Process Hacker
ntioapi.h
Go to the documentation of this file.
1 #ifndef _NTIOAPI_H
2 #define _NTIOAPI_H
3 
4 // Create disposition
5 
6 #define FILE_SUPERSEDE 0x00000000
7 #define FILE_OPEN 0x00000001
8 #define FILE_CREATE 0x00000002
9 #define FILE_OPEN_IF 0x00000003
10 #define FILE_OVERWRITE 0x00000004
11 #define FILE_OVERWRITE_IF 0x00000005
12 #define FILE_MAXIMUM_DISPOSITION 0x00000005
13 
14 // Create/open flags
15 
16 #define FILE_DIRECTORY_FILE 0x00000001
17 #define FILE_WRITE_THROUGH 0x00000002
18 #define FILE_SEQUENTIAL_ONLY 0x00000004
19 #define FILE_NO_INTERMEDIATE_BUFFERING 0x00000008
20 
21 #define FILE_SYNCHRONOUS_IO_ALERT 0x00000010
22 #define FILE_SYNCHRONOUS_IO_NONALERT 0x00000020
23 #define FILE_NON_DIRECTORY_FILE 0x00000040
24 #define FILE_CREATE_TREE_CONNECTION 0x00000080
25 
26 #define FILE_COMPLETE_IF_OPLOCKED 0x00000100
27 #define FILE_NO_EA_KNOWLEDGE 0x00000200
28 #define FILE_OPEN_FOR_RECOVERY 0x00000400
29 #define FILE_RANDOM_ACCESS 0x00000800
30 
31 #define FILE_DELETE_ON_CLOSE 0x00001000
32 #define FILE_OPEN_BY_FILE_ID 0x00002000
33 #define FILE_OPEN_FOR_BACKUP_INTENT 0x00004000
34 #define FILE_NO_COMPRESSION 0x00008000
35 #if (PHNT_VERSION >= PHNT_WIN7)
36 #define FILE_OPEN_REQUIRING_OPLOCK 0x00010000
37 #define FILE_DISALLOW_EXCLUSIVE 0x00020000
38 #endif
39 #if (PHNT_VERSION >= PHNT_WIN8)
40 #define FILE_SESSION_AWARE 0x00040000
41 #endif
42 
43 #define FILE_RESERVE_OPFILTER 0x00100000
44 #define FILE_OPEN_REPARSE_POINT 0x00200000
45 #define FILE_OPEN_NO_RECALL 0x00400000
46 #define FILE_OPEN_FOR_FREE_SPACE_QUERY 0x00800000
47 
48 #define FILE_COPY_STRUCTURED_STORAGE 0x00000041
49 #define FILE_STRUCTURED_STORAGE 0x00000441
50 
51 // I/O status information values for NtCreateFile/NtOpenFile
52 
53 #define FILE_SUPERSEDED 0x00000000
54 #define FILE_OPENED 0x00000001
55 #define FILE_CREATED 0x00000002
56 #define FILE_OVERWRITTEN 0x00000003
57 #define FILE_EXISTS 0x00000004
58 #define FILE_DOES_NOT_EXIST 0x00000005
59 
60 // Special ByteOffset parameters
61 
62 #define FILE_WRITE_TO_END_OF_FILE 0xffffffff
63 #define FILE_USE_FILE_POINTER_POSITION 0xfffffffe
64 
65 // Alignment requirement values
66 
67 #define FILE_BYTE_ALIGNMENT 0x00000000
68 #define FILE_WORD_ALIGNMENT 0x00000001
69 #define FILE_LONG_ALIGNMENT 0x00000003
70 #define FILE_QUAD_ALIGNMENT 0x00000007
71 #define FILE_OCTA_ALIGNMENT 0x0000000f
72 #define FILE_32_BYTE_ALIGNMENT 0x0000001f
73 #define FILE_64_BYTE_ALIGNMENT 0x0000003f
74 #define FILE_128_BYTE_ALIGNMENT 0x0000007f
75 #define FILE_256_BYTE_ALIGNMENT 0x000000ff
76 #define FILE_512_BYTE_ALIGNMENT 0x000001ff
77 
78 // Maximum length of a filename string
79 
80 #define MAXIMUM_FILENAME_LENGTH 256
81 
82 // Extended attributes
83 
84 #define FILE_NEED_EA 0x00000080
85 
86 #define FILE_EA_TYPE_BINARY 0xfffe
87 #define FILE_EA_TYPE_ASCII 0xfffd
88 #define FILE_EA_TYPE_BITMAP 0xfffb
89 #define FILE_EA_TYPE_METAFILE 0xfffa
90 #define FILE_EA_TYPE_ICON 0xfff9
91 #define FILE_EA_TYPE_EA 0xffee
92 #define FILE_EA_TYPE_MVMT 0xffdf
93 #define FILE_EA_TYPE_MVST 0xffde
94 #define FILE_EA_TYPE_ASN1 0xffdd
95 #define FILE_EA_TYPE_FAMILY_IDS 0xff01
96 
97 // Device characteristics
98 
99 #define FILE_REMOVABLE_MEDIA 0x00000001
100 #define FILE_READ_ONLY_DEVICE 0x00000002
101 #define FILE_FLOPPY_DISKETTE 0x00000004
102 #define FILE_WRITE_ONCE_MEDIA 0x00000008
103 #define FILE_REMOTE_DEVICE 0x00000010
104 #define FILE_DEVICE_IS_MOUNTED 0x00000020
105 #define FILE_VIRTUAL_VOLUME 0x00000040
106 #define FILE_AUTOGENERATED_DEVICE_NAME 0x00000080
107 #define FILE_DEVICE_SECURE_OPEN 0x00000100
108 #define FILE_CHARACTERISTIC_PNP_DEVICE 0x00000800
109 #define FILE_CHARACTERISTIC_TS_DEVICE 0x00001000
110 #define FILE_CHARACTERISTIC_WEBDAV_DEVICE 0x00002000
111 #define FILE_CHARACTERISTIC_CSV 0x00010000
112 #define FILE_DEVICE_ALLOW_APPCONTAINER_TRAVERSAL 0x00020000
113 #define FILE_PORTABLE_DEVICE 0x00040000
114 
115 // Named pipe values
116 
117 // NamedPipeType for NtCreateNamedPipeFile
118 #define FILE_PIPE_BYTE_STREAM_TYPE 0x00000000
119 #define FILE_PIPE_MESSAGE_TYPE 0x00000001
120 #define FILE_PIPE_ACCEPT_REMOTE_CLIENTS 0x00000000
121 #define FILE_PIPE_REJECT_REMOTE_CLIENTS 0x00000002
122 #define FILE_PIPE_TYPE_VALID_MASK 0x00000003
123 
124 // CompletionMode for NtCreateNamedPipeFile
125 #define FILE_PIPE_QUEUE_OPERATION 0x00000000
126 #define FILE_PIPE_COMPLETE_OPERATION 0x00000001
127 
128 // ReadMode for NtCreateNamedPipeFile
129 #define FILE_PIPE_BYTE_STREAM_MODE 0x00000000
130 #define FILE_PIPE_MESSAGE_MODE 0x00000001
131 
132 // NamedPipeConfiguration for NtQueryInformationFile
133 #define FILE_PIPE_INBOUND 0x00000000
134 #define FILE_PIPE_OUTBOUND 0x00000001
135 #define FILE_PIPE_FULL_DUPLEX 0x00000002
136 
137 // NamedPipeState for NtQueryInformationFile
138 #define FILE_PIPE_DISCONNECTED_STATE 0x00000001
139 #define FILE_PIPE_LISTENING_STATE 0x00000002
140 #define FILE_PIPE_CONNECTED_STATE 0x00000003
141 #define FILE_PIPE_CLOSING_STATE 0x00000004
142 
143 // NamedPipeEnd for NtQueryInformationFile
144 #define FILE_PIPE_CLIENT_END 0x00000000
145 #define FILE_PIPE_SERVER_END 0x00000001
146 
147 // Mailslot values
148 
149 #define MAILSLOT_SIZE_AUTO 0
150 
151 typedef struct _IO_STATUS_BLOCK
152 {
153  union
154  {
155  NTSTATUS Status;
156  PVOID Pointer;
157  };
158  ULONG_PTR Information;
160 
161 typedef VOID (NTAPI *PIO_APC_ROUTINE)(
162  _In_ PVOID ApcContext,
163  _In_ PIO_STATUS_BLOCK IoStatusBlock,
164  _In_ ULONG Reserved
165  );
166 
167 // private
169 {
170  PVOID KeyContext;
171  PVOID ApcContext;
174 
176 {
232  FileRenameInformationBypassAccessCheck, // (kernel-mode only) // since WIN8
243 
244 // NtQueryInformationFile/NtSetInformationFile types
245 
247 {
248  LARGE_INTEGER CreationTime;
249  LARGE_INTEGER LastAccessTime;
250  LARGE_INTEGER LastWriteTime;
251  LARGE_INTEGER ChangeTime;
254 
256 {
257  LARGE_INTEGER AllocationSize;
258  LARGE_INTEGER EndOfFile;
260  BOOLEAN DeletePending;
261  BOOLEAN Directory;
263 
265 {
266  LARGE_INTEGER AllocationSize;
267  LARGE_INTEGER EndOfFile;
269  BOOLEAN DeletePending;
270  BOOLEAN Directory;
274 
276 {
277  LARGE_INTEGER IndexNumber;
279 
280 typedef struct _FILE_EA_INFORMATION
281 {
282  ULONG EaSize;
284 
286 {
287  ACCESS_MASK AccessFlags;
289 
291 {
292  LARGE_INTEGER CurrentByteOffset;
294 
296 {
297  ULONG Mode;
299 
301 {
304 
306 {
308  WCHAR FileName[1];
310 
311 typedef struct _FILE_ALL_INFORMATION
312 {
323 
325 {
326  LARGE_INTEGER CreationTime;
327  LARGE_INTEGER LastAccessTime;
328  LARGE_INTEGER LastWriteTime;
329  LARGE_INTEGER ChangeTime;
330  LARGE_INTEGER AllocationSize;
331  LARGE_INTEGER EndOfFile;
334 
336 {
338  ULONG ReparseTag;
340 
342 {
343  LARGE_INTEGER AllocationSize;
345 
347 {
348  LARGE_INTEGER CompressedFileSize;
351  UCHAR ChunkShift;
353  UCHAR Reserved[3];
355 
357 {
358  BOOLEAN DeleteFile;
360 
362 {
363  LARGE_INTEGER EndOfFile;
365 
367 {
368  LARGE_INTEGER ValidDataLength;
370 
372 {
376  WCHAR FileName[1];
378 
380 {
384  WCHAR FileName[1];
386 
388 {
392  WCHAR FileName[1];
394 
396 {
399  LARGE_INTEGER StreamSize;
400  LARGE_INTEGER StreamAllocationSize;
401  WCHAR StreamName[1];
403 
405 {
410 
412 {
413  HANDLE Port;
414  PVOID Key;
416 
418 {
419  ULONG ReadMode;
422 
424 {
436 
438 {
439  LARGE_INTEGER CollectDataTime;
442 
444 {
449  LARGE_INTEGER ReadTimeout;
451 
453 {
454  PLARGE_INTEGER ReadTimeout;
456 
458 {
459  LONGLONG FileReference;
460  ULONG Tag;
462 
464 {
466  LONGLONG ParentFileId;
468  WCHAR FileName[1];
470 
472 {
473  ULONG BytesNeeded;
477 
479 {
481  WCHAR FileName[1];
483 
485 {
488  BOOLEAN DeletePending;
489  BOOLEAN Directory;
491 
493 {
495  ULONG Period;
496  BOOLEAN RetryFailures;
497  BOOLEAN Discardable;
498  ULONG RequestSize;
501 
503 {
508 
509 typedef enum _IO_PRIORITY_HINT
510 {
511  IoPriorityVeryLow = 0, // Defragging, content indexing and other background I/Os.
512  IoPriorityLow, // Prefetching for applications.
513  IoPriorityNormal, // Normal I/Os.
514  IoPriorityHigh, // Used by filesystems for checkpoint I/O.
515  IoPriorityCritical, // Used by memory manager. Not available for applications.
518 
519 #define FILE_SKIP_COMPLETION_PORT_ON_SUCCESS 0x1
520 #define FILE_SKIP_SET_EVENT_ON_HANDLE 0x2
521 #define FILE_SKIP_SET_USER_EVENT_ON_FAST_IO 0x4
522 
524 {
527 
529 {
530  ULONG Flags;
532 
534 {
536  ULONG_PTR ProcessIdList[1];
538 
540 {
541  BOOLEAN IsRemote;
543 
545 {
546  USHORT NodeNumber;
548 
550 {
552  ULONG Length;
554 
556 {
557  USHORT StructureVersion; // 1
559 
560  ULONG Protocol; // WNNC_NET_*
561 
565 
566  USHORT Reserved;
567 
568  // Generic information
569 
570  ULONG Flags;
571 
572  struct
573  {
574  ULONG Reserved[8];
575  } GenericReserved;
576 
577  // Specific information
578 
579  struct
580  {
581  ULONG Reserved[16];
584 
585 #define CHECKSUM_ENFORCEMENT_OFF 0x00000001
586 
588 {
592  ULONG Flags;
594 
595 // private
597 {
599  WCHAR DeviceName[1];
601 
602 // NtQueryDirectoryFile types
603 
605 {
607  ULONG FileIndex;
608  LARGE_INTEGER CreationTime;
609  LARGE_INTEGER LastAccessTime;
610  LARGE_INTEGER LastWriteTime;
611  LARGE_INTEGER ChangeTime;
612  LARGE_INTEGER EndOfFile;
613  LARGE_INTEGER AllocationSize;
616  WCHAR FileName[1];
618 
620 {
622  ULONG FileIndex;
623  LARGE_INTEGER CreationTime;
624  LARGE_INTEGER LastAccessTime;
625  LARGE_INTEGER LastWriteTime;
626  LARGE_INTEGER ChangeTime;
627  LARGE_INTEGER EndOfFile;
628  LARGE_INTEGER AllocationSize;
631  ULONG EaSize;
632  WCHAR FileName[1];
634 
636 {
638  ULONG FileIndex;
639  LARGE_INTEGER CreationTime;
640  LARGE_INTEGER LastAccessTime;
641  LARGE_INTEGER LastWriteTime;
642  LARGE_INTEGER ChangeTime;
643  LARGE_INTEGER EndOfFile;
644  LARGE_INTEGER AllocationSize;
647  ULONG EaSize;
648  LARGE_INTEGER FileId;
649  WCHAR FileName[1];
651 
653 {
655  ULONG FileIndex;
656  LARGE_INTEGER CreationTime;
657  LARGE_INTEGER LastAccessTime;
658  LARGE_INTEGER LastWriteTime;
659  LARGE_INTEGER ChangeTime;
660  LARGE_INTEGER EndOfFile;
661  LARGE_INTEGER AllocationSize;
664  ULONG EaSize;
666  WCHAR ShortName[12];
667  WCHAR FileName[1];
669 
671 {
673  ULONG FileIndex;
674  LARGE_INTEGER CreationTime;
675  LARGE_INTEGER LastAccessTime;
676  LARGE_INTEGER LastWriteTime;
677  LARGE_INTEGER ChangeTime;
678  LARGE_INTEGER EndOfFile;
679  LARGE_INTEGER AllocationSize;
682  ULONG EaSize;
684  WCHAR ShortName[12];
685  LARGE_INTEGER FileId;
686  WCHAR FileName[1];
688 
690 {
692  ULONG FileIndex;
694  WCHAR FileName[1];
696 
698 {
700  ULONG FileIndex;
701  LARGE_INTEGER CreationTime;
702  LARGE_INTEGER LastAccessTime;
703  LARGE_INTEGER LastWriteTime;
704  LARGE_INTEGER ChangeTime;
705  LARGE_INTEGER EndOfFile;
706  LARGE_INTEGER AllocationSize;
709  LARGE_INTEGER FileId;
711  ULONG TxInfoFlags;
712  WCHAR FileName[1];
714 
715 #define FILE_ID_GLOBAL_TX_DIR_INFO_FLAG_WRITELOCKED 0x00000001
716 #define FILE_ID_GLOBAL_TX_DIR_INFO_FLAG_VISIBLE_TO_TX 0x00000002
717 #define FILE_ID_GLOBAL_TX_DIR_INFO_FLAG_VISIBLE_OUTSIDE_TX 0x00000004
718 
720 {
721  LONGLONG FileReference;
722  UCHAR ObjectId[16];
723  union
724  {
725  struct
726  {
727  UCHAR BirthVolumeId[16];
728  UCHAR BirthObjectId[16];
729  UCHAR DomainId[16];
730  };
731  UCHAR ExtendedInfo[48];
732  };
734 
735 // NtQueryEaFile/NtSetEaFile types
736 
738 {
740  UCHAR Flags;
743  CHAR EaName[1];
745 
747 {
750  CHAR EaName[1];
752 
753 // NtQueryQuotaInformationFile/NtSetQuotaInformationFile types
754 
756 {
758  ULONG SidLength;
759  SID Sid;
761 
763 {
765  ULONG SidLength;
766  LARGE_INTEGER ChangeTime;
767  LARGE_INTEGER QuotaUsed;
768  LARGE_INTEGER QuotaThreshold;
769  LARGE_INTEGER QuotaLimit;
770  SID Sid;
772 
773 typedef enum _FSINFOCLASS
774 {
787  FileFsMetadataSizeInformation, // since THRESHOLD
790 
791 // NtQueryVolumeInformation/NtSetVolumeInformation types
792 
794 {
796  WCHAR VolumeLabel[1];
798 
800 {
801  LARGE_INTEGER VolumeCreationTime;
805  WCHAR VolumeLabel[1];
807 
809 {
810  LARGE_INTEGER TotalAllocationUnits;
815 
817 {
818  LARGE_INTEGER TotalAllocationUnits;
824 
826 {
827  UCHAR ObjectId[16];
828  UCHAR ExtendedInfo[48];
830 
832 {
833  DEVICE_TYPE DeviceType;
836 
838 {
842  WCHAR FileSystemName[1];
844 
846 {
847  BOOLEAN DriverInPath;
849  WCHAR DriverName[1];
851 
853 {
854  ULONG Flags;
856 
857 #define SSINFO_FLAGS_ALIGNED_DEVICE 0x00000001
858 #define SSINFO_FLAGS_PARTITION_ALIGNED_ON_DEVICE 0x00000002
859 
860 // If set for Sector and Partition fields, alignment is not known.
861 #define SSINFO_OFFSET_UNKNOWN 0xffffffff
862 
864 {
869  ULONG Flags;
873 
875 {
880 
881 // NtNotifyChangeDirectoryFile
882 
883 /*
884 typedef struct _FILE_NOTIFY_INFORMATION
885 {
886  ULONG NextEntryOffset;
887  ULONG Action;
888  ULONG FileNameLength;
889  WCHAR FileName[1];
890 } FILE_NOTIFY_INFORMATION, *PFILE_NOTIFY_INFORMATION;
891 */
892 
893 // System calls
894 
895 NTSYSCALLAPI
896 NTSTATUS
897 NTAPI
899  _Out_ PHANDLE FileHandle,
900  _In_ ACCESS_MASK DesiredAccess,
901  _In_ POBJECT_ATTRIBUTES ObjectAttributes,
902  _Out_ PIO_STATUS_BLOCK IoStatusBlock,
903  _In_opt_ PLARGE_INTEGER AllocationSize,
904  _In_ ULONG FileAttributes,
905  _In_ ULONG ShareAccess,
906  _In_ ULONG CreateDisposition,
907  _In_ ULONG CreateOptions,
908  _In_reads_bytes_opt_(EaLength) PVOID EaBuffer,
909  _In_ ULONG EaLength
910  );
911 
912 NTSYSCALLAPI
913 NTSTATUS
914 NTAPI
916  _Out_ PHANDLE FileHandle,
917  _In_ ULONG DesiredAccess,
918  _In_ POBJECT_ATTRIBUTES ObjectAttributes,
919  _Out_ PIO_STATUS_BLOCK IoStatusBlock,
920  _In_ ULONG ShareAccess,
921  _In_ ULONG CreateDisposition,
922  _In_ ULONG CreateOptions,
923  _In_ ULONG NamedPipeType,
924  _In_ ULONG ReadMode,
925  _In_ ULONG CompletionMode,
926  _In_ ULONG MaximumInstances,
927  _In_ ULONG InboundQuota,
928  _In_ ULONG OutboundQuota,
929  _In_opt_ PLARGE_INTEGER DefaultTimeout
930  );
931 
932 NTSYSCALLAPI
933 NTSTATUS
934 NTAPI
936  _Out_ PHANDLE FileHandle,
937  _In_ ULONG DesiredAccess,
938  _In_ POBJECT_ATTRIBUTES ObjectAttributes,
939  _Out_ PIO_STATUS_BLOCK IoStatusBlock,
940  _In_ ULONG CreateOptions,
941  _In_ ULONG MailslotQuota,
942  _In_ ULONG MaximumMessageSize,
943  _In_ PLARGE_INTEGER ReadTimeout
944  );
945 
946 NTSYSCALLAPI
947 NTSTATUS
948 NTAPI
949 NtOpenFile(
950  _Out_ PHANDLE FileHandle,
951  _In_ ACCESS_MASK DesiredAccess,
952  _In_ POBJECT_ATTRIBUTES ObjectAttributes,
953  _Out_ PIO_STATUS_BLOCK IoStatusBlock,
954  _In_ ULONG ShareAccess,
955  _In_ ULONG OpenOptions
956  );
957 
958 NTSYSCALLAPI
959 NTSTATUS
960 NTAPI
962  _In_ POBJECT_ATTRIBUTES ObjectAttributes
963  );
964 
965 NTSYSCALLAPI
966 NTSTATUS
967 NTAPI
969  _In_ HANDLE FileHandle,
970  _Out_ PIO_STATUS_BLOCK IoStatusBlock
971  );
972 
973 #define FLUSH_FLAGS_FILE_DATA_ONLY 0x00000001
974 #define FLUSH_FLAGS_NO_SYNC 0x00000002
975 
976 #if (PHNT_VERSION >= PHNT_WIN8)
977 NTSYSCALLAPI
978 NTSTATUS
979 NTAPI
981  _In_ HANDLE FileHandle,
982  _In_ ULONG Flags,
983  _In_reads_bytes_(ParametersSize) PVOID Parameters,
984  _In_ ULONG ParametersSize,
985  _Out_ PIO_STATUS_BLOCK IoStatusBlock
986  );
987 #endif
988 
989 NTSYSCALLAPI
990 NTSTATUS
991 NTAPI
993  _In_ HANDLE FileHandle,
994  _Out_ PIO_STATUS_BLOCK IoStatusBlock,
995  _Out_writes_bytes_(Length) PVOID FileInformation,
996  _In_ ULONG Length,
997  _In_ FILE_INFORMATION_CLASS FileInformationClass
998  );
999 
1000 NTSYSCALLAPI
1001 NTSTATUS
1002 NTAPI
1004  _In_ HANDLE FileHandle,
1005  _Out_ PIO_STATUS_BLOCK IoStatusBlock,
1006  _In_reads_bytes_(Length) PVOID FileInformation,
1007  _In_ ULONG Length,
1008  _In_ FILE_INFORMATION_CLASS FileInformationClass
1009  );
1010 
1011 NTSYSCALLAPI
1012 NTSTATUS
1013 NTAPI
1015  _In_ HANDLE FileHandle,
1016  _In_opt_ HANDLE Event,
1017  _In_opt_ PIO_APC_ROUTINE ApcRoutine,
1018  _In_opt_ PVOID ApcContext,
1019  _Out_ PIO_STATUS_BLOCK IoStatusBlock,
1020  _Out_writes_bytes_(Length) PVOID FileInformation,
1021  _In_ ULONG Length,
1022  _In_ FILE_INFORMATION_CLASS FileInformationClass,
1023  _In_ BOOLEAN ReturnSingleEntry,
1024  _In_opt_ PUNICODE_STRING FileName,
1025  _In_ BOOLEAN RestartScan
1026  );
1027 
1028 NTSYSCALLAPI
1029 NTSTATUS
1030 NTAPI
1032  _In_ HANDLE FileHandle,
1033  _Out_ PIO_STATUS_BLOCK IoStatusBlock,
1034  _Out_writes_bytes_(Length) PVOID Buffer,
1035  _In_ ULONG Length,
1036  _In_ BOOLEAN ReturnSingleEntry,
1037  _In_reads_bytes_opt_(EaListLength) PVOID EaList,
1038  _In_ ULONG EaListLength,
1039  _In_opt_ PULONG EaIndex,
1040  _In_ BOOLEAN RestartScan
1041  );
1042 
1043 NTSYSCALLAPI
1044 NTSTATUS
1045 NTAPI
1046 NtSetEaFile(
1047  _In_ HANDLE FileHandle,
1048  _Out_ PIO_STATUS_BLOCK IoStatusBlock,
1049  _In_reads_bytes_(Length) PVOID Buffer,
1050  _In_ ULONG Length
1051  );
1052 
1053 NTSYSCALLAPI
1054 NTSTATUS
1055 NTAPI
1057  _In_ HANDLE FileHandle,
1058  _Out_ PIO_STATUS_BLOCK IoStatusBlock,
1059  _Out_writes_bytes_(Length) PVOID Buffer,
1060  _In_ ULONG Length,
1061  _In_ BOOLEAN ReturnSingleEntry,
1062  _In_reads_bytes_opt_(SidListLength) PVOID SidList,
1063  _In_ ULONG SidListLength,
1064  _In_opt_ PSID StartSid,
1065  _In_ BOOLEAN RestartScan
1066  );
1067 
1068 NTSYSCALLAPI
1069 NTSTATUS
1070 NTAPI
1072  _In_ HANDLE FileHandle,
1073  _Out_ PIO_STATUS_BLOCK IoStatusBlock,
1074  _In_reads_bytes_(Length) PVOID Buffer,
1075  _In_ ULONG Length
1076  );
1077 
1078 NTSYSCALLAPI
1079 NTSTATUS
1080 NTAPI
1082  _In_ HANDLE FileHandle,
1083  _Out_ PIO_STATUS_BLOCK IoStatusBlock,
1084  _Out_writes_bytes_(Length) PVOID FsInformation,
1085  _In_ ULONG Length,
1086  _In_ FSINFOCLASS FsInformationClass
1087  );
1088 
1089 NTSYSCALLAPI
1090 NTSTATUS
1091 NTAPI
1093  _In_ HANDLE FileHandle,
1094  _Out_ PIO_STATUS_BLOCK IoStatusBlock,
1095  _In_reads_bytes_(Length) PVOID FsInformation,
1096  _In_ ULONG Length,
1097  _In_ FSINFOCLASS FsInformationClass
1098  );
1099 
1100 NTSYSCALLAPI
1101 NTSTATUS
1102 NTAPI
1104  _In_ HANDLE FileHandle,
1105  _Out_ PIO_STATUS_BLOCK IoStatusBlock
1106  );
1107 
1108 #if (PHNT_VERSION >= PHNT_VISTA)
1109 NTSYSCALLAPI
1110 NTSTATUS
1111 NTAPI
1113  _In_ HANDLE FileHandle,
1114  _In_opt_ PIO_STATUS_BLOCK IoRequestToCancel,
1115  _Out_ PIO_STATUS_BLOCK IoStatusBlock
1116  );
1117 #endif
1118 
1119 #if (PHNT_VERSION >= PHNT_VISTA)
1120 NTSYSCALLAPI
1121 NTSTATUS
1122 NTAPI
1124  _In_ HANDLE ThreadHandle,
1125  _In_opt_ PIO_STATUS_BLOCK IoRequestToCancel,
1126  _Out_ PIO_STATUS_BLOCK IoStatusBlock
1127  );
1128 #endif
1129 
1130 NTSYSCALLAPI
1131 NTSTATUS
1132 NTAPI
1134  _In_ HANDLE FileHandle,
1135  _In_opt_ HANDLE Event,
1136  _In_opt_ PIO_APC_ROUTINE ApcRoutine,
1137  _In_opt_ PVOID ApcContext,
1138  _Out_ PIO_STATUS_BLOCK IoStatusBlock,
1139  _In_ ULONG IoControlCode,
1140  _In_reads_bytes_opt_(InputBufferLength) PVOID InputBuffer,
1141  _In_ ULONG InputBufferLength,
1142  _Out_writes_bytes_opt_(OutputBufferLength) PVOID OutputBuffer,
1143  _In_ ULONG OutputBufferLength
1144  );
1145 
1146 NTSYSCALLAPI
1147 NTSTATUS
1148 NTAPI
1150  _In_ HANDLE FileHandle,
1151  _In_opt_ HANDLE Event,
1152  _In_opt_ PIO_APC_ROUTINE ApcRoutine,
1153  _In_opt_ PVOID ApcContext,
1154  _Out_ PIO_STATUS_BLOCK IoStatusBlock,
1155  _In_ ULONG FsControlCode,
1156  _In_reads_bytes_opt_(InputBufferLength) PVOID InputBuffer,
1157  _In_ ULONG InputBufferLength,
1158  _Out_writes_bytes_opt_(OutputBufferLength) PVOID OutputBuffer,
1159  _In_ ULONG OutputBufferLength
1160  );
1161 
1162 NTSYSCALLAPI
1163 NTSTATUS
1164 NTAPI
1165 NtReadFile(
1166  _In_ HANDLE FileHandle,
1167  _In_opt_ HANDLE Event,
1168  _In_opt_ PIO_APC_ROUTINE ApcRoutine,
1169  _In_opt_ PVOID ApcContext,
1170  _Out_ PIO_STATUS_BLOCK IoStatusBlock,
1171  _Out_writes_bytes_(Length) PVOID Buffer,
1172  _In_ ULONG Length,
1173  _In_opt_ PLARGE_INTEGER ByteOffset,
1174  _In_opt_ PULONG Key
1175  );
1176 
1177 NTSYSCALLAPI
1178 NTSTATUS
1179 NTAPI
1180 NtWriteFile(
1181  _In_ HANDLE FileHandle,
1182  _In_opt_ HANDLE Event,
1183  _In_opt_ PIO_APC_ROUTINE ApcRoutine,
1184  _In_opt_ PVOID ApcContext,
1185  _Out_ PIO_STATUS_BLOCK IoStatusBlock,
1186  _In_reads_bytes_(Length) PVOID Buffer,
1187  _In_ ULONG Length,
1188  _In_opt_ PLARGE_INTEGER ByteOffset,
1189  _In_opt_ PULONG Key
1190  );
1191 
1192 NTSYSCALLAPI
1193 NTSTATUS
1194 NTAPI
1196  _In_ HANDLE FileHandle,
1197  _In_opt_ HANDLE Event,
1198  _In_opt_ PIO_APC_ROUTINE ApcRoutine,
1199  _In_opt_ PVOID ApcContext,
1200  _Out_ PIO_STATUS_BLOCK IoStatusBlock,
1201  _In_ PFILE_SEGMENT_ELEMENT SegmentArray,
1202  _In_ ULONG Length,
1203  _In_opt_ PLARGE_INTEGER ByteOffset,
1204  _In_opt_ PULONG Key
1205  );
1206 
1207 NTSYSCALLAPI
1208 NTSTATUS
1209 NTAPI
1211  _In_ HANDLE FileHandle,
1212  _In_opt_ HANDLE Event,
1213  _In_opt_ PIO_APC_ROUTINE ApcRoutine,
1214  _In_opt_ PVOID ApcContext,
1215  _Out_ PIO_STATUS_BLOCK IoStatusBlock,
1216  _In_ PFILE_SEGMENT_ELEMENT SegmentArray,
1217  _In_ ULONG Length,
1218  _In_opt_ PLARGE_INTEGER ByteOffset,
1219  _In_opt_ PULONG Key
1220  );
1221 
1222 NTSYSCALLAPI
1223 NTSTATUS
1224 NTAPI
1225 NtLockFile(
1226  _In_ HANDLE FileHandle,
1227  _In_opt_ HANDLE Event,
1228  _In_opt_ PIO_APC_ROUTINE ApcRoutine,
1229  _In_opt_ PVOID ApcContext,
1230  _Out_ PIO_STATUS_BLOCK IoStatusBlock,
1231  _In_ PLARGE_INTEGER ByteOffset,
1232  _In_ PLARGE_INTEGER Length,
1233  _In_ ULONG Key,
1234  _In_ BOOLEAN FailImmediately,
1235  _In_ BOOLEAN ExclusiveLock
1236  );
1237 
1238 NTSYSCALLAPI
1239 NTSTATUS
1240 NTAPI
1241 NtUnlockFile(
1242  _In_ HANDLE FileHandle,
1243  _Out_ PIO_STATUS_BLOCK IoStatusBlock,
1244  _In_ PLARGE_INTEGER ByteOffset,
1245  _In_ PLARGE_INTEGER Length,
1246  _In_ ULONG Key
1247  );
1248 
1249 NTSYSCALLAPI
1250 NTSTATUS
1251 NTAPI
1253  _In_ POBJECT_ATTRIBUTES ObjectAttributes,
1254  _Out_ PFILE_BASIC_INFORMATION FileInformation
1255  );
1256 
1257 NTSYSCALLAPI
1258 NTSTATUS
1259 NTAPI
1261  _In_ POBJECT_ATTRIBUTES ObjectAttributes,
1262  _Out_ PFILE_NETWORK_OPEN_INFORMATION FileInformation
1263  );
1264 
1265 NTSYSCALLAPI
1266 NTSTATUS
1267 NTAPI
1269  _In_ HANDLE FileHandle,
1270  _In_opt_ HANDLE Event,
1271  _In_opt_ PIO_APC_ROUTINE ApcRoutine,
1272  _In_opt_ PVOID ApcContext,
1273  _Out_ PIO_STATUS_BLOCK IoStatusBlock,
1274  _Out_writes_bytes_(Length) PVOID Buffer,
1275  _In_ ULONG Length,
1276  _In_ ULONG CompletionFilter,
1277  _In_ BOOLEAN WatchTree
1278  );
1279 
1280 NTSYSCALLAPI
1281 NTSTATUS
1282 NTAPI
1283 NtLoadDriver(
1284  _In_ PUNICODE_STRING DriverServiceName
1285  );
1286 
1287 NTSYSCALLAPI
1288 NTSTATUS
1289 NTAPI
1291  _In_ PUNICODE_STRING DriverServiceName
1292  );
1293 
1294 // I/O completion port
1295 
1296 #ifndef IO_COMPLETION_QUERY_STATE
1297 #define IO_COMPLETION_QUERY_STATE 0x0001
1298 #endif
1299 
1301 {
1304 
1306 {
1309 
1310 NTSYSCALLAPI
1311 NTSTATUS
1312 NTAPI
1314  _Out_ PHANDLE IoCompletionHandle,
1315  _In_ ACCESS_MASK DesiredAccess,
1316  _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
1317  _In_opt_ ULONG Count
1318  );
1319 
1320 NTSYSCALLAPI
1321 NTSTATUS
1322 NTAPI
1324  _Out_ PHANDLE IoCompletionHandle,
1325  _In_ ACCESS_MASK DesiredAccess,
1326  _In_ POBJECT_ATTRIBUTES ObjectAttributes
1327  );
1328 
1329 NTSYSCALLAPI
1330 NTSTATUS
1331 NTAPI
1333  _In_ HANDLE IoCompletionHandle,
1334  _In_ IO_COMPLETION_INFORMATION_CLASS IoCompletionInformationClass,
1335  _Out_writes_bytes_(IoCompletionInformation) PVOID IoCompletionInformation,
1336  _In_ ULONG IoCompletionInformationLength,
1337  _Out_opt_ PULONG ReturnLength
1338  );
1339 
1340 NTSYSCALLAPI
1341 NTSTATUS
1342 NTAPI
1344  _In_ HANDLE IoCompletionHandle,
1345  _In_opt_ PVOID KeyContext,
1346  _In_opt_ PVOID ApcContext,
1347  _In_ NTSTATUS IoStatus,
1348  _In_ ULONG_PTR IoStatusInformation
1349  );
1350 
1351 #if (PHNT_VERSION >= PHNT_WIN7)
1352 NTSYSCALLAPI
1353 NTSTATUS
1354 NTAPI
1356  _In_ HANDLE IoCompletionHandle,
1357  _In_ HANDLE IoCompletionPacketHandle,
1358  _In_opt_ PVOID KeyContext,
1359  _In_opt_ PVOID ApcContext,
1360  _In_ NTSTATUS IoStatus,
1361  _In_ ULONG_PTR IoStatusInformation
1362  );
1363 #endif
1364 
1365 NTSYSCALLAPI
1366 NTSTATUS
1367 NTAPI
1369  _In_ HANDLE IoCompletionHandle,
1370  _Out_ PVOID *KeyContext,
1371  _Out_ PVOID *ApcContext,
1372  _Out_ PIO_STATUS_BLOCK IoStatusBlock,
1373  _In_opt_ PLARGE_INTEGER Timeout
1374  );
1375 
1376 #if (PHNT_VERSION >= PHNT_VISTA)
1377 NTSYSCALLAPI
1378 NTSTATUS
1379 NTAPI
1381  _In_ HANDLE IoCompletionHandle,
1382  _Out_writes_to_(Count, *NumEntriesRemoved) PFILE_IO_COMPLETION_INFORMATION IoCompletionInformation,
1383  _In_ ULONG Count,
1384  _Out_ PULONG NumEntriesRemoved,
1385  _In_opt_ PLARGE_INTEGER Timeout,
1386  _In_ BOOLEAN Alertable
1387  );
1388 #endif
1389 
1390 // Wait completion packet
1391 
1392 #if (PHNT_VERSION >= PHNT_WIN8)
1393 
1394 NTSYSCALLAPI
1395 NTSTATUS
1396 NTAPI
1398  _Out_ PHANDLE WaitCompletionPacketHandle,
1399  _In_ ACCESS_MASK DesiredAccess,
1400  _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes
1401  );
1402 
1403 NTSYSCALLAPI
1404 NTSTATUS
1405 NTAPI
1407  _In_ HANDLE WaitCompletionPacketHandle,
1408  _In_ HANDLE IoCompletionHandle,
1409  _In_ HANDLE TargetObjectHandle,
1410  _In_opt_ PVOID KeyContext,
1411  _In_opt_ PVOID ApcContext,
1412  _In_ NTSTATUS IoStatus,
1413  _In_ ULONG_PTR IoStatusInformation,
1414  _Out_opt_ PBOOLEAN AlreadySignaled
1415  );
1416 
1417 NTSYSCALLAPI
1418 NTSTATUS
1419 NTAPI
1421  _In_ HANDLE WaitCompletionPacketHandle,
1422  _In_ BOOLEAN RemoveSignaledPacket
1423  );
1424 
1425 #endif
1426 
1427 // Sessions
1428 
1429 typedef enum _IO_SESSION_EVENT
1430 {
1440 
1441 typedef enum _IO_SESSION_STATE
1442 {
1453 
1454 #if (PHNT_VERSION >= PHNT_WIN7)
1455 NTSYSCALLAPI
1456 NTSTATUS
1457 NTAPI
1459  _In_ HANDLE SessionHandle,
1460  _In_ ULONG ChangeSequenceNumber,
1461  _In_ PLARGE_INTEGER ChangeTimeStamp,
1462  _In_ IO_SESSION_EVENT Event,
1463  _In_ IO_SESSION_STATE NewState,
1464  _In_ IO_SESSION_STATE PreviousState,
1465  _In_reads_bytes_opt_(PayloadSize) PVOID Payload,
1466  _In_ ULONG PayloadSize
1467  );
1468 #endif
1469 
1470 // Other types
1471 
1472 typedef enum _INTERFACE_TYPE
1473 {
1494 
1495 typedef enum _DMA_WIDTH
1496 {
1501 } DMA_WIDTH, *PDMA_WIDTH;
1502 
1503 typedef enum _DMA_SPEED
1504 {
1511 } DMA_SPEED, *PDMA_SPEED;
1512 
1513 typedef enum _BUS_DATA_TYPE
1514 {
1530 
1531 // Control structures
1532 
1533 // Reparse structure for FSCTL_SET_REPARSE_POINT, FSCTL_GET_REPARSE_POINT, FSCTL_DELETE_REPARSE_POINT
1534 
1535 #define SYMLINK_FLAG_RELATIVE 1
1536 
1537 typedef struct _REPARSE_DATA_BUFFER
1538 {
1539  ULONG ReparseTag;
1541  USHORT Reserved;
1542  union
1543  {
1544  struct
1545  {
1550  ULONG Flags;
1551  WCHAR PathBuffer[1];
1553  struct
1554  {
1555  USHORT SubstituteNameOffset;
1556  USHORT SubstituteNameLength;
1557  USHORT PrintNameOffset;
1558  USHORT PrintNameLength;
1559  WCHAR PathBuffer[1];
1561  struct
1562  {
1563  UCHAR DataBuffer[1];
1565  };
1567 
1568 // Named pipe FS control definitions
1569 
1570 #define FSCTL_PIPE_ASSIGN_EVENT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 0, METHOD_BUFFERED, FILE_ANY_ACCESS)
1571 #define FSCTL_PIPE_DISCONNECT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 1, METHOD_BUFFERED, FILE_ANY_ACCESS)
1572 #define FSCTL_PIPE_LISTEN CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2, METHOD_BUFFERED, FILE_ANY_ACCESS)
1573 #define FSCTL_PIPE_PEEK CTL_CODE(FILE_DEVICE_NAMED_PIPE, 3, METHOD_BUFFERED, FILE_READ_DATA)
1574 #define FSCTL_PIPE_QUERY_EVENT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 4, METHOD_BUFFERED, FILE_ANY_ACCESS)
1575 #define FSCTL_PIPE_TRANSCEIVE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 5, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA)
1576 #define FSCTL_PIPE_WAIT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 6, METHOD_BUFFERED, FILE_ANY_ACCESS)
1577 #define FSCTL_PIPE_IMPERSONATE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 7, METHOD_BUFFERED, FILE_ANY_ACCESS)
1578 #define FSCTL_PIPE_SET_CLIENT_PROCESS CTL_CODE(FILE_DEVICE_NAMED_PIPE, 8, METHOD_BUFFERED, FILE_ANY_ACCESS)
1579 #define FSCTL_PIPE_QUERY_CLIENT_PROCESS CTL_CODE(FILE_DEVICE_NAMED_PIPE, 9, METHOD_BUFFERED, FILE_ANY_ACCESS)
1580 #define FSCTL_PIPE_GET_PIPE_ATTRIBUTE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 10, METHOD_BUFFERED, FILE_ANY_ACCESS)
1581 #define FSCTL_PIPE_SET_PIPE_ATTRIBUTE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 11, METHOD_BUFFERED, FILE_ANY_ACCESS)
1582 #define FSCTL_PIPE_GET_CONNECTION_ATTRIBUTE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 12, METHOD_BUFFERED, FILE_ANY_ACCESS)
1583 #define FSCTL_PIPE_SET_CONNECTION_ATTRIBUTE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 13, METHOD_BUFFERED, FILE_ANY_ACCESS)
1584 #define FSCTL_PIPE_GET_HANDLE_ATTRIBUTE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 14, METHOD_BUFFERED, FILE_ANY_ACCESS)
1585 #define FSCTL_PIPE_SET_HANDLE_ATTRIBUTE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 15, METHOD_BUFFERED, FILE_ANY_ACCESS)
1586 #define FSCTL_PIPE_FLUSH CTL_CODE(FILE_DEVICE_NAMED_PIPE, 16, METHOD_BUFFERED, FILE_WRITE_DATA)
1587 
1588 #define FSCTL_PIPE_INTERNAL_READ CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2045, METHOD_BUFFERED, FILE_READ_DATA)
1589 #define FSCTL_PIPE_INTERNAL_WRITE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2046, METHOD_BUFFERED, FILE_WRITE_DATA)
1590 #define FSCTL_PIPE_INTERNAL_TRANSCEIVE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2047, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA)
1591 #define FSCTL_PIPE_INTERNAL_READ_OVFLOW CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2048, METHOD_BUFFERED, FILE_READ_DATA)
1592 
1593 // Flags for query event
1594 
1595 #define FILE_PIPE_READ_DATA 0x00000000
1596 #define FILE_PIPE_WRITE_SPACE 0x00000001
1597 
1598 // Input for FSCTL_PIPE_ASSIGN_EVENT
1600 {
1601  HANDLE EventHandle;
1602  ULONG KeyValue;
1604 
1605 // Output for FILE_PIPE_PEEK_BUFFER
1607 {
1612  CHAR Data[1];
1614 
1615 // Output for FSCTL_PIPE_QUERY_EVENT
1617 {
1619  ULONG EntryType;
1620  ULONG ByteCount;
1621  ULONG KeyValue;
1624 
1625 // Input for FSCTL_PIPE_WAIT
1627 {
1628  LARGE_INTEGER Timeout;
1629  ULONG NameLength;
1631  WCHAR Name[1];
1633 
1634 // Input for FSCTL_PIPE_SET_CLIENT_PROCESS, Output for FSCTL_PIPE_QUERY_CLIENT_PROCESS
1636 {
1637 #if !defined(BUILD_WOW6432)
1640 #else
1641  ULONGLONG ClientSession;
1642  ULONGLONG ClientProcess;
1643 #endif
1645 
1646 #define FILE_PIPE_COMPUTER_NAME_LENGTH 15
1647 
1648 // Input for FSCTL_PIPE_SET_CLIENT_PROCESS, Output for FSCTL_PIPE_QUERY_CLIENT_PROCESS
1650 {
1651 #if !defined(BUILD_WOW6432)
1654 #else
1655  ULONGLONG ClientSession;
1656  ULONGLONG ClientProcess;
1657 #endif
1658  USHORT ClientComputerNameLength; // in bytes
1661 
1662 // Mailslot FS control definitions
1663 
1664 #define MAILSLOT_CLASS_FIRSTCLASS 1
1665 #define MAILSLOT_CLASS_SECONDCLASS 2
1666 
1667 #define FSCTL_MAILSLOT_PEEK CTL_CODE(FILE_DEVICE_MAILSLOT, 0, METHOD_NEITHER, FILE_READ_DATA)
1668 
1669 // Output for FSCTL_MAILSLOT_PEEK
1671 {
1676 
1677 #endif