📄 ntifs.inc
字号:
FILE_ALL_INFORMATION ENDS
PFILE_ALL_INFORMATION typedef ptr FILE_ALL_INFORMATION
FILE_NETWORK_OPEN_INFORMATION STRUCT ; sizeof = 038h
CreationTime LARGE_INTEGER <>
LastAccessTime LARGE_INTEGER <>
LastWriteTime LARGE_INTEGER <>
ChangeTime LARGE_INTEGER <>
AllocationSize LARGE_INTEGER <>
EndOfFile LARGE_INTEGER <>
FileAttributes DWORD ?
DWORD ? ; padding
FILE_NETWORK_OPEN_INFORMATION ENDS
PFILE_NETWORK_OPEN_INFORMATION typedef ptr FILE_NETWORK_OPEN_INFORMATION
FILE_ATTRIBUTE_TAG_INFORMATION STRUCT ; sizeof=8
FileAttributes DWORD ?
ReparseTag DWORD ?
FILE_ATTRIBUTE_TAG_INFORMATION ENDS
PFILE_ATTRIBUTE_TAG_INFORMATION typedef PTR FILE_ATTRIBUTE_TAG_INFORMATION
FILE_ALLOCATION_INFORMATION STRUCT
AllocationSize LARGE_INTEGER <>
FILE_ALLOCATION_INFORMATION ENDS
PFILE_ALLOCATION_INFORMATION typedef ptr FILE_ALLOCATION_INFORMATION
FILE_DISPOSITION_INFORMATION STRUCT
DeleteFile BOOLEAN ?
FILE_DISPOSITION_INFORMATION ENDS
PFILE_DISPOSITION_INFORMATION typedef PTR FILE_DISPOSITION_INFORMATION
FILE_END_OF_FILE_INFORMATION STRUCT ; sizeof=8
EndOfFile LARGE_INTEGER <>
FILE_END_OF_FILE_INFORMATION ENDS
PFILE_END_OF_FILE_INFORMATION typedef PTR FILE_END_OF_FILE_INFORMATION
FILE_LINK_INFORMATION STRUCT ; sizeof = 10h
ReplaceIfExists BOOLEAN ?
db 3 dup(?)
RootDirectory DWORD ? ; HANDLE
FileNameLength DWORD ?
FileName WORD 1 dup(?) ; WCHAR
WORD ?
FILE_LINK_INFORMATION ENDS
PFILE_LINK_INFORMATION typedef ptr FILE_LINK_INFORMATION
FILE_RENAME_INFORMATION STRUCT ; sizeof = 10h
ReplaceIfExists BOOLEAN ?
db 3 dup(?)
RootDirectory DWORD ? ; HANDLE
FileNameLength DWORD ?
FileName WORD 1 dup(?) ; WCHAR
WORD ?
FILE_RENAME_INFORMATION ENDS
PFILE_RENAME_INFORMATION typedef ptr FILE_RENAME_INFORMATION
FILE_STREAM_INFORMATION STRUCT ; sizeof = 20h
NextEntryOffset DWORD ?
StreamNameLength DWORD ?
StreamSize LARGE_INTEGER <>
StreamAllocationSize LARGE_INTEGER <>
StreamName WORD 1 dup(?) ; WCHAR
WORD 3 dup(?)
FILE_STREAM_INFORMATION ENDS
PFILE_STREAM_INFORMATION typedef ptr FILE_STREAM_INFORMATION
FILE_TRACKING_INFORMATION STRUCT ; sizeof = 0Ch
DestinationFile DWORD ? ; HANDLE
ObjectInformationLength DWORD ?
ObjectInformation BYTE 1 dup(?) ; CHAR
db 3 dup(?)
FILE_TRACKING_INFORMATION ENDS
PFILE_TRACKING_INFORMATION typedef ptr FILE_TRACKING_INFORMATION
FILE_COMPLETION_INFORMATION STRUCT ; sizeof = 8
Port DWORD ? ; HANDLE
Key PVOID ?
FILE_COMPLETION_INFORMATION ENDS
PFILE_COMPLETION_INFORMATION typedef ptr FILE_COMPLETION_INFORMATION
FILE_PIPE_INFORMATION STRUCT ; sizeof = 8
ReadMode DWORD ?
CompletionMode DWORD ?
FILE_PIPE_INFORMATION ENDS
PFILE_PIPE_INFORMATION typedef ptr FILE_PIPE_INFORMATION
FILE_PIPE_LOCAL_INFORMATION STRUCT ; sizeof = 28h
NamedPipeType DWORD ?
NamedPipeConfiguration DWORD ?
MaximumInstances DWORD ?
CurrentInstances DWORD ?
InboundQuota DWORD ?
ReadDataAvailable DWORD ?
OutboundQuota DWORD ?
WriteQuotaAvailable DWORD ?
NamedPipeState DWORD ?
NamedPipeEnd DWORD ?
FILE_PIPE_LOCAL_INFORMATION ENDS
PFILE_PIPE_LOCAL_INFORMATION typedef ptr FILE_PIPE_LOCAL_INFORMATION
FILE_PIPE_REMOTE_INFORMATION STRUCT ; sizeof = 10h
CollectDataTime LARGE_INTEGER <>
MaximumCollectionCount DWORD ?
DWORD ?
FILE_PIPE_REMOTE_INFORMATION ENDS
PFILE_PIPE_REMOTE_INFORMATION typedef ptr FILE_PIPE_REMOTE_INFORMATION
; begin_winioctl
IFNDEF _FILESYSTEMFSCTL_
_FILESYSTEMFSCTL_ equ 1
; The following is a list of the native file system fsctls followed by
; additional network file system fsctls. Some values have been
; decommissioned.
FSCTL_REQUEST_OPLOCK_LEVEL_1 equ CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 0, METHOD_BUFFERED, FILE_ANY_ACCESS)
FSCTL_REQUEST_OPLOCK_LEVEL_2 equ CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 1, METHOD_BUFFERED, FILE_ANY_ACCESS)
FSCTL_REQUEST_BATCH_OPLOCK equ CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 2, METHOD_BUFFERED, FILE_ANY_ACCESS)
FSCTL_OPLOCK_BREAK_ACKNOWLEDGE equ CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 3, METHOD_BUFFERED, FILE_ANY_ACCESS)
FSCTL_OPBATCH_ACK_CLOSE_PENDING equ CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 4, METHOD_BUFFERED, FILE_ANY_ACCESS)
FSCTL_OPLOCK_BREAK_NOTIFY equ CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 5, METHOD_BUFFERED, FILE_ANY_ACCESS)
FSCTL_LOCK_VOLUME equ CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 6, METHOD_BUFFERED, FILE_ANY_ACCESS)
FSCTL_UNLOCK_VOLUME equ CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 7, METHOD_BUFFERED, FILE_ANY_ACCESS)
FSCTL_DISMOUNT_VOLUME equ CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 8, METHOD_BUFFERED, FILE_ANY_ACCESS)
; decommissioned fsctl value 9
FSCTL_IS_VOLUME_MOUNTED equ CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 10, METHOD_BUFFERED, FILE_ANY_ACCESS)
FSCTL_IS_PATHNAME_VALID equ CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 11, METHOD_BUFFERED, FILE_ANY_ACCESS) ; PATHNAME_BUFFER,
FSCTL_MARK_VOLUME_DIRTY equ CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 12, METHOD_BUFFERED, FILE_ANY_ACCESS)
; decommissioned fsctl value 13
FSCTL_QUERY_RETRIEVAL_POINTERS equ CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 14, METHOD_NEITHER, FILE_ANY_ACCESS)
FSCTL_GET_COMPRESSION equ CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 15, METHOD_BUFFERED, FILE_ANY_ACCESS)
FSCTL_SET_COMPRESSION equ CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 16, METHOD_BUFFERED, FILE_READ_DATA or FILE_WRITE_DATA)
; decommissioned fsctl value 17
; decommissioned fsctl value 18
FSCTL_MARK_AS_SYSTEM_HIVE equ CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 19, METHOD_NEITHER, FILE_ANY_ACCESS)
FSCTL_OPLOCK_BREAK_ACK_NO_2 equ CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 20, METHOD_BUFFERED, FILE_ANY_ACCESS)
FSCTL_INVALIDATE_VOLUMES equ CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 21, METHOD_BUFFERED, FILE_ANY_ACCESS)
FSCTL_QUERY_FAT_BPB equ CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 22, METHOD_BUFFERED, FILE_ANY_ACCESS) ; FSCTL_QUERY_FAT_BPB_BUFFER
FSCTL_REQUEST_FILTER_OPLOCK equ CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 23, METHOD_BUFFERED, FILE_ANY_ACCESS)
FSCTL_FILESYSTEM_GET_STATISTICS equ CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 24, METHOD_BUFFERED, FILE_ANY_ACCESS) ; FILESYSTEM_STATISTICS
;#if(_WIN32_WINNT >= 0x0400)
FSCTL_GET_NTFS_VOLUME_DATA equ CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 25, METHOD_BUFFERED, FILE_ANY_ACCESS) ; NTFS_VOLUME_DATA_BUFFER
FSCTL_GET_NTFS_FILE_RECORD equ CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 26, METHOD_BUFFERED, FILE_ANY_ACCESS) ; NTFS_FILE_RECORD_INPUT_BUFFER, NTFS_FILE_RECORD_OUTPUT_BUFFER
FSCTL_GET_VOLUME_BITMAP equ CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 27, METHOD_NEITHER, FILE_ANY_ACCESS) ; STARTING_LCN_INPUT_BUFFER, VOLUME_BITMAP_BUFFER
FSCTL_GET_RETRIEVAL_POINTERS equ CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 28, METHOD_NEITHER, FILE_ANY_ACCESS) ; STARTING_VCN_INPUT_BUFFER, RETRIEVAL_POINTERS_BUFFER
FSCTL_MOVE_FILE equ CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 29, METHOD_BUFFERED, FILE_SPECIAL_ACCESS) ; MOVE_FILE_DATA,
FSCTL_IS_VOLUME_DIRTY equ CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 30, METHOD_BUFFERED, FILE_ANY_ACCESS)
FSCTL_GET_HFS_INFORMATION equ CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 31, METHOD_BUFFERED, FILE_ANY_ACCESS)
FSCTL_ALLOW_EXTENDED_DASD_IO equ CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 32, METHOD_NEITHER, FILE_ANY_ACCESS)
;#endif /* _WIN32_WINNT >= 0x0400 */
;#if(_WIN32_WINNT >= 0x0500)
FSCTL_READ_PROPERTY_DATA equ CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 33, METHOD_NEITHER, FILE_ANY_ACCESS)
FSCTL_WRITE_PROPERTY_DATA equ CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 34, METHOD_NEITHER, FILE_ANY_ACCESS)
FSCTL_FIND_FILES_BY_SID equ CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 35, METHOD_NEITHER, FILE_ANY_ACCESS)
; decommissioned fsctl value 36
FSCTL_DUMP_PROPERTY_DATA equ CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 37, METHOD_NEITHER, FILE_ANY_ACCESS)
FSCTL_SET_OBJECT_ID equ CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 38, METHOD_BUFFERED, FILE_SPECIAL_ACCESS) ; FILE_OBJECTID_BUFFER
FSCTL_GET_OBJECT_ID equ CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 39, METHOD_BUFFERED, FILE_ANY_ACCESS) ; FILE_OBJECTID_BUFFER
FSCTL_DELETE_OBJECT_ID equ CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 40, METHOD_BUFFERED, FILE_SPECIAL_ACCESS)
FSCTL_SET_REPARSE_POINT equ CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 41, METHOD_BUFFERED, FILE_SPECIAL_ACCESS) ; REPARSE_DATA_BUFFER,
FSCTL_GET_REPARSE_POINT equ CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 42, METHOD_BUFFERED, FILE_ANY_ACCESS) ; REPARSE_DATA_BUFFER
FSCTL_DELETE_REPARSE_POINT equ CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 43, METHOD_BUFFERED, FILE_SPECIAL_ACCESS) ; REPARSE_DATA_BUFFER,
FSCTL_ENUM_USN_DATA equ CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 44, METHOD_NEITHER, FILE_ANY_ACCESS) ; MFT_ENUM_DATA,
FSCTL_SECURITY_ID_CHECK equ CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 45, METHOD_NEITHER, FILE_READ_DATA) ; BULK_SECURITY_TEST_DATA,
FSCTL_READ_USN_JOURNAL equ CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 46, METHOD_NEITHER, FILE_ANY_ACCESS) ; READ_USN_JOURNAL_DATA, USN
FSCTL_SET_OBJECT_ID_EXTENDED equ CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 47, METHOD_BUFFERED, FILE_SPECIAL_ACCESS)
FSCTL_CREATE_OR_GET_OBJECT_ID equ CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 48, METHOD_BUFFERED, FILE_ANY_ACCESS) ; FILE_OBJECTID_BUFFER
FSCTL_SET_SPARSE equ CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 49, METHOD_BUFFERED, FILE_SPECIAL_ACCESS)
FSCTL_SET_ZERO_DATA equ CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 50, METHOD_BUFFERED, FILE_WRITE_DATA) ; FILE_ZERO_DATA_INFORMATION,
FSCTL_QUERY_ALLOCATED_RANGES equ CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 51, METHOD_NEITHER, FILE_READ_DATA) ; FILE_ALLOCATED_RANGE_BUFFER, FILE_ALLOCATED_RANGE_BUFFER
FSCTL_ENABLE_UPGRADE equ CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 52, METHOD_BUFFERED, FILE_WRITE_DATA)
FSCTL_SET_ENCRYPTION equ CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 53, METHOD_NEITHER, FILE_ANY_ACCESS) ; ENCRYPTION_BUFFER, DECRYPTION_STATUS_BUFFER
FSCTL_ENCRYPTION_FSCTL_IO equ CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 54, METHOD_NEITHER, FILE_ANY_ACCESS)
FSCTL_WRITE_RAW_ENCRYPTED equ CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 55, METHOD_NEITHER, FILE_SPECIAL_ACCESS) ; ENCRYPTED_DATA_INFO,
FSCTL_READ_RAW_ENCRYPTED equ CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 56, METHOD_NEITHER, FILE_SPECIAL_ACCESS) ; REQUEST_RAW_ENCRYPTED_DATA, ENCRYPTED_DATA_INFO
FSCTL_CREATE_USN_JOURNAL equ CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 57, METHOD_NEITHER, FILE_ANY_ACCESS) ; CREATE_USN_JOURNAL_DATA,
FSCTL_READ_FILE_USN_DATA equ CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 58, METHOD_NEITHER, FILE_ANY_ACCESS) ; Read the Usn Record for a file
FSCTL_WRITE_USN_CLOSE_RECORD equ CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 59, METHOD_NEITHER, FILE_ANY_ACCESS) ; Generate Close Usn Record
FSCTL_EXTEND_VOLUME equ CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 60, METHOD_BUFFERED, FILE_ANY_ACCESS)
FSCTL_QUERY_USN_JOURNAL equ CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 61, METHOD_BUFFERED, FILE_ANY_ACCESS)
FSCTL_DELETE_USN_JOURNAL equ CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 62, METHOD_BUFFERED, FILE_ANY_ACCESS)
FSCTL_MARK_HANDLE equ CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 63, METHOD_BUFFERED, FILE_ANY_ACCESS)
FSCTL_SIS_COPYFILE equ CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 64, METHOD_BUFFERED, FILE_ANY_ACCESS)
FSCTL_SIS_LINK_FILES equ CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 65, METHOD_BUFFERED, FILE_READ_DATA or FILE_WRITE_DATA)
FSCTL_HSM_MSG equ CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 66, METHOD_BUFFERED, FILE_READ_DATA or FILE_WRITE_DATA)
FSCTL_NSS_CONTROL equ CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 67, METHOD_BUFFERED, FILE_WRITE_DATA)
FSCTL_HSM_DATA equ CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 68, METHOD_NEITHER, FILE_READ_DATA or FILE_WRITE_DATA)
FSCTL_RECALL_FILE equ CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 69, METHOD_NEITHER, FILE_ANY_ACCESS)
FSCTL_NSS_RCONTROL equ CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 70, METHOD_BUFFERED, FILE_READ_DATA)
;#endif /* _WIN32_WINNT >= 0x0500 */
ENDIF ; _FILESYSTEMFSCTL_
IO_REPARSE_TAG_MOUNT_POINT equ 0A0000003h
IO_REPARSE_TAG_HSM equ 0C0000004h
IO_REPARSE_TAG_SIS equ 080000007h
FSCTL_PIPE_PEEK equ CTL_CODE(FILE_DEVICE_NAMED_PIPE, 3, METHOD_BUFFERED, FILE_READ_DATA)
; Control structure for FSCTL_PIPE_PEEK
PROCESS_ALL_ACCESS equ (STANDARD_RIGHTS_REQUIRED or SYNCHRONIZE or 0FFFh)
THREAD_ALL_ACCESS equ (STANDARD_RIGHTS_REQUIRED or SYNCHRONIZE or 3FFh)
; ClientId
CLIENT_ID STRUCT ; sizeof = 8
UniqueProcess HANDLE ?
UniqueThread HANDLE ?
CLIENT_ID ENDS
PCLIENT_ID typedef PTR CLIENT_ID
; Thread Environment Block (and portable part of Thread Information Block)
; +
; NT_TIB - Thread Information Block - Portable part.
;
; This is the subsystem portable part of the Thread Information Block.
; It appears as the first part of the TEB for all threads which have
; a user mode component.
; -
; begin_winnt
NT_TIB STRUCT ; sizeof = 1Ch
ExceptionList PVOID ? ; PTR EXCEPTION_REGISTRATION_RECORD
StackBase PVOID ? ; 04h
StackLimit PVOID ? ; 08h
SubSystemTib PVOID ? ; 0Ch
union
FiberData PVOID ? ; 10h
Version DWORD ? ; 10h
ends
ArbitraryUserPointer PVOID ? ; 14h
Self PVOID ? ; 18h PTR NT_TIB
NT_TIB ENDS
PNT_TIB typedef PTR NT_TIB
NtCurrentProcess equ -1
NtCurrentThread equ -2
; Priority increment definitions. The comment for each definition gives
; the names of the system services that use the definition when satisfying
; a wait.
; Priority increment used when satisfying a wait on an executive event
; (NtPulseEvent and NtSetEvent)
EVENT_INCREMENT equ 1
; Priority increment when no I/O has been done. This is used by device
; and file system drivers when completing an IRP (IoCompleteRequest).
IO_NO_INCREMENT equ 0
; Priority increment for completing CD-ROM I/O. This is used by CD-ROM device
; and file system drivers when completing an IRP (IoCompleteRequest)
IO_CD_ROM_INCREMENT equ 1
; Priority increment for completing disk I/O. This is used by disk device
; and file system drivers when completing an IRP (IoCompleteRequest)
IO_DISK_INCREMENT equ 1
; Priority increment for completing mailslot I/O. This is used by the mail-
; slot file system driver when completing an IRP (IoCompleteRequest).
IO_MAILSLOT_INCREMENT equ 2
; Priority increment for completing named pipe I/O. This is used by the
; named pipe file system driver when completing an IRP (IoCompleteRequest).
IO_NAMED_PIPE_INCREMENT equ 2
; Priority increment for completing network I/O. This is used by network
; device and network file system drivers when completing an IRP
; (IoCompleteRequest).
IO_NETWORK_INCREMENT equ 2
; Priority increment used when satisfying a wait on an executive semaphore
; (NtReleaseSemaphore)
SEMAPHORE_INCREMENT equ 1
; Section Information Structures.
;typedef enum _SECTION_INHERIT {
ViewShare equ 1
ViewUnmap equ 2
; Section Access Rights.
; begin_winnt
SECTION_QUERY equ 0001h
SECTION_MAP_WRITE equ 0002h
SECTION_MAP_READ equ 0004h
SECTION_MAP_EXECUTE equ 0008h
SECTION_EXTEND_SIZE equ 0010h
SECTION_ALL_ACCESS equ (STANDARD_RIGHTS_REQUIRED or SECTION_QUERY or SECTION_MAP_WRITE or SECTION_MAP_READ or SECTION_MAP_EXECUTE or SECTION_EXTEND_SIZE)
; end_winnt
SEGMENT_ALL_ACCESS equ SECTION_ALL_ACCESS
PAGE_NOACCESS equ 01h ; winnt
PAGE_READONLY equ 02h ; winnt
PAGE_READWRITE equ 04h ; winnt
PAGE_WRITECOPY equ 08h ; winnt
PAGE_EXECUTE equ 10h ; winnt
PAGE_EXECUTE_READ equ 20h ; winnt
PAGE_EXECUTE_READWRITE equ 40h ; winnt
PAGE_EXECUTE_WRITECOPY equ 80h ; winnt
PAGE_GUARD equ 100h ; winnt
PAGE_NOCACHE equ 200h ; winnt
PAGE_WRITECOMBINE equ 400h ; winnt
MEM_COMMIT equ 1000h
MEM_RESERVE equ 2000h
MEM_DECOMMIT equ 4000h
MEM_RELEASE equ 8000h
MEM_FREE equ 10000h
MEM_PRIVATE equ 20000h
MEM_MAPPED equ 40000h
MEM_RESET equ 80000h
MEM_TOP_DOWN equ 100000h
MEM_LARGE_PAGES equ 20000000h
MEM_4MB_PAGES equ 80000000h
SEC_RESERVE equ 4000000h
; Define system time structure.
KSYSTEM_TIME STRUCT ; sizeof = 0Ch
LowPart DWORD ? ; 0000h
High1Time SDWORD ? ; 0004h
High2Time SDWORD ? ; 0008h
KSYSTEM_TIME ENDS
PKSYSTEM_TIME typedef PTR KSYSTEM_TIME
; begin_ntddk begin_wdm begin_nthal begin_ntndis
; Common dispatcher object header
;
; N.B. The size field contains the number of dwords in the structure.
DISPATCHER_HEADER STRUCT ; sizeof = 010h
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -