📄 wdm.h
字号:
//
// Current stack location - contains a pointer to the current
// IO_STACK_LOCATION structure in the IRP stack. This field
// should never be directly accessed by drivers. They should
// use the standard functions.
//
struct _IO_STACK_LOCATION *CurrentStackLocation;
//
// Minipacket type.
//
ULONG PacketType;
};
};
//
// Original file object - pointer to the original file object
// that was used to open the file. This field is owned by the
// I/O system and should not be used by any other drivers.
//
PFILE_OBJECT OriginalFileObject;
} Overlay;
//
// APC - This APC control block is used for the special kernel APC as
// well as for the caller's APC, if one was specified in the original
// argument list. If so, then the APC is reused for the normal APC for
// whatever mode the caller was in and the "special" routine that is
// invoked before the APC gets control simply deallocates the IRP.
//
KAPC Apc;
//
// CompletionKey - This is the key that is used to distinguish
// individual I/O operations initiated on a single file handle.
//
PVOID CompletionKey;
} Tail;
} IRP, *PIRP;
//void IofCompleteRequest(PIRP Irp,CCHAR PriorityBoost);
typedef struct _IO_TIMER{} *PIO_TIMER;
#define DEVICE_TYPE ULONG
typedef ULONG_PTR KSPIN_LOCK;
typedef struct _KDEVICE_QUEUE { //sizeof = 14h
CSHORT Type;
CSHORT Size;
LIST_ENTRY DeviceListHead;
KSPIN_LOCK Lock;
BOOLEAN Busy;
} KDEVICE_QUEUE, *PKDEVICE_QUEUE;
typedef
VOID
(__stdcall *PKDEFERRED_ROUTINE) (
IN struct _KDPC *Dpc,
IN PVOID DeferredContext,
IN PVOID SystemArgument1,
IN PVOID SystemArgument2
);
typedef struct _KDPC { //sizeof = 20h
CSHORT Type;
UCHAR Number;
UCHAR Importance;
LIST_ENTRY DpcListEntry;
PKDEFERRED_ROUTINE DeferredRoutine;
PVOID DeferredContext;
PVOID SystemArgument1;
PVOID SystemArgument2;
PULONG_PTR Lock;
} KDPC, *PKDPC;
typedef PVOID PSECURITY_DESCRIPTOR;
enum IO_ALLOCATION_ACTION
{
KeepObject = 1,
DeallocateObject,
DeallocateObjectKeepRegisters
};
//
// Define device driver adapter/controller execution routine.
//
typedef
IO_ALLOCATION_ACTION
(__stdcall *PDRIVER_CONTROL) (
IN struct _DEVICE_OBJECT *DeviceObject,
IN struct _IRP *Irp,
IN PVOID MapRegisterBase,
IN PVOID Context
);
typedef struct _WAIT_CONTEXT_BLOCK { //sizeof = 28
KDEVICE_QUEUE_ENTRY WaitQueueEntry;
PDRIVER_CONTROL DeviceRoutine;
PVOID DeviceContext;
ULONG NumberOfMapRegisters;
PVOID DeviceObject;
PVOID CurrentIrp;
PKDPC BufferChainingDpc;
} WAIT_CONTEXT_BLOCK, *PWAIT_CONTEXT_BLOCK;
//
// Volume Parameter Block (VPB)
//
#define MAXIMUM_VOLUME_LABEL_LENGTH (32 * sizeof(WCHAR)) // 32 characters
typedef struct _VPB {
CSHORT Type;
CSHORT Size;
USHORT Flags;
USHORT VolumeLabelLength; // in bytes
struct _DEVICE_OBJECT *DeviceObject;
struct _DEVICE_OBJECT *RealDevice;
ULONG SerialNumber;
ULONG ReferenceCount;
WCHAR VolumeLabel[32]; //[MAXIMUM_VOLUME_LABEL_LENGTH / sizeof(WCHAR)];
} VPB, *PVPB;
typedef struct _DEVICE_OBJECT {
CSHORT Type;
USHORT Size;
LONG ReferenceCount;
struct _DRIVER_OBJECT *DriverObject;
struct _DEVICE_OBJECT *NextDevice;
struct _DEVICE_OBJECT *AttachedDevice;
struct _IRP *CurrentIrp;
PIO_TIMER Timer;
ULONG Flags; // See above: DO_...
ULONG Characteristics; // See ntioapi: FILE_...
PVPB Vpb;
PVOID DeviceExtension;
DEVICE_TYPE DeviceType;
CCHAR StackSize;
char reserve1;
char reserve2;
char reserve3;
union {
LIST_ENTRY ListEntry;
WAIT_CONTEXT_BLOCK Wcb;
} Queue;
ULONG AlignmentRequirement;
KDEVICE_QUEUE DeviceQueue;
KDPC Dpc;
//
// The following field is for exclusive use by the filesystem to keep
// track of the number of Fsp threads currently using the device
//
ULONG ActiveThreadCount;
PSECURITY_DESCRIPTOR SecurityDescriptor;
KEVENT DeviceLock;
USHORT SectorSize;
USHORT Spare1;
struct _DEVOBJ_EXTENSION *DeviceObjectExtension;
PVOID Reserved;
} DEVICE_OBJECT;
typedef struct _DEVICE_OBJECT *PDEVICE_OBJECT; // ntndis
/*
typedef struct _DEVICE_OBJECT { //sizeof = b8
CSHORT Type; //00
USHORT Size; //02
LONG ReferenceCount; //+04
struct _DRIVER_OBJECT *DriverObject; //+08
struct _DEVICE_OBJECT *NextDevice; //+0c
struct _DEVICE_OBJECT *AttachedDevice; //+10
struct _IRP *CurrentIrp; //+14
PIO_TIMER Timer; //+18
ULONG Flags; //+1c // See above: DO_...
ULONG Characteristics; // See ntioapi: FILE_...
PVOID DoNotUse1;
PVOID DeviceExtension; //+28h
DEVICE_TYPE DeviceType; //+2c
CCHAR StackSize; //+30
char reserve1;
char reserve2;
char reserve3;
//union {
struct { // 临时改一下
// LIST_ENTRY ListEntry;
WAIT_CONTEXT_BLOCK Wcb; //34
} Queue;
ULONG AlignmentRequirement; //5c
KDEVICE_QUEUE DeviceQueue; //60
KDPC Dpc; //74
ULONG ActiveThreadCount; //94
PSECURITY_DESCRIPTOR SecurityDescriptor;
KEVENT DeviceLock;
USHORT SectorSize;
USHORT Spare1;
struct _DEVOBJ_EXTENSION *DeviceObjectExtension;
PVOID Reserved;
} DEVICE_OBJECT, * PDEVICE_OBJECT;
*/
NTSTATUS IofCallDriver(PDEVICE_OBJECT DeviceObject, PIRP Irp);
void IoReleaseRemoveLockAndWaitEx(PIO_REMOVE_LOCK RemoveLock,PVOID Tag, ULONG RemlockSize );
void __stdcall RtlInitUnicodeString(PUNICODE_STRING DestinationString,PCWSTR SourceString);
void __stdcall IoDetachDevice( PDEVICE_OBJECT TargetDevice);
enum EVENT_TYPE
{
NotificationEvent,
SynchronizationEvent
} ;
void __stdcall KeInitializeEvent ( PRKEVENT Event, EVENT_TYPE Type, BOOLEAN State);
void __stdcall IoReleaseRemoveLockEx(PIO_REMOVE_LOCK RemoveLock, PVOID Tag, ULONG RemlockSize );
NTSTATUS __stdcall IoDeleteSymbolicLink(PUNICODE_STRING SymbolicLinkName);
void __stdcall IoDeleteDevice( PDEVICE_OBJECT DeviceObject);
enum KWAIT_REASON
{
Executive,
FreePage,
PageIn,
PoolAllocation,
DelayExecution,
Suspended,
UserRequest,
WrExecutive,
WrFreePage,
WrPageIn,
WrPoolAllocation,
WrDelayExecution,
WrSuspended,
WrUserRequest,
WrEventPair,
WrQueue,
WrLpcReceive,
WrLpcReply,
WrVirtualMemory,
WrPageOut,
WrRendezvous,
Spare2,
Spare3,
Spare4,
Spare5,
Spare6,
WrKernel,
MaximumWaitReason
};
typedef LONG KPRIORITY;
PKEVENT __stdcall IoCreateSynchronizationEvent(PUNICODE_STRING EventName, PHANDLE EventHandle);
LONG __stdcall KeSetEvent (PRKEVENT Event, KPRIORITY Increment, BOOLEAN Wait);
typedef struct _EPROCESS{} *PEPROCESS;;
void __stdcall KeAttachProcess(PEPROCESS pProcess);
void __stdcall KeDetachProcess();
void __stdcall IoStartPacket( PDEVICE_OBJECT DeviceObject, PIRP Irp, PULONG Key, PDRIVER_CANCEL CancelFunction );
void __stdcall IoSetHardErrorOrVerifyDevice( PIRP Irp, PDEVICE_OBJECT DeviceObject);
NTSTATUS __stdcall ZwClose( HANDLE Handle);
void __stdcall MmUnmapIoSpace ( PVOID BaseAddress, SIZE_T NumberOfBytes);
typedef LARGE_INTEGER *PLARGE_INTEGER;
NTSTATUS __stdcall KeWaitForSingleObject ( PVOID Object, KWAIT_REASON WaitReason, KPROCESSOR_MODE WaitMode, BOOLEAN Alertable, PLARGE_INTEGER Timeout );
NTSTATUS __stdcall ZwReadFile( HANDLE FileHandle, HANDLE Event , PIO_APC_ROUTINE ApcRoutine, PVOID ApcContext,PIO_STATUS_BLOCK IoStatusBlock,PVOID Buffer,ULONG Length,PLARGE_INTEGER ByteOffset,PULONG Key);
PVOID __stdcall MmMapLockedPages (PMDL MemoryDescriptorList, KPROCESSOR_MODE AccessMode);
void __fastcall IofCompleteRequest(PIRP Irp, CCHAR PriorityBoost);
PEPROCESS __stdcall IoGetCurrentProcess();
enum POOL_TYPE
{
NonPagedPool,
PagedPool,
NonPagedPoolMustSucceed,
DontUseThisType,
NonPagedPoolCacheAligned,
PagedPoolCacheAligned,
NonPagedPoolCacheAlignedMustS,
MaxPoolType
} ;
PVOID __stdcall ExAllocatePoolWithTag(POOL_TYPE PoolType, SIZE_T NumberOfBytes, ULONG Tag);
int __cdecl _stricmp(const char *, const char *);
typedef ULONG ACCESS_MASK;
typedef ACCESS_MASK *PACCESS_MASK;
typedef struct _OBJECT_ATTRIBUTES {
ULONG Length;
HANDLE RootDirectory;
PUNICODE_STRING ObjectName;
ULONG Attributes;
PVOID SecurityDescriptor; // Points to type SECURITY_DESCRIPTOR
PVOID SecurityQualityOfService; // Points to type SECURITY_QUALITY_OF_SERVICE
} OBJECT_ATTRIBUTES;
typedef OBJECT_ATTRIBUTES *POBJECT_ATTRIBUTES;
NTSTATUS __stdcall ZwCreateFile(PHANDLE FileHandle, ACCESS_MASK DesiredAccess, POBJECT_ATTRIBUTES ObjectAttributes, PIO_STATUS_BLOCK IoStatusBlock, PLARGE_INTEGER AllocationSize, ULONG FileAttributes, ULONG ShareAccess, ULONG CreateDisposition, ULONG CreateOptions, PVOID EaBuffer, ULONG EaLength);
typedef struct _STRING {
USHORT Length;
USHORT MaximumLength;
PCHAR Buffer;
} STRING;
typedef STRING *PSTRING;
typedef STRING ANSI_STRING;
typedef PSTRING PANSI_STRING;
typedef STRING OEM_STRING;
typedef PSTRING POEM_STRING;
NTSTATUS __stdcall RtlAnsiStringToUnicodeString(PUNICODE_STRING DestinationString, PANSI_STRING SourceString, BOOLEAN AllocateDestinationString);
void __stdcall RtlInitString(PSTRING DestinationString, PSTR SourceString);
void __stdcall ExFreePool(PVOID P);
void __stdcall RtlFreeUnicodeString(PUNICODE_STRING UnicodeString);
void __stdcall KeClearEvent (PRKEVENT Event);
int __cdecl sprintf(char *, const char *, ...);
void __stdcall IoDeleteDevice(PDEVICE_OBJECT DeviceObject);
typedef struct _KTHREAD
{
}*PKTHREAD;
PKTHREAD __stdcall KeGetCurrentThread();
typedef struct _KSEMAPHORE {
DISPATCHER_HEADER Header;
LONG Limit;
} KSEMAPHORE, *PKSEMAPHORE;
typedef ULONG_PTR ERESOURCE_THREAD;
typedef ERESOURCE_THREAD *PERESOURCE_THREAD;
typedef struct _OWNER_ENTRY {
ERESOURCE_THREAD OwnerThread;
// union {
LONG OwnerCount;
// ULONG TableSize;
// };
} OWNER_ENTRY, *POWNER_ENTRY;
typedef KSPIN_LOCK *PKSPIN_LOCK;
typedef struct _ERESOURCE {
LIST_ENTRY SystemResourcesList;
POWNER_ENTRY OwnerTable;
SHORT ActiveCount;
USHORT Flag;
PKSEMAPHORE SharedWaiters;
PKEVENT ExclusiveWaiters;
OWNER_ENTRY OwnerThreads[2];
ULONG ContentionCount;
USHORT NumberOfSharedWaiters;
USHORT NumberOfExclusiveWaiters;
// union {
PVOID Address;
//ULONG_PTR CreatorBackTraceIndex;
//};
KSPIN_LOCK SpinLock;
} ERESOURCE, *PERESOURCE;
BOOLEAN __stdcall ExAcquireResourceExclusiveLite(PERESOURCE Resource, BOOLEAN Wait);
void __stdcall ExReleaseResourceForThreadLite(PERESOURCE Resource, ERESOURCE_THREAD ResourceThreadId);
void __stdcall IoStartNextPacket(PDEVICE_OBJECT DeviceObject, BOOLEAN Cancelable);
NTSTATUS __stdcall KeWaitForSingleObject (PVOID Object, DWORD WaitReason, KPROCESSOR_MODE WaitMode, BOOLEAN Alertable, PLARGE_INTEGER Timeout);
typedef void (__stdcall *PWORKER_THREAD_ROUTINE)(PVOID Parameter);
typedef struct _WORK_QUEUE_ITEM {
LIST_ENTRY List;
PWORKER_THREAD_ROUTINE WorkerRoutine;
PVOID Parameter;
} WORK_QUEUE_ITEM, *PWORK_QUEUE_ITEM;
void __stdcall ExQueueWorkItem(PWORK_QUEUE_ITEM WorkItem, DWORD QueueType);
void __stdcall KeInitializeEvent (PRKEVENT Event, DWORD Type, BOOLEAN State);
void * __cdecl memmove(void *, const void *, int);
NTSTATUS __stdcall ExInitializeResourceLite(PERESOURCE Resource);
void __stdcall IoStartTimer(PDEVICE_OBJECT DeviceObject);
typedef void (__stdcall *PIO_TIMER_ROUTINE) (struct _DEVICE_OBJECT *DeviceObject, PVOID Context);
NTSTATUS __stdcall IoInitializeTimer(PDEVICE_OBJECT DeviceObject, PIO_TIMER_ROUTINE TimerRoutine, PVOID Context);
NTSTATUS __stdcall IoCreateSymbolicLink(PUNICODE_STRING SymbolicLinkName, PUNICODE_STRING DeviceName);
NTSTATUS __stdcall IoCreateDevice(PDRIVER_OBJECT DriverObject, ULONG DeviceExtensionSize, PUNICODE_STRING DeviceName, ULONG DeviceType, ULONG DeviceCharacteristics, BOOLEAN Reserved, PDEVICE_OBJECT *DeviceObject);
typedef struct _CONFIGURATION_INFORMATION {
//
// This field indicates the total number of disks in the system. This
// number should be used by the driver to determine the name of new
// disks. This field should be updated by the driver as it finds new
// disks.
//
ULONG DiskCount; // Count of hard disks thus far
ULONG FloppyCount; // Count of floppy disks thus far
ULONG CdRomCount; // Count of CD-ROM drives thus far
ULONG TapeCount; // Count of tape drives thus far
ULONG ScsiPortCount; // Count of SCSI port adapters thus far
ULONG SerialCount; // Count of serial devices thus far
ULONG ParallelCount; // Count of parallel devices thus far
//
// These next two fields indicate ownership of one of the two IO address
// spaces that are used by WD1003-compatable disk controllers.
//
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -