home *** CD-ROM | disk | FTP | other *** search

---

/ Beginning C++ Through Gam…rogramming (2nd Edition) / BCGP2E.ISO / bloodshed / devcpp-4.9.9.2_setup.exe / ntifs.h

< prev

next >

Wrap

C/C++ Source or Header  |  2005-01-29  |  125KB  |  4,692 lines

---

1. /*
2.  * ntifs.h
3.  *
4.  * Windows NT Filesystem Driver Developer Kit
5.  *
6.  * This file is part of the w32api package.
7.  *
8.  * Contributors:
9.  *   Created by Bo BrantΘn <bosse@acc.umu.se>
10.  *
11.  * THIS SOFTWARE IS NOT COPYRIGHTED
12.  *
13.  * This source code is offered for use in the public domain. You may
14.  * use, modify or distribute it freely.
15.  *
16.  * This code is distributed in the hope that it will be useful but
17.  * WITHOUT ANY WARRANTY. ALL WARRANTIES, EXPRESS OR IMPLIED ARE HEREBY
18.  * DISCLAIMED. This includes but is not limited to warranties of
19.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
20.  *
21.  */
22.  
23. #ifndef _NTIFS_
24. #define _NTIFS_
25. #define _GNU_NTIFS_
26.  
27. #if __GNUC__ >= 3
28. #pragma GCC system_header
29. #endif
30.  
31. #ifdef __cplusplus
32. extern "C" {
33. #endif
34.  
35. #include "ntddk.h"
36. #include "ntapi.h"
37.  
38. #pragma pack(push,4)
39.  
40. #define VER_PRODUCTBUILD 10000
41.  
42. #ifndef NTSYSAPI
43. #define NTSYSAPI
44. #endif
45.  
46. #ifndef NTKERNELAPI
47. #define NTKERNELAPI STDCALL
48. #endif
49.  
50. typedef struct _SE_EXPORTS                  *PSE_EXPORTS;
51.  
52. extern PUCHAR                       *FsRtlLegalAnsiCharacterArray;
53. extern PSE_EXPORTS                  SeExports;
54. extern PACL                         SePublicDefaultDacl;
55. extern PACL                         SeSystemDefaultDacl;
56.  
57. #define ANSI_DOS_STAR                   ('<')
58. #define ANSI_DOS_QM                     ('>')
59. #define ANSI_DOS_DOT                    ('"')
60.  
61. #define DOS_STAR                        (L'<')
62. #define DOS_QM                          (L'>')
63. #define DOS_DOT                         (L'"')
64.  
65. /* also in winnt.h */
66. #define ACCESS_ALLOWED_ACE_TYPE         (0x0)
67. #define ACCESS_DENIED_ACE_TYPE          (0x1)
68. #define SYSTEM_AUDIT_ACE_TYPE           (0x2)
69. #define SYSTEM_ALARM_ACE_TYPE           (0x3)
70.  
71. #define COMPRESSION_FORMAT_NONE         (0x0000)
72. #define COMPRESSION_FORMAT_DEFAULT      (0x0001)
73. #define COMPRESSION_FORMAT_LZNT1        (0x0002)
74. #define COMPRESSION_ENGINE_STANDARD     (0x0000)
75. #define COMPRESSION_ENGINE_MAXIMUM      (0x0100)
76. #define COMPRESSION_ENGINE_HIBER        (0x0200)
77.  
78. #define FILE_ACTION_ADDED                   0x00000001
79. #define FILE_ACTION_REMOVED                 0x00000002
80. #define FILE_ACTION_MODIFIED                0x00000003
81. #define FILE_ACTION_RENAMED_OLD_NAME        0x00000004
82. #define FILE_ACTION_RENAMED_NEW_NAME        0x00000005
83. #define FILE_ACTION_ADDED_STREAM            0x00000006
84. #define FILE_ACTION_REMOVED_STREAM          0x00000007
85. #define FILE_ACTION_MODIFIED_STREAM         0x00000008
86. #define FILE_ACTION_REMOVED_BY_DELETE       0x00000009
87. #define FILE_ACTION_ID_NOT_TUNNELLED        0x0000000A
88. #define FILE_ACTION_TUNNELLED_ID_COLLISION  0x0000000B
89. /* end  winnt.h */
90.  
91. #define FILE_EA_TYPE_BINARY             0xfffe
92. #define FILE_EA_TYPE_ASCII              0xfffd
93. #define FILE_EA_TYPE_BITMAP             0xfffb
94. #define FILE_EA_TYPE_METAFILE           0xfffa
95. #define FILE_EA_TYPE_ICON               0xfff9
96. #define FILE_EA_TYPE_EA                 0xffee
97. #define FILE_EA_TYPE_MVMT               0xffdf
98. #define FILE_EA_TYPE_MVST               0xffde
99. #define FILE_EA_TYPE_ASN1               0xffdd
100. #define FILE_EA_TYPE_FAMILY_IDS         0xff01
101.  
102. #define FILE_NEED_EA                    0x00000080
103.  
104. /* also in winnt.h */
105. #define FILE_NOTIFY_CHANGE_FILE_NAME    0x00000001
106. #define FILE_NOTIFY_CHANGE_DIR_NAME     0x00000002
107. #define FILE_NOTIFY_CHANGE_NAME         0x00000003
108. #define FILE_NOTIFY_CHANGE_ATTRIBUTES   0x00000004
109. #define FILE_NOTIFY_CHANGE_SIZE         0x00000008
110. #define FILE_NOTIFY_CHANGE_LAST_WRITE   0x00000010
111. #define FILE_NOTIFY_CHANGE_LAST_ACCESS  0x00000020
112. #define FILE_NOTIFY_CHANGE_CREATION     0x00000040
113. #define FILE_NOTIFY_CHANGE_EA           0x00000080
114. #define FILE_NOTIFY_CHANGE_SECURITY     0x00000100
115. #define FILE_NOTIFY_CHANGE_STREAM_NAME  0x00000200
116. #define FILE_NOTIFY_CHANGE_STREAM_SIZE  0x00000400
117. #define FILE_NOTIFY_CHANGE_STREAM_WRITE 0x00000800
118. #define FILE_NOTIFY_VALID_MASK          0x00000fff
119. /* end winnt.h */
120.  
121. #define FILE_OPLOCK_BROKEN_TO_LEVEL_2   0x00000007
122. #define FILE_OPLOCK_BROKEN_TO_NONE      0x00000008
123.  
124. #define FILE_OPBATCH_BREAK_UNDERWAY     0x00000009
125.  
126. #define FILE_CASE_SENSITIVE_SEARCH      0x00000001
127. #define FILE_CASE_PRESERVED_NAMES       0x00000002
128. #define FILE_UNICODE_ON_DISK            0x00000004
129. #define FILE_PERSISTENT_ACLS            0x00000008
130. #define FILE_FILE_COMPRESSION           0x00000010
131. #define FILE_VOLUME_QUOTAS              0x00000020
132. #define FILE_SUPPORTS_SPARSE_FILES      0x00000040
133. #define FILE_SUPPORTS_REPARSE_POINTS    0x00000080
134. #define FILE_SUPPORTS_REMOTE_STORAGE    0x00000100
135. #define FS_LFN_APIS                     0x00004000
136. #define FILE_VOLUME_IS_COMPRESSED       0x00008000
137. #define FILE_SUPPORTS_OBJECT_IDS        0x00010000
138. #define FILE_SUPPORTS_ENCRYPTION        0x00020000
139. #define FILE_NAMED_STREAMS              0x00040000
140.  
141. #define FILE_PIPE_BYTE_STREAM_TYPE      0x00000000
142. #define FILE_PIPE_MESSAGE_TYPE          0x00000001
143.  
144. #define FILE_PIPE_BYTE_STREAM_MODE      0x00000000
145. #define FILE_PIPE_MESSAGE_MODE          0x00000001
146.  
147. #define FILE_PIPE_QUEUE_OPERATION       0x00000000
148. #define FILE_PIPE_COMPLETE_OPERATION    0x00000001
149.  
150. #define FILE_PIPE_INBOUND               0x00000000
151. #define FILE_PIPE_OUTBOUND              0x00000001
152. #define FILE_PIPE_FULL_DUPLEX           0x00000002
153.  
154. #define FILE_PIPE_DISCONNECTED_STATE    0x00000001
155. #define FILE_PIPE_LISTENING_STATE       0x00000002
156. #define FILE_PIPE_CONNECTED_STATE       0x00000003
157. #define FILE_PIPE_CLOSING_STATE         0x00000004
158.  
159. #define FILE_PIPE_CLIENT_END            0x00000000
160. #define FILE_PIPE_SERVER_END            0x00000001
161.  
162. #define FILE_PIPE_READ_DATA             0x00000000
163. #define FILE_PIPE_WRITE_SPACE           0x00000001
164.  
165. #define FILE_STORAGE_TYPE_SPECIFIED             0x00000041  /* FILE_DIRECTORY_FILE | FILE_NON_DIRECTORY_FILE */
166. #define FILE_STORAGE_TYPE_DEFAULT               (StorageTypeDefault << FILE_STORAGE_TYPE_SHIFT)
167. #define FILE_STORAGE_TYPE_DIRECTORY             (StorageTypeDirectory << FILE_STORAGE_TYPE_SHIFT)
168. #define FILE_STORAGE_TYPE_FILE                  (StorageTypeFile << FILE_STORAGE_TYPE_SHIFT)
169. #define FILE_STORAGE_TYPE_DOCFILE               (StorageTypeDocfile << FILE_STORAGE_TYPE_SHIFT)
170. #define FILE_STORAGE_TYPE_JUNCTION_POINT        (StorageTypeJunctionPoint << FILE_STORAGE_TYPE_SHIFT)
171. #define FILE_STORAGE_TYPE_CATALOG               (StorageTypeCatalog << FILE_STORAGE_TYPE_SHIFT)
172. #define FILE_STORAGE_TYPE_STRUCTURED_STORAGE    (StorageTypeStructuredStorage << FILE_STORAGE_TYPE_SHIFT)
173. #define FILE_STORAGE_TYPE_EMBEDDING             (StorageTypeEmbedding << FILE_STORAGE_TYPE_SHIFT)
174. #define FILE_STORAGE_TYPE_STREAM                (StorageTypeStream << FILE_STORAGE_TYPE_SHIFT)
175. #define FILE_MINIMUM_STORAGE_TYPE               FILE_STORAGE_TYPE_DEFAULT
176. #define FILE_MAXIMUM_STORAGE_TYPE               FILE_STORAGE_TYPE_STREAM
177. #define FILE_STORAGE_TYPE_MASK                  0x000f0000
178. #define FILE_STORAGE_TYPE_SHIFT                 16
179.  
180. #define FILE_VC_QUOTA_NONE              0x00000000
181. #define FILE_VC_QUOTA_TRACK             0x00000001
182. #define FILE_VC_QUOTA_ENFORCE           0x00000002
183. #define FILE_VC_QUOTA_MASK              0x00000003
184.  
185. #define FILE_VC_QUOTAS_LOG_VIOLATIONS   0x00000004
186. #define FILE_VC_CONTENT_INDEX_DISABLED  0x00000008
187.  
188. #define FILE_VC_LOG_QUOTA_THRESHOLD     0x00000010
189. #define FILE_VC_LOG_QUOTA_LIMIT         0x00000020
190. #define FILE_VC_LOG_VOLUME_THRESHOLD    0x00000040
191. #define FILE_VC_LOG_VOLUME_LIMIT        0x00000080
192.  
193. #define FILE_VC_QUOTAS_INCOMPLETE       0x00000100
194. #define FILE_VC_QUOTAS_REBUILDING       0x00000200
195.  
196. #define FILE_VC_VALID_MASK              0x000003ff
197.  
198. #define FSRTL_FLAG_FILE_MODIFIED        (0x01)
199. #define FSRTL_FLAG_FILE_LENGTH_CHANGED  (0x02)
200. #define FSRTL_FLAG_LIMIT_MODIFIED_PAGES (0x04)
201. #define FSRTL_FLAG_ACQUIRE_MAIN_RSRC_EX (0x08)
202. #define FSRTL_FLAG_ACQUIRE_MAIN_RSRC_SH (0x10)
203. #define FSRTL_FLAG_USER_MAPPED_FILE     (0x20)
204. #define FSRTL_FLAG_EOF_ADVANCE_ACTIVE   (0x80)
205.  
206. #define FSRTL_FLAG2_DO_MODIFIED_WRITE   (0x01)
207.  
208. #define FSRTL_FSP_TOP_LEVEL_IRP         (0x01)
209. #define FSRTL_CACHE_TOP_LEVEL_IRP       (0x02)
210. #define FSRTL_MOD_WRITE_TOP_LEVEL_IRP   (0x03)
211. #define FSRTL_FAST_IO_TOP_LEVEL_IRP     (0x04)
212. #define FSRTL_MAX_TOP_LEVEL_IRP_FLAG    (0x04)
213.  
214. #define FSRTL_VOLUME_DISMOUNT           1
215. #define FSRTL_VOLUME_DISMOUNT_FAILED    2
216. #define FSRTL_VOLUME_LOCK               3
217. #define FSRTL_VOLUME_LOCK_FAILED        4
218. #define FSRTL_VOLUME_UNLOCK             5
219. #define FSRTL_VOLUME_MOUNT              6
220.  
221. #define FSRTL_WILD_CHARACTER            0x08
222.  
223. #ifdef _X86_
224. #define HARDWARE_PTE    HARDWARE_PTE_X86
225. #define PHARDWARE_PTE   PHARDWARE_PTE_X86
226. #else
227. #define HARDWARE_PTE    ULONG
228. #define PHARDWARE_PTE   PULONG
229. #endif
230.  
231. #define IO_CHECK_CREATE_PARAMETERS      0x0200
232. #define IO_ATTACH_DEVICE                0x0400
233.  
234. #define IO_ATTACH_DEVICE_API            0x80000000
235. /* also in winnt.h */
236. #define IO_COMPLETION_QUERY_STATE       0x0001
237. #define IO_COMPLETION_MODIFY_STATE      0x0002
238. #define IO_COMPLETION_ALL_ACCESS        (STANDARD_RIGHTS_REQUIRED|SYNCHRONIZE|0x3)
239. /* end winnt.h */
240. #define IO_FILE_OBJECT_NON_PAGED_POOL_CHARGE    64
241. #define IO_FILE_OBJECT_PAGED_POOL_CHARGE        1024
242.  
243. #define IO_TYPE_APC                     18
244. #define IO_TYPE_DPC                     19
245. #define IO_TYPE_DEVICE_QUEUE            20
246. #define IO_TYPE_EVENT_PAIR              21
247. #define IO_TYPE_INTERRUPT               22
248. #define IO_TYPE_PROFILE                 23
249.  
250. #define IRP_BEING_VERIFIED              0x10
251.  
252. #define MAILSLOT_CLASS_FIRSTCLASS       1
253. #define MAILSLOT_CLASS_SECONDCLASS      2
254.  
255. #define MAILSLOT_SIZE_AUTO              0
256.  
257. #define MAP_PROCESS                     1L
258. #define MAP_SYSTEM                      2L
259. #define MEM_DOS_LIM                     0x40000000
260. /* also in winnt.h */
261. #define MEM_IMAGE                       SEC_IMAGE
262. /* end winnt.h */ 
263. #define OB_TYPE_TYPE                    1
264. #define OB_TYPE_DIRECTORY               2
265. #define OB_TYPE_SYMBOLIC_LINK           3
266. #define OB_TYPE_TOKEN                   4
267. #define OB_TYPE_PROCESS                 5
268. #define OB_TYPE_THREAD                  6
269. #define OB_TYPE_EVENT                   7
270. #define OB_TYPE_EVENT_PAIR              8
271. #define OB_TYPE_MUTANT                  9
272. #define OB_TYPE_SEMAPHORE               10
273. #define OB_TYPE_TIMER                   11
274. #define OB_TYPE_PROFILE                 12
275. #define OB_TYPE_WINDOW_STATION          13
276. #define OB_TYPE_DESKTOP                 14
277. #define OB_TYPE_SECTION                 15
278. #define OB_TYPE_KEY                     16
279. #define OB_TYPE_PORT                    17
280. #define OB_TYPE_ADAPTER                 18
281. #define OB_TYPE_CONTROLLER              19
282. #define OB_TYPE_DEVICE                  20
283. #define OB_TYPE_DRIVER                  21
284. #define OB_TYPE_IO_COMPLETION           22
285. #define OB_TYPE_FILE                    23
286.  
287. #define PIN_WAIT                        (1)
288. #define PIN_EXCLUSIVE                   (2)
289. #define PIN_NO_READ                     (4)
290. #define PIN_IF_BCB                      (8)
291.  
292. #define PORT_CONNECT                    0x0001
293. #define PORT_ALL_ACCESS                 (STANDARD_RIGHTS_ALL |\
294.                                          PORT_CONNECT)
295. /* also in winnt.h */
296. #define SEC_BASED    0x00200000
297. #define SEC_NO_CHANGE    0x00400000
298. #define SEC_FILE    0x00800000
299. #define SEC_IMAGE    0x01000000
300. #define SEC_VLM        0x02000000
301. #define SEC_RESERVE    0x04000000
302. #define SEC_COMMIT    0x08000000
303. #define SEC_NOCACHE    0x10000000
304.  
305. #define SECURITY_WORLD_SID_AUTHORITY    {0,0,0,0,0,1}
306. #define SECURITY_WORLD_RID              (0x00000000L)
307.  
308. #define SID_REVISION                    1
309.  
310. #define TOKEN_ASSIGN_PRIMARY            (0x0001)
311. #define TOKEN_DUPLICATE                 (0x0002)
312. #define TOKEN_IMPERSONATE               (0x0004)
313. #define TOKEN_QUERY                     (0x0008)
314. #define TOKEN_QUERY_SOURCE              (0x0010)
315. #define TOKEN_ADJUST_PRIVILEGES         (0x0020)
316. #define TOKEN_ADJUST_GROUPS             (0x0040)
317. #define TOKEN_ADJUST_DEFAULT            (0x0080)
318.  
319. #define TOKEN_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED |\
320.                           TOKEN_ASSIGN_PRIMARY     |\
321.                           TOKEN_DUPLICATE          |\
322.                           TOKEN_IMPERSONATE        |\
323.                           TOKEN_QUERY              |\
324.                           TOKEN_QUERY_SOURCE       |\
325.                           TOKEN_ADJUST_PRIVILEGES  |\
326.                           TOKEN_ADJUST_GROUPS      |\
327.                           TOKEN_ADJUST_DEFAULT)
328.  
329. #define TOKEN_READ       (STANDARD_RIGHTS_READ     |\
330.                           TOKEN_QUERY)
331.  
332. #define TOKEN_WRITE      (STANDARD_RIGHTS_WRITE    |\
333.                           TOKEN_ADJUST_PRIVILEGES  |\
334.                           TOKEN_ADJUST_GROUPS      |\
335.                           TOKEN_ADJUST_DEFAULT)
336.  
337. #define TOKEN_EXECUTE    (STANDARD_RIGHTS_EXECUTE)
338.  
339. #define TOKEN_SOURCE_LENGTH 8
340. /* end winnt.h */
341.  
342. #define TOKEN_HAS_TRAVERSE_PRIVILEGE    0x01
343. #define TOKEN_HAS_BACKUP_PRIVILEGE      0x02
344. #define TOKEN_HAS_RESTORE_PRIVILEGE     0x04
345. #define TOKEN_HAS_ADMIN_GROUP           0x08
346. #define TOKEN_IS_RESTRICTED             0x10
347.  
348. #define VACB_MAPPING_GRANULARITY        (0x40000)
349. #define VACB_OFFSET_SHIFT               (18)
350.  
351. #define FSCTL_REQUEST_OPLOCK_LEVEL_1    CTL_CODE(FILE_DEVICE_FILE_SYSTEM,  0, METHOD_BUFFERED, FILE_ANY_ACCESS)
352. #define FSCTL_REQUEST_OPLOCK_LEVEL_2    CTL_CODE(FILE_DEVICE_FILE_SYSTEM,  1, METHOD_BUFFERED, FILE_ANY_ACCESS)
353. #define FSCTL_REQUEST_BATCH_OPLOCK      CTL_CODE(FILE_DEVICE_FILE_SYSTEM,  2, METHOD_BUFFERED, FILE_ANY_ACCESS)
354. #define FSCTL_OPLOCK_BREAK_ACKNOWLEDGE  CTL_CODE(FILE_DEVICE_FILE_SYSTEM,  3, METHOD_BUFFERED, FILE_ANY_ACCESS)
355. #define FSCTL_OPBATCH_ACK_CLOSE_PENDING CTL_CODE(FILE_DEVICE_FILE_SYSTEM,  4, METHOD_BUFFERED, FILE_ANY_ACCESS)
356. #define FSCTL_OPLOCK_BREAK_NOTIFY       CTL_CODE(FILE_DEVICE_FILE_SYSTEM,  5, METHOD_BUFFERED, FILE_ANY_ACCESS)
357. #define FSCTL_LOCK_VOLUME               CTL_CODE(FILE_DEVICE_FILE_SYSTEM,  6, METHOD_BUFFERED, FILE_ANY_ACCESS)
358. #define FSCTL_UNLOCK_VOLUME             CTL_CODE(FILE_DEVICE_FILE_SYSTEM,  7, METHOD_BUFFERED, FILE_ANY_ACCESS)
359. #define FSCTL_DISMOUNT_VOLUME           CTL_CODE(FILE_DEVICE_FILE_SYSTEM,  8, METHOD_BUFFERED, FILE_ANY_ACCESS)
360.  
361. #define FSCTL_IS_VOLUME_MOUNTED         CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 10, METHOD_BUFFERED, FILE_ANY_ACCESS)
362. #define FSCTL_IS_PATHNAME_VALID         CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 11, METHOD_BUFFERED, FILE_ANY_ACCESS)
363. #define FSCTL_MARK_VOLUME_DIRTY         CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 12, METHOD_BUFFERED, FILE_ANY_ACCESS)
364.  
365. #define FSCTL_QUERY_RETRIEVAL_POINTERS  CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 14,  METHOD_NEITHER, FILE_ANY_ACCESS)
366. #define FSCTL_GET_COMPRESSION           CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 15, METHOD_BUFFERED, FILE_ANY_ACCESS)
367. #define FSCTL_SET_COMPRESSION           CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 16, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA)
368.  
369.  
370. #define FSCTL_MARK_AS_SYSTEM_HIVE       CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 19,  METHOD_NEITHER, FILE_ANY_ACCESS)
371. #define FSCTL_OPLOCK_BREAK_ACK_NO_2     CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 20, METHOD_BUFFERED, FILE_ANY_ACCESS)
372. #define FSCTL_INVALIDATE_VOLUMES        CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 21, METHOD_BUFFERED, FILE_ANY_ACCESS)
373. #define FSCTL_QUERY_FAT_BPB             CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 22, METHOD_BUFFERED, FILE_ANY_ACCESS)
374. #define FSCTL_REQUEST_FILTER_OPLOCK     CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 23, METHOD_BUFFERED, FILE_ANY_ACCESS)
375. #define FSCTL_FILESYSTEM_GET_STATISTICS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 24, METHOD_BUFFERED, FILE_ANY_ACCESS)
376.  
377. #if (VER_PRODUCTBUILD >= 1381)
378.  
379. #define FSCTL_GET_NTFS_VOLUME_DATA      CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 25, METHOD_BUFFERED, FILE_ANY_ACCESS)
380. #define FSCTL_GET_NTFS_FILE_RECORD      CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 26, METHOD_BUFFERED, FILE_ANY_ACCESS)
381. #define FSCTL_GET_VOLUME_BITMAP         CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 27,  METHOD_NEITHER, FILE_ANY_ACCESS)
382. #define FSCTL_GET_RETRIEVAL_POINTERS    CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 28,  METHOD_NEITHER, FILE_ANY_ACCESS)
383. #define FSCTL_MOVE_FILE                 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 29, METHOD_BUFFERED, FILE_ANY_ACCESS)
384. #define FSCTL_IS_VOLUME_DIRTY           CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 30, METHOD_BUFFERED, FILE_ANY_ACCESS)
385. #define FSCTL_GET_HFS_INFORMATION       CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 31, METHOD_BUFFERED, FILE_ANY_ACCESS)
386. #define FSCTL_ALLOW_EXTENDED_DASD_IO    CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 32, METHOD_NEITHER,  FILE_ANY_ACCESS)
387.  
388. #endif /* (VER_PRODUCTBUILD >= 1381) */
389.  
390. #if (VER_PRODUCTBUILD >= 2195)
391.  
392. #define FSCTL_READ_PROPERTY_DATA        CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 33, METHOD_NEITHER, FILE_ANY_ACCESS)
393. #define FSCTL_WRITE_PROPERTY_DATA       CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 34, METHOD_NEITHER, FILE_ANY_ACCESS)
394. #define FSCTL_FIND_FILES_BY_SID         CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 35, METHOD_NEITHER, FILE_ANY_ACCESS)
395.  
396. #define FSCTL_DUMP_PROPERTY_DATA        CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 37,  METHOD_NEITHER, FILE_ANY_ACCESS)
397. #define FSCTL_SET_OBJECT_ID             CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 38, METHOD_BUFFERED, FILE_WRITE_DATA)
398. #define FSCTL_GET_OBJECT_ID             CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 39, METHOD_BUFFERED, FILE_ANY_ACCESS)
399. #define FSCTL_DELETE_OBJECT_ID          CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 40, METHOD_BUFFERED, FILE_WRITE_DATA)
400. #define FSCTL_SET_REPARSE_POINT         CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 41, METHOD_BUFFERED, FILE_WRITE_DATA)
401. #define FSCTL_GET_REPARSE_POINT         CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 42, METHOD_BUFFERED, FILE_ANY_ACCESS)
402. #define FSCTL_DELETE_REPARSE_POINT      CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 43, METHOD_BUFFERED, FILE_WRITE_DATA)
403. #define FSCTL_ENUM_USN_DATA             CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 44,  METHOD_NEITHER, FILE_READ_DATA)
404. #define FSCTL_SECURITY_ID_CHECK         CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 45,  METHOD_NEITHER, FILE_READ_DATA)
405. #define FSCTL_READ_USN_JOURNAL          CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 46,  METHOD_NEITHER, FILE_READ_DATA)
406. #define FSCTL_SET_OBJECT_ID_EXTENDED    CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 47, METHOD_BUFFERED, FILE_WRITE_DATA)
407. #define FSCTL_CREATE_OR_GET_OBJECT_ID   CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 48, METHOD_BUFFERED, FILE_ANY_ACCESS)
408. #define FSCTL_SET_SPARSE                CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 49, METHOD_BUFFERED, FILE_WRITE_DATA)
409. #define FSCTL_SET_ZERO_DATA             CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 50, METHOD_BUFFERED, FILE_WRITE_DATA)
410. #define FSCTL_QUERY_ALLOCATED_RANGES    CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 51,  METHOD_NEITHER, FILE_READ_DATA)
411. #define FSCTL_ENABLE_UPGRADE            CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 52, METHOD_BUFFERED, FILE_WRITE_DATA)
412. #define FSCTL_SET_ENCRYPTION            CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 53, METHOD_BUFFERED, FILE_ANY_ACCESS)
413. #define FSCTL_ENCRYPTION_FSCTL_IO       CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 54,  METHOD_NEITHER, FILE_ANY_ACCESS)
414. #define FSCTL_WRITE_RAW_ENCRYPTED       CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 55,  METHOD_NEITHER, FILE_ANY_ACCESS)
415. #define FSCTL_READ_RAW_ENCRYPTED        CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 56,  METHOD_NEITHER, FILE_ANY_ACCESS)
416. #define FSCTL_CREATE_USN_JOURNAL        CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 57,  METHOD_NEITHER, FILE_READ_DATA)
417. #define FSCTL_READ_FILE_USN_DATA        CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 58,  METHOD_NEITHER, FILE_READ_DATA)
418. #define FSCTL_WRITE_USN_CLOSE_RECORD    CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 59,  METHOD_NEITHER, FILE_READ_DATA)
419. #define FSCTL_EXTEND_VOLUME             CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 60, METHOD_BUFFERED, FILE_ANY_ACCESS)
420. #define FSCTL_QUERY_USN_JOURNAL         CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 61, METHOD_BUFFERED, FILE_ANY_ACCESS)
421. #define FSCTL_DELETE_USN_JOURNAL        CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 62, METHOD_BUFFERED, FILE_ANY_ACCESS)
422. #define FSCTL_MARK_HANDLE               CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 63, METHOD_BUFFERED, FILE_ANY_ACCESS)
423. #define FSCTL_SIS_COPYFILE              CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 64, METHOD_BUFFERED, FILE_ANY_ACCESS)
424. #define FSCTL_SIS_LINK_FILES            CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 65, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA)
425. #define FSCTL_HSM_MSG                   CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 66, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA)
426. #define FSCTL_NSS_CONTROL               CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 67, METHOD_BUFFERED, FILE_WRITE_DATA)
427. #define FSCTL_HSM_DATA                  CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 68, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA)
428. #define FSCTL_RECALL_FILE               CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 69, METHOD_NEITHER, FILE_ANY_ACCESS)
429. #define FSCTL_NSS_RCONTROL              CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 70, METHOD_BUFFERED, FILE_READ_DATA)
430. #define FSCTL_READ_FROM_PLEX            CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 71, METHOD_OUT_DIRECT, FILE_READ_DATA)
431. #define FSCTL_FILE_PREFETCH             CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 72, METHOD_BUFFERED, FILE_SPECIAL_ACCESS)
432.  
433. #endif /* (VER_PRODUCTBUILD >= 2195) */
434.  
435. #define FSCTL_MAILSLOT_PEEK             CTL_CODE(FILE_DEVICE_MAILSLOT, 0, METHOD_NEITHER, FILE_READ_DATA)
436.  
437. #define FSCTL_NETWORK_SET_CONFIGURATION_INFO    CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 102, METHOD_IN_DIRECT, FILE_ANY_ACCESS)
438. #define FSCTL_NETWORK_GET_CONFIGURATION_INFO    CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 103, METHOD_OUT_DIRECT, FILE_ANY_ACCESS)
439. #define FSCTL_NETWORK_GET_CONNECTION_INFO       CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 104, METHOD_NEITHER, FILE_ANY_ACCESS)
440. #define FSCTL_NETWORK_ENUMERATE_CONNECTIONS     CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 105, METHOD_NEITHER, FILE_ANY_ACCESS)
441. #define FSCTL_NETWORK_DELETE_CONNECTION         CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 107, METHOD_BUFFERED, FILE_ANY_ACCESS)
442. #define FSCTL_NETWORK_GET_STATISTICS            CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 116, METHOD_BUFFERED, FILE_ANY_ACCESS)
443. #define FSCTL_NETWORK_SET_DOMAIN_NAME           CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 120, METHOD_BUFFERED, FILE_ANY_ACCESS)
444. #define FSCTL_NETWORK_REMOTE_BOOT_INIT_SCRT     CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 250, METHOD_BUFFERED, FILE_ANY_ACCESS)
445.  
446. #define FSCTL_PIPE_ASSIGN_EVENT         CTL_CODE(FILE_DEVICE_NAMED_PIPE, 0, METHOD_BUFFERED, FILE_ANY_ACCESS)
447. #define FSCTL_PIPE_DISCONNECT           CTL_CODE(FILE_DEVICE_NAMED_PIPE, 1, METHOD_BUFFERED, FILE_ANY_ACCESS)
448. #define FSCTL_PIPE_LISTEN               CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2, METHOD_BUFFERED, FILE_ANY_ACCESS)
449. #define FSCTL_PIPE_PEEK                 CTL_CODE(FILE_DEVICE_NAMED_PIPE, 3, METHOD_BUFFERED, FILE_READ_DATA)
450. #define FSCTL_PIPE_QUERY_EVENT          CTL_CODE(FILE_DEVICE_NAMED_PIPE, 4, METHOD_BUFFERED, FILE_ANY_ACCESS)
451. #define FSCTL_PIPE_TRANSCEIVE           CTL_CODE(FILE_DEVICE_NAMED_PIPE, 5, METHOD_NEITHER,  FILE_READ_DATA | FILE_WRITE_DATA)
452. #define FSCTL_PIPE_WAIT                 CTL_CODE(FILE_DEVICE_NAMED_PIPE, 6, METHOD_BUFFERED, FILE_ANY_ACCESS)
453. #define FSCTL_PIPE_IMPERSONATE          CTL_CODE(FILE_DEVICE_NAMED_PIPE, 7, METHOD_BUFFERED, FILE_ANY_ACCESS)
454. #define FSCTL_PIPE_SET_CLIENT_PROCESS   CTL_CODE(FILE_DEVICE_NAMED_PIPE, 8, METHOD_BUFFERED, FILE_ANY_ACCESS)
455. #define FSCTL_PIPE_QUERY_CLIENT_PROCESS CTL_CODE(FILE_DEVICE_NAMED_PIPE, 9, METHOD_BUFFERED, FILE_ANY_ACCESS)
456. #define FSCTL_PIPE_INTERNAL_READ        CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2045, METHOD_BUFFERED, FILE_READ_DATA)
457. #define FSCTL_PIPE_INTERNAL_WRITE       CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2046, METHOD_BUFFERED, FILE_WRITE_DATA)
458. #define FSCTL_PIPE_INTERNAL_TRANSCEIVE  CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2047, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA)
459. #define FSCTL_PIPE_INTERNAL_READ_OVFLOW CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2048, METHOD_BUFFERED, FILE_READ_DATA)
460.  
461. #define IOCTL_REDIR_QUERY_PATH          CTL_CODE(FILE_DEVICE_NETWORK_FILE_SYSTEM, 99, METHOD_NEITHER, FILE_ANY_ACCESS)
462.  
463. typedef PVOID PEJOB;
464. typedef PVOID OPLOCK, *POPLOCK;
465. typedef PVOID PWOW64_PROCESS;
466.  
467. typedef struct _CACHE_MANAGER_CALLBACKS         *PCACHE_MANAGER_CALLBACKS;
468. typedef struct _EPROCESS_QUOTA_BLOCK            *PEPROCESS_QUOTA_BLOCK;
469. typedef struct _FILE_GET_QUOTA_INFORMATION      *PFILE_GET_QUOTA_INFORMATION;
470. typedef struct _HANDLE_TABLE                    *PHANDLE_TABLE;
471. typedef struct _KEVENT_PAIR                     *PKEVENT_PAIR;
472. typedef struct _KPROCESS                        *PKPROCESS;
473. typedef struct _KQUEUE                          *PKQUEUE;
474. typedef struct _KTRAP_FRAME                     *PKTRAP_FRAME;
475. typedef struct _MAILSLOT_CREATE_PARAMETERS      *PMAILSLOT_CREATE_PARAMETERS;
476. typedef struct _MMWSL                           *PMMWSL;
477. typedef struct _NAMED_PIPE_CREATE_PARAMETERS    *PNAMED_PIPE_CREATE_PARAMETERS;
478. typedef struct _OBJECT_DIRECTORY                *POBJECT_DIRECTORY;
479. typedef struct _PAGEFAULT_HISTORY               *PPAGEFAULT_HISTORY;
480. typedef struct _PS_IMPERSONATION_INFORMATION    *PPS_IMPERSONATION_INFORMATION;
481. typedef struct _SECTION_OBJECT                  *PSECTION_OBJECT;
482. typedef struct _SHARED_CACHE_MAP                *PSHARED_CACHE_MAP;
483. typedef struct _TERMINATION_PORT                *PTERMINATION_PORT;
484. typedef struct _VACB                            *PVACB;
485. typedef struct _VAD_HEADER                      *PVAD_HEADER;
486.  
487. typedef struct _NOTIFY_SYNC
488. {
489.     ULONG Unknown0;
490.     ULONG Unknown1;
491.     ULONG Unknown2;
492.     USHORT Unknown3;
493.     USHORT Unknown4;
494.     ULONG Unknown5;
495.     ULONG Unknown6;
496.     ULONG Unknown7;
497.     ULONG Unknown8;
498.     ULONG Unknown9;
499.     ULONG Unknown10;
500. } NOTIFY_SYNC, * PNOTIFY_SYNC;
501.  
502. typedef enum _FAST_IO_POSSIBLE {
503.     FastIoIsNotPossible,
504.     FastIoIsPossible,
505.     FastIoIsQuestionable
506. } FAST_IO_POSSIBLE;
507.  
508. typedef enum _FILE_STORAGE_TYPE {
509.     StorageTypeDefault = 1,
510.     StorageTypeDirectory,
511.     StorageTypeFile,
512.     StorageTypeJunctionPoint,
513.     StorageTypeCatalog,
514.     StorageTypeStructuredStorage,
515.     StorageTypeEmbedding,
516.     StorageTypeStream
517. } FILE_STORAGE_TYPE;
518.  
519. typedef enum _IO_COMPLETION_INFORMATION_CLASS {
520.     IoCompletionBasicInformation
521. } IO_COMPLETION_INFORMATION_CLASS;
522.  
523. typedef enum _OBJECT_INFO_CLASS {
524.     ObjectBasicInfo,
525.     ObjectNameInfo,
526.     ObjectTypeInfo,
527.     ObjectAllTypesInfo,
528.     ObjectProtectionInfo
529. } OBJECT_INFO_CLASS;
530.  
531. typedef struct _HARDWARE_PTE_X86 {
532.     ULONG Valid             : 1;
533.     ULONG Write             : 1;
534.     ULONG Owner             : 1;
535.     ULONG WriteThrough      : 1;
536.     ULONG CacheDisable      : 1;
537.     ULONG Accessed          : 1;
538.     ULONG Dirty             : 1;
539.     ULONG LargePage         : 1;
540.     ULONG Global            : 1;
541.     ULONG CopyOnWrite       : 1;
542.     ULONG Prototype         : 1;
543.     ULONG reserved          : 1;
544.     ULONG PageFrameNumber   : 20;
545. } HARDWARE_PTE_X86, *PHARDWARE_PTE_X86;
546.  
547. typedef struct _KAPC_STATE {
548.     LIST_ENTRY  ApcListHead[2];
549.     PKPROCESS   Process;
550.     BOOLEAN     KernelApcInProgress;
551.     BOOLEAN     KernelApcPending;
552.     BOOLEAN     UserApcPending;
553. } KAPC_STATE, *PKAPC_STATE;
554.  
555. typedef struct _KGDTENTRY {
556.     USHORT LimitLow;
557.     USHORT BaseLow;
558.     union {
559.         struct {
560.             UCHAR BaseMid;
561.             UCHAR Flags1;
562.             UCHAR Flags2;
563.             UCHAR BaseHi;
564.         } Bytes;
565.         struct {
566.             ULONG BaseMid       : 8;
567.             ULONG Type          : 5;
568.             ULONG Dpl           : 2;
569.             ULONG Pres          : 1;
570.             ULONG LimitHi       : 4;
571.             ULONG Sys           : 1;
572.             ULONG Reserved_0    : 1;
573.             ULONG Default_Big   : 1;
574.             ULONG Granularity   : 1;
575.             ULONG BaseHi        : 8;
576.         } Bits;
577.     } HighWord;
578. } KGDTENTRY, *PKGDTENTRY;
579.  
580. typedef struct _KIDTENTRY {
581.     USHORT Offset;
582.     USHORT Selector;
583.     USHORT Access;
584.     USHORT ExtendedOffset;
585. } KIDTENTRY, *PKIDTENTRY;
586.  
587. #if (VER_PRODUCTBUILD >= 2600)
588.  
589. typedef struct _MMSUPPORT_FLAGS {
590.     ULONG SessionSpace              : 1;
591.     ULONG BeingTrimmed              : 1;
592.     ULONG SessionLeader             : 1;
593.     ULONG TrimHard                  : 1;
594.     ULONG WorkingSetHard            : 1;
595.     ULONG AddressSpaceBeingDeleted  : 1;
596.     ULONG Available                 : 10;
597.     ULONG AllowWorkingSetAdjustment : 8;
598.     ULONG MemoryPriority            : 8;
599. } MMSUPPORT_FLAGS, *PMMSUPPORT_FLAGS;
600.  
601. #else
602.  
603. typedef struct _MMSUPPORT_FLAGS {
604.     ULONG SessionSpace      : 1;
605.     ULONG BeingTrimmed      : 1;
606.     ULONG ProcessInSession  : 1;
607.     ULONG SessionLeader     : 1;
608.     ULONG TrimHard          : 1;
609.     ULONG WorkingSetHard    : 1;
610.     ULONG WriteWatch        : 1;
611.     ULONG Filler            : 25;
612. } MMSUPPORT_FLAGS, *PMMSUPPORT_FLAGS;
613.  
614. #endif
615.  
616. #if (VER_PRODUCTBUILD >= 2600)
617.  
618. typedef struct _MMSUPPORT {
619.     LARGE_INTEGER   LastTrimTime;
620.     MMSUPPORT_FLAGS Flags;
621.     ULONG           PageFaultCount;
622.     ULONG           PeakWorkingSetSize;
623.     ULONG           WorkingSetSize;
624.     ULONG           MinimumWorkingSetSize;
625.     ULONG           MaximumWorkingSetSize;
626.     PMMWSL          VmWorkingSetList;
627.     LIST_ENTRY      WorkingSetExpansionLinks;
628.     ULONG           Claim;
629.     ULONG           NextEstimationSlot;
630.     ULONG           NextAgingSlot;
631.     ULONG           EstimatedAvailable;
632.     ULONG           GrowthSinceLastEstimate;
633. } MMSUPPORT, *PMMSUPPORT;
634.  
635. #else
636.  
637. typedef struct _MMSUPPORT {
638.     LARGE_INTEGER   LastTrimTime;
639.     ULONG           LastTrimFaultCount;
640.     ULONG           PageFaultCount;
641.     ULONG           PeakWorkingSetSize;
642.     ULONG           WorkingSetSize;
643.     ULONG           MinimumWorkingSetSize;
644.     ULONG           MaximumWorkingSetSize;
645.     PMMWSL          VmWorkingSetList;
646.     LIST_ENTRY      WorkingSetExpansionLinks;
647.     BOOLEAN         AllowWorkingSetAdjustment;
648.     BOOLEAN         AddressSpaceBeingDeleted;
649.     UCHAR           ForegroundSwitchCount;
650.     UCHAR           MemoryPriority;
651. #if (VER_PRODUCTBUILD >= 2195)
652.     union {
653.         ULONG           LongFlags;
654.         MMSUPPORT_FLAGS Flags;
655.     } u;
656.     ULONG           Claim;
657.     ULONG           NextEstimationSlot;
658.     ULONG           NextAgingSlot;
659.     ULONG           EstimatedAvailable;
660.     ULONG           GrowthSinceLastEstimate;
661. #endif /* (VER_PRODUCTBUILD >= 2195) */
662. } MMSUPPORT, *PMMSUPPORT;
663.  
664. #endif
665.  
666. typedef struct _SE_AUDIT_PROCESS_CREATION_INFO {
667.     POBJECT_NAME_INFORMATION ImageFileName;
668. } SE_AUDIT_PROCESS_CREATION_INFO, *PSE_AUDIT_PROCESS_CREATION_INFO;
669.  
670. typedef struct _BITMAP_RANGE {
671.     LIST_ENTRY      Links;
672.     LARGE_INTEGER   BasePage;
673.     ULONG           FirstDirtyPage;
674.     ULONG           LastDirtyPage;
675.     ULONG           DirtyPages;
676.     PULONG          Bitmap;
677. } BITMAP_RANGE, *PBITMAP_RANGE;
678.  
679. typedef struct _CACHE_UNINITIALIZE_EVENT {
680.     struct _CACHE_UNINITIALIZE_EVENT    *Next;
681.     KEVENT                              Event;
682. } CACHE_UNINITIALIZE_EVENT, *PCACHE_UNINITIALIZE_EVENT;
683.  
684. typedef struct _CC_FILE_SIZES {
685.     LARGE_INTEGER AllocationSize;
686.     LARGE_INTEGER FileSize;
687.     LARGE_INTEGER ValidDataLength;
688. } CC_FILE_SIZES, *PCC_FILE_SIZES;
689.  
690. typedef struct _COMPRESSED_DATA_INFO {
691.     USHORT  CompressionFormatAndEngine;
692.     UCHAR   CompressionUnitShift;
693.     UCHAR   ChunkShift;
694.     UCHAR   ClusterShift;
695.     UCHAR   Reserved;
696.     USHORT  NumberOfChunks;
697.     ULONG   CompressedChunkSizes[ANYSIZE_ARRAY];
698. } COMPRESSED_DATA_INFO, *PCOMPRESSED_DATA_INFO;
699.  
700. typedef struct _DEVICE_MAP {
701.     POBJECT_DIRECTORY   DosDevicesDirectory;
702.     POBJECT_DIRECTORY   GlobalDosDevicesDirectory;
703.     ULONG               ReferenceCount;
704.     ULONG               DriveMap;
705.     UCHAR               DriveType[32];
706. } DEVICE_MAP, *PDEVICE_MAP; 
707.  
708. #if (VER_PRODUCTBUILD >= 2600)
709.  
710. typedef struct _EX_FAST_REF {
711.     _ANONYMOUS_UNION union {
712.         PVOID Object;
713.         ULONG RefCnt : 3;
714.         ULONG Value;
715.     } DUMMYUNIONNAME;
716. } EX_FAST_REF, *PEX_FAST_REF;
717.  
718. typedef struct _EX_PUSH_LOCK {
719.     _ANONYMOUS_UNION union {
720.         _ANONYMOUS_STRUCT struct {
721.             ULONG   Waiting     : 1;
722.             ULONG   Exclusive   : 1;
723.             ULONG   Shared      : 30;
724.         } DUMMYSTRUCTNAME;
725.         ULONG   Value;
726.         PVOID   Ptr;
727.     } DUMMYUNIONNAME;
728. } EX_PUSH_LOCK, *PEX_PUSH_LOCK;
729.  
730. typedef struct _EX_RUNDOWN_REF {
731.     _ANONYMOUS_UNION union {
732.         ULONG Count;
733.         PVOID Ptr;
734.     } DUMMYUNIONNAME;
735. } EX_RUNDOWN_REF, *PEX_RUNDOWN_REF;
736.  
737. #endif
738.  
739. typedef struct _EPROCESS_QUOTA_ENTRY {
740.     ULONG Usage;
741.     ULONG Limit;
742.     ULONG Peak;
743.     ULONG Return;
744. } EPROCESS_QUOTA_ENTRY, *PEPROCESS_QUOTA_ENTRY;
745.  
746. typedef struct _EPROCESS_QUOTA_BLOCK {
747.     EPROCESS_QUOTA_ENTRY    QuotaEntry[3];
748.     LIST_ENTRY              QuotaList;
749.     ULONG                   ReferenceCount;
750.     ULONG                   ProcessCount;
751. } EPROCESS_QUOTA_BLOCK, *PEPROCESS_QUOTA_BLOCK;
752.  
753. /*
754.  * When needing these parameters cast your PIO_STACK_LOCATION to
755.  * PEXTENDED_IO_STACK_LOCATION
756.  */
757. #if !defined(_ALPHA_)
758. #include <pshpack4.h>
759. #endif
760. typedef struct _EXTENDED_IO_STACK_LOCATION {
761.  
762.     /* Included for padding */
763.     UCHAR MajorFunction;
764.     UCHAR MinorFunction;
765.     UCHAR Flags;
766.     UCHAR Control;
767.  
768.     union {
769.  
770.        struct {
771.           PIO_SECURITY_CONTEXT              SecurityContext;
772.           ULONG                             Options;
773.           USHORT                            Reserved;
774.           USHORT                            ShareAccess;
775.           PMAILSLOT_CREATE_PARAMETERS       Parameters;
776.        } CreateMailslot;
777.  
778.         struct {
779.             PIO_SECURITY_CONTEXT            SecurityContext;
780.             ULONG                           Options;
781.             USHORT                          Reserved;
782.             USHORT                          ShareAccess;
783.             PNAMED_PIPE_CREATE_PARAMETERS   Parameters;
784.         } CreatePipe;
785.  
786.         struct {
787.             ULONG                           OutputBufferLength;
788.             ULONG                           InputBufferLength;
789.             ULONG                           FsControlCode;
790.             PVOID                           Type3InputBuffer;
791.         } FileSystemControl;
792.  
793.         struct {
794.             PLARGE_INTEGER                  Length;
795.             ULONG                           Key;
796.             LARGE_INTEGER                   ByteOffset;
797.         } LockControl;
798.  
799.         struct {
800.             ULONG                           Length;
801.             ULONG                           CompletionFilter;
802.         } NotifyDirectory;
803.  
804.         struct {
805.             ULONG                           Length;
806.             PUNICODE_STRING                 FileName;
807.             FILE_INFORMATION_CLASS          FileInformationClass;
808.             ULONG                           FileIndex;
809.         } QueryDirectory;
810.  
811.         struct {
812.             ULONG                           Length;
813.             PVOID                           EaList;
814.             ULONG                           EaListLength;
815.             ULONG                           EaIndex;
816.         } QueryEa;
817.  
818.         struct {
819.             ULONG                           Length;
820.             PSID                            StartSid;
821.             PFILE_GET_QUOTA_INFORMATION     SidList;
822.             ULONG                           SidListLength;
823.         } QueryQuota;
824.  
825.         struct {
826.             ULONG                           Length;
827.         } SetEa;
828.  
829.         struct {
830.             ULONG                           Length;
831.         } SetQuota;
832.  
833.         struct {
834.             ULONG                           Length;
835.             FS_INFORMATION_CLASS            FsInformationClass;
836.         } SetVolume;
837.  
838.     } Parameters;
839.     PDEVICE_OBJECT  DeviceObject;
840.     PFILE_OBJECT  FileObject;
841.     PIO_COMPLETION_ROUTINE  CompletionRoutine;
842.     PVOID  Context;
843.  
844. } EXTENDED_IO_STACK_LOCATION, *PEXTENDED_IO_STACK_LOCATION;
845. #if !defined(_ALPHA_)
846. #include <poppack.h>
847. #endif
848.  
849. typedef struct _FILE_ACCESS_INFORMATION {
850.     ACCESS_MASK AccessFlags;
851. } FILE_ACCESS_INFORMATION, *PFILE_ACCESS_INFORMATION;
852.  
853. typedef struct _FILE_ALLOCATION_INFORMATION {
854.     LARGE_INTEGER AllocationSize;
855. } FILE_ALLOCATION_INFORMATION, *PFILE_ALLOCATION_INFORMATION;
856.  
857. typedef struct _FILE_BOTH_DIR_INFORMATION {
858.     ULONG           NextEntryOffset;
859.     ULONG           FileIndex;
860.     LARGE_INTEGER   CreationTime;
861.     LARGE_INTEGER   LastAccessTime;
862.     LARGE_INTEGER   LastWriteTime;
863.     LARGE_INTEGER   ChangeTime;
864.     LARGE_INTEGER   EndOfFile;
865.     LARGE_INTEGER   AllocationSize;
866.     ULONG           FileAttributes;
867.     ULONG           FileNameLength;
868.     ULONG           EaSize;
869.     CCHAR           ShortNameLength;
870.     WCHAR           ShortName[12];
871.     WCHAR           FileName[1];
872. } FILE_BOTH_DIR_INFORMATION, *PFILE_BOTH_DIR_INFORMATION;
873.  
874. typedef struct _FILE_COMPLETION_INFORMATION {
875.     HANDLE  Port;
876.     ULONG   Key;
877. } FILE_COMPLETION_INFORMATION, *PFILE_COMPLETION_INFORMATION;
878.  
879. typedef struct _FILE_COMPRESSION_INFORMATION {
880.     LARGE_INTEGER   CompressedFileSize;
881.     USHORT          CompressionFormat;
882.     UCHAR           CompressionUnitShift;
883.     UCHAR           ChunkShift;
884.     UCHAR           ClusterShift;
885.     UCHAR           Reserved[3];
886. } FILE_COMPRESSION_INFORMATION, *PFILE_COMPRESSION_INFORMATION;
887.  
888. typedef struct _FILE_COPY_ON_WRITE_INFORMATION {
889.     BOOLEAN ReplaceIfExists;
890.     HANDLE  RootDirectory;
891.     ULONG   FileNameLength;
892.     WCHAR   FileName[1];
893. } FILE_COPY_ON_WRITE_INFORMATION, *PFILE_COPY_ON_WRITE_INFORMATION;
894.  
895. typedef struct _FILE_DIRECTORY_INFORMATION {
896.     ULONG           NextEntryOffset;
897.     ULONG           FileIndex;
898.     LARGE_INTEGER   CreationTime;
899.     LARGE_INTEGER   LastAccessTime;
900.     LARGE_INTEGER   LastWriteTime;
901.     LARGE_INTEGER   ChangeTime;
902.     LARGE_INTEGER   EndOfFile;
903.     LARGE_INTEGER   AllocationSize;
904.     ULONG           FileAttributes;
905.     ULONG           FileNameLength;
906.     WCHAR           FileName[1];
907. } FILE_DIRECTORY_INFORMATION, *PFILE_DIRECTORY_INFORMATION;
908.  
909. typedef struct _FILE_FULL_DIRECTORY_INFORMATION {
910.         ULONG              NextEntryOffset;
911.         ULONG              FileIndex;
912.         LARGE_INTEGER   CreationTime;
913.         LARGE_INTEGER   LastAccessTime;
914.         LARGE_INTEGER   LastWriteTime;
915.         LARGE_INTEGER   ChangeTime;
916.         LARGE_INTEGER   EndOfFile;
917.         LARGE_INTEGER   AllocationSize;
918.         ULONG           FileAttributes;
919.         ULONG           FileNameLength;
920.         ULONG           EaSize;
921.         WCHAR           FileName[0];
922. } FILE_FULL_DIRECTORY_INFORMATION, *PFILE_FULL_DIRECTORY_INFORMATION;
923.  
924. typedef struct _FILE_BOTH_DIRECTORY_INFORMATION {
925.         ULONG         NextEntryOffset;
926.         ULONG            FileIndex;
927.         LARGE_INTEGER CreationTime;
928.         LARGE_INTEGER LastAccessTime;
929.         LARGE_INTEGER LastWriteTime;
930.         LARGE_INTEGER ChangeTime;
931.         LARGE_INTEGER EndOfFile;
932.         LARGE_INTEGER AllocationSize;
933.         ULONG         FileAttributes;
934.         ULONG         FileNameLength;
935.         ULONG         EaSize;
936.         CHAR          ShortNameLength;
937.         WCHAR         ShortName[12];
938.         WCHAR         FileName[0];
939. } FILE_BOTH_DIRECTORY_INFORMATION, *PFILE_BOTH_DIRECTORY_INFORMATION;
940.  
941. typedef struct _FILE_EA_INFORMATION {
942.     ULONG EaSize;
943. } FILE_EA_INFORMATION, *PFILE_EA_INFORMATION;
944.  
945. typedef struct _FILE_FS_ATTRIBUTE_INFORMATION {
946.     ULONG   FileSystemAttributes;
947.     ULONG   MaximumComponentNameLength;
948.     ULONG   FileSystemNameLength;
949.     WCHAR   FileSystemName[1];
950. } FILE_FS_ATTRIBUTE_INFORMATION, *PFILE_FS_ATTRIBUTE_INFORMATION;
951.  
952. typedef struct _FILE_FS_CONTROL_INFORMATION {
953.     LARGE_INTEGER   FreeSpaceStartFiltering;
954.     LARGE_INTEGER   FreeSpaceThreshold;
955.     LARGE_INTEGER   FreeSpaceStopFiltering;
956.     LARGE_INTEGER   DefaultQuotaThreshold;
957.     LARGE_INTEGER   DefaultQuotaLimit;
958.     ULONG           FileSystemControlFlags;
959. } FILE_FS_CONTROL_INFORMATION, *PFILE_FS_CONTROL_INFORMATION;
960.  
961. typedef struct _FILE_FS_FULL_SIZE_INFORMATION {
962.     LARGE_INTEGER   TotalAllocationUnits;
963.     LARGE_INTEGER   CallerAvailableAllocationUnits;
964.     LARGE_INTEGER   ActualAvailableAllocationUnits;
965.     ULONG           SectorsPerAllocationUnit;
966.     ULONG           BytesPerSector;
967. } FILE_FS_FULL_SIZE_INFORMATION, *PFILE_FS_FULL_SIZE_INFORMATION;
968.  
969. typedef struct _FILE_FS_LABEL_INFORMATION {
970.     ULONG VolumeLabelLength;
971.     WCHAR VolumeLabel[1];
972. } FILE_FS_LABEL_INFORMATION, *PFILE_FS_LABEL_INFORMATION;
973.  
974. #if (VER_PRODUCTBUILD >= 2195)
975.  
976. typedef struct _FILE_FS_OBJECT_ID_INFORMATION {
977.     UCHAR ObjectId[16];
978.     UCHAR ExtendedInfo[48];
979. } FILE_FS_OBJECT_ID_INFORMATION, *PFILE_FS_OBJECT_ID_INFORMATION;
980.  
981. #endif /* (VER_PRODUCTBUILD >= 2195) */
982.  
983. typedef struct _FILE_FS_SIZE_INFORMATION {
984.     LARGE_INTEGER   TotalAllocationUnits;
985.     LARGE_INTEGER   AvailableAllocationUnits;
986.     ULONG           SectorsPerAllocationUnit;
987.     ULONG           BytesPerSector;
988. } FILE_FS_SIZE_INFORMATION, *PFILE_FS_SIZE_INFORMATION;
989.  
990. typedef struct _FILE_FS_VOLUME_INFORMATION {
991.     LARGE_INTEGER   VolumeCreationTime;
992.     ULONG           VolumeSerialNumber;
993.     ULONG           VolumeLabelLength;
994.     BOOLEAN         SupportsObjects;
995.     WCHAR           VolumeLabel[1];
996. } FILE_FS_VOLUME_INFORMATION, *PFILE_FS_VOLUME_INFORMATION;
997.  
998. typedef struct _FILE_FULL_DIR_INFORMATION {
999.     ULONG           NextEntryOffset;
1000.     ULONG           FileIndex;
1001.     LARGE_INTEGER   CreationTime;
1002.     LARGE_INTEGER   LastAccessTime;
1003.     LARGE_INTEGER   LastWriteTime;
1004.     LARGE_INTEGER   ChangeTime;
1005.     LARGE_INTEGER   EndOfFile;
1006.     LARGE_INTEGER   AllocationSize;
1007.     ULONG           FileAttributes;
1008.     ULONG           FileNameLength;
1009.     ULONG           EaSize;
1010.     WCHAR           FileName[1];
1011. } FILE_FULL_DIR_INFORMATION, *PFILE_FULL_DIR_INFORMATION;
1012.  
1013. typedef struct _FILE_GET_EA_INFORMATION {
1014.     ULONG   NextEntryOffset;
1015.     UCHAR   EaNameLength;
1016.     CHAR    EaName[1];
1017. } FILE_GET_EA_INFORMATION, *PFILE_GET_EA_INFORMATION;
1018.  
1019. typedef struct _FILE_GET_QUOTA_INFORMATION {
1020.     ULONG   NextEntryOffset;
1021.     ULONG   SidLength;
1022.     SID     Sid;
1023. } FILE_GET_QUOTA_INFORMATION, *PFILE_GET_QUOTA_INFORMATION;
1024.  
1025. typedef struct _FILE_INTERNAL_INFORMATION {
1026.     LARGE_INTEGER IndexNumber;
1027. } FILE_INTERNAL_INFORMATION, *PFILE_INTERNAL_INFORMATION;
1028.  
1029. typedef struct _FILE_LINK_INFORMATION {
1030.     BOOLEAN ReplaceIfExists;
1031.     HANDLE  RootDirectory;
1032.     ULONG   FileNameLength;
1033.     WCHAR   FileName[1];
1034. } FILE_LINK_INFORMATION, *PFILE_LINK_INFORMATION;
1035.  
1036. typedef struct _FILE_LOCK_INFO {
1037.     LARGE_INTEGER   StartingByte;
1038.     LARGE_INTEGER   Length;
1039.     BOOLEAN         ExclusiveLock;
1040.     ULONG           Key;
1041.     PFILE_OBJECT    FileObject;
1042.     PEPROCESS       Process;
1043.     LARGE_INTEGER   EndingByte;
1044. } FILE_LOCK_INFO, *PFILE_LOCK_INFO;
1045.  
1046. /* raw internal file lock struct returned from FsRtlGetNextFileLock */
1047. typedef struct _FILE_SHARED_LOCK_ENTRY {
1048.     PVOID           Unknown1;
1049.     PVOID           Unknown2;
1050.     FILE_LOCK_INFO  FileLock;
1051. } FILE_SHARED_LOCK_ENTRY, *PFILE_SHARED_LOCK_ENTRY;
1052.  
1053. /* raw internal file lock struct returned from FsRtlGetNextFileLock */
1054. typedef struct _FILE_EXCLUSIVE_LOCK_ENTRY {
1055.     LIST_ENTRY      ListEntry;
1056.     PVOID           Unknown1;
1057.     PVOID           Unknown2;
1058.     FILE_LOCK_INFO  FileLock;
1059. } FILE_EXCLUSIVE_LOCK_ENTRY, *PFILE_EXCLUSIVE_LOCK_ENTRY;
1060.  
1061. typedef NTSTATUS (*PCOMPLETE_LOCK_IRP_ROUTINE) (
1062.     IN PVOID    Context,
1063.     IN PIRP     Irp
1064. );
1065.  
1066. typedef VOID (NTAPI *PUNLOCK_ROUTINE) (
1067.     IN PVOID            Context,
1068.     IN PFILE_LOCK_INFO  FileLockInfo
1069. );
1070.  
1071. typedef struct _FILE_LOCK {
1072.     PCOMPLETE_LOCK_IRP_ROUTINE  CompleteLockIrpRoutine;
1073.     PUNLOCK_ROUTINE             UnlockRoutine;
1074.     BOOLEAN                     FastIoIsQuestionable;
1075.     BOOLEAN                     Pad[3];
1076.     PVOID                       LockInformation;
1077.     FILE_LOCK_INFO              LastReturnedLockInfo;
1078.     PVOID                       LastReturnedLock;
1079. } FILE_LOCK, *PFILE_LOCK;
1080.  
1081. typedef struct _FILE_MAILSLOT_PEEK_BUFFER {
1082.     ULONG ReadDataAvailable;
1083.     ULONG NumberOfMessages;
1084.     ULONG MessageLength;
1085. } FILE_MAILSLOT_PEEK_BUFFER, *PFILE_MAILSLOT_PEEK_BUFFER;
1086.  
1087. typedef struct _FILE_MAILSLOT_QUERY_INFORMATION {
1088.     ULONG           MaximumMessageSize;
1089.     ULONG           MailslotQuota;
1090.     ULONG           NextMessageSize;
1091.     ULONG           MessagesAvailable;
1092.     LARGE_INTEGER   ReadTimeout;
1093. } FILE_MAILSLOT_QUERY_INFORMATION, *PFILE_MAILSLOT_QUERY_INFORMATION;
1094.  
1095. typedef struct _FILE_MAILSLOT_SET_INFORMATION {
1096.     LARGE_INTEGER ReadTimeout;
1097. } FILE_MAILSLOT_SET_INFORMATION, *PFILE_MAILSLOT_SET_INFORMATION;
1098.  
1099. typedef struct _FILE_MODE_INFORMATION {
1100.     ULONG Mode;
1101. } FILE_MODE_INFORMATION, *PFILE_MODE_INFORMATION;
1102.  
1103. typedef struct _FILE_ALL_INFORMATION {
1104.     FILE_BASIC_INFORMATION      BasicInformation;
1105.     FILE_STANDARD_INFORMATION   StandardInformation;
1106.     FILE_INTERNAL_INFORMATION   InternalInformation;
1107.     FILE_EA_INFORMATION         EaInformation;
1108.     FILE_ACCESS_INFORMATION     AccessInformation;
1109.     FILE_POSITION_INFORMATION   PositionInformation;
1110.     FILE_MODE_INFORMATION       ModeInformation;
1111.     FILE_ALIGNMENT_INFORMATION  AlignmentInformation;
1112.     FILE_NAME_INFORMATION       NameInformation;
1113. } FILE_ALL_INFORMATION, *PFILE_ALL_INFORMATION;
1114.  
1115. typedef struct _FILE_NAMES_INFORMATION {
1116.     ULONG NextEntryOffset;
1117.     ULONG FileIndex;
1118.     ULONG FileNameLength;
1119.     WCHAR FileName[1];
1120. } FILE_NAMES_INFORMATION, *PFILE_NAMES_INFORMATION;
1121.  
1122. typedef struct _FILE_OBJECTID_INFORMATION {
1123.     LONGLONG        FileReference;
1124.     UCHAR           ObjectId[16];
1125.     _ANONYMOUS_UNION union {
1126.         struct {
1127.             UCHAR   BirthVolumeId[16];
1128.             UCHAR   BirthObjectId[16];
1129.             UCHAR   DomainId[16];
1130.         } ;
1131.         UCHAR       ExtendedInfo[48];
1132.     } DUMMYUNIONNAME;
1133. } FILE_OBJECTID_INFORMATION, *PFILE_OBJECTID_INFORMATION;
1134.  
1135. typedef struct _FILE_OLE_CLASSID_INFORMATION {
1136.     GUID ClassId;
1137. } FILE_OLE_CLASSID_INFORMATION, *PFILE_OLE_CLASSID_INFORMATION;
1138.  
1139. typedef struct _FILE_OLE_ALL_INFORMATION {
1140.     FILE_BASIC_INFORMATION          BasicInformation;
1141.     FILE_STANDARD_INFORMATION       StandardInformation;
1142.     FILE_INTERNAL_INFORMATION       InternalInformation;
1143.     FILE_EA_INFORMATION             EaInformation;
1144.     FILE_ACCESS_INFORMATION         AccessInformation;
1145.     FILE_POSITION_INFORMATION       PositionInformation;
1146.     FILE_MODE_INFORMATION           ModeInformation;
1147.     FILE_ALIGNMENT_INFORMATION      AlignmentInformation;
1148.     USN                             LastChangeUsn;
1149.     USN                             ReplicationUsn;
1150.     LARGE_INTEGER                   SecurityChangeTime;
1151.     FILE_OLE_CLASSID_INFORMATION    OleClassIdInformation;
1152.     FILE_OBJECTID_INFORMATION       ObjectIdInformation;
1153.     FILE_STORAGE_TYPE               StorageType;
1154.     ULONG                           OleStateBits;
1155.     ULONG                           OleId;
1156.     ULONG                           NumberOfStreamReferences;
1157.     ULONG                           StreamIndex;
1158.     ULONG                           SecurityId;
1159.     BOOLEAN                         ContentIndexDisable;
1160.     BOOLEAN                         InheritContentIndexDisable;
1161.     FILE_NAME_INFORMATION           NameInformation;
1162. } FILE_OLE_ALL_INFORMATION, *PFILE_OLE_ALL_INFORMATION;
1163.  
1164. typedef struct _FILE_OLE_DIR_INFORMATION {
1165.     ULONG               NextEntryOffset;
1166.     ULONG               FileIndex;
1167.     LARGE_INTEGER       CreationTime;
1168.     LARGE_INTEGER       LastAccessTime;
1169.     LARGE_INTEGER       LastWriteTime;
1170.     LARGE_INTEGER       ChangeTime;
1171.     LARGE_INTEGER       EndOfFile;
1172.     LARGE_INTEGER       AllocationSize;
1173.     ULONG               FileAttributes;
1174.     ULONG               FileNameLength;
1175.     FILE_STORAGE_TYPE   StorageType;
1176.     GUID                OleClassId;
1177.     ULONG               OleStateBits;
1178.     BOOLEAN             ContentIndexDisable;
1179.     BOOLEAN             InheritContentIndexDisable;
1180.     WCHAR               FileName[1];
1181. } FILE_OLE_DIR_INFORMATION, *PFILE_OLE_DIR_INFORMATION;
1182.  
1183. typedef struct _FILE_OLE_INFORMATION {
1184.     LARGE_INTEGER                   SecurityChangeTime;
1185.     FILE_OLE_CLASSID_INFORMATION    OleClassIdInformation;
1186.     FILE_OBJECTID_INFORMATION       ObjectIdInformation;
1187.     FILE_STORAGE_TYPE               StorageType;
1188.     ULONG                           OleStateBits;
1189.     BOOLEAN                         ContentIndexDisable;
1190.     BOOLEAN                         InheritContentIndexDisable;
1191. } FILE_OLE_INFORMATION, *PFILE_OLE_INFORMATION;
1192.  
1193. typedef struct _FILE_OLE_STATE_BITS_INFORMATION {
1194.     ULONG StateBits;
1195.     ULONG StateBitsMask;
1196. } FILE_OLE_STATE_BITS_INFORMATION, *PFILE_OLE_STATE_BITS_INFORMATION;
1197.  
1198. typedef struct _FILE_PIPE_ASSIGN_EVENT_BUFFER {
1199.     HANDLE  EventHandle;
1200.     ULONG   KeyValue;
1201. } FILE_PIPE_ASSIGN_EVENT_BUFFER, *PFILE_PIPE_ASSIGN_EVENT_BUFFER;
1202.  
1203. typedef struct _FILE_PIPE_CLIENT_PROCESS_BUFFER {
1204.     PVOID ClientSession;
1205.     PVOID ClientProcess;
1206. } FILE_PIPE_CLIENT_PROCESS_BUFFER, *PFILE_PIPE_CLIENT_PROCESS_BUFFER;
1207.  
1208. typedef struct _FILE_PIPE_EVENT_BUFFER {
1209.     ULONG NamedPipeState;
1210.     ULONG EntryType;
1211.     ULONG ByteCount;
1212.     ULONG KeyValue;
1213.     ULONG NumberRequests;
1214. } FILE_PIPE_EVENT_BUFFER, *PFILE_PIPE_EVENT_BUFFER;
1215.  
1216. typedef struct _FILE_PIPE_INFORMATION {
1217.     ULONG ReadMode;
1218.     ULONG CompletionMode;
1219. } FILE_PIPE_INFORMATION, *PFILE_PIPE_INFORMATION;
1220.  
1221. typedef struct _FILE_PIPE_LOCAL_INFORMATION {
1222.     ULONG NamedPipeType;
1223.     ULONG NamedPipeConfiguration;
1224.     ULONG MaximumInstances;
1225.     ULONG CurrentInstances;
1226.     ULONG InboundQuota;
1227.     ULONG ReadDataAvailable;
1228.     ULONG OutboundQuota;
1229.     ULONG WriteQuotaAvailable;
1230.     ULONG NamedPipeState;
1231.     ULONG NamedPipeEnd;
1232. } FILE_PIPE_LOCAL_INFORMATION, *PFILE_PIPE_LOCAL_INFORMATION;
1233.  
1234. typedef struct _FILE_PIPE_REMOTE_INFORMATION {
1235.     LARGE_INTEGER   CollectDataTime;
1236.     ULONG           MaximumCollectionCount;
1237. } FILE_PIPE_REMOTE_INFORMATION, *PFILE_PIPE_REMOTE_INFORMATION;
1238.  
1239. typedef struct _FILE_PIPE_WAIT_FOR_BUFFER {
1240.     LARGE_INTEGER   Timeout;
1241.     ULONG           NameLength;
1242.     BOOLEAN         TimeoutSpecified;
1243.     WCHAR           Name[1];
1244. } FILE_PIPE_WAIT_FOR_BUFFER, *PFILE_PIPE_WAIT_FOR_BUFFER;
1245.  
1246. typedef struct _FILE_QUOTA_INFORMATION {
1247.     ULONG           NextEntryOffset;
1248.     ULONG           SidLength;
1249.     LARGE_INTEGER   ChangeTime;
1250.     LARGE_INTEGER   QuotaUsed;
1251.     LARGE_INTEGER   QuotaThreshold;
1252.     LARGE_INTEGER   QuotaLimit;
1253.     SID             Sid;
1254. } FILE_QUOTA_INFORMATION, *PFILE_QUOTA_INFORMATION;
1255.  
1256. typedef struct _FILE_RENAME_INFORMATION {
1257.     BOOLEAN ReplaceIfExists;
1258.     HANDLE  RootDirectory;
1259.     ULONG   FileNameLength;
1260.     WCHAR   FileName[1];
1261. } FILE_RENAME_INFORMATION, *PFILE_RENAME_INFORMATION;
1262.  
1263. typedef struct _FILE_STREAM_INFORMATION {
1264.     ULONG           NextEntryOffset;
1265.     ULONG           StreamNameLength;
1266.     LARGE_INTEGER   StreamSize;
1267.     LARGE_INTEGER   StreamAllocationSize;
1268.     WCHAR           StreamName[1];
1269. } FILE_STREAM_INFORMATION, *PFILE_STREAM_INFORMATION;
1270.  
1271. typedef struct _FILE_TRACKING_INFORMATION {
1272.     HANDLE  DestinationFile;
1273.     ULONG   ObjectInformationLength;
1274.     CHAR    ObjectInformation[1];
1275. } FILE_TRACKING_INFORMATION, *PFILE_TRACKING_INFORMATION;
1276.  
1277. typedef struct _FSRTL_COMMON_FCB_HEADER {
1278.     CSHORT          NodeTypeCode;
1279.     CSHORT          NodeByteSize;
1280.     UCHAR           Flags;
1281.     UCHAR           IsFastIoPossible;
1282. #if (VER_PRODUCTBUILD >= 1381)
1283.     UCHAR           Flags2;
1284.     UCHAR           Reserved;
1285. #endif /* (VER_PRODUCTBUILD >= 1381) */
1286.     PERESOURCE      Resource;
1287.     PERESOURCE      PagingIoResource;
1288.     LARGE_INTEGER   AllocationSize;
1289.     LARGE_INTEGER   FileSize;
1290.     LARGE_INTEGER   ValidDataLength;
1291. } FSRTL_COMMON_FCB_HEADER, *PFSRTL_COMMON_FCB_HEADER;
1292.  
1293. typedef struct _GENERATE_NAME_CONTEXT {
1294.     USHORT  Checksum;
1295.     BOOLEAN CheckSumInserted;
1296.     UCHAR   NameLength;
1297.     WCHAR   NameBuffer[8];
1298.     ULONG   ExtensionLength;
1299.     WCHAR   ExtensionBuffer[4];
1300.     ULONG   LastIndexValue;
1301. } GENERATE_NAME_CONTEXT, *PGENERATE_NAME_CONTEXT;
1302.  
1303. typedef struct _HANDLE_TABLE_ENTRY {
1304.     PVOID   Object;
1305.     ULONG   ObjectAttributes;
1306.     ULONG   GrantedAccess;
1307.     USHORT  GrantedAccessIndex;
1308.     USHORT  CreatorBackTraceIndex;
1309.     ULONG   NextFreeTableEntry;
1310. } HANDLE_TABLE_ENTRY, *PHANDLE_TABLE_ENTRY;
1311.  
1312. typedef struct _MAPPING_PAIR {
1313.     ULONGLONG Vcn;
1314.     ULONGLONG Lcn;
1315. } MAPPING_PAIR, *PMAPPING_PAIR;
1316.  
1317. typedef struct _GET_RETRIEVAL_DESCRIPTOR {
1318.     ULONG           NumberOfPairs;
1319.     ULONGLONG       StartVcn;
1320.     MAPPING_PAIR    Pair[1];
1321. } GET_RETRIEVAL_DESCRIPTOR, *PGET_RETRIEVAL_DESCRIPTOR;
1322.  
