📄 ntifs.h
字号:
TOKEN_PRIMARY_GROUP
TOKEN_PRIVILEGES
TOKEN_SOURCE
TOKEN_STATISTICS
TOKEN_USER
IoCreateFile
IoGetAttachedDevice
IoGetBaseFileSystemDeviceObject
PsReferenceImpersonationToken
PsReferencePrimaryToken
RtlConvertSidToUnicodeString
SeCaptureSubjectContext
SeMarkLogonSessionForTerminationNotification
SeRegisterLogonSessionTerminatedRoutine
SeUnregisterLogonSessionTerminatedRoutine
ZwOpenProcessToken
ZwOpenThreadToken
ZwQueryInformationToken
6. 1999-05-10
Corrected declarations of Zw functions.
Added:
ZwCancelIoFile
ZwDeleteFile
ZwFlushBuffersFile
ZwFsControlFile
ZwLockFile
ZwNotifyChangeDirectoryFile
ZwOpenFile
ZwQueryEaFile
ZwSetEaFile
ZwSetVolumeInformationFile
ZwUnlockFile
5. 1999-05-09
Added:
defines for FILE_ACTION_XXX and FILE_NOTIFY_XXX
FILE_FS_VOLUME_INFORMATION
RETRIEVAL_POINTERS_BUFFER
STARTING_VCN_INPUT_BUFFER
FsRtlNotifyFullReportChange
4. 1999-04-11
Corrected:
ZwCreateThread
Added:
define _GNU_NTIFS_
3. 1999-03-30
Added:
defines for MAP_XXX, MEM_XXX and SEC_XXX
FILE_BOTH_DIR_INFORMATION
FILE_DIRECTORY_INFORMATION
FILE_FULL_DIR_INFORMATION
FILE_NAMES_INFORMATION
FILE_NOTIFY_INFORMATION
FsRtlNotifyCleanup
KeAttachProcess
KeDetachProcess
MmCreateSection
ZwCreateProcess
ZwCreateThread
ZwDeviceIoControlFile
ZwGetContextThread
ZwLoadDriver
ZwOpenDirectoryObject
ZwOpenProcess
ZwOpenSymbolicLinkObject
ZwQueryDirectoryFile
ZwUnloadDriver
2. 1999-03-15
Added:
FILE_COMPRESSION_INFORMATION
FILE_STREAM_INFORMATION
FILE_LINK_INFORMATION
FILE_RENAME_INFORMATION
EXTENDED_IO_STACK_LOCATION
IoQueryFileInformation
IoQueryFileVolumeInformation
ZwQueryVolumeInformationFile
Moved include of ntddk.h to inside extern "C" block.
1. 1999-03-11
Initial release.
*/
#ifndef _NTIFS_
#define _NTIFS_
#define _GNU_NTIFS_
#ifdef __cplusplus
extern "C" {
#endif
#include <ntddk.h>
#include <ntverp.h>
typedef struct _SERVICE_DESCRIPTOR_TABLE *PSERVICE_DESCRIPTOR_TABLE;
typedef struct _SE_EXPORTS *PSE_EXPORTS;
extern PUCHAR *FsRtlLegalAnsiCharacterArray;
extern POBJECT_TYPE *IoDriverObjectType;
extern PSERVICE_DESCRIPTOR_TABLE KeServiceDescriptorTable;
extern PSHORT NtBuildNumber;
extern PSE_EXPORTS SeExports;
extern PACL SePublicDefaultDacl;
extern PACL SeSystemDefaultDacl;
#define ACCESS_ALLOWED_ACE_TYPE (0x0)
#define ACCESS_DENIED_ACE_TYPE (0x1)
#define SYSTEM_AUDIT_ACE_TYPE (0x2)
#define SYSTEM_ALARM_ACE_TYPE (0x3)
#define ANSI_DOS_STAR ('<')
#define ANSI_DOS_QM ('>')
#define ANSI_DOS_DOT ('"')
#define DOS_STAR (L'<')
#define DOS_QM (L'>')
#define DOS_DOT (L'"')
#define FILE_ACTION_ADDED 0x00000001
#define FILE_ACTION_REMOVED 0x00000002
#define FILE_ACTION_MODIFIED 0x00000003
#define FILE_ACTION_RENAMED_OLD_NAME 0x00000004
#define FILE_ACTION_RENAMED_NEW_NAME 0x00000005
#define FILE_ACTION_ADDED_STREAM 0x00000006
#define FILE_ACTION_REMOVED_STREAM 0x00000007
#define FILE_ACTION_MODIFIED_STREAM 0x00000008
#define FILE_ACTION_REMOVED_BY_DELETE 0x00000009
#define FILE_ACTION_ID_NOT_TUNNELLED 0x0000000A
#define FILE_ACTION_TUNNELLED_ID_COLLISION 0x0000000B
#define FILE_EA_TYPE_BINARY 0xfffe
#define FILE_EA_TYPE_ASCII 0xfffd
#define FILE_EA_TYPE_BITMAP 0xfffb
#define FILE_EA_TYPE_METAFILE 0xfffa
#define FILE_EA_TYPE_ICON 0xfff9
#define FILE_EA_TYPE_EA 0xffee
#define FILE_EA_TYPE_MVMT 0xffdf
#define FILE_EA_TYPE_MVST 0xffde
#define FILE_EA_TYPE_ASN1 0xffdd
#define FILE_EA_TYPE_FAMILY_IDS 0xff01
#define FILE_NEED_EA 0x00000080
#define FILE_NOTIFY_CHANGE_FILE_NAME 0x00000001
#define FILE_NOTIFY_CHANGE_DIR_NAME 0x00000002
#define FILE_NOTIFY_CHANGE_NAME 0x00000003
#define FILE_NOTIFY_CHANGE_ATTRIBUTES 0x00000004
#define FILE_NOTIFY_CHANGE_SIZE 0x00000008
#define FILE_NOTIFY_CHANGE_LAST_WRITE 0x00000010
#define FILE_NOTIFY_CHANGE_LAST_ACCESS 0x00000020
#define FILE_NOTIFY_CHANGE_CREATION 0x00000040
#define FILE_NOTIFY_CHANGE_EA 0x00000080
#define FILE_NOTIFY_CHANGE_SECURITY 0x00000100
#define FILE_NOTIFY_CHANGE_STREAM_NAME 0x00000200
#define FILE_NOTIFY_CHANGE_STREAM_SIZE 0x00000400
#define FILE_NOTIFY_CHANGE_STREAM_WRITE 0x00000800
#define FILE_NOTIFY_VALID_MASK 0x00000fff
#define FILE_OPLOCK_BROKEN_TO_LEVEL_2 0x00000007
#define FILE_OPLOCK_BROKEN_TO_NONE 0x00000008
#define FILE_OPBATCH_BREAK_UNDERWAY 0x00000009
#define FILE_CASE_SENSITIVE_SEARCH 0x00000001
#define FILE_CASE_PRESERVED_NAMES 0x00000002
#define FILE_UNICODE_ON_DISK 0x00000004
#define FILE_PERSISTENT_ACLS 0x00000008
#define FILE_FILE_COMPRESSION 0x00000010
#define FILE_VOLUME_QUOTAS 0x00000020
#define FILE_SUPPORTS_SPARSE_FILES 0x00000040
#define FILE_SUPPORTS_REPARSE_POINTS 0x00000080
#define FILE_SUPPORTS_REMOTE_STORAGE 0x00000100
#define FS_LFN_APIS 0x00004000
#define FILE_VOLUME_IS_COMPRESSED 0x00008000
#define FILE_SUPPORTS_OBJECT_IDS 0x00010000
#define FILE_SUPPORTS_ENCRYPTION 0x00020000
#define FILE_NAMED_STREAMS 0x00040000
#define FILE_PIPE_BYTE_STREAM_TYPE 0x00000000
#define FILE_PIPE_MESSAGE_TYPE 0x00000001
#define FILE_PIPE_BYTE_STREAM_MODE 0x00000000
#define FILE_PIPE_MESSAGE_MODE 0x00000001
#define FILE_PIPE_QUEUE_OPERATION 0x00000000
#define FILE_PIPE_COMPLETE_OPERATION 0x00000001
#define FILE_PIPE_INBOUND 0x00000000
#define FILE_PIPE_OUTBOUND 0x00000001
#define FILE_PIPE_FULL_DUPLEX 0x00000002
#define FILE_PIPE_DISCONNECTED_STATE 0x00000001
#define FILE_PIPE_LISTENING_STATE 0x00000002
#define FILE_PIPE_CONNECTED_STATE 0x00000003
#define FILE_PIPE_CLOSING_STATE 0x00000004
#define FILE_PIPE_CLIENT_END 0x00000000
#define FILE_PIPE_SERVER_END 0x00000001
#define FILE_PIPE_READ_DATA 0x00000000
#define FILE_PIPE_WRITE_SPACE 0x00000001
#define FILE_STORAGE_TYPE_SPECIFIED 0x00000041 // FILE_DIRECTORY_FILE | FILE_NON_DIRECTORY_FILE
#define FILE_STORAGE_TYPE_DEFAULT (StorageTypeDefault << FILE_STORAGE_TYPE_SHIFT)
#define FILE_STORAGE_TYPE_DIRECTORY (StorageTypeDirectory << FILE_STORAGE_TYPE_SHIFT)
#define FILE_STORAGE_TYPE_FILE (StorageTypeFile << FILE_STORAGE_TYPE_SHIFT)
#define FILE_STORAGE_TYPE_DOCFILE (StorageTypeDocfile << FILE_STORAGE_TYPE_SHIFT)
#define FILE_STORAGE_TYPE_JUNCTION_POINT (StorageTypeJunctionPoint << FILE_STORAGE_TYPE_SHIFT)
#define FILE_STORAGE_TYPE_CATALOG (StorageTypeCatalog << FILE_STORAGE_TYPE_SHIFT)
#define FILE_STORAGE_TYPE_STRUCTURED_STORAGE (StorageTypeStructuredStorage << FILE_STORAGE_TYPE_SHIFT)
#define FILE_STORAGE_TYPE_EMBEDDING (StorageTypeEmbedding << FILE_STORAGE_TYPE_SHIFT)
#define FILE_STORAGE_TYPE_STREAM (StorageTypeStream << FILE_STORAGE_TYPE_SHIFT)
#define FILE_MINIMUM_STORAGE_TYPE FILE_STORAGE_TYPE_DEFAULT
#define FILE_MAXIMUM_STORAGE_TYPE FILE_STORAGE_TYPE_STREAM
#define FILE_STORAGE_TYPE_MASK 0x000f0000
#define FILE_STORAGE_TYPE_SHIFT 16
#define FILE_VC_QUOTA_NONE 0x00000000
#define FILE_VC_QUOTA_TRACK 0x00000001
#define FILE_VC_QUOTA_ENFORCE 0x00000002
#define FILE_VC_QUOTA_MASK 0x00000003
#define FILE_VC_QUOTAS_LOG_VIOLATIONS 0x00000004
#define FILE_VC_CONTENT_INDEX_DISABLED 0x00000008
#define FILE_VC_LOG_QUOTA_THRESHOLD 0x00000010
#define FILE_VC_LOG_QUOTA_LIMIT 0x00000020
#define FILE_VC_LOG_VOLUME_THRESHOLD 0x00000040
#define FILE_VC_LOG_VOLUME_LIMIT 0x00000080
#define FILE_VC_QUOTAS_INCOMPLETE 0x00000100
#define FILE_VC_QUOTAS_REBUILDING 0x00000200
#define FILE_VC_VALID_MASK 0x000003ff
#define FSRTL_FLAG_FILE_MODIFIED (0x01)
#define FSRTL_FLAG_FILE_LENGTH_CHANGED (0x02)
#define FSRTL_FLAG_LIMIT_MODIFIED_PAGES (0x04)
#define FSRTL_FLAG_ACQUIRE_MAIN_RSRC_EX (0x08)
#define FSRTL_FLAG_ACQUIRE_MAIN_RSRC_SH (0x10)
#define FSRTL_FLAG_USER_MAPPED_FILE (0x20)
#define FSRTL_FLAG_EOF_ADVANCE_ACTIVE (0x80)
#define FSRTL_FLAG2_DO_MODIFIED_WRITE (0x01)
#define FSRTL_FSP_TOP_LEVEL_IRP (0x01)
#define FSRTL_CACHE_TOP_LEVEL_IRP (0x02)
#define FSRTL_MOD_WRITE_TOP_LEVEL_IRP (0x03)
#define FSRTL_FAST_IO_TOP_LEVEL_IRP (0x04)
#define FSRTL_MAX_TOP_LEVEL_IRP_FLAG (0x04)
#define FSRTL_VOLUME_DISMOUNT 1
#define FSRTL_VOLUME_DISMOUNT_FAILED 2
#define FSRTL_VOLUME_LOCK 3
#define FSRTL_VOLUME_LOCK_FAILED 4
#define FSRTL_VOLUME_UNLOCK 5
#define FSRTL_VOLUME_MOUNT 6
#define FSRTL_WILD_CHARACTER 0x08
#ifdef _X86_
#define HARDWARE_PTE HARDWARE_PTE_X86
#define PHARDWARE_PTE PHARDWARE_PTE_X86
#else
#define HARDWARE_PTE ULONG
#define PHARDWARE_PTE PULONG
#endif
#define IO_CHECK_CREATE_PARAMETERS 0x0200
#define IO_ATTACH_DEVICE 0x0400
#define IO_ATTACH_DEVICE_API 0x80000000
#define IO_COMPLETION_QUERY_STATE 0x0001
#define IO_COMPLETION_MODIFY_STATE 0x0002
#define IO_COMPLETION_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED|SYNCHRONIZE|0x3)
#define IO_FILE_OBJECT_NON_PAGED_POOL_CHARGE 64
#define IO_FILE_OBJECT_PAGED_POOL_CHARGE 1024
#define IO_TYPE_APC 18
#define IO_TYPE_DPC 19
#define IO_TYPE_DEVICE_QUEUE 20
#define IO_TYPE_EVENT_PAIR 21
#define IO_TYPE_INTERRUPT 22
#define IO_TYPE_PROFILE 23
#define IRP_BEING_VERIFIED 0x10
#define MAILSLOT_CLASS_FIRSTCLASS 1
#define MAILSLOT_CLASS_SECONDCLASS 2
#define MAILSLOT_SIZE_AUTO 0
#define MAP_PROCESS 1L
#define MAP_SYSTEM 2L
#define MEM_DOS_LIM 0x40000000
#define MEM_IMAGE SEC_IMAGE
#define OB_TYPE_TYPE 1
#define OB_TYPE_DIRECTORY 2
#define OB_TYPE_SYMBOLIC_LINK 3
#define OB_TYPE_TOKEN 4
#define OB_TYPE_PROCESS 5
#define OB_TYPE_THREAD 6
#define OB_TYPE_EVENT 7
#define OB_TYPE_EVENT_PAIR 8
#define OB_TYPE_MUTANT 9
#define OB_TYPE_SEMAPHORE 10
#define OB_TYPE_TIMER 11
#define OB_TYPE_PROFILE 12
#define OB_TYPE_WINDOW_STATION 13
#define OB_TYPE_DESKTOP 14
#define OB_TYPE_SECTION 15
#define OB_TYPE_KEY 16
#define OB_TYPE_PORT 17
#define OB_TYPE_ADAPTER 18
#define OB_TYPE_CONTROLLER 19
#define OB_TYPE_DEVICE 20
#define OB_TYPE_DRIVER 21
#define OB_TYPE_IO_COMPLETION 22
#define OB_TYPE_FILE 23
#define PIN_WAIT (1)
#define PIN_EXCLUSIVE (2)
#define PIN_NO_READ (4)
#define PIN_IF_BCB (8)
#define PORT_CONNECT 0x0001
#define PORT_ALL_ACCESS (STANDARD_RIGHTS_ALL |\
PORT_CONNECT)
#define SEC_BASED 0x00200000
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -