📄 ntddk.h
字号:
#endif
#endif
//
// Size of kernel mode stack.
//
#define KERNEL_STACK_SIZE 12288
//
// Define size of large kernel mode stack for callbacks.
//
#define KERNEL_LARGE_STACK_SIZE 61440
//
// Define number of pages to initialize in a large kernel stack.
//
#define KERNEL_LARGE_STACK_COMMIT 12288
#ifdef _X86_
//
// Define the size of the 80387 save area, which is in the context frame.
//
#define SIZE_OF_80387_REGISTERS 80
//
// The following flags control the contents of the CONTEXT structure.
//
#if !defined(RC_INVOKED)
#define CONTEXT_i386 0x00010000 // this assumes that i386 and
#define CONTEXT_i486 0x00010000 // i486 have identical context records
// end_wx86
#define CONTEXT_CONTROL (CONTEXT_i386 | 0x00000001L) // SS:SP, CS:IP, FLAGS, BP
#define CONTEXT_INTEGER (CONTEXT_i386 | 0x00000002L) // AX, BX, CX, DX, SI, DI
#define CONTEXT_SEGMENTS (CONTEXT_i386 | 0x00000004L) // DS, ES, FS, GS
#define CONTEXT_FLOATING_POINT (CONTEXT_i386 | 0x00000008L) // 387 state
#define CONTEXT_DEBUG_REGISTERS (CONTEXT_i386 | 0x00000010L) // DB 0-3,6,7
#define CONTEXT_EXTENDED_REGISTERS (CONTEXT_i386 | 0x00000020L) // cpu specific extensions
#define CONTEXT_FULL (CONTEXT_CONTROL | CONTEXT_INTEGER |\
CONTEXT_SEGMENTS)
// begin_wx86
#endif
#define MAXIMUM_SUPPORTED_EXTENSION 512
typedef struct _FLOATING_SAVE_AREA {
ULONG ControlWord;
ULONG StatusWord;
ULONG TagWord;
ULONG ErrorOffset;
ULONG ErrorSelector;
ULONG DataOffset;
ULONG DataSelector;
UCHAR RegisterArea[SIZE_OF_80387_REGISTERS];
ULONG Cr0NpxState;
} FLOATING_SAVE_AREA;
typedef FLOATING_SAVE_AREA *PFLOATING_SAVE_AREA;
//
// Context Frame
//
// This frame has a several purposes: 1) it is used as an argument to
// NtContinue, 2) is is used to constuct a call frame for APC delivery,
// and 3) it is used in the user level thread creation routines.
//
// The layout of the record conforms to a standard call frame.
//
typedef struct _CONTEXT {
//
// The flags values within this flag control the contents of
// a CONTEXT record.
//
// If the context record is used as an input parameter, then
// for each portion of the context record controlled by a flag
// whose value is set, it is assumed that that portion of the
// context record contains valid context. If the context record
// is being used to modify a threads context, then only that
// portion of the threads context will be modified.
//
// If the context record is used as an IN OUT parameter to capture
// the context of a thread, then only those portions of the thread's
// context corresponding to set flags will be returned.
//
// The context record is never used as an OUT only parameter.
//
ULONG ContextFlags;
//
// This section is specified/returned if CONTEXT_DEBUG_REGISTERS is
// set in ContextFlags. Note that CONTEXT_DEBUG_REGISTERS is NOT
// included in CONTEXT_FULL.
//
ULONG Dr0;
ULONG Dr1;
ULONG Dr2;
ULONG Dr3;
ULONG Dr6;
ULONG Dr7;
//
// This section is specified/returned if the
// ContextFlags word contians the flag CONTEXT_FLOATING_POINT.
//
FLOATING_SAVE_AREA FloatSave;
//
// This section is specified/returned if the
// ContextFlags word contians the flag CONTEXT_SEGMENTS.
//
ULONG SegGs;
ULONG SegFs;
ULONG SegEs;
ULONG SegDs;
//
// This section is specified/returned if the
// ContextFlags word contians the flag CONTEXT_INTEGER.
//
ULONG Edi;
ULONG Esi;
ULONG Ebx;
ULONG Edx;
ULONG Ecx;
ULONG Eax;
//
// This section is specified/returned if the
// ContextFlags word contians the flag CONTEXT_CONTROL.
//
ULONG Ebp;
ULONG Eip;
ULONG SegCs; // MUST BE SANITIZED
ULONG EFlags; // MUST BE SANITIZED
ULONG Esp;
ULONG SegSs;
//
// This section is specified/returned if the ContextFlags word
// contains the flag CONTEXT_EXTENDED_REGISTERS.
// The format and contexts are processor specific
//
UCHAR ExtendedRegisters[MAXIMUM_SUPPORTED_EXTENSION];
} CONTEXT;
typedef CONTEXT *PCONTEXT;
// begin_ntminiport
#endif //_X86_
#endif // _X86_
#if defined(_AMD64_)
#if defined(_M_AMD64) && !defined(RC_INVOKED) && !defined(MIDL_PASS)
//
// Define function to get the caller's EFLAGs value.
//
#define GetCallersEflags() __getcallerseflags()
unsigned __int32
__getcallerseflags (
VOID
);
#pragma intrinsic(__getcallerseflags)
//
// Define function to read the value of the time stamp counter
//
#define ReadTimeStampCounter() __rdtsc()
ULONG64
__rdtsc (
VOID
);
#pragma intrinsic(__rdtsc)
//
// Define functions to move strings or bytes, words, dwords, and qwords.
//
VOID
__movsb (
IN PUCHAR Destination,
IN PUCHAR Source,
IN ULONG Count
);
VOID
__movsw (
IN PUSHORT Destination,
IN PUSHORT Source,
IN ULONG Count
);
VOID
__movsd (
IN PULONG Destination,
IN PULONG Source,
IN ULONG Count
);
VOID
__movsq (
IN PULONGLONG Destination,
IN PULONGLONG Source,
IN ULONG Count
);
#pragma intrinsic(__movsb)
#pragma intrinsic(__movsw)
#pragma intrinsic(__movsd)
#pragma intrinsic(__movsq)
//
// Define functions to capture the high 64-bits of a 128-bit multiply.
//
#define MultiplyHigh __mulh
#define UnsignedMultiplyHigh __umulh
LONGLONG
MultiplyHigh (
IN LONGLONG Multiplier,
IN LONGLONG Multiplicand
);
ULONGLONG
UnsignedMultiplyHigh (
IN ULONGLONG Multiplier,
IN ULONGLONG Multiplicand
);
#pragma intrinsic(__mulh)
#pragma intrinsic(__umulh)
//
// Define functions to read and write the uer TEB and the system PCR/PRCB.
//
UCHAR
__readgsbyte (
IN ULONG Offset
);
USHORT
__readgsword (
IN ULONG Offset
);
ULONG
__readgsdword (
IN ULONG Offset
);
ULONG64
__readgsqword (
IN ULONG Offset
);
VOID
__writegsbyte (
IN ULONG Offset,
IN UCHAR Data
);
VOID
__writegsword (
IN ULONG Offset,
IN USHORT Data
);
VOID
__writegsdword (
IN ULONG Offset,
IN ULONG Data
);
VOID
__writegsqword (
IN ULONG Offset,
IN ULONG64 Data
);
#pragma intrinsic(__readgsbyte)
#pragma intrinsic(__readgsword)
#pragma intrinsic(__readgsdword)
#pragma intrinsic(__readgsqword)
#pragma intrinsic(__writegsbyte)
#pragma intrinsic(__writegsword)
#pragma intrinsic(__writegsdword)
#pragma intrinsic(__writegsqword)
#endif // defined(_M_AMD64) && !defined(RC_INVOKED) && !defined(MIDL_PASS)
//
// Size of kernel mode stack.
//
#define KERNEL_STACK_SIZE 0x5000
//
// Define size of large kernel mode stack for callbacks.
//
#define KERNEL_LARGE_STACK_SIZE 0xf000
//
// Define number of pages to initialize in a large kernel stack.
//
#define KERNEL_LARGE_STACK_COMMIT 0x5000
//
// Define the size of the stack used for processing an MCA exception.
//
#define KERNEL_MCA_EXCEPTION_STACK_SIZE 0x2000
//
// The following flags control the contents of the CONTEXT structure.
//
#if !defined(RC_INVOKED)
#define CONTEXT_AMD64 0x100000
// end_wx86
#define CONTEXT_CONTROL (CONTEXT_AMD64 | 0x1L)
#define CONTEXT_INTEGER (CONTEXT_AMD64 | 0x2L)
#define CONTEXT_SEGMENTS (CONTEXT_AMD64 | 0x4L)
#define CONTEXT_FLOATING_POINT (CONTEXT_AMD64 | 0x8L)
#define CONTEXT_DEBUG_REGISTERS (CONTEXT_AMD64 | 0x10L)
#define CONTEXT_FULL (CONTEXT_CONTROL | CONTEXT_INTEGER | CONTEXT_FLOATING_POINT)
// begin_wx86
#endif // !defined(RC_INVOKED)
//
// Define 128-bit 16-byte aligned xmm register type.
//
typedef struct DECLSPEC_ALIGN(16) _M128 {
ULONGLONG Low;
LONGLONG High;
} M128, *PM128;
//
// Format of data for fnsave/frstor instructions.
//
// This structure is used to store the legacy floating point state.
//
typedef struct _LEGACY_SAVE_AREA {
USHORT ControlWord;
USHORT Reserved0;
USHORT StatusWord;
USHORT Reserved1;
USHORT TagWord;
USHORT Reserved2;
ULONG ErrorOffset;
USHORT ErrorSelector;
USHORT ErrorOpcode;
ULONG DataOffset;
USHORT DataSelector;
USHORT Reserved3;
UCHAR FloatRegisters[8 * 10];
} LEGACY_SAVE_AREA, *PLEGACY_SAVE_AREA;
#define LEGACY_SAVE_AREA_LENGTH ((sizeof(LEGACY_SAVE_AREA) + 15) & ~15)
//
// Context Frame
//
// This frame has a several purposes: 1) it is used as an argument to
// NtContinue, 2) is is used to constuct a call frame for APC delivery,
// and 3) it is used in the user level thread creation routines.
//
//
// The flags field within this record controls the contents of a CONTEXT
// record.
//
// If the context record is used as an input parameter, then for each
// portion of the context record controlled by a flag whose value is
// set, it is assumed that that portion of the context record contains
// valid context. If the context record is being used to modify a threads
// context, then only that portion of the threads context is modified.
//
// If the context record is used as an output parameter to capture the
// context of a thread, then only those portions of the thread's context
// corresponding to set flags will be returned.
//
// CONTEXT_CONTROL specifies SegSs, Rsp, SegCs, Rip, and EFlags.
//
// CONTEXT_INTEGER specifies Rax, Rcx, Rdx, Rbx, Rbp, Rsi, Rdi, and R8-R15.
//
// CONTEXT_SEGMENTS specifies SegDs, SegEs, SegFs, and SegGs.
//
// CONTEXT_DEBUG_REGISTERS specifies Dr0-Dr3 and Dr6-Dr7.
//
// CONTEXT_MMX_REGISTERS specifies the floating point and extended registers
// Mm0/St0-Mm7/St7 and Xmm0-Xmm15).
//
typedef struct DECLSPEC_ALIGN(16) _CONTEXT {
//
// Register parameter home addresses.
//
ULONG64 P1Home;
ULONG64 P2Home;
ULONG64 P3Home;
ULONG64 P4Home;
ULONG64 P5Home;
ULONG64 P6Home;
//
// Control flags.
//
ULONG ContextFlags;
ULONG MxCsr;
//
// Segment Registers and processor flags.
//
USHORT SegCs;
USHORT SegDs;
USHORT SegEs;
USHORT SegFs;
USHORT SegGs;
USHORT SegSs;
ULONG EFlags;
//
// Debug registers
//
ULONG64 Dr0;
ULONG64 Dr1;
ULONG64 Dr2;
ULONG64 Dr3;
ULONG64 Dr6;
ULONG64 Dr7;
//
// Integer registers.
//
ULONG64 Rax;
ULONG64 Rcx;
ULONG64 Rdx;
ULONG64 Rbx;
ULONG64 Rsp;
ULONG64 Rbp;
ULONG64 Rsi;
ULONG64 Rdi;
ULONG64 R8;
ULONG64 R9;
ULONG64 R10;
ULONG64 R11;
ULONG64 R12;
ULONG64 R13;
ULONG64 R14;
ULONG64 R15;
//
// Program counter.
//
ULONG64 Rip;
//
// MMX/floating point state.
//
M128 Xmm0;
M128 Xmm1;
M128 Xmm2;
M128 Xmm3;
M128 Xmm4;
M128 Xmm5;
M128 Xmm6;
M128 Xmm7;
M128 Xmm8;
M128 Xmm9;
M128 Xmm10;
M128 Xmm11;
M128 Xmm12;
M128 Xmm13;
M128 Xmm14;
M128 Xmm15;
//
// Legacy floating point state.
//
LEGACY_SAVE_AREA FltSave;
ULONG Fill;
} CONTEXT, *PCONTEXT;
#endif // _AMD64_
#ifdef _IA64_
//
// Define size of kernel mode stack.
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -