8e61f3b071b47b8c302c49536cc98a407ae23091
[reactos.git] / reactos / include / ndk / pstypes.h
1 /*++ NDK Version: 0098
2
3 Copyright (c) Alex Ionescu. All rights reserved.
4
5 Header Name:
6
7 pstypes.h
8
9 Abstract:
10
11 Type definitions for the Process Manager
12
13 Author:
14
15 Alex Ionescu (alexi@tinykrnl.org) - Updated - 27-Feb-2006
16
17 --*/
18
19 #ifndef _PSTYPES_H
20 #define _PSTYPES_H
21
22 //
23 // Dependencies
24 //
25 #include <umtypes.h>
26 #include <ldrtypes.h>
27 #include <mmtypes.h>
28 #include <obtypes.h>
29 #include <rtltypes.h>
30 #ifndef NTOS_MODE_USER
31 #include <extypes.h>
32 #include <setypes.h>
33 #endif
34
35 //
36 // KUSER_SHARED_DATA location in User Mode
37 //
38 #define USER_SHARED_DATA (0x7FFE0000)
39
40 //
41 // Global Flags
42 //
43 #define FLG_STOP_ON_EXCEPTION 0x00000001
44 #define FLG_SHOW_LDR_SNAPS 0x00000002
45 #define FLG_DEBUG_INITIAL_COMMAND 0x00000004
46 #define FLG_STOP_ON_HUNG_GUI 0x00000008
47 #define FLG_HEAP_ENABLE_TAIL_CHECK 0x00000010
48 #define FLG_HEAP_ENABLE_FREE_CHECK 0x00000020
49 #define FLG_HEAP_VALIDATE_PARAMETERS 0x00000040
50 #define FLG_HEAP_VALIDATE_ALL 0x00000080
51 #define FLG_POOL_ENABLE_TAIL_CHECK 0x00000100
52 #define FLG_POOL_ENABLE_FREE_CHECK 0x00000200
53 #define FLG_POOL_ENABLE_TAGGING 0x00000400
54 #define FLG_HEAP_ENABLE_TAGGING 0x00000800
55 #define FLG_USER_STACK_TRACE_DB 0x00001000
56 #define FLG_KERNEL_STACK_TRACE_DB 0x00002000
57 #define FLG_MAINTAIN_OBJECT_TYPELIST 0x00004000
58 #define FLG_HEAP_ENABLE_TAG_BY_DLL 0x00008000
59 #define FLG_IGNORE_DEBUG_PRIV 0x00010000
60 #define FLG_ENABLE_CSRDEBUG 0x00020000
61 #define FLG_ENABLE_KDEBUG_SYMBOL_LOAD 0x00040000
62 #define FLG_DISABLE_PAGE_KERNEL_STACKS 0x00080000
63 #if (NTDDI_VERSION < NTDDI_WINXP)
64 #define FLG_HEAP_ENABLE_CALL_TRACING 0x00100000
65 #else
66 #define FLG_ENABLE_SYSTEM_CRIT_BREAKS 0x00100000
67 #endif
68 #define FLG_HEAP_DISABLE_COALESCING 0x00200000
69 #define FLG_ENABLE_CLOSE_EXCEPTIONS 0x00400000
70 #define FLG_ENABLE_EXCEPTION_LOGGING 0x00800000
71 #define FLG_ENABLE_HANDLE_TYPE_TAGGING 0x01000000
72 #define FLG_HEAP_PAGE_ALLOCS 0x02000000
73 #define FLG_DEBUG_INITIAL_COMMAND_EX 0x04000000
74 #define FLG_VALID_BITS 0x07FFFFFF
75
76 //
77 // Flags for NtCreateProcessEx
78 //
79 #define PROCESS_CREATE_FLAGS_BREAKAWAY 0x00000001
80 #define PROCESS_CREATE_FLAGS_NO_DEBUG_INHERIT 0x00000002
81 #define PROCESS_CREATE_FLAGS_INHERIT_HANDLES 0x00000004
82 #define PROCESS_CREATE_FLAGS_OVERRIDE_ADDRESS_SPACE 0x00000008
83 #define PROCESS_CREATE_FLAGS_LARGE_PAGES 0x00000010
84
85 //
86 // Process priority classes
87 //
88 #define PROCESS_PRIORITY_CLASS_INVALID 0
89 #define PROCESS_PRIORITY_CLASS_IDLE 1
90 #define PROCESS_PRIORITY_CLASS_NORMAL 2
91 #define PROCESS_PRIORITY_CLASS_HIGH 3
92 #define PROCESS_PRIORITY_CLASS_REALTIME 4
93 #define PROCESS_PRIORITY_CLASS_BELOW_NORMAL 5
94 #define PROCESS_PRIORITY_CLASS_ABOVE_NORMAL 6
95
96 //
97 // NtCreateProcessEx flags
98 //
99 #define PS_REQUEST_BREAKAWAY 1
100 #define PS_NO_DEBUG_INHERIT 2
101 #define PS_INHERIT_HANDLES 4
102 #define PS_LARGE_PAGES 8
103 #define PS_ALL_FLAGS (PS_REQUEST_BREAKAWAY | \
104 PS_NO_DEBUG_INHERIT | \
105 PS_INHERIT_HANDLES | \
106 PS_LARGE_PAGES)
107
108 //
109 // Process base priorities
110 //
111 #define PROCESS_PRIORITY_IDLE 3
112 #define PROCESS_PRIORITY_NORMAL 8
113 #define PROCESS_PRIORITY_NORMAL_FOREGROUND 9
114
115 //
116 // Process memory priorities
117 //
118 #define MEMORY_PRIORITY_BACKGROUND 0
119 #define MEMORY_PRIORITY_UNKNOWN 1
120 #define MEMORY_PRIORITY_FOREGROUND 2
121
122 //
123 // Process Priority Separation Values (OR)
124 //
125 #define PSP_VARIABLE_QUANTUMS 4
126 #define PSP_LONG_QUANTUMS 16
127
128 #ifndef NTOS_MODE_USER
129 //
130 // Thread Access Types
131 //
132 #define THREAD_QUERY_INFORMATION 0x0040
133 #define THREAD_SET_THREAD_TOKEN 0x0080
134 #define THREAD_IMPERSONATE 0x0100
135 #define THREAD_DIRECT_IMPERSONATION 0x0200
136
137 //
138 // Process Access Types
139 //
140 #define PROCESS_TERMINATE 0x0001
141 #define PROCESS_CREATE_THREAD 0x0002
142 #define PROCESS_SET_SESSIONID 0x0004
143 #define PROCESS_VM_OPERATION 0x0008
144 #define PROCESS_VM_READ 0x0010
145 #define PROCESS_VM_WRITE 0x0020
146 #define PROCESS_CREATE_PROCESS 0x0080
147 #define PROCESS_SET_QUOTA 0x0100
148 #define PROCESS_SET_INFORMATION 0x0200
149 #define PROCESS_QUERY_INFORMATION 0x0400
150 #define PROCESS_SUSPEND_RESUME 0x0800
151 #define PROCESS_QUERY_LIMITED_INFORMATION 0x1000
152 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
153 #define PROCESS_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | \
154 SYNCHRONIZE | \
155 0xFFFF)
156 #else
157 #define PROCESS_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | \
158 SYNCHRONIZE | \
159 0xFFF)
160 #endif
161
162 //
163 // Thread Base Priorities
164 //
165 #define THREAD_BASE_PRIORITY_LOWRT 15
166 #define THREAD_BASE_PRIORITY_MAX 2
167 #define THREAD_BASE_PRIORITY_MIN -2
168 #define THREAD_BASE_PRIORITY_IDLE -15
169
170 //
171 // TLS Slots
172 //
173 #define TLS_MINIMUM_AVAILABLE 64
174
175 //
176 // Job Access Types
177 //
178 #define JOB_OBJECT_ASSIGN_PROCESS 0x1
179 #define JOB_OBJECT_SET_ATTRIBUTES 0x2
180 #define JOB_OBJECT_QUERY 0x4
181 #define JOB_OBJECT_TERMINATE 0x8
182 #define JOB_OBJECT_SET_SECURITY_ATTRIBUTES 0x10
183 #define JOB_OBJECT_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | \
184 SYNCHRONIZE | \
185 31)
186
187 //
188 // Job Limit Flags
189 //
190 #define JOB_OBJECT_LIMIT_WORKINGSET 0x1
191 #define JOB_OBJECT_LIMIT_PROCESS_TIME 0x2
192 #define JOB_OBJECT_LIMIT_JOB_TIME 0x4
193 #define JOB_OBJECT_LIMIT_ACTIVE_PROCESS 0x8
194 #define JOB_OBJECT_LIMIT_AFFINITY 0x10
195 #define JOB_OBJECT_LIMIT_PRIORITY_CLASS 0x20
196 #define JOB_OBJECT_LIMIT_PRESERVE_JOB_TIME 0x40
197 #define JOB_OBJECT_LIMIT_SCHEDULING_CLASS 0x80
198 #define JOB_OBJECT_LIMIT_PROCESS_MEMORY 0x100
199 #define JOB_OBJECT_LIMIT_JOB_MEMORY 0x200
200 #define JOB_OBJECT_LIMIT_DIE_ON_UNHANDLED_EXCEPTION 0x400
201 #define JOB_OBJECT_LIMIT_BREAKAWAY_OK 0x800
202 #define JOB_OBJECT_LIMIT_SILENT_BREAKAWAY_OK 0x1000
203 #define JOB_OBJECT_LIMIT_KILL_ON_JOB_CLOSE 0x2000
204
205 //
206 // Cross Thread Flags
207 //
208 #define CT_TERMINATED_BIT 0x1
209 #define CT_DEAD_THREAD_BIT 0x2
210 #define CT_HIDE_FROM_DEBUGGER_BIT 0x4
211 #define CT_ACTIVE_IMPERSONATION_INFO_BIT 0x8
212 #define CT_SYSTEM_THREAD_BIT 0x10
213 #define CT_HARD_ERRORS_ARE_DISABLED_BIT 0x20
214 #define CT_BREAK_ON_TERMINATION_BIT 0x40
215 #define CT_SKIP_CREATION_MSG_BIT 0x80
216 #define CT_SKIP_TERMINATION_MSG_BIT 0x100
217
218 //
219 // Same Thread Passive Flags
220 //
221 #define STP_ACTIVE_EX_WORKER_BIT 0x1
222 #define STP_EX_WORKER_CAN_WAIT_USER_BIT 0x2
223 #define STP_MEMORY_MAKER_BIT 0x4
224 #define STP_KEYED_EVENT_IN_USE_BIT 0x8
225
226 //
227 // Same Thread APC Flags
228 //
229 #define STA_LPC_RECEIVED_MSG_ID_VALID_BIT 0x1
230 #define STA_LPC_EXIT_THREAD_CALLED_BIT 0x2
231 #define STA_ADDRESS_SPACE_OWNER_BIT 0x4
232 #define STA_OWNS_WORKING_SET_BITS 0x1F8
233
234 //
235 // Kernel Process flags (maybe in ketypes.h?)
236 //
237 #define KPSF_AUTO_ALIGNMENT_BIT 0
238 #define KPSF_DISABLE_BOOST_BIT 1
239
240 //
241 // Process Flags
242 //
243 #define PSF_CREATE_REPORTED_BIT 0x1
244 #define PSF_NO_DEBUG_INHERIT_BIT 0x2
245 #define PSF_PROCESS_EXITING_BIT 0x4
246 #define PSF_PROCESS_DELETE_BIT 0x8
247 #define PSF_WOW64_SPLIT_PAGES_BIT 0x10
248 #define PSF_VM_DELETED_BIT 0x20
249 #define PSF_OUTSWAP_ENABLED_BIT 0x40
250 #define PSF_OUTSWAPPED_BIT 0x80
251 #define PSF_FORK_FAILED_BIT 0x100
252 #define PSF_WOW64_VA_SPACE_4GB_BIT 0x200
253 #define PSF_ADDRESS_SPACE_INITIALIZED_BIT 0x400
254 #define PSF_SET_TIMER_RESOLUTION_BIT 0x1000
255 #define PSF_BREAK_ON_TERMINATION_BIT 0x2000
256 #define PSF_SESSION_CREATION_UNDERWAY_BIT 0x4000
257 #define PSF_WRITE_WATCH_BIT 0x8000
258 #define PSF_PROCESS_IN_SESSION_BIT 0x10000
259 #define PSF_OVERRIDE_ADDRESS_SPACE_BIT 0x20000
260 #define PSF_HAS_ADDRESS_SPACE_BIT 0x40000
261 #define PSF_LAUNCH_PREFETCHED_BIT 0x80000
262 #define PSF_INJECT_INPAGE_ERRORS_BIT 0x100000
263 #define PSF_VM_TOP_DOWN_BIT 0x200000
264 #define PSF_IMAGE_NOTIFY_DONE_BIT 0x400000
265 #define PSF_PDE_UPDATE_NEEDED_BIT 0x800000
266 #define PSF_VDM_ALLOWED_BIT 0x1000000
267 #define PSF_SWAP_ALLOWED_BIT 0x2000000
268 #define PSF_CREATE_FAILED_BIT 0x4000000
269 #define PSF_DEFAULT_IO_PRIORITY_BIT 0x8000000
270
271 //
272 // Vista Process Flags
273 //
274 #define PSF2_PROTECTED_BIT 0x800
275 #endif
276
277 //
278 // TLS/FLS Defines
279 //
280 #define TLS_EXPANSION_SLOTS 1024
281
282 #ifdef NTOS_MODE_USER
283 //
284 // Thread Native Base Priorities
285 //
286 #define LOW_PRIORITY 0
287 #define LOW_REALTIME_PRIORITY 16
288 #define HIGH_PRIORITY 31
289 #define MAXIMUM_PRIORITY 32
290
291 //
292 // Current Process/Thread built-in 'special' handles
293 //
294 #define NtCurrentProcess() ((HANDLE)(LONG_PTR)-1)
295 #define ZwCurrentProcess() NtCurrentProcess()
296 #define NtCurrentThread() ((HANDLE)(LONG_PTR)-2)
297 #define ZwCurrentThread() NtCurrentThread()
298
299 //
300 // Process/Thread/Job Information Classes for NtQueryInformationProcess/Thread/Job
301 //
302 typedef enum _PROCESSINFOCLASS
303 {
304 ProcessBasicInformation,
305 ProcessQuotaLimits,
306 ProcessIoCounters,
307 ProcessVmCounters,
308 ProcessTimes,
309 ProcessBasePriority,
310 ProcessRaisePriority,
311 ProcessDebugPort,
312 ProcessExceptionPort,
313 ProcessAccessToken,
314 ProcessLdtInformation,
315 ProcessLdtSize,
316 ProcessDefaultHardErrorMode,
317 ProcessIoPortHandlers,
318 ProcessPooledUsageAndLimits,
319 ProcessWorkingSetWatch,
320 ProcessUserModeIOPL,
321 ProcessEnableAlignmentFaultFixup,
322 ProcessPriorityClass,
323 ProcessWx86Information,
324 ProcessHandleCount,
325 ProcessAffinityMask,
326 ProcessPriorityBoost,
327 ProcessDeviceMap,
328 ProcessSessionInformation,
329 ProcessForegroundInformation,
330 ProcessWow64Information,
331 ProcessImageFileName,
332 ProcessLUIDDeviceMapsEnabled,
333 ProcessBreakOnTermination,
334 ProcessDebugObjectHandle,
335 ProcessDebugFlags,
336 ProcessHandleTracing,
337 ProcessIoPriority,
338 ProcessExecuteFlags,
339 ProcessTlsInformation,
340 ProcessCookie,
341 ProcessImageInformation,
342 ProcessCycleTime,
343 ProcessPagePriority,
344 ProcessInstrumentationCallback,
345 ProcessThreadStackAllocation,
346 ProcessWorkingSetWatchEx,
347 ProcessImageFileNameWin32,
348 ProcessImageFileMapping,
349 ProcessAffinityUpdateMode,
350 ProcessMemoryAllocationMode,
351 MaxProcessInfoClass
352 } PROCESSINFOCLASS;
353
354 typedef enum _THREADINFOCLASS
355 {
356 ThreadBasicInformation,
357 ThreadTimes,
358 ThreadPriority,
359 ThreadBasePriority,
360 ThreadAffinityMask,
361 ThreadImpersonationToken,
362 ThreadDescriptorTableEntry,
363 ThreadEnableAlignmentFaultFixup,
364 ThreadEventPair_Reusable,
365 ThreadQuerySetWin32StartAddress,
366 ThreadZeroTlsCell,
367 ThreadPerformanceCount,
368 ThreadAmILastThread,
369 ThreadIdealProcessor,
370 ThreadPriorityBoost,
371 ThreadSetTlsArrayAddress,
372 ThreadIsIoPending,
373 ThreadHideFromDebugger,
374 ThreadBreakOnTermination,
375 ThreadSwitchLegacyState,
376 ThreadIsTerminated,
377 ThreadLastSystemCall,
378 ThreadIoPriority,
379 ThreadCycleTime,
380 ThreadPagePriority,
381 ThreadActualBasePriority,
382 ThreadTebInformation,
383 ThreadCSwitchMon,
384 MaxThreadInfoClass
385 } THREADINFOCLASS;
386
387 #else
388
389 typedef enum _PSPROCESSPRIORITYMODE
390 {
391 PsProcessPriorityForeground,
392 PsProcessPriorityBackground,
393 PsProcessPrioritySpinning
394 } PSPROCESSPRIORITYMODE;
395
396 typedef enum _JOBOBJECTINFOCLASS
397 {
398 JobObjectBasicAccountingInformation = 1,
399 JobObjectBasicLimitInformation,
400 JobObjectBasicProcessIdList,
401 JobObjectBasicUIRestrictions,
402 JobObjectSecurityLimitInformation,
403 JobObjectEndOfJobTimeInformation,
404 JobObjectAssociateCompletionPortInformation,
405 JobObjectBasicAndIoAccountingInformation,
406 JobObjectExtendedLimitInformation,
407 JobObjectJobSetInformation,
408 MaxJobObjectInfoClass
409 } JOBOBJECTINFOCLASS;
410
411 //
412 // Power Event Events for Win32K Power Event Callback
413 //
414 typedef enum _PSPOWEREVENTTYPE
415 {
416 PsW32FullWake = 0,
417 PsW32EventCode = 1,
418 PsW32PowerPolicyChanged = 2,
419 PsW32SystemPowerState = 3,
420 PsW32SystemTime = 4,
421 PsW32DisplayState = 5,
422 PsW32CapabilitiesChanged = 6,
423 PsW32SetStateFailed = 7,
424 PsW32GdiOff = 8,
425 PsW32GdiOn = 9,
426 PsW32GdiPrepareResumeUI = 10,
427 PsW32GdiOffRequest = 11,
428 PsW32MonitorOff = 12,
429 } PSPOWEREVENTTYPE;
430
431 //
432 // Power State Tasks for Win32K Power State Callback
433 //
434 typedef enum _POWERSTATETASK
435 {
436 PowerState_BlockSessionSwitch = 0,
437 PowerState_Init = 1,
438 PowerState_QueryApps = 2,
439 PowerState_QueryServices = 3,
440 PowerState_QueryAppsFailed = 4,
441 PowerState_QueryServicesFailed = 5,
442 PowerState_SuspendApps = 6,
443 PowerState_SuspendServices = 7,
444 PowerState_ShowUI = 8,
445 PowerState_NotifyWL = 9,
446 PowerState_ResumeApps = 10,
447 PowerState_ResumeServices = 11,
448 PowerState_UnBlockSessionSwitch = 12,
449 PowerState_End = 13,
450 PowerState_BlockInput = 14,
451 PowerState_UnblockInput = 15,
452 } POWERSTATETASK;
453
454 //
455 // Win32K Job Callback Types
456 //
457 typedef enum _PSW32JOBCALLOUTTYPE
458 {
459 PsW32JobCalloutSetInformation = 0,
460 PsW32JobCalloutAddProcess = 1,
461 PsW32JobCalloutTerminate = 2,
462 } PSW32JOBCALLOUTTYPE;
463
464 //
465 // Win32K Thread Callback Types
466 //
467 typedef enum _PSW32THREADCALLOUTTYPE
468 {
469 PsW32ThreadCalloutInitialize,
470 PsW32ThreadCalloutExit,
471 } PSW32THREADCALLOUTTYPE;
472
473 //
474 // Declare empty structure definitions so that they may be referenced by
475 // routines before they are defined
476 //
477 struct _W32THREAD;
478 struct _W32PROCESS;
479 //struct _ETHREAD;
480 struct _WIN32_POWEREVENT_PARAMETERS;
481 struct _WIN32_POWERSTATE_PARAMETERS;
482 struct _WIN32_JOBCALLOUT_PARAMETERS;
483 struct _WIN32_OPENMETHOD_PARAMETERS;
484 struct _WIN32_OKAYTOCLOSEMETHOD_PARAMETERS;
485 struct _WIN32_CLOSEMETHOD_PARAMETERS;
486 struct _WIN32_DELETEMETHOD_PARAMETERS;
487 struct _WIN32_PARSEMETHOD_PARAMETERS;
488
489 //
490 // Win32K Process and Thread Callbacks
491 //
492 typedef
493 NTSTATUS
494 (NTAPI *PKWIN32_PROCESS_CALLOUT)(
495 struct _EPROCESS *Process,
496 BOOLEAN Create
497 );
498
499 typedef
500 NTSTATUS
501 (NTAPI *PKWIN32_THREAD_CALLOUT)(
502 struct _ETHREAD *Thread,
503 PSW32THREADCALLOUTTYPE Type
504 );
505
506 typedef
507 NTSTATUS
508 (NTAPI *PKWIN32_GLOBALATOMTABLE_CALLOUT)(
509 VOID
510 );
511
512 typedef
513 NTSTATUS
514 (NTAPI *PKWIN32_POWEREVENT_CALLOUT)(
515 struct _WIN32_POWEREVENT_PARAMETERS *Parameters
516 );
517
518 typedef
519 NTSTATUS
520 (NTAPI *PKWIN32_POWERSTATE_CALLOUT)(
521 struct _WIN32_POWERSTATE_PARAMETERS *Parameters
522 );
523
524 typedef
525 NTSTATUS
526 (NTAPI *PKWIN32_JOB_CALLOUT)(
527 struct _WIN32_JOBCALLOUT_PARAMETERS *Parameters
528 );
529
530 typedef
531 NTSTATUS
532 (NTAPI *PGDI_BATCHFLUSH_ROUTINE)(
533 VOID
534 );
535
536 typedef
537 NTSTATUS
538 (NTAPI *PKWIN32_OPENMETHOD_CALLOUT)(
539 struct _WIN32_OPENMETHOD_PARAMETERS *Parameters
540 );
541
542 typedef
543 NTSTATUS
544 (NTAPI *PKWIN32_OKTOCLOSEMETHOD_CALLOUT)(
545 struct _WIN32_OKAYTOCLOSEMETHOD_PARAMETERS *Parameters
546 );
547
548 typedef
549 NTSTATUS
550 (NTAPI *PKWIN32_CLOSEMETHOD_CALLOUT)(
551 struct _WIN32_CLOSEMETHOD_PARAMETERS *Parameters
552 );
553
554 typedef
555 VOID
556 (NTAPI *PKWIN32_DELETEMETHOD_CALLOUT)(
557 struct _WIN32_DELETEMETHOD_PARAMETERS *Parameters
558 );
559
560 typedef
561 NTSTATUS
562 (NTAPI *PKWIN32_PARSEMETHOD_CALLOUT)(
563 struct _WIN32_PARSEMETHOD_PARAMETERS *Parameters
564 );
565
566 typedef
567 NTSTATUS
568 (NTAPI *PKWIN32_WIN32DATACOLLECTION_CALLOUT)(
569 struct _EPROCESS *Process,
570 PVOID Callback,
571 PVOID Context
572 );
573
574 //
575 // Lego Callback
576 //
577 typedef
578 VOID
579 (NTAPI *PLEGO_NOTIFY_ROUTINE)(
580 IN PKTHREAD Thread
581 );
582
583 #endif
584
585 typedef NTSTATUS
586 (NTAPI *PPOST_PROCESS_INIT_ROUTINE)(
587 VOID
588 );
589
590 //
591 // Descriptor Table Entry Definition
592 //
593 #if (_M_IX86)
594 #define _DESCRIPTOR_TABLE_ENTRY_DEFINED
595 typedef struct _DESCRIPTOR_TABLE_ENTRY
596 {
597 ULONG Selector;
598 LDT_ENTRY Descriptor;
599 } DESCRIPTOR_TABLE_ENTRY, *PDESCRIPTOR_TABLE_ENTRY;
600 #endif
601
602 //
603 // PEB Lock Routine
604 //
605 typedef VOID
606 (NTAPI *PPEBLOCKROUTINE)(
607 PVOID PebLock
608 );
609
610 //
611 // PEB Free Block Descriptor
612 //
613 typedef struct _PEB_FREE_BLOCK
614 {
615 struct _PEB_FREE_BLOCK* Next;
616 ULONG Size;
617 } PEB_FREE_BLOCK, *PPEB_FREE_BLOCK;
618
619 //
620 // Initial PEB
621 //
622 typedef struct _INITIAL_PEB
623 {
624 BOOLEAN InheritedAddressSpace;
625 BOOLEAN ReadImageFileExecOptions;
626 BOOLEAN BeingDebugged;
627 union
628 {
629 BOOLEAN BitField;
630 #if (NTDDI_VERSION >= NTDDI_WS03)
631 struct
632 {
633 BOOLEAN ImageUsesLargePages:1;
634 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
635 BOOLEAN IsProtectedProcess:1;
636 BOOLEAN IsLegacyProcess:1;
637 BOOLEAN SpareBits:5;
638 #else
639 BOOLEAN SpareBits:7;
640 #endif
641 };
642 #else
643 BOOLEAN SpareBool;
644 #endif
645 };
646 HANDLE Mutant;
647 } INITIAL_PEB, *PINITIAL_PEB;
648
649 //
650 // Initial TEB
651 //
652 typedef struct _INITIAL_TEB
653 {
654 PVOID PreviousStackBase;
655 PVOID PreviousStackLimit;
656 PVOID StackBase;
657 PVOID StackLimit;
658 PVOID AllocatedStackBase;
659 } INITIAL_TEB, *PINITIAL_TEB;
660
661 //
662 // TEB Active Frame Structures
663 //
664 typedef struct _TEB_ACTIVE_FRAME_CONTEXT
665 {
666 ULONG Flags;
667 LPSTR FrameName;
668 } TEB_ACTIVE_FRAME_CONTEXT, *PTEB_ACTIVE_FRAME_CONTEXT;
669
670 typedef struct _TEB_ACTIVE_FRAME
671 {
672 ULONG Flags;
673 struct _TEB_ACTIVE_FRAME *Previous;
674 PTEB_ACTIVE_FRAME_CONTEXT Context;
675 } TEB_ACTIVE_FRAME, *PTEB_ACTIVE_FRAME;
676
677 typedef struct _CLIENT_ID32
678 {
679 ULONG UniqueProcess;
680 ULONG UniqueThread;
681 } CLIENT_ID32, *PCLIENT_ID32;
682
683 typedef struct _CLIENT_ID64
684 {
685 ULONG64 UniqueProcess;
686 ULONG64 UniqueThread;
687 } CLIENT_ID64, *PCLIENT_ID64;
688
689 #if (NTDDI_VERSION < NTDDI_WS03)
690 typedef struct _Wx86ThreadState
691 {
692 PULONG CallBx86Eip;
693 PVOID DeallocationCpu;
694 BOOLEAN UseKnownWx86Dll;
695 CHAR OleStubInvoked;
696 } Wx86ThreadState, *PWx86ThreadState;
697 #endif
698
699
700 //
701 // Process Environment Block (PEB)
702 // Thread Environment Block (TEB)
703 //
704 #include "peb_teb.h"
705
706 #ifdef _WIN64
707 //
708 // Explicit 32 bit PEB/TEB
709 //
710 #define EXPLICIT_32BIT
711 #include "peb_teb.h"
712 #undef EXPLICIT_32BIT
713
714 //
715 // Explicit 64 bit PEB/TEB
716 //
717 #define EXPLICIT_64BIT
718 #include "peb_teb.h"
719 #undef EXPLICIT_64BIT
720 #endif
721
722 #ifdef NTOS_MODE_USER
723
724 //
725 // Process Information Structures for NtQueryProcessInformation
726 //
727 typedef struct _PROCESS_BASIC_INFORMATION
728 {
729 NTSTATUS ExitStatus;
730 PPEB PebBaseAddress;
731 ULONG_PTR AffinityMask;
732 KPRIORITY BasePriority;
733 ULONG_PTR UniqueProcessId;
734 ULONG_PTR InheritedFromUniqueProcessId;
735 } PROCESS_BASIC_INFORMATION, *PPROCESS_BASIC_INFORMATION;
736
737 typedef struct _PROCESS_ACCESS_TOKEN
738 {
739 HANDLE Token;
740 HANDLE Thread;
741 } PROCESS_ACCESS_TOKEN, *PPROCESS_ACCESS_TOKEN;
742
743 typedef struct _PROCESS_DEVICEMAP_INFORMATION
744 {
745 union
746 {
747 struct
748 {
749 HANDLE DirectoryHandle;
750 } Set;
751 struct
752 {
753 ULONG DriveMap;
754 UCHAR DriveType[32];
755 } Query;
756 };
757 } PROCESS_DEVICEMAP_INFORMATION, *PPROCESS_DEVICEMAP_INFORMATION;
758
759 typedef struct _KERNEL_USER_TIMES
760 {
761 LARGE_INTEGER CreateTime;
762 LARGE_INTEGER ExitTime;
763 LARGE_INTEGER KernelTime;
764 LARGE_INTEGER UserTime;
765 } KERNEL_USER_TIMES, *PKERNEL_USER_TIMES;
766
767 typedef struct _POOLED_USAGE_AND_LIMITS
768 {
769 SIZE_T PeakPagedPoolUsage;
770 SIZE_T PagedPoolUsage;
771 SIZE_T PagedPoolLimit;
772 SIZE_T PeakNonPagedPoolUsage;
773 SIZE_T NonPagedPoolUsage;
774 SIZE_T NonPagedPoolLimit;
775 SIZE_T PeakPagefileUsage;
776 SIZE_T PagefileUsage;
777 SIZE_T PagefileLimit;
778 } POOLED_USAGE_AND_LIMITS, *PPOOLED_USAGE_AND_LIMITS;
779
780 typedef struct _PROCESS_SESSION_INFORMATION
781 {
782 ULONG SessionId;
783 } PROCESS_SESSION_INFORMATION, *PPROCESS_SESSION_INFORMATION;
784
785 #endif
786
787 typedef struct _PROCESS_PRIORITY_CLASS
788 {
789 BOOLEAN Foreground;
790 UCHAR PriorityClass;
791 } PROCESS_PRIORITY_CLASS, *PPROCESS_PRIORITY_CLASS;
792
793 typedef struct _PROCESS_FOREGROUND_BACKGROUND
794 {
795 BOOLEAN Foreground;
796 } PROCESS_FOREGROUND_BACKGROUND, *PPROCESS_FOREGROUND_BACKGROUND;
797
798 //
799 // Thread Information Structures for NtQueryProcessInformation
800 //
801 typedef struct _THREAD_BASIC_INFORMATION
802 {
803 NTSTATUS ExitStatus;
804 PVOID TebBaseAddress;
805 CLIENT_ID ClientId;
806 KAFFINITY AffinityMask;
807 KPRIORITY Priority;
808 KPRIORITY BasePriority;
809 } THREAD_BASIC_INFORMATION, *PTHREAD_BASIC_INFORMATION;
810
811 #ifndef NTOS_MODE_USER
812
813 //
814 // Job Set Array
815 //
816 typedef struct _JOB_SET_ARRAY
817 {
818 HANDLE JobHandle;
819 ULONG MemberLevel;
820 ULONG Flags;
821 } JOB_SET_ARRAY, *PJOB_SET_ARRAY;
822
823 //
824 // EPROCESS Quota Structures
825 //
826 typedef struct _EPROCESS_QUOTA_ENTRY
827 {
828 SIZE_T Usage;
829 SIZE_T Limit;
830 SIZE_T Peak;
831 SIZE_T Return;
832 } EPROCESS_QUOTA_ENTRY, *PEPROCESS_QUOTA_ENTRY;
833
834 typedef struct _EPROCESS_QUOTA_BLOCK
835 {
836 EPROCESS_QUOTA_ENTRY QuotaEntry[3];
837 LIST_ENTRY QuotaList;
838 ULONG ReferenceCount;
839 ULONG ProcessCount;
840 } EPROCESS_QUOTA_BLOCK, *PEPROCESS_QUOTA_BLOCK;
841
842 //
843 // Process Pagefault History
844 //
845 typedef struct _PAGEFAULT_HISTORY
846 {
847 ULONG CurrentIndex;
848 ULONG MapIndex;
849 KSPIN_LOCK SpinLock;
850 PVOID Reserved;
851 PROCESS_WS_WATCH_INFORMATION WatchInfo[1];
852 } PAGEFAULT_HISTORY, *PPAGEFAULT_HISTORY;
853
854 //
855 // Process Impersonation Information
856 //
857 typedef struct _PS_IMPERSONATION_INFORMATION
858 {
859 PACCESS_TOKEN Token;
860 BOOLEAN CopyOnOpen;
861 BOOLEAN EffectiveOnly;
862 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
863 } PS_IMPERSONATION_INFORMATION, *PPS_IMPERSONATION_INFORMATION;
864
865 //
866 // Process Termination Port
867 //
868 typedef struct _TERMINATION_PORT
869 {
870 struct _TERMINATION_PORT *Next;
871 PVOID Port;
872 } TERMINATION_PORT, *PTERMINATION_PORT;
873
874 //
875 // Per-Process APC Rate Limiting
876 //
877 typedef struct _PSP_RATE_APC
878 {
879 union
880 {
881 SINGLE_LIST_ENTRY NextApc;
882 ULONGLONG ExcessCycles;
883 };
884 ULONGLONG TargetGEneration;
885 KAPC RateApc;
886 } PSP_RATE_APC, *PPSP_RATE_APC;
887
888 //
889 // Executive Thread (ETHREAD)
890 //
891 typedef struct _ETHREAD
892 {
893 KTHREAD Tcb;
894 LARGE_INTEGER CreateTime;
895 union
896 {
897 LARGE_INTEGER ExitTime;
898 LIST_ENTRY LpcReplyChain;
899 LIST_ENTRY KeyedWaitChain;
900 };
901 union
902 {
903 NTSTATUS ExitStatus;
904 PVOID OfsChain;
905 };
906 LIST_ENTRY PostBlockList;
907 union
908 {
909 struct _TERMINATION_PORT *TerminationPort;
910 struct _ETHREAD *ReaperLink;
911 PVOID KeyedWaitValue;
912 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
913 PVOID Win32StartParameter;
914 #endif
915 };
916 KSPIN_LOCK ActiveTimerListLock;
917 LIST_ENTRY ActiveTimerListHead;
918 CLIENT_ID Cid;
919 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
920 KSEMAPHORE KeyedWaitSemaphore;
921 #else
922 union
923 {
924 KSEMAPHORE LpcReplySemaphore;
925 KSEMAPHORE KeyedWaitSemaphore;
926 };
927 union
928 {
929 PVOID LpcReplyMessage;
930 PVOID LpcWaitingOnPort;
931 };
932 #endif
933 PPS_IMPERSONATION_INFORMATION ImpersonationInfo;
934 LIST_ENTRY IrpList;
935 ULONG_PTR TopLevelIrp;
936 PDEVICE_OBJECT DeviceToVerify;
937 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
938 PPSP_RATE_APC RateControlApc;
939 #else
940 struct _EPROCESS *ThreadsProcess;
941 #endif
942 PVOID Win32StartAddress;
943 union
944 {
945 PKSTART_ROUTINE StartAddress;
946 ULONG LpcReceivedMessageId;
947 };
948 LIST_ENTRY ThreadListEntry;
949 EX_RUNDOWN_REF RundownProtect;
950 EX_PUSH_LOCK ThreadLock;
951 #if (NTDDI_VERSION < NTDDI_LONGHORN)
952 ULONG LpcReplyMessageId;
953 #endif
954 ULONG ReadClusterSize;
955 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
956 ULONG SpareUlong0;
957 #else
958 ACCESS_MASK GrantedAccess;
959 #endif
960 union
961 {
962 struct
963 {
964 ULONG Terminated:1;
965 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
966 ULONG ThreadInserted:1;
967 #else
968 ULONG DeadThread:1;
969 #endif
970 ULONG HideFromDebugger:1;
971 ULONG ActiveImpersonationInfo:1;
972 ULONG SystemThread:1;
973 ULONG HardErrorsAreDisabled:1;
974 ULONG BreakOnTermination:1;
975 ULONG SkipCreationMsg:1;
976 ULONG SkipTerminationMsg:1;
977 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
978 ULONG CreateMsgSent:1;
979 ULONG ThreadIoPriority:3;
980 ULONG ThreadPagePriority:3;
981 ULONG PendingRatecontrol:1;
982 #endif
983 };
984 ULONG CrossThreadFlags;
985 };
986 union
987 {
988 struct
989 {
990 ULONG ActiveExWorker:1;
991 ULONG ExWorkerCanWaitUser:1;
992 ULONG MemoryMaker:1;
993 ULONG KeyedEventInUse:1;
994 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
995 ULONG RateApcState:2;
996 #endif
997 };
998 ULONG SameThreadPassiveFlags;
999 };
1000 union
1001 {
1002 struct
1003 {
1004 ULONG LpcReceivedMsgIdValid:1;
1005 ULONG LpcExitThreadCalled:1;
1006 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1007 ULONG Spare:1;
1008 #else
1009 ULONG AddressSpaceOwner:1;
1010 #endif
1011 ULONG OwnsProcessWorkingSetExclusive:1;
1012 ULONG OwnsProcessWorkingSetShared:1;
1013 ULONG OwnsSystemWorkingSetExclusive:1;
1014 ULONG OwnsSystemWorkingSetShared:1;
1015 ULONG OwnsSessionWorkingSetExclusive:1;
1016 ULONG OwnsSessionWorkingSetShared:1;
1017 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1018 ULONG SupressSymbolLoad:1;
1019 ULONG Spare1:3;
1020 ULONG PriorityRegionActive:4;
1021 #else
1022 ULONG ApcNeeded:1;
1023 #endif
1024 };
1025 ULONG SameThreadApcFlags;
1026 };
1027 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1028 UCHAR CacheManagerActive;
1029 #else
1030 UCHAR ForwardClusterOnly;
1031 #endif
1032 UCHAR DisablePageFaultClustering;
1033 UCHAR ActiveFaultCount;
1034 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1035 ULONG AlpcMessageId;
1036 union
1037 {
1038 PVOID AlpcMessage;
1039 ULONG AlpcReceiveAttributeSet;
1040 };
1041 LIST_ENTRY AlpcWaitListEntry;
1042 KSEMAPHORE AlpcWaitSemaphore;
1043 ULONG CacheManagerCount;
1044 #endif
1045 } ETHREAD;
1046
1047 //
1048 // Executive Process (EPROCESS)
1049 //
1050 typedef struct _EPROCESS
1051 {
1052 KPROCESS Pcb;
1053 EX_PUSH_LOCK ProcessLock;
1054 LARGE_INTEGER CreateTime;
1055 LARGE_INTEGER ExitTime;
1056 EX_RUNDOWN_REF RundownProtect;
1057 HANDLE UniqueProcessId;
1058 LIST_ENTRY ActiveProcessLinks;
1059 SIZE_T QuotaUsage[3]; /* 0=PagedPool, 1=NonPagedPool, 2=Pagefile */
1060 SIZE_T QuotaPeak[3]; /* ditto */
1061 SIZE_T CommitCharge;
1062 SIZE_T PeakVirtualSize;
1063 SIZE_T VirtualSize;
1064 LIST_ENTRY SessionProcessLinks;
1065 PVOID DebugPort;
1066 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1067 union
1068 {
1069 PVOID ExceptionPortData;
1070 ULONG ExceptionPortValue;
1071 UCHAR ExceptionPortState:3;
1072 };
1073 #else
1074 PVOID ExceptionPort;
1075 #endif
1076 PHANDLE_TABLE ObjectTable;
1077 EX_FAST_REF Token;
1078 PFN_NUMBER WorkingSetPage;
1079 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1080 EX_PUSH_LOCK AddressCreationLock;
1081 PETHREAD RotateInProgress;
1082 #else
1083 KGUARDED_MUTEX AddressCreationLock;
1084 KSPIN_LOCK HyperSpaceLock;
1085 #endif
1086 PETHREAD ForkInProgress;
1087 ULONG_PTR HardwareTrigger;
1088 PMM_AVL_TABLE PhysicalVadRoot;
1089 PVOID CloneRoot;
1090 PFN_NUMBER NumberOfPrivatePages;
1091 PFN_NUMBER NumberOfLockedPages;
1092 PVOID *Win32Process;
1093 struct _EJOB *Job;
1094 PVOID SectionObject;
1095 PVOID SectionBaseAddress;
1096 PEPROCESS_QUOTA_BLOCK QuotaBlock;
1097 PPAGEFAULT_HISTORY WorkingSetWatch;
1098 PVOID Win32WindowStation;
1099 HANDLE InheritedFromUniqueProcessId;
1100 PVOID LdtInformation;
1101 PVOID VadFreeHint;
1102 PVOID VdmObjects;
1103 PVOID DeviceMap;
1104 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1105 PVOID EtwDataSource;
1106 PVOID FreeTebHint;
1107 #else
1108 PVOID Spare0[3];
1109 #endif
1110 union
1111 {
1112 HARDWARE_PTE PageDirectoryPte;
1113 ULONGLONG Filler;
1114 };
1115 PVOID Session;
1116 CHAR ImageFileName[16];
1117 LIST_ENTRY JobLinks;
1118 PVOID LockedPagesList;
1119 LIST_ENTRY ThreadListHead;
1120 PVOID SecurityPort;
1121 #ifdef _M_AMD64
1122 struct _WOW64_PROCESS *Wow64Process;
1123 #else
1124 PVOID PaeTop;
1125 #endif
1126 ULONG ActiveThreads;
1127 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1128 ULONG ImagePathHash;
1129 #else
1130 ACCESS_MASK GrantedAccess;
1131 #endif
1132 ULONG DefaultHardErrorProcessing;
1133 NTSTATUS LastThreadExitStatus;
1134 struct _PEB* Peb;
1135 EX_FAST_REF PrefetchTrace;
1136 LARGE_INTEGER ReadOperationCount;
1137 LARGE_INTEGER WriteOperationCount;
1138 LARGE_INTEGER OtherOperationCount;
1139 LARGE_INTEGER ReadTransferCount;
1140 LARGE_INTEGER WriteTransferCount;
1141 LARGE_INTEGER OtherTransferCount;
1142 SIZE_T CommitChargeLimit;
1143 SIZE_T CommitChargePeak;
1144 PVOID AweInfo;
1145 SE_AUDIT_PROCESS_CREATION_INFO SeAuditProcessCreationInfo;
1146 MMSUPPORT Vm;
1147 #ifdef _M_AMD64
1148 ULONG Spares[2];
1149 #else
1150 LIST_ENTRY MmProcessLinks;
1151 #endif
1152 ULONG ModifiedPageCount;
1153 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1154 union
1155 {
1156 struct
1157 {
1158 ULONG JobNotReallyActive:1;
1159 ULONG AccountingFolded:1;
1160 ULONG NewProcessReported:1;
1161 ULONG ExitProcessReported:1;
1162 ULONG ReportCommitChanges:1;
1163 ULONG LastReportMemory:1;
1164 ULONG ReportPhysicalPageChanges:1;
1165 ULONG HandleTableRundown:1;
1166 ULONG NeedsHandleRundown:1;
1167 ULONG RefTraceEnabled:1;
1168 ULONG NumaAware:1;
1169 ULONG ProtectedProcess:1;
1170 ULONG DefaultPagePriority:3;
1171 ULONG ProcessDeleteSelf:1;
1172 ULONG ProcessVerifierTarget:1;
1173 };
1174 ULONG Flags2;
1175 };
1176 #else
1177 ULONG JobStatus;
1178 #endif
1179 union
1180 {
1181 struct
1182 {
1183 ULONG CreateReported:1;
1184 ULONG NoDebugInherit:1;
1185 ULONG ProcessExiting:1;
1186 ULONG ProcessDelete:1;
1187 ULONG Wow64SplitPages:1;
1188 ULONG VmDeleted:1;
1189 ULONG OutswapEnabled:1;
1190 ULONG Outswapped:1;
1191 ULONG ForkFailed:1;
1192 ULONG Wow64VaSpace4Gb:1;
1193 ULONG AddressSpaceInitialized:2;
1194 ULONG SetTimerResolution:1;
1195 ULONG BreakOnTermination:1;
1196 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1197 ULONG DeprioritizeViews:1;
1198 #else
1199 ULONG SessionCreationUnderway:1;
1200 #endif
1201 ULONG WriteWatch:1;
1202 ULONG ProcessInSession:1;
1203 ULONG OverrideAddressSpace:1;
1204 ULONG HasAddressSpace:1;
1205 ULONG LaunchPrefetched:1;
1206 ULONG InjectInpageErrors:1;
1207 ULONG VmTopDown:1;
1208 ULONG ImageNotifyDone:1;
1209 ULONG PdeUpdateNeeded:1;
1210 ULONG VdmAllowed:1;
1211 ULONG SmapAllowed:1;
1212 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1213 ULONG ProcessInserted:1;
1214 #else
1215 ULONG CreateFailed:1;
1216 #endif
1217 ULONG DefaultIoPriority:3;
1218 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1219 ULONG SparePsFlags1:2;
1220 #else
1221 ULONG Spare1:1;
1222 ULONG Spare2:1;
1223 #endif
1224 };
1225 ULONG Flags;
1226 };
1227 NTSTATUS ExitStatus;
1228 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1229 USHORT Spare7;
1230 #else
1231 USHORT NextPageColor;
1232 #endif
1233 union
1234 {
1235 struct
1236 {
1237 UCHAR SubSystemMinorVersion;
1238 UCHAR SubSystemMajorVersion;
1239 };
1240 USHORT SubSystemVersion;
1241 };
1242 UCHAR PriorityClass;
1243 MM_AVL_TABLE VadRoot;
1244 ULONG Cookie;
1245 } EPROCESS;
1246
1247 //
1248 // Job Token Filter Data
1249 //
1250 #include <pshpack1.h>
1251 typedef struct _PS_JOB_TOKEN_FILTER
1252 {
1253 ULONG CapturedSidCount;
1254 PSID_AND_ATTRIBUTES CapturedSids;
1255 ULONG CapturedSidsLength;
1256 ULONG CapturedGroupCount;
1257 PSID_AND_ATTRIBUTES CapturedGroups;
1258 ULONG CapturedGroupsLength;
1259 ULONG CapturedPrivilegeCount;
1260 PLUID_AND_ATTRIBUTES CapturedPrivileges;
1261 ULONG CapturedPrivilegesLength;
1262 } PS_JOB_TOKEN_FILTER, *PPS_JOB_TOKEN_FILTER;
1263
1264 //
1265 // Executive Job (EJOB)
1266 //
1267 typedef struct _EJOB
1268 {
1269 KEVENT Event;
1270 LIST_ENTRY JobLinks;
1271 LIST_ENTRY ProcessListHead;
1272 ERESOURCE JobLock;
1273 LARGE_INTEGER TotalUserTime;
1274 LARGE_INTEGER TotalKernelTime;
1275 LARGE_INTEGER ThisPeriodTotalUserTime;
1276 LARGE_INTEGER ThisPeriodTotalKernelTime;
1277 ULONG TotalPageFaultCount;
1278 ULONG TotalProcesses;
1279 ULONG ActiveProcesses;
1280 ULONG TotalTerminatedProcesses;
1281 LARGE_INTEGER PerProcessUserTimeLimit;
1282 LARGE_INTEGER PerJobUserTimeLimit;
1283 ULONG LimitFlags;
1284 ULONG MinimumWorkingSetSize;
1285 ULONG MaximumWorkingSetSize;
1286 ULONG ActiveProcessLimit;
1287 ULONG Affinity;
1288 UCHAR PriorityClass;
1289 ULONG UIRestrictionsClass;
1290 ULONG SecurityLimitFlags;
1291 PVOID Token;
1292 PPS_JOB_TOKEN_FILTER Filter;
1293 ULONG EndOfJobTimeAction;
1294 PVOID CompletionPort;
1295 PVOID CompletionKey;
1296 ULONG SessionId;
1297 ULONG SchedulingClass;
1298 ULONGLONG ReadOperationCount;
1299 ULONGLONG WriteOperationCount;
1300 ULONGLONG OtherOperationCount;
1301 ULONGLONG ReadTransferCount;
1302 ULONGLONG WriteTransferCount;
1303 ULONGLONG OtherTransferCount;
1304 IO_COUNTERS IoInfo;
1305 ULONG ProcessMemoryLimit;
1306 ULONG JobMemoryLimit;
1307 ULONG PeakProcessMemoryUsed;
1308 ULONG PeakJobMemoryUsed;
1309 ULONG CurrentJobMemoryUsed;
1310 #if (NTDDI_VERSION >= NTDDI_WINXP) && (NTDDI_VERSION < NTDDI_WS03)
1311 FAST_MUTEX MemoryLimitsLock;
1312 #elif (NTDDI_VERSION >= NTDDI_WS03) && (NTDDI_VERSION < NTDDI_LONGHORN)
1313 KGUARDED_MUTEX MemoryLimitsLock;
1314 #elif (NTDDI_VERSION >= NTDDI_LONGHORN)
1315 EX_PUSH_LOCK MemoryLimitsLock;
1316 #endif
1317 LIST_ENTRY JobSetLinks;
1318 ULONG MemberLevel;
1319 ULONG JobFlags;
1320 } EJOB, *PEJOB;
1321 #include <poppack.h>
1322
1323 //
1324 // Win32K Callback Registration Data
1325 //
1326 typedef struct _WIN32_POWEREVENT_PARAMETERS
1327 {
1328 PSPOWEREVENTTYPE EventNumber;
1329 ULONG Code;
1330 } WIN32_POWEREVENT_PARAMETERS, *PWIN32_POWEREVENT_PARAMETERS;
1331
1332 typedef struct _WIN32_POWERSTATE_PARAMETERS
1333 {
1334 UCHAR Promotion;
1335 POWER_ACTION SystemAction;
1336 SYSTEM_POWER_STATE MinSystemState;
1337 ULONG Flags;
1338 POWERSTATETASK PowerStateTask;
1339 } WIN32_POWERSTATE_PARAMETERS, *PWIN32_POWERSTATE_PARAMETERS;
1340
1341 typedef struct _WIN32_JOBCALLOUT_PARAMETERS
1342 {
1343 PVOID Job;
1344 PSW32JOBCALLOUTTYPE CalloutType;
1345 PVOID Data;
1346 } WIN32_JOBCALLOUT_PARAMETERS, *PWIN32_JOBCALLOUT_PARAMETERS;
1347
1348 typedef struct _WIN32_OPENMETHOD_PARAMETERS
1349 {
1350 OB_OPEN_REASON OpenReason;
1351 PEPROCESS Process;
1352 PVOID Object;
1353 ULONG GrantedAccess;
1354 ULONG HandleCount;
1355 } WIN32_OPENMETHOD_PARAMETERS, *PWIN32_OPENMETHOD_PARAMETERS;
1356
1357 typedef struct _WIN32_OKAYTOCLOSEMETHOD_PARAMETERS
1358 {
1359 PEPROCESS Process;
1360 PVOID Object;
1361 HANDLE Handle;
1362 KPROCESSOR_MODE PreviousMode;
1363 } WIN32_OKAYTOCLOSEMETHOD_PARAMETERS, *PWIN32_OKAYTOCLOSEMETHOD_PARAMETERS;
1364
1365 typedef struct _WIN32_CLOSEMETHOD_PARAMETERS
1366 {
1367 PEPROCESS Process;
1368 PVOID Object;
1369 ACCESS_MASK AccessMask;
1370 ULONG ProcessHandleCount;
1371 ULONG SystemHandleCount;
1372 } WIN32_CLOSEMETHOD_PARAMETERS, *PWIN32_CLOSEMETHOD_PARAMETERS;
1373
1374 typedef struct _WIN32_DELETEMETHOD_PARAMETERS
1375 {
1376 PVOID Object;
1377 } WIN32_DELETEMETHOD_PARAMETERS, *PWIN32_DELETEMETHOD_PARAMETERS;
1378
1379 typedef struct _WIN32_PARSEMETHOD_PARAMETERS
1380 {
1381 PVOID ParseObject;
1382 PVOID ObjectType;
1383 PACCESS_STATE AccessState;
1384 KPROCESSOR_MODE AccessMode;
1385 ULONG Attributes;
1386 OUT PUNICODE_STRING CompleteName;
1387 PUNICODE_STRING RemainingName;
1388 PVOID Context;
1389 PSECURITY_QUALITY_OF_SERVICE SecurityQos;
1390 PVOID *Object;
1391 } WIN32_PARSEMETHOD_PARAMETERS, *PWIN32_PARSEMETHOD_PARAMETERS;
1392
1393 typedef struct _WIN32_CALLOUTS_FPNS
1394 {
1395 PKWIN32_PROCESS_CALLOUT ProcessCallout;
1396 PKWIN32_THREAD_CALLOUT ThreadCallout;
1397 PKWIN32_GLOBALATOMTABLE_CALLOUT GlobalAtomTableCallout;
1398 PKWIN32_POWEREVENT_CALLOUT PowerEventCallout;
1399 PKWIN32_POWERSTATE_CALLOUT PowerStateCallout;
1400 PKWIN32_JOB_CALLOUT JobCallout;
1401 PGDI_BATCHFLUSH_ROUTINE BatchFlushRoutine;
1402 PKWIN32_OPENMETHOD_CALLOUT DesktopOpenProcedure;
1403 PKWIN32_OKTOCLOSEMETHOD_CALLOUT DesktopOkToCloseProcedure;
1404 PKWIN32_CLOSEMETHOD_CALLOUT DesktopCloseProcedure;
1405 PKWIN32_DELETEMETHOD_CALLOUT DesktopDeleteProcedure;
1406 PKWIN32_OKTOCLOSEMETHOD_CALLOUT WindowStationOkToCloseProcedure;
1407 PKWIN32_CLOSEMETHOD_CALLOUT WindowStationCloseProcedure;
1408 PKWIN32_DELETEMETHOD_CALLOUT WindowStationDeleteProcedure;
1409 PKWIN32_PARSEMETHOD_CALLOUT WindowStationParseProcedure;
1410 PKWIN32_OPENMETHOD_CALLOUT WindowStationOpenProcedure;
1411 PKWIN32_WIN32DATACOLLECTION_CALLOUT Win32DataCollectionProcedure;
1412 } WIN32_CALLOUTS_FPNS, *PWIN32_CALLOUTS_FPNS;
1413
1414 #endif // !NTOS_MODE_USER
1415
1416 #endif // _PSTYPES_H