SHOW:
|
|
- or go back to the newest paste.
1 | - | C:\Program Files (x86)\Windows Kits\10\Include\10.0.10586.0\km\ntddk.h got some updates: |
1 | + | C:\Program Files (x86)\Windows Kits\10\Include\10.0.10586.0\km\ntifs.h got some updates: |
2 | ||
3 | ||
4 | #define SECURITY_USERMANAGER_ID_BASE_RID (0x0000005DL) | |
5 | #define SECURITY_USERMANAGER_ID_RID_COUNT (6L) | |
6 | ||
7 | #define SECURITY_WINRM_ID_BASE_RID (0x0000005EL) | |
8 | #define SECURITY_WINRM_ID_RID_COUNT (6L) | |
9 | ||
10 | typedef struct _SE_ADT_PARAMETER_ARRAY_EX { | |
11 | ||
12 | ULONG CategoryId; | |
13 | ULONG AuditId; | |
14 | ULONG Version; | |
15 | ULONG ParameterCount; | |
16 | ULONG Length; | |
17 | USHORT FlatSubCategoryId; | |
18 | - | ///// |
18 | + | |
19 | ULONG Flags; | |
20 | - | not sure why this was added now here: |
20 | + | |
21 | ||
22 | } SE_ADT_PARAMETER_ARRAY_EX, *PSE_ADT_PARAMETER_ARRAY_EX; | |
23 | ||
24 | - | // Page/memory priorities. |
24 | + | // V2 Drops support for LM hash, but adds the credential key |
25 | typedef struct _MSV1_0_SUPPLEMENTAL_CREDENTIAL_V2 { | |
26 | ULONG Version; | |
27 | - | #define MEMORY_PRIORITY_LOWEST 0 |
27 | + | |
28 | - | #define MEMORY_PRIORITY_VERY_LOW 1 |
28 | + | UCHAR NtPassword[MSV1_0_OWF_PASSWORD_LENGTH]; |
29 | - | #define MEMORY_PRIORITY_LOW 2 |
29 | + | UCHAR CredentialKey[MSV1_0_OWF_PASSWORD_LENGTH]; |
30 | - | #define MEMORY_PRIORITY_MEDIUM 3 |
30 | + | } MSV1_0_SUPPLEMENTAL_CREDENTIAL_V2, *PMSV1_0_SUPPLEMENTAL_CREDENTIAL_V2; |
31 | - | #define MEMORY_PRIORITY_BELOW_NORMAL 4 |
31 | + | |
32 | - | #define MEMORY_PRIORITY_NORMAL 5 |
32 | + | #if (_WIN32_WINNT >= _WIN32_WINNT_WINTHRESHOLD) |
33 | #define FSCTL_QUERY_VOLUME_CONTAINER_STATE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 228, METHOD_BUFFERED, FILE_ANY_ACCESS) | |
34 | - | ///////////// |
34 | + | #define FSCTL_SET_LAYER_ROOT CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 229, METHOD_BUFFERED, FILE_ANY_ACCESS) // CONTAINER_ROOT_INFO_INPUT CONTAINER_ROOT_INFO_OUTPUT |
35 | #endif | |
36 | ||
37 | // TODO_WIN32_WINNT_WIN10_TH2 | |
38 | - | // Process mitigation policy information |
38 | + | #if (_WIN32_WINNT >= _WIN32_WINNT_WINTHRESHOLD) |
39 | - | // NtSetInformationProcess using ProcessMitigationPolicy |
39 | + | #define FSCTL_QUERY_DIRECT_ACCESS_EXTENTS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 230, METHOD_NEITHER, FILE_ANY_ACCESS) |
40 | #define FSCTL_NOTIFY_STORAGE_SPACE_ALLOCATION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 231, METHOD_BUFFERED, FILE_ANY_ACCESS) | |
41 | #define FSCTL_SSDI_STORAGE_REQUEST CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 232, METHOD_BUFFERED, FILE_ANY_ACCESS) | |
42 | ||
43 | - | typedef enum _PROCESS_MITIGATION_POLICY { |
43 | + | |
44 | - | ProcessControlFlowGuardPolicy, |
44 | + | #define FILE_STORAGE_TIER_FLAG_PARITY (0x00800000) |
45 | - | ProcessImageLoadPolicy |
45 | + | |
46 | - | } PROCESS_MITIGATION_POLICY, *PPROCESS_MITIGATION_POLICY; |
46 | + | #if (_WIN32_WINNT >= _WIN32_WINNT_WINTHRESHOLD) |
47 | ||
48 | - | //////// |
48 | + | typedef struct _CONTAINER_VOLUME_STATE { |
49 | ULONG Flags; | |
50 | } CONTAINER_VOLUME_STATE, *PCONTAINER_VOLUME_STATE; | |
51 | - | // Known extended CPU state feature BITs |
51 | + | |
52 | #define CONTAINER_VOLUME_STATE_HOSTING_CONTAINER (0x00000001) | |
53 | ||
54 | - | // 8 IPT Supervisor |
54 | + | |
55 | typedef struct _CONTAINER_ROOT_INFO_INPUT { | |
56 | - | #define XSTATE_IPT (8) |
56 | + | |
57 | } CONTAINER_ROOT_INFO_INPUT, *PCONTAINER_ROOT_INFO_INPUT; | |
58 | - | #define XSTATE_MASK_IPT (1ui64 << (XSTATE_IPT)) |
58 | + | |
59 | typedef struct _CONTAINER_ROOT_INFO_OUTPUT { | |
60 | USHORT ContainerRootIdLength; | |
61 | - | // Define legal values for the SystemCall member. |
61 | + | UCHAR ContainerRootId[ANYSIZE_ARRAY]; |
62 | } CONTAINER_ROOT_INFO_OUTPUT, *PCONTAINER_ROOT_INFO_OUTPUT; | |
63 | ||
64 | - | #define SYSTEM_CALL_SYSCALL 0 |
64 | + | #define CONTAINER_ROOT_INFO_FLAG_SCRATCH_ROOT (0x00000001) |
65 | - | #define SYSTEM_CALL_INT_2E 1 |
65 | + | #define CONTAINER_ROOT_INFO_FLAG_LAYER_ROOT (0x00000002) |
66 | ||
67 | - | ////// |
67 | + | |
68 | ||
69 | // | |
70 | // Tag allocated to DropBox for HSM | |
71 | - | // On AMD64, this value is initialized to a nonzero value if the system |
71 | + | // GUID: C5BB0F16-68E9-4456-B6B9-5F5EE5F89965 |
72 | - | // operates with an altered view of the system service call mechanism. |
72 | + | |
73 | ||
74 | #define IO_REPARSE_TAG_DROPBOX_HSM (0x00000044L) | |
75 | - | ULONG SystemCall; |
75 | + | |
76 | ||
77 | typedef enum _SharedVirtualDiskSupportType | |
78 | - | // Reserved, available for reuse. |
78 | + | { |
79 | // | |
80 | // The target device supports Continuous Data | |
81 | - | ULONG SystemCallPad0; |
81 | + | // Protection (log based) snapshots. |
82 | - | ULONGLONG SystemCallPad[2]; |
82 | + | |
83 | SharedVirtualDiskCDPSnapshotsSupported = 7 | |
84 | } SharedVirtualDiskSupportType; | |
85 | - | // A bitmask of enclave features supported on this system. |
85 | + | |
86 | #if (NTDDI_VERSION >= NTDDI_WINTHRESHOLD) | |
87 | - | |
87 | + | |
88 | - | ULONG EnclaveFeatureMask[4]; |
88 | + | VOID |
89 | SeAuditFipsCryptoSelftests( | |
90 | _In_ BOOLEAN bSuccess, | |
91 | - | // Assembler logic assumes a zero value for syscall and a nonzero value for |
91 | + | _In_ ULONG SelftestCode |
92 | - | // int 2e, and that no other values exist presently for the SystemCall field. |
92 | + | |
93 | #endif | |
94 | ||
95 | - | C_ASSERT(SYSTEM_CALL_SYSCALL == 0); |
