📄 ntddk.inc
字号:
comment ^
Module Name:
ntddk.inc
Abstract:
This module defines the NT types, constants, and functions that are
exposed to device drivers.
Author:
Four-F (four-f@mail.ru) 11-Oct-2002
IMPORTANT:
Some fields name have been changed because of collision with masm reserved words
^
include ntdef.inc
PSECURITY_DESCRIPTOR typedef PTR
KSPIN_LOCK typedef DWORD
KPROCESSOR_MODE typedef BYTE
KAFFINITY typedef DWORD
IFNDEF PDWORD
PDWORD typedef PTR DWORD
ENDIF
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
; I/O system definitions.
;
; Define a Memory Descriptor List (MDL)
;
; An MDL describes pages in a virtual buffer in terms of physical pages. The
; pages associated with the buffer are described in an array that is allocated
; just after the MDL header structure itself. In a future compiler this will
; be placed at:
;
; ULONG Pages[];
;
; Until this declaration is permitted, however, one simply calculates the
; base of the array by adding one to the base MDL pointer:
;
; Pages = (PULONG) (Mdl + 1);
;
; Notice that while in the context of the subject thread, the base virtual
; address of a buffer mapped by an MDL may be referenced using the following:
;
; Mdl->StartVa | Mdl->ByteOffset
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
MDL STRUCT ; sizeof= 1Ch
Next PVOID ? ; PTR MDL
woSize WORD ? ; 04h original name Size
MdlFlags WORD ? ; 06h
Process PVOID ? ; 08h PTR EPROCESS
MappedSystemVa PVOID ? ; 0Ch
StartVa PVOID ? ; 10h
ByteCount DWORD ? ; 14h
ByteOffset DWORD ? ; 18h
MDL ENDS
PMDL typedef PTR MDL
MDL_MAPPED_TO_SYSTEM_VA equ 0001h
MDL_PAGES_LOCKED equ 0002h
MDL_SOURCE_IS_NONPAGED_POOL equ 0004h
MDL_ALLOCATED_FIXED_SIZE equ 0008h
MDL_PARTIAL equ 0010h
MDL_PARTIAL_HAS_BEEN_MAPPED equ 0020h
MDL_IO_PAGE_READ equ 0040h
MDL_WRITE_OPERATION equ 0080h
MDL_PARENT_MAPPED_SYSTEM_VA equ 0100h
MDL_LOCK_HELD equ 0200h
MDL_PHYSICAL_VIEW equ 0400h
MDL_IO_SPACE equ 0800h
MDL_NETWORK_HEADER equ 1000h
MDL_MAPPING_CAN_FAIL equ 2000h
MDL_ALLOCATED_MUST_SUCCEED equ 4000h
MDL_MAPPING_FLAGS equ MDL_MAPPED_TO_SYSTEM_VA or MDL_PAGES_LOCKED or MDL_SOURCE_IS_NONPAGED_POOL or MDL_PARTIAL_HAS_BEEN_MAPPED or MDL_PARENT_MAPPED_SYSTEM_VA or MDL_LOCK_HELD or MDL_SYSTEM_VA or MDL_IO_SPACE
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
; The following are masks for the predefined standard access types
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
DELETE equ 00010000h
READ_CONTROL equ 00020000h
WRITE_DAC equ 00040000h
WRITE_OWNER equ 00080000h
SYNCHRONIZE equ 00100000h
STANDARD_RIGHTS_REQUIRED equ 000F0000h
STANDARD_RIGHTS_READ equ READ_CONTROL
STANDARD_RIGHTS_WRITE equ READ_CONTROL
STANDARD_RIGHTS_EXECUTE equ READ_CONTROL
STANDARD_RIGHTS_ALL equ 001F0000h
SPECIFIC_RIGHTS_ALL equ 0000FFFFh
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
; AccessSystemAcl access type
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
ACCESS_SYSTEM_SECURITY equ 01000000h
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
; MaximumAllowed access type
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
MAXIMUM_ALLOWED equ 02000000h
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
; These are the generic rights.
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
GENERIC_READ equ 80000000h
GENERIC_WRITE equ 40000000h
GENERIC_EXECUTE equ 20000000h
GENERIC_ALL equ 10000000h
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
; Define the generic mapping array. This is used to denote the
; mapping of each generic access right to a specific access mask.
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
GENERIC_MAPPING STRUCT ; sizeof = 10h
GenericRead DWORD ?
GenericWrite DWORD ? ; 04h
GenericExecute DWORD ? ; 08h
GenericAll DWORD ? ; 0Ch
GENERIC_MAPPING ENDS
PGENERIC_MAPPING typedef PTR GENERIC_MAPPING
; Priority increment definitions. The comment for each definition gives
; the names of the system services that use the definition when satisfying
; a wait.
; Priority increment used when satisfying a wait on an executive event
; (NtPulseEvent and NtSetEvent)
EVENT_INCREMENT equ 1
; Priority increment when no I/O has been done. This is used by device
; and file system drivers when completing an IRP (IoCompleteRequest).
IO_NO_INCREMENT equ 0
; Priority increment for completing CD-ROM I/O. This is used by CD-ROM device
; and file system drivers when completing an IRP (IoCompleteRequest)
IO_CD_ROM_INCREMENT equ 1
; Priority increment for completing disk I/O. This is used by disk device
; and file system drivers when completing an IRP (IoCompleteRequest)
IO_DISK_INCREMENT equ 1
; Priority increment for completing keyboard I/O. This is used by keyboard
; device drivers when completing an IRP (IoCompleteRequest)
IO_KEYBOARD_INCREMENT equ 6
; Priority increment for completing mailslot I/O. This is used by the mail-
; slot file system driver when completing an IRP (IoCompleteRequest).
IO_MAILSLOT_INCREMENT equ 2
; Priority increment for completing mouse I/O. This is used by mouse device
; drivers when completing an IRP (IoCompleteRequest)
IO_MOUSE_INCREMENT equ 6
; Priority increment for completing named pipe I/O. This is used by the
; named pipe file system driver when completing an IRP (IoCompleteRequest).
IO_NAMED_PIPE_INCREMENT equ 2
; Priority increment for completing network I/O. This is used by network
; device and network file system drivers when completing an IRP
; (IoCompleteRequest).
IO_NETWORK_INCREMENT equ 2
; Priority increment for completing parallel I/O. This is used by parallel
; device drivers when completing an IRP (IoCompleteRequest)
IO_PARALLEL_INCREMENT equ 1
; Priority increment for completing serial I/O. This is used by serial device
; drivers when completing an IRP (IoCompleteRequest)
IO_SERIAL_INCREMENT equ 2
; Priority increment for completing sound I/O. This is used by sound device
; drivers when completing an IRP (IoCompleteRequest)
IO_SOUND_INCREMENT equ 8
; Priority increment for completing video I/O. This is used by video device
; drivers when completing an IRP (IoCompleteRequest)
IO_VIDEO_INCREMENT equ 1
; Priority increment used when satisfying a wait on an executive semaphore
; (NtReleaseSemaphore)
SEMAPHORE_INCREMENT equ 1
; Define the base asynchronous I/O argument types
IO_STATUS_BLOCK STRUCT ; sizeof = 8
Status NTSTATUS ?
Information DWORD ?
IO_STATUS_BLOCK ENDS
PIO_STATUS_BLOCK typedef PTR IO_STATUS_BLOCK
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
; Time conversion routines
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
TIME_FIELDS STRUCT ; sizeof = 10h
Year WORD ? ; 0Eh range [1601...]
Month WORD ? ; 0Eh range [1..12]
Day WORD ? ; 0Eh range [1..31]
Hour WORD ? ; 0Eh range [0..23]
Minute WORD ? ; 0Eh range [0..59]
Second WORD ? ; 0Eh range [0..59]
Milliseconds WORD ? ; 0Eh range [0..999]
Weekday WORD ? ; 0Eh range [0..6] == [Sunday..Saturday]
TIME_FIELDS ENDS
PTIME_FIELDS typedef PTR TIME_FIELDS
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
; Asynchronous Procedure Call (APC) object
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
KAPC STRUCT ; sizeof = 30h
fwType WORD IO_TYPE_APC ; 12h
cbSize WORD ? ; cb
Spare0 DWORD ?
Thread PVOID ? ; PTR KTHREAD
ApcListEntry LIST_ENTRY <>
KernelRoutine PVOID ? ; KiSuspendNop
RundownRoutine PVOID ?
NormalRoutine PVOID ? ; KiSuspendThread
NormalContext PVOID ?
; N.B. The following two members MUST be together.
SystemArgument1 PVOID ?
SystemArgument2 PVOID ?
ApcStateIndex CHAR ?
ApcMode KPROCESSOR_MODE ?
Inserted BOOLEAN ?
db ? ; padding
KAPC ENDS
PKAPC typedef PTR KAPC
; Doubly linked list structure. Can be used as either a list head, or
; as link words.
comment ^
LIST_ENTRY STRUCT
Flink PVOID ? ; PLIST_ENTRY
Blink PVOID ? ; PLIST_ENTRY
LIST_ENTRY ENDS
^
PLIST_ENTRY typedef PTR LIST_ENTRY
; Define the format of a completion message.
IO_COMPLETION_CONTEXT STRUCT ; sizeof = 8h
Port PVOID ?
Key PVOID ?
IO_COMPLETION_CONTEXT ENDS
PIO_COMPLETION_CONTEXT typedef PTR IO_COMPLETION_CONTEXT
; The following structure is pointed to by the SectionObject pointer field
; of a file object, and is allocated by the various NT file systems.
SECTION_OBJECT_POINTERS STRUCT ; sizeof = 0Ch
DataSectionObject PVOID ?
SharedCacheMap PVOID ?
ImageSectionObject PVOID ?
SECTION_OBJECT_POINTERS ENDS
PSECTION_OBJECT_POINTERS typedef PTR SECTION_OBJECT_POINTERS
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
; Common dispatcher object header
;
; N.B. The size field contains the number of dwords in the structure.
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
DISPATCHER_HEADER STRUCT ; sizeof = 10h
byType BYTE ? ; DISP_TYPE_* (original name Type)
Absolute BYTE ?
cbSize BYTE ? ; cb
Inserted BYTE ?
SignalState DWORD ?
WaitListHead LIST_ENTRY <>
DISPATCHER_HEADER ENDS
KWAIT_BLOCK STRUCT ; sizeof = 18h
WaitListEntry LIST_ENTRY <>
Thread PVOID ? ; PTR KTHREAD
Object PVOID ?
NextWaitBlock PVOID ? ; PTR KWAIT_BLOCK
WaitKey WORD ?
WaitType WORD ?
KWAIT_BLOCK ENDS
PKWAIT_BLOCK typedef PTR KWAIT_BLOCK
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
; Event object
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
KEVENT STRUCT ; sizeof = 10h
Header DISPATCHER_HEADER <>
KEVENT ENDS
PKEVENT typedef PTR KEVENT
KDEVICE_QUEUE STRUCT ; sizeof = 14h
fwType WORD IO_TYPE_DEVICE_QUEUE; 14h
cbSize WORD ? ; cb
DeviceListHead LIST_ENTRY <>
ksLock KSPIN_LOCK ? ; Lock is masm reserved symbol
Busy BOOLEAN ?
db 3 dup(?) ; padding
KDEVICE_QUEUE ENDS
PKDEVICE_QUEUE typedef PTR KDEVICE_QUEUE
KDEVICE_QUEUE_ENTRY STRUCT ; sizeof = 10h
DeviceListEntry LIST_ENTRY <>
SortKey DWORD ?
Inserted BOOLEAN ?
db 3 dup(?) ; padding
KDEVICE_QUEUE_ENTRY ENDS
PKDEVICE_QUEUE_ENTRY typedef PTR KDEVICE_QUEUE_ENTRY
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
; Define share access rights to files and directories
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
FILE_SHARE_READ equ 1 ; winnt
FILE_SHARE_WRITE equ 2 ; winnt
FILE_SHARE_DELETE equ 4 ; winnt
FILE_SHARE_VALID_FLAGS equ 7
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
; Define the file attributes values
;
; Note: 0x00000008 is reserved for use for the old DOS VOLID (volume ID)
; and is therefore not considered valid in NT.
;
; Note: 0x00000010 is reserved for use for the old DOS SUBDIRECTORY flag
; and is therefore not considered valid in NT. This flag has
; been disassociated with file attributes since the other flags are
; protected with READ_ and WRITE_ATTRIBUTES access to the file.
;
; Note: Note also that the order of these flags is set to allow both the
; FAT and the Pinball File Systems to directly set the attributes
; flags in attributes words without having to pick each flag out
; individually. The order of these flags should not be changed!
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
FILE_ATTRIBUTE_READONLY equ 00000001h ; winnt
FILE_ATTRIBUTE_HIDDEN equ 00000002h ; winnt
FILE_ATTRIBUTE_SYSTEM equ 00000004h ; winnt
FILE_ATTRIBUTE_DIRECTORY equ 00000010h ; winnt
FILE_ATTRIBUTE_ARCHIVE equ 00000020h ; winnt
FILE_ATTRIBUTE_DEVICE equ 00000040h ; winnt
FILE_ATTRIBUTE_NORMAL equ 00000080h ; winnt
FILE_ATTRIBUTE_TEMPORARY equ 00000100h ; winnt
FILE_ATTRIBUTE_SPARSE_FILE equ 00000200h ; winnt
FILE_ATTRIBUTE_REPARSE_POINT equ 00000400h ; winnt
FILE_ATTRIBUTE_COMPRESSED equ 00000800h ; winnt
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -