News:

MASM32 SDK Description, downloads and other helpful links
MASM32.com New Forum Link
masmforum WebSite

Undocumeted Members of a Structure

Started by Astro, January 27, 2010, 12:08:39 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions

Astro

January 27, 2010, 12:08:39 AM
I'm in Header Hell.

I'm trying to convert parts of the wdm.h header from the Win DDK or use with MASM/GoASM, but it is an absolute nightmare.

I used the tool available at Jeremy Gordons website to get an idea for what it looks like aftre conversion which is very useful, but when looking through the docs, the structures are "partially opaque".

Where I encounter an area that is "opaque", how can I proceed? I'm notr the best when it comes to C++ either, and I can't figure out where these "opaque" areas are defined. Is a DWORD sufficient? I figure if I get the size wrong, the offsets in the structure will be wrong and it will crash.

Code Select
DEVICE_OBJECT STRUCT
  Type CSHORT
  Size DW
  ReferenceCount DD
  DriverObject DD
  NextDevice DD
  AttachedDevice DD
  CurrentIrp DD
  Timer PIO_TIMER ;pointer to function for timer (1 Hz if defined)
  Flags DD
  Characteristics DD
  Vpb PVPB ;pointer to the volume parameter block (VPB) that is associated with the device object
  DeviceExtension DD
  DeviceType DD
  StackSize DB
  Queue UNION ;UNDOCUMENTED
    ListEntry LIST_ENTRY ;
    Wcb WAIT_CONTEXT_BLOCK ;
  ENDS ;---
  AlignmentRequirement DD
  DeviceQueue KDEVICE_QUEUE
  Dpc KDPC
  ActiveThreadCount DD
  SecurityDescriptor DD
  DeviceLock KEVENT
  SectorSize DW
  Spare1 DW
  DeviceObjectExtension DD
  Reserved DD
ENDS


As you can see, there is some undocumented members. MSDN is no help, and the headers don't seem to actually define what WAIT_CONTEXT_BLOCK is for example. It must be something...

Any help on unwinding this lot is greatly appreciated.

Best regards,
Robin.

jj2007

#1
January 27, 2010, 12:22:23 AM
MSDN says LIST_ENTRY has FLINK and BLINK members, most probably DWORD pointers. Since they are in a UNION with WAIT_CONTEXT_BLOCK, my first assumption would have been that you can use them interchangeably. However, this source says something different:

Quotetypedef struct _WAIT_CONTEXT_BLOCK
{
     KDEVICE_QUEUE_ENTRY WaitQueueEntry;
     PIO_ALLOCATION_ACTION DeviceRoutine;
     PVOID DeviceContext;
     ULONG NumberOfMapRegisters;
     PVOID DeviceObject;
     PVOID CurrentIrp;
     PKDPC BufferChainingDpc;
} WAIT_CONTEXT_BLOCK, *PWAIT_CONTEXT_BLOCK;

Astro

#2
January 27, 2010, 12:27:04 AM
QuoteMSDN says LIST_ENTRY has FLINK and BLINK members, most probably DWORD pointers.
That was my thought too, but it was the fact that it was a UNION and that I couldn't find a definition for WAIT_CONTEXT_BLOCK which threw things.

EDIT: I need sleep. Of course, the UNION is the sizre of the LARGEST member, which I was forgetting....

Thanks! I searched MSDN but not Google...

Best regards,
Robin.
Print
Go Up Pages1
User actions