Geoff Chappell, Software Analyst
The MMMOD_WRITER_MDL_ENTRY structure holds the state of the file I/O that the Memory Manager does with a paging file. The Memory Manager has zero, one or two of these per paging file, depending on the type of paging file.
As an internal structure, it varies between versions, and even a little between builds, but far less than do many others.
| Version | Size (x86) | Size (x64) |
|---|---|---|
| 3.51 to 5.1 | 0x58 | |
| 5.2 | 0x60 | 0xA8 |
| early 6.0 (before Windows Vista SP1); late 6.0 (Windows Vista SP1 and higher); 6.1 |
0x60 | 0xA0 |
| 6.2 to 6.3 | 0x68 | 0xA0 |
| 10.0 | 0xA0 | 0x0108 |
| Offset (x86) | Offset (x64) | Definition | Versions |
|---|---|---|---|
| 0x00 | 0x00 |
LIST_ENTRY Links; |
3.51 and higher |
| 0x08 (3.51 to 5.2) | 0x10 (5.2) |
LARGE_INTEGER WriteOffset; |
3.51 to 5.2 |
| 0x10 (3.51 to 5.2); 0x08 |
0x18 (5.2); 0x10 |
union {
IO_STATUS_BLOCK IoStatus;
LARGE_INTEGER LastByte;
} u;
|
3.51 to 5.2 |
union {
IO_STATUS_BLOCK IoStatus;
} u;
|
6.0 and higher | ||
| 0x18 (3.51 to 5.2); 0x10 |
0x28 (5.2); 0x20 |
IRP *Irp; |
3.51 and higher |
| 0x1C (3.51 to 5.2) | 0x30 (5.2) |
ULONG_PTR LastPageToWrite; |
3.51 to 5.2 |
| 0x20 (3.51 to 5.2) | 0x38 (5.2) |
MMMOD_WRITER_LISTHEAD *PagingListHead; |
3.51 to 5.2 |
| 0x24 (3.51 to 5.2) | 0x40 (5.2) |
LIST_ENTRY *CurrentList; |
3.51 to 5.2 |
| 0x14 | 0x28 |
union {
ULONG LastPageToWrite;
ULONG KeepForever;
} u1;
|
early 6.0 only |
union {
ULONG KeepForever;
} u1;
|
late 6.0 to 6.1 | ||
MODWRITER_FLAGS u1; |
6.2 and higher | ||
| 0x18 | 0x2C |
ULONG StoreWriteRefCount; |
10.0 and higher |
| 0x1C | 0x30 |
KAPC StoreWriteCompletionApc; |
10.0 and higher |
| 0x18 (6.2 to 6.3); 0x4C |
0x2C (6.2 to 6.3); 0x88 |
ULONG ByteCount; |
6.2 and higher |
| 0x50 | 0x8C |
ULONG ChargedPages; |
10.0 and higher |
| 0x28 (3.51 to 5.2); 0x18 (6.0 to 6.1); 0x1C (6.2 to 6.3); 0x54 |
0x48 (5.2); 0x30 (6.0 to 6.3); 0x90 |
MMPAGING_FILE *PagingFile; |
3.51 and higher |
| 0x2C (3.51 to 5.2); 0x1C (6.0 to 6.1); 0x20 (6.2 to 6.3); 0x58 |
0x50 (5.2); 0x38 (6.0 to 6.3); 0x98 |
FILE_OBJECT *File; |
3.51 and higher |
| 0x30 (3.51 to 5.2); 0x20 (6.0 to 6.1); 0x24 (6.2 to 6.3); 0x5C |
0x58 (5.2); 0x40 (6.0 to 6.3); 0xA0 |
CONTROL_AREA *ControlArea; |
3.51 and higher |
| 0x34 (3.51 to 5.2); 0x24 (6.0 to 6.1); 0x28 (6.2 to 6.3); 0x60 |
0x60 (5.2); 0x48 (6.0 to 6.3); 0xA8 |
ERESOURCE *FileResource; |
3.51 and higher |
| 0x28 (6.0 to 6.1); 0x30 (6.2 to 6.3); 0x68 |
0x50 (6.0 to 6.3); 0xB0 |
LARGE_INTEGER WriteOffset; |
6.0 and higher |
| 0x38 (5.2); 0x30 (6.0 to 6.1); 0x38 (6.2 to 6.3); 0x70 |
0x68 (5.2); 0x58 (6.0 to 6.3); 0xB8 |
LARGE_INTEGER IssueTime; |
5.2 and higher |
| 0x78 | 0xC0 |
MI_PARTITION *Partition; |
10.0 and higher |
| 0x38 (6.0 to 6.1); 0x40 (6.2 to 6.3); 0x7C |
0x60 (6.0 to 6.3); 0xC8 |
MDL *PointerMdl; |
6.0 and higher |
| 0x38 (3.51 to 5.1); 0x40 (5.2); 0x3C (6.0 to 6.1); 0x44 (6.2 to 6.3); 0x80 |
0x70 (5.2); 0x68 (6.0 to 6.3); 0xD0 |
struct {
MDL Mdl;
PFN_NUMBER Page [ANYSIZE_ARRAY];
};
|
3.51 and higher |
The first substantial change in the MMMOD_WRITER_MDL_ENTRY came when Windows Vista did away with the paging list. The reorganisation moved the LastPageToWrite into a union with a new member named KeepForever. The former seems not to have been needed after all, and was soon discarded from the union. The latter is anyway a boolean. Windows 8 formalised this by turning the union into bit fields.
| Mask | Definition | Versions |
|---|---|---|
| 0x00000001 |
ULONG KeepForever : 1; |
6.2 and higher |
| 0x00000002 |
ULONG Networked : 1; |
6.2 and higher |
| 0x0000001C |
ULONG IoPriority : 3; |
6.2 and higher |
| 0x00000020 |
ULONG ModifiedStoreWrite : 1; |
10.0 and higher |