3 Copyright (c) Alex Ionescu. All rights reserved.
11 Type definitions for the Loader.
15 Alex Ionescu (alexi@tinykrnl.org) - Updated - 27-Feb-2006
26 #ifndef NTOS_MODE_USER
33 // A system call ID is formatted as such:
34 // .________________________________________________________________.
35 // | 14 | 13 | 12 | 11 | 10 | 9 | 8 | 7 | 6 | 5 | 4 | 3 | 2 | 1 | 0 |
36 // |--------------|-------------------------------------------------|
37 // | TABLE NUMBER | TABLE OFFSET |
38 // \----------------------------------------------------------------/
40 // The table number is then used as an index into the service descriptor table.
41 #define TABLE_NUMBER_BITS 1
42 #define TABLE_OFFSET_BITS 12
45 // There are 2 tables (kernel and shadow, used by Win32K)
47 #define NUMBER_SERVICE_TABLES 2
48 #define NTOS_SERVICE_INDEX 0
49 #define WIN32K_SERVICE_INDEX 1
52 // NB. From assembly code, the table number must be computed as an offset into
53 // the service descriptor table.
55 // Each entry into the table is 16 bytes long on 32-bit architectures, and
56 // 32 bytes long on 64-bit architectures.
58 // Thus, Table Number 1 is offset 16 (0x10) on x86, and offset 32 (0x20) on
62 #define BITS_PER_ENTRY 5 // (1 << 5) = 32 bytes
64 #define BITS_PER_ENTRY 4 // (1 << 4) = 16 bytes
68 // We want the table number, but leave some extra bits to we can have the offset
69 // into the descriptor table.
71 #define SERVICE_TABLE_SHIFT (12 - BITS_PER_ENTRY)
74 // Now the table number (as an offset) is corrupted with part of the table offset
75 // This mask will remove the extra unwanted bits, and give us the offset into the
76 // descriptor table proper.
78 #define SERVICE_TABLE_MASK (((1 << TABLE_NUMBER_BITS) - 1) << BITS_PER_ENTRY)
81 // To get the table offset (ie: the service call number), just keep the 12 bits
83 #define SERVICE_NUMBER_MASK ((1 << TABLE_OFFSET_BITS) - 1)
86 // We'll often need to check if this is a graphics call. This is done by comparing
87 // the table number offset with the known Win32K table number offset.
88 // This is usually index 1, so table number offset 0x10 (x86) or 0x20 (x64)
90 #define SERVICE_TABLE_TEST (WIN32K_SERVICE_INDEX << BITS_PER_ENTRY)
93 // Context Record Flags
95 #define CONTEXT_DEBUGGER (CONTEXT_FULL | CONTEXT_FLOATING_POINT)
98 // Maximum System Descriptor Table Entries
100 #define SSDT_MAX_ENTRIES 2
103 // Processor Architectures
105 #define PROCESSOR_ARCHITECTURE_INTEL 0
106 #define PROCESSOR_ARCHITECTURE_MIPS 1
107 #define PROCESSOR_ARCHITECTURE_ALPHA 2
108 #define PROCESSOR_ARCHITECTURE_PPC 3
109 #define PROCESSOR_ARCHITECTURE_SHX 4
110 #define PROCESSOR_ARCHITECTURE_ARM 5
111 #define PROCESSOR_ARCHITECTURE_IA64 6
112 #define PROCESSOR_ARCHITECTURE_ALPHA64 7
113 #define PROCESSOR_ARCHITECTURE_MSIL 8
114 #define PROCESSOR_ARCHITECTURE_AMD64 9
115 #define PROCESSOR_ARCHITECTURE_UNKNOWN 0xFFFF
118 // Object Type Mask for Kernel Dispatcher Objects
120 #define KOBJECT_TYPE_MASK 0x7F
121 #define KOBJECT_LOCK_BIT 0x80
124 // Dispatcher Priority increments
126 #define THREAD_ALERT_INCREMENT 2
129 // Physical memory offset of KUSER_SHARED_DATA
131 #define KI_USER_SHARED_DATA_PHYSICAL 0x41000
134 // Quantum values and decrements
136 #define MAX_QUANTUM 0x7F
137 #define WAIT_QUANTUM_DECREMENT 1
138 #define CLOCK_QUANTUM_DECREMENT 3
141 // Kernel Feature Bits
143 #define KF_V86_VIS 0x00000001
144 #define KF_RDTSC 0x00000002
145 #define KF_CR4 0x00000004
146 #define KF_CMOV 0x00000008
147 #define KF_GLOBAL_PAGE 0x00000010
148 #define KF_LARGE_PAGE 0x00000020
149 #define KF_MTRR 0x00000040
150 #define KF_CMPXCHG8B 0x00000080
151 #define KF_MMX 0x00000100
152 #define KF_WORKING_PTE 0x00000200
153 #define KF_PAT 0x00000400
154 #define KF_FXSR 0x00000800
155 #define KF_FAST_SYSCALL 0x00001000
156 #define KF_XMMI 0x00002000
157 #define KF_3DNOW 0x00004000
158 #define KF_AMDK6MTRR 0x00008000
159 #define KF_XMMI64 0x00010000
160 #define KF_DTS 0x00020000
161 #define KF_NX_BIT 0x20000000
162 #define KF_NX_DISABLED 0x40000000
163 #define KF_NX_ENABLED 0x80000000
166 // Internal Exception Codes
168 #define KI_EXCEPTION_INTERNAL 0x10000000
169 #define KI_EXCEPTION_ACCESS_VIOLATION (KI_EXCEPTION_INTERNAL | 0x04)
171 typedef struct _FIBER
/* Field offsets: */
172 { /* 32 bit 64 bit */
173 /* this must be the first field */
174 PVOID Parameter
; /* 0x00 0x00 */
175 struct _EXCEPTION_REGISTRATION_RECORD
*ExceptionList
; /* 0x04 0x08 */
176 PVOID StackBase
; /* 0x08 0x10 */
177 PVOID StackLimit
; /* 0x0C 0x18 */
178 PVOID DeallocationStack
; /* 0x10 0x20 */
179 CONTEXT Context
; /* 0x14 0x28 */
180 ULONG GuaranteedStackBytes
; /* 0x2E0 */
181 PVOID FlsData
; /* 0x2E4 */
182 struct _ACTIVATION_CONTEXT_STACK
*ActivationContextStack
;/* 0x2E8 */
185 #ifndef NTOS_MODE_USER
187 // Number of dispatch codes supported by KINTERRUPT
190 #define DISPATCH_LENGTH 4
191 #elif (NTDDI_VERSION >= NTDDI_LONGHORN)
192 #define DISPATCH_LENGTH 135
194 #define DISPATCH_LENGTH 106
200 // KPROCESSOR_MODE Type
202 typedef CCHAR KPROCESSOR_MODE
;
205 // Dereferencable pointer to KUSER_SHARED_DATA in User-Mode
207 #define SharedUserData ((KUSER_SHARED_DATA *)USER_SHARED_DATA)
210 // Maximum WOW64 Entries in KUSER_SHARED_DATA
212 #define MAX_WOW64_SHARED_ENTRIES 16
215 // Maximum Processor Features supported in KUSER_SHARED_DATA
217 #define PROCESSOR_FEATURE_MAX 64
222 typedef enum _EVENT_TYPE
231 typedef enum _TIMER_TYPE
240 typedef enum _WAIT_TYPE
247 // Processor Execution Modes
259 typedef enum _KWAIT_REASON
301 typedef enum _KPROFILE_SOURCE
304 ProfileAlignmentFixup
,
307 ProfileLoadInstructions
,
308 ProfilePipelineFrozen
,
309 ProfileBranchInstructions
,
310 ProfileTotalNonissues
,
314 ProfileBranchMispredictions
,
315 ProfileStoreInstructions
,
316 ProfileFpInstructions
,
317 ProfileIntegerInstructions
,
321 ProfileSpecialInstructions
,
324 ProfileDcacheAccesses
,
325 ProfileMemoryBarrierCycles
,
326 ProfileLoadLinkedIssues
,
331 // NT Product and Architecture Types
333 typedef enum _NT_PRODUCT_TYPE
338 } NT_PRODUCT_TYPE
, *PNT_PRODUCT_TYPE
;
340 typedef enum _ALTERNATIVE_ARCHITECTURE_TYPE
345 } ALTERNATIVE_ARCHITECTURE_TYPE
;
352 typedef enum _KTHREAD_STATE
362 #if (NTDDI_VERSION >= NTDDI_WS03)
365 } KTHREAD_STATE
, *PKTHREAD_STATE
;
368 // Kernel Object Types
370 typedef enum _KOBJECTS
372 EventNotificationObject
= 0,
373 EventSynchronizationObject
= 1,
380 TimerNotificationObject
= 8,
381 TimerSynchronizationObject
= 9,
392 DeviceQueueObject
= 20,
393 EventPairObject
= 21,
394 InterruptObject
= 22,
396 ThreadedDpcObject
= 24,
397 MaximumKernelObject
= 25
403 typedef enum _ADJUST_REASON
413 typedef enum _KCONTINUE_STATUS
417 ContinueProcessorReselected
,
418 ContinueNextProcessor
424 typedef enum _KPROCESS_STATE
431 } KPROCESS_STATE
, *PKPROCESS_STATE
;
434 // NtVdmControl Classes
436 typedef enum _VDMSERVICECLASS
438 VdmStartExecution
= 0,
439 VdmQueueInterrupt
= 1,
440 VdmDelayInterrupt
= 2,
443 VdmSetInt21Handler
= 5,
445 VdmPrinterDirectIoOpen
= 7,
446 VdmPrinterDirectIoClose
= 8,
447 VdmPrinterInitialize
= 9,
448 VdmSetLdtEntries
= 10,
449 VdmSetProcessLdtInfo
= 11,
450 VdmAdlibEmulation
= 12,
451 VdmPMCliControl
= 13,
452 VdmQueryVdmProcess
= 14,
455 #ifdef NTOS_MODE_USER
458 // APC Normal Routine
461 (NTAPI
*PKNORMAL_ROUTINE
)(
462 _In_ PVOID NormalContext
,
463 _In_ PVOID SystemArgument1
,
464 _In_ PVOID SystemArgument2
471 (NTAPI
*PTIMER_APC_ROUTINE
)(
472 _In_ PVOID TimerContext
,
473 _In_ ULONG TimerLowValue
,
474 _In_ LONG TimerHighValue
478 // System Time Structure
480 typedef struct _KSYSTEM_TIME
485 } KSYSTEM_TIME
, *PKSYSTEM_TIME
;
488 // Shared Kernel User Data
490 typedef struct _KUSER_SHARED_DATA
492 ULONG TickCountLowDeprecated
;
493 ULONG TickCountMultiplier
;
494 volatile KSYSTEM_TIME InterruptTime
;
495 volatile KSYSTEM_TIME SystemTime
;
496 volatile KSYSTEM_TIME TimeZoneBias
;
497 USHORT ImageNumberLow
;
498 USHORT ImageNumberHigh
;
499 WCHAR NtSystemRoot
[260];
500 ULONG MaxStackTraceDepth
;
501 ULONG CryptoExponent
;
503 ULONG LargePageMinimum
;
505 NT_PRODUCT_TYPE NtProductType
;
506 BOOLEAN ProductTypeIsValid
;
507 ULONG NtMajorVersion
;
508 ULONG NtMinorVersion
;
509 BOOLEAN ProcessorFeatures
[PROCESSOR_FEATURE_MAX
];
512 volatile ULONG TimeSlip
;
513 ALTERNATIVE_ARCHITECTURE_TYPE AlternativeArchitecture
;
514 LARGE_INTEGER SystemExpirationDate
;
516 BOOLEAN KdDebuggerEnabled
;
517 #if (NTDDI_VERSION >= NTDDI_WINXPSP2)
518 UCHAR NXSupportPolicy
;
520 volatile ULONG ActiveConsoleId
;
521 volatile ULONG DismountCount
;
522 ULONG ComPlusPackage
;
523 ULONG LastSystemRITEventTickCount
;
524 ULONG NumberOfPhysicalPages
;
525 BOOLEAN SafeBootMode
;
528 ULONGLONG TestRetInstruction
;
530 ULONG SystemCallReturn
;
531 ULONGLONG SystemCallPad
[3];
533 volatile KSYSTEM_TIME TickCount
;
534 volatile ULONG64 TickCountQuad
;
537 #if (NTDDI_VERSION >= NTDDI_WS03)
538 LONGLONG ConsoleSessionForegroundProcessId
;
539 ULONG Wow64SharedInformation
[MAX_WOW64_SHARED_ENTRIES
];
541 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
542 USHORT UserModeGlobalLogger
[8];
543 ULONG HeapTracingPid
[2];
544 ULONG CritSecTracingPid
[2];
547 ULONG SharedDataFlags
;
550 ULONG DbgErrorPortPresent
:1;
551 ULONG DbgElevationEnabled
:1;
552 ULONG DbgVirtEnabled
:1;
553 ULONG DbgInstallerDetectEnabled
:1;
557 ULONG ImageFileExecutionOptions
;
558 KAFFINITY ActiveProcessorAffinity
;
560 } KUSER_SHARED_DATA
, *PKUSER_SHARED_DATA
;
565 #include "pshpack1.h"
566 typedef struct _VdmVirtualIca
579 } VDMVIRTUALICA
, *PVDMVIRTUALICA
;
582 typedef struct _VdmIcaUserData
585 PVDMVIRTUALICA pIcaMaster
;
586 PVDMVIRTUALICA pIcaSlave
;
591 PULONG pAddrIretBopTable
;
592 PHANDLE phWowIdleEvent
;
593 PLARGE_INTEGER pIcaTimeout
;
594 PHANDLE phMainThreadSuspended
;
595 } VDMICAUSERDATA
, *PVDMICAUSERDATA
;
597 typedef struct _VDM_INITIALIZE_DATA
600 PVDMICAUSERDATA IcaUserData
;
601 } VDM_INITIALIZE_DATA
, *PVDM_INITIALIZE_DATA
;
606 // System Thread Start Routine
610 (NTAPI
*PKSYSTEM_ROUTINE
)(
611 PKSTART_ROUTINE StartRoutine
,
617 (NTAPI
*PKNORMAL_ROUTINE
)(
618 IN PVOID NormalContext OPTIONAL
,
619 IN PVOID SystemArgument1 OPTIONAL
,
620 IN PVOID SystemArgument2 OPTIONAL
);
623 (NTAPI
*PKRUNDOWN_ROUTINE
)(
624 IN
struct _KAPC
*Apc
);
627 (NTAPI
*PKKERNEL_ROUTINE
)(
628 IN
struct _KAPC
*Apc
,
629 IN OUT PKNORMAL_ROUTINE
*NormalRoutine OPTIONAL
,
630 IN OUT PVOID
*NormalContext OPTIONAL
,
631 IN OUT PVOID
*SystemArgument1 OPTIONAL
,
632 IN OUT PVOID
*SystemArgument2 OPTIONAL
);
636 // APC Environment Types
638 typedef enum _KAPC_ENVIRONMENT
640 OriginalApcEnvironment
,
641 AttachedApcEnvironment
,
642 CurrentApcEnvironment
,
646 typedef struct _KTIMER_TABLE_ENTRY
648 #if (NTDDI_VERSION >= NTDDI_LONGHORN) || defined(_M_ARM) || defined(_M_AMD64)
653 } KTIMER_TABLE_ENTRY
, *PKTIMER_TABLE_ENTRY
;
655 typedef struct _KTIMER_TABLE
657 PKTIMER TimerExpiry
[64];
658 KTIMER_TABLE_ENTRY TimerEntries
[256];
659 } KTIMER_TABLE
, *PKTIMER_TABLE
;
661 typedef struct _KDPC_LIST
663 SINGLE_LIST_ENTRY ListHead
;
664 SINGLE_LIST_ENTRY
* LastEntry
;
665 } KDPC_LIST
, *PKDPC_LIST
;
667 typedef struct _SYNCH_COUNTERS
669 ULONG SpinLockAcquireCount
;
670 ULONG SpinLockContentionCount
;
671 ULONG SpinLockSpinCount
;
672 ULONG IpiSendRequestBroadcastCount
;
673 ULONG IpiSendRequestRoutineCount
;
674 ULONG IpiSendSoftwareInterruptCount
;
675 ULONG ExInitializeResourceCount
;
676 ULONG ExReInitializeResourceCount
;
677 ULONG ExDeleteResourceCount
;
678 ULONG ExecutiveResourceAcquiresCount
;
679 ULONG ExecutiveResourceContentionsCount
;
680 ULONG ExecutiveResourceReleaseExclusiveCount
;
681 ULONG ExecutiveResourceReleaseSharedCount
;
682 ULONG ExecutiveResourceConvertsCount
;
683 ULONG ExAcqResExclusiveAttempts
;
684 ULONG ExAcqResExclusiveAcquiresExclusive
;
685 ULONG ExAcqResExclusiveAcquiresExclusiveRecursive
;
686 ULONG ExAcqResExclusiveWaits
;
687 ULONG ExAcqResExclusiveNotAcquires
;
688 ULONG ExAcqResSharedAttempts
;
689 ULONG ExAcqResSharedAcquiresExclusive
;
690 ULONG ExAcqResSharedAcquiresShared
;
691 ULONG ExAcqResSharedAcquiresSharedRecursive
;
692 ULONG ExAcqResSharedWaits
;
693 ULONG ExAcqResSharedNotAcquires
;
694 ULONG ExAcqResSharedStarveExclusiveAttempts
;
695 ULONG ExAcqResSharedStarveExclusiveAcquiresExclusive
;
696 ULONG ExAcqResSharedStarveExclusiveAcquiresShared
;
697 ULONG ExAcqResSharedStarveExclusiveAcquiresSharedRecursive
;
698 ULONG ExAcqResSharedStarveExclusiveWaits
;
699 ULONG ExAcqResSharedStarveExclusiveNotAcquires
;
700 ULONG ExAcqResSharedWaitForExclusiveAttempts
;
701 ULONG ExAcqResSharedWaitForExclusiveAcquiresExclusive
;
702 ULONG ExAcqResSharedWaitForExclusiveAcquiresShared
;
703 ULONG ExAcqResSharedWaitForExclusiveAcquiresSharedRecursive
;
704 ULONG ExAcqResSharedWaitForExclusiveWaits
;
705 ULONG ExAcqResSharedWaitForExclusiveNotAcquires
;
706 ULONG ExSetResOwnerPointerExclusive
;
707 ULONG ExSetResOwnerPointerSharedNew
;
708 ULONG ExSetResOwnerPointerSharedOld
;
709 ULONG ExTryToAcqExclusiveAttempts
;
710 ULONG ExTryToAcqExclusiveAcquires
;
711 ULONG ExBoostExclusiveOwner
;
712 ULONG ExBoostSharedOwners
;
713 ULONG ExEtwSynchTrackingNotificationsCount
;
714 ULONG ExEtwSynchTrackingNotificationsAccountedCount
;
715 } SYNCH_COUNTERS
, *PSYNCH_COUNTERS
;
720 typedef struct _KDPC_DATA
722 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
725 LIST_ENTRY DpcListHead
;
728 #if defined(_M_AMD64) || defined(_M_ARM)
729 volatile LONG DpcQueueDepth
;
731 volatile ULONG DpcQueueDepth
;
734 #if (NTDDI_VERSION >= NTDDI_LONGHORN) || defined(_M_ARM)
737 } KDPC_DATA
, *PKDPC_DATA
;
740 // Per-Processor Lookaside List
742 typedef struct _PP_LOOKASIDE_LIST
744 struct _GENERAL_LOOKASIDE
*P
;
745 struct _GENERAL_LOOKASIDE
*L
;
746 } PP_LOOKASIDE_LIST
, *PPP_LOOKASIDE_LIST
;
749 // Architectural Types
751 #include <arch/ketypes.h>
754 // Kernel Memory Node
756 #include <pshpack1.h>
757 typedef struct _KNODE
759 SLIST_HEADER DeadStackList
;
760 SLIST_HEADER PfnDereferenceSListHead
;
761 KAFFINITY ProcessorMask
;
766 ULONG MmShiftedColor
;
768 struct _SINGLE_LIST_ENTRY
*PfnDeferredList
;
773 // Kernel Profile Object
775 typedef struct _KPROFILE
779 LIST_ENTRY ProfileListEntry
;
780 struct _KPROCESS
*Process
;
787 KPROFILE_SOURCE Source
;
789 } KPROFILE
, *PKPROFILE
;
792 // Kernel Interrupt Object
794 typedef struct _KINTERRUPT
798 LIST_ENTRY InterruptListEntry
;
799 PKSERVICE_ROUTINE ServiceRoutine
;
800 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
801 PKSERVICE_ROUTINE MessageServiceRoutine
;
804 PVOID ServiceContext
;
807 PKSPIN_LOCK ActualLock
;
808 PKINTERRUPT_ROUTINE DispatchAddress
;
811 KIRQL SynchronizeIrql
;
812 BOOLEAN FloatingSave
;
816 KINTERRUPT_MODE Mode
;
817 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
818 KINTERRUPT_POLARITY Polarity
;
822 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
826 PKTRAP_FRAME TrapFrame
;
829 ULONG DispatchCode
[DISPATCH_LENGTH
];
833 // Kernel Event Pair Object
835 typedef struct _KEVENT_PAIR
841 } KEVENT_PAIR
, *PKEVENT_PAIR
;
844 // Kernel No Execute Options
846 typedef struct _KEXECUTE_OPTIONS
848 UCHAR ExecuteDisable
:1;
849 UCHAR ExecuteEnable
:1;
850 UCHAR DisableThunkEmulation
:1;
852 UCHAR ExecuteDispatchEnable
:1;
853 UCHAR ImageDispatchEnable
:1;
855 } KEXECUTE_OPTIONS
, *PKEXECUTE_OPTIONS
;
857 #if (NTDDI_VERSION >= NTDDI_WIN7)
858 typedef union _KWAIT_STATUS_REGISTER
871 } KWAIT_STATUS_REGISTER
, *PKWAIT_STATUS_REGISTER
;
873 typedef struct _COUNTER_READING
875 enum _HARDWARE_COUNTER_TYPE Type
;
879 }COUNTER_READING
, *PCOUNTER_READING
;
881 typedef struct _KTHREAD_COUNTERS
883 ULONG64 WaitReasonBitMap
;
884 struct _THREAD_PERFORMANCE_DATA
* UserData
;
886 ULONG ContextSwitches
;
887 ULONG64 CycleTimeBias
;
888 ULONG64 HardwareCounters
;
889 COUNTER_READING HwCounter
[16];
890 }KTHREAD_COUNTERS
, *PKTHREAD_COUNTERS
;
894 // Kernel Thread (KTHREAD)
896 typedef struct _KTHREAD
898 DISPATCHER_HEADER Header
;
899 #if (NTDDI_VERSION >= NTDDI_LONGHORN) // [
904 ULONGLONG QuantumTarget
;
906 LIST_ENTRY MutantListHead
;
909 ULONG_PTR StackLimit
; // FIXME: PVOID
911 KSPIN_LOCK ThreadLock
;
912 #if (NTDDI_VERSION >= NTDDI_WIN7) // [
913 KWAIT_STATUS_REGISTER WaitRegister
;
920 ULONG KernelStackResident
:1;
921 ULONG ReadyTransition
:1;
922 ULONG ProcessReadyQueue
:1;
924 ULONG SystemAffinityActive
:1;
926 ULONG GdiFlushActive
:1;
927 ULONG UserStackWalkActive
:1;
928 ULONG ApcInterruptRequest
:1;
929 ULONG ForceDeferSchedule
:1;
930 ULONG QuantumEndMigrate
:1;
931 ULONG UmsDirectedSwitchEnable
:1;
943 UCHAR ApcStateFill
[FIELD_OFFSET(KAPC_STATE
, UserApcPending
) + 1];
944 #if (NTDDI_VERSION >= NTDDI_LONGHORN) // [
946 #if (NTDDI_VERSION >= NTDDI_WIN7) // [
947 /* On x86, the following members "fall out" of the union */
948 volatile ULONG NextProcessor
;
949 volatile ULONG DeferredProcessor
;
951 /* On x86, the following members "fall out" of the union */
952 volatile USHORT NextProcessor
;
953 volatile USHORT DeferredProcessor
;
957 /* On x86, the following members "fall out" of the union */
958 volatile UCHAR NextProcessor
;
959 volatile UCHAR DeferredProcessor
;
961 SCHAR AdjustIncrement
;
965 KSPIN_LOCK ApcQueueLock
;
966 #ifndef _M_AMD64 // [
967 ULONG ContextSwitches
;
968 volatile UCHAR State
;
971 KPROCESSOR_MODE WaitMode
;
974 #if (NTDDI_VERSION >= NTDDI_WIN7) // [
975 PKWAIT_BLOCK WaitBlockList
;
979 PKWAIT_BLOCK WaitBlockList
;
982 #if (NTDDI_VERSION >= NTDDI_LONGHORN) // [
987 ULONG KernelStackResident
:1;
988 ULONG ReadyTransition
:1;
989 ULONG ProcessReadyQueue
:1;
991 ULONG SystemAffinityActive
:1;
993 ULONG GdiFlushActive
:1;
1003 #if (NTDDI_VERSION < NTDDI_LONGHORN)
1005 BOOLEAN EnableStackSwap
;
1007 volatile UCHAR SwapBusy
;
1008 BOOLEAN Alerted
[MaximumMode
];
1012 LIST_ENTRY WaitListEntry
;
1013 SINGLE_LIST_ENTRY SwapListEntry
;
1016 #ifndef _M_AMD64 // [
1022 SHORT KernelApcDisable
;
1023 SHORT SpecialApcDisable
;
1025 ULONG CombinedApcDisable
;
1030 #if (NTDDI_VERSION >= NTDDI_WIN7) // [
1038 UCHAR TimerFill
[FIELD_OFFSET(KTIMER
, Period
) + sizeof(LONG
)];
1039 #if !defined(_WIN64) // [
1048 ULONG AutoAlignment
:1;
1049 ULONG DisableBoost
:1;
1050 #if (NTDDI_VERSION >= NTDDI_LONGHORN) // [
1051 ULONG EtwStackTraceApc1Inserted
:1;
1052 ULONG EtwStackTraceApc2Inserted
:1;
1053 ULONG CycleChargePending
:1;
1054 ULONG CalloutActive
:1;
1055 ULONG ApcQueueable
:1;
1056 ULONG EnableStackSwap
:1;
1058 ULONG ReservedFlags
:23;
1060 LONG ReservedFlags
:30;
1065 #if defined(_WIN64) && (NTDDI_VERSION < NTDDI_WIN7) // [
1069 #if (NTDDI_VERSION >= NTDDI_WIN7) // [
1070 #if defined(_WIN64) // [
1078 DECLSPEC_ALIGN(8) KWAIT_BLOCK WaitBlock
[THREAD_WAIT_OBJECTS
+ 1];
1079 #if (NTDDI_VERSION < NTDDI_WIN7) // [
1082 UCHAR WaitBlockFill0
[FIELD_OFFSET(KWAIT_BLOCK
, SpareByte
)]; // 32bit = 23, 64bit = 43
1083 #if (NTDDI_VERSION >= NTDDI_LONGHORN) // [
1084 UCHAR IdealProcessor
;
1086 BOOLEAN SystemAffinityActive
;
1091 UCHAR WaitBlockFill1
[1 * sizeof(KWAIT_BLOCK
) + FIELD_OFFSET(KWAIT_BLOCK
, SpareByte
)]; // 47 / 91
1096 UCHAR WaitBlockFill2
[2 * sizeof(KWAIT_BLOCK
) + FIELD_OFFSET(KWAIT_BLOCK
, SpareByte
)]; // 71 / 139
1097 UCHAR ResourceIndex
;
1101 UCHAR WaitBlockFill3
[3 * sizeof(KWAIT_BLOCK
) + FIELD_OFFSET(KWAIT_BLOCK
, SpareByte
)]; // 95 / 187
1105 #ifdef _M_AMD64 // [
1108 UCHAR WaitBlockFill4
[FIELD_OFFSET(KWAIT_BLOCK
, SpareLong
)];
1109 ULONG ContextSwitches
;
1113 UCHAR WaitBlockFill5
[1 * sizeof(KWAIT_BLOCK
) + FIELD_OFFSET(KWAIT_BLOCK
, SpareLong
)];
1121 UCHAR WaitBlockFill6
[2 * sizeof(KWAIT_BLOCK
) + FIELD_OFFSET(KWAIT_BLOCK
, SpareLong
)];
1124 #if (NTDDI_VERSION >= NTDDI_WIN7) // [
1127 UCHAR WaitBlockFill7
[168];
1128 PVOID TebMappedLowVa
;
1129 struct _UMS_CONTROL_BLOCK
* Ucb
;
1134 #if (NTDDI_VERSION >= NTDDI_WIN7) // [
1135 UCHAR WaitBlockFill8
[188];
1137 UCHAR WaitBlockFill7
[3 * sizeof(KWAIT_BLOCK
) + FIELD_OFFSET(KWAIT_BLOCK
, SpareLong
)];
1143 SHORT KernelApcDisable
;
1144 SHORT SpecialApcDisable
;
1146 ULONG CombinedApcDisable
;
1151 LIST_ENTRY QueueListEntry
;
1152 PKTRAP_FRAME TrapFrame
;
1153 #if (NTDDI_VERSION >= NTDDI_LONGHORN) // [
1154 PVOID FirstArgument
;
1155 union // 2 elements, 0x8 bytes (sizeof)
1157 PVOID CallbackStack
;
1158 ULONG_PTR CallbackDepth
;
1161 PVOID CallbackStack
;
1163 #if (NTDDI_VERSION < NTDDI_LONGHORN) || ((NTDDI_VERSION < NTDDI_WIN7) && !defined(_WIN64)) // [
1166 #if (NTDDI_VERSION < NTDDI_LONGHORN) && defined(_WIN64) // [
1169 UCHAR ApcStateIndex
;
1170 #if (NTDDI_VERSION < NTDDI_LONGHORN) // [
1171 UCHAR IdealProcessor
;
1173 BOOLEAN ProcessReadyQueue
;
1178 BOOLEAN KernelStackResident
;
1181 SCHAR PriorityDecrement
;
1182 #if (NTDDI_VERSION >= NTDDI_LONGHORN) // [
1185 CHAR AdjustIncrement
;
1186 #if (NTDDI_VERSION >= NTDDI_WIN7)
1193 #if (NTDDI_VERSION >= NTDDI_LONGHORN) // [
1194 ULONG SystemCallNumber
;
1195 #if (NTDDI_VERSION >= NTDDI_WIN7) // [
1201 #if (NTDDI_VERSION >= NTDDI_WIN7) // [
1202 GROUP_AFFINITY UserAffinity
;
1203 struct _KPROCESS
*Process
;
1204 GROUP_AFFINITY Affinity
;
1205 ULONG IdealProcessor
;
1206 ULONG UserIdealProcessor
;
1208 KAFFINITY UserAffinity
;
1209 struct _KPROCESS
*Process
;
1212 PKAPC_STATE ApcStatePointer
[2];
1215 KAPC_STATE SavedApcState
;
1218 UCHAR SavedApcStateFill
[FIELD_OFFSET(KAPC_STATE
, UserApcPending
) + 1];
1219 #if (NTDDI_VERSION >= NTDDI_WIN7) // [
1229 #if (NTDDI_VERSION >= NTDDI_WIN7) // [
1232 UCHAR UserIdealProcessor
;
1234 #if (NTDDI_VERSION >= NTDDI_WIN7) // [
1235 #elif (NTDDI_VERSION >= NTDDI_LONGHORN) // ][
1238 UCHAR CalloutActive
;
1241 UCHAR CodePatchInProgress
;
1245 #if defined(_M_IX86) // [
1246 #if (NTDDI_VERSION >= NTDDI_LONGHORN) // [
1247 UCHAR OtherPlatformFill
;
1259 UCHAR SuspendApcFill0
[1];
1260 #if (NTDDI_VERSION >= NTDDI_WIN7) // [
1261 UCHAR ResourceIndex
;
1262 #elif (NTDDI_VERSION >= NTDDI_LONGHORN) // ][
1270 UCHAR SuspendApcFill1
[3];
1275 UCHAR SuspendApcFill2
[4];
1280 UCHAR SuspendApcFill3
[FIELD_OFFSET(KAPC
, SystemArgument1
)];
1281 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1289 UCHAR SuspendApcFill4
[FIELD_OFFSET(KAPC
, SystemArgument2
)]; // 40 / 72
1294 UCHAR SuspendApcFill5
[FIELD_OFFSET(KAPC
, Inserted
) + 1]; // 47 / 83
1295 #if (NTDDI_VERSION >= NTDDI_WIN7) // [
1310 KSEMAPHORE SuspendSemaphore
;
1313 UCHAR SuspendSemaphorefill
[FIELD_OFFSET(KSEMAPHORE
, Limit
) + 4]; // 20 / 28
1315 ULONG SListFaultCount
;
1320 ULONG SListFaultCount
;
1322 LIST_ENTRY ThreadListEntry
;
1323 #if (NTDDI_VERSION >= NTDDI_LONGHORN) // [
1324 LIST_ENTRY MutantListHead
;
1326 PVOID SListFaultAddress
;
1327 #ifdef _M_AMD64 // [
1328 LONG64 ReadOperationCount
;
1329 LONG64 WriteOperationCount
;
1330 LONG64 OtherOperationCount
;
1331 LONG64 ReadTransferCount
;
1332 LONG64 WriteTransferCount
;
1333 LONG64 OtherTransferCount
;
1335 #if (NTDDI_VERSION >= NTDDI_WIN7) // [
1336 PKTHREAD_COUNTERS ThreadCounters
;
1337 PXSTATE_SAVE XStateSave
;
1338 #elif (NTDDI_VERSION >= NTDDI_LONGHORN) // ][
1339 PVOID MdlForLockedTeb
;
1343 #define ASSERT_THREAD(object) \
1344 ASSERT((((object)->Header.Type & KOBJECT_TYPE_MASK) == ThreadObject))
1347 // Kernel Process (KPROCESS)
1349 typedef struct _KPROCESS
1351 DISPATCHER_HEADER Header
;
1352 LIST_ENTRY ProfileListHead
;
1353 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1354 ULONG_PTR DirectoryTableBase
;
1357 ULONG_PTR DirectoryTableBase
[2];
1359 #if defined(_M_IX86)
1360 KGDTENTRY LdtDescriptor
;
1361 KIDTENTRY Int21Descriptor
;
1364 #if defined(_M_IX86)
1368 volatile ULONG ActiveProcessors
;
1371 LIST_ENTRY ReadyListHead
;
1372 SINGLE_LIST_ENTRY SwapListEntry
;
1373 PVOID VdmTrapcHandler
;
1374 LIST_ENTRY ThreadListHead
;
1375 KSPIN_LOCK ProcessLock
;
1381 LONG AutoAlignment
:1;
1382 LONG DisableBoost
:1;
1383 LONG DisableQuantum
:1;
1384 LONG ReservedFlags
:29;
1397 KEXECUTE_OPTIONS Flags
;
1398 UCHAR ExecuteOptions
;
1401 LIST_ENTRY ProcessListEntry
;
1402 #if (NTDDI_VERSION >= NTDDI_LONGHORN) // [
1403 ULONGLONG CycleTime
;
1407 #define ASSERT_PROCESS(object) \
1408 ASSERT((((object)->Header.Type & KOBJECT_TYPE_MASK) == ProcessObject))
1411 // System Service Table Descriptor
1413 typedef struct _KSERVICE_TABLE_DESCRIPTOR
1419 LONG TableBaseGpOffset
;
1422 } KSERVICE_TABLE_DESCRIPTOR
, *PKSERVICE_TABLE_DESCRIPTOR
;
1425 // Exported Loader Parameter Block
1427 extern struct _LOADER_PARAMETER_BLOCK NTSYSAPI
*KeLoaderBlock
;
1430 // Exported Hardware Data
1432 extern KAFFINITY NTSYSAPI KeActiveProcessors
;
1433 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1434 extern volatile CCHAR NTSYSAPI KeNumberProcessors
;
1436 #if (NTDDI_VERSION >= NTDDI_WINXP)
1437 extern CCHAR NTSYSAPI KeNumberProcessors
;
1439 //extern PCCHAR KeNumberProcessors;
1440 extern NTSYSAPI CCHAR KeNumberProcessors
; //FIXME: Note to Alex: I won't fix this atm, since I prefer to discuss this with you first.
1443 extern ULONG NTSYSAPI KiDmaIoCoherency
;
1444 extern ULONG NTSYSAPI KeMaximumIncrement
;
1445 extern ULONG NTSYSAPI KeMinimumIncrement
;
1446 extern ULONG NTSYSAPI KeDcacheFlushCount
;
1447 extern ULONG NTSYSAPI KeIcacheFlushCount
;
1448 extern ULONG_PTR NTSYSAPI KiBugCheckData
[];
1449 extern BOOLEAN NTSYSAPI KiEnableTimerWatchdog
;
1452 // Exported System Service Descriptor Tables
1454 extern KSERVICE_TABLE_DESCRIPTOR NTSYSAPI KeServiceDescriptorTable
[SSDT_MAX_ENTRIES
];
1455 extern KSERVICE_TABLE_DESCRIPTOR NTSYSAPI KeServiceDescriptorTableShadow
[SSDT_MAX_ENTRIES
];
1457 #endif // !NTOS_MODE_USER
1459 #endif // _KETYPES_H