1 //////////////////////////////////////////////////////////////////// 2 // Copyright (C) Alexander Telyatnikov, Ivan Keliukh, Yegor Anchishkin, SKIF Software, 1999-2013. Kiev, Ukraine 3 // All rights reserved 4 // This file was released under the GPLv2 on June 2015. 5 //////////////////////////////////////////////////////////////////// 6 7 #ifndef __NTIFS_EX_H__ 8 #define __NTIFS_EX_H__ 9 10 #ifndef WIN64 11 12 // _MM_PAGE_PRIORITY_ provides a method for the system to handle requests 13 // intelligently in low resource conditions. 14 // 15 // LowPagePriority should be used when it is acceptable to the driver for the 16 // mapping request to fail if the system is low on resources. An example of 17 // this could be for a non-critical network connection where the driver can 18 // handle the failure case when system resources are close to being depleted. 19 // 20 // NormalPagePriority should be used when it is acceptable to the driver for the 21 // mapping request to fail if the system is very low on resources. An example 22 // of this could be for a non-critical local filesystem request. 23 // 24 // HighPagePriority should be used when it is unacceptable to the driver for the 25 // mapping request to fail unless the system is completely out of resources. 26 // An example of this would be the paging file path in a driver. 27 // 28 29 #if 0 30 typedef enum _MM_PAGE_PRIORITY { 31 LowPagePriority, 32 NormalPagePriority = 16, 33 HighPagePriority = 32 34 } MM_PAGE_PRIORITY; 35 #endif 36 37 #endif //WIN64 38 39 // 40 // Note: This function is not available in WDM 1.0 41 // 42 #if 0 43 NTKERNELAPI 44 PVOID 45 MmMapLockedPagesSpecifyCache ( 46 IN PMDL MemoryDescriptorList, 47 IN KPROCESSOR_MODE AccessMode, 48 IN MEMORY_CACHING_TYPE CacheType, 49 IN PVOID BaseAddress, 50 IN ULONG BugCheckOnFailure, 51 IN MM_PAGE_PRIORITY Priority 52 ); 53 #endif 54 55 // PVOID 56 // MmGetSystemAddressForMdlSafe ( 57 // IN PMDL MDL, 58 // IN MM_PAGE_PRIORITY PRIORITY 59 // ) 60 // 61 // Routine Description: 62 // 63 // This routine returns the mapped address of an MDL. If the 64 // Mdl is not already mapped or a system address, it is mapped. 65 // 66 // Arguments: 67 // 68 // MemoryDescriptorList - Pointer to the MDL to map. 69 // 70 // Priority - Supplies an indication as to how important it is that this 71 // request succeed under low available PTE conditions. 72 // 73 // Return Value: 74 // 75 // Returns the base address where the pages are mapped. The base address 76 // has the same offset as the virtual address in the MDL. 77 // 78 // Unlike MmGetSystemAddressForMdl, Safe guarantees that it will always 79 // return NULL on failure instead of bugchecking the system. 80 // 81 // This macro is not usable by WDM 1.0 drivers as 1.0 did not include 82 // MmMapLockedPagesSpecifyCache. The solution for WDM 1.0 drivers is to 83 // provide synchronization and set/reset the MDL_MAPPING_CAN_FAIL bit. 84 // 85 //-- 86 87 #if 0 88 #define MmGetSystemAddressForMdlSafe(MDL, PRIORITY) \ 89 (((MDL)->MdlFlags & (MDL_MAPPED_TO_SYSTEM_VA | \ 90 MDL_SOURCE_IS_NONPAGED_POOL)) ? \ 91 ((MDL)->MappedSystemVa) : \ 92 (MmMapLockedPagesSpecifyCache((MDL), \ 93 KernelMode, \ 94 MmCached, \ 95 NULL, \ 96 FALSE, \ 97 (PRIORITY)))) 98 #endif 99 100 101 __inline PVOID