📄 ntdll.h
字号:
DWORD NumberOfPages;
_HEAP_ENTRY* FirstEntry;
_HEAP_ENTRY* LastValidEntry;
DWORD NumberOfUnCommittedPages;
DWORD NumberOfUnCommittedRanges;
_HEAP_UNCOMMMTTED_RANGE* UnCommittedRanges;
DWORD AllocatorBackTraceIndex;
DWORD Reserved;
_HEAP_ENTRY* LastEntryInSegment;
};
struct __unnamed {
DWORD FreeListsInUseUlong[4];
DWORD FreeListsInUseBytes[16];
};
struct __unnamed {
DWORD FreeListsInUseTerminate;
DWORD DecommitCount;
};
struct _HEAP_PSEUDO_TAG_ENTRY {
DWORD Allocs;
DWORD Frees;
DWORD Size;
};
struct _HEAP_LOCK {
__unnamed Lock;
};
struct _HEAP {
_HEAP_ENTRY Entry;
DWORD Signature;
DWORD Flags;
DWORD ForceFlags;
DWORD VirtualMemoryThreshold;
DWORD SegmentReserve;
DWORD SegmentCommit;
DWORD DeCommitFreeBlockThreshold;
DWORD DeCommitTotalFreeThreshold;
DWORD TotalFreeSize;
DWORD MaximumAllocationSize;
DWORD ProcessHeapsListIndex;
DWORD HeaderValidateLength;
void* HeaderValidateCopy;
DWORD NextAvailableTagIndex;
DWORD MaximumTagIndex;
_HEAP_TAG_ENTRY* TagEntries;
_HEAP_UCR_SEGMENT* UCRSegments;
_HEAP_UNCOMMMTTED_RANGE* UnusedUnCommittedRanges;
DWORD AlignRound;
DWORD AlignMask;
_LIST_ENTRY VirtualAllocdBlocks;
_HEAP_SEGMENT* Segments[64];
__unnamed u;
__unnamed u2;
DWORD AllocatorBackTraceIndex;
DWORD NonDedicatedListLength;
void* LargeBlocksIndex;
_HEAP_PSEUDO_TAG_ENTRY* PseudoTagEntries;
_LIST_ENTRY FreeLists[128];
_HEAP_LOCK* LockVariable;
int (*CommitRoutine)(void*, void**, DWORD*);
void* FrontEndHeap;
DWORD FrontHeapLockCount;
DWORD FrontEndHeapType;
DWORD LastSegmentIndex;
};
struct _FNSAVE_FORMAT {
DWORD ControlWord;
DWORD StatusWord;
DWORD TagWord;
DWORD ErrorOffset;
DWORD ErrorSelector;
DWORD DataOffset;
DWORD DataSelector;
DWORD RegisterArea[80];
};
struct PROCESSOR_PERF_STATE {
DWORD PercentFrequency;
DWORD MinCapacity;
DWORD Power;
DWORD IncreaseLevel;
DWORD DecreaseLevel;
DWORD Flags;
DWORD IncreaseTime;
DWORD DecreaseTime;
DWORD IncreaseCount;
DWORD DecreaseCount;
DWORD PerformanceTime;
};
struct PROCESSOR_IDLE_TIMES {
DWORD StartTime;
DWORD EndTime;
DWORD IdleHandlerReserved[4];
};
enum _KWAIT_REASON {
Executive,
FreePage,
PageIn,
PoolAllocation,
DelayExecution,
Suspended,
UserRequest,
WrExecutive,
WrFreePage,
WrPageIn,
WrPoolAllocation,
WrDelayExecution,
WrSuspended,
WrUserRequest,
WrEventPair,
WrQueue,
WrLpcReceive,
WrLpcReply,
WrVirtualMemory,
WrPageOut,
WrRendezvous,
Spare2,
Spare3,
Spare4,
Spare5,
Spare6,
WrKernel,
MaximumWaitReason,
};
struct _HANDLE_TRACE_DB_ENTRY {
_CLIENT_ID ClientId;
void* Handle;
DWORD Type;
void* StackTrace[16];
};
struct _HANDLE_TRACE_DEBUG_INFO {
DWORD CurrentStackIndex;
_HANDLE_TRACE_DB_ENTRY TraceDb[4096];
};
struct _PROCESS_WS_WATCH_INFORMATION {
void* FaultingPc;
void* FaultingVa;
};
struct _PAGEFAULT_HISTORY {
DWORD CurrentIndex;
DWORD MaxIndex;
DWORD SpinLock;
