#ifndef _DRIVER_H
#define _DRIVER_H

typedef struct _POOL_HEADER {
    PVOID  addr;
    USHORT prevBlockSize;
    USHORT poolIndex;
    USHORT blockSize;
    USHORT poolType;
    ULONG  tag;
} POOL_HEADER, *PPOOL_HEADER;

struct _MI_SYSTEM_NODE_NONPAGED_POOL {
	char reserved[0x60];
	PVOID NonPagedPoolFirstVa;
	PVOID NonPagedPoolLastVa;
};

typedef struct _DBGKD_GET_VERSION64 {
  USHORT  MajorVersion;
  USHORT  MinorVersion;
  UCHAR   ProtocolVersion;
  UCHAR   KdSecondaryVersion;
  USHORT  Flags;
  USHORT  MachineType;
  UCHAR   MaxPacketType;
  UCHAR   MaxStateChange;
  UCHAR   MaxManipulate;
  UCHAR   Simulation;
  USHORT  Unused[1];
  ULONG64 KernBase;
  ULONG64 PsLoadedModuleList;
  ULONG64 DebuggerDataList;
} DBGKD_GET_VERSION64, *PDBGKD_GET_VERSION64;

typedef struct _DBGKD_DEBUG_DATA_HEADER64 {
    LIST_ENTRY64 List;
    ULONG OwnerTag;
    ULONG Size;
} DBGKD_DEBUG_DATA_HEADER64, *PDBGKD_DEBUG_DATA_HEADER64;

typedef struct _KDDEBUGGER_DATA64 {
    DBGKD_DEBUG_DATA_HEADER64 Header;
    ULONG64 KernBase;
    ULONG64 BreakpointWithStatus;
    ULONG64 SavedContext;
    USHORT ThCallbackStack;
    USHORT NextCallback;
    USHORT FramePointer;
    USHORT PaeEnabled:1;

    // https://web.archive.org/web/20061110120809/http://www.rootkit.com/newsread.php?newsid=153
    ULONG64 KiCallUserMode;
    ULONG64 KeUserCallbackDispatcher;
    ULONG64 PsLoadedModuleList;
    ULONG64 PsActiveProcessHead;
    ULONG64 PspCidTable;

    ULONG64 ExpSystemResourcesList;
    ULONG64 ExpPagedPoolDescriptor;
    ULONG64 ExpNumberOfPagedPools;

    ULONG64 KeTimeIncrement;
    ULONG64 KeBugCheckCallbackListHead;
    ULONG64 KiBugcheckData;

    ULONG64 IopErrorLogListHead;

    ULONG64 ObpRootDirectoryObject;
    ULONG64 ObpTypeObjectType;

    ULONG64 MmSystemCacheStart;
    ULONG64 MmSystemCacheEnd;
    ULONG64 MmSystemCacheWs;

    ULONG64 MmPfnDatabase;
    ULONG64 MmSystemPtesStart;
    ULONG64 MmSystemPtesEnd;
    ULONG64 MmSubsectionBase;
    ULONG64 MmNumberOfPagingFiles;

    ULONG64 MmLowestPhysicalPage;
    ULONG64 MmHighestPhysicalPage;
    ULONG64 MmNumberOfPhysicalPages;

    ULONG64 MmMaximumNonPagedPoolInBytes;
    ULONG64 MmNonPagedSystemStart;
    ULONG64 MmNonPagedPoolStart;
    ULONG64 MmNonPagedPoolEnd;

    ULONG64 MmPagedPoolStart;
    ULONG64 MmPagedPoolEnd;
    ULONG64 MmPagedPoolInformation;
    ULONG64 MmPageSize;

    ULONG64 MmSizeOfPagedPoolInBytes;

    ULONG64 MmTotalCommitLimit;
    ULONG64 MmTotalCommittedPages;
    ULONG64 MmSharedCommit;
    ULONG64 MmDriverCommit;
    ULONG64 MmProcessCommit;
    ULONG64 MmPagedPoolCommit;
    ULONG64 MmExtendedCommit;

    ULONG64 MmZeroedPageListHead;
    ULONG64 MmFreePageListHead;
    ULONG64 MmStandbyPageListHead;
    ULONG64 MmModifiedPageListHead;
    ULONG64 MmModifiedNoWritePageListHead;
    ULONG64 MmAvailablePages;
    ULONG64 MmResidentAvailablePages;

    ULONG64 PoolTrackTable;
    ULONG64 NonPagedPoolDescriptor;

    ULONG64 MmHighestUserAddress;
    ULONG64 MmSystemRangeStart;
    ULONG64 MmUserProbeAddress;

    ULONG64 KdPrintCircularBuffer;
    ULONG64 KdPrintCircularBufferEnd;
    ULONG64 KdPrintWritePointer;
    ULONG64 KdPrintRolloverCount;

    ULONG64 MmLoadedUserImageList;

    // NT 5.1 Addition

    ULONG64 NtBuildLab;
    ULONG64 KiNormalSystemCall;

    // NT 5.0 QFE addition

    ULONG64 KiProcessorBlock;
    ULONG64 MmUnloadedDrivers;
    ULONG64 MmLastUnloadedDriver;
    ULONG64 MmTriageActionTaken;
    ULONG64 MmSpecialPoolTag;
    ULONG64 KernelVerifier;
    ULONG64 MmVerifierData;
    ULONG64 MmAllocatedNonPagedPool;
    ULONG64 MmPeakCommitment;
    ULONG64 MmTotalCommitLimitMaximum;
    ULONG64 CmNtCSDVersion;

    // NT 5.1 Addition

    ULONG64 MmPhysicalMemoryBlock;
    ULONG64 MmSessionBase;
    ULONG64 MmSessionSize;
    ULONG64 MmSystemParentTablePage;

    // Server 2003 addition

    ULONG64 MmVirtualTranslationBase;

    USHORT OffsetKThreadNextProcessor;
    USHORT OffsetKThreadTeb;
    USHORT OffsetKThreadKernelStack;
    USHORT OffsetKThreadInitialStack;

    USHORT OffsetKThreadApcProcess;
    USHORT OffsetKThreadState;
    USHORT OffsetKThreadBStore;
    USHORT OffsetKThreadBStoreLimit;

    USHORT SizeEProcess;
    USHORT OffsetEprocessPeb;
    USHORT OffsetEprocessParentCID;
    USHORT OffsetEprocessDirectoryTableBase;

    USHORT SizePrcb;
    USHORT OffsetPrcbDpcRoutine;
    USHORT OffsetPrcbCurrentThread;
    USHORT OffsetPrcbMhz;

    USHORT OffsetPrcbCpuType;
    USHORT OffsetPrcbVendorString;
    USHORT OffsetPrcbProcStateContext;
    USHORT OffsetPrcbNumber;

    USHORT SizeEThread;

    ULONG64 KdPrintCircularBufferPtr;
    ULONG64 KdPrintBufferSize;

    ULONG64 KeLoaderBlock;

    USHORT SizePcr;
    USHORT OffsetPcrSelfPcr;
    USHORT OffsetPcrCurrentPrcb;
    USHORT OffsetPcrContainedPrcb;

    USHORT OffsetPcrInitialBStore;
    USHORT OffsetPcrBStoreLimit;
    USHORT OffsetPcrInitialStack;
    USHORT OffsetPcrStackLimit;

    USHORT OffsetPrcbPcrPage;
    USHORT OffsetPrcbProcStateSpecialReg;
    USHORT GdtR0Code;
    USHORT GdtR0Data;

    USHORT GdtR0Pcr;
    USHORT GdtR3Code;
    USHORT GdtR3Data;
    USHORT GdtR3Teb;

    USHORT GdtLdt;
    USHORT GdtTss;
    USHORT Gdt64R3CmCode;
    USHORT Gdt64R3CmTeb;

    ULONG64 IopNumTriageDumpDataBlocks;
    ULONG64 IopTriageDumpDataBlocks;

    // Longhorn addition

    ULONG64 VfCrashDataBlock;
} KDDEBUGGER_DATA64, *PKDDEBUGGER_DATA64;

PPOOL_HEADER
toPoolHeader(PPOOL_HEADER p, PVOID chunkAddr);

PPOOL_HEADER
tryNextChunk(PPOOL_HEADER p);

bool
validTag(PPOOL_HEADER p);

bool
checkValidPool(PPOOL_HEADER p);

VOID
printChunkInfo(PPOOL_HEADER p);

VOID
scan(PPOOL_HEADER p, ULONG64 nonPagedPoolStart, ULONG64 nonPagedPoolEnd);

#endif