📄 xntddk.h
字号:
typedef
BOOLEAN
(*PKSERVICE_ROUTINE) (
IN struct _KINTERRUPT *Interrupt,
IN PVOID ServiceContext
);
typedef struct _KAPC {
CSHORT Type;
CSHORT Size;
ULONG Spare0;
struct _KTHREAD *Thread;
LIST_ENTRY ApcListEntry;
PKKERNEL_ROUTINE KernelRoutine;
PKRUNDOWN_ROUTINE RundownRoutine;
PKNORMAL_ROUTINE NormalRoutine;
PVOID NormalContext;
//
// N.B. The following two members MUST be together.
//
PVOID SystemArgument1;
PVOID SystemArgument2;
CCHAR ApcStateIndex;
KPROCESSOR_MODE ApcMode;
BOOLEAN Inserted;
} KAPC, *PKAPC, *RESTRICTED_POINTER PRKAPC;
typedef struct _KTHREAD
{
/*000*/ DISPATCHER_HEADER Header; // DO_TYPE_THREAD (0x6C)
/*010*/ LIST_ENTRY MutantListHead;
/*018*/ PVOID InitialStack;
/*01C*/ PVOID StackLimit;
/*020*/ struct _TEB *Teb;
/*024*/ PVOID TlsArray;
/*028*/ PVOID KernelStack;
/*02C*/ BOOLEAN DebugActive;
/*02D*/ BYTE State; // THREAD_STATE_*
/*02E*/ BOOLEAN Alerted;
/*02F*/ BYTE bReserved01;
/*030*/ BYTE Iopl;
/*031*/ BYTE NpxState;
/*032*/ BYTE Saturation;
/*033*/ BYTE Priority;
/*034*/ KAPC_STATE ApcState;
/*04C*/ DWORD ContextSwitches;
/*050*/ DWORD WaitStatus;
/*054*/ BYTE WaitIrql;
/*055*/ BYTE WaitMode;
/*056*/ BYTE WaitNext;
/*057*/ BYTE WaitReason;
/*058*/ PLIST_ENTRY WaitBlockList;
/*05C*/ LIST_ENTRY WaitListEntry;
/*064*/ DWORD WaitTime;
/*068*/ BYTE BasePriority;
/*069*/ BYTE DecrementCount;
/*06A*/ BYTE PriorityDecrement;
/*06B*/ BYTE Quantum;
/*06C*/ KWAIT_BLOCK WaitBlock [4];
/*0CC*/ DWORD LegoData;
/*0D0*/ DWORD KernelApcDisable;
/*0D4*/ KAFFINITY UserAffinity;
/*0D8*/ BOOLEAN SystemAffinityActive;
/*0D9*/ BYTE Pad [3];
/*0DC*/ PSERVICE_DESCRIPTOR_TABLE pServiceDescriptorTable;
/*0E0*/ PVOID Queue;
/*0E4*/ PVOID ApcQueueLock;
/*0E8*/ KTIMER Timer;
/*110*/ LIST_ENTRY QueueListEntry;
/*118*/ KAFFINITY Affinity;
/*11C*/ BOOLEAN Preempted;
/*11D*/ BOOLEAN ProcessReadyQueue;
/*11E*/ BOOLEAN KernelStackResident;
/*11F*/ BYTE NextProcessor;
/*120*/ PVOID CallbackStack;
/*124*/ struct _WIN32_THREAD *Win32Thread;
/*128*/ PVOID TrapFrame;
/*12C*/ PKAPC_STATE ApcStatePointer;
/*130*/ PVOID p130;
/*134*/ BOOLEAN EnableStackSwap;
/*135*/ BOOLEAN LargeStack;
/*136*/ BYTE ResourceIndex;
/*137*/ KPROCESSOR_MODE PreviousMode;
/*138*/ DWORD KernelTime; // ticks
/*13C*/ DWORD UserTime; // ticks
/*140*/ KAPC_STATE SavedApcState;
/*157*/ BYTE bReserved02;
/*158*/ BOOLEAN Alertable;
/*159*/ BYTE ApcStateIndex;
/*15A*/ BOOLEAN ApcQueueable;
/*15B*/ BOOLEAN AutoAlignment;
/*15C*/ PVOID StackBase;
/*160*/ KAPC SuspendApc;
/*190*/ KSEMAPHORE SuspendSemaphore;
/*1A4*/ LIST_ENTRY ThreadListEntry; // see KPROCESS
/*1AC*/ BYTE FreezeCount;
/*1AD*/ BYTE SuspendCount;
/*1AE*/ BYTE IdealProcessor;
/*1AF*/ BOOLEAN DisableBoost;
/*1B0*/ }
KTHREAD,* PKTHREAD;
typedef struct _KTHREAD *PKTHREAD;
typedef struct _ETHREAD *PETHREAD;
typedef struct _EPROCESS *PEPROCESS;
typedef struct _PEB *PPEB;
typedef struct _KINTERRUPT *PKINTERRUPT;
typedef struct _IO_TIMER *PIO_TIMER;
typedef struct _OBJECT_TYPE *POBJECT_TYPE;
typedef struct _CALLBACK_OBJECT *PCALLBACK_OBJECT;
typedef struct _DEVICE_HANDLER_OBJECT *PDEVICE_HANDLER_OBJECT;
typedef struct _BUS_HANDLER *PBUS_HANDLER;
void NTAPI ExFreePool( IN PVOID P );
//NTKERNELAPI
//RTM PVOID (NTAPI *ExAllocatePool)(
// POOL_TYPE PoolType,
// IN SIZE_T NumberOfBytes
// );
#define ExAllocatePool(a,b) ExAllocatePoolWithTag(a,b,' kdD')
PVOID NTAPI ExAllocatePoolWithQuota(
IN POOL_TYPE PoolType,
IN SIZE_T NumberOfBytes
);
PVOID NTAPI ExAllocatePoolWithTag(
IN POOL_TYPE PoolType,
IN SIZE_T NumberOfBytes,
IN ULONG Tag
);
#define FILE_SUPERSEDE 0x00000000
#define FILE_OPEN 0x00000001
#define FILE_CREATE 0x00000002
#define FILE_OPEN_IF 0x00000003
#define FILE_OVERWRITE 0x00000004
#define FILE_OVERWRITE_IF 0x00000005
#define FILE_MAXIMUM_DISPOSITION 0x00000005
//
// Define the create/open option flags
//
#define FILE_DIRECTORY_FILE 0x00000001
#define FILE_WRITE_THROUGH 0x00000002
#define FILE_SEQUENTIAL_ONLY 0x00000004
#define FILE_NO_INTERMEDIATE_BUFFERING 0x00000008
#define FILE_SYNCHRONOUS_IO_ALERT 0x00000010
#define FILE_SYNCHRONOUS_IO_NONALERT 0x00000020
#define FILE_NON_DIRECTORY_FILE 0x00000040
#define FILE_CREATE_TREE_CONNECTION 0x00000080
#define FILE_COMPLETE_IF_OPLOCKED 0x00000100
#define FILE_NO_EA_KNOWLEDGE 0x00000200
#define FILE_OPEN_FOR_RECOVERY 0x00000400
#define FILE_RANDOM_ACCESS 0x00000800
#define FILE_DELETE_ON_CLOSE 0x00001000
#define FILE_OPEN_BY_FILE_ID 0x00002000
#define FILE_OPEN_FOR_BACKUP_INTENT 0x00004000
#define FILE_NO_COMPRESSION 0x00008000
#define FILE_RESERVE_OPFILTER 0x00100000
#define FILE_OPEN_REPARSE_POINT 0x00200000
#define FILE_OPEN_NO_RECALL 0x00400000
#define FILE_OPEN_FOR_FREE_SPACE_QUERY 0x00800000
#define FILE_COPY_STRUCTURED_STORAGE 0x00000041
#define FILE_STRUCTURED_STORAGE 0x00000441
#define FILE_VALID_OPTION_FLAGS 0x00ffffff
#define FILE_VALID_PIPE_OPTION_FLAGS 0x00000032
#define FILE_VALID_MAILSLOT_OPTION_FLAGS 0x00000032
#define FILE_VALID_SET_FLAGS 0x00000036
//
// Thread Information Classes
//
typedef enum _THREADINFOCLASS {
ThreadBasicInformation,
ThreadTimes,
ThreadPriority,
ThreadBasePriority,
ThreadAffinityMask,
ThreadImpersonationToken,
ThreadDescriptorTableEntry,
ThreadEnableAlignmentFaultFixup,
ThreadEventPair_Reusable,
ThreadQuerySetWin32StartAddress,
ThreadZeroTlsCell,
ThreadPerformanceCount,
ThreadAmILastThread,
ThreadIdealProcessor,
ThreadPriorityBoost,
ThreadSetTlsArrayAddress,
ThreadIsIoPending,
ThreadHideFromDebugger,
ThreadBreakOnTermination,
MaxThreadInfoClass
} THREADINFOCLASS;
NTSTATUS NTAPI ZwCreateFile(
OUT PHANDLE FileHandle,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes,
OUT PIO_STATUS_BLOCK IoStatusBlock,
IN PLARGE_INTEGER AllocationSize OPTIONAL,
IN ULONG FileAttributes,
IN ULONG ShareAccess,
IN ULONG CreateDisposition,
IN ULONG CreateOptions,
IN PVOID EaBuffer OPTIONAL,
IN ULONG EaLength
);
NTSTATUS NTAPI ZwOpenFile(
OUT PHANDLE FileHandle,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes,
OUT PIO_STATUS_BLOCK IoStatusBlock,
IN ULONG ShareAccess,
IN ULONG OpenOptions
);
NTSTATUS NTAPI ZwReadFile(
IN HANDLE FileHandle,
IN HANDLE Event OPTIONAL,
IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
IN PVOID ApcContext OPTIONAL,
OUT PIO_STATUS_BLOCK IoStatusBlock,
OUT PVOID Buffer,
IN ULONG Length,
IN PLARGE_INTEGER ByteOffset OPTIONAL,
IN PULONG Key OPTIONAL
);
NTSTATUS NTAPI ZwWriteFile(
IN HANDLE FileHandle,
IN HANDLE Event OPTIONAL,
IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
IN PVOID ApcContext OPTIONAL,
OUT PIO_STATUS_BLOCK IoStatusBlock,
IN PVOID Buffer,
IN ULONG Length,
IN PLARGE_INTEGER ByteOffset OPTIONAL,
IN PULONG Key OPTIONAL
);
NTSTATUS NTAPI ZwClose(
IN HANDLE Handle
);
NTSTATUS NTAPI ZwQueryInformationFile(
IN HANDLE FileHandle,
OUT PIO_STATUS_BLOCK IoStatusBlock,
OUT PVOID FileInformation,
IN ULONG Length,
IN FILE_INFORMATION_CLASS FileInformationClass
);
// InitializeObjectAttributes(
// OUT POBJECT_ATTRIBUTES p,
// IN PUNICODE_STRING n,
// IN ULONG a,
// IN HANDLE r,
// IN PSECURITY_DESCRIPTOR s
// )
//
//--
#define InitializeObjectAttributes( p, n, a, r, s ) { \
(p)->Length = sizeof( OBJECT_ATTRIBUTES ); \
(p)->RootDirectory = r; \
(p)->Attributes = a; \
(p)->ObjectName = n; \
(p)->SecurityDescriptor = s; \
(p)->SecurityQualityOfService = NULL; \
}
void * __CLIB rthmemcpy(void *,const void *,size_t);
void * __CLIB rthmemmove(void *,const void *,size_t);
void * __CLIB rthmemset(void *,int,size_t);
int __CLIB rthmemcmp(const void *,const void *,size_t);
#undef RtlEqualMemory
#define RtlEqualMemory(Destination,Source,Length) (!rthmemcmp((Destination),(Source),(Length)))
#undef RtlMoveMemory
#define RtlMoveMemory(Destination,Source,Length) rthmemmove((Destination),(Source),(Length))
#undef RtlCopyMemory
#define RtlCopyMemory(Destination,Source,Length) rthmemcpy((Destination),(Source),(Length))
#undef RtlFillMemory
#define RtlFillMemory(Destination,Length,Fill) memset((Destination),(Fill),(Length))
#undef RtlZeroMemory
#define RtlZeroMemory(Destination,Length) memset((Destination),0,(Length))
// end_ntndis end_winnt
#define RtlCopyBytes RtlCopyMemory
#define RtlZeroBytes RtlZeroMemory
#define RtlFillBytes RtlFillMemory
PVOID NTAPI MmGetVirtualForPhysical (
IN PHYSICAL_ADDRESS PhysicalAddress
);
// begin_ntndis
//
// Processor modes.
//
typedef CCHAR KPROCESSOR_MODE;
typedef enum _MODE {
KernelMode,
UserMode,
MaximumMode
} MODE;
//
// Thread priority
//
typedef LONG KPRIORITY;
//
// Spin Lock
//
// begin_ntndis begin_winnt
typedef ULONG_PTR KSPIN_LOCK;
typedef KSPIN_LOCK *PKSPIN_LOCK;
//
// Event type
//
typedef enum _EVENT_TYPE {
NotificationEvent,
SynchronizationEvent
} EVENT_TYPE;
//
// Timer type
//
typedef enum _TIMER_TYPE {
NotificationTimer,
SynchronizationTimer
} TIMER_TYPE;
//
// Wait type
//
typedef enum _WAIT_TYPE {
WaitAll,
WaitAny
} WAIT_TYPE;
//
// Kernel dispatcher object functions
//
// Event Object
//
//
// Mutant object
//
typedef struct _KMUTANT {
DISPATCHER_HEADER Header;
LIST_ENTRY MutantListEntry;
struct _KTHREAD *RESTRICTED_POINTER OwnerThread;
BOOLEAN Abandoned;
UCHAR ApcDisable;
} KMUTANT, *PKMUTANT, *RESTRICTED_POINTER PRKMUTANT, KMUTEX, *PKMUTEX, *RESTRICTED_POINTER PRKMUTEX;
void NTAPI KeInitializeEvent (
IN PRKEVENT Event,
IN EVENT_TYPE Type,
IN BOOLEAN State
);
void NTAPI KeClearEvent(
IN PRKEVENT Event
);
LONG NTAPI KePulseEvent (
IN PRKEVENT Event,
IN KPRIORITY Increment,
IN BOOLEAN Wait
);
LONG NTAPI KeReadStateEvent(
IN PRKEVENT Event
);
LONG NTAPI KeResetEvent(
IN PRKEVENT Event
);
LONG NTAPI KeSetEvent(
IN PRKEVENT Event,
IN KPRIORITY Increment,
IN BOOLEAN Wait
);
//
// Mutex object
//
void NTAPI KeInitializeMutex(
IN PRKMUTEX Mutex,
IN ULONG Level
);
LONG NTAPI KeReadStateMutex(
IN PRKMUTEX Mutex
);
LONG NTAPI KeReleaseMutex(
IN PRKMUTEX Mutex,
IN BOOLEAN Wait
);
//
// Semaphore object
//
void NTAPI KeInitializeSemaphore(
IN PRKSEMAPHORE Semaphore,
IN LONG Count,
IN LONG Limit
);
LONG NTAPI KeReadStateSemaphore(
IN PRKSEMAPHORE Semaphore
);
LONG NTAPI KeReleaseSemaphore(
IN PRKSEMAPHORE Semaphore,
IN KPRIORITY Increment,
IN LONG Adjustment,
IN BOOLEAN Wait
);
PKTHREAD NTAPI KeGetCurrentThread();
NTSTATUS NTAPI KeDelayExecutionThread(
IN KPROCESSOR_MODE WaitMode,
IN BOOLEAN Alertable,
IN PLARGE_INTEGER Interval
);
KPRIORITY NTAPI KeQueryPriorityThread(
IN PKTHREAD Thread
);
ULONG NTAPI KeQueryRuntimeThread(
IN PKTHREAD Thread,
OUT PULONG UserTime
);
LONG NTAPI KeSetBasePriorityThread(
IN PKTHREAD Thread,
IN LONG Increment
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -