ntifs.h header
This header file is used by Windows file system and filter driver developers. For a complete list of associated header files, see:
For the programming guide, see the File system and minifilter design guide.
ntifs.h contains the following programming interfaces:
IOCTLs
FSCTL_MANAGE_BYPASS_IO The FSCTL_MANAGE_BYPASS_IO control code controls BypassIO operations on a given file in the filter and file system stacks. |
FSCTL_MARK_HANDLE The FSCTL_MARK_HANDLE control code marks a specified file or directory and its change journal record with information about changes to that file or directory. |
FSCTL_QUERY_ALLOCATED_RANGES Learn more about the FSCTL_QUERY_ALLOCATED_RANGES FSCTL. |
FSCTL_QUERY_FILE_REGIONS Learn more about the FSCTL_QUERY_FILE_REGIONS FS control code. |
FSCTL_REARRANGE_FILE Learn more about the FSCTL_REARRANGE_FILE FS control code. |
FSCTL_REFS_DEALLOCATE_RANGES_EX Learn more about the FSCTL_REFS_DEALLOCATE_RANGES_EX FSCTL. |
FSCTL_SET_CACHED_RUNS_STATE Learn more about the FSCTL_SET_CACHED_RUNS_STATE FSCTL. |
FSCTL_SET_PURGE_FAILURE_MODE Learn more about the FSCTL_SET_PURGE_FAILURE_MODE IOCTL. |
FSCTL_SHUFFLE_FILE Learn more about the FSCTL_SHUFFLE_FILE FS control code. |
IOCTL_REDIR_QUERY_PATH Learn more about the IOCTL_REDIR_QUERY_PATH control code. |
IOCTL_REDIR_QUERY_PATH_EX Learn more about the IOCTL_REDIR_QUERY_PATH_EX control code. |
IOCTL_VOLSNAP_FLUSH_AND_HOLD_WRITES The IOCTL_VOLSNAP_FLUSH_AND_HOLD_WRITES control code is sent to force a flush of a file system before a volume shadow copy occurs. |
Functions
CcCanIWrite Learn more about the CcCanIWrite function. |
CcCoherencyFlushAndPurgeCache The CcCoherencyFlushAndPurgeCache routine flushes and/or purges the cache to ensure cache coherency. |
CcCopyRead The CcCopyRead routine copies data from a cached file to a user buffer. |
CcCopyReadEx Learn more about the CcCopyReadEx routine. |
CcCopyWrite The CcCopyWrite routine copies data from a user buffer to a cached file. |
CcCopyWriteEx Learn more about the CcCopyWriteEx routine. |
CcCopyWriteWontFlush The CcCopyWriteWontFlush macro determines whether the amount of data to be copied in a call to CcCopyWrite is small enough not to require immediate flushing to disk if CcCopyWrite is called with Wait set to FALSE. |
CcDeferWrite The CcDeferWrite routine defers writing to a cached file. |
CcFastCopyRead Learn more about the CcFastCopyRead function. |
CcFastCopyWrite Learn more about the CcFastCopyWrite function. |
CcFlushCache The CcFlushCache routine flushes all or a portion of a cached file to disk. |
CcGetCacheFileSize Learn more about the CcGetCacheFileSize function. |
CcGetDirtyPages The CcGetDirtyPages routine searches for dirty pages in all files that match a given log handle. |
CcGetFileObjectFromBcb Given a pointer to a pinned buffer control block (BCB) for a file, the CcGetFileObjectFromBcb routine returns a pointer to the file object that the cache manager is using for that file. |
CcGetFileObjectFromSectionPtrs Given a pointer to the section object pointers for a cached file, the CcGetFileObjectFromSectionPtrs routine returns a pointer to the file object that the cache manager is using for the file. |
CcGetFileObjectFromSectionPtrsRef When passed a pointer to a SECTION_OBJECT_POINTERS structure for a cached file, the CcGetFileObjectFromSectionPtrsRef routine returns a pointer to the file object that the cache manager is using for the cached file. |
CcGetFileSizePointer Learn more about the CcGetFileSizePointer function. |
CcGetFlushedValidData The CcGetFlushedValidData routine determines how much of a cached file has been flushed to disk. |
CcInitializeCacheMap File systems call the CcInitializeCacheMap routine to cache a file. |
CcIsThereDirtyData The CcIsThereDirtyData routine determines whether a mounted volume contains any files that have dirty data in the system cache. |
CcIsThereDirtyDataEx The CcIsThereDirtyDataEx routine determines whether a volume contains any files that have dirty data in the system cache. |
CcMapData The CcMapData routine maps a specified byte range of a cached file to a buffer in memory. |
CcMdlReadComplete The CcMdlReadComplete routine frees the memory descriptor lists (MDL) created by CcMdlRead for a cached file. |
CcMdlWriteAbort The CcMdlWriteAbort routine frees memory descriptor lists (MDL) created by an earlier call to CcPrepareMdlWrite. |
CcMdlWriteComplete The CcMdlWriteComplete routine frees the memory descriptor lists (MDL) created by CcPrepareMdlWrite for a cached file. |
CcPinMappedData The CcPinMappedData routine pins the specified byte range of a cached file. |
CcPinRead The CcPinRead routine pins the specified byte range of a cached file and reads the pinned data into a buffer in memory. |
CcPrepareMdlWrite The CcPrepareMdlWrite routine provides direct access to cached file memory so that the caller can write data to the file. |
CcPreparePinWrite The CcPreparePinWrite routine pins the specified byte range of a cached file for write access. |
CcPurgeCacheSection The CcPurgeCacheSection routine purges all or a portion of a cached file from the system cache. |
CcRemapBcb The CcRemapBcb routine maps a buffer control block (BCB) an additional time to preserve it through several calls that perform additional maps and unpins. |
CcRepinBcb The CcRepinBcb routine pins a buffer control block (BCB) an additional time to prevent it from being freed by a subsequent call to CcUnpinData. |
CcScheduleReadAhead The CcScheduleReadAhead routine performs read-ahead (also called "lazy read") on a cached file. CcScheduleReadAhead should never be called directly. The CcReadAhead macro should be called instead. |
CcScheduleReadAheadEx Learn more about the CcScheduleReadAheadEx routine. |
CcSetAdditionalCacheAttributes Call the CcSetAdditionalCacheAttributes routine to enable or disable read-ahead (also called "lazy read") or write-behind (also called "lazy write") on a cached file. |
CcSetAdditionalCacheAttributesEx Learn more about the CcSetAdditionalCacheAttributesEx routine. |
CcSetBcbOwnerPointer The CcSetBcbOwnerPointer routine sets the owner thread pointer for a pinned buffer control block (BCB). |
CcSetCacheFileSizes Learn more about the CcSetCacheFileSizes function. |
CcSetDirtyPageThreshold The CcSetDirtyPageThreshold routine sets a per-file dirty page threshold on a cached file. |
CcSetDirtyPinnedData The CcSetDirtyPinnedData routine marks as dirty the buffer control block (BCB) for a pinned buffer whose contents have been modified. |
CcSetFileSizes Learn more about the CcSetFileSizes function. |
CcSetFileSizesEx Learn more about the CcSetFileSizesEx function. |
CcSetLogHandleForFile The CcSetLogHandleForFile routine sets a log handle for a file. |
CcSetReadAheadGranularity The CcSetReadAheadGranularity routine sets the read-ahead granularity for a cached file. |
CcUninitializeCacheMap The CcUninitializeCacheMap routine stops the caching of a cached file. |
CcUnpinData The CcUnpinData routine releases cached file data that was mapped or pinned by an earlier call to CcMapData, CcPinRead, or CcPreparePinWrite. |
CcUnpinDataForThread The CcUnpinDataForThread routine releases pages of a cached file whose buffer control block (BCB) was modified by an earlier call to CcSetBcbOwnerPointer. |
CcUnpinRepinnedBcb The CcUnpinRepinnedBcb routine unpins a repinned buffer control block (BCB). |
CcWaitForCurrentLazyWriterActivity The CcWaitForCurrentLazyWriterActivity routine puts the caller into a wait state until the current batch of lazy writer activity is completed. |
CcZeroData The CcZeroData routine zeros the specified range of bytes in a cached or noncached file. |
ExAdjustLookasideDepth Microsoft reserves the ExAdjustLookasideDepth function for internal use only. Don't use this function in your code. |
ExDisableResourceBoostLite Microsoft reserves the ExDisableResourceBoostLite function for internal use only. Don't use this function in your code. |
ExQueryPoolBlockSize Obsolete. |
FsRtlAcknowledgeEcp Learn more about the FsRtlAcknowledgeEcp routine. |
FsRtlAcquireFileExclusive Microsoft reserves the FsRtlAcquireFileExclusive function for internal use only. Don't use this function in your code. |
FsRtlAddBaseMcbEntryEx The FsRtlAddBaseMcbEntryEx function is used to add a new mapping of virtual block numbers (VBN's) to logical block numbers (LBN's) to an existing map control block (MCB). |
FsRtlAddLargeMcbEntry The FsRtlAddLargeMcbEntry routine adds a new mapping to an existing map control block (MCB). |
FsRtlAddMcbEntry The FsRtlAddMcbEntry function is obsolete. |
FsRtlAddToTunnelCache The FsRtlAddToTunnelCache routine caches a file name that is removed from a directory when a file is renamed or deleted. |
FsRtlAllocateAePushLock Learn more about the FsRtlAllocateAePushLock macro. |
FsRtlAllocateExtraCreateParameter The FsRtlAllocateExtraCreateParameter routine allocates memory for an extra create parameter (ECP) context structure and generates a pointer to that structure. |
FsRtlAllocateExtraCreateParameterFromLookasideList The FsRtlAllocateExtraCreateParameterFromLookasideList routine allocates memory pool from a given lookaside list for an extra create parameter (ECP) context structure, and generates a pointer to that structure. |
FsRtlAllocateExtraCreateParameterList Learn more about the FsRtlAllocateExtraCreateParameterList function. |
FsRtlAllocateFileLock The FsRtlAllocateFileLock routine allocates and initializes a new FILE_LOCK structure. |
FsRtlAllocatePoolWithQuotaTag Learn more about the FsRtlAllocatePoolWithQuotaTag function. |
FsRtlAllocatePoolWithTag Learn more about the FsRtlAllocatePoolWithTag function. |
FsRtlAllocateResource The FsRtlAllocateResource function is obsolete. |
FsRtlAreNamesEqual The FsRtlAreNamesEqual routine determines whether two Unicode strings are equal. |
FsRtlAreThereCurrentFileLocks The FsRtlAreThereCurrentFileLocks macro checks whether any byte range locks exist for the specified file. |
FsRtlAreThereCurrentOrInProgressFileLocks TheFsRtlAreThereCurrentOrInProgressFileLocks routine determines if there are byte range locks assigned to a file or any lock operations in progress for that file. |
FsRtlAreThereWaitingFileLocks The FsRtlAreThereWaitingFileLocks routine checks a file lock queue for any waiting file locks. |
FsRtlAreVolumeStartupApplicationsComplete The FsRtlAreVolumeStartupApplicationsComplete function determines whether volume startup applications have completed processing. |
FsRtlBalanceReads The FsRtlBalanceReads routine signals to a fault-tolerant disk driver that it is now safe to start balancing reads from a mirrored drive. |
FsRtlCancellableWaitForMultipleObjects The FsRtlCancellableWaitForMultipleObjects routine executes a cancelable wait operation (a wait that can be terminated) on one or more dispatcher objects. |
FsRtlCancellableWaitForSingleObject The FsRtlCancellableWaitForSingleObject routine executes a cancelable wait operation (a wait that can be terminated) on a dispatcher object. |
FsRtlChangeBackingFileObject The FsRtlChangeBackingFileObject routine replaces the current file object with a new file object. |
FsRtlCheckLockForOplockRequest Learn more about the FsRtlCheckLockForOplockRequest routine. |
FsRtlCheckLockForReadAccess The FsRtlCheckLockForReadAccess routine determines whether the process associated with a given IRP has read access to a locked region of a file. |
FsRtlCheckLockForWriteAccess The FsRtlCheckLockForWriteAccess routine determines whether the process associated with a given IRP has write access to a locked region of a file. |
FsRtlCheckOplock Learn more about the FsRtlCheckOplock function. |
FsRtlCheckOplockEx Learn more about the FsRtlCheckOplockEx function. |
FsRtlCheckOplockEx2 FsRtlCheckOplockEx2 synchronizes the IRP for a file I/O operation with the current opportunistic lock (oplock) state of the file. |
FsRtlCheckUpperOplock Learn more about the FsRtlCheckUpperOplock routine. |
FsRtlCompleteRequest The FsRtlCompleteRequest macro completes an IRP with the specified status. |
FsRtlCopyRead Learn more about the FsRtlCopyRead function. |
FsRtlCopyWrite Learn more about the FsRtlCopyWrite function. |
FsRtlCreateSectionForDataScan The FsRtlCreateSectionForDataScan routine creates a section object. |
FsRtlCurrentBatchOplock A file system or filter driver calls FsRtlCurrentBatchOplock to determine whether there are any batch or filter opportunistic locks (oplocks) on a file. |
FsRtlCurrentOplock A file system or filter driver calls FsRtlCurrentOplock to determine whether there are any opportunistic locks (oplocks) on a file. |
FsRtlCurrentOplockH A file system or filter driver calls FsRtlCurrentOplockH to determine whether there are any CACHE_HANDLE_LEVEL opportunistic locks (oplocks) on a file. |
FsRtlDeleteExtraCreateParameterLookasideList The FsRtlDeleteExtraCreateParameterLookasideList routine frees an extra create parameter (ECP) lookaside list. |
FsRtlDeleteKeyFromTunnelCache The FsRtlDeleteKeyFromTunnelCache routine deletes any tunnel cache entries for files in a directory that is being deleted. |
FsRtlDeleteTunnelCache The FsRtlDeleteTunnelCache routine deletes a tunnel cache. |
FsRtlDeregisterUncProvider The FsRtlDeregisterUncProvider routine deregisters a redirector that was registered as a Universal Naming Convention (UNC) provider with the multiple UNC provider (MUP). |
FsRtlDissectDbcs Given an ANSI or double-byte character set (DBCS) pathname string, the FsRtlDissectDbcs routine returns two strings:_one containing the first file name found in the string, the other containing the remaining unparsed portion of the pathname string. |
FsRtlDissectName Given a Unicode pathname string, the FsRtlDissectName routine returns two strings, one containing the first file name found in the string, the other containing the remaining unparsed portion of the pathname string. |
FsRtlDoesDbcsContainWildCards The FsRtlDoesDbcsContainWildCards routine determines whether an ANSI or double-byte character set (DBCS) string contains wildcard characters. |
FsRtlDoesNameContainWildCards The FsRtlDoesNameContainWildCards routine determines whether a Unicode string contains wildcard characters. |
FsRtlFastCheckLockForRead The FsRtlFastCheckLockForRead routine determines whether the specified process has read access to a locked byte range of a file. |
FsRtlFastCheckLockForWrite The FsRtlFastCheckLockForWrite routine determines whether the specified process has write access to a locked byte range of a file. |
FsRtlFastLock The FsRtlFastLock macro is used by file systems and filter drivers to request a byte-range lock for a file stream. |
FsRtlFastUnlockAll The FsRtlFastUnlockAll routine releases all byte-range locks that were acquired by the specified process for a file. |
FsRtlFastUnlockAllByKey The FsRtlFastUnlockAllByKey routine releases all byte-range locks that were acquired by the specified process, with the specified key value, for a file. |
FsRtlFastUnlockSingle The FsRtlFastUnlockSingle routine releases a byte-range lock that was acquired by the specified process, with the specified key value, file offset, and length, for a file. |
FsRtlFindExtraCreateParameter The FsRtlFindExtraCreateParameter routine searches a given ECP list for an ECP context structure of a given type and returns a pointer to this structure if it is found. |
FsRtlFindInTunnelCache Learn more about the FsRtlFindInTunnelCache function. |
FsRtlFreeAePushLock Learn more about the FsRtlFreeAePushLock macro. |
FsRtlFreeExtraCreateParameter The FsRtlFreeExtraCreateParameter routine frees the memory for an ECP context structure. |
FsRtlFreeExtraCreateParameterList The FsRtlFreeExtraCreateParameterList routine frees an extra create parameter (ECP) list structure. |
FsRtlFreeFileLock The FsRtlFreeFileLock routine uninitializes and frees a file lock structure. |
FsRtlGetBypassIoOpenCount FsRtlGetBypassIoOpenCount returns a count of how many BypassIO opens there are for a given stream. |
FsRtlGetBypassIoOpenCountPtr FsRtlGetBypassIoOpenCountPtr returns a pointer to the count of how many BypassIO opens there are for a given stream. |
FsRtlGetEcpListFromIrp The FsRtlGetEcpListFromIrp routine returns a pointer to an extra create parameter (ECP) context structure list that is associated with a given IRP_MJ_CREATE operation. |
FsRtlGetFileSize The FsRtlGetFileSize routine is used to get the size of a file. |
FsRtlGetNextExtraCreateParameter The FsRtlGetNextExtraCreateParameter routine returns a pointer to the next (or first) extra create parameter (ECP) context structure in a given ECP list. |
FsRtlGetNextFileLock The FsRtlGetNextFileLock routine is used to enumerate the byte-range locks that currently exist for a specified file. |
FsRtlGetNextLargeMcbEntry The FsRtlGetNextLargeMcbEntry routine retrieves a mapping run from a map control block (MCB). |
FsRtlGetNextMcbEntry Learn more about the FsRtlGetNextMcbEntry function. |
FsRtlGetPerStreamContextPointer The FsRtlGetPerStreamContextPointer macro returns the file system's stream context for a file stream. |
FsRtlGetSectorSizeInformation The FsRtlGetSectorSizeInformation routine retrieves the physical and logical sector size information for a storage volume. |
FsRtlGetSupportedFeatures The FsRtlGetSupportedFeatures routine returns the supported features of a volume attached to the specified device object. |
FsRtlIncrementCcFastMdlReadWait The FsRtlIncrementCcFastMdlReadWait routine increments the cache manager's CcFastMdlReadWait performance counter member in a processor control block (PRCB) object. |
FsRtlIncrementCcFastReadNotPossible The FsRtlIncrementCcFastReadNotPossible routine increments the CcFastReadNotPossible performance counter in a per processor control block of cache manager system counters. |
FsRtlIncrementCcFastReadNoWait The FsRtlIncrementCcFastReadNoWait routine increments the CcFastReadNoWait performance counter in a per processor control block of cache manager system counters. |
FsRtlIncrementCcFastReadResourceMiss The FsRtlIncrementCcFastReadResourceMiss routine increments the CcFastReadNotPossible performance counter in a per processor control block of cache manager system counters. |
FsRtlIncrementCcFastReadWait The FsRtlIncrementCcFastReadWait routine increments the CcFastReadWait performance counter in a per processor control block of cache manager system counters. |
FsRtlInitExtraCreateParameterLookasideList The FsRtlInitExtraCreateParameterLookasideList routine initializes a paged or nonpaged pool lookaside list used for the allocation of one or more extra create parameter context structures (ECPs) of fixed size. |
FsRtlInitializeBaseMcb FsRtlInitializeBaseMcb initializes a new map control block (MCB) structure. |
FsRtlInitializeBaseMcbEx FsRtlInitializeBaseMcbEx initializes a new MCB structure. |
FsRtlInitializeExtraCreateParameter The FsRtlInitializeExtraCreateParameter routine initializes an extra create parameter (ECP) context structure. |
FsRtlInitializeExtraCreateParameterList The FsRtlInitializeExtraCreateParameterList routine initializes an extra create parameter (ECP) context structure list. |
FsRtlInitializeFileLock The FsRtlInitializeFileLock routine initializes a FILE_LOCK structure. |
FsRtlInitializeLargeMcb Learn more about the FsRtlInitializeLargeMcb function. |
FsRtlInitializeMcb The FsRtlInitializeMcb function is obsolete. |
FsRtlInitializeOplock FsRtlInitializeOplock initializes an opportunistic lock (oplock) pointer. |
FsRtlInitializeTunnelCache The FsRtlInitializeTunnelCache routine initializes a new tunnel cache for a volume. |
FsRtlInitPerStreamContext The FsRtlInitPerStreamContext macro initializes a filter driver context structure. |
FsRtlInsertExtraCreateParameter The FsRtlInsertExtraCreateParameter routine inserts an extra create parameter (ECP) context structure into an ECP list. |
FsRtlInsertPerFileContext The FsRtlInsertPerFileContext routine associates a FSRTL_PER_FILE_CONTEXT object with a driver-specified context object for a file. |
FsRtlInsertPerFileObjectContext For a "legacy" file system filter driver, the FsRtlInsertPerFileObjectContext function associates context information with a file object. |
FsRtlInsertPerStreamContext The FsRtlInsertPerStreamContext routine associates a file system filter driver's per-stream context structure with a file stream. |
FsRtlIsAnsiCharacterLegal The FsRtlIsAnsiCharacterLegal macro determines whether a character is a legal ANSI character. |
FsRtlIsAnsiCharacterLegalFat The FsRtlIsAnsiCharacterLegalFat macro determines whether an ANSI character is legal for FAT file names. |
FsRtlIsAnsiCharacterLegalHpfs The FsRtlIsAnsiCharacterLegalHpfs macro determines whether an ANSI character is legal for HPFS file names. |
FsRtlIsAnsiCharacterLegalNtfs The FsRtlIsAnsiCharacterLegalNtfs macro determines whether an ANSI character is legal for NTFS file names. |
FsRtlIsAnsiCharacterLegalNtfsStream The FsRtlIsAnsiCharacterLegalNtfsStream macro determines whether an ANSI character is legal for NTFS stream names. |
FsRtlIsAnsiCharacterWild The FsRtlIsAnsiCharacterWild macro determines whether an ANSI character is a wildcard character. |
FsRtlIsDaxVolume This routine queries if the specified file is on a direct access (DAX) volume. |
FsRtlIsDbcsInExpression The FsRtlIsDbcsInExpression routine determines whether an ANSI or double-byte character set (DBCS) string matches the specified pattern. |
FsRtlIsEcpAcknowledged The FsRtlIsEcpAcknowledged routine is used to determine if a given extra create parameter (ECP) context structure has been marked as acknowledged. |
FsRtlIsEcpFromUserMode The FsRtlIsEcpFromUserMode routine determines whether an extra create parameter (ECP) context structure originated from user mode. |
FsRtlIsFatDbcsLegal The FsRtlIsFatDbcsLegal routine determines whether the specified ANSI or double-byte character set (DBCS) string is a legal FAT file name. |
FsRtlIsHpfsDbcsLegal Learn more about the FsRtlIsHpfsDbcsLegal function. |
FsRtlIsLeadDbcsCharacter The FsRtlIsLeadDbcsCharacter macro determines whether a character is a lead byte (the first byte of a character) in a double-byte character set (DBCS). |
FsRtlIsNameInExpression The FsRtlIsNameInExpression routine determines whether a Unicode string matches the specified pattern. |
FsRtlIsNameInUnUpcasedExpression The FsRtlIsNameInUnUpcasedExpression routine determines whether a Unicode string matches the specified pattern. |
FsRtlIsNtstatusExpected The FsRtlIsNtstatusExpected routine determines whether the specified exception is handled by the exception filter. |
FsRtlIsPagingFile The FsRtlIsPagingFile routine determines whether a given file is a paging file. |
FsRtlIssueDeviceIoControl Learn more about the FsRtlIssueDeviceIoControl routine. |
FsRtlIsSystemPagingFile Learn more about the FsRtlIsSystemPagingFile routine. |
FsRtlIsTotalDeviceFailure The FsRtlIsTotalDeviceFailure function (ntifs.h) determines whether a media or other hardware failure has occurred. |
FsRtlIsUnicodeCharacterWild The FsRtlIsUnicodeCharacterWild macro determines whether a Unicode character is a wildcard character. |
FsRtlKernelFsControlFile Learn more about the FsRtlKernelFsControlFile function. |
FsRtlLogCcFlushError The FsRtlLogCcFlushError routine logs a lost delayed-write error and displays a dialog box to the user. |
FsRtlLookupBaseMcbEntry The FsRtlLookupBaseMcbEntry routine retrieves the mapping of a Vbn to an Lbn from an Mcb. It indicates if the mapping exists and the size of the run. |
FsRtlLookupLargeMcbEntry Learn more about the FsRtlLookupLargeMcbEntry function. |
FsRtlLookupLastLargeMcbEntry Learn more about the FsRtlLookupLastLargeMcbEntry function. |
FsRtlLookupLastLargeMcbEntryAndIndex Learn more about the FsRtlLookupLastLargeMcbEntryAndIndex function. |
FsRtlLookupLastMcbEntry Learn more about the FsRtlLookupLastMcbEntry function. |
FsRtlLookupMcbEntry The FsRtlLookupMcbEntry function is obsolete. |
FsRtlLookupPerFileContext The FsRtlLookupPerFileContext routine returns a pointer to a FSRTL_PER_FILE_CONTEXT object that is associated with a specified file. |
FsRtlLookupPerFileObjectContext For a "legacy" file system filter driver, the FsRtlLookupPerFileObjectContext function retrieves context information previously associated with a file object. |
FsRtlLookupPerStreamContext The FsRtlLookupPerStreamContext macro retrieves a per-stream context structure for a file stream. |
FsRtlLookupPerStreamContextInternal Learn more about the FsRtlLookupPerStreamContextInternal function. |
FsRtlMdlReadCompleteDev The FsRtlMdlReadCompleteDev routine completes the read operation that the FsRtlMdlReadDev routine initiated. |
FsRtlMdlReadDev The FsRtlMdlReadDev routine returns a memory descriptor list (MDL) that points directly to the specified byte range in the file cache. |
FsRtlMdlReadEx Learn more about the FsRtlMdlReadEx routine. |
FsRtlMdlWriteCompleteDev The FsRtlMdlWriteCompleteDev routine in ntifs.h frees the resources that FsRtlPrepareMdlWriteDev allocated. |
FsRtlMupGetProviderIdFromName The FsRtlMupGetProviderIdFromName routine gets the provider identifier of a network redirector that is registered with the multiple UNC provider (MUP) from the device name of the network redirector. |
FsRtlMupGetProviderInfoFromFileObject The FsRtlMupGetProviderInfoFromFileObject routine gets information about a network redirector that is registered with the multiple UNC provider (MUP) from a file object for a file that is located on a remote file system. |
FsRtlNormalizeNtstatus The FsRtlNormalizeNtstatus routine translates an arbitrary exception into a status value that is handled by the exception filter. |
FsRtlNotifyCleanup When the last handle to a file object is released, the FsRtlNotifyCleanup routine removes the file object's notify structure, if present, from the specified notify list. |
FsRtlNotifyCleanupAll The FsRtlNotifyCleanupAll routine removes all members of the specified notification list. |
FsRtlNotifyFilterChangeDirectory The FsRtlNotifyFilterChangeDirectory routine creates a notify structure for an IRP_MN_NOTIFY_CHANGE_DIRECTORY request and adds it to the specified notify list. |
FsRtlNotifyFilterReportChange FsRtlNotifyFilterReportChange completes IRP_MN_NOTIFY_CHANGE_DIRECTORY requests that are pending in the specified notify list. |
FsRtlNotifyFullChangeDirectory The FsRtlNotifyFullChangeDirectory routine creates a notify structure for a notification request and adds it to the specified notify list. |
FsRtlNotifyFullReportChange The FsRtlNotifyFullReportChange routine completes pending notify change IRPs. |
FsRtlNotifyInitializeSync The FsRtlNotifyInitializeSync routine allocates and initializes a synchronization object for a notify list. |
FsRtlNotifyUninitializeSync The FsRtlNotifyUninitializeSync routine deallocates the synchronization object for a notify list. |
FsRtlNotifyVolumeEvent The FsRtlNotifyVolumeEvent routine notifies any registered applications that a volume event is occurring. |
FsRtlNotifyVolumeEventEx The FsRtlNotifyVolumeEventEx routine notifies any registered applications that a volume event is occurring. Volume events include the volume being locked, unlocked, mounted, or made read-only. |
FsRtlNumberOfRunsInLargeMcb The FsRtlNumberOfRunsInLargeMcb routine returns the number of runs in a map control block (MCB). |
FsRtlNumberOfRunsInMcb The FsRtlNumberOfRunsInMcb function is obsolete. |
FsRtlOplockBreakH The FsRtlOplockBreakH routine breaks CACHE_HANDLE_LEVEL opportunistic locks (oplocks). |
FsRtlOplockBreakToNone The FsRtlOplockBreakToNone function is obsolete. |
FsRtlOplockBreakToNoneEx The FsRtlOplockBreakToNoneEx routine breaks all opportunistic locks (oplocks) immediately without regard for any oplock key. |
FsRtlOplockFsctrl FsRtlOplockFsctrl performs various opportunistic lock (oplock) operations on behalf of a file system or filter driver. |
FsRtlOplockFsctrlEx The FsRtlOplockFsctrlEx routine performs various opportunistic lock (oplock) operations on behalf of a file system or filter driver. |
FsRtlOplockGetAnyBreakOwnerProcess FsRtlOplockGetAnyBreakOwnerProcess gets an owner of an allegedly breaking oplock. |
FsRtlOplockIsFastIoPossible Learn more about the FsRtlOplockIsFastIoPossible function. |
FsRtlOplockIsSharedRequest The FsRtlOplockIsSharedRequest routine determines if a request for an opportunistic lock (oplock) wants a shared oplock. |
FsRtlOplockKeysEqual The FsRtlOplockKeysEqual routine compares the opportunistic lock (oplock) keys that are stored in the file object extensions of two file objects. |
FsRtlPostPagingFileStackOverflow The FsRtlPostPagingFileStackOverflow routine posts a paging file stack overflow item to the stack overflow thread. |
FsRtlPostStackOverflow The FsRtlPostStackOverflow routine posts a stack overflow item to the stack overflow thread. |
FsRtlPrepareMdlWriteDev The FsRtlPrepareMdlWriteDev routine returns a linked list of memory descriptor lists (MDLs) that point to the specified range of cached file data to write data directly to the cache. |
FsRtlPrepareMdlWriteEx The FsRtlPrepareMdlWriteEx routine returns a linked list of memory descriptor lists (MDLs) that point to the specified range of cached file data to write data directly to the cache. |
FsRtlPrepareToReuseEcp Learn more about the FsRtlPrepareToReuseEcp routine. |
FsRtlPrivateLock The FsRtlPrivateLock function is obsolete. |
FsRtlProcessFileLock The FsRtlProcessFileLock routine processes and completes an IRP for a file lock operation. |
FsRtlQueryCachedVdl The current valid data length (VDL) for a cached file is retrieved with the FsRtlQueryCachedVdl routine. |
FsRtlQueryInformationFile Learn more about the FsRtlQueryInformationFile function. |
FsRtlQueryKernelEaFile The routine FsRtlQueryKernelEaFile is used to build an explicit QueryEA request and synchronously wait for it to complete, returning the result. This allows the caller to do this by FileObject instead of a handle. |
FsRtlRegisterFileSystemFilterCallbacks File system filter drivers and file systems call the FsRtlRegisterFileSystemFilterCallbacks routine to register notification callback routines to be invoked when the underlying file system performs certain operations. |
FsRtlRegisterUncProvider The FsRtlRegisterUncProvider routine registers a network redirector as a universal naming convention (UNC) provider with the system multiple UNC provider (MUP). |
FsRtlRegisterUncProviderEx The FsRtlRegisterUncProviderEx routine registers a network redirector as a universal naming convention (UNC) provider with the system multiple UNC provider (MUP). |
FsRtlReleaseFile Microsoft reserves the FsRtlReleaseFile function for internal use only. Don't use this function in your code. |
FsRtlRemoveBaseMcbEntry The FsRtlRemoveBaseMcbEntry function is the work routine for removing a large mcb entry. It does so without taking out the mcb GuardedMutex. |
FsRtlRemoveDotsFromPath The FsRtlRemoveDotsFromPath routine removes unnecessary occurrences of '.' and '..' from the specified path. |
FsRtlRemoveExtraCreateParameter The FsRtlRemoveExtraCreateParameter routine searches an ECP list for an ECP context structure and, if found, detaches it from the ECP list. |
FsRtlRemoveLargeMcbEntry The FsRtlRemoveLargeMcbEntry routine removes one or more mappings from a map control block (MCB). |
FsRtlRemoveMcbEntry The FsRtlRemoveMcbEntry function is obsolete. |
FsRtlRemovePerFileContext Learn more about the FsRtlRemovePerFileContext function. |
FsRtlRemovePerFileObjectContext For a "legacy" file system filter driver, the FsRtlRemovePerFileObjectContext function unlinks a per-file-object context information structure from the list of per-file-object contexts previously associated with a file object. |
FsRtlRemovePerStreamContext Learn more about the FsRtlRemovePerStreamContext function. |
FsRtlResetLargeMcb The FsRtlResetLargeMcb routine truncates a map control block (MCB) structure to contain zero mapping pairs. It does not shrink the mapping pairs array. |
FsRtlSetEcpListIntoIrp The FsRtlSetEcpListIntoIrp routine attaches an extra create parameter (ECP) context structure list to an IRP_MJ_CREATE operation. |
FsRtlSetKernelEaFile The routine FsRtlQueryKernelEaFile is used to set, modify and/or delete extended attribute (EA) values for a file and synchronously wait for it to complete, returning a result. |
FsRtlSetupAdvancedHeader The FsRtlSetupAdvancedHeader macro is used by file systems to initialize an FSRTL_ADVANCED_FCB_HEADER structure for use with filter contexts. |
FsRtlSetupAdvancedHeaderEx The FsRtlSetupAdvancedHeaderEx macro is used by file systems to initialize an FSRTL_ADVANCED_FCB_HEADER structure for use with both stream and file contexts. |
FsRtlSetupAdvancedHeaderEx2 Learn more about the FsRtlSetupAdvancedHeaderEx2 function. |
FsRtlSplitLargeMcb The FsRtlSplitLargeMcb routine inserts a hole into the mappings in a map control block (MCB). |
FsRtlSupportsPerFileContexts The FsRtlSupportsPerFileContexts macro checks if per file context information is supported by the file system that is associated with a specified FILE_OBJECT. |
FsRtlTeardownPerFileContexts File systems call theFsRtlTeardownPerFileContexts routine to free FSRTL_PER_FILE_CONTEXT objects that are associated with a file control block (FCB) structure. |
FsRtlTeardownPerStreamContexts The FsRtlTeardownPerStreamContexts routine frees all per-stream context structures associated with a given FSRTL_ADVANCED_FCB_HEADER structure. |
FsRtlTestAnsiCharacter The FsRtlTestAnsiCharacter macro determines whether an ANSI or double-byte character set (DBCS) character meets the specified criteria. |
FsRtlTruncateLargeMcb The FsRtlTruncateLargeMcb routine truncates a large map control block (MCB). |
FsRtlTruncateMcb The FsRtlTruncateMcb function is obsolete. |
FsRtlUninitializeBaseMcb The FsRtlUninitializeBaseMcb function uninitializes a map control block (MCB) structure. After calling this routine the input Mcb structure must be re-initialized before being used again. |
FsRtlUninitializeFileLock The FsRtlUninitializeFileLock routine uninitializes a FILE_LOCK structure. |
FsRtlUninitializeLargeMcb The FsRtlUninitializeLargeMcb routine uninitializes a large map-control block (MCB). |
FsRtlUninitializeMcb The FsRtlUninitializeMcb function is obsolete. |
FsRtlUninitializeOplock FsRtlUninitializeOplock uninitializes an opportunistic lock (oplock) pointer. |
FsRtlUpperOplockFsctrl Learn more about the FsRtlUpperOplockFsctrl routine. |
FsRtlValidateReparsePointBuffer The FsRtlValidateReparsePointBuffer routine verifies that the specified reparse point buffer is valid. |
GetSecurityUserInfo The GetSecurityUserInfo function retrieves information about a logon session. |
IoAcquireVpbSpinLock Learn more about the IoAcquireVpbSpinLock function. |
IoCheckDesiredAccess Microsoft reserves the IoCheckDesiredAccess function for internal use only. Don't use this function in your code. |
IoCheckEaBufferValidity Learn more about the IoCheckEaBufferValidity function. |
IoCheckFileObjectOpenedAsCopyDestination Learn more about the IoCheckFileObjectOpenedAsCopyDestination function. |
IoCheckFileObjectOpenedAsCopySource Learn more about the IoCheckFileObjectOpenedAsCopySource function. |
IoCheckFunctionAccess Microsoft reserves the IoCheckFunctionAccess function for internal use only. Don't use this function in your code. |
IoCheckQuerySetFileInformation Microsoft reserves the IoCheckQuerySetFileInformation function for internal use only. Don't use this function in your code. |
IoCheckQuerySetVolumeInformation Microsoft reserves the IoCheckQuerySetVolumeInformation function for internal use only. Don't use this function in your code. |
IoCheckQuotaBufferValidity Learn more about the IoCheckQuotaBufferValidity function. |
IoCreateStreamFileObject The IoCreateStreamFileObject routine creates a new stream file object. |
IoCreateStreamFileObjectEx The IoCreateStreamFileObjectEx routine creates a new stream file object. |
IoCreateStreamFileObjectEx2 Learn more about the IoCreateStreamFileObjectEx2 routine. |
IoCreateStreamFileObjectLite The IoCreateStreamFileObjectLite routine creates a new stream file object, but does not cause an IRP_MJ_CLEANUP request to be sent to the file system driver stack. |
IoEnumerateDeviceObjectList Learn more about the IoEnumerateDeviceObjectList routine. |
IoEnumerateRegisteredFiltersList The IoEnumerateRegisteredFiltersList routine enumerates the file system filter drivers that have registered with the system. |
IoFastQueryNetworkAttributes Microsoft reserves the IoFastQueryNetworkAttributes function for internal use only. Don't use this function in your code. |
IoGetAttachedDevice Learn more about the IoGetAttachedDevice function. |
IoGetAttachedDeviceReference Learn more about the IoGetAttachedDeviceReference routine. |
IoGetBaseFileSystemDeviceObject Microsoft reserves the IoGetBaseFileSystemDeviceObject function for internal use only. Don't use this function in your code. |
IoGetConfigurationInformation Learn more about the IoGetConfigurationInformation function. |
IoGetDeviceAttachmentBaseRef The IoGetDeviceAttachmentBaseRef routine returns a pointer to the lowest-level device object in a file system or device driver stack. |
IoGetDeviceToVerify Learn more about the IoGetDeviceToVerify function. |
IoGetDiskDeviceObject The IoGetDiskDeviceObject routine retrieves a pointer to the disk device object associated with a given file system volume device object. |
IoGetLowerDeviceObject Learn more about the IoGetLowerDeviceObject function. |
IoGetRequestorProcess The IoGetRequestorProcess routine returns a process pointer for the thread that originally requested a given I/O operation. |
IoGetRequestorProcessId The IoGetRequestorProcessId routine returns the unique 32-bit process ID for the thread that originally requested a given I/O operation. |
IoGetRequestorSessionId The IoGetRequestorSessionId routine returns the session ID for the process that originally requested a given I/O operation. |
IoGetTopLevelIrp The IoGetTopLevelIrp routine in ntifs.h returns the value of the TopLevelIrp field of the current thread. |
IoInitializePriorityInfo The IoInitializePriorityInfo routine initializes a structure of type IO_PRIORITY_INFO. |
IoIsFileOpenedExclusively Microsoft reserves the IoIsFileOpenedExclusively macro for internal use only. Don't use this macro in your code. |
IoIsOperationSynchronous Learn more about the IoIsOperationSynchronous function. |
IoIsSystemThread The IoIsSystemThread routine checks whether a given thread is a system thread. |
IoIsValidNameGraftingBuffer Microsoft reserves the IoIsValidNameGraftingBuffer function for internal use only. Don't use this function in your code. |
IoPageRead Microsoft reserves the IoPageRead function for internal use only. Don't use this function in your code. |
IoQueryFileDosDeviceName The IoQueryFileDosDeviceName routine retrieves an MS-DOS device name for a file. |
IoQueryFileInformation Microsoft reserves the IoQueryFileInformation function for internal use only. Don't use this function in your code. |
IoQueryVolumeInformation Microsoft reserves the IoQueryVolumeInformation function for internal use only. Don't use this function in your code. |
IoQueueThreadIrp Microsoft reserves the IoQueueThreadIrp function for internal use only. Don't use this function in your code. |
IoRegisterFileSystem The IoRegisterFileSystem routine adds a file system's control device object to the global file system queue. |
IoRegisterFsRegistrationChange Learn more about the IoRegisterFsRegistrationChange function. |
IoRegisterFsRegistrationChangeEx The IoRegisterFsRegistrationChangeEx routine registers a file system filter driver's notification routine to be called whenever a file system registers or unregisters itself as an active file system. |
IoRegisterFsRegistrationChangeMountAware The IoRegisterFsRegistrationChangeMountAware routine registers a file system filter driver's notification routine. This notification routine is called whenever a file system registers or unregisters itself as an active file system. |
IoReleaseVpbSpinLock The IoReleaseVpbSpinLock routine releases the Volume Parameter Block (VPB) spin lock. |
IoReplaceFileObjectName Learn more about the IoReplaceFileObjectName routine. |
IoSetDeviceToVerify Learn more about the IoSetDeviceToVerify routine. |
IoSetInformation Microsoft reserves the IoSetInformation function for internal use only. Don't use this function in your code. |
IoSetStartIoAttributes The IoSetStartIoAttributes routine in ntifs.h sets attributes for the driver's StartIo routine. |
IoSetTopLevelIrp The IoSetTopLevelIrp routine in ntifs.h sets the value of the TopLevelIrp field of the current thread. |
IoSizeOfIrp Learn more about the IoSizeOfIrp routine. |
IoStartNextPacket Learn more about the IoStartNextPacket routine. |
IoStartNextPacketByKey Learn more about the IoStartNextPacketByKey routine. |
IoStartPacket Learn more about the IoStartPacket routine. |
IoStartTimer Learn more about the IoStartTimer routine. |
IoStopTimer Learn more about the IoStopTimer routine. |
IoSynchronousPageWrite Microsoft reserves the IoSynchronousPageWrite function for internal use only. Don't use this function in your code. |
IoThreadToProcess The IoThreadToProcess routine returns a pointer to the process for the specified thread. |
IoUnregisterFileSystem The IoUnregisterFileSystem routine removes a file system's control device object from the global file system queue. |
IoUnregisterFsRegistrationChange The IoUnregisterFsRegistrationChange routine unregisters file system filter driver's file system registration change notification routine. |
IoVerifyVolume Learn more about the IoVerifyVolume function. |
IoWriteErrorLogEntry Learn more about the IoWriteErrorLogEntry routine. |
IsReparseTagMicrosoft The IsReparseTagMicrosoft macro determines whether a reparse point tag indicates a Microsoft reparse point. |
IsReparseTagNameSurrogate The IsReparseTagNameSurrogate macro determines whether a tag's associated reparse point is a surrogate for another named entity, such as a volume mount point. |
IsReparseTagValid Microsoft reserves the IsReparseTagValid macro for internal use only. Don't use this macro in your code. |
KeAcquireQueuedSpinLock Learn more about the KeAcquireQueuedSpinLock function. |
KeAttachProcess The KeAttachProcess function is obsolete. |
KeDetachProcess The KeDetachProcess function is obsolete. |
KeGetProcessorIndexFromNumber The KeGetProcessorIndexFromNumber routine in ntifs.h converts a group number and a group-relative processor number to a systemwide processor index. |
KeGetProcessorNumberFromIndex The KeGetProcessorNumberFromIndex routine in ntifs.h converts a systemwide processor index to a group number and a group-relative processor number. |
KeInitializeMutant Microsoft reserves the KeInitializeMutant function for internal use only. Don't use this function in your code. |
KeInitializeQueue The KeInitializeQueue routine initializes a queue object on which threads can wait for entries. |
KeInsertHeadQueue The KeInsertHeadQueue routine inserts an entry at the head of the given queue if it cannot immediately use the entry to satisfy a thread wait. |
KeInsertQueue The KeInsertQueue routine inserts an entry at the tail of the given queue if it cannot immediately use the entry to satisfy a thread wait. |
KeQueryPerformanceCounter Learn more about the KeQueryPerformanceCounter routine. |
KeReadStateMutant Microsoft reserves the KeReadStateMutant function for internal use only. Don't use this function in your code. |
KeReadStateQueue Microsoft reserves the KeReadStateQueue function for internal use only. Don't use this function in your code. |
KeReleaseMutant Microsoft reserves the KeReleaseMutant function for internal use only. Don't use this function in your code. |
KeReleaseQueuedSpinLock Microsoft reserves the KeReleaseQueuedSpinLock function for internal use only. Don't use this function in your code. |
KeRemoveQueue Learn more about the KeRemoveQueue function. |
KeRundownQueue The KeRundownQueue routine cleans up a queue object, flushing any queued entries. |
KeSetIdealProcessorThread Microsoft reserves the KeSetIdealProcessorThread function for internal use only. Don't use this function in your code. |
KeSetKernelStackSwapEnable Learn more about the KeSetKernelStackSwapEnable routine. |
KeStackAttachProcess The KeStackAttachProcess routine attaches the current thread to the address space of the target process. |
KeStallExecutionProcessor Learn more about the KeStallExecutionProcessor routine. |
KeTryToAcquireQueuedSpinLock Microsoft reserves the KeTryToAcquireQueuedSpinLock function for internal use only. Don't use this function in your code. |
KeUnstackDetachProcess The KeUnstackDetachProcess routine detaches the current thread from the address space of a process and restores the previous attach state. |
MapSecurityError The MapSecurityError function maps a security interface SECURITY_STATUS status code to a corresponding NSTATUS status code. |
MmCanFileBeTruncated Learn more about the MmCanFileBeTruncated function. |
MmDoesFileHaveUserWritableReferences Learn more about the MmDoesFileHaveUserWritableReferences function. |
MmFlushImageSection The MmFlushImageSection routine flushes the image section for a file. |
MmForceSectionClosed The MmForceSectionClosed routine deletes the data and image sections for a file that is no longer in use. |
MmForceSectionClosedEx The MmForceSectionClosedEx function examines the section object pointers. If they are NULL, no further action is taken and the value TRUE is returned. |
MmGetMaximumFileSectionSize The MmGetMaximumFileSectionSize returns the maximum possible size of a file section for the current version of Windows. |
MmIsRecursiveIoFault The MmIsRecursiveIoFault routine determines whether the current page fault is occurring during an I/O operation. |
MmPrefetchPages The MmPrefetchPages routine reads groups of pages from secondary storage in the optimal fashion. |
MmSetAddressRangeModified The MmSetAddressRangeModified routine marks currently valid pages in the specified range of the system cache as modified. |
NtAllocateVirtualMemory Learn more about the NtAllocateVirtualMemory routine. |
NtClose Learn more about the NtClose routine. |
NtCopyFileChunk Learn more about the NtCopyFileChunk function. |
NtCreateFile Learn more about the NtCreateFile function. |
NtCreateSection Learn about the NtCreateSection function. |
NtCreateSectionEx Creates a section object. |
NtDeviceIoControlFile Learn more about the NtDeviceIoControlFile function. |
NtDuplicateToken Learn more about the NtDuplicateToken function. |
NtFlushBuffersFileEx Learn more about the NtFlushBuffersFileEx routine. |
NtFreeVirtualMemory Learn more about the NtFreeVirtualMemory routine. |
NtFsControlFile Learn more about the NtFsControlFile routine. |
NtLockFile The NtLockFile routine requests a byte-range lock for the specified file. |
NtOpenFile Learn more about the NtOpenFile routine. |
NtOpenProcessToken The NtOpenProcessToken routine opens the access token associated with a process, and returns a handle that can be used to access that token. |
NtOpenProcessTokenEx The NtOpenProcessTokenEx routine opens the access token associated with a process, and returns a handle that can be used to access that token. |
NtOpenThreadToken The NtOpenThreadToken routine opens the access token associated with a thread, and returns a handle that can be used to access that token. |
NtOpenThreadTokenEx The NtOpenThreadTokenEx routine opens the access token associated with a thread. |
NtPrivilegeCheck The NtPrivilegeCheck routine determines whether a specified set of privileges is enabled in the subject's access token. |
NtQueryDirectoryFile The NtQueryDirectoryFile routine returns various kinds of information about files in the directory specified by a given file handle. |
NtQueryDirectoryFileEx Learn more about NtQueryDirectoryFileEx |
NtQueryInformationByName Learn more about the NtQueryInformationByName function. |
NtQueryInformationFile The NtQueryInformationFile routine returns various kinds of information about a file object. |
NtQueryInformationToken The NtQueryInformationToken routine retrieves a specified type of information about an access token. |
NtQueryObject The NtQueryObject routine provides information about a supplied object. If the call occurs in user mode, use the name NtQueryObject. |
NtQueryQuotaInformationFile The NtQueryQuotaInformationFile routine retrieves quota entries associated with the volume specified by the FileHandle parameter. |
NtQuerySecurityObject The NtQuerySecurityObject routine retrieves a copy of an object's security descriptor. A security descriptor can be in absolute or self-relative form. |
NtQueryVirtualMemory Learn more about the NtQueryVirtualMemory function. |
NtQueryVolumeInformationFile This routine retrieves information about the volume associated with a given file, directory, storage device, or volume. |
NtReadFile Learn more about the NtReadFile routine. |
NtSetInformationFile The NtSetInformationFile routine in ntifs.h changes various kinds of information about a file object. |
NtSetInformationThread Learn how the ZwSetInformationThread routine sets the priority of a thread. |
NtSetInformationToken The NtSetInformationToken routine modifies information in a specified token. The calling process must have access rights to set the information. |
NtSetQuotaInformationFile The NtSetQuotaInformationFile routine changes quota entries for the volume associated with the FileHandle parameter. |
NtSetSecurityObject Learn more about the NtSetSecurityObject routine. |
NtUnlockFile The NtUnlockFile routine in unlocks a byte-range lock in a file. If the call is in user mode, use the name NtUnlockFile instead of ZwUnlockFile. |
NtWriteFile Learn more about the NtWriteFile routine. |
ObInsertObject Microsoft reserves the ObInsertObject function for internal use only. Don't use this function in your code. |
ObIsKernelHandle The ObIsKernelHandle routine determines whether the specified handle is a kernel handle. |
ObMakeTemporaryObject Microsoft reserves the ObMakeTemporaryObject function for internal use only. Don't use this function in your code. |
ObOpenObjectByPointer The ObOpenObjectByPointer function opens an object referenced by a pointer and returns a handle to the object. |
ObQueryNameString The ObQueryNameString routine supplies the name, if there is one, of a given object to which the caller has a pointer. |
ObQueryObjectAuditingByHandle Microsoft reserves the ObQueryObjectAuditingByHandle function for internal use only. Don't use this function in your code. |
PoCallDriver The PoCallDriver routine in ntifs.h passes a power IRP to the next-lower driver in the device stack. (Windows Server 2003, Windows XP, and Windows 2000 only.). |
PoClearPowerRequest Learn more about the PoClearPowerRequest routine. |
PoCreatePowerRequest Learn more about the PoCreatePowerRequest routine. |
PoDeletePowerRequest Learn more about the PoDeletePowerRequest routine. |
PoEndDeviceBusy Learn more about the PoEndDeviceBusy routine. |
PoQueryWatchdogTime Learn more about the PoQueryWatchdogTime routine. |
PoRegisterDeviceForIdleDetection Learn more about the PoRegisterDeviceForIdleDetection routine. |
PoRegisterPowerSettingCallback Learn more about the PoRegisterPowerSettingCallback routine. |
PoRegisterSystemState Learn more about the PoRegisterSystemState routine. |
PoSetDeviceBusyEx Learn more about the PoSetDeviceBusyEx routine. |
PoSetPowerRequest Learn more about the PoSetPowerRequest function. |
PoSetPowerState Learn more about the PoSetPowerState function. |
PoStartDeviceBusy The PoStartDeviceBusy routine in ntifs.h marks the start of a period of time in which the device is busy. |
PoStartNextPowerIrp The PoStartNextPowerIrp routine in ntifs.h signals the power manager that the driver is ready to handle the next power IRP. |
PoUnregisterPowerSettingCallback The PoUnregisterPowerSettingCallback routine in ntifs.h unregisters a power-setting callback routine that a driver previously registered. |
PoUnregisterSystemState The PoUnregisterSystemState routine in ntifs.h cancels a system state registration created by PoRegisterSystemState. |
PsChargePoolQuota Learn more about the PsChargePoolQuota function. |
PsDereferenceImpersonationToken The PsDereferenceImpersonationToken routine decrements the reference count of an impersonation token. |
PsDereferencePrimaryToken The PsDereferencePrimaryToken routine decrements the reference count of a primary token. |
PsGetCurrentThread Learn how the PsGetCurrentThread routine identifies the current thread. |
PsGetProcessExitTime The PsGetProcessExitTime routine returns the exit time for the current process. |
PsImpersonateClient The PsImpersonateClient routine causes a server thread to impersonate a client. |
PsIsDiskCountersEnabled The enabled state of the per process disk I/O counters is returned by the PsIsDiskCountersEnabled routine. |
PsIsSystemThread The PsIsSystemThread routine checks whether a given thread is a system thread. |
PsIsThreadTerminating The PsIsThreadTerminating routine checks whether a thread is terminating. |
PsLookupProcessByProcessId The PsLookupProcessByProcessId routine accepts the process ID of a process and returns a referenced pointer to EPROCESS structure of the process. |
PsLookupThreadByThreadId The PsLookupThreadByThreadId routine accepts the thread ID of a thread and returns a referenced pointer to the ETHREAD structure of the thread. |
PsReferenceImpersonationToken Learn more about the PsReferenceImpersonationToken function. |
PsReferencePrimaryToken Learn more about the PsReferencePrimaryToken function. |
PsReturnPoolQuota Learn more about the PsReturnPoolQuota function. |
PsRevertToSelf The PsRevertToSelf routine ends the calling thread's impersonation of a client. |
PsUpdateDiskCounters The PsUpdateDiskCounters routine updates the disk I/O counters of a given process. |
RtlAbsoluteToSelfRelativeSD The RtlAbsoluteToSelfRelativeSD routine creates a new security descriptor in self-relative format by using a security descriptor in absolute format as a template. |
RtlAddAccessAllowedAce The RtlAddAccessAllowedAce routine adds an access-allowed access control entry (ACE) to an access control list (ACL). The access is granted to the specified security identifier (SID). |
RtlAddAccessAllowedAceEx Learn more about the RtlAddAccessAllowedAceEx function. |
RtlAddAce Learn more about the RtlAddAce function. |
RtlAllocateAndInitializeSid Microsoft reserves the RtlAllocateAndInitializeSid function for internal use only. Don't use this function in your code. |
RtlAllocateHeap The RtlAllocateHeap routine allocates a block of memory from a heap. |
RtlAppendStringToString The RtlAppendStringToString routine concatenates two counted strings. It copies bytes from the source up to the length of the destination buffer. |
RtlCaptureContext The RtlCaptureContext function retrieves a context record in the context of the caller. |
RtlCaptureStackBackTrace Learn more about the RtlCaptureStackBackTrace function. |
RtlCompareMemoryUlong The RtlCompareMemoryUlong routine returns how many bytes in a block of memory match a specified pattern. |
RtlCompressBuffer Learn more about the RtlCompressBuffer function. |
RtlCompressChunks Microsoft reserves the RtlCompressChunks function for internal use only. Don't use this function in your code. |
RtlConvertSidToUnicodeString The RtlConvertSidToUnicodeString routine generates a printable Unicode string representation of a security identifier (SID). |
RtlCopyLuid The RtlCopyLuid routine copies a locally unique identifier (LUID) to a buffer. |
RtlCopySid The RtlCopySid routine copies the value of a security identifier (SID) to a buffer. |
RtlCreateAcl The RtlCreateAcl routine creates and initializes an access control list (ACL). |
RtlCreateHeap The RtlCreateHeap routine creates a heap object that can be used by the calling process. This routine reserves space in the virtual address space of the process and allocates physical storage for a specified initial portion of this block. |
RtlCreateSecurityDescriptorRelative The RtlCreateSecurityDescriptorRelative routine initializes a new security descriptor in self-relative format. |
RtlCreateSystemVolumeInformationFolder The RtlCreateSystemVolumeInformationFolder routine verifies the existence of the "System Volume Information" folder on a file system volume. If the folder is not present, then the folder is created. |
RtlCreateUnicodeString The RtlCreateUnicodeString routine creates a new counted Unicode string. |
RtlCustomCPToUnicodeN Microsoft reserves the RtlCustomCPToUnicodeN function for internal use only. Don't use this function in your code. |
RtlDecompressBuffer Learn more about the RtlDecompressBuffer function. |
RtlDecompressBufferEx Learn more about the RtlDecompressBufferEx function. |
RtlDecompressBufferEx2 Learn more about the RtlDecompressBufferEx2 function. |
RtlDecompressChunks Microsoft reserves the RtlDecompressChunks function for internal use only. Don't use this function in your code. |
RtlDecompressFragment Learn more about the RtlDecompressFragment function. |
RtlDecompressFragmentEx Learn more about the RtlDecompressFragmentEx function. |
RtlDeleteAce Learn more about the RtlDeleteAce function. |
RtlDescribeChunk Microsoft reserves the RtlDescribeChunk function for internal use only. Don't use this function in your code. |
RtlDestroyHeap The RtlDestroyHeap routine destroys the specified heap object. RtlDestroyHeap decommits and releases all the pages of a private heap object, and it invalidates the handle to the heap. |
RtlDowncaseUnicodeString The RtlDowncaseUnicodeString routine converts the specified Unicode source string to lowercase. The translation conforms to the current system locale information. |
RtlEqualPrefixSid The RtlEqualPrefixSid routine determines whether two security-identifier (SID) prefixes are equal. An SID prefix is the entire SID except for the last subauthority value. |
RtlEqualSid The RtlEqualSid routine determines whether two security identifier (SID) values are equal. Two SIDs must match exactly to be considered equal. |
RtlFillMemoryUlong The RtlFillMemoryUlong routine fills the specified range of memory with one or more repetitions of a ULONG value. |
RtlFillMemoryUlonglong The RtlFillMemoryUlonglong routine fills a given range of memory with one or more repetitions of a given ULONGLONG value. |
RtlFindUnicodePrefix The RtlFindUnicodePrefix routine searches for the best match for a given Unicode file name in a prefix table. |
RtlFreeHeap The RtlFreeHeap routine frees a memory block that was allocated from a heap by RtlAllocateHeap. |
RtlFreeOemString The RtlFreeOemString routine releases storage that was allocated by any of the Rtl..ToOemString routines. |
RtlFreeSid Microsoft reserves the RtlFreeSid function for internal use only. Don't use this function in your code. |
RtlGenerate8dot3Name Learn more about the RtlGenerate8dot3Name function. |
RtlGetAce The RtlGetAce routine obtains a pointer to an access control entry (ACE) in an access control list (ACL). |
RtlGetAcesBufferSize Learn more about the RtlGetAcesBufferSize function. |
RtlGetCompressionWorkSpaceSize Learn more about the RtlGetCompressionWorkSpaceSize function. |
RtlGetDaclSecurityDescriptor The RtlGetDaclSecurityDescriptor routine returns a pointer to the discretionary ACL (DACL) for a security descriptor. |
RtlGetGroupSecurityDescriptor The RtlGetGroupSecurityDescriptor routine returns the primary group information for a given security descriptor. |
RtlGetOwnerSecurityDescriptor The RtlGetOwnerSecurityDescriptor routine returns the owner information for a given security descriptor. |
RtlGetSaclSecurityDescriptor The RtlGetSaclSecurityDescriptor routine returns a pointer to the system ACL (SACL) for a security descriptor. |
RtlIdentifierAuthoritySid Microsoft reserves the RtlIdentifierAuthoritySid function for internal use only. Don't use this function in your code. |
RtlInitCodePageTable Microsoft reserves the RtlInitCodePageTable function for internal use only. Don't use this function in your code. |
RtlInitializeSid The RtlInitializeSid routine initializes a security identifier (SID) structure. |
RtlInitializeSidEx The RtlInitializeSidEx routine initializes a pre-allocated security identifier (SID) structure. |
RtlInitializeUnicodePrefix The RtlInitializeUnicodePrefix routine initializes a prefix table. |
RtlInitStringEx The RtlInitStringEx routine in ntifs.h initializes a counted string of 8-bit characters. RtlInitStringEx does not alter the source string. |
RtlInitUTF8StringEx RtlInitUTF8StringEx initializes a counted string of UTF-8 characters. |
RtlInsertUnicodePrefix The RtlInsertUnicodePrefix routine inserts a new element into a Unicode prefix table. |
RtlIsCloudFilesPlaceholder The RtlIsCloudFilesPlaceholder routine determines if a file or a directory is a CloudFiles placeholder, based on the FileAttributes and ReparseTag values of the file. |
RtlIsNameLegalDOS8Dot3 The RtlIsNameLegalDOS8Dot3 routine determines whether a given name represents a valid short (8.3) file name. |
RtlIsPartialPlaceholder The RtlIsPartialPlaceholder routine determines if a file or a directory is a CloudFiles placeholder, based on the FileAttributes and ReparseTag values of the file. |
RtlIsPartialPlaceholderFileHandle The RtlIsPartialPlaceholderFileHandle routine determines if a file is a known type of placeholder, based on a file handle. |
RtlIsPartialPlaceholderFileInfo The RtlIsPartialPlaceholderFileInfo routine determines if a file is a known type of placeholder, based on the information returned by NtQueryInformationFile or NtQueryDirectoryFile. |
RtlIsValidOemCharacter The RtlIsValidOemCharacter routine determines if the specified Unicode character can be mapped to a valid OEM character. |
RtlLengthRequiredSid The RtlLengthRequiredSid routine returns the length, in bytes, of the buffer required to store a security identifier (SID) with a specified number of subauthorities. |
RtlLengthSid The RtlLengthSid routine returns the length, in bytes, of a valid security identifier (SID). |
RtlMultiByteToUnicodeN The RtlMultiByteToUnicodeN routine translates the specified source string into a Unicode string, using the current system ANSI code page (ACP). The source string is not necessarily from a multibyte character set. |
RtlMultiByteToUnicodeSize The RtlMultiByteToUnicodeSize routine determines the number of bytes that are required to store the Unicode translation for the specified source string. |
RtlNextUnicodePrefix The RtlNextUnicodePrefix routine is used to enumerate the elements in a Unicode prefix table. |
RtlNtStatusToDosError The RtlNtStatusToDosError routine converts the specified NTSTATUS code to its equivalent system error code. |
RtlNtStatusToDosErrorNoTeb Microsoft reserves the RtlNtStatusToDosErrorNoTeb function for internal use only. Don't use this function in your code. |
RtlOemStringToCountedUnicodeSize The RtlOemStringToCountedUnicodeSize routine determines the size, in bytes, that a given OEM string will be after it is translated into a counted Unicode string. |
RtlOemStringToCountedUnicodeString The RtlOemStringToCountedUnicodeString routine translates the specified source string into a Unicode string using the current system OEM code page. |
RtlOemStringToUnicodeSize The RtlOemStringToUnicodeSize routine determines the size, in bytes, that a given OEM string will be after it is translated into a null-terminated Unicode string. |
RtlOemStringToUnicodeString The RtlOemStringToUnicodeString routine translates a given source string into a null-terminated Unicode string using the current system OEM code page. |
RtlOemToUnicodeN The RtlOemToUnicodeN routine translates the specified source string into a Unicode string, using the current system OEM code page. |
RtlQueryPackageIdentity RtlQueryPackageIdentity |
RtlQueryPackageIdentityEx RtlQueryPackageIdentityEx returns the associated full package name. It can optionally also return the package relative application name, and whether an application is considered packaged. |
RtlQueryProcessPlaceholderCompatibilityMode RtlQueryProcessPlaceholderCompatibilityMode returns the placeholder compatibility mode for the current process. |
RtlQueryThreadPlaceholderCompatibilityMode RtlQueryThreadPlaceholderCompatibilityMode returns the placeholder compatibility mode for the current thread. |
RtlRandom The RtlRandom routine returns a random number that was generated from a given seed value. |
RtlRandomEx The RtlRandomEx routine returns a random number that was generated from a given seed value. |
RtlRemoveUnicodePrefix The RtlRemoveUnicodePrefix routine removes an element from a prefix table. |
RtlReserveChunk Microsoft reserves the RtlReserveChunk function for internal use only. Don't use this function in your code. |
RtlSecondsSince1970ToTime The RtlSecondsSince1970ToTime routine converts the elapsed time, in seconds, since the beginning of 1970 to an absolute system time value. |
RtlSecondsSince1980ToTime The RtlSecondsSince1980ToTime routine converts the elapsed time, in seconds, since the beginning of 1980 to an absolute system time value. |
RtlSelfRelativeToAbsoluteSD The RtlSelfRelativeToAbsoluteSD routine creates a new security descriptor in absolute format by using a security descriptor in self-relative format as a template. |
RtlSetGroupSecurityDescriptor The RtlSetGroupSecurityDescriptor routine sets the primary group information of an absolute-format security descriptor. It replaces any primary group information that is already present in the security descriptor. |
RtlSetOwnerSecurityDescriptor The RtlSetOwnerSecurityDescriptor routine sets the owner information of an absolute-format security descriptor. It replaces any owner information that is already present in the security descriptor. |
RtlSetProcessPlaceholderCompatibilityMode RtlSetProcessPlaceholderCompatibilityMode sets the placeholder compatibility mode for the current process. |
RtlSetThreadPlaceholderCompatibilityMode RtlSetThreadPlaceholderCompatibilityMode sets the placeholder compatibility mode for the current thread. |
RtlSubAuthorityCountSid Microsoft reserves the RtlSubAuthorityCountSid function for internal use only. Don't use this function in your code. |
RtlSubAuthoritySid The RtlSubAuthoritySid routine returns a pointer to a specified subauthority of a security identifier (SID). |
RtlTimeToSecondsSince1970 The RtlTimeToSecondsSince1970 routine converts a given absolute system time value to the elapsed time, in seconds, since the beginning of 1970. |
RtlTimeToSecondsSince1980 The RtlTimeToSecondsSince1980 routine converts a given absolute system time value to the elapsed time, in seconds, since the beginning of 1980. |
RtlUnicodeStringToCountedOemString The RtlUnicodeStringToCountedOemString routine translates the specified Unicode source string into a counted OEM string using the current system OEM code page. |
RtlUnicodeStringToOemSize The RtlUnicodeStringToOemSize routine determines the size, in bytes, that a given Unicode string will be after it is translated into an OEM string. |
RtlUnicodeStringToOemString The RtlUnicodeStringToOemString routine translates a given Unicode source string into an OEM string using the current system OEM code page. |
RtlUnicodeStringToUTF8String RtlUnicodeStringToUTF8String converts the specified Unicode string to a UTF-8 string. |
RtlUnicodeToCustomCPN Microsoft reserves the RtlUnicodeToCustomCPN function for internal use only. Don't use this function in your code. |
RtlUnicodeToMultiByteN The RtlUnicodeToMultiByteN routine translates the specified Unicode string into a new character string, using the current system ANSI code page (ACP). The translated string is not necessarily from a multibyte character set. |
RtlUnicodeToMultiByteSize The RtlUnicodeToMultiByteSize routine determines the number of bytes that are required to store the multibyte translation for the specified Unicode string. The translation is assumed to use the current system ANSI code page (ACP). |
RtlUnicodeToOemN The RtlUnicodeToOemN routine translates a given Unicode string to an OEM string, using the current system OEM code page. |
RtlUnicodeToUTF8N The RtlUnicodeToUTF8N routine in ntifs.h converts a Unicode string to a UTF-8 string. The UTF-8 output is null-terminated only if the Unicode input string is. |
RtlUpcaseUnicodeStringToCountedOemString Learn more about the RtlUpcaseUnicodeStringToCountedOemString function. |
RtlUpcaseUnicodeStringToOemString The RtlUpcaseUnicodeStringToOemString routine translates a given Unicode source string into an uppercase OEM string using the current system OEM code page. |
RtlUpcaseUnicodeToCustomCPN Microsoft reserves the RtlUpcaseUnicodeToCustomCPN function for internal use only. Don't use this function in your code. |
RtlUpcaseUnicodeToMultiByteN The RtlUpcaseUnicodeToMultiByteN routine translates the specified Unicode string into a new uppercase character string, using the current system ANSI code page (ACP). The translated string is not necessarily from a multibyte character set. |
RtlUpcaseUnicodeToOemN The RtlUpcaseUnicodeToOemN routine translates a given Unicode string into an uppercase OEM string, using the current system OEM code page. |
RtlUTF8StringToUnicodeString The RtlUTF8StringToUnicodeString routine converts the specified UTF-8 string to a Unicode string. |
RtlUTF8ToUnicodeN The RtlUTF8ToUnicodeN routine in ntifs.h converts a UTF-8 string to a Unicode string. The Unicode output is null-terminated only if the UTF-8 input string is. |
RtlValidSid The RtlValidSid routine validates a security identifier (SID) by verifying that the revision number is within a known range and that the number of subauthorities is less than the maximum. |
RtlxOemStringToUnicodeSize Microsoft reserves the RtlxOemStringToUnicodeSize function for internal use only. Don't use this function in your code. |
RtlxUnicodeStringToOemSize Microsoft reserves the RtlxUnicodeStringToOemSize function for internal use only. Don't use this function in your code. |
SeAccessCheckFromState Learn more about the SeAccessCheckFromState function. |
SeAccessCheckFromStateEx Learn more about the SeAccessCheckFromStateEx function. |
SeAppendPrivileges The SeAppendPrivileges routine appends additional privileges to the privilege set in an access state structure. |
SeAuditHardLinkCreation Microsoft reserves the SeAuditHardLinkCreation function for internal use only. Don't use this function in your code. |
SeAuditingFileEvents The SeAuditingFileEvents routine determines whether file open events are currently being audited. |
SeAuditingFileOrGlobalEvents The SeAuditingFileOrGlobalEvents routine determines whether file or global events are currently being audited. |
SeAuditingHardLinkEvents Microsoft reserves the SeAuditingHardLinkEvents function for internal use only. Don't use this function in your code. |
SeCaptureSubjectContext The SeCaptureSubjectContext routine in ntifs.h captures the security context of the calling thread for access validation and auditing. |
SeCaptureSubjectContextEx Learn more about the SeCaptureSubjectContextEx function. |
SecLookupAccountName SecLookupAccountName accepts an account as input and retrieves a security identifier (SID) for the account and the name of the domain on which the account was found. |
SecLookupAccountSid SecLookupAccountSid accepts a security identifier (SID) as input. It retrieves the name of the account for this SID and the name of the first domain on which this SID is found. |
SecLookupWellKnownSid SecLookupWellKnownSid accepts a well-known security identifier (SID) type as input and retrieves the local security identifier (SID) for this well known SID. |
SecMakeSPN SecMakeSPN creates a service provider name string that can be used when communicating with specific security service providers. |
SecMakeSPNEx SecMakeSPNEx creates a service provider name string that can be used when communicating with specific security service providers. |
SecMakeSPNEx2 SecMakeSPNEx2 creates a service provider name string that can be used when it communicates with specific security service providers. |
SeCreateClientSecurity Learn more about the SeCreateClientSecurity function. |
SeCreateClientSecurityFromSubjectContext Learn more about the SeCreateClientSecurityFromSubjectContext routine. |
SeDeleteClientSecurity The SeDeleteClientSecurity routine deletes a client security context. |
SeDeleteObjectAuditAlarm The SeDeleteObjectAuditAlarm routine generates audit and alarm messages for an object that is marked for deletion. |
SeFilterToken Learn more about the SeFilterToken function. |
SeFreePrivileges The SeFreePrivileges routine frees a privilege set returned by SeAccessCheck. |
SeImpersonateClient The SeImpersonateClient function is obsolete. |
SeImpersonateClientEx The SeImpersonateClientEx routine causes a thread to impersonate a user. |
SeLengthSid The SeLengthSid macro is obsolete. |
SeLocateProcessImageName Learn more about the SeLocateProcessImageName function. |
SeLockSubjectContext Learn more about the SeLockSubjectContext function. |
SeMarkLogonSessionForTerminationNotification The SeMarkLogonSessionForTerminationNotification routine marks a logon session so that the caller's registered callback routine is called when the logon session terminates. |
SeOpenObjectAuditAlarm The SeOpenObjectAuditAlarm routine generates audit and alarm messages when an attempt is made to open an object. |
SeOpenObjectForDeleteAuditAlarm The SeOpenObjectForDeleteAuditAlarm routine generates audit and alarm messages when an attempt is made to open an object for deletion. |
SePrivilegeCheck The SePrivilegeCheck routine determines whether a specified set of privileges is enabled in the subject's access token. |
SeQueryAuthenticationIdToken The SeQueryAuthenticationIdToken routine retrieves the authentication ID of an access token. |
SeQueryInformationToken The SeQueryInformationToken routine retrieves a specified type of information about an access token. The calling process must have appropriate access rights to obtain the information. |
SeQuerySecurityDescriptorInfo The SeQuerySecurityDescriptorInfo routine retrieves a copy of an object's security descriptor. |
SeQuerySessionIdToken Microsoft reserves the SeQuerySessionIdToken function for internal use only. Don't use this function in your code. |
SeQuerySubjectContextToken Learn more about the SeQuerySubjectContextToken macro. |
SeRegisterLogonSessionTerminatedRoutine The SeRegisterLogonSessionTerminatedRoutine routine registers a callback routine to be called when a logon session terminates. A logon session terminates when the last token referencing the logon session is deleted. |
SeReleaseSubjectContext Learn more about the SeReleaseSubjectContext routine. |
SeSetAccessStateGenericMapping The SeSetAccessStateGenericMapping routine sets the generic mapping field of an ACCESS_STATE structure. |
SeSetSecurityDescriptorInfo Learn more about the SeSetSecurityDescriptorInfo function. |
SeSetSecurityDescriptorInfoEx Learn more about the SeSetSecurityDescriptorInfoEx function. |
SeSetSessionIdToken Microsoft reserves the SeSetSessionIdToken function for internal use only. Don't use this function in your code. |
SeTokenGetNoChildProcessRestricted The SeTokenGetNoChildProcessRestricted routine determines the state of the no child process mitigation. It is not possible to be enforced and audit-only at the same time. |
SeTokenIsAdmin The SeTokenIsAdmin routine determines whether a token contains the local administrators group. |
SeTokenIsNoChildProcessRestrictionEnforced The SeTokenIsNoChildProcessRestrictionEnforced routine determines if the token carries the no child process restriction. |
SeTokenIsRestricted The SeTokenIsRestricted routine determines whether a token contains a list of restricting security identifiers (SID). |
SeTokenSetNoChildProcessRestricted The SeTokenSetNoChildProcessRestricted routine sets the TOKEN_AUDIT_NO_CHILD_PROCESS or TOKEN_AUDIT_NO_CHILD_PROCESS flags in the token. |
SeTokenType Microsoft reserves the SeTokenType function for internal use only. Don't use this function in your code. |
SeUnlockSubjectContext Learn more about the SeUnlockSubjectContext routine. |
SeUnregisterLogonSessionTerminatedRoutine The SeUnregisterLogonSessionTerminatedRoutine routine unregisters a callback routine that was registered by an earlier call to SeRegisterLogonSessionTerminatedRoutine. |
ZwAllocateVirtualMemory The ZwAllocateVirtualMemory routine reserves, commits, or both, a region of pages within the user-mode virtual address space of a specified process. |
ZwCreateEvent The ZwCreateEvent routine creates an event object, sets the initial state of the event to the specified value, and opens a handle to the object with the specified desired access. |
ZwDeleteFile Learn more about the ZwDeleteFile function. |
ZwDeviceIoControlFile Learn how the ZwDeviceIoControlFile routine sends a control code directly to a specified device driver, causing the corresponding driver to perform the specified operation. |
ZwDuplicateObject The ZwDuplicateObject routine creates a handle that is a duplicate of the specified source handle. |
ZwDuplicateToken Learn more about the ZwDuplicateToken function. |
ZwFlushBuffersFile The ZwFlushBuffersFile routine is called by a file system filter driver to send a flush request for the specified file to the file system. |
ZwFlushBuffersFileEx The ZwFlushBuffersFileEx routine is called by a file system filter driver to send a flush request for a given file to the file system. An optional flush operation flag can be set to control how file data is written to storage. |
ZwFlushVirtualMemory The ZwFlushVirtualMemory routine flushes a range of virtual addresses within the virtual address space of a specified process which map to a data file back out to the data file if they have been modified. |
ZwFreeVirtualMemory The ZwFreeVirtualMemory routine releases, decommits, or both, a region of pages within the virtual address space of a specified process. |
ZwFsControlFile The ZwFsControlFile routine sends a control code directly to a specified file system or file system filter driver, causing the corresponding driver to perform the specified action. |
ZwLockFile Learn more about the ZwLockFile routine. |
ZwNotifyChangeKey Learn more about the ZwNotifyChangeKey function. |
ZwOpenDirectoryObject The ZwOpenDirectoryObject routine opens an existing directory object. |
ZwOpenProcessTokenEx The ZwOpenProcessTokenEx routine opens the access token associated with a process. |
ZwOpenThreadTokenEx The ZwOpenThreadTokenEx routine opens the access token associated with a thread. |
ZwQueryDirectoryFile The ZwQueryDirectoryFile routine returns various kinds of information about files in the directory specified by a given file handle. |
ZwQueryDirectoryFileEx Learn more about the ZwQueryDirectoryFileEx function. |
ZwQueryEaFile Learn more about the ZwQueryEaFile function. |
ZwQueryInformationToken The ZwQueryInformationToken routine retrieves a specified type of information about an access token. |
ZwQueryObject The ZwQueryObject routine provides information about a supplied object. If the call to NtQueryObject is in user mode, use the name NtQueryObject. |
ZwQueryQuotaInformationFile The ZwQueryQuotaInformationFile routine retrieves quota entries associated with the volume specified by the FileHandle parameter. |
ZwQuerySecurityObject The ZwQuerySecurityObject routine retrieves a copy of an object's security descriptor. A security descriptor can be in absolute or self-relative form. |
ZwQueryVirtualMemory The ZwQueryVirtualMemory routine determines the state, protection, and type of a region of pages within the virtual address space of the subject process. |
ZwQueryVolumeInformationFile Learn how the ZwQueryVolumeInformationFile routine retrieves information about the volume associated with a given file, directory, storage device, or volume. |
ZwSetEaFile Learn more about the ZwSetEaFile function. |
ZwSetEvent The ZwSetEvent routine sets an event object to a Signaled state and attempts to satisfy as many waits as possible. |
ZwSetInformationToken The ZwSetInformationToken routine modifies information in a specified token. The calling process must have appropriate access rights to set the information. |
ZwSetInformationVirtualMemory The ZwSetInformationVirtualMemory routine performs an operation on a specified list of address ranges in the user address space of a process. |
ZwSetQuotaInformationFile The ZwSetQuotaInformationFile routine changes quota entries for the volume associated with the FileHandle parameter. All of the quota entries in the specified buffer are applied to the volume. |
ZwSetSecurityObject The ZwSetSecurityObject routine sets an object's security state. |
ZwSetVolumeInformationFile The ZwSetVolumeInformationFile routine modifies information about the volume associated with a given file, directory, storage device, or volume. |
ZwUnlockFile The ZwUnlockFile routine unlocks a byte-range lock in a file. |
ZwWaitForSingleObject Learn more about the ZwWaitForSingleObject routine. |
Callback functions
ALLOCATE_VIRTUAL_MEMORY_EX_CALLBACK Learn more about the ALLOCATE_VIRTUAL_MEMORY_EX_CALLBACK callback function. |
DRIVER_FS_NOTIFICATION A PDRIVER_FS_NOTIFICATION-typed routine is called by the operating system when a file system registers or unregisters itself by using IoRegisterFileSystem or IoUnregisterFileSystem. |
FREE_VIRTUAL_MEMORY_EX_CALLBACK Learn more about the FREE_VIRTUAL_MEMORY_EX_CALLBACK callback function. |
PCOMPLETE_LOCK_IRP_ROUTINE Learn more about the PCOMPLETE_LOCK_IRP_ROUTINE callback function. |
PFSRTL_EXTRA_CREATE_PARAMETER_CLEANUP_CALLBACK A filter driver can register a PFSRTL_EXTRA_CREATE_PARAMETER_CLEANUP_CALLBACK-typed routine as the filter driver's CleanupCallback callback routine for an extra create parameter (ECP) context structure. |
PUNLOCK_ROUTINE Learn more about the PUNLOCK_ROUTINE callback routine. |
QUERY_VIRTUAL_MEMORY_CALLBACK Learn more about the QUERY_VIRTUAL_MEMORY_CALLBACK callback function. |
RTL_HEAP_COMMIT_ROUTINE Learn more about the RTL_HEAP_COMMIT_ROUTINE callback routine. |
Structures
ACCESS_ALLOWED_ACE The ACCESS_ALLOWED_ACE structure defines an access-control entry (ACE) for the discretionary access-control list (DACL) that controls access to an object. |
ACCESS_DENIED_ACE The ACCESS_DENIED_ACE structure defines an access-control entry (ACE) for the discretionary access-control list (DACL) controlling access to an object. |
ACE_HEADER The ACE_HEADER structure describes the type and size of an access-control entry (ACE). |
ATOMIC_CREATE_ECP_CONTEXT This structure allows supplemental operations to be performed on a file atomically during create. |
BOOT_AREA_INFO The BOOT_AREA_INFO structure contains the output for the FSCTL_GET_BOOT_AREA_INFO control code. |
CC_FILE_SIZES Learn more about the CC_FILE_SIZES structure. |
COPY_INFORMATION Learn more about the COPY_INFORMATION structure. |
CREATE_REDIRECTION_ECP_CONTEXT Learn more about the CREATE_REDIRECTION_ECP_CONTEXT structure. |
CSV_DOWN_LEVEL_OPEN_ECP_CONTEXT Learn more about the CSV_DOWN_LEVEL_OPEN_ECP_CONTEXT structure. |
CSV_QUERY_FILE_REVISION_ECP_CONTEXT Learn more about the CSV_QUERY_FILE_REVISION_ECP_CONTEXT structure. |
CSV_QUERY_FILE_REVISION_ECP_CONTEXT_FILE_ID_128 Learn more about the CSV_QUERY_FILE_REVISION_ECP_CONTEXT_FILE_ID_128 structure. |
CSV_SET_HANDLE_PROPERTIES_ECP_CONTEXT Learn more about the CSV_SET_HANDLE_PROPERTIES_ECP_CONTEXT structure. |
DUAL_OPLOCK_KEY_ECP_CONTEXT Learn more about the DUAL_OPLOCK_KEY_ECP_CONTEXT structure. |
ECP_OPEN_PARAMETERS The ECP_OPEN_PARAMETERS structure allows a caller to specify the purpose of opening of a file without interfering with existing handles and/or oplocks on the file. |
ENCRYPTION_KEY_CTRL_INPUT Learn more about: ENCRYPTION_KEY_CTRL_INPUT structure |
FILE_ACCESS_INFORMATION The FILE_ACCESS_INFORMATION structure is used to query for or set the access rights of a file. |
FILE_ALL_INFORMATION The FILE_ALL_INFORMATION structure is a container for several FILE_XXX_INFORMATION structures. |
FILE_ALLOCATED_RANGE_BUFFER Learn more about the FILE_ALLOCATED_RANGE_BUFFER structure. |
FILE_ALLOCATION_INFORMATION Learn more about the FILE_ALLOCATION_INFORMATION structure. |
FILE_BOTH_DIR_INFORMATION The FILE_BOTH_DIR_INFORMATION structure is used to query detailed information for the files in a directory. |
FILE_CASE_SENSITIVE_INFORMATION The FILE_CASE_SENSITIVE_INFORMATION structure is used to query or set per-directory case-sensitive information. |
FILE_COMPLETION_INFORMATION The FILE_COMPLETION_INFORMATION structure contains the port handle and key for an I/O completion port created for a file handle. |
FILE_COMPRESSION_INFORMATION The FILE_COMPRESSION_INFORMATION structure describes the state of a compressed data buffer. |
FILE_DESIRED_STORAGE_CLASS_INFORMATION Contains the information for the Desired Storage Class attribute. |
FILE_DIRECTORY_INFORMATION The FILE_DIRECTORY_INFORMATION structure is used to query detailed information for the files in a directory. |
FILE_EA_INFORMATION The FILE_EA_INFORMATION structure is used to query for the size of the extended attributes (EA) for a file. |
FILE_FS_ATTRIBUTE_INFORMATION Learn more about the FILE_FS_ATTRIBUTE_INFORMATION structure. |
FILE_FS_CONTROL_INFORMATION Learn more about the FILE_FS_CONTROL_INFORMATION structure. |
FILE_FS_DRIVER_PATH_INFORMATION The FILE_FS_DRIVER_PATH_INFORMATION structure is used to query whether a given driver is in the I/O path for a file system volume. |
FILE_FS_PERSISTENT_VOLUME_INFORMATION Learn more about the FILE_FS_PERSISTENT_VOLUME_INFORMATION structure. |
FILE_FULL_DIR_INFORMATION The FILE_FULL_DIR_INFORMATION structure is used to query detailed information for the files in a directory. |
FILE_GET_EA_INFORMATION The FILE_GET_EA_INFORMATION structure is used to query for extended-attribute (EA) information. |
FILE_GET_QUOTA_INFORMATION The FILE_GET_QUOTA_INFORMATION structure is used to query for quota information. |
FILE_ID_64_EXTD_BOTH_DIR_INFORMATION Learn more about the FILE_ID_64_EXTD_BOTH_DIR_INFORMATION structure. |
FILE_ID_64_EXTD_DIR_INFORMATION Learn more about the FILE_ID_64_EXTD_DIR_INFORMATION structure. |
FILE_ID_ALL_EXTD_BOTH_DIR_INFORMATION Learn more about the FILE_ID_ALL_EXTD_BOTH_DIR_INFORMATION structure. |
FILE_ID_ALL_EXTD_DIR_INFORMATION Learn more about the FILE_ID_ALL_EXTD_DIR_INFORMATION structure. |
FILE_ID_BOTH_DIR_INFORMATION The FILE_ID_BOTH_DIR_INFORMATION structure is used to query file reference number information for the files in a directory. |
FILE_ID_EXTD_BOTH_DIR_INFORMATION Learn more about the FILE_ID_EXTD_BOTH_DIR_INFORMATION structure. |
FILE_ID_EXTD_DIR_INFORMATION Learn more about the FILE_ID_EXTD_DIR_INFORMATION structure. |
FILE_ID_FULL_DIR_INFORMATION The FILE_ID_FULL_DIR_INFORMATION structure is used to query detailed information for the files in a directory. |
FILE_ID_GLOBAL_TX_DIR_INFORMATION The FILE_ID_GLOBAL_TX_DIR_INFORMATION structure contains information about transactional visibility for the files in a directory. |
FILE_ID_INFORMATION FILE_ID_INFORMATION is used to query file identification information. |
FILE_INTERNAL_INFORMATION Learn more about FILE_INTERNAL_INFORMATION structure. |
FILE_KNOWN_FOLDER_INFORMATION Learn more about the FILE_KNOWN_FOLDER_INFORMATION structure. |
FILE_LEVEL_TRIM The FILE_LEVEL_TRIM structure contains an array of byte ranges to trim for a file. |
FILE_LEVEL_TRIM_OUTPUT The FILE_LEVEL_TRIM_OUTPUT structure contains the results of a trim operation performed by an FSCTL_FILE_LEVEL_TRIM request. |
FILE_LEVEL_TRIM_RANGE Contains the offset and length of a trim range for a file. |
FILE_LINK_ENTRY_INFORMATION The FILE_LINK_ENTRY_INFORMATION structure describes a single NTFS hard link to an existing file. |
FILE_LINK_INFORMATION The FILE_LINK_INFORMATION structure is used to create an NTFS hard link to an existing file. |
FILE_LINKS_INFORMATION Learn more about the FILE_LINKS_INFORMATION structure. |
FILE_LOCK Learn more about the FILE_LOCK structure. |
FILE_LOCK_INFO Learn more about the FILE_LOCK_INFO structure. |
FILE_MAILSLOT_QUERY_INFORMATION The FILE_MAILSLOT_QUERY_INFORMATION structure contains information about a mailslot. |
FILE_MAILSLOT_SET_INFORMATION The FILE_MAILSLOT_SET_INFORMATION structure is used to set a value on a mailslot. |
FILE_MODE_INFORMATION The FILE_MODE_INFORMATION structure is used to query or set the access mode of a file. |
FILE_NAMES_INFORMATION A FILE_NAMES_INFORMATION structure used to query detailed information about the names of files in a directory. |
FILE_NETWORK_PHYSICAL_NAME_INFORMATION Learn more about _FILE_NETWORK_PHYSICAL_NAME_INFORMATION structure. |
FILE_NOTIFY_EXTENDED_INFORMATION Learn more about the FILE_NOTIFY_EXTENDED_INFORMATION structure. |
FILE_NOTIFY_FULL_INFORMATION Learn more about the FILE_NOTIFY_FULL_INFORMATION structure. |
FILE_NOTIFY_INFORMATION Learn more about the FILE_NOTIFY_INFORMATION structure. |
FILE_OBJECTID_INFORMATION Learn more about the FILE_OBJECTID_INFORMATION structure. |
FILE_PIPE_INFORMATION The FILE_PIPE_INFORMATION structure contains information about a named pipe that is not specific to the local or the remote end of the pipe. |
FILE_PIPE_LOCAL_INFORMATION The FILE_PIPE_LOCAL_INFORMATION structure contains information about the local end of a named pipe. |
FILE_PIPE_REMOTE_INFORMATION The FILE_PIPE_REMOTE_INFORMATION structure contains information about the remote end of a named pipe. |
FILE_PROVIDER_EXTERNAL_INFO_V0 Learn more about the FILE_PROVIDER_EXTERNAL_INFO_V0 structure. |
FILE_PROVIDER_EXTERNAL_INFO_V1 Learn more about the FILE_PROVIDER_EXTERNAL_INFO_V1 structure. |
FILE_QUOTA_INFORMATION The FILE_QUOTA_INFORMATION structure is used to query or set per-user quota information for each of the files in a directory. |
FILE_REGION_INFO Learn more about the FILE_REGION_INFO structure. |
FILE_REGION_INPUT Learn more about the FILE_REGION_INPUT structure. |
FILE_REGION_OUTPUT Learn more about the FILE_REGION_OUTPUT structure. |
FILE_REMOTE_PROTOCOL_INFORMATION The FILE_REMOTE_PROTOCOL_INFORMATION structure contains file remote protocol information. |
FILE_RENAME_INFORMATION The FILE_RENAME_INFORMATION structure is used to rename a file. |
FILE_REPARSE_POINT_INFORMATION The FILE_REPARSE_POINT_INFORMATION structure is used to query for information about a reparse point. |
FILE_STANDARD_LINK_INFORMATION FILE_STANDARD_LINK_INFORMATION is used to query file link information. |
FILE_STAT_BASIC_INFORMATION Learn more about FILE_STAT_BASIC_INFORMATION structure. |
FILE_STAT_INFORMATION The FILE_STAT_INFORMATION structure contains metadata about a file. |
FILE_STAT_LX_INFORMATION The FILE_STAT_LX_INFORMATION structure contains metadata about a file. |
FILE_STORAGE_RESERVE_ID_INFORMATION Learn more about the FILE_STORAGE_RESERVE_ID_INFORMATION structure. |
FILE_STREAM_INFORMATION Learn more about FILE_STREAM_INFORMATION structure. |
FILE_TIMESTAMPS The FILE_TIMESTAMPS structure specifies the last recorded instance of specific actions on a file. |
FILE_ZERO_DATA_INFORMATION The _FILE_ZERO_DATA_INFORMATION structure contains a range of a file to set to zeros. This structure is used by the FSCTL_SET_ZERO_DATA control code. |
FILE_ZERO_DATA_INFORMATION_EX The _FILE_ZERO_DATA_INFORMATION_EX structure contains a range of a file to set to zeros. This structure is used by the FSCTL_SET_ZERO_DATA control code. |
FS_BPIO_INFO The FS_BPIO_INFO structure provides information about the BypassIO state of the volume. |
FS_BPIO_INPUT The FS_BPIO_INPUT structure specifies the requested BypassIO operation and flags for the FSCTL_MANAGE_BYPASS_IO control code. |
FS_BPIO_OUTPUT The FS_BPIO_OUTPUT structure is used to return information about the BypassIO operation for the FSCTL_MANAGE_BYPASS_IO control code. |
FS_BPIO_RESULTS The FS_BPIO_RESULTS structure defines BypassIO operation-specific outputs for FS_BPIO_OP_ENABLE and FS_BPIO_OP_QUERY operations when a driver is failing the operation. |
FS_FILTER_CALLBACK_DATA FS_FILTER_CALLBACK_DATA is the callback data structure for a FS_FILTER_CALLBACKS's FS_FILTER_CALLBACK or FS_FILTER_COMPLETION_CALLBACK operation. |
FS_FILTER_CALLBACKS The FS_FILTER_CALLBACKS structure contains the entry points of caller-supplied notification callback routines. |
FS_FILTER_SECTION_SYNC_OUTPUT The FS_FILTER_SECTION_SYNC_OUTPUT structure contains information describing the attributes of the section that is being created. |
FSCTL_OFFLOAD_READ_INPUT Learn more about the FSCTL_OFFLOAD_READ_INPUT structure. |
FSCTL_OFFLOAD_READ_OUTPUT The FSCTL_OFFLOAD_READ_OUTPUT structure contains the output for the FSCTL_OFFLOAD_READ control code request. |
FSCTL_OFFLOAD_WRITE_INPUT Learn more about the FSCTL_OFFLOAD_WRITE_INPUT structure. |
FSCTL_OFFLOAD_WRITE_OUTPUT Learn more about the FSCTL_OFFLOAD_WRITE_OUTPUT structure. |
FSCTL_QUERY_VOLUME_NUMA_INFO_OUTPUT The FSCTL_QUERY_VOLUME_NUMA_INFO_OUTPUT structure specifies the Non-Uniform Memory Architecture (NUMA) node the volume resides on. |
FSRTL_ADVANCED_FCB_HEADER The FSRTL_ADVANCED_FCB_HEADER structure contains context information that a file system maintains about a file. |
FSRTL_COMMON_FCB_HEADER Learn more about the FSRTL_COMMON_FCB_HEADER structure. |
FSRTL_PER_FILE_CONTEXT A legacy file system filter driver can use a FSRTL_PER_FILE_CONTEXT structure to associate driver-specific context information to an open file. |
FSRTL_PER_FILEOBJECT_CONTEXT The opaque FSRTL_PER_FILEOBJECT_CONTEXT structure is used by the operating system to track file system filter-driver-defined context information structures for a file object. |
FSRTL_PER_STREAM_CONTEXT The FSRTL_PER_STREAM_CONTEXT structure contains context information that a file system filter driver maintains about a file stream. |
IO_CREATE_STREAM_FILE_OPTIONS Learn more about the IO_CREATE_STREAM_FILE_OPTIONS structure. |
IO_DEVICE_HINT_ECP_CONTEXT Learn more about the IO_DEVICE_HINT_ECP_CONTEXT structure. |
IO_PRIORITY_INFO The IO_PRIORITY_INFO structure is used to hold thread priority information. |
IO_STOP_ON_SYMLINK_FILTER_ECP_v0 Learn more about: IO_STOP_ON_SYMLINK_FILTER_ECP_v0 structure |
LINK_TRACKING_INFORMATION Learn more about the LINK_TRACKING_INFORMATION structure. |
MARK_HANDLE_INFO A MARK_HANDLE_INFO structure is passed as the input buffer during a FSCTL_MARK_HANDLE control code request. |
MARK_HANDLE_INFO32 Version of MARK_HANDLE_INFO structure used for thunking. |
MEMORY_BASIC_INFORMATION Contains information about a range of pages in the virtual address space of a process. |
NETWORK_APP_INSTANCE_EA An Extended Attribute (EA) structure for processes using Server Message Block (SMB) Cluster Client Failover. |
NETWORK_APP_INSTANCE_ECP_CONTEXT The NETWORK_APP_INSTANCE_ECP_CONTEXT structure is an Extra Create Parameter (ECP) and contains an application instance identifier to associate with a file. |
NETWORK_OPEN_ECP_CONTEXT The NETWORK_OPEN_ECP_CONTEXT structure is used to interpret network extra create parameter (ECP) contexts on files. |
NETWORK_OPEN_ECP_CONTEXT_V0 The NETWORK_OPEN_ECP_CONTEXT_V0 structure is used to interpret network extra create parameter (ECP) contexts on files. |
NFS_OPEN_ECP_CONTEXT The NFS_OPEN_ECP_CONTEXT structure is used by the Network File System (NFS) server to open files in response to client requests. |
OPEN_REPARSE_LIST Points to a list of OPEN_REPARSE_LIST_ENTRY structures that specify the tag and possibly GUID that should be opened directly without returning STATUS_REPARSE. |
OPEN_REPARSE_LIST_ENTRY This structure supports callers opening specific reparse points without inhibiting reparse behavior for all classes of reparse points. |
OPLOCK_KEY_ECP_CONTEXT Learn more about the OPLOCK_KEY_ECP_CONTEXT structure. |
OPLOCK_NOTIFY_PARAMS The OPLOCK_NOTIFY_PARAMS structure is passed as a parameter to a NotifyRoutine callback when such a callback is provided to FsRtlCheckOplockEx2. |
PREFETCH_OPEN_ECP_CONTEXT Learn more about the PREFETCH_OPEN_ECP_CONTEXT structure. |
PUBLIC_OBJECT_BASIC_INFORMATION The PUBLIC_OBJECT_BASIC_INFORMATION structure holds a subset of the full information that is available for an object. |
PUBLIC_OBJECT_TYPE_INFORMATION The PUBLIC_OBJECT_TYPE_INFORMATION structure holds the type name of the object. |
QUERY_FILE_LAYOUT_INPUT The QUERY_FILE_LAYOUT_INPUT structure selects which file layout entries are returned from a FSCTL_QUERY_FILE_LAYOUT request. |
QUERY_FILE_LAYOUT_OUTPUT The QUERY_FILE_LAYOUT_OUTPUT structure serves as a header for the file layout entries that are returned from a FSCTL_QUERY_FILE_LAYOUT request. |
QUERY_ON_CREATE_EA_INFORMATION The QUERY_ON_CREATE_EA_INFORMATION structure is used to write file information when FltRequestFileInfoOnCreateCompletion is called with the QoCFileEaInformation flag set in the InfoClassFlags parameter. |
QUERY_ON_CREATE_ECP_CONTEXT QUERY_ON_CREATE_ECP_CONTEXT is reserved for system use. |
QUERY_ON_CREATE_FILE_LX_INFORMATION The QUERY_ON_CREATE_FILE_LX_INFORMATION structure is used to write a file's Linux metadata extended attributes when FltRequestFileInfoOnCreateCompletion is called with the QoCFileLxInformation flag set in the InfoClassFlags parameter. |
QUERY_ON_CREATE_FILE_STAT_INFORMATION The QUERY_ON_CREATE_FILE_STAT_INFORMATION structure is used to write file information when FltRequestFileInfoOnCreateCompletion is called with the QoCFileStatInformation flag set in the InfoClassFlags parameter. |
QUERY_ON_CREATE_SECURITY_INFORMATION The QUERY_ON_CREATE_SECURITY_INFORMATION structure is used to write file information when FltRequestSecurityInfoOnCreateCompletion is called in pre-create. |
QUERY_ON_CREATE_USN_INFORMATION The QUERY_ON_CREATE_USN_INFORMATION structure is used to write file information when FltRequestFileInfoOnCreateCompletion is called with the QoCFileUsnInformation flag set in the InfoClassFlags parameter. |
QUERY_PATH_REQUEST Learn more about the QUERY_PATH_REQUEST structure. |
QUERY_PATH_REQUEST_EX Learn more about the QUERY_PATH_REQUEST_EX structure. |
QUERY_PATH_RESPONSE Learn more about the QUERY_PATH_RESPONSE structure. |
READ_AHEAD_PARAMETERS Learn more about the READ_AHEAD_PARAMETERS structure. |
REARRANGE_FILE_DATA Learn more about the REARRANGE_FILE_DATA structure. |
REFS_DEALLOCATE_RANGES_INPUT_BUFFER_EX Learn more about the REFS_DEALLOCATE_RANGES_INPUT_BUFFER_EX structure. |
REFS_SMR_VOLUME_GC_PARAMETERS The REFS_SMR_VOLUME_GC_PARAMETERS structure. |
REFS_SMR_VOLUME_INFO_OUTPUT The REFS_SMR_VOLUME_INFO_OUTPUT structure describes a Shingled Magnetic Recording (SMR) volume's current state on space and garbage collection activities. |
REPARSE_DATA_BUFFER The REPARSE_DATA_BUFFER structure contains reparse point data for a Microsoft reparse point. |
REPARSE_DATA_BUFFER_EX The REPARSE_DATA_BUFFER_EX structure contains data for a reparse point. |
REPARSE_GUID_DATA_BUFFER The REPARSE_GUID_DATA_BUFFER structure contains reparse point data for a reparse point. |
RKF_BYPASS_ECP_CONTEXT Learn more about the RKF_BYPASS_ECP_CONTEXT structure. |
RTL_HEAP_PARAMETERS Learn more about the RTL_HEAP_PARAMETERS structure. |
RTL_SEGMENT_HEAP_MEMORY_SOURCE The RTL_SEGMENT_HEAP_MEMORY_SOURCE structure specifies the segment heap memory source. |
RTL_SEGMENT_HEAP_PARAMETERS The RTL_SEGMENT_HEAP_PARAMETERS structure contains the segment heap parameters. |
RTL_SEGMENT_HEAP_VA_CALLBACKS Learn more about the RTL_SEGMENT_HEAP_VA_CALLBACKS structure. |
SE_EXPORTS Learn more about the SE_EXPORTS structure. |
SE_SID The SE_SID union holds the maximum-sized valid Security Identifier (SID). The structure occupies 68-bytes and is suitable for stack allocation. |
SE_TOKEN_USER The SE_TOKEN_USER structure holds the maximum-sized valid user SID that can be returned by SeQueryInformationToken, GetTokenInformation, or ZwQueryInformationToken with the TokenUser information class. This structure is suitable for stack allocation. |
SEC_CERTIFICATE_REQUEST_CONTEXT Learn more about the SEC_CERTIFICATE_REQUEST_CONTEXT structure. |
SECURITY_DESCRIPTOR The SECURITY_DESCRIPTOR structure contains the security information associated with an object. Drivers use this structure to set and query an object's security status. |
SET_CACHED_RUNS_STATE_INPUT_BUFFER Learn more about the SET_CACHED_RUNS_STATE_INPUT_BUFFER structure. |
SET_DAX_ALLOC_ALIGNMENT_HINT_INPUT Learn more about the SET_DAX_ALLOC_ALIGNMENT_HINT_INPUT structure. |
SET_PURGE_FAILURE_MODE_INPUT Learn more about the SET_PURGE_FAILURE_MODE_INPUT structure. |
SHUFFLE_FILE_DATA Lear more about the SHUFFLE_FILE_DATA structure. |
SID The security identifier (SID) structure is a variable-length structure used to uniquely identify users or groups. |
SID_AND_ATTRIBUTES The SID_AND_ATTRIBUTES structure represents a security identifier (SID) and its attributes. SIDs are used to uniquely identify users or groups. |
SID_AND_ATTRIBUTES_HASH Learn more about the SID_AND_ATTRIBUTES_HASH structure. |
SID_IDENTIFIER_AUTHORITY The SID_IDENTIFIER_AUTHORITY structure represents the top-level authority of a security identifier (SID). |
SRV_OPEN_ECP_CONTEXT The SRV_OPEN_ECP_CONTEXT structure is used by a server to conditionally open files in response to client requests. |
SYSTEM_ALARM_ACE Reserved for future use. |
SYSTEM_AUDIT_ACE The SYSTEM_AUDIT_ACE structure defines an access-control entry (ACE) for the system access-control list (ACL) specifying what types of access cause system-level notifications. |
SYSTEM_PROCESS_TRUST_LABEL_ACE Reserved. |
SYSTEM_RESOURCE_ATTRIBUTE_ACE The SYSTEM_RESOURCE_ATTRIBUTE_ACE structure defines an access-control entry (ACE) for the system access-control list (ACL) specifying what rights a particular claim has to a resource. |
SYSTEM_SCOPED_POLICY_ID_ACE The SYSTEM_SCOPED_POLICY_ID_ACE structure defines an access-control entry (ACE) for the system access-control list (ACL) specifying rights for a scoped policy identifier. |
TOKEN_ACCESS_INFORMATION Learn more about the TOKEN_ACCESS_INFORMATION structure. |
TOKEN_CONTROL The TOKEN_CONTROL structure contains information that identifies an access token. |
TOKEN_DEFAULT_DACL The TOKEN_DEFAULT_DACL structure specifies a discretionary access-control list (DACL). |
TOKEN_GROUPS TOKEN_GROUPS contains information about the group security identifiers (SID) in an access token. |
TOKEN_GROUPS_AND_PRIVILEGES TOKEN_GROUPS_AND_PRIVILEGES contains information about the group security identifiers (SIDs) and privileges in an access token. |
TOKEN_MANDATORY_POLICY Learn more about the TOKEN_MANDATORY_POLICY structure. |
TOKEN_ORIGIN The TOKEN_ORIGIN structure contains information about the origin of the logon session. |
TOKEN_OWNER TOKEN_OWNER contains the default owner security identifier (SID) that will be applied to newly created objects. |
TOKEN_PRIMARY_GROUP TOKEN_PRIMARY_GROUP specifies a group security identifier (SID) for an access token. |
TOKEN_PRIVILEGES TOKEN_PRIVILEGES contains information about a set of privileges for an access token. |
TOKEN_SOURCE TOKEN_SOURCE identifies the source of an access token. |
TOKEN_STATISTICS TOKEN_STATISTICS contains information about an access token. A driver can retrieve this information by calling SeQueryInformationToken or ZwQueryInformationToken. |
TOKEN_USER TOKEN_USER identifies the user associated with an access token. |
TUNNEL Learn more about the TUNNEL structure. |
VETO_BINDING_ECP_CONTEXT Learn more about the VETO_BINDING_ECP_CONTEXT structure. |
VIRTUAL_STORAGE_SET_BEHAVIOR_INPUT Learn more about: _VIRTUAL_STORAGE_SET_BEHAVIOR_INPUT structure |
VIRTUALIZATION_INSTANCE_INFO_INPUT_EX Learn more about: _VIRTUALIZATION_INSTANCE_INFO_INPUT_EX structure |
WIM_PROVIDER_ADD_OVERLAY_INPUT Learn more about the WIM_PROVIDER_ADD_OVERLAY_INPUT structure. |
WIM_PROVIDER_EXTERNAL_INFO Learn more about the WIM_PROVIDER_EXTERNAL_INFO structure. |
WIM_PROVIDER_OVERLAY_ENTRY Learn more about the WIM_PROVIDER_OVERLAY_ENTRY structure. |
WIM_PROVIDER_REMOVE_OVERLAY_INPUT Learn more about the WIM_PROVIDER_REMOVE_OVERLAY_INPUT structure. |
WIM_PROVIDER_SUSPEND_OVERLAY_INPUT Learn more about the WIM_PROVIDER_SUSPEND_OVERLAY_INPUT structure. |
WIM_PROVIDER_UPDATE_OVERLAY_INPUT Learn more about the WIM_PROVIDER_UPDATE_OVERLAY_INPUT structure. |
WOF_EXTERNAL_FILE_ID Learn more about the WOF_EXTERNAL_FILE_ID structure. |
WOF_EXTERNAL_INFO Learn more about the WOF_EXTERNAL_INFO structure. |
WOF_VERSION_INFO Learn more about the WOF_VERSION_INFO structure. |
Enumerations
CSV_CONTROL_OP Specifies the type of cluster shared volume (CSV) control operation to use with the FSCTL_CSV_CONTROL control code. |
CSV_DOWN_LEVEL_FILE_TYPE Learn more about the CSV_DOWN_LEVEL_FILE_TYPE enumerator |
FILE_KNOWN_FOLDER_TYPE Learn more about the FILE_KNOWN_FOLDER_TYPE enumeration. |
FILE_STORAGE_TIER_CLASS Defines values for the type of desired storage class. |
FS_BPIO_INFLAGS FS_BPIO_INFLAGS defines the BypassIO input flags for the FSCTL_MANAGE_BYPASS_IO control code. |
FS_BPIO_OPERATIONS FS_BPIO_OPERATIONS defines the various BypassIO operations supported by the FSCTL_MANAGE_BYPASS_IO control code. |
FS_BPIO_OUTFLAGS FS_BPIO_OUTFLAGS defines the BypassIO output flags for the FSCTL_MANAGE_BYPASS_IO control code. |
FSRTL_CHANGE_BACKING_TYPE The FSRTL_CHANGE_BACKING_TYPE enumeration specifies the type of cache or control area that a file object designates. |
HEAP_MEMORY_INFO_CLASS Learn more about the HEAP_MEMORY_INFO_CLASS enumeration. |
LINK_TRACKING_INFORMATION_TYPE Learn more about the LINK_TRACKING_INFORMATION_TYPE enumeration. |
MEMORY_INFORMATION_CLASS Defines classes of memory information that can be retrieved by using the ZwQueryVirtualMemory function. |
NETWORK_OPEN_INTEGRITY_QUALIFIER The NETWORK_OPEN_INTEGRITY_QUALIFIER enumeration type contains values that identify the kind of integrity restriction to attach to a file. |
NETWORK_OPEN_LOCATION_QUALIFIER The NETWORK_OPEN_LOCATION_QUALIFIER enumeration type contains values that identify the kind of location restriction to attach to a file. |
OBJECT_INFORMATION_CLASS The OBJECT_INFORMATION_CLASS enumeration type represents the type of information to supply about an object. |
OPLOCK_NOTIFY_REASON OPLOCK_NOTIFY_REASON specifies the reason for calling the notification callback provided to FsRtlCheckOplockEx2. |
REFS_DEALLOCATE_RANGES_ALLOCATOR Learn more about the REFS_DEALLOCATE_RANGES_ALLOCATOR enumeration. |
REFS_SMR_VOLUME_GC_ACTION Learn more about the REFS_SMR_VOLUME_GC_ACTION enumeration. |
REFS_SMR_VOLUME_GC_METHOD Learn more about the REFS_SMR_VOLUME_GC_METHOD enumeration. |
REFS_SMR_VOLUME_GC_STATE Learn more about the REFS_SMR_VOLUME_GC_STATE enumeration. |
RTL_MEMORY_TYPE Defines the memory type the heap is supposed to use. |
SID_NAME_USE The SID_NAME_USE enumeration type contains values that specify the type of a security identifier (SID). |
SRV_INSTANCE_TYPE The SRV_INSTANCE_TYPE enumeration type describes the SRV instance type for an SRV_OPEN_ECP_CONTEXT. |
STORAGE_RESERVE_ID Defines the storage reserve ID of a file, directory, or storage reserve area. |
TOKEN_INFORMATION_CLASS Learn more about the TOKEN_INFORMATION_CLASS enumeration. |
TOKEN_TYPE The TOKEN_TYPE enumeration type contains values that differentiate between a primary token and an impersonation token. |
VIRTUAL_STORAGE_BEHAVIOR_CODE Configures file system-specific behaviors used on virtual storage devices. |