diff options
author | Earnie Boyd <earnie@users.sf.net> | 2002-10-07 02:18:26 +0400 |
---|---|---|
committer | Earnie Boyd <earnie@users.sf.net> | 2002-10-07 02:18:26 +0400 |
commit | 2bacbfb1d19165f9cf63420a6fab6afc9e1a0d65 (patch) | |
tree | cd9df029c45c0eb01f4dc566a0abc5cae138e9dd /winsup/w32api/include/ddk/ntifs.h | |
parent | 09663d31bbc2c9784be39e696ce0fa6579319dd4 (diff) |
2002-10-06 Casper Hornstrup <chorns@it.dk>
* include/ddk: New subdir.
* lib/ddk: Ditto.
* include/ddk/(atm.h, batclass.h, cfg.h, cfgmgr32.h, d4drvif.h,
d4iface.h, ddkmapi.h, hidclass.h, hidpi.h, hidusage.h, mcd.h,
miniport.h, minitape.h, mountdev.h, mountmgr.h, ndis.h,
ndisquid.h, ndistapi.h, ndisvan.h, netevent.h, netpnp.h,
netdev.h, ntapi.h, ntdd8042.h, ntddbeep.h, ntddcdrm.h,
ntddcdvd.h, ntddchgr.h, ntdddisk.h, ntddk.h, ntddkbd.h,
ntddmou.h, ntddndis.h, ntddpar.h, ntddpcm.h, ntddscsi.h,
ntddser.h, ntddstor.h, ntddtape.h, ntddtdi.h, ntddvdeo.h,
ntddvol.h, ntifs.h, ntpoapi.h, ntstatus.h, parallel.h, pfhook.h,
poclass.h, scsi.h, scsiscan.h, scsiwmi.h, smbus.h, srb.h,
storport.h, tdi.h, tdiinfo.h, tdikrnl.h, tdistat.h, tvout.h,
upssvc.h, usb.h, usb100.h, usbcamdi.h, usbdi.h, usbioctl.h,
usbiodef.h, usbscan.h, usbuser.h, video.h, videoagp.h, win2k.h,
winddi.h, winddk.h, winnt4.h, winxp.h, ws2san.h,
xfilter.h): New files.
* lib/ddk/(Makefile.in, apcups.def, cfgmgr32.def, dxapi.def,
hal.def, hid.def, hidparse.def, mcd.def, ndis.def, ntoskrnl.def,
scsiport.def, tdi.def, usbcamd.def, usbcamd2.def, videoprt.def,
win32k.def): Ditto.
Diffstat (limited to 'winsup/w32api/include/ddk/ntifs.h')
-rw-r--r-- | winsup/w32api/include/ddk/ntifs.h | 4684 |
1 files changed, 4684 insertions, 0 deletions
diff --git a/winsup/w32api/include/ddk/ntifs.h b/winsup/w32api/include/ddk/ntifs.h new file mode 100644 index 000000000..1ae3db4e6 --- /dev/null +++ b/winsup/w32api/include/ddk/ntifs.h @@ -0,0 +1,4684 @@ +/* + * ntifs.h + * + * Windows NT Filesystem Driver Developer Kit + * + * This file is part of the MinGW package. + * + * Contributors: + * Created by Bo Brantén <bosse@acc.umu.se> + * + * THIS SOFTWARE IS NOT COPYRIGHTED + * + * This source code is offered for use in the public domain. You may + * use, modify or distribute it freely. + * + * This code is distributed in the hope that it will be useful but + * WITHOUT ANY WARRANTY. ALL WARRANTIES, EXPRESS OR IMPLIED ARE HEREBY + * DISCLAMED. This includes but is not limited to warranties of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + * + */ + +#ifndef _NTIFS_ +#define _NTIFS_ +#define _GNU_NTIFS_ + +#if __GNUC__ >=3 +#pragma GCC system_header +#endif + +#ifdef __cplusplus +extern "C" { +#endif + +#pragma pack(push,4) + +#include "ntddk.h" +#include "ntapi.h" + +#define VER_PRODUCTBUILD 10000 + +#ifndef NTSYSAPI +#define NTSYSAPI +#endif + +#ifndef NTKERNELAPI +#define NTKERNELAPI STDCALL +#endif + +typedef struct _SE_EXPORTS *PSE_EXPORTS; + +extern PUCHAR *FsRtlLegalAnsiCharacterArray; +extern PSE_EXPORTS SeExports; +extern PACL SePublicDefaultDacl; +extern PACL SeSystemDefaultDacl; + +#define ACCESS_ALLOWED_ACE_TYPE (0x0) +#define ACCESS_DENIED_ACE_TYPE (0x1) +#define SYSTEM_AUDIT_ACE_TYPE (0x2) +#define SYSTEM_ALARM_ACE_TYPE (0x3) + +#define ANSI_DOS_STAR ('<') +#define ANSI_DOS_QM ('>') +#define ANSI_DOS_DOT ('"') + +#define DOS_STAR (L'<') +#define DOS_QM (L'>') +#define DOS_DOT (L'"') + +#define COMPRESSION_FORMAT_NONE (0x0000) +#define COMPRESSION_FORMAT_DEFAULT (0x0001) +#define COMPRESSION_FORMAT_LZNT1 (0x0002) +#define COMPRESSION_ENGINE_STANDARD (0x0000) +#define COMPRESSION_ENGINE_MAXIMUM (0x0100) +#define COMPRESSION_ENGINE_HIBER (0x0200) + +#define FILE_ACTION_ADDED 0x00000001 +#define FILE_ACTION_REMOVED 0x00000002 +#define FILE_ACTION_MODIFIED 0x00000003 +#define FILE_ACTION_RENAMED_OLD_NAME 0x00000004 +#define FILE_ACTION_RENAMED_NEW_NAME 0x00000005 +#define FILE_ACTION_ADDED_STREAM 0x00000006 +#define FILE_ACTION_REMOVED_STREAM 0x00000007 +#define FILE_ACTION_MODIFIED_STREAM 0x00000008 +#define FILE_ACTION_REMOVED_BY_DELETE 0x00000009 +#define FILE_ACTION_ID_NOT_TUNNELLED 0x0000000A +#define FILE_ACTION_TUNNELLED_ID_COLLISION 0x0000000B + +#define FILE_EA_TYPE_BINARY 0xfffe +#define FILE_EA_TYPE_ASCII 0xfffd +#define FILE_EA_TYPE_BITMAP 0xfffb +#define FILE_EA_TYPE_METAFILE 0xfffa +#define FILE_EA_TYPE_ICON 0xfff9 +#define FILE_EA_TYPE_EA 0xffee +#define FILE_EA_TYPE_MVMT 0xffdf +#define FILE_EA_TYPE_MVST 0xffde +#define FILE_EA_TYPE_ASN1 0xffdd +#define FILE_EA_TYPE_FAMILY_IDS 0xff01 + +#define FILE_NEED_EA 0x00000080 + +#define FILE_NOTIFY_CHANGE_FILE_NAME 0x00000001 +#define FILE_NOTIFY_CHANGE_DIR_NAME 0x00000002 +#define FILE_NOTIFY_CHANGE_NAME 0x00000003 +#define FILE_NOTIFY_CHANGE_ATTRIBUTES 0x00000004 +#define FILE_NOTIFY_CHANGE_SIZE 0x00000008 +#define FILE_NOTIFY_CHANGE_LAST_WRITE 0x00000010 +#define FILE_NOTIFY_CHANGE_LAST_ACCESS 0x00000020 +#define FILE_NOTIFY_CHANGE_CREATION 0x00000040 +#define FILE_NOTIFY_CHANGE_EA 0x00000080 +#define FILE_NOTIFY_CHANGE_SECURITY 0x00000100 +#define FILE_NOTIFY_CHANGE_STREAM_NAME 0x00000200 +#define FILE_NOTIFY_CHANGE_STREAM_SIZE 0x00000400 +#define FILE_NOTIFY_CHANGE_STREAM_WRITE 0x00000800 +#define FILE_NOTIFY_VALID_MASK 0x00000fff + +#define FILE_OPLOCK_BROKEN_TO_LEVEL_2 0x00000007 +#define FILE_OPLOCK_BROKEN_TO_NONE 0x00000008 + +#define FILE_OPBATCH_BREAK_UNDERWAY 0x00000009 + +#define FILE_CASE_SENSITIVE_SEARCH 0x00000001 +#define FILE_CASE_PRESERVED_NAMES 0x00000002 +#define FILE_UNICODE_ON_DISK 0x00000004 +#define FILE_PERSISTENT_ACLS 0x00000008 +#define FILE_FILE_COMPRESSION 0x00000010 +#define FILE_VOLUME_QUOTAS 0x00000020 +#define FILE_SUPPORTS_SPARSE_FILES 0x00000040 +#define FILE_SUPPORTS_REPARSE_POINTS 0x00000080 +#define FILE_SUPPORTS_REMOTE_STORAGE 0x00000100 +#define FS_LFN_APIS 0x00004000 +#define FILE_VOLUME_IS_COMPRESSED 0x00008000 +#define FILE_SUPPORTS_OBJECT_IDS 0x00010000 +#define FILE_SUPPORTS_ENCRYPTION 0x00020000 +#define FILE_NAMED_STREAMS 0x00040000 + +#define FILE_PIPE_BYTE_STREAM_TYPE 0x00000000 +#define FILE_PIPE_MESSAGE_TYPE 0x00000001 + +#define FILE_PIPE_BYTE_STREAM_MODE 0x00000000 +#define FILE_PIPE_MESSAGE_MODE 0x00000001 + +#define FILE_PIPE_QUEUE_OPERATION 0x00000000 +#define FILE_PIPE_COMPLETE_OPERATION 0x00000001 + +#define FILE_PIPE_INBOUND 0x00000000 +#define FILE_PIPE_OUTBOUND 0x00000001 +#define FILE_PIPE_FULL_DUPLEX 0x00000002 + +#define FILE_PIPE_DISCONNECTED_STATE 0x00000001 +#define FILE_PIPE_LISTENING_STATE 0x00000002 +#define FILE_PIPE_CONNECTED_STATE 0x00000003 +#define FILE_PIPE_CLOSING_STATE 0x00000004 + +#define FILE_PIPE_CLIENT_END 0x00000000 +#define FILE_PIPE_SERVER_END 0x00000001 + +#define FILE_PIPE_READ_DATA 0x00000000 +#define FILE_PIPE_WRITE_SPACE 0x00000001 + +#define FILE_STORAGE_TYPE_SPECIFIED 0x00000041 // FILE_DIRECTORY_FILE | FILE_NON_DIRECTORY_FILE +#define FILE_STORAGE_TYPE_DEFAULT (StorageTypeDefault << FILE_STORAGE_TYPE_SHIFT) +#define FILE_STORAGE_TYPE_DIRECTORY (StorageTypeDirectory << FILE_STORAGE_TYPE_SHIFT) +#define FILE_STORAGE_TYPE_FILE (StorageTypeFile << FILE_STORAGE_TYPE_SHIFT) +#define FILE_STORAGE_TYPE_DOCFILE (StorageTypeDocfile << FILE_STORAGE_TYPE_SHIFT) +#define FILE_STORAGE_TYPE_JUNCTION_POINT (StorageTypeJunctionPoint << FILE_STORAGE_TYPE_SHIFT) +#define FILE_STORAGE_TYPE_CATALOG (StorageTypeCatalog << FILE_STORAGE_TYPE_SHIFT) +#define FILE_STORAGE_TYPE_STRUCTURED_STORAGE (StorageTypeStructuredStorage << FILE_STORAGE_TYPE_SHIFT) +#define FILE_STORAGE_TYPE_EMBEDDING (StorageTypeEmbedding << FILE_STORAGE_TYPE_SHIFT) +#define FILE_STORAGE_TYPE_STREAM (StorageTypeStream << FILE_STORAGE_TYPE_SHIFT) +#define FILE_MINIMUM_STORAGE_TYPE FILE_STORAGE_TYPE_DEFAULT +#define FILE_MAXIMUM_STORAGE_TYPE FILE_STORAGE_TYPE_STREAM +#define FILE_STORAGE_TYPE_MASK 0x000f0000 +#define FILE_STORAGE_TYPE_SHIFT 16 + +#define FILE_VC_QUOTA_NONE 0x00000000 +#define FILE_VC_QUOTA_TRACK 0x00000001 +#define FILE_VC_QUOTA_ENFORCE 0x00000002 +#define FILE_VC_QUOTA_MASK 0x00000003 + +#define FILE_VC_QUOTAS_LOG_VIOLATIONS 0x00000004 +#define FILE_VC_CONTENT_INDEX_DISABLED 0x00000008 + +#define FILE_VC_LOG_QUOTA_THRESHOLD 0x00000010 +#define FILE_VC_LOG_QUOTA_LIMIT 0x00000020 +#define FILE_VC_LOG_VOLUME_THRESHOLD 0x00000040 +#define FILE_VC_LOG_VOLUME_LIMIT 0x00000080 + +#define FILE_VC_QUOTAS_INCOMPLETE 0x00000100 +#define FILE_VC_QUOTAS_REBUILDING 0x00000200 + +#define FILE_VC_VALID_MASK 0x000003ff + +#define FSRTL_FLAG_FILE_MODIFIED (0x01) +#define FSRTL_FLAG_FILE_LENGTH_CHANGED (0x02) +#define FSRTL_FLAG_LIMIT_MODIFIED_PAGES (0x04) +#define FSRTL_FLAG_ACQUIRE_MAIN_RSRC_EX (0x08) +#define FSRTL_FLAG_ACQUIRE_MAIN_RSRC_SH (0x10) +#define FSRTL_FLAG_USER_MAPPED_FILE (0x20) +#define FSRTL_FLAG_EOF_ADVANCE_ACTIVE (0x80) + +#define FSRTL_FLAG2_DO_MODIFIED_WRITE (0x01) + +#define FSRTL_FSP_TOP_LEVEL_IRP (0x01) +#define FSRTL_CACHE_TOP_LEVEL_IRP (0x02) +#define FSRTL_MOD_WRITE_TOP_LEVEL_IRP (0x03) +#define FSRTL_FAST_IO_TOP_LEVEL_IRP (0x04) +#define FSRTL_MAX_TOP_LEVEL_IRP_FLAG (0x04) + +#define FSRTL_VOLUME_DISMOUNT 1 +#define FSRTL_VOLUME_DISMOUNT_FAILED 2 +#define FSRTL_VOLUME_LOCK 3 +#define FSRTL_VOLUME_LOCK_FAILED 4 +#define FSRTL_VOLUME_UNLOCK 5 +#define FSRTL_VOLUME_MOUNT 6 + +#define FSRTL_WILD_CHARACTER 0x08 + +#ifdef _X86_ +#define HARDWARE_PTE HARDWARE_PTE_X86 +#define PHARDWARE_PTE PHARDWARE_PTE_X86 +#else +#define HARDWARE_PTE ULONG +#define PHARDWARE_PTE PULONG +#endif + +#define IO_CHECK_CREATE_PARAMETERS 0x0200 +#define IO_ATTACH_DEVICE 0x0400 + +#define IO_ATTACH_DEVICE_API 0x80000000 + +#define IO_COMPLETION_QUERY_STATE 0x0001 +#define IO_COMPLETION_MODIFY_STATE 0x0002 +#define IO_COMPLETION_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED|SYNCHRONIZE|0x3) + +#define IO_FILE_OBJECT_NON_PAGED_POOL_CHARGE 64 +#define IO_FILE_OBJECT_PAGED_POOL_CHARGE 1024 + +#define IO_TYPE_APC 18 +#define IO_TYPE_DPC 19 +#define IO_TYPE_DEVICE_QUEUE 20 +#define IO_TYPE_EVENT_PAIR 21 +#define IO_TYPE_INTERRUPT 22 +#define IO_TYPE_PROFILE 23 + +#define IRP_BEING_VERIFIED 0x10 + +#define MAILSLOT_CLASS_FIRSTCLASS 1 +#define MAILSLOT_CLASS_SECONDCLASS 2 + +#define MAILSLOT_SIZE_AUTO 0 + +#define MAP_PROCESS 1L +#define MAP_SYSTEM 2L + +#define MEM_DOS_LIM 0x40000000 +#define MEM_IMAGE SEC_IMAGE + +#define OB_TYPE_TYPE 1 +#define OB_TYPE_DIRECTORY 2 +#define OB_TYPE_SYMBOLIC_LINK 3 +#define OB_TYPE_TOKEN 4 +#define OB_TYPE_PROCESS 5 +#define OB_TYPE_THREAD 6 +#define OB_TYPE_EVENT 7 +#define OB_TYPE_EVENT_PAIR 8 +#define OB_TYPE_MUTANT 9 +#define OB_TYPE_SEMAPHORE 10 +#define OB_TYPE_TIMER 11 +#define OB_TYPE_PROFILE 12 +#define OB_TYPE_WINDOW_STATION 13 +#define OB_TYPE_DESKTOP 14 +#define OB_TYPE_SECTION 15 +#define OB_TYPE_KEY 16 +#define OB_TYPE_PORT 17 +#define OB_TYPE_ADAPTER 18 +#define OB_TYPE_CONTROLLER 19 +#define OB_TYPE_DEVICE 20 +#define OB_TYPE_DRIVER 21 +#define OB_TYPE_IO_COMPLETION 22 +#define OB_TYPE_FILE 23 + +#define PIN_WAIT (1) +#define PIN_EXCLUSIVE (2) +#define PIN_NO_READ (4) +#define PIN_IF_BCB (8) + +#define PORT_CONNECT 0x0001 +#define PORT_ALL_ACCESS (STANDARD_RIGHTS_ALL |\ + PORT_CONNECT) + +#define SEC_BASED 0x00200000 +#define SEC_NO_CHANGE 0x00400000 +#define SEC_FILE 0x00800000 +#define SEC_IMAGE 0x01000000 +#define SEC_COMMIT 0x08000000 +#define SEC_NOCACHE 0x10000000 + +#define SECURITY_WORLD_SID_AUTHORITY {0,0,0,0,0,1} +#define SECURITY_WORLD_RID (0x00000000L) + +#define SID_REVISION 1 + +#define TOKEN_ASSIGN_PRIMARY (0x0001) +#define TOKEN_DUPLICATE (0x0002) +#define TOKEN_IMPERSONATE (0x0004) +#define TOKEN_QUERY (0x0008) +#define TOKEN_QUERY_SOURCE (0x0010) +#define TOKEN_ADJUST_PRIVILEGES (0x0020) +#define TOKEN_ADJUST_GROUPS (0x0040) +#define TOKEN_ADJUST_DEFAULT (0x0080) + +#define TOKEN_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED |\ + TOKEN_ASSIGN_PRIMARY |\ + TOKEN_DUPLICATE |\ + TOKEN_IMPERSONATE |\ + TOKEN_QUERY |\ + TOKEN_QUERY_SOURCE |\ + TOKEN_ADJUST_PRIVILEGES |\ + TOKEN_ADJUST_GROUPS |\ + TOKEN_ADJUST_DEFAULT) + +#define TOKEN_READ (STANDARD_RIGHTS_READ |\ + TOKEN_QUERY) + +#define TOKEN_WRITE (STANDARD_RIGHTS_WRITE |\ + TOKEN_ADJUST_PRIVILEGES |\ + TOKEN_ADJUST_GROUPS |\ + TOKEN_ADJUST_DEFAULT) + +#define TOKEN_EXECUTE (STANDARD_RIGHTS_EXECUTE) + +#define TOKEN_SOURCE_LENGTH 8 + +#define TOKEN_HAS_TRAVERSE_PRIVILEGE 0x01 +#define TOKEN_HAS_BACKUP_PRIVILEGE 0x02 +#define TOKEN_HAS_RESTORE_PRIVILEGE 0x04 +#define TOKEN_HAS_ADMIN_GROUP 0x08 +#define TOKEN_IS_RESTRICTED 0x10 + +#define VACB_MAPPING_GRANULARITY (0x40000) +#define VACB_OFFSET_SHIFT (18) + +#define FSCTL_REQUEST_OPLOCK_LEVEL_1 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 0, METHOD_BUFFERED, FILE_ANY_ACCESS) +#define FSCTL_REQUEST_OPLOCK_LEVEL_2 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 1, METHOD_BUFFERED, FILE_ANY_ACCESS) +#define FSCTL_REQUEST_BATCH_OPLOCK CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 2, METHOD_BUFFERED, FILE_ANY_ACCESS) +#define FSCTL_OPLOCK_BREAK_ACKNOWLEDGE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 3, METHOD_BUFFERED, FILE_ANY_ACCESS) +#define FSCTL_OPBATCH_ACK_CLOSE_PENDING CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 4, METHOD_BUFFERED, FILE_ANY_ACCESS) +#define FSCTL_OPLOCK_BREAK_NOTIFY CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 5, METHOD_BUFFERED, FILE_ANY_ACCESS) +#define FSCTL_LOCK_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 6, METHOD_BUFFERED, FILE_ANY_ACCESS) +#define FSCTL_UNLOCK_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 7, METHOD_BUFFERED, FILE_ANY_ACCESS) +#define FSCTL_DISMOUNT_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 8, METHOD_BUFFERED, FILE_ANY_ACCESS) + +#define FSCTL_IS_VOLUME_MOUNTED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 10, METHOD_BUFFERED, FILE_ANY_ACCESS) +#define FSCTL_IS_PATHNAME_VALID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 11, METHOD_BUFFERED, FILE_ANY_ACCESS) +#define FSCTL_MARK_VOLUME_DIRTY CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 12, METHOD_BUFFERED, FILE_ANY_ACCESS) + +#define FSCTL_QUERY_RETRIEVAL_POINTERS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 14, METHOD_NEITHER, FILE_ANY_ACCESS) +#define FSCTL_GET_COMPRESSION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 15, METHOD_BUFFERED, FILE_ANY_ACCESS) +#define FSCTL_SET_COMPRESSION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 16, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA) + + +#define FSCTL_MARK_AS_SYSTEM_HIVE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 19, METHOD_NEITHER, FILE_ANY_ACCESS) +#define FSCTL_OPLOCK_BREAK_ACK_NO_2 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 20, METHOD_BUFFERED, FILE_ANY_ACCESS) +#define FSCTL_INVALIDATE_VOLUMES CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 21, METHOD_BUFFERED, FILE_ANY_ACCESS) +#define FSCTL_QUERY_FAT_BPB CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 22, METHOD_BUFFERED, FILE_ANY_ACCESS) +#define FSCTL_REQUEST_FILTER_OPLOCK CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 23, METHOD_BUFFERED, FILE_ANY_ACCESS) +#define FSCTL_FILESYSTEM_GET_STATISTICS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 24, METHOD_BUFFERED, FILE_ANY_ACCESS) + +#if (VER_PRODUCTBUILD >= 1381) + +#define FSCTL_GET_NTFS_VOLUME_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 25, METHOD_BUFFERED, FILE_ANY_ACCESS) +#define FSCTL_GET_NTFS_FILE_RECORD CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 26, METHOD_BUFFERED, FILE_ANY_ACCESS) +#define FSCTL_GET_VOLUME_BITMAP CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 27, METHOD_NEITHER, FILE_ANY_ACCESS) +#define FSCTL_GET_RETRIEVAL_POINTERS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 28, METHOD_NEITHER, FILE_ANY_ACCESS) +#define FSCTL_MOVE_FILE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 29, METHOD_BUFFERED, FILE_ANY_ACCESS) +#define FSCTL_IS_VOLUME_DIRTY CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 30, METHOD_BUFFERED, FILE_ANY_ACCESS) +#define FSCTL_GET_HFS_INFORMATION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 31, METHOD_BUFFERED, FILE_ANY_ACCESS) +#define FSCTL_ALLOW_EXTENDED_DASD_IO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 32, METHOD_NEITHER, FILE_ANY_ACCESS) + +#endif // (VER_PRODUCTBUILD >= 1381) + +#if (VER_PRODUCTBUILD >= 2195) + +#define FSCTL_READ_PROPERTY_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 33, METHOD_NEITHER, FILE_ANY_ACCESS) +#define FSCTL_WRITE_PROPERTY_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 34, METHOD_NEITHER, FILE_ANY_ACCESS) +#define FSCTL_FIND_FILES_BY_SID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 35, METHOD_NEITHER, FILE_ANY_ACCESS) + +#define FSCTL_DUMP_PROPERTY_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 37, METHOD_NEITHER, FILE_ANY_ACCESS) +#define FSCTL_SET_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 38, METHOD_BUFFERED, FILE_WRITE_DATA) +#define FSCTL_GET_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 39, METHOD_BUFFERED, FILE_ANY_ACCESS) +#define FSCTL_DELETE_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 40, METHOD_BUFFERED, FILE_WRITE_DATA) +#define FSCTL_SET_REPARSE_POINT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 41, METHOD_BUFFERED, FILE_WRITE_DATA) +#define FSCTL_GET_REPARSE_POINT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 42, METHOD_BUFFERED, FILE_ANY_ACCESS) +#define FSCTL_DELETE_REPARSE_POINT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 43, METHOD_BUFFERED, FILE_WRITE_DATA) +#define FSCTL_ENUM_USN_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 44, METHOD_NEITHER, FILE_READ_DATA) +#define FSCTL_SECURITY_ID_CHECK CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 45, METHOD_NEITHER, FILE_READ_DATA) +#define FSCTL_READ_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 46, METHOD_NEITHER, FILE_READ_DATA) +#define FSCTL_SET_OBJECT_ID_EXTENDED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 47, METHOD_BUFFERED, FILE_WRITE_DATA) +#define FSCTL_CREATE_OR_GET_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 48, METHOD_BUFFERED, FILE_ANY_ACCESS) +#define FSCTL_SET_SPARSE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 49, METHOD_BUFFERED, FILE_WRITE_DATA) +#define FSCTL_SET_ZERO_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 50, METHOD_BUFFERED, FILE_WRITE_DATA) +#define FSCTL_QUERY_ALLOCATED_RANGES CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 51, METHOD_NEITHER, FILE_READ_DATA) +#define FSCTL_ENABLE_UPGRADE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 52, METHOD_BUFFERED, FILE_WRITE_DATA) +#define FSCTL_SET_ENCRYPTION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 53, METHOD_BUFFERED, FILE_ANY_ACCESS) +#define FSCTL_ENCRYPTION_FSCTL_IO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 54, METHOD_NEITHER, FILE_ANY_ACCESS) +#define FSCTL_WRITE_RAW_ENCRYPTED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 55, METHOD_NEITHER, FILE_ANY_ACCESS) +#define FSCTL_READ_RAW_ENCRYPTED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 56, METHOD_NEITHER, FILE_ANY_ACCESS) +#define FSCTL_CREATE_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 57, METHOD_NEITHER, FILE_READ_DATA) +#define FSCTL_READ_FILE_USN_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 58, METHOD_NEITHER, FILE_READ_DATA) +#define FSCTL_WRITE_USN_CLOSE_RECORD CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 59, METHOD_NEITHER, FILE_READ_DATA) +#define FSCTL_EXTEND_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 60, METHOD_BUFFERED, FILE_ANY_ACCESS) +#define FSCTL_QUERY_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 61, METHOD_BUFFERED, FILE_ANY_ACCESS) +#define FSCTL_DELETE_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 62, METHOD_BUFFERED, FILE_ANY_ACCESS) +#define FSCTL_MARK_HANDLE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 63, METHOD_BUFFERED, FILE_ANY_ACCESS) +#define FSCTL_SIS_COPYFILE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 64, METHOD_BUFFERED, FILE_ANY_ACCESS) +#define FSCTL_SIS_LINK_FILES CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 65, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA) +#define FSCTL_HSM_MSG CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 66, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA) +#define FSCTL_NSS_CONTROL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 67, METHOD_BUFFERED, FILE_WRITE_DATA) +#define FSCTL_HSM_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 68, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA) +#define FSCTL_RECALL_FILE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 69, METHOD_NEITHER, FILE_ANY_ACCESS) +#define FSCTL_NSS_RCONTROL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 70, METHOD_BUFFERED, FILE_READ_DATA) +#define FSCTL_READ_FROM_PLEX CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 71, METHOD_OUT_DIRECT, FILE_READ_DATA) +#define FSCTL_FILE_PREFETCH CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 72, METHOD_BUFFERED, FILE_SPECIAL_ACCESS) + +#endif // (VER_PRODUCTBUILD >= 2195) + +#define FSCTL_MAILSLOT_PEEK CTL_CODE(FILE_DEVICE_MAILSLOT, 0, METHOD_NEITHER, FILE_READ_DATA) + +#define FSCTL_NETWORK_SET_CONFIGURATION_INFO CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 102, METHOD_IN_DIRECT, FILE_ANY_ACCESS) +#define FSCTL_NETWORK_GET_CONFIGURATION_INFO CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 103, METHOD_OUT_DIRECT, FILE_ANY_ACCESS) +#define FSCTL_NETWORK_GET_CONNECTION_INFO CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 104, METHOD_NEITHER, FILE_ANY_ACCESS) +#define FSCTL_NETWORK_ENUMERATE_CONNECTIONS CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 105, METHOD_NEITHER, FILE_ANY_ACCESS) +#define FSCTL_NETWORK_DELETE_CONNECTION CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 107, METHOD_BUFFERED, FILE_ANY_ACCESS) +#define FSCTL_NETWORK_GET_STATISTICS CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 116, METHOD_BUFFERED, FILE_ANY_ACCESS) +#define FSCTL_NETWORK_SET_DOMAIN_NAME CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 120, METHOD_BUFFERED, FILE_ANY_ACCESS) +#define FSCTL_NETWORK_REMOTE_BOOT_INIT_SCRT CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 250, METHOD_BUFFERED, FILE_ANY_ACCESS) + +#define FSCTL_PIPE_ASSIGN_EVENT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 0, METHOD_BUFFERED, FILE_ANY_ACCESS) +#define FSCTL_PIPE_DISCONNECT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 1, METHOD_BUFFERED, FILE_ANY_ACCESS) +#define FSCTL_PIPE_LISTEN CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2, METHOD_BUFFERED, FILE_ANY_ACCESS) +#define FSCTL_PIPE_PEEK CTL_CODE(FILE_DEVICE_NAMED_PIPE, 3, METHOD_BUFFERED, FILE_READ_DATA) +#define FSCTL_PIPE_QUERY_EVENT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 4, METHOD_BUFFERED, FILE_ANY_ACCESS) +#define FSCTL_PIPE_TRANSCEIVE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 5, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA) +#define FSCTL_PIPE_WAIT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 6, METHOD_BUFFERED, FILE_ANY_ACCESS) +#define FSCTL_PIPE_IMPERSONATE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 7, METHOD_BUFFERED, FILE_ANY_ACCESS) +#define FSCTL_PIPE_SET_CLIENT_PROCESS CTL_CODE(FILE_DEVICE_NAMED_PIPE, 8, METHOD_BUFFERED, FILE_ANY_ACCESS) +#define FSCTL_PIPE_QUERY_CLIENT_PROCESS CTL_CODE(FILE_DEVICE_NAMED_PIPE, 9, METHOD_BUFFERED, FILE_ANY_ACCESS) +#define FSCTL_PIPE_INTERNAL_READ CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2045, METHOD_BUFFERED, FILE_READ_DATA) +#define FSCTL_PIPE_INTERNAL_WRITE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2046, METHOD_BUFFERED, FILE_WRITE_DATA) +#define FSCTL_PIPE_INTERNAL_TRANSCEIVE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2047, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA) +#define FSCTL_PIPE_INTERNAL_READ_OVFLOW CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2048, METHOD_BUFFERED, FILE_READ_DATA) + +#define IOCTL_REDIR_QUERY_PATH CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 99, METHOD_NEITHER, FILE_ANY_ACCESS) + +typedef PVOID PEJOB; +typedef PVOID OPLOCK, *POPLOCK; +typedef PVOID PWOW64_PROCESS; + +typedef struct _CACHE_MANAGER_CALLBACKS *PCACHE_MANAGER_CALLBACKS; +typedef struct _EPROCESS_QUOTA_BLOCK *PEPROCESS_QUOTA_BLOCK; +typedef struct _FILE_GET_QUOTA_INFORMATION *PFILE_GET_QUOTA_INFORMATION; +typedef struct _HANDLE_TABLE *PHANDLE_TABLE; +typedef struct _KEVENT_PAIR *PKEVENT_PAIR; +typedef struct _KPROCESS *PKPROCESS; +typedef struct _KQUEUE *PKQUEUE; +typedef struct _KTRAP_FRAME *PKTRAP_FRAME; +typedef struct _MAILSLOT_CREATE_PARAMETERS *PMAILSLOT_CREATE_PARAMETERS; +typedef struct _MMWSL *PMMWSL; +typedef struct _NAMED_PIPE_CREATE_PARAMETERS *PNAMED_PIPE_CREATE_PARAMETERS; +typedef struct _OBJECT_DIRECTORY *POBJECT_DIRECTORY; +typedef struct _PAGEFAULT_HISTORY *PPAGEFAULT_HISTORY; +typedef struct _PS_IMPERSONATION_INFORMATION *PPS_IMPERSONATION_INFORMATION; +typedef struct _SECTION_OBJECT *PSECTION_OBJECT; +typedef struct _SHARED_CACHE_MAP *PSHARED_CACHE_MAP; +typedef struct _TERMINATION_PORT *PTERMINATION_PORT; +typedef struct _VACB *PVACB; +typedef struct _VAD_HEADER *PVAD_HEADER; + +typedef struct _NOTIFY_SYNC +{ + ULONG Unknown0; + ULONG Unknown1; + ULONG Unknown2; + USHORT Unknown3; + USHORT Unknown4; + ULONG Unknown5; + ULONG Unknown6; + ULONG Unknown7; + ULONG Unknown8; + ULONG Unknown9; + ULONG Unknown10; +} NOTIFY_SYNC, * PNOTIFY_SYNC; + +typedef enum _FAST_IO_POSSIBLE { + FastIoIsNotPossible, + FastIoIsPossible, + FastIoIsQuestionable +} FAST_IO_POSSIBLE; + +typedef enum _FILE_STORAGE_TYPE { + StorageTypeDefault = 1, + StorageTypeDirectory, + StorageTypeFile, + StorageTypeJunctionPoint, + StorageTypeCatalog, + StorageTypeStructuredStorage, + StorageTypeEmbedding, + StorageTypeStream +} FILE_STORAGE_TYPE; + +typedef enum _IO_COMPLETION_INFORMATION_CLASS { + IoCompletionBasicInformation +} IO_COMPLETION_INFORMATION_CLASS; + +typedef enum _OBJECT_INFO_CLASS { + ObjectBasicInfo, + ObjectNameInfo, + ObjectTypeInfo, + ObjectAllTypesInfo, + ObjectProtectionInfo +} OBJECT_INFO_CLASS; + +typedef struct _HARDWARE_PTE_X86 { + ULONG Valid : 1; + ULONG Write : 1; + ULONG Owner : 1; + ULONG WriteThrough : 1; + ULONG CacheDisable : 1; + ULONG Accessed : 1; + ULONG Dirty : 1; + ULONG LargePage : 1; + ULONG Global : 1; + ULONG CopyOnWrite : 1; + ULONG Prototype : 1; + ULONG reserved : 1; + ULONG PageFrameNumber : 20; +} HARDWARE_PTE_X86, *PHARDWARE_PTE_X86; + +typedef struct _KAPC_STATE { + LIST_ENTRY ApcListHead[2]; + PKPROCESS Process; + BOOLEAN KernelApcInProgress; + BOOLEAN KernelApcPending; + BOOLEAN UserApcPending; +} KAPC_STATE, *PKAPC_STATE; + +typedef struct _KGDTENTRY { + USHORT LimitLow; + USHORT BaseLow; + union { + struct { + UCHAR BaseMid; + UCHAR Flags1; + UCHAR Flags2; + UCHAR BaseHi; + } Bytes; + struct { + ULONG BaseMid : 8; + ULONG Type : 5; + ULONG Dpl : 2; + ULONG Pres : 1; + ULONG LimitHi : 4; + ULONG Sys : 1; + ULONG Reserved_0 : 1; + ULONG Default_Big : 1; + ULONG Granularity : 1; + ULONG BaseHi : 8; + } Bits; + } HighWord; +} KGDTENTRY, *PKGDTENTRY; + +typedef struct _KIDTENTRY { + USHORT Offset; + USHORT Selector; + USHORT Access; + USHORT ExtendedOffset; +} KIDTENTRY, *PKIDTENTRY; + +#if (VER_PRODUCTBUILD >= 2600) + +typedef struct _MMSUPPORT_FLAGS { + ULONG SessionSpace : 1; + ULONG BeingTrimmed : 1; + ULONG SessionLeader : 1; + ULONG TrimHard : 1; + ULONG WorkingSetHard : 1; + ULONG AddressSpaceBeingDeleted : 1; + ULONG Available : 10; + ULONG AllowWorkingSetAdjustment : 8; + ULONG MemoryPriority : 8; +} MMSUPPORT_FLAGS, *PMMSUPPORT_FLAGS; + +#else + +typedef struct _MMSUPPORT_FLAGS { + ULONG SessionSpace : 1; + ULONG BeingTrimmed : 1; + ULONG ProcessInSession : 1; + ULONG SessionLeader : 1; + ULONG TrimHard : 1; + ULONG WorkingSetHard : 1; + ULONG WriteWatch : 1; + ULONG Filler : 25; +} MMSUPPORT_FLAGS, *PMMSUPPORT_FLAGS; + +#endif + +#if (VER_PRODUCTBUILD >= 2600) + +typedef struct _MMSUPPORT { + LARGE_INTEGER LastTrimTime; + MMSUPPORT_FLAGS Flags; + ULONG PageFaultCount; + ULONG PeakWorkingSetSize; + ULONG WorkingSetSize; + ULONG MinimumWorkingSetSize; + ULONG MaximumWorkingSetSize; + PMMWSL VmWorkingSetList; + LIST_ENTRY WorkingSetExpansionLinks; + ULONG Claim; + ULONG NextEstimationSlot; + ULONG NextAgingSlot; + ULONG EstimatedAvailable; + ULONG GrowthSinceLastEstimate; +} MMSUPPORT, *PMMSUPPORT; + +#else + +typedef struct _MMSUPPORT { + LARGE_INTEGER LastTrimTime; + ULONG LastTrimFaultCount; + ULONG PageFaultCount; + ULONG PeakWorkingSetSize; + ULONG WorkingSetSize; + ULONG MinimumWorkingSetSize; + ULONG MaximumWorkingSetSize; + PMMWSL VmWorkingSetList; + LIST_ENTRY WorkingSetExpansionLinks; + BOOLEAN AllowWorkingSetAdjustment; + BOOLEAN AddressSpaceBeingDeleted; + UCHAR ForegroundSwitchCount; + UCHAR MemoryPriority; +#if (VER_PRODUCTBUILD >= 2195) + union { + ULONG LongFlags; + MMSUPPORT_FLAGS Flags; + } u; + ULONG Claim; + ULONG NextEstimationSlot; + ULONG NextAgingSlot; + ULONG EstimatedAvailable; + ULONG GrowthSinceLastEstimate; +#endif // (VER_PRODUCTBUILD >= 2195) +} MMSUPPORT, *PMMSUPPORT; + +#endif + +typedef struct _SE_AUDIT_PROCESS_CREATION_INFO { + POBJECT_NAME_INFORMATION ImageFileName; +} SE_AUDIT_PROCESS_CREATION_INFO, *PSE_AUDIT_PROCESS_CREATION_INFO; + +typedef struct _BITMAP_RANGE { + LIST_ENTRY Links; + LARGE_INTEGER BasePage; + ULONG FirstDirtyPage; + ULONG LastDirtyPage; + ULONG DirtyPages; + PULONG Bitmap; +} BITMAP_RANGE, *PBITMAP_RANGE; + +typedef struct _CACHE_UNINITIALIZE_EVENT { + struct _CACHE_UNINITIALIZE_EVENT *Next; + KEVENT Event; +} CACHE_UNINITIALIZE_EVENT, *PCACHE_UNINITIALIZE_EVENT; + +typedef struct _CC_FILE_SIZES { + LARGE_INTEGER AllocationSize; + LARGE_INTEGER FileSize; + LARGE_INTEGER ValidDataLength; +} CC_FILE_SIZES, *PCC_FILE_SIZES; + +typedef struct _COMPRESSED_DATA_INFO { + USHORT CompressionFormatAndEngine; + UCHAR CompressionUnitShift; + UCHAR ChunkShift; + UCHAR ClusterShift; + UCHAR Reserved; + USHORT NumberOfChunks; + ULONG CompressedChunkSizes[ANYSIZE_ARRAY]; +} COMPRESSED_DATA_INFO, *PCOMPRESSED_DATA_INFO; + +typedef struct _DEVICE_MAP { + POBJECT_DIRECTORY DosDevicesDirectory; + POBJECT_DIRECTORY GlobalDosDevicesDirectory; + ULONG ReferenceCount; + ULONG DriveMap; + UCHAR DriveType[32]; +} DEVICE_MAP, *PDEVICE_MAP; + +#if (VER_PRODUCTBUILD >= 2600) + +typedef struct _EX_FAST_REF { + union { + PVOID Object; + ULONG RefCnt : 3; + ULONG Value; + }; +} EX_FAST_REF, *PEX_FAST_REF; + +typedef struct _EX_PUSH_LOCK { + union { + struct { + ULONG Waiting : 1; + ULONG Exclusive : 1; + ULONG Shared : 30; + }; + ULONG Value; + PVOID Ptr; + }; +} EX_PUSH_LOCK, *PEX_PUSH_LOCK; + +typedef struct _EX_RUNDOWN_REF { + union { + ULONG Count; + PVOID Ptr; + }; +} EX_RUNDOWN_REF, *PEX_RUNDOWN_REF; + +#endif + +typedef struct _EPROCESS_QUOTA_ENTRY { + ULONG Usage; + ULONG Limit; + ULONG Peak; + ULONG Return; +} EPROCESS_QUOTA_ENTRY, *PEPROCESS_QUOTA_ENTRY; + +typedef struct _EPROCESS_QUOTA_BLOCK { + EPROCESS_QUOTA_ENTRY QuotaEntry[3]; + LIST_ENTRY QuotaList; + ULONG ReferenceCount; + ULONG ProcessCount; +} EPROCESS_QUOTA_BLOCK, *PEPROCESS_QUOTA_BLOCK; + +/* + * When needing these parameters cast your PIO_STACK_LOCATION to + * PEXTENDED_IO_STACK_LOCATION + */ +#if !defined(_ALPHA_) +#include <pshpack4.h> +#endif +typedef struct _EXTENDED_IO_STACK_LOCATION { + + /* Included for padding */ + UCHAR MajorFunction; + UCHAR MinorFunction; + UCHAR Flags; + UCHAR Control; + + union { + + struct { + PIO_SECURITY_CONTEXT SecurityContext; + ULONG Options; + USHORT Reserved; + USHORT ShareAccess; + PMAILSLOT_CREATE_PARAMETERS Parameters; + } CreateMailslot; + + struct { + PIO_SECURITY_CONTEXT SecurityContext; + ULONG Options; + USHORT Reserved; + USHORT ShareAccess; + PNAMED_PIPE_CREATE_PARAMETERS Parameters; + } CreatePipe; + + struct { + ULONG OutputBufferLength; + ULONG InputBufferLength; + ULONG FsControlCode; + PVOID Type3InputBuffer; + } FileSystemControl; + + struct { + PLARGE_INTEGER Length; + ULONG Key; + LARGE_INTEGER ByteOffset; + } LockControl; + + struct { + ULONG Length; + ULONG CompletionFilter; + } NotifyDirectory; + + struct { + ULONG Length; + PUNICODE_STRING FileName; + FILE_INFORMATION_CLASS FileInformationClass; + ULONG FileIndex; + } QueryDirectory; + + struct { + ULONG Length; + PVOID EaList; + ULONG EaListLength; + ULONG EaIndex; + } QueryEa; + + struct { + ULONG Length; + PSID StartSid; + PFILE_GET_QUOTA_INFORMATION SidList; + ULONG SidListLength; + } QueryQuota; + + struct { + ULONG Length; + } SetEa; + + struct { + ULONG Length; + } SetQuota; + + struct { + ULONG Length; + FS_INFORMATION_CLASS FsInformationClass; + } SetVolume; + + } Parameters; + PDEVICE_OBJECT DeviceObject; + PFILE_OBJECT FileObject; + PIO_COMPLETION_ROUTINE CompletionRoutine; + PVOID Context; + +} EXTENDED_IO_STACK_LOCATION, *PEXTENDED_IO_STACK_LOCATION; +#if !defined(_ALPHA_) +#include <poppack.h> +#endif + +typedef struct _FILE_ACCESS_INFORMATION { + ACCESS_MASK AccessFlags; +} FILE_ACCESS_INFORMATION, *PFILE_ACCESS_INFORMATION; + +typedef struct _FILE_ALLOCATION_INFORMATION { + LARGE_INTEGER AllocationSize; +} FILE_ALLOCATION_INFORMATION, *PFILE_ALLOCATION_INFORMATION; + +typedef struct _FILE_BOTH_DIR_INFORMATION { + ULONG NextEntryOffset; + ULONG FileIndex; + LARGE_INTEGER CreationTime; + LARGE_INTEGER LastAccessTime; + LARGE_INTEGER LastWriteTime; + LARGE_INTEGER ChangeTime; + LARGE_INTEGER EndOfFile; + LARGE_INTEGER AllocationSize; + ULONG FileAttributes; + ULONG FileNameLength; + ULONG EaSize; + CCHAR ShortNameLength; + WCHAR ShortName[12]; + WCHAR FileName[1]; +} FILE_BOTH_DIR_INFORMATION, *PFILE_BOTH_DIR_INFORMATION; + +typedef struct _FILE_COMPLETION_INFORMATION { + HANDLE Port; + ULONG Key; +} FILE_COMPLETION_INFORMATION, *PFILE_COMPLETION_INFORMATION; + +typedef struct _FILE_COMPRESSION_INFORMATION { + LARGE_INTEGER CompressedFileSize; + USHORT CompressionFormat; + UCHAR CompressionUnitShift; + UCHAR ChunkShift; + UCHAR ClusterShift; + UCHAR Reserved[3]; +} FILE_COMPRESSION_INFORMATION, *PFILE_COMPRESSION_INFORMATION; + +typedef struct _FILE_COPY_ON_WRITE_INFORMATION { + BOOLEAN ReplaceIfExists; + HANDLE RootDirectory; + ULONG FileNameLength; + WCHAR FileName[1]; +} FILE_COPY_ON_WRITE_INFORMATION, *PFILE_COPY_ON_WRITE_INFORMATION; + +typedef struct _FILE_DIRECTORY_INFORMATION { + ULONG NextEntryOffset; + ULONG FileIndex; + LARGE_INTEGER CreationTime; + LARGE_INTEGER LastAccessTime; + LARGE_INTEGER LastWriteTime; + LARGE_INTEGER ChangeTime; + LARGE_INTEGER EndOfFile; + LARGE_INTEGER AllocationSize; + ULONG FileAttributes; + ULONG FileNameLength; + WCHAR FileName[1]; +} FILE_DIRECTORY_INFORMATION, *PFILE_DIRECTORY_INFORMATION; + +typedef struct _FILE_FULL_DIRECTORY_INFORMATION { + ULONG NextEntryOffset; + ULONG FileIndex; + LARGE_INTEGER CreationTime; + LARGE_INTEGER LastAccessTime; + LARGE_INTEGER LastWriteTime; + LARGE_INTEGER ChangeTime; + LARGE_INTEGER EndOfFile; + LARGE_INTEGER AllocationSize; + ULONG FileAttributes; + ULONG FileNameLength; + ULONG EaSize; + WCHAR FileName[0]; +} FILE_FULL_DIRECTORY_INFORMATION, *PFILE_FULL_DIRECTORY_INFORMATION; + +typedef struct _FILE_BOTH_DIRECTORY_INFORMATION { + ULONG NextEntryOffset; + ULONG FileIndex; + LARGE_INTEGER CreationTime; + LARGE_INTEGER LastAccessTime; + LARGE_INTEGER LastWriteTime; + LARGE_INTEGER ChangeTime; + LARGE_INTEGER EndOfFile; + LARGE_INTEGER AllocationSize; + ULONG FileAttributes; + ULONG FileNameLength; + ULONG EaSize; + CHAR ShortNameLength; + WCHAR ShortName[12]; + WCHAR FileName[0]; +} FILE_BOTH_DIRECTORY_INFORMATION, *PFILE_BOTH_DIRECTORY_INFORMATION; + +typedef struct _FILE_EA_INFORMATION { + ULONG EaSize; +} FILE_EA_INFORMATION, *PFILE_EA_INFORMATION; + +typedef struct _FILE_FS_ATTRIBUTE_INFORMATION { + ULONG FileSystemAttributes; + ULONG MaximumComponentNameLength; + ULONG FileSystemNameLength; + WCHAR FileSystemName[1]; +} FILE_FS_ATTRIBUTE_INFORMATION, *PFILE_FS_ATTRIBUTE_INFORMATION; + +typedef struct _FILE_FS_CONTROL_INFORMATION { + LARGE_INTEGER FreeSpaceStartFiltering; + LARGE_INTEGER FreeSpaceThreshold; + LARGE_INTEGER FreeSpaceStopFiltering; + LARGE_INTEGER DefaultQuotaThreshold; + LARGE_INTEGER DefaultQuotaLimit; + ULONG FileSystemControlFlags; +} FILE_FS_CONTROL_INFORMATION, *PFILE_FS_CONTROL_INFORMATION; + +typedef struct _FILE_FS_FULL_SIZE_INFORMATION { + LARGE_INTEGER TotalAllocationUnits; + LARGE_INTEGER CallerAvailableAllocationUnits; + LARGE_INTEGER ActualAvailableAllocationUnits; + ULONG SectorsPerAllocationUnit; + ULONG BytesPerSector; +} FILE_FS_FULL_SIZE_INFORMATION, *PFILE_FS_FULL_SIZE_INFORMATION; + +typedef struct _FILE_FS_LABEL_INFORMATION { + ULONG VolumeLabelLength; + WCHAR VolumeLabel[1]; +} FILE_FS_LABEL_INFORMATION, *PFILE_FS_LABEL_INFORMATION; + +#if (VER_PRODUCTBUILD >= 2195) + +typedef struct _FILE_FS_OBJECT_ID_INFORMATION { + UCHAR ObjectId[16]; + UCHAR ExtendedInfo[48]; +} FILE_FS_OBJECT_ID_INFORMATION, *PFILE_FS_OBJECT_ID_INFORMATION; + +#endif // (VER_PRODUCTBUILD >= 2195) + +typedef struct _FILE_FS_SIZE_INFORMATION { + LARGE_INTEGER TotalAllocationUnits; + LARGE_INTEGER AvailableAllocationUnits; + ULONG SectorsPerAllocationUnit; + ULONG BytesPerSector; +} FILE_FS_SIZE_INFORMATION, *PFILE_FS_SIZE_INFORMATION; + +typedef struct _FILE_FS_VOLUME_INFORMATION { + LARGE_INTEGER VolumeCreationTime; + ULONG VolumeSerialNumber; + ULONG VolumeLabelLength; + BOOLEAN SupportsObjects; + WCHAR VolumeLabel[1]; +} FILE_FS_VOLUME_INFORMATION, *PFILE_FS_VOLUME_INFORMATION; + +typedef struct _FILE_FULL_DIR_INFORMATION { + ULONG NextEntryOffset; + ULONG FileIndex; + LARGE_INTEGER CreationTime; + LARGE_INTEGER LastAccessTime; + LARGE_INTEGER LastWriteTime; + LARGE_INTEGER ChangeTime; + LARGE_INTEGER EndOfFile; + LARGE_INTEGER AllocationSize; + ULONG FileAttributes; + ULONG FileNameLength; + ULONG EaSize; + WCHAR FileName[1]; +} FILE_FULL_DIR_INFORMATION, *PFILE_FULL_DIR_INFORMATION; + +typedef struct _FILE_GET_EA_INFORMATION { + ULONG NextEntryOffset; + UCHAR EaNameLength; + CHAR EaName[1]; +} FILE_GET_EA_INFORMATION, *PFILE_GET_EA_INFORMATION; + +typedef struct _FILE_GET_QUOTA_INFORMATION { + ULONG NextEntryOffset; + ULONG SidLength; + SID Sid; +} FILE_GET_QUOTA_INFORMATION, *PFILE_GET_QUOTA_INFORMATION; + +typedef struct _FILE_INTERNAL_INFORMATION { + LARGE_INTEGER IndexNumber; +} FILE_INTERNAL_INFORMATION, *PFILE_INTERNAL_INFORMATION; + +typedef struct _FILE_LINK_INFORMATION { + BOOLEAN ReplaceIfExists; + HANDLE RootDirectory; + ULONG FileNameLength; + WCHAR FileName[1]; +} FILE_LINK_INFORMATION, *PFILE_LINK_INFORMATION; + +typedef struct _FILE_LOCK_INFO { + LARGE_INTEGER StartingByte; + LARGE_INTEGER Length; + BOOLEAN ExclusiveLock; + ULONG Key; + PFILE_OBJECT FileObject; + PEPROCESS Process; + LARGE_INTEGER EndingByte; +} FILE_LOCK_INFO, *PFILE_LOCK_INFO; + +// raw internal file lock struct returned from FsRtlGetNextFileLock +typedef struct _FILE_SHARED_LOCK_ENTRY { + PVOID Unknown1; + PVOID Unknown2; + FILE_LOCK_INFO FileLock; +} FILE_SHARED_LOCK_ENTRY, *PFILE_SHARED_LOCK_ENTRY; + +// raw internal file lock struct returned from FsRtlGetNextFileLock +typedef struct _FILE_EXCLUSIVE_LOCK_ENTRY { + LIST_ENTRY ListEntry; + PVOID Unknown1; + PVOID Unknown2; + FILE_LOCK_INFO FileLock; +} FILE_EXCLUSIVE_LOCK_ENTRY, *PFILE_EXCLUSIVE_LOCK_ENTRY; + +typedef NTSTATUS (*PCOMPLETE_LOCK_IRP_ROUTINE) ( + IN PVOID Context, + IN PIRP Irp +); + +typedef VOID (NTAPI *PUNLOCK_ROUTINE) ( + IN PVOID Context, + IN PFILE_LOCK_INFO FileLockInfo +); + +typedef struct _FILE_LOCK { + PCOMPLETE_LOCK_IRP_ROUTINE CompleteLockIrpRoutine; + PUNLOCK_ROUTINE UnlockRoutine; + BOOLEAN FastIoIsQuestionable; + BOOLEAN Pad[3]; + PVOID LockInformation; + FILE_LOCK_INFO LastReturnedLockInfo; + PVOID LastReturnedLock; +} FILE_LOCK, *PFILE_LOCK; + +typedef struct _FILE_MAILSLOT_PEEK_BUFFER { + ULONG ReadDataAvailable; + ULONG NumberOfMessages; + ULONG MessageLength; +} FILE_MAILSLOT_PEEK_BUFFER, *PFILE_MAILSLOT_PEEK_BUFFER; + +typedef struct _FILE_MAILSLOT_QUERY_INFORMATION { + ULONG MaximumMessageSize; + ULONG MailslotQuota; + ULONG NextMessageSize; + ULONG MessagesAvailable; + LARGE_INTEGER ReadTimeout; +} FILE_MAILSLOT_QUERY_INFORMATION, *PFILE_MAILSLOT_QUERY_INFORMATION; + +typedef struct _FILE_MAILSLOT_SET_INFORMATION { + LARGE_INTEGER ReadTimeout; +} FILE_MAILSLOT_SET_INFORMATION, *PFILE_MAILSLOT_SET_INFORMATION; + +typedef struct _FILE_MODE_INFORMATION { + ULONG Mode; +} FILE_MODE_INFORMATION, *PFILE_MODE_INFORMATION; + +typedef struct _FILE_ALL_INFORMATION { + FILE_BASIC_INFORMATION BasicInformation; + FILE_STANDARD_INFORMATION StandardInformation; + FILE_INTERNAL_INFORMATION InternalInformation; + FILE_EA_INFORMATION EaInformation; + FILE_ACCESS_INFORMATION AccessInformation; + FILE_POSITION_INFORMATION PositionInformation; + FILE_MODE_INFORMATION ModeInformation; + FILE_ALIGNMENT_INFORMATION AlignmentInformation; + FILE_NAME_INFORMATION NameInformation; +} FILE_ALL_INFORMATION, *PFILE_ALL_INFORMATION; + +typedef struct _FILE_NAMES_INFORMATION { + ULONG NextEntryOffset; + ULONG FileIndex; + ULONG FileNameLength; + WCHAR FileName[1]; +} FILE_NAMES_INFORMATION, *PFILE_NAMES_INFORMATION; + +typedef struct _FILE_OBJECTID_INFORMATION { + LONGLONG FileReference; + UCHAR ObjectId[16]; + union { + struct { + UCHAR BirthVolumeId[16]; + UCHAR BirthObjectId[16]; + UCHAR DomainId[16]; + } ; + UCHAR ExtendedInfo[48]; + }; +} FILE_OBJECTID_INFORMATION, *PFILE_OBJECTID_INFORMATION; + +typedef struct _FILE_OLE_CLASSID_INFORMATION { + GUID ClassId; +} FILE_OLE_CLASSID_INFORMATION, *PFILE_OLE_CLASSID_INFORMATION; + +typedef struct _FILE_OLE_ALL_INFORMATION { + FILE_BASIC_INFORMATION BasicInformation; + FILE_STANDARD_INFORMATION StandardInformation; + FILE_INTERNAL_INFORMATION InternalInformation; + FILE_EA_INFORMATION EaInformation; + FILE_ACCESS_INFORMATION AccessInformation; + FILE_POSITION_INFORMATION PositionInformation; + FILE_MODE_INFORMATION ModeInformation; + FILE_ALIGNMENT_INFORMATION AlignmentInformation; + USN LastChangeUsn; + USN ReplicationUsn; + LARGE_INTEGER SecurityChangeTime; + FILE_OLE_CLASSID_INFORMATION OleClassIdInformation; + FILE_OBJECTID_INFORMATION ObjectIdInformation; + FILE_STORAGE_TYPE StorageType; + ULONG OleStateBits; + ULONG OleId; + ULONG NumberOfStreamReferences; + ULONG StreamIndex; + ULONG SecurityId; + BOOLEAN ContentIndexDisable; + BOOLEAN InheritContentIndexDisable; + FILE_NAME_INFORMATION NameInformation; +} FILE_OLE_ALL_INFORMATION, *PFILE_OLE_ALL_INFORMATION; + +typedef struct _FILE_OLE_DIR_INFORMATION { + ULONG NextEntryOffset; + ULONG FileIndex; + LARGE_INTEGER CreationTime; + LARGE_INTEGER LastAccessTime; + LARGE_INTEGER LastWriteTime; + LARGE_INTEGER ChangeTime; + LARGE_INTEGER EndOfFile; + LARGE_INTEGER AllocationSize; + ULONG FileAttributes; + ULONG FileNameLength; + FILE_STORAGE_TYPE StorageType; + GUID OleClassId; + ULONG OleStateBits; + BOOLEAN ContentIndexDisable; + BOOLEAN InheritContentIndexDisable; + WCHAR FileName[1]; +} FILE_OLE_DIR_INFORMATION, *PFILE_OLE_DIR_INFORMATION; + +typedef struct _FILE_OLE_INFORMATION { + LARGE_INTEGER SecurityChangeTime; + FILE_OLE_CLASSID_INFORMATION OleClassIdInformation; + FILE_OBJECTID_INFORMATION ObjectIdInformation; + FILE_STORAGE_TYPE StorageType; + ULONG OleStateBits; + BOOLEAN ContentIndexDisable; + BOOLEAN InheritContentIndexDisable; +} FILE_OLE_INFORMATION, *PFILE_OLE_INFORMATION; + +typedef struct _FILE_OLE_STATE_BITS_INFORMATION { + ULONG StateBits; + ULONG StateBitsMask; +} FILE_OLE_STATE_BITS_INFORMATION, *PFILE_OLE_STATE_BITS_INFORMATION; + +typedef struct _FILE_PIPE_ASSIGN_EVENT_BUFFER { + HANDLE EventHandle; + ULONG KeyValue; +} FILE_PIPE_ASSIGN_EVENT_BUFFER, *PFILE_PIPE_ASSIGN_EVENT_BUFFER; + +typedef struct _FILE_PIPE_CLIENT_PROCESS_BUFFER { + PVOID ClientSession; + PVOID ClientProcess; +} FILE_PIPE_CLIENT_PROCESS_BUFFER, *PFILE_PIPE_CLIENT_PROCESS_BUFFER; + +typedef struct _FILE_PIPE_EVENT_BUFFER { + ULONG NamedPipeState; + ULONG EntryType; + ULONG ByteCount; + ULONG KeyValue; + ULONG NumberRequests; +} FILE_PIPE_EVENT_BUFFER, *PFILE_PIPE_EVENT_BUFFER; + +typedef struct _FILE_PIPE_INFORMATION { + ULONG ReadMode; + ULONG CompletionMode; +} FILE_PIPE_INFORMATION, *PFILE_PIPE_INFORMATION; + +typedef struct _FILE_PIPE_LOCAL_INFORMATION { + ULONG NamedPipeType; + ULONG NamedPipeConfiguration; + ULONG MaximumInstances; + ULONG CurrentInstances; + ULONG InboundQuota; + ULONG ReadDataAvailable; + ULONG OutboundQuota; + ULONG WriteQuotaAvailable; + ULONG NamedPipeState; + ULONG NamedPipeEnd; +} FILE_PIPE_LOCAL_INFORMATION, *PFILE_PIPE_LOCAL_INFORMATION; + +typedef struct _FILE_PIPE_REMOTE_INFORMATION { + LARGE_INTEGER CollectDataTime; + ULONG MaximumCollectionCount; +} FILE_PIPE_REMOTE_INFORMATION, *PFILE_PIPE_REMOTE_INFORMATION; + +typedef struct _FILE_PIPE_WAIT_FOR_BUFFER { + LARGE_INTEGER Timeout; + ULONG NameLength; + BOOLEAN TimeoutSpecified; + WCHAR Name[1]; +} FILE_PIPE_WAIT_FOR_BUFFER, *PFILE_PIPE_WAIT_FOR_BUFFER; + +typedef struct _FILE_QUOTA_INFORMATION { + ULONG NextEntryOffset; + ULONG SidLength; + LARGE_INTEGER ChangeTime; + LARGE_INTEGER QuotaUsed; + LARGE_INTEGER QuotaThreshold; + LARGE_INTEGER QuotaLimit; + SID Sid; +} FILE_QUOTA_INFORMATION, *PFILE_QUOTA_INFORMATION; + +typedef struct _FILE_RENAME_INFORMATION { + BOOLEAN ReplaceIfExists; + HANDLE RootDirectory; + ULONG FileNameLength; + WCHAR FileName[1]; +} FILE_RENAME_INFORMATION, *PFILE_RENAME_INFORMATION; + +typedef struct _FILE_STREAM_INFORMATION { + ULONG NextEntryOffset; + ULONG StreamNameLength; + LARGE_INTEGER StreamSize; + LARGE_INTEGER StreamAllocationSize; + WCHAR StreamName[1]; +} FILE_STREAM_INFORMATION, *PFILE_STREAM_INFORMATION; + +typedef struct _FILE_TRACKING_INFORMATION { + HANDLE DestinationFile; + ULONG ObjectInformationLength; + CHAR ObjectInformation[1]; +} FILE_TRACKING_INFORMATION, *PFILE_TRACKING_INFORMATION; + +typedef struct _FSRTL_COMMON_FCB_HEADER { + CSHORT NodeTypeCode; + CSHORT NodeByteSize; + UCHAR Flags; + UCHAR IsFastIoPossible; +#if (VER_PRODUCTBUILD >= 1381) + UCHAR Flags2; + UCHAR Reserved; +#endif // (VER_PRODUCTBUILD >= 1381) + PERESOURCE Resource; + PERESOURCE PagingIoResource; + LARGE_INTEGER AllocationSize; + LARGE_INTEGER FileSize; + LARGE_INTEGER ValidDataLength; +} FSRTL_COMMON_FCB_HEADER, *PFSRTL_COMMON_FCB_HEADER; + +typedef struct _GENERATE_NAME_CONTEXT { + USHORT Checksum; + BOOLEAN CheckSumInserted; + UCHAR NameLength; + WCHAR NameBuffer[8]; + ULONG ExtensionLength; + WCHAR ExtensionBuffer[4]; + ULONG LastIndexValue; +} GENERATE_NAME_CONTEXT, *PGENERATE_NAME_CONTEXT; + +typedef struct _HANDLE_TABLE_ENTRY { + PVOID Object; + ULONG ObjectAttributes; + ULONG GrantedAccess; + USHORT GrantedAccessIndex; + USHORT CreatorBackTraceIndex; + ULONG NextFreeTableEntry; +} HANDLE_TABLE_ENTRY, *PHANDLE_TABLE_ENTRY; + +typedef struct _MAPPING_PAIR { + ULONGLONG Vcn; + ULONGLONG Lcn; +} MAPPING_PAIR, *PMAPPING_PAIR; + +typedef struct _GET_RETRIEVAL_DESCRIPTOR { + ULONG NumberOfPairs; + ULONGLONG StartVcn; + MAPPING_PAIR Pair[1]; +} GET_RETRIEVAL_DESCRIPTOR, *PGET_RETRIEVAL_DESCRIPTOR; + +typedef struct _IO_CLIENT_EXTENSION { + struct _IO_CLIENT_EXTENSION *NextExtension; + PVOID ClientIdentificationAddress; +} IO_CLIENT_EXTENSION, *PIO_CLIENT_EXTENSION; + +typedef struct _IO_COMPLETION_BASIC_INFORMATION { + LONG Depth; +} IO_COMPLETION_BASIC_INFORMATION, *PIO_COMPLETION_BASIC_INFORMATION; + +typedef struct _KEVENT_PAIR { + USHORT Type; + USHORT Size; + KEVENT Event1; + KEVENT Event2; +} KEVENT_PAIR, *PKEVENT_PAIR; + +typedef struct _KQUEUE { + DISPATCHER_HEADER Header; + LIST_ENTRY EntryListHead; + ULONG CurrentCount; + ULONG MaximumCount; + LIST_ENTRY ThreadListHead; +} KQUEUE, *PKQUEUE, *RESTRICTED_POINTER PRKQUEUE; + +typedef struct _MAILSLOT_CREATE_PARAMETERS { + ULONG MailslotQuota; + ULONG MaximumMessageSize; + LARGE_INTEGER ReadTimeout; + BOOLEAN TimeoutSpecified; +} MAILSLOT_CREATE_PARAMETERS, *PMAILSLOT_CREATE_PARAMETERS; + +typedef struct _MBCB { + CSHORT NodeTypeCode; + CSHORT NodeIsInZone; + ULONG PagesToWrite; + ULONG DirtyPages; + ULONG Reserved; + LIST_ENTRY BitmapRanges; + LONGLONG ResumeWritePage; + BITMAP_RANGE BitmapRange1; + BITMAP_RANGE BitmapRange2; + BITMAP_RANGE BitmapRange3; +} MBCB, *PMBCB; + +typedef struct _MOVEFILE_DESCRIPTOR { + HANDLE FileHandle; + ULONG Reserved; + LARGE_INTEGER StartVcn; + LARGE_INTEGER TargetLcn; + ULONG NumVcns; + ULONG Reserved1; +} MOVEFILE_DESCRIPTOR, *PMOVEFILE_DESCRIPTOR; + +typedef struct _NAMED_PIPE_CREATE_PARAMETERS { + ULONG NamedPipeType; + ULONG ReadMode; + ULONG CompletionMode; + ULONG MaximumInstances; + ULONG InboundQuota; + ULONG OutboundQuota; + LARGE_INTEGER DefaultTimeout; + BOOLEAN TimeoutSpecified; +} NAMED_PIPE_CREATE_PARAMETERS, *PNAMED_PIPE_CREATE_PARAMETERS; + +typedef struct _OBJECT_BASIC_INFO { + ULONG Attributes; + ACCESS_MASK GrantedAccess; + ULONG HandleCount; + ULONG ReferenceCount; + ULONG PagedPoolUsage; + ULONG NonPagedPoolUsage; + ULONG Reserved[3]; + ULONG NameInformationLength; + ULONG TypeInformationLength; + ULONG SecurityDescriptorLength; + LARGE_INTEGER CreateTime; +} OBJECT_BASIC_INFO, *POBJECT_BASIC_INFO; + +typedef struct _OBJECT_HANDLE_ATTRIBUTE_INFO { + BOOLEAN Inherit; + BOOLEAN ProtectFromClose; +} OBJECT_HANDLE_ATTRIBUTE_INFO, *POBJECT_HANDLE_ATTRIBUTE_INFO; + +typedef struct _OBJECT_NAME_INFO { + UNICODE_STRING ObjectName; + WCHAR ObjectNameBuffer[1]; +} OBJECT_NAME_INFO, *POBJECT_NAME_INFO; + +typedef struct _OBJECT_PROTECTION_INFO { + BOOLEAN Inherit; + BOOLEAN ProtectHandle; +} OBJECT_PROTECTION_INFO, *POBJECT_PROTECTION_INFO; + +typedef struct _OBJECT_TYPE_INFO { + UNICODE_STRING ObjectTypeName; + UCHAR Unknown[0x58]; + WCHAR ObjectTypeNameBuffer[1]; +} OBJECT_TYPE_INFO, *POBJECT_TYPE_INFO; + +typedef struct _OBJECT_ALL_TYPES_INFO { + ULONG NumberOfObjectTypes; + OBJECT_TYPE_INFO ObjectsTypeInfo[1]; +} OBJECT_ALL_TYPES_INFO, *POBJECT_ALL_TYPES_INFO; + +typedef struct _PAGEFAULT_HISTORY { + ULONG CurrentIndex; + ULONG MaxIndex; + KSPIN_LOCK SpinLock; + PVOID Reserved; + PROCESS_WS_WATCH_INFORMATION WatchInfo[1]; +} PAGEFAULT_HISTORY, *PPAGEFAULT_HISTORY; + +typedef struct _PATHNAME_BUFFER { + ULONG PathNameLength; + WCHAR Name[1]; +} PATHNAME_BUFFER, *PPATHNAME_BUFFER; + +#if (VER_PRODUCTBUILD >= 2600) + +typedef struct _PRIVATE_CACHE_MAP_FLAGS { + ULONG DontUse : 16; + ULONG ReadAheadActive : 1; + ULONG ReadAheadEnabled : 1; + ULONG Available : 14; +} PRIVATE_CACHE_MAP_FLAGS, *PPRIVATE_CACHE_MAP_FLAGS; + +typedef struct _PRIVATE_CACHE_MAP { + union { + CSHORT NodeTypeCode; + PRIVATE_CACHE_MAP_FLAGS Flags; + ULONG UlongFlags; + }; + ULONG ReadAheadMask; + PFILE_OBJECT FileObject; + LARGE_INTEGER FileOffset1; + LARGE_INTEGER BeyondLastByte1; + LARGE_INTEGER FileOffset2; + LARGE_INTEGER BeyondLastByte2; + LARGE_INTEGER ReadAheadOffset[2]; + ULONG ReadAheadLength[2]; + KSPIN_LOCK ReadAheadSpinLock; + LIST_ENTRY PrivateLinks; +} PRIVATE_CACHE_MAP, *PPRIVATE_CACHE_MAP; + +#endif + +typedef struct _PS_IMPERSONATION_INFORMATION { + PACCESS_TOKEN Token; + BOOLEAN CopyOnOpen; + BOOLEAN EffectiveOnly; + SECURITY_IMPERSONATION_LEVEL ImpersonationLevel; +} PS_IMPERSONATION_INFORMATION, *PPS_IMPERSONATION_INFORMATION; + +typedef struct _PUBLIC_BCB { + CSHORT NodeTypeCode; + CSHORT NodeByteSize; + ULONG MappedLength; + LARGE_INTEGER MappedFileOffset; +} PUBLIC_BCB, *PPUBLIC_BCB; + +typedef struct _QUERY_PATH_REQUEST { + ULONG PathNameLength; + PIO_SECURITY_CONTEXT SecurityContext; + WCHAR FilePathName[1]; +} QUERY_PATH_REQUEST, *PQUERY_PATH_REQUEST; + +typedef struct _QUERY_PATH_RESPONSE { + ULONG LengthAccepted; +} QUERY_PATH_RESPONSE, *PQUERY_PATH_RESPONSE; + +typedef struct _RETRIEVAL_POINTERS_BUFFER { + ULONG ExtentCount; + LARGE_INTEGER StartingVcn; + struct { + LARGE_INTEGER NextVcn; + LARGE_INTEGER Lcn; + } Extents[1]; +} RETRIEVAL_POINTERS_BUFFER, *PRETRIEVAL_POINTERS_BUFFER; + +typedef struct _RTL_SPLAY_LINKS { + struct _RTL_SPLAY_LINKS *Parent; + struct _RTL_SPLAY_LINKS *LeftChild; + struct _RTL_SPLAY_LINKS *RightChild; +} RTL_SPLAY_LINKS, *PRTL_SPLAY_LINKS; + +typedef struct _SE_EXPORTS { + + LUID SeCreateTokenPrivilege; + LUID SeAssignPrimaryTokenPrivilege; + LUID SeLockMemoryPrivilege; + LUID SeIncreaseQuotaPrivilege; + LUID SeUnsolicitedInputPrivilege; + LUID SeTcbPrivilege; + LUID SeSecurityPrivilege; + LUID SeTakeOwnershipPrivilege; + LUID SeLoadDriverPrivilege; + LUID SeCreatePagefilePrivilege; + LUID SeIncreaseBasePriorityPrivilege; + LUID SeSystemProfilePrivilege; + LUID SeSystemtimePrivilege; + LUID SeProfileSingleProcessPrivilege; + LUID SeCreatePermanentPrivilege; + LUID SeBackupPrivilege; + LUID SeRestorePrivilege; + LUID SeShutdownPrivilege; + LUID SeDebugPrivilege; + LUID SeAuditPrivilege; + LUID SeSystemEnvironmentPrivilege; + LUID SeChangeNotifyPrivilege; + LUID SeRemoteShutdownPrivilege; + + PSID SeNullSid; + PSID SeWorldSid; + PSID SeLocalSid; + PSID SeCreatorOwnerSid; + PSID SeCreatorGroupSid; + + PSID SeNtAuthoritySid; + PSID SeDialupSid; + PSID SeNetworkSid; + PSID SeBatchSid; + PSID SeInteractiveSid; + PSID SeLocalSystemSid; + PSID SeAliasAdminsSid; + PSID SeAliasUsersSid; + PSID SeAliasGuestsSid; + PSID SeAliasPowerUsersSid; + PSID SeAliasAccountOpsSid; + PSID SeAliasSystemOpsSid; + PSID SeAliasPrintOpsSid; + PSID SeAliasBackupOpsSid; + + PSID SeAuthenticatedUsersSid; + + PSID SeRestrictedSid; + PSID SeAnonymousLogonSid; + + LUID SeUndockPrivilege; + LUID SeSyncAgentPrivilege; + LUID SeEnableDelegationPrivilege; + +} SE_EXPORTS, *PSE_EXPORTS; + +typedef struct _SECTION_BASIC_INFORMATION { + PVOID BaseAddress; + ULONG Attributes; + LARGE_INTEGER Size; +} SECTION_BASIC_INFORMATION, *PSECTION_BASIC_INFORMATION; + +typedef struct _SECTION_IMAGE_INFORMATION { + PVOID EntryPoint; + ULONG Unknown1; + ULONG StackReserve; + ULONG StackCommit; + ULONG Subsystem; + USHORT MinorSubsystemVersion; + USHORT MajorSubsystemVersion; + ULONG Unknown2; + ULONG Characteristics; + USHORT ImageNumber; + BOOLEAN Executable; + UCHAR Unknown3; + ULONG Unknown4[3]; +} SECTION_IMAGE_INFORMATION, *PSECTION_IMAGE_INFORMATION; + +#if (VER_PRODUCTBUILD >= 2600) + +typedef struct _SHARED_CACHE_MAP { + CSHORT NodeTypeCode; + CSHORT NodeByteSize; + ULONG OpenCount; + LARGE_INTEGER FileSize; + LIST_ENTRY BcbList; + LARGE_INTEGER SectionSize; + LARGE_INTEGER ValidDataLength; + LARGE_INTEGER ValidDataGoal; + PVACB InitialVacbs[4]; + PVACB *Vacbs; + PFILE_OBJECT FileObject; + PVACB ActiveVacb; + PVOID NeedToZero; + ULONG ActivePage; + ULONG NeedToZeroPage; + KSPIN_LOCK ActiveVacbSpinLock; + ULONG VacbActiveCount; + ULONG DirtyPages; + LIST_ENTRY SharedCacheMapLinks; + ULONG Flags; + NTSTATUS Status; + PMBCB Mbcb; + PVOID Section; + PKEVENT CreateEvent; + PKEVENT WaitOnActiveCount; + ULONG PagesToWrite; + LONGLONG BeyondLastFlush; + PCACHE_MANAGER_CALLBACKS Callbacks; + PVOID LazyWriteContext; + LIST_ENTRY PrivateList; + PVOID LogHandle; + PVOID FlushToLsnRoutine; + ULONG DirtyPageThreshold; + ULONG LazyWritePassCount; + PCACHE_UNINITIALIZE_EVENT UninitializeEvent; + PVACB NeedToZeroVacb; + KSPIN_LOCK BcbSpinLock; + PVOID Reserved; + KEVENT Event; + EX_PUSH_LOCK VacbPushLock; + PRIVATE_CACHE_MAP PrivateCacheMap; +} SHARED_CACHE_MAP, *PSHARED_CACHE_MAP; + +#endif + +typedef struct _STARTING_VCN_INPUT_BUFFER { + LARGE_INTEGER StartingVcn; +} STARTING_VCN_INPUT_BUFFER, *PSTARTING_VCN_INPUT_BUFFER; + +typedef struct _SYSTEM_CACHE_INFORMATION { + ULONG CurrentSize; + ULONG PeakSize; + ULONG PageFaultCount; + ULONG MinimumWorkingSet; + ULONG MaximumWorkingSet; + ULONG Unused[4]; +} SYSTEM_CACHE_INFORMATION, *PSYSTEM_CACHE_INFORMATION; + +typedef struct _TERMINATION_PORT { + struct _TERMINATION_PORT* Next; + PVOID Port; +} TERMINATION_PORT, *PTERMINATION_PORT; + +typedef struct _SECURITY_CLIENT_CONTEXT { + SECURITY_QUALITY_OF_SERVICE SecurityQos; + PACCESS_TOKEN ClientToken; + BOOLEAN DirectlyAccessClientToken; + BOOLEAN DirectAccessEffectiveOnly; + BOOLEAN ServerIsRemote; + TOKEN_CONTROL ClientTokenControl; +} SECURITY_CLIENT_CONTEXT, *PSECURITY_CLIENT_CONTEXT; + +typedef struct _TUNNEL { + FAST_MUTEX Mutex; + PRTL_SPLAY_LINKS Cache; + LIST_ENTRY TimerQueue; + USHORT NumEntries; +} TUNNEL, *PTUNNEL; + +typedef struct _VACB { + PVOID BaseAddress; + PSHARED_CACHE_MAP SharedCacheMap; + union { + LARGE_INTEGER FileOffset; + USHORT ActiveCount; + } Overlay; + LIST_ENTRY LruList; +} VACB, *PVACB; + +typedef struct _VAD_HEADER { + PVOID StartVPN; + PVOID EndVPN; + PVAD_HEADER ParentLink; + PVAD_HEADER LeftLink; + PVAD_HEADER RightLink; + ULONG Flags; // LSB = CommitCharge + PVOID ControlArea; + PVOID FirstProtoPte; + PVOID LastPTE; + ULONG Unknown; + LIST_ENTRY Secured; +} VAD_HEADER, *PVAD_HEADER; + +NTKERNELAPI +BOOLEAN +NTAPI +CcCanIWrite ( + IN PFILE_OBJECT FileObject, + IN ULONG BytesToWrite, + IN BOOLEAN Wait, + IN BOOLEAN Retrying +); + +NTKERNELAPI +BOOLEAN +NTAPI +CcCopyRead ( + IN PFILE_OBJECT FileObject, + IN PLARGE_INTEGER FileOffset, + IN ULONG Length, + IN BOOLEAN Wait, + OUT PVOID Buffer, + OUT PIO_STATUS_BLOCK IoStatus +); + +NTKERNELAPI +BOOLEAN +NTAPI +CcCopyWrite ( + IN PFILE_OBJECT FileObject, + IN PLARGE_INTEGER FileOffset, + IN ULONG Length, + IN BOOLEAN Wait, + IN PVOID Buffer +); + +#define CcCopyWriteWontFlush(FO, FOFF, LEN) ((LEN) <= 0x10000) + +typedef VOID (NTAPI *PCC_POST_DEFERRED_WRITE) ( + IN PVOID Context1, + IN PVOID Context2 +); + +NTKERNELAPI +VOID +NTAPI +CcDeferWrite ( + IN PFILE_OBJECT FileObject, + IN PCC_POST_DEFERRED_WRITE PostRoutine, + IN PVOID Context1, + IN PVOID Context2, + IN ULONG BytesToWrite, + IN BOOLEAN Retrying +); + +NTKERNELAPI +VOID +NTAPI +CcFastCopyRead ( + IN PFILE_OBJECT FileObject, + IN ULONG FileOffset, + IN ULONG Length, + IN ULONG PageCount, + OUT PVOID Buffer, + OUT PIO_STATUS_BLOCK IoStatus +); + +NTKERNELAPI +VOID +NTAPI +CcFastCopyWrite ( + IN PFILE_OBJECT FileObject, + IN ULONG FileOffset, + IN ULONG Length, + IN PVOID Buffer +); + +NTKERNELAPI +VOID +NTAPI +CcFlushCache ( + IN PSECTION_OBJECT_POINTERS SectionObjectPointer, + IN PLARGE_INTEGER FileOffset OPTIONAL, + IN ULONG Length, + OUT PIO_STATUS_BLOCK IoStatus OPTIONAL +); + +typedef VOID (*PDIRTY_PAGE_ROUTINE) ( + IN PFILE_OBJECT FileObject, + IN PLARGE_INTEGER FileOffset, + IN ULONG Length, + IN PLARGE_INTEGER OldestLsn, + IN PLARGE_INTEGER NewestLsn, + IN PVOID Context1, + IN PVOID Context2 +); + +NTKERNELAPI +LARGE_INTEGER +NTAPI +CcGetDirtyPages ( + IN PVOID LogHandle, + IN PDIRTY_PAGE_ROUTINE DirtyPageRoutine, + IN PVOID Context1, + IN PVOID Context2 +); + +NTKERNELAPI +PFILE_OBJECT +NTAPI +CcGetFileObjectFromBcb ( + IN PVOID Bcb +); + +NTKERNELAPI +PFILE_OBJECT +NTAPI +CcGetFileObjectFromSectionPtrs ( + IN PSECTION_OBJECT_POINTERS SectionObjectPointer +); + +#define CcGetFileSizePointer(FO) ( \ + ((PLARGE_INTEGER)((FO)->SectionObjectPointer->SharedCacheMap) + 1) \ +) + +#if (VER_PRODUCTBUILD >= 2195) + +NTKERNELAPI +LARGE_INTEGER +NTAPI +CcGetFlushedValidData ( + IN PSECTION_OBJECT_POINTERS SectionObjectPointer, + IN BOOLEAN BcbListHeld +); + +#endif // (VER_PRODUCTBUILD >= 2195) + +NTKERNELAPI +LARGE_INTEGER +CcGetLsnForFileObject ( + IN PFILE_OBJECT FileObject, + OUT PLARGE_INTEGER OldestLsn OPTIONAL +); + +typedef BOOLEAN (NTAPI *PACQUIRE_FOR_LAZY_WRITE) ( + IN PVOID Context, + IN BOOLEAN Wait +); + +typedef VOID (NTAPI *PRELEASE_FROM_LAZY_WRITE) ( + IN PVOID Context +); + +typedef BOOLEAN (NTAPI *PACQUIRE_FOR_READ_AHEAD) ( + IN PVOID Context, + IN BOOLEAN Wait +); + +typedef VOID (NTAPI *PRELEASE_FROM_READ_AHEAD) ( + IN PVOID Context +); + +typedef struct _CACHE_MANAGER_CALLBACKS { + PACQUIRE_FOR_LAZY_WRITE AcquireForLazyWrite; + PRELEASE_FROM_LAZY_WRITE ReleaseFromLazyWrite; + PACQUIRE_FOR_READ_AHEAD AcquireForReadAhead; + PRELEASE_FROM_READ_AHEAD ReleaseFromReadAhead; +} CACHE_MANAGER_CALLBACKS, *PCACHE_MANAGER_CALLBACKS; + +NTKERNELAPI +VOID +NTAPI +CcInitializeCacheMap ( + IN PFILE_OBJECT FileObject, + IN PCC_FILE_SIZES FileSizes, + IN BOOLEAN PinAccess, + IN PCACHE_MANAGER_CALLBACKS Callbacks, + IN PVOID LazyWriteContext +); + +#define CcIsFileCached(FO) ( \ + ((FO)->SectionObjectPointer != NULL) && \ + (((PSECTION_OBJECT_POINTERS)(FO)->SectionObjectPointer)->SharedCacheMap != NULL) \ +) + +NTKERNELAPI +BOOLEAN +NTAPI +CcIsThereDirtyData ( + IN PVPB Vpb +); + +NTKERNELAPI +BOOLEAN +NTAPI +CcMapData ( + IN PFILE_OBJECT FileObject, + IN PLARGE_INTEGER FileOffset, + IN ULONG Length, + IN BOOLEAN Wait, + OUT PVOID *Bcb, + OUT PVOID *Buffer +); + +NTKERNELAPI +VOID +NTAPI +CcMdlRead ( + IN PFILE_OBJECT FileObject, + IN PLARGE_INTEGER FileOffset, + IN ULONG Length, + OUT PMDL *MdlChain, + OUT PIO_STATUS_BLOCK IoStatus +); + +NTKERNELAPI +VOID +NTAPI +CcMdlReadComplete ( + IN PFILE_OBJECT FileObject, + IN PMDL MdlChain +); + +NTKERNELAPI +VOID +NTAPI +CcMdlWriteComplete ( + IN PFILE_OBJECT FileObject, + IN PLARGE_INTEGER FileOffset, + IN PMDL MdlChain +); + +NTKERNELAPI +BOOLEAN +NTAPI +CcPinMappedData ( + IN PFILE_OBJECT FileObject, + IN PLARGE_INTEGER FileOffset, + IN ULONG Length, +#if (VER_PRODUCTBUILD >= 2195) + IN ULONG Flags, +#else + IN BOOLEAN Wait, +#endif + IN OUT PVOID *Bcb +); + +NTKERNELAPI +BOOLEAN +NTAPI +CcPinRead ( + IN PFILE_OBJECT FileObject, + IN PLARGE_INTEGER FileOffset, + IN ULONG Length, +#if (VER_PRODUCTBUILD >= 2195) + IN ULONG Flags, +#else + IN BOOLEAN Wait, +#endif + OUT PVOID *Bcb, + OUT PVOID *Buffer +); + +NTKERNELAPI +VOID +NTAPI +CcPrepareMdlWrite ( + IN PFILE_OBJECT FileObject, + IN PLARGE_INTEGER FileOffset, + IN ULONG Length, + OUT PMDL *MdlChain, + OUT PIO_STATUS_BLOCK IoStatus +); + +NTKERNELAPI +BOOLEAN +NTAPI +CcPreparePinWrite ( + IN PFILE_OBJECT FileObject, + IN PLARGE_INTEGER FileOffset, + IN ULONG Length, + IN BOOLEAN Zero, +#if (VER_PRODUCTBUILD >= 2195) + IN ULONG Flags, +#else + IN BOOLEAN Wait, +#endif + OUT PVOID *Bcb, + OUT PVOID *Buffer +); + +NTKERNELAPI +BOOLEAN +NTAPI +CcPurgeCacheSection ( + IN PSECTION_OBJECT_POINTERS SectionObjectPointer, + IN PLARGE_INTEGER FileOffset OPTIONAL, + IN ULONG Length, + IN BOOLEAN UninitializeCacheMaps +); + +#define CcReadAhead(FO, FOFF, LEN) ( \ + if ((LEN) >= 256) { \ + CcScheduleReadAhead((FO), (FOFF), (LEN)); \ + } \ +) + +#if (VER_PRODUCTBUILD >= 2195) + +NTKERNELAPI +PVOID +NTAPI +CcRemapBcb ( + IN PVOID Bcb +); + +#endif // (VER_PRODUCTBUILD >= 2195) + +NTKERNELAPI +VOID +NTAPI +CcRepinBcb ( + IN PVOID Bcb +); + +NTKERNELAPI +VOID +NTAPI +CcScheduleReadAhead ( + IN PFILE_OBJECT FileObject, + IN PLARGE_INTEGER FileOffset, + IN ULONG Length +); + +NTKERNELAPI +VOID +NTAPI +CcSetAdditionalCacheAttributes ( + IN PFILE_OBJECT FileObject, + IN BOOLEAN DisableReadAhead, + IN BOOLEAN DisableWriteBehind +); + +NTKERNELAPI +VOID +NTAPI +CcSetBcbOwnerPointer ( + IN PVOID Bcb, + IN PVOID OwnerPointer +); + +NTKERNELAPI +VOID +NTAPI +CcSetDirtyPageThreshold ( + IN PFILE_OBJECT FileObject, + IN ULONG DirtyPageThreshold +); + +NTKERNELAPI +VOID +NTAPI +CcSetDirtyPinnedData ( + IN PVOID BcbVoid, + IN PLARGE_INTEGER Lsn OPTIONAL +); + +NTKERNELAPI +VOID +NTAPI +CcSetFileSizes ( + IN PFILE_OBJECT FileObject, + IN PCC_FILE_SIZES FileSizes +); + +typedef VOID (NTAPI *PFLUSH_TO_LSN) ( + IN PVOID LogHandle, + IN PLARGE_INTEGER Lsn +); + +NTKERNELAPI +VOID +NTAPI +CcSetLogHandleForFile ( + IN PFILE_OBJECT FileObject, + IN PVOID LogHandle, + IN PFLUSH_TO_LSN FlushToLsnRoutine +); + +NTKERNELAPI +VOID +NTAPI +CcSetReadAheadGranularity ( + IN PFILE_OBJECT FileObject, + IN ULONG Granularity // default: PAGE_SIZE + // allowed: 2^n * PAGE_SIZE +); + +NTKERNELAPI +BOOLEAN +NTAPI +CcUninitializeCacheMap ( + IN PFILE_OBJECT FileObject, + IN PLARGE_INTEGER TruncateSize OPTIONAL, + IN PCACHE_UNINITIALIZE_EVENT UninitializeCompleteEvent OPTIONAL +); + +NTKERNELAPI +VOID +NTAPI +CcUnpinData ( + IN PVOID Bcb +); + +NTKERNELAPI +VOID +NTAPI +CcUnpinDataForThread ( + IN PVOID Bcb, + IN ERESOURCE_THREAD ResourceThreadId +); + +NTKERNELAPI +VOID +NTAPI +CcUnpinRepinnedBcb ( + IN PVOID Bcb, + IN BOOLEAN WriteThrough, + OUT PIO_STATUS_BLOCK IoStatus +); + +#if (VER_PRODUCTBUILD >= 2195) + +NTKERNELAPI +NTSTATUS +NTAPI +CcWaitForCurrentLazyWriterActivity ( + VOID +); + +#endif // (VER_PRODUCTBUILD >= 2195) + +NTKERNELAPI +BOOLEAN +NTAPI +CcZeroData ( + IN PFILE_OBJECT FileObject, + IN PLARGE_INTEGER StartOffset, + IN PLARGE_INTEGER EndOffset, + IN BOOLEAN Wait +); + +NTKERNELAPI +VOID +NTAPI +ExDisableResourceBoostLite ( + IN PERESOURCE Resource +); + +NTKERNELAPI +ULONG +NTAPI +ExQueryPoolBlockSize ( + IN PVOID PoolBlock, + OUT PBOOLEAN QuotaCharged +); + +#define FlagOn(x, f) ((x) & (f)) + +NTKERNELAPI +VOID +NTAPI +FsRtlAddToTunnelCache ( + IN PTUNNEL Cache, + IN ULONGLONG DirectoryKey, + IN PUNICODE_STRING ShortName, + IN PUNICODE_STRING LongName, + IN BOOLEAN KeyByShortName, + IN ULONG DataLength, + IN PVOID Data +); + +#if (VER_PRODUCTBUILD >= 2195) + +PFILE_LOCK +NTAPI +FsRtlAllocateFileLock ( + IN PCOMPLETE_LOCK_IRP_ROUTINE CompleteLockIrpRoutine OPTIONAL, + IN PUNLOCK_ROUTINE UnlockRoutine OPTIONAL +); + +#endif // (VER_PRODUCTBUILD >= 2195) + +NTKERNELAPI +PVOID +NTAPI +FsRtlAllocatePool ( + IN POOL_TYPE PoolType, + IN ULONG NumberOfBytes +); + +NTKERNELAPI +PVOID +NTAPI +FsRtlAllocatePoolWithQuota ( + IN POOL_TYPE PoolType, + IN ULONG NumberOfBytes +); + +NTKERNELAPI +PVOID +NTAPI +FsRtlAllocatePoolWithQuotaTag ( + IN POOL_TYPE PoolType, + IN ULONG NumberOfBytes, + IN ULONG Tag +); + +NTKERNELAPI +PVOID +NTAPI +FsRtlAllocatePoolWithTag ( + IN POOL_TYPE PoolType, + IN ULONG NumberOfBytes, + IN ULONG Tag +); + +NTKERNELAPI +BOOLEAN +NTAPI +FsRtlAreNamesEqual ( + IN PUNICODE_STRING Name1, + IN PUNICODE_STRING Name2, + IN BOOLEAN IgnoreCase, + IN PWCHAR UpcaseTable OPTIONAL +); + +#define FsRtlAreThereCurrentFileLocks(FL) ( \ + ((FL)->FastIoIsQuestionable) \ +) + +/* + FsRtlCheckLockForReadAccess: + + All this really does is pick out the lock parameters from the irp (io stack + location?), get IoGetRequestorProcess, and pass values on to + FsRtlFastCheckLockForRead. +*/ +NTKERNELAPI +BOOLEAN +NTAPI +FsRtlCheckLockForReadAccess ( + IN PFILE_LOCK FileLock, + IN PIRP Irp +); + +/* + FsRtlCheckLockForWriteAccess: + + All this really does is pick out the lock parameters from the irp (io stack + location?), get IoGetRequestorProcess, and pass values on to + FsRtlFastCheckLockForWrite. +*/ +NTKERNELAPI +BOOLEAN +NTAPI +FsRtlCheckLockForWriteAccess ( + IN PFILE_LOCK FileLock, + IN PIRP Irp +); + +typedef +VOID NTAPI +(*POPLOCK_WAIT_COMPLETE_ROUTINE) ( + IN PVOID Context, + IN PIRP Irp +); + +typedef +VOID NTAPI +(*POPLOCK_FS_PREPOST_IRP) ( + IN PVOID Context, + IN PIRP Irp +); + +NTKERNELAPI +NTSTATUS +NTAPI +FsRtlCheckOplock ( + IN POPLOCK Oplock, + IN PIRP Irp, + IN PVOID Context, + IN POPLOCK_WAIT_COMPLETE_ROUTINE CompletionRoutine OPTIONAL, + IN POPLOCK_FS_PREPOST_IRP PostIrpRoutine OPTIONAL +); + +NTKERNELAPI +BOOLEAN +NTAPI +FsRtlCopyRead ( + IN PFILE_OBJECT FileObject, + IN PLARGE_INTEGER FileOffset, + IN ULONG Length, + IN BOOLEAN Wait, + IN ULONG LockKey, + OUT PVOID Buffer, + OUT PIO_STATUS_BLOCK IoStatus, + IN PDEVICE_OBJECT DeviceObject +); + +NTKERNELAPI +BOOLEAN +NTAPI +FsRtlCopyWrite ( + IN PFILE_OBJECT FileObject, + IN PLARGE_INTEGER FileOffset, + IN ULONG Length, + IN BOOLEAN Wait, + IN ULONG LockKey, + IN PVOID Buffer, + OUT PIO_STATUS_BLOCK IoStatus, + IN PDEVICE_OBJECT DeviceObject +); + +NTKERNELAPI +BOOLEAN +NTAPI +FsRtlCurrentBatchOplock ( + IN POPLOCK Oplock +); + +NTKERNELAPI +VOID +NTAPI +FsRtlDeleteKeyFromTunnelCache ( + IN PTUNNEL Cache, + IN ULONGLONG DirectoryKey +); + +NTKERNELAPI +VOID +NTAPI +FsRtlDeleteTunnelCache ( + IN PTUNNEL Cache +); + +NTKERNELAPI +VOID +NTAPI +FsRtlDeregisterUncProvider ( + IN HANDLE Handle +); + +NTKERNELAPI +BOOLEAN +NTAPI +FsRtlDoesNameContainWildCards ( + IN PUNICODE_STRING Name +); + +#define FsRtlEnterFileSystem KeEnterCriticalRegion + +#define FsRtlExitFileSystem KeLeaveCriticalRegion + +NTKERNELAPI +BOOLEAN +NTAPI +FsRtlFastCheckLockForRead ( + IN PFILE_LOCK FileLock, + IN PLARGE_INTEGER FileOffset, + IN PLARGE_INTEGER Length, + IN ULONG Key, + IN PFILE_OBJECT FileObject, + IN PEPROCESS Process +); + +NTKERNELAPI +BOOLEAN +NTAPI +FsRtlFastCheckLockForWrite ( + IN PFILE_LOCK FileLock, + IN PLARGE_INTEGER FileOffset, + IN PLARGE_INTEGER Length, + IN ULONG Key, + IN PFILE_OBJECT FileObject, + IN PEPROCESS Process +); + +#define FsRtlFastLock(A1, A2, A3, A4, A5, A6, A7, A8, A9, A10, A11) ( \ + FsRtlPrivateLock(A1, A2, A3, A4, A5, A6, A7, A8, A9, NULL, A10, A11) \ +) + +NTKERNELAPI +NTSTATUS +NTAPI +FsRtlFastUnlockAll ( + IN PFILE_LOCK FileLock, + IN PFILE_OBJECT FileObject, + IN PEPROCESS Process, + IN PVOID Context OPTIONAL +); +//ret: STATUS_RANGE_NOT_LOCKED + +NTKERNELAPI +NTSTATUS +NTAPI +FsRtlFastUnlockAllByKey ( + IN PFILE_LOCK FileLock, + IN PFILE_OBJECT FileObject, + IN PEPROCESS Process, + IN ULONG Key, + IN PVOID Context OPTIONAL +); +//ret: STATUS_RANGE_NOT_LOCKED + +NTKERNELAPI +NTSTATUS +NTAPI +FsRtlFastUnlockSingle ( + IN PFILE_LOCK FileLock, + IN PFILE_OBJECT FileObject, + IN PLARGE_INTEGER FileOffset, + IN PLARGE_INTEGER Length, + IN PEPROCESS Process, + IN ULONG Key, + IN PVOID Context OPTIONAL, + IN BOOLEAN AlreadySynchronized +); +//ret: STATUS_RANGE_NOT_LOCKED + +NTKERNELAPI +BOOLEAN +NTAPI +FsRtlFindInTunnelCache ( + IN PTUNNEL Cache, + IN ULONGLONG DirectoryKey, + IN PUNICODE_STRING Name, + OUT PUNICODE_STRING ShortName, + OUT PUNICODE_STRING LongName, + IN OUT PULONG DataLength, + OUT PVOID Data +); + +#if (VER_PRODUCTBUILD >= 2195) + +NTKERNELAPI +VOID +NTAPI +FsRtlFreeFileLock ( + IN PFILE_LOCK FileLock +); + +#endif // (VER_PRODUCTBUILD >= 2195) + +NTKERNELAPI +NTSTATUS +NTAPI +FsRtlGetFileSize ( + IN PFILE_OBJECT FileObject, + IN OUT PLARGE_INTEGER FileSize +); + +/* + FsRtlGetNextFileLock: + + ret: NULL if no more locks + + Internals: + FsRtlGetNextFileLock uses FileLock->LastReturnedLockInfo and + FileLock->LastReturnedLock as storage. + LastReturnedLock is a pointer to the 'raw' lock inkl. double linked + list, and FsRtlGetNextFileLock needs this to get next lock on subsequent + calls with Restart = FALSE. +*/ +NTKERNELAPI +PFILE_LOCK_INFO +NTAPI +FsRtlGetNextFileLock ( + IN PFILE_LOCK FileLock, + IN BOOLEAN Restart +); + +NTKERNELAPI +VOID +NTAPI +FsRtlInitializeFileLock ( + IN PFILE_LOCK FileLock, + IN PCOMPLETE_LOCK_IRP_ROUTINE CompleteLockIrpRoutine OPTIONAL, + IN PUNLOCK_ROUTINE UnlockRoutine OPTIONAL +); + +NTKERNELAPI +VOID +NTAPI +FsRtlInitializeOplock ( + IN OUT POPLOCK Oplock +); + +NTKERNELAPI +VOID +NTAPI +FsRtlInitializeTunnelCache ( + IN PTUNNEL Cache +); + +NTKERNELAPI +BOOLEAN +NTAPI +FsRtlIsNameInExpression ( + IN PUNICODE_STRING Expression, + IN PUNICODE_STRING Name, + IN BOOLEAN IgnoreCase, + IN PWCHAR UpcaseTable OPTIONAL +); + +NTKERNELAPI +BOOLEAN +NTAPI +FsRtlIsNtstatusExpected ( + IN NTSTATUS Ntstatus +); + +#define FsRtlIsUnicodeCharacterWild(C) ( \ + (((C) >= 0x40) ? \ + FALSE : \ + FlagOn((*FsRtlLegalAnsiCharacterArray)[(C)], FSRTL_WILD_CHARACTER )) \ +) + +NTKERNELAPI +BOOLEAN +NTAPI +FsRtlMdlReadComplete ( + IN PFILE_OBJECT FileObject, + IN PMDL MdlChain +); + +NTKERNELAPI +BOOLEAN +NTAPI +FsRtlMdlReadCompleteDev ( + IN PFILE_OBJECT FileObject, + IN PMDL MdlChain, + IN PDEVICE_OBJECT DeviceObject +); + +NTKERNELAPI +BOOLEAN +NTAPI +FsRtlMdlWriteComplete ( + IN PFILE_OBJECT FileObject, + IN PLARGE_INTEGER FileOffset, + IN PMDL MdlChain +); + +NTKERNELAPI +BOOLEAN +NTAPI +FsRtlMdlWriteCompleteDev ( + IN PFILE_OBJECT FileObject, + IN PLARGE_INTEGER FileOffset, + IN PMDL MdlChain, + IN PDEVICE_OBJECT DeviceObject +); + +NTKERNELAPI +NTSTATUS +NTAPI +FsRtlNormalizeNtstatus ( + IN NTSTATUS Exception, + IN NTSTATUS GenericException +); + +NTKERNELAPI +VOID +NTAPI +FsRtlNotifyChangeDirectory ( + IN PNOTIFY_SYNC NotifySync, + IN PVOID FsContext, + IN PSTRING FullDirectoryName, + IN PLIST_ENTRY NotifyList, + IN BOOLEAN WatchTree, + IN ULONG CompletionFilter, + IN PIRP NotifyIrp +); + +NTKERNELAPI +VOID +NTAPI +FsRtlNotifyCleanup ( + IN PNOTIFY_SYNC NotifySync, + IN PLIST_ENTRY NotifyList, + IN PVOID FsContext +); + +typedef BOOLEAN (*PCHECK_FOR_TRAVERSE_ACCESS) ( + IN PVOID NotifyContext, + IN PVOID TargetContext, + IN PSECURITY_SUBJECT_CONTEXT SubjectContext +); + +NTKERNELAPI +VOID +NTAPI +FsRtlNotifyFullChangeDirectory ( + IN PNOTIFY_SYNC NotifySync, + IN PLIST_ENTRY NotifyList, + IN PVOID FsContext, + IN PSTRING FullDirectoryName, + IN BOOLEAN WatchTree, + IN BOOLEAN IgnoreBuffer, + IN ULONG CompletionFilter, + IN PIRP NotifyIrp, + IN PCHECK_FOR_TRAVERSE_ACCESS TraverseCallback OPTIONAL, + IN PSECURITY_SUBJECT_CONTEXT SubjectContext OPTIONAL +); + +NTKERNELAPI +VOID +NTAPI +FsRtlNotifyFullReportChange ( + IN PNOTIFY_SYNC NotifySync, + IN PLIST_ENTRY NotifyList, + IN PSTRING FullTargetName, + IN USHORT TargetNameOffset, + IN PSTRING StreamName OPTIONAL, + IN PSTRING NormalizedParentName OPTIONAL, + IN ULONG FilterMatch, + IN ULONG Action, + IN PVOID TargetContext +); + +NTKERNELAPI +VOID +NTAPI +FsRtlNotifyInitializeSync ( + IN PNOTIFY_SYNC NotifySync +); + +NTKERNELAPI +VOID +NTAPI +FsRtlNotifyReportChange ( + IN PNOTIFY_SYNC NotifySync, + IN PLIST_ENTRY NotifyList, + IN PSTRING FullTargetName, + IN PUSHORT FileNamePartLength, + IN ULONG FilterMatch +); + +NTKERNELAPI +VOID +NTAPI +FsRtlNotifyUninitializeSync ( + IN PNOTIFY_SYNC NotifySync +); + +#if (VER_PRODUCTBUILD >= 2195) + +NTKERNELAPI +NTSTATUS +NTAPI +FsRtlNotifyVolumeEvent ( + IN PFILE_OBJECT FileObject, + IN ULONG EventCode +); + +#endif // (VER_PRODUCTBUILD >= 2195) + +NTKERNELAPI +NTSTATUS +NTAPI +FsRtlOplockFsctrl ( + IN POPLOCK Oplock, + IN PIRP Irp, + IN ULONG OpenCount +); + +NTKERNELAPI +BOOLEAN +NTAPI +FsRtlOplockIsFastIoPossible ( + IN POPLOCK Oplock +); + +/* + FsRtlPrivateLock: + + ret: IoStatus->Status: STATUS_PENDING, STATUS_LOCK_NOT_GRANTED + + Internals: + -Calls IoCompleteRequest if Irp + -Uses exception handling / ExRaiseStatus with STATUS_INSUFFICIENT_RESOURCES +*/ +NTKERNELAPI +BOOLEAN +NTAPI +FsRtlPrivateLock ( + IN PFILE_LOCK FileLock, + IN PFILE_OBJECT FileObject, + IN PLARGE_INTEGER FileOffset, + IN PLARGE_INTEGER Length, + IN PEPROCESS Process, + IN ULONG Key, + IN BOOLEAN FailImmediately, + IN BOOLEAN ExclusiveLock, + OUT PIO_STATUS_BLOCK IoStatus, + IN PIRP Irp OPTIONAL, + IN PVOID Context, + IN BOOLEAN AlreadySynchronized +); + +/* + FsRtlProcessFileLock: + + ret: + -STATUS_INVALID_DEVICE_REQUEST + -STATUS_RANGE_NOT_LOCKED from unlock routines. + -STATUS_PENDING, STATUS_LOCK_NOT_GRANTED from FsRtlPrivateLock + (redirected IoStatus->Status). + + Internals: + -switch ( Irp->CurrentStackLocation->MinorFunction ) + lock: return FsRtlPrivateLock; + unlocksingle: return FsRtlFastUnlockSingle; + unlockall: return FsRtlFastUnlockAll; + unlockallbykey: return FsRtlFastUnlockAllByKey; + default: IofCompleteRequest with STATUS_INVALID_DEVICE_REQUEST; + return STATUS_INVALID_DEVICE_REQUEST; + + -'AllwaysZero' is passed thru as 'AllwaysZero' to lock / unlock routines. + -'Irp' is passet thru as 'Irp' to FsRtlPrivateLock. +*/ +NTKERNELAPI +NTSTATUS +NTAPI +FsRtlProcessFileLock ( + IN PFILE_LOCK FileLock, + IN PIRP Irp, + IN PVOID Context OPTIONAL +); + +NTKERNELAPI +NTSTATUS +NTAPI +FsRtlRegisterUncProvider ( + IN OUT PHANDLE MupHandle, + IN PUNICODE_STRING RedirectorDeviceName, + IN BOOLEAN MailslotsSupported +); + +NTKERNELAPI +VOID +NTAPI +FsRtlUninitializeFileLock ( + IN PFILE_LOCK FileLock +); + +NTKERNELAPI +VOID +NTAPI +FsRtlUninitializeOplock ( + IN OUT POPLOCK Oplock +); + +NTSYSAPI +VOID +NTAPI +HalDisplayString ( + IN PCHAR String +); + +NTSYSAPI +VOID +NTAPI +HalQueryRealTimeClock ( + IN OUT PTIME_FIELDS TimeFields +); + +NTSYSAPI +VOID +NTAPI +HalSetRealTimeClock ( + IN PTIME_FIELDS TimeFields +); + +#define InitializeMessageHeader(m, l, t) { \ + (m)->Length = (USHORT)(l); \ + (m)->DataLength = (USHORT)(l - sizeof( LPC_MESSAGE )); \ + (m)->MessageType = (USHORT)(t); \ + (m)->DataInfoOffset = 0; \ +} + +NTKERNELAPI +VOID +NTAPI +IoAcquireVpbSpinLock ( + OUT PKIRQL Irql +); + +NTKERNELAPI +NTSTATUS +NTAPI +IoCheckDesiredAccess ( + IN OUT PACCESS_MASK DesiredAccess, + IN ACCESS_MASK GrantedAccess +); + +NTKERNELAPI +NTSTATUS +NTAPI +IoCheckEaBufferValidity ( + IN PFILE_FULL_EA_INFORMATION EaBuffer, + IN ULONG EaLength, + OUT PULONG ErrorOffset +); + +NTKERNELAPI +NTSTATUS +NTAPI +IoCheckFunctionAccess ( + IN ACCESS_MASK GrantedAccess, + IN UCHAR MajorFunction, + IN UCHAR MinorFunction, + IN ULONG IoControlCode, + IN PFILE_INFORMATION_CLASS FileInformationClass OPTIONAL, + IN PFS_INFORMATION_CLASS FsInformationClass OPTIONAL +); + +#if (VER_PRODUCTBUILD >= 2195) + +NTKERNELAPI +NTSTATUS +NTAPI +IoCheckQuotaBufferValidity ( + IN PFILE_QUOTA_INFORMATION QuotaBuffer, + IN ULONG QuotaLength, + OUT PULONG ErrorOffset +); + +#endif // (VER_PRODUCTBUILD >= 2195) + +NTKERNELAPI +PFILE_OBJECT +NTAPI +IoCreateStreamFileObject ( + IN PFILE_OBJECT FileObject OPTIONAL, + IN PDEVICE_OBJECT DeviceObject OPTIONAL +); + +#if (VER_PRODUCTBUILD >= 2195) + +NTKERNELAPI +PFILE_OBJECT +NTAPI +IoCreateStreamFileObjectLite ( + IN PFILE_OBJECT FileObject OPTIONAL, + IN PDEVICE_OBJECT DeviceObject OPTIONAL +); + +#endif // (VER_PRODUCTBUILD >= 2195) + +NTKERNELAPI +BOOLEAN +NTAPI +IoFastQueryNetworkAttributes ( + IN POBJECT_ATTRIBUTES ObjectAttributes, + IN ACCESS_MASK DesiredAccess, + IN ULONG OpenOptions, + OUT PIO_STATUS_BLOCK IoStatus, + OUT PFILE_NETWORK_OPEN_INFORMATION Buffer +); + +NTKERNELAPI +PDEVICE_OBJECT +NTAPI +IoGetAttachedDevice ( + IN PDEVICE_OBJECT DeviceObject +); + +NTKERNELAPI +PDEVICE_OBJECT +NTAPI +IoGetBaseFileSystemDeviceObject ( + IN PFILE_OBJECT FileObject +); + +NTKERNELAPI +PEPROCESS +NTAPI +IoGetRequestorProcess ( + IN PIRP Irp +); + +#if (VER_PRODUCTBUILD >= 2195) + +NTKERNELAPI +ULONG +NTAPI +IoGetRequestorProcessId ( + IN PIRP Irp +); + +#endif // (VER_PRODUCTBUILD >= 2195) + +NTKERNELAPI +PIRP +NTAPI +IoGetTopLevelIrp ( + VOID +); + +#define IoIsFileOpenedExclusively(FileObject) ( \ + (BOOLEAN) !( \ + (FileObject)->SharedRead || \ + (FileObject)->SharedWrite || \ + (FileObject)->SharedDelete \ + ) \ +) + +NTKERNELAPI +BOOLEAN +NTAPI +IoIsOperationSynchronous ( + IN PIRP Irp +); + +NTKERNELAPI +BOOLEAN +NTAPI +IoIsSystemThread ( + IN PETHREAD Thread +); + +#if (VER_PRODUCTBUILD >= 2195) + +NTKERNELAPI +BOOLEAN +NTAPI +IoIsValidNameGraftingBuffer ( + IN PIRP Irp, + IN PREPARSE_DATA_BUFFER ReparseBuffer +); + +#endif // (VER_PRODUCTBUILD >= 2195) + +NTKERNELAPI +NTSTATUS +NTAPI +IoPageRead ( + IN PFILE_OBJECT FileObject, + IN PMDL Mdl, + IN PLARGE_INTEGER Offset, + IN PKEVENT Event, + OUT PIO_STATUS_BLOCK IoStatusBlock +); + +NTKERNELAPI +NTSTATUS +NTAPI +IoQueryFileInformation ( + IN PFILE_OBJECT FileObject, + IN FILE_INFORMATION_CLASS FileInformationClass, + IN ULONG Length, + OUT PVOID FileInformation, + OUT PULONG ReturnedLength +); + +NTKERNELAPI +NTSTATUS +NTAPI +IoQueryVolumeInformation ( + IN PFILE_OBJECT FileObject, + IN FS_INFORMATION_CLASS FsInformationClass, + IN ULONG Length, + OUT PVOID FsInformation, + OUT PULONG ReturnedLength +); + +NTKERNELAPI +VOID +NTAPI +IoRegisterFileSystem ( + IN OUT PDEVICE_OBJECT DeviceObject +); + +#if (VER_PRODUCTBUILD >= 1381) + +typedef VOID (NTAPI *PDRIVER_FS_NOTIFICATION) ( + IN PDEVICE_OBJECT DeviceObject, + IN BOOLEAN DriverActive +); + +NTKERNELAPI +NTSTATUS +NTAPI +IoRegisterFsRegistrationChange ( + IN PDRIVER_OBJECT DriverObject, + IN PDRIVER_FS_NOTIFICATION DriverNotificationRoutine +); + +#endif // (VER_PRODUCTBUILD >= 1381) + +NTKERNELAPI +VOID +NTAPI +IoReleaseVpbSpinLock ( + IN KIRQL Irql +); + +NTKERNELAPI +VOID +NTAPI +IoSetDeviceToVerify ( + IN PETHREAD Thread, + IN PDEVICE_OBJECT DeviceObject +); + +NTKERNELAPI +NTSTATUS +NTAPI +IoSetInformation ( + IN PFILE_OBJECT FileObject, + IN FILE_INFORMATION_CLASS FileInformationClass, + IN ULONG Length, + IN PVOID FileInformation +); + +NTKERNELAPI +VOID +NTAPI +IoSetTopLevelIrp ( + IN PIRP Irp +); + +NTKERNELAPI +NTSTATUS +NTAPI +IoSynchronousPageWrite ( + IN PFILE_OBJECT FileObject, + IN PMDL Mdl, + IN PLARGE_INTEGER FileOffset, + IN PKEVENT Event, + OUT PIO_STATUS_BLOCK IoStatusBlock +); + +NTKERNELAPI +PEPROCESS +NTAPI +IoThreadToProcess ( + IN PETHREAD Thread +); + +NTKERNELAPI +VOID +NTAPI +IoUnregisterFileSystem ( + IN OUT PDEVICE_OBJECT DeviceObject +); + +#if (VER_PRODUCTBUILD >= 1381) + +NTKERNELAPI +NTSTATUS +NTAPI +IoUnregisterFsRegistrationChange ( + IN PDRIVER_OBJECT DriverObject, + IN PDRIVER_FS_NOTIFICATION DriverNotificationRoutine +); + +#endif // (VER_PRODUCTBUILD >= 1381) + +NTKERNELAPI +NTSTATUS +NTAPI +IoVerifyVolume ( + IN PDEVICE_OBJECT DeviceObject, + IN BOOLEAN AllowRawMount +); + +NTKERNELAPI +VOID +NTAPI +KeAttachProcess ( + IN PEPROCESS Process +); + +NTKERNELAPI +VOID +NTAPI +KeDetachProcess ( + VOID +); + +NTKERNELAPI +VOID +NTAPI +KeInitializeQueue ( + IN PRKQUEUE Queue, + IN ULONG Count OPTIONAL +); + +NTKERNELAPI +LONG +NTAPI +KeInsertHeadQueue ( + IN PRKQUEUE Queue, + IN PLIST_ENTRY Entry +); + +NTKERNELAPI +LONG +NTAPI +KeInsertQueue ( + IN PRKQUEUE Queue, + IN PLIST_ENTRY Entry +); + +NTKERNELAPI +VOID +NTAPI +KeInsertQueueApc ( + IN PKAPC Apc, + IN PVOID SystemArgument1, + IN PVOID SystemArgument2, + UCHAR Unknown +); + +NTKERNELAPI +LONG +NTAPI +KeReadStateQueue ( + IN PRKQUEUE Queue +); + +NTKERNELAPI +PLIST_ENTRY +NTAPI +KeRemoveQueue ( + IN PRKQUEUE Queue, + IN KPROCESSOR_MODE WaitMode, + IN PLARGE_INTEGER Timeout OPTIONAL +); + +NTKERNELAPI +PLIST_ENTRY +NTAPI +KeRundownQueue ( + IN PRKQUEUE Queue +); + +#if (VER_PRODUCTBUILD >= 2195) + +NTKERNELAPI +VOID +NTAPI +KeStackAttachProcess ( + IN PKPROCESS Process, + OUT PKAPC_STATE ApcState +); + +NTKERNELAPI +VOID +NTAPI +KeUnstackDetachProcess ( + IN PKAPC_STATE ApcState +); + +#endif // (VER_PRODUCTBUILD >= 2195) + +NTKERNELAPI +BOOLEAN +NTAPI +MmCanFileBeTruncated ( + IN PSECTION_OBJECT_POINTERS SectionObjectPointer, + IN PLARGE_INTEGER NewFileSize +); + +NTKERNELAPI +BOOLEAN +NTAPI +MmFlushImageSection ( + IN PSECTION_OBJECT_POINTERS SectionObjectPointer, + IN MMFLUSH_TYPE FlushType +); + +NTKERNELAPI +BOOLEAN +NTAPI +MmForceSectionClosed ( + IN PSECTION_OBJECT_POINTERS SectionObjectPointer, + IN BOOLEAN DelayClose +); + +#if (VER_PRODUCTBUILD >= 1381) + +NTKERNELAPI +BOOLEAN +NTAPI +MmIsRecursiveIoFault ( + VOID +); + +#else + +#define MmIsRecursiveIoFault() ( \ + (PsGetCurrentThread()->DisablePageFaultClustering) | \ + (PsGetCurrentThread()->ForwardClusterOnly) \ +) + +#endif + +NTKERNELAPI +NTSTATUS +NTAPI +MmMapViewOfSection ( + IN PVOID SectionObject, + IN PEPROCESS Process, + IN OUT PVOID *BaseAddress, + IN ULONG ZeroBits, + IN ULONG CommitSize, + IN OUT PLARGE_INTEGER SectionOffset OPTIONAL, + IN OUT PULONG ViewSize, + IN SECTION_INHERIT InheritDisposition, + IN ULONG AllocationType, + IN ULONG Protect +); + +NTKERNELAPI +BOOLEAN +NTAPI +MmSetAddressRangeModified ( + IN PVOID Address, + IN ULONG Length +); + +NTKERNELAPI +NTSTATUS +NTAPI +ObCreateObject ( + IN KPROCESSOR_MODE ObjectAttributesAccessMode OPTIONAL, + IN POBJECT_TYPE ObjectType, + IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, + IN KPROCESSOR_MODE AccessMode, + IN OUT PVOID ParseContext OPTIONAL, + IN ULONG ObjectSize, + IN ULONG PagedPoolCharge OPTIONAL, + IN ULONG NonPagedPoolCharge OPTIONAL, + OUT PVOID *Object +); + +NTKERNELAPI +ULONG +NTAPI +ObGetObjectPointerCount ( + IN PVOID Object +); + +NTKERNELAPI +NTSTATUS +NTAPI +ObInsertObject ( + IN PVOID Object, + IN PACCESS_STATE PassedAccessState OPTIONAL, + IN ACCESS_MASK DesiredAccess, + IN ULONG AdditionalReferences, + OUT PVOID *ReferencedObject OPTIONAL, + OUT PHANDLE Handle +); + +NTKERNELAPI +VOID +NTAPI +ObMakeTemporaryObject ( + IN PVOID Object +); + +NTKERNELAPI +NTSTATUS +NTAPI +ObOpenObjectByPointer ( + IN PVOID Object, + IN ULONG HandleAttributes, + IN PACCESS_STATE PassedAccessState OPTIONAL, + IN ACCESS_MASK DesiredAccess OPTIONAL, + IN POBJECT_TYPE ObjectType OPTIONAL, + IN KPROCESSOR_MODE AccessMode, + OUT PHANDLE Handle +); + +NTKERNELAPI +NTSTATUS +NTAPI +ObQueryNameString ( + IN PVOID Object, + OUT POBJECT_NAME_INFORMATION ObjectNameInfo, + IN ULONG Length, + OUT PULONG ReturnLength +); + +NTKERNELAPI +NTSTATUS +NTAPI +ObQueryObjectAuditingByHandle ( + IN HANDLE Handle, + OUT PBOOLEAN GenerateOnClose +); + +NTKERNELAPI +NTSTATUS +NTAPI +ObReferenceObjectByName ( + IN PUNICODE_STRING ObjectName, + IN ULONG Attributes, + IN PACCESS_STATE PassedAccessState OPTIONAL, + IN ACCESS_MASK DesiredAccess OPTIONAL, + IN POBJECT_TYPE ObjectType, + IN KPROCESSOR_MODE AccessMode, + IN OUT PVOID ParseContext OPTIONAL, + OUT PVOID *Object +); + +NTKERNELAPI +VOID +NTAPI +PsChargePoolQuota ( + IN PEPROCESS Process, + IN POOL_TYPE PoolType, + IN ULONG Amount +); + +#define PsDereferenceImpersonationToken(T) \ + {if (ARGUMENT_PRESENT(T)) { \ + (ObDereferenceObject((T))); \ + } else { \ + ; \ + } \ +} + +#define PsDereferencePrimaryToken(T) (ObDereferenceObject((T))) + +NTKERNELAPI +ULONGLONG +NTAPI +PsGetProcessExitTime ( + VOID +); + +NTKERNELAPI +BOOLEAN +NTAPI +PsIsThreadTerminating ( + IN PETHREAD Thread +); + +NTKERNELAPI +NTSTATUS +NTAPI +PsLookupProcessByProcessId ( + IN PVOID ProcessId, + OUT PEPROCESS *Process +); + +NTKERNELAPI +NTSTATUS +NTAPI +PsLookupProcessThreadByCid ( + IN PCLIENT_ID Cid, + OUT PEPROCESS *Process OPTIONAL, + OUT PETHREAD *Thread +); + +NTKERNELAPI +NTSTATUS +NTAPI +PsLookupThreadByThreadId ( + IN PVOID UniqueThreadId, + OUT PETHREAD *Thread +); + +NTKERNELAPI +PACCESS_TOKEN +NTAPI +PsReferenceImpersonationToken ( + IN PETHREAD Thread, + OUT PBOOLEAN CopyOnUse, + OUT PBOOLEAN EffectiveOnly, + OUT PSECURITY_IMPERSONATION_LEVEL Level +); + +NTKERNELAPI +HANDLE +NTAPI +PsReferencePrimaryToken ( + IN PEPROCESS Process +); + +NTKERNELAPI +VOID +NTAPI +PsReturnPoolQuota ( + IN PEPROCESS Process, + IN POOL_TYPE PoolType, + IN ULONG Amount +); + +NTKERNELAPI +VOID +NTAPI +PsRevertToSelf ( + VOID +); + +NTSYSAPI +NTSTATUS +NTAPI +RtlAbsoluteToSelfRelativeSD ( + IN PSECURITY_DESCRIPTOR AbsoluteSecurityDescriptor, + IN OUT PSECURITY_DESCRIPTOR SelfRelativeSecurityDescriptor, + IN PULONG BufferLength +); + +NTSYSAPI +PVOID +NTAPI +RtlAllocateHeap ( + IN HANDLE HeapHandle, + IN ULONG Flags, + IN ULONG Size +); + +NTSYSAPI +NTSTATUS +NTAPI +RtlCompressBuffer ( + IN USHORT CompressionFormatAndEngine, + IN PUCHAR UncompressedBuffer, + IN ULONG UncompressedBufferSize, + OUT PUCHAR CompressedBuffer, + IN ULONG CompressedBufferSize, + IN ULONG UncompressedChunkSize, + OUT PULONG FinalCompressedSize, + IN PVOID WorkSpace +); + +NTSYSAPI +NTSTATUS +NTAPI +RtlCompressChunks ( + IN PUCHAR UncompressedBuffer, + IN ULONG UncompressedBufferSize, + OUT PUCHAR CompressedBuffer, + IN ULONG CompressedBufferSize, + IN OUT PCOMPRESSED_DATA_INFO CompressedDataInfo, + IN ULONG CompressedDataInfoLength, + IN PVOID WorkSpace +); + +NTSYSAPI +NTSTATUS +NTAPI +RtlConvertSidToUnicodeString ( + OUT PUNICODE_STRING DestinationString, + IN PSID Sid, + IN BOOLEAN AllocateDestinationString +); + +NTSYSAPI +NTSTATUS +NTAPI +RtlCopySid ( + IN ULONG Length, + IN PSID Destination, + IN PSID Source +); + +NTSYSAPI +NTSTATUS +NTAPI +RtlDecompressBuffer ( + IN USHORT CompressionFormat, + OUT PUCHAR UncompressedBuffer, + IN ULONG UncompressedBufferSize, + IN PUCHAR CompressedBuffer, + IN ULONG CompressedBufferSize, + OUT PULONG FinalUncompressedSize +); + +NTSYSAPI +NTSTATUS +NTAPI +RtlDecompressChunks ( + OUT PUCHAR UncompressedBuffer, + IN ULONG UncompressedBufferSize, + IN PUCHAR CompressedBuffer, + IN ULONG CompressedBufferSize, + IN PUCHAR CompressedTail, + IN ULONG CompressedTailSize, + IN PCOMPRESSED_DATA_INFO CompressedDataInfo +); + +NTSYSAPI +NTSTATUS +NTAPI +RtlDecompressFragment ( + IN USHORT CompressionFormat, + OUT PUCHAR UncompressedFragment, + IN ULONG UncompressedFragmentSize, + IN PUCHAR CompressedBuffer, + IN ULONG CompressedBufferSize, + IN ULONG FragmentOffset, + OUT PULONG FinalUncompressedSize, + IN PVOID WorkSpace +); + +NTSYSAPI +NTSTATUS +NTAPI +RtlDescribeChunk ( + IN USHORT CompressionFormat, + IN OUT PUCHAR *CompressedBuffer, + IN PUCHAR EndOfCompressedBufferPlus1, + OUT PUCHAR *ChunkBuffer, + OUT PULONG ChunkSize +); + +NTSYSAPI +BOOLEAN +NTAPI +RtlEqualSid ( + IN PSID Sid1, + IN PSID Sid2 +); + +NTSYSAPI +VOID +NTAPI +RtlFillMemoryUlong ( + IN PVOID Destination, + IN ULONG Length, + IN ULONG Fill +); + +NTSYSAPI +BOOLEAN +NTAPI +RtlFreeHeap ( + IN HANDLE HeapHandle, + IN ULONG Flags, + IN PVOID P +); + +NTSYSAPI +VOID +NTAPI +RtlGenerate8dot3Name ( + IN PUNICODE_STRING Name, + IN BOOLEAN AllowExtendedCharacters, + IN OUT PGENERATE_NAME_CONTEXT Context, + OUT PUNICODE_STRING Name8dot3 +); + +NTSYSAPI +NTSTATUS +NTAPI +RtlGetCompressionWorkSpaceSize ( + IN USHORT CompressionFormatAndEngine, + OUT PULONG CompressBufferWorkSpaceSize, + OUT PULONG CompressFragmentWorkSpaceSize +); + +NTSYSAPI +NTSTATUS +NTAPI +RtlGetDaclSecurityDescriptor ( + IN PSECURITY_DESCRIPTOR SecurityDescriptor, + OUT PBOOLEAN DaclPresent, + OUT PACL *Dacl, + OUT PBOOLEAN DaclDefaulted +); + +NTSYSAPI +NTSTATUS +NTAPI +RtlGetGroupSecurityDescriptor ( + IN PSECURITY_DESCRIPTOR SecurityDescriptor, + OUT PSID *Group, + OUT PBOOLEAN GroupDefaulted +); + +NTSYSAPI +NTSTATUS +NTAPI +RtlGetOwnerSecurityDescriptor ( + IN PSECURITY_DESCRIPTOR SecurityDescriptor, + OUT PSID *Owner, + OUT PBOOLEAN OwnerDefaulted +); + +NTSYSAPI +NTSTATUS +NTAPI +RtlInitializeSid ( + IN OUT PSID Sid, + IN PSID_IDENTIFIER_AUTHORITY IdentifierAuthority, + IN UCHAR SubAuthorityCount +); + +NTSYSAPI +BOOLEAN +NTAPI +RtlIsNameLegalDOS8Dot3 ( + IN PUNICODE_STRING UnicodeName, + IN PANSI_STRING AnsiName, + PBOOLEAN Unknown +); + +NTSYSAPI +ULONG +NTAPI +RtlLengthRequiredSid ( + IN UCHAR SubAuthorityCount +); + +NTSYSAPI +ULONG +NTAPI +RtlLengthSid ( + IN PSID Sid +); + +NTSYSAPI +ULONG +NTAPI +RtlNtStatusToDosError ( + IN NTSTATUS Status +); + +NTSYSAPI +NTSTATUS +NTAPI +RtlReserveChunk ( + IN USHORT CompressionFormat, + IN OUT PUCHAR *CompressedBuffer, + IN PUCHAR EndOfCompressedBufferPlus1, + OUT PUCHAR *ChunkBuffer, + IN ULONG ChunkSize +); + +NTSYSAPI +VOID +NTAPI +RtlSecondsSince1970ToTime ( + IN ULONG SecondsSince1970, + OUT PLARGE_INTEGER Time +); + +#if (VER_PRODUCTBUILD >= 2195) + +NTSYSAPI +NTSTATUS +NTAPI +RtlSelfRelativeToAbsoluteSD ( + IN PSECURITY_DESCRIPTOR SelfRelativeSD, + OUT PSECURITY_DESCRIPTOR AbsoluteSD, + IN PULONG AbsoluteSDSize, + IN PACL Dacl, + IN PULONG DaclSize, + IN PACL Sacl, + IN PULONG SaclSize, + IN PSID Owner, + IN PULONG OwnerSize, + IN PSID PrimaryGroup, + IN PULONG PrimaryGroupSize +); + +#endif // (VER_PRODUCTBUILD >= 2195) + +NTSYSAPI +NTSTATUS +NTAPI +RtlSetGroupSecurityDescriptor ( + IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor, + IN PSID Group, + IN BOOLEAN GroupDefaulted +); + +NTSYSAPI +NTSTATUS +NTAPI +RtlSetOwnerSecurityDescriptor ( + IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor, + IN PSID Owner, + IN BOOLEAN OwnerDefaulted +); + +NTSYSAPI +NTSTATUS +NTAPI +RtlSetSaclSecurityDescriptor ( + IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor, + IN BOOLEAN SaclPresent, + IN PACL Sacl, + IN BOOLEAN SaclDefaulted +); + +NTSYSAPI +PUCHAR +NTAPI +RtlSubAuthorityCountSid ( + IN PSID Sid +); + +NTSYSAPI +PULONG +NTAPI +RtlSubAuthoritySid ( + IN PSID Sid, + IN ULONG SubAuthority +); + +NTSYSAPI +BOOLEAN +NTAPI +RtlValidSid ( + IN PSID Sid +); + +NTKERNELAPI +NTSTATUS +NTAPI +SeAppendPrivileges ( + PACCESS_STATE AccessState, + PPRIVILEGE_SET Privileges +); + +NTKERNELAPI +BOOLEAN +NTAPI +SeAuditingFileEvents ( + IN BOOLEAN AccessGranted, + IN PSECURITY_DESCRIPTOR SecurityDescriptor +); + +NTKERNELAPI +BOOLEAN +NTAPI +SeAuditingFileOrGlobalEvents ( + IN BOOLEAN AccessGranted, + IN PSECURITY_DESCRIPTOR SecurityDescriptor, + IN PSECURITY_SUBJECT_CONTEXT SubjectContext +); + +NTKERNELAPI +VOID +NTAPI +SeCaptureSubjectContext ( + OUT PSECURITY_SUBJECT_CONTEXT SubjectContext +); + +NTKERNELAPI +NTSTATUS +NTAPI +SeCreateAccessState ( + OUT PACCESS_STATE AccessState, + IN PVOID AuxData, + IN ACCESS_MASK AccessMask, + IN PGENERIC_MAPPING Mapping +); + +NTKERNELAPI +NTSTATUS +NTAPI +SeCreateClientSecurity ( + IN PETHREAD Thread, + IN PSECURITY_QUALITY_OF_SERVICE QualityOfService, + IN BOOLEAN RemoteClient, + OUT PSECURITY_CLIENT_CONTEXT ClientContext +); + +#if (VER_PRODUCTBUILD >= 2195) + +NTKERNELAPI +NTSTATUS +NTAPI +SeCreateClientSecurityFromSubjectContext ( + IN PSECURITY_SUBJECT_CONTEXT SubjectContext, + IN PSECURITY_QUALITY_OF_SERVICE QualityOfService, + IN BOOLEAN ServerIsRemote, + OUT PSECURITY_CLIENT_CONTEXT ClientContext +); + +#endif // (VER_PRODUCTBUILD >= 2195) + +#define SeDeleteClientSecurity(C) { \ + if (SeTokenType((C)->ClientToken) == TokenPrimary) { \ + PsDereferencePrimaryToken( (C)->ClientToken ); \ + } else { \ + PsDereferenceImpersonationToken( (C)->ClientToken ); \ + } \ +} + +NTKERNELAPI +VOID +NTAPI +SeDeleteObjectAuditAlarm ( + IN PVOID Object, + IN HANDLE Handle +); + +#define SeEnableAccessToExports() SeExports = *(PSE_EXPORTS *)SeExports; + +NTKERNELAPI +VOID +NTAPI +SeFreePrivileges ( + IN PPRIVILEGE_SET Privileges +); + +NTKERNELAPI +VOID +NTAPI +SeImpersonateClient ( + IN PSECURITY_CLIENT_CONTEXT ClientContext, + IN PETHREAD ServerThread OPTIONAL +); + +#if (VER_PRODUCTBUILD >= 2195) + +NTKERNELAPI +NTSTATUS +NTAPI +SeImpersonateClientEx ( + IN PSECURITY_CLIENT_CONTEXT ClientContext, + IN PETHREAD ServerThread OPTIONAL +); + +#endif // (VER_PRODUCTBUILD >= 2195) + +NTKERNELAPI +VOID +NTAPI +SeLockSubjectContext ( + IN PSECURITY_SUBJECT_CONTEXT SubjectContext +); + +NTKERNELAPI +NTSTATUS +NTAPI +SeMarkLogonSessionForTerminationNotification ( + IN PLUID LogonId +); + +NTKERNELAPI +VOID +NTAPI +SeOpenObjectAuditAlarm ( + IN PUNICODE_STRING ObjectTypeName, + IN PVOID Object OPTIONAL, + IN PUNICODE_STRING AbsoluteObjectName OPTIONAL, + IN PSECURITY_DESCRIPTOR SecurityDescriptor, + IN PACCESS_STATE AccessState, + IN BOOLEAN ObjectCreated, + IN BOOLEAN AccessGranted, + IN KPROCESSOR_MODE AccessMode, + OUT PBOOLEAN GenerateOnClose +); + +NTKERNELAPI +VOID +NTAPI +SeOpenObjectForDeleteAuditAlarm ( + IN PUNICODE_STRING ObjectTypeName, + IN PVOID Object OPTIONAL, + IN PUNICODE_STRING AbsoluteObjectName OPTIONAL, + IN PSECURITY_DESCRIPTOR SecurityDescriptor, + IN PACCESS_STATE AccessState, + IN BOOLEAN ObjectCreated, + IN BOOLEAN AccessGranted, + IN KPROCESSOR_MODE AccessMode, + OUT PBOOLEAN GenerateOnClose +); + +NTKERNELAPI +BOOLEAN +NTAPI +SePrivilegeCheck ( + IN OUT PPRIVILEGE_SET RequiredPrivileges, + IN PSECURITY_SUBJECT_CONTEXT SubjectContext, + IN KPROCESSOR_MODE AccessMode +); + +NTKERNELAPI +NTSTATUS +NTAPI +SeQueryAuthenticationIdToken ( + IN PACCESS_TOKEN Token, + OUT PLUID LogonId +); + +#if (VER_PRODUCTBUILD >= 2195) + +NTKERNELAPI +NTSTATUS +NTAPI +SeQueryInformationToken ( + IN PACCESS_TOKEN Token, + IN TOKEN_INFORMATION_CLASS TokenInformationClass, + OUT PVOID *TokenInformation +); + +#endif // (VER_PRODUCTBUILD >= 2195) + +NTKERNELAPI +NTSTATUS +NTAPI +SeQuerySecurityDescriptorInfo ( + IN PSECURITY_INFORMATION SecurityInformation, + OUT PSECURITY_DESCRIPTOR SecurityDescriptor, + IN OUT PULONG Length, + IN PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor +); + +#if (VER_PRODUCTBUILD >= 2195) + +NTKERNELAPI +NTSTATUS +NTAPI +SeQuerySessionIdToken ( + IN PACCESS_TOKEN Token, + IN PULONG SessionId +); + +#endif // (VER_PRODUCTBUILD >= 2195) + +#define SeQuerySubjectContextToken( SubjectContext ) \ + ( ARGUMENT_PRESENT( \ + ((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->ClientToken \ + ) ? \ + ((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->ClientToken : \ + ((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->PrimaryToken ) + +typedef NTSTATUS (*PSE_LOGON_SESSION_TERMINATED_ROUTINE) ( + IN PLUID LogonId +); + +NTKERNELAPI +NTSTATUS +NTAPI +SeRegisterLogonSessionTerminatedRoutine ( + IN PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine +); + +NTKERNELAPI +VOID +NTAPI +SeReleaseSubjectContext ( + IN PSECURITY_SUBJECT_CONTEXT SubjectContext +); + +NTKERNELAPI +VOID +NTAPI +SeSetAccessStateGenericMapping ( + PACCESS_STATE AccessState, + PGENERIC_MAPPING GenericMapping +); + +NTKERNELAPI +NTSTATUS +NTAPI +SeSetSecurityDescriptorInfo ( + IN PVOID Object OPTIONAL, + IN PSECURITY_INFORMATION SecurityInformation, + IN PSECURITY_DESCRIPTOR SecurityDescriptor, + IN OUT PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor, + IN POOL_TYPE PoolType, + IN PGENERIC_MAPPING GenericMapping +); + +#if (VER_PRODUCTBUILD >= 2195) + +NTKERNELAPI +NTSTATUS +NTAPI +SeSetSecurityDescriptorInfoEx ( + IN PVOID Object OPTIONAL, + IN PSECURITY_INFORMATION SecurityInformation, + IN PSECURITY_DESCRIPTOR ModificationDescriptor, + IN OUT PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor, + IN ULONG AutoInheritFlags, + IN POOL_TYPE PoolType, + IN PGENERIC_MAPPING GenericMapping +); + +NTKERNELAPI +BOOLEAN +NTAPI +SeTokenIsAdmin ( + IN PACCESS_TOKEN Token +); + +NTKERNELAPI +BOOLEAN +NTAPI +SeTokenIsRestricted ( + IN PACCESS_TOKEN Token +); + +#endif // (VER_PRODUCTBUILD >= 2195) + +NTKERNELAPI +TOKEN_TYPE +NTAPI +SeTokenType ( + IN PACCESS_TOKEN Token +); + +NTKERNELAPI +VOID +NTAPI +SeUnlockSubjectContext ( + IN PSECURITY_SUBJECT_CONTEXT SubjectContext +); + +NTKERNELAPI +NTSTATUS +SeUnregisterLogonSessionTerminatedRoutine ( + IN PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine +); + +#if (VER_PRODUCTBUILD >= 2195) + +NTSYSAPI +NTSTATUS +NTAPI +ZwAdjustPrivilegesToken ( + IN HANDLE TokenHandle, + IN BOOLEAN DisableAllPrivileges, + IN PTOKEN_PRIVILEGES NewState, + IN ULONG BufferLength, + OUT PTOKEN_PRIVILEGES PreviousState OPTIONAL, + OUT PULONG ReturnLength +); + +#endif // (VER_PRODUCTBUILD >= 2195) + +NTSYSAPI +NTSTATUS +NTAPI +ZwAlertThread ( + IN HANDLE ThreadHandle +); + +NTSYSAPI +NTSTATUS +NTAPI +ZwAllocateVirtualMemory ( + IN HANDLE ProcessHandle, + IN OUT PVOID *BaseAddress, + IN ULONG ZeroBits, + IN OUT PULONG RegionSize, + IN ULONG AllocationType, + IN ULONG Protect +); + +NTSYSAPI +NTSTATUS +NTAPI +ZwAccessCheckAndAuditAlarm ( + IN PUNICODE_STRING SubsystemName, + IN PVOID HandleId, + IN PUNICODE_STRING ObjectTypeName, + IN PUNICODE_STRING ObjectName, + IN PSECURITY_DESCRIPTOR SecurityDescriptor, + IN ACCESS_MASK DesiredAccess, + IN PGENERIC_MAPPING GenericMapping, + IN BOOLEAN ObjectCreation, + OUT PACCESS_MASK GrantedAccess, + OUT PBOOLEAN AccessStatus, + OUT PBOOLEAN GenerateOnClose +); + +#if (VER_PRODUCTBUILD >= 2195) + +NTSYSAPI +NTSTATUS +NTAPI +ZwCancelIoFile ( + IN HANDLE FileHandle, + OUT PIO_STATUS_BLOCK IoStatusBlock +); + +#endif // (VER_PRODUCTBUILD >= 2195) + +NTSYSAPI +NTSTATUS +NTAPI +ZwClearEvent ( + IN HANDLE EventHandle +); + +NTSYSAPI +NTSTATUS +NTAPI +ZwCloseObjectAuditAlarm ( + IN PUNICODE_STRING SubsystemName, + IN PVOID HandleId, + IN BOOLEAN GenerateOnClose +); + +NTSYSAPI +NTSTATUS +NTAPI +ZwCreateSection ( + OUT PHANDLE SectionHandle, + IN ACCESS_MASK DesiredAccess, + IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, + IN PLARGE_INTEGER MaximumSize OPTIONAL, + IN ULONG SectionPageProtection, + IN ULONG AllocationAttributes, + IN HANDLE FileHandle OPTIONAL +); + +NTSYSAPI +NTSTATUS +NTAPI +ZwCreateSymbolicLinkObject ( + OUT PHANDLE SymbolicLinkHandle, + IN ACCESS_MASK DesiredAccess, + IN POBJECT_ATTRIBUTES ObjectAttributes, + IN PUNICODE_STRING TargetName +); + +NTSYSAPI +NTSTATUS +NTAPI +ZwDeleteFile ( + IN POBJECT_ATTRIBUTES ObjectAttributes +); + +NTSYSAPI +NTSTATUS +NTAPI +ZwDeleteValueKey ( + IN HANDLE Handle, + IN PUNICODE_STRING Name +); + +NTSYSAPI +NTSTATUS +NTAPI +ZwDeviceIoControlFile ( + IN HANDLE FileHandle, + IN HANDLE Event OPTIONAL, + IN PIO_APC_ROUTINE ApcRoutine OPTIONAL, + IN PVOID ApcContext OPTIONAL, + OUT PIO_STATUS_BLOCK IoStatusBlock, + IN ULONG IoControlCode, + IN PVOID InputBuffer OPTIONAL, + IN ULONG InputBufferLength, + OUT PVOID OutputBuffer OPTIONAL, + IN ULONG OutputBufferLength +); + +NTSYSAPI +NTSTATUS +NTAPI +ZwDisplayString ( + IN PUNICODE_STRING String +); + +NTSYSAPI +NTSTATUS +NTAPI +ZwDuplicateObject ( + IN HANDLE SourceProcessHandle, + IN HANDLE SourceHandle, + IN HANDLE TargetProcessHandle OPTIONAL, + OUT PHANDLE TargetHandle OPTIONAL, + IN ACCESS_MASK DesiredAccess, + IN ULONG HandleAttributes, + IN ULONG Options +); + +NTSYSAPI +NTSTATUS +NTAPI +ZwDuplicateToken ( + IN HANDLE ExistingTokenHandle, + IN ACCESS_MASK DesiredAccess, + IN POBJECT_ATTRIBUTES ObjectAttributes, + IN BOOLEAN EffectiveOnly, + IN TOKEN_TYPE TokenType, + OUT PHANDLE NewTokenHandle +); + +NTSYSAPI +NTSTATUS +NTAPI +ZwFlushInstructionCache ( + IN HANDLE ProcessHandle, + IN PVOID BaseAddress OPTIONAL, + IN ULONG FlushSize +); + +#if (VER_PRODUCTBUILD >= 2195) + +NTSYSAPI +NTSTATUS +NTAPI +ZwFlushVirtualMemory ( + IN HANDLE ProcessHandle, + IN OUT PVOID *BaseAddress, + IN OUT PULONG FlushSize, + OUT PIO_STATUS_BLOCK IoStatusBlock +); + +#endif // (VER_PRODUCTBUILD >= 2195) + +NTSYSAPI +NTSTATUS +NTAPI +ZwFreeVirtualMemory ( + IN HANDLE ProcessHandle, + IN OUT PVOID *BaseAddress, + IN OUT PULONG RegionSize, + IN ULONG FreeType +); + +NTSYSAPI +NTSTATUS +NTAPI +ZwFsControlFile ( + IN HANDLE FileHandle, + IN HANDLE Event OPTIONAL, + IN PIO_APC_ROUTINE ApcRoutine OPTIONAL, + IN PVOID ApcContext OPTIONAL, + OUT PIO_STATUS_BLOCK IoStatusBlock, + IN ULONG FsControlCode, + IN PVOID InputBuffer OPTIONAL, + IN ULONG InputBufferLength, + OUT PVOID OutputBuffer OPTIONAL, + IN ULONG OutputBufferLength +); + +#if (VER_PRODUCTBUILD >= 2195) + +NTSYSAPI +NTSTATUS +NTAPI +ZwInitiatePowerAction ( + IN POWER_ACTION SystemAction, + IN SYSTEM_POWER_STATE MinSystemState, + IN ULONG Flags, + IN BOOLEAN Asynchronous +); + +#endif // (VER_PRODUCTBUILD >= 2195) + +NTSYSAPI +NTSTATUS +NTAPI +ZwLoadDriver ( + // "\\Registry\\Machine\\System\\CurrentControlSet\\Services\\<DriverName>" + IN PUNICODE_STRING RegistryPath +); + +NTSYSAPI +NTSTATUS +NTAPI +ZwLoadKey ( + IN POBJECT_ATTRIBUTES KeyObjectAttributes, + IN POBJECT_ATTRIBUTES FileObjectAttributes +); + +NTSYSAPI +NTSTATUS +NTAPI +ZwNotifyChangeKey ( + IN HANDLE KeyHandle, + IN HANDLE EventHandle OPTIONAL, + IN PIO_APC_ROUTINE ApcRoutine OPTIONAL, + IN PVOID ApcContext OPTIONAL, + OUT PIO_STATUS_BLOCK IoStatusBlock, + IN ULONG NotifyFilter, + IN BOOLEAN WatchSubtree, + IN PVOID Buffer, + IN ULONG BufferLength, + IN BOOLEAN Asynchronous +); + +NTSYSAPI +NTSTATUS +NTAPI +ZwOpenDirectoryObject ( + OUT PHANDLE DirectoryHandle, + IN ACCESS_MASK DesiredAccess, + IN POBJECT_ATTRIBUTES ObjectAttributes +); + +NTSYSAPI +NTSTATUS +NTAPI +ZwOpenEvent ( + OUT PHANDLE EventHandle, + IN ACCESS_MASK DesiredAccess, + IN POBJECT_ATTRIBUTES ObjectAttributes +); + +NTSYSAPI +NTSTATUS +NTAPI +ZwOpenProcess ( + OUT PHANDLE ProcessHandle, + IN ACCESS_MASK DesiredAccess, + IN POBJECT_ATTRIBUTES ObjectAttributes, + IN PCLIENT_ID ClientId OPTIONAL +); + +NTSYSAPI +NTSTATUS +NTAPI +ZwOpenProcessToken ( + IN HANDLE ProcessHandle, + IN ACCESS_MASK DesiredAccess, + OUT PHANDLE TokenHandle +); + +NTSYSAPI +NTSTATUS +NTAPI +ZwOpenThread ( + OUT PHANDLE ThreadHandle, + IN ACCESS_MASK DesiredAccess, + IN POBJECT_ATTRIBUTES ObjectAttributes, + IN PCLIENT_ID ClientId +); + +NTSYSAPI +NTSTATUS +NTAPI +ZwOpenThreadToken ( + IN HANDLE ThreadHandle, + IN ACCESS_MASK DesiredAccess, + IN BOOLEAN OpenAsSelf, + OUT PHANDLE TokenHandle +); + +#if (VER_PRODUCTBUILD >= 2195) + +NTSYSAPI +NTSTATUS +NTAPI +ZwPowerInformation ( + IN POWER_INFORMATION_LEVEL PowerInformationLevel, + IN PVOID InputBuffer OPTIONAL, + IN ULONG InputBufferLength, + OUT PVOID OutputBuffer OPTIONAL, + IN ULONG OutputBufferLength +); + +#endif // (VER_PRODUCTBUILD >= 2195) + +NTSYSAPI +NTSTATUS +NTAPI +ZwPulseEvent ( + IN HANDLE EventHandle, + OUT PULONG PreviousState OPTIONAL +); + +NTSYSAPI +NTSTATUS +NTAPI +ZwQueryDefaultLocale ( + IN BOOLEAN ThreadOrSystem, + OUT PLCID Locale +); + +NTSYSAPI +NTSTATUS +NTAPI +ZwQueryDirectoryFile ( + IN HANDLE FileHandle, + IN HANDLE Event OPTIONAL, + IN PIO_APC_ROUTINE ApcRoutine OPTIONAL, + IN PVOID ApcContext OPTIONAL, + OUT PIO_STATUS_BLOCK IoStatusBlock, + OUT PVOID FileInformation, + IN ULONG Length, + IN FILE_INFORMATION_CLASS FileInformationClass, + IN BOOLEAN ReturnSingleEntry, + IN PUNICODE_STRING FileName OPTIONAL, + IN BOOLEAN RestartScan +); + +#if (VER_PRODUCTBUILD >= 2195) + +NTSYSAPI +NTSTATUS +NTAPI +ZwQueryDirectoryObject ( + IN HANDLE DirectoryHandle, + OUT PVOID Buffer, + IN ULONG Length, + IN BOOLEAN ReturnSingleEntry, + IN BOOLEAN RestartScan, + IN OUT PULONG Context, + OUT PULONG ReturnLength OPTIONAL +); + +NTSYSAPI +NTSTATUS +NTAPI +ZwQueryEaFile ( + IN HANDLE FileHandle, + OUT PIO_STATUS_BLOCK IoStatusBlock, + OUT PVOID Buffer, + IN ULONG Length, + IN BOOLEAN ReturnSingleEntry, + IN PVOID EaList OPTIONAL, + IN ULONG EaListLength, + IN PULONG EaIndex OPTIONAL, + IN BOOLEAN RestartScan +); + +#endif // (VER_PRODUCTBUILD >= 2195) + +NTSYSAPI +NTSTATUS +NTAPI +ZwQueryInformationProcess ( + IN HANDLE ProcessHandle, + IN PROCESSINFOCLASS ProcessInformationClass, + OUT PVOID ProcessInformation, + IN ULONG ProcessInformationLength, + OUT PULONG ReturnLength OPTIONAL +); + +NTSYSAPI +NTSTATUS +NTAPI +ZwQueryInformationToken ( + IN HANDLE TokenHandle, + IN TOKEN_INFORMATION_CLASS TokenInformationClass, + OUT PVOID TokenInformation, + IN ULONG Length, + OUT PULONG ResultLength +); + +NTSYSAPI +NTSTATUS +NTAPI +ZwQueryObject ( + IN HANDLE ObjectHandle, + IN OBJECT_INFO_CLASS ObjectInformationClass, + OUT PVOID ObjectInformation, + IN ULONG Length, + OUT PULONG ResultLength +); + +NTSYSAPI +NTSTATUS +NTAPI +ZwQuerySection ( + IN HANDLE SectionHandle, + IN SECTION_INFORMATION_CLASS SectionInformationClass, + OUT PVOID SectionInformation, + IN ULONG SectionInformationLength, + OUT PULONG ResultLength OPTIONAL +); + +NTSYSAPI +NTSTATUS +NTAPI +ZwQuerySecurityObject ( + IN HANDLE FileHandle, + IN SECURITY_INFORMATION SecurityInformation, + OUT PSECURITY_DESCRIPTOR SecurityDescriptor, + IN ULONG Length, + OUT PULONG ResultLength +); + +NTSYSAPI +NTSTATUS +NTAPI +ZwQuerySystemInformation ( + IN SYSTEM_INFORMATION_CLASS SystemInformationClass, + OUT PVOID SystemInformation, + IN ULONG Length, + OUT PULONG ReturnLength +); + +NTSYSAPI +NTSTATUS +NTAPI +ZwQueryVolumeInformationFile ( + IN HANDLE FileHandle, + OUT PIO_STATUS_BLOCK IoStatusBlock, + OUT PVOID FsInformation, + IN ULONG Length, + IN FS_INFORMATION_CLASS FsInformationClass +); + +NTSYSAPI +NTSTATUS +NTAPI +ZwReplaceKey ( + IN POBJECT_ATTRIBUTES NewFileObjectAttributes, + IN HANDLE KeyHandle, + IN POBJECT_ATTRIBUTES OldFileObjectAttributes +); + +NTSYSAPI +NTSTATUS +NTAPI +ZwResetEvent ( + IN HANDLE EventHandle, + OUT PULONG PreviousState OPTIONAL +); + +#if (VER_PRODUCTBUILD >= 2195) + +NTSYSAPI +NTSTATUS +NTAPI +ZwRestoreKey ( + IN HANDLE KeyHandle, + IN HANDLE FileHandle, + IN ULONG Flags +); + +#endif // (VER_PRODUCTBUILD >= 2195) + +NTSYSAPI +NTSTATUS +NTAPI +ZwSaveKey ( + IN HANDLE KeyHandle, + IN HANDLE FileHandle +); + +NTSYSAPI +NTSTATUS +NTAPI +ZwSetDefaultLocale ( + IN BOOLEAN ThreadOrSystem, + IN LCID Locale +); + +#if (VER_PRODUCTBUILD >= 2195) + +NTSYSAPI +NTSTATUS +NTAPI +ZwSetDefaultUILanguage ( + IN LANGID LanguageId +); + +NTSYSAPI +NTSTATUS +NTAPI +ZwSetEaFile ( + IN HANDLE FileHandle, + OUT PIO_STATUS_BLOCK IoStatusBlock, + OUT PVOID Buffer, + IN ULONG Length +); + +#endif // (VER_PRODUCTBUILD >= 2195) + +NTSYSAPI +NTSTATUS +NTAPI +ZwSetEvent ( + IN HANDLE EventHandle, + OUT PULONG PreviousState OPTIONAL +); + +NTSYSAPI +NTSTATUS +NTAPI +ZwSetInformationObject ( + IN HANDLE ObjectHandle, + IN OBJECT_INFO_CLASS ObjectInformationClass, + IN PVOID ObjectInformation, + IN ULONG ObjectInformationLength +); + +NTSYSAPI +NTSTATUS +NTAPI +ZwSetInformationProcess ( + IN HANDLE ProcessHandle, + IN PROCESSINFOCLASS ProcessInformationClass, + IN PVOID ProcessInformation, + IN ULONG ProcessInformationLength +); + +#if (VER_PRODUCTBUILD >= 2195) + +NTSYSAPI +NTSTATUS +NTAPI +ZwSetSecurityObject ( + IN HANDLE Handle, + IN SECURITY_INFORMATION SecurityInformation, + IN PSECURITY_DESCRIPTOR SecurityDescriptor +); + +#endif // (VER_PRODUCTBUILD >= 2195) + +NTSYSAPI +NTSTATUS +NTAPI +ZwSetSystemInformation ( + IN SYSTEM_INFORMATION_CLASS SystemInformationClass, + IN PVOID SystemInformation, + IN ULONG Length +); + +NTSYSAPI +NTSTATUS +NTAPI +ZwSetSystemTime ( + IN PLARGE_INTEGER NewTime, + OUT PLARGE_INTEGER OldTime OPTIONAL +); + +#if (VER_PRODUCTBUILD >= 2195) + +NTSYSAPI +NTSTATUS +NTAPI +ZwSetVolumeInformationFile ( + IN HANDLE FileHandle, + OUT PIO_STATUS_BLOCK IoStatusBlock, + IN PVOID FsInformation, + IN ULONG Length, + IN FS_INFORMATION_CLASS FsInformationClass +); + +#endif // (VER_PRODUCTBUILD >= 2195) + +NTSYSAPI +NTSTATUS +NTAPI +ZwTerminateProcess ( + IN HANDLE ProcessHandle OPTIONAL, + IN NTSTATUS ExitStatus +); + +NTSYSAPI +NTSTATUS +NTAPI +ZwUnloadDriver ( + // "\\Registry\\Machine\\System\\CurrentControlSet\\Services\\<DriverName>" + IN PUNICODE_STRING RegistryPath +); + +NTSYSAPI +NTSTATUS +NTAPI +ZwUnloadKey ( + IN POBJECT_ATTRIBUTES KeyObjectAttributes +); + +NTSYSAPI +NTSTATUS +NTAPI +ZwWaitForSingleObject ( + IN HANDLE Handle, + IN BOOLEAN Alertable, + IN PLARGE_INTEGER Timeout OPTIONAL +); + +NTSYSAPI +NTSTATUS +NTAPI +ZwWaitForMultipleObjects ( + IN ULONG HandleCount, + IN PHANDLE Handles, + IN WAIT_TYPE WaitType, + IN BOOLEAN Alertable, + IN PLARGE_INTEGER Timeout OPTIONAL +); + +NTSYSAPI +NTSTATUS +NTAPI +ZwYieldExecution ( + VOID +); + +#pragma pack(pop) + +#ifdef __cplusplus +} +#endif + +#endif // _NTIFS_ |