📄 ntddk.inc
字号:
RequestorMode BYTE ? ; 20h KPROCESSOR_MODE
; Pending returned - TRUE if pending was initially returned as the
; status for this packet.
PendingReturned BYTE ? ; 21h
; Stack state information.
StackCount BYTE ? ; 22h
CurrentLocation BYTE ? ; 23h
; Cancel - packet has been canceled.
Cancel BYTE ? ; 24h
; Cancel Irql - Irql at which the cancel spinlock was acquired.
CancelIrql BYTE ? ; 25h
; ApcEnvironment - Used to save the APC environment at the time that the
; packet was initialized.
ApcEnvironment BYTE ? ; 26h
; Allocation control flags.
AllocationFlags BYTE ? 27h
; User parameters.
UserIosb PIO_STATUS_BLOCK ? ; 28h
UserEvent PKEVENT ? ; 2Ch
UNION Overlay ; 30h
STRUCT AsynchronousParameters ; 30h
UserApcRoutine PVOID ? ; 30h PIO_APC_ROUTINE
UserApcContext PVOID ? ; 34h
ENDS ; AsynchronousParameters
AllocationSize LARGE_INTEGER <> ; 30h
ENDS ; Overlay
; CancelRoutine - Used to contain the address of a cancel routine supplied
; by a device driver when the IRP is in a cancelable state.
CancelRoutine PVOID ? ; 38h PDRIVER_CANCEL
; Note that the UserBuffer parameter is outside of the stack so that I/O
; completion can copy data back into the user's address space without
; having to know exactly which service was being invoked. The length
; of the copy is stored in the second half of the I/O status block. If
; the UserBuffer field is NULL, then no copy is performed.
UserBuffer PVOID ? ; 3Ch
; Kernel structures
;
; The following section contains kernel structures which the IRP needs
; in order to place various work information in kernel controller system
; queues. Because the size and alignment cannot be controlled, they are
; placed here at the end so they just hang off and do not affect the
; alignment of other fields in the IRP.
UNION Tail
STRUCT Overlay
UNION
; DeviceQueueEntry - The device queue entry field is used to
; queue the IRP to the device driver device queue.
DeviceQueueEntry KDEVICE_QUEUE_ENTRY <>
STRUCT
; The following are available to the driver to use in
; whatever manner is desired, while the driver owns the
; packet.
DriverContext PVOID 4 dup(?)
ENDS
ENDS
; Thread - pointer to caller's Thread Control Block.
Thread PVOID ? ; PETHREAD
; Auxiliary buffer - pointer to any auxiliary buffer that is
; required to pass information to a driver that is not contained
; in a normal buffer.
AuxiliaryBuffer PCHAR ?
; The following unnamed structure must be exactly identical
; to the unnamed structure used in the minipacket header used
; for completion queue entries.
STRUCT
; List entry - used to queue the packet to completion queue, among
; others.
ListEntry LIST_ENTRY <>
UNION
; Current stack location - contains a pointer to the current
; IO_STACK_LOCATION structure in the IRP stack. This field
; should never be directly accessed by drivers. They should
; use the standard functions.
CurrentStackLocation PVOID ? ; PTR IO_STACK_LOCATION
; Minipacket type.
PacketType DWORD ?
ENDS
ENDS
; Original file object - pointer to the original file object
; that was used to open the file. This field is owned by the
; I/O system and should not be used by any other drivers.
OriginalFileObject PFILE_OBJECT ?
ENDS ; Overlay
; APC - This APC control block is used for the special kernel APC as
; well as for the caller's APC, if one was specified in the original
; argument list. If so, then the APC is reused for the normal APC for
; whatever mode the caller was in and the "special" routine that is
; invoked before the APC gets control simply deallocates the IRP.
Apc KAPC <>
; CompletionKey - This is the key that is used to distinguish
; individual I/O operations initiated on a single file handle.
CompletionKey PVOID ?
ENDS ;Tail
_IRP ENDS
PIRP typedef PTR _IRP
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
; Volume Parameter Block (VPB)
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
MAXIMUM_VOLUME_LABEL_LENGTH equ (32 * sizeof(WCHAR)) ; 32 characters
VPB STRUCT ; sizeof = 58h
fwType WORD IO_TYPE_VPB ; 0Ah
cbSize WORD ? ; cb
Flags WORD ?
VolumeLabelLength WORD ? ; in bytes without terminat. zero
DeviceObject PVOID ? ; PDEVICE_OBJECT
RealDevice PVOID ? ; PDEVICE_OBJECT
SerialNumber DWORD ?
ReferenceCount DWORD ?
VolumeLabel WORD (MAXIMUM_VOLUME_LABEL_LENGTH / (sizeof WCHAR)) dup(?)
VPB ENDS
PVPB typedef PTR VPB
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
; Define the various device type values. Note that values used by Microsoft
; Corporation are in the range 0-32767, and 32768-65535 are reserved for use
; by customers.
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
DEVICE_TYPE typedef DWORD
FILE_DEVICE_BEEP equ 01
FILE_DEVICE_CD_ROM equ 02
FILE_DEVICE_CD_ROM_FILE_SYSTEM equ 03
FILE_DEVICE_CONTROLLER equ 04
FILE_DEVICE_DATALINK equ 05
FILE_DEVICE_DFS equ 06
FILE_DEVICE_DISK equ 07
FILE_DEVICE_DISK_FILE_SYSTEM equ 08
FILE_DEVICE_FILE_SYSTEM equ 09
FILE_DEVICE_INPORT_PORT equ 0ah
FILE_DEVICE_KEYBOARD equ 0bh
FILE_DEVICE_MAILSLOT equ 0ch
FILE_DEVICE_MIDI_IN equ 0dh
FILE_DEVICE_MIDI_OUT equ 0eh
FILE_DEVICE_MOUSE equ 0fh
FILE_DEVICE_MULTI_UNC_PROVIDER equ 10h
FILE_DEVICE_NAMED_PIPE equ 11h
FILE_DEVICE_NETWORK equ 12h
FILE_DEVICE_NETWORK_BROWSER equ 13h
FILE_DEVICE_NETWORK_FILE_SYSTEM equ 14h
FILE_DEVICE_NULL equ 15h
FILE_DEVICE_PARALLEL_PORT equ 16h
FILE_DEVICE_PHYSICAL_NETCARD equ 17h
FILE_DEVICE_PRINTER equ 18h
FILE_DEVICE_SCANNER equ 19h
FILE_DEVICE_SERIAL_MOUSE_PORT equ 1ah
FILE_DEVICE_SERIAL_PORT equ 1bh
FILE_DEVICE_SCREEN equ 1ch
FILE_DEVICE_SOUND equ 1dh
FILE_DEVICE_STREAMS equ 1eh
FILE_DEVICE_TAPE equ 1fh
FILE_DEVICE_TAPE_FILE_SYSTEM equ 20h
FILE_DEVICE_TRANSPORT equ 21h
FILE_DEVICE_UNKNOWN equ 22h
FILE_DEVICE_VIDEO equ 23h
FILE_DEVICE_VIRTUAL_DISK equ 24h
FILE_DEVICE_WAVE_IN equ 25h
FILE_DEVICE_WAVE_OUT equ 26h
FILE_DEVICE_8042_PORT equ 27h
FILE_DEVICE_NETWORK_REDIRECTOR equ 28h
FILE_DEVICE_BATTERY equ 29h
FILE_DEVICE_BUS_EXTENDER equ 2ah
FILE_DEVICE_MODEM equ 2bh
FILE_DEVICE_VDM equ 2ch
FILE_DEVICE_MASS_STORAGE equ 2dh
FILE_DEVICE_SMB equ 2eh
FILE_DEVICE_KS equ 2fh
FILE_DEVICE_CHANGER equ 30h
FILE_DEVICE_SMARTCARD equ 31h
FILE_DEVICE_ACPI equ 32h
FILE_DEVICE_DVD equ 33h
FILE_DEVICE_FULLSCREEN_VIDEO equ 34h
FILE_DEVICE_DFS_FILE_SYSTEM equ 35h
FILE_DEVICE_DFS_VOLUME equ 36h
FILE_DEVICE_SERENUM equ 37h
FILE_DEVICE_TERMSRV equ 38h
FILE_DEVICE_KSEC equ 39h
; Macro definition for defining IOCTL and FSCTL function control codes. Note
; that function codes 0-2047 are reserved for Microsoft Corporation, and
; 2048-4095 are reserved for customers.
CTL_CODE MACRO DeviceType:=<0>, Function:=<0>, Method:=<0>, Access:=<0>
EXITM %((DeviceType SHL 16) OR ((Access) SHL 14) OR ((Function) SHL 2) OR Method)
ENDM
; Macro to extract device type out of the device io control code
DEVICE_TYPE_FROM_CTL_CODE MACRO ctrlCode:REQ
EXITM %((ctrlCode AND 0ffff0000h) SHR 16)
ENDM
; Define the method codes for how buffers are passed for I/O and FS controls
METHOD_BUFFERED equ 0
METHOD_IN_DIRECT equ 1
METHOD_OUT_DIRECT equ 2
METHOD_NEITHER equ 3
; Define the access check value for any access
;
; The FILE_READ_ACCESS and FILE_WRITE_ACCESS constants are also defined in
; ntioapi.h as FILE_READ_DATA and FILE_WRITE_DATA. The values for these
; constants *MUST* always be in sync.
;
; FILE_SPECIAL_ACCESS is checked by the NT I/O system the same as FILE_ANY_ACCESS.
; The file systems, however, may add additional access checks for I/O and FS controls
; that use this value.
FILE_ANY_ACCESS equ 0
FILE_SPECIAL_ACCESS equ FILE_ANY_ACCESS
FILE_READ_ACCESS equ 1 ; file & pipe
FILE_WRITE_ACCESS equ 2 ; file & pipe
; begin_winnt
; Define access rights to files and directories
; The FILE_READ_DATA and FILE_WRITE_DATA constants are also defined in
; devioctl.h as FILE_READ_ACCESS and FILE_WRITE_ACCESS. The values for these
; constants *MUST* always be in sync.
; The values are redefined in devioctl.h because they must be available to
; both DOS and NT.
FILE_READ_DATA equ 0001 ; file & pipe
FILE_LIST_DIRECTORY equ 0001 ; directory
FILE_WRITE_DATA equ 0002 ; file & pipe
FILE_ADD_FILE equ 0002 ; directory
FILE_APPEND_DATA equ 0004 ; file
FILE_ADD_SUBDIRECTORY equ 0004 ; directory
FILE_CREATE_PIPE_INSTANCE equ 0004 ; named pipe
FILE_READ_EA equ 0008 ; file & directory
FILE_WRITE_EA equ 0010h ; file & directory
FILE_EXECUTE equ 0020h ; file
FILE_TRAVERSE equ 0020h ; directory
FILE_DELETE_CHILD equ 0040h ; directory
FILE_READ_ATTRIBUTES equ 0080h ; all
FILE_WRITE_ATTRIBUTES equ 0100h ; all
FILE_ALL_ACCESS equ STANDARD_RIGHTS_REQUIRED or SYNCHRONIZE or 1FFh
FILE_GENERIC_READ equ STANDARD_RIGHTS_READ or FILE_READ_DATA or FILE_READ_ATTRIBUTES or FILE_READ_EA or SYNCHRONIZE
FILE_GENERIC_WRITE equ STANDARD_RIGHTS_WRITE or FILE_WRITE_DATA or FILE_WRITE_ATTRIBUTES or FILE_WRITE_EA or FILE_APPEND_DATA or SYNCHRONIZE
FILE_GENERIC_EXECUTE equ STANDARD_RIGHTS_EXECUTE or FILE_READ_ATTRIBUTES or FILE_EXECUTE or SYNCHRONIZE
; end_winnt
; Define share access rights to files and directories
FILE_SHARE_READ equ 1 ; winnt
FILE_SHARE_WRITE equ 2 ; winnt
FILE_SHARE_DELETE equ 4 ; winnt
FILE_SHARE_VALID_FLAGS equ 7
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
; Define Wait Context Block (WCB)
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
WAIT_CONTEXT_BLOCK STRUCT ; sizeof = 28h
WaitQueueEntry KDEVICE_QUEUE_ENTRY <>
DeviceRoutine PVOID ? ; PDRIVER_CONTROL
DeviceContext PVOID ?
NumberOfMapRegisters DWORD ?
DeviceObject PVOID ?
CurrentIrp PVOID ?
BufferChainingDpc PVOID ? ; PKDPC
WAIT_CONTEXT_BLOCK ENDS
PWAIT_CONTEXT_BLOCK typedef PTR WAIT_CONTEXT_BLOCK
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
KDPC STRUCT ; sizeof = 20h
woType WORD IO_TYPE_DPC ; 13h (original name Type)
Number BYTE ?
Importance BYTE ?
DpcListEntry LIST_ENTRY <>
DeferredRoutine PVOID ?
DeferredContext PVOID ?
SystemArgument1 PVOID ?
SystemArgument2 PVOID ?
pdwLock PDWORD ? ; (original Lock)
KDPC ENDS
PKDPC typedef PTR KDPC
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
; Device Object structure definition
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
DEVICE_OBJECT STRUCT ; sizeof = 0B8h
fwType WORD IO_TYPE_DEVICE ; 3
cbSize WORD ? ; 02h
ReferenceCount DWORD ? ; 04h
DriverObject PVOID ? ; 08h PDRIVER_OBJECT
NextDevice PVOID ? ; 0Ch PDEVICE_OBJECT
AttachedDevice PVOID ? ; 10h PDEVICE_OBJECT
CurrentIrp PIRP ? ; 14h PTR _IRP
Timer PVOID ? ; 18h PIO_TIMER
Flags DWORD ? ; 1Ch DO_*
Characteristics DWORD ? ; 20h FILE_*
Vpb PVPB ? ; 24h PTR VPB
DeviceExtension PVOID ? ; 28h
DeviceType DEVICE_TYPE ? ; 2Ch
StackSize CHAR ? ; 30h
db 3 dup(?) ; padding
UNION Queue
ListEntry LIST_ENTRY <> ; 34h
Wcb WAIT_CONTEXT_BLOCK <> ; 34h
ENDS ; Queue
AlignmentRequirement DWORD ? ; 5Ch
DeviceQueue KDEVICE_QUEUE <> ; 60h
Dpc KDPC <> ; 74h
; The following field is for exclusive use by the filesystem to keep
; track of the number of Fsp threads currently using the device
ActiveThreadCount DWORD ? ; 94h
SecurityDescriptor PSECURITY_DESCRIPTOR ? ; 98h
DeviceLock KEVENT <> ; 9Ch
SectorSize WORD ? ; 0ACh
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -