mirror of
https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git
synced 2024-11-23 08:21:09 +01:00
5f5ca78b03
newer Ralink drivers. Submitted by: Paul B Mahol <onemda at gmail.com>
1530 lines
44 KiB
C
1530 lines
44 KiB
C
/*-
|
|
* Copyright (c) 2003
|
|
* Bill Paul <wpaul@windriver.com>. All rights reserved.
|
|
*
|
|
* Redistribution and use in source and binary forms, with or without
|
|
* modification, are permitted provided that the following conditions
|
|
* are met:
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
* notice, this list of conditions and the following disclaimer.
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
* documentation and/or other materials provided with the distribution.
|
|
* 3. All advertising materials mentioning features or use of this software
|
|
* must display the following acknowledgement:
|
|
* This product includes software developed by Bill Paul.
|
|
* 4. Neither the name of the author nor the names of any co-contributors
|
|
* may be used to endorse or promote products derived from this software
|
|
* without specific prior written permission.
|
|
*
|
|
* THIS SOFTWARE IS PROVIDED BY Bill Paul AND CONTRIBUTORS ``AS IS'' AND
|
|
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
* ARE DISCLAIMED. IN NO EVENT SHALL Bill Paul OR THE VOICES IN HIS HEAD
|
|
* BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
|
|
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
|
|
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
|
|
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
|
|
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
|
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
|
|
* THE POSSIBILITY OF SUCH DAMAGE.
|
|
*
|
|
* $FreeBSD$
|
|
*/
|
|
|
|
#ifndef _NTOSKRNL_VAR_H_
|
|
#define _NTOSKRNL_VAR_H_
|
|
|
|
#define MTX_NTOSKRNL_SPIN_LOCK "NDIS thread lock"
|
|
|
|
/*
|
|
* us_buf is really a wchar_t *, but it's inconvenient to include
|
|
* all the necessary header goop needed to define it, and it's a
|
|
* pointer anyway, so for now, just make it a uint16_t *.
|
|
*/
|
|
struct unicode_string {
|
|
uint16_t us_len;
|
|
uint16_t us_maxlen;
|
|
uint16_t *us_buf;
|
|
};
|
|
|
|
typedef struct unicode_string unicode_string;
|
|
|
|
struct ansi_string {
|
|
uint16_t as_len;
|
|
uint16_t as_maxlen;
|
|
char *as_buf;
|
|
};
|
|
|
|
typedef struct ansi_string ansi_string;
|
|
|
|
/*
|
|
* Windows memory descriptor list. In Windows, it's possible for
|
|
* buffers to be passed between user and kernel contexts without
|
|
* copying. Buffers may also be allocated in either paged or
|
|
* non-paged memory regions. An MDL describes the pages of memory
|
|
* used to contain a particular buffer. Note that a single MDL
|
|
* may describe a buffer that spans multiple pages. An array of
|
|
* page addresses appears immediately after the MDL structure itself.
|
|
* MDLs are therefore implicitly variably sized, even though they
|
|
* don't look it.
|
|
*
|
|
* Note that in FreeBSD, we can take many shortcuts in the way
|
|
* we handle MDLs because:
|
|
*
|
|
* - We are only concerned with pages in kernel context. This means
|
|
* we will only ever use the kernel's memory map, and remapping
|
|
* of buffers is never needed.
|
|
*
|
|
* - Kernel pages can never be paged out, so we don't have to worry
|
|
* about whether or not a page is actually mapped before going to
|
|
* touch it.
|
|
*/
|
|
|
|
struct mdl {
|
|
struct mdl *mdl_next;
|
|
uint16_t mdl_size;
|
|
uint16_t mdl_flags;
|
|
void *mdl_process;
|
|
void *mdl_mappedsystemva;
|
|
void *mdl_startva;
|
|
uint32_t mdl_bytecount;
|
|
uint32_t mdl_byteoffset;
|
|
};
|
|
|
|
typedef struct mdl mdl, ndis_buffer;
|
|
|
|
/* MDL flags */
|
|
|
|
#define MDL_MAPPED_TO_SYSTEM_VA 0x0001
|
|
#define MDL_PAGES_LOCKED 0x0002
|
|
#define MDL_SOURCE_IS_NONPAGED_POOL 0x0004
|
|
#define MDL_ALLOCATED_FIXED_SIZE 0x0008
|
|
#define MDL_PARTIAL 0x0010
|
|
#define MDL_PARTIAL_HAS_BEEN_MAPPED 0x0020
|
|
#define MDL_IO_PAGE_READ 0x0040
|
|
#define MDL_WRITE_OPERATION 0x0080
|
|
#define MDL_PARENT_MAPPED_SYSTEM_VA 0x0100
|
|
#define MDL_FREE_EXTRA_PTES 0x0200
|
|
#define MDL_IO_SPACE 0x0800
|
|
#define MDL_NETWORK_HEADER 0x1000
|
|
#define MDL_MAPPING_CAN_FAIL 0x2000
|
|
#define MDL_ALLOCATED_MUST_SUCCEED 0x4000
|
|
#define MDL_ZONE_ALLOCED 0x8000 /* BSD private */
|
|
|
|
#define MDL_ZONE_PAGES 16
|
|
#define MDL_ZONE_SIZE (sizeof(mdl) + (sizeof(vm_offset_t) * MDL_ZONE_PAGES))
|
|
|
|
/* Note: assumes x86 page size of 4K. */
|
|
|
|
#ifndef PAGE_SHIFT
|
|
#if PAGE_SIZE == 4096
|
|
#define PAGE_SHIFT 12
|
|
#elif PAGE_SIZE == 8192
|
|
#define PAGE_SHIFT 13
|
|
#else
|
|
#error PAGE_SHIFT undefined!
|
|
#endif
|
|
#endif
|
|
|
|
#define SPAN_PAGES(ptr, len) \
|
|
((uint32_t)((((uintptr_t)(ptr) & (PAGE_SIZE - 1)) + \
|
|
(len) + (PAGE_SIZE - 1)) >> PAGE_SHIFT))
|
|
|
|
#define PAGE_ALIGN(ptr) \
|
|
((void *)((uintptr_t)(ptr) & ~(PAGE_SIZE - 1)))
|
|
|
|
#define BYTE_OFFSET(ptr) \
|
|
((uint32_t)((uintptr_t)(ptr) & (PAGE_SIZE - 1)))
|
|
|
|
#define MDL_PAGES(m) (vm_offset_t *)(m + 1)
|
|
|
|
#define MmInitializeMdl(b, baseva, len) \
|
|
(b)->mdl_next = NULL; \
|
|
(b)->mdl_size = (uint16_t)(sizeof(mdl) + \
|
|
(sizeof(vm_offset_t) * SPAN_PAGES((baseva), (len)))); \
|
|
(b)->mdl_flags = 0; \
|
|
(b)->mdl_startva = (void *)PAGE_ALIGN((baseva)); \
|
|
(b)->mdl_byteoffset = BYTE_OFFSET((baseva)); \
|
|
(b)->mdl_bytecount = (uint32_t)(len);
|
|
|
|
#define MmGetMdlByteOffset(mdl) ((mdl)->mdl_byteoffset)
|
|
#define MmGetMdlByteCount(mdl) ((mdl)->mdl_bytecount)
|
|
#define MmGetMdlVirtualAddress(mdl) \
|
|
((void *)((char *)((mdl)->mdl_startva) + (mdl)->mdl_byteoffset))
|
|
#define MmGetMdlStartVa(mdl) ((mdl)->mdl_startva)
|
|
#define MmGetMdlPfnArray(mdl) MDL_PAGES(mdl)
|
|
|
|
#define WDM_MAJOR 1
|
|
#define WDM_MINOR_WIN98 0x00
|
|
#define WDM_MINOR_WINME 0x05
|
|
#define WDM_MINOR_WIN2000 0x10
|
|
#define WDM_MINOR_WINXP 0x20
|
|
#define WDM_MINOR_WIN2003 0x30
|
|
|
|
enum nt_caching_type {
|
|
MmNonCached = 0,
|
|
MmCached = 1,
|
|
MmWriteCombined = 2,
|
|
MmHardwareCoherentCached = 3,
|
|
MmNonCachedUnordered = 4,
|
|
MmUSWCCached = 5,
|
|
MmMaximumCacheType = 6
|
|
};
|
|
|
|
/*-
|
|
* The ndis_kspin_lock type is called KSPIN_LOCK in MS-Windows.
|
|
* According to the Windows DDK header files, KSPIN_LOCK is defined like this:
|
|
* typedef ULONG_PTR KSPIN_LOCK;
|
|
*
|
|
* From basetsd.h (SDK, Feb. 2003):
|
|
* typedef [public] unsigned __int3264 ULONG_PTR, *PULONG_PTR;
|
|
* typedef unsigned __int64 ULONG_PTR, *PULONG_PTR;
|
|
* typedef _W64 unsigned long ULONG_PTR, *PULONG_PTR;
|
|
*
|
|
* The keyword __int3264 specifies an integral type that has the following
|
|
* properties:
|
|
* + It is 32-bit on 32-bit platforms
|
|
* + It is 64-bit on 64-bit platforms
|
|
* + It is 32-bit on the wire for backward compatibility.
|
|
* It gets truncated on the sending side and extended appropriately
|
|
* (signed or unsigned) on the receiving side.
|
|
*
|
|
* Thus register_t seems the proper mapping onto FreeBSD for spin locks.
|
|
*/
|
|
|
|
typedef register_t kspin_lock;
|
|
|
|
struct slist_entry {
|
|
struct slist_entry *sl_next;
|
|
};
|
|
|
|
typedef struct slist_entry slist_entry;
|
|
|
|
union slist_header {
|
|
uint64_t slh_align;
|
|
struct {
|
|
struct slist_entry *slh_next;
|
|
uint16_t slh_depth;
|
|
uint16_t slh_seq;
|
|
} slh_list;
|
|
};
|
|
|
|
typedef union slist_header slist_header;
|
|
|
|
struct list_entry {
|
|
struct list_entry *nle_flink;
|
|
struct list_entry *nle_blink;
|
|
};
|
|
|
|
typedef struct list_entry list_entry;
|
|
|
|
#define InitializeListHead(l) \
|
|
(l)->nle_flink = (l)->nle_blink = (l)
|
|
|
|
#define IsListEmpty(h) \
|
|
((h)->nle_flink == (h))
|
|
|
|
#define RemoveEntryList(e) \
|
|
do { \
|
|
list_entry *b; \
|
|
list_entry *f; \
|
|
\
|
|
f = (e)->nle_flink; \
|
|
b = (e)->nle_blink; \
|
|
b->nle_flink = f; \
|
|
f->nle_blink = b; \
|
|
} while (0)
|
|
|
|
/* These two have to be inlined since they return things. */
|
|
|
|
static __inline__ list_entry *
|
|
RemoveHeadList(list_entry *l)
|
|
{
|
|
list_entry *f;
|
|
list_entry *e;
|
|
|
|
e = l->nle_flink;
|
|
f = e->nle_flink;
|
|
l->nle_flink = f;
|
|
f->nle_blink = l;
|
|
|
|
return (e);
|
|
}
|
|
|
|
static __inline__ list_entry *
|
|
RemoveTailList(list_entry *l)
|
|
{
|
|
list_entry *b;
|
|
list_entry *e;
|
|
|
|
e = l->nle_blink;
|
|
b = e->nle_blink;
|
|
l->nle_blink = b;
|
|
b->nle_flink = l;
|
|
|
|
return (e);
|
|
}
|
|
|
|
#define InsertTailList(l, e) \
|
|
do { \
|
|
list_entry *b; \
|
|
\
|
|
b = l->nle_blink; \
|
|
e->nle_flink = l; \
|
|
e->nle_blink = b; \
|
|
b->nle_flink = (e); \
|
|
l->nle_blink = (e); \
|
|
} while (0)
|
|
|
|
#define InsertHeadList(l, e) \
|
|
do { \
|
|
list_entry *f; \
|
|
\
|
|
f = l->nle_flink; \
|
|
e->nle_flink = f; \
|
|
e->nle_blink = l; \
|
|
f->nle_blink = e; \
|
|
l->nle_flink = e; \
|
|
} while (0)
|
|
|
|
#define CONTAINING_RECORD(addr, type, field) \
|
|
((type *)((vm_offset_t)(addr) - (vm_offset_t)(&((type *)0)->field)))
|
|
|
|
struct nt_dispatch_header {
|
|
uint8_t dh_type;
|
|
uint8_t dh_abs;
|
|
uint8_t dh_size;
|
|
uint8_t dh_inserted;
|
|
int32_t dh_sigstate;
|
|
list_entry dh_waitlisthead;
|
|
};
|
|
|
|
typedef struct nt_dispatch_header nt_dispatch_header;
|
|
|
|
/* Dispatcher object types */
|
|
|
|
#define DISP_TYPE_NOTIFICATION_EVENT 0 /* KEVENT */
|
|
#define DISP_TYPE_SYNCHRONIZATION_EVENT 1 /* KEVENT */
|
|
#define DISP_TYPE_MUTANT 2 /* KMUTANT/KMUTEX */
|
|
#define DISP_TYPE_PROCESS 3 /* KPROCESS */
|
|
#define DISP_TYPE_QUEUE 4 /* KQUEUE */
|
|
#define DISP_TYPE_SEMAPHORE 5 /* KSEMAPHORE */
|
|
#define DISP_TYPE_THREAD 6 /* KTHREAD */
|
|
#define DISP_TYPE_NOTIFICATION_TIMER 8 /* KTIMER */
|
|
#define DISP_TYPE_SYNCHRONIZATION_TIMER 9 /* KTIMER */
|
|
|
|
#define OTYPE_EVENT 0
|
|
#define OTYPE_MUTEX 1
|
|
#define OTYPE_THREAD 2
|
|
#define OTYPE_TIMER 3
|
|
|
|
/* Windows dispatcher levels. */
|
|
|
|
#define PASSIVE_LEVEL 0
|
|
#define LOW_LEVEL 0
|
|
#define APC_LEVEL 1
|
|
#define DISPATCH_LEVEL 2
|
|
#define DEVICE_LEVEL (DISPATCH_LEVEL + 1)
|
|
#define PROFILE_LEVEL 27
|
|
#define CLOCK1_LEVEL 28
|
|
#define CLOCK2_LEVEL 28
|
|
#define IPI_LEVEL 29
|
|
#define POWER_LEVEL 30
|
|
#define HIGH_LEVEL 31
|
|
|
|
#define SYNC_LEVEL_UP DISPATCH_LEVEL
|
|
#define SYNC_LEVEL_MP (IPI_LEVEL - 1)
|
|
|
|
#define AT_PASSIVE_LEVEL(td) \
|
|
((td)->td_proc->p_flag & P_KTHREAD == FALSE)
|
|
|
|
#define AT_DISPATCH_LEVEL(td) \
|
|
((td)->td_base_pri == PI_REALTIME)
|
|
|
|
#define AT_DIRQL_LEVEL(td) \
|
|
((td)->td_priority <= PI_NET)
|
|
|
|
#define AT_HIGH_LEVEL(td) \
|
|
((td)->td_critnest != 0)
|
|
|
|
struct nt_objref {
|
|
nt_dispatch_header no_dh;
|
|
void *no_obj;
|
|
TAILQ_ENTRY(nt_objref) link;
|
|
};
|
|
|
|
TAILQ_HEAD(nt_objref_head, nt_objref);
|
|
|
|
typedef struct nt_objref nt_objref;
|
|
|
|
#define EVENT_TYPE_NOTIFY 0
|
|
#define EVENT_TYPE_SYNC 1
|
|
|
|
/*
|
|
* We need to use the timeout()/untimeout() API for ktimers
|
|
* since timers can be initialized, but not destroyed (so
|
|
* malloc()ing our own callout structures would mean a leak,
|
|
* since there'd be no way to free() them). This means we
|
|
* need to use struct callout_handle, which is really just a
|
|
* pointer. To make it easier to deal with, we use a union
|
|
* to overlay the callout_handle over the k_timerlistentry.
|
|
* The latter is a list_entry, which is two pointers, so
|
|
* there's enough space available to hide a callout_handle
|
|
* there.
|
|
*/
|
|
|
|
struct ktimer {
|
|
nt_dispatch_header k_header;
|
|
uint64_t k_duetime;
|
|
union {
|
|
list_entry k_timerlistentry;
|
|
struct callout *k_callout;
|
|
} u;
|
|
void *k_dpc;
|
|
uint32_t k_period;
|
|
};
|
|
|
|
#define k_timerlistentry u.k_timerlistentry
|
|
#define k_callout u.k_callout
|
|
|
|
typedef struct ktimer ktimer;
|
|
|
|
struct nt_kevent {
|
|
nt_dispatch_header k_header;
|
|
};
|
|
|
|
typedef struct nt_kevent nt_kevent;
|
|
|
|
/* Kernel defered procedure call (i.e. timer callback) */
|
|
|
|
struct kdpc;
|
|
typedef void (*kdpc_func)(struct kdpc *, void *, void *, void *);
|
|
|
|
struct kdpc {
|
|
uint16_t k_type;
|
|
uint8_t k_num; /* CPU number */
|
|
uint8_t k_importance; /* priority */
|
|
list_entry k_dpclistentry;
|
|
void *k_deferedfunc;
|
|
void *k_deferredctx;
|
|
void *k_sysarg1;
|
|
void *k_sysarg2;
|
|
void *k_lock;
|
|
};
|
|
|
|
#define KDPC_IMPORTANCE_LOW 0
|
|
#define KDPC_IMPORTANCE_MEDIUM 1
|
|
#define KDPC_IMPORTANCE_HIGH 2
|
|
|
|
#define KDPC_CPU_DEFAULT 255
|
|
|
|
typedef struct kdpc kdpc;
|
|
|
|
/*
|
|
* Note: the acquisition count is BSD-specific. The Microsoft
|
|
* documentation says that mutexes can be acquired recursively
|
|
* by a given thread, but that you must release the mutex as
|
|
* many times as you acquired it before it will be set to the
|
|
* signalled state (i.e. before any other threads waiting on
|
|
* the object will be woken up). However the Windows KMUTANT
|
|
* structure has no field for keeping track of the number of
|
|
* acquisitions, so we need to add one ourselves. As long as
|
|
* driver code treats the mutex as opaque, we should be ok.
|
|
*/
|
|
struct kmutant {
|
|
nt_dispatch_header km_header;
|
|
list_entry km_listentry;
|
|
void *km_ownerthread;
|
|
uint8_t km_abandoned;
|
|
uint8_t km_apcdisable;
|
|
};
|
|
|
|
typedef struct kmutant kmutant;
|
|
|
|
#define LOOKASIDE_DEPTH 256
|
|
|
|
struct general_lookaside {
|
|
slist_header gl_listhead;
|
|
uint16_t gl_depth;
|
|
uint16_t gl_maxdepth;
|
|
uint32_t gl_totallocs;
|
|
union {
|
|
uint32_t gl_allocmisses;
|
|
uint32_t gl_allochits;
|
|
} u_a;
|
|
uint32_t gl_totalfrees;
|
|
union {
|
|
uint32_t gl_freemisses;
|
|
uint32_t gl_freehits;
|
|
} u_m;
|
|
uint32_t gl_type;
|
|
uint32_t gl_tag;
|
|
uint32_t gl_size;
|
|
void *gl_allocfunc;
|
|
void *gl_freefunc;
|
|
list_entry gl_listent;
|
|
uint32_t gl_lasttotallocs;
|
|
union {
|
|
uint32_t gl_lastallocmisses;
|
|
uint32_t gl_lastallochits;
|
|
} u_l;
|
|
uint32_t gl_rsvd[2];
|
|
};
|
|
|
|
typedef struct general_lookaside general_lookaside;
|
|
|
|
struct npaged_lookaside_list {
|
|
general_lookaside nll_l;
|
|
#ifdef __i386__
|
|
kspin_lock nll_obsoletelock;
|
|
#endif
|
|
};
|
|
|
|
typedef struct npaged_lookaside_list npaged_lookaside_list;
|
|
typedef struct npaged_lookaside_list paged_lookaside_list;
|
|
|
|
typedef void * (*lookaside_alloc_func)(uint32_t, size_t, uint32_t);
|
|
typedef void (*lookaside_free_func)(void *);
|
|
|
|
struct irp;
|
|
|
|
struct kdevice_qentry {
|
|
list_entry kqe_devlistent;
|
|
uint32_t kqe_sortkey;
|
|
uint8_t kqe_inserted;
|
|
};
|
|
|
|
typedef struct kdevice_qentry kdevice_qentry;
|
|
|
|
struct kdevice_queue {
|
|
uint16_t kq_type;
|
|
uint16_t kq_size;
|
|
list_entry kq_devlisthead;
|
|
kspin_lock kq_lock;
|
|
uint8_t kq_busy;
|
|
};
|
|
|
|
typedef struct kdevice_queue kdevice_queue;
|
|
|
|
struct wait_ctx_block {
|
|
kdevice_qentry wcb_waitqueue;
|
|
void *wcb_devfunc;
|
|
void *wcb_devctx;
|
|
uint32_t wcb_mapregcnt;
|
|
void *wcb_devobj;
|
|
void *wcb_curirp;
|
|
void *wcb_bufchaindpc;
|
|
};
|
|
|
|
typedef struct wait_ctx_block wait_ctx_block;
|
|
|
|
struct wait_block {
|
|
list_entry wb_waitlist;
|
|
void *wb_kthread;
|
|
nt_dispatch_header *wb_object;
|
|
struct wait_block *wb_next;
|
|
#ifdef notdef
|
|
uint16_t wb_waitkey;
|
|
uint16_t wb_waittype;
|
|
#endif
|
|
uint8_t wb_waitkey;
|
|
uint8_t wb_waittype;
|
|
uint8_t wb_awakened;
|
|
uint8_t wb_oldpri;
|
|
};
|
|
|
|
typedef struct wait_block wait_block;
|
|
|
|
#define wb_ext wb_kthread
|
|
|
|
#define THREAD_WAIT_OBJECTS 3
|
|
#define MAX_WAIT_OBJECTS 64
|
|
|
|
#define WAITTYPE_ALL 0
|
|
#define WAITTYPE_ANY 1
|
|
|
|
#define WAITKEY_VALID 0x8000
|
|
|
|
/* kthread priority */
|
|
#define LOW_PRIORITY 0
|
|
#define LOW_REALTIME_PRIORITY 16
|
|
#define HIGH_PRIORITY 31
|
|
|
|
struct thread_context {
|
|
void *tc_thrctx;
|
|
void *tc_thrfunc;
|
|
};
|
|
|
|
typedef struct thread_context thread_context;
|
|
|
|
/* Forward declaration */
|
|
struct driver_object;
|
|
struct devobj_extension;
|
|
|
|
struct driver_extension {
|
|
struct driver_object *dre_driverobj;
|
|
void *dre_adddevicefunc;
|
|
uint32_t dre_reinitcnt;
|
|
unicode_string dre_srvname;
|
|
|
|
/*
|
|
* Drivers are allowed to add one or more custom extensions
|
|
* to the driver object, but there's no special pointer
|
|
* for them. Hang them off here for now.
|
|
*/
|
|
|
|
list_entry dre_usrext;
|
|
};
|
|
|
|
typedef struct driver_extension driver_extension;
|
|
|
|
struct custom_extension {
|
|
list_entry ce_list;
|
|
void *ce_clid;
|
|
};
|
|
|
|
typedef struct custom_extension custom_extension;
|
|
|
|
/*
|
|
* The KINTERRUPT structure in Windows is opaque to drivers.
|
|
* We define our own custom version with things we need.
|
|
*/
|
|
|
|
struct kinterrupt {
|
|
list_entry ki_list;
|
|
device_t ki_dev;
|
|
int ki_rid;
|
|
void *ki_cookie;
|
|
struct resource *ki_irq;
|
|
kspin_lock ki_lock_priv;
|
|
kspin_lock *ki_lock;
|
|
void *ki_svcfunc;
|
|
void *ki_svcctx;
|
|
};
|
|
|
|
typedef struct kinterrupt kinterrupt;
|
|
|
|
struct ksystem_time {
|
|
uint32_t low_part;
|
|
int32_t high1_time;
|
|
int32_t high2_time;
|
|
};
|
|
|
|
enum nt_product_type {
|
|
NT_PRODUCT_WIN_NT = 1,
|
|
NT_PRODUCT_LAN_MAN_NT,
|
|
NT_PRODUCT_SERVER
|
|
};
|
|
|
|
enum alt_arch_type {
|
|
STANDARD_DESIGN,
|
|
NEC98x86,
|
|
END_ALTERNATIVES
|
|
};
|
|
|
|
struct kuser_shared_data {
|
|
uint32_t tick_count;
|
|
uint32_t tick_count_multiplier;
|
|
volatile struct ksystem_time interrupt_time;
|
|
volatile struct ksystem_time system_time;
|
|
volatile struct ksystem_time time_zone_bias;
|
|
uint16_t image_number_low;
|
|
uint16_t image_number_high;
|
|
int16_t nt_system_root[260];
|
|
uint32_t max_stack_trace_depth;
|
|
uint32_t crypto_exponent;
|
|
uint32_t time_zone_id;
|
|
uint32_t large_page_min;
|
|
uint32_t reserved2[7];
|
|
enum nt_product_type nt_product_type;
|
|
uint8_t product_type_is_valid;
|
|
uint32_t nt_major_version;
|
|
uint32_t nt_minor_version;
|
|
uint8_t processor_features[64];
|
|
uint32_t reserved1;
|
|
uint32_t reserved3;
|
|
volatile uint32_t time_slip;
|
|
enum alt_arch_type alt_arch_type;
|
|
int64_t system_expiration_date;
|
|
uint32_t suite_mask;
|
|
uint8_t kdbg_enabled;
|
|
volatile uint32_t active_console;
|
|
volatile uint32_t dismount_count;
|
|
uint32_t com_plus_package;
|
|
uint32_t last_system_rit_event_tick_count;
|
|
uint32_t num_phys_pages;
|
|
uint8_t safe_boot_mode;
|
|
uint32_t trace_log;
|
|
uint64_t fill0;
|
|
uint64_t sys_call[4];
|
|
union {
|
|
volatile struct ksystem_time tick_count;
|
|
volatile uint64_t tick_count_quad;
|
|
} tick;
|
|
};
|
|
|
|
/*
|
|
* In Windows, there are Physical Device Objects (PDOs) and
|
|
* Functional Device Objects (FDOs). Physical Device Objects are
|
|
* created and maintained by bus drivers. For example, the PCI
|
|
* bus driver might detect two PCI ethernet cards on a given
|
|
* bus. The PCI bus driver will then allocate two device_objects
|
|
* for its own internal bookeeping purposes. This is analagous
|
|
* to the device_t that the FreeBSD PCI code allocates and passes
|
|
* into each PCI driver's probe and attach routines.
|
|
*
|
|
* When an ethernet driver claims one of the ethernet cards
|
|
* on the bus, it will create its own device_object. This is
|
|
* the Functional Device Object. This object is analagous to the
|
|
* device-specific softc structure.
|
|
*/
|
|
|
|
struct device_object {
|
|
uint16_t do_type;
|
|
uint16_t do_size;
|
|
uint32_t do_refcnt;
|
|
struct driver_object *do_drvobj;
|
|
struct device_object *do_nextdev;
|
|
struct device_object *do_attacheddev;
|
|
struct irp *do_currirp;
|
|
void *do_iotimer;
|
|
uint32_t do_flags;
|
|
uint32_t do_characteristics;
|
|
void *do_vpb;
|
|
void *do_devext;
|
|
uint32_t do_devtype;
|
|
uint8_t do_stacksize;
|
|
union {
|
|
list_entry do_listent;
|
|
wait_ctx_block do_wcb;
|
|
} queue;
|
|
uint32_t do_alignreq;
|
|
kdevice_queue do_devqueue;
|
|
struct kdpc do_dpc;
|
|
uint32_t do_activethreads;
|
|
void *do_securitydesc;
|
|
struct nt_kevent do_devlock;
|
|
uint16_t do_sectorsz;
|
|
uint16_t do_spare1;
|
|
struct devobj_extension *do_devobj_ext;
|
|
void *do_rsvd;
|
|
};
|
|
|
|
typedef struct device_object device_object;
|
|
|
|
struct devobj_extension {
|
|
uint16_t dve_type;
|
|
uint16_t dve_size;
|
|
device_object *dve_devobj;
|
|
};
|
|
|
|
typedef struct devobj_extension devobj_extension;
|
|
|
|
/* Device object flags */
|
|
|
|
#define DO_VERIFY_VOLUME 0x00000002
|
|
#define DO_BUFFERED_IO 0x00000004
|
|
#define DO_EXCLUSIVE 0x00000008
|
|
#define DO_DIRECT_IO 0x00000010
|
|
#define DO_MAP_IO_BUFFER 0x00000020
|
|
#define DO_DEVICE_HAS_NAME 0x00000040
|
|
#define DO_DEVICE_INITIALIZING 0x00000080
|
|
#define DO_SYSTEM_BOOT_PARTITION 0x00000100
|
|
#define DO_LONG_TERM_REQUESTS 0x00000200
|
|
#define DO_NEVER_LAST_DEVICE 0x00000400
|
|
#define DO_SHUTDOWN_REGISTERED 0x00000800
|
|
#define DO_BUS_ENUMERATED_DEVICE 0x00001000
|
|
#define DO_POWER_PAGABLE 0x00002000
|
|
#define DO_POWER_INRUSH 0x00004000
|
|
#define DO_LOW_PRIORITY_FILESYSTEM 0x00010000
|
|
|
|
/* Priority boosts */
|
|
|
|
#define IO_NO_INCREMENT 0
|
|
#define IO_CD_ROM_INCREMENT 1
|
|
#define IO_DISK_INCREMENT 1
|
|
#define IO_KEYBOARD_INCREMENT 6
|
|
#define IO_MAILSLOT_INCREMENT 2
|
|
#define IO_MOUSE_INCREMENT 6
|
|
#define IO_NAMED_PIPE_INCREMENT 2
|
|
#define IO_NETWORK_INCREMENT 2
|
|
#define IO_PARALLEL_INCREMENT 1
|
|
#define IO_SERIAL_INCREMENT 2
|
|
#define IO_SOUND_INCREMENT 8
|
|
#define IO_VIDEO_INCREMENT 1
|
|
|
|
/* IRP major codes */
|
|
|
|
#define IRP_MJ_CREATE 0x00
|
|
#define IRP_MJ_CREATE_NAMED_PIPE 0x01
|
|
#define IRP_MJ_CLOSE 0x02
|
|
#define IRP_MJ_READ 0x03
|
|
#define IRP_MJ_WRITE 0x04
|
|
#define IRP_MJ_QUERY_INFORMATION 0x05
|
|
#define IRP_MJ_SET_INFORMATION 0x06
|
|
#define IRP_MJ_QUERY_EA 0x07
|
|
#define IRP_MJ_SET_EA 0x08
|
|
#define IRP_MJ_FLUSH_BUFFERS 0x09
|
|
#define IRP_MJ_QUERY_VOLUME_INFORMATION 0x0a
|
|
#define IRP_MJ_SET_VOLUME_INFORMATION 0x0b
|
|
#define IRP_MJ_DIRECTORY_CONTROL 0x0c
|
|
#define IRP_MJ_FILE_SYSTEM_CONTROL 0x0d
|
|
#define IRP_MJ_DEVICE_CONTROL 0x0e
|
|
#define IRP_MJ_INTERNAL_DEVICE_CONTROL 0x0f
|
|
#define IRP_MJ_SHUTDOWN 0x10
|
|
#define IRP_MJ_LOCK_CONTROL 0x11
|
|
#define IRP_MJ_CLEANUP 0x12
|
|
#define IRP_MJ_CREATE_MAILSLOT 0x13
|
|
#define IRP_MJ_QUERY_SECURITY 0x14
|
|
#define IRP_MJ_SET_SECURITY 0x15
|
|
#define IRP_MJ_POWER 0x16
|
|
#define IRP_MJ_SYSTEM_CONTROL 0x17
|
|
#define IRP_MJ_DEVICE_CHANGE 0x18
|
|
#define IRP_MJ_QUERY_QUOTA 0x19
|
|
#define IRP_MJ_SET_QUOTA 0x1a
|
|
#define IRP_MJ_PNP 0x1b
|
|
#define IRP_MJ_PNP_POWER IRP_MJ_PNP // Obsolete....
|
|
#define IRP_MJ_MAXIMUM_FUNCTION 0x1b
|
|
#define IRP_MJ_SCSI IRP_MJ_INTERNAL_DEVICE_CONTROL
|
|
|
|
/* IRP minor codes */
|
|
|
|
#define IRP_MN_QUERY_DIRECTORY 0x01
|
|
#define IRP_MN_NOTIFY_CHANGE_DIRECTORY 0x02
|
|
#define IRP_MN_USER_FS_REQUEST 0x00
|
|
|
|
#define IRP_MN_MOUNT_VOLUME 0x01
|
|
#define IRP_MN_VERIFY_VOLUME 0x02
|
|
#define IRP_MN_LOAD_FILE_SYSTEM 0x03
|
|
#define IRP_MN_TRACK_LINK 0x04
|
|
#define IRP_MN_KERNEL_CALL 0x04
|
|
|
|
#define IRP_MN_LOCK 0x01
|
|
#define IRP_MN_UNLOCK_SINGLE 0x02
|
|
#define IRP_MN_UNLOCK_ALL 0x03
|
|
#define IRP_MN_UNLOCK_ALL_BY_KEY 0x04
|
|
|
|
#define IRP_MN_NORMAL 0x00
|
|
#define IRP_MN_DPC 0x01
|
|
#define IRP_MN_MDL 0x02
|
|
#define IRP_MN_COMPLETE 0x04
|
|
#define IRP_MN_COMPRESSED 0x08
|
|
|
|
#define IRP_MN_MDL_DPC (IRP_MN_MDL | IRP_MN_DPC)
|
|
#define IRP_MN_COMPLETE_MDL (IRP_MN_COMPLETE | IRP_MN_MDL)
|
|
#define IRP_MN_COMPLETE_MDL_DPC (IRP_MN_COMPLETE_MDL | IRP_MN_DPC)
|
|
|
|
#define IRP_MN_SCSI_CLASS 0x01
|
|
|
|
#define IRP_MN_START_DEVICE 0x00
|
|
#define IRP_MN_QUERY_REMOVE_DEVICE 0x01
|
|
#define IRP_MN_REMOVE_DEVICE 0x02
|
|
#define IRP_MN_CANCEL_REMOVE_DEVICE 0x03
|
|
#define IRP_MN_STOP_DEVICE 0x04
|
|
#define IRP_MN_QUERY_STOP_DEVICE 0x05
|
|
#define IRP_MN_CANCEL_STOP_DEVICE 0x06
|
|
|
|
#define IRP_MN_QUERY_DEVICE_RELATIONS 0x07
|
|
#define IRP_MN_QUERY_INTERFACE 0x08
|
|
#define IRP_MN_QUERY_CAPABILITIES 0x09
|
|
#define IRP_MN_QUERY_RESOURCES 0x0A
|
|
#define IRP_MN_QUERY_RESOURCE_REQUIREMENTS 0x0B
|
|
#define IRP_MN_QUERY_DEVICE_TEXT 0x0C
|
|
#define IRP_MN_FILTER_RESOURCE_REQUIREMENTS 0x0D
|
|
|
|
#define IRP_MN_READ_CONFIG 0x0F
|
|
#define IRP_MN_WRITE_CONFIG 0x10
|
|
#define IRP_MN_EJECT 0x11
|
|
#define IRP_MN_SET_LOCK 0x12
|
|
#define IRP_MN_QUERY_ID 0x13
|
|
#define IRP_MN_QUERY_PNP_DEVICE_STATE 0x14
|
|
#define IRP_MN_QUERY_BUS_INFORMATION 0x15
|
|
#define IRP_MN_DEVICE_USAGE_NOTIFICATION 0x16
|
|
#define IRP_MN_SURPRISE_REMOVAL 0x17
|
|
#define IRP_MN_QUERY_LEGACY_BUS_INFORMATION 0x18
|
|
|
|
#define IRP_MN_WAIT_WAKE 0x00
|
|
#define IRP_MN_POWER_SEQUENCE 0x01
|
|
#define IRP_MN_SET_POWER 0x02
|
|
#define IRP_MN_QUERY_POWER 0x03
|
|
|
|
#define IRP_MN_QUERY_ALL_DATA 0x00
|
|
#define IRP_MN_QUERY_SINGLE_INSTANCE 0x01
|
|
#define IRP_MN_CHANGE_SINGLE_INSTANCE 0x02
|
|
#define IRP_MN_CHANGE_SINGLE_ITEM 0x03
|
|
#define IRP_MN_ENABLE_EVENTS 0x04
|
|
#define IRP_MN_DISABLE_EVENTS 0x05
|
|
#define IRP_MN_ENABLE_COLLECTION 0x06
|
|
#define IRP_MN_DISABLE_COLLECTION 0x07
|
|
#define IRP_MN_REGINFO 0x08
|
|
#define IRP_MN_EXECUTE_METHOD 0x09
|
|
#define IRP_MN_REGINFO_EX 0x0b
|
|
|
|
/* IRP flags */
|
|
|
|
#define IRP_NOCACHE 0x00000001
|
|
#define IRP_PAGING_IO 0x00000002
|
|
#define IRP_MOUNT_COMPLETION 0x00000002
|
|
#define IRP_SYNCHRONOUS_API 0x00000004
|
|
#define IRP_ASSOCIATED_IRP 0x00000008
|
|
#define IRP_BUFFERED_IO 0x00000010
|
|
#define IRP_DEALLOCATE_BUFFER 0x00000020
|
|
#define IRP_INPUT_OPERATION 0x00000040
|
|
#define IRP_SYNCHRONOUS_PAGING_IO 0x00000040
|
|
#define IRP_CREATE_OPERATION 0x00000080
|
|
#define IRP_READ_OPERATION 0x00000100
|
|
#define IRP_WRITE_OPERATION 0x00000200
|
|
#define IRP_CLOSE_OPERATION 0x00000400
|
|
#define IRP_DEFER_IO_COMPLETION 0x00000800
|
|
#define IRP_OB_QUERY_NAME 0x00001000
|
|
#define IRP_HOLD_DEVICE_QUEUE 0x00002000
|
|
#define IRP_RETRY_IO_COMPLETION 0x00004000
|
|
#define IRP_CLASS_CACHE_OPERATION 0x00008000
|
|
#define IRP_SET_USER_EVENT IRP_CLOSE_OPERATION
|
|
|
|
/* IRP I/O control flags */
|
|
|
|
#define IRP_QUOTA_CHARGED 0x01
|
|
#define IRP_ALLOCATED_MUST_SUCCEED 0x02
|
|
#define IRP_ALLOCATED_FIXED_SIZE 0x04
|
|
#define IRP_LOOKASIDE_ALLOCATION 0x08
|
|
|
|
/* I/O method types */
|
|
|
|
#define METHOD_BUFFERED 0
|
|
#define METHOD_IN_DIRECT 1
|
|
#define METHOD_OUT_DIRECT 2
|
|
#define METHOD_NEITHER 3
|
|
|
|
/* File access types */
|
|
|
|
#define FILE_ANY_ACCESS 0x0000
|
|
#define FILE_SPECIAL_ACCESS FILE_ANY_ACCESS
|
|
#define FILE_READ_ACCESS 0x0001
|
|
#define FILE_WRITE_ACCESS 0x0002
|
|
|
|
/* Recover I/O access method from IOCTL code. */
|
|
|
|
#define IO_METHOD(x) ((x) & 0xFFFFFFFC)
|
|
|
|
/* Recover function code from IOCTL code */
|
|
|
|
#define IO_FUNC(x) (((x) & 0x7FFC) >> 2)
|
|
|
|
/* Macro to construct an IOCTL code. */
|
|
|
|
#define IOCTL_CODE(dev, func, iomethod, acc) \
|
|
((dev) << 16) | (acc << 14) | (func << 2) | (iomethod))
|
|
|
|
|
|
struct io_status_block {
|
|
union {
|
|
uint32_t isb_status;
|
|
void *isb_ptr;
|
|
} u;
|
|
register_t isb_info;
|
|
};
|
|
#define isb_status u.isb_status
|
|
#define isb_ptr u.isb_ptr
|
|
|
|
typedef struct io_status_block io_status_block;
|
|
|
|
struct kapc {
|
|
uint16_t apc_type;
|
|
uint16_t apc_size;
|
|
uint32_t apc_spare0;
|
|
void *apc_thread;
|
|
list_entry apc_list;
|
|
void *apc_kernfunc;
|
|
void *apc_rundownfunc;
|
|
void *apc_normalfunc;
|
|
void *apc_normctx;
|
|
void *apc_sysarg1;
|
|
void *apc_sysarg2;
|
|
uint8_t apc_stateidx;
|
|
uint8_t apc_cpumode;
|
|
uint8_t apc_inserted;
|
|
};
|
|
|
|
typedef struct kapc kapc;
|
|
|
|
typedef uint32_t (*completion_func)(device_object *,
|
|
struct irp *, void *);
|
|
typedef uint32_t (*cancel_func)(device_object *,
|
|
struct irp *);
|
|
|
|
struct io_stack_location {
|
|
uint8_t isl_major;
|
|
uint8_t isl_minor;
|
|
uint8_t isl_flags;
|
|
uint8_t isl_ctl;
|
|
|
|
/*
|
|
* There's a big-ass union here in the actual Windows
|
|
* definition of the stucture, but it contains stuff
|
|
* that doesn't really apply to BSD, and defining it
|
|
* all properly would require duplicating over a dozen
|
|
* other structures that we'll never use. Since the
|
|
* io_stack_location structure is opaque to drivers
|
|
* anyway, I'm not going to bother with the extra crap.
|
|
*/
|
|
|
|
union {
|
|
struct {
|
|
uint32_t isl_len;
|
|
uint32_t *isl_key;
|
|
uint64_t isl_byteoff;
|
|
} isl_read;
|
|
struct {
|
|
uint32_t isl_len;
|
|
uint32_t *isl_key;
|
|
uint64_t isl_byteoff;
|
|
} isl_write;
|
|
struct {
|
|
uint32_t isl_obuflen;
|
|
uint32_t isl_ibuflen;
|
|
uint32_t isl_iocode;
|
|
void *isl_type3ibuf;
|
|
} isl_ioctl;
|
|
struct {
|
|
void *isl_arg1;
|
|
void *isl_arg2;
|
|
void *isl_arg3;
|
|
void *isl_arg4;
|
|
} isl_others;
|
|
} isl_parameters __attribute__((packed));
|
|
|
|
void *isl_devobj;
|
|
void *isl_fileobj;
|
|
completion_func isl_completionfunc;
|
|
void *isl_completionctx;
|
|
};
|
|
|
|
typedef struct io_stack_location io_stack_location;
|
|
|
|
/* Stack location control flags */
|
|
|
|
#define SL_PENDING_RETURNED 0x01
|
|
#define SL_INVOKE_ON_CANCEL 0x20
|
|
#define SL_INVOKE_ON_SUCCESS 0x40
|
|
#define SL_INVOKE_ON_ERROR 0x80
|
|
|
|
struct irp {
|
|
uint16_t irp_type;
|
|
uint16_t irp_size;
|
|
mdl *irp_mdl;
|
|
uint32_t irp_flags;
|
|
union {
|
|
struct irp *irp_master;
|
|
uint32_t irp_irpcnt;
|
|
void *irp_sysbuf;
|
|
} irp_assoc;
|
|
list_entry irp_thlist;
|
|
io_status_block irp_iostat;
|
|
uint8_t irp_reqmode;
|
|
uint8_t irp_pendingreturned;
|
|
uint8_t irp_stackcnt;
|
|
uint8_t irp_currentstackloc;
|
|
uint8_t irp_cancel;
|
|
uint8_t irp_cancelirql;
|
|
uint8_t irp_apcenv;
|
|
uint8_t irp_allocflags;
|
|
io_status_block *irp_usriostat;
|
|
nt_kevent *irp_usrevent;
|
|
union {
|
|
struct {
|
|
void *irp_apcfunc;
|
|
void *irp_apcctx;
|
|
} irp_asyncparms;
|
|
uint64_t irp_allocsz;
|
|
} irp_overlay;
|
|
cancel_func irp_cancelfunc;
|
|
void *irp_userbuf;
|
|
|
|
/* Windows kernel info */
|
|
|
|
union {
|
|
struct {
|
|
union {
|
|
kdevice_qentry irp_dqe;
|
|
struct {
|
|
void *irp_drvctx[4];
|
|
} s1;
|
|
} u1;
|
|
void *irp_thread;
|
|
char *irp_auxbuf;
|
|
struct {
|
|
list_entry irp_list;
|
|
union {
|
|
io_stack_location *irp_csl;
|
|
uint32_t irp_pkttype;
|
|
} u2;
|
|
} s2;
|
|
void *irp_fileobj;
|
|
} irp_overlay;
|
|
union {
|
|
kapc irp_apc;
|
|
struct {
|
|
void *irp_ep;
|
|
void *irp_dev;
|
|
} irp_usb;
|
|
} irp_misc;
|
|
void *irp_compkey;
|
|
} irp_tail;
|
|
};
|
|
|
|
#define irp_csl s2.u2.irp_csl
|
|
#define irp_pkttype s2.u2.irp_pkttype
|
|
|
|
#define IRP_NDIS_DEV(irp) (irp)->irp_tail.irp_misc.irp_usb.irp_dev
|
|
#define IRP_NDISUSB_EP(irp) (irp)->irp_tail.irp_misc.irp_usb.irp_ep
|
|
|
|
typedef struct irp irp;
|
|
|
|
#define InterlockedExchangePointer(dst, val) \
|
|
(void *)InterlockedExchange((uint32_t *)(dst), (uintptr_t)(val))
|
|
|
|
#define IoSizeOfIrp(ssize) \
|
|
((uint16_t) (sizeof(irp) + ((ssize) * (sizeof(io_stack_location)))))
|
|
|
|
#define IoSetCancelRoutine(irp, func) \
|
|
(cancel_func)InterlockedExchangePointer( \
|
|
(void *)&(ip)->irp_cancelfunc, (void *)(func))
|
|
|
|
#define IoSetCancelValue(irp, val) \
|
|
(u_long)InterlockedExchangePointer( \
|
|
(void *)&(ip)->irp_cancel, (void *)(val))
|
|
|
|
#define IoGetCurrentIrpStackLocation(irp) \
|
|
(irp)->irp_tail.irp_overlay.irp_csl
|
|
|
|
#define IoGetNextIrpStackLocation(irp) \
|
|
((irp)->irp_tail.irp_overlay.irp_csl - 1)
|
|
|
|
#define IoSetNextIrpStackLocation(irp) \
|
|
do { \
|
|
irp->irp_currentstackloc--; \
|
|
irp->irp_tail.irp_overlay.irp_csl--; \
|
|
} while(0)
|
|
|
|
#define IoSetCompletionRoutine(irp, func, ctx, ok, err, cancel) \
|
|
do { \
|
|
io_stack_location *s; \
|
|
s = IoGetNextIrpStackLocation((irp)); \
|
|
s->isl_completionfunc = (func); \
|
|
s->isl_completionctx = (ctx); \
|
|
s->isl_ctl = 0; \
|
|
if (ok) s->isl_ctl = SL_INVOKE_ON_SUCCESS; \
|
|
if (err) s->isl_ctl |= SL_INVOKE_ON_ERROR; \
|
|
if (cancel) s->isl_ctl |= SL_INVOKE_ON_CANCEL; \
|
|
} while(0)
|
|
|
|
#define IoMarkIrpPending(irp) \
|
|
IoGetCurrentIrpStackLocation(irp)->isl_ctl |= SL_PENDING_RETURNED
|
|
#define IoUnmarkIrpPending(irp) \
|
|
IoGetCurrentIrpStackLocation(irp)->isl_ctl &= ~SL_PENDING_RETURNED
|
|
|
|
#define IoCopyCurrentIrpStackLocationToNext(irp) \
|
|
do { \
|
|
io_stack_location *src, *dst; \
|
|
src = IoGetCurrentIrpStackLocation(irp); \
|
|
dst = IoGetNextIrpStackLocation(irp); \
|
|
bcopy((char *)src, (char *)dst, \
|
|
offsetof(io_stack_location, isl_completionfunc)); \
|
|
} while(0)
|
|
|
|
#define IoSkipCurrentIrpStackLocation(irp) \
|
|
do { \
|
|
(irp)->irp_currentstackloc++; \
|
|
(irp)->irp_tail.irp_overlay.irp_csl++; \
|
|
} while(0)
|
|
|
|
#define IoInitializeDpcRequest(dobj, dpcfunc) \
|
|
KeInitializeDpc(&(dobj)->do_dpc, dpcfunc, dobj)
|
|
|
|
#define IoRequestDpc(dobj, irp, ctx) \
|
|
KeInsertQueueDpc(&(dobj)->do_dpc, irp, ctx)
|
|
|
|
typedef uint32_t (*driver_dispatch)(device_object *, irp *);
|
|
|
|
/*
|
|
* The driver_object is allocated once for each driver that's loaded
|
|
* into the system. A new one is allocated for each driver and
|
|
* populated a bit via the driver's DriverEntry function.
|
|
* In general, a Windows DriverEntry() function will provide a pointer
|
|
* to its AddDevice() method and set up the dispatch table.
|
|
* For NDIS drivers, this is all done behind the scenes in the
|
|
* NdisInitializeWrapper() and/or NdisMRegisterMiniport() routines.
|
|
*/
|
|
|
|
struct driver_object {
|
|
uint16_t dro_type;
|
|
uint16_t dro_size;
|
|
device_object *dro_devobj;
|
|
uint32_t dro_flags;
|
|
void *dro_driverstart;
|
|
uint32_t dro_driversize;
|
|
void *dro_driversection;
|
|
driver_extension *dro_driverext;
|
|
unicode_string dro_drivername;
|
|
unicode_string *dro_hwdb;
|
|
void *dro_pfastiodispatch;
|
|
void *dro_driverinitfunc;
|
|
void *dro_driverstartiofunc;
|
|
void *dro_driverunloadfunc;
|
|
driver_dispatch dro_dispatch[IRP_MJ_MAXIMUM_FUNCTION + 1];
|
|
};
|
|
|
|
typedef struct driver_object driver_object;
|
|
|
|
#define DEVPROP_DEVICE_DESCRIPTION 0x00000000
|
|
#define DEVPROP_HARDWARE_ID 0x00000001
|
|
#define DEVPROP_COMPATIBLE_IDS 0x00000002
|
|
#define DEVPROP_BOOTCONF 0x00000003
|
|
#define DEVPROP_BOOTCONF_TRANSLATED 0x00000004
|
|
#define DEVPROP_CLASS_NAME 0x00000005
|
|
#define DEVPROP_CLASS_GUID 0x00000006
|
|
#define DEVPROP_DRIVER_KEYNAME 0x00000007
|
|
#define DEVPROP_MANUFACTURER 0x00000008
|
|
#define DEVPROP_FRIENDLYNAME 0x00000009
|
|
#define DEVPROP_LOCATION_INFO 0x0000000A
|
|
#define DEVPROP_PHYSDEV_NAME 0x0000000B
|
|
#define DEVPROP_BUSTYPE_GUID 0x0000000C
|
|
#define DEVPROP_LEGACY_BUSTYPE 0x0000000D
|
|
#define DEVPROP_BUS_NUMBER 0x0000000E
|
|
#define DEVPROP_ENUMERATOR_NAME 0x0000000F
|
|
#define DEVPROP_ADDRESS 0x00000010
|
|
#define DEVPROP_UINUMBER 0x00000011
|
|
#define DEVPROP_INSTALL_STATE 0x00000012
|
|
#define DEVPROP_REMOVAL_POLICY 0x00000013
|
|
|
|
/* Various supported device types (used with IoCreateDevice()) */
|
|
|
|
#define FILE_DEVICE_BEEP 0x00000001
|
|
#define FILE_DEVICE_CD_ROM 0x00000002
|
|
#define FILE_DEVICE_CD_ROM_FILE_SYSTEM 0x00000003
|
|
#define FILE_DEVICE_CONTROLLER 0x00000004
|
|
#define FILE_DEVICE_DATALINK 0x00000005
|
|
#define FILE_DEVICE_DFS 0x00000006
|
|
#define FILE_DEVICE_DISK 0x00000007
|
|
#define FILE_DEVICE_DISK_FILE_SYSTEM 0x00000008
|
|
#define FILE_DEVICE_FILE_SYSTEM 0x00000009
|
|
#define FILE_DEVICE_INPORT_PORT 0x0000000A
|
|
#define FILE_DEVICE_KEYBOARD 0x0000000B
|
|
#define FILE_DEVICE_MAILSLOT 0x0000000C
|
|
#define FILE_DEVICE_MIDI_IN 0x0000000D
|
|
#define FILE_DEVICE_MIDI_OUT 0x0000000E
|
|
#define FILE_DEVICE_MOUSE 0x0000000F
|
|
#define FILE_DEVICE_MULTI_UNC_PROVIDER 0x00000010
|
|
#define FILE_DEVICE_NAMED_PIPE 0x00000011
|
|
#define FILE_DEVICE_NETWORK 0x00000012
|
|
#define FILE_DEVICE_NETWORK_BROWSER 0x00000013
|
|
#define FILE_DEVICE_NETWORK_FILE_SYSTEM 0x00000014
|
|
#define FILE_DEVICE_NULL 0x00000015
|
|
#define FILE_DEVICE_PARALLEL_PORT 0x00000016
|
|
#define FILE_DEVICE_PHYSICAL_NETCARD 0x00000017
|
|
#define FILE_DEVICE_PRINTER 0x00000018
|
|
#define FILE_DEVICE_SCANNER 0x00000019
|
|
#define FILE_DEVICE_SERIAL_MOUSE_PORT 0x0000001A
|
|
#define FILE_DEVICE_SERIAL_PORT 0x0000001B
|
|
#define FILE_DEVICE_SCREEN 0x0000001C
|
|
#define FILE_DEVICE_SOUND 0x0000001D
|
|
#define FILE_DEVICE_STREAMS 0x0000001E
|
|
#define FILE_DEVICE_TAPE 0x0000001F
|
|
#define FILE_DEVICE_TAPE_FILE_SYSTEM 0x00000020
|
|
#define FILE_DEVICE_TRANSPORT 0x00000021
|
|
#define FILE_DEVICE_UNKNOWN 0x00000022
|
|
#define FILE_DEVICE_VIDEO 0x00000023
|
|
#define FILE_DEVICE_VIRTUAL_DISK 0x00000024
|
|
#define FILE_DEVICE_WAVE_IN 0x00000025
|
|
#define FILE_DEVICE_WAVE_OUT 0x00000026
|
|
#define FILE_DEVICE_8042_PORT 0x00000027
|
|
#define FILE_DEVICE_NETWORK_REDIRECTOR 0x00000028
|
|
#define FILE_DEVICE_BATTERY 0x00000029
|
|
#define FILE_DEVICE_BUS_EXTENDER 0x0000002A
|
|
#define FILE_DEVICE_MODEM 0x0000002B
|
|
#define FILE_DEVICE_VDM 0x0000002C
|
|
#define FILE_DEVICE_MASS_STORAGE 0x0000002D
|
|
#define FILE_DEVICE_SMB 0x0000002E
|
|
#define FILE_DEVICE_KS 0x0000002F
|
|
#define FILE_DEVICE_CHANGER 0x00000030
|
|
#define FILE_DEVICE_SMARTCARD 0x00000031
|
|
#define FILE_DEVICE_ACPI 0x00000032
|
|
#define FILE_DEVICE_DVD 0x00000033
|
|
#define FILE_DEVICE_FULLSCREEN_VIDEO 0x00000034
|
|
#define FILE_DEVICE_DFS_FILE_SYSTEM 0x00000035
|
|
#define FILE_DEVICE_DFS_VOLUME 0x00000036
|
|
#define FILE_DEVICE_SERENUM 0x00000037
|
|
#define FILE_DEVICE_TERMSRV 0x00000038
|
|
#define FILE_DEVICE_KSEC 0x00000039
|
|
#define FILE_DEVICE_FIPS 0x0000003A
|
|
|
|
/* Device characteristics */
|
|
|
|
#define FILE_REMOVABLE_MEDIA 0x00000001
|
|
#define FILE_READ_ONLY_DEVICE 0x00000002
|
|
#define FILE_FLOPPY_DISKETTE 0x00000004
|
|
#define FILE_WRITE_ONCE_MEDIA 0x00000008
|
|
#define FILE_REMOTE_DEVICE 0x00000010
|
|
#define FILE_DEVICE_IS_MOUNTED 0x00000020
|
|
#define FILE_VIRTUAL_VOLUME 0x00000040
|
|
#define FILE_AUTOGENERATED_DEVICE_NAME 0x00000080
|
|
#define FILE_DEVICE_SECURE_OPEN 0x00000100
|
|
|
|
/* Status codes */
|
|
|
|
#define STATUS_SUCCESS 0x00000000
|
|
#define STATUS_USER_APC 0x000000C0
|
|
#define STATUS_KERNEL_APC 0x00000100
|
|
#define STATUS_ALERTED 0x00000101
|
|
#define STATUS_TIMEOUT 0x00000102
|
|
#define STATUS_PENDING 0x00000103
|
|
#define STATUS_FAILURE 0xC0000001
|
|
#define STATUS_NOT_IMPLEMENTED 0xC0000002
|
|
#define STATUS_ACCESS_VIOLATION 0xC0000005
|
|
#define STATUS_INVALID_PARAMETER 0xC000000D
|
|
#define STATUS_INVALID_DEVICE_REQUEST 0xC0000010
|
|
#define STATUS_MORE_PROCESSING_REQUIRED 0xC0000016
|
|
#define STATUS_NO_MEMORY 0xC0000017
|
|
#define STATUS_BUFFER_TOO_SMALL 0xC0000023
|
|
#define STATUS_MUTANT_NOT_OWNED 0xC0000046
|
|
#define STATUS_NOT_SUPPORTED 0xC00000BB
|
|
#define STATUS_INVALID_PARAMETER_2 0xC00000F0
|
|
#define STATUS_INSUFFICIENT_RESOURCES 0xC000009A
|
|
#define STATUS_DEVICE_NOT_CONNECTED 0xC000009D
|
|
#define STATUS_CANCELLED 0xC0000120
|
|
#define STATUS_NOT_FOUND 0xC0000225
|
|
#define STATUS_DEVICE_REMOVED 0xC00002B6
|
|
|
|
#define STATUS_WAIT_0 0x00000000
|
|
|
|
/* Memory pool types, for ExAllocatePoolWithTag() */
|
|
|
|
#define NonPagedPool 0x00000000
|
|
#define PagedPool 0x00000001
|
|
#define NonPagedPoolMustSucceed 0x00000002
|
|
#define DontUseThisType 0x00000003
|
|
#define NonPagedPoolCacheAligned 0x00000004
|
|
#define PagedPoolCacheAligned 0x00000005
|
|
#define NonPagedPoolCacheAlignedMustS 0x00000006
|
|
#define MaxPoolType 0x00000007
|
|
|
|
/*
|
|
* IO_WORKITEM is an opaque structures that must be allocated
|
|
* via IoAllocateWorkItem() and released via IoFreeWorkItem().
|
|
* Consequently, we can define it any way we want.
|
|
*/
|
|
typedef void (*io_workitem_func)(device_object *, void *);
|
|
|
|
struct io_workitem {
|
|
io_workitem_func iw_func;
|
|
void *iw_ctx;
|
|
list_entry iw_listentry;
|
|
device_object *iw_dobj;
|
|
int iw_idx;
|
|
};
|
|
|
|
typedef struct io_workitem io_workitem;
|
|
|
|
#define WORKQUEUE_CRITICAL 0
|
|
#define WORKQUEUE_DELAYED 1
|
|
#define WORKQUEUE_HYPERCRITICAL 2
|
|
|
|
#define WORKITEM_THREADS 4
|
|
#define WORKITEM_LEGACY_THREAD 3
|
|
#define WORKIDX_INC(x) (x) = (x + 1) % WORKITEM_LEGACY_THREAD
|
|
|
|
/*
|
|
* Older, deprecated work item API, needed to support NdisQueueWorkItem().
|
|
*/
|
|
|
|
struct work_queue_item;
|
|
|
|
typedef void (*work_item_func)(struct work_queue_item *, void *);
|
|
|
|
struct work_queue_item {
|
|
list_entry wqi_entry;
|
|
work_item_func wqi_func;
|
|
void *wqi_ctx;
|
|
};
|
|
|
|
typedef struct work_queue_item work_queue_item;
|
|
|
|
#define ExInitializeWorkItem(w, func, ctx) \
|
|
do { \
|
|
(w)->wqi_func = (func); \
|
|
(w)->wqi_ctx = (ctx); \
|
|
InitializeListHead(&((w)->wqi_entry)); \
|
|
} while (0)
|
|
|
|
/*
|
|
* FreeBSD's kernel stack is 2 pages in size by default. The
|
|
* Windows stack is larger, so we need to give our threads more
|
|
* stack pages. 4 should be enough, we use 8 just to extra safe.
|
|
*/
|
|
#define NDIS_KSTACK_PAGES 8
|
|
|
|
/*
|
|
* Different kinds of function wrapping we can do.
|
|
*/
|
|
|
|
#define WINDRV_WRAP_STDCALL 1
|
|
#define WINDRV_WRAP_FASTCALL 2
|
|
#define WINDRV_WRAP_REGPARM 3
|
|
#define WINDRV_WRAP_CDECL 4
|
|
#define WINDRV_WRAP_AMD64 5
|
|
|
|
struct drvdb_ent {
|
|
driver_object *windrv_object;
|
|
void *windrv_devlist;
|
|
ndis_cfg *windrv_regvals;
|
|
interface_type windrv_bustype;
|
|
STAILQ_ENTRY(drvdb_ent) link;
|
|
};
|
|
|
|
extern image_patch_table ntoskrnl_functbl[];
|
|
#ifdef __amd64__
|
|
extern struct kuser_shared_data kuser_shared_data;
|
|
#endif
|
|
typedef void (*funcptr)(void);
|
|
typedef int (*matchfuncptr)(interface_type, void *, void *);
|
|
|
|
__BEGIN_DECLS
|
|
extern int windrv_libinit(void);
|
|
extern int windrv_libfini(void);
|
|
extern driver_object *windrv_lookup(vm_offset_t, char *);
|
|
extern struct drvdb_ent *windrv_match(matchfuncptr, void *);
|
|
extern int windrv_load(module_t, vm_offset_t, int, interface_type,
|
|
void *, ndis_cfg *);
|
|
extern int windrv_unload(module_t, vm_offset_t, int);
|
|
extern int windrv_create_pdo(driver_object *, device_t);
|
|
extern void windrv_destroy_pdo(driver_object *, device_t);
|
|
extern device_object *windrv_find_pdo(driver_object *, device_t);
|
|
extern int windrv_bus_attach(driver_object *, char *);
|
|
extern int windrv_wrap(funcptr, funcptr *, int, int);
|
|
extern int windrv_unwrap(funcptr);
|
|
extern void ctxsw_utow(void);
|
|
extern void ctxsw_wtou(void);
|
|
|
|
extern int ntoskrnl_libinit(void);
|
|
extern int ntoskrnl_libfini(void);
|
|
|
|
extern void ntoskrnl_intr(void *);
|
|
extern void ntoskrnl_time(uint64_t *);
|
|
|
|
extern uint16_t ExQueryDepthSList(slist_header *);
|
|
extern slist_entry
|
|
*InterlockedPushEntrySList(slist_header *, slist_entry *);
|
|
extern slist_entry *InterlockedPopEntrySList(slist_header *);
|
|
extern uint32_t RtlUnicodeStringToAnsiString(ansi_string *,
|
|
unicode_string *, uint8_t);
|
|
extern uint32_t RtlAnsiStringToUnicodeString(unicode_string *,
|
|
ansi_string *, uint8_t);
|
|
extern void RtlInitAnsiString(ansi_string *, char *);
|
|
extern void RtlInitUnicodeString(unicode_string *,
|
|
uint16_t *);
|
|
extern void RtlFreeUnicodeString(unicode_string *);
|
|
extern void RtlFreeAnsiString(ansi_string *);
|
|
extern void KeInitializeDpc(kdpc *, void *, void *);
|
|
extern uint8_t KeInsertQueueDpc(kdpc *, void *, void *);
|
|
extern uint8_t KeRemoveQueueDpc(kdpc *);
|
|
extern void KeSetImportanceDpc(kdpc *, uint32_t);
|
|
extern void KeSetTargetProcessorDpc(kdpc *, uint8_t);
|
|
extern void KeFlushQueuedDpcs(void);
|
|
extern uint32_t KeGetCurrentProcessorNumber(void);
|
|
extern void KeInitializeTimer(ktimer *);
|
|
extern void KeInitializeTimerEx(ktimer *, uint32_t);
|
|
extern uint8_t KeSetTimer(ktimer *, int64_t, kdpc *);
|
|
extern uint8_t KeSetTimerEx(ktimer *, int64_t, uint32_t, kdpc *);
|
|
extern uint8_t KeCancelTimer(ktimer *);
|
|
extern uint8_t KeReadStateTimer(ktimer *);
|
|
extern uint32_t KeWaitForSingleObject(void *, uint32_t,
|
|
uint32_t, uint8_t, int64_t *);
|
|
extern void KeInitializeEvent(nt_kevent *, uint32_t, uint8_t);
|
|
extern void KeClearEvent(nt_kevent *);
|
|
extern uint32_t KeReadStateEvent(nt_kevent *);
|
|
extern uint32_t KeSetEvent(nt_kevent *, uint32_t, uint8_t);
|
|
extern uint32_t KeResetEvent(nt_kevent *);
|
|
#ifdef __i386__
|
|
extern void KefAcquireSpinLockAtDpcLevel(kspin_lock *);
|
|
extern void KefReleaseSpinLockFromDpcLevel(kspin_lock *);
|
|
extern uint8_t KeAcquireSpinLockRaiseToDpc(kspin_lock *);
|
|
#else
|
|
extern void KeAcquireSpinLockAtDpcLevel(kspin_lock *);
|
|
extern void KeReleaseSpinLockFromDpcLevel(kspin_lock *);
|
|
#endif
|
|
extern void KeInitializeSpinLock(kspin_lock *);
|
|
extern uint8_t KeAcquireInterruptSpinLock(kinterrupt *);
|
|
extern void KeReleaseInterruptSpinLock(kinterrupt *, uint8_t);
|
|
extern uint8_t KeSynchronizeExecution(kinterrupt *, void *, void *);
|
|
extern uintptr_t InterlockedExchange(volatile uint32_t *,
|
|
uintptr_t);
|
|
extern void *ExAllocatePoolWithTag(uint32_t, size_t, uint32_t);
|
|
extern void ExFreePool(void *);
|
|
extern uint32_t IoConnectInterrupt(kinterrupt **, void *, void *,
|
|
kspin_lock *, uint32_t, uint8_t, uint8_t, uint8_t, uint8_t,
|
|
uint32_t, uint8_t);
|
|
extern uint8_t MmIsAddressValid(void *);
|
|
extern void *MmGetSystemRoutineAddress(unicode_string *);
|
|
extern void *MmMapIoSpace(uint64_t, uint32_t, uint32_t);
|
|
extern void MmUnmapIoSpace(void *, size_t);
|
|
extern void MmBuildMdlForNonPagedPool(mdl *);
|
|
extern void IoDisconnectInterrupt(kinterrupt *);
|
|
extern uint32_t IoAllocateDriverObjectExtension(driver_object *,
|
|
void *, uint32_t, void **);
|
|
extern void *IoGetDriverObjectExtension(driver_object *, void *);
|
|
extern uint32_t IoCreateDevice(driver_object *, uint32_t,
|
|
unicode_string *, uint32_t, uint32_t, uint8_t, device_object **);
|
|
extern void IoDeleteDevice(device_object *);
|
|
extern device_object *IoGetAttachedDevice(device_object *);
|
|
extern uint32_t IofCallDriver(device_object *, irp *);
|
|
extern void IofCompleteRequest(irp *, uint8_t);
|
|
extern void IoAcquireCancelSpinLock(uint8_t *);
|
|
extern void IoReleaseCancelSpinLock(uint8_t);
|
|
extern uint8_t IoCancelIrp(irp *);
|
|
extern void IoDetachDevice(device_object *);
|
|
extern device_object *IoAttachDeviceToDeviceStack(device_object *,
|
|
device_object *);
|
|
extern mdl *IoAllocateMdl(void *, uint32_t, uint8_t, uint8_t, irp *);
|
|
extern void IoFreeMdl(mdl *);
|
|
extern io_workitem *IoAllocateWorkItem(device_object *);
|
|
extern void ExQueueWorkItem(work_queue_item *, u_int32_t);
|
|
extern void IoFreeWorkItem(io_workitem *);
|
|
extern void IoQueueWorkItem(io_workitem *, io_workitem_func,
|
|
uint32_t, void *);
|
|
|
|
#define IoCallDriver(a, b) IofCallDriver(a, b)
|
|
#define IoCompleteRequest(a, b) IofCompleteRequest(a, b)
|
|
|
|
/*
|
|
* On the Windows x86 arch, KeAcquireSpinLock() and KeReleaseSpinLock()
|
|
* routines live in the HAL. We try to imitate this behavior.
|
|
*/
|
|
#ifdef __i386__
|
|
#define KI_USER_SHARED_DATA 0xffdf0000
|
|
#define KeAcquireSpinLock(a, b) *(b) = KfAcquireSpinLock(a)
|
|
#define KeReleaseSpinLock(a, b) KfReleaseSpinLock(a, b)
|
|
#define KeRaiseIrql(a, b) *(b) = KfRaiseIrql(a)
|
|
#define KeLowerIrql(a) KfLowerIrql(a)
|
|
#define KeAcquireSpinLockAtDpcLevel(a) KefAcquireSpinLockAtDpcLevel(a)
|
|
#define KeReleaseSpinLockFromDpcLevel(a) KefReleaseSpinLockFromDpcLevel(a)
|
|
#endif /* __i386__ */
|
|
|
|
#ifdef __amd64__
|
|
#define KI_USER_SHARED_DATA 0xfffff78000000000UL
|
|
#define KeAcquireSpinLock(a, b) *(b) = KfAcquireSpinLock(a)
|
|
#define KeReleaseSpinLock(a, b) KfReleaseSpinLock(a, b)
|
|
|
|
/*
|
|
* These may need to be redefined later;
|
|
* not sure where they live on amd64 yet.
|
|
*/
|
|
#define KeRaiseIrql(a, b) *(b) = KfRaiseIrql(a)
|
|
#define KeLowerIrql(a) KfLowerIrql(a)
|
|
#endif /* __amd64__ */
|
|
|
|
__END_DECLS
|
|
|
|
#endif /* _NTOSKRNL_VAR_H_ */
|