📄 w2k_def.h
字号:
/*05C*/ DWORD DefaultNonPagedPoolCharge;
/*060*/ WORD Buffer [];
/*???*/ }
OBJECT_TYPE_INFO,
* POBJECT_TYPE_INFO,
**PPOBJECT_TYPE_INFO;
#define OBJECT_TYPE_INFO_ \
sizeof (OBJECT_TYPE_INFO)
// -----------------------------------------------------------------
// see ObpCaptureObjectCreateInformation()
// and ObpAllocateObject()
typedef struct _OBJECT_CREATE_INFO
{
/*000*/ DWORD Attributes; // OBJ_*
/*004*/ HANDLE RootDirectory;
/*008*/ DWORD Reserved;
/*00C*/ KPROCESSOR_MODE AccessMode;
/*010*/ DWORD PagedPoolCharge;
/*014*/ DWORD NonPagedPoolCharge;
/*018*/ DWORD SecurityCharge;
/*01C*/ PSECURITY_DESCRIPTOR SecurityDescriptor;
/*020*/ PSECURITY_QUALITY_OF_SERVICE SecurityQualityOfService;
/*024*/ SECURITY_QUALITY_OF_SERVICE SecurityQualityOfServiceBuffer;
/*030*/ }
OBJECT_CREATE_INFO,
* POBJECT_CREATE_INFO,
**PPOBJECT_CREATE_INFO;
#define OBJECT_CREATE_INFO_ \
sizeof (OBJECT_CREATE_INFO)
// -----------------------------------------------------------------
typedef struct _OBJECT_CREATOR_INFO
{
/*000*/ LIST_ENTRY ObjectList; // OBJECT_CREATOR_INFO
/*008*/ HANDLE UniqueProcessId;
/*00C*/ WORD Reserved1;
/*00E*/ WORD Reserved2;
/*010*/ }
OBJECT_CREATOR_INFO,
* POBJECT_CREATOR_INFO,
**PPOBJECT_CREATOR_INFO;
#define OBJECT_CREATOR_INFO_ \
sizeof (OBJECT_CREATOR_INFO)
// -----------------------------------------------------------------
#define OB_FLAG_CREATE_INFO 0x01 // has OBJECT_CREATE_INFO
#define OB_FLAG_KERNEL_MODE 0x02 // created by kernel
#define OB_FLAG_CREATOR_INFO 0x04 // has OBJECT_CREATOR_INFO
#define OB_FLAG_EXCLUSIVE 0x08 // OBJ_EXCLUSIVE
#define OB_FLAG_PERMANENT 0x10 // OBJ_PERMANENT
#define OB_FLAG_SECURITY 0x20 // has security descriptor
#define OB_FLAG_SINGLE_PROCESS 0x40 // no HandleDBList
typedef struct _OBJECT_HEADER
{
/*000*/ DWORD PointerCount; // number of references
/*004*/ DWORD HandleCount; // number of open handles
/*008*/ POBJECT_TYPE ObjectType;
/*00C*/ BYTE NameOffset; // -> OBJECT_NAME
/*00D*/ BYTE HandleDBOffset; // -> OBJECT_HANDLE_DB
/*00E*/ BYTE QuotaChargesOffset; // -> OBJECT_QUOTA_CHARGES
/*00F*/ BYTE ObjectFlags; // OB_FLAG_*
/*010*/ union
{ // OB_FLAG_CREATE_INFO ? ObjectCreateInfo : QuotaBlock
/*010*/ PQUOTA_BLOCK QuotaBlock;
/*010*/ POBJECT_CREATE_INFO ObjectCreateInfo;
/*014*/ };
/*014*/ PSECURITY_DESCRIPTOR SecurityDescriptor;
/*018*/ }
OBJECT_HEADER,
* POBJECT_HEADER,
**PPOBJECT_HEADER;
#define OBJECT_HEADER_ \
sizeof (OBJECT_HEADER)
// -----------------------------------------------------------------
// see ObpCreateTypeArray()
// and ObpDestroyTypeArray()
typedef struct _OBJECT_TYPE_ARRAY
{
/*000*/ DWORD ObjectCount;
/*004*/ POBJECT_CREATOR_INFO ObjectList [];
/*???*/ }
OBJECT_TYPE_ARRAY,
* POBJECT_TYPE_ARRAY,
**PPOBJECT_TYPE_ARRAY;
#define OBJECT_TYPE_ARRAY_ \
sizeof (OBJECT_TYPE_ARRAY)
// -----------------------------------------------------------------
// see ObpInsertDirectoryEntry()
// and ObpDeleteDirectoryEntry()
typedef struct _OBJECT_DIRECTORY_ENTRY
{
/*000*/ struct _OBJECT_DIRECTORY_ENTRY *NextEntry;
/*004*/ POBJECT Object;
/*008*/ }
OBJECT_DIRECTORY_ENTRY,
* POBJECT_DIRECTORY_ENTRY,
**PPOBJECT_DIRECTORY_ENTRY;
#define OBJECT_DIRECTORY_ENTRY_ \
sizeof (OBJECT_DIRECTORY_ENTRY)
// -----------------------------------------------------------------
#define OBJECT_HASH_TABLE_SIZE 37
typedef struct _OBJECT_DIRECTORY
{
/*000*/ POBJECT_DIRECTORY_ENTRY HashTable [OBJECT_HASH_TABLE_SIZE];
/*094*/ POBJECT_DIRECTORY_ENTRY CurrentEntry;
/*098*/ BOOLEAN CurrentEntryValid;
/*099*/ BYTE Reserved1;
/*09A*/ WORD Reserved2;
/*09C*/ DWORD Reserved3;
/*0A0*/ }
OBJECT_DIRECTORY,
* POBJECT_DIRECTORY,
**PPOBJECT_DIRECTORY;
#define OBJECT_DIRECTORY_ \
sizeof (OBJECT_DIRECTORY)
// -----------------------------------------------------------------
typedef struct _OBJECT_NAME
{
/*000*/ POBJECT_DIRECTORY Directory;
/*004*/ UNICODE_STRING Name;
/*00C*/ DWORD Reserved;
/*010*/ }
OBJECT_NAME,
* POBJECT_NAME,
**PPOBJECT_NAME;
#define OBJECT_NAME_ \
sizeof (OBJECT_NAME)
// -----------------------------------------------------------------
typedef struct _OBJECT_HANDLE_DB
{
/*000*/ union
{
/*000*/ struct _EPROCESS *Process;
/*000*/ struct _OBJECT_HANDLE_DB_LIST *HandleDBList;
/*004*/ };
/*004*/ DWORD HandleCount;
/*008*/ }
OBJECT_HANDLE_DB,
* POBJECT_HANDLE_DB,
**PPOBJECT_HANDLE_DB;
#define OBJECT_HANDLE_DB_ \
sizeof (OBJECT_HANDLE_DB)
// -----------------------------------------------------------------
typedef struct _OBJECT_HANDLE_DB_LIST
{
/*000*/ DWORD Count;
/*004*/ OBJECT_HANDLE_DB Entries [];
/*???*/ }
OBJECT_HANDLE_DB_LIST,
* POBJECT_HANDLE_DB_LIST,
**PPOBJECT_HANDLE_DB_LIST;
#define OBJECT_HANDLE_DB_LIST_ \
sizeof (OBJECT_HANDLE_DB_LIST)
// -----------------------------------------------------------------
// see ObpChargeQuotaForObject()
// and ObValidateSecurityQuota()
#define OB_SECURITY_CHARGE 0x00000800
typedef struct _OBJECT_QUOTA_CHARGES
{
/*000*/ DWORD PagedPoolCharge;
/*004*/ DWORD NonPagedPoolCharge;
/*008*/ DWORD SecurityCharge;
/*00C*/ DWORD Reserved;
/*010*/ }
OBJECT_QUOTA_CHARGES,
* POBJECT_QUOTA_CHARGES,
**PPOBJECT_QUOTA_CHARGES;
#define OBJECT_QUOTA_CHARGES_ \
sizeof (OBJECT_QUOTA_CHARGES)
// =================================================================
// DISPATCHER OBJECTS
// =================================================================
typedef struct _KQUEUE
{
/*000*/ DISPATCHER_HEADER Header; // DISP_TYPE_QUEUE 0x04
/*010*/ LIST_ENTRY EntryListHead;
/*018*/ DWORD CurrentCount;
/*01C*/ DWORD MaximumCount;
/*020*/ LIST_ENTRY ThreadListHead;
/*028*/ }
KQUEUE,
* PKQUEUE,
**PPKQUEUE;
#define KQUEUE_ \
sizeof (KQUEUE)
// -----------------------------------------------------------------
typedef struct _IO_COMPLETION
{
/*000*/ KQUEUE Queue;
/*028*/ }
IO_COMPLETION,
* PIO_COMPLETION,
**PPIO_COMPLETION;
#define IO_COMPLETION_ \
sizeof (IO_COMPLETION)
// =================================================================
// I/O OBJECTS
// =================================================================
typedef struct _IO_TIMER
{
/*000*/ SHORT Type; // IO_TYPE_TIMER 0x09
/*002*/ WORD TimerState; // 0 = stopped, 1 = started
/*004*/ LIST_ENTRY TimerQueue;
/*00C*/ PIO_TIMER_ROUTINE TimerRoutine;
/*010*/ PVOID Context;
/*014*/ PDEVICE_OBJECT DeviceObject;
/*018*/ }
IO_TIMER,
* PIO_TIMER,
**PPIO_TIMER;
#define IO_TIMER_ \
sizeof (IO_TIMER)
// -----------------------------------------------------------------
// IoAllocateErrorLogEntry() returns a pointer to EntryData
typedef struct _IO_ERROR_LOG_ENTRY
{
/*000*/ SHORT Type; // IO_TYPE_ERROR_LOG 0x0B
/*002*/ SHORT Size; // number of BYTEs
/*004*/ LIST_ENTRY ErrorLogList;
/*00C*/ PDEVICE_OBJECT DeviceObject;
/*010*/ PDRIVER_OBJECT DriverObject;
/*014*/ DWORD Reserved;
/*018*/ LARGE_INTEGER TimeStamp;
/*020*/ IO_ERROR_LOG_PACKET EntryData;
/*050*/ }
IO_ERROR_LOG_ENTRY,
* PIO_ERROR_LOG_ENTRY,
**PPIO_ERROR_LOG_ENTRY;
#define IO_ERROR_LOG_ENTRY_ \
sizeof (IO_ERROR_LOG_ENTRY)
// -----------------------------------------------------------------
typedef struct _KEVENT_PAIR
{
/*000*/ SHORT Type; // IO_TYPE_EVENT_PAIR 0x15
/*002*/ WORD Size; // number of BYTEs
/*004*/ KEVENT Event1;
/*014*/ KEVENT Event2;
/*024*/ }
KEVENT_PAIR,
* PKEVENT_PAIR,
**PPKEVENT_PAIR;
#define KEVENT_PAIR_ \
sizeof (KEVENT_PAIR)
// =================================================================
// OTHER OBJECTS
// =================================================================
typedef struct _CALLBACK_OBJECT
{
/*000*/ DWORD Tag; // 0x6C6C6143 ("Call")
/*004*/ KSPIN_LOCK Lock;
/*008*/ LIST_ENTRY CallbackList;
/*010*/ BOOLEAN AllowMultipleCallbacks;
/*014*/ }
CALLBACK_OBJECT,
* PCALLBACK_OBJECT,
**PPCALLBACK_OBJECT;
#define CALLBACK_OBJECT_ \
sizeof (CALLBACK_OBJECT)
// -----------------------------------------------------------------
typedef struct _ETIMER
{
/*000*/ KTIMER Tcb;
/*028*/ KAPC Apc;
/*058*/ KDPC Dpc;
/*078*/ LIST_ENTRY ActiveTimerList;
/*080*/ KSPIN_LOCK Lock;
/*084*/ LONG Period;
/*088*/ BOOLEAN Active;
/*089*/ BOOLEAN Resume;
/*08C*/ LIST_ENTRY WakeTimerList;
/*098*/ }
ETIMER,
* PETIMER,
**PPETIMER;
#define ETIMER_ \
sizeof (ETIMER)
// =================================================================
// KERNEL STRUCTURES
// =================================================================
typedef struct _KAPC_STATE
{
/*000*/ LIST_ENTRY ApcListHead [2];
/*010*/ struct _KPROCESS *Process;
/*014*/ BOOLEAN KernelApcInProgress;
/*015*/ BOOLEAN KernelApcPending;
/*016*/ BOOLEAN UserApcPending;
/*018*/ }
KAPC_STATE,
* PKAPC_STATE,
**PPKAPC_STATE;
#define KAPC_STATE_ \
sizeof (KAPC_STATE)
// -----------------------------------------------------------------
typedef struct _KGDTENTRY
{
/*000*/ WORD LimitLow;
/*002*/ WORD BaseLow;
/*004*/ DWORD HighWord;
/*008*/ }
KGDTENTRY,
* PKGDTENTRY,
**PPKGDTENTRY;
#define KGDTENTRY_ \
sizeof (KGDTENTRY)
// -----------------------------------------------------------------
typedef struct _KIDTENTRY
{
/*000*/ WORD Offset;
/*002*/ WORD Selector;
/*004*/ WORD Access;
/*006*/ WORD ExtendedOffset;
/*008*/ }
KIDTENTRY,
* PKIDTENTRY,
**PPKIDTENTRY;
#define KIDTENTRY_ \
sizeof (KIDTENTRY)
// -----------------------------------------------------------------
typedef struct _HARDWARE_PTE
{
/*000*/ unsigned Valid : 1;
unsigned Write : 1;
unsigned Owner : 1;
unsigned WriteThrough : 1;
unsigned CacheDisable : 1;
unsigned Accessed : 1;
unsigned Dirty : 1;
unsigned LargePage : 1;
/*001*/ unsigned Global : 1;
unsigned CopyOnWrite : 1;
unsigned Prototype : 1;
unsigned reserved : 1;
unsigned PageFrameNumber : 20;
/*004*/ }
HARDWARE_PTE,
* PHARDWARE_PTE,
**PPHARDWARE_PTE;
#define HARDWARE_PTE_ \
sizeof (HARDWARE_PTE)
// ========================================⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -