flat assembler
Message board for the users of flat assembler.

Index > Main > struct ---> struc

Goto page Previous  1, 2
Author
Thread Post new topic Reply to topic
ouadji



Joined: 24 Dec 2008
Posts: 1081
Location: Belgium
ouadji

yes, you're right

(early twenties ? ... hummm , memories ! Confused)


Razz Wink

_________________
I am not young enough to know everything (Oscar Wilde)- Image
Post 12 Oct 2010, 14:34
View user's profile Send private message Send e-mail Reply with quote
edfed



Joined: 20 Feb 2006
Posts: 4242
Location: 2018
edfed
i'm in my late twenties, but i always look younger, even in real world. Very Happy

and no, i don't understand the virtual thing more than the low level adress computation.

in my code, i never use struc.
instead of that, i always use a label desciption like this:
i presume that's what is concerned when man say i have an unhortodox coding style
Code:
func:
.param0=0
.param1=2
.param2=4
movsx eax,word[ebp+.param1]
movsx ebx,word[ebp+.param2]
imul eax,ebx
mov [ebp+.param0],ax
ret
    

and to use this from another part of code:
Code:
mov ebp,esp
push word 0 word 100 word 200
call func
mov ax,[ebp+func.param0]
    


that's my way to struct the code.
of course, parameters don't have data size assigned, then i should always prefix what is the size of the data.

Code:
movsx eax,word[ebp+func.param]
    

that's the only bad point i have with this method, because it lets have a completelly flat control of the structures. nothing can be hidden in the source.


Last edited by edfed on 13 Oct 2010, 11:20; edited 2 times in total
Post 12 Oct 2010, 20:21
View user's profile Send private message Visit poster's website Reply with quote
baldr



Joined: 19 Mar 2008
Posts: 1651
baldr
edfed,

There is something strange with your code, I must admit. Size operator for push… well, there is push imm8, but 200 won't fit in signed byte. Even if it will, pushed value will be 16/32 bits in size, so its EA should be something like ebp+8.
Post 13 Oct 2010, 06:36
View user's profile Send private message Reply with quote
edfed



Joined: 20 Feb 2006
Posts: 4242
Location: 2018
edfed
yes, it was just an example to demonstrate the idea, then, it can have some unexactness.
i will correct it.
Post 13 Oct 2010, 11:13
View user's profile Send private message Visit poster's website Reply with quote
3200th



Joined: 23 Nov 2008
Posts: 84
Location: perfect match
3200th
edfed wrote:
i'm in my late twenties, but i always look younger, even in real world.
Yes ... you're 28! Razz Wink
Post 13 Oct 2010, 12:09
View user's profile Send private message Reply with quote
Treant



Joined: 09 Oct 2009
Posts: 16
Location: Russia
Treant
Tomasz, why you did not add features for 'struc' such as unions and substructures?
I think struc and other should be compiler features, not macro, and i think
compiler internals more important than readable source.
Also why virtual directive not support 'virtual {}' define as struc directive?
P.S Sorry for my english.
Post 24 Oct 2010, 13:28
View user's profile Send private message Reply with quote
Tomasz Grysztar



Joined: 16 Jun 2003
Posts: 7796
Location: Kraków, Poland
Tomasz Grysztar
Treant wrote:
Tomasz, why you did not add features for 'struc' such as unions and substructures?
"struc" is just a special variant of macroinstruction. Those preprocessor features were designed to provide substantial flexibility, so that syntax can be then customized with macro packages like "struct" (that's what I called "complex solutions with simple features" paradigm).

But with classical fasm's approach "virtual" directive was enough to implement structures, unions, etc. The only problem with such approach was that it is a syntax that is highly nonstandard (though very generic).

Treant wrote:
Also why virtual directive not support 'virtual {}' define as struc directive?
P.S Sorry for my english.
They are elements of two different languages imposed on each other. The syntax of fasm's preprocessor uses braces to enclose blocks, while the syntax of fasm's assembler uses the "end" directive. As it is important to be able to distinguish those two layers, such distinct syntax schemes were chosen for those two languages.

To learn more about those topics, please read my Design Principles and Understanding flat assembler (unfinished) articles.
Post 24 Oct 2010, 13:50
View user's profile Send private message Visit poster's website Reply with quote
Treant



Joined: 09 Oct 2009
Posts: 16
Location: Russia
Treant
Do I need use padding in struct directive for define x64 structures such as:
Code:
struc _IO_STACK_LOCATION
{
 label .MajorFunction byte at 0 ; 00h UCHAR
 label .MinorFunction byte at 1 ; 01h UCHAR
 label .Flags         byte at 2 ; 02h UCHAR
 label .Control       byte at 3 ; 03h UCHAR
                    ; dword     ; padding
 ; union Parameters ; 32 bytes
  ; struc Create ; 32 bytes
   label .Parameters.Create.SecurityContext qword at 8   ; 08h POINTER _IO_SECURITY_CONTEXT
   label .Parameters.Create.Options         dword at 10h ; 10h ULONG
                                          ; dword        ; padding
   label .Parameters.Create.FileAttributes   word at 18h ; 18h USHORT POINTER_ALIGNMENT
   label .Parameters.Create.ShareAccess      word at 1Ah ; 1Ah USHORT
                                          ; dword        ; padding
   label .Parameters.Create.EaLength        dword at 20h ; 20h ULONG POINTER_ALIGNMENT
                                          ; dword        ; padding
  ; struc Read ; 24 bytes
   label .Parameters.Read.Length     dword at 8    ; 08h ULONG
                                   ; dword         ; padding
   label .Parameters.Read.Key        dword at 10h  ; 10h ULONG POINTER_ALIGNMENT
                                   ; dword         ; padding
   label .Parameters.Read.ByteOffset qword at 18h  ; 18h _LARGE_INTEGER <64 bit>
  ; struc Write ; 24 bytes
   label .Parameters.Write.Length     dword at 8    ; 08h ULONG
                                    ; dword         ; padding
   label .Parameters.Write.KeyKey     dword at 10h  ; 10h ULONG POINTER_ALIGNMENT
                                    ; dword         ; padding
   label .Parameters.Write.ByteOffset qword at 18h  ; 18h _LARGE_INTEGER <64 bit>
  ; struc QueryDirectory ; 32 bytes
   label .Parameters.QueryDirectory.Length               dword at 8   ; 08h ULONG
                                                       ; dword        ; padding
   label .Parameters.QueryDirectory.FileName             qword at 10h ; 10h POINTER _UNICODE_STRING
   label .Parameters.QueryDirectory.FileInformationClass dword at 18h ; 18h ENUM _FILE_INFORMATION_CLASS
                                                       ; dword        ; padding
   label .Parameters.QueryDirectory.FileIndex            dword at 20h ; 20h ULONG POINTER_ALIGNMENT
                                                       ; dword        ; padding
  ; struc NotifyDirectory ; 16 bytes
   label .Parameters.NotifyDirectory.Length           dword at 8   ; 08h ULONG
                                                    ; dword        ; padding
   label .Parameters.NotifyDirectory.CompletionFilter dword at 10h ; 10h ULONG POINTER_ALIGNMENT
                                                    ; dword        ; padding
  ; struc QueryFile ; 16 bytes
   label .Parameters.QueryFile.Length               dword at 8   ; 08h ULONG
                                                  ; dword        ; padding
   label .Parameters.QueryFile.FileInformationClass dword at 10h ; 10h ENUM _FILE_INFORMATION_CLASS POINTER_ALIGNMENT
                                                  ; dword        ; padding
  ; struc SetFile ; 32 bytes
   label .Parameters.SetFile.Length               dword at 8   ; 08h ULONG
                                                ; dword        ; padding
   label .Parameters.SetFile.FileInformationClass dword at 10h ; 10h ENUM _FILE_INFORMATION_CLASS POINTER_ALIGNMENT
                                                ; dword        ; padding
   label .Parameters.SetFile.FileObject           qword at 18h ; POINTER _FILE_OBJECT
   ; union
    ; struc
     label .Parameters.SetFile.ReplaceIfExists byte at 20h ; 20h BOOLEAN
     label .Parameters.SetFile.AdvanceOnly     byte at 21h ; 21h BOOLEAN
    label .Parameters.SetFile.ClusterCount dword at 20h ; 20h ULONG
                                         ; dword        ; padding
    label .Parameters.SetFile.DeleteHandle qword at 20h ; 20h HANDLE
  ; struc QueryEa ; 32 bytes
   label .Parameters.QueryEa.Length       dword at 8   ; 08h ULONG
                                        ; dword        ; padding
   label .Parameters.QueryEa.EaList       qword at 10h ; 10h POINTER
   label .Parameters.QueryEa.EaListLength dword at 18h ; 18h ULONG
                                        ; dword        ; padding
   label .Parameters.QueryEa.EaIndex      dword at 20h ; 20h ULONG POINTER_ALIGNMENT
                                        ; dword        ; padding
  ; struc SetEa ; 8 bytes
   label .Parameters.SetEa.Length dword at 8 ; ULONG
                                ; dword      ; padding
  ; struc QueryVolume ; 16 bytes
   label .Parameters.QueryVolume.Length             dword at 8   ; 08h ULONG
                                                  ; dword        ; padding
   label .Parameters.QueryVolume.FsInformationClass dword at 10h ; 10h ENUM _FILE_INFORMATION_CLASS POINTER_ALIGNMENT
                                                  ; dword        ; padding
  ; struc DeviceIoControl ; 32 bytes
   label .Parameters.DeviceIoControl.OutputBufferLength dword at 8   ; 08h ULONG
                                                      ; dword        ; padding
   label .Parameters.DeviceIoControl.InputBufferLength  dword at 10h ; 10h ULONG POINTER_ALIGNMENT
                                                      ; dword        ; padding
   label .Parameters.DeviceIoControl.IoControlCode      dword at 18h ; 18h ULONG POINTER_ALIGNMENT
                                                      ; dword        ; padding
   label .Parameters.DeviceIoControl.Type3InputBuffer   qword at 20h ; 20h POINTER
 label .DeviceObject      qword at 28h ; 28h POINTER _DEVICE_OBJECT
 label .FileObject        qword at 30h ; 30h POINTER _FILE_OBJECT
 label .CompletionRoutine qword at 38h ; 38h POINTER _IO_COMPLETION_ROUTINE
 label .Context           qword at 40h ; 40h POINTER
}    
Post 26 Oct 2010, 12:11
View user's profile Send private message Reply with quote
Treant



Joined: 09 Oct 2009
Posts: 16
Location: Russia
Treant
I check it, must be.
Post 26 Oct 2010, 12:27
View user's profile Send private message Reply with quote
Tomasz Grysztar



Joined: 16 Jun 2003
Posts: 7796
Location: Kraków, Poland
Tomasz Grysztar
You used "struc" in such way that it does not appear to make any sense. Why are you doing it like that?
Post 26 Oct 2010, 12:37
View user's profile Send private message Visit poster's website Reply with quote
Treant



Joined: 09 Oct 2009
Posts: 16
Location: Russia
Treant
I define virtual with it structure:
Code:
virtual at 0
 vIoStackLocation _IO_STACK_LOCATION
end virtual
    

And use it, as offset of register:
Code:
mov edi, [rax+vIoStackLocation.Parameters.DeviceIoControl.OutputBufferLength]
    

Can i define named union in struct?
Code:
union Parameters    

Return error: invalid macro arguments
Post 26 Oct 2010, 12:57
View user's profile Send private message Reply with quote
Tomasz Grysztar



Joined: 16 Jun 2003
Posts: 7796
Location: Kraków, Poland
Tomasz Grysztar
Treant wrote:
I define virtual with it structure:
Code:
virtual at 0
 vIoStackLocation _IO_STACK_LOCATION
end virtual    
Inside the _IO_STACK_LOCATION macro you just define labels at absolute addresses, so this "virtual" as absolutely useless here. It would be enough to write just:
Code:
vIoStackLocation _IO_STACK_LOCATION    

but then really using "struc" macro in this place is redundant as well, it would be enough to do it like:
Code:
label vIoStackLocation at 0
  label .MajorFunction byte at 0 ; 00h UCHAR
  label .MinorFunction byte at 1 ; 01h UCHAR
  label .Flags         byte at 2 ; 02h UCHAR
  label .Control       byte at 3 ; 03h UCHAR
  ; ...    


If you wanted "struc" for more flexibility, you would have to use relative addresses instead of absolute ones:
Code:
struc _IO_STACK_LOCATION
{ 
 label .MajorFunction byte at $ ; 00h UCHAR
 label .MinorFunction byte at $+1 ; 01h UCHAR
 label .Flags         byte at $+2 ; 02h UCHAR
 label .Control       byte at $+3 ; 03h UCHAR
 ; ...
}

virtual at 0
 vIoStackLocation _IO_STACK_LOCATION 
end virtual

mov cl, [rax+vIoStackLocation.MajorFunction]

virtual at rax
 aIoStackLocation _IO_STACK_LOCATION
end virtual

mov cl,  [aIoStackLocation.MajorFunction]    

But this still looks terrible, since you calculate all the label addresses manually. This is how the "struc" was intended to be used:
Code:
struc _IO_STACK_LOCATION
{
  .MajorFunction  db ?
  .MinorFunction db ?
  .Flags         db ?
  .Control       db ?
                 dd ? ; padding
  .Parameters    dd 32 dup ?
   virtual at .Parameters
    .Parameters.Create.SecurityContext dq ?
    .Parameters.Create.Options         dd ?
    .Parameters.Create.FileAttributes  dw ?
    .Parameters.Create.ShareAccess     dw ?
    .Parameters.Create.EaLength        dd ?
   end virtual
   virtual at .Parameters
    .Parameters.Read.Length     dd ?
    .Parameters.Read.Key        dd ?
    .Parameters.Read.ByteOffset dd ?
   end virtual
   ; ...
}

virtual at 0
 vIoStackLocation _IO_STACK_LOCATION 
end virtual

mov cl, [rax+vIoStackLocation.MajorFunction]

virtual at rax
 aIoStackLocation _IO_STACK_LOCATION
end virtual

mov cl,  [aIoStackLocation.MajorFunction]    
(definition is incomplete - it's just to show you how to do it).
Post 26 Oct 2010, 13:12
View user's profile Send private message Visit poster's website Reply with quote
Treant



Joined: 09 Oct 2009
Posts: 16
Location: Russia
Treant
Ok, thank, then i will not use struct macro.
Post 26 Oct 2010, 13:23
View user's profile Send private message Reply with quote
Treant



Joined: 09 Oct 2009
Posts: 16
Location: Russia
Treant
Tomasz, may be add feature:
Code:
virtual .Parameters at $
 .Create.SecurityContext dq ?
 .Create.Options         dd ?
 .Create.FileAttributes  dw ?
 .Create.ShareAccess     dw ?
 .Create.EaLength        dd ? 
end virtual
    
Post 26 Oct 2010, 14:14
View user's profile Send private message Reply with quote
Tomasz Grysztar



Joined: 16 Jun 2003
Posts: 7796
Location: Kraków, Poland
Tomasz Grysztar
It seems that you still misunderstand the purpose of fasm's features. "virtual" itself is not any kind of structure declarator, it is a tools to define data at specified address without generating output in file (something like local "org" directive, with generated bytes discarded from output). "struc" macro on the other hand is for the purpose of prepending a name of structure to names starting with dot inside its definition. "struc" is part of preprocessed language, while "virtual" is part of assembler language - they are from different layers. To have nested structures you need to declare a separate "struc" for. Like:
Code:
struc __CreationParameters
{
 .SecurityContext dq ?
 .Options         dd ?
 .FileAttributes  dw ?
 .ShareAccess     dw ?
 .EaLength        dd ?
}


struc _IO_STACK_LOCATION
{
  .MajorFunction  db ?
  .MinorFunction db ?
  .Flags         db ?
  .Control       db ?
                 dd ? ; padding
  .Parameters    dd 32 dup ?
   virtual at .Parameters
    .Parameters.Create __CreationParameters
   end virtual
   ; ...
}    
Post 26 Oct 2010, 15:50
View user's profile Send private message Visit poster's website Reply with quote
Treant



Joined: 09 Oct 2009
Posts: 16
Location: Russia
Treant
How i can upgrade it?
Code:
struc _IO_STATUS_BLOCK
{
 .union0 rb 8 ; 00h union
  virtual at .union0
   .Status rb 4 ; 00h NTSTATUS
           rb 4 ; padding
  end virtual
  virtual at .union0
   .Pointer rb 8 ; 00h POINTER
  end virtual
 .Information rb 8 ; 08h POINTER ULONG
}

struc _KDEVICE_QUEUE_ENTRY
{
 .DeviceListEntry _LIST_ENTRY ; 00h
 .SortKey         rb 4        ; 10h ULONG
 .Inserted        rb 1        ; 14h BOOLEAN
                  rb 3        ; padding
}

struc _DRIVER_OBJECT
{
 .Type             rb 2 ; 00h CSHORT
 .Size             rb 2 ; 02h CSHORT
                   rb 4 ; padding
 .DeviceObject     rb 8 ; 08h POINTER _DEVICE_OBJECT
 .Flags            rb 4 ; 10h ULONG
                   rb 4 ; padding
 .DriverStart      rb 8 ; 18h POINTER
 .DriverSize       rb 8 ; 20h ULONG
 .DriverSection    rb 8 ; 28h POINTER
 .DriverExtension  rb 8 ; 30h POINTER _DRIVER_EXTENSION
 .DriverName       UNICODE_STRING ; 38h
 .HardwareDatabase rb 8 ; 48h POINTER UNICODE_STRING
 .FastIoDispatch   rb 8 ; 50h POINTER _FAST_IO_DISPATCH
 .DriverInit       rb 8 ; 58h POINTER
 .DriverStartIo    rb 8 ; 60h POINTER
 .DriverUnload     rb 8 ; 68h POINTER
 .MajorFunction    rb (IRP_MJ_MAXIMUM_FUNCTION + 1)*8 ; 70h
}

struc _IO_STACK_LOCATION
{
 .MajorFunction rb 1  ; 00h UCHAR
 .MinorFunction rb 1  ; 01h UCHAR
 .Flags         rb 1  ; 02h UCHAR
 .Control       rb 1  ; 03h UCHAR
                rb 4  ; padding
 .Parameters    rb 32 ; 08h union
  virtual at .Parameters
   .Parameters.Create.SecurityContext rb 8 ; 08h POINTER _IO_SECURITY_CONTEXT
   .Parameters.Create.Options         rb 4 ; 10h ULONG
                                      rb 4 ; padding
   .Parameters.Create.FileAttributes  rb 2 ; 18h USHORT POINTER_ALIGNMENT
   .Parameters.Create.ShareAccess     rb 2 ; 1Ah USHORT
                                      rb 4 ; padding
   .Parameters.Create.EaLength        rb 4 ; 20h ULONG POINTER_ALIGNMENT
                                      rb 4 ; padding
  end virtual
  virtual at .Parameters
   .Parameters.Read.Length     rb 4 ; 08h ULONG
                               rb 4 ; padding
   .Parameters.Read.Key        rb 4 ; 10h ULONG POINTER_ALIGNMENT
                               rb 4 ; padding
   .Parameters.Read.ByteOffset rb 8 ; 18h _LARGE_INTEGER <64 bit>
  end virtual
  virtual at .Parameters
   .Parameters.Write.Length     rb 4 ; 08h ULONG
                                rb 4 ; padding
   .Parameters.Write.Key        rb 4 ; 10h ULONG POINTER_ALIGNMENT
                                rb 4 ; padding
   .Parameters.Write.ByteOffset rb 8 ; 18h _LARGE_INTEGER <64 bit>
  end virtual
  virtual at .Parameters
   .Parameters.QueryDirectory.Length               rb 4 ; 08h ULONG
                                                   rb 4 ; padding
   .Parameters.QueryDirectory.FileName             rb 8 ; 10h POINTER _UNICODE_STRING
   .Parameters.QueryDirectory.FileInformationClass rb 4 ; 18h ENUM _FILE_INFORMATION_CLASS
                                                   rb 4 ; padding
   .Parameters.QueryDirectory.FileIndex            rb 4 ; 20h ULONG POINTER_ALIGNMENT
                                                   rb 4 ; padding
  end virtual
  virtual at .Parameters
   .Parameters.NotifyDirectory.Length           rb 4 ; 08h ULONG
                                                rb 4 ; padding
   .Parameters.NotifyDirectory.CompletionFilter rb 4 ; 10h ULONG POINTER_ALIGNMENT
                                                rb 4 ; padding
  end virtual
  virtual at .Parameters
   .Parameters.QueryFile.Length               rb 4 ; 08h ULONG
                                              rb 4 ; padding
   .Parameters.QueryFile.FileInformationClass rb 4 ; 10h ENUM _FILE_INFORMATION_CLASS POINTER_ALIGNMENT
                                              rb 4 ; padding
  end virtual
  virtual at .Parameters
   .Parameters.SetFile.Length               rb 4 ; 08h ULONG
                                            rb 4 ; padding
   .Parameters.SetFile.FileInformationClass rb 4 ; 10h ENUM _FILE_INFORMATION_CLASS POINTER_ALIGNMENT
                                            rb 4 ; padding
   .Parameters.SetFile.FileObject           rb 8 ; 18h POINTER _FILE_OBJECT
   .union0                                  rb 8 ; 20h union
    virtual at .union0
     .Parameters.SetFile.ReplaceIfExists rb 1 ; 20h BOOLEAN
     .Parameters.SetFile.AdvanceOnly     rb 1 ; 21h BOOLEAN
                                         rb 6 ; padding
    end virtual
    virtual at .union0
     .Parameters.SetFile.ClusterCount rb 4 ; 20h ULONG
                                      rb 4 ; padding
    end virtual
    virtual at .union0
     .Parameters.SetFile.DeleteHandle rb 8 ; 20h HANDLE
    end virtual
  end virtual
  virtual at .Parameters
   .Parameters.QueryEa.Length       rb 4 ; 08h ULONG
                                    rb 4 ; padding
   .Parameters.QueryEa.EaList       rb 8 ; 10h POINTER
   .Parameters.QueryEa.EaListLength rb 4 ; 18h ULONG
                                    rb 4 ; padding
   .Parameters.QueryEa.EaIndex      rb 4 ; 20h ULONG POINTER_ALIGNMENT
                                    rb 4 ; padding
  end virtual
  virtual at .Parameters
   .Parameters.SetEa.Length rb 4 ; ULONG
                            rb 4 ; padding
  end virtual
  virtual at .Parameters
   .Parameters.QueryVolume.Length             rb 4 ; 08h ULONG
                                              rb 4 ; padding
   .Parameters.QueryVolume.FsInformationClass rb 4 ; 10h ENUM _FILE_INFORMATION_CLASS POINTER_ALIGNMENT
                                              rb 4 ; padding
  end virtual
  virtual at .Parameters
   .Parameters.DeviceIoControl.OutputBufferLength rb 4 ; 08h ULONG
                                                  rb 4 ; padding
   .Parameters.DeviceIoControl.InputBufferLength  rb 4 ; 10h ULONG POINTER_ALIGNMENT
                                                  rb 4 ; padding
   .Parameters.DeviceIoControl.IoControlCode      rb 4 ; 18h ULONG POINTER_ALIGNMENT
                                                  rb 4 ; padding
   .Parameters.DeviceIoControl.Type3InputBuffer   rb 8 ; 20h POINTER
  end virtual
 .DeviceObject      rb 8 ; 28h POINTER _DEVICE_OBJECT
 .FileObject        rb 8 ; 30h POINTER _FILE_OBJECT
 .CompletionRoutine rb 8 ; 38h POINTER _IO_COMPLETION_ROUTINE
 .Context           rb 8 ; 40h POINTER
}

struc _KAPC
{
 .Type            rb 1 ; 00h UCHAR
 .SpareByte0      rb 1 ; 01h UCHAR
 .Size            rb 1 ; 02h UCHAR
 .SpareByte1      rb 1 ; 03h UCHAR
 .SpareLong0      rb 4 ; 04h ULONG
 .Thread          rb 8 ; 8h POINTER _KTHREAD
 .ApcListEntry    _LIST_ENTRY ; 10h
 .KernelRoutine   rb 8 ; 20h POINTER
 .RundownRoutine  rb 8 ; 28h POINTER
 .NormalRoutine   rb 8 ; 30h POINTER
 .NormalContext   rb 8 ; 38h POINTER
 .SystemArgument1 rb 8 ; 40h POINTER
 .SystemArgument2 rb 8 ; 48h POINTER
 .ApcStateIndex   rb 1 ; 50h CCHAR
 .ApcMode         rb 1 ; 51h KPROCESSOR_MODE
 .Inserted        rb 1 ; 52h BOOLEAN
                  rb 5 ; padding
}

struc _IRP
{
 .Type           rb 2 ; 00h CSHORT
 .Size           rb 2 ; 02h CSHORT
                 rb 4 ; padding
 .MdlAddress     rb 8 ; 08h POINTER _MDL
 .Flags          rb 4 ; 10h ULONG
                 rb 4 ; padding
 .AssociatedIrp  rb 8 ; 18h union
  virtual at .AssociatedIrp
   .AssociatedIrp.MasterIrp rb 8 ; 18h POINTER _IRP
  end virtual
  virtual at .AssociatedIrp
   .AssociatedIrp.IrpCount rb 4 ; 18h LONG
                           rb 4 ; padding
  end virtual
  virtual at .AssociatedIrp
   .AssociatedIrp.SystemBuffer rb 8 ; 18h POINTER
  end virtual

 .ThreadListEntry _LIST_ENTRY ; 20h
 .IoStatus        _IO_STATUS_BLOCK ; 30h
 .RequestorMode   rb 1  ; 40h KPROCESSOR_MODE
 .PendingReturned rb 1  ; 41h BOOLEAN
 .StackCount      rb 1  ; 42h CHAR
 .CurrentLocation rb 1  ; 43h CHAR
 .Cancel          rb 1  ; 44h BOOLEAN
 .CancelIrql      rb 1  ; 45h KIRQL
 .ApcEnvironment  rb 1  ; 46h CCHAR
 .AllocationFlags rb 1  ; 47h UCHAR
 .UserIosb        rb 8  ; 48h POINTER _IO_STATUS_BLOCK
 .UserEvent       rb 8  ; 50h POINTER _KEVENT
 .Overlay         rb 16 ; 58h union
  virtual at .Overlay
   .union0 rb 8 ; 58h union
    virtual at .union0
     .Overlay.AsynchronousParameters.UserApcRoutine rb 8 ; 58h POINTER
    end virtual
    virtual at .union0
     .Overlay.AsynchronousParameters.IssuingProcess rb 8 ; 58h POINTER
    end virtual
   .Overlay.AsynchronousParameters.UserApcContext rb 8 ; 60h POINTER
  end virtual
  virtual at .Overlay
   .Overlay.AllocationSize rb 8 ; 58h _LARGE_INTEGER <64 bit>
  end virtual
 .CancelRoutine rb 8   ; 68h POINTER
 .UserBuffer    rb 8   ; 70h POINTER
 .Tail          rb 58h ; 78h union ??
  virtual at .Tail
   .union1 rb 32 ; 78h union
    virtual at .union1
     .Tail.Overlay.DeviceQueueEntry _KDEVICE_QUEUE_ENTRY ; 78h
    end virtual
    virtual at .union1
     .Tail.Overlay.DriverContext rb 8*4 ; 78h POINTER[4]
    end virtual
   .Tail.Overlay.Thread          rb 8        ; 98h POINTER _ETHREAD
   .Tail.Overlat.AuxiliaryBuffer rb 8        ; A0h POINTER CHAR
   .Tail.Overlay.ListEntry       _LIST_ENTRY ; A8h
   .union2                       rb 8        ; B8h union
    virtual at .union2
     .Tail.Overlay.CurrentStackLocation rb 8 ; B8h POINTER _IO_STACK_LOCATION
    end virtual
    virtual at .union2
     .Tail.Overlay.PacketType rb 4 ; B8h ULONG
                              rb 4 ; padding
    end virtual
   .Tail.Overlay.OriginalFileObject rb 8 ; C0h POINTER _FILE_OBJECT
  end virtual
  virtual at .Tail
   .Tail.Apc _KAPC ; 78h
  end virtual
  virtual at .Tail
   .Tail.CompletionKey rb 8 ; 78h POINTER
  end virtual
}
    
Post 26 Oct 2010, 21:04
View user's profile Send private message Reply with quote
baldr



Joined: 19 Mar 2008
Posts: 1651
baldr
Treant,

You may move virtuals toward the head and scoop some bytes in source skipping « at .union0» part. Padding isn't needed too (it's discarded, without any apparent effect — unless memory-wise). Same for the following.

Is there a real problem that you're going to solve with struc directive instead of struct macro?
Post 26 Oct 2010, 21:19
View user's profile Send private message Reply with quote
Treant



Joined: 09 Oct 2009
Posts: 16
Location: Russia
Treant
Quote:
Is there a real problem that you're going to solve with struc directive instead of struct macro?

I don't know, without include dependence - no problem, but in struc macro too much is not enough.
For example this sample:
Code:
struct tst
 union tst0
  struc tst1
   union
    struct
     tst3 dd 0
    ends
    tst2 dd 0
   ends
  ends
 ends
ends

teststruct tst
    
Post 26 Oct 2010, 21:42
View user's profile Send private message Reply with quote
Treant



Joined: 09 Oct 2009
Posts: 16
Location: Russia
Treant
Many topics about structures.
Apparently this is a big problem...
Post 26 Oct 2010, 21:47
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  
Goto page Previous  1, 2

< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar. Also on GitHub, YouTube, Twitter.

Website powered by rwasa.