_OBJECT_TYPE_INITIALIZER 结构

如下检测结构成员是否正确：

#define STRUCTdtOut(name, mbr_type, mbr) " +0x%03lx %-15s : %s\n", offsetof(name, mbr), #mbr, #mbr_type TRACE(STRUCTdtOut(_OBJECT_TYPE_INITIALIZER, WORD, Length));;     // +0x000 Length           : Uint2B

下面为_OBJECT_TYPE_INITIALIZER 结构成员， 原nirsoft的有点小问题， 点击打开链接

      它将几个bit成员设为ULONG， 所以几个BIT成员之和占位sizeof(ULONG), 此处应该为UCHAR

// win7 旗舰版 64位// WinDbg: lkd> dt _OBJECT_TYPE_INITIALIZERtypedef struct _OBJECT_TYPE_INITIALIZER{ WORD Length;     // +0x000 Length           : Uint2B UCHAR ObjectTypeFlags;   // +0x002 ObjectTypeFlags  : UChar UCHAR CaseInsensitive: 1;  // +0x002 CaseInsensitive  : Pos 0, 1 Bit UCHAR UnnamedObjectsOnly: 1; // +0x002 UnnamedObjectsOnly : Pos 1, 1 Bit UCHAR UseDefaultObject: 1;  // +0x002 UseDefaultObject : Pos 2, 1 Bit UCHAR SecurityRequired: 1;  // +0x002 SecurityRequired : Pos 3, 1 Bit UCHAR MaintainHandleCount: 1; // +0x002 MaintainHandleCount : Pos 4, 1 Bit UCHAR MaintainTypeList: 1;  // +0x002 MaintainTypeList : Pos 5, 1 Bit UCHAR SupportsObjectCallbacks: 1;  // +0x002 SupportsObjectCallbacks : Pos 6, 1 Bit UCHAR CacheAligned: 1;   // +0x002 CacheAligned     : Pos 7, 1 Bit UINT ObjectTypeCode;   // +0x004 ObjectTypeCode   : Uint4B UINT InvalidAttributes;   // +0x008 InvalidAttributes : Uint4B GENERIC_MAPPING GenericMapping; // +0x00c GenericMapping   : _GENERIC_MAPPING UINT ValidAccessMask;   // +0x01c ValidAccessMask  : Uint4B UINT RetainAccess;    // +0x020 RetainAccess     : Uint4B POOL_TYPE PoolType;    // +0x024 PoolType         : _POOL_TYPE UINT DefaultPagedPoolCharge; // +0x028 DefaultPagedPoolCharge : Uint4B UINT DefaultNonPagedPoolCharge; // +0x02c DefaultNonPagedPoolCharge : Uint4B PVOID DumpProcedure;   // 0x030 DumpProcedure    : Ptr64     void LONG * OpenProcedure;   //  +0x038 OpenProcedure    : Ptr64     long  PVOID CloseProcedure;   //  +0x040 CloseProcedure   : Ptr64     void  PVOID DeleteProcedure;   // +0x048 DeleteProcedure  : Ptr64     void  LONG * ParseProcedure;   // +0x050 ParseProcedure   : Ptr64     long  LONG * SecurityProcedure;  // +0x058 SecurityProcedure : Ptr64     long  LONG * QueryNameProcedure;  // +0x060 QueryNameProcedure : Ptr64     long  UCHAR * OkayToCloseProcedure; // +0x068 OkayToCloseProcedure : Ptr64     unsigned}OBJECT_TYPE_INITIALIZER, *POBJECT_TYPE_INITIALIZER, **PPOBJECT_TYPE_INITIALIZER;