Windows XP 常用内核数据结构定义[Delphi/Pascal格式]
windows几个重要的内核数据结构虽然网上也有相关的定义,但个人觉得不齐全定义不规范,因此用一天时间使用WinDbg+Win2000sourcecode重新定义了常用的内核数据结构,并尽可能还原微软的原结构定义,每个结构都递归到最子层的结构并且通过了测试。通过这次工作过程不仅使自己得到一次学习的机会,而且提高了自己的整体软件架构规划设计水平。
(如果转帖请著名出处,谢谢。)
{*********************************************************}
{* *}
{* Windows Kernel Struct Define *}
{* *}
{* [uWindowsKernelStruct.pas] *}
{* *}
{* Copyright (c)2010 codegame *}
{* Update: 2010-04-09 23:51:44 *}
{*********************************************************}
type
PEXCEPTION_DISPOSITION = ^TEXCEPTION_DISPOSITION;
TEXCEPTION_DISPOSITION = (
ExceptionContinueExecution = 0,
ExceptionContinueSearch = 1,
ExceptionNestedException = 2,
ExceptionCollidedUnwind = 3);
PSECURITY_IMPERSONATION_LEVEL = ^TSECURITY_IMPERSONATION_LEVEL;
TSECURITY_IMPERSONATION_LEVEL = (
SecurityAnonymous = 0,
SecurityIdentification = 1,
SecurityImpersonation = 2,
SecurityDelegation = 3);
PUNICODE_STRING = ^TUNICODE_STRING;
TUNICODE_STRING = packed record
Length: Word;
MaximumLength: Word;
Buffer: Pointer;
end;
PLIST_ENTRY = ^TLIST_ENTRY;
TLIST_ENTRY = packed record
Flink: PLIST_ENTRY;
Blink: PLIST_ENTRY;
end;
TDISPATCHER_HEADER = packed record
bType: byte;
bAbsolute: byte;
Size: byte;
Inserted: byte;
SignalState: DWORD;
WaitListHead: TLIST_ENTRY;
end;
TKGDTENTRY = packed record
LimitLow: Word;
BaseLow: Word;
HighWord: packed record
BaseMid: Byte;
Flags1: Byte;
Flags2: Byte;
BaseHi: Byte;
end;
end;
TKIDTENTRY = packed record
Offset: Word;
Selector: Word;
Access: Word;
ExtendedOffset: Word;
end;
PSINGLE_LIST_ENTRY = ^TSINGLE_LIST_ENTRY;
TSINGLE_LIST_ENTRY = packed record
Next: PSINGLE_LIST_ENTRY;
end;
PCLIENT_ID = ^TCLIENT_ID;
TCLIENT_ID = packed record
UniqueProcess: Dword;
UniqueThread: Dword;
end;
PKPROCESS = ^TKPROCESS;
TKPROCESS = packed record
Header: TDISPATCHER_HEADER;
ProfileListHead: TLIST_ENTRY;
DirectoryTableBase: array[0..1] of Dword;
LdtDescriptor: TKGDTENTRY;
Int21Descriptor: TKIDTENTRY;
IopmOffset: Word;
Iopl: Byte;
Unused: Byte;
ActiveProcessors: DWORD;
KernelTime: DWORD;
UserTime: DWORD;
ReadyListHead: TLIST_ENTRY;
SwapListEntry: TSINGLE_LIST_ENTRY;
VdmTrapcHandler: Pointer;
ThreadListHead: TLIST_ENTRY;
ProcessLock: DWORD;
Affinity: DWORD;
StackCount: Word;
BasePriority: Char;
ThreadQuantum: Char;
AutoAlignment: Byte;
State: Byte;
ThreadSeed: Byte;
DisableBoost: Byte;
PowerState: Byte;
DisableQuantum: Byte;
IdealNode: Byte;
case Integer of
0: (Flags: byte);
1: (ExecuteOptions: byte);
end;
PKAPC_STATE = ^TKAPC_STATE;
TKAPC_STATE = packed record
ApcListHead: array[0..1] of TLIST_ENTRY;
Process: PKPROCESS;
KernelApcInProgress: Byte;
KernelApcPending: Byte;
UserApcPending: Word;
end;
PKTHREAD = ^TKTHREAD;
PKWAIT_BLOCK = ^TKWAIT_BLOCK;
TKWAIT_BLOCK = packed record
WaitListEntry: TLIST_ENTRY;
Thread: PKTHREAD;
pObject: Pointer;
NextWaitBlock: PKWAIT_BLOCK;
WaitKey: Word;
WaitType: Word;
end;
PKQUEUE = ^TKQUEUE;
TKQUEUE = packed record
Header: TDISPATCHER_HEADER;
EntryListHead: TLIST_ENTRY;
CurrentCount: Dword;
MaximumCount: Dword;
ThreadListHead: TLIST_ENTRY;
end;
PKDPC = ^TKDPC;
TKDPC = packed record
wType: word;
Number: Byte;
Importance: Byte;
DpcListEntry: TLIST_ENTRY;
DeferredRoutine: Pointer;
DeferredContext: Pointer;
SystemArgument1: Pointer;
SystemArgument2: Pointer;
Lock: PDWORD;
end;
PKTIMER = ^TKTIMER;
TKTIMER = packed record
Header: TDISPATCHER_HEADER;
DueTime: Int64;
TimerListEntry: TLIST_ENTRY;
Dpc: PKDPC;
Period: DWORD;
end;
PEXCEPTION_REGISTRATION_RECORD = ^TPEXCEPTION_REGISTRATION_RECORD;
TPEXCEPTION_REGISTRATION_RECORD = packed record
Next: PEXCEPTION_REGISTRATION_RECORD;
Handler: PEXCEPTION_DISPOSITION;
end;
PKTRAP_FRAME = ^TKTRAP_FRAME;
TKTRAP_FRAME = packed record
DbgEbp: Dword;
DbgEip: Dword;
DbgArgMark: Dword;
DbgArgPointer: Dword;
TempSegCs: Dword;
TempEsp: Dword;
Dr0: Dword;
Dr1: Dword;
Dr2: Dword;
Dr3: Dword;
Dr6: Dword;
Dr7: Dword;
SegGs: Dword;
SegEs: Dword;
SegDs: Dword;
Edx: Dword;
Ecx: Dword;
Eax: Dword;
PreviousPreviousMode: Dword;
ExceptionList: PEXCEPTION_REGISTRATION_RECORD;
SegFs: Dword;
Edi: Dword;
Esi: Dword;
Ebx: Dword;
Ebp: Dword;
ErrCode: Dword;
Eip: Dword;
SegCs: Dword;
EFlags: Dword;
HardwareEsp: Dword;
HardwareSegSs: Dword;
V86Es: Dword;
V86Ds: Dword;
V86Fs: Dword;
V86Gs: Dword;
end;
PKAPC = ^TKAPC;
TKAPC = packed record
wType: word;
Size: word;
Spare0: DWORD;
Thread: PKTHREAD;
ApcListEntry: TLIST_ENTRY;
KernelRoutine: Pointer;
RundownRoutine: Pointer;
NormalRoutine: Pointer;
NormalContext: Pointer;
SystemArgument1: Pointer;
SystemArgument2: Pointer;
ApcStateIndex: Char;
ApcMode: Char;
Inserted: Word;
end;
PKSEMAPHORE = ^TKSEMAPHORE;
TKSEMAPHORE = packed record
Header: TDISPATCHER_HEADER;
Limit: Cardinal;
end;
