d8f1e2329b4d70ed6498c7098087a41fbb7ee393
[reactos.git] / reactos / include / ndk / pstypes.h
1 /*++ NDK Version: 0098
2
3 Copyright (c) Alex Ionescu. All rights reserved.
4
5 Header Name:
6
7 pstypes.h
8
9 Abstract:
10
11 Type definitions for the Process Manager
12
13 Author:
14
15 Alex Ionescu (alexi@tinykrnl.org) - Updated - 27-Feb-2006
16
17 --*/
18
19 #ifndef _PSTYPES_H
20 #define _PSTYPES_H
21
22 //
23 // Dependencies
24 //
25 #include <umtypes.h>
26 #include <ldrtypes.h>
27 #include <mmtypes.h>
28 #include <obtypes.h>
29 #include <rtltypes.h>
30 #ifndef NTOS_MODE_USER
31 #include <extypes.h>
32 #include <setypes.h>
33 #endif
34
35 #ifdef __cplusplus
36 extern "C" {
37 #endif
38
39 #ifndef NTOS_MODE_USER
40
41 //
42 // Kernel Exported Object Types
43 //
44 extern POBJECT_TYPE NTSYSAPI PsJobType;
45
46 #endif // !NTOS_MODE_USER
47
48 //
49 // KUSER_SHARED_DATA location in User Mode
50 //
51 #define USER_SHARED_DATA (0x7FFE0000)
52
53 //
54 // Global Flags
55 //
56 #define FLG_STOP_ON_EXCEPTION 0x00000001
57 #define FLG_SHOW_LDR_SNAPS 0x00000002
58 #define FLG_DEBUG_INITIAL_COMMAND 0x00000004
59 #define FLG_STOP_ON_HUNG_GUI 0x00000008
60 #define FLG_HEAP_ENABLE_TAIL_CHECK 0x00000010
61 #define FLG_HEAP_ENABLE_FREE_CHECK 0x00000020
62 #define FLG_HEAP_VALIDATE_PARAMETERS 0x00000040
63 #define FLG_HEAP_VALIDATE_ALL 0x00000080
64 #define FLG_POOL_ENABLE_TAIL_CHECK 0x00000100
65 #define FLG_POOL_ENABLE_FREE_CHECK 0x00000200
66 #define FLG_POOL_ENABLE_TAGGING 0x00000400
67 #define FLG_HEAP_ENABLE_TAGGING 0x00000800
68 #define FLG_USER_STACK_TRACE_DB 0x00001000
69 #define FLG_KERNEL_STACK_TRACE_DB 0x00002000
70 #define FLG_MAINTAIN_OBJECT_TYPELIST 0x00004000
71 #define FLG_HEAP_ENABLE_TAG_BY_DLL 0x00008000
72 #define FLG_DISABLE_STACK_EXTENSION 0x00010000
73 #define FLG_ENABLE_CSRDEBUG 0x00020000
74 #define FLG_ENABLE_KDEBUG_SYMBOL_LOAD 0x00040000
75 #define FLG_DISABLE_PAGE_KERNEL_STACKS 0x00080000
76 #if (NTDDI_VERSION < NTDDI_WINXP)
77 #define FLG_HEAP_ENABLE_CALL_TRACING 0x00100000
78 #else
79 #define FLG_ENABLE_SYSTEM_CRIT_BREAKS 0x00100000
80 #endif
81 #define FLG_HEAP_DISABLE_COALESCING 0x00200000
82 #define FLG_ENABLE_CLOSE_EXCEPTIONS 0x00400000
83 #define FLG_ENABLE_EXCEPTION_LOGGING 0x00800000
84 #define FLG_ENABLE_HANDLE_TYPE_TAGGING 0x01000000
85 #define FLG_HEAP_PAGE_ALLOCS 0x02000000
86 #define FLG_DEBUG_INITIAL_COMMAND_EX 0x04000000
87 #define FLG_VALID_BITS 0x07FFFFFF
88
89 //
90 // Flags for NtCreateProcessEx
91 //
92 #define PROCESS_CREATE_FLAGS_BREAKAWAY 0x00000001
93 #define PROCESS_CREATE_FLAGS_NO_DEBUG_INHERIT 0x00000002
94 #define PROCESS_CREATE_FLAGS_INHERIT_HANDLES 0x00000004
95 #define PROCESS_CREATE_FLAGS_OVERRIDE_ADDRESS_SPACE 0x00000008
