3 Copyright (c) Alex Ionescu. All rights reserved.
11 Type definitions for the Process Manager
15 Alex Ionescu (alexi@tinykrnl.org) - Updated - 27-Feb-2006
30 #ifndef NTOS_MODE_USER
36 // KUSER_SHARED_DATA location in User Mode
38 #define USER_SHARED_DATA (0x7FFE0000)
43 #define FLG_STOP_ON_EXCEPTION 0x00000001
44 #define FLG_SHOW_LDR_SNAPS 0x00000002
45 #define FLG_DEBUG_INITIAL_COMMAND 0x00000004
46 #define FLG_STOP_ON_HUNG_GUI 0x00000008
47 #define FLG_HEAP_ENABLE_TAIL_CHECK 0x00000010
48 #define FLG_HEAP_ENABLE_FREE_CHECK 0x00000020
49 #define FLG_HEAP_VALIDATE_PARAMETERS 0x00000040
50 #define FLG_HEAP_VALIDATE_ALL 0x00000080
51 #define FLG_POOL_ENABLE_TAIL_CHECK 0x00000100
52 #define FLG_POOL_ENABLE_FREE_CHECK 0x00000200
53 #define FLG_POOL_ENABLE_TAGGING 0x00000400
54 #define FLG_HEAP_ENABLE_TAGGING 0x00000800
55 #define FLG_USER_STACK_TRACE_DB 0x00001000
56 #define FLG_KERNEL_STACK_TRACE_DB 0x00002000
57 #define FLG_MAINTAIN_OBJECT_TYPELIST 0x00004000
58 #define FLG_HEAP_ENABLE_TAG_BY_DLL 0x00008000
59 #define FLG_IGNORE_DEBUG_PRIV 0x00010000
60 #define FLG_ENABLE_CSRDEBUG 0x00020000
61 #define FLG_ENABLE_KDEBUG_SYMBOL_LOAD 0x00040000
62 #define FLG_DISABLE_PAGE_KERNEL_STACKS 0x00080000
63 #if (NTDDI_VERSION < NTDDI_WINXP)
64 #define FLG_HEAP_ENABLE_CALL_TRACING 0x00100000
66 #define FLG_ENABLE_SYSTEM_CRIT_BREAKS 0x00100000
68 #define FLG_HEAP_DISABLE_COALESCING 0x00200000
69 #define FLG_ENABLE_CLOSE_EXCEPTIONS 0x00400000
70 #define FLG_ENABLE_EXCEPTION_LOGGING 0x00800000
71 #define FLG_ENABLE_HANDLE_TYPE_TAGGING 0x01000000
72 #define FLG_HEAP_PAGE_ALLOCS 0x02000000
73 #define FLG_DEBUG_INITIAL_COMMAND_EX 0x04000000
74 #define FLG_VALID_BITS 0x07FFFFFF
77 // Process priority classes
79 #define PROCESS_PRIORITY_CLASS_INVALID 0
80 #define PROCESS_PRIORITY_CLASS_IDLE 1
81 #define PROCESS_PRIORITY_CLASS_NORMAL 2
82 #define PROCESS_PRIORITY_CLASS_HIGH 3
83 #define PROCESS_PRIORITY_CLASS_REALTIME 4
84 #define PROCESS_PRIORITY_CLASS_BELOW_NORMAL 5
85 #define PROCESS_PRIORITY_CLASS_ABOVE_NORMAL 6
88 // NtCreateProcessEx flags
90 #define PS_REQUEST_BREAKAWAY 1
91 #define PS_NO_DEBUG_INHERIT 2
92 #define PS_INHERIT_HANDLES 4
93 #define PS_LARGE_PAGES 8
94 #define PS_ALL_FLAGS (PS_REQUEST_BREAKAWAY | \
95 PS_NO_DEBUG_INHERIT | \
96 PS_INHERIT_HANDLES | \
100 // Process base priorities
102 #define PROCESS_PRIORITY_IDLE 3
103 #define PROCESS_PRIORITY_NORMAL 8
104 #define PROCESS_PRIORITY_NORMAL_FOREGROUND 9
107 // Process memory priorities
109 #define MEMORY_PRIORITY_BACKGROUND 0
110 #define MEMORY_PRIORITY_UNKNOWN 1
111 #define MEMORY_PRIORITY_FOREGROUND 2
114 // Process Priority Separation Values (OR)
116 #define PSP_VARIABLE_QUANTUMS 4
117 #define PSP_LONG_QUANTUMS 16
119 #ifndef NTOS_MODE_USER
121 // Thread Access Types
123 #define THREAD_QUERY_INFORMATION 0x0040
124 #define THREAD_SET_THREAD_TOKEN 0x0080
125 #define THREAD_IMPERSONATE 0x0100
126 #define THREAD_DIRECT_IMPERSONATION 0x0200
129 // Process Access Types
131 #define PROCESS_TERMINATE 0x0001
132 #define PROCESS_CREATE_THREAD 0x0002
133 #define PROCESS_SET_SESSIONID 0x0004
134 #define PROCESS_VM_OPERATION 0x0008
135 #define PROCESS_VM_READ 0x0010
136 #define PROCESS_VM_WRITE 0x0020
137 #define PROCESS_CREATE_PROCESS 0x0080
138 #define PROCESS_SET_QUOTA 0x0100
139 #define PROCESS_SET_INFORMATION 0x0200
140 #define PROCESS_QUERY_INFORMATION 0x0400
141 #define PROCESS_SUSPEND_RESUME 0x0800
142 #define PROCESS_QUERY_LIMITED_INFORMATION 0x1000
143 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
144 #define PROCESS_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | \
148 #define PROCESS_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | \
154 // Thread Base Priorities
156 #define THREAD_BASE_PRIORITY_LOWRT 15
157 #define THREAD_BASE_PRIORITY_MAX 2
158 #define THREAD_BASE_PRIORITY_MIN -2
159 #define THREAD_BASE_PRIORITY_IDLE -15
164 #define TLS_MINIMUM_AVAILABLE 64
169 #define JOB_OBJECT_ASSIGN_PROCESS 0x1
170 #define JOB_OBJECT_SET_ATTRIBUTES 0x2
171 #define JOB_OBJECT_QUERY 0x4
172 #define JOB_OBJECT_TERMINATE 0x8
173 #define JOB_OBJECT_SET_SECURITY_ATTRIBUTES 0x10
174 #define JOB_OBJECT_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | \
181 #define JOB_OBJECT_LIMIT_WORKINGSET 0x1
182 #define JOB_OBJECT_LIMIT_PROCESS_TIME 0x2
183 #define JOB_OBJECT_LIMIT_JOB_TIME 0x4
184 #define JOB_OBJECT_LIMIT_ACTIVE_PROCESS 0x8
185 #define JOB_OBJECT_LIMIT_AFFINITY 0x10
186 #define JOB_OBJECT_LIMIT_PRIORITY_CLASS 0x20
187 #define JOB_OBJECT_LIMIT_PRESERVE_JOB_TIME 0x40
188 #define JOB_OBJECT_LIMIT_SCHEDULING_CLASS 0x80
189 #define JOB_OBJECT_LIMIT_PROCESS_MEMORY 0x100
190 #define JOB_OBJECT_LIMIT_JOB_MEMORY 0x200
191 #define JOB_OBJECT_LIMIT_DIE_ON_UNHANDLED_EXCEPTION 0x400
192 #define JOB_OBJECT_LIMIT_BREAKAWAY_OK 0x800
193 #define JOB_OBJECT_LIMIT_SILENT_BREAKAWAY_OK 0x1000
194 #define JOB_OBJECT_LIMIT_KILL_ON_JOB_CLOSE 0x2000
197 // Cross Thread Flags
199 #define CT_TERMINATED_BIT 0x1
200 #define CT_DEAD_THREAD_BIT 0x2
201 #define CT_HIDE_FROM_DEBUGGER_BIT 0x4
202 #define CT_ACTIVE_IMPERSONATION_INFO_BIT 0x8
203 #define CT_SYSTEM_THREAD_BIT 0x10
204 #define CT_HARD_ERRORS_ARE_DISABLED_BIT 0x20
205 #define CT_BREAK_ON_TERMINATION_BIT 0x40
206 #define CT_SKIP_CREATION_MSG_BIT 0x80
207 #define CT_SKIP_TERMINATION_MSG_BIT 0x100
210 // Same Thread Passive Flags
212 #define STP_ACTIVE_EX_WORKER_BIT 0x1
213 #define STP_EX_WORKER_CAN_WAIT_USER_BIT 0x2
214 #define STP_MEMORY_MAKER_BIT 0x4
215 #define STP_KEYED_EVENT_IN_USE_BIT 0x8
218 // Same Thread APC Flags
220 #define STA_LPC_RECEIVED_MSG_ID_VALID_BIT 0x1
221 #define STA_LPC_EXIT_THREAD_CALLED_BIT 0x2
222 #define STA_ADDRESS_SPACE_OWNER_BIT 0x4
223 #define STA_OWNS_WORKING_SET_BITS 0x1F8
228 #define PSF_CREATE_REPORTED_BIT 0x1
229 #define PSF_NO_DEBUG_INHERIT_BIT 0x2
230 #define PSF_PROCESS_EXITING_BIT 0x4
231 #define PSF_PROCESS_DELETE_BIT 0x8
232 #define PSF_WOW64_SPLIT_PAGES_BIT 0x10
233 #define PSF_VM_DELETED_BIT 0x20
234 #define PSF_OUTSWAP_ENABLED_BIT 0x40
235 #define PSF_OUTSWAPPED_BIT 0x80
236 #define PSF_FORK_FAILED_BIT 0x100
237 #define PSF_WOW64_VA_SPACE_4GB_BIT 0x200
238 #define PSF_ADDRESS_SPACE_INITIALIZED_BIT 0x400
239 #define PSF_SET_TIMER_RESOLUTION_BIT 0x1000
240 #define PSF_BREAK_ON_TERMINATION_BIT 0x2000
241 #define PSF_SESSION_CREATION_UNDERWAY_BIT 0x4000
242 #define PSF_WRITE_WATCH_BIT 0x8000
243 #define PSF_PROCESS_IN_SESSION_BIT 0x10000
244 #define PSF_OVERRIDE_ADDRESS_SPACE_BIT 0x20000
245 #define PSF_HAS_ADDRESS_SPACE_BIT 0x40000
246 #define PSF_LAUNCH_PREFETCHED_BIT 0x80000
247 #define PSF_INJECT_INPAGE_ERRORS_BIT 0x100000
248 #define PSF_VM_TOP_DOWN_BIT 0x200000
249 #define PSF_IMAGE_NOTIFY_DONE_BIT 0x400000
250 #define PSF_PDE_UPDATE_NEEDED_BIT 0x800000
251 #define PSF_VDM_ALLOWED_BIT 0x1000000
252 #define PSF_SWAP_ALLOWED_BIT 0x2000000
253 #define PSF_CREATE_FAILED_BIT 0x4000000
254 #define PSF_DEFAULT_IO_PRIORITY_BIT 0x8000000
257 // Vista Process Flags
259 #define PSF2_PROTECTED_BIT 0x800
265 #define TLS_EXPANSION_SLOTS 1024
267 #ifdef NTOS_MODE_USER
269 // Thread Native Base Priorities
271 #define LOW_PRIORITY 0
272 #define LOW_REALTIME_PRIORITY 16
273 #define HIGH_PRIORITY 31
274 #define MAXIMUM_PRIORITY 32
277 // Current Process/Thread built-in 'special' handles
279 #define NtCurrentProcess() ((HANDLE)(LONG_PTR)-1)
280 #define ZwCurrentProcess() NtCurrentProcess()
281 #define NtCurrentThread() ((HANDLE)(LONG_PTR)-2)
282 #define ZwCurrentThread() NtCurrentThread()
285 // Process/Thread/Job Information Classes for NtQueryInformationProcess/Thread/Job
287 typedef enum _PROCESSINFOCLASS
289 ProcessBasicInformation
,
295 ProcessRaisePriority
,
297 ProcessExceptionPort
,
299 ProcessLdtInformation
,
301 ProcessDefaultHardErrorMode
,
302 ProcessIoPortHandlers
,
303 ProcessPooledUsageAndLimits
,
304 ProcessWorkingSetWatch
,
306 ProcessEnableAlignmentFaultFixup
,
307 ProcessPriorityClass
,
308 ProcessWx86Information
,
311 ProcessPriorityBoost
,
313 ProcessSessionInformation
,
314 ProcessForegroundInformation
,
315 ProcessWow64Information
,
316 ProcessImageFileName
,
317 ProcessLUIDDeviceMapsEnabled
,
318 ProcessBreakOnTermination
,
319 ProcessDebugObjectHandle
,
321 ProcessHandleTracing
,
324 ProcessTlsInformation
,
326 ProcessImageInformation
,
329 ProcessInstrumentationCallback
,
330 ProcessThreadStackAllocation
,
331 ProcessWorkingSetWatchEx
,
332 ProcessImageFileNameWin32
,
333 ProcessImageFileMapping
,
334 ProcessAffinityUpdateMode
,
335 ProcessMemoryAllocationMode
,
339 typedef enum _THREADINFOCLASS
341 ThreadBasicInformation
,
346 ThreadImpersonationToken
,
347 ThreadDescriptorTableEntry
,
348 ThreadEnableAlignmentFaultFixup
,
349 ThreadEventPair_Reusable
,
350 ThreadQuerySetWin32StartAddress
,
352 ThreadPerformanceCount
,
354 ThreadIdealProcessor
,
356 ThreadSetTlsArrayAddress
,
358 ThreadHideFromDebugger
,
359 ThreadBreakOnTermination
,
360 ThreadSwitchLegacyState
,
362 ThreadLastSystemCall
,
366 ThreadActualBasePriority
,
367 ThreadTebInformation
,
374 typedef enum _PSPROCESSPRIORITYMODE
376 PsProcessPriorityForeground
,
377 PsProcessPriorityBackground
,
378 PsProcessPrioritySpinning
379 } PSPROCESSPRIORITYMODE
;
381 typedef enum _JOBOBJECTINFOCLASS
383 JobObjectBasicAccountingInformation
= 1,
384 JobObjectBasicLimitInformation
,
385 JobObjectBasicProcessIdList
,
386 JobObjectBasicUIRestrictions
,
387 JobObjectSecurityLimitInformation
,
388 JobObjectEndOfJobTimeInformation
,
389 JobObjectAssociateCompletionPortInformation
,
390 JobObjectBasicAndIoAccountingInformation
,
391 JobObjectExtendedLimitInformation
,
392 JobObjectJobSetInformation
,
393 MaxJobObjectInfoClass
394 } JOBOBJECTINFOCLASS
;
397 // Power Event Events for Win32K Power Event Callback
399 typedef enum _PSPOWEREVENTTYPE
403 PsW32PowerPolicyChanged
= 2,
404 PsW32SystemPowerState
= 3,
406 PsW32DisplayState
= 5,
407 PsW32CapabilitiesChanged
= 6,
408 PsW32SetStateFailed
= 7,
411 PsW32GdiPrepareResumeUI
= 10,
412 PsW32GdiOffRequest
= 11,
413 PsW32MonitorOff
= 12,
417 // Power State Tasks for Win32K Power State Callback
419 typedef enum _POWERSTATETASK
421 PowerState_BlockSessionSwitch
= 0,
423 PowerState_QueryApps
= 2,
424 PowerState_QueryServices
= 3,
425 PowerState_QueryAppsFailed
= 4,
426 PowerState_QueryServicesFailed
= 5,
427 PowerState_SuspendApps
= 6,
428 PowerState_SuspendServices
= 7,
429 PowerState_ShowUI
= 8,
430 PowerState_NotifyWL
= 9,
431 PowerState_ResumeApps
= 10,
432 PowerState_ResumeServices
= 11,
433 PowerState_UnBlockSessionSwitch
= 12,
435 PowerState_BlockInput
= 14,
436 PowerState_UnblockInput
= 15,
440 // Win32K Job Callback Types
442 typedef enum _PSW32JOBCALLOUTTYPE
444 PsW32JobCalloutSetInformation
= 0,
445 PsW32JobCalloutAddProcess
= 1,
446 PsW32JobCalloutTerminate
= 2,
447 } PSW32JOBCALLOUTTYPE
;
450 // Win32K Thread Callback Types
452 typedef enum _PSW32THREADCALLOUTTYPE
454 PsW32ThreadCalloutInitialize
,
455 PsW32ThreadCalloutExit
,
456 } PSW32THREADCALLOUTTYPE
;
459 // Declare empty structure definitions so that they may be referenced by
460 // routines before they are defined
465 struct _WIN32_POWEREVENT_PARAMETERS
;
466 struct _WIN32_POWERSTATE_PARAMETERS
;
467 struct _WIN32_JOBCALLOUT_PARAMETERS
;
468 struct _WIN32_OPENMETHOD_PARAMETERS
;
469 struct _WIN32_OKAYTOCLOSEMETHOD_PARAMETERS
;
470 struct _WIN32_CLOSEMETHOD_PARAMETERS
;
471 struct _WIN32_DELETEMETHOD_PARAMETERS
;
472 struct _WIN32_PARSEMETHOD_PARAMETERS
;
475 // Win32K Process and Thread Callbacks
479 (NTAPI
*PKWIN32_PROCESS_CALLOUT
)(
480 struct _EPROCESS
*Process
,
486 (NTAPI
*PKWIN32_THREAD_CALLOUT
)(
487 struct _ETHREAD
*Thread
,
488 PSW32THREADCALLOUTTYPE Type
493 (NTAPI
*PKWIN32_GLOBALATOMTABLE_CALLOUT
)(
499 (NTAPI
*PKWIN32_POWEREVENT_CALLOUT
)(
500 struct _WIN32_POWEREVENT_PARAMETERS
*Parameters
505 (NTAPI
*PKWIN32_POWERSTATE_CALLOUT
)(
506 struct _WIN32_POWERSTATE_PARAMETERS
*Parameters
511 (NTAPI
*PKWIN32_JOB_CALLOUT
)(
512 struct _WIN32_JOBCALLOUT_PARAMETERS
*Parameters
517 (NTAPI
*PGDI_BATCHFLUSH_ROUTINE
)(
523 (NTAPI
*PKWIN32_OPENMETHOD_CALLOUT
)(
524 struct _WIN32_OPENMETHOD_PARAMETERS
*Parameters
529 (NTAPI
*PKWIN32_OKTOCLOSEMETHOD_CALLOUT
)(
530 struct _WIN32_OKAYTOCLOSEMETHOD_PARAMETERS
*Parameters
535 (NTAPI
*PKWIN32_CLOSEMETHOD_CALLOUT
)(
536 struct _WIN32_CLOSEMETHOD_PARAMETERS
*Parameters
541 (NTAPI
*PKWIN32_DELETEMETHOD_CALLOUT
)(
542 struct _WIN32_DELETEMETHOD_PARAMETERS
*Parameters
547 (NTAPI
*PKWIN32_PARSEMETHOD_CALLOUT
)(
548 struct _WIN32_PARSEMETHOD_PARAMETERS
*Parameters
553 (NTAPI
*PKWIN32_WIN32DATACOLLECTION_CALLOUT
)(
554 struct _EPROCESS
*Process
,
564 (NTAPI
*PLEGO_NOTIFY_ROUTINE
)(
571 (NTAPI
*PPOST_PROCESS_INIT_ROUTINE
)(
576 // Descriptor Table Entry Definition
579 #define _DESCRIPTOR_TABLE_ENTRY_DEFINED
580 typedef struct _DESCRIPTOR_TABLE_ENTRY
583 LDT_ENTRY Descriptor
;
584 } DESCRIPTOR_TABLE_ENTRY
, *PDESCRIPTOR_TABLE_ENTRY
;
591 (NTAPI
*PPEBLOCKROUTINE
)(
596 // PEB Free Block Descriptor
598 typedef struct _PEB_FREE_BLOCK
600 struct _PEB_FREE_BLOCK
* Next
;
602 } PEB_FREE_BLOCK
, *PPEB_FREE_BLOCK
;
607 typedef struct _INITIAL_PEB
609 BOOLEAN InheritedAddressSpace
;
610 BOOLEAN ReadImageFileExecOptions
;
611 BOOLEAN BeingDebugged
;
615 #if (NTDDI_VERSION >= NTDDI_WS03)
618 BOOLEAN ImageUsesLargePages
:1;
619 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
620 BOOLEAN IsProtectedProcess
:1;
621 BOOLEAN IsLegacyProcess
:1;
632 } INITIAL_PEB
, *PINITIAL_PEB
;
637 typedef struct _INITIAL_TEB
639 PVOID PreviousStackBase
;
640 PVOID PreviousStackLimit
;
643 PVOID AllocatedStackBase
;
644 } INITIAL_TEB
, *PINITIAL_TEB
;
647 // TEB Active Frame Structures
649 typedef struct _TEB_ACTIVE_FRAME_CONTEXT
653 } TEB_ACTIVE_FRAME_CONTEXT
, *PTEB_ACTIVE_FRAME_CONTEXT
;
655 typedef struct _TEB_ACTIVE_FRAME
658 struct _TEB_ACTIVE_FRAME
*Previous
;
659 PTEB_ACTIVE_FRAME_CONTEXT Context
;
660 } TEB_ACTIVE_FRAME
, *PTEB_ACTIVE_FRAME
;
662 typedef struct _CLIENT_ID32
666 } CLIENT_ID32
, *PCLIENT_ID32
;
668 typedef struct _CLIENT_ID64
670 ULONG64 UniqueProcess
;
671 ULONG64 UniqueThread
;
672 } CLIENT_ID64
, *PCLIENT_ID64
;
674 #if (NTDDI_VERSION < NTDDI_WS03)
675 typedef struct _Wx86ThreadState
678 PVOID DeallocationCpu
;
679 BOOLEAN UseKnownWx86Dll
;
681 } Wx86ThreadState
, *PWx86ThreadState
;
686 // Process Environment Block (PEB)
687 // Thread Environment Block (TEB)
693 // Explicit 32 bit PEB/TEB
695 #define EXPLICIT_32BIT
697 #undef EXPLICIT_32BIT
700 // Explicit 64 bit PEB/TEB
702 #define EXPLICIT_64BIT
704 #undef EXPLICIT_64BIT
707 #ifdef NTOS_MODE_USER
710 // Process Information Structures for NtQueryProcessInformation
712 typedef struct _PROCESS_BASIC_INFORMATION
716 ULONG_PTR AffinityMask
;
717 KPRIORITY BasePriority
;
718 ULONG_PTR UniqueProcessId
;
719 ULONG_PTR InheritedFromUniqueProcessId
;
720 } PROCESS_BASIC_INFORMATION
, *PPROCESS_BASIC_INFORMATION
;
722 typedef struct _PROCESS_ACCESS_TOKEN
726 } PROCESS_ACCESS_TOKEN
, *PPROCESS_ACCESS_TOKEN
;
728 typedef struct _PROCESS_DEVICEMAP_INFORMATION
734 HANDLE DirectoryHandle
;
742 } PROCESS_DEVICEMAP_INFORMATION
, *PPROCESS_DEVICEMAP_INFORMATION
;
744 typedef struct _KERNEL_USER_TIMES
746 LARGE_INTEGER CreateTime
;
747 LARGE_INTEGER ExitTime
;
748 LARGE_INTEGER KernelTime
;
749 LARGE_INTEGER UserTime
;
750 } KERNEL_USER_TIMES
, *PKERNEL_USER_TIMES
;
752 typedef struct _PROCESS_SESSION_INFORMATION
755 } PROCESS_SESSION_INFORMATION
, *PPROCESS_SESSION_INFORMATION
;
759 typedef struct _PROCESS_PRIORITY_CLASS
763 } PROCESS_PRIORITY_CLASS
, *PPROCESS_PRIORITY_CLASS
;
766 // Thread Information Structures for NtQueryProcessInformation
768 typedef struct _THREAD_BASIC_INFORMATION
771 PVOID TebBaseAddress
;
773 KAFFINITY AffinityMask
;
775 KPRIORITY BasePriority
;
776 } THREAD_BASIC_INFORMATION
, *PTHREAD_BASIC_INFORMATION
;
778 #ifndef NTOS_MODE_USER
783 typedef struct _JOB_SET_ARRAY
788 } JOB_SET_ARRAY
, *PJOB_SET_ARRAY
;
791 // EPROCESS Quota Structures
793 typedef struct _EPROCESS_QUOTA_ENTRY
799 } EPROCESS_QUOTA_ENTRY
, *PEPROCESS_QUOTA_ENTRY
;
801 typedef struct _EPROCESS_QUOTA_BLOCK
803 EPROCESS_QUOTA_ENTRY QuotaEntry
[3];
804 LIST_ENTRY QuotaList
;
805 ULONG ReferenceCount
;
807 } EPROCESS_QUOTA_BLOCK
, *PEPROCESS_QUOTA_BLOCK
;
810 // Process Pagefault History
812 typedef struct _PAGEFAULT_HISTORY
818 PROCESS_WS_WATCH_INFORMATION WatchInfo
[1];
819 } PAGEFAULT_HISTORY
, *PPAGEFAULT_HISTORY
;
822 // Process Impersonation Information
824 typedef struct _PS_IMPERSONATION_INFORMATION
828 BOOLEAN EffectiveOnly
;
829 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
;
830 } PS_IMPERSONATION_INFORMATION
, *PPS_IMPERSONATION_INFORMATION
;
833 // Process Termination Port
835 typedef struct _TERMINATION_PORT
837 struct _TERMINATION_PORT
*Next
;
839 } TERMINATION_PORT
, *PTERMINATION_PORT
;
842 // Per-Process APC Rate Limiting
844 typedef struct _PSP_RATE_APC
848 SINGLE_LIST_ENTRY NextApc
;
849 ULONGLONG ExcessCycles
;
851 ULONGLONG TargetGEneration
;
853 } PSP_RATE_APC
, *PPSP_RATE_APC
;
856 // Executive Thread (ETHREAD)
858 typedef struct _ETHREAD
861 LARGE_INTEGER CreateTime
;
864 LARGE_INTEGER ExitTime
;
865 LIST_ENTRY LpcReplyChain
;
866 LIST_ENTRY KeyedWaitChain
;
873 LIST_ENTRY PostBlockList
;
876 struct _TERMINATION_PORT
*TerminationPort
;
877 struct _ETHREAD
*ReaperLink
;
878 PVOID KeyedWaitValue
;
879 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
880 PVOID Win32StartParameter
;
883 KSPIN_LOCK ActiveTimerListLock
;
884 LIST_ENTRY ActiveTimerListHead
;
886 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
887 KSEMAPHORE KeyedWaitSemaphore
;
891 KSEMAPHORE LpcReplySemaphore
;
892 KSEMAPHORE KeyedReplySemaphore
;
896 PVOID LpcReplyMessage
;
897 PVOID LpcWaitingOnPort
;
900 PPS_IMPERSONATION_INFORMATION ImpersonationInfo
;
902 ULONG_PTR TopLevelIrp
;
903 PDEVICE_OBJECT DeviceToVerify
;
904 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
905 PPSP_RATE_APC RateControlApc
;
907 struct _EPROCESS
*ThreadsProcess
;
909 PVOID Win32StartAddress
;
912 PKSTART_ROUTINE StartAddress
;
913 ULONG LpcReceivedMessageId
;
915 LIST_ENTRY ThreadListEntry
;
916 EX_RUNDOWN_REF RundownProtect
;
917 EX_PUSH_LOCK ThreadLock
;
918 #if (NTDDI_VERSION < NTDDI_LONGHORN)
919 ULONG LpcReplyMessageId
;
921 ULONG ReadClusterSize
;
922 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
925 ACCESS_MASK GrantedAccess
;
932 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
933 ULONG ThreadInserted
:1;
937 ULONG HideFromDebugger
:1;
938 ULONG ActiveImpersonationInfo
:1;
939 ULONG SystemThread
:1;
940 ULONG HardErrorsAreDisabled
:1;
941 ULONG BreakOnTermination
:1;
942 ULONG SkipCreationMsg
:1;
943 ULONG SkipTerminationMsg
:1;
944 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
945 ULONG CreateMsgSent
:1;
946 ULONG ThreadIoPriority
:3;
947 ULONG ThreadPagePriority
:3;
948 ULONG PendingRatecontrol
:1;
951 ULONG CrossThreadFlags
;
957 ULONG ActiveExWorker
:1;
958 ULONG ExWorkerCanWaitUser
:1;
960 ULONG KeyedEventInUse
:1;
961 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
962 ULONG RateApcState
:2;
965 ULONG SameThreadPassiveFlags
;
971 ULONG LpcReceivedMsgIdValid
:1;
972 ULONG LpcExitThreadCalled
:1;
973 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
976 ULONG AddressSpaceOwner
:1;
978 ULONG OwnsProcessWorkingSetExclusive
:1;
979 ULONG OwnsProcessWorkingSetShared
:1;
980 ULONG OwnsSystemWorkingSetExclusive
:1;
981 ULONG OwnsSystemWorkingSetShared
:1;
982 ULONG OwnsSessionWorkingSetExclusive
:1;
983 ULONG OwnsSessionWorkingSetShared
:1;
984 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
985 ULONG SupressSymbolLoad
:1;
987 ULONG PriorityRegionActive
:4;
992 ULONG SameThreadApcFlags
;
994 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
995 UCHAR CacheManagerActive
;
997 UCHAR ForwardClusterOnly
;
999 UCHAR DisablePageFaultClustering
;
1000 UCHAR ActiveFaultCount
;
1001 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1002 ULONG AlpcMessageId
;
1006 ULONG AlpcReceiveAttributeSet
;
1008 LIST_ENTRY AlpcWaitListEntry
;
1009 KSEMAPHORE AlpcWaitSemaphore
;
1010 ULONG CacheManagerCount
;
1015 // Executive Process (EPROCESS)
1017 typedef struct _EPROCESS
1020 EX_PUSH_LOCK ProcessLock
;
1021 LARGE_INTEGER CreateTime
;
1022 LARGE_INTEGER ExitTime
;
1023 EX_RUNDOWN_REF RundownProtect
;
1024 HANDLE UniqueProcessId
;
1025 LIST_ENTRY ActiveProcessLinks
;
1026 ULONG QuotaUsage
[3]; /* 0=PagedPool, 1=NonPagedPool, 2=Pagefile */
1027 ULONG QuotaPeak
[3]; /* ditto */
1029 ULONG PeakVirtualSize
;
1031 LIST_ENTRY SessionProcessLinks
;
1033 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1036 PVOID ExceptionPortData
;
1037 ULONG ExceptionPortValue
;
1038 UCHAR ExceptionPortState
:3;
1041 PVOID ExceptionPort
;
1043 PHANDLE_TABLE ObjectTable
;
1045 ULONG WorkingSetPage
;
1046 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1047 EX_PUSH_LOCK AddressCreationLock
;
1048 PETHREAD RotateInProgress
;
1050 KGUARDED_MUTEX AddressCreationLock
;
1051 KSPIN_LOCK HyperSpaceLock
;
1053 PETHREAD ForkInProgress
;
1054 ULONG HardwareTrigger
;
1055 PMM_AVL_TABLE PhysicalVadRoot
;
1057 ULONG NumberOfPrivatePages
;
1058 ULONG NumberOfLockedPages
;
1059 PVOID
*Win32Process
;
1061 PVOID SectionObject
;
1062 PVOID SectionBaseAddress
;
1063 PEPROCESS_QUOTA_BLOCK QuotaBlock
;
1064 PPAGEFAULT_HISTORY WorkingSetWatch
;
1065 PVOID Win32WindowStation
;
1066 HANDLE InheritedFromUniqueProcessId
;
1067 PVOID LdtInformation
;
1071 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1072 PVOID EtwDataSource
;
1079 HARDWARE_PTE PageDirectoryPte
;
1083 CHAR ImageFileName
[16];
1084 LIST_ENTRY JobLinks
;
1085 PVOID LockedPagesList
;
1086 LIST_ENTRY ThreadListHead
;
1089 ULONG ActiveThreads
;
1090 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1091 ULONG ImagePathHash
;
1093 ACCESS_MASK GrantedAccess
;
1095 ULONG DefaultHardErrorProcessing
;
1096 NTSTATUS LastThreadExitStatus
;
1098 EX_FAST_REF PrefetchTrace
;
1099 LARGE_INTEGER ReadOperationCount
;
1100 LARGE_INTEGER WriteOperationCount
;
1101 LARGE_INTEGER OtherOperationCount
;
1102 LARGE_INTEGER ReadTransferCount
;
1103 LARGE_INTEGER WriteTransferCount
;
1104 LARGE_INTEGER OtherTransferCount
;
1105 ULONG CommitChargeLimit
;
1106 ULONG CommitChargePeak
;
1108 SE_AUDIT_PROCESS_CREATION_INFO SeAuditProcessCreationInfo
;
1110 LIST_ENTRY MmProcessLinks
;
1111 ULONG ModifiedPageCount
;
1112 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1117 ULONG JobNotReallyActive
:1;
1118 ULONG AccountingFolded
:1;
1119 ULONG NewProcessReported
:1;
1120 ULONG ExitProcessReported
:1;
1121 ULONG ReportCommitChanges
:1;
1122 ULONG LastReportMemory
:1;
1123 ULONG ReportPhysicalPageChanges
:1;
1124 ULONG HandleTableRundown
:1;
1125 ULONG NeedsHandleRundown
:1;
1126 ULONG RefTraceEnabled
:1;
1128 ULONG ProtectedProcess
:1;
1129 ULONG DefaultPagePriority
:3;
1130 ULONG ProcessDeleteSelf
:1;
1131 ULONG ProcessVerifierTarget
:1;
1142 ULONG CreateReported
:1;
1143 ULONG NoDebugInherit
:1;
1144 ULONG ProcessExiting
:1;
1145 ULONG ProcessDelete
:1;
1146 ULONG Wow64SplitPages
:1;
1148 ULONG OutswapEnabled
:1;
1151 ULONG Wow64VaSpace4Gb
:1;
1152 ULONG AddressSpaceInitialized
:2;
1153 ULONG SetTimerResolution
:1;
1154 ULONG BreakOnTermination
:1;
1155 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1156 ULONG DeprioritizeViews
:1;
1158 ULONG SessionCreationUnderway
:1;
1161 ULONG ProcessInSession
:1;
1162 ULONG OverrideAddressSpace
:1;
1163 ULONG HasAddressSpace
:1;
1164 ULONG LaunchPrefetched
:1;
1165 ULONG InjectInpageErrors
:1;
1167 ULONG ImageNotifyDone
:1;
1168 ULONG PdeUpdateNeeded
:1;
1170 ULONG SmapAllowed
:1;
1171 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1172 ULONG ProcessInserted
:1;
1174 ULONG CreateFailed
:1;
1176 ULONG DefaultIoPriority
:3;
1177 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1178 ULONG SparePsFlags1
:2;
1186 NTSTATUS ExitStatus
;
1187 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1190 USHORT NextPageColor
;
1196 UCHAR SubSystemMinorVersion
;
1197 UCHAR SubSystemMajorVersion
;
1199 USHORT SubSystemVersion
;
1201 UCHAR PriorityClass
;
1202 MM_AVL_TABLE VadRoot
;
1207 // Job Token Filter Data
1209 #include <pshpack1.h>
1210 typedef struct _PS_JOB_TOKEN_FILTER
1212 ULONG CapturedSidCount
;
1213 PSID_AND_ATTRIBUTES CapturedSids
;
1214 ULONG CapturedSidsLength
;
1215 ULONG CapturedGroupCount
;
1216 PSID_AND_ATTRIBUTES CapturedGroups
;
1217 ULONG CapturedGroupsLength
;
1218 ULONG CapturedPrivilegeCount
;
1219 PLUID_AND_ATTRIBUTES CapturedPrivileges
;
1220 ULONG CapturedPrivilegesLength
;
1221 } PS_JOB_TOKEN_FILTER
, *PPS_JOB_TOKEN_FILTER
;
1224 // Executive Job (EJOB)
1226 typedef struct _EJOB
1229 LIST_ENTRY JobLinks
;
1230 LIST_ENTRY ProcessListHead
;
1232 LARGE_INTEGER TotalUserTime
;
1233 LARGE_INTEGER TotalKernelTime
;
1234 LARGE_INTEGER ThisPeriodTotalUserTime
;
1235 LARGE_INTEGER ThisPeriodTotalKernelTime
;
1236 ULONG TotalPageFaultCount
;
1237 ULONG TotalProcesses
;
1238 ULONG ActiveProcesses
;
1239 ULONG TotalTerminatedProcesses
;
1240 LARGE_INTEGER PerProcessUserTimeLimit
;
1241 LARGE_INTEGER PerJobUserTimeLimit
;
1243 ULONG MinimumWorkingSetSize
;
1244 ULONG MaximumWorkingSetSize
;
1245 ULONG ActiveProcessLimit
;
1247 UCHAR PriorityClass
;
1248 ULONG UIRestrictionsClass
;
1249 ULONG SecurityLimitFlags
;
1251 PPS_JOB_TOKEN_FILTER Filter
;
1252 ULONG EndOfJobTimeAction
;
1253 PVOID CompletionPort
;
1254 PVOID CompletionKey
;
1256 ULONG SchedulingClass
;
1257 ULONGLONG ReadOperationCount
;
1258 ULONGLONG WriteOperationCount
;
1259 ULONGLONG OtherOperationCount
;
1260 ULONGLONG ReadTransferCount
;
1261 ULONGLONG WriteTransferCount
;
1262 ULONGLONG OtherTransferCount
;
1264 ULONG ProcessMemoryLimit
;
1265 ULONG JobMemoryLimit
;
1266 ULONG PeakProcessMemoryUsed
;
1267 ULONG PeakJobMemoryUsed
;
1268 ULONG CurrentJobMemoryUsed
;
1269 #if (NTDDI_VERSION >= NTDDI_WINXP) && (NTDDI_VERSION < NTDDI_WS03)
1270 FAST_MUTEX MemoryLimitsLock
;
1271 #elif (NTDDI_VERSION >= NTDDI_WS03) && (NTDDI_VERSION < NTDDI_LONGHORN)
1272 KGUARDED_MUTEX MemoryLimitsLock
;
1273 #elif (NTDDI_VERSION >= NTDDI_LONGHORN)
1274 EX_PUSH_LOCK MemoryLimitsLock
;
1276 LIST_ENTRY JobSetLinks
;
1280 #include <poppack.h>
1283 // Win32K Callback Registration Data
1285 typedef struct _WIN32_POWEREVENT_PARAMETERS
1287 PSPOWEREVENTTYPE EventNumber
;
1289 } WIN32_POWEREVENT_PARAMETERS
, *PWIN32_POWEREVENT_PARAMETERS
;
1291 typedef struct _WIN32_POWERSTATE_PARAMETERS
1294 POWER_ACTION SystemAction
;
1295 SYSTEM_POWER_STATE MinSystemState
;
1297 POWERSTATETASK PowerStateTask
;
1298 } WIN32_POWERSTATE_PARAMETERS
, *PWIN32_POWERSTATE_PARAMETERS
;
1300 typedef struct _WIN32_JOBCALLOUT_PARAMETERS
1303 PSW32JOBCALLOUTTYPE CalloutType
;
1305 } WIN32_JOBCALLOUT_PARAMETERS
, *PWIN32_JOBCALLOUT_PARAMETERS
;
1307 typedef struct _WIN32_OPENMETHOD_PARAMETERS
1309 OB_OPEN_REASON OpenReason
;
1312 ULONG GrantedAccess
;
1314 } WIN32_OPENMETHOD_PARAMETERS
, *PWIN32_OPENMETHOD_PARAMETERS
;
1316 typedef struct _WIN32_OKAYTOCLOSEMETHOD_PARAMETERS
1321 KPROCESSOR_MODE PreviousMode
;
1322 } WIN32_OKAYTOCLOSEMETHOD_PARAMETERS
, *PWIN32_OKAYTOCLOSEMETHOD_PARAMETERS
;
1324 typedef struct _WIN32_CLOSEMETHOD_PARAMETERS
1328 ACCESS_MASK AccessMask
;
1329 ULONG ProcessHandleCount
;
1330 ULONG SystemHandleCount
;
1331 } WIN32_CLOSEMETHOD_PARAMETERS
, *PWIN32_CLOSEMETHOD_PARAMETERS
;
1333 typedef struct _WIN32_DELETEMETHOD_PARAMETERS
1336 } WIN32_DELETEMETHOD_PARAMETERS
, *PWIN32_DELETEMETHOD_PARAMETERS
;
1338 typedef struct _WIN32_PARSEMETHOD_PARAMETERS
1342 PACCESS_STATE AccessState
;
1343 KPROCESSOR_MODE AccessMode
;
1345 OUT PUNICODE_STRING CompleteName
;
1346 PUNICODE_STRING RemainingName
;
1348 PSECURITY_QUALITY_OF_SERVICE SecurityQos
;
1350 } WIN32_PARSEMETHOD_PARAMETERS
, *PWIN32_PARSEMETHOD_PARAMETERS
;
1352 typedef struct _WIN32_CALLOUTS_FPNS
1354 PKWIN32_PROCESS_CALLOUT ProcessCallout
;
1355 PKWIN32_THREAD_CALLOUT ThreadCallout
;
1356 PKWIN32_GLOBALATOMTABLE_CALLOUT GlobalAtomTableCallout
;
1357 PKWIN32_POWEREVENT_CALLOUT PowerEventCallout
;
1358 PKWIN32_POWERSTATE_CALLOUT PowerStateCallout
;
1359 PKWIN32_JOB_CALLOUT JobCallout
;
1360 PGDI_BATCHFLUSH_ROUTINE BatchFlushRoutine
;
1361 PKWIN32_OPENMETHOD_CALLOUT DesktopOpenProcedure
;
1362 PKWIN32_OKTOCLOSEMETHOD_CALLOUT DesktopOkToCloseProcedure
;
1363 PKWIN32_CLOSEMETHOD_CALLOUT DesktopCloseProcedure
;
1364 PKWIN32_DELETEMETHOD_CALLOUT DesktopDeleteProcedure
;
1365 PKWIN32_OKTOCLOSEMETHOD_CALLOUT WindowStationOkToCloseProcedure
;
1366 PKWIN32_CLOSEMETHOD_CALLOUT WindowStationCloseProcedure
;
1367 PKWIN32_DELETEMETHOD_CALLOUT WindowStationDeleteProcedure
;
1368 PKWIN32_PARSEMETHOD_CALLOUT WindowStationParseProcedure
;
1369 PKWIN32_OPENMETHOD_CALLOUT WindowStationOpenProcedure
;
1370 PKWIN32_WIN32DATACOLLECTION_CALLOUT Win32DataCollectionProcedure
;
1371 } WIN32_CALLOUTS_FPNS
, *PWIN32_CALLOUTS_FPNS
;
1373 #endif // !NTOS_MODE_USER
1375 #endif // _PSTYPES_H
projects / reactos.git / blob