projects / reactos.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
ULONG -> ULONG_PTR
[reactos.git] / reactos / include / ndk / pstypes.h
1 /*++ NDK Version: 0098
2
3 Copyright (c) Alex Ionescu. All rights reserved.
4
5 Header Name:
6
7 pstypes.h
8
9 Abstract:
10
11 Type definitions for the Process Manager
12
13 Author:
14
15 Alex Ionescu (alexi@tinykrnl.org) - Updated - 27-Feb-2006
16
17 --*/
18
19 #ifndef _PSTYPES_H
20 #define _PSTYPES_H
21
22 //
23 // Dependencies
24 //
25 #include <umtypes.h>
26 #include <ldrtypes.h>
27 #include <mmtypes.h>
28 #include <obtypes.h>
29 #ifndef NTOS_MODE_USER
30 #include <extypes.h>
31 #include <setypes.h>
32 #endif
33
34 //
35 // KUSER_SHARED_DATA location in User Mode
36 //
37 #define USER_SHARED_DATA (0x7FFE0000)
38
39 //
40 // Global Flags
41 //
42 #define FLG_STOP_ON_EXCEPTION 0x00000001
43 #define FLG_SHOW_LDR_SNAPS 0x00000002
44 #define FLG_DEBUG_INITIAL_COMMAND 0x00000004
45 #define FLG_STOP_ON_HUNG_GUI 0x00000008
46 #define FLG_HEAP_ENABLE_TAIL_CHECK 0x00000010
47 #define FLG_HEAP_ENABLE_FREE_CHECK 0x00000020
48 #define FLG_HEAP_VALIDATE_PARAMETERS 0x00000040
49 #define FLG_HEAP_VALIDATE_ALL 0x00000080
50 #define FLG_POOL_ENABLE_TAIL_CHECK 0x00000100
51 #define FLG_POOL_ENABLE_FREE_CHECK 0x00000200
52 #define FLG_POOL_ENABLE_TAGGING 0x00000400
53 #define FLG_HEAP_ENABLE_TAGGING 0x00000800
54 #define FLG_USER_STACK_TRACE_DB 0x00001000
55 #define FLG_KERNEL_STACK_TRACE_DB 0x00002000
56 #define FLG_MAINTAIN_OBJECT_TYPELIST 0x00004000
57 #define FLG_HEAP_ENABLE_TAG_BY_DLL 0x00008000
58 #define FLG_IGNORE_DEBUG_PRIV 0x00010000
59 #define FLG_ENABLE_CSRDEBUG 0x00020000
60 #define FLG_ENABLE_KDEBUG_SYMBOL_LOAD 0x00040000
61 #define FLG_DISABLE_PAGE_KERNEL_STACKS 0x00080000
62 #define FLG_HEAP_ENABLE_CALL_TRACING 0x00100000
63 #define FLG_HEAP_DISABLE_COALESCING 0x00200000
64 #define FLG_ENABLE_CLOSE_EXCEPTIONS 0x00400000
65 #define FLG_ENABLE_EXCEPTION_LOGGING 0x00800000
66 #define FLG_ENABLE_HANDLE_TYPE_TAGGING 0x01000000
67 #define FLG_HEAP_PAGE_ALLOCS 0x02000000
68 #define FLG_DEBUG_INITIAL_COMMAND_EX 0x04000000
69 #define FLG_VALID_BITS 0x07FFFFFF
70
71 //
72 // Process priority classes
73 //
74 #define PROCESS_PRIORITY_CLASS_INVALID 0
75 #define PROCESS_PRIORITY_CLASS_IDLE 1
76 #define PROCESS_PRIORITY_CLASS_NORMAL 2
77 #define PROCESS_PRIORITY_CLASS_HIGH 3
78 #define PROCESS_PRIORITY_CLASS_REALTIME 4
79 #define PROCESS_PRIORITY_CLASS_BELOW_NORMAL 5
80 #define PROCESS_PRIORITY_CLASS_ABOVE_NORMAL 6
81
82 //
83 // NtCreateProcessEx flags
84 //
85 #define PS_REQUEST_BREAKAWAY 1
86 #define PS_NO_DEBUG_INHERIT 2
87 #define PS_INHERIT_HANDLES 4
88 #define PS_LARGE_PAGES 8
89 #define PS_ALL_FLAGS (PS_REQUEST_BREAKAWAY | \
90 PS_NO_DEBUG_INHERIT | \
91 PS_INHERIT_HANDLES | \
92 PS_LARGE_PAGES)
93
94 //
95 // Process base priorities
96 //
97 #define PROCESS_PRIORITY_IDLE 3
98 #define PROCESS_PRIORITY_NORMAL 8
99 #define PROCESS_PRIORITY_NORMAL_FOREGROUND 9
100
101 //
102 // Process memory priorities
103 //
104 #define MEMORY_PRIORITY_BACKGROUND 0
105 #define MEMORY_PRIORITY_UNKNOWN 1
106 #define MEMORY_PRIORITY_FOREGROUND 2
107
108 //
109 // Process Priority Separation Values (OR)
110 //
111 #define PSP_VARIABLE_QUANTUMS 4
112 #define PSP_LONG_QUANTUMS 16
113
114 #ifndef NTOS_MODE_USER
115
116 //
117 // Thread Access Types
118 //
119 #define THREAD_QUERY_INFORMATION 0x0040
120 #define THREAD_SET_THREAD_TOKEN 0x0080
121 #define THREAD_IMPERSONATE 0x0100
122 #define THREAD_DIRECT_IMPERSONATION 0x0200
123
124 //
125 // Process Access Types
126 //
127 #define PROCESS_TERMINATE 0x0001
128 #define PROCESS_CREATE_THREAD 0x0002
129 #define PROCESS_SET_SESSIONID 0x0004
130 #define PROCESS_VM_OPERATION 0x0008
131 #define PROCESS_VM_READ 0x0010
132 #define PROCESS_VM_WRITE 0x0020
133 #define PROCESS_CREATE_PROCESS 0x0080
134 #define PROCESS_SET_QUOTA 0x0100
135 #define PROCESS_SET_INFORMATION 0x0200
136 #define PROCESS_QUERY_INFORMATION 0x0400
137 #define PROCESS_SUSPEND_RESUME 0x0800
138 #define PROCESS_QUERY_LIMITED_INFORMATION 0x1000
139 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
140 #define PROCESS_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | \
141 SYNCHRONIZE | \
142 0xFFFF)
143 #else
144 #define PROCESS_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | \
145 SYNCHRONIZE | \
146 0xFFF)
147
148 //
149 // Thread Base Priorities
150 //
151 #define THREAD_BASE_PRIORITY_LOWRT 15
152 #define THREAD_BASE_PRIORITY_MAX 2
153 #define THREAD_BASE_PRIORITY_MIN -2
154 #define THREAD_BASE_PRIORITY_IDLE -15
155
156 //
157 // TLS Slots
158 //
159 #define TLS_MINIMUM_AVAILABLE 64
160 #endif
161
162 //
163 // Job Access Types
164 //
165 #define JOB_OBJECT_ASSIGN_PROCESS 0x1
166 #define JOB_OBJECT_SET_ATTRIBUTES 0x2
167 #define JOB_OBJECT_QUERY 0x4
168 #define JOB_OBJECT_TERMINATE 0x8
169 #define JOB_OBJECT_SET_SECURITY_ATTRIBUTES 0x10
170 #define JOB_OBJECT_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | \
171 SYNCHRONIZE | \
172 31)
173
174 //
175 // Job Limit Flags
176 //
177 #define JOB_OBJECT_LIMIT_WORKINGSET 0x1
178 #define JOB_OBJECT_LIMIT_PROCESS_TIME 0x2
179 #define JOB_OBJECT_LIMIT_JOB_TIME 0x4
180 #define JOB_OBJECT_LIMIT_ACTIVE_PROCESS 0x8
181 #define JOB_OBJECT_LIMIT_AFFINITY 0x10
182 #define JOB_OBJECT_LIMIT_PRIORITY_CLASS 0x20
183 #define JOB_OBJECT_LIMIT_PRESERVE_JOB_TIME 0x40
184 #define JOB_OBJECT_LIMIT_SCHEDULING_CLASS 0x80
185 #define JOB_OBJECT_LIMIT_PROCESS_MEMORY 0x100
186 #define JOB_OBJECT_LIMIT_JOB_MEMORY 0x200
187 #define JOB_OBJECT_LIMIT_DIE_ON_UNHANDLED_EXCEPTION 0x400
188 #define JOB_OBJECT_LIMIT_BREAKAWAY_OK 0x800
189 #define JOB_OBJECT_LIMIT_SILENT_BREAKAWAY_OK 0x1000
190 #define JOB_OBJECT_LIMIT_KILL_ON_JOB_CLOSE 0x2000
191
192
193 //
194 // Cross Thread Flags
195 //
196 #define CT_TERMINATED_BIT 0x1
197 #define CT_DEAD_THREAD_BIT 0x2
198 #define CT_HIDE_FROM_DEBUGGER_BIT 0x4
199 #define CT_ACTIVE_IMPERSONATION_INFO_BIT 0x8
200 #define CT_SYSTEM_THREAD_BIT 0x10
201 #define CT_HARD_ERRORS_ARE_DISABLED_BIT 0x20
202 #define CT_BREAK_ON_TERMINATION_BIT 0x40
203 #define CT_SKIP_CREATION_MSG_BIT 0x80
204 #define CT_SKIP_TERMINATION_MSG_BIT 0x100
205
206 //
207 // Same Thread Passive Flags
208 //
209 #define STP_ACTIVE_EX_WORKER_BIT 0x1
210 #define STP_EX_WORKER_CAN_WAIT_USER_BIT 0x2
211 #define STP_MEMORY_MAKER_BIT 0x4
212 #define STP_KEYED_EVENT_IN_USE_BIT 0x8
213
214 //
215 // Same Thread APC Flags
216 //
217 #define STA_LPC_RECEIVED_MSG_ID_VALID_BIT 0x1
218 #define STA_LPC_EXIT_THREAD_CALLED_BIT 0x2
219 #define STA_ADDRESS_SPACE_OWNER_BIT 0x4
220 #define STA_OWNS_WORKING_SET_BITS 0x1F8
221 #endif
222
223 #define TLS_EXPANSION_SLOTS 1024
224 //
225 // Process Flags
226 //
227 #define PSF_CREATE_REPORTED_BIT 0x1
228 #define PSF_NO_DEBUG_INHERIT_BIT 0x2
229 #define PSF_PROCESS_EXITING_BIT 0x4
230 #define PSF_PROCESS_DELETE_BIT 0x8
231 #define PSF_WOW64_SPLIT_PAGES_BIT 0x10
232 #define PSF_VM_DELETED_BIT 0x20
233 #define PSF_OUTSWAP_ENABLED_BIT 0x40
234 #define PSF_OUTSWAPPED_BIT 0x80
235 #define PSF_FORK_FAILED_BIT 0x100
236 #define PSF_WOW64_VA_SPACE_4GB_BIT 0x200
237 #define PSF_ADDRESS_SPACE_INITIALIZED_BIT 0x400
238 #define PSF_SET_TIMER_RESOLUTION_BIT 0x1000
239 #define PSF_BREAK_ON_TERMINATION_BIT 0x2000
240 #define PSF_SESSION_CREATION_UNDERWAY_BIT 0x4000
241 #define PSF_WRITE_WATCH_BIT 0x8000
242 #define PSF_PROCESS_IN_SESSION_BIT 0x10000
243 #define PSF_OVERRIDE_ADDRESS_SPACE_BIT 0x20000
244 #define PSF_HAS_ADDRESS_SPACE_BIT 0x40000
245 #define PSF_LAUNCH_PREFETCHED_BIT 0x80000
246 #define PSF_INJECT_INPAGE_ERRORS_BIT 0x100000
247 #define PSF_VM_TOP_DOWN_BIT 0x200000
248 #define PSF_IMAGE_NOTIFY_DONE_BIT 0x400000
249 #define PSF_PDE_UPDATE_NEEDED_BIT 0x800000
250 #define PSF_VDM_ALLOWED_BIT 0x1000000
251 #define PSF_SWAP_ALLOWED_BIT 0x2000000
252 #define PSF_CREATE_FAILED_BIT 0x4000000
253 #define PSF_DEFAULT_IO_PRIORITY_BIT 0x8000000
254
255 //
256 // Vista Process Flags
257 //
258 #define PSF2_PROTECTED_BIT 0x800
259
260 #ifdef NTOS_MODE_USER
261 //
262 // Current Process/Thread built-in 'special' handles
263 //
264 #define NtCurrentProcess() ((HANDLE)(LONG_PTR)-1)
265 #define ZwCurrentProcess() NtCurrentProcess()
266 #define NtCurrentThread() ((HANDLE)(LONG_PTR)-2)
267 #define ZwCurrentThread() NtCurrentThread()
268
269 //
270 // Process/Thread/Job Information Classes for NtQueryInformationProcess/Thread/Job
271 //
272 typedef enum _PROCESSINFOCLASS
273 {
274 ProcessBasicInformation,
275 ProcessQuotaLimits,
276 ProcessIoCounters,
277 ProcessVmCounters,
278 ProcessTimes,
279 ProcessBasePriority,
280 ProcessRaisePriority,
281 ProcessDebugPort,
282 ProcessExceptionPort,
283 ProcessAccessToken,
284 ProcessLdtInformation,
285 ProcessLdtSize,
286 ProcessDefaultHardErrorMode,
287 ProcessIoPortHandlers,
288 ProcessPooledUsageAndLimits,
289 ProcessWorkingSetWatch,
290 ProcessUserModeIOPL,
291 ProcessEnableAlignmentFaultFixup,
292 ProcessPriorityClass,
293 ProcessWx86Information,
294 ProcessHandleCount,
295 ProcessAffinityMask,
296 ProcessPriorityBoost,
297 ProcessDeviceMap,
298 ProcessSessionInformation,
299 ProcessForegroundInformation,
300 ProcessWow64Information,
301 ProcessImageFileName,
302 ProcessLUIDDeviceMapsEnabled,
303 ProcessBreakOnTermination,
304 ProcessDebugObjectHandle,
305 ProcessDebugFlags,
306 ProcessHandleTracing,
307 ProcessIoPriority,
308 ProcessExecuteFlags,
309 ProcessTlsInformation,
310 ProcessCookie,
311 ProcessImageInformation,
312 ProcessCycleTime,
313 ProcessPagePriority,
314 ProcessInstrumentationCallback,
315 ProcessThreadStackAllocation,
316 ProcessWorkingSetWatchEx,
317 ProcessImageFileNameWin32,
318 ProcessImageFileMapping,
319 ProcessAffinityUpdateMode,
320 ProcessMemoryAllocationMode,
321 MaxProcessInfoClass
322 } PROCESSINFOCLASS;
323
324 typedef enum _THREADINFOCLASS
325 {
326 ThreadBasicInformation,
327 ThreadTimes,
328 ThreadPriority,
329 ThreadBasePriority,
330 ThreadAffinityMask,
331 ThreadImpersonationToken,
332 ThreadDescriptorTableEntry,
333 ThreadEnableAlignmentFaultFixup,
334 ThreadEventPair_Reusable,
335 ThreadQuerySetWin32StartAddress,
336 ThreadZeroTlsCell,
337 ThreadPerformanceCount,
338 ThreadAmILastThread,
339 ThreadIdealProcessor,
340 ThreadPriorityBoost,
341 ThreadSetTlsArrayAddress,
342 ThreadIsIoPending,
343 ThreadHideFromDebugger,
344 ThreadBreakOnTermination,
345 ThreadSwitchLegacyState,
346 ThreadIsTerminated,
347 ThreadLastSystemCall,
348 ThreadIoPriority,
349 ThreadCycleTime,
350 ThreadPagePriority,
351 ThreadActualBasePriority,
352 ThreadTebInformation,
353 ThreadCSwitchMon,
354 MaxThreadInfoClass
355 } THREADINFOCLASS;
356
357 #else
358
359 typedef enum _PSPROCESSPRIORITYMODE
360 {
361 PsProcessPriorityForeground,
362 PsProcessPriorityBackground,
363 PsProcessPrioritySpinning
364 } PSPROCESSPRIORITYMODE;
365
366 typedef enum _JOBOBJECTINFOCLASS
367 {
368 JobObjectBasicAccountingInformation = 1,
369 JobObjectBasicLimitInformation,
370 JobObjectBasicProcessIdList,
371 JobObjectBasicUIRestrictions,
372 JobObjectSecurityLimitInformation,
373 JobObjectEndOfJobTimeInformation,
374 JobObjectAssociateCompletionPortInformation,
375 JobObjectBasicAndIoAccountingInformation,
376 JobObjectExtendedLimitInformation,
377 JobObjectJobSetInformation,
378 MaxJobObjectInfoClass
379 } JOBOBJECTINFOCLASS;
380
381 //
382 // Power Event Events for Win32K Power Event Callback
383 //
384 typedef enum _PSPOWEREVENTTYPE
385 {
386 PsW32FullWake = 0,
387 PsW32EventCode = 1,
388 PsW32PowerPolicyChanged = 2,
389 PsW32SystemPowerState = 3,
390 PsW32SystemTime = 4,
391 PsW32DisplayState = 5,
392 PsW32CapabilitiesChanged = 6,
393 PsW32SetStateFailed = 7,
394 PsW32GdiOff = 8,
395 PsW32GdiOn = 9,
396 PsW32GdiPrepareResumeUI = 10,
397 PsW32GdiOffRequest = 11,
398 PsW32MonitorOff = 12,
399 } PSPOWEREVENTTYPE;
400
401 //
402 // Power State Tasks for Win32K Power State Callback
403 //
404 typedef enum _POWERSTATETASK
405 {
406 PowerState_BlockSessionSwitch = 0,
407 PowerState_Init = 1,
408 PowerState_QueryApps = 2,
409 PowerState_QueryServices = 3,
410 PowerState_QueryAppsFailed = 4,
411 PowerState_QueryServicesFailed = 5,
412 PowerState_SuspendApps = 6,
413 PowerState_SuspendServices = 7,
414 PowerState_ShowUI = 8,
415 PowerState_NotifyWL = 9,
416 PowerState_ResumeApps = 10,
417 PowerState_ResumeServices = 11,
418 PowerState_UnBlockSessionSwitch = 12,
419 PowerState_End = 13,
420 PowerState_BlockInput = 14,
421 PowerState_UnblockInput = 15,
422 } POWERSTATETASK;
423
424 //
425 // Win32K Job Callback Types
426 //
427 typedef enum _PSW32JOBCALLOUTTYPE
428 {
429 PsW32JobCalloutSetInformation = 0,
430 PsW32JobCalloutAddProcess = 1,
431 PsW32JobCalloutTerminate = 2,
432 } PSW32JOBCALLOUTTYPE;
433
434 //
435 // Win32K Thread Callback Types
436 //
437 typedef enum _PSW32THREADCALLOUTTYPE
438 {
439 PsW32ThreadCalloutInitialize,
440 PsW32ThreadCalloutExit,
441 } PSW32THREADCALLOUTTYPE;
442
443 //
444 // Declare empty structure definitions so that they may be referenced by
445 // routines before they are defined
446 //
447 struct _W32THREAD;
448 struct _W32PROCESS;
449 //struct _ETHREAD;
450 struct _WIN32_POWEREVENT_PARAMETERS;
451 struct _WIN32_POWERSTATE_PARAMETERS;
452 struct _WIN32_JOBCALLOUT_PARAMETERS;
453 struct _WIN32_OPENMETHOD_PARAMETERS;
454 struct _WIN32_OKAYTOCLOSEMETHOD_PARAMETERS;
455 struct _WIN32_CLOSEMETHOD_PARAMETERS;
456 struct _WIN32_DELETEMETHOD_PARAMETERS;
457 struct _WIN32_PARSEMETHOD_PARAMETERS;
458
459 //
460 // Win32K Process and Thread Callbacks
461 //
462 typedef
463 NTSTATUS
464 (NTAPI *PKWIN32_PROCESS_CALLOUT)(
465 struct _EPROCESS *Process,
466 BOOLEAN Create
467 );
468
469 typedef
470 NTSTATUS
471 (NTAPI *PKWIN32_THREAD_CALLOUT)(
472 struct _ETHREAD *Thread,
473 PSW32THREADCALLOUTTYPE Type
474 );
475
476 typedef
477 NTSTATUS
478 (NTAPI *PKWIN32_GLOBALATOMTABLE_CALLOUT)(
479 VOID
480 );
481
482 typedef
483 NTSTATUS
484 (NTAPI *PKWIN32_POWEREVENT_CALLOUT)(
485 struct _WIN32_POWEREVENT_PARAMETERS *Parameters
486 );
487
488 typedef
489 NTSTATUS
490 (NTAPI *PKWIN32_POWERSTATE_CALLOUT)(
491 struct _WIN32_POWERSTATE_PARAMETERS *Parameters
492 );
493
494 typedef
495 NTSTATUS
496 (NTAPI *PKWIN32_JOB_CALLOUT)(
497 struct _WIN32_JOBCALLOUT_PARAMETERS *Parameters
498 );
499
500 typedef
501 NTSTATUS
502 (NTAPI *PGDI_BATCHFLUSH_ROUTINE)(
503 VOID
504 );
505
506 typedef
507 NTSTATUS
508 (NTAPI *PKWIN32_OPENMETHOD_CALLOUT)(
509 struct _WIN32_OPENMETHOD_PARAMETERS *Parameters
510 );
511
512 typedef
513 NTSTATUS
514 (NTAPI *PKWIN32_OKTOCLOSEMETHOD_CALLOUT)(
515 struct _WIN32_OKAYTOCLOSEMETHOD_PARAMETERS *Parameters
516 );
517
518 typedef
519 NTSTATUS
520 (NTAPI *PKWIN32_CLOSEMETHOD_CALLOUT)(
521 struct _WIN32_CLOSEMETHOD_PARAMETERS *Parameters
522 );
523
524 typedef
525 VOID
526 (NTAPI *PKWIN32_DELETEMETHOD_CALLOUT)(
527 struct _WIN32_DELETEMETHOD_PARAMETERS *Parameters
528 );
529
530 typedef
531 NTSTATUS
532 (NTAPI *PKWIN32_PARSEMETHOD_CALLOUT)(
533 struct _WIN32_PARSEMETHOD_PARAMETERS *Parameters
534 );
535
536 typedef
537 NTSTATUS
538 (NTAPI *PKWIN32_WIN32DATACOLLECTION_CALLOUT)(
539 struct _EPROCESS *Process,
540 PVOID Callback,
541 PVOID Context
542 );
543
544 //
545 // Lego Callback
546 //
547 typedef
548 VOID
549 (NTAPI *PLEGO_NOTIFY_ROUTINE)(
550 IN PKTHREAD Thread
551 );
552
553 #endif
554
555 typedef NTSTATUS
556 (NTAPI *PPOST_PROCESS_INIT_ROUTINE)(
557 VOID
558 );
559
560 //
561 // Descriptor Table Entry Definition
562 //
563 #if (_M_IX86)
564 #define _DESCRIPTOR_TABLE_ENTRY_DEFINED
565 typedef struct _DESCRIPTOR_TABLE_ENTRY
566 {
567 ULONG Selector;
568 LDT_ENTRY Descriptor;
569 } DESCRIPTOR_TABLE_ENTRY, *PDESCRIPTOR_TABLE_ENTRY;
570 #endif
571
572 //
573 // PEB Lock Routine
574 //
575 typedef VOID
576 (NTAPI *PPEBLOCKROUTINE)(
577 PVOID PebLock
578 );
579
580 //
581 // PEB Free Block Descriptor
582 //
583 typedef struct _PEB_FREE_BLOCK
584 {
585 struct _PEB_FREE_BLOCK* Next;
586 ULONG Size;
587 } PEB_FREE_BLOCK, *PPEB_FREE_BLOCK;
588
589 //
590 // Process Environment Block (PEB)
591 //
592 typedef struct _PEB
593 {
594 UCHAR InheritedAddressSpace;
595 UCHAR ReadImageFileExecOptions;
596 UCHAR BeingDebugged;
597 #if (NTDDI_VERSION >= NTDDI_WS03)
598 union
599 {
600 UCHAR BitField;
601 struct
602 {
603 UCHAR ImageUsesLargePages:1;
604 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
605 UCHAR IsProtectedProcess:1;
606 UCHAR IsLegacyProcess:1;
607 UCHAR IsImageDynamicallyRelocated:1;
608 UCHAR SkipPatchingUser32Forwarders:1;
609 UCHAR SpareBits:3;
610 #else
611 UCHAR SpareBits:7;
612 #endif
613 };
614 };
615 #else
616 BOOLEAN SpareBool;
617 #endif
618 HANDLE Mutant;
619 PVOID ImageBaseAddress;
620 PPEB_LDR_DATA Ldr;
621 struct _RTL_USER_PROCESS_PARAMETERS *ProcessParameters;
622 PVOID SubSystemData;
623 PVOID ProcessHeap;
624 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
625 struct _RTL_CRITICAL_SECTION *FastPebLock;
626 PVOID AltThunkSListPtr;
627 PVOID IFEOKey;
628 union
629 {
630 ULONG CrossProcessFlags;
631 struct
632 {
633 ULONG ProcessInJob:1;
634 ULONG ProcessInitializing:1;
635 ULONG ProcessUsingVEH:1;
636 ULONG ProcessUsingVCH:1;
637 ULONG ReservedBits0:28;
638 };
639 };
640 union
641 {
642 PVOID* KernelCallbackTable;
643 PVOID UserSharedInfoPtr;
644 };
645 ULONG SystemReserved[1];
646 ULONG SpareUlong;
647 ULONG_PTR SparePebPtr0;
648 #else
649 PVOID FastPebLock;
650 PPEBLOCKROUTINE FastPebLockRoutine;
651 PPEBLOCKROUTINE FastPebUnlockRoutine;
652 ULONG EnvironmentUpdateCount;
653 PVOID* KernelCallbackTable;
654 PVOID EventLogSection;
655 PVOID EventLog;
656 PPEB_FREE_BLOCK FreeList;
657 #endif
658 ULONG TlsExpansionCounter;
659 PVOID TlsBitmap;
660 ULONG TlsBitmapBits[0x2];
661 PVOID ReadOnlySharedMemoryBase;
662 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
663 PVOID HotpatchInformation;
664 #else
665 PVOID ReadOnlySharedMemoryHeap;
666 #endif
667 PVOID* ReadOnlyStaticServerData;
668 PVOID AnsiCodePageData;
669 PVOID OemCodePageData;
670 PVOID UnicodeCaseTableData;
671 ULONG NumberOfProcessors;
672 ULONG NtGlobalFlag;
673 LARGE_INTEGER CriticalSectionTimeout;
674 ULONG_PTR HeapSegmentReserve;
675 ULONG_PTR HeapSegmentCommit;
676 ULONG_PTR HeapDeCommitTotalFreeThreshold;
677 ULONG_PTR HeapDeCommitFreeBlockThreshold;
678 ULONG NumberOfHeaps;
679 ULONG MaximumNumberOfHeaps;
680 PVOID* ProcessHeaps;
681 PVOID GdiSharedHandleTable;
682 PVOID ProcessStarterHelper;
683 ULONG GdiDCAttributeList;
684 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
685 struct _RTL_CRITICAL_SECTION *LoaderLock;
686 #else
687 PVOID LoaderLock;
688 #endif
689 ULONG OSMajorVersion;
690 ULONG OSMinorVersion;
691 USHORT OSBuildNumber;
692 USHORT OSCSDVersion;
693 ULONG OSPlatformId;
694 ULONG ImageSubSystem;
695 ULONG ImageSubSystemMajorVersion;
696 ULONG ImageSubSystemMinorVersion;
697 ULONG ImageProcessAffinityMask;
698 #ifdef _WIN64
699 ULONG GdiHandleBuffer[0x3c];
700 #else
701 ULONG GdiHandleBuffer[0x22];
702 #endif
703 PPOST_PROCESS_INIT_ROUTINE PostProcessInitRoutine;
704 struct _RTL_BITMAP *TlsExpansionBitmap;
705 ULONG TlsExpansionBitmapBits[0x20];
706 ULONG SessionId;
707 #if (NTDDI_VERSION >= NTDDI_WINXP)
708 ULARGE_INTEGER AppCompatFlags;
709 ULARGE_INTEGER AppCompatFlagsUser;
710 PVOID pShimData;
711 PVOID AppCompatInfo;
712 UNICODE_STRING CSDVersion;
713 struct _ACTIVATION_CONTEXT_DATA *ActivationContextData;
714 struct _ASSEMBLY_STORAGE_MAP *ProcessAssemblyStorageMap;
715 struct _ACTIVATION_CONTEXT_DATA *SystemDefaultActivationContextData;
716 struct _ASSEMBLY_STORAGE_MAP *SystemAssemblyStorageMap;
717 ULONG_PTR MinimumStackCommit;
718 #endif
719 #if (NTDDI_VERSION >= NTDDI_WS03)
720 PVOID *FlsCallback;
721 LIST_ENTRY FlsListHead;
722 struct _RTL_BITMAP *FlsBitmap;
723 ULONG FlsBitmapBits[4];
724 ULONG FlsHighIndex;
725 #endif
726 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
727 PVOID WerRegistrationData;
728 PVOID WerShipAssertPtr;
729 #endif
730 } PEB, *PPEB;
731
732 //
733 // GDI Batch Descriptor
734 //
735 typedef struct _GDI_TEB_BATCH
736 {
737 ULONG Offset;
738 HANDLE HDC;
739 ULONG Buffer[0x136];
740 } GDI_TEB_BATCH, *PGDI_TEB_BATCH;
741
742 //
743 // Initial TEB
744 //
745 typedef struct _INITIAL_TEB
746 {
747 PVOID PreviousStackBase;
748 PVOID PreviousStackLimit;
749 PVOID StackBase;
750 PVOID StackLimit;
751 PVOID AllocatedStackBase;
752 } INITIAL_TEB, *PINITIAL_TEB;
753
754 //
755 // TEB Active Frame Structures
756 //
757 typedef struct _TEB_ACTIVE_FRAME_CONTEXT
758 {
759 ULONG Flags;
760 LPSTR FrameName;
761 } TEB_ACTIVE_FRAME_CONTEXT, *PTEB_ACTIVE_FRAME_CONTEXT;
762
763 typedef struct _TEB_ACTIVE_FRAME
764 {
765 ULONG Flags;
766 struct _TEB_ACTIVE_FRAME *Previous;
767 PTEB_ACTIVE_FRAME_CONTEXT Context;
768 } TEB_ACTIVE_FRAME, *PTEB_ACTIVE_FRAME;
769
770 //
771 // Thread Environment Block (TEB)
772 //
773 typedef struct _TEB
774 {
775 NT_TIB Tib;
776 PVOID EnvironmentPointer;
777 CLIENT_ID ClientId;
778 PVOID ActiveRpcHandle;
779 PVOID ThreadLocalStoragePointer;
780 struct _PEB *ProcessEnvironmentBlock;
781 ULONG LastErrorValue;
782 ULONG CountOfOwnedCriticalSections;
783 PVOID CsrClientThread;
784 struct _W32THREAD* Win32ThreadInfo;
785 ULONG User32Reserved[0x1A];
786 ULONG UserReserved[5];
787 PVOID WOW32Reserved;
788 LCID CurrentLocale;
789 ULONG FpSoftwareStatusRegister;
790 PVOID SystemReserved1[0x36];
791 LONG ExceptionCode;
792 struct _ACTIVATION_CONTEXT_STACK *ActivationContextStackPointer;
793 #ifdef _WIN64
794 UCHAR SpareBytes1[24];
795 #else
796 UCHAR SpareBytes1[0x24];
797 #endif
798 ULONG TxFsContext;
799 GDI_TEB_BATCH GdiTebBatch;
800 CLIENT_ID RealClientId;
801 PVOID GdiCachedProcessHandle;
802 ULONG GdiClientPID;
803 ULONG GdiClientTID;
804 PVOID GdiThreadLocalInfo;
805 SIZE_T Win32ClientInfo[62];
806 PVOID glDispatchTable[0xE9];
807 SIZE_T glReserved1[0x1D];
808 PVOID glReserved2;
809 PVOID glSectionInfo;
810 PVOID glSection;
811 PVOID glTable;
812 PVOID glCurrentRC;
813 PVOID glContext;
814 NTSTATUS LastStatusValue;
815 UNICODE_STRING StaticUnicodeString;
816 WCHAR StaticUnicodeBuffer[0x105];
817 PVOID DeallocationStack;
818 PVOID TlsSlots[0x40];
819 LIST_ENTRY TlsLinks;
820 PVOID Vdm;
821 PVOID ReservedForNtRpc;
822 PVOID DbgSsReserved[0x2];
823 ULONG HardErrorDisabled;
824 #ifdef _WIN64
825 PVOID Instrumentation[11];
826 #else
827 PVOID Instrumentation[9];
828 #endif
829 GUID ActivityId;
830 PVOID SubProcessTag;
831 PVOID EtwTraceData;
832 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
833 PVOID EtwLocalData;
834 #endif
835 PVOID WinSockData;
836 ULONG GdiBatchCount;
837 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
838 BOOLEAN SpareBool0;
839 BOOLEAN SpareBool1;
840 BOOLEAN SpareBool2;
841 #else
842 BOOLEAN InDbgPrint;
843 BOOLEAN FreeStackOnTermination;
844 BOOLEAN HasFiberData;
845 #endif
846 UCHAR IdealProcessor;
847 ULONG GuaranteedStackBytes;
848 PVOID ReservedForPerf;
849 PVOID ReservedForOle;
850 ULONG WaitingOnLoaderLock;
851 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
852 PVOID SavedPriorityState;
853 #else
854 ULONG SparePointer1;
855 #endif
856 ULONG SoftPatchPtr1;
857 ULONG SoftPatchPtr2;
858 PVOID *TlsExpansionSlots;
859 ULONG ImpersonationLocale;
860 ULONG IsImpersonating;
861 PVOID NlsCache;
862 PVOID pShimData;
863 ULONG HeapVirualAffinity;
864 PVOID CurrentTransactionHandle;
865 PTEB_ACTIVE_FRAME ActiveFrame;
866 #if (NTDDI_VERSION >= NTDDI_WS03)
867 PVOID FlsData;
868 #endif
869 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
870 PVOID PreferredLangauges;
871 PVOID UserPrefLanguages;
872 PVOID MergedPrefLanguages;
873 ULONG MuiImpersonation;
874 union
875 {
876 struct
877 {
878 USHORT SpareCrossTebFlags:16;
879 };
880 USHORT CrossTebFlags;
881 };
882 union
883 {
884 struct
885 {
886 USHORT DbgSafeThunkCall:1;
887 USHORT DbgInDebugPrint:1;
888 USHORT DbgHasFiberData:1;
889 USHORT DbgSkipThreadAttach:1;
890 USHORT DbgWerInShipAssertCode:1;
891 USHORT DbgIssuedInitialBp:1;
892 USHORT DbgClonedThread:1;
893 USHORT SpareSameTebBits:9;
894 };
895 USHORT SameTebFlags;
896 };
897 PVOID TxnScopeEntercallback;
898 PVOID TxnScopeExitCAllback;
899 PVOID TxnScopeContext;
900 ULONG LockCount;
901 ULONG ProcessRundown;
902 ULONGLONG LastSwitchTime;
903 ULONGLONG TotalSwitchOutTime;
904 LARGE_INTEGER WaitReasonBitMap;
905 #else
906 UCHAR SafeThunkCall;
907 UCHAR BooleanSpare[3];
908 #endif
909 } TEB, *PTEB;
910
911 #ifdef NTOS_MODE_USER
912
913 //
914 // Process Information Structures for NtQueryProcessInformation
915 //
916 typedef struct _PROCESS_BASIC_INFORMATION
917 {
918 NTSTATUS ExitStatus;
919 PPEB PebBaseAddress;
920 ULONG_PTR AffinityMask;
921 KPRIORITY BasePriority;
922 ULONG_PTR UniqueProcessId;
923 ULONG_PTR InheritedFromUniqueProcessId;
924 } PROCESS_BASIC_INFORMATION,*PPROCESS_BASIC_INFORMATION;
925
926 typedef struct _PROCESS_ACCESS_TOKEN
927 {
928 HANDLE Token;
929 HANDLE Thread;
930 } PROCESS_ACCESS_TOKEN, *PPROCESS_ACCESS_TOKEN;
931
932 typedef struct _PROCESS_DEVICEMAP_INFORMATION
933 {
934 union
935 {
936 struct
937 {
938 HANDLE DirectoryHandle;
939 } Set;
940 struct
941 {
942 ULONG DriveMap;
943 UCHAR DriveType[32];
944 } Query;
945 };
946 } PROCESS_DEVICEMAP_INFORMATION, *PPROCESS_DEVICEMAP_INFORMATION;
947
948 typedef struct _KERNEL_USER_TIMES
949 {
950 LARGE_INTEGER CreateTime;
951 LARGE_INTEGER ExitTime;
952 LARGE_INTEGER KernelTime;
953 LARGE_INTEGER UserTime;
954 } KERNEL_USER_TIMES, *PKERNEL_USER_TIMES;
955
956 typedef struct _PROCESS_SESSION_INFORMATION
957 {
958 ULONG SessionId;
959 } PROCESS_SESSION_INFORMATION, *PPROCESS_SESSION_INFORMATION;
960
961 #endif
962
963 typedef struct _PROCESS_PRIORITY_CLASS
964 {
965 BOOLEAN Foreground;
966 UCHAR PriorityClass;
967 } PROCESS_PRIORITY_CLASS, *PPROCESS_PRIORITY_CLASS;
968
969 //
970 // Thread Information Structures for NtQueryProcessInformation
971 //
972 typedef struct _THREAD_BASIC_INFORMATION
973 {
974 NTSTATUS ExitStatus;
975 PVOID TebBaseAddress;
976 CLIENT_ID ClientId;
977 KAFFINITY AffinityMask;
978 KPRIORITY Priority;
979 KPRIORITY BasePriority;
980 } THREAD_BASIC_INFORMATION, *PTHREAD_BASIC_INFORMATION;
981
982 #ifndef NTOS_MODE_USER
983
984 //
985 // Job Set Array
986 //
987 typedef struct _JOB_SET_ARRAY
988 {
989 HANDLE JobHandle;
990 ULONG MemberLevel;
991 ULONG Flags;
992 } JOB_SET_ARRAY, *PJOB_SET_ARRAY;
993
994 //
995 // EPROCESS Quota Structures
996 //
997 typedef struct _EPROCESS_QUOTA_ENTRY
998 {
999 SIZE_T Usage;
1000 SIZE_T Limit;
1001 SIZE_T Peak;
1002 SIZE_T Return;
1003 } EPROCESS_QUOTA_ENTRY, *PEPROCESS_QUOTA_ENTRY;
1004
1005 typedef struct _EPROCESS_QUOTA_BLOCK
1006 {
1007 EPROCESS_QUOTA_ENTRY QuotaEntry[3];
1008 LIST_ENTRY QuotaList;
1009 ULONG ReferenceCount;
1010 ULONG ProcessCount;
1011 } EPROCESS_QUOTA_BLOCK, *PEPROCESS_QUOTA_BLOCK;
1012
1013 //
1014 // Process Pagefault History
1015 //
1016 typedef struct _PAGEFAULT_HISTORY
1017 {
1018 ULONG CurrentIndex;
1019 ULONG MapIndex;
1020 KSPIN_LOCK SpinLock;
1021 PVOID Reserved;
1022 PROCESS_WS_WATCH_INFORMATION WatchInfo[1];
1023 } PAGEFAULT_HISTORY, *PPAGEFAULT_HISTORY;
1024
1025 //
1026 // Process Impersonation Information
1027 //
1028 typedef struct _PS_IMPERSONATION_INFORMATION
1029 {
1030 PACCESS_TOKEN Token;
1031 BOOLEAN CopyOnOpen;
1032 BOOLEAN EffectiveOnly;
1033 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
1034 } PS_IMPERSONATION_INFORMATION, *PPS_IMPERSONATION_INFORMATION;
1035
1036 //
1037 // Process Termination Port
1038 //
1039 typedef struct _TERMINATION_PORT
1040 {
1041 struct _TERMINATION_PORT *Next;
1042 PVOID Port;
1043 } TERMINATION_PORT, *PTERMINATION_PORT;
1044
1045 //
1046 // Per-Process APC Rate Limiting
1047 //
1048 typedef struct _PSP_RATE_APC
1049 {
1050 union
1051 {
1052 SINGLE_LIST_ENTRY NextApc;
1053 ULONGLONG ExcessCycles;
1054 };
1055 ULONGLONG TargetGEneration;
1056 KAPC RateApc;
1057 } PSP_RATE_APC, *PPSP_RATE_APC;
1058
1059 //
1060 // Executive Thread (ETHREAD)
1061 //
1062 typedef struct _ETHREAD
1063 {
1064 KTHREAD Tcb;
1065 LARGE_INTEGER CreateTime;
1066 union
1067 {
1068 LARGE_INTEGER ExitTime;
1069 LIST_ENTRY LpcReplyChain;
1070 LIST_ENTRY KeyedWaitChain;
1071 };
1072 union
1073 {
1074 NTSTATUS ExitStatus;
1075 PVOID OfsChain;
1076 };
1077 LIST_ENTRY PostBlockList;
1078 union
1079 {
1080 struct _TERMINATION_PORT *TerminationPort;
1081 struct _ETHREAD *ReaperLink;
1082 PVOID KeyedWaitValue;
1083 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1084 PVOID Win32StartParameter;
1085 #endif
1086 };
1087 KSPIN_LOCK ActiveTimerListLock;
1088 LIST_ENTRY ActiveTimerListHead;
1089 CLIENT_ID Cid;
1090 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1091 KSEMAPHORE KeyedWaitSemaphore;
1092 #else
1093 union
1094 {
1095 KSEMAPHORE LpcReplySemaphore;
1096 KSEMAPHORE KeyedReplySemaphore;
1097 };
1098 union
1099 {
1100 PVOID LpcReplyMessage;
1101 PVOID LpcWaitingOnPort;
1102 };
1103 #endif
1104 PPS_IMPERSONATION_INFORMATION ImpersonationInfo;
1105 LIST_ENTRY IrpList;
1106 ULONG_PTR TopLevelIrp;
1107 PDEVICE_OBJECT DeviceToVerify;
1108 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1109 PPSP_RATE_APC RateControlApc;
1110 #else
1111 struct _EPROCESS *ThreadsProcess;
1112 #endif
1113 PVOID Win32StartAddress;
1114 union
1115 {
1116 PKSTART_ROUTINE StartAddress;
1117 ULONG LpcReceivedMessageId;
1118 };
1119 LIST_ENTRY ThreadListEntry;
1120 EX_RUNDOWN_REF RundownProtect;
1121 EX_PUSH_LOCK ThreadLock;
1122 #if (NTDDI_VERSION < NTDDI_LONGHORN)
1123 ULONG LpcReplyMessageId;
1124 #endif
1125 ULONG ReadClusterSize;
1126 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1127 ULONG SpareUlong0;
1128 #else
1129 ACCESS_MASK GrantedAccess;
1130 #endif
1131 union
1132 {
1133 struct
1134 {
1135 ULONG Terminated:1;
1136 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1137 ULONG ThreadInserted:1;
1138 #else
1139 ULONG DeadThread:1;
1140 #endif
1141 ULONG HideFromDebugger:1;
1142 ULONG ActiveImpersonationInfo:1;
1143 ULONG SystemThread:1;
1144 ULONG HardErrorsAreDisabled:1;
1145 ULONG BreakOnTermination:1;
1146 ULONG SkipCreationMsg:1;
1147 ULONG SkipTerminationMsg:1;
1148 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1149 ULONG CreateMsgSent:1;
1150 ULONG ThreadIoPriority:3;
1151 ULONG ThreadPagePriority:3;
1152 ULONG PendingRatecontrol:1;
1153 #endif
1154 };
1155 ULONG CrossThreadFlags;
1156 };
1157 union
1158 {
1159 struct
1160 {
1161 ULONG ActiveExWorker:1;
1162 ULONG ExWorkerCanWaitUser:1;
1163 ULONG MemoryMaker:1;
1164 ULONG KeyedEventInUse:1;
1165 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1166 ULONG RateApcState:2;
1167 #endif
1168 };
1169 ULONG SameThreadPassiveFlags;
1170 };
1171 union
1172 {
1173 struct
1174 {
1175 ULONG LpcReceivedMsgIdValid:1;
1176 ULONG LpcExitThreadCalled:1;
1177 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1178 ULONG Spare:1;
1179 #else
1180 ULONG AddressSpaceOwner:1;
1181 #endif
1182 ULONG OwnsProcessWorkingSetExclusive:1;
1183 ULONG OwnsProcessWorkingSetShared:1;
1184 ULONG OwnsSystemWorkingSetExclusive:1;
1185 ULONG OwnsSystemWorkingSetShared:1;
1186 ULONG OwnsSessionWorkingSetExclusive:1;
1187 ULONG OwnsSessionWorkingSetShared:1;
1188 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1189 ULONG SupressSymbolLoad:1;
1190 ULONG Spare1:3;
1191 ULONG PriorityRegionActive:4;
1192 #else
1193 ULONG ApcNeeded:1;
1194 #endif
1195 };
1196 ULONG SameThreadApcFlags;
1197 };
1198 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1199 UCHAR CacheManagerActive;
1200 #else
1201 UCHAR ForwardClusterOnly;
1202 #endif
1203 UCHAR DisablePageFaultClustering;
1204 UCHAR ActiveFaultCount;
1205 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1206 ULONG AlpcMessageId;
1207 union
1208 {
1209 PVOID AlpcMessage;
1210 ULONG AlpcReceiveAttributeSet;
1211 };
1212 LIST_ENTRY AlpcWaitListEntry;
1213 KSEMAPHORE AlpcWaitSemaphore;
1214 ULONG CacheManagerCount;
1215 #endif
1216 } ETHREAD;
1217
1218 //
1219 // Executive Process (EPROCESS)
1220 //
1221 typedef struct _EPROCESS
1222 {
1223 KPROCESS Pcb;
1224 EX_PUSH_LOCK ProcessLock;
1225 LARGE_INTEGER CreateTime;
1226 LARGE_INTEGER ExitTime;
1227 EX_RUNDOWN_REF RundownProtect;
1228 HANDLE UniqueProcessId;
1229 LIST_ENTRY ActiveProcessLinks;
1230 ULONG QuotaUsage[3]; /* 0=PagedPool, 1=NonPagedPool, 2=Pagefile */
1231 ULONG QuotaPeak[3]; /* ditto */
1232 ULONG CommitCharge;
1233 ULONG PeakVirtualSize;
1234 ULONG VirtualSize;
1235 LIST_ENTRY SessionProcessLinks;
1236 PVOID DebugPort;
1237 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1238 union
1239 {
1240 PVOID ExceptionPortData;
1241 ULONG ExceptionPortValue;
1242 UCHAR ExceptionPortState:3;
1243 };
1244 #else
1245 PVOID ExceptionPort;
1246 #endif
1247 PHANDLE_TABLE ObjectTable;
1248 EX_FAST_REF Token;
1249 ULONG WorkingSetPage;
1250 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1251 EX_PUSH_LOCK AddressCreationLock;
1252 PETHREAD RotateInProgress;
1253 #else
1254 KGUARDED_MUTEX AddressCreationLock;
1255 KSPIN_LOCK HyperSpaceLock;
1256 #endif
1257 PETHREAD ForkInProgress;
1258 ULONG HardwareTrigger;
1259 PMM_AVL_TABLE PhysicalVadRoot;
1260 PVOID CloneRoot;
1261 ULONG NumberOfPrivatePages;
1262 ULONG NumberOfLockedPages;
1263 PVOID *Win32Process;
1264 struct _EJOB *Job;
1265 PVOID SectionObject;
1266 PVOID SectionBaseAddress;
1267 PEPROCESS_QUOTA_BLOCK QuotaBlock;
1268 PPAGEFAULT_HISTORY WorkingSetWatch;
1269 PVOID Win32WindowStation;
1270 HANDLE InheritedFromUniqueProcessId;
1271 PVOID LdtInformation;
1272 PVOID VadFreeHint;
1273 PVOID VdmObjects;
1274 PVOID DeviceMap;
1275 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1276 PVOID EtwDataSource;
1277 PVOID FreeTebHint;
1278 #else
1279 PVOID Spare0[3];
1280 #endif
1281 union
1282 {
1283 HARDWARE_PTE PageDirectoryPte;
1284 ULONGLONG Filler;
1285 };
1286 PVOID Session;
1287 CHAR ImageFileName[16];
1288 LIST_ENTRY JobLinks;
1289 PVOID LockedPagesList;
1290 LIST_ENTRY ThreadListHead;
1291 PVOID SecurityPort;
1292 PVOID PaeTop;
1293 ULONG ActiveThreads;
1294 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1295 ULONG ImagePathHash;
1296 #else
1297 ACCESS_MASK GrantedAccess;
1298 #endif
1299 ULONG DefaultHardErrorProcessing;
1300 NTSTATUS LastThreadExitStatus;
1301 struct _PEB* Peb;
1302 EX_FAST_REF PrefetchTrace;
1303 LARGE_INTEGER ReadOperationCount;
1304 LARGE_INTEGER WriteOperationCount;
1305 LARGE_INTEGER OtherOperationCount;
1306 LARGE_INTEGER ReadTransferCount;
1307 LARGE_INTEGER WriteTransferCount;
1308 LARGE_INTEGER OtherTransferCount;
1309 ULONG CommitChargeLimit;
1310 ULONG CommitChargePeak;
1311 PVOID AweInfo;
1312 SE_AUDIT_PROCESS_CREATION_INFO SeAuditProcessCreationInfo;
1313 MMSUPPORT Vm;
1314 LIST_ENTRY MmProcessLinks;
1315 ULONG ModifiedPageCount;
1316 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1317 union
1318 {
1319 struct
1320 {
1321 ULONG JobNotReallyActive:1;
1322 ULONG AccountingFolded:1;
1323 ULONG NewProcessReported:1;
1324 ULONG ExitProcessReported:1;
1325 ULONG ReportCommitChanges:1;
1326 ULONG LastReportMemory:1;
1327 ULONG ReportPhysicalPageChanges:1;
1328 ULONG HandleTableRundown:1;
1329 ULONG NeedsHandleRundown:1;
1330 ULONG RefTraceEnabled:1;
1331 ULONG NumaAware:1;
1332 ULONG ProtectedProcess:1;
1333 ULONG DefaultPagePriority:3;
1334 ULONG ProcessDeleteSelf:1;
1335 ULONG ProcessVerifierTarget:1;
1336 };
1337 ULONG Flags2;
1338 };
1339 #else
1340 ULONG JobStatus;
1341 #endif
1342 union
1343 {
1344 struct
1345 {
1346 ULONG CreateReported:1;
1347 ULONG NoDebugInherit:1;
1348 ULONG ProcessExiting:1;
1349 ULONG ProcessDelete:1;
1350 ULONG Wow64SplitPages:1;
1351 ULONG VmDeleted:1;
1352 ULONG OutswapEnabled:1;
1353 ULONG Outswapped:1;
1354 ULONG ForkFailed:1;
1355 ULONG Wow64VaSpace4Gb:1;
1356 ULONG AddressSpaceInitialized:2;
1357 ULONG SetTimerResolution:1;
1358 ULONG BreakOnTermination:1;
1359 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1360 ULONG DeprioritizeViews:1;
1361 #else
1362 ULONG SessionCreationUnderway:1;
1363 #endif
1364 ULONG WriteWatch:1;
1365 ULONG ProcessInSession:1;
1366 ULONG OverrideAddressSpace:1;
1367 ULONG HasAddressSpace:1;
1368 ULONG LaunchPrefetched:1;
1369 ULONG InjectInpageErrors:1;
1370 ULONG VmTopDown:1;
1371 ULONG ImageNotifyDone:1;
1372 ULONG PdeUpdateNeeded:1;
1373 ULONG VdmAllowed:1;
1374 ULONG SmapAllowed:1;
1375 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1376 ULONG ProcessInserted:1;
1377 #else
1378 ULONG CreateFailed:1;
1379 #endif
1380 ULONG DefaultIoPriority:3;
1381 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1382 ULONG SparePsFlags1:2;
1383 #else
1384 ULONG Spare1:1;
1385 ULONG Spare2:1;
1386 #endif
1387 };
1388 ULONG Flags;
1389 };
1390 NTSTATUS ExitStatus;
1391 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1392 USHORT Spare7;
1393 #else
1394 USHORT NextPageColor;
1395 #endif
1396 union
1397 {
1398 struct
1399 {
1400 UCHAR SubSystemMinorVersion;
1401 UCHAR SubSystemMajorVersion;
1402 };
1403 USHORT SubSystemVersion;
1404 };
1405 UCHAR PriorityClass;
1406 MM_AVL_TABLE VadRoot;
1407 ULONG Cookie;
1408 } EPROCESS;
1409
1410 //
1411 // Job Token Filter Data
1412 //
1413 #include <pshpack1.h>
1414 typedef struct _PS_JOB_TOKEN_FILTER
1415 {
1416 ULONG CapturedSidCount;
1417 PSID_AND_ATTRIBUTES CapturedSids;
1418 ULONG CapturedSidsLength;
1419 ULONG CapturedGroupCount;
1420 PSID_AND_ATTRIBUTES CapturedGroups;
1421 ULONG CapturedGroupsLength;
1422 ULONG CapturedPrivilegeCount;
1423 PLUID_AND_ATTRIBUTES CapturedPrivileges;
1424 ULONG CapturedPrivilegesLength;
1425 } PS_JOB_TOKEN_FILTER, *PPS_JOB_TOKEN_FILTER;
1426
1427 //
1428 // Executive Job (EJOB)
1429 //
1430 typedef struct _EJOB
1431 {
1432 KEVENT Event;
1433 LIST_ENTRY JobLinks;
1434 LIST_ENTRY ProcessListHead;
1435 ERESOURCE JobLock;
1436 LARGE_INTEGER TotalUserTime;
1437 LARGE_INTEGER TotalKernelTime;
1438 LARGE_INTEGER ThisPeriodTotalUserTime;
1439 LARGE_INTEGER ThisPeriodTotalKernelTime;
1440 ULONG TotalPageFaultCount;
1441 ULONG TotalProcesses;
1442 ULONG ActiveProcesses;
1443 ULONG TotalTerminatedProcesses;
1444 LARGE_INTEGER PerProcessUserTimeLimit;
1445 LARGE_INTEGER PerJobUserTimeLimit;
1446 ULONG LimitFlags;
1447 ULONG MinimumWorkingSetSize;
1448 ULONG MaximumWorkingSetSize;
1449 ULONG ActiveProcessLimit;
1450 ULONG Affinity;
1451 UCHAR PriorityClass;
1452 ULONG UIRestrictionsClass;
1453 ULONG SecurityLimitFlags;
1454 PVOID Token;
1455 PPS_JOB_TOKEN_FILTER Filter;
1456 ULONG EndOfJobTimeAction;
1457 PVOID CompletionPort;
1458 PVOID CompletionKey;
1459 ULONG SessionId;
1460 ULONG SchedulingClass;
1461 ULONGLONG ReadOperationCount;
1462 ULONGLONG WriteOperationCount;
1463 ULONGLONG OtherOperationCount;
1464 ULONGLONG ReadTransferCount;
1465 ULONGLONG WriteTransferCount;
1466 ULONGLONG OtherTransferCount;
1467 IO_COUNTERS IoInfo;
1468 ULONG ProcessMemoryLimit;
1469 ULONG JobMemoryLimit;
1470 ULONG PeakProcessMemoryUsed;
1471 ULONG PeakJobMemoryUsed;
1472 ULONG CurrentJobMemoryUsed;
1473 #if (NTDDI_VERSION >= NTDDI_WINXP) && (NTDDI_VERSION < NTDDI_WS03)
1474 FAST_MUTEX MemoryLimitsLock;
1475 #elif (NTDDI_VERSION >= NTDDI_WS03) && (NTDDI_VERSION < NTDDI_LONGHORN)
1476 KGUARDED_MUTEX MemoryLimitsLock;
1477 #elif (NTDDI_VERSION >= NTDDI_LONGHORN)
1478 EX_PUSH_LOCK MemoryLimitsLock;
1479 #endif
1480 LIST_ENTRY JobSetLinks;
1481 ULONG MemberLevel;
1482 ULONG JobFlags;
1483 } EJOB, *PEJOB;
1484 #include <poppack.h>
1485
1486 //
1487 // Win32K Callback Registration Data
1488 //
1489 typedef struct _WIN32_POWEREVENT_PARAMETERS
1490 {
1491 PSPOWEREVENTTYPE EventNumber;
1492 ULONG Code;
1493 } WIN32_POWEREVENT_PARAMETERS, *PWIN32_POWEREVENT_PARAMETERS;
1494
1495 typedef struct _WIN32_POWERSTATE_PARAMETERS
1496 {
1497 UCHAR Promotion;
1498 POWER_ACTION SystemAction;
1499 SYSTEM_POWER_STATE MinSystemState;
1500 ULONG Flags;
1501 POWERSTATETASK PowerStateTask;
1502 } WIN32_POWERSTATE_PARAMETERS, *PWIN32_POWERSTATE_PARAMETERS;
1503
1504 typedef struct _WIN32_JOBCALLOUT_PARAMETERS
1505 {
1506 PVOID Job;
1507 PSW32JOBCALLOUTTYPE CalloutType;
1508 PVOID Data;
1509 } WIN32_JOBCALLOUT_PARAMETERS, *PWIN32_JOBCALLOUT_PARAMETERS;
1510
1511 typedef struct _WIN32_OPENMETHOD_PARAMETERS
1512 {
1513 OB_OPEN_REASON OpenReason;
1514 PEPROCESS Process;
1515 PVOID Object;
1516 ULONG GrantedAccess;
1517 ULONG HandleCount;
1518 } WIN32_OPENMETHOD_PARAMETERS, *PWIN32_OPENMETHOD_PARAMETERS;
1519
1520 typedef struct _WIN32_OKAYTOCLOSEMETHOD_PARAMETERS
1521 {
1522 PEPROCESS Process;
1523 PVOID Object;
1524 HANDLE Handle;
1525 KPROCESSOR_MODE PreviousMode;
1526 } WIN32_OKAYTOCLOSEMETHOD_PARAMETERS, *PWIN32_OKAYTOCLOSEMETHOD_PARAMETERS;
1527
1528 typedef struct _WIN32_CLOSEMETHOD_PARAMETERS
1529 {
1530 PEPROCESS Process;
1531 PVOID Object;
1532 ACCESS_MASK AccessMask;
1533 ULONG ProcessHandleCount;
1534 ULONG SystemHandleCount;
1535 } WIN32_CLOSEMETHOD_PARAMETERS, *PWIN32_CLOSEMETHOD_PARAMETERS;
1536
1537 typedef struct _WIN32_DELETEMETHOD_PARAMETERS
1538 {
1539 PVOID Object;
1540 } WIN32_DELETEMETHOD_PARAMETERS, *PWIN32_DELETEMETHOD_PARAMETERS;
1541
1542 typedef struct _WIN32_PARSEMETHOD_PARAMETERS
1543 {
1544 PVOID ParseObject;
1545 PVOID ObjectType;
1546 PACCESS_STATE AccessState;
1547 KPROCESSOR_MODE AccessMode;
1548 ULONG Attributes;
1549 OUT PUNICODE_STRING CompleteName;
1550 PUNICODE_STRING RemainingName;
1551 PVOID Context;
1552 PSECURITY_QUALITY_OF_SERVICE SecurityQos;
1553 PVOID *Object;
1554 } WIN32_PARSEMETHOD_PARAMETERS, *PWIN32_PARSEMETHOD_PARAMETERS;
1555
1556 typedef struct _WIN32_CALLOUTS_FPNS
1557 {
1558 PKWIN32_PROCESS_CALLOUT ProcessCallout;
1559 PKWIN32_THREAD_CALLOUT ThreadCallout;
1560 PKWIN32_GLOBALATOMTABLE_CALLOUT GlobalAtomTableCallout;
1561 PKWIN32_POWEREVENT_CALLOUT PowerEventCallout;
1562 PKWIN32_POWERSTATE_CALLOUT PowerStateCallout;
1563 PKWIN32_JOB_CALLOUT JobCallout;
1564 PGDI_BATCHFLUSH_ROUTINE BatchFlushRoutine;
1565 PKWIN32_OPENMETHOD_CALLOUT DesktopOpenProcedure;
1566 PKWIN32_OKTOCLOSEMETHOD_CALLOUT DesktopOkToCloseProcedure;
1567 PKWIN32_CLOSEMETHOD_CALLOUT DesktopCloseProcedure;
1568 PKWIN32_DELETEMETHOD_CALLOUT DesktopDeleteProcedure;
1569 PKWIN32_OKTOCLOSEMETHOD_CALLOUT WindowStationOkToCloseProcedure;
1570 PKWIN32_CLOSEMETHOD_CALLOUT WindowStationCloseProcedure;
1571 PKWIN32_DELETEMETHOD_CALLOUT WindowStationDeleteProcedure;
1572 PKWIN32_PARSEMETHOD_CALLOUT WindowStationParseProcedure;
1573 PKWIN32_OPENMETHOD_CALLOUT WindowStationOpenProcedure;
1574 PKWIN32_WIN32DATACOLLECTION_CALLOUT Win32DataCollectionProcedure;
1575 } WIN32_CALLOUTS_FPNS, *PWIN32_CALLOUTS_FPNS;
1576
1577 #endif // !NTOS_MODE_USER
1578
1579 #endif // _PSTYPES_H
A free Windows-compatible Operating System