-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathntkrnlmp.h
172 lines (160 loc) · 3.97 KB
/
ntkrnlmp.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
/*
This file has been generated by IDA.
It contains local type definitions from
the type library 'ntkrnlmp.exe'
*/
#define __int8 char
#define __int16 short
#define __int32 int
#define __int64 long long
/* 23 */
typedef struct
{
unsigned __int16 Machine;
unsigned __int16 NumberOfSections;
unsigned int TimeDateStamp;
unsigned int PointerToSymbolTable;
unsigned int NumberOfSymbols;
unsigned __int16 SizeOfOptionalHeader;
unsigned __int16 Characteristics;
} _IMAGE_FILE_HEADER;
typedef struct
{
unsigned int VirtualAddress;
unsigned int Size;
} _IMAGE_DATA_DIRECTORY;
typedef struct
{
unsigned __int16 Magic;
char MajorLinkerVersion;
char MinorLinkerVersion;
unsigned int SizeOfCode;
unsigned int SizeOfInitializedData;
unsigned int SizeOfUninitializedData;
unsigned int AddressOfEntryPoint;
unsigned int BaseOfCode;
unsigned int BaseOfData;
unsigned int ImageBase;
unsigned int SectionAlignment;
unsigned int FileAlignment;
unsigned __int16 MajorOperatingSystemVersion;
unsigned __int16 MinorOperatingSystemVersion;
unsigned __int16 MajorImageVersion;
unsigned __int16 MinorImageVersion;
unsigned __int16 MajorSubsystemVersion;
unsigned __int16 MinorSubsystemVersion;
unsigned int Win32VersionValue;
unsigned int SizeOfImage;
unsigned int SizeOfHeaders;
unsigned int CheckSum;
unsigned __int16 Subsystem;
unsigned __int16 DllCharacteristics;
unsigned int SizeOfStackReserve;
unsigned int SizeOfStackCommit;
unsigned int SizeOfHeapReserve;
unsigned int SizeOfHeapCommit;
unsigned int LoaderFlags;
unsigned int NumberOfRvaAndSizes;
_IMAGE_DATA_DIRECTORY DataDirectory[16];
} _IMAGE_OPTIONAL_HEADER;
/* 26 */
typedef struct
{
unsigned int Signature;
_IMAGE_FILE_HEADER FileHeader;
_IMAGE_OPTIONAL_HEADER OptionalHeader;
} _IMAGE_NT_HEADERS;
/* 900 */
typedef struct
{
__int16 magic;
__int16 cblp;
__int16 cp;
__int16 crlc;
__int16 cparhdr;
__int16 minalloc;
__int16 maxalloc;
__int16 e_ss;
__int16 e_sp;
__int16 csum;
__int16 e_ip;
__int16 e_cs;
__int16 lfarlc;
__int16 ovno;
__int16 res[4];
__int16 oemid;
__int16 oeminfo;
__int16 res2[10];
int e_lfanew;
} DOSHeader;
/* 901 */
typedef struct
{
__int16 Machine;
__int16 NumberOfSections;
int TimeDateStamp;
int PointerToSymbolTable;
int NumberOfSymbols;
__int16 SizeOfOptionalHeader;
__int16 Characteristics;
} PEHeader;
/* 903 */
typedef struct
{
int Signature;
_IMAGE_FILE_HEADER peHeader;
_IMAGE_OPTIONAL_HEADER optHeader;
} ProgramHeader;
typedef struct
{
char Name[8];
unsigned int VirtualSize;
unsigned int VirtualAddress;
unsigned int SizeOfRawData;
unsigned int PointerToRawData;
unsigned int PointerToRelocations;
unsigned int PointerToLinenumbers;
unsigned __int16 NumberOfRelocations;
unsigned __int16 NumberOfLinenumbers;
unsigned int Characteristics;
} _IMAGE_SECTION_HEADER;
typedef struct
{
unsigned int Characteristics;
unsigned int TimeDateStamp;
unsigned __int16 MajorVersion;
unsigned __int16 MinorVersion;
unsigned int GlobalFlagsClear;
unsigned int GlobalFlagsSet;
unsigned int CriticalSectionDefaultTimeout;
unsigned int DeCommitFreeBlockThreshold;
unsigned int DeCommitTotalFreeThreshold;
unsigned int LockPrefixTable;
unsigned int MaximumAllocationSize;
unsigned int VirtualMemoryThreshold;
unsigned int ProcessHeapFlags;
unsigned int ProcessAffinityMask;
unsigned __int16 CSDVersion;
unsigned __int16 Reserved1;
unsigned int EditList;
unsigned int Reserved[1];
} _IMAGE_LOAD_CONFIG_DIRECTORY;
typedef struct
{
unsigned int Characteristics;
unsigned int TimeDateStamp;
unsigned __int16 MajorVersion;
unsigned __int16 MinorVersion;
unsigned int Type;
unsigned int SizeOfData;
unsigned int AddressOfRawData;
unsigned int PointerToRawData;
} _IMAGE_DEBUG_DIRECTORY;
typedef struct
{
unsigned int OriginalFirstThunk;
unsigned int TimeDateStamp;
unsigned int ForwarderChain;
unsigned int Name;
unsigned int FirstThunk;
} _IMAGE_IMPORT_DESCRIPTOR;