native.inc

这是asm驱动的开发包

comment ^

Module Name:
    native.inc

Abstract:
    This module defines some undocumented W2000 structures and constants.
    See "Windows NT-2000 Native API Reference" by Gary Nebbett

Author:
    Four-F (four-f@mail.ru)

Last Update:
	24-September-2003

IMPORTANT:
	Hand made -> Bugs are very possible :(
	Your bug report is very welcome.

Comments:
    Some fields name have been changed because of collision with masm reserved words
    All such words are prefixed with underscore ('_') symbol.
^

;IFNDEF KAFFINITY
;	include ntddk.inc
;ENDIF


;::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
; Counted String
;::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

IFNDEF _STRING
_STRING STRUCT
	_Length			WORD	?
	MaximumLength	WORD	?
	Buffer			DWORD	?	; PCHAR
_STRING ENDS
PSTRING typedef PTR _STRING
ENDIF

IFNDEF ANSI_STRING
ANSI_STRING equ <_STRING>
PANSI_STRING typedef PTR _STRING
ENDIF

IFNDEF OEM_STRING
OEM_STRING equ <_STRING>
POEM_STRING typedef PTR _STRING
ENDIF

;::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
; CONST Counted String
;::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

IFNDEF CSTRING
CSTRING STRUCT
	_Length		WORD	?
	MaximumLength	WORD	?
	Buffer			DWORD	?	; CONST char *
CSTRING ENDS
PCSTRING typedef PTR CSTRING
ENDIF

;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
; Unicode strings are counted 16-bit character strings. If they are
; NULL terminated, Length does not include trailing NULL.
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

IFNDEF UNICODE_STRING
	UNICODE_STRING STRUCT
		_Length		WORD	?		; len of string in bytes (not chars)
		MaximumLength	WORD	?		; len of Buffer in bytes (not chars)
		Buffer			PWSTR	?		; pointer to string
	UNICODE_STRING ENDS
	PUNICODE_STRING	typedef	PTR UNICODE_STRING
ENDIF

;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
; Valid values for the Attributes field
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

IFNDEF OBJ_INHERIT
OBJ_INHERIT             equ 00000002h
OBJ_PERMANENT           equ 00000010h
OBJ_EXCLUSIVE           equ 00000020h
OBJ_CASE_INSENSITIVE    equ 00000040h
OBJ_OPENIF              equ 00000080h
OBJ_OPENLINK            equ 00000100h
OBJ_KERNEL_HANDLE       equ 00000200h
OBJ_VALID_ATTRIBUTES    equ 000003F2h
ENDIF

;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
; Object Attributes structure
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
IFNDEF OBJECT_ATTRIBUTES
OBJECT_ATTRIBUTES STRUCT		; sizeof = 18h
	_Length						DWORD			? ; original name Length
	RootDirectory				HANDLE			?
	ObjectName					PUNICODE_STRING	?
	Attributes					DWORD			?
	SecurityDescriptor			PVOID			? ; Points to type SECURITY_DESCRIPTOR
	SecurityQualityOfService	PVOID			? ; Points to type SECURITY_QUALITY_OF_SERVICE
OBJECT_ATTRIBUTES ENDS
POBJECT_ATTRIBUTES typedef OBJECT_ATTRIBUTES

;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
; VOID
; InitializeObjectAttributes(
;     OUT POBJECT_ATTRIBUTES p,
;     IN PUNICODE_STRING n,
;     IN ULONG a,
;     IN HANDLE r,
;     IN PSECURITY_DESCRIPTOR s
;     )
;
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

;#define InitializeObjectAttributes( p, n, a, r, s ) { \
;    (p)->Length = sizeof( OBJECT_ATTRIBUTES );          \
;    (p)->RootDirectory = r;                             \
;    (p)->Attributes = a;                                \
;    (p)->ObjectName = n;                                \
;    (p)->SecurityDescriptor = s;                        \
;    (p)->SecurityQualityOfService = NULL;               \
;    }

;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
        
$IsAddr2 MACRO Operand:REQ
	local a
	a = 0

	IF @SizeStr(<Operand>) GT 5
		IFIDNI <addr >, @SubStr(<Operand>, 1 , 5)
			a = 1
		ENDIF
	ENDIF

	IF a
        EXITM <-1>
    ELSE
        EXITM <0>
    ENDIF
ENDM

$IsOffset2 MACRO Operand:REQ
	local a
	a = 0

echo Operand
	IF @SizeStr(<Operand>) GT 7
		IFIDNI <offset >, @SubStr(<Operand>, 1 , 7)
			a = 1
		ENDIF
	ENDIF

	IF a
        EXITM <-1>
    ELSE
        EXITM <0>
    ENDIF
ENDM

;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

InitializeObjectAttributes MACRO p:REQ, n:REQ, a:REQ, r:REQ, s:REQ

;; Be very carefull with this macro !!!
;; It can contain some hiden bugs !!!
;; In ambiguous cases fill OBJECT_ATTRIBUTES structure manually

	local adr, reax, reax
	reax = 0
	recx = 0

	IF (OPATTR (p)) AND 00010000y
		;; is a register value
		IFDIFI <p>, <ecx>		;; not ecx
			mov ecx, p
		ENDIF
	ELSE
		IF $IsAddr2(p)
			adr SUBSTR <p>, 6
			IF $IsStack(adr)			;; is relative to SS
				lea ecx, adr
				recx = 1				;; no more eax
			ELSE
				mov ecx, offset adr
			ENDIF
		ENDIF
	ENDIF

	PUSHCONTEXT ASSUMES
	assume ecx:ptr OBJECT_ATTRIBUTES
	mov [ecx]._Length, sizeof OBJECT_ATTRIBUTES

	IF (OPATTR (r)) AND 00000010y
		;; is a memory variable or has a relocatable data label
		push r
		pop [ecx].RootDirectory
	ELSE
		IF r EQ 0
			and [ecx].RootDirectory, 0	;; NULL
		ELSE
			mov [ecx].RootDirectory, r
		ENDIF
	ENDIF

	IF (OPATTR (a)) AND 00000010y
		;; is a memory variable or has a relocatable data label
		push a
		pop [ecx].Attributes
	ELSE
		IF a EQ 0
			and [ecx].Attributes, 0
		ELSE
			mov [ecx].Attributes, a
		ENDIF
	ENDIF


	IF (OPATTR (n)) AND 00010000y
		;; is a register value
		;IFDIFI <n>, <eax>		;; not eax
			mov [ecx].ObjectName, n
		;ENDIF
	ELSE
		IF $IsAddr2(n)
			adr SUBSTR <n>, 6
			IF $IsStack(adr)			;; is relative to SS
				lea eax, adr
				mov [ecx].ObjectName, eax
				reax = 1				;; no more eax
			ELSE
				mov [ecx].ObjectName, offset adr
			ENDIF
		ELSEIF (OPATTR (n)) AND 00000010y
			;; is a memory variable or has a relocatable data label
			push n
			pop [ecx].ObjectName
		ELSE
			;; offset
			mov [ecx].ObjectName, n
		ENDIF
	ENDIF

	IF (OPATTR (s)) AND 00000010y
		;; is a memory variable or has a relocatable data label
		push s
		pop [ecx].SecurityDescriptor
	ELSE
		IF s EQ 0
			and [ecx].SecurityDescriptor, 0	;; NULL
		ELSE
			mov [ecx].SecurityDescriptor, s
		ENDIF
	ENDIF

	and [ecx].SecurityQualityOfService, 0	;; NULL
	assume ecx:nothing
	POPCONTEXT ASSUMES
ENDM
ENDIF


;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
; Section Information Structures.
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
IFNDEF ViewShare
;typedef enum _SECTION_INHERIT {
    ViewShare	equ 1
    ViewUnmap	equ 2
ENDIF

IFNDEF NtCurrentProcess
NtCurrentProcess	equ -1
NtCurrentThread		equ -2
ENDIF

IFNDEF _LARGE_INTEGER
; Damn. LARGE_INTEGER is defined in windows.inc and defined wrong way!
; So i change its name to _LARGE_INTEGER :-(
_LARGE_INTEGER UNION
	struct
		LowPart    DWORD ?
		HighPart   SDWORD ?
	ends
	struct u
		LowPart    DWORD ?
		HighPart   SDWORD ?
	ends