projects / reactos.git / blob
? search:


caeb127e080d064975f4e6ba7d854a0f958421fe
[reactos.git] / reactos / include / ndk / pstypes.h
1 /*++ NDK Version: 0098
2
3 Copyright (c) Alex Ionescu. All rights reserved.
4
5 Header Name:
6
7 pstypes.h
8
9 Abstract:
10
11 Type definitions for the Process Manager
12
13 Author:
14
15 Alex Ionescu (alexi@tinykrnl.org) - Updated - 27-Feb-2006
16
17 --*/
18
19 #ifndef _PSTYPES_H
20 #define _PSTYPES_H
21
22 //
23 // Dependencies
24 //
25 #include <umtypes.h>
26 #include <ldrtypes.h>
27 #include <mmtypes.h>
28 #include <obtypes.h>
29 #include <rtltypes.h>
30 #ifndef NTOS_MODE_USER
31 #include <extypes.h>
32 #include <setypes.h>
33 #endif
34
35 #ifdef __cplusplus
36 extern "C" {
37 #endif
38
39 #ifndef NTOS_MODE_USER
40
41 //
42 // Kernel Exported Object Types
43 //
44 extern POBJECT_TYPE NTSYSAPI PsJobType;
45
46 #endif // !NTOS_MODE_USER
47
48 //
49 // KUSER_SHARED_DATA location in User Mode
50 //
51 #define USER_SHARED_DATA (0x7FFE0000)
52
53 //
54 // Global Flags
55 //
56 #define FLG_STOP_ON_EXCEPTION 0x00000001
57 #define FLG_SHOW_LDR_SNAPS 0x00000002
58 #define FLG_DEBUG_INITIAL_COMMAND 0x00000004
59 #define FLG_STOP_ON_HUNG_GUI 0x00000008
60 #define FLG_HEAP_ENABLE_TAIL_CHECK 0x00000010
61 #define FLG_HEAP_ENABLE_FREE_CHECK 0x00000020
62 #define FLG_HEAP_VALIDATE_PARAMETERS 0x00000040
63 #define FLG_HEAP_VALIDATE_ALL 0x00000080
64 #define FLG_POOL_ENABLE_TAIL_CHECK 0x00000100
65 #define FLG_POOL_ENABLE_FREE_CHECK 0x00000200
66 #define FLG_POOL_ENABLE_TAGGING 0x00000400
67 #define FLG_HEAP_ENABLE_TAGGING 0x00000800
68 #define FLG_USER_STACK_TRACE_DB 0x00001000
69 #define FLG_KERNEL_STACK_TRACE_DB 0x00002000
70 #define FLG_MAINTAIN_OBJECT_TYPELIST 0x00004000
71 #define FLG_HEAP_ENABLE_TAG_BY_DLL 0x00008000
72 #define FLG_IGNORE_DEBUG_PRIV 0x00010000
73 #define FLG_ENABLE_CSRDEBUG 0x00020000
74 #define FLG_ENABLE_KDEBUG_SYMBOL_LOAD 0x00040000
75 #define FLG_DISABLE_PAGE_KERNEL_STACKS 0x00080000
76 #if (NTDDI_VERSION < NTDDI_WINXP)
77 #define FLG_HEAP_ENABLE_CALL_TRACING 0x00100000
78 #else
79 #define FLG_ENABLE_SYSTEM_CRIT_BREAKS 0x00100000
80 #endif
81 #define FLG_HEAP_DISABLE_COALESCING 0x00200000
82 #define FLG_ENABLE_CLOSE_EXCEPTIONS 0x00400000
83 #define FLG_ENABLE_EXCEPTION_LOGGING 0x00800000
84 #define FLG_ENABLE_HANDLE_TYPE_TAGGING 0x01000000
85 #define FLG_HEAP_PAGE_ALLOCS 0x02000000
86 #define FLG_DEBUG_INITIAL_COMMAND_EX 0x04000000
87 #define FLG_VALID_BITS 0x07FFFFFF
88
89 //
90 // Flags for NtCreateProcessEx
91 //
92 #define PROCESS_CREATE_FLAGS_BREAKAWAY 0x00000001
93 #define PROCESS_CREATE_FLAGS_NO_DEBUG_INHERIT 0x00000002
94 #define PROCESS_CREATE_FLAGS_INHERIT_HANDLES 0x00000004
95 #define PROCESS_CREATE_FLAGS_OVERRIDE_ADDRESS_SPACE 0x00000008
96 #define PROCESS_CREATE_FLAGS_LARGE_PAGES 0x00000010
97 #define PROCESS_CREATE_FLAGS_ALL_LARGE_PAGE_FLAGS PROCESS_CREATE_FLAGS_LARGE_PAGES
98 #define PROCESS_CREATE_FLAGS_LEGAL_MASK (PROCESS_CREATE_FLAGS_BREAKAWAY | \
99 PROCESS_CREATE_FLAGS_NO_DEBUG_INHERIT | \
100 PROCESS_CREATE_FLAGS_INHERIT_HANDLES | \
101 PROCESS_CREATE_FLAGS_OVERRIDE_ADDRESS_SPACE | \
102 PROCESS_CREATE_FLAGS_ALL_LARGE_PAGE_FLAGS)
103
104 //
105 // Process priority classes
106 //
107 #define PROCESS_PRIORITY_CLASS_INVALID 0
108 #define PROCESS_PRIORITY_CLASS_IDLE 1
109 #define PROCESS_PRIORITY_CLASS_NORMAL 2
110 #define PROCESS_PRIORITY_CLASS_HIGH 3
111 #define PROCESS_PRIORITY_CLASS_REALTIME 4
112 #define PROCESS_PRIORITY_CLASS_BELOW_NORMAL 5
113 #define PROCESS_PRIORITY_CLASS_ABOVE_NORMAL 6
114
115 //
116 // Process base priorities
117 //
118 #define PROCESS_PRIORITY_IDLE 3
119 #define PROCESS_PRIORITY_NORMAL 8
120 #define PROCESS_PRIORITY_NORMAL_FOREGROUND 9
121
122 //
123 // Process memory priorities
124 //
125 #define MEMORY_PRIORITY_BACKGROUND 0
126 #define MEMORY_PRIORITY_UNKNOWN 1
127 #define MEMORY_PRIORITY_FOREGROUND 2
128
129 //
130 // Process Priority Separation Values (OR)
131 //
132 #define PSP_VARIABLE_QUANTUMS 4
133 #define PSP_LONG_QUANTUMS 16
134
135 #ifndef NTOS_MODE_USER
136 //
137 // Thread Access Types
138 //
139 #define THREAD_QUERY_INFORMATION 0x0040
140 #define THREAD_SET_THREAD_TOKEN 0x0080
141 #define THREAD_IMPERSONATE 0x0100
142 #define THREAD_DIRECT_IMPERSONATION 0x0200
143
144 //
145 // Process Access Types
146 //
147 #define PROCESS_TERMINATE 0x0001
148 #define PROCESS_CREATE_THREAD 0x0002
149 #define PROCESS_SET_SESSIONID 0x0004
150 #define PROCESS_VM_OPERATION 0x0008
151 #define PROCESS_VM_READ 0x0010
152 #define PROCESS_VM_WRITE 0x0020
153 #define PROCESS_CREATE_PROCESS 0x0080
154 #define PROCESS_SET_QUOTA 0x0100
155 #define PROCESS_SET_INFORMATION 0x0200
156 #define PROCESS_QUERY_INFORMATION 0x0400
157 #define PROCESS_SUSPEND_RESUME 0x0800
158 #define PROCESS_QUERY_LIMITED_INFORMATION 0x1000
159 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
160 #define PROCESS_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | \
161 SYNCHRONIZE | \
162 0xFFFF)
163 #else
164 #define PROCESS_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | \
165 SYNCHRONIZE | \
166 0xFFF)
167 #endif
168
169 //
170 // Thread Base Priorities
171 //
172 #define THREAD_BASE_PRIORITY_LOWRT 15
173 #define THREAD_BASE_PRIORITY_MAX 2
174 #define THREAD_BASE_PRIORITY_MIN -2
175 #define THREAD_BASE_PRIORITY_IDLE -15
176
177 //
178 // TLS Slots
179 //
180 #define TLS_MINIMUM_AVAILABLE 64
181
182 //
183 // Job Access Types
184 //
185 #define JOB_OBJECT_ASSIGN_PROCESS 0x1
186 #define JOB_OBJECT_SET_ATTRIBUTES 0x2
187 #define JOB_OBJECT_QUERY 0x4
188 #define JOB_OBJECT_TERMINATE 0x8
189 #define JOB_OBJECT_SET_SECURITY_ATTRIBUTES 0x10
190 #define JOB_OBJECT_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | \
191 SYNCHRONIZE | \
192 31)
193
194 //
195 // Job Limit Flags
196 //
197 #define JOB_OBJECT_LIMIT_WORKINGSET 0x1
198 #define JOB_OBJECT_LIMIT_PROCESS_TIME 0x2
199 #define JOB_OBJECT_LIMIT_JOB_TIME 0x4
200 #define JOB_OBJECT_LIMIT_ACTIVE_PROCESS 0x8
201 #define JOB_OBJECT_LIMIT_AFFINITY 0x10
202 #define JOB_OBJECT_LIMIT_PRIORITY_CLASS 0x20
203 #define JOB_OBJECT_LIMIT_PRESERVE_JOB_TIME 0x40
204 #define JOB_OBJECT_LIMIT_SCHEDULING_CLASS 0x80
205 #define JOB_OBJECT_LIMIT_PROCESS_MEMORY 0x100
206 #define JOB_OBJECT_LIMIT_JOB_MEMORY 0x200
207 #define JOB_OBJECT_LIMIT_DIE_ON_UNHANDLED_EXCEPTION 0x400
208 #define JOB_OBJECT_LIMIT_BREAKAWAY_OK 0x800
209 #define JOB_OBJECT_LIMIT_SILENT_BREAKAWAY_OK 0x1000
210 #define JOB_OBJECT_LIMIT_KILL_ON_JOB_CLOSE 0x2000
211
212 //
213 // Cross Thread Flags
214 //
215 #define CT_TERMINATED_BIT 0x1
216 #define CT_DEAD_THREAD_BIT 0x2
217 #define CT_HIDE_FROM_DEBUGGER_BIT 0x4
218 #define CT_ACTIVE_IMPERSONATION_INFO_BIT 0x8
219 #define CT_SYSTEM_THREAD_BIT 0x10
220 #define CT_HARD_ERRORS_ARE_DISABLED_BIT 0x20
221 #define CT_BREAK_ON_TERMINATION_BIT 0x40
222 #define CT_SKIP_CREATION_MSG_BIT 0x80
223 #define CT_SKIP_TERMINATION_MSG_BIT 0x100
224
225 //
226 // Same Thread Passive Flags
227 //
228 #define STP_ACTIVE_EX_WORKER_BIT 0x1
229 #define STP_EX_WORKER_CAN_WAIT_USER_BIT 0x2
230 #define STP_MEMORY_MAKER_BIT 0x4
231 #define STP_KEYED_EVENT_IN_USE_BIT 0x8
232
233 //
234 // Same Thread APC Flags
235 //
236 #define STA_LPC_RECEIVED_MSG_ID_VALID_BIT 0x1
237 #define STA_LPC_EXIT_THREAD_CALLED_BIT 0x2
238 #define STA_ADDRESS_SPACE_OWNER_BIT 0x4
239 #define STA_OWNS_WORKING_SET_BITS 0x1F8
240
241 //
242 // Kernel Process flags (maybe in ketypes.h?)
243 //
244 #define KPSF_AUTO_ALIGNMENT_BIT 0
245 #define KPSF_DISABLE_BOOST_BIT 1
246
247 //
248 // Process Flags
249 //
250 #define PSF_CREATE_REPORTED_BIT 0x1
251 #define PSF_NO_DEBUG_INHERIT_BIT 0x2
252 #define PSF_PROCESS_EXITING_BIT 0x4
253 #define PSF_PROCESS_DELETE_BIT 0x8
254 #define PSF_WOW64_SPLIT_PAGES_BIT 0x10
255 #define PSF_VM_DELETED_BIT 0x20
256 #define PSF_OUTSWAP_ENABLED_BIT 0x40
257 #define PSF_OUTSWAPPED_BIT 0x80
258 #define PSF_FORK_FAILED_BIT 0x100
259 #define PSF_WOW64_VA_SPACE_4GB_BIT 0x200
260 #define PSF_ADDRESS_SPACE_INITIALIZED_BIT 0x400
261 #define PSF_SET_TIMER_RESOLUTION_BIT 0x1000
262 #define PSF_BREAK_ON_TERMINATION_BIT 0x2000
263 #define PSF_SESSION_CREATION_UNDERWAY_BIT 0x4000
264 #define PSF_WRITE_WATCH_BIT 0x8000
265 #define PSF_PROCESS_IN_SESSION_BIT 0x10000
266 #define PSF_OVERRIDE_ADDRESS_SPACE_BIT 0x20000
267 #define PSF_HAS_ADDRESS_SPACE_BIT 0x40000
268 #define PSF_LAUNCH_PREFETCHED_BIT 0x80000
269 #define PSF_INJECT_INPAGE_ERRORS_BIT 0x100000
270 #define PSF_VM_TOP_DOWN_BIT 0x200000
271 #define PSF_IMAGE_NOTIFY_DONE_BIT 0x400000
272 #define PSF_PDE_UPDATE_NEEDED_BIT 0x800000
273 #define PSF_VDM_ALLOWED_BIT 0x1000000
274 #define PSF_SWAP_ALLOWED_BIT 0x2000000
275 #define PSF_CREATE_FAILED_BIT 0x4000000
276 #define PSF_DEFAULT_IO_PRIORITY_BIT 0x8000000
277
278 //
279 // Vista Process Flags
280 //
281 #define PSF2_PROTECTED_BIT 0x800
282 #endif
283
284 //
285 // TLS/FLS Defines
286 //
287 #define TLS_EXPANSION_SLOTS 1024
288
289 #ifdef NTOS_MODE_USER
290 //
291 // Thread Native Base Priorities
292 //
293 #define LOW_PRIORITY 0
294 #define LOW_REALTIME_PRIORITY 16
295 #define HIGH_PRIORITY 31
296 #define MAXIMUM_PRIORITY 32
297
298 //
299 // Current Process/Thread built-in 'special' handles
300 //
301 #define NtCurrentProcess() ((HANDLE)(LONG_PTR)-1)
302 #define ZwCurrentProcess() NtCurrentProcess()
303 #define NtCurrentThread() ((HANDLE)(LONG_PTR)-2)
304 #define ZwCurrentThread() NtCurrentThread()
305
306 //
307 // Process/Thread/Job Information Classes for NtQueryInformationProcess/Thread/Job
308 //
309 typedef enum _PROCESSINFOCLASS
310 {
311 ProcessBasicInformation,
312 ProcessQuotaLimits,
313 ProcessIoCounters,
314 ProcessVmCounters,
315 ProcessTimes,
316 ProcessBasePriority,
317 ProcessRaisePriority,
318 ProcessDebugPort,
319 ProcessExceptionPort,
320 ProcessAccessToken,
321 ProcessLdtInformation,
322 ProcessLdtSize,
323 ProcessDefaultHardErrorMode,
324 ProcessIoPortHandlers,
325 ProcessPooledUsageAndLimits,
326 ProcessWorkingSetWatch,
327 ProcessUserModeIOPL,
328 ProcessEnableAlignmentFaultFixup,
329 ProcessPriorityClass,
330 ProcessWx86Information,
331 ProcessHandleCount,
332 ProcessAffinityMask,
333 ProcessPriorityBoost,
334 ProcessDeviceMap,
335 ProcessSessionInformation,
336 ProcessForegroundInformation,
337 ProcessWow64Information,
338 ProcessImageFileName,
339 ProcessLUIDDeviceMapsEnabled,
340 ProcessBreakOnTermination,
341 ProcessDebugObjectHandle,
342 ProcessDebugFlags,
343 ProcessHandleTracing,
344 ProcessIoPriority,
345 ProcessExecuteFlags,
346 ProcessTlsInformation,
347 ProcessCookie,
348 ProcessImageInformation,
349 ProcessCycleTime,
350 ProcessPagePriority,
351 ProcessInstrumentationCallback,
352 ProcessThreadStackAllocation,
353 ProcessWorkingSetWatchEx,
354 ProcessImageFileNameWin32,
355 ProcessImageFileMapping,
356 ProcessAffinityUpdateMode,
357 ProcessMemoryAllocationMode,
358 MaxProcessInfoClass
359 } PROCESSINFOCLASS;
360
361 typedef enum _THREADINFOCLASS
362 {
363 ThreadBasicInformation,
364 ThreadTimes,
365 ThreadPriority,
366 ThreadBasePriority,
367 ThreadAffinityMask,
368 ThreadImpersonationToken,
369 ThreadDescriptorTableEntry,
370 ThreadEnableAlignmentFaultFixup,
371 ThreadEventPair_Reusable,
372 ThreadQuerySetWin32StartAddress,
373 ThreadZeroTlsCell,
374 ThreadPerformanceCount,
375 ThreadAmILastThread,
376 ThreadIdealProcessor,
377 ThreadPriorityBoost,
378 ThreadSetTlsArrayAddress,
379 ThreadIsIoPending,
380 ThreadHideFromDebugger,
381 ThreadBreakOnTermination,
382 ThreadSwitchLegacyState,
383 ThreadIsTerminated,
384 ThreadLastSystemCall,
385 ThreadIoPriority,
386 ThreadCycleTime,
387 ThreadPagePriority,
388 ThreadActualBasePriority,
389 ThreadTebInformation,
390 ThreadCSwitchMon,
391 MaxThreadInfoClass
392 } THREADINFOCLASS;
393
394 #else
395
396 typedef enum _PSPROCESSPRIORITYMODE
397 {
398 PsProcessPriorityForeground,
399 PsProcessPriorityBackground,
400 PsProcessPrioritySpinning
401 } PSPROCESSPRIORITYMODE;
402
403 typedef enum _JOBOBJECTINFOCLASS
404 {
405 JobObjectBasicAccountingInformation = 1,
406 JobObjectBasicLimitInformation,
407 JobObjectBasicProcessIdList,
408 JobObjectBasicUIRestrictions,
409 JobObjectSecurityLimitInformation,
410 JobObjectEndOfJobTimeInformation,
411 JobObjectAssociateCompletionPortInformation,
412 JobObjectBasicAndIoAccountingInformation,
413 JobObjectExtendedLimitInformation,
414 JobObjectJobSetInformation,
415 MaxJobObjectInfoClass
416 } JOBOBJECTINFOCLASS;
417
418 //
419 // Power Event Events for Win32K Power Event Callback
420 //
421 typedef enum _PSPOWEREVENTTYPE
422 {
423 PsW32FullWake = 0,
424 PsW32EventCode = 1,
425 PsW32PowerPolicyChanged = 2,
426 PsW32SystemPowerState = 3,
427 PsW32SystemTime = 4,
428 PsW32DisplayState = 5,
429 PsW32CapabilitiesChanged = 6,
430 PsW32SetStateFailed = 7,
431 PsW32GdiOff = 8,
432 PsW32GdiOn = 9,
433 PsW32GdiPrepareResumeUI = 10,
434 PsW32GdiOffRequest = 11,
435 PsW32MonitorOff = 12,
436 } PSPOWEREVENTTYPE;
437
438 //
439 // Power State Tasks for Win32K Power State Callback
440 //
441 typedef enum _POWERSTATETASK
442 {
443 PowerState_BlockSessionSwitch = 0,
444 PowerState_Init = 1,
445 PowerState_QueryApps = 2,
446 PowerState_QueryServices = 3,
447 PowerState_QueryAppsFailed = 4,
448 PowerState_QueryServicesFailed = 5,
449 PowerState_SuspendApps = 6,
450 PowerState_SuspendServices = 7,
451 PowerState_ShowUI = 8,
452 PowerState_NotifyWL = 9,
453 PowerState_ResumeApps = 10,
454 PowerState_ResumeServices = 11,
455 PowerState_UnBlockSessionSwitch = 12,
456 PowerState_End = 13,
457 PowerState_BlockInput = 14,
458 PowerState_UnblockInput = 15,
459 } POWERSTATETASK;
460
461 //
462 // Win32K Job Callback Types
463 //
464 typedef enum _PSW32JOBCALLOUTTYPE
465 {
466 PsW32JobCalloutSetInformation = 0,
467 PsW32JobCalloutAddProcess = 1,
468 PsW32JobCalloutTerminate = 2,
469 } PSW32JOBCALLOUTTYPE;
470
471 //
472 // Win32K Thread Callback Types
473 //
474 typedef enum _PSW32THREADCALLOUTTYPE
475 {
476 PsW32ThreadCalloutInitialize,
477 PsW32ThreadCalloutExit,
478 } PSW32THREADCALLOUTTYPE;
479
480 //
481 // Declare empty structure definitions so that they may be referenced by
482 // routines before they are defined
483 //
484 struct _W32THREAD;
485 struct _W32PROCESS;
486 //struct _ETHREAD;
487 struct _WIN32_POWEREVENT_PARAMETERS;
488 struct _WIN32_POWERSTATE_PARAMETERS;
489 struct _WIN32_JOBCALLOUT_PARAMETERS;
490 struct _WIN32_OPENMETHOD_PARAMETERS;
491 struct _WIN32_OKAYTOCLOSEMETHOD_PARAMETERS;
492 struct _WIN32_CLOSEMETHOD_PARAMETERS;
493 struct _WIN32_DELETEMETHOD_PARAMETERS;
494 struct _WIN32_PARSEMETHOD_PARAMETERS;
495
496 //
497 // Win32K Process and Thread Callbacks
498 //
499 typedef
500 NTSTATUS
501 (NTAPI *PKWIN32_PROCESS_CALLOUT)(
502 _In_ struct _EPROCESS *Process,
503 _In_ BOOLEAN Create
504 );
505
506 typedef
507 NTSTATUS
508 (NTAPI *PKWIN32_THREAD_CALLOUT)(
509 _In_ struct _ETHREAD *Thread,
510 _In_ PSW32THREADCALLOUTTYPE Type
511 );
512
513 typedef
514 NTSTATUS
515 (NTAPI *PKWIN32_GLOBALATOMTABLE_CALLOUT)(
516 VOID
517 );
518
519 typedef
520 NTSTATUS
521 (NTAPI *PKWIN32_POWEREVENT_CALLOUT)(
522 _In_ struct _WIN32_POWEREVENT_PARAMETERS *Parameters
523 );
524
525 typedef
526 NTSTATUS
527 (NTAPI *PKWIN32_POWERSTATE_CALLOUT)(
528 _In_ struct _WIN32_POWERSTATE_PARAMETERS *Parameters
529 );
530
531 typedef
532 NTSTATUS
533 (NTAPI *PKWIN32_JOB_CALLOUT)(
534 _In_ struct _WIN32_JOBCALLOUT_PARAMETERS *Parameters
535 );
536
537 typedef
538 NTSTATUS
539 (NTAPI *PGDI_BATCHFLUSH_ROUTINE)(
540 VOID
541 );
542
543 typedef
544 NTSTATUS
545 (NTAPI *PKWIN32_OPENMETHOD_CALLOUT)(
546 _In_ struct _WIN32_OPENMETHOD_PARAMETERS *Parameters
547 );
548
549 typedef
550 NTSTATUS
551 (NTAPI *PKWIN32_OKTOCLOSEMETHOD_CALLOUT)(
552 _In_ struct _WIN32_OKAYTOCLOSEMETHOD_PARAMETERS *Parameters
553 );
554
555 typedef
556 NTSTATUS
557 (NTAPI *PKWIN32_CLOSEMETHOD_CALLOUT)(
558 _In_ struct _WIN32_CLOSEMETHOD_PARAMETERS *Parameters
559 );
560
561 typedef
562 VOID
563 (NTAPI *PKWIN32_DELETEMETHOD_CALLOUT)(
564 _In_ struct _WIN32_DELETEMETHOD_PARAMETERS *Parameters
565 );
566
567 typedef
568 NTSTATUS
569 (NTAPI *PKWIN32_PARSEMETHOD_CALLOUT)(
570 _In_ struct _WIN32_PARSEMETHOD_PARAMETERS *Parameters
571 );
572
573 typedef
574 NTSTATUS
575 (NTAPI *PKWIN32_WIN32DATACOLLECTION_CALLOUT)(
576 _In_ struct _EPROCESS *Process,
577 _In_ PVOID Callback,
578 _In_ PVOID Context
579 );
580
581 //
582 // Lego Callback
583 //
584 typedef
585 VOID
586 (NTAPI *PLEGO_NOTIFY_ROUTINE)(
587 _In_ PKTHREAD Thread
588 );
589
590 #endif
591
592 typedef NTSTATUS
593 (NTAPI *PPOST_PROCESS_INIT_ROUTINE)(
594 VOID
595 );
596
597 //
598 // Descriptor Table Entry Definition
599 //
600 #if (_M_IX86)
601 #define _DESCRIPTOR_TABLE_ENTRY_DEFINED
602 typedef struct _DESCRIPTOR_TABLE_ENTRY
603 {
604 ULONG Selector;
605 LDT_ENTRY Descriptor;
606 } DESCRIPTOR_TABLE_ENTRY, *PDESCRIPTOR_TABLE_ENTRY;
607 #endif
608
609 //
610 // PEB Lock Routine
611 //
612 typedef VOID
613 (NTAPI *PPEBLOCKROUTINE)(
614 PVOID PebLock
615 );
616
617 //
618 // PEB Free Block Descriptor
619 //
620 typedef struct _PEB_FREE_BLOCK
621 {
622 struct _PEB_FREE_BLOCK* Next;
623 ULONG Size;
624 } PEB_FREE_BLOCK, *PPEB_FREE_BLOCK;
625
626 //
627 // Initial PEB
628 //
629 typedef struct _INITIAL_PEB
630 {
631 BOOLEAN InheritedAddressSpace;
632 BOOLEAN ReadImageFileExecOptions;
633 BOOLEAN BeingDebugged;
634 union
635 {
636 BOOLEAN BitField;
637 #if (NTDDI_VERSION >= NTDDI_WS03)
638 struct
639 {
640 BOOLEAN ImageUsesLargePages:1;
641 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
642 BOOLEAN IsProtectedProcess:1;
643 BOOLEAN IsLegacyProcess:1;
644 BOOLEAN SpareBits:5;
645 #else
646 BOOLEAN SpareBits:7;
647 #endif
648 };
649 #else
650 BOOLEAN SpareBool;
651 #endif
652 };
653 HANDLE Mutant;
654 } INITIAL_PEB, *PINITIAL_PEB;
655
656 //
657 // Initial TEB
658 //
659 typedef struct _INITIAL_TEB
660 {
661 PVOID PreviousStackBase;
662 PVOID PreviousStackLimit;
663 PVOID StackBase;
664 PVOID StackLimit;
665 PVOID AllocatedStackBase;
666 } INITIAL_TEB, *PINITIAL_TEB;
667
668 //
669 // TEB Active Frame Structures
670 //
671 typedef struct _TEB_ACTIVE_FRAME_CONTEXT
672 {
673 ULONG Flags;
674 LPSTR FrameName;
675 } TEB_ACTIVE_FRAME_CONTEXT, *PTEB_ACTIVE_FRAME_CONTEXT;
676
677 typedef struct _TEB_ACTIVE_FRAME
678 {
679 ULONG Flags;
680 struct _TEB_ACTIVE_FRAME *Previous;
681 PTEB_ACTIVE_FRAME_CONTEXT Context;
682 } TEB_ACTIVE_FRAME, *PTEB_ACTIVE_FRAME;
683
684 typedef struct _CLIENT_ID32
685 {
686 ULONG UniqueProcess;
687 ULONG UniqueThread;
688 } CLIENT_ID32, *PCLIENT_ID32;
689
690 typedef struct _CLIENT_ID64
691 {
692 ULONG64 UniqueProcess;
693 ULONG64 UniqueThread;
694 } CLIENT_ID64, *PCLIENT_ID64;
695
696 #if (NTDDI_VERSION < NTDDI_WS03)
697 typedef struct _Wx86ThreadState
698 {
699 PULONG CallBx86Eip;
700 PVOID DeallocationCpu;
701 BOOLEAN UseKnownWx86Dll;
702 CHAR OleStubInvoked;
703 } Wx86ThreadState, *PWx86ThreadState;
704 #endif
705
706
707 //
708 // Process Environment Block (PEB)
709 // Thread Environment Block (TEB)
710 //
711 #include "peb_teb.h"
712
713 #ifdef _WIN64
714 //
715 // Explicit 32 bit PEB/TEB
716 //
717 #define EXPLICIT_32BIT
718 #include "peb_teb.h"
719 #undef EXPLICIT_32BIT
720
721 //
722 // Explicit 64 bit PEB/TEB
723 //
724 #define EXPLICIT_64BIT
725 #include "peb_teb.h"
726 #undef EXPLICIT_64BIT
727 #endif
728
729 #ifdef NTOS_MODE_USER
730
731 //
732 // Process Information Structures for NtQueryProcessInformation
733 //
734 typedef struct _PROCESS_BASIC_INFORMATION
735 {
736 NTSTATUS ExitStatus;
737 PPEB PebBaseAddress;
738 ULONG_PTR AffinityMask;
739 KPRIORITY BasePriority;
740 ULONG_PTR UniqueProcessId;
741 ULONG_PTR InheritedFromUniqueProcessId;
742 } PROCESS_BASIC_INFORMATION, *PPROCESS_BASIC_INFORMATION;
743
744 typedef struct _PROCESS_ACCESS_TOKEN
745 {
746 HANDLE Token;
747 HANDLE Thread;
748 } PROCESS_ACCESS_TOKEN, *PPROCESS_ACCESS_TOKEN;
749
750 typedef struct _PROCESS_DEVICEMAP_INFORMATION
751 {
752 union
753 {
754 struct
755 {
756 HANDLE DirectoryHandle;
757 } Set;
758 struct
759 {
760 ULONG DriveMap;
761 UCHAR DriveType[32];
762 } Query;
763 };
764 } PROCESS_DEVICEMAP_INFORMATION, *PPROCESS_DEVICEMAP_INFORMATION;
765
766 typedef struct _KERNEL_USER_TIMES
767 {
768 LARGE_INTEGER CreateTime;
769 LARGE_INTEGER ExitTime;
770 LARGE_INTEGER KernelTime;
771 LARGE_INTEGER UserTime;
772 } KERNEL_USER_TIMES, *PKERNEL_USER_TIMES;
773
774 typedef struct _POOLED_USAGE_AND_LIMITS
775 {
776 SIZE_T PeakPagedPoolUsage;
777 SIZE_T PagedPoolUsage;
778 SIZE_T PagedPoolLimit;
779 SIZE_T PeakNonPagedPoolUsage;
780 SIZE_T NonPagedPoolUsage;
781 SIZE_T NonPagedPoolLimit;
782 SIZE_T PeakPagefileUsage;
783 SIZE_T PagefileUsage;
784 SIZE_T PagefileLimit;
785 } POOLED_USAGE_AND_LIMITS, *PPOOLED_USAGE_AND_LIMITS;
786
787 typedef struct _PROCESS_SESSION_INFORMATION
788 {
789 ULONG SessionId;
790 } PROCESS_SESSION_INFORMATION, *PPROCESS_SESSION_INFORMATION;
791
792 #endif
793
794 typedef struct _PROCESS_PRIORITY_CLASS
795 {
796 BOOLEAN Foreground;
797 UCHAR PriorityClass;
798 } PROCESS_PRIORITY_CLASS, *PPROCESS_PRIORITY_CLASS;
799
800 typedef struct _PROCESS_FOREGROUND_BACKGROUND
801 {
802 BOOLEAN Foreground;
803 } PROCESS_FOREGROUND_BACKGROUND, *PPROCESS_FOREGROUND_BACKGROUND;
804
805 //
806 // Thread Information Structures for NtQueryProcessInformation
807 //
808 typedef struct _THREAD_BASIC_INFORMATION
809 {
810 NTSTATUS ExitStatus;
811 PVOID TebBaseAddress;
812 CLIENT_ID ClientId;
813 KAFFINITY AffinityMask;
814 KPRIORITY Priority;
815 KPRIORITY BasePriority;
816 } THREAD_BASIC_INFORMATION, *PTHREAD_BASIC_INFORMATION;
817
818 #ifndef NTOS_MODE_USER
819
820 //
821 // Job Set Array
822 //
823 typedef struct _JOB_SET_ARRAY
824 {
825 HANDLE JobHandle;
826 ULONG MemberLevel;
827 ULONG Flags;
828 } JOB_SET_ARRAY, *PJOB_SET_ARRAY;
829
830 //
831 // EPROCESS Quota Structures
832 //
833 typedef struct _EPROCESS_QUOTA_ENTRY
834 {
835 SIZE_T Usage;
836 SIZE_T Limit;
837 SIZE_T Peak;
838 SIZE_T Return;
839 } EPROCESS_QUOTA_ENTRY, *PEPROCESS_QUOTA_ENTRY;
840
841 typedef struct _EPROCESS_QUOTA_BLOCK
842 {
843 EPROCESS_QUOTA_ENTRY QuotaEntry[3];
844 LIST_ENTRY QuotaList;
845 ULONG ReferenceCount;
846 ULONG ProcessCount;
847 } EPROCESS_QUOTA_BLOCK, *PEPROCESS_QUOTA_BLOCK;
848
849 //
850 // Process Pagefault History
851 //
852 typedef struct _PAGEFAULT_HISTORY
853 {
854 ULONG CurrentIndex;
855 ULONG MapIndex;
856 KSPIN_LOCK SpinLock;
857 PVOID Reserved;
858 PROCESS_WS_WATCH_INFORMATION WatchInfo[1];
859 } PAGEFAULT_HISTORY, *PPAGEFAULT_HISTORY;
860
861 //
862 // Process Impersonation Information
863 //
864 typedef struct _PS_IMPERSONATION_INFORMATION
865 {
866 PACCESS_TOKEN Token;
867 BOOLEAN CopyOnOpen;
868 BOOLEAN EffectiveOnly;
869 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
870 } PS_IMPERSONATION_INFORMATION, *PPS_IMPERSONATION_INFORMATION;
871
872 //
873 // Process Termination Port
874 //
875 typedef struct _TERMINATION_PORT
876 {
877 struct _TERMINATION_PORT *Next;
878 PVOID Port;
879 } TERMINATION_PORT, *PTERMINATION_PORT;
880
881 //
882 // Per-Process APC Rate Limiting
883 //
884 typedef struct _PSP_RATE_APC
885 {
886 union
887 {
888 SINGLE_LIST_ENTRY NextApc;
889 ULONGLONG ExcessCycles;
890 };
891 ULONGLONG TargetGEneration;
892 KAPC RateApc;
893 } PSP_RATE_APC, *PPSP_RATE_APC;
894
895 //
896 // Executive Thread (ETHREAD)
897 //
898 typedef struct _ETHREAD
899 {
900 KTHREAD Tcb;
901 LARGE_INTEGER CreateTime;
902 union
903 {
904 LARGE_INTEGER ExitTime;
905 LIST_ENTRY LpcReplyChain;
906 LIST_ENTRY KeyedWaitChain;
907 };
908 union
909 {
910 NTSTATUS ExitStatus;
911 PVOID OfsChain;
912 };
913 LIST_ENTRY PostBlockList;
914 union
915 {
916 struct _TERMINATION_PORT *TerminationPort;
917 struct _ETHREAD *ReaperLink;
918 PVOID KeyedWaitValue;
919 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
920 PVOID Win32StartParameter;
921 #endif
922 };
923 KSPIN_LOCK ActiveTimerListLock;
924 LIST_ENTRY ActiveTimerListHead;
925 CLIENT_ID Cid;
926 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
927 KSEMAPHORE KeyedWaitSemaphore;
928 #else
929 union
930 {
931 KSEMAPHORE LpcReplySemaphore;
932 KSEMAPHORE KeyedWaitSemaphore;
933 };
934 union
935 {
936 PVOID LpcReplyMessage;
937 PVOID LpcWaitingOnPort;
938 };
939 #endif
940 PPS_IMPERSONATION_INFORMATION ImpersonationInfo;
941 LIST_ENTRY IrpList;
942 ULONG_PTR TopLevelIrp;
943 PDEVICE_OBJECT DeviceToVerify;
944 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
945 PPSP_RATE_APC RateControlApc;
946 #else
947 struct _EPROCESS *ThreadsProcess;
948 #endif
949 PVOID Win32StartAddress;
950 union
951 {
952 PKSTART_ROUTINE StartAddress;
953 ULONG LpcReceivedMessageId;
954 };
955 LIST_ENTRY ThreadListEntry;
956 EX_RUNDOWN_REF RundownProtect;
957 EX_PUSH_LOCK ThreadLock;
958 #if (NTDDI_VERSION < NTDDI_LONGHORN)
959 ULONG LpcReplyMessageId;
960 #endif
961 ULONG ReadClusterSize;
962 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
963 ULONG SpareUlong0;
964 #else
965 ACCESS_MASK GrantedAccess;
966 #endif
967 union
968 {
969 struct
970 {
971 ULONG Terminated:1;
972 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
973 ULONG ThreadInserted:1;
974 #else
975 ULONG DeadThread:1;
976 #endif
977 ULONG HideFromDebugger:1;
978 ULONG ActiveImpersonationInfo:1;
979 ULONG SystemThread:1;
980 ULONG HardErrorsAreDisabled:1;
981 ULONG BreakOnTermination:1;
982 ULONG SkipCreationMsg:1;
983 ULONG SkipTerminationMsg:1;
984 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
985 ULONG CreateMsgSent:1;
986 ULONG ThreadIoPriority:3;
987 ULONG ThreadPagePriority:3;
988 ULONG PendingRatecontrol:1;
989 #endif
990 };
991 ULONG CrossThreadFlags;
992 };
993 union
994 {
995 struct
996 {
997 ULONG ActiveExWorker:1;
998 ULONG ExWorkerCanWaitUser:1;
999 ULONG MemoryMaker:1;
1000 ULONG KeyedEventInUse:1;
1001 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1002 ULONG RateApcState:2;
1003 #endif
1004 };
1005 ULONG SameThreadPassiveFlags;
1006 };
1007 union
1008 {
1009 struct
1010 {
1011 ULONG LpcReceivedMsgIdValid:1;
1012 ULONG LpcExitThreadCalled:1;
1013 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1014 ULONG Spare:1;
1015 #else
1016 ULONG AddressSpaceOwner:1;
1017 #endif
1018 ULONG OwnsProcessWorkingSetExclusive:1;
1019 ULONG OwnsProcessWorkingSetShared:1;
1020 ULONG OwnsSystemWorkingSetExclusive:1;
1021 ULONG OwnsSystemWorkingSetShared:1;
1022 ULONG OwnsSessionWorkingSetExclusive:1;
1023 ULONG OwnsSessionWorkingSetShared:1;
1024 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1025 ULONG SupressSymbolLoad:1;
1026 ULONG Spare1:3;
1027 ULONG PriorityRegionActive:4;
1028 #else
1029 ULONG ApcNeeded:1;
1030 #endif
1031 };
1032 ULONG SameThreadApcFlags;
1033 };
1034 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1035 UCHAR CacheManagerActive;
1036 #else
1037 UCHAR ForwardClusterOnly;
1038 #endif
1039 UCHAR DisablePageFaultClustering;
1040 UCHAR ActiveFaultCount;
1041 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1042 ULONG AlpcMessageId;
1043 union
1044 {
1045 PVOID AlpcMessage;
1046 ULONG AlpcReceiveAttributeSet;
1047 };
1048 LIST_ENTRY AlpcWaitListEntry;
1049 KSEMAPHORE AlpcWaitSemaphore;
1050 ULONG CacheManagerCount;
1051 #endif
1052 } ETHREAD;
1053
1054 //
1055 // Executive Process (EPROCESS)
1056 //
1057 typedef struct _EPROCESS
1058 {
1059 KPROCESS Pcb;
1060 EX_PUSH_LOCK ProcessLock;
1061 LARGE_INTEGER CreateTime;
1062 LARGE_INTEGER ExitTime;
1063 EX_RUNDOWN_REF RundownProtect;
1064 HANDLE UniqueProcessId;
1065 LIST_ENTRY ActiveProcessLinks;
1066 SIZE_T QuotaUsage[3]; /* 0=PagedPool, 1=NonPagedPool, 2=Pagefile */
1067 SIZE_T QuotaPeak[3]; /* ditto */
1068 SIZE_T CommitCharge;
1069 SIZE_T PeakVirtualSize;
1070 SIZE_T VirtualSize;
1071 LIST_ENTRY SessionProcessLinks;
1072 PVOID DebugPort;
1073 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1074 union
1075 {
1076 PVOID ExceptionPortData;
1077 ULONG ExceptionPortValue;
1078 UCHAR ExceptionPortState:3;
1079 };
1080 #else
1081 PVOID ExceptionPort;
1082 #endif
1083 PHANDLE_TABLE ObjectTable;
1084 EX_FAST_REF Token;
1085 PFN_NUMBER WorkingSetPage;
1086 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1087 EX_PUSH_LOCK AddressCreationLock;
1088 PETHREAD RotateInProgress;
1089 #else
1090 KGUARDED_MUTEX AddressCreationLock;
1091 KSPIN_LOCK HyperSpaceLock;
1092 #endif
1093 PETHREAD ForkInProgress;
1094 ULONG_PTR HardwareTrigger;
1095 PMM_AVL_TABLE PhysicalVadRoot;
1096 PVOID CloneRoot;
1097 PFN_NUMBER NumberOfPrivatePages;
1098 PFN_NUMBER NumberOfLockedPages;
1099 PVOID *Win32Process;
1100 struct _EJOB *Job;
1101 PVOID SectionObject;
1102 PVOID SectionBaseAddress;
1103 PEPROCESS_QUOTA_BLOCK QuotaBlock;
1104 PPAGEFAULT_HISTORY WorkingSetWatch;
1105 PVOID Win32WindowStation;
1106 HANDLE InheritedFromUniqueProcessId;
1107 PVOID LdtInformation;
1108 PVOID VadFreeHint;
1109 PVOID VdmObjects;
1110 PVOID DeviceMap;
1111 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1112 PVOID EtwDataSource;
1113 PVOID FreeTebHint;
1114 #else
1115 PVOID Spare0[3];
1116 #endif
1117 union
1118 {
1119 HARDWARE_PTE PageDirectoryPte;
1120 ULONGLONG Filler;
1121 };
1122 PVOID Session;
1123 CHAR ImageFileName[16];
1124 LIST_ENTRY JobLinks;
1125 PVOID LockedPagesList;
1126 LIST_ENTRY ThreadListHead;
1127 PVOID SecurityPort;
1128 #ifdef _M_AMD64
1129 struct _WOW64_PROCESS *Wow64Process;
1130 #else
1131 PVOID PaeTop;
1132 #endif
1133 ULONG ActiveThreads;
1134 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1135 ULONG ImagePathHash;
1136 #else
1137 ACCESS_MASK GrantedAccess;
1138 #endif
1139 ULONG DefaultHardErrorProcessing;
1140 NTSTATUS LastThreadExitStatus;
1141 struct _PEB* Peb;
1142 EX_FAST_REF PrefetchTrace;
1143 LARGE_INTEGER ReadOperationCount;
1144 LARGE_INTEGER WriteOperationCount;
1145 LARGE_INTEGER OtherOperationCount;
1146 LARGE_INTEGER ReadTransferCount;
1147 LARGE_INTEGER WriteTransferCount;
1148 LARGE_INTEGER OtherTransferCount;
1149 SIZE_T CommitChargeLimit;
1150 SIZE_T CommitChargePeak;
1151 PVOID AweInfo;
1152 SE_AUDIT_PROCESS_CREATION_INFO SeAuditProcessCreationInfo;
1153 MMSUPPORT Vm;
1154 #ifdef _M_AMD64
1155 ULONG Spares[2];
1156 #else
1157 LIST_ENTRY MmProcessLinks;
1158 #endif
1159 ULONG ModifiedPageCount;
1160 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1161 union
1162 {
1163 struct
1164 {
1165 ULONG JobNotReallyActive:1;
1166 ULONG AccountingFolded:1;
1167 ULONG NewProcessReported:1;
1168 ULONG ExitProcessReported:1;
1169 ULONG ReportCommitChanges:1;
1170 ULONG LastReportMemory:1;
1171 ULONG ReportPhysicalPageChanges:1;
1172 ULONG HandleTableRundown:1;
1173 ULONG NeedsHandleRundown:1;
1174 ULONG RefTraceEnabled:1;
1175 ULONG NumaAware:1;
1176 ULONG ProtectedProcess:1;
1177 ULONG DefaultPagePriority:3;
1178 ULONG ProcessDeleteSelf:1;
1179 ULONG ProcessVerifierTarget:1;
1180 };
1181 ULONG Flags2;
1182 };
1183 #else
1184 ULONG JobStatus;
1185 #endif
1186 union
1187 {
1188 struct
1189 {
1190 ULONG CreateReported:1;
1191 ULONG NoDebugInherit:1;
1192 ULONG ProcessExiting:1;
1193 ULONG ProcessDelete:1;
1194 ULONG Wow64SplitPages:1;
1195 ULONG VmDeleted:1;
1196 ULONG OutswapEnabled:1;
1197 ULONG Outswapped:1;
1198 ULONG ForkFailed:1;
1199 ULONG Wow64VaSpace4Gb:1;
1200 ULONG AddressSpaceInitialized:2;
1201 ULONG SetTimerResolution:1;
1202 ULONG BreakOnTermination:1;
1203 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1204 ULONG DeprioritizeViews:1;
1205 #else
1206 ULONG SessionCreationUnderway:1;
1207 #endif
1208 ULONG WriteWatch:1;
1209 ULONG ProcessInSession:1;
1210 ULONG OverrideAddressSpace:1;
1211 ULONG HasAddressSpace:1;
1212 ULONG LaunchPrefetched:1;
1213 ULONG InjectInpageErrors:1;
1214 ULONG VmTopDown:1;
1215 ULONG ImageNotifyDone:1;
1216 ULONG PdeUpdateNeeded:1;
1217 ULONG VdmAllowed:1;
1218 ULONG SmapAllowed:1;
1219 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1220 ULONG ProcessInserted:1;
1221 #else
1222 ULONG CreateFailed:1;
1223 #endif
1224 ULONG DefaultIoPriority:3;
1225 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1226 ULONG SparePsFlags1:2;
1227 #else
1228 ULONG Spare1:1;
1229 ULONG Spare2:1;
1230 #endif
1231 };
1232 ULONG Flags;
1233 };
1234 NTSTATUS ExitStatus;
1235 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1236 USHORT Spare7;
1237 #else
1238 USHORT NextPageColor;
1239 #endif
1240 union
1241 {
1242 struct
1243 {
1244 UCHAR SubSystemMinorVersion;
1245 UCHAR SubSystemMajorVersion;
1246 };
1247 USHORT SubSystemVersion;
1248 };
1249 UCHAR PriorityClass;
1250 MM_AVL_TABLE VadRoot;
1251 ULONG Cookie;
1252 } EPROCESS;
1253
1254 //
1255 // Job Token Filter Data
1256 //
1257 #include <pshpack1.h>
1258 typedef struct _PS_JOB_TOKEN_FILTER
1259 {
1260 ULONG CapturedSidCount;
1261 PSID_AND_ATTRIBUTES CapturedSids;
1262 ULONG CapturedSidsLength;
1263 ULONG CapturedGroupCount;
1264 PSID_AND_ATTRIBUTES CapturedGroups;
1265 ULONG CapturedGroupsLength;
1266 ULONG CapturedPrivilegeCount;
1267 PLUID_AND_ATTRIBUTES CapturedPrivileges;
1268 ULONG CapturedPrivilegesLength;
1269 } PS_JOB_TOKEN_FILTER, *PPS_JOB_TOKEN_FILTER;
1270
1271 //
1272 // Executive Job (EJOB)
1273 //
1274 typedef struct _EJOB
1275 {
1276 KEVENT Event;
1277 LIST_ENTRY JobLinks;
1278 LIST_ENTRY ProcessListHead;
1279 ERESOURCE JobLock;
1280 LARGE_INTEGER TotalUserTime;
1281 LARGE_INTEGER TotalKernelTime;
1282 LARGE_INTEGER ThisPeriodTotalUserTime;
1283 LARGE_INTEGER ThisPeriodTotalKernelTime;
1284 ULONG TotalPageFaultCount;
1285 ULONG TotalProcesses;
1286 ULONG ActiveProcesses;
1287 ULONG TotalTerminatedProcesses;
1288 LARGE_INTEGER PerProcessUserTimeLimit;
1289 LARGE_INTEGER PerJobUserTimeLimit;
1290 ULONG LimitFlags;
1291 ULONG MinimumWorkingSetSize;
1292 ULONG MaximumWorkingSetSize;
1293 ULONG ActiveProcessLimit;
1294 ULONG Affinity;
1295 UCHAR PriorityClass;
1296 ULONG UIRestrictionsClass;
1297 ULONG SecurityLimitFlags;
1298 PVOID Token;
1299 PPS_JOB_TOKEN_FILTER Filter;
1300 ULONG EndOfJobTimeAction;
1301 PVOID CompletionPort;
1302 PVOID CompletionKey;
1303 ULONG SessionId;
1304 ULONG SchedulingClass;
1305 ULONGLONG ReadOperationCount;
1306 ULONGLONG WriteOperationCount;
1307 ULONGLONG OtherOperationCount;
1308 ULONGLONG ReadTransferCount;
1309 ULONGLONG WriteTransferCount;
1310 ULONGLONG OtherTransferCount;
1311 IO_COUNTERS IoInfo;
1312 ULONG ProcessMemoryLimit;
1313 ULONG JobMemoryLimit;
1314 ULONG PeakProcessMemoryUsed;
1315 ULONG PeakJobMemoryUsed;
1316 ULONG CurrentJobMemoryUsed;
1317 #if (NTDDI_VERSION >= NTDDI_WINXP) && (NTDDI_VERSION < NTDDI_WS03)
1318 FAST_MUTEX MemoryLimitsLock;
1319 #elif (NTDDI_VERSION >= NTDDI_WS03) && (NTDDI_VERSION < NTDDI_LONGHORN)
1320 KGUARDED_MUTEX MemoryLimitsLock;
1321 #elif (NTDDI_VERSION >= NTDDI_LONGHORN)
1322 EX_PUSH_LOCK MemoryLimitsLock;
1323 #endif
1324 LIST_ENTRY JobSetLinks;
1325 ULONG MemberLevel;
1326 ULONG JobFlags;
1327 } EJOB, *PEJOB;
1328 #include <poppack.h>
1329
1330 //
1331 // Win32K Callback Registration Data
1332 //
1333 typedef struct _WIN32_POWEREVENT_PARAMETERS
1334 {
1335 PSPOWEREVENTTYPE EventNumber;
1336 ULONG Code;
1337 } WIN32_POWEREVENT_PARAMETERS, *PWIN32_POWEREVENT_PARAMETERS;
1338
1339 typedef struct _WIN32_POWERSTATE_PARAMETERS
1340 {
1341 UCHAR Promotion;
1342 POWER_ACTION SystemAction;
1343 SYSTEM_POWER_STATE MinSystemState;
1344 ULONG Flags;
1345 POWERSTATETASK PowerStateTask;
1346 } WIN32_POWERSTATE_PARAMETERS, *PWIN32_POWERSTATE_PARAMETERS;
1347
1348 typedef struct _WIN32_JOBCALLOUT_PARAMETERS
1349 {
1350 PVOID Job;
1351 PSW32JOBCALLOUTTYPE CalloutType;
1352 PVOID Data;
1353 } WIN32_JOBCALLOUT_PARAMETERS, *PWIN32_JOBCALLOUT_PARAMETERS;
1354
1355 typedef struct _WIN32_OPENMETHOD_PARAMETERS
1356 {
1357 OB_OPEN_REASON OpenReason;
1358 PEPROCESS Process;
1359 PVOID Object;
1360 ULONG GrantedAccess;
1361 ULONG HandleCount;
1362 } WIN32_OPENMETHOD_PARAMETERS, *PWIN32_OPENMETHOD_PARAMETERS;
1363
1364 typedef struct _WIN32_OKAYTOCLOSEMETHOD_PARAMETERS
1365 {
1366 PEPROCESS Process;
1367 PVOID Object;
1368 HANDLE Handle;
1369 KPROCESSOR_MODE PreviousMode;
1370 } WIN32_OKAYTOCLOSEMETHOD_PARAMETERS, *PWIN32_OKAYTOCLOSEMETHOD_PARAMETERS;
1371
1372 typedef struct _WIN32_CLOSEMETHOD_PARAMETERS
1373 {
1374 PEPROCESS Process;
1375 PVOID Object;
1376 ACCESS_MASK AccessMask;
1377 ULONG ProcessHandleCount;
1378 ULONG SystemHandleCount;
1379 } WIN32_CLOSEMETHOD_PARAMETERS, *PWIN32_CLOSEMETHOD_PARAMETERS;
1380
1381 typedef struct _WIN32_DELETEMETHOD_PARAMETERS
1382 {
1383 PVOID Object;
1384 } WIN32_DELETEMETHOD_PARAMETERS, *PWIN32_DELETEMETHOD_PARAMETERS;
1385
1386 typedef struct _WIN32_PARSEMETHOD_PARAMETERS
1387 {
1388 PVOID ParseObject;
1389 PVOID ObjectType;
1390 PACCESS_STATE AccessState;
1391 KPROCESSOR_MODE AccessMode;
1392 ULONG Attributes;
1393 _Out_ PUNICODE_STRING CompleteName;
1394 PUNICODE_STRING RemainingName;
1395 PVOID Context;
1396 PSECURITY_QUALITY_OF_SERVICE SecurityQos;
1397 PVOID *Object;
1398 } WIN32_PARSEMETHOD_PARAMETERS, *PWIN32_PARSEMETHOD_PARAMETERS;
1399
1400 typedef struct _WIN32_CALLOUTS_FPNS
1401 {
1402 PKWIN32_PROCESS_CALLOUT ProcessCallout;
1403 PKWIN32_THREAD_CALLOUT ThreadCallout;
1404 PKWIN32_GLOBALATOMTABLE_CALLOUT GlobalAtomTableCallout;
1405 PKWIN32_POWEREVENT_CALLOUT PowerEventCallout;
1406 PKWIN32_POWERSTATE_CALLOUT PowerStateCallout;
1407 PKWIN32_JOB_CALLOUT JobCallout;
1408 PGDI_BATCHFLUSH_ROUTINE BatchFlushRoutine;
1409 PKWIN32_OPENMETHOD_CALLOUT DesktopOpenProcedure;
1410 PKWIN32_OKTOCLOSEMETHOD_CALLOUT DesktopOkToCloseProcedure;
1411 PKWIN32_CLOSEMETHOD_CALLOUT DesktopCloseProcedure;
1412 PKWIN32_DELETEMETHOD_CALLOUT DesktopDeleteProcedure;
1413 PKWIN32_OKTOCLOSEMETHOD_CALLOUT WindowStationOkToCloseProcedure;
1414 PKWIN32_CLOSEMETHOD_CALLOUT WindowStationCloseProcedure;
1415 PKWIN32_DELETEMETHOD_CALLOUT WindowStationDeleteProcedure;
1416 PKWIN32_PARSEMETHOD_CALLOUT WindowStationParseProcedure;
1417 PKWIN32_OPENMETHOD_CALLOUT WindowStationOpenProcedure;
1418 PKWIN32_WIN32DATACOLLECTION_CALLOUT Win32DataCollectionProcedure;
1419 } WIN32_CALLOUTS_FPNS, *PWIN32_CALLOUTS_FPNS;
1420
1421 #endif // !NTOS_MODE_USER
1422
1423 #ifdef __cplusplus
1424 }; // extern "C"
1425 #endif
1426
1427 #endif // _PSTYPES_H
A free Windows-compatible Operating System