Welcome to mirror list, hosted at ThFree Co, Russian Federation.

cygwin.com/git/newlib-cygwin.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/winsup/w32api/include/ddk/ntifs.h
diff options
context:
space:
mode:
authorEarnie Boyd <earnie@users.sf.net>2002-10-07 02:18:26 +0400
committerEarnie Boyd <earnie@users.sf.net>2002-10-07 02:18:26 +0400
commit2bacbfb1d19165f9cf63420a6fab6afc9e1a0d65 (patch)
treecd9df029c45c0eb01f4dc566a0abc5cae138e9dd /winsup/w32api/include/ddk/ntifs.h
parent09663d31bbc2c9784be39e696ce0fa6579319dd4 (diff)
2002-10-06 Casper Hornstrup <chorns@it.dk>
* include/ddk: New subdir. * lib/ddk: Ditto. * include/ddk/(atm.h, batclass.h, cfg.h, cfgmgr32.h, d4drvif.h, d4iface.h, ddkmapi.h, hidclass.h, hidpi.h, hidusage.h, mcd.h, miniport.h, minitape.h, mountdev.h, mountmgr.h, ndis.h, ndisquid.h, ndistapi.h, ndisvan.h, netevent.h, netpnp.h, netdev.h, ntapi.h, ntdd8042.h, ntddbeep.h, ntddcdrm.h, ntddcdvd.h, ntddchgr.h, ntdddisk.h, ntddk.h, ntddkbd.h, ntddmou.h, ntddndis.h, ntddpar.h, ntddpcm.h, ntddscsi.h, ntddser.h, ntddstor.h, ntddtape.h, ntddtdi.h, ntddvdeo.h, ntddvol.h, ntifs.h, ntpoapi.h, ntstatus.h, parallel.h, pfhook.h, poclass.h, scsi.h, scsiscan.h, scsiwmi.h, smbus.h, srb.h, storport.h, tdi.h, tdiinfo.h, tdikrnl.h, tdistat.h, tvout.h, upssvc.h, usb.h, usb100.h, usbcamdi.h, usbdi.h, usbioctl.h, usbiodef.h, usbscan.h, usbuser.h, video.h, videoagp.h, win2k.h, winddi.h, winddk.h, winnt4.h, winxp.h, ws2san.h, xfilter.h): New files. * lib/ddk/(Makefile.in, apcups.def, cfgmgr32.def, dxapi.def, hal.def, hid.def, hidparse.def, mcd.def, ndis.def, ntoskrnl.def, scsiport.def, tdi.def, usbcamd.def, usbcamd2.def, videoprt.def, win32k.def): Ditto.
Diffstat (limited to 'winsup/w32api/include/ddk/ntifs.h')
-rw-r--r--winsup/w32api/include/ddk/ntifs.h4684
1 files changed, 4684 insertions, 0 deletions
diff --git a/winsup/w32api/include/ddk/ntifs.h b/winsup/w32api/include/ddk/ntifs.h
new file mode 100644
index 000000000..1ae3db4e6
--- /dev/null
+++ b/winsup/w32api/include/ddk/ntifs.h
@@ -0,0 +1,4684 @@
+/*
+ * ntifs.h
+ *
+ * Windows NT Filesystem Driver Developer Kit
+ *
+ * This file is part of the MinGW package.
+ *
+ * Contributors:
+ * Created by Bo Brantén <bosse@acc.umu.se>
+ *
+ * THIS SOFTWARE IS NOT COPYRIGHTED
+ *
+ * This source code is offered for use in the public domain. You may
+ * use, modify or distribute it freely.
+ *
+ * This code is distributed in the hope that it will be useful but
+ * WITHOUT ANY WARRANTY. ALL WARRANTIES, EXPRESS OR IMPLIED ARE HEREBY
+ * DISCLAMED. This includes but is not limited to warranties of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ *
+ */
+
+#ifndef _NTIFS_
+#define _NTIFS_
+#define _GNU_NTIFS_
+
+#if __GNUC__ >=3
+#pragma GCC system_header
+#endif
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#pragma pack(push,4)
+
+#include "ntddk.h"
+#include "ntapi.h"
+
+#define VER_PRODUCTBUILD 10000
+
+#ifndef NTSYSAPI
+#define NTSYSAPI
+#endif
+
+#ifndef NTKERNELAPI
+#define NTKERNELAPI STDCALL
+#endif
+
+typedef struct _SE_EXPORTS *PSE_EXPORTS;
+
+extern PUCHAR *FsRtlLegalAnsiCharacterArray;
+extern PSE_EXPORTS SeExports;
+extern PACL SePublicDefaultDacl;
+extern PACL SeSystemDefaultDacl;
+
+#define ACCESS_ALLOWED_ACE_TYPE (0x0)
+#define ACCESS_DENIED_ACE_TYPE (0x1)
+#define SYSTEM_AUDIT_ACE_TYPE (0x2)
+#define SYSTEM_ALARM_ACE_TYPE (0x3)
+
+#define ANSI_DOS_STAR ('<')
+#define ANSI_DOS_QM ('>')
+#define ANSI_DOS_DOT ('"')
+
+#define DOS_STAR (L'<')
+#define DOS_QM (L'>')
+#define DOS_DOT (L'"')
+
+#define COMPRESSION_FORMAT_NONE (0x0000)
+#define COMPRESSION_FORMAT_DEFAULT (0x0001)
+#define COMPRESSION_FORMAT_LZNT1 (0x0002)
+#define COMPRESSION_ENGINE_STANDARD (0x0000)
+#define COMPRESSION_ENGINE_MAXIMUM (0x0100)
+#define COMPRESSION_ENGINE_HIBER (0x0200)
+
+#define FILE_ACTION_ADDED 0x00000001
+#define FILE_ACTION_REMOVED 0x00000002
+#define FILE_ACTION_MODIFIED 0x00000003
+#define FILE_ACTION_RENAMED_OLD_NAME 0x00000004
+#define FILE_ACTION_RENAMED_NEW_NAME 0x00000005
+#define FILE_ACTION_ADDED_STREAM 0x00000006
+#define FILE_ACTION_REMOVED_STREAM 0x00000007
+#define FILE_ACTION_MODIFIED_STREAM 0x00000008
+#define FILE_ACTION_REMOVED_BY_DELETE 0x00000009
+#define FILE_ACTION_ID_NOT_TUNNELLED 0x0000000A
+#define FILE_ACTION_TUNNELLED_ID_COLLISION 0x0000000B
+
+#define FILE_EA_TYPE_BINARY 0xfffe
+#define FILE_EA_TYPE_ASCII 0xfffd
+#define FILE_EA_TYPE_BITMAP 0xfffb
+#define FILE_EA_TYPE_METAFILE 0xfffa
+#define FILE_EA_TYPE_ICON 0xfff9
+#define FILE_EA_TYPE_EA 0xffee
+#define FILE_EA_TYPE_MVMT 0xffdf
+#define FILE_EA_TYPE_MVST 0xffde
+#define FILE_EA_TYPE_ASN1 0xffdd
+#define FILE_EA_TYPE_FAMILY_IDS 0xff01
+
+#define FILE_NEED_EA 0x00000080
+
+#define FILE_NOTIFY_CHANGE_FILE_NAME 0x00000001
+#define FILE_NOTIFY_CHANGE_DIR_NAME 0x00000002
+#define FILE_NOTIFY_CHANGE_NAME 0x00000003
+#define FILE_NOTIFY_CHANGE_ATTRIBUTES 0x00000004
+#define FILE_NOTIFY_CHANGE_SIZE 0x00000008
+#define FILE_NOTIFY_CHANGE_LAST_WRITE 0x00000010
+#define FILE_NOTIFY_CHANGE_LAST_ACCESS 0x00000020
+#define FILE_NOTIFY_CHANGE_CREATION 0x00000040
+#define FILE_NOTIFY_CHANGE_EA 0x00000080
+#define FILE_NOTIFY_CHANGE_SECURITY 0x00000100
+#define FILE_NOTIFY_CHANGE_STREAM_NAME 0x00000200
+#define FILE_NOTIFY_CHANGE_STREAM_SIZE 0x00000400
+#define FILE_NOTIFY_CHANGE_STREAM_WRITE 0x00000800
+#define FILE_NOTIFY_VALID_MASK 0x00000fff
+
+#define FILE_OPLOCK_BROKEN_TO_LEVEL_2 0x00000007
+#define FILE_OPLOCK_BROKEN_TO_NONE 0x00000008
+
+#define FILE_OPBATCH_BREAK_UNDERWAY 0x00000009
+
+#define FILE_CASE_SENSITIVE_SEARCH 0x00000001
+#define FILE_CASE_PRESERVED_NAMES 0x00000002
+#define FILE_UNICODE_ON_DISK 0x00000004
+#define FILE_PERSISTENT_ACLS 0x00000008
+#define FILE_FILE_COMPRESSION 0x00000010
+#define FILE_VOLUME_QUOTAS 0x00000020
+#define FILE_SUPPORTS_SPARSE_FILES 0x00000040
+#define FILE_SUPPORTS_REPARSE_POINTS 0x00000080
+#define FILE_SUPPORTS_REMOTE_STORAGE 0x00000100
+#define FS_LFN_APIS 0x00004000
+#define FILE_VOLUME_IS_COMPRESSED 0x00008000
+#define FILE_SUPPORTS_OBJECT_IDS 0x00010000
+#define FILE_SUPPORTS_ENCRYPTION 0x00020000
+#define FILE_NAMED_STREAMS 0x00040000
+
+#define FILE_PIPE_BYTE_STREAM_TYPE 0x00000000
+#define FILE_PIPE_MESSAGE_TYPE 0x00000001
+
+#define FILE_PIPE_BYTE_STREAM_MODE 0x00000000
+#define FILE_PIPE_MESSAGE_MODE 0x00000001
+
+#define FILE_PIPE_QUEUE_OPERATION 0x00000000
+#define FILE_PIPE_COMPLETE_OPERATION 0x00000001
+
+#define FILE_PIPE_INBOUND 0x00000000
+#define FILE_PIPE_OUTBOUND 0x00000001
+#define FILE_PIPE_FULL_DUPLEX 0x00000002
+
+#define FILE_PIPE_DISCONNECTED_STATE 0x00000001
+#define FILE_PIPE_LISTENING_STATE 0x00000002
+#define FILE_PIPE_CONNECTED_STATE 0x00000003
+#define FILE_PIPE_CLOSING_STATE 0x00000004
+
+#define FILE_PIPE_CLIENT_END 0x00000000
+#define FILE_PIPE_SERVER_END 0x00000001
+
+#define FILE_PIPE_READ_DATA 0x00000000
+#define FILE_PIPE_WRITE_SPACE 0x00000001
+
+#define FILE_STORAGE_TYPE_SPECIFIED 0x00000041 // FILE_DIRECTORY_FILE | FILE_NON_DIRECTORY_FILE
+#define FILE_STORAGE_TYPE_DEFAULT (StorageTypeDefault << FILE_STORAGE_TYPE_SHIFT)
+#define FILE_STORAGE_TYPE_DIRECTORY (StorageTypeDirectory << FILE_STORAGE_TYPE_SHIFT)
+#define FILE_STORAGE_TYPE_FILE (StorageTypeFile << FILE_STORAGE_TYPE_SHIFT)
+#define FILE_STORAGE_TYPE_DOCFILE (StorageTypeDocfile << FILE_STORAGE_TYPE_SHIFT)
+#define FILE_STORAGE_TYPE_JUNCTION_POINT (StorageTypeJunctionPoint << FILE_STORAGE_TYPE_SHIFT)
+#define FILE_STORAGE_TYPE_CATALOG (StorageTypeCatalog << FILE_STORAGE_TYPE_SHIFT)
+#define FILE_STORAGE_TYPE_STRUCTURED_STORAGE (StorageTypeStructuredStorage << FILE_STORAGE_TYPE_SHIFT)
+#define FILE_STORAGE_TYPE_EMBEDDING (StorageTypeEmbedding << FILE_STORAGE_TYPE_SHIFT)
+#define FILE_STORAGE_TYPE_STREAM (StorageTypeStream << FILE_STORAGE_TYPE_SHIFT)
+#define FILE_MINIMUM_STORAGE_TYPE FILE_STORAGE_TYPE_DEFAULT
+#define FILE_MAXIMUM_STORAGE_TYPE FILE_STORAGE_TYPE_STREAM
+#define FILE_STORAGE_TYPE_MASK 0x000f0000
+#define FILE_STORAGE_TYPE_SHIFT 16
+
+#define FILE_VC_QUOTA_NONE 0x00000000
+#define FILE_VC_QUOTA_TRACK 0x00000001
+#define FILE_VC_QUOTA_ENFORCE 0x00000002
+#define FILE_VC_QUOTA_MASK 0x00000003
+
+#define FILE_VC_QUOTAS_LOG_VIOLATIONS 0x00000004
+#define FILE_VC_CONTENT_INDEX_DISABLED 0x00000008
+
+#define FILE_VC_LOG_QUOTA_THRESHOLD 0x00000010
+#define FILE_VC_LOG_QUOTA_LIMIT 0x00000020
+#define FILE_VC_LOG_VOLUME_THRESHOLD 0x00000040
+#define FILE_VC_LOG_VOLUME_LIMIT 0x00000080
+
+#define FILE_VC_QUOTAS_INCOMPLETE 0x00000100
+#define FILE_VC_QUOTAS_REBUILDING 0x00000200
+
+#define FILE_VC_VALID_MASK 0x000003ff
+
+#define FSRTL_FLAG_FILE_MODIFIED (0x01)
+#define FSRTL_FLAG_FILE_LENGTH_CHANGED (0x02)
+#define FSRTL_FLAG_LIMIT_MODIFIED_PAGES (0x04)
+#define FSRTL_FLAG_ACQUIRE_MAIN_RSRC_EX (0x08)
+#define FSRTL_FLAG_ACQUIRE_MAIN_RSRC_SH (0x10)
+#define FSRTL_FLAG_USER_MAPPED_FILE (0x20)
+#define FSRTL_FLAG_EOF_ADVANCE_ACTIVE (0x80)
+
+#define FSRTL_FLAG2_DO_MODIFIED_WRITE (0x01)
+
+#define FSRTL_FSP_TOP_LEVEL_IRP (0x01)
+#define FSRTL_CACHE_TOP_LEVEL_IRP (0x02)
+#define FSRTL_MOD_WRITE_TOP_LEVEL_IRP (0x03)
+#define FSRTL_FAST_IO_TOP_LEVEL_IRP (0x04)
+#define FSRTL_MAX_TOP_LEVEL_IRP_FLAG (0x04)
+
+#define FSRTL_VOLUME_DISMOUNT 1
+#define FSRTL_VOLUME_DISMOUNT_FAILED 2
+#define FSRTL_VOLUME_LOCK 3
+#define FSRTL_VOLUME_LOCK_FAILED 4
+#define FSRTL_VOLUME_UNLOCK 5
+#define FSRTL_VOLUME_MOUNT 6
+
+#define FSRTL_WILD_CHARACTER 0x08
+
+#ifdef _X86_
+#define HARDWARE_PTE HARDWARE_PTE_X86
+#define PHARDWARE_PTE PHARDWARE_PTE_X86
+#else
+#define HARDWARE_PTE ULONG
+#define PHARDWARE_PTE PULONG
+#endif
+
+#define IO_CHECK_CREATE_PARAMETERS 0x0200
+#define IO_ATTACH_DEVICE 0x0400
+
+#define IO_ATTACH_DEVICE_API 0x80000000
+
+#define IO_COMPLETION_QUERY_STATE 0x0001
+#define IO_COMPLETION_MODIFY_STATE 0x0002
+#define IO_COMPLETION_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED|SYNCHRONIZE|0x3)
+
+#define IO_FILE_OBJECT_NON_PAGED_POOL_CHARGE 64
+#define IO_FILE_OBJECT_PAGED_POOL_CHARGE 1024
+
+#define IO_TYPE_APC 18
+#define IO_TYPE_DPC 19
+#define IO_TYPE_DEVICE_QUEUE 20
+#define IO_TYPE_EVENT_PAIR 21
+#define IO_TYPE_INTERRUPT 22
+#define IO_TYPE_PROFILE 23
+
+#define IRP_BEING_VERIFIED 0x10
+
+#define MAILSLOT_CLASS_FIRSTCLASS 1
+#define MAILSLOT_CLASS_SECONDCLASS 2
+
+#define MAILSLOT_SIZE_AUTO 0
+
+#define MAP_PROCESS 1L
+#define MAP_SYSTEM 2L
+
+#define MEM_DOS_LIM 0x40000000
+#define MEM_IMAGE SEC_IMAGE
+
+#define OB_TYPE_TYPE 1
+#define OB_TYPE_DIRECTORY 2
+#define OB_TYPE_SYMBOLIC_LINK 3
+#define OB_TYPE_TOKEN 4
+#define OB_TYPE_PROCESS 5
+#define OB_TYPE_THREAD 6
+#define OB_TYPE_EVENT 7
+#define OB_TYPE_EVENT_PAIR 8
+#define OB_TYPE_MUTANT 9
+#define OB_TYPE_SEMAPHORE 10
+#define OB_TYPE_TIMER 11
+#define OB_TYPE_PROFILE 12
+#define OB_TYPE_WINDOW_STATION 13
+#define OB_TYPE_DESKTOP 14
+#define OB_TYPE_SECTION 15
+#define OB_TYPE_KEY 16
+#define OB_TYPE_PORT 17
+#define OB_TYPE_ADAPTER 18
+#define OB_TYPE_CONTROLLER 19
+#define OB_TYPE_DEVICE 20
+#define OB_TYPE_DRIVER 21
+#define OB_TYPE_IO_COMPLETION 22
+#define OB_TYPE_FILE 23
+
+#define PIN_WAIT (1)
+#define PIN_EXCLUSIVE (2)
+#define PIN_NO_READ (4)
+#define PIN_IF_BCB (8)
+
+#define PORT_CONNECT 0x0001
+#define PORT_ALL_ACCESS (STANDARD_RIGHTS_ALL |\
+ PORT_CONNECT)
+
+#define SEC_BASED 0x00200000
+#define SEC_NO_CHANGE 0x00400000
+#define SEC_FILE 0x00800000
+#define SEC_IMAGE 0x01000000
+#define SEC_COMMIT 0x08000000
+#define SEC_NOCACHE 0x10000000
+
+#define SECURITY_WORLD_SID_AUTHORITY {0,0,0,0,0,1}
+#define SECURITY_WORLD_RID (0x00000000L)
+
+#define SID_REVISION 1
+
+#define TOKEN_ASSIGN_PRIMARY (0x0001)
+#define TOKEN_DUPLICATE (0x0002)
+#define TOKEN_IMPERSONATE (0x0004)
+#define TOKEN_QUERY (0x0008)
+#define TOKEN_QUERY_SOURCE (0x0010)
+#define TOKEN_ADJUST_PRIVILEGES (0x0020)
+#define TOKEN_ADJUST_GROUPS (0x0040)
+#define TOKEN_ADJUST_DEFAULT (0x0080)
+
+#define TOKEN_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED |\
+ TOKEN_ASSIGN_PRIMARY |\
+ TOKEN_DUPLICATE |\
+ TOKEN_IMPERSONATE |\
+ TOKEN_QUERY |\
+ TOKEN_QUERY_SOURCE |\
+ TOKEN_ADJUST_PRIVILEGES |\
+ TOKEN_ADJUST_GROUPS |\
+ TOKEN_ADJUST_DEFAULT)
+
+#define TOKEN_READ (STANDARD_RIGHTS_READ |\
+ TOKEN_QUERY)
+
+#define TOKEN_WRITE (STANDARD_RIGHTS_WRITE |\
+ TOKEN_ADJUST_PRIVILEGES |\
+ TOKEN_ADJUST_GROUPS |\
+ TOKEN_ADJUST_DEFAULT)
+
+#define TOKEN_EXECUTE (STANDARD_RIGHTS_EXECUTE)
+
+#define TOKEN_SOURCE_LENGTH 8
+
+#define TOKEN_HAS_TRAVERSE_PRIVILEGE 0x01
+#define TOKEN_HAS_BACKUP_PRIVILEGE 0x02
+#define TOKEN_HAS_RESTORE_PRIVILEGE 0x04
+#define TOKEN_HAS_ADMIN_GROUP 0x08
+#define TOKEN_IS_RESTRICTED 0x10
+
+#define VACB_MAPPING_GRANULARITY (0x40000)
+#define VACB_OFFSET_SHIFT (18)
+
+#define FSCTL_REQUEST_OPLOCK_LEVEL_1 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 0, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_REQUEST_OPLOCK_LEVEL_2 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 1, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_REQUEST_BATCH_OPLOCK CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 2, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_OPLOCK_BREAK_ACKNOWLEDGE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 3, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_OPBATCH_ACK_CLOSE_PENDING CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 4, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_OPLOCK_BREAK_NOTIFY CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 5, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_LOCK_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 6, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_UNLOCK_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 7, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_DISMOUNT_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 8, METHOD_BUFFERED, FILE_ANY_ACCESS)
+
+#define FSCTL_IS_VOLUME_MOUNTED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 10, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_IS_PATHNAME_VALID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 11, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_MARK_VOLUME_DIRTY CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 12, METHOD_BUFFERED, FILE_ANY_ACCESS)
+
+#define FSCTL_QUERY_RETRIEVAL_POINTERS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 14, METHOD_NEITHER, FILE_ANY_ACCESS)
+#define FSCTL_GET_COMPRESSION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 15, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_SET_COMPRESSION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 16, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA)
+
+
+#define FSCTL_MARK_AS_SYSTEM_HIVE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 19, METHOD_NEITHER, FILE_ANY_ACCESS)
+#define FSCTL_OPLOCK_BREAK_ACK_NO_2 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 20, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_INVALIDATE_VOLUMES CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 21, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_QUERY_FAT_BPB CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 22, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_REQUEST_FILTER_OPLOCK CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 23, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_FILESYSTEM_GET_STATISTICS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 24, METHOD_BUFFERED, FILE_ANY_ACCESS)
+
+#if (VER_PRODUCTBUILD >= 1381)
+
+#define FSCTL_GET_NTFS_VOLUME_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 25, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_GET_NTFS_FILE_RECORD CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 26, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_GET_VOLUME_BITMAP CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 27, METHOD_NEITHER, FILE_ANY_ACCESS)
+#define FSCTL_GET_RETRIEVAL_POINTERS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 28, METHOD_NEITHER, FILE_ANY_ACCESS)
+#define FSCTL_MOVE_FILE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 29, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_IS_VOLUME_DIRTY CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 30, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_GET_HFS_INFORMATION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 31, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_ALLOW_EXTENDED_DASD_IO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 32, METHOD_NEITHER, FILE_ANY_ACCESS)
+
+#endif // (VER_PRODUCTBUILD >= 1381)
+
+#if (VER_PRODUCTBUILD >= 2195)
+
+#define FSCTL_READ_PROPERTY_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 33, METHOD_NEITHER, FILE_ANY_ACCESS)
+#define FSCTL_WRITE_PROPERTY_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 34, METHOD_NEITHER, FILE_ANY_ACCESS)
+#define FSCTL_FIND_FILES_BY_SID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 35, METHOD_NEITHER, FILE_ANY_ACCESS)
+
+#define FSCTL_DUMP_PROPERTY_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 37, METHOD_NEITHER, FILE_ANY_ACCESS)
+#define FSCTL_SET_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 38, METHOD_BUFFERED, FILE_WRITE_DATA)
+#define FSCTL_GET_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 39, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_DELETE_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 40, METHOD_BUFFERED, FILE_WRITE_DATA)
+#define FSCTL_SET_REPARSE_POINT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 41, METHOD_BUFFERED, FILE_WRITE_DATA)
+#define FSCTL_GET_REPARSE_POINT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 42, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_DELETE_REPARSE_POINT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 43, METHOD_BUFFERED, FILE_WRITE_DATA)
+#define FSCTL_ENUM_USN_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 44, METHOD_NEITHER, FILE_READ_DATA)
+#define FSCTL_SECURITY_ID_CHECK CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 45, METHOD_NEITHER, FILE_READ_DATA)
+#define FSCTL_READ_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 46, METHOD_NEITHER, FILE_READ_DATA)
+#define FSCTL_SET_OBJECT_ID_EXTENDED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 47, METHOD_BUFFERED, FILE_WRITE_DATA)
+#define FSCTL_CREATE_OR_GET_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 48, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_SET_SPARSE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 49, METHOD_BUFFERED, FILE_WRITE_DATA)
+#define FSCTL_SET_ZERO_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 50, METHOD_BUFFERED, FILE_WRITE_DATA)
+#define FSCTL_QUERY_ALLOCATED_RANGES CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 51, METHOD_NEITHER, FILE_READ_DATA)
+#define FSCTL_ENABLE_UPGRADE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 52, METHOD_BUFFERED, FILE_WRITE_DATA)
+#define FSCTL_SET_ENCRYPTION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 53, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_ENCRYPTION_FSCTL_IO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 54, METHOD_NEITHER, FILE_ANY_ACCESS)
+#define FSCTL_WRITE_RAW_ENCRYPTED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 55, METHOD_NEITHER, FILE_ANY_ACCESS)
+#define FSCTL_READ_RAW_ENCRYPTED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 56, METHOD_NEITHER, FILE_ANY_ACCESS)
+#define FSCTL_CREATE_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 57, METHOD_NEITHER, FILE_READ_DATA)
+#define FSCTL_READ_FILE_USN_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 58, METHOD_NEITHER, FILE_READ_DATA)
+#define FSCTL_WRITE_USN_CLOSE_RECORD CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 59, METHOD_NEITHER, FILE_READ_DATA)
+#define FSCTL_EXTEND_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 60, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_QUERY_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 61, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_DELETE_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 62, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_MARK_HANDLE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 63, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_SIS_COPYFILE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 64, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_SIS_LINK_FILES CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 65, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA)
+#define FSCTL_HSM_MSG CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 66, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA)
+#define FSCTL_NSS_CONTROL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 67, METHOD_BUFFERED, FILE_WRITE_DATA)
+#define FSCTL_HSM_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 68, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA)
+#define FSCTL_RECALL_FILE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 69, METHOD_NEITHER, FILE_ANY_ACCESS)
+#define FSCTL_NSS_RCONTROL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 70, METHOD_BUFFERED, FILE_READ_DATA)
+#define FSCTL_READ_FROM_PLEX CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 71, METHOD_OUT_DIRECT, FILE_READ_DATA)
+#define FSCTL_FILE_PREFETCH CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 72, METHOD_BUFFERED, FILE_SPECIAL_ACCESS)
+
+#endif // (VER_PRODUCTBUILD >= 2195)
+
+#define FSCTL_MAILSLOT_PEEK CTL_CODE(FILE_DEVICE_MAILSLOT, 0, METHOD_NEITHER, FILE_READ_DATA)
+
+#define FSCTL_NETWORK_SET_CONFIGURATION_INFO CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 102, METHOD_IN_DIRECT, FILE_ANY_ACCESS)
+#define FSCTL_NETWORK_GET_CONFIGURATION_INFO CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 103, METHOD_OUT_DIRECT, FILE_ANY_ACCESS)
+#define FSCTL_NETWORK_GET_CONNECTION_INFO CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 104, METHOD_NEITHER, FILE_ANY_ACCESS)
+#define FSCTL_NETWORK_ENUMERATE_CONNECTIONS CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 105, METHOD_NEITHER, FILE_ANY_ACCESS)
+#define FSCTL_NETWORK_DELETE_CONNECTION CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 107, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_NETWORK_GET_STATISTICS CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 116, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_NETWORK_SET_DOMAIN_NAME CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 120, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_NETWORK_REMOTE_BOOT_INIT_SCRT CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 250, METHOD_BUFFERED, FILE_ANY_ACCESS)
+
+#define FSCTL_PIPE_ASSIGN_EVENT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 0, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_PIPE_DISCONNECT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 1, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_PIPE_LISTEN CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_PIPE_PEEK CTL_CODE(FILE_DEVICE_NAMED_PIPE, 3, METHOD_BUFFERED, FILE_READ_DATA)
+#define FSCTL_PIPE_QUERY_EVENT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 4, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_PIPE_TRANSCEIVE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 5, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA)
+#define FSCTL_PIPE_WAIT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 6, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_PIPE_IMPERSONATE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 7, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_PIPE_SET_CLIENT_PROCESS CTL_CODE(FILE_DEVICE_NAMED_PIPE, 8, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_PIPE_QUERY_CLIENT_PROCESS CTL_CODE(FILE_DEVICE_NAMED_PIPE, 9, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_PIPE_INTERNAL_READ CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2045, METHOD_BUFFERED, FILE_READ_DATA)
+#define FSCTL_PIPE_INTERNAL_WRITE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2046, METHOD_BUFFERED, FILE_WRITE_DATA)
+#define FSCTL_PIPE_INTERNAL_TRANSCEIVE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2047, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA)
+#define FSCTL_PIPE_INTERNAL_READ_OVFLOW CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2048, METHOD_BUFFERED, FILE_READ_DATA)
+
+#define IOCTL_REDIR_QUERY_PATH CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 99, METHOD_NEITHER, FILE_ANY_ACCESS)
+
+typedef PVOID PEJOB;
+typedef PVOID OPLOCK, *POPLOCK;
+typedef PVOID PWOW64_PROCESS;
+
+typedef struct _CACHE_MANAGER_CALLBACKS *PCACHE_MANAGER_CALLBACKS;
+typedef struct _EPROCESS_QUOTA_BLOCK *PEPROCESS_QUOTA_BLOCK;
+typedef struct _FILE_GET_QUOTA_INFORMATION *PFILE_GET_QUOTA_INFORMATION;
+typedef struct _HANDLE_TABLE *PHANDLE_TABLE;
+typedef struct _KEVENT_PAIR *PKEVENT_PAIR;
+typedef struct _KPROCESS *PKPROCESS;
+typedef struct _KQUEUE *PKQUEUE;
+typedef struct _KTRAP_FRAME *PKTRAP_FRAME;
+typedef struct _MAILSLOT_CREATE_PARAMETERS *PMAILSLOT_CREATE_PARAMETERS;
+typedef struct _MMWSL *PMMWSL;
+typedef struct _NAMED_PIPE_CREATE_PARAMETERS *PNAMED_PIPE_CREATE_PARAMETERS;
+typedef struct _OBJECT_DIRECTORY *POBJECT_DIRECTORY;
+typedef struct _PAGEFAULT_HISTORY *PPAGEFAULT_HISTORY;
+typedef struct _PS_IMPERSONATION_INFORMATION *PPS_IMPERSONATION_INFORMATION;
+typedef struct _SECTION_OBJECT *PSECTION_OBJECT;
+typedef struct _SHARED_CACHE_MAP *PSHARED_CACHE_MAP;
+typedef struct _TERMINATION_PORT *PTERMINATION_PORT;
+typedef struct _VACB *PVACB;
+typedef struct _VAD_HEADER *PVAD_HEADER;
+
+typedef struct _NOTIFY_SYNC
+{
+ ULONG Unknown0;
+ ULONG Unknown1;
+ ULONG Unknown2;
+ USHORT Unknown3;
+ USHORT Unknown4;
+ ULONG Unknown5;
+ ULONG Unknown6;
+ ULONG Unknown7;
+ ULONG Unknown8;
+ ULONG Unknown9;
+ ULONG Unknown10;
+} NOTIFY_SYNC, * PNOTIFY_SYNC;
+
+typedef enum _FAST_IO_POSSIBLE {
+ FastIoIsNotPossible,
+ FastIoIsPossible,
+ FastIoIsQuestionable
+} FAST_IO_POSSIBLE;
+
+typedef enum _FILE_STORAGE_TYPE {
+ StorageTypeDefault = 1,
+ StorageTypeDirectory,
+ StorageTypeFile,
+ StorageTypeJunctionPoint,
+ StorageTypeCatalog,
+ StorageTypeStructuredStorage,
+ StorageTypeEmbedding,
+ StorageTypeStream
+} FILE_STORAGE_TYPE;
+
+typedef enum _IO_COMPLETION_INFORMATION_CLASS {
+ IoCompletionBasicInformation
+} IO_COMPLETION_INFORMATION_CLASS;
+
+typedef enum _OBJECT_INFO_CLASS {
+ ObjectBasicInfo,
+ ObjectNameInfo,
+ ObjectTypeInfo,
+ ObjectAllTypesInfo,
+ ObjectProtectionInfo
+} OBJECT_INFO_CLASS;
+
+typedef struct _HARDWARE_PTE_X86 {
+ ULONG Valid : 1;
+ ULONG Write : 1;
+ ULONG Owner : 1;
+ ULONG WriteThrough : 1;
+ ULONG CacheDisable : 1;
+ ULONG Accessed : 1;
+ ULONG Dirty : 1;
+ ULONG LargePage : 1;
+ ULONG Global : 1;
+ ULONG CopyOnWrite : 1;
+ ULONG Prototype : 1;
+ ULONG reserved : 1;
+ ULONG PageFrameNumber : 20;
+} HARDWARE_PTE_X86, *PHARDWARE_PTE_X86;
+
+typedef struct _KAPC_STATE {
+ LIST_ENTRY ApcListHead[2];
+ PKPROCESS Process;
+ BOOLEAN KernelApcInProgress;
+ BOOLEAN KernelApcPending;
+ BOOLEAN UserApcPending;
+} KAPC_STATE, *PKAPC_STATE;
+
+typedef struct _KGDTENTRY {
+ USHORT LimitLow;
+ USHORT BaseLow;
+ union {
+ struct {
+ UCHAR BaseMid;
+ UCHAR Flags1;
+ UCHAR Flags2;
+ UCHAR BaseHi;
+ } Bytes;
+ struct {
+ ULONG BaseMid : 8;
+ ULONG Type : 5;
+ ULONG Dpl : 2;
+ ULONG Pres : 1;
+ ULONG LimitHi : 4;
+ ULONG Sys : 1;
+ ULONG Reserved_0 : 1;
+ ULONG Default_Big : 1;
+ ULONG Granularity : 1;
+ ULONG BaseHi : 8;
+ } Bits;
+ } HighWord;
+} KGDTENTRY, *PKGDTENTRY;
+
+typedef struct _KIDTENTRY {
+ USHORT Offset;
+ USHORT Selector;
+ USHORT Access;
+ USHORT ExtendedOffset;
+} KIDTENTRY, *PKIDTENTRY;
+
+#if (VER_PRODUCTBUILD >= 2600)
+
+typedef struct _MMSUPPORT_FLAGS {
+ ULONG SessionSpace : 1;
+ ULONG BeingTrimmed : 1;
+ ULONG SessionLeader : 1;
+ ULONG TrimHard : 1;
+ ULONG WorkingSetHard : 1;
+ ULONG AddressSpaceBeingDeleted : 1;
+ ULONG Available : 10;
+ ULONG AllowWorkingSetAdjustment : 8;
+ ULONG MemoryPriority : 8;
+} MMSUPPORT_FLAGS, *PMMSUPPORT_FLAGS;
+
+#else
+
+typedef struct _MMSUPPORT_FLAGS {
+ ULONG SessionSpace : 1;
+ ULONG BeingTrimmed : 1;
+ ULONG ProcessInSession : 1;
+ ULONG SessionLeader : 1;
+ ULONG TrimHard : 1;
+ ULONG WorkingSetHard : 1;
+ ULONG WriteWatch : 1;
+ ULONG Filler : 25;
+} MMSUPPORT_FLAGS, *PMMSUPPORT_FLAGS;
+
+#endif
+
+#if (VER_PRODUCTBUILD >= 2600)
+
+typedef struct _MMSUPPORT {
+ LARGE_INTEGER LastTrimTime;
+ MMSUPPORT_FLAGS Flags;
+ ULONG PageFaultCount;
+ ULONG PeakWorkingSetSize;
+ ULONG WorkingSetSize;
+ ULONG MinimumWorkingSetSize;
+ ULONG MaximumWorkingSetSize;
+ PMMWSL VmWorkingSetList;
+ LIST_ENTRY WorkingSetExpansionLinks;
+ ULONG Claim;
+ ULONG NextEstimationSlot;
+ ULONG NextAgingSlot;
+ ULONG EstimatedAvailable;
+ ULONG GrowthSinceLastEstimate;
+} MMSUPPORT, *PMMSUPPORT;
+
+#else
+
+typedef struct _MMSUPPORT {
+ LARGE_INTEGER LastTrimTime;
+ ULONG LastTrimFaultCount;
+ ULONG PageFaultCount;
+ ULONG PeakWorkingSetSize;
+ ULONG WorkingSetSize;
+ ULONG MinimumWorkingSetSize;
+ ULONG MaximumWorkingSetSize;
+ PMMWSL VmWorkingSetList;
+ LIST_ENTRY WorkingSetExpansionLinks;
+ BOOLEAN AllowWorkingSetAdjustment;
+ BOOLEAN AddressSpaceBeingDeleted;
+ UCHAR ForegroundSwitchCount;
+ UCHAR MemoryPriority;
+#if (VER_PRODUCTBUILD >= 2195)
+ union {
+ ULONG LongFlags;
+ MMSUPPORT_FLAGS Flags;
+ } u;
+ ULONG Claim;
+ ULONG NextEstimationSlot;
+ ULONG NextAgingSlot;
+ ULONG EstimatedAvailable;
+ ULONG GrowthSinceLastEstimate;
+#endif // (VER_PRODUCTBUILD >= 2195)
+} MMSUPPORT, *PMMSUPPORT;
+
+#endif
+
+typedef struct _SE_AUDIT_PROCESS_CREATION_INFO {
+ POBJECT_NAME_INFORMATION ImageFileName;
+} SE_AUDIT_PROCESS_CREATION_INFO, *PSE_AUDIT_PROCESS_CREATION_INFO;
+
+typedef struct _BITMAP_RANGE {
+ LIST_ENTRY Links;
+ LARGE_INTEGER BasePage;
+ ULONG FirstDirtyPage;
+ ULONG LastDirtyPage;
+ ULONG DirtyPages;
+ PULONG Bitmap;
+} BITMAP_RANGE, *PBITMAP_RANGE;
+
+typedef struct _CACHE_UNINITIALIZE_EVENT {
+ struct _CACHE_UNINITIALIZE_EVENT *Next;
+ KEVENT Event;
+} CACHE_UNINITIALIZE_EVENT, *PCACHE_UNINITIALIZE_EVENT;
+
+typedef struct _CC_FILE_SIZES {
+ LARGE_INTEGER AllocationSize;
+ LARGE_INTEGER FileSize;
+ LARGE_INTEGER ValidDataLength;
+} CC_FILE_SIZES, *PCC_FILE_SIZES;
+
+typedef struct _COMPRESSED_DATA_INFO {
+ USHORT CompressionFormatAndEngine;
+ UCHAR CompressionUnitShift;
+ UCHAR ChunkShift;
+ UCHAR ClusterShift;
+ UCHAR Reserved;
+ USHORT NumberOfChunks;
+ ULONG CompressedChunkSizes[ANYSIZE_ARRAY];
+} COMPRESSED_DATA_INFO, *PCOMPRESSED_DATA_INFO;
+
+typedef struct _DEVICE_MAP {
+ POBJECT_DIRECTORY DosDevicesDirectory;
+ POBJECT_DIRECTORY GlobalDosDevicesDirectory;
+ ULONG ReferenceCount;
+ ULONG DriveMap;
+ UCHAR DriveType[32];
+} DEVICE_MAP, *PDEVICE_MAP;
+
+#if (VER_PRODUCTBUILD >= 2600)
+
+typedef struct _EX_FAST_REF {
+ union {
+ PVOID Object;
+ ULONG RefCnt : 3;
+ ULONG Value;
+ };
+} EX_FAST_REF, *PEX_FAST_REF;
+
+typedef struct _EX_PUSH_LOCK {
+ union {
+ struct {
+ ULONG Waiting : 1;
+ ULONG Exclusive : 1;
+ ULONG Shared : 30;
+ };
+ ULONG Value;
+ PVOID Ptr;
+ };
+} EX_PUSH_LOCK, *PEX_PUSH_LOCK;
+
+typedef struct _EX_RUNDOWN_REF {
+ union {
+ ULONG Count;
+ PVOID Ptr;
+ };
+} EX_RUNDOWN_REF, *PEX_RUNDOWN_REF;
+
+#endif
+
+typedef struct _EPROCESS_QUOTA_ENTRY {
+ ULONG Usage;
+ ULONG Limit;
+ ULONG Peak;
+ ULONG Return;
+} EPROCESS_QUOTA_ENTRY, *PEPROCESS_QUOTA_ENTRY;
+
+typedef struct _EPROCESS_QUOTA_BLOCK {
+ EPROCESS_QUOTA_ENTRY QuotaEntry[3];
+ LIST_ENTRY QuotaList;
+ ULONG ReferenceCount;
+ ULONG ProcessCount;
+} EPROCESS_QUOTA_BLOCK, *PEPROCESS_QUOTA_BLOCK;
+
+/*
+ * When needing these parameters cast your PIO_STACK_LOCATION to
+ * PEXTENDED_IO_STACK_LOCATION
+ */
+#if !defined(_ALPHA_)
+#include <pshpack4.h>
+#endif
+typedef struct _EXTENDED_IO_STACK_LOCATION {
+
+ /* Included for padding */
+ UCHAR MajorFunction;
+ UCHAR MinorFunction;
+ UCHAR Flags;
+ UCHAR Control;
+
+ union {
+
+ struct {
+ PIO_SECURITY_CONTEXT SecurityContext;
+ ULONG Options;
+ USHORT Reserved;
+ USHORT ShareAccess;
+ PMAILSLOT_CREATE_PARAMETERS Parameters;
+ } CreateMailslot;
+
+ struct {
+ PIO_SECURITY_CONTEXT SecurityContext;
+ ULONG Options;
+ USHORT Reserved;
+ USHORT ShareAccess;
+ PNAMED_PIPE_CREATE_PARAMETERS Parameters;
+ } CreatePipe;
+
+ struct {
+ ULONG OutputBufferLength;
+ ULONG InputBufferLength;
+ ULONG FsControlCode;
+ PVOID Type3InputBuffer;
+ } FileSystemControl;
+
+ struct {
+ PLARGE_INTEGER Length;
+ ULONG Key;
+ LARGE_INTEGER ByteOffset;
+ } LockControl;
+
+ struct {
+ ULONG Length;
+ ULONG CompletionFilter;
+ } NotifyDirectory;
+
+ struct {
+ ULONG Length;
+ PUNICODE_STRING FileName;
+ FILE_INFORMATION_CLASS FileInformationClass;
+ ULONG FileIndex;
+ } QueryDirectory;
+
+ struct {
+ ULONG Length;
+ PVOID EaList;
+ ULONG EaListLength;
+ ULONG EaIndex;
+ } QueryEa;
+
+ struct {
+ ULONG Length;
+ PSID StartSid;
+ PFILE_GET_QUOTA_INFORMATION SidList;
+ ULONG SidListLength;
+ } QueryQuota;
+
+ struct {
+ ULONG Length;
+ } SetEa;
+
+ struct {
+ ULONG Length;
+ } SetQuota;
+
+ struct {
+ ULONG Length;
+ FS_INFORMATION_CLASS FsInformationClass;
+ } SetVolume;
+
+ } Parameters;
+ PDEVICE_OBJECT DeviceObject;
+ PFILE_OBJECT FileObject;
+ PIO_COMPLETION_ROUTINE CompletionRoutine;
+ PVOID Context;
+
+} EXTENDED_IO_STACK_LOCATION, *PEXTENDED_IO_STACK_LOCATION;
+#if !defined(_ALPHA_)
+#include <poppack.h>
+#endif
+
+typedef struct _FILE_ACCESS_INFORMATION {
+ ACCESS_MASK AccessFlags;
+} FILE_ACCESS_INFORMATION, *PFILE_ACCESS_INFORMATION;
+
+typedef struct _FILE_ALLOCATION_INFORMATION {
+ LARGE_INTEGER AllocationSize;
+} FILE_ALLOCATION_INFORMATION, *PFILE_ALLOCATION_INFORMATION;
+
+typedef struct _FILE_BOTH_DIR_INFORMATION {
+ ULONG NextEntryOffset;
+ ULONG FileIndex;
+ LARGE_INTEGER CreationTime;
+ LARGE_INTEGER LastAccessTime;
+ LARGE_INTEGER LastWriteTime;
+ LARGE_INTEGER ChangeTime;
+ LARGE_INTEGER EndOfFile;
+ LARGE_INTEGER AllocationSize;
+ ULONG FileAttributes;
+ ULONG FileNameLength;
+ ULONG EaSize;
+ CCHAR ShortNameLength;
+ WCHAR ShortName[12];
+ WCHAR FileName[1];
+} FILE_BOTH_DIR_INFORMATION, *PFILE_BOTH_DIR_INFORMATION;
+
+typedef struct _FILE_COMPLETION_INFORMATION {
+ HANDLE Port;
+ ULONG Key;
+} FILE_COMPLETION_INFORMATION, *PFILE_COMPLETION_INFORMATION;
+
+typedef struct _FILE_COMPRESSION_INFORMATION {
+ LARGE_INTEGER CompressedFileSize;
+ USHORT CompressionFormat;
+ UCHAR CompressionUnitShift;
+ UCHAR ChunkShift;
+ UCHAR ClusterShift;
+ UCHAR Reserved[3];
+} FILE_COMPRESSION_INFORMATION, *PFILE_COMPRESSION_INFORMATION;
+
+typedef struct _FILE_COPY_ON_WRITE_INFORMATION {
+ BOOLEAN ReplaceIfExists;
+ HANDLE RootDirectory;
+ ULONG FileNameLength;
+ WCHAR FileName[1];
+} FILE_COPY_ON_WRITE_INFORMATION, *PFILE_COPY_ON_WRITE_INFORMATION;
+
+typedef struct _FILE_DIRECTORY_INFORMATION {
+ ULONG NextEntryOffset;
+ ULONG FileIndex;
+ LARGE_INTEGER CreationTime;
+ LARGE_INTEGER LastAccessTime;
+ LARGE_INTEGER LastWriteTime;
+ LARGE_INTEGER ChangeTime;
+ LARGE_INTEGER EndOfFile;
+ LARGE_INTEGER AllocationSize;
+ ULONG FileAttributes;
+ ULONG FileNameLength;
+ WCHAR FileName[1];
+} FILE_DIRECTORY_INFORMATION, *PFILE_DIRECTORY_INFORMATION;
+
+typedef struct _FILE_FULL_DIRECTORY_INFORMATION {
+ ULONG NextEntryOffset;
+ ULONG FileIndex;
+ LARGE_INTEGER CreationTime;
+ LARGE_INTEGER LastAccessTime;
+ LARGE_INTEGER LastWriteTime;
+ LARGE_INTEGER ChangeTime;
+ LARGE_INTEGER EndOfFile;
+ LARGE_INTEGER AllocationSize;
+ ULONG FileAttributes;
+ ULONG FileNameLength;
+ ULONG EaSize;
+ WCHAR FileName[0];
+} FILE_FULL_DIRECTORY_INFORMATION, *PFILE_FULL_DIRECTORY_INFORMATION;
+
+typedef struct _FILE_BOTH_DIRECTORY_INFORMATION {
+ ULONG NextEntryOffset;
+ ULONG FileIndex;
+ LARGE_INTEGER CreationTime;
+ LARGE_INTEGER LastAccessTime;
+ LARGE_INTEGER LastWriteTime;
+ LARGE_INTEGER ChangeTime;
+ LARGE_INTEGER EndOfFile;
+ LARGE_INTEGER AllocationSize;
+ ULONG FileAttributes;
+ ULONG FileNameLength;
+ ULONG EaSize;
+ CHAR ShortNameLength;
+ WCHAR ShortName[12];
+ WCHAR FileName[0];
+} FILE_BOTH_DIRECTORY_INFORMATION, *PFILE_BOTH_DIRECTORY_INFORMATION;
+
+typedef struct _FILE_EA_INFORMATION {
+ ULONG EaSize;
+} FILE_EA_INFORMATION, *PFILE_EA_INFORMATION;
+
+typedef struct _FILE_FS_ATTRIBUTE_INFORMATION {
+ ULONG FileSystemAttributes;
+ ULONG MaximumComponentNameLength;
+ ULONG FileSystemNameLength;
+ WCHAR FileSystemName[1];
+} FILE_FS_ATTRIBUTE_INFORMATION, *PFILE_FS_ATTRIBUTE_INFORMATION;
+
+typedef struct _FILE_FS_CONTROL_INFORMATION {
+ LARGE_INTEGER FreeSpaceStartFiltering;
+ LARGE_INTEGER FreeSpaceThreshold;
+ LARGE_INTEGER FreeSpaceStopFiltering;
+ LARGE_INTEGER DefaultQuotaThreshold;
+ LARGE_INTEGER DefaultQuotaLimit;
+ ULONG FileSystemControlFlags;
+} FILE_FS_CONTROL_INFORMATION, *PFILE_FS_CONTROL_INFORMATION;
+
+typedef struct _FILE_FS_FULL_SIZE_INFORMATION {
+ LARGE_INTEGER TotalAllocationUnits;
+ LARGE_INTEGER CallerAvailableAllocationUnits;
+ LARGE_INTEGER ActualAvailableAllocationUnits;
+ ULONG SectorsPerAllocationUnit;
+ ULONG BytesPerSector;
+} FILE_FS_FULL_SIZE_INFORMATION, *PFILE_FS_FULL_SIZE_INFORMATION;
+
+typedef struct _FILE_FS_LABEL_INFORMATION {
+ ULONG VolumeLabelLength;
+ WCHAR VolumeLabel[1];
+} FILE_FS_LABEL_INFORMATION, *PFILE_FS_LABEL_INFORMATION;
+
+#if (VER_PRODUCTBUILD >= 2195)
+
+typedef struct _FILE_FS_OBJECT_ID_INFORMATION {
+ UCHAR ObjectId[16];
+ UCHAR ExtendedInfo[48];
+} FILE_FS_OBJECT_ID_INFORMATION, *PFILE_FS_OBJECT_ID_INFORMATION;
+
+#endif // (VER_PRODUCTBUILD >= 2195)
+
+typedef struct _FILE_FS_SIZE_INFORMATION {
+ LARGE_INTEGER TotalAllocationUnits;
+ LARGE_INTEGER AvailableAllocationUnits;
+ ULONG SectorsPerAllocationUnit;
+ ULONG BytesPerSector;
+} FILE_FS_SIZE_INFORMATION, *PFILE_FS_SIZE_INFORMATION;
+
+typedef struct _FILE_FS_VOLUME_INFORMATION {
+ LARGE_INTEGER VolumeCreationTime;
+ ULONG VolumeSerialNumber;
+ ULONG VolumeLabelLength;
+ BOOLEAN SupportsObjects;
+ WCHAR VolumeLabel[1];
+} FILE_FS_VOLUME_INFORMATION, *PFILE_FS_VOLUME_INFORMATION;
+
+typedef struct _FILE_FULL_DIR_INFORMATION {
+ ULONG NextEntryOffset;
+ ULONG FileIndex;
+ LARGE_INTEGER CreationTime;
+ LARGE_INTEGER LastAccessTime;
+ LARGE_INTEGER LastWriteTime;
+ LARGE_INTEGER ChangeTime;
+ LARGE_INTEGER EndOfFile;
+ LARGE_INTEGER AllocationSize;
+ ULONG FileAttributes;
+ ULONG FileNameLength;
+ ULONG EaSize;
+ WCHAR FileName[1];
+} FILE_FULL_DIR_INFORMATION, *PFILE_FULL_DIR_INFORMATION;
+
+typedef struct _FILE_GET_EA_INFORMATION {
+ ULONG NextEntryOffset;
+ UCHAR EaNameLength;
+ CHAR EaName[1];
+} FILE_GET_EA_INFORMATION, *PFILE_GET_EA_INFORMATION;
+
+typedef struct _FILE_GET_QUOTA_INFORMATION {
+ ULONG NextEntryOffset;
+ ULONG SidLength;
+ SID Sid;
+} FILE_GET_QUOTA_INFORMATION, *PFILE_GET_QUOTA_INFORMATION;
+
+typedef struct _FILE_INTERNAL_INFORMATION {
+ LARGE_INTEGER IndexNumber;
+} FILE_INTERNAL_INFORMATION, *PFILE_INTERNAL_INFORMATION;
+
+typedef struct _FILE_LINK_INFORMATION {
+ BOOLEAN ReplaceIfExists;
+ HANDLE RootDirectory;
+ ULONG FileNameLength;
+ WCHAR FileName[1];
+} FILE_LINK_INFORMATION, *PFILE_LINK_INFORMATION;
+
+typedef struct _FILE_LOCK_INFO {
+ LARGE_INTEGER StartingByte;
+ LARGE_INTEGER Length;
+ BOOLEAN ExclusiveLock;
+ ULONG Key;
+ PFILE_OBJECT FileObject;
+ PEPROCESS Process;
+ LARGE_INTEGER EndingByte;
+} FILE_LOCK_INFO, *PFILE_LOCK_INFO;
+
+// raw internal file lock struct returned from FsRtlGetNextFileLock
+typedef struct _FILE_SHARED_LOCK_ENTRY {
+ PVOID Unknown1;
+ PVOID Unknown2;
+ FILE_LOCK_INFO FileLock;
+} FILE_SHARED_LOCK_ENTRY, *PFILE_SHARED_LOCK_ENTRY;
+
+// raw internal file lock struct returned from FsRtlGetNextFileLock
+typedef struct _FILE_EXCLUSIVE_LOCK_ENTRY {
+ LIST_ENTRY ListEntry;
+ PVOID Unknown1;
+ PVOID Unknown2;
+ FILE_LOCK_INFO FileLock;
+} FILE_EXCLUSIVE_LOCK_ENTRY, *PFILE_EXCLUSIVE_LOCK_ENTRY;
+
+typedef NTSTATUS (*PCOMPLETE_LOCK_IRP_ROUTINE) (
+ IN PVOID Context,
+ IN PIRP Irp
+);
+
+typedef VOID (NTAPI *PUNLOCK_ROUTINE) (
+ IN PVOID Context,
+ IN PFILE_LOCK_INFO FileLockInfo
+);
+
+typedef struct _FILE_LOCK {
+ PCOMPLETE_LOCK_IRP_ROUTINE CompleteLockIrpRoutine;
+ PUNLOCK_ROUTINE UnlockRoutine;
+ BOOLEAN FastIoIsQuestionable;
+ BOOLEAN Pad[3];
+ PVOID LockInformation;
+ FILE_LOCK_INFO LastReturnedLockInfo;
+ PVOID LastReturnedLock;
+} FILE_LOCK, *PFILE_LOCK;
+
+typedef struct _FILE_MAILSLOT_PEEK_BUFFER {
+ ULONG ReadDataAvailable;
+ ULONG NumberOfMessages;
+ ULONG MessageLength;
+} FILE_MAILSLOT_PEEK_BUFFER, *PFILE_MAILSLOT_PEEK_BUFFER;
+
+typedef struct _FILE_MAILSLOT_QUERY_INFORMATION {
+ ULONG MaximumMessageSize;
+ ULONG MailslotQuota;
+ ULONG NextMessageSize;
+ ULONG MessagesAvailable;
+ LARGE_INTEGER ReadTimeout;
+} FILE_MAILSLOT_QUERY_INFORMATION, *PFILE_MAILSLOT_QUERY_INFORMATION;
+
+typedef struct _FILE_MAILSLOT_SET_INFORMATION {
+ LARGE_INTEGER ReadTimeout;
+} FILE_MAILSLOT_SET_INFORMATION, *PFILE_MAILSLOT_SET_INFORMATION;
+
+typedef struct _FILE_MODE_INFORMATION {
+ ULONG Mode;
+} FILE_MODE_INFORMATION, *PFILE_MODE_INFORMATION;
+
+typedef struct _FILE_ALL_INFORMATION {
+ FILE_BASIC_INFORMATION BasicInformation;
+ FILE_STANDARD_INFORMATION StandardInformation;
+ FILE_INTERNAL_INFORMATION InternalInformation;
+ FILE_EA_INFORMATION EaInformation;
+ FILE_ACCESS_INFORMATION AccessInformation;
+ FILE_POSITION_INFORMATION PositionInformation;
+ FILE_MODE_INFORMATION ModeInformation;
+ FILE_ALIGNMENT_INFORMATION AlignmentInformation;
+ FILE_NAME_INFORMATION NameInformation;
+} FILE_ALL_INFORMATION, *PFILE_ALL_INFORMATION;
+
+typedef struct _FILE_NAMES_INFORMATION {
+ ULONG NextEntryOffset;
+ ULONG FileIndex;
+ ULONG FileNameLength;
+ WCHAR FileName[1];
+} FILE_NAMES_INFORMATION, *PFILE_NAMES_INFORMATION;
+
+typedef struct _FILE_OBJECTID_INFORMATION {
+ LONGLONG FileReference;
+ UCHAR ObjectId[16];
+ union {
+ struct {
+ UCHAR BirthVolumeId[16];
+ UCHAR BirthObjectId[16];
+ UCHAR DomainId[16];
+ } ;
+ UCHAR ExtendedInfo[48];
+ };
+} FILE_OBJECTID_INFORMATION, *PFILE_OBJECTID_INFORMATION;
+
+typedef struct _FILE_OLE_CLASSID_INFORMATION {
+ GUID ClassId;
+} FILE_OLE_CLASSID_INFORMATION, *PFILE_OLE_CLASSID_INFORMATION;
+
+typedef struct _FILE_OLE_ALL_INFORMATION {
+ FILE_BASIC_INFORMATION BasicInformation;
+ FILE_STANDARD_INFORMATION StandardInformation;
+ FILE_INTERNAL_INFORMATION InternalInformation;
+ FILE_EA_INFORMATION EaInformation;
+ FILE_ACCESS_INFORMATION AccessInformation;
+ FILE_POSITION_INFORMATION PositionInformation;
+ FILE_MODE_INFORMATION ModeInformation;
+ FILE_ALIGNMENT_INFORMATION AlignmentInformation;
+ USN LastChangeUsn;
+ USN ReplicationUsn;
+ LARGE_INTEGER SecurityChangeTime;
+ FILE_OLE_CLASSID_INFORMATION OleClassIdInformation;
+ FILE_OBJECTID_INFORMATION ObjectIdInformation;
+ FILE_STORAGE_TYPE StorageType;
+ ULONG OleStateBits;
+ ULONG OleId;
+ ULONG NumberOfStreamReferences;
+ ULONG StreamIndex;
+ ULONG SecurityId;
+ BOOLEAN ContentIndexDisable;
+ BOOLEAN InheritContentIndexDisable;
+ FILE_NAME_INFORMATION NameInformation;
+} FILE_OLE_ALL_INFORMATION, *PFILE_OLE_ALL_INFORMATION;
+
+typedef struct _FILE_OLE_DIR_INFORMATION {
+ ULONG NextEntryOffset;
+ ULONG FileIndex;
+ LARGE_INTEGER CreationTime;
+ LARGE_INTEGER LastAccessTime;
+ LARGE_INTEGER LastWriteTime;
+ LARGE_INTEGER ChangeTime;
+ LARGE_INTEGER EndOfFile;
+ LARGE_INTEGER AllocationSize;
+ ULONG FileAttributes;
+ ULONG FileNameLength;
+ FILE_STORAGE_TYPE StorageType;
+ GUID OleClassId;
+ ULONG OleStateBits;
+ BOOLEAN ContentIndexDisable;
+ BOOLEAN InheritContentIndexDisable;
+ WCHAR FileName[1];
+} FILE_OLE_DIR_INFORMATION, *PFILE_OLE_DIR_INFORMATION;
+
+typedef struct _FILE_OLE_INFORMATION {
+ LARGE_INTEGER SecurityChangeTime;
+ FILE_OLE_CLASSID_INFORMATION OleClassIdInformation;
+ FILE_OBJECTID_INFORMATION ObjectIdInformation;
+ FILE_STORAGE_TYPE StorageType;
+ ULONG OleStateBits;
+ BOOLEAN ContentIndexDisable;
+ BOOLEAN InheritContentIndexDisable;
+} FILE_OLE_INFORMATION, *PFILE_OLE_INFORMATION;
+
+typedef struct _FILE_OLE_STATE_BITS_INFORMATION {
+ ULONG StateBits;
+ ULONG StateBitsMask;
+} FILE_OLE_STATE_BITS_INFORMATION, *PFILE_OLE_STATE_BITS_INFORMATION;
+
+typedef struct _FILE_PIPE_ASSIGN_EVENT_BUFFER {
+ HANDLE EventHandle;
+ ULONG KeyValue;
+} FILE_PIPE_ASSIGN_EVENT_BUFFER, *PFILE_PIPE_ASSIGN_EVENT_BUFFER;
+
+typedef struct _FILE_PIPE_CLIENT_PROCESS_BUFFER {
+ PVOID ClientSession;
+ PVOID ClientProcess;
+} FILE_PIPE_CLIENT_PROCESS_BUFFER, *PFILE_PIPE_CLIENT_PROCESS_BUFFER;
+
+typedef struct _FILE_PIPE_EVENT_BUFFER {
+ ULONG NamedPipeState;
+ ULONG EntryType;
+ ULONG ByteCount;
+ ULONG KeyValue;
+ ULONG NumberRequests;
+} FILE_PIPE_EVENT_BUFFER, *PFILE_PIPE_EVENT_BUFFER;
+
+typedef struct _FILE_PIPE_INFORMATION {
+ ULONG ReadMode;
+ ULONG CompletionMode;
+} FILE_PIPE_INFORMATION, *PFILE_PIPE_INFORMATION;
+
+typedef struct _FILE_PIPE_LOCAL_INFORMATION {
+ ULONG NamedPipeType;
+ ULONG NamedPipeConfiguration;
+ ULONG MaximumInstances;
+ ULONG CurrentInstances;
+ ULONG InboundQuota;
+ ULONG ReadDataAvailable;
+ ULONG OutboundQuota;
+ ULONG WriteQuotaAvailable;
+ ULONG NamedPipeState;
+ ULONG NamedPipeEnd;
+} FILE_PIPE_LOCAL_INFORMATION, *PFILE_PIPE_LOCAL_INFORMATION;
+
+typedef struct _FILE_PIPE_REMOTE_INFORMATION {
+ LARGE_INTEGER CollectDataTime;
+ ULONG MaximumCollectionCount;
+} FILE_PIPE_REMOTE_INFORMATION, *PFILE_PIPE_REMOTE_INFORMATION;
+
+typedef struct _FILE_PIPE_WAIT_FOR_BUFFER {
+ LARGE_INTEGER Timeout;
+ ULONG NameLength;
+ BOOLEAN TimeoutSpecified;
+ WCHAR Name[1];
+} FILE_PIPE_WAIT_FOR_BUFFER, *PFILE_PIPE_WAIT_FOR_BUFFER;
+
+typedef struct _FILE_QUOTA_INFORMATION {
+ ULONG NextEntryOffset;
+ ULONG SidLength;
+ LARGE_INTEGER ChangeTime;
+ LARGE_INTEGER QuotaUsed;
+ LARGE_INTEGER QuotaThreshold;
+ LARGE_INTEGER QuotaLimit;
+ SID Sid;
+} FILE_QUOTA_INFORMATION, *PFILE_QUOTA_INFORMATION;
+
+typedef struct _FILE_RENAME_INFORMATION {
+ BOOLEAN ReplaceIfExists;
+ HANDLE RootDirectory;
+ ULONG FileNameLength;
+ WCHAR FileName[1];
+} FILE_RENAME_INFORMATION, *PFILE_RENAME_INFORMATION;
+
+typedef struct _FILE_STREAM_INFORMATION {
+ ULONG NextEntryOffset;
+ ULONG StreamNameLength;
+ LARGE_INTEGER StreamSize;
+ LARGE_INTEGER StreamAllocationSize;
+ WCHAR StreamName[1];
+} FILE_STREAM_INFORMATION, *PFILE_STREAM_INFORMATION;
+
+typedef struct _FILE_TRACKING_INFORMATION {
+ HANDLE DestinationFile;
+ ULONG ObjectInformationLength;
+ CHAR ObjectInformation[1];
+} FILE_TRACKING_INFORMATION, *PFILE_TRACKING_INFORMATION;
+
+typedef struct _FSRTL_COMMON_FCB_HEADER {
+ CSHORT NodeTypeCode;
+ CSHORT NodeByteSize;
+ UCHAR Flags;
+ UCHAR IsFastIoPossible;
+#if (VER_PRODUCTBUILD >= 1381)
+ UCHAR Flags2;
+ UCHAR Reserved;
+#endif // (VER_PRODUCTBUILD >= 1381)
+ PERESOURCE Resource;
+ PERESOURCE PagingIoResource;
+ LARGE_INTEGER AllocationSize;
+ LARGE_INTEGER FileSize;
+ LARGE_INTEGER ValidDataLength;
+} FSRTL_COMMON_FCB_HEADER, *PFSRTL_COMMON_FCB_HEADER;
+
+typedef struct _GENERATE_NAME_CONTEXT {
+ USHORT Checksum;
+ BOOLEAN CheckSumInserted;
+ UCHAR NameLength;
+ WCHAR NameBuffer[8];
+ ULONG ExtensionLength;
+ WCHAR ExtensionBuffer[4];
+ ULONG LastIndexValue;
+} GENERATE_NAME_CONTEXT, *PGENERATE_NAME_CONTEXT;
+
+typedef struct _HANDLE_TABLE_ENTRY {
+ PVOID Object;
+ ULONG ObjectAttributes;
+ ULONG GrantedAccess;
+ USHORT GrantedAccessIndex;
+ USHORT CreatorBackTraceIndex;
+ ULONG NextFreeTableEntry;
+} HANDLE_TABLE_ENTRY, *PHANDLE_TABLE_ENTRY;
+
+typedef struct _MAPPING_PAIR {
+ ULONGLONG Vcn;
+ ULONGLONG Lcn;
+} MAPPING_PAIR, *PMAPPING_PAIR;
+
+typedef struct _GET_RETRIEVAL_DESCRIPTOR {
+ ULONG NumberOfPairs;
+ ULONGLONG StartVcn;
+ MAPPING_PAIR Pair[1];
+} GET_RETRIEVAL_DESCRIPTOR, *PGET_RETRIEVAL_DESCRIPTOR;
+
+typedef struct _IO_CLIENT_EXTENSION {
+ struct _IO_CLIENT_EXTENSION *NextExtension;
+ PVOID ClientIdentificationAddress;
+} IO_CLIENT_EXTENSION, *PIO_CLIENT_EXTENSION;
+
+typedef struct _IO_COMPLETION_BASIC_INFORMATION {
+ LONG Depth;
+} IO_COMPLETION_BASIC_INFORMATION, *PIO_COMPLETION_BASIC_INFORMATION;
+
+typedef struct _KEVENT_PAIR {
+ USHORT Type;
+ USHORT Size;
+ KEVENT Event1;
+ KEVENT Event2;
+} KEVENT_PAIR, *PKEVENT_PAIR;
+
+typedef struct _KQUEUE {
+ DISPATCHER_HEADER Header;
+ LIST_ENTRY EntryListHead;
+ ULONG CurrentCount;
+ ULONG MaximumCount;
+ LIST_ENTRY ThreadListHead;
+} KQUEUE, *PKQUEUE, *RESTRICTED_POINTER PRKQUEUE;
+
+typedef struct _MAILSLOT_CREATE_PARAMETERS {
+ ULONG MailslotQuota;
+ ULONG MaximumMessageSize;
+ LARGE_INTEGER ReadTimeout;
+ BOOLEAN TimeoutSpecified;
+} MAILSLOT_CREATE_PARAMETERS, *PMAILSLOT_CREATE_PARAMETERS;
+
+typedef struct _MBCB {
+ CSHORT NodeTypeCode;
+ CSHORT NodeIsInZone;
+ ULONG PagesToWrite;
+ ULONG DirtyPages;
+ ULONG Reserved;
+ LIST_ENTRY BitmapRanges;
+ LONGLONG ResumeWritePage;
+ BITMAP_RANGE BitmapRange1;
+ BITMAP_RANGE BitmapRange2;
+ BITMAP_RANGE BitmapRange3;
+} MBCB, *PMBCB;
+
+typedef struct _MOVEFILE_DESCRIPTOR {
+ HANDLE FileHandle;
+ ULONG Reserved;
+ LARGE_INTEGER StartVcn;
+ LARGE_INTEGER TargetLcn;
+ ULONG NumVcns;
+ ULONG Reserved1;
+} MOVEFILE_DESCRIPTOR, *PMOVEFILE_DESCRIPTOR;
+
+typedef struct _NAMED_PIPE_CREATE_PARAMETERS {
+ ULONG NamedPipeType;
+ ULONG ReadMode;
+ ULONG CompletionMode;
+ ULONG MaximumInstances;
+ ULONG InboundQuota;
+ ULONG OutboundQuota;
+ LARGE_INTEGER DefaultTimeout;
+ BOOLEAN TimeoutSpecified;
+} NAMED_PIPE_CREATE_PARAMETERS, *PNAMED_PIPE_CREATE_PARAMETERS;
+
+typedef struct _OBJECT_BASIC_INFO {
+ ULONG Attributes;
+ ACCESS_MASK GrantedAccess;
+ ULONG HandleCount;
+ ULONG ReferenceCount;
+ ULONG PagedPoolUsage;
+ ULONG NonPagedPoolUsage;
+ ULONG Reserved[3];
+ ULONG NameInformationLength;
+ ULONG TypeInformationLength;
+ ULONG SecurityDescriptorLength;
+ LARGE_INTEGER CreateTime;
+} OBJECT_BASIC_INFO, *POBJECT_BASIC_INFO;
+
+typedef struct _OBJECT_HANDLE_ATTRIBUTE_INFO {
+ BOOLEAN Inherit;
+ BOOLEAN ProtectFromClose;
+} OBJECT_HANDLE_ATTRIBUTE_INFO, *POBJECT_HANDLE_ATTRIBUTE_INFO;
+
+typedef struct _OBJECT_NAME_INFO {
+ UNICODE_STRING ObjectName;
+ WCHAR ObjectNameBuffer[1];
+} OBJECT_NAME_INFO, *POBJECT_NAME_INFO;
+
+typedef struct _OBJECT_PROTECTION_INFO {
+ BOOLEAN Inherit;
+ BOOLEAN ProtectHandle;
+} OBJECT_PROTECTION_INFO, *POBJECT_PROTECTION_INFO;
+
+typedef struct _OBJECT_TYPE_INFO {
+ UNICODE_STRING ObjectTypeName;
+ UCHAR Unknown[0x58];
+ WCHAR ObjectTypeNameBuffer[1];
+} OBJECT_TYPE_INFO, *POBJECT_TYPE_INFO;
+
+typedef struct _OBJECT_ALL_TYPES_INFO {
+ ULONG NumberOfObjectTypes;
+ OBJECT_TYPE_INFO ObjectsTypeInfo[1];
+} OBJECT_ALL_TYPES_INFO, *POBJECT_ALL_TYPES_INFO;
+
+typedef struct _PAGEFAULT_HISTORY {
+ ULONG CurrentIndex;
+ ULONG MaxIndex;
+ KSPIN_LOCK SpinLock;
+ PVOID Reserved;
+ PROCESS_WS_WATCH_INFORMATION WatchInfo[1];
+} PAGEFAULT_HISTORY, *PPAGEFAULT_HISTORY;
+
+typedef struct _PATHNAME_BUFFER {
+ ULONG PathNameLength;
+ WCHAR Name[1];
+} PATHNAME_BUFFER, *PPATHNAME_BUFFER;
+
+#if (VER_PRODUCTBUILD >= 2600)
+
+typedef struct _PRIVATE_CACHE_MAP_FLAGS {
+ ULONG DontUse : 16;
+ ULONG ReadAheadActive : 1;
+ ULONG ReadAheadEnabled : 1;
+ ULONG Available : 14;
+} PRIVATE_CACHE_MAP_FLAGS, *PPRIVATE_CACHE_MAP_FLAGS;
+
+typedef struct _PRIVATE_CACHE_MAP {
+ union {
+ CSHORT NodeTypeCode;
+ PRIVATE_CACHE_MAP_FLAGS Flags;
+ ULONG UlongFlags;
+ };
+ ULONG ReadAheadMask;
+ PFILE_OBJECT FileObject;
+ LARGE_INTEGER FileOffset1;
+ LARGE_INTEGER BeyondLastByte1;
+ LARGE_INTEGER FileOffset2;
+ LARGE_INTEGER BeyondLastByte2;
+ LARGE_INTEGER ReadAheadOffset[2];
+ ULONG ReadAheadLength[2];
+ KSPIN_LOCK ReadAheadSpinLock;
+ LIST_ENTRY PrivateLinks;
+} PRIVATE_CACHE_MAP, *PPRIVATE_CACHE_MAP;
+
+#endif
+
+typedef struct _PS_IMPERSONATION_INFORMATION {
+ PACCESS_TOKEN Token;
+ BOOLEAN CopyOnOpen;
+ BOOLEAN EffectiveOnly;
+ SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
+} PS_IMPERSONATION_INFORMATION, *PPS_IMPERSONATION_INFORMATION;
+
+typedef struct _PUBLIC_BCB {
+ CSHORT NodeTypeCode;
+ CSHORT NodeByteSize;
+ ULONG MappedLength;
+ LARGE_INTEGER MappedFileOffset;
+} PUBLIC_BCB, *PPUBLIC_BCB;
+
+typedef struct _QUERY_PATH_REQUEST {
+ ULONG PathNameLength;
+ PIO_SECURITY_CONTEXT SecurityContext;
+ WCHAR FilePathName[1];
+} QUERY_PATH_REQUEST, *PQUERY_PATH_REQUEST;
+
+typedef struct _QUERY_PATH_RESPONSE {
+ ULONG LengthAccepted;
+} QUERY_PATH_RESPONSE, *PQUERY_PATH_RESPONSE;
+
+typedef struct _RETRIEVAL_POINTERS_BUFFER {
+ ULONG ExtentCount;
+ LARGE_INTEGER StartingVcn;
+ struct {
+ LARGE_INTEGER NextVcn;
+ LARGE_INTEGER Lcn;
+ } Extents[1];
+} RETRIEVAL_POINTERS_BUFFER, *PRETRIEVAL_POINTERS_BUFFER;
+
+typedef struct _RTL_SPLAY_LINKS {
+ struct _RTL_SPLAY_LINKS *Parent;
+ struct _RTL_SPLAY_LINKS *LeftChild;
+ struct _RTL_SPLAY_LINKS *RightChild;
+} RTL_SPLAY_LINKS, *PRTL_SPLAY_LINKS;
+
+typedef struct _SE_EXPORTS {
+
+ LUID SeCreateTokenPrivilege;
+ LUID SeAssignPrimaryTokenPrivilege;
+ LUID SeLockMemoryPrivilege;
+ LUID SeIncreaseQuotaPrivilege;
+ LUID SeUnsolicitedInputPrivilege;
+ LUID SeTcbPrivilege;
+ LUID SeSecurityPrivilege;
+ LUID SeTakeOwnershipPrivilege;
+ LUID SeLoadDriverPrivilege;
+ LUID SeCreatePagefilePrivilege;
+ LUID SeIncreaseBasePriorityPrivilege;
+ LUID SeSystemProfilePrivilege;
+ LUID SeSystemtimePrivilege;
+ LUID SeProfileSingleProcessPrivilege;
+ LUID SeCreatePermanentPrivilege;
+ LUID SeBackupPrivilege;
+ LUID SeRestorePrivilege;
+ LUID SeShutdownPrivilege;
+ LUID SeDebugPrivilege;
+ LUID SeAuditPrivilege;
+ LUID SeSystemEnvironmentPrivilege;
+ LUID SeChangeNotifyPrivilege;
+ LUID SeRemoteShutdownPrivilege;
+
+ PSID SeNullSid;
+ PSID SeWorldSid;
+ PSID SeLocalSid;
+ PSID SeCreatorOwnerSid;
+ PSID SeCreatorGroupSid;
+
+ PSID SeNtAuthoritySid;
+ PSID SeDialupSid;
+ PSID SeNetworkSid;
+ PSID SeBatchSid;
+ PSID SeInteractiveSid;
+ PSID SeLocalSystemSid;
+ PSID SeAliasAdminsSid;
+ PSID SeAliasUsersSid;
+ PSID SeAliasGuestsSid;
+ PSID SeAliasPowerUsersSid;
+ PSID SeAliasAccountOpsSid;
+ PSID SeAliasSystemOpsSid;
+ PSID SeAliasPrintOpsSid;
+ PSID SeAliasBackupOpsSid;
+
+ PSID SeAuthenticatedUsersSid;
+
+ PSID SeRestrictedSid;
+ PSID SeAnonymousLogonSid;
+
+ LUID SeUndockPrivilege;
+ LUID SeSyncAgentPrivilege;
+ LUID SeEnableDelegationPrivilege;
+
+} SE_EXPORTS, *PSE_EXPORTS;
+
+typedef struct _SECTION_BASIC_INFORMATION {
+ PVOID BaseAddress;
+ ULONG Attributes;
+ LARGE_INTEGER Size;
+} SECTION_BASIC_INFORMATION, *PSECTION_BASIC_INFORMATION;
+
+typedef struct _SECTION_IMAGE_INFORMATION {
+ PVOID EntryPoint;
+ ULONG Unknown1;
+ ULONG StackReserve;
+ ULONG StackCommit;
+ ULONG Subsystem;
+ USHORT MinorSubsystemVersion;
+ USHORT MajorSubsystemVersion;
+ ULONG Unknown2;
+ ULONG Characteristics;
+ USHORT ImageNumber;
+ BOOLEAN Executable;
+ UCHAR Unknown3;
+ ULONG Unknown4[3];
+} SECTION_IMAGE_INFORMATION, *PSECTION_IMAGE_INFORMATION;
+
+#if (VER_PRODUCTBUILD >= 2600)
+
+typedef struct _SHARED_CACHE_MAP {
+ CSHORT NodeTypeCode;
+ CSHORT NodeByteSize;
+ ULONG OpenCount;
+ LARGE_INTEGER FileSize;
+ LIST_ENTRY BcbList;
+ LARGE_INTEGER SectionSize;
+ LARGE_INTEGER ValidDataLength;
+ LARGE_INTEGER ValidDataGoal;
+ PVACB InitialVacbs[4];
+ PVACB *Vacbs;
+ PFILE_OBJECT FileObject;
+ PVACB ActiveVacb;
+ PVOID NeedToZero;
+ ULONG ActivePage;
+ ULONG NeedToZeroPage;
+ KSPIN_LOCK ActiveVacbSpinLock;
+ ULONG VacbActiveCount;
+ ULONG DirtyPages;
+ LIST_ENTRY SharedCacheMapLinks;
+ ULONG Flags;
+ NTSTATUS Status;
+ PMBCB Mbcb;
+ PVOID Section;
+ PKEVENT CreateEvent;
+ PKEVENT WaitOnActiveCount;
+ ULONG PagesToWrite;
+ LONGLONG BeyondLastFlush;
+ PCACHE_MANAGER_CALLBACKS Callbacks;
+ PVOID LazyWriteContext;
+ LIST_ENTRY PrivateList;
+ PVOID LogHandle;
+ PVOID FlushToLsnRoutine;
+ ULONG DirtyPageThreshold;
+ ULONG LazyWritePassCount;
+ PCACHE_UNINITIALIZE_EVENT UninitializeEvent;
+ PVACB NeedToZeroVacb;
+ KSPIN_LOCK BcbSpinLock;
+ PVOID Reserved;
+ KEVENT Event;
+ EX_PUSH_LOCK VacbPushLock;
+ PRIVATE_CACHE_MAP PrivateCacheMap;
+} SHARED_CACHE_MAP, *PSHARED_CACHE_MAP;
+
+#endif
+
+typedef struct _STARTING_VCN_INPUT_BUFFER {
+ LARGE_INTEGER StartingVcn;
+} STARTING_VCN_INPUT_BUFFER, *PSTARTING_VCN_INPUT_BUFFER;
+
+typedef struct _SYSTEM_CACHE_INFORMATION {
+ ULONG CurrentSize;
+ ULONG PeakSize;
+ ULONG PageFaultCount;
+ ULONG MinimumWorkingSet;
+ ULONG MaximumWorkingSet;
+ ULONG Unused[4];
+} SYSTEM_CACHE_INFORMATION, *PSYSTEM_CACHE_INFORMATION;
+
+typedef struct _TERMINATION_PORT {
+ struct _TERMINATION_PORT* Next;
+ PVOID Port;
+} TERMINATION_PORT, *PTERMINATION_PORT;
+
+typedef struct _SECURITY_CLIENT_CONTEXT {
+ SECURITY_QUALITY_OF_SERVICE SecurityQos;
+ PACCESS_TOKEN ClientToken;
+ BOOLEAN DirectlyAccessClientToken;
+ BOOLEAN DirectAccessEffectiveOnly;
+ BOOLEAN ServerIsRemote;
+ TOKEN_CONTROL ClientTokenControl;
+} SECURITY_CLIENT_CONTEXT, *PSECURITY_CLIENT_CONTEXT;
+
+typedef struct _TUNNEL {
+ FAST_MUTEX Mutex;
+ PRTL_SPLAY_LINKS Cache;
+ LIST_ENTRY TimerQueue;
+ USHORT NumEntries;
+} TUNNEL, *PTUNNEL;
+
+typedef struct _VACB {
+ PVOID BaseAddress;
+ PSHARED_CACHE_MAP SharedCacheMap;
+ union {
+ LARGE_INTEGER FileOffset;
+ USHORT ActiveCount;
+ } Overlay;
+ LIST_ENTRY LruList;
+} VACB, *PVACB;
+
+typedef struct _VAD_HEADER {
+ PVOID StartVPN;
+ PVOID EndVPN;
+ PVAD_HEADER ParentLink;
+ PVAD_HEADER LeftLink;
+ PVAD_HEADER RightLink;
+ ULONG Flags; // LSB = CommitCharge
+ PVOID ControlArea;
+ PVOID FirstProtoPte;
+ PVOID LastPTE;
+ ULONG Unknown;
+ LIST_ENTRY Secured;
+} VAD_HEADER, *PVAD_HEADER;
+
+NTKERNELAPI
+BOOLEAN
+NTAPI
+CcCanIWrite (
+ IN PFILE_OBJECT FileObject,
+ IN ULONG BytesToWrite,
+ IN BOOLEAN Wait,
+ IN BOOLEAN Retrying
+);
+
+NTKERNELAPI
+BOOLEAN
+NTAPI
+CcCopyRead (
+ IN PFILE_OBJECT FileObject,
+ IN PLARGE_INTEGER FileOffset,
+ IN ULONG Length,
+ IN BOOLEAN Wait,
+ OUT PVOID Buffer,
+ OUT PIO_STATUS_BLOCK IoStatus
+);
+
+NTKERNELAPI
+BOOLEAN
+NTAPI
+CcCopyWrite (
+ IN PFILE_OBJECT FileObject,
+ IN PLARGE_INTEGER FileOffset,
+ IN ULONG Length,
+ IN BOOLEAN Wait,
+ IN PVOID Buffer
+);
+
+#define CcCopyWriteWontFlush(FO, FOFF, LEN) ((LEN) <= 0x10000)
+
+typedef VOID (NTAPI *PCC_POST_DEFERRED_WRITE) (
+ IN PVOID Context1,
+ IN PVOID Context2
+);
+
+NTKERNELAPI
+VOID
+NTAPI
+CcDeferWrite (
+ IN PFILE_OBJECT FileObject,
+ IN PCC_POST_DEFERRED_WRITE PostRoutine,
+ IN PVOID Context1,
+ IN PVOID Context2,
+ IN ULONG BytesToWrite,
+ IN BOOLEAN Retrying
+);
+
+NTKERNELAPI
+VOID
+NTAPI
+CcFastCopyRead (
+ IN PFILE_OBJECT FileObject,
+ IN ULONG FileOffset,
+ IN ULONG Length,
+ IN ULONG PageCount,
+ OUT PVOID Buffer,
+ OUT PIO_STATUS_BLOCK IoStatus
+);
+
+NTKERNELAPI
+VOID
+NTAPI
+CcFastCopyWrite (
+ IN PFILE_OBJECT FileObject,
+ IN ULONG FileOffset,
+ IN ULONG Length,
+ IN PVOID Buffer
+);
+
+NTKERNELAPI
+VOID
+NTAPI
+CcFlushCache (
+ IN PSECTION_OBJECT_POINTERS SectionObjectPointer,
+ IN PLARGE_INTEGER FileOffset OPTIONAL,
+ IN ULONG Length,
+ OUT PIO_STATUS_BLOCK IoStatus OPTIONAL
+);
+
+typedef VOID (*PDIRTY_PAGE_ROUTINE) (
+ IN PFILE_OBJECT FileObject,
+ IN PLARGE_INTEGER FileOffset,
+ IN ULONG Length,
+ IN PLARGE_INTEGER OldestLsn,
+ IN PLARGE_INTEGER NewestLsn,
+ IN PVOID Context1,
+ IN PVOID Context2
+);
+
+NTKERNELAPI
+LARGE_INTEGER
+NTAPI
+CcGetDirtyPages (
+ IN PVOID LogHandle,
+ IN PDIRTY_PAGE_ROUTINE DirtyPageRoutine,
+ IN PVOID Context1,
+ IN PVOID Context2
+);
+
+NTKERNELAPI
+PFILE_OBJECT
+NTAPI
+CcGetFileObjectFromBcb (
+ IN PVOID Bcb
+);
+
+NTKERNELAPI
+PFILE_OBJECT
+NTAPI
+CcGetFileObjectFromSectionPtrs (
+ IN PSECTION_OBJECT_POINTERS SectionObjectPointer
+);
+
+#define CcGetFileSizePointer(FO) ( \
+ ((PLARGE_INTEGER)((FO)->SectionObjectPointer->SharedCacheMap) + 1) \
+)
+
+#if (VER_PRODUCTBUILD >= 2195)
+
+NTKERNELAPI
+LARGE_INTEGER
+NTAPI
+CcGetFlushedValidData (
+ IN PSECTION_OBJECT_POINTERS SectionObjectPointer,
+ IN BOOLEAN BcbListHeld
+);
+
+#endif // (VER_PRODUCTBUILD >= 2195)
+
+NTKERNELAPI
+LARGE_INTEGER
+CcGetLsnForFileObject (
+ IN PFILE_OBJECT FileObject,
+ OUT PLARGE_INTEGER OldestLsn OPTIONAL
+);
+
+typedef BOOLEAN (NTAPI *PACQUIRE_FOR_LAZY_WRITE) (
+ IN PVOID Context,
+ IN BOOLEAN Wait
+);
+
+typedef VOID (NTAPI *PRELEASE_FROM_LAZY_WRITE) (
+ IN PVOID Context
+);
+
+typedef BOOLEAN (NTAPI *PACQUIRE_FOR_READ_AHEAD) (
+ IN PVOID Context,
+ IN BOOLEAN Wait
+);
+
+typedef VOID (NTAPI *PRELEASE_FROM_READ_AHEAD) (
+ IN PVOID Context
+);
+
+typedef struct _CACHE_MANAGER_CALLBACKS {
+ PACQUIRE_FOR_LAZY_WRITE AcquireForLazyWrite;
+ PRELEASE_FROM_LAZY_WRITE ReleaseFromLazyWrite;
+ PACQUIRE_FOR_READ_AHEAD AcquireForReadAhead;
+ PRELEASE_FROM_READ_AHEAD ReleaseFromReadAhead;
+} CACHE_MANAGER_CALLBACKS, *PCACHE_MANAGER_CALLBACKS;
+
+NTKERNELAPI
+VOID
+NTAPI
+CcInitializeCacheMap (
+ IN PFILE_OBJECT FileObject,
+ IN PCC_FILE_SIZES FileSizes,
+ IN BOOLEAN PinAccess,
+ IN PCACHE_MANAGER_CALLBACKS Callbacks,
+ IN PVOID LazyWriteContext
+);
+
+#define CcIsFileCached(FO) ( \
+ ((FO)->SectionObjectPointer != NULL) && \
+ (((PSECTION_OBJECT_POINTERS)(FO)->SectionObjectPointer)->SharedCacheMap != NULL) \
+)
+
+NTKERNELAPI
+BOOLEAN
+NTAPI
+CcIsThereDirtyData (
+ IN PVPB Vpb
+);
+
+NTKERNELAPI
+BOOLEAN
+NTAPI
+CcMapData (
+ IN PFILE_OBJECT FileObject,
+ IN PLARGE_INTEGER FileOffset,
+ IN ULONG Length,
+ IN BOOLEAN Wait,
+ OUT PVOID *Bcb,
+ OUT PVOID *Buffer
+);
+
+NTKERNELAPI
+VOID
+NTAPI
+CcMdlRead (
+ IN PFILE_OBJECT FileObject,
+ IN PLARGE_INTEGER FileOffset,
+ IN ULONG Length,
+ OUT PMDL *MdlChain,
+ OUT PIO_STATUS_BLOCK IoStatus
+);
+
+NTKERNELAPI
+VOID
+NTAPI
+CcMdlReadComplete (
+ IN PFILE_OBJECT FileObject,
+ IN PMDL MdlChain
+);
+
+NTKERNELAPI
+VOID
+NTAPI
+CcMdlWriteComplete (
+ IN PFILE_OBJECT FileObject,
+ IN PLARGE_INTEGER FileOffset,
+ IN PMDL MdlChain
+);
+
+NTKERNELAPI
+BOOLEAN
+NTAPI
+CcPinMappedData (
+ IN PFILE_OBJECT FileObject,
+ IN PLARGE_INTEGER FileOffset,
+ IN ULONG Length,
+#if (VER_PRODUCTBUILD >= 2195)
+ IN ULONG Flags,
+#else
+ IN BOOLEAN Wait,
+#endif
+ IN OUT PVOID *Bcb
+);
+
+NTKERNELAPI
+BOOLEAN
+NTAPI
+CcPinRead (
+ IN PFILE_OBJECT FileObject,
+ IN PLARGE_INTEGER FileOffset,
+ IN ULONG Length,
+#if (VER_PRODUCTBUILD >= 2195)
+ IN ULONG Flags,
+#else
+ IN BOOLEAN Wait,
+#endif
+ OUT PVOID *Bcb,
+ OUT PVOID *Buffer
+);
+
+NTKERNELAPI
+VOID
+NTAPI
+CcPrepareMdlWrite (
+ IN PFILE_OBJECT FileObject,
+ IN PLARGE_INTEGER FileOffset,
+ IN ULONG Length,
+ OUT PMDL *MdlChain,
+ OUT PIO_STATUS_BLOCK IoStatus
+);
+
+NTKERNELAPI
+BOOLEAN
+NTAPI
+CcPreparePinWrite (
+ IN PFILE_OBJECT FileObject,
+ IN PLARGE_INTEGER FileOffset,
+ IN ULONG Length,
+ IN BOOLEAN Zero,
+#if (VER_PRODUCTBUILD >= 2195)
+ IN ULONG Flags,
+#else
+ IN BOOLEAN Wait,
+#endif
+ OUT PVOID *Bcb,
+ OUT PVOID *Buffer
+);
+
+NTKERNELAPI
+BOOLEAN
+NTAPI
+CcPurgeCacheSection (
+ IN PSECTION_OBJECT_POINTERS SectionObjectPointer,
+ IN PLARGE_INTEGER FileOffset OPTIONAL,
+ IN ULONG Length,
+ IN BOOLEAN UninitializeCacheMaps
+);
+
+#define CcReadAhead(FO, FOFF, LEN) ( \
+ if ((LEN) >= 256) { \
+ CcScheduleReadAhead((FO), (FOFF), (LEN)); \
+ } \
+)
+
+#if (VER_PRODUCTBUILD >= 2195)
+
+NTKERNELAPI
+PVOID
+NTAPI
+CcRemapBcb (
+ IN PVOID Bcb
+);
+
+#endif // (VER_PRODUCTBUILD >= 2195)
+
+NTKERNELAPI
+VOID
+NTAPI
+CcRepinBcb (
+ IN PVOID Bcb
+);
+
+NTKERNELAPI
+VOID
+NTAPI
+CcScheduleReadAhead (
+ IN PFILE_OBJECT FileObject,
+ IN PLARGE_INTEGER FileOffset,
+ IN ULONG Length
+);
+
+NTKERNELAPI
+VOID
+NTAPI
+CcSetAdditionalCacheAttributes (
+ IN PFILE_OBJECT FileObject,
+ IN BOOLEAN DisableReadAhead,
+ IN BOOLEAN DisableWriteBehind
+);
+
+NTKERNELAPI
+VOID
+NTAPI
+CcSetBcbOwnerPointer (
+ IN PVOID Bcb,
+ IN PVOID OwnerPointer
+);
+
+NTKERNELAPI
+VOID
+NTAPI
+CcSetDirtyPageThreshold (
+ IN PFILE_OBJECT FileObject,
+ IN ULONG DirtyPageThreshold
+);
+
+NTKERNELAPI
+VOID
+NTAPI
+CcSetDirtyPinnedData (
+ IN PVOID BcbVoid,
+ IN PLARGE_INTEGER Lsn OPTIONAL
+);
+
+NTKERNELAPI
+VOID
+NTAPI
+CcSetFileSizes (
+ IN PFILE_OBJECT FileObject,
+ IN PCC_FILE_SIZES FileSizes
+);
+
+typedef VOID (NTAPI *PFLUSH_TO_LSN) (
+ IN PVOID LogHandle,
+ IN PLARGE_INTEGER Lsn
+);
+
+NTKERNELAPI
+VOID
+NTAPI
+CcSetLogHandleForFile (
+ IN PFILE_OBJECT FileObject,
+ IN PVOID LogHandle,
+ IN PFLUSH_TO_LSN FlushToLsnRoutine
+);
+
+NTKERNELAPI
+VOID
+NTAPI
+CcSetReadAheadGranularity (
+ IN PFILE_OBJECT FileObject,
+ IN ULONG Granularity // default: PAGE_SIZE
+ // allowed: 2^n * PAGE_SIZE
+);
+
+NTKERNELAPI
+BOOLEAN
+NTAPI
+CcUninitializeCacheMap (
+ IN PFILE_OBJECT FileObject,
+ IN PLARGE_INTEGER TruncateSize OPTIONAL,
+ IN PCACHE_UNINITIALIZE_EVENT UninitializeCompleteEvent OPTIONAL
+);
+
+NTKERNELAPI
+VOID
+NTAPI
+CcUnpinData (
+ IN PVOID Bcb
+);
+
+NTKERNELAPI
+VOID
+NTAPI
+CcUnpinDataForThread (
+ IN PVOID Bcb,
+ IN ERESOURCE_THREAD ResourceThreadId
+);
+
+NTKERNELAPI
+VOID
+NTAPI
+CcUnpinRepinnedBcb (
+ IN PVOID Bcb,
+ IN BOOLEAN WriteThrough,
+ OUT PIO_STATUS_BLOCK IoStatus
+);
+
+#if (VER_PRODUCTBUILD >= 2195)
+
+NTKERNELAPI
+NTSTATUS
+NTAPI
+CcWaitForCurrentLazyWriterActivity (
+ VOID
+);
+
+#endif // (VER_PRODUCTBUILD >= 2195)
+
+NTKERNELAPI
+BOOLEAN
+NTAPI
+CcZeroData (
+ IN PFILE_OBJECT FileObject,
+ IN PLARGE_INTEGER StartOffset,
+ IN PLARGE_INTEGER EndOffset,
+ IN BOOLEAN Wait
+);
+
+NTKERNELAPI
+VOID
+NTAPI
+ExDisableResourceBoostLite (
+ IN PERESOURCE Resource
+);
+
+NTKERNELAPI
+ULONG
+NTAPI
+ExQueryPoolBlockSize (
+ IN PVOID PoolBlock,
+ OUT PBOOLEAN QuotaCharged
+);
+
+#define FlagOn(x, f) ((x) & (f))
+
+NTKERNELAPI
+VOID
+NTAPI
+FsRtlAddToTunnelCache (
+ IN PTUNNEL Cache,
+ IN ULONGLONG DirectoryKey,
+ IN PUNICODE_STRING ShortName,
+ IN PUNICODE_STRING LongName,
+ IN BOOLEAN KeyByShortName,
+ IN ULONG DataLength,
+ IN PVOID Data
+);
+
+#if (VER_PRODUCTBUILD >= 2195)
+
+PFILE_LOCK
+NTAPI
+FsRtlAllocateFileLock (
+ IN PCOMPLETE_LOCK_IRP_ROUTINE CompleteLockIrpRoutine OPTIONAL,
+ IN PUNLOCK_ROUTINE UnlockRoutine OPTIONAL
+);
+
+#endif // (VER_PRODUCTBUILD >= 2195)
+
+NTKERNELAPI
+PVOID
+NTAPI
+FsRtlAllocatePool (
+ IN POOL_TYPE PoolType,
+ IN ULONG NumberOfBytes
+);
+
+NTKERNELAPI
+PVOID
+NTAPI
+FsRtlAllocatePoolWithQuota (
+ IN POOL_TYPE PoolType,
+ IN ULONG NumberOfBytes
+);
+
+NTKERNELAPI
+PVOID
+NTAPI
+FsRtlAllocatePoolWithQuotaTag (
+ IN POOL_TYPE PoolType,
+ IN ULONG NumberOfBytes,
+ IN ULONG Tag
+);
+
+NTKERNELAPI
+PVOID
+NTAPI
+FsRtlAllocatePoolWithTag (
+ IN POOL_TYPE PoolType,
+ IN ULONG NumberOfBytes,
+ IN ULONG Tag
+);
+
+NTKERNELAPI
+BOOLEAN
+NTAPI
+FsRtlAreNamesEqual (
+ IN PUNICODE_STRING Name1,
+ IN PUNICODE_STRING Name2,
+ IN BOOLEAN IgnoreCase,
+ IN PWCHAR UpcaseTable OPTIONAL
+);
+
+#define FsRtlAreThereCurrentFileLocks(FL) ( \
+ ((FL)->FastIoIsQuestionable) \
+)
+
+/*
+ FsRtlCheckLockForReadAccess:
+
+ All this really does is pick out the lock parameters from the irp (io stack
+ location?), get IoGetRequestorProcess, and pass values on to
+ FsRtlFastCheckLockForRead.
+*/
+NTKERNELAPI
+BOOLEAN
+NTAPI
+FsRtlCheckLockForReadAccess (
+ IN PFILE_LOCK FileLock,
+ IN PIRP Irp
+);
+
+/*
+ FsRtlCheckLockForWriteAccess:
+
+ All this really does is pick out the lock parameters from the irp (io stack
+ location?), get IoGetRequestorProcess, and pass values on to
+ FsRtlFastCheckLockForWrite.
+*/
+NTKERNELAPI
+BOOLEAN
+NTAPI
+FsRtlCheckLockForWriteAccess (
+ IN PFILE_LOCK FileLock,
+ IN PIRP Irp
+);
+
+typedef
+VOID NTAPI
+(*POPLOCK_WAIT_COMPLETE_ROUTINE) (
+ IN PVOID Context,
+ IN PIRP Irp
+);
+
+typedef
+VOID NTAPI
+(*POPLOCK_FS_PREPOST_IRP) (
+ IN PVOID Context,
+ IN PIRP Irp
+);
+
+NTKERNELAPI
+NTSTATUS
+NTAPI
+FsRtlCheckOplock (
+ IN POPLOCK Oplock,
+ IN PIRP Irp,
+ IN PVOID Context,
+ IN POPLOCK_WAIT_COMPLETE_ROUTINE CompletionRoutine OPTIONAL,
+ IN POPLOCK_FS_PREPOST_IRP PostIrpRoutine OPTIONAL
+);
+
+NTKERNELAPI
+BOOLEAN
+NTAPI
+FsRtlCopyRead (
+ IN PFILE_OBJECT FileObject,
+ IN PLARGE_INTEGER FileOffset,
+ IN ULONG Length,
+ IN BOOLEAN Wait,
+ IN ULONG LockKey,
+ OUT PVOID Buffer,
+ OUT PIO_STATUS_BLOCK IoStatus,
+ IN PDEVICE_OBJECT DeviceObject
+);
+
+NTKERNELAPI
+BOOLEAN
+NTAPI
+FsRtlCopyWrite (
+ IN PFILE_OBJECT FileObject,
+ IN PLARGE_INTEGER FileOffset,
+ IN ULONG Length,
+ IN BOOLEAN Wait,
+ IN ULONG LockKey,
+ IN PVOID Buffer,
+ OUT PIO_STATUS_BLOCK IoStatus,
+ IN PDEVICE_OBJECT DeviceObject
+);
+
+NTKERNELAPI
+BOOLEAN
+NTAPI
+FsRtlCurrentBatchOplock (
+ IN POPLOCK Oplock
+);
+
+NTKERNELAPI
+VOID
+NTAPI
+FsRtlDeleteKeyFromTunnelCache (
+ IN PTUNNEL Cache,
+ IN ULONGLONG DirectoryKey
+);
+
+NTKERNELAPI
+VOID
+NTAPI
+FsRtlDeleteTunnelCache (
+ IN PTUNNEL Cache
+);
+
+NTKERNELAPI
+VOID
+NTAPI
+FsRtlDeregisterUncProvider (
+ IN HANDLE Handle
+);
+
+NTKERNELAPI
+BOOLEAN
+NTAPI
+FsRtlDoesNameContainWildCards (
+ IN PUNICODE_STRING Name
+);
+
+#define FsRtlEnterFileSystem KeEnterCriticalRegion
+
+#define FsRtlExitFileSystem KeLeaveCriticalRegion
+
+NTKERNELAPI
+BOOLEAN
+NTAPI
+FsRtlFastCheckLockForRead (
+ IN PFILE_LOCK FileLock,
+ IN PLARGE_INTEGER FileOffset,
+ IN PLARGE_INTEGER Length,
+ IN ULONG Key,
+ IN PFILE_OBJECT FileObject,
+ IN PEPROCESS Process
+);
+
+NTKERNELAPI
+BOOLEAN
+NTAPI
+FsRtlFastCheckLockForWrite (
+ IN PFILE_LOCK FileLock,
+ IN PLARGE_INTEGER FileOffset,
+ IN PLARGE_INTEGER Length,
+ IN ULONG Key,
+ IN PFILE_OBJECT FileObject,
+ IN PEPROCESS Process
+);
+
+#define FsRtlFastLock(A1, A2, A3, A4, A5, A6, A7, A8, A9, A10, A11) ( \
+ FsRtlPrivateLock(A1, A2, A3, A4, A5, A6, A7, A8, A9, NULL, A10, A11) \
+)
+
+NTKERNELAPI
+NTSTATUS
+NTAPI
+FsRtlFastUnlockAll (
+ IN PFILE_LOCK FileLock,
+ IN PFILE_OBJECT FileObject,
+ IN PEPROCESS Process,
+ IN PVOID Context OPTIONAL
+);
+//ret: STATUS_RANGE_NOT_LOCKED
+
+NTKERNELAPI
+NTSTATUS
+NTAPI
+FsRtlFastUnlockAllByKey (
+ IN PFILE_LOCK FileLock,
+ IN PFILE_OBJECT FileObject,
+ IN PEPROCESS Process,
+ IN ULONG Key,
+ IN PVOID Context OPTIONAL
+);
+//ret: STATUS_RANGE_NOT_LOCKED
+
+NTKERNELAPI
+NTSTATUS
+NTAPI
+FsRtlFastUnlockSingle (
+ IN PFILE_LOCK FileLock,
+ IN PFILE_OBJECT FileObject,
+ IN PLARGE_INTEGER FileOffset,
+ IN PLARGE_INTEGER Length,
+ IN PEPROCESS Process,
+ IN ULONG Key,
+ IN PVOID Context OPTIONAL,
+ IN BOOLEAN AlreadySynchronized
+);
+//ret: STATUS_RANGE_NOT_LOCKED
+
+NTKERNELAPI
+BOOLEAN
+NTAPI
+FsRtlFindInTunnelCache (
+ IN PTUNNEL Cache,
+ IN ULONGLONG DirectoryKey,
+ IN PUNICODE_STRING Name,
+ OUT PUNICODE_STRING ShortName,
+ OUT PUNICODE_STRING LongName,
+ IN OUT PULONG DataLength,
+ OUT PVOID Data
+);
+
+#if (VER_PRODUCTBUILD >= 2195)
+
+NTKERNELAPI
+VOID
+NTAPI
+FsRtlFreeFileLock (
+ IN PFILE_LOCK FileLock
+);
+
+#endif // (VER_PRODUCTBUILD >= 2195)
+
+NTKERNELAPI
+NTSTATUS
+NTAPI
+FsRtlGetFileSize (
+ IN PFILE_OBJECT FileObject,
+ IN OUT PLARGE_INTEGER FileSize
+);
+
+/*
+ FsRtlGetNextFileLock:
+
+ ret: NULL if no more locks
+
+ Internals:
+ FsRtlGetNextFileLock uses FileLock->LastReturnedLockInfo and
+ FileLock->LastReturnedLock as storage.
+ LastReturnedLock is a pointer to the 'raw' lock inkl. double linked
+ list, and FsRtlGetNextFileLock needs this to get next lock on subsequent
+ calls with Restart = FALSE.
+*/
+NTKERNELAPI
+PFILE_LOCK_INFO
+NTAPI
+FsRtlGetNextFileLock (
+ IN PFILE_LOCK FileLock,
+ IN BOOLEAN Restart
+);
+
+NTKERNELAPI
+VOID
+NTAPI
+FsRtlInitializeFileLock (
+ IN PFILE_LOCK FileLock,
+ IN PCOMPLETE_LOCK_IRP_ROUTINE CompleteLockIrpRoutine OPTIONAL,
+ IN PUNLOCK_ROUTINE UnlockRoutine OPTIONAL
+);
+
+NTKERNELAPI
+VOID
+NTAPI
+FsRtlInitializeOplock (
+ IN OUT POPLOCK Oplock
+);
+
+NTKERNELAPI
+VOID
+NTAPI
+FsRtlInitializeTunnelCache (
+ IN PTUNNEL Cache
+);
+
+NTKERNELAPI
+BOOLEAN
+NTAPI
+FsRtlIsNameInExpression (
+ IN PUNICODE_STRING Expression,
+ IN PUNICODE_STRING Name,
+ IN BOOLEAN IgnoreCase,
+ IN PWCHAR UpcaseTable OPTIONAL
+);
+
+NTKERNELAPI
+BOOLEAN
+NTAPI
+FsRtlIsNtstatusExpected (
+ IN NTSTATUS Ntstatus
+);
+
+#define FsRtlIsUnicodeCharacterWild(C) ( \
+ (((C) >= 0x40) ? \
+ FALSE : \
+ FlagOn((*FsRtlLegalAnsiCharacterArray)[(C)], FSRTL_WILD_CHARACTER )) \
+)
+
+NTKERNELAPI
+BOOLEAN
+NTAPI
+FsRtlMdlReadComplete (
+ IN PFILE_OBJECT FileObject,
+ IN PMDL MdlChain
+);
+
+NTKERNELAPI
+BOOLEAN
+NTAPI
+FsRtlMdlReadCompleteDev (
+ IN PFILE_OBJECT FileObject,
+ IN PMDL MdlChain,
+ IN PDEVICE_OBJECT DeviceObject
+);
+
+NTKERNELAPI
+BOOLEAN
+NTAPI
+FsRtlMdlWriteComplete (
+ IN PFILE_OBJECT FileObject,
+ IN PLARGE_INTEGER FileOffset,
+ IN PMDL MdlChain
+);
+
+NTKERNELAPI
+BOOLEAN
+NTAPI
+FsRtlMdlWriteCompleteDev (
+ IN PFILE_OBJECT FileObject,
+ IN PLARGE_INTEGER FileOffset,
+ IN PMDL MdlChain,
+ IN PDEVICE_OBJECT DeviceObject
+);
+
+NTKERNELAPI
+NTSTATUS
+NTAPI
+FsRtlNormalizeNtstatus (
+ IN NTSTATUS Exception,
+ IN NTSTATUS GenericException
+);
+
+NTKERNELAPI
+VOID
+NTAPI
+FsRtlNotifyChangeDirectory (
+ IN PNOTIFY_SYNC NotifySync,
+ IN PVOID FsContext,
+ IN PSTRING FullDirectoryName,
+ IN PLIST_ENTRY NotifyList,
+ IN BOOLEAN WatchTree,
+ IN ULONG CompletionFilter,
+ IN PIRP NotifyIrp
+);
+
+NTKERNELAPI
+VOID
+NTAPI
+FsRtlNotifyCleanup (
+ IN PNOTIFY_SYNC NotifySync,
+ IN PLIST_ENTRY NotifyList,
+ IN PVOID FsContext
+);
+
+typedef BOOLEAN (*PCHECK_FOR_TRAVERSE_ACCESS) (
+ IN PVOID NotifyContext,
+ IN PVOID TargetContext,
+ IN PSECURITY_SUBJECT_CONTEXT SubjectContext
+);
+
+NTKERNELAPI
+VOID
+NTAPI
+FsRtlNotifyFullChangeDirectory (
+ IN PNOTIFY_SYNC NotifySync,
+ IN PLIST_ENTRY NotifyList,
+ IN PVOID FsContext,
+ IN PSTRING FullDirectoryName,
+ IN BOOLEAN WatchTree,
+ IN BOOLEAN IgnoreBuffer,
+ IN ULONG CompletionFilter,
+ IN PIRP NotifyIrp,
+ IN PCHECK_FOR_TRAVERSE_ACCESS TraverseCallback OPTIONAL,
+ IN PSECURITY_SUBJECT_CONTEXT SubjectContext OPTIONAL
+);
+
+NTKERNELAPI
+VOID
+NTAPI
+FsRtlNotifyFullReportChange (
+ IN PNOTIFY_SYNC NotifySync,
+ IN PLIST_ENTRY NotifyList,
+ IN PSTRING FullTargetName,
+ IN USHORT TargetNameOffset,
+ IN PSTRING StreamName OPTIONAL,
+ IN PSTRING NormalizedParentName OPTIONAL,
+ IN ULONG FilterMatch,
+ IN ULONG Action,
+ IN PVOID TargetContext
+);
+
+NTKERNELAPI
+VOID
+NTAPI
+FsRtlNotifyInitializeSync (
+ IN PNOTIFY_SYNC NotifySync
+);
+
+NTKERNELAPI
+VOID
+NTAPI
+FsRtlNotifyReportChange (
+ IN PNOTIFY_SYNC NotifySync,
+ IN PLIST_ENTRY NotifyList,
+ IN PSTRING FullTargetName,
+ IN PUSHORT FileNamePartLength,
+ IN ULONG FilterMatch
+);
+
+NTKERNELAPI
+VOID
+NTAPI
+FsRtlNotifyUninitializeSync (
+ IN PNOTIFY_SYNC NotifySync
+);
+
+#if (VER_PRODUCTBUILD >= 2195)
+
+NTKERNELAPI
+NTSTATUS
+NTAPI
+FsRtlNotifyVolumeEvent (
+ IN PFILE_OBJECT FileObject,
+ IN ULONG EventCode
+);
+
+#endif // (VER_PRODUCTBUILD >= 2195)
+
+NTKERNELAPI
+NTSTATUS
+NTAPI
+FsRtlOplockFsctrl (
+ IN POPLOCK Oplock,
+ IN PIRP Irp,
+ IN ULONG OpenCount
+);
+
+NTKERNELAPI
+BOOLEAN
+NTAPI
+FsRtlOplockIsFastIoPossible (
+ IN POPLOCK Oplock
+);
+
+/*
+ FsRtlPrivateLock:
+
+ ret: IoStatus->Status: STATUS_PENDING, STATUS_LOCK_NOT_GRANTED
+
+ Internals:
+ -Calls IoCompleteRequest if Irp
+ -Uses exception handling / ExRaiseStatus with STATUS_INSUFFICIENT_RESOURCES
+*/
+NTKERNELAPI
+BOOLEAN
+NTAPI
+FsRtlPrivateLock (
+ IN PFILE_LOCK FileLock,
+ IN PFILE_OBJECT FileObject,
+ IN PLARGE_INTEGER FileOffset,
+ IN PLARGE_INTEGER Length,
+ IN PEPROCESS Process,
+ IN ULONG Key,
+ IN BOOLEAN FailImmediately,
+ IN BOOLEAN ExclusiveLock,
+ OUT PIO_STATUS_BLOCK IoStatus,
+ IN PIRP Irp OPTIONAL,
+ IN PVOID Context,
+ IN BOOLEAN AlreadySynchronized
+);
+
+/*
+ FsRtlProcessFileLock:
+
+ ret:
+ -STATUS_INVALID_DEVICE_REQUEST
+ -STATUS_RANGE_NOT_LOCKED from unlock routines.
+ -STATUS_PENDING, STATUS_LOCK_NOT_GRANTED from FsRtlPrivateLock
+ (redirected IoStatus->Status).
+
+ Internals:
+ -switch ( Irp->CurrentStackLocation->MinorFunction )
+ lock: return FsRtlPrivateLock;
+ unlocksingle: return FsRtlFastUnlockSingle;
+ unlockall: return FsRtlFastUnlockAll;
+ unlockallbykey: return FsRtlFastUnlockAllByKey;
+ default: IofCompleteRequest with STATUS_INVALID_DEVICE_REQUEST;
+ return STATUS_INVALID_DEVICE_REQUEST;
+
+ -'AllwaysZero' is passed thru as 'AllwaysZero' to lock / unlock routines.
+ -'Irp' is passet thru as 'Irp' to FsRtlPrivateLock.
+*/
+NTKERNELAPI
+NTSTATUS
+NTAPI
+FsRtlProcessFileLock (
+ IN PFILE_LOCK FileLock,
+ IN PIRP Irp,
+ IN PVOID Context OPTIONAL
+);
+
+NTKERNELAPI
+NTSTATUS
+NTAPI
+FsRtlRegisterUncProvider (
+ IN OUT PHANDLE MupHandle,
+ IN PUNICODE_STRING RedirectorDeviceName,
+ IN BOOLEAN MailslotsSupported
+);
+
+NTKERNELAPI
+VOID
+NTAPI
+FsRtlUninitializeFileLock (
+ IN PFILE_LOCK FileLock
+);
+
+NTKERNELAPI
+VOID
+NTAPI
+FsRtlUninitializeOplock (
+ IN OUT POPLOCK Oplock
+);
+
+NTSYSAPI
+VOID
+NTAPI
+HalDisplayString (
+ IN PCHAR String
+);
+
+NTSYSAPI
+VOID
+NTAPI
+HalQueryRealTimeClock (
+ IN OUT PTIME_FIELDS TimeFields
+);
+
+NTSYSAPI
+VOID
+NTAPI
+HalSetRealTimeClock (
+ IN PTIME_FIELDS TimeFields
+);
+
+#define InitializeMessageHeader(m, l, t) { \
+ (m)->Length = (USHORT)(l); \
+ (m)->DataLength = (USHORT)(l - sizeof( LPC_MESSAGE )); \
+ (m)->MessageType = (USHORT)(t); \
+ (m)->DataInfoOffset = 0; \
+}
+
+NTKERNELAPI
+VOID
+NTAPI
+IoAcquireVpbSpinLock (
+ OUT PKIRQL Irql
+);
+
+NTKERNELAPI
+NTSTATUS
+NTAPI
+IoCheckDesiredAccess (
+ IN OUT PACCESS_MASK DesiredAccess,
+ IN ACCESS_MASK GrantedAccess
+);
+
+NTKERNELAPI
+NTSTATUS
+NTAPI
+IoCheckEaBufferValidity (
+ IN PFILE_FULL_EA_INFORMATION EaBuffer,
+ IN ULONG EaLength,
+ OUT PULONG ErrorOffset
+);
+
+NTKERNELAPI
+NTSTATUS
+NTAPI
+IoCheckFunctionAccess (
+ IN ACCESS_MASK GrantedAccess,
+ IN UCHAR MajorFunction,
+ IN UCHAR MinorFunction,
+ IN ULONG IoControlCode,
+ IN PFILE_INFORMATION_CLASS FileInformationClass OPTIONAL,
+ IN PFS_INFORMATION_CLASS FsInformationClass OPTIONAL
+);
+
+#if (VER_PRODUCTBUILD >= 2195)
+
+NTKERNELAPI
+NTSTATUS
+NTAPI
+IoCheckQuotaBufferValidity (
+ IN PFILE_QUOTA_INFORMATION QuotaBuffer,
+ IN ULONG QuotaLength,
+ OUT PULONG ErrorOffset
+);
+
+#endif // (VER_PRODUCTBUILD >= 2195)
+
+NTKERNELAPI
+PFILE_OBJECT
+NTAPI
+IoCreateStreamFileObject (
+ IN PFILE_OBJECT FileObject OPTIONAL,
+ IN PDEVICE_OBJECT DeviceObject OPTIONAL
+);
+
+#if (VER_PRODUCTBUILD >= 2195)
+
+NTKERNELAPI
+PFILE_OBJECT
+NTAPI
+IoCreateStreamFileObjectLite (
+ IN PFILE_OBJECT FileObject OPTIONAL,
+ IN PDEVICE_OBJECT DeviceObject OPTIONAL
+);
+
+#endif // (VER_PRODUCTBUILD >= 2195)
+
+NTKERNELAPI
+BOOLEAN
+NTAPI
+IoFastQueryNetworkAttributes (
+ IN POBJECT_ATTRIBUTES ObjectAttributes,
+ IN ACCESS_MASK DesiredAccess,
+ IN ULONG OpenOptions,
+ OUT PIO_STATUS_BLOCK IoStatus,
+ OUT PFILE_NETWORK_OPEN_INFORMATION Buffer
+);
+
+NTKERNELAPI
+PDEVICE_OBJECT
+NTAPI
+IoGetAttachedDevice (
+ IN PDEVICE_OBJECT DeviceObject
+);
+
+NTKERNELAPI
+PDEVICE_OBJECT
+NTAPI
+IoGetBaseFileSystemDeviceObject (
+ IN PFILE_OBJECT FileObject
+);
+
+NTKERNELAPI
+PEPROCESS
+NTAPI
+IoGetRequestorProcess (
+ IN PIRP Irp
+);
+
+#if (VER_PRODUCTBUILD >= 2195)
+
+NTKERNELAPI
+ULONG
+NTAPI
+IoGetRequestorProcessId (
+ IN PIRP Irp
+);
+
+#endif // (VER_PRODUCTBUILD >= 2195)
+
+NTKERNELAPI
+PIRP
+NTAPI
+IoGetTopLevelIrp (
+ VOID
+);
+
+#define IoIsFileOpenedExclusively(FileObject) ( \
+ (BOOLEAN) !( \
+ (FileObject)->SharedRead || \
+ (FileObject)->SharedWrite || \
+ (FileObject)->SharedDelete \
+ ) \
+)
+
+NTKERNELAPI
+BOOLEAN
+NTAPI
+IoIsOperationSynchronous (
+ IN PIRP Irp
+);
+
+NTKERNELAPI
+BOOLEAN
+NTAPI
+IoIsSystemThread (
+ IN PETHREAD Thread
+);
+
+#if (VER_PRODUCTBUILD >= 2195)
+
+NTKERNELAPI
+BOOLEAN
+NTAPI
+IoIsValidNameGraftingBuffer (
+ IN PIRP Irp,
+ IN PREPARSE_DATA_BUFFER ReparseBuffer
+);
+
+#endif // (VER_PRODUCTBUILD >= 2195)
+
+NTKERNELAPI
+NTSTATUS
+NTAPI
+IoPageRead (
+ IN PFILE_OBJECT FileObject,
+ IN PMDL Mdl,
+ IN PLARGE_INTEGER Offset,
+ IN PKEVENT Event,
+ OUT PIO_STATUS_BLOCK IoStatusBlock
+);
+
+NTKERNELAPI
+NTSTATUS
+NTAPI
+IoQueryFileInformation (
+ IN PFILE_OBJECT FileObject,
+ IN FILE_INFORMATION_CLASS FileInformationClass,
+ IN ULONG Length,
+ OUT PVOID FileInformation,
+ OUT PULONG ReturnedLength
+);
+
+NTKERNELAPI
+NTSTATUS
+NTAPI
+IoQueryVolumeInformation (
+ IN PFILE_OBJECT FileObject,
+ IN FS_INFORMATION_CLASS FsInformationClass,
+ IN ULONG Length,
+ OUT PVOID FsInformation,
+ OUT PULONG ReturnedLength
+);
+
+NTKERNELAPI
+VOID
+NTAPI
+IoRegisterFileSystem (
+ IN OUT PDEVICE_OBJECT DeviceObject
+);
+
+#if (VER_PRODUCTBUILD >= 1381)
+
+typedef VOID (NTAPI *PDRIVER_FS_NOTIFICATION) (
+ IN PDEVICE_OBJECT DeviceObject,
+ IN BOOLEAN DriverActive
+);
+
+NTKERNELAPI
+NTSTATUS
+NTAPI
+IoRegisterFsRegistrationChange (
+ IN PDRIVER_OBJECT DriverObject,
+ IN PDRIVER_FS_NOTIFICATION DriverNotificationRoutine
+);
+
+#endif // (VER_PRODUCTBUILD >= 1381)
+
+NTKERNELAPI
+VOID
+NTAPI
+IoReleaseVpbSpinLock (
+ IN KIRQL Irql
+);
+
+NTKERNELAPI
+VOID
+NTAPI
+IoSetDeviceToVerify (
+ IN PETHREAD Thread,
+ IN PDEVICE_OBJECT DeviceObject
+);
+
+NTKERNELAPI
+NTSTATUS
+NTAPI
+IoSetInformation (
+ IN PFILE_OBJECT FileObject,
+ IN FILE_INFORMATION_CLASS FileInformationClass,
+ IN ULONG Length,
+ IN PVOID FileInformation
+);
+
+NTKERNELAPI
+VOID
+NTAPI
+IoSetTopLevelIrp (
+ IN PIRP Irp
+);
+
+NTKERNELAPI
+NTSTATUS
+NTAPI
+IoSynchronousPageWrite (
+ IN PFILE_OBJECT FileObject,
+ IN PMDL Mdl,
+ IN PLARGE_INTEGER FileOffset,
+ IN PKEVENT Event,
+ OUT PIO_STATUS_BLOCK IoStatusBlock
+);
+
+NTKERNELAPI
+PEPROCESS
+NTAPI
+IoThreadToProcess (
+ IN PETHREAD Thread
+);
+
+NTKERNELAPI
+VOID
+NTAPI
+IoUnregisterFileSystem (
+ IN OUT PDEVICE_OBJECT DeviceObject
+);
+
+#if (VER_PRODUCTBUILD >= 1381)
+
+NTKERNELAPI
+NTSTATUS
+NTAPI
+IoUnregisterFsRegistrationChange (
+ IN PDRIVER_OBJECT DriverObject,
+ IN PDRIVER_FS_NOTIFICATION DriverNotificationRoutine
+);
+
+#endif // (VER_PRODUCTBUILD >= 1381)
+
+NTKERNELAPI
+NTSTATUS
+NTAPI
+IoVerifyVolume (
+ IN PDEVICE_OBJECT DeviceObject,
+ IN BOOLEAN AllowRawMount
+);
+
+NTKERNELAPI
+VOID
+NTAPI
+KeAttachProcess (
+ IN PEPROCESS Process
+);
+
+NTKERNELAPI
+VOID
+NTAPI
+KeDetachProcess (
+ VOID
+);
+
+NTKERNELAPI
+VOID
+NTAPI
+KeInitializeQueue (
+ IN PRKQUEUE Queue,
+ IN ULONG Count OPTIONAL
+);
+
+NTKERNELAPI
+LONG
+NTAPI
+KeInsertHeadQueue (
+ IN PRKQUEUE Queue,
+ IN PLIST_ENTRY Entry
+);
+
+NTKERNELAPI
+LONG
+NTAPI
+KeInsertQueue (
+ IN PRKQUEUE Queue,
+ IN PLIST_ENTRY Entry
+);
+
+NTKERNELAPI
+VOID
+NTAPI
+KeInsertQueueApc (
+ IN PKAPC Apc,
+ IN PVOID SystemArgument1,
+ IN PVOID SystemArgument2,
+ UCHAR Unknown
+);
+
+NTKERNELAPI
+LONG
+NTAPI
+KeReadStateQueue (
+ IN PRKQUEUE Queue
+);
+
+NTKERNELAPI
+PLIST_ENTRY
+NTAPI
+KeRemoveQueue (
+ IN PRKQUEUE Queue,
+ IN KPROCESSOR_MODE WaitMode,
+ IN PLARGE_INTEGER Timeout OPTIONAL
+);
+
+NTKERNELAPI
+PLIST_ENTRY
+NTAPI
+KeRundownQueue (
+ IN PRKQUEUE Queue
+);
+
+#if (VER_PRODUCTBUILD >= 2195)
+
+NTKERNELAPI
+VOID
+NTAPI
+KeStackAttachProcess (
+ IN PKPROCESS Process,
+ OUT PKAPC_STATE ApcState
+);
+
+NTKERNELAPI
+VOID
+NTAPI
+KeUnstackDetachProcess (
+ IN PKAPC_STATE ApcState
+);
+
+#endif // (VER_PRODUCTBUILD >= 2195)
+
+NTKERNELAPI
+BOOLEAN
+NTAPI
+MmCanFileBeTruncated (
+ IN PSECTION_OBJECT_POINTERS SectionObjectPointer,
+ IN PLARGE_INTEGER NewFileSize
+);
+
+NTKERNELAPI
+BOOLEAN
+NTAPI
+MmFlushImageSection (
+ IN PSECTION_OBJECT_POINTERS SectionObjectPointer,
+ IN MMFLUSH_TYPE FlushType
+);
+
+NTKERNELAPI
+BOOLEAN
+NTAPI
+MmForceSectionClosed (
+ IN PSECTION_OBJECT_POINTERS SectionObjectPointer,
+ IN BOOLEAN DelayClose
+);
+
+#if (VER_PRODUCTBUILD >= 1381)
+
+NTKERNELAPI
+BOOLEAN
+NTAPI
+MmIsRecursiveIoFault (
+ VOID
+);
+
+#else
+
+#define MmIsRecursiveIoFault() ( \
+ (PsGetCurrentThread()->DisablePageFaultClustering) | \
+ (PsGetCurrentThread()->ForwardClusterOnly) \
+)
+
+#endif
+
+NTKERNELAPI
+NTSTATUS
+NTAPI
+MmMapViewOfSection (
+ IN PVOID SectionObject,
+ IN PEPROCESS Process,
+ IN OUT PVOID *BaseAddress,
+ IN ULONG ZeroBits,
+ IN ULONG CommitSize,
+ IN OUT PLARGE_INTEGER SectionOffset OPTIONAL,
+ IN OUT PULONG ViewSize,
+ IN SECTION_INHERIT InheritDisposition,
+ IN ULONG AllocationType,
+ IN ULONG Protect
+);
+
+NTKERNELAPI
+BOOLEAN
+NTAPI
+MmSetAddressRangeModified (
+ IN PVOID Address,
+ IN ULONG Length
+);
+
+NTKERNELAPI
+NTSTATUS
+NTAPI
+ObCreateObject (
+ IN KPROCESSOR_MODE ObjectAttributesAccessMode OPTIONAL,
+ IN POBJECT_TYPE ObjectType,
+ IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
+ IN KPROCESSOR_MODE AccessMode,
+ IN OUT PVOID ParseContext OPTIONAL,
+ IN ULONG ObjectSize,
+ IN ULONG PagedPoolCharge OPTIONAL,
+ IN ULONG NonPagedPoolCharge OPTIONAL,
+ OUT PVOID *Object
+);
+
+NTKERNELAPI
+ULONG
+NTAPI
+ObGetObjectPointerCount (
+ IN PVOID Object
+);
+
+NTKERNELAPI
+NTSTATUS
+NTAPI
+ObInsertObject (
+ IN PVOID Object,
+ IN PACCESS_STATE PassedAccessState OPTIONAL,
+ IN ACCESS_MASK DesiredAccess,
+ IN ULONG AdditionalReferences,
+ OUT PVOID *ReferencedObject OPTIONAL,
+ OUT PHANDLE Handle
+);
+
+NTKERNELAPI
+VOID
+NTAPI
+ObMakeTemporaryObject (
+ IN PVOID Object
+);
+
+NTKERNELAPI
+NTSTATUS
+NTAPI
+ObOpenObjectByPointer (
+ IN PVOID Object,
+ IN ULONG HandleAttributes,
+ IN PACCESS_STATE PassedAccessState OPTIONAL,
+ IN ACCESS_MASK DesiredAccess OPTIONAL,
+ IN POBJECT_TYPE ObjectType OPTIONAL,
+ IN KPROCESSOR_MODE AccessMode,
+ OUT PHANDLE Handle
+);
+
+NTKERNELAPI
+NTSTATUS
+NTAPI
+ObQueryNameString (
+ IN PVOID Object,
+ OUT POBJECT_NAME_INFORMATION ObjectNameInfo,
+ IN ULONG Length,
+ OUT PULONG ReturnLength
+);
+
+NTKERNELAPI
+NTSTATUS
+NTAPI
+ObQueryObjectAuditingByHandle (
+ IN HANDLE Handle,
+ OUT PBOOLEAN GenerateOnClose
+);
+
+NTKERNELAPI
+NTSTATUS
+NTAPI
+ObReferenceObjectByName (
+ IN PUNICODE_STRING ObjectName,
+ IN ULONG Attributes,
+ IN PACCESS_STATE PassedAccessState OPTIONAL,
+ IN ACCESS_MASK DesiredAccess OPTIONAL,
+ IN POBJECT_TYPE ObjectType,
+ IN KPROCESSOR_MODE AccessMode,
+ IN OUT PVOID ParseContext OPTIONAL,
+ OUT PVOID *Object
+);
+
+NTKERNELAPI
+VOID
+NTAPI
+PsChargePoolQuota (
+ IN PEPROCESS Process,
+ IN POOL_TYPE PoolType,
+ IN ULONG Amount
+);
+
+#define PsDereferenceImpersonationToken(T) \
+ {if (ARGUMENT_PRESENT(T)) { \
+ (ObDereferenceObject((T))); \
+ } else { \
+ ; \
+ } \
+}
+
+#define PsDereferencePrimaryToken(T) (ObDereferenceObject((T)))
+
+NTKERNELAPI
+ULONGLONG
+NTAPI
+PsGetProcessExitTime (
+ VOID
+);
+
+NTKERNELAPI
+BOOLEAN
+NTAPI
+PsIsThreadTerminating (
+ IN PETHREAD Thread
+);
+
+NTKERNELAPI
+NTSTATUS
+NTAPI
+PsLookupProcessByProcessId (
+ IN PVOID ProcessId,
+ OUT PEPROCESS *Process
+);
+
+NTKERNELAPI
+NTSTATUS
+NTAPI
+PsLookupProcessThreadByCid (
+ IN PCLIENT_ID Cid,
+ OUT PEPROCESS *Process OPTIONAL,
+ OUT PETHREAD *Thread
+);
+
+NTKERNELAPI
+NTSTATUS
+NTAPI
+PsLookupThreadByThreadId (
+ IN PVOID UniqueThreadId,
+ OUT PETHREAD *Thread
+);
+
+NTKERNELAPI
+PACCESS_TOKEN
+NTAPI
+PsReferenceImpersonationToken (
+ IN PETHREAD Thread,
+ OUT PBOOLEAN CopyOnUse,
+ OUT PBOOLEAN EffectiveOnly,
+ OUT PSECURITY_IMPERSONATION_LEVEL Level
+);
+
+NTKERNELAPI
+HANDLE
+NTAPI
+PsReferencePrimaryToken (
+ IN PEPROCESS Process
+);
+
+NTKERNELAPI
+VOID
+NTAPI
+PsReturnPoolQuota (
+ IN PEPROCESS Process,
+ IN POOL_TYPE PoolType,
+ IN ULONG Amount
+);
+
+NTKERNELAPI
+VOID
+NTAPI
+PsRevertToSelf (
+ VOID
+);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+RtlAbsoluteToSelfRelativeSD (
+ IN PSECURITY_DESCRIPTOR AbsoluteSecurityDescriptor,
+ IN OUT PSECURITY_DESCRIPTOR SelfRelativeSecurityDescriptor,
+ IN PULONG BufferLength
+);
+
+NTSYSAPI
+PVOID
+NTAPI
+RtlAllocateHeap (
+ IN HANDLE HeapHandle,
+ IN ULONG Flags,
+ IN ULONG Size
+);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+RtlCompressBuffer (
+ IN USHORT CompressionFormatAndEngine,
+ IN PUCHAR UncompressedBuffer,
+ IN ULONG UncompressedBufferSize,
+ OUT PUCHAR CompressedBuffer,
+ IN ULONG CompressedBufferSize,
+ IN ULONG UncompressedChunkSize,
+ OUT PULONG FinalCompressedSize,
+ IN PVOID WorkSpace
+);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+RtlCompressChunks (
+ IN PUCHAR UncompressedBuffer,
+ IN ULONG UncompressedBufferSize,
+ OUT PUCHAR CompressedBuffer,
+ IN ULONG CompressedBufferSize,
+ IN OUT PCOMPRESSED_DATA_INFO CompressedDataInfo,
+ IN ULONG CompressedDataInfoLength,
+ IN PVOID WorkSpace
+);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+RtlConvertSidToUnicodeString (
+ OUT PUNICODE_STRING DestinationString,
+ IN PSID Sid,
+ IN BOOLEAN AllocateDestinationString
+);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+RtlCopySid (
+ IN ULONG Length,
+ IN PSID Destination,
+ IN PSID Source
+);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+RtlDecompressBuffer (
+ IN USHORT CompressionFormat,
+ OUT PUCHAR UncompressedBuffer,
+ IN ULONG UncompressedBufferSize,
+ IN PUCHAR CompressedBuffer,
+ IN ULONG CompressedBufferSize,
+ OUT PULONG FinalUncompressedSize
+);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+RtlDecompressChunks (
+ OUT PUCHAR UncompressedBuffer,
+ IN ULONG UncompressedBufferSize,
+ IN PUCHAR CompressedBuffer,
+ IN ULONG CompressedBufferSize,
+ IN PUCHAR CompressedTail,
+ IN ULONG CompressedTailSize,
+ IN PCOMPRESSED_DATA_INFO CompressedDataInfo
+);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+RtlDecompressFragment (
+ IN USHORT CompressionFormat,
+ OUT PUCHAR UncompressedFragment,
+ IN ULONG UncompressedFragmentSize,
+ IN PUCHAR CompressedBuffer,
+ IN ULONG CompressedBufferSize,
+ IN ULONG FragmentOffset,
+ OUT PULONG FinalUncompressedSize,
+ IN PVOID WorkSpace
+);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+RtlDescribeChunk (
+ IN USHORT CompressionFormat,
+ IN OUT PUCHAR *CompressedBuffer,
+ IN PUCHAR EndOfCompressedBufferPlus1,
+ OUT PUCHAR *ChunkBuffer,
+ OUT PULONG ChunkSize
+);
+
+NTSYSAPI
+BOOLEAN
+NTAPI
+RtlEqualSid (
+ IN PSID Sid1,
+ IN PSID Sid2
+);
+
+NTSYSAPI
+VOID
+NTAPI
+RtlFillMemoryUlong (
+ IN PVOID Destination,
+ IN ULONG Length,
+ IN ULONG Fill
+);
+
+NTSYSAPI
+BOOLEAN
+NTAPI
+RtlFreeHeap (
+ IN HANDLE HeapHandle,
+ IN ULONG Flags,
+ IN PVOID P
+);
+
+NTSYSAPI
+VOID
+NTAPI
+RtlGenerate8dot3Name (
+ IN PUNICODE_STRING Name,
+ IN BOOLEAN AllowExtendedCharacters,
+ IN OUT PGENERATE_NAME_CONTEXT Context,
+ OUT PUNICODE_STRING Name8dot3
+);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+RtlGetCompressionWorkSpaceSize (
+ IN USHORT CompressionFormatAndEngine,
+ OUT PULONG CompressBufferWorkSpaceSize,
+ OUT PULONG CompressFragmentWorkSpaceSize
+);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+RtlGetDaclSecurityDescriptor (
+ IN PSECURITY_DESCRIPTOR SecurityDescriptor,
+ OUT PBOOLEAN DaclPresent,
+ OUT PACL *Dacl,
+ OUT PBOOLEAN DaclDefaulted
+);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+RtlGetGroupSecurityDescriptor (
+ IN PSECURITY_DESCRIPTOR SecurityDescriptor,
+ OUT PSID *Group,
+ OUT PBOOLEAN GroupDefaulted
+);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+RtlGetOwnerSecurityDescriptor (
+ IN PSECURITY_DESCRIPTOR SecurityDescriptor,
+ OUT PSID *Owner,
+ OUT PBOOLEAN OwnerDefaulted
+);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+RtlInitializeSid (
+ IN OUT PSID Sid,
+ IN PSID_IDENTIFIER_AUTHORITY IdentifierAuthority,
+ IN UCHAR SubAuthorityCount
+);
+
+NTSYSAPI
+BOOLEAN
+NTAPI
+RtlIsNameLegalDOS8Dot3 (
+ IN PUNICODE_STRING UnicodeName,
+ IN PANSI_STRING AnsiName,
+ PBOOLEAN Unknown
+);
+
+NTSYSAPI
+ULONG
+NTAPI
+RtlLengthRequiredSid (
+ IN UCHAR SubAuthorityCount
+);
+
+NTSYSAPI
+ULONG
+NTAPI
+RtlLengthSid (
+ IN PSID Sid
+);
+
+NTSYSAPI
+ULONG
+NTAPI
+RtlNtStatusToDosError (
+ IN NTSTATUS Status
+);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+RtlReserveChunk (
+ IN USHORT CompressionFormat,
+ IN OUT PUCHAR *CompressedBuffer,
+ IN PUCHAR EndOfCompressedBufferPlus1,
+ OUT PUCHAR *ChunkBuffer,
+ IN ULONG ChunkSize
+);
+
+NTSYSAPI
+VOID
+NTAPI
+RtlSecondsSince1970ToTime (
+ IN ULONG SecondsSince1970,
+ OUT PLARGE_INTEGER Time
+);
+
+#if (VER_PRODUCTBUILD >= 2195)
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+RtlSelfRelativeToAbsoluteSD (
+ IN PSECURITY_DESCRIPTOR SelfRelativeSD,
+ OUT PSECURITY_DESCRIPTOR AbsoluteSD,
+ IN PULONG AbsoluteSDSize,
+ IN PACL Dacl,
+ IN PULONG DaclSize,
+ IN PACL Sacl,
+ IN PULONG SaclSize,
+ IN PSID Owner,
+ IN PULONG OwnerSize,
+ IN PSID PrimaryGroup,
+ IN PULONG PrimaryGroupSize
+);
+
+#endif // (VER_PRODUCTBUILD >= 2195)
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+RtlSetGroupSecurityDescriptor (
+ IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor,
+ IN PSID Group,
+ IN BOOLEAN GroupDefaulted
+);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+RtlSetOwnerSecurityDescriptor (
+ IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor,
+ IN PSID Owner,
+ IN BOOLEAN OwnerDefaulted
+);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+RtlSetSaclSecurityDescriptor (
+ IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor,
+ IN BOOLEAN SaclPresent,
+ IN PACL Sacl,
+ IN BOOLEAN SaclDefaulted
+);
+
+NTSYSAPI
+PUCHAR
+NTAPI
+RtlSubAuthorityCountSid (
+ IN PSID Sid
+);
+
+NTSYSAPI
+PULONG
+NTAPI
+RtlSubAuthoritySid (
+ IN PSID Sid,
+ IN ULONG SubAuthority
+);
+
+NTSYSAPI
+BOOLEAN
+NTAPI
+RtlValidSid (
+ IN PSID Sid
+);
+
+NTKERNELAPI
+NTSTATUS
+NTAPI
+SeAppendPrivileges (
+ PACCESS_STATE AccessState,
+ PPRIVILEGE_SET Privileges
+);
+
+NTKERNELAPI
+BOOLEAN
+NTAPI
+SeAuditingFileEvents (
+ IN BOOLEAN AccessGranted,
+ IN PSECURITY_DESCRIPTOR SecurityDescriptor
+);
+
+NTKERNELAPI
+BOOLEAN
+NTAPI
+SeAuditingFileOrGlobalEvents (
+ IN BOOLEAN AccessGranted,
+ IN PSECURITY_DESCRIPTOR SecurityDescriptor,
+ IN PSECURITY_SUBJECT_CONTEXT SubjectContext
+);
+
+NTKERNELAPI
+VOID
+NTAPI
+SeCaptureSubjectContext (
+ OUT PSECURITY_SUBJECT_CONTEXT SubjectContext
+);
+
+NTKERNELAPI
+NTSTATUS
+NTAPI
+SeCreateAccessState (
+ OUT PACCESS_STATE AccessState,
+ IN PVOID AuxData,
+ IN ACCESS_MASK AccessMask,
+ IN PGENERIC_MAPPING Mapping
+);
+
+NTKERNELAPI
+NTSTATUS
+NTAPI
+SeCreateClientSecurity (
+ IN PETHREAD Thread,
+ IN PSECURITY_QUALITY_OF_SERVICE QualityOfService,
+ IN BOOLEAN RemoteClient,
+ OUT PSECURITY_CLIENT_CONTEXT ClientContext
+);
+
+#if (VER_PRODUCTBUILD >= 2195)
+
+NTKERNELAPI
+NTSTATUS
+NTAPI
+SeCreateClientSecurityFromSubjectContext (
+ IN PSECURITY_SUBJECT_CONTEXT SubjectContext,
+ IN PSECURITY_QUALITY_OF_SERVICE QualityOfService,
+ IN BOOLEAN ServerIsRemote,
+ OUT PSECURITY_CLIENT_CONTEXT ClientContext
+);
+
+#endif // (VER_PRODUCTBUILD >= 2195)
+
+#define SeDeleteClientSecurity(C) { \
+ if (SeTokenType((C)->ClientToken) == TokenPrimary) { \
+ PsDereferencePrimaryToken( (C)->ClientToken ); \
+ } else { \
+ PsDereferenceImpersonationToken( (C)->ClientToken ); \
+ } \
+}
+
+NTKERNELAPI
+VOID
+NTAPI
+SeDeleteObjectAuditAlarm (
+ IN PVOID Object,
+ IN HANDLE Handle
+);
+
+#define SeEnableAccessToExports() SeExports = *(PSE_EXPORTS *)SeExports;
+
+NTKERNELAPI
+VOID
+NTAPI
+SeFreePrivileges (
+ IN PPRIVILEGE_SET Privileges
+);
+
+NTKERNELAPI
+VOID
+NTAPI
+SeImpersonateClient (
+ IN PSECURITY_CLIENT_CONTEXT ClientContext,
+ IN PETHREAD ServerThread OPTIONAL
+);
+
+#if (VER_PRODUCTBUILD >= 2195)
+
+NTKERNELAPI
+NTSTATUS
+NTAPI
+SeImpersonateClientEx (
+ IN PSECURITY_CLIENT_CONTEXT ClientContext,
+ IN PETHREAD ServerThread OPTIONAL
+);
+
+#endif // (VER_PRODUCTBUILD >= 2195)
+
+NTKERNELAPI
+VOID
+NTAPI
+SeLockSubjectContext (
+ IN PSECURITY_SUBJECT_CONTEXT SubjectContext
+);
+
+NTKERNELAPI
+NTSTATUS
+NTAPI
+SeMarkLogonSessionForTerminationNotification (
+ IN PLUID LogonId
+);
+
+NTKERNELAPI
+VOID
+NTAPI
+SeOpenObjectAuditAlarm (
+ IN PUNICODE_STRING ObjectTypeName,
+ IN PVOID Object OPTIONAL,
+ IN PUNICODE_STRING AbsoluteObjectName OPTIONAL,
+ IN PSECURITY_DESCRIPTOR SecurityDescriptor,
+ IN PACCESS_STATE AccessState,
+ IN BOOLEAN ObjectCreated,
+ IN BOOLEAN AccessGranted,
+ IN KPROCESSOR_MODE AccessMode,
+ OUT PBOOLEAN GenerateOnClose
+);
+
+NTKERNELAPI
+VOID
+NTAPI
+SeOpenObjectForDeleteAuditAlarm (
+ IN PUNICODE_STRING ObjectTypeName,
+ IN PVOID Object OPTIONAL,
+ IN PUNICODE_STRING AbsoluteObjectName OPTIONAL,
+ IN PSECURITY_DESCRIPTOR SecurityDescriptor,
+ IN PACCESS_STATE AccessState,
+ IN BOOLEAN ObjectCreated,
+ IN BOOLEAN AccessGranted,
+ IN KPROCESSOR_MODE AccessMode,
+ OUT PBOOLEAN GenerateOnClose
+);
+
+NTKERNELAPI
+BOOLEAN
+NTAPI
+SePrivilegeCheck (
+ IN OUT PPRIVILEGE_SET RequiredPrivileges,
+ IN PSECURITY_SUBJECT_CONTEXT SubjectContext,
+ IN KPROCESSOR_MODE AccessMode
+);
+
+NTKERNELAPI
+NTSTATUS
+NTAPI
+SeQueryAuthenticationIdToken (
+ IN PACCESS_TOKEN Token,
+ OUT PLUID LogonId
+);
+
+#if (VER_PRODUCTBUILD >= 2195)
+
+NTKERNELAPI
+NTSTATUS
+NTAPI
+SeQueryInformationToken (
+ IN PACCESS_TOKEN Token,
+ IN TOKEN_INFORMATION_CLASS TokenInformationClass,
+ OUT PVOID *TokenInformation
+);
+
+#endif // (VER_PRODUCTBUILD >= 2195)
+
+NTKERNELAPI
+NTSTATUS
+NTAPI
+SeQuerySecurityDescriptorInfo (
+ IN PSECURITY_INFORMATION SecurityInformation,
+ OUT PSECURITY_DESCRIPTOR SecurityDescriptor,
+ IN OUT PULONG Length,
+ IN PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor
+);
+
+#if (VER_PRODUCTBUILD >= 2195)
+
+NTKERNELAPI
+NTSTATUS
+NTAPI
+SeQuerySessionIdToken (
+ IN PACCESS_TOKEN Token,
+ IN PULONG SessionId
+);
+
+#endif // (VER_PRODUCTBUILD >= 2195)
+
+#define SeQuerySubjectContextToken( SubjectContext ) \
+ ( ARGUMENT_PRESENT( \
+ ((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->ClientToken \
+ ) ? \
+ ((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->ClientToken : \
+ ((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->PrimaryToken )
+
+typedef NTSTATUS (*PSE_LOGON_SESSION_TERMINATED_ROUTINE) (
+ IN PLUID LogonId
+);
+
+NTKERNELAPI
+NTSTATUS
+NTAPI
+SeRegisterLogonSessionTerminatedRoutine (
+ IN PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine
+);
+
+NTKERNELAPI
+VOID
+NTAPI
+SeReleaseSubjectContext (
+ IN PSECURITY_SUBJECT_CONTEXT SubjectContext
+);
+
+NTKERNELAPI
+VOID
+NTAPI
+SeSetAccessStateGenericMapping (
+ PACCESS_STATE AccessState,
+ PGENERIC_MAPPING GenericMapping
+);
+
+NTKERNELAPI
+NTSTATUS
+NTAPI
+SeSetSecurityDescriptorInfo (
+ IN PVOID Object OPTIONAL,
+ IN PSECURITY_INFORMATION SecurityInformation,
+ IN PSECURITY_DESCRIPTOR SecurityDescriptor,
+ IN OUT PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor,
+ IN POOL_TYPE PoolType,
+ IN PGENERIC_MAPPING GenericMapping
+);
+
+#if (VER_PRODUCTBUILD >= 2195)
+
+NTKERNELAPI
+NTSTATUS
+NTAPI
+SeSetSecurityDescriptorInfoEx (
+ IN PVOID Object OPTIONAL,
+ IN PSECURITY_INFORMATION SecurityInformation,
+ IN PSECURITY_DESCRIPTOR ModificationDescriptor,
+ IN OUT PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor,
+ IN ULONG AutoInheritFlags,
+ IN POOL_TYPE PoolType,
+ IN PGENERIC_MAPPING GenericMapping
+);
+
+NTKERNELAPI
+BOOLEAN
+NTAPI
+SeTokenIsAdmin (
+ IN PACCESS_TOKEN Token
+);
+
+NTKERNELAPI
+BOOLEAN
+NTAPI
+SeTokenIsRestricted (
+ IN PACCESS_TOKEN Token
+);
+
+#endif // (VER_PRODUCTBUILD >= 2195)
+
+NTKERNELAPI
+TOKEN_TYPE
+NTAPI
+SeTokenType (
+ IN PACCESS_TOKEN Token
+);
+
+NTKERNELAPI
+VOID
+NTAPI
+SeUnlockSubjectContext (
+ IN PSECURITY_SUBJECT_CONTEXT SubjectContext
+);
+
+NTKERNELAPI
+NTSTATUS
+SeUnregisterLogonSessionTerminatedRoutine (
+ IN PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine
+);
+
+#if (VER_PRODUCTBUILD >= 2195)
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwAdjustPrivilegesToken (
+ IN HANDLE TokenHandle,
+ IN BOOLEAN DisableAllPrivileges,
+ IN PTOKEN_PRIVILEGES NewState,
+ IN ULONG BufferLength,
+ OUT PTOKEN_PRIVILEGES PreviousState OPTIONAL,
+ OUT PULONG ReturnLength
+);
+
+#endif // (VER_PRODUCTBUILD >= 2195)
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwAlertThread (
+ IN HANDLE ThreadHandle
+);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwAllocateVirtualMemory (
+ IN HANDLE ProcessHandle,
+ IN OUT PVOID *BaseAddress,
+ IN ULONG ZeroBits,
+ IN OUT PULONG RegionSize,
+ IN ULONG AllocationType,
+ IN ULONG Protect
+);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwAccessCheckAndAuditAlarm (
+ IN PUNICODE_STRING SubsystemName,
+ IN PVOID HandleId,
+ IN PUNICODE_STRING ObjectTypeName,
+ IN PUNICODE_STRING ObjectName,
+ IN PSECURITY_DESCRIPTOR SecurityDescriptor,
+ IN ACCESS_MASK DesiredAccess,
+ IN PGENERIC_MAPPING GenericMapping,
+ IN BOOLEAN ObjectCreation,
+ OUT PACCESS_MASK GrantedAccess,
+ OUT PBOOLEAN AccessStatus,
+ OUT PBOOLEAN GenerateOnClose
+);
+
+#if (VER_PRODUCTBUILD >= 2195)
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwCancelIoFile (
+ IN HANDLE FileHandle,
+ OUT PIO_STATUS_BLOCK IoStatusBlock
+);
+
+#endif // (VER_PRODUCTBUILD >= 2195)
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwClearEvent (
+ IN HANDLE EventHandle
+);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwCloseObjectAuditAlarm (
+ IN PUNICODE_STRING SubsystemName,
+ IN PVOID HandleId,
+ IN BOOLEAN GenerateOnClose
+);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwCreateSection (
+ OUT PHANDLE SectionHandle,
+ IN ACCESS_MASK DesiredAccess,
+ IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
+ IN PLARGE_INTEGER MaximumSize OPTIONAL,
+ IN ULONG SectionPageProtection,
+ IN ULONG AllocationAttributes,
+ IN HANDLE FileHandle OPTIONAL
+);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwCreateSymbolicLinkObject (
+ OUT PHANDLE SymbolicLinkHandle,
+ IN ACCESS_MASK DesiredAccess,
+ IN POBJECT_ATTRIBUTES ObjectAttributes,
+ IN PUNICODE_STRING TargetName
+);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwDeleteFile (
+ IN POBJECT_ATTRIBUTES ObjectAttributes
+);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwDeleteValueKey (
+ IN HANDLE Handle,
+ IN PUNICODE_STRING Name
+);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwDeviceIoControlFile (
+ IN HANDLE FileHandle,
+ IN HANDLE Event OPTIONAL,
+ IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
+ IN PVOID ApcContext OPTIONAL,
+ OUT PIO_STATUS_BLOCK IoStatusBlock,
+ IN ULONG IoControlCode,
+ IN PVOID InputBuffer OPTIONAL,
+ IN ULONG InputBufferLength,
+ OUT PVOID OutputBuffer OPTIONAL,
+ IN ULONG OutputBufferLength
+);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwDisplayString (
+ IN PUNICODE_STRING String
+);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwDuplicateObject (
+ IN HANDLE SourceProcessHandle,
+ IN HANDLE SourceHandle,
+ IN HANDLE TargetProcessHandle OPTIONAL,
+ OUT PHANDLE TargetHandle OPTIONAL,
+ IN ACCESS_MASK DesiredAccess,
+ IN ULONG HandleAttributes,
+ IN ULONG Options
+);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwDuplicateToken (
+ IN HANDLE ExistingTokenHandle,
+ IN ACCESS_MASK DesiredAccess,
+ IN POBJECT_ATTRIBUTES ObjectAttributes,
+ IN BOOLEAN EffectiveOnly,
+ IN TOKEN_TYPE TokenType,
+ OUT PHANDLE NewTokenHandle
+);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwFlushInstructionCache (
+ IN HANDLE ProcessHandle,
+ IN PVOID BaseAddress OPTIONAL,
+ IN ULONG FlushSize
+);
+
+#if (VER_PRODUCTBUILD >= 2195)
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwFlushVirtualMemory (
+ IN HANDLE ProcessHandle,
+ IN OUT PVOID *BaseAddress,
+ IN OUT PULONG FlushSize,
+ OUT PIO_STATUS_BLOCK IoStatusBlock
+);
+
+#endif // (VER_PRODUCTBUILD >= 2195)
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwFreeVirtualMemory (
+ IN HANDLE ProcessHandle,
+ IN OUT PVOID *BaseAddress,
+ IN OUT PULONG RegionSize,
+ IN ULONG FreeType
+);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwFsControlFile (
+ IN HANDLE FileHandle,
+ IN HANDLE Event OPTIONAL,
+ IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
+ IN PVOID ApcContext OPTIONAL,
+ OUT PIO_STATUS_BLOCK IoStatusBlock,
+ IN ULONG FsControlCode,
+ IN PVOID InputBuffer OPTIONAL,
+ IN ULONG InputBufferLength,
+ OUT PVOID OutputBuffer OPTIONAL,
+ IN ULONG OutputBufferLength
+);
+
+#if (VER_PRODUCTBUILD >= 2195)
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwInitiatePowerAction (
+ IN POWER_ACTION SystemAction,
+ IN SYSTEM_POWER_STATE MinSystemState,
+ IN ULONG Flags,
+ IN BOOLEAN Asynchronous
+);
+
+#endif // (VER_PRODUCTBUILD >= 2195)
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwLoadDriver (
+ // "\\Registry\\Machine\\System\\CurrentControlSet\\Services\\<DriverName>"
+ IN PUNICODE_STRING RegistryPath
+);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwLoadKey (
+ IN POBJECT_ATTRIBUTES KeyObjectAttributes,
+ IN POBJECT_ATTRIBUTES FileObjectAttributes
+);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwNotifyChangeKey (
+ IN HANDLE KeyHandle,
+ IN HANDLE EventHandle OPTIONAL,
+ IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
+ IN PVOID ApcContext OPTIONAL,
+ OUT PIO_STATUS_BLOCK IoStatusBlock,
+ IN ULONG NotifyFilter,
+ IN BOOLEAN WatchSubtree,
+ IN PVOID Buffer,
+ IN ULONG BufferLength,
+ IN BOOLEAN Asynchronous
+);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwOpenDirectoryObject (
+ OUT PHANDLE DirectoryHandle,
+ IN ACCESS_MASK DesiredAccess,
+ IN POBJECT_ATTRIBUTES ObjectAttributes
+);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwOpenEvent (
+ OUT PHANDLE EventHandle,
+ IN ACCESS_MASK DesiredAccess,
+ IN POBJECT_ATTRIBUTES ObjectAttributes
+);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwOpenProcess (
+ OUT PHANDLE ProcessHandle,
+ IN ACCESS_MASK DesiredAccess,
+ IN POBJECT_ATTRIBUTES ObjectAttributes,
+ IN PCLIENT_ID ClientId OPTIONAL
+);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwOpenProcessToken (
+ IN HANDLE ProcessHandle,
+ IN ACCESS_MASK DesiredAccess,
+ OUT PHANDLE TokenHandle
+);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwOpenThread (
+ OUT PHANDLE ThreadHandle,
+ IN ACCESS_MASK DesiredAccess,
+ IN POBJECT_ATTRIBUTES ObjectAttributes,
+ IN PCLIENT_ID ClientId
+);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwOpenThreadToken (
+ IN HANDLE ThreadHandle,
+ IN ACCESS_MASK DesiredAccess,
+ IN BOOLEAN OpenAsSelf,
+ OUT PHANDLE TokenHandle
+);
+
+#if (VER_PRODUCTBUILD >= 2195)
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwPowerInformation (
+ IN POWER_INFORMATION_LEVEL PowerInformationLevel,
+ IN PVOID InputBuffer OPTIONAL,
+ IN ULONG InputBufferLength,
+ OUT PVOID OutputBuffer OPTIONAL,
+ IN ULONG OutputBufferLength
+);
+
+#endif // (VER_PRODUCTBUILD >= 2195)
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwPulseEvent (
+ IN HANDLE EventHandle,
+ OUT PULONG PreviousState OPTIONAL
+);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwQueryDefaultLocale (
+ IN BOOLEAN ThreadOrSystem,
+ OUT PLCID Locale
+);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwQueryDirectoryFile (
+ IN HANDLE FileHandle,
+ IN HANDLE Event OPTIONAL,
+ IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
+ IN PVOID ApcContext OPTIONAL,
+ OUT PIO_STATUS_BLOCK IoStatusBlock,
+ OUT PVOID FileInformation,
+ IN ULONG Length,
+ IN FILE_INFORMATION_CLASS FileInformationClass,
+ IN BOOLEAN ReturnSingleEntry,
+ IN PUNICODE_STRING FileName OPTIONAL,
+ IN BOOLEAN RestartScan
+);
+
+#if (VER_PRODUCTBUILD >= 2195)
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwQueryDirectoryObject (
+ IN HANDLE DirectoryHandle,
+ OUT PVOID Buffer,
+ IN ULONG Length,
+ IN BOOLEAN ReturnSingleEntry,
+ IN BOOLEAN RestartScan,
+ IN OUT PULONG Context,
+ OUT PULONG ReturnLength OPTIONAL
+);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwQueryEaFile (
+ IN HANDLE FileHandle,
+ OUT PIO_STATUS_BLOCK IoStatusBlock,
+ OUT PVOID Buffer,
+ IN ULONG Length,
+ IN BOOLEAN ReturnSingleEntry,
+ IN PVOID EaList OPTIONAL,
+ IN ULONG EaListLength,
+ IN PULONG EaIndex OPTIONAL,
+ IN BOOLEAN RestartScan
+);
+
+#endif // (VER_PRODUCTBUILD >= 2195)
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwQueryInformationProcess (
+ IN HANDLE ProcessHandle,
+ IN PROCESSINFOCLASS ProcessInformationClass,
+ OUT PVOID ProcessInformation,
+ IN ULONG ProcessInformationLength,
+ OUT PULONG ReturnLength OPTIONAL
+);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwQueryInformationToken (
+ IN HANDLE TokenHandle,
+ IN TOKEN_INFORMATION_CLASS TokenInformationClass,
+ OUT PVOID TokenInformation,
+ IN ULONG Length,
+ OUT PULONG ResultLength
+);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwQueryObject (
+ IN HANDLE ObjectHandle,
+ IN OBJECT_INFO_CLASS ObjectInformationClass,
+ OUT PVOID ObjectInformation,
+ IN ULONG Length,
+ OUT PULONG ResultLength
+);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwQuerySection (
+ IN HANDLE SectionHandle,
+ IN SECTION_INFORMATION_CLASS SectionInformationClass,
+ OUT PVOID SectionInformation,
+ IN ULONG SectionInformationLength,
+ OUT PULONG ResultLength OPTIONAL
+);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwQuerySecurityObject (
+ IN HANDLE FileHandle,
+ IN SECURITY_INFORMATION SecurityInformation,
+ OUT PSECURITY_DESCRIPTOR SecurityDescriptor,
+ IN ULONG Length,
+ OUT PULONG ResultLength
+);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwQuerySystemInformation (
+ IN SYSTEM_INFORMATION_CLASS SystemInformationClass,
+ OUT PVOID SystemInformation,
+ IN ULONG Length,
+ OUT PULONG ReturnLength
+);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwQueryVolumeInformationFile (
+ IN HANDLE FileHandle,
+ OUT PIO_STATUS_BLOCK IoStatusBlock,
+ OUT PVOID FsInformation,
+ IN ULONG Length,
+ IN FS_INFORMATION_CLASS FsInformationClass
+);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwReplaceKey (
+ IN POBJECT_ATTRIBUTES NewFileObjectAttributes,
+ IN HANDLE KeyHandle,
+ IN POBJECT_ATTRIBUTES OldFileObjectAttributes
+);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwResetEvent (
+ IN HANDLE EventHandle,
+ OUT PULONG PreviousState OPTIONAL
+);
+
+#if (VER_PRODUCTBUILD >= 2195)
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwRestoreKey (
+ IN HANDLE KeyHandle,
+ IN HANDLE FileHandle,
+ IN ULONG Flags
+);
+
+#endif // (VER_PRODUCTBUILD >= 2195)
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwSaveKey (
+ IN HANDLE KeyHandle,
+ IN HANDLE FileHandle
+);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwSetDefaultLocale (
+ IN BOOLEAN ThreadOrSystem,
+ IN LCID Locale
+);
+
+#if (VER_PRODUCTBUILD >= 2195)
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwSetDefaultUILanguage (
+ IN LANGID LanguageId
+);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwSetEaFile (
+ IN HANDLE FileHandle,
+ OUT PIO_STATUS_BLOCK IoStatusBlock,
+ OUT PVOID Buffer,
+ IN ULONG Length
+);
+
+#endif // (VER_PRODUCTBUILD >= 2195)
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwSetEvent (
+ IN HANDLE EventHandle,
+ OUT PULONG PreviousState OPTIONAL
+);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwSetInformationObject (
+ IN HANDLE ObjectHandle,
+ IN OBJECT_INFO_CLASS ObjectInformationClass,
+ IN PVOID ObjectInformation,
+ IN ULONG ObjectInformationLength
+);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwSetInformationProcess (
+ IN HANDLE ProcessHandle,
+ IN PROCESSINFOCLASS ProcessInformationClass,
+ IN PVOID ProcessInformation,
+ IN ULONG ProcessInformationLength
+);
+
+#if (VER_PRODUCTBUILD >= 2195)
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwSetSecurityObject (
+ IN HANDLE Handle,
+ IN SECURITY_INFORMATION SecurityInformation,
+ IN PSECURITY_DESCRIPTOR SecurityDescriptor
+);
+
+#endif // (VER_PRODUCTBUILD >= 2195)
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwSetSystemInformation (
+ IN SYSTEM_INFORMATION_CLASS SystemInformationClass,
+ IN PVOID SystemInformation,
+ IN ULONG Length
+);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwSetSystemTime (
+ IN PLARGE_INTEGER NewTime,
+ OUT PLARGE_INTEGER OldTime OPTIONAL
+);
+
+#if (VER_PRODUCTBUILD >= 2195)
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwSetVolumeInformationFile (
+ IN HANDLE FileHandle,
+ OUT PIO_STATUS_BLOCK IoStatusBlock,
+ IN PVOID FsInformation,
+ IN ULONG Length,
+ IN FS_INFORMATION_CLASS FsInformationClass
+);
+
+#endif // (VER_PRODUCTBUILD >= 2195)
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwTerminateProcess (
+ IN HANDLE ProcessHandle OPTIONAL,
+ IN NTSTATUS ExitStatus
+);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwUnloadDriver (
+ // "\\Registry\\Machine\\System\\CurrentControlSet\\Services\\<DriverName>"
+ IN PUNICODE_STRING RegistryPath
+);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwUnloadKey (
+ IN POBJECT_ATTRIBUTES KeyObjectAttributes
+);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwWaitForSingleObject (
+ IN HANDLE Handle,
+ IN BOOLEAN Alertable,
+ IN PLARGE_INTEGER Timeout OPTIONAL
+);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwWaitForMultipleObjects (
+ IN ULONG HandleCount,
+ IN PHANDLE Handles,
+ IN WAIT_TYPE WaitType,
+ IN BOOLEAN Alertable,
+ IN PLARGE_INTEGER Timeout OPTIONAL
+);
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwYieldExecution (
+ VOID
+);
+
+#pragma pack(pop)
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif // _NTIFS_
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-26 03:42:34 +0300