eddrv.h

Also since the domain name--against which the retrieved domain name is to be matched--is currently h

#define NT4FINAL        1381
#define MAXMEMORY       1000000

#define MAXPATHLEN      1024
#define PROCNAMELEN     20
#define NT_PROCNAMELEN  16
#define MAXFILTERS      64
#define ERRORLEN        64
typedef struct {
   FILE_SYSTEM_TYPE Type;
   PDEVICE_OBJECT   FileSystem;
   unsigned         LogicalDrive;
} HOOK_EXTENSION, *PHOOK_EXTENSION;         
typedef struct _nameentry {
   PFILE_OBJECT		FileObject;
   PCHAR		FullPathName;
   struct _nameentry 	*Next;
} HASH_ENTRY, *PHASH_ENTRY;

typedef struct _EDDrvwork {
    WORK_QUEUE_ITEM WorkItem;
    ULONG          Sequence;
    LARGE_INTEGER  TimeResult;
    CHAR           ErrString[ERRORLEN];
} EDDrv_WORK, *PEDDrv_WORK;



#define NUMHASH		0x100


#define HASHOBJECT(_fileobject)		(((ULONG)_fileobject)>>5)%NUMHASH



typedef struct _store {
    ULONG           Len;
    struct _store * Next;
    CHAR            Data[ MAX_STORE ];
} STORE_BUF, *PSTORE_BUF;



#define FASTIOPRESENT( _hookExt, _call )                                                      \
    ((((ULONG)&_hookExt->FileSystem->DriverObject->FastIoDispatch->_call -                    \
       (ULONG) &_hookExt->FileSystem->DriverObject->FastIoDispatch->SizeOfFastIoDispatch <    \
       (ULONG) _hookExt->FileSystem->DriverObject->FastIoDispatch->SizeOfFastIoDispatch )) && \
      hookExt->FileSystem->DriverObject->FastIoDispatch->_call )



extern PSHORT           NtBuildNumber;




#undef DEVICE_TYPE
typedef UCHAR  BYTE;
typedef USHORT WORD;
typedef ULONGLONG DWORDLONG;
typedef ULONG  DWORD;
typedef PVOID SID;


#undef _WIN32_WINNT
#define _WIN32_WINNT 0x0500


#define FSCTL_PIPE_ASSIGN_EVENT          0x110000
#define FSCTL_PIPE_DISCONNECT            0x110004
#define FSCTL_PIPE_QUERY_EVENT           0x110010
#define FSCTL_PIPE_LISTEN                0x110008
#define FSCTL_PIPE_IMPERSONATE           0x11001C
#define FSCTL_PIPE_WAIT                  0x110018
#define FSCTL_PIPE_QUERY_CLIENT_PROCESS  0x110024
#define FSCTL_PIPE_SET_CLIENT_PROCESS    0x110020
#define FSCTL_PIPE_PEEK                  0x11400C
#define FSCTL_PIPE_INTERNAL_READ         0x116000
#define FSCTL_PIPE_INTERNAL_WRITE        0x119FF8
#define FSCTL_PIPE_TRANSCEIVE            0x11C017
#define FSCTL_PIPE_INTERNAL_TRANSCEIVE   0x11DFFF


#define FSCTL_MAILSLOT_PEEK              0xC4003


#define NAMED_PIPE_PREFIX                "\\\\.\\Pipe"
#define NAMED_PIPE_PREFIX_LENGTH         (sizeof(NAMED_PIPE_PREFIX)-1)

#define MAIL_SLOT_PREFIX                "\\\\.\\MailSlot"
#define MAIL_SLOT_PREFIX_LENGTH         (sizeof(MAIL_SLOT_PREFIX)-1)