intrface.h

该代码为我学习winnt内核时所写

// intrface.h
//
// Generated by C DriverWizard 3.2.0 (Build 2485)
// Requires DDK Only
// File created on 9/12/2006
//

// GUID definition are required to be outside of header inclusion pragma to avoid
// error during precompiled headers.
//

#ifndef __INTRFACE_H__
#define __INTRFACE_H__

#define FILE_DEVICE_DVKRNLDATA  0x8000
#define VENDOR_BASE             0x800

#ifndef CTL_CODE
#define CTL_CODE( DeviceType, Function, Method, Access ) (                 \
    ((DeviceType) << 16) | ((Access) << 14) | ((Function) << 2) | (Method) \
    )
#endif  //CTL_CODE

#ifndef METHOD_BUFFERED
#define METHOD_BUFFERED 0
#endif  //METHOD_BUFFERED

#define DVKRNLDATA_IOCTL(index, read, write) \
    CTL_CODE(FILE_DEVICE_DVKRNLDATA, \
             index + VENDOR_BASE, \
             METHOD_BUFFERED, \
             (read?FILE_READ_DATA:0) | (write?FILE_WRITE_DATA:0))

#define KRNLDATA_IO_READ_MEM    DVKRNLDATA_IOCTL(0, TRUE, TRUE)
#define KRNLDATA_IO_WRITE_MEM   DVKRNLDATA_IOCTL(1, FALSE, TRUE)
#define KRNLDATA_IO_IDT         DVKRNLDATA_IOCTL(2, TRUE, FALSE)
#define KRNLDATA_IO_SST         DVKRNLDATA_IOCTL(3, TRUE, FALSE)
#define KRNLDATA_IO_PHYSICAL    DVKRNLDATA_IOCTL(4, TRUE, TRUE)
#define KRNLDATA_IO_HIDE_PROC   DVKRNLDATA_IOCTL(5, FALSE, TRUE)
#define KRNLDATA_IO_STOP_HIDE   DVKRNLDATA_IOCTL(6, FALSE, FALSE)

//请求读取内存的结构
typedef struct _DVKRNLDATA_MEM_REQUEST
{
    PVOID pAddress;         //要读取的内存首址
    DWORD dwRequestLen;     //期望读取的长度
}DVKRNLDATA_MEM_REQUEST, *PDVKRNLDATA_MEM_REQUEST;

//中断描述符地址
typedef struct _IDTR
{
    WORD   IDTLimit;    //定义中断描述符表的限制
    PVOID  IDTBase;     //定义中断描述服表的基址
}IDTR, *PIDTR;

//中断门结构
typedef struct _IDT_ENTRY
{
    WORD        OffsetLow;      //中断执行地址偏移的底16位
    WORD        Selector;       //16位段选择符
    BYTE        Reserved;       //保留位，为0
    unsigned    Type:4;         //IDT中的门的类型(中断门，陷阱门和任务门)
    unsigned    SegmentFlag:1;  //段标识位
    unsigned    DPL:2;          //中断门的权限等级，0表示内核级，3表示用户级
    unsigned    Present:1;      //呈现标志位
    WORD        OffsetHigh;     //中断执行地址偏移的高16位
}IDT_ENTRY, *PIDT_ENTRY;

typedef LONG (__stdcall *NTPROC)();
typedef NTPROC *PNTPROC;

//服务索引表SST
typedef struct _SYSTEM_SERVICE_TABLE
{
    PNTPROC ServiceTable;           //服务入口数组
    PDWORD  CounterTable;           //使用统计
    DWORD   ServiceLimit;           //服务数
    PBYTE   ArgumentTable;          //服务对应的入参长度数组
}SYSTEM_SERVICE_TABLE, *PSYSTEM_SERVICE_TABLE;

//服务描述表SDT
typedef struct _SERVICE_DESCRIPTOR_TABLE
{
    SYSTEM_SERVICE_TABLE ntoskrnl;  //ntoskrnl.exe(native api)提供的服务索引表
    SYSTEM_SERVICE_TABLE win32k;    //win32k.sys(gdi/user)提供的服务索引表
    SYSTEM_SERVICE_TABLE Table3;    //not used
    SYSTEM_SERVICE_TABLE Table4;    //not used
}SERVICE_DESCRIPTOR_TABLE, *PSERVICE_DESCRIPTOR_TABLE;

#endif // __INTRFACE_H__