projects / reactos.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
- Move more stuff to wdm.h
[reactos.git] / include / ndk / pstypes.h
1 /*++ NDK Version: 0098
2
3 Copyright (c) Alex Ionescu. All rights reserved.
4
5 Header Name:
6
7 pstypes.h
8
9 Abstract:
10
11 Type definitions for the Process Manager
12
13 Author:
14
15 Alex Ionescu (alexi@tinykrnl.org) - Updated - 27-Feb-2006
16
17 --*/
18
19 #ifndef _PSTYPES_H
20 #define _PSTYPES_H
21
22 //
23 // Dependencies
24 //
25 #include <umtypes.h>
26 #include <ldrtypes.h>
27 #include <mmtypes.h>
28 #include <obtypes.h>
29 #ifndef NTOS_MODE_USER
30 #include <extypes.h>
31 #include <setypes.h>
32 #endif
33
34 //
35 // KUSER_SHARED_DATA location in User Mode
36 //
37 #define USER_SHARED_DATA (0x7FFE0000)
38
39 //
40 // Global Flags
41 //
42 #define FLG_STOP_ON_EXCEPTION 0x00000001
43 #define FLG_SHOW_LDR_SNAPS 0x00000002
44 #define FLG_DEBUG_INITIAL_COMMAND 0x00000004
45 #define FLG_STOP_ON_HUNG_GUI 0x00000008
46 #define FLG_HEAP_ENABLE_TAIL_CHECK 0x00000010
47 #define FLG_HEAP_ENABLE_FREE_CHECK 0x00000020
48 #define FLG_HEAP_VALIDATE_PARAMETERS 0x00000040
49 #define FLG_HEAP_VALIDATE_ALL 0x00000080
50 #define FLG_POOL_ENABLE_TAIL_CHECK 0x00000100
51 #define FLG_POOL_ENABLE_FREE_CHECK 0x00000200
52 #define FLG_POOL_ENABLE_TAGGING 0x00000400
53 #define FLG_HEAP_ENABLE_TAGGING 0x00000800
54 #define FLG_USER_STACK_TRACE_DB 0x00001000
55 #define FLG_KERNEL_STACK_TRACE_DB 0x00002000
56 #define FLG_MAINTAIN_OBJECT_TYPELIST 0x00004000
57 #define FLG_HEAP_ENABLE_TAG_BY_DLL 0x00008000
58 #define FLG_IGNORE_DEBUG_PRIV 0x00010000
59 #define FLG_ENABLE_CSRDEBUG 0x00020000
60 #define FLG_ENABLE_KDEBUG_SYMBOL_LOAD 0x00040000
61 #define FLG_DISABLE_PAGE_KERNEL_STACKS 0x00080000
62 #define FLG_HEAP_ENABLE_CALL_TRACING 0x00100000
63 #define FLG_HEAP_DISABLE_COALESCING 0x00200000
64 #define FLG_ENABLE_CLOSE_EXCEPTIONS 0x00400000
65 #define FLG_ENABLE_EXCEPTION_LOGGING 0x00800000
66 #define FLG_ENABLE_HANDLE_TYPE_TAGGING 0x01000000
67 #define FLG_HEAP_PAGE_ALLOCS 0x02000000
68 #define FLG_DEBUG_INITIAL_COMMAND_EX 0x04000000
69 #define FLG_VALID_BITS 0x07FFFFFF
70
71 //
72 // Process priority classes
73 //
74 #define PROCESS_PRIORITY_CLASS_INVALID 0
75 #define PROCESS_PRIORITY_CLASS_IDLE 1
76 #define PROCESS_PRIORITY_CLASS_NORMAL 2
77 #define PROCESS_PRIORITY_CLASS_HIGH 3
78 #define PROCESS_PRIORITY_CLASS_REALTIME 4
79 #define PROCESS_PRIORITY_CLASS_BELOW_NORMAL 5
80 #define PROCESS_PRIORITY_CLASS_ABOVE_NORMAL 6
81
82 //
83 // NtCreateProcessEx flags
84 //
85 #define PS_REQUEST_BREAKAWAY 1
86 #define PS_NO_DEBUG_INHERIT 2
87 #define PS_INHERIT_HANDLES 4
88 #define PS_LARGE_PAGES 8
89 #define PS_ALL_FLAGS (PS_REQUEST_BREAKAWAY | \
90 PS_NO_DEBUG_INHERIT | \
91 PS_INHERIT_HANDLES | \
92 PS_LARGE_PAGES)
93
94 //
95 // Process base priorities
96 //
97 #define PROCESS_PRIORITY_IDLE 3
98 #define PROCESS_PRIORITY_NORMAL 8
99 #define PROCESS_PRIORITY_NORMAL_FOREGROUND 9
100
101 //
102 // Process memory priorities
103 //
104 #define MEMORY_PRIORITY_BACKGROUND 0
105 #define MEMORY_PRIORITY_UNKNOWN 1
106 #define MEMORY_PRIORITY_FOREGROUND 2
107
108 //
109 // Process Priority Separation Values (OR)
110 //
111 #define PSP_VARIABLE_QUANTUMS 4
112 #define PSP_LONG_QUANTUMS 16
113
114 #ifndef NTOS_MODE_USER
115
116 //
117 // Thread Access Types
118 //
119 #define THREAD_QUERY_INFORMATION 0x0040
120 #define THREAD_SET_THREAD_TOKEN 0x0080
121 #define THREAD_IMPERSONATE 0x0100
122 #define THREAD_DIRECT_IMPERSONATION 0x0200
123
124 //
125 // Process Access Types
126 //
127 #define PROCESS_TERMINATE 0x0001
128 #define PROCESS_CREATE_THREAD 0x0002
129 #define PROCESS_SET_SESSIONID 0x0004
130 #define PROCESS_VM_OPERATION 0x0008
131 #define PROCESS_VM_READ 0x0010
132 #define PROCESS_VM_WRITE 0x0020
133 #define PROCESS_CREATE_PROCESS 0x0080
134 #define PROCESS_SET_QUOTA 0x0100
135 #define PROCESS_SET_INFORMATION 0x0200
136 #define PROCESS_QUERY_INFORMATION 0x0400
137 #define PROCESS_SUSPEND_RESUME 0x0800
138 #define PROCESS_QUERY_LIMITED_INFORMATION 0x1000
139 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
140 #define PROCESS_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | \
141 SYNCHRONIZE | \
142 0xFFFF)
143 #else
144 #define PROCESS_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | \
145 SYNCHRONIZE | \
146 0xFFF)
147
148 //
149 // Thread Base Priorities
150 //
151 #define THREAD_BASE_PRIORITY_LOWRT 15
152 #define THREAD_BASE_PRIORITY_MAX 2
153 #define THREAD_BASE_PRIORITY_MIN -2
154 #define THREAD_BASE_PRIORITY_IDLE -15
155
156 //
157 // TLS Slots
158 //
159 #define TLS_MINIMUM_AVAILABLE 64
160 #endif
161
162 //
163 // Job Access Types
164 //
165 #define JOB_OBJECT_ASSIGN_PROCESS 0x1
166 #define JOB_OBJECT_SET_ATTRIBUTES 0x2
167 #define JOB_OBJECT_QUERY 0x4
168 #define JOB_OBJECT_TERMINATE 0x8
169 #define JOB_OBJECT_SET_SECURITY_ATTRIBUTES 0x10
170 #define JOB_OBJECT_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | \
171 SYNCHRONIZE | \
172 31)
173
174 //
175 // Job Limit Flags
176 //
177 #define JOB_OBJECT_LIMIT_WORKINGSET 0x1
178 #define JOB_OBJECT_LIMIT_PROCESS_TIME 0x2
179 #define JOB_OBJECT_LIMIT_JOB_TIME 0x4
180 #define JOB_OBJECT_LIMIT_ACTIVE_PROCESS 0x8
181 #define JOB_OBJECT_LIMIT_AFFINITY 0x10
182 #define JOB_OBJECT_LIMIT_PRIORITY_CLASS 0x20
183 #define JOB_OBJECT_LIMIT_PRESERVE_JOB_TIME 0x40
184 #define JOB_OBJECT_LIMIT_SCHEDULING_CLASS 0x80
185 #define JOB_OBJECT_LIMIT_PROCESS_MEMORY 0x100
186 #define JOB_OBJECT_LIMIT_JOB_MEMORY 0x200
187 #define JOB_OBJECT_LIMIT_DIE_ON_UNHANDLED_EXCEPTION 0x400
188 #define JOB_OBJECT_LIMIT_BREAKAWAY_OK 0x800
189 #define JOB_OBJECT_LIMIT_SILENT_BREAKAWAY_OK 0x1000
190 #define JOB_OBJECT_LIMIT_KILL_ON_JOB_CLOSE 0x2000
191
192
193 //
194 // Cross Thread Flags
195 //
196 #define CT_TERMINATED_BIT 0x1
197 #define CT_DEAD_THREAD_BIT 0x2
198 #define CT_HIDE_FROM_DEBUGGER_BIT 0x4
199 #define CT_ACTIVE_IMPERSONATION_INFO_BIT 0x8
200 #define CT_SYSTEM_THREAD_BIT 0x10
201 #define CT_HARD_ERRORS_ARE_DISABLED_BIT 0x20
202 #define CT_BREAK_ON_TERMINATION_BIT 0x40
203 #define CT_SKIP_CREATION_MSG_BIT 0x80
204 #define CT_SKIP_TERMINATION_MSG_BIT 0x100
205
206 //
207 // Same Thread Passive Flags
208 //
209 #define STP_ACTIVE_EX_WORKER_BIT 0x1
210 #define STP_EX_WORKER_CAN_WAIT_USER_BIT 0x2
211 #define STP_MEMORY_MAKER_BIT 0x4
212 #define STP_KEYED_EVENT_IN_USE_BIT 0x8
213
214 //
215 // Same Thread APC Flags
216 //
217 #define STA_LPC_RECEIVED_MSG_ID_VALID_BIT 0x1
218 #define STA_LPC_EXIT_THREAD_CALLED_BIT 0x2
219 #define STA_ADDRESS_SPACE_OWNER_BIT 0x4
220 #define STA_OWNS_WORKING_SET_BITS 0x1F8
221 #endif
222
223 #define TLS_EXPANSION_SLOTS 1024
224 //
225 // Process Flags
226 //
227 #define PSF_CREATE_REPORTED_BIT 0x1
228 #define PSF_NO_DEBUG_INHERIT_BIT 0x2
229 #define PSF_PROCESS_EXITING_BIT 0x4
230 #define PSF_PROCESS_DELETE_BIT 0x8
231 #define PSF_WOW64_SPLIT_PAGES_BIT 0x10
232 #define PSF_VM_DELETED_BIT 0x20
233 #define PSF_OUTSWAP_ENABLED_BIT 0x40
234 #define PSF_OUTSWAPPED_BIT 0x80
235 #define PSF_FORK_FAILED_BIT 0x100
236 #define PSF_WOW64_VA_SPACE_4GB_BIT 0x200
237 #define PSF_ADDRESS_SPACE_INITIALIZED_BIT 0x400
238 #define PSF_SET_TIMER_RESOLUTION_BIT 0x1000
239 #define PSF_BREAK_ON_TERMINATION_BIT 0x2000
240 #define PSF_SESSION_CREATION_UNDERWAY_BIT 0x4000
241 #define PSF_WRITE_WATCH_BIT 0x8000
242 #define PSF_PROCESS_IN_SESSION_BIT 0x10000
243 #define PSF_OVERRIDE_ADDRESS_SPACE_BIT 0x20000
244 #define PSF_HAS_ADDRESS_SPACE_BIT 0x40000
245 #define PSF_LAUNCH_PREFETCHED_BIT 0x80000
246 #define PSF_INJECT_INPAGE_ERRORS_BIT 0x100000
247 #define PSF_VM_TOP_DOWN_BIT 0x200000
248 #define PSF_IMAGE_NOTIFY_DONE_BIT 0x400000
249 #define PSF_PDE_UPDATE_NEEDED_BIT 0x800000
250 #define PSF_VDM_ALLOWED_BIT 0x1000000
251 #define PSF_SWAP_ALLOWED_BIT 0x2000000
252 #define PSF_CREATE_FAILED_BIT 0x4000000
253 #define PSF_DEFAULT_IO_PRIORITY_BIT 0x8000000
254
255 //
256 // Vista Process Flags
257 //
258 #define PSF2_PROTECTED_BIT 0x800
259
260 #ifdef NTOS_MODE_USER
261 //
262 // Current Process/Thread built-in 'special' handles
263 //
264 #define NtCurrentProcess() ((HANDLE)(LONG_PTR)-1)
265 #define ZwCurrentProcess() NtCurrentProcess()
266 #define NtCurrentThread() ((HANDLE)(LONG_PTR)-2)
267 #define ZwCurrentThread() NtCurrentThread()
268
269 //
270 // Process/Thread/Job Information Classes for NtQueryInformationProcess/Thread/Job
271 //
272 typedef enum _PROCESSINFOCLASS
273 {
274 ProcessBasicInformation,
275 ProcessQuotaLimits,
276 ProcessIoCounters,
277 ProcessVmCounters,
278 ProcessTimes,
279 ProcessBasePriority,
280 ProcessRaisePriority,
281 ProcessDebugPort,
282 ProcessExceptionPort,
283 ProcessAccessToken,
284 ProcessLdtInformation,
285 ProcessLdtSize,
286 ProcessDefaultHardErrorMode,
287 ProcessIoPortHandlers,
288 ProcessPooledUsageAndLimits,
289 ProcessWorkingSetWatch,
290 ProcessUserModeIOPL,
291 ProcessEnableAlignmentFaultFixup,
292 ProcessPriorityClass,
293 ProcessWx86Information,
294 ProcessHandleCount,
295 ProcessAffinityMask,
296 ProcessPriorityBoost,
297 ProcessDeviceMap,
298 ProcessSessionInformation,
299 ProcessForegroundInformation,
300 ProcessWow64Information,
301 ProcessImageFileName,
302 ProcessLUIDDeviceMapsEnabled,
303 ProcessBreakOnTermination,
304 ProcessDebugObjectHandle,
305 ProcessDebugFlags,
306 ProcessHandleTracing,
307 ProcessIoPriority,
308 ProcessExecuteFlags,
309 ProcessTlsInformation,
310 ProcessCookie,
311 ProcessImageInformation,
312 ProcessCycleTime,
313 ProcessPagePriority,
314 ProcessInstrumentationCallback,
315 ProcessThreadStackAllocation,
316 ProcessWorkingSetWatchEx,
317 ProcessImageFileNameWin32,
318 ProcessImageFileMapping,
319 ProcessAffinityUpdateMode,
320 ProcessMemoryAllocationMode,
321 MaxProcessInfoClass
322 } PROCESSINFOCLASS;
323
324 typedef enum _THREADINFOCLASS
325 {
326 ThreadBasicInformation,
327 ThreadTimes,
328 ThreadPriority,
329 ThreadBasePriority,
330 ThreadAffinityMask,
331 ThreadImpersonationToken,
332 ThreadDescriptorTableEntry,
333 ThreadEnableAlignmentFaultFixup,
334 ThreadEventPair_Reusable,
335 ThreadQuerySetWin32StartAddress,
336 ThreadZeroTlsCell,
337 ThreadPerformanceCount,
338 ThreadAmILastThread,
339 ThreadIdealProcessor,
340 ThreadPriorityBoost,
341 ThreadSetTlsArrayAddress,
342 ThreadIsIoPending,
343 ThreadHideFromDebugger,
344 ThreadBreakOnTermination,
345 ThreadSwitchLegacyState,
346 ThreadIsTerminated,
347 ThreadLastSystemCall,
348 ThreadIoPriority,
349 ThreadCycleTime,
350 ThreadPagePriority,
351 ThreadActualBasePriority,
352 ThreadTebInformation,
353 ThreadCSwitchMon,
354 MaxThreadInfoClass
355 } THREADINFOCLASS;
356
357 #else
358
359 typedef enum _PSPROCESSPRIORITYMODE
360 {
361 PsProcessPriorityForeground,
362 PsProcessPriorityBackground,
363 PsProcessPrioritySpinning
364 } PSPROCESSPRIORITYMODE;
365
366 typedef enum _JOBOBJECTINFOCLASS
367 {
368 JobObjectBasicAccountingInformation = 1,
369 JobObjectBasicLimitInformation,
370 JobObjectBasicProcessIdList,
371 JobObjectBasicUIRestrictions,
372 JobObjectSecurityLimitInformation,
373 JobObjectEndOfJobTimeInformation,
374 JobObjectAssociateCompletionPortInformation,
375 JobObjectBasicAndIoAccountingInformation,
376 JobObjectExtendedLimitInformation,
377 JobObjectJobSetInformation,
378 MaxJobObjectInfoClass
379 } JOBOBJECTINFOCLASS;
380
381 //
382 // Power Event Events for Win32K Power Event Callback
383 //
384 typedef enum _PSPOWEREVENTTYPE
385 {
386 PsW32FullWake = 0,
387 PsW32EventCode = 1,
388 PsW32PowerPolicyChanged = 2,
389 PsW32SystemPowerState = 3,
390 PsW32SystemTime = 4,
391 PsW32DisplayState = 5,
392 PsW32CapabilitiesChanged = 6,
393 PsW32SetStateFailed = 7,
394 PsW32GdiOff = 8,
395 PsW32GdiOn = 9,
396 PsW32GdiPrepareResumeUI = 10,
397 PsW32GdiOffRequest = 11,
398 PsW32MonitorOff = 12,
399 } PSPOWEREVENTTYPE;
400
401 //
402 // Power State Tasks for Win32K Power State Callback
403 //
404 typedef enum _POWERSTATETASK
405 {
406 PowerState_BlockSessionSwitch = 0,
407 PowerState_Init = 1,
408 PowerState_QueryApps = 2,
409 PowerState_QueryServices = 3,
410 PowerState_QueryAppsFailed = 4,
411 PowerState_QueryServicesFailed = 5,
412 PowerState_SuspendApps = 6,
413 PowerState_SuspendServices = 7,
414 PowerState_ShowUI = 8,
415 PowerState_NotifyWL = 9,
416 PowerState_ResumeApps = 10,
417 PowerState_ResumeServices = 11,
418 PowerState_UnBlockSessionSwitch = 12,
419 PowerState_End = 13,
420 PowerState_BlockInput = 14,
421 PowerState_UnblockInput = 15,
422 } POWERSTATETASK;
423
424 //
425 // Win32K Job Callback Types
426 //
427 typedef enum _PSW32JOBCALLOUTTYPE
428 {
429 PsW32JobCalloutSetInformation = 0,
430 PsW32JobCalloutAddProcess = 1,
431 PsW32JobCalloutTerminate = 2,
432 } PSW32JOBCALLOUTTYPE;
433
434 //
435 // Win32K Thread Callback Types
436 //
437 typedef enum _PSW32THREADCALLOUTTYPE
438 {
439 PsW32ThreadCalloutInitialize,
440 PsW32ThreadCalloutExit,
441 } PSW32THREADCALLOUTTYPE;
442
443 //
444 // Declare empty structure definitions so that they may be referenced by
445 // routines before they are defined
446 //
447 struct _W32THREAD;
448 struct _W32PROCESS;
449 //struct _ETHREAD;
450 struct _WIN32_POWEREVENT_PARAMETERS;
451 struct _WIN32_POWERSTATE_PARAMETERS;
452 struct _WIN32_JOBCALLOUT_PARAMETERS;
453 struct _WIN32_OPENMETHOD_PARAMETERS;
454 struct _WIN32_OKAYTOCLOSEMETHOD_PARAMETERS;
455 struct _WIN32_CLOSEMETHOD_PARAMETERS;
456 struct _WIN32_DELETEMETHOD_PARAMETERS;
457 struct _WIN32_PARSEMETHOD_PARAMETERS;
458
459 //
460 // Win32K Process and Thread Callbacks
461 //
462 typedef
463 NTSTATUS
464 (NTAPI *PKWIN32_PROCESS_CALLOUT)(
465 struct _EPROCESS *Process,
466 BOOLEAN Create
467 );
468
469 typedef
470 NTSTATUS
471 (NTAPI *PKWIN32_THREAD_CALLOUT)(
472 struct _ETHREAD *Thread,
473 PSW32THREADCALLOUTTYPE Type
474 );
475
476 typedef
477 NTSTATUS
478 (NTAPI *PKWIN32_GLOBALATOMTABLE_CALLOUT)(
479 VOID
480 );
481
482 typedef
483 NTSTATUS
484 (NTAPI *PKWIN32_POWEREVENT_CALLOUT)(
485 struct _WIN32_POWEREVENT_PARAMETERS *Parameters
486 );
487
488 typedef
489 NTSTATUS
490 (NTAPI *PKWIN32_POWERSTATE_CALLOUT)(
491 struct _WIN32_POWERSTATE_PARAMETERS *Parameters
492 );
493
494 typedef
495 NTSTATUS
496 (NTAPI *PKWIN32_JOB_CALLOUT)(
497 struct _WIN32_JOBCALLOUT_PARAMETERS *Parameters
498 );
499
500 typedef
501 NTSTATUS
502 (NTAPI *PGDI_BATCHFLUSH_ROUTINE)(
503 VOID
504 );
505
506 typedef
507 NTSTATUS
508 (NTAPI *PKWIN32_OPENMETHOD_CALLOUT)(
509 struct _WIN32_OPENMETHOD_PARAMETERS *Parameters
510 );
511
512 typedef
513 NTSTATUS
514 (NTAPI *PKWIN32_OKTOCLOSEMETHOD_CALLOUT)(
515 struct _WIN32_OKAYTOCLOSEMETHOD_PARAMETERS *Parameters
516 );
517
518 typedef
519 NTSTATUS
520 (NTAPI *PKWIN32_CLOSEMETHOD_CALLOUT)(
521 struct _WIN32_CLOSEMETHOD_PARAMETERS *Parameters
522 );
523
524 typedef
525 VOID
526 (NTAPI *PKWIN32_DELETEMETHOD_CALLOUT)(
527 struct _WIN32_DELETEMETHOD_PARAMETERS *Parameters
528 );
529
530 typedef
531 NTSTATUS
532 (NTAPI *PKWIN32_PARSEMETHOD_CALLOUT)(
533 struct _WIN32_PARSEMETHOD_PARAMETERS *Parameters
534 );
535
536 typedef
537 NTSTATUS
538 (NTAPI *PKWIN32_WIN32DATACOLLECTION_CALLOUT)(
539 struct _EPROCESS *Process,
540 PVOID Callback,
541 PVOID Context
542 );
543
544 //
545 // Lego Callback
546 //
547 typedef
548 VOID
549 (NTAPI *PLEGO_NOTIFY_ROUTINE)(
550 IN PKTHREAD Thread
551 );
552
553 #endif
554
555 typedef NTSTATUS
556 (NTAPI *PPOST_PROCESS_INIT_ROUTINE)(
557 VOID
558 );
559
560 //
561 // Descriptor Table Entry Definition
562 //
563 #if (_M_IX86)
564 #define _DESCRIPTOR_TABLE_ENTRY_DEFINED
565 typedef struct _DESCRIPTOR_TABLE_ENTRY
566 {
567 ULONG Selector;
568 LDT_ENTRY Descriptor;
569 } DESCRIPTOR_TABLE_ENTRY, *PDESCRIPTOR_TABLE_ENTRY;
570 #endif
571
572 //
573 // PEB Lock Routine
574 //
575 typedef VOID
576 (NTAPI *PPEBLOCKROUTINE)(
577 PVOID PebLock
578 );
579
580 //
581 // PEB Free Block Descriptor
582 //
583 typedef struct _PEB_FREE_BLOCK
584 {
585 struct _PEB_FREE_BLOCK* Next;
586 ULONG Size;
587 } PEB_FREE_BLOCK, *PPEB_FREE_BLOCK;
588
589 //
590 // Initial PEB
591 //
592 typedef struct _INITIAL_PEB
593 {
594 BOOLEAN InheritedAddressSpace;
595 BOOLEAN ReadImageFileExecOptions;
596 BOOLEAN BeingDebugged;
597 union
598 {
599 BOOLEAN BitField;
600 #if (NTDDI_VERSION >= NTDDI_WS03)
601 struct
602 {
603 BOOLEAN ImageUsesLargePages:1;
604 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
605 BOOLEAN IsProtectedProcess:1;
606 BOOLEAN IsLegacyProcess:1;
607 BOOLEAN SpareBits:5;
608 #else
609 BOOLEAN SpareBits:7;
610 #endif
611 };
612 #else
613 BOOLEAN SpareBool;
614 #endif
615 };
616 HANDLE Mutant;
617 } INITIAL_PEB, *PINITIAL_PEB;
618
619 //
620 // Process Environment Block (PEB)
621 //
622 typedef struct _PEB
623 {
624 BOOLEAN InheritedAddressSpace;
625 BOOLEAN ReadImageFileExecOptions;
626 BOOLEAN BeingDebugged;
627 #if (NTDDI_VERSION >= NTDDI_WS03)
628 struct
629 {
630 BOOLEAN ImageUsesLargePages:1;
631 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
632 BOOLEAN IsProtectedProcess:1;
633 BOOLEAN IsLegacyProcess:1;
634 BOOLEAN SpareBits:5;
635 #else
636 BOOLEAN SpareBits:7;
637 #endif
638 };
639 #else
640 BOOLEAN SpareBool;
641 #endif
642 HANDLE Mutant;
643 PVOID ImageBaseAddress;
644 PPEB_LDR_DATA Ldr;
645 struct _RTL_USER_PROCESS_PARAMETERS *ProcessParameters;
646 PVOID SubSystemData;
647 PVOID ProcessHeap;
648 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
649 struct _RTL_CRITICAL_SECTION *FastPebLock;
650 PVOID AltThunkSListPtr;
651 PVOID IFEOKey;
652 ULONG Spare;
653 union
654 {
655 PVOID* KernelCallbackTable;
656 PVOID UserSharedInfoPtr;
657 };
658 ULONG SystemReserved[1];
659 ULONG SpareUlong;
660 #else
661 PVOID FastPebLock;
662 PPEBLOCKROUTINE FastPebLockRoutine;
663 PPEBLOCKROUTINE FastPebUnlockRoutine;
664 ULONG EnvironmentUpdateCount;
665 PVOID* KernelCallbackTable;
666 PVOID EventLogSection;
667 PVOID EventLog;
668 #endif
669 PPEB_FREE_BLOCK FreeList;
670 ULONG TlsExpansionCounter;
671 PVOID TlsBitmap;
672 ULONG TlsBitmapBits[0x2];
673 PVOID ReadOnlySharedMemoryBase;
674 PVOID ReadOnlySharedMemoryHeap;
675 PVOID* ReadOnlyStaticServerData;
676 PVOID AnsiCodePageData;
677 PVOID OemCodePageData;
678 PVOID UnicodeCaseTableData;
679 ULONG NumberOfProcessors;
680 ULONG NtGlobalFlag;
681 LARGE_INTEGER CriticalSectionTimeout;
682 ULONG HeapSegmentReserve;
683 ULONG HeapSegmentCommit;
684 ULONG HeapDeCommitTotalFreeThreshold;
685 ULONG HeapDeCommitFreeBlockThreshold;
686 ULONG NumberOfHeaps;
687 ULONG MaximumNumberOfHeaps;
688 PVOID* ProcessHeaps;
689 PVOID GdiSharedHandleTable;
690 PVOID ProcessStarterHelper;
691 ULONG GdiDCAttributeList;
692 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
693 struct _RTL_CRITICAL_SECTION *LoaderLock;
694 #else
695 PVOID LoaderLock;
696 #endif
697 ULONG OSMajorVersion;
698 ULONG OSMinorVersion;
699 USHORT OSBuildNumber;
700 USHORT OSCSDVersion;
701 ULONG OSPlatformId;
702 ULONG ImageSubSystem;
703 ULONG ImageSubSystemMajorVersion;
704 ULONG ImageSubSystemMinorVersion;
705 ULONG ImageProcessAffinityMask;
706 ULONG GdiHandleBuffer[0x22];
707 PPOST_PROCESS_INIT_ROUTINE PostProcessInitRoutine;
708 struct _RTL_BITMAP *TlsExpansionBitmap;
709 ULONG TlsExpansionBitmapBits[0x20];
710 ULONG SessionId;
711 #if (NTDDI_VERSION >= NTDDI_WINXP)
712 ULARGE_INTEGER AppCompatFlags;
713 ULARGE_INTEGER AppCompatFlagsUser;
714 PVOID pShimData;
715 PVOID AppCompatInfo;
716 UNICODE_STRING CSDVersion;
717 struct _ACTIVATION_CONTEXT_DATA *ActivationContextData;
718 struct _ASSEMBLY_STORAGE_MAP *ProcessAssemblyStorageMap;
719 struct _ACTIVATION_CONTEXT_DATA *SystemDefaultActivationContextData;
720 struct _ASSEMBLY_STORAGE_MAP *SystemAssemblyStorageMap;
721 ULONG MinimumStackCommit;
722 #endif
723 #if (NTDDI_VERSION >= NTDDI_WS03)
724 PVOID *FlsCallback;
725 LIST_ENTRY FlsListHead;
726 struct _RTL_BITMAP *FlsBitmap;
727 ULONG FlsBitmapBits[4];
728 ULONG FlsHighIndex;
729 #endif
730 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
731 PVOID WerRegistrationData;
732 PVOID WerShipAssertPtr;
733 #endif
734 } PEB, *PPEB;
735
736 //
737 // GDI Batch Descriptor
738 //
739 typedef struct _GDI_TEB_BATCH
740 {
741 ULONG Offset;
742 HANDLE HDC;
743 ULONG Buffer[0x136];
744 } GDI_TEB_BATCH, *PGDI_TEB_BATCH;
745
746 //
747 // Initial TEB
748 //
749 typedef struct _INITIAL_TEB
750 {
751 PVOID PreviousStackBase;
752 PVOID PreviousStackLimit;
753 PVOID StackBase;
754 PVOID StackLimit;
755 PVOID AllocatedStackBase;
756 } INITIAL_TEB, *PINITIAL_TEB;
757
758 //
759 // TEB Active Frame Structures
760 //
761 typedef struct _TEB_ACTIVE_FRAME_CONTEXT
762 {
763 ULONG Flags;
764 LPSTR FrameName;
765 } TEB_ACTIVE_FRAME_CONTEXT, *PTEB_ACTIVE_FRAME_CONTEXT;
766
767 typedef struct _TEB_ACTIVE_FRAME
768 {
769 ULONG Flags;
770 struct _TEB_ACTIVE_FRAME *Previous;
771 PTEB_ACTIVE_FRAME_CONTEXT Context;
772 } TEB_ACTIVE_FRAME, *PTEB_ACTIVE_FRAME;
773
774 //
775 // Thread Environment Block (TEB)
776 //
777 typedef struct _TEB
778 {
779 NT_TIB Tib;
780 PVOID EnvironmentPointer;
781 CLIENT_ID ClientId;
782 PVOID ActiveRpcHandle;
783 PVOID ThreadLocalStoragePointer;
784 struct _PEB *ProcessEnvironmentBlock;
785 ULONG LastErrorValue;
786 ULONG CountOfOwnedCriticalSections;
787 PVOID CsrClientThread;
788 struct _W32THREAD* Win32ThreadInfo;
789 ULONG User32Reserved[0x1A];
790 ULONG UserReserved[5];
791 PVOID WOW32Reserved;
792 LCID CurrentLocale;
793 ULONG FpSoftwareStatusRegister;
794 PVOID SystemReserved1[0x36];
795 LONG ExceptionCode;
796 struct _ACTIVATION_CONTEXT_STACK *ActivationContextStackPointer;
797 #ifdef _WIN64
798 UCHAR SpareBytes1[24];
799 #else
800 UCHAR SpareBytes1[0x24];
801 #endif
802 ULONG TxFsContext;
803 GDI_TEB_BATCH GdiTebBatch;
804 CLIENT_ID RealClientId;
805 PVOID GdiCachedProcessHandle;
806 ULONG GdiClientPID;
807 ULONG GdiClientTID;
808 PVOID GdiThreadLocalInfo;
809 SIZE_T Win32ClientInfo[62];
810 PVOID glDispatchTable[0xE9];
811 SIZE_T glReserved1[0x1D];
812 PVOID glReserved2;
813 PVOID glSectionInfo;
814 PVOID glSection;
815 PVOID glTable;
816 PVOID glCurrentRC;
817 PVOID glContext;
818 NTSTATUS LastStatusValue;
819 UNICODE_STRING StaticUnicodeString;
820 WCHAR StaticUnicodeBuffer[0x105];
821 PVOID DeallocationStack;
822 PVOID TlsSlots[0x40];
823 LIST_ENTRY TlsLinks;
824 PVOID Vdm;
825 PVOID ReservedForNtRpc;
826 PVOID DbgSsReserved[0x2];
827 ULONG HardErrorDisabled;
828 #ifdef _WIN64
829 PVOID Instrumentation[11];
830 #else
831 PVOID Instrumentation[9];
832 #endif
833 GUID ActivityId;
834 PVOID SubProcessTag;
835 PVOID EtwTraceData;
836 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
837 PVOID EtwLocalData;
838 #endif
839 PVOID WinSockData;
840 ULONG GdiBatchCount;
841 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
842 BOOLEAN SpareBool0;
843 BOOLEAN SpareBool1;
844 BOOLEAN SpareBool2;
845 #else
846 BOOLEAN InDbgPrint;
847 BOOLEAN FreeStackOnTermination;
848 BOOLEAN HasFiberData;
849 #endif
850 UCHAR IdealProcessor;
851 ULONG GuaranteedStackBytes;
852 PVOID ReservedForPerf;
853 PVOID ReservedForOle;
854 ULONG WaitingOnLoaderLock;
855 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
856 PVOID SavedPriorityState;
857 #else
858 ULONG SparePointer1;
859 #endif
860 ULONG SoftPatchPtr1;
861 ULONG SoftPatchPtr2;
862 PVOID *TlsExpansionSlots;
863 ULONG ImpersonationLocale;
864 ULONG IsImpersonating;
865 PVOID NlsCache;
866 PVOID pShimData;
867 ULONG HeapVirualAffinity;
868 PVOID CurrentTransactionHandle;
869 PTEB_ACTIVE_FRAME ActiveFrame;
870 #if (NTDDI_VERSION >= NTDDI_WS03)
871 PVOID FlsData;
872 #endif
873 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
874 PVOID PreferredLangauges;
875 PVOID UserPrefLanguages;
876 PVOID MergedPrefLanguages;
877 ULONG MuiImpersonation;
878 union
879 {
880 struct
881 {
882 USHORT SpareCrossTebFlags:16;
883 };
884 USHORT CrossTebFlags;
885 };
886 union
887 {
888 struct
889 {
890 USHORT DbgSafeThunkCall:1;
891 USHORT DbgInDebugPrint:1;
892 USHORT DbgHasFiberData:1;
893 USHORT DbgSkipThreadAttach:1;
894 USHORT DbgWerInShipAssertCode:1;
895 USHORT DbgIssuedInitialBp:1;
896 USHORT DbgClonedThread:1;
897 USHORT SpareSameTebBits:9;
898 };
899 USHORT SameTebFlags;
900 };
901 PVOID TxnScopeEntercallback;
902 PVOID TxnScopeExitCAllback;
903 PVOID TxnScopeContext;
904 ULONG LockCount;
905 ULONG ProcessRundown;
906 ULONGLONG LastSwitchTime;
907 ULONGLONG TotalSwitchOutTime;
908 LARGE_INTEGER WaitReasonBitMap;
909 #else
910 UCHAR SafeThunkCall;
911 UCHAR BooleanSpare[3];
912 #endif
913 } TEB, *PTEB;
914
915 #ifdef NTOS_MODE_USER
916
917 //
918 // Process Information Structures for NtQueryProcessInformation
919 //
920 typedef struct _PROCESS_BASIC_INFORMATION
921 {
922 NTSTATUS ExitStatus;
923 PPEB PebBaseAddress;
924 ULONG_PTR AffinityMask;
925 KPRIORITY BasePriority;
926 ULONG_PTR UniqueProcessId;
927 ULONG_PTR InheritedFromUniqueProcessId;
928 } PROCESS_BASIC_INFORMATION,*PPROCESS_BASIC_INFORMATION;
929
930 typedef struct _PROCESS_ACCESS_TOKEN
931 {
932 HANDLE Token;
933 HANDLE Thread;
934 } PROCESS_ACCESS_TOKEN, *PPROCESS_ACCESS_TOKEN;
935
936 typedef struct _PROCESS_DEVICEMAP_INFORMATION
937 {
938 union
939 {
940 struct
941 {
942 HANDLE DirectoryHandle;
943 } Set;
944 struct
945 {
946 ULONG DriveMap;
947 UCHAR DriveType[32];
948 } Query;
949 };
950 } PROCESS_DEVICEMAP_INFORMATION, *PPROCESS_DEVICEMAP_INFORMATION;
951
952 typedef struct _KERNEL_USER_TIMES
953 {
954 LARGE_INTEGER CreateTime;
955 LARGE_INTEGER ExitTime;
956 LARGE_INTEGER KernelTime;
957 LARGE_INTEGER UserTime;
958 } KERNEL_USER_TIMES, *PKERNEL_USER_TIMES;
959
960 typedef struct _PROCESS_SESSION_INFORMATION
961 {
962 ULONG SessionId;
963 } PROCESS_SESSION_INFORMATION, *PPROCESS_SESSION_INFORMATION;
964
965 #endif
966
967 typedef struct _PROCESS_PRIORITY_CLASS
968 {
969 BOOLEAN Foreground;
970 UCHAR PriorityClass;
971 } PROCESS_PRIORITY_CLASS, *PPROCESS_PRIORITY_CLASS;
972
973 //
974 // Thread Information Structures for NtQueryProcessInformation
975 //
976 typedef struct _THREAD_BASIC_INFORMATION
977 {
978 NTSTATUS ExitStatus;
979 PVOID TebBaseAddress;
980 CLIENT_ID ClientId;
981 KAFFINITY AffinityMask;
982 KPRIORITY Priority;
983 KPRIORITY BasePriority;
984 } THREAD_BASIC_INFORMATION, *PTHREAD_BASIC_INFORMATION;
985
986 #ifndef NTOS_MODE_USER
987
988 //
989 // Job Set Array
990 //
991 typedef struct _JOB_SET_ARRAY
992 {
993 HANDLE JobHandle;
994 ULONG MemberLevel;
995 ULONG Flags;
996 } JOB_SET_ARRAY, *PJOB_SET_ARRAY;
997
998 //
999 // EPROCESS Quota Structures
1000 //
1001 typedef struct _EPROCESS_QUOTA_ENTRY
1002 {
1003 SIZE_T Usage;
1004 SIZE_T Limit;
1005 SIZE_T Peak;
1006 SIZE_T Return;
1007 } EPROCESS_QUOTA_ENTRY, *PEPROCESS_QUOTA_ENTRY;
1008
1009 typedef struct _EPROCESS_QUOTA_BLOCK
1010 {
1011 EPROCESS_QUOTA_ENTRY QuotaEntry[3];
1012 LIST_ENTRY QuotaList;
1013 ULONG ReferenceCount;
1014 ULONG ProcessCount;
1015 } EPROCESS_QUOTA_BLOCK, *PEPROCESS_QUOTA_BLOCK;
1016
1017 //
1018 // Process Pagefault History
1019 //
1020 typedef struct _PAGEFAULT_HISTORY
1021 {
1022 ULONG CurrentIndex;
1023 ULONG MapIndex;
1024 KSPIN_LOCK SpinLock;
1025 PVOID Reserved;
1026 PROCESS_WS_WATCH_INFORMATION WatchInfo[1];
1027 } PAGEFAULT_HISTORY, *PPAGEFAULT_HISTORY;
1028
1029 //
1030 // Process Impersonation Information
1031 //
1032 typedef struct _PS_IMPERSONATION_INFORMATION
1033 {
1034 PACCESS_TOKEN Token;
1035 BOOLEAN CopyOnOpen;
1036 BOOLEAN EffectiveOnly;
1037 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
1038 } PS_IMPERSONATION_INFORMATION, *PPS_IMPERSONATION_INFORMATION;
1039
1040 //
1041 // Process Termination Port
1042 //
1043 typedef struct _TERMINATION_PORT
1044 {
1045 struct _TERMINATION_PORT *Next;
1046 PVOID Port;
1047 } TERMINATION_PORT, *PTERMINATION_PORT;
1048
1049 //
1050 // Per-Process APC Rate Limiting
1051 //
1052 typedef struct _PSP_RATE_APC
1053 {
1054 union
1055 {
1056 SINGLE_LIST_ENTRY NextApc;
1057 ULONGLONG ExcessCycles;
1058 };
1059 ULONGLONG TargetGEneration;
1060 KAPC RateApc;
1061 } PSP_RATE_APC, *PPSP_RATE_APC;
1062
1063 //
1064 // Executive Thread (ETHREAD)
1065 //
1066 typedef struct _ETHREAD
1067 {
1068 KTHREAD Tcb;
1069 LARGE_INTEGER CreateTime;
1070 union
1071 {
1072 LARGE_INTEGER ExitTime;
1073 LIST_ENTRY LpcReplyChain;
1074 LIST_ENTRY KeyedWaitChain;
1075 };
1076 union
1077 {
1078 NTSTATUS ExitStatus;
1079 PVOID OfsChain;
1080 };
1081 LIST_ENTRY PostBlockList;
1082 union
1083 {
1084 struct _TERMINATION_PORT *TerminationPort;
1085 struct _ETHREAD *ReaperLink;
1086 PVOID KeyedWaitValue;
1087 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1088 PVOID Win32StartParameter;
1089 #endif
1090 };
1091 KSPIN_LOCK ActiveTimerListLock;
1092 LIST_ENTRY ActiveTimerListHead;
1093 CLIENT_ID Cid;
1094 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1095 KSEMAPHORE KeyedWaitSemaphore;
1096 #else
1097 union
1098 {
1099 KSEMAPHORE LpcReplySemaphore;
1100 KSEMAPHORE KeyedReplySemaphore;
1101 };
1102 union
1103 {
1104 PVOID LpcReplyMessage;
1105 PVOID LpcWaitingOnPort;
1106 };
1107 #endif
1108 PPS_IMPERSONATION_INFORMATION ImpersonationInfo;
1109 LIST_ENTRY IrpList;
1110 ULONG_PTR TopLevelIrp;
1111 PDEVICE_OBJECT DeviceToVerify;
1112 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1113 PPSP_RATE_APC RateControlApc;
1114 #else
1115 struct _EPROCESS *ThreadsProcess;
1116 #endif
1117 PVOID Win32StartAddress;
1118 union
1119 {
1120 PKSTART_ROUTINE StartAddress;
1121 ULONG LpcReceivedMessageId;
1122 };
1123 LIST_ENTRY ThreadListEntry;
1124 EX_RUNDOWN_REF RundownProtect;
1125 EX_PUSH_LOCK ThreadLock;
1126 #if (NTDDI_VERSION < NTDDI_LONGHORN)
1127 ULONG LpcReplyMessageId;
1128 #endif
1129 ULONG ReadClusterSize;
1130 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1131 ULONG SpareUlong0;
1132 #else
1133 ACCESS_MASK GrantedAccess;
1134 #endif
1135 union
1136 {
1137 struct
1138 {
1139 ULONG Terminated:1;
1140 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1141 ULONG ThreadInserted:1;
1142 #else
1143 ULONG DeadThread:1;
1144 #endif
1145 ULONG HideFromDebugger:1;
1146 ULONG ActiveImpersonationInfo:1;
1147 ULONG SystemThread:1;
1148 ULONG HardErrorsAreDisabled:1;
1149 ULONG BreakOnTermination:1;
1150 ULONG SkipCreationMsg:1;
1151 ULONG SkipTerminationMsg:1;
1152 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1153 ULONG CreateMsgSent:1;
1154 ULONG ThreadIoPriority:3;
1155 ULONG ThreadPagePriority:3;
1156 ULONG PendingRatecontrol:1;
1157 #endif
1158 };
1159 ULONG CrossThreadFlags;
1160 };
1161 union
1162 {
1163 struct
1164 {
1165 ULONG ActiveExWorker:1;
1166 ULONG ExWorkerCanWaitUser:1;
1167 ULONG MemoryMaker:1;
1168 ULONG KeyedEventInUse:1;
1169 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1170 ULONG RateApcState:2;
1171 #endif
1172 };
1173 ULONG SameThreadPassiveFlags;
1174 };
1175 union
1176 {
1177 struct
1178 {
1179 ULONG LpcReceivedMsgIdValid:1;
1180 ULONG LpcExitThreadCalled:1;
1181 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1182 ULONG Spare:1;
1183 #else
1184 ULONG AddressSpaceOwner:1;
1185 #endif
1186 ULONG OwnsProcessWorkingSetExclusive:1;
1187 ULONG OwnsProcessWorkingSetShared:1;
1188 ULONG OwnsSystemWorkingSetExclusive:1;
1189 ULONG OwnsSystemWorkingSetShared:1;
1190 ULONG OwnsSessionWorkingSetExclusive:1;
1191 ULONG OwnsSessionWorkingSetShared:1;
1192 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1193 ULONG SupressSymbolLoad:1;
1194 ULONG Spare1:3;
1195 ULONG PriorityRegionActive:4;
1196 #else
1197 ULONG ApcNeeded:1;
1198 #endif
1199 };
1200 ULONG SameThreadApcFlags;
1201 };
1202 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1203 UCHAR CacheManagerActive;
1204 #else
1205 UCHAR ForwardClusterOnly;
1206 #endif
1207 UCHAR DisablePageFaultClustering;
1208 UCHAR ActiveFaultCount;
1209 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1210 ULONG AlpcMessageId;
1211 union
1212 {
1213 PVOID AlpcMessage;
1214 ULONG AlpcReceiveAttributeSet;
1215 };
1216 LIST_ENTRY AlpcWaitListEntry;
1217 KSEMAPHORE AlpcWaitSemaphore;
1218 ULONG CacheManagerCount;
1219 #endif
1220 } ETHREAD;
1221
1222 //
1223 // Executive Process (EPROCESS)
1224 //
1225 typedef struct _EPROCESS
1226 {
1227 KPROCESS Pcb;
1228 EX_PUSH_LOCK ProcessLock;
1229 LARGE_INTEGER CreateTime;
1230 LARGE_INTEGER ExitTime;
1231 EX_RUNDOWN_REF RundownProtect;
1232 HANDLE UniqueProcessId;
1233 LIST_ENTRY ActiveProcessLinks;
1234 ULONG QuotaUsage[3]; /* 0=PagedPool, 1=NonPagedPool, 2=Pagefile */
1235 ULONG QuotaPeak[3]; /* ditto */
1236 ULONG CommitCharge;
1237 ULONG PeakVirtualSize;
1238 ULONG VirtualSize;
1239 LIST_ENTRY SessionProcessLinks;
1240 PVOID DebugPort;
1241 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1242 union
1243 {
1244 PVOID ExceptionPortData;
1245 ULONG ExceptionPortValue;
1246 UCHAR ExceptionPortState:3;
1247 };
1248 #else
1249 PVOID ExceptionPort;
1250 #endif
1251 PHANDLE_TABLE ObjectTable;
1252 EX_FAST_REF Token;
1253 ULONG WorkingSetPage;
1254 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1255 EX_PUSH_LOCK AddressCreationLock;
1256 PETHREAD RotateInProgress;
1257 #else
1258 KGUARDED_MUTEX AddressCreationLock;
1259 KSPIN_LOCK HyperSpaceLock;
1260 #endif
1261 PETHREAD ForkInProgress;
1262 ULONG HardwareTrigger;
1263 PMM_AVL_TABLE PhysicalVadRoot;
1264 PVOID CloneRoot;
1265 ULONG NumberOfPrivatePages;
1266 ULONG NumberOfLockedPages;
1267 PVOID *Win32Process;
1268 struct _EJOB *Job;
1269 PVOID SectionObject;
1270 PVOID SectionBaseAddress;
1271 PEPROCESS_QUOTA_BLOCK QuotaBlock;
1272 PPAGEFAULT_HISTORY WorkingSetWatch;
1273 PVOID Win32WindowStation;
1274 HANDLE InheritedFromUniqueProcessId;
1275 PVOID LdtInformation;
1276 PVOID VadFreeHint;
1277 PVOID VdmObjects;
1278 PVOID DeviceMap;
1279 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1280 PVOID EtwDataSource;
1281 PVOID FreeTebHint;
1282 #else
1283 PVOID Spare0[3];
1284 #endif
1285 union
1286 {
1287 HARDWARE_PTE PageDirectoryPte;
1288 ULONGLONG Filler;
1289 };
1290 ULONG Session;
1291 CHAR ImageFileName[16];
1292 LIST_ENTRY JobLinks;
1293 PVOID LockedPagesList;
1294 LIST_ENTRY ThreadListHead;
1295 PVOID SecurityPort;
1296 PVOID PaeTop;
1297 ULONG ActiveThreads;
1298 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1299 ULONG ImagePathHash;
1300 #else
1301 ACCESS_MASK GrantedAccess;
1302 #endif
1303 ULONG DefaultHardErrorProcessing;
1304 NTSTATUS LastThreadExitStatus;
1305 struct _PEB* Peb;
1306 EX_FAST_REF PrefetchTrace;
1307 LARGE_INTEGER ReadOperationCount;
1308 LARGE_INTEGER WriteOperationCount;
1309 LARGE_INTEGER OtherOperationCount;
1310 LARGE_INTEGER ReadTransferCount;
1311 LARGE_INTEGER WriteTransferCount;
1312 LARGE_INTEGER OtherTransferCount;
1313 ULONG CommitChargeLimit;
1314 ULONG CommitChargePeak;
1315 PVOID AweInfo;
1316 SE_AUDIT_PROCESS_CREATION_INFO SeAuditProcessCreationInfo;
1317 MMSUPPORT Vm;
1318 LIST_ENTRY MmProcessLinks;
1319 ULONG ModifiedPageCount;
1320 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1321 union
1322 {
1323 struct
1324 {
1325 ULONG JobNotReallyActive:1;
1326 ULONG AccountingFolded:1;
1327 ULONG NewProcessReported:1;
1328 ULONG ExitProcessReported:1;
1329 ULONG ReportCommitChanges:1;
1330 ULONG LastReportMemory:1;
1331 ULONG ReportPhysicalPageChanges:1;
1332 ULONG HandleTableRundown:1;
1333 ULONG NeedsHandleRundown:1;
1334 ULONG RefTraceEnabled:1;
1335 ULONG NumaAware:1;
1336 ULONG ProtectedProcess:1;
1337 ULONG DefaultPagePriority:3;
1338 ULONG ProcessDeleteSelf:1;
1339 ULONG ProcessVerifierTarget:1;
1340 };
1341 ULONG Flags2;
1342 };
1343 #else
1344 ULONG JobStatus;
1345 #endif
1346 union
1347 {
1348 struct
1349 {
1350 ULONG CreateReported:1;
1351 ULONG NoDebugInherit:1;
1352 ULONG ProcessExiting:1;
1353 ULONG ProcessDelete:1;
1354 ULONG Wow64SplitPages:1;
1355 ULONG VmDeleted:1;
1356 ULONG OutswapEnabled:1;
1357 ULONG Outswapped:1;
1358 ULONG ForkFailed:1;
1359 ULONG Wow64VaSpace4Gb:1;
1360 ULONG AddressSpaceInitialized:2;
1361 ULONG SetTimerResolution:1;
1362 ULONG BreakOnTermination:1;
1363 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1364 ULONG DeprioritizeViews:1;
1365 #else
1366 ULONG SessionCreationUnderway:1;
1367 #endif
1368 ULONG WriteWatch:1;
1369 ULONG ProcessInSession:1;
1370 ULONG OverrideAddressSpace:1;
1371 ULONG HasAddressSpace:1;
1372 ULONG LaunchPrefetched:1;
1373 ULONG InjectInpageErrors:1;
1374 ULONG VmTopDown:1;
1375 ULONG ImageNotifyDone:1;
1376 ULONG PdeUpdateNeeded:1;
1377 ULONG VdmAllowed:1;
1378 ULONG SmapAllowed:1;
1379 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1380 ULONG ProcessInserted:1;
1381 #else
1382 ULONG CreateFailed:1;
1383 #endif
1384 ULONG DefaultIoPriority:3;
1385 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1386 ULONG SparePsFlags1:2;
1387 #else
1388 ULONG Spare1:1;
1389 ULONG Spare2:1;
1390 #endif
1391 };
1392 ULONG Flags;
1393 };
1394 NTSTATUS ExitStatus;
1395 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1396 USHORT Spare7;
1397 #else
1398 USHORT NextPageColor;
1399 #endif
1400 union
1401 {
1402 struct
1403 {
1404 UCHAR SubSystemMinorVersion;
1405 UCHAR SubSystemMajorVersion;
1406 };
1407 USHORT SubSystemVersion;
1408 };
1409 UCHAR PriorityClass;
1410 MM_AVL_TABLE VadRoot;
1411 ULONG Cookie;
1412 } EPROCESS;
1413
1414 //
1415 // Job Token Filter Data
1416 //
1417 #include <pshpack1.h>
1418 typedef struct _PS_JOB_TOKEN_FILTER
1419 {
1420 ULONG CapturedSidCount;
1421 PSID_AND_ATTRIBUTES CapturedSids;
1422 ULONG CapturedSidsLength;
1423 ULONG CapturedGroupCount;
1424 PSID_AND_ATTRIBUTES CapturedGroups;
1425 ULONG CapturedGroupsLength;
1426 ULONG CapturedPrivilegeCount;
1427 PLUID_AND_ATTRIBUTES CapturedPrivileges;
1428 ULONG CapturedPrivilegesLength;
1429 } PS_JOB_TOKEN_FILTER, *PPS_JOB_TOKEN_FILTER;
1430
1431 //
1432 // Executive Job (EJOB)
1433 //
1434 typedef struct _EJOB
1435 {
1436 KEVENT Event;
1437 LIST_ENTRY JobLinks;
1438 LIST_ENTRY ProcessListHead;
1439 ERESOURCE JobLock;
1440 LARGE_INTEGER TotalUserTime;
1441 LARGE_INTEGER TotalKernelTime;
1442 LARGE_INTEGER ThisPeriodTotalUserTime;
1443 LARGE_INTEGER ThisPeriodTotalKernelTime;
1444 ULONG TotalPageFaultCount;
1445 ULONG TotalProcesses;
1446 ULONG ActiveProcesses;
1447 ULONG TotalTerminatedProcesses;
1448 LARGE_INTEGER PerProcessUserTimeLimit;
1449 LARGE_INTEGER PerJobUserTimeLimit;
1450 ULONG LimitFlags;
1451 ULONG MinimumWorkingSetSize;
1452 ULONG MaximumWorkingSetSize;
1453 ULONG ActiveProcessLimit;
1454 ULONG Affinity;
1455 UCHAR PriorityClass;
1456 ULONG UIRestrictionsClass;
1457 ULONG SecurityLimitFlags;
1458 PVOID Token;
1459 PPS_JOB_TOKEN_FILTER Filter;
1460 ULONG EndOfJobTimeAction;
1461 PVOID CompletionPort;
1462 PVOID CompletionKey;
1463 ULONG SessionId;
1464 ULONG SchedulingClass;
1465 ULONGLONG ReadOperationCount;
1466 ULONGLONG WriteOperationCount;
1467 ULONGLONG OtherOperationCount;
1468 ULONGLONG ReadTransferCount;
1469 ULONGLONG WriteTransferCount;
1470 ULONGLONG OtherTransferCount;
1471 IO_COUNTERS IoInfo;
1472 ULONG ProcessMemoryLimit;
1473 ULONG JobMemoryLimit;
1474 ULONG PeakProcessMemoryUsed;
1475 ULONG PeakJobMemoryUsed;
1476 ULONG CurrentJobMemoryUsed;
1477 #if (NTDDI_VERSION >= NTDDI_WINXP) && (NTDDI_VERSION < NTDDI_WS03)
1478 FAST_MUTEX MemoryLimitsLock;
1479 #elif (NTDDI_VERSION >= NTDDI_WS03) && (NTDDI_VERSION < NTDDI_LONGHORN)
1480 KGUARDED_MUTEX MemoryLimitsLock;
1481 #elif (NTDDI_VERSION >= NTDDI_LONGHORN)
1482 EX_PUSH_LOCK MemoryLimitsLock;
1483 #endif
1484 LIST_ENTRY JobSetLinks;
1485 ULONG MemberLevel;
1486 ULONG JobFlags;
1487 } EJOB, *PEJOB;
1488 #include <poppack.h>
1489
1490 //
1491 // Win32K Callback Registration Data
1492 //
1493 typedef struct _WIN32_POWEREVENT_PARAMETERS
1494 {
1495 PSPOWEREVENTTYPE EventNumber;
1496 ULONG Code;
1497 } WIN32_POWEREVENT_PARAMETERS, *PWIN32_POWEREVENT_PARAMETERS;
1498
1499 typedef struct _WIN32_POWERSTATE_PARAMETERS
1500 {
1501 UCHAR Promotion;
1502 POWER_ACTION SystemAction;
1503 SYSTEM_POWER_STATE MinSystemState;
1504 ULONG Flags;
1505 POWERSTATETASK PowerStateTask;
1506 } WIN32_POWERSTATE_PARAMETERS, *PWIN32_POWERSTATE_PARAMETERS;
1507
1508 typedef struct _WIN32_JOBCALLOUT_PARAMETERS
1509 {
1510 PVOID Job;
1511 PSW32JOBCALLOUTTYPE CalloutType;
1512 PVOID Data;
1513 } WIN32_JOBCALLOUT_PARAMETERS, *PWIN32_JOBCALLOUT_PARAMETERS;
1514
1515 typedef struct _WIN32_OPENMETHOD_PARAMETERS
1516 {
1517 OB_OPEN_REASON OpenReason;
1518 PEPROCESS Process;
1519 PVOID Object;
1520 ULONG GrantedAccess;
1521 ULONG HandleCount;
1522 } WIN32_OPENMETHOD_PARAMETERS, *PWIN32_OPENMETHOD_PARAMETERS;
1523
1524 typedef struct _WIN32_OKAYTOCLOSEMETHOD_PARAMETERS
1525 {
1526 PEPROCESS Process;
1527 PVOID Object;
1528 HANDLE Handle;
1529 KPROCESSOR_MODE PreviousMode;
1530 } WIN32_OKAYTOCLOSEMETHOD_PARAMETERS, *PWIN32_OKAYTOCLOSEMETHOD_PARAMETERS;
1531
1532 typedef struct _WIN32_CLOSEMETHOD_PARAMETERS
1533 {
1534 PEPROCESS Process;
1535 PVOID Object;
1536 ACCESS_MASK AccessMask;
1537 ULONG ProcessHandleCount;
1538 ULONG SystemHandleCount;
1539 } WIN32_CLOSEMETHOD_PARAMETERS, *PWIN32_CLOSEMETHOD_PARAMETERS;
1540
1541 typedef struct _WIN32_DELETEMETHOD_PARAMETERS
1542 {
1543 PVOID Object;
1544 } WIN32_DELETEMETHOD_PARAMETERS, *PWIN32_DELETEMETHOD_PARAMETERS;
1545
1546 typedef struct _WIN32_PARSEMETHOD_PARAMETERS
1547 {
1548 PVOID ParseObject;
1549 PVOID ObjectType;
1550 PACCESS_STATE AccessState;
1551 KPROCESSOR_MODE AccessMode;
1552 ULONG Attributes;
1553 OUT PUNICODE_STRING CompleteName;
1554 PUNICODE_STRING RemainingName;
1555 PVOID Context;
1556 PSECURITY_QUALITY_OF_SERVICE SecurityQos;
1557 PVOID *Object;
1558 } WIN32_PARSEMETHOD_PARAMETERS, *PWIN32_PARSEMETHOD_PARAMETERS;
1559
1560 typedef struct _WIN32_CALLOUTS_FPNS
1561 {
1562 PKWIN32_PROCESS_CALLOUT ProcessCallout;
1563 PKWIN32_THREAD_CALLOUT ThreadCallout;
1564 PKWIN32_GLOBALATOMTABLE_CALLOUT GlobalAtomTableCallout;
1565 PKWIN32_POWEREVENT_CALLOUT PowerEventCallout;
1566 PKWIN32_POWERSTATE_CALLOUT PowerStateCallout;
1567 PKWIN32_JOB_CALLOUT JobCallout;
1568 PGDI_BATCHFLUSH_ROUTINE BatchFlushRoutine;
1569 PKWIN32_OPENMETHOD_CALLOUT DesktopOpenProcedure;
1570 PKWIN32_OKTOCLOSEMETHOD_CALLOUT DesktopOkToCloseProcedure;
1571 PKWIN32_CLOSEMETHOD_CALLOUT DesktopCloseProcedure;
1572 PKWIN32_DELETEMETHOD_CALLOUT DesktopDeleteProcedure;
1573 PKWIN32_OKTOCLOSEMETHOD_CALLOUT WindowStationOkToCloseProcedure;
1574 PKWIN32_CLOSEMETHOD_CALLOUT WindowStationCloseProcedure;
1575 PKWIN32_DELETEMETHOD_CALLOUT WindowStationDeleteProcedure;
1576 PKWIN32_PARSEMETHOD_CALLOUT WindowStationParseProcedure;
1577 PKWIN32_OPENMETHOD_CALLOUT WindowStationOpenProcedure;
1578 PKWIN32_WIN32DATACOLLECTION_CALLOUT Win32DataCollectionProcedure;
1579 } WIN32_CALLOUTS_FPNS, *PWIN32_CALLOUTS_FPNS;
1580
1581 #endif // !NTOS_MODE_USER
1582
1583 #endif // _PSTYPES_H
A free Windows-compatible Operating System