void* Reserved;
_PROCESS_WS_WATCH_INFORMATION WatchInfo[1];
};
struct _HARDWARE_PTE_X86 {
DWORD Valid:1; // bit offset: 00, len=1
DWORD Write:1; // bit offset: 01, len=1
DWORD Owner:1; // bit offset: 02, len=1
DWORD WriteThrough:1; // bit offset: 03, len=1
DWORD CacheDisable:1; // bit offset: 04, len=1
DWORD Accessed:1; // bit offset: 05, len=1
DWORD Dirty:1; // bit offset: 06, len=1
DWORD LargePage:1; // bit offset: 07, len=1
DWORD Global:1; // bit offset: 08, len=1
DWORD CopyOnWrite:1; // bit offset: 09, len=1
DWORD Prototype:1; // bit offset: 0A, len=1
DWORD reserved:1; // bit offset: 0B, len=1
DWORD PageFrameNumber:20; // bit offset: 0C, len=20
};
struct _HEAP_ENTRY {
DWORD Size;
DWORD PreviousSize;
void* SubSegment;
DWORD SegmentIndex;
DWORD Flags;
DWORD UnusedBytes;
DWORD SmallTagIndex;
};
struct _GENERIC_MAPPING {
DWORD GenericRead;
DWORD GenericWrite;
DWORD GenericExecute;
DWORD GenericAll;
};
struct _OBJECT_DUMP_CONTROL {
void* Stream;
DWORD Detail;
};
enum _OB_OPEN_REASON {
ObCreateHandle,
ObOpenHandle,
ObDuplicateHandle,
ObInheritHandle,
ObMaxOpenReason,
};
struct _ACCESS_STATE {
_LUID OperationID;
DWORD SecurityEvaluated;
DWORD GenerateAudit;
DWORD GenerateOnClose;
DWORD PrivilegesAllocated;
DWORD Flags;
DWORD RemainingDesiredAccess;
DWORD PreviouslyGrantedAccess;
DWORD OriginalDesiredAccess;
_SECURITY_SUBJECT_CONTEXT SubjectSecurityContext;
void* SecurityDescriptor;
void* AuxData;
__unnamed Privileges;
DWORD AuditPrivileges;
_UNICODE_STRING ObjectName;
_UNICODE_STRING ObjectTypeName;
};
struct _SECURITY_QUALITY_OF_SERVICE {
DWORD Length;
enum _SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
DWORD ContextTrackingMode;
DWORD EffectiveOnly;
};
enum _SECURITY_OPERATION_CODE {
SetSecurityDescriptor,
QuerySecurityDescriptor,
DeleteSecurityDescriptor,
AssignSecurityDescriptor,
};
struct _OBJECT_NAME_INFORMATION {
_UNICODE_STRING Name;
};
struct _OBJECT_TYPE_INITIALIZER {
DWORD Length;
DWORD UseDefaultObject;
DWORD CaseInsensitive;
DWORD InvalidAttributes;
_GENERIC_MAPPING GenericMapping;
DWORD ValidAccessMask;
DWORD SecurityRequired;
DWORD MaintainHandleCount;
DWORD MaintainTypeList;
enum _POOL_TYPE PoolType;
DWORD DefaultPagedPoolCharge;
DWORD DefaultNonPagedPoolCharge;
void (*DumpProcedure)(void*, _OBJECT_DUMP_CONTROL*);
int (*OpenProcedure)(enum _OB_OPEN_REASON, _EPROCESS*, void*, DWORD, DWORD);
void (*CloseProcedure)(_EPROCESS*, void*, DWORD, DWORD, DWORD);
void (*DeleteProcedure)(void*);
int (*ParseProcedure)(void*, void*, _ACCESS_STATE*, char, DWORD, _UNICODE_STRING*, _UNICODE_STRING*, void*, _SECURITY_QUALITY_OF_SERVICE*, void**);
int (*SecurityProcedure)(void*, enum _SECURITY_OPERATION_CODE, DWORD*, void*, DWORD*, void**, enum _POOL_TYPE, _GENERIC_MAPPING*);
int (*QueryNameProcedure)(void*, DWORD, _OBJECT_NAME_INFORMATION*, DWORD, DWORD*);
DWORD (*OkayToCloseProcedure)(_EPROCESS*, void*, void*, char);
};
struct _LARGE_INTEGER {
DWORD LowPart;
int HighPart;
__unnamed u;
int QuadPart;
};
struct _KWAIT_BLOCK {
_LIST_ENTRY WaitListEntry;
_KTHREAD* Thread;
void* Object;
_KWAIT_BLOCK* NextWaitBlock;
DWORD WaitKey;
DWORD WaitType;
};
struct _HEAP_UCR_SEGMENT {
_HEAP_UCR_SEGMENT* Next;
DWORD ReservedSize;
DWORD CommittedSize;
DWORD filler;
};
struct _OWNER_ENTRY {
DWORD OwnerThread;
int OwnerCount;
DWORD TableSize;
};
struct _ERESOURCE {
_LIST_ENTRY SystemResourcesList;
_OWNER_ENTRY* OwnerTable;
int ActiveCount;
DWORD Flag;
_KSEMAPHORE* SharedWaiters;
_KEVENT* ExclusiveWaiters;
_OWNER_ENTRY OwnerThreads[2];
DWORD ContentionCount;
DWORD NumberOfSharedWaiters;
DWORD NumberOfExclusiveWaiters;
void* Address;
DWORD CreatorBackTraceIndex;
DWORD SpinLock;
};
struct _GENERIC_MAPPING {
DWORD GenericRead;
DWORD GenericWrite;
DWORD GenericExecute;
DWORD GenericAll;
};
struct _SID_AND_ATTRIBUTES {
void* Sid;
DWORD Attributes;
};
struct _LUID_AND_ATTRIBUTES {
_LUID Luid;
DWORD Attributes;
};
struct _PS_JOB_TOKEN_FILTER {
DWORD CapturedSidCount;
_SID_AND_ATTRIBUTES* CapturedSids;
DWORD CapturedSidsLength;
DWORD CapturedGroupCount;
_SID_AND_ATTRIBUTES* CapturedGroups;
DWORD CapturedGroupsLength;
DWORD CapturedPrivilegeCount;
_LUID_AND_ATTRIBUTES* CapturedPrivileges;
DWORD CapturedPrivilegesLength;
};
enum _MEMORY_CACHING_TYPE_ORIG {
MmFrameBufferCached,
};
struct _DRIVER_OBJECT {
int Type;
int Size;
_DEVICE_OBJECT* DeviceObject;
DWORD Flags;
void* DriverStart;
DWORD DriverSize;
void* DriverSection;
_DRIVER_EXTENSION* DriverExtension;
_UNICODE_STRING DriverName;
_UNICODE_STRING* HardwareDatabase;
_FAST_IO_DISPATCH* FastIoDispatch;
int (*DriverInit)(_DRIVER_OBJECT*, _UNICODE_STRING*);
void (*DriverStartIo)(_DEVICE_OBJECT*, _IRP*);
void (*DriverUnload)(_DRIVER_OBJECT*);
int (*)(_DEVICE_OBJECT*, _IRP*) MajorFunction[28];
};
struct _IRP {
int Type;
DWORD Size;
_MDL* MdlAddress;
DWORD Flags;
__unnamed AssociatedIrp;
_LIST_ENTRY ThreadListEntry;
_IO_STATUS_BLOCK IoStatus;
char RequestorMode;
DWORD PendingReturned;
char StackCount;
char CurrentLocation;
DWORD Cancel;
DWORD CancelIrql;
char ApcEnvironment;
DWORD AllocationFlags;
_IO_STATUS_BLOCK* UserIosb;
_KEVENT* UserEvent;
__unnamed Overlay;
void (*CancelRoutine)(_DEVICE_OBJECT*, _IRP*);
void* UserBuffer;
__unnamed Tail;
};
struct _IO_TIMER {
int Type;
int TimerFlag;
_LIST_ENTRY TimerList;
void (*TimerRoutine)(_DEVICE_OBJECT*, void*);
void* Context;
_DEVICE_OBJECT* DeviceObject;
};
struct _VPB {
int Type;
int Size;
DWORD Flags;
DWORD VolumeLabelLength;
_DEVICE_OBJECT* DeviceObject;
_DEVICE_OBJECT* RealDevice;
DWORD SerialNumber;
DWORD ReferenceCount;
DWORD VolumeLabel[32];
};
struct _WAIT_CONTEXT_BLOCK {
_KDEVICE_QUEUE_ENTRY WaitQueueEntry;
enum _IO_ALLOCATION_ACTION (*DeviceRoutine)(_DEVICE_OBJECT*, _IRP*, void*, void*);
void* DeviceContext;
DWORD NumberOfMapRegisters;
void* DeviceObject;
void* CurrentIrp;
_KDPC* BufferChainingDpc;
};
struct __unnamed {
_LIST_ENTRY ListEntry;
_WAIT_CONTEXT_BLOCK Wcb;
};
struct _KDEVICE_QUEUE {
int Type;
int Size;
_LIST_ENTRY DeviceListHead;
DWORD Lock;
DWORD Busy;
};
struct _DEVOBJ_EXTENSION {
int Type;
DWORD Size;
_DEVICE_OBJECT* DeviceObject;
DWORD PowerFlags;
_DEVICE_OBJECT_POWER_EXTENSION* Dope;
DWORD ExtensionFlags;
void* DeviceNode;
_DEVICE_OBJECT* AttachedTo;
int StartIoCount;
int StartIoKey;
DWORD StartIoFlags;
_VPB* Vpb;
};
struct _DEVICE_OBJECT {
int Type;
DWORD Size;
int ReferenceCount;
_DRIVER_OBJECT* DriverObject;
_DEVICE_OBJECT* NextDevice;
_DEVICE_OBJECT* AttachedDevice;
_IRP* CurrentIrp;
_IO_TIMER* Timer;
DWORD Flags;
DWORD Characteristics;
_VPB* Vpb;
void* DeviceExtension;
DWORD DeviceType;
char StackSize;
__unnamed Queue;
DWORD AlignmentRequirement;
_KDEVICE_QUEUE DeviceQueue;
_KDPC Dpc;
DWORD ActiveThreadCount;
void* SecurityDescriptor;
_KEVENT DeviceLock;
DWORD SectorSize;
DWORD Spare1;
_DEVOBJ_EXTENSION* DeviceObjectExtension;
void* Reserved;
};
struct _PROCESS_WS_WATCH_INFORMATION {
void* FaultingPc;
void* FaultingVa;
};
struct _IMAGE_DATA_DIRECTORY {
DWORD VirtualAddress;
DWORD Size;
};
struct _IMAGE_OPTIONAL_HEADER {
DWORD Magic;
DWORD MajorLinkerVersion;
DWORD MinorLinkerVersion;
DWORD SizeOfCode;
DWORD SizeOfInitializedData;
DWORD SizeOfUninitializedData;
DWORD AddressOfEntryPoint;
DWORD BaseOfCode;
DWORD BaseOfData;
DWORD ImageBase;
DWORD SectionAlignment;
DWORD FileAlignment;
DWORD MajorOperatingSystemVersion;
DWORD MinorOperatingSystemVersion;
DWORD MajorImageVersion;
DWORD MinorImageVersion;
DWORD MajorSubsystemVersion;
DWORD MinorSubsystemVersion;
DWORD Win32VersionValue;
DWORD SizeOfImage;
DWORD SizeOfHeaders;
DWORD CheckSum;
DWORD Subsystem;
DWORD DllCharacteristics;
DWORD SizeOfStackReserve;
DWORD SizeOfStackCommit;
DWORD SizeOfHeapReserve;
DWORD SizeOfHeapCommit;
DWORD LoaderFlags;
DWORD NumberOfRvaAndSizes;
_IMAGE_DATA_DIRECTORY DataDirectory[16];
};
struct _KAPC_STATE {
_LIST_ENTRY ApcListHead[2];
_KPROCESS* Process;
DWORD KernelApcInProgress;
DWORD KernelApcPending;
DWORD UserApcPending;
};
struct _KGDTENTRY {
DWORD LimitLow;
DWORD BaseLow;
__unnamed HighWord;
};
struct _KIDTENTRY {
DWORD Offset;
DWORD Selector;
DWORD Access;
DWORD ExtendedOffset;
};
struct _KPROCESS {
_DISPATCHER_HEADER Header;
_LIST_ENTRY ProfileListHead;
DWORD DirectoryTableBase[2];
_KGDTENTRY LdtDescriptor;
_KIDTENTRY Int21Descriptor;
DWORD IopmOffset;
DWORD Iopl;
DWORD Unused;
DWORD ActiveProcessors;
DWORD KernelTime;
DWORD UserTime;
_LIS⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -