I'm in Header Hell.
I'm trying to convert parts of the wdm.h header from the Win DDK or use with MASM/GoASM, but it is an absolute nightmare.
I used the tool available at Jeremy Gordons website to get an idea for what it looks like aftre conversion which is very useful, but when looking through the docs, the structures are "partially opaque".
Where I encounter an area that is "opaque", how can I proceed? I'm notr the best when it comes to C++ either, and I can't figure out where these "opaque" areas are defined. Is a DWORD sufficient? I figure if I get the size wrong, the offsets in the structure will be wrong and it will crash.
DEVICE_OBJECT STRUCT
Type CSHORT
Size DW
ReferenceCount DD
DriverObject DD
NextDevice DD
AttachedDevice DD
CurrentIrp DD
Timer PIO_TIMER ;pointer to function for timer (1 Hz if defined)
Flags DD
Characteristics DD
Vpb PVPB ;pointer to the volume parameter block (VPB) that is associated with the device object
DeviceExtension DD
DeviceType DD
StackSize DB
Queue UNION ;UNDOCUMENTED
ListEntry LIST_ENTRY ;
Wcb WAIT_CONTEXT_BLOCK ;
ENDS ;---
AlignmentRequirement DD
DeviceQueue KDEVICE_QUEUE
Dpc KDPC
ActiveThreadCount DD
SecurityDescriptor DD
DeviceLock KEVENT
SectorSize DW
Spare1 DW
DeviceObjectExtension DD
Reserved DD
ENDS
As you can see, there is some undocumented members. MSDN is no help, and the headers don't seem to actually define what WAIT_CONTEXT_BLOCK is for example. It must be something...
Any help on unwinding this lot is greatly appreciated.
Best regards,
Robin.
MSDN (http://msdn.microsoft.com/en-us/library/bb401645.aspx) says LIST_ENTRY has FLINK and BLINK members, most probably DWORD pointers. Since they are in a UNION with WAIT_CONTEXT_BLOCK, my first assumption would have been that you can use them interchangeably. However, this source (http://www.nirsoft.net/kernel_struct/vista/WAIT_CONTEXT_BLOCK.html) says something different:
Quotetypedef struct _WAIT_CONTEXT_BLOCK
{
KDEVICE_QUEUE_ENTRY WaitQueueEntry;
PIO_ALLOCATION_ACTION DeviceRoutine;
PVOID DeviceContext;
ULONG NumberOfMapRegisters;
PVOID DeviceObject;
PVOID CurrentIrp;
PKDPC BufferChainingDpc;
} WAIT_CONTEXT_BLOCK, *PWAIT_CONTEXT_BLOCK;
QuoteMSDN says LIST_ENTRY has FLINK and BLINK members, most probably DWORD pointers.
That was my thought too, but it was the fact that it was a UNION and that I couldn't find a definition for WAIT_CONTEXT_BLOCK which threw things.
EDIT: I need sleep. Of course, the UNION is the sizre of the
LARGEST member, which I was forgetting....
Thanks! I searched MSDN but not Google...
Best regards,
Robin.