1 2;--- a few definitions from ntdef 3 4LIST_ENTRY STRUCT 5Flink DWORD ? 6Blink DWORD ? 7LIST_ENTRY ENDS 8 9PWSTR typedef ptr WORD 10 11UNICODE_STRING STRUCT 12Length_ WORD ? ; size of string in bytes 13MaximumLength WORD ? ; size of string buffer in bytes 14Buffer PWSTR ? ; string 15UNICODE_STRING ENDS 16 17LARGE_INTEGER union 18struct 19LowPart DWORD ? 20HighPart SDWORD ? 21ends 22QuadPart SQWORD ? 23LARGE_INTEGER ends 24 25BOOLEAN typedef BYTE 26 27;--- a few definitions from ntddk 28 29IO_NO_INCREMENT equ 0 30 31FILE_DEVICE_UNKNOWN equ 22h 32 33FILE_READ_ACCESS equ 1 34 35METHOD_BUFFERED equ 0 36 37DPFLTR_DEFAULT_ID equ 101 38DPFLTR_INFO_LEVEL equ 3 39 40 41DISPATCHER_HEADER STRUCT 42Type_ BYTE ? 43Absolute BYTE ? 44Size_ BYTE ? 45Inserted BYTE ? 46SignalState SDWORD ? 47WaitListHead LIST_ENTRY <> 48DISPATCHER_HEADER ENDS 49 50KEVENT STRUCT 51Header DISPATCHER_HEADER <> 52KEVENT ENDS 53PKEVENT typedef PTR KEVENT 54 55KDEVICE_QUEUE_ENTRY STRUCT 4 56DeviceListEntry LIST_ENTRY <> 57SortKey DWORD ? 58Inserted BYTE ? 59KDEVICE_QUEUE_ENTRY ENDS 60 61IRP_MJ_CREATE equ 0 62IRP_MJ_CLOSE equ 2 63IRP_MJ_READ equ 3 64IRP_MJ_WRITE equ 4 65IRP_MJ_DEVICE_CONTROL equ 0Eh 66IRP_MJ_MAXIMUM_FUNCTION equ 1Bh 67 68PVOID typedef ptr 69PCHAR typedef ptr SBYTE 70PFILE_OBJECT typedef ptr FILE_OBJECT 71 72DRIVER_OBJECT STRUCT 73Type_ SWORD ? 74Size_ SWORD ? 75DeviceObject PVOID ? 76Flags DWORD ? 77DriverStart PVOID ? 78DriverSize DWORD ? 79DriverSection PVOID ? 80DriverExtension PVOID ? 81DriverName UNICODE_STRING <> 82HardwareDatabase PVOID ? 83FastIoDispatch PVOID ? 84DriverInit PVOID ? 85DriverStartIo PVOID ? 86DriverUnload PVOID ? 87MajorFunction PVOID (IRP_MJ_MAXIMUM_FUNCTION + 1) dup(?) 88DRIVER_OBJECT ENDS 89 90IO_STATUS_BLOCK STRUCT 91Status SDWORD ? 92Information DWORD ? 93IO_STATUS_BLOCK ENDS 94 95PIO_STATUS_BLOCK typedef ptr IO_STATUS_BLOCK 96 97KAPC STRUCT 4 98Type_ SWORD ? 99Size_ SWORD ? 100Spare0 DWORD ? 101Thread PVOID ? 102ApcListEntry LIST_ENTRY <> 103KernelRoutine PVOID ? 104RundownRoutine PVOID ? 105NormalRoutine PVOID ? 106NormalContext PVOID ? 107SystemArgument1 PVOID ? 108SystemArgument2 PVOID ? 109ApcStateIndex BYTE ? 110ApcMode BYTE ? 111Inserted BYTE ? 112KAPC ENDS 113 114IRP_ STRUCT 115Type_ WORD ? 116Size_ WORD ? 117MdlAddress PVOID ? 118Flags DWORD ? 119UNION AssociatedIrp 120 MasterIrp PVOID ? 121 IrpCount DWORD ? 122 SystemBuffer PVOID ? 123ENDS 124ThreadListEntry LIST_ENTRY <> 125IoStatus IO_STATUS_BLOCK <> 126RequestorMode BYTE ? 127PendingReturned BYTE ? 128StackCount BYTE ? 129CurrentLocation BYTE ? 130Cancel BYTE ? 131CancelIrql BYTE ? 132ApcEnvironment BYTE ? 133AllocationFlags BYTE ? 134UserIosb PIO_STATUS_BLOCK ? 135UserEvent PKEVENT ? 136UNION Overlay 137 STRUCT AsynchronousParameters 138 UserApcRoutine PVOID ? 139 UserApcContext PVOID ? 140 ENDS 141 AllocationSize LARGE_INTEGER <> 142ENDS 143CancelRoutine PVOID ? 144UserBuffer PVOID ? 145UNION Tail 146 STRUCT Overlay 147 UNION 148 DeviceQueueEntry KDEVICE_QUEUE_ENTRY <> 149 STRUCT 150 DriverContext PVOID 4 dup(?) 151 ENDS 152 153 ENDS 154 Thread PVOID ? 155 AuxiliaryBuffer PCHAR ? 156 STRUCT 157 ListEntry LIST_ENTRY <> 158 UNION 159 CurrentStackLocation PVOID ? 160 PacketType DWORD ? 161 ENDS 162 ENDS 163 OriginalFileObject PFILE_OBJECT ? 164 ENDS 165 Apc KAPC <> 166 CompletionKey PVOID ? 167ENDS 168IRP_ ENDS 169 170PDEVICE_OBJECT typedef ptr DEVICE_OBJECT 171 172IO_STACK_LOCATION STRUCT 4 173MajorFunction BYTE ? 174MinorFunction BYTE ? 175Flags BYTE ? 176Control BYTE ? 177 178union Parameters 179 180 struct Create 181 SecurityContext PVOID ? 182 Options DWORD ? 183 FileAttributes WORD ? 184 ShareAccess WORD ? 185 EaLength DWORD ? 186 ends 187 188 struct Read 189 Length_ DWORD ? 190 Key DWORD ? 191 ByteOffset LARGE_INTEGER <> 192 ends 193 194 struct Write 195 Length_ DWORD ? 196 Key DWORD ? 197 ByteOffset LARGE_INTEGER <> 198 ends 199 200 struct QueryFile 201 Length_ DWORD ? 202 FileInformationClass DWORD ? 203 ends 204 205 struct SetFile 206 Length_ DWORD ? 207 FileInformationClass DWORD ? 208 FileObject PVOID ? 209 union 210 struct 211 ReplaceIfExists BOOLEAN ? 212 AdvanceOnly BOOLEAN ? 213 ends 214 ClusterCount DWORD ? 215 DeleteHandle DWORD ? 216 ends 217 ends 218 219 struct QueryVolume 220 Length_ DWORD ? 221 FsInformationClass DWORD ? 222 ends 223 224 struct DeviceIoControl 225 OutputBufferLength DWORD ? 226 InputBufferLength DWORD ? 227 IoControlCode DWORD ? 228 Type3InputBuffer PVOID ? 229 ends 230 231 struct QuerySecurity 232 SecurityInformation DWORD ? 233 Length_ DWORD ? 234 ends 235 236 struct SetSecurity 237 SecurityInformation DWORD ? 238 SecurityDescriptor PVOID ? 239 ends 240 241 242 struct MountVolume 243 Vpb PVOID ? 244 DeviceObject PVOID ? 245 ends 246 247 struct VerifyVolume 248 Vpb PVOID ? 249 DeviceObject PVOID ? 250 ends 251 252 struct Scsi 253 Srb PVOID ? 254 ends 255 256 struct QueryDeviceRelations 257 Type_ DWORD ? 258 ends 259 260 struct QueryInterface 261 InterfaceType DWORD ? 262 Size_ WORD ? 263 Version WORD ? 264 Interface PVOID ? 265 InterfaceSpecificData PVOID ? 266 ends 267 268 struct DeviceCapabilities 269 Capabilities PVOID ? 270 ends 271 272 struct FilterResourceRequirements 273 IoResourceRequirementList PVOID ? 274 ends 275 276 struct ReadWriteConfig 277 WhichSpace DWORD ? 278 Buffer PVOID ? 279 Offset_ DWORD ? 280 Length_ DWORD ? 281 ends 282 283 struct SetLock 284 _Lock BOOLEAN ? 285 ends 286 287 struct QueryId 288 IdType DWORD ? 289 ends 290 291 struct QueryDeviceText 292 DeviceTextType DWORD ? 293 LocaleId DWORD ? 294 ends 295 296 struct UsageNotification 297 InPath BOOLEAN ? 298 ;Reserved BOOLEAN 3 dup(?) 299 Type_ DWORD ? 300 ends 301 302 struct WaitWake 303 PowerState DWORD ? 304 ends 305 306 struct PowerSequence 307 PowerSequence PVOID ? 308 ends 309 310 struct WMI 311 ProviderId DWORD ? 312 DataPath PVOID ? 313 BufferSize DWORD ? 314 Buffer PVOID ? 315 ends 316 317 struct Others 318 Argument1 PVOID ? 319 Argument2 PVOID ? 320 Argument3 PVOID ? 321 Argument4 PVOID ? 322 ends 323 324ends 325 326DeviceObject PDEVICE_OBJECT ? 327FileObject PFILE_OBJECT ? 328CompletionRoutine PVOID ? 329Context PVOID ? 330 331IO_STACK_LOCATION ENDS 332