1,183
社区成员
发帖
与我相关
我的任务
分享Windows XP 常用内核数据结构定义[Delphi/Pascal格式]
windows几个重要的内核数据结构虽然网上也有相关的定义,但个人觉得不齐全定义不规范,因此用一天时间使用WinDbg+Win2000sourcecode重新定义了常用的内核数据结构,并尽可能还原微软的原结构定义,每个结构都递归到最子层的结构并且通过了测试。通过这次工作过程不仅使自己得到一次学习的机会,而且提高了自己的整体软件架构规划设计水平。
(如果转帖请著名出处,谢谢。)
(如果转帖请著名出处,谢谢。)
{*********************************************************}
{* *}
{* Windows Kernel Struct Define *}
{* *}
{* [uWindowsKernelStruct.pas] *}
{* *}
{* Copyright (c)2010 codegame *}
{* Update: 2010-04-09 23:51:44 *}
{*********************************************************}
type
PEXCEPTION_DISPOSITION = ^TEXCEPTION_DISPOSITION;
TEXCEPTION_DISPOSITION = (
ExceptionContinueExecution = 0,
ExceptionContinueSearch = 1,
ExceptionNestedException = 2,
ExceptionCollidedUnwind = 3);
PSECURITY_IMPERSONATION_LEVEL = ^TSECURITY_IMPERSONATION_LEVEL;
TSECURITY_IMPERSONATION_LEVEL = (
SecurityAnonymous = 0,
SecurityIdentification = 1,
SecurityImpersonation = 2,
SecurityDelegation = 3);
PUNICODE_STRING = ^TUNICODE_STRING;
TUNICODE_STRING = packed record
Length: Word;
MaximumLength: Word;
Buffer: Pointer;
end;
PLIST_ENTRY = ^TLIST_ENTRY;
TLIST_ENTRY = packed record
Flink: PLIST_ENTRY;
Blink: PLIST_ENTRY;
end;
TDISPATCHER_HEADER = packed record
bType: byte;
bAbsolute: byte;
Size: byte;
Inserted: byte;
SignalState: DWORD;
WaitListHead: TLIST_ENTRY;
end;
TKGDTENTRY = packed record
LimitLow: Word;
BaseLow: Word;
HighWord: packed record
BaseMid: Byte;
Flags1: Byte;
Flags2: Byte;
BaseHi: Byte;
end;
end;
TKIDTENTRY = packed record
Offset: Word;
Selector: Word;
Access: Word;
ExtendedOffset: Word;
end;
PSINGLE_LIST_ENTRY = ^TSINGLE_LIST_ENTRY;
TSINGLE_LIST_ENTRY = packed record
Next: PSINGLE_LIST_ENTRY;
end;
PCLIENT_ID = ^TCLIENT_ID;
TCLIENT_ID = packed record
UniqueProcess: Dword;
UniqueThread: Dword;
end;
PKPROCESS = ^TKPROCESS;
TKPROCESS = packed record
Header: TDISPATCHER_HEADER;
ProfileListHead: TLIST_ENTRY;
DirectoryTableBase: array[0..1] of Dword;
LdtDescriptor: TKGDTENTRY;
Int21Descriptor: TKIDTENTRY;
IopmOffset: Word;
Iopl: Byte;
Unused: Byte;
ActiveProcessors: DWORD;
KernelTime: DWORD;
UserTime: DWORD;
ReadyListHead: TLIST_ENTRY;
SwapListEntry: TSINGLE_LIST_ENTRY;
VdmTrapcHandler: Pointer;
ThreadListHead: TLIST_ENTRY;
ProcessLock: DWORD;
Affinity: DWORD;
StackCount: Word;
BasePriority: Char;
ThreadQuantum: Char;
AutoAlignment: Byte;
State: Byte;
ThreadSeed: Byte;
DisableBoost: Byte;
PowerState: Byte;
DisableQuantum: Byte;
IdealNode: Byte;
case Integer of
0: (Flags: byte);
1: (ExecuteOptions: byte);
end;
PKAPC_STATE = ^TKAPC_STATE;
TKAPC_STATE = packed record
ApcListHead: array[0..1] of TLIST_ENTRY;
Process: PKPROCESS;
KernelApcInProgress: Byte;
KernelApcPending: Byte;
UserApcPending: Word;
end;
PKTHREAD = ^TKTHREAD;
PKWAIT_BLOCK = ^TKWAIT_BLOCK;
TKWAIT_BLOCK = packed record
WaitListEntry: TLIST_ENTRY;
Thread: PKTHREAD;
pObject: Pointer;
