undoc.h

ICEExt for Driver Studio3.2的sourcecode

    WORD Length;
    DWORD TimeStamp;
    struct _STRING DosPath;
};


struct _RTL_USER_PROCESS_PARAMETERS
{
    DWORD MaximumLength;
    DWORD Length;
    DWORD Flags;
    DWORD DebugFlags;
    void* ConsoleHandle;
    DWORD ConsoleFlags;
    void* StandardInput;
    void* StandardOutput;
    void* StandardError;
    struct _CURDIR CurrentDirectory;
    struct _UNICODE_STRING DllPath;
    struct _UNICODE_STRING ImagePathName;
    struct _UNICODE_STRING CommandLine;
    void* Environment;
    DWORD StartingX;
    DWORD StartingY;
    DWORD CountX;
    DWORD CountY;
    DWORD CountCharsX;
    DWORD CountCharsY;
    DWORD FillAttribute;
    DWORD WindowFlags;
    DWORD ShowWindowFlags;
    struct _UNICODE_STRING WindowTitle;
    struct _UNICODE_STRING DesktopInfo;
    struct _UNICODE_STRING ShellInfo;
    struct _UNICODE_STRING RuntimeData;
    struct _RTL_DRIVE_LETTER_CURDIR CurrentDirectores[32];
};

typedef struct _PEB
{
    BYTE InheritedAddressSpace;
    BYTE ReadImageFileExecOptions;
    BYTE BeingDebugged;
    BYTE SpareBool;
    void* Mutant;
    void* ImageBaseAddress;
    struct _PEB_LDR_DATA* Ldr;
    struct _RTL_USER_PROCESS_PARAMETERS* ProcessParameters;
    void* SubSystemData;
    void* ProcessHeap;
    void* FastPebLock;
    void* FastPebLockRoutine;
    void* FastPebUnlockRoutine;
    DWORD EnvironmentUpdateCount;
    void* KernelCallbackTable;
    DWORD SystemReserved[2];
    struct _PEB_FREE_BLOCK* FreeList;
    DWORD TlsExpansionCounter;
    void* TlsBitmap;
    DWORD TlsBitmapBits[2];
    void* ReadOnlySharedMemoryBase;
    void* ReadOnlySharedMemoryHeap;
    void** ReadOnlyStaticServerData;
    void* AnsiCodePageData;
    void* OemCodePageData;
    void* UnicodeCaseTableData;
    DWORD NumberOfProcessors;
    DWORD NtGlobalFlag;
    LARGE_INTEGER CriticalSectionTimeout;
    DWORD HeapSegmentReserve;
    DWORD HeapSegmentCommit;
    DWORD HeapDeCommitTotalFreeThreshold;
    DWORD HeapDeCommitFreeBlockThreshold;
    DWORD NumberOfHeaps;
    DWORD MaximumNumberOfHeaps;
    void** ProcessHeaps;
    void* GdiSharedHandleTable;
    void* ProcessStarterHelper;
    DWORD GdiDCAttributeList;
    void* LoaderLock;
    DWORD OSMajorVersion;
    DWORD OSMinorVersion;
    WORD OSBuildNumber;
    WORD OSCSDVersion;
    DWORD OSPlatformId;
    DWORD ImageSubsystem;
    DWORD ImageSubsystemMajorVersion;
    DWORD ImageSubsystemMinorVersion;
    DWORD ImageProcessAffinityMask;
    DWORD GdiHandleBuffer[34];
    void* PostProcessInitRoutine;
    void* TlsExpansionBitmap;
    DWORD TlsExpansionBitmapBits[32];
    DWORD SessionId;
    ULARGE_INTEGER AppCompatFlags;
    void* pShimData;
    void* AppCompatInfo;
    UNICODE_STRING CSDVersion;
    void* ActivationContextData;
    void* ProcessAssemblyStorageMap;
    void* SystemDefaultActivationContextData;
    void* SystemAssemblyStorageMap;
    DWORD MinimumStackCommit;
} PEB;




NTSYSAPI
PVOID
NTAPI
RtlImageDirectoryEntryToData(
    PVOID BaseOfImage,
    BOOLEAN MappedAsImage,
    USHORT DirectoryEntry,
    PULONG Size
    );


//  GDT selectors - These defines are R0 selector numbers, which means
//                  they happen to match the byte offset relative to
//                  the base of the GDT.
//

#define KGDT_NULL       0
#define KGDT_R0_CODE    8
#define KGDT_R0_DATA    16
#define KGDT_R3_CODE    24
#define KGDT_R3_DATA    32
#define KGDT_TSS        40
#define KGDT_R0_PCR     48
#define KGDT_R3_TEB     56
#define KGDT_VDM_TILE   64
#define KGDT_LDT        72
#define KGDT_DF_TSS     80
#define KGDT_NMI_TSS    88

//
// Exception Registration structure
//

typedef struct _EXCEPTION_REGISTRATION_RECORD {
    struct _EXCEPTION_REGISTRATION_RECORD *Next;
    PEXCEPTION_ROUTINE Handler;
} EXCEPTION_REGISTRATION_RECORD;

typedef EXCEPTION_REGISTRATION_RECORD *PEXCEPTION_REGISTRATION_RECORD;


typedef LARGE_INTEGER   QWORD;

// =================================================================
// SYSTEM INFO CLASSES
// =================================================================

typedef enum _SYSTEMINFOCLASS
    {
    SystemBasicInformation,             // 0x002C
    SystemProcessorInformation,         // 0x000C
    SystemPerformanceInformation,       // 0x0138
    SystemTimeInformation,              // 0x0020
    SystemPathInformation,              // not implemented
    SystemProcessInformation,           // 0x00C8+ per process
    SystemCallInformation,              // 0x0018 + (n * 0x0004)
    SystemConfigurationInformation,     // 0x0018
    SystemProcessorCounters,            // 0x0030 per cpu
    SystemGlobalFlag,                   // 0x0004
    SystemInfo10,                       // not implemented
    SystemModuleInformation,            // 0x0004 + (n * 0x011C)
    SystemLockInformation,              // 0x0004 + (n * 0x0024)
    SystemInfo13,                       // not implemented
    SystemPagedPoolInformation,         // checked build only
    SystemNonPagedPoolInformation,      // checked build only
    SystemHandleInformation,            // 0x0004  + (n * 0x0010)
    SystemObjectInformation,            // 0x0038+ + (n * 0x0030+)
    SystemPageFileInformation,          // 0x0018+ per page file
    SystemInstemulInformation,          // 0x0088
    SystemInfo20,                       // invalid info class
    SystemCacheInformation,             // 0x0024
    SystemPoolTagInformation,           // 0x0004 + (n * 0x001C)
    SystemInfo23,                       // 0x0000, or 0x0018 per cpu
    SystemDpcInformation,               // 0x0014
    SystemInfo25,                       // checked build only
    SystemLoadDriver,                   // 0x0018, set mode only
    SystemUnloadDriver,                 // 0x0004, set mode only
    SystemTimeAdjustmentInformation,    // 0x000C, 0x0008 writeable
    SystemInfo29,                       // checked build only
    SystemInfo30,                       // checked build only
    SystemInfo31,                       // checked build only
    SystemCrashDumpInformation,         // 0x0004
    SystemInfo33,                       // 0x0010
    SystemCrashDumpStateInformation,    // 0x0004
    SystemDebuggerInformation,          // 0x0002
    SystemThreadSwitchInformation,      // 0x0030
    SystemRegistryQuotaInformation,     // 0x000C
    SystemAddDriver,                    // 0x0008, set mode only
    SystemPrioritySeparationInformation,// 0x0004, set mode only
    SystemInfo40,                       // not implemented
    SystemInfo41,                       // not implemented
    SystemInfo42,                       // invalid info class
    SystemInfo43,                       // invalid info class
    SystemTimeZoneInformation,          // 0x00AC
    SystemLookasideInformation,         // n * 0x0020
    MaxSystemInfoClass
    }
    SYSTEMINFOCLASS, *PSYSTEMINFOCLASS, **PPSYSTEMINFOCLASS;

// =================================================================
// SYSTEM INFO STRUCTURES
// =================================================================
// 00: SystemBasicInformation

typedef struct _SYSTEM_BASIC_INFORMATION
    {
    DWORD d00;                      // 0
    DWORD dKeMaximumIncrement;      // x86: 0x0002625A or 0x00018730
    DWORD dPageSize;                // bytes
    DWORD dMmNumberOfPhysicalPages;
    DWORD dMmLowestPhysicalPage;
    DWORD dMmHighestPhysicalPage;
    DWORD dAllocationGranularity;   // bytes
    PVOID pLowestUserAddress;
    PVOID pMmHighestUserAddress;
    DWORD dKeActiveProcessors;
    BYTE  bKeNumberProcessors;
    BYTE  bReserved01;
    WORD  wReserved02;
    }
        SYSTEM_BASIC_INFORMATION,
     * PSYSTEM_BASIC_INFORMATION,
    **PPSYSTEM_BASIC_INFORMATION;

#define SYSTEM_BASIC_INFORMATION_ \
        sizeof (SYSTEM_BASIC_INFORMATION)

// -----------------------------------------------------------------
// 01: SystemProcessorInformation

typedef struct _SYSTEM_PROCESSOR_INFORMATION
    {
    WORD  wKeProcessorArchitecture; // 0=x86, 1=MIPS, 2=ALPHA, 3=PPC
    WORD  wKeProcessorLevel;        // x86: family (5=Pentium)
    WORD  wKeProcessorRevision;     // Pentium: H=model, L=stepping
    WORD  w06;                      // 0
    DWORD dKeFeatureBits;
    }
        SYSTEM_PROCESSOR_INFORMATION,
     * PSYSTEM_PROCESSOR_INFORMATION,
    **PPSYSTEM_PROCESSOR_INFORMATION;

#define SYSTEM_PROCESSOR_INFORMATION_ \
        sizeof (SYSTEM_PROCESSOR_INFORMATION)

// -----------------------------------------------------------------
// 02: SystemPerformanceInformation

typedef struct _MM_INFO_COUNTERS
    {
    DWORD dPageFaults;
    DWORD d04;
    DWORD d08;
    DWORD d0C;
    DWORD d10;
    DWORD d14;
    DWORD d18;
    DWORD d1C;
    DWORD d20;
    DWORD d24;
    DWORD d28;
    DWORD d2C;
    DWORD d30;
    }
        MM_INFO_COUNTERS,
     * PMM_INFO_COUNTERS,
    **PPMM_INFO_COUNTERS;

#define MM_INFO_COUNTERS_ \
        sizeof (MM_INFO_COUNTERS)

// -----------------------------------------------------------------
// 03: SystemTimeInformation

typedef struct _SYSTEM_TIME_INFORMATION
    {
    QWORD qKeBootTime;          // relative to 01-01-1601
    QWORD qKeSystemTime;        // relative to 01-01-1601
    QWORD dExpTimeZoneBias;     // utc time = local time + bias
    DWORD dExpCurrentTimeZoneId;
    DWORD dReserved01;
    }
        SYSTEM_TIME_INFORMATION,
     * PSYSTEM_TIME_INFORMATION,
    **PPSYSTEM_TIME_INFORMATION;

#define SYSTEM_TIME_INFORMATION_ \
        sizeof (SYSTEM_TIME_INFORMATION)

// -----------------------------------------------------------------
// 04: SystemPathInformation (not implemented)

// -----------------------------------------------------------------
// 05: SystemProcessInformation
//     see ExpGetProcessInformation()
//     see also ExpCopyProcessInfo(), ExpCopyThreadInfo()

typedef struct _SYSTEM_THREAD
    {
    QWORD        qKernelTime;       // 100 nsec units
    QWORD        qUserTime;         // 100 nsec units
    QWORD        qCreateTime;       // relative to 01-01-1601
    DWORD        d18;
    PVOID        pStartAddress;
    CLIENT_ID    Cid;               // process/thread ids
    DWORD        dPriority;
    DWORD        dBasePriority;
    DWORD        dContextSwitches;
    DWORD        dThreadState;      // 2=running, 5=waiting
    KWAIT_REASON WaitReason;
    DWORD        dReserved01;
    }
        SYSTEM_THREAD,
     * PSYSTEM_THREAD,
    **PPSYSTEM_THREAD;

#define SYSTEM_THREAD_ \
        sizeof (SYSTEM_THREAD)

typedef struct _SYSTEM_THREAD_INFORMATION {
    LARGE_INTEGER KernelTime;
    LARGE_INTEGER UserTime;
    LARGE_INTEGER CreateTime;
    ULONG WaitTime;
    PVOID StartAddress;
    CLIENT_ID ClientId;
    KPRIORITY Priority;
    LONG BasePriority;
    ULONG ContextSwitches;
    ULONG ThreadState;
    ULONG WaitReason;
} SYSTEM_THREAD_INFORMATION, *PSYSTEM_THREAD_INFORMATION;

// - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

typedef struct __SYSTEM_PROCESS_INFORMATION
    {
    DWORD          dNext;           // relative offset
    DWORD          dThreadCount;
    DWORD          dReserved01;
    DWORD          dReserved02;
    DWORD          dReserved03;
    DWORD          dReserved04;
    DWORD          dReserved05;
    DWORD          dReserved06;
    QWORD          qCreateTime;     // relative to 01-01-1601
    QWORD          qUserTime;       // 100 nsec units
    QWORD          qKernelTime;     // 100 nsec units
    UNICODE_STRING usName;
    KPRIORITY      BasePriority;
    DWORD          dUniqueProcessId;
    DWORD          dInheritedFromUniqueProcessId;
    DWORD          dHandleCount;
    DWORD          dReserved07;
    DWORD          dReserved08;
    VM_COUNTERS    VmCounters;
    DWORD          dCommitCharge;   // bytes
    SYSTEM_THREAD  ast [1];
    }
        _SYSTEM_PROCESS_INFORMATION1,
     * _PSYSTEM_PROCESS_INFORMATION1,
    **_PPSYSTEM_PROCESS_INFORMATION1;

#define SYSTEM_PROCESS_INFORMATION_ \
        sizeof (SYSTEM_PROCESS_INFORMATION)

typedef struct _SYSTEM_PROCESS_INFORMATION {
    ULONG NextEntryO