1323. typedef struct _IO_CLIENT_EXTENSION {
1324.     struct _IO_CLIENT_EXTENSION *NextExtension;
1325.     PVOID                       ClientIdentificationAddress;
1326. } IO_CLIENT_EXTENSION, *PIO_CLIENT_EXTENSION;
1327.  
1328. typedef struct _IO_COMPLETION_BASIC_INFORMATION {
1329.     LONG Depth;
1330. } IO_COMPLETION_BASIC_INFORMATION, *PIO_COMPLETION_BASIC_INFORMATION;
1331.  
1332. typedef struct _KEVENT_PAIR {
1333.     USHORT Type;
1334.     USHORT Size;
1335.     KEVENT Event1;
1336.     KEVENT Event2;
1337. } KEVENT_PAIR, *PKEVENT_PAIR;
1338.  
1339. typedef struct _KQUEUE {
1340.     DISPATCHER_HEADER   Header;
1341.     LIST_ENTRY          EntryListHead;
1342.     ULONG               CurrentCount;
1343.     ULONG               MaximumCount;
1344.     LIST_ENTRY          ThreadListHead;
1345. } KQUEUE, *PKQUEUE, *RESTRICTED_POINTER PRKQUEUE;
1346.  
1347. typedef struct _MAILSLOT_CREATE_PARAMETERS {
1348.     ULONG           MailslotQuota;
1349.     ULONG           MaximumMessageSize;
1350.     LARGE_INTEGER   ReadTimeout;
1351.     BOOLEAN         TimeoutSpecified;
1352. } MAILSLOT_CREATE_PARAMETERS, *PMAILSLOT_CREATE_PARAMETERS;
1353.  
1354. typedef struct _MBCB {
1355.     CSHORT          NodeTypeCode;
1356.     CSHORT          NodeIsInZone;
1357.     ULONG           PagesToWrite;
1358.     ULONG           DirtyPages;
1359.     ULONG           Reserved;
1360.     LIST_ENTRY      BitmapRanges;
1361.     LONGLONG        ResumeWritePage;
1362.     BITMAP_RANGE    BitmapRange1;
1363.     BITMAP_RANGE    BitmapRange2;
1364.     BITMAP_RANGE    BitmapRange3;
1365. } MBCB, *PMBCB;
1366.  
1367. typedef struct _MOVEFILE_DESCRIPTOR {
1368.      HANDLE         FileHandle; 
1369.      ULONG          Reserved;   
1370.      LARGE_INTEGER  StartVcn; 
1371.      LARGE_INTEGER  TargetLcn;
1372.      ULONG          NumVcns; 
1373.      ULONG          Reserved1;  
1374. } MOVEFILE_DESCRIPTOR, *PMOVEFILE_DESCRIPTOR;
1375.  
1376. typedef struct _NAMED_PIPE_CREATE_PARAMETERS {
1377.     ULONG           NamedPipeType;
1378.     ULONG           ReadMode;
1379.     ULONG           CompletionMode;
1380.     ULONG           MaximumInstances;
1381.     ULONG           InboundQuota;
1382.     ULONG           OutboundQuota;
1383.     LARGE_INTEGER   DefaultTimeout;
1384.     BOOLEAN         TimeoutSpecified;
1385. } NAMED_PIPE_CREATE_PARAMETERS, *PNAMED_PIPE_CREATE_PARAMETERS;
1386.  
1387. typedef struct _OBJECT_BASIC_INFO {
1388.     ULONG           Attributes;
1389.     ACCESS_MASK     GrantedAccess;
1390.     ULONG           HandleCount;
1391.     ULONG           ReferenceCount;
1392.     ULONG           PagedPoolUsage;
1393.     ULONG           NonPagedPoolUsage;
1394.     ULONG           Reserved[3];
1395.     ULONG           NameInformationLength;
1396.     ULONG           TypeInformationLength;
1397.     ULONG           SecurityDescriptorLength;
1398.     LARGE_INTEGER   CreateTime;
1399. } OBJECT_BASIC_INFO, *POBJECT_BASIC_INFO;
1400.  
1401. typedef struct _OBJECT_HANDLE_ATTRIBUTE_INFO {
1402.     BOOLEAN Inherit;
1403.     BOOLEAN ProtectFromClose;
1404. } OBJECT_HANDLE_ATTRIBUTE_INFO, *POBJECT_HANDLE_ATTRIBUTE_INFO;
1405.  
1406. typedef struct _OBJECT_NAME_INFO {
1407.     UNICODE_STRING  ObjectName;
1408.     WCHAR           ObjectNameBuffer[1];
1409. } OBJECT_NAME_INFO, *POBJECT_NAME_INFO;
1410.  
1411. typedef struct _OBJECT_PROTECTION_INFO {
1412.     BOOLEAN Inherit;
1413.     BOOLEAN ProtectHandle;
1414. } OBJECT_PROTECTION_INFO, *POBJECT_PROTECTION_INFO;
1415.  
1416. typedef struct _OBJECT_TYPE_INFO {
1417.     UNICODE_STRING  ObjectTypeName;
1418.     UCHAR           Unknown[0x58];
1419.     WCHAR           ObjectTypeNameBuffer[1];
1420. } OBJECT_TYPE_INFO, *POBJECT_TYPE_INFO;
1421.  
1422. typedef struct _OBJECT_ALL_TYPES_INFO {
1423.     ULONG               NumberOfObjectTypes;
1424.     OBJECT_TYPE_INFO    ObjectsTypeInfo[1];
1425. } OBJECT_ALL_TYPES_INFO, *POBJECT_ALL_TYPES_INFO;
1426.  
1427. typedef struct _PAGEFAULT_HISTORY {
1428.     ULONG                           CurrentIndex;
1429.     ULONG                           MaxIndex;
1430.     KSPIN_LOCK                      SpinLock;
1431.     PVOID                           Reserved;
1432.     PROCESS_WS_WATCH_INFORMATION    WatchInfo[1];
1433. } PAGEFAULT_HISTORY, *PPAGEFAULT_HISTORY;
1434.  
1435. typedef struct _PATHNAME_BUFFER {
1436.     ULONG PathNameLength;
1437.     WCHAR Name[1];
1438. } PATHNAME_BUFFER, *PPATHNAME_BUFFER;
1439.  
1440. #if (VER_PRODUCTBUILD >= 2600)
1441.  
1442. typedef struct _PRIVATE_CACHE_MAP_FLAGS {
1443.     ULONG DontUse           : 16;
1444.     ULONG ReadAheadActive   : 1;
1445.     ULONG ReadAheadEnabled  : 1;
1446.     ULONG Available         : 14;
1447. } PRIVATE_CACHE_MAP_FLAGS, *PPRIVATE_CACHE_MAP_FLAGS;
1448.  
1449. typedef struct _PRIVATE_CACHE_MAP {
1450.     _ANONYMOUS_UNION union {
1451.         CSHORT                  NodeTypeCode;
1452.         PRIVATE_CACHE_MAP_FLAGS Flags;
1453.         ULONG                   UlongFlags;
1454.     } DUMMYUNIONNAME;
1455.     ULONG                       ReadAheadMask;
1456.     PFILE_OBJECT                FileObject;
1457.     LARGE_INTEGER               FileOffset1;
1458.     LARGE_INTEGER               BeyondLastByte1;
1459.     LARGE_INTEGER               FileOffset2;
1460.     LARGE_INTEGER               BeyondLastByte2;
1461.     LARGE_INTEGER               ReadAheadOffset[2];
1462.     ULONG                       ReadAheadLength[2];
1463.     KSPIN_LOCK                  ReadAheadSpinLock;
1464.     LIST_ENTRY                  PrivateLinks;
1465. } PRIVATE_CACHE_MAP, *PPRIVATE_CACHE_MAP;
1466.  
1467. #endif
1468.  
1469. typedef struct _PS_IMPERSONATION_INFORMATION {
1470.     PACCESS_TOKEN                   Token;
1471.     BOOLEAN                         CopyOnOpen;
1472.     BOOLEAN                         EffectiveOnly;
1473.     SECURITY_IMPERSONATION_LEVEL    ImpersonationLevel;
1474. } PS_IMPERSONATION_INFORMATION, *PPS_IMPERSONATION_INFORMATION;
1475.  
1476. typedef struct _PUBLIC_BCB {
1477.     CSHORT          NodeTypeCode;
1478.     CSHORT          NodeByteSize;
1479.     ULONG           MappedLength;
1480.     LARGE_INTEGER   MappedFileOffset;
1481. } PUBLIC_BCB, *PPUBLIC_BCB;
1482.  
1483. typedef struct _QUERY_PATH_REQUEST {
1484.     ULONG                   PathNameLength;
1485.     PIO_SECURITY_CONTEXT    SecurityContext;
1486.     WCHAR                   FilePathName[1];
1487. } QUERY_PATH_REQUEST, *PQUERY_PATH_REQUEST;
1488.  
1489. typedef struct _QUERY_PATH_RESPONSE {
1490.     ULONG LengthAccepted;
1491. } QUERY_PATH_RESPONSE, *PQUERY_PATH_RESPONSE;
1492.  
1493. typedef struct _RETRIEVAL_POINTERS_BUFFER {
1494.     ULONG               ExtentCount;
1495.     LARGE_INTEGER       StartingVcn;
1496.     struct {
1497.         LARGE_INTEGER   NextVcn;
1498.         LARGE_INTEGER   Lcn;
1499.     } Extents[1];
1500. } RETRIEVAL_POINTERS_BUFFER, *PRETRIEVAL_POINTERS_BUFFER;
1501.  
1502. typedef struct _RTL_SPLAY_LINKS {
1503.     struct _RTL_SPLAY_LINKS *Parent;
1504.     struct _RTL_SPLAY_LINKS *LeftChild;
1505.     struct _RTL_SPLAY_LINKS *RightChild;
1506. } RTL_SPLAY_LINKS, *PRTL_SPLAY_LINKS;
1507.  
1508. typedef struct _SE_EXPORTS {
1509.  
1510.     LUID    SeCreateTokenPrivilege;
1511.     LUID    SeAssignPrimaryTokenPrivilege;
1512.     LUID    SeLockMemoryPrivilege;
1513.     LUID    SeIncreaseQuotaPrivilege;
1514.     LUID    SeUnsolicitedInputPrivilege;
1515.     LUID    SeTcbPrivilege;
1516.     LUID    SeSecurityPrivilege;
1517.     LUID    SeTakeOwnershipPrivilege;
1518.     LUID    SeLoadDriverPrivilege;
1519.     LUID    SeCreatePagefilePrivilege;
1520.     LUID    SeIncreaseBasePriorityPrivilege;
1521.     LUID    SeSystemProfilePrivilege;
1522.     LUID    SeSystemtimePrivilege;
1523.     LUID    SeProfileSingleProcessPrivilege;
1524.     LUID    SeCreatePermanentPrivilege;
1525.     LUID    SeBackupPrivilege;
1526.     LUID    SeRestorePrivilege;
1527.     LUID    SeShutdownPrivilege;
1528.     LUID    SeDebugPrivilege;
1529.     LUID    SeAuditPrivilege;
1530.     LUID    SeSystemEnvironmentPrivilege;
1531.     LUID    SeChangeNotifyPrivilege;
1532.     LUID    SeRemoteShutdownPrivilege;
1533.  
1534.     PSID    SeNullSid;
1535.     PSID    SeWorldSid;
1536.     PSID    SeLocalSid;
1537.     PSID    SeCreatorOwnerSid;
1538.     PSID    SeCreatorGroupSid;
1539.  
1540.     PSID    SeNtAuthoritySid;
1541.     PSID    SeDialupSid;
1542.     PSID    SeNetworkSid;
1543.     PSID    SeBatchSid;
1544.     PSID    SeInteractiveSid;
1545.     PSID    SeLocalSystemSid;
1546.     PSID    SeAliasAdminsSid;
1547.     PSID    SeAliasUsersSid;
1548.     PSID    SeAliasGuestsSid;
1549.     PSID    SeAliasPowerUsersSid;
1550.     PSID    SeAliasAccountOpsSid;
1551.     PSID    SeAliasSystemOpsSid;
1552.     PSID    SeAliasPrintOpsSid;
1553.     PSID    SeAliasBackupOpsSid;
1554.  
1555.     PSID    SeAuthenticatedUsersSid;
1556.  
1557.     PSID    SeRestrictedSid;
1558.     PSID    SeAnonymousLogonSid;
1559.  
1560.     LUID    SeUndockPrivilege;
1561.     LUID    SeSyncAgentPrivilege;
1562.     LUID    SeEnableDelegationPrivilege;
1563.  
1564. } SE_EXPORTS, *PSE_EXPORTS;
1565.  
1566. typedef struct _SECTION_BASIC_INFORMATION {
1567.     PVOID           BaseAddress;
1568.     ULONG           Attributes;
1569.     LARGE_INTEGER   Size;
1570. } SECTION_BASIC_INFORMATION, *PSECTION_BASIC_INFORMATION;
1571.  
1572. typedef struct _SECTION_IMAGE_INFORMATION {
1573.     PVOID   EntryPoint;
1574.     ULONG   Unknown1;
1575.     ULONG   StackReserve;
1576.     ULONG   StackCommit;
1577.     ULONG   Subsystem;
1578.     USHORT  MinorSubsystemVersion;
1579.     USHORT  MajorSubsystemVersion;
1580.     ULONG   Unknown2;
1581.     ULONG   Characteristics;
1582.     USHORT  ImageNumber;
1583.     BOOLEAN Executable;
1584.     UCHAR   Unknown3;
1585.     ULONG   Unknown4[3];
1586. } SECTION_IMAGE_INFORMATION, *PSECTION_IMAGE_INFORMATION;
1587.  
1588. #if (VER_PRODUCTBUILD >= 2600)
1589.  
1590. typedef struct _SHARED_CACHE_MAP {
1591.     CSHORT                      NodeTypeCode;
1592.     CSHORT                      NodeByteSize;
1593.     ULONG                       OpenCount;
1594.     LARGE_INTEGER               FileSize;
1595.     LIST_ENTRY                  BcbList;
1596.     LARGE_INTEGER               SectionSize;
1597.     LARGE_INTEGER               ValidDataLength;
1598.     LARGE_INTEGER               ValidDataGoal;
1599.     PVACB                       InitialVacbs[4];
1600.     PVACB                       *Vacbs;
1601.     PFILE_OBJECT                FileObject;
1602.     PVACB                       ActiveVacb;
1603.     PVOID                       NeedToZero;
1604.     ULONG                       ActivePage;
1605.     ULONG                       NeedToZeroPage;
1606.     KSPIN_LOCK                  ActiveVacbSpinLock;
1607.     ULONG                       VacbActiveCount;
1608.     ULONG                       DirtyPages;
1609.     LIST_ENTRY                  SharedCacheMapLinks;
1610.     ULONG                       Flags;
1611.     NTSTATUS                    Status;
1612.     PMBCB                       Mbcb;
1613.     PVOID                       Section;
1614.     PKEVENT                     CreateEvent;
1615.     PKEVENT                     WaitOnActiveCount;
1616.     ULONG                       PagesToWrite;
1617.     LONGLONG                    BeyondLastFlush;
1618.     PCACHE_MANAGER_CALLBACKS    Callbacks;
1619.     PVOID                       LazyWriteContext;
1620.     LIST_ENTRY                  PrivateList;
1621.     PVOID                       LogHandle;
1622.     PVOID                       FlushToLsnRoutine;
1623.     ULONG                       DirtyPageThreshold;
1624.     ULONG                       LazyWritePassCount;
1625.     PCACHE_UNINITIALIZE_EVENT   UninitializeEvent;
1626.     PVACB                       NeedToZeroVacb;
1627.     KSPIN_LOCK                  BcbSpinLock;
1628.     PVOID                       Reserved;
1629.     KEVENT                      Event;
1630.     EX_PUSH_LOCK                VacbPushLock;
1631.     PRIVATE_CACHE_MAP           PrivateCacheMap;
1632. } SHARED_CACHE_MAP, *PSHARED_CACHE_MAP;
1633.  
1634. #endif
1635.  
1636. typedef struct _STARTING_VCN_INPUT_BUFFER {
1637.     LARGE_INTEGER StartingVcn;
1638. } STARTING_VCN_INPUT_BUFFER, *PSTARTING_VCN_INPUT_BUFFER;
1639.  
1640. typedef struct _SYSTEM_CACHE_INFORMATION {
1641.     ULONG CurrentSize;
1642.     ULONG PeakSize;
1643.     ULONG PageFaultCount;
1644.     ULONG MinimumWorkingSet;
1645.     ULONG MaximumWorkingSet;
1646.     ULONG Unused[4];
1647. } SYSTEM_CACHE_INFORMATION, *PSYSTEM_CACHE_INFORMATION;
1648.  
1649. typedef struct _TERMINATION_PORT {
1650.     struct _TERMINATION_PORT*   Next;
1651.     PVOID                       Port;
1652. } TERMINATION_PORT, *PTERMINATION_PORT;
1653.  
1654. typedef struct _SECURITY_CLIENT_CONTEXT {
1655.     SECURITY_QUALITY_OF_SERVICE SecurityQos;
1656.     PACCESS_TOKEN               ClientToken;
1657.     BOOLEAN                     DirectlyAccessClientToken;
1658.     BOOLEAN                     DirectAccessEffectiveOnly;
1659.     BOOLEAN                     ServerIsRemote;
1660.     TOKEN_CONTROL               ClientTokenControl;
1661. } SECURITY_CLIENT_CONTEXT, *PSECURITY_CLIENT_CONTEXT;
1662.  
1663. typedef struct _TUNNEL {
1664.     FAST_MUTEX          Mutex;
1665.     PRTL_SPLAY_LINKS    Cache;
1666.     LIST_ENTRY          TimerQueue;
1667.     USHORT              NumEntries;
1668. } TUNNEL, *PTUNNEL;
1669.  
1670. typedef struct _VACB {
1671.     PVOID               BaseAddress;
1672.     PSHARED_CACHE_MAP   SharedCacheMap;
1673.     union {
1674.         LARGE_INTEGER   FileOffset;
1675.         USHORT          ActiveCount;
1676.     } Overlay;
1677.     LIST_ENTRY          LruList;
1678. } VACB, *PVACB;
1679.  
1680. typedef struct _VAD_HEADER {
1681.     PVOID       StartVPN;
1682.     PVOID       EndVPN;
1683.     PVAD_HEADER ParentLink;
1684.     PVAD_HEADER LeftLink;
1685.     PVAD_HEADER RightLink;
1686.     ULONG       Flags;          /* LSB = CommitCharge */
1687.     PVOID       ControlArea;
1688.     PVOID       FirstProtoPte;
1689.     PVOID       LastPTE;
1690.     ULONG       Unknown;
1691.     LIST_ENTRY  Secured;
1692. } VAD_HEADER, *PVAD_HEADER;
1693.  
1694. NTKERNELAPI
1695. BOOLEAN
1696. NTAPI
1697. CcCanIWrite (
1698.     IN PFILE_OBJECT FileObject,
1699.     IN ULONG        BytesToWrite,
1700.     IN BOOLEAN      Wait,
1701.     IN BOOLEAN      Retrying
1702. );
1703.  
1704. NTKERNELAPI
1705. BOOLEAN
1706. NTAPI
1707. CcCopyRead (
1708.     IN PFILE_OBJECT         FileObject,
1709.     IN PLARGE_INTEGER       FileOffset,
1710.     IN ULONG                Length,
1711.     IN BOOLEAN              Wait,
1712.     OUT PVOID               Buffer,
1713.     OUT PIO_STATUS_BLOCK    IoStatus
1714. );
1715.  
1716. NTKERNELAPI
1717. BOOLEAN
1718. NTAPI
1719. CcCopyWrite (
1720.     IN PFILE_OBJECT     FileObject,
1721.     IN PLARGE_INTEGER   FileOffset,
1722.     IN ULONG            Length,
1723.     IN BOOLEAN          Wait,
1724.     IN PVOID            Buffer
1725. );
1726.  
1727. #define CcCopyWriteWontFlush(FO, FOFF, LEN) ((LEN) <= 0x10000)
1728.  
1729. typedef VOID (NTAPI *PCC_POST_DEFERRED_WRITE) (
1730.     IN PVOID Context1,
1731.     IN PVOID Context2
1732. );
1733.  
1734. NTKERNELAPI
1735. VOID
1736. NTAPI
1737. CcDeferWrite (
1738.     IN PFILE_OBJECT             FileObject,
1739.     IN PCC_POST_DEFERRED_WRITE  PostRoutine,
1740.     IN PVOID                    Context1,
1741.     IN PVOID                    Context2,
1742.     IN ULONG                    BytesToWrite,
1743.     IN BOOLEAN                  Retrying
1744. );
1745.  
1746. NTKERNELAPI
1747. VOID
1748. NTAPI
1749. CcFastCopyRead (
1750.     IN PFILE_OBJECT         FileObject,
1751.     IN ULONG                FileOffset,
1752.     IN ULONG                Length,
1753.     IN ULONG                PageCount,
1754.     OUT PVOID               Buffer,
1755.     OUT PIO_STATUS_BLOCK    IoStatus
1756. );
1757.  
1758. NTKERNELAPI
1759. VOID
1760. NTAPI
1761. CcFastCopyWrite (
1762.     IN PFILE_OBJECT FileObject,
1763.     IN ULONG        FileOffset,
1764.     IN ULONG        Length,
1765.     IN PVOID        Buffer
1766. );
1767.  
1768. NTKERNELAPI
1769. VOID
1770. NTAPI
1771. CcFlushCache (
1772.     IN PSECTION_OBJECT_POINTERS SectionObjectPointer,
1773.     IN PLARGE_INTEGER           FileOffset OPTIONAL,
1774.     IN ULONG                    Length,
1775.     OUT PIO_STATUS_BLOCK        IoStatus OPTIONAL
1776. );
1777.  
1778. typedef VOID (*PDIRTY_PAGE_ROUTINE) (
1779.     IN PFILE_OBJECT     FileObject,
1780.     IN PLARGE_INTEGER   FileOffset,
1781.     IN ULONG            Length,
1782.     IN PLARGE_INTEGER   OldestLsn,
1783.     IN PLARGE_INTEGER   NewestLsn,
1784.     IN PVOID            Context1,
1785.     IN PVOID            Context2
1786. );
1787.  
1788. NTKERNELAPI
1789. LARGE_INTEGER
1790. NTAPI
1791. CcGetDirtyPages (
1792.     IN PVOID                LogHandle,
1793.     IN PDIRTY_PAGE_ROUTINE  DirtyPageRoutine,
1794.     IN PVOID                Context1,
1795.     IN PVOID                Context2
1796. );
1797.  
1798. NTKERNELAPI
1799. PFILE_OBJECT
1800. NTAPI
1801. CcGetFileObjectFromBcb (
1802.     IN PVOID Bcb
1803. );
1804.  
1805. NTKERNELAPI
1806. PFILE_OBJECT
1807. NTAPI
1808. CcGetFileObjectFromSectionPtrs (
1809.     IN PSECTION_OBJECT_POINTERS SectionObjectPointer
1810. );
1811.  
1812. #define CcGetFileSizePointer(FO) (                                     \
1813.     ((PLARGE_INTEGER)((FO)->SectionObjectPointer->SharedCacheMap) + 1) \
1814. )
1815.  
1816. #if (VER_PRODUCTBUILD >= 2195)
1817.  
1818. NTKERNELAPI
1819. LARGE_INTEGER
1820. NTAPI
1821. CcGetFlushedValidData (
1822.     IN PSECTION_OBJECT_POINTERS SectionObjectPointer,
1823.     IN BOOLEAN                  BcbListHeld
1824. );
1825.  
1826. #endif /* (VER_PRODUCTBUILD >= 2195) */
1827.  
1828. NTKERNELAPI
1829. LARGE_INTEGER
1830. CcGetLsnForFileObject (
1831.     IN PFILE_OBJECT     FileObject,
1832.     OUT PLARGE_INTEGER  OldestLsn OPTIONAL
1833. );
1834.  
1835. typedef BOOLEAN (NTAPI *PACQUIRE_FOR_LAZY_WRITE) (
1836.     IN PVOID    Context,
1837.     IN BOOLEAN  Wait
1838. );
1839.  
1840. typedef VOID (NTAPI *PRELEASE_FROM_LAZY_WRITE) (
1841.     IN PVOID Context
1842. );
1843.  
1844. typedef BOOLEAN (NTAPI *PACQUIRE_FOR_READ_AHEAD) (
1845.     IN PVOID    Context,
1846.     IN BOOLEAN  Wait
1847. );
1848.  
1849. typedef VOID (NTAPI *PRELEASE_FROM_READ_AHEAD) (
1850.     IN PVOID Context
1851. );
1852.  
1853. typedef struct _CACHE_MANAGER_CALLBACKS {
1854.     PACQUIRE_FOR_LAZY_WRITE     AcquireForLazyWrite;
1855.     PRELEASE_FROM_LAZY_WRITE    ReleaseFromLazyWrite;
1856.     PACQUIRE_FOR_READ_AHEAD     AcquireForReadAhead;
1857.     PRELEASE_FROM_READ_AHEAD    ReleaseFromReadAhead;
1858. } CACHE_MANAGER_CALLBACKS, *PCACHE_MANAGER_CALLBACKS;
1859.  
1860. NTKERNELAPI
1861. VOID
1862. NTAPI
1863. CcInitializeCacheMap (
1864.     IN PFILE_OBJECT             FileObject,
1865.     IN PCC_FILE_SIZES           FileSizes,
1866.     IN BOOLEAN                  PinAccess,
1867.     IN PCACHE_MANAGER_CALLBACKS Callbacks,
1868.     IN PVOID                    LazyWriteContext
1869. );
1870.  
