flat assembler
Message board for the users of flat assembler.

Index > Windows > IO_STACK_LOCATION structure definition

Author
Thread Post new topic Reply to topic
marcinzabrze12



Joined: 07 Aug 2011
Posts: 61
marcinzabrze12 10 Sep 2012, 21:19
I need to definition of IO_STACK_LOCATION structure in fasm.
I can't define myself because description from MSDN contents field FILE_INFORMATION_CLASS - i can not understand this definition.
Thanx for help and sorry for my english Smile
--------------------------------------------------------------------------
edit:
Because this field "FILE_INFORMATION_CLASS" its a union - at now i was skiped it in my definition of IO_STACK_LOCATION but i have to end it last for ever so give to me an example how to define some *CLASS in assembly.
Post 10 Sep 2012, 21:19
View user's profile Send private message Send e-mail Reply with quote
AsmGuru62



Joined: 28 Jan 2004
Posts: 1635
Location: Toronto, Canada
AsmGuru62 11 Sep 2012, 01:43
Union contains structures.
Simply make each structure definition OUTSIDE of the IO_STACK_LOCATION.
Then find out the largest size of these structures in the union.
Then add room for that many bytes instead of that union.
That should do it (in theory).
Post 11 Sep 2012, 01:43
View user's profile Send private message Send e-mail Reply with quote
typedef



Joined: 25 Jul 2010
Posts: 2909
Location: 0x77760000
typedef 11 Sep 2012, 01:52
AsmGuru62 wrote:
Union contains structures.
Simply make each structure definition OUTSIDE of the IO_STACK_LOCATION.
Then find out the largest size of these structures in the union.
Then add room for that many bytes instead of that union.
That should do it (in theory).


Give him an example perhaps. Wink
Post 11 Sep 2012, 01:52
View user's profile Send private message Reply with quote
marcinzabrze12



Joined: 07 Aug 2011
Posts: 61
marcinzabrze12 11 Sep 2012, 05:12
In this case something like that:
Code:
name_of_structure.structure_in_union.field_1    
will be imposible ...
Post 11 Sep 2012, 05:12
View user's profile Send private message Send e-mail Reply with quote
typedef



Joined: 25 Jul 2010
Posts: 2909
Location: 0x77760000
typedef 11 Sep 2012, 05:31
Yes, because the memory will be big enough for all the structures contained therein.


Consider this
Code:
struct a { x, y, z}; // 3 bytes
struct b { x, y}    // 2 bytes

union structs
{
  a A;
  b B;
}
    


The size of the union will be equal to that of structure a, since it is the largest.

Basically you can access up to 3 bytes in that union because the storage is the same. After all, that's the maximum of how much you wanted.

Your structures just tell the System how many bytes to read from the same storage/memory.

Read this: http://tigcc.ticalc.org/doc/keywords.html#union
Post 11 Sep 2012, 05:31
View user's profile Send private message Reply with quote
marcinzabrze12



Joined: 07 Aug 2011
Posts: 61
marcinzabrze12 11 Sep 2012, 05:54
Yes it's obvious for me. So before I begin read MSDN describ of structures i simply run calc.exe ... Confused
-------------------------------------------------------------------------------------
Edit: one more question - Look at MSDN definition of IRP structure.
First two fields is a simply dot.
Code:
typedef struct _IRP {
  .
  .
  PMDL  MdlAddress;
;  ... rest of structure
}
    



Where is writed that it's means:
Code:
 
struct   IRP
   Type     dw ?
   Size      dw ?
   MdlAddress dd ?
;    ... rest of structure 
ends
    
Post 11 Sep 2012, 05:54
View user's profile Send private message Send e-mail Reply with quote
typedef



Joined: 25 Jul 2010
Posts: 2909
Location: 0x77760000
typedef 11 Sep 2012, 09:26
Can you post the link to the MSDN page you are referring to?
Post 11 Sep 2012, 09:26
View user's profile Send private message Reply with quote
marcinzabrze12



Joined: 07 Aug 2011
Posts: 61
marcinzabrze12 11 Sep 2012, 14:18
Post 11 Sep 2012, 14:18
View user's profile Send private message Send e-mail Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20360
Location: In your JS exploiting you and your system
revolution 11 Sep 2012, 14:25
The dots represent obscured data fields. MS does not publish the information stored in those hidden fields.

The number of dots does not correlate with anything except to show one or more hidden fields of unknown size. You will have to see the Wdm.h file in the DDK/SDK to determine the offsets of the published fields.
Post 11 Sep 2012, 14:25
View user's profile Send private message Visit poster's website Reply with quote
marcinzabrze12



Joined: 07 Aug 2011
Posts: 61
marcinzabrze12 11 Sep 2012, 14:33
Quote:
You will have to see the Wdm.h file in the DDK/SDK to determine the offsets of the published fields.


Thanx Revolution now its more clear for me. Everywhere C++ Twisted Evil
Post 11 Sep 2012, 14:33
View user's profile Send private message Send e-mail Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.