NextWaitBlock: PKWAIT_BLOCK;
WaitKey: Word;
WaitType: Word;
end;
PKQUEUE = ^TKQUEUE;
TKQUEUE = packed record
Header: TDISPATCHER_HEADER;
EntryListHead: TLIST_ENTRY;
CurrentCount: Dword;
MaximumCount: Dword;
ThreadListHead: TLIST_ENTRY;
end;
PKDPC = ^TKDPC;
TKDPC = packed record
wType: word;
Number: Byte;
Importance: Byte;
DpcListEntry: TLIST_ENTRY;
DeferredRoutine: Pointer;
DeferredContext: Pointer;
SystemArgument1: Pointer;
SystemArgument2: Pointer;
Lock: PDWORD;
end;
PKTIMER = ^TKTIMER;
TKTIMER = packed record
Header: TDISPATCHER_HEADER;
DueTime: Int64;
TimerListEntry: TLIST_ENTRY;
Dpc: PKDPC;
Period: DWORD;
end;
PEXCEPTION_REGISTRATION_RECORD = ^TPEXCEPTION_REGISTRATION_RECORD;
TPEXCEPTION_REGISTRATION_RECORD = packed record
Next: PEXCEPTION_REGISTRATION_RECORD;
Handler: PEXCEPTION_DISPOSITION;
end;
PKTRAP_FRAME = ^TKTRAP_FRAME;
TKTRAP_FRAME = packed record
DbgEbp: Dword;
DbgEip: Dword;
DbgArgMark: Dword;
DbgArgPointer: Dword;
TempSegCs: Dword;
TempEsp: Dword;
Dr0: Dword;
Dr1: Dword;
Dr2: Dword;
Dr3: Dword;
Dr6: Dword;
Dr7: Dword;
SegGs: Dword;
SegEs: Dword;
SegDs: Dword;
Edx: Dword;
Ecx: Dword;
Eax: Dword;
PreviousPreviousMode: Dword;
ExceptionList: PEXCEPTION_REGISTRATION_RECORD;
SegFs: Dword;
Edi: Dword;
Esi: Dword;
Ebx: Dword;
Ebp: Dword;
ErrCode: Dword;
Eip: Dword;
SegCs: Dword;
EFlags: Dword;
HardwareEsp: Dword;
HardwareSegSs: Dword;
V86Es: Dword;
V86Ds: Dword;
V86Fs: Dword;
V86Gs: Dword;
end;
PKAPC = ^TKAPC;
TKAPC = packed record
wType: word;
Size: word;
Spare0: DWORD;
Thread: PKTHREAD;
ApcListEntry: TLIST_ENTRY;
KernelRoutine: Pointer;
RundownRoutine: Pointer;
NormalRoutine: Pointer;
NormalContext: Pointer;
SystemArgument1: Pointer;
SystemArgument2: Pointer;
ApcStateIndex: Char;
ApcMode: Char;
Inserted: Word;
end;
PKSEMAPHORE = ^TKSEMAPHORE;
TKSEMAPHORE = packed record
Header: TDISPATCHER_HEADER;
Limit: Cardinal;
end;
...全文
请发表友善的回复…
发表回复
yc842 2012-03-21
- 打赏
- 举报
内核还不懂啊 努力中。。。
测量猿 2011-11-06
- 打赏
- 举报
copy下来慢慢看
AnYidan 2010-05-02
- 打赏
- 举报
就是一个文件头的声明,无任何功能,必须配合自己写代码才能使用。
jsl8998620 2010-04-16
- 打赏
- 举报
不明白是做什么用的
luuillu 2010-04-15
- 打赏
- 举报
收藏。。谢谢
tylzyoudi 2010-04-15
- 打赏
- 举报
好贴,标记!
还是个美女!
还是个美女!
rock1001 2010-04-14
- 打赏
- 举报
内核结构跟操作系统有很大关系,不同系统会有所变化
yzwlord 2010-04-14
- 打赏
- 举报
顶你一个,没看懂。
rohto111 2010-04-13
- 打赏
- 举报
学习了,,,,
senven7 2010-04-13
- 打赏
- 举报
高人,顶你一个。
mfc28jacy 2010-04-13
- 打赏
- 举报
顶楼主 多发技术贴
Jiao319 2010-04-13
- 打赏
- 举报
学习一下windows的内核
bbsaac 2010-04-13
- 打赏
- 举报
好东东,感谢啦。
wfl568 2010-04-13
- 打赏
- 举报
Mark
普通网民 2010-04-13
- 打赏
- 举报
[Quote=引用 1 楼 codegame 的回复:]
通过这次工作过程不仅使自己得到一次学习的机会,而且提高了自己的整体软件架构规划设计水平。
[/Quote]
通过这次工作过程不仅使自己得到一次学习的机会,而且提高了自己的整体软件架构规划设计水平。
[/Quote]
colin_xu 2010-04-13
- 打赏
- 举报
路过。。。看有没分接。。。
jiangetdz413 2010-04-13
- 打赏
- 举报
精华!
oushengfen 2010-04-13
- 打赏
- 举报
这样的贴子不错
pclizheng 2010-04-13
- 打赏
- 举报
学习!!!!
leilei1988q 2010-04-13
- 打赏
- 举报
顶一个
加载更多回复(56)
