1 /* 2 * ntifs.h 3 * 4 * Windows NT Filesystem Driver Developer Kit 5 * 6 * This file is part of the ReactOS DDK package. 7 * 8 * Contributors: 9 * Amine Khaldi 10 * Timo Kreuzer (timo.kreuzer@reactos.org) 11 * 12 * THIS SOFTWARE IS NOT COPYRIGHTED 13 * 14 * This source code is offered for use in the public domain. You may 15 * use, modify or distribute it freely. 16 * 17 * This code is distributed in the hope that it will be useful but 18 * WITHOUT ANY WARRANTY. ALL WARRANTIES, EXPRESS OR IMPLIED ARE HEREBY 19 * DISCLAIMED. This includes but is not limited to warranties of 20 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 21 * 22 */ 23 24 #pragma once 25 26 #define _NTIFS_INCLUDED_ 27 #define _GNU_NTIFS_ 28 29 #ifdef __cplusplus 30 extern "C" { 31 #endif 32 33 $define(UCHAR=UCHAR) 34 $define(ULONG=ULONG) 35 $define(USHORT=USHORT) 36 37 /* Dependencies */ 38 #include <ntddk.h> 39 #include <excpt.h> 40 #include <ntdef.h> 41 #include <ntnls.h> 42 #include <ntstatus.h> 43 #include <bugcodes.h> 44 #include <ntiologc.h> 45 46 $define (_NTIFS_) 47 48 #ifndef FlagOn 49 #define FlagOn(_F,_SF) ((_F) & (_SF)) 50 #endif 51 52 #ifndef BooleanFlagOn 53 #define BooleanFlagOn(F,SF) ((BOOLEAN)(((F) & (SF)) != 0)) 54 #endif 55 56 #ifndef SetFlag 57 #define SetFlag(_F,_SF) ((_F) |= (_SF)) 58 #endif 59 60 #ifndef ClearFlag 61 #define ClearFlag(_F,_SF) ((_F) &= ~(_SF)) 62 #endif 63 64 typedef UNICODE_STRING LSA_UNICODE_STRING, *PLSA_UNICODE_STRING; 65 typedef STRING LSA_STRING, *PLSA_STRING; 66 typedef OBJECT_ATTRIBUTES LSA_OBJECT_ATTRIBUTES, *PLSA_OBJECT_ATTRIBUTES; 67 68 $include (setypes.h) 69 $include (obtypes.h) 70 $include (rtltypes.h) 71 $include (rtlfuncs.h) 72 73 _IRQL_requires_max_(PASSIVE_LEVEL) 74 __kernel_entry 75 NTSYSCALLAPI 76 NTSTATUS 77 NTAPI 78 NtQueryObject( 79 _In_opt_ HANDLE Handle, 80 _In_ OBJECT_INFORMATION_CLASS ObjectInformationClass, 81 _Out_writes_bytes_opt_(ObjectInformationLength) PVOID ObjectInformation, 82 _In_ ULONG ObjectInformationLength, 83 _Out_opt_ PULONG ReturnLength); 84 85 #if (NTDDI_VERSION >= NTDDI_WIN2K) 86 87 _Must_inspect_result_ 88 __kernel_entry 89 NTSYSCALLAPI 90 NTSTATUS 91 NTAPI 92 NtOpenThreadToken( 93 _In_ HANDLE ThreadHandle, 94 _In_ ACCESS_MASK DesiredAccess, 95 _In_ BOOLEAN OpenAsSelf, 96 _Out_ PHANDLE TokenHandle); 97 98 _Must_inspect_result_ 99 __kernel_entry 100 NTSYSCALLAPI 101 NTSTATUS 102 NTAPI 103 NtOpenProcessToken( 104 _In_ HANDLE ProcessHandle, 105 _In_ ACCESS_MASK DesiredAccess, 106 _Out_ PHANDLE TokenHandle); 107 108 _When_(TokenInformationClass == TokenAccessInformation, 109 _At_(TokenInformationLength, 110 _In_range_(>=, sizeof(TOKEN_ACCESS_INFORMATION)))) 111 _Must_inspect_result_ 112 __kernel_entry 113 NTSYSCALLAPI 114 NTSTATUS 115 NTAPI 116 NtQueryInformationToken( 117 _In_ HANDLE TokenHandle, 118 _In_ TOKEN_INFORMATION_CLASS TokenInformationClass, 119 _Out_writes_bytes_to_opt_(TokenInformationLength, *ReturnLength) PVOID TokenInformation, 120 _In_ ULONG TokenInformationLength, 121 _Out_ PULONG ReturnLength); 122 123 _Must_inspect_result_ 124 __kernel_entry 125 NTSYSCALLAPI 126 NTSTATUS 127 NTAPI 128 NtAdjustPrivilegesToken( 129 _In_ HANDLE TokenHandle, 130 _In_ BOOLEAN DisableAllPrivileges, 131 _In_opt_ PTOKEN_PRIVILEGES NewState, 132 _In_ ULONG BufferLength, 133 _Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_PRIVILEGES PreviousState, 134 _When_(PreviousState != NULL, _Out_) PULONG ReturnLength); 135 136 __kernel_entry 137 NTSYSCALLAPI 138 NTSTATUS 139 NTAPI 140 NtCreateFile( 141 _Out_ PHANDLE FileHandle, 142 _In_ ACCESS_MASK DesiredAccess, 143 _In_ POBJECT_ATTRIBUTES ObjectAttributes, 144 _Out_ PIO_STATUS_BLOCK IoStatusBlock, 145 _In_opt_ PLARGE_INTEGER AllocationSize, 146 _In_ ULONG FileAttributes, 147 _In_ ULONG ShareAccess, 148 _In_ ULONG CreateDisposition, 149 _In_ ULONG CreateOptions, 150 _In_reads_bytes_opt_(EaLength) PVOID EaBuffer, 151 _In_ ULONG EaLength); 152 153 __kernel_entry 154 NTSYSCALLAPI 155 NTSTATUS 156 NTAPI 157 NtDeviceIoControlFile( 158 _In_ HANDLE FileHandle, 159 _In_opt_ HANDLE Event, 160 _In_opt_ PIO_APC_ROUTINE ApcRoutine, 161 _In_opt_ PVOID ApcContext, 162 _Out_ PIO_STATUS_BLOCK IoStatusBlock, 163 _In_ ULONG IoControlCode, 164 _In_reads_bytes_opt_(InputBufferLength) PVOID InputBuffer, 165 _In_ ULONG InputBufferLength, 166 _Out_writes_bytes_opt_(OutputBufferLength) PVOID OutputBuffer, 167 _In_ ULONG OutputBufferLength); 168 169 __kernel_entry 170 NTSYSCALLAPI 171 NTSTATUS 172 NTAPI 173 NtFsControlFile( 174 _In_ HANDLE FileHandle, 175 _In_opt_ HANDLE Event, 176 _In_opt_ PIO_APC_ROUTINE ApcRoutine, 177 _In_opt_ PVOID ApcContext, 178 _Out_ PIO_STATUS_BLOCK IoStatusBlock, 179 _In_ ULONG FsControlCode, 180 _In_reads_bytes_opt_(InputBufferLength) PVOID InputBuffer, 181 _In_ ULONG InputBufferLength, 182 _Out_writes_bytes_opt_(OutputBufferLength) PVOID OutputBuffer, 183 _In_ ULONG OutputBufferLength); 184 185 __kernel_entry 186 NTSYSCALLAPI 187 NTSTATUS 188 NTAPI 189 NtLockFile( 190 _In_ HANDLE FileHandle, 191 _In_opt_ HANDLE Event, 192 _In_opt_ PIO_APC_ROUTINE ApcRoutine, 193 _In_opt_ PVOID ApcContext, 194 _Out_ PIO_STATUS_BLOCK IoStatusBlock, 195 _In_ PLARGE_INTEGER ByteOffset, 196 _In_ PLARGE_INTEGER Length, 197 _In_ ULONG Key, 198 _In_ BOOLEAN FailImmediately, 199 _In_ BOOLEAN ExclusiveLock); 200 201 __kernel_entry 202 NTSYSCALLAPI 203 NTSTATUS 204 NTAPI 205 NtOpenFile( 206 _Out_ PHANDLE FileHandle, 207 _In_ ACCESS_MASK DesiredAccess, 208 _In_ POBJECT_ATTRIBUTES ObjectAttributes, 209 _Out_ PIO_STATUS_BLOCK IoStatusBlock, 210 _In_ ULONG ShareAccess, 211 _In_ ULONG OpenOptions); 212 213 __kernel_entry 214 NTSYSCALLAPI 215 NTSTATUS 216 NTAPI 217 NtQueryDirectoryFile( 218 _In_ HANDLE FileHandle, 219 _In_opt_ HANDLE Event, 220 _In_opt_ PIO_APC_ROUTINE ApcRoutine, 221 _In_opt_ PVOID ApcContext, 222 _Out_ PIO_STATUS_BLOCK IoStatusBlock, 223 _Out_writes_bytes_(Length) PVOID FileInformation, 224 _In_ ULONG Length, 225 _In_ FILE_INFORMATION_CLASS FileInformationClass, 226 _In_ BOOLEAN ReturnSingleEntry, 227 _In_opt_ PUNICODE_STRING FileName, 228 _In_ BOOLEAN RestartScan); 229 230 __kernel_entry 231 NTSYSCALLAPI 232 NTSTATUS 233 NTAPI 234 NtQueryInformationFile( 235 _In_ HANDLE FileHandle, 236 _Out_ PIO_STATUS_BLOCK IoStatusBlock, 237 _Out_writes_bytes_(Length) PVOID FileInformation, 238 _In_ ULONG Length, 239 _In_ FILE_INFORMATION_CLASS FileInformationClass); 240 241 __kernel_entry 242 NTSYSCALLAPI 243 NTSTATUS 244 NTAPI 245 NtQueryQuotaInformationFile( 246 _In_ HANDLE FileHandle, 247 _Out_ PIO_STATUS_BLOCK IoStatusBlock, 248 _Out_writes_bytes_(Length) PVOID Buffer, 249 _In_ ULONG Length, 250 _In_ BOOLEAN ReturnSingleEntry, 251 _In_reads_bytes_opt_(SidListLength) PVOID SidList, 252 _In_ ULONG SidListLength, 253 _In_reads_bytes_opt_((8 + (4 * ((SID *)StartSid)->SubAuthorityCount))) PSID StartSid, 254 _In_ BOOLEAN RestartScan); 255 256 __kernel_entry 257 NTSYSCALLAPI 258 NTSTATUS 259 NTAPI 260 NtQueryVolumeInformationFile( 261 _In_ HANDLE FileHandle, 262 _Out_ PIO_STATUS_BLOCK IoStatusBlock, 263 _Out_writes_bytes_(Length) PVOID FsInformation, 264 _In_ ULONG Length, 265 _In_ FS_INFORMATION_CLASS FsInformationClass); 266 267 __kernel_entry 268 NTSYSCALLAPI 269 NTSTATUS 270 NTAPI 271 NtReadFile( 272 _In_ HANDLE FileHandle, 273 _In_opt_ HANDLE Event, 274 _In_opt_ PIO_APC_ROUTINE ApcRoutine, 275 _In_opt_ PVOID ApcContext, 276 _Out_ PIO_STATUS_BLOCK IoStatusBlock, 277 _Out_writes_bytes_(Length) PVOID Buffer, 278 _In_ ULONG Length, 279 _In_opt_ PLARGE_INTEGER ByteOffset, 280 _In_opt_ PULONG Key); 281 282 __kernel_entry 283 NTSYSCALLAPI 284 NTSTATUS 285 NTAPI 286 NtSetInformationFile( 287 _In_ HANDLE FileHandle, 288 _Out_ PIO_STATUS_BLOCK IoStatusBlock, 289 _In_reads_bytes_(Length) PVOID FileInformation, 290 _In_ ULONG Length, 291 _In_ FILE_INFORMATION_CLASS FileInformationClass); 292 293 __kernel_entry 294 NTSYSCALLAPI 295 NTSTATUS 296 NTAPI 297 NtSetQuotaInformationFile( 298 _In_ HANDLE FileHandle, 299 _Out_ PIO_STATUS_BLOCK IoStatusBlock, 300 _In_reads_bytes_(Length) PVOID Buffer, 301 _In_ ULONG Length); 302 303 __kernel_entry 304 NTSYSCALLAPI 305 NTSTATUS 306 NTAPI 307 NtSetVolumeInformationFile( 308 _In_ HANDLE FileHandle, 309 _Out_ PIO_STATUS_BLOCK IoStatusBlock, 310 _In_reads_bytes_(Length) PVOID FsInformation, 311 _In_ ULONG Length, 312 _In_ FS_INFORMATION_CLASS FsInformationClass); 313 314 __kernel_entry 315 NTSYSCALLAPI 316 NTSTATUS 317 NTAPI 318 NtWriteFile( 319 _In_ HANDLE FileHandle, 320 _In_opt_ HANDLE Event, 321 _In_opt_ PIO_APC_ROUTINE ApcRoutine, 322 _In_opt_ PVOID ApcContext, 323 _Out_ PIO_STATUS_BLOCK IoStatusBlock, 324 _In_reads_bytes_(Length) PVOID Buffer, 325 _In_ ULONG Length, 326 _In_opt_ PLARGE_INTEGER ByteOffset, 327 _In_opt_ PULONG Key); 328 329 __kernel_entry 330 NTSYSCALLAPI 331 NTSTATUS 332 NTAPI 333 NtUnlockFile( 334 _In_ HANDLE FileHandle, 335 _Out_ PIO_STATUS_BLOCK IoStatusBlock, 336 _In_ PLARGE_INTEGER ByteOffset, 337 _In_ PLARGE_INTEGER Length, 338 _In_ ULONG Key); 339 340 _IRQL_requires_max_(PASSIVE_LEVEL) 341 __kernel_entry 342 NTSYSCALLAPI 343 NTSTATUS 344 NTAPI 345 NtSetSecurityObject( 346 _In_ HANDLE Handle, 347 _In_ SECURITY_INFORMATION SecurityInformation, 348 _In_ PSECURITY_DESCRIPTOR SecurityDescriptor); 349 350 _IRQL_requires_max_(PASSIVE_LEVEL) 351 __kernel_entry 352 NTSYSCALLAPI 353 NTSTATUS 354 NTAPI 355 NtQuerySecurityObject( 356 _In_ HANDLE Handle, 357 _In_ SECURITY_INFORMATION SecurityInformation, 358 _Out_writes_bytes_opt_(Length) PSECURITY_DESCRIPTOR SecurityDescriptor, 359 _In_ ULONG Length, 360 _Out_ PULONG LengthNeeded); 361 362 _IRQL_requires_max_(PASSIVE_LEVEL) 363 __kernel_entry 364 NTSYSCALLAPI 365 NTSTATUS 366 NTAPI 367 NtClose( 368 _In_ HANDLE Handle); 369 370 #endif 371 372 #if (NTDDI_VERSION >= NTDDI_WINXP) 373 374 _Must_inspect_result_ 375 __kernel_entry 376 NTSYSCALLAPI 377 NTSTATUS 378 NTAPI 379 NtOpenThreadTokenEx( 380 _In_ HANDLE ThreadHandle, 381 _In_ ACCESS_MASK DesiredAccess, 382 _In_ BOOLEAN OpenAsSelf, 383 _In_ ULONG HandleAttributes, 384 _Out_ PHANDLE TokenHandle); 385 386 _Must_inspect_result_ 387 __kernel_entry 388 NTSYSCALLAPI 389 NTSTATUS 390 NTAPI 391 NtOpenProcessTokenEx( 392 _In_ HANDLE ProcessHandle, 393 _In_ ACCESS_MASK DesiredAccess, 394 _In_ ULONG HandleAttributes, 395 _Out_ PHANDLE TokenHandle); 396 397 _Must_inspect_result_ 398 NTSYSAPI 399 NTSTATUS 400 NTAPI 401 NtOpenJobObjectToken( 402 _In_ HANDLE JobHandle, 403 _In_ ACCESS_MASK DesiredAccess, 404 _Out_ PHANDLE TokenHandle); 405 406 _Must_inspect_result_ 407 __kernel_entry 408 NTSYSCALLAPI 409 NTSTATUS 410 NTAPI 411 NtDuplicateToken( 412 _In_ HANDLE ExistingTokenHandle, 413 _In_ ACCESS_MASK DesiredAccess, 414 _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, 415 _In_ BOOLEAN EffectiveOnly, 416 _In_ TOKEN_TYPE TokenType, 417 _Out_ PHANDLE NewTokenHandle); 418 419 _Must_inspect_result_ 420 __kernel_entry 421 NTSYSCALLAPI 422 NTSTATUS 423 NTAPI 424 NtFilterToken( 425 _In_ HANDLE ExistingTokenHandle, 426 _In_ ULONG Flags, 427 _In_opt_ PTOKEN_GROUPS SidsToDisable, 428 _In_opt_ PTOKEN_PRIVILEGES PrivilegesToDelete, 429 _In_opt_ PTOKEN_GROUPS RestrictedSids, 430 _Out_ PHANDLE NewTokenHandle); 431 432 _Must_inspect_result_ 433 __kernel_entry 434 NTSYSCALLAPI 435 NTSTATUS 436 NTAPI 437 NtImpersonateAnonymousToken( 438 _In_ HANDLE ThreadHandle); 439 440 _Must_inspect_result_ 441 __kernel_entry 442 NTSYSCALLAPI 443 NTSTATUS 444 NTAPI 445 NtSetInformationToken( 446 _In_ HANDLE TokenHandle, 447 _In_ TOKEN_INFORMATION_CLASS TokenInformationClass, 448 _In_reads_bytes_(TokenInformationLength) PVOID TokenInformation, 449 _In_ ULONG TokenInformationLength); 450 451 _Must_inspect_result_ 452 __kernel_entry 453 NTSYSCALLAPI 454 NTSTATUS 455 NTAPI 456 NtAdjustGroupsToken( 457 _In_ HANDLE TokenHandle, 458 _In_ BOOLEAN ResetToDefault, 459 _In_opt_ PTOKEN_GROUPS NewState, 460 _In_opt_ ULONG BufferLength, 461 _Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_GROUPS PreviousState, 462 _Out_ PULONG ReturnLength); 463 464 _Must_inspect_result_ 465 __kernel_entry 466 NTSYSCALLAPI 467 NTSTATUS 468 NTAPI 469 NtPrivilegeCheck( 470 _In_ HANDLE ClientToken, 471 _Inout_ PPRIVILEGE_SET RequiredPrivileges, 472 _Out_ PBOOLEAN Result); 473 474 _Must_inspect_result_ 475 __kernel_entry 476 NTSYSCALLAPI 477 NTSTATUS 478 NTAPI 479 NtAccessCheckAndAuditAlarm( 480 _In_ PUNICODE_STRING SubsystemName, 481 _In_opt_ PVOID HandleId, 482 _In_ PUNICODE_STRING ObjectTypeName, 483 _In_ PUNICODE_STRING ObjectName, 484 _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, 485 _In_ ACCESS_MASK DesiredAccess, 486 _In_ PGENERIC_MAPPING GenericMapping, 487 _In_ BOOLEAN ObjectCreation, 488 _Out_ PACCESS_MASK GrantedAccess, 489 _Out_ PNTSTATUS AccessStatus, 490 _Out_ PBOOLEAN GenerateOnClose); 491 492 _Must_inspect_result_ 493 __kernel_entry 494 NTSYSCALLAPI 495 NTSTATUS 496 NTAPI 497 NtAccessCheckByTypeAndAuditAlarm( 498 _In_ PUNICODE_STRING SubsystemName, 499 _In_opt_ PVOID HandleId, 500 _In_ PUNICODE_STRING ObjectTypeName, 501 _In_ PUNICODE_STRING ObjectName, 502 _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, 503 _In_opt_ PSID PrincipalSelfSid, 504 _In_ ACCESS_MASK DesiredAccess, 505 _In_ AUDIT_EVENT_TYPE AuditType, 506 _In_ ULONG Flags, 507 _In_reads_opt_(ObjectTypeLength) POBJECT_TYPE_LIST ObjectTypeList, 508 _In_ ULONG ObjectTypeLength, 509 _In_ PGENERIC_MAPPING GenericMapping, 510 _In_ BOOLEAN ObjectCreation, 511 _Out_ PACCESS_MASK GrantedAccess, 512 _Out_ PNTSTATUS AccessStatus, 513 _Out_ PBOOLEAN GenerateOnClose); 514 515 _Must_inspect_result_ 516 __kernel_entry 517 NTSYSCALLAPI 518 NTSTATUS 519 NTAPI 520 NtAccessCheckByTypeResultListAndAuditAlarm( 521 _In_ PUNICODE_STRING SubsystemName, 522 _In_opt_ PVOID HandleId, 523 _In_ PUNICODE_STRING ObjectTypeName, 524 _In_ PUNICODE_STRING ObjectName, 525 _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, 526 _In_opt_ PSID PrincipalSelfSid, 527 _In_ ACCESS_MASK DesiredAccess, 528 _In_ AUDIT_EVENT_TYPE AuditType, 529 _In_ ULONG Flags, 530 _In_reads_opt_(ObjectTypeListLength) POBJECT_TYPE_LIST ObjectTypeList, 531 _In_ ULONG ObjectTypeListLength, 532 _In_ PGENERIC_MAPPING GenericMapping, 533 _In_ BOOLEAN ObjectCreation, 534 _Out_writes_(ObjectTypeListLength) PACCESS_MASK GrantedAccess, 535 _Out_writes_(ObjectTypeListLength) PNTSTATUS AccessStatus, 536 _Out_ PBOOLEAN GenerateOnClose); 537 538 _Must_inspect_result_ 539 __kernel_entry 540 NTSYSCALLAPI 541 NTSTATUS 542 NTAPI 543 NtAccessCheckByTypeResultListAndAuditAlarmByHandle( 544 _In_ PUNICODE_STRING SubsystemName, 545 _In_opt_ PVOID HandleId, 546 _In_ HANDLE ClientToken, 547 _In_ PUNICODE_STRING ObjectTypeName, 548 _In_ PUNICODE_STRING ObjectName, 549 _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, 550 _In_opt_ PSID PrincipalSelfSid, 551 _In_ ACCESS_MASK DesiredAccess, 552 _In_ AUDIT_EVENT_TYPE AuditType, 553 _In_ ULONG Flags, 554 _In_reads_opt_(ObjectTypeListLength) POBJECT_TYPE_LIST ObjectTypeList, 555 _In_ ULONG ObjectTypeListLength, 556 _In_ PGENERIC_MAPPING GenericMapping, 557 _In_ BOOLEAN ObjectCreation, 558 _Out_writes_(ObjectTypeListLength) PACCESS_MASK GrantedAccess, 559 _Out_writes_(ObjectTypeListLength) PNTSTATUS AccessStatus, 560 _Out_ PBOOLEAN GenerateOnClose); 561 562 __kernel_entry 563 NTSYSCALLAPI 564 NTSTATUS 565 NTAPI 566 NtOpenObjectAuditAlarm( 567 _In_ PUNICODE_STRING SubsystemName, 568 _In_opt_ PVOID HandleId, 569 _In_ PUNICODE_STRING ObjectTypeName, 570 _In_ PUNICODE_STRING ObjectName, 571 _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor, 572 _In_ HANDLE ClientToken, 573 _In_ ACCESS_MASK DesiredAccess, 574 _In_ ACCESS_MASK GrantedAccess, 575 _In_opt_ PPRIVILEGE_SET Privileges, 576 _In_ BOOLEAN ObjectCreation, 577 _In_ BOOLEAN AccessGranted, 578 _Out_ PBOOLEAN GenerateOnClose); 579 580 __kernel_entry 581 NTSYSCALLAPI 582 NTSTATUS 583 NTAPI 584 NtPrivilegeObjectAuditAlarm( 585 _In_ PUNICODE_STRING SubsystemName, 586 _In_opt_ PVOID HandleId, 587 _In_ HANDLE ClientToken, 588 _In_ ACCESS_MASK DesiredAccess, 589 _In_ PPRIVILEGE_SET Privileges, 590 _In_ BOOLEAN AccessGranted); 591 592 __kernel_entry 593 NTSYSCALLAPI 594 NTSTATUS 595 NTAPI 596 NtCloseObjectAuditAlarm( 597 _In_ PUNICODE_STRING SubsystemName, 598 _In_opt_ PVOID HandleId, 599 _In_ BOOLEAN GenerateOnClose); 600 601 __kernel_entry 602 NTSYSCALLAPI 603 NTSTATUS 604 NTAPI 605 NtDeleteObjectAuditAlarm( 606 _In_ PUNICODE_STRING SubsystemName, 607 _In_opt_ PVOID HandleId, 608 _In_ BOOLEAN GenerateOnClose); 609 610 __kernel_entry 611 NTSYSCALLAPI 612 NTSTATUS 613 NTAPI 614 NtPrivilegedServiceAuditAlarm( 615 _In_ PUNICODE_STRING SubsystemName, 616 _In_ PUNICODE_STRING ServiceName, 617 _In_ HANDLE ClientToken, 618 _In_ PPRIVILEGE_SET Privileges, 619 _In_ BOOLEAN AccessGranted); 620 621 __kernel_entry 622 NTSYSCALLAPI 623 NTSTATUS 624 NTAPI 625 NtSetInformationThread( 626 _In_ HANDLE ThreadHandle, 627 _In_ THREADINFOCLASS ThreadInformationClass, 628 _In_reads_bytes_(ThreadInformationLength) PVOID ThreadInformation, 629 _In_ ULONG ThreadInformationLength); 630 631 _Must_inspect_result_ 632 __kernel_entry 633 NTSYSCALLAPI 634 NTSTATUS 635 NTAPI 636 NtCreateSection( 637 _Out_ PHANDLE SectionHandle, 638 _In_ ACCESS_MASK DesiredAccess, 639 _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, 640 _In_opt_ PLARGE_INTEGER MaximumSize, 641 _In_ ULONG SectionPageProtection, 642 _In_ ULONG AllocationAttributes, 643 _In_opt_ HANDLE FileHandle); 644 645 #endif 646 647 #define COMPRESSION_FORMAT_NONE (0x0000) 648 #define COMPRESSION_FORMAT_DEFAULT (0x0001) 649 #define COMPRESSION_FORMAT_LZNT1 (0x0002) 650 #define COMPRESSION_ENGINE_STANDARD (0x0000) 651 #define COMPRESSION_ENGINE_MAXIMUM (0x0100) 652 #define COMPRESSION_ENGINE_HIBER (0x0200) 653 654 #define MAX_UNICODE_STACK_BUFFER_LENGTH 256 655 656 #define METHOD_FROM_CTL_CODE(ctrlCode) ((ULONG)(ctrlCode & 3)) 657 658 #define METHOD_DIRECT_TO_HARDWARE METHOD_IN_DIRECT 659 #define METHOD_DIRECT_FROM_HARDWARE METHOD_OUT_DIRECT 660 661 typedef ULONG LSA_OPERATIONAL_MODE, *PLSA_OPERATIONAL_MODE; 662 663 typedef enum _SECURITY_LOGON_TYPE { 664 UndefinedLogonType = 0, 665 Interactive = 2, 666 Network, 667 Batch, 668 Service, 669 Proxy, 670 Unlock, 671 NetworkCleartext, 672 NewCredentials, 673 #if (_WIN32_WINNT >= 0x0501) 674 RemoteInteractive, 675 CachedInteractive, 676 #endif 677 #if (_WIN32_WINNT >= 0x0502) 678 CachedRemoteInteractive, 679 CachedUnlock 680 #endif 681 } SECURITY_LOGON_TYPE, *PSECURITY_LOGON_TYPE; 682 683 #ifndef _NTLSA_AUDIT_ 684 #define _NTLSA_AUDIT_ 685 686 #ifndef GUID_DEFINED 687 #include <guiddef.h> 688 #endif 689 690 #endif /* _NTLSA_AUDIT_ */ 691 692 _IRQL_requires_same_ 693 _IRQL_requires_max_(PASSIVE_LEVEL) 694 NTSTATUS 695 NTAPI 696 LsaRegisterLogonProcess( 697 _In_ PLSA_STRING LogonProcessName, 698 _Out_ PHANDLE LsaHandle, 699 _Out_ PLSA_OPERATIONAL_MODE SecurityMode); 700 701 _IRQL_requires_same_ 702 _IRQL_requires_max_(PASSIVE_LEVEL) 703 NTSTATUS 704 NTAPI 705 LsaLogonUser( 706 _In_ HANDLE LsaHandle, 707 _In_ PLSA_STRING OriginName, 708 _In_ SECURITY_LOGON_TYPE LogonType, 709 _In_ ULONG AuthenticationPackage, 710 _In_reads_bytes_(AuthenticationInformationLength) PVOID AuthenticationInformation, 711 _In_ ULONG AuthenticationInformationLength, 712 _In_opt_ PTOKEN_GROUPS LocalGroups, 713 _In_ PTOKEN_SOURCE SourceContext, 714 _Out_ PVOID *ProfileBuffer, 715 _Out_ PULONG ProfileBufferLength, 716 _Inout_ PLUID LogonId, 717 _Out_ PHANDLE Token, 718 _Out_ PQUOTA_LIMITS Quotas, 719 _Out_ PNTSTATUS SubStatus); 720 721 _IRQL_requires_same_ 722 NTSTATUS 723 NTAPI 724 LsaFreeReturnBuffer( 725 _In_ PVOID Buffer); 726 727 #ifndef _NTLSA_IFS_ 728 #define _NTLSA_IFS_ 729 #endif 730 731 #define MSV1_0_PACKAGE_NAME "MICROSOFT_AUTHENTICATION_PACKAGE_V1_0" 732 #define MSV1_0_PACKAGE_NAMEW L"MICROSOFT_AUTHENTICATION_PACKAGE_V1_0" 733 #define MSV1_0_PACKAGE_NAMEW_LENGTH sizeof(MSV1_0_PACKAGE_NAMEW) - sizeof(WCHAR) 734 735 #define MSV1_0_SUBAUTHENTICATION_KEY "SYSTEM\\CurrentControlSet\\Control\\Lsa\\MSV1_0" 736 #define MSV1_0_SUBAUTHENTICATION_VALUE "Auth" 737 738 #define MSV1_0_CHALLENGE_LENGTH 8 739 #define MSV1_0_USER_SESSION_KEY_LENGTH 16 740 #define MSV1_0_LANMAN_SESSION_KEY_LENGTH 8 741 742 #define MSV1_0_CLEARTEXT_PASSWORD_ALLOWED 0x02 743 #define MSV1_0_UPDATE_LOGON_STATISTICS 0x04 744 #define MSV1_0_RETURN_USER_PARAMETERS 0x08 745 #define MSV1_0_DONT_TRY_GUEST_ACCOUNT 0x10 746 #define MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT 0x20 747 #define MSV1_0_RETURN_PASSWORD_EXPIRY 0x40 748 #define MSV1_0_USE_CLIENT_CHALLENGE 0x80 749 #define MSV1_0_TRY_GUEST_ACCOUNT_ONLY 0x100 750 #define MSV1_0_RETURN_PROFILE_PATH 0x200 751 #define MSV1_0_TRY_SPECIFIED_DOMAIN_ONLY 0x400 752 #define MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT 0x800 753 754 #define MSV1_0_DISABLE_PERSONAL_FALLBACK 0x00001000 755 #define MSV1_0_ALLOW_FORCE_GUEST 0x00002000 756 757 #if (_WIN32_WINNT >= 0x0502) 758 #define MSV1_0_CLEARTEXT_PASSWORD_SUPPLIED 0x00004000 759 #define MSV1_0_USE_DOMAIN_FOR_ROUTING_ONLY 0x00008000 760 #endif 761 762 #define MSV1_0_SUBAUTHENTICATION_DLL_EX 0x00100000 763 #define MSV1_0_ALLOW_MSVCHAPV2 0x00010000 764 765 #if (_WIN32_WINNT >= 0x0600) 766 #define MSV1_0_S4U2SELF 0x00020000 767 #define MSV1_0_CHECK_LOGONHOURS_FOR_S4U 0x00040000 768 #endif 769 770 #define MSV1_0_SUBAUTHENTICATION_DLL 0xFF000000 771 #define MSV1_0_SUBAUTHENTICATION_DLL_SHIFT 24 772 #define MSV1_0_MNS_LOGON 0x01000000 773 774 #define MSV1_0_SUBAUTHENTICATION_DLL_RAS 2 775 #define MSV1_0_SUBAUTHENTICATION_DLL_IIS 132 776 777 #define LOGON_GUEST 0x01 778 #define LOGON_NOENCRYPTION 0x02 779 #define LOGON_CACHED_ACCOUNT 0x04 780 #define LOGON_USED_LM_PASSWORD 0x08 781 #define LOGON_EXTRA_SIDS 0x20 782 #define LOGON_SUBAUTH_SESSION_KEY 0x40 783 #define LOGON_SERVER_TRUST_ACCOUNT 0x80 784 #define LOGON_NTLMV2_ENABLED 0x100 785 #define LOGON_RESOURCE_GROUPS 0x200 786 #define LOGON_PROFILE_PATH_RETURNED 0x400 787 #define LOGON_NT_V2 0x800 788 #define LOGON_LM_V2 0x1000 789 #define LOGON_NTLM_V2 0x2000 790 791 #if (_WIN32_WINNT >= 0x0600) 792 793 #define LOGON_OPTIMIZED 0x4000 794 #define LOGON_WINLOGON 0x8000 795 #define LOGON_PKINIT 0x10000 796 #define LOGON_NO_OPTIMIZED 0x20000 797 798 #endif 799 800 #define MSV1_0_SUBAUTHENTICATION_FLAGS 0xFF000000 801 802 #define LOGON_GRACE_LOGON 0x01000000 803 804 #define MSV1_0_OWF_PASSWORD_LENGTH 16 805 #define MSV1_0_CRED_LM_PRESENT 0x1 806 #define MSV1_0_CRED_NT_PRESENT 0x2 807 #define MSV1_0_CRED_VERSION 0 808 809 #define MSV1_0_NTLM3_RESPONSE_LENGTH 16 810 #define MSV1_0_NTLM3_OWF_LENGTH 16 811 812 #if (_WIN32_WINNT == 0x0500) 813 #define MSV1_0_MAX_NTLM3_LIFE 1800 814 #else 815 #define MSV1_0_MAX_NTLM3_LIFE 129600 816 #endif 817 #define MSV1_0_MAX_AVL_SIZE 64000 818 819 #if (_WIN32_WINNT >= 0x0501) 820 821 #define MSV1_0_AV_FLAG_FORCE_GUEST 0x00000001 822 823 #if (_WIN32_WINNT >= 0x0600) 824 #define MSV1_0_AV_FLAG_MIC_HANDSHAKE_MESSAGES 0x00000002 825 #endif 826 827 #endif 828 829 #define MSV1_0_NTLM3_INPUT_LENGTH (sizeof(MSV1_0_NTLM3_RESPONSE) - MSV1_0_NTLM3_RESPONSE_LENGTH) 830 831 #if(_WIN32_WINNT >= 0x0502) 832 #define MSV1_0_NTLM3_MIN_NT_RESPONSE_LENGTH RTL_SIZEOF_THROUGH_FIELD(MSV1_0_NTLM3_RESPONSE, AvPairsOff) 833 #endif 834 835 #define USE_PRIMARY_PASSWORD 0x01 836 #define RETURN_PRIMARY_USERNAME 0x02 837 #define RETURN_PRIMARY_LOGON_DOMAINNAME 0x04 838 #define RETURN_NON_NT_USER_SESSION_KEY 0x08 839 #define GENERATE_CLIENT_CHALLENGE 0x10 840 #define GCR_NTLM3_PARMS 0x20 841 #define GCR_TARGET_INFO 0x40 842 #define RETURN_RESERVED_PARAMETER 0x80 843 #define GCR_ALLOW_NTLM 0x100 844 #define GCR_USE_OEM_SET 0x200 845 #define GCR_MACHINE_CREDENTIAL 0x400 846 #define GCR_USE_OWF_PASSWORD 0x800 847 #define GCR_ALLOW_LM 0x1000 848 #define GCR_ALLOW_NO_TARGET 0x2000 849 850 typedef enum _MSV1_0_LOGON_SUBMIT_TYPE { 851 MsV1_0InteractiveLogon = 2, 852 MsV1_0Lm20Logon, 853 MsV1_0NetworkLogon, 854 MsV1_0SubAuthLogon, 855 MsV1_0WorkstationUnlockLogon = 7, 856 MsV1_0S4ULogon = 12, 857 MsV1_0VirtualLogon = 82 858 } MSV1_0_LOGON_SUBMIT_TYPE, *PMSV1_0_LOGON_SUBMIT_TYPE; 859 860 typedef enum _MSV1_0_PROFILE_BUFFER_TYPE { 861 MsV1_0InteractiveProfile = 2, 862 MsV1_0Lm20LogonProfile, 863 MsV1_0SmartCardProfile 864 } MSV1_0_PROFILE_BUFFER_TYPE, *PMSV1_0_PROFILE_BUFFER_TYPE; 865 866 typedef struct _MSV1_0_INTERACTIVE_LOGON { 867 MSV1_0_LOGON_SUBMIT_TYPE MessageType; 868 UNICODE_STRING LogonDomainName; 869 UNICODE_STRING UserName; 870 UNICODE_STRING Password; 871 } MSV1_0_INTERACTIVE_LOGON, *PMSV1_0_INTERACTIVE_LOGON; 872 873 typedef struct _MSV1_0_INTERACTIVE_PROFILE { 874 MSV1_0_PROFILE_BUFFER_TYPE MessageType; 875 USHORT LogonCount; 876 USHORT BadPasswordCount; 877 LARGE_INTEGER LogonTime; 878 LARGE_INTEGER LogoffTime; 879 LARGE_INTEGER KickOffTime; 880 LARGE_INTEGER PasswordLastSet; 881 LARGE_INTEGER PasswordCanChange; 882 LARGE_INTEGER PasswordMustChange; 883 UNICODE_STRING LogonScript; 884 UNICODE_STRING HomeDirectory; 885 UNICODE_STRING FullName; 886 UNICODE_STRING ProfilePath; 887 UNICODE_STRING HomeDirectoryDrive; 888 UNICODE_STRING LogonServer; 889 ULONG UserFlags; 890 } MSV1_0_INTERACTIVE_PROFILE, *PMSV1_0_INTERACTIVE_PROFILE; 891 892 typedef struct _MSV1_0_LM20_LOGON { 893 MSV1_0_LOGON_SUBMIT_TYPE MessageType; 894 UNICODE_STRING LogonDomainName; 895 UNICODE_STRING UserName; 896 UNICODE_STRING Workstation; 897 UCHAR ChallengeToClient[MSV1_0_CHALLENGE_LENGTH]; 898 STRING CaseSensitiveChallengeResponse; 899 STRING CaseInsensitiveChallengeResponse; 900 ULONG ParameterControl; 901 } MSV1_0_LM20_LOGON, * PMSV1_0_LM20_LOGON; 902 903 typedef struct _MSV1_0_SUBAUTH_LOGON { 904 MSV1_0_LOGON_SUBMIT_TYPE MessageType; 905 UNICODE_STRING LogonDomainName; 906 UNICODE_STRING UserName; 907 UNICODE_STRING Workstation; 908 UCHAR ChallengeToClient[MSV1_0_CHALLENGE_LENGTH]; 909 STRING AuthenticationInfo1; 910 STRING AuthenticationInfo2; 911 ULONG ParameterControl; 912 ULONG SubAuthPackageId; 913 } MSV1_0_SUBAUTH_LOGON, * PMSV1_0_SUBAUTH_LOGON; 914 915 #if (_WIN32_WINNT >= 0x0600) 916 917 #define MSV1_0_S4U_LOGON_FLAG_CHECK_LOGONHOURS 0x2 918 919 typedef struct _MSV1_0_S4U_LOGON { 920 MSV1_0_LOGON_SUBMIT_TYPE MessageType; 921 ULONG Flags; 922 UNICODE_STRING UserPrincipalName; 923 UNICODE_STRING DomainName; 924 } MSV1_0_S4U_LOGON, *PMSV1_0_S4U_LOGON; 925 926 #endif 927 928 typedef struct _MSV1_0_LM20_LOGON_PROFILE { 929 MSV1_0_PROFILE_BUFFER_TYPE MessageType; 930 LARGE_INTEGER KickOffTime; 931 LARGE_INTEGER LogoffTime; 932 ULONG UserFlags; 933 UCHAR UserSessionKey[MSV1_0_USER_SESSION_KEY_LENGTH]; 934 UNICODE_STRING LogonDomainName; 935 UCHAR LanmanSessionKey[MSV1_0_LANMAN_SESSION_KEY_LENGTH]; 936 UNICODE_STRING LogonServer; 937 UNICODE_STRING UserParameters; 938 } MSV1_0_LM20_LOGON_PROFILE, * PMSV1_0_LM20_LOGON_PROFILE; 939 940 typedef struct _MSV1_0_SUPPLEMENTAL_CREDENTIAL { 941 ULONG Version; 942 ULONG Flags; 943 UCHAR LmPassword[MSV1_0_OWF_PASSWORD_LENGTH]; 944 UCHAR NtPassword[MSV1_0_OWF_PASSWORD_LENGTH]; 945 } MSV1_0_SUPPLEMENTAL_CREDENTIAL, *PMSV1_0_SUPPLEMENTAL_CREDENTIAL; 946 947 typedef struct _MSV1_0_NTLM3_RESPONSE { 948 UCHAR Response[MSV1_0_NTLM3_RESPONSE_LENGTH]; 949 UCHAR RespType; 950 UCHAR HiRespType; 951 USHORT Flags; 952 ULONG MsgWord; 953 ULONGLONG TimeStamp; 954 UCHAR ChallengeFromClient[MSV1_0_CHALLENGE_LENGTH]; 955 ULONG AvPairsOff; 956 UCHAR Buffer[1]; 957 } MSV1_0_NTLM3_RESPONSE, *PMSV1_0_NTLM3_RESPONSE; 958 959 typedef enum _MSV1_0_AVID { 960 MsvAvEOL, 961 MsvAvNbComputerName, 962 MsvAvNbDomainName, 963 MsvAvDnsComputerName, 964 MsvAvDnsDomainName, 965 #if (_WIN32_WINNT >= 0x0501) 966 MsvAvDnsTreeName, 967 MsvAvFlags, 968 #if (_WIN32_WINNT >= 0x0600) 969 MsvAvTimestamp, 970 MsvAvRestrictions, 971 MsvAvTargetName, 972 MsvAvChannelBindings, 973 #endif 974 #endif 975 } MSV1_0_AVID; 976 977 typedef struct _MSV1_0_AV_PAIR { 978 USHORT AvId; 979 USHORT AvLen; 980 } MSV1_0_AV_PAIR, *PMSV1_0_AV_PAIR; 981 982 typedef enum _MSV1_0_PROTOCOL_MESSAGE_TYPE { 983 MsV1_0Lm20ChallengeRequest = 0, 984 MsV1_0Lm20GetChallengeResponse, 985 MsV1_0EnumerateUsers, 986 MsV1_0GetUserInfo, 987 MsV1_0ReLogonUsers, 988 MsV1_0ChangePassword, 989 MsV1_0ChangeCachedPassword, 990 MsV1_0GenericPassthrough, 991 MsV1_0CacheLogon, 992 MsV1_0SubAuth, 993 MsV1_0DeriveCredential, 994 MsV1_0CacheLookup, 995 #if (_WIN32_WINNT >= 0x0501) 996 MsV1_0SetProcessOption, 997 #endif 998 #if (_WIN32_WINNT >= 0x0600) 999 MsV1_0ConfigLocalAliases, 1000 MsV1_0ClearCachedCredentials, 1001 #endif 1002 } MSV1_0_PROTOCOL_MESSAGE_TYPE, *PMSV1_0_PROTOCOL_MESSAGE_TYPE; 1003 1004 typedef struct _MSV1_0_LM20_CHALLENGE_REQUEST { 1005 MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType; 1006 } MSV1_0_LM20_CHALLENGE_REQUEST, *PMSV1_0_LM20_CHALLENGE_REQUEST; 1007 1008 typedef struct _MSV1_0_LM20_CHALLENGE_RESPONSE { 1009 MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType; 1010 UCHAR ChallengeToClient[MSV1_0_CHALLENGE_LENGTH]; 1011 } MSV1_0_LM20_CHALLENGE_RESPONSE, *PMSV1_0_LM20_CHALLENGE_RESPONSE; 1012 1013 typedef struct _MSV1_0_GETCHALLENRESP_REQUEST_V1 { 1014 MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType; 1015 ULONG ParameterControl; 1016 LUID LogonId; 1017 UNICODE_STRING Password; 1018 UCHAR ChallengeToClient[MSV1_0_CHALLENGE_LENGTH]; 1019 } MSV1_0_GETCHALLENRESP_REQUEST_V1, *PMSV1_0_GETCHALLENRESP_REQUEST_V1; 1020 1021 typedef struct _MSV1_0_GETCHALLENRESP_REQUEST { 1022 MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType; 1023 ULONG ParameterControl; 1024 LUID LogonId; 1025 UNICODE_STRING Password; 1026 UCHAR ChallengeToClient[MSV1_0_CHALLENGE_LENGTH]; 1027 UNICODE_STRING UserName; 1028 UNICODE_STRING LogonDomainName; 1029 UNICODE_STRING ServerName; 1030 } MSV1_0_GETCHALLENRESP_REQUEST, *PMSV1_0_GETCHALLENRESP_REQUEST; 1031 1032 typedef struct _MSV1_0_GETCHALLENRESP_RESPONSE { 1033 MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType; 1034 STRING CaseSensitiveChallengeResponse; 1035 STRING CaseInsensitiveChallengeResponse; 1036 UNICODE_STRING UserName; 1037 UNICODE_STRING LogonDomainName; 1038 UCHAR UserSessionKey[MSV1_0_USER_SESSION_KEY_LENGTH]; 1039 UCHAR LanmanSessionKey[MSV1_0_LANMAN_SESSION_KEY_LENGTH]; 1040 } MSV1_0_GETCHALLENRESP_RESPONSE, *PMSV1_0_GETCHALLENRESP_RESPONSE; 1041 1042 typedef struct _MSV1_0_ENUMUSERS_REQUEST { 1043 MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType; 1044 } MSV1_0_ENUMUSERS_REQUEST, *PMSV1_0_ENUMUSERS_REQUEST; 1045 1046 typedef struct _MSV1_0_ENUMUSERS_RESPONSE { 1047 MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType; 1048 ULONG NumberOfLoggedOnUsers; 1049 PLUID LogonIds; 1050 PULONG EnumHandles; 1051 } MSV1_0_ENUMUSERS_RESPONSE, *PMSV1_0_ENUMUSERS_RESPONSE; 1052 1053 typedef struct _MSV1_0_GETUSERINFO_REQUEST { 1054 MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType; 1055 LUID LogonId; 1056 } MSV1_0_GETUSERINFO_REQUEST, *PMSV1_0_GETUSERINFO_REQUEST; 1057 1058 typedef struct _MSV1_0_GETUSERINFO_RESPONSE { 1059 MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType; 1060 PSID UserSid; 1061 UNICODE_STRING UserName; 1062 UNICODE_STRING LogonDomainName; 1063 UNICODE_STRING LogonServer; 1064 SECURITY_LOGON_TYPE LogonType; 1065 } MSV1_0_GETUSERINFO_RESPONSE, *PMSV1_0_GETUSERINFO_RESPONSE; 1066 1067 $include (iotypes.h) 1068 1069 typedef struct _PUBLIC_OBJECT_BASIC_INFORMATION { 1070 ULONG Attributes; 1071 ACCESS_MASK GrantedAccess; 1072 ULONG HandleCount; 1073 ULONG PointerCount; 1074 ULONG Reserved[10]; 1075 } PUBLIC_OBJECT_BASIC_INFORMATION, *PPUBLIC_OBJECT_BASIC_INFORMATION; 1076 1077 typedef struct _PUBLIC_OBJECT_TYPE_INFORMATION { 1078 UNICODE_STRING TypeName; 1079 ULONG Reserved [22]; 1080 } PUBLIC_OBJECT_TYPE_INFORMATION, *PPUBLIC_OBJECT_TYPE_INFORMATION; 1081 1082 #define SYSTEM_PAGE_PRIORITY_BITS 3 1083 #define SYSTEM_PAGE_PRIORITY_LEVELS (1 << SYSTEM_PAGE_PRIORITY_BITS) 1084 1085 $include (ketypes.h) 1086 $include (kefuncs.h) 1087 $include (extypes.h) 1088 $include (exfuncs.h) 1089 $include (sefuncs.h) 1090 $include (psfuncs.h) 1091 $include (iofuncs.h) 1092 $include (potypes.h) 1093 $include (pofuncs.h) 1094 $include (mmtypes.h) 1095 $include (mmfuncs.h) 1096 $include (obfuncs.h) 1097 $include (fsrtltypes.h) 1098 $include (fsrtlfuncs.h) 1099 $include (cctypes.h) 1100 $include (ccfuncs.h) 1101 $include (zwfuncs.h) 1102 $include (sspi.h) 1103 1104 /* #if !defined(_X86AMD64_) FIXME : WHAT ?! */ 1105 #if defined(_WIN64) 1106 C_ASSERT(sizeof(ERESOURCE) == 0x68); 1107 C_ASSERT(FIELD_OFFSET(ERESOURCE,ActiveCount) == 0x18); 1108 C_ASSERT(FIELD_OFFSET(ERESOURCE,Flag) == 0x1a); 1109 #else 1110 C_ASSERT(sizeof(ERESOURCE) == 0x38); 1111 C_ASSERT(FIELD_OFFSET(ERESOURCE,ActiveCount) == 0x0c); 1112 C_ASSERT(FIELD_OFFSET(ERESOURCE,Flag) == 0x0e); 1113 #endif 1114 /* #endif */ 1115 1116 #if defined(_IA64_) 1117 #if (NTDDI_VERSION >= NTDDI_WIN2K) 1118 //DECLSPEC_DEPRECATED_DDK 1119 NTHALAPI 1120 ULONG 1121 NTAPI 1122 HalGetDmaAlignmentRequirement( 1123 VOID); 1124 #endif 1125 #endif 1126 1127 #if defined(_M_IX86) || defined(_M_AMD64) 1128 #define HalGetDmaAlignmentRequirement() 1L 1129 #endif 1130 1131 #ifdef _NTSYSTEM_ 1132 extern PUSHORT NlsOemLeadByteInfo; 1133 #define NLS_OEM_LEAD_BYTE_INFO NlsOemLeadByteInfo 1134 #else 1135 __CREATE_NTOS_DATA_IMPORT_ALIAS(NlsOemLeadByteInfo) 1136 extern PUSHORT *NlsOemLeadByteInfo; 1137 #define NLS_OEM_LEAD_BYTE_INFO (*NlsOemLeadByteInfo) 1138 #endif 1139 1140 #if (NTDDI_VERSION >= NTDDI_VISTA) 1141 1142 typedef enum _NETWORK_OPEN_LOCATION_QUALIFIER { 1143 NetworkOpenLocationAny, 1144 NetworkOpenLocationRemote, 1145 NetworkOpenLocationLoopback 1146 } NETWORK_OPEN_LOCATION_QUALIFIER; 1147 1148 typedef enum _NETWORK_OPEN_INTEGRITY_QUALIFIER { 1149 NetworkOpenIntegrityAny, 1150 NetworkOpenIntegrityNone, 1151 NetworkOpenIntegritySigned, 1152 NetworkOpenIntegrityEncrypted, 1153 NetworkOpenIntegrityMaximum 1154 } NETWORK_OPEN_INTEGRITY_QUALIFIER; 1155 1156 #if (NTDDI_VERSION >= NTDDI_WIN7) 1157 1158 #define NETWORK_OPEN_ECP_IN_FLAG_DISABLE_HANDLE_COLLAPSING 0x1 1159 #define NETWORK_OPEN_ECP_IN_FLAG_DISABLE_HANDLE_DURABILITY 0x2 1160 #define NETWORK_OPEN_ECP_IN_FLAG_FORCE_BUFFERED_SYNCHRONOUS_IO_HACK 0x80000000 1161 1162 typedef struct _NETWORK_OPEN_ECP_CONTEXT { 1163 USHORT Size; 1164 USHORT Reserved; 1165 _ANONYMOUS_STRUCT struct { 1166 struct { 1167 NETWORK_OPEN_LOCATION_QUALIFIER Location; 1168 NETWORK_OPEN_INTEGRITY_QUALIFIER Integrity; 1169 ULONG Flags; 1170 } in; 1171 struct { 1172 NETWORK_OPEN_LOCATION_QUALIFIER Location; 1173 NETWORK_OPEN_INTEGRITY_QUALIFIER Integrity; 1174 ULONG Flags; 1175 } out; 1176 } DUMMYSTRUCTNAME; 1177 } NETWORK_OPEN_ECP_CONTEXT, *PNETWORK_OPEN_ECP_CONTEXT; 1178 1179 typedef struct _NETWORK_OPEN_ECP_CONTEXT_V0 { 1180 USHORT Size; 1181 USHORT Reserved; 1182 _ANONYMOUS_STRUCT struct { 1183 struct { 1184 NETWORK_OPEN_LOCATION_QUALIFIER Location; 1185 NETWORK_OPEN_INTEGRITY_QUALIFIER Integrity; 1186 } in; 1187 struct { 1188 NETWORK_OPEN_LOCATION_QUALIFIER Location; 1189 NETWORK_OPEN_INTEGRITY_QUALIFIER Integrity; 1190 } out; 1191 } DUMMYSTRUCTNAME; 1192 } NETWORK_OPEN_ECP_CONTEXT_V0, *PNETWORK_OPEN_ECP_CONTEXT_V0; 1193 1194 #elif (NTDDI_VERSION >= NTDDI_VISTA) 1195 typedef struct _NETWORK_OPEN_ECP_CONTEXT { 1196 USHORT Size; 1197 USHORT Reserved; 1198 _ANONYMOUS_STRUCT struct { 1199 struct { 1200 NETWORK_OPEN_LOCATION_QUALIFIER Location; 1201 NETWORK_OPEN_INTEGRITY_QUALIFIER Integrity; 1202 } in; 1203 struct { 1204 NETWORK_OPEN_LOCATION_QUALIFIER Location; 1205 NETWORK_OPEN_INTEGRITY_QUALIFIER Integrity; 1206 } out; 1207 } DUMMYSTRUCTNAME; 1208 } NETWORK_OPEN_ECP_CONTEXT, *PNETWORK_OPEN_ECP_CONTEXT; 1209 #endif 1210 1211 DEFINE_GUID(GUID_ECP_NETWORK_OPEN_CONTEXT, 0xc584edbf, 0x00df, 0x4d28, 0xb8, 0x84, 0x35, 0xba, 0xca, 0x89, 0x11, 0xe8); 1212 1213 #endif /* (NTDDI_VERSION >= NTDDI_VISTA) */ 1214 1215 1216 #if (NTDDI_VERSION >= NTDDI_VISTA) 1217 1218 typedef struct _PREFETCH_OPEN_ECP_CONTEXT { 1219 PVOID Context; 1220 } PREFETCH_OPEN_ECP_CONTEXT, *PPREFETCH_OPEN_ECP_CONTEXT; 1221 1222 DEFINE_GUID(GUID_ECP_PREFETCH_OPEN, 0xe1777b21, 0x847e, 0x4837, 0xaa, 0x45, 0x64, 0x16, 0x1d, 0x28, 0x6, 0x55); 1223 1224 #endif /* (NTDDI_VERSION >= NTDDI_VISTA) */ 1225 1226 #if (NTDDI_VERSION >= NTDDI_WIN7) 1227 1228 DEFINE_GUID (GUID_ECP_NFS_OPEN, 0xf326d30c, 0xe5f8, 0x4fe7, 0xab, 0x74, 0xf5, 0xa3, 0x19, 0x6d, 0x92, 0xdb); 1229 DEFINE_GUID (GUID_ECP_SRV_OPEN, 0xbebfaebc, 0xaabf, 0x489d, 0x9d, 0x2c, 0xe9, 0xe3, 0x61, 0x10, 0x28, 0x53); 1230 1231 typedef struct sockaddr_storage *PSOCKADDR_STORAGE_NFS; 1232 1233 typedef struct _NFS_OPEN_ECP_CONTEXT { 1234 PUNICODE_STRING ExportAlias; 1235 PSOCKADDR_STORAGE_NFS ClientSocketAddress; 1236 } NFS_OPEN_ECP_CONTEXT, *PNFS_OPEN_ECP_CONTEXT, **PPNFS_OPEN_ECP_CONTEXT; 1237 1238 typedef struct _SRV_OPEN_ECP_CONTEXT { 1239 PUNICODE_STRING ShareName; 1240 PSOCKADDR_STORAGE_NFS SocketAddress; 1241 BOOLEAN OplockBlockState; 1242 BOOLEAN OplockAppState; 1243 BOOLEAN OplockFinalState; 1244 } SRV_OPEN_ECP_CONTEXT, *PSRV_OPEN_ECP_CONTEXT; 1245 1246 #endif /* (NTDDI_VERSION >= NTDDI_WIN7) */ 1247 1248 #define PIN_WAIT (1) 1249 #define PIN_EXCLUSIVE (2) 1250 #define PIN_NO_READ (4) 1251 #define PIN_IF_BCB (8) 1252 #define PIN_CALLER_TRACKS_DIRTY_DATA (32) 1253 #define PIN_HIGH_PRIORITY (64) 1254 1255 #define MAP_WAIT 1 1256 #define MAP_NO_READ (16) 1257 #define MAP_HIGH_PRIORITY (64) 1258 1259 #define IOCTL_REDIR_QUERY_PATH CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 99, METHOD_NEITHER, FILE_ANY_ACCESS) 1260 #define IOCTL_REDIR_QUERY_PATH_EX CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 100, METHOD_NEITHER, FILE_ANY_ACCESS) 1261 1262 typedef struct _QUERY_PATH_REQUEST { 1263 ULONG PathNameLength; 1264 PIO_SECURITY_CONTEXT SecurityContext; 1265 WCHAR FilePathName[1]; 1266 } QUERY_PATH_REQUEST, *PQUERY_PATH_REQUEST; 1267 1268 typedef struct _QUERY_PATH_REQUEST_EX { 1269 PIO_SECURITY_CONTEXT pSecurityContext; 1270 ULONG EaLength; 1271 PVOID pEaBuffer; 1272 UNICODE_STRING PathName; 1273 UNICODE_STRING DomainServiceName; 1274 ULONG_PTR Reserved[ 3 ]; 1275 } QUERY_PATH_REQUEST_EX, *PQUERY_PATH_REQUEST_EX; 1276 1277 typedef struct _QUERY_PATH_RESPONSE { 1278 ULONG LengthAccepted; 1279 } QUERY_PATH_RESPONSE, *PQUERY_PATH_RESPONSE; 1280 1281 #define VOLSNAPCONTROLTYPE 0x00000053 1282 #define IOCTL_VOLSNAP_FLUSH_AND_HOLD_WRITES CTL_CODE(VOLSNAPCONTROLTYPE, 0, METHOD_BUFFERED, FILE_READ_ACCESS | FILE_WRITE_ACCESS) 1283 1284 /* FIXME : These definitions below don't belong here (or anywhere in ddk really) */ 1285 #pragma pack(push,4) 1286 1287 #ifndef VER_PRODUCTBUILD 1288 #define VER_PRODUCTBUILD 10000 1289 #endif 1290 1291 #include "csq.h" 1292 1293 #define FS_LFN_APIS 0x00004000 1294 1295 #define FILE_STORAGE_TYPE_SPECIFIED 0x00000041 /* FILE_DIRECTORY_FILE | FILE_NON_DIRECTORY_FILE */ 1296 #define FILE_STORAGE_TYPE_DEFAULT (StorageTypeDefault << FILE_STORAGE_TYPE_SHIFT) 1297 #define FILE_STORAGE_TYPE_DIRECTORY (StorageTypeDirectory << FILE_STORAGE_TYPE_SHIFT) 1298 #define FILE_STORAGE_TYPE_FILE (StorageTypeFile << FILE_STORAGE_TYPE_SHIFT) 1299 #define FILE_STORAGE_TYPE_DOCFILE (StorageTypeDocfile << FILE_STORAGE_TYPE_SHIFT) 1300 #define FILE_STORAGE_TYPE_JUNCTION_POINT (StorageTypeJunctionPoint << FILE_STORAGE_TYPE_SHIFT) 1301 #define FILE_STORAGE_TYPE_CATALOG (StorageTypeCatalog << FILE_STORAGE_TYPE_SHIFT) 1302 #define FILE_STORAGE_TYPE_STRUCTURED_STORAGE (StorageTypeStructuredStorage << FILE_STORAGE_TYPE_SHIFT) 1303 #define FILE_STORAGE_TYPE_EMBEDDING (StorageTypeEmbedding << FILE_STORAGE_TYPE_SHIFT) 1304 #define FILE_STORAGE_TYPE_STREAM (StorageTypeStream << FILE_STORAGE_TYPE_SHIFT) 1305 #define FILE_MINIMUM_STORAGE_TYPE FILE_STORAGE_TYPE_DEFAULT 1306 #define FILE_MAXIMUM_STORAGE_TYPE FILE_STORAGE_TYPE_STREAM 1307 #define FILE_STORAGE_TYPE_MASK 0x000f0000 1308 #define FILE_STORAGE_TYPE_SHIFT 16 1309 1310 #define FILE_VC_QUOTAS_LOG_VIOLATIONS 0x00000004 1311 1312 #ifdef _X86_ 1313 #define HARDWARE_PTE HARDWARE_PTE_X86 1314 #define PHARDWARE_PTE PHARDWARE_PTE_X86 1315 #endif 1316 1317 #define IO_ATTACH_DEVICE_API 0x80000000 1318 1319 #define IO_TYPE_APC 18 1320 #define IO_TYPE_DPC 19 1321 #define IO_TYPE_DEVICE_QUEUE 20 1322 #define IO_TYPE_EVENT_PAIR 21 1323 #define IO_TYPE_INTERRUPT 22 1324 #define IO_TYPE_PROFILE 23 1325 1326 #define IRP_BEING_VERIFIED 0x10 1327 1328 #define MAILSLOT_CLASS_FIRSTCLASS 1 1329 #define MAILSLOT_CLASS_SECONDCLASS 2 1330 1331 #define MAILSLOT_SIZE_AUTO 0 1332 1333 #define MEM_DOS_LIM 0x40000000 1334 1335 #define OB_TYPE_TYPE 1 1336 #define OB_TYPE_DIRECTORY 2 1337 #define OB_TYPE_SYMBOLIC_LINK 3 1338 #define OB_TYPE_TOKEN 4 1339 #define OB_TYPE_PROCESS 5 1340 #define OB_TYPE_THREAD 6 1341 #define OB_TYPE_EVENT 7 1342 #define OB_TYPE_EVENT_PAIR 8 1343 #define OB_TYPE_MUTANT 9 1344 #define OB_TYPE_SEMAPHORE 10 1345 #define OB_TYPE_TIMER 11 1346 #define OB_TYPE_PROFILE 12 1347 #define OB_TYPE_WINDOW_STATION 13 1348 #define OB_TYPE_DESKTOP 14 1349 #define OB_TYPE_SECTION 15 1350 #define OB_TYPE_KEY 16 1351 #define OB_TYPE_PORT 17 1352 #define OB_TYPE_ADAPTER 18 1353 #define OB_TYPE_CONTROLLER 19 1354 #define OB_TYPE_DEVICE 20 1355 #define OB_TYPE_DRIVER 21 1356 #define OB_TYPE_IO_COMPLETION 22 1357 #define OB_TYPE_FILE 23 1358 1359 #define SEC_BASED 0x00200000 1360 1361 /* end winnt.h */ 1362 1363 #define TOKEN_HAS_ADMIN_GROUP 0x08 1364 1365 #if (VER_PRODUCTBUILD >= 1381) 1366 #define FSCTL_GET_HFS_INFORMATION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 31, METHOD_BUFFERED, FILE_ANY_ACCESS) 1367 #endif /* (VER_PRODUCTBUILD >= 1381) */ 1368 1369 #if (VER_PRODUCTBUILD >= 2195) 1370 1371 #define FSCTL_READ_PROPERTY_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 33, METHOD_NEITHER, FILE_ANY_ACCESS) 1372 #define FSCTL_WRITE_PROPERTY_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 34, METHOD_NEITHER, FILE_ANY_ACCESS) 1373 1374 #define FSCTL_DUMP_PROPERTY_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 37, METHOD_NEITHER, FILE_ANY_ACCESS) 1375 1376 #define FSCTL_HSM_MSG CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 66, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA) 1377 #define FSCTL_NSS_CONTROL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 67, METHOD_BUFFERED, FILE_WRITE_DATA) 1378 #define FSCTL_HSM_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 68, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA) 1379 #define FSCTL_NSS_RCONTROL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 70, METHOD_BUFFERED, FILE_READ_DATA) 1380 #endif /* (VER_PRODUCTBUILD >= 2195) */ 1381 1382 #define FSCTL_NETWORK_SET_CONFIGURATION_INFO CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 102, METHOD_IN_DIRECT, FILE_ANY_ACCESS) 1383 #define FSCTL_NETWORK_GET_CONFIGURATION_INFO CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 103, METHOD_OUT_DIRECT, FILE_ANY_ACCESS) 1384 #define FSCTL_NETWORK_GET_CONNECTION_INFO CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 104, METHOD_NEITHER, FILE_ANY_ACCESS) 1385 #define FSCTL_NETWORK_ENUMERATE_CONNECTIONS CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 105, METHOD_NEITHER, FILE_ANY_ACCESS) 1386 #define FSCTL_NETWORK_DELETE_CONNECTION CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 107, METHOD_BUFFERED, FILE_ANY_ACCESS) 1387 #define FSCTL_NETWORK_GET_STATISTICS CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 116, METHOD_BUFFERED, FILE_ANY_ACCESS) 1388 #define FSCTL_NETWORK_SET_DOMAIN_NAME CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 120, METHOD_BUFFERED, FILE_ANY_ACCESS) 1389 #define FSCTL_NETWORK_REMOTE_BOOT_INIT_SCRT CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 250, METHOD_BUFFERED, FILE_ANY_ACCESS) 1390 1391 typedef enum _FILE_STORAGE_TYPE { 1392 StorageTypeDefault = 1, 1393 StorageTypeDirectory, 1394 StorageTypeFile, 1395 StorageTypeJunctionPoint, 1396 StorageTypeCatalog, 1397 StorageTypeStructuredStorage, 1398 StorageTypeEmbedding, 1399 StorageTypeStream 1400 } FILE_STORAGE_TYPE; 1401 1402 typedef struct _OBJECT_BASIC_INFORMATION 1403 { 1404 ULONG Attributes; 1405 ACCESS_MASK GrantedAccess; 1406 ULONG HandleCount; 1407 ULONG PointerCount; 1408 ULONG PagedPoolCharge; 1409 ULONG NonPagedPoolCharge; 1410 ULONG Reserved[ 3 ]; 1411 ULONG NameInfoSize; 1412 ULONG TypeInfoSize; 1413 ULONG SecurityDescriptorSize; 1414 LARGE_INTEGER CreationTime; 1415 } OBJECT_BASIC_INFORMATION, *POBJECT_BASIC_INFORMATION; 1416 1417 typedef struct _FILE_COPY_ON_WRITE_INFORMATION { 1418 BOOLEAN ReplaceIfExists; 1419 HANDLE RootDirectory; 1420 ULONG FileNameLength; 1421 WCHAR FileName[1]; 1422 } FILE_COPY_ON_WRITE_INFORMATION, *PFILE_COPY_ON_WRITE_INFORMATION; 1423 1424 typedef struct _FILE_FULL_DIRECTORY_INFORMATION { 1425 ULONG NextEntryOffset; 1426 ULONG FileIndex; 1427 LARGE_INTEGER CreationTime; 1428 LARGE_INTEGER LastAccessTime; 1429 LARGE_INTEGER LastWriteTime; 1430 LARGE_INTEGER ChangeTime; 1431 LARGE_INTEGER EndOfFile; 1432 LARGE_INTEGER AllocationSize; 1433 ULONG FileAttributes; 1434 ULONG FileNameLength; 1435 ULONG EaSize; 1436 WCHAR FileName[ANYSIZE_ARRAY]; 1437 } FILE_FULL_DIRECTORY_INFORMATION, *PFILE_FULL_DIRECTORY_INFORMATION; 1438 1439 /* raw internal file lock struct returned from FsRtlGetNextFileLock */ 1440 typedef struct _FILE_SHARED_LOCK_ENTRY { 1441 PVOID Unknown1; 1442 PVOID Unknown2; 1443 FILE_LOCK_INFO FileLock; 1444 } FILE_SHARED_LOCK_ENTRY, *PFILE_SHARED_LOCK_ENTRY; 1445 1446 /* raw internal file lock struct returned from FsRtlGetNextFileLock */ 1447 typedef struct _FILE_EXCLUSIVE_LOCK_ENTRY { 1448 LIST_ENTRY ListEntry; 1449 PVOID Unknown1; 1450 PVOID Unknown2; 1451 FILE_LOCK_INFO FileLock; 1452 } FILE_EXCLUSIVE_LOCK_ENTRY, *PFILE_EXCLUSIVE_LOCK_ENTRY; 1453 1454 typedef struct _FILE_MAILSLOT_PEEK_BUFFER { 1455 ULONG ReadDataAvailable; 1456 ULONG NumberOfMessages; 1457 ULONG MessageLength; 1458 } FILE_MAILSLOT_PEEK_BUFFER, *PFILE_MAILSLOT_PEEK_BUFFER; 1459 1460 typedef struct _FILE_OLE_CLASSID_INFORMATION { 1461 GUID ClassId; 1462 } FILE_OLE_CLASSID_INFORMATION, *PFILE_OLE_CLASSID_INFORMATION; 1463 1464 typedef struct _FILE_OLE_ALL_INFORMATION { 1465 FILE_BASIC_INFORMATION BasicInformation; 1466 FILE_STANDARD_INFORMATION StandardInformation; 1467 FILE_INTERNAL_INFORMATION InternalInformation; 1468 FILE_EA_INFORMATION EaInformation; 1469 FILE_ACCESS_INFORMATION AccessInformation; 1470 FILE_POSITION_INFORMATION PositionInformation; 1471 FILE_MODE_INFORMATION ModeInformation; 1472 FILE_ALIGNMENT_INFORMATION AlignmentInformation; 1473 USN LastChangeUsn; 1474 USN ReplicationUsn; 1475 LARGE_INTEGER SecurityChangeTime; 1476 FILE_OLE_CLASSID_INFORMATION OleClassIdInformation; 1477 FILE_OBJECTID_INFORMATION ObjectIdInformation; 1478 FILE_STORAGE_TYPE StorageType; 1479 ULONG OleStateBits; 1480 ULONG OleId; 1481 ULONG NumberOfStreamReferences; 1482 ULONG StreamIndex; 1483 ULONG SecurityId; 1484 BOOLEAN ContentIndexDisable; 1485 BOOLEAN InheritContentIndexDisable; 1486 FILE_NAME_INFORMATION NameInformation; 1487 } FILE_OLE_ALL_INFORMATION, *PFILE_OLE_ALL_INFORMATION; 1488 1489 typedef struct _FILE_OLE_DIR_INFORMATION { 1490 ULONG NextEntryOffset; 1491 ULONG FileIndex; 1492 LARGE_INTEGER CreationTime; 1493 LARGE_INTEGER LastAccessTime; 1494 LARGE_INTEGER LastWriteTime; 1495 LARGE_INTEGER ChangeTime; 1496 LARGE_INTEGER EndOfFile; 1497 LARGE_INTEGER AllocationSize; 1498 ULONG FileAttributes; 1499 ULONG FileNameLength; 1500 FILE_STORAGE_TYPE StorageType; 1501 GUID OleClassId; 1502 ULONG OleStateBits; 1503 BOOLEAN ContentIndexDisable; 1504 BOOLEAN InheritContentIndexDisable; 1505 WCHAR FileName[1]; 1506 } FILE_OLE_DIR_INFORMATION, *PFILE_OLE_DIR_INFORMATION; 1507 1508 typedef struct _FILE_OLE_INFORMATION { 1509 LARGE_INTEGER SecurityChangeTime; 1510 FILE_OLE_CLASSID_INFORMATION OleClassIdInformation; 1511 FILE_OBJECTID_INFORMATION ObjectIdInformation; 1512 FILE_STORAGE_TYPE StorageType; 1513 ULONG OleStateBits; 1514 BOOLEAN ContentIndexDisable; 1515 BOOLEAN InheritContentIndexDisable; 1516 } FILE_OLE_INFORMATION, *PFILE_OLE_INFORMATION; 1517 1518 typedef struct _FILE_OLE_STATE_BITS_INFORMATION { 1519 ULONG StateBits; 1520 ULONG StateBitsMask; 1521 } FILE_OLE_STATE_BITS_INFORMATION, *PFILE_OLE_STATE_BITS_INFORMATION; 1522 1523 typedef struct _MAPPING_PAIR { 1524 ULONGLONG Vcn; 1525 ULONGLONG Lcn; 1526 } MAPPING_PAIR, *PMAPPING_PAIR; 1527 1528 typedef struct _GET_RETRIEVAL_DESCRIPTOR { 1529 ULONG NumberOfPairs; 1530 ULONGLONG StartVcn; 1531 MAPPING_PAIR Pair[1]; 1532 } GET_RETRIEVAL_DESCRIPTOR, *PGET_RETRIEVAL_DESCRIPTOR; 1533 1534 typedef struct _MOVEFILE_DESCRIPTOR { 1535 HANDLE FileHandle; 1536 ULONG Reserved; 1537 LARGE_INTEGER StartVcn; 1538 LARGE_INTEGER TargetLcn; 1539 ULONG NumVcns; 1540 ULONG Reserved1; 1541 } MOVEFILE_DESCRIPTOR, *PMOVEFILE_DESCRIPTOR; 1542 1543 typedef struct _OBJECT_BASIC_INFO { 1544 ULONG Attributes; 1545 ACCESS_MASK GrantedAccess; 1546 ULONG HandleCount; 1547 ULONG ReferenceCount; 1548 ULONG PagedPoolUsage; 1549 ULONG NonPagedPoolUsage; 1550 ULONG Reserved[3]; 1551 ULONG NameInformationLength; 1552 ULONG TypeInformationLength; 1553 ULONG SecurityDescriptorLength; 1554 LARGE_INTEGER CreateTime; 1555 } OBJECT_BASIC_INFO, *POBJECT_BASIC_INFO; 1556 1557 typedef struct _OBJECT_HANDLE_ATTRIBUTE_INFO { 1558 BOOLEAN Inherit; 1559 BOOLEAN ProtectFromClose; 1560 } OBJECT_HANDLE_ATTRIBUTE_INFO, *POBJECT_HANDLE_ATTRIBUTE_INFO; 1561 1562 typedef struct _OBJECT_NAME_INFO { 1563 UNICODE_STRING ObjectName; 1564 WCHAR ObjectNameBuffer[1]; 1565 } OBJECT_NAME_INFO, *POBJECT_NAME_INFO; 1566 1567 typedef struct _OBJECT_PROTECTION_INFO { 1568 BOOLEAN Inherit; 1569 BOOLEAN ProtectHandle; 1570 } OBJECT_PROTECTION_INFO, *POBJECT_PROTECTION_INFO; 1571 1572 typedef struct _OBJECT_TYPE_INFO { 1573 UNICODE_STRING ObjectTypeName; 1574 UCHAR Unknown[0x58]; 1575 WCHAR ObjectTypeNameBuffer[1]; 1576 } OBJECT_TYPE_INFO, *POBJECT_TYPE_INFO; 1577 1578 typedef struct _OBJECT_ALL_TYPES_INFO { 1579 ULONG NumberOfObjectTypes; 1580 OBJECT_TYPE_INFO ObjectsTypeInfo[1]; 1581 } OBJECT_ALL_TYPES_INFO, *POBJECT_ALL_TYPES_INFO; 1582 1583 #if defined(USE_LPC6432) 1584 #define LPC_CLIENT_ID CLIENT_ID64 1585 #define LPC_SIZE_T ULONGLONG 1586 #define LPC_PVOID ULONGLONG 1587 #define LPC_HANDLE ULONGLONG 1588 #else 1589 #define LPC_CLIENT_ID CLIENT_ID 1590 #define LPC_SIZE_T SIZE_T 1591 #define LPC_PVOID PVOID 1592 #define LPC_HANDLE HANDLE 1593 #endif 1594 1595 typedef struct _PORT_MESSAGE 1596 { 1597 union 1598 { 1599 struct 1600 { 1601 CSHORT DataLength; 1602 CSHORT TotalLength; 1603 } s1; 1604 ULONG Length; 1605 } u1; 1606 union 1607 { 1608 struct 1609 { 1610 CSHORT Type; 1611 CSHORT DataInfoOffset; 1612 } s2; 1613 ULONG ZeroInit; 1614 } u2; 1615 __GNU_EXTENSION union 1616 { 1617 LPC_CLIENT_ID ClientId; 1618 double DoNotUseThisField; 1619 }; 1620 ULONG MessageId; 1621 __GNU_EXTENSION union 1622 { 1623 LPC_SIZE_T ClientViewSize; 1624 ULONG CallbackId; 1625 }; 1626 } PORT_MESSAGE, *PPORT_MESSAGE; 1627 1628 #define LPC_KERNELMODE_MESSAGE (CSHORT)((USHORT)0x8000) 1629 1630 typedef struct _PORT_VIEW 1631 { 1632 ULONG Length; 1633 LPC_HANDLE SectionHandle; 1634 ULONG SectionOffset; 1635 LPC_SIZE_T ViewSize; 1636 LPC_PVOID ViewBase; 1637 LPC_PVOID ViewRemoteBase; 1638 } PORT_VIEW, *PPORT_VIEW; 1639 1640 typedef struct _REMOTE_PORT_VIEW 1641 { 1642 ULONG Length; 1643 LPC_SIZE_T ViewSize; 1644 LPC_PVOID ViewBase; 1645 } REMOTE_PORT_VIEW, *PREMOTE_PORT_VIEW; 1646 1647 typedef struct _VAD_HEADER { 1648 PVOID StartVPN; 1649 PVOID EndVPN; 1650 struct _VAD_HEADER* ParentLink; 1651 struct _VAD_HEADER* LeftLink; 1652 struct _VAD_HEADER* RightLink; 1653 ULONG Flags; /* LSB = CommitCharge */ 1654 PVOID ControlArea; 1655 PVOID FirstProtoPte; 1656 PVOID LastPTE; 1657 ULONG Unknown; 1658 LIST_ENTRY Secured; 1659 } VAD_HEADER, *PVAD_HEADER; 1660 1661 NTKERNELAPI 1662 LARGE_INTEGER 1663 NTAPI 1664 CcGetLsnForFileObject ( 1665 _In_ PFILE_OBJECT FileObject, 1666 _Out_opt_ PLARGE_INTEGER OldestLsn 1667 ); 1668 1669 NTKERNELAPI 1670 PVOID 1671 NTAPI 1672 FsRtlAllocatePool ( 1673 _In_ POOL_TYPE PoolType, 1674 _In_ ULONG NumberOfBytes 1675 ); 1676 1677 NTKERNELAPI 1678 PVOID 1679 NTAPI 1680 FsRtlAllocatePoolWithQuota ( 1681 _In_ POOL_TYPE PoolType, 1682 _In_ ULONG NumberOfBytes 1683 ); 1684 1685 NTKERNELAPI 1686 PVOID 1687 NTAPI 1688 FsRtlAllocatePoolWithQuotaTag ( 1689 _In_ POOL_TYPE PoolType, 1690 _In_ ULONG NumberOfBytes, 1691 _In_ ULONG Tag 1692 ); 1693 1694 NTKERNELAPI 1695 PVOID 1696 NTAPI 1697 FsRtlAllocatePoolWithTag ( 1698 _In_ POOL_TYPE PoolType, 1699 _In_ ULONG NumberOfBytes, 1700 _In_ ULONG Tag 1701 ); 1702 1703 NTKERNELAPI 1704 BOOLEAN 1705 NTAPI 1706 FsRtlMdlReadComplete ( 1707 _In_ PFILE_OBJECT FileObject, 1708 _In_ PMDL MdlChain 1709 ); 1710 1711 NTKERNELAPI 1712 BOOLEAN 1713 NTAPI 1714 FsRtlMdlWriteComplete ( 1715 _In_ PFILE_OBJECT FileObject, 1716 _In_ PLARGE_INTEGER FileOffset, 1717 _In_ PMDL MdlChain 1718 ); 1719 1720 NTKERNELAPI 1721 VOID 1722 NTAPI 1723 FsRtlNotifyChangeDirectory ( 1724 _In_ PNOTIFY_SYNC NotifySync, 1725 _In_ PVOID FsContext, 1726 _In_ PSTRING FullDirectoryName, 1727 _In_ PLIST_ENTRY NotifyList, 1728 _In_ BOOLEAN WatchTree, 1729 _In_ ULONG CompletionFilter, 1730 _In_ PIRP NotifyIrp 1731 ); 1732 1733 #if 1 1734 NTKERNELAPI 1735 NTSTATUS 1736 NTAPI 1737 ObCreateObject( 1738 _In_opt_ KPROCESSOR_MODE ObjectAttributesAccessMode, 1739 _In_ POBJECT_TYPE ObjectType, 1740 _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, 1741 _In_ KPROCESSOR_MODE AccessMode, 1742 _Inout_opt_ PVOID ParseContext, 1743 _In_ ULONG ObjectSize, 1744 _In_opt_ ULONG PagedPoolCharge, 1745 _In_opt_ ULONG NonPagedPoolCharge, 1746 _Out_ PVOID *Object 1747 ); 1748 1749 NTKERNELAPI 1750 NTSTATUS 1751 NTAPI 1752 ObReferenceObjectByName ( 1753 _In_ PUNICODE_STRING ObjectName, 1754 _In_ ULONG Attributes, 1755 _In_opt_ PACCESS_STATE PassedAccessState, 1756 _In_opt_ ACCESS_MASK DesiredAccess, 1757 _In_ POBJECT_TYPE ObjectType, 1758 _In_ KPROCESSOR_MODE AccessMode, 1759 _Inout_opt_ PVOID ParseContext, 1760 _Out_ PVOID *Object 1761 ); 1762 1763 #define PsDereferenceImpersonationToken(T) \ 1764 {if (ARGUMENT_PRESENT(T)) { \ 1765 (ObDereferenceObject((T))); \ 1766 } else { \ 1767 ; \ 1768 } \ 1769 } 1770 1771 NTKERNELAPI 1772 NTSTATUS 1773 NTAPI 1774 PsLookupProcessThreadByCid ( 1775 _In_ PCLIENT_ID Cid, 1776 _Out_opt_ PEPROCESS *Process, 1777 _Out_ PETHREAD *Thread 1778 ); 1779 1780 NTSYSAPI 1781 NTSTATUS 1782 NTAPI 1783 RtlSetSaclSecurityDescriptor ( 1784 _Inout_ PSECURITY_DESCRIPTOR SecurityDescriptor, 1785 _In_ BOOLEAN SaclPresent, 1786 _In_ PACL Sacl, 1787 _In_ BOOLEAN SaclDefaulted 1788 ); 1789 1790 #define SeEnableAccessToExports() SeExports = *(PSE_EXPORTS *)SeExports; 1791 1792 #endif 1793 1794 #pragma pack(pop) 1795 1796 #ifdef __cplusplus 1797 } 1798 #endif 1799