WDK Quick Reference Rev H
Perisoft 2016 www.perisoft.net

For 32-bit device drivers. Red fields are reserved. Numeric values are hex.

 

DRIVER_OBJECT
  0 1 2 3 4 5 6 7 8 9 A B C D E F
0
 
Type
(4)
Size DeviceObject Flags DriverStart
10
 
DriverSize DriverSection DriverExtension Name
len
Name
maxlen
20
 
Name
(wide string ptr)
HardwareDatabase FastIoDispatch DriverEntry
30
 
StartIo Unload IRP_MJ_CREATE IRP_MJ_NAMED_PIPE

40
 

IRP_MJ_CLOSE IRP_MJ_READ IRP_MJ_WRITE IRP_MJ_QUERY_
INFORMATION
50
 
IRP_MJ_SET_INFORMATION IRP_MJ_QUERY_EA IRP_MJ_SET_EA IRP_MJ_FLUSH_BUFFERS
60
 
IRP_MJ_QUERY_VOLUME_
VOLUME_INFORMATION
IRP_MJ_SET_VOLUME_
INFORMATION
IRP_MJ_DIRECTORY_
CONTROL
IRP_MJ_FILE_SYSTEM_
CONTROL
70
 
IRP_MJ_DEVICE_CONTROL IRP_MJ_SCSI /
IRP_MJ_INTERNAL_DEVICE_
CONTROL
IRP_MJ_SHUTDOWN IRP_MJ_LOCK_CONTROL

80
 

IRP_MJ_CLEANUP IRP_MJ_CREATE_MAILSLOT IRP_MJ_QUERY_SECURITY IRP_MJ_SET_SECURITY
90
 
IRP_MJ_POWER IRP_MJ_SYSTEM_CONTROL IRP_MJ_DEVICE_CHANGE IRP_MJ_QUERY_QUOTA
A0
 
IRP_MJ_SET_QUOTA IRP_MJ_PNP  

 

Flags

Mask

Name
1 DRVO_UNLOAD_INVOKED
2 DRVO_LEGACY_DRIVER
4 DRVO_BUILTIN_DRIVER
8 DRVO_REINIT_REGISTERED
10 DRVO_INITIALIZED
20 DRVO_BOOTREINIT_REGISTERED
40 DRVO_LEGACY_RESOURCES

 

DRIVER_EXTENSION
  0 1 2 3 4 5 6 7 8 9 A B C D E F
0
 
*DriverObject AddDevice Count SvcKey
len
SvcKey
maxlen
10
 
*ServiceKeyName      

 

DEVICE_OBJECT
  0 1 2 3 4 5 6 7 8 9 A B C D E F
0
 
Type
(3)
Size Ref Count DriverObject NextDev
10
 
AttachedDev CurrentIrp Timer Flags
20
 
Characteristics VPB DeviceExtension DeviceType

30
 

Stak
Size
  Queue.ListEntry /
Queue.WaitContextBlock
40
 
...
50
 
... Alignment
(reverse mask)
60
 
DeviceQueue

70
 

... DPC
80
 
...
90
 
... ActiveThreads SecurityDesc DeviceLock
A0
 
... Sector
Size
Spare1
B0
 
DevObjExtension Reserved  

 

Flags

Mask

Name
1 DO_UNLOAD_PENDING
2 DO_VERIFY_VOLUME
4 DO_BUFFERED_IO
8 DO_EXCLUSIVE
10 DO_DIRECT_IO
20 DO_MAP_IO_BUFFER
40 DO_DEVICE_HAS_NAME
80 DO_DEVICE_INITIALIZING
100 DO_SYSTEM_BOOT_PARTITION
200 DO_LONG_TERM_REQUESTS
400 DO_NEVER_LAST_DEVICE
800 DO_SHUTDOWN_REGISTERED
1000 DO_BUS_ENUMERATED_DEVICE
2000 DO_POWER_PAGABLE
4000 DO_POWER_INRUSH
10000 DO_LOW_PRIORITY_FILESYSTEM

 

Characteristics
Mask Name
0001 FILE_REMOVABLE_MEDIA
0002 FILE_READ_ONLY_DEVICE
0004 FILE_FLOPPY_DISKETTE
0008 FILE_WRITE_ONCE_MEDIA
0010 FILE_REMOTE_DEVICE
0020 FILE_DEVICE_IS_MOUNTED
0040 FILE_VIRTUAL_VOLUME
0080 FILE_AUTOGENERATED_DEVICE_NAME
0100 FILE_DEVICE_SECURE_OPEN

 

DevType
Value Name
1

FILE_DEVICE_BEEP

2

FILE_DEVICE_CD_ROM

3

FILE_DEVICE_CD_ROM_FILE_SYSTEM

4

FILE_DEVICE_CONTROLLER

5

FILE_DEVICE_DATALINK

6

FILE_DEVICE_DFS

7

FILE_DEVICE_DISK

8

FILE_DEVICE_DISK_FILE_SYSTEM

9

FILE_DEVICE_FILE_SYSTEM

a

FILE_DEVICE_INPORT_PORT

b

FILE_DEVICE_KEYBOARD

c

FILE_DEVICE_MAILSLOT

d

FILE_DEVICE_MIDI_IN

e

FILE_DEVICE_MIDI_OUT

f

FILE_DEVICE_MOUSE

10

FILE_DEVICE_MULTI_UNC_PROVIDER

11

FILE_DEVICE_NAMED_PIPE

12

FILE_DEVICE_NETWORK

13

FILE_DEVICE_NETWORK_BROWSER

14

FILE_DEVICE_NETWORK_FILE_SYSTEM

15

FILE_DEVICE_NULL

16

FILE_DEVICE_PARALLEL_PORT

17

FILE_DEVICE_PHYSICAL_NETCARD

18

FILE_DEVICE_PRINTER

19

FILE_DEVICE_SCANNER

1a

FILE_DEVICE_SERIAL_MOUSE_PORT

1b

FILE_DEVICE_SERIAL_PORT
FILE_DEVICE_SCSI

1c

FILE_DEVICE_SCREEN

1d

FILE_DEVICE_SOUND

1e

FILE_DEVICE_STREAMS

1f

FILE_DEVICE_TAPE

20

FILE_DEVICE_TAPE_FILE_SYSTEM

21

FILE_DEVICE_TRANSPORT

22

FILE_DEVICE_UNKNOWN
FILE_DEVICE_USB

23

FILE_DEVICE_VIDEO

24

FILE_DEVICE_VIRTUAL_DISK

25

FILE_DEVICE_WAVE_IN

26

FILE_DEVICE_WAVE_OUT

27

FILE_DEVICE_8042_PORT

28

FILE_DEVICE_NETWORK_REDIRECTOR

29

FILE_DEVICE_BATTERY

2a

FILE_DEVICE_BUS_EXTENDER

2b

FILE_DEVICE_MODEM

2c

FILE_DEVICE_VDM

2d

FILE_DEVICE_MASS_STORAGE

2e

FILE_DEVICE_SMB

2f

FILE_DEVICE_KS

30

FILE_DEVICE_CHANGER

31

FILE_DEVICE_SMARTCARD

32

FILE_DEVICE_ACPI

33

FILE_DEVICE_DVD

34

FILE_DEVICE_FULLSCREEN_VIDEO

35

FILE_DEVICE_DFS_FILE_SYSTEM

36

FILE_DEVICE_DFS_VOLUME

37

FILE_DEVICE_SERENUM

38

FILE_DEVICE_TERMSRV

39

FILE_DEVICE_KSEC

3A

FILE_DEVICE_FIPS

≥8000

vendor unique

 

IRP
  0 1 2 3 4 5 6 7 8 9 A B C D E F
0
 
Type
(6)
Size Mdl Flags MasterIrp/IrpCount/
SystemBuffer
10
 
Thread.Flink Thread.Blink IoStatus.Status IoStatus.Information
20
 
Req
Mode
Pnd
Ret
Stak
Cnt
Cur
Stak
Can
cel
Can
Irql
Apc
Env
Alloc
Flgs
*UserIoStatus *UserEvent

30
 

UserApcProc/
AllocSize
UserApcContext/
AllocSize
CancelRoutine UserBuffer
40
 
Context[0] Context[1] Context[2] Context[3]
50
 
Thread AuxBuf List.Flink List.Blink
60
 
IO_STACK_LOC /
PacketType
OriginalFileObject    

 

Flags
Mask Name
0001 IRP_NOCACHE
0002 IRP_PAGING_IO
IRP_MOUNT_COMPLETION
0004 IRP_SYNCHRONOUS_API
0008 IRP_ASSOCIATED_IRP
0010 IRP_BUFFERED_IO
0020 IRP_DEALLOCATE_BUFFER
0040 IRP_INPUT_OPERATION
IRP_SYNCHRONOUS_PAGING_IO
0080 IRP_CREATE_OPERATION
0100 IRP_READ_OPERATION
0200 IRP_WRITE_OPERATION
0400 IRP_CLOSE_OPERATION
0800 IRP_DEFER_IO_COMPLETION
1000 IRP_OB_QUERY_NAME
2000 IRP_HOLD_DEVICE_QUEUE
4000 IRP_RETRY_IO_COMPLETION
8000 IRP_CLASS_CACHE_OPERATION

 

IRQL (x86)
Value Name Description
0

PASSIVE_LEVEL
LOWER_LEVEL

execute thread
lowest interrupt level marker
1

APC_LEVEL

execute special kernel APC; page fault
2

DISPATCH_LEVEL

dispatch (execute DPC)
1b

PROFILE_LEVEL
SYNCH_LEVEL

timer used for profiling
 
1c

CLOCK1_LEVEL
CLOCK2_LEVEL
SYNCH_LEVEL

interval-timer execution (not used)
interval-timer execution
 
1d

IPI_LEVEL

interprocessor interrupt level
1e

POWER_LEVEL

power failure notification
1f

HIGH_LEVEL

machine checks or bus errors

 

ReqMode
Value Name
0 KernelMode
1 UserMode
2 MaximumMode

 

IO_STACK_LOCATION
  0 1 2 3 4 5 6 7 8 9 A B C D E F
0
 
MJ MN Flg Ctl Arg1
(OutputBufferLength)
Arg2
(InputBufferLength)
Arg3
(IOCTL)
10
 
Arg4
(Type3InputBuffer)
DeviceObject FileObject CompletionProc
20
 
Context      

 

Major/Minor Function

MJ [MN] Name
0 IRP_MJ_CREATE
1 IRP_MJ_NAMED_PIPE
2 IRP_MJ_CLOSE
3 IRP_MJ_READ
4 IRP_MJ_WRITE
5 IRP_MJ_QUERY_INFORMATION
6 IRP_MJ_SET_INFORMATION
7 IRP_MJ_QUERY_EA
8 IRP_MJ_SET_EA
9 IRP_MJ_FLUSH_BUFFERS
a IRP_MJ_QUERY_VOLUME_INFORMATION
b IRP_MJ_SET_VOLUME_INFORMATION
c IRP_MJ_DIRECTORY_CONTROL
d IRP_MJ_FILE_SYSTEM_CONTROL
e IRP_MJ_DEVICE_CONTROL
f IRP_MJ_INTERNAL_DEVICE_CONTROL /
IRP_MJ_SCSI
 [00] IRP_MN_SCSI_CLASS
 [01] IRP_MN_SCSI_CLASS
10 IRP_MJ_SHUTDOWN
11 IRP_MJ_LOCK_CONTROL
12 IRP_MJ_CLEANUP
13 IRP_MJ_CREATE_MAILSLOT
14 IRP_MJ_QUERY_SECURITY
15 IRP_MJ_SET_SECURITY
16 IRP_MJ_POWER
 [00] IRP_MN_WAIT_WAKE
 [01] IRP_MN_POWER_SEQUENCE
 [02] IRP_MN_SET_POWER
 [03] IRP_MN_QUERY_POWER
17 IRP_MJ_SYSTEM_CONTROL
 [00] IRP_MN_QUERY_ALL_DATA
 [01] IRP_MN_QUERY_SINGLE_INSTANCE
 [02] IRP_MN_CHANGE_SINGLE_INSTANCE
 [03] IRP_MN_CHANGE_SINGLE_ITEM
 [04] IRP_MN_ENABLE_EVENTS
 [05] IRP_MN_DISABLE_EVENTS 
 [06] IRP_MN_ENABLE_COLLECTION
 [07] IRP_MN_DISABLE_COLLECTION
 [08] IRP_MN_REGINFO
 [09] IRP_MN_EXECUTE_METHOD
 [0a] reserved
 [0b] IRP_MN_REGINFO_EX
18 IRP_MJ_DEVICE_CHANGE
19 IRP_MJ_QUERY_QUOTA
1a IRP_MJ_SET_QUOTA
1b IRP_MJ_PNP /
IRP_MJ_PNP_POWER /
IRP_MJ_MAXIMUM_FUNCTION
 [00] IRP_MN_START_DEVICE
 [01] IRP_MN_QUERY_REMOVE_DEVICE
 [02] IRP_MN_REMOVE_DEVICE
 [03] IRP_MN_CANCEL_REMOVE_DEVICE
 [04] IRP_MN_STOP_DEVICE
 [05] IRP_MN_QUERY_STOP_DEVICE
 [06] IRP_MN_CANCEL_STOP_DEVICE
 [07] IRP_MN_QUERY_DEVICE_RELATIONS
 [08] IRP_MN_QUERY_INTERFACE
 [09] IRP_MN_QUERY_CAPABILITIES
 [0A] IRP_MN_QUERY_RESOURCES
 [0B] IRP_MN_QUERY_RESOURCE_REQUIREMENTS
 [0C] IRP_MN_QUERY_DEVICE_TEXT
 [0D] IRP_MN_FILTER_RESOURCE_REQUIREMENTS
 [0E]
 [0F] IRP_MN_READ_CONFIG
 [10] IRP_MN_WRITE_CONFIG
 [11] IRP_MN_EJECT
 [12] IRP_MN_SET_LOCK
 [13] IRP_MN_QUERY_ID
 [14] IRP_MN_QUERY_PNP_DEVICE_STATE
 [15] IRP_MN_QUERY_BUS_INFORMATION
 [16] IRP_MN_DEVICE_USAGE_NOTIFICATION
 [17] IRP_MN_SURPRISE_REMOVAL
 [18] IRP_MN_QUERY_LEGACY_BUS_INFORMATION
 [87] IRP_MN_BUS_RESET (FireWire)

 

Flg
Mask Name
01 SL_KEY_SPECIFIED
02 SL_OVERRIDE_VERIFY_VOLUME
04 SL_WRITE_THROUGH
08 SL_FT_SEQUENTIAL_WRITE
10 SL_FORCE_DIRECT_WRITE

 

Ctl
Mask Name
01 SL_PENDING_RETURNED
02 SL_ERROR_RETURNED
20 SL_INVOKE_ON_CANCEL
40 SL_INVOKE_ON_SUCCESS
80 SL_INVOKE_ON_ERROR

 

IOCTL Code
Bit 16..31 Bit 14..15 Bit 2..13 Bit 0..1
DevType Access Function Method

 

DevType
See DEVICE_OBJECT DevType Table

 

Access
Mask Name
00 FILE_ANY_ACCESS
FILE_SPECIAL_ACCESS
01 FILE_READ_ACCESS
02 FILE_WRITE_ACCESS

 

Method
Value Name
0 METHOD_BUFFERED
1 METHOD_IN_DIRECT
2 METHOD_OUT_DIRECT
3 METHOD_NEITHER

 

NDIS_PACKET
  0 1 2 3 4 5 6 7 8 9 A B C D E F
0
 
Mem Pages Total Length MDL Head MDL Tail
10
 
Packet Pool Handle Count NDIS Flags Valid
Cnts
Pkt
Flgs
OOB Ofs
20
 
Miniport Use Wrapper Use

30
 

Reserved Protocol Use...
(variable)
 

 

NDIS Flags
Mask Name
xxx0 NDIS_PROTOCOL_ID_DEFAULT
xxx2 NDIS_PROTOCOL_ID_TCP_IP
xxx6 NDIS_PROTOCOL_ID_IPX
xxx7 NDIS_PROTOCOL_ID_NBF
0010 NDIS_FLAGS_MULTICAST_PACKET
0020 reserved
0040 reserved
0080 NDIS_FLAGS_DONT_LOOPBACK
0100 NDIS_FLAGS_IS_LOOPBACK_PACKET
0200 NDIS_FLAGS_LOOPBACK_ONLY
0400 reserved
0800 NDIS_FLAGS_DOUBLE_BUFFERED
1000 NDIS_FLAGS_SENT_AT_DPC
2000 NDIS_FLAGS_USES_SG_BUFFER_LIST

 

PktFlags
Mask Name
01 reserved
02 reserved
04 reserved
08 reserved
10 reserved
20 reserved
40 fPACKET_CONTAINS_MEDIA_SPECIFIC_INFO
80 fPACKET_ALLOCATED_BY_NDIS

 

NDIS_PACKET_OOB_DATA
  0 1 2 3 4 5 6 7 8 9 A B C D E F
0
 
Time To Send /
Time Sent
Time Received
10
 
Header Len Media Specific Len Media Specific Ptr Status

 

MEDIA_SPECIFIC_INFORMATION
  0 1 2 3 4 5 6 7 8 9 A B C D E F
0
 
NextEntryOfs
(0=final entry)
ClassId Data Len Data...
(variable)

 

ClassId
Value Name
0 NdisClass802_3Priority (obsolete)
1 NdisClassWirelessWanMbxMailbox
2 NdisClassIrdaPacketInfo
3 NdisClassAtmAALInfo

 

SCSI_REQUEST_BLOCK
  0 1 2 3 4 5 6 7 8 9 A B C D E F
0
 
Length Func Srb
Status
Scsi
Status
Bus Id Lun Queue
Tag
Queue
Action
Cdb
Len
Sense
Len
SrbFlags
10
 
TransferLength TimeOut DataBuffer SenseBuffer
20
 
*NextSrb *IRP *SrbExtension InternalStatus/
QueueSortKey

30
 

CDB