flat assembler
Message board for the users of flat assembler.

Index > Windows > IoGetCurrentIrpStackLocation function

Author
Thread Post new topic Reply to topic
marcinzabrze12



Joined: 07 Aug 2011
Posts: 61
marcinzabrze12 10 Sep 2012, 22:45
I need to use IoGetCurrentIrpStackLocation routine but i dont know which library contain it - someone know it ?
msdn says only that i need to headers wdm.h ntddk.h - i dont know c++ and i use the fasm not c++.
Looked in sourse of this headers (wdm.h, ntddk.h, ntifs.h) and i cant find nothing about IoGetCurrentIrpStackLocation Twisted Evil
Post 10 Sep 2012, 22:45
View user's profile Send private message Send e-mail Reply with quote
typedef



Joined: 25 Jul 2010
Posts: 2909
Location: 0x77760000
typedef 10 Sep 2012, 23:14
ntddk.h is not C++. It's C.

BTW, there's a DDK.inc somewhere on this board someone made. Wink
Post 10 Sep 2012, 23:14
View user's profile Send private message Reply with quote
marcinzabrze12



Joined: 07 Aug 2011
Posts: 61
marcinzabrze12 10 Sep 2012, 23:20
I know that DDK.INC its here and i have it but it DDK.INC nont cotain this function.
That more this DDK.INC (from this board) contains bad definition of IO_STACK_LOCATION structure.
Post 10 Sep 2012, 23:20
View user's profile Send private message Send e-mail Reply with quote
typedef



Joined: 25 Jul 2010
Posts: 2909
Location: 0x77760000
typedef 10 Sep 2012, 23:29
Code:
#define IoGetCurrentIrpStackLocation( Irp ) ( (Irp)->Tail.Overlay.CurrentStackLocation )
    


It's macro not a function.

link:
http://valhalla.bofh.pl/~l4mer/WDM/IoCallDriver.htm


Last edited by typedef on 10 Sep 2012, 23:33; edited 1 time in total
Post 10 Sep 2012, 23:29
View user's profile Send private message Reply with quote
marcinzabrze12



Joined: 07 Aug 2011
Posts: 61
marcinzabrze12 10 Sep 2012, 23:43
Very nice Evil or Very Mad because i dont know c++. Can U or someone translate it to assembly.
------------------------------------------------------------------------------------
OK. I found it Very Happy its a give to me value of field CurrentStackLocation from IRP structure.
Thanx for help typedef.
I download DDK.INC one more time and IO_STACK_LOCATION is ok now.
It's was my mistake probably.
Post 10 Sep 2012, 23:43
View user's profile Send private message Send e-mail Reply with quote
typedef



Joined: 25 Jul 2010
Posts: 2909
Location: 0x77760000
typedef 11 Sep 2012, 00:07
Glad to help out. Wink
Post 11 Sep 2012, 00:07
View user's profile Send private message Reply with quote
marcinzabrze12



Joined: 07 Aug 2011
Posts: 61
marcinzabrze12 11 Sep 2012, 01:09
Just look at this: DDK\INCLUDE\DDK\ntddk.inc from http://board.flatassembler.net/topic.php?t=10009 and then compare definition of IO_STACK_LOCATION and IRP structure in this file with this same definition from MSDN Twisted Evil
And now tell me where in definition of structure IRP from this DDK.INC i can find field
(Irp)->Tail.Overlay.CurrentStackLocation ???

In definition of structure IO_STACK_LOCATION should't be:
Code:
struct IO_STACK_LOCATION
  MajorFunction db ?
  MinorFunction db ?
  Flags         db ?
  Control       db ?

  union
        ;
        ; Parameters for IRP_MJ_CREATE
        ;
        struct
            Parameters.SecurityContext dd ?
            Parameters.Options         dd ?
            Parameters.FileAttributes  dw ?
            Parameters.ShareAccess     dw ?
            Parameters.EaLength        dd ?
        ends
        ;
        ; Parameters for IRP_MJ_READ and IRP_MJ_WRITE
        ;
        struct
            Parameters.Length01        dd ?
            Parameters.Key             dd ?
            Parameters.ByteOffset      dq ?
        ends
;    ........
     ends
;   ......
ends
    


instead of

Code:
struct IO_STACK_LOCATION
  MajorFunction db ?
  MinorFunction db ?
  Flags         db ?
  Control       db ?

  union
        ;
        ; Parameters for IRP_MJ_CREATE
        ;
        struct
            SecurityContext dd ?
            Options         dd ?
            FileAttributes  dw ?
            ShareAccess     dw ?
            EaLength        dd ?
        ends
        ;
        ; Parameters for IRP_MJ_READ and IRP_MJ_WRITE
        ;
        struct
            Length01        dd ?
            Key             dd ?
            ByteOffset      dq ?
        ends
;        .........
     ends
ends
    


??????
Besides i have seen that autor of this DDK have doubts like me in definition fields FILE_INFORMATION_CLASS - all this line are mark "???????"
Post 11 Sep 2012, 01:09
View user's profile Send private message Send e-mail Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2025, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.