projects / reactos.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
[NDK]
[reactos.git] / reactos / include / ndk / pstypes.h
1 /*++ NDK Version: 0098
2
3 Copyright (c) Alex Ionescu. All rights reserved.
4
5 Header Name:
6
7 pstypes.h
8
9 Abstract:
10
11 Type definitions for the Process Manager
12
13 Author:
14
15 Alex Ionescu (alexi@tinykrnl.org) - Updated - 27-Feb-2006
16
17 --*/
18
19 #ifndef _PSTYPES_H
20 #define _PSTYPES_H
21
22 //
23 // Dependencies
24 //
25 #include <umtypes.h>
26 #include <ldrtypes.h>
27 #include <mmtypes.h>
28 #include <obtypes.h>
29 #include <rtltypes.h>
30 #ifndef NTOS_MODE_USER
31 #include <extypes.h>
32 #include <setypes.h>
33 #endif
34
35 #ifdef __cplusplus
36 extern "C" {
37 #endif
38
39 #ifndef NTOS_MODE_USER
40
41 //
42 // Kernel Exported Object Types
43 //
44 extern POBJECT_TYPE NTSYSAPI PsJobType;
45
46 #endif // !NTOS_MODE_USER
47
48 //
49 // KUSER_SHARED_DATA location in User Mode
50 //
51 #define USER_SHARED_DATA (0x7FFE0000)
52
53 //
54 // Global Flags
55 //
56 #define FLG_STOP_ON_EXCEPTION 0x00000001
57 #define FLG_SHOW_LDR_SNAPS 0x00000002
58 #define FLG_DEBUG_INITIAL_COMMAND 0x00000004
59 #define FLG_STOP_ON_HUNG_GUI 0x00000008
60 #define FLG_HEAP_ENABLE_TAIL_CHECK 0x00000010
61 #define FLG_HEAP_ENABLE_FREE_CHECK 0x00000020
62 #define FLG_HEAP_VALIDATE_PARAMETERS 0x00000040
63 #define FLG_HEAP_VALIDATE_ALL 0x00000080
64 #define FLG_POOL_ENABLE_TAIL_CHECK 0x00000100
65 #define FLG_POOL_ENABLE_FREE_CHECK 0x00000200
66 #define FLG_POOL_ENABLE_TAGGING 0x00000400
67 #define FLG_HEAP_ENABLE_TAGGING 0x00000800
68 #define FLG_USER_STACK_TRACE_DB 0x00001000
69 #define FLG_KERNEL_STACK_TRACE_DB 0x00002000
70 #define FLG_MAINTAIN_OBJECT_TYPELIST 0x00004000
71 #define FLG_HEAP_ENABLE_TAG_BY_DLL 0x00008000
72 #define FLG_DISABLE_STACK_EXTENSION 0x00010000
73 #define FLG_ENABLE_CSRDEBUG 0x00020000
74 #define FLG_ENABLE_KDEBUG_SYMBOL_LOAD 0x00040000
75 #define FLG_DISABLE_PAGE_KERNEL_STACKS 0x00080000
76 #if (NTDDI_VERSION < NTDDI_WINXP)
77 #define FLG_HEAP_ENABLE_CALL_TRACING 0x00100000
78 #else
79 #define FLG_ENABLE_SYSTEM_CRIT_BREAKS 0x00100000
80 #endif
81 #define FLG_HEAP_DISABLE_COALESCING 0x00200000
82 #define FLG_ENABLE_CLOSE_EXCEPTIONS 0x00400000
83 #define FLG_ENABLE_EXCEPTION_LOGGING 0x00800000
84 #define FLG_ENABLE_HANDLE_TYPE_TAGGING 0x01000000
85 #define FLG_HEAP_PAGE_ALLOCS 0x02000000
86 #define FLG_DEBUG_INITIAL_COMMAND_EX 0x04000000
87 #define FLG_VALID_BITS 0x07FFFFFF
88
89 //
90 // Flags for NtCreateProcessEx
91 //
92 #define PROCESS_CREATE_FLAGS_BREAKAWAY 0x00000001
93 #define PROCESS_CREATE_FLAGS_NO_DEBUG_INHERIT 0x00000002
94 #define PROCESS_CREATE_FLAGS_INHERIT_HANDLES 0x00000004
95 #define PROCESS_CREATE_FLAGS_OVERRIDE_ADDRESS_SPACE 0x00000008
96 #define PROCESS_CREATE_FLAGS_LARGE_PAGES 0x00000010
97 #define PROCESS_CREATE_FLAGS_ALL_LARGE_PAGE_FLAGS PROCESS_CREATE_FLAGS_LARGE_PAGES
98 #define PROCESS_CREATE_FLAGS_LEGAL_MASK (PROCESS_CREATE_FLAGS_BREAKAWAY | \
99 PROCESS_CREATE_FLAGS_NO_DEBUG_INHERIT | \
100 PROCESS_CREATE_FLAGS_INHERIT_HANDLES | \
101 PROCESS_CREATE_FLAGS_OVERRIDE_ADDRESS_SPACE | \
102 PROCESS_CREATE_FLAGS_ALL_LARGE_PAGE_FLAGS)
103
104 //
105 // Process priority classes
106 //
107 #define PROCESS_PRIORITY_CLASS_INVALID 0
108 #define PROCESS_PRIORITY_CLASS_IDLE 1
109 #define PROCESS_PRIORITY_CLASS_NORMAL 2
110 #define PROCESS_PRIORITY_CLASS_HIGH 3
111 #define PROCESS_PRIORITY_CLASS_REALTIME 4
112 #define PROCESS_PRIORITY_CLASS_BELOW_NORMAL 5
113 #define PROCESS_PRIORITY_CLASS_ABOVE_NORMAL 6
114
115 //
116 // Process base priorities
117 //
118 #define PROCESS_PRIORITY_IDLE 3
119 #define PROCESS_PRIORITY_NORMAL 8
120 #define PROCESS_PRIORITY_NORMAL_FOREGROUND 9
121
122 //
123 // Process memory priorities
124 //
125 #define MEMORY_PRIORITY_BACKGROUND 0
126 #define MEMORY_PRIORITY_UNKNOWN 1
127 #define MEMORY_PRIORITY_FOREGROUND 2
128
129 //
130 // Process Priority Separation Values (OR)
131 //
132 #define PSP_VARIABLE_QUANTUMS 4
133 #define PSP_LONG_QUANTUMS 16
134
135 #ifndef NTOS_MODE_USER
136 //
137 // Thread Access Types
138 //
139 #define THREAD_QUERY_INFORMATION 0x0040
140 #define THREAD_SET_THREAD_TOKEN 0x0080
141 #define THREAD_IMPERSONATE 0x0100
142 #define THREAD_DIRECT_IMPERSONATION 0x0200
143
144 //
145 // Process Access Types
146 //
147 #define PROCESS_TERMINATE 0x0001
148 #define PROCESS_CREATE_THREAD 0x0002
149 #define PROCESS_SET_SESSIONID 0x0004
150 #define PROCESS_VM_OPERATION 0x0008
151 #define PROCESS_VM_READ 0x0010
152 #define PROCESS_VM_WRITE 0x0020
153 #define PROCESS_CREATE_PROCESS 0x0080
154 #define PROCESS_SET_QUOTA 0x0100
155 #define PROCESS_SET_INFORMATION 0x0200
156 #define PROCESS_QUERY_INFORMATION 0x0400
157 #define PROCESS_SUSPEND_RESUME 0x0800
158 #define PROCESS_QUERY_LIMITED_INFORMATION 0x1000
159 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
160 #define PROCESS_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | \
161 SYNCHRONIZE | \
162 0xFFFF)
163 #else
164 #define PROCESS_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | \
165 SYNCHRONIZE | \
166 0xFFF)
167 #endif
168
169 //
170 // Thread Base Priorities
171 //
172 #define THREAD_BASE_PRIORITY_LOWRT 15
173 #define THREAD_BASE_PRIORITY_MAX 2
174 #define THREAD_BASE_PRIORITY_MIN -2
175 #define THREAD_BASE_PRIORITY_IDLE -15
176
177 //
178 // TLS Slots
179 //
180 #define TLS_MINIMUM_AVAILABLE 64
181
182 //
183 // Job Access Types
184 //
185 #define JOB_OBJECT_ASSIGN_PROCESS 0x1
186 #define JOB_OBJECT_SET_ATTRIBUTES 0x2
187 #define JOB_OBJECT_QUERY 0x4
188 #define JOB_OBJECT_TERMINATE 0x8
189 #define JOB_OBJECT_SET_SECURITY_ATTRIBUTES 0x10
190 #define JOB_OBJECT_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | \
191 SYNCHRONIZE | \
192 31)
193
194 //
195 // Job Limit Flags
196 //
197 #define JOB_OBJECT_LIMIT_WORKINGSET 0x1
198 #define JOB_OBJECT_LIMIT_PROCESS_TIME 0x2
199 #define JOB_OBJECT_LIMIT_JOB_TIME 0x4
200 #define JOB_OBJECT_LIMIT_ACTIVE_PROCESS 0x8
201 #define JOB_OBJECT_LIMIT_AFFINITY 0x10
202 #define JOB_OBJECT_LIMIT_PRIORITY_CLASS 0x20
203 #define JOB_OBJECT_LIMIT_PRESERVE_JOB_TIME 0x40
204 #define JOB_OBJECT_LIMIT_SCHEDULING_CLASS 0x80
205 #define JOB_OBJECT_LIMIT_PROCESS_MEMORY 0x100
206 #define JOB_OBJECT_LIMIT_JOB_MEMORY 0x200
207 #define JOB_OBJECT_LIMIT_DIE_ON_UNHANDLED_EXCEPTION 0x400
208 #define JOB_OBJECT_LIMIT_BREAKAWAY_OK 0x800
209 #define JOB_OBJECT_LIMIT_SILENT_BREAKAWAY_OK 0x1000
210 #define JOB_OBJECT_LIMIT_KILL_ON_JOB_CLOSE 0x2000
211
212 //
213 // Cross Thread Flags
214 //
215 #define CT_TERMINATED_BIT 0x1
216 #define CT_DEAD_THREAD_BIT 0x2
217 #define CT_HIDE_FROM_DEBUGGER_BIT 0x4
218 #define CT_ACTIVE_IMPERSONATION_INFO_BIT 0x8
219 #define CT_SYSTEM_THREAD_BIT 0x10
220 #define CT_HARD_ERRORS_ARE_DISABLED_BIT 0x20
221 #define CT_BREAK_ON_TERMINATION_BIT 0x40
222 #define CT_SKIP_CREATION_MSG_BIT 0x80
223 #define CT_SKIP_TERMINATION_MSG_BIT 0x100
224
225 //
226 // Same Thread Passive Flags
227 //
228 #define STP_ACTIVE_EX_WORKER_BIT 0x1
229 #define STP_EX_WORKER_CAN_WAIT_USER_BIT 0x2
230 #define STP_MEMORY_MAKER_BIT 0x4
231 #define STP_KEYED_EVENT_IN_USE_BIT 0x8
232
233 //
234 // Same Thread APC Flags
235 //
236 #define STA_LPC_RECEIVED_MSG_ID_VALID_BIT 0x1
237 #define STA_LPC_EXIT_THREAD_CALLED_BIT 0x2
238 #define STA_ADDRESS_SPACE_OWNER_BIT 0x4
239 #define STA_OWNS_WORKING_SET_BITS 0x1F8
240
241 //
242 // Kernel Process flags (maybe in ketypes.h?)
243 //
244 #define KPSF_AUTO_ALIGNMENT_BIT 0
245 #define KPSF_DISABLE_BOOST_BIT 1
246
247 //
248 // Process Flags
249 //
250 #define PSF_CREATE_REPORTED_BIT 0x1
251 #define PSF_NO_DEBUG_INHERIT_BIT 0x2
252 #define PSF_PROCESS_EXITING_BIT 0x4
253 #define PSF_PROCESS_DELETE_BIT 0x8
254 #define PSF_WOW64_SPLIT_PAGES_BIT 0x10
255 #define PSF_VM_DELETED_BIT 0x20
256 #define PSF_OUTSWAP_ENABLED_BIT 0x40
257 #define PSF_OUTSWAPPED_BIT 0x80
258 #define PSF_FORK_FAILED_BIT 0x100
259 #define PSF_WOW64_VA_SPACE_4GB_BIT 0x200
260 #define PSF_ADDRESS_SPACE_INITIALIZED_BIT 0x400
261 #define PSF_SET_TIMER_RESOLUTION_BIT 0x1000
262 #define PSF_BREAK_ON_TERMINATION_BIT 0x2000
263 #define PSF_SESSION_CREATION_UNDERWAY_BIT 0x4000
264 #define PSF_WRITE_WATCH_BIT 0x8000
265 #define PSF_PROCESS_IN_SESSION_BIT 0x10000
266 #define PSF_OVERRIDE_ADDRESS_SPACE_BIT 0x20000
267 #define PSF_HAS_ADDRESS_SPACE_BIT 0x40000
268 #define PSF_LAUNCH_PREFETCHED_BIT 0x80000
269 #define PSF_INJECT_INPAGE_ERRORS_BIT 0x100000
270 #define PSF_VM_TOP_DOWN_BIT 0x200000
271 #define PSF_IMAGE_NOTIFY_DONE_BIT 0x400000
272 #define PSF_PDE_UPDATE_NEEDED_BIT 0x800000
273 #define PSF_VDM_ALLOWED_BIT 0x1000000
274 #define PSF_SWAP_ALLOWED_BIT 0x2000000
275 #define PSF_CREATE_FAILED_BIT 0x4000000
276 #define PSF_DEFAULT_IO_PRIORITY_BIT 0x8000000
277
278 //
279 // Vista Process Flags
280 //
281 #define PSF2_PROTECTED_BIT 0x800
282 #endif
283
284 //
285 // TLS/FLS Defines
286 //
287 #define TLS_EXPANSION_SLOTS 1024
288
289 #ifdef NTOS_MODE_USER
290 //
291 // Thread Native Base Priorities
292 //
293 #define LOW_PRIORITY 0
294 #define LOW_REALTIME_PRIORITY 16
295 #define HIGH_PRIORITY 31
296 #define MAXIMUM_PRIORITY 32
297
298 //
299 // Current Process/Thread built-in 'special' handles
300 //
301 #define NtCurrentProcess() ((HANDLE)(LONG_PTR)-1)
302 #define ZwCurrentProcess() NtCurrentProcess()
303 #define NtCurrentThread() ((HANDLE)(LONG_PTR)-2)
304 #define ZwCurrentThread() NtCurrentThread()
305
306 //
307 // Process/Thread/Job Information Classes for NtQueryInformationProcess/Thread/Job
308 //
309 typedef enum _PROCESSINFOCLASS
310 {
311 ProcessBasicInformation,
312 ProcessQuotaLimits,
313 ProcessIoCounters,
314 ProcessVmCounters,
315 ProcessTimes,
316 ProcessBasePriority,
317 ProcessRaisePriority,
318 ProcessDebugPort,
319 ProcessExceptionPort,
320 ProcessAccessToken,
321 ProcessLdtInformation,
322 ProcessLdtSize,
323 ProcessDefaultHardErrorMode,
324 ProcessIoPortHandlers,
325 ProcessPooledUsageAndLimits,
326 ProcessWorkingSetWatch,
327 ProcessUserModeIOPL,
328 ProcessEnableAlignmentFaultFixup,
329 ProcessPriorityClass,
330 ProcessWx86Information,
331 ProcessHandleCount,
332 ProcessAffinityMask,
333 ProcessPriorityBoost,
334 ProcessDeviceMap,
335 ProcessSessionInformation,
336 ProcessForegroundInformation,
337 ProcessWow64Information,
338 ProcessImageFileName,
339 ProcessLUIDDeviceMapsEnabled,
340 ProcessBreakOnTermination,
341 ProcessDebugObjectHandle,
342 ProcessDebugFlags,
343 ProcessHandleTracing,
344 ProcessIoPriority,
345 ProcessExecuteFlags,
346 ProcessTlsInformation,
347 ProcessCookie,
348 ProcessImageInformation,
349 ProcessCycleTime,
350 ProcessPagePriority,
351 ProcessInstrumentationCallback,
352 ProcessThreadStackAllocation,
353 ProcessWorkingSetWatchEx,
354 ProcessImageFileNameWin32,
355 ProcessImageFileMapping,
356 ProcessAffinityUpdateMode,
357 ProcessMemoryAllocationMode,
358 MaxProcessInfoClass
359 } PROCESSINFOCLASS;
360
361 typedef enum _THREADINFOCLASS
362 {
363 ThreadBasicInformation,
364 ThreadTimes,
365 ThreadPriority,
366 ThreadBasePriority,
367 ThreadAffinityMask,
368 ThreadImpersonationToken,
369 ThreadDescriptorTableEntry,
370 ThreadEnableAlignmentFaultFixup,
371 ThreadEventPair_Reusable,
372 ThreadQuerySetWin32StartAddress,
373 ThreadZeroTlsCell,
374 ThreadPerformanceCount,
375 ThreadAmILastThread,
376 ThreadIdealProcessor,
377 ThreadPriorityBoost,
378 ThreadSetTlsArrayAddress,
379 ThreadIsIoPending,
380 ThreadHideFromDebugger,
381 ThreadBreakOnTermination,
382 ThreadSwitchLegacyState,
383 ThreadIsTerminated,
384 ThreadLastSystemCall,
385 ThreadIoPriority,
386 ThreadCycleTime,
387 ThreadPagePriority,
388 ThreadActualBasePriority,
389 ThreadTebInformation,
390 ThreadCSwitchMon,
391 MaxThreadInfoClass
392 } THREADINFOCLASS;
393
394 #else
395
396 typedef enum _PSPROCESSPRIORITYMODE
397 {
398 PsProcessPriorityForeground,
399 PsProcessPriorityBackground,
400 PsProcessPrioritySpinning
401 } PSPROCESSPRIORITYMODE;
402
403 typedef enum _JOBOBJECTINFOCLASS
404 {
405 JobObjectBasicAccountingInformation = 1,
406 JobObjectBasicLimitInformation,
407 JobObjectBasicProcessIdList,
408 JobObjectBasicUIRestrictions,
409 JobObjectSecurityLimitInformation,
410 JobObjectEndOfJobTimeInformation,
411 JobObjectAssociateCompletionPortInformation,
412 JobObjectBasicAndIoAccountingInformation,
413 JobObjectExtendedLimitInformation,
414 JobObjectJobSetInformation,
415 MaxJobObjectInfoClass
416 } JOBOBJECTINFOCLASS;
417
418 //
419 // Power Event Events for Win32K Power Event Callback
420 //
421 typedef enum _PSPOWEREVENTTYPE
422 {
423 PsW32FullWake = 0,
424 PsW32EventCode = 1,
425 PsW32PowerPolicyChanged = 2,
426 PsW32SystemPowerState = 3,
427 PsW32SystemTime = 4,
428 PsW32DisplayState = 5,
429 PsW32CapabilitiesChanged = 6,
430 PsW32SetStateFailed = 7,
431 PsW32GdiOff = 8,
432 PsW32GdiOn = 9,
433 PsW32GdiPrepareResumeUI = 10,
434 PsW32GdiOffRequest = 11,
435 PsW32MonitorOff = 12,
436 } PSPOWEREVENTTYPE;
437
438 //
439 // Power State Tasks for Win32K Power State Callback
440 //
441 typedef enum _POWERSTATETASK
442 {
443 PowerState_BlockSessionSwitch = 0,
444 PowerState_Init = 1,
445 PowerState_QueryApps = 2,
446 PowerState_QueryServices = 3,
447 PowerState_QueryAppsFailed = 4,
448 PowerState_QueryServicesFailed = 5,
449 PowerState_SuspendApps = 6,
450 PowerState_SuspendServices = 7,
451 PowerState_ShowUI = 8,
452 PowerState_NotifyWL = 9,
453 PowerState_ResumeApps = 10,
454 PowerState_ResumeServices = 11,
455 PowerState_UnBlockSessionSwitch = 12,
456 PowerState_End = 13,
457 PowerState_BlockInput = 14,
458 PowerState_UnblockInput = 15,
459 } POWERSTATETASK;
460
461 //
462 // Win32K Job Callback Types
463 //
464 typedef enum _PSW32JOBCALLOUTTYPE
465 {
466 PsW32JobCalloutSetInformation = 0,
467 PsW32JobCalloutAddProcess = 1,
468 PsW32JobCalloutTerminate = 2,
469 } PSW32JOBCALLOUTTYPE;
470
471 //
472 // Win32K Thread Callback Types
473 //
474 typedef enum _PSW32THREADCALLOUTTYPE
475 {
476 PsW32ThreadCalloutInitialize,
477 PsW32ThreadCalloutExit,
478 } PSW32THREADCALLOUTTYPE;
479
480 //
481 // Declare empty structure definitions so that they may be referenced by
482 // routines before they are defined
483 //
484 struct _W32THREAD;
485 struct _W32PROCESS;
486 //struct _ETHREAD;
487 struct _WIN32_POWEREVENT_PARAMETERS;
488 struct _WIN32_POWERSTATE_PARAMETERS;
489 struct _WIN32_JOBCALLOUT_PARAMETERS;
490 struct _WIN32_OPENMETHOD_PARAMETERS;
491 struct _WIN32_OKAYTOCLOSEMETHOD_PARAMETERS;
492 struct _WIN32_CLOSEMETHOD_PARAMETERS;
493 struct _WIN32_DELETEMETHOD_PARAMETERS;
494 struct _WIN32_PARSEMETHOD_PARAMETERS;
495
496 //
497 // Win32K Process and Thread Callbacks
498 //
499 typedef
500 NTSTATUS
501 (NTAPI *PKWIN32_PROCESS_CALLOUT)(
502 _In_ struct _EPROCESS *Process,
503 _In_ BOOLEAN Create
504 );
505
506 typedef
507 NTSTATUS
508 (NTAPI *PKWIN32_THREAD_CALLOUT)(
509 _In_ struct _ETHREAD *Thread,
510 _In_ PSW32THREADCALLOUTTYPE Type
511 );
512
513 typedef
514 NTSTATUS
515 (NTAPI *PKWIN32_GLOBALATOMTABLE_CALLOUT)(
516 VOID
517 );
518
519 typedef
520 NTSTATUS
521 (NTAPI *PKWIN32_POWEREVENT_CALLOUT)(
522 _In_ struct _WIN32_POWEREVENT_PARAMETERS *Parameters
523 );
524
525 typedef
526 NTSTATUS
527 (NTAPI *PKWIN32_POWERSTATE_CALLOUT)(
528 _In_ struct _WIN32_POWERSTATE_PARAMETERS *Parameters
529 );
530
531 typedef
532 NTSTATUS
533 (NTAPI *PKWIN32_JOB_CALLOUT)(
534 _In_ struct _WIN32_JOBCALLOUT_PARAMETERS *Parameters
535 );
536
537 typedef
538 NTSTATUS
539 (NTAPI *PGDI_BATCHFLUSH_ROUTINE)(
540 VOID
541 );
542
543 typedef
544 NTSTATUS
545 (NTAPI *PKWIN32_OPENMETHOD_CALLOUT)(
546 _In_ struct _WIN32_OPENMETHOD_PARAMETERS *Parameters
547 );
548
549 typedef
550 NTSTATUS
551 (NTAPI *PKWIN32_OKTOCLOSEMETHOD_CALLOUT)(
552 _In_ struct _WIN32_OKAYTOCLOSEMETHOD_PARAMETERS *Parameters
553 );
554
555 typedef
556 NTSTATUS
557 (NTAPI *PKWIN32_CLOSEMETHOD_CALLOUT)(
558 _In_ struct _WIN32_CLOSEMETHOD_PARAMETERS *Parameters
559 );
560
561 typedef
562 NTSTATUS
563 (NTAPI *PKWIN32_DELETEMETHOD_CALLOUT)(
564 _In_ struct _WIN32_DELETEMETHOD_PARAMETERS *Parameters
565 );
566
567 typedef
568 NTSTATUS
569 (NTAPI *PKWIN32_PARSEMETHOD_CALLOUT)(
570 _In_ struct _WIN32_PARSEMETHOD_PARAMETERS *Parameters
571 );
572
573 typedef
574 NTSTATUS
575 (NTAPI *PKWIN32_SESSION_CALLOUT)(
576 _In_ PVOID Parameter
577 );
578
579 //
580 // Lego Callback
581 //
582 typedef
583 VOID
584 (NTAPI *PLEGO_NOTIFY_ROUTINE)(
585 _In_ PKTHREAD Thread
586 );
587
588 #endif
589
590 typedef NTSTATUS
591 (NTAPI *PPOST_PROCESS_INIT_ROUTINE)(
592 VOID
593 );
594
595 //
596 // Descriptor Table Entry Definition
597 //
598 #if (_M_IX86)
599 #define _DESCRIPTOR_TABLE_ENTRY_DEFINED
600 typedef struct _DESCRIPTOR_TABLE_ENTRY
601 {
602 ULONG Selector;
603 LDT_ENTRY Descriptor;
604 } DESCRIPTOR_TABLE_ENTRY, *PDESCRIPTOR_TABLE_ENTRY;
605 #endif
606
607 //
608 // PEB Lock Routine
609 //
610 typedef VOID
611 (NTAPI *PPEBLOCKROUTINE)(
612 PVOID PebLock
613 );
614
615 //
616 // PEB Free Block Descriptor
617 //
618 typedef struct _PEB_FREE_BLOCK
619 {
620 struct _PEB_FREE_BLOCK* Next;
621 ULONG Size;
622 } PEB_FREE_BLOCK, *PPEB_FREE_BLOCK;
623
624 //
625 // Initial PEB
626 //
627 typedef struct _INITIAL_PEB
628 {
629 BOOLEAN InheritedAddressSpace;
630 BOOLEAN ReadImageFileExecOptions;
631 BOOLEAN BeingDebugged;
632 union
633 {
634 BOOLEAN BitField;
635 #if (NTDDI_VERSION >= NTDDI_WS03)
636 struct
637 {
638 BOOLEAN ImageUsesLargePages:1;
639 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
640 BOOLEAN IsProtectedProcess:1;
641 BOOLEAN IsLegacyProcess:1;
642 BOOLEAN SpareBits:5;
643 #else
644 BOOLEAN SpareBits:7;
645 #endif
646 };
647 #else
648 BOOLEAN SpareBool;
649 #endif
650 };
651 HANDLE Mutant;
652 } INITIAL_PEB, *PINITIAL_PEB;
653
654 //
655 // Initial TEB
656 //
657 typedef struct _INITIAL_TEB
658 {
659 PVOID PreviousStackBase;
660 PVOID PreviousStackLimit;
661 PVOID StackBase;
662 PVOID StackLimit;
663 PVOID AllocatedStackBase;
664 } INITIAL_TEB, *PINITIAL_TEB;
665
666 //
667 // TEB Active Frame Structures
668 //
669 typedef struct _TEB_ACTIVE_FRAME_CONTEXT
670 {
671 ULONG Flags;
672 LPSTR FrameName;
673 } TEB_ACTIVE_FRAME_CONTEXT, *PTEB_ACTIVE_FRAME_CONTEXT;
674
675 typedef struct _TEB_ACTIVE_FRAME
676 {
677 ULONG Flags;
678 struct _TEB_ACTIVE_FRAME *Previous;
679 PTEB_ACTIVE_FRAME_CONTEXT Context;
680 } TEB_ACTIVE_FRAME, *PTEB_ACTIVE_FRAME;
681
682 typedef struct _CLIENT_ID32
683 {
684 ULONG UniqueProcess;
685 ULONG UniqueThread;
686 } CLIENT_ID32, *PCLIENT_ID32;
687
688 typedef struct _CLIENT_ID64
689 {
690 ULONG64 UniqueProcess;
691 ULONG64 UniqueThread;
692 } CLIENT_ID64, *PCLIENT_ID64;
693
694 #if (NTDDI_VERSION < NTDDI_WS03)
695 typedef struct _Wx86ThreadState
696 {
697 PULONG CallBx86Eip;
698 PVOID DeallocationCpu;
699 BOOLEAN UseKnownWx86Dll;
700 CHAR OleStubInvoked;
701 } Wx86ThreadState, *PWx86ThreadState;
702 #endif
703
704
705 //
706 // Process Environment Block (PEB)
707 // Thread Environment Block (TEB)
708 //
709 #include "peb_teb.h"
710
711 #ifdef _WIN64
712 //
713 // Explicit 32 bit PEB/TEB
714 //
715 #define EXPLICIT_32BIT
716 #include "peb_teb.h"
717 #undef EXPLICIT_32BIT
718
719 //
720 // Explicit 64 bit PEB/TEB
721 //
722 #define EXPLICIT_64BIT
723 #include "peb_teb.h"
724 #undef EXPLICIT_64BIT
725 #endif
726
727 #ifdef NTOS_MODE_USER
728
729 //
730 // Process Information Structures for NtQueryProcessInformation
731 //
732 typedef struct _PROCESS_BASIC_INFORMATION
733 {
734 NTSTATUS ExitStatus;
735 PPEB PebBaseAddress;
736 ULONG_PTR AffinityMask;
737 KPRIORITY BasePriority;
738 ULONG_PTR UniqueProcessId;
739 ULONG_PTR InheritedFromUniqueProcessId;
740 } PROCESS_BASIC_INFORMATION, *PPROCESS_BASIC_INFORMATION;
741
742 typedef struct _PROCESS_ACCESS_TOKEN
743 {
744 HANDLE Token;
745 HANDLE Thread;
746 } PROCESS_ACCESS_TOKEN, *PPROCESS_ACCESS_TOKEN;
747
748 typedef struct _PROCESS_DEVICEMAP_INFORMATION
749 {
750 union
751 {
752 struct
753 {
754 HANDLE DirectoryHandle;
755 } Set;
756 struct
757 {
758 ULONG DriveMap;
759 UCHAR DriveType[32];
760 } Query;
761 };
762 } PROCESS_DEVICEMAP_INFORMATION, *PPROCESS_DEVICEMAP_INFORMATION;
763
764 typedef struct _KERNEL_USER_TIMES
765 {
766 LARGE_INTEGER CreateTime;
767 LARGE_INTEGER ExitTime;
768 LARGE_INTEGER KernelTime;
769 LARGE_INTEGER UserTime;
770 } KERNEL_USER_TIMES, *PKERNEL_USER_TIMES;
771
772 typedef struct _POOLED_USAGE_AND_LIMITS
773 {
774 SIZE_T PeakPagedPoolUsage;
775 SIZE_T PagedPoolUsage;
776 SIZE_T PagedPoolLimit;
777 SIZE_T PeakNonPagedPoolUsage;
778 SIZE_T NonPagedPoolUsage;
779 SIZE_T NonPagedPoolLimit;
780 SIZE_T PeakPagefileUsage;
781 SIZE_T PagefileUsage;
782 SIZE_T PagefileLimit;
783 } POOLED_USAGE_AND_LIMITS, *PPOOLED_USAGE_AND_LIMITS;
784
785 typedef struct _PROCESS_SESSION_INFORMATION
786 {
787 ULONG SessionId;
788 } PROCESS_SESSION_INFORMATION, *PPROCESS_SESSION_INFORMATION;
789
790 #endif
791
792 typedef struct _PROCESS_PRIORITY_CLASS
793 {
794 BOOLEAN Foreground;
795 UCHAR PriorityClass;
796 } PROCESS_PRIORITY_CLASS, *PPROCESS_PRIORITY_CLASS;
797
798 typedef struct _PROCESS_FOREGROUND_BACKGROUND
799 {
800 BOOLEAN Foreground;
801 } PROCESS_FOREGROUND_BACKGROUND, *PPROCESS_FOREGROUND_BACKGROUND;
802
803 //
804 // Thread Information Structures for NtQueryProcessInformation
805 //
806 typedef struct _THREAD_BASIC_INFORMATION
807 {
808 NTSTATUS ExitStatus;
809 PVOID TebBaseAddress;
810 CLIENT_ID ClientId;
811 KAFFINITY AffinityMask;
812 KPRIORITY Priority;
813 KPRIORITY BasePriority;
814 } THREAD_BASIC_INFORMATION, *PTHREAD_BASIC_INFORMATION;
815
816 #ifndef NTOS_MODE_USER
817
818 //
819 // Job Set Array
820 //
821 typedef struct _JOB_SET_ARRAY
822 {
823 HANDLE JobHandle;
824 ULONG MemberLevel;
825 ULONG Flags;
826 } JOB_SET_ARRAY, *PJOB_SET_ARRAY;
827
828 //
829 // EPROCESS Quota Structures
830 //
831 typedef struct _EPROCESS_QUOTA_ENTRY
832 {
833 SIZE_T Usage;
834 SIZE_T Limit;
835 SIZE_T Peak;
836 SIZE_T Return;
837 } EPROCESS_QUOTA_ENTRY, *PEPROCESS_QUOTA_ENTRY;
838
839 typedef struct _EPROCESS_QUOTA_BLOCK
840 {
841 EPROCESS_QUOTA_ENTRY QuotaEntry[3];
842 LIST_ENTRY QuotaList;
843 ULONG ReferenceCount;
844 ULONG ProcessCount;
845 } EPROCESS_QUOTA_BLOCK, *PEPROCESS_QUOTA_BLOCK;
846
847 //
848 // Process Pagefault History
849 //
850 typedef struct _PAGEFAULT_HISTORY
851 {
852 ULONG CurrentIndex;
853 ULONG MapIndex;
854 KSPIN_LOCK SpinLock;
855 PVOID Reserved;
856 PROCESS_WS_WATCH_INFORMATION WatchInfo[1];
857 } PAGEFAULT_HISTORY, *PPAGEFAULT_HISTORY;
858
859 //
860 // Process Impersonation Information
861 //
862 typedef struct _PS_IMPERSONATION_INFORMATION
863 {
864 PACCESS_TOKEN Token;
865 BOOLEAN CopyOnOpen;
866 BOOLEAN EffectiveOnly;
867 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
868 } PS_IMPERSONATION_INFORMATION, *PPS_IMPERSONATION_INFORMATION;
869
870 //
871 // Process Termination Port
872 //
873 typedef struct _TERMINATION_PORT
874 {
875 struct _TERMINATION_PORT *Next;
876 PVOID Port;
877 } TERMINATION_PORT, *PTERMINATION_PORT;
878
879 //
880 // Per-Process APC Rate Limiting
881 //
882 typedef struct _PSP_RATE_APC
883 {
884 union
885 {
886 SINGLE_LIST_ENTRY NextApc;
887 ULONGLONG ExcessCycles;
888 };
889 ULONGLONG TargetGEneration;
890 KAPC RateApc;
891 } PSP_RATE_APC, *PPSP_RATE_APC;
892
893 //
894 // Executive Thread (ETHREAD)
895 //
896 typedef struct _ETHREAD
897 {
898 KTHREAD Tcb;
899 LARGE_INTEGER CreateTime;
900 union
901 {
902 LARGE_INTEGER ExitTime;
903 LIST_ENTRY LpcReplyChain;
904 LIST_ENTRY KeyedWaitChain;
905 };
906 union
907 {
908 NTSTATUS ExitStatus;
909 PVOID OfsChain;
910 };
911 LIST_ENTRY PostBlockList;
912 union
913 {
914 struct _TERMINATION_PORT *TerminationPort;
915 struct _ETHREAD *ReaperLink;
916 PVOID KeyedWaitValue;
917 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
918 PVOID Win32StartParameter;
919 #endif
920 };
921 KSPIN_LOCK ActiveTimerListLock;
922 LIST_ENTRY ActiveTimerListHead;
923 CLIENT_ID Cid;
924 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
925 KSEMAPHORE KeyedWaitSemaphore;
926 #else
927 union
928 {
929 KSEMAPHORE LpcReplySemaphore;
930 KSEMAPHORE KeyedWaitSemaphore;
931 };
932 union
933 {
934 PVOID LpcReplyMessage;
935 PVOID LpcWaitingOnPort;
936 };
937 #endif
938 PPS_IMPERSONATION_INFORMATION ImpersonationInfo;
939 LIST_ENTRY IrpList;
940 ULONG_PTR TopLevelIrp;
941 PDEVICE_OBJECT DeviceToVerify;
942 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
943 PPSP_RATE_APC RateControlApc;
944 #else
945 struct _EPROCESS *ThreadsProcess;
946 #endif
947 PVOID Win32StartAddress;
948 union
949 {
950 PKSTART_ROUTINE StartAddress;
951 ULONG LpcReceivedMessageId;
952 };
953 LIST_ENTRY ThreadListEntry;
954 EX_RUNDOWN_REF RundownProtect;
955 EX_PUSH_LOCK ThreadLock;
956 #if (NTDDI_VERSION < NTDDI_LONGHORN)
957 ULONG LpcReplyMessageId;
958 #endif
959 ULONG ReadClusterSize;
960 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
961 ULONG SpareUlong0;
962 #else
963 ACCESS_MASK GrantedAccess;
964 #endif
965 union
966 {
967 struct
968 {
969 ULONG Terminated:1;
970 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
971 ULONG ThreadInserted:1;
972 #else
973 ULONG DeadThread:1;
974 #endif
975 ULONG HideFromDebugger:1;
976 ULONG ActiveImpersonationInfo:1;
977 ULONG SystemThread:1;
978 ULONG HardErrorsAreDisabled:1;
979 ULONG BreakOnTermination:1;
980 ULONG SkipCreationMsg:1;
981 ULONG SkipTerminationMsg:1;
982 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
983 ULONG CreateMsgSent:1;
984 ULONG ThreadIoPriority:3;
985 ULONG ThreadPagePriority:3;
986 ULONG PendingRatecontrol:1;
987 #endif
988 };
989 ULONG CrossThreadFlags;
990 };
991 union
992 {
993 struct
994 {
995 ULONG ActiveExWorker:1;
996 ULONG ExWorkerCanWaitUser:1;
997 ULONG MemoryMaker:1;
998 ULONG KeyedEventInUse:1;
999 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1000 ULONG RateApcState:2;
1001 #endif
1002 };
1003 ULONG SameThreadPassiveFlags;
1004 };
1005 union
1006 {
1007 struct
1008 {
1009 ULONG LpcReceivedMsgIdValid:1;
1010 ULONG LpcExitThreadCalled:1;
1011 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1012 ULONG Spare:1;
1013 #else
1014 ULONG AddressSpaceOwner:1;
1015 #endif
1016 ULONG OwnsProcessWorkingSetExclusive:1;
1017 ULONG OwnsProcessWorkingSetShared:1;
1018 ULONG OwnsSystemWorkingSetExclusive:1;
1019 ULONG OwnsSystemWorkingSetShared:1;
1020 ULONG OwnsSessionWorkingSetExclusive:1;
1021 ULONG OwnsSessionWorkingSetShared:1;
1022 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1023 ULONG SupressSymbolLoad:1;
1024 ULONG Spare1:3;
1025 ULONG PriorityRegionActive:4;
1026 #else
1027 ULONG ApcNeeded:1;
1028 #endif
1029 };
1030 ULONG SameThreadApcFlags;
1031 };
1032 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1033 UCHAR CacheManagerActive;
1034 #else
1035 UCHAR ForwardClusterOnly;
1036 #endif
1037 UCHAR DisablePageFaultClustering;
1038 UCHAR ActiveFaultCount;
1039 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1040 ULONG AlpcMessageId;
1041 union
1042 {
1043 PVOID AlpcMessage;
1044 ULONG AlpcReceiveAttributeSet;
1045 };
1046 LIST_ENTRY AlpcWaitListEntry;
1047 KSEMAPHORE AlpcWaitSemaphore;
1048 ULONG CacheManagerCount;
1049 #endif
1050 } ETHREAD;
1051
1052 //
1053 // Executive Process (EPROCESS)
1054 //
1055 typedef struct _EPROCESS
1056 {
1057 KPROCESS Pcb;
1058 EX_PUSH_LOCK ProcessLock;
1059 LARGE_INTEGER CreateTime;
1060 LARGE_INTEGER ExitTime;
1061 EX_RUNDOWN_REF RundownProtect;
1062 HANDLE UniqueProcessId;
1063 LIST_ENTRY ActiveProcessLinks;
1064 SIZE_T QuotaUsage[3]; /* 0=PagedPool, 1=NonPagedPool, 2=Pagefile */
1065 SIZE_T QuotaPeak[3]; /* ditto */
1066 SIZE_T CommitCharge;
1067 SIZE_T PeakVirtualSize;
1068 SIZE_T VirtualSize;
1069 LIST_ENTRY SessionProcessLinks;
1070 PVOID DebugPort;
1071 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1072 union
1073 {
1074 PVOID ExceptionPortData;
1075 ULONG ExceptionPortValue;
1076 UCHAR ExceptionPortState:3;
1077 };
1078 #else
1079 PVOID ExceptionPort;
1080 #endif
1081 PHANDLE_TABLE ObjectTable;
1082 EX_FAST_REF Token;
1083 PFN_NUMBER WorkingSetPage;
1084 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1085 EX_PUSH_LOCK AddressCreationLock;
1086 PETHREAD RotateInProgress;
1087 #else
1088 KGUARDED_MUTEX AddressCreationLock;
1089 KSPIN_LOCK HyperSpaceLock;
1090 #endif
1091 PETHREAD ForkInProgress;
1092 ULONG_PTR HardwareTrigger;
1093 PMM_AVL_TABLE PhysicalVadRoot;
1094 PVOID CloneRoot;
1095 PFN_NUMBER NumberOfPrivatePages;
1096 PFN_NUMBER NumberOfLockedPages;
1097 PVOID *Win32Process;
1098 struct _EJOB *Job;
1099 PVOID SectionObject;
1100 PVOID SectionBaseAddress;
1101 PEPROCESS_QUOTA_BLOCK QuotaBlock;
1102 PPAGEFAULT_HISTORY WorkingSetWatch;
1103 PVOID Win32WindowStation;
1104 HANDLE InheritedFromUniqueProcessId;
1105 PVOID LdtInformation;
1106 PVOID VadFreeHint;
1107 PVOID VdmObjects;
1108 PVOID DeviceMap;
1109 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1110 PVOID EtwDataSource;
1111 PVOID FreeTebHint;
1112 #else
1113 PVOID Spare0[3];
1114 #endif
1115 union
1116 {
1117 HARDWARE_PTE PageDirectoryPte;
1118 ULONGLONG Filler;
1119 };
1120 PVOID Session;
1121 CHAR ImageFileName[16];
1122 LIST_ENTRY JobLinks;
1123 PVOID LockedPagesList;
1124 LIST_ENTRY ThreadListHead;
1125 PVOID SecurityPort;
1126 #ifdef _M_AMD64
1127 struct _WOW64_PROCESS *Wow64Process;
1128 #else
1129 PVOID PaeTop;
1130 #endif
1131 ULONG ActiveThreads;
1132 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1133 ULONG ImagePathHash;
1134 #else
1135 ACCESS_MASK GrantedAccess;
1136 #endif
1137 ULONG DefaultHardErrorProcessing;
1138 NTSTATUS LastThreadExitStatus;
1139 struct _PEB* Peb;
1140 EX_FAST_REF PrefetchTrace;
1141 LARGE_INTEGER ReadOperationCount;
1142 LARGE_INTEGER WriteOperationCount;
1143 LARGE_INTEGER OtherOperationCount;
1144 LARGE_INTEGER ReadTransferCount;
1145 LARGE_INTEGER WriteTransferCount;
1146 LARGE_INTEGER OtherTransferCount;
1147 SIZE_T CommitChargeLimit;
1148 SIZE_T CommitChargePeak;
1149 PVOID AweInfo;
1150 SE_AUDIT_PROCESS_CREATION_INFO SeAuditProcessCreationInfo;
1151 MMSUPPORT Vm;
1152 #ifdef _M_AMD64
1153 ULONG Spares[2];
1154 #else
1155 LIST_ENTRY MmProcessLinks;
1156 #endif
1157 ULONG ModifiedPageCount;
1158 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1159 union
1160 {
1161 struct
1162 {
1163 ULONG JobNotReallyActive:1;
1164 ULONG AccountingFolded:1;
1165 ULONG NewProcessReported:1;
1166 ULONG ExitProcessReported:1;
1167 ULONG ReportCommitChanges:1;
1168 ULONG LastReportMemory:1;
1169 ULONG ReportPhysicalPageChanges:1;
1170 ULONG HandleTableRundown:1;
1171 ULONG NeedsHandleRundown:1;
1172 ULONG RefTraceEnabled:1;
1173 ULONG NumaAware:1;
1174 ULONG ProtectedProcess:1;
1175 ULONG DefaultPagePriority:3;
1176 ULONG ProcessDeleteSelf:1;
1177 ULONG ProcessVerifierTarget:1;
1178 };
1179 ULONG Flags2;
1180 };
1181 #else
1182 ULONG JobStatus;
1183 #endif
1184 union
1185 {
1186 struct
1187 {
1188 ULONG CreateReported:1;
1189 ULONG NoDebugInherit:1;
1190 ULONG ProcessExiting:1;
1191 ULONG ProcessDelete:1;
1192 ULONG Wow64SplitPages:1;
1193 ULONG VmDeleted:1;
1194 ULONG OutswapEnabled:1;
1195 ULONG Outswapped:1;
1196 ULONG ForkFailed:1;
1197 ULONG Wow64VaSpace4Gb:1;
1198 ULONG AddressSpaceInitialized:2;
1199 ULONG SetTimerResolution:1;
1200 ULONG BreakOnTermination:1;
1201 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1202 ULONG DeprioritizeViews:1;
1203 #else
1204 ULONG SessionCreationUnderway:1;
1205 #endif
1206 ULONG WriteWatch:1;
1207 ULONG ProcessInSession:1;
1208 ULONG OverrideAddressSpace:1;
1209 ULONG HasAddressSpace:1;
1210 ULONG LaunchPrefetched:1;
1211 ULONG InjectInpageErrors:1;
1212 ULONG VmTopDown:1;
1213 ULONG ImageNotifyDone:1;
1214 ULONG PdeUpdateNeeded:1;
1215 ULONG VdmAllowed:1;
1216 ULONG SmapAllowed:1;
1217 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1218 ULONG ProcessInserted:1;
1219 #else
1220 ULONG CreateFailed:1;
1221 #endif
1222 ULONG DefaultIoPriority:3;
1223 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1224 ULONG SparePsFlags1:2;
1225 #else
1226 ULONG Spare1:1;
1227 ULONG Spare2:1;
1228 #endif
1229 };
1230 ULONG Flags;
1231 };
1232 NTSTATUS ExitStatus;
1233 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1234 USHORT Spare7;
1235 #else
1236 USHORT NextPageColor;
1237 #endif
1238 union
1239 {
1240 struct
1241 {
1242 UCHAR SubSystemMinorVersion;
1243 UCHAR SubSystemMajorVersion;
1244 };
1245 USHORT SubSystemVersion;
1246 };
1247 UCHAR PriorityClass;
1248 MM_AVL_TABLE VadRoot;
1249 ULONG Cookie;
1250 } EPROCESS;
1251
1252 //
1253 // Job Token Filter Data
1254 //
1255 #include <pshpack1.h>
1256 typedef struct _PS_JOB_TOKEN_FILTER
1257 {
1258 ULONG CapturedSidCount;
1259 PSID_AND_ATTRIBUTES CapturedSids;
1260 ULONG CapturedSidsLength;
1261 ULONG CapturedGroupCount;
1262 PSID_AND_ATTRIBUTES CapturedGroups;
1263 ULONG CapturedGroupsLength;
1264 ULONG CapturedPrivilegeCount;
1265 PLUID_AND_ATTRIBUTES CapturedPrivileges;
1266 ULONG CapturedPrivilegesLength;
1267 } PS_JOB_TOKEN_FILTER, *PPS_JOB_TOKEN_FILTER;
1268
1269 //
1270 // Executive Job (EJOB)
1271 //
1272 typedef struct _EJOB
1273 {
1274 KEVENT Event;
1275 LIST_ENTRY JobLinks;
1276 LIST_ENTRY ProcessListHead;
1277 ERESOURCE JobLock;
1278 LARGE_INTEGER TotalUserTime;
1279 LARGE_INTEGER TotalKernelTime;
1280 LARGE_INTEGER ThisPeriodTotalUserTime;
1281 LARGE_INTEGER ThisPeriodTotalKernelTime;
1282 ULONG TotalPageFaultCount;
1283 ULONG TotalProcesses;
1284 ULONG ActiveProcesses;
1285 ULONG TotalTerminatedProcesses;
1286 LARGE_INTEGER PerProcessUserTimeLimit;
1287 LARGE_INTEGER PerJobUserTimeLimit;
1288 ULONG LimitFlags;
1289 ULONG MinimumWorkingSetSize;
1290 ULONG MaximumWorkingSetSize;
1291 ULONG ActiveProcessLimit;
1292 ULONG Affinity;
1293 UCHAR PriorityClass;
1294 ULONG UIRestrictionsClass;
1295 ULONG SecurityLimitFlags;
1296 PVOID Token;
1297 PPS_JOB_TOKEN_FILTER Filter;
1298 ULONG EndOfJobTimeAction;
1299 PVOID CompletionPort;
1300 PVOID CompletionKey;
1301 ULONG SessionId;
1302 ULONG SchedulingClass;
1303 ULONGLONG ReadOperationCount;
1304 ULONGLONG WriteOperationCount;
1305 ULONGLONG OtherOperationCount;
1306 ULONGLONG ReadTransferCount;
1307 ULONGLONG WriteTransferCount;
1308 ULONGLONG OtherTransferCount;
1309 IO_COUNTERS IoInfo;
1310 ULONG ProcessMemoryLimit;
1311 ULONG JobMemoryLimit;
1312 ULONG PeakProcessMemoryUsed;
1313 ULONG PeakJobMemoryUsed;
1314 ULONG CurrentJobMemoryUsed;
1315 #if (NTDDI_VERSION >= NTDDI_WINXP) && (NTDDI_VERSION < NTDDI_WS03)
1316 FAST_MUTEX MemoryLimitsLock;
1317 #elif (NTDDI_VERSION >= NTDDI_WS03) && (NTDDI_VERSION < NTDDI_LONGHORN)
1318 KGUARDED_MUTEX MemoryLimitsLock;
1319 #elif (NTDDI_VERSION >= NTDDI_LONGHORN)
1320 EX_PUSH_LOCK MemoryLimitsLock;
1321 #endif
1322 LIST_ENTRY JobSetLinks;
1323 ULONG MemberLevel;
1324 ULONG JobFlags;
1325 } EJOB, *PEJOB;
1326 #include <poppack.h>
1327
1328 //
1329 // Win32K Callback Registration Data
1330 //
1331 typedef struct _WIN32_POWEREVENT_PARAMETERS
1332 {
1333 PSPOWEREVENTTYPE EventNumber;
1334 ULONG Code;
1335 } WIN32_POWEREVENT_PARAMETERS, *PWIN32_POWEREVENT_PARAMETERS;
1336
1337 typedef struct _WIN32_POWERSTATE_PARAMETERS
1338 {
1339 UCHAR Promotion;
1340 POWER_ACTION SystemAction;
1341 SYSTEM_POWER_STATE MinSystemState;
1342 ULONG Flags;
1343 POWERSTATETASK PowerStateTask;
1344 } WIN32_POWERSTATE_PARAMETERS, *PWIN32_POWERSTATE_PARAMETERS;
1345
1346 typedef struct _WIN32_JOBCALLOUT_PARAMETERS
1347 {
1348 PVOID Job;
1349 PSW32JOBCALLOUTTYPE CalloutType;
1350 PVOID Data;
1351 } WIN32_JOBCALLOUT_PARAMETERS, *PWIN32_JOBCALLOUT_PARAMETERS;
1352
1353 typedef struct _WIN32_OPENMETHOD_PARAMETERS
1354 {
1355 OB_OPEN_REASON OpenReason;
1356 PEPROCESS Process;
1357 PVOID Object;
1358 ULONG GrantedAccess;
1359 ULONG HandleCount;
1360 } WIN32_OPENMETHOD_PARAMETERS, *PWIN32_OPENMETHOD_PARAMETERS;
1361
1362 typedef struct _WIN32_OKAYTOCLOSEMETHOD_PARAMETERS
1363 {
1364 PEPROCESS Process;
1365 PVOID Object;
1366 HANDLE Handle;
1367 KPROCESSOR_MODE PreviousMode;
1368 } WIN32_OKAYTOCLOSEMETHOD_PARAMETERS, *PWIN32_OKAYTOCLOSEMETHOD_PARAMETERS;
1369
1370 typedef struct _WIN32_CLOSEMETHOD_PARAMETERS
1371 {
1372 PEPROCESS Process;
1373 PVOID Object;
1374 ACCESS_MASK AccessMask;
1375 ULONG ProcessHandleCount;
1376 ULONG SystemHandleCount;
1377 } WIN32_CLOSEMETHOD_PARAMETERS, *PWIN32_CLOSEMETHOD_PARAMETERS;
1378
1379 typedef struct _WIN32_DELETEMETHOD_PARAMETERS
1380 {
1381 PVOID Object;
1382 } WIN32_DELETEMETHOD_PARAMETERS, *PWIN32_DELETEMETHOD_PARAMETERS;
1383
1384 typedef struct _WIN32_PARSEMETHOD_PARAMETERS
1385 {
1386 PVOID ParseObject;
1387 PVOID ObjectType;
1388 PACCESS_STATE AccessState;
1389 KPROCESSOR_MODE AccessMode;
1390 ULONG Attributes;
1391 _Out_ PUNICODE_STRING CompleteName;
1392 PUNICODE_STRING RemainingName;
1393 PVOID Context;
1394 PSECURITY_QUALITY_OF_SERVICE SecurityQos;
1395 PVOID *Object;
1396 } WIN32_PARSEMETHOD_PARAMETERS, *PWIN32_PARSEMETHOD_PARAMETERS;
1397
1398 typedef struct _WIN32_CALLOUTS_FPNS
1399 {
1400 PKWIN32_PROCESS_CALLOUT ProcessCallout;
1401 PKWIN32_THREAD_CALLOUT ThreadCallout;
1402 PKWIN32_GLOBALATOMTABLE_CALLOUT GlobalAtomTableCallout;
1403 PKWIN32_POWEREVENT_CALLOUT PowerEventCallout;
1404 PKWIN32_POWERSTATE_CALLOUT PowerStateCallout;
1405 PKWIN32_JOB_CALLOUT JobCallout;
1406 PGDI_BATCHFLUSH_ROUTINE BatchFlushRoutine;
1407 PKWIN32_SESSION_CALLOUT DesktopOpenProcedure;
1408 PKWIN32_SESSION_CALLOUT DesktopOkToCloseProcedure;
1409 PKWIN32_SESSION_CALLOUT DesktopCloseProcedure;
1410 PKWIN32_SESSION_CALLOUT DesktopDeleteProcedure;
1411 PKWIN32_SESSION_CALLOUT WindowStationOkToCloseProcedure;
1412 PKWIN32_SESSION_CALLOUT WindowStationCloseProcedure;
1413 PKWIN32_SESSION_CALLOUT WindowStationDeleteProcedure;
1414 PKWIN32_SESSION_CALLOUT WindowStationParseProcedure;
1415 PKWIN32_SESSION_CALLOUT WindowStationOpenProcedure;
1416 } WIN32_CALLOUTS_FPNS, *PWIN32_CALLOUTS_FPNS;
1417
1418 #endif // !NTOS_MODE_USER
1419
1420 #ifdef __cplusplus
1421 }; // extern "C"
1422 #endif
1423
1424 #endif // _PSTYPES_H
A free Windows-compatible Operating System