📄 ntddk.h
字号:
// field points to location to store value.
// For null terminated strings, EntryContext
// points to UNICODE_STRING structure that
// that describes maximum size of buffer.
// If .Buffer field is NULL then a buffer is
// allocated.
//
#define RTL_QUERY_REGISTRY_DELETE 0x00000040 // Used to delete value keys after they
// are queried.
NTSYSAPI
NTSTATUS
NTAPI
RtlQueryRegistryValues(
IN ULONG RelativeTo,
IN PCWSTR Path,
IN PRTL_QUERY_REGISTRY_TABLE QueryTable,
IN PVOID Context,
IN PVOID Environment OPTIONAL
);
NTSYSAPI
NTSTATUS
NTAPI
RtlWriteRegistryValue(
IN ULONG RelativeTo,
IN PCWSTR Path,
IN PCWSTR ValueName,
IN ULONG ValueType,
IN PVOID ValueData,
IN ULONG ValueLength
);
NTSYSAPI
NTSTATUS
NTAPI
RtlDeleteRegistryValue(
IN ULONG RelativeTo,
IN PCWSTR Path,
IN PCWSTR ValueName
);
// end_wdm
NTSYSAPI
NTSTATUS
NTAPI
RtlCreateRegistryKey(
IN ULONG RelativeTo,
IN PWSTR Path
);
NTSYSAPI
NTSTATUS
NTAPI
RtlCheckRegistryKey(
IN ULONG RelativeTo,
IN PWSTR Path
);
// begin_wdm
//
// The following values for the RelativeTo parameter determine what the
// Path parameter to RtlQueryRegistryValues is relative to.
//
#define RTL_REGISTRY_ABSOLUTE 0 // Path is a full path
#define RTL_REGISTRY_SERVICES 1 // \Registry\Machine\System\CurrentControlSet\Services
#define RTL_REGISTRY_CONTROL 2 // \Registry\Machine\System\CurrentControlSet\Control
#define RTL_REGISTRY_WINDOWS_NT 3 // \Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion
#define RTL_REGISTRY_DEVICEMAP 4 // \Registry\Machine\Hardware\DeviceMap
#define RTL_REGISTRY_USER 5 // \Registry\User\CurrentUser
#define RTL_REGISTRY_MAXIMUM 6
#define RTL_REGISTRY_HANDLE 0x40000000 // Low order bits are registry handle
#define RTL_REGISTRY_OPTIONAL 0x80000000 // Indicates the key node is optional
NTSYSAPI
NTSTATUS
NTAPI
RtlCharToInteger (
PCSZ String,
ULONG Base,
PULONG Value
);
NTSYSAPI
NTSTATUS
NTAPI
RtlIntegerToUnicodeString (
ULONG Value,
ULONG Base,
PUNICODE_STRING String
);
NTSYSAPI
NTSTATUS
NTAPI
RtlInt64ToUnicodeString (
IN ULONGLONG Value,
IN ULONG Base OPTIONAL,
IN OUT PUNICODE_STRING String
);
#ifdef _WIN64
#define RtlIntPtrToUnicodeString(Value, Base, String) RtlInt64ToUnicodeString(Value, Base, String)
#else
#define RtlIntPtrToUnicodeString(Value, Base, String) RtlIntegerToUnicodeString(Value, Base, String)
#endif
NTSYSAPI
NTSTATUS
NTAPI
RtlUnicodeStringToInteger (
PUNICODE_STRING String,
ULONG Base,
PULONG Value
);
//
// String manipulation routines
//
#ifdef _NTSYSTEM_
#define NLS_MB_CODE_PAGE_TAG NlsMbCodePageTag
#define NLS_MB_OEM_CODE_PAGE_TAG NlsMbOemCodePageTag
#else
#define NLS_MB_CODE_PAGE_TAG (*NlsMbCodePageTag)
#define NLS_MB_OEM_CODE_PAGE_TAG (*NlsMbOemCodePageTag)
#endif // _NTSYSTEM_
extern BOOLEAN NLS_MB_CODE_PAGE_TAG; // TRUE -> Multibyte CP, FALSE -> Singlebyte
extern BOOLEAN NLS_MB_OEM_CODE_PAGE_TAG; // TRUE -> Multibyte CP, FALSE -> Singlebyte
NTSYSAPI
VOID
NTAPI
RtlInitString(
PSTRING DestinationString,
PCSZ SourceString
);
NTSYSAPI
VOID
NTAPI
RtlInitAnsiString(
PANSI_STRING DestinationString,
PCSZ SourceString
);
NTSYSAPI
VOID
NTAPI
RtlInitUnicodeString(
PUNICODE_STRING DestinationString,
PCWSTR SourceString
);
NTSYSAPI
VOID
NTAPI
RtlCopyString(
PSTRING DestinationString,
PSTRING SourceString
);
NTSYSAPI
CHAR
NTAPI
RtlUpperChar (
CHAR Character
);
NTSYSAPI
LONG
NTAPI
RtlCompareString(
PSTRING String1,
PSTRING String2,
BOOLEAN CaseInSensitive
);
NTSYSAPI
BOOLEAN
NTAPI
RtlEqualString(
PSTRING String1,
PSTRING String2,
BOOLEAN CaseInSensitive
);
NTSYSAPI
VOID
NTAPI
RtlUpperString(
PSTRING DestinationString,
PSTRING SourceString
);
//
// NLS String functions
//
NTSYSAPI
NTSTATUS
NTAPI
RtlAnsiStringToUnicodeString(
PUNICODE_STRING DestinationString,
PANSI_STRING SourceString,
BOOLEAN AllocateDestinationString
);
NTSYSAPI
NTSTATUS
NTAPI
RtlUnicodeStringToAnsiString(
PANSI_STRING DestinationString,
PUNICODE_STRING SourceString,
BOOLEAN AllocateDestinationString
);
NTSYSAPI
LONG
NTAPI
RtlCompareUnicodeString(
PUNICODE_STRING String1,
PUNICODE_STRING String2,
BOOLEAN CaseInSensitive
);
NTSYSAPI
BOOLEAN
NTAPI
RtlEqualUnicodeString(
const UNICODE_STRING *String1,
const UNICODE_STRING *String2,
BOOLEAN CaseInSensitive
);
// end_wdm
NTSYSAPI
BOOLEAN
NTAPI
RtlPrefixUnicodeString(
IN PUNICODE_STRING String1,
IN PUNICODE_STRING String2,
IN BOOLEAN CaseInSensitive
);
NTSYSAPI
NTSTATUS
NTAPI
RtlUpcaseUnicodeString(
PUNICODE_STRING DestinationString,
PCUNICODE_STRING SourceString,
BOOLEAN AllocateDestinationString
);
NTSYSAPI
VOID
NTAPI
RtlCopyUnicodeString(
PUNICODE_STRING DestinationString,
PUNICODE_STRING SourceString
);
NTSYSAPI
NTSTATUS
NTAPI
RtlAppendUnicodeStringToString (
PUNICODE_STRING Destination,
PUNICODE_STRING Source
);
NTSYSAPI
NTSTATUS
NTAPI
RtlAppendUnicodeToString (
PUNICODE_STRING Destination,
PCWSTR Source
);
// end_ntndis end_wdm
NTSYSAPI
WCHAR
NTAPI
RtlUpcaseUnicodeChar(
WCHAR SourceCharacter
);
// begin_wdm
NTSYSAPI
VOID
NTAPI
RtlFreeUnicodeString(
PUNICODE_STRING UnicodeString
);
NTSYSAPI
VOID
NTAPI
RtlFreeAnsiString(
PANSI_STRING AnsiString
);
NTSYSAPI
ULONG
NTAPI
RtlxAnsiStringToUnicodeSize(
PANSI_STRING AnsiString
);
//
// NTSYSAPI
// ULONG
// NTAPI
// RtlAnsiStringToUnicodeSize(
// PANSI_STRING AnsiString
// );
//
#define RtlAnsiStringToUnicodeSize(STRING) ( \
NLS_MB_CODE_PAGE_TAG ? \
RtlxAnsiStringToUnicodeSize(STRING) : \
((STRING)->Length + sizeof(ANSI_NULL)) * sizeof(WCHAR) \
)
// begin_ntminiport
#include <guiddef.h>
// end_ntminiport
#ifndef DEFINE_GUIDEX
#define DEFINE_GUIDEX(name) EXTERN_C const CDECL GUID name
#endif // !defined(DEFINE_GUIDEX)
#ifndef STATICGUIDOF
#define STATICGUIDOF(guid) STATIC_##guid
#endif // !defined(STATICGUIDOF)
#ifndef __IID_ALIGNED__
#define __IID_ALIGNED__
#ifdef __cplusplus
inline int IsEqualGUIDAligned(REFGUID guid1, REFGUID guid2)
{
return ((*(PLONGLONG)(&guid1) == *(PLONGLONG)(&guid2)) && (*((PLONGLONG)(&guid1) + 1) == *((PLONGLONG)(&guid2) + 1)));
}
#else // !__cplusplus
#define IsEqualGUIDAligned(guid1, guid2) \
((*(PLONGLONG)(guid1) == *(PLONGLONG)(guid2)) && (*((PLONGLONG)(guid1) + 1) == *((PLONGLONG)(guid2) + 1)))
#endif // !__cplusplus
#endif // !__IID_ALIGNED__
NTSYSAPI
NTSTATUS
NTAPI
RtlStringFromGUID(
IN REFGUID Guid,
OUT PUNICODE_STRING GuidString
);
NTSYSAPI
NTSTATUS
NTAPI
RtlGUIDFromString(
IN PUNICODE_STRING GuidString,
OUT GUID* Guid
);
//
// Fast primitives to compare, move, and zero memory
//
// begin_winnt begin_ntndis
NTSYSAPI
SIZE_T
NTAPI
RtlCompareMemory (
const VOID *Source1,
const VOID *Source2,
SIZE_T Length
);
#if defined(_M_AXP64) || defined(_M_IA64)
#define RtlEqualMemory(Source1, Source2, Length) \
((Length) == RtlCompareMemory(Source1, Source2, Length))
NTSYSAPI
VOID
NTAPI
RtlCopyMemory (
VOID UNALIGNED *Destination,
CONST VOID UNALIGNED *Source,
SIZE_T Length
);
NTSYSAPI
VOID
NTAPI
RtlCopyMemory32 (
VOID UNALIGNED *Destination,
CONST VOID UNALIGNED *Source,
ULONG Length
);
NTSYSAPI
VOID
NTAPI
RtlMoveMemory (
VOID UNALIGNED *Destination,
CONST VOID UNALIGNED *Source,
SIZE_T Length
);
NTSYSAPI
VOID
NTAPI
RtlFillMemory (
VOID UNALIGNED *Destination,
SIZE_T Length,
UCHAR Fill
);
NTSYSAPI
VOID
NTAPI
RtlZeroMemory (
VOID UNALIGNED *Destination,
SIZE_T Length
);
#else
#define RtlEqualMemory(Destination,Source,Length) (!memcmp((Destination),(Source),(Length)))
#define RtlMoveMemory(Destination,Source,Length) memmove((Destination),(Source),(Length))
#define RtlCopyMemory(Destination,Source,Length) memcpy((Destination),(Source),(Length))
#define RtlFillMemory(Destination,Length,Fill) memset((Destination),(Fill),(Length))
#define RtlZeroMemory(Destination,Length) memset((Destination),0,(Length))
#endif
// end_ntndis end_winnt
#if defined(_M_ALPHA)
//
// Guaranteed byte granularity memory copy function.
//
NTSYSAPI
VOID
NTAPI
RtlCopyBytes (
PVOID Destination,
CONST VOID *Source,
SIZE_T Length
);
//
// Guaranteed byte granularity memory zero function.
//
NTSYSAPI
VOID
NTAPI
RtlZeroBytes (
PVOID Destination,
SIZE_T Length
);
//
// Guaranteed byte granularity memory fill function.
//
NTSYSAPI
VOID
NTAPI
RtlFillBytes (
PVOID Destination,
SIZE_T Length,
UCHAR Fill
);
#else
#define RtlCopyBytes RtlCopyMemory
#define RtlZeroBytes RtlZeroMemory
#define RtlFillBytes RtlFillMemory
#endif
//
// Define kernel debugger print prototypes and macros.
//
// N.B. The following function cannot be directly imported because there are
// a few places in the source tree where this function is redefined.
//
VOID
NTAPI
DbgBreakPoint(
VOID
);
// end_wdm
NTSYSAPI
VOID
NTAPI
DbgBreakPointWithStatus(
IN ULONG Status
);
// begin_wdm
#define DBG_STATUS_CONTROL_C 1
#define DBG_STATUS_SYSRQ 2
#define DBG_STATUS_BUGCHECK_FIRST 3
#define DBG_STATUS_BUGCHECK_SECOND 4
#define DBG_STATUS_FATAL 5
#define DBG_STATUS_DEBUG_CONTROL 6
#if DBG
#define KdPrint(_x_) DbgPrint _x_
#define KdBreakPoint() DbgBreakPoint()
// end_wdm
#define KdBreakPointWithStatus(s) DbgBreakPointWithStatus(s)
// begin_wdm
#else
#define KdPrint(_x_)
#define KdBreakPoint()
// end_wdm
#define KdBreakPointWithStatus(s)
// begin_wdm
#endif
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -