134
317
#define SYSTEM_ALARM_CALLBACK_ACE_TYPE (0xE)
135
318
#define SYSTEM_AUDIT_CALLBACK_OBJECT_ACE_TYPE (0xF)
136
319
#define SYSTEM_ALARM_CALLBACK_OBJECT_ACE_TYPE (0x10)
137
#define ACCESS_MAX_MS_V5_ACE_TYPE (0x10)
320
#define ACCESS_MAX_MS_V5_ACE_TYPE (0x11)
321
#define SYSTEM_MANDATORY_LABEL_ACE_TYPE (0x11)
323
/* The following are the inherit flags that go into the AceFlags field
326
#define OBJECT_INHERIT_ACE (0x1)
327
#define CONTAINER_INHERIT_ACE (0x2)
328
#define NO_PROPAGATE_INHERIT_ACE (0x4)
329
#define INHERIT_ONLY_ACE (0x8)
330
#define INHERITED_ACE (0x10)
331
#define VALID_INHERIT_FLAGS (0x1F)
333
#define SUCCESSFUL_ACCESS_ACE_FLAG (0x40)
334
#define FAILED_ACCESS_ACE_FLAG (0x80)
336
typedef struct _ACCESS_ALLOWED_ACE {
340
} ACCESS_ALLOWED_ACE, *PACCESS_ALLOWED_ACE;
342
typedef struct _ACCESS_DENIED_ACE {
346
} ACCESS_DENIED_ACE, *PACCESS_DENIED_ACE;
348
typedef struct _SYSTEM_AUDIT_ACE {
352
} SYSTEM_AUDIT_ACE, *PSYSTEM_AUDIT_ACE;
354
typedef struct _SYSTEM_ALARM_ACE {
358
} SYSTEM_ALARM_ACE, *PSYSTEM_ALARM_ACE;
360
typedef struct _SYSTEM_MANDATORY_LABEL_ACE {
364
} SYSTEM_MANDATORY_LABEL_ACE, *PSYSTEM_MANDATORY_LABEL_ACE;
366
#define SYSTEM_MANDATORY_LABEL_NO_WRITE_UP 0x1
367
#define SYSTEM_MANDATORY_LABEL_NO_READ_UP 0x2
368
#define SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP 0x4
369
#define SYSTEM_MANDATORY_LABEL_VALID_MASK (SYSTEM_MANDATORY_LABEL_NO_WRITE_UP | \
370
SYSTEM_MANDATORY_LABEL_NO_READ_UP | \
371
SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP)
373
#define SECURITY_DESCRIPTOR_MIN_LENGTH (sizeof(SECURITY_DESCRIPTOR))
375
typedef USHORT SECURITY_DESCRIPTOR_CONTROL,*PSECURITY_DESCRIPTOR_CONTROL;
377
#define SE_OWNER_DEFAULTED 0x0001
378
#define SE_GROUP_DEFAULTED 0x0002
379
#define SE_DACL_PRESENT 0x0004
380
#define SE_DACL_DEFAULTED 0x0008
381
#define SE_SACL_PRESENT 0x0010
382
#define SE_SACL_DEFAULTED 0x0020
383
#define SE_DACL_UNTRUSTED 0x0040
384
#define SE_SERVER_SECURITY 0x0080
385
#define SE_DACL_AUTO_INHERIT_REQ 0x0100
386
#define SE_SACL_AUTO_INHERIT_REQ 0x0200
387
#define SE_DACL_AUTO_INHERITED 0x0400
388
#define SE_SACL_AUTO_INHERITED 0x0800
389
#define SE_DACL_PROTECTED 0x1000
390
#define SE_SACL_PROTECTED 0x2000
391
#define SE_RM_CONTROL_VALID 0x4000
392
#define SE_SELF_RELATIVE 0x8000
394
typedef struct _SECURITY_DESCRIPTOR_RELATIVE {
397
SECURITY_DESCRIPTOR_CONTROL Control;
402
} SECURITY_DESCRIPTOR_RELATIVE, *PISECURITY_DESCRIPTOR_RELATIVE;
404
typedef struct _SECURITY_DESCRIPTOR {
407
SECURITY_DESCRIPTOR_CONTROL Control;
412
} SECURITY_DESCRIPTOR, *PISECURITY_DESCRIPTOR;
414
typedef struct _OBJECT_TYPE_LIST {
418
} OBJECT_TYPE_LIST, *POBJECT_TYPE_LIST;
420
#define ACCESS_OBJECT_GUID 0
421
#define ACCESS_PROPERTY_SET_GUID 1
422
#define ACCESS_PROPERTY_GUID 2
423
#define ACCESS_MAX_LEVEL 4
425
typedef enum _AUDIT_EVENT_TYPE {
426
AuditEventObjectAccess,
427
AuditEventDirectoryServiceAccess
428
} AUDIT_EVENT_TYPE, *PAUDIT_EVENT_TYPE;
430
#define AUDIT_ALLOW_NO_PRIVILEGE 0x1
432
#define ACCESS_DS_SOURCE_A "DS"
433
#define ACCESS_DS_SOURCE_W L"DS"
434
#define ACCESS_DS_OBJECT_TYPE_NAME_A "Directory Service Object"
435
#define ACCESS_DS_OBJECT_TYPE_NAME_W L"Directory Service Object"
437
#define ACCESS_REASON_TYPE_MASK 0xffff0000
438
#define ACCESS_REASON_DATA_MASK 0x0000ffff
440
typedef enum _ACCESS_REASON_TYPE {
441
AccessReasonNone = 0x00000000,
442
AccessReasonAllowedAce = 0x00010000,
443
AccessReasonDeniedAce = 0x00020000,
444
AccessReasonAllowedParentAce = 0x00030000,
445
AccessReasonDeniedParentAce = 0x00040000,
446
AccessReasonMissingPrivilege = 0x00100000,
447
AccessReasonFromPrivilege = 0x00200000,
448
AccessReasonIntegrityLevel = 0x00300000,
449
AccessReasonOwnership = 0x00400000,
450
AccessReasonNullDacl = 0x00500000,
451
AccessReasonEmptyDacl = 0x00600000,
452
AccessReasonNoSD = 0x00700000,
453
AccessReasonNoGrant = 0x00800000
454
} ACCESS_REASON_TYPE;
456
typedef ULONG ACCESS_REASON;
458
typedef struct _ACCESS_REASONS {
459
ACCESS_REASON Data[32];
460
} ACCESS_REASONS, *PACCESS_REASONS;
462
#define SE_SECURITY_DESCRIPTOR_FLAG_NO_OWNER_ACE 0x00000001
463
#define SE_SECURITY_DESCRIPTOR_FLAG_NO_LABEL_ACE 0x00000002
464
#define SE_SECURITY_DESCRIPTOR_VALID_FLAGS 0x00000003
466
typedef struct _SE_SECURITY_DESCRIPTOR {
469
PSECURITY_DESCRIPTOR SecurityDescriptor;
470
} SE_SECURITY_DESCRIPTOR, *PSE_SECURITY_DESCRIPTOR;
472
typedef struct _SE_ACCESS_REQUEST {
474
PSE_SECURITY_DESCRIPTOR SeSecurityDescriptor;
475
ACCESS_MASK DesiredAccess;
476
ACCESS_MASK PreviouslyGrantedAccess;
477
PSID PrincipalSelfSid;
478
PGENERIC_MAPPING GenericMapping;
479
ULONG ObjectTypeListCount;
480
POBJECT_TYPE_LIST ObjectTypeList;
481
} SE_ACCESS_REQUEST, *PSE_ACCESS_REQUEST;
483
typedef struct _SE_ACCESS_REPLY {
485
ULONG ResultListCount;
486
PACCESS_MASK GrantedAccess;
487
PNTSTATUS AccessStatus;
488
PACCESS_REASONS AccessReason;
489
PPRIVILEGE_SET* Privileges;
490
} SE_ACCESS_REPLY, *PSE_ACCESS_REPLY;
492
typedef enum _SE_AUDIT_OPERATION {
493
AuditPrivilegeObject,
494
AuditPrivilegeService,
497
AuditOpenObjectWithTransaction,
500
AuditOpenObjectForDelete,
501
AuditOpenObjectForDeleteWithTransaction,
504
AuditObjectReference,
506
} SE_AUDIT_OPERATION, *PSE_AUDIT_OPERATION;
508
typedef struct _SE_AUDIT_INFO {
510
AUDIT_EVENT_TYPE AuditType;
511
SE_AUDIT_OPERATION AuditOperation;
513
UNICODE_STRING SubsystemName;
514
UNICODE_STRING ObjectTypeName;
515
UNICODE_STRING ObjectName;
519
BOOLEAN ObjectCreation;
520
BOOLEAN GenerateOnClose;
521
} SE_AUDIT_INFO, *PSE_AUDIT_INFO;
523
#define TOKEN_ASSIGN_PRIMARY (0x0001)
524
#define TOKEN_DUPLICATE (0x0002)
525
#define TOKEN_IMPERSONATE (0x0004)
526
#define TOKEN_QUERY (0x0008)
527
#define TOKEN_QUERY_SOURCE (0x0010)
528
#define TOKEN_ADJUST_PRIVILEGES (0x0020)
529
#define TOKEN_ADJUST_GROUPS (0x0040)
530
#define TOKEN_ADJUST_DEFAULT (0x0080)
531
#define TOKEN_ADJUST_SESSIONID (0x0100)
533
#define TOKEN_ALL_ACCESS_P (STANDARD_RIGHTS_REQUIRED |\
534
TOKEN_ASSIGN_PRIMARY |\
538
TOKEN_QUERY_SOURCE |\
539
TOKEN_ADJUST_PRIVILEGES |\
540
TOKEN_ADJUST_GROUPS |\
541
TOKEN_ADJUST_DEFAULT )
543
#if ((defined(_WIN32_WINNT) && (_WIN32_WINNT > 0x0400)) || (!defined(_WIN32_WINNT)))
544
#define TOKEN_ALL_ACCESS (TOKEN_ALL_ACCESS_P |\
545
TOKEN_ADJUST_SESSIONID )
547
#define TOKEN_ALL_ACCESS (TOKEN_ALL_ACCESS_P)
550
#define TOKEN_READ (STANDARD_RIGHTS_READ |\
553
#define TOKEN_WRITE (STANDARD_RIGHTS_WRITE |\
554
TOKEN_ADJUST_PRIVILEGES |\
555
TOKEN_ADJUST_GROUPS |\
556
TOKEN_ADJUST_DEFAULT)
558
#define TOKEN_EXECUTE (STANDARD_RIGHTS_EXECUTE)
560
typedef enum _TOKEN_TYPE {
563
} TOKEN_TYPE,*PTOKEN_TYPE;
565
typedef enum _TOKEN_INFORMATION_CLASS {
574
TokenImpersonationLevel,
578
TokenGroupsAndPrivileges,
579
TokenSessionReference,
586
TokenHasRestrictions,
587
TokenAccessInformation,
588
TokenVirtualizationAllowed,
589
TokenVirtualizationEnabled,
592
TokenMandatoryPolicy,
595
} TOKEN_INFORMATION_CLASS, *PTOKEN_INFORMATION_CLASS;
597
typedef struct _TOKEN_USER {
598
SID_AND_ATTRIBUTES User;
599
} TOKEN_USER, *PTOKEN_USER;
601
typedef struct _TOKEN_GROUPS {
603
SID_AND_ATTRIBUTES Groups[ANYSIZE_ARRAY];
604
} TOKEN_GROUPS,*PTOKEN_GROUPS,*LPTOKEN_GROUPS;
606
typedef struct _TOKEN_PRIVILEGES {
607
ULONG PrivilegeCount;
608
LUID_AND_ATTRIBUTES Privileges[ANYSIZE_ARRAY];
609
} TOKEN_PRIVILEGES,*PTOKEN_PRIVILEGES,*LPTOKEN_PRIVILEGES;
611
typedef struct _TOKEN_OWNER {
613
} TOKEN_OWNER,*PTOKEN_OWNER;
615
typedef struct _TOKEN_PRIMARY_GROUP {
617
} TOKEN_PRIMARY_GROUP,*PTOKEN_PRIMARY_GROUP;
619
typedef struct _TOKEN_DEFAULT_DACL {
621
} TOKEN_DEFAULT_DACL,*PTOKEN_DEFAULT_DACL;
623
typedef struct _TOKEN_GROUPS_AND_PRIVILEGES {
626
PSID_AND_ATTRIBUTES Sids;
627
ULONG RestrictedSidCount;
628
ULONG RestrictedSidLength;
629
PSID_AND_ATTRIBUTES RestrictedSids;
630
ULONG PrivilegeCount;
631
ULONG PrivilegeLength;
632
PLUID_AND_ATTRIBUTES Privileges;
633
LUID AuthenticationId;
634
} TOKEN_GROUPS_AND_PRIVILEGES, *PTOKEN_GROUPS_AND_PRIVILEGES;
636
typedef struct _TOKEN_LINKED_TOKEN {
638
} TOKEN_LINKED_TOKEN, *PTOKEN_LINKED_TOKEN;
640
typedef struct _TOKEN_ELEVATION {
641
ULONG TokenIsElevated;
642
} TOKEN_ELEVATION, *PTOKEN_ELEVATION;
644
typedef struct _TOKEN_MANDATORY_LABEL {
645
SID_AND_ATTRIBUTES Label;
646
} TOKEN_MANDATORY_LABEL, *PTOKEN_MANDATORY_LABEL;
648
#define TOKEN_MANDATORY_POLICY_OFF 0x0
649
#define TOKEN_MANDATORY_POLICY_NO_WRITE_UP 0x1
650
#define TOKEN_MANDATORY_POLICY_NEW_PROCESS_MIN 0x2
652
#define TOKEN_MANDATORY_POLICY_VALID_MASK (TOKEN_MANDATORY_POLICY_NO_WRITE_UP | \
653
TOKEN_MANDATORY_POLICY_NEW_PROCESS_MIN)
655
typedef struct _TOKEN_MANDATORY_POLICY {
657
} TOKEN_MANDATORY_POLICY, *PTOKEN_MANDATORY_POLICY;
659
typedef struct _TOKEN_ACCESS_INFORMATION {
660
PSID_AND_ATTRIBUTES_HASH SidHash;
661
PSID_AND_ATTRIBUTES_HASH RestrictedSidHash;
662
PTOKEN_PRIVILEGES Privileges;
663
LUID AuthenticationId;
664
TOKEN_TYPE TokenType;
665
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
666
TOKEN_MANDATORY_POLICY MandatoryPolicy;
668
} TOKEN_ACCESS_INFORMATION, *PTOKEN_ACCESS_INFORMATION;
670
#define POLICY_AUDIT_SUBCATEGORY_COUNT (53)
672
typedef struct _TOKEN_AUDIT_POLICY {
673
UCHAR PerUserPolicy[((POLICY_AUDIT_SUBCATEGORY_COUNT) >> 1) + 1];
674
} TOKEN_AUDIT_POLICY, *PTOKEN_AUDIT_POLICY;
676
#define TOKEN_SOURCE_LENGTH 8
678
typedef struct _TOKEN_SOURCE {
679
CHAR SourceName[TOKEN_SOURCE_LENGTH];
680
LUID SourceIdentifier;
681
} TOKEN_SOURCE,*PTOKEN_SOURCE;
683
typedef struct _TOKEN_STATISTICS {
685
LUID AuthenticationId;
686
LARGE_INTEGER ExpirationTime;
687
TOKEN_TYPE TokenType;
688
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
689
ULONG DynamicCharged;
690
ULONG DynamicAvailable;
692
ULONG PrivilegeCount;
694
} TOKEN_STATISTICS, *PTOKEN_STATISTICS;
696
typedef struct _TOKEN_CONTROL {
698
LUID AuthenticationId;
700
TOKEN_SOURCE TokenSource;
701
} TOKEN_CONTROL,*PTOKEN_CONTROL;
703
typedef struct _TOKEN_ORIGIN {
704
LUID OriginatingLogonSession;
705
} TOKEN_ORIGIN, *PTOKEN_ORIGIN;
707
typedef enum _MANDATORY_LEVEL {
708
MandatoryLevelUntrusted = 0,
710
MandatoryLevelMedium,
712
MandatoryLevelSystem,
713
MandatoryLevelSecureProcess,
715
} MANDATORY_LEVEL, *PMANDATORY_LEVEL;
717
#define TOKEN_HAS_TRAVERSE_PRIVILEGE 0x0001
718
#define TOKEN_HAS_BACKUP_PRIVILEGE 0x0002
719
#define TOKEN_HAS_RESTORE_PRIVILEGE 0x0004
720
#define TOKEN_WRITE_RESTRICTED 0x0008
721
#define TOKEN_IS_RESTRICTED 0x0010
722
#define TOKEN_SESSION_NOT_REFERENCED 0x0020
723
#define TOKEN_SANDBOX_INERT 0x0040
724
#define TOKEN_HAS_IMPERSONATE_PRIVILEGE 0x0080
725
#define SE_BACKUP_PRIVILEGES_CHECKED 0x0100
726
#define TOKEN_VIRTUALIZE_ALLOWED 0x0200
727
#define TOKEN_VIRTUALIZE_ENABLED 0x0400
728
#define TOKEN_IS_FILTERED 0x0800
729
#define TOKEN_UIACCESS 0x1000
730
#define TOKEN_NOT_LOW 0x2000
732
typedef struct _SE_EXPORTS {
733
LUID SeCreateTokenPrivilege;
734
LUID SeAssignPrimaryTokenPrivilege;
735
LUID SeLockMemoryPrivilege;
736
LUID SeIncreaseQuotaPrivilege;
737
LUID SeUnsolicitedInputPrivilege;
739
LUID SeSecurityPrivilege;
740
LUID SeTakeOwnershipPrivilege;
741
LUID SeLoadDriverPrivilege;
742
LUID SeCreatePagefilePrivilege;
743
LUID SeIncreaseBasePriorityPrivilege;
744
LUID SeSystemProfilePrivilege;
745
LUID SeSystemtimePrivilege;
746
LUID SeProfileSingleProcessPrivilege;
747
LUID SeCreatePermanentPrivilege;
748
LUID SeBackupPrivilege;
749
LUID SeRestorePrivilege;
750
LUID SeShutdownPrivilege;
751
LUID SeDebugPrivilege;
752
LUID SeAuditPrivilege;
753
LUID SeSystemEnvironmentPrivilege;
754
LUID SeChangeNotifyPrivilege;
755
LUID SeRemoteShutdownPrivilege;
759
PSID SeCreatorOwnerSid;
760
PSID SeCreatorGroupSid;
761
PSID SeNtAuthoritySid;
765
PSID SeInteractiveSid;
766
PSID SeLocalSystemSid;
767
PSID SeAliasAdminsSid;
768
PSID SeAliasUsersSid;
769
PSID SeAliasGuestsSid;
770
PSID SeAliasPowerUsersSid;
771
PSID SeAliasAccountOpsSid;
772
PSID SeAliasSystemOpsSid;
773
PSID SeAliasPrintOpsSid;
774
PSID SeAliasBackupOpsSid;
775
PSID SeAuthenticatedUsersSid;
776
PSID SeRestrictedSid;
777
PSID SeAnonymousLogonSid;
778
LUID SeUndockPrivilege;
779
LUID SeSyncAgentPrivilege;
780
LUID SeEnableDelegationPrivilege;
781
PSID SeLocalServiceSid;
782
PSID SeNetworkServiceSid;
783
LUID SeManageVolumePrivilege;
784
LUID SeImpersonatePrivilege;
785
LUID SeCreateGlobalPrivilege;
786
LUID SeTrustedCredManAccessPrivilege;
787
LUID SeRelabelPrivilege;
788
LUID SeIncreaseWorkingSetPrivilege;
789
LUID SeTimeZonePrivilege;
790
LUID SeCreateSymbolicLinkPrivilege;
792
PSID SeUntrustedMandatorySid;
793
PSID SeLowMandatorySid;
794
PSID SeMediumMandatorySid;
795
PSID SeHighMandatorySid;
796
PSID SeSystemMandatorySid;
797
PSID SeOwnerRightsSid;
798
} SE_EXPORTS, *PSE_EXPORTS;
801
(NTAPI *PSE_LOGON_SESSION_TERMINATED_ROUTINE)(
803
/******************************************************************************
804
* Runtime Library Types *
805
******************************************************************************/
808
#define RTL_SYSTEM_VOLUME_INFORMATION_FOLDER L"System Volume Information"
811
(NTAPI *PRTL_ALLOCATE_STRING_ROUTINE)(
812
IN SIZE_T NumberOfBytes);
814
#if _WIN32_WINNT >= 0x0600
816
(NTAPI *PRTL_REALLOCATE_STRING_ROUTINE)(
817
IN SIZE_T NumberOfBytes,
822
(NTAPI *PRTL_FREE_STRING_ROUTINE)(
825
extern const PRTL_ALLOCATE_STRING_ROUTINE RtlAllocateStringRoutine;
826
extern const PRTL_FREE_STRING_ROUTINE RtlFreeStringRoutine;
828
#if _WIN32_WINNT >= 0x0600
829
extern const PRTL_REALLOCATE_STRING_ROUTINE RtlReallocateStringRoutine;
833
(NTAPI * PRTL_HEAP_COMMIT_ROUTINE) (
835
IN OUT PVOID *CommitAddress,
836
IN OUT PSIZE_T CommitSize);
838
typedef struct _RTL_HEAP_PARAMETERS {
840
SIZE_T SegmentReserve;
841
SIZE_T SegmentCommit;
842
SIZE_T DeCommitFreeBlockThreshold;
843
SIZE_T DeCommitTotalFreeThreshold;
844
SIZE_T MaximumAllocationSize;
845
SIZE_T VirtualMemoryThreshold;
846
SIZE_T InitialCommit;
847
SIZE_T InitialReserve;
848
PRTL_HEAP_COMMIT_ROUTINE CommitRoutine;
850
} RTL_HEAP_PARAMETERS, *PRTL_HEAP_PARAMETERS;
852
#if (NTDDI_VERSION >= NTDDI_WIN2K)
854
typedef struct _GENERATE_NAME_CONTEXT {
856
BOOLEAN CheckSumInserted;
859
ULONG ExtensionLength;
860
WCHAR ExtensionBuffer[4];
861
ULONG LastIndexValue;
862
} GENERATE_NAME_CONTEXT, *PGENERATE_NAME_CONTEXT;
864
typedef struct _PREFIX_TABLE_ENTRY {
867
struct _PREFIX_TABLE_ENTRY *NextPrefixTree;
868
RTL_SPLAY_LINKS Links;
870
} PREFIX_TABLE_ENTRY, *PPREFIX_TABLE_ENTRY;
872
typedef struct _PREFIX_TABLE {
875
PPREFIX_TABLE_ENTRY NextPrefixTree;
876
} PREFIX_TABLE, *PPREFIX_TABLE;
878
typedef struct _UNICODE_PREFIX_TABLE_ENTRY {
881
struct _UNICODE_PREFIX_TABLE_ENTRY *NextPrefixTree;
882
struct _UNICODE_PREFIX_TABLE_ENTRY *CaseMatch;
883
RTL_SPLAY_LINKS Links;
884
PUNICODE_STRING Prefix;
885
} UNICODE_PREFIX_TABLE_ENTRY, *PUNICODE_PREFIX_TABLE_ENTRY;
887
typedef struct _UNICODE_PREFIX_TABLE {
890
PUNICODE_PREFIX_TABLE_ENTRY NextPrefixTree;
891
PUNICODE_PREFIX_TABLE_ENTRY LastNextEntry;
892
} UNICODE_PREFIX_TABLE, *PUNICODE_PREFIX_TABLE;
894
#endif /* (NTDDI_VERSION >= NTDDI_WIN2K) */
896
#if (NTDDI_VERSION >= NTDDI_WINXP)
897
typedef struct _COMPRESSED_DATA_INFO {
898
USHORT CompressionFormatAndEngine;
899
UCHAR CompressionUnitShift;
903
USHORT NumberOfChunks;
904
ULONG CompressedChunkSizes[ANYSIZE_ARRAY];
905
} COMPRESSED_DATA_INFO, *PCOMPRESSED_DATA_INFO;
907
/******************************************************************************
908
* Runtime Library Functions *
909
******************************************************************************/
912
#if (NTDDI_VERSION >= NTDDI_WIN2K)
919
IN HANDLE HeapHandle,
920
IN ULONG Flags OPTIONAL,
928
IN ULONG Flags OPTIONAL,
929
IN PVOID BaseAddress);
935
OUT PCONTEXT ContextRecord);
946
RtlCreateUnicodeString(
947
OUT PUNICODE_STRING DestinationString,
948
IN PCWSTR SourceString);
953
RtlAppendStringToString(
954
IN OUT PSTRING Destination,
955
IN const STRING *Source);
960
RtlOemStringToUnicodeString(
961
IN OUT PUNICODE_STRING DestinationString,
962
IN PCOEM_STRING SourceString,
963
IN BOOLEAN AllocateDestinationString);
968
RtlUnicodeStringToOemString(
969
IN OUT POEM_STRING DestinationString,
970
IN PCUNICODE_STRING SourceString,
971
IN BOOLEAN AllocateDestinationString);
976
RtlUpcaseUnicodeStringToOemString(
977
IN OUT POEM_STRING DestinationString,
978
IN PCUNICODE_STRING SourceString,
979
IN BOOLEAN AllocateDestinationString);
984
RtlOemStringToCountedUnicodeString(
985
IN OUT PUNICODE_STRING DestinationString,
986
IN PCOEM_STRING SourceString,
987
IN BOOLEAN AllocateDestinationString);
992
RtlUnicodeStringToCountedOemString(
993
IN OUT POEM_STRING DestinationString,
994
IN PCUNICODE_STRING SourceString,
995
IN BOOLEAN AllocateDestinationString);
1000
RtlUpcaseUnicodeStringToCountedOemString(
1001
IN OUT POEM_STRING DestinationString,
1002
IN PCUNICODE_STRING SourceString,
1003
IN BOOLEAN AllocateDestinationString);
1008
RtlDowncaseUnicodeString(
1009
IN OUT PUNICODE_STRING UniDest,
1010
IN PCUNICODE_STRING UniSource,
1011
IN BOOLEAN AllocateDestinationString);
1017
IN OUT POEM_STRING OemString);
1022
RtlxUnicodeStringToOemSize(
1023
IN PCUNICODE_STRING UnicodeString);
1028
RtlxOemStringToUnicodeSize(
1029
IN PCOEM_STRING OemString);
1034
RtlMultiByteToUnicodeN(
1035
OUT PWCH UnicodeString,
1036
IN ULONG MaxBytesInUnicodeString,
1037
OUT PULONG BytesInUnicodeString OPTIONAL,
1038
IN const CHAR *MultiByteString,
1039
IN ULONG BytesInMultiByteString);
1044
RtlMultiByteToUnicodeSize(
1045
OUT PULONG BytesInUnicodeString,
1046
IN const CHAR *MultiByteString,
1047
IN ULONG BytesInMultiByteString);
1052
RtlUnicodeToMultiByteSize(
1053
OUT PULONG BytesInMultiByteString,
1054
IN PCWCH UnicodeString,
1055
IN ULONG BytesInUnicodeString);
1060
RtlUnicodeToMultiByteN(
1061
OUT PCHAR MultiByteString,
1062
IN ULONG MaxBytesInMultiByteString,
1063
OUT PULONG BytesInMultiByteString OPTIONAL,
1064
IN PWCH UnicodeString,
1065
IN ULONG BytesInUnicodeString);
1070
RtlUpcaseUnicodeToMultiByteN(
1071
OUT PCHAR MultiByteString,
1072
IN ULONG MaxBytesInMultiByteString,
1073
OUT PULONG BytesInMultiByteString OPTIONAL,
1074
IN PCWCH UnicodeString,
1075
IN ULONG BytesInUnicodeString);
1081
OUT PWSTR UnicodeString,
1082
IN ULONG MaxBytesInUnicodeString,
1083
OUT PULONG BytesInUnicodeString OPTIONAL,
1085
IN ULONG BytesInOemString);
1091
OUT PCHAR OemString,
1092
IN ULONG MaxBytesInOemString,
1093
OUT PULONG BytesInOemString OPTIONAL,
1094
IN PCWCH UnicodeString,
1095
IN ULONG BytesInUnicodeString);
1100
RtlUpcaseUnicodeToOemN(
1101
OUT PCHAR OemString,
1102
IN ULONG MaxBytesInOemString,
1103
OUT PULONG BytesInOemString OPTIONAL,
1104
IN PCWCH UnicodeString,
1105
IN ULONG BytesInUnicodeString);
1107
#if (NTDDI_VERSION >= NTDDI_VISTASP1)
1111
RtlGenerate8dot3Name(
1112
IN PCUNICODE_STRING Name,
1113
IN BOOLEAN AllowExtendedCharacters,
1114
IN OUT PGENERATE_NAME_CONTEXT Context,
1115
IN OUT PUNICODE_STRING Name8dot3);
1120
RtlGenerate8dot3Name(
1121
IN PCUNICODE_STRING Name,
1122
IN BOOLEAN AllowExtendedCharacters,
1123
IN OUT PGENERATE_NAME_CONTEXT Context,
1124
IN OUT PUNICODE_STRING Name8dot3);
1130
RtlIsNameLegalDOS8Dot3(
1131
IN PCUNICODE_STRING Name,
1132
IN OUT POEM_STRING OemName OPTIONAL,
1133
IN OUT PBOOLEAN NameContainsSpaces OPTIONAL);
1138
RtlIsValidOemCharacter(
1139
IN OUT PWCHAR Char);
1145
OUT PPREFIX_TABLE PrefixTable);
1151
IN PPREFIX_TABLE PrefixTable,
1153
OUT PPREFIX_TABLE_ENTRY PrefixTableEntry);
1159
IN PPREFIX_TABLE PrefixTable,
1160
IN PPREFIX_TABLE_ENTRY PrefixTableEntry);
1166
IN PPREFIX_TABLE PrefixTable,
1167
IN PSTRING FullName);
1172
RtlInitializeUnicodePrefix(
1173
OUT PUNICODE_PREFIX_TABLE PrefixTable);
1178
RtlInsertUnicodePrefix(
1179
IN PUNICODE_PREFIX_TABLE PrefixTable,
1180
IN PUNICODE_STRING Prefix,
1181
OUT PUNICODE_PREFIX_TABLE_ENTRY PrefixTableEntry);
1186
RtlRemoveUnicodePrefix(
1187
IN PUNICODE_PREFIX_TABLE PrefixTable,
1188
IN PUNICODE_PREFIX_TABLE_ENTRY PrefixTableEntry);
1191
PUNICODE_PREFIX_TABLE_ENTRY
1193
RtlFindUnicodePrefix(
1194
IN PUNICODE_PREFIX_TABLE PrefixTable,
1195
IN PUNICODE_STRING FullName,
1196
IN ULONG CaseInsensitiveIndex);
1199
PUNICODE_PREFIX_TABLE_ENTRY
1201
RtlNextUnicodePrefix(
1202
IN PUNICODE_PREFIX_TABLE PrefixTable,
1203
IN BOOLEAN Restart);
1208
RtlCompareMemoryUlong(
1216
RtlTimeToSecondsSince1980(
1217
IN PLARGE_INTEGER Time,
1218
OUT PULONG ElapsedSeconds);
1223
RtlSecondsSince1980ToTime(
1224
IN ULONG ElapsedSeconds,
1225
OUT PLARGE_INTEGER Time);
1230
RtlTimeToSecondsSince1970(
1231
IN PLARGE_INTEGER Time,
1232
OUT PULONG ElapsedSeconds);
1237
RtlSecondsSince1970ToTime(
1238
IN ULONG ElapsedSeconds,
1239
OUT PLARGE_INTEGER Time);
1264
RtlLengthRequiredSid(
1265
IN ULONG SubAuthorityCount);
1276
RtlAllocateAndInitializeSid(
1277
IN PSID_IDENTIFIER_AUTHORITY IdentifierAuthority,
1278
IN UCHAR SubAuthorityCount,
1279
IN ULONG SubAuthority0,
1280
IN ULONG SubAuthority1,
1281
IN ULONG SubAuthority2,
1282
IN ULONG SubAuthority3,
1283
IN ULONG SubAuthority4,
1284
IN ULONG SubAuthority5,
1285
IN ULONG SubAuthority6,
1286
IN ULONG SubAuthority7,
1294
IN PSID_IDENTIFIER_AUTHORITY IdentifierAuthority,
1295
IN UCHAR SubAuthorityCount);
1302
IN ULONG SubAuthority);
1315
IN PSID Destination,
1321
RtlConvertSidToUnicodeString(
1322
IN OUT PUNICODE_STRING UnicodeString,
1324
IN BOOLEAN AllocateDestinationString);
1330
OUT PLUID DestinationLuid,
1331
IN PLUID SourceLuid);
1339
IN ULONG AclRevision);
1346
IN ULONG AceRevision,
1347
IN ULONG StartingAceIndex,
1349
IN ULONG AceListLength);
1369
RtlAddAccessAllowedAce(
1371
IN ULONG AceRevision,
1372
IN ACCESS_MASK AccessMask,
1378
RtlAddAccessAllowedAceEx(
1380
IN ULONG AceRevision,
1382
IN ACCESS_MASK AccessMask,
1388
RtlCreateSecurityDescriptorRelative(
1389
OUT PISECURITY_DESCRIPTOR_RELATIVE SecurityDescriptor,
1395
RtlGetDaclSecurityDescriptor(
1396
IN PSECURITY_DESCRIPTOR SecurityDescriptor,
1397
OUT PBOOLEAN DaclPresent,
1399
OUT PBOOLEAN DaclDefaulted);
1404
RtlSetOwnerSecurityDescriptor(
1405
IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor,
1406
IN PSID Owner OPTIONAL,
1407
IN BOOLEAN OwnerDefaulted);
1412
RtlGetOwnerSecurityDescriptor(
1413
IN PSECURITY_DESCRIPTOR SecurityDescriptor,
1415
OUT PBOOLEAN OwnerDefaulted);
1420
RtlNtStatusToDosError(
1421
IN NTSTATUS Status);
1426
RtlCustomCPToUnicodeN(
1427
IN PCPTABLEINFO CustomCP,
1428
OUT PWCH UnicodeString,
1429
IN ULONG MaxBytesInUnicodeString,
1430
OUT PULONG BytesInUnicodeString OPTIONAL,
1431
IN PCH CustomCPString,
1432
IN ULONG BytesInCustomCPString);
1437
RtlUnicodeToCustomCPN(
1438
IN PCPTABLEINFO CustomCP,
1439
OUT PCH CustomCPString,
1440
IN ULONG MaxBytesInCustomCPString,
1441
OUT PULONG BytesInCustomCPString OPTIONAL,
1442
IN PWCH UnicodeString,
1443
IN ULONG BytesInUnicodeString);
1448
RtlUpcaseUnicodeToCustomCPN(
1449
IN PCPTABLEINFO CustomCP,
1450
OUT PCH CustomCPString,
1451
IN ULONG MaxBytesInCustomCPString,
1452
OUT PULONG BytesInCustomCPString OPTIONAL,
1453
IN PWCH UnicodeString,
1454
IN ULONG BytesInUnicodeString);
1459
RtlInitCodePageTable(
1460
IN PUSHORT TableBase,
1461
IN OUT PCPTABLEINFO CodePageTable);
1464
#endif /* (NTDDI_VERSION >= NTDDI_WIN2K) */
1467
#if (NTDDI_VERSION >= NTDDI_WINXP)
1476
IN PVOID HeapBase OPTIONAL,
1477
IN SIZE_T ReserveSize OPTIONAL,
1478
IN SIZE_T CommitSize OPTIONAL,
1479
IN PVOID Lock OPTIONAL,
1480
IN PRTL_HEAP_PARAMETERS Parameters OPTIONAL);
1486
IN PVOID HeapHandle);
1491
RtlCaptureStackBackTrace(
1492
IN ULONG FramesToSkip,
1493
IN ULONG FramesToCapture,
1494
OUT PVOID *BackTrace,
1495
OUT PULONG BackTraceHash OPTIONAL);
1501
IN OUT PULONG Seed);
1506
RtlInitUnicodeStringEx(
1507
OUT PUNICODE_STRING DestinationString,
1508
IN PCWSTR SourceString OPTIONAL);
1513
RtlValidateUnicodeString(
1515
IN PCUNICODE_STRING String);
1520
RtlDuplicateUnicodeString(
1522
IN PCUNICODE_STRING SourceString,
1523
OUT PUNICODE_STRING DestinationString);
1528
RtlGetCompressionWorkSpaceSize(
1529
IN USHORT CompressionFormatAndEngine,
1530
OUT PULONG CompressBufferWorkSpaceSize,
1531
OUT PULONG CompressFragmentWorkSpaceSize);
1537
IN USHORT CompressionFormatAndEngine,
1538
IN PUCHAR UncompressedBuffer,
1539
IN ULONG UncompressedBufferSize,
1540
OUT PUCHAR CompressedBuffer,
1541
IN ULONG CompressedBufferSize,
1542
IN ULONG UncompressedChunkSize,
1543
OUT PULONG FinalCompressedSize,
1544
IN PVOID WorkSpace);
1549
RtlDecompressBuffer(
1550
IN USHORT CompressionFormat,
1551
OUT PUCHAR UncompressedBuffer,
1552
IN ULONG UncompressedBufferSize,
1553
IN PUCHAR CompressedBuffer,
1554
IN ULONG CompressedBufferSize,
1555
OUT PULONG FinalUncompressedSize);
1560
RtlDecompressFragment(
1561
IN USHORT CompressionFormat,
1562
OUT PUCHAR UncompressedFragment,
1563
IN ULONG UncompressedFragmentSize,
1564
IN PUCHAR CompressedBuffer,
1565
IN ULONG CompressedBufferSize,
1566
IN ULONG FragmentOffset,
1567
OUT PULONG FinalUncompressedSize,
1568
IN PVOID WorkSpace);
1574
IN USHORT CompressionFormat,
1575
IN OUT PUCHAR *CompressedBuffer,
1576
IN PUCHAR EndOfCompressedBufferPlus1,
1577
OUT PUCHAR *ChunkBuffer,
1578
OUT PULONG ChunkSize);
1584
IN USHORT CompressionFormat,
1585
IN OUT PUCHAR *CompressedBuffer,
1586
IN PUCHAR EndOfCompressedBufferPlus1,
1587
OUT PUCHAR *ChunkBuffer,
1588
IN ULONG ChunkSize);
1593
RtlDecompressChunks(
1594
OUT PUCHAR UncompressedBuffer,
1595
IN ULONG UncompressedBufferSize,
1596
IN PUCHAR CompressedBuffer,
1597
IN ULONG CompressedBufferSize,
1598
IN PUCHAR CompressedTail,
1599
IN ULONG CompressedTailSize,
1600
IN PCOMPRESSED_DATA_INFO CompressedDataInfo);
1606
IN PUCHAR UncompressedBuffer,
1607
IN ULONG UncompressedBufferSize,
1608
OUT PUCHAR CompressedBuffer,
1609
IN ULONG CompressedBufferSize,
1610
IN OUT PCOMPRESSED_DATA_INFO CompressedDataInfo,
1611
IN ULONG CompressedDataInfoLength,
1612
IN PVOID WorkSpace);
1615
PSID_IDENTIFIER_AUTHORITY
1617
RtlIdentifierAuthoritySid(
1623
RtlSubAuthorityCountSid(
1629
RtlNtStatusToDosErrorNoTeb(
1630
IN NTSTATUS Status);
1635
RtlCreateSystemVolumeInformationFolder(
1636
IN PCUNICODE_STRING VolumeRootPath);
1638
#if defined(_M_AMD64)
1642
RtlFillMemoryUlong (
1643
OUT PVOID Destination,
1647
PULONG Address = (PULONG)Destination;
1648
if ((Length /= 4) != 0) {
1649
if (((ULONG64)Address & 4) != 0) {
1651
if ((Length -= 1) == 0) {
1656
__stosq((PULONG64)(Address), Pattern | ((ULONG64)Pattern << 32), Length / 2);
1657
if ((Length & 1) != 0) Address[Length - 1] = Pattern;
1662
#define RtlFillMemoryUlonglong(Destination, Length, Pattern) \
1663
__stosq((PULONG64)(Destination), Pattern, (Length) / 8)
1671
OUT PVOID Destination,
1678
RtlFillMemoryUlonglong(
1679
OUT PVOID Destination,
1681
IN ULONGLONG Pattern);
1683
#endif /* defined(_M_AMD64) */
1685
#endif /* (NTDDI_VERSION >= NTDDI_WINXP) */
1687
#if (NTDDI_VERSION >= NTDDI_WS03)
1691
RtlInitAnsiStringEx(
1692
OUT PANSI_STRING DestinationString,
1693
IN PCSZ SourceString OPTIONAL);
1696
#if (NTDDI_VERSION >= NTDDI_WS03SP1)
1701
RtlGetSaclSecurityDescriptor(
1702
IN PSECURITY_DESCRIPTOR SecurityDescriptor,
1703
OUT PBOOLEAN SaclPresent,
1705
OUT PBOOLEAN SaclDefaulted);
1710
RtlSetGroupSecurityDescriptor(
1711
IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor,
1712
IN PSID Group OPTIONAL,
1713
IN BOOLEAN GroupDefaulted OPTIONAL);
1718
RtlGetGroupSecurityDescriptor(
1719
IN PSECURITY_DESCRIPTOR SecurityDescriptor,
1721
OUT PBOOLEAN GroupDefaulted);
1726
RtlAbsoluteToSelfRelativeSD(
1727
IN PSECURITY_DESCRIPTOR AbsoluteSecurityDescriptor,
1728
OUT PSECURITY_DESCRIPTOR SelfRelativeSecurityDescriptor OPTIONAL,
1729
IN OUT PULONG BufferLength);
1734
RtlSelfRelativeToAbsoluteSD(
1735
IN PSECURITY_DESCRIPTOR SelfRelativeSecurityDescriptor,
1736
OUT PSECURITY_DESCRIPTOR AbsoluteSecurityDescriptor OPTIONAL,
1737
IN OUT PULONG AbsoluteSecurityDescriptorSize,
1738
OUT PACL Dacl OPTIONAL,
1739
IN OUT PULONG DaclSize,
1740
OUT PACL Sacl OPTIONAL,
1741
IN OUT PULONG SaclSize,
1742
OUT PSID Owner OPTIONAL,
1743
IN OUT PULONG OwnerSize,
1744
OUT PSID PrimaryGroup OPTIONAL,
1745
IN OUT PULONG PrimaryGroupSize);
1747
#endif /* (NTDDI_VERSION >= NTDDI_WS03SP1) */
1749
#if (NTDDI_VERSION >= NTDDI_VISTA)
1756
IN PCWSTR SourceString,
1757
IN LONG SourceStringLength,
1758
OUT PWSTR DestinationString,
1759
IN OUT PLONG DestinationStringLength);
1764
RtlIsNormalizedString(
1766
IN PCWSTR SourceString,
1767
IN LONG SourceStringLength,
1768
OUT PBOOLEAN Normalized);
1775
IN PCWSTR SourceString,
1776
IN LONG SourceStringLength,
1777
OUT PWSTR DestinationString,
1778
IN OUT PLONG DestinationStringLength);
1785
IN PCWSTR SourceString,
1786
IN LONG SourceStringLength,
1787
OUT PWSTR DestinationString,
1788
IN OUT PLONG DestinationStringLength);
1793
RtlIdnToNameprepUnicode(
1795
IN PCWSTR SourceString,
1796
IN LONG SourceStringLength,
1797
OUT PWSTR DestinationString,
1798
IN OUT PLONG DestinationStringLength);
1803
RtlCreateServiceSid(
1804
IN PUNICODE_STRING ServiceName,
1805
OUT PSID ServiceSid,
1806
IN OUT PULONG ServiceSidLength);
1811
RtlCompareAltitudes(
1812
IN PCUNICODE_STRING Altitude1,
1813
IN PCUNICODE_STRING Altitude2);
1816
#endif /* (NTDDI_VERSION >= NTDDI_VISTA) */
1818
#if (NTDDI_VERSION >= NTDDI_WIN7)
1824
OUT PCHAR UTF8StringDestination,
1825
IN ULONG UTF8StringMaxByteCount,
1826
OUT PULONG UTF8StringActualByteCount,
1827
IN PCWCH UnicodeStringSource,
1828
IN ULONG UnicodeStringByteCount);
1834
OUT PWSTR UnicodeStringDestination,
1835
IN ULONG UnicodeStringMaxByteCount,
1836
OUT PULONG UnicodeStringActualByteCount,
1837
IN PCCH UTF8StringSource,
1838
IN ULONG UTF8StringByteCount);
1844
IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor,
1847
OUT ULONG *NumChanges);
1852
RtlCreateVirtualAccountSid(
1853
IN PCUNICODE_STRING Name,
1854
IN ULONG BaseSubAuthority,
1856
IN OUT PULONG SidLength);
1858
#endif /* (NTDDI_VERSION >= NTDDI_WIN7) */
1861
#if defined(_AMD64_) || defined(_IA64_)
1865
#endif /* defined(_AMD64_) || defined(_IA64_) */
1869
#define RTL_DUPLICATE_UNICODE_STRING_NULL_TERMINATE 1
1870
#define RTL_DUPLICATE_UNICODE_STRING_ALLOCATE_NULL_STRING 2
1872
#define RtlUnicodeStringToOemSize(STRING) (NLS_MB_OEM_CODE_PAGE_TAG ? \
1873
RtlxUnicodeStringToOemSize(STRING) : \
1874
((STRING)->Length + sizeof(UNICODE_NULL)) / sizeof(WCHAR) \
1877
#define RtlOemStringToUnicodeSize(STRING) ( \
1878
NLS_MB_OEM_CODE_PAGE_TAG ? \
1879
RtlxOemStringToUnicodeSize(STRING) : \
1880
((STRING)->Length + sizeof(ANSI_NULL)) * sizeof(WCHAR) \
1883
#define RtlOemStringToCountedUnicodeSize(STRING) ( \
1884
(ULONG)(RtlOemStringToUnicodeSize(STRING) - sizeof(UNICODE_NULL)) \
1887
#define RtlOffsetToPointer(B,O) ((PCHAR)(((PCHAR)(B)) + ((ULONG_PTR)(O))))
1888
#define RtlPointerToOffset(B,P) ((ULONG)(((PCHAR)(P)) - ((PCHAR)(B))))
1890
typedef enum _OBJECT_INFORMATION_CLASS {
1891
ObjectBasicInformation = 0,
1892
ObjectNameInformation = 1, /* FIXME, not in WDK */
1893
ObjectTypeInformation = 2,
1894
ObjectTypesInformation = 3, /* FIXME, not in WDK */
1895
ObjectHandleFlagInformation = 4, /* FIXME, not in WDK */
1896
ObjectSessionInformation = 5, /* FIXME, not in WDK */
1897
MaxObjectInfoClass /* FIXME, not in WDK */
1898
} OBJECT_INFORMATION_CLASS;
1904
IN HANDLE Handle OPTIONAL,
1905
IN OBJECT_INFORMATION_CLASS ObjectInformationClass,
1906
OUT PVOID ObjectInformation OPTIONAL,
1907
IN ULONG ObjectInformationLength,
1908
OUT PULONG ReturnLength OPTIONAL);
1910
#if (NTDDI_VERSION >= NTDDI_WIN2K)
1916
IN HANDLE ThreadHandle,
1917
IN ACCESS_MASK DesiredAccess,
1918
IN BOOLEAN OpenAsSelf,
1919
OUT PHANDLE TokenHandle);
1925
IN HANDLE ProcessHandle,
1926
IN ACCESS_MASK DesiredAccess,
1927
OUT PHANDLE TokenHandle);
1932
NtQueryInformationToken(
1933
IN HANDLE TokenHandle,
1934
IN TOKEN_INFORMATION_CLASS TokenInformationClass,
1935
OUT PVOID TokenInformation OPTIONAL,
1936
IN ULONG TokenInformationLength,
1937
OUT PULONG ReturnLength);
1942
NtAdjustPrivilegesToken(
1943
IN HANDLE TokenHandle,
1944
IN BOOLEAN DisableAllPrivileges,
1945
IN PTOKEN_PRIVILEGES NewState OPTIONAL,
1946
IN ULONG BufferLength,
1947
OUT PTOKEN_PRIVILEGES PreviousState,
1948
OUT PULONG ReturnLength OPTIONAL);
1954
OUT PHANDLE FileHandle,
1955
IN ACCESS_MASK DesiredAccess,
1956
IN POBJECT_ATTRIBUTES ObjectAttributes,
1957
OUT PIO_STATUS_BLOCK IoStatusBlock,
1958
IN PLARGE_INTEGER AllocationSize OPTIONAL,
1959
IN ULONG FileAttributes,
1960
IN ULONG ShareAccess,
1961
IN ULONG CreateDisposition,
1962
IN ULONG CreateOptions,
1969
NtDeviceIoControlFile(
1970
IN HANDLE FileHandle,
1971
IN HANDLE Event OPTIONAL,
1972
IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
1973
IN PVOID ApcContext OPTIONAL,
1974
OUT PIO_STATUS_BLOCK IoStatusBlock,
1975
IN ULONG IoControlCode,
1976
IN PVOID InputBuffer OPTIONAL,
1977
IN ULONG InputBufferLength,
1978
OUT PVOID OutputBuffer OPTIONAL,
1979
IN ULONG OutputBufferLength);
1985
IN HANDLE FileHandle,
1986
IN HANDLE Event OPTIONAL,
1987
IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
1988
IN PVOID ApcContext OPTIONAL,
1989
OUT PIO_STATUS_BLOCK IoStatusBlock,
1990
IN ULONG FsControlCode,
1991
IN PVOID InputBuffer OPTIONAL,
1992
IN ULONG InputBufferLength,
1993
OUT PVOID OutputBuffer OPTIONAL,
1994
IN ULONG OutputBufferLength);
2000
IN HANDLE FileHandle,
2001
IN HANDLE Event OPTIONAL,
2002
IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
2003
IN PVOID ApcContext OPTIONAL,
2004
OUT PIO_STATUS_BLOCK IoStatusBlock,
2005
IN PLARGE_INTEGER ByteOffset,
2006
IN PLARGE_INTEGER Length,
2008
IN BOOLEAN FailImmediately,
2009
IN BOOLEAN ExclusiveLock);
2015
OUT PHANDLE FileHandle,
2016
IN ACCESS_MASK DesiredAccess,
2017
IN POBJECT_ATTRIBUTES ObjectAttributes,
2018
OUT PIO_STATUS_BLOCK IoStatusBlock,
2019
IN ULONG ShareAccess,
2020
IN ULONG OpenOptions);
2025
NtQueryDirectoryFile(
2026
IN HANDLE FileHandle,
2027
IN HANDLE Event OPTIONAL,
2028
IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
2029
IN PVOID ApcContext OPTIONAL,
2030
OUT PIO_STATUS_BLOCK IoStatusBlock,
2031
OUT PVOID FileInformation,
2033
IN FILE_INFORMATION_CLASS FileInformationClass,
2034
IN BOOLEAN ReturnSingleEntry,
2035
IN PUNICODE_STRING FileName OPTIONAL,
2036
IN BOOLEAN RestartScan);
2041
NtQueryInformationFile(
2042
IN HANDLE FileHandle,
2043
OUT PIO_STATUS_BLOCK IoStatusBlock,
2044
OUT PVOID FileInformation,
2046
IN FILE_INFORMATION_CLASS FileInformationClass);
2051
NtQueryQuotaInformationFile(
2052
IN HANDLE FileHandle,
2053
OUT PIO_STATUS_BLOCK IoStatusBlock,
2056
IN BOOLEAN ReturnSingleEntry,
2058
IN ULONG SidListLength,
2059
IN PSID StartSid OPTIONAL,
2060
IN BOOLEAN RestartScan);
2065
NtQueryVolumeInformationFile(
2066
IN HANDLE FileHandle,
2067
OUT PIO_STATUS_BLOCK IoStatusBlock,
2068
OUT PVOID FsInformation,
2070
IN FS_INFORMATION_CLASS FsInformationClass);
2076
IN HANDLE FileHandle,
2077
IN HANDLE Event OPTIONAL,
2078
IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
2079
IN PVOID ApcContext OPTIONAL,
2080
OUT PIO_STATUS_BLOCK IoStatusBlock,
2083
IN PLARGE_INTEGER ByteOffset OPTIONAL,
2084
IN PULONG Key OPTIONAL);
2089
NtSetInformationFile(
2090
IN HANDLE FileHandle,
2091
OUT PIO_STATUS_BLOCK IoStatusBlock,
2092
IN PVOID FileInformation,
2094
IN FILE_INFORMATION_CLASS FileInformationClass);
2099
NtSetQuotaInformationFile(
2100
IN HANDLE FileHandle,
2101
OUT PIO_STATUS_BLOCK IoStatusBlock,
2108
NtSetVolumeInformationFile(
2109
IN HANDLE FileHandle,
2110
OUT PIO_STATUS_BLOCK IoStatusBlock,
2111
IN PVOID FsInformation,
2113
IN FS_INFORMATION_CLASS FsInformationClass);
2119
IN HANDLE FileHandle,
2120
IN HANDLE Event OPTIONAL,
2121
IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
2122
IN PVOID ApcContext OPTIONAL,
2123
OUT PIO_STATUS_BLOCK IoStatusBlock,
2126
IN PLARGE_INTEGER ByteOffset OPTIONAL,
2127
IN PULONG Key OPTIONAL);
2133
IN HANDLE FileHandle,
2134
OUT PIO_STATUS_BLOCK IoStatusBlock,
2135
IN PLARGE_INTEGER ByteOffset,
2136
IN PLARGE_INTEGER Length,
2142
NtSetSecurityObject(
2144
IN SECURITY_INFORMATION SecurityInformation,
2145
IN PSECURITY_DESCRIPTOR SecurityDescriptor);
2150
NtQuerySecurityObject(
2152
IN SECURITY_INFORMATION SecurityInformation,
2153
OUT PSECURITY_DESCRIPTOR SecurityDescriptor,
2155
OUT PULONG LengthNeeded);
2166
NtAllocateVirtualMemory(
2167
IN HANDLE ProcessHandle,
2168
IN OUT PVOID *BaseAddress,
2169
IN ULONG_PTR ZeroBits,
2170
IN OUT PSIZE_T RegionSize,
2171
IN ULONG AllocationType,
2177
NtFreeVirtualMemory(
2178
IN HANDLE ProcessHandle,
2179
IN OUT PVOID *BaseAddress,
2180
IN OUT PSIZE_T RegionSize,
2185
#if (NTDDI_VERSION >= NTDDI_WINXP)
2190
NtOpenThreadTokenEx(
2191
IN HANDLE ThreadHandle,
2192
IN ACCESS_MASK DesiredAccess,
2193
IN BOOLEAN OpenAsSelf,
2194
IN ULONG HandleAttributes,
2195
OUT PHANDLE TokenHandle);
2200
NtOpenProcessTokenEx(
2201
IN HANDLE ProcessHandle,
2202
IN ACCESS_MASK DesiredAccess,
2203
IN ULONG HandleAttributes,
2204
OUT PHANDLE TokenHandle);
2209
NtOpenJobObjectToken(
2210
IN HANDLE JobHandle,
2211
IN ACCESS_MASK DesiredAccess,
2212
OUT PHANDLE TokenHandle);
2218
IN HANDLE ExistingTokenHandle,
2219
IN ACCESS_MASK DesiredAccess,
2220
IN POBJECT_ATTRIBUTES ObjectAttributes,
2221
IN BOOLEAN EffectiveOnly,
2222
IN TOKEN_TYPE TokenType,
2223
OUT PHANDLE NewTokenHandle);
2229
IN HANDLE ExistingTokenHandle,
2231
IN PTOKEN_GROUPS SidsToDisable OPTIONAL,
2232
IN PTOKEN_PRIVILEGES PrivilegesToDelete OPTIONAL,
2233
IN PTOKEN_GROUPS RestrictedSids OPTIONAL,
2234
OUT PHANDLE NewTokenHandle);
2239
NtImpersonateAnonymousToken(
2240
IN HANDLE ThreadHandle);
2245
NtSetInformationToken(
2246
IN HANDLE TokenHandle,
2247
IN TOKEN_INFORMATION_CLASS TokenInformationClass,
2248
IN PVOID TokenInformation,
2249
IN ULONG TokenInformationLength);
2254
NtAdjustGroupsToken(
2255
IN HANDLE TokenHandle,
2256
IN BOOLEAN ResetToDefault,
2257
IN PTOKEN_GROUPS NewState OPTIONAL,
2258
IN ULONG BufferLength OPTIONAL,
2259
OUT PTOKEN_GROUPS PreviousState,
2260
OUT PULONG ReturnLength);
2266
IN HANDLE ClientToken,
2267
IN OUT PPRIVILEGE_SET RequiredPrivileges,
2268
OUT PBOOLEAN Result);
2273
NtAccessCheckAndAuditAlarm(
2274
IN PUNICODE_STRING SubsystemName,
2275
IN PVOID HandleId OPTIONAL,
2276
IN PUNICODE_STRING ObjectTypeName,
2277
IN PUNICODE_STRING ObjectName,
2278
IN PSECURITY_DESCRIPTOR SecurityDescriptor,
2279
IN ACCESS_MASK DesiredAccess,
2280
IN PGENERIC_MAPPING GenericMapping,
2281
IN BOOLEAN ObjectCreation,
2282
OUT PACCESS_MASK GrantedAccess,
2283
OUT PNTSTATUS AccessStatus,
2284
OUT PBOOLEAN GenerateOnClose);
2289
NtAccessCheckByTypeAndAuditAlarm(
2290
IN PUNICODE_STRING SubsystemName,
2292
IN PUNICODE_STRING ObjectTypeName,
2293
IN PUNICODE_STRING ObjectName,
2294
IN PSECURITY_DESCRIPTOR SecurityDescriptor,
2295
IN PSID PrincipalSelfSid OPTIONAL,
2296
IN ACCESS_MASK DesiredAccess,
2297
IN AUDIT_EVENT_TYPE AuditType,
2299
IN POBJECT_TYPE_LIST ObjectTypeList OPTIONAL,
2300
IN ULONG ObjectTypeLength,
2301
IN PGENERIC_MAPPING GenericMapping,
2302
IN BOOLEAN ObjectCreation,
2303
OUT PACCESS_MASK GrantedAccess,
2304
OUT PNTSTATUS AccessStatus,
2305
OUT PBOOLEAN GenerateOnClose);
2310
NtAccessCheckByTypeResultListAndAuditAlarm(
2311
IN PUNICODE_STRING SubsystemName,
2312
IN PVOID HandleId OPTIONAL,
2313
IN PUNICODE_STRING ObjectTypeName,
2314
IN PUNICODE_STRING ObjectName,
2315
IN PSECURITY_DESCRIPTOR SecurityDescriptor,
2316
IN PSID PrincipalSelfSid OPTIONAL,
2317
IN ACCESS_MASK DesiredAccess,
2318
IN AUDIT_EVENT_TYPE AuditType,
2320
IN POBJECT_TYPE_LIST ObjectTypeList OPTIONAL,
2321
IN ULONG ObjectTypeLength,
2322
IN PGENERIC_MAPPING GenericMapping,
2323
IN BOOLEAN ObjectCreation,
2324
OUT PACCESS_MASK GrantedAccess,
2325
OUT PNTSTATUS AccessStatus,
2326
OUT PBOOLEAN GenerateOnClose);
2330
NtAccessCheckByTypeResultListAndAuditAlarmByHandle(
2331
IN PUNICODE_STRING SubsystemName,
2332
IN PVOID HandleId OPTIONAL,
2333
IN HANDLE ClientToken,
2334
IN PUNICODE_STRING ObjectTypeName,
2335
IN PUNICODE_STRING ObjectName,
2336
IN PSECURITY_DESCRIPTOR SecurityDescriptor,
2337
IN PSID PrincipalSelfSid OPTIONAL,
2338
IN ACCESS_MASK DesiredAccess,
2339
IN AUDIT_EVENT_TYPE AuditType,
2341
IN POBJECT_TYPE_LIST ObjectTypeList OPTIONAL,
2342
IN ULONG ObjectTypeLength,
2343
IN PGENERIC_MAPPING GenericMapping,
2344
IN BOOLEAN ObjectCreation,
2345
OUT PACCESS_MASK GrantedAccess,
2346
OUT PNTSTATUS AccessStatus,
2347
OUT PBOOLEAN GenerateOnClose);
2352
NtOpenObjectAuditAlarm(
2353
IN PUNICODE_STRING SubsystemName,
2354
IN PVOID HandleId OPTIONAL,
2355
IN PUNICODE_STRING ObjectTypeName,
2356
IN PUNICODE_STRING ObjectName,
2357
IN PSECURITY_DESCRIPTOR SecurityDescriptor OPTIONAL,
2358
IN HANDLE ClientToken,
2359
IN ACCESS_MASK DesiredAccess,
2360
IN ACCESS_MASK GrantedAccess,
2361
IN PPRIVILEGE_SET Privileges OPTIONAL,
2362
IN BOOLEAN ObjectCreation,
2363
IN BOOLEAN AccessGranted,
2364
OUT PBOOLEAN GenerateOnClose);
2369
NtPrivilegeObjectAuditAlarm(
2370
IN PUNICODE_STRING SubsystemName,
2371
IN PVOID HandleId OPTIONAL,
2372
IN HANDLE ClientToken,
2373
IN ACCESS_MASK DesiredAccess,
2374
IN PPRIVILEGE_SET Privileges,
2375
IN BOOLEAN AccessGranted);
2380
NtCloseObjectAuditAlarm(
2381
IN PUNICODE_STRING SubsystemName,
2382
IN PVOID HandleId OPTIONAL,
2383
IN BOOLEAN GenerateOnClose);
2388
NtDeleteObjectAuditAlarm(
2389
IN PUNICODE_STRING SubsystemName,
2390
IN PVOID HandleId OPTIONAL,
2391
IN BOOLEAN GenerateOnClose);
2396
NtPrivilegedServiceAuditAlarm(
2397
IN PUNICODE_STRING SubsystemName,
2398
IN PUNICODE_STRING ServiceName,
2399
IN HANDLE ClientToken,
2400
IN PPRIVILEGE_SET Privileges,
2401
IN BOOLEAN AccessGranted);
2406
NtSetInformationThread(
2407
IN HANDLE ThreadHandle,
2408
IN THREADINFOCLASS ThreadInformationClass,
2409
IN PVOID ThreadInformation,
2410
IN ULONG ThreadInformationLength);
2416
OUT PHANDLE SectionHandle,
2417
IN ACCESS_MASK DesiredAccess,
2418
IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
2419
IN PLARGE_INTEGER MaximumSize OPTIONAL,
2420
IN ULONG SectionPageProtection,
2421
IN ULONG AllocationAttributes,
2422
IN HANDLE FileHandle OPTIONAL);
139
2426
#define COMPRESSION_FORMAT_NONE (0x0000)
140
2427
#define COMPRESSION_FORMAT_DEFAULT (0x0001)
167
2935
#define FILE_EA_TYPE_ASN1 0xffdd
168
2936
#define FILE_EA_TYPE_FAMILY_IDS 0xff01
170
#define FILE_NEED_EA 0x00000080
172
/* also in winnt.h */
173
#define FILE_NOTIFY_CHANGE_FILE_NAME 0x00000001
174
#define FILE_NOTIFY_CHANGE_DIR_NAME 0x00000002
175
#define FILE_NOTIFY_CHANGE_NAME 0x00000003
176
#define FILE_NOTIFY_CHANGE_ATTRIBUTES 0x00000004
177
#define FILE_NOTIFY_CHANGE_SIZE 0x00000008
178
#define FILE_NOTIFY_CHANGE_LAST_WRITE 0x00000010
179
#define FILE_NOTIFY_CHANGE_LAST_ACCESS 0x00000020
180
#define FILE_NOTIFY_CHANGE_CREATION 0x00000040
181
#define FILE_NOTIFY_CHANGE_EA 0x00000080
182
#define FILE_NOTIFY_CHANGE_SECURITY 0x00000100
183
#define FILE_NOTIFY_CHANGE_STREAM_NAME 0x00000200
184
#define FILE_NOTIFY_CHANGE_STREAM_SIZE 0x00000400
185
#define FILE_NOTIFY_CHANGE_STREAM_WRITE 0x00000800
186
#define FILE_NOTIFY_VALID_MASK 0x00000fff
189
#define FILE_OPLOCK_BROKEN_TO_LEVEL_2 0x00000007
190
#define FILE_OPLOCK_BROKEN_TO_NONE 0x00000008
192
#define FILE_OPBATCH_BREAK_UNDERWAY 0x00000009
194
#define FILE_CASE_SENSITIVE_SEARCH 0x00000001
195
#define FILE_CASE_PRESERVED_NAMES 0x00000002
196
#define FILE_UNICODE_ON_DISK 0x00000004
197
#define FILE_PERSISTENT_ACLS 0x00000008
198
#define FILE_FILE_COMPRESSION 0x00000010
199
#define FILE_VOLUME_QUOTAS 0x00000020
200
#define FILE_SUPPORTS_SPARSE_FILES 0x00000040
201
#define FILE_SUPPORTS_REPARSE_POINTS 0x00000080
202
#define FILE_SUPPORTS_REMOTE_STORAGE 0x00000100
203
#define FS_LFN_APIS 0x00004000
204
#define FILE_VOLUME_IS_COMPRESSED 0x00008000
205
#define FILE_SUPPORTS_OBJECT_IDS 0x00010000
206
#define FILE_SUPPORTS_ENCRYPTION 0x00020000
207
#define FILE_NAMED_STREAMS 0x00040000
208
#define FILE_READ_ONLY_VOLUME 0x00080000
209
#define FILE_SEQUENTIAL_WRITE_ONCE 0x00100000
210
#define FILE_SUPPORTS_TRANSACTIONS 0x00200000
212
#define FILE_PIPE_BYTE_STREAM_TYPE 0x00000000
213
#define FILE_PIPE_MESSAGE_TYPE 0x00000001
215
#define FILE_PIPE_BYTE_STREAM_MODE 0x00000000
216
#define FILE_PIPE_MESSAGE_MODE 0x00000001
218
#define FILE_PIPE_QUEUE_OPERATION 0x00000000
219
#define FILE_PIPE_COMPLETE_OPERATION 0x00000001
221
#define FILE_PIPE_INBOUND 0x00000000
222
#define FILE_PIPE_OUTBOUND 0x00000001
223
#define FILE_PIPE_FULL_DUPLEX 0x00000002
225
#define FILE_PIPE_DISCONNECTED_STATE 0x00000001
226
#define FILE_PIPE_LISTENING_STATE 0x00000002
227
#define FILE_PIPE_CONNECTED_STATE 0x00000003
228
#define FILE_PIPE_CLOSING_STATE 0x00000004
230
#define FILE_PIPE_CLIENT_END 0x00000000
231
#define FILE_PIPE_SERVER_END 0x00000001
233
#define FILE_PIPE_READ_DATA 0x00000000
234
#define FILE_PIPE_WRITE_SPACE 0x00000001
236
#define FILE_STORAGE_TYPE_SPECIFIED 0x00000041 /* FILE_DIRECTORY_FILE | FILE_NON_DIRECTORY_FILE */
237
#define FILE_STORAGE_TYPE_DEFAULT (StorageTypeDefault << FILE_STORAGE_TYPE_SHIFT)
238
#define FILE_STORAGE_TYPE_DIRECTORY (StorageTypeDirectory << FILE_STORAGE_TYPE_SHIFT)
239
#define FILE_STORAGE_TYPE_FILE (StorageTypeFile << FILE_STORAGE_TYPE_SHIFT)
240
#define FILE_STORAGE_TYPE_DOCFILE (StorageTypeDocfile << FILE_STORAGE_TYPE_SHIFT)
241
#define FILE_STORAGE_TYPE_JUNCTION_POINT (StorageTypeJunctionPoint << FILE_STORAGE_TYPE_SHIFT)
242
#define FILE_STORAGE_TYPE_CATALOG (StorageTypeCatalog << FILE_STORAGE_TYPE_SHIFT)
243
#define FILE_STORAGE_TYPE_STRUCTURED_STORAGE (StorageTypeStructuredStorage << FILE_STORAGE_TYPE_SHIFT)
244
#define FILE_STORAGE_TYPE_EMBEDDING (StorageTypeEmbedding << FILE_STORAGE_TYPE_SHIFT)
245
#define FILE_STORAGE_TYPE_STREAM (StorageTypeStream << FILE_STORAGE_TYPE_SHIFT)
246
#define FILE_MINIMUM_STORAGE_TYPE FILE_STORAGE_TYPE_DEFAULT
247
#define FILE_MAXIMUM_STORAGE_TYPE FILE_STORAGE_TYPE_STREAM
248
#define FILE_STORAGE_TYPE_MASK 0x000f0000
249
#define FILE_STORAGE_TYPE_SHIFT 16
2938
typedef struct _FILE_NOTIFY_INFORMATION {
2939
ULONG NextEntryOffset;
2941
ULONG FileNameLength;
2943
} FILE_NOTIFY_INFORMATION, *PFILE_NOTIFY_INFORMATION;
2945
typedef struct _FILE_DIRECTORY_INFORMATION {
2946
ULONG NextEntryOffset;
2948
LARGE_INTEGER CreationTime;
2949
LARGE_INTEGER LastAccessTime;
2950
LARGE_INTEGER LastWriteTime;
2951
LARGE_INTEGER ChangeTime;
2952
LARGE_INTEGER EndOfFile;
2953
LARGE_INTEGER AllocationSize;
2954
ULONG FileAttributes;
2955
ULONG FileNameLength;
2957
} FILE_DIRECTORY_INFORMATION, *PFILE_DIRECTORY_INFORMATION;
2959
typedef struct _FILE_FULL_DIR_INFORMATION {
2960
ULONG NextEntryOffset;
2962
LARGE_INTEGER CreationTime;
2963
LARGE_INTEGER LastAccessTime;
2964
LARGE_INTEGER LastWriteTime;
2965
LARGE_INTEGER ChangeTime;
2966
LARGE_INTEGER EndOfFile;
2967
LARGE_INTEGER AllocationSize;
2968
ULONG FileAttributes;
2969
ULONG FileNameLength;
2972
} FILE_FULL_DIR_INFORMATION, *PFILE_FULL_DIR_INFORMATION;
2974
typedef struct _FILE_ID_FULL_DIR_INFORMATION {
2975
ULONG NextEntryOffset;
2977
LARGE_INTEGER CreationTime;
2978
LARGE_INTEGER LastAccessTime;
2979
LARGE_INTEGER LastWriteTime;
2980
LARGE_INTEGER ChangeTime;
2981
LARGE_INTEGER EndOfFile;
2982
LARGE_INTEGER AllocationSize;
2983
ULONG FileAttributes;
2984
ULONG FileNameLength;
2986
LARGE_INTEGER FileId;
2988
} FILE_ID_FULL_DIR_INFORMATION, *PFILE_ID_FULL_DIR_INFORMATION;
2990
typedef struct _FILE_BOTH_DIR_INFORMATION {
2991
ULONG NextEntryOffset;
2993
LARGE_INTEGER CreationTime;
2994
LARGE_INTEGER LastAccessTime;
2995
LARGE_INTEGER LastWriteTime;
2996
LARGE_INTEGER ChangeTime;
2997
LARGE_INTEGER EndOfFile;
2998
LARGE_INTEGER AllocationSize;
2999
ULONG FileAttributes;
3000
ULONG FileNameLength;
3002
CCHAR ShortNameLength;
3003
WCHAR ShortName[12];
3005
} FILE_BOTH_DIR_INFORMATION, *PFILE_BOTH_DIR_INFORMATION;
3007
typedef struct _FILE_ID_BOTH_DIR_INFORMATION {
3008
ULONG NextEntryOffset;
3010
LARGE_INTEGER CreationTime;
3011
LARGE_INTEGER LastAccessTime;
3012
LARGE_INTEGER LastWriteTime;
3013
LARGE_INTEGER ChangeTime;
3014
LARGE_INTEGER EndOfFile;
3015
LARGE_INTEGER AllocationSize;
3016
ULONG FileAttributes;
3017
ULONG FileNameLength;
3019
CCHAR ShortNameLength;
3020
WCHAR ShortName[12];
3021
LARGE_INTEGER FileId;
3023
} FILE_ID_BOTH_DIR_INFORMATION, *PFILE_ID_BOTH_DIR_INFORMATION;
3025
typedef struct _FILE_NAMES_INFORMATION {
3026
ULONG NextEntryOffset;
3028
ULONG FileNameLength;
3030
} FILE_NAMES_INFORMATION, *PFILE_NAMES_INFORMATION;
3032
typedef struct _FILE_ID_GLOBAL_TX_DIR_INFORMATION {
3033
ULONG NextEntryOffset;
3035
LARGE_INTEGER CreationTime;
3036
LARGE_INTEGER LastAccessTime;
3037
LARGE_INTEGER LastWriteTime;
3038
LARGE_INTEGER ChangeTime;
3039
LARGE_INTEGER EndOfFile;
3040
LARGE_INTEGER AllocationSize;
3041
ULONG FileAttributes;
3042
ULONG FileNameLength;
3043
LARGE_INTEGER FileId;
3044
GUID LockingTransactionId;
3047
} FILE_ID_GLOBAL_TX_DIR_INFORMATION, *PFILE_ID_GLOBAL_TX_DIR_INFORMATION;
3049
#define FILE_ID_GLOBAL_TX_DIR_INFO_FLAG_WRITELOCKED 0x00000001
3050
#define FILE_ID_GLOBAL_TX_DIR_INFO_FLAG_VISIBLE_TO_TX 0x00000002
3051
#define FILE_ID_GLOBAL_TX_DIR_INFO_FLAG_VISIBLE_OUTSIDE_TX 0x00000004
3053
typedef struct _FILE_OBJECTID_INFORMATION {
3054
LONGLONG FileReference;
3056
_ANONYMOUS_UNION union {
3057
_ANONYMOUS_STRUCT struct {
3058
UCHAR BirthVolumeId[16];
3059
UCHAR BirthObjectId[16];
3062
UCHAR ExtendedInfo[48];
3064
} FILE_OBJECTID_INFORMATION, *PFILE_OBJECTID_INFORMATION;
3066
#define ANSI_DOS_STAR ('<')
3067
#define ANSI_DOS_QM ('>')
3068
#define ANSI_DOS_DOT ('"')
3070
#define DOS_STAR (L'<')
3071
#define DOS_QM (L'>')
3072
#define DOS_DOT (L'"')
3074
typedef struct _FILE_INTERNAL_INFORMATION {
3075
LARGE_INTEGER IndexNumber;
3076
} FILE_INTERNAL_INFORMATION, *PFILE_INTERNAL_INFORMATION;
3078
typedef struct _FILE_EA_INFORMATION {
3080
} FILE_EA_INFORMATION, *PFILE_EA_INFORMATION;
3082
typedef struct _FILE_ACCESS_INFORMATION {
3083
ACCESS_MASK AccessFlags;
3084
} FILE_ACCESS_INFORMATION, *PFILE_ACCESS_INFORMATION;
3086
typedef struct _FILE_MODE_INFORMATION {
3088
} FILE_MODE_INFORMATION, *PFILE_MODE_INFORMATION;
3090
typedef struct _FILE_ALL_INFORMATION {
3091
FILE_BASIC_INFORMATION BasicInformation;
3092
FILE_STANDARD_INFORMATION StandardInformation;
3093
FILE_INTERNAL_INFORMATION InternalInformation;
3094
FILE_EA_INFORMATION EaInformation;
3095
FILE_ACCESS_INFORMATION AccessInformation;
3096
FILE_POSITION_INFORMATION PositionInformation;
3097
FILE_MODE_INFORMATION ModeInformation;
3098
FILE_ALIGNMENT_INFORMATION AlignmentInformation;
3099
FILE_NAME_INFORMATION NameInformation;
3100
} FILE_ALL_INFORMATION, *PFILE_ALL_INFORMATION;
3102
typedef struct _FILE_ALLOCATION_INFORMATION {
3103
LARGE_INTEGER AllocationSize;
3104
} FILE_ALLOCATION_INFORMATION, *PFILE_ALLOCATION_INFORMATION;
3106
typedef struct _FILE_COMPRESSION_INFORMATION {
3107
LARGE_INTEGER CompressedFileSize;
3108
USHORT CompressionFormat;
3109
UCHAR CompressionUnitShift;
3113
} FILE_COMPRESSION_INFORMATION, *PFILE_COMPRESSION_INFORMATION;
3115
typedef struct _FILE_LINK_INFORMATION {
3116
BOOLEAN ReplaceIfExists;
3117
HANDLE RootDirectory;
3118
ULONG FileNameLength;
3120
} FILE_LINK_INFORMATION, *PFILE_LINK_INFORMATION;
3122
typedef struct _FILE_MOVE_CLUSTER_INFORMATION {
3124
HANDLE RootDirectory;
3125
ULONG FileNameLength;
3127
} FILE_MOVE_CLUSTER_INFORMATION, *PFILE_MOVE_CLUSTER_INFORMATION;
3129
typedef struct _FILE_RENAME_INFORMATION {
3130
BOOLEAN ReplaceIfExists;
3131
HANDLE RootDirectory;
3132
ULONG FileNameLength;
3134
} FILE_RENAME_INFORMATION, *PFILE_RENAME_INFORMATION;
3136
typedef struct _FILE_STREAM_INFORMATION {
3137
ULONG NextEntryOffset;
3138
ULONG StreamNameLength;
3139
LARGE_INTEGER StreamSize;
3140
LARGE_INTEGER StreamAllocationSize;
3141
WCHAR StreamName[1];
3142
} FILE_STREAM_INFORMATION, *PFILE_STREAM_INFORMATION;
3144
typedef struct _FILE_TRACKING_INFORMATION {
3145
HANDLE DestinationFile;
3146
ULONG ObjectInformationLength;
3147
CHAR ObjectInformation[1];
3148
} FILE_TRACKING_INFORMATION, *PFILE_TRACKING_INFORMATION;
3150
typedef struct _FILE_COMPLETION_INFORMATION {
3153
} FILE_COMPLETION_INFORMATION, *PFILE_COMPLETION_INFORMATION;
3155
typedef struct _FILE_PIPE_INFORMATION {
3157
ULONG CompletionMode;
3158
} FILE_PIPE_INFORMATION, *PFILE_PIPE_INFORMATION;
3160
typedef struct _FILE_PIPE_LOCAL_INFORMATION {
3161
ULONG NamedPipeType;
3162
ULONG NamedPipeConfiguration;
3163
ULONG MaximumInstances;
3164
ULONG CurrentInstances;
3166
ULONG ReadDataAvailable;
3167
ULONG OutboundQuota;
3168
ULONG WriteQuotaAvailable;
3169
ULONG NamedPipeState;
3171
} FILE_PIPE_LOCAL_INFORMATION, *PFILE_PIPE_LOCAL_INFORMATION;
3173
typedef struct _FILE_PIPE_REMOTE_INFORMATION {
3174
LARGE_INTEGER CollectDataTime;
3175
ULONG MaximumCollectionCount;
3176
} FILE_PIPE_REMOTE_INFORMATION, *PFILE_PIPE_REMOTE_INFORMATION;
3178
typedef struct _FILE_MAILSLOT_QUERY_INFORMATION {
3179
ULONG MaximumMessageSize;
3180
ULONG MailslotQuota;
3181
ULONG NextMessageSize;
3182
ULONG MessagesAvailable;
3183
LARGE_INTEGER ReadTimeout;
3184
} FILE_MAILSLOT_QUERY_INFORMATION, *PFILE_MAILSLOT_QUERY_INFORMATION;
3186
typedef struct _FILE_MAILSLOT_SET_INFORMATION {
3187
PLARGE_INTEGER ReadTimeout;
3188
} FILE_MAILSLOT_SET_INFORMATION, *PFILE_MAILSLOT_SET_INFORMATION;
3190
typedef struct _FILE_REPARSE_POINT_INFORMATION {
3191
LONGLONG FileReference;
3193
} FILE_REPARSE_POINT_INFORMATION, *PFILE_REPARSE_POINT_INFORMATION;
3195
typedef struct _FILE_LINK_ENTRY_INFORMATION {
3196
ULONG NextEntryOffset;
3197
LONGLONG ParentFileId;
3198
ULONG FileNameLength;
3200
} FILE_LINK_ENTRY_INFORMATION, *PFILE_LINK_ENTRY_INFORMATION;
3202
typedef struct _FILE_LINKS_INFORMATION {
3204
ULONG EntriesReturned;
3205
FILE_LINK_ENTRY_INFORMATION Entry;
3206
} FILE_LINKS_INFORMATION, *PFILE_LINKS_INFORMATION;
3208
typedef struct _FILE_NETWORK_PHYSICAL_NAME_INFORMATION {
3209
ULONG FileNameLength;
3211
} FILE_NETWORK_PHYSICAL_NAME_INFORMATION, *PFILE_NETWORK_PHYSICAL_NAME_INFORMATION;
3213
typedef struct _FILE_STANDARD_LINK_INFORMATION {
3214
ULONG NumberOfAccessibleLinks;
3215
ULONG TotalNumberOfLinks;
3216
BOOLEAN DeletePending;
3218
} FILE_STANDARD_LINK_INFORMATION, *PFILE_STANDARD_LINK_INFORMATION;
3220
typedef struct _FILE_GET_EA_INFORMATION {
3221
ULONG NextEntryOffset;
3224
} FILE_GET_EA_INFORMATION, *PFILE_GET_EA_INFORMATION;
3226
#define REMOTE_PROTOCOL_FLAG_LOOPBACK 0x00000001
3227
#define REMOTE_PROTOCOL_FLAG_OFFLINE 0x00000002
3229
typedef struct _FILE_REMOTE_PROTOCOL_INFORMATION {
3230
USHORT StructureVersion;
3231
USHORT StructureSize;
3233
USHORT ProtocolMajorVersion;
3234
USHORT ProtocolMinorVersion;
3235
USHORT ProtocolRevision;
3243
} ProtocolSpecificReserved;
3244
} FILE_REMOTE_PROTOCOL_INFORMATION, *PFILE_REMOTE_PROTOCOL_INFORMATION;
3246
typedef struct _FILE_GET_QUOTA_INFORMATION {
3247
ULONG NextEntryOffset;
3250
} FILE_GET_QUOTA_INFORMATION, *PFILE_GET_QUOTA_INFORMATION;
3252
typedef struct _FILE_QUOTA_INFORMATION {
3253
ULONG NextEntryOffset;
3255
LARGE_INTEGER ChangeTime;
3256
LARGE_INTEGER QuotaUsed;
3257
LARGE_INTEGER QuotaThreshold;
3258
LARGE_INTEGER QuotaLimit;
3260
} FILE_QUOTA_INFORMATION, *PFILE_QUOTA_INFORMATION;
3262
typedef struct _FILE_FS_ATTRIBUTE_INFORMATION {
3263
ULONG FileSystemAttributes;
3264
ULONG MaximumComponentNameLength;
3265
ULONG FileSystemNameLength;
3266
WCHAR FileSystemName[1];
3267
} FILE_FS_ATTRIBUTE_INFORMATION, *PFILE_FS_ATTRIBUTE_INFORMATION;
3269
typedef struct _FILE_FS_DRIVER_PATH_INFORMATION {
3270
BOOLEAN DriverInPath;
3271
ULONG DriverNameLength;
3272
WCHAR DriverName[1];
3273
} FILE_FS_DRIVER_PATH_INFORMATION, *PFILE_FS_DRIVER_PATH_INFORMATION;
3275
typedef struct _FILE_FS_VOLUME_FLAGS_INFORMATION {
3277
} FILE_FS_VOLUME_FLAGS_INFORMATION, *PFILE_FS_VOLUME_FLAGS_INFORMATION;
251
3279
#define FILE_VC_QUOTA_NONE 0x00000000
252
3280
#define FILE_VC_QUOTA_TRACK 0x00000001
253
3281
#define FILE_VC_QUOTA_ENFORCE 0x00000002
254
3282
#define FILE_VC_QUOTA_MASK 0x00000003
256
#define FILE_VC_QUOTAS_LOG_VIOLATIONS 0x00000004
257
3283
#define FILE_VC_CONTENT_INDEX_DISABLED 0x00000008
259
3284
#define FILE_VC_LOG_QUOTA_THRESHOLD 0x00000010
260
3285
#define FILE_VC_LOG_QUOTA_LIMIT 0x00000020
261
3286
#define FILE_VC_LOG_VOLUME_THRESHOLD 0x00000040
262
3287
#define FILE_VC_LOG_VOLUME_LIMIT 0x00000080
264
3288
#define FILE_VC_QUOTAS_INCOMPLETE 0x00000100
265
3289
#define FILE_VC_QUOTAS_REBUILDING 0x00000200
267
3290
#define FILE_VC_VALID_MASK 0x000003ff
3292
typedef struct _FILE_FS_CONTROL_INFORMATION {
3293
LARGE_INTEGER FreeSpaceStartFiltering;
3294
LARGE_INTEGER FreeSpaceThreshold;
3295
LARGE_INTEGER FreeSpaceStopFiltering;
3296
LARGE_INTEGER DefaultQuotaThreshold;
3297
LARGE_INTEGER DefaultQuotaLimit;
3298
ULONG FileSystemControlFlags;
3299
} FILE_FS_CONTROL_INFORMATION, *PFILE_FS_CONTROL_INFORMATION;
3301
#ifndef _FILESYSTEMFSCTL_
3302
#define _FILESYSTEMFSCTL_
3304
#define FSCTL_REQUEST_OPLOCK_LEVEL_1 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 0, METHOD_BUFFERED, FILE_ANY_ACCESS)
3305
#define FSCTL_REQUEST_OPLOCK_LEVEL_2 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 1, METHOD_BUFFERED, FILE_ANY_ACCESS)
3306
#define FSCTL_REQUEST_BATCH_OPLOCK CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 2, METHOD_BUFFERED, FILE_ANY_ACCESS)
3307
#define FSCTL_OPLOCK_BREAK_ACKNOWLEDGE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 3, METHOD_BUFFERED, FILE_ANY_ACCESS)
3308
#define FSCTL_OPBATCH_ACK_CLOSE_PENDING CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 4, METHOD_BUFFERED, FILE_ANY_ACCESS)
3309
#define FSCTL_OPLOCK_BREAK_NOTIFY CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 5, METHOD_BUFFERED, FILE_ANY_ACCESS)
3310
#define FSCTL_LOCK_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 6, METHOD_BUFFERED, FILE_ANY_ACCESS)
3311
#define FSCTL_UNLOCK_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 7, METHOD_BUFFERED, FILE_ANY_ACCESS)
3312
#define FSCTL_DISMOUNT_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 8, METHOD_BUFFERED, FILE_ANY_ACCESS)
3313
#define FSCTL_IS_VOLUME_MOUNTED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 10, METHOD_BUFFERED, FILE_ANY_ACCESS)
3314
#define FSCTL_IS_PATHNAME_VALID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 11, METHOD_BUFFERED, FILE_ANY_ACCESS)
3315
#define FSCTL_MARK_VOLUME_DIRTY CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 12, METHOD_BUFFERED, FILE_ANY_ACCESS)
3316
#define FSCTL_QUERY_RETRIEVAL_POINTERS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 14, METHOD_NEITHER, FILE_ANY_ACCESS)
3317
#define FSCTL_GET_COMPRESSION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 15, METHOD_BUFFERED, FILE_ANY_ACCESS)
3318
#define FSCTL_SET_COMPRESSION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 16, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA)
3319
#define FSCTL_SET_BOOTLOADER_ACCESSED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 19, METHOD_NEITHER, FILE_ANY_ACCESS)
3321
#define FSCTL_OPLOCK_BREAK_ACK_NO_2 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 20, METHOD_BUFFERED, FILE_ANY_ACCESS)
3322
#define FSCTL_INVALIDATE_VOLUMES CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 21, METHOD_BUFFERED, FILE_ANY_ACCESS)
3323
#define FSCTL_QUERY_FAT_BPB CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 22, METHOD_BUFFERED, FILE_ANY_ACCESS)
3324
#define FSCTL_REQUEST_FILTER_OPLOCK CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 23, METHOD_BUFFERED, FILE_ANY_ACCESS)
3325
#define FSCTL_FILESYSTEM_GET_STATISTICS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 24, METHOD_BUFFERED, FILE_ANY_ACCESS)
3327
#if (_WIN32_WINNT >= 0x0400)
3329
#define FSCTL_GET_NTFS_VOLUME_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 25, METHOD_BUFFERED, FILE_ANY_ACCESS)
3330
#define FSCTL_GET_NTFS_FILE_RECORD CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 26, METHOD_BUFFERED, FILE_ANY_ACCESS)
3331
#define FSCTL_GET_VOLUME_BITMAP CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 27, METHOD_NEITHER, FILE_ANY_ACCESS)
3332
#define FSCTL_GET_RETRIEVAL_POINTERS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 28, METHOD_NEITHER, FILE_ANY_ACCESS)
3333
#define FSCTL_MOVE_FILE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 29, METHOD_BUFFERED, FILE_ANY_ACCESS)
3334
#define FSCTL_IS_VOLUME_DIRTY CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 30, METHOD_BUFFERED, FILE_ANY_ACCESS)
3335
#define FSCTL_ALLOW_EXTENDED_DASD_IO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 32, METHOD_NEITHER, FILE_ANY_ACCESS)
3339
#if (_WIN32_WINNT >= 0x0500)
3341
#define FSCTL_FIND_FILES_BY_SID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 35, METHOD_NEITHER, FILE_ANY_ACCESS)
3342
#define FSCTL_SET_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 38, METHOD_BUFFERED, FILE_WRITE_DATA)
3343
#define FSCTL_GET_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 39, METHOD_BUFFERED, FILE_ANY_ACCESS)
3344
#define FSCTL_DELETE_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 40, METHOD_BUFFERED, FILE_WRITE_DATA)
3345
#define FSCTL_SET_REPARSE_POINT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 41, METHOD_BUFFERED, FILE_WRITE_DATA)
3346
#define FSCTL_GET_REPARSE_POINT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 42, METHOD_BUFFERED, FILE_ANY_ACCESS)
3347
#define FSCTL_DELETE_REPARSE_POINT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 43, METHOD_BUFFERED, FILE_WRITE_DATA)
3348
#define FSCTL_ENUM_USN_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 44, METHOD_NEITHER, FILE_READ_DATA)
3349
#define FSCTL_SECURITY_ID_CHECK CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 45, METHOD_NEITHER, FILE_READ_DATA)
3350
#define FSCTL_READ_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 46, METHOD_NEITHER, FILE_READ_DATA)
3351
#define FSCTL_SET_OBJECT_ID_EXTENDED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 47, METHOD_BUFFERED, FILE_WRITE_DATA)
3352
#define FSCTL_CREATE_OR_GET_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 48, METHOD_BUFFERED, FILE_ANY_ACCESS)
3353
#define FSCTL_SET_SPARSE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 49, METHOD_BUFFERED, FILE_WRITE_DATA)
3354
#define FSCTL_SET_ZERO_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 50, METHOD_BUFFERED, FILE_WRITE_DATA)
3355
#define FSCTL_QUERY_ALLOCATED_RANGES CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 51, METHOD_NEITHER, FILE_READ_DATA)
3356
#define FSCTL_ENABLE_UPGRADE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 52, METHOD_BUFFERED, FILE_WRITE_DATA)
3357
#define FSCTL_SET_ENCRYPTION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 53, METHOD_BUFFERED, FILE_ANY_ACCESS)
3358
#define FSCTL_ENCRYPTION_FSCTL_IO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 54, METHOD_NEITHER, FILE_ANY_ACCESS)
3359
#define FSCTL_WRITE_RAW_ENCRYPTED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 55, METHOD_NEITHER, FILE_ANY_ACCESS)
3360
#define FSCTL_READ_RAW_ENCRYPTED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 56, METHOD_NEITHER, FILE_ANY_ACCESS)
3361
#define FSCTL_CREATE_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 57, METHOD_NEITHER, FILE_READ_DATA)
3362
#define FSCTL_READ_FILE_USN_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 58, METHOD_NEITHER, FILE_READ_DATA)
3363
#define FSCTL_WRITE_USN_CLOSE_RECORD CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 59, METHOD_NEITHER, FILE_READ_DATA)
3364
#define FSCTL_EXTEND_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 60, METHOD_BUFFERED, FILE_ANY_ACCESS)
3365
#define FSCTL_QUERY_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 61, METHOD_BUFFERED, FILE_ANY_ACCESS)
3366
#define FSCTL_DELETE_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 62, METHOD_BUFFERED, FILE_ANY_ACCESS)
3367
#define FSCTL_MARK_HANDLE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 63, METHOD_BUFFERED, FILE_ANY_ACCESS)
3368
#define FSCTL_SIS_COPYFILE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 64, METHOD_BUFFERED, FILE_ANY_ACCESS)
3369
#define FSCTL_SIS_LINK_FILES CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 65, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA)
3370
#define FSCTL_RECALL_FILE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 69, METHOD_NEITHER, FILE_ANY_ACCESS)
3371
#define FSCTL_READ_FROM_PLEX CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 71, METHOD_OUT_DIRECT, FILE_READ_DATA)
3372
#define FSCTL_FILE_PREFETCH CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 72, METHOD_BUFFERED, FILE_SPECIAL_ACCESS)
3376
#if (_WIN32_WINNT >= 0x0600)
3378
#define FSCTL_MAKE_MEDIA_COMPATIBLE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 76, METHOD_BUFFERED, FILE_WRITE_DATA)
3379
#define FSCTL_SET_DEFECT_MANAGEMENT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 77, METHOD_BUFFERED, FILE_WRITE_DATA)
3380
#define FSCTL_QUERY_SPARING_INFO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 78, METHOD_BUFFERED, FILE_ANY_ACCESS)
3381
#define FSCTL_QUERY_ON_DISK_VOLUME_INFO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 79, METHOD_BUFFERED, FILE_ANY_ACCESS)
3382
#define FSCTL_SET_VOLUME_COMPRESSION_STATE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 80, METHOD_BUFFERED, FILE_SPECIAL_ACCESS)
3383
#define FSCTL_TXFS_MODIFY_RM CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 81, METHOD_BUFFERED, FILE_WRITE_DATA)
3384
#define FSCTL_TXFS_QUERY_RM_INFORMATION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 82, METHOD_BUFFERED, FILE_READ_DATA)
3385
#define FSCTL_TXFS_ROLLFORWARD_REDO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 84, METHOD_BUFFERED, FILE_WRITE_DATA)
3386
#define FSCTL_TXFS_ROLLFORWARD_UNDO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 85, METHOD_BUFFERED, FILE_WRITE_DATA)
3387
#define FSCTL_TXFS_START_RM CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 86, METHOD_BUFFERED, FILE_WRITE_DATA)
3388
#define FSCTL_TXFS_SHUTDOWN_RM CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 87, METHOD_BUFFERED, FILE_WRITE_DATA)
3389
#define FSCTL_TXFS_READ_BACKUP_INFORMATION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 88, METHOD_BUFFERED, FILE_READ_DATA)
3390
#define FSCTL_TXFS_WRITE_BACKUP_INFORMATION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 89, METHOD_BUFFERED, FILE_WRITE_DATA)
3391
#define FSCTL_TXFS_CREATE_SECONDARY_RM CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 90, METHOD_BUFFERED, FILE_WRITE_DATA)
3392
#define FSCTL_TXFS_GET_METADATA_INFO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 91, METHOD_BUFFERED, FILE_READ_DATA)
3393
#define FSCTL_TXFS_GET_TRANSACTED_VERSION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 92, METHOD_BUFFERED, FILE_READ_DATA)
3394
#define FSCTL_TXFS_SAVEPOINT_INFORMATION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 94, METHOD_BUFFERED, FILE_WRITE_DATA)
3395
#define FSCTL_TXFS_CREATE_MINIVERSION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 95, METHOD_BUFFERED, FILE_WRITE_DATA)
3396
#define FSCTL_TXFS_TRANSACTION_ACTIVE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 99, METHOD_BUFFERED, FILE_READ_DATA)
3397
#define FSCTL_SET_ZERO_ON_DEALLOCATION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 101, METHOD_BUFFERED, FILE_SPECIAL_ACCESS)
3398
#define FSCTL_SET_REPAIR CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 102, METHOD_BUFFERED, FILE_ANY_ACCESS)
3399
#define FSCTL_GET_REPAIR CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 103, METHOD_BUFFERED, FILE_ANY_ACCESS)
3400
#define FSCTL_WAIT_FOR_REPAIR CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 104, METHOD_BUFFERED, FILE_ANY_ACCESS)
3401
#define FSCTL_INITIATE_REPAIR CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 106, METHOD_BUFFERED, FILE_ANY_ACCESS)
3402
#define FSCTL_CSC_INTERNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 107, METHOD_NEITHER, FILE_ANY_ACCESS)
3403
#define FSCTL_SHRINK_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 108, METHOD_BUFFERED, FILE_SPECIAL_ACCESS)
3404
#define FSCTL_SET_SHORT_NAME_BEHAVIOR CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 109, METHOD_BUFFERED, FILE_ANY_ACCESS)
3405
#define FSCTL_DFSR_SET_GHOST_HANDLE_STATE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 110, METHOD_BUFFERED, FILE_ANY_ACCESS)
3407
#define FSCTL_TXFS_LIST_TRANSACTION_LOCKED_FILES \
3408
CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 120, METHOD_BUFFERED, FILE_READ_DATA)
3409
#define FSCTL_TXFS_LIST_TRANSACTIONS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 121, METHOD_BUFFERED, FILE_READ_DATA)
3410
#define FSCTL_QUERY_PAGEFILE_ENCRYPTION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 122, METHOD_BUFFERED, FILE_ANY_ACCESS)
3411
#define FSCTL_RESET_VOLUME_ALLOCATION_HINTS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 123, METHOD_BUFFERED, FILE_ANY_ACCESS)
3412
#define FSCTL_TXFS_READ_BACKUP_INFORMATION2 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 126, METHOD_BUFFERED, FILE_ANY_ACCESS)
3416
#if (_WIN32_WINNT >= 0x0601)
3418
#define FSCTL_QUERY_DEPENDENT_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 124, METHOD_BUFFERED, FILE_ANY_ACCESS)
3419
#define FSCTL_SD_GLOBAL_CHANGE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 125, METHOD_BUFFERED, FILE_ANY_ACCESS)
3420
#define FSCTL_LOOKUP_STREAM_FROM_CLUSTER CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 127, METHOD_BUFFERED, FILE_ANY_ACCESS)
3421
#define FSCTL_TXFS_WRITE_BACKUP_INFORMATION2 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 128, METHOD_BUFFERED, FILE_ANY_ACCESS)
3422
#define FSCTL_FILE_TYPE_NOTIFICATION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 129, METHOD_BUFFERED, FILE_ANY_ACCESS)
3423
#define FSCTL_GET_BOOT_AREA_INFO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 140, METHOD_BUFFERED, FILE_ANY_ACCESS)
3424
#define FSCTL_GET_RETRIEVAL_POINTER_BASE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 141, METHOD_BUFFERED, FILE_ANY_ACCESS)
3425
#define FSCTL_SET_PERSISTENT_VOLUME_STATE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 142, METHOD_BUFFERED, FILE_ANY_ACCESS)
3426
#define FSCTL_QUERY_PERSISTENT_VOLUME_STATE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 143, METHOD_BUFFERED, FILE_ANY_ACCESS)
3428
#define FSCTL_REQUEST_OPLOCK CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 144, METHOD_BUFFERED, FILE_ANY_ACCESS)
3430
#define FSCTL_CSV_TUNNEL_REQUEST CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 145, METHOD_BUFFERED, FILE_ANY_ACCESS)
3431
#define FSCTL_IS_CSV_FILE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 146, METHOD_BUFFERED, FILE_ANY_ACCESS)
3433
#define FSCTL_QUERY_FILE_SYSTEM_RECOGNITION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 147, METHOD_BUFFERED, FILE_ANY_ACCESS)
3434
#define FSCTL_CSV_GET_VOLUME_PATH_NAME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 148, METHOD_BUFFERED, FILE_ANY_ACCESS)
3435
#define FSCTL_CSV_GET_VOLUME_NAME_FOR_VOLUME_MOUNT_POINT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 149, METHOD_BUFFERED, FILE_ANY_ACCESS)
3436
#define FSCTL_CSV_GET_VOLUME_PATH_NAMES_FOR_VOLUME_NAME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 150, METHOD_BUFFERED, FILE_ANY_ACCESS)
3437
#define FSCTL_IS_FILE_ON_CSV_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 151, METHOD_BUFFERED, FILE_ANY_ACCESS)
3439
typedef struct _CSV_NAMESPACE_INFO {
3442
LARGE_INTEGER StartingOffset;
3444
} CSV_NAMESPACE_INFO, *PCSV_NAMESPACE_INFO;
3446
#define CSV_NAMESPACE_INFO_V1 (sizeof(CSV_NAMESPACE_INFO))
3447
#define CSV_INVALID_DEVICE_NUMBER 0xFFFFFFFF
3451
#define FSCTL_MARK_AS_SYSTEM_HIVE FSCTL_SET_BOOTLOADER_ACCESSED
3453
typedef struct _PATHNAME_BUFFER {
3454
ULONG PathNameLength;
3456
} PATHNAME_BUFFER, *PPATHNAME_BUFFER;
3458
typedef struct _FSCTL_QUERY_FAT_BPB_BUFFER {
3459
UCHAR First0x24BytesOfBootSector[0x24];
3460
} FSCTL_QUERY_FAT_BPB_BUFFER, *PFSCTL_QUERY_FAT_BPB_BUFFER;
3462
#if (_WIN32_WINNT >= 0x0400)
3464
typedef struct _NTFS_VOLUME_DATA_BUFFER {
3465
LARGE_INTEGER VolumeSerialNumber;
3466
LARGE_INTEGER NumberSectors;
3467
LARGE_INTEGER TotalClusters;
3468
LARGE_INTEGER FreeClusters;
3469
LARGE_INTEGER TotalReserved;
3470
ULONG BytesPerSector;
3471
ULONG BytesPerCluster;
3472
ULONG BytesPerFileRecordSegment;
3473
ULONG ClustersPerFileRecordSegment;
3474
LARGE_INTEGER MftValidDataLength;
3475
LARGE_INTEGER MftStartLcn;
3476
LARGE_INTEGER Mft2StartLcn;
3477
LARGE_INTEGER MftZoneStart;
3478
LARGE_INTEGER MftZoneEnd;
3479
} NTFS_VOLUME_DATA_BUFFER, *PNTFS_VOLUME_DATA_BUFFER;
3481
typedef struct _NTFS_EXTENDED_VOLUME_DATA {
3483
USHORT MajorVersion;
3484
USHORT MinorVersion;
3485
} NTFS_EXTENDED_VOLUME_DATA, *PNTFS_EXTENDED_VOLUME_DATA;
3487
typedef struct _STARTING_LCN_INPUT_BUFFER {
3488
LARGE_INTEGER StartingLcn;
3489
} STARTING_LCN_INPUT_BUFFER, *PSTARTING_LCN_INPUT_BUFFER;
3491
typedef struct _VOLUME_BITMAP_BUFFER {
3492
LARGE_INTEGER StartingLcn;
3493
LARGE_INTEGER BitmapSize;
3495
} VOLUME_BITMAP_BUFFER, *PVOLUME_BITMAP_BUFFER;
3497
typedef struct _STARTING_VCN_INPUT_BUFFER {
3498
LARGE_INTEGER StartingVcn;
3499
} STARTING_VCN_INPUT_BUFFER, *PSTARTING_VCN_INPUT_BUFFER;
3501
typedef struct _RETRIEVAL_POINTERS_BUFFER {
3503
LARGE_INTEGER StartingVcn;
3505
LARGE_INTEGER NextVcn;
3508
} RETRIEVAL_POINTERS_BUFFER, *PRETRIEVAL_POINTERS_BUFFER;
3510
typedef struct _NTFS_FILE_RECORD_INPUT_BUFFER {
3511
LARGE_INTEGER FileReferenceNumber;
3512
} NTFS_FILE_RECORD_INPUT_BUFFER, *PNTFS_FILE_RECORD_INPUT_BUFFER;
3514
typedef struct _NTFS_FILE_RECORD_OUTPUT_BUFFER {
3515
LARGE_INTEGER FileReferenceNumber;
3516
ULONG FileRecordLength;
3517
UCHAR FileRecordBuffer[1];
3518
} NTFS_FILE_RECORD_OUTPUT_BUFFER, *PNTFS_FILE_RECORD_OUTPUT_BUFFER;
3520
typedef struct _MOVE_FILE_DATA {
3522
LARGE_INTEGER StartingVcn;
3523
LARGE_INTEGER StartingLcn;
3525
} MOVE_FILE_DATA, *PMOVE_FILE_DATA;
3527
typedef struct _MOVE_FILE_RECORD_DATA {
3529
LARGE_INTEGER SourceFileRecord;
3530
LARGE_INTEGER TargetFileRecord;
3531
} MOVE_FILE_RECORD_DATA, *PMOVE_FILE_RECORD_DATA;
3534
typedef struct _MOVE_FILE_DATA32 {
3536
LARGE_INTEGER StartingVcn;
3537
LARGE_INTEGER StartingLcn;
3539
} MOVE_FILE_DATA32, *PMOVE_FILE_DATA32;
3542
#endif /* (_WIN32_WINNT >= 0x0400) */
3544
#if (_WIN32_WINNT >= 0x0500)
3546
typedef struct _FIND_BY_SID_DATA {
3549
} FIND_BY_SID_DATA, *PFIND_BY_SID_DATA;
3551
typedef struct _FIND_BY_SID_OUTPUT {
3552
ULONG NextEntryOffset;
3554
ULONG FileNameLength;
3556
} FIND_BY_SID_OUTPUT, *PFIND_BY_SID_OUTPUT;
3558
typedef struct _MFT_ENUM_DATA {
3559
ULONGLONG StartFileReferenceNumber;
3562
} MFT_ENUM_DATA, *PMFT_ENUM_DATA;
3564
typedef struct _CREATE_USN_JOURNAL_DATA {
3565
ULONGLONG MaximumSize;
3566
ULONGLONG AllocationDelta;
3567
} CREATE_USN_JOURNAL_DATA, *PCREATE_USN_JOURNAL_DATA;
3569
typedef struct _READ_USN_JOURNAL_DATA {
3572
ULONG ReturnOnlyOnClose;
3574
ULONGLONG BytesToWaitFor;
3575
ULONGLONG UsnJournalID;
3576
} READ_USN_JOURNAL_DATA, *PREAD_USN_JOURNAL_DATA;
3578
typedef struct _USN_RECORD {
3580
USHORT MajorVersion;
3581
USHORT MinorVersion;
3582
ULONGLONG FileReferenceNumber;
3583
ULONGLONG ParentFileReferenceNumber;
3585
LARGE_INTEGER TimeStamp;
3589
ULONG FileAttributes;
3590
USHORT FileNameLength;
3591
USHORT FileNameOffset;
3593
} USN_RECORD, *PUSN_RECORD;
3595
#define USN_PAGE_SIZE (0x1000)
3597
#define USN_REASON_DATA_OVERWRITE (0x00000001)
3598
#define USN_REASON_DATA_EXTEND (0x00000002)
3599
#define USN_REASON_DATA_TRUNCATION (0x00000004)
3600
#define USN_REASON_NAMED_DATA_OVERWRITE (0x00000010)
3601
#define USN_REASON_NAMED_DATA_EXTEND (0x00000020)
3602
#define USN_REASON_NAMED_DATA_TRUNCATION (0x00000040)
3603
#define USN_REASON_FILE_CREATE (0x00000100)
3604
#define USN_REASON_FILE_DELETE (0x00000200)
3605
#define USN_REASON_EA_CHANGE (0x00000400)
3606
#define USN_REASON_SECURITY_CHANGE (0x00000800)
3607
#define USN_REASON_RENAME_OLD_NAME (0x00001000)
3608
#define USN_REASON_RENAME_NEW_NAME (0x00002000)
3609
#define USN_REASON_INDEXABLE_CHANGE (0x00004000)
3610
#define USN_REASON_BASIC_INFO_CHANGE (0x00008000)
3611
#define USN_REASON_HARD_LINK_CHANGE (0x00010000)
3612
#define USN_REASON_COMPRESSION_CHANGE (0x00020000)
3613
#define USN_REASON_ENCRYPTION_CHANGE (0x00040000)
3614
#define USN_REASON_OBJECT_ID_CHANGE (0x00080000)
3615
#define USN_REASON_REPARSE_POINT_CHANGE (0x00100000)
3616
#define USN_REASON_STREAM_CHANGE (0x00200000)
3617
#define USN_REASON_TRANSACTED_CHANGE (0x00400000)
3618
#define USN_REASON_CLOSE (0x80000000)
3620
typedef struct _USN_JOURNAL_DATA {
3621
ULONGLONG UsnJournalID;
3626
ULONGLONG MaximumSize;
3627
ULONGLONG AllocationDelta;
3628
} USN_JOURNAL_DATA, *PUSN_JOURNAL_DATA;
3630
typedef struct _DELETE_USN_JOURNAL_DATA {
3631
ULONGLONG UsnJournalID;
3633
} DELETE_USN_JOURNAL_DATA, *PDELETE_USN_JOURNAL_DATA;
3635
#define USN_DELETE_FLAG_DELETE (0x00000001)
3636
#define USN_DELETE_FLAG_NOTIFY (0x00000002)
3637
#define USN_DELETE_VALID_FLAGS (0x00000003)
3639
typedef struct _MARK_HANDLE_INFO {
3640
ULONG UsnSourceInfo;
3641
HANDLE VolumeHandle;
3643
} MARK_HANDLE_INFO, *PMARK_HANDLE_INFO;
3646
typedef struct _MARK_HANDLE_INFO32 {
3647
ULONG UsnSourceInfo;
3648
UINT32 VolumeHandle;
3650
} MARK_HANDLE_INFO32, *PMARK_HANDLE_INFO32;
3653
#define USN_SOURCE_DATA_MANAGEMENT (0x00000001)
3654
#define USN_SOURCE_AUXILIARY_DATA (0x00000002)
3655
#define USN_SOURCE_REPLICATION_MANAGEMENT (0x00000004)
3657
#define MARK_HANDLE_PROTECT_CLUSTERS (0x00000001)
3658
#define MARK_HANDLE_TXF_SYSTEM_LOG (0x00000004)
3659
#define MARK_HANDLE_NOT_TXF_SYSTEM_LOG (0x00000008)
3661
typedef struct _BULK_SECURITY_TEST_DATA {
3662
ACCESS_MASK DesiredAccess;
3663
ULONG SecurityIds[1];
3664
} BULK_SECURITY_TEST_DATA, *PBULK_SECURITY_TEST_DATA;
3666
#define VOLUME_IS_DIRTY (0x00000001)
3667
#define VOLUME_UPGRADE_SCHEDULED (0x00000002)
3668
#define VOLUME_SESSION_OPEN (0x00000004)
3670
typedef struct _FILE_PREFETCH {
3673
ULONGLONG Prefetch[1];
3674
} FILE_PREFETCH, *PFILE_PREFETCH;
3676
typedef struct _FILE_PREFETCH_EX {
3680
ULONGLONG Prefetch[1];
3681
} FILE_PREFETCH_EX, *PFILE_PREFETCH_EX;
3683
#define FILE_PREFETCH_TYPE_FOR_CREATE 0x1
3684
#define FILE_PREFETCH_TYPE_FOR_DIRENUM 0x2
3685
#define FILE_PREFETCH_TYPE_FOR_CREATE_EX 0x3
3686
#define FILE_PREFETCH_TYPE_FOR_DIRENUM_EX 0x4
3688
#define FILE_PREFETCH_TYPE_MAX 0x4
3690
typedef struct _FILE_OBJECTID_BUFFER {
3692
_ANONYMOUS_UNION union {
3693
_ANONYMOUS_STRUCT struct {
3694
UCHAR BirthVolumeId[16];
3695
UCHAR BirthObjectId[16];
3698
UCHAR ExtendedInfo[48];
3700
} FILE_OBJECTID_BUFFER, *PFILE_OBJECTID_BUFFER;
3702
typedef struct _FILE_SET_SPARSE_BUFFER {
3704
} FILE_SET_SPARSE_BUFFER, *PFILE_SET_SPARSE_BUFFER;
3706
typedef struct _FILE_ZERO_DATA_INFORMATION {
3707
LARGE_INTEGER FileOffset;
3708
LARGE_INTEGER BeyondFinalZero;
3709
} FILE_ZERO_DATA_INFORMATION, *PFILE_ZERO_DATA_INFORMATION;
3711
typedef struct _FILE_ALLOCATED_RANGE_BUFFER {
3712
LARGE_INTEGER FileOffset;
3713
LARGE_INTEGER Length;
3714
} FILE_ALLOCATED_RANGE_BUFFER, *PFILE_ALLOCATED_RANGE_BUFFER;
3716
typedef struct _ENCRYPTION_BUFFER {
3717
ULONG EncryptionOperation;
3719
} ENCRYPTION_BUFFER, *PENCRYPTION_BUFFER;
3721
#define FILE_SET_ENCRYPTION 0x00000001
3722
#define FILE_CLEAR_ENCRYPTION 0x00000002
3723
#define STREAM_SET_ENCRYPTION 0x00000003
3724
#define STREAM_CLEAR_ENCRYPTION 0x00000004
3726
#define MAXIMUM_ENCRYPTION_VALUE 0x00000004
3728
typedef struct _DECRYPTION_STATUS_BUFFER {
3729
BOOLEAN NoEncryptedStreams;
3730
} DECRYPTION_STATUS_BUFFER, *PDECRYPTION_STATUS_BUFFER;
3732
#define ENCRYPTION_FORMAT_DEFAULT (0x01)
3734
#define COMPRESSION_FORMAT_SPARSE (0x4000)
3736
typedef struct _REQUEST_RAW_ENCRYPTED_DATA {
3737
LONGLONG FileOffset;
3739
} REQUEST_RAW_ENCRYPTED_DATA, *PREQUEST_RAW_ENCRYPTED_DATA;
3741
typedef struct _ENCRYPTED_DATA_INFO {
3742
ULONGLONG StartingFileOffset;
3743
ULONG OutputBufferOffset;
3744
ULONG BytesWithinFileSize;
3745
ULONG BytesWithinValidDataLength;
3746
USHORT CompressionFormat;
3747
UCHAR DataUnitShift;
3750
UCHAR EncryptionFormat;
3751
USHORT NumberOfDataBlocks;
3752
ULONG DataBlockSize[ANYSIZE_ARRAY];
3753
} ENCRYPTED_DATA_INFO, *PENCRYPTED_DATA_INFO;
3755
typedef struct _PLEX_READ_DATA_REQUEST {
3756
LARGE_INTEGER ByteOffset;
3759
} PLEX_READ_DATA_REQUEST, *PPLEX_READ_DATA_REQUEST;
3761
typedef struct _SI_COPYFILE {
3762
ULONG SourceFileNameLength;
3763
ULONG DestinationFileNameLength;
3765
WCHAR FileNameBuffer[1];
3766
} SI_COPYFILE, *PSI_COPYFILE;
3768
#define COPYFILE_SIS_LINK 0x0001
3769
#define COPYFILE_SIS_REPLACE 0x0002
3770
#define COPYFILE_SIS_FLAGS 0x0003
3772
#endif /* (_WIN32_WINNT >= 0x0500) */
3774
#if (_WIN32_WINNT >= 0x0600)
3776
typedef struct _FILE_MAKE_COMPATIBLE_BUFFER {
3778
} FILE_MAKE_COMPATIBLE_BUFFER, *PFILE_MAKE_COMPATIBLE_BUFFER;
3780
typedef struct _FILE_SET_DEFECT_MGMT_BUFFER {
3782
} FILE_SET_DEFECT_MGMT_BUFFER, *PFILE_SET_DEFECT_MGMT_BUFFER;
3784
typedef struct _FILE_QUERY_SPARING_BUFFER {
3785
ULONG SparingUnitBytes;
3786
BOOLEAN SoftwareSparing;
3787
ULONG TotalSpareBlocks;
3788
ULONG FreeSpareBlocks;
3789
} FILE_QUERY_SPARING_BUFFER, *PFILE_QUERY_SPARING_BUFFER;
3791
typedef struct _FILE_QUERY_ON_DISK_VOL_INFO_BUFFER {
3792
LARGE_INTEGER DirectoryCount;
3793
LARGE_INTEGER FileCount;
3794
USHORT FsFormatMajVersion;
3795
USHORT FsFormatMinVersion;
3796
WCHAR FsFormatName[12];
3797
LARGE_INTEGER FormatTime;
3798
LARGE_INTEGER LastUpdateTime;
3799
WCHAR CopyrightInfo[34];
3800
WCHAR AbstractInfo[34];
3801
WCHAR FormattingImplementationInfo[34];
3802
WCHAR LastModifyingImplementationInfo[34];
3803
} FILE_QUERY_ON_DISK_VOL_INFO_BUFFER, *PFILE_QUERY_ON_DISK_VOL_INFO_BUFFER;
3805
#define SET_REPAIR_ENABLED (0x00000001)
3806
#define SET_REPAIR_VOLUME_BITMAP_SCAN (0x00000002)
3807
#define SET_REPAIR_DELETE_CROSSLINK (0x00000004)
3808
#define SET_REPAIR_WARN_ABOUT_DATA_LOSS (0x00000008)
3809
#define SET_REPAIR_DISABLED_AND_BUGCHECK_ON_CORRUPT (0x00000010)
3810
#define SET_REPAIR_VALID_MASK (0x0000001F)
3812
typedef enum _SHRINK_VOLUME_REQUEST_TYPES {
3816
} SHRINK_VOLUME_REQUEST_TYPES, *PSHRINK_VOLUME_REQUEST_TYPES;
3818
typedef struct _SHRINK_VOLUME_INFORMATION {
3819
SHRINK_VOLUME_REQUEST_TYPES ShrinkRequestType;
3821
LONGLONG NewNumberOfSectors;
3822
} SHRINK_VOLUME_INFORMATION, *PSHRINK_VOLUME_INFORMATION;
3824
#define TXFS_RM_FLAG_LOGGING_MODE 0x00000001
3825
#define TXFS_RM_FLAG_RENAME_RM 0x00000002
3826
#define TXFS_RM_FLAG_LOG_CONTAINER_COUNT_MAX 0x00000004
3827
#define TXFS_RM_FLAG_LOG_CONTAINER_COUNT_MIN 0x00000008
3828
#define TXFS_RM_FLAG_LOG_GROWTH_INCREMENT_NUM_CONTAINERS 0x00000010
3829
#define TXFS_RM_FLAG_LOG_GROWTH_INCREMENT_PERCENT 0x00000020
3830
#define TXFS_RM_FLAG_LOG_AUTO_SHRINK_PERCENTAGE 0x00000040
3831
#define TXFS_RM_FLAG_LOG_NO_CONTAINER_COUNT_MAX 0x00000080
3832
#define TXFS_RM_FLAG_LOG_NO_CONTAINER_COUNT_MIN 0x00000100
3833
#define TXFS_RM_FLAG_GROW_LOG 0x00000400
3834
#define TXFS_RM_FLAG_SHRINK_LOG 0x00000800
3835
#define TXFS_RM_FLAG_ENFORCE_MINIMUM_SIZE 0x00001000
3836
#define TXFS_RM_FLAG_PRESERVE_CHANGES 0x00002000
3837
#define TXFS_RM_FLAG_RESET_RM_AT_NEXT_START 0x00004000
3838
#define TXFS_RM_FLAG_DO_NOT_RESET_RM_AT_NEXT_START 0x00008000
3839
#define TXFS_RM_FLAG_PREFER_CONSISTENCY 0x00010000
3840
#define TXFS_RM_FLAG_PREFER_AVAILABILITY 0x00020000
3842
#define TXFS_LOGGING_MODE_SIMPLE (0x0001)
3843
#define TXFS_LOGGING_MODE_FULL (0x0002)
3845
#define TXFS_TRANSACTION_STATE_NONE 0x00
3846
#define TXFS_TRANSACTION_STATE_ACTIVE 0x01
3847
#define TXFS_TRANSACTION_STATE_PREPARED 0x02
3848
#define TXFS_TRANSACTION_STATE_NOTACTIVE 0x03
3850
#define TXFS_MODIFY_RM_VALID_FLAGS (TXFS_RM_FLAG_LOGGING_MODE | \
3851
TXFS_RM_FLAG_RENAME_RM | \
3852
TXFS_RM_FLAG_LOG_CONTAINER_COUNT_MAX | \
3853
TXFS_RM_FLAG_LOG_CONTAINER_COUNT_MIN | \
3854
TXFS_RM_FLAG_LOG_GROWTH_INCREMENT_NUM_CONTAINERS | \
3855
TXFS_RM_FLAG_LOG_GROWTH_INCREMENT_PERCENT | \
3856
TXFS_RM_FLAG_LOG_AUTO_SHRINK_PERCENTAGE | \
3857
TXFS_RM_FLAG_LOG_NO_CONTAINER_COUNT_MAX | \
3858
TXFS_RM_FLAG_LOG_NO_CONTAINER_COUNT_MIN | \
3859
TXFS_RM_FLAG_SHRINK_LOG | \
3860
TXFS_RM_FLAG_GROW_LOG | \
3861
TXFS_RM_FLAG_ENFORCE_MINIMUM_SIZE | \
3862
TXFS_RM_FLAG_PRESERVE_CHANGES | \
3863
TXFS_RM_FLAG_RESET_RM_AT_NEXT_START | \
3864
TXFS_RM_FLAG_DO_NOT_RESET_RM_AT_NEXT_START | \
3865
TXFS_RM_FLAG_PREFER_CONSISTENCY | \
3866
TXFS_RM_FLAG_PREFER_AVAILABILITY)
3868
typedef struct _TXFS_MODIFY_RM {
3870
ULONG LogContainerCountMax;
3871
ULONG LogContainerCountMin;
3872
ULONG LogContainerCount;
3873
ULONG LogGrowthIncrement;
3874
ULONG LogAutoShrinkPercentage;
3877
} TXFS_MODIFY_RM, *PTXFS_MODIFY_RM;
3879
#define TXFS_RM_STATE_NOT_STARTED 0
3880
#define TXFS_RM_STATE_STARTING 1
3881
#define TXFS_RM_STATE_ACTIVE 2
3882
#define TXFS_RM_STATE_SHUTTING_DOWN 3
3884
#define TXFS_QUERY_RM_INFORMATION_VALID_FLAGS \
3885
(TXFS_RM_FLAG_LOG_GROWTH_INCREMENT_NUM_CONTAINERS | \
3886
TXFS_RM_FLAG_LOG_GROWTH_INCREMENT_PERCENT | \
3887
TXFS_RM_FLAG_LOG_NO_CONTAINER_COUNT_MAX | \
3888
TXFS_RM_FLAG_LOG_NO_CONTAINER_COUNT_MIN | \
3889
TXFS_RM_FLAG_RESET_RM_AT_NEXT_START | \
3890
TXFS_RM_FLAG_DO_NOT_RESET_RM_AT_NEXT_START | \
3891
TXFS_RM_FLAG_PREFER_CONSISTENCY | \
3892
TXFS_RM_FLAG_PREFER_AVAILABILITY)
3894
typedef struct _TXFS_QUERY_RM_INFORMATION {
3895
ULONG BytesRequired;
3897
ULONGLONG CurrentLsn;
3898
ULONGLONG ArchiveTailLsn;
3899
ULONGLONG LogContainerSize;
3900
LARGE_INTEGER HighestVirtualClock;
3901
ULONG LogContainerCount;
3902
ULONG LogContainerCountMax;
3903
ULONG LogContainerCountMin;
3904
ULONG LogGrowthIncrement;
3905
ULONG LogAutoShrinkPercentage;
3910
ULONGLONG LogCapacity;
3914
ULONGLONG TransactionCount;
3915
ULONGLONG OnePCCount;
3916
ULONGLONG TwoPCCount;
3917
ULONGLONG NumberLogFileFull;
3918
ULONGLONG OldestTransactionAge;
3920
ULONG TmLogPathOffset;
3921
} TXFS_QUERY_RM_INFORMATION, *PTXFS_QUERY_RM_INFORMATION;
3923
#define TXFS_ROLLFORWARD_REDO_FLAG_USE_LAST_REDO_LSN 0x01
3924
#define TXFS_ROLLFORWARD_REDO_FLAG_USE_LAST_VIRTUAL_CLOCK 0x02
3926
#define TXFS_ROLLFORWARD_REDO_VALID_FLAGS \
3927
(TXFS_ROLLFORWARD_REDO_FLAG_USE_LAST_REDO_LSN | \
3928
TXFS_ROLLFORWARD_REDO_FLAG_USE_LAST_VIRTUAL_CLOCK)
3930
typedef struct _TXFS_ROLLFORWARD_REDO_INFORMATION {
3931
LARGE_INTEGER LastVirtualClock;
3932
ULONGLONG LastRedoLsn;
3933
ULONGLONG HighestRecoveryLsn;
3935
} TXFS_ROLLFORWARD_REDO_INFORMATION, *PTXFS_ROLLFORWARD_REDO_INFORMATION;
3937
#define TXFS_START_RM_FLAG_LOG_CONTAINER_COUNT_MAX 0x00000001
3938
#define TXFS_START_RM_FLAG_LOG_CONTAINER_COUNT_MIN 0x00000002
3939
#define TXFS_START_RM_FLAG_LOG_CONTAINER_SIZE 0x00000004
3940
#define TXFS_START_RM_FLAG_LOG_GROWTH_INCREMENT_NUM_CONTAINERS 0x00000008
3941
#define TXFS_START_RM_FLAG_LOG_GROWTH_INCREMENT_PERCENT 0x00000010
3942
#define TXFS_START_RM_FLAG_LOG_AUTO_SHRINK_PERCENTAGE 0x00000020
3943
#define TXFS_START_RM_FLAG_LOG_NO_CONTAINER_COUNT_MAX 0x00000040
3944
#define TXFS_START_RM_FLAG_LOG_NO_CONTAINER_COUNT_MIN 0x00000080
3946
#define TXFS_START_RM_FLAG_RECOVER_BEST_EFFORT 0x00000200
3947
#define TXFS_START_RM_FLAG_LOGGING_MODE 0x00000400
3948
#define TXFS_START_RM_FLAG_PRESERVE_CHANGES 0x00000800
3950
#define TXFS_START_RM_FLAG_PREFER_CONSISTENCY 0x00001000
3951
#define TXFS_START_RM_FLAG_PREFER_AVAILABILITY 0x00002000
3953
#define TXFS_START_RM_VALID_FLAGS \
3954
(TXFS_START_RM_FLAG_LOG_CONTAINER_COUNT_MAX | \
3955
TXFS_START_RM_FLAG_LOG_CONTAINER_COUNT_MIN | \
3956
TXFS_START_RM_FLAG_LOG_CONTAINER_SIZE | \
3957
TXFS_START_RM_FLAG_LOG_GROWTH_INCREMENT_NUM_CONTAINERS | \
3958
TXFS_START_RM_FLAG_LOG_GROWTH_INCREMENT_PERCENT | \
3959
TXFS_START_RM_FLAG_LOG_AUTO_SHRINK_PERCENTAGE | \
3960
TXFS_START_RM_FLAG_RECOVER_BEST_EFFORT | \
3961
TXFS_START_RM_FLAG_LOG_NO_CONTAINER_COUNT_MAX | \
3962
TXFS_START_RM_FLAG_LOGGING_MODE | \
3963
TXFS_START_RM_FLAG_PRESERVE_CHANGES | \
3964
TXFS_START_RM_FLAG_PREFER_CONSISTENCY | \
3965
TXFS_START_RM_FLAG_PREFER_AVAILABILITY)
3967
typedef struct _TXFS_START_RM_INFORMATION {
3969
ULONGLONG LogContainerSize;
3970
ULONG LogContainerCountMin;
3971
ULONG LogContainerCountMax;
3972
ULONG LogGrowthIncrement;
3973
ULONG LogAutoShrinkPercentage;
3974
ULONG TmLogPathOffset;
3975
USHORT TmLogPathLength;
3977
USHORT LogPathLength;
3980
} TXFS_START_RM_INFORMATION, *PTXFS_START_RM_INFORMATION;
3982
typedef struct _TXFS_GET_METADATA_INFO_OUT {
3987
GUID LockingTransaction;
3989
ULONG TransactionState;
3990
} TXFS_GET_METADATA_INFO_OUT, *PTXFS_GET_METADATA_INFO_OUT;
3992
#define TXFS_LIST_TRANSACTION_LOCKED_FILES_ENTRY_FLAG_CREATED 0x00000001
3993
#define TXFS_LIST_TRANSACTION_LOCKED_FILES_ENTRY_FLAG_DELETED 0x00000002
3995
typedef struct _TXFS_LIST_TRANSACTION_LOCKED_FILES_ENTRY {
4003
} TXFS_LIST_TRANSACTION_LOCKED_FILES_ENTRY, *PTXFS_LIST_TRANSACTION_LOCKED_FILES_ENTRY;
4005
typedef struct _TXFS_LIST_TRANSACTION_LOCKED_FILES {
4006
GUID KtmTransaction;
4007
ULONGLONG NumberOfFiles;
4008
ULONGLONG BufferSizeRequired;
4010
} TXFS_LIST_TRANSACTION_LOCKED_FILES, *PTXFS_LIST_TRANSACTION_LOCKED_FILES;
4012
typedef struct _TXFS_LIST_TRANSACTIONS_ENTRY {
4014
ULONG TransactionState;
4018
} TXFS_LIST_TRANSACTIONS_ENTRY, *PTXFS_LIST_TRANSACTIONS_ENTRY;
4020
typedef struct _TXFS_LIST_TRANSACTIONS {
4021
ULONGLONG NumberOfTransactions;
4022
ULONGLONG BufferSizeRequired;
4023
} TXFS_LIST_TRANSACTIONS, *PTXFS_LIST_TRANSACTIONS;
4025
typedef struct _TXFS_READ_BACKUP_INFORMATION_OUT {
4026
_ANONYMOUS_UNION union {
4030
} TXFS_READ_BACKUP_INFORMATION_OUT, *PTXFS_READ_BACKUP_INFORMATION_OUT;
4032
typedef struct _TXFS_WRITE_BACKUP_INFORMATION {
4034
} TXFS_WRITE_BACKUP_INFORMATION, *PTXFS_WRITE_BACKUP_INFORMATION;
4036
#define TXFS_TRANSACTED_VERSION_NONTRANSACTED 0xFFFFFFFE
4037
#define TXFS_TRANSACTED_VERSION_UNCOMMITTED 0xFFFFFFFF
4039
typedef struct _TXFS_GET_TRANSACTED_VERSION {
4040
ULONG ThisBaseVersion;
4041
ULONG LatestVersion;
4042
USHORT ThisMiniVersion;
4043
USHORT FirstMiniVersion;
4044
USHORT LatestMiniVersion;
4045
} TXFS_GET_TRANSACTED_VERSION, *PTXFS_GET_TRANSACTED_VERSION;
4047
#define TXFS_SAVEPOINT_SET 0x00000001
4048
#define TXFS_SAVEPOINT_ROLLBACK 0x00000002
4049
#define TXFS_SAVEPOINT_CLEAR 0x00000004
4050
#define TXFS_SAVEPOINT_CLEAR_ALL 0x00000010
4052
typedef struct _TXFS_SAVEPOINT_INFORMATION {
4053
HANDLE KtmTransaction;
4056
} TXFS_SAVEPOINT_INFORMATION, *PTXFS_SAVEPOINT_INFORMATION;
4058
typedef struct _TXFS_CREATE_MINIVERSION_INFO {
4059
USHORT StructureVersion;
4060
USHORT StructureLength;
4063
} TXFS_CREATE_MINIVERSION_INFO, *PTXFS_CREATE_MINIVERSION_INFO;
4065
typedef struct _TXFS_TRANSACTION_ACTIVE_INFO {
4066
BOOLEAN TransactionsActiveAtSnapshot;
4067
} TXFS_TRANSACTION_ACTIVE_INFO, *PTXFS_TRANSACTION_ACTIVE_INFO;
4069
#endif /* (_WIN32_WINNT >= 0x0600) */
4071
#if (_WIN32_WINNT >= 0x0601)
4073
#define MARK_HANDLE_REALTIME (0x00000020)
4074
#define MARK_HANDLE_NOT_REALTIME (0x00000040)
4076
#define NO_8DOT3_NAME_PRESENT (0x00000001)
4077
#define REMOVED_8DOT3_NAME (0x00000002)
4079
#define PERSISTENT_VOLUME_STATE_SHORT_NAME_CREATION_DISABLED (0x00000001)
4081
typedef struct _BOOT_AREA_INFO {
4082
ULONG BootSectorCount;
4084
LARGE_INTEGER Offset;
4086
} BOOT_AREA_INFO, *PBOOT_AREA_INFO;
4088
typedef struct _RETRIEVAL_POINTER_BASE {
4089
LARGE_INTEGER FileAreaOffset;
4090
} RETRIEVAL_POINTER_BASE, *PRETRIEVAL_POINTER_BASE;
4092
typedef struct _FILE_FS_PERSISTENT_VOLUME_INFORMATION {
4097
} FILE_FS_PERSISTENT_VOLUME_INFORMATION, *PFILE_FS_PERSISTENT_VOLUME_INFORMATION;
4099
typedef struct _FILE_SYSTEM_RECOGNITION_INFORMATION {
4101
} FILE_SYSTEM_RECOGNITION_INFORMATION, *PFILE_SYSTEM_RECOGNITION_INFORMATION;
4103
#define OPLOCK_LEVEL_CACHE_READ (0x00000001)
4104
#define OPLOCK_LEVEL_CACHE_HANDLE (0x00000002)
4105
#define OPLOCK_LEVEL_CACHE_WRITE (0x00000004)
4107
#define REQUEST_OPLOCK_INPUT_FLAG_REQUEST (0x00000001)
4108
#define REQUEST_OPLOCK_INPUT_FLAG_ACK (0x00000002)
4109
#define REQUEST_OPLOCK_INPUT_FLAG_COMPLETE_ACK_ON_CLOSE (0x00000004)
4111
#define REQUEST_OPLOCK_CURRENT_VERSION 1
4113
typedef struct _REQUEST_OPLOCK_INPUT_BUFFER {
4114
USHORT StructureVersion;
4115
USHORT StructureLength;
4116
ULONG RequestedOplockLevel;
4118
} REQUEST_OPLOCK_INPUT_BUFFER, *PREQUEST_OPLOCK_INPUT_BUFFER;
4120
#define REQUEST_OPLOCK_OUTPUT_FLAG_ACK_REQUIRED (0x00000001)
4121
#define REQUEST_OPLOCK_OUTPUT_FLAG_MODES_PROVIDED (0x00000002)
4123
typedef struct _REQUEST_OPLOCK_OUTPUT_BUFFER {
4124
USHORT StructureVersion;
4125
USHORT StructureLength;
4126
ULONG OriginalOplockLevel;
4127
ULONG NewOplockLevel;
4129
ACCESS_MASK AccessMode;
4131
} REQUEST_OPLOCK_OUTPUT_BUFFER, *PREQUEST_OPLOCK_OUTPUT_BUFFER;
4133
#define SD_GLOBAL_CHANGE_TYPE_MACHINE_SID 1
4135
typedef struct _SD_CHANGE_MACHINE_SID_INPUT {
4136
USHORT CurrentMachineSIDOffset;
4137
USHORT CurrentMachineSIDLength;
4138
USHORT NewMachineSIDOffset;
4139
USHORT NewMachineSIDLength;
4140
} SD_CHANGE_MACHINE_SID_INPUT, *PSD_CHANGE_MACHINE_SID_INPUT;
4142
typedef struct _SD_CHANGE_MACHINE_SID_OUTPUT {
4143
ULONGLONG NumSDChangedSuccess;
4144
ULONGLONG NumSDChangedFail;
4145
ULONGLONG NumSDUnused;
4146
ULONGLONG NumSDTotal;
4147
ULONGLONG NumMftSDChangedSuccess;
4148
ULONGLONG NumMftSDChangedFail;
4149
ULONGLONG NumMftSDTotal;
4150
} SD_CHANGE_MACHINE_SID_OUTPUT, *PSD_CHANGE_MACHINE_SID_OUTPUT;
4152
typedef struct _SD_GLOBAL_CHANGE_INPUT {
4155
_ANONYMOUS_UNION union {
4156
SD_CHANGE_MACHINE_SID_INPUT SdChange;
4158
} SD_GLOBAL_CHANGE_INPUT, *PSD_GLOBAL_CHANGE_INPUT;
4160
typedef struct _SD_GLOBAL_CHANGE_OUTPUT {
4163
_ANONYMOUS_UNION union {
4164
SD_CHANGE_MACHINE_SID_OUTPUT SdChange;
4166
} SD_GLOBAL_CHANGE_OUTPUT, *PSD_GLOBAL_CHANGE_OUTPUT;
4168
#define ENCRYPTED_DATA_INFO_SPARSE_FILE 1
4170
typedef struct _EXTENDED_ENCRYPTED_DATA_INFO {
4175
} EXTENDED_ENCRYPTED_DATA_INFO, *PEXTENDED_ENCRYPTED_DATA_INFO;
4177
typedef struct _LOOKUP_STREAM_FROM_CLUSTER_INPUT {
4179
ULONG NumberOfClusters;
4180
LARGE_INTEGER Cluster[1];
4181
} LOOKUP_STREAM_FROM_CLUSTER_INPUT, *PLOOKUP_STREAM_FROM_CLUSTER_INPUT;
4183
typedef struct _LOOKUP_STREAM_FROM_CLUSTER_OUTPUT {
4185
ULONG NumberOfMatches;
4186
ULONG BufferSizeRequired;
4187
} LOOKUP_STREAM_FROM_CLUSTER_OUTPUT, *PLOOKUP_STREAM_FROM_CLUSTER_OUTPUT;
4189
#define LOOKUP_STREAM_FROM_CLUSTER_ENTRY_FLAG_PAGE_FILE 0x00000001
4190
#define LOOKUP_STREAM_FROM_CLUSTER_ENTRY_FLAG_DENY_DEFRAG_SET 0x00000002
4191
#define LOOKUP_STREAM_FROM_CLUSTER_ENTRY_FLAG_FS_SYSTEM_FILE 0x00000004
4192
#define LOOKUP_STREAM_FROM_CLUSTER_ENTRY_FLAG_TXF_SYSTEM_FILE 0x00000008
4194
#define LOOKUP_STREAM_FROM_CLUSTER_ENTRY_ATTRIBUTE_MASK 0xff000000
4195
#define LOOKUP_STREAM_FROM_CLUSTER_ENTRY_ATTRIBUTE_DATA 0x01000000
4196
#define LOOKUP_STREAM_FROM_CLUSTER_ENTRY_ATTRIBUTE_INDEX 0x02000000
4197
#define LOOKUP_STREAM_FROM_CLUSTER_ENTRY_ATTRIBUTE_SYSTEM 0x03000000
4199
typedef struct _LOOKUP_STREAM_FROM_CLUSTER_ENTRY {
4202
LARGE_INTEGER Reserved;
4203
LARGE_INTEGER Cluster;
4205
} LOOKUP_STREAM_FROM_CLUSTER_ENTRY, *PLOOKUP_STREAM_FROM_CLUSTER_ENTRY;
4207
typedef struct _FILE_TYPE_NOTIFICATION_INPUT {
4209
ULONG NumFileTypeIDs;
4211
} FILE_TYPE_NOTIFICATION_INPUT, *PFILE_TYPE_NOTIFICATION_INPUT;
4213
#define FILE_TYPE_NOTIFICATION_FLAG_USAGE_BEGIN 0x00000001
4214
#define FILE_TYPE_NOTIFICATION_FLAG_USAGE_END 0x00000002
4216
DEFINE_GUID(FILE_TYPE_NOTIFICATION_GUID_PAGE_FILE, 0x0d0a64a1, 0x38fc, 0x4db8, 0x9f, 0xe7, 0x3f, 0x43, 0x52, 0xcd, 0x7c, 0x5c);
4217
DEFINE_GUID(FILE_TYPE_NOTIFICATION_GUID_HIBERNATION_FILE, 0xb7624d64, 0xb9a3, 0x4cf8, 0x80, 0x11, 0x5b, 0x86, 0xc9, 0x40, 0xe7, 0xb7);
4218
DEFINE_GUID(FILE_TYPE_NOTIFICATION_GUID_CRASHDUMP_FILE, 0x9d453eb7, 0xd2a6, 0x4dbd, 0xa2, 0xe3, 0xfb, 0xd0, 0xed, 0x91, 0x09, 0xa9);
4220
#ifndef _VIRTUAL_STORAGE_TYPE_DEFINED
4221
#define _VIRTUAL_STORAGE_TYPE_DEFINED
4222
typedef struct _VIRTUAL_STORAGE_TYPE {
4225
} VIRTUAL_STORAGE_TYPE, *PVIRTUAL_STORAGE_TYPE;
4228
typedef struct _STORAGE_QUERY_DEPENDENT_VOLUME_REQUEST {
4231
} STORAGE_QUERY_DEPENDENT_VOLUME_REQUEST, *PSTORAGE_QUERY_DEPENDENT_VOLUME_REQUEST;
4233
#define QUERY_DEPENDENT_VOLUME_REQUEST_FLAG_HOST_VOLUMES 0x1
4234
#define QUERY_DEPENDENT_VOLUME_REQUEST_FLAG_GUEST_VOLUMES 0x2
4236
typedef struct _STORAGE_QUERY_DEPENDENT_VOLUME_LEV1_ENTRY {
4238
ULONG DependencyTypeFlags;
4239
ULONG ProviderSpecificFlags;
4240
VIRTUAL_STORAGE_TYPE VirtualStorageType;
4241
} STORAGE_QUERY_DEPENDENT_VOLUME_LEV1_ENTRY, *PSTORAGE_QUERY_DEPENDENT_VOLUME_LEV1_ENTRY;
4243
typedef struct _STORAGE_QUERY_DEPENDENT_VOLUME_LEV2_ENTRY {
4245
ULONG DependencyTypeFlags;
4246
ULONG ProviderSpecificFlags;
4247
VIRTUAL_STORAGE_TYPE VirtualStorageType;
4248
ULONG AncestorLevel;
4249
ULONG HostVolumeNameOffset;
4250
ULONG HostVolumeNameSize;
4251
ULONG DependentVolumeNameOffset;
4252
ULONG DependentVolumeNameSize;
4253
ULONG RelativePathOffset;
4254
ULONG RelativePathSize;
4255
ULONG DependentDeviceNameOffset;
4256
ULONG DependentDeviceNameSize;
4257
} STORAGE_QUERY_DEPENDENT_VOLUME_LEV2_ENTRY, *PSTORAGE_QUERY_DEPENDENT_VOLUME_LEV2_ENTRY;
4259
typedef struct _STORAGE_QUERY_DEPENDENT_VOLUME_RESPONSE {
4260
ULONG ResponseLevel;
4261
ULONG NumberEntries;
4262
_ANONYMOUS_UNION union {
4263
STORAGE_QUERY_DEPENDENT_VOLUME_LEV1_ENTRY Lev1Depends[];
4264
STORAGE_QUERY_DEPENDENT_VOLUME_LEV2_ENTRY Lev2Depends[];
4266
} STORAGE_QUERY_DEPENDENT_VOLUME_RESPONSE, *PSTORAGE_QUERY_DEPENDENT_VOLUME_RESPONSE;
4268
#endif /* (_WIN32_WINNT >= 0x0601) */
4270
typedef struct _FILESYSTEM_STATISTICS {
4271
USHORT FileSystemType;
4273
ULONG SizeOfCompleteStructure;
4274
ULONG UserFileReads;
4275
ULONG UserFileReadBytes;
4276
ULONG UserDiskReads;
4277
ULONG UserFileWrites;
4278
ULONG UserFileWriteBytes;
4279
ULONG UserDiskWrites;
4280
ULONG MetaDataReads;
4281
ULONG MetaDataReadBytes;
4282
ULONG MetaDataDiskReads;
4283
ULONG MetaDataWrites;
4284
ULONG MetaDataWriteBytes;
4285
ULONG MetaDataDiskWrites;
4286
} FILESYSTEM_STATISTICS, *PFILESYSTEM_STATISTICS;
4288
#define FILESYSTEM_STATISTICS_TYPE_NTFS 1
4289
#define FILESYSTEM_STATISTICS_TYPE_FAT 2
4290
#define FILESYSTEM_STATISTICS_TYPE_EXFAT 3
4292
typedef struct _FAT_STATISTICS {
4294
ULONG SuccessfulCreates;
4295
ULONG FailedCreates;
4296
ULONG NonCachedReads;
4297
ULONG NonCachedReadBytes;
4298
ULONG NonCachedWrites;
4299
ULONG NonCachedWriteBytes;
4300
ULONG NonCachedDiskReads;
4301
ULONG NonCachedDiskWrites;
4302
} FAT_STATISTICS, *PFAT_STATISTICS;
4304
typedef struct _EXFAT_STATISTICS {
4306
ULONG SuccessfulCreates;
4307
ULONG FailedCreates;
4308
ULONG NonCachedReads;
4309
ULONG NonCachedReadBytes;
4310
ULONG NonCachedWrites;
4311
ULONG NonCachedWriteBytes;
4312
ULONG NonCachedDiskReads;
4313
ULONG NonCachedDiskWrites;
4314
} EXFAT_STATISTICS, *PEXFAT_STATISTICS;
4316
typedef struct _NTFS_STATISTICS {
4317
ULONG LogFileFullExceptions;
4318
ULONG OtherExceptions;
4322
ULONG MftWriteBytes;
4328
} MftWritesUserLevel;
4329
USHORT MftWritesFlushForLogFileFull;
4330
USHORT MftWritesLazyWriter;
4331
USHORT MftWritesUserRequest;
4333
ULONG Mft2WriteBytes;
4339
} Mft2WritesUserLevel;
4340
USHORT Mft2WritesFlushForLogFileFull;
4341
USHORT Mft2WritesLazyWriter;
4342
USHORT Mft2WritesUserRequest;
4343
ULONG RootIndexReads;
4344
ULONG RootIndexReadBytes;
4345
ULONG RootIndexWrites;
4346
ULONG RootIndexWriteBytes;
4348
ULONG BitmapReadBytes;
4350
ULONG BitmapWriteBytes;
4351
USHORT BitmapWritesFlushForLogFileFull;
4352
USHORT BitmapWritesLazyWriter;
4353
USHORT BitmapWritesUserRequest;
4358
} BitmapWritesUserLevel;
4359
ULONG MftBitmapReads;
4360
ULONG MftBitmapReadBytes;
4361
ULONG MftBitmapWrites;
4362
ULONG MftBitmapWriteBytes;
4363
USHORT MftBitmapWritesFlushForLogFileFull;
4364
USHORT MftBitmapWritesLazyWriter;
4365
USHORT MftBitmapWritesUserRequest;
4371
} MftBitmapWritesUserLevel;
4372
ULONG UserIndexReads;
4373
ULONG UserIndexReadBytes;
4374
ULONG UserIndexWrites;
4375
ULONG UserIndexWriteBytes;
4377
ULONG LogFileReadBytes;
4378
ULONG LogFileWrites;
4379
ULONG LogFileWriteBytes;
4386
ULONG HintsClusters;
4388
ULONG CacheClusters;
4390
ULONG CacheMissClusters;
4392
} NTFS_STATISTICS, *PNTFS_STATISTICS;
4394
#endif /* _FILESYSTEMFSCTL_ */
4396
#define SYMLINK_FLAG_RELATIVE 1
4398
typedef struct _REPARSE_DATA_BUFFER {
4400
USHORT ReparseDataLength;
4402
_ANONYMOUS_UNION union {
4404
USHORT SubstituteNameOffset;
4405
USHORT SubstituteNameLength;
4406
USHORT PrintNameOffset;
4407
USHORT PrintNameLength;
4409
WCHAR PathBuffer[1];
4410
} SymbolicLinkReparseBuffer;
4412
USHORT SubstituteNameOffset;
4413
USHORT SubstituteNameLength;
4414
USHORT PrintNameOffset;
4415
USHORT PrintNameLength;
4416
WCHAR PathBuffer[1];
4417
} MountPointReparseBuffer;
4419
UCHAR DataBuffer[1];
4420
} GenericReparseBuffer;
4422
} REPARSE_DATA_BUFFER, *PREPARSE_DATA_BUFFER;
4424
#define REPARSE_DATA_BUFFER_HEADER_SIZE FIELD_OFFSET(REPARSE_DATA_BUFFER, GenericReparseBuffer)
4426
typedef struct _REPARSE_GUID_DATA_BUFFER {
4428
USHORT ReparseDataLength;
4432
UCHAR DataBuffer[1];
4433
} GenericReparseBuffer;
4434
} REPARSE_GUID_DATA_BUFFER, *PREPARSE_GUID_DATA_BUFFER;
4436
#define REPARSE_GUID_DATA_BUFFER_HEADER_SIZE FIELD_OFFSET(REPARSE_GUID_DATA_BUFFER, GenericReparseBuffer)
4438
#define MAXIMUM_REPARSE_DATA_BUFFER_SIZE ( 16 * 1024 )
4440
/* Reserved reparse tags */
4441
#define IO_REPARSE_TAG_RESERVED_ZERO (0)
4442
#define IO_REPARSE_TAG_RESERVED_ONE (1)
4443
#define IO_REPARSE_TAG_RESERVED_RANGE IO_REPARSE_TAG_RESERVED_ONE
4445
#define IsReparseTagMicrosoft(_tag) (((_tag) & 0x80000000))
4446
#define IsReparseTagNameSurrogate(_tag) (((_tag) & 0x20000000))
4448
#define IO_REPARSE_TAG_VALID_VALUES (0xF000FFFF)
4450
#define IsReparseTagValid(tag) ( \
4451
!((tag) & ~IO_REPARSE_TAG_VALID_VALUES) && \
4452
((tag) > IO_REPARSE_TAG_RESERVED_RANGE) \
4455
/* MicroSoft reparse point tags */
4456
#define IO_REPARSE_TAG_MOUNT_POINT (0xA0000003L)
4457
#define IO_REPARSE_TAG_HSM (0xC0000004L)
4458
#define IO_REPARSE_TAG_DRIVE_EXTENDER (0x80000005L)
4459
#define IO_REPARSE_TAG_HSM2 (0x80000006L)
4460
#define IO_REPARSE_TAG_SIS (0x80000007L)
4461
#define IO_REPARSE_TAG_WIM (0x80000008L)
4462
#define IO_REPARSE_TAG_CSV (0x80000009L)
4463
#define IO_REPARSE_TAG_DFS (0x8000000AL)
4464
#define IO_REPARSE_TAG_FILTER_MANAGER (0x8000000BL)
4465
#define IO_REPARSE_TAG_SYMLINK (0xA000000CL)
4466
#define IO_REPARSE_TAG_IIS_CACHE (0xA0000010L)
4467
#define IO_REPARSE_TAG_DFSR (0x80000012L)
4470
typedef struct _REPARSE_INDEX_KEY {
4471
ULONG FileReparseTag;
4472
LARGE_INTEGER FileId;
4473
} REPARSE_INDEX_KEY, *PREPARSE_INDEX_KEY;
4476
#define FSCTL_LMR_GET_LINK_TRACKING_INFORMATION CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM,58,METHOD_BUFFERED,FILE_ANY_ACCESS)
4477
#define FSCTL_LMR_SET_LINK_TRACKING_INFORMATION CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM,59,METHOD_BUFFERED,FILE_ANY_ACCESS)
4478
#define IOCTL_LMR_ARE_FILE_OBJECTS_ON_SAME_SERVER CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM,60,METHOD_BUFFERED,FILE_ANY_ACCESS)
4480
#define FSCTL_PIPE_ASSIGN_EVENT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 0, METHOD_BUFFERED, FILE_ANY_ACCESS)
4481
#define FSCTL_PIPE_DISCONNECT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 1, METHOD_BUFFERED, FILE_ANY_ACCESS)
4482
#define FSCTL_PIPE_LISTEN CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2, METHOD_BUFFERED, FILE_ANY_ACCESS)
4483
#define FSCTL_PIPE_PEEK CTL_CODE(FILE_DEVICE_NAMED_PIPE, 3, METHOD_BUFFERED, FILE_READ_DATA)
4484
#define FSCTL_PIPE_QUERY_EVENT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 4, METHOD_BUFFERED, FILE_ANY_ACCESS)
4485
#define FSCTL_PIPE_TRANSCEIVE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 5, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA)
4486
#define FSCTL_PIPE_WAIT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 6, METHOD_BUFFERED, FILE_ANY_ACCESS)
4487
#define FSCTL_PIPE_IMPERSONATE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 7, METHOD_BUFFERED, FILE_ANY_ACCESS)
4488
#define FSCTL_PIPE_SET_CLIENT_PROCESS CTL_CODE(FILE_DEVICE_NAMED_PIPE, 8, METHOD_BUFFERED, FILE_ANY_ACCESS)
4489
#define FSCTL_PIPE_QUERY_CLIENT_PROCESS CTL_CODE(FILE_DEVICE_NAMED_PIPE, 9, METHOD_BUFFERED, FILE_ANY_ACCESS)
4490
#define FSCTL_PIPE_GET_PIPE_ATTRIBUTE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 10, METHOD_BUFFERED, FILE_ANY_ACCESS)
4491
#define FSCTL_PIPE_SET_PIPE_ATTRIBUTE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 11, METHOD_BUFFERED, FILE_ANY_ACCESS)
4492
#define FSCTL_PIPE_GET_CONNECTION_ATTRIBUTE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 12, METHOD_BUFFERED, FILE_ANY_ACCESS)
4493
#define FSCTL_PIPE_SET_CONNECTION_ATTRIBUTE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 13, METHOD_BUFFERED, FILE_ANY_ACCESS)
4494
#define FSCTL_PIPE_GET_HANDLE_ATTRIBUTE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 14, METHOD_BUFFERED, FILE_ANY_ACCESS)
4495
#define FSCTL_PIPE_SET_HANDLE_ATTRIBUTE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 15, METHOD_BUFFERED, FILE_ANY_ACCESS)
4496
#define FSCTL_PIPE_FLUSH CTL_CODE(FILE_DEVICE_NAMED_PIPE, 16, METHOD_BUFFERED, FILE_WRITE_DATA)
4498
#define FSCTL_PIPE_INTERNAL_READ CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2045, METHOD_BUFFERED, FILE_READ_DATA)
4499
#define FSCTL_PIPE_INTERNAL_WRITE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2046, METHOD_BUFFERED, FILE_WRITE_DATA)
4500
#define FSCTL_PIPE_INTERNAL_TRANSCEIVE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2047, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA)
4501
#define FSCTL_PIPE_INTERNAL_READ_OVFLOW CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2048, METHOD_BUFFERED, FILE_READ_DATA)
4503
#define FILE_PIPE_READ_DATA 0x00000000
4504
#define FILE_PIPE_WRITE_SPACE 0x00000001
4506
typedef struct _FILE_PIPE_ASSIGN_EVENT_BUFFER {
4509
} FILE_PIPE_ASSIGN_EVENT_BUFFER, *PFILE_PIPE_ASSIGN_EVENT_BUFFER;
4511
typedef struct _FILE_PIPE_EVENT_BUFFER {
4512
ULONG NamedPipeState;
4516
ULONG NumberRequests;
4517
} FILE_PIPE_EVENT_BUFFER, *PFILE_PIPE_EVENT_BUFFER;
4519
typedef struct _FILE_PIPE_PEEK_BUFFER {
4520
ULONG NamedPipeState;
4521
ULONG ReadDataAvailable;
4522
ULONG NumberOfMessages;
4523
ULONG MessageLength;
4525
} FILE_PIPE_PEEK_BUFFER, *PFILE_PIPE_PEEK_BUFFER;
4527
typedef struct _FILE_PIPE_WAIT_FOR_BUFFER {
4528
LARGE_INTEGER Timeout;
4530
BOOLEAN TimeoutSpecified;
4532
} FILE_PIPE_WAIT_FOR_BUFFER, *PFILE_PIPE_WAIT_FOR_BUFFER;
4534
typedef struct _FILE_PIPE_CLIENT_PROCESS_BUFFER {
4535
#if !defined(BUILD_WOW6432)
4536
PVOID ClientSession;
4537
PVOID ClientProcess;
4539
ULONGLONG ClientSession;
4540
ULONGLONG ClientProcess;
4542
} FILE_PIPE_CLIENT_PROCESS_BUFFER, *PFILE_PIPE_CLIENT_PROCESS_BUFFER;
4544
#define FILE_PIPE_COMPUTER_NAME_LENGTH 15
4546
typedef struct _FILE_PIPE_CLIENT_PROCESS_BUFFER_EX {
4547
#if !defined(BUILD_WOW6432)
4548
PVOID ClientSession;
4549
PVOID ClientProcess;
4551
ULONGLONG ClientSession;
4552
ULONGLONG ClientProcess;
4554
USHORT ClientComputerNameLength;
4555
WCHAR ClientComputerBuffer[FILE_PIPE_COMPUTER_NAME_LENGTH+1];
4556
} FILE_PIPE_CLIENT_PROCESS_BUFFER_EX, *PFILE_PIPE_CLIENT_PROCESS_BUFFER_EX;
4558
#define FSCTL_MAILSLOT_PEEK CTL_CODE(FILE_DEVICE_MAILSLOT, 0, METHOD_NEITHER, FILE_READ_DATA)
4560
typedef enum _LINK_TRACKING_INFORMATION_TYPE {
4561
NtfsLinkTrackingInformation,
4562
DfsLinkTrackingInformation
4563
} LINK_TRACKING_INFORMATION_TYPE, *PLINK_TRACKING_INFORMATION_TYPE;
4565
typedef struct _LINK_TRACKING_INFORMATION {
4566
LINK_TRACKING_INFORMATION_TYPE Type;
4568
} LINK_TRACKING_INFORMATION, *PLINK_TRACKING_INFORMATION;
4570
typedef struct _REMOTE_LINK_TRACKING_INFORMATION {
4571
PVOID TargetFileObject;
4572
ULONG TargetLinkTrackingInformationLength;
4573
UCHAR TargetLinkTrackingInformationBuffer[1];
4574
} REMOTE_LINK_TRACKING_INFORMATION, *PREMOTE_LINK_TRACKING_INFORMATION;
4576
#define IO_OPEN_PAGING_FILE 0x0002
4577
#define IO_OPEN_TARGET_DIRECTORY 0x0004
4578
#define IO_STOP_ON_SYMLINK 0x0008
4579
#define IO_MM_PAGING_FILE 0x0010
4582
(NTAPI *PDRIVER_FS_NOTIFICATION) (
4583
IN PDEVICE_OBJECT DeviceObject,
4584
IN BOOLEAN FsActive);
4586
typedef enum _FS_FILTER_SECTION_SYNC_TYPE {
4588
SyncTypeCreateSection
4589
} FS_FILTER_SECTION_SYNC_TYPE, *PFS_FILTER_SECTION_SYNC_TYPE;
4591
typedef enum _FS_FILTER_STREAM_FO_NOTIFICATION_TYPE {
4592
NotifyTypeCreate = 0,
4594
} FS_FILTER_STREAM_FO_NOTIFICATION_TYPE, *PFS_FILTER_STREAM_FO_NOTIFICATION_TYPE;
4596
typedef union _FS_FILTER_PARAMETERS {
4598
PLARGE_INTEGER EndingOffset;
4599
PERESOURCE *ResourceToRelease;
4600
} AcquireForModifiedPageWriter;
4602
PERESOURCE ResourceToRelease;
4603
} ReleaseForModifiedPageWriter;
4605
FS_FILTER_SECTION_SYNC_TYPE SyncType;
4606
ULONG PageProtection;
4607
} AcquireForSectionSynchronization;
4609
FS_FILTER_STREAM_FO_NOTIFICATION_TYPE NotificationType;
4610
BOOLEAN POINTER_ALIGNMENT SafeToRecurse;
4611
} NotifyStreamFileObject;
4619
} FS_FILTER_PARAMETERS, *PFS_FILTER_PARAMETERS;
4621
#define FS_FILTER_ACQUIRE_FOR_SECTION_SYNCHRONIZATION (UCHAR)-1
4622
#define FS_FILTER_RELEASE_FOR_SECTION_SYNCHRONIZATION (UCHAR)-2
4623
#define FS_FILTER_ACQUIRE_FOR_MOD_WRITE (UCHAR)-3
4624
#define FS_FILTER_RELEASE_FOR_MOD_WRITE (UCHAR)-4
4625
#define FS_FILTER_ACQUIRE_FOR_CC_FLUSH (UCHAR)-5
4626
#define FS_FILTER_RELEASE_FOR_CC_FLUSH (UCHAR)-6
4628
typedef struct _FS_FILTER_CALLBACK_DATA {
4629
ULONG SizeOfFsFilterCallbackData;
4632
struct _DEVICE_OBJECT *DeviceObject;
4633
struct _FILE_OBJECT *FileObject;
4634
FS_FILTER_PARAMETERS Parameters;
4635
} FS_FILTER_CALLBACK_DATA, *PFS_FILTER_CALLBACK_DATA;
4638
(NTAPI *PFS_FILTER_CALLBACK) (
4639
IN PFS_FILTER_CALLBACK_DATA Data,
4640
OUT PVOID *CompletionContext);
4643
(NTAPI *PFS_FILTER_COMPLETION_CALLBACK) (
4644
IN PFS_FILTER_CALLBACK_DATA Data,
4645
IN NTSTATUS OperationStatus,
4646
IN PVOID CompletionContext);
4648
typedef struct _FS_FILTER_CALLBACKS {
4649
ULONG SizeOfFsFilterCallbacks;
4651
PFS_FILTER_CALLBACK PreAcquireForSectionSynchronization;
4652
PFS_FILTER_COMPLETION_CALLBACK PostAcquireForSectionSynchronization;
4653
PFS_FILTER_CALLBACK PreReleaseForSectionSynchronization;
4654
PFS_FILTER_COMPLETION_CALLBACK PostReleaseForSectionSynchronization;
4655
PFS_FILTER_CALLBACK PreAcquireForCcFlush;
4656
PFS_FILTER_COMPLETION_CALLBACK PostAcquireForCcFlush;
4657
PFS_FILTER_CALLBACK PreReleaseForCcFlush;
4658
PFS_FILTER_COMPLETION_CALLBACK PostReleaseForCcFlush;
4659
PFS_FILTER_CALLBACK PreAcquireForModifiedPageWriter;
4660
PFS_FILTER_COMPLETION_CALLBACK PostAcquireForModifiedPageWriter;
4661
PFS_FILTER_CALLBACK PreReleaseForModifiedPageWriter;
4662
PFS_FILTER_COMPLETION_CALLBACK PostReleaseForModifiedPageWriter;
4663
} FS_FILTER_CALLBACKS, *PFS_FILTER_CALLBACKS;
4665
#if (NTDDI_VERSION >= NTDDI_WINXP)
4669
FsRtlRegisterFileSystemFilterCallbacks(
4670
IN struct _DRIVER_OBJECT *FilterDriverObject,
4671
IN PFS_FILTER_CALLBACKS Callbacks);
4672
#endif /* (NTDDI_VERSION >= NTDDI_WINXP) */
4674
#if (NTDDI_VERSION >= NTDDI_VISTA)
4678
FsRtlNotifyStreamFileObject(
4679
IN struct _FILE_OBJECT * StreamFileObject,
4680
IN struct _DEVICE_OBJECT *DeviceObjectHint OPTIONAL,
4681
IN FS_FILTER_STREAM_FO_NOTIFICATION_TYPE NotificationType,
4682
IN BOOLEAN SafeToRecurse);
4683
#endif /* (NTDDI_VERSION >= NTDDI_VISTA) */
4685
#define DO_VERIFY_VOLUME 0x00000002
4686
#define DO_BUFFERED_IO 0x00000004
4687
#define DO_EXCLUSIVE 0x00000008
4688
#define DO_DIRECT_IO 0x00000010
4689
#define DO_MAP_IO_BUFFER 0x00000020
4690
#define DO_DEVICE_HAS_NAME 0x00000040
4691
#define DO_DEVICE_INITIALIZING 0x00000080
4692
#define DO_SYSTEM_BOOT_PARTITION 0x00000100
4693
#define DO_LONG_TERM_REQUESTS 0x00000200
4694
#define DO_NEVER_LAST_DEVICE 0x00000400
4695
#define DO_SHUTDOWN_REGISTERED 0x00000800
4696
#define DO_BUS_ENUMERATED_DEVICE 0x00001000
4697
#define DO_POWER_PAGABLE 0x00002000
4698
#define DO_POWER_INRUSH 0x00004000
4699
#define DO_LOW_PRIORITY_FILESYSTEM 0x00010000
4700
#define DO_SUPPORTS_TRANSACTIONS 0x00040000
4701
#define DO_FORCE_NEITHER_IO 0x00080000
4702
#define DO_VOLUME_DEVICE_OBJECT 0x00100000
4703
#define DO_SYSTEM_SYSTEM_PARTITION 0x00200000
4704
#define DO_SYSTEM_CRITICAL_PARTITION 0x00400000
4705
#define DO_DISALLOW_EXECUTE 0x00800000
4707
extern KSPIN_LOCK IoStatisticsLock;
4708
extern ULONG IoReadOperationCount;
4709
extern ULONG IoWriteOperationCount;
4710
extern ULONG IoOtherOperationCount;
4711
extern LARGE_INTEGER IoReadTransferCount;
4712
extern LARGE_INTEGER IoWriteTransferCount;
4713
extern LARGE_INTEGER IoOtherTransferCount;
4715
#define IO_FILE_OBJECT_NON_PAGED_POOL_CHARGE 64
4716
#define IO_FILE_OBJECT_PAGED_POOL_CHARGE 1024
4718
#if (NTDDI_VERSION >= NTDDI_VISTA)
4719
typedef struct _IO_PRIORITY_INFO {
4721
ULONG ThreadPriority;
4723
IO_PRIORITY_HINT IoPriority;
4724
} IO_PRIORITY_INFO, *PIO_PRIORITY_INFO;
4727
typedef struct _PUBLIC_OBJECT_BASIC_INFORMATION {
4729
ACCESS_MASK GrantedAccess;
4733
} PUBLIC_OBJECT_BASIC_INFORMATION, *PPUBLIC_OBJECT_BASIC_INFORMATION;
4735
typedef struct _PUBLIC_OBJECT_TYPE_INFORMATION {
4736
UNICODE_STRING TypeName;
4737
ULONG Reserved [22];
4738
} PUBLIC_OBJECT_TYPE_INFORMATION, *PPUBLIC_OBJECT_TYPE_INFORMATION;
4740
typedef struct _SECURITY_CLIENT_CONTEXT {
4741
SECURITY_QUALITY_OF_SERVICE SecurityQos;
4742
PACCESS_TOKEN ClientToken;
4743
BOOLEAN DirectlyAccessClientToken;
4744
BOOLEAN DirectAccessEffectiveOnly;
4745
BOOLEAN ServerIsRemote;
4746
TOKEN_CONTROL ClientTokenControl;
4747
} SECURITY_CLIENT_CONTEXT, *PSECURITY_CLIENT_CONTEXT;
4749
#define SYSTEM_PAGE_PRIORITY_BITS 3
4750
#define SYSTEM_PAGE_PRIORITY_LEVELS (1 << SYSTEM_PAGE_PRIORITY_BITS)
4752
typedef struct _KAPC_STATE {
4753
LIST_ENTRY ApcListHead[MaximumMode];
4755
BOOLEAN KernelApcInProgress;
4756
BOOLEAN KernelApcPending;
4757
BOOLEAN UserApcPending;
4758
} KAPC_STATE, *PKAPC_STATE, *RESTRICTED_POINTER PRKAPC_STATE;
4760
#define KAPC_STATE_ACTUAL_LENGTH (FIELD_OFFSET(KAPC_STATE, UserApcPending) + sizeof(BOOLEAN))
4762
#define ASSERT_QUEUE(Q) ASSERT(((Q)->Header.Type & KOBJECT_TYPE_MASK) == QueueObject);
4764
typedef struct _KQUEUE {
4765
DISPATCHER_HEADER Header;
4766
LIST_ENTRY EntryListHead;
4767
volatile ULONG CurrentCount;
4769
LIST_ENTRY ThreadListHead;
4770
} KQUEUE, *PKQUEUE, *RESTRICTED_POINTER PRKQUEUE;
4772
/******************************************************************************
4773
* Kernel Functions *
4774
******************************************************************************/
4778
KeGetProcessorNumberFromIndex(
4780
OUT PPROCESSOR_NUMBER ProcNumber);
4784
KeGetProcessorIndexFromNumber(
4785
IN PPROCESSOR_NUMBER ProcNumber);
4787
#if (NTDDI_VERSION >= NTDDI_WIN2K)
4796
OUT PRKMUTANT Mutant,
4797
IN BOOLEAN InitialOwner);
4803
IN PRKMUTANT Mutant);
4809
IN OUT PRKMUTANT Mutant,
4810
IN KPRIORITY Increment,
4811
IN BOOLEAN Abandoned,
4831
IN OUT PRKQUEUE Queue,
4832
IN OUT PLIST_ENTRY Entry);
4838
IN OUT PRKQUEUE Queue,
4839
IN OUT PLIST_ENTRY Entry);
4845
IN OUT PRKQUEUE Queue,
4846
IN KPROCESSOR_MODE WaitMode,
4847
IN PLARGE_INTEGER Timeout OPTIONAL);
4853
IN OUT PKPROCESS Process);
4865
IN OUT PRKQUEUE Queue);
4870
KeStackAttachProcess(
4871
IN OUT PKPROCESS Process,
4872
OUT PKAPC_STATE ApcState);
4877
KeUnstackDetachProcess(
4878
IN PKAPC_STATE ApcState);
4883
KeSetIdealProcessorThread(
4884
IN OUT PKTHREAD Thread,
4885
IN UCHAR Processor);
4890
KeSetKernelStackSwapEnable(
4897
KeAcquireSpinLockRaiseToSynch(
4898
IN OUT PKSPIN_LOCK SpinLock);
4902
KeAcquireSpinLockRaiseToSynch(
4903
IN OUT PKSPIN_LOCK SpinLock);
4906
#endif /* (NTDDI_VERSION >= NTDDI_WIN2K) */
4908
#if (NTDDI_VERSION >= NTDDI_WINXP)
4914
KeAcquireQueuedSpinLock(
4915
IN OUT KSPIN_LOCK_QUEUE_NUMBER Number);
4920
KeReleaseQueuedSpinLock(
4921
IN OUT KSPIN_LOCK_QUEUE_NUMBER Number,
4927
KeTryToAcquireQueuedSpinLock(
4928
IN KSPIN_LOCK_QUEUE_NUMBER Number,
4929
OUT PKIRQL OldIrql);
4931
#endif /* (NTDDI_VERSION >= NTDDI_WINXP) */
4937
#if (NTDDI_VERSION >= NTDDI_VISTA)
4943
OUT PCLIENT_ID ClientId);
4948
IN OUT PKQUEUE Queue,
4949
IN KPROCESSOR_MODE WaitMode,
4950
IN BOOLEAN Alertable,
4951
IN PLARGE_INTEGER Timeout OPTIONAL,
4952
OUT PLIST_ENTRY *EntryArray,
4955
#endif /* (NTDDI_VERSION >= NTDDI_VISTA) */
4959
#define INVALID_PROCESSOR_INDEX 0xffffffff
4961
#define EX_PUSH_LOCK ULONG_PTR
4962
#define PEX_PUSH_LOCK PULONG_PTR
4963
/******************************************************************************
4964
* Executive Functions *
4965
******************************************************************************/
4968
#define ExDisableResourceBoost ExDisableResourceBoostLite
4971
ExInitializePushLock (
4972
OUT PEX_PUSH_LOCK PushLock);
4974
#if (NTDDI_VERSION >= NTDDI_WIN2K)
4979
ExQueryPoolBlockSize(
4981
OUT PBOOLEAN QuotaCharged);
4984
ExAdjustLookasideDepth(
4990
ExDisableResourceBoostLite(
4991
IN PERESOURCE Resource);
4992
#endif /* (NTDDI_VERSION >= NTDDI_WIN2K) */
4994
#if (NTDDI_VERSION >= NTDDI_WINXP)
4998
InterlockedPushListSList(
4999
IN OUT PSLIST_HEADER ListHead,
5000
IN OUT PSLIST_ENTRY List,
5001
IN OUT PSLIST_ENTRY ListEnd,
5003
#endif /* (NTDDI_VERSION >= NTDDI_WINXP) */
5005
/******************************************************************************
5006
* Security Manager Functions *
5007
******************************************************************************/
5009
#if (NTDDI_VERSION >= NTDDI_WIN2K)
5015
SeReleaseSubjectContext(
5016
IN PSECURITY_SUBJECT_CONTEXT SubjectContext);
5022
IN OUT PPRIVILEGE_SET RequiredPrivileges,
5023
IN PSECURITY_SUBJECT_CONTEXT SubjectContext,
5024
IN KPROCESSOR_MODE AccessMode);
5029
SeOpenObjectAuditAlarm(
5030
IN PUNICODE_STRING ObjectTypeName,
5031
IN PVOID Object OPTIONAL,
5032
IN PUNICODE_STRING AbsoluteObjectName OPTIONAL,
5033
IN PSECURITY_DESCRIPTOR SecurityDescriptor,
5034
IN PACCESS_STATE AccessState,
5035
IN BOOLEAN ObjectCreated,
5036
IN BOOLEAN AccessGranted,
5037
IN KPROCESSOR_MODE AccessMode,
5038
OUT PBOOLEAN GenerateOnClose);
5043
SeOpenObjectForDeleteAuditAlarm(
5044
IN PUNICODE_STRING ObjectTypeName,
5045
IN PVOID Object OPTIONAL,
5046
IN PUNICODE_STRING AbsoluteObjectName OPTIONAL,
5047
IN PSECURITY_DESCRIPTOR SecurityDescriptor,
5048
IN PACCESS_STATE AccessState,
5049
IN BOOLEAN ObjectCreated,
5050
IN BOOLEAN AccessGranted,
5051
IN KPROCESSOR_MODE AccessMode,
5052
OUT PBOOLEAN GenerateOnClose);
5057
SeDeleteObjectAuditAlarm(
5065
IN PACCESS_TOKEN Token);
5071
IN PACCESS_TOKEN Token);
5076
SeTokenIsRestricted(
5077
IN PACCESS_TOKEN Token);
5082
SeQueryAuthenticationIdToken(
5083
IN PACCESS_TOKEN Token,
5084
OUT PLUID AuthenticationId);
5089
SeQuerySessionIdToken(
5090
IN PACCESS_TOKEN Token,
5091
OUT PULONG SessionId);
5096
SeCreateClientSecurity(
5097
IN PETHREAD ClientThread,
5098
IN PSECURITY_QUALITY_OF_SERVICE ClientSecurityQos,
5099
IN BOOLEAN RemoteSession,
5100
OUT PSECURITY_CLIENT_CONTEXT ClientContext);
5105
SeImpersonateClient(
5106
IN PSECURITY_CLIENT_CONTEXT ClientContext,
5107
IN PETHREAD ServerThread OPTIONAL);
5112
SeImpersonateClientEx(
5113
IN PSECURITY_CLIENT_CONTEXT ClientContext,
5114
IN PETHREAD ServerThread OPTIONAL);
5119
SeCreateClientSecurityFromSubjectContext(
5120
IN PSECURITY_SUBJECT_CONTEXT SubjectContext,
5121
IN PSECURITY_QUALITY_OF_SERVICE ClientSecurityQos,
5122
IN BOOLEAN ServerIsRemote,
5123
OUT PSECURITY_CLIENT_CONTEXT ClientContext);
5128
SeQuerySecurityDescriptorInfo(
5129
IN PSECURITY_INFORMATION SecurityInformation,
5130
OUT PSECURITY_DESCRIPTOR SecurityDescriptor,
5131
IN OUT PULONG Length,
5132
IN OUT PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor);
5137
SeSetSecurityDescriptorInfo(
5138
IN PVOID Object OPTIONAL,
5139
IN PSECURITY_INFORMATION SecurityInformation,
5140
IN PSECURITY_DESCRIPTOR SecurityDescriptor,
5141
IN OUT PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor,
5142
IN POOL_TYPE PoolType,
5143
IN PGENERIC_MAPPING GenericMapping);
5148
SeSetSecurityDescriptorInfoEx(
5149
IN PVOID Object OPTIONAL,
5150
IN PSECURITY_INFORMATION SecurityInformation,
5151
IN PSECURITY_DESCRIPTOR ModificationDescriptor,
5152
IN OUT PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor,
5153
IN ULONG AutoInheritFlags,
5154
IN POOL_TYPE PoolType,
5155
IN PGENERIC_MAPPING GenericMapping);
5161
IN OUT PACCESS_STATE AccessState,
5162
IN PPRIVILEGE_SET Privileges);
5167
SeAuditingFileEvents(
5168
IN BOOLEAN AccessGranted,
5169
IN PSECURITY_DESCRIPTOR SecurityDescriptor);
5174
SeAuditingFileOrGlobalEvents(
5175
IN BOOLEAN AccessGranted,
5176
IN PSECURITY_DESCRIPTOR SecurityDescriptor,
5177
IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext);
5181
SeSetAccessStateGenericMapping(
5182
IN OUT PACCESS_STATE AccessState,
5183
IN PGENERIC_MAPPING GenericMapping);
5188
SeRegisterLogonSessionTerminatedRoutine(
5189
IN PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine);
5194
SeUnregisterLogonSessionTerminatedRoutine(
5195
IN PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine);
5200
SeMarkLogonSessionForTerminationNotification(
5206
SeQueryInformationToken(
5207
IN PACCESS_TOKEN Token,
5208
IN TOKEN_INFORMATION_CLASS TokenInformationClass,
5209
OUT PVOID *TokenInformation);
5211
#endif /* (NTDDI_VERSION >= NTDDI_WIN2K) */
5212
#if (NTDDI_VERSION >= NTDDI_WIN2KSP3)
5216
SeAuditingHardLinkEvents(
5217
IN BOOLEAN AccessGranted,
5218
IN PSECURITY_DESCRIPTOR SecurityDescriptor);
5221
#if (NTDDI_VERSION >= NTDDI_WINXP)
5227
IN PACCESS_TOKEN ExistingToken,
5229
IN PTOKEN_GROUPS SidsToDisable OPTIONAL,
5230
IN PTOKEN_PRIVILEGES PrivilegesToDelete OPTIONAL,
5231
IN PTOKEN_GROUPS RestrictedSids OPTIONAL,
5232
OUT PACCESS_TOKEN *FilteredToken);
5237
SeAuditHardLinkCreation(
5238
IN PUNICODE_STRING FileName,
5239
IN PUNICODE_STRING LinkName,
5240
IN BOOLEAN bSuccess);
5242
#endif /* (NTDDI_VERSION >= NTDDI_WINXP) */
5244
#if (NTDDI_VERSION >= NTDDI_WINXPSP2)
5249
SeAuditingFileEventsWithContext(
5250
IN BOOLEAN AccessGranted,
5251
IN PSECURITY_DESCRIPTOR SecurityDescriptor,
5252
IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext OPTIONAL);
5257
SeAuditingHardLinkEventsWithContext(
5258
IN BOOLEAN AccessGranted,
5259
IN PSECURITY_DESCRIPTOR SecurityDescriptor,
5260
IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext OPTIONAL);
5265
#if (NTDDI_VERSION >= NTDDI_VISTA)
5270
SeOpenObjectAuditAlarmWithTransaction(
5271
IN PUNICODE_STRING ObjectTypeName,
5272
IN PVOID Object OPTIONAL,
5273
IN PUNICODE_STRING AbsoluteObjectName OPTIONAL,
5274
IN PSECURITY_DESCRIPTOR SecurityDescriptor,
5275
IN PACCESS_STATE AccessState,
5276
IN BOOLEAN ObjectCreated,
5277
IN BOOLEAN AccessGranted,
5278
IN KPROCESSOR_MODE AccessMode,
5279
IN GUID *TransactionId OPTIONAL,
5280
OUT PBOOLEAN GenerateOnClose);
5285
SeOpenObjectForDeleteAuditAlarmWithTransaction(
5286
IN PUNICODE_STRING ObjectTypeName,
5287
IN PVOID Object OPTIONAL,
5288
IN PUNICODE_STRING AbsoluteObjectName OPTIONAL,
5289
IN PSECURITY_DESCRIPTOR SecurityDescriptor,
5290
IN PACCESS_STATE AccessState,
5291
IN BOOLEAN ObjectCreated,
5292
IN BOOLEAN AccessGranted,
5293
IN KPROCESSOR_MODE AccessMode,
5294
IN GUID *TransactionId OPTIONAL,
5295
OUT PBOOLEAN GenerateOnClose);
5302
IN PACCESS_TOKEN Token,
5303
IN ACCESS_MASK DesiredAccess,
5304
IN BOOLEAN AccessGranted,
5305
OUT PBOOLEAN GenerateAudit,
5306
OUT PBOOLEAN GenerateAlarm);
5311
SeDeleteObjectAuditAlarmWithTransaction(
5314
IN GUID *TransactionId OPTIONAL);
5319
SeQueryTokenIntegrity(
5320
IN PACCESS_TOKEN Token,
5321
IN OUT PSID_AND_ATTRIBUTES IntegritySA);
5326
SeSetSessionIdToken(
5327
IN PACCESS_TOKEN Token,
5328
IN ULONG SessionId);
5333
SeAuditHardLinkCreationWithTransaction(
5334
IN PUNICODE_STRING FileName,
5335
IN PUNICODE_STRING LinkName,
5336
IN BOOLEAN bSuccess,
5337
IN GUID *TransactionId OPTIONAL);
5342
SeAuditTransactionStateChange(
5343
IN GUID *TransactionId,
5344
IN GUID *ResourceManagerId,
5345
IN ULONG NewTransactionState);
5346
#endif /* (NTDDI_VERSION >= NTDDI_VISTA) */
5348
#if (NTDDI_VERSION >= NTDDI_VISTA || (NTDDI_VERSION >= NTDDI_WINXPSP2 && NTDDI_VERSION < NTDDI_WS03))
5352
SeTokenIsWriteRestricted(
5353
IN PACCESS_TOKEN Token);
5356
#if (NTDDI_VERSION >= NTDDI_WIN7)
5361
SeAuditingAnyFileEventsWithContext(
5362
IN PSECURITY_DESCRIPTOR SecurityDescriptor,
5363
IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext OPTIONAL);
5368
SeExamineGlobalSacl(
5369
IN PUNICODE_STRING ObjectType,
5370
IN PACCESS_TOKEN Token,
5371
IN ACCESS_MASK DesiredAccess,
5372
IN BOOLEAN AccessGranted,
5373
IN OUT PBOOLEAN GenerateAudit,
5374
IN OUT PBOOLEAN GenerateAlarm OPTIONAL);
5379
SeMaximumAuditMaskFromGlobalSacl(
5380
IN PUNICODE_STRING ObjectTypeName OPTIONAL,
5381
IN ACCESS_MASK GrantedAccess,
5382
IN PACCESS_TOKEN Token,
5383
IN OUT PACCESS_MASK AuditMask);
5385
#endif /* (NTDDI_VERSION >= NTDDI_WIN7) */
5389
SeReportSecurityEventWithSubCategory(
5391
IN PUNICODE_STRING SourceName,
5392
IN PSID UserSid OPTIONAL,
5393
IN PSE_ADT_PARAMETER_ARRAY AuditParameters,
5394
IN ULONG AuditSubcategoryId);
5398
SeAccessCheckFromState(
5399
IN PSECURITY_DESCRIPTOR SecurityDescriptor,
5400
IN PTOKEN_ACCESS_INFORMATION PrimaryTokenInformation,
5401
IN PTOKEN_ACCESS_INFORMATION ClientTokenInformation OPTIONAL,
5402
IN ACCESS_MASK DesiredAccess,
5403
IN ACCESS_MASK PreviouslyGrantedAccess,
5404
OUT PPRIVILEGE_SET *Privileges OPTIONAL,
5405
IN PGENERIC_MAPPING GenericMapping,
5406
IN KPROCESSOR_MODE AccessMode,
5407
OUT PACCESS_MASK GrantedAccess,
5408
OUT PNTSTATUS AccessStatus);
5414
IN PPRIVILEGE_SET Privileges);
5418
SeLocateProcessImageName(
5419
IN OUT PEPROCESS Process,
5420
OUT PUNICODE_STRING *pImageFileName);
5422
#define SeLengthSid( Sid ) \
5423
(8 + (4 * ((SID *)Sid)->SubAuthorityCount))
5425
#define SeDeleteClientSecurity(C) { \
5426
if (SeTokenType((C)->ClientToken) == TokenPrimary) { \
5427
PsDereferencePrimaryToken( (C)->ClientToken ); \
5429
PsDereferenceImpersonationToken( (C)->ClientToken ); \
5433
#define SeStopImpersonatingClient() PsRevertToSelf()
5435
#define SeQuerySubjectContextToken( SubjectContext ) \
5436
( ARGUMENT_PRESENT( \
5437
((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->ClientToken \
5439
((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->ClientToken : \
5440
((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->PrimaryToken )
5442
extern NTKERNELAPI PSE_EXPORTS SeExports;
5443
/******************************************************************************
5444
* Process Manager Functions *
5445
******************************************************************************/
5450
PsLookupProcessByProcessId(
5451
IN HANDLE ProcessId,
5452
OUT PEPROCESS *Process);
5457
PsLookupThreadByThreadId(
5458
IN HANDLE UniqueThreadId,
5459
OUT PETHREAD *Thread);
5461
#if (NTDDI_VERSION >= NTDDI_WIN2K)
5467
PsReferenceImpersonationToken(
5468
IN OUT PETHREAD Thread,
5469
OUT PBOOLEAN CopyOnOpen,
5470
OUT PBOOLEAN EffectiveOnly,
5471
OUT PSECURITY_IMPERSONATION_LEVEL ImpersonationLevel);
5476
PsGetProcessExitTime(VOID);
5481
PsIsThreadTerminating(
5482
IN PETHREAD Thread);
5487
PsImpersonateClient(
5488
IN OUT PETHREAD Thread,
5489
IN PACCESS_TOKEN Token,
5490
IN BOOLEAN CopyOnOpen,
5491
IN BOOLEAN EffectiveOnly,
5492
IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel);
5497
PsDisableImpersonation(
5498
IN OUT PETHREAD Thread,
5499
IN OUT PSE_IMPERSONATION_STATE ImpersonationState);
5504
PsRestoreImpersonation(
5506
IN PSE_IMPERSONATION_STATE ImpersonationState);
5511
PsRevertToSelf(VOID);
5517
IN PEPROCESS Process,
5518
IN POOL_TYPE PoolType,
5519
IN ULONG_PTR Amount);
5525
IN PEPROCESS Process,
5526
IN POOL_TYPE PoolType,
5527
IN ULONG_PTR Amount);
5532
PsAssignImpersonationToken(
5534
IN HANDLE Token OPTIONAL);
5539
PsReferencePrimaryToken(
5540
IN OUT PEPROCESS Process);
5541
#endif /* (NTDDI_VERSION >= NTDDI_WIN2K) */
5542
#if (NTDDI_VERSION >= NTDDI_WINXP)
5548
PsDereferencePrimaryToken(
5549
IN PACCESS_TOKEN PrimaryToken);
5554
PsDereferenceImpersonationToken(
5555
IN PACCESS_TOKEN ImpersonationToken);
5560
PsChargeProcessPoolQuota(
5561
IN PEPROCESS Process,
5562
IN POOL_TYPE PoolType,
5563
IN ULONG_PTR Amount);
5569
IN PETHREAD Thread);
5570
#endif /* (NTDDI_VERSION >= NTDDI_WINXP) */
5572
/******************************************************************************
5573
* I/O Manager Functions *
5574
******************************************************************************/
5576
#define IoIsFileOpenedExclusively(FileObject) ( \
5578
(FileObject)->SharedRead || \
5579
(FileObject)->SharedWrite || \
5580
(FileObject)->SharedDelete \
5584
#if (NTDDI_VERSION == NTDDI_WIN2K)
5588
IoRegisterFsRegistrationChangeEx(
5589
IN PDRIVER_OBJECT DriverObject,
5590
IN PDRIVER_FS_NOTIFICATION DriverNotificationRoutine);
5592
#if (NTDDI_VERSION >= NTDDI_WIN2K)
5598
IoAcquireVpbSpinLock(
5604
IoCheckDesiredAccess(
5605
IN OUT PACCESS_MASK DesiredAccess,
5606
IN ACCESS_MASK GrantedAccess);
5611
IoCheckEaBufferValidity(
5612
IN PFILE_FULL_EA_INFORMATION EaBuffer,
5614
OUT PULONG ErrorOffset);
5619
IoCheckFunctionAccess(
5620
IN ACCESS_MASK GrantedAccess,
5621
IN UCHAR MajorFunction,
5622
IN UCHAR MinorFunction,
5623
IN ULONG IoControlCode,
5624
IN PVOID Argument1 OPTIONAL,
5625
IN PVOID Argument2 OPTIONAL);
5630
IoCheckQuerySetFileInformation(
5631
IN FILE_INFORMATION_CLASS FileInformationClass,
5633
IN BOOLEAN SetOperation);
5638
IoCheckQuerySetVolumeInformation(
5639
IN FS_INFORMATION_CLASS FsInformationClass,
5641
IN BOOLEAN SetOperation);
5646
IoCheckQuotaBufferValidity(
5647
IN PFILE_QUOTA_INFORMATION QuotaBuffer,
5648
IN ULONG QuotaLength,
5649
OUT PULONG ErrorOffset);
5654
IoCreateStreamFileObject(
5655
IN PFILE_OBJECT FileObject OPTIONAL,
5656
IN PDEVICE_OBJECT DeviceObject OPTIONAL);
5661
IoCreateStreamFileObjectLite(
5662
IN PFILE_OBJECT FileObject OPTIONAL,
5663
IN PDEVICE_OBJECT DeviceObject OPTIONAL);
5668
IoFastQueryNetworkAttributes(
5669
IN POBJECT_ATTRIBUTES ObjectAttributes,
5670
IN ACCESS_MASK DesiredAccess,
5671
IN ULONG OpenOptions,
5672
OUT PIO_STATUS_BLOCK IoStatus,
5673
OUT PFILE_NETWORK_OPEN_INFORMATION Buffer);
5679
IN PFILE_OBJECT FileObject,
5681
IN PLARGE_INTEGER Offset,
5683
OUT PIO_STATUS_BLOCK IoStatusBlock);
5688
IoGetBaseFileSystemDeviceObject(
5689
IN PFILE_OBJECT FileObject);
5692
PCONFIGURATION_INFORMATION
5694
IoGetConfigurationInformation(VOID);
5699
IoGetRequestorProcessId(
5705
IoGetRequestorProcess(
5711
IoGetTopLevelIrp(VOID);
5716
IoIsOperationSynchronous(
5723
IN PETHREAD Thread);
5728
IoIsValidNameGraftingBuffer(
5730
IN PREPARSE_DATA_BUFFER ReparseBuffer);
5735
IoQueryFileInformation(
5736
IN PFILE_OBJECT FileObject,
5737
IN FILE_INFORMATION_CLASS FileInformationClass,
5739
OUT PVOID FileInformation,
5740
OUT PULONG ReturnedLength);
5745
IoQueryVolumeInformation(
5746
IN PFILE_OBJECT FileObject,
5747
IN FS_INFORMATION_CLASS FsInformationClass,
5749
OUT PVOID FsInformation,
5750
OUT PULONG ReturnedLength);
5761
IoRegisterFileSystem(
5762
IN PDEVICE_OBJECT DeviceObject);
5767
IoRegisterFsRegistrationChange(
5768
IN PDRIVER_OBJECT DriverObject,
5769
IN PDRIVER_FS_NOTIFICATION DriverNotificationRoutine);
5774
IoReleaseVpbSpinLock(
5780
IoSetDeviceToVerify(
5782
IN PDEVICE_OBJECT DeviceObject OPTIONAL);
5788
IN PFILE_OBJECT FileObject,
5789
IN FILE_INFORMATION_CLASS FileInformationClass,
5791
IN PVOID FileInformation);
5797
IN PIRP Irp OPTIONAL);
5802
IoSynchronousPageWrite(
5803
IN PFILE_OBJECT FileObject,
5805
IN PLARGE_INTEGER FileOffset,
5807
OUT PIO_STATUS_BLOCK IoStatusBlock);
5813
IN PETHREAD Thread);
5818
IoUnregisterFileSystem(
5819
IN PDEVICE_OBJECT DeviceObject);
5824
IoUnregisterFsRegistrationChange(
5825
IN PDRIVER_OBJECT DriverObject,
5826
IN PDRIVER_FS_NOTIFICATION DriverNotificationRoutine);
5832
IN PDEVICE_OBJECT DeviceObject,
5833
IN BOOLEAN AllowRawMount);
5838
IoGetRequestorSessionId(
5840
OUT PULONG pSessionId);
5842
#endif /* (NTDDI_VERSION >= NTDDI_WIN2K) */
5845
#if (NTDDI_VERSION >= NTDDI_WINXP)
5851
IoCreateStreamFileObjectEx(
5852
IN PFILE_OBJECT FileObject OPTIONAL,
5853
IN PDEVICE_OBJECT DeviceObject OPTIONAL,
5854
OUT PHANDLE FileObjectHandle OPTIONAL);
5859
IoQueryFileDosDeviceName(
5860
IN PFILE_OBJECT FileObject,
5861
OUT POBJECT_NAME_INFORMATION *ObjectNameInformation);
5866
IoEnumerateDeviceObjectList(
5867
IN PDRIVER_OBJECT DriverObject,
5868
OUT PDEVICE_OBJECT *DeviceObjectList,
5869
IN ULONG DeviceObjectListSize,
5870
OUT PULONG ActualNumberDeviceObjects);
5875
IoGetLowerDeviceObject(
5876
IN PDEVICE_OBJECT DeviceObject);
5881
IoGetDeviceAttachmentBaseRef(
5882
IN PDEVICE_OBJECT DeviceObject);
5887
IoGetDiskDeviceObject(
5888
IN PDEVICE_OBJECT FileSystemDeviceObject,
5889
OUT PDEVICE_OBJECT *DiskDeviceObject);
5891
#endif /* (NTDDI_VERSION >= NTDDI_WINXP) */
5893
#if (NTDDI_VERSION >= NTDDI_WS03SP1)
5899
IoEnumerateRegisteredFiltersList(
5900
OUT PDRIVER_OBJECT *DriverObjectList,
5901
IN ULONG DriverObjectListSize,
5902
OUT PULONG ActualNumberDriverObjects);
5903
#endif /* (NTDDI_VERSION >= NTDDI_WS03SP1) */
5905
#if (NTDDI_VERSION >= NTDDI_VISTA)
5910
IoInitializePriorityInfo(
5911
IN PIO_PRIORITY_INFO PriorityInfo)
5913
PriorityInfo->Size = sizeof(IO_PRIORITY_INFO);
5914
PriorityInfo->ThreadPriority = 0xffff;
5915
PriorityInfo->IoPriority = IoPriorityNormal;
5916
PriorityInfo->PagePriority = 0;
5918
#endif /* (NTDDI_VERSION >= NTDDI_VISTA) */
5920
#if (NTDDI_VERSION >= NTDDI_WIN7)
5926
IoRegisterFsRegistrationChangeMountAware(
5927
IN PDRIVER_OBJECT DriverObject,
5928
IN PDRIVER_FS_NOTIFICATION DriverNotificationRoutine,
5929
IN BOOLEAN SynchronizeWithMounts);
5934
IoReplaceFileObjectName(
5935
IN PFILE_OBJECT FileObject,
5936
IN PWSTR NewFileName,
5937
IN USHORT FileNameLength);
5938
#endif /* (NTDDI_VERSION >= NTDDI_WIN7) */
5941
#define PO_CB_SYSTEM_POWER_POLICY 0
5942
#define PO_CB_AC_STATUS 1
5943
#define PO_CB_BUTTON_COLLISION 2
5944
#define PO_CB_SYSTEM_STATE_LOCK 3
5945
#define PO_CB_LID_SWITCH_STATE 4
5946
#define PO_CB_PROCESSOR_POWER_POLICY 5
5949
#if (NTDDI_VERSION >= NTDDI_WINXP)
5953
PoQueueShutdownWorkItem(
5954
IN OUT PWORK_QUEUE_ITEM WorkItem);
5956
/******************************************************************************
5957
* Memory manager Types *
5958
******************************************************************************/
5959
typedef enum _MMFLUSH_TYPE {
5964
typedef struct _READ_LIST {
5965
PFILE_OBJECT FileObject;
5966
ULONG NumberOfEntries;
5968
FILE_SEGMENT_ELEMENT List[ANYSIZE_ARRAY];
5969
} READ_LIST, *PREAD_LIST;
5971
#if (NTDDI_VERSION >= NTDDI_WINXP)
5973
typedef union _MM_PREFETCH_FLAGS {
5975
ULONG Priority : SYSTEM_PAGE_PRIORITY_BITS;
5976
ULONG RepurposePriority : SYSTEM_PAGE_PRIORITY_BITS;
5979
} MM_PREFETCH_FLAGS, *PMM_PREFETCH_FLAGS;
5981
#define MM_PREFETCH_FLAGS_MASK ((1 << (2*SYSTEM_PAGE_PRIORITY_BITS)) - 1)
5983
#endif /* (NTDDI_VERSION >= NTDDI_WINXP) */
5985
#define HEAP_NO_SERIALIZE 0x00000001
5986
#define HEAP_GROWABLE 0x00000002
5987
#define HEAP_GENERATE_EXCEPTIONS 0x00000004
5988
#define HEAP_ZERO_MEMORY 0x00000008
5989
#define HEAP_REALLOC_IN_PLACE_ONLY 0x00000010
5990
#define HEAP_TAIL_CHECKING_ENABLED 0x00000020
5991
#define HEAP_FREE_CHECKING_ENABLED 0x00000040
5992
#define HEAP_DISABLE_COALESCE_ON_FREE 0x00000080
5994
#define HEAP_CREATE_ALIGN_16 0x00010000
5995
#define HEAP_CREATE_ENABLE_TRACING 0x00020000
5996
#define HEAP_CREATE_ENABLE_EXECUTE 0x00040000
5998
#define HEAP_SETTABLE_USER_VALUE 0x00000100
5999
#define HEAP_SETTABLE_USER_FLAG1 0x00000200
6000
#define HEAP_SETTABLE_USER_FLAG2 0x00000400
6001
#define HEAP_SETTABLE_USER_FLAG3 0x00000800
6002
#define HEAP_SETTABLE_USER_FLAGS 0x00000E00
6004
#define HEAP_CLASS_0 0x00000000
6005
#define HEAP_CLASS_1 0x00001000
6006
#define HEAP_CLASS_2 0x00002000
6007
#define HEAP_CLASS_3 0x00003000
6008
#define HEAP_CLASS_4 0x00004000
6009
#define HEAP_CLASS_5 0x00005000
6010
#define HEAP_CLASS_6 0x00006000
6011
#define HEAP_CLASS_7 0x00007000
6012
#define HEAP_CLASS_8 0x00008000
6013
#define HEAP_CLASS_MASK 0x0000F000
6015
#define HEAP_MAXIMUM_TAG 0x0FFF
6016
#define HEAP_GLOBAL_TAG 0x0800
6017
#define HEAP_PSEUDO_TAG_FLAG 0x8000
6018
#define HEAP_TAG_SHIFT 18
6019
#define HEAP_TAG_MASK (HEAP_MAXIMUM_TAG << HEAP_TAG_SHIFT)
6021
#define HEAP_CREATE_VALID_MASK (HEAP_NO_SERIALIZE | \
6023
HEAP_GENERATE_EXCEPTIONS | \
6024
HEAP_ZERO_MEMORY | \
6025
HEAP_REALLOC_IN_PLACE_ONLY | \
6026
HEAP_TAIL_CHECKING_ENABLED | \
6027
HEAP_FREE_CHECKING_ENABLED | \
6028
HEAP_DISABLE_COALESCE_ON_FREE | \
6030
HEAP_CREATE_ALIGN_16 | \
6031
HEAP_CREATE_ENABLE_TRACING | \
6032
HEAP_CREATE_ENABLE_EXECUTE)
6034
/******************************************************************************
6035
* Memory manager Functions *
6036
******************************************************************************/
6040
HEAP_MAKE_TAG_FLAGS(
6044
//__assume_bound(TagBase); // FIXME
6045
return ((ULONG)((TagBase) + ((Tag) << HEAP_TAG_SHIFT)));
6048
#if (NTDDI_VERSION >= NTDDI_WIN2K)
6053
MmIsRecursiveIoFault(
6059
MmForceSectionClosed(
6060
IN PSECTION_OBJECT_POINTERS SectionObjectPointer,
6061
IN BOOLEAN DelayClose);
6066
MmFlushImageSection(
6067
IN PSECTION_OBJECT_POINTERS SectionObjectPointer,
6068
IN MMFLUSH_TYPE FlushType);
6073
MmCanFileBeTruncated(
6074
IN PSECTION_OBJECT_POINTERS SectionObjectPointer,
6075
IN PLARGE_INTEGER NewFileSize OPTIONAL);
6080
MmSetAddressRangeModified(
6084
#endif /* (NTDDI_VERSION >= NTDDI_WIN2K) */
6086
#if (NTDDI_VERSION >= NTDDI_WINXP)
6093
IN ULONG NumberOfLists,
6094
IN PREAD_LIST *ReadLists);
6096
#endif /* (NTDDI_VERSION >= NTDDI_WINXP) */
6099
#if (NTDDI_VERSION >= NTDDI_VISTA)
6104
MmDoesFileHaveUserWritableReferences(
6105
IN PSECTION_OBJECT_POINTERS SectionPointer);
6106
#endif /* (NTDDI_VERSION >= NTDDI_VISTA) */
6109
#if (NTDDI_VERSION >= NTDDI_WIN2K)
6116
IN OUT PACCESS_STATE PassedAccessState OPTIONAL,
6117
IN ACCESS_MASK DesiredAccess OPTIONAL,
6118
IN ULONG ObjectPointerBias,
6119
OUT PVOID *NewObject OPTIONAL,
6120
OUT PHANDLE Handle OPTIONAL);
6125
ObOpenObjectByPointer(
6127
IN ULONG HandleAttributes,
6128
IN PACCESS_STATE PassedAccessState OPTIONAL,
6129
IN ACCESS_MASK DesiredAccess OPTIONAL,
6130
IN POBJECT_TYPE ObjectType OPTIONAL,
6131
IN KPROCESSOR_MODE AccessMode,
6132
OUT PHANDLE Handle);
6137
ObMakeTemporaryObject(
6145
OUT POBJECT_NAME_INFORMATION ObjectNameInfo OPTIONAL,
6147
OUT PULONG ReturnLength);
6152
ObQueryObjectAuditingByHandle(
6154
OUT PBOOLEAN GenerateOnClose);
6155
#endif /* (NTDDI_VERSION >= NTDDI_WIN2K) */
6157
#if (NTDDI_VERSION >= NTDDI_VISTA)
6167
#if (NTDDI_VERSION >= NTDDI_WIN7)
6172
ObOpenObjectByPointerWithTag(
6174
IN ULONG HandleAttributes,
6175
IN PACCESS_STATE PassedAccessState OPTIONAL,
6176
IN ACCESS_MASK DesiredAccess,
6177
IN POBJECT_TYPE ObjectType OPTIONAL,
6178
IN KPROCESSOR_MODE AccessMode,
6180
OUT PHANDLE Handle);
6181
#endif /* (NTDDI_VERSION >= NTDDI_WIN7) */
6191
#define FSRTL_COMMON_FCB_HEADER_LAYOUT \
6192
CSHORT NodeTypeCode; \
6193
CSHORT NodeByteSize; \
6195
UCHAR IsFastIoPossible; \
6199
PERESOURCE Resource; \
6200
PERESOURCE PagingIoResource; \
6201
LARGE_INTEGER AllocationSize; \
6202
LARGE_INTEGER FileSize; \
6203
LARGE_INTEGER ValidDataLength;
6205
typedef struct _FSRTL_COMMON_FCB_HEADER {
6206
FSRTL_COMMON_FCB_HEADER_LAYOUT
6207
} FSRTL_COMMON_FCB_HEADER, *PFSRTL_COMMON_FCB_HEADER;
6210
typedef struct _FSRTL_ADVANCED_FCB_HEADER:FSRTL_COMMON_FCB_HEADER {
6211
#else /* __cplusplus */
6212
typedef struct _FSRTL_ADVANCED_FCB_HEADER {
6213
FSRTL_COMMON_FCB_HEADER_LAYOUT
6214
#endif /* __cplusplus */
6215
PFAST_MUTEX FastMutex;
6216
LIST_ENTRY FilterContexts;
6217
#if (NTDDI_VERSION >= NTDDI_VISTA)
6218
EX_PUSH_LOCK PushLock;
6219
PVOID *FileContextSupportPointer;
6221
} FSRTL_ADVANCED_FCB_HEADER, *PFSRTL_ADVANCED_FCB_HEADER;
6223
#define FSRTL_FCB_HEADER_V0 (0x00)
6224
#define FSRTL_FCB_HEADER_V1 (0x01)
269
6226
#define FSRTL_FLAG_FILE_MODIFIED (0x01)
270
6227
#define FSRTL_FLAG_FILE_LENGTH_CHANGED (0x02)
271
6228
#define FSRTL_FLAG_LIMIT_MODIFIED_PAGES (0x04)
292
6273
#define FSRTL_VOLUME_LOCK_FAILED 4
293
6274
#define FSRTL_VOLUME_UNLOCK 5
294
6275
#define FSRTL_VOLUME_MOUNT 6
296
#define FSRTL_WILD_CHARACTER 0x08
298
#define FSRTL_FAT_LEGAL 0x01
299
#define FSRTL_HPFS_LEGAL 0x02
300
#define FSRTL_NTFS_LEGAL 0x04
301
#define FSRTL_WILD_CHARACTER 0x08
302
#define FSRTL_OLE_LEGAL 0x10
303
#define FSRTL_NTFS_STREAM_LEGAL 0x14
6276
#define FSRTL_VOLUME_NEEDS_CHKDSK 7
6277
#define FSRTL_VOLUME_WORM_NEAR_FULL 8
6278
#define FSRTL_VOLUME_WEARING_OUT 9
6279
#define FSRTL_VOLUME_FORCED_CLOSED 10
6280
#define FSRTL_VOLUME_INFO_MAKE_COMPAT 11
6281
#define FSRTL_VOLUME_PREPARING_EJECT 12
6282
#define FSRTL_VOLUME_CHANGE_SIZE 13
6283
#define FSRTL_VOLUME_BACKGROUND_FORMAT 14
6286
(NTAPI *PFSRTL_STACK_OVERFLOW_ROUTINE) (
6290
#if (NTDDI_VERSION >= NTDDI_VISTA)
6292
#define FSRTL_UNC_PROVIDER_FLAGS_MAILSLOTS_SUPPORTED 0x00000001
6293
#define FSRTL_UNC_PROVIDER_FLAGS_CSC_ENABLED 0x00000002
6294
#define FSRTL_UNC_PROVIDER_FLAGS_DOMAIN_SVC_AWARE 0x00000004
6296
#define FSRTL_ALLOCATE_ECPLIST_FLAG_CHARGE_QUOTA 0x00000001
6298
#define FSRTL_ALLOCATE_ECP_FLAG_CHARGE_QUOTA 0x00000001
6299
#define FSRTL_ALLOCATE_ECP_FLAG_NONPAGED_POOL 0x00000002
6301
#define FSRTL_ECP_LOOKASIDE_FLAG_NONPAGED_POOL 0x00000002
6303
#define FSRTL_VIRTDISK_FULLY_ALLOCATED 0x00000001
6304
#define FSRTL_VIRTDISK_NO_DRIVE_LETTER 0x00000002
6306
typedef struct _FSRTL_MUP_PROVIDER_INFO_LEVEL_1 {
6308
} FSRTL_MUP_PROVIDER_INFO_LEVEL_1, *PFSRTL_MUP_PROVIDER_INFO_LEVEL_1;
6310
typedef struct _FSRTL_MUP_PROVIDER_INFO_LEVEL_2 {
6312
UNICODE_STRING ProviderName;
6313
} FSRTL_MUP_PROVIDER_INFO_LEVEL_2, *PFSRTL_MUP_PROVIDER_INFO_LEVEL_2;
6316
(*PFSRTL_EXTRA_CREATE_PARAMETER_CLEANUP_CALLBACK) (
6317
IN OUT PVOID EcpContext,
6318
IN LPCGUID EcpType);
6320
typedef struct _ECP_LIST ECP_LIST, *PECP_LIST;
6322
typedef ULONG FSRTL_ALLOCATE_ECPLIST_FLAGS;
6323
typedef ULONG FSRTL_ALLOCATE_ECP_FLAGS;
6324
typedef ULONG FSRTL_ECP_LOOKASIDE_FLAGS;
6326
typedef enum _FSRTL_CHANGE_BACKING_TYPE {
6327
ChangeDataControlArea,
6328
ChangeImageControlArea,
6329
ChangeSharedCacheMap
6330
} FSRTL_CHANGE_BACKING_TYPE, *PFSRTL_CHANGE_BACKING_TYPE;
6332
#endif /* (NTDDI_VERSION >= NTDDI_VISTA) */
6334
typedef struct _FSRTL_PER_FILE_CONTEXT {
6338
PFREE_FUNCTION FreeCallback;
6339
} FSRTL_PER_FILE_CONTEXT, *PFSRTL_PER_FILE_CONTEXT;
6341
typedef struct _FSRTL_PER_STREAM_CONTEXT {
6345
PFREE_FUNCTION FreeCallback;
6346
} FSRTL_PER_STREAM_CONTEXT, *PFSRTL_PER_STREAM_CONTEXT;
6348
#if (NTDDI_VERSION >= NTDDI_WIN2K)
6350
(*PFN_FSRTLTEARDOWNPERSTREAMCONTEXTS) (
6351
IN PFSRTL_ADVANCED_FCB_HEADER AdvancedHeader);
6354
typedef struct _FSRTL_PER_FILEOBJECT_CONTEXT {
6358
} FSRTL_PER_FILEOBJECT_CONTEXT, *PFSRTL_PER_FILEOBJECT_CONTEXT;
6360
#define FSRTL_CC_FLUSH_ERROR_FLAG_NO_HARD_ERROR 0x1
6361
#define FSRTL_CC_FLUSH_ERROR_FLAG_NO_LOG_ENTRY 0x2
6364
(NTAPI *PCOMPLETE_LOCK_IRP_ROUTINE) (
6368
typedef struct _FILE_LOCK_INFO {
6369
LARGE_INTEGER StartingByte;
6370
LARGE_INTEGER Length;
6371
BOOLEAN ExclusiveLock;
6373
PFILE_OBJECT FileObject;
6375
LARGE_INTEGER EndingByte;
6376
} FILE_LOCK_INFO, *PFILE_LOCK_INFO;
6379
(NTAPI *PUNLOCK_ROUTINE) (
6381
IN PFILE_LOCK_INFO FileLockInfo);
6383
typedef struct _FILE_LOCK {
6384
PCOMPLETE_LOCK_IRP_ROUTINE CompleteLockIrpRoutine;
6385
PUNLOCK_ROUTINE UnlockRoutine;
6386
BOOLEAN FastIoIsQuestionable;
6388
PVOID LockInformation;
6389
FILE_LOCK_INFO LastReturnedLockInfo;
6390
PVOID LastReturnedLock;
6391
LONG volatile LockRequestsInProgress;
6392
} FILE_LOCK, *PFILE_LOCK;
6394
typedef struct _TUNNEL {
6396
PRTL_SPLAY_LINKS Cache;
6397
LIST_ENTRY TimerQueue;
6401
typedef struct _BASE_MCB {
6402
ULONG MaximumPairCount;
6407
} BASE_MCB, *PBASE_MCB;
6409
typedef struct _LARGE_MCB {
6410
PKGUARDED_MUTEX GuardedMutex;
6412
} LARGE_MCB, *PLARGE_MCB;
6414
#define MCB_FLAG_RAISE_ON_ALLOCATION_FAILURE 1
6416
typedef struct _MCB {
6417
LARGE_MCB DummyFieldThatSizesThisStructureCorrectly;
6420
typedef enum _FAST_IO_POSSIBLE {
6421
FastIoIsNotPossible = 0,
6423
FastIoIsQuestionable
6426
typedef struct _EOF_WAIT_BLOCK {
6427
LIST_ENTRY EofWaitLinks;
6429
} EOF_WAIT_BLOCK, *PEOF_WAIT_BLOCK;
6431
typedef PVOID OPLOCK, *POPLOCK;
6434
(NTAPI *POPLOCK_WAIT_COMPLETE_ROUTINE) (
6439
(NTAPI *POPLOCK_FS_PREPOST_IRP) (
6443
#if (NTDDI_VERSION >= NTDDI_VISTASP1)
6444
#define OPLOCK_FLAG_COMPLETE_IF_OPLOCKED 0x00000001
6447
#if (NTDDI_VERSION >= NTDDI_WIN7)
6448
#define OPLOCK_FLAG_OPLOCK_KEY_CHECK_ONLY 0x00000002
6449
#define OPLOCK_FLAG_BACK_OUT_ATOMIC_OPLOCK 0x00000004
6450
#define OPLOCK_FLAG_IGNORE_OPLOCK_KEYS 0x00000008
6451
#define OPLOCK_FSCTRL_FLAG_ALL_KEYS_MATCH 0x00000001
6454
#if (NTDDI_VERSION >= NTDDI_WIN7)
6456
typedef struct _OPLOCK_KEY_ECP_CONTEXT {
6459
} OPLOCK_KEY_ECP_CONTEXT, *POPLOCK_KEY_ECP_CONTEXT;
6461
DEFINE_GUID(GUID_ECP_OPLOCK_KEY, 0x48850596, 0x3050, 0x4be7, 0x98, 0x63, 0xfe, 0xc3, 0x50, 0xce, 0x8d, 0x7f);
6465
typedef PVOID PNOTIFY_SYNC;
6467
#if (NTDDI_VERSION >= NTDDI_WIN7)
6468
typedef struct _ECP_HEADER ECP_HEADER, *PECP_HEADER;
6472
(NTAPI *PCHECK_FOR_TRAVERSE_ACCESS) (
6473
IN PVOID NotifyContext,
6474
IN PVOID TargetContext OPTIONAL,
6475
IN PSECURITY_SUBJECT_CONTEXT SubjectContext);
6478
(NTAPI *PFILTER_REPORT_CHANGE) (
6479
IN PVOID NotifyContext,
6480
IN PVOID FilterContext);
6481
/* FSRTL Functions */
6483
#define FsRtlEnterFileSystem KeEnterCriticalRegion
6484
#define FsRtlExitFileSystem KeLeaveCriticalRegion
6486
#if (NTDDI_VERSION >= NTDDI_WIN2K)
6492
IN PFILE_OBJECT FileObject,
6493
IN PLARGE_INTEGER FileOffset,
6498
OUT PIO_STATUS_BLOCK IoStatus,
6499
IN PDEVICE_OBJECT DeviceObject);
6505
IN PFILE_OBJECT FileObject,
6506
IN PLARGE_INTEGER FileOffset,
6511
OUT PIO_STATUS_BLOCK IoStatus,
6512
IN PDEVICE_OBJECT DeviceObject);
6518
IN PFILE_OBJECT FileObject,
6519
IN PLARGE_INTEGER FileOffset,
6523
OUT PIO_STATUS_BLOCK IoStatus,
6524
IN PDEVICE_OBJECT DeviceObject OPTIONAL);
6529
FsRtlMdlReadCompleteDev(
6530
IN PFILE_OBJECT FileObject,
6532
IN PDEVICE_OBJECT DeviceObject OPTIONAL);
6537
FsRtlPrepareMdlWriteDev(
6538
IN PFILE_OBJECT FileObject,
6539
IN PLARGE_INTEGER FileOffset,
6543
OUT PIO_STATUS_BLOCK IoStatus,
6544
IN PDEVICE_OBJECT DeviceObject);
6549
FsRtlMdlWriteCompleteDev(
6550
IN PFILE_OBJECT FileObject,
6551
IN PLARGE_INTEGER FileOffset,
6553
IN PDEVICE_OBJECT DeviceObject);
6558
FsRtlAcquireFileExclusive(
6559
IN PFILE_OBJECT FileObject);
6565
IN PFILE_OBJECT FileObject);
6571
IN PFILE_OBJECT FileObject,
6572
OUT PLARGE_INTEGER FileSize);
6577
FsRtlIsTotalDeviceFailure(
6578
IN NTSTATUS Status);
6583
FsRtlAllocateFileLock(
6584
IN PCOMPLETE_LOCK_IRP_ROUTINE CompleteLockIrpRoutine OPTIONAL,
6585
IN PUNLOCK_ROUTINE UnlockRoutine OPTIONAL);
6591
IN PFILE_LOCK FileLock);
6596
FsRtlInitializeFileLock(
6597
IN PFILE_LOCK FileLock,
6598
IN PCOMPLETE_LOCK_IRP_ROUTINE CompleteLockIrpRoutine OPTIONAL,
6599
IN PUNLOCK_ROUTINE UnlockRoutine OPTIONAL);
6604
FsRtlUninitializeFileLock(
6605
IN PFILE_LOCK FileLock);
6608
FsRtlProcessFileLock:
6611
-STATUS_INVALID_DEVICE_REQUEST
6612
-STATUS_RANGE_NOT_LOCKED from unlock routines.
6613
-STATUS_PENDING, STATUS_LOCK_NOT_GRANTED from FsRtlPrivateLock
6614
(redirected IoStatus->Status).
6617
-switch ( Irp->CurrentStackLocation->MinorFunction )
6618
lock: return FsRtlPrivateLock;
6619
unlocksingle: return FsRtlFastUnlockSingle;
6620
unlockall: return FsRtlFastUnlockAll;
6621
unlockallbykey: return FsRtlFastUnlockAllByKey;
6622
default: IofCompleteRequest with STATUS_INVALID_DEVICE_REQUEST;
6623
return STATUS_INVALID_DEVICE_REQUEST;
6625
-'AllwaysZero' is passed thru as 'AllwaysZero' to lock / unlock routines.
6626
-'Irp' is passet thru as 'Irp' to FsRtlPrivateLock.
6631
FsRtlProcessFileLock(
6632
IN PFILE_LOCK FileLock,
6634
IN PVOID Context OPTIONAL);
6637
FsRtlCheckLockForReadAccess:
6639
All this really does is pick out the lock parameters from the irp (io stack
6640
location?), get IoGetRequestorProcess, and pass values on to
6641
FsRtlFastCheckLockForRead.
6646
FsRtlCheckLockForReadAccess(
6647
IN PFILE_LOCK FileLock,
6651
FsRtlCheckLockForWriteAccess:
6653
All this really does is pick out the lock parameters from the irp (io stack
6654
location?), get IoGetRequestorProcess, and pass values on to
6655
FsRtlFastCheckLockForWrite.
6660
FsRtlCheckLockForWriteAccess(
6661
IN PFILE_LOCK FileLock,
6667
FsRtlFastCheckLockForRead(
6668
IN PFILE_LOCK FileLock,
6669
IN PLARGE_INTEGER FileOffset,
6670
IN PLARGE_INTEGER Length,
6672
IN PFILE_OBJECT FileObject,
6678
FsRtlFastCheckLockForWrite(
6679
IN PFILE_LOCK FileLock,
6680
IN PLARGE_INTEGER FileOffset,
6681
IN PLARGE_INTEGER Length,
6683
IN PFILE_OBJECT FileObject,
6687
FsRtlGetNextFileLock:
6689
ret: NULL if no more locks
6692
FsRtlGetNextFileLock uses FileLock->LastReturnedLockInfo and
6693
FileLock->LastReturnedLock as storage.
6694
LastReturnedLock is a pointer to the 'raw' lock inkl. double linked
6695
list, and FsRtlGetNextFileLock needs this to get next lock on subsequent
6696
calls with Restart = FALSE.
6701
FsRtlGetNextFileLock(
6702
IN PFILE_LOCK FileLock,
6703
IN BOOLEAN Restart);
6708
FsRtlFastUnlockSingle(
6709
IN PFILE_LOCK FileLock,
6710
IN PFILE_OBJECT FileObject,
6711
IN PLARGE_INTEGER FileOffset,
6712
IN PLARGE_INTEGER Length,
6713
IN PEPROCESS Process,
6715
IN PVOID Context OPTIONAL,
6716
IN BOOLEAN AlreadySynchronized);
6722
IN PFILE_LOCK FileLock,
6723
IN PFILE_OBJECT FileObject,
6724
IN PEPROCESS Process,
6725
IN PVOID Context OPTIONAL);
6730
FsRtlFastUnlockAllByKey(
6731
IN PFILE_LOCK FileLock,
6732
IN PFILE_OBJECT FileObject,
6733
IN PEPROCESS Process,
6735
IN PVOID Context OPTIONAL);
6740
ret: IoStatus->Status: STATUS_PENDING, STATUS_LOCK_NOT_GRANTED
6743
-Calls IoCompleteRequest if Irp
6744
-Uses exception handling / ExRaiseStatus with STATUS_INSUFFICIENT_RESOURCES
6750
IN PFILE_LOCK FileLock,
6751
IN PFILE_OBJECT FileObject,
6752
IN PLARGE_INTEGER FileOffset,
6753
IN PLARGE_INTEGER Length,
6754
IN PEPROCESS Process,
6756
IN BOOLEAN FailImmediately,
6757
IN BOOLEAN ExclusiveLock,
6758
OUT PIO_STATUS_BLOCK IoStatus,
6759
IN PIRP Irp OPTIONAL,
6761
IN BOOLEAN AlreadySynchronized);
6766
FsRtlInitializeTunnelCache(
6772
FsRtlAddToTunnelCache(
6774
IN ULONGLONG DirectoryKey,
6775
IN PUNICODE_STRING ShortName,
6776
IN PUNICODE_STRING LongName,
6777
IN BOOLEAN KeyByShortName,
6778
IN ULONG DataLength,
6784
FsRtlFindInTunnelCache(
6786
IN ULONGLONG DirectoryKey,
6787
IN PUNICODE_STRING Name,
6788
OUT PUNICODE_STRING ShortName,
6789
OUT PUNICODE_STRING LongName,
6790
IN OUT PULONG DataLength,
6796
FsRtlDeleteKeyFromTunnelCache(
6798
IN ULONGLONG DirectoryKey);
6803
FsRtlDeleteTunnelCache(
6810
IN ANSI_STRING Name,
6811
OUT PANSI_STRING FirstPart,
6812
OUT PANSI_STRING RemainingPart);
6817
FsRtlDoesDbcsContainWildCards(
6818
IN PANSI_STRING Name);
6823
FsRtlIsDbcsInExpression(
6824
IN PANSI_STRING Expression,
6825
IN PANSI_STRING Name);
6830
FsRtlIsFatDbcsLegal(
6831
IN ANSI_STRING DbcsName,
6832
IN BOOLEAN WildCardsPermissible,
6833
IN BOOLEAN PathNamePermissible,
6834
IN BOOLEAN LeadingBackslashPermissible);
6839
FsRtlIsHpfsDbcsLegal(
6840
IN ANSI_STRING DbcsName,
6841
IN BOOLEAN WildCardsPermissible,
6842
IN BOOLEAN PathNamePermissible,
6843
IN BOOLEAN LeadingBackslashPermissible);
6848
FsRtlNormalizeNtstatus(
6849
IN NTSTATUS Exception,
6850
IN NTSTATUS GenericException);
6855
FsRtlIsNtstatusExpected(
6856
IN NTSTATUS Ntstatus);
6861
FsRtlAllocateResource(
6867
FsRtlInitializeLargeMcb(
6869
IN POOL_TYPE PoolType);
6874
FsRtlUninitializeLargeMcb(
6882
IN BOOLEAN SelfSynchronized);
6887
FsRtlTruncateLargeMcb(
6894
FsRtlAddLargeMcbEntry(
6898
IN LONGLONG SectorCount);
6903
FsRtlRemoveLargeMcbEntry(
6906
IN LONGLONG SectorCount);
6911
FsRtlLookupLargeMcbEntry(
6914
OUT PLONGLONG Lbn OPTIONAL,
6915
OUT PLONGLONG SectorCountFromLbn OPTIONAL,
6916
OUT PLONGLONG StartingLbn OPTIONAL,
6917
OUT PLONGLONG SectorCountFromStartingLbn OPTIONAL,
6918
OUT PULONG Index OPTIONAL);
6923
FsRtlLookupLastLargeMcbEntry(
6931
FsRtlLookupLastLargeMcbEntryAndIndex(
6932
IN PLARGE_MCB OpaqueMcb,
6933
OUT PLONGLONG LargeVbn,
6934
OUT PLONGLONG LargeLbn,
6940
FsRtlNumberOfRunsInLargeMcb(
6946
FsRtlGetNextLargeMcbEntry(
6951
OUT PLONGLONG SectorCount);
6959
IN LONGLONG Amount);
6966
IN POOL_TYPE PoolType);
6971
FsRtlUninitializeMcb(
6988
IN ULONG SectorCount);
6993
FsRtlRemoveMcbEntry(
6996
IN ULONG SectorCount);
7001
FsRtlLookupMcbEntry(
7005
OUT PULONG SectorCount OPTIONAL,
7011
FsRtlLookupLastMcbEntry(
7019
FsRtlNumberOfRunsInMcb(
7025
FsRtlGetNextMcbEntry(
7030
OUT PULONG SectorCount);
7036
IN PDEVICE_OBJECT TargetDevice);
7041
FsRtlInitializeOplock(
7042
IN OUT POPLOCK Oplock);
7047
FsRtlUninitializeOplock(
7048
IN OUT POPLOCK Oplock);
7056
IN ULONG OpenCount);
7065
IN POPLOCK_WAIT_COMPLETE_ROUTINE CompletionRoutine OPTIONAL,
7066
IN POPLOCK_FS_PREPOST_IRP PostIrpRoutine OPTIONAL);
7071
FsRtlOplockIsFastIoPossible(
7077
FsRtlCurrentBatchOplock(
7083
FsRtlNotifyVolumeEvent(
7084
IN PFILE_OBJECT FileObject,
7085
IN ULONG EventCode);
7090
FsRtlNotifyInitializeSync(
7091
IN PNOTIFY_SYNC *NotifySync);
7096
FsRtlNotifyUninitializeSync(
7097
IN PNOTIFY_SYNC *NotifySync);
7102
FsRtlNotifyFullChangeDirectory(
7103
IN PNOTIFY_SYNC NotifySync,
7104
IN PLIST_ENTRY NotifyList,
7106
IN PSTRING FullDirectoryName,
7107
IN BOOLEAN WatchTree,
7108
IN BOOLEAN IgnoreBuffer,
7109
IN ULONG CompletionFilter,
7110
IN PIRP NotifyIrp OPTIONAL,
7111
IN PCHECK_FOR_TRAVERSE_ACCESS TraverseCallback OPTIONAL,
7112
IN PSECURITY_SUBJECT_CONTEXT SubjectContext OPTIONAL);
7117
FsRtlNotifyFilterReportChange(
7118
IN PNOTIFY_SYNC NotifySync,
7119
IN PLIST_ENTRY NotifyList,
7120
IN PSTRING FullTargetName,
7121
IN USHORT TargetNameOffset,
7122
IN PSTRING StreamName OPTIONAL,
7123
IN PSTRING NormalizedParentName OPTIONAL,
7124
IN ULONG FilterMatch,
7126
IN PVOID TargetContext OPTIONAL,
7127
IN PVOID FilterContext OPTIONAL);
7132
FsRtlNotifyFullReportChange(
7133
IN PNOTIFY_SYNC NotifySync,
7134
IN PLIST_ENTRY NotifyList,
7135
IN PSTRING FullTargetName,
7136
IN USHORT TargetNameOffset,
7137
IN PSTRING StreamName OPTIONAL,
7138
IN PSTRING NormalizedParentName OPTIONAL,
7139
IN ULONG FilterMatch,
7141
IN PVOID TargetContext OPTIONAL);
7147
IN PNOTIFY_SYNC NotifySync,
7148
IN PLIST_ENTRY NotifyList,
7149
IN PVOID FsContext);
7155
IN UNICODE_STRING Name,
7156
OUT PUNICODE_STRING FirstPart,
7157
OUT PUNICODE_STRING RemainingPart);
7162
FsRtlDoesNameContainWildCards(
7163
IN PUNICODE_STRING Name);
7169
IN PCUNICODE_STRING Name1,
7170
IN PCUNICODE_STRING Name2,
7171
IN BOOLEAN IgnoreCase,
7172
IN PCWCH UpcaseTable OPTIONAL);
7177
FsRtlIsNameInExpression(
7178
IN PUNICODE_STRING Expression,
7179
IN PUNICODE_STRING Name,
7180
IN BOOLEAN IgnoreCase,
7181
IN PWCHAR UpcaseTable OPTIONAL);
7186
FsRtlPostPagingFileStackOverflow(
7189
IN PFSRTL_STACK_OVERFLOW_ROUTINE StackOverflowRoutine);
7194
FsRtlPostStackOverflow (
7197
IN PFSRTL_STACK_OVERFLOW_ROUTINE StackOverflowRoutine);
7202
FsRtlRegisterUncProvider(
7203
OUT PHANDLE MupHandle,
7204
IN PUNICODE_STRING RedirectorDeviceName,
7205
IN BOOLEAN MailslotsSupported);
7210
FsRtlDeregisterUncProvider(
7216
FsRtlTeardownPerStreamContexts(
7217
IN PFSRTL_ADVANCED_FCB_HEADER AdvancedHeader);
7222
FsRtlCreateSectionForDataScan(
7223
OUT PHANDLE SectionHandle,
7224
OUT PVOID *SectionObject,
7225
OUT PLARGE_INTEGER SectionFileSize OPTIONAL,
7226
IN PFILE_OBJECT FileObject,
7227
IN ACCESS_MASK DesiredAccess,
7228
IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
7229
IN PLARGE_INTEGER MaximumSize OPTIONAL,
7230
IN ULONG SectionPageProtection,
7231
IN ULONG AllocationAttributes,
7234
#endif /* (NTDDI_VERSION >= NTDDI_WIN2K) */
7236
#if (NTDDI_VERSION >= NTDDI_WINXP)
7241
FsRtlNotifyFilterChangeDirectory(
7242
IN PNOTIFY_SYNC NotifySync,
7243
IN PLIST_ENTRY NotifyList,
7245
IN PSTRING FullDirectoryName,
7246
IN BOOLEAN WatchTree,
7247
IN BOOLEAN IgnoreBuffer,
7248
IN ULONG CompletionFilter,
7249
IN PIRP NotifyIrp OPTIONAL,
7250
IN PCHECK_FOR_TRAVERSE_ACCESS TraverseCallback OPTIONAL,
7251
IN PSECURITY_SUBJECT_CONTEXT SubjectContext OPTIONAL,
7252
IN PFILTER_REPORT_CHANGE FilterCallback OPTIONAL);
7257
FsRtlInsertPerStreamContext(
7258
IN PFSRTL_ADVANCED_FCB_HEADER PerStreamContext,
7259
IN PFSRTL_PER_STREAM_CONTEXT Ptr);
7262
PFSRTL_PER_STREAM_CONTEXT
7264
FsRtlLookupPerStreamContextInternal(
7265
IN PFSRTL_ADVANCED_FCB_HEADER StreamContext,
7266
IN PVOID OwnerId OPTIONAL,
7267
IN PVOID InstanceId OPTIONAL);
7270
PFSRTL_PER_STREAM_CONTEXT
7272
FsRtlRemovePerStreamContext(
7273
IN PFSRTL_ADVANCED_FCB_HEADER StreamContext,
7274
IN PVOID OwnerId OPTIONAL,
7275
IN PVOID InstanceId OPTIONAL);
7280
FsRtlIncrementCcFastReadNotPossible(
7286
FsRtlIncrementCcFastReadWait(
7292
FsRtlIncrementCcFastReadNoWait(
7298
FsRtlIncrementCcFastReadResourceMiss(
7305
IN PFILE_OBJECT FileObject);
7307
#endif /* (NTDDI_VERSION >= NTDDI_WINXP) */
7309
#if (NTDDI_VERSION >= NTDDI_WS03)
7314
FsRtlInitializeBaseMcb(
7316
IN POOL_TYPE PoolType);
7321
FsRtlUninitializeBaseMcb(
7333
FsRtlTruncateBaseMcb(
7340
FsRtlAddBaseMcbEntry(
7344
IN LONGLONG SectorCount);
7349
FsRtlRemoveBaseMcbEntry(
7352
IN LONGLONG SectorCount);
7357
FsRtlLookupBaseMcbEntry(
7360
OUT PLONGLONG Lbn OPTIONAL,
7361
OUT PLONGLONG SectorCountFromLbn OPTIONAL,
7362
OUT PLONGLONG StartingLbn OPTIONAL,
7363
OUT PLONGLONG SectorCountFromStartingLbn OPTIONAL,
7364
OUT PULONG Index OPTIONAL);
7369
FsRtlLookupLastBaseMcbEntry(
7377
FsRtlLookupLastBaseMcbEntryAndIndex(
7378
IN PBASE_MCB OpaqueMcb,
7379
IN OUT PLONGLONG LargeVbn,
7380
IN OUT PLONGLONG LargeLbn,
7381
IN OUT PULONG Index);
7386
FsRtlNumberOfRunsInBaseMcb(
7392
FsRtlGetNextBaseMcbEntry(
7397
OUT PLONGLONG SectorCount);
7405
IN LONGLONG Amount);
7407
#endif /* (NTDDI_VERSION >= NTDDI_WS03) */
7409
#if (NTDDI_VERSION >= NTDDI_VISTA)
7413
FsRtlInitializeBaseMcbEx(
7415
IN POOL_TYPE PoolType,
7420
FsRtlAddBaseMcbEntryEx(
7424
IN LONGLONG SectorCount);
7435
FsRtlOplockBreakToNone(
7436
IN OUT POPLOCK Oplock,
7437
IN PIO_STACK_LOCATION IrpSp OPTIONAL,
7439
IN PVOID Context OPTIONAL,
7440
IN POPLOCK_WAIT_COMPLETE_ROUTINE CompletionRoutine OPTIONAL,
7441
IN POPLOCK_FS_PREPOST_IRP PostIrpRoutine OPTIONAL);
7446
FsRtlNotifyVolumeEventEx(
7447
IN PFILE_OBJECT FileObject,
7449
IN PTARGET_DEVICE_CUSTOM_NOTIFICATION Event);
7454
FsRtlNotifyCleanupAll(
7455
IN PNOTIFY_SYNC NotifySync,
7456
IN PLIST_ENTRY NotifyList);
7460
FsRtlRegisterUncProviderEx(
7461
OUT PHANDLE MupHandle,
7462
IN PUNICODE_STRING RedirDevName,
7463
IN PDEVICE_OBJECT DeviceObject,
7469
FsRtlCancellableWaitForSingleObject(
7471
IN PLARGE_INTEGER Timeout OPTIONAL,
7472
IN PIRP Irp OPTIONAL);
7477
FsRtlCancellableWaitForMultipleObjects(
7479
IN PVOID ObjectArray[],
7480
IN WAIT_TYPE WaitType,
7481
IN PLARGE_INTEGER Timeout OPTIONAL,
7482
IN PKWAIT_BLOCK WaitBlockArray OPTIONAL,
7483
IN PIRP Irp OPTIONAL);
7488
FsRtlMupGetProviderInfoFromFileObject(
7489
IN PFILE_OBJECT pFileObject,
7492
IN OUT PULONG pBufferSize);
7497
FsRtlMupGetProviderIdFromName(
7498
IN PUNICODE_STRING pProviderName,
7499
OUT PULONG32 pProviderId);
7504
FsRtlIncrementCcFastMdlReadWait(
7510
FsRtlValidateReparsePointBuffer(
7511
IN ULONG BufferLength,
7512
IN PREPARSE_DATA_BUFFER ReparseBuffer);
7517
FsRtlRemoveDotsFromPath(
7518
IN OUT PWSTR OriginalString,
7519
IN USHORT PathLength,
7520
OUT USHORT *NewLength);
7525
FsRtlAllocateExtraCreateParameterList(
7526
IN FSRTL_ALLOCATE_ECPLIST_FLAGS Flags,
7527
OUT PECP_LIST *EcpList);
7532
FsRtlFreeExtraCreateParameterList(
7533
IN PECP_LIST EcpList);
7538
FsRtlAllocateExtraCreateParameter(
7540
IN ULONG SizeOfContext,
7541
IN FSRTL_ALLOCATE_ECP_FLAGS Flags,
7542
IN PFSRTL_EXTRA_CREATE_PARAMETER_CLEANUP_CALLBACK CleanupCallback OPTIONAL,
7544
OUT PVOID *EcpContext);
7549
FsRtlFreeExtraCreateParameter(
7550
IN PVOID EcpContext);
7555
FsRtlInitExtraCreateParameterLookasideList(
7556
IN OUT PVOID Lookaside,
7557
IN FSRTL_ECP_LOOKASIDE_FLAGS Flags,
7563
FsRtlDeleteExtraCreateParameterLookasideList(
7564
IN OUT PVOID Lookaside,
7565
IN FSRTL_ECP_LOOKASIDE_FLAGS Flags);
7570
FsRtlAllocateExtraCreateParameterFromLookasideList(
7572
IN ULONG SizeOfContext,
7573
IN FSRTL_ALLOCATE_ECP_FLAGS Flags,
7574
IN PFSRTL_EXTRA_CREATE_PARAMETER_CLEANUP_CALLBACK CleanupCallback OPTIONAL,
7575
IN OUT PVOID LookasideList,
7576
OUT PVOID *EcpContext);
7581
FsRtlInsertExtraCreateParameter(
7582
IN OUT PECP_LIST EcpList,
7583
IN OUT PVOID EcpContext);
7588
FsRtlFindExtraCreateParameter(
7589
IN PECP_LIST EcpList,
7591
OUT PVOID *EcpContext OPTIONAL,
7592
OUT ULONG *EcpContextSize OPTIONAL);
7597
FsRtlRemoveExtraCreateParameter(
7598
IN OUT PECP_LIST EcpList,
7600
OUT PVOID *EcpContext,
7601
OUT ULONG *EcpContextSize OPTIONAL);
7606
FsRtlGetEcpListFromIrp(
7608
OUT PECP_LIST *EcpList OPTIONAL);
7613
FsRtlSetEcpListIntoIrp(
7615
IN PECP_LIST EcpList);
7620
FsRtlGetNextExtraCreateParameter(
7621
IN PECP_LIST EcpList,
7622
IN PVOID CurrentEcpContext OPTIONAL,
7623
OUT LPGUID NextEcpType OPTIONAL,
7624
OUT PVOID *NextEcpContext OPTIONAL,
7625
OUT ULONG *NextEcpContextSize OPTIONAL);
7630
FsRtlAcknowledgeEcp(
7631
IN PVOID EcpContext);
7636
FsRtlIsEcpAcknowledged(
7637
IN PVOID EcpContext);
7642
FsRtlIsEcpFromUserMode(
7643
IN PVOID EcpContext);
7648
FsRtlChangeBackingFileObject(
7649
IN PFILE_OBJECT CurrentFileObject OPTIONAL,
7650
IN PFILE_OBJECT NewFileObject,
7651
IN FSRTL_CHANGE_BACKING_TYPE ChangeBackingType,
7657
FsRtlLogCcFlushError(
7658
IN PUNICODE_STRING FileName,
7659
IN PDEVICE_OBJECT DeviceObject,
7660
IN PSECTION_OBJECT_POINTERS SectionObjectPointer,
7661
IN NTSTATUS FlushError,
7667
FsRtlAreVolumeStartupApplicationsComplete(
7673
FsRtlQueryMaximumVirtualDiskNestingLevel(
7679
FsRtlGetVirtualDiskNestingLevel(
7680
IN PDEVICE_OBJECT DeviceObject,
7681
OUT PULONG NestingLevel,
7682
OUT PULONG NestingFlags OPTIONAL);
7684
#endif /* (NTDDI_VERSION >= NTDDI_VISTA) */
7686
#if (NTDDI_VERSION >= NTDDI_VISTASP1)
7694
IN PVOID Context OPTIONAL,
7695
IN POPLOCK_WAIT_COMPLETE_ROUTINE CompletionRoutine OPTIONAL,
7696
IN POPLOCK_FS_PREPOST_IRP PostIrpRoutine OPTIONAL);
7700
#if (NTDDI_VERSION >= NTDDI_WIN7)
7705
FsRtlAreThereCurrentOrInProgressFileLocks(
7706
IN PFILE_LOCK FileLock);
7711
FsRtlOplockIsSharedRequest(
7721
IN PVOID Context OPTIONAL,
7722
IN POPLOCK_WAIT_COMPLETE_ROUTINE CompletionRoutine OPTIONAL,
7723
IN POPLOCK_FS_PREPOST_IRP PostIrpRoutine OPTIONAL);
7728
FsRtlCurrentOplockH(
7734
FsRtlOplockBreakToNoneEx(
7735
IN OUT POPLOCK Oplock,
7738
IN PVOID Context OPTIONAL,
7739
IN POPLOCK_WAIT_COMPLETE_ROUTINE CompletionRoutine OPTIONAL,
7740
IN POPLOCK_FS_PREPOST_IRP PostIrpRoutine OPTIONAL);
7745
FsRtlOplockFsctrlEx(
7754
FsRtlOplockKeysEqual(
7755
IN PFILE_OBJECT Fo1 OPTIONAL,
7756
IN PFILE_OBJECT Fo2 OPTIONAL);
7761
FsRtlInitializeExtraCreateParameterList(
7762
IN OUT PECP_LIST EcpList);
7767
FsRtlInitializeExtraCreateParameter(
7770
IN PFSRTL_EXTRA_CREATE_PARAMETER_CLEANUP_CALLBACK CleanupCallback OPTIONAL,
7773
IN PVOID ListAllocatedFrom OPTIONAL);
7775
#endif /* (NTDDI_VERSION >= NTDDI_WIN7) */
7780
FsRtlInsertPerFileContext(
7781
IN PVOID* PerFileContextPointer,
7782
IN PFSRTL_PER_FILE_CONTEXT Ptr);
7785
PFSRTL_PER_FILE_CONTEXT
7787
FsRtlLookupPerFileContext(
7788
IN PVOID* PerFileContextPointer,
7789
IN PVOID OwnerId OPTIONAL,
7790
IN PVOID InstanceId OPTIONAL);
7793
PFSRTL_PER_FILE_CONTEXT
7795
FsRtlRemovePerFileContext(
7796
IN PVOID* PerFileContextPointer,
7797
IN PVOID OwnerId OPTIONAL,
7798
IN PVOID InstanceId OPTIONAL);
7803
FsRtlTeardownPerFileContexts(
7804
IN PVOID* PerFileContextPointer);
7809
FsRtlInsertPerFileObjectContext(
7810
IN PFILE_OBJECT FileObject,
7811
IN PFSRTL_PER_FILEOBJECT_CONTEXT Ptr);
7814
PFSRTL_PER_FILEOBJECT_CONTEXT
7816
FsRtlLookupPerFileObjectContext(
7817
IN PFILE_OBJECT FileObject,
7818
IN PVOID OwnerId OPTIONAL,
7819
IN PVOID InstanceId OPTIONAL);
7822
PFSRTL_PER_FILEOBJECT_CONTEXT
7824
FsRtlRemovePerFileObjectContext(
7825
IN PFILE_OBJECT FileObject,
7826
IN PVOID OwnerId OPTIONAL,
7827
IN PVOID InstanceId OPTIONAL);
7829
#define FsRtlFastLock(A1, A2, A3, A4, A5, A6, A7, A8, A9, A10, A11) ( \
7830
FsRtlPrivateLock(A1, A2, A3, A4, A5, A6, A7, A8, A9, NULL, A10, A11) \
7833
#define FsRtlAreThereCurrentFileLocks(FL) ( \
7834
((FL)->FastIoIsQuestionable) \
7837
#define FsRtlIncrementLockRequestsInProgress(FL) { \
7838
ASSERT( (FL)->LockRequestsInProgress >= 0 ); \
7840
(InterlockedIncrement((LONG volatile *)&((FL)->LockRequestsInProgress)));\
7843
#define FsRtlDecrementLockRequestsInProgress(FL) { \
7844
ASSERT( (FL)->LockRequestsInProgress > 0 ); \
7846
(InterlockedDecrement((LONG volatile *)&((FL)->LockRequestsInProgress)));\
7849
/* GCC compatible definition, MS one is retarded */
7850
extern NTKERNELAPI const UCHAR * const FsRtlLegalAnsiCharacterArray;
7851
#define LEGAL_ANSI_CHARACTER_ARRAY FsRtlLegalAnsiCharacterArray
7853
#define FsRtlIsAnsiCharacterWild(C) ( \
7854
FlagOn(FsRtlLegalAnsiCharacterArray[(UCHAR)(C)], FSRTL_WILD_CHARACTER ) \
7857
#define FsRtlIsAnsiCharacterLegalFat(C, WILD) ( \
7858
FlagOn(FsRtlLegalAnsiCharacterArray[(UCHAR)(C)], (FSRTL_FAT_LEGAL) | \
7859
((WILD) ? FSRTL_WILD_CHARACTER : 0 )) \
7862
#define FsRtlIsAnsiCharacterLegalHpfs(C, WILD) ( \
7863
FlagOn(FsRtlLegalAnsiCharacterArray[(UCHAR)(C)], (FSRTL_HPFS_LEGAL) | \
7864
((WILD) ? FSRTL_WILD_CHARACTER : 0 )) \
7867
#define FsRtlIsAnsiCharacterLegalNtfs(C, WILD) ( \
7868
FlagOn(FsRtlLegalAnsiCharacterArray[(UCHAR)(C)], (FSRTL_NTFS_LEGAL) | \
7869
((WILD) ? FSRTL_WILD_CHARACTER : 0 )) \
7872
#define FsRtlIsAnsiCharacterLegalNtfsStream(C,WILD_OK) ( \
7873
FsRtlTestAnsiCharacter((C), TRUE, (WILD_OK), FSRTL_NTFS_STREAM_LEGAL) \
7876
#define FsRtlIsAnsiCharacterLegal(C,FLAGS) ( \
7877
FsRtlTestAnsiCharacter((C), TRUE, FALSE, (FLAGS)) \
7880
#define FsRtlTestAnsiCharacter(C, DEFAULT_RET, WILD_OK, FLAGS) ( \
7881
((SCHAR)(C) < 0) ? DEFAULT_RET : \
7882
FlagOn( LEGAL_ANSI_CHARACTER_ARRAY[(C)], \
7884
((WILD_OK) ? FSRTL_WILD_CHARACTER : 0) ) \
7887
#define FsRtlIsLeadDbcsCharacter(DBCS_CHAR) ( \
7888
(BOOLEAN)((UCHAR)(DBCS_CHAR) < 0x80 ? FALSE : \
7889
(NLS_MB_CODE_PAGE_TAG && \
7890
(NLS_OEM_LEAD_BYTE_INFO[(UCHAR)(DBCS_CHAR)] != 0))) \
7893
#define FsRtlIsUnicodeCharacterWild(C) ( \
7896
FlagOn(FsRtlLegalAnsiCharacterArray[(C)], FSRTL_WILD_CHARACTER )) \
7899
#define FsRtlInitPerFileContext( _fc, _owner, _inst, _cb) \
7900
((_fc)->OwnerId = (_owner), \
7901
(_fc)->InstanceId = (_inst), \
7902
(_fc)->FreeCallback = (_cb))
7904
#define FsRtlGetPerFileContextPointer(_fo) \
7905
(FsRtlSupportsPerFileContexts(_fo) ? \
7906
FsRtlGetPerStreamContextPointer(_fo)->FileContextSupportPointer : \
7909
#define FsRtlSupportsPerFileContexts(_fo) \
7910
((FsRtlGetPerStreamContextPointer(_fo) != NULL) && \
7911
(FsRtlGetPerStreamContextPointer(_fo)->Version >= FSRTL_FCB_HEADER_V1) && \
7912
(FsRtlGetPerStreamContextPointer(_fo)->FileContextSupportPointer != NULL))
7914
#define FsRtlSetupAdvancedHeaderEx( _advhdr, _fmutx, _fctxptr ) \
7916
FsRtlSetupAdvancedHeader( _advhdr, _fmutx ); \
7917
if ((_fctxptr) != NULL) { \
7918
(_advhdr)->FileContextSupportPointer = (_fctxptr); \
7922
#define FsRtlGetPerStreamContextPointer(FO) ( \
7923
(PFSRTL_ADVANCED_FCB_HEADER)(FO)->FsContext \
7926
#define FsRtlInitPerStreamContext(PSC, O, I, FC) ( \
7927
(PSC)->OwnerId = (O), \
7928
(PSC)->InstanceId = (I), \
7929
(PSC)->FreeCallback = (FC) \
7932
#define FsRtlSupportsPerStreamContexts(FO) ( \
7933
(BOOLEAN)((NULL != FsRtlGetPerStreamContextPointer(FO) && \
7934
FlagOn(FsRtlGetPerStreamContextPointer(FO)->Flags2, \
7935
FSRTL_FLAG2_SUPPORTS_FILTER_CONTEXTS)) \
7938
#define FsRtlLookupPerStreamContext(_sc, _oid, _iid) \
7939
(((NULL != (_sc)) && \
7940
FlagOn((_sc)->Flags2,FSRTL_FLAG2_SUPPORTS_FILTER_CONTEXTS) && \
7941
!IsListEmpty(&(_sc)->FilterContexts)) ? \
7942
FsRtlLookupPerStreamContextInternal((_sc), (_oid), (_iid)) : \
7948
FsRtlSetupAdvancedHeader(
7950
IN PFAST_MUTEX FMutex )
7952
PFSRTL_ADVANCED_FCB_HEADER localAdvHdr = (PFSRTL_ADVANCED_FCB_HEADER)AdvHdr;
7954
localAdvHdr->Flags |= FSRTL_FLAG_ADVANCED_HEADER;
7955
localAdvHdr->Flags2 |= FSRTL_FLAG2_SUPPORTS_FILTER_CONTEXTS;
7956
#if (NTDDI_VERSION >= NTDDI_VISTA)
7957
localAdvHdr->Version = FSRTL_FCB_HEADER_V1;
7959
localAdvHdr->Version = FSRTL_FCB_HEADER_V0;
7961
InitializeListHead( &localAdvHdr->FilterContexts );
7962
if (FMutex != NULL) {
7963
localAdvHdr->FastMutex = FMutex;
7965
#if (NTDDI_VERSION >= NTDDI_VISTA)
7966
*((PULONG_PTR)(&localAdvHdr->PushLock)) = 0;
7967
localAdvHdr->FileContextSupportPointer = NULL;
7971
#define FsRtlInitPerFileObjectContext(_fc, _owner, _inst) \
7972
((_fc)->OwnerId = (_owner), (_fc)->InstanceId = (_inst))
7974
#define FsRtlCompleteRequest(IRP,STATUS) { \
7975
(IRP)->IoStatus.Status = (STATUS); \
7976
IoCompleteRequest( (IRP), IO_DISK_INCREMENT ); \
7978
/* Common Cache Types */
7980
#define VACB_MAPPING_GRANULARITY (0x40000)
7981
#define VACB_OFFSET_SHIFT (18)
7983
typedef struct _PUBLIC_BCB {
7984
CSHORT NodeTypeCode;
7985
CSHORT NodeByteSize;
7987
LARGE_INTEGER MappedFileOffset;
7988
} PUBLIC_BCB, *PPUBLIC_BCB;
7990
typedef struct _CC_FILE_SIZES {
7991
LARGE_INTEGER AllocationSize;
7992
LARGE_INTEGER FileSize;
7993
LARGE_INTEGER ValidDataLength;
7994
} CC_FILE_SIZES, *PCC_FILE_SIZES;
7997
(NTAPI *PACQUIRE_FOR_LAZY_WRITE) (
8002
(NTAPI *PRELEASE_FROM_LAZY_WRITE) (
8006
(NTAPI *PACQUIRE_FOR_READ_AHEAD) (
8011
(NTAPI *PRELEASE_FROM_READ_AHEAD) (
8014
typedef struct _CACHE_MANAGER_CALLBACKS {
8015
PACQUIRE_FOR_LAZY_WRITE AcquireForLazyWrite;
8016
PRELEASE_FROM_LAZY_WRITE ReleaseFromLazyWrite;
8017
PACQUIRE_FOR_READ_AHEAD AcquireForReadAhead;
8018
PRELEASE_FROM_READ_AHEAD ReleaseFromReadAhead;
8019
} CACHE_MANAGER_CALLBACKS, *PCACHE_MANAGER_CALLBACKS;
8021
typedef struct _CACHE_UNINITIALIZE_EVENT {
8022
struct _CACHE_UNINITIALIZE_EVENT *Next;
8024
} CACHE_UNINITIALIZE_EVENT, *PCACHE_UNINITIALIZE_EVENT;
8027
(NTAPI *PDIRTY_PAGE_ROUTINE) (
8028
IN PFILE_OBJECT FileObject,
8029
IN PLARGE_INTEGER FileOffset,
8031
IN PLARGE_INTEGER OldestLsn,
8032
IN PLARGE_INTEGER NewestLsn,
8037
(NTAPI *PFLUSH_TO_LSN) (
8039
IN LARGE_INTEGER Lsn);
8042
(NTAPI *PCC_POST_DEFERRED_WRITE) (
8046
#define UNINITIALIZE_CACHE_MAPS (1)
8047
#define DO_NOT_RETRY_PURGE (2)
8048
#define DO_NOT_PURGE_DIRTY_PAGES (0x4)
8050
#define CC_FLUSH_AND_PURGE_NO_PURGE (0x1)
8051
/* Common Cache Functions */
8053
#define CcIsFileCached(FO) ( \
8054
((FO)->SectionObjectPointer != NULL) && \
8055
(((PSECTION_OBJECT_POINTERS)(FO)->SectionObjectPointer)->SharedCacheMap != NULL) \
8058
extern ULONG CcFastMdlReadWait;
8060
#if (NTDDI_VERSION >= NTDDI_WIN2K)
8065
CcInitializeCacheMap(
8066
IN PFILE_OBJECT FileObject,
8067
IN PCC_FILE_SIZES FileSizes,
8068
IN BOOLEAN PinAccess,
8069
IN PCACHE_MANAGER_CALLBACKS Callbacks,
8070
IN PVOID LazyWriteContext);
8075
CcUninitializeCacheMap(
8076
IN PFILE_OBJECT FileObject,
8077
IN PLARGE_INTEGER TruncateSize OPTIONAL,
8078
IN PCACHE_UNINITIALIZE_EVENT UninitializeCompleteEvent OPTIONAL);
8084
IN PFILE_OBJECT FileObject,
8085
IN PCC_FILE_SIZES FileSizes);
8090
CcSetDirtyPageThreshold(
8091
IN PFILE_OBJECT FileObject,
8092
IN ULONG DirtyPageThreshold);
8098
IN PSECTION_OBJECT_POINTERS SectionObjectPointer,
8099
IN PLARGE_INTEGER FileOffset OPTIONAL,
8101
OUT PIO_STATUS_BLOCK IoStatus OPTIONAL);
8106
CcGetFlushedValidData(
8107
IN PSECTION_OBJECT_POINTERS SectionObjectPointer,
8108
IN BOOLEAN BcbListHeld);
8114
IN PFILE_OBJECT FileObject,
8115
IN PLARGE_INTEGER StartOffset,
8116
IN PLARGE_INTEGER EndOffset,
8136
IN BOOLEAN WriteThrough,
8137
OUT PIO_STATUS_BLOCK IoStatus);
8142
CcGetFileObjectFromSectionPtrs(
8143
IN PSECTION_OBJECT_POINTERS SectionObjectPointer);
8148
CcGetFileObjectFromBcb(
8155
IN PFILE_OBJECT FileObject,
8156
IN ULONG BytesToWrite,
8158
IN BOOLEAN Retrying);
8164
IN PFILE_OBJECT FileObject,
8165
IN PCC_POST_DEFERRED_WRITE PostRoutine,
8168
IN ULONG BytesToWrite,
8169
IN BOOLEAN Retrying);
8175
IN PFILE_OBJECT FileObject,
8176
IN PLARGE_INTEGER FileOffset,
8180
OUT PIO_STATUS_BLOCK IoStatus);
8186
IN PFILE_OBJECT FileObject,
8187
IN ULONG FileOffset,
8191
OUT PIO_STATUS_BLOCK IoStatus);
8197
IN PFILE_OBJECT FileObject,
8198
IN PLARGE_INTEGER FileOffset,
8207
IN PFILE_OBJECT FileObject,
8208
IN ULONG FileOffset,
8216
IN PFILE_OBJECT FileObject,
8217
IN PLARGE_INTEGER FileOffset,
8220
OUT PIO_STATUS_BLOCK IoStatus);
8226
IN PFILE_OBJECT FileObject,
8233
IN PFILE_OBJECT FileObject,
8234
IN PLARGE_INTEGER FileOffset,
8237
OUT PIO_STATUS_BLOCK IoStatus);
8243
IN PFILE_OBJECT FileObject,
8244
IN PLARGE_INTEGER FileOffset,
8250
CcScheduleReadAhead(
8251
IN PFILE_OBJECT FileObject,
8252
IN PLARGE_INTEGER FileOffset,
8258
CcWaitForCurrentLazyWriterActivity(
8264
CcSetReadAheadGranularity(
8265
IN PFILE_OBJECT FileObject,
8266
IN ULONG Granularity);
8272
IN PFILE_OBJECT FileObject,
8273
IN PLARGE_INTEGER FileOffset,
8283
IN PFILE_OBJECT FileObject,
8284
IN PLARGE_INTEGER FileOffset,
8293
IN PFILE_OBJECT FileObject,
8294
IN PLARGE_INTEGER FileOffset,
8304
CcSetDirtyPinnedData(
8306
IN PLARGE_INTEGER Lsn OPTIONAL);
8317
CcSetBcbOwnerPointer(
8319
IN PVOID OwnerPointer);
8324
CcUnpinDataForThread(
8326
IN ERESOURCE_THREAD ResourceThreadId);
8331
CcSetAdditionalCacheAttributes(
8332
IN PFILE_OBJECT FileObject,
8333
IN BOOLEAN DisableReadAhead,
8334
IN BOOLEAN DisableWriteBehind);
8342
#endif /* (NTDDI_VERSION >= NTDDI_WIN2K) */
8344
#if (NTDDI_VERSION >= NTDDI_WINXP)
8350
IN PFILE_OBJECT FileObject,
8356
CcSetLogHandleForFile(
8357
IN PFILE_OBJECT FileObject,
8359
IN PFLUSH_TO_LSN FlushToLsnRoutine);
8366
IN PDIRTY_PAGE_ROUTINE DirtyPageRoutine,
8372
#if (NTDDI_VERSION >= NTDDI_WINXP)
8377
IN PFILE_OBJECT FileObject,
8378
IN PLARGE_INTEGER FileOffset,
8383
#elif (NTDDI_VERSION >= NTDDI_WIN2K)
8388
IN PFILE_OBJECT FileObject,
8389
IN PLARGE_INTEGER FileOffset,
8396
#if (NTDDI_VERSION >= NTDDI_VISTA)
8402
IN PFILE_OBJECT FileObject,
8403
IN PCC_FILE_SIZES FileSizes);
8408
CcGetFileObjectFromSectionPtrsRef(
8409
IN PSECTION_OBJECT_POINTERS SectionObjectPointer);
8414
CcSetParallelFlushFile(
8415
IN PFILE_OBJECT FileObject,
8416
IN BOOLEAN EnableParallelFlush);
8420
CcIsThereDirtyDataEx(
8422
IN PULONG NumberOfDirtyPages OPTIONAL);
8426
#if (NTDDI_VERSION >= NTDDI_WIN7)
8430
CcCoherencyFlushAndPurgeCache(
8431
IN PSECTION_OBJECT_POINTERS SectionObjectPointer,
8432
IN PLARGE_INTEGER FileOffset OPTIONAL,
8434
OUT PIO_STATUS_BLOCK IoStatus,
8435
IN ULONG Flags OPTIONAL);
8438
#define CcGetFileSizePointer(FO) ( \
8439
((PLARGE_INTEGER)((FO)->SectionObjectPointer->SharedCacheMap) + 1) \
8442
#if (NTDDI_VERSION >= NTDDI_VISTA)
8446
CcPurgeCacheSection(
8447
IN PSECTION_OBJECT_POINTERS SectionObjectPointer,
8448
IN PLARGE_INTEGER FileOffset OPTIONAL,
8451
#elif (NTDDI_VERSION >= NTDDI_WIN2K)
8455
CcPurgeCacheSection(
8456
IN PSECTION_OBJECT_POINTERS SectionObjectPointer,
8457
IN PLARGE_INTEGER FileOffset OPTIONAL,
8459
IN BOOLEAN UninitializeCacheMaps);
8462
#if (NTDDI_VERSION >= NTDDI_WIN7)
8466
CcCopyWriteWontFlush(
8467
IN PFILE_OBJECT FileObject,
8468
IN PLARGE_INTEGER FileOffset,
8471
#define CcCopyWriteWontFlush(FO, FOFF, LEN) ((LEN) <= 0x10000)
8474
#define CcReadAhead(FO, FOFF, LEN) ( \
8475
if ((LEN) >= 256) { \
8476
CcScheduleReadAhead((FO), (FOFF), (LEN)); \
8479
/******************************************************************************
8481
******************************************************************************/
8489
IN HANDLE FileHandle,
8490
OUT PIO_STATUS_BLOCK IoStatusBlock,
8493
IN BOOLEAN ReturnSingleEntry,
8494
IN PVOID EaList OPTIONAL,
8495
IN ULONG EaListLength,
8496
IN PULONG EaIndex OPTIONAL,
8497
IN BOOLEAN RestartScan);
8503
IN HANDLE FileHandle,
8504
OUT PIO_STATUS_BLOCK IoStatusBlock,
8512
IN HANDLE ExistingTokenHandle,
8513
IN ACCESS_MASK DesiredAccess,
8514
IN POBJECT_ATTRIBUTES ObjectAttributes,
8515
IN BOOLEAN EffectiveOnly,
8516
IN TOKEN_TYPE TokenType,
8517
OUT PHANDLE NewTokenHandle);
8519
#if (NTDDI_VERSION >= NTDDI_WIN2K)
8525
IN HANDLE Handle OPTIONAL,
8526
IN OBJECT_INFORMATION_CLASS ObjectInformationClass,
8527
OUT PVOID ObjectInformation OPTIONAL,
8528
IN ULONG ObjectInformationLength,
8529
OUT PULONG ReturnLength OPTIONAL);
8535
IN HANDLE KeyHandle,
8536
IN HANDLE EventHandle OPTIONAL,
8537
IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
8538
IN PVOID ApcContext OPTIONAL,
8539
OUT PIO_STATUS_BLOCK IoStatusBlock,
8540
IN ULONG NotifyFilter,
8541
IN BOOLEAN WatchSubtree,
8543
IN ULONG BufferLength,
8544
IN BOOLEAN Asynchronous);
8550
OUT PHANDLE EventHandle,
8551
IN ACCESS_MASK DesiredAccess,
8552
IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
8553
IN EVENT_TYPE EventType,
8554
IN BOOLEAN InitialState);
8560
IN POBJECT_ATTRIBUTES ObjectAttributes);
8565
ZwQueryDirectoryFile(
8566
IN HANDLE FileHandle,
8567
IN HANDLE Event OPTIONAL,
8568
IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
8569
IN PVOID ApcContext OPTIONAL,
8570
OUT PIO_STATUS_BLOCK IoStatusBlock,
8571
OUT PVOID FileInformation,
8573
IN FILE_INFORMATION_CLASS FileInformationClass,
8574
IN BOOLEAN ReturnSingleEntry,
8575
IN PUNICODE_STRING FileName OPTIONAL,
8576
IN BOOLEAN RestartScan);
8581
ZwSetVolumeInformationFile(
8582
IN HANDLE FileHandle,
8583
OUT PIO_STATUS_BLOCK IoStatusBlock,
8584
IN PVOID FsInformation,
8586
IN FS_INFORMATION_CLASS FsInformationClass);
8592
IN HANDLE FileHandle,
8593
IN HANDLE Event OPTIONAL,
8594
IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
8595
IN PVOID ApcContext OPTIONAL,
8596
OUT PIO_STATUS_BLOCK IoStatusBlock,
8597
IN ULONG FsControlCode,
8598
IN PVOID InputBuffer OPTIONAL,
8599
IN ULONG InputBufferLength,
8600
OUT PVOID OutputBuffer OPTIONAL,
8601
IN ULONG OutputBufferLength);
8607
IN HANDLE SourceProcessHandle,
8608
IN HANDLE SourceHandle,
8609
IN HANDLE TargetProcessHandle OPTIONAL,
8610
OUT PHANDLE TargetHandle OPTIONAL,
8611
IN ACCESS_MASK DesiredAccess,
8612
IN ULONG HandleAttributes,
8618
ZwOpenDirectoryObject(
8619
OUT PHANDLE DirectoryHandle,
8620
IN ACCESS_MASK DesiredAccess,
8621
IN POBJECT_ATTRIBUTES ObjectAttributes);
8626
ZwAllocateVirtualMemory(
8627
IN HANDLE ProcessHandle,
8628
IN OUT PVOID *BaseAddress,
8629
IN ULONG_PTR ZeroBits,
8630
IN OUT PSIZE_T RegionSize,
8631
IN ULONG AllocationType,
8637
ZwFreeVirtualMemory(
8638
IN HANDLE ProcessHandle,
8639
IN OUT PVOID *BaseAddress,
8640
IN OUT PSIZE_T RegionSize,
8646
ZwWaitForSingleObject(
8648
IN BOOLEAN Alertable,
8649
IN PLARGE_INTEGER Timeout OPTIONAL);
8655
IN HANDLE EventHandle,
8656
OUT PLONG PreviousState OPTIONAL);
8661
ZwFlushVirtualMemory(
8662
IN HANDLE ProcessHandle,
8663
IN OUT PVOID *BaseAddress,
8664
IN OUT PSIZE_T RegionSize,
8665
OUT PIO_STATUS_BLOCK IoStatusBlock);
8670
ZwQueryInformationToken(
8671
IN HANDLE TokenHandle,
8672
IN TOKEN_INFORMATION_CLASS TokenInformationClass,
8673
OUT PVOID TokenInformation,
8675
OUT PULONG ResultLength);
8680
ZwSetSecurityObject(
8682
IN SECURITY_INFORMATION SecurityInformation,
8683
IN PSECURITY_DESCRIPTOR SecurityDescriptor);
8688
ZwQuerySecurityObject(
8689
IN HANDLE FileHandle,
8690
IN SECURITY_INFORMATION SecurityInformation,
8691
OUT PSECURITY_DESCRIPTOR SecurityDescriptor,
8693
OUT PULONG ResultLength);
8694
#endif /* (NTDDI_VERSION >= NTDDI_WIN2K) */
8696
#if (NTDDI_VERSION >= NTDDI_WINXP)
8701
ZwOpenProcessTokenEx(
8702
IN HANDLE ProcessHandle,
8703
IN ACCESS_MASK DesiredAccess,
8704
IN ULONG HandleAttributes,
8705
OUT PHANDLE TokenHandle);
8710
ZwOpenThreadTokenEx(
8711
IN HANDLE ThreadHandle,
8712
IN ACCESS_MASK DesiredAccess,
8713
IN BOOLEAN OpenAsSelf,
8714
IN ULONG HandleAttributes,
8715
OUT PHANDLE TokenHandle);
8717
#endif /* (NTDDI_VERSION >= NTDDI_WINXP) */
8719
#if (NTDDI_VERSION >= NTDDI_VISTA)
8725
IN HANDLE FileHandle,
8726
IN HANDLE Event OPTIONAL,
8727
IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
8728
IN PVOID ApcContext OPTIONAL,
8729
OUT PIO_STATUS_BLOCK IoStatusBlock,
8730
IN PLARGE_INTEGER ByteOffset,
8731
IN PLARGE_INTEGER Length,
8733
IN BOOLEAN FailImmediately,
8734
IN BOOLEAN ExclusiveLock);
8740
IN HANDLE FileHandle,
8741
OUT PIO_STATUS_BLOCK IoStatusBlock,
8742
IN PLARGE_INTEGER ByteOffset,
8743
IN PLARGE_INTEGER Length,
8749
ZwQueryQuotaInformationFile(
8750
IN HANDLE FileHandle,
8751
OUT PIO_STATUS_BLOCK IoStatusBlock,
8754
IN BOOLEAN ReturnSingleEntry,
8756
IN ULONG SidListLength,
8757
IN PSID StartSid OPTIONAL,
8758
IN BOOLEAN RestartScan);
8763
ZwSetQuotaInformationFile(
8764
IN HANDLE FileHandle,
8765
OUT PIO_STATUS_BLOCK IoStatusBlock,
8773
IN HANDLE FileHandle,
8774
OUT PIO_STATUS_BLOCK IoStatusBlock);
8775
#endif /* (NTDDI_VERSION >= NTDDI_VISTA) */
8776
#if (NTDDI_VERSION >= NTDDI_WIN7)
8781
ZwSetInformationToken(
8782
IN HANDLE TokenHandle,
8783
IN TOKEN_INFORMATION_CLASS TokenInformationClass,
8784
IN PVOID TokenInformation,
8785
IN ULONG TokenInformationLength);
8786
#endif /* (NTDDI_VERSION >= NTDDI_WIN7) */
8789
/* #if !defined(_X86AMD64_) FIXME : WHAT ?! */
8792
C_ASSERT(sizeof(ERESOURCE) == 0x68);
8793
C_ASSERT(FIELD_OFFSET(ERESOURCE,ActiveCount) == 0x18);
8794
C_ASSERT(FIELD_OFFSET(ERESOURCE,Flag) == 0x1a);
8798
C_ASSERT(sizeof(ERESOURCE) == 0x38);
8799
C_ASSERT(FIELD_OFFSET(ERESOURCE,ActiveCount) == 0x0c);
8800
C_ASSERT(FIELD_OFFSET(ERESOURCE,Flag) == 0x0e);
8806
#if (NTDDI_VERSION >= NTDDI_WIN2K)
8807
//DECLSPEC_DEPRECATED_DDK
8811
HalGetDmaAlignmentRequirement(
8816
#if defined(_M_IX86) || defined(_M_AMD64)
8817
#define HalGetDmaAlignmentRequirement() 1L
8820
extern NTKERNELAPI PUSHORT NlsOemLeadByteInfo;
8821
#define NLS_OEM_LEAD_BYTE_INFO NlsOemLeadByteInfo
8823
#ifdef NLS_MB_CODE_PAGE_TAG
8824
#undef NLS_MB_CODE_PAGE_TAG
8826
#define NLS_MB_CODE_PAGE_TAG NlsMbOemCodePageTag
8828
#if (NTDDI_VERSION >= NTDDI_VISTA)
8830
typedef enum _NETWORK_OPEN_LOCATION_QUALIFIER {
8831
NetworkOpenLocationAny,
8832
NetworkOpenLocationRemote,
8833
NetworkOpenLocationLoopback
8834
} NETWORK_OPEN_LOCATION_QUALIFIER;
8836
typedef enum _NETWORK_OPEN_INTEGRITY_QUALIFIER {
8837
NetworkOpenIntegrityAny,
8838
NetworkOpenIntegrityNone,
8839
NetworkOpenIntegritySigned,
8840
NetworkOpenIntegrityEncrypted,
8841
NetworkOpenIntegrityMaximum
8842
} NETWORK_OPEN_INTEGRITY_QUALIFIER;
8844
#if (NTDDI_VERSION >= NTDDI_WIN7)
8846
#define NETWORK_OPEN_ECP_IN_FLAG_DISABLE_HANDLE_COLLAPSING 0x1
8847
#define NETWORK_OPEN_ECP_IN_FLAG_DISABLE_HANDLE_DURABILITY 0x2
8848
#define NETWORK_OPEN_ECP_IN_FLAG_FORCE_BUFFERED_SYNCHRONOUS_IO_HACK 0x80000000
8850
typedef struct _NETWORK_OPEN_ECP_CONTEXT {
8853
_ANONYMOUS_STRUCT struct {
8855
NETWORK_OPEN_LOCATION_QUALIFIER Location;
8856
NETWORK_OPEN_INTEGRITY_QUALIFIER Integrity;
8860
NETWORK_OPEN_LOCATION_QUALIFIER Location;
8861
NETWORK_OPEN_INTEGRITY_QUALIFIER Integrity;
8865
} NETWORK_OPEN_ECP_CONTEXT, *PNETWORK_OPEN_ECP_CONTEXT;
8867
typedef struct _NETWORK_OPEN_ECP_CONTEXT_V0 {
8870
_ANONYMOUS_STRUCT struct {
8872
NETWORK_OPEN_LOCATION_QUALIFIER Location;
8873
NETWORK_OPEN_INTEGRITY_QUALIFIER Integrity;
8876
NETWORK_OPEN_LOCATION_QUALIFIER Location;
8877
NETWORK_OPEN_INTEGRITY_QUALIFIER Integrity;
8880
} NETWORK_OPEN_ECP_CONTEXT_V0, *PNETWORK_OPEN_ECP_CONTEXT_V0;
8882
#elif (NTDDI_VERSION >= NTDDI_VISTA)
8883
typedef struct _NETWORK_OPEN_ECP_CONTEXT {
8886
_ANONYMOUS_STRUCT struct {
8888
NETWORK_OPEN_LOCATION_QUALIFIER Location;
8889
NETWORK_OPEN_INTEGRITY_QUALIFIER Integrity;
8892
NETWORK_OPEN_LOCATION_QUALIFIER Location;
8893
NETWORK_OPEN_INTEGRITY_QUALIFIER Integrity;
8896
} NETWORK_OPEN_ECP_CONTEXT, *PNETWORK_OPEN_ECP_CONTEXT;
8899
DEFINE_GUID(GUID_ECP_NETWORK_OPEN_CONTEXT, 0xc584edbf, 0x00df, 0x4d28, 0xb8, 0x84, 0x35, 0xba, 0xca, 0x89, 0x11, 0xe8);
8901
#endif /* (NTDDI_VERSION >= NTDDI_VISTA) */
8904
#if (NTDDI_VERSION >= NTDDI_VISTA)
8906
typedef struct _PREFETCH_OPEN_ECP_CONTEXT {
8908
} PREFETCH_OPEN_ECP_CONTEXT, *PPREFETCH_OPEN_ECP_CONTEXT;
8910
DEFINE_GUID(GUID_ECP_PREFETCH_OPEN, 0xe1777b21, 0x847e, 0x4837, 0xaa, 0x45, 0x64, 0x16, 0x1d, 0x28, 0x6, 0x55);
8912
#endif /* (NTDDI_VERSION >= NTDDI_VISTA) */
8914
#if (NTDDI_VERSION >= NTDDI_WIN7)
8916
DEFINE_GUID (GUID_ECP_NFS_OPEN, 0xf326d30c, 0xe5f8, 0x4fe7, 0xab, 0x74, 0xf5, 0xa3, 0x19, 0x6d, 0x92, 0xdb);
8917
DEFINE_GUID (GUID_ECP_SRV_OPEN, 0xbebfaebc, 0xaabf, 0x489d, 0x9d, 0x2c, 0xe9, 0xe3, 0x61, 0x10, 0x28, 0x53);
8919
typedef struct sockaddr_storage *PSOCKADDR_STORAGE_NFS;
8921
typedef struct _NFS_OPEN_ECP_CONTEXT {
8922
PUNICODE_STRING ExportAlias;
8923
PSOCKADDR_STORAGE_NFS ClientSocketAddress;
8924
} NFS_OPEN_ECP_CONTEXT, *PNFS_OPEN_ECP_CONTEXT, **PPNFS_OPEN_ECP_CONTEXT;
8926
typedef struct _SRV_OPEN_ECP_CONTEXT {
8927
PUNICODE_STRING ShareName;
8928
PSOCKADDR_STORAGE_NFS SocketAddress;
8929
BOOLEAN OplockBlockState;
8930
BOOLEAN OplockAppState;
8931
BOOLEAN OplockFinalState;
8932
} SRV_OPEN_ECP_CONTEXT, *PSRV_OPEN_ECP_CONTEXT;
8934
#endif /* (NTDDI_VERSION >= NTDDI_WIN7) */
8936
#define PIN_WAIT (1)
8937
#define PIN_EXCLUSIVE (2)
8938
#define PIN_NO_READ (4)
8939
#define PIN_IF_BCB (8)
8940
#define PIN_CALLER_TRACKS_DIRTY_DATA (32)
8941
#define PIN_HIGH_PRIORITY (64)
8944
#define MAP_NO_READ (16)
8945
#define MAP_HIGH_PRIORITY (64)
8947
#define IOCTL_REDIR_QUERY_PATH CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 99, METHOD_NEITHER, FILE_ANY_ACCESS)
8948
#define IOCTL_REDIR_QUERY_PATH_EX CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 100, METHOD_NEITHER, FILE_ANY_ACCESS)
8950
typedef struct _QUERY_PATH_REQUEST {
8951
ULONG PathNameLength;
8952
PIO_SECURITY_CONTEXT SecurityContext;
8953
WCHAR FilePathName[1];
8954
} QUERY_PATH_REQUEST, *PQUERY_PATH_REQUEST;
8956
typedef struct _QUERY_PATH_REQUEST_EX {
8957
PIO_SECURITY_CONTEXT pSecurityContext;
8960
UNICODE_STRING PathName;
8961
UNICODE_STRING DomainServiceName;
8962
ULONG_PTR Reserved[ 3 ];
8963
} QUERY_PATH_REQUEST_EX, *PQUERY_PATH_REQUEST_EX;
8965
typedef struct _QUERY_PATH_RESPONSE {
8966
ULONG LengthAccepted;
8967
} QUERY_PATH_RESPONSE, *PQUERY_PATH_RESPONSE;
8969
#define VOLSNAPCONTROLTYPE 0x00000053
8970
#define IOCTL_VOLSNAP_FLUSH_AND_HOLD_WRITES CTL_CODE(VOLSNAPCONTROLTYPE, 0, METHOD_BUFFERED, FILE_READ_ACCESS | FILE_WRITE_ACCESS)
8972
/* FIXME : These definitions below don't belong here (or anywhere in ddk really) */
8973
#pragma pack(push,4)
8975
#ifndef VER_PRODUCTBUILD
8976
#define VER_PRODUCTBUILD 10000
8981
extern PACL SePublicDefaultDacl;
8982
extern PACL SeSystemDefaultDacl;
8984
#define FS_LFN_APIS 0x00004000
8986
#define FILE_STORAGE_TYPE_SPECIFIED 0x00000041 /* FILE_DIRECTORY_FILE | FILE_NON_DIRECTORY_FILE */
8987
#define FILE_STORAGE_TYPE_DEFAULT (StorageTypeDefault << FILE_STORAGE_TYPE_SHIFT)
8988
#define FILE_STORAGE_TYPE_DIRECTORY (StorageTypeDirectory << FILE_STORAGE_TYPE_SHIFT)
8989
#define FILE_STORAGE_TYPE_FILE (StorageTypeFile << FILE_STORAGE_TYPE_SHIFT)
8990
#define FILE_STORAGE_TYPE_DOCFILE (StorageTypeDocfile << FILE_STORAGE_TYPE_SHIFT)
8991
#define FILE_STORAGE_TYPE_JUNCTION_POINT (StorageTypeJunctionPoint << FILE_STORAGE_TYPE_SHIFT)
8992
#define FILE_STORAGE_TYPE_CATALOG (StorageTypeCatalog << FILE_STORAGE_TYPE_SHIFT)
8993
#define FILE_STORAGE_TYPE_STRUCTURED_STORAGE (StorageTypeStructuredStorage << FILE_STORAGE_TYPE_SHIFT)
8994
#define FILE_STORAGE_TYPE_EMBEDDING (StorageTypeEmbedding << FILE_STORAGE_TYPE_SHIFT)
8995
#define FILE_STORAGE_TYPE_STREAM (StorageTypeStream << FILE_STORAGE_TYPE_SHIFT)
8996
#define FILE_MINIMUM_STORAGE_TYPE FILE_STORAGE_TYPE_DEFAULT
8997
#define FILE_MAXIMUM_STORAGE_TYPE FILE_STORAGE_TYPE_STREAM
8998
#define FILE_STORAGE_TYPE_MASK 0x000f0000
8999
#define FILE_STORAGE_TYPE_SHIFT 16
9001
#define FILE_VC_QUOTAS_LOG_VIOLATIONS 0x00000004
306
9004
#define HARDWARE_PTE HARDWARE_PTE_X86
307
9005
#define PHARDWARE_PTE PHARDWARE_PTE_X86
310
#define IO_CHECK_CREATE_PARAMETERS 0x0200
311
#define IO_ATTACH_DEVICE 0x0400
313
9008
#define IO_ATTACH_DEVICE_API 0x80000000
315
#define IO_FILE_OBJECT_NON_PAGED_POOL_CHARGE 64
316
#define IO_FILE_OBJECT_PAGED_POOL_CHARGE 1024
318
9010
#define IO_TYPE_APC 18
319
9011
#define IO_TYPE_DPC 19
320
9012
#define IO_TYPE_DEVICE_QUEUE 20
added
removed
mingw-w64-headers/ddk/include/ddk/ntifs.h