95 | + | |
96 | - | C_ASSERT(SYSTEM_CALL_INT_2E == 1); |
96 | + | // Registration version post threshold. |
97 | // | |
98 | #define FSRTL_UNC_REGISTRATION_VERSION_0201 0x0201 | |
99 | - | C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, SystemCall) == 0x308); |
99 | + | |
100 | - | C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, SystemCallPad0) == 0x30c); |
100 | + | |
101 | - | C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, SystemCallPad) == 0x310); |
101 | + | |
102 | // | |
103 | - | C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, EnclaveFeatureMask) == 0x36c); |
103 | + | // FSRTL_UNC_REGISTRATION_VERSION_0201 is available in post threshold only. |
104 | - | C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, Reserved8) == 0x37c); |
104 | + | // Change NTDDI_WINTHRESHOLD to appropriate value when new |
105 | // version is avaialble. | |
106 | // | |
107 | - | Silo functions now at DISPATCH_LEVEL not APC_LEVEL: |
107 | + | #if (NTDDI_VERSION >= NTDDI_WINTHRESHOLD) /* ABRACADABRA_THRESHOLD */ |
108 | ||
109 | - | _IRQL_requires_max_(DISPATCH_LEVEL) |
109 | + | #define FSRTL_UNC_REGISTRATION_CURRENT_VERSION FSRTL_UNC_REGISTRATION_VERSION_0201 // Current version is 2.1 |
110 | ||
111 | - | PESILO |
111 | + | #elif (NTDDI_VERSION >= NTDDI_WINBLUE) /* ABRACADABRA_THRESHOLD */ |
112 | - | PsGetCurrentServerSilo( |
112 | + | |
113 | - | VOID |
113 | + | #define FSRTL_UNC_REGISTRATION_CURRENT_VERSION FSRTL_UNC_REGISTRATION_VERSION_0200 // Current version is 2.0 |
114 | ||
115 | #endif | |
116 | - | ///////// |
116 | + | |
117 | #if (NTDDI_VERSION >= NTDDI_THRESHOLD) | |
118 | - | #if (NTDDI_VERSION >= NTDDI_WIN10) |
118 | + | |
119 | #define ATOMIC_CREATE_ECP_IN_FLAG_SPARSE_SPECIFIED 0x0001 | |
120 | - | NTSTATUS |
120 | + | #define ATOMIC_CREATE_ECP_IN_FLAG_REPARSE_POINT_SPECIFIED 0x0002 |
121 | - | IoVolumeDeviceNameToGuid( |
121 | + | #define ATOMIC_CREATE_ECP_IN_FLAG_EOF_SPECIFIED 0x0004 |
122 | - | _In_ PUNICODE_STRING VolumeDeviceName, |
122 | + | #define ATOMIC_CREATE_ECP_IN_FLAG_VDL_SPECIFIED 0x0008 |
123 | - | _Out_ GUID *Guid |
123 | + | #define ATOMIC_CREATE_ECP_IN_FLAG_OPERATION_MASK 0x00ff |
124 | ||
125 | #define ATOMIC_CREATE_ECP_IN_FLAG_BEST_EFFORT 0x0100 | |
126 | ||
127 | - | #if (NTDDI_VERSION >= NTDDI_WIN10) |
127 | + | #define ATOMIC_CREATE_ECP_OUT_FLAG_SPARSE_SET 0x0001 |
128 | - | _Must_inspect_result_ |
128 | + | #define ATOMIC_CREATE_ECP_OUT_FLAG_REPARSE_POINT_SET 0x0002 |
129 | #define ATOMIC_CREATE_ECP_OUT_FLAG_EOF_SET 0x0004 | |
130 | - | NTSTATUS |
130 | + | #define ATOMIC_CREATE_ECP_OUT_FLAG_VDL_SET 0x0008 |
131 | - | IoVolumeDeviceNameToGuidPath( |
131 | + | #define ATOMIC_CREATE_ECP_OUT_FLAG_OPERATION_MASK 0x00ff |
