[NDK]
[reactos.git] / reactos / include / ndk / pstypes.h
1 /*++ NDK Version: 0098
2
3 Copyright (c) Alex Ionescu. All rights reserved.
4
5 Header Name:
6
7 pstypes.h
8
9 Abstract:
10
11 Type definitions for the Process Manager
12
13 Author:
14
15 Alex Ionescu (alexi@tinykrnl.org) - Updated - 27-Feb-2006
16
17 --*/
18
19 #ifndef _PSTYPES_H
20 #define _PSTYPES_H
21
22 //
23 // Dependencies
24 //
25 #include <umtypes.h>
26 #include <ldrtypes.h>
27 #include <mmtypes.h>
28 #include <obtypes.h>
29 #include <rtltypes.h>
30 #ifndef NTOS_MODE_USER
31 #include <extypes.h>
32 #include <setypes.h>
33 #endif
34
35 #ifndef NTOS_MODE_USER
36
37 //
38 // Kernel Exported Object Types
39 //
40 extern POBJECT_TYPE NTSYSAPI PsJobType;
41
42 #endif // !NTOS_MODE_USER
43
44 //
45 // KUSER_SHARED_DATA location in User Mode
46 //
47 #define USER_SHARED_DATA (0x7FFE0000)
48
49 //
50 // Global Flags
51 //
52 #define FLG_STOP_ON_EXCEPTION 0x00000001
53 #define FLG_SHOW_LDR_SNAPS 0x00000002
54 #define FLG_DEBUG_INITIAL_COMMAND 0x00000004
55 #define FLG_STOP_ON_HUNG_GUI 0x00000008
56 #define FLG_HEAP_ENABLE_TAIL_CHECK 0x00000010
57 #define FLG_HEAP_ENABLE_FREE_CHECK 0x00000020
58 #define FLG_HEAP_VALIDATE_PARAMETERS 0x00000040
59 #define FLG_HEAP_VALIDATE_ALL 0x00000080
60 #define FLG_POOL_ENABLE_TAIL_CHECK 0x00000100
61 #define FLG_POOL_ENABLE_FREE_CHECK 0x00000200
62 #define FLG_POOL_ENABLE_TAGGING 0x00000400
63 #define FLG_HEAP_ENABLE_TAGGING 0x00000800
64 #define FLG_USER_STACK_TRACE_DB 0x00001000
65 #define FLG_KERNEL_STACK_TRACE_DB 0x00002000
66 #define FLG_MAINTAIN_OBJECT_TYPELIST 0x00004000
67 #define FLG_HEAP_ENABLE_TAG_BY_DLL 0x00008000
68 #define FLG_IGNORE_DEBUG_PRIV 0x00010000
69 #define FLG_ENABLE_CSRDEBUG 0x00020000
70 #define FLG_ENABLE_KDEBUG_SYMBOL_LOAD 0x00040000
71 #define FLG_DISABLE_PAGE_KERNEL_STACKS 0x00080000
72 #if (NTDDI_VERSION < NTDDI_WINXP)
73 #define FLG_HEAP_ENABLE_CALL_TRACING 0x00100000
74 #else
75 #define FLG_ENABLE_SYSTEM_CRIT_BREAKS 0x00100000
76 #endif
77 #define FLG_HEAP_DISABLE_COALESCING 0x00200000
78 #define FLG_ENABLE_CLOSE_EXCEPTIONS 0x00400000
79 #define FLG_ENABLE_EXCEPTION_LOGGING 0x00800000
80 #define FLG_ENABLE_HANDLE_TYPE_TAGGING 0x01000000
81 #define FLG_HEAP_PAGE_ALLOCS 0x02000000
82 #define FLG_DEBUG_INITIAL_COMMAND_EX 0x04000000
83 #define FLG_VALID_BITS 0x07FFFFFF
84
85 //
86 // Flags for NtCreateProcessEx
87 //
88 #define PROCESS_CREATE_FLAGS_BREAKAWAY 0x00000001
89 #define PROCESS_CREATE_FLAGS_NO_DEBUG_INHERIT 0x00000002
90 #define PROCESS_CREATE_FLAGS_INHERIT_HANDLES 0x00000004
91 #define PROCESS_CREATE_FLAGS_OVERRIDE_ADDRESS_SPACE 0x00000008
92 #define PROCESS_CREATE_FLAGS_LARGE_PAGES 0x00000010
93
94 //
95 // Process priority classes
96 //
97 #define PROCESS_PRIORITY_CLASS_INVALID 0
98 #define PROCESS_PRIORITY_CLASS_IDLE 1
99 #define PROCESS_PRIORITY_CLASS_NORMAL 2
100 #define PROCESS_PRIORITY_CLASS_HIGH 3
101 #define PROCESS_PRIORITY_CLASS_REALTIME 4
102 #define PROCESS_PRIORITY_CLASS_BELOW_NORMAL 5
103 #define PROCESS_PRIORITY_CLASS_ABOVE_NORMAL 6
104
105 //
106 // NtCreateProcessEx flags
107 //
108 #define PS_REQUEST_BREAKAWAY 1
109 #define PS_NO_DEBUG_INHERIT 2
110 #define PS_INHERIT_HANDLES 4
111 #define PS_LARGE_PAGES 8
112 #define PS_ALL_FLAGS (PS_REQUEST_BREAKAWAY | \
113 PS_NO_DEBUG_INHERIT | \
114 PS_INHERIT_HANDLES | \
115 PS_LARGE_PAGES)
116
117 //
118 // Process base priorities
119 //
120 #define PROCESS_PRIORITY_IDLE 3
121 #define PROCESS_PRIORITY_NORMAL 8
122 #define PROCESS_PRIORITY_NORMAL_FOREGROUND 9
123
124 //
125 // Process memory priorities
126 //
127 #define MEMORY_PRIORITY_BACKGROUND 0
128 #define MEMORY_PRIORITY_UNKNOWN 1
129 #define MEMORY_PRIORITY_FOREGROUND 2
130
131 //
132 // Process Priority Separation Values (OR)
133 //
134 #define PSP_VARIABLE_QUANTUMS 4
135 #define PSP_LONG_QUANTUMS 16
136
137 #ifndef NTOS_MODE_USER
138 //
139 // Thread Access Types
140 //
141 #define THREAD_QUERY_INFORMATION 0x0040
142 #define THREAD_SET_THREAD_TOKEN 0x0080
143 #define THREAD_IMPERSONATE 0x0100
144 #define THREAD_DIRECT_IMPERSONATION 0x0200
145
146 //
147 // Process Access Types
148 //
149 #define PROCESS_TERMINATE 0x0001
150 #define PROCESS_CREATE_THREAD 0x0002
151 #define PROCESS_SET_SESSIONID 0x0004
152 #define PROCESS_VM_OPERATION 0x0008
153 #define PROCESS_VM_READ 0x0010
154 #define PROCESS_VM_WRITE 0x0020
155 #define PROCESS_CREATE_PROCESS 0x0080
156 #define PROCESS_SET_QUOTA 0x0100
157 #define PROCESS_SET_INFORMATION 0x0200
158 #define PROCESS_QUERY_INFORMATION 0x0400
159 #define PROCESS_SUSPEND_RESUME 0x0800
160 #define PROCESS_QUERY_LIMITED_INFORMATION 0x1000
161 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
162 #define PROCESS_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | \
163 SYNCHRONIZE | \
164 0xFFFF)
165 #else
166 #define PROCESS_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | \
167 SYNCHRONIZE | \
168 0xFFF)
169 #endif
170
171 //
172 // Thread Base Priorities
173 //
174 #define THREAD_BASE_PRIORITY_LOWRT 15
175 #define THREAD_BASE_PRIORITY_MAX 2
176 #define THREAD_BASE_PRIORITY_MIN -2
177 #define THREAD_BASE_PRIORITY_IDLE -15
178
179 //
180 // TLS Slots
181 //
182 #define TLS_MINIMUM_AVAILABLE 64
183
184 //
185 // Job Access Types
186 //
187 #define JOB_OBJECT_ASSIGN_PROCESS 0x1
188 #define JOB_OBJECT_SET_ATTRIBUTES 0x2
189 #define JOB_OBJECT_QUERY 0x4
190 #define JOB_OBJECT_TERMINATE 0x8
191 #define JOB_OBJECT_SET_SECURITY_ATTRIBUTES 0x10
192 #define JOB_OBJECT_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | \
193 SYNCHRONIZE | \
194 31)
195
196 //
197 // Job Limit Flags
198 //
199 #define JOB_OBJECT_LIMIT_WORKINGSET 0x1
200 #define JOB_OBJECT_LIMIT_PROCESS_TIME 0x2
201 #define JOB_OBJECT_LIMIT_JOB_TIME 0x4
202 #define JOB_OBJECT_LIMIT_ACTIVE_PROCESS 0x8
203 #define JOB_OBJECT_LIMIT_AFFINITY 0x10
204 #define JOB_OBJECT_LIMIT_PRIORITY_CLASS 0x20
205 #define JOB_OBJECT_LIMIT_PRESERVE_JOB_TIME 0x40
206 #define JOB_OBJECT_LIMIT_SCHEDULING_CLASS 0x80
207 #define JOB_OBJECT_LIMIT_PROCESS_MEMORY 0x100
208 #define JOB_OBJECT_LIMIT_JOB_MEMORY 0x200
209 #define JOB_OBJECT_LIMIT_DIE_ON_UNHANDLED_EXCEPTION 0x400
210 #define JOB_OBJECT_LIMIT_BREAKAWAY_OK 0x800
211 #define JOB_OBJECT_LIMIT_SILENT_BREAKAWAY_OK 0x1000
212 #define JOB_OBJECT_LIMIT_KILL_ON_JOB_CLOSE 0x2000
213
214 //
215 // Cross Thread Flags
216 //
217 #define CT_TERMINATED_BIT 0x1
218 #define CT_DEAD_THREAD_BIT 0x2
219 #define CT_HIDE_FROM_DEBUGGER_BIT 0x4
220 #define CT_ACTIVE_IMPERSONATION_INFO_BIT 0x8
221 #define CT_SYSTEM_THREAD_BIT 0x10
222 #define CT_HARD_ERRORS_ARE_DISABLED_BIT 0x20
223 #define CT_BREAK_ON_TERMINATION_BIT 0x40
224 #define CT_SKIP_CREATION_MSG_BIT 0x80
225 #define CT_SKIP_TERMINATION_MSG_BIT 0x100
226
227 //
228 // Same Thread Passive Flags
229 //
230 #define STP_ACTIVE_EX_WORKER_BIT 0x1
231 #define STP_EX_WORKER_CAN_WAIT_USER_BIT 0x2
232 #define STP_MEMORY_MAKER_BIT 0x4
233 #define STP_KEYED_EVENT_IN_USE_BIT 0x8
234
235 //
236 // Same Thread APC Flags
237 //
238 #define STA_LPC_RECEIVED_MSG_ID_VALID_BIT 0x1
239 #define STA_LPC_EXIT_THREAD_CALLED_BIT 0x2
240 #define STA_ADDRESS_SPACE_OWNER_BIT 0x4
241 #define STA_OWNS_WORKING_SET_BITS 0x1F8
242
243 //
244 // Kernel Process flags (maybe in ketypes.h?)
245 //
246 #define KPSF_AUTO_ALIGNMENT_BIT 0
247 #define KPSF_DISABLE_BOOST_BIT 1
248
249 //
250 // Process Flags
251 //
252 #define PSF_CREATE_REPORTED_BIT 0x1
253 #define PSF_NO_DEBUG_INHERIT_BIT 0x2
254 #define PSF_PROCESS_EXITING_BIT 0x4
255 #define PSF_PROCESS_DELETE_BIT 0x8
256 #define PSF_WOW64_SPLIT_PAGES_BIT 0x10
257 #define PSF_VM_DELETED_BIT 0x20
258 #define PSF_OUTSWAP_ENABLED_BIT 0x40
259 #define PSF_OUTSWAPPED_BIT 0x80
260 #define PSF_FORK_FAILED_BIT 0x100
261 #define PSF_WOW64_VA_SPACE_4GB_BIT 0x200
262 #define PSF_ADDRESS_SPACE_INITIALIZED_BIT 0x400
263 #define PSF_SET_TIMER_RESOLUTION_BIT 0x1000
264 #define PSF_BREAK_ON_TERMINATION_BIT 0x2000
265 #define PSF_SESSION_CREATION_UNDERWAY_BIT 0x4000
266 #define PSF_WRITE_WATCH_BIT 0x8000
267 #define PSF_PROCESS_IN_SESSION_BIT 0x10000
268 #define PSF_OVERRIDE_ADDRESS_SPACE_BIT 0x20000
269 #define PSF_HAS_ADDRESS_SPACE_BIT 0x40000
270 #define PSF_LAUNCH_PREFETCHED_BIT 0x80000
271 #define PSF_INJECT_INPAGE_ERRORS_BIT 0x100000
272 #define PSF_VM_TOP_DOWN_BIT 0x200000
273 #define PSF_IMAGE_NOTIFY_DONE_BIT 0x400000
274 #define PSF_PDE_UPDATE_NEEDED_BIT 0x800000
275 #define PSF_VDM_ALLOWED_BIT 0x1000000
276 #define PSF_SWAP_ALLOWED_BIT 0x2000000
277 #define PSF_CREATE_FAILED_BIT 0x4000000
278 #define PSF_DEFAULT_IO_PRIORITY_BIT 0x8000000
279
280 //
281 // Vista Process Flags
282 //
283 #define PSF2_PROTECTED_BIT 0x800
284 #endif
285
286 //
287 // TLS/FLS Defines
288 //
289 #define TLS_EXPANSION_SLOTS 1024
290
291 #ifdef NTOS_MODE_USER
292 //
293 // Thread Native Base Priorities
294 //
295 #define LOW_PRIORITY 0
296 #define LOW_REALTIME_PRIORITY 16
297 #define HIGH_PRIORITY 31
298 #define MAXIMUM_PRIORITY 32
299
300 //
301 // Current Process/Thread built-in 'special' handles
302 //
303 #define NtCurrentProcess() ((HANDLE)(LONG_PTR)-1)
304 #define ZwCurrentProcess() NtCurrentProcess()
305 #define NtCurrentThread() ((HANDLE)(LONG_PTR)-2)
306 #define ZwCurrentThread() NtCurrentThread()
307
308 //
309 // Process/Thread/Job Information Classes for NtQueryInformationProcess/Thread/Job
310 //
311 typedef enum _PROCESSINFOCLASS
312 {
313 ProcessBasicInformation,
314 ProcessQuotaLimits,
315 ProcessIoCounters,
316 ProcessVmCounters,
317 ProcessTimes,
318 ProcessBasePriority,
319 ProcessRaisePriority,
320 ProcessDebugPort,
321 ProcessExceptionPort,
322 ProcessAccessToken,
323 ProcessLdtInformation,
324 ProcessLdtSize,
325 ProcessDefaultHardErrorMode,
326 ProcessIoPortHandlers,
327 ProcessPooledUsageAndLimits,
328 ProcessWorkingSetWatch,
329 ProcessUserModeIOPL,
330 ProcessEnableAlignmentFaultFixup,
331 ProcessPriorityClass,
332 ProcessWx86Information,
333 ProcessHandleCount,
334 ProcessAffinityMask,
335 ProcessPriorityBoost,
336 ProcessDeviceMap,
337 ProcessSessionInformation,
338 ProcessForegroundInformation,
339 ProcessWow64Information,
340 ProcessImageFileName,
341 ProcessLUIDDeviceMapsEnabled,
342 ProcessBreakOnTermination,
343 ProcessDebugObjectHandle,
344 ProcessDebugFlags,
345 ProcessHandleTracing,
346 ProcessIoPriority,
347 ProcessExecuteFlags,
348 ProcessTlsInformation,
349 ProcessCookie,
350 ProcessImageInformation,
351 ProcessCycleTime,
352 ProcessPagePriority,
353 ProcessInstrumentationCallback,
354 ProcessThreadStackAllocation,
355 ProcessWorkingSetWatchEx,
356 ProcessImageFileNameWin32,
357 ProcessImageFileMapping,
358 ProcessAffinityUpdateMode,
359 ProcessMemoryAllocationMode,
360 MaxProcessInfoClass
361 } PROCESSINFOCLASS;
362
363 typedef enum _THREADINFOCLASS
364 {
365 ThreadBasicInformation,
366 ThreadTimes,
367 ThreadPriority,
368 ThreadBasePriority,
369 ThreadAffinityMask,
370 ThreadImpersonationToken,
371 ThreadDescriptorTableEntry,
372 ThreadEnableAlignmentFaultFixup,
373 ThreadEventPair_Reusable,
374 ThreadQuerySetWin32StartAddress,
375 ThreadZeroTlsCell,
376 ThreadPerformanceCount,
377 ThreadAmILastThread,
378 ThreadIdealProcessor,
379 ThreadPriorityBoost,
380 ThreadSetTlsArrayAddress,
381 ThreadIsIoPending,
382 ThreadHideFromDebugger,
383 ThreadBreakOnTermination,
384 ThreadSwitchLegacyState,
385 ThreadIsTerminated,
386 ThreadLastSystemCall,
387 ThreadIoPriority,
388 ThreadCycleTime,
389 ThreadPagePriority,
390 ThreadActualBasePriority,
391 ThreadTebInformation,
392 ThreadCSwitchMon,
393 MaxThreadInfoClass
394 } THREADINFOCLASS;
395
396 #else
397
398 typedef enum _PSPROCESSPRIORITYMODE
399 {
400 PsProcessPriorityForeground,
401 PsProcessPriorityBackground,
402 PsProcessPrioritySpinning
403 } PSPROCESSPRIORITYMODE;
404
405 typedef enum _JOBOBJECTINFOCLASS
406 {
407 JobObjectBasicAccountingInformation = 1,
408 JobObjectBasicLimitInformation,
409 JobObjectBasicProcessIdList,
410 JobObjectBasicUIRestrictions,
411 JobObjectSecurityLimitInformation,
412 JobObjectEndOfJobTimeInformation,
413 JobObjectAssociateCompletionPortInformation,
414 JobObjectBasicAndIoAccountingInformation,
415 JobObjectExtendedLimitInformation,
416 JobObjectJobSetInformation,
417 MaxJobObjectInfoClass
418 } JOBOBJECTINFOCLASS;
419
420 //
421 // Power Event Events for Win32K Power Event Callback
422 //
423 typedef enum _PSPOWEREVENTTYPE
424 {
425 PsW32FullWake = 0,
426 PsW32EventCode = 1,
427 PsW32PowerPolicyChanged = 2,
428 PsW32SystemPowerState = 3,
429 PsW32SystemTime = 4,
430 PsW32DisplayState = 5,
431 PsW32CapabilitiesChanged = 6,
432 PsW32SetStateFailed = 7,
433 PsW32GdiOff = 8,
434 PsW32GdiOn = 9,
435 PsW32GdiPrepareResumeUI = 10,
436 PsW32GdiOffRequest = 11,
437 PsW32MonitorOff = 12,
438 } PSPOWEREVENTTYPE;
439
440 //
441 // Power State Tasks for Win32K Power State Callback
442 //
443 typedef enum _POWERSTATETASK
444 {
445 PowerState_BlockSessionSwitch = 0,
446 PowerState_Init = 1,
447 PowerState_QueryApps = 2,
448 PowerState_QueryServices = 3,
449 PowerState_QueryAppsFailed = 4,
450 PowerState_QueryServicesFailed = 5,
451 PowerState_SuspendApps = 6,
452 PowerState_SuspendServices = 7,
453 PowerState_ShowUI = 8,
454 PowerState_NotifyWL = 9,
455 PowerState_ResumeApps = 10,
456 PowerState_ResumeServices = 11,
457 PowerState_UnBlockSessionSwitch = 12,
458 PowerState_End = 13,
459 PowerState_BlockInput = 14,
460 PowerState_UnblockInput = 15,
461 } POWERSTATETASK;
462
463 //
464 // Win32K Job Callback Types
465 //
466 typedef enum _PSW32JOBCALLOUTTYPE
467 {
468 PsW32JobCalloutSetInformation = 0,
469 PsW32JobCalloutAddProcess = 1,
470 PsW32JobCalloutTerminate = 2,
471 } PSW32JOBCALLOUTTYPE;
472
473 //
474 // Win32K Thread Callback Types
475 //
476 typedef enum _PSW32THREADCALLOUTTYPE
477 {
478 PsW32ThreadCalloutInitialize,
479 PsW32ThreadCalloutExit,
480 } PSW32THREADCALLOUTTYPE;
481
482 //
483 // Declare empty structure definitions so that they may be referenced by
484 // routines before they are defined
485 //
486 struct _W32THREAD;
487 struct _W32PROCESS;
488 //struct _ETHREAD;
489 struct _WIN32_POWEREVENT_PARAMETERS;
490 struct _WIN32_POWERSTATE_PARAMETERS;
491 struct _WIN32_JOBCALLOUT_PARAMETERS;
492 struct _WIN32_OPENMETHOD_PARAMETERS;
493 struct _WIN32_OKAYTOCLOSEMETHOD_PARAMETERS;
494 struct _WIN32_CLOSEMETHOD_PARAMETERS;
495 struct _WIN32_DELETEMETHOD_PARAMETERS;
496 struct _WIN32_PARSEMETHOD_PARAMETERS;
497
498 //
499 // Win32K Process and Thread Callbacks
500 //
501 typedef
502 NTSTATUS
503 (NTAPI *PKWIN32_PROCESS_CALLOUT)(
504 struct _EPROCESS *Process,
505 BOOLEAN Create
506 );
507
508 typedef
509 NTSTATUS
510 (NTAPI *PKWIN32_THREAD_CALLOUT)(
511 struct _ETHREAD *Thread,
512 PSW32THREADCALLOUTTYPE Type
513 );
514
515 typedef
516 NTSTATUS
517 (NTAPI *PKWIN32_GLOBALATOMTABLE_CALLOUT)(
518 VOID
519 );
520
521 typedef
522 NTSTATUS
523 (NTAPI *PKWIN32_POWEREVENT_CALLOUT)(
524 struct _WIN32_POWEREVENT_PARAMETERS *Parameters
525 );
526
527 typedef
528 NTSTATUS
529 (NTAPI *PKWIN32_POWERSTATE_CALLOUT)(
530 struct _WIN32_POWERSTATE_PARAMETERS *Parameters
531 );
532
533 typedef
534 NTSTATUS
535 (NTAPI *PKWIN32_JOB_CALLOUT)(
536 struct _WIN32_JOBCALLOUT_PARAMETERS *Parameters
537 );
538
539 typedef
540 NTSTATUS
541 (NTAPI *PGDI_BATCHFLUSH_ROUTINE)(
542 VOID
543 );
544
545 typedef
546 NTSTATUS
547 (NTAPI *PKWIN32_OPENMETHOD_CALLOUT)(
548 struct _WIN32_OPENMETHOD_PARAMETERS *Parameters
549 );
550
551 typedef
552 NTSTATUS
553 (NTAPI *PKWIN32_OKTOCLOSEMETHOD_CALLOUT)(
554 struct _WIN32_OKAYTOCLOSEMETHOD_PARAMETERS *Parameters
555 );
556
557 typedef
558 NTSTATUS
559 (NTAPI *PKWIN32_CLOSEMETHOD_CALLOUT)(
560 struct _WIN32_CLOSEMETHOD_PARAMETERS *Parameters
561 );
562
563 typedef
564 VOID
565 (NTAPI *PKWIN32_DELETEMETHOD_CALLOUT)(
566 struct _WIN32_DELETEMETHOD_PARAMETERS *Parameters
567 );
568
569 typedef
570 NTSTATUS
571 (NTAPI *PKWIN32_PARSEMETHOD_CALLOUT)(
572 struct _WIN32_PARSEMETHOD_PARAMETERS *Parameters
573 );
574
575 typedef
576 NTSTATUS
577 (NTAPI *PKWIN32_WIN32DATACOLLECTION_CALLOUT)(
578 struct _EPROCESS *Process,
579 PVOID Callback,
580 PVOID Context
581 );
582
583 //
584 // Lego Callback
585 //
586 typedef
587 VOID
588 (NTAPI *PLEGO_NOTIFY_ROUTINE)(
589 IN PKTHREAD Thread
590 );
591
592 #endif
593
594 typedef NTSTATUS
595 (NTAPI *PPOST_PROCESS_INIT_ROUTINE)(
596 VOID
597 );
598
599 //
600 // Descriptor Table Entry Definition
601 //
602 #if (_M_IX86)
603 #define _DESCRIPTOR_TABLE_ENTRY_DEFINED
604 typedef struct _DESCRIPTOR_TABLE_ENTRY
605 {
606 ULONG Selector;
607 LDT_ENTRY Descriptor;
608 } DESCRIPTOR_TABLE_ENTRY, *PDESCRIPTOR_TABLE_ENTRY;
609 #endif
610
611 //
612 // PEB Lock Routine
613 //
614 typedef VOID
615 (NTAPI *PPEBLOCKROUTINE)(
616 PVOID PebLock
617 );
618
619 //
620 // PEB Free Block Descriptor
621 //
622 typedef struct _PEB_FREE_BLOCK
623 {
624 struct _PEB_FREE_BLOCK* Next;
625 ULONG Size;
626 } PEB_FREE_BLOCK, *PPEB_FREE_BLOCK;
627
628 //
629 // Initial PEB
630 //
631 typedef struct _INITIAL_PEB
632 {
633 BOOLEAN InheritedAddressSpace;
634 BOOLEAN ReadImageFileExecOptions;
635 BOOLEAN BeingDebugged;
636 union
637 {
638 BOOLEAN BitField;
639 #if (NTDDI_VERSION >= NTDDI_WS03)
640 struct
641 {
642 BOOLEAN ImageUsesLargePages:1;
643 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
644 BOOLEAN IsProtectedProcess:1;
645 BOOLEAN IsLegacyProcess:1;
646 BOOLEAN SpareBits:5;
647 #else
648 BOOLEAN SpareBits:7;
649 #endif
650 };
651 #else
652 BOOLEAN SpareBool;
653 #endif
654 };
655 HANDLE Mutant;
656 } INITIAL_PEB, *PINITIAL_PEB;
657
658 //
659 // Initial TEB
660 //
661 typedef struct _INITIAL_TEB
662 {
663 PVOID PreviousStackBase;
664 PVOID PreviousStackLimit;
665 PVOID StackBase;
666 PVOID StackLimit;
667 PVOID AllocatedStackBase;
668 } INITIAL_TEB, *PINITIAL_TEB;
669
670 //
671 // TEB Active Frame Structures
672 //
673 typedef struct _TEB_ACTIVE_FRAME_CONTEXT
674 {
675 ULONG Flags;
676 LPSTR FrameName;
677 } TEB_ACTIVE_FRAME_CONTEXT, *PTEB_ACTIVE_FRAME_CONTEXT;
678
679 typedef struct _TEB_ACTIVE_FRAME
680 {
681 ULONG Flags;
682 struct _TEB_ACTIVE_FRAME *Previous;
683 PTEB_ACTIVE_FRAME_CONTEXT Context;
684 } TEB_ACTIVE_FRAME, *PTEB_ACTIVE_FRAME;
685
686 typedef struct _CLIENT_ID32
687 {
688 ULONG UniqueProcess;
689 ULONG UniqueThread;
690 } CLIENT_ID32, *PCLIENT_ID32;
691
692 typedef struct _CLIENT_ID64
693 {
694 ULONG64 UniqueProcess;
695 ULONG64 UniqueThread;
696 } CLIENT_ID64, *PCLIENT_ID64;
697
698 #if (NTDDI_VERSION < NTDDI_WS03)
699 typedef struct _Wx86ThreadState
700 {
701 PULONG CallBx86Eip;
702 PVOID DeallocationCpu;
703 BOOLEAN UseKnownWx86Dll;
704 CHAR OleStubInvoked;
705 } Wx86ThreadState, *PWx86ThreadState;
706 #endif
707
708
709 //
710 // Process Environment Block (PEB)
711 // Thread Environment Block (TEB)
712 //
713 #include "peb_teb.h"
714
715 #ifdef _WIN64
716 //
717 // Explicit 32 bit PEB/TEB
718 //
719 #define EXPLICIT_32BIT
720 #include "peb_teb.h"
721 #undef EXPLICIT_32BIT
722
723 //
724 // Explicit 64 bit PEB/TEB
725 //
726 #define EXPLICIT_64BIT
727 #include "peb_teb.h"
728 #undef EXPLICIT_64BIT
729 #endif
730
731 #ifdef NTOS_MODE_USER
732
733 //
734 // Process Information Structures for NtQueryProcessInformation
735 //
736 typedef struct _PROCESS_BASIC_INFORMATION
737 {
738 NTSTATUS ExitStatus;
739 PPEB PebBaseAddress;
740 ULONG_PTR AffinityMask;
741 KPRIORITY BasePriority;
742 ULONG_PTR UniqueProcessId;
743 ULONG_PTR InheritedFromUniqueProcessId;
744 } PROCESS_BASIC_INFORMATION, *PPROCESS_BASIC_INFORMATION;
745
746 typedef struct _PROCESS_ACCESS_TOKEN
747 {
748 HANDLE Token;
749 HANDLE Thread;
750 } PROCESS_ACCESS_TOKEN, *PPROCESS_ACCESS_TOKEN;
751
752 typedef struct _PROCESS_DEVICEMAP_INFORMATION
753 {
754 union
755 {
756 struct
757 {
758 HANDLE DirectoryHandle;
759 } Set;
760 struct
761 {
762 ULONG DriveMap;
763 UCHAR DriveType[32];
764 } Query;
765 };
766 } PROCESS_DEVICEMAP_INFORMATION, *PPROCESS_DEVICEMAP_INFORMATION;
767
768 typedef struct _KERNEL_USER_TIMES
769 {
770 LARGE_INTEGER CreateTime;
771 LARGE_INTEGER ExitTime;
772 LARGE_INTEGER KernelTime;
773 LARGE_INTEGER UserTime;
774 } KERNEL_USER_TIMES, *PKERNEL_USER_TIMES;
775
776 typedef struct _POOLED_USAGE_AND_LIMITS
777 {
778 SIZE_T PeakPagedPoolUsage;
779 SIZE_T PagedPoolUsage;
780 SIZE_T PagedPoolLimit;
781 SIZE_T PeakNonPagedPoolUsage;
782 SIZE_T NonPagedPoolUsage;
783 SIZE_T NonPagedPoolLimit;
784 SIZE_T PeakPagefileUsage;
785 SIZE_T PagefileUsage;
786 SIZE_T PagefileLimit;
787 } POOLED_USAGE_AND_LIMITS, *PPOOLED_USAGE_AND_LIMITS;
788
789 typedef struct _PROCESS_SESSION_INFORMATION
790 {
791 ULONG SessionId;
792 } PROCESS_SESSION_INFORMATION, *PPROCESS_SESSION_INFORMATION;
793
794 #endif
795
796 typedef struct _PROCESS_PRIORITY_CLASS
797 {
798 BOOLEAN Foreground;
799 UCHAR PriorityClass;
800 } PROCESS_PRIORITY_CLASS, *PPROCESS_PRIORITY_CLASS;
801
802 typedef struct _PROCESS_FOREGROUND_BACKGROUND
803 {
804 BOOLEAN Foreground;
805 } PROCESS_FOREGROUND_BACKGROUND, *PPROCESS_FOREGROUND_BACKGROUND;
806
807 //
808 // Thread Information Structures for NtQueryProcessInformation
809 //
810 typedef struct _THREAD_BASIC_INFORMATION
811 {
812 NTSTATUS ExitStatus;
813 PVOID TebBaseAddress;
814 CLIENT_ID ClientId;
815 KAFFINITY AffinityMask;
816 KPRIORITY Priority;
817 KPRIORITY BasePriority;
818 } THREAD_BASIC_INFORMATION, *PTHREAD_BASIC_INFORMATION;
819
820 #ifndef NTOS_MODE_USER
821
822 //
823 // Job Set Array
824 //
825 typedef struct _JOB_SET_ARRAY
826 {
827 HANDLE JobHandle;
828 ULONG MemberLevel;
829 ULONG Flags;
830 } JOB_SET_ARRAY, *PJOB_SET_ARRAY;
831
832 //
833 // EPROCESS Quota Structures
834 //
835 typedef struct _EPROCESS_QUOTA_ENTRY
836 {
837 SIZE_T Usage;
838 SIZE_T Limit;
839 SIZE_T Peak;
840 SIZE_T Return;
841 } EPROCESS_QUOTA_ENTRY, *PEPROCESS_QUOTA_ENTRY;
842
843 typedef struct _EPROCESS_QUOTA_BLOCK
844 {
845 EPROCESS_QUOTA_ENTRY QuotaEntry[3];
846 LIST_ENTRY QuotaList;
847 ULONG ReferenceCount;
848 ULONG ProcessCount;
849 } EPROCESS_QUOTA_BLOCK, *PEPROCESS_QUOTA_BLOCK;
850
851 //
852 // Process Pagefault History
853 //
854 typedef struct _PAGEFAULT_HISTORY
855 {
856 ULONG CurrentIndex;
857 ULONG MapIndex;
858 KSPIN_LOCK SpinLock;
859 PVOID Reserved;
860 PROCESS_WS_WATCH_INFORMATION WatchInfo[1];
861 } PAGEFAULT_HISTORY, *PPAGEFAULT_HISTORY;
862
863 //
864 // Process Impersonation Information
865 //
866 typedef struct _PS_IMPERSONATION_INFORMATION
867 {
868 PACCESS_TOKEN Token;
869 BOOLEAN CopyOnOpen;
870 BOOLEAN EffectiveOnly;
871 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
872 } PS_IMPERSONATION_INFORMATION, *PPS_IMPERSONATION_INFORMATION;
873
874 //
875 // Process Termination Port
876 //
877 typedef struct _TERMINATION_PORT
878 {
879 struct _TERMINATION_PORT *Next;
880 PVOID Port;
881 } TERMINATION_PORT, *PTERMINATION_PORT;
882
883 //
884 // Per-Process APC Rate Limiting
885 //
886 typedef struct _PSP_RATE_APC
887 {
888 union
889 {
890 SINGLE_LIST_ENTRY NextApc;
891 ULONGLONG ExcessCycles;
892 };
893 ULONGLONG TargetGEneration;
894 KAPC RateApc;
895 } PSP_RATE_APC, *PPSP_RATE_APC;
896
897 //
898 // Executive Thread (ETHREAD)
899 //
900 typedef struct _ETHREAD
901 {
902 KTHREAD Tcb;
903 LARGE_INTEGER CreateTime;
904 union
905 {
906 LARGE_INTEGER ExitTime;
907 LIST_ENTRY LpcReplyChain;
908 LIST_ENTRY KeyedWaitChain;
909 };
910 union
911 {
912 NTSTATUS ExitStatus;
913 PVOID OfsChain;
914 };
915 LIST_ENTRY PostBlockList;
916 union
917 {
918 struct _TERMINATION_PORT *TerminationPort;
919 struct _ETHREAD *ReaperLink;
920 PVOID KeyedWaitValue;
921 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
922 PVOID Win32StartParameter;
923 #endif
924 };
925 KSPIN_LOCK ActiveTimerListLock;
926 LIST_ENTRY ActiveTimerListHead;
927 CLIENT_ID Cid;
928 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
929 KSEMAPHORE KeyedWaitSemaphore;
930 #else
931 union
932 {
933 KSEMAPHORE LpcReplySemaphore;
934 KSEMAPHORE KeyedWaitSemaphore;
935 };
936 union
937 {
938 PVOID LpcReplyMessage;
939 PVOID LpcWaitingOnPort;
940 };
941 #endif
942 PPS_IMPERSONATION_INFORMATION ImpersonationInfo;
943 LIST_ENTRY IrpList;
944 ULONG_PTR TopLevelIrp;
945 PDEVICE_OBJECT DeviceToVerify;
946 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
947 PPSP_RATE_APC RateControlApc;
948 #else
949 struct _EPROCESS *ThreadsProcess;
950 #endif
951 PVOID Win32StartAddress;
952 union
953 {
954 PKSTART_ROUTINE StartAddress;
955 ULONG LpcReceivedMessageId;
956 };
957 LIST_ENTRY ThreadListEntry;
958 EX_RUNDOWN_REF RundownProtect;
959 EX_PUSH_LOCK ThreadLock;
960 #if (NTDDI_VERSION < NTDDI_LONGHORN)
961 ULONG LpcReplyMessageId;
962 #endif
963 ULONG ReadClusterSize;
964 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
965 ULONG SpareUlong0;
966 #else
967 ACCESS_MASK GrantedAccess;
968 #endif
969 union
970 {
971 struct
972 {
973 ULONG Terminated:1;
974 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
975 ULONG ThreadInserted:1;
976 #else
977 ULONG DeadThread:1;
978 #endif
979 ULONG HideFromDebugger:1;
980 ULONG ActiveImpersonationInfo:1;
981 ULONG SystemThread:1;
982 ULONG HardErrorsAreDisabled:1;
983 ULONG BreakOnTermination:1;
984 ULONG SkipCreationMsg:1;
985 ULONG SkipTerminationMsg:1;
986 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
987 ULONG CreateMsgSent:1;
988 ULONG ThreadIoPriority:3;
989 ULONG ThreadPagePriority:3;
990 ULONG PendingRatecontrol:1;
991 #endif
992 };
993 ULONG CrossThreadFlags;
994 };
995 union
996 {
997 struct
998 {
999 ULONG ActiveExWorker:1;
1000 ULONG ExWorkerCanWaitUser:1;
1001 ULONG MemoryMaker:1;
1002 ULONG KeyedEventInUse:1;
1003 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1004 ULONG RateApcState:2;
1005 #endif
1006 };
1007 ULONG SameThreadPassiveFlags;
1008 };
1009 union
1010 {
1011 struct
1012 {
1013 ULONG LpcReceivedMsgIdValid:1;
1014 ULONG LpcExitThreadCalled:1;
1015 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1016 ULONG Spare:1;
1017 #else
1018 ULONG AddressSpaceOwner:1;
1019 #endif
1020 ULONG OwnsProcessWorkingSetExclusive:1;
1021 ULONG OwnsProcessWorkingSetShared:1;
1022 ULONG OwnsSystemWorkingSetExclusive:1;
1023 ULONG OwnsSystemWorkingSetShared:1;
1024 ULONG OwnsSessionWorkingSetExclusive:1;
1025 ULONG OwnsSessionWorkingSetShared:1;
1026 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1027 ULONG SupressSymbolLoad:1;
1028 ULONG Spare1:3;
1029 ULONG PriorityRegionActive:4;
1030 #else
1031 ULONG ApcNeeded:1;
1032 #endif
1033 };
1034 ULONG SameThreadApcFlags;
1035 };
1036 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1037 UCHAR CacheManagerActive;
1038 #else
1039 UCHAR ForwardClusterOnly;
1040 #endif
1041 UCHAR DisablePageFaultClustering;
1042 UCHAR ActiveFaultCount;
1043 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1044 ULONG AlpcMessageId;
1045 union
1046 {
1047 PVOID AlpcMessage;
1048 ULONG AlpcReceiveAttributeSet;
1049 };
1050 LIST_ENTRY AlpcWaitListEntry;
1051 KSEMAPHORE AlpcWaitSemaphore;
1052 ULONG CacheManagerCount;
1053 #endif
1054 } ETHREAD;
1055
1056 //
1057 // Executive Process (EPROCESS)
1058 //
1059 typedef struct _EPROCESS
1060 {
1061 KPROCESS Pcb;
1062 EX_PUSH_LOCK ProcessLock;
1063 LARGE_INTEGER CreateTime;
1064 LARGE_INTEGER ExitTime;
1065 EX_RUNDOWN_REF RundownProtect;
1066 HANDLE UniqueProcessId;
1067 LIST_ENTRY ActiveProcessLinks;
1068 SIZE_T QuotaUsage[3]; /* 0=PagedPool, 1=NonPagedPool, 2=Pagefile */
1069 SIZE_T QuotaPeak[3]; /* ditto */
1070 SIZE_T CommitCharge;
1071 SIZE_T PeakVirtualSize;
1072 SIZE_T VirtualSize;
1073 LIST_ENTRY SessionProcessLinks;
1074 PVOID DebugPort;
1075 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1076 union
1077 {
1078 PVOID ExceptionPortData;
1079 ULONG ExceptionPortValue;
1080 UCHAR ExceptionPortState:3;
1081 };
1082 #else
1083 PVOID ExceptionPort;
1084 #endif
1085 PHANDLE_TABLE ObjectTable;
1086 EX_FAST_REF Token;
1087 PFN_NUMBER WorkingSetPage;
1088 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1089 EX_PUSH_LOCK AddressCreationLock;
1090 PETHREAD RotateInProgress;
1091 #else
1092 KGUARDED_MUTEX AddressCreationLock;
1093 KSPIN_LOCK HyperSpaceLock;
1094 #endif
1095 PETHREAD ForkInProgress;
1096 ULONG_PTR HardwareTrigger;
1097 PMM_AVL_TABLE PhysicalVadRoot;
1098 PVOID CloneRoot;
1099 PFN_NUMBER NumberOfPrivatePages;
1100 PFN_NUMBER NumberOfLockedPages;
1101 PVOID *Win32Process;
1102 struct _EJOB *Job;
1103 PVOID SectionObject;
1104 PVOID SectionBaseAddress;
1105 PEPROCESS_QUOTA_BLOCK QuotaBlock;
1106 PPAGEFAULT_HISTORY WorkingSetWatch;
1107 PVOID Win32WindowStation;
1108 HANDLE InheritedFromUniqueProcessId;
1109 PVOID LdtInformation;
1110 PVOID VadFreeHint;
1111 PVOID VdmObjects;
1112 PVOID DeviceMap;
1113 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1114 PVOID EtwDataSource;
1115 PVOID FreeTebHint;
1116 #else
1117 PVOID Spare0[3];
1118 #endif
1119 union
1120 {
1121 HARDWARE_PTE PageDirectoryPte;
1122 ULONGLONG Filler;
1123 };
1124 PVOID Session;
1125 CHAR ImageFileName[16];
1126 LIST_ENTRY JobLinks;
1127 PVOID LockedPagesList;
1128 LIST_ENTRY ThreadListHead;
1129 PVOID SecurityPort;
1130 #ifdef _M_AMD64
1131 struct _WOW64_PROCESS *Wow64Process;
1132 #else
1133 PVOID PaeTop;
1134 #endif
1135 ULONG ActiveThreads;
1136 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1137 ULONG ImagePathHash;
1138 #else
1139 ACCESS_MASK GrantedAccess;
1140 #endif
1141 ULONG DefaultHardErrorProcessing;
1142 NTSTATUS LastThreadExitStatus;
1143 struct _PEB* Peb;
1144 EX_FAST_REF PrefetchTrace;
1145 LARGE_INTEGER ReadOperationCount;
1146 LARGE_INTEGER WriteOperationCount;
1147 LARGE_INTEGER OtherOperationCount;
1148 LARGE_INTEGER ReadTransferCount;
1149 LARGE_INTEGER WriteTransferCount;
1150 LARGE_INTEGER OtherTransferCount;
1151 SIZE_T CommitChargeLimit;
1152 SIZE_T CommitChargePeak;
1153 PVOID AweInfo;
1154 SE_AUDIT_PROCESS_CREATION_INFO SeAuditProcessCreationInfo;
1155 MMSUPPORT Vm;
1156 #ifdef _M_AMD64
1157 ULONG Spares[2];
1158 #else
1159 LIST_ENTRY MmProcessLinks;
1160 #endif
1161 ULONG ModifiedPageCount;
1162 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1163 union
1164 {
1165 struct
1166 {
1167 ULONG JobNotReallyActive:1;
1168 ULONG AccountingFolded:1;
1169 ULONG NewProcessReported:1;
1170 ULONG ExitProcessReported:1;
1171 ULONG ReportCommitChanges:1;
1172 ULONG LastReportMemory:1;
1173 ULONG ReportPhysicalPageChanges:1;
1174 ULONG HandleTableRundown:1;
1175 ULONG NeedsHandleRundown:1;
1176 ULONG RefTraceEnabled:1;
1177 ULONG NumaAware:1;
1178 ULONG ProtectedProcess:1;
1179 ULONG DefaultPagePriority:3;
1180 ULONG ProcessDeleteSelf:1;
1181 ULONG ProcessVerifierTarget:1;
1182 };
1183 ULONG Flags2;
1184 };
1185 #else
1186 ULONG JobStatus;
1187 #endif
1188 union
1189 {
1190 struct
1191 {
1192 ULONG CreateReported:1;
1193 ULONG NoDebugInherit:1;
1194 ULONG ProcessExiting:1;
1195 ULONG ProcessDelete:1;
1196 ULONG Wow64SplitPages:1;
1197 ULONG VmDeleted:1;
1198 ULONG OutswapEnabled:1;
1199 ULONG Outswapped:1;
1200 ULONG ForkFailed:1;
1201 ULONG Wow64VaSpace4Gb:1;
1202 ULONG AddressSpaceInitialized:2;
1203 ULONG SetTimerResolution:1;
1204 ULONG BreakOnTermination:1;
1205 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1206 ULONG DeprioritizeViews:1;
1207 #else
1208 ULONG SessionCreationUnderway:1;
1209 #endif
1210 ULONG WriteWatch:1;
1211 ULONG ProcessInSession:1;
1212 ULONG OverrideAddressSpace:1;
1213 ULONG HasAddressSpace:1;
1214 ULONG LaunchPrefetched:1;
1215 ULONG InjectInpageErrors:1;
1216 ULONG VmTopDown:1;
1217 ULONG ImageNotifyDone:1;
1218 ULONG PdeUpdateNeeded:1;
1219 ULONG VdmAllowed:1;
1220 ULONG SmapAllowed:1;
1221 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1222 ULONG ProcessInserted:1;
1223 #else
1224 ULONG CreateFailed:1;
1225 #endif
1226 ULONG DefaultIoPriority:3;
1227 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1228 ULONG SparePsFlags1:2;
1229 #else
1230 ULONG Spare1:1;
1231 ULONG Spare2:1;
1232 #endif
1233 };
1234 ULONG Flags;
1235 };
1236 NTSTATUS ExitStatus;
1237 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1238 USHORT Spare7;
1239 #else
1240 USHORT NextPageColor;
1241 #endif
1242 union
1243 {
1244 struct
1245 {
1246 UCHAR SubSystemMinorVersion;
1247 UCHAR SubSystemMajorVersion;
1248 };
1249 USHORT SubSystemVersion;
1250 };
1251 UCHAR PriorityClass;
1252 MM_AVL_TABLE VadRoot;
1253 ULONG Cookie;
1254 } EPROCESS;
1255
1256 //
1257 // Job Token Filter Data
1258 //
1259 #include <pshpack1.h>
1260 typedef struct _PS_JOB_TOKEN_FILTER
1261 {
1262 ULONG CapturedSidCount;
1263 PSID_AND_ATTRIBUTES CapturedSids;
1264 ULONG CapturedSidsLength;
1265 ULONG CapturedGroupCount;
1266 PSID_AND_ATTRIBUTES CapturedGroups;
1267 ULONG CapturedGroupsLength;
1268 ULONG CapturedPrivilegeCount;
1269 PLUID_AND_ATTRIBUTES CapturedPrivileges;
1270 ULONG CapturedPrivilegesLength;
1271 } PS_JOB_TOKEN_FILTER, *PPS_JOB_TOKEN_FILTER;
1272
1273 //
1274 // Executive Job (EJOB)
1275 //
1276 typedef struct _EJOB
1277 {
1278 KEVENT Event;
1279 LIST_ENTRY JobLinks;
1280 LIST_ENTRY ProcessListHead;
1281 ERESOURCE JobLock;
1282 LARGE_INTEGER TotalUserTime;
1283 LARGE_INTEGER TotalKernelTime;
1284 LARGE_INTEGER ThisPeriodTotalUserTime;
1285 LARGE_INTEGER ThisPeriodTotalKernelTime;
1286 ULONG TotalPageFaultCount;
1287 ULONG TotalProcesses;
1288 ULONG ActiveProcesses;
1289 ULONG TotalTerminatedProcesses;
1290 LARGE_INTEGER PerProcessUserTimeLimit;
1291 LARGE_INTEGER PerJobUserTimeLimit;
1292 ULONG LimitFlags;
1293 ULONG MinimumWorkingSetSize;
1294 ULONG MaximumWorkingSetSize;
1295 ULONG ActiveProcessLimit;
1296 ULONG Affinity;
1297 UCHAR PriorityClass;
1298 ULONG UIRestrictionsClass;
1299 ULONG SecurityLimitFlags;
1300 PVOID Token;
1301 PPS_JOB_TOKEN_FILTER Filter;
1302 ULONG EndOfJobTimeAction;
1303 PVOID CompletionPort;
1304 PVOID CompletionKey;
1305 ULONG SessionId;
1306 ULONG SchedulingClass;
1307 ULONGLONG ReadOperationCount;
1308 ULONGLONG WriteOperationCount;
1309 ULONGLONG OtherOperationCount;
1310 ULONGLONG ReadTransferCount;
1311 ULONGLONG WriteTransferCount;
1312 ULONGLONG OtherTransferCount;
1313 IO_COUNTERS IoInfo;
1314 ULONG ProcessMemoryLimit;
1315 ULONG JobMemoryLimit;
1316 ULONG PeakProcessMemoryUsed;
1317 ULONG PeakJobMemoryUsed;
1318 ULONG CurrentJobMemoryUsed;
1319 #if (NTDDI_VERSION >= NTDDI_WINXP) && (NTDDI_VERSION < NTDDI_WS03)
1320 FAST_MUTEX MemoryLimitsLock;
1321 #elif (NTDDI_VERSION >= NTDDI_WS03) && (NTDDI_VERSION < NTDDI_LONGHORN)
1322 KGUARDED_MUTEX MemoryLimitsLock;
1323 #elif (NTDDI_VERSION >= NTDDI_LONGHORN)
1324 EX_PUSH_LOCK MemoryLimitsLock;
1325 #endif
1326 LIST_ENTRY JobSetLinks;
1327 ULONG MemberLevel;
1328 ULONG JobFlags;
1329 } EJOB, *PEJOB;
1330 #include <poppack.h>
1331
1332 //
1333 // Win32K Callback Registration Data
1334 //
1335 typedef struct _WIN32_POWEREVENT_PARAMETERS
1336 {
1337 PSPOWEREVENTTYPE EventNumber;
1338 ULONG Code;
1339 } WIN32_POWEREVENT_PARAMETERS, *PWIN32_POWEREVENT_PARAMETERS;
1340
1341 typedef struct _WIN32_POWERSTATE_PARAMETERS
1342 {
1343 UCHAR Promotion;
1344 POWER_ACTION SystemAction;
1345 SYSTEM_POWER_STATE MinSystemState;
1346 ULONG Flags;
1347 POWERSTATETASK PowerStateTask;
1348 } WIN32_POWERSTATE_PARAMETERS, *PWIN32_POWERSTATE_PARAMETERS;
1349
1350 typedef struct _WIN32_JOBCALLOUT_PARAMETERS
1351 {
1352 PVOID Job;
1353 PSW32JOBCALLOUTTYPE CalloutType;
1354 PVOID Data;
1355 } WIN32_JOBCALLOUT_PARAMETERS, *PWIN32_JOBCALLOUT_PARAMETERS;
1356
1357 typedef struct _WIN32_OPENMETHOD_PARAMETERS
1358 {
1359 OB_OPEN_REASON OpenReason;
1360 PEPROCESS Process;
1361 PVOID Object;
1362 ULONG GrantedAccess;
1363 ULONG HandleCount;
1364 } WIN32_OPENMETHOD_PARAMETERS, *PWIN32_OPENMETHOD_PARAMETERS;
1365
1366 typedef struct _WIN32_OKAYTOCLOSEMETHOD_PARAMETERS
1367 {
1368 PEPROCESS Process;
1369 PVOID Object;
1370 HANDLE Handle;
1371 KPROCESSOR_MODE PreviousMode;
1372 } WIN32_OKAYTOCLOSEMETHOD_PARAMETERS, *PWIN32_OKAYTOCLOSEMETHOD_PARAMETERS;
1373
1374 typedef struct _WIN32_CLOSEMETHOD_PARAMETERS
1375 {
1376 PEPROCESS Process;
1377 PVOID Object;
1378 ACCESS_MASK AccessMask;
1379 ULONG ProcessHandleCount;
1380 ULONG SystemHandleCount;
1381 } WIN32_CLOSEMETHOD_PARAMETERS, *PWIN32_CLOSEMETHOD_PARAMETERS;
1382
1383 typedef struct _WIN32_DELETEMETHOD_PARAMETERS
1384 {
1385 PVOID Object;
1386 } WIN32_DELETEMETHOD_PARAMETERS, *PWIN32_DELETEMETHOD_PARAMETERS;
1387
1388 typedef struct _WIN32_PARSEMETHOD_PARAMETERS
1389 {
1390 PVOID ParseObject;
1391 PVOID ObjectType;
1392 PACCESS_STATE AccessState;
1393 KPROCESSOR_MODE AccessMode;
1394 ULONG Attributes;
1395 OUT PUNICODE_STRING CompleteName;
1396 PUNICODE_STRING RemainingName;
1397 PVOID Context;
1398 PSECURITY_QUALITY_OF_SERVICE SecurityQos;
1399 PVOID *Object;
1400 } WIN32_PARSEMETHOD_PARAMETERS, *PWIN32_PARSEMETHOD_PARAMETERS;
1401
1402 typedef struct _WIN32_CALLOUTS_FPNS
1403 {
1404 PKWIN32_PROCESS_CALLOUT ProcessCallout;
1405 PKWIN32_THREAD_CALLOUT ThreadCallout;
1406 PKWIN32_GLOBALATOMTABLE_CALLOUT GlobalAtomTableCallout;
1407 PKWIN32_POWEREVENT_CALLOUT PowerEventCallout;
1408 PKWIN32_POWERSTATE_CALLOUT PowerStateCallout;
1409 PKWIN32_JOB_CALLOUT JobCallout;
1410 PGDI_BATCHFLUSH_ROUTINE BatchFlushRoutine;
1411 PKWIN32_OPENMETHOD_CALLOUT DesktopOpenProcedure;
1412 PKWIN32_OKTOCLOSEMETHOD_CALLOUT DesktopOkToCloseProcedure;
1413 PKWIN32_CLOSEMETHOD_CALLOUT DesktopCloseProcedure;
1414 PKWIN32_DELETEMETHOD_CALLOUT DesktopDeleteProcedure;
1415 PKWIN32_OKTOCLOSEMETHOD_CALLOUT WindowStationOkToCloseProcedure;
1416 PKWIN32_CLOSEMETHOD_CALLOUT WindowStationCloseProcedure;
1417 PKWIN32_DELETEMETHOD_CALLOUT WindowStationDeleteProcedure;
1418 PKWIN32_PARSEMETHOD_CALLOUT WindowStationParseProcedure;
1419 PKWIN32_OPENMETHOD_CALLOUT WindowStationOpenProcedure;
1420 PKWIN32_WIN32DATACOLLECTION_CALLOUT Win32DataCollectionProcedure;
1421 } WIN32_CALLOUTS_FPNS, *PWIN32_CALLOUTS_FPNS;
1422
1423 #endif // !NTOS_MODE_USER
1424
1425 #endif // _PSTYPES_H