📄 wnetundoc.inc
字号:
comment ^
Module Name:
w03undoc.inc
Abstract:
This module defines some undocumented Windows 2003 Server structures and constants.
Author:
Four-F (four-f@mail.ru)
Last Update:
08-Jul-2003
Comments:
Hand made -> Bugs are very possible ;(
Your bug report is very welcome.
^
IFNDEF KAFFINITY
include \masm32\include\w2k\ntddk.inc
ENDIF
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
KGDTENTRY STRUCT ; sizeof = 8
; Exactly the same as in XP
LimitLow WORD ? ; 00h
BaseLow WORD ? ; 02h
union _HighWord ; original HighWord
struct Bytes ; __unnamed_17_
BaseMid BYTE ?
Flags1 BYTE ?
Flags2 BYTE ?
BaseHi BYTE ?
ends
; Damn! ...record field names must be unique...
; kd displays it as __unnamed_18_, so i prepend each field name with 'u15'
Bits RECORD \
u18BaseHi:8, ; bits24-31 BaseHi
u18Granularity:1, ; bits23-23 Granularity
u18Default_Big:1, ; bits22-22 Default_Big
u18Reserved_0:1, ; bits21-21 Reserved_0
u18Sys:1, ; bits20-20 Sys
u18LimitHi:4, ; bits16-19 LimitHi
u18Pres:1, ; bits15-15 Pres
u18Dpl:2, ; bits13-14 Dpl
u18Type:5, ; bits8-12 Type
u18BaseMid:8 ; bits0-7 BaseMid
ends ; HighWord
KGDTENTRY ENDS
PKGDTENTRY typedef PTR KGDTENTRY
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
KIDTENTRY STRUCT ; sizeof = 8
; Exactly the same as in XP
_Offset WORD ? ; 00h original name Offset
Selector WORD ? ; 02h
Access WORD ? ; 04h
ExtendedOffset WORD ? ; 06h
KIDTENTRY ENDS
PKIDTENTRY typedef PTR KIDTENTRY
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
; a part of EPROCESS structure (first member)
; also known as Process Control Block, PCB
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
KPROCESS STRUCT ; sizeof = 06Ch
; Exactly the same as in XP
Header DISPATCHER_HEADER <> ; DO_TYPE_PROCESS (0x1B)
ProfileListHead LIST_ENTRY <>
DirectoryTableBase DWORD 2 dup(?) ; 018h Physical address of Page Data Directory (cr3 contains the same phys address)
LdtDescriptor KGDTENTRY <> ; 020h
Int21Descriptor KIDTENTRY <> ; 028h
IopmOffset WORD ? ; 030h
Iopl BYTE ? ; 032h
Unused BYTE ? ; 033h
ActiveProcessors DWORD ? ; 034h
KernelTime DWORD ? ; ticks
UserTime DWORD ? ; ticks
ReadyListHead LIST_ENTRY <> ; 040h
SwapListEntry SINGLE_LIST_ENTRY <> ; 048h
VdmTrapcHandler PVOID ? ; 04Ch
ThreadListHead LIST_ENTRY <> ; KTHREAD.ThreadListEntry
ProcessLock PVOID ? ; 058h KSPIN_LOCK
Affinity KAFFINITY ? ; 05Ch
StackCount WORD ? ; 060h
BasePriority BYTE ? ; 062h
ThreadQuantum BYTE ? ; 063h
AutoAlignment BOOLEAN ? ; 064h
State BYTE ? ; 065h
ThreadSeed BYTE ? ; 066h
DisableBoost BOOLEAN ? ; 067h
PowerState BYTE ? ; 068h
DisableQuantum BOOLEAN ? ; 069h
IdealNode BYTE ? ; 06Ah
Spare BYTE ? ; 06Bh
KPROCESS ENDS
PKPROCESS typedef PTR KPROCESS
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
EX_PUSH_LOCK STRUCT ; sizeof = 4h
; Exactly the same as in XP
union
epl RECORD \
eplShared:30, ; bits 2-31
eplExclusive:1, ; bits 1
eplWaiting:1 ; bits 0
Value DWORD ?
_Ptr PVOID ? ; original field name "Ptr"
ends
EX_PUSH_LOCK ENDS
PEX_PUSH_LOCK typedef PTR EX_PUSH_LOCK
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
EX_RUNDOWN_REF STRUCT ; sizeof = 4h
; Exactly the same as in XP
union
Count DWORD ?
_Ptr PVOID ? ; original field name "Ptr"
ends
EX_RUNDOWN_REF ENDS
PEX_RUNDOWN_REF typedef PTR EX_RUNDOWN_REF
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
EX_FAST_REF STRUCT ; sizeof = 4h
; Exactly the same as in XP
union
Object PVOID ?
efr RECORD \
efrUndefined:28,; bits 3-31
efrRefCnt:3 ; bits 0-2
Value DWORD ? ; 00h
ends
EX_FAST_REF ENDS
PEX_FAST_REF typedef PTR EX_FAST_REF
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
HARDWARE_PTE RECORD \
PageFrameNumber:20, ; bits12-31 PageFrameNumber
_reserved:1, ; bits11-11 reserved
Prototype:1, ; bits10-10 Prototype
CopyOnWrite:1, ; bits9-9 CopyOnWrite
Global:1, ; bits8-8 Global
LargePage:1, ; bits7-7 LargePage
Dirty:1, ; bits6-6 Dirty
Accessed:1, ; bits5-5 Accessed
CacheDisable:1, ; bits4-4 CacheDisable
WriteThrough:1, ; bits3-3 WriteThrough
Owner:1, ; bits2-2 Owner
Write:1, ; bits1-1 Write
Valid:1 ; bits0-0 Valid
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
SE_AUDIT_PROCESS_CREATION_INFO STRUCT
; Exactly the same as in XP
ImageFileName PVOID ? ; PTR OBJECT_NAME_INFORMATION
SE_AUDIT_PROCESS_CREATION_INFO ENDS
PSE_AUDIT_PROCESS_CREATION_INFO typedef PTR SE_AUDIT_PROCESS_CREATION_INFO
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
MMSUPPORT_FLAGS RECORD \
Available:14, ; bits 18-31
AcquiredUnsafe:1, ; bits 17
GrowWsleHash:1, ; bits 16
MemoryPriority:8, ; bits 8-15
Available0:1, ; bits 7
MinimumWorkingSetHard:1, ; bits 6
ForceTrim:1, ; bits 5
MaximumWorkingSetHard:1, ; bits 4
TrimHard:1, ; bits 3
SessionLeader:1, ; bits 2
BeingTrimmed:1, ; bits 1
SessionSpace:1 ; bits 0
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
KGUARDED_MUTEX STRUCT ; sizeof = 020h
_Count SDWORD ? ; 0000h
Owner PVOID ? ; 0004h PTR KTHREAD
Contention DWORD ? ; 0008h
_Event KEVENT <> ; 000Ch
union
struct
KernelApcDisable SWORD ? ; 001Ch
SpecialApcDisable SWORD ? ; 001Eh
ends
CombinedApcDisable DWORD ? ; 001Ch
ends
KGUARDED_MUTEX ENDS
PKGUARDED_MUTEX typedef PTR KGUARDED_MUTEX
MMSUPPORT STRUCT ; sizeof = 060h
WorkingSetExpansionLinks LIST_ENTRY <> ; 0000h
LastTrimTime LARGE_INTEGER <> ; 0008h
Flags MMSUPPORT_FLAGS <> ; 0010h
PageFaultCount DWORD ? ; 0014h
PeakWorkingSetSize DWORD ? ; 0018h
GrowthSinceLastEstimate DWORD ? ; 001Ch
MinimumWorkingSetSize DWORD ? ; 0020h
MaximumWorkingSetSize DWORD ? ; 0024h
VmWorkingSetList PVOID ? ; 0028h PTR MMWSL
Claim DWORD ? ; 002Ch
NextEstimationSlot DWORD ? ; 0030h
NextAgingSlot DWORD ? ; 0034h
EstimatedAvailable DWORD ? ; 0038h
WorkingSetSize DWORD ? ; 003Ch
WorkingSetMutex KGUARDED_MUTEX <> ; 0040h
MMSUPPORT ENDS
PMMSUPPORT typedef PTR MMSUPPORT
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
MMADDRESS_NODE STRUCT ; sizeof = 014h
; Damn! ...record field names must be unique...
; kd displays it as __unnamed_24_, so i prepend each field name with 'u24'
union u1 ; 0000h __unnamed_24_
u24 RECORD \
u24Undefined:29, ; bits 2-31
u24Balance:2 ; bits 0-1
Parent PVOID ? ; PTR MMADDRESS_NODE
ends
LeftChild PVOID ? ; 0004h PTR MMADDRESS_NODE
RightChild PVOID ? ; 0008h PTR MMADDRESS_NODE
StartingVpn DWORD ? ; 000Ch
EndingVpn DWORD ? ; 0010h
MMADDRESS_NODE ENDS
MM_AVL_TABLE STRUCT ; sizeof = 020h
BalancedRoot MMADDRESS_NODE <> ; 0000h
union
DWORD ?
mmat RECORD \ ; 0014h
NumberGenericTableElements:24, ; bits 8-31
__Unused:3, ; bits 5-7
DepthOfTree:5 ; bits 0-4
ends
NodeHint PVOID ? ; 0018h
NodeFreeHint PVOID ? ; 001Ch
MM_AVL_TABLE ENDS
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
EPROCESS STRUCT ; sizeof = 0278h
Pcb KPROCESS <> ; 0000h
ProcessLock EX_PUSH_LOCK <> ; 006Ch
CreateTime LARGE_INTEGER <> ; 0070h
ExitTime LARGE_INTEGER <> ; 0078h
RundownProtect EX_RUNDOWN_REF <> ; 0080h
UniqueProcessId PVOID ? ; 0084h
ActiveProcessLinks LIST_ENTRY <> ; 0088h
QuotaUsage DWORD 3 dup(?) ; 0090h
QuotaPeak DWORD 3 dup(?) ; 009Ch
CommitCharge DWORD ? ; 00A8h
PeakVirtualSize DWORD ? ; 00ACh
VirtualSize DWORD ? ; 00B0h
SessionProcessLinks LIST_ENTRY <> ; 00B4h
DebugPort PVOID ? ; 00BCh
ExceptionPort PVOID ? ; 00C0h
ObjectTable PVOID ? ; 00C4h PTR HANDLE_TABLE
Token EX_FAST_REF <> ; 00C8h
WorkingSetPage DWORD ? ; 00CCh
AddressCreationLock KGUARDED_MUTEX <> ; 00D0h
HyperSpaceLock DWORD ? ; 00F0h
ForkInProgress PVOID ? ; 00F4h PTR ETHREAD
HardwareTrigger DWORD ? ; 00F8h
PhysicalVadRoot PVOID ? ; 00FCh PTR MM_AVL_TABLE
CloneRoot PVOID ? ; 0100h
NumberOfPrivatePages DWORD ? ; 0104h
NumberOfLockedPages DWORD ? ; 0108h
Win32Process PVOID ? ; 010Ch
Job PVOID ? ; 0110h PTR EJOB
SectionObject PVOID ? ; 0114h
SectionBaseAddress PVOID ? ; 0118h
QuotaBlock PVOID ? ; 011Ch PTR EPROCESS_QUOTA_BLOCK
WorkingSetWatch PVOID ? ; 0120h PTR PAGEFAULT_HISTORY
Win32WindowStation PVOID ? ; 0124h
InheritedFromUniqueProcessId PVOID ? ; 0128h
LdtInformation PVOID ? ; 012Ch
VadFreeHint PVOID ? ; 0130h
VdmObjects PVOID ? ; 0134h
DeviceMap PVOID ? ; 0138h
Spare0 PVOID 3 dup(?) ; 013Ch
union
PageDirectoryPte HARDWARE_PTE <> ; 0148h
Filler QWORD ? ; 0148h
ends
Session PVOID ? ; 0150h
ImageFileName BYTE 16 dup(?) ; 0154h
JobLinks LIST_ENTRY <> ; 0164h
LockedPagesList PVOID ? ; 016Ch
ThreadListHead LIST_ENTRY <> ; 0170h
SecurityPort PVOID ? ; 0178h
PaeTop PVOID ? ; 017Ch
ActiveThreads DWORD ? ; 0180h
GrantedAccess DWORD ? ; 0184h
DefaultHardErrorProcessing DWORD ? ; 0188h
LastThreadExitStatus SDWORD ? ; 018Ch
Peb PVOID ? ; 0190h PTR PEB
PrefetchTrace EX_FAST_REF <> ; 0194h
ReadOperationCount LARGE_INTEGER <> ; 0198h
WriteOperationCount LARGE_INTEGER <> ; 01A0h
OtherOperationCount LARGE_INTEGER <> ; 01A8h
ReadTransferCount LARGE_INTEGER <> ; 01B0h
WriteTransferCount LARGE_INTEGER <> ; 01B8h
OtherTransferCount LARGE_INTEGER <> ; 01C0h
CommitChargeLimit DWORD ? ; 01C8h
CommitChargePeak DWORD ? ; 01CCh
AweInfo PVOID ? ; 01D0h
SeAuditProcessCreationInfo SE_AUDIT_PROCESS_CREATION_INFO <> ; 01D4h
Vm MMSUPPORT <> ; 01D8h
MmProcessLinks LIST_ENTRY <> ; 0238h
ModifiedPageCount DWORD ? ; 0240h
JobStatus DWORD ? ; 0244h
union
Flags DWORD ? ; 0248h
comment ^
recFlags RECORD \
Unused:7, ; bits 25-31
VdmAllowed:1, ; bits 24
PdeUpdateNeeded:1, ; bits 23
ImageNotifyDone:1, ; bits 22
VmTopDown:1, ; bits 21
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -