/* * ntifs.h NT Installable File System (IFS) functions * * ========================================================================= * * Open Watcom Project * * Copyright (c) 2004-2010 The Open Watcom Contributors. All Rights Reserved. * * This file is automatically generated. Do not edit directly. * * ========================================================================= */ #ifndef _NTIFS_ #define _NTIFS_ #ifndef _ENABLE_AUTODEPEND #pragma read_only_file; #endif #include #include #ifdef __cplusplus extern "C" { #endif /* Primitive data types */ typedef ULONG_PTR SID_HASH_ENTRY; typedef ULONG_PTR *PSID_HASH_ENTRY; typedef USHORT SECURITY_DESCRIPTOR_CONTROL; typedef USHORT *PSECURITY_DESCRIPTOR_CONTROL; typedef ULONG LSA_OPERATIONAL_MODE; typedef ULONG *PLSA_OPERATIONAL_MODE; typedef UNICODE_STRING LSA_UNICODE_STRING; typedef UNICODE_STRING *PLSA_UNICODE_STRING; typedef STRING LSA_STRING; typedef STRING *PLSA_STRING; typedef OBJECT_ATTRIBUTES LSA_OBJECT_ATTRIBUTES; typedef OBJECT_ATTRIBUTES *PLSA_OBJECT_ATTRIBUTES; typedef ULONG ACCESS_REASON; typedef ULONG LBN; typedef LBN *PLBN; typedef ULONG VBN; typedef VBN *PVBN; typedef PVOID OPLOCK; typedef PVOID *POPLOCK; typedef PVOID PNOTIFY_SYNC; #if (NTDDI_VERSION >= 0x06000000) typedef ULONG FSRTL_ALLOCATE_ECPLIST_FLAGS; typedef ULONG FSRTL_ALLOCATE_ECP_FLAGS; typedef ULONG FSRTL_ECP_LOOKASIDE_FLAGS; #endif /* Data type aliases */ #define EX_PUSH_LOCK ULONG_PTR #define PEX_PUSH_LOCK PULONG_PTR /* Flag manipulation macros */ #ifndef FlagOn #define FlagOn( x, p ) ((x) & (p)) #endif #ifndef BooleanFlagOn #define BooleanFlagOn( x, p ) ((BOOLEAN)(((x) & (p)) != 0)) #endif #ifndef SetFlag #define SetFlag( x, p ) ((x) |= (p)) #endif #ifndef ClearFlag #define ClearFlag( x, p ) ((x) &= ~(p)) #endif /* Current SID revision */ #define SID_REVISION 1 /* SID hash size */ #define SID_HASH_SIZE 32 /* SID identifier authority values */ #define SECURITY_NULL_SID_AUTHORITY { 0, 0, 0, 0, 0, 0 } #define SECURITY_WORLD_SID_AUTHORITY { 0, 0, 0, 0, 0, 1 } #define SECURITY_LOCAL_SID_AUTHORITY { 0, 0, 0, 0, 0, 2 } #define SECURITY_CREATOR_SID_AUTHORITY { 0, 0, 0, 0, 0, 3 } #define SECURITY_NON_UNIQUE_AUTHORITY { 0, 0, 0, 0, 0, 4 } #define SECURITY_NT_AUTHORITY { 0, 0, 0, 0, 0, 5 } #define SECURITY_RESOURCE_MANAGER_AUTHORITY { 0, 0, 0, 0, 0, 9 } #define SECURITY_MANDATORY_LABEL_AUTHORITY { 0, 0, 0, 0, 0, 16 } /* Relative identifiers */ #define SECURITY_NULL_RID 0x00000000L #define SECURITY_WORLD_RID 0x00000000L #define SECURITY_LOCAL_RID 0x00000000L #define SECURITY_LOCAL_LOGON_RID 0x00000001L #define SECURITY_CREATOR_OWNER_RID 0x00000000L #define SECURITY_CREATOR_GROUP_RID 0x00000001L #define SECURITY_CREATOR_OWNER_SERVER_RID 0x00000002L #define SECURITY_CREATOR_GROUP_SERVER_RID 0x00000003L #define SECURITY_CREATOR_OWNER_RIGHTS_RID 0x00000004L #define SECURITY_DIALUP_RID 0x00000001L #define SECURITY_NETWORK_RID 0x00000002L #define SECURITY_BATCH_RID 0x00000003L #define SECURITY_INTERACTIVE_RID 0x00000004L #define SECURITY_LOGON_IDS_RID 0x00000005L #define SECURITY_SERVICE_RID 0x00000006L #define SECURITY_ANONYMOUS_LOGON_RID 0x00000007L #define SECURITY_PROXY_RID 0x00000008L #define SECURITY_ENTERPRISE_CONTROLLERS_RID 0x00000009L #define SECURITY_SERVER_LOGON_RID \ SECURITY_ENTERPRISE_CONTROLLERS_RID #define SECURITY_PRINCIPAL_SELF_RID 0x0000000AL #define SECURITY_AUTHENTICATED_USER_RID 0x0000000BL #define SECURITY_RESTRICTED_CODE_RID 0x0000000CL #define SECURITY_TERMINAL_SERVER_RID 0x0000000DL #define SECURITY_REMOTE_LOGON_RID 0x0000000EL #define SECURITY_THIS_ORGANIZATION_RID 0x0000000FL #define SECURITY_IUSER_RID 0x00000011L #define SECURITY_LOCAL_SYSTEM_RID 0x00000012L #define SECURITY_LOCAL_SERVICE_RID 0x00000013L #define SECURITY_NETWORK_SERVICE_RID 0x00000014L #define SECURITY_NT_NON_UNIQUE 0x00000015L #define SECURITY_ENTERPRISE_READONLY_CONTROLLERS_RID 0x00000016L #define SECURITY_BUILTIN_DOMAIN_RID 0x00000020L #define SECURITY_WRITE_RESTRICTED_CODE_RID 0x00000021L #define SECURITY_PACKAGE_BASE_RID 0x00000040L #define SECURITY_PACKAGE_NTLM_RID 0x0000000AL #define SECURITY_PACKAGE_SCHANNEL_RID 0x0000000EL #define SECURITY_PACKAGE_DIGEST_RID 0x00000015L #define SECURITY_CRED_TYPE_BASE_RID 0x00000041L #define SECURITY_CRED_TYPE_THIS_ORG_CERT_RID 0x00000001L #define SECURITY_MIN_BASE_RID 0x00000050L #define SECURITY_SERVICE_ID_BASE_RID 0x00000050L #define SECURITY_RESERVED_ID_BASE_RID 0x00000051L #define SECURITY_APPPOOL_ID_BASE_RID 0x00000052L #define SECURITY_VIRTUALSERVER_ID_BASE_RID 0x00000053L #define SECURITY_USERMODEDRIVERHOST_ID_BASE_RID 0x00000054L #define SECURITY_CLOUD_INFRASTRUCTURE_SERVICES_ID_BASE_RID 0x00000055L #define SECURITY_WMIHOST_ID_BASE_RID 0x00000056L #define SECURITY_TASK_ID_BASE_RID 0x00000057L #define SECURITY_NFS_ID_BASE_RID 0x00000058L #define SECURITY_COM_ID_BASE_RID 0x00000059L #define SECURITY_MAX_BASE_RID 0x0000006FL #define SECURITY_MAX_ALWAYS_FITLERED 0x000003E7L #define SECURITY_MIN_NEVER_FILTERED 0x000003E8L #define SECURITY_OTHER_ORGANIZATION_RID 0x000003E8L #define SECURITY_WINDOWSMOBILE_ID_BASE_RID 0x00000070L #define SECURITY_MANDATORY_UNTRUSTED_RID 0x00000000L #define SECURITY_MANDATORY_LOW_RID 0x00001000L #define SECURITY_MANDATORY_MEDIUM_RID 0x00002000L #define SECURITY_MANDATORY_HIGH_RID 0x00003000L #define SECURITY_MANDATORY_SYSTEM_RID 0x00004000L #define SECURITY_MANDATORY_PROTECTED_PROCESS_RID 0x00005000L #define SECURITY_MANDATORY_MAXIMUM_USER_RID \ SECURITY_MANDATORY_SYSTEM_RID /* Relative identifier counts */ #define SECURITY_LOGON_IDS_RID_COUNT 3L #define SECURITY_NT_NON_UNIQUE_SUB_AUTH_COUNT 3L #define SECURITY_PACKAGE_RID_COUNT 2L #define SECURITY_CRED_TYPE_RID_COUNT 2L #define SECURITY_SERVICE_ID_RID_COUNT 6L #define SECURITY_APPPOOL_ID_RID_COUNT 6L #define SECURITY_VIRTUALSERVER_ID_RID_COUNT 6L #define SECURITY_USERMODEDRIVERHOST_ID_RID_COUNT 6L #define SECURITY_CLOUD_INFRASTRUCTURE_SERVICES_ID_RID_COUNT 6L #define SECURITY_WMIHOST_ID_RID_COUNT 6L #define SECURITY_VIRTUALACCOUNT_ID_RID_COUNT 6L /* ACE types */ #define ACCESS_ALLOWED_ACE_TYPE 0x00 #define ACCESS_DENIED_ACE_TYPE 0x01 #define SYSTEM_AUDIT_ACE_TYPE 0x02 #define SYSTEM_ALARM_ACE_TYPE 0x03 #define ACCESS_ALLOWED_COMPOUND_ACE_TYPE 0x04 #define ACCESS_ALLOWED_OBJECT_ACE_TYPE 0x05 #define ACCESS_DENIED_OBJECT_ACE_TYPE 0x06 #define SYSTEM_AUDIT_OBJECT_ACE_TYPE 0x07 #define SYSTEM_ALARM_OBJECT_ACE_TYPE 0x08 #define ACCESS_ALLOWED_CALLBACK_ACE_TYPE 0x09 #define ACCESS_DENIED_CALLBACK_ACE_TYPE 0x0A #define ACCESS_ALLOWED_CALLBACK_OBJECT_ACE_TYPE 0x0B #define ACCESS_DENIED_CALLBACK_OBJECT_ACE_TYPE 0x0C #define SYSTEM_AUDIT_CALLBACK_ACE_TYPE 0x0D #define SYSTEM_ALARM_CALLBACK_ACE_TYPE 0x0E #define SYSTEM_AUDIT_CALLBACK_OBJECT_ACE_TYPE 0x0F #define SYSTEM_ALARM_CALLBACK_OBJECT_ACE_TYPE 0x10 #define SYSTEM_MANDATORY_LABEL_ACE_TYPE 0x11 #define ACCESS_MIN_MS_ACE_TYPE ACCESS_ALLOWED_ACE_TYPE #define ACCESS_MAX_MS_ACE_TYPE SYSTEM_ALARM_OBJECT_ACE_TYPE #define ACCESS_MAX_MS_V2_ACE_TYPE SYSTEM_ALARM_ACE_TYPE #define ACCESS_MAX_MS_V3_ACE_TYPE ACCESS_ALLOWED_COMPOUND_ACE_TYPE #define ACCESS_MAX_MS_V4_ACE_TYPE SYSTEM_ALARM_OBJECT_ACE_TYPE #define ACCESS_MAX_MS_V5_ACE_TYPE SYSTEM_MANDATORY_LABEL_ACE_TYPE #define ACCESS_MIN_MS_OBJECT_ACE_TYPE ACCESS_ALLOWED_OBJECT_ACE_TYPE #define ACCESS_MAX_MS_OBJECT_ACE_TYPE SYSTEM_ALARM_OBJECT_ACE_TYPE /* ACE inherit flags */ #define OBJECT_INHERIT_ACE 0x01 #define CONTAINER_INHERIT_ACE 0x02 #define NO_PROPAGATE_INHERIT_ACE 0x04 #define INHERIT_ONLY_ACE 0x08 #define INHERITED_ACE 0x10 #define VALID_INHERIT_FLAGS 0x1F /* ACE flags */ #define SUCCESSFUL_ACCESS_ACE_FLAG 0x40 #define FAILED_ACCESS_ACE_FLAG 0x80 /* System mandatory label ACE access mask flags */ #define SYSTEM_MANDATORY_LABEL_NO_WRITE_UP 0x00000001L #define SYSTEM_MANDATORY_LABEL_NO_READ_UP 0x00000002L #define SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP 0x00000004L #define SYSTEM_MANDATORY_LABEL_VALID_MASK \ (SYSTEM_MANDATORY_LABEL_NO_WRITE_UP | SYSTEM_MANDATORY_LABEL_NO_READ_UP | \ SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP) /* Security descriptor control flags */ #define SE_OWNER_DEFAULTED 0x0001 #define SE_GROUP_DEFAULTED 0x0002 #define SE_DACL_PRESENT 0x0004 #define SE_DACL_DEFAULTED 0x0008 #define SE_SACL_PRESENT 0x0010 #define SE_SACL_DEFAULTED 0x0020 #define SE_DACL_AUTO_INHERIT_REQ 0x0100 #define SE_SACL_AUTO_INHERIT_REQ 0x0200 #define SE_DACL_AUTO_INHERITED 0x0400 #define SE_SACL_AUTO_INHERITED 0x0800 #define SE_DACL_PROTECTED 0x1000 #define SE_SACL_PROTECTED 0x2000 #define SE_RM_CONTROL_VALID 0x4000 #define SE_SELF_RELATIVE 0x8000 /* Object type list level values */ #define ACCESS_OBJECT_GUID 0 #define ACCESS_PROPERTY_SET_GUID 1 #define ACCESS_PROPERTY_GUID 2 #define ACCESS_MAX_LEVEL 4 /* Audit alarm flags */ #define AUDIT_ALLOW_NO_PRIVILEGE 0x00000001L /* Directory Service source and object type name */ #define ACCESS_DS_SOURCE_A "DS" #define ACCESS_DS_SOURCE_W L"DS" #define ACCESS_DS_OBJECT_TYPE_NAME_A "Directory Service Object" #define ACCESS_DS_OBJECT_TYPE_NAME_W L"Directory Service Object" /* Access reason masks */ #define ACCESS_REASON_TYPE_MASK 0xFFFF0000 #define ACCESS_REASON_DATA_MASK 0x0000FFFF /* Security descriptor flags */ #define SE_SECURITY_DESCRIPTOR_FLAG_NO_OWNER_ACE 0x00000001L #define SE_SECURITY_DESCRIPTOR_FLAG_NO_LABEL_ACE 0x00000002L #define SE_SECURITY_DESCRIPTOR_VALID_FLAGS 0x00000003L /* Token access rights */ #define TOKEN_ASSIGN_PRIMARY 0x0001L #define TOKEN_DUPLICATE 0x0002L #define TOKEN_IMPERSONATE 0x0004L #define TOKEN_QUERY 0x0008L #define TOKEN_QUERY_SOURCE 0x0010L #define TOKEN_ADJUST_PRIVILEGES 0x0020L #define TOKEN_ADJUST_GROUPS 0x0040L #define TOKEN_ADJUST_DEFAULT 0x0080L #define TOKEN_ADJUST_SESSIONID 0x0100L #define TOKEN_ALL_ACCESS \ (STANDARD_RIGHTS_REQUIRED | TOKEN_ASSIGN_PRIMARY | TOKEN_DUPLICATE | \ TOKEN_IMPERSONATE | TOKEN_QUERY | TOKEN_QUERY_SOURCE | TOKEN_ADJUST_PRIVILEGES | \ TOKEN_ADJUST_GROUPS | TOKEN_ADJUST_DEFAULT | TOKEN_ADJUST_SESSIONID) #define TOKEN_READ (STANDARD_RIGHTS_READ | TOKEN_QUERY) #define TOKEN_WRITE \ (STANDARD_RIGHTS_WRITE | TOKEN_ADJUST_PRIVILEGES | TOKEN_ADJUST_GROUPS | \ TOKEN_ADJUST_DEFAULT) #define TOKEN_EXECUTE (STANDARD_RIGHTS_EXECUTE) /* Token mandatory policy flags */ #define TOKEN_MANDATORY_POLICY_OFF 0x00000000L #define TOKEN_MANDATORY_POLICY_NO_WRITE_UP 0x00000001L #define TOKEN_MANDATORY_POLICY_NEW_PROCESS_MIN 0x00000002L #define TOKEN_MANDATORY_POLICY_VALID_MASK \ (TOKEN_MANDATORY_POLICY_NO_WRITE_UP | TOKEN_MANDATORY_POLICY_NEW_PROCESS_MIN) /* Number of token audit policy subcategories */ #define POLICY_AUDIT_SUBCATEGORY_COUNT 53 /* Length of a token source name */ #define TOKEN_SOURCE_LENGTH 8 /* Heap flags */ #define HEAP_NO_SERIALIZE 0x00000001L #define HEAP_GROWABLE 0x00000002L #define HEAP_GENERATE_EXCEPTIONS 0x00000004L #define HEAP_ZERO_MEMORY 0x00000008L #define HEAP_REALLOC_IN_PLACE_ONLY 0x00000010L #define HEAP_TAIL_CHECKING_ENABLED 0x00000020L #define HEAP_FREE_CHECKING_ENABLED 0x00000040L #define HEAP_DISABLE_COALESCE_ON_FREE 0x00000080L #define HEAP_CREATE_ALIGN_16 0x00010000L #define HEAP_CREATE_ENABLE_TRACING 0x00020000L #define HEAP_CREATE_ENABLE_EXECUTE 0x00040000L /* Heap settable user flags */ #define HEAP_SETTABLE_USER_VALUE 0x00000100L #define HEAP_SETTABLE_USER_FLAG1 0x00000200L #define HEAP_SETTABLE_USER_FLAG2 0x00000400L #define HEAP_SETTABLE_USER_FLAG3 0x00000800L #define HEAP_SETTABLE_USER_FLAGS 0x00000E00L /* Heap classes */ #define HEAP_CLASS_0 0x00000000L #define HEAP_CLASS_1 0x00001000L #define HEAP_CLASS_2 0x00002000L #define HEAP_CLASS_3 0x00003000L #define HEAP_CLASS_4 0x00004000L #define HEAP_CLASS_5 0x00005000L #define HEAP_CLASS_6 0x00006000L #define HEAP_CLASS_7 0x00007000L #define HEAP_CLASS_8 0x00008000L #define HEAP_CLASS_MASK 0x0000F000L /* RtlDuplicateUnicodeString() flags */ #define RTL_DUPLICATE_UNICODE_STRING_NULL_TERMINATE 0x00000001L #define RTL_DUPLICATE_UNICODE_STRING_ALLOCATE_NULL_STRING 0x00000002L /* Compression formats */ #define COMPRESSION_FORMAT_NONE 0x0000 #define COMPRESSION_FORMAT_DEFAULT 0x0001 #define COMPRESSION_FORMAT_LZNT1 0x0002 /* Compression engines */ #define COMPRESSION_ENGINE_STANDARD 0x0000 #define COMPRESSION_ENGINE_MAXIMUM 0x0100 #define COMPRESSION_ENGINE_HIBER 0x0200 /* System volume information folder name */ #define RTL_SYSTEM_VOLUME_INFORMATION_FOLDER L"System Volume Information" /* MSV1.0 constants */ #define MSV1_0_PACKAGE_NAME "MICROSOFT_AUTHENTICATION_PACKAGE_V1_0" #define MSV1_0_PACKAGE_NAMEW L"MICROSOFT_AUTHENTICATION_PACKAGE_V1_0" #define MSV1_0_PACKAGE_NAMEW_LENGTH \ (sizeof( MSV1_0_PACKAGE_NAMEW ) - sizeof( WCHAR )) #define MSV1_0_SUBAUTHENTICATION_KEY \ "SYSTEM\\CurrentControlSet\\Control\\Lsa\\MSV1_0" #define MSV1_0_SUBAUTHENTICATION_VALUE "Auth" /* MSV1.0 string lengths */ #define MSV1_0_CHALLENGE_LENGTH 8 #define MSV1_0_USER_SESSION_KEY_LENGTH 16 #define MSV1_0_LANMAN_SESSION_KEY_LENGTH 8 /* MSV1.0 parameter control flags */ #define MSV1_0_CLEARTEXT_PASSWORD_ALLOWED 0x00000002L #define MSV1_0_UPDATE_LOGON_STATISTICS 0x00000004L #define MSV1_0_RETURN_USER_PARAMETERS 0x00000008L #define MSV1_0_DONT_TRY_GUEST_ACCOUNT 0x00000010L #define MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT 0x00000020L #define MSV1_0_RETURN_PASSWORD_EXPIRY 0x00000040L #define MSV1_0_USE_CLIENT_CHALLENGE 0x00000080L #define MSV1_0_TRY_GUEST_ACCOUNT_ONLY 0x00000100L #define MSV1_0_RETURN_PROFILE_PATH 0x00000200L #define MSV1_0_TRY_SPECIFIED_DOMAIN_ONLY 0x00000400L #define MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT 0x00000800L #define MSV1_0_DISABLE_PERSONAL_FALLBACK 0x00001000L #define MSV1_0_ALLOW_FORCE_GUEST 0x00002000L #if (_WIN32_WINNT >= 0x0502) #define MSV1_0_CLEARTEXT_PASSWORD_SUPPLIED 0x00004000L #define MSV1_0_USE_DOMAIN_FOR_ROUTING_ONLY 0x00008000L #endif #define MSV1_0_ALLOW_MSVCHAPV2 0x00010000L #if (_WIN32_WINNT >= 0x0600) #define MSV1_0_S4U2SELF 0x00020000L #define MSV1_0_CHECK_LOGONHOURS_FOR_S4U 0x00040000L #endif #define MSV1_0_SUBAUTHENTICATION_DLL_EX 0x00100000L #define MSV1_0_SUBAUTHENTICATION_DLL 0xFF000000L #define MSV1_0_SUBAUTHENTICATION_DLL_SHIFT 24 #define MSV1_0_MNS_LOGON 0x01000000L /* MSV1.0 subauthentication DLL values */ #define MSV1_0_SUBAUTHENTICATION_DLL_RAS 2 #define MSV1_0_SUBAUTHENTICATION_DLL_IIS 132 /* MSV1.0 S4U logon flags */ #if (_WIN32_WINNT >= 0x0600) #define MSV1_0_S4U_LOGON_FLAG_CHECK_LOGONHOURS 0x00000002L #endif /* Logon user flags */ #define LOGON_USER 0x00000001L #define LOGON_NOENCRYPTION 0x00000002L #define LOGON_CACHED_ACCOUNT 0x00000004L #define LOGON_USED_LM_PASSWORD 0x00000008L #define LOGON_EXTRA_SIDS 0x00000020L #define LOGON_SUBAUTH_SESSION_KEY 0x00000040L #define LOGON_SERVER_TRUST_ACCOUNT 0x00000080L #define LOGON_NTLMV2_ENABLED 0x00000100L #define LOGON_RESOURCE_GROUPS 0x00000200L #define LOGON_PROFILE_PATH_RETURNED 0x00000400L #define LOGON_NT_V2 0x00000800L #define LOGON_LM_V2 0x00001000L #define LOGON_NTLM_V2 0x00002000L #if (_WIN32_WINNT >= 0x0600) #define LOGON_OPTIMIZED 0x00004000L #define LOGON_WINLOGON 0x00008000L #define LOGON_PKINIT 0x00010000L #define LOGON_NO_OPTIMIZED 0x00020000L #endif #define MSV1_0_SUBAUTHENTICATION_FLAGS 0xFF000000L #define LOGON_GRACE_LOGON 0x01000000L /* MSV1.0 supplemental credential constants */ #define MSV1_0_OWF_PASSWORD_LENGTH 16 #define MSV1_0_CRED_LM_PRESENT 0x00000001L #define MSV1_0_CRED_NT_PRESENT 0x00000002L #define MSV1_0_CRED_VERSION 0L /* MSV1.0 NTLM3 constants */ #define MSV1_0_NTLM3_RESPONSE_LENGTH 16 #define MSV1_0_NTLM3_OWF_LENGTH 16 #if (_WIN32_WINNT == 0x0500) #define MSV1_0_MAX_NTLM3_LIFE 1800 #else #define MSV1_0_MAX_NTLM3_LIFE 129600 #endif #define MSV1_0_MAX_AVL_SIZE 64000 /* MSV1.0 AV flags */ #if (_WIN32_WINNT >= 0x0501) #define MSV1_0_AV_FLAG_FORCE_GUEST 0x00000001L #endif #if (_WIN32_WINNT >= 0x0600) #define MSV1_0_AV_FLAG_MIC_HANDSHAKE_MESSAGES 0x00000002L #endif /* Get challenge response flags */ #define USE_PRIMARY_PASSWORD 0x00000001L #define RETURN_PRIMARY_USERNAME 0x00000002L #define RETURN_PRIMARY_LOGON_DOMAINNAME 0x00000004L #define RETURN_NON_NT_USER_SESSION_KEY 0x00000008L #define GENERATE_CLIENT_CHALLENGE 0x00000010L #define GCR_NTLM3_PARMS 0x00000020L #define GCR_TARGET_INFO 0x00000040L #define RETURN_RESERVED_PARAMETER 0x00000080L #define GCR_ALLOW_NTLM 0x00000100L #define GCR_USE_OEM_SET 0x00000200L #define GCR_MACHINE_CREDENTIAL 0x00000400L #define GCR_USE_OWF_PASSWORD 0x00000800L #define GCR_ALLOW_LM 0x00001000L #define GCR_ALLOW_NO_TARGET 0x00002000L /* File oplock request return values */ #define FILE_OPLOCK_BROKEN_TO_LEVEL_2 0x00000007L #define FILE_OPLOCK_BROKEN_TO_NONE 0x00000008L #define FILE_OPBATCH_BREAK_UNDERWAY 0x00000009L /* File change notification flags */ #define FILE_NOTIFY_CHANGE_FILE_NAME 0x00000001L #define FILE_NOTIFY_CHANGE_DIR_NAME 0x00000002L #define FILE_NOTIFY_CHANGE_NAME 0x00000003L #define FILE_NOTIFY_CHANGE_ATTRIBUTES 0x00000004L #define FILE_NOTIFY_CHANGE_SIZE 0x00000008L #define FILE_NOTIFY_CHANGE_LAST_WRITE 0x00000010L #define FILE_NOTIFY_CHANGE_LAST_ACCESS 0x00000020L #define FILE_NOTIFY_CHANGE_CREATION 0x00000040L #define FILE_NOTIFY_CHANGE_EA 0x00000080L #define FILE_NOTIFY_CHANGE_SECURITY 0x00000100L #define FILE_NOTIFY_CHANGE_STREAM_NAME 0x00000200L #define FILE_NOTIFY_CHANGE_STREAM_SIZE 0x00000400L #define FILE_NOTIFY_CHANGE_STREAM_WRITE 0x00000800L #define FILE_NOTIFY_VALID_MASK 0x00000FFFL /* File actions */ #define FILE_ACTION_ADDED 0x00000001L #define FILE_ACTION_REMOVED 0x00000002L #define FILE_ACTION_MODIFIED 0x00000003L #define FILE_ACTION_RENAMED_OLD_NAME 0x00000004L #define FILE_ACTION_RENAMED_NEW_NAME 0x00000005L #define FILE_ACTION_ADDED_STREAM 0x00000006L #define FILE_ACTION_REMOVED_STREAM 0x00000007L #define FILE_ACTION_MODIFIED_STREAM 0x00000008L #define FILE_ACTION_REMOVED_BY_DELETE 0x00000009L #define FILE_ACTION_ID_NOT_TUNNELLED 0x0000000AL #define FILE_ACTION_TUNNELLED_ID_COLLISION 0x0000000BL /* Named pipe types */ #define FILE_PIPE_BYTE_STREAM_TYPE 0x00000000L #define FILE_PIPE_MESSAGE_TYPE 0x00000001L #define FILE_PIPE_ACCEPT_REMOTE_CLIENTS 0x00000000L #define FILE_PIPE_REJECT_REMOTE_CLIENTS 0x00000002L #define FILE_PIPE_TYPE_VALID_MASK 0x00000003L /* Named pipe completion modes */ #define FILE_PIPE_QUEUE_OPERATION 0x00000000L #define FILE_PIPE_COMPLETE_OPERATION 0x00000001L /* Named pipe read modes */ #define FILE_PIPE_BYTE_STREAM_MODE 0x00000000L #define FILE_PIPE_MESSAGE_MODE 0x00000001L /* Named pipe configuration flags */ #define FILE_PIPE_INBOUND 0x00000000L #define FILE_PIPE_OUTBOUND 0x00000001L #define FILE_PIPE_FULL_DUPLEX 0x00000002L /* Named pipe state flags */ #define FILE_PIPE_DISCONNECTED_STATE 0x00000001L #define FILE_PIPE_LISTENING_STATE 0x00000002L #define FILE_PIPE_CONNECTED_STATE 0x00000003L #define FILE_PIPE_CLOSING_STATE 0x00000004L /* Named pipe end flags */ #define FILE_PIPE_CLIENT_END 0x00000000L #define FILE_PIPE_SERVER_END 0x00000001L /* File system flags */ #define FILE_CASE_SENSITIVE_SEARCH 0x00000001L #define FILE_CASE_PRESERVED_NAMES 0x00000002L #define FILE_UNICODE_ON_DISK 0x00000004L #define FILE_PERSISTENT_ACLS 0x00000008L #define FILE_FILE_COMPRESSION 0x00000010L #define FILE_VOLUME_QUOTAS 0x00000020L #define FILE_SUPPORTS_SPARSE_FILES 0x00000040L #define FILE_SUPPORTS_REPARSE_POINTS 0x00000080L #define FILE_SUPPORTS_REMOTE_STORAGE 0x00000100L #define FILE_VOLUME_IS_COMPRESSED 0x00008000L #define FILE_SUPPORTS_OBJECT_IDS 0x00010000L #define FILE_SUPPORTS_ENCRYPTION 0x00020000L #define FILE_NAMED_STREAMS 0x00040000L #define FILE_READ_ONLY_VOLUME 0x00080000L #define FILE_SEQUENTIAL_WRITE_ONCE 0x00100000L #define FILE_SUPPORTS_TRANSACTIONS 0x00200000L #define FILE_SUPPORTS_HARD_LINKS 0x00400000L #define FILE_SUPPORTS_EXTENDED_ATTRIBUTES 0x00800000L #define FILE_SUPPORTS_OPEN_BY_FILE_ID 0x01000000L #define FILE_SUPPORTS_USN_JOURNAL 0x02000000L /* File extended attribute flags */ #define FILE_NEED_EA 0x00000080L /* File extended attribute types */ #define FILE_EA_TYPE_BINARY 0xFFFE #define FILE_EA_TYPE_ASCII 0xFFFD #define FILE_EA_TYPE_BITMAP 0xFFFB #define FILE_EA_TYPE_METAFILE 0xFFFA #define FILE_EA_TYPE_ICON 0xFFF9 #define FILE_EA_TYPE_EA 0xFFEE #define FILE_EA_TYPE_MVMT 0xFFDF #define FILE_EA_TYPE_MVST 0xFFDE #define FILE_EA_TYPE_ASN1 0xFFDD #define FILE_EA_TYPE_FAMILY_IDS 0xFF01 /* File identifier global transaction directory information flags */ #define FILE_ID_GLOBAL_TX_DIR_INFO_FLAG_WRITELOCKED 0x00000001L #define FILE_ID_GLOBAL_TX_DIR_INFO_FLAG_VISIBLE_TO_TX 0x00000002L #define FILE_ID_GLOBAL_TX_DIR_INFO_FLAG_VISIBLE_OUTSIDE_TX 0x00000004L /* DOS wildcard characters */ #define ANSI_DOS_STAR '<' #define ANSI_DOS_QM '>' #define ANSI_DOS_DOT '"' #define DOS_START L'<' #define DOS_QM L'>' #define DOS_DOT L'"' /* Remote protocol flags */ #define REMOTE_PROTOCOL_FLAG_LOOPBACK 0x00000001L #define REMOTE_PROTOCOL_FLAG_OFFLINE 0x00000002L /* File system volume control flags */ #define FILE_VC_QUOTA_NONE 0x00000000L #define FILE_VC_QUOTA_TRACK 0x00000001L #define FILE_VC_QUOTA_ENFORCE 0x00000002L #define FILE_VC_QUOTA_MASK 0x00000003L #define FILE_VC_CONTENT_INDEX_DISABLED 0x00000008L #define FILE_VC_LOG_QUOTA_THRESHOLD 0x00000010L #define FILE_VC_LOG_QUOTA_LIMIT 0x00000020L #define FILE_VC_LOG_VOLUME_THRESHOLD 0x00000040L #define FILE_VC_LOG_VOLUME_LIMIT 0x00000080L #define FILE_VC_QUOTAS_INCOMPLETE 0x00000100L #define FILE_VC_QUOTAS_REBUILDING 0x00000200L #define FILE_VC_VALID_MASK 0x000003FFL /* File system control codes */ #define FSCTL_REQUEST_OPLOCK_LEVEL_1 \ CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 0, METHOD_BUFFERED, FILE_ANY_ACCESS ) #define FSCTL_REQUEST_OPLOCK_LEVEL_2 \ CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 1, METHOD_BUFFERED, FILE_ANY_ACCESS ) #define FSCTL_REQUEST_BATCH_OPLOCK \ CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 2, METHOD_BUFFERED, FILE_ANY_ACCESS ) #define FSCTL_OPLOCK_BREAK_ACKNOWLEDGE \ CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 3, METHOD_BUFFERED, FILE_ANY_ACCESS ) #define FSCTL_OPBATCH_ACK_CLOSE_PENDING \ CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 4, METHOD_BUFFERED, FILE_ANY_ACCESS ) #define FSCTL_OPLOCK_BREAK_NOTIFY \ CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 5, METHOD_BUFFERED, FILE_ANY_ACCESS ) #define FSCTL_LOCK_VOLUME \ CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 6, METHOD_BUFFERED, FILE_ANY_ACCESS ) #define FSCTL_UNLOCK_VOLUME \ CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 7, METHOD_BUFFERED, FILE_ANY_ACCESS ) #define FSCTL_DISMOUNT_VOLUME \ CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 8, METHOD_BUFFERED, FILE_ANY_ACCESS ) #define FSCTL_IS_VOLUME_MOUNTED \ CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 10, METHOD_BUFFERED, FILE_ANY_ACCESS ) #define FSCTL_IS_PATHNAME_VALID \ CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 11, METHOD_BUFFERED, FILE_ANY_ACCESS ) #define FSCTL_MARK_VOLUME_DIRTY \ CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 12, METHOD_BUFFERED, FILE_ANY_ACCESS ) #define FSCTL_QUERY_RETRIEVAL_POINTERS \ CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 14, METHOD_NEITHER, FILE_ANY_ACCESS ) #define FSCTL_GET_COMPRESSION \ CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 15, METHOD_BUFFERED, FILE_ANY_ACCESS ) #define FSCTL_SET_COMPRESSION \ CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 16, METHOD_BUFFERED, FILE_READ_DATA | \ FILE_WRITE_DATA ) #define FSCTL_SET_BOOTLOADER_ACCESSED \ CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 19, METHOD_NEITHER, FILE_ANY_ACCESS ) #define FSCTL_OPLOCK_BREAK_ACK_NO_2 \ CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 20, METHOD_BUFFERED, FILE_ANY_ACCESS ) #define FSCTL_INVALIDATE_VOLUMES \ CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 21, METHOD_BUFFERED, FILE_ANY_ACCESS ) #define FSCTL_QUERY_FAT_BPB \ CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 22, METHOD_BUFFERED, FILE_ANY_ACCESS ) #define FSCTL_REQUEST_FILTER_OPLOCK \ CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 23, METHOD_BUFFERED, FILE_ANY_ACCESS ) #define FSCTL_FILESYSTEM_GET_STATISTICS \ CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 24, METHOD_BUFFERED, FILE_ANY_ACCESS ) #if (_WIN32_WINNT >= 0x0400) #define FSCTL_GET_NTFS_VOLUME_DATA \ CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 25, METHOD_BUFFERED, FILE_ANY_ACCESS ) #define FSCTL_GET_NTFS_FILE_RECORD \ CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 26, METHOD_BUFFERED, FILE_ANY_ACCESS ) #define FSCTL_GET_VOLUME_BITMAP \ CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 27, METHOD_NEITHER, FILE_ANY_ACCESS ) #define FSCTL_GET_RETRIEVAL_POINTERS \ CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 28, METHOD_NEITHER, FILE_ANY_ACCESS ) #define FSCTL_MOVE_FILE \ CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 29, METHOD_BUFFERED, FILE_SPECIAL_ACCESS ) #define FSCTL_IS_VOLUME_DIRTY \ CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 30, METHOD_BUFFERED, FILE_ANY_ACCESS ) #define FSCTL_ALLOW_EXTENDED_DASD_IO \ CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 32, METHOD_NEITHER, FILE_ANY_ACCESS ) #endif #if (_WIN32_WINNT >= 0x0500) #define FSCTL_FIND_FILES_BY_SID \ CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 35, METHOD_NEITHER, FILE_ANY_ACCESS ) #define FSCTL_SET_OBJECT_ID \ CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 38, METHOD_BUFFERED, FILE_SPECIAL_ACCESS ) #define FSCTL_GET_OBJECT_ID \ CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 39, METHOD_BUFFERED, FILE_ANY_ACCESS ) #define FSCTL_DELETE_OBJECT_ID \ CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 40, METHOD_BUFFERED, FILE_SPECIAL_ACCESS ) #define FSCTL_SET_REPARSE_POINT \ CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 41, METHOD_BUFFERED, FILE_SPECIAL_ACCESS ) #define FSCTL_GET_REPARSE_POINT \ CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 42, METHOD_BUFFERED, FILE_ANY_ACCESS ) #define FSCTL_DELETE_REPARSE_POINT \ CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 43, METHOD_BUFFERED, FILE_SPECIAL_ACCESS ) #define FSCTL_ENUM_USN_DATA \ CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 44, METHOD_NEITHER, FILE_ANY_ACCESS ) #define FSCTL_SECURITY_ID_CHECK \ CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 45, METHOD_NEITHER, FILE_READ_DATA ) #define FSCTL_READ_USN_JOURNAL \ CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 46, METHOD_NEITHER, FILE_ANY_ACCESS ) #define FSCTL_SET_OBJECT_ID_EXTENDED \ CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 47, METHOD_BUFFERED, FILE_SPECIAL_ACCESS ) #define FSCTL_CREATE_OR_GET_OBJECT_ID \ CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 48, METHOD_BUFFERED, FILE_ANY_ACCESS ) #define FSCTL_SET_SPARSE \ CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 49, METHOD_BUFFERED, FILE_SPECIAL_ACCESS ) #define FSCTL_SET_ZERO_DATA \ CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 50, METHOD_BUFFERED, FILE_WRITE_DATA ) #define FSCTL_QUERY_ALLOCATED_RANGES \ CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 51, METHOD_NEITHER, FILE_READ_DATA ) #define FSCTL_ENABLE_UPGRADE \ CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 52, METHOD_BUFFERED, FILE_WRITE_DATA ) #define FSCTL_SET_ENCRYPTION \ CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 53, METHOD_NEITHER, FILE_ANY_ACCESS ) #define FSCTL_ENCRYPTION_FSCTL_IO \ CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 54, METHOD_NEITHER, FILE_ANY_ACCESS ) #define FSCTL_WRITE_RAW_ENCRYPTED \ CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 55, METHOD_NEITHER, FILE_SPECIAL_ACCESS ) #define FSCTL_READ_RAW_ENCRYPTED \ CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 56, METHOD_NEITHER, FILE_SPECIAL_ACCESS ) #define FSCTL_CREATE_USN_JOURNAL \ CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 57, METHOD_NEITHER, FILE_ANY_ACCESS ) #define FSCTL_READ_FILE_USN_DATA \ CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 58, METHOD_NEITHER, FILE_ANY_ACCESS ) #define FSCTL_WRITE_USN_CLOSE_RECORD \ CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 59, METHOD_NEITHER, FILE_ANY_ACCESS ) #define FSCTL_EXTEND_VOLUME \ CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 60, METHOD_BUFFERED, FILE_ANY_ACCESS ) #define FSCTL_QUERY_USN_JOURNAL \ CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 61, METHOD_BUFFERED, FILE_ANY_ACCESS ) #define FSCTL_DELETE_USN_JOURNAL \ CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 62, METHOD_BUFFERED, FILE_ANY_ACCESS ) #define FSCTL_MARK_HANDLE \ CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 63, METHOD_BUFFERED, FILE_ANY_ACCESS ) #define FSCTL_SIS_COPYFILE \ CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 64, METHOD_BUFFERED, FILE_ANY_ACCESS ) #define FSCTL_SIS_LINK_FILES \ CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 65, METHOD_BUFFERED, FILE_READ_DATA | \ FILE_WRITE_DATA ) #define FSCTL_RECALL_FILE \ CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 69, METHOD_NEITHER, FILE_ANY_ACCESS ) #define FSCTL_READ_FROM_PLEX \ CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 71, METHOD_OUT_DIRECT, FILE_READ_DATA ) #define FSCTL_FILE_PREFETCH \ CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 72, METHOD_BUFFERED, FILE_SPECIAL_ACCESS ) #endif #if (_WIN32_WINNT >= 0x0600) #define FSCTL_MAKE_MEDIA_COMPATIBLE \ CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 76, METHOD_BUFFERED, FILE_WRITE_DATA ) #define FSCTL_SET_DEFECT_MANAGEMENT \ CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 77, METHOD_BUFFERED, FILE_WRITE_DATA ) #define FSCTL_QUERY_SPARING_INFO \ CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 78, METHOD_BUFFERED, FILE_ANY_ACCESS ) #define FSCTL_QUERY_ON_DISK_VOLUME_INFO \ CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 79, METHOD_BUFFERED, FILE_ANY_ACCESS ) #define FSCTL_SET_VOLUME_COMPRESSION_STATE \ CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 80, METHOD_BUFFERED, FILE_SPECIAL_ACCESS ) #define FSCTL_TXFS_MODIFY_RM \ CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 81, METHOD_BUFFERED, FILE_WRITE_DATA ) #define FSCTL_TXFS_QUERY_RM_INFORMATION \ CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 82, METHOD_BUFFERED, FILE_READ_DATA ) #define FSCTL_TXFS_ROLLFORWARD_REDO \ CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 84, METHOD_BUFFERED, FILE_WRITE_DATA ) #define FSCTL_TXFS_ROLLFORWARD_UNDO \ CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 85, METHOD_BUFFERED, FILE_WRITE_DATA ) #define FSCTL_TXFS_START_RM \ CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 86, METHOD_BUFFERED, FILE_WRITE_DATA ) #define FSCTL_TXFS_SHUTDOWN_RM \ CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 87, METHOD_BUFFERED, FILE_WRITE_DATA ) #define FSCTL_TXFS_READ_BACKUP_INFORMATION \ CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 88, METHOD_BUFFERED, FILE_READ_DATA ) #define FSCTL_TXFS_WRITE_BACKUP_INFORMATION \ CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 89, METHOD_BUFFERED, FILE_WRITE_DATA ) #define FSCTL_TXFS_CREATE_SECONDARY_RM \ CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 90, METHOD_BUFFERED, FILE_WRITE_DATA ) #define FSCTL_TXFS_GET_METADATA_INFO \ CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 91, METHOD_BUFFERED, FILE_READ_DATA ) #define FSCTL_TXFS_GET_TRANSACTED_VERSION \ CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 92, METHOD_BUFFERED, FILE_READ_DATA ) #define FSCTL_TXFS_SAVEPOINT_INFORMATION \ CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 94, METHOD_BUFFERED, FILE_WRITE_DATA ) #define FSCTL_TXFS_CREATE_MINIVERSION \ CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 95, METHOD_BUFFERED, FILE_WRITE_DATA ) #define FSCTL_TXFS_TRANSACTION_ACTIVE \ CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 99, METHOD_BUFFERED, FILE_READ_DATA ) #define FSCTL_SET_ZERO_ON_DEALLOCATION \ CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 101, METHOD_BUFFERED, FILE_SPECIAL_ACCESS ) #define FSCTL_SET_REPAIR \ CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 102, METHOD_BUFFERED, FILE_ANY_ACCESS ) #define FSCTL_GET_REPAIR \ CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 103, METHOD_BUFFERED, FILE_ANY_ACCESS ) #define FSCTL_WAIT_FOR_REPAIR \ CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 104, METHOD_BUFFERED, FILE_ANY_ACCESS ) #define FSCTL_INITIATE_REPAIR \ CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 106, METHOD_BUFFERED, FILE_ANY_ACCESS ) #define FSCTL_CSC_INTERNAL \ CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 107, METHOD_NEITHER, FILE_ANY_ACCESS ) #define FSCTL_SHRINK_VOLUME \ CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 108, METHOD_BUFFERED, FILE_SPECIAL_ACCESS ) #define FSCTL_SET_SHORT_NAME_BEHAVIOR \ CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 109, METHOD_BUFFERED, FILE_ANY_ACCESS ) #define FSCTL_DFSR_SET_GHOST_HANDLE_STATE \ CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 110, METHOD_BUFFERED, FILE_ANY_ACCESS ) #define FSCTL_TXFS_LIST_TRANSACTION_LOCKED_FILES \ CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 120, METHOD_BUFFERED, FILE_READ_DATA ) #define FSCTL_TXFS_LIST_TRANSACTIONS \ CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 121, METHOD_BUFFERED, FILE_READ_DATA ) #define FSCTL_QUERY_PAGEFILE_ENCRYPTION \ CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 122, METHOD_BUFFERED, FILE_ANY_ACCESS ) #define FSCTL_RESET_VOLUME_ALLOCATION_HINTS \ CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 123, METHOD_BUFFERED, FILE_ANY_ACCESS ) #endif #if (_WIN32_WINNT >= 0x0601) #define FSCTL_QUERY_DEPENDENT_VOLUME \ CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 124, METHOD_BUFFERED, FILE_ANY_ACCESS ) #define FSCTL_SD_GLOBAL_CHANGE \ CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 125, METHOD_BUFFERED, FILE_ANY_ACCESS ) #endif #if (_WIN32_WINNT >= 0x0600) #define FSCTL_TXFS_READ_BACKUP_INFORMATION2 \ CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 126, METHOD_BUFFERED, FILE_ANY_ACCESS ) #endif #if (_WIN32_WINNT >= 0x0601) #define FSCTL_LOOKUP_STREAM_FROM_CLUSTER \ CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 127, METHOD_BUFFERED, FILE_ANY_ACCESS ) #define FSCTL_TXFS_WRITE_BACKUP_INFORMATION2 \ CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 128, METHOD_BUFFERED, FILE_ANY_ACCESS ) #define FSCTL_FILE_TYPE_NOTIFICATION \ CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 129, METHOD_BUFFERED, FILE_ANY_ACCESS ) #define FSCTL_GET_BOOT_AREA_INFO \ CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 140, METHOD_BUFFERED, FILE_ANY_ACCESS ) #define FSCTL_GET_RETRIEVAL_POINTER_BASE \ CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 141, METHOD_BUFFERED, FILE_ANY_ACCESS ) #define FSCTL_SET_PERSISTENT_VOLUME_STATE \ CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 142, METHOD_BUFFERED, FILE_ANY_ACCESS ) #define FSCTL_QUERY_PERSISTENT_VOLUME_STATE \ CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 143, METHOD_BUFFERED, FILE_ANY_ACCESS ) #define FSCTL_REQUEST_OPLOCK \ CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 144, METHOD_BUFFERED, FILE_ANY_ACCESS ) #define FSCTL_CSV_TUNNEL_REQUEST \ CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 145, METHOD_BUFFERED, FILE_ANY_ACCESS ) #define FSCTL_IS_CSV_FILE \ CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 146, METHOD_BUFFERED, FILE_ANY_ACCESS ) #define FSCTL_QUERY_FILE_SYSTEM_RECOGNITION \ CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 147, METHOD_BUFFERED, FILE_ANY_ACCESS ) #define FSCTL_CSV_GET_VOLUME_PATH_NAME \ CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 148, METHOD_BUFFERED, FILE_ANY_ACCESS ) #define FSCTL_CSV_GET_VOLUME_NAME_FOR_VOLUME_MOUNT_POINT \ CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 149, METHOD_BUFFERED, FILE_ANY_ACCESS ) #define FSCTL_CSV_GET_VOLUME_PATH_NAMES_FOR_VOLUME_NAME \ CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 150, METHOD_BUFFERED, FILE_ANY_ACCESS ) #define FSCTL_IS_FILE_ON_CSV_VOLUME \ CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 151, METHOD_BUFFERED, FILE_ANY_ACCESS ) #endif #define FSCTL_MARK_AS_SYSTEM_HIVE FSCTL_SET_BOOTLOADER_ACCESSED /* USN reasons */ #if (_WIN32_WINNT >= 0x0500) #define USN_REASON_DATA_OVERWRITE 0x00000001L #define USN_REASON_DATA_EXTEND 0x00000002L #define USN_REASON_DATA_TRUNCATION 0x00000004L #define USN_REASON_NAMED_DATA_OVERWRITE 0x00000010L #define USN_REASON_NAMED_DATA_EXTEND 0x00000020L #define USN_REASON_NAMED_DATA_TRUNCATION 0x00000040L #define USN_REASON_FILE_CREATE 0x00000100L #define USN_REASON_FILE_DELETE 0x00000200L #define USN_REASON_EA_CHANGE 0x00000400L #define USN_REASON_SECURITY_CHANGE 0x00000800L #define USN_REASON_RENAME_OLD_NAME 0x00001000L #define USN_REASON_RENAME_NEW_NAME 0x00002000L #define USN_REASON_INDEXABLE_CHANGE 0x00004000L #define USN_REASON_BASIC_INFO_CHANGE 0x00008000L #define USN_REASON_HARD_LINK_CHANGE 0x00010000L #define USN_REASON_COMPRESSION_CHANGE 0x00020000L #define USN_REASON_ENCRYPTION_CHANGE 0x00040000L #define USN_REASON_OBJECT_ID_CHANGE 0x00080000L #define USN_REASON_REPARSE_POINT_CHANGE 0x00100000L #define USN_REASON_STREAM_CHANGE 0x00200000L #define USN_REASON_TRANSACTED_CHANGE 0x00400000L #define USN_REASON_CLOSE 0x80000000L #endif /* FSCTL_DELETE_USN_JOURNAL flags */ #if (_WIN32_WINNT >= 0x0500) #define USN_DELETE_FLAG_DELETE 0x00000001L #define USN_DELETE_FLAG_NOTIFY 0x00000002L #define USN_DELETE_VALID_FLAGS 0x00000003L #endif /* FSCTL_MARK_HANDLE source information flags */ #if (_WIN32_WINNT >= 0x0500) #define USN_SOURCE_DATA_MANAGEMENT 0x00000001L #define USN_SOURCE_AUXILIARY_DATA 0x00000002L #define USN_SOURCE_REPLICATION_MANAGEMENT 0x00000004L #endif /* FSCTL_MARK_HANDLE handle information flags */ #if (_WIN32_WINNT >= 0x0500) #define MARK_HANDLE_PROTECT_CLUSTERS 0x00000001L #define MARK_HANDLE_TXF_SYSTEM_LOG 0x00000004L #define MARK_HANDLE_NOT_TXF_SYSTEM_LOG 0x00000008L #endif #if (_WIN32_WINNT >= 0x0601) #define MARK_HANDLE_REALTIME 0x00000020L #define MARK_HANDLE_NOT_REALTIME 0x00000040L #endif /* 8.3 name flags */ #if (_WIN32_WINNT >= 0x0601) #define NO_8DOT3_NAME_PRESENT 0x00000001L #define REMOVED_8DOT3_NAME 0x00000002L #endif /* Persistent volume states */ #if (_WIN32_WINNT >= 0x0601) #define PERSISTENT_VOLUME_STATE_SHORT_NAME_CREATION_DISABLED 0x00000001L #endif /* FSCTL_IS_VOLUME_DIRTY returned flags */ #if (_WIN32_WINNT >= 0x0500) #define VOLUME_IS_DIRTY 0x00000001L #define VOLUME_UPGRADE_SCHEDULED 0x00000002L #define VOLUME_SESSION_OPEN 0x00000004L #endif /* File prefetch types */ #if (_WIN32_WINNT >= 0x0500) #define FILE_PREFETCH_TYPE_FOR_CREATE 0x00000001L #define FILE_PREFETCH_TYPE_FOR_DIRENUM 0x00000002L #define FILE_PREFETCH_TYPE_FOR_CREATE_EX 0x00000003L #define FILE_PREFETCH_TYPE_FOR_DIRENUM_EX 0x00000004L #define FILE_PREFETCH_TYPE_MAX 0x00000004L #endif /* File system types */ #define FILESYSTEM_STATISTICS_TYPE_NTFS 1 #define FILESYSTEM_STATISTICS_TYPE_FAT 2 #define FILESYSTEM_STATISTICS_TYPE_EXFAT 3 /* Encryption operations */ #if (_WIN32_WINNT >= 0x0500) #define FILE_SET_ENCRYPTION 0x00000001L #define FILE_CLEAR_ENCRYPTION 0x00000002L #define STREAM_SET_ENCRYPTION 0x00000003L #define STREAM_CLEAR_ENCRYPTION 0x00000004L #define MAXIMUM_ENCRYPTION_VALUE 0x00000004L #endif /* Compression formats */ #if (_WIN32_WINNT >= 0x0500) #define COMPRESSION_FORMAT_SPARSE 0x4000 #endif /* FSCTL_SIS_COPYFILE flags */ #if (_WIN32_WINNT >= 0x0500) #define COPYFILE_SIS_LINK 0x00000001L #define COPYFILE_SIS_REPLACE 0x00000002L #define COPYFILE_SIS_FLAGS 0x00000003L #endif /* FSCTL_SET_REPAIR flags */ #if (_WIN32_WINNT >= 0x0600) #define SET_REPAIR_ENABLED 0x00000001L #define SET_REPAIR_VOLUME_BITMAP_SCAN 0x00000002L #define SET_REPAIR_DELETE_CROSSLINK 0x00000004L #define SET_REPAIR_WARN_ABOUT_DATA_LOSS 0x00000008L #define SET_REPAIR_DISABLED_AND_BUGCHECK_ON_CORRUPT 0x00000010L #define SET_REPAIR_VALID_MASK 0x0000000FL #endif /* TXFS flags */ #if (_WIN32_WINNT >= 0x0600) #define TXFS_RM_FLAG_LOGGING_MODE 0x00000001L #define TXFS_RM_FLAG_RENAME_RM 0x00000002L #define TXFS_RM_FLAG_LOG_CONTAINER_COUNT_MAX 0x00000004L #define TXFS_RM_FLAG_LOG_CONTAINER_COUNT_MIN 0x00000008L #define TXFS_RM_FLAG_LOG_GROWTH_INCREMENT_NUM_CONTAINERS 0x00000010L #define TXFS_RM_FLAG_LOG_GROWTH_INCREMENT_PERCENT 0x00000020L #define TXFS_RM_FLAG_LOG_AUTO_SHRINK_PERCENTAGE 0x00000040L #define TXFS_RM_FLAG_LOG_NO_CONTAINER_COUNT_MAX 0x00000080L #define TXFS_RM_FLAG_LOG_NO_CONTAINER_COUNT_MIN 0x00000100L #define TXFS_RM_FLAG_GROW_LOG 0x00000400L #define TXFS_RM_FLAG_SHRINK_LOG 0x00000800L #define TXFS_RM_FLAG_ENFORCE_MINIMUM_SIZE 0x00001000L #define TXFS_RM_FLAG_PRESERVE_CHANGES 0x00002000L #define TXFS_RM_FLAG_RESET_RM_AT_NEXT_START 0x00004000L #define TXFS_RM_FLAG_DO_NOT_RESET_RM_AT_NEXT_START 0x00008000L #define TXFS_RM_FLAG_PREFER_CONSISTENCY 0x00010000L #define TXFS_RM_FLAG_PREFER_AVAILABILITY 0x00020000L #define TXFS_MODIFY_RM_VALID_FLAGS \ (TXFS_RM_FLAG_LOGGING_MODE | TXFS_RM_FLAG_RENAME_RM | \ TXFS_RM_FLAG_LOG_CONTAINER_COUNT_MAX | TXFS_RM_FLAG_LOG_CONTAINER_COUNT_MIN | \ TXFS_RM_FLAG_LOG_GROWTH_INCREMENT_NUM_CONTAINERS | \ TXFS_RM_FLAG_LOG_GROWTH_INCREMENT_PERCENT | \ TXFS_RM_FLAG_LOG_AUTO_SHRINK_PERCENTAGE | \ TXFS_RM_FLAG_LOG_NO_CONTAINER_COUNT_MAX | \ TXFS_RM_FLAG_LOG_NO_CONTAINER_COUNT_MIN | TXFS_RM_FLAG_GROW_LOG | \ TXFS_RM_FLAG_SHRINK_LOG | TXFS_RM_FLAG_ENFORCE_MINIMUM_SIZE | \ TXFS_RM_FLAG_PRESERVE_CHANGES | TXFS_RM_FLAG_RESET_RM_AT_NEXT_START | \ TXFS_RM_FLAG_DO_NOT_RESET_RM_AT_NEXT_START | TXFS_RM_FLAG_PREFER_CONSISTENCY | \ TXFS_RM_FLAG_PREFER_AVAILABILITY) #define TXFS_QUERY_RM_INFORMATION_VALID_FLAGS \ (TXFS_RM_FLAG_LOG_GROWTH_INCREMENT_NUM_CONTAINERS | \ TXFS_RM_FLAG_LOG_GROWTH_INCREMENT_PERCENT | \ TXFS_RM_FLAG_LOG_NO_CONTAINER_COUNT_MAX | \ TXFS_RM_FLAG_LOG_NO_CONTAINER_COUNT_MIN | \ TXFS_RM_FLAG_RESET_RM_AT_NEXT_START | \ TXFS_RM_FLAG_DO_NOT_RESET_RM_AT_NEXT_START | TXFS_RM_FLAG_PREFER_CONSISTENCY | \ TXFS_RM_FLAG_PREFER_AVAILABILITY) #endif /* TXFS logging modes */ #if (_WIN32_WINNT >= 0x0600) #define TXFS_LOGGING_MODE_SIMPLE 0x0001 #define TXFS_LOGGING_MODE_FULL 0x0002 #endif /* TXFS transaction states */ #if (_WIN32_WINNT >= 0x0600) #define TXFS_TRANSACTION_STATE_NONE 0x00 #define TXFS_TRANSACTION_STATE_ACTIVE 0x01 #define TXFS_TRANSACTION_STATE_PREPARED 0x02 #define TXFS_TRANSACTION_STATE_NOTACTIVE 0x03 #endif /* TXFS RM states */ #if (_WIN32_WINNT >= 0x0600) #define TXFS_RM_STATE_NOT_STARTED 0 #define TXFS_RM_STATE_STARTING 1 #define TXFS_RM_STATE_ACTIVE 2 #define TXFS_RM_STATE_SHUTTING_DOWN 3 #endif /* FSCTL_TXFS_ROLLFORWARD_REDO flags */ #if (_WIN32_WINNT >= 0x0600) #define TXFS_ROLLFORWARD_REDO_FLAG_USE_LAST_REDO_LSN 0x00000001L #define TXFS_ROLLFORWARD_REDO_FLAG_USE_LAST_VIRTUAL_CLOCK 0x00000002L #define TXFS_ROLLFORWARD_REDO_VALID_FLAGS \ (TXFS_ROLLFORWARD_REDO_FLAG_USE_LAST_REDO_LSN | \ TXFS_ROLLFORWARD_REDO_FLAG_USE_LAST_VIRTUAL_CLOCK) #endif /* FSCTL_TXFS_START_RM flags */ #if (_WIN32_WINNT >= 0x0600) #define TXFS_START_RM_FLAG_LOG_CONTAINER_COUNT_MAX 0x00000001L #define TXFS_START_RM_FLAG_LOG_CONTAINER_COUNT_MIN 0x00000002L #define TXFS_START_RM_FLAG_LOG_CONTAINER_SIZE 0x00000004L #define TXFS_START_RM_FLAG_LOG_GROWTH_INCREMENT_NUM_CONTAINERS 0x00000008L #define TXFS_START_RM_FLAG_LOG_GROWTH_INCREMENT_PERCENT 0x00000010L #define TXFS_START_RM_FLAG_LOG_AUTO_SHRINK_PERCENTAGE 0x00000020L #define TXFS_START_RM_FLAG_LOG_NO_CONTAINER_COUNT_MAX 0x00000040L #define TXFS_START_RM_FLAG_LOG_NO_CONTAINER_COUNT_MIN 0x00000080L #define TXFS_START_RM_FLAG_RECOVER_BEST_EFFORT 0x00000200L #define TXFS_START_RM_FLAG_LOGGING_MODE 0x00000400L #define TXFS_START_RM_FLAG_PRESERVE_CHANGES 0x00000800L #define TXFS_START_RM_FLAG_PREFER_CONSISTENCY 0x00001000L #define TXFS_START_RM_FLAG_PREFER_AVAILABILITY 0x00002000L #define TXFS_START_RM_VALID_FLAG \ (TXFS_START_RM_FLAG_LOG_CONTAINER_COUNT_MAX | \ TXFS_START_RM_FLAG_LOG_CONTAINER_COUNT_MIN | \ TXFS_START_RM_FLAG_LOG_CONTAINER_SIZE | \ TXFS_START_RM_FLAG_LOG_GROWTH_INCREMENT_NUM_CONTAINERS | \ TXFS_START_RM_FLAG_LOG_GROWTH_INCREMENT_PERCENT | \ TXFS_START_RM_FLAG_LOG_AUTO_SHRINK_PERCENTAGE | \ TXFS_START_RM_FLAG_LOG_NO_CONTAINER_COUNT_MAX | \ TXFS_START_RM_FLAG_LOG_NO_CONTAINER_COUNT_MIN | \ TXFS_START_RM_FLAG_RECOVER_BEST_EFFORT | \ TXFS_START_RM_FLAG_LOGGING_MODE | TXFS_START_RM_FLAG_PRESERVE_CHANGES | \ TXFS_START_RM_FLAG_PREFER_CONSISTENCY | TXFS_START_RM_FLAG_PREFER_AVAILABILITY) #endif /* FSCTL_TXFS_LIST_TRANSACTION_LOCKED_FILES entry flags */ #if (_WIN32_WINNT >= 0x0600) #define TXFS_LIST_TRANSACTION_LOCKED_FILES_ENTRY_FLAG_CREATED 0x00000001L #define TXFS_LIST_TRANSACTION_LOCKED_FILES_ENTRY_FLAG_DELETED 0x00000002L #endif /* FSCTL_TXFS_GET_TRANSACTED_VERSION special values */ #if (_WIN32_WINNT >= 0x0600) #define TXFS_TRANSACTED_VERSION_NONTRANSACTED 0xFFFFFFFEL #define TXFS_TRANSACTED_VERSION_UNCOMMITTED 0xFFFFFFFFL #endif /* TXFS savepoint flags */ #if (_WIN32_WINNT >= 0x0600) #define TXFS_SAVEPOINT_SET 0x00000001L #define TXFS_SAVEPOINT_ROLLBACK 0x00000002L #define TXFS_SAVEPOINT_CLEAR 0x00000004L #define TXFS_SAVEPOINT_CLEAR_ALL 0x00000010L #endif /* Oplock levels */ #if (_WIN32_WINNT >= 0x0601) #define OPLOCK_LEVEL_CACHE_READ 0x00000001L #define OPLOCK_LEVEL_CACHE_HANDLE 0x00000002L #define OPLOCK_LEVEL_CACHE_WRITE 0x00000004L #endif /* FSCTL_REQUEST_OPLOCK input flags */ #if (_WIN32_WINNT >= 0x0601) #define REQUEST_OPLOCK_INPUT_FLAG_REQUEST 0x00000001L #define REQUEST_OPLOCK_INPUT_FLAG_ACK 0x00000002L #define REQUEST_OPLOCK_INPUT_FLAG_COMPLETE_ACK_ON_CLOSE 0x00000004L #endif /* FSCTL_REQUEST_OPLOCK output flags */ #if (_WIN32_WINNT >= 0x0601) #define REQUEST_OPLOCK_OUTPUT_FLAG_ACK_REQUIRED 0x00000001L #define REQUEST_OPLOCK_OUTPUT_FLAG_MODES_PROVIDED 0x00000002L #endif /* FSCTL_REQUEST_OPLOCK parameters revision number */ #if (_WIN32_WINNT >= 0x0601) #define REQUEST_OPLOCK_CURRENT_VERSION 1 #endif /* FSCTL_SD_GLOBAL_CHANGE types */ #if (_WIN32_WINNT >= 0x0601) #define SD_GLOBAL_CHANGE_TYPE_MACHINE_SID 1L #endif /* Extended encrypted data information flags */ #if (_WIN32_WINNT >= 0x0601) #define ENCRYPTED_DATA_INFO_SPARSE_FILE 1L #endif /* FSCTL_LOOKUP_STREAM_FROM_CLUSTER entry flags */ #if (_WIN32_WINNT >= 0x0601) #define LOOKUP_STREAM_FROM_CLUSTER_ENTRY_FLAG_PAGE_FILE 0x00000001L #define LOOKUP_STREAM_FROM_CLUSTER_ENTRY_FLAG_DENY_DEFRAG_SET 0x00000002L #define LOOKUP_STREAM_FROM_CLUSTER_ENTRY_FLAG_FS_SYSTEM_FILE 0x00000004L #define LOOKUP_STREAM_FROM_CLUSTER_ENTRY_FLAG_TXF_SYSTEM_FILE 0x00000008L #define LOOKUP_STREAM_FROM_CLUSTER_ENTRY_ATTRIBUTE_MASK 0xFF000000L #define LOOKUP_STREAM_FROM_CLUSTER_ENTRY_ATTRIBUTE_DATA 0x01000000L #define LOOKUP_STREAM_FROM_CLUSTER_ENTRY_ATTRIBUTE_INDEX 0x02000000L #define LOOKUP_STREAM_FROM_CLUSTER_ENTRY_ATTRIBUTE_SYSTEM 0x03000000L #endif /* FSCTL_FILE_TYPE_NOTIFICATION flags */ #if (_WIN32_WINNT >= 0x0601) #define FILE_TYPE_NOTIFICATION_FLAG_USAGE_BEGIN 0x00000001L #define FILE_TYPE_NOTIFICATION_FLAG_USAGE_END 0x00000002L #endif /* Symbolic link flags */ #define SYMLINK_FLAG_RELATIVE 1L /* Reparse tags */ #define IO_REPARSE_TAG_MOUNT_POINT 0xA0000003L #define IO_REPARSE_TAG_HSM 0xC0000004L #define IO_REPARSE_TAG_DRIVE_EXTENDER 0x80000005L #define IO_REPARSE_TAG_HSM2 0x80000006L #define IO_REPARSE_TAG_SIS 0x80000007L #define IO_REPARSE_TAG_WIM 0x80000008L #define IO_REPARSE_TAG_CSV 0x80000009L #define IO_REPARSE_TAG_DFS 0x8000000AL #define IO_REPARSE_TAG_SYMLINK 0x8000000CL #define IO_REPARSE_TAG_DFSR 0x80000012L #define IO_REPARSE_TAG_IFSTEST_CONGRUENT 0x00000009L #define IO_REPARSE_TAG_MOONWALK_HSM 0x0000000AL #define IO_REPARSE_TAG_TSINGHUA_UNIVERSITY_RESEARCH 0x0000000BL #define IO_REPARSE_TAG_ARKIVIO 0x0000000CL #define IO_REPARSE_TAG_SOLUTIONSOFT 0x2000000DL #define IO_REPARSE_TAG_COMMVAULT 0x0000000EL #define IO_REPARSE_TAG_OVERTONE 0x0000000FL #define IO_REPARSE_TAG_SYMANTEC_HSM2 0x00000010L #define IO_REPARSE_TAG_ENIGMA_HSM 0x00000011L #define IO_REPARSE_TAG_SYMANTEC_HSM 0x00000012L #define IO_REPARSE_TAG_INTERCOPE_HSM 0x00000013L #define IO_REPARSE_TAG_KOM_NETWORKS_HSM 0x00000014L #define IO_REPARSE_TAG_MEMORY_TECH_HSM 0x00000015L #define IO_REPARSE_TAG_BRIDGEHEAD_HSM 0x00000016L #define IO_REPARSE_TAG_OSR_SAMPLE 0x20000017L #define IO_REPARSE_TAG_GLOBAL360_HSM 0x00000018L #define IO_REPARSE_TAG_ALTIRIS_HSM 0x00000019L #define IO_REPARSE_TAG_HERMES_HSM 0x0000001AL #define IO_REPARSE_TAG_POINTSOFT_HSM 0x0000001BL #define IO_REPARSE_TAG_GRAU_DATASTORAGE_HSM 0x0000001CL #define IO_REPARSE_TAG_COMMVAULT_HSM 0x0000001DL #define IO_REPARSE_TAG_DATASTOR_SIS 0x0000001EL #define IO_REPARSE_TAG_TAG_EDSI_HSM 0x0000001FL #define IO_REPARSE_TAG_HP_HSM 0x00000020L #define IO_REPARSE_TAG_SER_HSM 0x00000021L #define IO_REPARSE_TAG_DOUBLE_TAKE_HSM 0x00000022L #define IO_REPARSE_TAG_WISDATA_HSM 0x00000023L #define IO_REPARSE_TAG_MIMOSA_HSM 0x00000024L #define IO_REPARSE_TAG_HSAG_HSM 0x00000025L #define IO_REPARSE_TAG_ADA_HSM 0x00000026L #define IO_REPARSE_TAG_AUTN_HSM 0x00000027L #define IO_REPARSE_TAG_NEXSAN_HSM 0x00000028L #define IO_REPARSE_TAG_DOUBLE_TAKE_SIS 0x00000029L #define IO_REPARSE_TAG_SONY_HSM 0x0000002AL #define IO_REPARSE_TAG_ELTAN_HSM 0x0000002BL #define IO_REPARSE_TAG_UTIXO_HSM 0x0000002CL #define IO_REPARSE_TAG_QUEST_HSM 0x0000002DL #define IO_REPARSE_TAG_DATAGLOBAL_HSM 0x0000002EL #define IO_REPARSE_TAG_QI_TECH_HSM 0x0000002FL #define IO_REPARSE_TAG_DATAFIRST_HSM 0x00000030L #define IO_REPARSE_TAG_C2CSYSTEMS_HSM 0x00000031L /* Network file system control codes */ #define FSCTL_LMR_GET_LINK_TRACKING_INFORMATION \ CTL_CODE( FILE_DEVICE_NETWORK_FILE_SYSTEM, 58, METHOD_BUFFERED, FILE_ANY_ACCESS ) #define FSCTL_LMR_SET_LINK_TRACKING_INFORMATION \ CTL_CODE( FILE_DEVICE_NETWORK_FILE_SYSTEM, 59, METHOD_BUFFERED, FILE_ANY_ACCESS ) #define FSCTL_LMR_ARE_FILE_OBJECTS_ON_SAME_SERVER \ CTL_CODE( FILE_DEVICE_NETWORK_FILE_SYSTEM, 60, METHOD_BUFFERED, FILE_ANY_ACCESS ) /* Named pipe file system control codes */ #define FSCTL_PIPE_ASSIGN_EVENT \ CTL_CODE( FILE_DEVICE_NAMED_PIPE, 0, METHOD_BUFFERED, FILE_ANY_ACCESS ) #define FSCTL_PIPE_DISCONNECT \ CTL_CODE( FILE_DEVICE_NAMED_PIPE, 1, METHOD_BUFFERED, FILE_ANY_ACCESS ) #define FSCTL_PIPE_LISTEN \ CTL_CODE( FILE_DEVICE_NAMED_PIPE, 2, METHOD_BUFFERED, FILE_ANY_ACCESS ) #define FSCTL_PIPE_PEEK \ CTL_CODE( FILE_DEVICE_NAMED_PIPE, 3, METHOD_BUFFERED, FILE_READ_DATA ) #define FSCTL_PIPE_QUERY_EVENT \ CTL_CODE( FILE_DEVICE_NAMED_PIPE, 4, METHOD_BUFFERED, FILE_ANY_ACCESS ) #define FSCTL_PIPE_TRANSCEIVE \ CTL_CODE( FILE_DEVICE_NAMED_PIPE, 5, METHOD_NEITHER, FILE_READ_DATA | \ FILE_WRITE_DATA ) #define FSCTL_PIPE_WAIT \ CTL_CODE( FILE_DEVICE_NAMED_PIPE, 6, METHOD_BUFFERED, FILE_ANY_ACCESS ) #define FSCTL_PIPE_IMPERSONATE \ CTL_CODE( FILE_DEVICE_NAMED_PIPE, 7, METHOD_BUFFERED, FILE_ANY_ACCESS ) #define FSCTL_PIPE_SET_CLIENT_PROCESS \ CTL_CODE( FILE_DEVICE_NAMED_PIPE, 8, METHOD_BUFFERED, FILE_ANY_ACCESS ) #define FSCTL_PIPE_QUERY_CLIENT_PROCESS \ CTL_CODE( FILE_DEVICE_NAMED_PIPE, 9, METHOD_BUFFERED, FILE_ANY_ACCESS ) #define FSCTL_PIPE_GET_PIPE_ATTRIBUTE \ CTL_CODE( FILE_DEVICE_NAMED_PIPE, 10, METHOD_BUFFERED, FILE_ANY_ACCESS ) #define FSCTL_PIPE_SET_PIPE_ATTRIBUTE \ CTL_CODE( FILE_DEVICE_NAMED_PIPE, 11, METHOD_BUFFERED, FILE_ANY_ACCESS ) #define FSCTL_PIPE_GET_CONNECTION_ATTRIBUTE \ CTL_CODE( FILE_DEVICE_NAMED_PIPE, 12, METHOD_BUFFERED, FILE_ANY_ACCESS ) #define FSCTL_PIPE_SET_CONNECTION_ATTRIBUTE \ CTL_CODE( FILE_DEVICE_NAMED_PIPE, 13, METHOD_BUFFERED, FILE_ANY_ACCESS ) #define FSCTL_PIPE_GET_HANDLE_ATTRIBUTE \ CTL_CODE( FILE_DEVICE_NAMED_PIPE, 14, METHOD_BUFFERED, FILE_ANY_ACCESS ) #define FSCTL_PIPE_SET_HANDLE_ATTRIBUTE \ CTL_CODE( FILE_DEVICE_NAMED_PIPE, 15, METHOD_BUFFERED, FILE_ANY_ACCESS ) #define FSCTL_PIPE_FLUSH \ CTL_CODE( FILE_DEVICE_NAMED_PIPE, 16, METHOD_BUFFERED, FILE_WRITE_DATA ) #define FSCTL_PIPE_INTERNAL_READ \ CTL_CODE( FILE_DEVICE_NAMED_PIPE, 2045, METHOD_BUFFERED, FILE_READ_DATA ) #define FSCTL_PIPE_INTERNAL_WRITE \ CTL_CODE( FILE_DEVICE_NAMED_PIPE, 2046, METHOD_BUFFERED, FILE_WRITE_DATA ) #define FSCTL_PIPE_INTERNAL_TRANSCEIVE \ CTL_CODE( FILE_DEVICE_NAMED_PIPE, 2047, METHOD_NEITHER, FILE_READ_DATA | \ FILE_WRITE_DATA ) #define FSCTL_PIPE_INTERNAL_READ_OVFLOW \ CTL_CODE( FILE_DEVICE_NAMED_PIPE, 2048, METHOD_BUFFERED, FILE_READ_DATA ) /* Device number special value */ #define CSV_INVALID_DEVICE_NUMBER 0xFFFFFFFFL /* Named pipe entry types */ #define FILE_PIPE_READ_DATA 0x00000000L #define FILE_PIPE_WRITE_SPACE 0x00000001L /* Named pipe computer name length */ #define FILE_PIPE_COMPUTER_NAME_LENGTH 15 /* FSCTL_QUERY_DEPENDENT_VOLUME request flags */ #if (_WIN32_WINNT >= 0x0601) #define QUERY_DEPENDENT_VOLUME_REQUEST_FLAG_HOST_VOLUMES 0x00000001L #define QUERY_DEPENDENT_VOLUME_REQUEST_FLAG_GUEST_VOLUMES 0x00000002L #endif /* Mailslot file system control codes */ #define FSCTL_MAILSLOT_PEEK \ CTL_CODE( FILE_DEVICE_MAILSLOT, 0, METHOD_NEITHER, FILE_READ_DATA ) /* System page priority constants */ #define SYSTEM_PAGE_PRIORITY_BITS 3 #define SYSTEM_PAGE_PRIORITY_LEVELS (1 << SYSTEM_PAGE_PRIORITY_BITS) /* Token flags */ #define TOKEN_HAS_TRAVERSE_PRIVILEGE 0x0001 #define TOKEN_HAS_BACKUP_PRIVILEGE 0x0002 #define TOKEN_HAS_RESTORE_PRIVILEGE 0x0004 #define TOKEN_WRITE_RESTRICTED 0x0008 #define TOKEN_IS_RESTRICTED 0x0010 #define TOKEN_SESSION_NOT_REFERENCED 0x0020 #define TOKEN_SANDBOX_INERT 0x0040 #define TOKEN_HAS_IMPERSONATE_PRIVILEGE 0x0080 #define SE_BACKUP_PRIVILEGES_CHECKED 0x0100 #define TOKEN_VIRTUALIZE_ALLOWED 0x0200 #define TOKEN_VIRTUALIZE_ENABLED 0x0400 #define TOKEN_IS_FILTERED 0x0800 #define TOKEN_UIACCESS 0x1000 #define TOKEN_NOT_LOW 0x2000 /* I/O flags */ #define IO_OPEN_PAGING_FILE 0x0002 #define IO_OPEN_TARGET_DIRECTORY 0x0004 #define IO_STOP_ON_SYMLINK 0x0008 #define IO_MM_PAGING_FILE 0x0010 /* File system filter operations */ #define FS_FILTER_ACQUIRE_FOR_SECTION_SYNCHRONIZATION 0xFF #define FS_FILTER_RELEASE_FOR_SECTION_SYNCHRONIZATION 0xFE #define FS_FILTER_ACQUIRE_FOR_MOD_WRITE 0xFD #define FS_FILTER_RELEASE_FOR_MOD_WRITE 0xFC #define FS_FILTER_ACQUIRE_FOR_CC_FLUSH 0xFB #define FS_FILTER_RELEASE_FOR_CC_FLUSH 0xFA /* I/O file object pool charge constants */ #define IO_FILE_OBJECT_NON_PAGED_POOL_CHARGE 64 #define IO_FILE_OBJECT_PAGED_POOL_CHARGE 1024 /* Memory management prefetch flags mask */ #if (NTDDI_VERSION >= 0x05010000) #define MM_PREFETCH_FLAGS_MASK ((1 << (2 * SYSTEM_PAGE_PRIORITY_BITS)) - 1) #endif /* FCB header version numbers */ #define FSRTL_FCB_HEADER_V0 0x00 #define FSRTL_FCB_HEADER_V1 0x01 /* FCB header flags */ #define FSRTL_FLAG_FILE_MODIFIED 0x01 #define FSRTL_FLAG_FILE_LENGTH_CHANGED 0x02 #define FSRTL_FLAG_LIMIT_MODIFIED_PAGES 0x04 #define FSRTL_FLAG_ACQUIRE_MAIN_RSRC_EX 0x08 #define FSRTL_FLAG_ACQUIRE_MAIN_RSRC_SH 0x10 #define FSRTL_FLAG_USER_MAPPED_FILE 0x20 #define FSRTL_FLAG_ADVANCED_HEADER 0x40 #define FSRTL_FLAG_EOF_ADVANCE_ACTIVE 0x80 /* FCB header secondary flags */ #define FSRTL_FLAG2_DO_MODIFIED_WRITE 0x01 #define FSRTL_FLAG2_SUPPORTS_FILTER_CONTEXTS 0x02 #define FSRTL_FLAG2_PURGE_WHEN_MAPPED 0x04 #define FSRTL_FLAG2_IS_PAGING_FILE 0x08 /* Top level IRP constants */ #define FSRTL_FSP_TOP_LEVEL_IRP 0x0001 #define FSRTL_CACHE_TOP_LEVEL_IRP 0x0002 #define FSRTL_MOD_WRITE_TOP_LEVEL_IRP 0x0003 #define FSRTL_FAST_IO_TOP_LEVEL_IRP 0x0004 #define FSRTL_NETWORK1_TOP_LEVEL_IRP 0x0005 #define FSRTL_NETWORK2_TOP_LEVEL_IRP 0x0006 #define FSRTL_MAX_TOP_LEVEL_IRP_FLAG 0xFFFF /* Auxiliary flags */ #define FSRTL_AUXILIARY_FLAG_DEALLOCATE 0x00000001L /* Legal DBCS character flags */ #define FSRTL_FAT_LEGAL 0x01 #define FSRTL_HPFS_LEGAL 0x02 #define FSRTL_NTFS_LEGAL 0x04 #define FSRTL_WILD_CHARACTER 0x08 #define FSRTL_OLE_LEGAL 0x10 #define FSRTL_NTFS_STREAM_LEGAL (FSRTL_NTFS_LEGAL | FSRTL_OLE_LEGAL) /* MCB flags */ #define MCB_FLAG_RAISE_ON_ALLOCATION_FAILURE 1 /* FsRtlCheckOplockEx() flags */ #if (NTDDI_VERSION >= 0x06000100) #define OPLOCK_FLAG_COMPLETE_IF_OPLOCKED 0x00000001L #endif #if (NTDDI_VERSION >= 0x06010000) #define OPLOCK_FLAG_OPLOCK_KEY_CHECK_ONLY 0x00000002L #define OPLOCK_FLAG_BACK_OUT_ATOMIC_OPLOCK 0x00000004L #define OPLOCK_FLAG_IGNORE_OPLOCK_KEYS 0x00000008L #endif /* FsRtlOplockFsctrlEx() flags */ #if (NTDDI_VERSION >= 0x06010000) #define OPLOCK_FSCTRL_FLAG_ALL_KEYS_MATCH 0x00000001L #endif /* Volume operations */ #define FSRTL_VOLUME_DISMOUNT 1 #define FSRTL_VOLUME_DISMOUNT_FAILED 2 #define FSRTL_VOLUME_LOCK 3 #define FSRTL_VOLUME_LOCK_FAILED 4 #define FSRTL_VOLUME_UNLOCK 5 #define FSRTL_VOLUME_MOUNT 6 #define FSRTL_VOLUME_NEEDS_CHKDSK 7 #define FSRTL_VOLUME_WORM_NEAR_FULL 8 #define FSRTL_VOLUME_WEARING_OUT 9 #define FSRTL_VOLUME_FORCED_CLOSED 10 #define FSRTL_VOLUME_INFO_MAKE_COMPAT 11 #define FSRTL_VOLUME_PREPARING_EJECT 12 #define FSRTL_VOLUME_CHANGE_SIZE 13 #define FSRTL_VOLUME_BACKGROUND_FORMAT 14 /* FsRtlRegisterUncRegisterEx() flags */ #if (NTDDI_VERSION >= 0x06000000) #define FSRTL_UNC_PROVIDER_FLAGS_MAILSLOTS_SUPPORTED 0x00000001L #define FSRTL_UNC_PROVIDER_FLAGS_CSC_ENABLED 0x00000002L #define FSRTL_UNC_PROVIDER_FLAGS_DOMAIN_SVC_AWARE 0x00000004L #endif /* Extra create parameter list allocation flags */ #if (NTDDI_VERSION >= 0x06000000) #define FSRTL_ALLOCATE_ECPLIST_FLAG_CHARGE_QUOTA 0x00000001L #endif /* Extra create parameter allocation flags */ #if (NTDDI_VERSION >= 0x06000000) #define FSRTL_ALLOCATE_ECP_FLAG_CHARGE_QUOTA 0x00000001L #define FSRTL_ALLOCATE_ECP_FLAG_NONPAGED_POOL 0x00000002L #endif /* Extra create parameter lookaside flags */ #if (NTDDI_VERSION >= 0x06000000) #define FSRTL_ECP_LOOKASIDE_FLAG_NONPAGED_POOL 0x00000002L #endif /* Network open extra create parameter flags */ #if (NTDDI_VERSION >= 0x06010000) #define NETWORK_OPEN_ECP_IN_FLAG_DISABLE_HANDLE_COLLAPSING 0x00000001L #define NETWORK_OPEN_ECP_IN_FLAG_DISABLE_HANDLE_DURABILITY 0x00000002L #define NETWORK_OPEN_ECP_IN_FLAG_FORCE_BUFFERED_SYNCHRONOUS_IO_HACK 0x80000000L #endif /* Virtual disk nesting flags */ #if (NTDDI_VERSION >= 0x06000000) #define FSRTL_VIRTDISK_FULLY_ALLOCATED 0x00000001L #define FSRTL_VIRTDISK_NO_DRIVE_LETTER 0x00000002L #endif /* FsRtlLogCcFlushError() flags */ #define FSRTL_CC_FLUSH_ERROR_FLAG_NO_HARD_ERROR 0x00000001L #define FSRTL_CC_FLUSH_ERROR_FLAG_NO_LOG_ENTRY 0x00000002L /* Cache manager constants */ #define VACB_MAPPING_GRANULARITY 0x00040000 #define VACB_OFFSET_SHIFT 18 /* CcPurgeCacheSection() flags */ #define UNINITIALIZE_CACHE_MAPS 0x00000001L #define DO_NOT_RETRY_PURGE 0x00000002L #define DO_NOT_PURGE_DIRTY_PAGES 0x00000004L /* CcCoherencyFlushAndPurgeCache() flags */ #define CC_FLUSH_AND_PURGE_NO_PURGE 0x00000001L /* Pin flags */ #define PIN_WAIT 1L #define PIN_EXCLUSIVE 2L #define PIN_NO_READ 4L #define PIN_IF_BCB 8L #define PIN_CALLER_TRACKS_DIRTY_DATA 32L #define PIN_HIGH_PRIORITY 64L /* Mapping flags */ #define MAP_WAIT 1L #define MAP_NO_READ 16L #define MAP_HIGH_PRIORITY 64L /* Security user data flags */ #define UNDERSTANDS_LONG_NAMES 1L #define NO_LONG_NAMES 2L /* MUP device name */ #define DD_MUP_DEVICE_NAME L"\\Device\\Mup" /* Redirector device I/O control codes */ #define IOCTL_REDIR_QUERY_PATH \ CTL_CODE( FILE_DEVICE_NETWORK_FILE_SYSTEM, 99, METHOD_NEITHER, FILE_ANY_ACCESS ) #define IOCTL_REDIR_QUERY_PATH_EX \ CTL_CODE( FILE_DEVICE_NETWORK_FILE_SYSTEM, 100, METHOD_NEITHER, FILE_ANY_ACCESS ) /* Volume snap device I/O control codes */ #define VOLSNAPCONTROLTYPE ((ULONG)'S') #define IOCTL_VOLSNAP_FLUSH_AND_HOLD_WRITES \ CTL_CODE( VOLSNAPCONTROLTYPE, 0, METHOD_BUFFERED, FILE_READ_ACCESS | \ FILE_WRITE_ACCESS ) /* Opaque data types */ typedef struct _KPROCESS *PKPROCESS; typedef struct _KPROCESS *PRKPROCESS; #if (NTDDI_VERSION >= 0x06000000) typedef struct _ECP_LIST ECP_LIST; typedef struct _ECP_LIST *PECP_LIST; #endif #if (NTDDI_VERSION >= 0x06010000) typedef struct _ECP_HEADER ECP_HEADER; typedef struct _ECP_HEADER *PECP_HEADER; typedef struct sockaddr_storage *PSOCKADDR_STORAGE_NFS; #endif /* SID identifier authority */ typedef struct _SID_IDENTIFIER_AUTHORITY { UCHAR Value[6]; } SID_IDENTIFIER_AUTHORITY; typedef SID_IDENTIFIER_AUTHORITY *PSID_IDENTIFIER_AUTHORITY; /* Security identifier */ typedef struct _SID { UCHAR Revision; UCHAR SubAuthorityCount; SID_IDENTIFIER_AUTHORITY IdentifierAuthority; ULONG SubAuthority[ANYSIZE_ARRAY]; } SID; typedef SID *PISID; /* SID types */ typedef enum _SID_NAME_USE { SidTypeUser = 1, SidTypeGroup = 2, SidTypeDomain = 3, SidTypeAlias = 4, SidTypeWellKnownGroup = 5, SidTypeDeletedAccount = 6, SidTypeInvalid = 7, SidTypeUnknown = 8, SidTypeComputer = 9, SidTypeLabel = 10 } SID_NAME_USE; typedef SID_NAME_USE *PSID_NAME_USE; /* SID and attributes */ typedef struct _SID_AND_ATTRIBUTES { PSID Sid; ULONG Attributes; } SID_AND_ATTRIBUTES; typedef SID_AND_ATTRIBUTES *PSID_AND_ATTRIBUTES; /* SID and attributes hash */ typedef struct _SID_AND_ATTRIBUTES_HASH { ULONG SidCounty; PSID_AND_ATTRIBUTES SidAttr; SID_HASH_ENTRY Hash[SID_HASH_SIZE]; } SID_AND_ATTRIBUTES_HASH; typedef SID_AND_ATTRIBUTES_HASH *PSID_AND_ATTRIBUTES_HASH; /* ACE header */ typedef struct _ACE_HEADER { UCHAR AceType; UCHAR AceFlags; USHORT AceSize; } ACE_HEADER; typedef ACE_HEADER *PACE_HEADER; /* Access allowed ACE */ typedef struct _ACCESS_ALLOWED_ACE { ACE_HEADER Header; ACCESS_MASK Mask; ULONG SidStart; } ACCESS_ALLOWED_ACE; typedef ACCESS_ALLOWED_ACE *PACCESS_ALLLOWED_ACE; /* Access denied ACE */ typedef struct _ACCESS_DENIED_ACE { ACE_HEADER Header; ACCESS_MASK Mask; ULONG SidStart; } ACCESS_DENIED_ACE; typedef ACCESS_DENIED_ACE *PACCESS_DENIED_ACE; /* System audit ACE */ typedef struct _SYSTEM_AUDIT_ACE { ACE_HEADER Header; ACCESS_MASK Mask; ULONG SidStart; } SYSTEM_AUDIT_ACE; typedef SYSTEM_AUDIT_ACE *PSYSTEM_AUDIT_ACE; /* System alarm ACE */ typedef struct _SYSTEM_ALARM_ACE { ACE_HEADER Header; ACCESS_MASK Mask; ULONG SidStart; } SYSTEM_ALARM_ACE; typedef SYSTEM_ALARM_ACE *PSYSTEM_ALARM_ACE; /* System mandatory label ACE */ typedef struct _SYSTEM_MANDATORY_LABEL_ACE { ACE_HEADER Header; ACCESS_MASK Mask; ULONG SidStart; } SYSTEM_MANDATORY_LABEL_ACE; typedef SYSTEM_MANDATORY_LABEL_ACE *PSYSTEM_MANDATORY_LABEL_ACE; /* Relative security descriptor */ typedef struct _SECURITY_DESCRIPTOR_RELATIVE { UCHAR Revision; UCHAR Sbz1; SECURITY_DESCRIPTOR_CONTROL Control; ULONG Owner; ULONG Group; ULONG Sacl; ULONG Dacl; } SECURITY_DESCRIPTOR_RELATIVE; typedef SECURITY_DESCRIPTOR_RELATIVE *PISECURITY_DESCRIPTOR_RELATIVE; /* Security descriptor */ typedef struct _SECURITY_DESCRIPTOR { UCHAR Revision; UCHAR Sbz1; SECURITY_DESCRIPTOR_CONTROL Control; PSID Owner; PSID Group; PACL Sacl; PACL Dacl; } SECURITY_DESCRIPTOR; typedef SECURITY_DESCRIPTOR *PISECURITY_DESCRIPTOR; /* Object type list */ typedef struct _OBJECT_TYPE_LIST { USHORT Level; USHORT Sbz; GUID *ObjectType; } OBJECT_TYPE_LIST; typedef OBJECT_TYPE_LIST *POBJECT_TYPE_LIST; /* Audit event types */ typedef enum _AUDIT_EVENT_TYPE { AuditEventObjectAccess, AuditEventDirectoryServiceAccess } AUDIT_EVENT_TYPE; /* Access reason types */ typedef enum _ACCESS_REASON_TYPE { AccessReasonNone = 0x00000000, AccessReasonAllowedAce = 0x00010000, AccessReasonDeniedAce = 0x00020000, AccessReasonAllowedParentAce = 0x00030000, AccessReasonDeniedParentAce = 0x00040000, AccessReasonMissingPrivilege = 0x00100000, AccessReasonFromPrivilege = 0x00200000, AccessReasonIntegrityLevel = 0x00300000, AccessReasonOwnership = 0x00400000, AccessReasonNullDacl = 0x00500000, AccessReasonEmptyDacl = 0x00600000, AccessReasonNoSD = 0x00700000, AccessReasonNoGrant = 0x00800000 } ACCESS_REASON_TYPE; /* Access reasons */ typedef struct _ACCESS_REASONS { ACCESS_REASON Data[32]; } ACCESS_REASONS; typedef ACCESS_REASONS *PACCESS_REASONS; /* Security descriptor */ typedef struct _SE_SECURITY_DESCRIPTOR { ULONG Size; ULONG Flags; PSECURITY_DESCRIPTOR SecurityDescriptor; } SE_SECURITY_DESCRIPTOR; typedef SE_SECURITY_DESCRIPTOR *PSE_SECURITY_DESCRIPTOR; /* Security access request */ typedef struct _SE_ACCESS_REQUEST { ULONG Size; PSE_SECURITY_DESCRIPTOR SeSecurityDescriptor; ACCESS_MASK DesiredAccess; ACCESS_MASK PreviouslyGrantedAccess; PSID PrincipalSelfSid; PGENERIC_MAPPING GenericMapping; ULONG ObjectTypeListCount; POBJECT_TYPE_LIST ObjectTypeList; } SE_ACCESS_REQUEST; typedef SE_ACCESS_REQUEST *PSE_ACCESS_REQUEST; /* Security access reply */ typedef struct _SE_ACCESS_REPLY { ULONG Size; ULONG ResultListCount; PACCESS_MASK GrantedAccess; PULONG AccessStatus; PACCESS_REASONS AccessReason; PPRIVILEGE_SET *Privileges; } SE_ACCESS_REPLY; typedef SE_ACCESS_REPLY *PSE_ACCESS_REPLY; /* Security audit operations */ typedef enum _SE_AUDIT_OPERATION { AuditPrivilegeObject = 0, AuditPrivilegeService = 1, AuditAccessCheck = 2, AuditOpenObject = 3, AuditOpenObjectWithTransaction = 4, AuditCloseObject = 5, AuditDeleteObject = 6, AuditOpenObjectForDelete = 7, AuditOpenObjectForDeleteWithTransaction = 8, AuditCloseNonObject = 9, AuditOpenNonObject = 10, AuditObjectReference = 11, AuditHandleCreation = 12 } SE_AUDIT_OPERATION; typedef SE_AUDIT_OPERATION *PSE_AUDIT_OPERATION; /* Security audit information */ typedef struct _SE_AUDIT_INFO { ULONG Size; AUDIT_EVENT_TYPE AuditType; SE_AUDIT_OPERATION AuditOperation; ULONG AuditFlags; UNICODE_STRING SubsystemName; UNICODE_STRING ObjectTypeName; UNICODE_STRING ObjectName; PVOID HandleId; GUID *TransactionId; LUID *OperationId; BOOLEAN ObjectCreation; BOOLEAN GenerateOnClose; } SE_AUDIT_INFO; typedef SE_AUDIT_INFO *PSE_AUDIT_INFO; /* Token types */ typedef enum _TOKEN_TYPE { TokenPrimary = 1, TokenImpersonation = 2 } TOKEN_TYPE; typedef TOKEN_TYPE *PTOKEN_TYPE; /* Token elevation types */ typedef enum _TOKEN_ELEVATION_TYPE { TokenElevationTypeDefault = 1, TokenElevationTypeFull = 2, TokenElevationTypeLimited = 3 } TOKEN_ELEVATION_TYPE; typedef TOKEN_ELEVATION_TYPE *PTOKEN_ELEVATION_TYPE; /* Token information classes */ typedef enum _TOKEN_INFORMATION_CLASS { TokenUser = 1, TokenGroups = 2, TokenPrivileges = 3, TokenOwner = 4, TokenPrimaryGroup = 5, TokenDefaultDacl = 6, TokenSource = 7, TokenType = 8, TokenImpersonationLevel = 9, TokenStatistics = 10, TokenRestrictedSids = 11, TokenSessionId = 12, TokenGroupsAndPrivileges = 13, TokenSessionReference = 14, TokenSandBoxInert = 15, TokenAuditPolicy = 16, TokenOrigin = 17, TokenElevationType = 18, TokenLinkedToken = 19, TokenElevation = 20, TokenHasRestrictions = 21, TokenAccessInformation = 22, TokenVirtualizationAllowed = 23, TokenVirtualizationEnabled = 24, TokenIntegrityLevel = 25, TokenUIAccess = 26, TokenMandatoryPolicy = 27, TokenLogonSid = 28, MaxTokenInfoClass = 29 } TOKEN_INFORMATION_CLASS; typedef TOKEN_INFORMATION_CLASS *PTOKEN_INFORMATION_CLASS; /* Token user */ typedef struct _TOKEN_USER { SID_AND_ATTRIBUTES User; } TOKEN_USER; typedef TOKEN_USER *PTOKEN_USER; /* Token groups */ typedef struct _TOKEN_GROUPS { ULONG GroupCount; SID_AND_ATTRIBUTES Groups[ANYSIZE_ARRAY]; } TOKEN_GROUPS; typedef TOKEN_GROUPS *PTOKEN_GROUPS; /* Token privileges */ typedef struct _TOKEN_PRIVILEGES { ULONG PrivilegeCount; LUID_AND_ATTRIBUTES Privileges[ANYSIZE_ARRAY]; } TOKEN_PRIVILEGES; typedef TOKEN_PRIVILEGES *PTOKEN_PRIVILEGES; /* Token owner */ typedef struct _TOKEN_OWNER { PSID Owner; } TOKEN_OWNER; typedef TOKEN_OWNER *PTOKEN_OWNER; /* Token primary group */ typedef struct _TOKEN_PRIMARY_GROUP { PSID PrimaryGroup; } TOKEN_PRIMARY_GROUP; typedef TOKEN_PRIMARY_GROUP *PTOKEN_PRIMARY_GROUP; /* Token default DACL */ typedef struct _TOKEN_DEFAULT_DACL { PACL DefaultDacl; } TOKEN_DEFAULT_DACL; typedef TOKEN_DEFAULT_DACL *PTOKEN_DEFAULT_DACL; /* Token groups and privileges */ typedef struct _TOKEN_GROUPS_AND_PRIVILEGES { ULONG SidCount; ULONG SidLength; PSID_AND_ATTRIBUTES Sids; ULONG RestrictedSidCount; ULONG RestrictedSidLength; PSID_AND_ATTRIBUTES RestrictedSids; ULONG PrivilegeCount; ULONG PrivilegeLength; PLUID_AND_ATTRIBUTES Privileges; LUID AuthenticationId; } TOKEN_GROUPS_AND_PRIVILEGES; typedef TOKEN_GROUPS_AND_PRIVILEGES *PTOKEN_GROUPS_AND_PRIVILEGES; /* Token linked token */ typedef struct _TOKEN_LINKED_TOKEN { HANDLE LinkedToken; } TOKEN_LINKED_TOKEN; typedef TOKEN_LINKED_TOKEN *PTOKEN_LINKED_TOKEN; /* Token elevation */ typedef struct _TOKEN_ELEVATION { ULONG TokenIsElevated; } TOKEN_ELEVATION; typedef TOKEN_ELEVATION *PTOKEN_ELEVATION; /* Token mandatory label */ typedef struct _TOKEN_MANDATORY_LABEL { SID_AND_ATTRIBUTES Label; } TOKEN_MANDATORY_LABEL; typedef TOKEN_MANDATORY_LABEL *PTOKEN_MANDATORY_LABEL; /* Toke mandatory policy */ typedef struct _TOKEN_MANDATORY_POLICY { ULONG Policy; } TOKEN_MANDATORY_POLICY; typedef TOKEN_MANDATORY_POLICY *PTOKEN_MANDATORY_POLICY; /* Token access information */ typedef struct _TOKEN_ACCESS_INFORMATION { PSID_AND_ATTRIBUTES_HASH SidHash; PSID_AND_ATTRIBUTES_HASH RestrictedSidHash; PTOKEN_PRIVILEGES Privileges; LUID AuthenticationId; TOKEN_TYPE TokenType; SECURITY_IMPERSONATION_LEVEL ImpersonationLevel; TOKEN_MANDATORY_POLICY MandatoryPolicy; ULONG Flags; } TOKEN_ACCESS_INFORMATION; typedef TOKEN_ACCESS_INFORMATION *PTOKEN_ACCESS_INFORMATION; /* Token audit policy */ typedef struct _TOKEN_AUDIT_POLICY { UCHAR PerUserPolicy[(POLICY_AUDIT_SUBCATEGORY_COUNT >> 1) + 1]; } TOKEN_AUDIT_POLICY; typedef TOKEN_AUDIT_POLICY *PTOKEN_AUDIT_POLICY; /* Token source */ typedef struct _TOKEN_SOURCE { CHAR SourceName[TOKEN_SOURCE_LENGTH]; LUID SourceIdentifier; } TOKEN_SOURCE; typedef TOKEN_SOURCE* PTOKEN_SOURCE; /* Token statistics */ typedef struct _TOKEN_STATISTICS { LUID TokenId; LUID AuthenticationId; LARGE_INTEGER ExpirationTime; TOKEN_TYPE TokenType; SECURITY_IMPERSONATION_LEVEL ImpersonationLevel; ULONG DynamicCharged; ULONG DynamicAvailable; ULONG GroupCount; ULONG PrivilegeCount; LUID ModifiedId; } TOKEN_STATISTICS; typedef TOKEN_STATISTICS *PTOKEN_STATISTICS; /* Token control */ typedef struct _TOKEN_CONTROL { LUID TokenId; LUID AuthenticationId; LUID ModifiedId; TOKEN_SOURCE TokenSource; } TOKEN_CONTROL; typedef TOKEN_CONTROL *PTOKEN_CONTROL; /* Token origin */ typedef struct _TOKEN_ORIGIN { LUID OriginatingLogonSession; } TOKEN_ORIGIN; typedef TOKEN_ORIGIN *PTOKEN_ORIGIN; /* Mandatory levels */ typedef enum _MANDATORY_LEVEL { MandatoryLevelUntrusted = 0, MandatoryLevelLow = 1, MandatoryLevelMedium = 2, MandatoryLevelHigh = 3, MandatoryLevelSystem = 4, MandatoryLevelSecureProcess = 5, MandatoryLevelCount = 6 } MANDATORY_LEVEL; typedef MANDATORY_LEVEL *PMANDATORY_LEVEL; /* Heap commit routine */ typedef NTSTATUS (NTAPI RTL_HEAP_COMMIT_ROUTINE)( PVOID, PVOID *, PSIZE_T ); typedef RTL_HEAP_COMMIT_ROUTINE *PRTL_HEAP_COMMIT_ROUTINE; /* Heap parameters */ typedef struct _RTL_HEAP_PARAMETERS { ULONG Length; SIZE_T SegmentReserve; SIZE_T SegmentCommit; SIZE_T DeCommitFreeBlockThreshold; SIZE_T DeCommitTotalFreeThreshold; SIZE_T MaximumAllocationSize; SIZE_T VirtualMemoryThreshold; SIZE_T InitialCommit; SIZE_T InitialReserve; PRTL_HEAP_COMMIT_ROUTINE CommitRoutine; SIZE_T Reserved[2]; } RTL_HEAP_PARAMETERS; typedef RTL_HEAP_PARAMETERS *PRTL_HEAP_PARAMETERS; /* String callbacks */ typedef PVOID (NTAPI RTL_ALLOCATE_STRING_ROUTINE)( SIZE_T ); #if (_WIN32_WINNT >= 0x0600) typedef PVOID (NTAPI RTL_REALLOCATE_STRING_ROUTINE)( SIZE_T, PVOID ); #endif typedef VOID (NTAPI RTL_FREE_STRING_ROUTINE)( PVOID ); typedef RTL_ALLOCATE_STRING_ROUTINE *PRTL_ALLOCATE_STRING_ROUTINE; #if (_WIN32_WINNT >= 0x0600) typedef RTL_REALLOCATE_STRING_ROUTINE *PRTL_REALLOCATE_STRING_ROUTINE; #endif typedef RTL_FREE_STRING_ROUTINE *PRTL_FREE_STRING_ROUTINE; /* Generate name context */ typedef struct _GENERATE_NAME_CONTEXT { USHORT Checksum; BOOLEAN ChecksumInserted; UCHAR NameLength; WCHAR NameBuffer[8]; ULONG ExtensionLength; WCHAR ExtensionBuffer[4]; ULONG LastIndexValue; } GENERATE_NAME_CONTEXT; typedef GENERATE_NAME_CONTEXT *PGENERATE_NAME_CONTEXT; /* Prefix table entry */ typedef struct _PREFIX_TABLE_ENTRY { CSHORT NodeTypeCode; CSHORT NameLength; struct _PREFIX_TABLE_ENTRY *NextPrefixTree; RTL_SPLAY_LINKS Links; PSTRING Prefix; } PREFIX_TABLE_ENTRY; typedef PREFIX_TABLE_ENTRY *PPREFIX_TABLE_ENTRY; /* Prefix table */ typedef struct _PREFIX_TABLE { CSHORT NodeTypeCode; CSHORT NameLength; PPREFIX_TABLE_ENTRY NextPrefixTree; } PREFIX_TABLE; typedef PREFIX_TABLE *PPREFIX_TABLE; /* Unicode prefix table entry */ typedef struct _UNICODE_PREFIX_TABLE_ENTRY { CSHORT NodeTypeCode; CSHORT NameLength; struct _UNICODE_PREFIX_TABLE_ENTRY *NextPrefixTree; struct _UNICODE_PREFIX_TABLE_ENTRY *CaseMatch; RTL_SPLAY_LINKS Links; PUNICODE_STRING Prefix; } UNICODE_PREFIX_TABLE_ENTRY; typedef UNICODE_PREFIX_TABLE_ENTRY *PUNICODE_PREFIX_TABLE_ENTRY; /* Unicode prefix table */ typedef struct _UNICODE_PREFIX_TABLE { CSHORT NodeTypeCode; CSHORT NameLength; PUNICODE_PREFIX_TABLE_ENTRY NextPrefixTree; PUNICODE_PREFIX_TABLE_ENTRY LastNextEntry; } UNICODE_PREFIX_TABLE; typedef UNICODE_PREFIX_TABLE *PUNICODE_PREFIX_TABLE; /* Compressed data information */ typedef struct _COMPRESSED_DATA_INFO { USHORT CompressionFormatAndEngine; UCHAR CompressionUnitShift; UCHAR ChunkShift; UCHAR ClusterShift; UCHAR Reserved; USHORT NumberOfChunks; ULONG CompressedChunkSizes[ANYSIZE_ARRAY]; } COMPRESSED_DATA_INFO; typedef COMPRESSED_DATA_INFO *PCOMPRESSED_DATA_INFO; /* Security logon types */ typedef enum _SECURITY_LOGON_TYPE { UndefinedLogonType = 0, Interactive = 2, Network = 3, Batch = 4, Service = 5, Proxy = 6, Unlock = 7, NetworkCleartxt = 8, #if (_WIN32_WINNT >= 0x0501) NewCredentials = 9, RemoteInteractive = 10, #if (_WIN32_WINNT >= 0x0502) CachedInteractive = 11, CachedRemoteInteractive = 12, CachedUnlock = 13, #else CachedInteractive = 11 #endif #else NewCredentials = 9 #endif } SECURITY_LOGON_TYPE; typedef SECURITY_LOGON_TYPE *PSECURITY_LOGON_TYPE; /* MSV1.0 logon submit types */ typedef enum _MSV1_0_LOGON_SUBMIT_TYPE { MsV1_0InteractiveLogon = 2, MsV1_0Lm20Logon = 3, MsV1_0NetworkLogon = 4, MsV1_0SubAuthLogon = 5, MsV1_0WorkstationUnlockLogon = 7, MsV1_0S4ULogon = 12, MsV1_0VirtualLogon = 82 } MSV1_0_LOGON_SUBMIT_TYPE; typedef MSV1_0_LOGON_SUBMIT_TYPE *PMSV1_0_LOGON_SUBMIT_TYPE; /* MSV1.0 profile buffer types */ typedef enum _MSV1_0_PROFILE_BUFFER_TYPE { MsV1_0InteractiveProfile = 2, MsV1_0Lm20LogonProfile = 3, MsV1_0SmartCardProfile = 4 } MSV1_0_PROFILE_BUFFER_TYPE; typedef MSV1_0_PROFILE_BUFFER_TYPE *PMSV1_0_PROFILE_BUFFER_TYPE; /* MSV1.0 interactive logon authentication information */ typedef struct _MSV1_0_INTERACTIVE_LOGON { MSV1_0_LOGON_SUBMIT_TYPE MessageType; UNICODE_STRING LogonDomainName; UNICODE_STRING UserName; UNICODE_STRING Password; } MSV1_0_INTERACTIVE_LOGON; typedef MSV1_0_INTERACTIVE_LOGON *PMSV1_0_INTERACTIVE_LOGON; /* MSV1.0 interactive profile buffer */ typedef struct _MSV1_0_INTERACTIVE_PROFILE { MSV1_0_PROFILE_BUFFER_TYPE MessageType; USHORT LogonCount; USHORT BadPasswordCount; LARGE_INTEGER LogonTime; LARGE_INTEGER LogoffTime; LARGE_INTEGER KickOffTime; LARGE_INTEGER PasswordLastSet; LARGE_INTEGER PasswordCanChange; LARGE_INTEGER PasswordMustChange; UNICODE_STRING LogonScript; UNICODE_STRING HomeDirectory; UNICODE_STRING FullName; UNICODE_STRING ProfilePath; UNICODE_STRING HomeDirectoryDrive; UNICODE_STRING LogonServer; ULONG UserFlags; } MSV1_0_INTERACTIVE_PROFILE; typedef MSV1_0_INTERACTIVE_PROFILE *PMSV1_0_INTERACTIVE_PROFILE; /* MSV1.0 LAN Manager 2.0 logon authentication information */ typedef struct _MSV1_0_LM20_LOGON { MSV1_0_LOGON_SUBMIT_TYPE MessageType; UNICODE_STRING LogonDomainName; UNICODE_STRING UserName; UNICODE_STRING Workstation; UCHAR ChallengeToClient[MSV1_0_CHALLENGE_LENGTH]; STRING CaseSensitiveChallengeResponse; STRING CaseInsensitiveChallengeResponse; ULONG ParameterControl; } MSV1_0_LM20_LOGON; typedef MSV1_0_LM20_LOGON *PMSV1_0_LM20_LOGON; /* MSV1.0 subauthentication logon authentication information */ typedef struct _MSV1_0_SUBAUTH_LOGON { MSV1_0_LOGON_SUBMIT_TYPE MessageType; UNICODE_STRING LogonDomainName; UNICODE_STRING UserName; UNICODE_STRING Workstation; UCHAR ChallengeToClient[MSV1_0_CHALLENGE_LENGTH]; STRING AuthenticationInfo1; STRING AuthenticationInfo2; ULONG ParameterControl; ULONG SubAuthPackageId; } MSV1_0_SUBAUTH_LOGON; typedef MSV1_0_SUBAUTH_LOGON *PMSV1_0_SUBAUTH_LOGON; /* MSV1.0 S4U logon authentication information */ #if (_WIN32_WINNT >= 0x0600) typedef struct _MSV1_0_S4U_LOGON { MSV1_0_LOGON_SUBMIT_TYPE MessageType; ULONG Flags; UNICODE_STRING UserPrincipalName; UNICODE_STRING DomainName; } MSV1_0_S4U_LOGON; typedef MSV1_0_S4U_LOGON *PMSV1_0_S4U_LOGON; #endif /* MSV1.0 LAN Manager 2.0 logon profile buffer */ typedef struct _MSV1_0_LM20_LOGON_PROFILE { MSV1_0_PROFILE_BUFFER_TYPE MessageType; LARGE_INTEGER KickOffTime; LARGE_INTEGER LogoffTime; ULONG UserFlags; UCHAR UserSessionKey[MSV1_0_USER_SESSION_KEY_LENGTH]; UNICODE_STRING LogonDomainName; UCHAR LanmanSessionKey[MSV1_0_LANMAN_SESSION_KEY_LENGTH]; UNICODE_STRING LogonServer; UNICODE_STRING UserParameters; } MSV1_0_LM20_LOGON_PROFILE; typedef MSV1_0_LM20_LOGON_PROFILE *PMSV1_0_LM20_LOGON_PROFILE; /* MSV1.0 supplemental credential */ typedef struct _MSV1_0_SUPPLEMENTAL_CREDENTIAL { ULONG Version; ULONG Flags; UCHAR LmPassword[MSV1_0_OWF_PASSWORD_LENGTH]; UCHAR NtPassword[MSV1_0_OWF_PASSWORD_LENGTH]; } MSV1_0_SUPPLEMENTAL_CREDENTIAL; typedef MSV1_0_SUPPLEMENTAL_CREDENTIAL *PMSV1_0_SUPPLEMENTAL_CREDENTIAL; /* MSV1.0 NTLM3 response */ typedef struct _MSV1_0_NTLM3_RESPONSE { UCHAR Response[MSV1_0_NTLM3_RESPONSE_LENGTH]; UCHAR RespType; UCHAR HiRespType; USHORT Flags; ULONG MsgWord; ULONGLONG TimeStamp; UCHAR ChallengeFromClient[MSV1_0_CHALLENGE_LENGTH]; ULONG AvPairsOff; UCHAR Buffer[1]; } MSV1_0_NTLM3_RESPONSE; typedef MSV1_0_NTLM3_RESPONSE *PMSV1_0_NTLM3_RESPONSE; /* MSV1.0 AV identifiers */ typedef enum { MsvAvEOL = 0, MsvAvNbComputerName = 1, MsvAvNbDomainName = 2, MsvAvDnsComputerName = 3, MsvAvDnsDomainName = 4, #if (_WIN32_WINNT >= 0x0501) MsvAvDnsTreeName = 5, MsvAvFlags = 6, #endif #if (_WIN32_WINNT >= 0x0600) MsvAvTimestamp = 7, MsvAvRestrictions = 8, MsvAvTargetName = 9, MsvAvChannelBindings = 10 #endif } MSV1_0_AVID; /* MSV1.0 AV pair */ typedef struct _MSV1_0_AV_PAIR { USHORT AvId; USHORT AvLen; } MSV1_0_AV_PAIR; typedef MSV1_0_AV_PAIR *PMSV1_0_AV_PAIR; /* MSV1.0 protocol message types */ typedef enum _MSV1_0_PROTOCOL_MESSAGE_TYPE { MsV1_0Lm20ChallengeRequest = 0, MsV1_0Lm20GetChallengeResponse = 1, MsV1_0EnumerateUsers = 2, MsV1_0GetUserInfo = 3, MsV1_0ReLogonUsers = 4, MsV1_0ChangePassword = 5, MsV1_0ChangeCachedPassword = 6, MsV1_0GenericPassthrough = 7, MsV1_0CacheLogon = 8, MsV1_0SubAuth = 9, MsV1_0DeriveCredential = 10, MsV1_0CacheLookup = 11, #if (_WIN32_WINNT >= 0x0501) MsV1_0SetProcessOption = 12, #endif #if (_WIN32_WINNT >= 0x0600) MsV1_0ConfigLocalAliases = 13, MsV1_0ClearCachedCredentials = 14 #endif } MSV1_0_PROTOCOL_MESSAGE_TYPE; /* MSV1.0 LAN Manager 2.0 challenge request */ typedef struct _MSV1_0_LM20_CHALLENGE_REQUEST { MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType; } MSV1_0_LM20_CHALLENGE_REQUEST; typedef MSV1_0_LM20_CHALLENGE_REQUEST *PMSV1_0_LM20_CHALLENGE_REQUEST; /* MSV1.0 LAN Manager 2.0 challenge response */ typedef struct _MSV1_0_LM20_CHALLENGE_RESPONSE { MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType; UCHAR ChallengeToClient[MSV1_0_CHALLENGE_LENGTH]; } MSV1_0_LM20_CHALLENGE_RESPONSE; typedef MSV1_0_LM20_CHALLENGE_RESPONSE *PMSV1_0_LM20_CHALLENGE_RESPONSE; /* MSV1.0 get challenge response request (version 1) */ typedef struct _MSV1_0_GETCHALLENRESP_REQUEST_V1 { MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType; ULONG ParameterControl; LUID LogonId; UNICODE_STRING Password; UCHAR ChallengeToClient[MSV1_0_CHALLENGE_LENGTH]; } MSV1_0_GETCHALLENRESP_REQUEST_V1; typedef MSV1_0_GETCHALLENRESP_REQUEST_V1 *PMSV1_0_GETCHALLENRESP_REQUEST_V1; /* MSV1.0 get challenge response request */ typedef struct _MSV1_0_GETCHALLENRESP_REQUEST { MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType; ULONG ParameterControl; LUID LogonId; UNICODE_STRING Password; UCHAR ChallengeToClient[MSV1_0_CHALLENGE_LENGTH]; UNICODE_STRING UserName; UNICODE_STRING LogonDomainName; UNICODE_STRING ServerName; } MSV1_0_GETCHALLENRESP_REQUEST; typedef MSV1_0_GETCHALLENRESP_REQUEST *PMSV1_0_GETCHALLENRESP_REQUEST; /* MSV1.0 get challenge response response */ typedef struct _MSV1_0_GETCHALLENRESP_RESPONSE { MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType; STRING CaseSensitiveChallengeResponse; STRING CaseInsensitiveChallengeResponse; UNICODE_STRING UserName; UNICODE_STRING LogonDomainName; UCHAR UserSessionKey[MSV1_0_USER_SESSION_KEY_LENGTH]; UCHAR LanmanSessionKey[MSV1_0_LANMAN_SESSION_KEY_LENGTH]; } MSV1_0_GETCHALLENRESP_RESPONSE; typedef MSV1_0_GETCHALLENRESP_RESPONSE *PMSV1_0_GETCHALLENRESP_RESPONSE; /* MSV1.0 enumerate users request */ typedef struct _MSV1_0_ENUMUSERS_REQUEST { MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType; } MSV1_0_ENUMUSERS_REQUEST; typedef MSV1_0_ENUMUSERS_REQUEST *PMSV1_0_ENUMUSERS_REQUEST; /* MSV1.0 enumerate users response */ typedef struct _MSV1_0_ENUMUSERS_RESPONSE { MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType; ULONG NumberOfLoggedOnUsers; PLUID LogonIds; PULONG EnumHandles; } MSV1_0_ENUMUSERS_RESPONSE; typedef MSV1_0_ENUMUSERS_RESPONSE *PMSV1_0_ENUMUSERS_RESPONSE; /* MSV1.0 get user information request */ typedef struct _MSV1_0_GETUSERINFO_REQUEST { MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType; LUID LogonId; } MSV1_0_GETUSERINFO_REQUEST; typedef MSV1_0_GETUSERINFO_REQUEST *PMSV1_0_GETUSERINFO_REQUEST; /* MSV1.0 get user information response */ typedef struct _MSV1_0_GETUSERINFO_RESPONSE { MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType; PSID UserSid; UNICODE_STRING UserName; UNICODE_STRING LogonDomainName; UNICODE_STRING LogonServer; SECURITY_LOGON_TYPE LogonType; } MSV1_0_GETUSERINFO_RESPONSE; typedef MSV1_0_GETUSERINFO_RESPONSE *PMSV1_0_GETUSERINFO_RESPONSE; /* File change notification information */ typedef struct _FILE_NOTIFY_INFORMATION { ULONG NextEntryOffset; ULONG Action; ULONG FileNameLength; WCHAR FileName[1]; } FILE_NOTIFY_INFORMATION; typedef FILE_NOTIFY_INFORMATION *PFILE_NOTIFY_INFORMATION; /* File directory information */ typedef struct _FILE_DIRECTORY_INFORMATION { ULONG NextEntryOffset; ULONG FileIndex; LARGE_INTEGER CreationTime; LARGE_INTEGER LastAccessTime; LARGE_INTEGER LastWriteTime; LARGE_INTEGER ChangeTime; LARGE_INTEGER EndOfFile; LARGE_INTEGER AllocationSize; ULONG FileAttributes; ULONG FileNameLength; WCHAR FileName[1]; } FILE_DIRECTORY_INFORMATION; typedef FILE_DIRECTORY_INFORMATION *PFILE_DIRECTORY_INFORMATION; /* File full directory information */ typedef struct _FILE_FULL_DIR_INFORMATION { ULONG NextEntryOffset; ULONG FileIndex; LARGE_INTEGER CreationTime; LARGE_INTEGER LastAccessTime; LARGE_INTEGER LastWriteTime; LARGE_INTEGER ChangeTime; LARGE_INTEGER EndOfFile; LARGE_INTEGER AllocationSize; ULONG FileAttributes; ULONG FileNameLength; ULONG EaSize; WCHAR FileName[1]; } FILE_FULL_DIR_INFORMATION; typedef FILE_FULL_DIR_INFORMATION *PFILE_FULL_DIR_INFORMATION; /* File identifier full directory information */ typedef struct _FILE_ID_FULL_DIR_INFORMATION { ULONG NextEntryOffset; ULONG FileIndex; LARGE_INTEGER CreationTime; LARGE_INTEGER LastAccessTime; LARGE_INTEGER LastWriteTime; LARGE_INTEGER ChangeTime; LARGE_INTEGER EndOfFile; LARGE_INTEGER AllocationSize; ULONG FileAttributes; ULONG FileNameLength; ULONG EaSize; LARGE_INTEGER FileId; WCHAR FileName[1]; } FILE_ID_FULL_DIR_INFORMATION; typedef FILE_ID_FULL_DIR_INFORMATION *PFILE_ID_FULL_DIR_INFORMATION; /* File both directory information */ typedef struct _FILE_BOTH_DIR_INFORMATION { ULONG NextEntryOffset; ULONG FileIndex; LARGE_INTEGER CreationTime; LARGE_INTEGER LastAccessTime; LARGE_INTEGER LastWriteTime; LARGE_INTEGER ChangeTime; LARGE_INTEGER EndOfFile; LARGE_INTEGER AllocationSize; ULONG FileAttributes; ULONG FileNameLength; ULONG EaSize; CCHAR ShortNameLength; WCHAR ShortName[12]; WCHAR FileName[1]; } FILE_BOTH_DIR_INFORMATION; typedef FILE_BOTH_DIR_INFORMATION *PFILE_BOTH_DIR_INFORMATION; /* File identifier both directory information */ typedef struct _FILE_ID_BOTH_DIR_INFORMATION { ULONG NextEntryOffset; ULONG FileIndex; LARGE_INTEGER CreationTime; LARGE_INTEGER LastAccessTime; LARGE_INTEGER LastWriteTime; LARGE_INTEGER ChangeTime; LARGE_INTEGER EndOfFile; LARGE_INTEGER AllocationSize; ULONG FileAttributes; ULONG FileNameLength; ULONG EaSize; CCHAR ShortNameLength; WCHAR ShortName[12]; LARGE_INTEGER FileId; WCHAR FileName[1]; } FILE_ID_BOTH_DIR_INFORMATION; typedef FILE_ID_BOTH_DIR_INFORMATION *PFILE_ID_BOTH_DIR_INFORMATION; /* File names information */ typedef struct _FILE_NAMES_INFORMATION { ULONG NextEntryOffset; ULONG FileIndex; ULONG FileNameLength; WCHAR FileName[1]; } FILE_NAMES_INFORMATION; typedef FILE_NAMES_INFORMATION *PFILE_NAMES_INFORMATION; /* File identifier global transaction directory information */ typedef struct _FILE_ID_GLOBAL_TX_DIR_INFORMATION { ULONG NextEntryOffset; ULONG FileIndex; LARGE_INTEGER CreationTime; LARGE_INTEGER LastAccessTime; LARGE_INTEGER LastWriteTime; LARGE_INTEGER ChangeTime; LARGE_INTEGER EndOfFile; LARGE_INTEGER AllocationSize; ULONG FileAttributes; ULONG FileNameLength; LARGE_INTEGER FileId; GUID LockingTransactionId; ULONG TxInfoFlags; WCHAR FileName[1]; } FILE_ID_GLOBAL_TX_DIR_INFORMATION; typedef FILE_ID_GLOBAL_TX_DIR_INFORMATION *PFILE_ID_GLOBAL_TX_DIR_INFORMATION; /* File object identifier information */ typedef struct _FILE_OBJECTID_INFORMATION { LONGLONG FileReference; UCHAR ObjectId[16]; union { struct { UCHAR BirthVolumeId[16]; UCHAR BirthObjectId[16]; UCHAR DomainId[16]; }; UCHAR ExtendedInfo[48]; }; } FILE_OBJECTID_INFORMATION; typedef FILE_OBJECTID_INFORMATION *PFILE_OBJECTID_INFORMATION; /* File internal information */ typedef struct _FILE_INTERNAL_INFORMATION { LARGE_INTEGER IndexNumber; } FILE_INTERNAL_INFORMATION; typedef FILE_INTERNAL_INFORMATION *PFILE_INTERNAL_INFORMATION; /* File extended attribute information */ typedef struct _FILE_EA_INFORMATION { ULONG EaSize; } FILE_EA_INFORMATION; typedef FILE_EA_INFORMATION *PFILE_EA_INFORMATION; /* File access information */ typedef struct _FILE_ACCESS_INFORMATION { ACCESS_MASK AccessFlags; } FILE_ACCESS_INFORMATION; typedef FILE_ACCESS_INFORMATION *PFILE_ACCESS_INFORMATION; /* File mode information */ typedef struct _FILE_MODE_INFORMATION { ULONG Mode; } FILE_MODE_INFORMATION; typedef FILE_MODE_INFORMATION *PFILE_MODE_INFORMATION; /* File all information */ typedef struct _FILE_ALL_INFORMATION { FILE_BASIC_INFORMATION BasicInformation; FILE_STANDARD_INFORMATION StandardInformation; FILE_INTERNAL_INFORMATION InternalInformation; FILE_EA_INFORMATION EaInformation; FILE_ACCESS_INFORMATION AccessInformation; FILE_POSITION_INFORMATION PositionInformation; FILE_MODE_INFORMATION ModeInformation; FILE_ALIGNMENT_INFORMATION AlignmentInformation; FILE_NAME_INFORMATION NameInformation; } FILE_ALL_INFORMATION; typedef FILE_ALL_INFORMATION *PFILE_ALL_INFORMATION; /* File allocation information */ typedef struct _FILE_ALLOCATION_INFORMATION { LARGE_INTEGER AllocationSize; } FILE_ALLOCATION_INFORMATION; typedef FILE_ALLOCATION_INFORMATION *PFILE_ALLOCATION_INFORMATION; /* File compression information */ typedef struct _FILE_COMPRESSION_INFORMATION { LARGE_INTEGER CompressedFileSize; USHORT CompressionFormat; UCHAR CompressionUnitShift; UCHAR ChunkShift; UCHAR ClusterShift; UCHAR Reserved[3]; } FILE_COMPRESSION_INFORMATION; typedef FILE_COMPRESSION_INFORMATION *PFILE_COMPRESSION_INFORMATION; /* File link information */ typedef struct _FILE_LINK_INFORMATION { BOOLEAN ReplaceIfExists; HANDLE RootDirectory; ULONG FileNameLength; WCHAR FileName[1]; } FILE_LINK_INFORMATION; typedef FILE_LINK_INFORMATION *PFILE_LINK_INFORMATION; /* File move cluster information */ typedef struct _FILE_MOVE_CLUSTER_INFORMATION { ULONG ClusterCount; HANDLE RootDirectory; ULONG FileNameLength; WCHAR FileName[1]; } FILE_MOVE_CLUSTER_INFORMATION; typedef FILE_MOVE_CLUSTER_INFORMATION *PFILE_MOVE_CLUSTER_INFORMATION; /* File rename information */ typedef struct _FILE_RENAME_INFORMATION { BOOLEAN ReplaceIfExists; HANDLE RootDirectory; ULONG FileNameLength; WCHAR FileName[1]; } FILE_RENAME_INFORMATION; typedef FILE_RENAME_INFORMATION *PFILE_RENAME_INFORMATION; /* File stream information */ typedef struct _FILE_STREAM_INFORMATION { ULONG NextEntryOffset; ULONG StreamNameLength; LARGE_INTEGER StreamSize; LARGE_INTEGER StreamAllocationSize; WCHAR StreamName[1]; } FILE_STREAM_INFORMATION; typedef FILE_STREAM_INFORMATION *PFILE_STREAM_INFORMATION; /* File tracking information */ typedef struct _FILE_TRACKING_INFORMATION { HANDLE DestinationFile; ULONG ObjectInformationLength; CHAR ObjectInformation[1]; } FILE_TRACKING_INFORMATION; typedef FILE_TRACKING_INFORMATION *PFILE_TRACKING_INFORMATION; /* File completion information */ typedef struct _FILE_COMPLETION_INFORMATION { HANDLE Port; PVOID Key; } FILE_COMPLETION_INFORMATION; typedef FILE_COMPLETION_INFORMATION *PFILE_COMPLETION_INFORMATION; /* File pipe information */ typedef struct _FILE_PIPE_INFORMATION { ULONG ReadMode; ULONG CompletionMode; } FILE_PIPE_INFORMATION; typedef FILE_PIPE_INFORMATION *PFILE_PIPE_INFORMATION; /* File pipe local information */ typedef struct _FILE_PIPE_LOCAL_INFORMATION { ULONG NamedPipeType; ULONG NamedPipeConfiguration; ULONG MaximumInstances; ULONG CurrentInstances; ULONG InboundQuota; ULONG ReadDataAvailable; ULONG OutboundQuota; ULONG WriteDataAvailable; ULONG NamedPipeState; ULONG NamedPipeEnd; } FILE_PIPE_LOCAL_INFORMATION; typedef FILE_PIPE_LOCAL_INFORMATION *PFILE_PIPE_LOCAL_INFORMATION; /* File pipe remote information */ typedef struct _FILE_PIPE_REMOTE_INFORMATION { LARGE_INTEGER CollectDataTime; ULONG MaximumCollectionCount; } FILE_PIPE_REMOTE_INFORMATION; typedef FILE_PIPE_REMOTE_INFORMATION *PFILE_PIPE_REMOTE_INFORMATION; /* File mailslot query information */ typedef struct _FILE_MAILSLOT_QUERY_INFORMATION { ULONG MaximumMessageSize; ULONG MailslotQuota; ULONG NextMessageSize; ULONG MessagesAvailable; LARGE_INTEGER ReadTimeout; } FILE_MAILSLOT_QUERY_INFORMATION; typedef FILE_MAILSLOT_QUERY_INFORMATION *PFILE_MAILSLOT_QUERY_INFORMATION; /* File mailslot set information */ typedef struct _FILE_MAILSLOT_SET_INFORMATION { PLARGE_INTEGER ReadTimeout; } FILE_MAILSLOT_SET_INFORMATION; typedef FILE_MAILSLOT_SET_INFORMATION *PFILE_MAILSLOT_SET_INFORMATION; /* File reparse point information */ typedef struct _FILE_REPARSE_POINT_INFORMATION { LONGLONG FileReference; ULONG Tag; } FILE_REPARSE_POINT_INFORMATION; typedef FILE_REPARSE_POINT_INFORMATION *PFILE_REPARSE_POINT_INFORMATION; /* File link entry information */ typedef struct _FILE_LINK_ENTRY_INFORMATION { ULONG NextEntryOffset; LONGLONG ParentFileId; ULONG FileNameLength; WCHAR FileName[1]; } FILE_LINK_ENTRY_INFORMATION; typedef FILE_LINK_ENTRY_INFORMATION *PFILE_LINK_ENTRY_INFORMATION; /* File links information */ typedef struct _FILE_LINKS_INFORMATION { ULONG BytesNeeded; ULONG EntriesReturned; FILE_LINK_ENTRY_INFORMATION Entry; } FILE_LINKS_INFORMATION; typedef FILE_LINKS_INFORMATION *PFILE_LINKS_INFORMATION; /* File network physical name information */ typedef struct _FILE_NETWORK_PHYSICAL_NAME_INFORMATION { ULONG FileNameLength; WCHAR FileName[1]; } FILE_NETWORK_PHYSICAL_NAME_INFORMATION; typedef FILE_NETWORK_PHYSICAL_NAME_INFORMATION *PFILE_NETWORK_PHYSICAL_NAME_INFORMATION; /* File standard link information */ typedef struct _FILE_STANDARD_LINK_INFORMATION { ULONG NumberOfAccessibleLinks; ULONG TotalNumberOfLinks; BOOLEAN DeletePending; BOOLEAN Directory; } FILE_STANDARD_LINK_INFORMATION; typedef FILE_STANDARD_LINK_INFORMATION *PFILE_STANDARD_LINK_INFORMATION; /* File get extended attributes information */ typedef struct _FILE_GET_EA_INFORMATION { ULONG NextEntryOffset; UCHAR EaNameLength; CHAR EaName[1]; } FILE_GET_EA_INFORMATION; typedef FILE_GET_EA_INFORMATION *PFILE_GET_EA_INFORMATION; /* File remote protocol information */ typedef struct _FILE_REMOTE_PROTOCOL_INFORMATION { USHORT SignatureVersion; USHORT SignatureSize; ULONG Protocol; USHORT ProtocolMajorVersion; USHORT ProtocolMinorVersion; USHORT ProtocolRevision; USHORT Reserved; ULONG Flags; struct { ULONG Reserved[8]; } GenericReserved; struct { ULONG Reserved[16]; } ProtocolSpecificReserved; } FILE_REMOTE_PROTOCOL_INFORMATION; typedef FILE_REMOTE_PROTOCOL_INFORMATION *PFILE_REMOTE_PROTOCOL_INFORMATION; /* File get quota information */ typedef struct _FILE_GET_QUOTA_INFORMATION { ULONG NextEntryOffset; ULONG SidLength; SID Sid; } FILE_GET_QUOTA_INFORMATION; typedef FILE_GET_QUOTA_INFORMATION *PFILE_GET_QUOTA_INFORMATION; /* File quota information */ typedef struct _FILE_QUOTA_INFORMATION { ULONG NextEntryOffset; ULONG SidLength; LARGE_INTEGER ChangeTime; LARGE_INTEGER QuotaUsed; LARGE_INTEGER QuotaThreshold; LARGE_INTEGER QuotaLimit; SID Sid; } FILE_QUOTA_INFORMATION; typedef FILE_QUOTA_INFORMATION *PFILE_QUOTA_INFORMATION; /* File system attribute information */ typedef struct _FILE_FS_ATTRIBUTE_INFORMATION { ULONG FileSystemAttributes; LONG MaximumComponentNameLength; ULONG FileSystemNameLength; WCHAR FileSystemName[1]; } FILE_FS_ATTRIBUTE_INFORMATION; typedef FILE_FS_ATTRIBUTE_INFORMATION *PFILE_FS_ATTRIBUTE_INFORMATION; /* File system driver path information */ typedef struct _FILE_FS_DRIVER_PATH_INFORMATION { BOOLEAN DriverInPath; ULONG DriverNameLength; WCHAR DriverName[1]; } FILE_FS_DRIVER_PATH_INFORMATION; typedef FILE_FS_DRIVER_PATH_INFORMATION *PFILE_FS_DRIVER_PATH_INFORMATION; /* File system volume flags information */ typedef struct _FILE_FS_VOLUME_FLAGS_INFORMATION { ULONG Flags; } FILE_FS_VOLUME_FLAGS_INFORMATION; typedef FILE_FS_VOLUME_FLAGS_INFORMATION *PFILE_FS_VOLUME_FLAGS_INFORMATION; /* FSCTL_IS_CSV_FILE parameters */ #if (_WIN32_WINNT >= 0x0601) typedef struct _CSV_NAMESPACE_INFO { ULONG Version; ULONG DeviceNumber; LARGE_INTEGER StartingOffset; ULONG SectorSize; } CSV_NAMESPACE_INFO; typedef CSV_NAMESPACE_INFO *PCSV_NAMESPACE_INFO; #endif /* File system control information */ typedef struct _FILE_FS_CONTROL_INFORMATION { LARGE_INTEGER FreeSpaceStartFiltering; LARGE_INTEGER FreeSpaceThreshold; LARGE_INTEGER FreeSpaceStopFiltering; LARGE_INTEGER DefaultQuotaThreshold; LARGE_INTEGER DefaultQuotaLimit; ULONG FileSystemControlFlags; } FILE_FS_CONTROL_INFORMATION; typedef FILE_FS_CONTROL_INFORMATION *PFILE_FS_CONTROL_INFORMATION; /* Path name buffer */ typedef struct _PATHNAME_BUFFER { ULONG PathNameLength; WCHAR Name[1]; } PATHNAME_BUFFER; typedef PATHNAME_BUFFER *PPATHNAME_BUFFER; /* IOCTL_QUERY_FAT_BPB returned data */ typedef struct _FSCTL_QUERY_FAT_BPB_BUFFER { UCHAR First0x24BytesOfBootSector[0x24]; } FSCTL_QUERY_FAT_BPB_BUFFER; typedef FSCTL_QUERY_FAT_BPB_BUFFER *PFSCTL_QUERY_FAT_BPB_BUFFER; /* NTFS volume data buffer */ #if (_WIN32_WINNT >= 0x0400) typedef struct { LARGE_INTEGER VolumeSerialNumber; LARGE_INTEGER NumberSectors; LARGE_INTEGER TotalClusters; LARGE_INTEGER FreeClusters; LARGE_INTEGER TotalReserved; ULONG BytesPerSector; ULONG BytesPerCluster; ULONG BytesPerFileRecordSegment; ULONG ClustersPerFileRecordSegment; LARGE_INTEGER MftValidDataLength; LARGE_INTEGER MftStartLcn; LARGE_INTEGER Mft2StartLcn; LARGE_INTEGER MftZoneStart; LARGE_INTEGER MftZoneEnd; } NTFS_VOLUME_DATA_BUFFER; typedef NTFS_VOLUME_DATA_BUFFER *PNTFS_VOLUME_DATA_BUFFER; #endif /* NTFS extended volume data */ #if (_WIN32_WINNT >= 0x0400) typedef struct { ULONG ByteCount; USHORT MajorVersion; USHORT MinorVersion; } NTFS_EXTENDED_VOLUME_DATA; typedef NTFS_EXTENDED_VOLUME_DATA *PNTFS_EXTENDED_VOLUME_DATA; #endif /* Starting LCN input buffer */ #if (_WIN32_WINNT >= 0x0400) typedef struct { LARGE_INTEGER StartingLcn; } STARTING_LCN_INPUT_BUFFER; typedef STARTING_LCN_INPUT_BUFFER *PSTARTING_LCN_INPUT_BUFFER; #endif /* Volume bitmap buffer */ #if (_WIN32_WINNT >= 0x0400) typedef struct { LARGE_INTEGER StartingLcn; LARGE_INTEGER BitmapSize; UCHAR Buffer[1]; } VOLUME_BITMAP_BUFFER; typedef VOLUME_BITMAP_BUFFER *PVOLUME_BITMAP_BUFFER; #endif /* Starting VCN input buffer */ #if (_WIN32_WINNT >= 0x0400) typedef struct { LARGE_INTEGER StartingVcn; } STARTING_VCN_INPUT_BUFFER; typedef STARTING_VCN_INPUT_BUFFER *PSTARTING_VCN_INPUT_BUFFER; #endif /* Retrieval pointers buffer */ #if (_WIN32_WINNT >= 0x0400) typedef struct RETRIEVAL_POINTERS_BUFFER { ULONG ExtentCount; LARGE_INTEGER StartingVcn; struct { LARGE_INTEGER NextVcn; LARGE_INTEGER Lcn; } Extents[1]; } RETRIEVAL_POINTERS_BUFFER; typedef RETRIEVAL_POINTERS_BUFFER *PRETRIEVAL_POINTERS_BUFFER; #endif /* NTFS file record input buffer */ #if (_WIN32_WINNT >= 0x0400) typedef struct { LARGE_INTEGER FileReferenceNumber; } NTFS_FILE_RECORD_INPUT_BUFFER; typedef NTFS_FILE_RECORD_INPUT_BUFFER *PNTFS_FILE_RECORD_INPUT_BUFFER; #endif /* NTFS file record output buffer */ #if (_WIN32_WINNT >= 0x0400) typedef struct { LARGE_INTEGER FileReferenceNumber; ULONG FileRecordLength; UCHAR FileRecordBuffer[1]; } NTFS_FILE_RECORD_OUTPUT_BUFFER; typedef NTFS_FILE_RECORD_OUTPUT_BUFFER *PNTFS_FILE_RECORD_OUTPUT_BUFFER; #endif /* FSCTL_MOVE_FILE parameters */ #if (_WIN32_WINNT >= 0x0400) typedef struct { HANDLE FileHandle; LARGE_INTEGER StartingVcn; LARGE_INTEGER StartingLcn; ULONG ClusterCount; } MOVE_FILE_DATA; typedef MOVE_FILE_DATA *PMOVE_FILE_DATA; #endif /* FSCTL_MOVE_FILE record data */ #if (_WIN32_WINNT >= 0x0400) typedef struct { HANDLE FileHandle; LARGE_INTEGER SourceFileRecord; LARGE_INTEGER TargetFileRecord; } MOVE_FILE_RECORD_DATA; typedef MOVE_FILE_RECORD_DATA *PMOVE_FILE_RECORD_DATA; #endif /* FSCTL_FIND_FILES_BY_SID parameters */ #if (_WIN32_WINNT >= 0x0500) typedef struct { ULONG Restart; SID Sid; } FIND_BY_SID_DATA; typedef FIND_BY_SID_DATA *PFIND_BY_SID_DATA; #endif /* FSCTL_FIND_FILES_BY_SID returned data */ #if (_WIN32_WINNT >= 0x0500) typedef struct { ULONG NextEntryOffset; ULONG FileIndex; ULONG FileNameLength; WCHAR FileName[1]; } FIND_BY_SID_OUTPUT; typedef FIND_BY_SID_OUTPUT *PFIND_BY_SID_OUTPUT; #endif /* FSCTL_ENUM_USN_DATA parameters */ #if (_WIN32_WINNT >= 0x0500) typedef struct { ULONGLONG StartFileReferenceNumber; USN LowUsn; USN HighUsn; } MFT_ENUM_DATA; typedef MFT_ENUM_DATA *PMFT_ENUM_DATA; #endif /* FSCTL_CREATE_USN_JOURNAL parameters */ #if (_WIN32_WINNT >= 0x0500) typedef struct { ULONGLONG MaximumSize; ULONGLONG AllocationDelta; } CREATE_USN_JOURNAL_DATA; typedef CREATE_USN_JOURNAL_DATA *PCREATE_USN_JOURNAL_DATA; #endif /* FSCTL_READ_USN_JOURNAL parameters */ #if (_WIN32_WINNT >= 0x0500) typedef struct { USN StartUsn; ULONG ReasonMask; ULONG ReturnOnlyOnClose; ULONGLONG Timeout; ULONGLONG BytesToWaitFor; ULONGLONG UsnJournalID; } READ_USN_JOURNAL_DATA; typedef READ_USN_JOURNAL_DATA *PREAD_USN_JOURNAL_DATA; #endif /* USN record */ #if (_WIN32_WINNT >= 0x0500) typedef struct { ULONG RecordLength; USHORT MajorVersion; USHORT MinorVersion; ULONGLONG FileReferenceNumber; ULONGLONG ParentFileReferenceNumber; USN Usn; LARGE_INTEGER TimeStamp; ULONG Reason; ULONG SourceInfo; ULONG SecurityId; ULONG FileAttributes; USHORT FileNameLength; USHORT FileNameOffset; WCHAR FileName[1]; } USN_RECORD; typedef USN_RECORD *PUSN_RECORD; #endif /* USN journal data */ #if (_WIN32_WINNT >= 0x0500) typedef struct { ULONGLONG UsnJournalID; USN FirstUsn; USN NextUsn; USN LowestValidUsn; USN MaxUsn; ULONGLONG MaximumSize; ULONGLONG AllocationDelta; } USN_JOURNAL_DATA; typedef USN_JOURNAL_DATA *PUSN_JOURNAL_DATA; #endif /* FSCTL_DELETE_USN_JOURNAL parameters */ #if (_WIN32_WINNT >= 0x0500) typedef struct { ULONGLONG UsnJournalID; ULONG DeleteFlags; } DELETE_USN_JOURNAL_DATA; typedef DELETE_USN_JOURNAL_DATA *PDELETE_USN_JOURNAL_DATA; #endif /* FSCTL_MARK_HANDLE parameters */ #if (_WIN32_WINNT >= 0x0500) typedef struct { ULONG UsnSourceInfo; HANDLE VolumeHandle; ULONG HandleInfo; } MARK_HANDLE_INFO; typedef MARK_HANDLE_INFO *PMARK_HANDLE_INFO; #endif /* Bulk security test data */ #if (_WIN32_WINNT >= 0x0500) typedef struct { ACCESS_MASK DesiredAccess; ULONG SecurityIds[1]; } BULK_SECURITY_TEST_DATA; typedef BULK_SECURITY_TEST_DATA *PBULK_SECURITY_TEST_DATA; #endif /* FSCTL_FILE_PREFETCH parameters */ #if (_WIN32_WINNT >= 0x0500) typedef struct _FILE_PREFETCH { ULONG Type; ULONG Count; ULONGLONG Prefetch[1]; } FILE_PREFETCH; typedef FILE_PREFETCH *PFILE_PREFETCH; #endif /* FSCTL_FILE_PREFETCH parameters (extended version) */ #if (_WIN32_WINNT >= 0x0500) typedef struct _FILE_PREFETCH_EX { ULONG Type; ULONG Count; PVOID Context; ULONGLONG Prefetch[1]; } FILE_PREFETCH_EX; typedef FILE_PREFETCH_EX *PFILE_PREFETCH_EX; #endif /* File system statistics */ typedef struct _FILESYSTEM_STATISTICS { USHORT FileSystemType; USHORT Version; ULONG SizeOfCompleteStructure; ULONG UserFileReads; ULONG UserFileReadBytes; ULONG UserDiskReads; ULONG UserFileWrites; ULONG UserFileWriteBytes; ULONG UserDiskWrites; ULONG MetaDataReads; ULONG MetaDataReadBytes; ULONG MetaDataDiskReads; ULONG MetaDataWrites; ULONG MetaDataWriteBytes; ULONG MetaDataDiskWrites; } FILESYSTEM_STATISTICS; typedef FILESYSTEM_STATISTICS *PFILESYSTEM_STATISTICS; /* FAT statistics */ typedef struct _FAT_STATISTICS { ULONG CreateHits; ULONG SuccessfulCreates; ULONG FailedCreates; ULONG NonCachedReads; ULONG NonCachedReadBytes; ULONG NonCachedWrites; ULONG NonCachedWriteBytes; ULONG NonCachedDiskReads; ULONG NonCachedDiskWrites; } FAT_STATISTICS; typedef FAT_STATISTICS *PFAT_STATISTICS; /* Extended FAT statistics */ typedef struct _EXFAT_STATISTICS { ULONG CreateHits; ULONG SuccessfulCreates; ULONG FailedCreates; ULONG NonCachedReads; ULONG NonCachedReadBytes; ULONG NonCachedWrites; ULONG NonCachedWriteBytes; ULONG NonCachedDiskReads; ULONG NonCachedDiskWrites; } EXFAT_STATISTICS; typedef EXFAT_STATISTICS *PEXFAT_STATISTICS; /* NTFS statistics */ typedef struct _NTFS_STATISTICS { ULONG LogFileFullExceptions; ULONG OtherExceptions; ULONG MftReads; ULONG MftReadBytes; ULONG MftWrites; ULONG MftWriteBytes; struct { USHORT Write; USHORT Create; USHORT SetInfo; USHORT Flush; } MftWritesUserLevel; USHORT MftWritesFlushForLogFileFull; USHORT MftWritesLazyWriter; USHORT MftWritesUserRequest; ULONG Mft2Writes; ULONG Mft2WriteBytes; struct { USHORT Write; USHORT Create; USHORT SetInfo; USHORT Flush; } Mft2WritesUserLevel; USHORT Mft2WritesFlushForLogFileFull; USHORT Mft2WritesLazyWriter; USHORT Mft2WritesUserRequest; ULONG RootIndexReads; ULONG RootIndexReadBytes; ULONG RootIndexWrites; ULONG RootIndexWriteBytes; ULONG BitmapReads; ULONG BitmapReadBytes; ULONG BitmapWrites; ULONG BitmapWriteBytes; USHORT BitmapWritesFlushForLogFileFull; USHORT BitmapWritesLazyWriter; USHORT BitmapWritesUserRequest; struct { USHORT Write; USHORT Create; USHORT SetInfo; } BitmapWritesUserLevel; ULONG MftBitmapReads; ULONG MftBitmapReadBytes; ULONG MftBitmapWrites; ULONG MftBitmapWriteBytes; USHORT MftBitmapWritesFlushForLogFileFull; USHORT MftBitmapWritesLazyWriter; USHORT MftBitmapWritesUserRequest; struct { USHORT Write; USHORT Create; USHORT SetInfo; USHORT Flush; } MftBitmapWritesUserLevel; ULONG UserIndexReads; ULONG UserIndexReadBytes; ULONG UserIndexWrites; ULONG UserIndexWriteBytes; ULONG LogFileReads; ULONG LogFileReadBytes; ULONG LogFileWrites; ULONG LogFileWriteBytes; struct { ULONG Calls; ULONG Clusters; ULONG Hints; ULONG RunsReturned; ULONG HintsHonored; ULONG HintsClustered; ULONG Cache; ULONG CacheClusters; ULONG CacheMiss; ULONG CacheMissClusters; } Allocate; } NTFS_STATISTICS; typedef NTFS_STATISTICS *PNTFS_STATISTICS; /* File object identifier buffer */ #if (_WIN32_WINNT >= 0x0500) typedef struct _FILE_OBJECTID_BUFFER { UCHAR ObjectId[16]; union { struct { UCHAR BirthVolumeId[16]; UCHAR BirthObjectId[16]; UCHAR DomainId[16]; }; UCHAR ExtendedInfo[48]; }; } FILE_OBJECTID_BUFFER; typedef FILE_OBJECTID_BUFFER *PFILE_OBJECTID_BUFFER; #endif /* FSCTL_SET_SPARSE parameters */ #if (_WIN32_WINNT >= 0x0500) typedef struct _FILE_SET_SPARSE_BUFFER { BOOLEAN SetSparse; } FILE_SET_SPARSE_BUFFER; typedef FILE_SET_SPARSE_BUFFER *PFILE_SET_SPARSE_BUFFER; #endif /* FSCTL_SET_ZERO_DATA parameters */ #if (_WIN32_WINNT >= 0x0500) typedef struct _FILE_ZERO_DATA_INFORMATION { LARGE_INTEGER FileOffset; LARGE_INTEGER BeyondFinalZero; } FILE_ZERO_DATA_INFORMATION; typedef FILE_ZERO_DATA_INFORMATION *PFILE_ZERO_DATA_INFORMATION; #endif /* File allocated range buffer */ #if (_WIN32_WINNT >= 0x0500) typedef struct _FILE_ALLOCATED_RANGE_BUFFER { LARGE_INTEGER FileOffset; LARGE_INTEGER Length; } FILE_ALLOCATED_RANGE_BUFFER; typedef FILE_ALLOCATED_RANGE_BUFFER *PFILE_ALLOCATE_RANGE_BUFFER; #endif /* Encryption buffer */ #if (_WIN32_WINNT >= 0x0500) typedef struct _ENCRYPTION_BUFFER { ULONG EncryptionOperation; UCHAR Private[1]; } ENCRYPTION_BUFFER; typedef ENCRYPTION_BUFFER *PENCRYPTION_BUFFER; #endif /* Decryption status buffer */ #if (_WIN32_WINNT >= 0x0500) typedef struct _DECRYPTION_STATUS_BUFFER { BOOLEAN NoEncryptedStreams; } DECRYPTION_STATUS_BUFFER; typedef DECRYPTION_STATUS_BUFFER *PDECRYPTION_STATUS_BUFFER; #endif /* Raw encrypted data request information */ #if (_WIN32_WINNT >= 0x0500) typedef struct _REQUEST_RAW_ENCRYPTED_DATA { LONGLONG FileOffset; ULONG Length; } REQUEST_RAW_ENCRYPTED_DATA; typedef REQUEST_RAW_ENCRYPTED_DATA *PREQEUST_RAW_ENCRYPTED_DATA; #endif /* Encrypted data information */ #if (_WIN32_WINNT >= 0x0500) typedef struct _ENCRYPTED_DATA_INFO { ULONGLONG StartingFileOffset; ULONG OutputBufferOffset; ULONG BytesWithinFileSize; ULONG BytesWithinValidDataLength; USHORT CompressionFormat; UCHAR DataUnitShift; UCHAR ChunkShift; UCHAR ClusterShift; UCHAR EncryptionFormat; USHORT NumberOfDataBlocks; ULONG DataBlockSize[ANYSIZE_ARRAY]; } ENCRYPTED_DATA_INFO; typedef ENCRYPTED_DATA_INFO *PENCRYPTED_DATA_INFO; #endif /* Plex data read request information */ #if (_WIN32_WINNT >= 0x0500) typedef struct _PLEX_READ_DATA_REQUEST { LARGE_INTEGER ByteOffset; ULONG ByteLength; ULONG PlexNumber; } PLEX_READ_DATA_REQUEST; typedef PLEX_READ_DATA_REQUEST *PPLEX_READ_DATA_REQUEST; #endif /* FSCTL_SIS_COPYFILE parameters */ #if (_WIN32_WINNT >= 0x0500) typedef struct _SI_COPYFILE { ULONG SourceFileNameLength; ULONG DestinationFileNameLength; ULONG Flags; WCHAR FileNameBuffer[1]; } SI_COPYFILE; typedef SI_COPYFILE *PSI_COPYFILE; #endif /* FSCTL_MAKE_MEDIA_COMPATIBLE parameters */ #if (_WIN32_WINNT >= 0x0600) typedef struct _FILE_MAKE_COMPATIBLE_BUFFER { BOOLEAN CloseDisc; } FILE_MAKE_COMPATIBLE_BUFFER; typedef FILE_MAKE_COMPATIBLE_BUFFER *PFILE_MAKE_COMPATIBLE_BUFFER; #endif /* FSCTL_SET_DEFECT_MANAGEMENT parameters */ #if (_WIN32_WINNT >= 0x0600) typedef struct _FILE_SET_DEFECT_MGMT_BUFFER { BOOLEAN Disable; } FILE_SET_DEFECT_MGMT_BUFFER; typedef FILE_SET_DEFECT_MGMT_BUFFER *PFILE_SET_DEFECT_MGMT_BUFFER; #endif /* FSCTL_QUERY_SPARING_INFO returned data */ #if (_WIN32_WINNT >= 0x0600) typedef struct _FILE_QUERY_SPARING_BUFFER { ULONG SparingUnitBytes; BOOLEAN SoftwareSparing; ULONG TotalSpareBlocks; ULONG FreeSpareBlocks; } FILE_QUERY_SPARING_BUFFER; typedef FILE_QUERY_SPARING_BUFFER *PFILE_QUERY_SPARING_BUFFER; #endif /* FSCTL_QUERY_ON_DISK_VOLUME_INFO returned data */ #if (_WIN32_WINNT >= 0x0600) typedef struct _FILE_QUERY_ON_DISK_VOL_INFO_BUFFER { LARGE_INTEGER DirectoryCount; LARGE_INTEGER FileCount; USHORT FsFormatMajVersion; USHORT FsFormatMinVersion; WCHAR FsFormatName[12]; LARGE_INTEGER FormatTime; LARGE_INTEGER LastUpdateTime; WCHAR CopyrightInfo[34]; WCHAR AbstractInfo[34]; WCHAR FormattingImplementationInfo[34]; WCHAR LastModifyingImplementationInfo[34]; } FILE_QUERY_ON_DISK_VOL_INFO_BUFFER; typedef FILE_QUERY_ON_DISK_VOL_INFO_BUFFER *PFILE_QUERY_ON_DISK_VOL_INFO_BUFFER; #endif /* FSCTL_SHRINK_VOLUME request types */ #if (_WIN32_WINNT >= 0x0600) typedef enum _SHRINK_VOLUME_REQUEST_TYPES { ShrinkPrepare = 1, ShrinkCommit = 2, ShrinkAbort = 3 } SHRINK_VOLUME_REQUEST_TYPES; typedef SHRINK_VOLUME_REQUEST_TYPES *PSHRINK_VOLUME_REQUEST_TYPES; #endif /* FSCTL_SHRINK_VOLUME parameters */ #if (_WIN32_WINNT >= 0x0600) typedef struct _SHRINK_VOLUME_INFORMATION { SHRINK_VOLUME_REQUEST_TYPES ShrinkRequestType; ULONGLONG Flags; LONGLONG NewNumberOfSectors; } SHRINK_VOLUME_INFORMATION; typedef SHRINK_VOLUME_INFORMATION *PSHRINK_VOLUME_INFORMATION; #endif /* FSCTL_TXFS_MODIFY_RM parameters */ #if (_WIN32_WINNT >= 0x0600) typedef struct _TXFS_MODIFY_RM { ULONG Flags; ULONG LogContainerCountMax; ULONG LogContainerCountMin; ULONG LogContainerCount; ULONG LogGrowthIncrement; ULONG LogAutoShrinkPercentage; ULONGLONG Reserved; USHORT LoggingMode; } TXFS_MODIFY_RM; typedef TXFS_MODIFY_RM *PTXFS_MODIFY_RM; #endif /* FSCTL_TXFS_QUERY_RM_INFORMATION parameters */ #if (_WIN32_WINNT >= 0x0600) typedef struct _TXFS_QUERY_RM_INFORMATION { ULONG BytesRequired; ULONGLONG TailLsn; ULONGLONG CurrentLsn; ULONGLONG ArchiveTailLsn; ULONGLONG LogContainerSize; LARGE_INTEGER HighestVirtualClock; ULONG LogContainerCount; ULONG LogContainerCountMax; ULONG LogContainerCountMin; ULONG LogGrowthIncrement; ULONG LogAutoShrinkPercentage; ULONG Flags; USHORT LoggingMode; USHORT Reserved; USHORT RmState; ULONGLONG LogCapacity; ULONGLONG LogFree; ULONGLONG TopsSize; ULONGLONG TopsUsed; ULONGLONG TransactionCount; ULONGLONG OnePCCount; ULONGLONG TwoPCCount; ULONGLONG NumberLogFileFull; ULONGLONG OldestTransactionAge; GUID RMName; ULONG TmLogPathOffset; } TXFS_QUERY_RM_INFORMATION; typedef TXFS_QUERY_RM_INFORMATION *PTXFS_QUERY_RM_INFORMATION; #endif /* FSCTL_TXFS_ROLLFORWARD_REDO parameters */ #if (_WIN32_WINNT >= 0x0600) typedef struct _TXFS_ROLLFORWARD_REDO_INFORMATION { LARGE_INTEGER LastVirtualClock; ULONGLONG LastRedoLsn; ULONGLONG HighestRecoveryLsn; ULONG Flags; } TXFS_ROLLFORWARD_REDO_INFORMATION; typedef TXFS_ROLLFORWARD_REDO_INFORMATION *PTXFS_ROLLFORWARD_REDO_INFORMATION; #endif /* FSCTL_TXFS_STAR_RM parameters */ #if (_WIN32_WINNT >= 0x0600) typedef struct _TXFS_START_RM_INFORMATION { ULONG Flags; ULONGLONG LogContainerSize; ULONG LogContainerCountMin; ULONG LogContainerCountMax; ULONG LogGrowthIncrement; ULONG LogAutoShrinkPercentage; ULONG TmLogPathOffset; USHORT TmLogPathLength; USHORT LoggingMode; USHORT LogPathLength; USHORT Reserved; WCHAR LogPath[1]; } TXFS_START_RM_INFORMATION; typedef TXFS_START_RM_INFORMATION *PTXFS_START_RM_INFORMATION; #endif /* FSCTL_TXFS_GET_METADATA_INFO returned data */ #if (_WIN32_WINNT >= 0x0600) typedef struct _TXFS_GET_METADATA_INFO_OUT { struct { LONGLONG LowPart; LONGLONG HighPart; } TxfFileId; GUID LockingTransaction; ULONGLONG LastLsn; ULONG TransactionState; } TXFS_GET_METADATA_INFO_OUT; typedef TXFS_GET_METADATA_INFO_OUT *PTXFS_GET_METADATA_INFO_OUT; #endif /* FSCTL_TXFS_LIST_TRANSACTION_LOCKED_FILES entry */ #if (_WIN32_WINNT >= 0x0600) typedef struct _TXFS_LIST_TRANSACTION_LOCKED_FILES_ENTRY { ULONGLONG Offset; ULONG NameFlags; LONGLONG FileId; ULONG Reserved1; ULONG Reserved2; LONGLONG Reserved3; WCHAR FileName[1]; } TXFS_LIST_TRANSACTION_LOCKED_FILES_ENTRY; typedef TXFS_LIST_TRANSACTION_LOCKED_FILES_ENTRY *PTXFS_TRANSACTION_LOCKED_FILES_ENTRY; #endif /* FSCTL_TXFS_LIST_TRANSACTION_LOCKED_FILES parameters */ #if (_WIN32_WINNT >= 0x0600) typedef struct _TXFS_LIST_TRANSACTION_LOCKED_FILES { GUID KtmTransaction; ULONGLONG NumberOfFiles; ULONGLONG BufferSizeRequired; ULONGLONG Offset; } TXFS_LIST_TRANSACTION_LOCKED_FILES; typedef TXFS_LIST_TRANSACTION_LOCKED_FILES *PTXFS_LIST_TRANSACTION_LOCKED_FILES; #endif /* FSCTL_TXFS_LIST_TRANSACTIONS entry */ #if (_WIN32_WINNT >= 0x0600) typedef struct _TXFS_LIST_TRANSACTIONS_ENTRY { GUID TransactionId; ULONG TransactionState; ULONG Reserved1; ULONG Reserved2; LONGLONG Reserved3; } TXFS_LIST_TRANSACTIONS_ENTRY; typedef TXFS_LIST_TRANSACTIONS_ENTRY *PTXFS_LIST_TRANSACTIONS_ENTRY; #endif /* FSCTL_TXFS_LIST_TRANSACTIONS parameters */ #if (_WIN32_WINNT >= 0x0600) typedef struct _TXFS_LIST_TRANSACTIONS { ULONGLONG NumberOfTransactions; ULONGLONG BufferSizeRequired; } TXFS_LIST_TRANSACTIONS; typedef TXFS_LIST_TRANSACTIONS *PTXFS_LIST_TRANSACTIONS; #endif /* FSCTL_TXFS_READ_BACKUP_INFORMATION returned data */ #if (_WIN32_WINNT >= 0x0600) typedef struct _TXFS_READ_BACKUP_INFORMATION_OUT { union { ULONG BufferLength; UCHAR Buffer[1]; }; } TXFS_READ_BACKUP_INFORMATION_OUT; typedef TXFS_READ_BACKUP_INFORMATION_OUT *PTXFS_READ_BACKUP_INFORMATION_OUT; #endif /* FSCTL_TXFS_WRITE_BACKUP_INFORMATION parameters */ #if (_WIN32_WINNT >= 0x0600) typedef struct _TXFS_WRITE_BACKUP_INFORMATION { UCHAR Buffer[1]; } TXFS_WRITE_BACKUP_INFORMATION; typedef TXFS_WRITE_BACKUP_INFORMATION *PTXFS_WRITE_BACKUP_INFORMATION; #endif /* FSCTL_TXFS_GET_TRANSACTED_VERSION parameters */ #if (_WIN32_WINNT >= 0x0600) typedef struct _TXFS_GET_TRANSACTED_VERSION { ULONG ThisBaseVersion; ULONG LatestVersion; USHORT ThisMiniVersion; USHORT FirstMiniVersion; USHORT LatestMiniVersion; } TXFS_GET_TRANSACTED_VERSION; typedef TXFS_GET_TRANSACTED_VERSION *PTXFS_GET_TRANSACTED_VERSION; #endif /* FSCTL_TXFS_SAVEPOINT_INFORMATION parameters */ #if (_WIN32_WINNT >= 0x0600) typedef struct _TXFS_SAVEPOINT_INFORMATION { HANDLE KtmTransaction; ULONG ActionCode; ULONG SavepointId; } TXFS_SAVEPOINT_INFORMATION; typedef TXFS_SAVEPOINT_INFORMATION *PTXFS_SAVEPOINT_INFORMATION; #endif /* FSCTL_TXFS_CREATE_MINIVERSION returned data */ #if (_WIN32_WINNT >= 0x0600) typedef struct _TXFS_CREATE_MINIVERSION_INFO { USHORT StructureVersion; USHORT StructureLength; ULONG BaseVersion; USHORT MiniVersion; } TXFS_CREATE_MINIVERSION_INFO; typedef TXFS_CREATE_MINIVERSION_INFO *PTXFS_CREATE_MINIVERSION_INFO; #endif /* FSCTL_TXFS_TRANSACTION_ACTIVE returned data */ #if (_WIN32_WINNT >= 0x0600) typedef struct _TXFS_TRANSACTION_ACTIVE_INFO { BOOLEAN TransactionsActiveAtSnapshot; } TXFS_TRANSACTION_ACTIVE_INFO; typedef TXFS_TRANSACTION_ACTIVE_INFO *PTXFS_TRANSACTION_ACTIVE_INFO; #endif /* FSCTL_GET_BOOT_AREA_INFO returned data */ #if (_WIN32_WINNT >= 0x0601) typedef struct _BOOT_AREA_INFO { ULONG BootSectorCount; struct { LARGE_INTEGER Offset; } BootSectors[2]; } BOOT_AREA_INFO; typedef BOOT_AREA_INFO *PBOOT_AREA_INFO; #endif /* FSCTL_GET_RETRIEVAL_POINTER_BASE returned data */ #if (_WIN32_WINNT >= 0x0601) typedef struct _RETRIEVAL_POINTER_BASE { LARGE_INTEGER FileAreaOffset; } RETRIEVAL_POINTER_BASE; typedef RETRIEVAL_POINTER_BASE *PRETRIEVAL_POINTER_BASE; #endif /* File system persistent volume information */ #if (_WIN32_WINNT >= 0x0601) typedef struct _FILE_FS_PERSISTENT_VOLUME_INFORMATION { ULONG VolumeFlags; ULONG FlagMask; ULONG Version; ULONG Reserved; } FILE_FS_PERSISTENT_VOLUME_INFORMATION; typedef FILE_FS_PERSISTENT_VOLUME_INFORMATION *PFILE_FS_PERSISTENT_VOLUME_INFORMATION; #endif /* File system recognition information */ #if (_WIN32_WINNT >= 0x0601) typedef struct _FILE_SYSTEM_RECOGNITION_INFORMATION { CHAR FileSystem[9]; } FILE_SYSTEM_RECOGNITION_INFORMATION; typedef FILE_SYSTEM_RECOGNITION_INFORMATION *PFILE_SYSTEM_RECOGNITION_INFORMATION; #endif /* FSCTL_REQUEST_OPLOCK parameters */ #if (_WIN32_WINNT >= 0x0601) typedef struct _REQUEST_OPLOCK_INPUT_BUFFER { USHORT StructureVersion; USHORT StructureLength; ULONG RequestedOplockLevel; ULONG Flags; } REQUEST_OPLOCK_INPUT_BUFFER; typedef REQUEST_OPLOCK_INPUT_BUFFER *PREQUEST_OPLOCK_INPUT_BUFFER; #endif /* FSCTL_REQUEST_OPLOCK returned data */ #if (_WIN32_WINNT >= 0x0601) typedef struct _REQUEST_OPLOCK_OUTPUT_BUFFER { USHORT StructureVersion; USHORT StructureLength; ULONG OriginalOplockLevel; ULONG NewOplockLevel; ULONG Flags; ACCESS_MASK AccessMode; USHORT ShareMode; } REQUEST_OPLOCK_OUTPUT_BUFFER; typedef REQUEST_OPLOCK_OUTPUT_BUFFER *PREQUEST_OPLOCK_OUTPUT_BUFFER; #endif /* SD_GLOBAL_CHANGE_TYPE_MACHINE_SID parameters */ #if (_WIN32_WINNT >= 0x0601) typedef struct _SD_CHANGE_MACHINE_SID_INPUT { USHORT CurrentMachineSIDOffset; USHORT CurrentMachineSIDLength; USHORT NewMachineSIDOffset; USHORT NewMachineSIDLength; } SD_CHANGE_MACHINE_SID_INPUT; typedef SD_CHANGE_MACHINE_SID_INPUT *PSD_CHANGE_MACHINE_SID_INPUT; #endif /* SD_GLOBAL_CHANGE_TYPE_MACHINE_SID returned data */ #if (_WIN32_WINNT >= 0x0601) typedef struct _SD_CHANGE_MACHINE_SID_OUTPUT { ULONGLONG NumSDChangedSuccess; ULONGLONG NumSDChangedFail; ULONGLONG NumSDUnused; ULONGLONG NumSDTotal; ULONGLONG NumMftSDChangedSuccess; ULONGLONG NumMftSDChangedFail; ULONGLONG NumMftSDTotal; } SD_CHANGE_MACHINE_SID_OUTPUT; typedef SD_CHANGE_MACHINE_SID_OUTPUT *PSD_CHANGE_MACHINE_SID_OUTPUT; #endif /* FSCTL_SD_GLOBAL_CHANGE parameters */ #if (_WIN32_WINNT >= 0x0601) typedef struct _SD_GLOBAL_CHANGE_INPUT { ULONG Flags; ULONG ChangeType; union { SD_CHANGE_MACHINE_SID_INPUT SdChange; }; } SD_GLOBAL_CHANGE_INPUT; typedef SD_GLOBAL_CHANGE_INPUT *PSD_GLOBAL_CHANGE_INPUT; #endif /* FSCTL_SD_GLOBAL_CHANGE returned data */ #if (_WIN32_WINNT >= 0x0601) typedef struct _SD_GLOBAL_CHANGE_OUTPUT { ULONG Flags; ULONG ChangeType; union { SD_CHANGE_MACHINE_SID_OUTPUT SdChange; }; } SD_GLOBAL_CHANGE_OUTPUT; typedef SD_GLOBAL_CHANGE_OUTPUT *PSD_GLOBAL_CHANGE_OUTPUT; #endif /* Extended encrypted data information */ #if (_WIN32_WINNT >= 0x0601) typedef struct _EXTENDED_ENCRYPTED_DATA_INFO { ULONG ExtendedCode; ULONG Length; ULONG Flags; ULONG Reserved; } EXTENDED_ENCRYPTED_DATA_INFO; typedef EXTENDED_ENCRYPTED_DATA_INFO *PEXTENDED_ENCRYPTED_DATA_INFO; #endif /* FSCTL_LOOKUP_STREAM_FROM_CLUSTER parameters */ #if (_WIN32_WINNT >= 0x0601) typedef struct _LOOKUP_STREAM_FROM_CLUSTER_INPUT { ULONG Flags; ULONG NumberOfClusters; LARGE_INTEGER Cluster[1]; } LOOKUP_STREAM_FROM_CLUSTER_INPUT; typedef LOOKUP_STREAM_FROM_CLUSTER_INPUT *PLOOKUP_STREAM_FROM_CLUSTER_INPUT; #endif /* FSCTL_LOOKUP_STREAM_FROM_CLUSTER returned data */ #if (_WIN32_WINNT >= 0x0601) typedef struct _LOOKUP_STREAM_FROM_CLUSTER_OUTPUT { ULONG Offset; ULONG NumberOfMatches; ULONG BufferSizeRequired; } LOOKUP_STREAM_FROM_CLUSTER_OUTPUT; typedef LOOKUP_STREAM_FROM_CLUSTER_OUTPUT *PLOOKUP_STREAM_FROM_CLUSTER_OUTPUT; #endif /* FSCTL_LOOKUP_STREAM_FROM_CLUSTER entry */ #if (_WIN32_WINNT >= 0x0601) typedef struct _LOOKUP_STREAM_FROM_CLUSTER_ENTRY { ULONG OffsetToNext; ULONG Flags; LARGE_INTEGER Reserved; LARGE_INTEGER Cluster; WCHAR FileName[1]; } LOOKUP_STREAM_FROM_CLUSTER_ENTRY; typedef LOOKUP_STREAM_FROM_CLUSTER_ENTRY *PLOOKUP_STREAM_FROM_CLUSTER_ENTRY; #endif /* FSCTL_FILE_TYPE_NOTIFICATION parameters */ #if (_WIN32_WINNT >= 0x0601) typedef struct _FILE_TYPE_NOTIFICATION_INPUT { ULONG Flags; ULONG NumFileTypeIDs; GUID FileTypeID[1]; } FILE_TYPE_NOTIFICATION_INPUT; typedef FILE_TYPE_NOTIFICATION_INPUT *PFILE_TYPE_NOTIFICATION_INPUT; #endif /* Reparse data buffer */ typedef struct _REPARSE_DATA_BUFFER { ULONG ReparseTag; USHORT ReparseDataLength; USHORT Reserved; union { struct { USHORT SubstituteNameOffset; USHORT SubstituteNameLength; USHORT PrintNameOffset; USHORT PrintNameLength; ULONG Flags; WCHAR PathBuffer[1]; } SymbolicLinkReparseBuffer; struct { USHORT SubstituteNameOffset; USHORT SubstituteNameLength; USHORT PrintNameOffset; USHORT PrintNameLength; WCHAR PathBuffer[1]; } MountPointReparseBuffer; struct { UCHAR DataBuffer[1]; } GenericReparseBuffer; }; } REPARSE_DATA_BUFFER; typedef REPARSE_DATA_BUFFER *PREPARSE_DATA_BUFFER; /* Reparse GUID data buffer */ typedef struct _REPARSE_GUID_DATA_BUFFER { ULONG ReparseTag; USHORT ReparseDataLength; USHORT Reserved; GUID ReparseGuid; struct { UCHAR DataBuffer[1]; } GenericReparseBuffer; } REPARSE_GUID_DATA_BUFFER; typedef REPARSE_GUID_DATA_BUFFER *PREPARSE_GUID_DATA_BUFFER; /* Reparse index key */ #include typedef struct _REPARSE_INDEX_KEY { ULONG FileReparseTag; LARGE_INTEGER FileId; } REPARSE_INDEX_KEY; typedef REPARSE_INDEX_KEY *PREPARSE_INDEX_KEY; #include /* FSCTL_PIPE_ASSIGN_EVENT parameters */ typedef struct _FILE_PIPE_ASSIGN_EVENT_BUFFER { HANDLE EventHandle; ULONG KeyValue; } FILE_PIPE_ASSIGN_EVENT_BUFFER; typedef FILE_PIPE_ASSIGN_EVENT_BUFFER *PFILE_PIPE_ASSIGN_EVENT_BUFFER; /* FSCTL_PIPE_PEEK parameters */ typedef struct _FILE_PIPE_PEEK_BUFFER { ULONG NamedPipeState; ULONG ReadDataAvailable; ULONG NumberOfMessages; ULONG MessageLength; CHAR Data[1]; } FILE_PIPE_PEEK_BUFFER; typedef FILE_PIPE_PEEK_BUFFER *PFILE_PIPE_PEEK_BUFFER; /* FSCTL_PIPE_QUERY_EVENT parameters */ typedef struct _FILE_PIPE_EVENT_BUFFER { ULONG NamedPipeState; ULONG EntryType; ULONG ByteCount; ULONG KeyValue; ULONG NumberRequests; } FILE_PIPE_EVENT_BUFFER; typedef FILE_PIPE_EVENT_BUFFER *PFILE_PIPE_EVENT_BUFFER; /* FSCTL_PIPE_WAIT parameters */ typedef struct _FILE_PIPE_WAIT_FOR_BUFFER { LARGE_INTEGER Timeout; ULONG NameLength; BOOLEAN TimeoutSpecified; WCHAR Name[1]; } FILE_PIPE_WAIT_FOR_BUFFER; typedef FILE_PIPE_WAIT_FOR_BUFFER *PFILE_PIPE_WAIT_FOR_BUFFER; /* FSCTL_PIPE_SET_CLIENT_PROCESS parameters */ typedef struct _FILE_PIPE_CLIENT_PROCESS_BUFFER { PVOID ClientSession; PVOID ClientProcess; } FILE_PIPE_CLIENT_PROCESS_BUFFER; typedef FILE_PIPE_CLIENT_PROCESS_BUFFER *PFILE_PIPE_CLIENT_PROCESS_BUFFER; /* FSCTL_PIPE_SET_CLIENT_PROCESS parameters (extended version) */ typedef struct _FILE_PIPE_CLIENT_PROCESS_BUFFER_EX { PVOID ClientSession; PVOID ClientProcess; USHORT ClientComputerNameLength; WCHAR ClientComputerBuffer[FILE_PIPE_COMPUTER_NAME_LENGTH + 1]; } FILE_PIPE_CLIENT_PROCESS_BUFFER_EX; typedef FILE_PIPE_CLIENT_PROCESS_BUFFER_EX *PFILE_PIPE_CLIENT_PROCESS_BUFFER_EX; /* Link tracking information types */ typedef enum _LINK_TRACKING_INFORMATION_TYPE { NtfsLinkTrackingInformation = 0, DfsLinkTrackingInformation = 1 } LINK_TRACKING_INFORMATION_TYPE; typedef LINK_TRACKING_INFORMATION_TYPE *PLINK_TRACKING_INFORMATION_TYPE; /* Link tracking information */ typedef struct _LINK_TRACKING_INFORMATION { LINK_TRACKING_INFORMATION_TYPE Type; UCHAR VolumeId[16]; } LINK_TRACKING_INFORMATION; typedef LINK_TRACKING_INFORMATION *PLINK_TRACKING_INFORMATION; /* Remote link tracking information */ typedef struct _REMOTE_LINK_TRACKING_INFORMATION_ { PVOID TargetFileObject; ULONG TargetLinkTrackingInformationLength; UCHAR TargetLinkTrackingInformationBuffer[1]; } REMOTE_LINK_TRACKING_INFORMATION; typedef REMOTE_LINK_TRACKING_INFORMATION *PREMOTE_LINK_TRACKING_INFORMATION; /* Virtual storage type */ #if (_WIN32_WINNT >= 0x0601) typedef struct _VIRTUAL_STORAGE_TYPE { ULONG DeviceId; GUID VendorId; } VIRTUAL_STORAGE_TYPE; typedef VIRTUAL_STORAGE_TYPE *PVIRTUAL_STORAGE_TYPE; #endif /* FSCTL_QUERY_DEPENDENT_VOLUME parameters */ #if (_WIN32_WINNT >= 0x0601) typedef struct _STORAGE_QUERY_DEPENDENT_VOLUME_REQUEST { ULONG RequestLevel; ULONG RequestFlags; } STORAGE_QUERY_DEPENDENT_VOLUME_REQUEST; typedef STORAGE_QUERY_DEPENDENT_VOLUME_REQUEST *PSTORAGE_QUERY_DEPENDENT_VOLUME_REQUEST; #endif /* FSCTL_QUERY_DEPENDENT_VOLUME level 1 entry */ #if (_WIN32_WINNT >= 0x0601) typedef struct _STORAGE_QUERY_DEPENDENT_VOLUME_LEV1_ENTRY { ULONG EntryLength; ULONG DependencyTypeFlags; ULONG ProviderSpecificFlags; VIRTUAL_STORAGE_TYPE VirtualStorageType; } STORAGE_QUERY_DEPENDENT_VOLUME_LEV1_ENTRY; typedef STORAGE_QUERY_DEPENDENT_VOLUME_LEV1_ENTRY *PSTORAGE_QUERY_DEPENDENT_VOLUME_LEV1_ENTRY; #endif /* FSCTL_QUERY_DEPENDENT_VOLUME level 2 entry */ #if (_WIN32_WINNT >= 0x0601) typedef struct _STORAGE_QUERY_DEPENDENT_VOLUME_LEV2_ENTRY { ULONG EntryLength; ULONG DependencyTypeFlags; ULONG ProviderSpecificFlags; VIRTUAL_STORAGE_TYPE VirtualStorageType; ULONG AncestorLevel; ULONG HostVolumeNameOffset; ULONG HostVolumeNameSize; ULONG DependentVolumeNameOffset; ULONG DependentVolumeNameSize; ULONG RelativePathOffset; ULONG RelativePathSize; ULONG DependentDeviceNameOffset; ULONG DependentDeviceNameSize; } STORAGE_QUERY_DEPENDENT_VOLUME_LEV2_ENTRY; typedef STORAGE_QUERY_DEPENDENT_VOLUME_LEV2_ENTRY *PSTORAGE_QUERY_DEPENDENT_VOLUME_LEV2_ENTRY; #endif /* FSCTL_QUERY_DEPENDENT_VOLUME returned data */ #if (_WIN32_WINNT >= 0x0601) typedef struct _STORAGE_QUERY_DEPENDENT_VOLUME_RESPONSE { ULONG ResponseLevel; ULONG NumberEntries; union { STORAGE_QUERY_DEPENDENT_VOLUME_LEV1_ENTRY Lev1Depends[1]; STORAGE_QUERY_DEPENDENT_VOLUME_LEV2_ENTRY Lev2Depends[1]; }; } STORAGE_QUERY_DEPENDENT_VOLUME_RESPONSE; typedef STORAGE_QUERY_DEPENDENT_VOLUME_RESPONSE *PSTORAGE_QUERY_DEPENDENT_VOLUME_RESPONSE; #endif /* Object information classes */ typedef enum _OBJECT_INFORMATION_CLASS { ObjectBasicInformation = 0, ObjectTypeInformation = 2 } OBJECT_INFORMATION_CLASS; /* Public object basic information */ typedef struct _PUBLIC_OBJECT_BASIC_INFORMATION { ULONG Attributes; ACCESS_MASK GrantedAccess; ULONG HandleCount; ULONG PointerCount; ULONG Reserved[10]; } PUBLIC_OBJECT_BASIC_INFORMATION; typedef PUBLIC_OBJECT_BASIC_INFORMATION *PPUBLIC_OBJECT_BASIC_INFORMATION; /* Public object type information */ typedef struct _PUBLIC_OBJECT_TYPE_INFORMATION { UNICODE_STRING TypeName; ULONG Reserved[22]; } PUBLIC_OBJECT_TYPE_INFORMATION; typedef PUBLIC_OBJECT_TYPE_INFORMATION *PPUBLIC_OBJECT_TYPE_INFORMATION; /* Security client context */ typedef struct _SECURITY_CLIENT_CONTEXT { SECURITY_QUALITY_OF_SERVICE SecurityQos; PACCESS_TOKEN ClientToken; BOOLEAN DirectlyAccessClientToken; BOOLEAN DirectAccessEffectiveOnly; BOOLEAN ServerIsRemote; TOKEN_CONTROL ClientTokenControl; } SECURITY_CLIENT_CONTEXT; typedef SECURITY_CLIENT_CONTEXT *PSECURITY_CLIENT_CONTEXT; /* Kernel asynchronous procedure call state */ typedef struct _KAPC_STATE { LIST_ENTRY ApcListHead[MaximumMode]; struct _KPROCESS *Process; BOOLEAN KernelApcInProgress; BOOLEAN KernelApcPending; BOOLEAN UserApcPending; } KAPC_STATE; typedef KAPC_STATE *PKAPC_STATE; typedef KAPC_STATE *PRKAPC_STATE; /* Kernel queue */ typedef struct _KQUEUE { DISPATCHER_HEADER Header; LIST_ENTRY EntryListHead; volatile ULONG CurrentCount; ULONG MaximumCount; LIST_ENTRY ThreadListHead; } KQUEUE; typedef KQUEUE *PKQUEUE; typedef KQUEUE *PRKQUEUE; /* Security exports */ typedef struct _SE_EXPORTS { LUID SeCreateTokenPrivilege; LUID SeAssignPrimaryTokenPrivilege; LUID SeLockMemoryPrivilege; LUID SeIncreaseQuotaPrivilege; LUID SeUnsolicitedInputPrivilege; LUID SeTcbPrivilege; LUID SeSecurityPrivilege; LUID SeTakeOwnershipPrivilege; LUID SeLoadDriverPrivilege; LUID SeCreatePagefilePrivilege; LUID SeIncreaseBasePriorityPrivilege; LUID SeSystemProfilePrivilege; LUID SeSystemtimePrivilege; LUID SeProfileSingleProcessPrivilege; LUID SeCreatePermanentPrivilege; LUID SeBackupPrivilege; LUID SeRestorePrivilege; LUID SeShutdownPrivilege; LUID SeDebugPrivilege; LUID SeAuditPrivilege; LUID SeSystemEnvironmentPrivilege; LUID SeChangeNotifyPrivilege; LUID SeRemoteShutdownPrivilege; PSID SeNullSid; PSID SeWorldSid; PSID SeLocalSid; PSID SeCreatorOwnerSid; PSID SeCreatorGroupSid; PSID SeNtAuthoritySid; PSID SeDialupSid; PSID SeNetworkSid; PSID SeBatchSid; PSID SeInteractiveSid; PSID SeLocalSystemSid; PSID SeAliasAdminsSid; PSID SeAliasUsersSid; PSID SeAliasGuestsSid; PSID SeAliasPowerUsersSid; PSID SeAliasAccountOpsSid; PSID SeAliasSystemOpsSid; PSID SeAliasPrintOpsSid; PSID SeAliasBackupOpsSid; PSID SeAuthenticatedUsersSid; PSID SeRestrictedSid; PSID SeAnonymousLogonSid; LUID SeUndockPrivilege; LUID SeSyncAgentPrivilege; LUID SeEnableDelegationPrivilege; PSID SeLocalServiceSid; PSID SeNetworkServiceSid; LUID SeManageVolumePrivilege; LUID SeImpersonatePrivilege; LUID SeCreateGlobalPrivilege; LUID SeTrustedCredManAccessPrivilege; LUID SeRelabelPrivilege; LUID SeIncreaseWorkingSetPrivilege; LUID SeTimeZonePrivilege; LUID SeCreateSymbolicLinkPrivilege; PSID SeIUserSid; PSID SeUntrustedMandatorySid; PSID SeLowMandatorySid; PSID SeMediumMandatorySid; PSID SeHighMandatorySid; PSID SeSystemMandatorySid; PSID SeOwnerRightsSid; } SE_EXPORTS; typedef SE_EXPORTS *PSE_EXPORTS; /* Security logon session terminated routine */ typedef NTSTATUS (NTAPI *PSE_LOGON_SESSION_TERMINATED_ROUTINE)( PLUID ); /* Driver file system notification callback */ typedef VOID NTAPI DRIVER_FS_NOTIFICATION( struct _DEVICE_OBJECT *, BOOLEAN ); typedef DRIVER_FS_NOTIFICATION *PDRIVER_FS_NOTIFICATION; /* File system filter section synchronization types */ typedef enum _FS_FILTER_SECTION_SYNC_TYPE { SyncTypeOther = 0, SyncTypeCreateSection = 1 } FS_FILTER_SECTION_SYNC_TYPE; typedef FS_FILTER_SECTION_SYNC_TYPE *PFS_FILTER_SECTION_SYNC_TYPE; /* File system filter stream file object notification types */ typedef enum _FS_FILTER_STREAM_FO_NOTIFICATION_TYPE { NotifyTypeCreate = 0, NotifyTypeRetired = 1 } FS_FILTER_STREAM_FO_NOTIFICATION_TYPE; typedef FS_FILTER_STREAM_FO_NOTIFICATION_TYPE *PFS_FILTER_STREAM_FO_NOTIFICATION_TYPE; /* File system filter parameters */ typedef union _FS_FILTER_PARAMETERS { struct { PLARGE_INTEGER EndingOffset; PERESOURCE *ResourceToRelease; } AcquireForModifiedPageWriter; struct { PERESOURCE ResourceToRelease; } ReleaseForModifiedPageWriter; struct { FS_FILTER_SECTION_SYNC_TYPE SyncType; ULONG PageProtection; } AcquireForSectionSynchronization; struct { FS_FILTER_STREAM_FO_NOTIFICATION_TYPE NotificationType; BOOLEAN SafeToRecurse; } NotifyStreamFileObject; struct { PVOID Argument1; PVOID Argument2; PVOID Argument3; PVOID Argument4; PVOID Argument5; } Others; } FS_FILTER_PARAMETERS; typedef FS_FILTER_PARAMETERS *PFS_FILTER_PARAMETERS; /* File system filter callback data */ typedef struct _FS_FILTER_CALLBACK_DATA { ULONG SizeOfFsFilterCallbackData; UCHAR Operation; UCHAR Reserved; struct _DEVICE_OBJECT *DeviceObject; struct _FILE_OBJECT *FileObject; FS_FILTER_PARAMETERS Parameters; } FS_FILTER_CALLBACK_DATA; typedef FS_FILTER_CALLBACK_DATA *PFS_FILTER_CALLBACK_DATA; /* File system filter callbacks */ typedef NTSTATUS (NTAPI *PFS_FILTER_CALLBACK)( PFS_FILTER_CALLBACK_DATA, PVOID * ); typedef NTSTATUS (NTAPI *PFS_FILTER_COMPLETION_CALLBACK)( PFS_FILTER_CALLBACK_DATA, NTSTATUS, PVOID ); typedef struct _FS_FILTER_CALLBACKS { ULONG SizeOfFsFilterCallbacks; ULONG Reserved; PFS_FILTER_CALLBACK PreAcquireForSectionSynchronization; PFS_FILTER_COMPLETION_CALLBACK PostAcquireForSectionSynchronization; PFS_FILTER_CALLBACK PreReleaseForSectionSynchronization; PFS_FILTER_COMPLETION_CALLBACK PostReleaseForSectionSynchronization; PFS_FILTER_CALLBACK PreAcquireForCcFlush; PFS_FILTER_COMPLETION_CALLBACK PostAcquireForCcFlush; PFS_FILTER_CALLBACK PreReleaseForCcFlush; PFS_FILTER_COMPLETION_CALLBACK PostReleaseForCcFlush; PFS_FILTER_CALLBACK PreAcquireForModifiedPageWriter; PFS_FILTER_COMPLETION_CALLBACK PostAcquireForModifiedPageWriter; PFS_FILTER_CALLBACK PreReleaseForModifiedPageWriter; PFS_FILTER_COMPLETION_CALLBACK PostReleaseForModifiedPageWriter; } FS_FILTER_CALLBACKS; typedef FS_FILTER_CALLBACKS *PFS_FILTER_CALLBACKS; /* I/O priority information */ #if (NTDDI_VERSION >= 0x06000000) typedef struct _IO_PRIORITY_INFO { ULONG Size; ULONG ThreadPriority; ULONG PagePriority; IO_PRIORITY_HINT IoPriority; } IO_PRIORITY_INFO; typedef IO_PRIORITY_INFO *PIO_PRIORITY_INFO; #endif /* Memory management flush types */ typedef enum _MMFLUSH_TYPE { MmFlushForDelete = 0, MmFlushForWrite = 1 } MMFLUSH_TYPE; /* Read list */ typedef struct _READ_LIST { PFILE_OBJECT FileObject; ULONG NumberOfEntries; LOGICAL IsImage; FILE_SEGMENT_ELEMENT List[ANYSIZE_ARRAY]; } READ_LIST; typedef READ_LIST *PREAD_LIST; /* Memory management prefetch flags */ #if (NTDDI_VERSION >= 0x05010000) typedef union _MM_PREFETCH_FLAGS { struct { ULONG Priority : SYSTEM_PAGE_PRIORITY_BITS; ULONG RepurposePriority : SYSTEM_PAGE_PRIORITY_BITS; } Flags; ULONG AllFlags; } MM_PREFETCH_FLAGS; typedef MM_PREFETCH_FLAGS *PMM_PREFETCH_FLAGS; #endif /* Fast I/O possible values */ typedef enum _FAST_IO_POSSIBLE { FastIoIsNotPossible = 0, FastIoIsPossible = 1, FastIoIsQuestionable = 2 } FAST_IO_POSSIBLE; /* Common FCB header */ typedef struct _FSRTL_COMMON_FCB_HEADER { CSHORT NodeTypeCode; CSHORT NodeByteSize; UCHAR Flags; UCHAR IsFastIoPossible; UCHAR Flags2; UCHAR Reserved : 4; UCHAR Version : 4; PERESOURCE Resource; PERESOURCE PagingIoResource; LARGE_INTEGER AllocationSize; LARGE_INTEGER FileSize; LARGE_INTEGER ValidDataLength; } FSRTL_COMMON_FCB_HEADER; typedef FSRTL_COMMON_FCB_HEADER *PFSRTL_COMMON_FCB_HEADER; /* Advanced FCB header */ #ifdef __cplusplus typedef struct _FSRTL_ADVANCED_FCB_HEADER : FSRTL_COMMON_FCB_HEADER { #else typedef struct _FSRTL_ADVANCED_FCB_HEADER { FSRTL_COMMON_FCB_HEADER; #endif PFAST_MUTEX FastMutex; LIST_ENTRY FilterContexts; #if (NTDDI_VERSION >= 0x06000000) EX_PUSH_LOCK PushLock; PVOID *FileContextSupportPointer; #endif } FSRTL_ADVANCED_FCB_HEADER; typedef FSRTL_ADVANCED_FCB_HEADER *PFSRTL_ADVANCED_FCB_HEADER; /* EOF wait block */ typedef struct _EOF_WAIT_BLOCK { LIST_ENTRY EofWaitLinks; KEVENT Event; } EOF_WAIT_BLOCK; typedef EOF_WAIT_BLOCK *PEOF_WAIT_BLOCK; /* Auxiliary buffer */ typedef struct _FSRTL_AUXILIARY_BUFFER { PVOID Buffer; ULONG Length; ULONG Flags; PMDL Mdl; } FSRTL_AUXILIARY_BUFFER; typedef FSRTL_AUXILIARY_BUFFER *PFSRTL_AUXILIARY_BUFFER; /* File lock information */ typedef struct _FILE_LOCK_INFO { LARGE_INTEGER StartingByte; LARGE_INTEGER Length; BOOLEAN ExclusiveLock; ULONG Key; PFILE_OBJECT FileObject; PVOID ProcessId; LARGE_INTEGER EndingByte; LONG volatile LockRequestsInProgress; } FILE_LOCK_INFO; typedef FILE_LOCK_INFO *PFILE_LOCK_INFO; /* Locking callbacks */ typedef NTSTATUS (NTAPI *PCOMPLETE_LOCK_IRP_ROUTINE)( PVOID, PIRP ); typedef VOID (NTAPI *PUNLOCK_ROUTINE)( PVOID, PFILE_LOCK_INFO ); /* File lock */ typedef struct _FILE_LOCK { PCOMPLETE_LOCK_IRP_ROUTINE CompleteLockIrpRoutine; PUNLOCK_ROUTINE UnlockRoutine; BOOLEAN FastIoIsQuestionable; BOOLEAN SpareC[3]; PVOID LockInformation; FILE_LOCK_INFO LastReturnedLockInfo; PVOID LastReturnedLock; } FILE_LOCK; typedef FILE_LOCK *PFILE_LOCK; /* Tunnel */ typedef struct { FAST_MUTEX Mutex; PRTL_SPLAY_LINKS Cache; LIST_ENTRY TimerQueue; USHORT NumEntries; } TUNNEL; typedef TUNNEL *PTUNNEL; /* Comparison results */ typedef enum _FSRTL_COMPARISON_RESULT { LessThan = -1, EqualTo = 0, GreaterThan = 1 } FSRTL_COMPARISON_RESULT; /* Base mapped control block */ typedef struct _BASE_MCB { ULONG MaximumPairCount; ULONG PairCount; USHORT PoolType; USHORT Flags; PVOID Mapping; } BASE_MCB; typedef BASE_MCB *PBASE_MCB; /* Large mapped control block */ typedef struct _LARGE_MCB { PKGUARDED_MUTEX GuardedMutex; BASE_MCB BaseMcb; } LARGE_MCB; typedef LARGE_MCB *PLARGE_MCB; /* Mapped control block */ typedef struct _MCB { LARGE_MCB DummyFieldThatSizesThisStructureCorrectly; } MCB; typedef MCB *PMCB; /* Oplock callbacks */ typedef VOID (NTAPI *POPLOCK_WAIT_COMPLETE_ROUTINE)( PVOID, PIRP ); typedef VOID (NTAPI *POPLOCK_FS_PREPOST_IRP)( PVOID, PIRP ); /* Oplock key extra create parameter context */ #if (NTDDI_VERSION >= 0x06010000) typedef struct _OPLOCK_KEY_ECP_CONTEXT { GUID OplockKey; ULONG Reserved; } OPLOCK_KEY_ECP_CONTEXT; typedef OPLOCK_KEY_ECP_CONTEXT *POPLOCK_KEY_ECP_CONTEXT; #endif /* Change notification callbacks */ typedef BOOLEAN (NTAPI *PCHECK_FOR_TRAVERSE_ACCESS)( PVOID, PVOID, PSECURITY_SUBJECT_CONTEXT ); typedef BOOLEAN (NTAPI *PFILTER_REPORT_CHANGE)( PVOID, PVOID ); /* Stack overflow callback */ typedef VOID (NTAPI *PFSRTL_STACK_OVERFLOW_ROUTINE)( PVOID, PKEVENT ); /* MUP provider information (level 1) */ #if (NTDDI_VERSION >= 0x06000000) typedef struct _FSRTL_MUP_PROVIDER_INFO_LEVEL_1 { ULONG32 ProviderId; } FSRTL_MUP_PROVIDER_INFO_LEVEL_1; typedef FSRTL_MUP_PROVIDER_INFO_LEVEL_1 *PFSRTL_MUP_PROVIDER_INFO_LEVEL_1; #endif /* MUP provider information (level 2) */ #if (NTDDI_VERSION >= 0x06000000) typedef struct _FSRTL_MUP_PROVIDER_INFO_LEVEL_2 { ULONG32 ProviderId; UNICODE_STRING ProviderName; } FSRTL_MUP_PROVIDER_INFO_LEVEL_2; typedef FSRTL_MUP_PROVIDER_INFO_LEVEL_2 *PFSRTL_MUP_PROVIDER_INFO_LEVEL_2; #endif /* Per file context */ typedef struct _FSRTL_PER_FILE_CONTEXT { LIST_ENTRY Links; PVOID OwnerId; PVOID InstanceId; PFREE_FUNCTION FreeCallback; } FSRTL_PER_FILE_CONTEXT; typedef FSRTL_PER_FILE_CONTEXT *PFSRTL_PER_FILE_CONTEXT; /* Per stream context */ typedef struct _FSRTL_PER_STREAM_CONTEXT { LIST_ENTRY Links; PVOID OwnerId; PVOID InstanceId; PFREE_FUNCTION FreeCallback; } FSRTL_PER_STREAM_CONTEXT; typedef FSRTL_PER_STREAM_CONTEXT *PFSRTL_PER_STREAM_CONTEXT; /* Tear down per stream contexts callback */ #if (NTDDI_VERSION >= 0x05000000) typedef VOID (NTAPI *PFN_FSRTLTEARDOWNPERSTREAMCONTEXTS)( PFSRTL_ADVANCED_FCB_HEADER ); #endif /* Per file object context */ typedef struct _FSRTL_PER_FILEOBJECT_CONTEXT { LIST_ENTRY Links; PVOID OwnerId; PVOID InstanceId; } FSRTL_PER_FILEOBJECT_CONTEXT; typedef FSRTL_PER_FILEOBJECT_CONTEXT *PFSRTL_PER_FILEOBJECT_CONTEXT; /* Extra create parameter cleanup callback */ #if (NTDDI_VERSION >= 0x06000000) typedef VOID (NTAPI *PFSRTL_EXTRA_CREATE_PARAMETER_CLEANUP_CALLBACK)( PVOID, LPCGUID ); #endif /* Network open location qualifiers */ #if (NTDDI_VERSION >= 0x06000000) typedef enum { NetworkOpenLocationAny = 0, NetworkOpenLocationRemote = 1, NetworkOpenLocationLoopback = 2 } NETWORK_OPEN_LOCATION_QUALIFIER; #endif /* Network open integrity qualifiers */ #if (NTDDI_VERSION >= 0x06000000) typedef enum { NetworkOpenIntegrityAny = 0, NetworkOpenIntegrityNone = 1, NetworkOpenIntegritySigned = 2, NetworkOpenIntegrityEncrypted = 3, NetworkOpenIntegrityMaximum = 4 } NETWORK_OPEN_INTEGRITY_QUALIFIER; #endif /* Network open extra create parameter context */ #if (NTDDI_VERSION >= 0x06000000) typedef struct _NETWORK_OPEN_ECP_CONTEXT { USHORT Size; USHORT Reserved; struct { struct { NETWORK_OPEN_LOCATION_QUALIFIER Location; NETWORK_OPEN_INTEGRITY_QUALIFIER Integrity; #if (NTDDI_VERSION >= 0x06010000) ULONG Flags; #endif } in; struct { NETWORK_OPEN_LOCATION_QUALIFIER Location; NETWORK_OPEN_INTEGRITY_QUALIFIER Integrity; #if (NTDDI_VERSION >= 0x06010000) ULONG Flags; #endif } out; }; } NETWORK_OPEN_ECP_CONTEXT; typedef NETWORK_OPEN_ECP_CONTEXT *PNETWORK_OPEN_ECP_CONTEXT; #endif /* Network open extra create parameter context (version 0) */ #if (NTDDI_VERSION >= 0x06010000) typedef struct _NETWORK_OPEN_ECP_CONTEXT_V0 { USHORT Size; USHORT Reserved; struct { struct { NETWORK_OPEN_LOCATION_QUALIFIER Location; NETWORK_OPEN_INTEGRITY_QUALIFIER Integrity; } in; struct { NETWORK_OPEN_LOCATION_QUALIFIER Location; NETWORK_OPEN_INTEGRITY_QUALIFIER Integrity; } out; }; } NETWORK_OPEN_ECP_CONTEXT_V0; typedef NETWORK_OPEN_ECP_CONTEXT_V0 *PNETWORK_OPEN_ECP_CONTEXT_V0; #endif /* Prefetch open extra create parameter context */ #if (NTDDI_VERSION >= 0x06000000) typedef struct _PREFETCH_OPEN_ECP_CONTEXT { PVOID Context; } PREFETCH_OPEN_ECP_CONTEXT; typedef PREFETCH_OPEN_ECP_CONTEXT *PPREFETCH_OPEN_ECP_CONTEXT; #endif /* NFS open extra create parameter context */ #if (NTDDI_VERSION >= 0x06010000) typedef struct _NFS_OPEN_ECP_CONTEXT { PUNICODE_STRING ExportAlias; PSOCKADDR_STORAGE_NFS ClientSocketAddress; } NFS_OPEN_ECP_CONTEXT; typedef NFS_OPEN_ECP_CONTEXT *PNFS_OPEN_ECP_CONTEXT; typedef NFS_OPEN_ECP_CONTEXT **PPNFS_OPEN_ECP_CONTEXT; #endif /* SRV open extra create parameter context */ #if (NTDDI_VERSION >= 0x06010000) typedef struct _SRV_OPEN_ECP_CONTEXT { PUNICODE_STRING ShareName; PSOCKADDR_STORAGE_NFS SocketAddress; BOOLEAN OplockBlockState; BOOLEAN OplockAppState; BOOLEAN OplockFinalState; } SRV_OPEN_ECP_CONTEXT; typedef SRV_OPEN_ECP_CONTEXT *PSRV_OPEN_ECP_CONTEXT; #endif /* Change backing types */ #if (NTDDI_VERSION >= 0x06000000) typedef enum _FSRTL_CHANGE_BACKING_TYPE { ChangeDataControlArea = 0, ChangeImageControlArea = 1, ChangeSharedCacheMap = 2 } FSRTL_CHANGE_BACKING_TYPE; typedef FSRTL_CHANGE_BACKING_TYPE *PFSRTL_CHANGE_BACKING_TYPE; #endif /* Public BCB */ typedef struct _PUBLIC_BCB { CSHORT NodeTypeCode; CSHORT NodeByteSize; ULONG MappedLength; LARGE_INTEGER MappedFileOffset; } PUBLIC_BCB; typedef PUBLIC_BCB *PPUBLIC_BCB; /* File sizes */ typedef struct _CC_FILE_SIZES { LARGE_INTEGER AllocationSize; LARGE_INTEGER FileSize; LARGE_INTEGER ValidDataLength; } CC_FILE_SIZES; typedef CC_FILE_SIZES *PCC_FILE_SIZES; /* Cache manager callbacks */ typedef BOOLEAN (NTAPI *PACQUIRE_FOR_LAZY_WRITE)( PVOID, BOOLEAN ); typedef VOID (NTAPI *PRELEASE_FROM_LAZY_WRITE)( PVOID ); typedef BOOLEAN (NTAPI *PACQUIRE_FOR_READ_AHEAD)( PVOID, BOOLEAN ); typedef VOID (NTAPI *PRELEASE_FROM_READ_AHEAD)( PVOID ); typedef VOID (NTAPI *PDIRTY_PAGE_ROUTINE)( PFILE_OBJECT, PLARGE_INTEGER, ULONG, PLARGE_INTEGER, PLARGE_INTEGER, PVOID, PVOID ); typedef VOID (NTAPI *PFLUSH_TO_LSN)( PVOID, LARGE_INTEGER ); typedef VOID (NTAPI *PCC_POST_DEFERRED_WRITE)( PVOID, PVOID ); typedef struct _CACHE_MANAGER_CALLBACKS { PACQUIRE_FOR_LAZY_WRITE AcquireForLazyWrite; PRELEASE_FROM_LAZY_WRITE ReleaseFromLazyWrite; PACQUIRE_FOR_READ_AHEAD AcquireForReadAhead; PRELEASE_FROM_READ_AHEAD ReleaseFromReadAhead; } CACHE_MANAGER_CALLBACKS; typedef CACHE_MANAGER_CALLBACKS *PCACHE_MANAGER_CALLBACKS; /* Cache uninitialize event */ typedef struct _CACHE_UNINITIALIZE_EVENT { struct _CACHE_UNINITIALIZE_EVENT *Next; KEVENT Event; } CACHE_UNINITIALIZE_EVENT; typedef CACHE_UNINITIALIZE_EVENT *PCACHE_UNINITIALIZE_EVENT; /* The Microsoft version of ntifs.h contains the contents of sspi.h. In the interest * of efficiency, a #include directive is used here instead. It is necessary to make * sure that UNICODE is defined, because only the Unicode versions of the functions in * sspi.h are supported in kernel mode. */ #ifndef UNICODE #define UNICODE #endif #ifndef SECURITY_KERNEL #define SECURITY_KERNEL #endif #include /* Security user data */ typedef struct _SECURITY_USER_DATA { SECURITY_STRING UserName; SECURITY_STRING LogonDomainName; SECURITY_STRING LogonServer; PSID pSid; } SECURITY_USER_DATA; typedef SECURITY_USER_DATA *PSECURITY_USER_DATA; typedef SECURITY_USER_DATA SecurityUserData; typedef SECURITY_USER_DATA *PSecurityUserData; /* Query path request */ typedef struct _QUERY_PATH_REQUEST { ULONG PathNameLength; PIO_SECURITY_CONTEXT SecurityContext; WCHAR FilePathName[1]; } QUERY_PATH_REQUEST; typedef QUERY_PATH_REQUEST *PQUERY_PATH_REQUEST; /* Query path request (extended version) */ typedef struct _QUERY_PATH_REQUEST_EX { PIO_SECURITY_CONTEXT pSecurityContext; ULONG EaLength; PVOID pEaBuffer; UNICODE_STRING PathName; UNICODE_STRING DomainServiceName; ULONG_PTR Reserved[3]; } QUERY_PATH_REQUEST_EX; typedef QUERY_PATH_REQUEST_EX *PQUERY_PATH_REQUEST_EX; /* Query path response */ typedef struct _QUERY_PATH_RESPONSE { ULONG LengthAccepted; } QUERY_PATH_RESPONSE; typedef QUERY_PATH_RESPONSE *PQUERY_PATH_RESPONSE; /* Global variables in NTOSKRNL.EXE */ extern NTKERNELAPI ULONG CcFastMdlReadWait; extern NTKERNELAPI UCHAR const * const *FsRtlLegalAnsiCharacterArray; extern NTKERNELAPI ULONG IoReadOperationCount; extern NTKERNELAPI LARGE_INTEGER IoReadTransferCount; extern NTKERNELAPI KSPIN_LOCK IoStatisticsLock; extern NTKERNELAPI ULONG IoWriteOperationCount; extern NTKERNELAPI LARGE_INTEGER IoWriteTransferCount; extern NTKERNELAPI PUSHORT *NlsOemLeadByteInfo; extern NTKERNELAPI PSE_EXPORTS SeExports; /* Functions in NTOSKRNL.EXE and NTDLL.DLL */ NTSYSAPI NTSTATUS NTAPI ZwDuplicateToken( HANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, BOOLEAN, TOKEN_TYPE, PHANDLE ); NTSYSAPI NTSTATUS NTAPI ZwQueryEaFile( HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG, BOOLEAN, PVOID, ULONG, PULONG, BOOLEAN ); NTSYSAPI NTSTATUS NTAPI ZwSetEaFile( HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG ); #if (NTDDI_VERSION >= 0x05000000) NTSYSAPI PPREFIX_TABLE_ENTRY NTAPI PfxFindPrefix( PPREFIX_TABLE, PSTRING ); NTSYSAPI VOID NTAPI PfxInitialize( PPREFIX_TABLE ); NTSYSAPI BOOLEAN NTAPI PfxInsertPrefix( PPREFIX_TABLE, PSTRING, PPREFIX_TABLE_ENTRY ); NTSYSAPI VOID NTAPI PfxRemovePrefix( PPREFIX_TABLE, PPREFIX_TABLE_ENTRY ); NTSYSAPI NTSTATUS NTAPI RtlAddAccessAllowedAce( PACL, ULONG, ACCESS_MASK, PSID ); NTSYSAPI NTSTATUS NTAPI RtlAddAccessAllowedAceEx( PACL, ULONG, ULONG, ACCESS_MASK, PSID ); NTSYSAPI NTSTATUS NTAPI RtlAddAce( PACL, ULONG, ULONG, PVOID, ULONG ); NTSYSAPI NTSTATUS NTAPI RtlAllocateAndInitializeSid( PSID_IDENTIFIER_AUTHORITY, UCHAR, ULONG, ULONG, ULONG, ULONG, ULONG, ULONG, ULONG, ULONG, PSID * ); NTSYSAPI PVOID NTAPI RtlAllocateHeap( PVOID, ULONG, SIZE_T ); NTSYSAPI NTSTATUS NTAPI RtlAppendStringToString( PSTRING, const STRING * ); NTSYSAPI VOID NTAPI RtlCaptureContext( PCONTEXT ); NTSYSAPI SIZE_T NTAPI RtlCompareMemoryUlong( PVOID, SIZE_T, ULONG ); NTSYSAPI NTSTATUS NTAPI RtlConvertSidToUnicodeString( PUNICODE_STRING, PSID, BOOLEAN ); NTSYSAPI VOID NTAPI RtlCopyLuid( PLUID, PLUID ); NTSYSAPI NTSTATUS NTAPI RtlCopySid( ULONG, PSID, PSID ); NTSYSAPI NTSTATUS NTAPI RtlCreateAcl( PACL, ULONG, ULONG ); NTSYSAPI BOOLEAN NTAPI RtlCreateUnicodeString( PUNICODE_STRING, PCWSTR ); NTSYSAPI NTSTATUS NTAPI RtlCustomCPToUnicodeN( PCPTABLEINFO, PWCH, ULONG, PULONG, PCH, ULONG ); NTSYSAPI NTSTATUS NTAPI RtlDeleteAce( PACL, ULONG ); NTSYSAPI NTSTATUS NTAPI RtlDowncaseUnicodeString( PUNICODE_STRING, PCUNICODE_STRING, BOOLEAN ); NTSYSAPI BOOLEAN NTAPI RtlEqualPrefixSid( PSID, PSID ); NTSYSAPI BOOLEAN NTAPI RtlEqualSid( PSID, PSID ); NTSYSAPI PUNICODE_PREFIX_TABLE_ENTRY NTAPI RtlFindUnicodePrefix( PUNICODE_PREFIX_TABLE, PUNICODE_STRING, ULONG ); NTSYSAPI BOOLEAN NTAPI RtlFreeHeap( PVOID, ULONG, PVOID ); NTSYSAPI VOID NTAPI RtlFreeOemString( POEM_STRING ); NTSYSAPI PVOID NTAPI RtlFreeSid( PSID ); NTSYSAPI NTSTATUS NTAPI RtlGetAce( PACL, ULONG, PVOID * ); NTSYSAPI NTSTATUS NTAPI RtlGetDaclSecurityDescriptor( PSECURITY_DESCRIPTOR, PBOOLEAN, PACL *, PBOOLEAN ); NTSYSAPI NTSTATUS NTAPI RtlGetOwnerSecurityDescriptor( PSECURITY_DESCRIPTOR, PSID *, PBOOLEAN ); NTSYSAPI VOID NTAPI RtlInitCodePageTable( PUSHORT, PCPTABLEINFO ); NTSYSAPI NTSTATUS NTAPI RtlInitializeSid( PSID, PSID_IDENTIFIER_AUTHORITY, UCHAR ); NTSYSAPI VOID NTAPI RtlInitializeUnicodePrefix( PUNICODE_PREFIX_TABLE ); NTSYSAPI BOOLEAN NTAPI RtlInsertUnicodePrefix( PUNICODE_PREFIX_TABLE, PUNICODE_STRING, PUNICODE_PREFIX_TABLE_ENTRY ); NTSYSAPI BOOLEAN NTAPI RtlIsNameLegalDOS8Dot3( PCUNICODE_STRING, POEM_STRING, PBOOLEAN ); NTSYSAPI BOOLEAN NTAPI RtlIsValidOemCharacter( PWCHAR ); NTSYSAPI ULONG NTAPI RtlLengthRequiredSid( ULONG ); NTSYSAPI ULONG NTAPI RtlLengthSid( PSID ); NTSYSAPI NTSTATUS NTAPI RtlMultiByteToUnicodeN( PWCH, ULONG, PULONG, PCSTR, ULONG ); NTSYSAPI NTSTATUS NTAPI RtlMultiByteToUnicodeSize( PULONG, PCSTR, ULONG ); NTSYSAPI PUNICODE_PREFIX_TABLE_ENTRY NTAPI RtlNextUnicodePrefix( PUNICODE_PREFIX_TABLE, BOOLEAN ); NTSYSAPI ULONG NTAPI RtlNtStatusToDosError( NTSTATUS ); NTSYSAPI NTSTATUS NTAPI RtlOemStringToCountedUnicodeString( PUNICODE_STRING, PCOEM_STRING, BOOLEAN ); NTSYSAPI NTSTATUS NTAPI RtlOemStringToUnicodeString( PUNICODE_STRING, PCOEM_STRING, BOOLEAN ); NTSYSAPI NTSTATUS NTAPI RtlOemToUnicodeN( PWSTR, ULONG, PULONG, PCH, ULONG ); NTSYSAPI ULONG NTAPI RtlRandom( PULONG ); NTSYSAPI VOID NTAPI RtlRemoveUnicodePrefix( PUNICODE_PREFIX_TABLE, PUNICODE_PREFIX_TABLE_ENTRY ); NTSYSAPI VOID NTAPI RtlSecondsSince1970ToTime( ULONG, PLARGE_INTEGER ); NTSYSAPI VOID NTAPI RtlSecondsSince1980ToTime( ULONG, PLARGE_INTEGER ); NTSYSAPI NTSTATUS NTAPI RtlSetOwnerSecurityDescriptor( PSECURITY_DESCRIPTOR, PSID, BOOLEAN ); NTSYSAPI PULONG NTAPI RtlSubAuthoritySid( PSID, ULONG ); NTSYSAPI BOOLEAN NTAPI RtlTimeToSecondsSince1970( PLARGE_INTEGER, PULONG ); NTSYSAPI BOOLEAN NTAPI RtlTimeToSecondsSince1980( PLARGE_INTEGER, PULONG ); NTSYSAPI NTSTATUS NTAPI RtlUnicodeStringToCountedOemString( POEM_STRING, PCUNICODE_STRING, BOOLEAN ); NTSYSAPI NTSTATUS NTAPI RtlUnicodeStringToOemString( POEM_STRING, PCUNICODE_STRING, BOOLEAN ); NTSYSAPI NTSTATUS NTAPI RtlUnicodeToCustomCPN( PCPTABLEINFO, PCH, ULONG, PULONG, PWCH, ULONG ); NTSYSAPI NTSTATUS NTAPI RtlUnicodeToMultiByteN( PCHAR, ULONG, PULONG, PWCH, ULONG ); NTSYSAPI NTSTATUS NTAPI RtlUnicodeToMultiByteSize( PULONG, PWCH, ULONG ); NTSYSAPI NTSTATUS NTAPI RtlUnicodeToOemN( PCHAR, ULONG, PULONG, PWCH, ULONG ); NTSYSAPI NTSTATUS NTAPI RtlUpcaseUnicodeStringToCountedOemString( POEM_STRING, PCUNICODE_STRING, BOOLEAN ); NTSYSAPI NTSTATUS NTAPI RtlUpcaseUnicodeStringToOemString( POEM_STRING, PCUNICODE_STRING, BOOLEAN ); NTSYSAPI NTSTATUS NTAPI RtlUpcaseUnicodeToCustomCPN( PCPTABLEINFO, PCH, ULONG, PULONG, PWCH, ULONG ); NTSYSAPI NTSTATUS NTAPI RtlUpcaseUnicodeToMultiByteN( PCHAR, ULONG, PULONG, PWCH, ULONG ); NTSYSAPI NTSTATUS NTAPI RtlUpcaseUnicodeToOemN( PCHAR, ULONG, PULONG, PWCH, ULONG ); NTSYSAPI BOOLEAN NTAPI RtlValidSid( PSID ); NTSYSAPI ULONG NTAPI RtlxOemStringToUnicodeSize( PCOEM_STRING ); NTSYSAPI ULONG NTAPI RtlxUnicodeStringToOemSize( PCUNICODE_STRING ); NTSYSAPI NTSTATUS NTAPI ZwAllocateVirtualMemory( HANDLE, PVOID *, ULONG_PTR, PSIZE_T, ULONG, ULONG ); NTSYSAPI NTSTATUS NTAPI ZwCreateEvent( PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, EVENT_TYPE, BOOLEAN ); NTSYSAPI NTSTATUS NTAPI ZwDeleteFile( POBJECT_ATTRIBUTES ); NTSYSAPI NTSTATUS NTAPI ZwDeviceIoControlFile( HANDLE, HANDLE, PIO_APC_ROUTINE, PVOID, PIO_STATUS_BLOCK, ULONG, PVOID, ULONG, PVOID, ULONG ); NTSYSAPI NTSTATUS NTAPI ZwDuplicateObject( HANDLE, HANDLE, HANDLE, PHANDLE, ACCESS_MASK, ULONG, ULONG ); NTSYSAPI NTSTATUS NTAPI ZwFlushVirtualMemory( HANDLE, PVOID *, PSIZE_T, PIO_STATUS_BLOCK ); NTSYSAPI NTSTATUS NTAPI ZwFreeVirtualMemory( HANDLE, PVOID *, PSIZE_T, ULONG ); NTSYSAPI NTSTATUS NTAPI ZwFsControlFile( HANDLE, HANDLE, PIO_APC_ROUTINE, PVOID, PIO_STATUS_BLOCK, ULONG, PVOID, ULONG, PVOID, ULONG ); NTSYSAPI NTSTATUS NTAPI ZwNotifyChangeKey( HANDLE, HANDLE, PIO_APC_ROUTINE, PVOID, PIO_STATUS_BLOCK, ULONG, BOOLEAN, PVOID, ULONG, BOOLEAN ); NTSYSAPI NTSTATUS NTAPI ZwOpenDirectoryObject( PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES ); NTSYSAPI NTSTATUS NTAPI ZwQueryDirectoryFile( HANDLE, HANDLE, PIO_APC_ROUTINE, PVOID, PIO_STATUS_BLOCK, PVOID, ULONG, FILE_INFORMATION_CLASS, BOOLEAN, PUNICODE_STRING, BOOLEAN ); NTSYSAPI NTSTATUS NTAPI ZwQueryInformationToken( HANDLE, TOKEN_INFORMATION_CLASS, PVOID, ULONG, PULONG ); NTSYSAPI NTSTATUS NTAPI ZwQuerySecurityObject( HANDLE, SECURITY_INFORMATION, PSECURITY_DESCRIPTOR, ULONG, PULONG ); NTSYSAPI NTSTATUS NTAPI ZwQueryVolumeInformationFile( HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG, FS_INFORMATION_CLASS ); NTSYSAPI NTSTATUS NTAPI ZwSetEvent( HANDLE, PLONG ); NTSYSAPI NTSTATUS NTAPI ZwSetSecurityObject( HANDLE, SECURITY_INFORMATION, PSECURITY_DESCRIPTOR ); NTSYSAPI NTSTATUS NTAPI ZwSetVolumeInformationFile( HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG, FS_INFORMATION_CLASS ); NTSYSAPI NTSTATUS NTAPI ZwWaitForSingleObject( HANDLE, BOOLEAN, PLARGE_INTEGER ); #endif #if (NTDDI_VERSION >= 0x05010000) NTSYSAPI USHORT NTAPI RtlCaptureStackBackTrace( ULONG, ULONG, PVOID *, PULONG ); NTSYSAPI NTSTATUS NTAPI RtlCompressBuffer( USHORT, PUCHAR, ULONG, PUCHAR, ULONG, ULONG, PULONG, PVOID ); NTSYSAPI NTSTATUS NTAPI RtlCompressChunks( PUCHAR, ULONG, PUCHAR, ULONG, PCOMPRESSED_DATA_INFO, ULONG, PVOID ); NTSYSAPI PVOID NTAPI RtlCreateHeap( ULONG, PVOID, SIZE_T, SIZE_T, PVOID, PRTL_HEAP_PARAMETERS ); NTSYSAPI NTSTATUS NTAPI RtlCreateSystemVolumeInformationFolder( PUNICODE_STRING ); NTSYSAPI NTSTATUS NTAPI RtlDecompressBuffer( USHORT, PUCHAR, ULONG, PUCHAR, ULONG, PULONG ); NTSYSAPI NTSTATUS NTAPI RtlDecompressChunks( PUCHAR, ULONG, PUCHAR, ULONG, PUCHAR, ULONG, PCOMPRESSED_DATA_INFO ); NTSYSAPI NTSTATUS NTAPI RtlDecompressFragment( USHORT, PUCHAR, ULONG, PUCHAR, ULONG, ULONG, PULONG, PVOID ); NTSYSAPI NTSTATUS NTAPI RtlDescribeChunk( USHORT, PUCHAR *, PUCHAR, PUCHAR *, PULONG ); NTSYSAPI PVOID NTAPI RtlDestroyHeap( PVOID ); NTSYSAPI NTSTATUS NTAPI RtlDuplicateUnicodeString( ULONG, const UNICODE_STRING *, UNICODE_STRING * ); NTSYSAPI VOID NTAPI RtlFillMemoryUlong( PVOID, SIZE_T, ULONG ); NTSYSAPI NTSTATUS NTAPI RtlGetCompressionWorkSpaceSize( USHORT, PULONG, PULONG ); NTSYSAPI PSID_IDENTIFIER_AUTHORITY NTAPI RtlIdentifierAuthoritySid( PSID ); NTSYSAPI NTSTATUS NTAPI RtlInitUnicodeStringEx( PUNICODE_STRING, PCWSTR ); NTSYSAPI ULONG NTAPI RtlNtStatusToDosErrorNoTeb( NTSTATUS ); NTSYSAPI ULONG NTAPI RtlRandomEx( PULONG ); NTSYSAPI NTSTATUS NTAPI RtlReserveChunk( USHORT, PUCHAR *, PUCHAR, PUCHAR *, ULONG ); NTSYSAPI PUCHAR NTAPI RtlSubAuthorityCountSid( PSID ); NTSYSAPI NTSTATUS NTAPI RtlValidateUnicodeString( ULONG, const UNICODE_STRING * ); NTSYSAPI NTSTATUS NTAPI ZwOpenProcessTokenEx( HANDLE, ACCESS_MASK, ULONG, PHANDLE ); NTSYSAPI NTSTATUS NTAPI ZwOpenThreadTokenEx( HANDLE, ACCESS_MASK, BOOLEAN, ULONG, PHANDLE ); NTSYSAPI NTSTATUS NTAPI ZwQueryObject( HANDLE, OBJECT_INFORMATION_CLASS, PVOID, ULONG, PULONG ); #endif #if (NTDDI_VERSION >= 0x05020000) NTSYSAPI NTSTATUS NTAPI RtlInitAnsiStringEx( PANSI_STRING, PCSZ ); #endif #if (NTDDI_VERSION >= 0x05020100) NTSYSAPI NTSTATUS NTAPI RtlAbsoluteToSelfRelativeSD( PSECURITY_DESCRIPTOR, PSECURITY_DESCRIPTOR, PULONG ); NTSYSAPI NTSTATUS NTAPI RtlGetGroupSecurityDescriptor( PSECURITY_DESCRIPTOR, PSID *, PBOOLEAN ); NTSYSAPI NTSTATUS NTAPI RtlGetSaclSecurityDescriptor( PSECURITY_DESCRIPTOR, PBOOLEAN, PACL *, PBOOLEAN ); NTSYSAPI NTSTATUS NTAPI RtlSelfRelativeToAbsoluteSD( PSECURITY_DESCRIPTOR, PSECURITY_DESCRIPTOR, PULONG, PACL, PULONG, PACL, PULONG, PSID, PULONG, PSID, PULONG ); NTSYSAPI NTSTATUS NTAPI RtlSetGroupSecurityDescriptor( PSECURITY_DESCRIPTOR, PSID, BOOLEAN ); #endif #if (NTDDI_VERSION >= 0x06000000) NTSYSAPI LONG NTAPI RtlCompareAltitudes( PCUNICODE_STRING, PCUNICODE_STRING ); NTSYSAPI NTSTATUS NTAPI RtlCreateServiceSid( UNICODE_STRING *, PSID, PULONG ); NTSYSAPI NTSTATUS NTAPI RtlIdnToAscii( ULONG, PCWSTR, LONG, PWSTR, PLONG ); NTSYSAPI NTSTATUS NTAPI RtlIdnToNameprepUnicode( ULONG, PCWSTR, LONG, PWSTR, PLONG ); NTSYSAPI NTSTATUS NTAPI RtlIdnToUnicode( ULONG, PCWSTR, LONG, PWSTR, PLONG ); NTSYSAPI NTSTATUS NTAPI RtlIsNormalizedString( ULONG, PCWSTR, LONG, PBOOLEAN ); NTSYSAPI NTSTATUS NTAPI RtlNormalizeString( ULONG, PCWSTR, LONG, PWSTR, PLONG ); NTSYSAPI NTSTATUS NTAPI ZwFlushBuffersFile( HANDLE, PIO_STATUS_BLOCK ); NTSYSAPI NTSTATUS NTAPI ZwLockFile( HANDLE, HANDLE, PIO_APC_ROUTINE, PVOID, PIO_STATUS_BLOCK, PLARGE_INTEGER, PLARGE_INTEGER, ULONG, BOOLEAN, BOOLEAN ); NTSYSAPI NTSTATUS NTAPI ZwQueryQuotaInformationFile( HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG, BOOLEAN, PVOID, ULONG, PSID, BOOLEAN ); NTSYSAPI NTSTATUS NTAPI ZwSetQuotaInformationFile( HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG ); NTSYSAPI NTSTATUS NTAPI ZwUnlockFile( HANDLE, PIO_STATUS_BLOCK, PLARGE_INTEGER, PLARGE_INTEGER, ULONG ); #endif #if (NTDDI_VERSION >= 0x06010000) NTSYSAPI NTSTATUS NTAPI RtlCreateVirtualAccount( PCUNICODE_STRING, ULONG, PSID, PULONG ); NTSYSAPI NTSTATUS NTAPI RtlReplaceSidInSd( PSECURITY_DESCRIPTOR, PSID, PSID, ULONG * ); NTSYSAPI NTSTATUS NTAPI ZwSetInformationToken( HANDLE, TOKEN_INFORMATION_CLASS, PVOID, ULONG ); #endif /* Functions in NTOSKRNL.EXE and NTDLL.DLL that are defined differently on different * versions of Windows. */ #if (NTDDI_VERSION >= 0x06000100) NTSYSAPI NTSTATUS NTAPI RtlGenerate8dot3Name( PCUNICODE_STRING, BOOLEAN, PGENERATE_NAME_CONTEXT, PUNICODE_STRING ); #elif (NTDDI_VERSION >= 0x05000000) NTSYSAPI NTSTATUS NTAPI RtlGenerate8dot3Name( PCUNICODE_STRING, BOOLEAN, PGENERATE_NAME_CONTEXT, PUNICODE_STRING ); #endif /* System call functions in NTOSKRNL.EXE and NTDLL.DLL */ #if (NTDDI_VERSION >= 0x05000000) NTSYSCALLAPI NTSTATUS NTAPI NtAdjustPrivilegesToken( HANDLE, BOOLEAN, PTOKEN_PRIVILEGES, ULONG, PTOKEN_PRIVILEGES, PULONG ); NTSYSCALLAPI NTSTATUS NTAPI NtAllocateVirtualMemory( HANDLE, PVOID *, ULONG_PTR, PSIZE_T, ULONG, ULONG ); NTSYSCALLAPI NTSTATUS NTAPI NtClose( HANDLE ); NTSYSCALLAPI NTSTATUS NTAPI NtCreateFile( PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PIO_STATUS_BLOCK, PLARGE_INTEGER, ULONG, ULONG, ULONG, ULONG, PVOID, ULONG ); NTSYSCALLAPI NTSTATUS NTAPI NtDeviceIoControlFile( HANDLE, HANDLE, PIO_APC_ROUTINE, PVOID, PIO_STATUS_BLOCK, ULONG, PVOID, ULONG, PVOID, ULONG ); NTSYSCALLAPI NTSTATUS NTAPI NtFreeVirtualMemory( HANDLE, PVOID *, PSIZE_T, ULONG ); NTSYSCALLAPI NTSTATUS NTAPI NtFsControlFile( HANDLE, HANDLE, PIO_APC_ROUTINE, PVOID, PIO_STATUS_BLOCK, ULONG, PVOID, ULONG, PVOID, ULONG ); NTSYSCALLAPI NTSTATUS NTAPI NtLockFile( HANDLE, HANDLE, PIO_APC_ROUTINE, PVOID, PIO_STATUS_BLOCK, PLARGE_INTEGER, PLARGE_INTEGER, ULONG, BOOLEAN, BOOLEAN ); NTSYSCALLAPI NTSTATUS NTAPI NtOpenFile( PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PIO_STATUS_BLOCK, ULONG, ULONG ); NTSYSCALLAPI NTSTATUS NTAPI NtOpenProcessToken( HANDLE, ACCESS_MASK, PHANDLE ); NTSYSCALLAPI NTSTATUS NTAPI NtOpenThreadToken( HANDLE, ACCESS_MASK, BOOLEAN, PHANDLE ); NTSYSCALLAPI NTSTATUS NTAPI NtQueryDirectoryFile( HANDLE, HANDLE, PIO_APC_ROUTINE, PVOID, PIO_STATUS_BLOCK, PVOID, ULONG, FILE_INFORMATION_CLASS, BOOLEAN, PUNICODE_STRING, BOOLEAN ); NTSYSCALLAPI NTSTATUS NTAPI NtQueryInformationFile( HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG, FILE_INFORMATION_CLASS ); NTSYSCALLAPI NTSTATUS NTAPI NtQueryInformationToken( HANDLE, TOKEN_INFORMATION_CLASS, PVOID, ULONG, PULONG ); NTSYSCALLAPI NTSTATUS NTAPI NtQueryQuotaInformationFile( HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG, BOOLEAN, PVOID, ULONG, PSID, BOOLEAN ); NTSYSCALLAPI NTSTATUS NTAPI NtQuerySecurityObject( HANDLE, SECURITY_INFORMATION, PSECURITY_DESCRIPTOR, ULONG, PULONG ); NTSYSCALLAPI NTSTATUS NTAPI NtQueryVolumeInformationFile( HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG, FS_INFORMATION_CLASS ); NTSYSCALLAPI NTSTATUS NTAPI NtReadFile( HANDLE, HANDLE, PIO_APC_ROUTINE, PVOID, PIO_STATUS_BLOCK, PVOID, ULONG, PLARGE_INTEGER, PULONG ); NTSYSCALLAPI NTSTATUS NTAPI NtSetInformationFile( HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG, FILE_INFORMATION_CLASS ); NTSYSCALLAPI NTSTATUS NTAPI NtSetQuotaInformationFile( HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG ); NTSYSCALLAPI NTSTATUS NTAPI NtSetSecurityObject( HANDLE, SECURITY_INFORMATION, PSECURITY_DESCRIPTOR ); NTSYSCALLAPI NTSTATUS NTAPI NtSetVolumeInformationFile( HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG, FS_INFORMATION_CLASS ); NTSYSCALLAPI NTSTATUS NTAPI NtUnlockFile( HANDLE, PIO_STATUS_BLOCK, PLARGE_INTEGER, PLARGE_INTEGER, ULONG ); NTSYSCALLAPI NTSTATUS NTAPI NtWriteFile( HANDLE, HANDLE, PIO_APC_ROUTINE, PVOID, PIO_STATUS_BLOCK, PVOID, ULONG, PLARGE_INTEGER, PULONG ); #endif #if (NTDDI_VERSION >= 0x05010000) NTSYSCALLAPI NTSTATUS NTAPI NtAccessCheckAndAuditAlarm( PUNICODE_STRING, PVOID, PUNICODE_STRING, PUNICODE_STRING, PSECURITY_DESCRIPTOR, ACCESS_MASK, PGENERIC_MAPPING, BOOLEAN, PACCESS_MASK, PNTSTATUS, PBOOLEAN ); NTSYSCALLAPI NTSTATUS NTAPI NtAccessCheckByTypeAndAuditAlarm( PUNICODE_STRING, PVOID, PUNICODE_STRING, PUNICODE_STRING, PSECURITY_DESCRIPTOR, PSID, ACCESS_MASK, AUDIT_EVENT_TYPE, ULONG, POBJECT_TYPE_LIST, ULONG, PGENERIC_MAPPING, BOOLEAN, PACCESS_MASK, PNTSTATUS, PBOOLEAN ); NTSYSCALLAPI NTSTATUS NTAPI NtAccessCheckByTypeResultListAndAuditAlarm( PUNICODE_STRING, PVOID, PUNICODE_STRING, PUNICODE_STRING, PSECURITY_DESCRIPTOR, PSID, ACCESS_MASK, AUDIT_EVENT_TYPE, ULONG, POBJECT_TYPE_LIST, ULONG, PGENERIC_MAPPING, BOOLEAN, PACCESS_MASK, PNTSTATUS, PBOOLEAN ); NTSYSCALLAPI NTSTATUS NTAPI NtAccessCheckByTypeResultListAndAuditAlarmByHandle( PUNICODE_STRING, PVOID, HANDLE, PUNICODE_STRING, PUNICODE_STRING, PSECURITY_DESCRIPTOR, PSID, ACCESS_MASK, AUDIT_EVENT_TYPE, ULONG, POBJECT_TYPE_LIST, ULONG, PGENERIC_MAPPING, BOOLEAN, PACCESS_MASK, PNTSTATUS, PBOOLEAN ); NTSYSCALLAPI NTSTATUS NTAPI NtAdjustGroupsToken( HANDLE, BOOLEAN, PTOKEN_GROUPS, ULONG, PTOKEN_GROUPS, PULONG ); NTSYSCALLAPI NTSTATUS NTAPI NtCloseObjectAuditAlarm( PUNICODE_STRING, PVOID, BOOLEAN ); NTSYSCALLAPI NTSTATUS NTAPI NtCreateSection( PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PLARGE_INTEGER, ULONG, ULONG, HANDLE ); NTSYSCALLAPI NTSTATUS NTAPI NtDeleteObjectAuditAlarm( PUNICODE_STRING, PVOID, BOOLEAN ); NTSYSCALLAPI NTSTATUS NTAPI NtDuplicateToken( HANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, BOOLEAN, TOKEN_TYPE, PHANDLE ); NTSYSCALLAPI NTSTATUS NTAPI NtFilterToken( HANDLE, ULONG, PTOKEN_GROUPS, PTOKEN_PRIVILEGES, PTOKEN_GROUPS, PHANDLE ); NTSYSCALLAPI NTSTATUS NTAPI NtImpersonateAnonymousToken( HANDLE ); NTSYSCALLAPI NTSTATUS NTAPI NtOpenObjectAuditAlarm( PUNICODE_STRING, PVOID, PUNICODE_STRING, PUNICODE_STRING, PSECURITY_DESCRIPTOR, HANDLE, ACCESS_MASK, ACCESS_MASK, PPRIVILEGE_SET, BOOLEAN, BOOLEAN, PBOOLEAN ); NTSYSCALLAPI NTSTATUS NTAPI NtOpenProcessTokenEx( HANDLE, ACCESS_MASK, ULONG, PHANDLE ); NTSYSCALLAPI NTSTATUS NTAPI NtOpenThreadTokenEx( HANDLE, ACCESS_MASK, BOOLEAN, ULONG, PHANDLE ); NTSYSCALLAPI NTSTATUS NTAPI NtPrivilegeCheck( HANDLE, PPRIVILEGE_SET, PBOOLEAN ); NTSYSCALLAPI NTSTATUS NTAPI NtPrivilegeObjectAuditAlarm( PUNICODE_STRING, PVOID, HANDLE, ACCESS_MASK, PPRIVILEGE_SET, BOOLEAN ); NTSYSCALLAPI NTSTATUS NTAPI NtPrivilegedServiceAuditAlarm( PUNICODE_STRING, PUNICODE_STRING, HANDLE, PPRIVILEGE_SET, BOOLEAN ); NTSYSCALLAPI NTSTATUS NTAPI NtSetInformationThread( HANDLE, THREADINFOCLASS, PVOID, ULONG ); NTSYSCALLAPI NTSTATUS NTAPI NtSetInformationToken( HANDLE, TOKEN_INFORMATION_CLASS, PVOID, ULONG ); #endif /* Functions in NTOSKRNL.EXE */ NTKERNELAPI VOID NTAPI ExInitializePushLock( PEX_PUSH_LOCK ); NTKERNELAPI NTSTATUS NTAPI FsRtlInsertPerFileContext( PVOID *, PFSRTL_PER_FILE_CONTEXT ); NTKERNELAPI NTSTATUS NTAPI FsRtlInsertPerFileObjectContext( PFILE_OBJECT, PFSRTL_PER_FILEOBJECT_CONTEXT ); NTKERNELAPI PFSRTL_PER_FILE_CONTEXT NTAPI FsRtlLookupPerFileContext( PVOID *, PVOID, PVOID ); NTKERNELAPI PFSRTL_PER_FILEOBJECT_CONTEXT NTAPI FsRtlLookupPerFileObjectContext( PFILE_OBJECT, PVOID, PVOID ); NTKERNELAPI PFSRTL_PER_FILE_CONTEXT NTAPI FsRtlRemovePerFileContext( PVOID *, PVOID, PVOID ); NTKERNELAPI PFSRTL_PER_FILEOBJECT_CONTEXT NTAPI FsRtlRemovePerFileObjectContext( PFILE_OBJECT, PVOID, PVOID ); NTKERNELAPI VOID NTAPI FsRtlTeardownPerFileContexts( PVOID * ); NTKERNELAPI NTSTATUS NTAPI LsaFreeReturnBuffer( PVOID ); NTKERNELAPI NTSTATUS NTAPI LsaLogonUser( HANDLE, PLSA_STRING, SECURITY_LOGON_TYPE, ULONG, PVOID, ULONG, PTOKEN_GROUPS, PTOKEN_SOURCE, PVOID *, PULONG, PLUID, PHANDLE, PQUOTA_LIMITS, PNTSTATUS ); NTKERNELAPI NTSTATUS NTAPI LsaRegisterLogonProcess( PLSA_STRING, PHANDLE, PLSA_OPERATIONAL_MODE ); NTKERNELAPI NTSTATUS NTAPI PsLookupProcessByProcessId( HANDLE, PEPROCESS * ); NTKERNELAPI NTSTATUS NTAPI PsLookupThreadByThreadId( HANDLE, PETHREAD * ); NTKERNELAPI NTSTATUS NTAPI SeAccessCheckFromState( PSECURITY_DESCRIPTOR, PTOKEN_ACCESS_INFORMATION, PTOKEN_ACCESS_INFORMATION, ACCESS_MASK, ACCESS_MASK, PPRIVILEGE_SET *, PGENERIC_MAPPING, KPROCESSOR_MODE, PACCESS_MASK, PNTSTATUS ); NTKERNELAPI NTSTATUS NTAPI SeLocateProcessImageName( PEPROCESS, PUNICODE_STRING * ); NTKERNELAPI NTSTATUS NTAPI SeReportSecurityEventWithSubCategory( ULONG, PUNICODE_STRING, PSID, PSE_ADT_PARAMETER_ARRAY, ULONG ); #if (NTDDI_VERSION >= 0x05000000) NTKERNELAPI BOOLEAN NTAPI CcCanIWrite( PFILE_OBJECT, ULONG, BOOLEAN, UCHAR ); NTKERNELAPI BOOLEAN NTAPI CcCopyRead( PFILE_OBJECT, PLARGE_INTEGER, ULONG, BOOLEAN, PVOID, PIO_STATUS_BLOCK ); NTKERNELAPI BOOLEAN NTAPI CcCopyWrite( PFILE_OBJECT, PLARGE_INTEGER, ULONG, BOOLEAN, PVOID ); NTKERNELAPI VOID NTAPI CcDeferWrite( PFILE_OBJECT, PCC_POST_DEFERRED_WRITE, PVOID, PVOID, ULONG, BOOLEAN ); NTKERNELAPI VOID NTAPI CcFastCopyRead( PFILE_OBJECT, ULONG, ULONG, ULONG, PVOID, PIO_STATUS_BLOCK ); NTKERNELAPI VOID NTAPI CcFastCopyWrite( PFILE_OBJECT, ULONG, ULONG, PVOID ); NTKERNELAPI VOID NTAPI CcFlushCache( PSECTION_OBJECT_POINTERS, PLARGE_INTEGER, ULONG, PIO_STATUS_BLOCK ); NTKERNELAPI PFILE_OBJECT NTAPI CcGetFileObjectFromBcb( PVOID ); NTKERNELAPI PFILE_OBJECT NTAPI CcGetFileObjectFromSectionPtrs( PSECTION_OBJECT_POINTERS ); NTKERNELAPI LARGE_INTEGER NTAPI CcGetFlushedValidData( PSECTION_OBJECT_POINTERS, BOOLEAN ); NTKERNELAPI VOID NTAPI CcInitializeCacheMap( PFILE_OBJECT, PCC_FILE_SIZES, BOOLEAN, PCACHE_MANAGER_CALLBACKS, PVOID ); NTKERNELAPI BOOLEAN NTAPI CcIsThereDirtyData( PVPB ); NTKERNELAPI VOID NTAPI CcMdlRead( PFILE_OBJECT, PLARGE_INTEGER, ULONG, PMDL *, PIO_STATUS_BLOCK ); NTKERNELAPI VOID NTAPI CcMdlReadComplete( PFILE_OBJECT, PMDL ); NTKERNELAPI VOID NTAPI CcMdlWriteComplete( PFILE_OBJECT, PLARGE_INTEGER, PMDL ); NTKERNELAPI BOOLEAN NTAPI CcPinMappedData( PFILE_OBJECT, PLARGE_INTEGER, ULONG, ULONG, PVOID * ); NTKERNELAPI BOOLEAN NTAPI CcPinRead( PFILE_OBJECT, PLARGE_INTEGER, ULONG, ULONG, PVOID *, PVOID * ); NTKERNELAPI VOID NTAPI CcPrepareMdlWrite( PFILE_OBJECT, PLARGE_INTEGER, ULONG, PMDL *, PIO_STATUS_BLOCK ); NTKERNELAPI BOOLEAN NTAPI CcPreparePinWrite( PFILE_OBJECT, PLARGE_INTEGER, ULONG, BOOLEAN, ULONG, PVOID *, PVOID * ); NTKERNELAPI PVOID NTAPI CcRemapBcb( PVOID ); NTKERNELAPI VOID NTAPI CcRepinBcb( PVOID ); NTKERNELAPI VOID NTAPI CcScheduleReadAhead( PFILE_OBJECT, PLARGE_INTEGER, ULONG ); NTKERNELAPI VOID NTAPI CcSetAdditionalCacheAttributes( PFILE_OBJECT, BOOLEAN, BOOLEAN ); NTKERNELAPI VOID NTAPI CcSetBcbOwnerPointer( PVOID, PVOID ); NTKERNELAPI VOID NTAPI CcSetDirtyPageThreshold( PFILE_OBJECT, ULONG ); NTKERNELAPI VOID NTAPI CcSetDirtyPinnedData( PVOID, PLARGE_INTEGER ); NTKERNELAPI VOID NTAPI CcSetFileSizes( PFILE_OBJECT, PCC_FILE_SIZES ); NTKERNELAPI VOID NTAPI CcSetReadAheadGranularity( PFILE_OBJECT, ULONG ); NTKERNELAPI BOOLEAN NTAPI CcUninitializeCacheMap( PFILE_OBJECT, PLARGE_INTEGER, PCACHE_UNINITIALIZE_EVENT ); NTKERNELAPI VOID NTAPI CcUnpinData( PVOID ); NTKERNELAPI VOID NTAPI CcUnpinDataForThread( PVOID, ERESOURCE_THREAD ); NTKERNELAPI VOID NTAPI CcUnpinRepinnedBcb( PVOID, BOOLEAN, PIO_STATUS_BLOCK ); NTKERNELAPI NTSTATUS NTAPI CcWaitForCurrentLazyWriterActivity( VOID ); NTKERNELAPI BOOLEAN NTAPI CcZeroData( PFILE_OBJECT, PLARGE_INTEGER, PLARGE_INTEGER, BOOLEAN ); NTKERNELAPI VOID NTAPI ExDisableResourceBoostLite( PERESOURCE ); NTKERNELAPI SIZE_T NTAPI ExQueryPoolBlockSize( PVOID, PBOOLEAN ); NTKERNELAPI VOID NTAPI FsRtlAcquireFileExclusive( PFILE_OBJECT ); NTKERNELAPI BOOLEAN NTAPI FsRtlAddLargeMcbEntry( PLARGE_MCB, LONGLONG, LONGLONG, LONGLONG ); NTKERNELAPI BOOLEAN NTAPI FsRtlAddMcbEntry( PMCB, VBN, LBN, ULONG ); NTKERNELAPI VOID NTAPI FsRtlAddToTunnelCache( TUNNEL *, ULONGLONG, UNICODE_STRING *, UNICODE_STRING *, BOOLEAN, ULONG, VOID * ); NTKERNELAPI PFILE_LOCK NTAPI FsRtlAllocateFileLock( PCOMPLETE_LOCK_IRP_ROUTINE, PUNLOCK_ROUTINE ); NTKERNELAPI PERESOURCE NTAPI FsRtlAllocateResource( VOID ); NTKERNELAPI BOOLEAN NTAPI FsRtlAreNamesEqual( PCUNICODE_STRING, PCUNICODE_STRING, BOOLEAN, PCWCH ); NTKERNELAPI NTSTATUS NTAPI FsRtlBalanceReads( PDEVICE_OBJECT ); NTKERNELAPI BOOLEAN NTAPI FsRtlCheckLockForReadAccess( PFILE_LOCK, PIRP ); NTKERNELAPI BOOLEAN NTAPI FsRtlCheckLockForWriteAccess( PFILE_LOCK, PIRP ); NTKERNELAPI NTSTATUS NTAPI FsRtlCheckOplock( POPLOCK, PIRP, PVOID, POPLOCK_WAIT_COMPLETE_ROUTINE, POPLOCK_FS_PREPOST_IRP ); NTKERNELAPI BOOLEAN NTAPI FsRtlCopyRead( PFILE_OBJECT, PLARGE_INTEGER, ULONG, BOOLEAN, ULONG, PVOID, PIO_STATUS_BLOCK, PDEVICE_OBJECT ); NTKERNELAPI BOOLEAN NTAPI FsRtlCopyWrite( PFILE_OBJECT, PLARGE_INTEGER, ULONG, BOOLEAN, ULONG, PVOID, PIO_STATUS_BLOCK, PDEVICE_OBJECT ); NTKERNELAPI NTSTATUS NTAPI FsRtlCreateSectionForDataScan( PHANDLE, PVOID *, PLARGE_INTEGER, PFILE_OBJECT, ACCESS_MASK, POBJECT_ATTRIBUTES, PLARGE_INTEGER, ULONG, ULONG, ULONG ); NTKERNELAPI BOOLEAN NTAPI FsRtlCurrentBatchOplock( POPLOCK ); NTKERNELAPI VOID NTAPI FsRtlDeleteKeyFromTunnelCache( TUNNEL *, ULONGLONG ); NTKERNELAPI VOID NTAPI FsRtlDeleteTunnelCache( TUNNEL * ); NTKERNELAPI VOID NTAPI FsRtlDeregisterUncProvider( HANDLE ); NTKERNELAPI VOID NTAPI FsRtlDissectDbcs( ANSI_STRING, PANSI_STRING, PANSI_STRING ); NTKERNELAPI VOID NTAPI FsRtlDissectName( UNICODE_STRING, PUNICODE_STRING, PUNICODE_STRING ); NTKERNELAPI BOOLEAN NTAPI FsRtlDoesDbcsContainWildCards( PANSI_STRING ); NTKERNELAPI BOOLEAN NTAPI FsRtlDoesNameContainWildCards( PUNICODE_STRING ); NTKERNELAPI BOOLEAN NTAPI FsRtlFastCheckLockForRead( PFILE_LOCK, PLARGE_INTEGER, PLARGE_INTEGER, ULONG, PFILE_OBJECT, PVOID ); NTKERNELAPI BOOLEAN NTAPI FsRtlFastCheckLockForWrite( PFILE_LOCK, PLARGE_INTEGER, PLARGE_INTEGER, ULONG, PVOID, PVOID ); NTKERNELAPI NTSTATUS NTAPI FsRtlFastUnlockAll( PFILE_LOCK, PFILE_OBJECT, PEPROCESS, PVOID ); NTKERNELAPI NTSTATUS NTAPI FsRtlFastUnlockAllByKey( PFILE_LOCK, PFILE_OBJECT, PEPROCESS, ULONG, PVOID ); NTKERNELAPI NTSTATUS NTAPI FsRtlFastUnlockSingle( PFILE_LOCK, PFILE_OBJECT, LARGE_INTEGER *, PLARGE_INTEGER, PEPROCESS, ULONG, PVOID, BOOLEAN ); NTKERNELAPI BOOLEAN NTAPI FsRtlFindInTunnelCache( TUNNEL *, ULONGLONG, UNICODE_STRING *, UNICODE_STRING *, UNICODE_STRING *, ULONG *, VOID * ); NTKERNELAPI VOID NTAPI FsRtlFreeFileLock( PFILE_LOCK ); NTKERNELAPI NTSTATUS NTAPI FsRtlGetFileSize( PFILE_OBJECT, PLARGE_INTEGER ); NTKERNELAPI PFILE_LOCK_INFO NTAPI FsRtlGetNextFileLock( PFILE_LOCK, BOOLEAN ); NTKERNELAPI BOOLEAN NTAPI FsRtlGetNextLargeMcbEntry( PLARGE_MCB, ULONG, PLONGLONG, PLONGLONG, PLONGLONG ); NTKERNELAPI BOOLEAN NTAPI FsRtlGetNextMcbEntry( PMCB, ULONG, PVBN, PLBN, PULONG ); NTKERNELAPI VOID NTAPI FsRtlInitializeFileLock( PFILE_LOCK, PCOMPLETE_LOCK_IRP_ROUTINE, PUNLOCK_ROUTINE ); NTKERNELAPI VOID NTAPI FsRtlInitializeLargeMcb( PLARGE_MCB, POOL_TYPE ); NTKERNELAPI VOID NTAPI FsRtlInitializeMcb( PMCB, POOL_TYPE ); NTKERNELAPI VOID NTAPI FsRtlInitializeOplock( POPLOCK ); NTKERNELAPI VOID NTAPI FsRtlInitializeTunnelCache( TUNNEL * ); NTKERNELAPI BOOLEAN NTAPI FsRtlIsDbcsInExpression( PANSI_STRING, PANSI_STRING ); NTKERNELAPI BOOLEAN NTAPI FsRtlIsFatDbcsLegal( ANSI_STRING, BOOLEAN, BOOLEAN, BOOLEAN ); NTKERNELAPI BOOLEAN NTAPI FsRtlIsHpfsDbcsLegal( ANSI_STRING, BOOLEAN, BOOLEAN, BOOLEAN ); NTKERNELAPI BOOLEAN NTAPI FsRtlIsNameInExpression( PUNICODE_STRING, PUNICODE_STRING, BOOLEAN, PWCH ); NTKERNELAPI BOOLEAN NTAPI FsRtlIsNtstatusExpected( NTSTATUS ); NTKERNELAPI BOOLEAN NTAPI FsRtlLookupLargeMcbEntry( PLARGE_MCB, LONGLONG, PLONGLONG, PLONGLONG, PLONGLONG, PLONGLONG, PULONG ); NTKERNELAPI BOOLEAN NTAPI FsRtlLookupLastLargeMcbEntry( PLARGE_MCB, PLONGLONG, PLONGLONG ); NTKERNELAPI BOOLEAN NTAPI FsRtlLookupLastLargeMcbEntryAndIndex( PLARGE_MCB, PLONGLONG, PLONGLONG, PULONG ); NTKERNELAPI BOOLEAN NTAPI FsRtlLookupLastMcbEntry( PMCB, PVBN, PLBN ); NTKERNELAPI BOOLEAN NTAPI FsRtlLookupMcbEntry( PMCB, VBN, PLBN, PULONG, PULONG ); NTKERNELAPI BOOLEAN NTAPI FsRtlMdlReadCompleteDev( PFILE_OBJECT, PMDL, PDEVICE_OBJECT ); NTKERNELAPI BOOLEAN NTAPI FsRtlMdlReadDev( PFILE_OBJECT, PLARGE_INTEGER, ULONG, ULONG, PMDL *, PIO_STATUS_BLOCK, PDEVICE_OBJECT ); NTKERNELAPI BOOLEAN NTAPI FsRtlMdlWriteCompleteDev( PFILE_OBJECT, PLARGE_INTEGER, PMDL, PDEVICE_OBJECT ); NTKERNELAPI NTSTATUS NTAPI FsRtlNormalizeNtstatus( NTSTATUS, NTSTATUS ); NTKERNELAPI VOID NTAPI FsRtlNotifyCleanup( PNOTIFY_SYNC, PLIST_ENTRY, PVOID ); NTKERNELAPI VOID NTAPI FsRtlNotifyFilterReportChange( PNOTIFY_SYNC, PLIST_ENTRY, PSTRING, USHORT, PSTRING, PSTRING, ULONG, ULONG, PVOID, PVOID ); NTKERNELAPI VOID NTAPI FsRtlNotifyFullChangeDirectory( PNOTIFY_SYNC, PLIST_ENTRY, PVOID, PSTRING, BOOLEAN, BOOLEAN, ULONG, PIRP, PCHECK_FOR_TRAVERSE_ACCESS, PSECURITY_SUBJECT_CONTEXT ); NTKERNELAPI VOID NTAPI FsRtlNotifyFullReportChange( PNOTIFY_SYNC, PLIST_ENTRY, PSTRING, USHORT, PSTRING, PSTRING, ULONG, ULONG, PVOID ); NTKERNELAPI VOID NTAPI FsRtlNotifyInitializeSync( PNOTIFY_SYNC * ); NTKERNELAPI VOID NTAPI FsRtlNotifyUninitializeSync( PNOTIFY_SYNC * ); NTKERNELAPI NTSTATUS NTAPI FsRtlNotifyVolumeEvent( PFILE_OBJECT, ULONG ); NTKERNELAPI ULONG NTAPI FsRtlNumberOfRunsInLargeMcb( PLARGE_MCB ); NTKERNELAPI ULONG NTAPI FsRtlNumberOfRunsInMcb( PMCB ); NTKERNELAPI NTSTATUS NTAPI FsRtlOplockFsctrl( POPLOCK, PIRP, ULONG ); NTKERNELAPI BOOLEAN NTAPI FsRtlOplockIsFastIoPossible( POPLOCK ); NTKERNELAPI VOID NTAPI FsRtlPostPagingFileStackOverflow( PVOID, PKEVENT, PFSRTL_STACK_OVERFLOW_ROUTINE ); NTKERNELAPI VOID NTAPI FsRtlPostStackOverflow( PVOID, PKEVENT, PFSRTL_STACK_OVERFLOW_ROUTINE ); NTKERNELAPI BOOLEAN NTAPI FsRtlPrepareMdlWriteDev( PFILE_OBJECT, PLARGE_INTEGER, ULONG, ULONG, PMDL *, PIO_STATUS_BLOCK, PDEVICE_OBJECT ); NTKERNELAPI BOOLEAN NTAPI FsRtlPrivateLock( PFILE_LOCK, PFILE_OBJECT, PLARGE_INTEGER, PLARGE_INTEGER, PEPROCESS, ULONG, BOOLEAN, BOOLEAN, PIO_STATUS_BLOCK, PIRP, PVOID, BOOLEAN ); NTKERNELAPI NTSTATUS NTAPI FsRtlProcessFileLock( PFILE_LOCK, PIRP, PVOID ); NTKERNELAPI NTSTATUS NTAPI FsRtlRegisterUncProvider( PHANDLE, PUNICODE_STRING, BOOLEAN ); NTKERNELAPI VOID NTAPI FsRtlReleaseFile( PFILE_OBJECT ); NTKERNELAPI VOID NTAPI FsRtlRemoveLargeMcbEntry( PLARGE_MCB, LONGLONG, LONGLONG ); NTKERNELAPI VOID NTAPI FsRtlRemoveMcbEntry( PMCB, VBN, ULONG ); NTKERNELAPI VOID NTAPI FsRtlResetLargeMcb( PLARGE_MCB, BOOLEAN ); NTKERNELAPI BOOLEAN NTAPI FsRtlSplitLargeMcb( PLARGE_MCB, LONGLONG, LONGLONG ); NTKERNELAPI VOID NTAPI FsRtlTeardownPerStreamContexts( PFSRTL_ADVANCED_FCB_HEADER ); NTKERNELAPI VOID NTAPI FsRtlTruncateLargeMcb( PLARGE_MCB, LONGLONG ); NTKERNELAPI VOID NTAPI FsRtlTruncateMcb( PMCB, VBN ); NTKERNELAPI VOID NTAPI FsRtlUninitializeFileLock( PFILE_LOCK ); NTKERNELAPI VOID NTAPI FsRtlUninitializeLargeMcb( PLARGE_MCB ); NTKERNELAPI VOID NTAPI FsRtlUninitializeMcb( PMCB ); NTKERNELAPI VOID NTAPI FsRtlUninitializeOplock( POPLOCK ); NTKERNELAPI VOID NTAPI IoAcquireVpbSpinLock( PKIRQL ); NTKERNELAPI NTSTATUS NTAPI IoCheckDesiredAccess( PACCESS_MASK, ACCESS_MASK ); NTKERNELAPI NTSTATUS NTAPI IoCheckEaBufferValidity( PFILE_FULL_EA_INFORMATION, ULONG, PULONG ); NTKERNELAPI NTSTATUS NTAPI IoCheckFunctionAccess( ACCESS_MASK, UCHAR, UCHAR, ULONG, PVOID, PVOID ); NTKERNELAPI NTSTATUS NTAPI IoCheckQuerySetFileInformation( FILE_INFORMATION_CLASS, ULONG, BOOLEAN ); NTKERNELAPI NTSTATUS NTAPI IoCheckQuerySetVolumeInformation( FS_INFORMATION_CLASS, ULONG, BOOLEAN ); NTKERNELAPI NTSTATUS NTAPI IoCheckQuotaBufferValidity( PFILE_QUOTA_INFORMATION, ULONG, PULONG ); NTKERNELAPI PFILE_OBJECT NTAPI IoCreateStreamFileObject( PFILE_OBJECT, PDEVICE_OBJECT ); NTKERNELAPI PFILE_OBJECT NTAPI IoCreateStreamFileObjectLite( PFILE_OBJECT, PDEVICE_OBJECT ); NTKERNELAPI BOOLEAN NTAPI IoFastQueryNetworkAttributes( POBJECT_ATTRIBUTES, ACCESS_MASK, ULONG, PIO_STATUS_BLOCK, PFILE_NETWORK_OPEN_INFORMATION ); NTKERNELAPI PDEVICE_OBJECT NTAPI IoGetAttachedDevice( PDEVICE_OBJECT ); NTKERNELAPI PDEVICE_OBJECT NTAPI IoGetBaseFileSystemDeviceObject( PFILE_OBJECT ); NTKERNELAPI PEPROCESS NTAPI IoGetRequestorProcess( PIRP ); NTKERNELAPI ULONG NTAPI IoGetRequestorProcessId( PIRP ); NTKERNELAPI NTSTATUS NTAPI IoGetRequestorSessionId( PIRP, PULONG ); NTKERNELAPI PIRP NTAPI IoGetTopLevelIrp( VOID ); NTKERNELAPI BOOLEAN NTAPI IoIsOperationSynchronous( PIRP ); NTKERNELAPI BOOLEAN NTAPI IoIsSystemThread( PETHREAD ); NTKERNELAPI BOOLEAN NTAPI IoIsValidNameGraftingBuffer( PIRP, PREPARSE_DATA_BUFFER ); NTKERNELAPI NTSTATUS NTAPI IoPageRead( PFILE_OBJECT, PMDL, PLARGE_INTEGER, PKEVENT, PIO_STATUS_BLOCK ); NTKERNELAPI NTSTATUS NTAPI IoQueryFileInformation( PFILE_OBJECT, FILE_INFORMATION_CLASS, ULONG, PVOID, PULONG ); NTKERNELAPI NTSTATUS NTAPI IoQueryVolumeInformation( PFILE_OBJECT, FS_INFORMATION_CLASS, ULONG, PVOID, PULONG ); NTKERNELAPI VOID NTAPI IoQueueThreadIrp( PIRP ); NTKERNELAPI VOID NTAPI IoRegisterFileSystem( PDEVICE_OBJECT ); NTKERNELAPI NTSTATUS NTAPI IoRegisterFsRegistrationChange( PDRIVER_OBJECT, PDRIVER_FS_NOTIFICATION ); NTKERNELAPI VOID NTAPI IoReleaseVpbSpinLock( KIRQL ); NTKERNELAPI VOID NTAPI IoSetDeviceToVerify( PETHREAD, PDEVICE_OBJECT ); NTKERNELAPI NTSTATUS NTAPI IoSetInformation( PFILE_OBJECT, FILE_INFORMATION_CLASS, ULONG, PVOID ); NTKERNELAPI VOID NTAPI IoSetTopLevelIrp( PIRP ); NTKERNELAPI NTSTATUS NTAPI IoSynchronousPageWrite( PFILE_OBJECT, PMDL, PLARGE_INTEGER, PKEVENT, PIO_STATUS_BLOCK ); NTKERNELAPI PEPROCESS NTAPI IoThreadToProcess( PETHREAD ); NTKERNELAPI VOID NTAPI IoUnregisterFileSystem( PDEVICE_OBJECT ); NTKERNELAPI VOID NTAPI IoUnregisterFsRegistrationChange( PDRIVER_OBJECT, PDRIVER_FS_NOTIFICATION ); NTKERNELAPI NTSTATUS NTAPI IoVerifyVolume( PDEVICE_OBJECT, BOOLEAN ); NTKERNELAPI VOID NTAPI KeAttachProcess( PRKPROCESS ); NTKERNELAPI VOID NTAPI KeDetachProcess( VOID ); NTKERNELAPI VOID NTAPI KeInitializeMutant( PRKMUTANT, BOOLEAN ); NTKERNELAPI VOID NTAPI KeInitializeQueue( PRKQUEUE, ULONG ); NTKERNELAPI LONG NTAPI KeInsertHeadQueue( PRKQUEUE, PLIST_ENTRY ); NTKERNELAPI LONG NTAPI KeInsertQueue( PRKQUEUE, PLIST_ENTRY ); NTKERNELAPI LONG NTAPI KeReadStateMutant( PRKMUTANT ); NTKERNELAPI LONG NTAPI KeReadStateQueue( PRKQUEUE ); NTKERNELAPI LONG NTAPI KeReleaseMutant( PRKMUTANT, KPRIORITY, BOOLEAN, BOOLEAN ); NTKERNELAPI PLIST_ENTRY NTAPI KeRemoveQueue( PRKQUEUE, KPROCESSOR_MODE, PLARGE_INTEGER ); NTKERNELAPI PLIST_ENTRY NTAPI KeRundownQueue( PRKQUEUE ); NTKERNELAPI UCHAR NTAPI KeSetIdealProcessorThread( PKTHREAD, UCHAR ); NTKERNELAPI BOOLEAN NTAPI KeSetKernelStackSwapEnable( BOOLEAN ); NTKERNELAPI VOID NTAPI KeStackAttachProcess( PRKPROCESS, PRKAPC_STATE ); NTKERNELAPI VOID NTAPI KeUnstackDetachProcess( PRKAPC_STATE ); NTKERNELAPI BOOLEAN NTAPI MmCanFileBeTruncated( PSECTION_OBJECT_POINTERS, PLARGE_INTEGER ); NTKERNELAPI BOOLEAN NTAPI MmFlushImageSection( PSECTION_OBJECT_POINTERS, MMFLUSH_TYPE ); NTKERNELAPI BOOLEAN NTAPI MmForceSectionClosed( PSECTION_OBJECT_POINTERS, BOOLEAN ); NTKERNELAPI BOOLEAN NTAPI MmIsRecursiveIoFault( VOID ); NTKERNELAPI BOOLEAN NTAPI MmSetAddressRangeModified( PVOID, SIZE_T ); NTKERNELAPI NTSTATUS NTAPI ObInsertObject( PVOID, PACCESS_STATE, ACCESS_MASK, ULONG, PVOID *, PHANDLE ); NTKERNELAPI VOID NTAPI ObMakeTemporaryObject( PVOID ); NTKERNELAPI NTSTATUS NTAPI ObOpenObjectByPointer( PVOID, ULONG, PACCESS_STATE, ACCESS_MASK, POBJECT_TYPE, KPROCESSOR_MODE, PHANDLE ); NTKERNELAPI NTSTATUS NTAPI ObQueryNameString( PVOID, POBJECT_NAME_INFORMATION, ULONG, PULONG ); NTKERNELAPI NTSTATUS NTAPI ObQueryObjectAuditingByHandle( HANDLE, PBOOLEAN ); NTKERNELAPI NTSTATUS NTAPI PsAssignImpersonationToken( PETHREAD, HANDLE ); NTKERNELAPI VOID NTAPI PsChargePoolQuota( PEPROCESS, POOL_TYPE, ULONG_PTR ); NTKERNELAPI BOOLEAN NTAPI PsDisableImpersonation( PETHREAD, PSE_IMPERSONATION_STATE ); NTKERNELAPI LARGE_INTEGER NTAPI PsGetProcessExitTime( VOID ); NTKERNELAPI NTSTATUS NTAPI PsImpersonateClient( PETHREAD, PACCESS_TOKEN, BOOLEAN, BOOLEAN, SECURITY_IMPERSONATION_LEVEL ); NTKERNELAPI BOOLEAN NTAPI PsIsThreadTerminating( PETHREAD ); NTKERNELAPI PACCESS_TOKEN NTAPI PsReferenceImpersonationToken( PETHREAD, PBOOLEAN, PBOOLEAN, PSECURITY_IMPERSONATION_LEVEL ); NTKERNELAPI PACCESS_TOKEN NTAPI PsReferencePrimaryToken( PEPROCESS ); NTKERNELAPI VOID NTAPI PsRestoreImpersonation( PETHREAD, PSE_IMPERSONATION_STATE ); NTKERNELAPI VOID NTAPI PsReturnPoolQuota( PEPROCESS, POOL_TYPE, ULONG_PTR ); NTKERNELAPI VOID NTAPI PsRevertToSelf( VOID ); NTKERNELAPI NTSTATUS NTAPI SeAppendPrivileges( PACCESS_STATE, PPRIVILEGE_SET ); NTKERNELAPI BOOLEAN NTAPI SeAuditingFileEvents( BOOLEAN, PSECURITY_DESCRIPTOR ); NTKERNELAPI BOOLEAN NTAPI SeAuditingFileOrGlobalEvents( BOOLEAN, PSECURITY_DESCRIPTOR, PSECURITY_SUBJECT_CONTEXT ); NTKERNELAPI NTSTATUS NTAPI SeCreateClientSecurity( PETHREAD, PSECURITY_QUALITY_OF_SERVICE, BOOLEAN, PSECURITY_CLIENT_CONTEXT ); NTKERNELAPI NTSTATUS NTAPI SeCreateClientSecurityFromSubjectContext( PSECURITY_SUBJECT_CONTEXT, PSECURITY_QUALITY_OF_SERVICE, BOOLEAN, PSECURITY_CLIENT_CONTEXT ); NTKERNELAPI VOID NTAPI SeDeleteObjectAuditAlarm( PVOID, HANDLE ); NTKERNELAPI VOID NTAPI SeFreePrivileges( PPRIVILEGE_SET ); NTKERNELAPI VOID NTAPI SeImpersonateClient( PSECURITY_CLIENT_CONTEXT, PETHREAD ); NTKERNELAPI NTSTATUS NTAPI SeImpersonateClientEx( PSECURITY_CLIENT_CONTEXT, PETHREAD ); NTKERNELAPI NTSTATUS NTAPI SeMarkLogonSessionForTerminationNotification( PLUID ); NTKERNELAPI VOID NTAPI SeOpenObjectAuditAlarm( PUNICODE_STRING, PVOID, PUNICODE_STRING, PSECURITY_DESCRIPTOR, PACCESS_STATE, BOOLEAN, BOOLEAN, KPROCESSOR_MODE, PBOOLEAN ); NTKERNELAPI VOID NTAPI SeOpenObjectForDeleteAuditAlarm( PUNICODE_STRING, PVOID, PUNICODE_STRING, PSECURITY_DESCRIPTOR, PACCESS_STATE, BOOLEAN, BOOLEAN, KPROCESSOR_MODE, PBOOLEAN ); NTKERNELAPI BOOLEAN NTAPI SePrivilegeCheck( PPRIVILEGE_SET, PSECURITY_SUBJECT_CONTEXT, KPROCESSOR_MODE ); NTKERNELAPI NTSTATUS NTAPI SeQueryAuthenticationIdToken( PACCESS_TOKEN, PLUID ); NTKERNELAPI NTSTATUS NTAPI SeQueryInformationToken( PACCESS_TOKEN, TOKEN_INFORMATION_CLASS, PVOID * ); NTKERNELAPI NTSTATUS NTAPI SeQuerySecurityDescriptorInfo( PSECURITY_INFORMATION, PSECURITY_DESCRIPTOR, PULONG, PSECURITY_DESCRIPTOR * ); NTKERNELAPI NTSTATUS NTAPI SeQuerySessionIdToken( PACCESS_TOKEN, PULONG ); NTKERNELAPI NTSTATUS NTAPI SeRegisterLogonSessionTerminatedRoutine( PSE_LOGON_SESSION_TERMINATED_ROUTINE ); NTKERNELAPI VOID NTAPI SeSetAccessStateGenericMapping( PACCESS_STATE, PGENERIC_MAPPING ); NTKERNELAPI NTSTATUS NTAPI SeSetSecurityDescriptorInfo( PVOID, PSECURITY_INFORMATION, PSECURITY_DESCRIPTOR, PSECURITY_DESCRIPTOR *, POOL_TYPE, PGENERIC_MAPPING ); NTKERNELAPI NTSTATUS NTAPI SeSetSecurityDescriptorInfoEx( PVOID, PSECURITY_INFORMATION, PSECURITY_DESCRIPTOR, PSECURITY_DESCRIPTOR *, ULONG, POOL_TYPE, PGENERIC_MAPPING ); NTKERNELAPI BOOLEAN NTAPI SeTokenIsAdmin( PACCESS_TOKEN ); NTKERNELAPI BOOLEAN NTAPI SeTokenIsRestricted( PACCESS_TOKEN ); NTKERNELAPI TOKEN_TYPE NTAPI SeTokenType( PACCESS_TOKEN ); NTKERNELAPI NTSTATUS NTAPI SeUnregisterLogonSessionTerminatedRoutine( PSE_LOGON_SESSION_TERMINATED_ROUTINE ); #endif #if (NTDDI_VERSION >= 0x05000300) NTKERNELAPI BOOLEAN NTAPI SeAuditingHardLinkEvents( BOOLEAN, PSECURITY_DESCRIPTOR ); #endif #if (NTDDI_VERSION >= 0x05010000) NTKERNELAPI LARGE_INTEGER NTAPI CcGetDirtyPages( PVOID, PDIRTY_PAGE_ROUTINE, PVOID, PVOID ); NTKERNELAPI VOID NTAPI CcMdlWriteAbort( PFILE_OBJECT, PMDL ); NTKERNELAPI VOID NTAPI CcSetLogHandleForFile( PFILE_OBJECT, PVOID, PFLUSH_TO_LSN ); NTKERNELAPI VOID NTAPI FsRtlIncrementCcFastReadNoWait( VOID ); NTKERNELAPI VOID NTAPI FsRtlIncrementCcFastReadNotPossible( VOID ); NTKERNELAPI VOID NTAPI FsRtlIncrementCcFastReadResourceMiss( VOID ); NTKERNELAPI VOID NTAPI FsRtlIncrementCcFastReadWait( VOID ); NTKERNELAPI NTSTATUS NTAPI FsRtlInsertPerStreamContext( PFSRTL_ADVANCED_FCB_HEADER, PFSRTL_PER_STREAM_CONTEXT ); NTKERNELAPI PFSRTL_PER_STREAM_CONTEXT NTAPI FsRtlLookupPerStreamContextInternal( PFSRTL_ADVANCED_FCB_HEADER, PVOID, PVOID ); NTKERNELAPI VOID NTAPI FsRtlNotifyFilterChangeDirectory( PNOTIFY_SYNC, PLIST_ENTRY, PVOID, PSTRING, BOOLEAN, BOOLEAN, ULONG, PIRP, PCHECK_FOR_TRAVERSE_ACCESS, PSECURITY_SUBJECT_CONTEXT, PFILTER_REPORT_CHANGE ); NTKERNELAPI NTSTATUS NTAPI FsRtlRegisterFileSystemFilterCallbacks( struct _DRIVER_OBJECT *, PFS_FILTER_CALLBACKS ); NTKERNELAPI PFSRTL_PER_STREAM_CONTEXT NTAPI FsRtlRemovePerStreamContext( PFSRTL_ADVANCED_FCB_HEADER, PVOID, PVOID ); NTKERNELAPI PFILE_OBJECT NTAPI IoCreateStreamFileObjectEx( PFILE_OBJECT, PDEVICE_OBJECT, PHANDLE ); NTKERNELAPI NTSTATUS NTAPI IoEnumerateDeviceObjectList( PDRIVER_OBJECT, PDEVICE_OBJECT *, ULONG, PULONG ); NTKERNELAPI PDEVICE_OBJECT NTAPI IoGetDeviceAttachmentBaseRef( PDEVICE_OBJECT ); NTKERNELAPI NTSTATUS NTAPI IoGetDiskDeviceObject( PDEVICE_OBJECT, PDEVICE_OBJECT * ); NTKERNELAPI PDEVICE_OBJECT NTAPI IoGetLowerDeviceObject( PDEVICE_OBJECT ); NTKERNELAPI NTSTATUS NTAPI IoQueryFileDosDeviceName( PFILE_OBJECT, POBJECT_NAME_INFORMATION * ); NTKERNELAPI NTSTATUS NTAPI MmPrefetchPages( ULONG, PREAD_LIST * ); NTKERNELAPI NTSTATUS NTAPI PoQueueShutdownWorkItem( PWORK_QUEUE_ITEM ); NTKERNELAPI NTSTATUS NTAPI PsChargeProcessPoolQuota( PEPROCESS, POOL_TYPE, ULONG_PTR ); NTKERNELAPI VOID NTAPI PsDereferenceImpersonationToken( PACCESS_TOKEN ); NTKERNELAPI VOID NTAPI PsDereferencePrimaryToken( PACCESS_TOKEN ); NTKERNELAPI BOOLEAN NTAPI PsIsSystemThread( PETHREAD ); NTKERNELAPI VOID NTAPI SeAuditHardLinkCreation( PUNICODE_STRING, PUNICODE_STRING, BOOLEAN ); NTKERNELAPI NTSTATUS NTAPI SeFilterToken( PACCESS_TOKEN, ULONG, PTOKEN_GROUPS, PTOKEN_PRIVILEGES, PTOKEN_GROUPS, PACCESS_TOKEN * ); #endif #if ((NTDDI_VERSION >= 0x05010200) && (NTDDI_VERSION < 0x05020000)) || (NTDDI_VERSION >= 0x06000000) NTKERNELAPI BOOLEAN NTAPI SeTokenIsWriteRestricted( PACCESS_TOKEN ); #endif #if (NTDDI_VERSION >= 0x05010200) NTKERNELAPI BOOLEAN NTAPI SeAuditingFileEventsWithContext( BOOLEAN, PSECURITY_DESCRIPTOR, PSECURITY_SUBJECT_CONTEXT ); NTKERNELAPI BOOLEAN NTAPI SeAuditingHardLinkEventsWithContext( BOOLEAN, PSECURITY_DESCRIPTOR, PSECURITY_SUBJECT_CONTEXT ); #endif #if (NTDDI_VERSION >= 0x05020000) NTKERNELAPI BOOLEAN NTAPI FsRtlAddBaseMcbEntry( PBASE_MCB, LONGLONG, LONGLONG, LONGLONG ); NTKERNELAPI BOOLEAN NTAPI FsRtlCurrentOplock( POPLOCK ); NTKERNELAPI BOOLEAN NTAPI FsRtlGetNextBaseMcbEntry( PBASE_MCB, ULONG, PLONGLONG, PLONGLONG, PLONGLONG ); NTKERNELAPI VOID NTAPI FsRtlInitializeBaseMcb( PBASE_MCB, POOL_TYPE ); NTKERNELAPI BOOLEAN NTAPI FsRtlLookupBaseMcbEntry( PBASE_MCB, LONGLONG, PLONGLONG, PLONGLONG, PLONGLONG, PLONGLONG, PULONG ); NTKERNELAPI BOOLEAN NTAPI FsRtlLookupLastBaseMcbEntry( PBASE_MCB, PLONGLONG, PLONGLONG ); NTKERNELAPI BOOLEAN NTAPI FsRtlLookupLastBaseMcbEntryAndIndex( PBASE_MCB, PLONGLONG, PLONGLONG, PULONG ); NTKERNELAPI ULONG NTAPI FsRtlNumberOfRunsInBaseMcb( PBASE_MCB ); NTKERNELAPI NTSTATUS NTAPI FsRtlOplockBreakToNone( POPLOCK, PIO_STACK_LOCATION, PIRP, PVOID, POPLOCK_WAIT_COMPLETE_ROUTINE, POPLOCK_FS_PREPOST_IRP ); NTKERNELAPI BOOLEAN NTAPI FsRtlRemoveBaseMcbEntry( PBASE_MCB, LONGLONG, LONGLONG ); NTKERNELAPI VOID NTAPI FsRtlResetBaseMcb( PBASE_MCB ); NTKERNELAPI BOOLEAN NTAPI FsRtlSplitBaseMcb( PBASE_MCB, LONGLONG, LONGLONG ); NTKERNELAPI VOID NTAPI FsRtlTruncateBaseMcb( PBASE_MCB, LONGLONG ); NTKERNELAPI VOID NTAPI FsRtlUninitializeBaseMcb( PBASE_MCB ); #endif #if (NTDDI_VERSION >= 0x05020100) NTKERNELAPI NTSTATUS NTAPI IoEnumerateRegisteredFiltersList( PDRIVER_OBJECT *, ULONG, PULONG ); #endif #if (NTDDI_VERSION >= 0x06000000) NTKERNELAPI PFILE_OBJECT NTAPI CcGetFileObjectFromSectionPtrsRef( PSECTION_OBJECT_POINTERS ); NTKERNELAPI BOOLEAN NTAPI CcIsThereDirtyDataEx( PVPB, PULONG ); NTKERNELAPI NTSTATUS NTAPI CcSetFileSizesEx( PFILE_OBJECT, PCC_FILE_SIZES ); NTKERNELAPI VOID NTAPI CcSetParallelFlushFile( PFILE_OBJECT, BOOLEAN ); NTKERNELAPI VOID NTAPI FsRtlAcknowledgeEcp( PVOID ); NTKERNELAPI NTSTATUS NTAPI FsRtlAddBaseMcbEntryEx( PBASE_MCB, LONGLONG, LONGLONG, LONGLONG ); NTKERNELAPI NTSTATUS NTAPI FsRtlAllocateExtraCreateParameter( LPCGUID, ULONG, FSRTL_ALLOCATE_ECP_FLAGS, PFSRTL_EXTRA_CREATE_PARAMETER_CLEANUP_CALLBACK, ULONG, PVOID * ); NTKERNELAPI NTSTATUS NTAPI FsRtlAllocateExtraCreateParameterFromLookasideList( LPCGUID, ULONG, FSRTL_ALLOCATE_ECP_FLAGS, PFSRTL_EXTRA_CREATE_PARAMETER_CLEANUP_CALLBACK, PVOID, PVOID * ); NTKERNELAPI NTSTATUS NTAPI FsRtlAllocateExtraCreateParameterList( FSRTL_ALLOCATE_ECPLIST_FLAGS, PECP_LIST * ); NTKERNELAPI BOOLEAN NTAPI FsRtlAreVolumeStartupApplicationsComplete( VOID ); NTKERNELAPI NTSTATUS NTAPI FsRtlCancellableWaitForMultipleObjects( ULONG, PVOID [], WAIT_TYPE, PLARGE_INTEGER, PKWAIT_BLOCK, PIRP ); NTKERNELAPI NTSTATUS NTAPI FsRtlCancellableWaitForSingleObject( PVOID, PLARGE_INTEGER, PIRP ); NTKERNELAPI NTSTATUS NTAPI FsRtlChangeBackingFileObject( PFILE_OBJECT, PFILE_OBJECT, FSRTL_CHANGE_BACKING_TYPE, ULONG ); NTKERNELAPI VOID NTAPI FsRtlDeleteExtraCreateParameterLookasideList( PVOID, FSRTL_ECP_LOOKASIDE_FLAGS ); NTKERNELAPI NTSTATUS NTAPI FsRtlFindExtraCreateParameter( PECP_LIST, LPCGUID, PVOID *, ULONG * ); NTKERNELAPI VOID NTAPI FsRtlFreeExtraCreateParameter( PVOID ); NTKERNELAPI VOID NTAPI FsRtlFreeExtraCreateParameterList( PECP_LIST ); NTKERNELAPI NTSTATUS NTAPI FsRtlGetEcpListFromIrp( PIRP, PECP_LIST * ); NTKERNELAPI NTSTATUS NTAPI FsRtlGetNextExtraCreateParameter( PECP_LIST, PVOID, LPGUID, PVOID *, ULONG * ); NTKERNELAPI NTSTATUS NTAPI FsRtlGetVirtualDiskNestingLevel( PDEVICE_OBJECT, PULONG, PULONG ); NTKERNELAPI VOID NTAPI FsRtlIncrementCcFastMdlReadWait( VOID ); NTKERNELAPI VOID NTAPI FsRtlInitExtraCreateParameterLookasideList( PVOID, FSRTL_ECP_LOOKASIDE_FLAGS, SIZE_T, ULONG ); NTKERNELAPI BOOLEAN NTAPI FsRtlInitializeBaseMcbEx( PBASE_MCB, POOL_TYPE, USHORT ); NTKERNELAPI NTSTATUS NTAPI FsRtlInsertExtraCreateParameter( PECP_LIST, PVOID ); NTKERNELAPI BOOLEAN NTAPI FsRtlIsEcpAcknowledged( PVOID ); NTKERNELAPI BOOLEAN NTAPI FsRtlIsEcpFromUserMode( PVOID ); NTKERNELAPI LOGICAL NTAPI FsRtlIsPagingFile( PFILE_OBJECT ); NTKERNELAPI NTSTATUS NTAPI FsRtlLogCcFlushError( PUNICODE_STRING, PDEVICE_OBJECT, PSECTION_OBJECT_POINTERS, NTSTATUS, ULONG ); NTKERNELAPI NTSTATUS NTAPI FsRtlMupGetProviderIdFromName( PUNICODE_STRING, PULONG32 ); NTKERNELAPI NTSTATUS NTAPI FsRtlMupGetProviderInfoFromFileObject( PFILE_OBJECT, ULONG, PVOID, PULONG ); NTKERNELAPI VOID NTAPI FsRtlNotifyCleanupAll( PNOTIFY_SYNC, PLIST_ENTRY ); NTKERNELAPI NTSTATUS NTAPI FsRtlNotifyVolumeEventEx( PFILE_OBJECT, ULONG, PTARGET_DEVICE_CUSTOM_NOTIFICATION ); NTKERNELAPI ULONG NTAPI FsRtlQueryMaximumVirtualDiskNestingLevel( VOID ); NTKERNELAPI NTSTATUS NTAPI FsRtlRegisterUncProviderEx( PHANDLE, PUNICODE_STRING, PDEVICE_OBJECT, ULONG ); NTKERNELAPI NTSTATUS NTAPI FsRtlRemoveDotsFromPath( PWSTR, USHORT, USHORT * ); NTKERNELAPI NTSTATUS NTAPI FsRtlRemoveExtraCreateParameter( PECP_LIST, LPCGUID, PVOID *, ULONG * ); NTKERNELAPI NTSTATUS NTAPI FsRtlSetEcpListIntoIrp( PIRP, PECP_LIST ); NTKERNELAPI NTSTATUS NTAPI FsRtlValidateReparsePointBuffer( ULONG, PREPARSE_DATA_BUFFER ); NTKERNELAPI ULONG NTAPI MmDoesFileHaveUserWritableReferences( PSECTION_OBJECT_POINTERS ); NTKERNELAPI BOOLEAN NTAPI ObIsKernelHandle( HANDLE ); NTKERNELAPI VOID NTAPI SeAuditHardLinkCreationWithTransaction( PUNICODE_STRING, PUNICODE_STRING, BOOLEAN, GUID * ); NTKERNELAPI VOID NTAPI SeAuditTransactionStateChange( GUID *, GUID *, ULONG ); NTKERNELAPI VOID NTAPI SeDeleteObjectAuditAlarmWithTransaction( PVOID, HANDLE, GUID * ); NTKERNELAPI VOID NTAPI SeExamineSacl( PACL, PACCESS_TOKEN, ACCESS_MASK, BOOLEAN, PBOOLEAN, PBOOLEAN ); NTKERNELAPI VOID NTAPI SeOpenObjectAuditAlarmWithTransaction( PUNICODE_STRING, PVOID, PUNICODE_STRING, PSECURITY_DESCRIPTOR, PACCESS_STATE, BOOLEAN, BOOLEAN, KPROCESSOR_MODE, GUID *, PBOOLEAN ); NTKERNELAPI VOID NTAPI SeOpenObjectForDeleteAuditAlarmWithTransaction( PUNICODE_STRING, PVOID, PUNICODE_STRING, PSECURITY_DESCRIPTOR, PACCESS_STATE, BOOLEAN, BOOLEAN, KPROCESSOR_MODE, GUID *, PBOOLEAN ); #endif #if (NTDDI_VERSION >= 0x06000100) NTKERNELAPI NTSTATUS NTAPI FsRtlCheckOplockEx( POPLOCK, PIRP, ULONG, PVOID, POPLOCK_WAIT_COMPLETE_ROUTINE, POPLOCK_FS_PREPOST_IRP ); #endif #if (NTDDI_VERSION >= 0x06010000) NTKERNELAPI VOID NTAPI CcCoherencyFlushAndPurgeCache( PSECTION_OBJECT_POINTERS, PLARGE_INTEGER, ULONG, PIO_STATUS_BLOCK, ULONG ); NTKERNELAPI BOOLEAN NTAPI CcCopyWriteWontFlush( PFILE_OBJECT, PLARGE_INTEGER, ULONG ); NTKERNELAPI BOOLEAN NTAPI FsRtlAreThereCurrentOrInProgressFileLocks( PFILE_LOCK ); NTKERNELAPI BOOLEAN NTAPI FsRtlCurrentOplockH( POPLOCK ); NTKERNELAPI NTSTATUS NTAPI FsRtlInitializeExtraCreateParameter( PECP_HEADER, ULONG, PFSRTL_EXTRA_CREATE_PARAMETER_CLEANUP_CALLBACK, ULONG, LPCGUID, PVOID ); NTKERNELAPI NTSTATUS NTAPI FsRtlInitializeExtraCreateParameterList( PECP_LIST ); NTKERNELAPI NTSTATUS NTAPI FsRtlOplockBreakH( POPLOCK, PIRP, ULONG, PVOID, POPLOCK_WAIT_COMPLETE_ROUTINE, POPLOCK_FS_PREPOST_IRP ); NTKERNELAPI NTSTATUS NTAPI FsRtlOplockBreakToNoneEx( POPLOCK, PIRP, ULONG, PVOID, POPLOCK_WAIT_COMPLETE_ROUTINE, POPLOCK_FS_PREPOST_IRP ); NTKERNELAPI NTSTATUS NTAPI FsRtlOplockFsctrlEx( POPLOCK, PIRP, ULONG, ULONG ); NTKERNELAPI BOOLEAN NTAPI FsRtlOplockIsSharedRequest( PIRP ); NTKERNELAPI BOOLEAN NTAPI FsRtlOplockKeysEqual( PFILE_OBJECT, PFILE_OBJECT ); NTKERNELAPI NTSTATUS NTAPI IoRegisterFsRegistrationChangeMountAware( PDRIVER_OBJECT, PDRIVER_FS_NOTIFICATION, BOOLEAN ); NTKERNELAPI NTSTATUS NTAPI IoReplaceFileObjectName( PFILE_OBJECT, PWSTR, USHORT ); NTKERNELAPI NTSTATUS NTAPI ObOpenObjectByPointerWithTag( PVOID, ULONG, PACCESS_STATE, ACCESS_MASK, POBJECT_TYPE, KPROCESSOR_MODE, ULONG, PHANDLE ); NTKERNELAPI BOOLEAN NTAPI SeAuditingAnyFileEventsWithContext( PSECURITY_DESCRIPTOR, PSECURITY_SUBJECT_CONTEXT ); #endif /* Functions in NTOSKRNL.EXE with different signatures on different versions */ #if (NTDDI_VERSION >= 0x05010000) NTKERNELAPI BOOLEAN NTAPI CcMapData( PFILE_OBJECT, PLARGE_INTEGER, ULONG, ULONG, PVOID *, PVOID * ); #else NTKERNELAPI BOOLEAN NTAPI CcMapData( PFILE_OBJECT, PLARGE_INTEGER, ULONG, BOOLEAN, PVOID *, PVOID * ); #endif #if (NTDDI_VERSION >= 0x06000000) NTKERNELAPI BOOLEAN NTAPI CcPurgeCacheSection( PSECTION_OBJECT_POINTERS, PLARGE_INTEGER, ULONG, ULONG ); #elif (NTDDI_VERSION >= 0x05000000) NTKERNELAPI BOOLEAN NTAPI CcPurgeCacheSection( PSECTION_OBJECT_POINTERS, PLARGE_INTEGER, ULONG, BOOLEAN ); #endif /* Functions in HAL.DLL */ #if (NTDDI_VERSION >= 0x05000000) #ifdef _X86_ NTHALAPI KIRQL FASTCALL KeAcquireSpinLockRaiseToSynch( PKSPIN_LOCK ); #endif #endif #if (NTDDI_VERSION >= 0x05010000) #ifdef _X86_ NTHALAPI KIRQL FASTCALL KeAcquireQueuedSpinLock( KSPIN_LOCK_QUEUE_NUMBER ); NTHALAPI VOID FASTCALL KeReleaseQueuedSpinLock( KSPIN_LOCK_QUEUE_NUMBER, KIRQL ); NTHALAPI LOGICAL FASTCALL KeTryToAcquireQueuedSpinLock( KSPIN_LOCK_QUEUE_NUMBER, PKIRQL ); #endif #endif /* Functions in KSECDD.SYS */ KSECDDDECLSPEC HRESULT SEC_ENTRY GetSecurityUserInfo( PLUID, ULONG, PSecurityUserData * ); KSECDDDECLSPEC SECURITY_STATUS SEC_ENTRY MapSecurityError( SECURITY_STATUS ); /* Functions implemented as macros */ #define RtlUnicodeStringToOemSize( x ) \ ((*NlsMbOemCodePageTag) ? RtlxUnicodeStringToOemSize( x ) : \ ((x)->Length + sizeof( UNICODE_NULL )) / sizeof( WCHAR )) #define RtlOemStringToUnicodeSize( x ) \ ((*NlsMbOemCodePageTag) ? RtlxOemStringToUnicodeSize( x ) : \ ((x)->Length + sizeof( ANSI_NULL )) * sizeof( WCHAR )) #define RtlOemStringToCountedUnicodeSize( x ) \ (ULONG)(RtlOemStringToUnicodeSize( x ) - sizeof( UNICODE_NULL )) #define RtlOffsetToPointer( p1, p2 ) (PCHAR)((PCHAR)(p1) + (ULONG_PTR)(p2)) #define RtlPointerToOffset( p1, p2 ) (ULONG)((PCHAR)(p2) - (PCHAR)(p1)) #define SeLengthSid( x ) (8 + (4 * ((SID *)(x))->SubAuthorityCount)) #define SeDeleteClientSecurity( x ) \ if( SeTokenType( (x)->ClientToken ) == TokenPrimary ) { \ PsDereferencePrimaryToken( (x)->ClientToken ); \ } else { \ PsDereferenceImpersonationToken( (x)->ClientToken ); \ } #define SeStopImpersonatingClient() PsRevertToSelf() #define SeQuerySubjectContextToken( x ) \ (((PSECURITY_SUBJECT_CONTEXT)(x))->ClientToken != NULL ? \ ((PSECURITY_SUBJECT_CONTEXT)(x))->ClientToken : \ ((PSECURITY_SUBJECT_CONTEXT)(x))->PrimaryToken) #define IoIsFileOpenedExclusively( x ) \ ((BOOLEAN)!((x)->SharedRead || (x)->SharedWrite || (x)->SharedDelete)) #define FsRtlFastLock( p1, p2, p3, p4, p5, p6, p7, p8, p9, p10, p11 ) \ FsRtlPrivateLock( p1, p2, p3, p4, p5, p6, p7, p8, p9, NULL, p10, p11 ) #define FsRtlAreThereCurrentFileLocks( x ) \ ((x)->FastIoIsQuestionable) #define FsRtlIncrementLockRequestsInProgress( x ) \ { \ ASSERT( (x)->LockRequestsInProgress >= 0 ); \ InterlockedIncrement( (LONG volatile *)&((x)->LockRequestsInProgress) ); \ } #define FsRtlDecrementLockRequestsInProgress( x ) \ { \ ASSERT( (x)->LockRequestsInProgress > 0 ); \ InterlockedDecrement( (LONG volatile *)&((x)->LockRequestsInProgress) ); \ } #define FsRtlTestAnsiCharacter( x, p1, p2, p3 ) \ (((SCHAR)(x) < 0) ? p1 : ((*FsRtlLegalAnsiCharacterArray)[(x)] & \ (p3) | ((p2) ? FSRTL_WILD_CHARACTER : 0))) #define FsRtlIsAnsiCharacterWild( x ) \ FsRtlTestAnsiCharacter( x, FALSE, FALSE, FSRTL_WILD_CHARACTER ) #define FsRtlIsAnsiCharacterLegalFat( x, p ) \ FsRtlTestAnsiCharacter( x, TRUE, p, FSRTL_FAT_LEGAL ) #define FsRtlIsAnsiCharacterLegalHpfs( x, p ) \ FsRtlTestAnsiCharacter( x, TRUE, p, FSRTL_HPFS_LEGAL ) #define FsRtlIsAnsiCharacterLegalNtfs( x, p ) \ FsRtlTestAnsiCharacter( x, TRUE, p, FSRTL_NTFS_LEGAL ) #define FsRtlIsAnsiCharacterLegalNtfsStream( x, p ) \ FsRtlTestAnsiCharacter( x, TRUE, p, FSRTL_NTFS_STREAM_LEGAL ) #define FsRtlIsAnsiCharacterLegal( x, p ) \ FsRtlTestAnsiCharacter( x, TRUE, FALSE, p ) #define FsRtlIsLeadDbcsCharacter( x ) \ ((BOOLEAN)((UCHAR)(x) < 0x80 ? FALSE : ((*NlsMbCodePageTag) && \ ((*NlsOemLeadByteInfo)[(UCHAR)(x)] != 0)))) #define FsRtlAllocatePoolWithTag( p1, p2, p3 ) \ ExAllocatePoolWithTag( (POOL_TYPE)((p1) | POOL_RAISE_IF_ALLOCATION_FAILURE), \ p2, p3) #define FsRtlAllocatePoolWithQuotaTag( p1, p2, p3 ) \ ExAllocatePoolWithQuotaTag( (POOL_TYPE)((p1) | POOL_RAISE_IF_ALLOCATION_FAILURE), \ p2, p3) #define FsRtlIsUnicodeCharacterWild( x ) \ (((x) >= 0x40) ? FALSE : ((*FsRtlLegalAnsiCharacterArray)[(x)] & \ FSRTL_WILD_CHARACTER)) #define FsRtlInitPerFileContext( x, p1, p2, p3 ) \ ((x)->OwnerId = (p1), (x)->InstanceId = (p2), (x)->FreeCallback = (p3)) #define FsRtlSupportsPerFileContexts( x ) \ ((FsRtlGetPerStreamContextPointer( x ) != NULL) && \ (FsRtlGetPerStreamContextPointer( x )->Version >= FSRTL_FCB_HEADER_V1) && \ (FsRtlGetPerStreamContextPointer( x )->FileContextSupportPointer != NULL)) #define FsRtlGetPerFileContextPointer( x ) \ (FsRtlSupportsPerFileContexts( x ) ? \ FsRtlGetPerStreamContextPointer( x )->FileContextSupportPointer : NULL) #define FsRtlSetupAdvancedHeaderEx( x, p1, p2 ) \ { \ FsRtlSetupAdvancedHeader( x, p1 ); \ if( (p2) != NULL ) { \ (x)->FileContextSupportPointer = (p2); \ } \ } #define FsRtlInitPerStreamContext( x, p1, p2, p3 ) \ ((x)->OwnerId = (p1), (x)->InstanceId = (p2), (x)->FreeCallback = (p3)) #define FsRtlGetPerStreamContextPointer( x ) \ ((PFSRTL_ADVANCED_FCB_HEADER)((x)->FsContext)) #define FsRtlSupportsPerStreamContexts( x ) \ ((FsRtlGetPerStreamContextPointer( x ) != NULL) && \ (FsRtlGetPerStreamContextPointer( x )->Flags2 & \ FSRTL_FLAG2_SUPPORTS_FILTER_CONTEXTS)) #define FsRtlLookupPerStreamContext( x, p1, p2 ) \ ((((x) != NULL) && ((x)->Flags2 & FSRTL_FLAG2_SUPPORTS_FILTER_CONTEXTS) && \ !IsListEmpty( &(x)->FilterContexts )) ? \ FsRtlLookupPerStreamContextInternal( x, p1, p2 ) : NULL) #define FsRtlInitPerFileObjectContext( x, p1, p2 ) \ ((x)->OwnerId = (p1), (x)->InstanceId = (p2)) #define FsRtlCompleteRequest( x, p ) \ { \ (x)->IoStatus.Status = (p); \ IoCompleteRequest( x, IO_DISK_INCREMENT ); \ } #define FsRtlEnterFileSystem() KeEnterCriticalRegion() #define FsRtlExitFileSystem() KeLeaveCriticalRegion() #define CcIsFileCached( x ) \ (((x)->SectionObjectPointer != NULL) && \ (((PSECTION_OBJECT_POINTERS)(x)->SectionObjectPointer)->SharedCacheMap != NULL)) #define CcGetFileSizePointer( x ) \ ((PLARGE_INTEGER)((x)->SectionObjectPointer->SharedCacheMap) + 1) #if (NTDDI_VERSION < 0x06010000) #define CcCopyWriteWontFlush( p1, p2, p3 ) ((p3) <= 0x00010000) #endif #define CcReadAhead( p1, p2, p3 ) \ { \ if( (p3) >= 256 ) { \ CcScheduleReadAhead( p1, p2, p3 ); \ } \ } /* Other macros */ #define LEGAL_ANSI_CHARACTER_ARRAY (*FsRtlLegalAnsiCharacterArray) #define NLS_OEM_LEAD_BYTE_INFO (*NlsOemLeadByteInfo) __inline void FsRtlSetupAdvancedHeader( PVOID x, PFAST_MUTEX p ) { PFSRTL_ADVANCED_FCB_HEADER v = (PFSRTL_ADVANCED_FCB_HEADER)x; v->Flags |= FSRTL_FLAG_ADVANCED_HEADER; v->Flags2 |= FSRTL_FLAG2_SUPPORTS_FILTER_CONTEXTS; #if (NTDDI_VERSION >= 0x06000000) v->Version = FSRTL_FCB_HEADER_V1; #else v->Version = FSRTL_FCB_HEADER_V0; #endif InitializeListHead( &v->FilterContexts ); if( p != NULL ) { v->FastMutex = p; } #if (NTDDI_VERSION >= 0x06000000) *((PULONG_PTR)&v->PushLock) = 0; v->FileContextSupportPointer = NULL; #endif } #if (NTDDI_VERSION >= 0x06000000) __inline VOID IoInitializePriorityInfo( PIO_PRIORITY_INFO x ) { x->Size = sizeof( IO_PRIORITY_INFO ); x->ThreadPriority = 0xFFFF; x->IoPriority = IoPriorityNormal; x->PagePriority = 0; } #endif /* (NTDDI_VERSION >= 0x06000000) */ #ifdef __cplusplus } /* extern "C" */ #endif #endif /* _NTIFS_ */