132 | - | _In_ PUNICODE_STRING VolumeDeviceName, |
132 | + | |
133 | - | _Out_ _At_(GuidPath->Buffer, |
133 | + | typedef struct _ATOMIC_CREATE_ECP_CONTEXT { |
134 | - | __drv_allocatesMem(Mem) |
134 | + | |
135 | - | _Post_notnull_) |
135 | + | |
136 | - | PUNICODE_STRING GuidPath |
136 | + | // Size of this context structure. |
137 | // | |
138 | ||
139 | USHORT Size; | |
140 | - | //// |
140 | + | |
141 | // | |
142 | - | typedef struct _IO_FOEXT_SILO_PARAMETERS { |
142 | + | // ATOMIC_CREATE_ECP_IN_FLAG_xxx flags. |
143 | // | |
144 | ||
145 | - | PESILO SiloContext; |
145 | + | USHORT InFlags; |
146 | ||
147 | - | } IO_FOEXT_SILO_PARAMETERS, *PIO_FOEXT_SILO_PARAMETERS; |
147 | + | |
148 | // ATOMIC_CREATE_ECP_OUT_FLAG_xxx flags. | |
149 | // | |
150 | - | PIO_FOEXT_SILO_PARAMETERS |
150 | + | |
151 | - | IoGetSiloParameters ( |
151 | + | USHORT OutFlags; |
152 | - | _In_ PFILE_OBJECT FileObject |
152 | + | |
153 | // | |
154 | // Size of the ReparseBuffer below. | |
155 | // | |
156 | - | ////////// |
156 | + | // This can't exceed MAXIMUM_REPARSE_DATA_BUFFER_SIZE (16K). |
157 | // | |
158 | - | typedef enum _HAL_SET_INFORMATION_CLASS { |
158 | + | |
159 | - | HalSetResetParkDisposition, // Set whether to park processors on reset (LOGICAL) |
159 | + | USHORT ReparseBufferLength; |
160 | - | } HAL_SET_INFORMATION_CLASS, *PHAL_SET_INFORMATION_CLASS; |
160 | + | |
161 | // | |
162 | // Optional REPARSE_DATA_BUFFER or REPARSE_GUID_DATA_BUFFER. | |
163 | // | |
164 | ||
165 | _Field_size_bytes_opt_(ReparseBufferLength) PREPARSE_DATA_BUFFER ReparseBuffer; | |
166 | ||
167 | // | |
168 | // Optional file size. | |
169 | // | |
170 | ||
171 | LONGLONG FileSize; | |
172 | ||
173 | // | |
174 | // Optional valid data length. | |
175 | // | |
176 | ||
177 | LONGLONG ValidDataLength; | |
178 | ||
179 | } ATOMIC_CREATE_ECP_CONTEXT, *PATOMIC_CREATE_ECP_CONTEXT; | |
180 | ||
181 | // | |
182 | // The GUID used for the ATOMIC_CREATE_ECP_CONTEXT structure. | |
183 | // | |
184 | // {4720bd83-52ac-4104-a130-d1ec6a8cc8e5} | |
185 | // | |
186 | ||
187 | DEFINE_GUID( GUID_ECP_ATOMIC_CREATE, | |
188 | 0x4720bd83, | |
189 | 0x52ac, | |
190 | 0x4104, | |
191 | 0xa1, 0x30, 0xd1, 0xec, 0x6a, 0x8c, 0xc8, 0xe5 ); | |
192 | ||
193 | #endif | |
194 | ||
195 | ||
196 | typedef struct _SEC_TOKEN_BINDING { | |
197 | unsigned char MajorVersion; // Supported major version of the Token Binding protocol | |
198 | unsigned char MinorVersion; // Supported minor version of the Token Binding protocol | |
199 | unsigned short KeyParametersSize; // Size in bytes of the Token Binding key parameter IDs array | |
200 | unsigned char KeyParameters[ANYSIZE_ARRAY]; // Token Binding key parameter IDs, most preferred first | |
201 | } SEC_TOKEN_BINDING, *PSEC_TOKEN_BINDING; |