2014-03-18 22:54:29 +00:00
|
|
|
/*
|
|
|
|
* Copyright (C) 2014 Alistair Leslie-Hughes
|
|
|
|
*
|
|
|
|
* This library is free software; you can redistribute it and/or
|
|
|
|
* modify it under the terms of the GNU Lesser General Public
|
|
|
|
* License as published by the Free Software Foundation; either
|
|
|
|
* version 2.1 of the License, or (at your option) any later version.
|
|
|
|
*
|
|
|
|
* This library is distributed in the hope that it will be useful,
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
|
|
* Lesser General Public License for more details.
|
|
|
|
*
|
|
|
|
* You should have received a copy of the GNU Lesser General Public
|
|
|
|
* License along with this library; if not, write to the Free Software
|
|
|
|
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
|
|
|
|
*/
|
|
|
|
|
|
|
|
#ifndef __NTIFS_H__
|
|
|
|
#define __NTIFS_H__
|
|
|
|
|
2018-03-21 05:40:17 +00:00
|
|
|
#include "ntddk.h"
|
|
|
|
|
2021-05-01 23:49:40 +00:00
|
|
|
#define PHCM_ERROR_INVALID_PARAMETER ((char)-1)
|
|
|
|
#define PHCM_ERROR_NO_TEB ((char)-2)
|
|
|
|
#define PHCM_ERROR_NO_PEB ((char)-3)
|
|
|
|
#define PHCM_APPLICATION_DEFAULT ((char)0)
|
|
|
|
#define PHCM_DISGUISE_PLACEHOLDERS ((char)1)
|
|
|
|
#define PHCM_EXPOSE_PLACEHOLDERS ((char)2)
|
|
|
|
#define PHCM_DISGUISE_FULL_PLACEHOLDERS ((char)3)
|
|
|
|
#define PHCM_MAX ((char)3)
|
|
|
|
|
2023-07-06 03:52:16 +00:00
|
|
|
#define SYMLINK_FLAG_RELATIVE 0x00000001
|
|
|
|
|
2015-11-04 18:46:50 +00:00
|
|
|
typedef struct _EX_PUSH_LOCK EX_PUSH_LOCK, *PEX_PUSH_LOCK;
|
|
|
|
|
2018-03-21 05:40:17 +00:00
|
|
|
typedef enum _FS_FILTER_SECTION_SYNC_TYPE
|
|
|
|
{
|
|
|
|
SyncTypeOther = 0,
|
|
|
|
SyncTypeCreateSection
|
|
|
|
} FS_FILTER_SECTION_SYNC_TYPE, *PFS_FILTER_SECTION_SYNC_TYPE;
|
|
|
|
|
|
|
|
typedef struct _FS_FILTER_SECTION_SYNC_OUTPUT
|
|
|
|
{
|
|
|
|
ULONG StructureSize;
|
|
|
|
ULONG SizeReturned;
|
|
|
|
ULONG Flags;
|
|
|
|
ULONG DesiredReadAlignment;
|
|
|
|
} FS_FILTER_SECTION_SYNC_OUTPUT, *PFS_FILTER_SECTION_SYNC_OUTPUT;
|
|
|
|
|
2014-03-18 22:54:29 +00:00
|
|
|
typedef struct _KQUEUE
|
|
|
|
{
|
|
|
|
DISPATCHER_HEADER Header;
|
|
|
|
LIST_ENTRY EntryListHead;
|
|
|
|
volatile ULONG CurrentCount;
|
|
|
|
ULONG MaximumCount;
|
|
|
|
LIST_ENTRY ThreadListHead;
|
|
|
|
} KQUEUE, *PKQUEUE, *RESTRICTED_POINTER PRKQUEUE;
|
|
|
|
|
2018-04-17 05:09:00 +00:00
|
|
|
typedef enum _FS_FILTER_STREAM_FO_NOTIFICATION_TYPE
|
|
|
|
{
|
|
|
|
NotifyTypeCreate = 0,
|
|
|
|
NotifyTypeRetired
|
|
|
|
} FS_FILTER_STREAM_FO_NOTIFICATION_TYPE, *PFS_FILTER_STREAM_FO_NOTIFICATION_TYPE;
|
|
|
|
|
|
|
|
typedef union _FS_FILTER_PARAMETERS
|
|
|
|
{
|
|
|
|
struct
|
|
|
|
{
|
|
|
|
PLARGE_INTEGER EndingOffset;
|
|
|
|
PERESOURCE *ResourceToRelease;
|
|
|
|
} AcquireForModifiedPageWriter;
|
|
|
|
|
|
|
|
struct
|
|
|
|
{
|
|
|
|
PERESOURCE ResourceToRelease;
|
|
|
|
} ReleaseForModifiedPageWriter;
|
|
|
|
|
|
|
|
struct
|
|
|
|
{
|
|
|
|
FS_FILTER_SECTION_SYNC_TYPE SyncType;
|
|
|
|
ULONG PageProtection;
|
|
|
|
PFS_FILTER_SECTION_SYNC_OUTPUT OutputInformation;
|
|
|
|
} AcquireForSectionSynchronization;
|
|
|
|
|
|
|
|
struct
|
|
|
|
{
|
|
|
|
FS_FILTER_STREAM_FO_NOTIFICATION_TYPE NotificationType;
|
|
|
|
BOOLEAN POINTER_ALIGNMENT SafeToRecurse;
|
|
|
|
} NotifyStreamFileObject;
|
|
|
|
|
|
|
|
struct
|
|
|
|
{
|
|
|
|
PIRP Irp;
|
|
|
|
void *FileInformation;
|
|
|
|
PULONG Length;
|
|
|
|
FILE_INFORMATION_CLASS FileInformationClass;
|
|
|
|
NTSTATUS CompletionStatus;
|
|
|
|
} QueryOpen;
|
|
|
|
|
|
|
|
struct
|
|
|
|
{
|
|
|
|
void *Argument1;
|
|
|
|
void *Argument2;
|
|
|
|
void *Argument3;
|
|
|
|
void *Argument4;
|
|
|
|
void *Argument5;
|
|
|
|
} Others;
|
|
|
|
|
|
|
|
} FS_FILTER_PARAMETERS, *PFS_FILTER_PARAMETERS;
|
|
|
|
|
|
|
|
typedef struct _FS_FILTER_CALLBACK_DATA
|
|
|
|
{
|
|
|
|
ULONG SizeOfFsFilterCallbackData;
|
|
|
|
UCHAR Operation;
|
|
|
|
UCHAR Reserved;
|
|
|
|
struct _DEVICE_OBJECT *DeviceObject;
|
|
|
|
struct _FILE_OBJECT *FileObject;
|
|
|
|
FS_FILTER_PARAMETERS Parameters;
|
|
|
|
} FS_FILTER_CALLBACK_DATA, *PFS_FILTER_CALLBACK_DATA;
|
|
|
|
|
|
|
|
typedef NTSTATUS (WINAPI *PFS_FILTER_CALLBACK)(PFS_FILTER_CALLBACK_DATA, void **);
|
|
|
|
typedef void (WINAPI *PFS_FILTER_COMPLETION_CALLBACK)(PFS_FILTER_CALLBACK_DATA, NTSTATUS, void *context);
|
|
|
|
|
|
|
|
typedef struct _FS_FILTER_CALLBACKS
|
|
|
|
{
|
|
|
|
ULONG SizeOfFsFilterCallbacks;
|
|
|
|
ULONG Reserved;
|
|
|
|
PFS_FILTER_CALLBACK PreAcquireForSectionSynchronization;
|
|
|
|
PFS_FILTER_COMPLETION_CALLBACK PostAcquireForSectionSynchronization;
|
|
|
|
PFS_FILTER_CALLBACK PreReleaseForSectionSynchronization;
|
|
|
|
PFS_FILTER_COMPLETION_CALLBACK PostReleaseForSectionSynchronization;
|
|
|
|
PFS_FILTER_CALLBACK PreAcquireForCcFlush;
|
|
|
|
PFS_FILTER_COMPLETION_CALLBACK PostAcquireForCcFlush;
|
|
|
|
PFS_FILTER_CALLBACK PreReleaseForCcFlush;
|
|
|
|
PFS_FILTER_COMPLETION_CALLBACK PostReleaseForCcFlush;
|
|
|
|
PFS_FILTER_CALLBACK PreAcquireForModifiedPageWriter;
|
|
|
|
PFS_FILTER_COMPLETION_CALLBACK PostAcquireForModifiedPageWriter;
|
|
|
|
PFS_FILTER_CALLBACK PreReleaseForModifiedPageWriter;
|
|
|
|
PFS_FILTER_COMPLETION_CALLBACK PostReleaseForModifiedPageWriter;
|
|
|
|
} FS_FILTER_CALLBACKS, *PFS_FILTER_CALLBACKS;
|
2018-03-21 05:40:17 +00:00
|
|
|
|
2023-07-06 03:52:16 +00:00
|
|
|
typedef struct _REPARSE_DATA_BUFFER
|
|
|
|
{
|
|
|
|
ULONG ReparseTag;
|
|
|
|
USHORT ReparseDataLength;
|
|
|
|
USHORT Reserved;
|
|
|
|
union
|
|
|
|
{
|
|
|
|
struct
|
|
|
|
{
|
|
|
|
USHORT SubstituteNameOffset;
|
|
|
|
USHORT SubstituteNameLength;
|
|
|
|
USHORT PrintNameOffset;
|
|
|
|
USHORT PrintNameLength;
|
|
|
|
ULONG Flags;
|
|
|
|
WCHAR PathBuffer[1];
|
|
|
|
} SymbolicLinkReparseBuffer;
|
|
|
|
|
|
|
|
struct
|
|
|
|
{
|
|
|
|
USHORT SubstituteNameOffset;
|
|
|
|
USHORT SubstituteNameLength;
|
|
|
|
USHORT PrintNameOffset;
|
|
|
|
USHORT PrintNameLength;
|
|
|
|
WCHAR PathBuffer[1];
|
|
|
|
} MountPointReparseBuffer;
|
|
|
|
|
|
|
|
struct
|
|
|
|
{
|
|
|
|
UCHAR DataBuffer[1];
|
|
|
|
} GenericReparseBuffer;
|
|
|
|
|
|
|
|
} DUMMYUNIONNAME;
|
|
|
|
} REPARSE_DATA_BUFFER, *PREPARSE_DATA_BUFFER;
|
|
|
|
|
|
|
|
typedef struct _REPARSE_GUID_DATA_BUFFER
|
|
|
|
{
|
|
|
|
DWORD ReparseTag;
|
|
|
|
WORD ReparseDataLength;
|
|
|
|
WORD Reserved;
|
|
|
|
GUID ReparseGuid;
|
|
|
|
struct
|
|
|
|
{
|
|
|
|
BYTE DataBuffer[1];
|
|
|
|
} GenericReparseBuffer;
|
|
|
|
} REPARSE_GUID_DATA_BUFFER, *PREPARSE_GUID_DATA_BUFFER;
|
|
|
|
|
|
|
|
#define REPARSE_GUID_DATA_BUFFER_HEADER_SIZE FIELD_OFFSET(REPARSE_GUID_DATA_BUFFER, GenericReparseBuffer)
|
|
|
|
|
2023-07-16 14:10:31 +00:00
|
|
|
#define COMPRESSION_FORMAT_NONE 0
|
|
|
|
#define COMPRESSION_FORMAT_DEFAULT 1
|
|
|
|
#define COMPRESSION_FORMAT_LZNT1 2
|
|
|
|
#define COMPRESSION_FORMAT_XPRESS 3
|
|
|
|
#define COMPRESSION_FORMAT_XPRESS_HUFF 4
|
|
|
|
#define COMPRESSION_FORMAT_MAX 4
|
|
|
|
|
|
|
|
#define COMPRESSION_ENGINE_STANDARD 0x0000
|
|
|
|
#define COMPRESSION_ENGINE_MAXIMUM 0x0100
|
|
|
|
#define COMPRESSION_ENGINE_HIBER 0x0200
|
|
|
|
#define COMPRESSION_ENGINE_MAX 0x0200
|
|
|
|
|
|
|
|
#define COMPRESSION_FORMAT_MASK 0x00ff
|
|
|
|
#define COMPRESSION_ENGINE_MASK 0xff00
|
|
|
|
|
2018-09-14 08:59:47 +00:00
|
|
|
BOOLEAN WINAPI FsRtlIsNameInExpression(PUNICODE_STRING, PUNICODE_STRING, BOOLEAN, PWCH);
|
2019-06-06 15:12:51 +00:00
|
|
|
DEVICE_OBJECT * WINAPI IoGetAttachedDevice(DEVICE_OBJECT*);
|
2019-08-22 04:16:54 +00:00
|
|
|
PEPROCESS WINAPI IoGetRequestorProcess(IRP*);
|
2020-05-31 15:26:23 +00:00
|
|
|
void WINAPI KeStackAttachProcess(KPROCESS*,KAPC_STATE*);
|
2020-05-31 15:26:24 +00:00
|
|
|
void WINAPI KeUnstackDetachProcess(KAPC_STATE*);
|
2019-04-30 14:36:37 +00:00
|
|
|
NTSTATUS WINAPI ObOpenObjectByPointer(void*,ULONG,PACCESS_STATE,ACCESS_MASK,POBJECT_TYPE,KPROCESSOR_MODE,HANDLE*);
|
2014-10-29 17:32:36 +00:00
|
|
|
NTSTATUS WINAPI ObQueryNameString(PVOID,POBJECT_NAME_INFORMATION,ULONG,PULONG);
|
2019-04-29 14:01:20 +00:00
|
|
|
BOOLEAN WINAPI PsIsSystemThread(PETHREAD);
|
2019-04-19 16:24:54 +00:00
|
|
|
NTSTATUS WINAPI PsLookupProcessByProcessId(HANDLE,PEPROCESS*);
|
2019-04-19 16:24:14 +00:00
|
|
|
NTSTATUS WINAPI PsLookupThreadByThreadId(HANDLE,PETHREAD*);
|
2019-02-06 16:51:43 +00:00
|
|
|
void WINAPI PsRevertToSelf(void);
|
2021-05-01 23:49:40 +00:00
|
|
|
char WINAPI RtlQueryProcessPlaceholderCompatibilityMode(void);
|
2014-10-29 17:32:36 +00:00
|
|
|
|
2014-03-18 22:54:29 +00:00
|
|
|
#endif
|