lkd> dt fltmgr!_GLOBALS
+0x000 DebugFlags : Uint4B
+0x008 TraceFlags : Uint8B
+0x010 GFlags : Uint4B
+0x018 RegHandle : Uint8B
+0x020 NumProcessors : Uint4B
+0x024 CacheLineSize : Uint4B
+0x028 AlignedInstanceTrackingListSize : Uint4B
+0x02c ControlDeviceObject : Ptr32 _DEVICE_OBJECT
+0x030 DriverObject : Ptr32 _DRIVER_OBJECT
+0x034 KtmTransactionManagerHandle : Ptr32 Void
+0x038 TxVolKtmResourceManagerHandle : Ptr32 Void
+0x03c TxVolKtmResourceManager : Ptr32 _KRESOURCEMANAGER
+0x040 FrameList : _FLT_RESOURCE_LIST_HEAD
+0x084 Phase2InitLock : _FAST_MUTEX
+0x0a4 RegistryPath : _UNICODE_STRING
+0x0ac RegistryPathBuffer : [160] Wchar
+0x1ec GlobalVolumeOperationLock : Ptr32 _EX_PUSH_LOCK_CACHE_AWARE
+0x1f0 FltpServerPortObjectType : Ptr32 _OBJECT_TYPE
+0x1f4 FltpCommunicationPortObjectType : Ptr32 _OBJECT_TYPE
+0x1f8 MsgDeviceObject : Ptr32 _DEVICE_OBJECT
+0x200 ManualDeviceAttachTimer : _KTIMER
+0x228 ManualDeviceAttachTimerDpc : _KDPC
+0x248 ManualDeviceAttachWork : _WORK_QUEUE_ITEM
+0x258 ManualDeviceAttachLimit : Int4B
+0x25c ManualDeviceAttachDelay : Int4B
+0x280 TargetedIoCtrlLookasideList : _NPAGED_LOOKASIDE_LIST
+0x300 IoDeviceHintLookasideList : _PAGED_LOOKASIDE_LIST
+0x380 StreamListCtrlLookasideList : _NPAGED_LOOKASIDE_LIST
+0x400 FileListCtrlLookasideList : _NPAGED_LOOKASIDE_LIST
+0x480 NameCacheCreateCtrlLookasideList : _NPAGED_LOOKASIDE_LIST
+0x500 AsyncIoContextLookasideList : _NPAGED_LOOKASIDE_LIST
+0x580 WorkItemLookasideList : _NPAGED_LOOKASIDE_LIST
+0x600 NameControlLookasideList : _NPAGED_LOOKASIDE_LIST
+0x680 OperationStatusCtrlLookasideList : _NPAGED_LOOKASIDE_LIST
+0x700 NameGenerationContextLookasideList : _NPAGED_LOOKASIDE_LIST
+0x780 FileLockLookasideList : _PAGED_LOOKASIDE_LIST
+0x800 TxnParameterBlockLookasideList : _NPAGED_LOOKASIDE_LIST
+0x880 TxCtxExtensionNPagedLookasideList : _NPAGED_LOOKASIDE_LIST
+0x900 TxVolCtxLookasideList : _NPAGED_LOOKASIDE_LIST
+0x980 TxVolStreamListCtrlEntryLookasideList : _PAGED_LOOKASIDE_LIST
+0xa00 SectionListCtrlLookasideList : _NPAGED_LOOKASIDE_LIST
+0xa80 SectionCtxExtensionLookasideList : _NPAGED_LOOKASIDE_LIST
+0xb00 FltpParameterOffsetTable : [28]
+0xbe0 ThrottledWorkCtrl : _THROTTLED_WORK_ITEM_CTRL
+0xc74 Stats : _FLT_STATS
+0xce8 LostItemDelayInSeconds : Uint4B
+0xcec VerifiedFiltersList : _LIST_ENTRY
+0xcf4 VerifiedFiltersLock : Uint4B
+0xcf8 VerifiedResourceLinkFailures : Int4B
+0xcfc VerifiedResourceUnlinkFailures : Int4B
+0xd00 PerfTraceRoutines : Ptr32 _WMI_FLTIO_NOTIFY_ROUTINES
+0xd04 DummyPerfTraceRoutines : _WMI_FLTIO_NOTIFY_ROUTINES
+0xd18 RenameCounter : _LARGE_INTEGER
+0xd20 FilterSupportedFeaturesMode : Int4B
lkd> dt fltmgr!_FLT_FILTER
+0x000 Base : _FLT_OBJECT
+0x014 Frame : Ptr32 _FLTP_FRAME
+0x018 Name : _UNICODE_STRING
+0x020 DefaultAltitude : _UNICODE_STRING
+0x028 Flags : _FLT_FILTER_FLAGS
+0x02c DriverObject : Ptr32 _DRIVER_OBJECT
+0x030 InstanceList : _FLT_RESOURCE_LIST_HEAD
+0x074 VerifierExtension : Ptr32 _FLT_VERIFIER_EXTENSION
+0x078 VerifiedFiltersLink : _LIST_ENTRY
+0x080 FilterUnload : Ptr32 long
+0x084 InstanceSetup : Ptr32 long
+0x088 InstanceQueryTeardown : Ptr32 long
+0x08c InstanceTeardownStart : Ptr32 void
+0x090 InstanceTeardownComplete : Ptr32 void
+0x094 SupportedContextsListHead : Ptr32 _ALLOCATE_CONTEXT_HEADER
+0x098 SupportedContexts : [7] Ptr32 _ALLOCATE_CONTEXT_HEADER
+0x0b4 PreVolumeMount : Ptr32 _FLT_PREOP_CALLBACK_STATUS
+0x0b8 PostVolumeMount : Ptr32 _FLT_POSTOP_CALLBACK_STATUS
+0x0bc GenerateFileName : Ptr32 long
+0x0c0 NormalizeNameComponent : Ptr32 long
+0x0c4 NormalizeNameComponentEx : Ptr32 long
+0x0c8 NormalizeContextCleanup : Ptr32 void
+0x0cc KtmNotification : Ptr32 long
+0x0d0 SectionNotification : Ptr32 long
+0x0d4 Operations : Ptr32 _FLT_OPERATION_REGISTRATION
+0x0d8 OldDriverUnload : Ptr32 void
+0x0dc ActiveOpens : _FLT_MUTEX_LIST_HEAD
+0x108 ConnectionList : _FLT_MUTEX_LIST_HEAD
+0x134 PortList : _FLT_MUTEX_LIST_HEAD
+0x160 PortLock : _EX_PUSH_LOCK
lkd> dt fltmgr!_FLTP_FRAME
+0x000 Type : _FLT_TYPE
+0x004 Links : _LIST_ENTRY
+0x00c FrameID : Uint4B
+0x010 AltitudeIntervalLow : _UNICODE_STRING
+0x018 AltitudeIntervalHigh : _UNICODE_STRING
+0x020 LargeIrpCtrlStackSize : UChar
+0x021 SmallIrpCtrlStackSize : UChar
+0x024 RegisteredFilters : _FLT_RESOURCE_LIST_HEAD
+0x068 AttachedVolumes : _FLT_RESOURCE_LIST_HEAD
+0x0ac MountingVolumes : _LIST_ENTRY
+0x0b4 AttachedFileSystems : _FLT_MUTEX_LIST_HEAD
+0x0e0 ZombiedFltObjectContexts : _FLT_MUTEX_LIST_HEAD
+0x10c KtmResourceManagerHandle : Ptr32 Void
+0x110 KtmResourceManager : Ptr32 _KRESOURCEMANAGER
+0x114 FilterUnloadLock : _ERESOURCE
+0x14c DeviceObjectAttachLock : _FAST_MUTEX
+0x16c Prcb : Ptr32 _FLT_PRCB
+0x170 PrcbPoolToFree : Ptr32 Void
+0x174 LookasidePoolToFree : Ptr32 Void
+0x178 IrpCtrlStackProfiler : _FLTP_IRPCTRL_STACK_PROFILER
+0x240 SmallIrpCtrlLookasideList : _NPAGED_LOOKASIDE_LIST
+0x2c0 LargeIrpCtrlLookasideList : _NPAGED_LOOKASIDE_LIST
+0x310 ReserveIrpCtrls : _RESERVE_IRPCTRL
lkd> dt fltmgr!_FLT_OPERATION_REGISTRATION
+0x000 MajorFunction : UChar
+0x004 Flags : Uint4B
+0x008 PreOperation : Ptr32 _FLT_PREOP_CALLBACK_STATUS
+0x00c PostOperation : Ptr32 _FLT_POSTOP_CALLBACK_STATUS
+0x010 Reserved1 : Ptr32 Void
lkd> dt fltmgr!_FLT_INSTANCE
+0x000 Base : _FLT_OBJECT
+0x014 OperationRundownRef : Ptr32 _EX_RUNDOWN_REF_CACHE_AWARE
+0x018 Volume : Ptr32 _FLT_VOLUME
+0x01c Filter : Ptr32 _FLT_FILTER
+0x020 Flags : _FLT_INSTANCE_FLAGS
+0x024 Altitude : _UNICODE_STRING
+0x02c Name : _UNICODE_STRING
+0x034 FilterLink : _LIST_ENTRY
+0x03c ContextLock : _EX_PUSH_LOCK
+0x040 Context : Ptr32 _CONTEXT_NODE
+0x044 TransactionContexts : _CONTEXT_LIST_CTRL
+0x048 TrackCompletionNodes : Ptr32 _TRACK_COMPLETION_NODES
+0x04c CallbackNodes : [50] Ptr32 _CALLBACK_NODE
lkd> dt fltmgr!_CALLBACK_NODE
+0x000 CallbackLinks : _LIST_ENTRY
+0x008 Instance : Ptr32 _FLT_INSTANCE
+0x00c PreOperation : Ptr32 _FLT_PREOP_CALLBACK_STATUS
+0x010 PostOperation : Ptr32 _FLT_POSTOP_CALLBACK_STATUS
+0x00c GenerateFileName : Ptr32 long
+0x00c NormalizeNameComponent : Ptr32 long
+0x00c NormalizeNameComponentEx : Ptr32 long
+0x010 NormalizeContextCleanup : Ptr32 void
+0x014 Flags : _CALLBACK_NODE_FLAGS
lkd> dt fltmgr!_FLT_VOLUME
+0x000 Base : _FLT_OBJECT
+0x014 Flags : _FLT_VOLUME_FLAGS
+0x018 FileSystemType : _FLT_FILESYSTEM_TYPE
+0x01c DeviceObject : Ptr32 _DEVICE_OBJECT
+0x020 DiskDeviceObject : Ptr32 _DEVICE_OBJECT
+0x024 FrameZeroVolume : Ptr32 _FLT_VOLUME
+0x028 VolumeInNextFrame : Ptr32 _FLT_VOLUME
+0x02c Frame : Ptr32 _FLTP_FRAME
+0x030 DeviceName : _UNICODE_STRING
+0x038 GuidName : _UNICODE_STRING
+0x040 CDODeviceName : _UNICODE_STRING
+0x048 CDODriverName : _UNICODE_STRING
+0x050 InstanceList : _FLT_RESOURCE_LIST_HEAD
+0x094 Callbacks : _CALLBACK_CTRL
+0x2ec ContextLock : _EX_PUSH_LOCK
+0x2f0 VolumeContexts : _CONTEXT_LIST_CTRL
+0x2f4 StreamListCtrls : _FLT_RESOURCE_LIST_HEAD
+0x338 FileListCtrls : _FLT_RESOURCE_LIST_HEAD
+0x380 NameCacheCtrl : _NAME_CACHE_VOLUME_CTRL
+0x420 MountNotifyLock : _ERESOURCE
+0x458 TargetedOpenActiveCount : Int4B
+0x45c TxVolContextListLock : _EX_PUSH_LOCK
+0x460 TxVolContexts : _TREE_ROOT
+0x464 SupportedFeatures : Int4B
пятница, 2 марта 2012 г.
w8 consumer preview FLTMGR structs
It seems that wincheck cannot dump fltmgr callback nodes on consumer preview version of windows 8
Комментариев нет:
Отправить комментарий