1 /* 2 * ntifs.h 3 * 4 * Windows NT Filesystem Driver Developer Kit 5 * 6 * This file is part of the ReactOS DDK package. 7 * 8 * Contributors: 9 * Amine Khaldi 10 * Timo Kreuzer (timo.kreuzer@reactos.org) 11 * 12 * THIS SOFTWARE IS NOT COPYRIGHTED 13 * 14 * This source code is offered for use in the public domain. You may 15 * use, modify or distribute it freely. 16 * 17 * This code is distributed in the hope that it will be useful but 18 * WITHOUT ANY WARRANTY. ALL WARRANTIES, EXPRESS OR IMPLIED ARE HEREBY 19 * DISCLAIMED. This includes but is not limited to warranties of 20 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 21 * 22 */ 23 24 #pragma once 25 26 #define _NTIFS_INCLUDED_ 27 #define _GNU_NTIFS_ 28 29 #ifdef __cplusplus 30 extern "C" { 31 #endif 32 33 $define(UCHAR=UCHAR) 34 $define(ULONG=ULONG) 35 $define(USHORT=USHORT) 36 37 /* Dependencies */ 38 #include <ntddk.h> 39 #include <excpt.h> 40 #include <ntdef.h> 41 #include <ntnls.h> 42 #include <ntstatus.h> 43 #include <bugcodes.h> 44 #include <ntiologc.h> 45 46 $define (_NTIFS_) 47 48 #ifndef FlagOn 49 #define FlagOn(_F,_SF) ((_F) & (_SF)) 50 #endif 51 52 #ifndef BooleanFlagOn 53 #define BooleanFlagOn(F,SF) ((BOOLEAN)(((F) & (SF)) != 0)) 54 #endif 55 56 #ifndef SetFlag 57 #define SetFlag(_F,_SF) ((_F) |= (_SF)) 58 #endif 59 60 #ifndef ClearFlag 61 #define ClearFlag(_F,_SF) ((_F) &= ~(_SF)) 62 #endif 63 64 typedef UNICODE_STRING LSA_UNICODE_STRING, *PLSA_UNICODE_STRING; 65 typedef STRING LSA_STRING, *PLSA_STRING; 66 typedef OBJECT_ATTRIBUTES LSA_OBJECT_ATTRIBUTES, *PLSA_OBJECT_ATTRIBUTES; 67 68 $include (setypes.h) 69 $include (obtypes.h) 70 $include (rtltypes.h) 71 $include (rtlfuncs.h) 72 73 _IRQL_requires_max_(PASSIVE_LEVEL) 74 __kernel_entry 75 NTSYSCALLAPI 76 NTSTATUS 77 NTAPI 78 NtQueryObject( 79 _In_opt_ HANDLE Handle, 80 _In_ OBJECT_INFORMATION_CLASS ObjectInformationClass, 81 _Out_writes_bytes_opt_(ObjectInformationLength) PVOID ObjectInformation, 82 _In_ ULONG ObjectInformationLength, 83 _Out_opt_ PULONG ReturnLength); 84 85 #if (NTDDI_VERSION >= NTDDI_WIN2K) 86 87 _Must_inspect_result_ 88 __kernel_entry 89 NTSYSCALLAPI 90 NTSTATUS 91 NTAPI 92 NtOpenThreadToken( 93 _In_ HANDLE ThreadHandle, 94 _In_ ACCESS_MASK DesiredAccess, 95 _In_ BOOLEAN OpenAsSelf, 96 _Out_ PHANDLE TokenHandle); 97 98 _Must_inspect_result_ 99 __kernel_entry 100 NTSYSCALLAPI 101 NTSTATUS 102 NTAPI 103 NtOpenProcessToken( 104 _In_ HANDLE ProcessHandle, 105 _In_ ACCESS_MASK DesiredAccess, 106 _Out_ PHANDLE TokenHandle); 107 108 _When_(TokenInformationClass == TokenAccessInformation, 109 _At_(TokenInformationLength, 110 _In_range_(>=, sizeof(TOKEN_ACCESS_INFORMATION)))) 111 _Must_inspect_result_ 112 __kernel_entry 113 NTSYSCALLAPI 114 NTSTATUS 115 NTAPI 116 NtQueryInformationToken( 117 _In_ HANDLE TokenHandle, 118 _In_ TOKEN_INFORMATION_CLASS TokenInformationClass, 119 _Out_writes_bytes_to_opt_(TokenInformationLength, *ReturnLength) PVOID TokenInformation, 120 _In_ ULONG TokenInformationLength, 121 _Out_ PULONG ReturnLength); 122 123 _Must_inspect_result_ 124 __kernel_entry 125 NTSYSCALLAPI 126 NTSTATUS 127 NTAPI 128 NtAdjustPrivilegesToken( 129 _In_ HANDLE TokenHandle, 130 _In_ BOOLEAN DisableAllPrivileges, 131 _In_opt_ PTOKEN_PRIVILEGES NewState, 132 _In_ ULONG BufferLength, 133 _Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_PRIVILEGES PreviousState, 134 _When_(PreviousState != NULL, _Out_) PULONG ReturnLength); 135 136 __kernel_entry 137 NTSYSCALLAPI 138 NTSTATUS 139 NTAPI 140 NtCreateFile( 141 _Out_ PHANDLE FileHandle, 142 _In_ ACCESS_MASK DesiredAccess, 143 _In_ POBJECT_ATTRIBUTES ObjectAttributes, 144 _Out_ PIO_STATUS_BLOCK IoStatusBlock, 145 _In_opt_ PLARGE_INTEGER AllocationSize, 146 _In_ ULONG FileAttributes, 147 _In_ ULONG ShareAccess, 148 _In_ ULONG CreateDisposition, 149 _In_ ULONG CreateOptions, 150 _In_reads_bytes_opt_(EaLength) PVOID EaBuffer, 151 _In_ ULONG EaLength); 152 153 __kernel_entry 154 NTSYSCALLAPI 155 NTSTATUS 156 NTAPI 157 NtDeviceIoControlFile( 158 _In_ HANDLE FileHandle, 159 _In_opt_ HANDLE Event, 160 _In_opt_ PIO_APC_ROUTINE ApcRoutine, 161 _In_opt_ PVOID ApcContext, 162 _Out_ PIO_STATUS_BLOCK IoStatusBlock, 163 _In_ ULONG IoControlCode, 164 _In_reads_bytes_opt_(InputBufferLength) PVOID InputBuffer, 165 _In_ ULONG InputBufferLength, 166 _Out_writes_bytes_opt_(OutputBufferLength) PVOID OutputBuffer, 167 _In_ ULONG OutputBufferLength); 168 169 __kernel_entry 170 NTSYSCALLAPI 171 NTSTATUS 172 NTAPI 173 NtFsControlFile( 174 _In_ HANDLE FileHandle, 175 _In_opt_ HANDLE Event, 176 _In_opt_ PIO_APC_ROUTINE ApcRoutine, 177 _In_opt_ PVOID ApcContext, 178 _Out_ PIO_STATUS_BLOCK IoStatusBlock, 179 _In_ ULONG FsControlCode, 180 _In_reads_bytes_opt_(InputBufferLength) PVOID InputBuffer, 181 _In_ ULONG InputBufferLength, 182 _Out_writes_bytes_opt_(OutputBufferLength) PVOID OutputBuffer, 183 _In_ ULONG OutputBufferLength); 184 185 __kernel_entry 186 NTSYSCALLAPI 187 NTSTATUS 188 NTAPI 189 NtLockFile( 190 _In_ HANDLE FileHandle, 191 _In_opt_ HANDLE Event, 192 _In_opt_ PIO_APC_ROUTINE ApcRoutine, 193 _In_opt_ PVOID ApcContext, 194 _Out_ PIO_STATUS_BLOCK IoStatusBlock, 195 _In_ PLARGE_INTEGER ByteOffset, 196 _In_ PLARGE_INTEGER Length, 197 _In_ ULONG Key, 198 _In_ BOOLEAN FailImmediately, 199 _In_ BOOLEAN ExclusiveLock); 200 201 __kernel_entry 202 NTSYSCALLAPI 203 NTSTATUS 204 NTAPI 205 NtOpenFile( 206 _Out_ PHANDLE FileHandle, 207 _In_ ACCESS_MASK DesiredAccess, 208 _In_ POBJECT_ATTRIBUTES ObjectAttributes, 209 _Out_ PIO_STATUS_BLOCK IoStatusBlock, 210 _In_ ULONG ShareAccess, 211 _In_ ULONG OpenOptions); 212 213 __kernel_entry 214 NTSYSCALLAPI 215 NTSTATUS 216 NTAPI 217 NtQueryDirectoryFile( 218 _In_ HANDLE FileHandle, 219 _In_opt_ HANDLE Event, 220 _In_opt_ PIO_APC_ROUTINE ApcRoutine, 221 _In_opt_ PVOID ApcContext, 222 _Out_ PIO_STATUS_BLOCK IoStatusBlock, 223 _Out_writes_bytes_(Length) PVOID FileInformation, 224 _In_ ULONG Length, 225 _In_ FILE_INFORMATION_CLASS FileInformationClass, 226 _In_ BOOLEAN ReturnSingleEntry, 227 _In_opt_ PUNICODE_STRING FileName, 228 _In_ BOOLEAN RestartScan); 229 230 __kernel_entry 231 NTSYSCALLAPI 232 NTSTATUS 233 NTAPI 234 NtQueryInformationFile( 235 _In_ HANDLE FileHandle, 236 _Out_ PIO_STATUS_BLOCK IoStatusBlock, 237 _Out_writes_bytes_(Length) PVOID FileInformation, 238 _In_ ULONG Length, 239 _In_ FILE_INFORMATION_CLASS FileInformationClass); 240 241 __kernel_entry 242 NTSYSCALLAPI 243 NTSTATUS 244 NTAPI 245 NtQueryQuotaInformationFile( 246 _In_ HANDLE FileHandle, 247 _Out_ PIO_STATUS_BLOCK IoStatusBlock, 248 _Out_writes_bytes_(Length) PVOID Buffer, 249 _In_ ULONG Length, 250 _In_ BOOLEAN ReturnSingleEntry, 251 _In_reads_bytes_opt_(SidListLength) PVOID SidList, 252 _In_ ULONG SidListLength, 253 _In_reads_bytes_opt_((8 + (4 * ((SID *)StartSid)->SubAuthorityCount))) PSID