[NDK]
[reactos.git] / reactos / include / ndk / pstypes.h
1 /*++ NDK Version: 0098
2
3 Copyright (c) Alex Ionescu. All rights reserved.
4
5 Header Name:
6
7 pstypes.h
8
9 Abstract:
10
11 Type definitions for the Process Manager
12
13 Author:
14
15 Alex Ionescu (alexi@tinykrnl.org) - Updated - 27-Feb-2006
16
17 --*/
18
19 #ifndef _PSTYPES_H
20 #define _PSTYPES_H
21
22 //
23 // Dependencies
24 //
25 #include <umtypes.h>
26 #include <ldrtypes.h>
27 #include <mmtypes.h>
28 #include <obtypes.h>
29 #include <rtltypes.h>
30 #ifndef NTOS_MODE_USER
31 #include <extypes.h>
32 #include <setypes.h>
33 #endif
34
35 #ifdef __cplusplus
36 extern "C" {
37 #endif
38
39 #ifndef NTOS_MODE_USER
40
41 //
42 // Kernel Exported Object Types
43 //
44 extern POBJECT_TYPE NTSYSAPI PsJobType;
45
46 #endif // !NTOS_MODE_USER
47
48 //
49 // KUSER_SHARED_DATA location in User Mode
50 //
51 #define USER_SHARED_DATA (0x7FFE0000)
52
53 //
54 // Global Flags
55 //
56 #define FLG_STOP_ON_EXCEPTION 0x00000001
57 #define FLG_SHOW_LDR_SNAPS 0x00000002
58 #define FLG_DEBUG_INITIAL_COMMAND 0x00000004
59 #define FLG_STOP_ON_HUNG_GUI 0x00000008
60 #define FLG_HEAP_ENABLE_TAIL_CHECK 0x00000010
61 #define FLG_HEAP_ENABLE_FREE_CHECK 0x00000020
62 #define FLG_HEAP_VALIDATE_PARAMETERS 0x00000040
63 #define FLG_HEAP_VALIDATE_ALL 0x00000080
64 #define FLG_POOL_ENABLE_TAIL_CHECK 0x00000100
65 #define FLG_POOL_ENABLE_FREE_CHECK 0x00000200
66 #define FLG_POOL_ENABLE_TAGGING 0x00000400
67 #define FLG_HEAP_ENABLE_TAGGING 0x00000800
68 #define FLG_USER_STACK_TRACE_DB 0x00001000
69 #define FLG_KERNEL_STACK_TRACE_DB 0x00002000
70 #define FLG_MAINTAIN_OBJECT_TYPELIST 0x00004000
71 #define FLG_HEAP_ENABLE_TAG_BY_DLL 0x00008000
72 #define FLG_DISABLE_STACK_EXTENSION 0x00010000
73 #define FLG_ENABLE_CSRDEBUG 0x00020000
74 #define FLG_ENABLE_KDEBUG_SYMBOL_LOAD 0x00040000
75 #define FLG_DISABLE_PAGE_KERNEL_STACKS 0x00080000
76 #if (NTDDI_VERSION < NTDDI_WINXP)
77 #define FLG_HEAP_ENABLE_CALL_TRACING 0x00100000
78 #else
79 #define FLG_ENABLE_SYSTEM_CRIT_BREAKS 0x00100000
80 #endif
81 #define FLG_HEAP_DISABLE_COALESCING 0x00200000
82 #define FLG_ENABLE_CLOSE_EXCEPTIONS 0x00400000
83 #define FLG_ENABLE_EXCEPTION_LOGGING 0x00800000
84 #define FLG_ENABLE_HANDLE_TYPE_TAGGING 0x01000000
85 #define FLG_HEAP_PAGE_ALLOCS 0x02000000
86 #define FLG_DEBUG_INITIAL_COMMAND_EX 0x04000000
87 #define FLG_VALID_BITS 0x07FFFFFF
88
89 //
90 // Flags for NtCreateProcessEx
91 //
92 #define PROCESS_CREATE_FLAGS_BREAKAWAY 0x00000001
93 #define PROCESS_CREATE_FLAGS_NO_DEBUG_INHERIT 0x00000002
94 #define PROCESS_CREATE_FLAGS_INHERIT_HANDLES 0x00000004
95 #define PROCESS_CREATE_FLAGS_OVERRIDE_ADDRESS_SPACE 0x00000008
96 #define PROCESS_CREATE_FLAGS_LARGE_PAGES 0x00000010
97 #define PROCESS_CREATE_FLAGS_ALL_LARGE_PAGE_FLAGS PROCESS_CREATE_FLAGS_LARGE_PAGES
98 #define PROCESS_CREATE_FLAGS_LEGAL_MASK (PROCESS_CREATE_FLAGS_BREAKAWAY | \
99 PROCESS_CREATE_FLAGS_NO_DEBUG_INHERIT | \
100 PROCESS_CREATE_FLAGS_INHERIT_HANDLES | \
101 PROCESS_CREATE_FLAGS_OVERRIDE_ADDRESS_SPACE | \
102 PROCESS_CREATE_FLAGS_ALL_LARGE_PAGE_FLAGS)
103
104 //
105 // Process priority classes
106 //
107 #define PROCESS_PRIORITY_CLASS_INVALID 0
108 #define PROCESS_PRIORITY_CLASS_IDLE 1
109 #define PROCESS_PRIORITY_CLASS_NORMAL 2
110 #define PROCESS_PRIORITY_CLASS_HIGH 3
111 #define PROCESS_PRIORITY_CLASS_REALTIME 4
112 #define PROCESS_PRIORITY_CLASS_BELOW_NORMAL 5
113 #define PROCESS_PRIORITY_CLASS_ABOVE_NORMAL 6
114
115 //
116 // Process base priorities
117 //
118 #define PROCESS_PRIORITY_IDLE 3
119 #define PROCESS_PRIORITY_NORMAL 8
120 #define PROCESS_PRIORITY_NORMAL_FOREGROUND 9
121
122 //
123 // Process memory priorities
124 //
125 #define MEMORY_PRIORITY_BACKGROUND 0
126 #define MEMORY_PRIORITY_UNKNOWN 1
127 #define MEMORY_PRIORITY_FOREGROUND 2
128
129 //
130 // Process Priority Separation Values (OR)
131 //
132 #define PSP_VARIABLE_QUANTUMS 4
133 #define PSP_LONG_QUANTUMS 16
134
135 #ifndef NTOS_MODE_USER
136 //
137 // Thread Access Types
138 //
139 #define THREAD_QUERY_INFORMATION 0x0040
140 #define THREAD_SET_THREAD_TOKEN 0x0080
141 #define THREAD_IMPERSONATE 0x0100
142 #define THREAD_DIRECT_IMPERSONATION 0x0200
143
144 //
145 // Process Access Types
146 //
147 #define PROCESS_TERMINATE 0x0001
148 #define PROCESS_CREATE_THREAD 0x0002
149 #define PROCESS_SET_SESSIONID 0x0004
150 #define PROCESS_VM_OPERATION 0x0008
151 #define PROCESS_VM_READ 0x0010
152 #define PROCESS_VM_WRITE 0x0020
153 #define PROCESS_CREATE_PROCESS 0x0080
154 #define PROCESS_SET_QUOTA 0x0100
155 #define PROCESS_SET_INFORMATION 0x0200
156 #define PROCESS_QUERY_INFORMATION 0x0400
157 #define PROCESS_SUSPEND_RESUME 0x0800
158 #define PROCESS_QUERY_LIMITED_INFORMATION 0x1000
159 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
160 #define PROCESS_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | \
161 SYNCHRONIZE | \
162 0xFFFF)
163 #else
164 #define PROCESS_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | \
165 SYNCHRONIZE | \
166 0xFFF)
167 #endif
168
169 //
170 // Thread Base Priorities
171 //
172 #define THREAD_BASE_PRIORITY_LOWRT 15
173 #define THREAD_BASE_PRIORITY_MAX 2
174 #define THREAD_BASE_PRIORITY_MIN -2
175 #define THREAD_BASE_PRIORITY_IDLE -15
176
177 //
178 // TLS Slots
179 //
180 #define TLS_MINIMUM_AVAILABLE 64
181
182 //
183 // Job Access Types
184 //
185 #define JOB_OBJECT_ASSIGN_PROCESS 0x1
186 #define JOB_OBJECT_SET_ATTRIBUTES 0x2
187 #define JOB_OBJECT_QUERY 0x4
188 #define JOB_OBJECT_TERMINATE 0x8
189 #define JOB_OBJECT_SET_SECURITY_ATTRIBUTES 0x10
190 #define JOB_OBJECT_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | \
191 SYNCHRONIZE | \
192 31)
193
194 //
195 // Job Limit Flags
196 //
197 #define JOB_OBJECT_LIMIT_WORKINGSET 0x1
198 #define JOB_OBJECT_LIMIT_PROCESS_TIME 0x2
199 #define JOB_OBJECT_LIMIT_JOB_TIME 0x4
200 #define JOB_OBJECT_LIMIT_ACTIVE_PROCESS 0x8
201 #define JOB_OBJECT_LIMIT_AFFINITY 0x10
202 #define JOB_OBJECT_LIMIT_PRIORITY_CLASS 0x20
203 #define JOB_OBJECT_LIMIT_PRESERVE_JOB_TIME 0x40
204 #define JOB_OBJECT_LIMIT_SCHEDULING_CLASS 0x80
205 #define JOB_OBJECT_LIMIT_PROCESS_MEMORY 0x100
206 #define JOB_OBJECT_LIMIT_JOB_MEMORY 0x200
207 #define JOB_OBJECT_LIMIT_DIE_ON_UNHANDLED_EXCEPTION 0x400
208 #define JOB_OBJECT_LIMIT_BREAKAWAY_OK 0x800
209 #define JOB_OBJECT_LIMIT_SILENT_BREAKAWAY_OK 0x1000
210 #define JOB_OBJECT_LIMIT_KILL_ON_JOB_CLOSE 0x2000
211
212 //
213 // Cross Thread Flags
214 //
215 #define CT_TERMINATED_BIT 0x1
216 #define CT_DEAD_THREAD_BIT 0x2
217 #define CT_HIDE_FROM_DEBUGGER_BIT 0x4
218 #define CT_ACTIVE_IMPERSONATION_INFO_BIT 0x8
219 #define CT_SYSTEM_THREAD_BIT 0x10
220 #define CT_HARD_ERRORS_ARE_DISABLED_BIT 0x20
221 #define CT_BREAK_ON_TERMINATION_BIT 0x40
222 #define CT_SKIP_CREATION_MSG_BIT 0x80
223 #define CT_SKIP_TERMINATION_MSG_BIT 0x100
224
225 //
226 // Same Thread Passive Flags
227 //
228 #define STP_ACTIVE_EX_WORKER_BIT 0x1
229 #define STP_EX_WORKER_CAN_WAIT_USER_BIT 0x2
230 #define STP_MEMORY_MAKER_BIT 0x4
231 #define STP_KEYED_EVENT_IN_USE_BIT 0x8
232
233 //
234 // Same Thread APC Flags
235 //
236 #define STA_LPC_RECEIVED_MSG_ID_VALID_BIT 0x1
237 #define STA_LPC_EXIT_THREAD_CALLED_BIT 0x2
238 #define STA_ADDRESS_SPACE_OWNER_BIT 0x4
239 #define STA_OWNS_WORKING_SET_BITS 0x1F8
240
241 //
242 // Kernel Process flags (maybe in ketypes.h?)
243 //
244 #define KPSF_AUTO_ALIGNMENT_BIT 0
245 #define KPSF_DISABLE_BOOST_BIT 1
246
247 //
248 // Process Flags
249 //
250 #define PSF_CREATE_REPORTED_BIT 0x1
251 #define PSF_NO_DEBUG_INHERIT_BIT 0x2
252 #define PSF_PROCESS_EXITING_BIT 0x4
253 #define PSF_PROCESS_DELETE_BIT 0x8
254 #define PSF_WOW64_SPLIT_PAGES_BIT 0x10
255 #define PSF_VM_DELETED_BIT 0x20
256 #define PSF_OUTSWAP_ENABLED_BIT 0x40
257 #define PSF_OUTSWAPPED_BIT 0x80
258 #define PSF_FORK_FAILED_BIT 0x100
259 #define PSF_WOW64_VA_SPACE_4GB_BIT 0x200
260 #define PSF_ADDRESS_SPACE_INITIALIZED_BIT 0x400
261 #define PSF_SET_TIMER_RESOLUTION_BIT 0x1000
262 #define PSF_BREAK_ON_TERMINATION_BIT 0x2000
263 #define PSF_SESSION_CREATION_UNDERWAY_BIT 0x4000
264 #define PSF_WRITE_WATCH_BIT 0x8000
265 #define PSF_PROCESS_IN_SESSION_BIT 0x10000
266 #define PSF_OVERRIDE_ADDRESS_SPACE_BIT 0x20000
267 #define PSF_HAS_ADDRESS_SPACE_BIT 0x40000
268 #define PSF_LAUNCH_PREFETCHED_BIT 0x80000
269 #define PSF_INJECT_INPAGE_ERRORS_BIT 0x100000
270 #define PSF_VM_TOP_DOWN_BIT 0x200000
271 #define PSF_IMAGE_NOTIFY_DONE_BIT 0x400000
272 #define PSF_PDE_UPDATE_NEEDED_BIT 0x800000
273 #define PSF_VDM_ALLOWED_BIT 0x1000000
274 #define PSF_SWAP_ALLOWED_BIT 0x2000000
275 #define PSF_CREATE_FAILED_BIT 0x4000000
276 #define PSF_DEFAULT_IO_PRIORITY_BIT 0x8000000
277
278 //
279 // Vista Process Flags
280 //
281 #define PSF2_PROTECTED_BIT 0x800
282 #endif
283
284 //
285 // TLS/FLS Defines
286 //
287 #define TLS_EXPANSION_SLOTS 1024
288
289 #ifdef NTOS_MODE_USER
290 //
291 // Thread Native Base Priorities
292 //
293 #define LOW_PRIORITY 0
294 #define LOW_REALTIME_PRIORITY 16
295 #define HIGH_PRIORITY 31
296 #define MAXIMUM_PRIORITY 32
297
298 //
299 // Current Process/Thread built-in 'special' handles
300 //
301 #define NtCurrentProcess() ((HANDLE)(LONG_PTR)-1)
302 #define ZwCurrentProcess() NtCurrentProcess()
303 #define NtCurrentThread() ((HANDLE)(LONG_PTR)-2)
304 #define ZwCurrentThread() NtCurrentThread()
305
306 //
307 // Process/Thread/Job Information Classes for NtQueryInformationProcess/Thread/Job
308 //
309 typedef enum _PROCESSINFOCLASS
310 {
311 ProcessBasicInformation,
312 ProcessQuotaLimits,
313 ProcessIoCounters,
314 ProcessVmCounters,
315 ProcessTimes,
316 ProcessBasePriority,
317 ProcessRaisePriority,
318 ProcessDebugPort,
319 ProcessExceptionPort,
320 ProcessAccessToken,
321 ProcessLdtInformation,
322 ProcessLdtSize,
323 ProcessDefaultHardErrorMode,
324 ProcessIoPortHandlers,
325 ProcessPooledUsageAndLimits,
326 ProcessWorkingSetWatch,
327 ProcessUserModeIOPL,
328 ProcessEnableAlignmentFaultFixup,
329 ProcessPriorityClass,
330 ProcessWx86Information,
331 ProcessHandleCount,
332 ProcessAffinityMask,
333 ProcessPriorityBoost,
334 ProcessDeviceMap,
335 ProcessSessionInformation,
336 ProcessForegroundInformation,
337 ProcessWow64Information,
338 ProcessImageFileName,
339 ProcessLUIDDeviceMapsEnabled,
340 ProcessBreakOnTermination,
341 ProcessDebugObjectHandle,
342 ProcessDebugFlags,
343 ProcessHandleTracing,
344 ProcessIoPriority,
345 ProcessExecuteFlags,
346 ProcessTlsInformation,
347 ProcessCookie,
348 ProcessImageInformation,
349 ProcessCycleTime,
350 ProcessPagePriority,
351 ProcessInstrumentationCallback,
352 ProcessThreadStackAllocation,
353 ProcessWorkingSetWatchEx,
354 ProcessImageFileNameWin32,
355 ProcessImageFileMapping,
356 ProcessAffinityUpdateMode,
357 ProcessMemoryAllocationMode,
358 MaxProcessInfoClass
359 } PROCESSINFOCLASS;
360
361 typedef enum _THREADINFOCLASS
362 {
363 ThreadBasicInformation,
364 ThreadTimes,
365 ThreadPriority,
366 ThreadBasePriority,
367 ThreadAffinityMask,
368 ThreadImpersonationToken,
369 ThreadDescriptorTableEntry,
370 ThreadEnableAlignmentFaultFixup,
371 ThreadEventPair_Reusable,
372 ThreadQuerySetWin32StartAddress,
373 ThreadZeroTlsCell,
374 ThreadPerformanceCount,
375 ThreadAmILastThread,
376 ThreadIdealProcessor,
377 ThreadPriorityBoost,
378 ThreadSetTlsArrayAddress,
379 ThreadIsIoPending,
380 ThreadHideFromDebugger,
381 ThreadBreakOnTermination,
382 ThreadSwitchLegacyState,
383 ThreadIsTerminated,
384 ThreadLastSystemCall,
385 ThreadIoPriority,
386 ThreadCycleTime,
387 ThreadPagePriority,
388 ThreadActualBasePriority,
389 ThreadTebInformation,
390 ThreadCSwitchMon,
391 MaxThreadInfoClass
392 } THREADINFOCLASS;
393
394 #else
395
396 typedef enum _PSPROCESSPRIORITYMODE
397 {
398 PsProcessPriorityForeground,
399 PsProcessPriorityBackground,
400 PsProcessPrioritySpinning
401 } PSPROCESSPRIORITYMODE;
402
403 typedef enum _JOBOBJECTINFOCLASS
404 {
405 JobObjectBasicAccountingInformation = 1,
406 JobObjectBasicLimitInformation,
407 JobObjectBasicProcessIdList,
408 JobObjectBasicUIRestrictions,
409 JobObjectSecurityLimitInformation,
410 JobObjectEndOfJobTimeInformation,
411 JobObjectAssociateCompletionPortInformation,
412 JobObjectBasicAndIoAccountingInformation,
413 JobObjectExtendedLimitInformation,
414 JobObjectJobSetInformation,
415 MaxJobObjectInfoClass
416 } JOBOBJECTINFOCLASS;
417
418 //
419 // Power Event Events for Win32K Power Event Callback
420 //
421 typedef enum _PSPOWEREVENTTYPE
422 {
423 PsW32FullWake = 0,
424 PsW32EventCode = 1,
425 PsW32PowerPolicyChanged = 2,
426 PsW32SystemPowerState = 3,
427 PsW32SystemTime = 4,
428 PsW32DisplayState = 5,
429 PsW32CapabilitiesChanged = 6,
430 PsW32SetStateFailed = 7,
431 PsW32GdiOff = 8,
432 PsW32GdiOn = 9,
433 PsW32GdiPrepareResumeUI = 10,
434 PsW32GdiOffRequest = 11,
435 PsW32MonitorOff = 12,
436 } PSPOWEREVENTTYPE;
437
438 //
439 // Power State Tasks for Win32K Power State Callback
440 //
441 typedef enum _POWERSTATETASK
442 {
443 PowerState_BlockSessionSwitch = 0,
444 PowerState_Init = 1,
445 PowerState_QueryApps = 2,
446 PowerState_QueryServices = 3,
447 PowerState_QueryAppsFailed = 4,
448 PowerState_QueryServicesFailed = 5,
449 PowerState_SuspendApps = 6,
450 PowerState_SuspendServices = 7,
451 PowerState_ShowUI = 8,
452 PowerState_NotifyWL = 9,
453 PowerState_ResumeApps = 10,
454 PowerState_ResumeServices = 11,
455 PowerState_UnBlockSessionSwitch = 12,
456 PowerState_End = 13,
457 PowerState_BlockInput = 14,
458 PowerState_UnblockInput = 15,
459 } POWERSTATETASK;
460
461 //
462 // Win32K Job Callback Types
463 //
464 typedef enum _PSW32JOBCALLOUTTYPE
465 {
466 PsW32JobCalloutSetInformation = 0,
467 PsW32JobCalloutAddProcess = 1,
468 PsW32JobCalloutTerminate = 2,
469 } PSW32JOBCALLOUTTYPE;
470
471 //
472 // Win32K Thread Callback Types
473 //
474 typedef enum _PSW32THREADCALLOUTTYPE
475 {
476 PsW32ThreadCalloutInitialize,
477 PsW32ThreadCalloutExit,
478 } PSW32THREADCALLOUTTYPE;
479
480 //
481 // Declare empty structure definitions so that they may be referenced by
482 // routines before they are defined
483 //
484 struct _W32THREAD;
485 struct _W32PROCESS;
486 //struct _ETHREAD;
487 struct _WIN32_POWEREVENT_PARAMETERS;
488 struct _WIN32_POWERSTATE_PARAMETERS;
489 struct _WIN32_JOBCALLOUT_PARAMETERS;
490 struct _WIN32_OPENMETHOD_PARAMETERS;
491 struct _WIN32_OKAYTOCLOSEMETHOD_PARAMETERS;
492 struct _WIN32_CLOSEMETHOD_PARAMETERS;
493 struct _WIN32_DELETEMETHOD_PARAMETERS;
494 struct _WIN32_PARSEMETHOD_PARAMETERS;
495
496 //
497 // Win32K Process and Thread Callbacks
498 //
499 typedef
500 NTSTATUS
501 (NTAPI *PKWIN32_PROCESS_CALLOUT)(
502 _In_ struct _EPROCESS *Process,
503 _In_ BOOLEAN Create
504 );
505
506 typedef
507 NTSTATUS
508 (NTAPI *PKWIN32_THREAD_CALLOUT)(
509 _In_ struct _ETHREAD *Thread,
510 _In_ PSW32THREADCALLOUTTYPE Type
511 );
512
513 typedef
514 NTSTATUS
515 (NTAPI *PKWIN32_GLOBALATOMTABLE_CALLOUT)(
516 VOID
517 );
518
519 typedef
520 NTSTATUS
521 (NTAPI *PKWIN32_POWEREVENT_CALLOUT)(
522 _In_ struct _WIN32_POWEREVENT_PARAMETERS *Parameters
523 );
524
525 typedef
526 NTSTATUS
527 (NTAPI *PKWIN32_POWERSTATE_CALLOUT)(
528 _In_ struct _WIN32_POWERSTATE_PARAMETERS *Parameters
529 );
530
531 typedef
532 NTSTATUS
533 (NTAPI *PKWIN32_JOB_CALLOUT)(
534 _In_ struct _WIN32_JOBCALLOUT_PARAMETERS *Parameters
535 );
536
537 typedef
538 NTSTATUS
539 (NTAPI *PGDI_BATCHFLUSH_ROUTINE)(
540 VOID
541 );
542
543 typedef
544 NTSTATUS
545 (NTAPI *PKWIN32_OPENMETHOD_CALLOUT)(
546 _In_ struct _WIN32_OPENMETHOD_PARAMETERS *Parameters
547 );
548
549 typedef
550 NTSTATUS
551 (NTAPI *PKWIN32_OKTOCLOSEMETHOD_CALLOUT)(
552 _In_ struct _WIN32_OKAYTOCLOSEMETHOD_PARAMETERS *Parameters
553 );
554
555 typedef
556 NTSTATUS
557 (NTAPI *PKWIN32_CLOSEMETHOD_CALLOUT)(
558 _In_ struct _WIN32_CLOSEMETHOD_PARAMETERS *Parameters
559 );
560
561 typedef
562 NTSTATUS
563 (NTAPI *PKWIN32_DELETEMETHOD_CALLOUT)(
564 _In_ struct _WIN32_DELETEMETHOD_PARAMETERS *Parameters
565 );
566
567 typedef
568 NTSTATUS
569 (NTAPI *PKWIN32_PARSEMETHOD_CALLOUT)(
570 _In_ struct _WIN32_PARSEMETHOD_PARAMETERS *Parameters
571 );
572
573 typedef
574 NTSTATUS
575 (NTAPI *PKWIN32_SESSION_CALLOUT)(
576 _In_ PVOID Parameter
577 );
578
579 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
580 typedef
581 NTSTATUS
582 (NTAPI *PKWIN32_WIN32DATACOLLECTION_CALLOUT)(
583 _In_ struct _EPROCESS *Process,
584 _In_ PVOID Callback,
585 _In_ PVOID Context
586 );
587 #endif
588
589 //
590 // Lego Callback
591 //
592 typedef
593 VOID
594 (NTAPI *PLEGO_NOTIFY_ROUTINE)(
595 _In_ PKTHREAD Thread
596 );
597
598 #endif
599
600 typedef NTSTATUS
601 (NTAPI *PPOST_PROCESS_INIT_ROUTINE)(
602 VOID
603 );
604
605 //
606 // Descriptor Table Entry Definition
607 //
608 #if (_M_IX86)
609 #define _DESCRIPTOR_TABLE_ENTRY_DEFINED
610 typedef struct _DESCRIPTOR_TABLE_ENTRY
611 {
612 ULONG Selector;
613 LDT_ENTRY Descriptor;
614 } DESCRIPTOR_TABLE_ENTRY, *PDESCRIPTOR_TABLE_ENTRY;
615 #endif
616
617 //
618 // PEB Lock Routine
619 //
620 typedef VOID
621 (NTAPI *PPEBLOCKROUTINE)(
622 PVOID PebLock
623 );
624
625 //
626 // PEB Free Block Descriptor
627 //
628 typedef struct _PEB_FREE_BLOCK
629 {
630 struct _PEB_FREE_BLOCK* Next;
631 ULONG Size;
632 } PEB_FREE_BLOCK, *PPEB_FREE_BLOCK;
633
634 //
635 // Initial PEB
636 //
637 typedef struct _INITIAL_PEB
638 {
639 BOOLEAN InheritedAddressSpace;
640 BOOLEAN ReadImageFileExecOptions;
641 BOOLEAN BeingDebugged;
642 union
643 {
644 BOOLEAN BitField;
645 #if (NTDDI_VERSION >= NTDDI_WS03)
646 struct
647 {
648 BOOLEAN ImageUsesLargePages:1;
649 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
650 BOOLEAN IsProtectedProcess:1;
651 BOOLEAN IsLegacyProcess:1;
652 BOOLEAN SpareBits:5;
653 #else
654 BOOLEAN SpareBits:7;
655 #endif
656 };
657 #else
658 BOOLEAN SpareBool;
659 #endif
660 };
661 HANDLE Mutant;
662 } INITIAL_PEB, *PINITIAL_PEB;
663
664 //
665 // Initial TEB
666 //
667 typedef struct _INITIAL_TEB
668 {
669 PVOID PreviousStackBase;
670 PVOID PreviousStackLimit;
671 PVOID StackBase;
672 PVOID StackLimit;
673 PVOID AllocatedStackBase;
674 } INITIAL_TEB, *PINITIAL_TEB;
675
676 //
677 // TEB Active Frame Structures
678 //
679 typedef struct _TEB_ACTIVE_FRAME_CONTEXT
680 {
681 ULONG Flags;
682 LPSTR FrameName;
683 } TEB_ACTIVE_FRAME_CONTEXT, *PTEB_ACTIVE_FRAME_CONTEXT;
684
685 typedef struct _TEB_ACTIVE_FRAME
686 {
687 ULONG Flags;
688 struct _TEB_ACTIVE_FRAME *Previous;
689 PTEB_ACTIVE_FRAME_CONTEXT Context;
690 } TEB_ACTIVE_FRAME, *PTEB_ACTIVE_FRAME;
691
692 typedef struct _CLIENT_ID32
693 {
694 ULONG UniqueProcess;
695 ULONG UniqueThread;
696 } CLIENT_ID32, *PCLIENT_ID32;
697
698 typedef struct _CLIENT_ID64
699 {
700 ULONG64 UniqueProcess;
701 ULONG64 UniqueThread;
702 } CLIENT_ID64, *PCLIENT_ID64;
703
704 #if (NTDDI_VERSION < NTDDI_WS03)
705 typedef struct _Wx86ThreadState
706 {
707 PULONG CallBx86Eip;
708 PVOID DeallocationCpu;
709 BOOLEAN UseKnownWx86Dll;
710 CHAR OleStubInvoked;
711 } Wx86ThreadState, *PWx86ThreadState;
712 #endif
713
714
715 //
716 // Process Environment Block (PEB)
717 // Thread Environment Block (TEB)
718 //
719 #include "peb_teb.h"
720
721 #ifdef _WIN64
722 //
723 // Explicit 32 bit PEB/TEB
724 //
725 #define EXPLICIT_32BIT
726 #include "peb_teb.h"
727 #undef EXPLICIT_32BIT
728
729 //
730 // Explicit 64 bit PEB/TEB
731 //
732 #define EXPLICIT_64BIT
733 #include "peb_teb.h"
734 #undef EXPLICIT_64BIT
735 #endif
736
737 #ifdef NTOS_MODE_USER
738
739 //
740 // Process Information Structures for NtQueryProcessInformation
741 //
742 typedef struct _PROCESS_BASIC_INFORMATION
743 {
744 NTSTATUS ExitStatus;
745 PPEB PebBaseAddress;
746 ULONG_PTR AffinityMask;
747 KPRIORITY BasePriority;
748 ULONG_PTR UniqueProcessId;
749 ULONG_PTR InheritedFromUniqueProcessId;
750 } PROCESS_BASIC_INFORMATION, *PPROCESS_BASIC_INFORMATION;
751
752 typedef struct _PROCESS_ACCESS_TOKEN
753 {
754 HANDLE Token;
755 HANDLE Thread;
756 } PROCESS_ACCESS_TOKEN, *PPROCESS_ACCESS_TOKEN;
757
758 typedef struct _PROCESS_DEVICEMAP_INFORMATION
759 {
760 union
761 {
762 struct
763 {
764 HANDLE DirectoryHandle;
765 } Set;
766 struct
767 {
768 ULONG DriveMap;
769 UCHAR DriveType[32];
770 } Query;
771 };
772 } PROCESS_DEVICEMAP_INFORMATION, *PPROCESS_DEVICEMAP_INFORMATION;
773
774 typedef struct _KERNEL_USER_TIMES
775 {
776 LARGE_INTEGER CreateTime;
777 LARGE_INTEGER ExitTime;
778 LARGE_INTEGER KernelTime;
779 LARGE_INTEGER UserTime;
780 } KERNEL_USER_TIMES, *PKERNEL_USER_TIMES;
781
782 typedef struct _POOLED_USAGE_AND_LIMITS
783 {
784 SIZE_T PeakPagedPoolUsage;
785 SIZE_T PagedPoolUsage;
786 SIZE_T PagedPoolLimit;
787 SIZE_T PeakNonPagedPoolUsage;
788 SIZE_T NonPagedPoolUsage;
789 SIZE_T NonPagedPoolLimit;
790 SIZE_T PeakPagefileUsage;
791 SIZE_T PagefileUsage;
792 SIZE_T PagefileLimit;
793 } POOLED_USAGE_AND_LIMITS, *PPOOLED_USAGE_AND_LIMITS;
794
795 typedef struct _PROCESS_SESSION_INFORMATION
796 {
797 ULONG SessionId;
798 } PROCESS_SESSION_INFORMATION, *PPROCESS_SESSION_INFORMATION;
799
800 #endif
801
802 typedef struct _PROCESS_PRIORITY_CLASS
803 {
804 BOOLEAN Foreground;
805 UCHAR PriorityClass;
806 } PROCESS_PRIORITY_CLASS, *PPROCESS_PRIORITY_CLASS;
807
808 typedef struct _PROCESS_FOREGROUND_BACKGROUND
809 {
810 BOOLEAN Foreground;
811 } PROCESS_FOREGROUND_BACKGROUND, *PPROCESS_FOREGROUND_BACKGROUND;
812
813 //
814 // Apphelp SHIM Cache
815 //
816 typedef enum _APPHELPCACHESERVICECLASS
817 {
818 ApphelpCacheServiceLookup = 0,
819 ApphelpCacheServiceRemove = 1,
820 ApphelpCacheServiceUpdate = 2,
821 ApphelpCacheServiceFlush = 3,
822 ApphelpCacheServiceDump = 4,
823
824 ApphelpDBGReadRegistry = 0x100,
825 ApphelpDBGWriteRegistry = 0x101,
826 } APPHELPCACHESERVICECLASS;
827
828
829 typedef struct _APPHELP_CACHE_SERVICE_LOOKUP
830 {
831 UNICODE_STRING ImageName;
832 HANDLE ImageHandle;
833 } APPHELP_CACHE_SERVICE_LOOKUP, *PAPPHELP_CACHE_SERVICE_LOOKUP;
834
835
836 //
837 // Thread Information Structures for NtQueryProcessInformation
838 //
839 typedef struct _THREAD_BASIC_INFORMATION
840 {
841 NTSTATUS ExitStatus;
842 PVOID TebBaseAddress;
843 CLIENT_ID ClientId;
844 KAFFINITY AffinityMask;
845 KPRIORITY Priority;
846 KPRIORITY BasePriority;
847 } THREAD_BASIC_INFORMATION, *PTHREAD_BASIC_INFORMATION;
848
849 #ifndef NTOS_MODE_USER
850
851 //
852 // Job Set Array
853 //
854 typedef struct _JOB_SET_ARRAY
855 {
856 HANDLE JobHandle;
857 ULONG MemberLevel;
858 ULONG Flags;
859 } JOB_SET_ARRAY, *PJOB_SET_ARRAY;
860
861 //
862 // EPROCESS Quota Structures
863 //
864 typedef struct _EPROCESS_QUOTA_ENTRY
865 {
866 SIZE_T Usage;
867 SIZE_T Limit;
868 SIZE_T Peak;
869 SIZE_T Return;
870 } EPROCESS_QUOTA_ENTRY, *PEPROCESS_QUOTA_ENTRY;
871
872 typedef struct _EPROCESS_QUOTA_BLOCK
873 {
874 EPROCESS_QUOTA_ENTRY QuotaEntry[3];
875 LIST_ENTRY QuotaList;
876 ULONG ReferenceCount;
877 ULONG ProcessCount;
878 } EPROCESS_QUOTA_BLOCK, *PEPROCESS_QUOTA_BLOCK;
879
880 //
881 // Process Pagefault History
882 //
883 typedef struct _PAGEFAULT_HISTORY
884 {
885 ULONG CurrentIndex;
886 ULONG MapIndex;
887 KSPIN_LOCK SpinLock;
888 PVOID Reserved;
889 PROCESS_WS_WATCH_INFORMATION WatchInfo[1];
890 } PAGEFAULT_HISTORY, *PPAGEFAULT_HISTORY;
891
892 //
893 // Process Impersonation Information
894 //
895 typedef struct _PS_IMPERSONATION_INFORMATION
896 {
897 PACCESS_TOKEN Token;
898 BOOLEAN CopyOnOpen;
899 BOOLEAN EffectiveOnly;
900 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
901 } PS_IMPERSONATION_INFORMATION, *PPS_IMPERSONATION_INFORMATION;
902
903 //
904 // Process Termination Port
905 //
906 typedef struct _TERMINATION_PORT
907 {
908 struct _TERMINATION_PORT *Next;
909 PVOID Port;
910 } TERMINATION_PORT, *PTERMINATION_PORT;
911
912 //
913 // Per-Process APC Rate Limiting
914 //
915 typedef struct _PSP_RATE_APC
916 {
917 union
918 {
919 SINGLE_LIST_ENTRY NextApc;
920 ULONGLONG ExcessCycles;
921 };
922 ULONGLONG TargetGEneration;
923 KAPC RateApc;
924 } PSP_RATE_APC, *PPSP_RATE_APC;
925
926 //
927 // Executive Thread (ETHREAD)
928 //
929 typedef struct _ETHREAD
930 {
931 KTHREAD Tcb;
932 LARGE_INTEGER CreateTime;
933 union
934 {
935 LARGE_INTEGER ExitTime;
936 LIST_ENTRY LpcReplyChain;
937 LIST_ENTRY KeyedWaitChain;
938 };
939 union
940 {
941 NTSTATUS ExitStatus;
942 PVOID OfsChain;
943 };
944 LIST_ENTRY PostBlockList;
945 union
946 {
947 struct _TERMINATION_PORT *TerminationPort;
948 struct _ETHREAD *ReaperLink;
949 PVOID KeyedWaitValue;
950 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
951 PVOID Win32StartParameter;
952 #endif
953 };
954 KSPIN_LOCK ActiveTimerListLock;
955 LIST_ENTRY ActiveTimerListHead;
956 CLIENT_ID Cid;
957 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
958 KSEMAPHORE KeyedWaitSemaphore;
959 #else
960 union
961 {
962 KSEMAPHORE LpcReplySemaphore;
963 KSEMAPHORE KeyedWaitSemaphore;
964 };
965 union
966 {
967 PVOID LpcReplyMessage;
968 PVOID LpcWaitingOnPort;
969 };
970 #endif
971 PPS_IMPERSONATION_INFORMATION ImpersonationInfo;
972 LIST_ENTRY IrpList;
973 ULONG_PTR TopLevelIrp;
974 PDEVICE_OBJECT DeviceToVerify;
975 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
976 PPSP_RATE_APC RateControlApc;
977 #else
978 struct _EPROCESS *ThreadsProcess;
979 #endif
980 PVOID Win32StartAddress;
981 union
982 {
983 PKSTART_ROUTINE StartAddress;
984 ULONG LpcReceivedMessageId;
985 };
986 LIST_ENTRY ThreadListEntry;
987 EX_RUNDOWN_REF RundownProtect;
988 EX_PUSH_LOCK ThreadLock;
989 #if (NTDDI_VERSION < NTDDI_LONGHORN)
990 ULONG LpcReplyMessageId;
991 #endif
992 ULONG ReadClusterSize;
993 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
994 ULONG SpareUlong0;
995 #else
996 ACCESS_MASK GrantedAccess;
997 #endif
998 union
999 {
1000 struct
1001 {
1002 ULONG Terminated:1;
1003 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1004 ULONG ThreadInserted:1;
1005 #else
1006 ULONG DeadThread:1;
1007 #endif
1008 ULONG HideFromDebugger:1;
1009 ULONG ActiveImpersonationInfo:1;
1010 ULONG SystemThread:1;
1011 ULONG HardErrorsAreDisabled:1;
1012 ULONG BreakOnTermination:1;
1013 ULONG SkipCreationMsg:1;
1014 ULONG SkipTerminationMsg:1;
1015 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1016 ULONG CreateMsgSent:1;
1017 ULONG ThreadIoPriority:3;
1018 ULONG ThreadPagePriority:3;
1019 ULONG PendingRatecontrol:1;
1020 #endif
1021 };
1022 ULONG CrossThreadFlags;
1023 };
1024 union
1025 {
1026 struct
1027 {
1028 ULONG ActiveExWorker:1;
1029 ULONG ExWorkerCanWaitUser:1;
1030 ULONG MemoryMaker:1;
1031 ULONG KeyedEventInUse:1;
1032 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1033 ULONG RateApcState:2;
1034 #endif
1035 };
1036 ULONG SameThreadPassiveFlags;
1037 };
1038 union
1039 {
1040 struct
1041 {
1042 ULONG LpcReceivedMsgIdValid:1;
1043 ULONG LpcExitThreadCalled:1;
1044 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1045 ULONG Spare:1;
1046 #else
1047 ULONG AddressSpaceOwner:1;
1048 #endif
1049 ULONG OwnsProcessWorkingSetExclusive:1;
1050 ULONG OwnsProcessWorkingSetShared:1;
1051 ULONG OwnsSystemWorkingSetExclusive:1;
1052 ULONG OwnsSystemWorkingSetShared:1;
1053 ULONG OwnsSessionWorkingSetExclusive:1;
1054 ULONG OwnsSessionWorkingSetShared:1;
1055 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1056 ULONG SupressSymbolLoad:1;
1057 ULONG Spare1:3;
1058 ULONG PriorityRegionActive:4;
1059 #else
1060 ULONG ApcNeeded:1;
1061 #endif
1062 };
1063 ULONG SameThreadApcFlags;
1064 };
1065 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1066 UCHAR CacheManagerActive;
1067 #else
1068 UCHAR ForwardClusterOnly;
1069 #endif
1070 UCHAR DisablePageFaultClustering;
1071 UCHAR ActiveFaultCount;
1072 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1073 ULONG AlpcMessageId;
1074 union
1075 {
1076 PVOID AlpcMessage;
1077 ULONG AlpcReceiveAttributeSet;
1078 };
1079 LIST_ENTRY AlpcWaitListEntry;
1080 KSEMAPHORE AlpcWaitSemaphore;
1081 ULONG CacheManagerCount;
1082 #endif
1083 } ETHREAD;
1084
1085 //
1086 // Executive Process (EPROCESS)
1087 //
1088 typedef struct _EPROCESS
1089 {
1090 KPROCESS Pcb;
1091 EX_PUSH_LOCK ProcessLock;
1092 LARGE_INTEGER CreateTime;
1093 LARGE_INTEGER ExitTime;
1094 EX_RUNDOWN_REF RundownProtect;
1095 HANDLE UniqueProcessId;
1096 LIST_ENTRY ActiveProcessLinks;
1097 SIZE_T QuotaUsage[3]; /* 0=PagedPool, 1=NonPagedPool, 2=Pagefile */
1098 SIZE_T QuotaPeak[3]; /* ditto */
1099 SIZE_T CommitCharge;
1100 SIZE_T PeakVirtualSize;
1101 SIZE_T VirtualSize;
1102 LIST_ENTRY SessionProcessLinks;
1103 PVOID DebugPort;
1104 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1105 union
1106 {
1107 PVOID ExceptionPortData;
1108 ULONG ExceptionPortValue;
1109 UCHAR ExceptionPortState:3;
1110 };
1111 #else
1112 PVOID ExceptionPort;
1113 #endif
1114 PHANDLE_TABLE ObjectTable;
1115 EX_FAST_REF Token;
1116 PFN_NUMBER WorkingSetPage;
1117 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1118 EX_PUSH_LOCK AddressCreationLock;
1119 PETHREAD RotateInProgress;
1120 #else
1121 KGUARDED_MUTEX AddressCreationLock;
1122 KSPIN_LOCK HyperSpaceLock;
1123 #endif
1124 PETHREAD ForkInProgress;
1125 ULONG_PTR HardwareTrigger;
1126 PMM_AVL_TABLE PhysicalVadRoot;
1127 PVOID CloneRoot;
1128 PFN_NUMBER NumberOfPrivatePages;
1129 PFN_NUMBER NumberOfLockedPages;
1130 PVOID *Win32Process;
1131 struct _EJOB *Job;
1132 PVOID SectionObject;
1133 PVOID SectionBaseAddress;
1134 PEPROCESS_QUOTA_BLOCK QuotaBlock;
1135 PPAGEFAULT_HISTORY WorkingSetWatch;
1136 PVOID Win32WindowStation;
1137 HANDLE InheritedFromUniqueProcessId;
1138 PVOID LdtInformation;
1139 PVOID VadFreeHint;
1140 PVOID VdmObjects;
1141 PVOID DeviceMap;
1142 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1143 PVOID EtwDataSource;
1144 PVOID FreeTebHint;
1145 #else
1146 PVOID Spare0[3];
1147 #endif
1148 union
1149 {
1150 HARDWARE_PTE PageDirectoryPte;
1151 ULONGLONG Filler;
1152 };
1153 PVOID Session;
1154 CHAR ImageFileName[16];
1155 LIST_ENTRY JobLinks;
1156 PVOID LockedPagesList;
1157 LIST_ENTRY ThreadListHead;
1158 PVOID SecurityPort;
1159 #ifdef _M_AMD64
1160 struct _WOW64_PROCESS *Wow64Process;
1161 #else
1162 PVOID PaeTop;
1163 #endif
1164 ULONG ActiveThreads;
1165 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1166 ULONG ImagePathHash;
1167 #else
1168 ACCESS_MASK GrantedAccess;
1169 #endif
1170 ULONG DefaultHardErrorProcessing;
1171 NTSTATUS LastThreadExitStatus;
1172 struct _PEB* Peb;
1173 EX_FAST_REF PrefetchTrace;
1174 LARGE_INTEGER ReadOperationCount;
1175 LARGE_INTEGER WriteOperationCount;
1176 LARGE_INTEGER OtherOperationCount;
1177 LARGE_INTEGER ReadTransferCount;
1178 LARGE_INTEGER WriteTransferCount;
1179 LARGE_INTEGER OtherTransferCount;
1180 SIZE_T CommitChargeLimit;
1181 SIZE_T CommitChargePeak;
1182 PVOID AweInfo;
1183 SE_AUDIT_PROCESS_CREATION_INFO SeAuditProcessCreationInfo;
1184 MMSUPPORT Vm;
1185 #ifdef _M_AMD64
1186 ULONG Spares[2];
1187 #else
1188 LIST_ENTRY MmProcessLinks;
1189 #endif
1190 ULONG ModifiedPageCount;
1191 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1192 union
1193 {
1194 struct
1195 {
1196 ULONG JobNotReallyActive:1;
1197 ULONG AccountingFolded:1;
1198 ULONG NewProcessReported:1;
1199 ULONG ExitProcessReported:1;
1200 ULONG ReportCommitChanges:1;
1201 ULONG LastReportMemory:1;
1202 ULONG ReportPhysicalPageChanges:1;
1203 ULONG HandleTableRundown:1;
1204 ULONG NeedsHandleRundown:1;
1205 ULONG RefTraceEnabled:1;
1206 ULONG NumaAware:1;
1207 ULONG ProtectedProcess:1;
1208 ULONG DefaultPagePriority:3;
1209 ULONG ProcessDeleteSelf:1;
1210 ULONG ProcessVerifierTarget:1;
1211 };
1212 ULONG Flags2;
1213 };
1214 #else
1215 ULONG JobStatus;
1216 #endif
1217 union
1218 {
1219 struct
1220 {
1221 ULONG CreateReported:1;
1222 ULONG NoDebugInherit:1;
1223 ULONG ProcessExiting:1;
1224 ULONG ProcessDelete:1;
1225 ULONG Wow64SplitPages:1;
1226 ULONG VmDeleted:1;
1227 ULONG OutswapEnabled:1;
1228 ULONG Outswapped:1;
1229 ULONG ForkFailed:1;
1230 ULONG Wow64VaSpace4Gb:1;
1231 ULONG AddressSpaceInitialized:2;
1232 ULONG SetTimerResolution:1;
1233 ULONG BreakOnTermination:1;
1234 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1235 ULONG DeprioritizeViews:1;
1236 #else
1237 ULONG SessionCreationUnderway:1;
1238 #endif
1239 ULONG WriteWatch:1;
1240 ULONG ProcessInSession:1;
1241 ULONG OverrideAddressSpace:1;
1242 ULONG HasAddressSpace:1;
1243 ULONG LaunchPrefetched:1;
1244 ULONG InjectInpageErrors:1;
1245 ULONG VmTopDown:1;
1246 ULONG ImageNotifyDone:1;
1247 ULONG PdeUpdateNeeded:1;
1248 ULONG VdmAllowed:1;
1249 ULONG SmapAllowed:1;
1250 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1251 ULONG ProcessInserted:1;
1252 #else
1253 ULONG CreateFailed:1;
1254 #endif
1255 ULONG DefaultIoPriority:3;
1256 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1257 ULONG SparePsFlags1:2;
1258 #else
1259 ULONG Spare1:1;
1260 ULONG Spare2:1;
1261 #endif
1262 };
1263 ULONG Flags;
1264 };
1265 NTSTATUS ExitStatus;
1266 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1267 USHORT Spare7;
1268 #else
1269 USHORT NextPageColor;
1270 #endif
1271 union
1272 {
1273 struct
1274 {
1275 UCHAR SubSystemMinorVersion;
1276 UCHAR SubSystemMajorVersion;
1277 };
1278 USHORT SubSystemVersion;
1279 };
1280 UCHAR PriorityClass;
1281 MM_AVL_TABLE VadRoot;
1282 ULONG Cookie;
1283 } EPROCESS;
1284
1285 //
1286 // Job Token Filter Data
1287 //
1288 #include <pshpack1.h>
1289 typedef struct _PS_JOB_TOKEN_FILTER
1290 {
1291 ULONG CapturedSidCount;
1292 PSID_AND_ATTRIBUTES CapturedSids;
1293 ULONG CapturedSidsLength;
1294 ULONG CapturedGroupCount;
1295 PSID_AND_ATTRIBUTES CapturedGroups;
1296 ULONG CapturedGroupsLength;
1297 ULONG CapturedPrivilegeCount;
1298 PLUID_AND_ATTRIBUTES CapturedPrivileges;
1299 ULONG CapturedPrivilegesLength;
1300 } PS_JOB_TOKEN_FILTER, *PPS_JOB_TOKEN_FILTER;
1301
1302 //
1303 // Executive Job (EJOB)
1304 //
1305 typedef struct _EJOB
1306 {
1307 KEVENT Event;
1308 LIST_ENTRY JobLinks;
1309 LIST_ENTRY ProcessListHead;
1310 ERESOURCE JobLock;
1311 LARGE_INTEGER TotalUserTime;
1312 LARGE_INTEGER TotalKernelTime;
1313 LARGE_INTEGER ThisPeriodTotalUserTime;
1314 LARGE_INTEGER ThisPeriodTotalKernelTime;
1315 ULONG TotalPageFaultCount;
1316 ULONG TotalProcesses;
1317 ULONG ActiveProcesses;
1318 ULONG TotalTerminatedProcesses;
1319 LARGE_INTEGER PerProcessUserTimeLimit;
1320 LARGE_INTEGER PerJobUserTimeLimit;
1321 ULONG LimitFlags;
1322 ULONG MinimumWorkingSetSize;
1323 ULONG MaximumWorkingSetSize;
1324 ULONG ActiveProcessLimit;
1325 ULONG Affinity;
1326 UCHAR PriorityClass;
1327 ULONG UIRestrictionsClass;
1328 ULONG SecurityLimitFlags;
1329 PVOID Token;
1330 PPS_JOB_TOKEN_FILTER Filter;
1331 ULONG EndOfJobTimeAction;
1332 PVOID CompletionPort;
1333 PVOID CompletionKey;
1334 ULONG SessionId;
1335 ULONG SchedulingClass;
1336 ULONGLONG ReadOperationCount;
1337 ULONGLONG WriteOperationCount;
1338 ULONGLONG OtherOperationCount;
1339 ULONGLONG ReadTransferCount;
1340 ULONGLONG WriteTransferCount;
1341 ULONGLONG OtherTransferCount;
1342 IO_COUNTERS IoInfo;
1343 ULONG ProcessMemoryLimit;
1344 ULONG JobMemoryLimit;
1345 ULONG PeakProcessMemoryUsed;
1346 ULONG PeakJobMemoryUsed;
1347 ULONG CurrentJobMemoryUsed;
1348 #if (NTDDI_VERSION >= NTDDI_WINXP) && (NTDDI_VERSION < NTDDI_WS03)
1349 FAST_MUTEX MemoryLimitsLock;
1350 #elif (NTDDI_VERSION >= NTDDI_WS03) && (NTDDI_VERSION < NTDDI_LONGHORN)
1351 KGUARDED_MUTEX MemoryLimitsLock;
1352 #elif (NTDDI_VERSION >= NTDDI_LONGHORN)
1353 EX_PUSH_LOCK MemoryLimitsLock;
1354 #endif
1355 LIST_ENTRY JobSetLinks;
1356 ULONG MemberLevel;
1357 ULONG JobFlags;
1358 } EJOB, *PEJOB;
1359 #include <poppack.h>
1360
1361 //
1362 // Win32K Callback Registration Data
1363 //
1364 typedef struct _WIN32_POWEREVENT_PARAMETERS
1365 {
1366 PSPOWEREVENTTYPE EventNumber;
1367 ULONG Code;
1368 } WIN32_POWEREVENT_PARAMETERS, *PWIN32_POWEREVENT_PARAMETERS;
1369
1370 typedef struct _WIN32_POWERSTATE_PARAMETERS
1371 {
1372 UCHAR Promotion;
1373 POWER_ACTION SystemAction;
1374 SYSTEM_POWER_STATE MinSystemState;
1375 ULONG Flags;
1376 POWERSTATETASK PowerStateTask;
1377 } WIN32_POWERSTATE_PARAMETERS, *PWIN32_POWERSTATE_PARAMETERS;
1378
1379 typedef struct _WIN32_JOBCALLOUT_PARAMETERS
1380 {
1381 PVOID Job;
1382 PSW32JOBCALLOUTTYPE CalloutType;
1383 PVOID Data;
1384 } WIN32_JOBCALLOUT_PARAMETERS, *PWIN32_JOBCALLOUT_PARAMETERS;
1385
1386 typedef struct _WIN32_OPENMETHOD_PARAMETERS
1387 {
1388 OB_OPEN_REASON OpenReason;
1389 PEPROCESS Process;
1390 PVOID Object;
1391 ULONG GrantedAccess;
1392 ULONG HandleCount;
1393 } WIN32_OPENMETHOD_PARAMETERS, *PWIN32_OPENMETHOD_PARAMETERS;
1394
1395 typedef struct _WIN32_OKAYTOCLOSEMETHOD_PARAMETERS
1396 {
1397 PEPROCESS Process;
1398 PVOID Object;
1399 HANDLE Handle;
1400 KPROCESSOR_MODE PreviousMode;
1401 } WIN32_OKAYTOCLOSEMETHOD_PARAMETERS, *PWIN32_OKAYTOCLOSEMETHOD_PARAMETERS;
1402
1403 typedef struct _WIN32_CLOSEMETHOD_PARAMETERS
1404 {
1405 PEPROCESS Process;
1406 PVOID Object;
1407 ACCESS_MASK AccessMask;
1408 ULONG ProcessHandleCount;
1409 ULONG SystemHandleCount;
1410 } WIN32_CLOSEMETHOD_PARAMETERS, *PWIN32_CLOSEMETHOD_PARAMETERS;
1411
1412 typedef struct _WIN32_DELETEMETHOD_PARAMETERS
1413 {
1414 PVOID Object;
1415 } WIN32_DELETEMETHOD_PARAMETERS, *PWIN32_DELETEMETHOD_PARAMETERS;
1416
1417 typedef struct _WIN32_PARSEMETHOD_PARAMETERS
1418 {
1419 PVOID ParseObject;
1420 PVOID ObjectType;
1421 PACCESS_STATE AccessState;
1422 KPROCESSOR_MODE AccessMode;
1423 ULONG Attributes;
1424 _Out_ PUNICODE_STRING CompleteName;
1425 PUNICODE_STRING RemainingName;
1426 PVOID Context;
1427 PSECURITY_QUALITY_OF_SERVICE SecurityQos;
1428 PVOID *Object;
1429 } WIN32_PARSEMETHOD_PARAMETERS, *PWIN32_PARSEMETHOD_PARAMETERS;
1430
1431 typedef struct _WIN32_CALLOUTS_FPNS
1432 {
1433 PKWIN32_PROCESS_CALLOUT ProcessCallout;
1434 PKWIN32_THREAD_CALLOUT ThreadCallout;
1435 PKWIN32_GLOBALATOMTABLE_CALLOUT GlobalAtomTableCallout;
1436 PKWIN32_POWEREVENT_CALLOUT PowerEventCallout;
1437 PKWIN32_POWERSTATE_CALLOUT PowerStateCallout;
1438 PKWIN32_JOB_CALLOUT JobCallout;
1439 PGDI_BATCHFLUSH_ROUTINE BatchFlushRoutine;
1440 PKWIN32_SESSION_CALLOUT DesktopOpenProcedure;
1441 PKWIN32_SESSION_CALLOUT DesktopOkToCloseProcedure;
1442 PKWIN32_SESSION_CALLOUT DesktopCloseProcedure;
1443 PKWIN32_SESSION_CALLOUT DesktopDeleteProcedure;
1444 PKWIN32_SESSION_CALLOUT WindowStationOkToCloseProcedure;
1445 PKWIN32_SESSION_CALLOUT WindowStationCloseProcedure;
1446 PKWIN32_SESSION_CALLOUT WindowStationDeleteProcedure;
1447 PKWIN32_SESSION_CALLOUT WindowStationParseProcedure;
1448 PKWIN32_SESSION_CALLOUT WindowStationOpenProcedure;
1449 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1450 PKWIN32_WIN32DATACOLLECTION_CALLOUT Win32DataCollectionProcedure;
1451 #endif
1452 } WIN32_CALLOUTS_FPNS, *PWIN32_CALLOUTS_FPNS;
1453
1454 #endif // !NTOS_MODE_USER
1455
1456 #ifdef __cplusplus
1457 }; // extern "C"
1458 #endif
1459
1460 #endif // _PSTYPES_H