Techwiki:Win32k/LDEVOBJ
Revision as of 13:53, 9 August 2009 by ThePhysicist (talk | contribs)
Representation of a GDI driver.
typedef struct _SYSTEM_GDI_DRIVER_INFORMATION { UNICODE_STRING DriverName; PVOID ImageAddress; PVOID SectionPointer; PVOID EntryPoint; PIMAGE_EXPORT_DIRECTORY ExportSectionPointer; ULONG ImageLength; } SYSTEM_GDI_DRIVER_INFORMATION, *PSYSTEM_GDI_DRIVER_INFORMATION;
DriverName
- Full path of the drivers dll. Example: '\SystemRoot\System32\ATMFD.DLL'
ImageAddress
- Pointer to the beginning of the driver mapping.
SectionPointer
- Pointer to 'MmLd' Mm load module database.
EntryPoint
- Pointer to the drivers entry point.
ImageLength
- Size of the DLL in bytes.
typedef struct _LDEV { // W2k WXP struct _LDEVOBJ *pldevNext; // 000 000 struct _LDEVOBJ *pldevPrev; // 004 004 SYSTEM_GDI_DRIVER_INFORMATION pInfo; // 008 ULONG ldevtype; // 008 00C ULONG cRefs; // 00C 010 ULONG unk_014; // --- 014 void * pGdiDriverInfo; // 014 018 ULONG ulDriverVersion; // 018 01C ULONG unk_020; // 020 PFN apfn[93]; // 024 PFN apfnOrig[93]; // 198 // size 310 } LDEV, *PLDEV;
pldevNext
- Pointer to the next LDEV in the global list. NULL if this is the last LDEVOBJ.
pldevPrev
- Pointer to the previous LDEV in the global list. NULL if this is the first LDEVOBJ.
pInfo
- Pointer to an LDEVINFO structure, if the LDEV is associated with a dll file. NULL if the LDEV describes a driver located inside win32k.
ldevtype
- Can be one of:
typedef enum { LDEV_DEVICE_DISPLAY = 1, LDEV_DEVICE_PRINTER = 2, LDEV_DEVICE_META = 3, LDEV_DEVICE_MIRROR = 4, LDEV_IMAGE = 5, LDEV_FONT = 6 } LDEVTYPE;
apfn
- Array of pointers to the according driver functions or win32k!WatchDogXxx interceptions.
apfnOrig
- The original function pointer that were returned from the driver entry.
Remarks
All LDEVOBJs are kept in a global list. Both structures have the tag 'Gldv' Total size of LDEV is 0x310 Bytes