📄 ntifs.h
字号:
BITMAP_RANGE BitmapRange3;} MBCB, *PMBCB;typedef struct _MOVEFILE_DESCRIPTOR { HANDLE FileHandle; ULONG Reserved; LARGE_INTEGER StartVcn; LARGE_INTEGER TargetLcn; ULONG NumVcns; ULONG Reserved1; } MOVEFILE_DESCRIPTOR, *PMOVEFILE_DESCRIPTOR;typedef struct _NAMED_PIPE_CREATE_PARAMETERS { ULONG NamedPipeType; ULONG ReadMode; ULONG CompletionMode; ULONG MaximumInstances; ULONG InboundQuota; ULONG OutboundQuota; LARGE_INTEGER DefaultTimeout; BOOLEAN TimeoutSpecified;} NAMED_PIPE_CREATE_PARAMETERS, *PNAMED_PIPE_CREATE_PARAMETERS;typedef struct _OBJECT_BASIC_INFO { ULONG Attributes; ACCESS_MASK GrantedAccess; ULONG HandleCount; ULONG ReferenceCount; ULONG PagedPoolUsage; ULONG NonPagedPoolUsage; ULONG Reserved[3]; ULONG NameInformationLength; ULONG TypeInformationLength; ULONG SecurityDescriptorLength; LARGE_INTEGER CreateTime;} OBJECT_BASIC_INFO, *POBJECT_BASIC_INFO;typedef struct _OBJECT_HANDLE_ATTRIBUTE_INFO { BOOLEAN Inherit; BOOLEAN ProtectFromClose;} OBJECT_HANDLE_ATTRIBUTE_INFO, *POBJECT_HANDLE_ATTRIBUTE_INFO;typedef struct _OBJECT_NAME_INFO { UNICODE_STRING ObjectName; WCHAR ObjectNameBuffer[1];} OBJECT_NAME_INFO, *POBJECT_NAME_INFO;typedef struct _OBJECT_PROTECTION_INFO { BOOLEAN Inherit; BOOLEAN ProtectHandle;} OBJECT_PROTECTION_INFO, *POBJECT_PROTECTION_INFO;typedef struct _OBJECT_TYPE_INFO { UNICODE_STRING ObjectTypeName; UCHAR Unknown[0x58]; WCHAR ObjectTypeNameBuffer[1];} OBJECT_TYPE_INFO, *POBJECT_TYPE_INFO;typedef struct _OBJECT_ALL_TYPES_INFO { ULONG NumberOfObjectTypes; OBJECT_TYPE_INFO ObjectsTypeInfo[1];} OBJECT_ALL_TYPES_INFO, *POBJECT_ALL_TYPES_INFO;typedef struct _PAGEFAULT_HISTORY { ULONG CurrentIndex; ULONG MaxIndex; KSPIN_LOCK SpinLock; PVOID Reserved; PROCESS_WS_WATCH_INFORMATION WatchInfo[1];} PAGEFAULT_HISTORY, *PPAGEFAULT_HISTORY;typedef struct _PATHNAME_BUFFER { ULONG PathNameLength; WCHAR Name[1];} PATHNAME_BUFFER, *PPATHNAME_BUFFER;#if (VER_PRODUCTBUILD >= 2600)typedef struct _PRIVATE_CACHE_MAP_FLAGS { ULONG DontUse : 16; ULONG ReadAheadActive : 1; ULONG ReadAheadEnabled : 1; ULONG Available : 14;} PRIVATE_CACHE_MAP_FLAGS, *PPRIVATE_CACHE_MAP_FLAGS;typedef struct _PRIVATE_CACHE_MAP { _ANONYMOUS_UNION union { CSHORT NodeTypeCode; PRIVATE_CACHE_MAP_FLAGS Flags; ULONG UlongFlags; } DUMMYUNIONNAME; ULONG ReadAheadMask; PFILE_OBJECT FileObject; LARGE_INTEGER FileOffset1; LARGE_INTEGER BeyondLastByte1; LARGE_INTEGER FileOffset2; LARGE_INTEGER BeyondLastByte2; LARGE_INTEGER ReadAheadOffset[2]; ULONG ReadAheadLength[2]; KSPIN_LOCK ReadAheadSpinLock; LIST_ENTRY PrivateLinks;} PRIVATE_CACHE_MAP, *PPRIVATE_CACHE_MAP;#endiftypedef struct _PS_IMPERSONATION_INFORMATION { PACCESS_TOKEN Token; BOOLEAN CopyOnOpen; BOOLEAN EffectiveOnly; SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;} PS_IMPERSONATION_INFORMATION, *PPS_IMPERSONATION_INFORMATION;typedef struct _PUBLIC_BCB { CSHORT NodeTypeCode; CSHORT NodeByteSize; ULONG MappedLength; LARGE_INTEGER MappedFileOffset;} PUBLIC_BCB, *PPUBLIC_BCB;typedef struct _QUERY_PATH_REQUEST { ULONG PathNameLength; PIO_SECURITY_CONTEXT SecurityContext; WCHAR FilePathName[1];} QUERY_PATH_REQUEST, *PQUERY_PATH_REQUEST;typedef struct _QUERY_PATH_RESPONSE { ULONG LengthAccepted;} QUERY_PATH_RESPONSE, *PQUERY_PATH_RESPONSE;typedef struct _RETRIEVAL_POINTERS_BUFFER { ULONG ExtentCount; LARGE_INTEGER StartingVcn; struct { LARGE_INTEGER NextVcn; LARGE_INTEGER Lcn; } Extents[1];} RETRIEVAL_POINTERS_BUFFER, *PRETRIEVAL_POINTERS_BUFFER;typedef struct _RTL_SPLAY_LINKS { struct _RTL_SPLAY_LINKS *Parent; struct _RTL_SPLAY_LINKS *LeftChild; struct _RTL_SPLAY_LINKS *RightChild;} RTL_SPLAY_LINKS, *PRTL_SPLAY_LINKS;typedef struct _SE_EXPORTS { LUID SeCreateTokenPrivilege; LUID SeAssignPrimaryTokenPrivilege; LUID SeLockMemoryPrivilege; LUID SeIncreaseQuotaPrivilege; LUID SeUnsolicitedInputPrivilege; LUID SeTcbPrivilege; LUID SeSecurityPrivilege; LUID SeTakeOwnershipPrivilege; LUID SeLoadDriverPrivilege; LUID SeCreatePagefilePrivilege; LUID SeIncreaseBasePriorityPrivilege; LUID SeSystemProfilePrivilege; LUID SeSystemtimePrivilege; LUID SeProfileSingleProcessPrivilege; LUID SeCreatePermanentPrivilege; LUID SeBackupPrivilege; LUID SeRestorePrivilege; LUID SeShutdownPrivilege; LUID SeDebugPrivilege; LUID SeAuditPrivilege; LUID SeSystemEnvironmentPrivilege; LUID SeChangeNotifyPrivilege; LUID SeRemoteShutdownPrivilege; PSID SeNullSid; PSID SeWorldSid; PSID SeLocalSid; PSID SeCreatorOwnerSid; PSID SeCreatorGroupSid; PSID SeNtAuthoritySid; PSID SeDialupSid; PSID SeNetworkSid; PSID SeBatchSid; PSID SeInteractiveSid; PSID SeLocalSystemSid; PSID SeAliasAdminsSid; PSID SeAliasUsersSid; PSID SeAliasGuestsSid; PSID SeAliasPowerUsersSid; PSID SeAliasAccountOpsSid; PSID SeAliasSystemOpsSid; PSID SeAliasPrintOpsSid; PSID SeAliasBackupOpsSid; PSID SeAuthenticatedUsersSid; PSID SeRestrictedSid; PSID SeAnonymousLogonSid; LUID SeUndockPrivilege; LUID SeSyncAgentPrivilege; LUID SeEnableDelegationPrivilege;} SE_EXPORTS, *PSE_EXPORTS;typedef struct _SECTION_BASIC_INFORMATION { PVOID BaseAddress; ULONG Attributes; LARGE_INTEGER Size;} SECTION_BASIC_INFORMATION, *PSECTION_BASIC_INFORMATION;typedef struct _SECTION_IMAGE_INFORMATION { PVOID EntryPoint; ULONG Unknown1; ULONG StackReserve; ULONG StackCommit; ULONG Subsystem; USHORT MinorSubsystemVersion; USHORT MajorSubsystemVersion; ULONG Unknown2; ULONG Characteristics; USHORT ImageNumber; BOOLEAN Executable; UCHAR Unknown3; ULONG Unknown4[3];} SECTION_IMAGE_INFORMATION, *PSECTION_IMAGE_INFORMATION;#if (VER_PRODUCTBUILD >= 2600)typedef struct _SHARED_CACHE_MAP { CSHORT NodeTypeCode; CSHORT NodeByteSize; ULONG OpenCount; LARGE_INTEGER FileSize; LIST_ENTRY BcbList; LARGE_INTEGER SectionSize; LARGE_INTEGER ValidDataLength; LARGE_INTEGER ValidDataGoal; PVACB InitialVacbs[4]; PVACB *Vacbs; PFILE_OBJECT FileObject; PVACB ActiveVacb; PVOID NeedToZero; ULONG ActivePage; ULONG NeedToZeroPage; KSPIN_LOCK ActiveVacbSpinLock; ULONG VacbActiveCount; ULONG DirtyPages; LIST_ENTRY SharedCacheMapLinks; ULONG Flags; NTSTATUS Status; PMBCB Mbcb; PVOID Section; PKEVENT CreateEvent; PKEVENT WaitOnActiveCount; ULONG PagesToWrite; LONGLONG BeyondLastFlush; PCACHE_MANAGER_CALLBACKS Callbacks; PVOID LazyWriteContext; LIST_ENTRY PrivateList; PVOID LogHandle; PVOID FlushToLsnRoutine; ULONG DirtyPageThreshold; ULONG LazyWritePassCount; PCACHE_UNINITIALIZE_EVENT UninitializeEvent; PVACB NeedToZeroVacb; KSPIN_LOCK BcbSpinLock; PVOID Reserved; KEVENT Event; EX_PUSH_LOCK VacbPushLock; PRIVATE_CACHE_MAP PrivateCacheMap;} SHARED_CACHE_MAP, *PSHARED_CACHE_MAP;#endiftypedef struct _STARTING_VCN_INPUT_BUFFER { LARGE_INTEGER StartingVcn;} STARTING_VCN_INPUT_BUFFER, *PSTARTING_VCN_INPUT_BUFFER;typedef struct _SYSTEM_CACHE_INFORMATION { ULONG CurrentSize; ULONG PeakSize; ULONG PageFaultCount; ULONG MinimumWorkingSet; ULONG MaximumWorkingSet; ULONG Unused[4];} SYSTEM_CACHE_INFORMATION, *PSYSTEM_CACHE_INFORMATION;typedef struct _TERMINATION_PORT { struct _TERMINATION_PORT* Next; PVOID Port;} TERMINATION_PORT, *PTERMINATION_PORT;typedef struct _SECURITY_CLIENT_CONTEXT { SECURITY_QUALITY_OF_SERVICE SecurityQos; PACCESS_TOKEN ClientToken; BOOLEAN DirectlyAccessClientToken; BOOLEAN DirectAccessEffectiveOnly; BOOLEAN ServerIsRemote; TOKEN_CONTROL ClientTokenControl;} SECURITY_CLIENT_CONTEXT, *PSECURITY_CLIENT_CONTEXT;typedef struct _TUNNEL { FAST_MUTEX Mutex; PRTL_SPLAY_LINKS Cache; LIST_ENTRY TimerQueue; USHORT NumEntries;} TUNNEL, *PTUNNEL;typedef struct _VACB { PVOID BaseAddress; PSHARED_CACHE_MAP SharedCacheMap; union { LARGE_INTEGER FileOffset; USHORT ActiveCount; } Overlay; LIST_ENTRY LruList;} VACB, *PVACB;typedef struct _VAD_HEADER { PVOID StartVPN; PVOID EndVPN; PVAD_HEADER ParentLink; PVAD_HEADER LeftLink; PVAD_HEADER RightLink; ULONG Flags; /* LSB = CommitCharge */ PVOID ControlArea; PVOID FirstProtoPte; PVOID LastPTE; ULONG Unknown; LIST_ENTRY Secured;} VAD_HEADER, *PVAD_HEADER;NTKERNELAPIBOOLEANNTAPICcCanIWrite ( /*IN*/ PFILE_OBJECT FileObject, /*IN*/ ULONG BytesToWrite, /*IN*/ BOOLEAN Wait, /*IN*/ BOOLEAN Retrying);NTKERNELAPIBOOLEANNTAPICcCopyRead ( /*IN*/ PFILE_OBJECT FileObject, /*IN*/ PLARGE_INTEGER FileOffset, /*IN*/ ULONG Length, /*IN*/ BOOLEAN Wait, /*OUT*/ PVOID Buff⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -