dvKrnlData.rar intrface.h

www.pudn.com > dvKrnlData.rar > intrface.h
// intrface.h 
// 
// Generated by C DriverWizard 3.2.0 (Build 2485) 
// Requires DDK Only 
// File created on 9/12/2006 
// 
 
// GUID definition are required to be outside of header inclusion pragma to avoid 
// error during precompiled headers. 
// 
 
#ifndef __INTRFACE_H__ 
#define __INTRFACE_H__ 
 
#define FILE_DEVICE_DVKRNLDATA  0x8000 
#define VENDOR_BASE             0x800 
 
#ifndef CTL_CODE 
#define CTL_CODE( DeviceType, Function, Method, Access ) (                 \ 
    ((DeviceType) << 16) | ((Access) << 14) | ((Function) << 2) | (Method) \ 
    ) 
#endif  //CTL_CODE 
 
#ifndef METHOD_BUFFERED 
#define METHOD_BUFFERED 0 
#endif  //METHOD_BUFFERED 
 
#define DVKRNLDATA_IOCTL(index, read, write) \ 
    CTL_CODE(FILE_DEVICE_DVKRNLDATA, \ 
             index + VENDOR_BASE, \ 
             METHOD_BUFFERED, \ 
             (read?FILE_READ_DATA:0) | (write?FILE_WRITE_DATA:0)) 
 
#define KRNLDATA_IO_READ_MEM    DVKRNLDATA_IOCTL(0, TRUE, TRUE) 
#define KRNLDATA_IO_WRITE_MEM   DVKRNLDATA_IOCTL(1, FALSE, TRUE) 
#define KRNLDATA_IO_IDT         DVKRNLDATA_IOCTL(2, TRUE, FALSE) 
#define KRNLDATA_IO_SST         DVKRNLDATA_IOCTL(3, TRUE, FALSE) 
#define KRNLDATA_IO_PHYSICAL    DVKRNLDATA_IOCTL(4, TRUE, TRUE) 
#define KRNLDATA_IO_HIDE_PROC   DVKRNLDATA_IOCTL(5, FALSE, TRUE) 
#define KRNLDATA_IO_STOP_HIDE   DVKRNLDATA_IOCTL(6, FALSE, FALSE) 
 
//请求读取内存的结构 
typedef struct _DVKRNLDATA_MEM_REQUEST 
{ 
    PVOID pAddress;         //要读取的内存首址 
    DWORD dwRequestLen;     //期望读取的长度 
}DVKRNLDATA_MEM_REQUEST, *PDVKRNLDATA_MEM_REQUEST; 
 
//中断描述符地址 
typedef struct _IDTR 
{ 
    WORD   IDTLimit;    //定义中断描述符表的限制 
    PVOID  IDTBase;     //定义中断描述服表的基址 
}IDTR, *PIDTR; 
 
//中断门结构 
typedef struct _IDT_ENTRY 
{ 
    WORD        OffsetLow;      //中断执行地址偏移的底16位 
    WORD        Selector;       //16位段选择符 
    BYTE        Reserved;       //保留位，为0 
    unsigned    Type:4;         //IDT中的门的类型(中断门，陷阱门和任务门) 
    unsigned    SegmentFlag:1;  //段标识位 
    unsigned    DPL:2;          //中断门的权限等级，0表示内核级，3表示用户级 
    unsigned    Present:1;      //呈现标志位 
    WORD        OffsetHigh;     //中断执行地址偏移的高16位 
}IDT_ENTRY, *PIDT_ENTRY; 
 
typedef LONG (__stdcall *NTPROC)(); 
typedef NTPROC *PNTPROC; 
 
//服务索引表SST 
typedef struct _SYSTEM_SERVICE_TABLE 
{ 
    PNTPROC ServiceTable;           //服务入口数组 
    PDWORD  CounterTable;           //使用统计 
    DWORD   ServiceLimit;           //服务数 
    PBYTE   ArgumentTable;          //服务对应的入参长度数组 
}SYSTEM_SERVICE_TABLE, *PSYSTEM_SERVICE_TABLE; 
 
//服务描述表SDT 
typedef struct _SERVICE_DESCRIPTOR_TABLE 
{ 
    SYSTEM_SERVICE_TABLE ntoskrnl;  //ntoskrnl.exe(native api)提供的服务索引表 
    SYSTEM_SERVICE_TABLE win32k;    //win32k.sys(gdi/user)提供的服务索引表 
    SYSTEM_SERVICE_TABLE Table3;    //not used 
    SYSTEM_SERVICE_TABLE Table4;    //not used 
}SERVICE_DESCRIPTOR_TABLE, *PSERVICE_DESCRIPTOR_TABLE; 
 
#endif // __INTRFACE_H__