内核开发速查表
微软命名规则 Win32中的数据类型和标识符命名规范 变量命名 windows
内核开发知识第一讲.内核中的数据类型.重要数据结构.常用内核API函数
WINAPI返回值NASTATUS:参见:https://docs.microsoft.com/en-us/windows-hardware/drivers/kernel/ntstatus-values
NTSTATUS的值为DWORD,它一般定义为如下列式(常用的都在ntstatus.h文件中)
#define STATUS_SUCCESS ((NTSTATUS)0x00000000L)
#define STATUS_OBJECT_NAME_EXISTS ((NTSTATUS)0x40000000L)
#define STATUS_GUARD_PAGE_VIOLATION ((NTSTATUS)0x80000001L)
#define STATUS_UNSUCCESSFUL ((NTSTATUS)0xC0000001L)
可用NT_SUCCESS宏来判断是否出错,值>=0的均为成功,值<0的为有错;0x7FFFFFFF为最大正值,-1=0xFFFFFFFF,0X80000000为最小负值
//
// Status values are 32 bit values laid out as follows:
//
// 3 3 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1
// 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0
// +---+-+-------------------------+-------------------------------+
// |Sev|C| Facility | Code |
// +---+-+-------------------------+-------------------------------+
//
// where
//
// Sev - is the severity code
//
// 00 - Success
// 01 - Informational
// 10 - Warning
// 11 - Error
//
// C - is the Customer code flag
//
// Facility - is the facility code
//
// Code - is the facility's status code
//
//
// Generic test for success on any status value (non-negative numbers
// indicate success).
//
#define NT_SUCCESS(Status) (((NTSTATUS)(Status)) >= 0)
//
// Generic test for information on any status value.
//
#ifdef _PREFAST_
#define NT_INFORMATION(Status) (((NTSTATUS)(Status)) >= (long)0x40000000)
#else
#define NT_INFORMATION(Status) ((((ULONG)(Status)) >> 30) == 1)
#endif
//
// Generic test for warning on any status value.
//
#ifdef _PREFAST_
#define NT_WARNING(Status) (((NTSTATUS)(Status) < (long)0xc0000000))
#else
#define NT_WARNING(Status) ((((ULONG)(Status)) >> 30) == 2)
#endif
//
// Generic test for error on any status value.
//
#ifdef _PREFAST_
#define NT_ERROR(Status) (((NTSTATUS)(Status)) >= (unsigned long)0xc0000000)
#else
#define NT_ERROR(Status) ((((ULONG)(Status)) >> 30) == 3)
#endif
// end_sdfwdm
// end_wudfwdm
// end_ntoshvp
// end_windbgkd
// begin_winnt
#define APPLICATION_ERROR_MASK 0x20000000
#define ERROR_SEVERITY_SUCCESS 0x00000000
#define ERROR_SEVERITY_INFORMATIONAL 0x40000000
#define ERROR_SEVERITY_WARNING 0x80000000
#define ERROR_SEVERITY_ERROR 0xC0000000
格式输出字符串规范
MS NtStatus 官方代码
Windows 系统错代码 windows:GetLastError错误代码
键盘VK键值列表
DbgPrint/KdPrint输出格式控制
在驱动编程学习中,往往需要通过DbgPrint或者KdPrint来输出调试信息,对于Check版本,KdPrint只是DbgPrint的一个宏定义,而对于Free版本,KdPrint将被优化掉。这些输出信息可以通过DebugView对内核的监控来看到。
KdPrint is identical to the DbgPrint routine in code that is compiled in achecked build environment. This routine has no effect if compiled in a free build environment. Only kernel-mode drivers can call theKdPrint routine.
下面还是说一下他们的输出格式控制吧:
| 符号 | 格式说明符 | 类型 |
| %c, %lc | ANSI字符 | char |
| %C, %wc | 宽字符 | wchar_t |
| %d, %i | 十进制有符号整数 | int |
| %D | 十进制__int64 | __int64 |
| %L | 十六进制的LARGE_INTEGER | LARGE_INTEGER |
| %s, %ls | NULL终止的ANSI字符串 | char* |
| %S, %ws | NULL终止的宽字符串 | wchar_t* |
| %Z | ANSI_STRING字符串 | ANSI_STRING |
| %wZ | UNICODE_STRING字符串 | UNICODE_STRING |
| %u | 十进制的ULONG | ULONG |
| %x | 小写字符十六进制的ULONG | ULONG |
| %X | 大写字符十六进制的ULONG | ULONG |
| %p | 指针Pointer 32/64位 |
就那么多。根据DDK上说明,Unicode格式(%C, %S, %lc, %ls, %wc, %ws, and %wZ)只能在 IRQL = PASSIVE_LEVEL时才能使用。
需要注意 中文的 WCHAR 和 UNICODE_STRING可能会被截断打印不出来 需要转化为 CHAR 和 ANSI_STRING来
常见硬件的设备类GUID
| Class | GUID | Device Description |
|---|---|---|
| CDROM | 4D36E965-E325-11CE-BFC1-08002BE10318 | CD/DVD/Blu-ray drives |
| DiskDrive | 4D36E967-E325-11CE-BFC1-08002BE10318 | Hard drives |
| Display | 4D36E968-E325-11CE-BFC1-08002BE10318 | Video adapters |
| FDC | 4D36E969-E325-11CE-BFC1-08002BE10318 | Floppy controllers |
| FloppyDisk | 4D36E980-E325-11CE-BFC1-08002BE10318 | Floppy drives |
| HDC | 4D36E96A-E325-11CE-BFC1-08002BE10318 | Hard drive controllers |
| HIDClass | 745A17A0-74D3-11D0-B6FE-00A0C90F57DA | Some USB devices |
| 1394 | 6BDD1FC1-810F-11D0-BEC7-08002BE2092F | IEEE 1394 host controller |
| Image | 6BDD1FC6-810F-11D0-BEC7-08002BE2092F | Cameras and scanners |
| Keyboard | 4D36E96B-E325-11CE-BFC1-08002BE10318 | Keyboards |
| Modem | 4D36E96D-E325-11CE-BFC1-08002BE10318 | Modems |
| Mouse | 4D36E96F-E325-11CE-BFC1-08002BE10318 | Mice and pointing devices |
| Media | 4D36E96C-E325-11CE-BFC1-08002BE10318 | Audio and video devices |
| Net | 4D36E972-E325-11CE-BFC1-08002BE10318 | Network adapters |
| Ports | 4D36E978-E325-11CE-BFC1-08002BE10318 | Serial and parallel ports |
| SCSIAdapter | 4D36E97B-E325-11CE-BFC1-08002BE10318 | SCSI and RAID controllers |
| System | 4D36E97D-E325-11CE-BFC1-08002BE10318 | System buses, bridges, etc. |
| USB | 36FC9E60-C465-11CF-8056-444553540000 | USB host controllers and hubs |
| LegacyDriver | 8ECC055D-047F-11D1-A537-0000F8753ED1 | Non-Plug and Play Drivers |
Windows内部版本号
| Operating System | Version Number |
|---|---|
| Windows 1.0 | 1.04 |
| Windows 2.0 | 2.11 |
| Windows 3.0 | 3 |
| Windows NT 3.1 | 3.10.528 |
| Windows for Workgroups 3.11 | 3.11 |
| Windows NT Workstation 3.5 | 3.5.807 |
| Windows NT Workstation 3.51 | 3.51.1057 |
| Windows 95 | 4.0.950 |
| Windows NT Workstation 4.0 | 4.0.1381 |
| Windows 98 | 4.1.1998 |
| Windows 98 Second Edition | 4.1.2222 |
| Windows Me | 4.90.3000 |
| Windows 2000 Professional | 5.0.2195 |
| Windows XP | 5.1.2600 |
| Windows XP Professional x64 Edition | 5.2.3790 |
| Windows Server 2003 | 5.2 |
| Windows Server 2003 R2 | 5.2 |
| Windows Vista | 6.0.6000 |
| Windows Server 2008 | 6.0 |
| Windows Server 2008 R2 | 6.1 |
| Windows 7 | 6.1.7600 |
| Windows 8 | 6.2.9200 |
| Windows 10 | 10.0* |
| Windows Server 2016 | 10.0* |
| Windows 8.1 | 6.3* |
| Windows Server 2012 R2 | 6.3* |
