1942 lines
69 KiB
C
1942 lines
69 KiB
C
/*
|
|
* Copyright 2004-2005 Ivan Leo Puoti
|
|
*
|
|
* This library is free software; you can redistribute it and/or
|
|
* modify it under the terms of the GNU Lesser General Public
|
|
* License as published by the Free Software Foundation; either
|
|
* version 2.1 of the License, or (at your option) any later version.
|
|
*
|
|
* This library is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
* Lesser General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU Lesser General Public
|
|
* License along with this library; if not, write to the Free Software
|
|
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
|
|
*/
|
|
|
|
#ifndef _WDMDDK_
|
|
#define _WDMDDK_
|
|
#define _NTDDK_
|
|
|
|
#include <ntstatus.h>
|
|
|
|
#ifdef _WIN64
|
|
#define POINTER_ALIGNMENT DECLSPEC_ALIGN(8)
|
|
#else
|
|
#define POINTER_ALIGNMENT
|
|
#endif
|
|
|
|
/* FIXME: We suppose that page size is 4096 */
|
|
#undef PAGE_SIZE
|
|
#undef PAGE_SHIFT
|
|
#define PAGE_SIZE 0x1000
|
|
#define PAGE_SHIFT 12
|
|
|
|
#define BYTE_OFFSET(va) ((ULONG)((ULONG_PTR)(va) & (PAGE_SIZE - 1)))
|
|
#define PAGE_ALIGN(va) ((PVOID)((ULONG_PTR)(va) & ~(PAGE_SIZE - 1)))
|
|
#define ADDRESS_AND_SIZE_TO_SPAN_PAGES(va, length) \
|
|
((BYTE_OFFSET(va) + ((SIZE_T)(length)) + (PAGE_SIZE - 1)) >> PAGE_SHIFT)
|
|
|
|
typedef LONG KPRIORITY;
|
|
|
|
typedef ULONG_PTR KSPIN_LOCK, *PKSPIN_LOCK;
|
|
|
|
typedef ULONG_PTR ERESOURCE_THREAD;
|
|
typedef ERESOURCE_THREAD *PERESOURCE_THREAD;
|
|
typedef struct _FILE_GET_QUOTA_INFORMATION *PFILE_GET_QUOTA_INFORMATION;
|
|
|
|
struct _KDPC;
|
|
struct _KAPC;
|
|
struct _IRP;
|
|
struct _DEVICE_OBJECT;
|
|
struct _DRIVER_OBJECT;
|
|
struct _KPROCESS;
|
|
|
|
typedef VOID (WINAPI *PKDEFERRED_ROUTINE)(struct _KDPC *, PVOID, PVOID, PVOID);
|
|
typedef VOID (WINAPI *PKSTART_ROUTINE)(PVOID);
|
|
|
|
typedef NTSTATUS (WINAPI *PDRIVER_INITIALIZE)(struct _DRIVER_OBJECT *, PUNICODE_STRING);
|
|
typedef NTSTATUS (WINAPI *PDRIVER_DISPATCH)(struct _DEVICE_OBJECT *, struct _IRP *);
|
|
typedef void (WINAPI *PDRIVER_STARTIO)(struct _DEVICE_OBJECT *, struct _IRP *);
|
|
typedef void (WINAPI *PDRIVER_UNLOAD)(struct _DRIVER_OBJECT *);
|
|
typedef NTSTATUS (WINAPI *PDRIVER_ADD_DEVICE)(struct _DRIVER_OBJECT *, struct _DEVICE_OBJECT *);
|
|
|
|
typedef struct _DISPATCHER_HEADER {
|
|
UCHAR Type;
|
|
UCHAR Absolute;
|
|
UCHAR Size;
|
|
UCHAR Inserted;
|
|
LONG SignalState;
|
|
LIST_ENTRY WaitListHead;
|
|
} DISPATCHER_HEADER, *PDISPATCHER_HEADER;
|
|
|
|
typedef struct _KEVENT {
|
|
DISPATCHER_HEADER Header;
|
|
} KEVENT, *PKEVENT, *RESTRICTED_POINTER PRKEVENT;
|
|
|
|
typedef struct _KSEMAPHORE {
|
|
DISPATCHER_HEADER Header;
|
|
LONG Limit;
|
|
} KSEMAPHORE, *PKSEMAPHORE, *PRKSEMAPHORE;
|
|
|
|
typedef struct _KDPC {
|
|
CSHORT Type;
|
|
UCHAR Number;
|
|
UCHAR Importance;
|
|
LIST_ENTRY DpcListEntry;
|
|
PKDEFERRED_ROUTINE DeferredRoutine;
|
|
PVOID DeferredContext;
|
|
PVOID SystemArgument1;
|
|
PVOID SystemArgument2;
|
|
PULONG_PTR Lock;
|
|
} KDPC, *PKDPC, *RESTRICTED_POINTER PRKDPC;
|
|
|
|
typedef enum _KDPC_IMPORTANCE {
|
|
LowImportance,
|
|
MediumImportance,
|
|
HighImportance,
|
|
MediumHighImportance
|
|
} KDPC_IMPORTANCE;
|
|
|
|
typedef struct _KDEVICE_QUEUE_ENTRY {
|
|
LIST_ENTRY DeviceListEntry;
|
|
ULONG SortKey;
|
|
BOOLEAN Inserted;
|
|
} KDEVICE_QUEUE_ENTRY, *PKDEVICE_QUEUE_ENTRY,
|
|
*RESTRICTED_POINTER PRKDEVICE_QUEUE_ENTRY;
|
|
|
|
typedef struct _KDEVICE_QUEUE {
|
|
CSHORT Type;
|
|
CSHORT Size;
|
|
LIST_ENTRY DeviceListHead;
|
|
KSPIN_LOCK Lock;
|
|
BOOLEAN Busy;
|
|
} KDEVICE_QUEUE, *PKDEVICE_QUEUE, *RESTRICTED_POINTER PRKDEVICE_QUEUE;
|
|
|
|
typedef struct _KMUTANT {
|
|
DISPATCHER_HEADER Header;
|
|
LIST_ENTRY MutantListEntry;
|
|
struct _KTHREAD *RESTRICTED_POINTER OwnerThread;
|
|
BOOLEAN Abandoned;
|
|
UCHAR ApcDisable;
|
|
} KMUTANT, *PKMUTANT, *RESTRICTED_POINTER PRKMUTANT, KMUTEX, *PKMUTEX, *RESTRICTED_POINTER PRKMUTEX;
|
|
|
|
typedef struct _DEFERRED_REVERSE_BARRIER
|
|
{
|
|
ULONG Barrier;
|
|
ULONG TotalProcessors;
|
|
} DEFERRED_REVERSE_BARRIER;
|
|
|
|
typedef enum _KWAIT_REASON
|
|
{
|
|
Executive,
|
|
FreePage,
|
|
PageIn,
|
|
PoolAllocation,
|
|
DelayExecution,
|
|
Suspended,
|
|
UserRequest,
|
|
WrExecutive,
|
|
WrFreePage,
|
|
WrPageIn,
|
|
WrDelayExecution,
|
|
WrSuspended,
|
|
WrUserRequest,
|
|
WrQueue,
|
|
WrLpcReceive,
|
|
WrLpcReply,
|
|
WrVirtualMemory,
|
|
WrPageOut,
|
|
WrRendezvous,
|
|
Spare2,
|
|
Spare3,
|
|
Spare4,
|
|
Spare5,
|
|
Spare6,
|
|
WrKernel,
|
|
MaximumWaitReason,
|
|
} KWAIT_REASON;
|
|
|
|
typedef struct _KWAIT_BLOCK {
|
|
LIST_ENTRY WaitListEntry;
|
|
struct _KTHREAD *RESTRICTED_POINTER Thread;
|
|
PVOID Object;
|
|
struct _KWAIT_BLOCK *RESTRICTED_POINTER NextWaitBlock;
|
|
USHORT WaitKey;
|
|
USHORT WaitType;
|
|
} KWAIT_BLOCK, *PKWAIT_BLOCK, *RESTRICTED_POINTER PRKWAIT_BLOCK;
|
|
|
|
typedef struct _OWNER_ENTRY
|
|
{
|
|
ERESOURCE_THREAD OwnerThread;
|
|
union
|
|
{
|
|
struct
|
|
{
|
|
ULONG IoPriorityBoosted : 1;
|
|
ULONG OwnerReferenced : 1;
|
|
ULONG IoQoSPriorityBoosted : 1;
|
|
ULONG OwnerCount : 29;
|
|
};
|
|
ULONG TableSize;
|
|
};
|
|
} OWNER_ENTRY, *POWNER_ENTRY;
|
|
|
|
#define ResourceNeverExclusive 0x0010
|
|
#define ResourceReleaseByOtherThread 0x0020
|
|
#define ResourceOwnedExclusive 0x0080
|
|
|
|
typedef struct _ERESOURCE
|
|
{
|
|
LIST_ENTRY SystemResourcesList;
|
|
OWNER_ENTRY *OwnerTable;
|
|
SHORT ActiveCount;
|
|
union
|
|
{
|
|
USHORT Flag;
|
|
struct
|
|
{
|
|
UCHAR ReservedLowFlags;
|
|
UCHAR WaiterPriority;
|
|
};
|
|
};
|
|
KSEMAPHORE *SharedWaiters;
|
|
KEVENT *ExclusiveWaiters;
|
|
OWNER_ENTRY OwnerEntry;
|
|
ULONG ActiveEntries;
|
|
ULONG ContentionCount;
|
|
ULONG NumberOfSharedWaiters;
|
|
ULONG NumberOfExclusiveWaiters;
|
|
#ifdef _WIN64
|
|
void *Reserved2;
|
|
#endif
|
|
union
|
|
{
|
|
void *Address;
|
|
ULONG_PTR CreatorBackTraceIndex;
|
|
};
|
|
KSPIN_LOCK SpinLock;
|
|
} ERESOURCE, *PERESOURCE;
|
|
|
|
typedef struct _IO_TIMER *PIO_TIMER;
|
|
typedef struct _IO_TIMER_ROUTINE *PIO_TIMER_ROUTINE;
|
|
typedef struct _ETHREAD *PETHREAD;
|
|
typedef struct _KTHREAD *PKTHREAD, *PRKTHREAD;
|
|
typedef struct _EPROCESS *PEPROCESS;
|
|
typedef struct _KPROCESS KPROCESS, *PKPROCESS, *PRKPROCESS;
|
|
typedef struct _IO_WORKITEM *PIO_WORKITEM;
|
|
typedef struct _OBJECT_TYPE *POBJECT_TYPE;
|
|
typedef struct _OBJECT_HANDLE_INFORMATION *POBJECT_HANDLE_INFORMATION;
|
|
typedef struct _ZONE_HEADER *PZONE_HEADER;
|
|
typedef struct _LOOKASIDE_LIST_EX *PLOOKASIDE_LIST_EX;
|
|
|
|
typedef struct _KAPC_STATE
|
|
{
|
|
LIST_ENTRY ApcListHead[2];
|
|
PKPROCESS Process;
|
|
UCHAR KernelApcInProgress;
|
|
UCHAR KernelApcPending;
|
|
UCHAR UserApcPending;
|
|
} KAPC_STATE, *PKAPC_STATE;
|
|
|
|
#define FM_LOCK_BIT 0x1
|
|
|
|
typedef struct _FAST_MUTEX
|
|
{
|
|
LONG Count;
|
|
PKTHREAD Owner;
|
|
ULONG Contention;
|
|
KEVENT Event;
|
|
ULONG OldIrql;
|
|
} FAST_MUTEX, *PFAST_MUTEX;
|
|
|
|
#define MAXIMUM_VOLUME_LABEL_LENGTH (32 * sizeof(WCHAR))
|
|
|
|
typedef struct _VPB {
|
|
CSHORT Type;
|
|
CSHORT Size;
|
|
USHORT Flags;
|
|
USHORT VolumeLabelLength;
|
|
struct _DEVICE_OBJECT *DeviceObject;
|
|
struct _DEVICE_OBJECT *RealDevice;
|
|
ULONG SerialNumber;
|
|
ULONG ReferenceCount;
|
|
WCHAR VolumeLabel[MAXIMUM_VOLUME_LABEL_LENGTH / sizeof(WCHAR)];
|
|
} VPB, *PVPB;
|
|
|
|
#define POOL_QUOTA_FAIL_INSTEAD_OF_RAISE 0x0008
|
|
#define POOL_RAISE_IF_ALLOCATION_FAILURE 0x0010
|
|
#define POOL_COLD_ALLOCATION 0x0100
|
|
#define POOL_NX_ALLOCATION 0x0200
|
|
|
|
typedef enum _POOL_TYPE {
|
|
NonPagedPool,
|
|
PagedPool,
|
|
NonPagedPoolMustSucceed,
|
|
DontUseThisType,
|
|
NonPagedPoolCacheAligned,
|
|
PagedPoolCacheAligned,
|
|
NonPagedPoolCacheAlignedMustS,
|
|
MaxPoolType
|
|
} POOL_TYPE;
|
|
|
|
typedef struct _WAIT_CONTEXT_BLOCK {
|
|
KDEVICE_QUEUE_ENTRY WaitQueueEntry;
|
|
struct _DRIVER_CONTROL *DeviceRoutine;
|
|
PVOID DeviceContext;
|
|
ULONG NumberOfMapRegisters;
|
|
PVOID DeviceObject;
|
|
PVOID CurrentIrp;
|
|
PKDPC BufferChainingDpc;
|
|
} WAIT_CONTEXT_BLOCK, *PWAIT_CONTEXT_BLOCK;
|
|
|
|
#define DO_BUFFERED_IO 0x00000004
|
|
#define DO_EXCLUSIVE 0x00000008
|
|
#define DO_DIRECT_IO 0x00000010
|
|
#define DO_MAP_IO_BUFFER 0x00000020
|
|
#define DO_DEVICE_INITIALIZING 0x00000080
|
|
#define DO_SHUTDOWN_REGISTERED 0x00000800
|
|
#define DO_BUS_ENUMERATED_DEVICE 0x00001000
|
|
#define DO_POWER_PAGABLE 0x00002000
|
|
#define DO_POWER_INRUSH 0x00004000
|
|
|
|
#define IO_NO_INCREMENT 0
|
|
#define IO_CD_ROM_INCREMENT 1
|
|
#define IO_DISK_INCREMENT 1
|
|
#define IO_KEYBOARD_INCREMENT 6
|
|
#define IO_MAILSLOT_INCREMENT 2
|
|
#define IO_MOUSE_INCREMENT 6
|
|
#define IO_NAMED_PIPE_INCREMENT 2
|
|
#define IO_NETWORK_INCREMENT 2
|
|
#define IO_PARALLEL_INCREMENT 1
|
|
#define IO_SERIAL_INCREMENT 2
|
|
#define IO_SOUND_INCREMENT 8
|
|
#define IO_VIDEO_INCREMENT 1
|
|
|
|
#ifndef DEVICE_TYPE
|
|
#define DEVICE_TYPE ULONG
|
|
#endif
|
|
#define IRP_MJ_MAXIMUM_FUNCTION 0x1b
|
|
#define IRP_MJ_CREATE 0x00
|
|
#define IRP_MJ_CREATE_NAMED_PIPE 0x01
|
|
#define IRP_MJ_CLOSE 0x02
|
|
#define IRP_MJ_READ 0x03
|
|
#define IRP_MJ_WRITE 0x04
|
|
#define IRP_MJ_QUERY_INFORMATION 0x05
|
|
#define IRP_MJ_SET_INFORMATION 0x06
|
|
#define IRP_MJ_QUERY_EA 0x07
|
|
#define IRP_MJ_SET_EA 0x08
|
|
#define IRP_MJ_FLUSH_BUFFERS 0x09
|
|
#define IRP_MJ_QUERY_VOLUME_INFORMATION 0x0a
|
|
#define IRP_MJ_SET_VOLUME_INFORMATION 0x0b
|
|
#define IRP_MJ_DIRECTORY_CONTROL 0x0c
|
|
#define IRP_MJ_FILE_SYSTEM_CONTROL 0x0d
|
|
#define IRP_MJ_DEVICE_CONTROL 0x0e
|
|
#define IRP_MJ_INTERNAL_DEVICE_CONTROL 0x0f
|
|
#define IRP_MJ_SHUTDOWN 0x10
|
|
#define IRP_MJ_LOCK_CONTROL 0x11
|
|
#define IRP_MJ_CLEANUP 0x12
|
|
#define IRP_MJ_CREATE_MAILSLOT 0x13
|
|
#define IRP_MJ_QUERY_SECURITY 0x14
|
|
#define IRP_MJ_SET_SECURITY 0x15
|
|
#define IRP_MJ_POWER 0x16
|
|
#define IRP_MJ_SYSTEM_CONTROL 0x17
|
|
#define IRP_MJ_DEVICE_CHANGE 0x18
|
|
#define IRP_MJ_QUERY_QUOTA 0x19
|
|
#define IRP_MJ_SET_QUOTA 0x1a
|
|
#define IRP_MJ_PNP 0x1b
|
|
|
|
#define IRP_MN_START_DEVICE 0x00
|
|
#define IRP_MN_QUERY_REMOVE_DEVICE 0x01
|
|
#define IRP_MN_REMOVE_DEVICE 0x02
|
|
#define IRP_MN_CANCEL_REMOVE_DEVICE 0x03
|
|
#define IRP_MN_STOP_DEVICE 0x04
|
|
#define IRP_MN_QUERY_STOP_DEVICE 0x05
|
|
#define IRP_MN_CANCEL_STOP_DEVICE 0x06
|
|
#define IRP_MN_QUERY_DEVICE_RELATIONS 0x07
|
|
#define IRP_MN_QUERY_INTERFACE 0x08
|
|
#define IRP_MN_QUERY_CAPABILITIES 0x09
|
|
#define IRP_MN_QUERY_RESOURCES 0x0A
|
|
#define IRP_MN_QUERY_RESOURCE_REQUIREMENTS 0x0B
|
|
#define IRP_MN_QUERY_DEVICE_TEXT 0x0C
|
|
#define IRP_MN_FILTER_RESOURCE_REQUIREMENTS 0x0D
|
|
#define IRP_MN_READ_CONFIG 0x0F
|
|
#define IRP_MN_WRITE_CONFIG 0x10
|
|
#define IRP_MN_EJECT 0x11
|
|
#define IRP_MN_SET_LOCK 0x12
|
|
#define IRP_MN_QUERY_ID 0x13
|
|
#define IRP_MN_QUERY_PNP_DEVICE_STATE 0x14
|
|
#define IRP_MN_QUERY_BUS_INFORMATION 0x15
|
|
#define IRP_MN_DEVICE_USAGE_NOTIFICATION 0x16
|
|
#define IRP_MN_SURPRISE_REMOVAL 0x17
|
|
#define IRP_MN_QUERY_LEGACY_BUS_INFORMATION 0x18
|
|
|
|
#define IRP_MN_WAIT_WAKE 0x00
|
|
#define IRP_MN_POWER_SEQUENCE 0x01
|
|
#define IRP_MN_SET_POWER 0x02
|
|
#define IRP_MN_QUERY_POWER 0x03
|
|
|
|
#define IRP_QUOTA_CHARGED 0x01
|
|
#define IRP_ALLOCATED_MUST_SUCCEED 0x02
|
|
#define IRP_ALLOCATED_FIXED_SIZE 0x04
|
|
#define IRP_LOOKASIDE_ALLOCATION 0x08
|
|
|
|
#define IO_TYPE_ADAPTER 0x01
|
|
#define IO_TYPE_CONTROLLER 0x02
|
|
#define IO_TYPE_DEVICE 0x03
|
|
#define IO_TYPE_DRIVER 0x04
|
|
#define IO_TYPE_FILE 0x05
|
|
#define IO_TYPE_IRP 0x06
|
|
#define IO_TYPE_MASTER_ADAPTER 0x07
|
|
#define IO_TYPE_OPEN_PACKET 0x08
|
|
#define IO_TYPE_TIMER 0x09
|
|
#define IO_TYPE_VPB 0x0a
|
|
#define IO_TYPE_ERROR_LOG 0x0b
|
|
#define IO_TYPE_ERROR_MESSAGE 0x0c
|
|
#define IO_TYPE_DEVICE_OBJECT_EXTENSION 0x0d
|
|
|
|
typedef struct _DEVICE_OBJECT {
|
|
CSHORT Type;
|
|
USHORT Size;
|
|
LONG ReferenceCount;
|
|
struct _DRIVER_OBJECT *DriverObject;
|
|
struct _DEVICE_OBJECT *NextDevice;
|
|
struct _DEVICE_OBJECT *AttachedDevice;
|
|
struct _IRP *CurrentIrp;
|
|
PIO_TIMER Timer;
|
|
ULONG Flags;
|
|
ULONG Characteristics;
|
|
PVPB Vpb;
|
|
PVOID DeviceExtension;
|
|
DEVICE_TYPE DeviceType;
|
|
CCHAR StackSize;
|
|
union {
|
|
LIST_ENTRY ListEntry;
|
|
WAIT_CONTEXT_BLOCK Wcb;
|
|
} Queue;
|
|
ULONG AlignmentRequirement;
|
|
KDEVICE_QUEUE DeviceQueue;
|
|
KDPC Dpc;
|
|
ULONG ActiveThreadCount;
|
|
PSECURITY_DESCRIPTOR SecurityDescriptor;
|
|
KEVENT DeviceLock;
|
|
USHORT SectorSize;
|
|
USHORT Spare1;
|
|
struct _DEVOBJ_EXTENSION *DeviceObjectExtension;
|
|
PVOID Reserved;
|
|
} DEVICE_OBJECT;
|
|
typedef struct _DEVICE_OBJECT *PDEVICE_OBJECT;
|
|
|
|
typedef struct _DEVICE_RELATIONS {
|
|
ULONG Count;
|
|
PDEVICE_OBJECT Objects[1];
|
|
} DEVICE_RELATIONS;
|
|
typedef struct _DEVICE_RELATIONS *PDEVICE_RELATIONS;
|
|
|
|
typedef struct _DRIVER_EXTENSION {
|
|
struct _DRIVER_OBJECT *DriverObject;
|
|
PDRIVER_ADD_DEVICE AddDevice;
|
|
ULONG Count;
|
|
UNICODE_STRING ServiceKeyName;
|
|
} DRIVER_EXTENSION, *PDRIVER_EXTENSION;
|
|
|
|
typedef struct _DRIVER_OBJECT {
|
|
CSHORT Type;
|
|
CSHORT Size;
|
|
PDEVICE_OBJECT DeviceObject;
|
|
ULONG Flags;
|
|
PVOID DriverStart;
|
|
ULONG DriverSize;
|
|
PVOID DriverSection;
|
|
PDRIVER_EXTENSION DriverExtension;
|
|
UNICODE_STRING DriverName;
|
|
PUNICODE_STRING HardwareDatabase;
|
|
PVOID FastIoDispatch;
|
|
PDRIVER_INITIALIZE DriverInit;
|
|
PDRIVER_STARTIO DriverStartIo;
|
|
PDRIVER_UNLOAD DriverUnload;
|
|
PDRIVER_DISPATCH MajorFunction[IRP_MJ_MAXIMUM_FUNCTION + 1];
|
|
} DRIVER_OBJECT;
|
|
typedef struct _DRIVER_OBJECT *PDRIVER_OBJECT;
|
|
|
|
/* Irp definitions */
|
|
typedef UCHAR KIRQL, *PKIRQL;
|
|
typedef CCHAR KPROCESSOR_MODE;
|
|
typedef enum _KAPC_ENVIRONMENT
|
|
{
|
|
OriginalApcEnvironment,
|
|
AttachedApcEnvironment,
|
|
CurrentApcEnvironment,
|
|
InsertApcEnvironment
|
|
} KAPC_ENVIRONMENT, *PKAPC_ENVIRONMENT;
|
|
|
|
typedef VOID (WINAPI *PDRIVER_CANCEL)(
|
|
IN struct _DEVICE_OBJECT *DeviceObject,
|
|
IN struct _IRP *Irp);
|
|
|
|
typedef VOID (WINAPI *PKNORMAL_ROUTINE)(
|
|
IN PVOID NormalContext,
|
|
IN PVOID SystemArgument1,
|
|
IN PVOID SystemArgument2);
|
|
|
|
typedef VOID (WINAPI *PKKERNEL_ROUTINE)(
|
|
IN struct _KAPC *Apc,
|
|
IN OUT PKNORMAL_ROUTINE *NormalRoutine,
|
|
IN OUT PVOID *NormalContext,
|
|
IN OUT PVOID *SystemArgument1,
|
|
IN OUT PVOID *SystemArgument2);
|
|
|
|
typedef VOID (WINAPI *PKRUNDOWN_ROUTINE)(
|
|
IN struct _KAPC *Apc);
|
|
|
|
typedef struct _KAPC {
|
|
CSHORT Type;
|
|
CSHORT Size;
|
|
ULONG Spare0;
|
|
struct _KTHREAD *Thread;
|
|
LIST_ENTRY ApcListEntry;
|
|
PKKERNEL_ROUTINE KernelRoutine;
|
|
PKRUNDOWN_ROUTINE RundownRoutine;
|
|
PKNORMAL_ROUTINE NormalRoutine;
|
|
PVOID NormalContext;
|
|
PVOID SystemArgument1;
|
|
PVOID SystemArgument2;
|
|
CCHAR ApcStateIndex;
|
|
KPROCESSOR_MODE ApcMode;
|
|
BOOLEAN Inserted;
|
|
} KAPC, *PKAPC, *RESTRICTED_POINTER PRKAPC;
|
|
|
|
typedef struct _IRP {
|
|
CSHORT Type;
|
|
USHORT Size;
|
|
struct _MDL *MdlAddress;
|
|
ULONG Flags;
|
|
union {
|
|
struct _IRP *MasterIrp;
|
|
LONG IrpCount;
|
|
PVOID SystemBuffer;
|
|
} AssociatedIrp;
|
|
LIST_ENTRY ThreadListEntry;
|
|
IO_STATUS_BLOCK IoStatus;
|
|
KPROCESSOR_MODE RequestorMode;
|
|
BOOLEAN PendingReturned;
|
|
CHAR StackCount;
|
|
CHAR CurrentLocation;
|
|
BOOLEAN Cancel;
|
|
KIRQL CancelIrql;
|
|
CCHAR ApcEnvironment;
|
|
UCHAR AllocationFlags;
|
|
PIO_STATUS_BLOCK UserIosb;
|
|
PKEVENT UserEvent;
|
|
union {
|
|
struct {
|
|
PIO_APC_ROUTINE UserApcRoutine;
|
|
PVOID UserApcContext;
|
|
} AsynchronousParameters;
|
|
LARGE_INTEGER AllocationSize;
|
|
} Overlay;
|
|
PDRIVER_CANCEL CancelRoutine;
|
|
PVOID UserBuffer;
|
|
union {
|
|
struct {
|
|
union {
|
|
KDEVICE_QUEUE_ENTRY DeviceQueueEntry;
|
|
struct {
|
|
PVOID DriverContext[4];
|
|
} DUMMYSTRUCTNAME;
|
|
} DUMMYUNIONNAME1;
|
|
PETHREAD Thread;
|
|
PCHAR AuxiliaryBuffer;
|
|
struct {
|
|
LIST_ENTRY ListEntry;
|
|
union {
|
|
struct _IO_STACK_LOCATION *CurrentStackLocation;
|
|
ULONG PacketType;
|
|
} DUMMYUNIONNAME2;
|
|
} DUMMYSTRUCTNAME;
|
|
struct _FILE_OBJECT *OriginalFileObject;
|
|
} Overlay;
|
|
KAPC Apc;
|
|
PVOID CompletionKey;
|
|
} Tail;
|
|
} IRP;
|
|
typedef struct _IRP *PIRP;
|
|
|
|
#define IRP_NOCACHE 0x0001
|
|
#define IRP_PAGING_IO 0x0002
|
|
#define IRP_MOUNT_COMPLETION 0x0002
|
|
#define IRP_SYNCHRONOUS_API 0x0004
|
|
#define IRP_ASSOCIATED_IRP 0x0008
|
|
#define IRP_BUFFERED_IO 0x0010
|
|
#define IRP_DEALLOCATE_BUFFER 0x0020
|
|
#define IRP_INPUT_OPERATION 0x0040
|
|
#define IRP_SYNCHRONOUS_PAGING_IO 0x0040
|
|
#define IRP_CREATE_OPERATION 0x0080
|
|
#define IRP_READ_OPERATION 0x0100
|
|
#define IRP_WRITE_OPERATION 0x0200
|
|
#define IRP_CLOSE_OPERATION 0x0400
|
|
#define IRP_DEFER_IO_COMPLETION 0x0800
|
|
#define IRP_OB_QUERY_NAME 0x1000
|
|
#define IRP_HOLD_DEVICE_QUEUE 0x2000
|
|
|
|
typedef VOID (WINAPI *PINTERFACE_REFERENCE)(
|
|
PVOID Context);
|
|
|
|
typedef VOID (WINAPI *PINTERFACE_DEREFERENCE)(
|
|
PVOID Context);
|
|
|
|
typedef struct _INTERFACE {
|
|
USHORT Size;
|
|
USHORT Version;
|
|
PVOID Context;
|
|
PINTERFACE_REFERENCE InterfaceReference;
|
|
PINTERFACE_DEREFERENCE InterfaceDereference;
|
|
} INTERFACE, *PINTERFACE;
|
|
|
|
typedef struct _SECTION_OBJECT_POINTERS {
|
|
PVOID DataSectionObject;
|
|
PVOID SharedCacheMap;
|
|
PVOID ImageSectionObject;
|
|
} SECTION_OBJECT_POINTERS, *PSECTION_OBJECT_POINTERS;
|
|
|
|
typedef struct _IO_COMPLETION_CONTEXT {
|
|
PVOID Port;
|
|
PVOID Key;
|
|
} IO_COMPLETION_CONTEXT, *PIO_COMPLETION_CONTEXT;
|
|
|
|
typedef enum _DEVICE_RELATION_TYPE {
|
|
BusRelations,
|
|
EjectionRelations,
|
|
PowerRelations,
|
|
RemovalRelations,
|
|
TargetDeviceRelation,
|
|
SingleBusRelations
|
|
} DEVICE_RELATION_TYPE, *PDEVICE_RELATION_TYPE;
|
|
|
|
typedef struct _FILE_OBJECT {
|
|
CSHORT Type;
|
|
CSHORT Size;
|
|
PDEVICE_OBJECT DeviceObject;
|
|
PVPB Vpb;
|
|
PVOID FsContext;
|
|
PVOID FsContext2;
|
|
PSECTION_OBJECT_POINTERS SectionObjectPointer;
|
|
PVOID PrivateCacheMap;
|
|
NTSTATUS FinalStatus;
|
|
struct _FILE_OBJECT *RelatedFileObject;
|
|
BOOLEAN LockOperation;
|
|
BOOLEAN DeletePending;
|
|
BOOLEAN ReadAccess;
|
|
BOOLEAN WriteAccess;
|
|
BOOLEAN DeleteAccess;
|
|
BOOLEAN SharedRead;
|
|
BOOLEAN SharedWrite;
|
|
BOOLEAN SharedDelete;
|
|
ULONG Flags;
|
|
UNICODE_STRING FileName;
|
|
LARGE_INTEGER CurrentByteOffset;
|
|
ULONG Waiters;
|
|
ULONG Busy;
|
|
PVOID LastLock;
|
|
KEVENT Lock;
|
|
KEVENT Event;
|
|
PIO_COMPLETION_CONTEXT CompletionContext;
|
|
} FILE_OBJECT;
|
|
typedef struct _FILE_OBJECT *PFILE_OBJECT;
|
|
|
|
#define INITIAL_PRIVILEGE_COUNT 3
|
|
|
|
typedef struct _INITIAL_PRIVILEGE_SET {
|
|
ULONG PrivilegeCount;
|
|
ULONG Control;
|
|
LUID_AND_ATTRIBUTES Privilege[INITIAL_PRIVILEGE_COUNT];
|
|
} INITIAL_PRIVILEGE_SET, * PINITIAL_PRIVILEGE_SET;
|
|
|
|
typedef struct _SECURITY_SUBJECT_CONTEXT {
|
|
PACCESS_TOKEN ClientToken;
|
|
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
|
|
PACCESS_TOKEN PrimaryToken;
|
|
PVOID ProcessAuditId;
|
|
} SECURITY_SUBJECT_CONTEXT, *PSECURITY_SUBJECT_CONTEXT;
|
|
|
|
typedef struct _ACCESS_STATE {
|
|
LUID OperationID;
|
|
BOOLEAN SecurityEvaluated;
|
|
BOOLEAN GenerateAudit;
|
|
BOOLEAN GenerateOnClose;
|
|
BOOLEAN PrivilegesAllocated;
|
|
ULONG Flags;
|
|
ACCESS_MASK RemainingDesiredAccess;
|
|
ACCESS_MASK PreviouslyGrantedAccess;
|
|
ACCESS_MASK OriginalDesiredAccess;
|
|
SECURITY_SUBJECT_CONTEXT SubjectSecurityContext;
|
|
PSECURITY_DESCRIPTOR SecurityDescriptor;
|
|
PVOID AuxData;
|
|
union {
|
|
INITIAL_PRIVILEGE_SET InitialPrivilegeSet;
|
|
PRIVILEGE_SET PrivilegeSet;
|
|
} Privileges;
|
|
|
|
BOOLEAN AuditPrivileges;
|
|
UNICODE_STRING ObjectName;
|
|
UNICODE_STRING ObjectTypeName;
|
|
} ACCESS_STATE, *PACCESS_STATE;
|
|
|
|
typedef struct _IO_SECURITY_CONTEXT {
|
|
PSECURITY_QUALITY_OF_SERVICE SecurityQos;
|
|
PACCESS_STATE AccessState;
|
|
ACCESS_MASK DesiredAccess;
|
|
ULONG FullCreateOptions;
|
|
} IO_SECURITY_CONTEXT, *PIO_SECURITY_CONTEXT;
|
|
|
|
typedef struct _DEVICE_CAPABILITIES {
|
|
USHORT Size;
|
|
USHORT Version;
|
|
ULONG DeviceD1 : 1;
|
|
ULONG DeviceD2 : 1;
|
|
ULONG LockSupported : 1;
|
|
ULONG EjectSupported : 1;
|
|
ULONG Removable : 1;
|
|
ULONG DockDevice : 1;
|
|
ULONG UniqueID : 1;
|
|
ULONG SilentInstall : 1;
|
|
ULONG RawDeviceOK : 1;
|
|
ULONG SurpriseRemovalOK : 1;
|
|
ULONG WakeFromD0 : 1;
|
|
ULONG WakeFromD1 : 1;
|
|
ULONG WakeFromD2 : 1;
|
|
ULONG WakeFromD3 : 1;
|
|
ULONG HardwareDisabled : 1;
|
|
ULONG NonDynamic : 1;
|
|
ULONG WarmEjectSupported : 1;
|
|
ULONG NoDisplayInUI : 1;
|
|
ULONG Reserved : 14;
|
|
ULONG Address;
|
|
ULONG UINumber;
|
|
DEVICE_POWER_STATE DeviceState[PowerSystemMaximum];
|
|
SYSTEM_POWER_STATE SystemWake;
|
|
DEVICE_POWER_STATE DeviceWake;
|
|
ULONG D1Latency;
|
|
ULONG D2Latency;
|
|
ULONG D3Latency;
|
|
} DEVICE_CAPABILITIES, *PDEVICE_CAPABILITIES;
|
|
|
|
typedef struct _DEVICE_INTERFACE_CHANGE_NOTIFICATION {
|
|
USHORT Version;
|
|
USHORT Size;
|
|
GUID Event;
|
|
GUID InterfaceClassGuid;
|
|
PUNICODE_STRING SymbolicLinkName;
|
|
} DEVICE_INTERFACE_CHANGE_NOTIFICATION, *PDEVICE_INTERFACE_CHANGE_NOTIFICATION;
|
|
|
|
typedef enum _INTERFACE_TYPE {
|
|
InterfaceTypeUndefined = -1,
|
|
Internal,
|
|
Isa,
|
|
Eisa,
|
|
MicroChannel,
|
|
TurboChannel,
|
|
PCIBus,
|
|
VMEBus,
|
|
NuBus,
|
|
PCMCIABus,
|
|
CBus,
|
|
MPIBus,
|
|
MPSABus,
|
|
ProcessorInternal,
|
|
InternalPowerBus,
|
|
PNPISABus,
|
|
PNPBus,
|
|
MaximumInterfaceType
|
|
} INTERFACE_TYPE, *PINTERFACE_TYPE;
|
|
|
|
typedef LARGE_INTEGER PHYSICAL_ADDRESS, *PPHYSICAL_ADDRESS;
|
|
|
|
#define IO_RESOURCE_PREFERRED 0x01
|
|
#define IO_RESOURCE_DEFAULT 0x02
|
|
#define IO_RESOURCE_ALTERNATIVE 0x08
|
|
|
|
typedef struct _IO_RESOURCE_DESCRIPTOR {
|
|
UCHAR Option;
|
|
UCHAR Type;
|
|
UCHAR ShareDisposition;
|
|
UCHAR Spare1;
|
|
USHORT Flags;
|
|
USHORT Spare2;
|
|
union {
|
|
struct {
|
|
ULONG Length;
|
|
ULONG Alignment;
|
|
PHYSICAL_ADDRESS MinimumAddress;
|
|
PHYSICAL_ADDRESS MaximumAddress;
|
|
} Port;
|
|
struct {
|
|
ULONG Length;
|
|
ULONG Alignment;
|
|
PHYSICAL_ADDRESS MinimumAddress;
|
|
PHYSICAL_ADDRESS MaximumAddress;
|
|
} Memory;
|
|
struct {
|
|
ULONG MinimumVector;
|
|
ULONG MaximumVector;
|
|
} Interrupt;
|
|
struct {
|
|
ULONG MinimumChannel;
|
|
ULONG MaximumChannel;
|
|
} Dma;
|
|
struct {
|
|
ULONG Length;
|
|
ULONG Alignment;
|
|
PHYSICAL_ADDRESS MinimumAddress;
|
|
PHYSICAL_ADDRESS MaximumAddress;
|
|
} Generic;
|
|
struct {
|
|
ULONG Data[3];
|
|
} DevicePrivate;
|
|
struct {
|
|
ULONG Length;
|
|
ULONG MinBusNumber;
|
|
ULONG MaxBusNumber;
|
|
ULONG Reserved;
|
|
} BusNumber;
|
|
struct {
|
|
ULONG Priority;
|
|
ULONG Reserved1;
|
|
ULONG Reserved2;
|
|
} ConfigData;
|
|
} u;
|
|
} IO_RESOURCE_DESCRIPTOR, *PIO_RESOURCE_DESCRIPTOR;
|
|
|
|
typedef struct _IO_RESOURCE_LIST {
|
|
USHORT Version;
|
|
USHORT Revision;
|
|
ULONG Count;
|
|
IO_RESOURCE_DESCRIPTOR Descriptors[1];
|
|
} IO_RESOURCE_LIST, *PIO_RESOURCE_LIST;
|
|
|
|
typedef struct _IO_RESOURCE_REQUIREMENTS_LIST {
|
|
ULONG ListSize;
|
|
INTERFACE_TYPE InterfaceType;
|
|
ULONG BusNumber;
|
|
ULONG SlotNumber;
|
|
ULONG Reserved[3];
|
|
ULONG AlternativeLists;
|
|
IO_RESOURCE_LIST List[1];
|
|
} IO_RESOURCE_REQUIREMENTS_LIST, *PIO_RESOURCE_REQUIREMENTS_LIST;
|
|
|
|
typedef enum _BUS_QUERY_ID_TYPE {
|
|
BusQueryDeviceID,
|
|
BusQueryHardwareIDs,
|
|
BusQueryCompatibleIDs,
|
|
BusQueryInstanceID,
|
|
BusQueryDeviceSerialNumber
|
|
} BUS_QUERY_ID_TYPE, *PBUS_QUERY_ID_TYPE;
|
|
|
|
typedef enum _CREATE_FILE_TYPE {
|
|
CreateFileTypeNone,
|
|
CreateFileTypeNamedPipe,
|
|
CreateFileTypeMailslot
|
|
} CREATE_FILE_TYPE;
|
|
|
|
typedef enum {
|
|
DevicePropertyDeviceDescription,
|
|
DevicePropertyHardwareID,
|
|
DevicePropertyCompatibleIDs,
|
|
DevicePropertyBootConfiguration,
|
|
DevicePropertyBootConfigurationTranslated,
|
|
DevicePropertyClassName,
|
|
DevicePropertyClassGuid,
|
|
DevicePropertyDriverKeyName,
|
|
DevicePropertyManufacturer,
|
|
DevicePropertyFriendlyName,
|
|
DevicePropertyLocationInformation,
|
|
DevicePropertyPhysicalDeviceObjectName,
|
|
DevicePropertyBusTypeGuid,
|
|
DevicePropertyLegacyBusType,
|
|
DevicePropertyBusNumber,
|
|
DevicePropertyEnumeratorName,
|
|
DevicePropertyAddress,
|
|
DevicePropertyUINumber,
|
|
DevicePropertyInstallState,
|
|
DevicePropertyRemovalPolicy
|
|
} DEVICE_REGISTRY_PROPERTY;
|
|
|
|
typedef enum _DEVICE_TEXT_TYPE {
|
|
DeviceTextDescription,
|
|
DeviceTextLocationInformation
|
|
} DEVICE_TEXT_TYPE, *PDEVICE_TEXT_TYPE;
|
|
|
|
typedef enum _DEVICE_USAGE_NOTIFICATION_TYPE {
|
|
DeviceUsageTypeUndefined,
|
|
DeviceUsageTypePaging,
|
|
DeviceUsageTypeHibernation,
|
|
DeviceUsageTypeDumpFile
|
|
} DEVICE_USAGE_NOTIFICATION_TYPE;
|
|
|
|
typedef struct _POWER_SEQUENCE {
|
|
ULONG SequenceD1;
|
|
ULONG SequenceD2;
|
|
ULONG SequenceD3;
|
|
} POWER_SEQUENCE, *PPOWER_SEQUENCE;
|
|
|
|
typedef enum _POWER_STATE_TYPE {
|
|
SystemPowerState,
|
|
DevicePowerState
|
|
} POWER_STATE_TYPE, *PPOWER_STATE_TYPE;
|
|
|
|
typedef union _POWER_STATE {
|
|
SYSTEM_POWER_STATE SystemState;
|
|
DEVICE_POWER_STATE DeviceState;
|
|
} POWER_STATE, *PPOWER_STATE;
|
|
|
|
typedef struct _CM_PARTIAL_RESOURCE_DESCRIPTOR {
|
|
UCHAR Type;
|
|
UCHAR ShareDisposition;
|
|
USHORT Flags;
|
|
union {
|
|
struct {
|
|
PHYSICAL_ADDRESS Start;
|
|
ULONG Length;
|
|
} Generic;
|
|
struct {
|
|
PHYSICAL_ADDRESS Start;
|
|
ULONG Length;
|
|
} Port;
|
|
struct {
|
|
ULONG Level;
|
|
ULONG Vector;
|
|
ULONG Affinity;
|
|
} Interrupt;
|
|
struct {
|
|
PHYSICAL_ADDRESS Start;
|
|
ULONG Length;
|
|
} Memory;
|
|
struct {
|
|
ULONG Channel;
|
|
ULONG Port;
|
|
ULONG Reserved1;
|
|
} Dma;
|
|
struct {
|
|
ULONG Data[3];
|
|
} DevicePrivate;
|
|
struct {
|
|
ULONG Start;
|
|
ULONG Length;
|
|
ULONG Reserved;
|
|
} BusNumber;
|
|
struct {
|
|
ULONG DataSize;
|
|
ULONG Reserved1;
|
|
ULONG Reserved2;
|
|
} DeviceSpecificData;
|
|
} u;
|
|
} CM_PARTIAL_RESOURCE_DESCRIPTOR, *PCM_PARTIAL_RESOURCE_DESCRIPTOR;
|
|
|
|
typedef struct _CM_PARTIAL_RESOURCE_LIST {
|
|
USHORT Version;
|
|
USHORT Revision;
|
|
ULONG Count;
|
|
CM_PARTIAL_RESOURCE_DESCRIPTOR PartialDescriptors[1];
|
|
} CM_PARTIAL_RESOURCE_LIST, *PCM_PARTIAL_RESOURCE_LIST;
|
|
|
|
typedef struct _CM_FULL_RESOURCE_DESCRIPTOR {
|
|
INTERFACE_TYPE InterfaceType;
|
|
ULONG BusNumber;
|
|
CM_PARTIAL_RESOURCE_LIST PartialResourceList;
|
|
} CM_FULL_RESOURCE_DESCRIPTOR, *PCM_FULL_RESOURCE_DESCRIPTOR;
|
|
|
|
typedef struct _CM_RESOURCE_LIST {
|
|
ULONG Count;
|
|
CM_FULL_RESOURCE_DESCRIPTOR List[1];
|
|
} CM_RESOURCE_LIST, *PCM_RESOURCE_LIST;
|
|
|
|
typedef NTSTATUS (WINAPI *PIO_COMPLETION_ROUTINE)(
|
|
IN struct _DEVICE_OBJECT *DeviceObject,
|
|
IN struct _IRP *Irp,
|
|
IN PVOID Context);
|
|
|
|
#define SL_PENDING_RETURNED 0x01
|
|
#define SL_INVOKE_ON_CANCEL 0x20
|
|
#define SL_INVOKE_ON_SUCCESS 0x40
|
|
#define SL_INVOKE_ON_ERROR 0x80
|
|
|
|
#if !defined(_WIN64)
|
|
#include <pshpack4.h>
|
|
#endif
|
|
typedef struct _IO_STACK_LOCATION {
|
|
UCHAR MajorFunction;
|
|
UCHAR MinorFunction;
|
|
UCHAR Flags;
|
|
UCHAR Control;
|
|
union {
|
|
struct {
|
|
PIO_SECURITY_CONTEXT SecurityContext;
|
|
ULONG Options;
|
|
USHORT POINTER_ALIGNMENT FileAttributes;
|
|
USHORT ShareAccess;
|
|
ULONG POINTER_ALIGNMENT EaLength;
|
|
} Create;
|
|
struct {
|
|
ULONG Length;
|
|
ULONG POINTER_ALIGNMENT Key;
|
|
LARGE_INTEGER ByteOffset;
|
|
} Read;
|
|
struct {
|
|
ULONG Length;
|
|
ULONG POINTER_ALIGNMENT Key;
|
|
LARGE_INTEGER ByteOffset;
|
|
} Write;
|
|
struct {
|
|
ULONG Length;
|
|
FILE_INFORMATION_CLASS POINTER_ALIGNMENT FileInformationClass;
|
|
} QueryFile;
|
|
struct {
|
|
ULONG Length;
|
|
FILE_INFORMATION_CLASS POINTER_ALIGNMENT FileInformationClass;
|
|
PFILE_OBJECT FileObject;
|
|
union {
|
|
struct {
|
|
BOOLEAN ReplaceIfExists;
|
|
BOOLEAN AdvanceOnly;
|
|
} DUMMYSTRUCTNAME;
|
|
ULONG ClusterCount;
|
|
HANDLE DeleteHandle;
|
|
} DUMMYUNIONNAME;
|
|
} SetFile;
|
|
struct {
|
|
ULONG Length;
|
|
FS_INFORMATION_CLASS POINTER_ALIGNMENT FsInformationClass;
|
|
} QueryVolume;
|
|
struct {
|
|
ULONG OutputBufferLength;
|
|
ULONG POINTER_ALIGNMENT InputBufferLength;
|
|
ULONG POINTER_ALIGNMENT IoControlCode;
|
|
PVOID Type3InputBuffer;
|
|
} DeviceIoControl;
|
|
struct {
|
|
SECURITY_INFORMATION SecurityInformation;
|
|
ULONG POINTER_ALIGNMENT Length;
|
|
} QuerySecurity;
|
|
struct {
|
|
SECURITY_INFORMATION SecurityInformation;
|
|
PSECURITY_DESCRIPTOR SecurityDescriptor;
|
|
} SetSecurity;
|
|
struct {
|
|
PVPB Vpb;
|
|
PDEVICE_OBJECT DeviceObject;
|
|
} MountVolume;
|
|
struct {
|
|
PVPB Vpb;
|
|
PDEVICE_OBJECT DeviceObject;
|
|
} VerifyVolume;
|
|
struct {
|
|
struct _SCSI_REQUEST_BLOCK *Srb;
|
|
} Scsi;
|
|
struct {
|
|
DEVICE_RELATION_TYPE Type;
|
|
} QueryDeviceRelations;
|
|
struct {
|
|
const GUID *InterfaceType;
|
|
USHORT Size;
|
|
USHORT Version;
|
|
PINTERFACE Interface;
|
|
PVOID InterfaceSpecificData;
|
|
} QueryInterface;
|
|
struct {
|
|
PDEVICE_CAPABILITIES Capabilities;
|
|
} DeviceCapabilities;
|
|
struct {
|
|
PIO_RESOURCE_REQUIREMENTS_LIST IoResourceRequirementList;
|
|
} FilterResourceRequirements;
|
|
struct {
|
|
ULONG WhichSpace;
|
|
PVOID Buffer;
|
|
ULONG Offset;
|
|
ULONG POINTER_ALIGNMENT Length;
|
|
} ReadWriteConfig;
|
|
struct {
|
|
BOOLEAN Lock;
|
|
} SetLock;
|
|
struct {
|
|
BUS_QUERY_ID_TYPE IdType;
|
|
} QueryId;
|
|
struct {
|
|
DEVICE_TEXT_TYPE DeviceTextType;
|
|
LCID POINTER_ALIGNMENT LocaleId;
|
|
} QueryDeviceText;
|
|
struct {
|
|
BOOLEAN InPath;
|
|
BOOLEAN Reserved[3];
|
|
DEVICE_USAGE_NOTIFICATION_TYPE POINTER_ALIGNMENT Type;
|
|
} UsageNotification;
|
|
struct {
|
|
SYSTEM_POWER_STATE PowerState;
|
|
} WaitWake;
|
|
struct {
|
|
PPOWER_SEQUENCE PowerSequence;
|
|
} PowerSequence;
|
|
struct {
|
|
ULONG SystemContext;
|
|
POWER_STATE_TYPE POINTER_ALIGNMENT Type;
|
|
POWER_STATE POINTER_ALIGNMENT State;
|
|
POWER_ACTION POINTER_ALIGNMENT ShutdownType;
|
|
} Power;
|
|
struct {
|
|
PCM_RESOURCE_LIST AllocatedResources;
|
|
PCM_RESOURCE_LIST AllocatedResourcesTranslated;
|
|
} StartDevice;
|
|
struct {
|
|
ULONG_PTR ProviderId;
|
|
PVOID DataPath;
|
|
ULONG BufferSize;
|
|
PVOID Buffer;
|
|
} WMI;
|
|
struct {
|
|
PVOID Argument1;
|
|
PVOID Argument2;
|
|
PVOID Argument3;
|
|
PVOID Argument4;
|
|
} Others;
|
|
} Parameters;
|
|
PDEVICE_OBJECT DeviceObject;
|
|
PFILE_OBJECT FileObject;
|
|
PIO_COMPLETION_ROUTINE CompletionRoutine;
|
|
PVOID Context;
|
|
} IO_STACK_LOCATION, *PIO_STACK_LOCATION;
|
|
#if !defined(_WIN64)
|
|
#include <poppack.h>
|
|
#endif
|
|
|
|
/* MDL definitions */
|
|
|
|
#define MDL_MAPPED_TO_SYSTEM_VA 0x0001
|
|
#define MDL_PAGES_LOCKED 0x0002
|
|
#define MDL_SOURCE_IS_NONPAGED_POOL 0x0004
|
|
#define MDL_ALLOCATED_FIXED_SIZE 0x0008
|
|
#define MDL_PARTIAL 0x0010
|
|
#define MDL_PARTIAL_HAS_BEEN_MAPPED 0x0020
|
|
#define MDL_IO_PAGE_READ 0x0040
|
|
#define MDL_WRITE_OPERATION 0x0080
|
|
#define MDL_PARENT_MAPPED_SYSTEM_VA 0x0100
|
|
#define MDL_FREE_EXTRA_PTES 0x0200
|
|
#define MDL_DESCRIBES_AWE 0x0400
|
|
#define MDL_IO_SPACE 0x0800
|
|
#define MDL_NETWORK_HEADER 0x1000
|
|
#define MDL_MAPPING_CAN_FAIL 0x2000
|
|
#define MDL_ALLOCATED_MUST_SUCCEED 0x4000
|
|
#define MDL_INTERNAL 0x8000
|
|
|
|
#define MDL_MAPPING_FLAGS (MDL_MAPPED_TO_SYSTEM_VA | \
|
|
MDL_PAGES_LOCKED | \
|
|
MDL_SOURCE_IS_NONPAGED_POOL | \
|
|
MDL_PARTIAL_HAS_BEEN_MAPPED | \
|
|
MDL_PARENT_MAPPED_SYSTEM_VA | \
|
|
MDL_SYSTEM_VA | \
|
|
MDL_IO_SPACE )
|
|
|
|
typedef struct _MDL {
|
|
struct _MDL *Next;
|
|
CSHORT Size;
|
|
CSHORT MdlFlags;
|
|
struct _EPROCESS *Process;
|
|
PVOID MappedSystemVa;
|
|
PVOID StartVa;
|
|
ULONG ByteCount;
|
|
ULONG ByteOffset;
|
|
} MDL, *PMDL;
|
|
|
|
typedef MDL *PMDLX;
|
|
typedef ULONG PFN_NUMBER, *PPFN_NUMBER;
|
|
|
|
static inline void MmInitializeMdl(MDL *mdl, void *va, SIZE_T length)
|
|
{
|
|
mdl->Next = NULL;
|
|
mdl->Size = sizeof(MDL) + sizeof(PFN_NUMBER) * ADDRESS_AND_SIZE_TO_SPAN_PAGES(va, length);
|
|
mdl->MdlFlags = 0;
|
|
mdl->StartVa = (void *)PAGE_ALIGN(va);
|
|
mdl->ByteOffset = BYTE_OFFSET(va);
|
|
mdl->ByteCount = length;
|
|
}
|
|
|
|
typedef struct _KTIMER {
|
|
DISPATCHER_HEADER Header;
|
|
ULARGE_INTEGER DueTime;
|
|
LIST_ENTRY TimerListEntry;
|
|
struct _KDPC *Dpc;
|
|
LONG Period;
|
|
} KTIMER, *PKTIMER;
|
|
|
|
typedef struct _KSYSTEM_TIME {
|
|
ULONG LowPart;
|
|
LONG High1Time;
|
|
LONG High2Time;
|
|
} KSYSTEM_TIME, *PKSYSTEM_TIME;
|
|
|
|
typedef enum _NT_PRODUCT_TYPE {
|
|
NtProductWinNt = 1,
|
|
NtProductLanManNt,
|
|
NtProductServer
|
|
} NT_PRODUCT_TYPE, *PNT_PRODUCT_TYPE;
|
|
|
|
#define PROCESSOR_FEATURE_MAX 64
|
|
|
|
typedef enum _ALTERNATIVE_ARCHITECTURE_TYPE
|
|
{
|
|
StandardDesign,
|
|
NEC98x86,
|
|
EndAlternatives
|
|
} ALTERNATIVE_ARCHITECTURE_TYPE;
|
|
|
|
#define NX_SUPPORT_POLICY_ALWAYSOFF 0
|
|
#define NX_SUPPORT_POLICY_ALWAYSON 1
|
|
#define NX_SUPPORT_POLICY_OPTIN 2
|
|
#define NX_SUPPORT_POLICY_OPTOUT 3
|
|
|
|
typedef struct _KUSER_SHARED_DATA {
|
|
ULONG TickCountLowDeprecated; /* 0x000 */
|
|
ULONG TickCountMultiplier; /* 0x004 */
|
|
volatile KSYSTEM_TIME InterruptTime; /* 0x008 */
|
|
volatile KSYSTEM_TIME SystemTime; /* 0x014 */
|
|
volatile KSYSTEM_TIME TimeZoneBias; /* 0x020 */
|
|
USHORT ImageNumberLow; /* 0x02c */
|
|
USHORT ImageNumberHigh; /* 0x02e */
|
|
WCHAR NtSystemRoot[260]; /* 0x030 */
|
|
ULONG MaxStackTraceDepth; /* 0x238 */
|
|
ULONG CryptoExponent; /* 0x23c */
|
|
ULONG TimeZoneId; /* 0x240 */
|
|
ULONG LargePageMinimum; /* 0x244 */
|
|
ULONG AitSamplingValue; /* 0x248 */
|
|
ULONG AppCompatFlag; /* 0x24c */
|
|
ULONGLONG RNGSeedVersion; /* 0x250 */
|
|
ULONG GlobalValidationRunLevel; /* 0x258 */
|
|
volatile ULONG TimeZoneBiasStamp; /* 0x25c */
|
|
ULONG NtBuildNumber; /* 0x260 */
|
|
NT_PRODUCT_TYPE NtProductType; /* 0x264 */
|
|
BOOLEAN ProductTypeIsValid; /* 0x268 */
|
|
USHORT NativeProcessorArchitecture; /* 0x26a */
|
|
ULONG NtMajorVersion; /* 0x26c */
|
|
ULONG NtMinorVersion; /* 0x270 */
|
|
BOOLEAN ProcessorFeatures[PROCESSOR_FEATURE_MAX]; /* 0x274 */
|
|
ULONG Reserved1; /* 0x2b4 */
|
|
ULONG Reserved3; /* 0x2b8 */
|
|
volatile ULONG TimeSlip; /* 0x2bc */
|
|
ALTERNATIVE_ARCHITECTURE_TYPE AlternativeArchitecture; /* 0x2c0 */
|
|
ULONG BootId; /* 0x2c4 */
|
|
LARGE_INTEGER SystemExpirationDate; /* 0x2c8 */
|
|
ULONG SuiteMask; /* 0x2d0 */
|
|
BOOLEAN KdDebuggerEnabled; /* 0x2d4 */
|
|
UCHAR NXSupportPolicy; /* 0x2d5 */
|
|
USHORT CyclesPerYield; /* 0x2d6 */
|
|
volatile ULONG ActiveConsoleId; /* 0x2d8 */
|
|
volatile ULONG DismountCount; /* 0x2dc */
|
|
ULONG ComPlusPackage; /* 0x2e0 */
|
|
ULONG LastSystemRITEventTickCount; /* 0x2e4 */
|
|
ULONG NumberOfPhysicalPages; /* 0x2e8 */
|
|
BOOLEAN SafeBootMode; /* 0x2ec */
|
|
UCHAR VirtualizationFlags; /* 0x2ed */
|
|
union {
|
|
ULONG SharedDataFlags; /* 0x2f0 */
|
|
struct {
|
|
ULONG DbgErrorPortPresent : 1;
|
|
ULONG DbgElevationEnabed : 1;
|
|
ULONG DbgVirtEnabled : 1;
|
|
ULONG DbgInstallerDetectEnabled : 1;
|
|
ULONG DbgLkgEnabled : 1;
|
|
ULONG DbgDynProcessorEnabled : 1;
|
|
ULONG DbgConsoleBrokerEnabled : 1;
|
|
ULONG DbgSecureBootEnabled : 1;
|
|
ULONG DbgMultiSessionSku : 1;
|
|
ULONG DbgMultiUsersInSessionSku : 1;
|
|
ULONG DbgStateSeparationEnabled : 1;
|
|
ULONG SpareBits : 21;
|
|
} DUMMYSTRUCTNAME2;
|
|
} DUMMYUNIONNAME2;
|
|
ULONG DataFlagsPad[1]; /* 0x2f4 */
|
|
ULONGLONG TestRetInstruction; /* 0x2f8 */
|
|
LONGLONG QpcFrequency; /* 0x300 */
|
|
ULONG SystemCall; /* 0x308 */
|
|
union {
|
|
ULONG AllFlags; /* 0x30c */
|
|
struct {
|
|
ULONG Win32Process : 1;
|
|
ULONG Sgx2Enclave : 1;
|
|
ULONG VbsBasicEnclave : 1;
|
|
ULONG SpareBits : 29;
|
|
} DUMMYSTRUCTNAME;
|
|
} UserCetAvailableEnvironments;
|
|
ULONGLONG SystemCallPad[2]; /* 0x310 */
|
|
union {
|
|
volatile KSYSTEM_TIME TickCount; /* 0x320 */
|
|
volatile ULONG64 TickCountQuad;
|
|
} DUMMYUNIONNAME;
|
|
ULONG Cookie; /* 0x330 */
|
|
ULONG CookiePad[1]; /* 0x334 */
|
|
LONGLONG ConsoleSessionForegroundProcessId; /* 0x338 */
|
|
ULONGLONG TimeUpdateLock; /* 0x340 */
|
|
ULONGLONG BaselineSystemTimeQpc; /* 0x348 */
|
|
ULONGLONG BaselineInterruptTimeQpc; /* 0x350 */
|
|
ULONGLONG QpcSystemTimeIncrement; /* 0x358 */
|
|
ULONGLONG QpcInterruptTimeIncrement; /* 0x360 */
|
|
UCHAR QpcSystemTimeIncrementShift; /* 0x368 */
|
|
UCHAR QpcInterruptTimeIncrementShift; /* 0x369 */
|
|
USHORT UnparkedProcessorCount; /* 0x36a */
|
|
ULONG EnclaveFeatureMask[4]; /* 0x36c */
|
|
ULONG TelemetryCoverageRound; /* 0x37c */
|
|
USHORT UserModeGlobalLogger[16]; /* 0x380 */
|
|
ULONG ImageFileExecutionOptions; /* 0x3a0 */
|
|
ULONG LangGenerationCount; /* 0x3a4 */
|
|
ULONG ActiveProcessorAffinity; /* 0x3a8 */
|
|
volatile ULONGLONG InterruptTimeBias; /* 0x3b0 */
|
|
volatile ULONGLONG QpcBias; /* 0x3b8 */
|
|
ULONG ActiveProcessorCount; /* 0x3c0 */
|
|
volatile UCHAR ActiveGroupCount; /* 0x3c4 */
|
|
union {
|
|
USHORT QpcData; /* 0x3c6 */
|
|
struct {
|
|
UCHAR volatile QpcBypassEnabled;
|
|
UCHAR QpcShift;
|
|
} DUMMYSTRUCTNAME;
|
|
} DUMMYUNIONNAME3;
|
|
LARGE_INTEGER TimeZoneBiasEffectiveStart; /* 0x3c8 */
|
|
LARGE_INTEGER TimeZoneBiasEffectiveEnd; /* 0x3d0 */
|
|
XSTATE_CONFIGURATION XState; /* 0x3d8 */
|
|
} KSHARED_USER_DATA, *PKSHARED_USER_DATA;
|
|
|
|
#define SHARED_GLOBAL_FLAGS_QPC_BYPASS_ENABLED 0x01
|
|
#define SHARED_GLOBAL_FLAGS_QPC_BYPASS_USE_HV_PAGE 0x02
|
|
#define SHARED_GLOBAL_FLAGS_QPC_BYPASS_DISABLE_32BIT 0x04
|
|
#define SHARED_GLOBAL_FLAGS_QPC_BYPASS_USE_MFENCE 0x10
|
|
#define SHARED_GLOBAL_FLAGS_QPC_BYPASS_USE_LFENCE 0x20
|
|
#define SHARED_GLOBAL_FLAGS_QPC_BYPASS_A73_ERRATA 0x40
|
|
#define SHARED_GLOBAL_FLAGS_QPC_BYPASS_USE_RDTSCP 0x80
|
|
|
|
typedef enum _MEMORY_CACHING_TYPE {
|
|
MmNonCached = 0,
|
|
MmCached = 1,
|
|
MmWriteCombined = 2,
|
|
MmHardwareCoherentCached = 3,
|
|
MmNonCachedUnordered = 4,
|
|
MmUSWCCached = 5,
|
|
MmMaximumCacheType = 6
|
|
} MEMORY_CACHING_TYPE;
|
|
|
|
typedef enum _MM_PAGE_PRIORITY {
|
|
LowPagePriority,
|
|
NormalPagePriority = 16,
|
|
HighPagePriority = 32
|
|
} MM_PAGE_PRIORITY;
|
|
|
|
typedef enum _MM_SYSTEM_SIZE
|
|
{
|
|
MmSmallSystem,
|
|
MmMediumSystem,
|
|
MmLargeSystem
|
|
} MM_SYSTEMSIZE;
|
|
|
|
typedef struct _IO_REMOVE_LOCK_COMMON_BLOCK {
|
|
BOOLEAN Removed;
|
|
BOOLEAN Reserved[3];
|
|
LONG IoCount;
|
|
KEVENT RemoveEvent;
|
|
} IO_REMOVE_LOCK_COMMON_BLOCK;
|
|
|
|
typedef struct _IO_REMOVE_LOCK_TRACKING_BLOCK *PIO_REMOVE_LOCK_TRACKING_BLOCK;
|
|
|
|
typedef struct _IO_REMOVE_LOCK_DBG_BLOCK {
|
|
LONG Signature;
|
|
LONG HighWatermark;
|
|
LONGLONG MaxLockedTicks;
|
|
LONG AllocateTag;
|
|
LIST_ENTRY LockList;
|
|
KSPIN_LOCK Spin;
|
|
LONG LowMemoryCount;
|
|
ULONG Reserved1[4];
|
|
PVOID Reserved2;
|
|
PIO_REMOVE_LOCK_TRACKING_BLOCK Blocks;
|
|
} IO_REMOVE_LOCK_DBG_BLOCK;
|
|
|
|
typedef struct _IO_REMOVE_LOCK {
|
|
IO_REMOVE_LOCK_COMMON_BLOCK Common;
|
|
IO_REMOVE_LOCK_DBG_BLOCK Dbg;
|
|
} IO_REMOVE_LOCK, *PIO_REMOVE_LOCK;
|
|
|
|
typedef enum {
|
|
IoReadAccess,
|
|
IoWriteAccess,
|
|
IoModifyAccess
|
|
} LOCK_OPERATION;
|
|
|
|
typedef struct _CALLBACK_OBJECT
|
|
{
|
|
ULONG Signature;
|
|
KSPIN_LOCK Lock;
|
|
LIST_ENTRY RegisteredCallbacks;
|
|
BOOLEAN AllowMultipleCallbacks;
|
|
UCHAR reserved[3];
|
|
} CALLBACK_OBJECT, *PCALLBACK_OBJECT;
|
|
|
|
typedef struct _KSPIN_LOCK_QUEUE {
|
|
struct _KSPIN_LOCK_QUEUE * volatile Next;
|
|
volatile PKSPIN_LOCK Lock;
|
|
} KSPIN_LOCK_QUEUE, *PKSPIN_LOCK_QUEUE;
|
|
|
|
typedef struct _KLOCK_QUEUE_HANDLE {
|
|
KSPIN_LOCK_QUEUE LockQueue;
|
|
KIRQL OldIrql;
|
|
} KLOCK_QUEUE_HANDLE, *PKLOCK_QUEUE_HANDLE;
|
|
|
|
typedef void * (NTAPI *PALLOCATE_FUNCTION)(POOL_TYPE, SIZE_T, ULONG);
|
|
typedef void * (NTAPI *PALLOCATE_FUNCTION_EX)(POOL_TYPE, SIZE_T, ULONG, PLOOKASIDE_LIST_EX);
|
|
typedef void (NTAPI *PFREE_FUNCTION)(void *);
|
|
typedef void (NTAPI *PFREE_FUNCTION_EX)(void *, PLOOKASIDE_LIST_EX);
|
|
typedef void (NTAPI *PCALLBACK_FUNCTION)(void *, void *, void *);
|
|
|
|
#ifdef _WIN64
|
|
#define LOOKASIDE_ALIGN DECLSPEC_CACHEALIGN
|
|
#else
|
|
#define LOOKASIDE_ALIGN
|
|
#endif
|
|
|
|
#define LOOKASIDE_MINIMUM_BLOCK_SIZE (RTL_SIZEOF_THROUGH_FIELD(SLIST_ENTRY, Next))
|
|
|
|
#define GENERAL_LOOKASIDE_LAYOUT \
|
|
union \
|
|
{ \
|
|
SLIST_HEADER ListHead; \
|
|
SINGLE_LIST_ENTRY SingleListHead; \
|
|
} DUMMYUNIONNAME; \
|
|
USHORT Depth; \
|
|
USHORT MaximumDepth; \
|
|
ULONG TotalAllocates; \
|
|
union \
|
|
{ \
|
|
ULONG AllocateMisses; \
|
|
ULONG AllocateHits; \
|
|
} DUMMYUNIONNAME2; \
|
|
ULONG TotalFrees; \
|
|
union \
|
|
{ \
|
|
ULONG FreeMisses; \
|
|
ULONG FreeHits; \
|
|
} DUMMYUNIONNAME3; \
|
|
POOL_TYPE Type; \
|
|
ULONG Tag; \
|
|
ULONG Size; \
|
|
union \
|
|
{ \
|
|
PALLOCATE_FUNCTION_EX AllocateEx; \
|
|
PALLOCATE_FUNCTION Allocate; \
|
|
} DUMMYUNIONNAME4; \
|
|
union \
|
|
{ \
|
|
PFREE_FUNCTION_EX FreeEx; \
|
|
PFREE_FUNCTION Free; \
|
|
} DUMMYUNIONNAME5; \
|
|
LIST_ENTRY ListEntry; \
|
|
ULONG LastTotalAllocates; \
|
|
union \
|
|
{ \
|
|
ULONG LastAllocateMisses; \
|
|
ULONG LastAllocateHits; \
|
|
} DUMMYUNIONNAME6; \
|
|
ULONG Future[2];
|
|
|
|
typedef struct LOOKASIDE_ALIGN _GENERAL_LOOKASIDE
|
|
{
|
|
GENERAL_LOOKASIDE_LAYOUT
|
|
} GENERAL_LOOKASIDE;
|
|
|
|
typedef struct _GENERAL_LOOKASIDE_POOL
|
|
{
|
|
GENERAL_LOOKASIDE_LAYOUT
|
|
} GENERAL_LOOKASIDE_POOL, *PGENERAL_LOOKASIDE_POOL;
|
|
|
|
typedef struct _LOOKASIDE_LIST_EX
|
|
{
|
|
GENERAL_LOOKASIDE_POOL L;
|
|
} LOOKASIDE_LIST_EX;
|
|
|
|
typedef struct LOOKASIDE_ALIGN _NPAGED_LOOKASIDE_LIST
|
|
{
|
|
GENERAL_LOOKASIDE L;
|
|
#if defined(__i386__)
|
|
KSPIN_LOCK Lock__ObsoleteButDoNotDelete;
|
|
#endif
|
|
} NPAGED_LOOKASIDE_LIST, *PNPAGED_LOOKASIDE_LIST;
|
|
|
|
typedef struct LOOKASIDE_ALIGN _PAGED_LOOKASIDE_LIST
|
|
{
|
|
GENERAL_LOOKASIDE L;
|
|
#if defined(__i386__)
|
|
FAST_MUTEX Lock__ObsoleteButDoNotDelete;
|
|
#endif
|
|
} PAGED_LOOKASIDE_LIST, *PPAGED_LOOKASIDE_LIST;
|
|
|
|
typedef NTSTATUS (NTAPI EX_CALLBACK_FUNCTION)(void *CallbackContext, void *Argument1, void *Argument2);
|
|
typedef EX_CALLBACK_FUNCTION *PEX_CALLBACK_FUNCTION;
|
|
|
|
typedef ULONG OB_OPERATION;
|
|
|
|
typedef struct _OB_PRE_CREATE_HANDLE_INFORMATION {
|
|
ACCESS_MASK DesiredAccess;
|
|
ACCESS_MASK OriginalDesiredAccess;
|
|
} OB_PRE_CREATE_HANDLE_INFORMATION, *POB_PRE_CREATE_HANDLE_INFORMATION;
|
|
|
|
typedef struct _OB_PRE_DUPLICATE_HANDLE_INFORMATION {
|
|
ACCESS_MASK DesiredAccess;
|
|
ACCESS_MASK OriginalDesiredAccess;
|
|
PVOID SourceProcess;
|
|
PVOID TargetProcess;
|
|
} OB_PRE_DUPLICATE_HANDLE_INFORMATION, *POB_PRE_DUPLICATE_HANDLE_INFORMATION;
|
|
|
|
typedef union _OB_PRE_OPERATION_PARAMETERS {
|
|
OB_PRE_CREATE_HANDLE_INFORMATION CreateHandleInformation;
|
|
OB_PRE_DUPLICATE_HANDLE_INFORMATION DuplicateHandleInformation;
|
|
} OB_PRE_OPERATION_PARAMETERS, *POB_PRE_OPERATION_PARAMETERS;
|
|
|
|
typedef struct _OB_PRE_OPERATION_INFORMATION {
|
|
OB_OPERATION Operation;
|
|
union {
|
|
ULONG Flags;
|
|
struct {
|
|
ULONG KernelHandle:1;
|
|
ULONG Reserved:31;
|
|
} DUMMYSTRUCTNAME;
|
|
} DUMMYUNIONNAME;
|
|
PVOID Object;
|
|
POBJECT_TYPE ObjectType;
|
|
PVOID CallContext;
|
|
POB_PRE_OPERATION_PARAMETERS Parameters;
|
|
} OB_PRE_OPERATION_INFORMATION, *POB_PRE_OPERATION_INFORMATION;
|
|
|
|
typedef struct _OB_POST_CREATE_HANDLE_INFORMATION {
|
|
ACCESS_MASK GrantedAccess;
|
|
} OB_POST_CREATE_HANDLE_INFORMATION, *POB_POST_CREATE_HANDLE_INFORMATION;
|
|
|
|
typedef struct _OB_POST_DUPLICATE_HANDLE_INFORMATION {
|
|
ACCESS_MASK GrantedAccess;
|
|
} OB_POST_DUPLICATE_HANDLE_INFORMATION, *POB_POST_DUPLICATE_HANDLE_INFORMATION;
|
|
|
|
typedef union _OB_POST_OPERATION_PARAMETERS {
|
|
OB_POST_CREATE_HANDLE_INFORMATION CreateHandleInformation;
|
|
OB_POST_DUPLICATE_HANDLE_INFORMATION DuplicateHandleInformation;
|
|
} OB_POST_OPERATION_PARAMETERS, *POB_POST_OPERATION_PARAMETERS;
|
|
|
|
typedef struct _OB_POST_OPERATION_INFORMATION {
|
|
OB_OPERATION Operation;
|
|
union {
|
|
ULONG Flags;
|
|
struct {
|
|
ULONG KernelHandle:1;
|
|
ULONG Reserved:31;
|
|
} DUMMYSTRUCTNAME;
|
|
} DUMMYUNIONNAME;
|
|
PVOID Object;
|
|
POBJECT_TYPE ObjectType;
|
|
PVOID CallContext;
|
|
NTSTATUS ReturnStatus;
|
|
POB_POST_OPERATION_PARAMETERS Parameters;
|
|
} OB_POST_OPERATION_INFORMATION,*POB_POST_OPERATION_INFORMATION;
|
|
|
|
typedef enum _OB_PREOP_CALLBACK_STATUS {
|
|
OB_PREOP_SUCCESS
|
|
} OB_PREOP_CALLBACK_STATUS, *POB_PREOP_CALLBACK_STATUS;
|
|
|
|
typedef OB_PREOP_CALLBACK_STATUS (WINAPI *POB_PRE_OPERATION_CALLBACK)(void *context, POB_PRE_OPERATION_INFORMATION information);
|
|
typedef void (WINAPI *POB_POST_OPERATION_CALLBACK)(void *context, POB_POST_OPERATION_INFORMATION information);
|
|
|
|
typedef struct _OB_OPERATION_REGISTRATION {
|
|
POBJECT_TYPE *ObjectType;
|
|
OB_OPERATION Operations;
|
|
POB_PRE_OPERATION_CALLBACK PreOperation;
|
|
POB_POST_OPERATION_CALLBACK PostOperation;
|
|
} OB_OPERATION_REGISTRATION, *POB_OPERATION_REGISTRATION;
|
|
|
|
typedef struct _OB_CALLBACK_REGISTRATION {
|
|
USHORT Version;
|
|
USHORT OperationRegistrationCount;
|
|
UNICODE_STRING Altitude;
|
|
PVOID RegistrationContext;
|
|
OB_OPERATION_REGISTRATION *OperationRegistration;
|
|
} OB_CALLBACK_REGISTRATION, *POB_CALLBACK_REGISTRATION;
|
|
|
|
#define OB_FLT_REGISTRATION_VERSION_0100 0x0100
|
|
#define OB_FLT_REGISTRATION_VERSION OB_FLT_REGISTRATION_VERSION_0100
|
|
|
|
typedef enum _DIRECTORY_NOTIFY_INFORMATION_CLASS {
|
|
DirectoryNotifyInformation = 1,
|
|
DirectoryNotifyExtendedInformation
|
|
} DIRECTORY_NOTIFY_INFORMATION_CLASS, *PDIRECTORY_NOTIFY_INFORMATION_CLASS;
|
|
|
|
typedef enum _WORK_QUEUE_TYPE {
|
|
CriticalWorkQueue,
|
|
DelayedWorkQueue,
|
|
HyperCriticalWorkQueue,
|
|
MaximumWorkQueue
|
|
} WORK_QUEUE_TYPE;
|
|
|
|
typedef void (WINAPI *PIO_WORKITEM_ROUTINE)(PDEVICE_OBJECT,void*);
|
|
|
|
NTSTATUS WINAPI ObCloseHandle(IN HANDLE handle);
|
|
|
|
#ifdef NONAMELESSUNION
|
|
# ifdef NONAMELESSSTRUCT
|
|
# define IoGetCurrentIrpStackLocation(_Irp) ((_Irp)->Tail.Overlay.s.u2.CurrentStackLocation)
|
|
# define IoGetNextIrpStackLocation(_Irp) ((_Irp)->Tail.Overlay.s.u2.CurrentStackLocation - 1)
|
|
static inline void IoSkipCurrentIrpStackLocation(IRP *irp) {irp->Tail.Overlay.s.u2.CurrentStackLocation++; irp->CurrentLocation++;}
|
|
# else
|
|
# define IoGetCurrentIrpStackLocation(_Irp) ((_Irp)->Tail.Overlay.u2.CurrentStackLocation)
|
|
# define IoGetNextIrpStackLocation(_Irp) ((_Irp)->Tail.Overlay.u2.CurrentStackLocation - 1)
|
|
static inline void IoSkipCurrentIrpStackLocation(IRP *irp) {irp->Tail.Overlay.u2.CurrentStackLocation++; irp->CurrentLocation++;}
|
|
# endif
|
|
#else
|
|
# ifdef NONAMELESSSTRUCT
|
|
# define IoGetCurrentIrpStackLocation(_Irp) ((_Irp)->Tail.Overlay.s.CurrentStackLocation)
|
|
# define IoGetNextIrpStackLocation(_Irp) ((_Irp)->Tail.Overlay.s.CurrentStackLocation - 1)
|
|
static inline void IoSkipCurrentIrpStackLocation(IRP *irp) {irp->Tail.Overlay.s.CurrentStackLocation++; irp->CurrentLocation++;}
|
|
# else
|
|
# define IoGetCurrentIrpStackLocation(_Irp) ((_Irp)->Tail.Overlay.CurrentStackLocation)
|
|
# define IoGetNextIrpStackLocation(_Irp) ((_Irp)->Tail.Overlay.CurrentStackLocation - 1)
|
|
static inline void IoSkipCurrentIrpStackLocation(IRP *irp) {irp->Tail.Overlay.CurrentStackLocation++; irp->CurrentLocation++;}
|
|
# endif
|
|
#endif
|
|
|
|
#define IoSetCancelRoutine(irp, routine) \
|
|
((PDRIVER_CANCEL)InterlockedExchangePointer((void **)&(irp)->CancelRoutine, routine))
|
|
|
|
static inline void IoSetCompletionRoutine(IRP *irp, PIO_COMPLETION_ROUTINE routine, void *context,
|
|
BOOLEAN on_success, BOOLEAN on_error, BOOLEAN on_cancel)
|
|
{
|
|
IO_STACK_LOCATION *irpsp = IoGetNextIrpStackLocation(irp);
|
|
irpsp->CompletionRoutine = routine;
|
|
irpsp->Context = context;
|
|
irpsp->Control = 0;
|
|
if (on_success) irpsp->Control |= SL_INVOKE_ON_SUCCESS;
|
|
if (on_error) irpsp->Control |= SL_INVOKE_ON_ERROR;
|
|
if (on_cancel) irpsp->Control |= SL_INVOKE_ON_CANCEL;
|
|
}
|
|
|
|
static inline void IoMarkIrpPending(IRP *irp)
|
|
{
|
|
IoGetCurrentIrpStackLocation(irp)->Control |= SL_PENDING_RETURNED;
|
|
}
|
|
|
|
static inline void IoCopyCurrentIrpStackLocationToNext(IRP *irp)
|
|
{
|
|
IO_STACK_LOCATION *current = IoGetCurrentIrpStackLocation(irp);
|
|
IO_STACK_LOCATION *next = IoGetNextIrpStackLocation(irp);
|
|
memcpy(next, current, FIELD_OFFSET(IO_STACK_LOCATION, CompletionRoutine));
|
|
next->Control = 0;
|
|
}
|
|
|
|
#define KernelMode 0
|
|
#define UserMode 1
|
|
|
|
/* directory object access rights */
|
|
#define DIRECTORY_QUERY 0x0001
|
|
#define DIRECTORY_TRAVERSE 0x0002
|
|
#define DIRECTORY_CREATE_OBJECT 0x0004
|
|
#define DIRECTORY_CREATE_SUBDIRECTORY 0x0008
|
|
#define DIRECTORY_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | 0xF)
|
|
|
|
/* symbolic link access rights */
|
|
#define SYMBOLIC_LINK_QUERY 0x0001
|
|
#define SYMBOLIC_LINK_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | 0x1)
|
|
|
|
NTSTATUS WINAPI DbgQueryDebugFilterState(ULONG, ULONG);
|
|
void FASTCALL ExAcquireFastMutexUnsafe(PFAST_MUTEX);
|
|
BOOLEAN WINAPI ExAcquireResourceExclusiveLite(ERESOURCE*,BOOLEAN);
|
|
BOOLEAN WINAPI ExAcquireResourceSharedLite(ERESOURCE*,BOOLEAN);
|
|
BOOLEAN WINAPI ExAcquireSharedStarveExclusive(ERESOURCE*,BOOLEAN);
|
|
BOOLEAN WINAPI ExAcquireSharedWaitForExclusive(ERESOURCE*,BOOLEAN);
|
|
PVOID WINAPI ExAllocatePool(POOL_TYPE,SIZE_T);
|
|
PVOID WINAPI ExAllocatePoolWithQuota(POOL_TYPE,SIZE_T);
|
|
PVOID WINAPI ExAllocatePoolWithTag(POOL_TYPE,SIZE_T,ULONG);
|
|
PVOID WINAPI ExAllocatePoolWithQuotaTag(POOL_TYPE,SIZE_T,ULONG);
|
|
void WINAPI ExDeleteNPagedLookasideList(PNPAGED_LOOKASIDE_LIST);
|
|
void WINAPI ExDeletePagedLookasideList(PPAGED_LOOKASIDE_LIST);
|
|
NTSTATUS WINAPI ExDeleteResourceLite(ERESOURCE*);
|
|
void WINAPI ExFreePool(PVOID);
|
|
void WINAPI ExFreePoolWithTag(PVOID,ULONG);
|
|
ULONG WINAPI ExGetExclusiveWaiterCount(ERESOURCE*);
|
|
ULONG WINAPI ExGetSharedWaiterCount(ERESOURCE*);
|
|
void WINAPI ExInitializeNPagedLookasideList(PNPAGED_LOOKASIDE_LIST,PALLOCATE_FUNCTION,PFREE_FUNCTION,ULONG,SIZE_T,ULONG,USHORT);
|
|
void WINAPI ExInitializePagedLookasideList(PPAGED_LOOKASIDE_LIST,PALLOCATE_FUNCTION,PFREE_FUNCTION,ULONG,SIZE_T,ULONG,USHORT);
|
|
NTSTATUS WINAPI ExInitializeResourceLite(ERESOURCE*);
|
|
PSLIST_ENTRY WINAPI ExInterlockedFlushSList(PSLIST_HEADER);
|
|
PSLIST_ENTRY WINAPI ExInterlockedPopEntrySList(PSLIST_HEADER,PKSPIN_LOCK);
|
|
PSLIST_ENTRY WINAPI ExInterlockedPushEntrySList(PSLIST_HEADER,PSLIST_ENTRY,PKSPIN_LOCK);
|
|
LIST_ENTRY * WINAPI ExInterlockedRemoveHeadList(LIST_ENTRY*,KSPIN_LOCK*);
|
|
BOOLEAN WINAPI ExIsResourceAcquiredExclusiveLite(ERESOURCE*);
|
|
ULONG WINAPI ExIsResourceAcquiredSharedLite(ERESOURCE*);
|
|
void * WINAPI ExRegisterCallback(PCALLBACK_OBJECT,PCALLBACK_FUNCTION,void*);
|
|
void FASTCALL ExReleaseFastMutexUnsafe(PFAST_MUTEX);
|
|
void WINAPI ExReleaseResourceForThreadLite(ERESOURCE*,ERESOURCE_THREAD);
|
|
ULONG WINAPI ExSetTimerResolution(ULONG,BOOLEAN);
|
|
void WINAPI ExUnregisterCallback(void*);
|
|
|
|
void WINAPI IoAcquireCancelSpinLock(KIRQL*);
|
|
NTSTATUS WINAPI IoAcquireRemoveLockEx(IO_REMOVE_LOCK*,void*,const char*,ULONG, ULONG);
|
|
NTSTATUS WINAPI IoAllocateDriverObjectExtension(PDRIVER_OBJECT,PVOID,ULONG,PVOID*);
|
|
PVOID WINAPI IoAllocateErrorLogEntry(PVOID,UCHAR);
|
|
PIRP WINAPI IoAllocateIrp(CCHAR,BOOLEAN);
|
|
PMDL WINAPI IoAllocateMdl(PVOID,ULONG,BOOLEAN,BOOLEAN,IRP*);
|
|
PIO_WORKITEM WINAPI IoAllocateWorkItem(PDEVICE_OBJECT);
|
|
void WINAPI IoDetachDevice(PDEVICE_OBJECT);
|
|
PDEVICE_OBJECT WINAPI IoAttachDeviceToDeviceStack(PDEVICE_OBJECT,PDEVICE_OBJECT);
|
|
PIRP WINAPI IoBuildAsynchronousFsdRequest(ULONG,DEVICE_OBJECT*,void*,ULONG,LARGE_INTEGER*,IO_STATUS_BLOCK*);
|
|
PIRP WINAPI IoBuildDeviceIoControlRequest(ULONG,DEVICE_OBJECT*,PVOID,ULONG,PVOID,ULONG,BOOLEAN,PKEVENT,IO_STATUS_BLOCK*);
|
|
PIRP WINAPI IoBuildSynchronousFsdRequest(ULONG,DEVICE_OBJECT*,PVOID,ULONG,PLARGE_INTEGER,PKEVENT,IO_STATUS_BLOCK*);
|
|
NTSTATUS WINAPI IoCallDriver(DEVICE_OBJECT*,IRP*);
|
|
BOOLEAN WINAPI IoCancelIrp(IRP*);
|
|
VOID WINAPI IoCompleteRequest(IRP*,UCHAR);
|
|
NTSTATUS WINAPI IoCreateDevice(DRIVER_OBJECT*,ULONG,UNICODE_STRING*,DEVICE_TYPE,ULONG,BOOLEAN,DEVICE_OBJECT**);
|
|
NTSTATUS WINAPI IoCreateDriver(UNICODE_STRING*,PDRIVER_INITIALIZE);
|
|
NTSTATUS WINAPI IoCreateSymbolicLink(UNICODE_STRING*,UNICODE_STRING*);
|
|
PKEVENT WINAPI IoCreateSynchronizationEvent(UNICODE_STRING*,HANDLE*);
|
|
void WINAPI IoDeleteDevice(DEVICE_OBJECT*);
|
|
void WINAPI IoDeleteDriver(DRIVER_OBJECT*);
|
|
NTSTATUS WINAPI IoDeleteSymbolicLink(UNICODE_STRING*);
|
|
void WINAPI IoFreeIrp(IRP*);
|
|
void WINAPI IoFreeMdl(MDL*);
|
|
void WINAPI IoFreeWorkItem(PIO_WORKITEM);
|
|
DEVICE_OBJECT * WINAPI IoGetAttachedDeviceReference(DEVICE_OBJECT*);
|
|
PEPROCESS WINAPI IoGetCurrentProcess(void);
|
|
NTSTATUS WINAPI IoGetDeviceInterfaces(const GUID*,PDEVICE_OBJECT,ULONG,PWSTR*);
|
|
NTSTATUS WINAPI IoGetDeviceObjectPointer(UNICODE_STRING*,ACCESS_MASK,PFILE_OBJECT*,PDEVICE_OBJECT*);
|
|
NTSTATUS WINAPI IoGetDeviceProperty(PDEVICE_OBJECT,DEVICE_REGISTRY_PROPERTY,ULONG,PVOID,PULONG);
|
|
PVOID WINAPI IoGetDriverObjectExtension(PDRIVER_OBJECT,PVOID);
|
|
PDEVICE_OBJECT WINAPI IoGetRelatedDeviceObject(PFILE_OBJECT);
|
|
void WINAPI IoGetStackLimits(ULONG_PTR*,ULONG_PTR*);
|
|
void WINAPI IoInitializeIrp(IRP*,USHORT,CCHAR);
|
|
VOID WINAPI IoInitializeRemoveLockEx(PIO_REMOVE_LOCK,ULONG,ULONG,ULONG,ULONG);
|
|
void WINAPI IoInvalidateDeviceRelations(PDEVICE_OBJECT,DEVICE_RELATION_TYPE);
|
|
#ifdef _WIN64
|
|
BOOLEAN WINAPI IoIs32bitProcess(IRP*);
|
|
#endif
|
|
NTSTATUS WINAPI IoOpenDeviceRegistryKey(DEVICE_OBJECT*,ULONG,ACCESS_MASK,HANDLE*);
|
|
void WINAPI IoQueueWorkItem(PIO_WORKITEM,PIO_WORKITEM_ROUTINE,WORK_QUEUE_TYPE,void*);
|
|
NTSTATUS WINAPI IoRegisterDeviceInterface(PDEVICE_OBJECT,const GUID*,PUNICODE_STRING,PUNICODE_STRING);
|
|
void WINAPI IoReleaseCancelSpinLock(KIRQL);
|
|
void WINAPI IoReleaseRemoveLockAndWaitEx(IO_REMOVE_LOCK*,void*,ULONG);
|
|
void WINAPI IoReleaseRemoveLockEx(IO_REMOVE_LOCK*,void*,ULONG);
|
|
void WINAPI IoReuseIrp(IRP*,NTSTATUS);
|
|
NTSTATUS WINAPI IoSetDeviceInterfaceState(UNICODE_STRING*,BOOLEAN);
|
|
NTSTATUS WINAPI IoWMIRegistrationControl(PDEVICE_OBJECT,ULONG);
|
|
|
|
void FASTCALL KeAcquireInStackQueuedSpinLockAtDpcLevel(KSPIN_LOCK*,KLOCK_QUEUE_HANDLE*);
|
|
#ifdef __i386__
|
|
void WINAPI KeAcquireSpinLock(KSPIN_LOCK*,KIRQL*);
|
|
#else
|
|
#define KeAcquireSpinLock( lock, irql ) *(irql) = KeAcquireSpinLockRaiseToDpc( lock )
|
|
KIRQL WINAPI KeAcquireSpinLockRaiseToDpc(KSPIN_LOCK*);
|
|
#endif
|
|
void WINAPI KeAcquireSpinLockAtDpcLevel(KSPIN_LOCK*);
|
|
void WINAPI DECLSPEC_NORETURN KeBugCheckEx(ULONG,ULONG_PTR,ULONG_PTR,ULONG_PTR,ULONG_PTR);
|
|
BOOLEAN WINAPI KeCancelTimer(KTIMER*);
|
|
void WINAPI KeClearEvent(PRKEVENT);
|
|
NTSTATUS WINAPI KeDelayExecutionThread(KPROCESSOR_MODE,BOOLEAN,LARGE_INTEGER*);
|
|
void WINAPI KeEnterCriticalRegion(void);
|
|
void WINAPI KeGenericCallDpc(PKDEFERRED_ROUTINE,PVOID);
|
|
ULONG WINAPI KeGetCurrentProcessorNumber(void);
|
|
PKTHREAD WINAPI KeGetCurrentThread(void);
|
|
void WINAPI KeInitializeDpc(KDPC*,PKDEFERRED_ROUTINE,void*);
|
|
void WINAPI KeInitializeEvent(PRKEVENT,EVENT_TYPE,BOOLEAN);
|
|
void WINAPI KeInitializeMutex(PRKMUTEX,ULONG);
|
|
void WINAPI KeInitializeSemaphore(PRKSEMAPHORE,LONG,LONG);
|
|
void WINAPI KeInitializeSpinLock(KSPIN_LOCK*);
|
|
void WINAPI KeInitializeTimerEx(PKTIMER,TIMER_TYPE);
|
|
void WINAPI KeInitializeTimer(KTIMER*);
|
|
void WINAPI KeLeaveCriticalRegion(void);
|
|
ULONG WINAPI KeQueryActiveProcessorCountEx(USHORT);
|
|
KAFFINITY WINAPI KeQueryActiveProcessors(void);
|
|
void WINAPI KeQuerySystemTime(LARGE_INTEGER*);
|
|
void WINAPI KeQueryTickCount(LARGE_INTEGER*);
|
|
ULONG WINAPI KeQueryTimeIncrement(void);
|
|
LONG WINAPI KeReadStateEvent(PRKEVENT);
|
|
void FASTCALL KeReleaseInStackQueuedSpinLockFromDpcLevel(KLOCK_QUEUE_HANDLE*);
|
|
LONG WINAPI KeReleaseMutex(PRKMUTEX,BOOLEAN);
|
|
LONG WINAPI KeReleaseSemaphore(PRKSEMAPHORE,KPRIORITY,LONG,BOOLEAN);
|
|
void WINAPI KeReleaseSpinLock(KSPIN_LOCK*,KIRQL);
|
|
void WINAPI KeReleaseSpinLockFromDpcLevel(KSPIN_LOCK*);
|
|
LONG WINAPI KeResetEvent(PRKEVENT);
|
|
void WINAPI KeRevertToUserAffinityThread(void);
|
|
void WINAPI KeRevertToUserAffinityThreadEx(KAFFINITY affinity);
|
|
LONG WINAPI KeSetEvent(PRKEVENT,KPRIORITY,BOOLEAN);
|
|
KPRIORITY WINAPI KeSetPriorityThread(PKTHREAD,KPRIORITY);
|
|
void WINAPI KeSetSystemAffinityThread(KAFFINITY);
|
|
KAFFINITY WINAPI KeSetSystemAffinityThreadEx(KAFFINITY affinity);
|
|
BOOLEAN WINAPI KeSetTimer(KTIMER*,LARGE_INTEGER,KDPC*);
|
|
BOOLEAN WINAPI KeSetTimerEx(KTIMER*,LARGE_INTEGER,LONG,KDPC*);
|
|
void WINAPI KeSignalCallDpcDone(void*);
|
|
BOOLEAN WINAPI KeSignalCallDpcSynchronize(void*);
|
|
NTSTATUS WINAPI KeWaitForMultipleObjects(ULONG,void*[],WAIT_TYPE,KWAIT_REASON,KPROCESSOR_MODE,BOOLEAN,LARGE_INTEGER*,KWAIT_BLOCK*);
|
|
NTSTATUS WINAPI KeWaitForSingleObject(void*,KWAIT_REASON,KPROCESSOR_MODE,BOOLEAN,LARGE_INTEGER*);
|
|
|
|
PVOID WINAPI MmAllocateContiguousMemory(SIZE_T,PHYSICAL_ADDRESS);
|
|
PVOID WINAPI MmAllocateNonCachedMemory(SIZE_T);
|
|
PMDL WINAPI MmAllocatePagesForMdl(PHYSICAL_ADDRESS,PHYSICAL_ADDRESS,PHYSICAL_ADDRESS,SIZE_T);
|
|
void WINAPI MmBuildMdlForNonPagedPool(MDL*);
|
|
NTSTATUS WINAPI MmCopyVirtualMemory(PEPROCESS,void*,PEPROCESS,void*,SIZE_T,KPROCESSOR_MODE,SIZE_T*);
|
|
void WINAPI MmFreeNonCachedMemory(PVOID,SIZE_T);
|
|
void * WINAPI MmGetSystemRoutineAddress(UNICODE_STRING*);
|
|
PVOID WINAPI MmMapLockedPagesSpecifyCache(PMDLX,KPROCESSOR_MODE,MEMORY_CACHING_TYPE,PVOID,ULONG,MM_PAGE_PRIORITY);
|
|
MM_SYSTEMSIZE WINAPI MmQuerySystemSize(void);
|
|
void WINAPI MmProbeAndLockPages(PMDLX, KPROCESSOR_MODE, LOCK_OPERATION);
|
|
void WINAPI MmUnmapLockedPages(void*, PMDL);
|
|
|
|
static inline void *MmGetSystemAddressForMdlSafe(MDL *mdl, ULONG priority)
|
|
{
|
|
if (mdl->MdlFlags & (MDL_MAPPED_TO_SYSTEM_VA | MDL_SOURCE_IS_NONPAGED_POOL))
|
|
return mdl->MappedSystemVa;
|
|
else
|
|
return MmMapLockedPagesSpecifyCache(mdl, KernelMode, MmCached, NULL, FALSE, priority);
|
|
}
|
|
|
|
void FASTCALL ObfReferenceObject(void*);
|
|
void WINAPI ObDereferenceObject(void*);
|
|
USHORT WINAPI ObGetFilterVersion(void);
|
|
NTSTATUS WINAPI ObRegisterCallbacks(POB_CALLBACK_REGISTRATION, void**);
|
|
NTSTATUS WINAPI ObReferenceObjectByHandle(HANDLE,ACCESS_MASK,POBJECT_TYPE,KPROCESSOR_MODE,PVOID*,POBJECT_HANDLE_INFORMATION);
|
|
NTSTATUS WINAPI ObReferenceObjectByName(UNICODE_STRING*,ULONG,ACCESS_STATE*,ACCESS_MASK,POBJECT_TYPE,KPROCESSOR_MODE,void*,void**);
|
|
NTSTATUS WINAPI ObReferenceObjectByPointer(void*,ACCESS_MASK,POBJECT_TYPE,KPROCESSOR_MODE);
|
|
void WINAPI ObUnRegisterCallbacks(void*);
|
|
|
|
NTSTATUS WINAPI PoCallDriver(DEVICE_OBJECT*,IRP*);
|
|
POWER_STATE WINAPI PoSetPowerState(PDEVICE_OBJECT,POWER_STATE_TYPE,POWER_STATE);
|
|
void WINAPI PoStartNextPowerIrp(IRP*);
|
|
|
|
NTSTATUS WINAPI PsCreateSystemThread(PHANDLE,ULONG,POBJECT_ATTRIBUTES,HANDLE,PCLIENT_ID,PKSTART_ROUTINE,PVOID);
|
|
#define PsGetCurrentProcess() IoGetCurrentProcess()
|
|
#define PsGetCurrentThread() ((PETHREAD)KeGetCurrentThread())
|
|
HANDLE WINAPI PsGetCurrentProcessId(void);
|
|
HANDLE WINAPI PsGetCurrentThreadId(void);
|
|
HANDLE WINAPI PsGetProcessInheritedFromUniqueProcessId(PEPROCESS);
|
|
BOOLEAN WINAPI PsGetVersion(ULONG*,ULONG*,ULONG*,UNICODE_STRING*);
|
|
NTSTATUS WINAPI PsTerminateSystemThread(NTSTATUS);
|
|
|
|
#ifdef __x86_64__
|
|
void WINAPI RtlCopyMemoryNonTemporal(void*,const void*,SIZE_T);
|
|
#else
|
|
#define RtlCopyMemoryNonTemporal RtlCopyMemory
|
|
#endif
|
|
BOOLEAN WINAPI RtlIsNtDdiVersionAvailable(ULONG);
|
|
|
|
NTSTATUS WINAPI ZwAddBootEntry(PUNICODE_STRING,PUNICODE_STRING);
|
|
NTSTATUS WINAPI ZwAccessCheckAndAuditAlarm(PUNICODE_STRING,HANDLE,PUNICODE_STRING,PUNICODE_STRING,PSECURITY_DESCRIPTOR,ACCESS_MASK,PGENERIC_MAPPING,BOOLEAN,PACCESS_MASK,PBOOLEAN,PBOOLEAN);
|
|
NTSTATUS WINAPI ZwAdjustPrivilegesToken(HANDLE,BOOLEAN,PTOKEN_PRIVILEGES,DWORD,PTOKEN_PRIVILEGES,PDWORD);
|
|
NTSTATUS WINAPI ZwAlertThread(HANDLE ThreadHandle);
|
|
NTSTATUS WINAPI ZwAllocateVirtualMemory(HANDLE,PVOID*,ULONG,SIZE_T*,ULONG,ULONG);
|
|
NTSTATUS WINAPI ZwCancelIoFile(HANDLE,PIO_STATUS_BLOCK);
|
|
NTSTATUS WINAPI ZwCancelTimer(HANDLE, BOOLEAN*);
|
|
NTSTATUS WINAPI ZwClearEvent(HANDLE);
|
|
NTSTATUS WINAPI ZwClose(HANDLE);
|
|
NTSTATUS WINAPI ZwCloseObjectAuditAlarm(PUNICODE_STRING,HANDLE,BOOLEAN);
|
|
NTSTATUS WINAPI ZwConnectPort(PHANDLE,PUNICODE_STRING,PSECURITY_QUALITY_OF_SERVICE,PLPC_SECTION_WRITE,PLPC_SECTION_READ,PULONG,PVOID,PULONG);
|
|
NTSTATUS WINAPI ZwCreateDirectoryObject(PHANDLE,ACCESS_MASK,POBJECT_ATTRIBUTES);
|
|
NTSTATUS WINAPI ZwCreateEvent(PHANDLE,ACCESS_MASK,const OBJECT_ATTRIBUTES *,BOOLEAN,BOOLEAN);
|
|
NTSTATUS WINAPI ZwCreateFile(PHANDLE,ACCESS_MASK,POBJECT_ATTRIBUTES,PIO_STATUS_BLOCK,PLARGE_INTEGER,ULONG,ULONG,ULONG,ULONG,PVOID,ULONG);
|
|
NTSTATUS WINAPI ZwCreateKey(PHANDLE,ACCESS_MASK,const OBJECT_ATTRIBUTES*,ULONG,const UNICODE_STRING*,ULONG,PULONG);
|
|
NTSTATUS WINAPI ZwCreateSection(HANDLE*,ACCESS_MASK,const OBJECT_ATTRIBUTES*,const LARGE_INTEGER*,ULONG,ULONG,HANDLE);
|
|
NTSTATUS WINAPI ZwCreateSymbolicLinkObject(PHANDLE,ACCESS_MASK,POBJECT_ATTRIBUTES,PUNICODE_STRING);
|
|
NTSTATUS WINAPI ZwCreateTimer(HANDLE*, ACCESS_MASK, const OBJECT_ATTRIBUTES*, TIMER_TYPE);
|
|
NTSTATUS WINAPI ZwDeleteAtom(RTL_ATOM);
|
|
NTSTATUS WINAPI ZwDeleteFile(POBJECT_ATTRIBUTES);
|
|
NTSTATUS WINAPI ZwDeleteKey(HANDLE);
|
|
NTSTATUS WINAPI ZwDeleteValueKey(HANDLE,const UNICODE_STRING *);
|
|
NTSTATUS WINAPI ZwDeviceIoControlFile(HANDLE,HANDLE,PIO_APC_ROUTINE,PVOID,PIO_STATUS_BLOCK,ULONG,PVOID,ULONG,PVOID,ULONG);
|
|
NTSTATUS WINAPI ZwDisplayString(PUNICODE_STRING);
|
|
NTSTATUS WINAPI ZwDuplicateObject(HANDLE,HANDLE,HANDLE,PHANDLE,ACCESS_MASK,ULONG,ULONG);
|
|
NTSTATUS WINAPI ZwDuplicateToken(HANDLE,ACCESS_MASK,POBJECT_ATTRIBUTES,SECURITY_IMPERSONATION_LEVEL,TOKEN_TYPE,PHANDLE);
|
|
NTSTATUS WINAPI ZwEnumerateKey(HANDLE,ULONG,KEY_INFORMATION_CLASS,void *,DWORD,DWORD *);
|
|
NTSTATUS WINAPI ZwEnumerateValueKey(HANDLE,ULONG,KEY_VALUE_INFORMATION_CLASS,PVOID,ULONG,PULONG);
|
|
NTSTATUS WINAPI ZwFlushInstructionCache(HANDLE,LPCVOID,SIZE_T);
|
|
NTSTATUS WINAPI ZwFlushKey(HANDLE);
|
|
NTSTATUS WINAPI ZwFlushVirtualMemory(HANDLE,LPCVOID*,SIZE_T*,ULONG);
|
|
NTSTATUS WINAPI ZwFreeVirtualMemory(HANDLE,PVOID*,SIZE_T*,ULONG);
|
|
NTSTATUS WINAPI ZwFsControlFile(HANDLE,HANDLE,PIO_APC_ROUTINE,PVOID,PIO_STATUS_BLOCK,ULONG,PVOID,ULONG,PVOID,ULONG);
|
|
NTSTATUS WINAPI ZwInitiatePowerAction(POWER_ACTION,SYSTEM_POWER_STATE,ULONG,BOOLEAN);
|
|
NTSTATUS WINAPI ZwLoadDriver(const UNICODE_STRING *);
|
|
NTSTATUS WINAPI ZwLoadKey(const OBJECT_ATTRIBUTES *,OBJECT_ATTRIBUTES *);
|
|
NTSTATUS WINAPI ZwLockVirtualMemory(HANDLE,PVOID*,SIZE_T*,ULONG);
|
|
NTSTATUS WINAPI ZwMakeTemporaryObject(HANDLE);
|
|
NTSTATUS WINAPI ZwMapViewOfSection(HANDLE,HANDLE,PVOID*,ULONG,SIZE_T,const LARGE_INTEGER*,SIZE_T*,SECTION_INHERIT,ULONG,ULONG);
|
|
NTSTATUS WINAPI ZwNotifyChangeKey(HANDLE,HANDLE,PIO_APC_ROUTINE,PVOID,PIO_STATUS_BLOCK,ULONG,BOOLEAN,PVOID,ULONG,BOOLEAN);
|
|
NTSTATUS WINAPI ZwOpenDirectoryObject(PHANDLE,ACCESS_MASK,POBJECT_ATTRIBUTES);
|
|
NTSTATUS WINAPI ZwOpenEvent(PHANDLE,ACCESS_MASK,const OBJECT_ATTRIBUTES *);
|
|
NTSTATUS WINAPI ZwOpenFile(PHANDLE,ACCESS_MASK,POBJECT_ATTRIBUTES,PIO_STATUS_BLOCK,ULONG,ULONG);
|
|
NTSTATUS WINAPI ZwOpenKey(PHANDLE,ACCESS_MASK,const OBJECT_ATTRIBUTES *);
|
|
NTSTATUS WINAPI ZwOpenProcess(PHANDLE,ACCESS_MASK,const OBJECT_ATTRIBUTES*,const CLIENT_ID*);
|
|
NTSTATUS WINAPI ZwOpenProcessToken(HANDLE,DWORD,HANDLE *);
|
|
NTSTATUS WINAPI ZwOpenSection(HANDLE*,ACCESS_MASK,const OBJECT_ATTRIBUTES*);
|
|
NTSTATUS WINAPI ZwOpenSymbolicLinkObject(PHANDLE,ACCESS_MASK,POBJECT_ATTRIBUTES);
|
|
NTSTATUS WINAPI ZwOpenThread(HANDLE*,ACCESS_MASK,const OBJECT_ATTRIBUTES*,const CLIENT_ID*);
|
|
NTSTATUS WINAPI ZwOpenThreadToken(HANDLE,DWORD,BOOLEAN,HANDLE *);
|
|
NTSTATUS WINAPI ZwOpenTimer(HANDLE*, ACCESS_MASK, const OBJECT_ATTRIBUTES*);
|
|
NTSTATUS WINAPI ZwPowerInformation(POWER_INFORMATION_LEVEL,PVOID,ULONG,PVOID,ULONG);
|
|
NTSTATUS WINAPI ZwPulseEvent(HANDLE,PULONG);
|
|
NTSTATUS WINAPI ZwQueryDefaultLocale(BOOLEAN,LCID*);
|
|
NTSTATUS WINAPI ZwQueryDefaultUILanguage(LANGID*);
|
|
NTSTATUS WINAPI ZwQueryDirectoryFile(HANDLE,HANDLE,PIO_APC_ROUTINE,PVOID,PIO_STATUS_BLOCK,PVOID,ULONG,FILE_INFORMATION_CLASS,BOOLEAN,PUNICODE_STRING,BOOLEAN);
|
|
NTSTATUS WINAPI ZwQueryDirectoryObject(HANDLE,PDIRECTORY_BASIC_INFORMATION,ULONG,BOOLEAN,BOOLEAN,PULONG,PULONG);
|
|
NTSTATUS WINAPI ZwQueryEaFile(HANDLE,PIO_STATUS_BLOCK,PVOID,ULONG,BOOLEAN,PVOID,ULONG,PVOID,BOOLEAN);
|
|
NTSTATUS WINAPI ZwQueryFullAttributesFile(const OBJECT_ATTRIBUTES*,FILE_NETWORK_OPEN_INFORMATION*);
|
|
NTSTATUS WINAPI ZwQueryInformationFile(HANDLE,PIO_STATUS_BLOCK,PVOID,LONG,FILE_INFORMATION_CLASS);
|
|
NTSTATUS WINAPI ZwQueryInformationThread(HANDLE,THREADINFOCLASS,PVOID,ULONG,PULONG);
|
|
NTSTATUS WINAPI ZwQueryInformationToken(HANDLE,DWORD,PVOID,DWORD,LPDWORD);
|
|
NTSTATUS WINAPI ZwQueryInstallUILanguage(LANGID*);
|
|
NTSTATUS WINAPI ZwQueryKey(HANDLE,KEY_INFORMATION_CLASS,void *,DWORD,DWORD *);
|
|
NTSTATUS WINAPI ZwQueryObject(HANDLE, OBJECT_INFORMATION_CLASS, PVOID, ULONG, PULONG);
|
|
NTSTATUS WINAPI ZwQuerySecurityObject(HANDLE,SECURITY_INFORMATION,PSECURITY_DESCRIPTOR,ULONG,PULONG);
|
|
NTSTATUS WINAPI ZwQuerySection(HANDLE,SECTION_INFORMATION_CLASS,PVOID,ULONG,PULONG);
|
|
NTSTATUS WINAPI ZwQuerySymbolicLinkObject(HANDLE,PUNICODE_STRING,PULONG);
|
|
NTSTATUS WINAPI ZwQuerySystemInformation(SYSTEM_INFORMATION_CLASS,PVOID,ULONG,PULONG);
|
|
NTSTATUS WINAPI ZwQueryTimerResolution(PULONG,PULONG,PULONG);
|
|
NTSTATUS WINAPI ZwQueryValueKey(HANDLE,const UNICODE_STRING *,KEY_VALUE_INFORMATION_CLASS,void *,DWORD,DWORD *);
|
|
NTSTATUS WINAPI ZwQueryVolumeInformationFile(HANDLE,PIO_STATUS_BLOCK,PVOID,ULONG,FS_INFORMATION_CLASS);
|
|
NTSTATUS WINAPI ZwReadFile(HANDLE,HANDLE,PIO_APC_ROUTINE,PVOID,PIO_STATUS_BLOCK,PVOID,ULONG,PLARGE_INTEGER,PULONG);
|
|
NTSTATUS WINAPI ZwReplaceKey(POBJECT_ATTRIBUTES,HANDLE,POBJECT_ATTRIBUTES);
|
|
NTSTATUS WINAPI ZwRequestWaitReplyPort(HANDLE,PLPC_MESSAGE,PLPC_MESSAGE);
|
|
NTSTATUS WINAPI ZwResetEvent(HANDLE,PULONG);
|
|
NTSTATUS WINAPI ZwRestoreKey(HANDLE,HANDLE,ULONG);
|
|
NTSTATUS WINAPI ZwSaveKey(HANDLE,HANDLE);
|
|
NTSTATUS WINAPI ZwSecureConnectPort(PHANDLE,PUNICODE_STRING,PSECURITY_QUALITY_OF_SERVICE,PLPC_SECTION_WRITE,PSID,PLPC_SECTION_READ,PULONG,PVOID,PULONG);
|
|
NTSTATUS WINAPI ZwSetDefaultLocale(BOOLEAN,LCID);
|
|
NTSTATUS WINAPI ZwSetDefaultUILanguage(LANGID);
|
|
NTSTATUS WINAPI ZwSetEaFile(HANDLE,PIO_STATUS_BLOCK,PVOID,ULONG);
|
|
NTSTATUS WINAPI ZwSetEvent(HANDLE,PULONG);
|
|
NTSTATUS WINAPI ZwSetInformationFile(HANDLE,PIO_STATUS_BLOCK,PVOID,ULONG,FILE_INFORMATION_CLASS);
|
|
NTSTATUS WINAPI ZwSetInformationKey(HANDLE,const int,PVOID,ULONG);
|
|
NTSTATUS WINAPI ZwSetInformationObject(HANDLE, OBJECT_INFORMATION_CLASS, PVOID, ULONG);
|
|
NTSTATUS WINAPI ZwSetInformationProcess(HANDLE,PROCESS_INFORMATION_CLASS,PVOID,ULONG);
|
|
NTSTATUS WINAPI ZwSetInformationThread(HANDLE,THREADINFOCLASS,LPCVOID,ULONG);
|
|
NTSTATUS WINAPI ZwSetIoCompletion(HANDLE,ULONG,ULONG,NTSTATUS,ULONG);
|
|
NTSTATUS WINAPI ZwSetLdtEntries(ULONG,ULONG,ULONG,ULONG,ULONG,ULONG);
|
|
NTSTATUS WINAPI ZwSetSecurityObject(HANDLE,SECURITY_INFORMATION,PSECURITY_DESCRIPTOR);
|
|
NTSTATUS WINAPI ZwSetSystemInformation(SYSTEM_INFORMATION_CLASS,PVOID,ULONG);
|
|
NTSTATUS WINAPI ZwSetSystemTime(const LARGE_INTEGER*,LARGE_INTEGER*);
|
|
NTSTATUS WINAPI ZwSetTimer(HANDLE, const LARGE_INTEGER*, PTIMER_APC_ROUTINE, PVOID, BOOLEAN, ULONG, BOOLEAN*);
|
|
NTSTATUS WINAPI ZwSetValueKey(HANDLE,const UNICODE_STRING *,ULONG,ULONG,const void *,ULONG);
|
|
NTSTATUS WINAPI ZwSetVolumeInformationFile(HANDLE,PIO_STATUS_BLOCK,PVOID,ULONG,FS_INFORMATION_CLASS);
|
|
NTSTATUS WINAPI ZwSuspendThread(HANDLE,PULONG);
|
|
NTSTATUS WINAPI ZwTerminateProcess(HANDLE,LONG);
|
|
NTSTATUS WINAPI ZwUnloadDriver(const UNICODE_STRING *);
|
|
NTSTATUS WINAPI ZwUnloadKey(HANDLE);
|
|
NTSTATUS WINAPI ZwUnmapViewOfSection(HANDLE,PVOID);
|
|
NTSTATUS WINAPI ZwWaitForSingleObject(HANDLE,BOOLEAN,const LARGE_INTEGER*);
|
|
NTSTATUS WINAPI ZwWaitForMultipleObjects(ULONG,const HANDLE*,BOOLEAN,BOOLEAN,const LARGE_INTEGER*);
|
|
NTSTATUS WINAPI ZwWriteFile(HANDLE,HANDLE,PIO_APC_ROUTINE,PVOID,PIO_STATUS_BLOCK,const void*,ULONG,PLARGE_INTEGER,PULONG);
|
|
NTSTATUS WINAPI ZwYieldExecution(void);
|
|
|
|
static inline void ExInitializeFastMutex( FAST_MUTEX *mutex )
|
|
{
|
|
mutex->Count = FM_LOCK_BIT;
|
|
mutex->Owner = NULL;
|
|
mutex->Contention = 0;
|
|
KeInitializeEvent( &mutex->Event, SynchronizationEvent, FALSE );
|
|
}
|
|
|
|
#endif
|