This repository has been archived on 2024-12-16. You can view files and clone it, but cannot push or open issues or pull requests.
CodeBlocksPortable/WATCOM/h/nt/ddk/ntifs.h

5170 lines
219 KiB
C

/*
* ntifs.h NT Installable File System (IFS) functions
*
* =========================================================================
*
* Open Watcom Project
*
* Copyright (c) 2004-2010 The Open Watcom Contributors. All Rights Reserved.
*
* This file is automatically generated. Do not edit directly.
*
* =========================================================================
*/
#ifndef _NTIFS_
#define _NTIFS_
#ifndef _ENABLE_AUTODEPEND
#pragma read_only_file;
#endif
#include <ntddk.h>
#include <ntnls.h>
#ifdef __cplusplus
extern "C" {
#endif
/* Primitive data types */
typedef ULONG_PTR SID_HASH_ENTRY;
typedef ULONG_PTR *PSID_HASH_ENTRY;
typedef USHORT SECURITY_DESCRIPTOR_CONTROL;
typedef USHORT *PSECURITY_DESCRIPTOR_CONTROL;
typedef ULONG LSA_OPERATIONAL_MODE;
typedef ULONG *PLSA_OPERATIONAL_MODE;
typedef UNICODE_STRING LSA_UNICODE_STRING;
typedef UNICODE_STRING *PLSA_UNICODE_STRING;
typedef STRING LSA_STRING;
typedef STRING *PLSA_STRING;
typedef OBJECT_ATTRIBUTES LSA_OBJECT_ATTRIBUTES;
typedef OBJECT_ATTRIBUTES *PLSA_OBJECT_ATTRIBUTES;
typedef ULONG ACCESS_REASON;
typedef ULONG LBN;
typedef LBN *PLBN;
typedef ULONG VBN;
typedef VBN *PVBN;
typedef PVOID OPLOCK;
typedef PVOID *POPLOCK;
typedef PVOID PNOTIFY_SYNC;
#if (NTDDI_VERSION >= 0x06000000)
typedef ULONG FSRTL_ALLOCATE_ECPLIST_FLAGS;
typedef ULONG FSRTL_ALLOCATE_ECP_FLAGS;
typedef ULONG FSRTL_ECP_LOOKASIDE_FLAGS;
#endif
/* Data type aliases */
#define EX_PUSH_LOCK ULONG_PTR
#define PEX_PUSH_LOCK PULONG_PTR
/* Flag manipulation macros */
#ifndef FlagOn
#define FlagOn( x, p ) ((x) & (p))
#endif
#ifndef BooleanFlagOn
#define BooleanFlagOn( x, p ) ((BOOLEAN)(((x) & (p)) != 0))
#endif
#ifndef SetFlag
#define SetFlag( x, p ) ((x) |= (p))
#endif
#ifndef ClearFlag
#define ClearFlag( x, p ) ((x) &= ~(p))
#endif
/* Current SID revision */
#define SID_REVISION 1
/* SID hash size */
#define SID_HASH_SIZE 32
/* SID identifier authority values */
#define SECURITY_NULL_SID_AUTHORITY { 0, 0, 0, 0, 0, 0 }
#define SECURITY_WORLD_SID_AUTHORITY { 0, 0, 0, 0, 0, 1 }
#define SECURITY_LOCAL_SID_AUTHORITY { 0, 0, 0, 0, 0, 2 }
#define SECURITY_CREATOR_SID_AUTHORITY { 0, 0, 0, 0, 0, 3 }
#define SECURITY_NON_UNIQUE_AUTHORITY { 0, 0, 0, 0, 0, 4 }
#define SECURITY_NT_AUTHORITY { 0, 0, 0, 0, 0, 5 }
#define SECURITY_RESOURCE_MANAGER_AUTHORITY { 0, 0, 0, 0, 0, 9 }
#define SECURITY_MANDATORY_LABEL_AUTHORITY { 0, 0, 0, 0, 0, 16 }
/* Relative identifiers */
#define SECURITY_NULL_RID 0x00000000L
#define SECURITY_WORLD_RID 0x00000000L
#define SECURITY_LOCAL_RID 0x00000000L
#define SECURITY_LOCAL_LOGON_RID 0x00000001L
#define SECURITY_CREATOR_OWNER_RID 0x00000000L
#define SECURITY_CREATOR_GROUP_RID 0x00000001L
#define SECURITY_CREATOR_OWNER_SERVER_RID 0x00000002L
#define SECURITY_CREATOR_GROUP_SERVER_RID 0x00000003L
#define SECURITY_CREATOR_OWNER_RIGHTS_RID 0x00000004L
#define SECURITY_DIALUP_RID 0x00000001L
#define SECURITY_NETWORK_RID 0x00000002L
#define SECURITY_BATCH_RID 0x00000003L
#define SECURITY_INTERACTIVE_RID 0x00000004L
#define SECURITY_LOGON_IDS_RID 0x00000005L
#define SECURITY_SERVICE_RID 0x00000006L
#define SECURITY_ANONYMOUS_LOGON_RID 0x00000007L
#define SECURITY_PROXY_RID 0x00000008L
#define SECURITY_ENTERPRISE_CONTROLLERS_RID 0x00000009L
#define SECURITY_SERVER_LOGON_RID \
SECURITY_ENTERPRISE_CONTROLLERS_RID
#define SECURITY_PRINCIPAL_SELF_RID 0x0000000AL
#define SECURITY_AUTHENTICATED_USER_RID 0x0000000BL
#define SECURITY_RESTRICTED_CODE_RID 0x0000000CL
#define SECURITY_TERMINAL_SERVER_RID 0x0000000DL
#define SECURITY_REMOTE_LOGON_RID 0x0000000EL
#define SECURITY_THIS_ORGANIZATION_RID 0x0000000FL
#define SECURITY_IUSER_RID 0x00000011L
#define SECURITY_LOCAL_SYSTEM_RID 0x00000012L
#define SECURITY_LOCAL_SERVICE_RID 0x00000013L
#define SECURITY_NETWORK_SERVICE_RID 0x00000014L
#define SECURITY_NT_NON_UNIQUE 0x00000015L
#define SECURITY_ENTERPRISE_READONLY_CONTROLLERS_RID 0x00000016L
#define SECURITY_BUILTIN_DOMAIN_RID 0x00000020L
#define SECURITY_WRITE_RESTRICTED_CODE_RID 0x00000021L
#define SECURITY_PACKAGE_BASE_RID 0x00000040L
#define SECURITY_PACKAGE_NTLM_RID 0x0000000AL
#define SECURITY_PACKAGE_SCHANNEL_RID 0x0000000EL
#define SECURITY_PACKAGE_DIGEST_RID 0x00000015L
#define SECURITY_CRED_TYPE_BASE_RID 0x00000041L
#define SECURITY_CRED_TYPE_THIS_ORG_CERT_RID 0x00000001L
#define SECURITY_MIN_BASE_RID 0x00000050L
#define SECURITY_SERVICE_ID_BASE_RID 0x00000050L
#define SECURITY_RESERVED_ID_BASE_RID 0x00000051L
#define SECURITY_APPPOOL_ID_BASE_RID 0x00000052L
#define SECURITY_VIRTUALSERVER_ID_BASE_RID 0x00000053L
#define SECURITY_USERMODEDRIVERHOST_ID_BASE_RID 0x00000054L
#define SECURITY_CLOUD_INFRASTRUCTURE_SERVICES_ID_BASE_RID 0x00000055L
#define SECURITY_WMIHOST_ID_BASE_RID 0x00000056L
#define SECURITY_TASK_ID_BASE_RID 0x00000057L
#define SECURITY_NFS_ID_BASE_RID 0x00000058L
#define SECURITY_COM_ID_BASE_RID 0x00000059L
#define SECURITY_MAX_BASE_RID 0x0000006FL
#define SECURITY_MAX_ALWAYS_FITLERED 0x000003E7L
#define SECURITY_MIN_NEVER_FILTERED 0x000003E8L
#define SECURITY_OTHER_ORGANIZATION_RID 0x000003E8L
#define SECURITY_WINDOWSMOBILE_ID_BASE_RID 0x00000070L
#define SECURITY_MANDATORY_UNTRUSTED_RID 0x00000000L
#define SECURITY_MANDATORY_LOW_RID 0x00001000L
#define SECURITY_MANDATORY_MEDIUM_RID 0x00002000L
#define SECURITY_MANDATORY_HIGH_RID 0x00003000L
#define SECURITY_MANDATORY_SYSTEM_RID 0x00004000L
#define SECURITY_MANDATORY_PROTECTED_PROCESS_RID 0x00005000L
#define SECURITY_MANDATORY_MAXIMUM_USER_RID \
SECURITY_MANDATORY_SYSTEM_RID
/* Relative identifier counts */
#define SECURITY_LOGON_IDS_RID_COUNT 3L
#define SECURITY_NT_NON_UNIQUE_SUB_AUTH_COUNT 3L
#define SECURITY_PACKAGE_RID_COUNT 2L
#define SECURITY_CRED_TYPE_RID_COUNT 2L
#define SECURITY_SERVICE_ID_RID_COUNT 6L
#define SECURITY_APPPOOL_ID_RID_COUNT 6L
#define SECURITY_VIRTUALSERVER_ID_RID_COUNT 6L
#define SECURITY_USERMODEDRIVERHOST_ID_RID_COUNT 6L
#define SECURITY_CLOUD_INFRASTRUCTURE_SERVICES_ID_RID_COUNT 6L
#define SECURITY_WMIHOST_ID_RID_COUNT 6L
#define SECURITY_VIRTUALACCOUNT_ID_RID_COUNT 6L
/* ACE types */
#define ACCESS_ALLOWED_ACE_TYPE 0x00
#define ACCESS_DENIED_ACE_TYPE 0x01
#define SYSTEM_AUDIT_ACE_TYPE 0x02
#define SYSTEM_ALARM_ACE_TYPE 0x03
#define ACCESS_ALLOWED_COMPOUND_ACE_TYPE 0x04
#define ACCESS_ALLOWED_OBJECT_ACE_TYPE 0x05
#define ACCESS_DENIED_OBJECT_ACE_TYPE 0x06
#define SYSTEM_AUDIT_OBJECT_ACE_TYPE 0x07
#define SYSTEM_ALARM_OBJECT_ACE_TYPE 0x08
#define ACCESS_ALLOWED_CALLBACK_ACE_TYPE 0x09
#define ACCESS_DENIED_CALLBACK_ACE_TYPE 0x0A
#define ACCESS_ALLOWED_CALLBACK_OBJECT_ACE_TYPE 0x0B
#define ACCESS_DENIED_CALLBACK_OBJECT_ACE_TYPE 0x0C
#define SYSTEM_AUDIT_CALLBACK_ACE_TYPE 0x0D
#define SYSTEM_ALARM_CALLBACK_ACE_TYPE 0x0E
#define SYSTEM_AUDIT_CALLBACK_OBJECT_ACE_TYPE 0x0F
#define SYSTEM_ALARM_CALLBACK_OBJECT_ACE_TYPE 0x10
#define SYSTEM_MANDATORY_LABEL_ACE_TYPE 0x11
#define ACCESS_MIN_MS_ACE_TYPE ACCESS_ALLOWED_ACE_TYPE
#define ACCESS_MAX_MS_ACE_TYPE SYSTEM_ALARM_OBJECT_ACE_TYPE
#define ACCESS_MAX_MS_V2_ACE_TYPE SYSTEM_ALARM_ACE_TYPE
#define ACCESS_MAX_MS_V3_ACE_TYPE ACCESS_ALLOWED_COMPOUND_ACE_TYPE
#define ACCESS_MAX_MS_V4_ACE_TYPE SYSTEM_ALARM_OBJECT_ACE_TYPE
#define ACCESS_MAX_MS_V5_ACE_TYPE SYSTEM_MANDATORY_LABEL_ACE_TYPE
#define ACCESS_MIN_MS_OBJECT_ACE_TYPE ACCESS_ALLOWED_OBJECT_ACE_TYPE
#define ACCESS_MAX_MS_OBJECT_ACE_TYPE SYSTEM_ALARM_OBJECT_ACE_TYPE
/* ACE inherit flags */
#define OBJECT_INHERIT_ACE 0x01
#define CONTAINER_INHERIT_ACE 0x02
#define NO_PROPAGATE_INHERIT_ACE 0x04
#define INHERIT_ONLY_ACE 0x08
#define INHERITED_ACE 0x10
#define VALID_INHERIT_FLAGS 0x1F
/* ACE flags */
#define SUCCESSFUL_ACCESS_ACE_FLAG 0x40
#define FAILED_ACCESS_ACE_FLAG 0x80
/* System mandatory label ACE access mask flags */
#define SYSTEM_MANDATORY_LABEL_NO_WRITE_UP 0x00000001L
#define SYSTEM_MANDATORY_LABEL_NO_READ_UP 0x00000002L
#define SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP 0x00000004L
#define SYSTEM_MANDATORY_LABEL_VALID_MASK \
(SYSTEM_MANDATORY_LABEL_NO_WRITE_UP | SYSTEM_MANDATORY_LABEL_NO_READ_UP | \
SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP)
/* Security descriptor control flags */
#define SE_OWNER_DEFAULTED 0x0001
#define SE_GROUP_DEFAULTED 0x0002
#define SE_DACL_PRESENT 0x0004
#define SE_DACL_DEFAULTED 0x0008
#define SE_SACL_PRESENT 0x0010
#define SE_SACL_DEFAULTED 0x0020
#define SE_DACL_AUTO_INHERIT_REQ 0x0100
#define SE_SACL_AUTO_INHERIT_REQ 0x0200
#define SE_DACL_AUTO_INHERITED 0x0400
#define SE_SACL_AUTO_INHERITED 0x0800
#define SE_DACL_PROTECTED 0x1000
#define SE_SACL_PROTECTED 0x2000
#define SE_RM_CONTROL_VALID 0x4000
#define SE_SELF_RELATIVE 0x8000
/* Object type list level values */
#define ACCESS_OBJECT_GUID 0
#define ACCESS_PROPERTY_SET_GUID 1
#define ACCESS_PROPERTY_GUID 2
#define ACCESS_MAX_LEVEL 4
/* Audit alarm flags */
#define AUDIT_ALLOW_NO_PRIVILEGE 0x00000001L
/* Directory Service source and object type name */
#define ACCESS_DS_SOURCE_A "DS"
#define ACCESS_DS_SOURCE_W L"DS"
#define ACCESS_DS_OBJECT_TYPE_NAME_A "Directory Service Object"
#define ACCESS_DS_OBJECT_TYPE_NAME_W L"Directory Service Object"
/* Access reason masks */
#define ACCESS_REASON_TYPE_MASK 0xFFFF0000
#define ACCESS_REASON_DATA_MASK 0x0000FFFF
/* Security descriptor flags */
#define SE_SECURITY_DESCRIPTOR_FLAG_NO_OWNER_ACE 0x00000001L
#define SE_SECURITY_DESCRIPTOR_FLAG_NO_LABEL_ACE 0x00000002L
#define SE_SECURITY_DESCRIPTOR_VALID_FLAGS 0x00000003L
/* Token access rights */
#define TOKEN_ASSIGN_PRIMARY 0x0001L
#define TOKEN_DUPLICATE 0x0002L
#define TOKEN_IMPERSONATE 0x0004L
#define TOKEN_QUERY 0x0008L
#define TOKEN_QUERY_SOURCE 0x0010L
#define TOKEN_ADJUST_PRIVILEGES 0x0020L
#define TOKEN_ADJUST_GROUPS 0x0040L
#define TOKEN_ADJUST_DEFAULT 0x0080L
#define TOKEN_ADJUST_SESSIONID 0x0100L
#define TOKEN_ALL_ACCESS \
(STANDARD_RIGHTS_REQUIRED | TOKEN_ASSIGN_PRIMARY | TOKEN_DUPLICATE | \
TOKEN_IMPERSONATE | TOKEN_QUERY | TOKEN_QUERY_SOURCE | TOKEN_ADJUST_PRIVILEGES | \
TOKEN_ADJUST_GROUPS | TOKEN_ADJUST_DEFAULT | TOKEN_ADJUST_SESSIONID)
#define TOKEN_READ (STANDARD_RIGHTS_READ | TOKEN_QUERY)
#define TOKEN_WRITE \
(STANDARD_RIGHTS_WRITE | TOKEN_ADJUST_PRIVILEGES | TOKEN_ADJUST_GROUPS | \
TOKEN_ADJUST_DEFAULT)
#define TOKEN_EXECUTE (STANDARD_RIGHTS_EXECUTE)
/* Token mandatory policy flags */
#define TOKEN_MANDATORY_POLICY_OFF 0x00000000L
#define TOKEN_MANDATORY_POLICY_NO_WRITE_UP 0x00000001L
#define TOKEN_MANDATORY_POLICY_NEW_PROCESS_MIN 0x00000002L
#define TOKEN_MANDATORY_POLICY_VALID_MASK \
(TOKEN_MANDATORY_POLICY_NO_WRITE_UP | TOKEN_MANDATORY_POLICY_NEW_PROCESS_MIN)
/* Number of token audit policy subcategories */
#define POLICY_AUDIT_SUBCATEGORY_COUNT 53
/* Length of a token source name */
#define TOKEN_SOURCE_LENGTH 8
/* Heap flags */
#define HEAP_NO_SERIALIZE 0x00000001L
#define HEAP_GROWABLE 0x00000002L
#define HEAP_GENERATE_EXCEPTIONS 0x00000004L
#define HEAP_ZERO_MEMORY 0x00000008L
#define HEAP_REALLOC_IN_PLACE_ONLY 0x00000010L
#define HEAP_TAIL_CHECKING_ENABLED 0x00000020L
#define HEAP_FREE_CHECKING_ENABLED 0x00000040L
#define HEAP_DISABLE_COALESCE_ON_FREE 0x00000080L
#define HEAP_CREATE_ALIGN_16 0x00010000L
#define HEAP_CREATE_ENABLE_TRACING 0x00020000L
#define HEAP_CREATE_ENABLE_EXECUTE 0x00040000L
/* Heap settable user flags */
#define HEAP_SETTABLE_USER_VALUE 0x00000100L
#define HEAP_SETTABLE_USER_FLAG1 0x00000200L
#define HEAP_SETTABLE_USER_FLAG2 0x00000400L
#define HEAP_SETTABLE_USER_FLAG3 0x00000800L
#define HEAP_SETTABLE_USER_FLAGS 0x00000E00L
/* Heap classes */
#define HEAP_CLASS_0 0x00000000L
#define HEAP_CLASS_1 0x00001000L
#define HEAP_CLASS_2 0x00002000L
#define HEAP_CLASS_3 0x00003000L
#define HEAP_CLASS_4 0x00004000L
#define HEAP_CLASS_5 0x00005000L
#define HEAP_CLASS_6 0x00006000L
#define HEAP_CLASS_7 0x00007000L
#define HEAP_CLASS_8 0x00008000L
#define HEAP_CLASS_MASK 0x0000F000L
/* RtlDuplicateUnicodeString() flags */
#define RTL_DUPLICATE_UNICODE_STRING_NULL_TERMINATE 0x00000001L
#define RTL_DUPLICATE_UNICODE_STRING_ALLOCATE_NULL_STRING 0x00000002L
/* Compression formats */
#define COMPRESSION_FORMAT_NONE 0x0000
#define COMPRESSION_FORMAT_DEFAULT 0x0001
#define COMPRESSION_FORMAT_LZNT1 0x0002
/* Compression engines */
#define COMPRESSION_ENGINE_STANDARD 0x0000
#define COMPRESSION_ENGINE_MAXIMUM 0x0100
#define COMPRESSION_ENGINE_HIBER 0x0200
/* System volume information folder name */
#define RTL_SYSTEM_VOLUME_INFORMATION_FOLDER L"System Volume Information"
/* MSV1.0 constants */
#define MSV1_0_PACKAGE_NAME "MICROSOFT_AUTHENTICATION_PACKAGE_V1_0"
#define MSV1_0_PACKAGE_NAMEW L"MICROSOFT_AUTHENTICATION_PACKAGE_V1_0"
#define MSV1_0_PACKAGE_NAMEW_LENGTH \
(sizeof( MSV1_0_PACKAGE_NAMEW ) - sizeof( WCHAR ))
#define MSV1_0_SUBAUTHENTICATION_KEY \
"SYSTEM\\CurrentControlSet\\Control\\Lsa\\MSV1_0"
#define MSV1_0_SUBAUTHENTICATION_VALUE "Auth"
/* MSV1.0 string lengths */
#define MSV1_0_CHALLENGE_LENGTH 8
#define MSV1_0_USER_SESSION_KEY_LENGTH 16
#define MSV1_0_LANMAN_SESSION_KEY_LENGTH 8
/* MSV1.0 parameter control flags */
#define MSV1_0_CLEARTEXT_PASSWORD_ALLOWED 0x00000002L
#define MSV1_0_UPDATE_LOGON_STATISTICS 0x00000004L
#define MSV1_0_RETURN_USER_PARAMETERS 0x00000008L
#define MSV1_0_DONT_TRY_GUEST_ACCOUNT 0x00000010L
#define MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT 0x00000020L
#define MSV1_0_RETURN_PASSWORD_EXPIRY 0x00000040L
#define MSV1_0_USE_CLIENT_CHALLENGE 0x00000080L
#define MSV1_0_TRY_GUEST_ACCOUNT_ONLY 0x00000100L
#define MSV1_0_RETURN_PROFILE_PATH 0x00000200L
#define MSV1_0_TRY_SPECIFIED_DOMAIN_ONLY 0x00000400L
#define MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT 0x00000800L
#define MSV1_0_DISABLE_PERSONAL_FALLBACK 0x00001000L
#define MSV1_0_ALLOW_FORCE_GUEST 0x00002000L
#if (_WIN32_WINNT >= 0x0502)
#define MSV1_0_CLEARTEXT_PASSWORD_SUPPLIED 0x00004000L
#define MSV1_0_USE_DOMAIN_FOR_ROUTING_ONLY 0x00008000L
#endif
#define MSV1_0_ALLOW_MSVCHAPV2 0x00010000L
#if (_WIN32_WINNT >= 0x0600)
#define MSV1_0_S4U2SELF 0x00020000L
#define MSV1_0_CHECK_LOGONHOURS_FOR_S4U 0x00040000L
#endif
#define MSV1_0_SUBAUTHENTICATION_DLL_EX 0x00100000L
#define MSV1_0_SUBAUTHENTICATION_DLL 0xFF000000L
#define MSV1_0_SUBAUTHENTICATION_DLL_SHIFT 24
#define MSV1_0_MNS_LOGON 0x01000000L
/* MSV1.0 subauthentication DLL values */
#define MSV1_0_SUBAUTHENTICATION_DLL_RAS 2
#define MSV1_0_SUBAUTHENTICATION_DLL_IIS 132
/* MSV1.0 S4U logon flags */
#if (_WIN32_WINNT >= 0x0600)
#define MSV1_0_S4U_LOGON_FLAG_CHECK_LOGONHOURS 0x00000002L
#endif
/* Logon user flags */
#define LOGON_USER 0x00000001L
#define LOGON_NOENCRYPTION 0x00000002L
#define LOGON_CACHED_ACCOUNT 0x00000004L
#define LOGON_USED_LM_PASSWORD 0x00000008L
#define LOGON_EXTRA_SIDS 0x00000020L
#define LOGON_SUBAUTH_SESSION_KEY 0x00000040L
#define LOGON_SERVER_TRUST_ACCOUNT 0x00000080L
#define LOGON_NTLMV2_ENABLED 0x00000100L
#define LOGON_RESOURCE_GROUPS 0x00000200L
#define LOGON_PROFILE_PATH_RETURNED 0x00000400L
#define LOGON_NT_V2 0x00000800L
#define LOGON_LM_V2 0x00001000L
#define LOGON_NTLM_V2 0x00002000L
#if (_WIN32_WINNT >= 0x0600)
#define LOGON_OPTIMIZED 0x00004000L
#define LOGON_WINLOGON 0x00008000L
#define LOGON_PKINIT 0x00010000L
#define LOGON_NO_OPTIMIZED 0x00020000L
#endif
#define MSV1_0_SUBAUTHENTICATION_FLAGS 0xFF000000L
#define LOGON_GRACE_LOGON 0x01000000L
/* MSV1.0 supplemental credential constants */
#define MSV1_0_OWF_PASSWORD_LENGTH 16
#define MSV1_0_CRED_LM_PRESENT 0x00000001L
#define MSV1_0_CRED_NT_PRESENT 0x00000002L
#define MSV1_0_CRED_VERSION 0L
/* MSV1.0 NTLM3 constants */
#define MSV1_0_NTLM3_RESPONSE_LENGTH 16
#define MSV1_0_NTLM3_OWF_LENGTH 16
#if (_WIN32_WINNT == 0x0500)
#define MSV1_0_MAX_NTLM3_LIFE 1800
#else
#define MSV1_0_MAX_NTLM3_LIFE 129600
#endif
#define MSV1_0_MAX_AVL_SIZE 64000
/* MSV1.0 AV flags */
#if (_WIN32_WINNT >= 0x0501)
#define MSV1_0_AV_FLAG_FORCE_GUEST 0x00000001L
#endif
#if (_WIN32_WINNT >= 0x0600)
#define MSV1_0_AV_FLAG_MIC_HANDSHAKE_MESSAGES 0x00000002L
#endif
/* Get challenge response flags */
#define USE_PRIMARY_PASSWORD 0x00000001L
#define RETURN_PRIMARY_USERNAME 0x00000002L
#define RETURN_PRIMARY_LOGON_DOMAINNAME 0x00000004L
#define RETURN_NON_NT_USER_SESSION_KEY 0x00000008L
#define GENERATE_CLIENT_CHALLENGE 0x00000010L
#define GCR_NTLM3_PARMS 0x00000020L
#define GCR_TARGET_INFO 0x00000040L
#define RETURN_RESERVED_PARAMETER 0x00000080L
#define GCR_ALLOW_NTLM 0x00000100L
#define GCR_USE_OEM_SET 0x00000200L
#define GCR_MACHINE_CREDENTIAL 0x00000400L
#define GCR_USE_OWF_PASSWORD 0x00000800L
#define GCR_ALLOW_LM 0x00001000L
#define GCR_ALLOW_NO_TARGET 0x00002000L
/* File oplock request return values */
#define FILE_OPLOCK_BROKEN_TO_LEVEL_2 0x00000007L
#define FILE_OPLOCK_BROKEN_TO_NONE 0x00000008L
#define FILE_OPBATCH_BREAK_UNDERWAY 0x00000009L
/* File change notification flags */
#define FILE_NOTIFY_CHANGE_FILE_NAME 0x00000001L
#define FILE_NOTIFY_CHANGE_DIR_NAME 0x00000002L
#define FILE_NOTIFY_CHANGE_NAME 0x00000003L
#define FILE_NOTIFY_CHANGE_ATTRIBUTES 0x00000004L
#define FILE_NOTIFY_CHANGE_SIZE 0x00000008L
#define FILE_NOTIFY_CHANGE_LAST_WRITE 0x00000010L
#define FILE_NOTIFY_CHANGE_LAST_ACCESS 0x00000020L
#define FILE_NOTIFY_CHANGE_CREATION 0x00000040L
#define FILE_NOTIFY_CHANGE_EA 0x00000080L
#define FILE_NOTIFY_CHANGE_SECURITY 0x00000100L
#define FILE_NOTIFY_CHANGE_STREAM_NAME 0x00000200L
#define FILE_NOTIFY_CHANGE_STREAM_SIZE 0x00000400L
#define FILE_NOTIFY_CHANGE_STREAM_WRITE 0x00000800L
#define FILE_NOTIFY_VALID_MASK 0x00000FFFL
/* File actions */
#define FILE_ACTION_ADDED 0x00000001L
#define FILE_ACTION_REMOVED 0x00000002L
#define FILE_ACTION_MODIFIED 0x00000003L
#define FILE_ACTION_RENAMED_OLD_NAME 0x00000004L
#define FILE_ACTION_RENAMED_NEW_NAME 0x00000005L
#define FILE_ACTION_ADDED_STREAM 0x00000006L
#define FILE_ACTION_REMOVED_STREAM 0x00000007L
#define FILE_ACTION_MODIFIED_STREAM 0x00000008L
#define FILE_ACTION_REMOVED_BY_DELETE 0x00000009L
#define FILE_ACTION_ID_NOT_TUNNELLED 0x0000000AL
#define FILE_ACTION_TUNNELLED_ID_COLLISION 0x0000000BL
/* Named pipe types */
#define FILE_PIPE_BYTE_STREAM_TYPE 0x00000000L
#define FILE_PIPE_MESSAGE_TYPE 0x00000001L
#define FILE_PIPE_ACCEPT_REMOTE_CLIENTS 0x00000000L
#define FILE_PIPE_REJECT_REMOTE_CLIENTS 0x00000002L
#define FILE_PIPE_TYPE_VALID_MASK 0x00000003L
/* Named pipe completion modes */
#define FILE_PIPE_QUEUE_OPERATION 0x00000000L
#define FILE_PIPE_COMPLETE_OPERATION 0x00000001L
/* Named pipe read modes */
#define FILE_PIPE_BYTE_STREAM_MODE 0x00000000L
#define FILE_PIPE_MESSAGE_MODE 0x00000001L
/* Named pipe configuration flags */
#define FILE_PIPE_INBOUND 0x00000000L
#define FILE_PIPE_OUTBOUND 0x00000001L
#define FILE_PIPE_FULL_DUPLEX 0x00000002L
/* Named pipe state flags */
#define FILE_PIPE_DISCONNECTED_STATE 0x00000001L
#define FILE_PIPE_LISTENING_STATE 0x00000002L
#define FILE_PIPE_CONNECTED_STATE 0x00000003L
#define FILE_PIPE_CLOSING_STATE 0x00000004L
/* Named pipe end flags */
#define FILE_PIPE_CLIENT_END 0x00000000L
#define FILE_PIPE_SERVER_END 0x00000001L
/* File system flags */
#define FILE_CASE_SENSITIVE_SEARCH 0x00000001L
#define FILE_CASE_PRESERVED_NAMES 0x00000002L
#define FILE_UNICODE_ON_DISK 0x00000004L
#define FILE_PERSISTENT_ACLS 0x00000008L
#define FILE_FILE_COMPRESSION 0x00000010L
#define FILE_VOLUME_QUOTAS 0x00000020L
#define FILE_SUPPORTS_SPARSE_FILES 0x00000040L
#define FILE_SUPPORTS_REPARSE_POINTS 0x00000080L
#define FILE_SUPPORTS_REMOTE_STORAGE 0x00000100L
#define FILE_VOLUME_IS_COMPRESSED 0x00008000L
#define FILE_SUPPORTS_OBJECT_IDS 0x00010000L
#define FILE_SUPPORTS_ENCRYPTION 0x00020000L
#define FILE_NAMED_STREAMS 0x00040000L
#define FILE_READ_ONLY_VOLUME 0x00080000L
#define FILE_SEQUENTIAL_WRITE_ONCE 0x00100000L
#define FILE_SUPPORTS_TRANSACTIONS 0x00200000L
#define FILE_SUPPORTS_HARD_LINKS 0x00400000L
#define FILE_SUPPORTS_EXTENDED_ATTRIBUTES 0x00800000L
#define FILE_SUPPORTS_OPEN_BY_FILE_ID 0x01000000L
#define FILE_SUPPORTS_USN_JOURNAL 0x02000000L
/* File extended attribute flags */
#define FILE_NEED_EA 0x00000080L
/* File extended attribute types */
#define FILE_EA_TYPE_BINARY 0xFFFE
#define FILE_EA_TYPE_ASCII 0xFFFD
#define FILE_EA_TYPE_BITMAP 0xFFFB
#define FILE_EA_TYPE_METAFILE 0xFFFA
#define FILE_EA_TYPE_ICON 0xFFF9
#define FILE_EA_TYPE_EA 0xFFEE
#define FILE_EA_TYPE_MVMT 0xFFDF
#define FILE_EA_TYPE_MVST 0xFFDE
#define FILE_EA_TYPE_ASN1 0xFFDD
#define FILE_EA_TYPE_FAMILY_IDS 0xFF01
/* File identifier global transaction directory information flags */
#define FILE_ID_GLOBAL_TX_DIR_INFO_FLAG_WRITELOCKED 0x00000001L
#define FILE_ID_GLOBAL_TX_DIR_INFO_FLAG_VISIBLE_TO_TX 0x00000002L
#define FILE_ID_GLOBAL_TX_DIR_INFO_FLAG_VISIBLE_OUTSIDE_TX 0x00000004L
/* DOS wildcard characters */
#define ANSI_DOS_STAR '<'
#define ANSI_DOS_QM '>'
#define ANSI_DOS_DOT '"'
#define DOS_START L'<'
#define DOS_QM L'>'
#define DOS_DOT L'"'
/* Remote protocol flags */
#define REMOTE_PROTOCOL_FLAG_LOOPBACK 0x00000001L
#define REMOTE_PROTOCOL_FLAG_OFFLINE 0x00000002L
/* File system volume control flags */
#define FILE_VC_QUOTA_NONE 0x00000000L
#define FILE_VC_QUOTA_TRACK 0x00000001L
#define FILE_VC_QUOTA_ENFORCE 0x00000002L
#define FILE_VC_QUOTA_MASK 0x00000003L
#define FILE_VC_CONTENT_INDEX_DISABLED 0x00000008L
#define FILE_VC_LOG_QUOTA_THRESHOLD 0x00000010L
#define FILE_VC_LOG_QUOTA_LIMIT 0x00000020L
#define FILE_VC_LOG_VOLUME_THRESHOLD 0x00000040L
#define FILE_VC_LOG_VOLUME_LIMIT 0x00000080L
#define FILE_VC_QUOTAS_INCOMPLETE 0x00000100L
#define FILE_VC_QUOTAS_REBUILDING 0x00000200L
#define FILE_VC_VALID_MASK 0x000003FFL
/* File system control codes */
#define FSCTL_REQUEST_OPLOCK_LEVEL_1 \
CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 0, METHOD_BUFFERED, FILE_ANY_ACCESS )
#define FSCTL_REQUEST_OPLOCK_LEVEL_2 \
CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 1, METHOD_BUFFERED, FILE_ANY_ACCESS )
#define FSCTL_REQUEST_BATCH_OPLOCK \
CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 2, METHOD_BUFFERED, FILE_ANY_ACCESS )
#define FSCTL_OPLOCK_BREAK_ACKNOWLEDGE \
CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 3, METHOD_BUFFERED, FILE_ANY_ACCESS )
#define FSCTL_OPBATCH_ACK_CLOSE_PENDING \
CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 4, METHOD_BUFFERED, FILE_ANY_ACCESS )
#define FSCTL_OPLOCK_BREAK_NOTIFY \
CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 5, METHOD_BUFFERED, FILE_ANY_ACCESS )
#define FSCTL_LOCK_VOLUME \
CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 6, METHOD_BUFFERED, FILE_ANY_ACCESS )
#define FSCTL_UNLOCK_VOLUME \
CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 7, METHOD_BUFFERED, FILE_ANY_ACCESS )
#define FSCTL_DISMOUNT_VOLUME \
CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 8, METHOD_BUFFERED, FILE_ANY_ACCESS )
#define FSCTL_IS_VOLUME_MOUNTED \
CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 10, METHOD_BUFFERED, FILE_ANY_ACCESS )
#define FSCTL_IS_PATHNAME_VALID \
CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 11, METHOD_BUFFERED, FILE_ANY_ACCESS )
#define FSCTL_MARK_VOLUME_DIRTY \
CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 12, METHOD_BUFFERED, FILE_ANY_ACCESS )
#define FSCTL_QUERY_RETRIEVAL_POINTERS \
CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 14, METHOD_NEITHER, FILE_ANY_ACCESS )
#define FSCTL_GET_COMPRESSION \
CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 15, METHOD_BUFFERED, FILE_ANY_ACCESS )
#define FSCTL_SET_COMPRESSION \
CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 16, METHOD_BUFFERED, FILE_READ_DATA | \
FILE_WRITE_DATA )
#define FSCTL_SET_BOOTLOADER_ACCESSED \
CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 19, METHOD_NEITHER, FILE_ANY_ACCESS )
#define FSCTL_OPLOCK_BREAK_ACK_NO_2 \
CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 20, METHOD_BUFFERED, FILE_ANY_ACCESS )
#define FSCTL_INVALIDATE_VOLUMES \
CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 21, METHOD_BUFFERED, FILE_ANY_ACCESS )
#define FSCTL_QUERY_FAT_BPB \
CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 22, METHOD_BUFFERED, FILE_ANY_ACCESS )
#define FSCTL_REQUEST_FILTER_OPLOCK \
CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 23, METHOD_BUFFERED, FILE_ANY_ACCESS )
#define FSCTL_FILESYSTEM_GET_STATISTICS \
CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 24, METHOD_BUFFERED, FILE_ANY_ACCESS )
#if (_WIN32_WINNT >= 0x0400)
#define FSCTL_GET_NTFS_VOLUME_DATA \
CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 25, METHOD_BUFFERED, FILE_ANY_ACCESS )
#define FSCTL_GET_NTFS_FILE_RECORD \
CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 26, METHOD_BUFFERED, FILE_ANY_ACCESS )
#define FSCTL_GET_VOLUME_BITMAP \
CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 27, METHOD_NEITHER, FILE_ANY_ACCESS )
#define FSCTL_GET_RETRIEVAL_POINTERS \
CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 28, METHOD_NEITHER, FILE_ANY_ACCESS )
#define FSCTL_MOVE_FILE \
CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 29, METHOD_BUFFERED, FILE_SPECIAL_ACCESS )
#define FSCTL_IS_VOLUME_DIRTY \
CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 30, METHOD_BUFFERED, FILE_ANY_ACCESS )
#define FSCTL_ALLOW_EXTENDED_DASD_IO \
CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 32, METHOD_NEITHER, FILE_ANY_ACCESS )
#endif
#if (_WIN32_WINNT >= 0x0500)
#define FSCTL_FIND_FILES_BY_SID \
CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 35, METHOD_NEITHER, FILE_ANY_ACCESS )
#define FSCTL_SET_OBJECT_ID \
CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 38, METHOD_BUFFERED, FILE_SPECIAL_ACCESS )
#define FSCTL_GET_OBJECT_ID \
CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 39, METHOD_BUFFERED, FILE_ANY_ACCESS )
#define FSCTL_DELETE_OBJECT_ID \
CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 40, METHOD_BUFFERED, FILE_SPECIAL_ACCESS )
#define FSCTL_SET_REPARSE_POINT \
CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 41, METHOD_BUFFERED, FILE_SPECIAL_ACCESS )
#define FSCTL_GET_REPARSE_POINT \
CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 42, METHOD_BUFFERED, FILE_ANY_ACCESS )
#define FSCTL_DELETE_REPARSE_POINT \
CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 43, METHOD_BUFFERED, FILE_SPECIAL_ACCESS )
#define FSCTL_ENUM_USN_DATA \
CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 44, METHOD_NEITHER, FILE_ANY_ACCESS )
#define FSCTL_SECURITY_ID_CHECK \
CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 45, METHOD_NEITHER, FILE_READ_DATA )
#define FSCTL_READ_USN_JOURNAL \
CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 46, METHOD_NEITHER, FILE_ANY_ACCESS )
#define FSCTL_SET_OBJECT_ID_EXTENDED \
CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 47, METHOD_BUFFERED, FILE_SPECIAL_ACCESS )
#define FSCTL_CREATE_OR_GET_OBJECT_ID \
CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 48, METHOD_BUFFERED, FILE_ANY_ACCESS )
#define FSCTL_SET_SPARSE \
CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 49, METHOD_BUFFERED, FILE_SPECIAL_ACCESS )
#define FSCTL_SET_ZERO_DATA \
CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 50, METHOD_BUFFERED, FILE_WRITE_DATA )
#define FSCTL_QUERY_ALLOCATED_RANGES \
CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 51, METHOD_NEITHER, FILE_READ_DATA )
#define FSCTL_ENABLE_UPGRADE \
CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 52, METHOD_BUFFERED, FILE_WRITE_DATA )
#define FSCTL_SET_ENCRYPTION \
CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 53, METHOD_NEITHER, FILE_ANY_ACCESS )
#define FSCTL_ENCRYPTION_FSCTL_IO \
CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 54, METHOD_NEITHER, FILE_ANY_ACCESS )
#define FSCTL_WRITE_RAW_ENCRYPTED \
CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 55, METHOD_NEITHER, FILE_SPECIAL_ACCESS )
#define FSCTL_READ_RAW_ENCRYPTED \
CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 56, METHOD_NEITHER, FILE_SPECIAL_ACCESS )
#define FSCTL_CREATE_USN_JOURNAL \
CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 57, METHOD_NEITHER, FILE_ANY_ACCESS )
#define FSCTL_READ_FILE_USN_DATA \
CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 58, METHOD_NEITHER, FILE_ANY_ACCESS )
#define FSCTL_WRITE_USN_CLOSE_RECORD \
CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 59, METHOD_NEITHER, FILE_ANY_ACCESS )
#define FSCTL_EXTEND_VOLUME \
CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 60, METHOD_BUFFERED, FILE_ANY_ACCESS )
#define FSCTL_QUERY_USN_JOURNAL \
CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 61, METHOD_BUFFERED, FILE_ANY_ACCESS )
#define FSCTL_DELETE_USN_JOURNAL \
CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 62, METHOD_BUFFERED, FILE_ANY_ACCESS )
#define FSCTL_MARK_HANDLE \
CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 63, METHOD_BUFFERED, FILE_ANY_ACCESS )
#define FSCTL_SIS_COPYFILE \
CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 64, METHOD_BUFFERED, FILE_ANY_ACCESS )
#define FSCTL_SIS_LINK_FILES \
CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 65, METHOD_BUFFERED, FILE_READ_DATA | \
FILE_WRITE_DATA )
#define FSCTL_RECALL_FILE \
CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 69, METHOD_NEITHER, FILE_ANY_ACCESS )
#define FSCTL_READ_FROM_PLEX \
CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 71, METHOD_OUT_DIRECT, FILE_READ_DATA )
#define FSCTL_FILE_PREFETCH \
CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 72, METHOD_BUFFERED, FILE_SPECIAL_ACCESS )
#endif
#if (_WIN32_WINNT >= 0x0600)
#define FSCTL_MAKE_MEDIA_COMPATIBLE \
CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 76, METHOD_BUFFERED, FILE_WRITE_DATA )
#define FSCTL_SET_DEFECT_MANAGEMENT \
CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 77, METHOD_BUFFERED, FILE_WRITE_DATA )
#define FSCTL_QUERY_SPARING_INFO \
CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 78, METHOD_BUFFERED, FILE_ANY_ACCESS )
#define FSCTL_QUERY_ON_DISK_VOLUME_INFO \
CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 79, METHOD_BUFFERED, FILE_ANY_ACCESS )
#define FSCTL_SET_VOLUME_COMPRESSION_STATE \
CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 80, METHOD_BUFFERED, FILE_SPECIAL_ACCESS )
#define FSCTL_TXFS_MODIFY_RM \
CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 81, METHOD_BUFFERED, FILE_WRITE_DATA )
#define FSCTL_TXFS_QUERY_RM_INFORMATION \
CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 82, METHOD_BUFFERED, FILE_READ_DATA )
#define FSCTL_TXFS_ROLLFORWARD_REDO \
CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 84, METHOD_BUFFERED, FILE_WRITE_DATA )
#define FSCTL_TXFS_ROLLFORWARD_UNDO \
CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 85, METHOD_BUFFERED, FILE_WRITE_DATA )
#define FSCTL_TXFS_START_RM \
CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 86, METHOD_BUFFERED, FILE_WRITE_DATA )
#define FSCTL_TXFS_SHUTDOWN_RM \
CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 87, METHOD_BUFFERED, FILE_WRITE_DATA )
#define FSCTL_TXFS_READ_BACKUP_INFORMATION \
CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 88, METHOD_BUFFERED, FILE_READ_DATA )
#define FSCTL_TXFS_WRITE_BACKUP_INFORMATION \
CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 89, METHOD_BUFFERED, FILE_WRITE_DATA )
#define FSCTL_TXFS_CREATE_SECONDARY_RM \
CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 90, METHOD_BUFFERED, FILE_WRITE_DATA )
#define FSCTL_TXFS_GET_METADATA_INFO \
CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 91, METHOD_BUFFERED, FILE_READ_DATA )
#define FSCTL_TXFS_GET_TRANSACTED_VERSION \
CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 92, METHOD_BUFFERED, FILE_READ_DATA )
#define FSCTL_TXFS_SAVEPOINT_INFORMATION \
CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 94, METHOD_BUFFERED, FILE_WRITE_DATA )
#define FSCTL_TXFS_CREATE_MINIVERSION \
CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 95, METHOD_BUFFERED, FILE_WRITE_DATA )
#define FSCTL_TXFS_TRANSACTION_ACTIVE \
CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 99, METHOD_BUFFERED, FILE_READ_DATA )
#define FSCTL_SET_ZERO_ON_DEALLOCATION \
CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 101, METHOD_BUFFERED, FILE_SPECIAL_ACCESS )
#define FSCTL_SET_REPAIR \
CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 102, METHOD_BUFFERED, FILE_ANY_ACCESS )
#define FSCTL_GET_REPAIR \
CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 103, METHOD_BUFFERED, FILE_ANY_ACCESS )
#define FSCTL_WAIT_FOR_REPAIR \
CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 104, METHOD_BUFFERED, FILE_ANY_ACCESS )
#define FSCTL_INITIATE_REPAIR \
CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 106, METHOD_BUFFERED, FILE_ANY_ACCESS )
#define FSCTL_CSC_INTERNAL \
CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 107, METHOD_NEITHER, FILE_ANY_ACCESS )
#define FSCTL_SHRINK_VOLUME \
CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 108, METHOD_BUFFERED, FILE_SPECIAL_ACCESS )
#define FSCTL_SET_SHORT_NAME_BEHAVIOR \
CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 109, METHOD_BUFFERED, FILE_ANY_ACCESS )
#define FSCTL_DFSR_SET_GHOST_HANDLE_STATE \
CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 110, METHOD_BUFFERED, FILE_ANY_ACCESS )
#define FSCTL_TXFS_LIST_TRANSACTION_LOCKED_FILES \
CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 120, METHOD_BUFFERED, FILE_READ_DATA )
#define FSCTL_TXFS_LIST_TRANSACTIONS \
CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 121, METHOD_BUFFERED, FILE_READ_DATA )
#define FSCTL_QUERY_PAGEFILE_ENCRYPTION \
CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 122, METHOD_BUFFERED, FILE_ANY_ACCESS )
#define FSCTL_RESET_VOLUME_ALLOCATION_HINTS \
CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 123, METHOD_BUFFERED, FILE_ANY_ACCESS )
#endif
#if (_WIN32_WINNT >= 0x0601)
#define FSCTL_QUERY_DEPENDENT_VOLUME \
CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 124, METHOD_BUFFERED, FILE_ANY_ACCESS )
#define FSCTL_SD_GLOBAL_CHANGE \
CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 125, METHOD_BUFFERED, FILE_ANY_ACCESS )
#endif
#if (_WIN32_WINNT >= 0x0600)
#define FSCTL_TXFS_READ_BACKUP_INFORMATION2 \
CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 126, METHOD_BUFFERED, FILE_ANY_ACCESS )
#endif
#if (_WIN32_WINNT >= 0x0601)
#define FSCTL_LOOKUP_STREAM_FROM_CLUSTER \
CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 127, METHOD_BUFFERED, FILE_ANY_ACCESS )
#define FSCTL_TXFS_WRITE_BACKUP_INFORMATION2 \
CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 128, METHOD_BUFFERED, FILE_ANY_ACCESS )
#define FSCTL_FILE_TYPE_NOTIFICATION \
CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 129, METHOD_BUFFERED, FILE_ANY_ACCESS )
#define FSCTL_GET_BOOT_AREA_INFO \
CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 140, METHOD_BUFFERED, FILE_ANY_ACCESS )
#define FSCTL_GET_RETRIEVAL_POINTER_BASE \
CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 141, METHOD_BUFFERED, FILE_ANY_ACCESS )
#define FSCTL_SET_PERSISTENT_VOLUME_STATE \
CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 142, METHOD_BUFFERED, FILE_ANY_ACCESS )
#define FSCTL_QUERY_PERSISTENT_VOLUME_STATE \
CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 143, METHOD_BUFFERED, FILE_ANY_ACCESS )
#define FSCTL_REQUEST_OPLOCK \
CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 144, METHOD_BUFFERED, FILE_ANY_ACCESS )
#define FSCTL_CSV_TUNNEL_REQUEST \
CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 145, METHOD_BUFFERED, FILE_ANY_ACCESS )
#define FSCTL_IS_CSV_FILE \
CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 146, METHOD_BUFFERED, FILE_ANY_ACCESS )
#define FSCTL_QUERY_FILE_SYSTEM_RECOGNITION \
CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 147, METHOD_BUFFERED, FILE_ANY_ACCESS )
#define FSCTL_CSV_GET_VOLUME_PATH_NAME \
CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 148, METHOD_BUFFERED, FILE_ANY_ACCESS )
#define FSCTL_CSV_GET_VOLUME_NAME_FOR_VOLUME_MOUNT_POINT \
CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 149, METHOD_BUFFERED, FILE_ANY_ACCESS )
#define FSCTL_CSV_GET_VOLUME_PATH_NAMES_FOR_VOLUME_NAME \
CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 150, METHOD_BUFFERED, FILE_ANY_ACCESS )
#define FSCTL_IS_FILE_ON_CSV_VOLUME \
CTL_CODE( FILE_DEVICE_FILE_SYSTEM, 151, METHOD_BUFFERED, FILE_ANY_ACCESS )
#endif
#define FSCTL_MARK_AS_SYSTEM_HIVE FSCTL_SET_BOOTLOADER_ACCESSED
/* USN reasons */
#if (_WIN32_WINNT >= 0x0500)
#define USN_REASON_DATA_OVERWRITE 0x00000001L
#define USN_REASON_DATA_EXTEND 0x00000002L
#define USN_REASON_DATA_TRUNCATION 0x00000004L
#define USN_REASON_NAMED_DATA_OVERWRITE 0x00000010L
#define USN_REASON_NAMED_DATA_EXTEND 0x00000020L
#define USN_REASON_NAMED_DATA_TRUNCATION 0x00000040L
#define USN_REASON_FILE_CREATE 0x00000100L
#define USN_REASON_FILE_DELETE 0x00000200L
#define USN_REASON_EA_CHANGE 0x00000400L
#define USN_REASON_SECURITY_CHANGE 0x00000800L
#define USN_REASON_RENAME_OLD_NAME 0x00001000L
#define USN_REASON_RENAME_NEW_NAME 0x00002000L
#define USN_REASON_INDEXABLE_CHANGE 0x00004000L
#define USN_REASON_BASIC_INFO_CHANGE 0x00008000L
#define USN_REASON_HARD_LINK_CHANGE 0x00010000L
#define USN_REASON_COMPRESSION_CHANGE 0x00020000L
#define USN_REASON_ENCRYPTION_CHANGE 0x00040000L
#define USN_REASON_OBJECT_ID_CHANGE 0x00080000L
#define USN_REASON_REPARSE_POINT_CHANGE 0x00100000L
#define USN_REASON_STREAM_CHANGE 0x00200000L
#define USN_REASON_TRANSACTED_CHANGE 0x00400000L
#define USN_REASON_CLOSE 0x80000000L
#endif
/* FSCTL_DELETE_USN_JOURNAL flags */
#if (_WIN32_WINNT >= 0x0500)
#define USN_DELETE_FLAG_DELETE 0x00000001L
#define USN_DELETE_FLAG_NOTIFY 0x00000002L
#define USN_DELETE_VALID_FLAGS 0x00000003L
#endif
/* FSCTL_MARK_HANDLE source information flags */
#if (_WIN32_WINNT >= 0x0500)
#define USN_SOURCE_DATA_MANAGEMENT 0x00000001L
#define USN_SOURCE_AUXILIARY_DATA 0x00000002L
#define USN_SOURCE_REPLICATION_MANAGEMENT 0x00000004L
#endif
/* FSCTL_MARK_HANDLE handle information flags */
#if (_WIN32_WINNT >= 0x0500)
#define MARK_HANDLE_PROTECT_CLUSTERS 0x00000001L
#define MARK_HANDLE_TXF_SYSTEM_LOG 0x00000004L
#define MARK_HANDLE_NOT_TXF_SYSTEM_LOG 0x00000008L
#endif
#if (_WIN32_WINNT >= 0x0601)
#define MARK_HANDLE_REALTIME 0x00000020L
#define MARK_HANDLE_NOT_REALTIME 0x00000040L
#endif
/* 8.3 name flags */
#if (_WIN32_WINNT >= 0x0601)
#define NO_8DOT3_NAME_PRESENT 0x00000001L
#define REMOVED_8DOT3_NAME 0x00000002L
#endif
/* Persistent volume states */
#if (_WIN32_WINNT >= 0x0601)
#define PERSISTENT_VOLUME_STATE_SHORT_NAME_CREATION_DISABLED 0x00000001L
#endif
/* FSCTL_IS_VOLUME_DIRTY returned flags */
#if (_WIN32_WINNT >= 0x0500)
#define VOLUME_IS_DIRTY 0x00000001L
#define VOLUME_UPGRADE_SCHEDULED 0x00000002L
#define VOLUME_SESSION_OPEN 0x00000004L
#endif
/* File prefetch types */
#if (_WIN32_WINNT >= 0x0500)
#define FILE_PREFETCH_TYPE_FOR_CREATE 0x00000001L
#define FILE_PREFETCH_TYPE_FOR_DIRENUM 0x00000002L
#define FILE_PREFETCH_TYPE_FOR_CREATE_EX 0x00000003L
#define FILE_PREFETCH_TYPE_FOR_DIRENUM_EX 0x00000004L
#define FILE_PREFETCH_TYPE_MAX 0x00000004L
#endif
/* File system types */
#define FILESYSTEM_STATISTICS_TYPE_NTFS 1
#define FILESYSTEM_STATISTICS_TYPE_FAT 2
#define FILESYSTEM_STATISTICS_TYPE_EXFAT 3
/* Encryption operations */
#if (_WIN32_WINNT >= 0x0500)
#define FILE_SET_ENCRYPTION 0x00000001L
#define FILE_CLEAR_ENCRYPTION 0x00000002L
#define STREAM_SET_ENCRYPTION 0x00000003L
#define STREAM_CLEAR_ENCRYPTION 0x00000004L
#define MAXIMUM_ENCRYPTION_VALUE 0x00000004L
#endif
/* Compression formats */
#if (_WIN32_WINNT >= 0x0500)
#define COMPRESSION_FORMAT_SPARSE 0x4000
#endif
/* FSCTL_SIS_COPYFILE flags */
#if (_WIN32_WINNT >= 0x0500)
#define COPYFILE_SIS_LINK 0x00000001L
#define COPYFILE_SIS_REPLACE 0x00000002L
#define COPYFILE_SIS_FLAGS 0x00000003L
#endif
/* FSCTL_SET_REPAIR flags */
#if (_WIN32_WINNT >= 0x0600)
#define SET_REPAIR_ENABLED 0x00000001L
#define SET_REPAIR_VOLUME_BITMAP_SCAN 0x00000002L
#define SET_REPAIR_DELETE_CROSSLINK 0x00000004L
#define SET_REPAIR_WARN_ABOUT_DATA_LOSS 0x00000008L
#define SET_REPAIR_DISABLED_AND_BUGCHECK_ON_CORRUPT 0x00000010L
#define SET_REPAIR_VALID_MASK 0x0000000FL
#endif
/* TXFS flags */
#if (_WIN32_WINNT >= 0x0600)
#define TXFS_RM_FLAG_LOGGING_MODE 0x00000001L
#define TXFS_RM_FLAG_RENAME_RM 0x00000002L
#define TXFS_RM_FLAG_LOG_CONTAINER_COUNT_MAX 0x00000004L
#define TXFS_RM_FLAG_LOG_CONTAINER_COUNT_MIN 0x00000008L
#define TXFS_RM_FLAG_LOG_GROWTH_INCREMENT_NUM_CONTAINERS 0x00000010L
#define TXFS_RM_FLAG_LOG_GROWTH_INCREMENT_PERCENT 0x00000020L
#define TXFS_RM_FLAG_LOG_AUTO_SHRINK_PERCENTAGE 0x00000040L
#define TXFS_RM_FLAG_LOG_NO_CONTAINER_COUNT_MAX 0x00000080L
#define TXFS_RM_FLAG_LOG_NO_CONTAINER_COUNT_MIN 0x00000100L
#define TXFS_RM_FLAG_GROW_LOG 0x00000400L
#define TXFS_RM_FLAG_SHRINK_LOG 0x00000800L
#define TXFS_RM_FLAG_ENFORCE_MINIMUM_SIZE 0x00001000L
#define TXFS_RM_FLAG_PRESERVE_CHANGES 0x00002000L
#define TXFS_RM_FLAG_RESET_RM_AT_NEXT_START 0x00004000L
#define TXFS_RM_FLAG_DO_NOT_RESET_RM_AT_NEXT_START 0x00008000L
#define TXFS_RM_FLAG_PREFER_CONSISTENCY 0x00010000L
#define TXFS_RM_FLAG_PREFER_AVAILABILITY 0x00020000L
#define TXFS_MODIFY_RM_VALID_FLAGS \
(TXFS_RM_FLAG_LOGGING_MODE | TXFS_RM_FLAG_RENAME_RM | \
TXFS_RM_FLAG_LOG_CONTAINER_COUNT_MAX | TXFS_RM_FLAG_LOG_CONTAINER_COUNT_MIN | \
TXFS_RM_FLAG_LOG_GROWTH_INCREMENT_NUM_CONTAINERS | \
TXFS_RM_FLAG_LOG_GROWTH_INCREMENT_PERCENT | \
TXFS_RM_FLAG_LOG_AUTO_SHRINK_PERCENTAGE | \
TXFS_RM_FLAG_LOG_NO_CONTAINER_COUNT_MAX | \
TXFS_RM_FLAG_LOG_NO_CONTAINER_COUNT_MIN | TXFS_RM_FLAG_GROW_LOG | \
TXFS_RM_FLAG_SHRINK_LOG | TXFS_RM_FLAG_ENFORCE_MINIMUM_SIZE | \
TXFS_RM_FLAG_PRESERVE_CHANGES | TXFS_RM_FLAG_RESET_RM_AT_NEXT_START | \
TXFS_RM_FLAG_DO_NOT_RESET_RM_AT_NEXT_START | TXFS_RM_FLAG_PREFER_CONSISTENCY | \
TXFS_RM_FLAG_PREFER_AVAILABILITY)
#define TXFS_QUERY_RM_INFORMATION_VALID_FLAGS \
(TXFS_RM_FLAG_LOG_GROWTH_INCREMENT_NUM_CONTAINERS | \
TXFS_RM_FLAG_LOG_GROWTH_INCREMENT_PERCENT | \
TXFS_RM_FLAG_LOG_NO_CONTAINER_COUNT_MAX | \
TXFS_RM_FLAG_LOG_NO_CONTAINER_COUNT_MIN | \
TXFS_RM_FLAG_RESET_RM_AT_NEXT_START | \
TXFS_RM_FLAG_DO_NOT_RESET_RM_AT_NEXT_START | TXFS_RM_FLAG_PREFER_CONSISTENCY | \
TXFS_RM_FLAG_PREFER_AVAILABILITY)
#endif
/* TXFS logging modes */
#if (_WIN32_WINNT >= 0x0600)
#define TXFS_LOGGING_MODE_SIMPLE 0x0001
#define TXFS_LOGGING_MODE_FULL 0x0002
#endif
/* TXFS transaction states */
#if (_WIN32_WINNT >= 0x0600)
#define TXFS_TRANSACTION_STATE_NONE 0x00
#define TXFS_TRANSACTION_STATE_ACTIVE 0x01
#define TXFS_TRANSACTION_STATE_PREPARED 0x02
#define TXFS_TRANSACTION_STATE_NOTACTIVE 0x03
#endif
/* TXFS RM states */
#if (_WIN32_WINNT >= 0x0600)
#define TXFS_RM_STATE_NOT_STARTED 0
#define TXFS_RM_STATE_STARTING 1
#define TXFS_RM_STATE_ACTIVE 2
#define TXFS_RM_STATE_SHUTTING_DOWN 3
#endif
/* FSCTL_TXFS_ROLLFORWARD_REDO flags */
#if (_WIN32_WINNT >= 0x0600)
#define TXFS_ROLLFORWARD_REDO_FLAG_USE_LAST_REDO_LSN 0x00000001L
#define TXFS_ROLLFORWARD_REDO_FLAG_USE_LAST_VIRTUAL_CLOCK 0x00000002L
#define TXFS_ROLLFORWARD_REDO_VALID_FLAGS \
(TXFS_ROLLFORWARD_REDO_FLAG_USE_LAST_REDO_LSN | \
TXFS_ROLLFORWARD_REDO_FLAG_USE_LAST_VIRTUAL_CLOCK)
#endif
/* FSCTL_TXFS_START_RM flags */
#if (_WIN32_WINNT >= 0x0600)
#define TXFS_START_RM_FLAG_LOG_CONTAINER_COUNT_MAX 0x00000001L
#define TXFS_START_RM_FLAG_LOG_CONTAINER_COUNT_MIN 0x00000002L
#define TXFS_START_RM_FLAG_LOG_CONTAINER_SIZE 0x00000004L
#define TXFS_START_RM_FLAG_LOG_GROWTH_INCREMENT_NUM_CONTAINERS 0x00000008L
#define TXFS_START_RM_FLAG_LOG_GROWTH_INCREMENT_PERCENT 0x00000010L
#define TXFS_START_RM_FLAG_LOG_AUTO_SHRINK_PERCENTAGE 0x00000020L
#define TXFS_START_RM_FLAG_LOG_NO_CONTAINER_COUNT_MAX 0x00000040L
#define TXFS_START_RM_FLAG_LOG_NO_CONTAINER_COUNT_MIN 0x00000080L
#define TXFS_START_RM_FLAG_RECOVER_BEST_EFFORT 0x00000200L
#define TXFS_START_RM_FLAG_LOGGING_MODE 0x00000400L
#define TXFS_START_RM_FLAG_PRESERVE_CHANGES 0x00000800L
#define TXFS_START_RM_FLAG_PREFER_CONSISTENCY 0x00001000L
#define TXFS_START_RM_FLAG_PREFER_AVAILABILITY 0x00002000L
#define TXFS_START_RM_VALID_FLAG \
(TXFS_START_RM_FLAG_LOG_CONTAINER_COUNT_MAX | \
TXFS_START_RM_FLAG_LOG_CONTAINER_COUNT_MIN | \
TXFS_START_RM_FLAG_LOG_CONTAINER_SIZE | \
TXFS_START_RM_FLAG_LOG_GROWTH_INCREMENT_NUM_CONTAINERS | \
TXFS_START_RM_FLAG_LOG_GROWTH_INCREMENT_PERCENT | \
TXFS_START_RM_FLAG_LOG_AUTO_SHRINK_PERCENTAGE | \
TXFS_START_RM_FLAG_LOG_NO_CONTAINER_COUNT_MAX | \
TXFS_START_RM_FLAG_LOG_NO_CONTAINER_COUNT_MIN | \
TXFS_START_RM_FLAG_RECOVER_BEST_EFFORT | \
TXFS_START_RM_FLAG_LOGGING_MODE | TXFS_START_RM_FLAG_PRESERVE_CHANGES | \
TXFS_START_RM_FLAG_PREFER_CONSISTENCY | TXFS_START_RM_FLAG_PREFER_AVAILABILITY)
#endif
/* FSCTL_TXFS_LIST_TRANSACTION_LOCKED_FILES entry flags */
#if (_WIN32_WINNT >= 0x0600)
#define TXFS_LIST_TRANSACTION_LOCKED_FILES_ENTRY_FLAG_CREATED 0x00000001L
#define TXFS_LIST_TRANSACTION_LOCKED_FILES_ENTRY_FLAG_DELETED 0x00000002L
#endif
/* FSCTL_TXFS_GET_TRANSACTED_VERSION special values */
#if (_WIN32_WINNT >= 0x0600)
#define TXFS_TRANSACTED_VERSION_NONTRANSACTED 0xFFFFFFFEL
#define TXFS_TRANSACTED_VERSION_UNCOMMITTED 0xFFFFFFFFL
#endif
/* TXFS savepoint flags */
#if (_WIN32_WINNT >= 0x0600)
#define TXFS_SAVEPOINT_SET 0x00000001L
#define TXFS_SAVEPOINT_ROLLBACK 0x00000002L
#define TXFS_SAVEPOINT_CLEAR 0x00000004L
#define TXFS_SAVEPOINT_CLEAR_ALL 0x00000010L
#endif
/* Oplock levels */
#if (_WIN32_WINNT >= 0x0601)
#define OPLOCK_LEVEL_CACHE_READ 0x00000001L
#define OPLOCK_LEVEL_CACHE_HANDLE 0x00000002L
#define OPLOCK_LEVEL_CACHE_WRITE 0x00000004L
#endif
/* FSCTL_REQUEST_OPLOCK input flags */
#if (_WIN32_WINNT >= 0x0601)
#define REQUEST_OPLOCK_INPUT_FLAG_REQUEST 0x00000001L
#define REQUEST_OPLOCK_INPUT_FLAG_ACK 0x00000002L
#define REQUEST_OPLOCK_INPUT_FLAG_COMPLETE_ACK_ON_CLOSE 0x00000004L
#endif
/* FSCTL_REQUEST_OPLOCK output flags */
#if (_WIN32_WINNT >= 0x0601)
#define REQUEST_OPLOCK_OUTPUT_FLAG_ACK_REQUIRED 0x00000001L
#define REQUEST_OPLOCK_OUTPUT_FLAG_MODES_PROVIDED 0x00000002L
#endif
/* FSCTL_REQUEST_OPLOCK parameters revision number */
#if (_WIN32_WINNT >= 0x0601)
#define REQUEST_OPLOCK_CURRENT_VERSION 1
#endif
/* FSCTL_SD_GLOBAL_CHANGE types */
#if (_WIN32_WINNT >= 0x0601)
#define SD_GLOBAL_CHANGE_TYPE_MACHINE_SID 1L
#endif
/* Extended encrypted data information flags */
#if (_WIN32_WINNT >= 0x0601)
#define ENCRYPTED_DATA_INFO_SPARSE_FILE 1L
#endif
/* FSCTL_LOOKUP_STREAM_FROM_CLUSTER entry flags */
#if (_WIN32_WINNT >= 0x0601)
#define LOOKUP_STREAM_FROM_CLUSTER_ENTRY_FLAG_PAGE_FILE 0x00000001L
#define LOOKUP_STREAM_FROM_CLUSTER_ENTRY_FLAG_DENY_DEFRAG_SET 0x00000002L
#define LOOKUP_STREAM_FROM_CLUSTER_ENTRY_FLAG_FS_SYSTEM_FILE 0x00000004L
#define LOOKUP_STREAM_FROM_CLUSTER_ENTRY_FLAG_TXF_SYSTEM_FILE 0x00000008L
#define LOOKUP_STREAM_FROM_CLUSTER_ENTRY_ATTRIBUTE_MASK 0xFF000000L
#define LOOKUP_STREAM_FROM_CLUSTER_ENTRY_ATTRIBUTE_DATA 0x01000000L
#define LOOKUP_STREAM_FROM_CLUSTER_ENTRY_ATTRIBUTE_INDEX 0x02000000L
#define LOOKUP_STREAM_FROM_CLUSTER_ENTRY_ATTRIBUTE_SYSTEM 0x03000000L
#endif
/* FSCTL_FILE_TYPE_NOTIFICATION flags */
#if (_WIN32_WINNT >= 0x0601)
#define FILE_TYPE_NOTIFICATION_FLAG_USAGE_BEGIN 0x00000001L
#define FILE_TYPE_NOTIFICATION_FLAG_USAGE_END 0x00000002L
#endif
/* Symbolic link flags */
#define SYMLINK_FLAG_RELATIVE 1L
/* Reparse tags */
#define IO_REPARSE_TAG_MOUNT_POINT 0xA0000003L
#define IO_REPARSE_TAG_HSM 0xC0000004L
#define IO_REPARSE_TAG_DRIVE_EXTENDER 0x80000005L
#define IO_REPARSE_TAG_HSM2 0x80000006L
#define IO_REPARSE_TAG_SIS 0x80000007L
#define IO_REPARSE_TAG_WIM 0x80000008L
#define IO_REPARSE_TAG_CSV 0x80000009L
#define IO_REPARSE_TAG_DFS 0x8000000AL
#define IO_REPARSE_TAG_SYMLINK 0x8000000CL
#define IO_REPARSE_TAG_DFSR 0x80000012L
#define IO_REPARSE_TAG_IFSTEST_CONGRUENT 0x00000009L
#define IO_REPARSE_TAG_MOONWALK_HSM 0x0000000AL
#define IO_REPARSE_TAG_TSINGHUA_UNIVERSITY_RESEARCH 0x0000000BL
#define IO_REPARSE_TAG_ARKIVIO 0x0000000CL
#define IO_REPARSE_TAG_SOLUTIONSOFT 0x2000000DL
#define IO_REPARSE_TAG_COMMVAULT 0x0000000EL
#define IO_REPARSE_TAG_OVERTONE 0x0000000FL
#define IO_REPARSE_TAG_SYMANTEC_HSM2 0x00000010L
#define IO_REPARSE_TAG_ENIGMA_HSM 0x00000011L
#define IO_REPARSE_TAG_SYMANTEC_HSM 0x00000012L
#define IO_REPARSE_TAG_INTERCOPE_HSM 0x00000013L
#define IO_REPARSE_TAG_KOM_NETWORKS_HSM 0x00000014L
#define IO_REPARSE_TAG_MEMORY_TECH_HSM 0x00000015L
#define IO_REPARSE_TAG_BRIDGEHEAD_HSM 0x00000016L
#define IO_REPARSE_TAG_OSR_SAMPLE 0x20000017L
#define IO_REPARSE_TAG_GLOBAL360_HSM 0x00000018L
#define IO_REPARSE_TAG_ALTIRIS_HSM 0x00000019L
#define IO_REPARSE_TAG_HERMES_HSM 0x0000001AL
#define IO_REPARSE_TAG_POINTSOFT_HSM 0x0000001BL
#define IO_REPARSE_TAG_GRAU_DATASTORAGE_HSM 0x0000001CL
#define IO_REPARSE_TAG_COMMVAULT_HSM 0x0000001DL
#define IO_REPARSE_TAG_DATASTOR_SIS 0x0000001EL
#define IO_REPARSE_TAG_TAG_EDSI_HSM 0x0000001FL
#define IO_REPARSE_TAG_HP_HSM 0x00000020L
#define IO_REPARSE_TAG_SER_HSM 0x00000021L
#define IO_REPARSE_TAG_DOUBLE_TAKE_HSM 0x00000022L
#define IO_REPARSE_TAG_WISDATA_HSM 0x00000023L
#define IO_REPARSE_TAG_MIMOSA_HSM 0x00000024L
#define IO_REPARSE_TAG_HSAG_HSM 0x00000025L
#define IO_REPARSE_TAG_ADA_HSM 0x00000026L
#define IO_REPARSE_TAG_AUTN_HSM 0x00000027L
#define IO_REPARSE_TAG_NEXSAN_HSM 0x00000028L
#define IO_REPARSE_TAG_DOUBLE_TAKE_SIS 0x00000029L
#define IO_REPARSE_TAG_SONY_HSM 0x0000002AL
#define IO_REPARSE_TAG_ELTAN_HSM 0x0000002BL
#define IO_REPARSE_TAG_UTIXO_HSM 0x0000002CL
#define IO_REPARSE_TAG_QUEST_HSM 0x0000002DL
#define IO_REPARSE_TAG_DATAGLOBAL_HSM 0x0000002EL
#define IO_REPARSE_TAG_QI_TECH_HSM 0x0000002FL
#define IO_REPARSE_TAG_DATAFIRST_HSM 0x00000030L
#define IO_REPARSE_TAG_C2CSYSTEMS_HSM 0x00000031L
/* Network file system control codes */
#define FSCTL_LMR_GET_LINK_TRACKING_INFORMATION \
CTL_CODE( FILE_DEVICE_NETWORK_FILE_SYSTEM, 58, METHOD_BUFFERED, FILE_ANY_ACCESS )
#define FSCTL_LMR_SET_LINK_TRACKING_INFORMATION \
CTL_CODE( FILE_DEVICE_NETWORK_FILE_SYSTEM, 59, METHOD_BUFFERED, FILE_ANY_ACCESS )
#define FSCTL_LMR_ARE_FILE_OBJECTS_ON_SAME_SERVER \
CTL_CODE( FILE_DEVICE_NETWORK_FILE_SYSTEM, 60, METHOD_BUFFERED, FILE_ANY_ACCESS )
/* Named pipe file system control codes */
#define FSCTL_PIPE_ASSIGN_EVENT \
CTL_CODE( FILE_DEVICE_NAMED_PIPE, 0, METHOD_BUFFERED, FILE_ANY_ACCESS )
#define FSCTL_PIPE_DISCONNECT \
CTL_CODE( FILE_DEVICE_NAMED_PIPE, 1, METHOD_BUFFERED, FILE_ANY_ACCESS )
#define FSCTL_PIPE_LISTEN \
CTL_CODE( FILE_DEVICE_NAMED_PIPE, 2, METHOD_BUFFERED, FILE_ANY_ACCESS )
#define FSCTL_PIPE_PEEK \
CTL_CODE( FILE_DEVICE_NAMED_PIPE, 3, METHOD_BUFFERED, FILE_READ_DATA )
#define FSCTL_PIPE_QUERY_EVENT \
CTL_CODE( FILE_DEVICE_NAMED_PIPE, 4, METHOD_BUFFERED, FILE_ANY_ACCESS )
#define FSCTL_PIPE_TRANSCEIVE \
CTL_CODE( FILE_DEVICE_NAMED_PIPE, 5, METHOD_NEITHER, FILE_READ_DATA | \
FILE_WRITE_DATA )
#define FSCTL_PIPE_WAIT \
CTL_CODE( FILE_DEVICE_NAMED_PIPE, 6, METHOD_BUFFERED, FILE_ANY_ACCESS )
#define FSCTL_PIPE_IMPERSONATE \
CTL_CODE( FILE_DEVICE_NAMED_PIPE, 7, METHOD_BUFFERED, FILE_ANY_ACCESS )
#define FSCTL_PIPE_SET_CLIENT_PROCESS \
CTL_CODE( FILE_DEVICE_NAMED_PIPE, 8, METHOD_BUFFERED, FILE_ANY_ACCESS )
#define FSCTL_PIPE_QUERY_CLIENT_PROCESS \
CTL_CODE( FILE_DEVICE_NAMED_PIPE, 9, METHOD_BUFFERED, FILE_ANY_ACCESS )
#define FSCTL_PIPE_GET_PIPE_ATTRIBUTE \
CTL_CODE( FILE_DEVICE_NAMED_PIPE, 10, METHOD_BUFFERED, FILE_ANY_ACCESS )
#define FSCTL_PIPE_SET_PIPE_ATTRIBUTE \
CTL_CODE( FILE_DEVICE_NAMED_PIPE, 11, METHOD_BUFFERED, FILE_ANY_ACCESS )
#define FSCTL_PIPE_GET_CONNECTION_ATTRIBUTE \
CTL_CODE( FILE_DEVICE_NAMED_PIPE, 12, METHOD_BUFFERED, FILE_ANY_ACCESS )
#define FSCTL_PIPE_SET_CONNECTION_ATTRIBUTE \
CTL_CODE( FILE_DEVICE_NAMED_PIPE, 13, METHOD_BUFFERED, FILE_ANY_ACCESS )
#define FSCTL_PIPE_GET_HANDLE_ATTRIBUTE \
CTL_CODE( FILE_DEVICE_NAMED_PIPE, 14, METHOD_BUFFERED, FILE_ANY_ACCESS )
#define FSCTL_PIPE_SET_HANDLE_ATTRIBUTE \
CTL_CODE( FILE_DEVICE_NAMED_PIPE, 15, METHOD_BUFFERED, FILE_ANY_ACCESS )
#define FSCTL_PIPE_FLUSH \
CTL_CODE( FILE_DEVICE_NAMED_PIPE, 16, METHOD_BUFFERED, FILE_WRITE_DATA )
#define FSCTL_PIPE_INTERNAL_READ \
CTL_CODE( FILE_DEVICE_NAMED_PIPE, 2045, METHOD_BUFFERED, FILE_READ_DATA )
#define FSCTL_PIPE_INTERNAL_WRITE \
CTL_CODE( FILE_DEVICE_NAMED_PIPE, 2046, METHOD_BUFFERED, FILE_WRITE_DATA )
#define FSCTL_PIPE_INTERNAL_TRANSCEIVE \
CTL_CODE( FILE_DEVICE_NAMED_PIPE, 2047, METHOD_NEITHER, FILE_READ_DATA | \
FILE_WRITE_DATA )
#define FSCTL_PIPE_INTERNAL_READ_OVFLOW \
CTL_CODE( FILE_DEVICE_NAMED_PIPE, 2048, METHOD_BUFFERED, FILE_READ_DATA )
/* Device number special value */
#define CSV_INVALID_DEVICE_NUMBER 0xFFFFFFFFL
/* Named pipe entry types */
#define FILE_PIPE_READ_DATA 0x00000000L
#define FILE_PIPE_WRITE_SPACE 0x00000001L
/* Named pipe computer name length */
#define FILE_PIPE_COMPUTER_NAME_LENGTH 15
/* FSCTL_QUERY_DEPENDENT_VOLUME request flags */
#if (_WIN32_WINNT >= 0x0601)
#define QUERY_DEPENDENT_VOLUME_REQUEST_FLAG_HOST_VOLUMES 0x00000001L
#define QUERY_DEPENDENT_VOLUME_REQUEST_FLAG_GUEST_VOLUMES 0x00000002L
#endif
/* Mailslot file system control codes */
#define FSCTL_MAILSLOT_PEEK \
CTL_CODE( FILE_DEVICE_MAILSLOT, 0, METHOD_NEITHER, FILE_READ_DATA )
/* System page priority constants */
#define SYSTEM_PAGE_PRIORITY_BITS 3
#define SYSTEM_PAGE_PRIORITY_LEVELS (1 << SYSTEM_PAGE_PRIORITY_BITS)
/* Token flags */
#define TOKEN_HAS_TRAVERSE_PRIVILEGE 0x0001
#define TOKEN_HAS_BACKUP_PRIVILEGE 0x0002
#define TOKEN_HAS_RESTORE_PRIVILEGE 0x0004
#define TOKEN_WRITE_RESTRICTED 0x0008
#define TOKEN_IS_RESTRICTED 0x0010
#define TOKEN_SESSION_NOT_REFERENCED 0x0020
#define TOKEN_SANDBOX_INERT 0x0040
#define TOKEN_HAS_IMPERSONATE_PRIVILEGE 0x0080
#define SE_BACKUP_PRIVILEGES_CHECKED 0x0100
#define TOKEN_VIRTUALIZE_ALLOWED 0x0200
#define TOKEN_VIRTUALIZE_ENABLED 0x0400
#define TOKEN_IS_FILTERED 0x0800
#define TOKEN_UIACCESS 0x1000
#define TOKEN_NOT_LOW 0x2000
/* I/O flags */
#define IO_OPEN_PAGING_FILE 0x0002
#define IO_OPEN_TARGET_DIRECTORY 0x0004
#define IO_STOP_ON_SYMLINK 0x0008
#define IO_MM_PAGING_FILE 0x0010
/* File system filter operations */
#define FS_FILTER_ACQUIRE_FOR_SECTION_SYNCHRONIZATION 0xFF
#define FS_FILTER_RELEASE_FOR_SECTION_SYNCHRONIZATION 0xFE
#define FS_FILTER_ACQUIRE_FOR_MOD_WRITE 0xFD
#define FS_FILTER_RELEASE_FOR_MOD_WRITE 0xFC
#define FS_FILTER_ACQUIRE_FOR_CC_FLUSH 0xFB
#define FS_FILTER_RELEASE_FOR_CC_FLUSH 0xFA
/* I/O file object pool charge constants */
#define IO_FILE_OBJECT_NON_PAGED_POOL_CHARGE 64
#define IO_FILE_OBJECT_PAGED_POOL_CHARGE 1024
/* Memory management prefetch flags mask */
#if (NTDDI_VERSION >= 0x05010000)
#define MM_PREFETCH_FLAGS_MASK ((1 << (2 * SYSTEM_PAGE_PRIORITY_BITS)) - 1)
#endif
/* FCB header version numbers */
#define FSRTL_FCB_HEADER_V0 0x00
#define FSRTL_FCB_HEADER_V1 0x01
/* FCB header flags */
#define FSRTL_FLAG_FILE_MODIFIED 0x01
#define FSRTL_FLAG_FILE_LENGTH_CHANGED 0x02
#define FSRTL_FLAG_LIMIT_MODIFIED_PAGES 0x04
#define FSRTL_FLAG_ACQUIRE_MAIN_RSRC_EX 0x08
#define FSRTL_FLAG_ACQUIRE_MAIN_RSRC_SH 0x10
#define FSRTL_FLAG_USER_MAPPED_FILE 0x20
#define FSRTL_FLAG_ADVANCED_HEADER 0x40
#define FSRTL_FLAG_EOF_ADVANCE_ACTIVE 0x80
/* FCB header secondary flags */
#define FSRTL_FLAG2_DO_MODIFIED_WRITE 0x01
#define FSRTL_FLAG2_SUPPORTS_FILTER_CONTEXTS 0x02
#define FSRTL_FLAG2_PURGE_WHEN_MAPPED 0x04
#define FSRTL_FLAG2_IS_PAGING_FILE 0x08
/* Top level IRP constants */
#define FSRTL_FSP_TOP_LEVEL_IRP 0x0001
#define FSRTL_CACHE_TOP_LEVEL_IRP 0x0002
#define FSRTL_MOD_WRITE_TOP_LEVEL_IRP 0x0003
#define FSRTL_FAST_IO_TOP_LEVEL_IRP 0x0004
#define FSRTL_NETWORK1_TOP_LEVEL_IRP 0x0005
#define FSRTL_NETWORK2_TOP_LEVEL_IRP 0x0006
#define FSRTL_MAX_TOP_LEVEL_IRP_FLAG 0xFFFF
/* Auxiliary flags */
#define FSRTL_AUXILIARY_FLAG_DEALLOCATE 0x00000001L
/* Legal DBCS character flags */
#define FSRTL_FAT_LEGAL 0x01
#define FSRTL_HPFS_LEGAL 0x02
#define FSRTL_NTFS_LEGAL 0x04
#define FSRTL_WILD_CHARACTER 0x08
#define FSRTL_OLE_LEGAL 0x10
#define FSRTL_NTFS_STREAM_LEGAL (FSRTL_NTFS_LEGAL | FSRTL_OLE_LEGAL)
/* MCB flags */
#define MCB_FLAG_RAISE_ON_ALLOCATION_FAILURE 1
/* FsRtlCheckOplockEx() flags */
#if (NTDDI_VERSION >= 0x06000100)
#define OPLOCK_FLAG_COMPLETE_IF_OPLOCKED 0x00000001L
#endif
#if (NTDDI_VERSION >= 0x06010000)
#define OPLOCK_FLAG_OPLOCK_KEY_CHECK_ONLY 0x00000002L
#define OPLOCK_FLAG_BACK_OUT_ATOMIC_OPLOCK 0x00000004L
#define OPLOCK_FLAG_IGNORE_OPLOCK_KEYS 0x00000008L
#endif
/* FsRtlOplockFsctrlEx() flags */
#if (NTDDI_VERSION >= 0x06010000)
#define OPLOCK_FSCTRL_FLAG_ALL_KEYS_MATCH 0x00000001L
#endif
/* Volume operations */
#define FSRTL_VOLUME_DISMOUNT 1
#define FSRTL_VOLUME_DISMOUNT_FAILED 2
#define FSRTL_VOLUME_LOCK 3
#define FSRTL_VOLUME_LOCK_FAILED 4
#define FSRTL_VOLUME_UNLOCK 5
#define FSRTL_VOLUME_MOUNT 6
#define FSRTL_VOLUME_NEEDS_CHKDSK 7
#define FSRTL_VOLUME_WORM_NEAR_FULL 8
#define FSRTL_VOLUME_WEARING_OUT 9
#define FSRTL_VOLUME_FORCED_CLOSED 10
#define FSRTL_VOLUME_INFO_MAKE_COMPAT 11
#define FSRTL_VOLUME_PREPARING_EJECT 12
#define FSRTL_VOLUME_CHANGE_SIZE 13
#define FSRTL_VOLUME_BACKGROUND_FORMAT 14
/* FsRtlRegisterUncRegisterEx() flags */
#if (NTDDI_VERSION >= 0x06000000)
#define FSRTL_UNC_PROVIDER_FLAGS_MAILSLOTS_SUPPORTED 0x00000001L
#define FSRTL_UNC_PROVIDER_FLAGS_CSC_ENABLED 0x00000002L
#define FSRTL_UNC_PROVIDER_FLAGS_DOMAIN_SVC_AWARE 0x00000004L
#endif
/* Extra create parameter list allocation flags */
#if (NTDDI_VERSION >= 0x06000000)
#define FSRTL_ALLOCATE_ECPLIST_FLAG_CHARGE_QUOTA 0x00000001L
#endif
/* Extra create parameter allocation flags */
#if (NTDDI_VERSION >= 0x06000000)
#define FSRTL_ALLOCATE_ECP_FLAG_CHARGE_QUOTA 0x00000001L
#define FSRTL_ALLOCATE_ECP_FLAG_NONPAGED_POOL 0x00000002L
#endif
/* Extra create parameter lookaside flags */
#if (NTDDI_VERSION >= 0x06000000)
#define FSRTL_ECP_LOOKASIDE_FLAG_NONPAGED_POOL 0x00000002L
#endif
/* Network open extra create parameter flags */
#if (NTDDI_VERSION >= 0x06010000)
#define NETWORK_OPEN_ECP_IN_FLAG_DISABLE_HANDLE_COLLAPSING 0x00000001L
#define NETWORK_OPEN_ECP_IN_FLAG_DISABLE_HANDLE_DURABILITY 0x00000002L
#define NETWORK_OPEN_ECP_IN_FLAG_FORCE_BUFFERED_SYNCHRONOUS_IO_HACK 0x80000000L
#endif
/* Virtual disk nesting flags */
#if (NTDDI_VERSION >= 0x06000000)
#define FSRTL_VIRTDISK_FULLY_ALLOCATED 0x00000001L
#define FSRTL_VIRTDISK_NO_DRIVE_LETTER 0x00000002L
#endif
/* FsRtlLogCcFlushError() flags */
#define FSRTL_CC_FLUSH_ERROR_FLAG_NO_HARD_ERROR 0x00000001L
#define FSRTL_CC_FLUSH_ERROR_FLAG_NO_LOG_ENTRY 0x00000002L
/* Cache manager constants */
#define VACB_MAPPING_GRANULARITY 0x00040000
#define VACB_OFFSET_SHIFT 18
/* CcPurgeCacheSection() flags */
#define UNINITIALIZE_CACHE_MAPS 0x00000001L
#define DO_NOT_RETRY_PURGE 0x00000002L
#define DO_NOT_PURGE_DIRTY_PAGES 0x00000004L
/* CcCoherencyFlushAndPurgeCache() flags */
#define CC_FLUSH_AND_PURGE_NO_PURGE 0x00000001L
/* Pin flags */
#define PIN_WAIT 1L
#define PIN_EXCLUSIVE 2L
#define PIN_NO_READ 4L
#define PIN_IF_BCB 8L
#define PIN_CALLER_TRACKS_DIRTY_DATA 32L
#define PIN_HIGH_PRIORITY 64L
/* Mapping flags */
#define MAP_WAIT 1L
#define MAP_NO_READ 16L
#define MAP_HIGH_PRIORITY 64L
/* Security user data flags */
#define UNDERSTANDS_LONG_NAMES 1L
#define NO_LONG_NAMES 2L
/* MUP device name */
#define DD_MUP_DEVICE_NAME L"\\Device\\Mup"
/* Redirector device I/O control codes */
#define IOCTL_REDIR_QUERY_PATH \
CTL_CODE( FILE_DEVICE_NETWORK_FILE_SYSTEM, 99, METHOD_NEITHER, FILE_ANY_ACCESS )
#define IOCTL_REDIR_QUERY_PATH_EX \
CTL_CODE( FILE_DEVICE_NETWORK_FILE_SYSTEM, 100, METHOD_NEITHER, FILE_ANY_ACCESS )
/* Volume snap device I/O control codes */
#define VOLSNAPCONTROLTYPE ((ULONG)'S')
#define IOCTL_VOLSNAP_FLUSH_AND_HOLD_WRITES \
CTL_CODE( VOLSNAPCONTROLTYPE, 0, METHOD_BUFFERED, FILE_READ_ACCESS | \
FILE_WRITE_ACCESS )
/* Opaque data types */
typedef struct _KPROCESS *PKPROCESS;
typedef struct _KPROCESS *PRKPROCESS;
#if (NTDDI_VERSION >= 0x06000000)
typedef struct _ECP_LIST ECP_LIST;
typedef struct _ECP_LIST *PECP_LIST;
#endif
#if (NTDDI_VERSION >= 0x06010000)
typedef struct _ECP_HEADER ECP_HEADER;
typedef struct _ECP_HEADER *PECP_HEADER;
typedef struct sockaddr_storage *PSOCKADDR_STORAGE_NFS;
#endif
/* SID identifier authority */
typedef struct _SID_IDENTIFIER_AUTHORITY {
UCHAR Value[6];
} SID_IDENTIFIER_AUTHORITY;
typedef SID_IDENTIFIER_AUTHORITY *PSID_IDENTIFIER_AUTHORITY;
/* Security identifier */
typedef struct _SID {
UCHAR Revision;
UCHAR SubAuthorityCount;
SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
ULONG SubAuthority[ANYSIZE_ARRAY];
} SID;
typedef SID *PISID;
/* SID types */
typedef enum _SID_NAME_USE {
SidTypeUser = 1,
SidTypeGroup = 2,
SidTypeDomain = 3,
SidTypeAlias = 4,
SidTypeWellKnownGroup = 5,
SidTypeDeletedAccount = 6,
SidTypeInvalid = 7,
SidTypeUnknown = 8,
SidTypeComputer = 9,
SidTypeLabel = 10
} SID_NAME_USE;
typedef SID_NAME_USE *PSID_NAME_USE;
/* SID and attributes */
typedef struct _SID_AND_ATTRIBUTES {
PSID Sid;
ULONG Attributes;
} SID_AND_ATTRIBUTES;
typedef SID_AND_ATTRIBUTES *PSID_AND_ATTRIBUTES;
/* SID and attributes hash */
typedef struct _SID_AND_ATTRIBUTES_HASH {
ULONG SidCounty;
PSID_AND_ATTRIBUTES SidAttr;
SID_HASH_ENTRY Hash[SID_HASH_SIZE];
} SID_AND_ATTRIBUTES_HASH;
typedef SID_AND_ATTRIBUTES_HASH *PSID_AND_ATTRIBUTES_HASH;
/* ACE header */
typedef struct _ACE_HEADER {
UCHAR AceType;
UCHAR AceFlags;
USHORT AceSize;
} ACE_HEADER;
typedef ACE_HEADER *PACE_HEADER;
/* Access allowed ACE */
typedef struct _ACCESS_ALLOWED_ACE {
ACE_HEADER Header;
ACCESS_MASK Mask;
ULONG SidStart;
} ACCESS_ALLOWED_ACE;
typedef ACCESS_ALLOWED_ACE *PACCESS_ALLLOWED_ACE;
/* Access denied ACE */
typedef struct _ACCESS_DENIED_ACE {
ACE_HEADER Header;
ACCESS_MASK Mask;
ULONG SidStart;
} ACCESS_DENIED_ACE;
typedef ACCESS_DENIED_ACE *PACCESS_DENIED_ACE;
/* System audit ACE */
typedef struct _SYSTEM_AUDIT_ACE {
ACE_HEADER Header;
ACCESS_MASK Mask;
ULONG SidStart;
} SYSTEM_AUDIT_ACE;
typedef SYSTEM_AUDIT_ACE *PSYSTEM_AUDIT_ACE;
/* System alarm ACE */
typedef struct _SYSTEM_ALARM_ACE {
ACE_HEADER Header;
ACCESS_MASK Mask;
ULONG SidStart;
} SYSTEM_ALARM_ACE;
typedef SYSTEM_ALARM_ACE *PSYSTEM_ALARM_ACE;
/* System mandatory label ACE */
typedef struct _SYSTEM_MANDATORY_LABEL_ACE {
ACE_HEADER Header;
ACCESS_MASK Mask;
ULONG SidStart;
} SYSTEM_MANDATORY_LABEL_ACE;
typedef SYSTEM_MANDATORY_LABEL_ACE *PSYSTEM_MANDATORY_LABEL_ACE;
/* Relative security descriptor */
typedef struct _SECURITY_DESCRIPTOR_RELATIVE {
UCHAR Revision;
UCHAR Sbz1;
SECURITY_DESCRIPTOR_CONTROL Control;
ULONG Owner;
ULONG Group;
ULONG Sacl;
ULONG Dacl;
} SECURITY_DESCRIPTOR_RELATIVE;
typedef SECURITY_DESCRIPTOR_RELATIVE *PISECURITY_DESCRIPTOR_RELATIVE;
/* Security descriptor */
typedef struct _SECURITY_DESCRIPTOR {
UCHAR Revision;
UCHAR Sbz1;
SECURITY_DESCRIPTOR_CONTROL Control;
PSID Owner;
PSID Group;
PACL Sacl;
PACL Dacl;
} SECURITY_DESCRIPTOR;
typedef SECURITY_DESCRIPTOR *PISECURITY_DESCRIPTOR;
/* Object type list */
typedef struct _OBJECT_TYPE_LIST {
USHORT Level;
USHORT Sbz;
GUID *ObjectType;
} OBJECT_TYPE_LIST;
typedef OBJECT_TYPE_LIST *POBJECT_TYPE_LIST;
/* Audit event types */
typedef enum _AUDIT_EVENT_TYPE {
AuditEventObjectAccess,
AuditEventDirectoryServiceAccess
} AUDIT_EVENT_TYPE;
/* Access reason types */
typedef enum _ACCESS_REASON_TYPE {
AccessReasonNone = 0x00000000,
AccessReasonAllowedAce = 0x00010000,
AccessReasonDeniedAce = 0x00020000,
AccessReasonAllowedParentAce = 0x00030000,
AccessReasonDeniedParentAce = 0x00040000,
AccessReasonMissingPrivilege = 0x00100000,
AccessReasonFromPrivilege = 0x00200000,
AccessReasonIntegrityLevel = 0x00300000,
AccessReasonOwnership = 0x00400000,
AccessReasonNullDacl = 0x00500000,
AccessReasonEmptyDacl = 0x00600000,
AccessReasonNoSD = 0x00700000,
AccessReasonNoGrant = 0x00800000
} ACCESS_REASON_TYPE;
/* Access reasons */
typedef struct _ACCESS_REASONS {
ACCESS_REASON Data[32];
} ACCESS_REASONS;
typedef ACCESS_REASONS *PACCESS_REASONS;
/* Security descriptor */
typedef struct _SE_SECURITY_DESCRIPTOR {
ULONG Size;
ULONG Flags;
PSECURITY_DESCRIPTOR SecurityDescriptor;
} SE_SECURITY_DESCRIPTOR;
typedef SE_SECURITY_DESCRIPTOR *PSE_SECURITY_DESCRIPTOR;
/* Security access request */
typedef struct _SE_ACCESS_REQUEST {
ULONG Size;
PSE_SECURITY_DESCRIPTOR SeSecurityDescriptor;
ACCESS_MASK DesiredAccess;
ACCESS_MASK PreviouslyGrantedAccess;
PSID PrincipalSelfSid;
PGENERIC_MAPPING GenericMapping;
ULONG ObjectTypeListCount;
POBJECT_TYPE_LIST ObjectTypeList;
} SE_ACCESS_REQUEST;
typedef SE_ACCESS_REQUEST *PSE_ACCESS_REQUEST;
/* Security access reply */
typedef struct _SE_ACCESS_REPLY {
ULONG Size;
ULONG ResultListCount;
PACCESS_MASK GrantedAccess;
PULONG AccessStatus;
PACCESS_REASONS AccessReason;
PPRIVILEGE_SET *Privileges;
} SE_ACCESS_REPLY;
typedef SE_ACCESS_REPLY *PSE_ACCESS_REPLY;
/* Security audit operations */
typedef enum _SE_AUDIT_OPERATION {
AuditPrivilegeObject = 0,
AuditPrivilegeService = 1,
AuditAccessCheck = 2,
AuditOpenObject = 3,
AuditOpenObjectWithTransaction = 4,
AuditCloseObject = 5,
AuditDeleteObject = 6,
AuditOpenObjectForDelete = 7,
AuditOpenObjectForDeleteWithTransaction = 8,
AuditCloseNonObject = 9,
AuditOpenNonObject = 10,
AuditObjectReference = 11,
AuditHandleCreation = 12
} SE_AUDIT_OPERATION;
typedef SE_AUDIT_OPERATION *PSE_AUDIT_OPERATION;
/* Security audit information */
typedef struct _SE_AUDIT_INFO {
ULONG Size;
AUDIT_EVENT_TYPE AuditType;
SE_AUDIT_OPERATION AuditOperation;
ULONG AuditFlags;
UNICODE_STRING SubsystemName;
UNICODE_STRING ObjectTypeName;
UNICODE_STRING ObjectName;
PVOID HandleId;
GUID *TransactionId;
LUID *OperationId;
BOOLEAN ObjectCreation;
BOOLEAN GenerateOnClose;
} SE_AUDIT_INFO;
typedef SE_AUDIT_INFO *PSE_AUDIT_INFO;
/* Token types */
typedef enum _TOKEN_TYPE {
TokenPrimary = 1,
TokenImpersonation = 2
} TOKEN_TYPE;
typedef TOKEN_TYPE *PTOKEN_TYPE;
/* Token elevation types */
typedef enum _TOKEN_ELEVATION_TYPE {
TokenElevationTypeDefault = 1,
TokenElevationTypeFull = 2,
TokenElevationTypeLimited = 3
} TOKEN_ELEVATION_TYPE;
typedef TOKEN_ELEVATION_TYPE *PTOKEN_ELEVATION_TYPE;
/* Token information classes */
typedef enum _TOKEN_INFORMATION_CLASS {
TokenUser = 1,
TokenGroups = 2,
TokenPrivileges = 3,
TokenOwner = 4,
TokenPrimaryGroup = 5,
TokenDefaultDacl = 6,
TokenSource = 7,
TokenType = 8,
TokenImpersonationLevel = 9,
TokenStatistics = 10,
TokenRestrictedSids = 11,
TokenSessionId = 12,
TokenGroupsAndPrivileges = 13,
TokenSessionReference = 14,
TokenSandBoxInert = 15,
TokenAuditPolicy = 16,
TokenOrigin = 17,
TokenElevationType = 18,
TokenLinkedToken = 19,
TokenElevation = 20,
TokenHasRestrictions = 21,
TokenAccessInformation = 22,
TokenVirtualizationAllowed = 23,
TokenVirtualizationEnabled = 24,
TokenIntegrityLevel = 25,
TokenUIAccess = 26,
TokenMandatoryPolicy = 27,
TokenLogonSid = 28,
MaxTokenInfoClass = 29
} TOKEN_INFORMATION_CLASS;
typedef TOKEN_INFORMATION_CLASS *PTOKEN_INFORMATION_CLASS;
/* Token user */
typedef struct _TOKEN_USER {
SID_AND_ATTRIBUTES User;
} TOKEN_USER;
typedef TOKEN_USER *PTOKEN_USER;
/* Token groups */
typedef struct _TOKEN_GROUPS {
ULONG GroupCount;
SID_AND_ATTRIBUTES Groups[ANYSIZE_ARRAY];
} TOKEN_GROUPS;
typedef TOKEN_GROUPS *PTOKEN_GROUPS;
/* Token privileges */
typedef struct _TOKEN_PRIVILEGES {
ULONG PrivilegeCount;
LUID_AND_ATTRIBUTES Privileges[ANYSIZE_ARRAY];
} TOKEN_PRIVILEGES;
typedef TOKEN_PRIVILEGES *PTOKEN_PRIVILEGES;
/* Token owner */
typedef struct _TOKEN_OWNER {
PSID Owner;
} TOKEN_OWNER;
typedef TOKEN_OWNER *PTOKEN_OWNER;
/* Token primary group */
typedef struct _TOKEN_PRIMARY_GROUP {
PSID PrimaryGroup;
} TOKEN_PRIMARY_GROUP;
typedef TOKEN_PRIMARY_GROUP *PTOKEN_PRIMARY_GROUP;
/* Token default DACL */
typedef struct _TOKEN_DEFAULT_DACL {
PACL DefaultDacl;
} TOKEN_DEFAULT_DACL;
typedef TOKEN_DEFAULT_DACL *PTOKEN_DEFAULT_DACL;
/* Token groups and privileges */
typedef struct _TOKEN_GROUPS_AND_PRIVILEGES {
ULONG SidCount;
ULONG SidLength;
PSID_AND_ATTRIBUTES Sids;
ULONG RestrictedSidCount;
ULONG RestrictedSidLength;
PSID_AND_ATTRIBUTES RestrictedSids;
ULONG PrivilegeCount;
ULONG PrivilegeLength;
PLUID_AND_ATTRIBUTES Privileges;
LUID AuthenticationId;
} TOKEN_GROUPS_AND_PRIVILEGES;
typedef TOKEN_GROUPS_AND_PRIVILEGES *PTOKEN_GROUPS_AND_PRIVILEGES;
/* Token linked token */
typedef struct _TOKEN_LINKED_TOKEN {
HANDLE LinkedToken;
} TOKEN_LINKED_TOKEN;
typedef TOKEN_LINKED_TOKEN *PTOKEN_LINKED_TOKEN;
/* Token elevation */
typedef struct _TOKEN_ELEVATION {
ULONG TokenIsElevated;
} TOKEN_ELEVATION;
typedef TOKEN_ELEVATION *PTOKEN_ELEVATION;
/* Token mandatory label */
typedef struct _TOKEN_MANDATORY_LABEL {
SID_AND_ATTRIBUTES Label;
} TOKEN_MANDATORY_LABEL;
typedef TOKEN_MANDATORY_LABEL *PTOKEN_MANDATORY_LABEL;
/* Toke mandatory policy */
typedef struct _TOKEN_MANDATORY_POLICY {
ULONG Policy;
} TOKEN_MANDATORY_POLICY;
typedef TOKEN_MANDATORY_POLICY *PTOKEN_MANDATORY_POLICY;
/* Token access information */
typedef struct _TOKEN_ACCESS_INFORMATION {
PSID_AND_ATTRIBUTES_HASH SidHash;
PSID_AND_ATTRIBUTES_HASH RestrictedSidHash;
PTOKEN_PRIVILEGES Privileges;
LUID AuthenticationId;
TOKEN_TYPE TokenType;
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
TOKEN_MANDATORY_POLICY MandatoryPolicy;
ULONG Flags;
} TOKEN_ACCESS_INFORMATION;
typedef TOKEN_ACCESS_INFORMATION *PTOKEN_ACCESS_INFORMATION;
/* Token audit policy */
typedef struct _TOKEN_AUDIT_POLICY {
UCHAR PerUserPolicy[(POLICY_AUDIT_SUBCATEGORY_COUNT >> 1) + 1];
} TOKEN_AUDIT_POLICY;
typedef TOKEN_AUDIT_POLICY *PTOKEN_AUDIT_POLICY;
/* Token source */
typedef struct _TOKEN_SOURCE {
CHAR SourceName[TOKEN_SOURCE_LENGTH];
LUID SourceIdentifier;
} TOKEN_SOURCE;
typedef TOKEN_SOURCE* PTOKEN_SOURCE;
/* Token statistics */
typedef struct _TOKEN_STATISTICS {
LUID TokenId;
LUID AuthenticationId;
LARGE_INTEGER ExpirationTime;
TOKEN_TYPE TokenType;
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
ULONG DynamicCharged;
ULONG DynamicAvailable;
ULONG GroupCount;
ULONG PrivilegeCount;
LUID ModifiedId;
} TOKEN_STATISTICS;
typedef TOKEN_STATISTICS *PTOKEN_STATISTICS;
/* Token control */
typedef struct _TOKEN_CONTROL {
LUID TokenId;
LUID AuthenticationId;
LUID ModifiedId;
TOKEN_SOURCE TokenSource;
} TOKEN_CONTROL;
typedef TOKEN_CONTROL *PTOKEN_CONTROL;
/* Token origin */
typedef struct _TOKEN_ORIGIN {
LUID OriginatingLogonSession;
} TOKEN_ORIGIN;
typedef TOKEN_ORIGIN *PTOKEN_ORIGIN;
/* Mandatory levels */
typedef enum _MANDATORY_LEVEL {
MandatoryLevelUntrusted = 0,
MandatoryLevelLow = 1,
MandatoryLevelMedium = 2,
MandatoryLevelHigh = 3,
MandatoryLevelSystem = 4,
MandatoryLevelSecureProcess = 5,
MandatoryLevelCount = 6
} MANDATORY_LEVEL;
typedef MANDATORY_LEVEL *PMANDATORY_LEVEL;
/* Heap commit routine */
typedef NTSTATUS (NTAPI RTL_HEAP_COMMIT_ROUTINE)( PVOID, PVOID *, PSIZE_T );
typedef RTL_HEAP_COMMIT_ROUTINE *PRTL_HEAP_COMMIT_ROUTINE;
/* Heap parameters */
typedef struct _RTL_HEAP_PARAMETERS {
ULONG Length;
SIZE_T SegmentReserve;
SIZE_T SegmentCommit;
SIZE_T DeCommitFreeBlockThreshold;
SIZE_T DeCommitTotalFreeThreshold;
SIZE_T MaximumAllocationSize;
SIZE_T VirtualMemoryThreshold;
SIZE_T InitialCommit;
SIZE_T InitialReserve;
PRTL_HEAP_COMMIT_ROUTINE CommitRoutine;
SIZE_T Reserved[2];
} RTL_HEAP_PARAMETERS;
typedef RTL_HEAP_PARAMETERS *PRTL_HEAP_PARAMETERS;
/* String callbacks */
typedef PVOID (NTAPI RTL_ALLOCATE_STRING_ROUTINE)( SIZE_T );
#if (_WIN32_WINNT >= 0x0600)
typedef PVOID (NTAPI RTL_REALLOCATE_STRING_ROUTINE)( SIZE_T, PVOID );
#endif
typedef VOID (NTAPI RTL_FREE_STRING_ROUTINE)( PVOID );
typedef RTL_ALLOCATE_STRING_ROUTINE *PRTL_ALLOCATE_STRING_ROUTINE;
#if (_WIN32_WINNT >= 0x0600)
typedef RTL_REALLOCATE_STRING_ROUTINE *PRTL_REALLOCATE_STRING_ROUTINE;
#endif
typedef RTL_FREE_STRING_ROUTINE *PRTL_FREE_STRING_ROUTINE;
/* Generate name context */
typedef struct _GENERATE_NAME_CONTEXT {
USHORT Checksum;
BOOLEAN ChecksumInserted;
UCHAR NameLength;
WCHAR NameBuffer[8];
ULONG ExtensionLength;
WCHAR ExtensionBuffer[4];
ULONG LastIndexValue;
} GENERATE_NAME_CONTEXT;
typedef GENERATE_NAME_CONTEXT *PGENERATE_NAME_CONTEXT;
/* Prefix table entry */
typedef struct _PREFIX_TABLE_ENTRY {
CSHORT NodeTypeCode;
CSHORT NameLength;
struct _PREFIX_TABLE_ENTRY *NextPrefixTree;
RTL_SPLAY_LINKS Links;
PSTRING Prefix;
} PREFIX_TABLE_ENTRY;
typedef PREFIX_TABLE_ENTRY *PPREFIX_TABLE_ENTRY;
/* Prefix table */
typedef struct _PREFIX_TABLE {
CSHORT NodeTypeCode;
CSHORT NameLength;
PPREFIX_TABLE_ENTRY NextPrefixTree;
} PREFIX_TABLE;
typedef PREFIX_TABLE *PPREFIX_TABLE;
/* Unicode prefix table entry */
typedef struct _UNICODE_PREFIX_TABLE_ENTRY {
CSHORT NodeTypeCode;
CSHORT NameLength;
struct _UNICODE_PREFIX_TABLE_ENTRY *NextPrefixTree;
struct _UNICODE_PREFIX_TABLE_ENTRY *CaseMatch;
RTL_SPLAY_LINKS Links;
PUNICODE_STRING Prefix;
} UNICODE_PREFIX_TABLE_ENTRY;
typedef UNICODE_PREFIX_TABLE_ENTRY *PUNICODE_PREFIX_TABLE_ENTRY;
/* Unicode prefix table */
typedef struct _UNICODE_PREFIX_TABLE {
CSHORT NodeTypeCode;
CSHORT NameLength;
PUNICODE_PREFIX_TABLE_ENTRY NextPrefixTree;
PUNICODE_PREFIX_TABLE_ENTRY LastNextEntry;
} UNICODE_PREFIX_TABLE;
typedef UNICODE_PREFIX_TABLE *PUNICODE_PREFIX_TABLE;
/* Compressed data information */
typedef struct _COMPRESSED_DATA_INFO {
USHORT CompressionFormatAndEngine;
UCHAR CompressionUnitShift;
UCHAR ChunkShift;
UCHAR ClusterShift;
UCHAR Reserved;
USHORT NumberOfChunks;
ULONG CompressedChunkSizes[ANYSIZE_ARRAY];
} COMPRESSED_DATA_INFO;
typedef COMPRESSED_DATA_INFO *PCOMPRESSED_DATA_INFO;
/* Security logon types */
typedef enum _SECURITY_LOGON_TYPE {
UndefinedLogonType = 0,
Interactive = 2,
Network = 3,
Batch = 4,
Service = 5,
Proxy = 6,
Unlock = 7,
NetworkCleartxt = 8,
#if (_WIN32_WINNT >= 0x0501)
NewCredentials = 9,
RemoteInteractive = 10,
#if (_WIN32_WINNT >= 0x0502)
CachedInteractive = 11,
CachedRemoteInteractive = 12,
CachedUnlock = 13,
#else
CachedInteractive = 11
#endif
#else
NewCredentials = 9
#endif
} SECURITY_LOGON_TYPE;
typedef SECURITY_LOGON_TYPE *PSECURITY_LOGON_TYPE;
/* MSV1.0 logon submit types */
typedef enum _MSV1_0_LOGON_SUBMIT_TYPE {
MsV1_0InteractiveLogon = 2,
MsV1_0Lm20Logon = 3,
MsV1_0NetworkLogon = 4,
MsV1_0SubAuthLogon = 5,
MsV1_0WorkstationUnlockLogon = 7,
MsV1_0S4ULogon = 12,
MsV1_0VirtualLogon = 82
} MSV1_0_LOGON_SUBMIT_TYPE;
typedef MSV1_0_LOGON_SUBMIT_TYPE *PMSV1_0_LOGON_SUBMIT_TYPE;
/* MSV1.0 profile buffer types */
typedef enum _MSV1_0_PROFILE_BUFFER_TYPE {
MsV1_0InteractiveProfile = 2,
MsV1_0Lm20LogonProfile = 3,
MsV1_0SmartCardProfile = 4
} MSV1_0_PROFILE_BUFFER_TYPE;
typedef MSV1_0_PROFILE_BUFFER_TYPE *PMSV1_0_PROFILE_BUFFER_TYPE;
/* MSV1.0 interactive logon authentication information */
typedef struct _MSV1_0_INTERACTIVE_LOGON {
MSV1_0_LOGON_SUBMIT_TYPE MessageType;
UNICODE_STRING LogonDomainName;
UNICODE_STRING UserName;
UNICODE_STRING Password;
} MSV1_0_INTERACTIVE_LOGON;
typedef MSV1_0_INTERACTIVE_LOGON *PMSV1_0_INTERACTIVE_LOGON;
/* MSV1.0 interactive profile buffer */
typedef struct _MSV1_0_INTERACTIVE_PROFILE {
MSV1_0_PROFILE_BUFFER_TYPE MessageType;
USHORT LogonCount;
USHORT BadPasswordCount;
LARGE_INTEGER LogonTime;
LARGE_INTEGER LogoffTime;
LARGE_INTEGER KickOffTime;
LARGE_INTEGER PasswordLastSet;
LARGE_INTEGER PasswordCanChange;
LARGE_INTEGER PasswordMustChange;
UNICODE_STRING LogonScript;
UNICODE_STRING HomeDirectory;
UNICODE_STRING FullName;
UNICODE_STRING ProfilePath;
UNICODE_STRING HomeDirectoryDrive;
UNICODE_STRING LogonServer;
ULONG UserFlags;
} MSV1_0_INTERACTIVE_PROFILE;
typedef MSV1_0_INTERACTIVE_PROFILE *PMSV1_0_INTERACTIVE_PROFILE;
/* MSV1.0 LAN Manager 2.0 logon authentication information */
typedef struct _MSV1_0_LM20_LOGON {
MSV1_0_LOGON_SUBMIT_TYPE MessageType;
UNICODE_STRING LogonDomainName;
UNICODE_STRING UserName;
UNICODE_STRING Workstation;
UCHAR ChallengeToClient[MSV1_0_CHALLENGE_LENGTH];
STRING CaseSensitiveChallengeResponse;
STRING CaseInsensitiveChallengeResponse;
ULONG ParameterControl;
} MSV1_0_LM20_LOGON;
typedef MSV1_0_LM20_LOGON *PMSV1_0_LM20_LOGON;
/* MSV1.0 subauthentication logon authentication information */
typedef struct _MSV1_0_SUBAUTH_LOGON {
MSV1_0_LOGON_SUBMIT_TYPE MessageType;
UNICODE_STRING LogonDomainName;
UNICODE_STRING UserName;
UNICODE_STRING Workstation;
UCHAR ChallengeToClient[MSV1_0_CHALLENGE_LENGTH];
STRING AuthenticationInfo1;
STRING AuthenticationInfo2;
ULONG ParameterControl;
ULONG SubAuthPackageId;
} MSV1_0_SUBAUTH_LOGON;
typedef MSV1_0_SUBAUTH_LOGON *PMSV1_0_SUBAUTH_LOGON;
/* MSV1.0 S4U logon authentication information */
#if (_WIN32_WINNT >= 0x0600)
typedef struct _MSV1_0_S4U_LOGON {
MSV1_0_LOGON_SUBMIT_TYPE MessageType;
ULONG Flags;
UNICODE_STRING UserPrincipalName;
UNICODE_STRING DomainName;
} MSV1_0_S4U_LOGON;
typedef MSV1_0_S4U_LOGON *PMSV1_0_S4U_LOGON;
#endif
/* MSV1.0 LAN Manager 2.0 logon profile buffer */
typedef struct _MSV1_0_LM20_LOGON_PROFILE {
MSV1_0_PROFILE_BUFFER_TYPE MessageType;
LARGE_INTEGER KickOffTime;
LARGE_INTEGER LogoffTime;
ULONG UserFlags;
UCHAR UserSessionKey[MSV1_0_USER_SESSION_KEY_LENGTH];
UNICODE_STRING LogonDomainName;
UCHAR LanmanSessionKey[MSV1_0_LANMAN_SESSION_KEY_LENGTH];
UNICODE_STRING LogonServer;
UNICODE_STRING UserParameters;
} MSV1_0_LM20_LOGON_PROFILE;
typedef MSV1_0_LM20_LOGON_PROFILE *PMSV1_0_LM20_LOGON_PROFILE;
/* MSV1.0 supplemental credential */
typedef struct _MSV1_0_SUPPLEMENTAL_CREDENTIAL {
ULONG Version;
ULONG Flags;
UCHAR LmPassword[MSV1_0_OWF_PASSWORD_LENGTH];
UCHAR NtPassword[MSV1_0_OWF_PASSWORD_LENGTH];
} MSV1_0_SUPPLEMENTAL_CREDENTIAL;
typedef MSV1_0_SUPPLEMENTAL_CREDENTIAL *PMSV1_0_SUPPLEMENTAL_CREDENTIAL;
/* MSV1.0 NTLM3 response */
typedef struct _MSV1_0_NTLM3_RESPONSE {
UCHAR Response[MSV1_0_NTLM3_RESPONSE_LENGTH];
UCHAR RespType;
UCHAR HiRespType;
USHORT Flags;
ULONG MsgWord;
ULONGLONG TimeStamp;
UCHAR ChallengeFromClient[MSV1_0_CHALLENGE_LENGTH];
ULONG AvPairsOff;
UCHAR Buffer[1];
} MSV1_0_NTLM3_RESPONSE;
typedef MSV1_0_NTLM3_RESPONSE *PMSV1_0_NTLM3_RESPONSE;
/* MSV1.0 AV identifiers */
typedef enum {
MsvAvEOL = 0,
MsvAvNbComputerName = 1,
MsvAvNbDomainName = 2,
MsvAvDnsComputerName = 3,
MsvAvDnsDomainName = 4,
#if (_WIN32_WINNT >= 0x0501)
MsvAvDnsTreeName = 5,
MsvAvFlags = 6,
#endif
#if (_WIN32_WINNT >= 0x0600)
MsvAvTimestamp = 7,
MsvAvRestrictions = 8,
MsvAvTargetName = 9,
MsvAvChannelBindings = 10
#endif
} MSV1_0_AVID;
/* MSV1.0 AV pair */
typedef struct _MSV1_0_AV_PAIR {
USHORT AvId;
USHORT AvLen;
} MSV1_0_AV_PAIR;
typedef MSV1_0_AV_PAIR *PMSV1_0_AV_PAIR;
/* MSV1.0 protocol message types */
typedef enum _MSV1_0_PROTOCOL_MESSAGE_TYPE {
MsV1_0Lm20ChallengeRequest = 0,
MsV1_0Lm20GetChallengeResponse = 1,
MsV1_0EnumerateUsers = 2,
MsV1_0GetUserInfo = 3,
MsV1_0ReLogonUsers = 4,
MsV1_0ChangePassword = 5,
MsV1_0ChangeCachedPassword = 6,
MsV1_0GenericPassthrough = 7,
MsV1_0CacheLogon = 8,
MsV1_0SubAuth = 9,
MsV1_0DeriveCredential = 10,
MsV1_0CacheLookup = 11,
#if (_WIN32_WINNT >= 0x0501)
MsV1_0SetProcessOption = 12,
#endif
#if (_WIN32_WINNT >= 0x0600)
MsV1_0ConfigLocalAliases = 13,
MsV1_0ClearCachedCredentials = 14
#endif
} MSV1_0_PROTOCOL_MESSAGE_TYPE;
/* MSV1.0 LAN Manager 2.0 challenge request */
typedef struct _MSV1_0_LM20_CHALLENGE_REQUEST {
MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType;
} MSV1_0_LM20_CHALLENGE_REQUEST;
typedef MSV1_0_LM20_CHALLENGE_REQUEST *PMSV1_0_LM20_CHALLENGE_REQUEST;
/* MSV1.0 LAN Manager 2.0 challenge response */
typedef struct _MSV1_0_LM20_CHALLENGE_RESPONSE {
MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType;
UCHAR ChallengeToClient[MSV1_0_CHALLENGE_LENGTH];
} MSV1_0_LM20_CHALLENGE_RESPONSE;
typedef MSV1_0_LM20_CHALLENGE_RESPONSE *PMSV1_0_LM20_CHALLENGE_RESPONSE;
/* MSV1.0 get challenge response request (version 1) */
typedef struct _MSV1_0_GETCHALLENRESP_REQUEST_V1 {
MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType;
ULONG ParameterControl;
LUID LogonId;
UNICODE_STRING Password;
UCHAR ChallengeToClient[MSV1_0_CHALLENGE_LENGTH];
} MSV1_0_GETCHALLENRESP_REQUEST_V1;
typedef MSV1_0_GETCHALLENRESP_REQUEST_V1 *PMSV1_0_GETCHALLENRESP_REQUEST_V1;
/* MSV1.0 get challenge response request */
typedef struct _MSV1_0_GETCHALLENRESP_REQUEST {
MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType;
ULONG ParameterControl;
LUID LogonId;
UNICODE_STRING Password;
UCHAR ChallengeToClient[MSV1_0_CHALLENGE_LENGTH];
UNICODE_STRING UserName;
UNICODE_STRING LogonDomainName;
UNICODE_STRING ServerName;
} MSV1_0_GETCHALLENRESP_REQUEST;
typedef MSV1_0_GETCHALLENRESP_REQUEST *PMSV1_0_GETCHALLENRESP_REQUEST;
/* MSV1.0 get challenge response response */
typedef struct _MSV1_0_GETCHALLENRESP_RESPONSE {
MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType;
STRING CaseSensitiveChallengeResponse;
STRING CaseInsensitiveChallengeResponse;
UNICODE_STRING UserName;
UNICODE_STRING LogonDomainName;
UCHAR UserSessionKey[MSV1_0_USER_SESSION_KEY_LENGTH];
UCHAR LanmanSessionKey[MSV1_0_LANMAN_SESSION_KEY_LENGTH];
} MSV1_0_GETCHALLENRESP_RESPONSE;
typedef MSV1_0_GETCHALLENRESP_RESPONSE *PMSV1_0_GETCHALLENRESP_RESPONSE;
/* MSV1.0 enumerate users request */
typedef struct _MSV1_0_ENUMUSERS_REQUEST {
MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType;
} MSV1_0_ENUMUSERS_REQUEST;
typedef MSV1_0_ENUMUSERS_REQUEST *PMSV1_0_ENUMUSERS_REQUEST;
/* MSV1.0 enumerate users response */
typedef struct _MSV1_0_ENUMUSERS_RESPONSE {
MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType;
ULONG NumberOfLoggedOnUsers;
PLUID LogonIds;
PULONG EnumHandles;
} MSV1_0_ENUMUSERS_RESPONSE;
typedef MSV1_0_ENUMUSERS_RESPONSE *PMSV1_0_ENUMUSERS_RESPONSE;
/* MSV1.0 get user information request */
typedef struct _MSV1_0_GETUSERINFO_REQUEST {
MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType;
LUID LogonId;
} MSV1_0_GETUSERINFO_REQUEST;
typedef MSV1_0_GETUSERINFO_REQUEST *PMSV1_0_GETUSERINFO_REQUEST;
/* MSV1.0 get user information response */
typedef struct _MSV1_0_GETUSERINFO_RESPONSE {
MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType;
PSID UserSid;
UNICODE_STRING UserName;
UNICODE_STRING LogonDomainName;
UNICODE_STRING LogonServer;
SECURITY_LOGON_TYPE LogonType;
} MSV1_0_GETUSERINFO_RESPONSE;
typedef MSV1_0_GETUSERINFO_RESPONSE *PMSV1_0_GETUSERINFO_RESPONSE;
/* File change notification information */
typedef struct _FILE_NOTIFY_INFORMATION {
ULONG NextEntryOffset;
ULONG Action;
ULONG FileNameLength;
WCHAR FileName[1];
} FILE_NOTIFY_INFORMATION;
typedef FILE_NOTIFY_INFORMATION *PFILE_NOTIFY_INFORMATION;
/* File directory information */
typedef struct _FILE_DIRECTORY_INFORMATION {
ULONG NextEntryOffset;
ULONG FileIndex;
LARGE_INTEGER CreationTime;
LARGE_INTEGER LastAccessTime;
LARGE_INTEGER LastWriteTime;
LARGE_INTEGER ChangeTime;
LARGE_INTEGER EndOfFile;
LARGE_INTEGER AllocationSize;
ULONG FileAttributes;
ULONG FileNameLength;
WCHAR FileName[1];
} FILE_DIRECTORY_INFORMATION;
typedef FILE_DIRECTORY_INFORMATION *PFILE_DIRECTORY_INFORMATION;
/* File full directory information */
typedef struct _FILE_FULL_DIR_INFORMATION {
ULONG NextEntryOffset;
ULONG FileIndex;
LARGE_INTEGER CreationTime;
LARGE_INTEGER LastAccessTime;
LARGE_INTEGER LastWriteTime;
LARGE_INTEGER ChangeTime;
LARGE_INTEGER EndOfFile;
LARGE_INTEGER AllocationSize;
ULONG FileAttributes;
ULONG FileNameLength;
ULONG EaSize;
WCHAR FileName[1];
} FILE_FULL_DIR_INFORMATION;
typedef FILE_FULL_DIR_INFORMATION *PFILE_FULL_DIR_INFORMATION;
/* File identifier full directory information */
typedef struct _FILE_ID_FULL_DIR_INFORMATION {
ULONG NextEntryOffset;
ULONG FileIndex;
LARGE_INTEGER CreationTime;
LARGE_INTEGER LastAccessTime;
LARGE_INTEGER LastWriteTime;
LARGE_INTEGER ChangeTime;
LARGE_INTEGER EndOfFile;
LARGE_INTEGER AllocationSize;
ULONG FileAttributes;
ULONG FileNameLength;
ULONG EaSize;
LARGE_INTEGER FileId;
WCHAR FileName[1];
} FILE_ID_FULL_DIR_INFORMATION;
typedef FILE_ID_FULL_DIR_INFORMATION *PFILE_ID_FULL_DIR_INFORMATION;
/* File both directory information */
typedef struct _FILE_BOTH_DIR_INFORMATION {
ULONG NextEntryOffset;
ULONG FileIndex;
LARGE_INTEGER CreationTime;
LARGE_INTEGER LastAccessTime;
LARGE_INTEGER LastWriteTime;
LARGE_INTEGER ChangeTime;
LARGE_INTEGER EndOfFile;
LARGE_INTEGER AllocationSize;
ULONG FileAttributes;
ULONG FileNameLength;
ULONG EaSize;
CCHAR ShortNameLength;
WCHAR ShortName[12];
WCHAR FileName[1];
} FILE_BOTH_DIR_INFORMATION;
typedef FILE_BOTH_DIR_INFORMATION *PFILE_BOTH_DIR_INFORMATION;
/* File identifier both directory information */
typedef struct _FILE_ID_BOTH_DIR_INFORMATION {
ULONG NextEntryOffset;
ULONG FileIndex;
LARGE_INTEGER CreationTime;
LARGE_INTEGER LastAccessTime;
LARGE_INTEGER LastWriteTime;
LARGE_INTEGER ChangeTime;
LARGE_INTEGER EndOfFile;
LARGE_INTEGER AllocationSize;
ULONG FileAttributes;
ULONG FileNameLength;
ULONG EaSize;
CCHAR ShortNameLength;
WCHAR ShortName[12];
LARGE_INTEGER FileId;
WCHAR FileName[1];
} FILE_ID_BOTH_DIR_INFORMATION;
typedef FILE_ID_BOTH_DIR_INFORMATION *PFILE_ID_BOTH_DIR_INFORMATION;
/* File names information */
typedef struct _FILE_NAMES_INFORMATION {
ULONG NextEntryOffset;
ULONG FileIndex;
ULONG FileNameLength;
WCHAR FileName[1];
} FILE_NAMES_INFORMATION;
typedef FILE_NAMES_INFORMATION *PFILE_NAMES_INFORMATION;
/* File identifier global transaction directory information */
typedef struct _FILE_ID_GLOBAL_TX_DIR_INFORMATION {
ULONG NextEntryOffset;
ULONG FileIndex;
LARGE_INTEGER CreationTime;
LARGE_INTEGER LastAccessTime;
LARGE_INTEGER LastWriteTime;
LARGE_INTEGER ChangeTime;
LARGE_INTEGER EndOfFile;
LARGE_INTEGER AllocationSize;
ULONG FileAttributes;
ULONG FileNameLength;
LARGE_INTEGER FileId;
GUID LockingTransactionId;
ULONG TxInfoFlags;
WCHAR FileName[1];
} FILE_ID_GLOBAL_TX_DIR_INFORMATION;
typedef FILE_ID_GLOBAL_TX_DIR_INFORMATION *PFILE_ID_GLOBAL_TX_DIR_INFORMATION;
/* File object identifier information */
typedef struct _FILE_OBJECTID_INFORMATION {
LONGLONG FileReference;
UCHAR ObjectId[16];
union {
struct {
UCHAR BirthVolumeId[16];
UCHAR BirthObjectId[16];
UCHAR DomainId[16];
};
UCHAR ExtendedInfo[48];
};
} FILE_OBJECTID_INFORMATION;
typedef FILE_OBJECTID_INFORMATION *PFILE_OBJECTID_INFORMATION;
/* File internal information */
typedef struct _FILE_INTERNAL_INFORMATION {
LARGE_INTEGER IndexNumber;
} FILE_INTERNAL_INFORMATION;
typedef FILE_INTERNAL_INFORMATION *PFILE_INTERNAL_INFORMATION;
/* File extended attribute information */
typedef struct _FILE_EA_INFORMATION {
ULONG EaSize;
} FILE_EA_INFORMATION;
typedef FILE_EA_INFORMATION *PFILE_EA_INFORMATION;
/* File access information */
typedef struct _FILE_ACCESS_INFORMATION {
ACCESS_MASK AccessFlags;
} FILE_ACCESS_INFORMATION;
typedef FILE_ACCESS_INFORMATION *PFILE_ACCESS_INFORMATION;
/* File mode information */
typedef struct _FILE_MODE_INFORMATION {
ULONG Mode;
} FILE_MODE_INFORMATION;
typedef FILE_MODE_INFORMATION *PFILE_MODE_INFORMATION;
/* File all information */
typedef struct _FILE_ALL_INFORMATION {
FILE_BASIC_INFORMATION BasicInformation;
FILE_STANDARD_INFORMATION StandardInformation;
FILE_INTERNAL_INFORMATION InternalInformation;
FILE_EA_INFORMATION EaInformation;
FILE_ACCESS_INFORMATION AccessInformation;
FILE_POSITION_INFORMATION PositionInformation;
FILE_MODE_INFORMATION ModeInformation;
FILE_ALIGNMENT_INFORMATION AlignmentInformation;
FILE_NAME_INFORMATION NameInformation;
} FILE_ALL_INFORMATION;
typedef FILE_ALL_INFORMATION *PFILE_ALL_INFORMATION;
/* File allocation information */
typedef struct _FILE_ALLOCATION_INFORMATION {
LARGE_INTEGER AllocationSize;
} FILE_ALLOCATION_INFORMATION;
typedef FILE_ALLOCATION_INFORMATION *PFILE_ALLOCATION_INFORMATION;
/* File compression information */
typedef struct _FILE_COMPRESSION_INFORMATION {
LARGE_INTEGER CompressedFileSize;
USHORT CompressionFormat;
UCHAR CompressionUnitShift;
UCHAR ChunkShift;
UCHAR ClusterShift;
UCHAR Reserved[3];
} FILE_COMPRESSION_INFORMATION;
typedef FILE_COMPRESSION_INFORMATION *PFILE_COMPRESSION_INFORMATION;
/* File link information */
typedef struct _FILE_LINK_INFORMATION {
BOOLEAN ReplaceIfExists;
HANDLE RootDirectory;
ULONG FileNameLength;
WCHAR FileName[1];
} FILE_LINK_INFORMATION;
typedef FILE_LINK_INFORMATION *PFILE_LINK_INFORMATION;
/* File move cluster information */
typedef struct _FILE_MOVE_CLUSTER_INFORMATION {
ULONG ClusterCount;
HANDLE RootDirectory;
ULONG FileNameLength;
WCHAR FileName[1];
} FILE_MOVE_CLUSTER_INFORMATION;
typedef FILE_MOVE_CLUSTER_INFORMATION *PFILE_MOVE_CLUSTER_INFORMATION;
/* File rename information */
typedef struct _FILE_RENAME_INFORMATION {
BOOLEAN ReplaceIfExists;
HANDLE RootDirectory;
ULONG FileNameLength;
WCHAR FileName[1];
} FILE_RENAME_INFORMATION;
typedef FILE_RENAME_INFORMATION *PFILE_RENAME_INFORMATION;
/* File stream information */
typedef struct _FILE_STREAM_INFORMATION {
ULONG NextEntryOffset;
ULONG StreamNameLength;
LARGE_INTEGER StreamSize;
LARGE_INTEGER StreamAllocationSize;
WCHAR StreamName[1];
} FILE_STREAM_INFORMATION;
typedef FILE_STREAM_INFORMATION *PFILE_STREAM_INFORMATION;
/* File tracking information */
typedef struct _FILE_TRACKING_INFORMATION {
HANDLE DestinationFile;
ULONG ObjectInformationLength;
CHAR ObjectInformation[1];
} FILE_TRACKING_INFORMATION;
typedef FILE_TRACKING_INFORMATION *PFILE_TRACKING_INFORMATION;
/* File completion information */
typedef struct _FILE_COMPLETION_INFORMATION {
HANDLE Port;
PVOID Key;
} FILE_COMPLETION_INFORMATION;
typedef FILE_COMPLETION_INFORMATION *PFILE_COMPLETION_INFORMATION;
/* File pipe information */
typedef struct _FILE_PIPE_INFORMATION {
ULONG ReadMode;
ULONG CompletionMode;
} FILE_PIPE_INFORMATION;
typedef FILE_PIPE_INFORMATION *PFILE_PIPE_INFORMATION;
/* File pipe local information */
typedef struct _FILE_PIPE_LOCAL_INFORMATION {
ULONG NamedPipeType;
ULONG NamedPipeConfiguration;
ULONG MaximumInstances;
ULONG CurrentInstances;
ULONG InboundQuota;
ULONG ReadDataAvailable;
ULONG OutboundQuota;
ULONG WriteDataAvailable;
ULONG NamedPipeState;
ULONG NamedPipeEnd;
} FILE_PIPE_LOCAL_INFORMATION;
typedef FILE_PIPE_LOCAL_INFORMATION *PFILE_PIPE_LOCAL_INFORMATION;
/* File pipe remote information */
typedef struct _FILE_PIPE_REMOTE_INFORMATION {
LARGE_INTEGER CollectDataTime;
ULONG MaximumCollectionCount;
} FILE_PIPE_REMOTE_INFORMATION;
typedef FILE_PIPE_REMOTE_INFORMATION *PFILE_PIPE_REMOTE_INFORMATION;
/* File mailslot query information */
typedef struct _FILE_MAILSLOT_QUERY_INFORMATION {
ULONG MaximumMessageSize;
ULONG MailslotQuota;
ULONG NextMessageSize;
ULONG MessagesAvailable;
LARGE_INTEGER ReadTimeout;
} FILE_MAILSLOT_QUERY_INFORMATION;
typedef FILE_MAILSLOT_QUERY_INFORMATION *PFILE_MAILSLOT_QUERY_INFORMATION;
/* File mailslot set information */
typedef struct _FILE_MAILSLOT_SET_INFORMATION {
PLARGE_INTEGER ReadTimeout;
} FILE_MAILSLOT_SET_INFORMATION;
typedef FILE_MAILSLOT_SET_INFORMATION *PFILE_MAILSLOT_SET_INFORMATION;
/* File reparse point information */
typedef struct _FILE_REPARSE_POINT_INFORMATION {
LONGLONG FileReference;
ULONG Tag;
} FILE_REPARSE_POINT_INFORMATION;
typedef FILE_REPARSE_POINT_INFORMATION *PFILE_REPARSE_POINT_INFORMATION;
/* File link entry information */
typedef struct _FILE_LINK_ENTRY_INFORMATION {
ULONG NextEntryOffset;
LONGLONG ParentFileId;
ULONG FileNameLength;
WCHAR FileName[1];
} FILE_LINK_ENTRY_INFORMATION;
typedef FILE_LINK_ENTRY_INFORMATION *PFILE_LINK_ENTRY_INFORMATION;
/* File links information */
typedef struct _FILE_LINKS_INFORMATION {
ULONG BytesNeeded;
ULONG EntriesReturned;
FILE_LINK_ENTRY_INFORMATION Entry;
} FILE_LINKS_INFORMATION;
typedef FILE_LINKS_INFORMATION *PFILE_LINKS_INFORMATION;
/* File network physical name information */
typedef struct _FILE_NETWORK_PHYSICAL_NAME_INFORMATION {
ULONG FileNameLength;
WCHAR FileName[1];
} FILE_NETWORK_PHYSICAL_NAME_INFORMATION;
typedef FILE_NETWORK_PHYSICAL_NAME_INFORMATION *PFILE_NETWORK_PHYSICAL_NAME_INFORMATION;
/* File standard link information */
typedef struct _FILE_STANDARD_LINK_INFORMATION {
ULONG NumberOfAccessibleLinks;
ULONG TotalNumberOfLinks;
BOOLEAN DeletePending;
BOOLEAN Directory;
} FILE_STANDARD_LINK_INFORMATION;
typedef FILE_STANDARD_LINK_INFORMATION *PFILE_STANDARD_LINK_INFORMATION;
/* File get extended attributes information */
typedef struct _FILE_GET_EA_INFORMATION {
ULONG NextEntryOffset;
UCHAR EaNameLength;
CHAR EaName[1];
} FILE_GET_EA_INFORMATION;
typedef FILE_GET_EA_INFORMATION *PFILE_GET_EA_INFORMATION;
/* File remote protocol information */
typedef struct _FILE_REMOTE_PROTOCOL_INFORMATION {
USHORT SignatureVersion;
USHORT SignatureSize;
ULONG Protocol;
USHORT ProtocolMajorVersion;
USHORT ProtocolMinorVersion;
USHORT ProtocolRevision;
USHORT Reserved;
ULONG Flags;
struct {
ULONG Reserved[8];
} GenericReserved;
struct {
ULONG Reserved[16];
} ProtocolSpecificReserved;
} FILE_REMOTE_PROTOCOL_INFORMATION;
typedef FILE_REMOTE_PROTOCOL_INFORMATION *PFILE_REMOTE_PROTOCOL_INFORMATION;
/* File get quota information */
typedef struct _FILE_GET_QUOTA_INFORMATION {
ULONG NextEntryOffset;
ULONG SidLength;
SID Sid;
} FILE_GET_QUOTA_INFORMATION;
typedef FILE_GET_QUOTA_INFORMATION *PFILE_GET_QUOTA_INFORMATION;
/* File quota information */
typedef struct _FILE_QUOTA_INFORMATION {
ULONG NextEntryOffset;
ULONG SidLength;
LARGE_INTEGER ChangeTime;
LARGE_INTEGER QuotaUsed;
LARGE_INTEGER QuotaThreshold;
LARGE_INTEGER QuotaLimit;
SID Sid;
} FILE_QUOTA_INFORMATION;
typedef FILE_QUOTA_INFORMATION *PFILE_QUOTA_INFORMATION;
/* File system attribute information */
typedef struct _FILE_FS_ATTRIBUTE_INFORMATION {
ULONG FileSystemAttributes;
LONG MaximumComponentNameLength;
ULONG FileSystemNameLength;
WCHAR FileSystemName[1];
} FILE_FS_ATTRIBUTE_INFORMATION;
typedef FILE_FS_ATTRIBUTE_INFORMATION *PFILE_FS_ATTRIBUTE_INFORMATION;
/* File system driver path information */
typedef struct _FILE_FS_DRIVER_PATH_INFORMATION {
BOOLEAN DriverInPath;
ULONG DriverNameLength;
WCHAR DriverName[1];
} FILE_FS_DRIVER_PATH_INFORMATION;
typedef FILE_FS_DRIVER_PATH_INFORMATION *PFILE_FS_DRIVER_PATH_INFORMATION;
/* File system volume flags information */
typedef struct _FILE_FS_VOLUME_FLAGS_INFORMATION {
ULONG Flags;
} FILE_FS_VOLUME_FLAGS_INFORMATION;
typedef FILE_FS_VOLUME_FLAGS_INFORMATION *PFILE_FS_VOLUME_FLAGS_INFORMATION;
/* FSCTL_IS_CSV_FILE parameters */
#if (_WIN32_WINNT >= 0x0601)
typedef struct _CSV_NAMESPACE_INFO {
ULONG Version;
ULONG DeviceNumber;
LARGE_INTEGER StartingOffset;
ULONG SectorSize;
} CSV_NAMESPACE_INFO;
typedef CSV_NAMESPACE_INFO *PCSV_NAMESPACE_INFO;
#endif
/* File system control information */
typedef struct _FILE_FS_CONTROL_INFORMATION {
LARGE_INTEGER FreeSpaceStartFiltering;
LARGE_INTEGER FreeSpaceThreshold;
LARGE_INTEGER FreeSpaceStopFiltering;
LARGE_INTEGER DefaultQuotaThreshold;
LARGE_INTEGER DefaultQuotaLimit;
ULONG FileSystemControlFlags;
} FILE_FS_CONTROL_INFORMATION;
typedef FILE_FS_CONTROL_INFORMATION *PFILE_FS_CONTROL_INFORMATION;
/* Path name buffer */
typedef struct _PATHNAME_BUFFER {
ULONG PathNameLength;
WCHAR Name[1];
} PATHNAME_BUFFER;
typedef PATHNAME_BUFFER *PPATHNAME_BUFFER;
/* IOCTL_QUERY_FAT_BPB returned data */
typedef struct _FSCTL_QUERY_FAT_BPB_BUFFER {
UCHAR First0x24BytesOfBootSector[0x24];
} FSCTL_QUERY_FAT_BPB_BUFFER;
typedef FSCTL_QUERY_FAT_BPB_BUFFER *PFSCTL_QUERY_FAT_BPB_BUFFER;
/* NTFS volume data buffer */
#if (_WIN32_WINNT >= 0x0400)
typedef struct {
LARGE_INTEGER VolumeSerialNumber;
LARGE_INTEGER NumberSectors;
LARGE_INTEGER TotalClusters;
LARGE_INTEGER FreeClusters;
LARGE_INTEGER TotalReserved;
ULONG BytesPerSector;
ULONG BytesPerCluster;
ULONG BytesPerFileRecordSegment;
ULONG ClustersPerFileRecordSegment;
LARGE_INTEGER MftValidDataLength;
LARGE_INTEGER MftStartLcn;
LARGE_INTEGER Mft2StartLcn;
LARGE_INTEGER MftZoneStart;
LARGE_INTEGER MftZoneEnd;
} NTFS_VOLUME_DATA_BUFFER;
typedef NTFS_VOLUME_DATA_BUFFER *PNTFS_VOLUME_DATA_BUFFER;
#endif
/* NTFS extended volume data */
#if (_WIN32_WINNT >= 0x0400)
typedef struct {
ULONG ByteCount;
USHORT MajorVersion;
USHORT MinorVersion;
} NTFS_EXTENDED_VOLUME_DATA;
typedef NTFS_EXTENDED_VOLUME_DATA *PNTFS_EXTENDED_VOLUME_DATA;
#endif
/* Starting LCN input buffer */
#if (_WIN32_WINNT >= 0x0400)
typedef struct {
LARGE_INTEGER StartingLcn;
} STARTING_LCN_INPUT_BUFFER;
typedef STARTING_LCN_INPUT_BUFFER *PSTARTING_LCN_INPUT_BUFFER;
#endif
/* Volume bitmap buffer */
#if (_WIN32_WINNT >= 0x0400)
typedef struct {
LARGE_INTEGER StartingLcn;
LARGE_INTEGER BitmapSize;
UCHAR Buffer[1];
} VOLUME_BITMAP_BUFFER;
typedef VOLUME_BITMAP_BUFFER *PVOLUME_BITMAP_BUFFER;
#endif
/* Starting VCN input buffer */
#if (_WIN32_WINNT >= 0x0400)
typedef struct {
LARGE_INTEGER StartingVcn;
} STARTING_VCN_INPUT_BUFFER;
typedef STARTING_VCN_INPUT_BUFFER *PSTARTING_VCN_INPUT_BUFFER;
#endif
/* Retrieval pointers buffer */
#if (_WIN32_WINNT >= 0x0400)
typedef struct RETRIEVAL_POINTERS_BUFFER {
ULONG ExtentCount;
LARGE_INTEGER StartingVcn;
struct {
LARGE_INTEGER NextVcn;
LARGE_INTEGER Lcn;
} Extents[1];
} RETRIEVAL_POINTERS_BUFFER;
typedef RETRIEVAL_POINTERS_BUFFER *PRETRIEVAL_POINTERS_BUFFER;
#endif
/* NTFS file record input buffer */
#if (_WIN32_WINNT >= 0x0400)
typedef struct {
LARGE_INTEGER FileReferenceNumber;
} NTFS_FILE_RECORD_INPUT_BUFFER;
typedef NTFS_FILE_RECORD_INPUT_BUFFER *PNTFS_FILE_RECORD_INPUT_BUFFER;
#endif
/* NTFS file record output buffer */
#if (_WIN32_WINNT >= 0x0400)
typedef struct {
LARGE_INTEGER FileReferenceNumber;
ULONG FileRecordLength;
UCHAR FileRecordBuffer[1];
} NTFS_FILE_RECORD_OUTPUT_BUFFER;
typedef NTFS_FILE_RECORD_OUTPUT_BUFFER *PNTFS_FILE_RECORD_OUTPUT_BUFFER;
#endif
/* FSCTL_MOVE_FILE parameters */
#if (_WIN32_WINNT >= 0x0400)
typedef struct {
HANDLE FileHandle;
LARGE_INTEGER StartingVcn;
LARGE_INTEGER StartingLcn;
ULONG ClusterCount;
} MOVE_FILE_DATA;
typedef MOVE_FILE_DATA *PMOVE_FILE_DATA;
#endif
/* FSCTL_MOVE_FILE record data */
#if (_WIN32_WINNT >= 0x0400)
typedef struct {
HANDLE FileHandle;
LARGE_INTEGER SourceFileRecord;
LARGE_INTEGER TargetFileRecord;
} MOVE_FILE_RECORD_DATA;
typedef MOVE_FILE_RECORD_DATA *PMOVE_FILE_RECORD_DATA;
#endif
/* FSCTL_FIND_FILES_BY_SID parameters */
#if (_WIN32_WINNT >= 0x0500)
typedef struct {
ULONG Restart;
SID Sid;
} FIND_BY_SID_DATA;
typedef FIND_BY_SID_DATA *PFIND_BY_SID_DATA;
#endif
/* FSCTL_FIND_FILES_BY_SID returned data */
#if (_WIN32_WINNT >= 0x0500)
typedef struct {
ULONG NextEntryOffset;
ULONG FileIndex;
ULONG FileNameLength;
WCHAR FileName[1];
} FIND_BY_SID_OUTPUT;
typedef FIND_BY_SID_OUTPUT *PFIND_BY_SID_OUTPUT;
#endif
/* FSCTL_ENUM_USN_DATA parameters */
#if (_WIN32_WINNT >= 0x0500)
typedef struct {
ULONGLONG StartFileReferenceNumber;
USN LowUsn;
USN HighUsn;
} MFT_ENUM_DATA;
typedef MFT_ENUM_DATA *PMFT_ENUM_DATA;
#endif
/* FSCTL_CREATE_USN_JOURNAL parameters */
#if (_WIN32_WINNT >= 0x0500)
typedef struct {
ULONGLONG MaximumSize;
ULONGLONG AllocationDelta;
} CREATE_USN_JOURNAL_DATA;
typedef CREATE_USN_JOURNAL_DATA *PCREATE_USN_JOURNAL_DATA;
#endif
/* FSCTL_READ_USN_JOURNAL parameters */
#if (_WIN32_WINNT >= 0x0500)
typedef struct {
USN StartUsn;
ULONG ReasonMask;
ULONG ReturnOnlyOnClose;
ULONGLONG Timeout;
ULONGLONG BytesToWaitFor;
ULONGLONG UsnJournalID;
} READ_USN_JOURNAL_DATA;
typedef READ_USN_JOURNAL_DATA *PREAD_USN_JOURNAL_DATA;
#endif
/* USN record */
#if (_WIN32_WINNT >= 0x0500)
typedef struct {
ULONG RecordLength;
USHORT MajorVersion;
USHORT MinorVersion;
ULONGLONG FileReferenceNumber;
ULONGLONG ParentFileReferenceNumber;
USN Usn;
LARGE_INTEGER TimeStamp;
ULONG Reason;
ULONG SourceInfo;
ULONG SecurityId;
ULONG FileAttributes;
USHORT FileNameLength;
USHORT FileNameOffset;
WCHAR FileName[1];
} USN_RECORD;
typedef USN_RECORD *PUSN_RECORD;
#endif
/* USN journal data */
#if (_WIN32_WINNT >= 0x0500)
typedef struct {
ULONGLONG UsnJournalID;
USN FirstUsn;
USN NextUsn;
USN LowestValidUsn;
USN MaxUsn;
ULONGLONG MaximumSize;
ULONGLONG AllocationDelta;
} USN_JOURNAL_DATA;
typedef USN_JOURNAL_DATA *PUSN_JOURNAL_DATA;
#endif
/* FSCTL_DELETE_USN_JOURNAL parameters */
#if (_WIN32_WINNT >= 0x0500)
typedef struct {
ULONGLONG UsnJournalID;
ULONG DeleteFlags;
} DELETE_USN_JOURNAL_DATA;
typedef DELETE_USN_JOURNAL_DATA *PDELETE_USN_JOURNAL_DATA;
#endif
/* FSCTL_MARK_HANDLE parameters */
#if (_WIN32_WINNT >= 0x0500)
typedef struct {
ULONG UsnSourceInfo;
HANDLE VolumeHandle;
ULONG HandleInfo;
} MARK_HANDLE_INFO;
typedef MARK_HANDLE_INFO *PMARK_HANDLE_INFO;
#endif
/* Bulk security test data */
#if (_WIN32_WINNT >= 0x0500)
typedef struct {
ACCESS_MASK DesiredAccess;
ULONG SecurityIds[1];
} BULK_SECURITY_TEST_DATA;
typedef BULK_SECURITY_TEST_DATA *PBULK_SECURITY_TEST_DATA;
#endif
/* FSCTL_FILE_PREFETCH parameters */
#if (_WIN32_WINNT >= 0x0500)
typedef struct _FILE_PREFETCH {
ULONG Type;
ULONG Count;
ULONGLONG Prefetch[1];
} FILE_PREFETCH;
typedef FILE_PREFETCH *PFILE_PREFETCH;
#endif
/* FSCTL_FILE_PREFETCH parameters (extended version) */
#if (_WIN32_WINNT >= 0x0500)
typedef struct _FILE_PREFETCH_EX {
ULONG Type;
ULONG Count;
PVOID Context;
ULONGLONG Prefetch[1];
} FILE_PREFETCH_EX;
typedef FILE_PREFETCH_EX *PFILE_PREFETCH_EX;
#endif
/* File system statistics */
typedef struct _FILESYSTEM_STATISTICS {
USHORT FileSystemType;
USHORT Version;
ULONG SizeOfCompleteStructure;
ULONG UserFileReads;
ULONG UserFileReadBytes;
ULONG UserDiskReads;
ULONG UserFileWrites;
ULONG UserFileWriteBytes;
ULONG UserDiskWrites;
ULONG MetaDataReads;
ULONG MetaDataReadBytes;
ULONG MetaDataDiskReads;
ULONG MetaDataWrites;
ULONG MetaDataWriteBytes;
ULONG MetaDataDiskWrites;
} FILESYSTEM_STATISTICS;
typedef FILESYSTEM_STATISTICS *PFILESYSTEM_STATISTICS;
/* FAT statistics */
typedef struct _FAT_STATISTICS {
ULONG CreateHits;
ULONG SuccessfulCreates;
ULONG FailedCreates;
ULONG NonCachedReads;
ULONG NonCachedReadBytes;
ULONG NonCachedWrites;
ULONG NonCachedWriteBytes;
ULONG NonCachedDiskReads;
ULONG NonCachedDiskWrites;
} FAT_STATISTICS;
typedef FAT_STATISTICS *PFAT_STATISTICS;
/* Extended FAT statistics */
typedef struct _EXFAT_STATISTICS {
ULONG CreateHits;
ULONG SuccessfulCreates;
ULONG FailedCreates;
ULONG NonCachedReads;
ULONG NonCachedReadBytes;
ULONG NonCachedWrites;
ULONG NonCachedWriteBytes;
ULONG NonCachedDiskReads;
ULONG NonCachedDiskWrites;
} EXFAT_STATISTICS;
typedef EXFAT_STATISTICS *PEXFAT_STATISTICS;
/* NTFS statistics */
typedef struct _NTFS_STATISTICS {
ULONG LogFileFullExceptions;
ULONG OtherExceptions;
ULONG MftReads;
ULONG MftReadBytes;
ULONG MftWrites;
ULONG MftWriteBytes;
struct {
USHORT Write;
USHORT Create;
USHORT SetInfo;
USHORT Flush;
} MftWritesUserLevel;
USHORT MftWritesFlushForLogFileFull;
USHORT MftWritesLazyWriter;
USHORT MftWritesUserRequest;
ULONG Mft2Writes;
ULONG Mft2WriteBytes;
struct {
USHORT Write;
USHORT Create;
USHORT SetInfo;
USHORT Flush;
} Mft2WritesUserLevel;
USHORT Mft2WritesFlushForLogFileFull;
USHORT Mft2WritesLazyWriter;
USHORT Mft2WritesUserRequest;
ULONG RootIndexReads;
ULONG RootIndexReadBytes;
ULONG RootIndexWrites;
ULONG RootIndexWriteBytes;
ULONG BitmapReads;
ULONG BitmapReadBytes;
ULONG BitmapWrites;
ULONG BitmapWriteBytes;
USHORT BitmapWritesFlushForLogFileFull;
USHORT BitmapWritesLazyWriter;
USHORT BitmapWritesUserRequest;
struct {
USHORT Write;
USHORT Create;
USHORT SetInfo;
} BitmapWritesUserLevel;
ULONG MftBitmapReads;
ULONG MftBitmapReadBytes;
ULONG MftBitmapWrites;
ULONG MftBitmapWriteBytes;
USHORT MftBitmapWritesFlushForLogFileFull;
USHORT MftBitmapWritesLazyWriter;
USHORT MftBitmapWritesUserRequest;
struct {
USHORT Write;
USHORT Create;
USHORT SetInfo;
USHORT Flush;
} MftBitmapWritesUserLevel;
ULONG UserIndexReads;
ULONG UserIndexReadBytes;
ULONG UserIndexWrites;
ULONG UserIndexWriteBytes;
ULONG LogFileReads;
ULONG LogFileReadBytes;
ULONG LogFileWrites;
ULONG LogFileWriteBytes;
struct {
ULONG Calls;
ULONG Clusters;
ULONG Hints;
ULONG RunsReturned;
ULONG HintsHonored;
ULONG HintsClustered;
ULONG Cache;
ULONG CacheClusters;
ULONG CacheMiss;
ULONG CacheMissClusters;
} Allocate;
} NTFS_STATISTICS;
typedef NTFS_STATISTICS *PNTFS_STATISTICS;
/* File object identifier buffer */
#if (_WIN32_WINNT >= 0x0500)
typedef struct _FILE_OBJECTID_BUFFER {
UCHAR ObjectId[16];
union {
struct {
UCHAR BirthVolumeId[16];
UCHAR BirthObjectId[16];
UCHAR DomainId[16];
};
UCHAR ExtendedInfo[48];
};
} FILE_OBJECTID_BUFFER;
typedef FILE_OBJECTID_BUFFER *PFILE_OBJECTID_BUFFER;
#endif
/* FSCTL_SET_SPARSE parameters */
#if (_WIN32_WINNT >= 0x0500)
typedef struct _FILE_SET_SPARSE_BUFFER {
BOOLEAN SetSparse;
} FILE_SET_SPARSE_BUFFER;
typedef FILE_SET_SPARSE_BUFFER *PFILE_SET_SPARSE_BUFFER;
#endif
/* FSCTL_SET_ZERO_DATA parameters */
#if (_WIN32_WINNT >= 0x0500)
typedef struct _FILE_ZERO_DATA_INFORMATION {
LARGE_INTEGER FileOffset;
LARGE_INTEGER BeyondFinalZero;
} FILE_ZERO_DATA_INFORMATION;
typedef FILE_ZERO_DATA_INFORMATION *PFILE_ZERO_DATA_INFORMATION;
#endif
/* File allocated range buffer */
#if (_WIN32_WINNT >= 0x0500)
typedef struct _FILE_ALLOCATED_RANGE_BUFFER {
LARGE_INTEGER FileOffset;
LARGE_INTEGER Length;
} FILE_ALLOCATED_RANGE_BUFFER;
typedef FILE_ALLOCATED_RANGE_BUFFER *PFILE_ALLOCATE_RANGE_BUFFER;
#endif
/* Encryption buffer */
#if (_WIN32_WINNT >= 0x0500)
typedef struct _ENCRYPTION_BUFFER {
ULONG EncryptionOperation;
UCHAR Private[1];
} ENCRYPTION_BUFFER;
typedef ENCRYPTION_BUFFER *PENCRYPTION_BUFFER;
#endif
/* Decryption status buffer */
#if (_WIN32_WINNT >= 0x0500)
typedef struct _DECRYPTION_STATUS_BUFFER {
BOOLEAN NoEncryptedStreams;
} DECRYPTION_STATUS_BUFFER;
typedef DECRYPTION_STATUS_BUFFER *PDECRYPTION_STATUS_BUFFER;
#endif
/* Raw encrypted data request information */
#if (_WIN32_WINNT >= 0x0500)
typedef struct _REQUEST_RAW_ENCRYPTED_DATA {
LONGLONG FileOffset;
ULONG Length;
} REQUEST_RAW_ENCRYPTED_DATA;
typedef REQUEST_RAW_ENCRYPTED_DATA *PREQEUST_RAW_ENCRYPTED_DATA;
#endif
/* Encrypted data information */
#if (_WIN32_WINNT >= 0x0500)
typedef struct _ENCRYPTED_DATA_INFO {
ULONGLONG StartingFileOffset;
ULONG OutputBufferOffset;
ULONG BytesWithinFileSize;
ULONG BytesWithinValidDataLength;
USHORT CompressionFormat;
UCHAR DataUnitShift;
UCHAR ChunkShift;
UCHAR ClusterShift;
UCHAR EncryptionFormat;
USHORT NumberOfDataBlocks;
ULONG DataBlockSize[ANYSIZE_ARRAY];
} ENCRYPTED_DATA_INFO;
typedef ENCRYPTED_DATA_INFO *PENCRYPTED_DATA_INFO;
#endif
/* Plex data read request information */
#if (_WIN32_WINNT >= 0x0500)
typedef struct _PLEX_READ_DATA_REQUEST {
LARGE_INTEGER ByteOffset;
ULONG ByteLength;
ULONG PlexNumber;
} PLEX_READ_DATA_REQUEST;
typedef PLEX_READ_DATA_REQUEST *PPLEX_READ_DATA_REQUEST;
#endif
/* FSCTL_SIS_COPYFILE parameters */
#if (_WIN32_WINNT >= 0x0500)
typedef struct _SI_COPYFILE {
ULONG SourceFileNameLength;
ULONG DestinationFileNameLength;
ULONG Flags;
WCHAR FileNameBuffer[1];
} SI_COPYFILE;
typedef SI_COPYFILE *PSI_COPYFILE;
#endif
/* FSCTL_MAKE_MEDIA_COMPATIBLE parameters */
#if (_WIN32_WINNT >= 0x0600)
typedef struct _FILE_MAKE_COMPATIBLE_BUFFER {
BOOLEAN CloseDisc;
} FILE_MAKE_COMPATIBLE_BUFFER;
typedef FILE_MAKE_COMPATIBLE_BUFFER *PFILE_MAKE_COMPATIBLE_BUFFER;
#endif
/* FSCTL_SET_DEFECT_MANAGEMENT parameters */
#if (_WIN32_WINNT >= 0x0600)
typedef struct _FILE_SET_DEFECT_MGMT_BUFFER {
BOOLEAN Disable;
} FILE_SET_DEFECT_MGMT_BUFFER;
typedef FILE_SET_DEFECT_MGMT_BUFFER *PFILE_SET_DEFECT_MGMT_BUFFER;
#endif
/* FSCTL_QUERY_SPARING_INFO returned data */
#if (_WIN32_WINNT >= 0x0600)
typedef struct _FILE_QUERY_SPARING_BUFFER {
ULONG SparingUnitBytes;
BOOLEAN SoftwareSparing;
ULONG TotalSpareBlocks;
ULONG FreeSpareBlocks;
} FILE_QUERY_SPARING_BUFFER;
typedef FILE_QUERY_SPARING_BUFFER *PFILE_QUERY_SPARING_BUFFER;
#endif
/* FSCTL_QUERY_ON_DISK_VOLUME_INFO returned data */
#if (_WIN32_WINNT >= 0x0600)
typedef struct _FILE_QUERY_ON_DISK_VOL_INFO_BUFFER {
LARGE_INTEGER DirectoryCount;
LARGE_INTEGER FileCount;
USHORT FsFormatMajVersion;
USHORT FsFormatMinVersion;
WCHAR FsFormatName[12];
LARGE_INTEGER FormatTime;
LARGE_INTEGER LastUpdateTime;
WCHAR CopyrightInfo[34];
WCHAR AbstractInfo[34];
WCHAR FormattingImplementationInfo[34];
WCHAR LastModifyingImplementationInfo[34];
} FILE_QUERY_ON_DISK_VOL_INFO_BUFFER;
typedef FILE_QUERY_ON_DISK_VOL_INFO_BUFFER *PFILE_QUERY_ON_DISK_VOL_INFO_BUFFER;
#endif
/* FSCTL_SHRINK_VOLUME request types */
#if (_WIN32_WINNT >= 0x0600)
typedef enum _SHRINK_VOLUME_REQUEST_TYPES {
ShrinkPrepare = 1,
ShrinkCommit = 2,
ShrinkAbort = 3
} SHRINK_VOLUME_REQUEST_TYPES;
typedef SHRINK_VOLUME_REQUEST_TYPES *PSHRINK_VOLUME_REQUEST_TYPES;
#endif
/* FSCTL_SHRINK_VOLUME parameters */
#if (_WIN32_WINNT >= 0x0600)
typedef struct _SHRINK_VOLUME_INFORMATION {
SHRINK_VOLUME_REQUEST_TYPES ShrinkRequestType;
ULONGLONG Flags;
LONGLONG NewNumberOfSectors;
} SHRINK_VOLUME_INFORMATION;
typedef SHRINK_VOLUME_INFORMATION *PSHRINK_VOLUME_INFORMATION;
#endif
/* FSCTL_TXFS_MODIFY_RM parameters */
#if (_WIN32_WINNT >= 0x0600)
typedef struct _TXFS_MODIFY_RM {
ULONG Flags;
ULONG LogContainerCountMax;
ULONG LogContainerCountMin;
ULONG LogContainerCount;
ULONG LogGrowthIncrement;
ULONG LogAutoShrinkPercentage;
ULONGLONG Reserved;
USHORT LoggingMode;
} TXFS_MODIFY_RM;
typedef TXFS_MODIFY_RM *PTXFS_MODIFY_RM;
#endif
/* FSCTL_TXFS_QUERY_RM_INFORMATION parameters */
#if (_WIN32_WINNT >= 0x0600)
typedef struct _TXFS_QUERY_RM_INFORMATION {
ULONG BytesRequired;
ULONGLONG TailLsn;
ULONGLONG CurrentLsn;
ULONGLONG ArchiveTailLsn;
ULONGLONG LogContainerSize;
LARGE_INTEGER HighestVirtualClock;
ULONG LogContainerCount;
ULONG LogContainerCountMax;
ULONG LogContainerCountMin;
ULONG LogGrowthIncrement;
ULONG LogAutoShrinkPercentage;
ULONG Flags;
USHORT LoggingMode;
USHORT Reserved;
USHORT RmState;
ULONGLONG LogCapacity;
ULONGLONG LogFree;
ULONGLONG TopsSize;
ULONGLONG TopsUsed;
ULONGLONG TransactionCount;
ULONGLONG OnePCCount;
ULONGLONG TwoPCCount;
ULONGLONG NumberLogFileFull;
ULONGLONG OldestTransactionAge;
GUID RMName;
ULONG TmLogPathOffset;
} TXFS_QUERY_RM_INFORMATION;
typedef TXFS_QUERY_RM_INFORMATION *PTXFS_QUERY_RM_INFORMATION;
#endif
/* FSCTL_TXFS_ROLLFORWARD_REDO parameters */
#if (_WIN32_WINNT >= 0x0600)
typedef struct _TXFS_ROLLFORWARD_REDO_INFORMATION {
LARGE_INTEGER LastVirtualClock;
ULONGLONG LastRedoLsn;
ULONGLONG HighestRecoveryLsn;
ULONG Flags;
} TXFS_ROLLFORWARD_REDO_INFORMATION;
typedef TXFS_ROLLFORWARD_REDO_INFORMATION *PTXFS_ROLLFORWARD_REDO_INFORMATION;
#endif
/* FSCTL_TXFS_STAR_RM parameters */
#if (_WIN32_WINNT >= 0x0600)
typedef struct _TXFS_START_RM_INFORMATION {
ULONG Flags;
ULONGLONG LogContainerSize;
ULONG LogContainerCountMin;
ULONG LogContainerCountMax;
ULONG LogGrowthIncrement;
ULONG LogAutoShrinkPercentage;
ULONG TmLogPathOffset;
USHORT TmLogPathLength;
USHORT LoggingMode;
USHORT LogPathLength;
USHORT Reserved;
WCHAR LogPath[1];
} TXFS_START_RM_INFORMATION;
typedef TXFS_START_RM_INFORMATION *PTXFS_START_RM_INFORMATION;
#endif
/* FSCTL_TXFS_GET_METADATA_INFO returned data */
#if (_WIN32_WINNT >= 0x0600)
typedef struct _TXFS_GET_METADATA_INFO_OUT {
struct {
LONGLONG LowPart;
LONGLONG HighPart;
} TxfFileId;
GUID LockingTransaction;
ULONGLONG LastLsn;
ULONG TransactionState;
} TXFS_GET_METADATA_INFO_OUT;
typedef TXFS_GET_METADATA_INFO_OUT *PTXFS_GET_METADATA_INFO_OUT;
#endif
/* FSCTL_TXFS_LIST_TRANSACTION_LOCKED_FILES entry */
#if (_WIN32_WINNT >= 0x0600)
typedef struct _TXFS_LIST_TRANSACTION_LOCKED_FILES_ENTRY {
ULONGLONG Offset;
ULONG NameFlags;
LONGLONG FileId;
ULONG Reserved1;
ULONG Reserved2;
LONGLONG Reserved3;
WCHAR FileName[1];
} TXFS_LIST_TRANSACTION_LOCKED_FILES_ENTRY;
typedef TXFS_LIST_TRANSACTION_LOCKED_FILES_ENTRY *PTXFS_TRANSACTION_LOCKED_FILES_ENTRY;
#endif
/* FSCTL_TXFS_LIST_TRANSACTION_LOCKED_FILES parameters */
#if (_WIN32_WINNT >= 0x0600)
typedef struct _TXFS_LIST_TRANSACTION_LOCKED_FILES {
GUID KtmTransaction;
ULONGLONG NumberOfFiles;
ULONGLONG BufferSizeRequired;
ULONGLONG Offset;
} TXFS_LIST_TRANSACTION_LOCKED_FILES;
typedef TXFS_LIST_TRANSACTION_LOCKED_FILES *PTXFS_LIST_TRANSACTION_LOCKED_FILES;
#endif
/* FSCTL_TXFS_LIST_TRANSACTIONS entry */
#if (_WIN32_WINNT >= 0x0600)
typedef struct _TXFS_LIST_TRANSACTIONS_ENTRY {
GUID TransactionId;
ULONG TransactionState;
ULONG Reserved1;
ULONG Reserved2;
LONGLONG Reserved3;
} TXFS_LIST_TRANSACTIONS_ENTRY;
typedef TXFS_LIST_TRANSACTIONS_ENTRY *PTXFS_LIST_TRANSACTIONS_ENTRY;
#endif
/* FSCTL_TXFS_LIST_TRANSACTIONS parameters */
#if (_WIN32_WINNT >= 0x0600)
typedef struct _TXFS_LIST_TRANSACTIONS {
ULONGLONG NumberOfTransactions;
ULONGLONG BufferSizeRequired;
} TXFS_LIST_TRANSACTIONS;
typedef TXFS_LIST_TRANSACTIONS *PTXFS_LIST_TRANSACTIONS;
#endif
/* FSCTL_TXFS_READ_BACKUP_INFORMATION returned data */
#if (_WIN32_WINNT >= 0x0600)
typedef struct _TXFS_READ_BACKUP_INFORMATION_OUT {
union {
ULONG BufferLength;
UCHAR Buffer[1];
};
} TXFS_READ_BACKUP_INFORMATION_OUT;
typedef TXFS_READ_BACKUP_INFORMATION_OUT *PTXFS_READ_BACKUP_INFORMATION_OUT;
#endif
/* FSCTL_TXFS_WRITE_BACKUP_INFORMATION parameters */
#if (_WIN32_WINNT >= 0x0600)
typedef struct _TXFS_WRITE_BACKUP_INFORMATION {
UCHAR Buffer[1];
} TXFS_WRITE_BACKUP_INFORMATION;
typedef TXFS_WRITE_BACKUP_INFORMATION *PTXFS_WRITE_BACKUP_INFORMATION;
#endif
/* FSCTL_TXFS_GET_TRANSACTED_VERSION parameters */
#if (_WIN32_WINNT >= 0x0600)
typedef struct _TXFS_GET_TRANSACTED_VERSION {
ULONG ThisBaseVersion;
ULONG LatestVersion;
USHORT ThisMiniVersion;
USHORT FirstMiniVersion;
USHORT LatestMiniVersion;
} TXFS_GET_TRANSACTED_VERSION;
typedef TXFS_GET_TRANSACTED_VERSION *PTXFS_GET_TRANSACTED_VERSION;
#endif
/* FSCTL_TXFS_SAVEPOINT_INFORMATION parameters */
#if (_WIN32_WINNT >= 0x0600)
typedef struct _TXFS_SAVEPOINT_INFORMATION {
HANDLE KtmTransaction;
ULONG ActionCode;
ULONG SavepointId;
} TXFS_SAVEPOINT_INFORMATION;
typedef TXFS_SAVEPOINT_INFORMATION *PTXFS_SAVEPOINT_INFORMATION;
#endif
/* FSCTL_TXFS_CREATE_MINIVERSION returned data */
#if (_WIN32_WINNT >= 0x0600)
typedef struct _TXFS_CREATE_MINIVERSION_INFO {
USHORT StructureVersion;
USHORT StructureLength;
ULONG BaseVersion;
USHORT MiniVersion;
} TXFS_CREATE_MINIVERSION_INFO;
typedef TXFS_CREATE_MINIVERSION_INFO *PTXFS_CREATE_MINIVERSION_INFO;
#endif
/* FSCTL_TXFS_TRANSACTION_ACTIVE returned data */
#if (_WIN32_WINNT >= 0x0600)
typedef struct _TXFS_TRANSACTION_ACTIVE_INFO {
BOOLEAN TransactionsActiveAtSnapshot;
} TXFS_TRANSACTION_ACTIVE_INFO;
typedef TXFS_TRANSACTION_ACTIVE_INFO *PTXFS_TRANSACTION_ACTIVE_INFO;
#endif
/* FSCTL_GET_BOOT_AREA_INFO returned data */
#if (_WIN32_WINNT >= 0x0601)
typedef struct _BOOT_AREA_INFO {
ULONG BootSectorCount;
struct {
LARGE_INTEGER Offset;
} BootSectors[2];
} BOOT_AREA_INFO;
typedef BOOT_AREA_INFO *PBOOT_AREA_INFO;
#endif
/* FSCTL_GET_RETRIEVAL_POINTER_BASE returned data */
#if (_WIN32_WINNT >= 0x0601)
typedef struct _RETRIEVAL_POINTER_BASE {
LARGE_INTEGER FileAreaOffset;
} RETRIEVAL_POINTER_BASE;
typedef RETRIEVAL_POINTER_BASE *PRETRIEVAL_POINTER_BASE;
#endif
/* File system persistent volume information */
#if (_WIN32_WINNT >= 0x0601)
typedef struct _FILE_FS_PERSISTENT_VOLUME_INFORMATION {
ULONG VolumeFlags;
ULONG FlagMask;
ULONG Version;
ULONG Reserved;
} FILE_FS_PERSISTENT_VOLUME_INFORMATION;
typedef FILE_FS_PERSISTENT_VOLUME_INFORMATION *PFILE_FS_PERSISTENT_VOLUME_INFORMATION;
#endif
/* File system recognition information */
#if (_WIN32_WINNT >= 0x0601)
typedef struct _FILE_SYSTEM_RECOGNITION_INFORMATION {
CHAR FileSystem[9];
} FILE_SYSTEM_RECOGNITION_INFORMATION;
typedef FILE_SYSTEM_RECOGNITION_INFORMATION *PFILE_SYSTEM_RECOGNITION_INFORMATION;
#endif
/* FSCTL_REQUEST_OPLOCK parameters */
#if (_WIN32_WINNT >= 0x0601)
typedef struct _REQUEST_OPLOCK_INPUT_BUFFER {
USHORT StructureVersion;
USHORT StructureLength;
ULONG RequestedOplockLevel;
ULONG Flags;
} REQUEST_OPLOCK_INPUT_BUFFER;
typedef REQUEST_OPLOCK_INPUT_BUFFER *PREQUEST_OPLOCK_INPUT_BUFFER;
#endif
/* FSCTL_REQUEST_OPLOCK returned data */
#if (_WIN32_WINNT >= 0x0601)
typedef struct _REQUEST_OPLOCK_OUTPUT_BUFFER {
USHORT StructureVersion;
USHORT StructureLength;
ULONG OriginalOplockLevel;
ULONG NewOplockLevel;
ULONG Flags;
ACCESS_MASK AccessMode;
USHORT ShareMode;
} REQUEST_OPLOCK_OUTPUT_BUFFER;
typedef REQUEST_OPLOCK_OUTPUT_BUFFER *PREQUEST_OPLOCK_OUTPUT_BUFFER;
#endif
/* SD_GLOBAL_CHANGE_TYPE_MACHINE_SID parameters */
#if (_WIN32_WINNT >= 0x0601)
typedef struct _SD_CHANGE_MACHINE_SID_INPUT {
USHORT CurrentMachineSIDOffset;
USHORT CurrentMachineSIDLength;
USHORT NewMachineSIDOffset;
USHORT NewMachineSIDLength;
} SD_CHANGE_MACHINE_SID_INPUT;
typedef SD_CHANGE_MACHINE_SID_INPUT *PSD_CHANGE_MACHINE_SID_INPUT;
#endif
/* SD_GLOBAL_CHANGE_TYPE_MACHINE_SID returned data */
#if (_WIN32_WINNT >= 0x0601)
typedef struct _SD_CHANGE_MACHINE_SID_OUTPUT {
ULONGLONG NumSDChangedSuccess;
ULONGLONG NumSDChangedFail;
ULONGLONG NumSDUnused;
ULONGLONG NumSDTotal;
ULONGLONG NumMftSDChangedSuccess;
ULONGLONG NumMftSDChangedFail;
ULONGLONG NumMftSDTotal;
} SD_CHANGE_MACHINE_SID_OUTPUT;
typedef SD_CHANGE_MACHINE_SID_OUTPUT *PSD_CHANGE_MACHINE_SID_OUTPUT;
#endif
/* FSCTL_SD_GLOBAL_CHANGE parameters */
#if (_WIN32_WINNT >= 0x0601)
typedef struct _SD_GLOBAL_CHANGE_INPUT {
ULONG Flags;
ULONG ChangeType;
union {
SD_CHANGE_MACHINE_SID_INPUT SdChange;
};
} SD_GLOBAL_CHANGE_INPUT;
typedef SD_GLOBAL_CHANGE_INPUT *PSD_GLOBAL_CHANGE_INPUT;
#endif
/* FSCTL_SD_GLOBAL_CHANGE returned data */
#if (_WIN32_WINNT >= 0x0601)
typedef struct _SD_GLOBAL_CHANGE_OUTPUT {
ULONG Flags;
ULONG ChangeType;
union {
SD_CHANGE_MACHINE_SID_OUTPUT SdChange;
};
} SD_GLOBAL_CHANGE_OUTPUT;
typedef SD_GLOBAL_CHANGE_OUTPUT *PSD_GLOBAL_CHANGE_OUTPUT;
#endif
/* Extended encrypted data information */
#if (_WIN32_WINNT >= 0x0601)
typedef struct _EXTENDED_ENCRYPTED_DATA_INFO {
ULONG ExtendedCode;
ULONG Length;
ULONG Flags;
ULONG Reserved;
} EXTENDED_ENCRYPTED_DATA_INFO;
typedef EXTENDED_ENCRYPTED_DATA_INFO *PEXTENDED_ENCRYPTED_DATA_INFO;
#endif
/* FSCTL_LOOKUP_STREAM_FROM_CLUSTER parameters */
#if (_WIN32_WINNT >= 0x0601)
typedef struct _LOOKUP_STREAM_FROM_CLUSTER_INPUT {
ULONG Flags;
ULONG NumberOfClusters;
LARGE_INTEGER Cluster[1];
} LOOKUP_STREAM_FROM_CLUSTER_INPUT;
typedef LOOKUP_STREAM_FROM_CLUSTER_INPUT *PLOOKUP_STREAM_FROM_CLUSTER_INPUT;
#endif
/* FSCTL_LOOKUP_STREAM_FROM_CLUSTER returned data */
#if (_WIN32_WINNT >= 0x0601)
typedef struct _LOOKUP_STREAM_FROM_CLUSTER_OUTPUT {
ULONG Offset;
ULONG NumberOfMatches;
ULONG BufferSizeRequired;
} LOOKUP_STREAM_FROM_CLUSTER_OUTPUT;
typedef LOOKUP_STREAM_FROM_CLUSTER_OUTPUT *PLOOKUP_STREAM_FROM_CLUSTER_OUTPUT;
#endif
/* FSCTL_LOOKUP_STREAM_FROM_CLUSTER entry */
#if (_WIN32_WINNT >= 0x0601)
typedef struct _LOOKUP_STREAM_FROM_CLUSTER_ENTRY {
ULONG OffsetToNext;
ULONG Flags;
LARGE_INTEGER Reserved;
LARGE_INTEGER Cluster;
WCHAR FileName[1];
} LOOKUP_STREAM_FROM_CLUSTER_ENTRY;
typedef LOOKUP_STREAM_FROM_CLUSTER_ENTRY *PLOOKUP_STREAM_FROM_CLUSTER_ENTRY;
#endif
/* FSCTL_FILE_TYPE_NOTIFICATION parameters */
#if (_WIN32_WINNT >= 0x0601)
typedef struct _FILE_TYPE_NOTIFICATION_INPUT {
ULONG Flags;
ULONG NumFileTypeIDs;
GUID FileTypeID[1];
} FILE_TYPE_NOTIFICATION_INPUT;
typedef FILE_TYPE_NOTIFICATION_INPUT *PFILE_TYPE_NOTIFICATION_INPUT;
#endif
/* Reparse data buffer */
typedef struct _REPARSE_DATA_BUFFER {
ULONG ReparseTag;
USHORT ReparseDataLength;
USHORT Reserved;
union {
struct {
USHORT SubstituteNameOffset;
USHORT SubstituteNameLength;
USHORT PrintNameOffset;
USHORT PrintNameLength;
ULONG Flags;
WCHAR PathBuffer[1];
} SymbolicLinkReparseBuffer;
struct {
USHORT SubstituteNameOffset;
USHORT SubstituteNameLength;
USHORT PrintNameOffset;
USHORT PrintNameLength;
WCHAR PathBuffer[1];
} MountPointReparseBuffer;
struct {
UCHAR DataBuffer[1];
} GenericReparseBuffer;
};
} REPARSE_DATA_BUFFER;
typedef REPARSE_DATA_BUFFER *PREPARSE_DATA_BUFFER;
/* Reparse GUID data buffer */
typedef struct _REPARSE_GUID_DATA_BUFFER {
ULONG ReparseTag;
USHORT ReparseDataLength;
USHORT Reserved;
GUID ReparseGuid;
struct {
UCHAR DataBuffer[1];
} GenericReparseBuffer;
} REPARSE_GUID_DATA_BUFFER;
typedef REPARSE_GUID_DATA_BUFFER *PREPARSE_GUID_DATA_BUFFER;
/* Reparse index key */
#include <pshpack4.h>
typedef struct _REPARSE_INDEX_KEY {
ULONG FileReparseTag;
LARGE_INTEGER FileId;
} REPARSE_INDEX_KEY;
typedef REPARSE_INDEX_KEY *PREPARSE_INDEX_KEY;
#include <poppack.h>
/* FSCTL_PIPE_ASSIGN_EVENT parameters */
typedef struct _FILE_PIPE_ASSIGN_EVENT_BUFFER {
HANDLE EventHandle;
ULONG KeyValue;
} FILE_PIPE_ASSIGN_EVENT_BUFFER;
typedef FILE_PIPE_ASSIGN_EVENT_BUFFER *PFILE_PIPE_ASSIGN_EVENT_BUFFER;
/* FSCTL_PIPE_PEEK parameters */
typedef struct _FILE_PIPE_PEEK_BUFFER {
ULONG NamedPipeState;
ULONG ReadDataAvailable;
ULONG NumberOfMessages;
ULONG MessageLength;
CHAR Data[1];
} FILE_PIPE_PEEK_BUFFER;
typedef FILE_PIPE_PEEK_BUFFER *PFILE_PIPE_PEEK_BUFFER;
/* FSCTL_PIPE_QUERY_EVENT parameters */
typedef struct _FILE_PIPE_EVENT_BUFFER {
ULONG NamedPipeState;
ULONG EntryType;
ULONG ByteCount;
ULONG KeyValue;
ULONG NumberRequests;
} FILE_PIPE_EVENT_BUFFER;
typedef FILE_PIPE_EVENT_BUFFER *PFILE_PIPE_EVENT_BUFFER;
/* FSCTL_PIPE_WAIT parameters */
typedef struct _FILE_PIPE_WAIT_FOR_BUFFER {
LARGE_INTEGER Timeout;
ULONG NameLength;
BOOLEAN TimeoutSpecified;
WCHAR Name[1];
} FILE_PIPE_WAIT_FOR_BUFFER;
typedef FILE_PIPE_WAIT_FOR_BUFFER *PFILE_PIPE_WAIT_FOR_BUFFER;
/* FSCTL_PIPE_SET_CLIENT_PROCESS parameters */
typedef struct _FILE_PIPE_CLIENT_PROCESS_BUFFER {
PVOID ClientSession;
PVOID ClientProcess;
} FILE_PIPE_CLIENT_PROCESS_BUFFER;
typedef FILE_PIPE_CLIENT_PROCESS_BUFFER *PFILE_PIPE_CLIENT_PROCESS_BUFFER;
/* FSCTL_PIPE_SET_CLIENT_PROCESS parameters (extended version) */
typedef struct _FILE_PIPE_CLIENT_PROCESS_BUFFER_EX {
PVOID ClientSession;
PVOID ClientProcess;
USHORT ClientComputerNameLength;
WCHAR ClientComputerBuffer[FILE_PIPE_COMPUTER_NAME_LENGTH + 1];
} FILE_PIPE_CLIENT_PROCESS_BUFFER_EX;
typedef FILE_PIPE_CLIENT_PROCESS_BUFFER_EX *PFILE_PIPE_CLIENT_PROCESS_BUFFER_EX;
/* Link tracking information types */
typedef enum _LINK_TRACKING_INFORMATION_TYPE {
NtfsLinkTrackingInformation = 0,
DfsLinkTrackingInformation = 1
} LINK_TRACKING_INFORMATION_TYPE;
typedef LINK_TRACKING_INFORMATION_TYPE *PLINK_TRACKING_INFORMATION_TYPE;
/* Link tracking information */
typedef struct _LINK_TRACKING_INFORMATION {
LINK_TRACKING_INFORMATION_TYPE Type;
UCHAR VolumeId[16];
} LINK_TRACKING_INFORMATION;
typedef LINK_TRACKING_INFORMATION *PLINK_TRACKING_INFORMATION;
/* Remote link tracking information */
typedef struct _REMOTE_LINK_TRACKING_INFORMATION_ {
PVOID TargetFileObject;
ULONG TargetLinkTrackingInformationLength;
UCHAR TargetLinkTrackingInformationBuffer[1];
} REMOTE_LINK_TRACKING_INFORMATION;
typedef REMOTE_LINK_TRACKING_INFORMATION *PREMOTE_LINK_TRACKING_INFORMATION;
/* Virtual storage type */
#if (_WIN32_WINNT >= 0x0601)
typedef struct _VIRTUAL_STORAGE_TYPE {
ULONG DeviceId;
GUID VendorId;
} VIRTUAL_STORAGE_TYPE;
typedef VIRTUAL_STORAGE_TYPE *PVIRTUAL_STORAGE_TYPE;
#endif
/* FSCTL_QUERY_DEPENDENT_VOLUME parameters */
#if (_WIN32_WINNT >= 0x0601)
typedef struct _STORAGE_QUERY_DEPENDENT_VOLUME_REQUEST {
ULONG RequestLevel;
ULONG RequestFlags;
} STORAGE_QUERY_DEPENDENT_VOLUME_REQUEST;
typedef STORAGE_QUERY_DEPENDENT_VOLUME_REQUEST *PSTORAGE_QUERY_DEPENDENT_VOLUME_REQUEST;
#endif
/* FSCTL_QUERY_DEPENDENT_VOLUME level 1 entry */
#if (_WIN32_WINNT >= 0x0601)
typedef struct _STORAGE_QUERY_DEPENDENT_VOLUME_LEV1_ENTRY {
ULONG EntryLength;
ULONG DependencyTypeFlags;
ULONG ProviderSpecificFlags;
VIRTUAL_STORAGE_TYPE VirtualStorageType;
} STORAGE_QUERY_DEPENDENT_VOLUME_LEV1_ENTRY;
typedef STORAGE_QUERY_DEPENDENT_VOLUME_LEV1_ENTRY *PSTORAGE_QUERY_DEPENDENT_VOLUME_LEV1_ENTRY;
#endif
/* FSCTL_QUERY_DEPENDENT_VOLUME level 2 entry */
#if (_WIN32_WINNT >= 0x0601)
typedef struct _STORAGE_QUERY_DEPENDENT_VOLUME_LEV2_ENTRY {
ULONG EntryLength;
ULONG DependencyTypeFlags;
ULONG ProviderSpecificFlags;
VIRTUAL_STORAGE_TYPE VirtualStorageType;
ULONG AncestorLevel;
ULONG HostVolumeNameOffset;
ULONG HostVolumeNameSize;
ULONG DependentVolumeNameOffset;
ULONG DependentVolumeNameSize;
ULONG RelativePathOffset;
ULONG RelativePathSize;
ULONG DependentDeviceNameOffset;
ULONG DependentDeviceNameSize;
} STORAGE_QUERY_DEPENDENT_VOLUME_LEV2_ENTRY;
typedef STORAGE_QUERY_DEPENDENT_VOLUME_LEV2_ENTRY *PSTORAGE_QUERY_DEPENDENT_VOLUME_LEV2_ENTRY;
#endif
/* FSCTL_QUERY_DEPENDENT_VOLUME returned data */
#if (_WIN32_WINNT >= 0x0601)
typedef struct _STORAGE_QUERY_DEPENDENT_VOLUME_RESPONSE {
ULONG ResponseLevel;
ULONG NumberEntries;
union {
STORAGE_QUERY_DEPENDENT_VOLUME_LEV1_ENTRY Lev1Depends[1];
STORAGE_QUERY_DEPENDENT_VOLUME_LEV2_ENTRY Lev2Depends[1];
};
} STORAGE_QUERY_DEPENDENT_VOLUME_RESPONSE;
typedef STORAGE_QUERY_DEPENDENT_VOLUME_RESPONSE *PSTORAGE_QUERY_DEPENDENT_VOLUME_RESPONSE;
#endif
/* Object information classes */
typedef enum _OBJECT_INFORMATION_CLASS {
ObjectBasicInformation = 0,
ObjectTypeInformation = 2
} OBJECT_INFORMATION_CLASS;
/* Public object basic information */
typedef struct _PUBLIC_OBJECT_BASIC_INFORMATION {
ULONG Attributes;
ACCESS_MASK GrantedAccess;
ULONG HandleCount;
ULONG PointerCount;
ULONG Reserved[10];
} PUBLIC_OBJECT_BASIC_INFORMATION;
typedef PUBLIC_OBJECT_BASIC_INFORMATION *PPUBLIC_OBJECT_BASIC_INFORMATION;
/* Public object type information */
typedef struct _PUBLIC_OBJECT_TYPE_INFORMATION {
UNICODE_STRING TypeName;
ULONG Reserved[22];
} PUBLIC_OBJECT_TYPE_INFORMATION;
typedef PUBLIC_OBJECT_TYPE_INFORMATION *PPUBLIC_OBJECT_TYPE_INFORMATION;
/* Security client context */
typedef struct _SECURITY_CLIENT_CONTEXT {
SECURITY_QUALITY_OF_SERVICE SecurityQos;
PACCESS_TOKEN ClientToken;
BOOLEAN DirectlyAccessClientToken;
BOOLEAN DirectAccessEffectiveOnly;
BOOLEAN ServerIsRemote;
TOKEN_CONTROL ClientTokenControl;
} SECURITY_CLIENT_CONTEXT;
typedef SECURITY_CLIENT_CONTEXT *PSECURITY_CLIENT_CONTEXT;
/* Kernel asynchronous procedure call state */
typedef struct _KAPC_STATE {
LIST_ENTRY ApcListHead[MaximumMode];
struct _KPROCESS *Process;
BOOLEAN KernelApcInProgress;
BOOLEAN KernelApcPending;
BOOLEAN UserApcPending;
} KAPC_STATE;
typedef KAPC_STATE *PKAPC_STATE;
typedef KAPC_STATE *PRKAPC_STATE;
/* Kernel queue */
typedef struct _KQUEUE {
DISPATCHER_HEADER Header;
LIST_ENTRY EntryListHead;
volatile ULONG CurrentCount;
ULONG MaximumCount;
LIST_ENTRY ThreadListHead;
} KQUEUE;
typedef KQUEUE *PKQUEUE;
typedef KQUEUE *PRKQUEUE;
/* Security exports */
typedef struct _SE_EXPORTS {
LUID SeCreateTokenPrivilege;
LUID SeAssignPrimaryTokenPrivilege;
LUID SeLockMemoryPrivilege;
LUID SeIncreaseQuotaPrivilege;
LUID SeUnsolicitedInputPrivilege;
LUID SeTcbPrivilege;
LUID SeSecurityPrivilege;
LUID SeTakeOwnershipPrivilege;
LUID SeLoadDriverPrivilege;
LUID SeCreatePagefilePrivilege;
LUID SeIncreaseBasePriorityPrivilege;
LUID SeSystemProfilePrivilege;
LUID SeSystemtimePrivilege;
LUID SeProfileSingleProcessPrivilege;
LUID SeCreatePermanentPrivilege;
LUID SeBackupPrivilege;
LUID SeRestorePrivilege;
LUID SeShutdownPrivilege;
LUID SeDebugPrivilege;
LUID SeAuditPrivilege;
LUID SeSystemEnvironmentPrivilege;
LUID SeChangeNotifyPrivilege;
LUID SeRemoteShutdownPrivilege;
PSID SeNullSid;
PSID SeWorldSid;
PSID SeLocalSid;
PSID SeCreatorOwnerSid;
PSID SeCreatorGroupSid;
PSID SeNtAuthoritySid;
PSID SeDialupSid;
PSID SeNetworkSid;
PSID SeBatchSid;
PSID SeInteractiveSid;
PSID SeLocalSystemSid;
PSID SeAliasAdminsSid;
PSID SeAliasUsersSid;
PSID SeAliasGuestsSid;
PSID SeAliasPowerUsersSid;
PSID SeAliasAccountOpsSid;
PSID SeAliasSystemOpsSid;
PSID SeAliasPrintOpsSid;
PSID SeAliasBackupOpsSid;
PSID SeAuthenticatedUsersSid;
PSID SeRestrictedSid;
PSID SeAnonymousLogonSid;
LUID SeUndockPrivilege;
LUID SeSyncAgentPrivilege;
LUID SeEnableDelegationPrivilege;
PSID SeLocalServiceSid;
PSID SeNetworkServiceSid;
LUID SeManageVolumePrivilege;
LUID SeImpersonatePrivilege;
LUID SeCreateGlobalPrivilege;
LUID SeTrustedCredManAccessPrivilege;
LUID SeRelabelPrivilege;
LUID SeIncreaseWorkingSetPrivilege;
LUID SeTimeZonePrivilege;
LUID SeCreateSymbolicLinkPrivilege;
PSID SeIUserSid;
PSID SeUntrustedMandatorySid;
PSID SeLowMandatorySid;
PSID SeMediumMandatorySid;
PSID SeHighMandatorySid;
PSID SeSystemMandatorySid;
PSID SeOwnerRightsSid;
} SE_EXPORTS;
typedef SE_EXPORTS *PSE_EXPORTS;
/* Security logon session terminated routine */
typedef NTSTATUS (NTAPI *PSE_LOGON_SESSION_TERMINATED_ROUTINE)( PLUID );
/* Driver file system notification callback */
typedef VOID NTAPI DRIVER_FS_NOTIFICATION( struct _DEVICE_OBJECT *, BOOLEAN );
typedef DRIVER_FS_NOTIFICATION *PDRIVER_FS_NOTIFICATION;
/* File system filter section synchronization types */
typedef enum _FS_FILTER_SECTION_SYNC_TYPE {
SyncTypeOther = 0,
SyncTypeCreateSection = 1
} FS_FILTER_SECTION_SYNC_TYPE;
typedef FS_FILTER_SECTION_SYNC_TYPE *PFS_FILTER_SECTION_SYNC_TYPE;
/* File system filter stream file object notification types */
typedef enum _FS_FILTER_STREAM_FO_NOTIFICATION_TYPE {
NotifyTypeCreate = 0,
NotifyTypeRetired = 1
} FS_FILTER_STREAM_FO_NOTIFICATION_TYPE;
typedef FS_FILTER_STREAM_FO_NOTIFICATION_TYPE *PFS_FILTER_STREAM_FO_NOTIFICATION_TYPE;
/* File system filter parameters */
typedef union _FS_FILTER_PARAMETERS {
struct {
PLARGE_INTEGER EndingOffset;
PERESOURCE *ResourceToRelease;
} AcquireForModifiedPageWriter;
struct {
PERESOURCE ResourceToRelease;
} ReleaseForModifiedPageWriter;
struct {
FS_FILTER_SECTION_SYNC_TYPE SyncType;
ULONG PageProtection;
} AcquireForSectionSynchronization;
struct {
FS_FILTER_STREAM_FO_NOTIFICATION_TYPE NotificationType;
BOOLEAN SafeToRecurse;
} NotifyStreamFileObject;
struct {
PVOID Argument1;
PVOID Argument2;
PVOID Argument3;
PVOID Argument4;
PVOID Argument5;
} Others;
} FS_FILTER_PARAMETERS;
typedef FS_FILTER_PARAMETERS *PFS_FILTER_PARAMETERS;
/* File system filter callback data */
typedef struct _FS_FILTER_CALLBACK_DATA {
ULONG SizeOfFsFilterCallbackData;
UCHAR Operation;
UCHAR Reserved;
struct _DEVICE_OBJECT *DeviceObject;
struct _FILE_OBJECT *FileObject;
FS_FILTER_PARAMETERS Parameters;
} FS_FILTER_CALLBACK_DATA;
typedef FS_FILTER_CALLBACK_DATA *PFS_FILTER_CALLBACK_DATA;
/* File system filter callbacks */
typedef NTSTATUS (NTAPI *PFS_FILTER_CALLBACK)( PFS_FILTER_CALLBACK_DATA, PVOID * );
typedef NTSTATUS (NTAPI *PFS_FILTER_COMPLETION_CALLBACK)( PFS_FILTER_CALLBACK_DATA, NTSTATUS, PVOID );
typedef struct _FS_FILTER_CALLBACKS {
ULONG SizeOfFsFilterCallbacks;
ULONG Reserved;
PFS_FILTER_CALLBACK PreAcquireForSectionSynchronization;
PFS_FILTER_COMPLETION_CALLBACK PostAcquireForSectionSynchronization;
PFS_FILTER_CALLBACK PreReleaseForSectionSynchronization;
PFS_FILTER_COMPLETION_CALLBACK PostReleaseForSectionSynchronization;
PFS_FILTER_CALLBACK PreAcquireForCcFlush;
PFS_FILTER_COMPLETION_CALLBACK PostAcquireForCcFlush;
PFS_FILTER_CALLBACK PreReleaseForCcFlush;
PFS_FILTER_COMPLETION_CALLBACK PostReleaseForCcFlush;
PFS_FILTER_CALLBACK PreAcquireForModifiedPageWriter;
PFS_FILTER_COMPLETION_CALLBACK PostAcquireForModifiedPageWriter;
PFS_FILTER_CALLBACK PreReleaseForModifiedPageWriter;
PFS_FILTER_COMPLETION_CALLBACK PostReleaseForModifiedPageWriter;
} FS_FILTER_CALLBACKS;
typedef FS_FILTER_CALLBACKS *PFS_FILTER_CALLBACKS;
/* I/O priority information */
#if (NTDDI_VERSION >= 0x06000000)
typedef struct _IO_PRIORITY_INFO {
ULONG Size;
ULONG ThreadPriority;
ULONG PagePriority;
IO_PRIORITY_HINT IoPriority;
} IO_PRIORITY_INFO;
typedef IO_PRIORITY_INFO *PIO_PRIORITY_INFO;
#endif
/* Memory management flush types */
typedef enum _MMFLUSH_TYPE {
MmFlushForDelete = 0,
MmFlushForWrite = 1
} MMFLUSH_TYPE;
/* Read list */
typedef struct _READ_LIST {
PFILE_OBJECT FileObject;
ULONG NumberOfEntries;
LOGICAL IsImage;
FILE_SEGMENT_ELEMENT List[ANYSIZE_ARRAY];
} READ_LIST;
typedef READ_LIST *PREAD_LIST;
/* Memory management prefetch flags */
#if (NTDDI_VERSION >= 0x05010000)
typedef union _MM_PREFETCH_FLAGS {
struct {
ULONG Priority : SYSTEM_PAGE_PRIORITY_BITS;
ULONG RepurposePriority : SYSTEM_PAGE_PRIORITY_BITS;
} Flags;
ULONG AllFlags;
} MM_PREFETCH_FLAGS;
typedef MM_PREFETCH_FLAGS *PMM_PREFETCH_FLAGS;
#endif
/* Fast I/O possible values */
typedef enum _FAST_IO_POSSIBLE {
FastIoIsNotPossible = 0,
FastIoIsPossible = 1,
FastIoIsQuestionable = 2
} FAST_IO_POSSIBLE;
/* Common FCB header */
typedef struct _FSRTL_COMMON_FCB_HEADER {
CSHORT NodeTypeCode;
CSHORT NodeByteSize;
UCHAR Flags;
UCHAR IsFastIoPossible;
UCHAR Flags2;
UCHAR Reserved : 4;
UCHAR Version : 4;
PERESOURCE Resource;
PERESOURCE PagingIoResource;
LARGE_INTEGER AllocationSize;
LARGE_INTEGER FileSize;
LARGE_INTEGER ValidDataLength;
} FSRTL_COMMON_FCB_HEADER;
typedef FSRTL_COMMON_FCB_HEADER *PFSRTL_COMMON_FCB_HEADER;
/* Advanced FCB header */
#ifdef __cplusplus
typedef struct _FSRTL_ADVANCED_FCB_HEADER : FSRTL_COMMON_FCB_HEADER {
#else
typedef struct _FSRTL_ADVANCED_FCB_HEADER {
FSRTL_COMMON_FCB_HEADER;
#endif
PFAST_MUTEX FastMutex;
LIST_ENTRY FilterContexts;
#if (NTDDI_VERSION >= 0x06000000)
EX_PUSH_LOCK PushLock;
PVOID *FileContextSupportPointer;
#endif
} FSRTL_ADVANCED_FCB_HEADER;
typedef FSRTL_ADVANCED_FCB_HEADER *PFSRTL_ADVANCED_FCB_HEADER;
/* EOF wait block */
typedef struct _EOF_WAIT_BLOCK {
LIST_ENTRY EofWaitLinks;
KEVENT Event;
} EOF_WAIT_BLOCK;
typedef EOF_WAIT_BLOCK *PEOF_WAIT_BLOCK;
/* Auxiliary buffer */
typedef struct _FSRTL_AUXILIARY_BUFFER {
PVOID Buffer;
ULONG Length;
ULONG Flags;
PMDL Mdl;
} FSRTL_AUXILIARY_BUFFER;
typedef FSRTL_AUXILIARY_BUFFER *PFSRTL_AUXILIARY_BUFFER;
/* File lock information */
typedef struct _FILE_LOCK_INFO {
LARGE_INTEGER StartingByte;
LARGE_INTEGER Length;
BOOLEAN ExclusiveLock;
ULONG Key;
PFILE_OBJECT FileObject;
PVOID ProcessId;
LARGE_INTEGER EndingByte;
LONG volatile LockRequestsInProgress;
} FILE_LOCK_INFO;
typedef FILE_LOCK_INFO *PFILE_LOCK_INFO;
/* Locking callbacks */
typedef NTSTATUS (NTAPI *PCOMPLETE_LOCK_IRP_ROUTINE)( PVOID, PIRP );
typedef VOID (NTAPI *PUNLOCK_ROUTINE)( PVOID, PFILE_LOCK_INFO );
/* File lock */
typedef struct _FILE_LOCK {
PCOMPLETE_LOCK_IRP_ROUTINE CompleteLockIrpRoutine;
PUNLOCK_ROUTINE UnlockRoutine;
BOOLEAN FastIoIsQuestionable;
BOOLEAN SpareC[3];
PVOID LockInformation;
FILE_LOCK_INFO LastReturnedLockInfo;
PVOID LastReturnedLock;
} FILE_LOCK;
typedef FILE_LOCK *PFILE_LOCK;
/* Tunnel */
typedef struct {
FAST_MUTEX Mutex;
PRTL_SPLAY_LINKS Cache;
LIST_ENTRY TimerQueue;
USHORT NumEntries;
} TUNNEL;
typedef TUNNEL *PTUNNEL;
/* Comparison results */
typedef enum _FSRTL_COMPARISON_RESULT {
LessThan = -1,
EqualTo = 0,
GreaterThan = 1
} FSRTL_COMPARISON_RESULT;
/* Base mapped control block */
typedef struct _BASE_MCB {
ULONG MaximumPairCount;
ULONG PairCount;
USHORT PoolType;
USHORT Flags;
PVOID Mapping;
} BASE_MCB;
typedef BASE_MCB *PBASE_MCB;
/* Large mapped control block */
typedef struct _LARGE_MCB {
PKGUARDED_MUTEX GuardedMutex;
BASE_MCB BaseMcb;
} LARGE_MCB;
typedef LARGE_MCB *PLARGE_MCB;
/* Mapped control block */
typedef struct _MCB {
LARGE_MCB DummyFieldThatSizesThisStructureCorrectly;
} MCB;
typedef MCB *PMCB;
/* Oplock callbacks */
typedef VOID (NTAPI *POPLOCK_WAIT_COMPLETE_ROUTINE)( PVOID, PIRP );
typedef VOID (NTAPI *POPLOCK_FS_PREPOST_IRP)( PVOID, PIRP );
/* Oplock key extra create parameter context */
#if (NTDDI_VERSION >= 0x06010000)
typedef struct _OPLOCK_KEY_ECP_CONTEXT {
GUID OplockKey;
ULONG Reserved;
} OPLOCK_KEY_ECP_CONTEXT;
typedef OPLOCK_KEY_ECP_CONTEXT *POPLOCK_KEY_ECP_CONTEXT;
#endif
/* Change notification callbacks */
typedef BOOLEAN (NTAPI *PCHECK_FOR_TRAVERSE_ACCESS)( PVOID, PVOID, PSECURITY_SUBJECT_CONTEXT );
typedef BOOLEAN (NTAPI *PFILTER_REPORT_CHANGE)( PVOID, PVOID );
/* Stack overflow callback */
typedef VOID (NTAPI *PFSRTL_STACK_OVERFLOW_ROUTINE)( PVOID, PKEVENT );
/* MUP provider information (level 1) */
#if (NTDDI_VERSION >= 0x06000000)
typedef struct _FSRTL_MUP_PROVIDER_INFO_LEVEL_1 {
ULONG32 ProviderId;
} FSRTL_MUP_PROVIDER_INFO_LEVEL_1;
typedef FSRTL_MUP_PROVIDER_INFO_LEVEL_1 *PFSRTL_MUP_PROVIDER_INFO_LEVEL_1;
#endif
/* MUP provider information (level 2) */
#if (NTDDI_VERSION >= 0x06000000)
typedef struct _FSRTL_MUP_PROVIDER_INFO_LEVEL_2 {
ULONG32 ProviderId;
UNICODE_STRING ProviderName;
} FSRTL_MUP_PROVIDER_INFO_LEVEL_2;
typedef FSRTL_MUP_PROVIDER_INFO_LEVEL_2 *PFSRTL_MUP_PROVIDER_INFO_LEVEL_2;
#endif
/* Per file context */
typedef struct _FSRTL_PER_FILE_CONTEXT {
LIST_ENTRY Links;
PVOID OwnerId;
PVOID InstanceId;
PFREE_FUNCTION FreeCallback;
} FSRTL_PER_FILE_CONTEXT;
typedef FSRTL_PER_FILE_CONTEXT *PFSRTL_PER_FILE_CONTEXT;
/* Per stream context */
typedef struct _FSRTL_PER_STREAM_CONTEXT {
LIST_ENTRY Links;
PVOID OwnerId;
PVOID InstanceId;
PFREE_FUNCTION FreeCallback;
} FSRTL_PER_STREAM_CONTEXT;
typedef FSRTL_PER_STREAM_CONTEXT *PFSRTL_PER_STREAM_CONTEXT;
/* Tear down per stream contexts callback */
#if (NTDDI_VERSION >= 0x05000000)
typedef VOID (NTAPI *PFN_FSRTLTEARDOWNPERSTREAMCONTEXTS)( PFSRTL_ADVANCED_FCB_HEADER );
#endif
/* Per file object context */
typedef struct _FSRTL_PER_FILEOBJECT_CONTEXT {
LIST_ENTRY Links;
PVOID OwnerId;
PVOID InstanceId;
} FSRTL_PER_FILEOBJECT_CONTEXT;
typedef FSRTL_PER_FILEOBJECT_CONTEXT *PFSRTL_PER_FILEOBJECT_CONTEXT;
/* Extra create parameter cleanup callback */
#if (NTDDI_VERSION >= 0x06000000)
typedef VOID (NTAPI *PFSRTL_EXTRA_CREATE_PARAMETER_CLEANUP_CALLBACK)( PVOID, LPCGUID );
#endif
/* Network open location qualifiers */
#if (NTDDI_VERSION >= 0x06000000)
typedef enum {
NetworkOpenLocationAny = 0,
NetworkOpenLocationRemote = 1,
NetworkOpenLocationLoopback = 2
} NETWORK_OPEN_LOCATION_QUALIFIER;
#endif
/* Network open integrity qualifiers */
#if (NTDDI_VERSION >= 0x06000000)
typedef enum {
NetworkOpenIntegrityAny = 0,
NetworkOpenIntegrityNone = 1,
NetworkOpenIntegritySigned = 2,
NetworkOpenIntegrityEncrypted = 3,
NetworkOpenIntegrityMaximum = 4
} NETWORK_OPEN_INTEGRITY_QUALIFIER;
#endif
/* Network open extra create parameter context */
#if (NTDDI_VERSION >= 0x06000000)
typedef struct _NETWORK_OPEN_ECP_CONTEXT {
USHORT Size;
USHORT Reserved;
struct {
struct {
NETWORK_OPEN_LOCATION_QUALIFIER Location;
NETWORK_OPEN_INTEGRITY_QUALIFIER Integrity;
#if (NTDDI_VERSION >= 0x06010000)
ULONG Flags;
#endif
} in;
struct {
NETWORK_OPEN_LOCATION_QUALIFIER Location;
NETWORK_OPEN_INTEGRITY_QUALIFIER Integrity;
#if (NTDDI_VERSION >= 0x06010000)
ULONG Flags;
#endif
} out;
};
} NETWORK_OPEN_ECP_CONTEXT;
typedef NETWORK_OPEN_ECP_CONTEXT *PNETWORK_OPEN_ECP_CONTEXT;
#endif
/* Network open extra create parameter context (version 0) */
#if (NTDDI_VERSION >= 0x06010000)
typedef struct _NETWORK_OPEN_ECP_CONTEXT_V0 {
USHORT Size;
USHORT Reserved;
struct {
struct {
NETWORK_OPEN_LOCATION_QUALIFIER Location;
NETWORK_OPEN_INTEGRITY_QUALIFIER Integrity;
} in;
struct {
NETWORK_OPEN_LOCATION_QUALIFIER Location;
NETWORK_OPEN_INTEGRITY_QUALIFIER Integrity;
} out;
};
} NETWORK_OPEN_ECP_CONTEXT_V0;
typedef NETWORK_OPEN_ECP_CONTEXT_V0 *PNETWORK_OPEN_ECP_CONTEXT_V0;
#endif
/* Prefetch open extra create parameter context */
#if (NTDDI_VERSION >= 0x06000000)
typedef struct _PREFETCH_OPEN_ECP_CONTEXT {
PVOID Context;
} PREFETCH_OPEN_ECP_CONTEXT;
typedef PREFETCH_OPEN_ECP_CONTEXT *PPREFETCH_OPEN_ECP_CONTEXT;
#endif
/* NFS open extra create parameter context */
#if (NTDDI_VERSION >= 0x06010000)
typedef struct _NFS_OPEN_ECP_CONTEXT {
PUNICODE_STRING ExportAlias;
PSOCKADDR_STORAGE_NFS ClientSocketAddress;
} NFS_OPEN_ECP_CONTEXT;
typedef NFS_OPEN_ECP_CONTEXT *PNFS_OPEN_ECP_CONTEXT;
typedef NFS_OPEN_ECP_CONTEXT **PPNFS_OPEN_ECP_CONTEXT;
#endif
/* SRV open extra create parameter context */
#if (NTDDI_VERSION >= 0x06010000)
typedef struct _SRV_OPEN_ECP_CONTEXT {
PUNICODE_STRING ShareName;
PSOCKADDR_STORAGE_NFS SocketAddress;
BOOLEAN OplockBlockState;
BOOLEAN OplockAppState;
BOOLEAN OplockFinalState;
} SRV_OPEN_ECP_CONTEXT;
typedef SRV_OPEN_ECP_CONTEXT *PSRV_OPEN_ECP_CONTEXT;
#endif
/* Change backing types */
#if (NTDDI_VERSION >= 0x06000000)
typedef enum _FSRTL_CHANGE_BACKING_TYPE {
ChangeDataControlArea = 0,
ChangeImageControlArea = 1,
ChangeSharedCacheMap = 2
} FSRTL_CHANGE_BACKING_TYPE;
typedef FSRTL_CHANGE_BACKING_TYPE *PFSRTL_CHANGE_BACKING_TYPE;
#endif
/* Public BCB */
typedef struct _PUBLIC_BCB {
CSHORT NodeTypeCode;
CSHORT NodeByteSize;
ULONG MappedLength;
LARGE_INTEGER MappedFileOffset;
} PUBLIC_BCB;
typedef PUBLIC_BCB *PPUBLIC_BCB;
/* File sizes */
typedef struct _CC_FILE_SIZES {
LARGE_INTEGER AllocationSize;
LARGE_INTEGER FileSize;
LARGE_INTEGER ValidDataLength;
} CC_FILE_SIZES;
typedef CC_FILE_SIZES *PCC_FILE_SIZES;
/* Cache manager callbacks */
typedef BOOLEAN (NTAPI *PACQUIRE_FOR_LAZY_WRITE)( PVOID, BOOLEAN );
typedef VOID (NTAPI *PRELEASE_FROM_LAZY_WRITE)( PVOID );
typedef BOOLEAN (NTAPI *PACQUIRE_FOR_READ_AHEAD)( PVOID, BOOLEAN );
typedef VOID (NTAPI *PRELEASE_FROM_READ_AHEAD)( PVOID );
typedef VOID (NTAPI *PDIRTY_PAGE_ROUTINE)( PFILE_OBJECT, PLARGE_INTEGER, ULONG, PLARGE_INTEGER, PLARGE_INTEGER, PVOID, PVOID );
typedef VOID (NTAPI *PFLUSH_TO_LSN)( PVOID, LARGE_INTEGER );
typedef VOID (NTAPI *PCC_POST_DEFERRED_WRITE)( PVOID, PVOID );
typedef struct _CACHE_MANAGER_CALLBACKS {
PACQUIRE_FOR_LAZY_WRITE AcquireForLazyWrite;
PRELEASE_FROM_LAZY_WRITE ReleaseFromLazyWrite;
PACQUIRE_FOR_READ_AHEAD AcquireForReadAhead;
PRELEASE_FROM_READ_AHEAD ReleaseFromReadAhead;
} CACHE_MANAGER_CALLBACKS;
typedef CACHE_MANAGER_CALLBACKS *PCACHE_MANAGER_CALLBACKS;
/* Cache uninitialize event */
typedef struct _CACHE_UNINITIALIZE_EVENT {
struct _CACHE_UNINITIALIZE_EVENT *Next;
KEVENT Event;
} CACHE_UNINITIALIZE_EVENT;
typedef CACHE_UNINITIALIZE_EVENT *PCACHE_UNINITIALIZE_EVENT;
/* The Microsoft version of ntifs.h contains the contents of sspi.h. In the interest
* of efficiency, a #include directive is used here instead. It is necessary to make
* sure that UNICODE is defined, because only the Unicode versions of the functions in
* sspi.h are supported in kernel mode.
*/
#ifndef UNICODE
#define UNICODE
#endif
#ifndef SECURITY_KERNEL
#define SECURITY_KERNEL
#endif
#include <sspi.h>
/* Security user data */
typedef struct _SECURITY_USER_DATA {
SECURITY_STRING UserName;
SECURITY_STRING LogonDomainName;
SECURITY_STRING LogonServer;
PSID pSid;
} SECURITY_USER_DATA;
typedef SECURITY_USER_DATA *PSECURITY_USER_DATA;
typedef SECURITY_USER_DATA SecurityUserData;
typedef SECURITY_USER_DATA *PSecurityUserData;
/* Query path request */
typedef struct _QUERY_PATH_REQUEST {
ULONG PathNameLength;
PIO_SECURITY_CONTEXT SecurityContext;
WCHAR FilePathName[1];
} QUERY_PATH_REQUEST;
typedef QUERY_PATH_REQUEST *PQUERY_PATH_REQUEST;
/* Query path request (extended version) */
typedef struct _QUERY_PATH_REQUEST_EX {
PIO_SECURITY_CONTEXT pSecurityContext;
ULONG EaLength;
PVOID pEaBuffer;
UNICODE_STRING PathName;
UNICODE_STRING DomainServiceName;
ULONG_PTR Reserved[3];
} QUERY_PATH_REQUEST_EX;
typedef QUERY_PATH_REQUEST_EX *PQUERY_PATH_REQUEST_EX;
/* Query path response */
typedef struct _QUERY_PATH_RESPONSE {
ULONG LengthAccepted;
} QUERY_PATH_RESPONSE;
typedef QUERY_PATH_RESPONSE *PQUERY_PATH_RESPONSE;
/* Global variables in NTOSKRNL.EXE */
extern NTKERNELAPI ULONG CcFastMdlReadWait;
extern NTKERNELAPI UCHAR const * const *FsRtlLegalAnsiCharacterArray;
extern NTKERNELAPI ULONG IoReadOperationCount;
extern NTKERNELAPI LARGE_INTEGER IoReadTransferCount;
extern NTKERNELAPI KSPIN_LOCK IoStatisticsLock;
extern NTKERNELAPI ULONG IoWriteOperationCount;
extern NTKERNELAPI LARGE_INTEGER IoWriteTransferCount;
extern NTKERNELAPI PUSHORT *NlsOemLeadByteInfo;
extern NTKERNELAPI PSE_EXPORTS SeExports;
/* Functions in NTOSKRNL.EXE and NTDLL.DLL */
NTSYSAPI NTSTATUS NTAPI ZwDuplicateToken( HANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, BOOLEAN, TOKEN_TYPE, PHANDLE );
NTSYSAPI NTSTATUS NTAPI ZwQueryEaFile( HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG, BOOLEAN, PVOID, ULONG, PULONG, BOOLEAN );
NTSYSAPI NTSTATUS NTAPI ZwSetEaFile( HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG );
#if (NTDDI_VERSION >= 0x05000000)
NTSYSAPI PPREFIX_TABLE_ENTRY NTAPI PfxFindPrefix( PPREFIX_TABLE, PSTRING );
NTSYSAPI VOID NTAPI PfxInitialize( PPREFIX_TABLE );
NTSYSAPI BOOLEAN NTAPI PfxInsertPrefix( PPREFIX_TABLE, PSTRING, PPREFIX_TABLE_ENTRY );
NTSYSAPI VOID NTAPI PfxRemovePrefix( PPREFIX_TABLE, PPREFIX_TABLE_ENTRY );
NTSYSAPI NTSTATUS NTAPI RtlAddAccessAllowedAce( PACL, ULONG, ACCESS_MASK, PSID );
NTSYSAPI NTSTATUS NTAPI RtlAddAccessAllowedAceEx( PACL, ULONG, ULONG, ACCESS_MASK, PSID );
NTSYSAPI NTSTATUS NTAPI RtlAddAce( PACL, ULONG, ULONG, PVOID, ULONG );
NTSYSAPI NTSTATUS NTAPI RtlAllocateAndInitializeSid( PSID_IDENTIFIER_AUTHORITY, UCHAR, ULONG, ULONG, ULONG, ULONG, ULONG, ULONG, ULONG, ULONG, PSID * );
NTSYSAPI PVOID NTAPI RtlAllocateHeap( PVOID, ULONG, SIZE_T );
NTSYSAPI NTSTATUS NTAPI RtlAppendStringToString( PSTRING, const STRING * );
NTSYSAPI VOID NTAPI RtlCaptureContext( PCONTEXT );
NTSYSAPI SIZE_T NTAPI RtlCompareMemoryUlong( PVOID, SIZE_T, ULONG );
NTSYSAPI NTSTATUS NTAPI RtlConvertSidToUnicodeString( PUNICODE_STRING, PSID, BOOLEAN );
NTSYSAPI VOID NTAPI RtlCopyLuid( PLUID, PLUID );
NTSYSAPI NTSTATUS NTAPI RtlCopySid( ULONG, PSID, PSID );
NTSYSAPI NTSTATUS NTAPI RtlCreateAcl( PACL, ULONG, ULONG );
NTSYSAPI BOOLEAN NTAPI RtlCreateUnicodeString( PUNICODE_STRING, PCWSTR );
NTSYSAPI NTSTATUS NTAPI RtlCustomCPToUnicodeN( PCPTABLEINFO, PWCH, ULONG, PULONG, PCH, ULONG );
NTSYSAPI NTSTATUS NTAPI RtlDeleteAce( PACL, ULONG );
NTSYSAPI NTSTATUS NTAPI RtlDowncaseUnicodeString( PUNICODE_STRING, PCUNICODE_STRING, BOOLEAN );
NTSYSAPI BOOLEAN NTAPI RtlEqualPrefixSid( PSID, PSID );
NTSYSAPI BOOLEAN NTAPI RtlEqualSid( PSID, PSID );
NTSYSAPI PUNICODE_PREFIX_TABLE_ENTRY NTAPI RtlFindUnicodePrefix( PUNICODE_PREFIX_TABLE, PUNICODE_STRING, ULONG );
NTSYSAPI BOOLEAN NTAPI RtlFreeHeap( PVOID, ULONG, PVOID );
NTSYSAPI VOID NTAPI RtlFreeOemString( POEM_STRING );
NTSYSAPI PVOID NTAPI RtlFreeSid( PSID );
NTSYSAPI NTSTATUS NTAPI RtlGetAce( PACL, ULONG, PVOID * );
NTSYSAPI NTSTATUS NTAPI RtlGetDaclSecurityDescriptor( PSECURITY_DESCRIPTOR, PBOOLEAN, PACL *, PBOOLEAN );
NTSYSAPI NTSTATUS NTAPI RtlGetOwnerSecurityDescriptor( PSECURITY_DESCRIPTOR, PSID *, PBOOLEAN );
NTSYSAPI VOID NTAPI RtlInitCodePageTable( PUSHORT, PCPTABLEINFO );
NTSYSAPI NTSTATUS NTAPI RtlInitializeSid( PSID, PSID_IDENTIFIER_AUTHORITY, UCHAR );
NTSYSAPI VOID NTAPI RtlInitializeUnicodePrefix( PUNICODE_PREFIX_TABLE );
NTSYSAPI BOOLEAN NTAPI RtlInsertUnicodePrefix( PUNICODE_PREFIX_TABLE, PUNICODE_STRING, PUNICODE_PREFIX_TABLE_ENTRY );
NTSYSAPI BOOLEAN NTAPI RtlIsNameLegalDOS8Dot3( PCUNICODE_STRING, POEM_STRING, PBOOLEAN );
NTSYSAPI BOOLEAN NTAPI RtlIsValidOemCharacter( PWCHAR );
NTSYSAPI ULONG NTAPI RtlLengthRequiredSid( ULONG );
NTSYSAPI ULONG NTAPI RtlLengthSid( PSID );
NTSYSAPI NTSTATUS NTAPI RtlMultiByteToUnicodeN( PWCH, ULONG, PULONG, PCSTR, ULONG );
NTSYSAPI NTSTATUS NTAPI RtlMultiByteToUnicodeSize( PULONG, PCSTR, ULONG );
NTSYSAPI PUNICODE_PREFIX_TABLE_ENTRY NTAPI RtlNextUnicodePrefix( PUNICODE_PREFIX_TABLE, BOOLEAN );
NTSYSAPI ULONG NTAPI RtlNtStatusToDosError( NTSTATUS );
NTSYSAPI NTSTATUS NTAPI RtlOemStringToCountedUnicodeString( PUNICODE_STRING, PCOEM_STRING, BOOLEAN );
NTSYSAPI NTSTATUS NTAPI RtlOemStringToUnicodeString( PUNICODE_STRING, PCOEM_STRING, BOOLEAN );
NTSYSAPI NTSTATUS NTAPI RtlOemToUnicodeN( PWSTR, ULONG, PULONG, PCH, ULONG );
NTSYSAPI ULONG NTAPI RtlRandom( PULONG );
NTSYSAPI VOID NTAPI RtlRemoveUnicodePrefix( PUNICODE_PREFIX_TABLE, PUNICODE_PREFIX_TABLE_ENTRY );
NTSYSAPI VOID NTAPI RtlSecondsSince1970ToTime( ULONG, PLARGE_INTEGER );
NTSYSAPI VOID NTAPI RtlSecondsSince1980ToTime( ULONG, PLARGE_INTEGER );
NTSYSAPI NTSTATUS NTAPI RtlSetOwnerSecurityDescriptor( PSECURITY_DESCRIPTOR, PSID, BOOLEAN );
NTSYSAPI PULONG NTAPI RtlSubAuthoritySid( PSID, ULONG );
NTSYSAPI BOOLEAN NTAPI RtlTimeToSecondsSince1970( PLARGE_INTEGER, PULONG );
NTSYSAPI BOOLEAN NTAPI RtlTimeToSecondsSince1980( PLARGE_INTEGER, PULONG );
NTSYSAPI NTSTATUS NTAPI RtlUnicodeStringToCountedOemString( POEM_STRING, PCUNICODE_STRING, BOOLEAN );
NTSYSAPI NTSTATUS NTAPI RtlUnicodeStringToOemString( POEM_STRING, PCUNICODE_STRING, BOOLEAN );
NTSYSAPI NTSTATUS NTAPI RtlUnicodeToCustomCPN( PCPTABLEINFO, PCH, ULONG, PULONG, PWCH, ULONG );
NTSYSAPI NTSTATUS NTAPI RtlUnicodeToMultiByteN( PCHAR, ULONG, PULONG, PWCH, ULONG );
NTSYSAPI NTSTATUS NTAPI RtlUnicodeToMultiByteSize( PULONG, PWCH, ULONG );
NTSYSAPI NTSTATUS NTAPI RtlUnicodeToOemN( PCHAR, ULONG, PULONG, PWCH, ULONG );
NTSYSAPI NTSTATUS NTAPI RtlUpcaseUnicodeStringToCountedOemString( POEM_STRING, PCUNICODE_STRING, BOOLEAN );
NTSYSAPI NTSTATUS NTAPI RtlUpcaseUnicodeStringToOemString( POEM_STRING, PCUNICODE_STRING, BOOLEAN );
NTSYSAPI NTSTATUS NTAPI RtlUpcaseUnicodeToCustomCPN( PCPTABLEINFO, PCH, ULONG, PULONG, PWCH, ULONG );
NTSYSAPI NTSTATUS NTAPI RtlUpcaseUnicodeToMultiByteN( PCHAR, ULONG, PULONG, PWCH, ULONG );
NTSYSAPI NTSTATUS NTAPI RtlUpcaseUnicodeToOemN( PCHAR, ULONG, PULONG, PWCH, ULONG );
NTSYSAPI BOOLEAN NTAPI RtlValidSid( PSID );
NTSYSAPI ULONG NTAPI RtlxOemStringToUnicodeSize( PCOEM_STRING );
NTSYSAPI ULONG NTAPI RtlxUnicodeStringToOemSize( PCUNICODE_STRING );
NTSYSAPI NTSTATUS NTAPI ZwAllocateVirtualMemory( HANDLE, PVOID *, ULONG_PTR, PSIZE_T, ULONG, ULONG );
NTSYSAPI NTSTATUS NTAPI ZwCreateEvent( PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, EVENT_TYPE, BOOLEAN );
NTSYSAPI NTSTATUS NTAPI ZwDeleteFile( POBJECT_ATTRIBUTES );
NTSYSAPI NTSTATUS NTAPI ZwDeviceIoControlFile( HANDLE, HANDLE, PIO_APC_ROUTINE, PVOID, PIO_STATUS_BLOCK, ULONG, PVOID, ULONG, PVOID, ULONG );
NTSYSAPI NTSTATUS NTAPI ZwDuplicateObject( HANDLE, HANDLE, HANDLE, PHANDLE, ACCESS_MASK, ULONG, ULONG );
NTSYSAPI NTSTATUS NTAPI ZwFlushVirtualMemory( HANDLE, PVOID *, PSIZE_T, PIO_STATUS_BLOCK );
NTSYSAPI NTSTATUS NTAPI ZwFreeVirtualMemory( HANDLE, PVOID *, PSIZE_T, ULONG );
NTSYSAPI NTSTATUS NTAPI ZwFsControlFile( HANDLE, HANDLE, PIO_APC_ROUTINE, PVOID, PIO_STATUS_BLOCK, ULONG, PVOID, ULONG, PVOID, ULONG );
NTSYSAPI NTSTATUS NTAPI ZwNotifyChangeKey( HANDLE, HANDLE, PIO_APC_ROUTINE, PVOID, PIO_STATUS_BLOCK, ULONG, BOOLEAN, PVOID, ULONG, BOOLEAN );
NTSYSAPI NTSTATUS NTAPI ZwOpenDirectoryObject( PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES );
NTSYSAPI NTSTATUS NTAPI ZwQueryDirectoryFile( HANDLE, HANDLE, PIO_APC_ROUTINE, PVOID, PIO_STATUS_BLOCK, PVOID, ULONG, FILE_INFORMATION_CLASS, BOOLEAN, PUNICODE_STRING, BOOLEAN );
NTSYSAPI NTSTATUS NTAPI ZwQueryInformationToken( HANDLE, TOKEN_INFORMATION_CLASS, PVOID, ULONG, PULONG );
NTSYSAPI NTSTATUS NTAPI ZwQuerySecurityObject( HANDLE, SECURITY_INFORMATION, PSECURITY_DESCRIPTOR, ULONG, PULONG );
NTSYSAPI NTSTATUS NTAPI ZwQueryVolumeInformationFile( HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG, FS_INFORMATION_CLASS );
NTSYSAPI NTSTATUS NTAPI ZwSetEvent( HANDLE, PLONG );
NTSYSAPI NTSTATUS NTAPI ZwSetSecurityObject( HANDLE, SECURITY_INFORMATION, PSECURITY_DESCRIPTOR );
NTSYSAPI NTSTATUS NTAPI ZwSetVolumeInformationFile( HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG, FS_INFORMATION_CLASS );
NTSYSAPI NTSTATUS NTAPI ZwWaitForSingleObject( HANDLE, BOOLEAN, PLARGE_INTEGER );
#endif
#if (NTDDI_VERSION >= 0x05010000)
NTSYSAPI USHORT NTAPI RtlCaptureStackBackTrace( ULONG, ULONG, PVOID *, PULONG );
NTSYSAPI NTSTATUS NTAPI RtlCompressBuffer( USHORT, PUCHAR, ULONG, PUCHAR, ULONG, ULONG, PULONG, PVOID );
NTSYSAPI NTSTATUS NTAPI RtlCompressChunks( PUCHAR, ULONG, PUCHAR, ULONG, PCOMPRESSED_DATA_INFO, ULONG, PVOID );
NTSYSAPI PVOID NTAPI RtlCreateHeap( ULONG, PVOID, SIZE_T, SIZE_T, PVOID, PRTL_HEAP_PARAMETERS );
NTSYSAPI NTSTATUS NTAPI RtlCreateSystemVolumeInformationFolder( PUNICODE_STRING );
NTSYSAPI NTSTATUS NTAPI RtlDecompressBuffer( USHORT, PUCHAR, ULONG, PUCHAR, ULONG, PULONG );
NTSYSAPI NTSTATUS NTAPI RtlDecompressChunks( PUCHAR, ULONG, PUCHAR, ULONG, PUCHAR, ULONG, PCOMPRESSED_DATA_INFO );
NTSYSAPI NTSTATUS NTAPI RtlDecompressFragment( USHORT, PUCHAR, ULONG, PUCHAR, ULONG, ULONG, PULONG, PVOID );
NTSYSAPI NTSTATUS NTAPI RtlDescribeChunk( USHORT, PUCHAR *, PUCHAR, PUCHAR *, PULONG );
NTSYSAPI PVOID NTAPI RtlDestroyHeap( PVOID );
NTSYSAPI NTSTATUS NTAPI RtlDuplicateUnicodeString( ULONG, const UNICODE_STRING *, UNICODE_STRING * );
NTSYSAPI VOID NTAPI RtlFillMemoryUlong( PVOID, SIZE_T, ULONG );
NTSYSAPI NTSTATUS NTAPI RtlGetCompressionWorkSpaceSize( USHORT, PULONG, PULONG );
NTSYSAPI PSID_IDENTIFIER_AUTHORITY NTAPI RtlIdentifierAuthoritySid( PSID );
NTSYSAPI NTSTATUS NTAPI RtlInitUnicodeStringEx( PUNICODE_STRING, PCWSTR );
NTSYSAPI ULONG NTAPI RtlNtStatusToDosErrorNoTeb( NTSTATUS );
NTSYSAPI ULONG NTAPI RtlRandomEx( PULONG );
NTSYSAPI NTSTATUS NTAPI RtlReserveChunk( USHORT, PUCHAR *, PUCHAR, PUCHAR *, ULONG );
NTSYSAPI PUCHAR NTAPI RtlSubAuthorityCountSid( PSID );
NTSYSAPI NTSTATUS NTAPI RtlValidateUnicodeString( ULONG, const UNICODE_STRING * );
NTSYSAPI NTSTATUS NTAPI ZwOpenProcessTokenEx( HANDLE, ACCESS_MASK, ULONG, PHANDLE );
NTSYSAPI NTSTATUS NTAPI ZwOpenThreadTokenEx( HANDLE, ACCESS_MASK, BOOLEAN, ULONG, PHANDLE );
NTSYSAPI NTSTATUS NTAPI ZwQueryObject( HANDLE, OBJECT_INFORMATION_CLASS, PVOID, ULONG, PULONG );
#endif
#if (NTDDI_VERSION >= 0x05020000)
NTSYSAPI NTSTATUS NTAPI RtlInitAnsiStringEx( PANSI_STRING, PCSZ );
#endif
#if (NTDDI_VERSION >= 0x05020100)
NTSYSAPI NTSTATUS NTAPI RtlAbsoluteToSelfRelativeSD( PSECURITY_DESCRIPTOR, PSECURITY_DESCRIPTOR, PULONG );
NTSYSAPI NTSTATUS NTAPI RtlGetGroupSecurityDescriptor( PSECURITY_DESCRIPTOR, PSID *, PBOOLEAN );
NTSYSAPI NTSTATUS NTAPI RtlGetSaclSecurityDescriptor( PSECURITY_DESCRIPTOR, PBOOLEAN, PACL *, PBOOLEAN );
NTSYSAPI NTSTATUS NTAPI RtlSelfRelativeToAbsoluteSD( PSECURITY_DESCRIPTOR, PSECURITY_DESCRIPTOR, PULONG, PACL, PULONG, PACL, PULONG, PSID, PULONG, PSID, PULONG );
NTSYSAPI NTSTATUS NTAPI RtlSetGroupSecurityDescriptor( PSECURITY_DESCRIPTOR, PSID, BOOLEAN );
#endif
#if (NTDDI_VERSION >= 0x06000000)
NTSYSAPI LONG NTAPI RtlCompareAltitudes( PCUNICODE_STRING, PCUNICODE_STRING );
NTSYSAPI NTSTATUS NTAPI RtlCreateServiceSid( UNICODE_STRING *, PSID, PULONG );
NTSYSAPI NTSTATUS NTAPI RtlIdnToAscii( ULONG, PCWSTR, LONG, PWSTR, PLONG );
NTSYSAPI NTSTATUS NTAPI RtlIdnToNameprepUnicode( ULONG, PCWSTR, LONG, PWSTR, PLONG );
NTSYSAPI NTSTATUS NTAPI RtlIdnToUnicode( ULONG, PCWSTR, LONG, PWSTR, PLONG );
NTSYSAPI NTSTATUS NTAPI RtlIsNormalizedString( ULONG, PCWSTR, LONG, PBOOLEAN );
NTSYSAPI NTSTATUS NTAPI RtlNormalizeString( ULONG, PCWSTR, LONG, PWSTR, PLONG );
NTSYSAPI NTSTATUS NTAPI ZwFlushBuffersFile( HANDLE, PIO_STATUS_BLOCK );
NTSYSAPI NTSTATUS NTAPI ZwLockFile( HANDLE, HANDLE, PIO_APC_ROUTINE, PVOID, PIO_STATUS_BLOCK, PLARGE_INTEGER, PLARGE_INTEGER, ULONG, BOOLEAN, BOOLEAN );
NTSYSAPI NTSTATUS NTAPI ZwQueryQuotaInformationFile( HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG, BOOLEAN, PVOID, ULONG, PSID, BOOLEAN );
NTSYSAPI NTSTATUS NTAPI ZwSetQuotaInformationFile( HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG );
NTSYSAPI NTSTATUS NTAPI ZwUnlockFile( HANDLE, PIO_STATUS_BLOCK, PLARGE_INTEGER, PLARGE_INTEGER, ULONG );
#endif
#if (NTDDI_VERSION >= 0x06010000)
NTSYSAPI NTSTATUS NTAPI RtlCreateVirtualAccount( PCUNICODE_STRING, ULONG, PSID, PULONG );
NTSYSAPI NTSTATUS NTAPI RtlReplaceSidInSd( PSECURITY_DESCRIPTOR, PSID, PSID, ULONG * );
NTSYSAPI NTSTATUS NTAPI ZwSetInformationToken( HANDLE, TOKEN_INFORMATION_CLASS, PVOID, ULONG );
#endif
/* Functions in NTOSKRNL.EXE and NTDLL.DLL that are defined differently on different
* versions of Windows.
*/
#if (NTDDI_VERSION >= 0x06000100)
NTSYSAPI NTSTATUS NTAPI RtlGenerate8dot3Name( PCUNICODE_STRING, BOOLEAN, PGENERATE_NAME_CONTEXT, PUNICODE_STRING );
#elif (NTDDI_VERSION >= 0x05000000)
NTSYSAPI NTSTATUS NTAPI RtlGenerate8dot3Name( PCUNICODE_STRING, BOOLEAN, PGENERATE_NAME_CONTEXT, PUNICODE_STRING );
#endif
/* System call functions in NTOSKRNL.EXE and NTDLL.DLL */
#if (NTDDI_VERSION >= 0x05000000)
NTSYSCALLAPI NTSTATUS NTAPI NtAdjustPrivilegesToken( HANDLE, BOOLEAN, PTOKEN_PRIVILEGES, ULONG, PTOKEN_PRIVILEGES, PULONG );
NTSYSCALLAPI NTSTATUS NTAPI NtAllocateVirtualMemory( HANDLE, PVOID *, ULONG_PTR, PSIZE_T, ULONG, ULONG );
NTSYSCALLAPI NTSTATUS NTAPI NtClose( HANDLE );
NTSYSCALLAPI NTSTATUS NTAPI NtCreateFile( PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PIO_STATUS_BLOCK, PLARGE_INTEGER, ULONG, ULONG, ULONG, ULONG, PVOID, ULONG );
NTSYSCALLAPI NTSTATUS NTAPI NtDeviceIoControlFile( HANDLE, HANDLE, PIO_APC_ROUTINE, PVOID, PIO_STATUS_BLOCK, ULONG, PVOID, ULONG, PVOID, ULONG );
NTSYSCALLAPI NTSTATUS NTAPI NtFreeVirtualMemory( HANDLE, PVOID *, PSIZE_T, ULONG );
NTSYSCALLAPI NTSTATUS NTAPI NtFsControlFile( HANDLE, HANDLE, PIO_APC_ROUTINE, PVOID, PIO_STATUS_BLOCK, ULONG, PVOID, ULONG, PVOID, ULONG );
NTSYSCALLAPI NTSTATUS NTAPI NtLockFile( HANDLE, HANDLE, PIO_APC_ROUTINE, PVOID, PIO_STATUS_BLOCK, PLARGE_INTEGER, PLARGE_INTEGER, ULONG, BOOLEAN, BOOLEAN );
NTSYSCALLAPI NTSTATUS NTAPI NtOpenFile( PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PIO_STATUS_BLOCK, ULONG, ULONG );
NTSYSCALLAPI NTSTATUS NTAPI NtOpenProcessToken( HANDLE, ACCESS_MASK, PHANDLE );
NTSYSCALLAPI NTSTATUS NTAPI NtOpenThreadToken( HANDLE, ACCESS_MASK, BOOLEAN, PHANDLE );
NTSYSCALLAPI NTSTATUS NTAPI NtQueryDirectoryFile( HANDLE, HANDLE, PIO_APC_ROUTINE, PVOID, PIO_STATUS_BLOCK, PVOID, ULONG, FILE_INFORMATION_CLASS, BOOLEAN, PUNICODE_STRING, BOOLEAN );
NTSYSCALLAPI NTSTATUS NTAPI NtQueryInformationFile( HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG, FILE_INFORMATION_CLASS );
NTSYSCALLAPI NTSTATUS NTAPI NtQueryInformationToken( HANDLE, TOKEN_INFORMATION_CLASS, PVOID, ULONG, PULONG );
NTSYSCALLAPI NTSTATUS NTAPI NtQueryQuotaInformationFile( HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG, BOOLEAN, PVOID, ULONG, PSID, BOOLEAN );
NTSYSCALLAPI NTSTATUS NTAPI NtQuerySecurityObject( HANDLE, SECURITY_INFORMATION, PSECURITY_DESCRIPTOR, ULONG, PULONG );
NTSYSCALLAPI NTSTATUS NTAPI NtQueryVolumeInformationFile( HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG, FS_INFORMATION_CLASS );
NTSYSCALLAPI NTSTATUS NTAPI NtReadFile( HANDLE, HANDLE, PIO_APC_ROUTINE, PVOID, PIO_STATUS_BLOCK, PVOID, ULONG, PLARGE_INTEGER, PULONG );
NTSYSCALLAPI NTSTATUS NTAPI NtSetInformationFile( HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG, FILE_INFORMATION_CLASS );
NTSYSCALLAPI NTSTATUS NTAPI NtSetQuotaInformationFile( HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG );
NTSYSCALLAPI NTSTATUS NTAPI NtSetSecurityObject( HANDLE, SECURITY_INFORMATION, PSECURITY_DESCRIPTOR );
NTSYSCALLAPI NTSTATUS NTAPI NtSetVolumeInformationFile( HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG, FS_INFORMATION_CLASS );
NTSYSCALLAPI NTSTATUS NTAPI NtUnlockFile( HANDLE, PIO_STATUS_BLOCK, PLARGE_INTEGER, PLARGE_INTEGER, ULONG );
NTSYSCALLAPI NTSTATUS NTAPI NtWriteFile( HANDLE, HANDLE, PIO_APC_ROUTINE, PVOID, PIO_STATUS_BLOCK, PVOID, ULONG, PLARGE_INTEGER, PULONG );
#endif
#if (NTDDI_VERSION >= 0x05010000)
NTSYSCALLAPI NTSTATUS NTAPI NtAccessCheckAndAuditAlarm( PUNICODE_STRING, PVOID, PUNICODE_STRING, PUNICODE_STRING, PSECURITY_DESCRIPTOR, ACCESS_MASK, PGENERIC_MAPPING, BOOLEAN, PACCESS_MASK, PNTSTATUS, PBOOLEAN );
NTSYSCALLAPI NTSTATUS NTAPI NtAccessCheckByTypeAndAuditAlarm( PUNICODE_STRING, PVOID, PUNICODE_STRING, PUNICODE_STRING, PSECURITY_DESCRIPTOR, PSID, ACCESS_MASK, AUDIT_EVENT_TYPE, ULONG, POBJECT_TYPE_LIST, ULONG, PGENERIC_MAPPING, BOOLEAN, PACCESS_MASK, PNTSTATUS, PBOOLEAN );
NTSYSCALLAPI NTSTATUS NTAPI NtAccessCheckByTypeResultListAndAuditAlarm( PUNICODE_STRING, PVOID, PUNICODE_STRING, PUNICODE_STRING, PSECURITY_DESCRIPTOR, PSID, ACCESS_MASK, AUDIT_EVENT_TYPE, ULONG, POBJECT_TYPE_LIST, ULONG, PGENERIC_MAPPING, BOOLEAN, PACCESS_MASK, PNTSTATUS, PBOOLEAN );
NTSYSCALLAPI NTSTATUS NTAPI NtAccessCheckByTypeResultListAndAuditAlarmByHandle( PUNICODE_STRING, PVOID, HANDLE, PUNICODE_STRING, PUNICODE_STRING, PSECURITY_DESCRIPTOR, PSID, ACCESS_MASK, AUDIT_EVENT_TYPE, ULONG, POBJECT_TYPE_LIST, ULONG, PGENERIC_MAPPING, BOOLEAN, PACCESS_MASK, PNTSTATUS, PBOOLEAN );
NTSYSCALLAPI NTSTATUS NTAPI NtAdjustGroupsToken( HANDLE, BOOLEAN, PTOKEN_GROUPS, ULONG, PTOKEN_GROUPS, PULONG );
NTSYSCALLAPI NTSTATUS NTAPI NtCloseObjectAuditAlarm( PUNICODE_STRING, PVOID, BOOLEAN );
NTSYSCALLAPI NTSTATUS NTAPI NtCreateSection( PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PLARGE_INTEGER, ULONG, ULONG, HANDLE );
NTSYSCALLAPI NTSTATUS NTAPI NtDeleteObjectAuditAlarm( PUNICODE_STRING, PVOID, BOOLEAN );
NTSYSCALLAPI NTSTATUS NTAPI NtDuplicateToken( HANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, BOOLEAN, TOKEN_TYPE, PHANDLE );
NTSYSCALLAPI NTSTATUS NTAPI NtFilterToken( HANDLE, ULONG, PTOKEN_GROUPS, PTOKEN_PRIVILEGES, PTOKEN_GROUPS, PHANDLE );
NTSYSCALLAPI NTSTATUS NTAPI NtImpersonateAnonymousToken( HANDLE );
NTSYSCALLAPI NTSTATUS NTAPI NtOpenObjectAuditAlarm( PUNICODE_STRING, PVOID, PUNICODE_STRING, PUNICODE_STRING, PSECURITY_DESCRIPTOR, HANDLE, ACCESS_MASK, ACCESS_MASK, PPRIVILEGE_SET, BOOLEAN, BOOLEAN, PBOOLEAN );
NTSYSCALLAPI NTSTATUS NTAPI NtOpenProcessTokenEx( HANDLE, ACCESS_MASK, ULONG, PHANDLE );
NTSYSCALLAPI NTSTATUS NTAPI NtOpenThreadTokenEx( HANDLE, ACCESS_MASK, BOOLEAN, ULONG, PHANDLE );
NTSYSCALLAPI NTSTATUS NTAPI NtPrivilegeCheck( HANDLE, PPRIVILEGE_SET, PBOOLEAN );
NTSYSCALLAPI NTSTATUS NTAPI NtPrivilegeObjectAuditAlarm( PUNICODE_STRING, PVOID, HANDLE, ACCESS_MASK, PPRIVILEGE_SET, BOOLEAN );
NTSYSCALLAPI NTSTATUS NTAPI NtPrivilegedServiceAuditAlarm( PUNICODE_STRING, PUNICODE_STRING, HANDLE, PPRIVILEGE_SET, BOOLEAN );
NTSYSCALLAPI NTSTATUS NTAPI NtSetInformationThread( HANDLE, THREADINFOCLASS, PVOID, ULONG );
NTSYSCALLAPI NTSTATUS NTAPI NtSetInformationToken( HANDLE, TOKEN_INFORMATION_CLASS, PVOID, ULONG );
#endif
/* Functions in NTOSKRNL.EXE */
NTKERNELAPI VOID NTAPI ExInitializePushLock( PEX_PUSH_LOCK );
NTKERNELAPI NTSTATUS NTAPI FsRtlInsertPerFileContext( PVOID *, PFSRTL_PER_FILE_CONTEXT );
NTKERNELAPI NTSTATUS NTAPI FsRtlInsertPerFileObjectContext( PFILE_OBJECT, PFSRTL_PER_FILEOBJECT_CONTEXT );
NTKERNELAPI PFSRTL_PER_FILE_CONTEXT NTAPI FsRtlLookupPerFileContext( PVOID *, PVOID, PVOID );
NTKERNELAPI PFSRTL_PER_FILEOBJECT_CONTEXT NTAPI FsRtlLookupPerFileObjectContext( PFILE_OBJECT, PVOID, PVOID );
NTKERNELAPI PFSRTL_PER_FILE_CONTEXT NTAPI FsRtlRemovePerFileContext( PVOID *, PVOID, PVOID );
NTKERNELAPI PFSRTL_PER_FILEOBJECT_CONTEXT NTAPI FsRtlRemovePerFileObjectContext( PFILE_OBJECT, PVOID, PVOID );
NTKERNELAPI VOID NTAPI FsRtlTeardownPerFileContexts( PVOID * );
NTKERNELAPI NTSTATUS NTAPI LsaFreeReturnBuffer( PVOID );
NTKERNELAPI NTSTATUS NTAPI LsaLogonUser( HANDLE, PLSA_STRING, SECURITY_LOGON_TYPE, ULONG, PVOID, ULONG, PTOKEN_GROUPS, PTOKEN_SOURCE, PVOID *, PULONG, PLUID, PHANDLE, PQUOTA_LIMITS, PNTSTATUS );
NTKERNELAPI NTSTATUS NTAPI LsaRegisterLogonProcess( PLSA_STRING, PHANDLE, PLSA_OPERATIONAL_MODE );
NTKERNELAPI NTSTATUS NTAPI PsLookupProcessByProcessId( HANDLE, PEPROCESS * );
NTKERNELAPI NTSTATUS NTAPI PsLookupThreadByThreadId( HANDLE, PETHREAD * );
NTKERNELAPI NTSTATUS NTAPI SeAccessCheckFromState( PSECURITY_DESCRIPTOR, PTOKEN_ACCESS_INFORMATION, PTOKEN_ACCESS_INFORMATION, ACCESS_MASK, ACCESS_MASK, PPRIVILEGE_SET *, PGENERIC_MAPPING, KPROCESSOR_MODE, PACCESS_MASK, PNTSTATUS );
NTKERNELAPI NTSTATUS NTAPI SeLocateProcessImageName( PEPROCESS, PUNICODE_STRING * );
NTKERNELAPI NTSTATUS NTAPI SeReportSecurityEventWithSubCategory( ULONG, PUNICODE_STRING, PSID, PSE_ADT_PARAMETER_ARRAY, ULONG );
#if (NTDDI_VERSION >= 0x05000000)
NTKERNELAPI BOOLEAN NTAPI CcCanIWrite( PFILE_OBJECT, ULONG, BOOLEAN, UCHAR );
NTKERNELAPI BOOLEAN NTAPI CcCopyRead( PFILE_OBJECT, PLARGE_INTEGER, ULONG, BOOLEAN, PVOID, PIO_STATUS_BLOCK );
NTKERNELAPI BOOLEAN NTAPI CcCopyWrite( PFILE_OBJECT, PLARGE_INTEGER, ULONG, BOOLEAN, PVOID );
NTKERNELAPI VOID NTAPI CcDeferWrite( PFILE_OBJECT, PCC_POST_DEFERRED_WRITE, PVOID, PVOID, ULONG, BOOLEAN );
NTKERNELAPI VOID NTAPI CcFastCopyRead( PFILE_OBJECT, ULONG, ULONG, ULONG, PVOID, PIO_STATUS_BLOCK );
NTKERNELAPI VOID NTAPI CcFastCopyWrite( PFILE_OBJECT, ULONG, ULONG, PVOID );
NTKERNELAPI VOID NTAPI CcFlushCache( PSECTION_OBJECT_POINTERS, PLARGE_INTEGER, ULONG, PIO_STATUS_BLOCK );
NTKERNELAPI PFILE_OBJECT NTAPI CcGetFileObjectFromBcb( PVOID );
NTKERNELAPI PFILE_OBJECT NTAPI CcGetFileObjectFromSectionPtrs( PSECTION_OBJECT_POINTERS );
NTKERNELAPI LARGE_INTEGER NTAPI CcGetFlushedValidData( PSECTION_OBJECT_POINTERS, BOOLEAN );
NTKERNELAPI VOID NTAPI CcInitializeCacheMap( PFILE_OBJECT, PCC_FILE_SIZES, BOOLEAN, PCACHE_MANAGER_CALLBACKS, PVOID );
NTKERNELAPI BOOLEAN NTAPI CcIsThereDirtyData( PVPB );
NTKERNELAPI VOID NTAPI CcMdlRead( PFILE_OBJECT, PLARGE_INTEGER, ULONG, PMDL *, PIO_STATUS_BLOCK );
NTKERNELAPI VOID NTAPI CcMdlReadComplete( PFILE_OBJECT, PMDL );
NTKERNELAPI VOID NTAPI CcMdlWriteComplete( PFILE_OBJECT, PLARGE_INTEGER, PMDL );
NTKERNELAPI BOOLEAN NTAPI CcPinMappedData( PFILE_OBJECT, PLARGE_INTEGER, ULONG, ULONG, PVOID * );
NTKERNELAPI BOOLEAN NTAPI CcPinRead( PFILE_OBJECT, PLARGE_INTEGER, ULONG, ULONG, PVOID *, PVOID * );
NTKERNELAPI VOID NTAPI CcPrepareMdlWrite( PFILE_OBJECT, PLARGE_INTEGER, ULONG, PMDL *, PIO_STATUS_BLOCK );
NTKERNELAPI BOOLEAN NTAPI CcPreparePinWrite( PFILE_OBJECT, PLARGE_INTEGER, ULONG, BOOLEAN, ULONG, PVOID *, PVOID * );
NTKERNELAPI PVOID NTAPI CcRemapBcb( PVOID );
NTKERNELAPI VOID NTAPI CcRepinBcb( PVOID );
NTKERNELAPI VOID NTAPI CcScheduleReadAhead( PFILE_OBJECT, PLARGE_INTEGER, ULONG );
NTKERNELAPI VOID NTAPI CcSetAdditionalCacheAttributes( PFILE_OBJECT, BOOLEAN, BOOLEAN );
NTKERNELAPI VOID NTAPI CcSetBcbOwnerPointer( PVOID, PVOID );
NTKERNELAPI VOID NTAPI CcSetDirtyPageThreshold( PFILE_OBJECT, ULONG );
NTKERNELAPI VOID NTAPI CcSetDirtyPinnedData( PVOID, PLARGE_INTEGER );
NTKERNELAPI VOID NTAPI CcSetFileSizes( PFILE_OBJECT, PCC_FILE_SIZES );
NTKERNELAPI VOID NTAPI CcSetReadAheadGranularity( PFILE_OBJECT, ULONG );
NTKERNELAPI BOOLEAN NTAPI CcUninitializeCacheMap( PFILE_OBJECT, PLARGE_INTEGER, PCACHE_UNINITIALIZE_EVENT );
NTKERNELAPI VOID NTAPI CcUnpinData( PVOID );
NTKERNELAPI VOID NTAPI CcUnpinDataForThread( PVOID, ERESOURCE_THREAD );
NTKERNELAPI VOID NTAPI CcUnpinRepinnedBcb( PVOID, BOOLEAN, PIO_STATUS_BLOCK );
NTKERNELAPI NTSTATUS NTAPI CcWaitForCurrentLazyWriterActivity( VOID );
NTKERNELAPI BOOLEAN NTAPI CcZeroData( PFILE_OBJECT, PLARGE_INTEGER, PLARGE_INTEGER, BOOLEAN );
NTKERNELAPI VOID NTAPI ExDisableResourceBoostLite( PERESOURCE );
NTKERNELAPI SIZE_T NTAPI ExQueryPoolBlockSize( PVOID, PBOOLEAN );
NTKERNELAPI VOID NTAPI FsRtlAcquireFileExclusive( PFILE_OBJECT );
NTKERNELAPI BOOLEAN NTAPI FsRtlAddLargeMcbEntry( PLARGE_MCB, LONGLONG, LONGLONG, LONGLONG );
NTKERNELAPI BOOLEAN NTAPI FsRtlAddMcbEntry( PMCB, VBN, LBN, ULONG );
NTKERNELAPI VOID NTAPI FsRtlAddToTunnelCache( TUNNEL *, ULONGLONG, UNICODE_STRING *, UNICODE_STRING *, BOOLEAN, ULONG, VOID * );
NTKERNELAPI PFILE_LOCK NTAPI FsRtlAllocateFileLock( PCOMPLETE_LOCK_IRP_ROUTINE, PUNLOCK_ROUTINE );
NTKERNELAPI PERESOURCE NTAPI FsRtlAllocateResource( VOID );
NTKERNELAPI BOOLEAN NTAPI FsRtlAreNamesEqual( PCUNICODE_STRING, PCUNICODE_STRING, BOOLEAN, PCWCH );
NTKERNELAPI NTSTATUS NTAPI FsRtlBalanceReads( PDEVICE_OBJECT );
NTKERNELAPI BOOLEAN NTAPI FsRtlCheckLockForReadAccess( PFILE_LOCK, PIRP );
NTKERNELAPI BOOLEAN NTAPI FsRtlCheckLockForWriteAccess( PFILE_LOCK, PIRP );
NTKERNELAPI NTSTATUS NTAPI FsRtlCheckOplock( POPLOCK, PIRP, PVOID, POPLOCK_WAIT_COMPLETE_ROUTINE, POPLOCK_FS_PREPOST_IRP );
NTKERNELAPI BOOLEAN NTAPI FsRtlCopyRead( PFILE_OBJECT, PLARGE_INTEGER, ULONG, BOOLEAN, ULONG, PVOID, PIO_STATUS_BLOCK, PDEVICE_OBJECT );
NTKERNELAPI BOOLEAN NTAPI FsRtlCopyWrite( PFILE_OBJECT, PLARGE_INTEGER, ULONG, BOOLEAN, ULONG, PVOID, PIO_STATUS_BLOCK, PDEVICE_OBJECT );
NTKERNELAPI NTSTATUS NTAPI FsRtlCreateSectionForDataScan( PHANDLE, PVOID *, PLARGE_INTEGER, PFILE_OBJECT, ACCESS_MASK, POBJECT_ATTRIBUTES, PLARGE_INTEGER, ULONG, ULONG, ULONG );
NTKERNELAPI BOOLEAN NTAPI FsRtlCurrentBatchOplock( POPLOCK );
NTKERNELAPI VOID NTAPI FsRtlDeleteKeyFromTunnelCache( TUNNEL *, ULONGLONG );
NTKERNELAPI VOID NTAPI FsRtlDeleteTunnelCache( TUNNEL * );
NTKERNELAPI VOID NTAPI FsRtlDeregisterUncProvider( HANDLE );
NTKERNELAPI VOID NTAPI FsRtlDissectDbcs( ANSI_STRING, PANSI_STRING, PANSI_STRING );
NTKERNELAPI VOID NTAPI FsRtlDissectName( UNICODE_STRING, PUNICODE_STRING, PUNICODE_STRING );
NTKERNELAPI BOOLEAN NTAPI FsRtlDoesDbcsContainWildCards( PANSI_STRING );
NTKERNELAPI BOOLEAN NTAPI FsRtlDoesNameContainWildCards( PUNICODE_STRING );
NTKERNELAPI BOOLEAN NTAPI FsRtlFastCheckLockForRead( PFILE_LOCK, PLARGE_INTEGER, PLARGE_INTEGER, ULONG, PFILE_OBJECT, PVOID );
NTKERNELAPI BOOLEAN NTAPI FsRtlFastCheckLockForWrite( PFILE_LOCK, PLARGE_INTEGER, PLARGE_INTEGER, ULONG, PVOID, PVOID );
NTKERNELAPI NTSTATUS NTAPI FsRtlFastUnlockAll( PFILE_LOCK, PFILE_OBJECT, PEPROCESS, PVOID );
NTKERNELAPI NTSTATUS NTAPI FsRtlFastUnlockAllByKey( PFILE_LOCK, PFILE_OBJECT, PEPROCESS, ULONG, PVOID );
NTKERNELAPI NTSTATUS NTAPI FsRtlFastUnlockSingle( PFILE_LOCK, PFILE_OBJECT, LARGE_INTEGER *, PLARGE_INTEGER, PEPROCESS, ULONG, PVOID, BOOLEAN );
NTKERNELAPI BOOLEAN NTAPI FsRtlFindInTunnelCache( TUNNEL *, ULONGLONG, UNICODE_STRING *, UNICODE_STRING *, UNICODE_STRING *, ULONG *, VOID * );
NTKERNELAPI VOID NTAPI FsRtlFreeFileLock( PFILE_LOCK );
NTKERNELAPI NTSTATUS NTAPI FsRtlGetFileSize( PFILE_OBJECT, PLARGE_INTEGER );
NTKERNELAPI PFILE_LOCK_INFO NTAPI FsRtlGetNextFileLock( PFILE_LOCK, BOOLEAN );
NTKERNELAPI BOOLEAN NTAPI FsRtlGetNextLargeMcbEntry( PLARGE_MCB, ULONG, PLONGLONG, PLONGLONG, PLONGLONG );
NTKERNELAPI BOOLEAN NTAPI FsRtlGetNextMcbEntry( PMCB, ULONG, PVBN, PLBN, PULONG );
NTKERNELAPI VOID NTAPI FsRtlInitializeFileLock( PFILE_LOCK, PCOMPLETE_LOCK_IRP_ROUTINE, PUNLOCK_ROUTINE );
NTKERNELAPI VOID NTAPI FsRtlInitializeLargeMcb( PLARGE_MCB, POOL_TYPE );
NTKERNELAPI VOID NTAPI FsRtlInitializeMcb( PMCB, POOL_TYPE );
NTKERNELAPI VOID NTAPI FsRtlInitializeOplock( POPLOCK );
NTKERNELAPI VOID NTAPI FsRtlInitializeTunnelCache( TUNNEL * );
NTKERNELAPI BOOLEAN NTAPI FsRtlIsDbcsInExpression( PANSI_STRING, PANSI_STRING );
NTKERNELAPI BOOLEAN NTAPI FsRtlIsFatDbcsLegal( ANSI_STRING, BOOLEAN, BOOLEAN, BOOLEAN );
NTKERNELAPI BOOLEAN NTAPI FsRtlIsHpfsDbcsLegal( ANSI_STRING, BOOLEAN, BOOLEAN, BOOLEAN );
NTKERNELAPI BOOLEAN NTAPI FsRtlIsNameInExpression( PUNICODE_STRING, PUNICODE_STRING, BOOLEAN, PWCH );
NTKERNELAPI BOOLEAN NTAPI FsRtlIsNtstatusExpected( NTSTATUS );
NTKERNELAPI BOOLEAN NTAPI FsRtlLookupLargeMcbEntry( PLARGE_MCB, LONGLONG, PLONGLONG, PLONGLONG, PLONGLONG, PLONGLONG, PULONG );
NTKERNELAPI BOOLEAN NTAPI FsRtlLookupLastLargeMcbEntry( PLARGE_MCB, PLONGLONG, PLONGLONG );
NTKERNELAPI BOOLEAN NTAPI FsRtlLookupLastLargeMcbEntryAndIndex( PLARGE_MCB, PLONGLONG, PLONGLONG, PULONG );
NTKERNELAPI BOOLEAN NTAPI FsRtlLookupLastMcbEntry( PMCB, PVBN, PLBN );
NTKERNELAPI BOOLEAN NTAPI FsRtlLookupMcbEntry( PMCB, VBN, PLBN, PULONG, PULONG );
NTKERNELAPI BOOLEAN NTAPI FsRtlMdlReadCompleteDev( PFILE_OBJECT, PMDL, PDEVICE_OBJECT );
NTKERNELAPI BOOLEAN NTAPI FsRtlMdlReadDev( PFILE_OBJECT, PLARGE_INTEGER, ULONG, ULONG, PMDL *, PIO_STATUS_BLOCK, PDEVICE_OBJECT );
NTKERNELAPI BOOLEAN NTAPI FsRtlMdlWriteCompleteDev( PFILE_OBJECT, PLARGE_INTEGER, PMDL, PDEVICE_OBJECT );
NTKERNELAPI NTSTATUS NTAPI FsRtlNormalizeNtstatus( NTSTATUS, NTSTATUS );
NTKERNELAPI VOID NTAPI FsRtlNotifyCleanup( PNOTIFY_SYNC, PLIST_ENTRY, PVOID );
NTKERNELAPI VOID NTAPI FsRtlNotifyFilterReportChange( PNOTIFY_SYNC, PLIST_ENTRY, PSTRING, USHORT, PSTRING, PSTRING, ULONG, ULONG, PVOID, PVOID );
NTKERNELAPI VOID NTAPI FsRtlNotifyFullChangeDirectory( PNOTIFY_SYNC, PLIST_ENTRY, PVOID, PSTRING, BOOLEAN, BOOLEAN, ULONG, PIRP, PCHECK_FOR_TRAVERSE_ACCESS, PSECURITY_SUBJECT_CONTEXT );
NTKERNELAPI VOID NTAPI FsRtlNotifyFullReportChange( PNOTIFY_SYNC, PLIST_ENTRY, PSTRING, USHORT, PSTRING, PSTRING, ULONG, ULONG, PVOID );
NTKERNELAPI VOID NTAPI FsRtlNotifyInitializeSync( PNOTIFY_SYNC * );
NTKERNELAPI VOID NTAPI FsRtlNotifyUninitializeSync( PNOTIFY_SYNC * );
NTKERNELAPI NTSTATUS NTAPI FsRtlNotifyVolumeEvent( PFILE_OBJECT, ULONG );
NTKERNELAPI ULONG NTAPI FsRtlNumberOfRunsInLargeMcb( PLARGE_MCB );
NTKERNELAPI ULONG NTAPI FsRtlNumberOfRunsInMcb( PMCB );
NTKERNELAPI NTSTATUS NTAPI FsRtlOplockFsctrl( POPLOCK, PIRP, ULONG );
NTKERNELAPI BOOLEAN NTAPI FsRtlOplockIsFastIoPossible( POPLOCK );
NTKERNELAPI VOID NTAPI FsRtlPostPagingFileStackOverflow( PVOID, PKEVENT, PFSRTL_STACK_OVERFLOW_ROUTINE );
NTKERNELAPI VOID NTAPI FsRtlPostStackOverflow( PVOID, PKEVENT, PFSRTL_STACK_OVERFLOW_ROUTINE );
NTKERNELAPI BOOLEAN NTAPI FsRtlPrepareMdlWriteDev( PFILE_OBJECT, PLARGE_INTEGER, ULONG, ULONG, PMDL *, PIO_STATUS_BLOCK, PDEVICE_OBJECT );
NTKERNELAPI BOOLEAN NTAPI FsRtlPrivateLock( PFILE_LOCK, PFILE_OBJECT, PLARGE_INTEGER, PLARGE_INTEGER, PEPROCESS, ULONG, BOOLEAN, BOOLEAN, PIO_STATUS_BLOCK, PIRP, PVOID, BOOLEAN );
NTKERNELAPI NTSTATUS NTAPI FsRtlProcessFileLock( PFILE_LOCK, PIRP, PVOID );
NTKERNELAPI NTSTATUS NTAPI FsRtlRegisterUncProvider( PHANDLE, PUNICODE_STRING, BOOLEAN );
NTKERNELAPI VOID NTAPI FsRtlReleaseFile( PFILE_OBJECT );
NTKERNELAPI VOID NTAPI FsRtlRemoveLargeMcbEntry( PLARGE_MCB, LONGLONG, LONGLONG );
NTKERNELAPI VOID NTAPI FsRtlRemoveMcbEntry( PMCB, VBN, ULONG );
NTKERNELAPI VOID NTAPI FsRtlResetLargeMcb( PLARGE_MCB, BOOLEAN );
NTKERNELAPI BOOLEAN NTAPI FsRtlSplitLargeMcb( PLARGE_MCB, LONGLONG, LONGLONG );
NTKERNELAPI VOID NTAPI FsRtlTeardownPerStreamContexts( PFSRTL_ADVANCED_FCB_HEADER );
NTKERNELAPI VOID NTAPI FsRtlTruncateLargeMcb( PLARGE_MCB, LONGLONG );
NTKERNELAPI VOID NTAPI FsRtlTruncateMcb( PMCB, VBN );
NTKERNELAPI VOID NTAPI FsRtlUninitializeFileLock( PFILE_LOCK );
NTKERNELAPI VOID NTAPI FsRtlUninitializeLargeMcb( PLARGE_MCB );
NTKERNELAPI VOID NTAPI FsRtlUninitializeMcb( PMCB );
NTKERNELAPI VOID NTAPI FsRtlUninitializeOplock( POPLOCK );
NTKERNELAPI VOID NTAPI IoAcquireVpbSpinLock( PKIRQL );
NTKERNELAPI NTSTATUS NTAPI IoCheckDesiredAccess( PACCESS_MASK, ACCESS_MASK );
NTKERNELAPI NTSTATUS NTAPI IoCheckEaBufferValidity( PFILE_FULL_EA_INFORMATION, ULONG, PULONG );
NTKERNELAPI NTSTATUS NTAPI IoCheckFunctionAccess( ACCESS_MASK, UCHAR, UCHAR, ULONG, PVOID, PVOID );
NTKERNELAPI NTSTATUS NTAPI IoCheckQuerySetFileInformation( FILE_INFORMATION_CLASS, ULONG, BOOLEAN );
NTKERNELAPI NTSTATUS NTAPI IoCheckQuerySetVolumeInformation( FS_INFORMATION_CLASS, ULONG, BOOLEAN );
NTKERNELAPI NTSTATUS NTAPI IoCheckQuotaBufferValidity( PFILE_QUOTA_INFORMATION, ULONG, PULONG );
NTKERNELAPI PFILE_OBJECT NTAPI IoCreateStreamFileObject( PFILE_OBJECT, PDEVICE_OBJECT );
NTKERNELAPI PFILE_OBJECT NTAPI IoCreateStreamFileObjectLite( PFILE_OBJECT, PDEVICE_OBJECT );
NTKERNELAPI BOOLEAN NTAPI IoFastQueryNetworkAttributes( POBJECT_ATTRIBUTES, ACCESS_MASK, ULONG, PIO_STATUS_BLOCK, PFILE_NETWORK_OPEN_INFORMATION );
NTKERNELAPI PDEVICE_OBJECT NTAPI IoGetAttachedDevice( PDEVICE_OBJECT );
NTKERNELAPI PDEVICE_OBJECT NTAPI IoGetBaseFileSystemDeviceObject( PFILE_OBJECT );
NTKERNELAPI PEPROCESS NTAPI IoGetRequestorProcess( PIRP );
NTKERNELAPI ULONG NTAPI IoGetRequestorProcessId( PIRP );
NTKERNELAPI NTSTATUS NTAPI IoGetRequestorSessionId( PIRP, PULONG );
NTKERNELAPI PIRP NTAPI IoGetTopLevelIrp( VOID );
NTKERNELAPI BOOLEAN NTAPI IoIsOperationSynchronous( PIRP );
NTKERNELAPI BOOLEAN NTAPI IoIsSystemThread( PETHREAD );
NTKERNELAPI BOOLEAN NTAPI IoIsValidNameGraftingBuffer( PIRP, PREPARSE_DATA_BUFFER );
NTKERNELAPI NTSTATUS NTAPI IoPageRead( PFILE_OBJECT, PMDL, PLARGE_INTEGER, PKEVENT, PIO_STATUS_BLOCK );
NTKERNELAPI NTSTATUS NTAPI IoQueryFileInformation( PFILE_OBJECT, FILE_INFORMATION_CLASS, ULONG, PVOID, PULONG );
NTKERNELAPI NTSTATUS NTAPI IoQueryVolumeInformation( PFILE_OBJECT, FS_INFORMATION_CLASS, ULONG, PVOID, PULONG );
NTKERNELAPI VOID NTAPI IoQueueThreadIrp( PIRP );
NTKERNELAPI VOID NTAPI IoRegisterFileSystem( PDEVICE_OBJECT );
NTKERNELAPI NTSTATUS NTAPI IoRegisterFsRegistrationChange( PDRIVER_OBJECT, PDRIVER_FS_NOTIFICATION );
NTKERNELAPI VOID NTAPI IoReleaseVpbSpinLock( KIRQL );
NTKERNELAPI VOID NTAPI IoSetDeviceToVerify( PETHREAD, PDEVICE_OBJECT );
NTKERNELAPI NTSTATUS NTAPI IoSetInformation( PFILE_OBJECT, FILE_INFORMATION_CLASS, ULONG, PVOID );
NTKERNELAPI VOID NTAPI IoSetTopLevelIrp( PIRP );
NTKERNELAPI NTSTATUS NTAPI IoSynchronousPageWrite( PFILE_OBJECT, PMDL, PLARGE_INTEGER, PKEVENT, PIO_STATUS_BLOCK );
NTKERNELAPI PEPROCESS NTAPI IoThreadToProcess( PETHREAD );
NTKERNELAPI VOID NTAPI IoUnregisterFileSystem( PDEVICE_OBJECT );
NTKERNELAPI VOID NTAPI IoUnregisterFsRegistrationChange( PDRIVER_OBJECT, PDRIVER_FS_NOTIFICATION );
NTKERNELAPI NTSTATUS NTAPI IoVerifyVolume( PDEVICE_OBJECT, BOOLEAN );
NTKERNELAPI VOID NTAPI KeAttachProcess( PRKPROCESS );
NTKERNELAPI VOID NTAPI KeDetachProcess( VOID );
NTKERNELAPI VOID NTAPI KeInitializeMutant( PRKMUTANT, BOOLEAN );
NTKERNELAPI VOID NTAPI KeInitializeQueue( PRKQUEUE, ULONG );
NTKERNELAPI LONG NTAPI KeInsertHeadQueue( PRKQUEUE, PLIST_ENTRY );
NTKERNELAPI LONG NTAPI KeInsertQueue( PRKQUEUE, PLIST_ENTRY );
NTKERNELAPI LONG NTAPI KeReadStateMutant( PRKMUTANT );
NTKERNELAPI LONG NTAPI KeReadStateQueue( PRKQUEUE );
NTKERNELAPI LONG NTAPI KeReleaseMutant( PRKMUTANT, KPRIORITY, BOOLEAN, BOOLEAN );
NTKERNELAPI PLIST_ENTRY NTAPI KeRemoveQueue( PRKQUEUE, KPROCESSOR_MODE, PLARGE_INTEGER );
NTKERNELAPI PLIST_ENTRY NTAPI KeRundownQueue( PRKQUEUE );
NTKERNELAPI UCHAR NTAPI KeSetIdealProcessorThread( PKTHREAD, UCHAR );
NTKERNELAPI BOOLEAN NTAPI KeSetKernelStackSwapEnable( BOOLEAN );
NTKERNELAPI VOID NTAPI KeStackAttachProcess( PRKPROCESS, PRKAPC_STATE );
NTKERNELAPI VOID NTAPI KeUnstackDetachProcess( PRKAPC_STATE );
NTKERNELAPI BOOLEAN NTAPI MmCanFileBeTruncated( PSECTION_OBJECT_POINTERS, PLARGE_INTEGER );
NTKERNELAPI BOOLEAN NTAPI MmFlushImageSection( PSECTION_OBJECT_POINTERS, MMFLUSH_TYPE );
NTKERNELAPI BOOLEAN NTAPI MmForceSectionClosed( PSECTION_OBJECT_POINTERS, BOOLEAN );
NTKERNELAPI BOOLEAN NTAPI MmIsRecursiveIoFault( VOID );
NTKERNELAPI BOOLEAN NTAPI MmSetAddressRangeModified( PVOID, SIZE_T );
NTKERNELAPI NTSTATUS NTAPI ObInsertObject( PVOID, PACCESS_STATE, ACCESS_MASK, ULONG, PVOID *, PHANDLE );
NTKERNELAPI VOID NTAPI ObMakeTemporaryObject( PVOID );
NTKERNELAPI NTSTATUS NTAPI ObOpenObjectByPointer( PVOID, ULONG, PACCESS_STATE, ACCESS_MASK, POBJECT_TYPE, KPROCESSOR_MODE, PHANDLE );
NTKERNELAPI NTSTATUS NTAPI ObQueryNameString( PVOID, POBJECT_NAME_INFORMATION, ULONG, PULONG );
NTKERNELAPI NTSTATUS NTAPI ObQueryObjectAuditingByHandle( HANDLE, PBOOLEAN );
NTKERNELAPI NTSTATUS NTAPI PsAssignImpersonationToken( PETHREAD, HANDLE );
NTKERNELAPI VOID NTAPI PsChargePoolQuota( PEPROCESS, POOL_TYPE, ULONG_PTR );
NTKERNELAPI BOOLEAN NTAPI PsDisableImpersonation( PETHREAD, PSE_IMPERSONATION_STATE );
NTKERNELAPI LARGE_INTEGER NTAPI PsGetProcessExitTime( VOID );
NTKERNELAPI NTSTATUS NTAPI PsImpersonateClient( PETHREAD, PACCESS_TOKEN, BOOLEAN, BOOLEAN, SECURITY_IMPERSONATION_LEVEL );
NTKERNELAPI BOOLEAN NTAPI PsIsThreadTerminating( PETHREAD );
NTKERNELAPI PACCESS_TOKEN NTAPI PsReferenceImpersonationToken( PETHREAD, PBOOLEAN, PBOOLEAN, PSECURITY_IMPERSONATION_LEVEL );
NTKERNELAPI PACCESS_TOKEN NTAPI PsReferencePrimaryToken( PEPROCESS );
NTKERNELAPI VOID NTAPI PsRestoreImpersonation( PETHREAD, PSE_IMPERSONATION_STATE );
NTKERNELAPI VOID NTAPI PsReturnPoolQuota( PEPROCESS, POOL_TYPE, ULONG_PTR );
NTKERNELAPI VOID NTAPI PsRevertToSelf( VOID );
NTKERNELAPI NTSTATUS NTAPI SeAppendPrivileges( PACCESS_STATE, PPRIVILEGE_SET );
NTKERNELAPI BOOLEAN NTAPI SeAuditingFileEvents( BOOLEAN, PSECURITY_DESCRIPTOR );
NTKERNELAPI BOOLEAN NTAPI SeAuditingFileOrGlobalEvents( BOOLEAN, PSECURITY_DESCRIPTOR, PSECURITY_SUBJECT_CONTEXT );
NTKERNELAPI NTSTATUS NTAPI SeCreateClientSecurity( PETHREAD, PSECURITY_QUALITY_OF_SERVICE, BOOLEAN, PSECURITY_CLIENT_CONTEXT );
NTKERNELAPI NTSTATUS NTAPI SeCreateClientSecurityFromSubjectContext( PSECURITY_SUBJECT_CONTEXT, PSECURITY_QUALITY_OF_SERVICE, BOOLEAN, PSECURITY_CLIENT_CONTEXT );
NTKERNELAPI VOID NTAPI SeDeleteObjectAuditAlarm( PVOID, HANDLE );
NTKERNELAPI VOID NTAPI SeFreePrivileges( PPRIVILEGE_SET );
NTKERNELAPI VOID NTAPI SeImpersonateClient( PSECURITY_CLIENT_CONTEXT, PETHREAD );
NTKERNELAPI NTSTATUS NTAPI SeImpersonateClientEx( PSECURITY_CLIENT_CONTEXT, PETHREAD );
NTKERNELAPI NTSTATUS NTAPI SeMarkLogonSessionForTerminationNotification( PLUID );
NTKERNELAPI VOID NTAPI SeOpenObjectAuditAlarm( PUNICODE_STRING, PVOID, PUNICODE_STRING, PSECURITY_DESCRIPTOR, PACCESS_STATE, BOOLEAN, BOOLEAN, KPROCESSOR_MODE, PBOOLEAN );
NTKERNELAPI VOID NTAPI SeOpenObjectForDeleteAuditAlarm( PUNICODE_STRING, PVOID, PUNICODE_STRING, PSECURITY_DESCRIPTOR, PACCESS_STATE, BOOLEAN, BOOLEAN, KPROCESSOR_MODE, PBOOLEAN );
NTKERNELAPI BOOLEAN NTAPI SePrivilegeCheck( PPRIVILEGE_SET, PSECURITY_SUBJECT_CONTEXT, KPROCESSOR_MODE );
NTKERNELAPI NTSTATUS NTAPI SeQueryAuthenticationIdToken( PACCESS_TOKEN, PLUID );
NTKERNELAPI NTSTATUS NTAPI SeQueryInformationToken( PACCESS_TOKEN, TOKEN_INFORMATION_CLASS, PVOID * );
NTKERNELAPI NTSTATUS NTAPI SeQuerySecurityDescriptorInfo( PSECURITY_INFORMATION, PSECURITY_DESCRIPTOR, PULONG, PSECURITY_DESCRIPTOR * );
NTKERNELAPI NTSTATUS NTAPI SeQuerySessionIdToken( PACCESS_TOKEN, PULONG );
NTKERNELAPI NTSTATUS NTAPI SeRegisterLogonSessionTerminatedRoutine( PSE_LOGON_SESSION_TERMINATED_ROUTINE );
NTKERNELAPI VOID NTAPI SeSetAccessStateGenericMapping( PACCESS_STATE, PGENERIC_MAPPING );
NTKERNELAPI NTSTATUS NTAPI SeSetSecurityDescriptorInfo( PVOID, PSECURITY_INFORMATION, PSECURITY_DESCRIPTOR, PSECURITY_DESCRIPTOR *, POOL_TYPE, PGENERIC_MAPPING );
NTKERNELAPI NTSTATUS NTAPI SeSetSecurityDescriptorInfoEx( PVOID, PSECURITY_INFORMATION, PSECURITY_DESCRIPTOR, PSECURITY_DESCRIPTOR *, ULONG, POOL_TYPE, PGENERIC_MAPPING );
NTKERNELAPI BOOLEAN NTAPI SeTokenIsAdmin( PACCESS_TOKEN );
NTKERNELAPI BOOLEAN NTAPI SeTokenIsRestricted( PACCESS_TOKEN );
NTKERNELAPI TOKEN_TYPE NTAPI SeTokenType( PACCESS_TOKEN );
NTKERNELAPI NTSTATUS NTAPI SeUnregisterLogonSessionTerminatedRoutine( PSE_LOGON_SESSION_TERMINATED_ROUTINE );
#endif
#if (NTDDI_VERSION >= 0x05000300)
NTKERNELAPI BOOLEAN NTAPI SeAuditingHardLinkEvents( BOOLEAN, PSECURITY_DESCRIPTOR );
#endif
#if (NTDDI_VERSION >= 0x05010000)
NTKERNELAPI LARGE_INTEGER NTAPI CcGetDirtyPages( PVOID, PDIRTY_PAGE_ROUTINE, PVOID, PVOID );
NTKERNELAPI VOID NTAPI CcMdlWriteAbort( PFILE_OBJECT, PMDL );
NTKERNELAPI VOID NTAPI CcSetLogHandleForFile( PFILE_OBJECT, PVOID, PFLUSH_TO_LSN );
NTKERNELAPI VOID NTAPI FsRtlIncrementCcFastReadNoWait( VOID );
NTKERNELAPI VOID NTAPI FsRtlIncrementCcFastReadNotPossible( VOID );
NTKERNELAPI VOID NTAPI FsRtlIncrementCcFastReadResourceMiss( VOID );
NTKERNELAPI VOID NTAPI FsRtlIncrementCcFastReadWait( VOID );
NTKERNELAPI NTSTATUS NTAPI FsRtlInsertPerStreamContext( PFSRTL_ADVANCED_FCB_HEADER, PFSRTL_PER_STREAM_CONTEXT );
NTKERNELAPI PFSRTL_PER_STREAM_CONTEXT NTAPI FsRtlLookupPerStreamContextInternal( PFSRTL_ADVANCED_FCB_HEADER, PVOID, PVOID );
NTKERNELAPI VOID NTAPI FsRtlNotifyFilterChangeDirectory( PNOTIFY_SYNC, PLIST_ENTRY, PVOID, PSTRING, BOOLEAN, BOOLEAN, ULONG, PIRP, PCHECK_FOR_TRAVERSE_ACCESS, PSECURITY_SUBJECT_CONTEXT, PFILTER_REPORT_CHANGE );
NTKERNELAPI NTSTATUS NTAPI FsRtlRegisterFileSystemFilterCallbacks( struct _DRIVER_OBJECT *, PFS_FILTER_CALLBACKS );
NTKERNELAPI PFSRTL_PER_STREAM_CONTEXT NTAPI FsRtlRemovePerStreamContext( PFSRTL_ADVANCED_FCB_HEADER, PVOID, PVOID );
NTKERNELAPI PFILE_OBJECT NTAPI IoCreateStreamFileObjectEx( PFILE_OBJECT, PDEVICE_OBJECT, PHANDLE );
NTKERNELAPI NTSTATUS NTAPI IoEnumerateDeviceObjectList( PDRIVER_OBJECT, PDEVICE_OBJECT *, ULONG, PULONG );
NTKERNELAPI PDEVICE_OBJECT NTAPI IoGetDeviceAttachmentBaseRef( PDEVICE_OBJECT );
NTKERNELAPI NTSTATUS NTAPI IoGetDiskDeviceObject( PDEVICE_OBJECT, PDEVICE_OBJECT * );
NTKERNELAPI PDEVICE_OBJECT NTAPI IoGetLowerDeviceObject( PDEVICE_OBJECT );
NTKERNELAPI NTSTATUS NTAPI IoQueryFileDosDeviceName( PFILE_OBJECT, POBJECT_NAME_INFORMATION * );
NTKERNELAPI NTSTATUS NTAPI MmPrefetchPages( ULONG, PREAD_LIST * );
NTKERNELAPI NTSTATUS NTAPI PoQueueShutdownWorkItem( PWORK_QUEUE_ITEM );
NTKERNELAPI NTSTATUS NTAPI PsChargeProcessPoolQuota( PEPROCESS, POOL_TYPE, ULONG_PTR );
NTKERNELAPI VOID NTAPI PsDereferenceImpersonationToken( PACCESS_TOKEN );
NTKERNELAPI VOID NTAPI PsDereferencePrimaryToken( PACCESS_TOKEN );
NTKERNELAPI BOOLEAN NTAPI PsIsSystemThread( PETHREAD );
NTKERNELAPI VOID NTAPI SeAuditHardLinkCreation( PUNICODE_STRING, PUNICODE_STRING, BOOLEAN );
NTKERNELAPI NTSTATUS NTAPI SeFilterToken( PACCESS_TOKEN, ULONG, PTOKEN_GROUPS, PTOKEN_PRIVILEGES, PTOKEN_GROUPS, PACCESS_TOKEN * );
#endif
#if ((NTDDI_VERSION >= 0x05010200) && (NTDDI_VERSION < 0x05020000)) || (NTDDI_VERSION >= 0x06000000)
NTKERNELAPI BOOLEAN NTAPI SeTokenIsWriteRestricted( PACCESS_TOKEN );
#endif
#if (NTDDI_VERSION >= 0x05010200)
NTKERNELAPI BOOLEAN NTAPI SeAuditingFileEventsWithContext( BOOLEAN, PSECURITY_DESCRIPTOR, PSECURITY_SUBJECT_CONTEXT );
NTKERNELAPI BOOLEAN NTAPI SeAuditingHardLinkEventsWithContext( BOOLEAN, PSECURITY_DESCRIPTOR, PSECURITY_SUBJECT_CONTEXT );
#endif
#if (NTDDI_VERSION >= 0x05020000)
NTKERNELAPI BOOLEAN NTAPI FsRtlAddBaseMcbEntry( PBASE_MCB, LONGLONG, LONGLONG, LONGLONG );
NTKERNELAPI BOOLEAN NTAPI FsRtlCurrentOplock( POPLOCK );
NTKERNELAPI BOOLEAN NTAPI FsRtlGetNextBaseMcbEntry( PBASE_MCB, ULONG, PLONGLONG, PLONGLONG, PLONGLONG );
NTKERNELAPI VOID NTAPI FsRtlInitializeBaseMcb( PBASE_MCB, POOL_TYPE );
NTKERNELAPI BOOLEAN NTAPI FsRtlLookupBaseMcbEntry( PBASE_MCB, LONGLONG, PLONGLONG, PLONGLONG, PLONGLONG, PLONGLONG, PULONG );
NTKERNELAPI BOOLEAN NTAPI FsRtlLookupLastBaseMcbEntry( PBASE_MCB, PLONGLONG, PLONGLONG );
NTKERNELAPI BOOLEAN NTAPI FsRtlLookupLastBaseMcbEntryAndIndex( PBASE_MCB, PLONGLONG, PLONGLONG, PULONG );
NTKERNELAPI ULONG NTAPI FsRtlNumberOfRunsInBaseMcb( PBASE_MCB );
NTKERNELAPI NTSTATUS NTAPI FsRtlOplockBreakToNone( POPLOCK, PIO_STACK_LOCATION, PIRP, PVOID, POPLOCK_WAIT_COMPLETE_ROUTINE, POPLOCK_FS_PREPOST_IRP );
NTKERNELAPI BOOLEAN NTAPI FsRtlRemoveBaseMcbEntry( PBASE_MCB, LONGLONG, LONGLONG );
NTKERNELAPI VOID NTAPI FsRtlResetBaseMcb( PBASE_MCB );
NTKERNELAPI BOOLEAN NTAPI FsRtlSplitBaseMcb( PBASE_MCB, LONGLONG, LONGLONG );
NTKERNELAPI VOID NTAPI FsRtlTruncateBaseMcb( PBASE_MCB, LONGLONG );
NTKERNELAPI VOID NTAPI FsRtlUninitializeBaseMcb( PBASE_MCB );
#endif
#if (NTDDI_VERSION >= 0x05020100)
NTKERNELAPI NTSTATUS NTAPI IoEnumerateRegisteredFiltersList( PDRIVER_OBJECT *, ULONG, PULONG );
#endif
#if (NTDDI_VERSION >= 0x06000000)
NTKERNELAPI PFILE_OBJECT NTAPI CcGetFileObjectFromSectionPtrsRef( PSECTION_OBJECT_POINTERS );
NTKERNELAPI BOOLEAN NTAPI CcIsThereDirtyDataEx( PVPB, PULONG );
NTKERNELAPI NTSTATUS NTAPI CcSetFileSizesEx( PFILE_OBJECT, PCC_FILE_SIZES );
NTKERNELAPI VOID NTAPI CcSetParallelFlushFile( PFILE_OBJECT, BOOLEAN );
NTKERNELAPI VOID NTAPI FsRtlAcknowledgeEcp( PVOID );
NTKERNELAPI NTSTATUS NTAPI FsRtlAddBaseMcbEntryEx( PBASE_MCB, LONGLONG, LONGLONG, LONGLONG );
NTKERNELAPI NTSTATUS NTAPI FsRtlAllocateExtraCreateParameter( LPCGUID, ULONG, FSRTL_ALLOCATE_ECP_FLAGS, PFSRTL_EXTRA_CREATE_PARAMETER_CLEANUP_CALLBACK, ULONG, PVOID * );
NTKERNELAPI NTSTATUS NTAPI FsRtlAllocateExtraCreateParameterFromLookasideList( LPCGUID, ULONG, FSRTL_ALLOCATE_ECP_FLAGS, PFSRTL_EXTRA_CREATE_PARAMETER_CLEANUP_CALLBACK, PVOID, PVOID * );
NTKERNELAPI NTSTATUS NTAPI FsRtlAllocateExtraCreateParameterList( FSRTL_ALLOCATE_ECPLIST_FLAGS, PECP_LIST * );
NTKERNELAPI BOOLEAN NTAPI FsRtlAreVolumeStartupApplicationsComplete( VOID );
NTKERNELAPI NTSTATUS NTAPI FsRtlCancellableWaitForMultipleObjects( ULONG, PVOID [], WAIT_TYPE, PLARGE_INTEGER, PKWAIT_BLOCK, PIRP );
NTKERNELAPI NTSTATUS NTAPI FsRtlCancellableWaitForSingleObject( PVOID, PLARGE_INTEGER, PIRP );
NTKERNELAPI NTSTATUS NTAPI FsRtlChangeBackingFileObject( PFILE_OBJECT, PFILE_OBJECT, FSRTL_CHANGE_BACKING_TYPE, ULONG );
NTKERNELAPI VOID NTAPI FsRtlDeleteExtraCreateParameterLookasideList( PVOID, FSRTL_ECP_LOOKASIDE_FLAGS );
NTKERNELAPI NTSTATUS NTAPI FsRtlFindExtraCreateParameter( PECP_LIST, LPCGUID, PVOID *, ULONG * );
NTKERNELAPI VOID NTAPI FsRtlFreeExtraCreateParameter( PVOID );
NTKERNELAPI VOID NTAPI FsRtlFreeExtraCreateParameterList( PECP_LIST );
NTKERNELAPI NTSTATUS NTAPI FsRtlGetEcpListFromIrp( PIRP, PECP_LIST * );
NTKERNELAPI NTSTATUS NTAPI FsRtlGetNextExtraCreateParameter( PECP_LIST, PVOID, LPGUID, PVOID *, ULONG * );
NTKERNELAPI NTSTATUS NTAPI FsRtlGetVirtualDiskNestingLevel( PDEVICE_OBJECT, PULONG, PULONG );
NTKERNELAPI VOID NTAPI FsRtlIncrementCcFastMdlReadWait( VOID );
NTKERNELAPI VOID NTAPI FsRtlInitExtraCreateParameterLookasideList( PVOID, FSRTL_ECP_LOOKASIDE_FLAGS, SIZE_T, ULONG );
NTKERNELAPI BOOLEAN NTAPI FsRtlInitializeBaseMcbEx( PBASE_MCB, POOL_TYPE, USHORT );
NTKERNELAPI NTSTATUS NTAPI FsRtlInsertExtraCreateParameter( PECP_LIST, PVOID );
NTKERNELAPI BOOLEAN NTAPI FsRtlIsEcpAcknowledged( PVOID );
NTKERNELAPI BOOLEAN NTAPI FsRtlIsEcpFromUserMode( PVOID );
NTKERNELAPI LOGICAL NTAPI FsRtlIsPagingFile( PFILE_OBJECT );
NTKERNELAPI NTSTATUS NTAPI FsRtlLogCcFlushError( PUNICODE_STRING, PDEVICE_OBJECT, PSECTION_OBJECT_POINTERS, NTSTATUS, ULONG );
NTKERNELAPI NTSTATUS NTAPI FsRtlMupGetProviderIdFromName( PUNICODE_STRING, PULONG32 );
NTKERNELAPI NTSTATUS NTAPI FsRtlMupGetProviderInfoFromFileObject( PFILE_OBJECT, ULONG, PVOID, PULONG );
NTKERNELAPI VOID NTAPI FsRtlNotifyCleanupAll( PNOTIFY_SYNC, PLIST_ENTRY );
NTKERNELAPI NTSTATUS NTAPI FsRtlNotifyVolumeEventEx( PFILE_OBJECT, ULONG, PTARGET_DEVICE_CUSTOM_NOTIFICATION );
NTKERNELAPI ULONG NTAPI FsRtlQueryMaximumVirtualDiskNestingLevel( VOID );
NTKERNELAPI NTSTATUS NTAPI FsRtlRegisterUncProviderEx( PHANDLE, PUNICODE_STRING, PDEVICE_OBJECT, ULONG );
NTKERNELAPI NTSTATUS NTAPI FsRtlRemoveDotsFromPath( PWSTR, USHORT, USHORT * );
NTKERNELAPI NTSTATUS NTAPI FsRtlRemoveExtraCreateParameter( PECP_LIST, LPCGUID, PVOID *, ULONG * );
NTKERNELAPI NTSTATUS NTAPI FsRtlSetEcpListIntoIrp( PIRP, PECP_LIST );
NTKERNELAPI NTSTATUS NTAPI FsRtlValidateReparsePointBuffer( ULONG, PREPARSE_DATA_BUFFER );
NTKERNELAPI ULONG NTAPI MmDoesFileHaveUserWritableReferences( PSECTION_OBJECT_POINTERS );
NTKERNELAPI BOOLEAN NTAPI ObIsKernelHandle( HANDLE );
NTKERNELAPI VOID NTAPI SeAuditHardLinkCreationWithTransaction( PUNICODE_STRING, PUNICODE_STRING, BOOLEAN, GUID * );
NTKERNELAPI VOID NTAPI SeAuditTransactionStateChange( GUID *, GUID *, ULONG );
NTKERNELAPI VOID NTAPI SeDeleteObjectAuditAlarmWithTransaction( PVOID, HANDLE, GUID * );
NTKERNELAPI VOID NTAPI SeExamineSacl( PACL, PACCESS_TOKEN, ACCESS_MASK, BOOLEAN, PBOOLEAN, PBOOLEAN );
NTKERNELAPI VOID NTAPI SeOpenObjectAuditAlarmWithTransaction( PUNICODE_STRING, PVOID, PUNICODE_STRING, PSECURITY_DESCRIPTOR, PACCESS_STATE, BOOLEAN, BOOLEAN, KPROCESSOR_MODE, GUID *, PBOOLEAN );
NTKERNELAPI VOID NTAPI SeOpenObjectForDeleteAuditAlarmWithTransaction( PUNICODE_STRING, PVOID, PUNICODE_STRING, PSECURITY_DESCRIPTOR, PACCESS_STATE, BOOLEAN, BOOLEAN, KPROCESSOR_MODE, GUID *, PBOOLEAN );
#endif
#if (NTDDI_VERSION >= 0x06000100)
NTKERNELAPI NTSTATUS NTAPI FsRtlCheckOplockEx( POPLOCK, PIRP, ULONG, PVOID, POPLOCK_WAIT_COMPLETE_ROUTINE, POPLOCK_FS_PREPOST_IRP );
#endif
#if (NTDDI_VERSION >= 0x06010000)
NTKERNELAPI VOID NTAPI CcCoherencyFlushAndPurgeCache( PSECTION_OBJECT_POINTERS, PLARGE_INTEGER, ULONG, PIO_STATUS_BLOCK, ULONG );
NTKERNELAPI BOOLEAN NTAPI CcCopyWriteWontFlush( PFILE_OBJECT, PLARGE_INTEGER, ULONG );
NTKERNELAPI BOOLEAN NTAPI FsRtlAreThereCurrentOrInProgressFileLocks( PFILE_LOCK );
NTKERNELAPI BOOLEAN NTAPI FsRtlCurrentOplockH( POPLOCK );
NTKERNELAPI NTSTATUS NTAPI FsRtlInitializeExtraCreateParameter( PECP_HEADER, ULONG, PFSRTL_EXTRA_CREATE_PARAMETER_CLEANUP_CALLBACK, ULONG, LPCGUID, PVOID );
NTKERNELAPI NTSTATUS NTAPI FsRtlInitializeExtraCreateParameterList( PECP_LIST );
NTKERNELAPI NTSTATUS NTAPI FsRtlOplockBreakH( POPLOCK, PIRP, ULONG, PVOID, POPLOCK_WAIT_COMPLETE_ROUTINE, POPLOCK_FS_PREPOST_IRP );
NTKERNELAPI NTSTATUS NTAPI FsRtlOplockBreakToNoneEx( POPLOCK, PIRP, ULONG, PVOID, POPLOCK_WAIT_COMPLETE_ROUTINE, POPLOCK_FS_PREPOST_IRP );
NTKERNELAPI NTSTATUS NTAPI FsRtlOplockFsctrlEx( POPLOCK, PIRP, ULONG, ULONG );
NTKERNELAPI BOOLEAN NTAPI FsRtlOplockIsSharedRequest( PIRP );
NTKERNELAPI BOOLEAN NTAPI FsRtlOplockKeysEqual( PFILE_OBJECT, PFILE_OBJECT );
NTKERNELAPI NTSTATUS NTAPI IoRegisterFsRegistrationChangeMountAware( PDRIVER_OBJECT, PDRIVER_FS_NOTIFICATION, BOOLEAN );
NTKERNELAPI NTSTATUS NTAPI IoReplaceFileObjectName( PFILE_OBJECT, PWSTR, USHORT );
NTKERNELAPI NTSTATUS NTAPI ObOpenObjectByPointerWithTag( PVOID, ULONG, PACCESS_STATE, ACCESS_MASK, POBJECT_TYPE, KPROCESSOR_MODE, ULONG, PHANDLE );
NTKERNELAPI BOOLEAN NTAPI SeAuditingAnyFileEventsWithContext( PSECURITY_DESCRIPTOR, PSECURITY_SUBJECT_CONTEXT );
#endif
/* Functions in NTOSKRNL.EXE with different signatures on different versions */
#if (NTDDI_VERSION >= 0x05010000)
NTKERNELAPI BOOLEAN NTAPI CcMapData( PFILE_OBJECT, PLARGE_INTEGER, ULONG, ULONG, PVOID *, PVOID * );
#else
NTKERNELAPI BOOLEAN NTAPI CcMapData( PFILE_OBJECT, PLARGE_INTEGER, ULONG, BOOLEAN, PVOID *, PVOID * );
#endif
#if (NTDDI_VERSION >= 0x06000000)
NTKERNELAPI BOOLEAN NTAPI CcPurgeCacheSection( PSECTION_OBJECT_POINTERS, PLARGE_INTEGER, ULONG, ULONG );
#elif (NTDDI_VERSION >= 0x05000000)
NTKERNELAPI BOOLEAN NTAPI CcPurgeCacheSection( PSECTION_OBJECT_POINTERS, PLARGE_INTEGER, ULONG, BOOLEAN );
#endif
/* Functions in HAL.DLL */
#if (NTDDI_VERSION >= 0x05000000)
#ifdef _X86_
NTHALAPI KIRQL FASTCALL KeAcquireSpinLockRaiseToSynch( PKSPIN_LOCK );
#endif
#endif
#if (NTDDI_VERSION >= 0x05010000)
#ifdef _X86_
NTHALAPI KIRQL FASTCALL KeAcquireQueuedSpinLock( KSPIN_LOCK_QUEUE_NUMBER );
NTHALAPI VOID FASTCALL KeReleaseQueuedSpinLock( KSPIN_LOCK_QUEUE_NUMBER, KIRQL );
NTHALAPI LOGICAL FASTCALL KeTryToAcquireQueuedSpinLock( KSPIN_LOCK_QUEUE_NUMBER, PKIRQL );
#endif
#endif
/* Functions in KSECDD.SYS */
KSECDDDECLSPEC HRESULT SEC_ENTRY GetSecurityUserInfo( PLUID, ULONG, PSecurityUserData * );
KSECDDDECLSPEC SECURITY_STATUS SEC_ENTRY MapSecurityError( SECURITY_STATUS );
/* Functions implemented as macros */
#define RtlUnicodeStringToOemSize( x ) \
((*NlsMbOemCodePageTag) ? RtlxUnicodeStringToOemSize( x ) : \
((x)->Length + sizeof( UNICODE_NULL )) / sizeof( WCHAR ))
#define RtlOemStringToUnicodeSize( x ) \
((*NlsMbOemCodePageTag) ? RtlxOemStringToUnicodeSize( x ) : \
((x)->Length + sizeof( ANSI_NULL )) * sizeof( WCHAR ))
#define RtlOemStringToCountedUnicodeSize( x ) \
(ULONG)(RtlOemStringToUnicodeSize( x ) - sizeof( UNICODE_NULL ))
#define RtlOffsetToPointer( p1, p2 ) (PCHAR)((PCHAR)(p1) + (ULONG_PTR)(p2))
#define RtlPointerToOffset( p1, p2 ) (ULONG)((PCHAR)(p2) - (PCHAR)(p1))
#define SeLengthSid( x ) (8 + (4 * ((SID *)(x))->SubAuthorityCount))
#define SeDeleteClientSecurity( x ) \
if( SeTokenType( (x)->ClientToken ) == TokenPrimary ) { \
PsDereferencePrimaryToken( (x)->ClientToken ); \
} else { \
PsDereferenceImpersonationToken( (x)->ClientToken ); \
}
#define SeStopImpersonatingClient() PsRevertToSelf()
#define SeQuerySubjectContextToken( x ) \
(((PSECURITY_SUBJECT_CONTEXT)(x))->ClientToken != NULL ? \
((PSECURITY_SUBJECT_CONTEXT)(x))->ClientToken : \
((PSECURITY_SUBJECT_CONTEXT)(x))->PrimaryToken)
#define IoIsFileOpenedExclusively( x ) \
((BOOLEAN)!((x)->SharedRead || (x)->SharedWrite || (x)->SharedDelete))
#define FsRtlFastLock( p1, p2, p3, p4, p5, p6, p7, p8, p9, p10, p11 ) \
FsRtlPrivateLock( p1, p2, p3, p4, p5, p6, p7, p8, p9, NULL, p10, p11 )
#define FsRtlAreThereCurrentFileLocks( x ) \
((x)->FastIoIsQuestionable)
#define FsRtlIncrementLockRequestsInProgress( x ) \
{ \
ASSERT( (x)->LockRequestsInProgress >= 0 ); \
InterlockedIncrement( (LONG volatile *)&((x)->LockRequestsInProgress) ); \
}
#define FsRtlDecrementLockRequestsInProgress( x ) \
{ \
ASSERT( (x)->LockRequestsInProgress > 0 ); \
InterlockedDecrement( (LONG volatile *)&((x)->LockRequestsInProgress) ); \
}
#define FsRtlTestAnsiCharacter( x, p1, p2, p3 ) \
(((SCHAR)(x) < 0) ? p1 : ((*FsRtlLegalAnsiCharacterArray)[(x)] & \
(p3) | ((p2) ? FSRTL_WILD_CHARACTER : 0)))
#define FsRtlIsAnsiCharacterWild( x ) \
FsRtlTestAnsiCharacter( x, FALSE, FALSE, FSRTL_WILD_CHARACTER )
#define FsRtlIsAnsiCharacterLegalFat( x, p ) \
FsRtlTestAnsiCharacter( x, TRUE, p, FSRTL_FAT_LEGAL )
#define FsRtlIsAnsiCharacterLegalHpfs( x, p ) \
FsRtlTestAnsiCharacter( x, TRUE, p, FSRTL_HPFS_LEGAL )
#define FsRtlIsAnsiCharacterLegalNtfs( x, p ) \
FsRtlTestAnsiCharacter( x, TRUE, p, FSRTL_NTFS_LEGAL )
#define FsRtlIsAnsiCharacterLegalNtfsStream( x, p ) \
FsRtlTestAnsiCharacter( x, TRUE, p, FSRTL_NTFS_STREAM_LEGAL )
#define FsRtlIsAnsiCharacterLegal( x, p ) \
FsRtlTestAnsiCharacter( x, TRUE, FALSE, p )
#define FsRtlIsLeadDbcsCharacter( x ) \
((BOOLEAN)((UCHAR)(x) < 0x80 ? FALSE : ((*NlsMbCodePageTag) && \
((*NlsOemLeadByteInfo)[(UCHAR)(x)] != 0))))
#define FsRtlAllocatePoolWithTag( p1, p2, p3 ) \
ExAllocatePoolWithTag( (POOL_TYPE)((p1) | POOL_RAISE_IF_ALLOCATION_FAILURE), \
p2, p3)
#define FsRtlAllocatePoolWithQuotaTag( p1, p2, p3 ) \
ExAllocatePoolWithQuotaTag( (POOL_TYPE)((p1) | POOL_RAISE_IF_ALLOCATION_FAILURE), \
p2, p3)
#define FsRtlIsUnicodeCharacterWild( x ) \
(((x) >= 0x40) ? FALSE : ((*FsRtlLegalAnsiCharacterArray)[(x)] & \
FSRTL_WILD_CHARACTER))
#define FsRtlInitPerFileContext( x, p1, p2, p3 ) \
((x)->OwnerId = (p1), (x)->InstanceId = (p2), (x)->FreeCallback = (p3))
#define FsRtlSupportsPerFileContexts( x ) \
((FsRtlGetPerStreamContextPointer( x ) != NULL) && \
(FsRtlGetPerStreamContextPointer( x )->Version >= FSRTL_FCB_HEADER_V1) && \
(FsRtlGetPerStreamContextPointer( x )->FileContextSupportPointer != NULL))
#define FsRtlGetPerFileContextPointer( x ) \
(FsRtlSupportsPerFileContexts( x ) ? \
FsRtlGetPerStreamContextPointer( x )->FileContextSupportPointer : NULL)
#define FsRtlSetupAdvancedHeaderEx( x, p1, p2 ) \
{ \
FsRtlSetupAdvancedHeader( x, p1 ); \
if( (p2) != NULL ) { \
(x)->FileContextSupportPointer = (p2); \
} \
}
#define FsRtlInitPerStreamContext( x, p1, p2, p3 ) \
((x)->OwnerId = (p1), (x)->InstanceId = (p2), (x)->FreeCallback = (p3))
#define FsRtlGetPerStreamContextPointer( x ) \
((PFSRTL_ADVANCED_FCB_HEADER)((x)->FsContext))
#define FsRtlSupportsPerStreamContexts( x ) \
((FsRtlGetPerStreamContextPointer( x ) != NULL) && \
(FsRtlGetPerStreamContextPointer( x )->Flags2 & \
FSRTL_FLAG2_SUPPORTS_FILTER_CONTEXTS))
#define FsRtlLookupPerStreamContext( x, p1, p2 ) \
((((x) != NULL) && ((x)->Flags2 & FSRTL_FLAG2_SUPPORTS_FILTER_CONTEXTS) && \
!IsListEmpty( &(x)->FilterContexts )) ? \
FsRtlLookupPerStreamContextInternal( x, p1, p2 ) : NULL)
#define FsRtlInitPerFileObjectContext( x, p1, p2 ) \
((x)->OwnerId = (p1), (x)->InstanceId = (p2))
#define FsRtlCompleteRequest( x, p ) \
{ \
(x)->IoStatus.Status = (p); \
IoCompleteRequest( x, IO_DISK_INCREMENT ); \
}
#define FsRtlEnterFileSystem() KeEnterCriticalRegion()
#define FsRtlExitFileSystem() KeLeaveCriticalRegion()
#define CcIsFileCached( x ) \
(((x)->SectionObjectPointer != NULL) && \
(((PSECTION_OBJECT_POINTERS)(x)->SectionObjectPointer)->SharedCacheMap != NULL))
#define CcGetFileSizePointer( x ) \
((PLARGE_INTEGER)((x)->SectionObjectPointer->SharedCacheMap) + 1)
#if (NTDDI_VERSION < 0x06010000)
#define CcCopyWriteWontFlush( p1, p2, p3 ) ((p3) <= 0x00010000)
#endif
#define CcReadAhead( p1, p2, p3 ) \
{ \
if( (p3) >= 256 ) { \
CcScheduleReadAhead( p1, p2, p3 ); \
} \
}
/* Other macros */
#define LEGAL_ANSI_CHARACTER_ARRAY (*FsRtlLegalAnsiCharacterArray)
#define NLS_OEM_LEAD_BYTE_INFO (*NlsOemLeadByteInfo)
__inline void FsRtlSetupAdvancedHeader( PVOID x, PFAST_MUTEX p )
{
PFSRTL_ADVANCED_FCB_HEADER v = (PFSRTL_ADVANCED_FCB_HEADER)x;
v->Flags |= FSRTL_FLAG_ADVANCED_HEADER;
v->Flags2 |= FSRTL_FLAG2_SUPPORTS_FILTER_CONTEXTS;
#if (NTDDI_VERSION >= 0x06000000)
v->Version = FSRTL_FCB_HEADER_V1;
#else
v->Version = FSRTL_FCB_HEADER_V0;
#endif
InitializeListHead( &v->FilterContexts );
if( p != NULL ) {
v->FastMutex = p;
}
#if (NTDDI_VERSION >= 0x06000000)
*((PULONG_PTR)&v->PushLock) = 0;
v->FileContextSupportPointer = NULL;
#endif
}
#if (NTDDI_VERSION >= 0x06000000)
__inline VOID IoInitializePriorityInfo( PIO_PRIORITY_INFO x )
{
x->Size = sizeof( IO_PRIORITY_INFO );
x->ThreadPriority = 0xFFFF;
x->IoPriority = IoPriorityNormal;
x->PagePriority = 0;
}
#endif /* (NTDDI_VERSION >= 0x06000000) */
#ifdef __cplusplus
} /* extern "C" */
#endif
#endif /* _NTIFS_ */