MmGetSystemAddressForMdlSafer(IN PMDL Mdl) 102 { 103 PVOID Addr; 104 105 if (Mdl->MdlFlags & (MDL_MAPPED_TO_SYSTEM_VA | MDL_SOURCE_IS_NONPAGED_POOL)) { 106 Addr = Mdl->MappedSystemVa; 107 } else { 108 CSHORT PrevFlag = Mdl->MdlFlags & MDL_MAPPING_CAN_FAIL; 109 110 Mdl->MdlFlags |= MDL_MAPPING_CAN_FAIL; 111 Addr = MmMapLockedPages(Mdl, KernelMode); 112 Mdl->MdlFlags = (Mdl->MdlFlags & ~MDL_MAPPING_CAN_FAIL) | PrevFlag; 113 } 114 115 return(Addr); 116 } 117 118 #define FULL_SECURITY_INFORMATION (OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION | SACL_SECURITY_INFORMATION) 119 120 #ifndef WIN64 121 #if 0 122 NTSYSAPI 123 ULONG 124 NTAPI 125 RtlLengthRequiredSid ( 126 IN UCHAR SubAuthorityCount 127 ); 128 #endif 129 130 #endif //WIN64 131 132 NTSYSAPI 133 NTSTATUS 134 NTAPI 135 RtlSetGroupSecurityDescriptor ( 136 IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor, 137 IN PSID Group, 138 IN BOOLEAN GroupDefaulted 139 ); 140 141 NTSYSAPI 142 NTSTATUS 143 NTAPI 144 RtlSetSaclSecurityDescriptor ( 145 IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor, 146 IN BOOLEAN SaclPresent, 147 IN PACL Sacl, 148 IN BOOLEAN SaclDefaulted 149 ); 150 151 NTSYSAPI 152 PUCHAR 153 NTAPI 154 RtlSubAuthorityCountSid ( 155 IN PSID Sid 156 ); 157 158 #if 0 159 NTKERNELAPI 160 HANDLE 161 PsReferencePrimaryToken ( 162 IN PEPROCESS Process 163 ); 164 #endif 165 166 NTSYSAPI 167 NTSTATUS 168 NTAPI 169 RtlAbsoluteToSelfRelativeSD ( 170 IN PSECURITY_DESCRIPTOR AbsoluteSecurityDescriptor, 171 IN OUT PSECURITY_DESCRIPTOR SelfRelativeSecurityDescriptor, 172 IN PULONG BufferLength 173 ); 174 175 NTSYSAPI 176 NTSTATUS 177 NTAPI 178 RtlAllocateAndInitializeSid ( 179 IN PSID_IDENTIFIER_AUTHORITY IdentifierAuthority, 180 IN UCHAR SubAuthorityCount, 181 IN ULONG SubAuthority0, 182 IN ULONG SubAuthority1, 183 IN ULONG SubAuthority2, 184 IN ULONG SubAuthority3, 185 IN ULONG SubAuthority4, 186 IN ULONG SubAuthority5, 187 IN ULONG SubAuthority6, 188 IN ULONG SubAuthority7, 189 OUT PSID *Sid 190 ); 191 192 NTSYSAPI 193 NTSTATUS 194 NTAPI 195 RtlConvertSidToUnicodeString ( 196 OUT PUNICODE_STRING DestinationString, 197 IN PVOID Sid, 198 IN BOOLEAN AllocateDestinationString 199 ); 200 201 NTSYSAPI 202 NTSTATUS 203 NTAPI 204 RtlGetGroupSecurityDescriptor ( 205 IN PSECURITY_DESCRIPTOR SecurityDescriptor, 206 OUT PSID *Group, 207 OUT PBOOLEAN GroupDefaulted 208 ); 209 210 NTSYSAPI 211 NTSTATUS 212 NTAPI 213 RtlGetOwnerSecurityDescriptor ( 214 IN PSECURITY_DESCRIPTOR SecurityDescriptor, 215 OUT PSID *Owner, 216 OUT PBOOLEAN OwnerDefaulted 217 ); 218 219 NTSYSAPI 220 NTSTATUS 221 NTAPI 222 RtlInitializeSid ( 223 IN OUT PSID Sid, 224 IN PSID_IDENTIFIER_AUTHORITY IdentifierAuthority, 225 IN UCHAR SubAuthorityCount 226 ); 227 228 #ifndef WIN64 229 230 #if 0 231 232 typedef struct _TOKEN_OWNER { // to 233 PSID Owner; 234 } TOKEN_OWNER; 235 236 typedef struct _TOKEN_PRIMARY_GROUP { // tpg 237 PSID PrimaryGroup; 238 } TOKEN_PRIMARY_GROUP; 239 240 #endif 241 242 #endif //WIN64 243 244 // The following macro is used to detemine if the file object is opened 245 // for read only access (i.e., it is not also opened for write access or 246 // delete access). 247 // 248 // BOOLEAN 249 // IsFileObjectReadOnly ( 250 // IN PFILE_OBJECT FileObject 251 // ); 252 253 #define IsFileObjectReadOnly(FO) (!((FO)->WriteAccess | (FO)->DeleteAccess)) 254 255 // 256 #ifndef FSCTL_GET_COMPRESSION 257 258 #define FSCTL_GET_COMPRESSION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 15, METHOD_BUFFERED, FILE_ANY_ACCESS) 259 #define FSCTL_SET_COMPRESSION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 16, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA) 260 261 #define FSCTL_GET_NTFS_VOLUME_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 25, METHOD_BUFFERED, FILE_ANY_ACCESS) 262 #define FSCTL_GET_NTFS_FILE_RECORD CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 26, METHOD_BUFFERED, FILE_ANY_ACCESS) 263 264 #define FSCTL_GET_HFS_INFORMATION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 31, METHOD_BUFFERED, FILE_ANY_ACCESS) 265 266 #endif //FSCTL_GET_COMPRESSION 267 268 269 #if (_WIN32_WINNT >= 0x0500) 270 #if 0 271 #define FSCTL_READ_PROPERTY_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 33, METHOD_NEITHER, FILE_ANY_ACCESS) 272 #define FSCTL_WRITE_PROPERTY_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 34, METHOD_NEITHER, FILE_ANY_ACCESS) 273 #define FSCTL_FIND_FILES_BY_SID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 35, METHOD_NEITHER, FILE_ANY_ACCESS) 274 275 #define FSCTL_DUMP_PROPERTY_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 37, METHOD_NEITHER, FILE_ANY_ACCESS) 276 #define FSCTL_SET_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 38, METHOD_BUFFERED, FILE_WRITE_DATA) 277 #define FSCTL_GET_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 39, METHOD_BUFFERED, FILE_ANY_ACCESS) 278 #define FSCTL_DELETE_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 40, METHOD_BUFFERED, FILE_WRITE_DATA) 279 #define FSCTL_SET_REPARSE_POINT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 41, METHOD_BUFFERED, FILE_WRITE_DATA) 280 #define FSCTL_GET_REPARSE_POINT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 42, METHOD_BUFFERED, FILE_ANY_ACCESS) 281 #define FSCTL_DELETE_REPARSE_POINT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 43, METHOD_BUFFERED, FILE_WRITE_DATA) 282 #define FSCTL_ENUM_USN_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 44, METHOD_NEITHER, FILE_READ_DATA) 283 #define FSCTL_SECURITY_ID_CHECK CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 45, METHOD_NEITHER, FILE_READ_DATA) 284 #define FSCTL_READ_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 46, METHOD_NEITHER, FILE_READ_DATA) 285 #define FSCTL_SET_OBJECT_ID_EXTENDED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 47, METHOD_BUFFERED, FILE_WRITE_DATA) 286 #define FSCTL_CREATE_OR_GET_OBJECT_ID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 48, METHOD_BUFFERED, FILE_ANY_ACCESS) 287 #define FSCTL_SET_SPARSE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 49, METHOD_BUFFERED, FILE_WRITE_DATA) 288 #define FSCTL_SET_ZERO_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 50, METHOD_BUFFERED, FILE_WRITE_DATA) 289 #define FSCTL_QUERY_ALLOCATED_RANGES CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 51, METHOD_NEITHER, FILE_READ_DATA) 290 #define FSCTL_ENABLE_UPGRADE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 52, METHOD_BUFFERED, FILE_WRITE_DATA) 291 #define FSCTL_SET_ENCRYPTION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 53, METHOD_BUFFERED, FILE_ANY_ACCESS) 292 #define FSCTL_ENCRYPTION_FSCTL_IO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 54, METHOD_NEITHER, FILE_ANY_ACCESS) 293 #define FSCTL_WRITE_RAW_ENCRYPTED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 55, METHOD_NEITHER, FILE_ANY_ACCESS) 294 #define FSCTL_READ_RAW_ENCRYPTED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 56, METHOD_NEITHER, FILE_ANY_ACCESS) 295 #define FSCTL_CREATE_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 57, METHOD_NEITHER, FILE_READ_DATA) 296 #define FSCTL_READ_FILE_USN_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 58, METHOD_NEITHER, FILE_READ_DATA) 297 #define FSCTL_WRITE_USN_CLOSE_RECORD CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 59, METHOD_NEITHER, FILE_READ_DATA) 298 #define FSCTL_EXTEND_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 60, METHOD_BUFFERED, FILE_ANY_ACCESS) 299 #define FSCTL_QUERY_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 61, METHOD_BUFFERED, FILE_ANY_ACCESS) 300 #define FSCTL_DELETE_USN_JOURNAL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 62, METHOD_BUFFERED, FILE_ANY_ACCESS) 301 #define FSCTL_MARK_HANDLE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 63, METHOD_BUFFERED, FILE_ANY_ACCESS) 302 #define FSCTL_SIS_COPYFILE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 64, METHOD_BUFFERED, FILE_ANY_ACCESS) 303 #define FSCTL_SIS_LINK_FILES CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 65, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA) 304 #define FSCTL_HSM_MSG CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 66, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA) 305 306 #define FSCTL_HSM_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 68, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA) 307 #define FSCTL_RECALL_FILE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 69, METHOD_NEITHER, FILE_ANY_ACCESS) 308 309 #define FSCTL_READ_FROM_PLEX CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 71, METHOD_OUT_DIRECT, FILE_READ_DATA) 310 #define FSCTL_FILE_PREFETCH CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 72, METHOD_BUFFERED, FILE_SPECIAL_ACCESS) 311 #endif 312 #endif // (_WIN32_WINNT >= 0x0500) 313 314 // file system flags 315 #ifndef FILE_VOLUME_QUOTAS 316 317 #define FILE_VOLUME_QUOTAS 0x00000020 318 #define FILE_SUPPORTS_SPARSE_FILES 0x00000040 319 #define FILE_SUPPORTS_REPARSE_POINTS 0x00000080 320 #define FILE_SUPPORTS_REMOTE_STORAGE 0x00000100 321 #define FS_LFN_APIS 0x00004000 322 #define FILE_SUPPORTS_OBJECT_IDS 0x00010000 323 #define FILE_SUPPORTS_ENCRYPTION 0x00020000 324 #define FILE_NAMED_STREAMS 0x00040000 325 #define FILE_READ_ONLY_VOLUME 0x00080000 326 327 #endif //FILE_VOLUME_QUOTAS 328 329 // Output flags for the FSCTL_IS_VOLUME_DIRTY 330 #define VOLUME_IS_DIRTY (0x00000001) 331 #define VOLUME_UPGRADE_SCHEDULED (0x00000002) 332 333 NTSYSAPI 334 NTSTATUS 335 NTAPI 336 ZwFsControlFile( 337 IN HANDLE DeviceHandle, 338 IN HANDLE Event OPTIONAL, 339 IN PIO_APC_ROUTINE ApcRoutine OPTIONAL, 340 IN PVOID ApcContext OPTIONAL, 341 OUT PIO_STATUS_BLOCK IoStatusBlock, 342 IN ULONG IoControlCode, 343 IN PVOID InputBuffer, 344 IN ULONG InputBufferSize, 345 OUT PVOID OutputBuffer, 346 IN ULONG OutputBufferSize 347 ); 348 349 NTSYSAPI 350 NTSTATUS 351 NTAPI 352 ZwDeviceIoControlFile( 353 IN HANDLE DeviceHandle, 354 IN HANDLE Event OPTIONAL, 355 IN PIO_APC_ROUTINE UserApcRoutine OPTIONAL, 356 IN PVOID UserApcContext OPTIONAL, 357 OUT PIO_STATUS_BLOCK IoStatusBlock, 358 IN ULONG IoControlCode, 359 IN PVOID InputBuffer, 360 IN ULONG InputBufferSize, 361 OUT PVOID OutputBuffer, 362 IN ULONG OutputBufferSize 363 ); 364 365 366 NTSYSAPI 367 NTSTATUS 368 NTAPI 369 ZwQueryVolumeInformationFile( 370 IN HANDLE FileHandle, 371 OUT PIO_STATUS_BLOCK IoStatusBlock, 372 OUT PVOID FsInformation, 373 IN ULONG Length, 374 IN FS_INFORMATION_CLASS FsInformationClass 375 ); 376 377 378 #ifndef FILE_ATTRIBUTE_SPARSE_FILE 379 380 #define FILE_ATTRIBUTE_SPARSE_FILE 0x00000200 381 #define FILE_ATTRIBUTE_REPARSE_POINT 0x00000400 382 #define FILE_ATTRIBUTE_COMPRESSED 0x00000800 383 #define FILE_ATTRIBUTE_OFFLINE 0x00001000 384 #define FILE_ATTRIBUTE_NOT_CONTENT_INDEXED 0x00002000 385 #define FILE_ATTRIBUTE_ENCRYPTED 0x00004000 386 387 #endif //FILE_ATTRIBUTE_SPARSE_FILE 388 389 #define FileFsFullSizeInformation (FS_INFORMATION_CLASS(7)) 390 #define FileFsObjectIdInformation (FS_INFORMATION_CLASS(8)) 391 #define FileFsDriverPathInformation (FS_INFORMATION_CLASS(9)) 392 393 #ifndef WIN64 394 395 #if 0 396 typedef struct _FILE_FS_FULL_SIZE_INFORMATION { 397 LARGE_INTEGER TotalAllocationUnits; 398 LARGE_INTEGER CallerAvailableAllocationUnits; 399 LARGE_INTEGER ActualAvailableAllocationUnits; 400 ULONG SectorsPerAllocationUnit; 401 ULONG BytesPerSector; 402 } FILE_FS_FULL_SIZE_INFORMATION, *PFILE_FS_FULL_SIZE_INFORMATION; 403 #endif 404 405 #endif //WIN64 406 407 #ifndef IRP_MN_SURPRISE_REMOVAL 408 #define IRP_MN_SURPRISE_REMOVAL 0x17 409 #endif //IRP_MN_SURPRISE_REMOVAL 410 411 #ifndef IoCopyCurrentIrpStackLocationToNext 412 413 #define IoCopyCurrentIrpStackLocationToNext( Irp ) { \ 414 PIO_STACK_LOCATION irpSp; \ 415 PIO_STACK_LOCATION nextIrpSp; \ 416 irpSp = IoGetCurrentIrpStackLocation( (Irp) ); \ 417 nextIrpSp = IoGetNextIrpStackLocation( (Irp) ); \ 418 RtlCopyMemory( nextIrpSp, irpSp, FIELD_OFFSET(IO_STACK_LOCATION, CompletionRoutine)); \ 419 nextIrpSp->Control = 0; } 420 421 #define IoSkipCurrentIrpStackLocation( Irp ) \ 422 (Irp)->CurrentLocation++; \ 423 (Irp)->Tail.Overlay.CurrentStackLocation++; 424 425 #endif //IoCopyCurrentIrpStackLocationToNext 426 427 #ifndef VPB_REMOVE_PENDING 428 #define VPB_REMOVE_PENDING 0x00000008 429 #endif //VPB_REMOVE_PENDING 430 431 432 // 433 // Volume lock/unlock notification routines, implemented in PnP.c 434 // 435 // These routines provide PnP volume lock notification support 436 // for all filesystems. 437 // 438 439 #define FSRTL_VOLUME_DISMOUNT 1 440 #define FSRTL_VOLUME_DISMOUNT_FAILED 2 441 #define FSRTL_VOLUME_LOCK 3 442 #define FSRTL_VOLUME_LOCK_FAILED 4 443 #define FSRTL_VOLUME_UNLOCK 5 444 #define FSRTL_VOLUME_MOUNT 6 445 446 /*NTKERNELAPI 447 NTSTATUS 448 FsRtlNotifyVolumeEvent ( 449 IN PFILE_OBJECT FileObject, 450 IN ULONG EventCode 451 );*/ 452 453 typedef NTSTATUS (*ptrFsRtlNotifyVolumeEvent) ( 454 IN PFILE_OBJECT FileObject, 455 IN ULONG EventCode 456 ); 457 458 #include "Include/ntddk_ex.h" 459 460 #endif //__NTIFS_EX_H__ 461