📄 ntifs.inc
字号:
comment ^
Module Name:
ntifs.inc
Abstract:
This module defines the NT types, constants, and functions that are
exposed to file system drivers.
Author:
Four-F (four-f@mail.ru)
Last update:
06-July-2004
IMPORTANT:
Hand made -> Bugs are very possible :(
Your bug report is very welcome.
Comments:
Some fields name have been changed because of collision with masm reserved words.
All such words are prefixed with underscore ('_') symbol.
^
IFNDEF _NTIFS_
_NTIFS_ equ 1
comment ^
#define NT_INCLUDED
#define _NTMSV1_0_
#define _CTYPE_DISABLE_MACROS
#include <excpt.h>
^
include ntdef.inc
; end_winnt
; The following are masks for the predefined standard access types
DELETE equ 00010000h
READ_CONTROL equ 00020000h
WRITE_DAC equ 00040000h
WRITE_OWNER equ 00080000h
SYNCHRONIZE equ 00100000h
STANDARD_RIGHTS_REQUIRED equ 000F0000h
STANDARD_RIGHTS_READ equ READ_CONTROL
STANDARD_RIGHTS_WRITE equ READ_CONTROL
STANDARD_RIGHTS_EXECUTE equ READ_CONTROL
STANDARD_RIGHTS_ALL equ 001F0000h
SPECIFIC_RIGHTS_ALL equ 0000FFFFh
; AccessSystemAcl access type
ACCESS_SYSTEM_SECURITY equ 01000000h
; MaximumAllowed access type
MAXIMUM_ALLOWED equ 02000000h
; These are the generic rights.
GENERIC_READ equ 80000000h
GENERIC_WRITE equ 40000000h
GENERIC_EXECUTE equ 20000000h
GENERIC_ALL equ 10000000h
; Define the generic mapping array. This is used to denote the
; mapping of each generic access right to a specific access mask.
GENERIC_MAPPING STRUCT ; sizeof = 010h
GenericRead DWORD ? ; 0000h ACCESS_MASK
GenericWrite DWORD ? ; 0004h ACCESS_MASK
GenericExecute DWORD ? ; 0008h ACCESS_MASK
GenericAll DWORD ? ; 000Ch ACCESS_MASK
GENERIC_MAPPING ENDS
PGENERIC_MAPPING typedef PTR GENERIC_MAPPING
SLIST_HEADER UNION
Alignment QWORD ? ; ULONGLONG
struct
Next SINGLE_LIST_ENTRY <>
Depth WORD ?
Sequence WORD ?
ends
SLIST_HEADER ENDS
PSLIST_HEADER typedef ptr SLIST_HEADER
; Kernel definitions that need to be here for forward reference purposes
; begin_ntndis
; Processor modes.
KPROCESSOR_MODE typedef BYTE
;typedef enum _MODE {
KernelMode equ 0
UserMode equ 1
MaximumMode equ 2
; end_ntndis
; Asynchronous Procedure Call (APC) object
KAPC STRUCT ; sizeof = 030h
_Type SWORD ? ; 0000h (org field name Type)
_Size SWORD ? ; 0002h (org field name Size)
Spare0 DWORD ? ; 0004h
Thread PVOID ? ; 0008h PTR KTHREAD
ApcListEntry LIST_ENTRY <> ; 000Ch
KernelRoutine PVOID ? ; 0014h KiSuspendNop
RundownRoutine PVOID ? ; 0018h
NormalRoutine PVOID ? ; 001Ch KiSuspendThread
NormalContext PVOID ? ; 0020h
; N.B. The following two members MUST be together.
SystemArgument1 PVOID ? ; 0024h
SystemArgument2 PVOID ? ; 0028h
ApcStateIndex BYTE ? ; 002Ch
ApcMode BYTE ? ; 002Dh KPROCESSOR_MODE
Inserted BYTE ? ; 002Eh BOOLEAN
db ? ; padding
KAPC ENDS
PKAPC typedef PTR KAPC
; begin_ntndis
; +
; Define DPC importance.
;
; LowImportance - Queue DPC at end of target DPC queue.
; MediumImportance - Queue DPC at end of target DPC queue.
; HighImportance - Queue DPC at front of target DPC DPC queue.
;
; If there is currently a DPC active on the target processor, or a DPC
; interrupt has already been requested on the target processor when a
; DPC is queued, then no further action is necessary. The DPC will be
; executed on the target processor when its queue entry is processed.
;
; If there is not a DPC active on the target processor and a DPC interrupt
; has not been requested on the target processor, then the exact treatment
; of the DPC is dependent on whether the host system is a UP system or an
; MP system.
;
; UP system.
;
; If the DPC is of medium or high importance, the current DPC queue depth
; is greater than the maximum target depth, or current DPC request rate is
; less the minimum target rate, then a DPC interrupt is requested on the
; host processor and the DPC will be processed when the interrupt occurs.
; Otherwise, no DPC interupt is requested and the DPC execution will be
; delayed until the DPC queue depth is greater that the target depth or the
; minimum DPC rate is less than the target rate.
;
; MP system.
;
; If the DPC is being queued to another processor and the depth of the DPC
; queue on the target processor is greater than the maximum target depth or
; the DPC is of high importance, then a DPC interrupt is requested on the
; target processor and the DPC will be processed when the interrupt occurs.
; Otherwise, the DPC execution will be delayed on the target processor until
; the DPC queue depth on the target processor is greater that the maximum
; target depth or the minimum DPC rate on the target processor is less than
; the target mimimum rate.
;
; If the DPC is being queued to the current processor and the DPC is not of
; low importance, the current DPC queue depth is greater than the maximum
; target depth, or the minimum DPC rate is less than the minimum target rate,
; then a DPC interrupt is request on the current processor and the DPV will
; be processed whne the interrupt occurs. Otherwise, no DPC interupt is
; requested and the DPC execution will be delayed until the DPC queue depth
; is greater that the target depth or the minimum DPC rate is less than the
; target rate.
; -
;typedef enum _KDPC_IMPORTANCE {
LowImportance equ 0
MediumImportance equ 1
HighImportance equ 2
; Deferred Procedure Call (DPC) object
KDPC STRUCT ; sizeof = 020h
_Type SWORD ? ; 0000h (IO_TYPE_DPC = 13h) (original name Type)
Number BYTE ? ; 0002h
Importance BYTE ? ; 0003h
DpcListEntry LIST_ENTRY <> ; 0004h
DeferredRoutine PVOID ? ; 000Ch
DeferredContext PVOID ? ; 0010h
SystemArgument1 PVOID ? ; 0014h
SystemArgument2 PVOID ? ; 0018h
_Lock PVOID ? ; 001Ch (original Lock)
KDPC ENDS
PKDPC typedef PTR KDPC
PKIPI_CONTEXT typedef DWORD
; Define interprocessor interrupt performance counters.
KIPI_COUNTS STRUCT
Freeze DWORD ?
Packet DWORD ?
DPC DWORD ?
APC DWORD ?
FlushSingleTb DWORD ?
FlushMultipleTb DWORD ?
FlushEntireTb DWORD ?
GenericCall DWORD ?
ChangeColor DWORD ?
SweepDcache DWORD ?
SweepIcache DWORD ?
SweepIcacheRange DWORD ?
FlushIoBuffers DWORD ?
GratuitousDPC DWORD ?
KIPI_COUNTS ENDS
PKIPI_COUNTS typedef ptr KIPI_COUNTS
; +
; I/O system definitions.
;
; Define a Memory Descriptor List (MDL)
;
; An MDL describes pages in a virtual buffer in terms of physical pages. The
; pages associated with the buffer are described in an array that is allocated
; just after the MDL header structure itself. In a future compiler this will
; be placed at:
;
; ULONG Pages[];
;
; Until this declaration is permitted, however, one simply calculates the
; base of the array by adding one to the base MDL pointer:
;
; Pages = (PULONG) (Mdl + 1);
;
; Notice that while in the context of the subject thread, the base virtual
; address of a buffer mapped by an MDL may be referenced using the following:
;
; Mdl->StartVa | Mdl->ByteOffset
; -
MDL STRUCT ; sizeof = 01Ch
Next PVOID ? ; 0000h PTR MDL
_Size SWORD ? ; 0004h (original name Size)
MdlFlags SWORD ? ; 0006h
Process PVOID ? ; 0008h PTR EPROCESS
MappedSystemVa PVOID ? ; 000Ch
StartVa PVOID ? ; 0010h
ByteCount DWORD ? ; 0014h
ByteOffset DWORD ? ; 0018h
MDL ENDS
PMDL typedef PTR MDL
MDL_MAPPED_TO_SYSTEM_VA equ 0001
MDL_PAGES_LOCKED equ 0002
MDL_SOURCE_IS_NONPAGED_POOL equ 0004
MDL_ALLOCATED_FIXED_SIZE equ 0008
MDL_PARTIAL equ 0010h
MDL_PARTIAL_HAS_BEEN_MAPPED equ 0020h
MDL_IO_PAGE_READ equ 0040h
MDL_WRITE_OPERATION equ 0080h
MDL_PARENT_MAPPED_SYSTEM_VA equ 0100h
MDL_LOCK_HELD equ 0200h
MDL_PHYSICAL_VIEW equ 0400h
MDL_IO_SPACE equ 0800h
MDL_NETWORK_HEADER equ 1000h
MDL_MAPPING_CAN_FAIL equ 2000h
MDL_ALLOCATED_MUST_SUCCEED equ 4000h
MDL_MAPPING_FLAGS equ MDL_MAPPED_TO_SYSTEM_VA or MDL_PAGES_LOCKED or MDL_SOURCE_IS_NONPAGED_POOL or MDL_PARTIAL_HAS_BEEN_MAPPED or MDL_PARENT_MAPPED_SYSTEM_VA or MDL_LOCK_HELD or MDL_SYSTEM_VA or MDL_IO_SPACE
; end_ntndis
LOW_PRIORITY equ 0 ; Lowest thread priority level
LOW_REALTIME_PRIORITY equ 16 ; Lowest realtime priority level
HIGH_PRIORITY equ 31 ; Highest thread priority level
MAXIMUM_PRIORITY equ 32 ; Number of thread priority levels
; begin_winnt
MAXIMUM_WAIT_OBJECTS equ 64 ; Maximum number of wait objects
MAXIMUM_SUSPEND_COUNT equ MAXCHAR ; Maximum times thread can be suspended
; end_winnt
; Thread affinity
KAFFINITY typedef DWORD
PKAFFINITY typedef PTR KAFFINITY
; Thread priority
KPRIORITY typedef SDWORD
; Spin Lock
; begin_ntndis begin_winnt
KSPIN_LOCK typedef DWORD ; ULONG_PTR
PKSPIN_LOCK typedef PTR DWORD
; end_ntndis end_winnt
;ifndef _PO_DDK_
;define _PO_DDK_
;typedef enum _SYSTEM_POWER_STATE {
PowerSystemUnspecified equ 0
PowerSystemWorking equ 1
PowerSystemSleeping1 equ 2
PowerSystemSleeping2 equ 3
PowerSystemSleeping3 equ 4
PowerSystemHibernate equ 5
PowerSystemShutdown equ 6
PowerSystemMaximum equ 7
;typedef enum _POWER_ACTION {
PowerActionNone equ 0
PowerActionReserved equ 1
PowerActionSleep equ 2
PowerActionHibernate equ 3
PowerActionShutdown equ 4
PowerActionShutdownReset equ 5
PowerActionShutdownOff equ 6
PowerActionWarmEject equ 7
;typedef enum _DEVICE_POWER_STATE {
PowerDeviceUnspecified equ 0
PowerDeviceD0 equ 1
PowerDeviceD1 equ 2
PowerDeviceD2 equ 3
PowerDeviceD3 equ 4
PowerDeviceMaximum equ 5
POWER_STATE UNION
SystemState DWORD ? ; SYSTEM_POWER_STATE enum
DeviceState DWORD ? ; DEVICE_POWER_STATE enum
POWER_STATE ENDS
PPOWER_STATE typedef ptr POWER_STATE
;typedef enum _POWER_STATE_TYPE {
SystemPowerState equ 0
DevicePowerState equ 1
; Generic power related IOCTLs
IOCTL_QUERY_DEVICE_POWER_STATE equ CTL_CODE(FILE_DEVICE_BATTERY, 0, METHOD_BUFFERED, FILE_READ_ACCESS)
IOCTL_SET_DEVICE_WAKE equ CTL_CODE(FILE_DEVICE_BATTERY, 1, METHOD_BUFFERED, FILE_WRITE_ACCESS)
IOCTL_CANCEL_DEVICE_WAKE equ CTL_CODE(FILE_DEVICE_BATTERY, 2, METHOD_BUFFERED, FILE_WRITE_ACCESS)
; Defines for W32 interfaces
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -