ntddk.inc

linux ip fiter source

		; Parameters for IRP_MN_SET_LOCK

		struct SetLock
			bLock	BOOLEAN	?	; original name Lock
					db 3 dup(?)	; padding ???
		ends
comment ^
        //
        // Parameters for IRP_MN_QUERY_ID
        //

        struct {
            BUS_QUERY_ID_TYPE IdType;
        } QueryId;

        //
        // Parameters for IRP_MN_QUERY_DEVICE_TEXT
        //

        struct {
            DEVICE_TEXT_TYPE DeviceTextType;
            LCID POINTER_ALIGNMENT LocaleId;
        } QueryDeviceText;

        //
        // Parameters for IRP_MN_DEVICE_USAGE_NOTIFICATION
        //

        struct {
            BOOLEAN InPath;
            BOOLEAN Reserved[3];
            DEVICE_USAGE_NOTIFICATION_TYPE POINTER_ALIGNMENT Type;
        } UsageNotification;

        //
        // Parameters for IRP_MN_WAIT_WAKE
        //

        struct {
            SYSTEM_POWER_STATE PowerState;
        } WaitWake;

        //
        // Parameter for IRP_MN_POWER_SEQUENCE
        //

        struct {
            PPOWER_SEQUENCE PowerSequence;
        } PowerSequence;

        //
        // Parameters for IRP_MN_SET_POWER and IRP_MN_QUERY_POWER
        //

        struct {
            ULONG SystemContext;
            POWER_STATE_TYPE POINTER_ALIGNMENT Type;
            POWER_STATE POINTER_ALIGNMENT State;
            POWER_ACTION POINTER_ALIGNMENT ShutdownType;
        } Power;

        //
        // Parameters for StartDevice
        //

        struct {
            PCM_RESOURCE_LIST AllocatedResources;
            PCM_RESOURCE_LIST AllocatedResourcesTranslated;
        } StartDevice;

// begin_ntifs
        //
        // Parameters for Cleanup
        //
        // No extra parameters supplied
        //

        //
        // WMI Irps
        //

        struct {
            ULONG_PTR ProviderId;
            PVOID DataPath;
            ULONG BufferSize;
            PVOID Buffer;
        } WMI;
^
		; Others - driver-specific

		struct Others
			Argument1	PVOID	?
			Argument2	PVOID	?
			Argument3	PVOID	?
			Argument4	PVOID	?
		ends

	ends	; Parameters

	; Save a pointer to this device driver's device object for this request
	; so it can be passed to the completion routine if needed.

	DeviceObject		PDEVICE_OBJECT	?

	; The following location contains a pointer to the file object for this

	FileObject			PFILE_OBJECT	?

	; The following routine is invoked depending on the flags in the above
	; flags field.

	CompletionRoutine	PVOID	?	; PIO_COMPLETION_ROUTINE

	; The following is used to store the address of the context parameter
	; that should be passed to the CompletionRoutine.

	Context				PVOID	?

IO_STACK_LOCATION ENDS
PIO_STACK_LOCATION typedef PTR IO_STACK_LOCATION

;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
; PIO_STACK_LOCATION IoGetCurrentIrpStackLocation( IN PIRP Irp )
;
; Macro Description:
;
;     This macro is invoked to return a pointer to the current stack location
;     in an I/O Request Packet (IRP).
;
; Arguments:
;
;     Irp - Pointer to the I/O Request Packet.
;
; Return Value:
;
;     The function value is a pointer to the current stack location in the
;     packet.
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

IoGetCurrentIrpStackLocation MACRO pIrp:REQ
	IFDIFI <pIrp>, <eax>	;; don't move eax onto itself
		mov eax, pIrp
	ENDIF
	mov eax, (_IRP PTR [eax]).Tail.Overlay.CurrentStackLocation
ENDM

;typedef enum _MODE {
KernelMode	equ 0
UserMode	equ 1
MaximumMode	equ 2
;} MODE;


; Routines to support fast mutexes.

FAST_MUTEX STRUCT	; sizeof = 20h
	Count		SDWORD	?
	Owner		PVOID	?	; PTR KTHREAD
	Contention	DWORD	?
	Event		KEVENT	<>
	OldIrql		DWORD	?
FAST_MUTEX ENDS
PFAST_MUTEX typedef PTR FAST_MUTEX

;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
; ClientId
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

CLIENT_ID STRUCT	; sizeof = 8 
	UniqueProcess	HANDLE	?
	UniqueThread	HANDLE	?
CLIENT_ID ENDS
PCLIENT_ID typedef PTR CLIENT_ID

;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
; Thread Environment Block (and portable part of Thread Information Block)
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

;  NT_TIB - Thread Information Block - Portable part.
;
;      This is the subsystem portable part of the Thread Information Block.
;      It appears as the first part of the TEB for all threads which have
;      a user mode component.

NT_TIB STRUCT				; sizeof = 1Ch
	ExceptionList			PVOID	?	; PTR EXCEPTION_REGISTRATION_RECORD
	StackBase				PVOID	?	; 04h
	StackLimit				PVOID	?	; 08h
	SubSystemTib			PVOID	?	; 0Ch
	union
		FiberData			PVOID	?	; 10h
		Version				DWORD	?	; 10h
	ends
	ArbitraryUserPointer	PVOID	?	; 14h
	Self					PVOID	?	; 18h PTR NT_TIB
NT_TIB ENDS
PNT_TIB typedef PTR NT_TIB

;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
; Process Information Classes
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

; typedef enum _PROCESSINFOCLASS

    ProcessBasicInformation			equ 0
    ProcessQuotaLimits				equ 1
    ProcessIoCounters				equ 2
    ProcessVmCounters				equ 3
    ProcessTimes					equ 4
    ProcessBasePriority				equ 5
    ProcessRaisePriority			equ 6
    ProcessDebugPort				equ 7
    ProcessExceptionPort			equ 8
    ProcessAccessToken				equ 9
    ProcessLdtInformation			equ 10
    ProcessLdtSize					equ 11
    ProcessDefaultHardErrorMode		equ 12
    ProcessIoPortHandlers			equ 13 ; Note: this is kernel mode only
    ProcessPooledUsageAndLimits		equ 14
    ProcessWorkingSetWatch			equ 15
    ProcessUserModeIOPL				equ 16
    ProcessEnableAlignmentFaultFixup equ 17
    ProcessPriorityClass			equ 18
    ProcessWx86Information			equ 19
    ProcessHandleCount				equ 20
    ProcessAffinityMask				equ 21
    ProcessPriorityBoost			equ 22
    ProcessDeviceMap				equ 23
    ProcessSessionInformation		equ 24
    ProcessForegroundInformation	equ 25
    ProcessWow64Information			equ 26
    MaxProcessInfoClass				equ 27

;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
; Thread Information Classes
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

; typedef enum _THREADINFOCLASS

    ThreadBasicInformation			equ 0
    ThreadTimes						equ 1
    ThreadPriority					equ 2
    ThreadBasePriority				equ 3
    ThreadAffinityMask				equ 4
    ThreadImpersonationToken		equ 5
    ThreadDescriptorTableEntry		equ 6
    ThreadEnableAlignmentFaultFixup	equ 7
    ThreadEventPair_Reusable		equ 8
    ThreadQuerySetWin32StartAddress	equ 9
    ThreadZeroTlsCell				equ 10
    ThreadPerformanceCount			equ 11
    ThreadAmILastThread				equ 12
    ThreadIdealProcessor			equ 13
    ThreadPriorityBoost				equ 14
    ThreadSetTlsArrayAddress		equ 15
    ThreadIsIoPending				equ 16
    ThreadHideFromDebugger			equ 17
    MaxThreadInfoClass				equ 18

;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
; Process Information Structures
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

; PageFaultHistory Information
;  NtQueryInformationProcess using ProcessWorkingSetWatch

PROCESS_WS_WATCH_INFORMATION STRUCT	; sizeof = 8
	FaultingPc	PVOID	?
	FaultingVa	PVOID	?
PROCESS_WS_WATCH_INFORMATION ENDS
PPROCESS_WS_WATCH_INFORMATION typedef PTR PROCESS_WS_WATCH_INFORMATION

;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
; Basic Process Information
;  NtQueryInformationProcess using ProcessBasicInfo
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

PROCESS_BASIC_INFORMATION STRUCT	; sizeof = 18h
	ExitStatus				NTSTATUS	?
	PebBaseAddress			PVOID		? ; PPEB
	AffinityMask			DWORD		?
	BasePriority			DWORD		? ; KPRIORITY
	UniqueProcessId			DWORD		?
	InheritedFromUniqueProcessId	DWORD		?
PROCESS_BASIC_INFORMATION ENDS
PPROCESS_BASIC_INFORMATION typedef PTR PROCESS_BASIC_INFORMATION

comment ^

;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
; Process Device Map information
;  NtQueryInformationProcess using ProcessDeviceMap
;  NtSetInformationProcess using ProcessDeviceMap
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

PROCESS_DEVICEMAP_INFORMATION STRUCT
    union {
        struct {
            HANDLE DirectoryHandle;
        } Set;
        struct {
            ULONG DriveMap;
            UCHAR DriveType[ 32 ];
        } Query;
    };
PROCESS_DEVICEMAP_INFORMATION ENDS
PPROCESS_DEVICEMAP_INFORMATION typedef PTR PROCESS_DEVICEMAP_INFORMATION

;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
; Multi-User Session specific Process Information
;  NtQueryInformationProcess using ProcessSessionInformation
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

PROCESS_SESSION_INFORMATION STRUCT
	SessionId	DWORD	?
PROCESS_SESSION_INFORMATION ENDS
PPROCESS_SESSION_INFORMATION typedef PTR PROCESS_SESSION_INFORMATION

;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
; Process Quotas
;  NtQueryInformationProcess using ProcessQuotaLimits
;  NtQueryInformationProcess using ProcessPooledQuotaLimits
;  NtSetInformationProcess using ProcessQuotaLimits
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

; begin_winnt begin_ntsrv

QUOTA_LIMITS STRUCT
    SIZE_T PagedPoolLimit;
    SIZE_T NonPagedPoolLimit;
    SIZE_T MinimumWorkingSetSize;
    SIZE_T MaximumWorkingSetSize;
    SIZE_T PagefileLimit;
    LARGE_INTEGER TimeLimit;
QUOTA_LIMITS ENDS
PQUOTA_LIMITS typedef PTR QUOTA_LIMITS

; end_winnt end_ntsrv
^
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
; Process I/O Counters
;  NtQueryInformationProcess using ProcessIoCounters
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

; begin_winnt
IO_COUNTERS STRUCT		; sizeof = 30h
	ReadOperationCount	QWORD	?
	WriteOperationCount	QWORD	?	; 08h
	OtherOperationCount	QWORD	?	; 10h
	ReadTransferCount	QWORD	?	; 18h
	WriteTransferCount	QWORD	?	; 20h
	OtherTransferCount	QWORD	?	; 28h
IO_COUNTERS ENDS
PIO_COUNTERS typedef PTR IO_COUNTERS
; end_winnt
comment ^
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
; Process Virtual Memory Counters
;  NtQueryInformationProcess using ProcessVmCounters
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

VM_COUNTERS {
    SIZE_T PeakVirtualSize;
    SIZE_T VirtualSize;
    ULONG PageFaultCount;
    SIZE_T PeakWorkingSetSize;
    SIZE_T WorkingSetSize;
    SIZE_T QuotaPeakPagedPoolUsage;
    SIZE_T QuotaPagedPoolUsage;
    SIZE_T QuotaPeakNonPagedPoolUsage;
    SIZE_T QuotaNonPagedPoolUsage;
    SIZE_T PagefileUsage;
    SIZE_T PeakPagefileUsage;
VM_COUNTERS ENDS
PVM_COUNTERS typedef PTR VM_COUNTERS
^
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
; Processor Control B