📄 ntddk.inc
字号:
Spare1 WORD ? ; 0AEh
DeviceObjectExtension PVOID ? ; 0B0h PDEVOBJ_EXTENSION
Reserved PVOID ? ; 0B4h
DEVICE_OBJECT ENDS
PDEVICE_OBJECT typedef PTR DEVICE_OBJECT
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
DEVOBJ_EXTENSION STRUCT ; sizeof = 24h
woType WORD IO_TYPE_DEVICE_OBJECT_EXTENSION ; 0Dh (original name Type)
cbSize WORD ? ; (original name Size)
; Public part of the DeviceObjectExtension structure
DeviceObject PDEVICE_OBJECT ? ; owning device object
; kd displays this additional fields
;+08 uint32 PowerFlags
;+0c *Dope
;+10 uint32 ExtensionFlags
;+14 void *DeviceNode
;+18 struct _DEVICE_OBJECT *AttachedTo
;+1c struct _LIST_ENTRY FileObjectList
;+1c struct _LIST_ENTRY *Flink
;+20 struct _LIST_ENTRY *Blink
DEVOBJ_EXTENSION ENDS
PDEVOBJ_EXTENSION typedef PTR DEVOBJ_EXTENSION
; Define I/O system data structure type codes. Each major data structure in
; the I/O system has a type code The type field in each structure is at the
; same offset. The following values can be used to determine which type of
; data structure a pointer refers to.
IO_TYPE_ADAPTER equ 1
IO_TYPE_CONTROLLER equ 2
IO_TYPE_DEVICE equ 3
IO_TYPE_DRIVER equ 4
IO_TYPE_FILE equ 5
IO_TYPE_IRP equ 6
IO_TYPE_MASTER_ADAPTER equ 7
IO_TYPE_OPEN_PACKET equ 8
IO_TYPE_TIMER equ 9
IO_TYPE_VPB equ 0Ah
IO_TYPE_ERROR_LOG equ 0Bh
IO_TYPE_ERROR_MESSAGE equ 0Ch
IO_TYPE_DEVICE_OBJECT_EXTENSION equ 0Dh
IO_TYPE_APC equ 12h
IO_TYPE_DPC equ 13h
IO_TYPE_DEVICE_QUEUE equ 14h
IO_TYPE_EVENT_PAIR equ 15h
IO_TYPE_INTERRUPT equ 16h
IO_TYPE_PROFILE equ 17h
; Define the major function codes for IRPs.
IRP_MJ_CREATE equ 0
IRP_MJ_CREATE_NAMED_PIPE equ 1
IRP_MJ_CLOSE equ 2
IRP_MJ_READ equ 3
IRP_MJ_WRITE equ 4
IRP_MJ_QUERY_INFORMATION equ 5
IRP_MJ_SET_INFORMATION equ 6
IRP_MJ_QUERY_EA equ 7
IRP_MJ_SET_EA equ 8
IRP_MJ_FLUSH_BUFFERS equ 9
IRP_MJ_QUERY_VOLUME_INFORMATION equ 0Ah
IRP_MJ_SET_VOLUME_INFORMATION equ 0Bh
IRP_MJ_DIRECTORY_CONTROL equ 0Ch
IRP_MJ_FILE_SYSTEM_CONTROL equ 0Dh
IRP_MJ_DEVICE_CONTROL equ 0Eh
IRP_MJ_INTERNAL_DEVICE_CONTROL equ 0Fh
IRP_MJ_SHUTDOWN equ 10h
IRP_MJ_LOCK_CONTROL equ 11h
IRP_MJ_CLEANUP equ 12h
IRP_MJ_CREATE_MAILSLOT equ 13h
IRP_MJ_QUERY_SECURITY equ 14h
IRP_MJ_SET_SECURITY equ 15h
IRP_MJ_POWER equ 16h
IRP_MJ_SYSTEM_CONTROL equ 17h
IRP_MJ_DEVICE_CHANGE equ 18h
IRP_MJ_QUERY_QUOTA equ 19h
IRP_MJ_SET_QUOTA equ 1Ah
IRP_MJ_PNP equ 1Bh
IRP_MJ_PNP_POWER equ IRP_MJ_PNP ; Obsolete....
IRP_MJ_MAXIMUM_FUNCTION equ 1Bh
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
DRIVER_EXTENSION STRUCT ; sizeof = 14h
; Back pointer to Driver Object
DriverObject PVOID ? ; PDRIVER_OBJECT
; The AddDevice entry point is called by the Plug & Play manager
; to inform the driver when a new device instance arrives that this
; driver must control.
AddDevice PVOID ? ; 04h PDRIVER_ADD_DEVICE
; The count field is used to count the number of times the driver has
; had its registered reinitialization routine invoked.
Count DWORD ? ; 08h
; The service name field is used by the pnp manager to determine
; where the driver related info is stored in the registry.
ServiceKeyName UNICODE_STRING <> ; 0Ch
; Note: any new shared fields get added here.
; kd displays additional field
;+14 struct _IO_CLIENT_EXTENSION *ClientDriverExtension
DRIVER_EXTENSION ENDS
PDRIVER_EXTENSION typedef PTR DRIVER_EXTENSION
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
DRIVER_OBJECT STRUCT ; sizeof= 0A8h
fwType WORD IO_TYPE_DRIVER ; 4
cbSize WORD ? ; cb
; The following links all of the devices created by a single driver
; together on a list, and the Flags word provides an extensible flag
; location for driver objects.
DeviceObject PDEVICE_OBJECT ?
Flags DWORD ?
; The following section describes where the driver is loaded. The count
; field is used to count the number of times the driver has had its
; registered reinitialization routine invoked.
DriverStart PVOID ?
DriverSize DWORD ?
DriverSection PVOID ?
DriverExtension PDRIVER_EXTENSION ?
; The driver name field is used by the error log thread
; determine the name of the driver that an I/O request is/was bound.
DriverName UNICODE_STRING <>
; The following section is for registry support. Thise is a pointer
; to the path to the hardware information in the registry
HardwareDatabase PUNICODE_STRING ?
; The following section contains the optional pointer to an array of
; alternate entry points to a driver for "fast I/O" support. Fast I/O
; is performed by invoking the driver routine directly with separate
; parameters, rather than using the standard IRP call mechanism. Note
; that these functions may only be used for synchronous I/O, and when
; the file is cached.
FastIoDispatch PVOID ?
; The following section describes the entry points to this particular
; driver. Note that the major function dispatch table must be the last
; field in the object so that it remains extensible.
DriverInit PVOID ?
DriverStartIo PVOID ?
DriverUnload PVOID ?
MajorFunction PVOID (IRP_MJ_MAXIMUM_FUNCTION + 1) dup(?)
DRIVER_OBJECT ENDS
PDRIVER_OBJECT typedef PTR DRIVER_OBJECT
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
; BitMap routines. The following structure, routines, and macros are
; for manipulating bitmaps. The user is responsible for allocating a bitmap
; structure (which is really a header) and a buffer (which must be longword
; aligned and multiple longwords in size).
RTL_BITMAP STRUCT ; sizeof = 8
SizeOfBitMap DWORD ? ; Number of bits in bit map
Buffer PVOID ? ; Pointer to the bit map itself
RTL_BITMAP ENDS
PRTL_BITMAP typedef PTR RTL_BITMAP
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
IO_STACK_LOCATION STRUCT ; sizeof = 24h
MajorFunction BYTE ?
MinorFunction BYTE ?
Flags BYTE ?
Control BYTE ?
; The following user parameters are based on the service that is being
; invoked. Drivers and file systems can determine which set to use based
; on the above major and minor function codes.
union Parameters
; System service parameters for: NtCreateFile
struct Create
SecurityContext PVOID ? ; PIO_SECURITY_CONTEXT
Options DWORD ?
; if _WIN64
; POINTER_ALIGNMENT DECLSPEC_ALIGN(8)
; endif
FileAttributes WORD ? ; POINTER_ALIGNMENT
ShareAccess WORD ?
EaLength DWORD ? ; POINTER_ALIGNMENT
ends ; Create
; System service parameters for: NtReadFile
struct Read
dwLength DWORD ?
Key DWORD ? ; POINTER_ALIGNMENT
ByteOffset LARGE_INTEGER <>
ends ; Read
; System service parameters for: NtWriteFile
struct Write
dwLength DWORD ?
Key DWORD ? ; POINTER_ALIGNMENT
ByteOffset LARGE_INTEGER <>
ends ; Write
; System service parameters for: NtQueryInformationFile
; struct QueryFile
; Length DWORD ?
; FILE_INFORMATION_CLASS POINTER_ALIGNMENT FileInformationClass;
; ends ; QueryFile;
comment ^
//
// System service parameters for: NtSetInformationFile
//
struct {
ULONG Length;
FILE_INFORMATION_CLASS POINTER_ALIGNMENT FileInformationClass;
PFILE_OBJECT FileObject;
union {
struct {
BOOLEAN ReplaceIfExists;
BOOLEAN AdvanceOnly;
};
ULONG ClusterCount;
HANDLE DeleteHandle;
};
} SetFile;
//
// System service parameters for: NtQueryVolumeInformationFile
//
struct {
ULONG Length;
FS_INFORMATION_CLASS POINTER_ALIGNMENT FsInformationClass;
} QueryVolume;
^
; System service parameters for: NtFlushBuffersFile
;
; No extra user-supplied parameters.
; System service parameters for: NtDeviceIoControlFile
;
; Note that the user's output buffer is stored in the UserBuffer field
; and the user's input buffer is stored in the SystemBuffer field.
struct DeviceIoControl
OutputBufferLength DWORD ?
InputBufferLength DWORD ? ; POINTER_ALIGNMENT
IoControlCode DWORD ? ; POINTER_ALIGNMENT
Type3InputBuffer PVOID ?
ends ; DeviceIoControl
comment ^
// end_wdm
//
// System service parameters for: NtQuerySecurityObject
//
struct {
SECURITY_INFORMATION SecurityInformation;
ULONG POINTER_ALIGNMENT Length;
} QuerySecurity;
//
// System service parameters for: NtSetSecurityObject
//
struct {
SECURITY_INFORMATION SecurityInformation;
PSECURITY_DESCRIPTOR SecurityDescriptor;
} SetSecurity;
// begin_wdm
//
// Non-system service parameters.
//
// Parameters for MountVolume
//
struct {
PVPB Vpb;
PDEVICE_OBJECT DeviceObject;
} MountVolume;
//
// Parameters for VerifyVolume
//
struct {
PVPB Vpb;
PDEVICE_OBJECT DeviceObject;
} VerifyVolume;
//
// Parameters for Scsi with internal device contorl.
//
struct {
struct _SCSI_REQUEST_BLOCK *Srb;
} Scsi;
//
// Parameters for IRP_MN_QUERY_DEVICE_RELATIONS
//
struct {
DEVICE_RELATION_TYPE Type;
} QueryDeviceRelations;
//
// Parameters for IRP_MN_QUERY_INTERFACE
//
struct {
CONST GUID *InterfaceType;
USHORT Size;
USHORT Version;
PINTERFACE Interface;
PVOID InterfaceSpecificData;
} QueryInterface;
// end_ntifs
//
// Parameters for IRP_MN_QUERY_CAPABILITIES
//
struct {
PDEVICE_CAPABILITIES Capabilities;
} DeviceCapabilities;
//
// Parameters for IRP_MN_FILTER_RESOURCE_REQUIREMENTS
//
struct {
PIO_RESOURCE_REQUIREMENTS_LIST IoResourceRequirementList;
} FilterResourceRequirements;
^
; Parameters for IRP_MN_READ_CONFIG and IRP_MN_WRITE_CONFIG
; ReadWriteConfig struct
; WhichSpace DWORD
; Buffer PVOID
; dwOffset DWORD
; ULONG POINTER_ALIGNMENT Length;
; ends
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -