typedef struct _DEVICE_OBJECT {
CSHORT Type; 0x00
USHORT Size; 0x02
LONG ReferenceCount; 0x04
struct _DRIVER_OBJECT *DriverObject; 0x08
struct _DEVICE_OBJECT *NextDevice; 0x0c
struct _DEVICE_OBJECT *AttachedDevice; 0x10
struct _IRP *CurrentIrp; 0x14
PIO_TIMER Timer; 0x18
ULONG Flags; 0x1c // See above: DO_...
ULONG Characteristics; 0x20 // See ntioapi: FILE_...
PVPB Vpb;0x24
PVOID DeviceExtension; 0x28 -----------------//经常用的哦
DEVICE_TYPE DeviceType;0x2c
CCHAR StackSize;0x30
union {
LIST_ENTRY ListEntry;
WAIT_CONTEXT_BLOCK Wcb;
} Queue; 0x31
ULONG AlignmentRequirement;
KDEVICE_QUEUE DeviceQueue;
KDPC Dpc;
CSHORT Type; 0x00
USHORT Size; 0x02
LONG ReferenceCount; 0x04
struct _DRIVER_OBJECT *DriverObject; 0x08
struct _DEVICE_OBJECT *NextDevice; 0x0c
struct _DEVICE_OBJECT *AttachedDevice; 0x10
struct _IRP *CurrentIrp; 0x14
PIO_TIMER Timer; 0x18
ULONG Flags; 0x1c // See above: DO_...
ULONG Characteristics; 0x20 // See ntioapi: FILE_...
PVPB Vpb;0x24
PVOID DeviceExtension; 0x28 -----------------//经常用的哦
DEVICE_TYPE DeviceType;0x2c
CCHAR StackSize;0x30
union {
LIST_ENTRY ListEntry;
WAIT_CONTEXT_BLOCK Wcb;
} Queue; 0x31
ULONG AlignmentRequirement;
KDEVICE_QUEUE DeviceQueue;
KDPC Dpc;
typedef struct _UNICODE_STRING {
USHORT Length;
USHORT MaximumLength;
#ifdef MIDL_PASS
[size_is(MaximumLength / 2), length_is((Length) / 2) ] USHORT * Buffer;
#else // MIDL_PASS
PWSTR Buffer;
#endif // MIDL_PASS
} UNICODE_STRING;
所以UNICODE_STRING占8个字节
USHORT Length;
USHORT MaximumLength;
#ifdef MIDL_PASS
[size_is(MaximumLength / 2), length_is((Length) / 2) ] USHORT * Buffer;
#else // MIDL_PASS
PWSTR Buffer;
#endif // MIDL_PASS
} UNICODE_STRING;
所以UNICODE_STRING占8个字节
typedef struct _LIST_ENTRY {
struct _LIST_ENTRY *Flink;
struct _LIST_ENTRY *Blink;
} LIST_ENTRY, *PLIST_ENTRY, *RESTRICTED_POINTER PRLIST_ENTRY;
两个指针LIST_ENTRY长度为8个字节
struct _LIST_ENTRY *Flink;
struct _LIST_ENTRY *Blink;
} LIST_ENTRY, *PLIST_ENTRY, *RESTRICTED_POINTER PRLIST_ENTRY;
两个指针LIST_ENTRY长度为8个字节
typedef struct _IO_STATUS_BLOCK {
union {
NTSTATUS Status;
PVOID Pointer;
};0x00
ULONG_PTR Information;0x04
} IO_STATUS_BLOCK, *PIO_STATUS_BLOCK;
union {
NTSTATUS Status;
PVOID Pointer;
};0x00
ULONG_PTR Information;0x04
} IO_STATUS_BLOCK, *PIO_STATUS_BLOCK;
typedef struct _IRP {
CSHORT Type; 0x00
USHORT Size; 0x02
PMDL MdlAddress;0x04
ULONG Flags;0x08
union {
struct _IRP *MasterIrp;
LONG IrpCount;
PVOID SystemBuffer;
} AssociatedIrp; 0x0c
LIST_ENTRY ThreadListEntry;0x10
IO_STATUS_BLOCK IoStatus;0x18 --- 如果是0x1C 就是Information
KPROCESSOR_MODE RequestorMode;0x20
BOOLEAN PendingReturned;0x21
CHAR StackCount;0x22
CHAR CurrentLocation;0x23
BOOLEAN Cancel;0x24
KIRQL CancelIrql;0x25
CCHAR ApcEnvironment;0x26
UCHAR AllocationFlags;0x27
PIO_STATUS_BLOCK UserIosb;0x28
PKEVENT UserEvent;0x2c
union
{
struct
{
PIO_APC_ROUTINE UserApcRoutine;
PVOID UserApcContext;
} AsynchronousParameters;
LARGE_INTEGER AllocationSize;
} Overlay;0x30
PDRIVER_CANCEL CancelRoutine;0x38
PVOID UserBuffer;0x3c
union
{
struct //0x40
{
union //0x40
{
KDEVICE_QUEUE_ENTRY DeviceQueueEntry; //0x40
struct
{
PVOID DriverContext[4];//0x40
} ;
} ;
PETHREAD Thread;0x50
PCHAR AuxiliaryBuffer;0x54
struct //0x58
{
LIST_ENTRY ListEntry;//0x58
union//0x60 -------常用 就是CurrentStackLocation
{
struct _IO_STACK_LOCATION *CurrentStackLocation;//0x60
ULONG PacketType;//0x60
};
};
PFILE_OBJECT OriginalFileObject;//0x64
} Overlay;//struct
KAPC Apc;//0x40
PVOID CompletionKey;//0x40
} Tail;0x40
} IRP, *PIRP;
CSHORT Type; 0x00
USHORT Size; 0x02
PMDL MdlAddress;0x04
ULONG Flags;0x08
union {
struct _IRP *MasterIrp;
LONG IrpCount;
PVOID SystemBuffer;
} AssociatedIrp; 0x0c
LIST_ENTRY ThreadListEntry;0x10
IO_STATUS_BLOCK IoStatus;0x18 --- 如果是0x1C 就是Information
KPROCESSOR_MODE RequestorMode;0x20
BOOLEAN PendingReturned;0x21
CHAR StackCount;0x22
CHAR CurrentLocation;0x23
BOOLEAN Cancel;0x24
KIRQL CancelIrql;0x25
CCHAR ApcEnvironment;0x26
UCHAR AllocationFlags;0x27
PIO_STATUS_BLOCK UserIosb;0x28
PKEVENT UserEvent;0x2c
union
{
struct
{
PIO_APC_ROUTINE UserApcRoutine;
PVOID UserApcContext;
} AsynchronousParameters;
LARGE_INTEGER AllocationSize;
} Overlay;0x30
PDRIVER_CANCEL CancelRoutine;0x38
PVOID UserBuffer;0x3c
union
{
struct //0x40
{
union //0x40
{
KDEVICE_QUEUE_ENTRY DeviceQueueEntry; //0x40
struct
{
PVOID DriverContext[4];//0x40
} ;
} ;
PETHREAD Thread;0x50
PCHAR AuxiliaryBuffer;0x54
struct //0x58
{
LIST_ENTRY ListEntry;//0x58
union//0x60 -------常用 就是CurrentStackLocation
{
struct _IO_STACK_LOCATION *CurrentStackLocation;//0x60
ULONG PacketType;//0x60
};
};
PFILE_OBJECT OriginalFileObject;//0x64
} Overlay;//struct
KAPC Apc;//0x40
PVOID CompletionKey;//0x40
} Tail;0x40
} IRP, *PIRP;
typedef struct _IO_STACK_LOCATION {
UCHAR MajorFunction;0x00
UCHAR MinorFunction;0x01
UCHAR Flags;0x02
UCHAR Control;0x03
//
// The following user parameters are based on the service that is being
// invoked. Drivers and file systems can determine which set to use based
// on the above major and minor function codes.
//
union {
//
// System service parameters for: NtCreateFile
//
struct {
PIO_SECURITY_CONTEXT SecurityContext;
ULONG Options;
USHORT POINTER_ALIGNMENT FileAttributes;
USHORT ShareAccess;
ULONG POINTER_ALIGNMENT EaLength;
} Create;
//
// System service parameters for: NtReadFile
//
struct {
ULONG Length;
ULONG POINTER_ALIGNMENT Key;
LARGE_INTEGER ByteOffset;
} Read;
//
// System service parameters for: NtWriteFile
//
struct {
ULONG Length;
ULONG POINTER_ALIGNMENT Key;
LARGE_INTEGER ByteOffset;
} Write;
//
// System service parameters for: NtQueryInformationFile
//
struct {
ULONG Length;
FILE_INFORMATION_CLASS POINTER_ALIGNMENT FileInformationClass;
} QueryFile;
//
// System service parameters for: NtSetInformationFile
//
struct {
ULONG Length;
FILE_INFORMATION_CLASS POINTER_ALIGNMENT FileInformationClass;
PFILE_OBJECT FileObject;
union {
struct {
BOOLEAN ReplaceIfExists;
BOOLEAN AdvanceOnly;
};
ULONG ClusterCount;
HANDLE DeleteHandle;
};
} SetFile;
//
// System service parameters for: NtQueryVolumeInformationFile
//
struct {
ULONG Length;
FS_INFORMATION_CLASS POINTER_ALIGNMENT FsInformationClass;
} QueryVolume;
//
// System service parameters for: NtFlushBuffersFile
//
// No extra user-supplied parameters.
//
//
// System service parameters for: NtDeviceIoControlFile
//
// Note that the user's output buffer is stored in the UserBuffer field
// and the user's input buffer is stored in the SystemBuffer field.
//
struct {
ULONG OutputBufferLength;
ULONG POINTER_ALIGNMENT InputBufferLength;
ULONG POINTER_ALIGNMENT IoControlCode;
PVOID Type3InputBuffer;
} DeviceIoControl;
// end_wdm
//
// System service parameters for: NtQuerySecurityObject
//
struct {
SECURITY_INFORMATION SecurityInformation;
ULONG POINTER_ALIGNMENT Length;
} QuerySecurity;
//
// System service parameters for: NtSetSecurityObject
//
struct {
SECURITY_INFORMATION SecurityInformation;
PSECURITY_DESCRIPTOR SecurityDescriptor;
} SetSecurity;
// begin_wdm
//
// Non-system service parameters.
//
// Parameters for MountVolume
//
struct {
PVPB Vpb;
PDEVICE_OBJECT DeviceObject;
} MountVolume;
//
// Parameters for VerifyVolume
//
struct {
PVPB Vpb;
PDEVICE_OBJECT DeviceObject;
} VerifyVolume;
//
// Parameters for Scsi with internal device contorl.
//
struct {
struct _SCSI_REQUEST_BLOCK *Srb;
} Scsi;
//
// Parameters for IRP_MN_QUERY_DEVICE_RELATIONS
//
struct {
DEVICE_RELATION_TYPE Type;
} QueryDeviceRelations;
//
// Parameters for IRP_MN_QUERY_INTERFACE
//
struct {
CONST GUID *InterfaceType;
USHORT Size;
USHORT Version;
PINTERFACE Interface;
PVOID InterfaceSpecificData;
} QueryInterface;
// end_ntifs
//
// Parameters for IRP_MN_QUERY_CAPABILITIES
//
struct {
PDEVICE_CAPABILITIES Capabilities;
} DeviceCapabilities;
//
// Parameters for IRP_MN_FILTER_RESOURCE_REQUIREMENTS
//
struct {
PIO_RESOURCE_REQUIREMENTS_LIST IoResourceRequirementList;
} FilterResourceRequirements;
//
// Parameters for IRP_MN_READ_CONFIG and IRP_MN_WRITE_CONFIG
//
struct {
ULONG WhichSpace;
PVOID Buffer;
ULONG Offset;
ULONG POINTER_ALIGNMENT Length;
} ReadWriteConfig;
//
// Parameters for IRP_MN_SET_LOCK
//
struct {
BOOLEAN Lock;
} SetLock;
//
// Parameters for IRP_MN_QUERY_ID
//
struct {
BUS_QUERY_ID_TYPE IdType;
} QueryId;
//
// Parameters for IRP_MN_QUERY_DEVICE_TEXT
//
struct {
DEVICE_TEXT_TYPE DeviceTextType;
LCID POINTER_ALIGNMENT LocaleId;
} QueryDeviceText;
//
// Parameters for IRP_MN_DEVICE_USAGE_NOTIFICATION
//
struct {
BOOLEAN InPath;
BOOLEAN Reserved[3];
DEVICE_USAGE_NOTIFICATION_TYPE POINTER_ALIGNMENT Type;
} UsageNotification;
//
// Parameters for IRP_MN_WAIT_WAKE
//
struct {
SYSTEM_POWER_STATE PowerState;
} WaitWake;
//
// Parameter for IRP_MN_POWER_SEQUENCE
//
struct {
PPOWER_SEQUENCE PowerSequence;
} PowerSequence;
//
// Parameters for IRP_MN_SET_POWER and IRP_MN_QUERY_POWER
//
struct {
ULONG SystemContext; //0x04
POWER_STATE_TYPE POINTER_ALIGNMENT Type; //0x08
POWER_STATE POINTER_ALIGNMENT State;
POWER_ACTION POINTER_ALIGNMENT ShutdownType;
} Power;
//
// Parameters for StartDevice
//
struct {
PCM_RESOURCE_LIST AllocatedResources;
PCM_RESOURCE_LIST AllocatedResourcesTranslated;
} StartDevice;
// begin_ntifs
//
// Parameters for Cleanup
//
// No extra parameters supplied
//
//
// WMI Irps
//
struct {
ULONG_PTR ProviderId;
PVOID DataPath;
ULONG BufferSize;
PVOID Buffer;
} WMI;
//
// Others - driver-specific
//
struct {
PVOID Argument1;
PVOID Argument2;
PVOID Argument3;
PVOID Argument4;
} Others;
} Parameters;0x04
//
// Save a pointer to this device driver's device object for this request
// so it can be passed to the completion routine if needed.
//
PDEVICE_OBJECT DeviceObject;0x14
//
// The following location contains a pointer to the file object for this
//
PFILE_OBJECT FileObject;0x18
//
// The following routine is invoked depending on the flags in the above
// flags field.
//
PIO_COMPLETION_ROUTINE CompletionRoutine;0x1c
//
// The following is used to store the address of the context parameter
// that should be passed to the CompletionRoutine.
//
PVOID Context;0x20
} IO_STACK_LOCATION, *PIO_STACK_LOCATION;
UCHAR MajorFunction;0x00
UCHAR MinorFunction;0x01
UCHAR Flags;0x02
UCHAR Control;0x03
//
// The following user parameters are based on the service that is being
// invoked. Drivers and file systems can determine which set to use based
// on the above major and minor function codes.
//
union {
//
// System service parameters for: NtCreateFile
//
struct {
PIO_SECURITY_CONTEXT SecurityContext;
ULONG Options;
USHORT POINTER_ALIGNMENT FileAttributes;
USHORT ShareAccess;
ULONG POINTER_ALIGNMENT EaLength;
} Create;
//
// System service parameters for: NtReadFile
//
struct {
ULONG Length;
ULONG POINTER_ALIGNMENT Key;
LARGE_INTEGER ByteOffset;
} Read;
//
// System service parameters for: NtWriteFile
//
struct {
ULONG Length;
ULONG POINTER_ALIGNMENT Key;
LARGE_INTEGER ByteOffset;
} Write;
//
// System service parameters for: NtQueryInformationFile
//
struct {
ULONG Length;
FILE_INFORMATION_CLASS POINTER_ALIGNMENT FileInformationClass;
} QueryFile;
//
// System service parameters for: NtSetInformationFile
//
struct {
ULONG Length;
FILE_INFORMATION_CLASS POINTER_ALIGNMENT FileInformationClass;
PFILE_OBJECT FileObject;
union {
struct {
BOOLEAN ReplaceIfExists;
BOOLEAN AdvanceOnly;
};
ULONG ClusterCount;
HANDLE DeleteHandle;
};
} SetFile;
//
// System service parameters for: NtQueryVolumeInformationFile
//
struct {
ULONG Length;
FS_INFORMATION_CLASS POINTER_ALIGNMENT FsInformationClass;
} QueryVolume;
//
// System service parameters for: NtFlushBuffersFile
//
// No extra user-supplied parameters.
//
//
// System service parameters for: NtDeviceIoControlFile
//
// Note that the user's output buffer is stored in the UserBuffer field
// and the user's input buffer is stored in the SystemBuffer field.
//
struct {
ULONG OutputBufferLength;
ULONG POINTER_ALIGNMENT InputBufferLength;
ULONG POINTER_ALIGNMENT IoControlCode;
PVOID Type3InputBuffer;
} DeviceIoControl;
// end_wdm
//
// System service parameters for: NtQuerySecurityObject
//
struct {
SECURITY_INFORMATION SecurityInformation;
ULONG POINTER_ALIGNMENT Length;
} QuerySecurity;
//
// System service parameters for: NtSetSecurityObject
//
struct {
SECURITY_INFORMATION SecurityInformation;
PSECURITY_DESCRIPTOR SecurityDescriptor;
} SetSecurity;
// begin_wdm
//
// Non-system service parameters.
//
// Parameters for MountVolume
//
struct {
PVPB Vpb;
PDEVICE_OBJECT DeviceObject;
} MountVolume;
//
// Parameters for VerifyVolume
//
struct {
PVPB Vpb;
PDEVICE_OBJECT DeviceObject;
} VerifyVolume;
//
// Parameters for Scsi with internal device contorl.
//
struct {
struct _SCSI_REQUEST_BLOCK *Srb;
} Scsi;
//
// Parameters for IRP_MN_QUERY_DEVICE_RELATIONS
//
struct {
DEVICE_RELATION_TYPE Type;
} QueryDeviceRelations;
//
// Parameters for IRP_MN_QUERY_INTERFACE
//
struct {
CONST GUID *InterfaceType;
USHORT Size;
USHORT Version;
PINTERFACE Interface;
PVOID InterfaceSpecificData;
} QueryInterface;
// end_ntifs
//
// Parameters for IRP_MN_QUERY_CAPABILITIES
//
struct {
PDEVICE_CAPABILITIES Capabilities;
} DeviceCapabilities;
//
// Parameters for IRP_MN_FILTER_RESOURCE_REQUIREMENTS
//
struct {
PIO_RESOURCE_REQUIREMENTS_LIST IoResourceRequirementList;
} FilterResourceRequirements;
//
// Parameters for IRP_MN_READ_CONFIG and IRP_MN_WRITE_CONFIG
//
struct {
ULONG WhichSpace;
PVOID Buffer;
ULONG Offset;
ULONG POINTER_ALIGNMENT Length;
} ReadWriteConfig;
//
// Parameters for IRP_MN_SET_LOCK
//
struct {
BOOLEAN Lock;
} SetLock;
//
// Parameters for IRP_MN_QUERY_ID
//
struct {
BUS_QUERY_ID_TYPE IdType;
} QueryId;
//
// Parameters for IRP_MN_QUERY_DEVICE_TEXT
//
struct {
DEVICE_TEXT_TYPE DeviceTextType;
LCID POINTER_ALIGNMENT LocaleId;
} QueryDeviceText;
//
// Parameters for IRP_MN_DEVICE_USAGE_NOTIFICATION
//
struct {
BOOLEAN InPath;
BOOLEAN Reserved[3];
DEVICE_USAGE_NOTIFICATION_TYPE POINTER_ALIGNMENT Type;
} UsageNotification;
//
// Parameters for IRP_MN_WAIT_WAKE
//
struct {
SYSTEM_POWER_STATE PowerState;
} WaitWake;
//
// Parameter for IRP_MN_POWER_SEQUENCE
//
struct {
PPOWER_SEQUENCE PowerSequence;
} PowerSequence;
//
// Parameters for IRP_MN_SET_POWER and IRP_MN_QUERY_POWER
//
struct {
ULONG SystemContext; //0x04
POWER_STATE_TYPE POINTER_ALIGNMENT Type; //0x08
POWER_STATE POINTER_ALIGNMENT State;
POWER_ACTION POINTER_ALIGNMENT ShutdownType;
} Power;
//
// Parameters for StartDevice
//
struct {
PCM_RESOURCE_LIST AllocatedResources;
PCM_RESOURCE_LIST AllocatedResourcesTranslated;
} StartDevice;
// begin_ntifs
//
// Parameters for Cleanup
//
// No extra parameters supplied
//
//
// WMI Irps
//
struct {
ULONG_PTR ProviderId;
PVOID DataPath;
ULONG BufferSize;
PVOID Buffer;
} WMI;
//
// Others - driver-specific
//
struct {
PVOID Argument1;
PVOID Argument2;
PVOID Argument3;
PVOID Argument4;
} Others;
} Parameters;0x04
//
// Save a pointer to this device driver's device object for this request
// so it can be passed to the completion routine if needed.
//
PDEVICE_OBJECT DeviceObject;0x14
//
// The following location contains a pointer to the file object for this
//
PFILE_OBJECT FileObject;0x18
//
// The following routine is invoked depending on the flags in the above
// flags field.
//
PIO_COMPLETION_ROUTINE CompletionRoutine;0x1c
//
// The following is used to store the address of the context parameter
// that should be passed to the CompletionRoutine.
//
PVOID Context;0x20
} IO_STACK_LOCATION, *PIO_STACK_LOCATION;
typedef struct _LIST_ENTRY {
struct _LIST_ENTRY *Flink;
struct _LIST_ENTRY *Blink;
}LIST_ENTRY,*PLIST_ENTRY;
//
// Doubly-linked list manipulation routines. Implemented as macros
// but logically these are procedures.
//
//
// VOID
// InitializeListHead(
// PLIST_ENTRY ListHead
// );
//
#define InitializeListHead(ListHead) (/
(ListHead)->Flink = (ListHead)->Blink = (ListHead))
//
// BOOLEAN
// IsListEmpty(
// PLIST_ENTRY ListHead
// );
//
#define IsListEmpty(ListHead) /
((ListHead)->Flink == (ListHead))
//
// PLIST_ENTRY
// RemoveHeadList(
// PLIST_ENTRY ListHead
// );
//
#define RemoveHeadList(ListHead) /
(ListHead)->Flink;/
{RemoveEntryList((ListHead)->Flink)}
//
// PLIST_ENTRY
// RemoveTailList(
// PLIST_ENTRY ListHead
// );
//
#define RemoveTailList(ListHead) /
(ListHead)->Blink;/
{RemoveEntryList((ListHead)->Blink)}
//
// VOID
// RemoveEntryList(
// PLIST_ENTRY Entry
// );
//
#define RemoveEntryList(Entry) {/
PLIST_ENTRY _EX_Blink;/
PLIST_ENTRY _EX_Flink;/
_EX_Flink = (Entry)->Flink;/
_EX_Blink = (Entry)->Blink;/
_EX_Blink->Flink = _EX_Flink;/
_EX_Flink->Blink = _EX_Blink;/
}
//
// VOID
// InsertTailList(
// PLIST_ENTRY ListHead,
// PLIST_ENTRY Entry
// );
//
#define InsertTailList(ListHead,Entry) {/
PLIST_ENTRY _EX_Blink;/
PLIST_ENTRY _EX_ListHead;/
_EX_ListHead = (ListHead);/
_EX_Blink = _EX_ListHead->Blink;/
(Entry)->Flink = _EX_ListHead;/
(Entry)->Blink = _EX_Blink;/
_EX_Blink->Flink = (Entry);/
_EX_ListHead->Blink = (Entry);/
}
//
// VOID
// InsertHeadList(
// PLIST_ENTRY ListHead,
// PLIST_ENTRY Entry
// );
//
#define InsertHeadList(ListHead,Entry) {/
PLIST_ENTRY _EX_Flink;/
PLIST_ENTRY _EX_ListHead;/
_EX_ListHead = (ListHead);/
_EX_Flink = _EX_ListHead->Flink;/
(Entry)->Flink = _EX_Flink;/
(Entry)->Blink = _EX_ListHead;/
_EX_Flink->Blink = (Entry);/
_EX_ListHead->Flink = (Entry);/
}
struct _LIST_ENTRY *Flink;
struct _LIST_ENTRY *Blink;
}LIST_ENTRY,*PLIST_ENTRY;
//
// Doubly-linked list manipulation routines. Implemented as macros
// but logically these are procedures.
//
//
// VOID
// InitializeListHead(
// PLIST_ENTRY ListHead
// );
//
#define InitializeListHead(ListHead) (/
(ListHead)->Flink = (ListHead)->Blink = (ListHead))
//
// BOOLEAN
// IsListEmpty(
// PLIST_ENTRY ListHead
// );
//
#define IsListEmpty(ListHead) /
((ListHead)->Flink == (ListHead))
//
// PLIST_ENTRY
// RemoveHeadList(
// PLIST_ENTRY ListHead
// );
//
#define RemoveHeadList(ListHead) /
(ListHead)->Flink;/
{RemoveEntryList((ListHead)->Flink)}
//
// PLIST_ENTRY
// RemoveTailList(
// PLIST_ENTRY ListHead
// );
//
#define RemoveTailList(ListHead) /
(ListHead)->Blink;/
{RemoveEntryList((ListHead)->Blink)}
//
// VOID
// RemoveEntryList(
// PLIST_ENTRY Entry
// );
//
#define RemoveEntryList(Entry) {/
PLIST_ENTRY _EX_Blink;/
PLIST_ENTRY _EX_Flink;/
_EX_Flink = (Entry)->Flink;/
_EX_Blink = (Entry)->Blink;/
_EX_Blink->Flink = _EX_Flink;/
_EX_Flink->Blink = _EX_Blink;/
}
//
// VOID
// InsertTailList(
// PLIST_ENTRY ListHead,
// PLIST_ENTRY Entry
// );
//
#define InsertTailList(ListHead,Entry) {/
PLIST_ENTRY _EX_Blink;/
PLIST_ENTRY _EX_ListHead;/
_EX_ListHead = (ListHead);/
_EX_Blink = _EX_ListHead->Blink;/
(Entry)->Flink = _EX_ListHead;/
(Entry)->Blink = _EX_Blink;/
_EX_Blink->Flink = (Entry);/
_EX_ListHead->Blink = (Entry);/
}
//
// VOID
// InsertHeadList(
// PLIST_ENTRY ListHead,
// PLIST_ENTRY Entry
// );
//
#define InsertHeadList(ListHead,Entry) {/
PLIST_ENTRY _EX_Flink;/
PLIST_ENTRY _EX_ListHead;/
_EX_ListHead = (ListHead);/
_EX_Flink = _EX_ListHead->Flink;/
(Entry)->Flink = _EX_Flink;/
(Entry)->Blink = _EX_ListHead;/
_EX_Flink->Blink = (Entry);/
_EX_ListHead->Flink = (Entry);/
}
typedef struct _DRIVER_OBJECT {
CSHORT Type;0x00
CSHORT Size;0x02
PDEVICE_OBJECT DeviceObject;0x04
ULONG Flags;0x08
PVOID DriverStart;0x0c
ULONG DriverSize;0x10
PVOID DriverSection;0x14
PDRIVER_EXTENSION DriverExtension;0x18
UNICODE_STRING DriverName;0x1c
PUNICODE_STRING HardwareDatabase;0x24
PFAST_IO_DISPATCH FastIoDispatch;0x28
PDRIVER_INITIALIZE DriverInit;0x2c
PDRIVER_STARTIO DriverStartIo;0x30
PDRIVER_UNLOAD DriverUnload;0x34
PDRIVER_DISPATCH MajorFunction[IRP_MJ_MAXIMUM_FUNCTION + 1];0x38
} DRIVER_OBJECT;
CSHORT Type;0x00
CSHORT Size;0x02
PDEVICE_OBJECT DeviceObject;0x04
ULONG Flags;0x08
PVOID DriverStart;0x0c
ULONG DriverSize;0x10
PVOID DriverSection;0x14
PDRIVER_EXTENSION DriverExtension;0x18
UNICODE_STRING DriverName;0x1c
PUNICODE_STRING HardwareDatabase;0x24
PFAST_IO_DISPATCH FastIoDispatch;0x28
PDRIVER_INITIALIZE DriverInit;0x2c
PDRIVER_STARTIO DriverStartIo;0x30
PDRIVER_UNLOAD DriverUnload;0x34
PDRIVER_DISPATCH MajorFunction[IRP_MJ_MAXIMUM_FUNCTION + 1];0x38
} DRIVER_OBJECT;
3985
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