StartSid, 254 _In_ BOOLEAN RestartScan); 255 256 __kernel_entry 257 NTSYSCALLAPI 258 NTSTATUS 259 NTAPI 260 NtQueryVolumeInformationFile( 261 _In_ HANDLE FileHandle, 262 _Out_ PIO_STATUS_BLOCK IoStatusBlock, 263 _Out_writes_bytes_(Length) PVOID FsInformation, 264 _In_ ULONG Length, 265 _In_ FS_INFORMATION_CLASS FsInformationClass); 266 267 __kernel_entry 268 NTSYSCALLAPI 269 NTSTATUS 270 NTAPI 271 NtReadFile( 272 _In_ HANDLE FileHandle, 273 _In_opt_ HANDLE Event, 274 _In_opt_ PIO_APC_ROUTINE ApcRoutine, 275 _In_opt_ PVOID ApcContext, 276 _Out_ PIO_STATUS_BLOCK IoStatusBlock, 277 _Out_writes_bytes_(Length) PVOID Buffer, 278 _In_ ULONG Length, 279 _In_opt_ PLARGE_INTEGER ByteOffset, 280 _In_opt_ PULONG Key); 281 282 __kernel_entry 283 NTSYSCALLAPI 284 NTSTATUS 285 NTAPI 286 NtSetInformationFile( 287 _In_ HANDLE FileHandle, 288 _Out_ PIO_STATUS_BLOCK IoStatusBlock, 289 _In_reads_bytes_(Length) PVOID FileInformation, 290 _In_ ULONG Length, 291 _In_ FILE_INFORMATION_CLASS FileInformationClass); 292 293 __kernel_entry 294 NTSYSCALLAPI 295 NTSTATUS 296 NTAPI 297 NtSetQuotaInformationFile( 298 _In_ HANDLE FileHandle, 299 _Out_ PIO_STATUS_BLOCK IoStatusBlock, 300 _In_reads_bytes_(Length) PVOID Buffer, 301 _In_ ULONG Length); 302 303 __kernel_entry 304 NTSYSCALLAPI 305 NTSTATUS 306 NTAPI 307 NtSetVolumeInformationFile( 308 _In_ HANDLE FileHandle, 309 _Out_ PIO_STATUS_BLOCK IoStatusBlock, 310 _In_reads_bytes_(Length) PVOID FsInformation, 311 _In_ ULONG Length, 312 _In_ FS_INFORMATION_CLASS FsInformationClass); 313 314 __kernel_entry 315 NTSYSCALLAPI 316 NTSTATUS 317 NTAPI 318 NtWriteFile( 319 _In_ HANDLE FileHandle, 320 _In_opt_ HANDLE Event, 321 _In_opt_ PIO_APC_ROUTINE ApcRoutine, 322 _In_opt_ PVOID ApcContext, 323 _Out_ PIO_STATUS_BLOCK IoStatusBlock, 324 _In_reads_bytes_(Length) PVOID Buffer, 325 _In_ ULONG Length, 326 _In_opt_ PLARGE_INTEGER ByteOffset, 327 _In_opt_ PULONG Key); 328 329 __kernel_entry 330 NTSYSCALLAPI 331 NTSTATUS 332 NTAPI 333 NtUnlockFile( 334 _In_ HANDLE FileHandle, 335 _Out_ PIO_STATUS_BLOCK IoStatusBlock, 336 _In_ PLARGE_INTEGER ByteOffset, 337 _In_ PLARGE_INTEGER Length, 338 _In_ ULONG Key); 339 340 _IRQL_requires_max_(PASSIVE_LEVEL) 341 __kernel_entry 342 NTSYSCALLAPI 343 NTSTATUS 344 NTAPI 345 NtSetSecurityObject( 346 _In_ HANDLE Handle, 347 _In_ SECURITY_INFORMATION SecurityInformation, 348 _In_ PSECURITY_DESCRIPTOR SecurityDescriptor); 349 350 _IRQL_requires_max_(PASSIVE_LEVEL) 351 __kernel_entry 352 NTSYSCALLAPI 353 NTSTATUS 354 NTAPI 355 NtQuerySecurityObject( 356 _In_ HANDLE Handle, 357 _In_ SECURITY_INFORMATION SecurityInformation, 358 _Out_writes_bytes_opt_(Length) PSECURITY_DESCRIPTOR SecurityDescriptor, 359 _In_ ULONG Length, 360 _Out_ PULONG LengthNeeded); 361 362 _IRQL_requires_max_(PASSIVE_LEVEL) 363 __kernel_entry 364 NTSYSCALLAPI 365 NTSTATUS 366 NTAPI 367 NtClose( 368 _In_ HANDLE Handle); 369 370 #endif 371 372 #if (NTDDI_VERSION >= NTDDI_WINXP) 373 374 _Must_inspect_result_ 375 __kernel_entry 376 NTSYSCALLAPI 377 NTSTATUS 378 NTAPI 379 NtOpenThreadTokenEx( 380 _In_ HANDLE ThreadHandle, 381 _In_ ACCESS_MASK DesiredAccess, 382 _In_ BOOLEAN OpenAsSelf, 383 _In_ ULONG HandleAttributes, 384 _Out_ PHANDLE TokenHandle); 385 386 _Must_inspect_result_ 387 __kernel_entry 388 NTSYSCALLAPI 389 NTSTATUS 390 NTAPI 391 NtOpenProcessTokenEx( 392 _In_ HANDLE ProcessHandle, 393 _In_ ACCESS_MASK DesiredAccess, 394 _In_ ULONG HandleAttributes, 395 _Out_ PHANDLE TokenHandle); 396 397 _Must_inspect_result_ 398 NTSYSAPI 399 NTSTATUS 400 NTAPI 401 NtOpenJobObjectToken( 402 _In_ HANDLE JobHandle, 403 _In_ ACCESS_MASK DesiredAccess, 404 _Out_ PHANDLE TokenHandle); 405 406 _Must_inspect_result_ 407 __kernel_entry 408 NTSYSCALLAPI 409 NTSTATUS 410 NTAPI 411 NtDuplicateToken( 412 _In_ HANDLE ExistingTokenHandle, 413 _In_ ACCESS_MASK DesiredAccess, 414 _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, 415 _In_ BOOLEAN EffectiveOnly, 416 _In_ TOKEN_TYPE TokenType, 417 _Out_ PHANDLE NewTokenHandle); 418 419 _Must_inspect_result_ 420 __kernel_entry 421 NTSYSCALLAPI 422 NTSTATUS 423 NTAPI 424 NtFilterToken( 425 _In_ HANDLE ExistingTokenHandle, 426 _In_ ULONG Flags, 427 _In_opt_ PTOKEN_GROUPS SidsToDisable, 428 _In_opt_ PTOKEN_PRIVILEGES PrivilegesToDelete, 429 _In_opt_ PTOKEN_GROUPS RestrictedSids, 430 _Out_ PHANDLE NewTokenHandle); 431 432 _Must_inspect_result_ 433 __kernel_entry 434 NTSYSCALLAPI 435 NTSTATUS 436 NTAPI 437 NtImpersonateAnonymousToken( 438 _In_ HANDLE ThreadHandle); 439 440 _Must_inspect_result_ 441 __kernel_entry 442 NTSYSCALLAPI 443 NTSTATUS 444 NTAPI 445 NtSetInformationToken( 446 _In_ HANDLE TokenHandle, 447 _In_ TOKEN_INFORMATION_CLASS TokenInformationClass, 448 _In_reads_bytes_(TokenInformationLength) PVOID TokenInformation, 449 _In_ ULONG TokenInformationLength); 450 451 _Must_inspect_result_ 452 __kernel_entry 453 NTSYSCALLAPI 454 NTSTATUS 455 NTAPI 456 NtAdjustGroupsToken( 457 _In_ HANDLE TokenHandle, 458 _In_ BOOLEAN ResetToDefault, 459 _In_opt_ PTOKEN_GROUPS NewState, 460 _In_opt_ ULONG BufferLength, 461 _Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_GROUPS PreviousState, 462 _Out_ PULONG ReturnLength); 463 464 _Must_inspect_result_ 465 __kernel_entry 466 NTSYSCALLAPI 467 NTSTATUS 468 NTAPI 469 NtPrivilegeCheck( 470 _In_ HANDLE ClientToken, 471 _Inout_ PPRIVILEGE_SET RequiredPrivileges, 472 _Out_ PBOOLEAN Result); 473 474 _Must_inspect_result_ 475 __kernel_entry 476 NTSYSCALLAPI 477 NTSTATUS 478 NTAPI 479 NtAccessCheckAndAuditAlarm( 480 _In_ PUNICODE_STRING SubsystemName, 481 _In_opt_ PVOID HandleId, 482 _In_ PUNICODE_STRING ObjectTypeName, 483 _In_ PUNICODE_STRING ObjectName, 484 _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, 485 _In_ ACCESS_MASK DesiredAccess, 486 _In_ PGENERIC_MAPPING GenericMapping, 487 _In_ BOOLEAN ObjectCreation, 488 _Out_ PACCESS_MASK GrantedAccess, 489 _Out_ PNTSTATUS AccessStatus, 490 _Out_ PBOOLEAN GenerateOnClose); 491 492 _Must_inspect_result_ 493 __kernel_entry 494 NTSYSCALLAPI 495 NTSTATUS 496 NTAPI 497 NtAccessCheckByTypeAndAuditAlarm( 498 _In_ PUNICODE_STRING SubsystemName, 499 _In_opt_ PVOID HandleId, 500 _In_ PUNICODE_STRING ObjectTypeName, 501 _In_ PUNICODE_STRING ObjectName, 502 _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, 503 _In_opt_ PSID PrincipalSelfSid, 504 _In_ ACCESS_MASK DesiredAccess, 505 _In_ AUDIT_EVENT_TYPE AuditType, 506 _In_ ULONG Flags, 507 _In_reads_opt_(ObjectTypeLength) POBJECT_TYPE_LIST ObjectTypeList, 508 _In_ ULONG ObjectTypeLength, 509 _In_ PGENERIC_MAPPING GenericMapping, 510 _In_ BOOLEAN ObjectCreation, 511 _Out_ PACCESS_MASK GrantedAccess, 512 _Out_ PNTSTATUS AccessStatus, 513 _Out_ PBOOLEAN GenerateOnClose); 514 515 _Must_inspect_result_ 516 __kernel_entry 517 NTSYSCALLAPI 518 NTSTATUS 519 NTAPI 520 NtAccessCheckByTypeResultListAndAuditAlarm( 521 _In_ PUNICODE_STRING SubsystemName, 522 _In_opt_ PVOID HandleId, 523 _In_ PUNICODE_STRING ObjectTypeName, 524 _In_ PUNICODE_STRING ObjectName, 525 _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, 526 _In_opt_ PSID PrincipalSelfSid, 527 _In_ ACCESS_MASK DesiredAccess, 528 _In_ AUDIT_EVENT_TYPE AuditType, 529 _In_ ULONG Flags, 530 _In_reads_opt_(ObjectTypeListLength) POBJECT_TYPE_LIST ObjectTypeList, 531 _In_ ULONG ObjectTypeListLength, 532 _In_ PGENERIC_MAPPING GenericMapping, 533 _In_ BOOLEAN ObjectCreation, 534 _Out_writes_(ObjectTypeListLength) PACCESS_MASK GrantedAccess, 535 _Out_writes_(ObjectTypeListLength) PNTSTATUS AccessStatus, 536 _Out_ PBOOLEAN GenerateOnClose); 537 538 _Must_inspect_result_ 539 __kernel_entry 540 NTSYSCALLAPI 541 NTSTATUS 542 NTAPI 543 NtAccessCheckByTypeResultListAndAuditAlarmByHandle( 544 _In_ PUNICODE_STRING SubsystemName, 545 _In_opt_ PVOID HandleId, 546 _In_ HANDLE ClientToken, 547 _In_ PUNICODE_STRING ObjectTypeName, 548 _In_ PUNICODE_STRING ObjectName, 549 _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, 550 _In_opt_ PSID PrincipalSelfSid, 551 _In_ ACCESS_MASK DesiredAccess, 552 _In_ AUDIT_EVENT_TYPE AuditType, 553 _In_ ULONG Flags, 554 _In_reads_opt_(ObjectTypeListLength) POBJECT_TYPE_LIST ObjectTypeList, 555 _In_ ULONG ObjectTypeListLength, 556 _In_ PGENERIC_MAPPING GenericMapping, 557 _In_ BOOLEAN ObjectCreation, 558 _Out_writes_(ObjectTypeListLength) PACCESS_MASK GrantedAccess, 559 _Out_writes_(ObjectTypeListLength) PNTSTATUS AccessStatus, 560 _Out_ PBOOLEAN GenerateOnClose); 561 562 __kernel_entry 563 NTSYSCALLAPI 564 NTSTATUS 565 NTAPI 566 NtOpenObjectAuditAlarm( 567 _In_ PUNICODE_STRING SubsystemName, 568 _In_opt_ PVOID HandleId, 569 _In_ PUNICODE_STRING ObjectTypeName, 570 _In_ PUNICODE_STRING ObjectName, 571 _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor, 572 _In_ HANDLE ClientToken, 573 _In_ ACCESS_MASK DesiredAccess, 574 _In_ ACCESS_MASK GrantedAccess, 575 _In_opt_ PPRIVILEGE_SET Privileges, 576 _In_ BOOLEAN ObjectCreation, 577 _In_ BOOLEAN AccessGranted, 578 _Out_ PBOOLEAN GenerateOnClose); 579 580 __kernel_entry 581 NTSYSCALLAPI 582 NTSTATUS 583 NTAPI 584 NtPrivilegeObjectAuditAlarm( 585 _In_ PUNICODE_STRING SubsystemName, 586 _In_opt_ PVOID HandleId, 587 _In_ HANDLE ClientToken, 588 _In_ ACCESS_MASK DesiredAccess, 589 _In_ PPRIVILEGE_SET Privileges, 590 _In_ BOOLEAN AccessGranted); 591 592 __kernel_entry 593 NTSYSCALLAPI 594 NTSTATUS 595 NTAPI 596 NtCloseObjectAuditAlarm( 597 _In_ PUNICODE_STRING SubsystemName, 598 _In_opt_ PVOID HandleId, 599 _In_ BOOLEAN GenerateOnClose); 600 601 __kernel_entry 602 NTSYSCALLAPI 603 NTSTATUS 604 NTAPI 605 NtDeleteObjectAuditAlarm( 606 _In_ PUNICODE_STRING SubsystemName, 607 _In_opt_ PVOID HandleId, 608 _In_ BOOLEAN GenerateOnClose); 609 610 __kernel_entry 611 NTSYSCALLAPI 612 NTSTATUS 613 NTAPI 614 NtPrivilegedServiceAuditAlarm( 615 _In_ PUNICODE_STRING SubsystemName, 616 _In_ PUNICODE_STRING ServiceName, 617 _In_ HANDLE ClientToken, 618 _In_ PPRIVILEGE_SET Privileges, 619 _In_ BOOLEAN AccessGranted); 620 621 __kernel_entry 622 NTSYSCALLAPI 623 NTSTATUS 624 NTAPI 625 NtSetInformationThread( 626 _In_ HANDLE ThreadHandle, 627 _In_ THREADINFOCLASS ThreadInformationClass, 628 _In_reads_bytes_(ThreadInformationLength) PVOID ThreadInformation, 629 _In_ ULONG ThreadInformationLength); 630 631 _Must_inspect_result_ 632 __kernel_entry 633 NTSYSCALLAPI 634 NTSTATUS 635 NTAPI 636 NtCreateSection( 637 _Out_ PHANDLE SectionHandle, 638 _In_ ACCESS_MASK DesiredAccess, 639 _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, 640 _In_opt_ PLARGE_INTEGER MaximumSize, 641 _In_ ULONG SectionPageProtection, 642 _In_ ULONG AllocationAttributes, 643 _In_opt_ HANDLE FileHandle); 644 645 #endif 646 647 #define COMPRESSION_FORMAT_NONE (0x0000) 648 #define COMPRESSION_FORMAT_DEFAULT (0x0001) 649 #define COMPRESSION_FORMAT_LZNT1 (0x0002) 650 #define COMPRESSION_ENGINE_STANDARD (0x0000) 651 #define COMPRESSION_ENGINE_MAXIMUM (0x0100) 652 #define COMPRESSION_ENGINE_HIBER (0x0200) 653 654 #define MAX_UNICODE_STACK_BUFFER_LENGTH 256 655 656 #define METHOD_FROM_CTL_CODE(ctrlCode) ((ULONG)(ctrlCode & 3)) 657 658 #define METHOD_DIRECT_TO_HARDWARE METHOD_IN_DIRECT 659 #define METHOD_DIRECT_FROM_HARDWARE METHOD_OUT_DIRECT 660 661 typedef ULONG LSA_OPERATIONAL_MODE, *PLSA_OPERATIONAL_MODE; 662 663 typedef enum _SECURITY_LOGON_TYPE { 664 UndefinedLogonType = 0, 665 Interactive = 2, 666 Network, 667 Batch, 668 Service, 669 Proxy, 670 Unlock, 671 NetworkCleartext, 672 NewCredentials, 673 #if (_WIN32_WINNT >= 0x0501) 674 RemoteInteractive, 675 CachedInteractive, 676 #endif 677 #if (_WIN32_WINNT >= 0x0502) 678 CachedRemoteInteractive, 679 CachedUnlock 680 #endif 681 } SECURITY_LOGON_TYPE, *PSECURITY_LOGON_TYPE; 682 683 #ifndef _NTLSA_AUDIT_ 684 #define _NTLSA_AUDIT_ 685 686 #ifndef GUID_DEFINED 687 #include <guiddef.h> 688 #endif 689 690 #endif /* _NTLSA_AUDIT_ */ 691 692 _IRQL_requires_same_ 693 _IRQL_requires_max_(PASSIVE_LEVEL) 694 NTSTATUS 695 NTAPI 696 LsaRegisterLogonProcess( 697 _In_ PLSA_STRING LogonProcessName, 698 _Out_ PHANDLE LsaHandle, 699 _Out_ PLSA_OPERATIONAL_MODE SecurityMode); 700 701 _IRQL_requires_same_ 702 _IRQL_requires_max_(PASSIVE_LEVEL) 703 NTSTATUS 704 NTAPI 705 LsaLogonUser( 706 _In_ HANDLE LsaHandle, 707 _In_ PLSA_STRING OriginName, 708 _In_ SECURITY_LOGON_TYPE LogonType, 709 _In_ ULONG AuthenticationPackage, 710 _In_reads_bytes_(AuthenticationInformationLength) PVOID AuthenticationInformation, 711 _In_ ULONG AuthenticationInformationLength, 712 _In_opt_ PTOKEN_GROUPS LocalGroups, 713 _In_ PTOKEN_SOURCE SourceContext, 714 _Out_ PVOID *ProfileBuffer, 715 _Out_ PULONG ProfileBufferLength, 716 _Inout_ PLUID LogonId, 717 _Out_ PHANDLE Token, 718 _Out_ PQUOTA_LIMITS Quotas, 719 _Out_ PNTSTATUS SubStatus); 720 721 _IRQL_requires_same_ 722 NTSTATUS 723 NTAPI 724 LsaFreeReturnBuffer( 725 _In_ PVOID Buffer); 726 727 #ifndef _NTLSA_IFS_ 728 #define _NTLSA_IFS_ 729 #endif 730 731 #define MSV1_0_PACKAGE_NAME "MICROSOFT_AUTHENTICATION_PACKAGE_V1_0" 732 #define MSV1_0_PACKAGE_NAMEW L"MICROSOFT_AUTHENTICATION_PACKAGE_V1_0" 733 #define MSV1_0_PACKAGE_NAMEW_LENGTH sizeof(MSV1_0_PACKAGE_NAMEW) - sizeof(WCHAR) 734 735 #define MSV1_0_SUBAUTHENTICATION_KEY "SYSTEM\\CurrentControlSet\\Control\\Lsa\\MSV1_0" 736 #define MSV1_0_SUBAUTHENTICATION_VALUE "Auth" 737 738 #define MSV1_0_CHALLENGE_LENGTH 8 739 #define MSV1_0_USER_SESSION_KEY_LENGTH 16 740 #define MSV1_0_LANMAN_SESSION_KEY_LENGTH 8 741 742 #define MSV1_0_CLEARTEXT_PASSWORD_ALLOWED 0x02 743 #define MSV1_0_UPDATE_LOGON_STATISTICS 0x04 744 #define MSV1_0_RETURN_USER_PARAMETERS 0x08 745 #define MSV1_0_DONT_TRY_GUEST_ACCOUNT 0x10 746 #define MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT 0x20 747 #define MSV1_0_RETURN_PASSWORD_EXPIRY 0x40 748 #define MSV1_0_USE_CLIENT_CHALLENGE 0x80 749 #define MSV1_0_TRY_GUEST_ACCOUNT_ONLY 0x100 750 #define MSV1_0_RETURN_PROFILE_PATH 0x200 751 #define MSV1_0_TRY_SPECIFIED_DOMAIN_ONLY 0x400 752 #define MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT 0x800 753 754 #define MSV1_0_DISABLE_PERSONAL_FALLBACK 0x00001000 755 #define MSV1_0_ALLOW_FORCE_GUEST 0x00002000 756 757 #if (_WIN32_WINNT >= 0x0502) 758 #define MSV1_0_CLEARTEXT_PASSWORD_SUPPLIED 0x00004000 759 #define MSV1_0_USE_DOMAIN_FOR_ROUTING_ONLY 0x00008000 760 #endif 761 762 #define MSV1_0_SUBAUTHENTICATION_DLL_EX 0x00100000 763 #define MSV1_0_ALLOW_MSVCHAPV2 0x00010000 764 765 #if (_WIN32_WINNT >= 0x0600) 766 #define MSV1_0_S4U2SELF 0x00020000 767 #define MSV1_0_CHECK_LOGONHOURS_FOR_S4U 0x00040000 768 #endif 769 770 #define MSV1_0_SUBAUTHENTICATION_DLL 0xFF000000 771 #define MSV1_0_SUBAUTHENTICATION_DLL_SHIFT 24 772 #define MSV1_0_MNS_LOGON 0x01000000 773 774 #define MSV1_0_SUBAUTHENTICATION_DLL_RAS 2 775 #define MSV1_0_SUBAUTHENTICATION_DLL_IIS 132 776 777 #define LOGON_GUEST 0x01 778 #define LOGON_NOENCRYPTION 0x02 779 #define LOGON_CACHED_ACCOUNT 0x04 780 #define LOGON_USED_LM_PASSWORD 0x08 781 #define LOGON_EXTRA_SIDS 0x20 782 #define LOGON_SUBAUTH_SESSION_KEY 0x40 783 #define LOGON_SERVER_TRUST_ACCOUNT 0x80 784 #define LOGON_NTLMV2_ENABLED 0x100 785 #define LOGON_RESOURCE_GROUPS 0x200 786 #define LOGON_PROFILE_PATH_RETURNED 0x400 787 #define LOGON_NT_V2 0x800 788 #define LOGON_LM_V2 0x1000 789 #define LOGON_NTLM_V2 0x2000 790 791 #if (_WIN32_WINNT >= 0x0600) 792 793 #define LOGON_OPTIMIZED 0x4000 794 #define LOGON_WINLOGON 0x8000 795 #define LOGON_PKINIT 0x10000 796 #define LOGON_NO_OPTIMIZED 0x20000 797 798 #endif 799 800 #define MSV1_0_SUBAUTHENTICATION_FLAGS 0xFF000000 801 802 #define LOGON_GRACE_LOGON 0x01000000 803 804 #define MSV1_0_OWF_PASSWORD_LENGTH 16 805 #define MSV1_0_CRED_LM_PRESENT 0x1 806 #define MSV1_0_CRED_NT_PRESENT 0x2 807 #define MSV1_0_CRED_VERSION 0 808 809 #define MSV1_0_NTLM3_RESPONSE_LENGTH 16 810 #define MSV1_0_NTLM3_OWF_LENGTH 16 811 812 #if (_WIN32_WINNT == 0x0500) 813 #define MSV1_0_MAX_NTLM3_LIFE 1800 814 #else 815 #define MSV1_0_MAX_NTLM3_LIFE 129600 816 #endif 817 #define MSV1_0_MAX_AVL_SIZE 64000 818 819 #if (_WIN32_WINNT >= 0x0501) 820 821 #define MSV1_0_AV_FLAG_FORCE_GUEST 0x00000001 822 823 #if (_WIN32_WINNT >= 0x0600) 824 #define MSV1_0_AV_FLAG_MIC_HANDSHAKE_MESSAGES 0x00000002 825 #endif 826 827 #endif 828 829 #define MSV1_0_NTLM3_INPUT_LENGTH (sizeof(MSV1_0_NTLM3_RESPONSE) - MSV1_0_NTLM3_RESPONSE_LENGTH) 830 831 #if(_WIN32_WINNT >= 0x0502) 832 #define MSV1_0_NTLM3_MIN_NT_RESPONSE_LENGTH RTL_SIZEOF_THROUGH_FIELD(MSV1_0_NTLM3_RESPONSE, AvPairsOff) 833 #endif 834 835 #define USE_PRIMARY_PASSWORD 0x01 836 #define RETURN_PRIMARY_USERNAME 0x02 837 #define RETURN_PRIMARY_LOGON_DOMAINNAME 0x04 838 #define RETURN_NON_NT_USER_SESSION_KEY 0x08 839 #define GENERATE_CLIENT_CHALLENGE 0x10 840 #define GCR_NTLM3_PARMS 0x20 841 #define GCR_TARGET_INFO 0x40 842 #define RETURN_RESERVED_PARAMETER 0x80 843 #define GCR_ALLOW_NTLM 0x100 844 #define GCR_USE_OEM_SET 0x200 845 #define GCR_MACHINE_CREDENTIAL 0x400 846 #define GCR_USE_OWF_PASSWORD 0x800 847 #define GCR_ALLOW_LM 0x1000 848 #define GCR_ALLOW_NO_TARGET 0x2000 849 850 typedef enum _MSV1_0_LOGON_SUBMIT_TYPE { 851 MsV1_0InteractiveLogon = 2, 852 MsV1_0Lm20Logon, 853 MsV1_0NetworkLogon, 854 MsV1_0SubAuthLogon, 855 MsV1_0WorkstationUnlockLogon = 7, 856 MsV1_0S4ULogon = 12, 857 MsV1_0VirtualLogon = 82 858 } MSV1_0_LOGON_SUBMIT_TYPE, *PMSV1_0_LOGON_SUBMIT_TYPE; 859 860 typedef enum _MSV1_0_PROFILE_BUFFER_TYPE { 861 MsV1_0InteractiveProfile = 2, 862 MsV1_0Lm20LogonProfile, 863 MsV1_0SmartCardProfile 864 } MSV1_0_PROFILE_BUFFER_TYPE, *PMSV1_0_PROFILE_BUFFER_TYPE; 865 866 typedef struct _MSV1_0_INTERACTIVE_LOGON { 867 MSV1_0_LOGON_SUBMIT_TYPE MessageType; 868 UNICODE_STRING LogonDomainName; 869 UNICODE_STRING UserName; 870 UNICODE_STRING Password; 871 } MSV1_0_INTERACTIVE_LOGON, *PMSV1_0_INTERACTIVE_LOGON; 872 873 typedef struct _MSV1_0_INTERACTIVE_PROFILE { 874 MSV1_0_PROFILE_BUFFER_TYPE MessageType; 875 USHORT LogonCount; 876 USHORT BadPasswordCount; 877 LARGE_INTEGER LogonTime; 878 LARGE_INTEGER LogoffTime; 879 LARGE_INTEGER KickOffTime; 880 LARGE_INTEGER PasswordLastSet; 881 LARGE_INTEGER PasswordCanChange; 882 LARGE_INTEGER PasswordMustChange; 883 UNICODE_STRING LogonScript; 884 UNICODE_STRING HomeDirectory; 885 UNICODE_STRING FullName; 886 UNICODE_STRING ProfilePath; 887 UNICODE_STRING HomeDirectoryDrive; 888 UNICODE_STRING LogonServer; 889 ULONG UserFlags; 890 } MSV1_0_INTERACTIVE_PROFILE, *PMSV1_0_INTERACTIVE_PROFILE; 891 892 typedef struct _MSV1_0_LM20_LOGON { 893 MSV1_0_LOGON_SUBMIT_TYPE MessageType; 894 UNICODE_STRING LogonDomainName; 895 UNICODE_STRING UserName; 896 UNICODE_STRING Workstation; 897 UCHAR ChallengeToClient[MSV1_0_CHALLENGE_LENGTH]; 898 STRING CaseSensitiveChallengeResponse; 899 STRING CaseInsensitiveChallengeResponse; 900 ULONG ParameterControl; 901 } MSV1_0_LM20_LOGON, * PMSV1_0_LM20_LOGON; 902 903 typedef struct _MSV1_0_SUBAUTH_LOGON { 904 MSV1_0_LOGON_SUBMIT_TYPE MessageType; 905 UNICODE_STRING LogonDomainName; 906 UNICODE_STRING UserName; 907 UNICODE_STRING Workstation; 908 UCHAR ChallengeToClient[MSV1_0_CHALLENGE_LENGTH]; 909 STRING AuthenticationInfo1; 910 STRING AuthenticationInfo2; 911 ULONG ParameterControl; 912 ULONG SubAuthPackageId; 913 } MSV1_0_SUBAUTH_LOGON, * PMSV1_0_SUBAUTH_LOGON; 914 915 #if (_WIN32_WINNT >= 0x0600) 916 917 #define MSV1_0_S4U_LOGON_FLAG_CHECK_LOGONHOURS 0x2 918 919 typedef struct _MSV1_0_S4U_LOGON { 920 MSV1_0_LOGON_SUBMIT_TYPE MessageType; 921 ULONG Flags; 922 UNICODE_STRING UserPrincipalName; 923 UNICODE_STRING DomainName; 924 } MSV1_0_S4U_LOGON, *PMSV1_0_S4U_LOGON; 925 926 #endif 927 928 typedef struct _MSV1_0_LM20_LOGON_PROFILE { 929 MSV1_0_PROFILE_BUFFER_TYPE MessageType; 930 LARGE_INTEGER KickOffTime; 931 LARGE_INTEGER LogoffTime; 932 ULONG UserFlags; 933 UCHAR UserSessionKey[MSV1_0_USER_SESSION_KEY_LENGTH]; 934 UNICODE_STRING LogonDomainName; 935 UCHAR LanmanSessionKey[MSV1_0_LANMAN_SESSION_KEY_LENGTH]; 936 UNICODE_STRING LogonServer; 937 UNICODE_STRING UserParameters; 938 } MSV1_0_LM20_LOGON_PROFILE, * PMSV1_0_LM20_LOGON_PROFILE; 939 940 typedef struct _MSV1_0_SUPPLEMENTAL_CREDENTIAL { 941 ULONG Version; 942 ULONG Flags; 943 UCHAR LmPassword[MSV1_0_OWF_PASSWORD_LENGTH]; 944 UCHAR NtPassword[MSV1_0_OWF_PASSWORD_LENGTH]; 945 } MSV1_0_SUPPLEMENTAL_CREDENTIAL, *PMSV1_0_SUPPLEMENTAL_CREDENTIAL; 946 947 typedef struct _MSV1_0_NTLM3_RESPONSE { 948 UCHAR Response[MSV1_0_NTLM3_RESPONSE_LENGTH]; 949 UCHAR RespType; 950 UCHAR HiRespType; 951 USHORT Flags; 952 ULONG MsgWord; 953 ULONGLONG TimeStamp; 954 UCHAR ChallengeFromClient[MSV1_0_CHALLENGE_LENGTH]; 955 ULONG AvPairsOff; 956 UCHAR Buffer[1]; 957 } MSV1_0_NTLM3_RESPONSE, *PMSV1_0_NTLM3_RESPONSE; 958 959 typedef enum _MSV1_0_AVID { 960 MsvAvEOL, 961 MsvAvNbComputerName, 962 MsvAvNbDomainName, 963 MsvAvDnsComputerName, 964 MsvAvDnsDomainName, 965 #if (_WIN32_WINNT >= 0x0501) 966 MsvAvDnsTreeName, 967 MsvAvFlags, 968 #if (_WIN32_WINNT >= 0x0600) 969 MsvAvTimestamp, 970 MsvAvRestrictions, 971 MsvAvTargetName, 972 MsvAvChannelBindings, 973 #endif 974 #endif 975 } MSV1_0_AVID; 976 977 typedef struct _MSV1_0_AV_PAIR { 978 USHORT AvId; 979 USHORT AvLen; 980 } MSV1_0_AV_PAIR, *PMSV1_0_AV_PAIR; 981 982 typedef enum _MSV1_0_PROTOCOL_MESSAGE_TYPE { 983 MsV1_0Lm20ChallengeRequest = 0, 984 MsV1_0Lm20GetChallengeResponse, 985 MsV1_0EnumerateUsers, 986 MsV1_0GetUserInfo, 987 MsV1_0ReLogonUsers, 988 MsV1_0ChangePassword, 989 MsV1_0ChangeCachedPassword, 990 MsV1_0GenericPassthrough, 991 MsV1_0CacheLogon, 992 MsV1_0SubAuth, 993 MsV1_0DeriveCredential, 994 MsV1_0CacheLookup, 995 #if (_WIN32_WINNT >= 0x0501) 996 MsV1_0SetProcessOption, 997 #endif 998 #if (_WIN32_WINNT >= 0x0600) 999 MsV1_0ConfigLocalAliases, 1000 MsV1_0ClearCachedCredentials, 1001 #endif 1002 } MSV1_0_PROTOCOL_MESSAGE_TYPE, *PMSV1_0_PROTOCOL_MESSAGE_TYPE; 1003 1004 typedef struct _MSV1_0_LM20_CHALLENGE_REQUEST { 1005 MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType; 1006 } MSV1_0_LM20_CHALLENGE_REQUEST, *PMSV1_0_LM20_CHALLENGE_REQUEST; 1007 1008 typedef struct _MSV1_0_LM20_CHALLENGE_RESPONSE { 1009 MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType; 1010 UCHAR ChallengeToClient[MSV1_0_CHALLENGE_LENGTH]; 1011 } MSV1_0_LM20_CHALLENGE_RESPONSE, *PMSV1_0_LM20_CHALLENGE_RESPONSE; 1012 1013 typedef struct _MSV1_0_GETCHALLENRESP_REQUEST_V1 { 1014 MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType; 1015 ULONG ParameterControl; 1016 LUID LogonId; 1017 UNICODE_STRING Password; 1018 UCHAR ChallengeToClient[MSV1_0_CHALLENGE_LENGTH]; 1019 } MSV1_0_GETCHALLENRESP_REQUEST_V1, *PMSV1_0_GETCHALLENRESP_REQUEST_V1; 1020 1021 typedef struct _MSV1_0_GETCHALLENRESP_REQUEST { 1022 MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType; 1023 ULONG ParameterControl; 1024 LUID LogonId; 1025 UNICODE_STRING Password; 1026 UCHAR ChallengeToClient[MSV1_0_CHALLENGE_LENGTH]; 1027 UNICODE_STRING UserName; 1028 UNICODE_STRING LogonDomainName; 1029 UNICODE_STRING ServerName; 1030 } MSV1_0_GETCHALLENRESP_REQUEST, *PMSV1_0_GETCHALLENRESP_REQUEST; 1031 1032 typedef struct _MSV1_0_GETCHALLENRESP_RESPONSE { 1033 MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType; 1034 STRING CaseSensitiveChallengeResponse; 1035 STRING CaseInsensitiveChallengeResponse; 1036 UNICODE_STRING UserName; 1037 UNICODE_STRING LogonDomainName; 1038 UCHAR UserSessionKey[MSV1_0_USER_SESSION_KEY_LENGTH]; 1039 UCHAR LanmanSessionKey[MSV1_0_LANMAN_SESSION_KEY_LENGTH]; 1040 } MSV1_0_GETCHALLENRESP_RESPONSE, *PMSV1_0_GETCHALLENRESP_RESPONSE; 1041 1042 typedef struct _MSV1_0_ENUMUSERS_REQUEST { 1043 MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType; 1044 } MSV1_0_ENUMUSERS_REQUEST, *PMSV1_0_ENUMUSERS_REQUEST; 1045 1046 typedef struct _MSV1_0_ENUMUSERS_RESPONSE { 1047 MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType; 1048 ULONG NumberOfLoggedOnUsers; 1049 PLUID LogonIds; 1050 PULONG EnumHandles; 1051 } MSV1_0_ENUMUSERS_RESPONSE, *PMSV1_0_ENUMUSERS_RESPONSE; 1052 1053 typedef struct _MSV1_0_GETUSERINFO_REQUEST { 1054 MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType; 1055 LUID LogonId; 1056 } MSV1_0_GETUSERINFO_REQUEST, *PMSV1_0_GETUSERINFO_REQUEST; 1057 1058 typedef struct _MSV1_0_GETUSERINFO_RESPONSE { 1059 MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType; 1060 PSID UserSid; 1061 UNICODE_STRING UserName; 1062 UNICODE_STRING LogonDomainName; 1063 UNICODE_STRING LogonServer; 1064 SECURITY_LOGON_TYPE LogonType; 1065 } MSV1_0_GETUSERINFO_RESPONSE, *PMSV1_0_GETUSERINFO_RESPONSE; 1066 1067 $include (iotypes.h) 1068 1069 typedef struct _PUBLIC_OBJECT_BASIC_INFORMATION { 1070 ULONG Attributes; 1071 ACCESS_MASK GrantedAccess; 1072 ULONG HandleCount; 1073 ULONG PointerCount; 1074 ULONG Reserved[10]; 1075 } PUBLIC_OBJECT_BASIC_INFORMATION, *PPUBLIC_OBJECT_BASIC_INFORMATION; 1076 1077 typedef struct _PUBLIC_OBJECT_TYPE_INFORMATION { 1078 UNICODE_STRING TypeName; 1079 ULONG Reserved [22]; 1080 } PUBLIC_OBJECT_TYPE_INFORMATION, *PPUBLIC_OBJECT_TYPE_INFORMATION; 1081 1082 #define SYSTEM_PAGE_PRIORITY_BITS 3 1083 #define SYSTEM_PAGE_PRIORITY_LEVELS (1 << SYSTEM_PAGE_PRIORITY_BITS) 1084 1085 $include (ketypes.h) 1086 $include (kefuncs.h) 1087 $include (extypes.h) 1088 $include (exfuncs.h) 1089 $include (sefuncs.h) 1090 $include (psfuncs.h) 1091 $include (iofuncs.h) 1092 $include (potypes.h) 1093 $include (pofuncs.h) 1094 $include (mmtypes.h) 1095 $include (mmfuncs.h) 1096 $include (obfuncs.h) 1097 $include (fsrtltypes.h) 1098 $include (fsrtlfuncs.h) 1099 $include (cctypes.h) 1100 $include (ccfuncs.h) 1101 $include (zwfuncs.h) 1102 $include (sspi.h) 1103 1104 /* #if !defined(_X86AMD64_) FIXME : WHAT ?! */ 1105 #if defined(_WIN64) 1106 C_ASSERT(sizeof(ERESOURCE) == 0x68); 1107 C_ASSERT(FIELD_OFFSET(ERESOURCE,ActiveCount) == 0x18); 1108 C_ASSERT(FIELD_OFFSET(ERESOURCE,Flag) == 0x1a); 1109 #else 1110 C_ASSERT(sizeof(ERESOURCE) == 0x38); 1111 C_ASSERT(FIELD_OFFSET(ERESOURCE,ActiveCount) == 0x0c); 1112 C_ASSERT(FIELD_OFFSET(ERESOURCE,Flag) == 0x0e); 1113 #endif 1114 /* #endif */ 1115 1116 #if defined(_IA64_) 1117 #if (NTDDI_VERSION >= NTDDI_WIN2K) 1118 //DECLSPEC_DEPRECATED_DDK 1119 NTHALAPI 1120 ULONG 1121 NTAPI 1122 HalGetDmaAlignmentRequirement( 1123 VOID); 1124 #endif 1125 #endif 1126 1127 #if defined(_M_IX86) || defined(_M_AMD64) 1128 #define HalGetDmaAlignmentRequirement() 1L 1129 #endif 1130 1131 #ifdef _NTSYSTEM_ 1132 extern PUSHORT NlsOemLeadByteInfo; 1133 #define NLS_OEM_LEAD_BYTE_INFO NlsOemLeadByteInfo 1134 #else 1135 __CREATE_NTOS_DATA_IMPORT_ALIAS(NlsOemLeadByteInfo) 1136 extern PUSHORT *NlsOemLeadByteInfo; 1137 #define NLS_OEM_LEAD_BYTE_INFO (*NlsOemLeadByteInfo) 1138 #endif 1139 1140 #if (NTDDI_VERSION >= NTDDI_VISTA) 1141 1142 typedef enum _NETWORK_OPEN_LOCATION_QUALIFIER { 1143 NetworkOpenLocationAny, 1144 NetworkOpenLocationRemote, 1145 NetworkOpenLocationLoopback 1146 } NETWORK_OPEN_LOCATION_QUALIFIER; 1147 1148 typedef enum _NETWORK_OPEN_INTEGRITY_QUALIFIER { 1149 NetworkOpenIntegrityAny, 1150 NetworkOpenIntegrityNone, 1151 NetworkOpenIntegritySigned, 1152 NetworkOpenIntegrityEncrypted, 1153 NetworkOpenIntegrityMaximum 1154 } NETWORK_OPEN_INTEGRITY_QUALIFIER; 1155 1156 #if (NTDDI_VERSION >= NTDDI_WIN7) 1157 1158 #define NETWORK_OPEN_ECP_IN_FLAG_DISABLE_HANDLE_COLLAPSING 0x1 1159 #define NETWORK_OPEN_ECP_IN_FLAG_DISABLE_HANDLE_DURABILITY 0x2 1160 #define NETWORK_OPEN_ECP_IN_FLAG_FORCE_BUFFERED_SYNCHRONOUS_IO_HACK 0x80000000 1161 1162 typedef struct _NETWORK_OPEN_ECP_CONTEXT { 1163 USHORT Size; 1164 USHORT Reserved; 1165 _ANONYMOUS_STRUCT struct { 1166 struct { 1167 NETWORK_OPEN_LOCATION_QUALIFIER Location; 1168 NETWORK_OPEN_INTEGRITY_QUALIFIER Integrity; 1169 ULONG Flags; 1170 } in; 1171 struct { 1172 NETWORK_OPEN_LOCATION_QUALIFIER Location; 1173 NETWORK_OPEN_INTEGRITY_QUALIFIER Integrity; 1174 ULONG Flags; 1175 } out; 1176 } DUMMYSTRUCTNAME; 1177 } NETWORK_OPEN_ECP_CONTEXT, *PNETWORK_OPEN_ECP_CONTEXT; 1178 1179 typedef struct _NETWORK_OPEN_ECP_CONTEXT_V0 { 1180 USHORT Size; 1181 USHORT Reserved; 1182 _ANONYMOUS_STRUCT struct { 1183 struct { 1184 NETWORK_OPEN_LOCATION_QUALIFIER Location; 1185 NETWORK_OPEN_INTEGRITY_QUALIFIER Integrity; 1186 } in; 1187 struct { 1188 NETWORK_OPEN_LOCATION_QUALIFIER Location; 1189 NETWORK_OPEN_INTEGRITY_QUALIFIER Integrity; 1190 } out; 1191 } DUMMYSTRUCTNAME; 1192 } NETWORK_OPEN_ECP_CONTEXT_V0, *PNETWORK_OPEN_ECP_CONTEXT_V0; 1193 1194 #elif (NTDDI_VERSION >= NTDDI_VISTA) 1195 typedef struct _NETWORK_OPEN_ECP_CONTEXT { 1196 USHORT Size; 1197 USHORT Reserved; 1198 _ANONYMOUS_STRUCT struct { 1199 struct { 1200 NETWORK_OPEN_LOCATION_QUALIFIER Location; 1201 NETWORK_OPEN_INTEGRITY_QUALIFIER Integrity; 1202 } in; 1203 struct { 1204 NETWORK_OPEN_LOCATION_QUALIFIER Location; 1205 NETWORK_OPEN_INTEGRITY_QUALIFIER Integrity; 1206 } out; 1207 } DUMMYSTRUCTNAME; 1208 } NETWORK_OPEN_ECP_CONTEXT, *PNETWORK_OPEN_ECP_CONTEXT; 1209 #endif 1210 1211 DEFINE_GUID(GUID_ECP_NETWORK_OPEN_CONTEXT, 0xc584edbf, 0x00df, 0x4d28, 0xb8, 0x84, 0x35, 0xba, 0xca, 0x89, 0x11, 0xe8); 1212 1213 #endif /* (NTDDI_VERSION >= NTDDI_VISTA) */ 1214 1215 1216 #if (NTDDI_VERSION >= NTDDI_VISTA) 1217 1218 typedef struct _PREFETCH_OPEN_ECP_CONTEXT { 1219 PVOID Context; 1220 } PREFETCH_OPEN_ECP_CONTEXT, *PPREFETCH_OPEN_ECP_CONTEXT; 1221 1222 DEFINE_GUID(GUID_ECP_PREFETCH_OPEN, 0xe1777b21, 0x847e, 0x4837, 0xaa, 0x45, 0x64, 0x16, 0x1d, 0x28, 0x6, 0x55); 1223 1224 #endif /* (NTDDI_VERSION >= NTDDI_VISTA) */ 1225 1226 #if (NTDDI_VERSION >= NTDDI_WIN7) 1227 1228 DEFINE_GUID (GUID_ECP_NFS_OPEN, 0xf326d30c, 0xe5f8, 0x4fe7, 0xab, 0x74, 0xf5, 0xa3, 0x19, 0x6d, 0x92, 0xdb); 1229 DEFINE_GUID (GUID_ECP_SRV_OPEN, 0xbebfaebc, 0xaabf, 0x489d, 0x9d, 0x2c, 0xe9, 0xe3, 0x61, 0x10, 0x28, 0x53); 1230 1231 typedef struct sockaddr_storage *PSOCKADDR_STORAGE_NFS; 1232 1233 typedef struct _NFS_OPEN_ECP_CONTEXT { 1234 PUNICODE_STRING ExportAlias; 1235 PSOCKADDR_STORAGE_NFS ClientSocketAddress; 1236 } NFS_OPEN_ECP_CONTEXT, *PNFS_OPEN_ECP_CONTEXT, **PPNFS_OPEN_ECP_CONTEXT; 1237 1238 typedef struct _SRV_OPEN_ECP_CONTEXT { 1239 PUNICODE_STRING ShareName; 1240 PSOCKADDR_STORAGE_NFS SocketAddress; 1241 BOOLEAN OplockBlockState; 1242 BOOLEAN OplockAppState; 1243 BOOLEAN OplockFinalState; 1244 } SRV_OPEN_ECP_CONTEXT, *PSRV_OPEN_ECP_CONTEXT; 1245 1246 #endif /* (NTDDI_VERSION >= NTDDI_WIN7) */ 1247 1248 #define PIN_WAIT (1) 1249 #define PIN_EXCLUSIVE (2) 1250 #define PIN_NO_READ (4) 1251 #define PIN_IF_BCB (8) 1252 #define PIN_CALLER_TRACKS_DIRTY_DATA (32) 1253 #define PIN_HIGH_PRIORITY (64) 1254 1255 #define MAP_WAIT 1 1256 #define MAP_NO_READ (16) 1257 #define MAP_HIGH_PRIORITY (64) 1258 1259 #define IOCTL_REDIR_QUERY_PATH CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 99, METHOD_NEITHER, FILE_ANY_ACCESS) 1260 #define IOCTL_REDIR_QUERY_PATH_EX CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 100, METHOD_NEITHER, FILE_ANY_ACCESS) 1261 1262 typedef struct _QUERY_PATH_REQUEST { 1263 ULONG PathNameLength; 1264 PIO_SECURITY_CONTEXT SecurityContext; 1265 WCHAR FilePathName[1]; 1266 } QUERY_PATH_REQUEST, *PQUERY_PATH_REQUEST; 1267 1268 typedef struct _QUERY_PATH_REQUEST_EX { 1269 PIO_SECURITY_CONTEXT pSecurityContext; 1270 ULONG EaLength; 1271 PVOID pEaBuffer; 1272 UNICODE_STRING PathName; 1273 UNICODE_STRING DomainServiceName; 1274 ULONG_PTR Reserved[ 3 ]; 1275 } QUERY_PATH_REQUEST_EX, *PQUERY_PATH_REQUEST_EX; 1276 1277 typedef struct _QUERY_PATH_RESPONSE { 1278 ULONG LengthAccepted; 1279 } QUERY_PATH_RESPONSE, *PQUERY_PATH_RESPONSE; 1280 1281 #define VOLSNAPCONTROLTYPE 0x00000053 1282 #define IOCTL_VOLSNAP_FLUSH_AND_HOLD_WRITES CTL_CODE(VOLSNAPCONTROLTYPE, 0, METHOD_BUFFERED, FILE_READ_ACCESS | FILE_WRITE_ACCESS) 1283 1284 /* FIXME : These definitions below don't belong here (or anywhere in ddk really) */ 1285 #ifndef VER_PRODUCTBUILD 1286 #define VER_PRODUCTBUILD 10000 1287 #endif 1288 1289 #include "csq.h" 1290 1291 #define FS_LFN_APIS 0x00004000 1292 1293 #define FILE_STORAGE_TYPE_SPECIFIED 0x00000041 /* FILE_DIRECTORY_FILE | FILE_NON_DIRECTORY_FILE */ 1294 #define FILE_STORAGE_TYPE_DEFAULT (StorageTypeDefault << FILE_STORAGE_TYPE_SHIFT) 1295 #define FILE_STORAGE_TYPE_DIRECTORY (StorageTypeDirectory << FILE_STORAGE_TYPE_SHIFT) 1296 #define FILE_STORAGE_TYPE_FILE (StorageTypeFile << FILE_STORAGE_TYPE_SHIFT) 1297 #define FILE_STORAGE_TYPE_DOCFILE (StorageTypeDocfile << FILE_STORAGE_TYPE_SHIFT) 1298 #define FILE_STORAGE_TYPE_JUNCTION_POINT (StorageTypeJunctionPoint << FILE_STORAGE_TYPE_SHIFT) 1299 #define FILE_STORAGE_TYPE_CATALOG (StorageTypeCatalog << FILE_STORAGE_TYPE_SHIFT) 1300 #define FILE_STORAGE_TYPE_STRUCTURED_STORAGE (StorageTypeStructuredStorage << FILE_STORAGE_TYPE_SHIFT) 1301 #define FILE_STORAGE_TYPE_EMBEDDING (StorageTypeEmbedding << FILE_STORAGE_TYPE_SHIFT) 1302 #define FILE_STORAGE_TYPE_STREAM (StorageTypeStream << FILE_STORAGE_TYPE_SHIFT) 1303 #define FILE_MINIMUM_STORAGE_TYPE FILE_STORAGE_TYPE_DEFAULT 1304 #define FILE_MAXIMUM_STORAGE_TYPE FILE_STORAGE_TYPE_STREAM 1305 #define FILE_STORAGE_TYPE_MASK 0x000f0000 1306 #define FILE_STORAGE_TYPE_SHIFT 16 1307 1308 #define FILE_VC_QUOTAS_LOG_VIOLATIONS 0x00000004 1309 1310 #ifdef _X86_ 1311 #define HARDWARE_PTE HARDWARE_PTE_X86 1312 #define PHARDWARE_PTE PHARDWARE_PTE_X86 1313 #endif 1314 1315 #define IO_ATTACH_DEVICE_API 0x80000000 1316 1317 #define IO_TYPE_APC 18 1318 #define IO_TYPE_DPC 19 1319 #define IO_TYPE_DEVICE_QUEUE 20 1320 #define IO_TYPE_EVENT_PAIR 21 1321 #define IO_TYPE_INTERRUPT 22 1322 #define IO_TYPE_PROFILE 23 1323 1324 #define IRP_BEING_VERIFIED 0x10 1325 1326 #define MAILSLOT_CLASS_FIRSTCLASS 1 1327 #define MAILSLOT_CLASS_SECONDCLASS 2 1328 1329 #define MAILSLOT_SIZE_AUTO 0 1330 1331 #define MEM_DOS_LIM 0x40000000 1332 1333 #define OB_TYPE_TYPE 1 1334 #define OB_TYPE_DIRECTORY 2 1335 #define OB_TYPE_SYMBOLIC_LINK 3 1336 #define OB_TYPE_TOKEN 4 1337 #define OB_TYPE_PROCESS 5 1338 #define OB_TYPE_THREAD 6 1339 #define OB_TYPE_EVENT 7 1340 #define OB_TYPE_EVENT_PAIR 8 1341 #define OB_TYPE_MUTANT 9 1342 #define OB_TYPE_SEMAPHORE 10 1343 #define OB_TYPE_TIMER 11 1344 #define OB_TYPE_PROFILE 12 1345 #define OB_TYPE_WINDOW_STATION 13 1346 #define OB_TYPE_DESKTOP 14 1347 #define OB_TYPE_SECTION 15 1348 #define OB_TYPE_KEY 16 1349 #define OB_TYPE_PORT 17 1350 #define OB_TYPE_ADAPTER 18 1351 #define OB_TYPE_CONTROLLER 19 1352 #define OB_TYPE_DEVICE 20 1353 #define OB_TYPE_DRIVER 21 1354 #define OB_TYPE_IO_COMPLETION 22 1355 #define OB_TYPE_FILE 23 1356 1357 #define SEC_BASED 0x00200000 1358 1359 /* end winnt.h */ 1360 1361 #if (VER_PRODUCTBUILD >= 1381) 1362 #define FSCTL_GET_HFS_INFORMATION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 31, METHOD_BUFFERED, FILE_ANY_ACCESS) 1363 #endif /* (VER_PRODUCTBUILD >= 1381) */ 1364 1365 #if (VER_PRODUCTBUILD >= 2195) 1366 1367 #define FSCTL_READ_PROPERTY_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 33, METHOD_NEITHER, FILE_ANY_ACCESS) 1368 #define FSCTL_WRITE_PROPERTY_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 34, METHOD_NEITHER, FILE_ANY_ACCESS) 1369 1370 #define FSCTL_DUMP_PROPERTY_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 37, METHOD_NEITHER, FILE_ANY_ACCESS) 1371 1372 #define FSCTL_HSM_MSG CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 66, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA) 1373 #define FSCTL_NSS_CONTROL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 67, METHOD_BUFFERED, FILE_WRITE_DATA) 1374 #define FSCTL_HSM_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 68, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA) 1375 #define FSCTL_NSS_RCONTROL CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 70, METHOD_BUFFERED, FILE_READ_DATA) 1376 #endif /* (VER_PRODUCTBUILD >= 2195) */ 1377 1378 #define FSCTL_NETWORK_SET_CONFIGURATION_INFO CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 102, METHOD_IN_DIRECT, FILE_ANY_ACCESS) 1379 #define FSCTL_NETWORK_GET_CONFIGURATION_INFO CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 103, METHOD_OUT_DIRECT, FILE_ANY_ACCESS) 1380 #define FSCTL_NETWORK_GET_CONNECTION_INFO CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 104, METHOD_NEITHER, FILE_ANY_ACCESS) 1381 #define FSCTL_NETWORK_ENUMERATE_CONNECTIONS CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 105, METHOD_NEITHER, FILE_ANY_ACCESS) 1382 #define FSCTL_NETWORK_DELETE_CONNECTION CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 107, METHOD_BUFFERED, FILE_ANY_ACCESS) 1383 #define FSCTL_NETWORK_GET_STATISTICS CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 116, METHOD_BUFFERED, FILE_ANY_ACCESS) 1384 #define FSCTL_NETWORK_SET_DOMAIN_NAME CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 120, METHOD_BUFFERED, FILE_ANY_ACCESS) 1385 #define FSCTL_NETWORK_REMOTE_BOOT_INIT_SCRT CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 250, METHOD_BUFFERED, FILE_ANY_ACCESS) 1386 1387 typedef enum _FILE_STORAGE_TYPE { 1388 StorageTypeDefault = 1, 1389 StorageTypeDirectory, 1390 StorageTypeFile, 1391 StorageTypeJunctionPoint, 1392 StorageTypeCatalog, 1393 StorageTypeStructuredStorage, 1394 StorageTypeEmbedding, 1395 StorageTypeStream 1396 } FILE_STORAGE_TYPE; 1397 1398 typedef struct _OBJECT_BASIC_INFORMATION 1399 { 1400 ULONG Attributes; 1401 ACCESS_MASK GrantedAccess; 1402 ULONG HandleCount; 1403 ULONG PointerCount; 1404 ULONG PagedPoolCharge; 1405 ULONG NonPagedPoolCharge; 1406 ULONG Reserved[ 3 ]; 1407 ULONG NameInfoSize; 1408 ULONG TypeInfoSize; 1409 ULONG SecurityDescriptorSize; 1410 LARGE_INTEGER CreationTime; 1411 } OBJECT_BASIC_INFORMATION, *POBJECT_BASIC_INFORMATION; 1412 1413 typedef struct _FILE_COPY_ON_WRITE_INFORMATION { 1414 BOOLEAN ReplaceIfExists; 1415 HANDLE RootDirectory; 1416 ULONG FileNameLength; 1417 WCHAR FileName[1]; 1418 } FILE_COPY_ON_WRITE_INFORMATION, *PFILE_COPY_ON_WRITE_INFORMATION; 1419 1420 typedef struct _FILE_FULL_DIRECTORY_INFORMATION { 1421 ULONG NextEntryOffset; 1422 ULONG FileIndex; 1423 LARGE_INTEGER CreationTime; 1424 LARGE_INTEGER LastAccessTime; 1425 LARGE_INTEGER LastWriteTime; 1426 LARGE_INTEGER ChangeTime; 1427 LARGE_INTEGER EndOfFile; 1428 LARGE_INTEGER AllocationSize; 1429 ULONG FileAttributes; 1430 ULONG FileNameLength; 1431 ULONG EaSize; 1432 WCHAR FileName[ANYSIZE_ARRAY]; 1433 } FILE_FULL_DIRECTORY_INFORMATION, *PFILE_FULL_DIRECTORY_INFORMATION; 1434 1435 /* raw internal file lock struct returned from FsRtlGetNextFileLock */ 1436 typedef struct _FILE_SHARED_LOCK_ENTRY { 1437 PVOID Unknown1; 1438 PVOID Unknown2; 1439 FILE_LOCK_INFO FileLock; 1440 } FILE_SHARED_LOCK_ENTRY, *PFILE_SHARED_LOCK_ENTRY; 1441 1442 /* raw internal file lock struct returned from FsRtlGetNextFileLock */ 1443 typedef struct _FILE_EXCLUSIVE_LOCK_ENTRY { 1444 LIST_ENTRY ListEntry; 1445 PVOID Unknown1; 1446 PVOID Unknown2; 1447 FILE_LOCK_INFO FileLock; 1448 } FILE_EXCLUSIVE_LOCK_ENTRY, *PFILE_EXCLUSIVE_LOCK_ENTRY; 1449 1450 typedef struct _FILE_MAILSLOT_PEEK_BUFFER { 1451 ULONG ReadDataAvailable; 1452 ULONG NumberOfMessages; 1453 ULONG MessageLength; 1454 } FILE_MAILSLOT_PEEK_BUFFER, *PFILE_MAILSLOT_PEEK_BUFFER; 1455 1456 typedef struct _FILE_OLE_CLASSID_INFORMATION { 1457 GUID ClassId; 1458 } FILE_OLE_CLASSID_INFORMATION, *PFILE_OLE_CLASSID_INFORMATION; 1459 1460 typedef struct _FILE_OLE_ALL_INFORMATION { 1461 FILE_BASIC_INFORMATION BasicInformation; 1462 FILE_STANDARD_INFORMATION StandardInformation; 1463 FILE_INTERNAL_INFORMATION InternalInformation; 1464 FILE_EA_INFORMATION EaInformation; 1465 FILE_ACCESS_INFORMATION AccessInformation; 1466 FILE_POSITION_INFORMATION PositionInformation; 1467 FILE_MODE_INFORMATION ModeInformation; 1468 FILE_ALIGNMENT_INFORMATION AlignmentInformation; 1469 USN LastChangeUsn; 1470 USN ReplicationUsn; 1471 LARGE_INTEGER SecurityChangeTime; 1472 FILE_OLE_CLASSID_INFORMATION OleClassIdInformation; 1473 FILE_OBJECTID_INFORMATION ObjectIdInformation; 1474 FILE_STORAGE_TYPE StorageType; 1475 ULONG OleStateBits; 1476 ULONG OleId; 1477 ULONG NumberOfStreamReferences; 1478 ULONG StreamIndex; 1479 ULONG SecurityId; 1480 BOOLEAN ContentIndexDisable; 1481 BOOLEAN InheritContentIndexDisable; 1482 FILE_NAME_INFORMATION NameInformation; 1483 } FILE_OLE_ALL_INFORMATION, *PFILE_OLE_ALL_INFORMATION; 1484 1485 typedef struct _FILE_OLE_DIR_INFORMATION { 1486 ULONG NextEntryOffset; 1487 ULONG FileIndex; 1488 LARGE_INTEGER CreationTime; 1489 LARGE_INTEGER LastAccessTime; 1490 LARGE_INTEGER LastWriteTime; 1491 LARGE_INTEGER ChangeTime; 1492 LARGE_INTEGER EndOfFile; 1493 LARGE_INTEGER AllocationSize; 1494 ULONG FileAttributes; 1495 ULONG FileNameLength; 1496 FILE_STORAGE_TYPE StorageType; 1497 GUID OleClassId; 1498 ULONG OleStateBits; 1499 BOOLEAN ContentIndexDisable; 1500 BOOLEAN InheritContentIndexDisable; 1501 WCHAR FileName[1]; 1502 } FILE_OLE_DIR_INFORMATION, *PFILE_OLE_DIR_INFORMATION; 1503 1504 typedef struct _FILE_OLE_INFORMATION { 1505 LARGE_INTEGER SecurityChangeTime; 1506 FILE_OLE_CLASSID_INFORMATION OleClassIdInformation; 1507 FILE_OBJECTID_INFORMATION ObjectIdInformation; 1508 FILE_STORAGE_TYPE StorageType; 1509 ULONG OleStateBits; 1510 BOOLEAN