1871. #define CcIsFileCached(FO) (                                                         \
1872.     ((FO)->SectionObjectPointer != NULL) &&                                          \
1873.     (((PSECTION_OBJECT_POINTERS)(FO)->SectionObjectPointer)->SharedCacheMap != NULL) \
1874. )
1875.  
1876. NTKERNELAPI
1877. BOOLEAN
1878. NTAPI
1879. CcIsThereDirtyData (
1880.     IN PVPB Vpb
1881. );
1882.  
1883. NTKERNELAPI
1884. BOOLEAN
1885. NTAPI
1886. CcMapData (
1887.     IN PFILE_OBJECT     FileObject,
1888.     IN PLARGE_INTEGER   FileOffset,
1889.     IN ULONG            Length,
1890.     IN BOOLEAN          Wait,
1891.     OUT PVOID           *Bcb,
1892.     OUT PVOID           *Buffer
1893. );
1894.  
1895. NTKERNELAPI
1896. VOID
1897. NTAPI
1898. CcMdlRead (
1899.     IN PFILE_OBJECT         FileObject,
1900.     IN PLARGE_INTEGER       FileOffset,
1901.     IN ULONG                Length,
1902.     OUT PMDL                *MdlChain,
1903.     OUT PIO_STATUS_BLOCK    IoStatus
1904. );
1905.  
1906. NTKERNELAPI
1907. VOID
1908. NTAPI
1909. CcMdlReadComplete (
1910.     IN PFILE_OBJECT FileObject,
1911.     IN PMDL         MdlChain
1912. );
1913.  
1914. NTKERNELAPI
1915. VOID
1916. NTAPI
1917. CcMdlWriteComplete (
1918.     IN PFILE_OBJECT     FileObject,
1919.     IN PLARGE_INTEGER   FileOffset,
1920.     IN PMDL             MdlChain
1921. );
1922.  
1923. NTKERNELAPI
1924. BOOLEAN
1925. NTAPI
1926. CcPinMappedData (
1927.     IN PFILE_OBJECT     FileObject,
1928.     IN PLARGE_INTEGER   FileOffset,
1929.     IN ULONG            Length,
1930. #if (VER_PRODUCTBUILD >= 2195)
1931.     IN ULONG            Flags,
1932. #else
1933.     IN BOOLEAN          Wait,
1934. #endif
1935.     IN OUT PVOID        *Bcb
1936. );
1937.  
1938. NTKERNELAPI
1939. BOOLEAN
1940. NTAPI
1941. CcPinRead (
1942.     IN PFILE_OBJECT     FileObject,
1943.     IN PLARGE_INTEGER   FileOffset,
1944.     IN ULONG            Length,
1945. #if (VER_PRODUCTBUILD >= 2195)
1946.     IN ULONG            Flags,
1947. #else
1948.     IN BOOLEAN          Wait,
1949. #endif
1950.     OUT PVOID           *Bcb,
1951.     OUT PVOID           *Buffer
1952. );
1953.  
1954. NTKERNELAPI
1955. VOID
1956. NTAPI
1957. CcPrepareMdlWrite (
1958.     IN PFILE_OBJECT         FileObject,
1959.     IN PLARGE_INTEGER       FileOffset,
1960.     IN ULONG                Length,
1961.     OUT PMDL                *MdlChain,
1962.     OUT PIO_STATUS_BLOCK    IoStatus
1963. );
1964.  
1965. NTKERNELAPI
1966. BOOLEAN
1967. NTAPI
1968. CcPreparePinWrite (
1969.     IN PFILE_OBJECT     FileObject,
1970.     IN PLARGE_INTEGER   FileOffset,
1971.     IN ULONG            Length,
1972.     IN BOOLEAN          Zero,
1973. #if (VER_PRODUCTBUILD >= 2195)
1974.     IN ULONG            Flags,
1975. #else
1976.     IN BOOLEAN          Wait,
1977. #endif
1978.     OUT PVOID           *Bcb,
1979.     OUT PVOID           *Buffer
1980. );
1981.  
1982. NTKERNELAPI
1983. BOOLEAN
1984. NTAPI
1985. CcPurgeCacheSection (
1986.     IN PSECTION_OBJECT_POINTERS SectionObjectPointer,
1987.     IN PLARGE_INTEGER           FileOffset OPTIONAL,
1988.     IN ULONG                    Length,
1989.     IN BOOLEAN                  UninitializeCacheMaps
1990. );
1991.  
1992. #define CcReadAhead(FO, FOFF, LEN) (                \
1993.     if ((LEN) >= 256) {                             \
1994.         CcScheduleReadAhead((FO), (FOFF), (LEN));   \
1995.     }                                               \
1996. )
1997.  
1998. #if (VER_PRODUCTBUILD >= 2195)
1999.  
2000. NTKERNELAPI
2001. PVOID
2002. NTAPI
2003. CcRemapBcb (
2004.     IN PVOID Bcb
2005. );
2006.  
2007. #endif /* (VER_PRODUCTBUILD >= 2195) */
2008.  
2009. NTKERNELAPI
2010. VOID
2011. NTAPI
2012. CcRepinBcb (
2013.     IN PVOID Bcb
2014. );
2015.  
2016. NTKERNELAPI
2017. VOID
2018. NTAPI
2019. CcScheduleReadAhead (
2020.     IN PFILE_OBJECT     FileObject,
2021.     IN PLARGE_INTEGER   FileOffset,
2022.     IN ULONG            Length
2023. );
2024.  
2025. NTKERNELAPI
2026. VOID
2027. NTAPI
2028. CcSetAdditionalCacheAttributes (
2029.     IN PFILE_OBJECT FileObject,
2030.     IN BOOLEAN      DisableReadAhead,
2031.     IN BOOLEAN      DisableWriteBehind
2032. );
2033.  
2034. NTKERNELAPI
2035. VOID
2036. NTAPI
2037. CcSetBcbOwnerPointer (
2038.     IN PVOID Bcb,
2039.     IN PVOID OwnerPointer
2040. );
2041.  
2042. NTKERNELAPI
2043. VOID
2044. NTAPI
2045. CcSetDirtyPageThreshold (
2046.     IN PFILE_OBJECT FileObject,
2047.     IN ULONG        DirtyPageThreshold
2048. );
2049.  
2050. NTKERNELAPI
2051. VOID
2052. NTAPI
2053. CcSetDirtyPinnedData (
2054.     IN PVOID            BcbVoid,
2055.     IN PLARGE_INTEGER   Lsn OPTIONAL
2056. );
2057.  
2058. NTKERNELAPI
2059. VOID
2060. NTAPI
2061. CcSetFileSizes (
2062.     IN PFILE_OBJECT     FileObject,
2063.     IN PCC_FILE_SIZES   FileSizes
2064. );
2065.  
2066. typedef VOID (NTAPI *PFLUSH_TO_LSN) (
2067.     IN PVOID            LogHandle,
2068.     IN PLARGE_INTEGER   Lsn
2069. );
2070.  
2071. NTKERNELAPI
2072. VOID
2073. NTAPI
2074. CcSetLogHandleForFile (
2075.     IN PFILE_OBJECT     FileObject,
2076.     IN PVOID            LogHandle,
2077.     IN PFLUSH_TO_LSN    FlushToLsnRoutine
2078. );
2079.  
2080. NTKERNELAPI
2081. VOID
2082. NTAPI
2083. CcSetReadAheadGranularity (
2084.     IN PFILE_OBJECT FileObject,
2085.     IN ULONG        Granularity     /* default: PAGE_SIZE */
2086.                                     /* allowed: 2^n * PAGE_SIZE */
2087. );
2088.  
2089. NTKERNELAPI
2090. BOOLEAN
2091. NTAPI
2092. CcUninitializeCacheMap (
2093.     IN PFILE_OBJECT                 FileObject,
2094.     IN PLARGE_INTEGER               TruncateSize OPTIONAL,
2095.     IN PCACHE_UNINITIALIZE_EVENT    UninitializeCompleteEvent OPTIONAL
2096. );
2097.  
2098. NTKERNELAPI
2099. VOID
2100. NTAPI
2101. CcUnpinData (
2102.     IN PVOID Bcb
2103. );
2104.  
2105. NTKERNELAPI
2106. VOID
2107. NTAPI
2108. CcUnpinDataForThread (
2109.     IN PVOID            Bcb,
2110.     IN ERESOURCE_THREAD ResourceThreadId
2111. );
2112.  
2113. NTKERNELAPI
2114. VOID
2115. NTAPI
2116. CcUnpinRepinnedBcb (
2117.     IN PVOID                Bcb,
2118.     IN BOOLEAN              WriteThrough,
2119.     OUT PIO_STATUS_BLOCK    IoStatus
2120. );
2121.  
2122. #if (VER_PRODUCTBUILD >= 2195)
2123.  
2124. NTKERNELAPI
2125. NTSTATUS
2126. NTAPI
2127. CcWaitForCurrentLazyWriterActivity (
2128.     VOID
2129. );
2130.  
2131. #endif /* (VER_PRODUCTBUILD >= 2195) */
2132.  
2133. NTKERNELAPI
2134. BOOLEAN
2135. NTAPI
2136. CcZeroData (
2137.     IN PFILE_OBJECT     FileObject,
2138.     IN PLARGE_INTEGER   StartOffset,
2139.     IN PLARGE_INTEGER   EndOffset,
2140.     IN BOOLEAN          Wait
2141. );
2142.  
2143. NTKERNELAPI
2144. VOID
2145. NTAPI
2146. ExDisableResourceBoostLite (
2147.     IN PERESOURCE Resource
2148. );
2149.  
2150. NTKERNELAPI
2151. ULONG
2152. NTAPI
2153. ExQueryPoolBlockSize (
2154.     IN PVOID        PoolBlock,
2155.     OUT PBOOLEAN    QuotaCharged
2156. );
2157.  
2158. #define FlagOn(x, f) ((x) & (f))
2159.  
2160. NTKERNELAPI
2161. VOID
2162. NTAPI
2163. FsRtlAddToTunnelCache (
2164.     IN PTUNNEL          Cache,
2165.     IN ULONGLONG        DirectoryKey,
2166.     IN PUNICODE_STRING  ShortName,
2167.     IN PUNICODE_STRING  LongName,
2168.     IN BOOLEAN          KeyByShortName,
2169.     IN ULONG            DataLength,
2170.     IN PVOID            Data
2171. );
2172.  
2173. #if (VER_PRODUCTBUILD >= 2195)
2174.  
2175. PFILE_LOCK
2176. NTAPI
2177. FsRtlAllocateFileLock (
2178.     IN PCOMPLETE_LOCK_IRP_ROUTINE   CompleteLockIrpRoutine OPTIONAL,
2179.     IN PUNLOCK_ROUTINE              UnlockRoutine OPTIONAL
2180. );
2181.  
2182. #endif /* (VER_PRODUCTBUILD >= 2195) */
2183.  
2184. NTKERNELAPI
2185. PVOID
2186. NTAPI
2187. FsRtlAllocatePool (
2188.     IN POOL_TYPE    PoolType,
2189.     IN ULONG        NumberOfBytes
2190. );
2191.  
2192. NTKERNELAPI
2193. PVOID
2194. NTAPI
2195. FsRtlAllocatePoolWithQuota (
2196.     IN POOL_TYPE    PoolType,
2197.     IN ULONG        NumberOfBytes
2198. );
2199.  
2200. NTKERNELAPI
2201. PVOID
2202. NTAPI
2203. FsRtlAllocatePoolWithQuotaTag (
2204.     IN POOL_TYPE    PoolType,
2205.     IN ULONG        NumberOfBytes,
2206.     IN ULONG        Tag
2207. );
2208.  
2209. NTKERNELAPI
2210. PVOID
2211. NTAPI
2212. FsRtlAllocatePoolWithTag (
2213.     IN POOL_TYPE    PoolType,
2214.     IN ULONG        NumberOfBytes,
2215.     IN ULONG        Tag
2216. );
2217.  
2218. NTKERNELAPI
2219. BOOLEAN
2220. NTAPI
2221. FsRtlAreNamesEqual (
2222.     IN PUNICODE_STRING  Name1,
2223.     IN PUNICODE_STRING  Name2,
2224.     IN BOOLEAN          IgnoreCase,
2225.     IN PWCHAR           UpcaseTable OPTIONAL
2226. );
2227.  
2228. #define FsRtlAreThereCurrentFileLocks(FL) ( \
2229.     ((FL)->FastIoIsQuestionable)            \
2230. )
2231.  
2232. /*
2233.   FsRtlCheckLockForReadAccess:
2234.  
2235.   All this really does is pick out the lock parameters from the irp (io stack
2236.   location?), get IoGetRequestorProcess, and pass values on to
2237.   FsRtlFastCheckLockForRead.
2238. */
2239. NTKERNELAPI
2240. BOOLEAN
2241. NTAPI
2242. FsRtlCheckLockForReadAccess (
2243.     IN PFILE_LOCK   FileLock,
2244.     IN PIRP         Irp
2245. );
2246.  
2247. /*
2248.   FsRtlCheckLockForWriteAccess:
2249.  
2250.   All this really does is pick out the lock parameters from the irp (io stack
2251.   location?), get IoGetRequestorProcess, and pass values on to
2252.   FsRtlFastCheckLockForWrite.
2253. */
2254. NTKERNELAPI
2255. BOOLEAN
2256. NTAPI
2257. FsRtlCheckLockForWriteAccess (
2258.     IN PFILE_LOCK   FileLock,
2259.     IN PIRP         Irp
2260. );
2261.  
2262. typedef
2263. VOID NTAPI
2264. (*POPLOCK_WAIT_COMPLETE_ROUTINE) (
2265.     IN PVOID    Context,
2266.     IN PIRP     Irp
2267. );
2268.  
2269. typedef
2270. VOID NTAPI
2271. (*POPLOCK_FS_PREPOST_IRP) (
2272.     IN PVOID    Context,
2273.     IN PIRP     Irp
2274. );
2275.  
2276. NTKERNELAPI
2277. NTSTATUS
2278. NTAPI
2279. FsRtlCheckOplock (
2280.     IN POPLOCK                          Oplock,
2281.     IN PIRP                             Irp,
2282.     IN PVOID                            Context,
2283.     IN POPLOCK_WAIT_COMPLETE_ROUTINE    CompletionRoutine OPTIONAL,
2284.     IN POPLOCK_FS_PREPOST_IRP           PostIrpRoutine OPTIONAL
2285. );
2286.  
2287. NTKERNELAPI
2288. BOOLEAN
2289. NTAPI
2290. FsRtlCopyRead (
2291.     IN PFILE_OBJECT         FileObject,
2292.     IN PLARGE_INTEGER       FileOffset,
2293.     IN ULONG                Length,
2294.     IN BOOLEAN              Wait,
2295.     IN ULONG                LockKey,
2296.     OUT PVOID               Buffer,
2297.     OUT PIO_STATUS_BLOCK    IoStatus,
2298.     IN PDEVICE_OBJECT       DeviceObject
2299. );
2300.  
2301. NTKERNELAPI
2302. BOOLEAN
2303. NTAPI
2304. FsRtlCopyWrite (
2305.     IN PFILE_OBJECT         FileObject,
2306.     IN PLARGE_INTEGER       FileOffset,
2307.     IN ULONG                Length,
2308.     IN BOOLEAN              Wait,
2309.     IN ULONG                LockKey,
2310.     IN PVOID                Buffer,
2311.     OUT PIO_STATUS_BLOCK    IoStatus,
2312.     IN PDEVICE_OBJECT       DeviceObject
2313. );
2314.  
2315. NTKERNELAPI
2316. BOOLEAN
2317. NTAPI
2318. FsRtlCurrentBatchOplock (
2319.     IN POPLOCK Oplock
2320. );
2321.  
2322. NTKERNELAPI
2323. VOID
2324. NTAPI
2325. FsRtlDeleteKeyFromTunnelCache (
2326.     IN PTUNNEL      Cache,
2327.     IN ULONGLONG    DirectoryKey
2328. );
2329.  
2330. NTKERNELAPI
2331. VOID
2332. NTAPI
2333. FsRtlDeleteTunnelCache (
2334.     IN PTUNNEL Cache
2335. );
2336.  
2337. NTKERNELAPI
2338. VOID
2339. NTAPI
2340. FsRtlDeregisterUncProvider (
2341.     IN HANDLE Handle
2342. );
2343.  
2344. NTKERNELAPI
2345. BOOLEAN
2346. NTAPI
2347. FsRtlDoesNameContainWildCards (
2348.     IN PUNICODE_STRING Name
2349. );
2350.  
2351. #define FsRtlEnterFileSystem    KeEnterCriticalRegion
2352.  
2353. #define FsRtlExitFileSystem     KeLeaveCriticalRegion
2354.  
2355. NTKERNELAPI
2356. BOOLEAN
2357. NTAPI
2358. FsRtlFastCheckLockForRead (
2359.     IN PFILE_LOCK           FileLock,
2360.     IN PLARGE_INTEGER       FileOffset,
2361.     IN PLARGE_INTEGER       Length,
2362.     IN ULONG                Key,
2363.     IN PFILE_OBJECT         FileObject,
2364.     IN PEPROCESS            Process
2365. );
2366.  
2367. NTKERNELAPI
2368. BOOLEAN
2369. NTAPI
2370. FsRtlFastCheckLockForWrite (
2371.     IN PFILE_LOCK           FileLock,
2372.     IN PLARGE_INTEGER       FileOffset,
2373.     IN PLARGE_INTEGER       Length,
2374.     IN ULONG                Key,
2375.     IN PFILE_OBJECT         FileObject,
2376.     IN PEPROCESS            Process
2377. );
2378.  
2379. #define FsRtlFastLock(A1, A2, A3, A4, A5, A6, A7, A8, A9, A10, A11) (       \
2380.      FsRtlPrivateLock(A1, A2, A3, A4, A5, A6, A7, A8, A9, NULL, A10, A11)   \
2381. )
2382.  
2383. NTKERNELAPI
2384. NTSTATUS
2385. NTAPI
2386. FsRtlFastUnlockAll (
2387.     IN PFILE_LOCK           FileLock,
2388.     IN PFILE_OBJECT         FileObject,
2389.     IN PEPROCESS            Process,
2390.     IN PVOID                Context OPTIONAL
2391. );
2392. /* ret: STATUS_RANGE_NOT_LOCKED */
2393.  
2394. NTKERNELAPI
2395. NTSTATUS
2396. NTAPI
2397. FsRtlFastUnlockAllByKey (
2398.     IN PFILE_LOCK           FileLock,
2399.     IN PFILE_OBJECT         FileObject,
2400.     IN PEPROCESS            Process,
2401.     IN ULONG                Key,
2402.     IN PVOID                Context OPTIONAL
2403. );  
2404. /* ret: STATUS_RANGE_NOT_LOCKED */
2405.  
2406. NTKERNELAPI
2407. NTSTATUS
2408. NTAPI
2409. FsRtlFastUnlockSingle (
2410.     IN PFILE_LOCK           FileLock,
2411.     IN PFILE_OBJECT         FileObject,
2412.     IN PLARGE_INTEGER       FileOffset,
2413.     IN PLARGE_INTEGER       Length,
2414.     IN PEPROCESS            Process,
2415.     IN ULONG                Key,
2416.     IN PVOID                Context OPTIONAL,
2417.     IN BOOLEAN              AlreadySynchronized
2418. );                      
2419. /* ret:  STATUS_RANGE_NOT_LOCKED */
2420.  
2421. NTKERNELAPI
2422. BOOLEAN
2423. NTAPI
2424. FsRtlFindInTunnelCache (
2425.     IN PTUNNEL          Cache,
2426.     IN ULONGLONG        DirectoryKey,
2427.     IN PUNICODE_STRING  Name,
2428.     OUT PUNICODE_STRING ShortName,
2429.     OUT PUNICODE_STRING LongName,
2430.     IN OUT PULONG       DataLength,
2431.     OUT PVOID           Data
2432. );
2433.  
2434. #if (VER_PRODUCTBUILD >= 2195)
2435.  
2436. NTKERNELAPI
2437. VOID
2438. NTAPI
2439. FsRtlFreeFileLock (
2440.     IN PFILE_LOCK FileLock
2441. );
2442.  
2443. #endif /* (VER_PRODUCTBUILD >= 2195) */
2444.  
2445. NTKERNELAPI
2446. NTSTATUS
2447. NTAPI
2448. FsRtlGetFileSize (
2449.     IN PFILE_OBJECT         FileObject,
2450.     IN OUT PLARGE_INTEGER   FileSize
2451. );
2452.  
2453. /*
2454.   FsRtlGetNextFileLock:
2455.  
2456.   ret: NULL if no more locks
2457.  
2458.   Internals:
2459.     FsRtlGetNextFileLock uses FileLock->LastReturnedLockInfo and
2460.     FileLock->LastReturnedLock as storage.
2461.     LastReturnedLock is a pointer to the 'raw' lock inkl. double linked
2462.     list, and FsRtlGetNextFileLock needs this to get next lock on subsequent
2463.     calls with Restart = FALSE.
2464. */
2465. NTKERNELAPI
2466. PFILE_LOCK_INFO
2467. NTAPI
2468. FsRtlGetNextFileLock (
2469.     IN PFILE_LOCK   FileLock,
2470.     IN BOOLEAN      Restart
2471. );
2472.  
2473. NTKERNELAPI
2474. VOID
2475. NTAPI
2476. FsRtlInitializeFileLock (
2477.     IN PFILE_LOCK                   FileLock,
2478.     IN PCOMPLETE_LOCK_IRP_ROUTINE   CompleteLockIrpRoutine OPTIONAL,
2479.     IN PUNLOCK_ROUTINE              UnlockRoutine OPTIONAL
2480. );
2481.  
2482. NTKERNELAPI
2483. VOID
2484. NTAPI
2485. FsRtlInitializeOplock (
2486.     IN OUT POPLOCK Oplock
2487. );
2488.  
2489. NTKERNELAPI
2490. VOID
2491. NTAPI
2492. FsRtlInitializeTunnelCache (
2493.     IN PTUNNEL Cache
2494. );
2495.  
2496. NTKERNELAPI
2497. BOOLEAN
2498. NTAPI
2499. FsRtlIsNameInExpression (
2500.     IN PUNICODE_STRING  Expression,
2501.     IN PUNICODE_STRING  Name,
2502.     IN BOOLEAN          IgnoreCase,
2503.     IN PWCHAR           UpcaseTable OPTIONAL
2504. );
2505.  
2506. NTKERNELAPI
2507. BOOLEAN
2508. NTAPI
2509. FsRtlIsNtstatusExpected (
2510.     IN NTSTATUS Ntstatus
2511. );
2512.  
2513. #define FsRtlIsUnicodeCharacterWild(C) (                                    \
2514.     (((C) >= 0x40) ?                                                        \
2515.     FALSE :                                                                 \
2516.     FlagOn((*FsRtlLegalAnsiCharacterArray)[(C)], FSRTL_WILD_CHARACTER ))    \
2517. )
2518.  
2519. NTKERNELAPI
2520. BOOLEAN
2521. NTAPI
2522. FsRtlMdlReadComplete (
2523.     IN PFILE_OBJECT     FileObject,
2524.     IN PMDL             MdlChain
2525. );
2526.  
2527. NTKERNELAPI
2528. BOOLEAN
2529. NTAPI
2530. FsRtlMdlReadCompleteDev (
2531.     IN PFILE_OBJECT     FileObject,
2532.     IN PMDL             MdlChain,
2533.     IN PDEVICE_OBJECT   DeviceObject
2534. );
2535.  
2536. NTKERNELAPI
2537. BOOLEAN
2538. NTAPI
2539. FsRtlMdlWriteComplete (
2540.     IN PFILE_OBJECT     FileObject,
2541.     IN PLARGE_INTEGER   FileOffset,
2542.     IN PMDL             MdlChain
2543. );
2544.  
2545. NTKERNELAPI
2546. BOOLEAN
2547. NTAPI
2548. FsRtlMdlWriteCompleteDev (
2549.     IN PFILE_OBJECT     FileObject,
2550.     IN PLARGE_INTEGER   FileOffset,
2551.     IN PMDL             MdlChain,
2552.     IN PDEVICE_OBJECT   DeviceObject
2553. );
2554.  
2555. NTKERNELAPI
2556. NTSTATUS
2557. NTAPI
2558. FsRtlNormalizeNtstatus (
2559.     IN NTSTATUS Exception,
2560.     IN NTSTATUS GenericException
2561. );
2562.  
2563. NTKERNELAPI
2564. VOID
2565. NTAPI
2566. FsRtlNotifyChangeDirectory (
2567.     IN PNOTIFY_SYNC NotifySync,
2568.     IN PVOID        FsContext,
2569.     IN PSTRING      FullDirectoryName,
2570.     IN PLIST_ENTRY  NotifyList,
2571.     IN BOOLEAN      WatchTree,
2572.     IN ULONG        CompletionFilter,
2573.     IN PIRP         NotifyIrp
2574. );
2575.  
2576. NTKERNELAPI
2577. VOID
2578. NTAPI
2579. FsRtlNotifyCleanup (
2580.     IN PNOTIFY_SYNC NotifySync,
2581.     IN PLIST_ENTRY  NotifyList,
2582.     IN PVOID        FsContext
2583. );
2584.  
2585. typedef BOOLEAN (*PCHECK_FOR_TRAVERSE_ACCESS) (
2586.     IN PVOID                        NotifyContext,
2587.     IN PVOID                        TargetContext,
2588.     IN PSECURITY_SUBJECT_CONTEXT    SubjectContext
2589. );
2590.  
2591. NTKERNELAPI
2592. VOID
2593. NTAPI
2594. FsRtlNotifyFullChangeDirectory (
2595.     IN PNOTIFY_SYNC                 NotifySync,
2596.     IN PLIST_ENTRY                  NotifyList,
2597.     IN PVOID                        FsContext,
2598.     IN PSTRING                      FullDirectoryName,
2599.     IN BOOLEAN                      WatchTree,
2600.     IN BOOLEAN                      IgnoreBuffer,
2601.     IN ULONG                        CompletionFilter,
2602.     IN PIRP                         NotifyIrp,
2603.     IN PCHECK_FOR_TRAVERSE_ACCESS   TraverseCallback OPTIONAL,
2604.     IN PSECURITY_SUBJECT_CONTEXT    SubjectContext OPTIONAL
2605. );
2606.  
2607. NTKERNELAPI
2608. VOID
2609. NTAPI
2610. FsRtlNotifyFullReportChange (
2611.     IN PNOTIFY_SYNC NotifySync,
2612.     IN PLIST_ENTRY  NotifyList,
2613.     IN PSTRING      FullTargetName,
2614.     IN USHORT       TargetNameOffset,
2615.     IN PSTRING      StreamName OPTIONAL,
2616.     IN PSTRING      NormalizedParentName OPTIONAL,
2617.     IN ULONG        FilterMatch,
2618.     IN ULONG        Action,
2619.     IN PVOID        TargetContext
2620. );
2621.  
2622. NTKERNELAPI
2623. VOID
2624. NTAPI
2625. FsRtlNotifyInitializeSync (
2626.     IN PNOTIFY_SYNC NotifySync
2627. );
2628.  
2629. NTKERNELAPI
2630. VOID
2631. NTAPI
2632. FsRtlNotifyReportChange (
2633.     IN PNOTIFY_SYNC NotifySync,
2634.     IN PLIST_ENTRY  NotifyList,
2635.     IN PSTRING      FullTargetName,
2636.     IN PUSHORT      FileNamePartLength,
2637.     IN ULONG        FilterMatch
2638. );
2639.  
2640. NTKERNELAPI
2641. VOID
2642. NTAPI
2643. FsRtlNotifyUninitializeSync (
2644.     IN PNOTIFY_SYNC NotifySync
2645. );
2646.  
2647. #if (VER_PRODUCTBUILD >= 2195)
2648.  
2649. NTKERNELAPI
2650. NTSTATUS
2651. NTAPI
2652. FsRtlNotifyVolumeEvent (
2653.     IN PFILE_OBJECT FileObject,
2654.     IN ULONG        EventCode
2655. );
2656.  
2657. #endif /* (VER_PRODUCTBUILD >= 2195) */
2658.  
2659. NTKERNELAPI
2660. NTSTATUS
2661. NTAPI
2662. FsRtlOplockFsctrl (
2663.     IN POPLOCK  Oplock,
2664.     IN PIRP     Irp,
2665.     IN ULONG    OpenCount
2666. );
2667.  
2668. NTKERNELAPI
2669. BOOLEAN
2670. NTAPI
2671. FsRtlOplockIsFastIoPossible (
2672.     IN POPLOCK Oplock
2673. );
2674.  
2675. /*
2676.   FsRtlPrivateLock:
2677.  
2678.   ret: IoStatus->Status: STATUS_PENDING, STATUS_LOCK_NOT_GRANTED
2679.  
2680.   Internals: 
2681.     -Calls IoCompleteRequest if Irp
2682.     -Uses exception handling / ExRaiseStatus with STATUS_INSUFFICIENT_RESOURCES
2683. */
2684. NTKERNELAPI
2685. BOOLEAN
2686. NTAPI
2687. FsRtlPrivateLock (
2688.     IN PFILE_LOCK           FileLock,
2689.     IN PFILE_OBJECT         FileObject,
2690.     IN PLARGE_INTEGER       FileOffset,
2691.     IN PLARGE_INTEGER       Length,
2692.     IN PEPROCESS            Process,
2693.     IN ULONG                Key,
2694.     IN BOOLEAN              FailImmediately, 
2695.     IN BOOLEAN              ExclusiveLock,
2696.     OUT PIO_STATUS_BLOCK    IoStatus, 
2697.     IN PIRP                 Irp OPTIONAL,
2698.     IN PVOID                Context,
2699.     IN BOOLEAN              AlreadySynchronized
2700. );
2701.  
2702. /*
2703.   FsRtlProcessFileLock:
2704.  
2705.   ret:
2706.     -STATUS_INVALID_DEVICE_REQUEST
2707.     -STATUS_RANGE_NOT_LOCKED from unlock routines.
2708.     -STATUS_PENDING, STATUS_LOCK_NOT_GRANTED from FsRtlPrivateLock
2709.     (redirected IoStatus->Status).
2710.  
2711.   Internals: 
2712.     -switch ( Irp->CurrentStackLocation->MinorFunction )
2713.         lock: return FsRtlPrivateLock;
2714.         unlocksingle: return FsRtlFastUnlockSingle;
2715.         unlockall: return FsRtlFastUnlockAll;
2716.         unlockallbykey: return FsRtlFastUnlockAllByKey;
2717.         default: IofCompleteRequest with STATUS_INVALID_DEVICE_REQUEST;
2718.                  return STATUS_INVALID_DEVICE_REQUEST;
2719.  
2720.     -'AllwaysZero' is passed thru as 'AllwaysZero' to lock / unlock routines.
2721.     -'Irp' is passet thru as 'Irp' to FsRtlPrivateLock.
2722. */
2723. NTKERNELAPI
2724. NTSTATUS
2725. NTAPI
2726. FsRtlProcessFileLock (
2727.     IN PFILE_LOCK   FileLock,
2728.     IN PIRP         Irp,
2729.     IN PVOID        Context OPTIONAL
2730. );
2731.  
2732. NTKERNELAPI
2733. NTSTATUS
2734. NTAPI
2735. FsRtlRegisterUncProvider (
2736.     IN OUT PHANDLE      MupHandle,
2737.     IN PUNICODE_STRING  RedirectorDeviceName,
2738.     IN BOOLEAN          MailslotsSupported
2739. );
2740.  
2741. NTKERNELAPI
2742. VOID
2743. NTAPI
2744. FsRtlUninitializeFileLock (
2745.     IN PFILE_LOCK FileLock
2746. );
2747.  
2748. NTKERNELAPI
2749. VOID
2750. NTAPI
2751. FsRtlUninitializeOplock (
2752.     IN OUT POPLOCK Oplock
2753. );
2754.  
2755. NTSYSAPI
2756. VOID
2757. NTAPI
2758. HalDisplayString (
2759.     IN PCHAR String
2760. );
2761.  
2762. NTSYSAPI
2763. VOID
2764. NTAPI
2765. HalQueryRealTimeClock (
2766.     IN OUT PTIME_FIELDS TimeFields
2767. );
2768.  
2769. NTSYSAPI
2770. VOID
2771. NTAPI
2772. HalSetRealTimeClock (
2773.     IN PTIME_FIELDS TimeFields
2774. );
2775.  
2776. #define InitializeMessageHeader(m, l, t) {                  \
2777.     (m)->Length = (USHORT)(l);                              \
2778.     (m)->DataLength = (USHORT)(l - sizeof( LPC_MESSAGE ));  \
2779.     (m)->MessageType = (USHORT)(t);                         \
2780.     (m)->DataInfoOffset = 0;                                \
2781. }
2782.  
2783. NTKERNELAPI
2784. VOID
2785. NTAPI
2786. IoAcquireVpbSpinLock (
2787.     OUT PKIRQL Irql
2788. );
2789.  
2790. NTKERNELAPI
2791. NTSTATUS
2792. NTAPI
2793. IoCheckDesiredAccess (
2794.     IN OUT PACCESS_MASK DesiredAccess,
2795.     IN ACCESS_MASK      GrantedAccess
2796. );
2797.  
2798. NTKERNELAPI
2799. NTSTATUS
2800. NTAPI
2801. IoCheckEaBufferValidity (
2802.     IN PFILE_FULL_EA_INFORMATION    EaBuffer,
2803.     IN ULONG                        EaLength,
2804.     OUT PULONG                      ErrorOffset
2805. );
2806.  
2807. NTKERNELAPI
2808. NTSTATUS
2809. NTAPI
2810. IoCheckFunctionAccess (
2811.     IN ACCESS_MASK              GrantedAccess,
2812.     IN UCHAR                    MajorFunction,
2813.     IN UCHAR                    MinorFunction,
2814.     IN ULONG                    IoControlCode,
2815.     IN PFILE_INFORMATION_CLASS  FileInformationClass OPTIONAL,
2816.     IN PFS_INFORMATION_CLASS    FsInformationClass OPTIONAL
2817. );
2818.  
2819. #if (VER_PRODUCTBUILD >= 2195)
2820.  
2821. NTKERNELAPI
2822. NTSTATUS
2823. NTAPI
2824. IoCheckQuotaBufferValidity (
2825.     IN PFILE_QUOTA_INFORMATION  QuotaBuffer,
2826.     IN ULONG                    QuotaLength,
2827.     OUT PULONG                  ErrorOffset
2828. );
2829.  
2830. #endif /* (VER_PRODUCTBUILD >= 2195) */
2831.  
2832. NTKERNELAPI
2833. PFILE_OBJECT
2834. NTAPI
2835. IoCreateStreamFileObject (
2836.     IN PFILE_OBJECT     FileObject OPTIONAL,
2837.     IN PDEVICE_OBJECT   DeviceObject OPTIONAL
2838. );
2839.  
2840. #if (VER_PRODUCTBUILD >= 2195)
2841.  
2842. NTKERNELAPI
2843. PFILE_OBJECT
2844. NTAPI
2845. IoCreateStreamFileObjectLite (
2846.     IN PFILE_OBJECT     FileObject OPTIONAL,
2847.     IN PDEVICE_OBJECT   DeviceObject OPTIONAL
2848. );
2849.  
2850. #endif /* (VER_PRODUCTBUILD >= 2195) */
2851.  
2852. NTKERNELAPI
2853. BOOLEAN
2854. NTAPI
2855. IoFastQueryNetworkAttributes (
2856.     IN POBJECT_ATTRIBUTES               ObjectAttributes,
2857.     IN ACCESS_MASK                      DesiredAccess,
2858.     IN ULONG                            OpenOptions,
2859.     OUT PIO_STATUS_BLOCK                IoStatus,
2860.     OUT PFILE_NETWORK_OPEN_INFORMATION  Buffer
2861. );
2862.  
2863. NTKERNELAPI
2864. PDEVICE_OBJECT
2865. NTAPI
2866. IoGetAttachedDevice (
2867.     IN PDEVICE_OBJECT DeviceObject
2868. );
2869.  
2870. NTKERNELAPI
2871. PDEVICE_OBJECT
2872. NTAPI
2873. IoGetBaseFileSystemDeviceObject (
2874.     IN PFILE_OBJECT FileObject
2875. );
2876.  
2877. NTKERNELAPI
2878. PEPROCESS
2879. NTAPI
2880. IoGetRequestorProcess (
2881.     IN PIRP Irp
2882. );
2883.  
2884. #if (VER_PRODUCTBUILD >= 2195)
2885.  
2886. NTKERNELAPI
2887. ULONG
2888. NTAPI
2889. IoGetRequestorProcessId (
2890.     IN PIRP Irp
2891. );
2892.  
2893. #endif /* (VER_PRODUCTBUILD >= 2195) */
2894.  
2895. NTKERNELAPI
2896. PIRP
2897. NTAPI
2898. IoGetTopLevelIrp (
2899.     VOID
2900. );
2901.  
2902. #define IoIsFileOpenedExclusively(FileObject) ( \
2903.     (BOOLEAN) !(                                \
2904.     (FileObject)->SharedRead ||                 \
2905.     (FileObject)->SharedWrite ||                \
2906.     (FileObject)->SharedDelete                  \
2907.     )                                           \
2908. )
2909.  
2910. NTKERNELAPI
2911. BOOLEAN
2912. NTAPI
2913. IoIsOperationSynchronous (
2914.     IN PIRP Irp
2915. );
2916.  
2917. NTKERNELAPI
2918. BOOLEAN
2919. NTAPI
2920. IoIsSystemThread (
2921.     IN PETHREAD Thread
2922. );
2923.  
2924. #if (VER_PRODUCTBUILD >= 2195)
2925.  
2926. NTKERNELAPI
2927. BOOLEAN
2928. NTAPI
2929. IoIsValidNameGraftingBuffer (
2930.     IN PIRP                 Irp,
2931.     IN PREPARSE_DATA_BUFFER ReparseBuffer
2932. );
2933.  
2934. #endif /* (VER_PRODUCTBUILD >= 2195) */
2935.  
2936. NTKERNELAPI
2937. NTSTATUS
2938. NTAPI
2939. IoPageRead (
2940.     IN PFILE_OBJECT         FileObject,
2941.     IN PMDL                 Mdl,
2942.     IN PLARGE_INTEGER       Offset,
2943.     IN PKEVENT              Event,
2944.     OUT PIO_STATUS_BLOCK    IoStatusBlock
2945. );
2946.  
2947. NTKERNELAPI
2948. NTSTATUS
2949. NTAPI
2950. IoQueryFileInformation (
2951.     IN PFILE_OBJECT             FileObject,
2952.     IN FILE_INFORMATION_CLASS   FileInformationClass,
2953.     IN ULONG                    Length,
2954.     OUT PVOID                   FileInformation,
2955.     OUT PULONG                  ReturnedLength
2956. );
2957.  
2958. NTKERNELAPI
2959. NTSTATUS
2960. NTAPI
2961. IoQueryVolumeInformation (
2962.     IN PFILE_OBJECT         FileObject,
2963.     IN FS_INFORMATION_CLASS FsInformationClass,
2964.     IN ULONG                Length,
2965.     OUT PVOID               FsInformation,
2966.     OUT PULONG              ReturnedLength
2967. );
2968.  
2969. NTKERNELAPI
2970. VOID
2971. NTAPI
2972. IoRegisterFileSystem (
2973.     IN OUT PDEVICE_OBJECT DeviceObject
2974. );
2975.  
2976. #if (VER_PRODUCTBUILD >= 1381)
2977.  
2978. typedef VOID (NTAPI *PDRIVER_FS_NOTIFICATION) (
2979.     IN PDEVICE_OBJECT DeviceObject,
2980.     IN BOOLEAN        DriverActive
2981. );
2982.  
2983. NTKERNELAPI
2984. NTSTATUS
2985. NTAPI
2986. IoRegisterFsRegistrationChange (
2987.     IN PDRIVER_OBJECT           DriverObject,
2988.     IN PDRIVER_FS_NOTIFICATION  DriverNotificationRoutine
2989. );
2990.  
2991. #endif /* (VER_PRODUCTBUILD >= 1381) */
2992.  
2993. NTKERNELAPI
2994. VOID
2995. NTAPI
2996. IoReleaseVpbSpinLock (
2997.     IN KIRQL Irql
2998. );
2999.  
3000. NTKERNELAPI
3001. VOID
3002. NTAPI
3003. IoSetDeviceToVerify (
3004.     IN PETHREAD         Thread,
3005.     IN PDEVICE_OBJECT   DeviceObject
3006. );
3007.  
3008. NTKERNELAPI
3009. NTSTATUS
3010. NTAPI
3011. IoSetInformation (
3012.     IN PFILE_OBJECT             FileObject,
3013.     IN FILE_INFORMATION_CLASS   FileInformationClass,
3014.     IN ULONG                    Length,
3015.     IN PVOID                    FileInformation
3016. );
3017.  
3018. NTKERNELAPI
3019. VOID
3020. NTAPI
3021. IoSetTopLevelIrp (
3022.     IN PIRP Irp
3023. );
3024.  
3025. NTKERNELAPI
3026. NTSTATUS
3027. NTAPI
3028. IoSynchronousPageWrite (
3029.     IN PFILE_OBJECT         FileObject,
3030.     IN PMDL                 Mdl,
3031.     IN PLARGE_INTEGER       FileOffset,
3032.     IN PKEVENT              Event,
3033.     OUT PIO_STATUS_BLOCK    IoStatusBlock
3034. );
3035.  
3036. NTKERNELAPI
3037. PEPROCESS
3038. NTAPI
3039. IoThreadToProcess (
3040.     IN PETHREAD Thread
3041. );
3042.  
3043. NTKERNELAPI
3044. VOID
3045. NTAPI
3046. IoUnregisterFileSystem (
3047.     IN OUT PDEVICE_OBJECT DeviceObject
3048. );
3049.  
3050. #if (VER_PRODUCTBUILD >= 1381)
3051.  
3052. NTKERNELAPI
3053. NTSTATUS
3054. NTAPI
3055. IoUnregisterFsRegistrationChange (
3056.     IN PDRIVER_OBJECT           DriverObject,
3057.     IN PDRIVER_FS_NOTIFICATION  DriverNotificationRoutine
3058. );
3059.  
3060. #endif /* (VER_PRODUCTBUILD >= 1381) */
3061.  
3062. NTKERNELAPI
3063. NTSTATUS
3064. NTAPI
3065. IoVerifyVolume (
3066.     IN PDEVICE_OBJECT   DeviceObject,
3067.     IN BOOLEAN          AllowRawMount
3068. );
3069.  
3070. NTKERNELAPI
3071. VOID
3072. NTAPI
3073. KeAttachProcess (
3074.     IN PEPROCESS Process
3075. );
3076.  
3077. NTKERNELAPI
3078. VOID
3079. NTAPI
3080. KeDetachProcess (
3081.     VOID
3082. );
3083.  
3084. NTKERNELAPI
3085. VOID
3086. NTAPI
3087. KeInitializeQueue (
3088.     IN PRKQUEUE Queue,
3089.     IN ULONG    Count OPTIONAL
3090. );
3091.  
3092. NTKERNELAPI
3093. LONG
3094. NTAPI
3095. KeInsertHeadQueue (
3096.     IN PRKQUEUE     Queue,
3097.     IN PLIST_ENTRY  Entry
3098. );
3099.  
3100. NTKERNELAPI
3101. LONG
3102. NTAPI
3103. KeInsertQueue (
3104.     IN PRKQUEUE     Queue,
3105.     IN PLIST_ENTRY  Entry
3106. );
3107.  
3108. NTKERNELAPI
3109. BOOLEAN
3110. NTAPI
3111. KeInsertQueueApc (
3112.     IN PKAPC      Apc,
3113.     IN PVOID      SystemArgument1,
3114.     IN PVOID      SystemArgument2,
3115.     IN KPRIORITY  PriorityBoost
3116. );
3117.  
3118. NTKERNELAPI
3119. LONG
3120. NTAPI
3121. KeReadStateQueue (
3122.     IN PRKQUEUE Queue
3123. );
3124.  
3125. NTKERNELAPI
3126. PLIST_ENTRY
3127. NTAPI
3128. KeRemoveQueue (
3129.     IN PRKQUEUE         Queue,
3130.     IN KPROCESSOR_MODE  WaitMode,
3131.     IN PLARGE_INTEGER   Timeout OPTIONAL
3132. );
3133.  
3134. NTKERNELAPI
3135. PLIST_ENTRY
3136. NTAPI
3137. KeRundownQueue (
3138.     IN PRKQUEUE Queue
3139. );
3140.  
3141. #if (VER_PRODUCTBUILD >= 2195)
3142.  
3143. NTKERNELAPI
3144. VOID
3145. NTAPI
3146. KeStackAttachProcess (
3147.     IN PKPROCESS    Process,
3148.     OUT PKAPC_STATE ApcState
3149. );
3150.  
3151. NTKERNELAPI
3152. VOID
3153. NTAPI
3154. KeUnstackDetachProcess (
3155.     IN PKAPC_STATE ApcState
3156. );
3157.  
3158. #endif /* (VER_PRODUCTBUILD >= 2195) */
3159.  
3160. NTKERNELAPI
3161. BOOLEAN
3162. NTAPI
3163. MmCanFileBeTruncated (
3164.     IN PSECTION_OBJECT_POINTERS     SectionObjectPointer,
3165.     IN PLARGE_INTEGER               NewFileSize
3166. );
3167.  
3168. NTKERNELAPI
3169. BOOLEAN
3170. NTAPI
3171. MmFlushImageSection (
3172.     IN PSECTION_OBJECT_POINTERS     SectionObjectPointer,
3173.     IN MMFLUSH_TYPE                 FlushType
3174. );
3175.  
3176. NTKERNELAPI
3177. BOOLEAN
3178. NTAPI
3179. MmForceSectionClosed (
3180.     IN PSECTION_OBJECT_POINTERS SectionObjectPointer,
3181.     IN BOOLEAN                  DelayClose
3182. );
3183.  
3184. #if (VER_PRODUCTBUILD >= 1381)
3185.  
3186. NTKERNELAPI
3187. BOOLEAN
3188. NTAPI
3189. MmIsRecursiveIoFault (
3190.     VOID
3191. );
3192.  
3193. #else
3194.  
3195. #define MmIsRecursiveIoFault() (                            \
3196.     (PsGetCurrentThread()->DisablePageFaultClustering) |    \
3197.     (PsGetCurrentThread()->ForwardClusterOnly)              \
3198. )
3199.  
3200. #endif
3201.  
3202. NTKERNELAPI
3203. NTSTATUS
3204. NTAPI
3205. MmMapViewOfSection (
3206.     IN PVOID                SectionObject,
3207.     IN PEPROCESS            Process,
3208.     IN OUT PVOID            *BaseAddress,
3209.     IN ULONG                ZeroBits,
3210.     IN ULONG                CommitSize,
3211.     IN OUT PLARGE_INTEGER   SectionOffset OPTIONAL,
3212.     IN OUT PULONG           ViewSize,
3213.     IN SECTION_INHERIT      InheritDisposition,
3214.     IN ULONG                AllocationType,
3215.     IN ULONG                Protect
3216. );
3217.  
3218. NTKERNELAPI
3219. BOOLEAN
3220. NTAPI
3221. MmSetAddressRangeModified (
3222.     IN PVOID    Address,
3223.     IN ULONG    Length
3224. );
3225.  
3226. NTKERNELAPI
3227. NTSTATUS
3228. NTAPI
3229. ObCreateObject (
3230.     IN KPROCESSOR_MODE      ObjectAttributesAccessMode OPTIONAL,
3231.     IN POBJECT_TYPE         ObjectType,
3232.     IN POBJECT_ATTRIBUTES   ObjectAttributes OPTIONAL,
3233.     IN KPROCESSOR_MODE      AccessMode,
3234.     IN OUT PVOID            ParseContext OPTIONAL,
3235.     IN ULONG                ObjectSize,
3236.     IN ULONG                PagedPoolCharge OPTIONAL,
3237.     IN ULONG                NonPagedPoolCharge OPTIONAL,
3238.     OUT PVOID               *Object
3239. );
3240.  
3241. NTKERNELAPI
3242. ULONG
3243. NTAPI
3244. ObGetObjectPointerCount (
3245.     IN PVOID Object
3246. );
3247.  
3248. NTKERNELAPI
3249. NTSTATUS
3250. NTAPI
3251. ObInsertObject (
3252.     IN PVOID            Object,
3253.     IN PACCESS_STATE    PassedAccessState OPTIONAL,
3254.     IN ACCESS_MASK      DesiredAccess,
3255.     IN ULONG            AdditionalReferences,
3256.     OUT PVOID           *ReferencedObject OPTIONAL,
3257.     OUT PHANDLE         Handle
3258. );
3259.  
3260. NTKERNELAPI
3261. VOID
3262. NTAPI
3263. ObMakeTemporaryObject (
3264.     IN PVOID Object
3265. );
3266.  
3267. NTKERNELAPI
3268. NTSTATUS
3269. NTAPI
3270. ObOpenObjectByPointer (
3271.     IN PVOID            Object,
3272.     IN ULONG            HandleAttributes,
3273.     IN PACCESS_STATE    PassedAccessState OPTIONAL,
3274.     IN ACCESS_MASK      DesiredAccess OPTIONAL,
3275.     IN POBJECT_TYPE     ObjectType OPTIONAL,
3276.     IN KPROCESSOR_MODE  AccessMode,
3277.     OUT PHANDLE         Handle
3278. );
3279.  
3280. NTKERNELAPI
3281. NTSTATUS
3282. NTAPI
3283. ObQueryNameString (
3284.     IN PVOID                        Object,
3285.     OUT POBJECT_NAME_INFORMATION    ObjectNameInfo,
3286.     IN ULONG                        Length,
3287.     OUT PULONG                      ReturnLength
3288. );
3289.  
3290. NTKERNELAPI
3291. NTSTATUS
3292. NTAPI
3293. ObQueryObjectAuditingByHandle (
3294.     IN HANDLE       Handle,
3295.     OUT PBOOLEAN    GenerateOnClose
3296. );
3297.  
3298. NTKERNELAPI
3299. NTSTATUS
3300. NTAPI
3301. ObReferenceObjectByName (
3302.     IN PUNICODE_STRING  ObjectName,
3303.     IN ULONG            Attributes,
3304.     IN PACCESS_STATE    PassedAccessState OPTIONAL,
3305.     IN ACCESS_MASK      DesiredAccess OPTIONAL,
3306.     IN POBJECT_TYPE     ObjectType,
3307.     IN KPROCESSOR_MODE  AccessMode,
3308.     IN OUT PVOID        ParseContext OPTIONAL,
3309.     OUT PVOID           *Object
3310. );
3311.  
3312. NTKERNELAPI
3313. VOID
3314. NTAPI
3315. PsChargePoolQuota (
3316.     IN PEPROCESS    Process,
3317.     IN POOL_TYPE    PoolType,
3318.     IN ULONG        Amount
3319. );
3320.  
3321. #define PsDereferenceImpersonationToken(T)  \
3322.             {if (ARGUMENT_PRESENT(T)) {     \
3323.                 (ObDereferenceObject((T))); \
3324.             } else {                        \
3325.                 ;                           \
3326.             }                               \
3327. }
3328.  
3329. #define PsDereferencePrimaryToken(T) (ObDereferenceObject((T)))
3330.  
3331. NTKERNELAPI
3332. ULONGLONG
3333. NTAPI
3334. PsGetProcessExitTime (
3335.     VOID
3336. );
3337.  
3338. NTKERNELAPI
3339. BOOLEAN
3340. NTAPI
3341. PsIsThreadTerminating (
3342.     IN PETHREAD Thread
3343. );
3344.  
3345. NTKERNELAPI
3346. NTSTATUS
3347. NTAPI
3348. PsLookupProcessByProcessId (
3349.     IN PVOID        ProcessId,
3350.     OUT PEPROCESS   *Process
3351. );
3352.  
3353. NTKERNELAPI
3354. NTSTATUS
3355. NTAPI
3356. PsLookupProcessThreadByCid (
3357.     IN PCLIENT_ID   Cid,
3358.     OUT PEPROCESS   *Process OPTIONAL,
3359.     OUT PETHREAD    *Thread
3360. );
3361.  
3362. NTKERNELAPI
3363. NTSTATUS
3364. NTAPI
3365. PsLookupThreadByThreadId (
3366.     IN PVOID        UniqueThreadId,
3367.     OUT PETHREAD    *Thread
3368. );
3369.  
3370. NTKERNELAPI
3371. PACCESS_TOKEN
3372. NTAPI
3373. PsReferenceImpersonationToken (
3374.     IN PETHREAD                         Thread,
3375.     OUT PBOOLEAN                        CopyOnUse,
3376.     OUT PBOOLEAN                        EffectiveOnly,
3377.     OUT PSECURITY_IMPERSONATION_LEVEL   Level
3378. );
3379.  
3380. NTKERNELAPI
3381. HANDLE
3382. NTAPI
3383. PsReferencePrimaryToken (
3384.     IN PEPROCESS Process
3385. );
3386.  
3387. NTKERNELAPI
3388. VOID
3389. NTAPI
3390. PsReturnPoolQuota (
3391.     IN PEPROCESS    Process,
3392.     IN POOL_TYPE    PoolType,
3393.     IN ULONG        Amount
3394. );
3395.  
3396. NTKERNELAPI
3397. VOID
3398. NTAPI
3399. PsRevertToSelf (
3400.     VOID
3401. );
3402.  
3403. NTSYSAPI
3404. NTSTATUS
3405. NTAPI
3406. RtlAbsoluteToSelfRelativeSD (
3407.     IN PSECURITY_DESCRIPTOR     AbsoluteSecurityDescriptor,
3408.     IN OUT PSECURITY_DESCRIPTOR SelfRelativeSecurityDescriptor,
3409.     IN PULONG                   BufferLength
3410. );
3411.  
3412. NTSYSAPI
3413. PVOID
3414. NTAPI
3415. RtlAllocateHeap (
3416.     IN HANDLE  HeapHandle,
3417.     IN ULONG   Flags,
3418.     IN ULONG   Size
3419. );
3420.  
3421. NTSYSAPI
3422. NTSTATUS
3423. NTAPI
3424. RtlCompressBuffer (
3425.     IN USHORT   CompressionFormatAndEngine,
3426.     IN PUCHAR   UncompressedBuffer,
3427.     IN ULONG    UncompressedBufferSize,
3428.     OUT PUCHAR  CompressedBuffer,
3429.     IN ULONG    CompressedBufferSize,
3430.     IN ULONG    UncompressedChunkSize,
3431.     OUT PULONG  FinalCompressedSize,
3432.     IN PVOID    WorkSpace
3433. );
3434.  
3435. NTSYSAPI
3436. NTSTATUS
3437. NTAPI
3438. RtlCompressChunks (
3439.     IN PUCHAR                       UncompressedBuffer,
3440.     IN ULONG                        UncompressedBufferSize,
3441.     OUT PUCHAR                      CompressedBuffer,
3442.     IN ULONG                        CompressedBufferSize,
3443.     IN OUT PCOMPRESSED_DATA_INFO    CompressedDataInfo,
3444.     IN ULONG                        CompressedDataInfoLength,
3445.     IN PVOID                        WorkSpace
3446. );
3447.  
3448. NTSYSAPI
3449. NTSTATUS
3450. NTAPI
3451. RtlConvertSidToUnicodeString (
3452.     OUT PUNICODE_STRING DestinationString,
3453.     IN PSID             Sid,
3454.     IN BOOLEAN          AllocateDestinationString
3455. );
3456.  
3457. NTSYSAPI
3458. NTSTATUS
3459. NTAPI
3460. RtlCopySid (
3461.     IN ULONG   Length,
3462.     IN PSID    Destination,
3463.     IN PSID    Source
3464. );
3465.  
3466. NTSYSAPI
3467. NTSTATUS
3468. NTAPI
3469. RtlDecompressBuffer (
3470.     IN USHORT   CompressionFormat,
3471.     OUT PUCHAR  UncompressedBuffer,
3472.     IN ULONG    UncompressedBufferSize,
3473.     IN PUCHAR   CompressedBuffer,
3474.     IN ULONG    CompressedBufferSize,
3475.     OUT PULONG  FinalUncompressedSize
3476. );
3477.  
3478. NTSYSAPI
3479. NTSTATUS
3480. NTAPI
3481. RtlDecompressChunks (
3482.     OUT PUCHAR                  UncompressedBuffer,
3483.     IN ULONG                    UncompressedBufferSize,
3484.     IN PUCHAR                   CompressedBuffer,
3485.     IN ULONG                    CompressedBufferSize,
3486.     IN PUCHAR                   CompressedTail,
3487.     IN ULONG                    CompressedTailSize,
3488.     IN PCOMPRESSED_DATA_INFO    CompressedDataInfo
3489. );
3490.  
3491. NTSYSAPI
3492. NTSTATUS
3493. NTAPI
3494. RtlDecompressFragment (
3495.     IN USHORT   CompressionFormat,
3496.     OUT PUCHAR  UncompressedFragment,
3497.     IN ULONG    UncompressedFragmentSize,
3498.     IN PUCHAR   CompressedBuffer,
3499.     IN ULONG    CompressedBufferSize,
3500.     IN ULONG    FragmentOffset,
3501.     OUT PULONG  FinalUncompressedSize,
3502.     IN PVOID    WorkSpace
3503. );
3504.  
3505. NTSYSAPI
3506. NTSTATUS
3507. NTAPI
3508. RtlDescribeChunk (
3509.     IN USHORT       CompressionFormat,
3510.     IN OUT PUCHAR   *CompressedBuffer,
3511.     IN PUCHAR       EndOfCompressedBufferPlus1,
3512.     OUT PUCHAR      *ChunkBuffer,
3513.     OUT PULONG      ChunkSize
3514. );
3515.  
3516. NTSYSAPI
3517. BOOLEAN
3518. NTAPI
3519. RtlEqualSid (
3520.     IN PSID Sid1,
3521.     IN PSID Sid2
3522. );
3523.  
3524. NTSYSAPI
3525. VOID
3526. NTAPI
3527. RtlFillMemoryUlong (
3528.     IN PVOID    Destination,
3529.     IN ULONG    Length,
3530.     IN ULONG    Fill
3531. );
3532.  
3533. NTSYSAPI
3534. BOOLEAN
3535. NTAPI
3536. RtlFreeHeap (
3537.     IN HANDLE  HeapHandle,
3538.     IN ULONG   Flags,
3539.     IN PVOID   P
3540. );
3541.  
3542. NTSYSAPI
3543. VOID
3544. NTAPI
3545. RtlGenerate8dot3Name (
3546.     IN PUNICODE_STRING              Name,
3547.     IN BOOLEAN                      AllowExtendedCharacters,
3548.     IN OUT PGENERATE_NAME_CONTEXT   Context,
3549.     OUT PUNICODE_STRING             Name8dot3
3550. );
3551.  
3552. NTSYSAPI
3553. NTSTATUS
3554. NTAPI
3555. RtlGetCompressionWorkSpaceSize (
3556.     IN USHORT   CompressionFormatAndEngine,
3557.     OUT PULONG  CompressBufferWorkSpaceSize,
3558.     OUT PULONG  CompressFragmentWorkSpaceSize
3559. );
3560.  
3561. NTSYSAPI
3562. NTSTATUS
3563. NTAPI
3564. RtlGetDaclSecurityDescriptor (
3565.     IN PSECURITY_DESCRIPTOR SecurityDescriptor,
3566.     OUT PBOOLEAN            DaclPresent,
3567.     OUT PACL                *Dacl,
3568.     OUT PBOOLEAN            DaclDefaulted
3569. );
3570.  
3571. NTSYSAPI
3572. NTSTATUS
3573. NTAPI
3574. RtlGetGroupSecurityDescriptor (
3575.     IN PSECURITY_DESCRIPTOR SecurityDescriptor,
3576.     OUT PSID                *Group,
3577.     OUT PBOOLEAN            GroupDefaulted
3578. );
3579.  
3580. NTSYSAPI
3581. NTSTATUS
3582. NTAPI
3583. RtlGetOwnerSecurityDescriptor (
3584.     IN PSECURITY_DESCRIPTOR SecurityDescriptor,
3585.     OUT PSID                *Owner,
3586.     OUT PBOOLEAN            OwnerDefaulted
3587. );
3588.  
3589. NTSYSAPI
3590. NTSTATUS
3591. NTAPI
3592. RtlInitializeSid (
3593.     IN OUT PSID                     Sid,
3594.     IN PSID_IDENTIFIER_AUTHORITY    IdentifierAuthority,
3595.     IN UCHAR                        SubAuthorityCount
3596. );
3597.  
3598. NTSYSAPI
3599. BOOLEAN
3600. NTAPI
3601. RtlIsNameLegalDOS8Dot3 (
3602.     IN PUNICODE_STRING UnicodeName,
3603.     IN PANSI_STRING    AnsiName,
3604.     PBOOLEAN           Unknown
3605. );
3606.  
3607. NTSYSAPI
3608. ULONG
3609. NTAPI
3610. RtlLengthRequiredSid (
3611.     IN UCHAR SubAuthorityCount
3612. );
3613.  
3614. NTSYSAPI
3615. ULONG
3616. NTAPI
3617. RtlLengthSid (
3618.     IN PSID Sid
3619. );
3620.  
3621. NTSYSAPI
3622. ULONG
3623. NTAPI
3624. RtlNtStatusToDosError (
3625.     IN NTSTATUS Status
3626. );
3627.  
3628. NTSYSAPI
3629. NTSTATUS
3630. NTAPI
3631. RtlReserveChunk (
3632.     IN USHORT       CompressionFormat,
3633.     IN OUT PUCHAR   *CompressedBuffer,
3634.     IN PUCHAR       EndOfCompressedBufferPlus1,
3635.     OUT PUCHAR      *ChunkBuffer,
3636.     IN ULONG        ChunkSize
3637. );
3638.  
3639. NTSYSAPI
3640. VOID
3641. NTAPI
3642. RtlSecondsSince1970ToTime (
3643.     IN ULONG            SecondsSince1970,
3644.     OUT PLARGE_INTEGER  Time
3645. );
3646.  
3647. #if (VER_PRODUCTBUILD >= 2195)
3648.  
3649. NTSYSAPI
3650. NTSTATUS
3651. NTAPI
3652. RtlSelfRelativeToAbsoluteSD (
3653.     IN PSECURITY_DESCRIPTOR     SelfRelativeSD,
3654.     OUT PSECURITY_DESCRIPTOR    AbsoluteSD,
3655.     IN PULONG                   AbsoluteSDSize,
3656.     IN PACL                     Dacl,
3657.     IN PULONG                   DaclSize,
3658.     IN PACL                     Sacl,
3659.     IN PULONG                   SaclSize,
3660.     IN PSID                     Owner,
3661.     IN PULONG                   OwnerSize,
3662.     IN PSID                     PrimaryGroup,
3663.     IN PULONG                   PrimaryGroupSize
3664. );
3665.  
3666. #endif /* (VER_PRODUCTBUILD >= 2195) */
3667.  
3668. NTSYSAPI
3669. NTSTATUS
3670. NTAPI
3671. RtlSetGroupSecurityDescriptor (
3672.     IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor,
3673.     IN PSID                     Group,
3674.     IN BOOLEAN                  GroupDefaulted
3675. );
3676.  
3677. NTSYSAPI
3678. NTSTATUS
3679. NTAPI
3680. RtlSetOwnerSecurityDescriptor (
3681.     IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor,
3682.     IN PSID                     Owner,
3683.     IN BOOLEAN                  OwnerDefaulted
3684. );
3685.  
3686. NTSYSAPI
3687. NTSTATUS
3688. NTAPI
3689. RtlSetSaclSecurityDescriptor (
3690.     IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor,
3691.     IN BOOLEAN                  SaclPresent,
3692.     IN PACL                     Sacl,
3693.     IN BOOLEAN                  SaclDefaulted
3694. );
3695.  
3696. NTSYSAPI
3697. PUCHAR
3698. NTAPI
3699. RtlSubAuthorityCountSid (
3700.     IN PSID Sid
3701. );
3702.  
3703. NTSYSAPI
3704. PULONG
3705. NTAPI
3706. RtlSubAuthoritySid (
3707.     IN PSID    Sid,
3708.     IN ULONG   SubAuthority
3709. );
3710.  
3711. NTSYSAPI
3712. BOOLEAN
3713. NTAPI
3714. RtlValidSid (
3715.     IN PSID Sid
3716. );
3717.  
3718. NTKERNELAPI
3719. NTSTATUS
3720. NTAPI
3721. SeAppendPrivileges (
3722.     PACCESS_STATE   AccessState,
3723.     PPRIVILEGE_SET  Privileges
3724. );
3725.  
3726. NTKERNELAPI
3727. BOOLEAN
3728. NTAPI
3729. SeAuditingFileEvents (
3730.     IN BOOLEAN              AccessGranted,
3731.     IN PSECURITY_DESCRIPTOR SecurityDescriptor
3732. );
3733.  
3734. NTKERNELAPI
3735. BOOLEAN
3736. NTAPI
3737. SeAuditingFileOrGlobalEvents (
3738.     IN BOOLEAN                      AccessGranted,
3739.     IN PSECURITY_DESCRIPTOR         SecurityDescriptor,
3740.     IN PSECURITY_SUBJECT_CONTEXT    SubjectContext
3741. );
3742.  
3743. NTKERNELAPI
3744. VOID
3745. NTAPI
3746. SeCaptureSubjectContext (
3747.     OUT PSECURITY_SUBJECT_CONTEXT SubjectContext
3748. );
3749.  
3750. NTKERNELAPI
3751. NTSTATUS
3752. NTAPI
3753. SeCreateAccessState (
3754.     OUT PACCESS_STATE   AccessState,
3755.     IN PVOID            AuxData,
3756.     IN ACCESS_MASK      AccessMask,
3757.     IN PGENERIC_MAPPING Mapping
3758. );
3759.  
3760. NTKERNELAPI
3761. NTSTATUS
3762. NTAPI
3763. SeCreateClientSecurity (
3764.     IN PETHREAD                     Thread,
3765.     IN PSECURITY_QUALITY_OF_SERVICE QualityOfService,
3766.     IN BOOLEAN                      RemoteClient,
3767.     OUT PSECURITY_CLIENT_CONTEXT    ClientContext
3768. );
3769.  
3770. #if (VER_PRODUCTBUILD >= 2195)
3771.  
3772. NTKERNELAPI
3773. NTSTATUS
3774. NTAPI
3775. SeCreateClientSecurityFromSubjectContext (
3776.     IN PSECURITY_SUBJECT_CONTEXT    SubjectContext,
3777.     IN PSECURITY_QUALITY_OF_SERVICE QualityOfService,
3778.     IN BOOLEAN                      ServerIsRemote,
3779.     OUT PSECURITY_CLIENT_CONTEXT    ClientContext
3780. );
3781.  
3782. #endif /* (VER_PRODUCTBUILD >= 2195) */
3783.  
3784. #define SeDeleteClientSecurity(C)  {                                           \
3785.             if (SeTokenType((C)->ClientToken) == TokenPrimary) {               \
3786.                 PsDereferencePrimaryToken( (C)->ClientToken );                 \
3787.             } else {                                                           \
3788.                 PsDereferenceImpersonationToken( (C)->ClientToken );           \
3789.             }                                                                  \
3790. }
3791.  
3792. NTKERNELAPI
3793. VOID
3794. NTAPI
3795. SeDeleteObjectAuditAlarm (
3796.     IN PVOID    Object,
3797.     IN HANDLE   Handle
3798. );
3799.  
3800. #define SeEnableAccessToExports() SeExports = *(PSE_EXPORTS *)SeExports;
3801.  
3802. NTKERNELAPI
3803. VOID
3804. NTAPI
3805. SeFreePrivileges (
3806.     IN PPRIVILEGE_SET Privileges
3807. );
3808.  
3809. NTKERNELAPI
3810. VOID
3811. NTAPI
3812. SeImpersonateClient (
3813.     IN PSECURITY_CLIENT_CONTEXT ClientContext,
3814.     IN PETHREAD                 ServerThread OPTIONAL
3815. );
3816.  
3817. #if (VER_PRODUCTBUILD >= 2195)
3818.  
3819. NTKERNELAPI
3820. NTSTATUS
3821. NTAPI
3822. SeImpersonateClientEx (
3823.     IN PSECURITY_CLIENT_CONTEXT ClientContext,
3824.     IN PETHREAD                 ServerThread OPTIONAL
3825. );
3826.  
3827. #endif /* (VER_PRODUCTBUILD >= 2195) */
3828.  
3829. NTKERNELAPI
3830. VOID
3831. NTAPI
3832. SeLockSubjectContext (
3833.     IN PSECURITY_SUBJECT_CONTEXT SubjectContext
3834. );
3835.  
3836. NTKERNELAPI
3837. NTSTATUS
3838. NTAPI
3839. SeMarkLogonSessionForTerminationNotification (
3840.     IN PLUID LogonId
3841. );
3842.  
3843. NTKERNELAPI
3844. VOID
3845. NTAPI
3846. SeOpenObjectAuditAlarm (
3847.     IN PUNICODE_STRING      ObjectTypeName,
3848.     IN PVOID                Object OPTIONAL,
3849.     IN PUNICODE_STRING      AbsoluteObjectName OPTIONAL,
3850.     IN PSECURITY_DESCRIPTOR SecurityDescriptor,
3851.     IN PACCESS_STATE        AccessState,
3852.     IN BOOLEAN              ObjectCreated,
3853.     IN BOOLEAN              AccessGranted,
3854.     IN KPROCESSOR_MODE      AccessMode,
3855.     OUT PBOOLEAN            GenerateOnClose
3856. );
3857.  
3858. NTKERNELAPI
3859. VOID
3860. NTAPI
3861. SeOpenObjectForDeleteAuditAlarm (
3862.     IN PUNICODE_STRING      ObjectTypeName,
3863.     IN PVOID                Object OPTIONAL,
3864.     IN PUNICODE_STRING      AbsoluteObjectName OPTIONAL,
3865.     IN PSECURITY_DESCRIPTOR SecurityDescriptor,
3866.     IN PACCESS_STATE        AccessState,
3867.     IN BOOLEAN              ObjectCreated,
3868.     IN BOOLEAN              AccessGranted,
3869.     IN KPROCESSOR_MODE      AccessMode,
3870.     OUT PBOOLEAN            GenerateOnClose
3871. );
3872.  
3873. NTKERNELAPI
3874. BOOLEAN
3875. NTAPI
3876. SePrivilegeCheck (
3877.     IN OUT PPRIVILEGE_SET           RequiredPrivileges,
3878.     IN PSECURITY_SUBJECT_CONTEXT    SubjectContext,
3879.     IN KPROCESSOR_MODE              AccessMode
3880. );
3881.  
3882. NTKERNELAPI
3883. NTSTATUS
3884. NTAPI
3885. SeQueryAuthenticationIdToken (
3886.     IN PACCESS_TOKEN    Token,
3887.     OUT PLUID           LogonId
3888. );
3889.  
3890. #if (VER_PRODUCTBUILD >= 2195)
3891.  
3892. NTKERNELAPI
3893. NTSTATUS
3894. NTAPI
3895. SeQueryInformationToken (
3896.     IN PACCESS_TOKEN           Token,
3897.     IN TOKEN_INFORMATION_CLASS TokenInformationClass,
3898.     OUT PVOID                  *TokenInformation
3899. );
3900.  
3901. #endif /* (VER_PRODUCTBUILD >= 2195) */
3902.  
3903. NTKERNELAPI
3904. NTSTATUS
3905. NTAPI
3906. SeQuerySecurityDescriptorInfo (
3907.     IN PSECURITY_INFORMATION    SecurityInformation,
3908.     OUT PSECURITY_DESCRIPTOR    SecurityDescriptor,
3909.     IN OUT PULONG               Length,
3910.     IN PSECURITY_DESCRIPTOR     *ObjectsSecurityDescriptor
3911. );
3912.  
3913. #if (VER_PRODUCTBUILD >= 2195)
3914.  
3915. NTKERNELAPI
3916. NTSTATUS
3917. NTAPI
3918. SeQuerySessionIdToken (
3919.     IN PACCESS_TOKEN    Token,
3920.     IN PULONG           SessionId
3921. );
3922.  
3923. #endif /* (VER_PRODUCTBUILD >= 2195) */
3924.  
3925. #define SeQuerySubjectContextToken( SubjectContext )                \
3926.     ( ARGUMENT_PRESENT(                                             \
3927.         ((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->ClientToken   \
3928.         ) ?                                                         \
3929.     ((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->ClientToken :     \
3930.     ((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->PrimaryToken )
3931.  
3932. typedef NTSTATUS (*PSE_LOGON_SESSION_TERMINATED_ROUTINE) (
3933.     IN PLUID LogonId
3934. );
3935.  
3936. NTKERNELAPI
3937. NTSTATUS
3938. NTAPI
3939. SeRegisterLogonSessionTerminatedRoutine (
3940.     IN PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine
3941. );
3942.  
3943. NTKERNELAPI
3944. VOID
3945. NTAPI
3946. SeReleaseSubjectContext (
3947.     IN PSECURITY_SUBJECT_CONTEXT SubjectContext
3948. );
3949.  
3950. NTKERNELAPI
3951. VOID
3952. NTAPI
3953. SeSetAccessStateGenericMapping (
3954.     PACCESS_STATE       AccessState,
3955.     PGENERIC_MAPPING    GenericMapping
3956. );
3957.  
3958. NTKERNELAPI
3959. NTSTATUS
3960. NTAPI
3961. SeSetSecurityDescriptorInfo (
3962.     IN PVOID                    Object OPTIONAL,
3963.     IN PSECURITY_INFORMATION    SecurityInformation,
3964.     IN PSECURITY_DESCRIPTOR     SecurityDescriptor,
3965.     IN OUT PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor,
3966.     IN POOL_TYPE                PoolType,
3967.     IN PGENERIC_MAPPING         GenericMapping
3968. );
3969.  
3970. #if (VER_PRODUCTBUILD >= 2195)
3971.  
3972. NTKERNELAPI
3973. NTSTATUS
3974. NTAPI
3975. SeSetSecurityDescriptorInfoEx (
3976.     IN PVOID                    Object OPTIONAL,
3977.     IN PSECURITY_INFORMATION    SecurityInformation,
3978.     IN PSECURITY_DESCRIPTOR     ModificationDescriptor,
3979.     IN OUT PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor,
3980.     IN ULONG                    AutoInheritFlags,
3981.     IN POOL_TYPE                PoolType,
3982.     IN PGENERIC_MAPPING         GenericMapping
3983. );
3984.  
3985. NTKERNELAPI
3986. BOOLEAN
3987. NTAPI
3988. SeTokenIsAdmin (
3989.     IN PACCESS_TOKEN Token
3990. );
3991.  
3992. NTKERNELAPI
3993. BOOLEAN
3994. NTAPI
3995. SeTokenIsRestricted (
3996.     IN PACCESS_TOKEN Token
3997. );
3998.  
3999. #endif /* (VER_PRODUCTBUILD >= 2195) */
4000.  
4001. NTKERNELAPI
4002. TOKEN_TYPE
4003. NTAPI
4004. SeTokenType (
4005.     IN PACCESS_TOKEN Token
4006. );
4007.  
4008. NTKERNELAPI
4009. VOID
4010. NTAPI
4011. SeUnlockSubjectContext (
4012.     IN PSECURITY_SUBJECT_CONTEXT SubjectContext
4013. );
4014.  
4015. NTKERNELAPI
4016. NTSTATUS
4017. SeUnregisterLogonSessionTerminatedRoutine (
4018.     IN PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine
4019. );
4020.  
4021. #if (VER_PRODUCTBUILD >= 2195)
4022.  
4023. NTSYSAPI
4024. NTSTATUS
4025. NTAPI
4026. ZwAdjustPrivilegesToken (
4027.     IN HANDLE               TokenHandle,
4028.     IN BOOLEAN              DisableAllPrivileges,
4029.     IN PTOKEN_PRIVILEGES    NewState,
4030.     IN ULONG                BufferLength,
4031.     OUT PTOKEN_PRIVILEGES   PreviousState OPTIONAL,
4032.     OUT PULONG              ReturnLength
4033. );
4034.  
4035. #endif /* (VER_PRODUCTBUILD >= 2195) */
4036.  
4037. NTSYSAPI
4038. NTSTATUS
4039. NTAPI
4040. ZwAlertThread (
4041.     IN HANDLE ThreadHandle
4042. );
4043.  
4044. NTSYSAPI
4045. NTSTATUS
4046. NTAPI
4047. ZwAllocateVirtualMemory (
4048.     IN HANDLE       ProcessHandle,
4049.     IN OUT PVOID    *BaseAddress,
4050.     IN ULONG        ZeroBits,
4051.     IN OUT PULONG   RegionSize,
4052.     IN ULONG        AllocationType,
4053.     IN ULONG        Protect
4054. );
4055.  
4056. NTSYSAPI
4057. NTSTATUS
4058. NTAPI
4059. ZwAccessCheckAndAuditAlarm (
4060.     IN PUNICODE_STRING      SubsystemName,
4061.     IN PVOID                HandleId,
4062.     IN PUNICODE_STRING      ObjectTypeName,
4063.     IN PUNICODE_STRING      ObjectName,
4064.     IN PSECURITY_DESCRIPTOR SecurityDescriptor,
4065.     IN ACCESS_MASK          DesiredAccess,
4066.     IN PGENERIC_MAPPING     GenericMapping,
4067.     IN BOOLEAN              ObjectCreation,
4068.     OUT PACCESS_MASK        GrantedAccess,
4069.     OUT PBOOLEAN            AccessStatus,
4070.     OUT PBOOLEAN            GenerateOnClose
4071. );
4072.  
4073. #if (VER_PRODUCTBUILD >= 2195)
4074.  
4075. NTSYSAPI
4076. NTSTATUS
4077. NTAPI
4078. ZwCancelIoFile (
4079.     IN HANDLE               FileHandle,
4080.     OUT PIO_STATUS_BLOCK    IoStatusBlock
4081. );
4082.  
4083. #endif /* (VER_PRODUCTBUILD >= 2195) */
4084.  
4085. NTSYSAPI
4086. NTSTATUS
4087. NTAPI
4088. ZwClearEvent (
4089.     IN HANDLE EventHandle
4090. );
4091.  
4092. NTSYSAPI
4093. NTSTATUS
4094. NTAPI
4095. ZwCloseObjectAuditAlarm (
4096.     IN PUNICODE_STRING  SubsystemName,
4097.     IN PVOID            HandleId,
4098.     IN BOOLEAN          GenerateOnClose
4099. );
4100.  
4101. NTSYSAPI
4102. NTSTATUS
4103. NTAPI
4104. ZwCreateSection (
4105.     OUT PHANDLE             SectionHandle,
4106.     IN ACCESS_MASK          DesiredAccess,
4107.     IN POBJECT_ATTRIBUTES   ObjectAttributes OPTIONAL,
4108.     IN PLARGE_INTEGER       MaximumSize OPTIONAL,
4109.     IN ULONG                SectionPageProtection,
4110.     IN ULONG                AllocationAttributes,
4111.     IN HANDLE               FileHandle OPTIONAL
4112. );
4113.  
4114. NTSYSAPI
4115. NTSTATUS
4116. NTAPI
4117. ZwCreateSymbolicLinkObject (
4118.     OUT PHANDLE             SymbolicLinkHandle,
4119.     IN ACCESS_MASK          DesiredAccess,
4120.     IN POBJECT_ATTRIBUTES   ObjectAttributes,
4121.     IN PUNICODE_STRING      TargetName
4122. );
4123.  
4124. NTSYSAPI
4125. NTSTATUS
4126. NTAPI
4127. ZwDeleteFile (
4128.     IN POBJECT_ATTRIBUTES ObjectAttributes
4129. );
4130.  
4131. NTSYSAPI
4132. NTSTATUS
4133. NTAPI
4134. ZwDeleteValueKey (
4135.     IN HANDLE           Handle,
4136.     IN PUNICODE_STRING  Name
4137. );
4138.  
4139. NTSYSAPI
4140. NTSTATUS
4141. NTAPI
4142. ZwDeviceIoControlFile (
4143.     IN HANDLE               FileHandle,
4144.     IN HANDLE               Event OPTIONAL,
4145.     IN PIO_APC_ROUTINE      ApcRoutine OPTIONAL,
4146.     IN PVOID                ApcContext OPTIONAL,
4147.     OUT PIO_STATUS_BLOCK    IoStatusBlock,
4148.     IN ULONG                IoControlCode,
4149.     IN PVOID                InputBuffer OPTIONAL,
4150.     IN ULONG                InputBufferLength,
4151.     OUT PVOID               OutputBuffer OPTIONAL,
4152.     IN ULONG                OutputBufferLength
4153. );
4154.  
4155. NTSYSAPI
4156. NTSTATUS
4157. NTAPI
4158. ZwDisplayString (
4159.     IN PUNICODE_STRING String
4160. );
4161.  
4162. NTSYSAPI
4163. NTSTATUS
4164. NTAPI
4165. ZwDuplicateObject (
4166.     IN HANDLE       SourceProcessHandle,
4167.     IN HANDLE       SourceHandle,
4168.     IN HANDLE       TargetProcessHandle OPTIONAL,
4169.     OUT PHANDLE     TargetHandle OPTIONAL,
4170.     IN ACCESS_MASK  DesiredAccess,
4171.     IN ULONG        HandleAttributes,
4172.     IN ULONG        Options
4173. );
4174.  
4175. NTSYSAPI
4176. NTSTATUS
4177. NTAPI
4178. ZwDuplicateToken (
4179.     IN HANDLE               ExistingTokenHandle,
4180.     IN ACCESS_MASK          DesiredAccess,
4181.     IN POBJECT_ATTRIBUTES   ObjectAttributes,
4182.     IN BOOLEAN              EffectiveOnly,
4183.     IN TOKEN_TYPE           TokenType,
4184.     OUT PHANDLE             NewTokenHandle
4185. );
4186.  
4187. NTSYSAPI
4188. NTSTATUS
4189. NTAPI
4190. ZwFlushInstructionCache (
4191.     IN HANDLE   ProcessHandle,
4192.     IN PVOID    BaseAddress OPTIONAL,
4193.     IN ULONG    FlushSize
4194. );
4195.  
4196. #if (VER_PRODUCTBUILD >= 2195)
4197.  
4198. NTSYSAPI
4199. NTSTATUS
4200. NTAPI
4201. ZwFlushVirtualMemory (
4202.     IN HANDLE               ProcessHandle,
4203.     IN OUT PVOID            *BaseAddress,
4204.     IN OUT PULONG           FlushSize,
4205.     OUT PIO_STATUS_BLOCK    IoStatusBlock
4206. );
4207.  
4208. #endif /* (VER_PRODUCTBUILD >= 2195) */
4209.  
4210. NTSYSAPI
4211. NTSTATUS
4212. NTAPI
4213. ZwFreeVirtualMemory (
4214.     IN HANDLE       ProcessHandle,
4215.     IN OUT PVOID    *BaseAddress,
4216.     IN OUT PULONG   RegionSize,
4217.     IN ULONG        FreeType
4218. );
4219.  
4220. NTSYSAPI
4221. NTSTATUS
4222. NTAPI
4223. ZwFsControlFile (
4224.     IN HANDLE               FileHandle,
4225.     IN HANDLE               Event OPTIONAL,
4226.     IN PIO_APC_ROUTINE      ApcRoutine OPTIONAL,
4227.     IN PVOID                ApcContext OPTIONAL,
4228.     OUT PIO_STATUS_BLOCK    IoStatusBlock,
4229.     IN ULONG                FsControlCode,
4230.     IN PVOID                InputBuffer OPTIONAL,
4231.     IN ULONG                InputBufferLength,
4232.     OUT PVOID               OutputBuffer OPTIONAL,
4233.     IN ULONG                OutputBufferLength
4234. );
4235.  
4236. #if (VER_PRODUCTBUILD >= 2195)
4237.  
4238. NTSYSAPI
4239. NTSTATUS
4240. NTAPI
4241. ZwInitiatePowerAction (
4242.     IN POWER_ACTION         SystemAction,
4243.     IN SYSTEM_POWER_STATE   MinSystemState,
4244.     IN ULONG                Flags,
4245.     IN BOOLEAN              Asynchronous
4246. );
4247.  
4248. #endif /* (VER_PRODUCTBUILD >= 2195) */
4249.  
4250. NTSYSAPI
4251. NTSTATUS
4252. NTAPI
4253. ZwLoadDriver (
4254.     /* "\\Registry\\Machine\\System\\CurrentControlSet\\Services\\<DriverName>" */
4255.     IN PUNICODE_STRING RegistryPath
4256. );
4257.  
4258. NTSYSAPI
4259. NTSTATUS
4260. NTAPI
4261. ZwLoadKey (
4262.     IN POBJECT_ATTRIBUTES KeyObjectAttributes,
4263.     IN POBJECT_ATTRIBUTES FileObjectAttributes
4264. );
4265.  
4266. NTSYSAPI
4267. NTSTATUS
4268. NTAPI
4269. ZwNotifyChangeKey (
4270.     IN HANDLE               KeyHandle,
4271.     IN HANDLE               EventHandle OPTIONAL,
4272.     IN PIO_APC_ROUTINE      ApcRoutine OPTIONAL,
4273.     IN PVOID                ApcContext OPTIONAL,
4274.     OUT PIO_STATUS_BLOCK    IoStatusBlock,
4275.     IN ULONG                NotifyFilter,
4276.     IN BOOLEAN              WatchSubtree,
4277.     IN PVOID                Buffer,
4278.     IN ULONG                BufferLength,
4279.     IN BOOLEAN              Asynchronous
4280. );
4281.  
4282. NTSYSAPI
4283. NTSTATUS
4284. NTAPI
4285. ZwOpenDirectoryObject (
4286.     OUT PHANDLE             DirectoryHandle,
4287.     IN ACCESS_MASK          DesiredAccess,
4288.     IN POBJECT_ATTRIBUTES   ObjectAttributes
4289. );
4290.  
4291. NTSYSAPI
4292. NTSTATUS
4293. NTAPI
4294. ZwOpenEvent (
4295.     OUT PHANDLE             EventHandle,
4296.     IN ACCESS_MASK          DesiredAccess,
4297.     IN POBJECT_ATTRIBUTES   ObjectAttributes
4298. );
4299.  
4300. NTSYSAPI
4301. NTSTATUS
4302. NTAPI
4303. ZwOpenProcess (
4304.     OUT PHANDLE             ProcessHandle,
4305.     IN ACCESS_MASK          DesiredAccess,
4306.     IN POBJECT_ATTRIBUTES   ObjectAttributes,
4307.     IN PCLIENT_ID           ClientId OPTIONAL
4308. );
4309.  
4310. NTSYSAPI
4311. NTSTATUS
4312. NTAPI
4313. ZwOpenProcessToken (
4314.     IN HANDLE       ProcessHandle,
4315.     IN ACCESS_MASK  DesiredAccess,
4316.     OUT PHANDLE     TokenHandle
4317. );
4318.  
4319. NTSYSAPI
4320. NTSTATUS
4321. NTAPI
4322. ZwOpenThread (
4323.     OUT PHANDLE             ThreadHandle,
4324.     IN ACCESS_MASK          DesiredAccess,
4325.     IN POBJECT_ATTRIBUTES   ObjectAttributes,
4326.     IN PCLIENT_ID           ClientId
4327. );
4328.  
4329. NTSYSAPI
4330. NTSTATUS
4331. NTAPI
4332. ZwOpenThreadToken (
4333.     IN HANDLE       ThreadHandle,
4334.     IN ACCESS_MASK  DesiredAccess,
4335.     IN BOOLEAN      OpenAsSelf,
4336.     OUT PHANDLE     TokenHandle
4337. );
4338.  
4339. #if (VER_PRODUCTBUILD >= 2195)
4340.  
4341. NTSYSAPI
4342. NTSTATUS
4343. NTAPI
4344. ZwPowerInformation (
4345.     IN POWER_INFORMATION_LEVEL  PowerInformationLevel,
4346.     IN PVOID                    InputBuffer OPTIONAL,
4347.     IN ULONG                    InputBufferLength,
4348.     OUT PVOID                   OutputBuffer OPTIONAL,
4349.     IN ULONG                    OutputBufferLength
4350. );
4351.  
4352. #endif /* (VER_PRODUCTBUILD >= 2195) */
4353.  
4354. NTSYSAPI
4355. NTSTATUS
4356. NTAPI
4357. ZwPulseEvent (
4358.     IN HANDLE   EventHandle,
4359.     OUT PULONG  PreviousState OPTIONAL
4360. );
4361.  
4362. NTSYSAPI
4363. NTSTATUS
4364. NTAPI
4365. ZwQueryDefaultLocale (
4366.     IN BOOLEAN  ThreadOrSystem,
4367.     OUT PLCID   Locale
4368. );
4369.  
4370. NTSYSAPI
4371. NTSTATUS
4372. NTAPI
4373. ZwQueryDirectoryFile (
4374.     IN HANDLE                   FileHandle,
4375.     IN HANDLE                   Event OPTIONAL,
4376.     IN PIO_APC_ROUTINE          ApcRoutine OPTIONAL,
4377.     IN PVOID                    ApcContext OPTIONAL,
4378.     OUT PIO_STATUS_BLOCK        IoStatusBlock,
4379.     OUT PVOID                   FileInformation,
4380.     IN ULONG                    Length,
4381.     IN FILE_INFORMATION_CLASS   FileInformationClass,
4382.     IN BOOLEAN                  ReturnSingleEntry,
4383.     IN PUNICODE_STRING          FileName OPTIONAL,
4384.     IN BOOLEAN                  RestartScan
4385. );
4386.  
4387. #if (VER_PRODUCTBUILD >= 2195)
4388.  
4389. NTSYSAPI
4390. NTSTATUS
4391. NTAPI
4392. ZwQueryDirectoryObject (
4393.     IN HANDLE       DirectoryHandle,
4394.     OUT PVOID       Buffer,
4395.     IN ULONG        Length,
4396.     IN BOOLEAN      ReturnSingleEntry,
4397.     IN BOOLEAN      RestartScan,
4398.     IN OUT PULONG   Context,
4399.     OUT PULONG      ReturnLength OPTIONAL
4400. );
4401.  
4402. NTSYSAPI
4403. NTSTATUS
4404. NTAPI
4405. ZwQueryEaFile (
4406.     IN HANDLE               FileHandle,
4407.     OUT PIO_STATUS_BLOCK    IoStatusBlock,
4408.     OUT PVOID               Buffer,
4409.     IN ULONG                Length,
4410.     IN BOOLEAN              ReturnSingleEntry,
4411.     IN PVOID                EaList OPTIONAL,
4412.     IN ULONG                EaListLength,
4413.     IN PULONG               EaIndex OPTIONAL,
4414.     IN BOOLEAN              RestartScan
4415. );
4416.  
4417. #endif /* (VER_PRODUCTBUILD >= 2195) */
4418.  
4419. NTSYSAPI
4420. NTSTATUS
4421. NTAPI
4422. ZwQueryInformationProcess (
4423.     IN HANDLE           ProcessHandle,
4424.     IN PROCESSINFOCLASS ProcessInformationClass,
4425.     OUT PVOID           ProcessInformation,
4426.     IN ULONG            ProcessInformationLength,
4427.     OUT PULONG          ReturnLength OPTIONAL
4428. );
4429.  
4430. NTSYSAPI
4431. NTSTATUS
4432. NTAPI
4433. ZwQueryInformationToken (
4434.     IN HANDLE                   TokenHandle,
4435.     IN TOKEN_INFORMATION_CLASS  TokenInformationClass,
4436.     OUT PVOID                   TokenInformation,
4437.     IN ULONG                    Length,
4438.     OUT PULONG                  ResultLength
4439. );
4440.  
4441. NTSYSAPI
4442. NTSTATUS
4443. NTAPI
4444. ZwQueryObject (
4445.     IN HANDLE                      ObjectHandle,
4446.     IN OBJECT_INFORMATION_CLASS    ObjectInformationClass,
4447.     OUT PVOID                      ObjectInformation,
4448.     IN ULONG                       Length,
4449.     OUT PULONG                     ResultLength
4450. );
4451.  
4452. NTSYSAPI
4453. NTSTATUS
4454. NTAPI
4455. ZwQuerySection (
4456.     IN HANDLE                       SectionHandle,
4457.     IN SECTION_INFORMATION_CLASS    SectionInformationClass,
4458.     OUT PVOID                       SectionInformation,
4459.     IN ULONG                        SectionInformationLength,
4460.     OUT PULONG                      ResultLength OPTIONAL
4461. );
4462.  
4463. NTSYSAPI
4464. NTSTATUS
4465. NTAPI
4466. ZwQuerySecurityObject (
4467.     IN HANDLE                   FileHandle,
4468.     IN SECURITY_INFORMATION     SecurityInformation,
4469.     OUT PSECURITY_DESCRIPTOR    SecurityDescriptor,
4470.     IN ULONG                    Length,
4471.     OUT PULONG                  ResultLength
4472. );
4473.  
4474. NTSYSAPI
4475. NTSTATUS
4476. NTAPI
4477. ZwQuerySystemInformation (
4478.     IN SYSTEM_INFORMATION_CLASS SystemInformationClass,
4479.     OUT PVOID                   SystemInformation,
4480.     IN ULONG                    Length,
4481.     OUT PULONG                  ReturnLength
4482. );
4483.  
4484. NTSYSAPI
4485. NTSTATUS
4486. NTAPI
4487. ZwQueryVolumeInformationFile (
4488.     IN HANDLE               FileHandle,
4489.     OUT PIO_STATUS_BLOCK    IoStatusBlock,
4490.     OUT PVOID               FsInformation,
4491.     IN ULONG                Length,
4492.     IN FS_INFORMATION_CLASS FsInformationClass
4493. );
4494.  
4495. NTSYSAPI
4496. NTSTATUS
4497. NTAPI
4498. ZwReplaceKey (
4499.     IN POBJECT_ATTRIBUTES   NewFileObjectAttributes,
4500.     IN HANDLE               KeyHandle,
4501.     IN POBJECT_ATTRIBUTES   OldFileObjectAttributes
4502. );
4503.  
4504. NTSYSAPI
4505. NTSTATUS
4506. NTAPI
4507. ZwResetEvent (
4508.     IN HANDLE   EventHandle,
4509.     OUT PULONG  PreviousState OPTIONAL
4510. );
4511.  
4512. #if (VER_PRODUCTBUILD >= 2195)
4513.  
4514. NTSYSAPI
4515. NTSTATUS
4516. NTAPI
4517. ZwRestoreKey (
4518.     IN HANDLE   KeyHandle,
4519.     IN HANDLE   FileHandle,
4520.     IN ULONG    Flags
4521. );
4522.  
4523. #endif /* (VER_PRODUCTBUILD >= 2195) */
4524.  
4525. NTSYSAPI
4526. NTSTATUS
4527. NTAPI
4528. ZwSaveKey (
4529.     IN HANDLE KeyHandle,
4530.     IN HANDLE FileHandle
4531. );
4532.  
4533. NTSYSAPI
4534. NTSTATUS
4535. NTAPI
4536. ZwSetDefaultLocale (
4537.     IN BOOLEAN  ThreadOrSystem,
4538.     IN LCID     Locale
4539. );
4540.  
4541. #if (VER_PRODUCTBUILD >= 2195)
4542.  
4543. NTSYSAPI
4544. NTSTATUS
4545. NTAPI
4546. ZwSetDefaultUILanguage (
4547.     IN LANGID LanguageId
4548. );
4549.  
4550. NTSYSAPI
4551. NTSTATUS
4552. NTAPI
4553. ZwSetEaFile (
4554.     IN HANDLE               FileHandle,
4555.     OUT PIO_STATUS_BLOCK    IoStatusBlock,
4556.     OUT PVOID               Buffer,
4557.     IN ULONG                Length
4558. );
4559.  
4560. #endif /* (VER_PRODUCTBUILD >= 2195) */
4561.  
4562. NTSYSAPI
4563. NTSTATUS
4564. NTAPI
4565. ZwSetEvent (
4566.     IN HANDLE   EventHandle,
4567.     OUT PULONG  PreviousState OPTIONAL
4568. );
4569.  
4570. NTSYSAPI
4571. NTSTATUS
4572. NTAPI
4573. ZwSetInformationObject (
4574.     IN HANDLE                       ObjectHandle,
4575.     IN OBJECT_INFORMATION_CLASS    ObjectInformationClass,
4576.     IN PVOID                        ObjectInformation,
4577.     IN ULONG                        ObjectInformationLength
4578. );
4579.  
4580. NTSYSAPI
4581. NTSTATUS
4582. NTAPI
4583. ZwSetInformationProcess (
4584.     IN HANDLE           ProcessHandle,
4585.     IN PROCESSINFOCLASS ProcessInformationClass,
4586.     IN PVOID            ProcessInformation,
4587.     IN ULONG            ProcessInformationLength
4588. );
4589.  
4590. #if (VER_PRODUCTBUILD >= 2195)
4591.  
4592. NTSYSAPI
4593. NTSTATUS
4594. NTAPI
4595. ZwSetSecurityObject (
4596.     IN HANDLE               Handle,
4597.     IN SECURITY_INFORMATION SecurityInformation,
4598.     IN PSECURITY_DESCRIPTOR SecurityDescriptor
4599. );
4600.  
4601. #endif /* (VER_PRODUCTBUILD >= 2195) */
4602.  
4603. NTSYSAPI
4604. NTSTATUS
4605. NTAPI
4606. ZwSetSystemInformation (
4607.     IN SYSTEM_INFORMATION_CLASS SystemInformationClass,
4608.     IN PVOID                    SystemInformation,
4609.     IN ULONG                    Length
4610. );
4611.  
4612. NTSYSAPI
4613. NTSTATUS
4614. NTAPI
4615. ZwSetSystemTime (
4616.     IN PLARGE_INTEGER   NewTime,
4617.     OUT PLARGE_INTEGER  OldTime OPTIONAL
4618. );
4619.  
4620. #if (VER_PRODUCTBUILD >= 2195)
4621.  
4622. NTSYSAPI
4623. NTSTATUS
4624. NTAPI
4625. ZwSetVolumeInformationFile (
4626.     IN HANDLE               FileHandle,
4627.     OUT PIO_STATUS_BLOCK    IoStatusBlock,
4628.     IN PVOID                FsInformation,
4629.     IN ULONG                Length,
4630.     IN FS_INFORMATION_CLASS FsInformationClass
4631. );
4632.  
4633. #endif /* (VER_PRODUCTBUILD >= 2195) */
4634.  
4635. NTSYSAPI
4636. NTSTATUS
4637. NTAPI
4638. ZwTerminateProcess (
4639.     IN HANDLE   ProcessHandle OPTIONAL,
4640.     IN NTSTATUS ExitStatus
4641. );
4642.  
4643. NTSYSAPI
4644. NTSTATUS
4645. NTAPI
4646. ZwUnloadDriver (
4647.     /* "\\Registry\\Machine\\System\\CurrentControlSet\\Services\\<DriverName>" */
4648.     IN PUNICODE_STRING RegistryPath
4649. );
4650.  
4651. NTSYSAPI
4652. NTSTATUS
4653. NTAPI
4654. ZwUnloadKey (
4655.     IN POBJECT_ATTRIBUTES KeyObjectAttributes
4656. );
4657.  
4658. NTSYSAPI
4659. NTSTATUS
4660. NTAPI
4661. ZwWaitForSingleObject (
4662.     IN HANDLE           Handle,
4663.     IN BOOLEAN          Alertable,
4664.     IN PLARGE_INTEGER   Timeout OPTIONAL
4665. );
4666.  
4667. NTSYSAPI
4668. NTSTATUS
4669. NTAPI
4670. ZwWaitForMultipleObjects (
4671.     IN ULONG            HandleCount,
4672.     IN PHANDLE          Handles,
4673.     IN WAIT_TYPE        WaitType,
4674.     IN BOOLEAN          Alertable,
4675.     IN PLARGE_INTEGER   Timeout OPTIONAL
4676. );
4677.  
4678. NTSYSAPI
4679. NTSTATUS
4680. NTAPI
4681. ZwYieldExecution (
4682.     VOID
4683. );
4684.  
4685. #pragma pack(pop)
4686.  
4687. #ifdef __cplusplus
4688. }
4689. #endif
4690.  
4691. #endif /* _NTIFS_ */
4692.