📄 ntddk.inc
字号:
FILE_ATTRIBUTE_OFFLINE equ 00001000h ; winnt
FILE_ATTRIBUTE_NOT_CONTENT_INDEXED equ 00002000h ; winnt
; defined in windows.inc as:
; FILE_ATTRIBUTE_ENCRYPTED equ 00000040h
;FILE_ATTRIBUTE_ENCRYPTED equ 00004000h ; winnt
; This definition is old and will disappear shortly
FILE_ATTRIBUTE_CONTENT_INDEXED equ FILE_ATTRIBUTE_NOT_CONTENT_INDEXED
FILE_ATTRIBUTE_VALID_FLAGS equ 00007fb7h
FILE_ATTRIBUTE_VALID_SET_FLAGS equ 000031a7h
; Define the create disposition values
FILE_SUPERSEDE equ 0
FILE_OPEN equ 1
FILE_CREATE equ 2
FILE_OPEN_IF equ 3
FILE_OVERWRITE equ 4
FILE_OVERWRITE_IF equ 5
FILE_MAXIMUM_DISPOSITION equ 5
; Define the create/open option flags
FILE_DIRECTORY_FILE equ 00000001h
FILE_WRITE_THROUGH equ 00000002h
FILE_SEQUENTIAL_ONLY equ 00000004h
FILE_NO_INTERMEDIATE_BUFFERING equ 00000008h
FILE_SYNCHRONOUS_IO_ALERT equ 00000010h
FILE_SYNCHRONOUS_IO_NONALERT equ 00000020h
FILE_NON_DIRECTORY_FILE equ 00000040h
FILE_CREATE_TREE_CONNECTION equ 00000080h
FILE_COMPLETE_IF_OPLOCKED equ 00000100h
FILE_NO_EA_KNOWLEDGE equ 00000200h
FILE_OPEN_FOR_RECOVERY equ 00000400h
FILE_RANDOM_ACCESS equ 00000800h
FILE_DELETE_ON_CLOSE equ 00001000h
FILE_OPEN_BY_FILE_ID equ 00002000h
FILE_OPEN_FOR_BACKUP_INTENT equ 00004000h
FILE_NO_COMPRESSION equ 00008000h
FILE_RESERVE_OPFILTER equ 00100000h
FILE_OPEN_REPARSE_POINT equ 00200000h
FILE_OPEN_NO_RECALL equ 00400000h
FILE_OPEN_FOR_FREE_SPACE_QUERY equ 00800000h
FILE_COPY_STRUCTURED_STORAGE equ 00000041h
FILE_STRUCTURED_STORAGE equ 00000441h
FILE_VALID_OPTION_FLAGS equ 00ffffffh
FILE_VALID_PIPE_OPTION_FLAGS equ 00000032h
FILE_VALID_MAILSLOT_OPTION_FLAGS equ 00000032h
FILE_VALID_SET_FLAGS equ 00000036h
; Define the I/O status information return values for NtCreateFile/NtOpenFile
FILE_SUPERSEDED equ 0
FILE_OPENED equ 1
FILE_CREATED equ 2
FILE_OVERWRITTEN equ 3
FILE_EXISTS equ 4
FILE_DOES_NOT_EXIST equ 5
; Define special ByteOffset parameters for read and write operations
FILE_WRITE_TO_END_OF_FILE equ ffffffffh
FILE_USE_FILE_POINTER_POSITION equ fffffffeh
; Define alignment requirement values
FILE_BYTE_ALIGNMENT equ 00000000h
FILE_WORD_ALIGNMENT equ 00000001h
FILE_LONG_ALIGNMENT equ 00000003h
FILE_QUAD_ALIGNMENT equ 00000007h
FILE_OCTA_ALIGNMENT equ 0000000fh
FILE_32_BYTE_ALIGNMENT equ 0000001fh
FILE_64_BYTE_ALIGNMENT equ 0000003fh
FILE_128_BYTE_ALIGNMENT equ 0000007fh
FILE_256_BYTE_ALIGNMENT equ 000000ffh
FILE_512_BYTE_ALIGNMENT equ 000001ffh
; Define the maximum length of a filename string
MAXIMUM_FILENAME_LENGTH equ 256
; Define the various device characteristics flags
FILE_REMOVABLE_MEDIA equ 00000001h
FILE_READ_ONLY_DEVICE equ 00000002h
FILE_FLOPPY_DISKETTE equ 00000004h
FILE_WRITE_ONCE_MEDIA equ 00000008h
FILE_REMOTE_DEVICE equ 00000010h
FILE_DEVICE_IS_MOUNTED equ 00000020h
FILE_VIRTUAL_VOLUME equ 00000040h
FILE_AUTOGENERATED_DEVICE_NAME equ 00000080h
FILE_DEVICE_SECURE_OPEN equ 00000100h
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
; flags specified here will be propagated up and down a device stack
; after FDO and all filter devices are added, but before the device
; stack is started
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
FILE_CHARACTERISTICS_PROPAGATED equ FILE_REMOVABLE_MEDIA or FILE_READ_ONLY_DEVICE or FILE_FLOPPY_DISKETTE or FILE_WRITE_ONCE_MEDIA or FILE_DEVICE_SECURE_OPEN
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
; Define File Object (FO) flags
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
FO_FILE_OPEN equ 00000001h
FO_SYNCHRONOUS_IO equ 00000002h
FO_ALERTABLE_IO equ 00000004h
FO_NO_INTERMEDIATE_BUFFERING equ 00000008h
FO_WRITE_THROUGH equ 00000010h
FO_SEQUENTIAL_ONLY equ 00000020h
FO_CACHE_SUPPORTED equ 00000040h
FO_NAMED_PIPE equ 00000080h
FO_STREAM_FILE equ 00000100h
FO_MAILSLOT equ 00000200h
FO_GENERATE_AUDIT_ON_CLOSE equ 00000400h
FO_DIRECT_DEVICE_OPEN equ 00000800h
FO_FILE_MODIFIED equ 00001000h
FO_FILE_SIZE_CHANGED equ 00002000h
FO_CLEANUP_COMPLETE equ 00004000h
FO_TEMPORARY_FILE equ 00008000h
FO_DELETE_ON_CLOSE equ 00010000h
FO_OPENED_CASE_SENSITIVE equ 00020000h
FO_HANDLE_CREATED equ 00040000h
FO_FILE_FAST_IO_READ equ 00080000h
FO_RANDOM_ACCESS equ 00100000h
FO_FILE_OPEN_CANCELLED equ 00200000h
FO_VOLUME_OPEN equ 00400000h
FILE_OBJECT STRUCT ; sizeof = 70h
fwType WORD IO_TYPE_FILE ; 5
cbSize WORD ? ; cb
DeviceObject PVOID ? ; PDEVICE_OBJECT
Vpb PVOID ? ; PVPB
FsContext PVOID ?
FsContext2 PVOID ?
SectionObjectPointer PSECTION_OBJECT_POINTERS ?
PrivateCacheMap PVOID ?
FinalStatus NTSTATUS ?
RelatedFileObject PVOID ? ;PFILE_OBJECT
LockOperation BOOLEAN ?
DeletePending BOOLEAN ?
ReadAccess BOOLEAN ?
WriteAccess BOOLEAN ?
DeleteAccess BOOLEAN ?
SharedRead BOOLEAN ?
SharedWrite BOOLEAN ?
SharedDelete BOOLEAN ?
Flags DWORD ? ; FO_*
FileName UNICODE_STRING <>
CurrentByteOffset LARGE_INTEGER <>
Waiters DWORD ?
Busy DWORD ?
LastLock PVOID ?
kevLock KEVENT <> ; Lock is masm reserved symbol
Event KEVENT <>
CompletionContext PIO_COMPLETION_CONTEXT ?
FILE_OBJECT ENDS
PFILE_OBJECT typedef PTR FILE_OBJECT
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
; Registry Specific Access Rights.
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
KEY_QUERY_VALUE equ 0001h
KEY_SET_VALUE equ 0002h
KEY_CREATE_SUB_KEY equ 0004h
KEY_ENUMERATE_SUB_KEYS equ 0008h
KEY_NOTIFY equ 0010h
KEY_CREATE_LINK equ 0020h
KEY_READ equ (STANDARD_RIGHTS_READ or KEY_QUERY_VALUE or KEY_ENUMERATE_SUB_KEYS or KEY_NOTIFY) AND NOT SYNCHRONIZE
KEY_WRITE equ (STANDARD_RIGHTS_WRITE or KEY_SET_VALUE or KEY_CREATE_SUB_KEY) AND NOT SYNCHRONIZE
KEY_EXECUTE equ KEY_READ AND NOT SYNCHRONIZE
KEY_ALL_ACCESS equ (STANDARD_RIGHTS_ALL or KEY_QUERY_VALUE or KEY_SET_VALUE or KEY_CREATE_SUB_KEY or KEY_ENUMERATE_SUB_KEYS or KEY_NOTIFY or KEY_CREATE_LINK) AND NOT SYNCHRONIZE
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
; Open/Create Options
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
REG_OPTION_RESERVED equ 00000000 ; Parameter is reserved
REG_OPTION_NON_VOLATILE equ 00000000 ; Key is preserved when system is rebooted
REG_OPTION_VOLATILE equ 00000001 ; Key is not preserved when system is rebooted
REG_OPTION_CREATE_LINK equ 00000002 ; Created key is a symbolic link
REG_OPTION_BACKUP_RESTORE equ 00000004 ; open for backup or restore special access rules privilege required
REG_OPTION_OPEN_LINK equ 00000008 ; Open symbolic link
REG_LEGAL_OPTION equ REG_OPTION_RESERVED or REG_OPTION_NON_VOLATILE or REG_OPTION_VOLATILE or REG_OPTION_CREATE_LINK or REG_OPTION_BACKUP_RESTORE or REG_OPTION_OPEN_LINK
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
; Key creation/open disposition
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
REG_CREATED_NEW_KEY equ 00000001 ; New Registry Key created
REG_OPENED_EXISTING_KEY equ 00000002 ; Existing Key opened
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
; Key restore flags
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
REG_WHOLE_HIVE_VOLATILE equ 00000001 ; Restore whole hive volatile
REG_REFRESH_HIVE equ 00000002 ; Unwind changes to last flush
REG_NO_LAZY_FLUSH equ 00000004 ; Never lazy flush this hive
REG_FORCE_RESTORE equ 00000008 ; Force the restore process even when we have open handles on subkeys
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
; Key query structures
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
KEY_VALUE_BASIC_INFORMATION STRUCT ; sizeof = 10h
TitleIndex DWORD ?
dwType DWORD ? ; original field name Type
NameLength DWORD ?
Name WORD ? ; Variable size
dw ? ; padding
KEY_VALUE_BASIC_INFORMATION ENDS
PKEY_VALUE_BASIC_INFORMATION typedef PTR KEY_VALUE_BASIC_INFORMATION
KEY_VALUE_FULL_INFORMATION STRUCT ; sizeof = 18h
TitleIndex DWORD ?
dwType DWORD ? ; original field name Type
DataOffset DWORD ?
DataLength DWORD ?
NameLength DWORD ?
Name WORD ? ; Variable size
;Data[1]; // Variable size data not declared
KEY_VALUE_FULL_INFORMATION ENDS
PKEY_VALUE_FULL_INFORMATION typedef PTR KEY_VALUE_FULL_INFORMATION
KEY_VALUE_PARTIAL_INFORMATION STRUCT ; sizeof = 10h
TitleIndex DWORD ?
dwType DWORD ? ; original field name Type
DataLength DWORD ?
Data BYTE ? ; Variable size
db 3 dup(?) ; padding
KEY_VALUE_PARTIAL_INFORMATION ENDS
PKEY_VALUE_PARTIAL_INFORMATION typedef PTR KEY_VALUE_PARTIAL_INFORMATION
KEY_VALUE_PARTIAL_INFORMATION_ALIGN64 STRUCT ; sizeof = 0Ch
dwType DWORD ? ; original field name Type
DataLength DWORD ?
Data BYTE ? ; Variable size
db 3 dup(?) ; padding
KEY_VALUE_PARTIAL_INFORMATION_ALIGN64 ENDS
PKEY_VALUE_PARTIAL_INFORMATION_ALIGN64 typedef PTR KEY_VALUE_PARTIAL_INFORMATION_ALIGN64
KEY_VALUE_ENTRY STRUCT ; sizeof = 10h
ValueName PVOID ? ; PTR UNICODE_STRING
DataLength DWORD ?
DataOffset DWORD ?
dwType DWORD ? ; original field name Type
KEY_VALUE_ENTRY ENDS
PKEY_VALUE_ENTRY typedef PTR KEY_VALUE_ENTRY
;typedef enum _KEY_VALUE_INFORMATION_CLASS {
KeyValueBasicInformation equ 0
KeyValueFullInformation equ 1
KeyValuePartialInformation equ 2
KeyValueFullInformationAlign64 equ 3
KeyValuePartialInformationAlign64 equ 4
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
; Pool Allocation routines (in pool.c)
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
;typedef enum _POOL_TYPE {
NonPagedPool equ 0
PagedPool equ 1
NonPagedPoolMustSucceed equ 2
DontUseThisType equ 3
NonPagedPoolCacheAligned equ 4
PagedPoolCacheAligned equ 5
NonPagedPoolCacheAlignedMustS equ 6
MaxPoolType equ 7
; Note these per session types are carefully chosen so that the appropriate
; masking still applies as well as MaxPoolType above.
NonPagedPoolSession equ 32
PagedPoolSession equ 33
NonPagedPoolMustSucceedSession equ 34
DontUseThisTypeSession equ 35
NonPagedPoolCacheAlignedSession equ 36
PagedPoolCacheAlignedSession equ 37
NonPagedPoolCacheAlignedMustSSession equ 38
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
; _EX_POOL_PRIORITY_ provides a method for the system to handle requests
; intelligently in low resource conditions.
;
; LowPoolPriority should be used when it is acceptable to the driver for the
; mapping request to fail if the system is low on resources. An example of
; this could be for a non-critical network connection where the driver can
; handle the failure case when system resources are close to being depleted.
;
; NormalPoolPriority should be used when it is acceptable to the driver for the
; mapping request to fail if the system is very low on resources. An example
; of this could be for a non-critical local filesystem request.
;
; HighPoolPriority should be used when it is unacceptable to the driver for the
; mapping request to fail unless the system is completely out of resources.
; An example of this would be the paging file path in a driver.
;
; SpecialPool can be specified to bound the allocation at a page end (or
; beginning). This should only be done on systems being debugged as the
; memory cost is expensive.
;
; N.B. These values are very carefully chosen so that the pool allocation
; code can quickly crack the priority request.
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
;typedef enum _EX_POOL_PRIORITY {
LowPoolPriority equ 0
LowPoolPrioritySpecialPoolOverrun equ 8
LowPoolPrioritySpecialPoolUnderrun equ 9
NormalPoolPriority equ 16
NormalPoolPrioritySpecialPoolOverrun equ 24
NormalPoolPrioritySpecialPoolUnderrun equ 25
HighPoolPriority equ 32
HighPoolPrioritySpecialPoolOverrun equ 40
HighPoolPrioritySpecialPoolUnderrun equ 41
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
; I/O Request Packet (IRP) definition
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
_IRP STRUCT ; sizeof = 70h
fwType WORD ?
cbSize WORD ? ; 02h
; Define the common fields used to control the IRP.
; Define a pointer to the Memory Descriptor List (MDL) for this I/O
; request. This field is only used if the I/O is "direct I/O".
MdlAddress PVOID ? ; 04h PMDL
; Flags word - used to remember various flags.
Flags DWORD ? ; 08h
; The following union is used for one of three purposes:
;
; 1. This IRP is an associated IRP. The field is a pointer to a master IRP.
;
; 2. This is the master IRP. The field is the count of the number of
; IRPs which must complete (associated IRPs) before the master can
; complete.
;
; 3. This operation is being buffered and the field is the address of
; the system space buffer.
UNION AssociatedIrp
MasterIrp PVOID ? ; 0Ch PIRP
IrpCount DWORD ? ; 0Ch
SystemBuffer PVOID ? ; 0Ch
ENDS ; AssociatedIrp
; Thread list entry - allows queueing the IRP to the thread pending I/O
; request packet list.
ThreadListEntry LIST_ENTRY <> ; 10h
; I/O status - final status of operation.
IoStatus IO_STATUS_BLOCK <> ; 18h
; Requestor mode - mode of the original requestor of this operation.
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -