Script just try to find WdfFunctions in loaded IDB, extract size and add appropriate version of WDFFUNCTIONS structure. Supported following 32bit versions:
- vista (size 0x183)
- w7 (size 0x18c)
- w8 (size 0x1b0)
#include <idc.idc>
static add_struct(size)
{
auto id;
id = AddStrucEx(-1,"WDFFUNCTIONS",0);
if ( -1 == id )
id = GetStrucIdByName("WDFFUNCTIONS");
if ( -1 == id )
return -1;
AddStrucMember(id,"pfnWdfChildListCreate", 0X0, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfChildListGetDevice", 0X4, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfChildListRetrievePdo", 0X8, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfChildListRetrieveAddressDescription", 0XC, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfChildListBeginScan", 0X10, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfChildListEndScan", 0X14, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfChildListBeginIteration", 0X18, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfChildListRetrieveNextDevice", 0X1C, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfChildListEndIteration", 0X20, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfChildListAddOrUpdateChildDescriptionAsPresent", 0X24, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfChildListUpdateChildDescriptionAsMissing", 0X28, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfChildListUpdateAllChildDescriptionsAsPresent", 0X2C, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfChildListRequestChildEject", 0X30, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfCollectionCreate", 0X34, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfCollectionGetCount", 0X38, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfCollectionAdd", 0X3C, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfCollectionRemove", 0X40, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfCollectionRemoveItem", 0X44, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfCollectionGetItem", 0X48, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfCollectionGetFirstItem", 0X4C, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfCollectionGetLastItem", 0X50, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfCommonBufferCreate", 0X54, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfCommonBufferGetAlignedVirtualAddress", 0X58, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfCommonBufferGetAlignedLogicalAddress", 0X5C, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfCommonBufferGetLength", 0X60, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfControlDeviceInitAllocate", 0X64, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfControlDeviceInitSetShutdownNotification", 0X68, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfControlFinishInitializing", 0X6C, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfDeviceGetDeviceState", 0X70, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfDeviceSetDeviceState", 0X74, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfWdmDeviceGetWdfDeviceHandle", 0X78, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfDeviceWdmGetDeviceObject", 0X7C, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfDeviceWdmGetAttachedDevice", 0X80, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfDeviceWdmGetPhysicalDevice", 0X84, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfDeviceWdmDispatchPreprocessedIrp", 0X88, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfDeviceAddDependentUsageDeviceObject", 0X8C, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfDeviceAddRemovalRelationsPhysicalDevice", 0X90, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfDeviceRemoveRemovalRelationsPhysicalDevice", 0X94, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfDeviceClearRemovalRelationsDevices", 0X98, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfDeviceGetDriver", 0X9C, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfDeviceRetrieveDeviceName", 0XA0, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfDeviceAssignMofResourceName", 0XA4, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfDeviceGetIoTarget", 0XA8, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfDeviceGetDevicePnpState", 0XAC, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfDeviceGetDevicePowerState", 0XB0, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfDeviceGetDevicePowerPolicyState", 0XB4, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfDeviceAssignS0IdleSettings", 0XB8, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfDeviceAssignSxWakeSettings", 0XBC, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfDeviceOpenRegistryKey", 0XC0, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfDeviceSetSpecialFileSupport", 0XC4, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfDeviceSetCharacteristics", 0XC8, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfDeviceGetCharacteristics", 0XCC, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfDeviceGetAlignmentRequirement", 0XD0, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfDeviceSetAlignmentRequirement", 0XD4, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfDeviceInitFree", 0XD8, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfDeviceInitSetPnpPowerEventCallbacks", 0XDC, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfDeviceInitSetPowerPolicyEventCallbacks", 0XE0, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfDeviceInitSetPowerPolicyOwnership", 0XE4, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfDeviceInitRegisterPnpStateChangeCallback", 0XE8, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfDeviceInitRegisterPowerStateChangeCallback", 0XEC, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfDeviceInitRegisterPowerPolicyStateChangeCallback", 0XF0, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfDeviceInitSetIoType", 0XF4, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfDeviceInitSetExclusive", 0XF8, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfDeviceInitSetPowerNotPageable", 0XFC, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfDeviceInitSetPowerPageable", 0X100, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfDeviceInitSetPowerInrush", 0X104, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfDeviceInitSetDeviceType", 0X108, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfDeviceInitAssignName", 0X10C, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfDeviceInitAssignSDDLString", 0X110, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfDeviceInitSetDeviceClass", 0X114, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfDeviceInitSetCharacteristics", 0X118, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfDeviceInitSetFileObjectConfig", 0X11C, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfDeviceInitSetRequestAttributes", 0X120, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfDeviceInitAssignWdmIrpPreprocessCallback", 0X124, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfDeviceInitSetIoInCallerContextCallback", 0X128, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfDeviceCreate", 0X12C, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfDeviceSetStaticStopRemove", 0X130, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfDeviceCreateDeviceInterface", 0X134, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfDeviceSetDeviceInterfaceState", 0X138, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfDeviceRetrieveDeviceInterfaceString", 0X13C, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfDeviceCreateSymbolicLink", 0X140, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfDeviceQueryProperty", 0X144, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfDeviceAllocAndQueryProperty", 0X148, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfDeviceSetPnpCapabilities", 0X14C, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfDeviceSetPowerCapabilities", 0X150, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfDeviceSetBusInformationForChildren", 0X154, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfDeviceIndicateWakeStatus", 0X158, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfDeviceSetFailed", 0X15C, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfDeviceStopIdle", 0X160, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfDeviceResumeIdle", 0X164, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfDeviceGetFileObject", 0X168, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfDeviceEnqueueRequest", 0X16C, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfDeviceGetDefaultQueue", 0X170, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfDeviceConfigureRequestDispatching", 0X174, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfDmaEnablerCreate", 0X178, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfDmaEnablerGetMaximumLength", 0X17C, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfDmaEnablerGetMaximumScatterGatherElements", 0X180, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfDmaEnablerSetMaximumScatterGatherElements", 0X184, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfDmaTransactionCreate", 0X188, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfDmaTransactionInitialize", 0X18C, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfDmaTransactionInitializeUsingRequest", 0X190, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfDmaTransactionExecute", 0X194, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfDmaTransactionRelease", 0X198, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfDmaTransactionDmaCompleted", 0X19C, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfDmaTransactionDmaCompletedWithLength", 0X1A0, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfDmaTransactionDmaCompletedFinal", 0X1A4, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfDmaTransactionGetBytesTransferred", 0X1A8, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfDmaTransactionSetMaximumLength", 0X1AC, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfDmaTransactionGetRequest", 0X1B0, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfDmaTransactionGetCurrentDmaTransferLength", 0X1B4, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfDmaTransactionGetDevice", 0X1B8, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfDpcCreate", 0X1BC, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfDpcEnqueue", 0X1C0, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfDpcCancel", 0X1C4, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfDpcGetParentObject", 0X1C8, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfDpcWdmGetDpc", 0X1CC, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfDriverCreate", 0X1D0, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfDriverGetRegistryPath", 0X1D4, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfDriverWdmGetDriverObject", 0X1D8, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfDriverOpenParametersRegistryKey", 0X1DC, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfWdmDriverGetWdfDriverHandle", 0X1E0, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfDriverRegisterTraceInfo", 0X1E4, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfDriverRetrieveVersionString", 0X1E8, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfDriverIsVersionAvailable", 0X1EC, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfFdoInitWdmGetPhysicalDevice", 0X1F0, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfFdoInitOpenRegistryKey", 0X1F4, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfFdoInitQueryProperty", 0X1F8, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfFdoInitAllocAndQueryProperty", 0X1FC, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfFdoInitSetEventCallbacks", 0X200, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfFdoInitSetFilter", 0X204, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfFdoInitSetDefaultChildListConfig", 0X208, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfFdoQueryForInterface", 0X20C, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfFdoGetDefaultChildList", 0X210, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfFdoAddStaticChild", 0X214, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfFdoLockStaticChildListForIteration", 0X218, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfFdoRetrieveNextStaticChild", 0X21C, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfFdoUnlockStaticChildListFromIteration", 0X220, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfFileObjectGetFileName", 0X224, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfFileObjectGetFlags", 0X228, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfFileObjectGetDevice", 0X22C, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfFileObjectWdmGetFileObject", 0X230, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfInterruptCreate", 0X234, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfInterruptQueueDpcForIsr", 0X238, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfInterruptSynchronize", 0X23C, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfInterruptAcquireLock", 0X240, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfInterruptReleaseLock", 0X244, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfInterruptEnable", 0X248, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfInterruptDisable", 0X24C, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfInterruptWdmGetInterrupt", 0X250, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfInterruptGetInfo", 0X254, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfInterruptSetPolicy", 0X258, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfInterruptGetDevice", 0X25C, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfIoQueueCreate", 0X260, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfIoQueueGetState", 0X264, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfIoQueueStart", 0X268, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfIoQueueStop", 0X26C, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfIoQueueStopSynchronously", 0X270, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfIoQueueGetDevice", 0X274, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfIoQueueRetrieveNextRequest", 0X278, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfIoQueueRetrieveRequestByFileObject", 0X27C, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfIoQueueFindRequest", 0X280, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfIoQueueRetrieveFoundRequest", 0X284, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfIoQueueDrainSynchronously", 0X288, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfIoQueueDrain", 0X28C, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfIoQueuePurgeSynchronously", 0X290, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfIoQueuePurge", 0X294, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfIoQueueReadyNotify", 0X298, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfIoTargetCreate", 0X29C, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfIoTargetOpen", 0X2A0, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfIoTargetCloseForQueryRemove", 0X2A4, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfIoTargetClose", 0X2A8, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfIoTargetStart", 0X2AC, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfIoTargetStop", 0X2B0, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfIoTargetGetState", 0X2B4, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfIoTargetGetDevice", 0X2B8, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfIoTargetQueryTargetProperty", 0X2BC, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfIoTargetAllocAndQueryTargetProperty", 0X2C0, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfIoTargetQueryForInterface", 0X2C4, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfIoTargetWdmGetTargetDeviceObject", 0X2C8, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfIoTargetWdmGetTargetPhysicalDevice", 0X2CC, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfIoTargetWdmGetTargetFileObject", 0X2D0, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfIoTargetWdmGetTargetFileHandle", 0X2D4, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfIoTargetSendReadSynchronously", 0X2D8, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfIoTargetFormatRequestForRead", 0X2DC, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfIoTargetSendWriteSynchronously", 0X2E0, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfIoTargetFormatRequestForWrite", 0X2E4, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfIoTargetSendIoctlSynchronously", 0X2E8, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfIoTargetFormatRequestForIoctl", 0X2EC, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfIoTargetSendInternalIoctlSynchronously", 0X2F0, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfIoTargetFormatRequestForInternalIoctl", 0X2F4, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfIoTargetSendInternalIoctlOthersSynchronously", 0X2F8, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfIoTargetFormatRequestForInternalIoctlOthers", 0X2FC, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfMemoryCreate", 0X300, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfMemoryCreatePreallocated", 0X304, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfMemoryGetBuffer", 0X308, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfMemoryAssignBuffer", 0X30C, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfMemoryCopyToBuffer", 0X310, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfMemoryCopyFromBuffer", 0X314, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfLookasideListCreate", 0X318, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfMemoryCreateFromLookaside", 0X31C, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfDeviceMiniportCreate", 0X320, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfDriverMiniportUnload", 0X324, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfObjectGetTypedContextWorker", 0X328, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfObjectAllocateContext", 0X32C, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfObjectContextGetObject", 0X330, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfObjectReferenceActual", 0X334, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfObjectDereferenceActual", 0X338, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfObjectCreate", 0X33C, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfObjectDelete", 0X340, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfObjectQuery", 0X344, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfPdoInitAllocate", 0X348, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfPdoInitSetEventCallbacks", 0X34C, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfPdoInitAssignDeviceID", 0X350, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfPdoInitAssignInstanceID", 0X354, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfPdoInitAddHardwareID", 0X358, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfPdoInitAddCompatibleID", 0X35C, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfPdoInitAddDeviceText", 0X360, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfPdoInitSetDefaultLocale", 0X364, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfPdoInitAssignRawDevice", 0X368, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfPdoMarkMissing", 0X36C, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfPdoRequestEject", 0X370, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfPdoGetParent", 0X374, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfPdoRetrieveIdentificationDescription", 0X378, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfPdoRetrieveAddressDescription", 0X37C, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfPdoUpdateAddressDescription", 0X380, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfPdoAddEjectionRelationsPhysicalDevice", 0X384, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfPdoRemoveEjectionRelationsPhysicalDevice", 0X388, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfPdoClearEjectionRelationsDevices", 0X38C, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfDeviceAddQueryInterface", 0X390, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfRegistryOpenKey", 0X394, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfRegistryCreateKey", 0X398, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfRegistryClose", 0X39C, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfRegistryWdmGetHandle", 0X3A0, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfRegistryRemoveKey", 0X3A4, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfRegistryRemoveValue", 0X3A8, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfRegistryQueryValue", 0X3AC, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfRegistryQueryMemory", 0X3B0, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfRegistryQueryMultiString", 0X3B4, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfRegistryQueryUnicodeString", 0X3B8, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfRegistryQueryString", 0X3BC, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfRegistryQueryULong", 0X3C0, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfRegistryAssignValue", 0X3C4, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfRegistryAssignMemory", 0X3C8, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfRegistryAssignMultiString", 0X3CC, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfRegistryAssignUnicodeString", 0X3D0, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfRegistryAssignString", 0X3D4, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfRegistryAssignULong", 0X3D8, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfRequestCreate", 0X3DC, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfRequestCreateFromIrp", 0X3E0, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfRequestReuse", 0X3E4, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfRequestChangeTarget", 0X3E8, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfRequestFormatRequestUsingCurrentType", 0X3EC, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfRequestWdmFormatUsingStackLocation", 0X3F0, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfRequestSend", 0X3F4, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfRequestGetStatus", 0X3F8, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfRequestMarkCancelable", 0X3FC, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfRequestUnmarkCancelable", 0X400, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfRequestIsCanceled", 0X404, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfRequestCancelSentRequest", 0X408, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfRequestIsFrom32BitProcess", 0X40C, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfRequestSetCompletionRoutine", 0X410, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfRequestGetCompletionParams", 0X414, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfRequestAllocateTimer", 0X418, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfRequestComplete", 0X41C, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfRequestCompleteWithPriorityBoost", 0X420, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfRequestCompleteWithInformation", 0X424, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfRequestGetParameters", 0X428, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfRequestRetrieveInputMemory", 0X42C, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfRequestRetrieveOutputMemory", 0X430, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfRequestRetrieveInputBuffer", 0X434, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfRequestRetrieveOutputBuffer", 0X438, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfRequestRetrieveInputWdmMdl", 0X43C, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfRequestRetrieveOutputWdmMdl", 0X440, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfRequestRetrieveUnsafeUserInputBuffer", 0X444, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfRequestRetrieveUnsafeUserOutputBuffer", 0X448, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfRequestSetInformation", 0X44C, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfRequestGetInformation", 0X450, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfRequestGetFileObject", 0X454, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfRequestProbeAndLockUserBufferForRead", 0X458, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfRequestProbeAndLockUserBufferForWrite", 0X45C, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfRequestGetRequestorMode", 0X460, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfRequestForwardToIoQueue", 0X464, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfRequestGetIoQueue", 0X468, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfRequestRequeue", 0X46C, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfRequestStopAcknowledge", 0X470, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfRequestWdmGetIrp", 0X474, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfIoResourceRequirementsListSetSlotNumber", 0X478, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfIoResourceRequirementsListSetInterfaceType", 0X47C, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfIoResourceRequirementsListAppendIoResList", 0X480, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfIoResourceRequirementsListInsertIoResList", 0X484, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfIoResourceRequirementsListGetCount", 0X488, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfIoResourceRequirementsListGetIoResList", 0X48C, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfIoResourceRequirementsListRemove", 0X490, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfIoResourceRequirementsListRemoveByIoResList", 0X494, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfIoResourceListCreate", 0X498, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfIoResourceListAppendDescriptor", 0X49C, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfIoResourceListInsertDescriptor", 0X4A0, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfIoResourceListUpdateDescriptor", 0X4A4, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfIoResourceListGetCount", 0X4A8, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfIoResourceListGetDescriptor", 0X4AC, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfIoResourceListRemove", 0X4B0, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfIoResourceListRemoveByDescriptor", 0X4B4, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfCmResourceListAppendDescriptor", 0X4B8, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfCmResourceListInsertDescriptor", 0X4BC, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfCmResourceListGetCount", 0X4C0, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfCmResourceListGetDescriptor", 0X4C4, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfCmResourceListRemove", 0X4C8, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfCmResourceListRemoveByDescriptor", 0X4CC, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfStringCreate", 0X4D0, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfStringGetUnicodeString", 0X4D4, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfObjectAcquireLock", 0X4D8, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfObjectReleaseLock", 0X4DC, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfWaitLockCreate", 0X4E0, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfWaitLockAcquire", 0X4E4, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfWaitLockRelease", 0X4E8, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfSpinLockCreate", 0X4EC, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfSpinLockAcquire", 0X4F0, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfSpinLockRelease", 0X4F4, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfTimerCreate", 0X4F8, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfTimerStart", 0X4FC, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfTimerStop", 0X500, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfTimerGetParentObject", 0X504, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfUsbTargetDeviceCreate", 0X508, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfUsbTargetDeviceRetrieveInformation", 0X50C, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfUsbTargetDeviceGetDeviceDescriptor", 0X510, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfUsbTargetDeviceRetrieveConfigDescriptor", 0X514, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfUsbTargetDeviceQueryString", 0X518, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfUsbTargetDeviceAllocAndQueryString", 0X51C, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfUsbTargetDeviceFormatRequestForString", 0X520, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfUsbTargetDeviceGetNumInterfaces", 0X524, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfUsbTargetDeviceSelectConfig", 0X528, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfUsbTargetDeviceWdmGetConfigurationHandle", 0X52C, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfUsbTargetDeviceRetrieveCurrentFrameNumber", 0X530, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfUsbTargetDeviceSendControlTransferSynchronously", 0X534, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfUsbTargetDeviceFormatRequestForControlTransfer", 0X538, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfUsbTargetDeviceIsConnectedSynchronous", 0X53C, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfUsbTargetDeviceResetPortSynchronously", 0X540, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfUsbTargetDeviceCyclePortSynchronously", 0X544, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfUsbTargetDeviceFormatRequestForCyclePort", 0X548, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfUsbTargetDeviceSendUrbSynchronously", 0X54C, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfUsbTargetDeviceFormatRequestForUrb", 0X550, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfUsbTargetPipeGetInformation", 0X554, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfUsbTargetPipeIsInEndpoint", 0X558, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfUsbTargetPipeIsOutEndpoint", 0X55C, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfUsbTargetPipeGetType", 0X560, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfUsbTargetPipeSetNoMaximumPacketSizeCheck", 0X564, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfUsbTargetPipeWriteSynchronously", 0X568, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfUsbTargetPipeFormatRequestForWrite", 0X56C, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfUsbTargetPipeReadSynchronously", 0X570, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfUsbTargetPipeFormatRequestForRead", 0X574, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfUsbTargetPipeConfigContinuousReader", 0X578, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfUsbTargetPipeAbortSynchronously", 0X57C, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfUsbTargetPipeFormatRequestForAbort", 0X580, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfUsbTargetPipeResetSynchronously", 0X584, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfUsbTargetPipeFormatRequestForReset", 0X588, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfUsbTargetPipeSendUrbSynchronously", 0X58C, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfUsbTargetPipeFormatRequestForUrb", 0X590, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfUsbInterfaceGetInterfaceNumber", 0X594, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfUsbInterfaceGetNumEndpoints", 0X598, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfUsbInterfaceGetDescriptor", 0X59C, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfUsbInterfaceSelectSetting", 0X5A0, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfUsbInterfaceGetEndpointInformation", 0X5A4, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfUsbTargetDeviceGetInterface", 0X5A8, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfUsbInterfaceGetConfiguredSettingIndex", 0X5AC, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfUsbInterfaceGetNumConfiguredPipes", 0X5B0, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfUsbInterfaceGetConfiguredPipe", 0X5B4, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfUsbTargetPipeWdmGetPipeHandle", 0X5B8, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfVerifierDbgBreakPoint", 0X5BC, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfVerifierKeBugCheck", 0X5C0, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfWmiProviderCreate", 0X5C4, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfWmiProviderGetDevice", 0X5C8, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfWmiProviderIsEnabled", 0X5CC, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfWmiProviderGetTracingHandle", 0X5D0, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfWmiInstanceCreate", 0X5D4, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfWmiInstanceRegister", 0X5D8, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfWmiInstanceDeregister", 0X5DC, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfWmiInstanceGetDevice", 0X5E0, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfWmiInstanceGetProvider", 0X5E4, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfWmiInstanceFireEvent", 0X5E8, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfWorkItemCreate", 0X5EC, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfWorkItemEnqueue", 0X5F0, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfWorkItemGetParentObject", 0X5F4, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfWorkItemFlush", 0X5F8, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfCommonBufferCreateWithConfig", 0X5FC, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfDmaEnablerGetFragmentLength", 0X600, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfDmaEnablerWdmGetDmaAdapter", 0X604, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfUsbInterfaceGetNumSettings", 0X608, 0x20000400, -1, 4);
if ( size == 0x183 ) // vista
return id;
AddStrucMember(id,"pfnWdfDeviceRemoveDependentUsageDeviceObject", 0X60C, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfDeviceGetSystemPowerAction", 0X610, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfInterruptSetExtendedPolicy", 0X614, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfIoQueueAssignForwardProgressPolicy", 0X618, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfPdoInitAssignContainerID", 0X61C, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfPdoInitAllowForwardingRequestToParent", 0X620, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfRequestMarkCancelableEx", 0X624, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfRequestIsReserved", 0X628, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfRequestForwardToParentDeviceIoQueue", 0X62C, 0x20000400, -1, 4);
if ( size == 0x18c ) // w7
return id;
AddStrucMember(id,"pfnWdfCxDeviceInitAllocate", 0X630, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfCxDeviceInitAssignWdmIrpPreprocessCallback", 0X634, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfCxDeviceInitSetIoInCallerContextCallback", 0X638, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfCxDeviceInitSetRequestAttributes", 0X63C, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfCxDeviceInitSetFileObjectConfig", 0X640, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfDeviceWdmDispatchIrp", 0X644, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfDeviceWdmDispatchIrpToIoQueue", 0X648, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfDeviceInitSetRemoveLockOptions", 0X64C, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfDeviceConfigureWdmIrpDispatchCallback", 0X650, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfDmaEnablerConfigureSystemProfile", 0X654, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfDmaTransactionInitializeUsingOffset", 0X658, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfDmaTransactionGetTransferInfo", 0X65C, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfDmaTransactionSetChannelConfigurationCallback", 0X660, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfDmaTransactionSetTransferCompleteCallback", 0X664, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfDmaTransactionSetImmediateExecution", 0X668, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfDmaTransactionAllocateResources", 0X66C, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfDmaTransactionSetDeviceAddressOffset", 0X670, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfDmaTransactionFreeResources", 0X674, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfDmaTransactionCancel", 0X678, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfDmaTransactionWdmGetTransferContext", 0X67C, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfInterruptQueueWorkItemForIsr", 0X680, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfInterruptTryToAcquireLock", 0X684, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfIoQueueStopAndPurge", 0X688, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfIoQueueStopAndPurgeSynchronously", 0X68C, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfIoTargetPurge", 0X690, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfUsbTargetDeviceCreateWithParameters", 0X694, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfUsbTargetDeviceQueryUsbCapability", 0X698, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfUsbTargetDeviceCreateUrb", 0X69C, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfUsbTargetDeviceCreateIsochUrb", 0X6A0, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfDeviceWdmAssignPowerFrameworkSettings", 0X6A4, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfDmaTransactionStopSystemTransfer", 0X6A8, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfCxVerifierKeBugCheck", 0X6AC, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfInterruptReportActive", 0X6B0, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfInterruptReportInactive", 0X6B4, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfDeviceInitSetReleaseHardwareOrderOnFailure", 0X6B8, 0x20000400, -1, 4);
AddStrucMember(id,"pfnWdfGetTriageInfo", 0X6BC, 0x20000400, -1, 4);
return id;
}
static main(void)
{
auto data_start;
auto data_end;
auto idx;
// out data
auto wdf_size;
auto wdf_func;
data_end = data_start = BADADDR;
wdf_size = 0;
wdf_func = BADADDR;
// find .data section
for ( idx = FirstSeg(); idx != BADADDR; idx = NextSeg(idx) )
{
auto sname;
sname = SegName(idx);
if ( (strlen(sname) == 5) &&
strstr(sname, ".data") != 0
)
{
data_start = SegStart(idx);
data_end = SegEnd(idx);
break;
}
}
if ( data_start == BADADDR )
return;
// find "KmdfLibrary" unicode string in .data section
idx = data_start;
while(1)
{
auto addr, id;
idx = FindBinary(idx, SEARCH_DOWN, "4B 00 6D 00 64 00 66 00 4C 00 69 00 62 00 72 00 61 00 72 00 79 00");
if ( idx == BADADDR )
break;
addr = DfirstB(idx);
if ( addr != BADADDR )
{
id = 0;
wdf_size = Dword(addr + 0x10);
wdf_func = Dword(addr + 0x14);
if ( wdf_size != 0 )
{
id = add_struct(wdf_size);
}
if ( id != 0 )
{
auto ssize;
ssize = GetStrucSize(id);
MakeUnknown(wdf_func, ssize, 0);
if ( MakeData(wdf_func, FF_STRU, ssize, id) )
{
return;
}
Message("MakeData failed at %X, size %X\n", wdf_func, ssize);
}
}
idx = idx + 22; /* length of unicode string KmdfLibrary */
}
}
Комментариев нет:
Отправить комментарий