ContentIndexDisable; 1511 BOOLEAN InheritContentIndexDisable; 1512 } FILE_OLE_INFORMATION, *PFILE_OLE_INFORMATION; 1513 1514 typedef struct _FILE_OLE_STATE_BITS_INFORMATION { 1515 ULONG StateBits; 1516 ULONG StateBitsMask; 1517 } FILE_OLE_STATE_BITS_INFORMATION, *PFILE_OLE_STATE_BITS_INFORMATION; 1518 1519 typedef struct _MAPPING_PAIR { 1520 ULONGLONG Vcn; 1521 ULONGLONG Lcn; 1522 } MAPPING_PAIR, *PMAPPING_PAIR; 1523 1524 typedef struct _GET_RETRIEVAL_DESCRIPTOR { 1525 ULONG NumberOfPairs; 1526 ULONGLONG StartVcn; 1527 MAPPING_PAIR Pair[1]; 1528 } GET_RETRIEVAL_DESCRIPTOR, *PGET_RETRIEVAL_DESCRIPTOR; 1529 1530 typedef struct _MOVEFILE_DESCRIPTOR { 1531 HANDLE FileHandle; 1532 ULONG Reserved; 1533 LARGE_INTEGER StartVcn; 1534 LARGE_INTEGER TargetLcn; 1535 ULONG NumVcns; 1536 ULONG Reserved1; 1537 } MOVEFILE_DESCRIPTOR, *PMOVEFILE_DESCRIPTOR; 1538 1539 typedef struct _OBJECT_BASIC_INFO { 1540 ULONG Attributes; 1541 ACCESS_MASK GrantedAccess; 1542 ULONG HandleCount; 1543 ULONG ReferenceCount; 1544 ULONG PagedPoolUsage; 1545 ULONG NonPagedPoolUsage; 1546 ULONG Reserved[3]; 1547 ULONG NameInformationLength; 1548 ULONG TypeInformationLength; 1549 ULONG SecurityDescriptorLength; 1550 LARGE_INTEGER CreateTime; 1551 } OBJECT_BASIC_INFO, *POBJECT_BASIC_INFO; 1552 1553 typedef struct _OBJECT_HANDLE_ATTRIBUTE_INFO { 1554 BOOLEAN Inherit; 1555 BOOLEAN ProtectFromClose; 1556 } OBJECT_HANDLE_ATTRIBUTE_INFO, *POBJECT_HANDLE_ATTRIBUTE_INFO; 1557 1558 typedef struct _OBJECT_NAME_INFO { 1559 UNICODE_STRING ObjectName; 1560 WCHAR ObjectNameBuffer[1]; 1561 } OBJECT_NAME_INFO, *POBJECT_NAME_INFO; 1562 1563 typedef struct _OBJECT_PROTECTION_INFO { 1564 BOOLEAN Inherit; 1565 BOOLEAN ProtectHandle; 1566 } OBJECT_PROTECTION_INFO, *POBJECT_PROTECTION_INFO; 1567 1568 typedef struct _OBJECT_TYPE_INFO { 1569 UNICODE_STRING ObjectTypeName; 1570 UCHAR Unknown[0x58]; 1571 WCHAR ObjectTypeNameBuffer[1]; 1572 } OBJECT_TYPE_INFO, *POBJECT_TYPE_INFO; 1573 1574 typedef struct _OBJECT_ALL_TYPES_INFO { 1575 ULONG NumberOfObjectTypes; 1576 OBJECT_TYPE_INFO ObjectsTypeInfo[1]; 1577 } OBJECT_ALL_TYPES_INFO, *POBJECT_ALL_TYPES_INFO; 1578 1579 #if defined(USE_LPC6432) 1580 #define LPC_CLIENT_ID CLIENT_ID64 1581 #define LPC_SIZE_T ULONGLONG 1582 #define LPC_PVOID ULONGLONG 1583 #define LPC_HANDLE ULONGLONG 1584 #else 1585 #define LPC_CLIENT_ID CLIENT_ID 1586 #define LPC_SIZE_T SIZE_T 1587 #define LPC_PVOID PVOID 1588 #define LPC_HANDLE HANDLE 1589 #endif 1590 1591 typedef struct _PORT_MESSAGE 1592 { 1593 union 1594 { 1595 struct 1596 { 1597 CSHORT DataLength; 1598 CSHORT TotalLength; 1599 } s1; 1600 ULONG Length; 1601 } u1; 1602 union 1603 { 1604 struct 1605 { 1606 CSHORT Type; 1607 CSHORT DataInfoOffset; 1608 } s2; 1609 ULONG ZeroInit; 1610 } u2; 1611 __GNU_EXTENSION union 1612 { 1613 LPC_CLIENT_ID ClientId; 1614 double DoNotUseThisField; 1615 }; 1616 ULONG MessageId; 1617 __GNU_EXTENSION union 1618 { 1619 LPC_SIZE_T ClientViewSize; 1620 ULONG CallbackId; 1621 }; 1622 } PORT_MESSAGE, *PPORT_MESSAGE; 1623 1624 #define LPC_KERNELMODE_MESSAGE (CSHORT)((USHORT)0x8000) 1625 1626 typedef struct _PORT_VIEW 1627 { 1628 ULONG Length; 1629 LPC_HANDLE SectionHandle; 1630 ULONG SectionOffset; 1631 LPC_SIZE_T ViewSize; 1632 LPC_PVOID ViewBase; 1633 LPC_PVOID ViewRemoteBase; 1634 } PORT_VIEW, *PPORT_VIEW; 1635 1636 typedef struct _REMOTE_PORT_VIEW 1637 { 1638 ULONG Length; 1639 LPC_SIZE_T ViewSize; 1640 LPC_PVOID ViewBase; 1641 } REMOTE_PORT_VIEW, *PREMOTE_PORT_VIEW; 1642 1643 typedef struct _VAD_HEADER { 1644 PVOID StartVPN; 1645 PVOID EndVPN; 1646 struct _VAD_HEADER* ParentLink; 1647 struct _VAD_HEADER* LeftLink; 1648 struct _VAD_HEADER* RightLink; 1649 ULONG Flags; /* LSB = CommitCharge */ 1650 PVOID ControlArea; 1651 PVOID FirstProtoPte; 1652 PVOID LastPTE; 1653 ULONG Unknown; 1654 LIST_ENTRY Secured; 1655 } VAD_HEADER, *PVAD_HEADER; 1656 1657 NTKERNELAPI 1658 LARGE_INTEGER 1659 NTAPI 1660 CcGetLsnForFileObject ( 1661 _In_ PFILE_OBJECT FileObject, 1662 _Out_opt_ PLARGE_INTEGER OldestLsn 1663 ); 1664 1665 NTKERNELAPI 1666 PVOID 1667 NTAPI 1668 FsRtlAllocatePool ( 1669 _In_ POOL_TYPE PoolType, 1670 _In_ ULONG NumberOfBytes 1671 ); 1672 1673 NTKERNELAPI 1674 PVOID 1675 NTAPI 1676 FsRtlAllocatePoolWithQuota ( 1677 _In_ POOL_TYPE PoolType, 1678 _In_ ULONG NumberOfBytes 1679 ); 1680 1681 NTKERNELAPI 1682 PVOID 1683 NTAPI 1684 FsRtlAllocatePoolWithQuotaTag ( 1685 _In_ POOL_TYPE PoolType, 1686 _In_ ULONG NumberOfBytes, 1687 _In_ ULONG Tag 1688 ); 1689 1690 NTKERNELAPI 1691 PVOID 1692 NTAPI 1693 FsRtlAllocatePoolWithTag ( 1694 _In_ POOL_TYPE PoolType, 1695 _In_ ULONG NumberOfBytes, 1696 _In_ ULONG Tag 1697 ); 1698 1699 NTKERNELAPI 1700 BOOLEAN 1701 NTAPI 1702 FsRtlMdlReadComplete ( 1703 _In_ PFILE_OBJECT FileObject, 1704 _In_ PMDL MdlChain 1705 ); 1706 1707 NTKERNELAPI 1708 BOOLEAN 1709 NTAPI 1710 FsRtlMdlWriteComplete ( 1711 _In_ PFILE_OBJECT FileObject, 1712 _In_ PLARGE_INTEGER FileOffset, 1713 _In_ PMDL MdlChain 1714 ); 1715 1716 NTKERNELAPI 1717 VOID 1718 NTAPI 1719 FsRtlNotifyChangeDirectory ( 1720 _In_ PNOTIFY_SYNC NotifySync, 1721 _In_ PVOID FsContext, 1722 _In_ PSTRING FullDirectoryName, 1723 _In_ PLIST_ENTRY NotifyList, 1724 _In_ BOOLEAN WatchTree, 1725 _In_ ULONG CompletionFilter, 1726 _In_ PIRP NotifyIrp 1727 ); 1728 1729 #if 1 1730 NTKERNELAPI 1731 NTSTATUS 1732 NTAPI 1733 ObCreateObject( 1734 _In_opt_ KPROCESSOR_MODE ObjectAttributesAccessMode, 1735 _In_ POBJECT_TYPE ObjectType, 1736 _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, 1737 _In_ KPROCESSOR_MODE AccessMode, 1738 _Inout_opt_ PVOID ParseContext, 1739 _In_ ULONG ObjectSize, 1740 _In_opt_ ULONG PagedPoolCharge, 1741 _In_opt_ ULONG NonPagedPoolCharge, 1742 _Out_ PVOID *Object 1743 ); 1744 1745 NTKERNELAPI 1746 NTSTATUS 1747 NTAPI 1748 ObReferenceObjectByName ( 1749 _In_ PUNICODE_STRING ObjectName, 1750 _In_ ULONG Attributes, 1751 _In_opt_ PACCESS_STATE PassedAccessState, 1752 _In_opt_ ACCESS_MASK DesiredAccess, 1753 _In_ POBJECT_TYPE ObjectType, 1754 _In_ KPROCESSOR_MODE AccessMode, 1755 _Inout_opt_ PVOID ParseContext, 1756 _Out_ PVOID *Object 1757 ); 1758 1759 #define PsDereferenceImpersonationToken(T) \ 1760 {if (ARGUMENT_PRESENT(T)) { \ 1761 (ObDereferenceObject((T))); \ 1762 } else { \ 1763 ; \ 1764 } \ 1765 } 1766 1767 NTKERNELAPI 1768 NTSTATUS 1769 NTAPI 1770 PsLookupProcessThreadByCid ( 1771 _In_ PCLIENT_ID Cid, 1772 _Out_opt_ PEPROCESS *Process, 1773 _Out_ PETHREAD *Thread 1774 ); 1775 1776 NTSYSAPI 1777 NTSTATUS 1778 NTAPI 1779 RtlSetSaclSecurityDescriptor ( 1780 _Inout_ PSECURITY_DESCRIPTOR SecurityDescriptor, 1781 _In_ BOOLEAN SaclPresent, 1782 _In_ PACL Sacl, 1783 _In_ BOOLEAN SaclDefaulted 1784 ); 1785 1786 #define SeEnableAccessToExports() SeExports = *(PSE_EXPORTS *)SeExports; 1787 1788 #endif 1789 1790 #ifdef __cplusplus 1791 } 1792 #endif 1793