📄 ntifs.h
字号:
/*
This is a free version of the file ntifs.h, release 34.
The purpose of this include file is to build file system and
file system filter drivers for Windows NT? Windows?2000 and
Windows?XP.
Copyright (C) 1999, 2000, 2001, 2002 Bo Brant閚.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
The GNU General Public License is also available from:
http://www.gnu.org/copyleft/gpl.html
Windows and Windows NT are either registered trademarks or trademarks of
Microsoft Corporation in the United States and/or other countries.
DISCLAIMER: I do not encourage anyone to use this include file to build
drivers used in production. The information in this include file is
incomplete and intended only as an studying companion. The information
has been found in books, magazines, on the Internet and received from
contributors. Some of the information in this file may not be available
in other publications intended for similar use, these should be used with
extra care. Some of the information in this file may have different names
than in other publications even though they describe the same thing.
Please send comments, corrections and contributions to bosse@acc.umu.se
The most recent version of this file is available from:
http://www.acc.umu.se/~bosse/ntifs.h
Thanks to:
Andrey Shedel, Luigi Mori, Louis Joubert, Itai Shaham, David Welch,
Emanuele Aliberti, Anton Altaparmakov, Dan Partelly, Mamaich,
Yossi Yaffe, Gunnar Andr?Dalsnes, Vadim V Vorobev, Ashot Oganesyan K,
Oleg Nikityenko and Darja Isaksson.
Revision history:
34. 2002-02-14
Corrected:
HARDWARE_PTE
Changed the use of _WIN32_WINNT to VER_PRODUCTBUILD since _WIN32_WINNT
is incorrectly defined in the Windows 2000 build environment included
in the Windows XP DDK.
33. 2002-01-20
Added:
Function prototypes:
PsDereferenceImpersonationToken
PsDereferencePrimaryToken
32. 2002-01-18
Corrected:
ObReferenceObjectByName
FILE_FS_OBJECT_ID_INFORMATION
FILE_OBJECTID_INFORMATION
Added:
Externals:
IoDriverObjectType
SeExports
Defines:
FILE_ACTION_XXX
FSCTL_XXX
IO_FILE_OBJECT_XXX
IRP_BEING_VERIFIED
TOKEN_XXX
Data types:
DEVICE_MAP
FILE_TRACKING_INFORMATION
SE_EXPORTS
Function prototypes:
SeEnableAccessToExports
31. 2001-12-23
Corrected:
QueryQuota in EXTENDED_IO_STACK_LOCATION
FILE_LOCK
CcPinMappedData
CcPinRead
CcPreparePinWrite
FsRtlFastUnlockAll
FsRtlFastUnlockAllByKey
FsRtlFastUnlockSingle
FsRtlInitializeFileLock
FsRtlPrivateLock
FsRtlProcessFileLock
MmForceSectionClosed
MmIsRecursiveIoFault
SeImpersonateClient
SeImpersonateClientEx
Added:
Defines:
More FSRTL_FLAG_XXX
PIN_XXX
VACB_XXX
Data types:
REPARSE_DATA_BUFFER
Function prototypes:
CcCopyWriteWontFlush
CcGetFileSizePointer
CcGetFlushedValidData
CcIsFileCached
CcRemapBcb
ExDisableResourceBoostLite
ExQueryPoolBlockSize
FsRtlAllocateFileLock
FsRtlAreThereCurrentFileLocks
FsRtlFastLock
FsRtlFreeFileLock
IoCheckDesiredAccess
IoCheckEaBufferValidity
IoCheckFunctionAccess
IoCheckQuotaBufferValidity
IoCreateStreamFileObjectLite
IoFastQueryNetworkAttributes
IoGetRequestorProcessId
IoIsFileOpenedExclusively
IoIsSystemThread
IoIsValidNameGraftingBuffer
IoSynchronousPageWrite
IoThreadToProcess
KeInitializeQueue
KeInsertHeadQueue
KeInsertQueue
KeReadStateQueue
KeRemoveQueue
KeRundownQueue
MmSetAddressRangeModified
ObGetObjectPointerCount
ObMakeTemporaryObject
ObQueryObjectAuditingByHandle
PsChargePoolQuota
PsReturnPoolQuota
SeAppendPrivileges
SeAuditingFileEvents
SeAuditingFileOrGlobalEvents
SeCreateClientSecurity
SeCreateClientSecurityFromSubjectContext
SeDeleteClientSecurity
SeDeleteObjectAuditAlarm
SeFreePrivileges
SeLockSubjectContext
SeOpenObjectAuditAlarm
SeOpenObjectForDeleteAuditAlarm
SePrivilegeCheck
SeQueryAuthenticationIdToken
SeQuerySecurityDescriptorInfo
SeQuerySessionIdToken
SeSetAccessStateGenericMapping
SeSetSecurityDescriptorInfo
SeSetSecurityDescriptorInfoEx
SeTokenIsAdmin
SeTokenIsRestricted
SeTokenType
SeUnlockSubjectContext
30. 2001-10-24
Corrected:
KINTERRUPT
OBJECT_TYPE
Added:
Defines:
More FSCTL_XXX
Data types:
BITMAP_RANGE
CreateMailslot in EXTENDED_IO_STACK_LOCATION
CreatePipe in EXTENDED_IO_STACK_LOCATION
QueryQuota in EXTENDED_IO_STACK_LOCATION
MAILSLOT_CREATE_PARAMETERS
MBCB
NAMED_PIPE_CREATE_PARAMETERS
PRIVATE_CACHE_MAP_FLAGS
PRIVATE_CACHE_MAP
SECURITY_CLIENT_CONTEXT
SHARED_CACHE_MAP
VACB
Function prototypes:
HalQueryRealTimeClock
HalSetRealTimeClock
PsGetProcessExitTime
PsIsThreadTerminating
PsLookupProcessThreadByCid
PsLookupThreadByThreadId
SeQueryAuthenticationIdToken
Externals:
KeServiceDescriptorTable
SePublicDefaultDacl
SeSystemDefaultDacl
29. 2001-10-06
Added:
Defines:
FSRTL_VOLUME_XXX
Function prototypes:
FsRtlNotifyChangeDirectory
FsRtlNotifyReportChange
FsRtlNotifyVolumeEvent
28. 2001-09-16
Added:
Function prototypes:
FsRtlNotifyInitializeSync
FsRtlNotifyUninitializeSync
SeImpersonateClientEx
SeReleaseSubjectContext
27. 2001-08-25
Corrected:
KPROCESS
FILE_LOCK_ANCHOR
FsRtlNormalizeNtstatus
RtlSecondsSince1970ToTime
RtlTimeToSecondsSince1970
SeQueryInformationToken
Added:
Defines:
FS_LFN_APIS
Data types:
FILE_LOCK_ENTRY
FILE_SHARED_LOCK_ENTRY
FILE_EXCLUSIVE_LOCK_ENTRY
Function prototypes:
FsRtlCheckLockForReadAccess
FsRtlCheckLockForWriteAccess
FsRtlFastUnlockAll
FsRtlFastUnlockAllByKey
FsRtlFastUnlockSingle
FsRtlGetFileSize
FsRtlGetNextFileLock
FsRtlInitializeFileLock
FsRtlPrivateLock
FsRtlProcessFileLock
FsRtlUninitializeFileLock
IoUnregisterFsRegistrationChange
PsLookupProcessByProcessId
SeQuerySubjectContextToken
26. 2001-04-28
Added:
Defines:
FSCTL_XXX
Data types:
RTL_SPLAY_LINKS
TUNNEL
Function prototypes:
FsRtlAddToTunnelCache
FsRtlDeleteKeyFromTunnelCache
FsRtlDeleteTunnelCache
FsRtlFindInTunnelCache
FsRtlInitializeTunnelCache
IoSetDeviceToVerify
KeInitializeApc
KeInsertQueueApc
SeQueryInformationToken
25. 2001-04-05
Corrected:
RtlImageNtHeader
LPC_XXX
OBJECT_BASIC_INFO
Added:
Defines:
SID_REVISION
Data types:
DIRECTORY_BASIC_INFORMATION
KINTERRUPT
OBJECT_HANDLE_ATTRIBUTE_INFO
PROCESS_PRIORITY_CLASS
SECTION_BASIC_INFORMATION
SECTION_IMAGE_INFORMATION
SECTION_INFORMATION_CLASS
Function prototypes:
RtlSecondsSince1970ToTime
RtlTimeToSecondsSince1970
ZwAdjustPrivilegesToken
ZwAlertThread
ZwAccessCheckAndAuditAlarm
ZwClearEvent
ZwCloseObjectAuditAlarm
ZwCreateSection
ZwCreateSymbolicLinkObject
ZwDuplicateToken
ZwFlushInstructionCache
ZwFlushVirtualMemory
ZwInitiatePowerAction
ZwLoadKey
ZwNotifyChangeKey
ZwOpenThread
ZwPowerInformation
ZwPulseEvent
ZwQueryDefaultLocale
ZwQueryDefaultUILanguage
ZwQueryInformationProcess
ZwQueryInstallUILanguage
ZwQuerySection
ZwReplaceKey
ZwResetEvent
ZwRestoreKey
ZwSaveKey
ZwSetDefaultLocale
ZwSetDefaultUILanguage
ZwSetEvent
ZwSetInformationObject
ZwSetInformationProcess
ZwSetSecurityObject
ZwSetSystemTime
ZwTerminateProcess
ZwUnloadKey
ZwWaitForSingleObject
ZwWaitForMultipleObjects
ZwYieldExecution
Removed functions that is not exported in kernel mode:
CcZeroEndOfLastPage
RtlAllocateAndInitializeSid
ZwAcceptConnectPort
ZwCompleteConnectPort
ZwCreatePort
ZwCreateProcess
ZwCreateThread
ZwFlushBuffersFile
ZwGetContextThread
ZwImpersonateClientOfPort
ZwListenPort
ZwLockFile
ZwNotifyChangeDirectoryFile
ZwQueryInformationPort
ZwReadRequestData
ZwReplyPort
ZwReplyWaitReceivePort
ZwReplyWaitReplyPort
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -