetSize; |
|
643 ULONG MaximumWorkingSetSize; |
|
644 PMMWSL VmWorkingSetList; |
|
645 LIST_ENTRY WorkingSetExpansionLinks; |
|
646 BOOLEAN AllowWorkingSetAdjustment; |
|
647 BOOLEAN AddressSpaceBeingDeleted; |
|
648 UCHAR ForegroundSwitchCount; |
|
649 UCHAR MemoryPriority; |
|
650 #if (VER_PRODUCTBUILD >= 2195) |
|
651 union { |
|
652 ULONG LongFlags; |
|
653 MMSUPPORT_FLAGS Flags; |
|
654 } u; |
|
655 ULONG Claim; |
|
656 ULONG NextEstimationSlot; |
|
657 ULONG NextAgingSlot; |
|
658 ULONG EstimatedAvailable; |
|
659 ULONG GrowthSinceLastEstimate; |
|
660 #endif /* (VER_PRODUCTBUILD >= 2195) */ |
|
661 } MMSUPPORT, *PMMSUPPORT; |
|
662 |
|
663 #endif |
|
664 |
|
665 typedef struct _SE_AUDIT_PROCESS_CREATION_INFO { |
|
666 POBJECT_NAME_INFORMATION ImageFileName; |
|
667 } SE_AUDIT_PROCESS_CREATION_INFO, *PSE_AUDIT_PROCESS_CREATION_INFO; |
|
668 |
|
669 typedef struct _BITMAP_RANGE { |
|
670 LIST_ENTRY Links; |
|
671 LARGE_INTEGER BasePage; |
|
672 ULONG FirstDirtyPage; |
|
673 ULONG LastDirtyPage; |
|
674 ULONG DirtyPages; |
|
675 PULONG Bitmap; |
|
676 } BITMAP_RANGE, *PBITMAP_RANGE; |
|
677 |
|
678 typedef struct _CACHE_UNINITIALIZE_EVENT { |
|
679 struct _CACHE_UNINITIALIZE_EVENT *Next; |
|
680 KEVENT Event; |
|
681 } CACHE_UNINITIALIZE_EVENT, *PCACHE_UNINITIALIZE_EVENT; |
|
682 |
|
683 typedef struct _CC_FILE_SIZES { |
|
684 LARGE_INTEGER AllocationSize; |
|
685 LARGE_INTEGER FileSize; |
|
686 LARGE_INTEGER ValidDataLength; |
|
687 } CC_FILE_SIZES, *PCC_FILE_SIZES; |
|
688 |
|
689 typedef struct _COMPRESSED_DATA_INFO { |
|
690 USHORT CompressionFormatAndEngine; |
|
691 UCHAR CompressionUnitShift; |
|
692 UCHAR ChunkShift; |
|
693 UCHAR ClusterShift; |
|
694 UCHAR Reserved; |
|
695 USHORT NumberOfChunks; |
|
696 ULONG CompressedChunkSizes[ANYSIZE_ARRAY]; |
|
697 } COMPRESSED_DATA_INFO, *PCOMPRESSED_DATA_INFO; |
|
698 |
|
699 typedef struct _DEVICE_MAP { |
|
700 POBJECT_DIRECTORY DosDevicesDirectory; |
|
701 POBJECT_DIRECTORY GlobalDosDevicesDirectory; |
|
702 ULONG ReferenceCount; |
|
703 ULONG DriveMap; |
|
704 UCHAR DriveType[32]; |
|
705 } DEVICE_MAP, *PDEVICE_MAP; |
|
706 |
|
707 #if (VER_PRODUCTBUILD >= 2600) |
|
708 |
|
709 typedef struct _EX_FAST_REF { |
|
710 _ANONYMOUS_UNION union { |
|
711 PVOID Object; |
|
712 ULONG RefCnt : 3; |
|
713 ULONG Value; |
|
714 } DUMMYUNIONNAME; |
|
715 } EX_FAST_REF, *PEX_FAST_REF; |
|
716 |
|
717 typedef struct _EX_PUSH_LOCK { |
|
718 _ANONYMOUS_UNION union { |
|
719 _ANONYMOUS_STRUCT struct { |
|
720 ULONG Waiting : 1; |
|
721 ULONG Exclusive : 1; |
|
722 ULONG Shared : 30; |
|
723 } DUMMYSTRUCTNAME; |
|
724 ULONG Value; |
|
725 PVOID Ptr; |
|
726 } DUMMYUNIONNAME; |
|
727 } EX_PUSH_LOCK, *PEX_PUSH_LOCK; |
|
728 |
|
729 typedef struct _EX_RUNDOWN_REF { |
|
730 _ANONYMOUS_UNION union { |
|
731 ULONG Count; |
|
732 PVOID Ptr; |
|
733 } DUMMYUNIONNAME; |
|
734 } EX_RUNDOWN_REF, *PEX_RUNDOWN_REF; |
|
735 |
|
736 #endif |
|
737 |
|
738 typedef struct _EPROCESS_QUOTA_ENTRY { |
|
739 ULONG Usage; |
|
740 ULONG Limit; |
|
741 ULONG Peak; |
|
742 ULONG Return; |
|
743 } EPROCESS_QUOTA_ENTRY, *PEPROCESS_QUOTA_ENTRY; |
|
744 |
|
745 typedef struct _EPROCESS_QUOTA_BLOCK { |
|
746 EPROCESS_QUOTA_ENTRY QuotaEntry[3]; |
|
747 LIST_ENTRY QuotaList; |
|
748 ULONG ReferenceCount; |
|
749 ULONG ProcessCount; |
|
750 } EPROCESS_QUOTA_BLOCK, *PEPROCESS_QUOTA_BLOCK; |
|
751 |
|
752 /* |
|
753 * When needing these parameters cast your PIO_STACK_LOCATION to |
|
754 * PEXTENDED_IO_STACK_LOCATION |
|
755 */ |
|
756 #if !defined(_ALPHA_) |
|
757 #include <pshpack4.h> |
|
758 #endif |
|
759 typedef struct _EXTENDED_IO_STACK_LOCATION { |
|
760 |
|
761 /* Included for padding */ |
|
762 UCHAR MajorFunction; |
|
763 UCHAR MinorFunction; |
|
764 UCHAR Flags; |
|
765 UCHAR Control; |
|
766 |
|
767 union { |
|
768 |
|
769 struct { |
|
770 PIO_SECURITY_CONTEXT SecurityContext; |
|
771 ULONG Options; |
|
772 USHORT Reserved; |
|
773 USHORT ShareAccess; |
|
774 PMAILSLOT_CREATE_PARAMETERS Parameters; |
|
775 } CreateMailslot; |
|
776 |
|
777 struct { |
|
778 PIO_SECURITY_CONTEXT SecurityContext; |
|
779 ULONG Options; |
|
780 USHORT Reserved; |
|
781 USHORT ShareAccess; |
|
782 PNAMED_PIPE_CREATE_PARAMETERS Parameters; |
|
783 } CreatePipe; |
|
784 |
|
785 struct { |
|
786 ULONG OutputBufferLength; |
|
787 ULONG InputBufferLength; |
|
788 ULONG FsControlCode; |
|
789 PVOID Type3InputBuffer; |
|
790 } FileSystemControl; |
|
791 |
|
792 struct { |
|
793 PLARGE_INTEGER Length; |
|
794 ULONG Key; |
|
795 LARGE_INTEGER ByteOffset; |
|
796 } LockControl; |
|
797 |
|
798 struct { |
|
799 ULONG Length; |
|
800 ULONG CompletionFilter; |
|
801 } NotifyDirectory; |
|
802 |
|
803 struct { |
|
804 ULONG Length; |
|
805 PUNICODE_STRING FileName; |
|
806 FILE_INFORMATION_CLASS FileInformationClass; |
|
807 ULONG FileIndex; |
|
808 } QueryDirectory; |
|
809 |
|
810 struct { |
|
811 ULONG Length; |
|
812 PVOID EaList; |
|
813 ULONG EaListLength; |
|
814 ULONG EaIndex; |
|
815 } QueryEa; |
|
816 |
|
817 struct { |
|
818 ULONG Length; |
|
819 PSID StartSid; |
|
820 PFILE_GET_QUOTA_INFORMATION SidList; |
|
821 ULONG SidListLength; |
|
822 } QueryQuota; |
|
823 |
|
824 struct { |
|
825 ULONG Length; |
|
826 } SetEa; |
|
827 |
|
828 struct { |
|
829 ULONG Length; |
|
830 } SetQuota; |
|
831 |
|
832 struct { |
|
833 ULONG Length; |
|
834 FS_INFORMATION_CLASS FsInformationClass; |
|
835 } SetVolume; |
|
836 |
|
837 } Parameters; |
|
838 PDEVICE_OBJECT DeviceObject; |
|
839 PFILE_OBJECT FileObject; |
|
840 PIO_COMPLETION_ROUTINE CompletionRoutine; |
|
841 PVOID Context; |
|
842 |
|
843 } EXTENDED_IO_STACK_LOCATION, *PEXTENDED_IO_STACK_LOCATION; |
|
844 #if !defined(_ALPHA_) |
|
845 #include <poppack.h> |
|
846 #endif |
|
847 |
|
848 typedef struct _FILE_ACCESS_INFORMATION { |
|
849 ACCESS_MASK AccessFlags; |
|
850 } FILE_ACCESS_INFORMATION, *PFILE_ACCESS_INFORMATION; |
|
851 |
|
852 typedef struct _FILE_ALLOCATION_INFORMATION { |
|
853 LARGE_INTEGER AllocationSize; |
|
854 } FILE_ALLOCATION_INFORMATION, *PFILE_ALLOCATION_INFORMATION; |
|
855 |
|
856 typedef struct _FILE_BOTH_DIR_INFORMATION { |
|
857 ULONG NextEntryOffset; |
|
858 ULONG FileIndex; |
|
859 LARGE_INTEGER CreationTime; |
|
860 LARGE_INTEGER LastAccessTime; |
|
861 LARGE_INTEGER LastWriteTime; |
|
862 LARGE_INTEGER ChangeTime; |
|
863 LARGE_INTEGER EndOfFile; |
|
864 LARGE_INTEGER AllocationSize; |
|
865 ULONG FileAttributes; |
|
866 ULONG FileNameLength; |
|
867 ULONG EaSize; |
|
868 CCHAR ShortNameLength; |
|
869 WCHAR ShortName[12]; |
|
870 WCHAR FileName[1]; |
|
871 } FILE_BOTH_DIR_INFORMATION, *PFILE_BOTH_DIR_INFORMATION; |
|
872 |
|
873 typedef struct _FILE_COMPLETION_INFORMATION { |
|
874 HANDLE Port; |
|
875 ULONG Key; |
|
876 } FILE_COMPLETION_INFORMATION, *PFILE_COMPLETION_INFORMATION; |
|
877 |
|
878 typedef struct _FILE_COMPRESSION_INFORMATION { |
|
879 LARGE_INTEGER CompressedFileSize; |
|
880 USHORT CompressionFormat; |
|
881 UCHAR CompressionUnitShift; |
|
882 UCHAR ChunkShift; |
|
883 UCHAR ClusterShift; |
|
884 UCHAR Reserved[3]; |
|
885 } FILE_COMPRESSION_INFORMATION, *PFILE_COMPRESSION_INFORMATION; |
|
886 |
|
887 typedef struct _FILE_COPY_ON_WRITE_INFORMATION { |
|
888 BOOLEAN ReplaceIfExists; |
|
889 HANDLE RootDirectory; |
|
890 ULONG FileNameLength; |
|
891 WCHAR FileName[1]; |
|
892 } FILE_COPY_ON_WRITE_INFORMATION, *PFILE_COPY_ON_WRITE_INFORMATION; |
|
893 |
|
894 typedef struct _FILE_DIRECTORY_INFORMATION { |
|
895 ULONG NextEntryOffset; |
|
896 ULONG FileIndex; |
|
897 LARGE_INTEGER CreationTime; |
|
898 LARGE_INTEGER LastAccessTime; |
|
899 LARGE_INTEGER LastWriteTime; |
|
900 LARGE_INTEGER ChangeTime; |
|
901 LARGE_INTEGER EndOfFile; |
|
902 LARGE_INTEGER AllocationSize; |
|
903 ULONG FileAttributes; |
|
904 ULONG FileNameLength; |
|
905 WCHAR FileName[1]; |
|
906 } FILE_DIRECTORY_INFORMATION, *PFILE_DIRECTORY_INFORMATION; |
|
907 |
|
908 typedef struct _FILE_FULL_DIRECTORY_INFORMATION { |
|
909 ULONG NextEntryOffset; |
|
910 ULONG FileIndex; |
|
911 LARGE_INTEGER CreationTime; |
|
912 LARGE_INTEGER LastAccessTime; |
|
913 LARGE_INTEGER LastWriteTime; |
|
914 LARGE_INTEGER ChangeTime; |
|
915 LARGE_INTEGER EndOfFile; |
|
916 LARGE_INTEGER AllocationSize; |
|
917 ULONG FileAttributes; |
|
918 ULONG FileNameLength; |
|
919 ULONG EaSize; |
|
920 WCHAR FileName[0]; |
|
921 } FILE_FULL_DIRECTORY_INFORMATION, *PFILE_FULL_DIRECTORY_INFORMATION; |
|
922 |
|
923 typedef struct _FILE_BOTH_DIRECTORY_INFORMATION { |
|
924 ULONG NextEntryOffset; |
|
925 ULONG FileIndex; |
|
926 LARGE_INTEGER CreationTime; |
|
927 LARGE_INTEGER LastAccessTime; |
|
928 LARGE_INTEGER LastWriteTime; |
|
929 LARGE_INTEGER ChangeTime; |
|
930 LARGE_INTEGER EndOfFile; |
|
931 LARGE_INTEGER AllocationSize; |
|
932 ULONG FileAttributes; |
|
933 ULONG FileNameLength; |
|
934 ULONG EaSize; |
|
935 CHAR ShortNameLength; |
|
936 WCHAR ShortName[12]; |
|
937 WCHAR FileName[0]; |
|
938 } FILE_BOTH_DIRECTORY_INFORMATION, *PFILE_BOTH_DIRECTORY_INFORMATION; |
|
939 |
|
940 #if (VER_PRODUCTBUILD >= 2600) |
|
941 |
|
942 typedef struct _FILE_ID_FULL_DIRECTORY_INFORMATION { |
|
943 ULONG NextEntryOffset; |
|
944 ULONG FileIndex; |
|
945 LARGE_INTEGER CreationTime; |
|
946 LARGE_INTEGER LastAccessTime; |
|
947 LARGE_INTEGER LastWriteTime; |
|
948 LARGE_INTEGER ChangeTime; |
|
949 LARGE_INTEGER EndOfFile; |
|
950 LARGE_INTEGER AllocationSize; |
|
951 ULONG FileAttributes; |
|
952 ULONG FileNameLength; |
|
953 ULONG EaSize; |
|
954 LARGE_INTEGER FileId; |
|
955 WCHAR FileName[0]; |
|
956 } FILE_ID_FULL_DIRECTORY_INFORMATION, *PFILE_ID_FULL_DIRECTORY_INFORMATION; |
|
957 |
|
958 typedef struct _FILE_ID_BOTH_DIRECTORY_INFORMATION { |
|
959 ULONG NextEntryOffset; |
|
960 ULONG FileIndex; |
|
961 LARGE_INTEGER CreationTime; |
|
962 LARGE_INTEGER LastAccessTime; |
|
963 LARGE_INTEGER LastWriteTime; |
|
964 LARGE_INTEGER ChangeTime; |
|
965 LARGE_INTEGER EndOfFile; |
|
966 LARGE_INTEGER AllocationSize; |
|
967 ULONG FileAttributes; |
|
968 ULONG FileNameLength; |
|
969 ULONG EaSize; |
|
970 CHAR ShortNameLength; |
|
971 WCHAR ShortName[12]; |
|
972 LARGE_INTEGER FileId; |
|
973 WCHAR FileName[0]; |
|
974 } FILE_ID_BOTH_DIRECTORY_INFORMATION, *PFILE_ID_BOTH_DIRECTORY_INFORMATION; |
|
975 |
|
976 #endif |
|
977 |
|
978 typedef struct _FILE_EA_INFORMATION { |
|
979 ULONG EaSize; |
|
980 } FILE_EA_INFORMATION, *PFILE_EA_INFORMATION; |
|
981 |
|
982 typedef struct _FILE_FS_ATTRIBUTE_INFORMATION { |
|
983 ULONG FileSystemAttributes; |
|
984 ULONG MaximumComponentNameLength; |
|
985 ULONG FileSystemNameLength; |
|
986 WCHAR FileSystemName[1]; |
|
987 } FILE_FS_ATTRIBUTE_INFORMATION, *PFILE_FS_ATTRIBUTE_INFORMATION; |
|
988 |
|
989 typedef struct _FILE_FS_CONTROL_INFORMATION { |
|
990 LARGE_INTEGER FreeSpaceStartFiltering; |
|
991 LARGE_INTEGER FreeSpaceThreshold; |
|
992 LARGE_INTEGER FreeSpaceStopFiltering; |
|
993 LARGE_INTEGER DefaultQuotaThreshold; |
|
994 LARGE_INTEGER DefaultQuotaLimit; |
|
995 ULONG FileSystemControlFlags; |
|
996 } FILE_FS_CONTROL_INFORMATION, *PFILE_FS_CONTROL_INFORMATION; |
|
997 |
|
998 typedef struct _FILE_FS_FULL_SIZE_INFORMATION { |
|
999 LARGE_INTEGER TotalAllocationUnits; |
|
1000 LARGE_INTEGER CallerAvailableAllocationUnits; |
|
1001 LARGE_INTEGER ActualAvailableAllocationUnits; |
|
1002 ULONG SectorsPerAllocationUnit; |
|
1003 ULONG BytesPerSector; |
|
1004 } FILE_FS_FULL_SIZE_INFORMATION, *PFILE_FS_FULL_SIZE_INFORMATION; |
|
1005 |
|
1006 typedef struct _FILE_FS_LABEL_INFORMATION { |
|
1007 ULONG VolumeLabelLength; |
|
1008 WCHAR VolumeLabel[1]; |
|
1009 } FILE_FS_LABEL_INFORMATION, *PFILE_FS_LABEL_INFORMATION; |
|
1010 |
|
1011 #if (VER_PRODUCTBUILD >= 2195) |
|
1012 |
|
1013 typedef struct _FILE_FS_OBJECT_ID_INFORMATION { |
|
1014 UCHAR ObjectId[16]; |
|
1015 UCHAR ExtendedInfo[48]; |
|
1016 } FILE_FS_OBJECT_ID_INFORMATION, *PFILE_FS_OBJECT_ID_INFORMATION; |
|
1017 |
|
1018 #endif /* (VER_PRODUCTBUILD >= 2195) */ |
|
1019 |
|
1020 typedef struct _FILE_FS_SIZE_INFORMATION { |
|
1021 LARGE_INTEGER TotalAllocationUnits; |
|
1022 LARGE_INTEGER AvailableAllocationUnits; |
|
1023 ULONG SectorsPerAllocationUnit; |
|
1024 ULONG BytesPerSector; |
|
1025 } FILE_FS_SIZE_INFORMATION, *PFILE_FS_SIZE_INFORMATION; |
|
1026 |
|
1027 typedef struct _FILE_FS_VOLUME_INFORMATION { |
|
1028 LARGE_INTEGER VolumeCreationTime; |
|
1029 ULONG VolumeSerialNumber; |
|
1030 ULONG VolumeLabelLength; |
|
1031 BOOLEAN SupportsObjects; |
|
1032 WCHAR VolumeLabel[1]; |
|
1033 } FILE_FS_VOLUME_INFORMATION, *PFILE_FS_VOLUME_INFORMATION; |
|
1034 |
|
1035 typedef struct _FILE_FULL_DIR_INFORMATION { |
|
1036 ULONG NextEntryOffset; |
|
1037 ULONG FileIndex; |
|
1038 LARGE_INTEGER CreationTime; |
|
1039 LARGE_INTEGER LastAccessTime; |
|
1040 LARGE_INTEGER LastWriteTime; |
|
1041 LARGE_INTEGER ChangeTime; |
|
1042 LARGE_INTEGER EndOfFile; |
|
1043 LARGE_INTEGER AllocationSize; |
|
1044 ULONG FileAttributes; |
|
1045 ULONG FileNameLength; |
|
1046 ULONG EaSize; |
|
1047 WCHAR FileName[1]; |
|
1048 } FILE_FULL_DIR_INFORMATION, *PFILE_FULL_DIR_INFORMATION; |
|
1049 |
|
1050 typedef struct _FILE_GET_EA_INFORMATION { |
|
1051 ULONG NextEntryOffset; |
|
1052 UCHAR EaNameLength; |
|
1053 CHAR EaName[1]; |
|
1054 } FILE_GET_EA_INFORMATION, *PFILE_GET_EA_INFORMATION; |
|
1055 |
|
1056 typedef struct _FILE_GET_QUOTA_INFORMATION { |
|
1057 ULONG NextEntryOffset; |
|
1058 ULONG SidLength; |
|
1059 SID Sid; |
|
1060 } FILE_GET_QUOTA_INFORMATION, *PFILE_GET_QUOTA_INFORMATION; |
|
1061 |
|
1062 typedef struct _FILE_INTERNAL_INFORMATION { |
|
1063 LARGE_INTEGER IndexNumber; |
|
1064 } FILE_INTERNAL_INFORMATION, *PFILE_INTERNAL_INFORMATION; |
|
1065 |
|
1066 typedef struct _FILE_LINK_INFORMATION { |
|
1067 BOOLEAN ReplaceIfExists; |
|
1068 HANDLE RootDirectory; |
|
1069 ULONG FileNameLength; |
|
1070 WCHAR FileName[1]; |
|
1071 } FILE_LINK_INFORMATION, *PFILE_LINK_INFORMATION; |
|
1072 |
|
1073 typedef struct _FILE_LOCK_INFO { |
|
1074 LARGE_INTEGER StartingByte; |
|
1075 LARGE_INTEGER Length; |
|
1076 BOOLEAN ExclusiveLock; |
|
1077 ULONG Key; |
|
1078 PFILE_OBJECT FileObject; |
|
1079 PEPROCESS Process; |
|
1080 LARGE_INTEGER EndingByte; |
|
1081 } FILE_LOCK_INFO, *PFILE_LOCK_INFO; |
|
1082 |
|
1083 /* raw internal file lock struct returned from FsRtlGetNextFileLock */ |
|
1084 typedef struct _FILE_SHARED_LOCK_ENTRY { |
|
1085 PVOID Unknown1; |
|
1086 PVOID Unknown2; |
|
1087 FILE_LOCK_INFO FileLock; |
|
1088 } FILE_SHARED_LOCK_ENTRY, *PFILE_SHARED_LOCK_ENTRY; |
|
1089 |
|
1090 /* raw internal file lock struct returned from FsRtlGetNextFileLock */ |
|
1091 typedef struct _FILE_EXCLUSIVE_LOCK_ENTRY { |
|
1092 LIST_ENTRY ListEntry; |
|
1093 PVOID Unknown1; |
|
1094 PVOID Unknown2; |
|
1095 FILE_LOCK_INFO FileLock; |
|
1096 } FILE_EXCLUSIVE_LOCK_ENTRY, *PFILE_EXCLUSIVE_LOCK_ENTRY; |
|
1097 |
|
1098 typedef NTSTATUS (*PCOMPLETE_LOCK_IRP_ROUTINE) ( |
|
1099 /*IN*/ PVOID Context, |
|
1100 /*IN*/ PIRP Irp |
|
1101 ); |
|
1102 |
|
1103 typedef VOID (NTAPI *PUNLOCK_ROUTINE) ( |
|
1104 /*IN*/ PVOID Context, |
|
1105 /*IN*/ PFILE_LOCK_INFO FileLockInfo |
|
1106 ); |
|
1107 |
|
1108 typedef struct _FILE_LOCK { |
|
1109 PCOMPLETE_LOCK_IRP_ROUTINE CompleteLockIrpRoutine; |
|
1110 PUNLOCK_ROUTINE UnlockRoutine; |
|
1111 BOOLEAN FastIoIsQuestionable; |
|
1112 BOOLEAN Pad[3]; |
|
1113 PVOID LockInformation; |
|
1114 FILE_LOCK_INFO LastReturnedLockInfo; |
|
1115 PVOID LastReturnedLock; |
|
1116 } FILE_LOCK, *PFILE_LOCK; |
|
1117 |
|
1118 typedef struct _FILE_MAILSLOT_PEEK_BUFFER { |
|
1119 ULONG ReadDataAvailable; |
|
1120 ULONG NumberOfMessages; |
|
1121 ULONG MessageLength; |
|
1122 } FILE_MAILSLOT_PEEK_BUFFER, *PFILE_MAILSLOT_PEEK_BUFFER; |
|
1123 |
|
1124 typedef struct _FILE_MAILSLOT_QUERY_INFORMATION { |
|
1125 ULONG MaximumMessageSize; |
|
1126 ULONG MailslotQuota; |
|
1127 ULONG NextMessageSize; |
|
1128 ULONG MessagesAvailable; |
|
1129 LARGE_INTEGER ReadTimeout; |
|
1130 } FILE_MAILSLOT_QUERY_INFORMATION, *PFILE_MAILSLOT_QUERY_INFORMATION; |
|
1131 |
|
1132 typedef struct _FILE_MAILSLOT_SET_INFORMATION { |
|
1133 LARGE_INTEGER ReadTimeout; |
|
1134 } FILE_MAILSLOT_SET_INFORMATION, *PFILE_MAILSLOT_SET_INFORMATION; |
|
1135 |
|
1136 typedef struct _FILE_MODE_INFORMATION { |
|
1137 ULONG Mode; |
|
1138 } FILE_MODE_INFORMATION, *PFILE_MODE_INFORMATION; |
|
1139 |
|
1140 typedef struct _FILE_ALL_INFORMATION { |
|
1141 FILE_BASIC_INFORMATION BasicInformation; |
|
1142 FILE_STANDARD_INFORMATION StandardInformation; |
|
1143 FILE_INTERNAL_INFORMATION InternalInformation; |
|
1144 FILE_EA_INFORMATION EaInformation; |
|
1145 FILE_ACCESS_INFORMATION AccessInformation; |
|
1146 FILE_POSITION_INFORMATION PositionInformation; |
|
1147 FILE_MODE_INFORMATION ModeInformation; |
|
1148 FILE_ALIGNMENT_INFORMATION AlignmentInformation; |
|
1149 FILE_NAME_INFORMATION NameInformation; |
|
1150 } FILE_ALL_INFORMATION, *PFILE_ALL_INFORMATION; |
|
1151 |
|
1152 typedef struct _FILE_NAMES_INFORMATION { |
|
1153 ULONG NextEntryOffset; |
|
1154 ULONG FileIndex; |
|
1155 ULONG FileNameLength; |
|
1156 WCHAR FileName[1]; |
|
1157 } FILE_NAMES_INFORMATION, *PFILE_NAMES_INFORMATION; |
|
1158 |
|
1159 typedef struct _FILE_OBJECTID_INFORMATION { |
|
1160 LONGLONG FileReference; |
|
1161 UCHAR ObjectId[16]; |
|
1162 _ANONYMOUS_UNION union { |
|
1163 struct { |
|
1164 UCHAR BirthVolumeId[16]; |
|
1165 UCHAR BirthObjectId[16]; |
|
1166 UCHAR DomainId[16]; |
|
1167 } ; |
|
1168 UCHAR ExtendedInfo[48]; |
|
1169 } DUMMYUNIONNAME; |
|
1170 } FILE_OBJECTID_INFORMATION, *PFILE_OBJECTID_INFORMATION; |
|
1171 |
|
1172 typedef struct _FILE_OLE_CLASSID_INFORMATION { |
|
1173 GUID ClassId; |
|
1174 } FILE_OLE_CLASSID_INFORMATION, *PFILE_OLE_CLASSID_INFORMATION; |
|
1175 |
|
1176 typedef struct _FILE_OLE_ALL_INFORMATION { |
|
1177 FILE_BASIC_INFORMATION BasicInformation; |
|
1178 FILE_STANDARD_INFORMATION StandardInformation; |
|
1179 FILE_INTERNAL_INFORMATION InternalInformation; |
|
1180 FILE_EA_INFORMATION EaInformation; |
|
1181 FILE_ACCESS_INFORMATION AccessInformation; |
|
1182 FILE_POSITION_INFORMATION PositionInformation; |
|
1183 FILE_MODE_INFORMATION ModeInformation; |
|
1184 FILE_ALIGNMENT_INFORMATION AlignmentInformation; |
|
1185 USN LastChangeUsn; |
|
1186 USN ReplicationUsn; |
|
1187 LARGE_INTEGER SecurityChangeTime; |
|
1188 FILE_OLE_CLASSID_INFORMATION OleClassIdInformation; |
|
1189 FILE_OBJECTID_INFORMATION ObjectIdInformation; |
|
1190 FILE_STORAGE_TYPE StorageType; |
|
1191 ULONG OleStateBits; |
|
1192 ULONG OleId; |
|
1193 ULONG NumberOfStreamReferences; |
|
1194 ULONG StreamIndex; |
|
1195 ULONG SecurityId; |
|
1196 BOOLEAN ContentIndexDisable; |
|
1197 BOOLEAN InheritContentIndexDisable; |
|
1198 FILE_NAME_INFORMATION NameInformation; |
|
1199 } FILE_OLE_ALL_INFORMATION, *PFILE_OLE_ALL_INFORMATION; |
|
1200 |
|
1201 typedef struct _FILE_OLE_DIR_INFORMATION { |
|
1202 ULONG NextEntryOffset; |
|
1203 ULONG FileIndex; |
|
1204 LARGE_INTEGER CreationTime; |
|
1205 LARGE_INTEGER LastAccessTime; |
|
1206 LARGE_INTEGER LastWriteTime; |
|
1207 LARGE_INTEGER ChangeTime; |
|
1208 LARGE_INTEGER EndOfFile; |
|
1209 LARGE_INTEGER AllocationSize; |
|
1210 ULONG FileAttributes; |
|
1211 ULONG FileNameLength; |
|
1212 FILE_STORAGE_TYPE StorageType; |
|
1213 GUID OleClassId; |
|
1214 ULONG OleStateBits; |
|
1215 BOOLEAN ContentIndexDisable; |
|
1216 BOOLEAN InheritContentIndexDisable; |
|
1217 WCHAR FileName[1]; |
|
1218 } FILE_OLE_DIR_INFORMATION, *PFILE_OLE_DIR_INFORMATION; |
|
1219 |
|
1220 typedef struct _FILE_OLE_INFORMATION { |
|
1221 LARGE_INTEGER SecurityChangeTime; |
|
1222 FILE_OLE_CLASSID_INFORMATION OleClassIdInformation; |
|
1223 FILE_OBJECTID_INFORMATION ObjectIdInformation; |
|
1224 FILE_STORAGE_TYPE StorageType; |
|
1225 ULONG OleStateBits; |
|
1226 BOOLEAN ContentIndexDisable; |
|
1227 BOOLEAN InheritContentIndexDisable; |
|
1228 } FILE_OLE_INFORMATION, *PFILE_OLE_INFORMATION; |
|
1229 |
|
1230 typedef struct _FILE_OLE_STATE_BITS_INFORMATION { |
|
1231 ULONG StateBits; |
|
1232 ULONG StateBitsMask; |
|
1233 } FILE_OLE_STATE_BITS_INFORMATION, *PFILE_OLE_STATE_BITS_INFORMATION; |
|
1234 |
|
1235 typedef struct _FILE_PIPE_ASSIGN_EVENT_BUFFER { |
|
1236 HANDLE EventHandle; |
|
1237 ULONG KeyValue; |
|
1238 } FILE_PIPE_ASSIGN_EVENT_BUFFER, *PFILE_PIPE_ASSIGN_EVENT_BUFFER; |
|
1239 |
|
1240 typedef struct _FILE_PIPE_CLIENT_PROCESS_BUFFER { |
|
1241 PVOID ClientSession; |
|
1242 PVOID ClientProcess; |
|
1243 } FILE_PIPE_CLIENT_PROCESS_BUFFER, *PFILE_PIPE_CLIENT_PROCESS_BUFFER; |
|
1244 |
|
1245 typedef struct _FILE_PIPE_EVENT_BUFFER { |
|
1246 ULONG NamedPipeState; |
|
1247 ULONG EntryType; |
|
1248 ULONG ByteCount; |
|
1249 ULONG KeyValue; |
|
1250 ULONG NumberRequests; |
|
1251 } FILE_PIPE_EVENT_BUFFER, *PFILE_PIPE_EVENT_BUFFER; |
|
1252 |
|
1253 typedef struct _FILE_PIPE_INFORMATION { |
|
1254 ULONG ReadMode; |
|
1255 ULONG CompletionMode; |
|
1256 } FILE_PIPE_INFORMATION, *PFILE_PIPE_INFORMATION; |
|
1257 |
|
1258 typedef struct _FILE_PIPE_LOCAL_INFORMATION { |
|
1259 ULONG NamedPipeType; |
|
1260 ULONG NamedPipeConfiguration; |
|
1261 ULONG MaximumInstances; |
|
1262 ULONG CurrentInstances; |
|
1263 ULONG InboundQuota; |
|
1264 ULONG ReadDataAvailable; |
|
1265 ULONG OutboundQuota; |
|
1266 ULONG WriteQuotaAvailable; |
|
1267 ULONG NamedPipeState; |
|
1268 ULONG NamedPipeEnd; |
|
1269 } FILE_PIPE_LOCAL_INFORMATION, *PFILE_PIPE_LOCAL_INFORMATION; |
|
1270 |
|
1271 typedef struct _FILE_PIPE_REMOTE_INFORMATION { |
|
1272 LARGE_INTEGER CollectDataTime; |
|
1273 ULONG MaximumCollectionCount; |
|
1274 } FILE_PIPE_REMOTE_INFORMATION, *PFILE_PIPE_REMOTE_INFORMATION; |
|
1275 |
|
1276 typedef struct _FILE_PIPE_WAIT_FOR_BUFFER { |
|
1277 LARGE_INTEGER Timeout; |
|
1278 ULONG NameLength; |
|
1279 BOOLEAN TimeoutSpecified; |
|
1280 WCHAR Name[1]; |
|
1281 } FILE_PIPE_WAIT_FOR_BUFFER, *PFILE_PIPE_WAIT_FOR_BUFFER; |
|
1282 |
|
1283 typedef struct _FILE_QUOTA_INFORMATION { |
|
1284 ULONG NextEntryOffset; |
|
1285 ULONG SidLength; |
|
1286 LARGE_INTEGER ChangeTime; |
|
1287 LARGE_INTEGER QuotaUsed; |
|
1288 LARGE_INTEGER QuotaThreshold; |
|
1289 LARGE_INTEGER QuotaLimit; |
|
1290 SID Sid; |
|
1291 } FILE_QUOTA_INFORMATION, *PFILE_QUOTA_INFORMATION; |
|
1292 |
|
1293 typedef struct _FILE_RENAME_INFORMATION { |
|
1294 BOOLEAN ReplaceIfExists; |
|
1295 HANDLE RootDirectory; |
|
1296 ULONG FileNameLength; |
|
1297 WCHAR FileName[1]; |
|
1298 } FILE_RENAME_INFORMATION, *PFILE_RENAME_INFORMATION; |
|
1299 |
|
1300 typedef struct _FILE_STREAM_INFORMATION { |
|
1301 ULONG NextEntryOffset; |
|
1302 ULONG StreamNameLength; |
|
1303 LARGE_INTEGER StreamSize; |
|
1304 LARGE_INTEGER StreamAllocationSize; |
|
1305 WCHAR StreamName[1]; |
|
1306 } FILE_STREAM_INFORMATION, *PFILE_STREAM_INFORMATION; |
|
1307 |
|
1308 typedef struct _FILE_TRACKING_INFORMATION { |
|
1309 HANDLE DestinationFile; |
|
1310 ULONG ObjectInformationLength; |
|
1311 CHAR ObjectInformation[1]; |
|
1312 } FILE_TRACKING_INFORMATION, *PFILE_TRACKING_INFORMATION; |
|
1313 |
|
1314 typedef struct _FSRTL_COMMON_FCB_HEADER { |
|
1315 CSHORT NodeTypeCode; |
|
1316 CSHORT NodeByteSize; |
|
1317 UCHAR Flags; |
|
1318 UCHAR IsFastIoPossible; |
|
1319 #if (VER_PRODUCTBUILD >= 1381) |
|
1320 UCHAR Flags2; |
|
1321 UCHAR Reserved; |
|
1322 #endif /* (VER_PRODUCTBUILD >= 1381) */ |
|
1323 PERESOURCE Resource; |
|
1324 PERESOURCE PagingIoResource; |
|
1325 LARGE_INTEGER AllocationSize; |
|
1326 LARGE_INTEGER FileSize; |
|
1327 LARGE_INTEGER ValidDataLength; |
|
1328 } FSRTL_COMMON_FCB_HEADER, *PFSRTL_COMMON_FCB_HEADER; |
|
1329 |
|
1330 typedef struct _GENERATE_NAME_CONTEXT { |
|
1331 USHORT Checksum; |
|
1332 BOOLEAN CheckSumInserted; |
|
1333 UCHAR NameLength; |
|
1334 WCHAR NameBuffer[8]; |
|
1335 ULONG ExtensionLength; |
|
1336 WCHAR ExtensionBuffer[4]; |
|
1337 ULONG LastIndexValue; |
|
1338 } GENERATE_NAME_CONTEXT, *PGENERATE_NAME_CONTEXT; |
|
1339 |
|
1340 typedef struct _HANDLE_TABLE_ENTRY { |
|
1341 PVOID Object; |
|
1342 ULONG ObjectAttributes; |
|
1343 ULONG GrantedAccess; |
|
1344 USHORT GrantedAccessIndex; |
|
1345 USHORT CreatorBackTraceIndex; |
|
1346 ULONG NextFreeTableEntry; |
|
1347 } HANDLE_TABLE_ENTRY, *PHANDLE_TABLE_ENTRY; |
|
1348 |
|
1349 typedef struct _MAPPING_PAIR { |
|
1350 ULONGLONG Vcn; |
|
1351 ULONGLONG Lcn; |
|
1352 } MAPPING_PAIR, *PMAPPING_PAIR; |
|
1353 |
|
1354 typedef struct _GET_RETRIEVAL_DESCRIPTOR { |
|
1355 ULONG NumberOfPairs; |
|
1356 ULONGLONG StartVcn; |
|
1357 MAPPING_PAIR Pair[1]; |
|
1358 } GET_RETRIEVAL_DESCRIPTOR, *PGET_RETRIEVAL_DESCRIPTOR; |
|
1359 |
|
1360 typedef struct _IO_CLIENT_EXTENSION { |
|
1361 struct _IO_CLIENT_EXTENSION *NextExtension; |
|
1362 PVOID ClientIdentificationAddress; |
|
1363 } IO_CLIENT_EXTENSION, *PIO_CLIENT_EXTENSION; |
|
1364 |
|
1365 typedef struct _IO_COMPLETION_BASIC_INFORMATION { |
|
1366 LONG Depth; |
|
1367 } IO_COMPLETION_BASIC_INFORMATION, *PIO_COMPLETION_BASIC_INFORMATION; |
|
1368 |
|
1369 typedef struct _KEVENT_PAIR { |
|
1370 USHORT Type; |
|
1371 USHORT Size; |
|
1372 KEVENT Event1; |
|
1373 KEVENT Event2; |
|
1374 } KEVENT_PAIR, *PKEVENT_PAIR; |
|
1375 |
|
1376 typedef struct _KQUEUE { |
|
1377 DISPATCHER_HEADER Header; |
|
1378 LIST_ENTRY EntryListHead; |
|
1379 ULONG CurrentCount; |
|
1380 ULONG MaximumCount; |
|
1381 LIST_ENTRY ThreadListHead; |
|
1382 } KQUEUE, *PKQUEUE, *RESTRICTED_POINTER PRKQUEUE; |
|
1383 |
|
1384 typedef struct _MAILSLOT_CREATE_PARAMETERS { |
|
1385 ULONG MailslotQuota; |
|
1386 ULONG MaximumMessageSize; |
|
1387 LARGE_INTEGER ReadTimeout; |
|
1388 BOOLEAN TimeoutSpecified; |
|
1389 } MAILSLOT_CREATE_PARAMETERS, *PMAILSLOT_CREATE_PARAMETERS; |
|
1390 |
|
1391 typedef struct _MBCB { |
|
1392 CSHORT NodeTypeCode; |
|
1393 CSHORT NodeIsInZone; |
|
1394 ULONG PagesToWrite; |
|
1395 ULONG DirtyPages; |
|
1396 ULONG Reserved; |
|
1397 LIST_ENTRY BitmapRanges; |
|
1398 LONGLONG ResumeWritePage; |
|
1399 BITMAP_RANGE BitmapRange1; |
|
1400 BITMAP_RANGE BitmapRange2; |
|
1401 BITMAP_RANGE BitmapRange3; |
|
1402 } MBCB, *PMBCB; |
|
1403 |
|
1404 typedef struct _MOVEFILE_DESCRIPTOR { |
|
1405 HANDLE FileHandle; |
|
1406 ULONG Reserved; |
|
1407 LARGE_INTEGER StartVcn; |
|
1408 LARGE_INTEGER TargetLcn; |
|
1409 ULONG NumVcns; |
|
1410 ULONG Reserved1; |
|
1411 } MOVEFILE_DESCRIPTOR, *PMOVEFILE_DESCRIPTOR; |
|
1412 |
|
1413 typedef struct _NAMED_PIPE_CREATE_PARAMETERS { |
|
1414 ULONG NamedPipeType; |
|
1415 ULONG ReadMode; |
|
1416 ULONG CompletionMode; |
|
1417 ULONG MaximumInstances; |
|
1418 ULONG InboundQuota; |
|
1419 ULONG OutboundQuota; |
|
1420 LARGE_INTEGER DefaultTimeout; |
|
1421 BOOLEAN TimeoutSpecified; |
|
1422 } NAMED_PIPE_CREATE_PARAMETERS, *PNAMED_PIPE_CREATE_PARAMETERS; |
|
1423 |
|
1424 typedef struct _OBJECT_BASIC_INFO { |
|
1425 ULONG Attributes; |
|
1426 ACCESS_MASK GrantedAccess; |
|
1427 ULONG HandleCount; |
|
1428 ULONG ReferenceCount; |
|
1429 ULONG PagedPoolUsage; |
|
1430 ULONG NonPagedPoolUsage; |
|
1431 ULONG Reserved[3]; |
|
1432 ULONG NameInformationLength; |
|
1433 ULONG TypeInformationLength; |
|
1434 ULONG SecurityDescriptorLength; |
|
1435 LARGE_INTEGER CreateTime; |
|
1436 } OBJECT_BASIC_INFO, *POBJECT_BASIC_INFO; |
|
1437 |
|
1438 typedef struct _OBJECT_HANDLE_ATTRIBUTE_INFO { |
|
1439 BOOLEAN Inherit; |
|
1440 BOOLEAN ProtectFromClose; |
|
1441 } OBJECT_HANDLE_ATTRIBUTE_INFO, *POBJECT_HANDLE_ATTRIBUTE_INFO; |
|
1442 |
|
1443 typedef struct _OBJECT_NAME_INFO { |
|
1444 UNICODE_STRING ObjectName; |
|
1445 WCHAR ObjectNameBuffer[1]; |
|
1446 } OBJECT_NAME_INFO, *POBJECT_NAME_INFO; |
|
1447 |
|
1448 typedef struct _OBJECT_PROTECTION_INFO { |
|
1449 BOOLEAN Inherit; |
|
1450 BOOLEAN ProtectHandle; |
|
1451 } OBJECT_PROTECTION_INFO, *POBJECT_PROTECTION_INFO; |
|
1452 |
|
1453 typedef struct _OBJECT_TYPE_INFO { |
|
1454 UNICODE_STRING ObjectTypeName; |
|
1455 UCHAR Unknown[0x58]; |
|
1456 WCHAR ObjectTypeNameBuffer[1]; |
|
1457 } OBJECT_TYPE_INFO, *POBJECT_TYPE_INFO; |
|
1458 |
|
1459 typedef struct _OBJECT_ALL_TYPES_INFO { |
|
1460 ULONG NumberOfObjectTypes; |
|
1461 OBJECT_TYPE_INFO ObjectsTypeInfo[1]; |
|
1462 } OBJECT_ALL_TYPES_INFO, *POBJECT_ALL_TYPES_INFO; |
|
1463 |
|
1464 typedef struct _PAGEFAULT_HISTORY { |
|
1465 ULONG CurrentIndex; |
|
1466 ULONG MaxIndex; |
|
1467 KSPIN_LOCK SpinLock; |
|
1468 PVOID Reserved; |
|
1469 PROCESS_WS_WATCH_INFORMATION WatchInfo[1]; |
|
1470 } PAGEFAULT_HISTORY, *PPAGEFAULT_HISTORY; |
|
1471 |
|
1472 typedef struct _PATHNAME_BUFFER { |
|
1473 ULONG PathNameLength; |
|
1474 WCHAR Name[1]; |
|
1475 } PATHNAME_BUFFER, *PPATHNAME_BUFFER; |
|
1476 |
|
1477 #if (VER_PRODUCTBUILD >= 2600) |
|
1478 |
|
1479 typedef struct _PRIVATE_CACHE_MAP_FLAGS { |
|
1480 ULONG DontUse : 16; |
|
1481 ULONG ReadAheadActive : 1; |
|
1482 ULONG ReadAheadEnabled : 1; |
|
1483 ULONG Available : 14; |
|
1484 } PRIVATE_CACHE_MAP_FLAGS, *PPRIVATE_CACHE_MAP_FLAGS; |
|
1485 |
|
1486 typedef struct _PRIVATE_CACHE_MAP { |
|
1487 _ANONYMOUS_UNION union { |
|
1488 CSHORT NodeTypeCode; |
|
1489 PRIVATE_CACHE_MAP_FLAGS Flags; |
|
1490 ULONG UlongFlags; |
|
1491 } DUMMYUNIONNAME; |
|
1492 ULONG ReadAheadMask; |
|
1493 PFILE_OBJECT FileObject; |
|
1494 LARGE_INTEGER FileOffset1; |
|
1495 LARGE_INTEGER BeyondLastByte1; |
|
1496 LARGE_INTEGER FileOffset2; |
|
1497 LARGE_INTEGER BeyondLastByte2; |
|
1498 LARGE_INTEGER ReadAheadOffset[2]; |
|
1499 ULONG ReadAheadLength[2]; |
|
1500 KSPIN_LOCK ReadAheadSpinLock; |
|
1501 LIST_ENTRY PrivateLinks; |
|
1502 } PRIVATE_CACHE_MAP, *PPRIVATE_CACHE_MAP; |
|
1503 |
|
1504 #endif |
|
1505 |
|
1506 typedef struct _PS_IMPERSONATION_INFORMATION { |
|
1507 PACCESS_TOKEN Token; |
|
1508 BOOLEAN CopyOnOpen; |
|
1509 BOOLEAN EffectiveOnly; |
|
1510 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel; |
|
1511 } PS_IMPERSONATION_INFORMATION, *PPS_IMPERSONATION_INFORMATION; |
|
1512 |
|
1513 typedef struct _PUBLIC_BCB { |
|
1514 CSHORT NodeTypeCode; |
|
1515 CSHORT NodeByteSize; |
|
1516 ULONG MappedLength; |
|
1517 LARGE_INTEGER MappedFileOffset; |
|
1518 } PUBLIC_BCB, *PPUBLIC_BCB; |
|
1519 |
|
1520 typedef struct _QUERY_PATH_REQUEST { |
|
1521 ULONG PathNameLength; |
|
1522 PIO_SECURITY_CONTEXT SecurityContext; |
|
1523 WCHAR FilePathName[1]; |
|
1524 } QUERY_PATH_REQUEST, *PQUERY_PATH_REQUEST; |
|
1525 |
|
1526 typedef struct _QUERY_PATH_RESPONSE { |
|
1527 ULONG LengthAccepted; |
|
1528 } QUERY_PATH_RESPONSE, *PQUERY_PATH_RESPONSE; |
|
1529 |
|
1530 typedef struct _RETRIEVAL_POINTERS_BUFFER { |
|
1531 ULONG ExtentCount; |
|
1532 LARGE_INTEGER StartingVcn; |
|
1533 struct { |
|
1534 LARGE_INTEGER NextVcn; |
|
1535 LARGE_INTEGER Lcn; |
|
1536 } Extents[1]; |
|
1537 } RETRIEVAL_POINTERS_BUFFER, *PRETRIEVAL_POINTERS_BUFFER; |
|
1538 |
|
1539 typedef struct _RTL_SPLAY_LINKS { |
|
1540 struct _RTL_SPLAY_LINKS *Parent; |
|
1541 struct _RTL_SPLAY_LINKS *LeftChild; |
|
1542 struct _RTL_SPLAY_LINKS *RightChild; |
|
1543 } RTL_SPLAY_LINKS, *PRTL_SPLAY_LINKS; |
|
1544 |
|
1545 typedef struct _SE_EXPORTS { |
|
1546 |
|
1547 LUID SeCreateTokenPrivilege; |
|
1548 LUID SeAssignPrimaryTokenPrivilege; |
|
1549 LUID SeLockMemoryPrivilege; |
|
1550 LUID SeIncreaseQuotaPrivilege; |
|
1551 LUID SeUnsolicitedInputPrivilege; |
|
1552 LUID SeTcbPrivilege; |
|
1553 LUID SeSecurityPrivilege; |
|
1554 LUID SeTakeOwnershipPrivilege; |
|
1555 LUID SeLoadDriverPrivilege; |
|
1556 LUID SeCreatePagefilePrivilege; |
|
1557 LUID SeIncreaseBasePriorityPrivilege; |
|
1558 LUID SeSystemProfilePrivilege; |
|
1559 LUID SeSystemtimePrivilege; |
|
1560 LUID SeProfileSingleProcessPrivilege; |
|
1561 LUID SeCreatePermanentPrivilege; |
|
1562 LUID SeBackupPrivilege; |
|
1563 LUID SeRestorePrivilege; |
|
1564 LUID SeShutdownPrivilege; |
|
1565 LUID SeDebugPrivilege; |
|
1566 LUID SeAuditPrivilege; |
|
1567 LUID SeSystemEnvironmentPrivilege; |
|
1568 LUID SeChangeNotifyPrivilege; |
|
1569 LUID SeRemoteShutdownPrivilege; |
|
1570 |
|
1571 PSID SeNullSid; |
|
1572 PSID SeWorldSid; |
|
1573 PSID SeLocalSid; |
|
1574 PSID SeCreatorOwnerSid; |
|
1575 PSID SeCreatorGroupSid; |
|
1576 |
|
1577 PSID SeNtAuthoritySid; |
|
1578 PSID SeDialupSid; |
|
1579 PSID SeNetworkSid; |
|
1580 PSID SeBatchSid; |
|
1581 PSID SeInteractiveSid; |
|
1582 PSID SeLocalSystemSid; |
|
1583 PSID SeAliasAdminsSid; |
|
1584 PSID SeAliasUsersSid; |
|
1585 PSID SeAliasGuestsSid; |
|
1586 PSID SeAliasPowerUsersSid; |
|
1587 PSID SeAliasAccountOpsSid; |
|
1588 PSID SeAliasSystemOpsSid; |
|
1589 PSID SeAliasPrintOpsSid; |
|
1590 PSID SeAliasBackupOpsSid; |
|
1591 |
|
1592 PSID SeAuthenticatedUsersSid; |
|
1593 |
|
1594 PSID SeRestrictedSid; |
|
1595 PSID SeAnonymousLogonSid; |
|
1596 |
|
1597 LUID SeUndockPrivilege; |
|
1598 LUID SeSyncAgentPrivilege; |
|
1599 LUID SeEnableDelegationPrivilege; |
|
1600 |
|
1601 } SE_EXPORTS, *PSE_EXPORTS; |
|
1602 |
|
1603 typedef struct _SECTION_BASIC_INFORMATION { |
|
1604 PVOID BaseAddress; |
|
1605 ULONG Attributes; |
|
1606 LARGE_INTEGER Size; |
|
1607 } SECTION_BASIC_INFORMATION, *PSECTION_BASIC_INFORMATION; |
|
1608 |
|
1609 typedef struct _SECTION_IMAGE_INFORMATION { |
|
1610 PVOID EntryPoint; |
|
1611 ULONG Unknown1; |
|
1612 ULONG StackReserve; |
|
1613 ULONG StackCommit; |
|
1614 ULONG Subsystem; |
|
1615 USHORT MinorSubsystemVersion; |
|
1616 USHORT MajorSubsystemVersion; |
|
1617 ULONG Unknown2; |
|
1618 ULONG Characteristics; |
|
1619 USHORT ImageNumber; |
|
1620 BOOLEAN Executable; |
|
1621 UCHAR Unknown3; |
|
1622 ULONG Unknown4[3]; |
|
1623 } SECTION_IMAGE_INFORMATION, *PSECTION_IMAGE_INFORMATION; |
|
1624 |
|
1625 #if (VER_PRODUCTBUILD >= 2600) |
|
1626 |
|
1627 typedef struct _SHARED_CACHE_MAP { |
|
1628 CSHORT NodeTypeCode; |
|
1629 CSHORT NodeByteSize; |
|
1630 ULONG OpenCount; |
|
1631 LARGE_INTEGER FileSize; |
|
1632 LIST_ENTRY BcbList; |
|
1633 LARGE_INTEGER SectionSize; |
|
1634 LARGE_INTEGER ValidDataLength; |
|
1635 LARGE_INTEGER ValidDataGoal; |
|
1636 PVACB InitialVacbs[4]; |
|
1637 PVACB *Vacbs; |
|
1638 PFILE_OBJECT FileObject; |
|
1639 PVACB ActiveVacb; |
|
1640 PVOID NeedToZero; |
|
1641 ULONG ActivePage; |
|
1642 ULONG NeedToZeroPage; |
|
1643 KSPIN_LOCK ActiveVacbSpinLock; |
|
1644 ULONG VacbActiveCount; |
|
1645 ULONG DirtyPages; |
|
1646 LIST_ENTRY SharedCacheMapLinks; |
|
1647 ULONG Flags; |
|
1648 NTSTATUS Status; |
|
1649 PMBCB Mbcb; |
|
1650 PVOID Section; |
|
1651 PKEVENT CreateEvent; |
|
1652 PKEVENT WaitOnActiveCount; |
|
1653 ULONG PagesToWrite; |
|
1654 LONGLONG BeyondLastFlush; |
|
1655 PCACHE_MANAGER_CALLBACKS Callbacks; |
|
1656 PVOID LazyWriteContext; |
|
1657 LIST_ENTRY PrivateList; |
|
1658 PVOID LogHandle; |
|
1659 PVOID FlushToLsnRoutine; |
|
1660 ULONG DirtyPageThreshold; |
|
1661 ULONG LazyWritePassCount; |
|
1662 PCACHE_UNINITIALIZE_EVENT UninitializeEvent; |
|
1663 PVACB NeedToZeroVacb; |
|
1664 KSPIN_LOCK BcbSpinLock; |
|
1665 PVOID Reserved; |
|
1666 KEVENT Event; |
|
1667 EX_PUSH_LOCK VacbPushLock; |
|
1668 PRIVATE_CACHE_MAP PrivateCacheMap; |
|
1669 } SHARED_CACHE_MAP, *PSHARED_CACHE_MAP; |
|
1670 |
|
1671 #endif |
|
1672 |
|
1673 typedef struct _STARTING_VCN_INPUT_BUFFER { |
|
1674 LARGE_INTEGER StartingVcn; |
|
1675 } STARTING_VCN_INPUT_BUFFER, *PSTARTING_VCN_INPUT_BUFFER; |
|
1676 |
|
1677 typedef struct _SYSTEM_CACHE_INFORMATION { |
|
1678 ULONG CurrentSize; |
|
1679 ULONG PeakSize; |
|
1680 ULONG PageFaultCount; |
|
1681 ULONG MinimumWorkingSet; |
|
1682 ULONG MaximumWorkingSet; |
|
1683 ULONG Unused[4]; |
|
1684 } SYSTEM_CACHE_INFORMATION, *PSYSTEM_CACHE_INFORMATION; |
|
1685 |
|
1686 typedef struct _TERMINATION_PORT { |
|
1687 struct _TERMINATION_PORT* Next; |
|
1688 PVOID Port; |
|
1689 } TERMINATION_PORT, *PTERMINATION_PORT; |
|
1690 |
|
1691 typedef struct _SECURITY_CLIENT_CONTEXT { |
|
1692 SECURITY_QUALITY_OF_SERVICE SecurityQos; |
|
1693 PACCESS_TOKEN ClientToken; |
|
1694 BOOLEAN DirectlyAccessClientToken; |
|
1695 BOOLEAN DirectAccessEffectiveOnly; |
|
1696 BOOLEAN ServerIsRemote; |
|
1697 TOKEN_CONTROL ClientTokenControl; |
|
1698 } SECURITY_CLIENT_CONTEXT, *PSECURITY_CLIENT_CONTEXT; |
|
1699 |
|
1700 typedef struct _TUNNEL { |
|
1701 FAST_MUTEX Mutex; |
|
1702 PRTL_SPLAY_LINKS Cache; |
|
1703 LIST_ENTRY TimerQueue; |
|
1704 USHORT NumEntries; |
|
1705 } TUNNEL, *PTUNNEL; |
|
1706 |
|
1707 typedef struct _VACB { |
|
1708 PVOID BaseAddress; |
|
1709 PSHARED_CACHE_MAP SharedCacheMap; |
|
1710 union { |
|
1711 LARGE_INTEGER FileOffset; |
|
1712 USHORT ActiveCount; |
|
1713 } Overlay; |
|
1714 LIST_ENTRY LruList; |
|
1715 } VACB, *PVACB; |
|
1716 |
|
1717 typedef struct _VAD_HEADER { |
|
1718 PVOID StartVPN; |
|
1719 PVOID EndVPN; |
|
1720 PVAD_HEADER ParentLink; |
|
1721 PVAD_HEADER LeftLink; |
|
1722 PVAD_HEADER RightLink; |
|
1723 ULONG Flags; /* LSB = CommitCharge */ |
|
1724 PVOID ControlArea; |
|
1725 PVOID FirstProtoPte; |
|
1726 PVOID LastPTE; |
|
1727 ULONG Unknown; |
|
1728 LIST_ENTRY Secured; |
|
1729 } VAD_HEADER, *PVAD_HEADER; |
|
1730 |
|
1731 NTKERNELAPI |
|
1732 BOOLEAN |
|
1733 NTAPI |
|
1734 CcCanIWrite ( |
|
1735 /*IN*/ PFILE_OBJECT FileObject, |
|
1736 /*IN*/ ULONG BytesToWrite, |
|
1737 /*IN*/ BOOLEAN Wait, |
|
1738 /*IN*/ BOOLEAN Retrying |
|
1739 ); |
|
1740 |
|
1741 NTKERNELAPI |
|
1742 BOOLEAN |
|
1743 NTAPI |
|
1744 CcCopyRead ( |
|
1745 /*IN*/ PFILE_OBJECT FileObject, |
|
1746 /*IN*/ PLARGE_INTEGER FileOffset, |
|
1747 /*IN*/ ULONG Length, |
|
1748 /*IN*/ BOOLEAN Wait, |
|
1749 /*OUT*/ PVOID Buffer, |
|
1750 /*OUT*/ PIO_STATUS_BLOCK IoStatus |
|
1751 ); |
|
1752 |
|
1753 NTKERNELAPI |
|
1754 BOOLEAN |
|
1755 NTAPI |
|
1756 CcCopyWrite ( |
|
1757 /*IN*/ PFILE_OBJECT FileObject, |
|
1758 /*IN*/ PLARGE_INTEGER FileOffset, |
|
1759 /*IN*/ ULONG Length, |
|
1760 /*IN*/ BOOLEAN Wait, |
|
1761 /*IN*/ PVOID Buffer |
|
1762 ); |
|
1763 |
|
1764 #define CcCopyWriteWontFlush(FO, FOFF, LEN) ((LEN) <= 0x10000) |
|
1765 |
|
1766 typedef VOID (NTAPI *PCC_POST_DEFERRED_WRITE) ( |
|
1767 /*IN*/ PVOID Context1, |
|
1768 /*IN*/ PVOID Context2 |
|
1769 ); |
|
1770 |
|
1771 NTKERNELAPI |
|
1772 VOID |
|
1773 NTAPI |
|
1774 CcDeferWrite ( |
|
1775 /*IN*/ PFILE_OBJECT FileObject, |
|
1776 /*IN*/ PCC_POST_DEFERRED_WRITE PostRoutine, |
|
1777 /*IN*/ PVOID Context1, |
|
1778 /*IN*/ PVOID Context2, |
|
1779 /*IN*/ ULONG BytesToWrite, |
|
1780 /*IN*/ BOOLEAN Retrying |
|
1781 ); |
|
1782 |
|
1783 NTKERNELAPI |
|
1784 VOID |
|
1785 NTAPI |
|
1786 CcFastCopyRead ( |
|
1787 /*IN*/ PFILE_OBJECT FileObject, |
|
1788 /*IN*/ ULONG FileOffset, |
|
1789 /*IN*/ ULONG Length, |
|
1790 /*IN*/ ULONG PageCount, |
|
1791 /*OUT*/ PVOID Buffer, |
|
1792 /*OUT*/ PIO_STATUS_BLOCK IoStatus |
|
1793 ); |
|
1794 |
|
1795 NTKERNELAPI |
|
1796 VOID |
|
1797 NTAPI |
|
1798 CcFastCopyWrite ( |
|
1799 /*IN*/ PFILE_OBJECT FileObject, |
|
1800 /*IN*/ ULONG FileOffset, |
|
1801 /*IN*/ ULONG Length, |
|
1802 /*IN*/ PVOID Buffer |
|
1803 ); |
|
1804 |
|
1805 NTKERNELAPI |
|
1806 VOID |
|
1807 NTAPI |
|
1808 CcFlushCache ( |
|
1809 /*IN*/ PSECTION_OBJECT_POINTERS SectionObjectPointer, |
|
1810 /*IN*/ PLARGE_INTEGER FileOffset /*OPTIONAL*/, |
|
1811 /*IN*/ ULONG Length, |
|
1812 /*OUT*/ PIO_STATUS_BLOCK IoStatus /*OPTIONAL*/ |
|
1813 ); |
|
1814 |
|
1815 typedef VOID (*PDIRTY_PAGE_ROUTINE) ( |
|
1816 /*IN*/ PFILE_OBJECT FileObject, |
|
1817 /*IN*/ PLARGE_INTEGER FileOffset, |
|
1818 /*IN*/ ULONG Length, |
|
1819 /*IN*/ PLARGE_INTEGER OldestLsn, |
|
1820 /*IN*/ PLARGE_INTEGER NewestLsn, |
|
1821 /*IN*/ PVOID Context1, |
|
1822 /*IN*/ PVOID Context2 |
|
1823 ); |
|
1824 |
|
1825 NTKERNELAPI |
|
1826 LARGE_INTEGER |
|
1827 NTAPI |
|
1828 CcGetDirtyPages ( |
|
1829 /*IN*/ PVOID LogHandle, |
|
1830 /*IN*/ PDIRTY_PAGE_ROUTINE DirtyPageRoutine, |
|
1831 /*IN*/ PVOID Context1, |
|
1832 /*IN*/ PVOID Context2 |
|
1833 ); |
|
1834 |
|
1835 NTKERNELAPI |
|
1836 PFILE_OBJECT |
|
1837 NTAPI |
|
1838 CcGetFileObjectFromBcb ( |
|
1839 /*IN*/ PVOID Bcb |
|
1840 ); |
|
1841 |
|
1842 NTKERNELAPI |
|
1843 PFILE_OBJECT |
|
1844 NTAPI |
|
1845 CcGetFileObjectFromSectionPtrs ( |
|
1846 /*IN*/ PSECTION_OBJECT_POINTERS SectionObjectPointer |
|
1847 ); |
|
1848 |
|
1849 #define CcGetFileSizePointer(FO) ( \ |
|
1850 ((PLARGE_INTEGER)((FO)->SectionObjectPointer->SharedCacheMap) + 1) \ |
|
1851 ) |
|
1852 |
|
1853 #if (VER_PRODUCTBUILD >= 2195) |
|
1854 |
|
1855 NTKERNELAPI |
|
1856 LARGE_INTEGER |
|
1857 NTAPI |
|
1858 CcGetFlushedValidData ( |
|
1859 /*IN*/ PSECTION_OBJECT_POINTERS SectionObjectPointer, |
|
1860 /*IN*/ BOOLEAN BcbListHeld |
|
1861 ); |
|
1862 |
|
1863 #endif /* (VER_PRODUCTBUILD >= 2195) */ |
|
1864 |
|
1865 NTKERNELAPI |
|
1866 LARGE_INTEGER |
|
1867 CcGetLsnForFileObject ( |
|
1868 /*IN*/ PFILE_OBJECT FileObject, |
|
1869 /*OUT*/ PLARGE_INTEGER OldestLsn /*OPTIONAL*/ |
|
1870 ); |
|
1871 |
|
1872 typedef BOOLEAN (NTAPI *PACQUIRE_FOR_LAZY_WRITE) ( |
|
1873 /*IN*/ PVOID Context, |
|
1874 /*IN*/ BOOLEAN Wait |
|
1875 ); |
|
1876 |
|
1877 typedef VOID (NTAPI *PRELEASE_FROM_LAZY_WRITE) ( |
|
1878 /*IN*/ PVOID Context |
|
1879 ); |
|
1880 |
|
1881 typedef BOOLEAN (NTAPI *PACQUIRE_FOR_READ_AHEAD) ( |
|
1882 /*IN*/ PVOID Context, |
|
1883 /*IN*/ BOOLEAN Wait |
|
1884 ); |
|
1885 |
|
1886 typedef VOID (NTAPI *PRELEASE_FROM_READ_AHEAD) ( |
|
1887 /*IN*/ PVOID Context |
|
1888 ); |
|
1889 |
|
1890 typedef struct _CACHE_MANAGER_CALLBACKS { |
|
1891 PACQUIRE_FOR_LAZY_WRITE AcquireForLazyWrite; |
|
1892 PRELEASE_FROM_LAZY_WRITE ReleaseFromLazyWrite; |
|
1893 PACQUIRE_FOR_READ_AHEAD AcquireForReadAhead; |
|
1894 PRELEASE_FROM_READ_AHEAD ReleaseFromReadAhead; |
|
1895 } CACHE_MANAGER_CALLBACKS, *PCACHE_MANAGER_CALLBACKS; |
|
1896 |
|
1897 NTKERNELAPI |
|
1898 VOID |
|
1899 NTAPI |
|
1900 CcInitializeCacheMap ( |
|
1901 /*IN*/ PFILE_OBJECT FileObject, |
|
1902 /*IN*/ PCC_FILE_SIZES FileSizes, |
|
1903 /*IN*/ BOOLEAN PinAccess, |
|
1904 /*IN*/ PCACHE_MANAGER_CALLBACKS Callbacks, |
|
1905 /*IN*/ PVOID LazyWriteContext |
|
1906 ); |
|
1907 |
|
1908 #define CcIsFileCached(FO) ( \ |
|
1909 ((FO)->SectionObjectPointer != NULL) && \ |
|
1910 (((PSECTION_OBJECT_POINTERS)(FO)->SectionObjectPointer)->SharedCacheMap != NULL) \ |
|
1911 ) |
|
1912 |
|
1913 NTKERNELAPI |
|
1914 BOOLEAN |
|
1915 NTAPI |
|
1916 CcIsThereDirtyData ( |
|
1917 /*IN*/ PVPB Vpb |
|
1918 ); |
|
1919 |
|
1920 NTKERNELAPI |
|
1921 BOOLEAN |
|
1922 NTAPI |
|
1923 CcMapData ( |
|
1924 /*IN*/ PFILE_OBJECT FileObject, |
|
1925 /*IN*/ PLARGE_INTEGER FileOffset, |
|
1926 /*IN*/ ULONG Length, |
|
1927 /*IN*/ BOOLEAN Wait, |
|
1928 /*OUT*/ PVOID *Bcb, |
|
1929 /*OUT*/ PVOID *Buffer |
|
1930 ); |
|
1931 |
|
1932 NTKERNELAPI |
|
1933 VOID |
|
1934 NTAPI |
|
1935 CcMdlRead ( |
|
1936 /*IN*/ PFILE_OBJECT FileObject, |
|
1937 /*IN*/ PLARGE_INTEGER FileOffset, |
|
1938 /*IN*/ ULONG Length, |
|
1939 /*OUT*/ PMDL *MdlChain, |
|
1940 /*OUT*/ PIO_STATUS_BLOCK IoStatus |
|
1941 ); |
|
1942 |
|
1943 NTKERNELAPI |
|
1944 VOID |
|
1945 NTAPI |
|
1946 CcMdlReadComplete ( |
|
1947 /*IN*/ PFILE_OBJECT FileObject, |
|
1948 /*IN*/ PMDL MdlChain |
|
1949 ); |
|
1950 |
|
1951 NTKERNELAPI |
|
1952 VOID |
|
1953 NTAPI |
|
1954 CcMdlWriteComplete ( |
|
1955 /*IN*/ PFILE_OBJECT FileObject, |
|
1956 /*IN*/ PLARGE_INTEGER FileOffset, |
|
1957 /*IN*/ PMDL MdlChain |
|
1958 ); |
|
1959 |
|
1960 NTKERNELAPI |
|
1961 BOOLEAN |
|
1962 NTAPI |
|
1963 CcPinMappedData ( |
|
1964 /*IN*/ PFILE_OBJECT FileObject, |
|
1965 /*IN*/ PLARGE_INTEGER FileOffset, |
|
1966 /*IN*/ ULONG Length, |
|
1967 #if (VER_PRODUCTBUILD >= 2195) |
|
1968 /*IN*/ ULONG Flags, |
|
1969 #else |
|
1970 /*IN*/ BOOLEAN Wait, |
|
1971 #endif |
|
1972 /*IN OUT*/ PVOID *Bcb |
|
1973 ); |
|
1974 |
|
1975 NTKERNELAPI |
|
1976 BOOLEAN |
|
1977 NTAPI |
|
1978 CcPinRead ( |
|
1979 /*IN*/ PFILE_OBJECT FileObject, |
|
1980 /*IN*/ PLARGE_INTEGER FileOffset, |
|
1981 /*IN*/ ULONG Length, |
|
1982 #if (VER_PRODUCTBUILD >= 2195) |
|
1983 /*IN*/ ULONG Flags, |
|
1984 #else |
|
1985 /*IN*/ BOOLEAN Wait, |
|
1986 #endif |
|
1987 /*OUT*/ PVOID *Bcb, |
|
1988 /*OUT*/ PVOID *Buffer |
|
1989 ); |
|
1990 |
|
1991 NTKERNELAPI |
|
1992 VOID |
|
1993 NTAPI |
|
1994 CcPrepareMdlWrite ( |
|
1995 /*IN*/ PFILE_OBJECT FileObject, |
|
1996 /*IN*/ PLARGE_INTEGER FileOffset, |
|
1997 /*IN*/ ULONG Length, |
|
1998 /*OUT*/ PMDL *MdlChain, |
|
1999 /*OUT*/ PIO_STATUS_BLOCK IoStatus |
|
2000 ); |
|
2001 |
|
2002 NTKERNELAPI |
|
2003 BOOLEAN |
|
2004 NTAPI |
|
2005 CcPreparePinWrite ( |
|
2006 /*IN*/ PFILE_OBJECT FileObject, |
|
2007 /*IN*/ PLARGE_INTEGER FileOffset, |
|
2008 /*IN*/ ULONG Length, |
|
2009 /*IN*/ BOOLEAN Zero, |
|
2010 #if (VER_PRODUCTBUILD >= 2195) |
|
2011 /*IN*/ ULONG Flags, |
|
2012 #else |
|
2013 /*IN*/ BOOLEAN Wait, |
|
2014 #endif |
|
2015 /*OUT*/ PVOID *Bcb, |
|
2016 /*OUT*/ PVOID *Buffer |
|
2017 ); |
|
2018 |
|
2019 NTKERNELAPI |
|
2020 BOOLEAN |
|
2021 NTAPI |
|
2022 CcPurgeCacheSection ( |
|
2023 /*IN*/ PSECTION_OBJECT_POINTERS SectionObjectPointer, |
|
2024 /*IN*/ PLARGE_INTEGER FileOffset /*OPTIONAL*/, |
|
2025 /*IN*/ ULONG Length, |
|
2026 /*IN*/ BOOLEAN UninitializeCacheMaps |
|
2027 ); |
|
2028 |
|
2029 #define CcReadAhead(FO, FOFF, LEN) ( \ |
|
2030 if ((LEN) >= 256) { \ |
|
2031 CcScheduleReadAhead((FO), (FOFF), (LEN)); \ |
|
2032 } \ |
|
2033 ) |
|
2034 |
|
2035 #if (VER_PRODUCTBUILD >= 2195) |
|
2036 |
|
2037 NTKERNELAPI |
|
2038 PVOID |
|
2039 NTAPI |
|
2040 CcRemapBcb ( |
|
2041 /*IN*/ PVOID Bcb |
|
2042 ); |
|
2043 |
|
2044 #endif /* (VER_PRODUCTBUILD >= 2195) */ |
|
2045 |
|
2046 NTKERNELAPI |
|
2047 VOID |
|
2048 NTAPI |
|
2049 CcRepinBcb ( |
|
2050 /*IN*/ PVOID Bcb |
|
2051 ); |
|
2052 |
|
2053 NTKERNELAPI |
|
2054 VOID |
|
2055 NTAPI |
|
2056 CcScheduleReadAhead ( |
|
2057 /*IN*/ PFILE_OBJECT FileObject, |
|
2058 /*IN*/ PLARGE_INTEGER FileOffset, |
|
2059 /*IN*/ ULONG Length |
|
2060 ); |
|
2061 |
|
2062 NTKERNELAPI |
|
2063 VOID |
|
2064 NTAPI |
|
2065 CcSetAdditionalCacheAttributes ( |
|
2066 /*IN*/ PFILE_OBJECT FileObject, |
|
2067 /*IN*/ BOOLEAN DisableReadAhead, |
|
2068 /*IN*/ BOOLEAN DisableWriteBehind |
|
2069 ); |
|
2070 |
|
2071 NTKERNELAPI |
|
2072 VOID |
|
2073 NTAPI |
|
2074 CcSetBcbOwnerPointer ( |
|
2075 /*IN*/ PVOID Bcb, |
|
2076 /*IN*/ PVOID OwnerPointer |
|
2077 ); |
|
2078 |
|
2079 NTKERNELAPI |
|
2080 VOID |
|
2081 NTAPI |
|
2082 CcSetDirtyPageThreshold ( |
|
2083 /*IN*/ PFILE_OBJECT FileObject, |
|
2084 /*IN*/ ULONG DirtyPageThreshold |
|
2085 ); |
|
2086 |
|
2087 NTKERNELAPI |
|
2088 VOID |
|
2089 NTAPI |
|
2090 CcSetDirtyPinnedData ( |
|
2091 /*IN*/ PVOID BcbVoid, |
|
2092 /*IN*/ PLARGE_INTEGER Lsn /*OPTIONAL*/ |
|
2093 ); |
|
2094 |
|
2095 NTKERNELAPI |
|
2096 VOID |
|
2097 NTAPI |
|
2098 CcSetFileSizes ( |
|
2099 /*IN*/ PFILE_OBJECT FileObject, |
|
2100 /*IN*/ PCC_FILE_SIZES FileSizes |
|
2101 ); |
|
2102 |
|
2103 typedef VOID (NTAPI *PFLUSH_TO_LSN) ( |
|
2104 /*IN*/ PVOID LogHandle, |
|
2105 /*IN*/ PLARGE_INTEGER Lsn |
|
2106 ); |
|
2107 |
|
2108 NTKERNELAPI |
|
2109 VOID |
|
2110 NTAPI |
|
2111 CcSetLogHandleForFile ( |
|
2112 /*IN*/ PFILE_OBJECT FileObject, |
|
2113 /*IN*/ PVOID LogHandle, |
|
2114 /*IN*/ PFLUSH_TO_LSN FlushToLsnRoutine |
|
2115 ); |
|
2116 |
|
2117 NTKERNELAPI |
|
2118 VOID |
|
2119 NTAPI |
|
2120 CcSetReadAheadGranularity ( |
|
2121 /*IN*/ PFILE_OBJECT FileObject, |
|
2122 /*IN*/ ULONG Granularity /* default: PAGE_SIZE */ |
|
2123 /* allowed: 2^n * PAGE_SIZE */ |
|
2124 ); |
|
2125 |
|
2126 NTKERNELAPI |
|
2127 BOOLEAN |
|
2128 NTAPI |
|
2129 CcUninitializeCacheMap ( |
|
2130 /*IN*/ PFILE_OBJECT FileObject, |
|
2131 /*IN*/ PLARGE_INTEGER TruncateSize /*OPTIONAL*/, |
|
2132 /*IN*/ PCACHE_UNINITIALIZE_EVENT UninitializeCompleteEvent /*OPTIONAL*/ |
|
2133 ); |
|
2134 |
|
2135 NTKERNELAPI |
|
2136 VOID |
|
2137 NTAPI |
|
2138 CcUnpinData ( |
|
2139 /*IN*/ PVOID Bcb |
|
2140 ); |
|
2141 |
|
2142 NTKERNELAPI |
|
2143 VOID |
|
2144 NTAPI |
|
2145 CcUnpinDataForThread ( |
|
2146 /*IN*/ PVOID Bcb, |
|
2147 /*IN*/ ERESOURCE_THREAD ResourceThreadId |
|
2148 ); |
|
2149 |
|
2150 NTKERNELAPI |
|
2151 VOID |
|
2152 NTAPI |
|
2153 CcUnpinRepinnedBcb ( |
|
2154 /*IN*/ PVOID Bcb, |
|
2155 /*IN*/ BOOLEAN WriteThrough, |
|
2156 /*OUT*/ PIO_STATUS_BLOCK IoStatus |
|
2157 ); |
|
2158 |
|
2159 #if (VER_PRODUCTBUILD >= 2195) |
|
2160 |
|
2161 NTKERNELAPI |
|
2162 NTSTATUS |
|
2163 NTAPI |
|
2164 CcWaitForCurrentLazyWriterActivity ( |
|
2165 VOID |
|
2166 ); |
|
2167 |
|
2168 #endif /* (VER_PRODUCTBUILD >= 2195) */ |
|
2169 |
|
2170 NTKERNELAPI |
|
2171 BOOLEAN |
|
2172 NTAPI |
|
2173 CcZeroData ( |
|
2174 /*IN*/ PFILE_OBJECT FileObject, |
|
2175 /*IN*/ PLARGE_INTEGER StartOffset, |
|
2176 /*IN*/ PLARGE_INTEGER EndOffset, |
|
2177 /*IN*/ BOOLEAN Wait |
|
2178 ); |
|
2179 |
|
2180 NTKERNELAPI |
|
2181 VOID |
|
2182 NTAPI |
|
2183 ExDisableResourceBoostLite ( |
|
2184 /*IN*/ PERESOURCE Resource |
|
2185 ); |
|
2186 |
|
2187 NTKERNELAPI |
|
2188 ULONG |
|
2189 NTAPI |
|
2190 ExQueryPoolBlockSize ( |
|
2191 /*IN*/ PVOID PoolBlock, |
|
2192 /*OUT*/ PBOOLEAN QuotaCharged |
|
2193 ); |
|
2194 |
|
2195 #define FlagOn(x, f) ((x) & (f)) |
|
2196 |
|
2197 NTKERNELAPI |
|
2198 VOID |
|
2199 NTAPI |
|
2200 FsRtlAddToTunnelCache ( |
|
2201 /*IN*/ PTUNNEL Cache, |
|
2202 /*IN*/ ULONGLONG DirectoryKey, |
|
2203 /*IN*/ PUNICODE_STRING ShortName, |
|
2204 /*IN*/ PUNICODE_STRING LongName, |
|
2205 /*IN*/ BOOLEAN KeyByShortName, |
|
2206 /*IN*/ ULONG DataLength, |
|
2207 /*IN*/ PVOID Data |
|
2208 ); |
|
2209 |
|
2210 #if (VER_PRODUCTBUILD >= 2195) |
|
2211 |
|
2212 PFILE_LOCK |
|
2213 NTAPI |
|
2214 FsRtlAllocateFileLock ( |
|
2215 /*IN*/ PCOMPLETE_LOCK_IRP_ROUTINE CompleteLockIrpRoutine /*OPTIONAL*/, |
|
2216 /*IN*/ PUNLOCK_ROUTINE UnlockRoutine /*OPTIONAL*/ |
|
2217 ); |
|
2218 |
|
2219 #endif /* (VER_PRODUCTBUILD >= 2195) */ |
|
2220 |
|
2221 NTKERNELAPI |
|
2222 PVOID |
|
2223 NTAPI |
|
2224 FsRtlAllocatePool ( |
|
2225 /*IN*/ POOL_TYPE PoolType, |
|
2226 /*IN*/ ULONG NumberOfBytes |
|
2227 ); |
|
2228 |
|
2229 NTKERNELAPI |
|
2230 PVOID |
|
2231 NTAPI |
|
2232 FsRtlAllocatePoolWithQuota ( |
|
2233 /*IN*/ POOL_TYPE PoolType, |
|
2234 /*IN*/ ULONG NumberOfBytes |
|
2235 ); |
|
2236 |
|
2237 NTKERNELAPI |
|
2238 PVOID |
|
2239 NTAPI |
|
2240 FsRtlAllocatePoolWithQuotaTag ( |
|
2241 /*IN*/ POOL_TYPE PoolType, |
|
2242 /*IN*/ ULONG NumberOfBytes, |
|
2243 /*IN*/ ULONG Tag |
|
2244 ); |
|
2245 |
|
2246 NTKERNELAPI |
|
2247 PVOID |
|
2248 NTAPI |
|
2249 FsRtlAllocatePoolWithTag ( |
|
2250 /*IN*/ POOL_TYPE PoolType, |
|
2251 /*IN*/ ULONG NumberOfBytes, |
|
2252 /*IN*/ ULONG Tag |
|
2253 ); |
|
2254 |
|
2255 NTKERNELAPI |
|
2256 BOOLEAN |
|
2257 NTAPI |
|
2258 FsRtlAreNamesEqual ( |
|
2259 /*IN*/ PUNICODE_STRING Name1, |
|
2260 /*IN*/ PUNICODE_STRING Name2, |
|
2261 /*IN*/ BOOLEAN IgnoreCase, |
|
2262 /*IN*/ PWCHAR UpcaseTable /*OPTIONAL*/ |
|
2263 ); |
|
2264 |
|
2265 #define FsRtlAreThereCurrentFileLocks(FL) ( \ |
|
2266 ((FL)->FastIoIsQuestionable) \ |
|
2267 ) |
|
2268 |
|
2269 /* |
|
2270 FsRtlCheckLockForReadAccess: |
|
2271 |
|
2272 All this really does is pick out the lock parameters from the irp (io stack |
|
2273 location?), get IoGetRequestorProcess, and pass values on to |
|
2274 FsRtlFastCheckLockForRead. |
|
2275 */ |
|
2276 NTKERNELAPI |
|
2277 BOOLEAN |
|
2278 NTAPI |
|
2279 FsRtlCheckLockForReadAccess ( |
|
2280 /*IN*/ PFILE_LOCK FileLock, |
|
2281 /*IN*/ PIRP Irp |
|
2282 ); |
|
2283 |
|
2284 /* |
|
2285 FsRtlCheckLockForWriteAccess: |
|
2286 |
|
2287 All this really does is pick out the lock parameters from the irp (io stack |
|
2288 location?), get IoGetRequestorProcess, and pass values on to |
|
2289 FsRtlFastCheckLockForWrite. |
|
2290 */ |
|
2291 NTKERNELAPI |
|
2292 BOOLEAN |
|
2293 NTAPI |
|
2294 FsRtlCheckLockForWriteAccess ( |
|
2295 /*IN*/ PFILE_LOCK FileLock, |
|
2296 /*IN*/ PIRP Irp |
|
2297 ); |
|
2298 |
|
2299 typedef |
|
2300 VOID NTAPI |
|
2301 (*POPLOCK_WAIT_COMPLETE_ROUTINE) ( |
|
2302 /*IN*/ PVOID Context, |
|
2303 /*IN*/ PIRP Irp |
|
2304 ); |
|
2305 |
|
2306 typedef |
|
2307 VOID NTAPI |
|
2308 (*POPLOCK_FS_PREPOST_IRP) ( |
|
2309 /*IN*/ PVOID Context, |
|
2310 /*IN*/ PIRP Irp |
|
2311 ); |
|
2312 |
|
2313 NTKERNELAPI |
|
2314 NTSTATUS |
|
2315 NTAPI |
|
2316 FsRtlCheckOplock ( |
|
2317 /*IN*/ POPLOCK Oplock, |
|
2318 /*IN*/ PIRP Irp, |
|
2319 /*IN*/ PVOID Context, |
|
2320 /*IN*/ POPLOCK_WAIT_COMPLETE_ROUTINE CompletionRoutine /*OPTIONAL*/, |
|
2321 /*IN*/ POPLOCK_FS_PREPOST_IRP PostIrpRoutine /*OPTIONAL*/ |
|
2322 ); |
|
2323 |
|
2324 NTKERNELAPI |
|
2325 BOOLEAN |
|
2326 NTAPI |
|
2327 FsRtlCopyRead ( |
|
2328 /*IN*/ PFILE_OBJECT FileObject, |
|
2329 /*IN*/ PLARGE_INTEGER FileOffset, |
|
2330 /*IN*/ ULONG Length, |
|
2331 /*IN*/ BOOLEAN Wait, |
|
2332 /*IN*/ ULONG LockKey, |
|
2333 /*OUT*/ PVOID Buffer, |
|
2334 /*OUT*/ PIO_STATUS_BLOCK IoStatus, |
|
2335 /*IN*/ PDEVICE_OBJECT DeviceObject |
|
2336 ); |
|
2337 |
|
2338 NTKERNELAPI |
|
2339 BOOLEAN |
|
2340 NTAPI |
|
2341 FsRtlCopyWrite ( |
|
2342 /*IN*/ PFILE_OBJECT FileObject, |
|
2343 /*IN*/ PLARGE_INTEGER FileOffset, |
|
2344 /*IN*/ ULONG Length, |
|
2345 /*IN*/ BOOLEAN Wait, |
|
2346 /*IN*/ ULONG LockKey, |
|
2347 /*IN*/ PVOID Buffer, |
|
2348 /*OUT*/ PIO_STATUS_BLOCK IoStatus, |
|
2349 /*IN*/ PDEVICE_OBJECT DeviceObject |
|
2350 ); |
|
2351 |
|
2352 NTKERNELAPI |
|
2353 BOOLEAN |
|
2354 NTAPI |
|
2355 FsRtlCurrentBatchOplock ( |
|
2356 /*IN*/ POPLOCK Oplock |
|
2357 ); |
|
2358 |
|
2359 NTKERNELAPI |
|
2360 VOID |
|
2361 NTAPI |
|
2362 FsRtlDeleteKeyFromTunnelCache ( |
|
2363 /*IN*/ PTUNNEL Cache, |
|
2364 /*IN*/ ULONGLONG DirectoryKey |
|
2365 ); |
|
2366 |
|
2367 NTKERNELAPI |
|
2368 VOID |
|
2369 NTAPI |
|
2370 FsRtlDeleteTunnelCache ( |
|
2371 /*IN*/ PTUNNEL Cache |
|
2372 ); |
|
2373 |
|
2374 NTKERNELAPI |
|
2375 VOID |
|
2376 NTAPI |
|
2377 FsRtlDeregisterUncProvider ( |
|
2378 /*IN*/ HANDLE Handle |
|
2379 ); |
|
2380 |
|
2381 NTKERNELAPI |
|
2382 BOOLEAN |
|
2383 NTAPI |
|
2384 FsRtlDoesNameContainWildCards ( |
|
2385 /*IN*/ PUNICODE_STRING Name |
|
2386 ); |
|
2387 |
|
2388 #define FsRtlEnterFileSystem KeEnterCriticalRegion |
|
2389 |
|
2390 #define FsRtlExitFileSystem KeLeaveCriticalRegion |
|
2391 |
|
2392 NTKERNELAPI |
|
2393 BOOLEAN |
|
2394 NTAPI |
|
2395 FsRtlFastCheckLockForRead ( |
|
2396 /*IN*/ PFILE_LOCK FileLock, |
|
2397 /*IN*/ PLARGE_INTEGER FileOffset, |
|
2398 /*IN*/ PLARGE_INTEGER Length, |
|
2399 /*IN*/ ULONG Key, |
|
2400 /*IN*/ PFILE_OBJECT FileObject, |
|
2401 /*IN*/ PEPROCESS Process |
|
2402 ); |
|
2403 |
|
2404 NTKERNELAPI |
|
2405 BOOLEAN |
|
2406 NTAPI |
|
2407 FsRtlFastCheckLockForWrite ( |
|
2408 /*IN*/ PFILE_LOCK FileLock, |
|
2409 /*IN*/ PLARGE_INTEGER FileOffset, |
|
2410 /*IN*/ PLARGE_INTEGER Length, |
|
2411 /*IN*/ ULONG Key, |
|
2412 /*IN*/ PFILE_OBJECT FileObject, |
|
2413 /*IN*/ PEPROCESS Process |
|
2414 ); |
|
2415 |
|
2416 #define FsRtlFastLock(A1, A2, A3, A4, A5, A6, A7, A8, A9, A10, A11) ( \ |
|
2417 FsRtlPrivateLock(A1, A2, A3, A4, A5, A6, A7, A8, A9, NULL, A10, A11) \ |
|
2418 ) |
|
2419 |
|
2420 NTKERNELAPI |
|
2421 NTSTATUS |
|
2422 NTAPI |
|
2423 FsRtlFastUnlockAll ( |
|
2424 /*IN*/ PFILE_LOCK FileLock, |
|
2425 /*IN*/ PFILE_OBJECT FileObject, |
|
2426 /*IN*/ PEPROCESS Process, |
|
2427 /*IN*/ PVOID Context /*OPTIONAL*/ |
|
2428 ); |
|
2429 /* ret: STATUS_RANGE_NOT_LOCKED */ |
|
2430 |
|
2431 NTKERNELAPI |
|
2432 NTSTATUS |
|
2433 NTAPI |
|
2434 FsRtlFastUnlockAllByKey ( |
|
2435 /*IN*/ PFILE_LOCK FileLock, |
|
2436 /*IN*/ PFILE_OBJECT FileObject, |
|
2437 /*IN*/ PEPROCESS Process, |
|
2438 /*IN*/ ULONG Key, |
|
2439 /*IN*/ PVOID Context /*OPTIONAL*/ |
|
2440 ); |
|
2441 /* ret: STATUS_RANGE_NOT_LOCKED */ |
|
2442 |
|
2443 NTKERNELAPI |
|
2444 NTSTATUS |
|
2445 NTAPI |
|
2446 FsRtlFastUnlockSingle ( |
|
2447 /*IN*/ PFILE_LOCK FileLock, |
|
2448 /*IN*/ PFILE_OBJECT FileObject, |
|
2449 /*IN*/ PLARGE_INTEGER FileOffset, |
|
2450 /*IN*/ PLARGE_INTEGER Length, |
|
2451 /*IN*/ PEPROCESS Process, |
|
2452 /*IN*/ ULONG Key, |
|
2453 /*IN*/ PVOID Context /*OPTIONAL*/, |
|
2454 /*IN*/ BOOLEAN AlreadySynchronized |
|
2455 ); |
|
2456 /* ret: STATUS_RANGE_NOT_LOCKED */ |
|
2457 |
|
2458 NTKERNELAPI |
|
2459 BOOLEAN |
|
2460 NTAPI |
|
2461 FsRtlFindInTunnelCache ( |
|
2462 /*IN*/ PTUNNEL Cache, |
|
2463 /*IN*/ ULONGLONG DirectoryKey, |
|
2464 /*IN*/ PUNICODE_STRING Name, |
|
2465 /*OUT*/ PUNICODE_STRING ShortName, |
|
2466 /*OUT*/ PUNICODE_STRING LongName, |
|
2467 /*IN OUT*/ PULONG DataLength, |
|
2468 /*OUT*/ PVOID Data |
|
2469 ); |
|
2470 |
|
2471 #if (VER_PRODUCTBUILD >= 2195) |
|
2472 |
|
2473 NTKERNELAPI |
|
2474 VOID |
|
2475 NTAPI |
|
2476 FsRtlFreeFileLock ( |
|
2477 /*IN*/ PFILE_LOCK FileLock |
|
2478 ); |
|
2479 |
|
2480 #endif /* (VER_PRODUCTBUILD >= 2195) */ |
|
2481 |
|
2482 NTKERNELAPI |
|
2483 NTSTATUS |
|
2484 NTAPI |
|
2485 FsRtlGetFileSize ( |
|
2486 /*IN*/ PFILE_OBJECT FileObject, |
|
2487 /*IN OUT*/ PLARGE_INTEGER FileSize |
|
2488 ); |
|
2489 |
|
2490 /* |
|
2491 FsRtlGetNextFileLock: |
|
2492 |
|
2493 ret: NULL if no more locks |
|
2494 |
|
2495 Internals: |
|
2496 FsRtlGetNextFileLock uses FileLock->LastReturnedLockInfo and |
|
2497 FileLock->LastReturnedLock as storage. |
|
2498 LastReturnedLock is a pointer to the 'raw' lock inkl. double linked |
|
2499 list, and FsRtlGetNextFileLock needs this to get next lock on subsequent |
|
2500 calls with Restart = FALSE. |
|
2501 */ |
|
2502 NTKERNELAPI |
|
2503 PFILE_LOCK_INFO |
|
2504 NTAPI |
|
2505 FsRtlGetNextFileLock ( |
|
2506 /*IN*/ PFILE_LOCK FileLock, |
|
2507 /*IN*/ BOOLEAN Restart |
|
2508 ); |
|
2509 |
|
2510 NTKERNELAPI |
|
2511 VOID |
|
2512 NTAPI |
|
2513 FsRtlInitializeFileLock ( |
|
2514 /*IN*/ PFILE_LOCK FileLock, |
|
2515 /*IN*/ PCOMPLETE_LOCK_IRP_ROUTINE CompleteLockIrpRoutine /*OPTIONAL*/, |
|
2516 /*IN*/ PUNLOCK_ROUTINE UnlockRoutine /*OPTIONAL*/ |
|
2517 ); |
|
2518 |
|
2519 NTKERNELAPI |
|
2520 VOID |
|
2521 NTAPI |
|
2522 FsRtlInitializeOplock ( |
|
2523 /*IN OUT*/ POPLOCK Oplock |
|
2524 ); |
|
2525 |
|
2526 NTKERNELAPI |
|
2527 VOID |
|
2528 NTAPI |
|
2529 FsRtlInitializeTunnelCache ( |
|
2530 /*IN*/ PTUNNEL Cache |
|
2531 ); |
|
2532 |
|
2533 NTKERNELAPI |
|
2534 BOOLEAN |
|
2535 NTAPI |
|
2536 FsRtlIsNameInExpression ( |
|
2537 /*IN*/ PUNICODE_STRING Expression, |
|
2538 /*IN*/ PUNICODE_STRING Name, |
|
2539 /*IN*/ BOOLEAN IgnoreCase, |
|
2540 /*IN*/ PWCHAR UpcaseTable /*OPTIONAL*/ |
|
2541 ); |
|
2542 |
|
2543 NTKERNELAPI |
|
2544 BOOLEAN |
|
2545 NTAPI |
|
2546 FsRtlIsNtstatusExpected ( |
|
2547 /*IN*/ NTSTATUS Ntstatus |
|
2548 ); |
|
2549 |
|
2550 #define FsRtlIsUnicodeCharacterWild(C) ( \ |
|
2551 (((C) >= 0x40) ? \ |
|
2552 FALSE : \ |
|
2553 FlagOn((*FsRtlLegalAnsiCharacterArray)[(C)], FSRTL_WILD_CHARACTER )) \ |
|
2554 ) |
|
2555 |
|
2556 NTKERNELAPI |
|
2557 BOOLEAN |
|
2558 NTAPI |
|
2559 FsRtlMdlReadComplete ( |
|
2560 /*IN*/ PFILE_OBJECT FileObject, |
|
2561 /*IN*/ PMDL MdlChain |
|
2562 ); |
|
2563 |
|
2564 NTKERNELAPI |
|
2565 BOOLEAN |
|
2566 NTAPI |
|
2567 FsRtlMdlReadCompleteDev ( |
|
2568 /*IN*/ PFILE_OBJECT FileObject, |
|
2569 /*IN*/ PMDL MdlChain, |
|
2570 /*IN*/ PDEVICE_OBJECT DeviceObject |
|
2571 ); |
|
2572 |
|
2573 NTKERNELAPI |
|
2574 BOOLEAN |
|
2575 NTAPI |
|
2576 FsRtlMdlWriteComplete ( |
|
2577 /*IN*/ PFILE_OBJECT FileObject, |
|
2578 /*IN*/ PLARGE_INTEGER FileOffset, |
|
2579 /*IN*/ PMDL MdlChain |
|
2580 ); |
|
2581 |
|
2582 NTKERNELAPI |
|
2583 BOOLEAN |
|
2584 NTAPI |
|
2585 FsRtlMdlWriteCompleteDev ( |
|
2586 /*IN*/ PFILE_OBJECT FileObject, |
|
2587 /*IN*/ PLARGE_INTEGER FileOffset, |
|
2588 /*IN*/ PMDL MdlChain, |
|
2589 /*IN*/ PDEVICE_OBJECT DeviceObject |
|
2590 ); |
|
2591 |
|
2592 NTKERNELAPI |
|
2593 NTSTATUS |
|
2594 NTAPI |
|
2595 FsRtlNormalizeNtstatus ( |
|
2596 /*IN*/ NTSTATUS Exception, |
|
2597 /*IN*/ NTSTATUS GenericException |
|
2598 ); |
|
2599 |
|
2600 NTKERNELAPI |
|
2601 VOID |
|
2602 NTAPI |
|
2603 FsRtlNotifyChangeDirectory ( |
|
2604 /*IN*/ PNOTIFY_SYNC NotifySync, |
|
2605 /*IN*/ PVOID FsContext, |
|
2606 /*IN*/ PSTRING FullDirectoryName, |
|
2607 /*IN*/ PLIST_ENTRY NotifyList, |
|
2608 /*IN*/ BOOLEAN WatchTree, |
|
2609 /*IN*/ ULONG CompletionFilter, |
|
2610 /*IN*/ PIRP NotifyIrp |
|
2611 ); |
|
2612 |
|
2613 NTKERNELAPI |
|
2614 VOID |
|
2615 NTAPI |
|
2616 FsRtlNotifyCleanup ( |
|
2617 /*IN*/ PNOTIFY_SYNC NotifySync, |
|
2618 /*IN*/ PLIST_ENTRY NotifyList, |
|
2619 /*IN*/ PVOID FsContext |
|
2620 ); |
|
2621 |
|
2622 typedef BOOLEAN (*PCHECK_FOR_TRAVERSE_ACCESS) ( |
|
2623 /*IN*/ PVOID NotifyContext, |
|
2624 /*IN*/ PVOID TargetContext, |
|
2625 /*IN*/ PSECURITY_SUBJECT_CONTEXT SubjectContext |
|
2626 ); |
|
2627 |
|
2628 NTKERNELAPI |
|
2629 VOID |
|
2630 NTAPI |
|
2631 FsRtlNotifyFullChangeDirectory ( |
|
2632 /*IN*/ PNOTIFY_SYNC NotifySync, |
|
2633 /*IN*/ PLIST_ENTRY NotifyList, |
|
2634 /*IN*/ PVOID FsContext, |
|
2635 /*IN*/ PSTRING FullDirectoryName, |
|
2636 /*IN*/ BOOLEAN WatchTree, |
|
2637 /*IN*/ BOOLEAN IgnoreBuffer, |
|
2638 /*IN*/ ULONG CompletionFilter, |
|
2639 /*IN*/ PIRP NotifyIrp, |
|
2640 /*IN*/ PCHECK_FOR_TRAVERSE_ACCESS TraverseCallback /*OPTIONAL*/, |
|
2641 /*IN*/ PSECURITY_SUBJECT_CONTEXT SubjectContext /*OPTIONAL*/ |
|
2642 ); |
|
2643 |
|
2644 NTKERNELAPI |
|
2645 VOID |
|
2646 NTAPI |
|
2647 FsRtlNotifyFullReportChange ( |
|
2648 /*IN*/ PNOTIFY_SYNC NotifySync, |
|
2649 /*IN*/ PLIST_ENTRY NotifyList, |
|
2650 /*IN*/ PSTRING FullTargetName, |
|
2651 /*IN*/ USHORT TargetNameOffset, |
|
2652 /*IN*/ PSTRING StreamName /*OPTIONAL*/, |
|
2653 /*IN*/ PSTRING NormalizedParentName /*OPTIONAL*/, |
|
2654 /*IN*/ ULONG FilterMatch, |
|
2655 /*IN*/ ULONG Action, |
|
2656 /*IN*/ PVOID TargetContext |
|
2657 ); |
|
2658 |
|
2659 NTKERNELAPI |
|
2660 VOID |
|
2661 NTAPI |
|
2662 FsRtlNotifyInitializeSync ( |
|
2663 /*IN*/ PNOTIFY_SYNC NotifySync |
|
2664 ); |
|
2665 |
|
2666 NTKERNELAPI |
|
2667 VOID |
|
2668 NTAPI |
|
2669 FsRtlNotifyReportChange ( |
|
2670 /*IN*/ PNOTIFY_SYNC NotifySync, |
|
2671 /*IN*/ PLIST_ENTRY NotifyList, |
|
2672 /*IN*/ PSTRING FullTargetName, |
|
2673 /*IN*/ PUSHORT FileNamePartLength, |
|
2674 /*IN*/ ULONG FilterMatch |
|
2675 ); |
|
2676 |
|
2677 NTKERNELAPI |
|
2678 VOID |
|
2679 NTAPI |
|
2680 FsRtlNotifyUninitializeSync ( |
|
2681 /*IN*/ PNOTIFY_SYNC NotifySync |
|
2682 ); |
|
2683 |
|
2684 #if (VER_PRODUCTBUILD >= 2195) |
|
2685 |
|
2686 NTKERNELAPI |
|
2687 NTSTATUS |
|
2688 NTAPI |
|
2689 FsRtlNotifyVolumeEvent ( |
|
2690 /*IN*/ PFILE_OBJECT FileObject, |
|
2691 /*IN*/ ULONG EventCode |
|
2692 ); |
|
2693 |
|
2694 #endif /* (VER_PRODUCTBUILD >= 2195) */ |
|
2695 |
|
2696 NTKERNELAPI |
|
2697 NTSTATUS |
|
2698 NTAPI |
|
2699 FsRtlOplockFsctrl ( |
|
2700 /*IN*/ POPLOCK Oplock, |
|
2701 /*IN*/ PIRP Irp, |
|
2702 /*IN*/ ULONG OpenCount |
|
2703 ); |
|
2704 |
|
2705 NTKERNELAPI |
|
2706 BOOLEAN |
|
2707 NTAPI |
|
2708 FsRtlOplockIsFastIoPossible ( |
|
2709 /*IN*/ POPLOCK Oplock |
|
2710 ); |
|
2711 |
|
2712 /* |
|
2713 FsRtlPrivateLock: |
|
2714 |
|
2715 ret: IoStatus->Status: STATUS_PENDING, STATUS_LOCK_NOT_GRANTED |
|
2716 |
|
2717 Internals: |
|
2718 -Calls IoCompleteRequest if Irp |
|
2719 -Uses exception handling / ExRaiseStatus with STATUS_INSUFFICIENT_RESOURCES |
|
2720 */ |
|
2721 NTKERNELAPI |
|
2722 BOOLEAN |
|
2723 NTAPI |
|
2724 FsRtlPrivateLock ( |
|
2725 /*IN*/ PFILE_LOCK FileLock, |
|
2726 /*IN*/ PFILE_OBJECT FileObject, |
|
2727 /*IN*/ PLARGE_INTEGER FileOffset, |
|
2728 /*IN*/ PLARGE_INTEGER Length, |
|
2729 /*IN*/ PEPROCESS Process, |
|
2730 /*IN*/ ULONG Key, |
|
2731 /*IN*/ BOOLEAN FailImmediately, |
|
2732 /*IN*/ BOOLEAN ExclusiveLock, |
|
2733 /*OUT*/ PIO_STATUS_BLOCK IoStatus, |
|
2734 /*IN*/ PIRP Irp /*OPTIONAL*/, |
|
2735 /*IN*/ PVOID Context, |
|
2736 /*IN*/ BOOLEAN AlreadySynchronized |
|
2737 ); |
|
2738 |
|
2739 /* |
|
2740 FsRtlProcessFileLock: |
|
2741 |
|
2742 ret: |
|
2743 -STATUS_INVALID_DEVICE_REQUEST |
|
2744 -STATUS_RANGE_NOT_LOCKED from unlock routines. |
|
2745 -STATUS_PENDING, STATUS_LOCK_NOT_GRANTED from FsRtlPrivateLock |
|
2746 (redirected IoStatus->Status). |
|
2747 |
|
2748 Internals: |
|
2749 -switch ( Irp->CurrentStackLocation->MinorFunction ) |
|
2750 lock: return FsRtlPrivateLock; |
|
2751 unlocksingle: return FsRtlFastUnlockSingle; |
|
2752 unlockall: return FsRtlFastUnlockAll; |
|
2753 unlockallbykey: return FsRtlFastUnlockAllByKey; |
|
2754 default: IofCompleteRequest with STATUS_INVALID_DEVICE_REQUEST; |
|
2755 return STATUS_INVALID_DEVICE_REQUEST; |
|
2756 |
|
2757 -'AllwaysZero' is passed thru as 'AllwaysZero' to lock / unlock routines. |
|
2758 -'Irp' is passet thru as 'Irp' to FsRtlPrivateLock. |
|
2759 */ |
|
2760 NTKERNELAPI |
|
2761 NTSTATUS |
|
2762 NTAPI |
|
2763 FsRtlProcessFileLock ( |
|
2764 /*IN*/ PFILE_LOCK FileLock, |
|
2765 /*IN*/ PIRP Irp, |
|
2766 /*IN*/ PVOID Context /*OPTIONAL*/ |
|
2767 ); |
|
2768 |
|
2769 NTKERNELAPI |
|
2770 NTSTATUS |
|
2771 NTAPI |
|
2772 FsRtlRegisterUncProvider ( |
|
2773 /*IN OUT*/ PHANDLE MupHandle, |
|
2774 /*IN*/ PUNICODE_STRING RedirectorDeviceName, |
|
2775 /*IN*/ BOOLEAN MailslotsSupported |
|
2776 ); |
|
2777 |
|
2778 NTKERNELAPI |
|
2779 VOID |
|
2780 NTAPI |
|
2781 FsRtlUninitializeFileLock ( |
|
2782 /*IN*/ PFILE_LOCK FileLock |
|
2783 ); |
|
2784 |
|
2785 NTKERNELAPI |
|
2786 VOID |
|
2787 NTAPI |
|
2788 FsRtlUninitializeOplock ( |
|
2789 /*IN OUT*/ POPLOCK Oplock |
|
2790 ); |
|
2791 |
|
2792 NTSYSAPI |
|
2793 VOID |
|
2794 NTAPI |
|
2795 HalDisplayString ( |
|
2796 /*IN*/ PCHAR String |
|
2797 ); |
|
2798 |
|
2799 NTSYSAPI |
|
2800 VOID |
|
2801 NTAPI |
|
2802 HalQueryRealTimeClock ( |
|
2803 /*IN OUT*/ PTIME_FIELDS TimeFields |
|
2804 ); |
|
2805 |
|
2806 NTSYSAPI |
|
2807 VOID |
|
2808 NTAPI |
|
2809 HalSetRealTimeClock ( |
|
2810 /*IN*/ PTIME_FIELDS TimeFields |
|
2811 ); |
|
2812 |
|
2813 #define InitializeMessageHeader(m, l, t) { \ |
|
2814 (m)->Length = (USHORT)(l); \ |
|
2815 (m)->DataLength = (USHORT)(l - sizeof( LPC_MESSAGE )); \ |
|
2816 (m)->MessageType = (USHORT)(t); \ |
|
2817 (m)->DataInfoOffset = 0; \ |
|
2818 } |
|
2819 |
|
2820 NTKERNELAPI |
|
2821 VOID |
|
2822 NTAPI |
|
2823 IoAcquireVpbSpinLock ( |
|
2824 /*OUT*/ PKIRQL Irql |
|
2825 ); |
|
2826 |
|
2827 NTKERNELAPI |
|
2828 NTSTATUS |
|
2829 NTAPI |
|
2830 IoCheckDesiredAccess ( |
|
2831 /*IN OUT*/ PACCESS_MASK DesiredAccess, |
|
2832 /*IN*/ ACCESS_MASK GrantedAccess |
|
2833 ); |
|
2834 |
|
2835 NTKERNELAPI |
|
2836 NTSTATUS |
|
2837 NTAPI |
|
2838 IoCheckEaBufferValidity ( |
|
2839 /*IN*/ PFILE_FULL_EA_INFORMATION EaBuffer, |
|
2840 /*IN*/ ULONG EaLength, |
|
2841 /*OUT*/ PULONG ErrorOffset |
|
2842 ); |
|
2843 |
|
2844 NTKERNELAPI |
|
2845 NTSTATUS |
|
2846 NTAPI |
|
2847 IoCheckFunctionAccess ( |
|
2848 /*IN*/ ACCESS_MASK GrantedAccess, |
|
2849 /*IN*/ UCHAR MajorFunction, |
|
2850 /*IN*/ UCHAR MinorFunction, |
|
2851 /*IN*/ ULONG IoControlCode, |
|
2852 /*IN*/ PFILE_INFORMATION_CLASS FileInformationClass /*OPTIONAL*/, |
|
2853 /*IN*/ PFS_INFORMATION_CLASS FsInformationClass /*OPTIONAL*/ |
|
2854 ); |
|
2855 |
|
2856 #if (VER_PRODUCTBUILD >= 2195) |
|
2857 |
|
2858 NTKERNELAPI |
|
2859 NTSTATUS |
|
2860 NTAPI |
|
2861 IoCheckQuotaBufferValidity ( |
|
2862 /*IN*/ PFILE_QUOTA_INFORMATION QuotaBuffer, |
|
2863 /*IN*/ ULONG QuotaLength, |
|
2864 /*OUT*/ PULONG ErrorOffset |
|
2865 ); |
|
2866 |
|
2867 #endif /* (VER_PRODUCTBUILD >= 2195) */ |
|
2868 |
|
2869 NTKERNELAPI |
|
2870 PFILE_OBJECT |
|
2871 NTAPI |
|
2872 IoCreateStreamFileObject ( |
|
2873 /*IN*/ PFILE_OBJECT FileObject /*OPTIONAL*/, |
|
2874 /*IN*/ PDEVICE_OBJECT DeviceObject /*OPTIONAL*/ |
|
2875 ); |
|
2876 |
|
2877 #if (VER_PRODUCTBUILD >= 2195) |
|
2878 |
|
2879 NTKERNELAPI |
|
2880 PFILE_OBJECT |
|
2881 NTAPI |
|
2882 IoCreateStreamFileObjectLite ( |
|
2883 /*IN*/ PFILE_OBJECT FileObject /*OPTIONAL*/, |
|
2884 /*IN*/ PDEVICE_OBJECT DeviceObject /*OPTIONAL*/ |
|
2885 ); |
|
2886 |
|
2887 #endif /* (VER_PRODUCTBUILD >= 2195) */ |
|
2888 |
|
2889 NTKERNELAPI |
|
2890 BOOLEAN |
|
2891 NTAPI |
|
2892 IoFastQueryNetworkAttributes ( |
|
2893 /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes, |
|
2894 /*IN*/ ACCESS_MASK DesiredAccess, |
|
2895 /*IN*/ ULONG OpenOptions, |
|
2896 /*OUT*/ PIO_STATUS_BLOCK IoStatus, |
|
2897 /*OUT*/ PFILE_NETWORK_OPEN_INFORMATION Buffer |
|
2898 ); |
|
2899 |
|
2900 NTKERNELAPI |
|
2901 PDEVICE_OBJECT |
|
2902 NTAPI |
|
2903 IoGetAttachedDevice ( |
|
2904 /*IN*/ PDEVICE_OBJECT DeviceObject |
|
2905 ); |
|
2906 |
|
2907 NTKERNELAPI |
|
2908 PDEVICE_OBJECT |
|
2909 NTAPI |
|
2910 IoGetBaseFileSystemDeviceObject ( |
|
2911 /*IN*/ PFILE_OBJECT FileObject |
|
2912 ); |
|
2913 |
|
2914 NTKERNELAPI |
|
2915 PEPROCESS |
|
2916 NTAPI |
|
2917 IoGetRequestorProcess ( |
|
2918 /*IN*/ PIRP Irp |
|
2919 ); |
|
2920 |
|
2921 #if (VER_PRODUCTBUILD >= 2195) |
|
2922 |
|
2923 NTKERNELAPI |
|
2924 ULONG |
|
2925 NTAPI |
|
2926 IoGetRequestorProcessId ( |
|
2927 /*IN*/ PIRP Irp |
|
2928 ); |
|
2929 |
|
2930 #endif /* (VER_PRODUCTBUILD >= 2195) */ |
|
2931 |
|
2932 NTKERNELAPI |
|
2933 PIRP |
|
2934 NTAPI |
|
2935 IoGetTopLevelIrp ( |
|
2936 VOID |
|
2937 ); |
|
2938 |
|
2939 #define IoIsFileOpenedExclusively(FileObject) ( \ |
|
2940 (BOOLEAN) !( \ |
|
2941 (FileObject)->SharedRead || \ |
|
2942 (FileObject)->SharedWrite || \ |
|
2943 (FileObject)->SharedDelete \ |
|
2944 ) \ |
|
2945 ) |
|
2946 |
|
2947 NTKERNELAPI |
|
2948 BOOLEAN |
|
2949 NTAPI |
|
2950 IoIsOperationSynchronous ( |
|
2951 /*IN*/ PIRP Irp |
|
2952 ); |
|
2953 |
|
2954 NTKERNELAPI |
|
2955 BOOLEAN |
|
2956 NTAPI |
|
2957 IoIsSystemThread ( |
|
2958 /*IN*/ PETHREAD Thread |
|
2959 ); |
|
2960 |
|
2961 #if (VER_PRODUCTBUILD >= 2195) |
|
2962 |
|
2963 NTKERNELAPI |
|
2964 BOOLEAN |
|
2965 NTAPI |
|
2966 IoIsValidNameGraftingBuffer ( |
|
2967 /*IN*/ PIRP Irp, |
|
2968 /*IN*/ PREPARSE_DATA_BUFFER ReparseBuffer |
|
2969 ); |
|
2970 |
|
2971 #endif /* (VER_PRODUCTBUILD >= 2195) */ |
|
2972 |
|
2973 NTKERNELAPI |
|
2974 NTSTATUS |
|
2975 NTAPI |
|
2976 IoPageRead ( |
|
2977 /*IN*/ PFILE_OBJECT FileObject, |
|
2978 /*IN*/ PMDL Mdl, |
|
2979 /*IN*/ PLARGE_INTEGER Offset, |
|
2980 /*IN*/ PKEVENT Event, |
|
2981 /*OUT*/ PIO_STATUS_BLOCK IoStatusBlock |
|
2982 ); |
|
2983 |
|
2984 NTKERNELAPI |
|
2985 NTSTATUS |
|
2986 NTAPI |
|
2987 IoQueryFileInformation ( |
|
2988 /*IN*/ PFILE_OBJECT FileObject, |
|
2989 /*IN*/ FILE_INFORMATION_CLASS FileInformationClass, |
|
2990 /*IN*/ ULONG Length, |
|
2991 /*OUT*/ PVOID FileInformation, |
|
2992 /*OUT*/ PULONG ReturnedLength |
|
2993 ); |
|
2994 |
|
2995 NTKERNELAPI |
|
2996 NTSTATUS |
|
2997 NTAPI |
|
2998 IoQueryVolumeInformation ( |
|
2999 /*IN*/ PFILE_OBJECT FileObject, |
|
3000 /*IN*/ FS_INFORMATION_CLASS FsInformationClass, |
|
3001 /*IN*/ ULONG Length, |
|
3002 /*OUT*/ PVOID FsInformation, |
|
3003 /*OUT*/ PULONG ReturnedLength |
|
3004 ); |
|
3005 |
|
3006 NTKERNELAPI |
|
3007 VOID |
|
3008 NTAPI |
|
3009 IoRegisterFileSystem ( |
|
3010 /*IN OUT*/ PDEVICE_OBJECT DeviceObject |
|
3011 ); |
|
3012 |
|
3013 #if (VER_PRODUCTBUILD >= 1381) |
|
3014 |
|
3015 typedef VOID (NTAPI *PDRIVER_FS_NOTIFICATION) ( |
|
3016 /*IN*/ PDEVICE_OBJECT DeviceObject, |
|
3017 /*IN*/ BOOLEAN DriverActive |
|
3018 ); |
|
3019 |
|
3020 NTKERNELAPI |
|
3021 NTSTATUS |
|
3022 NTAPI |
|
3023 IoRegisterFsRegistrationChange ( |
|
3024 /*IN*/ PDRIVER_OBJECT DriverObject, |
|
3025 /*IN*/ PDRIVER_FS_NOTIFICATION DriverNotificationRoutine |
|
3026 ); |
|
3027 |
|
3028 #endif /* (VER_PRODUCTBUILD >= 1381) */ |
|
3029 |
|
3030 NTKERNELAPI |
|
3031 VOID |
|
3032 NTAPI |
|
3033 IoReleaseVpbSpinLock ( |
|
3034 /*IN*/ KIRQL Irql |
|
3035 ); |
|
3036 |
|
3037 NTKERNELAPI |
|
3038 VOID |
|
3039 NTAPI |
|
3040 IoSetDeviceToVerify ( |
|
3041 /*IN*/ PETHREAD Thread, |
|
3042 /*IN*/ PDEVICE_OBJECT DeviceObject |
|
3043 ); |
|
3044 |
|
3045 NTKERNELAPI |
|
3046 NTSTATUS |
|
3047 NTAPI |
|
3048 IoSetInformation ( |
|
3049 /*IN*/ PFILE_OBJECT FileObject, |
|
3050 /*IN*/ FILE_INFORMATION_CLASS FileInformationClass, |
|
3051 /*IN*/ ULONG Length, |
|
3052 /*IN*/ PVOID FileInformation |
|
3053 ); |
|
3054 |
|
3055 NTKERNELAPI |
|
3056 VOID |
|
3057 NTAPI |
|
3058 IoSetTopLevelIrp ( |
|
3059 /*IN*/ PIRP Irp |
|
3060 ); |
|
3061 |
|
3062 NTKERNELAPI |
|
3063 NTSTATUS |
|
3064 NTAPI |
|
3065 IoSynchronousPageWrite ( |
|
3066 /*IN*/ PFILE_OBJECT FileObject, |
|
3067 /*IN*/ PMDL Mdl, |
|
3068 /*IN*/ PLARGE_INTEGER FileOffset, |
|
3069 /*IN*/ PKEVENT Event, |
|
3070 /*OUT*/ PIO_STATUS_BLOCK IoStatusBlock |
|
3071 ); |
|
3072 |
|
3073 NTKERNELAPI |
|
3074 PEPROCESS |
|
3075 NTAPI |
|
3076 IoThreadToProcess ( |
|
3077 /*IN*/ PETHREAD Thread |
|
3078 ); |
|
3079 |
|
3080 NTKERNELAPI |
|
3081 VOID |
|
3082 NTAPI |
|
3083 IoUnregisterFileSystem ( |
|
3084 /*IN OUT*/ PDEVICE_OBJECT DeviceObject |
|
3085 ); |
|
3086 |
|
3087 #if (VER_PRODUCTBUILD >= 1381) |
|
3088 |
|
3089 NTKERNELAPI |
|
3090 NTSTATUS |
|
3091 NTAPI |
|
3092 IoUnregisterFsRegistrationChange ( |
|
3093 /*IN*/ PDRIVER_OBJECT DriverObject, |
|
3094 /*IN*/ PDRIVER_FS_NOTIFICATION DriverNotificationRoutine |
|
3095 ); |
|
3096 |
|
3097 #endif /* (VER_PRODUCTBUILD >= 1381) */ |
|
3098 |
|
3099 NTKERNELAPI |
|
3100 NTSTATUS |
|
3101 NTAPI |
|
3102 IoVerifyVolume ( |
|
3103 /*IN*/ PDEVICE_OBJECT DeviceObject, |
|
3104 /*IN*/ BOOLEAN AllowRawMount |
|
3105 ); |
|
3106 |
|
3107 NTKERNELAPI |
|
3108 VOID |
|
3109 NTAPI |
|
3110 KeAttachProcess ( |
|
3111 /*IN*/ PEPROCESS Process |
|
3112 ); |
|
3113 |
|
3114 NTKERNELAPI |
|
3115 VOID |
|
3116 NTAPI |
|
3117 KeDetachProcess ( |
|
3118 VOID |
|
3119 ); |
|
3120 |
|
3121 NTKERNELAPI |
|
3122 VOID |
|
3123 NTAPI |
|
3124 KeInitializeQueue ( |
|
3125 /*IN*/ PRKQUEUE Queue, |
|
3126 /*IN*/ ULONG Count /*OPTIONAL*/ |
|
3127 ); |
|
3128 |
|
3129 NTKERNELAPI |
|
3130 LONG |
|
3131 NTAPI |
|
3132 KeInsertHeadQueue ( |
|
3133 /*IN*/ PRKQUEUE Queue, |
|
3134 /*IN*/ PLIST_ENTRY Entry |
|
3135 ); |
|
3136 |
|
3137 NTKERNELAPI |
|
3138 LONG |
|
3139 NTAPI |
|
3140 KeInsertQueue ( |
|
3141 /*IN*/ PRKQUEUE Queue, |
|
3142 /*IN*/ PLIST_ENTRY Entry |
|
3143 ); |
|
3144 |
|
3145 NTKERNELAPI |
|
3146 BOOLEAN |
|
3147 NTAPI |
|
3148 KeInsertQueueApc ( |
|
3149 /*IN*/ PKAPC Apc, |
|
3150 /*IN*/ PVOID SystemArgument1, |
|
3151 /*IN*/ PVOID SystemArgument2, |
|
3152 /*IN*/ KPRIORITY PriorityBoost |
|
3153 ); |
|
3154 |
|
3155 NTKERNELAPI |
|
3156 LONG |
|
3157 NTAPI |
|
3158 KeReadStateQueue ( |
|
3159 /*IN*/ PRKQUEUE Queue |
|
3160 ); |
|
3161 |
|
3162 NTKERNELAPI |
|
3163 PLIST_ENTRY |
|
3164 NTAPI |
|
3165 KeRemoveQueue ( |
|
3166 /*IN*/ PRKQUEUE Queue, |
|
3167 /*IN*/ KPROCESSOR_MODE WaitMode, |
|
3168 /*IN*/ PLARGE_INTEGER Timeout /*OPTIONAL*/ |
|
3169 ); |
|
3170 |
|
3171 NTKERNELAPI |
|
3172 PLIST_ENTRY |
|
3173 NTAPI |
|
3174 KeRundownQueue ( |
|
3175 /*IN*/ PRKQUEUE Queue |
|
3176 ); |
|
3177 |
|
3178 #if (VER_PRODUCTBUILD >= 2195) |
|
3179 |
|
3180 NTKERNELAPI |
|
3181 VOID |
|
3182 NTAPI |
|
3183 KeStackAttachProcess ( |
|
3184 /*IN*/ PKPROCESS Process, |
|
3185 /*OUT*/ PKAPC_STATE ApcState |
|
3186 ); |
|
3187 |
|
3188 NTKERNELAPI |
|
3189 VOID |
|
3190 NTAPI |
|
3191 KeUnstackDetachProcess ( |
|
3192 /*IN*/ PKAPC_STATE ApcState |
|
3193 ); |
|
3194 |
|
3195 #endif /* (VER_PRODUCTBUILD >= 2195) */ |
|
3196 |
|
3197 NTKERNELAPI |
|
3198 BOOLEAN |
|
3199 NTAPI |
|
3200 MmCanFileBeTruncated ( |
|
3201 /*IN*/ PSECTION_OBJECT_POINTERS SectionObjectPointer, |
|
3202 /*IN*/ PLARGE_INTEGER NewFileSize |
|
3203 ); |
|
3204 |
|
3205 NTKERNELAPI |
|
3206 BOOLEAN |
|
3207 NTAPI |
|
3208 MmFlushImageSection ( |
|
3209 /*IN*/ PSECTION_OBJECT_POINTERS SectionObjectPointer, |
|
3210 /*IN*/ MMFLUSH_TYPE FlushType |
|
3211 ); |
|
3212 |
|
3213 NTKERNELAPI |
|
3214 BOOLEAN |
|
3215 NTAPI |
|
3216 MmForceSectionClosed ( |
|
3217 /*IN*/ PSECTION_OBJECT_POINTERS SectionObjectPointer, |
|
3218 /*IN*/ BOOLEAN DelayClose |
|
3219 ); |
|
3220 |
|
3221 #if (VER_PRODUCTBUILD >= 1381) |
|
3222 |
|
3223 NTKERNELAPI |
|
3224 BOOLEAN |
|
3225 NTAPI |
|
3226 MmIsRecursiveIoFault ( |
|
3227 VOID |
|
3228 ); |
|
3229 |
|
3230 #else |
|
3231 |
|
3232 #define MmIsRecursiveIoFault() ( \ |
|
3233 (PsGetCurrentThread()->DisablePageFaultClustering) | \ |
|
3234 (PsGetCurrentThread()->ForwardClusterOnly) \ |
|
3235 ) |
|
3236 |
|
3237 #endif |
|
3238 |
|
3239 NTKERNELAPI |
|
3240 NTSTATUS |
|
3241 NTAPI |
|
3242 MmMapViewOfSection ( |
|
3243 /*IN*/ PVOID SectionObject, |
|
3244 /*IN*/ PEPROCESS Process, |
|
3245 /*IN OUT*/ PVOID *BaseAddress, |
|
3246 /*IN*/ ULONG ZeroBits, |
|
3247 /*IN*/ ULONG CommitSize, |
|
3248 /*IN OUT*/ PLARGE_INTEGER SectionOffset /*OPTIONAL*/, |
|
3249 /*IN OUT*/ PULONG ViewSize, |
|
3250 /*IN*/ SECTION_INHERIT InheritDisposition, |
|
3251 /*IN*/ ULONG AllocationType, |
|
3252 /*IN*/ ULONG Protect |
|
3253 ); |
|
3254 |
|
3255 NTKERNELAPI |
|
3256 BOOLEAN |
|
3257 NTAPI |
|
3258 MmSetAddressRangeModified ( |
|
3259 /*IN*/ PVOID Address, |
|
3260 /*IN*/ ULONG Length |
|
3261 ); |
|
3262 |
|
3263 NTKERNELAPI |
|
3264 NTSTATUS |
|
3265 NTAPI |
|
3266 ObCreateObject ( |
|
3267 /*IN*/ KPROCESSOR_MODE ObjectAttributesAccessMode /*OPTIONAL*/, |
|
3268 /*IN*/ POBJECT_TYPE ObjectType, |
|
3269 /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes /*OPTIONAL*/, |
|
3270 /*IN*/ KPROCESSOR_MODE AccessMode, |
|
3271 /*IN OUT*/ PVOID ParseContext /*OPTIONAL*/, |
|
3272 /*IN*/ ULONG ObjectSize, |
|
3273 /*IN*/ ULONG PagedPoolCharge /*OPTIONAL*/, |
|
3274 /*IN*/ ULONG NonPagedPoolCharge /*OPTIONAL*/, |
|
3275 /*OUT*/ PVOID *Object |
|
3276 ); |
|
3277 |
|
3278 NTKERNELAPI |
|
3279 ULONG |
|
3280 NTAPI |
|
3281 ObGetObjectPointerCount ( |
|
3282 /*IN*/ PVOID Object |
|
3283 ); |
|
3284 |
|
3285 NTKERNELAPI |
|
3286 NTSTATUS |
|
3287 NTAPI |
|
3288 ObInsertObject ( |
|
3289 /*IN*/ PVOID Object, |
|
3290 /*IN*/ PACCESS_STATE PassedAccessState /*OPTIONAL*/, |
|
3291 /*IN*/ ACCESS_MASK DesiredAccess, |
|
3292 /*IN*/ ULONG AdditionalReferences, |
|
3293 /*OUT*/ PVOID *ReferencedObject /*OPTIONAL*/, |
|
3294 /*OUT*/ PHANDLE Handle |
|
3295 ); |
|
3296 |
|
3297 NTKERNELAPI |
|
3298 VOID |
|
3299 NTAPI |
|
3300 ObMakeTemporaryObject ( |
|
3301 /*IN*/ PVOID Object |
|
3302 ); |
|
3303 |
|
3304 NTKERNELAPI |
|
3305 NTSTATUS |
|
3306 NTAPI |
|
3307 ObOpenObjectByPointer ( |
|
3308 /*IN*/ PVOID Object, |
|
3309 /*IN*/ ULONG HandleAttributes, |
|
3310 /*IN*/ PACCESS_STATE PassedAccessState /*OPTIONAL*/, |
|
3311 /*IN*/ ACCESS_MASK DesiredAccess /*OPTIONAL*/, |
|
3312 /*IN*/ POBJECT_TYPE ObjectType /*OPTIONAL*/, |
|
3313 /*IN*/ KPROCESSOR_MODE AccessMode, |
|
3314 /*OUT*/ PHANDLE Handle |
|
3315 ); |
|
3316 |
|
3317 NTKERNELAPI |
|
3318 NTSTATUS |
|
3319 NTAPI |
|
3320 ObQueryNameString ( |
|
3321 /*IN*/ PVOID Object, |
|
3322 /*OUT*/ POBJECT_NAME_INFORMATION ObjectNameInfo, |
|
3323 /*IN*/ ULONG Length, |
|
3324 /*OUT*/ PULONG ReturnLength |
|
3325 ); |
|
3326 |
|
3327 NTKERNELAPI |
|
3328 NTSTATUS |
|
3329 NTAPI |
|
3330 ObQueryObjectAuditingByHandle ( |
|
3331 /*IN*/ HANDLE Handle, |
|
3332 /*OUT*/ PBOOLEAN GenerateOnClose |
|
3333 ); |
|
3334 |
|
3335 NTKERNELAPI |
|
3336 NTSTATUS |
|
3337 NTAPI |
|
3338 ObReferenceObjectByName ( |
|
3339 /*IN*/ PUNICODE_STRING ObjectName, |
|
3340 /*IN*/ ULONG Attributes, |
|
3341 /*IN*/ PACCESS_STATE PassedAccessState /*OPTIONAL*/, |
|
3342 /*IN*/ ACCESS_MASK DesiredAccess /*OPTIONAL*/, |
|
3343 /*IN*/ POBJECT_TYPE ObjectType, |
|
3344 /*IN*/ KPROCESSOR_MODE AccessMode, |
|
3345 /*IN OUT*/ PVOID ParseContext /*OPTIONAL*/, |
|
3346 /*OUT*/ PVOID *Object |
|
3347 ); |
|
3348 |
|
3349 NTKERNELAPI |
|
3350 VOID |
|
3351 NTAPI |
|
3352 PsChargePoolQuota ( |
|
3353 /*IN*/ PEPROCESS Process, |
|
3354 /*IN*/ POOL_TYPE PoolType, |
|
3355 /*IN*/ ULONG Amount |
|
3356 ); |
|
3357 |
|
3358 #define PsDereferenceImpersonationToken(T) \ |
|
3359 {if (ARGUMENT_PRESENT(T)) { \ |
|
3360 (ObDereferenceObject((T))); \ |
|
3361 } else { \ |
|
3362 ; \ |
|
3363 } \ |
|
3364 } |
|
3365 |
|
3366 #define PsDereferencePrimaryToken(T) (ObDereferenceObject((T))) |
|
3367 |
|
3368 NTKERNELAPI |
|
3369 ULONGLONG |
|
3370 NTAPI |
|
3371 PsGetProcessExitTime ( |
|
3372 VOID |
|
3373 ); |
|
3374 |
|
3375 NTKERNELAPI |
|
3376 BOOLEAN |
|
3377 NTAPI |
|
3378 PsIsThreadTerminating ( |
|
3379 /*IN*/ PETHREAD Thread |
|
3380 ); |
|
3381 |
|
3382 NTKERNELAPI |
|
3383 NTSTATUS |
|
3384 NTAPI |
|
3385 PsLookupProcessByProcessId ( |
|
3386 /*IN*/ PVOID ProcessId, |
|
3387 /*OUT*/ PEPROCESS *Process |
|
3388 ); |
|
3389 |
|
3390 NTKERNELAPI |
|
3391 NTSTATUS |
|
3392 NTAPI |
|
3393 PsLookupProcessThreadByCid ( |
|
3394 /*IN*/ PCLIENT_ID Cid, |
|
3395 /*OUT*/ PEPROCESS *Process /*OPTIONAL*/, |
|
3396 /*OUT*/ PETHREAD *Thread |
|
3397 ); |
|
3398 |
|
3399 NTKERNELAPI |
|
3400 NTSTATUS |
|
3401 NTAPI |
|
3402 PsLookupThreadByThreadId ( |
|
3403 /*IN*/ PVOID UniqueThreadId, |
|
3404 /*OUT*/ PETHREAD *Thread |
|
3405 ); |
|
3406 |
|
3407 NTKERNELAPI |
|
3408 PACCESS_TOKEN |
|
3409 NTAPI |
|
3410 PsReferenceImpersonationToken ( |
|
3411 /*IN*/ PETHREAD Thread, |
|
3412 /*OUT*/ PBOOLEAN CopyOnUse, |
|
3413 /*OUT*/ PBOOLEAN EffectiveOnly, |
|
3414 /*OUT*/ PSECURITY_IMPERSONATION_LEVEL Level |
|
3415 ); |
|
3416 |
|
3417 NTKERNELAPI |
|
3418 HANDLE |
|
3419 NTAPI |
|
3420 PsReferencePrimaryToken ( |
|
3421 /*IN*/ PEPROCESS Process |
|
3422 ); |
|
3423 |
|
3424 NTKERNELAPI |
|
3425 VOID |
|
3426 NTAPI |
|
3427 PsReturnPoolQuota ( |
|
3428 /*IN*/ PEPROCESS Process, |
|
3429 /*IN*/ POOL_TYPE PoolType, |
|
3430 /*IN*/ ULONG Amount |
|
3431 ); |
|
3432 |
|
3433 NTKERNELAPI |
|
3434 VOID |
|
3435 NTAPI |
|
3436 PsRevertToSelf ( |
|
3437 VOID |
|
3438 ); |
|
3439 |
|
3440 NTSYSAPI |
|
3441 NTSTATUS |
|
3442 NTAPI |
|
3443 RtlAbsoluteToSelfRelativeSD ( |
|
3444 /*IN*/ PSECURITY_DESCRIPTOR AbsoluteSecurityDescriptor, |
|
3445 /*IN OUT*/ PSECURITY_DESCRIPTOR SelfRelativeSecurityDescriptor, |
|
3446 /*IN*/ PULONG BufferLength |
|
3447 ); |
|
3448 |
|
3449 NTSYSAPI |
|
3450 PVOID |
|
3451 NTAPI |
|
3452 RtlAllocateHeap ( |
|
3453 /*IN*/ HANDLE HeapHandle, |
|
3454 /*IN*/ ULONG Flags, |
|
3455 /*IN*/ ULONG Size |
|
3456 ); |
|
3457 |
|
3458 NTSYSAPI |
|
3459 NTSTATUS |
|
3460 NTAPI |
|
3461 RtlCompressBuffer ( |
|
3462 /*IN*/ USHORT CompressionFormatAndEngine, |
|
3463 /*IN*/ PUCHAR UncompressedBuffer, |
|
3464 /*IN*/ ULONG UncompressedBufferSize, |
|
3465 /*OUT*/ PUCHAR CompressedBuffer, |
|
3466 /*IN*/ ULONG CompressedBufferSize, |
|
3467 /*IN*/ ULONG UncompressedChunkSize, |
|
3468 /*OUT*/ PULONG FinalCompressedSize, |
|
3469 /*IN*/ PVOID WorkSpace |
|
3470 ); |
|
3471 |
|
3472 NTSYSAPI |
|
3473 NTSTATUS |
|
3474 NTAPI |
|
3475 RtlCompressChunks ( |
|
3476 /*IN*/ PUCHAR UncompressedBuffer, |
|
3477 /*IN*/ ULONG UncompressedBufferSize, |
|
3478 /*OUT*/ PUCHAR CompressedBuffer, |
|
3479 /*IN*/ ULONG CompressedBufferSize, |
|
3480 /*IN OUT*/ PCOMPRESSED_DATA_INFO CompressedDataInfo, |
|
3481 /*IN*/ ULONG CompressedDataInfoLength, |
|
3482 /*IN*/ PVOID WorkSpace |
|
3483 ); |
|
3484 |
|
3485 NTSYSAPI |
|
3486 NTSTATUS |
|
3487 NTAPI |
|
3488 RtlConvertSidToUnicodeString ( |
|
3489 /*OUT*/ PUNICODE_STRING DestinationString, |
|
3490 /*IN*/ PSID Sid, |
|
3491 /*IN*/ BOOLEAN AllocateDestinationString |
|
3492 ); |
|
3493 |
|
3494 NTSYSAPI |
|
3495 NTSTATUS |
|
3496 NTAPI |
|
3497 RtlCopySid ( |
|
3498 /*IN*/ ULONG Length, |
|
3499 /*IN*/ PSID Destination, |
|
3500 /*IN*/ PSID Source |
|
3501 ); |
|
3502 |
|
3503 NTSYSAPI |
|
3504 NTSTATUS |
|
3505 NTAPI |
|
3506 RtlDecompressBuffer ( |
|
3507 /*IN*/ USHORT CompressionFormat, |
|
3508 /*OUT*/ PUCHAR UncompressedBuffer, |
|
3509 /*IN*/ ULONG UncompressedBufferSize, |
|
3510 /*IN*/ PUCHAR CompressedBuffer, |
|
3511 /*IN*/ ULONG CompressedBufferSize, |
|
3512 /*OUT*/ PULONG FinalUncompressedSize |
|
3513 ); |
|
3514 |
|
3515 NTSYSAPI |
|
3516 NTSTATUS |
|
3517 NTAPI |
|
3518 RtlDecompressChunks ( |
|
3519 /*OUT*/ PUCHAR UncompressedBuffer, |
|
3520 /*IN*/ ULONG UncompressedBufferSize, |
|
3521 /*IN*/ PUCHAR CompressedBuffer, |
|
3522 /*IN*/ ULONG CompressedBufferSize, |
|
3523 /*IN*/ PUCHAR CompressedTail, |
|
3524 /*IN*/ ULONG CompressedTailSize, |
|
3525 /*IN*/ PCOMPRESSED_DATA_INFO CompressedDataInfo |
|
3526 ); |
|
3527 |
|
3528 NTSYSAPI |
|
3529 NTSTATUS |
|
3530 NTAPI |
|
3531 RtlDecompressFragment ( |
|
3532 /*IN*/ USHORT CompressionFormat, |
|
3533 /*OUT*/ PUCHAR UncompressedFragment, |
|
3534 /*IN*/ ULONG UncompressedFragmentSize, |
|
3535 /*IN*/ PUCHAR CompressedBuffer, |
|
3536 /*IN*/ ULONG CompressedBufferSize, |
|
3537 /*IN*/ ULONG FragmentOffset, |
|
3538 /*OUT*/ PULONG FinalUncompressedSize, |
|
3539 /*IN*/ PVOID WorkSpace |
|
3540 ); |
|
3541 |
|
3542 NTSYSAPI |
|
3543 NTSTATUS |
|
3544 NTAPI |
|
3545 RtlDescribeChunk ( |
|
3546 /*IN*/ USHORT CompressionFormat, |
|
3547 /*IN OUT*/ PUCHAR *CompressedBuffer, |
|
3548 /*IN*/ PUCHAR EndOfCompressedBufferPlus1, |
|
3549 /*OUT*/ PUCHAR *ChunkBuffer, |
|
3550 /*OUT*/ PULONG ChunkSize |
|
3551 ); |
|
3552 |
|
3553 NTSYSAPI |
|
3554 BOOLEAN |
|
3555 NTAPI |
|
3556 RtlEqualSid ( |
|
3557 /*IN*/ PSID Sid1, |
|
3558 /*IN*/ PSID Sid2 |
|
3559 ); |
|
3560 |
|
3561 NTSYSAPI |
|
3562 VOID |
|
3563 NTAPI |
|
3564 RtlFillMemoryUlong ( |
|
3565 /*IN*/ PVOID Destination, |
|
3566 /*IN*/ ULONG Length, |
|
3567 /*IN*/ ULONG Fill |
|
3568 ); |
|
3569 |
|
3570 NTSYSAPI |
|
3571 BOOLEAN |
|
3572 NTAPI |
|
3573 RtlFreeHeap ( |
|
3574 /*IN*/ HANDLE HeapHandle, |
|
3575 /*IN*/ ULONG Flags, |
|
3576 /*IN*/ PVOID P |
|
3577 ); |
|
3578 |
|
3579 NTSYSAPI |
|
3580 VOID |
|
3581 NTAPI |
|
3582 RtlGenerate8dot3Name ( |
|
3583 /*IN*/ PUNICODE_STRING Name, |
|
3584 /*IN*/ BOOLEAN AllowExtendedCharacters, |
|
3585 /*IN OUT*/ PGENERATE_NAME_CONTEXT Context, |
|
3586 /*OUT*/ PUNICODE_STRING Name8dot3 |
|
3587 ); |
|
3588 |
|
3589 NTSYSAPI |
|
3590 NTSTATUS |
|
3591 NTAPI |
|
3592 RtlGetCompressionWorkSpaceSize ( |
|
3593 /*IN*/ USHORT CompressionFormatAndEngine, |
|
3594 /*OUT*/ PULONG CompressBufferWorkSpaceSize, |
|
3595 /*OUT*/ PULONG CompressFragmentWorkSpaceSize |
|
3596 ); |
|
3597 |
|
3598 NTSYSAPI |
|
3599 NTSTATUS |
|
3600 NTAPI |
|
3601 RtlGetDaclSecurityDescriptor ( |
|
3602 /*IN*/ PSECURITY_DESCRIPTOR SecurityDescriptor, |
|
3603 /*OUT*/ PBOOLEAN DaclPresent, |
|
3604 /*OUT*/ PACL *Dacl, |
|
3605 /*OUT*/ PBOOLEAN DaclDefaulted |
|
3606 ); |
|
3607 |
|
3608 NTSYSAPI |
|
3609 NTSTATUS |
|
3610 NTAPI |
|
3611 RtlGetGroupSecurityDescriptor ( |
|
3612 /*IN*/ PSECURITY_DESCRIPTOR SecurityDescriptor, |
|
3613 /*OUT*/ PSID *Group, |
|
3614 /*OUT*/ PBOOLEAN GroupDefaulted |
|
3615 ); |
|
3616 |
|
3617 NTSYSAPI |
|
3618 NTSTATUS |
|
3619 NTAPI |
|
3620 RtlGetOwnerSecurityDescriptor ( |
|
3621 /*IN*/ PSECURITY_DESCRIPTOR SecurityDescriptor, |
|
3622 /*OUT*/ PSID *Owner, |
|
3623 /*OUT*/ PBOOLEAN OwnerDefaulted |
|
3624 ); |
|
3625 |
|
3626 NTSYSAPI |
|
3627 NTSTATUS |
|
3628 NTAPI |
|
3629 RtlInitializeSid ( |
|
3630 /*IN OUT*/ PSID Sid, |
|
3631 /*IN*/ PSID_IDENTIFIER_AUTHORITY IdentifierAuthority, |
|
3632 /*IN*/ UCHAR SubAuthorityCount |
|
3633 ); |
|
3634 |
|
3635 NTSYSAPI |
|
3636 BOOLEAN |
|
3637 NTAPI |
|
3638 RtlIsNameLegalDOS8Dot3 ( |
|
3639 /*IN*/ PUNICODE_STRING UnicodeName, |
|
3640 /*IN*/ PANSI_STRING AnsiName, |
|
3641 PBOOLEAN Unknown |
|
3642 ); |
|
3643 |
|
3644 NTSYSAPI |
|
3645 ULONG |
|
3646 NTAPI |
|
3647 RtlLengthRequiredSid ( |
|
3648 /*IN*/ UCHAR SubAuthorityCount |
|
3649 ); |
|
3650 |
|
3651 NTSYSAPI |
|
3652 ULONG |
|
3653 NTAPI |
|
3654 RtlLengthSid ( |
|
3655 /*IN*/ PSID Sid |
|
3656 ); |
|
3657 |
|
3658 NTSYSAPI |
|
3659 ULONG |
|
3660 NTAPI |
|
3661 RtlNtStatusToDosError ( |
|
3662 /*IN*/ NTSTATUS Status |
|
3663 ); |
|
3664 |
|
3665 NTSYSAPI |
|
3666 NTSTATUS |
|
3667 NTAPI |
|
3668 RtlReserveChunk ( |
|
3669 /*IN*/ USHORT CompressionFormat, |
|
3670 /*IN OUT*/ PUCHAR *CompressedBuffer, |
|
3671 /*IN*/ PUCHAR EndOfCompressedBufferPlus1, |
|
3672 /*OUT*/ PUCHAR *ChunkBuffer, |
|
3673 /*IN*/ ULONG ChunkSize |
|
3674 ); |
|
3675 |
|
3676 NTSYSAPI |
|
3677 VOID |
|
3678 NTAPI |
|
3679 RtlSecondsSince1970ToTime ( |
|
3680 /*IN*/ ULONG SecondsSince1970, |
|
3681 /*OUT*/ PLARGE_INTEGER Time |
|
3682 ); |
|
3683 |
|
3684 #if (VER_PRODUCTBUILD >= 2195) |
|
3685 |
|
3686 NTSYSAPI |
|
3687 NTSTATUS |
|
3688 NTAPI |
|
3689 RtlSelfRelativeToAbsoluteSD ( |
|
3690 /*IN*/ PSECURITY_DESCRIPTOR SelfRelativeSD, |
|
3691 /*OUT*/ PSECURITY_DESCRIPTOR AbsoluteSD, |
|
3692 /*IN*/ PULONG AbsoluteSDSize, |
|
3693 /*IN*/ PACL Dacl, |
|
3694 /*IN*/ PULONG DaclSize, |
|
3695 /*IN*/ PACL Sacl, |
|
3696 /*IN*/ PULONG SaclSize, |
|
3697 /*IN*/ PSID Owner, |
|
3698 /*IN*/ PULONG OwnerSize, |
|
3699 /*IN*/ PSID PrimaryGroup, |
|
3700 /*IN*/ PULONG PrimaryGroupSize |
|
3701 ); |
|
3702 |
|
3703 #endif /* (VER_PRODUCTBUILD >= 2195) */ |
|
3704 |
|
3705 NTSYSAPI |
|
3706 NTSTATUS |
|
3707 NTAPI |
|
3708 RtlSetGroupSecurityDescriptor ( |
|
3709 /*IN OUT*/ PSECURITY_DESCRIPTOR SecurityDescriptor, |
|
3710 /*IN*/ PSID Group, |
|
3711 /*IN*/ BOOLEAN GroupDefaulted |
|
3712 ); |
|
3713 |
|
3714 NTSYSAPI |
|
3715 NTSTATUS |
|
3716 NTAPI |
|
3717 RtlSetOwnerSecurityDescriptor ( |
|
3718 /*IN OUT*/ PSECURITY_DESCRIPTOR SecurityDescriptor, |
|
3719 /*IN*/ PSID Owner, |
|
3720 /*IN*/ BOOLEAN OwnerDefaulted |
|
3721 ); |
|
3722 |
|
3723 NTSYSAPI |
|
3724 NTSTATUS |
|
3725 NTAPI |
|
3726 RtlSetSaclSecurityDescriptor ( |
|
3727 /*IN OUT*/ PSECURITY_DESCRIPTOR SecurityDescriptor, |
|
3728 /*IN*/ BOOLEAN SaclPresent, |
|
3729 /*IN*/ PACL Sacl, |
|
3730 /*IN*/ BOOLEAN SaclDefaulted |
|
3731 ); |
|
3732 |
|
3733 NTSYSAPI |
|
3734 PUCHAR |
|
3735 NTAPI |
|
3736 RtlSubAuthorityCountSid ( |
|
3737 /*IN*/ PSID Sid |
|
3738 ); |
|
3739 |
|
3740 NTSYSAPI |
|
3741 PULONG |
|
3742 NTAPI |
|
3743 RtlSubAuthoritySid ( |
|
3744 /*IN*/ PSID Sid, |
|
3745 /*IN*/ ULONG SubAuthority |
|
3746 ); |
|
3747 |
|
3748 NTSYSAPI |
|
3749 BOOLEAN |
|
3750 NTAPI |
|
3751 RtlValidSid ( |
|
3752 /*IN*/ PSID Sid |
|
3753 ); |
|
3754 |
|
3755 NTKERNELAPI |
|
3756 NTSTATUS |
|
3757 NTAPI |
|
3758 SeAppendPrivileges ( |
|
3759 PACCESS_STATE AccessState, |
|
3760 PPRIVILEGE_SET Privileges |
|
3761 ); |
|
3762 |
|
3763 NTKERNELAPI |
|
3764 BOOLEAN |
|
3765 NTAPI |
|
3766 SeAuditingFileEvents ( |
|
3767 /*IN*/ BOOLEAN AccessGranted, |
|
3768 /*IN*/ PSECURITY_DESCRIPTOR SecurityDescriptor |
|
3769 ); |
|
3770 |
|
3771 NTKERNELAPI |
|
3772 BOOLEAN |
|
3773 NTAPI |
|
3774 SeAuditingFileOrGlobalEvents ( |
|
3775 /*IN*/ BOOLEAN AccessGranted, |
|
3776 /*IN*/ PSECURITY_DESCRIPTOR SecurityDescriptor, |
|
3777 /*IN*/ PSECURITY_SUBJECT_CONTEXT SubjectContext |
|
3778 ); |
|
3779 |
|
3780 NTKERNELAPI |
|
3781 VOID |
|
3782 NTAPI |
|
3783 SeCaptureSubjectContext ( |
|
3784 /*OUT*/ PSECURITY_SUBJECT_CONTEXT SubjectContext |
|
3785 ); |
|
3786 |
|
3787 NTKERNELAPI |
|
3788 NTSTATUS |
|
3789 NTAPI |
|
3790 SeCreateAccessState ( |
|
3791 /*OUT*/ PACCESS_STATE AccessState, |
|
3792 /*IN*/ PVOID AuxData, |
|
3793 /*IN*/ ACCESS_MASK AccessMask, |
|
3794 /*IN*/ PGENERIC_MAPPING Mapping |
|
3795 ); |
|
3796 |
|
3797 NTKERNELAPI |
|
3798 NTSTATUS |
|
3799 NTAPI |
|
3800 SeCreateClientSecurity ( |
|
3801 /*IN*/ PETHREAD Thread, |
|
3802 /*IN*/ PSECURITY_QUALITY_OF_SERVICE QualityOfService, |
|
3803 /*IN*/ BOOLEAN RemoteClient, |
|
3804 /*OUT*/ PSECURITY_CLIENT_CONTEXT ClientContext |
|
3805 ); |
|
3806 |
|
3807 #if (VER_PRODUCTBUILD >= 2195) |
|
3808 |
|
3809 NTKERNELAPI |
|
3810 NTSTATUS |
|
3811 NTAPI |
|
3812 SeCreateClientSecurityFromSubjectContext ( |
|
3813 /*IN*/ PSECURITY_SUBJECT_CONTEXT SubjectContext, |
|
3814 /*IN*/ PSECURITY_QUALITY_OF_SERVICE QualityOfService, |
|
3815 /*IN*/ BOOLEAN ServerIsRemote, |
|
3816 /*OUT*/ PSECURITY_CLIENT_CONTEXT ClientContext |
|
3817 ); |
|
3818 |
|
3819 #endif /* (VER_PRODUCTBUILD >= 2195) */ |
|
3820 |
|
3821 #define SeDeleteClientSecurity(C) { \ |
|
3822 if (SeTokenType((C)->ClientToken) == TokenPrimary) { \ |
|
3823 PsDereferencePrimaryToken( (C)->ClientToken ); \ |
|
3824 } else { \ |
|
3825 PsDereferenceImpersonationToken( (C)->ClientToken ); \ |
|
3826 } \ |
|
3827 } |
|
3828 |
|
3829 NTKERNELAPI |
|
3830 VOID |
|
3831 NTAPI |
|
3832 SeDeleteObjectAuditAlarm ( |
|
3833 /*IN*/ PVOID Object, |
|
3834 /*IN*/ HANDLE Handle |
|
3835 ); |
|
3836 |
|
3837 #define SeEnableAccessToExports() SeExports = *(PSE_EXPORTS *)SeExports; |
|
3838 |
|
3839 NTKERNELAPI |
|
3840 VOID |
|
3841 NTAPI |
|
3842 SeFreePrivileges ( |
|
3843 /*IN*/ PPRIVILEGE_SET Privileges |
|
3844 ); |
|
3845 |
|
3846 NTKERNELAPI |
|
3847 VOID |
|
3848 NTAPI |
|
3849 SeImpersonateClient ( |
|
3850 /*IN*/ PSECURITY_CLIENT_CONTEXT ClientContext, |
|
3851 /*IN*/ PETHREAD ServerThread /*OPTIONAL*/ |
|
3852 ); |
|
3853 |
|
3854 #if (VER_PRODUCTBUILD >= 2195) |
|
3855 |
|
3856 NTKERNELAPI |
|
3857 NTSTATUS |
|
3858 NTAPI |
|
3859 SeImpersonateClientEx ( |
|
3860 /*IN*/ PSECURITY_CLIENT_CONTEXT ClientContext, |
|
3861 /*IN*/ PETHREAD ServerThread /*OPTIONAL*/ |
|
3862 ); |
|
3863 |
|
3864 #endif /* (VER_PRODUCTBUILD >= 2195) */ |
|
3865 |
|
3866 NTKERNELAPI |
|
3867 VOID |
|
3868 NTAPI |
|
3869 SeLockSubjectContext ( |
|
3870 /*IN*/ PSECURITY_SUBJECT_CONTEXT SubjectContext |
|
3871 ); |
|
3872 |
|
3873 NTKERNELAPI |
|
3874 NTSTATUS |
|
3875 NTAPI |
|
3876 SeMarkLogonSessionForTerminationNotification ( |
|
3877 /*IN*/ PLUID LogonId |
|
3878 ); |
|
3879 |
|
3880 NTKERNELAPI |
|
3881 VOID |
|
3882 NTAPI |
|
3883 SeOpenObjectAuditAlarm ( |
|
3884 /*IN*/ PUNICODE_STRING ObjectTypeName, |
|
3885 /*IN*/ PVOID Object /*OPTIONAL*/, |
|
3886 /*IN*/ PUNICODE_STRING AbsoluteObjectName /*OPTIONAL*/, |
|
3887 /*IN*/ PSECURITY_DESCRIPTOR SecurityDescriptor, |
|
3888 /*IN*/ PACCESS_STATE AccessState, |
|
3889 /*IN*/ BOOLEAN ObjectCreated, |
|
3890 /*IN*/ BOOLEAN AccessGranted, |
|
3891 /*IN*/ KPROCESSOR_MODE AccessMode, |
|
3892 /*OUT*/ PBOOLEAN GenerateOnClose |
|
3893 ); |
|
3894 |
|
3895 NTKERNELAPI |
|
3896 VOID |
|
3897 NTAPI |
|
3898 SeOpenObjectForDeleteAuditAlarm ( |
|
3899 /*IN*/ PUNICODE_STRING ObjectTypeName, |
|
3900 /*IN*/ PVOID Object /*OPTIONAL*/, |
|
3901 /*IN*/ PUNICODE_STRING AbsoluteObjectName /*OPTIONAL*/, |
|
3902 /*IN*/ PSECURITY_DESCRIPTOR SecurityDescriptor, |
|
3903 /*IN*/ PACCESS_STATE AccessState, |
|
3904 /*IN*/ BOOLEAN ObjectCreated, |
|
3905 /*IN*/ BOOLEAN AccessGranted, |
|
3906 /*IN*/ KPROCESSOR_MODE AccessMode, |
|
3907 /*OUT*/ PBOOLEAN GenerateOnClose |
|
3908 ); |
|
3909 |
|
3910 NTKERNELAPI |
|
3911 BOOLEAN |
|
3912 NTAPI |
|
3913 SePrivilegeCheck ( |
|
3914 /*IN OUT*/ PPRIVILEGE_SET RequiredPrivileges, |
|
3915 /*IN*/ PSECURITY_SUBJECT_CONTEXT SubjectContext, |
|
3916 /*IN*/ KPROCESSOR_MODE AccessMode |
|
3917 ); |
|
3918 |
|
3919 NTKERNELAPI |
|
3920 NTSTATUS |
|
3921 NTAPI |
|
3922 SeQueryAuthenticationIdToken ( |
|
3923 /*IN*/ PACCESS_TOKEN Token, |
|
3924 /*OUT*/ PLUID LogonId |
|
3925 ); |
|
3926 |
|
3927 #if (VER_PRODUCTBUILD >= 2195) |
|
3928 |
|
3929 NTKERNELAPI |
|
3930 NTSTATUS |
|
3931 NTAPI |
|
3932 SeQueryInformationToken ( |
|
3933 /*IN*/ PACCESS_TOKEN Token, |
|
3934 /*IN*/ TOKEN_INFORMATION_CLASS TokenInformationClass, |
|
3935 /*OUT*/ PVOID *TokenInformation |
|
3936 ); |
|
3937 |
|
3938 #endif /* (VER_PRODUCTBUILD >= 2195) */ |
|
3939 |
|
3940 NTKERNELAPI |
|
3941 NTSTATUS |
|
3942 NTAPI |
|
3943 SeQuerySecurityDescriptorInfo ( |
|
3944 /*IN*/ PSECURITY_INFORMATION SecurityInformation, |
|
3945 /*OUT*/ PSECURITY_DESCRIPTOR SecurityDescriptor, |
|
3946 /*IN OUT*/ PULONG Length, |
|
3947 /*IN*/ PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor |
|
3948 ); |
|
3949 |
|
3950 #if (VER_PRODUCTBUILD >= 2195) |
|
3951 |
|
3952 NTKERNELAPI |
|
3953 NTSTATUS |
|
3954 NTAPI |
|
3955 SeQuerySessionIdToken ( |
|
3956 /*IN*/ PACCESS_TOKEN Token, |
|
3957 /*IN*/ PULONG SessionId |
|
3958 ); |
|
3959 |
|
3960 #endif /* (VER_PRODUCTBUILD >= 2195) */ |
|
3961 |
|
3962 #define SeQuerySubjectContextToken( SubjectContext ) \ |
|
3963 ( ARGUMENT_PRESENT( \ |
|
3964 ((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->ClientToken \ |
|
3965 ) ? \ |
|
3966 ((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->ClientToken : \ |
|
3967 ((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->PrimaryToken ) |
|
3968 |
|
3969 typedef NTSTATUS (*PSE_LOGON_SESSION_TERMINATED_ROUTINE) ( |
|
3970 /*IN*/ PLUID LogonId |
|
3971 ); |
|
3972 |
|
3973 NTKERNELAPI |
|
3974 NTSTATUS |
|
3975 NTAPI |
|
3976 SeRegisterLogonSessionTerminatedRoutine ( |
|
3977 /*IN*/ PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine |
|
3978 ); |
|
3979 |
|
3980 NTKERNELAPI |
|
3981 VOID |
|
3982 NTAPI |
|
3983 SeReleaseSubjectContext ( |
|
3984 /*IN*/ PSECURITY_SUBJECT_CONTEXT SubjectContext |
|
3985 ); |
|
3986 |
|
3987 NTKERNELAPI |
|
3988 VOID |
|
3989 NTAPI |
|
3990 SeSetAccessStateGenericMapping ( |
|
3991 PACCESS_STATE AccessState, |
|
3992 PGENERIC_MAPPING GenericMapping |
|
3993 ); |
|
3994 |
|
3995 NTKERNELAPI |
|
3996 NTSTATUS |
|
3997 NTAPI |
|
3998 SeSetSecurityDescriptorInfo ( |
|
3999 /*IN*/ PVOID Object /*OPTIONAL*/, |
|
4000 /*IN*/ PSECURITY_INFORMATION SecurityInformation, |
|
4001 /*IN*/ PSECURITY_DESCRIPTOR SecurityDescriptor, |
|
4002 /*IN OUT*/ PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor, |
|
4003 /*IN*/ POOL_TYPE PoolType, |
|
4004 /*IN*/ PGENERIC_MAPPING GenericMapping |
|
4005 ); |
|
4006 |
|
4007 #if (VER_PRODUCTBUILD >= 2195) |
|
4008 |
|
4009 NTKERNELAPI |
|
4010 NTSTATUS |
|
4011 NTAPI |
|
4012 SeSetSecurityDescriptorInfoEx ( |
|
4013 /*IN*/ PVOID Object /*OPTIONAL*/, |
|
4014 /*IN*/ PSECURITY_INFORMATION SecurityInformation, |
|
4015 /*IN*/ PSECURITY_DESCRIPTOR ModificationDescriptor, |
|
4016 /*IN OUT*/ PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor, |
|
4017 /*IN*/ ULONG AutoInheritFlags, |
|
4018 /*IN*/ POOL_TYPE PoolType, |
|
4019 /*IN*/ PGENERIC_MAPPING GenericMapping |
|
4020 ); |
|
4021 |
|
4022 NTKERNELAPI |
|
4023 BOOLEAN |
|
4024 NTAPI |
|
4025 SeTokenIsAdmin ( |
|
4026 /*IN*/ PACCESS_TOKEN Token |
|
4027 ); |
|
4028 |
|
4029 NTKERNELAPI |
|
4030 BOOLEAN |
|
4031 NTAPI |
|
4032 SeTokenIsRestricted ( |
|
4033 /*IN*/ PACCESS_TOKEN Token |
|
4034 ); |
|
4035 |
|
4036 #endif /* (VER_PRODUCTBUILD >= 2195) */ |
|
4037 |
|
4038 NTKERNELAPI |
|
4039 TOKEN_TYPE |
|
4040 NTAPI |
|
4041 SeTokenType ( |
|
4042 /*IN*/ PACCESS_TOKEN Token |
|
4043 ); |
|
4044 |
|
4045 NTKERNELAPI |
|
4046 VOID |
|
4047 NTAPI |
|
4048 SeUnlockSubjectContext ( |
|
4049 /*IN*/ PSECURITY_SUBJECT_CONTEXT SubjectContext |
|
4050 ); |
|
4051 |
|
4052 NTKERNELAPI |
|
4053 NTSTATUS |
|
4054 SeUnregisterLogonSessionTerminatedRoutine ( |
|
4055 /*IN*/ PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine |
|
4056 ); |
|
4057 |
|
4058 #if (VER_PRODUCTBUILD >= 2195) |
|
4059 |
|
4060 NTSYSAPI |
|
4061 NTSTATUS |
|
4062 NTAPI |
|
4063 ZwAdjustPrivilegesToken ( |
|
4064 /*IN*/ HANDLE TokenHandle, |
|
4065 /*IN*/ BOOLEAN DisableAllPrivileges, |
|
4066 /*IN*/ PTOKEN_PRIVILEGES NewState, |
|
4067 /*IN*/ ULONG BufferLength, |
|
4068 /*OUT*/ PTOKEN_PRIVILEGES PreviousState /*OPTIONAL*/, |
|
4069 /*OUT*/ PULONG ReturnLength |
|
4070 ); |
|
4071 |
|
4072 #endif /* (VER_PRODUCTBUILD >= 2195) */ |
|
4073 |
|
4074 NTSYSAPI |
|
4075 NTSTATUS |
|
4076 NTAPI |
|
4077 ZwAlertThread ( |
|
4078 /*IN*/ HANDLE ThreadHandle |
|
4079 ); |
|
4080 |
|
4081 NTSYSAPI |
|
4082 NTSTATUS |
|
4083 NTAPI |
|
4084 ZwAllocateVirtualMemory ( |
|
4085 /*IN*/ HANDLE ProcessHandle, |
|
4086 /*IN OUT*/ PVOID *BaseAddress, |
|
4087 /*IN*/ ULONG ZeroBits, |
|
4088 /*IN OUT*/ PULONG RegionSize, |
|
4089 /*IN*/ ULONG AllocationType, |
|
4090 /*IN*/ ULONG Protect |
|
4091 ); |
|
4092 |
|
4093 NTSYSAPI |
|
4094 NTSTATUS |
|
4095 NTAPI |
|
4096 ZwAccessCheckAndAuditAlarm ( |
|
4097 /*IN*/ PUNICODE_STRING SubsystemName, |
|
4098 /*IN*/ PVOID HandleId, |
|
4099 /*IN*/ PUNICODE_STRING ObjectTypeName, |
|
4100 /*IN*/ PUNICODE_STRING ObjectName, |
|
4101 /*IN*/ PSECURITY_DESCRIPTOR SecurityDescriptor, |
|
4102 /*IN*/ ACCESS_MASK DesiredAccess, |
|
4103 /*IN*/ PGENERIC_MAPPING GenericMapping, |
|
4104 /*IN*/ BOOLEAN ObjectCreation, |
|
4105 /*OUT*/ PACCESS_MASK GrantedAccess, |
|
4106 /*OUT*/ PBOOLEAN AccessStatus, |
|
4107 /*OUT*/ PBOOLEAN GenerateOnClose |
|
4108 ); |
|
4109 |
|
4110 #if (VER_PRODUCTBUILD >= 2195) |
|
4111 |
|
4112 NTSYSAPI |
|
4113 NTSTATUS |
|
4114 NTAPI |
|
4115 ZwCancelIoFile ( |
|
4116 /*IN*/ HANDLE FileHandle, |
|
4117 /*OUT*/ PIO_STATUS_BLOCK IoStatusBlock |
|
4118 ); |
|
4119 |
|
4120 #endif /* (VER_PRODUCTBUILD >= 2195) */ |
|
4121 |
|
4122 NTSYSAPI |
|
4123 NTSTATUS |
|
4124 NTAPI |
|
4125 ZwClearEvent ( |
|
4126 /*IN*/ HANDLE EventHandle |
|
4127 ); |
|
4128 |
|
4129 NTSYSAPI |
|
4130 NTSTATUS |
|
4131 NTAPI |
|
4132 ZwCloseObjectAuditAlarm ( |
|
4133 /*IN*/ PUNICODE_STRING SubsystemName, |
|
4134 /*IN*/ PVOID HandleId, |
|
4135 /*IN*/ BOOLEAN GenerateOnClose |
|
4136 ); |
|
4137 |
|
4138 NTSYSAPI |
|
4139 NTSTATUS |
|
4140 NTAPI |
|
4141 ZwCreateSection ( |
|
4142 /*OUT*/ PHANDLE SectionHandle, |
|
4143 /*IN*/ ACCESS_MASK DesiredAccess, |
|
4144 /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes /*OPTIONAL*/, |
|
4145 /*IN*/ PLARGE_INTEGER MaximumSize /*OPTIONAL*/, |
|
4146 /*IN*/ ULONG SectionPageProtection, |
|
4147 /*IN*/ ULONG AllocationAttributes, |
|
4148 /*IN*/ HANDLE FileHandle /*OPTIONAL*/ |
|
4149 ); |
|
4150 |
|
4151 NTSYSAPI |
|
4152 NTSTATUS |
|
4153 NTAPI |
|
4154 ZwCreateSymbolicLinkObject ( |
|
4155 /*OUT*/ PHANDLE SymbolicLinkHandle, |
|
4156 /*IN*/ ACCESS_MASK DesiredAccess, |
|
4157 /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes, |
|
4158 /*IN*/ PUNICODE_STRING TargetName |
|
4159 ); |
|
4160 |
|
4161 NTSYSAPI |
|
4162 NTSTATUS |
|
4163 NTAPI |
|
4164 ZwDeleteFile ( |
|
4165 /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes |
|
4166 ); |
|
4167 |
|
4168 NTSYSAPI |
|
4169 NTSTATUS |
|
4170 NTAPI |
|
4171 ZwDeleteValueKey ( |
|
4172 /*IN*/ HANDLE Handle, |
|
4173 /*IN*/ PUNICODE_STRING Name |
|
4174 ); |
|
4175 |
|
4176 NTSYSAPI |
|
4177 NTSTATUS |
|
4178 NTAPI |
|
4179 ZwDeviceIoControlFile ( |
|
4180 /*IN*/ HANDLE FileHandle, |
|
4181 /*IN*/ HANDLE Event /*OPTIONAL*/, |
|
4182 /*IN*/ PIO_APC_ROUTINE ApcRoutine /*OPTIONAL*/, |
|
4183 /*IN*/ PVOID ApcContext /*OPTIONAL*/, |
|
4184 /*OUT*/ PIO_STATUS_BLOCK IoStatusBlock, |
|
4185 /*IN*/ ULONG IoControlCode, |
|
4186 /*IN*/ PVOID InputBuffer /*OPTIONAL*/, |
|
4187 /*IN*/ ULONG InputBufferLength, |
|
4188 /*OUT*/ PVOID OutputBuffer /*OPTIONAL*/, |
|
4189 /*IN*/ ULONG OutputBufferLength |
|
4190 ); |
|
4191 |
|
4192 NTSYSAPI |
|
4193 NTSTATUS |
|
4194 NTAPI |
|
4195 ZwDisplayString ( |
|
4196 /*IN*/ PUNICODE_STRING String |
|
4197 ); |
|
4198 |
|
4199 NTSYSAPI |
|
4200 NTSTATUS |
|
4201 NTAPI |
|
4202 ZwDuplicateObject ( |
|
4203 /*IN*/ HANDLE SourceProcessHandle, |
|
4204 /*IN*/ HANDLE SourceHandle, |
|
4205 /*IN*/ HANDLE TargetProcessHandle /*OPTIONAL*/, |
|
4206 /*OUT*/ PHANDLE TargetHandle /*OPTIONAL*/, |
|
4207 /*IN*/ ACCESS_MASK DesiredAccess, |
|
4208 /*IN*/ ULONG HandleAttributes, |
|
4209 /*IN*/ ULONG Options |
|
4210 ); |
|
4211 |
|
4212 NTSYSAPI |
|
4213 NTSTATUS |
|
4214 NTAPI |
|
4215 ZwDuplicateToken ( |
|
4216 /*IN*/ HANDLE ExistingTokenHandle, |
|
4217 /*IN*/ ACCESS_MASK DesiredAccess, |
|
4218 /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes, |
|
4219 /*IN*/ BOOLEAN EffectiveOnly, |
|
4220 /*IN*/ TOKEN_TYPE TokenType, |
|
4221 /*OUT*/ PHANDLE NewTokenHandle |
|
4222 ); |
|
4223 |
|
4224 NTSYSAPI |
|
4225 NTSTATUS |
|
4226 NTAPI |
|
4227 ZwFlushInstructionCache ( |
|
4228 /*IN*/ HANDLE ProcessHandle, |
|
4229 /*IN*/ PVOID BaseAddress /*OPTIONAL*/, |
|
4230 /*IN*/ ULONG FlushSize |
|
4231 ); |
|
4232 |
|
4233 #if (VER_PRODUCTBUILD >= 2195) |
|
4234 |
|
4235 NTSYSAPI |
|
4236 NTSTATUS |
|
4237 NTAPI |
|
4238 ZwFlushVirtualMemory ( |
|
4239 /*IN*/ HANDLE ProcessHandle, |
|
4240 /*IN OUT*/ PVOID *BaseAddress, |
|
4241 /*IN OUT*/ PULONG FlushSize, |
|
4242 /*OUT*/ PIO_STATUS_BLOCK IoStatusBlock |
|
4243 ); |
|
4244 |
|
4245 #endif /* (VER_PRODUCTBUILD >= 2195) */ |
|
4246 |
|
4247 NTSYSAPI |
|
4248 NTSTATUS |
|
4249 NTAPI |
|
4250 ZwFreeVirtualMemory ( |
|
4251 /*IN*/ HANDLE ProcessHandle, |
|
4252 /*IN OUT*/ PVOID *BaseAddress, |
|
4253 /*IN OUT*/ PULONG RegionSize, |
|
4254 /*IN*/ ULONG FreeType |
|
4255 ); |
|
4256 |
|
4257 NTSYSAPI |
|
4258 NTSTATUS |
|
4259 NTAPI |
|
4260 ZwFsControlFile ( |
|
4261 /*IN*/ HANDLE FileHandle, |
|
4262 /*IN*/ HANDLE Event /*OPTIONAL*/, |
|
4263 /*IN*/ PIO_APC_ROUTINE ApcRoutine /*OPTIONAL*/, |
|
4264 /*IN*/ PVOID ApcContext /*OPTIONAL*/, |
|
4265 /*OUT*/ PIO_STATUS_BLOCK IoStatusBlock, |
|
4266 /*IN*/ ULONG FsControlCode, |
|
4267 /*IN*/ PVOID InputBuffer /*OPTIONAL*/, |
|
4268 /*IN*/ ULONG InputBufferLength, |
|
4269 /*OUT*/ PVOID OutputBuffer /*OPTIONAL*/, |
|
4270 /*IN*/ ULONG OutputBufferLength |
|
4271 ); |
|
4272 |
|
4273 #if (VER_PRODUCTBUILD >= 2195) |
|
4274 |
|
4275 NTSYSAPI |
|
4276 NTSTATUS |
|
4277 NTAPI |
|
4278 ZwInitiatePowerAction ( |
|
4279 /*IN*/ POWER_ACTION SystemAction, |
|
4280 /*IN*/ SYSTEM_POWER_STATE MinSystemState, |
|
4281 /*IN*/ ULONG Flags, |
|
4282 /*IN*/ BOOLEAN Asynchronous |
|
4283 ); |
|
4284 |
|
4285 #endif /* (VER_PRODUCTBUILD >= 2195) */ |
|
4286 |
|
4287 NTSYSAPI |
|
4288 NTSTATUS |
|
4289 NTAPI |
|
4290 ZwLoadDriver ( |
|
4291 /* "\\Registry\\Machine\\System\\CurrentControlSet\\Services\\<DriverName>" */ |
|
4292 /*IN*/ PUNICODE_STRING RegistryPath |
|
4293 ); |
|
4294 |
|
4295 NTSYSAPI |
|
4296 NTSTATUS |
|
4297 NTAPI |
|
4298 ZwLoadKey ( |
|
4299 /*IN*/ POBJECT_ATTRIBUTES KeyObjectAttributes, |
|
4300 /*IN*/ POBJECT_ATTRIBUTES FileObjectAttributes |
|
4301 ); |
|
4302 |
|
4303 NTSYSAPI |
|
4304 NTSTATUS |
|
4305 NTAPI |
|
4306 ZwNotifyChangeKey ( |
|
4307 /*IN*/ HANDLE KeyHandle, |
|
4308 /*IN*/ HANDLE EventHandle /*OPTIONAL*/, |
|
4309 /*IN*/ PIO_APC_ROUTINE ApcRoutine /*OPTIONAL*/, |
|
4310 /*IN*/ PVOID ApcContext /*OPTIONAL*/, |
|
4311 /*OUT*/ PIO_STATUS_BLOCK IoStatusBlock, |
|
4312 /*IN*/ ULONG NotifyFilter, |
|
4313 /*IN*/ BOOLEAN WatchSubtree, |
|
4314 /*IN*/ PVOID Buffer, |
|
4315 /*IN*/ ULONG BufferLength, |
|
4316 /*IN*/ BOOLEAN Asynchronous |
|
4317 ); |
|
4318 |
|
4319 NTSYSAPI |
|
4320 NTSTATUS |
|
4321 NTAPI |
|
4322 ZwOpenDirectoryObject ( |
|
4323 /*OUT*/ PHANDLE DirectoryHandle, |
|
4324 /*IN*/ ACCESS_MASK DesiredAccess, |
|
4325 /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes |
|
4326 ); |
|
4327 |
|
4328 NTSYSAPI |
|
4329 NTSTATUS |
|
4330 NTAPI |
|
4331 ZwOpenEvent ( |
|
4332 /*OUT*/ PHANDLE EventHandle, |
|
4333 /*IN*/ ACCESS_MASK DesiredAccess, |
|
4334 /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes |
|
4335 ); |
|
4336 |
|
4337 NTSYSAPI |
|
4338 NTSTATUS |
|
4339 NTAPI |
|
4340 ZwOpenProcess ( |
|
4341 /*OUT*/ PHANDLE ProcessHandle, |
|
4342 /*IN*/ ACCESS_MASK DesiredAccess, |
|
4343 /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes, |
|
4344 /*IN*/ PCLIENT_ID ClientId /*OPTIONAL*/ |
|
4345 ); |
|
4346 |
|
4347 NTSYSAPI |
|
4348 NTSTATUS |
|
4349 NTAPI |
|
4350 ZwOpenProcessToken ( |
|
4351 /*IN*/ HANDLE ProcessHandle, |
|
4352 /*IN*/ ACCESS_MASK DesiredAccess, |
|
4353 /*OUT*/ PHANDLE TokenHandle |
|
4354 ); |
|
4355 |
|
4356 NTSYSAPI |
|
4357 NTSTATUS |
|
4358 NTAPI |
|
4359 ZwOpenThread ( |
|
4360 /*OUT*/ PHANDLE ThreadHandle, |
|
4361 /*IN*/ ACCESS_MASK DesiredAccess, |
|
4362 /*IN*/ POBJECT_ATTRIBUTES ObjectAttributes, |
|
4363 /*IN*/ PCLIENT_ID ClientId |
|
4364 ); |
|
4365 |
|
4366 NTSYSAPI |
|
4367 NTSTATUS |
|
4368 NTAPI |
|
4369 ZwOpenThreadToken ( |
|
4370 /*IN*/ HANDLE ThreadHandle, |
|
4371 /*IN*/ ACCESS_MASK DesiredAccess, |
|
4372 /*IN*/ BOOLEAN OpenAsSelf, |
|
4373 /*OUT*/ PHANDLE TokenHandle |
|
4374 ); |
|
4375 |
|
4376 #if (VER_PRODUCTBUILD >= 2195) |
|
4377 |
|
4378 NTSYSAPI |
|
4379 NTSTATUS |
|
4380 NTAPI |
|
4381 ZwPowerInformation ( |
|
4382 /*IN*/ POWER_INFORMATION_LEVEL PowerInformationLevel, |
|
4383 /*IN*/ PVOID InputBuffer /*OPTIONAL*/, |
|
4384 /*IN*/ ULONG InputBufferLength, |
|
4385 /*OUT*/ PVOID OutputBuffer /*OPTIONAL*/, |
|
4386 /*IN*/ ULONG OutputBufferLength |
|
4387 ); |
|
4388 |
|
4389 #endif /* (VER_PRODUCTBUILD >= 2195) */ |
|
4390 |
|
4391 NTSYSAPI |
|
4392 NTSTATUS |
|
4393 NTAPI |
|
4394 ZwPulseEvent ( |
|
4395 /*IN*/ HANDLE EventHandle, |
|
4396 /*OUT*/ PULONG PreviousState /*OPTIONAL*/ |
|
4397 ); |
|
4398 |
|
4399 NTSYSAPI |
|
4400 NTSTATUS |
|
4401 NTAPI |
|
4402 ZwQueryDefaultLocale ( |
|
4403 /*IN*/ BOOLEAN ThreadOrSystem, |
|
4404 /*OUT*/ PLCID Locale |
|
4405 ); |
|
4406 |
|
4407 NTSYSAPI |
|
4408 NTSTATUS |
|
4409 NTAPI |
|
4410 ZwQueryDirectoryFile ( |
|
4411 /*IN*/ HANDLE FileHandle, |
|
4412 /*IN*/ HANDLE Event /*OPTIONAL*/, |
|
4413 /*IN*/ PIO_APC_ROUTINE ApcRoutine /*OPTIONAL*/, |
|
4414 /*IN*/ PVOID ApcContext /*OPTIONAL*/, |
|
4415 /*OUT*/ PIO_STATUS_BLOCK IoStatusBlock, |
|
4416 /*OUT*/ PVOID FileInformation, |
|
4417 /*IN*/ ULONG Length, |
|
4418 /*IN*/ FILE_INFORMATION_CLASS FileInformationClass, |
|
4419 /*IN*/ BOOLEAN ReturnSingleEntry, |
|
4420 /*IN*/ PUNICODE_STRING FileName /*OPTIONAL*/, |
|
4421 /*IN*/ BOOLEAN RestartScan |
|
4422 ); |
|
4423 |
|
4424 #if (VER_PRODUCTBUILD >= 2195) |
|
4425 |
|
4426 NTSYSAPI |
|
4427 NTSTATUS |
|
4428 NTAPI |
|
4429 ZwQueryDirectoryObject ( |
|
4430 /*IN*/ HANDLE DirectoryHandle, |
|
4431 /*OUT*/ PVOID Buffer, |
|
4432 /*IN*/ ULONG Length, |
|
4433 /*IN*/ BOOLEAN ReturnSingleEntry, |
|
4434 /*IN*/ BOOLEAN RestartScan, |
|
4435 /*IN OUT*/ PULONG Context, |
|
4436 /*OUT*/ PULONG ReturnLength /*OPTIONAL*/ |
|
4437 ); |
|
4438 |
|
4439 NTSYSAPI |
|
4440 NTSTATUS |
|
4441 NTAPI |
|
4442 ZwQueryEaFile ( |
|
4443 /*IN*/ HANDLE FileHandle, |
|
4444 /*OUT*/ PIO_STATUS_BLOCK IoStatusBlock, |
|
4445 /*OUT*/ PVOID Buffer, |
|
4446 /*IN*/ ULONG Length, |
|
4447 /*IN*/ BOOLEAN ReturnSingleEntry, |
|
4448 /*IN*/ PVOID EaList /*OPTIONAL*/, |
|
4449 /*IN*/ ULONG EaListLength, |
|
4450 /*IN*/ PULONG EaIndex /*OPTIONAL*/, |
|
4451 /*IN*/ BOOLEAN RestartScan |
|
4452 ); |
|
4453 |
|
4454 #endif /* (VER_PRODUCTBUILD >= 2195) */ |
|
4455 |
|
4456 NTSYSAPI |
|
4457 NTSTATUS |
|
4458 NTAPI |
|
4459 ZwQueryInformationProcess ( |
|
4460 /*IN*/ HANDLE ProcessHandle, |
|
4461 /*IN*/ PROCESSINFOCLASS ProcessInformationClass, |
|
4462 /*OUT*/ PVOID ProcessInformation, |
|
4463 /*IN*/ ULONG ProcessInformationLength, |
|
4464 /*OUT*/ PULONG ReturnLength /*OPTIONAL*/ |
|
4465 ); |
|
4466 |
|
4467 NTSYSAPI |
|
4468 NTSTATUS |
|
4469 NTAPI |
|
4470 ZwQueryInformationToken ( |
|
4471 /*IN*/ HANDLE TokenHandle, |
|
4472 /*IN*/ TOKEN_INFORMATION_CLASS TokenInformationClass, |
|
4473 /*OUT*/ PVOID TokenInformation, |
|
4474 /*IN*/ ULONG Length, |
|
4475 /*OUT*/ PULONG ResultLength |
|
4476 ); |
|
4477 |
|
4478 NTSYSAPI |
|
4479 NTSTATUS |
|
4480 NTAPI |
|
4481 ZwQueryObject ( |
|
4482 /*IN*/ HANDLE ObjectHandle, |
|
4483 /*IN*/ OBJECT_INFORMATION_CLASS ObjectInformationClass, |
|
4484 /*OUT*/ PVOID ObjectInformation, |
|
4485 /*IN*/ ULONG Length, |
|
4486 /*OUT*/ PULONG ResultLength |
|
4487 ); |
|
4488 |
|
4489 NTSYSAPI |
|
4490 NTSTATUS |
|
4491 NTAPI |
|
4492 ZwQuerySection ( |
|
4493 /*IN*/ HANDLE SectionHandle, |
|
4494 /*IN*/ SECTION_INFORMATION_CLASS SectionInformationClass, |
|
4495 /*OUT*/ PVOID SectionInformation, |
|
4496 /*IN*/ ULONG SectionInformationLength, |
|
4497 /*OUT*/ PULONG ResultLength /*OPTIONAL*/ |
|
4498 ); |
|
4499 |
|
4500 NTSYSAPI |
|
4501 NTSTATUS |
|
4502 NTAPI |
|
4503 ZwQuerySecurityObject ( |
|
4504 /*IN*/ HANDLE FileHandle, |
|
4505 /*IN*/ SECURITY_INFORMATION SecurityInformation, |
|
4506 /*OUT*/ PSECURITY_DESCRIPTOR SecurityDescriptor, |
|
4507 /*IN*/ ULONG Length, |
|
4508 /*OUT*/ PULONG ResultLength |
|
4509 ); |
|
4510 |
|
4511 NTSYSAPI |
|
4512 NTSTATUS |
|
4513 NTAPI |
|
4514 ZwQuerySystemInformation ( |
|
4515 /*IN*/ SYSTEM_INFORMATION_CLASS SystemInformationClass, |
|
4516 /*OUT*/ PVOID SystemInformation, |
|
4517 /*IN*/ ULONG Length, |
|
4518 /*OUT*/ PULONG ReturnLength |
|
4519 ); |
|
4520 |
|
4521 NTSYSAPI |
|
4522 NTSTATUS |
|
4523 NTAPI |
|
4524 ZwQueryVolumeInformationFile ( |
|
4525 /*IN*/ HANDLE FileHandle, |
|
4526 /*OUT*/ PIO_STATUS_BLOCK IoStatusBlock, |
|
4527 /*OUT*/ PVOID FsInformation, |
|
4528 /*IN*/ ULONG Length, |
|
4529 /*IN*/ FS_INFORMATION_CLASS FsInformationClass |
|
4530 ); |
|
4531 |
|
4532 NTSYSAPI |
|
4533 NTSTATUS |
|
4534 NTAPI |
|
4535 ZwReplaceKey ( |
|
4536 /*IN*/ POBJECT_ATTRIBUTES NewFileObjectAttributes, |
|
4537 /*IN*/ HANDLE KeyHandle, |
|
4538 /*IN*/ POBJECT_ATTRIBUTES OldFileObjectAttributes |
|
4539 ); |
|
4540 |
|
4541 NTSYSAPI |
|
4542 NTSTATUS |
|
4543 NTAPI |
|
4544 ZwResetEvent ( |
|
4545 /*IN*/ HANDLE EventHandle, |
|
4546 /*OUT*/ PULONG PreviousState /*OPTIONAL*/ |
|
4547 ); |
|
4548 |
|
4549 #if (VER_PRODUCTBUILD >= 2195) |
|
4550 |
|
4551 NTSYSAPI |
|
4552 NTSTATUS |
|
4553 NTAPI |
|
4554 ZwRestoreKey ( |
|
4555 /*IN*/ HANDLE KeyHandle, |
|
4556 /*IN*/ HANDLE FileHandle, |
|
4557 /*IN*/ ULONG Flags |
|
4558 ); |
|
4559 |
|
4560 #endif /* (VER_PRODUCTBUILD >= 2195) */ |
|
4561 |
|
4562 NTSYSAPI |
|
4563 NTSTATUS |
|
4564 NTAPI |
|
4565 ZwSaveKey ( |
|
4566 /*IN*/ HANDLE KeyHandle, |
|
4567 /*IN*/ HANDLE FileHandle |
|
4568 ); |
|
4569 |
|
4570 NTSYSAPI |
|
4571 NTSTATUS |
|
4572 NTAPI |
|
4573 ZwSetDefaultLocale ( |
|
4574 /*IN*/ BOOLEAN ThreadOrSystem, |
|
4575 /*IN*/ LCID Locale |
|
4576 ); |
|
4577 |
|
4578 #if (VER_PRODUCTBUILD >= 2195) |
|
4579 |
|
4580 NTSYSAPI |
|
4581 NTSTATUS |
|
4582 NTAPI |
|
4583 ZwSetDefaultUILanguage ( |
|
4584 /*IN*/ LANGID LanguageId |
|
4585 ); |
|
4586 |
|
4587 NTSYSAPI |
|
4588 NTSTATUS |
|
4589 NTAPI |
|
4590 ZwSetEaFile ( |
|
4591 /*IN*/ HANDLE FileHandle, |
|
4592 /*OUT*/ PIO_STATUS_BLOCK IoStatusBlock, |
|
4593 /*OUT*/ PVOID Buffer, |
|
4594 /*IN*/ ULONG Length |
|
4595 ); |
|
4596 |
|
4597 #endif /* (VER_PRODUCTBUILD >= 2195) */ |
|
4598 |
|
4599 NTSYSAPI |
|
4600 NTSTATUS |
|
4601 NTAPI |
|
4602 ZwSetEvent ( |
|
4603 /*IN*/ HANDLE EventHandle, |
|
4604 /*OUT*/ PULONG PreviousState /*OPTIONAL*/ |
|
4605 ); |
|
4606 |
|
4607 NTSYSAPI |
|
4608 NTSTATUS |
|
4609 NTAPI |
|
4610 ZwSetInformationObject ( |
|
4611 /*IN*/ HANDLE ObjectHandle, |
|
4612 /*IN*/ OBJECT_INFORMATION_CLASS ObjectInformationClass, |
|
4613 /*IN*/ PVOID ObjectInformation, |
|
4614 /*IN*/ ULONG ObjectInformationLength |
|
4615 ); |
|
4616 |
|
4617 NTSYSAPI |
|
4618 NTSTATUS |
|
4619 NTAPI |
|
4620 ZwSetInformationProcess ( |
|
4621 /*IN*/ HANDLE ProcessHandle, |
|
4622 /*IN*/ PROCESSINFOCLASS ProcessInformationClass, |
|
4623 /*IN*/ PVOID ProcessInformation, |
|
4624 /*IN*/ ULONG ProcessInformationLength |
|
4625 ); |
|
4626 |
|
4627 #if (VER_PRODUCTBUILD >= 2195) |
|
4628 |
|
4629 NTSYSAPI |
|
4630 NTSTATUS |
|
4631 NTAPI |
|
4632 ZwSetSecurityObject ( |
|
4633 /*IN*/ HANDLE Handle, |
|
4634 /*IN*/ SECURITY_INFORMATION SecurityInformation, |
|
4635 /*IN*/ PSECURITY_DESCRIPTOR SecurityDescriptor |
|
4636 ); |
|
4637 |
|
4638 #endif /* (VER_PRODUCTBUILD >= 2195) */ |
|
4639 |
|
4640 NTSYSAPI |
|
4641 NTSTATUS |
|
4642 NTAPI |
|
4643 ZwSetSystemInformation ( |
|
4644 /*IN*/ SYSTEM_INFORMATION_CLASS SystemInformationClass, |
|
4645 /*IN*/ PVOID SystemInformation, |
|
4646 /*IN*/ ULONG Length |
|
4647 ); |
|
4648 |
|
4649 NTSYSAPI |
|
4650 NTSTATUS |
|
4651 NTAPI |
|
4652 ZwSetSystemTime ( |
|
4653 /*IN*/ PLARGE_INTEGER NewTime, |
|
4654 /*OUT*/ PLARGE_INTEGER OldTime /*OPTIONAL*/ |
|
4655 ); |
|
4656 |
|
4657 #if (VER_PRODUCTBUILD >= 2195) |
|
4658 |
|
4659 NTSYSAPI |
|
4660 NTSTATUS |
|
4661 NTAPI |
|
4662 ZwSetVolumeInformationFile ( |
|
4663 /*IN*/ HANDLE FileHandle, |
|
4664 /*OUT*/ PIO_STATUS_BLOCK IoStatusBlock, |
|
4665 /*IN*/ PVOID FsInformation, |
|
4666 /*IN*/ ULONG Length, |
|
4667 /*IN*/ FS_INFORMATION_CLASS FsInformationClass |
|
4668 ); |
|
4669 |
|
4670 #endif /* (VER_PRODUCTBUILD >= 2195) */ |
|
4671 |
|
4672 NTSYSAPI |
|
4673 NTSTATUS |
|
4674 NTAPI |
|
4675 ZwTerminateProcess ( |
|
4676 /*IN*/ HANDLE ProcessHandle /*OPTIONAL*/, |
|
4677 /*IN*/ NTSTATUS ExitStatus |
|
4678 ); |
|
4679 |
|
4680 NTSYSAPI |
|
4681 NTSTATUS |
|
4682 NTAPI |
|
4683 ZwUnloadDriver ( |
|
4684 /* "\\Registry\\Machine\\System\\CurrentControlSet\\Services\\<DriverName>" */ |
|
4685 /*IN*/ PUNICODE_STRING RegistryPath |
|
4686 ); |
|
4687 |
|
4688 NTSYSAPI |
|
4689 NTSTATUS |
|
4690 NTAPI |
|
4691 ZwUnloadKey ( |
|
4692 /*IN*/ POBJECT_ATTRIBUTES KeyObjectAttributes |
|
4693 ); |
|
4694 |
|
4695 NTSYSAPI |
|
4696 NTSTATUS |
|
4697 NTAPI |
|
4698 ZwWaitForSingleObject ( |
|
4699 /*IN*/ HANDLE Handle, |
|
4700 /*IN*/ BOOLEAN Alertable, |
|
4701 /*IN*/ PLARGE_INTEGER Timeout /*OPTIONAL*/ |
|
4702 ); |
|
4703 |
|
4704 NTSYSAPI |
|
4705 NTSTATUS |
|
4706 NTAPI |
|
4707 ZwWaitForMultipleObjects ( |
|
4708 /*IN*/ ULONG HandleCount, |
|
4709 /*IN*/ PHANDLE Handles, |
|
4710 /*IN*/ WAIT_TYPE WaitType, |
|
4711 /*IN*/ BOOLEAN Alertable, |
|
4712 /*IN*/ PLARGE_INTEGER Timeout /*OPTIONAL*/ |
|
4713 ); |
|
4714 |
|
4715 NTSYSAPI |
|
4716 NTSTATUS |
|
4717 NTAPI |
|
4718 ZwYieldExecution ( |
|
4719 VOID |
|
4720 ); |
|
4721 |
|
4722 #ifdef __cplusplus |
|
4723 } |
|
4724 #endif |
|
4725 |
|
4726 #endif /* _NTIFS_ */ |