96 #define PROCESS_CREATE_FLAGS_LARGE_PAGES 0x00000010
97 #define PROCESS_CREATE_FLAGS_ALL_LARGE_PAGE_FLAGS PROCESS_CREATE_FLAGS_LARGE_PAGES
98 #define PROCESS_CREATE_FLAGS_LEGAL_MASK (PROCESS_CREATE_FLAGS_BREAKAWAY | \
99 PROCESS_CREATE_FLAGS_NO_DEBUG_INHERIT | \
100 PROCESS_CREATE_FLAGS_INHERIT_HANDLES | \
101 PROCESS_CREATE_FLAGS_OVERRIDE_ADDRESS_SPACE | \
102 PROCESS_CREATE_FLAGS_ALL_LARGE_PAGE_FLAGS)
103
104 //
105 // Process priority classes
106 //
107 #define PROCESS_PRIORITY_CLASS_INVALID 0
108 #define PROCESS_PRIORITY_CLASS_IDLE 1
109 #define PROCESS_PRIORITY_CLASS_NORMAL 2
110 #define PROCESS_PRIORITY_CLASS_HIGH 3
111 #define PROCESS_PRIORITY_CLASS_REALTIME 4
112 #define PROCESS_PRIORITY_CLASS_BELOW_NORMAL 5
113 #define PROCESS_PRIORITY_CLASS_ABOVE_NORMAL 6
114
115 //
116 // Process base priorities
117 //
118 #define PROCESS_PRIORITY_IDLE 3
119 #define PROCESS_PRIORITY_NORMAL 8
120 #define PROCESS_PRIORITY_NORMAL_FOREGROUND 9
121
122 //
123 // Process memory priorities
124 //
125 #define MEMORY_PRIORITY_BACKGROUND 0
126 #define MEMORY_PRIORITY_UNKNOWN 1
127 #define MEMORY_PRIORITY_FOREGROUND 2
128
129 //
130 // Process Priority Separation Values (OR)
131 //
132 #define PSP_VARIABLE_QUANTUMS 4
133 #define PSP_LONG_QUANTUMS 16
134
135 #ifndef NTOS_MODE_USER
136 //
137 // Thread Access Types
138 //
139 #define THREAD_QUERY_INFORMATION 0x0040
140 #define THREAD_SET_THREAD_TOKEN 0x0080
141 #define THREAD_IMPERSONATE 0x0100
142 #define THREAD_DIRECT_IMPERSONATION 0x0200
143
144 //
145 // Process Access Types
146 //
147 #define PROCESS_TERMINATE 0x0001
148 #define PROCESS_CREATE_THREAD 0x0002
149 #define PROCESS_SET_SESSIONID 0x0004
150 #define PROCESS_VM_OPERATION 0x0008
151 #define PROCESS_VM_READ 0x0010
152 #define PROCESS_VM_WRITE 0x0020
153 #define PROCESS_CREATE_PROCESS 0x0080
154 #define PROCESS_SET_QUOTA 0x0100
155 #define PROCESS_SET_INFORMATION 0x0200
156 #define PROCESS_QUERY_INFORMATION 0x0400
157 #define PROCESS_SUSPEND_RESUME 0x0800
158 #define PROCESS_QUERY_LIMITED_INFORMATION 0x1000
159 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
160 #define PROCESS_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | \
161 SYNCHRONIZE | \
162 0xFFFF)
163 #else
164 #define PROCESS_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | \
165 SYNCHRONIZE | \
166 0xFFF)
167 #endif
168
169 //
170 // Thread Base Priorities
171 //
172 #define THREAD_BASE_PRIORITY_LOWRT 15
173 #define THREAD_BASE_PRIORITY_MAX 2
174 #define THREAD_BASE_PRIORITY_MIN -2
175 #define THREAD_BASE_PRIORITY_IDLE -15
176
177 //
178 // TLS Slots
179 //
180 #define TLS_MINIMUM_AVAILABLE 64
181
182 //
183 // Job Access Types
184 //
185 #define JOB_OBJECT_ASSIGN_PROCESS 0x1
186 #define JOB_OBJECT_SET_ATTRIBUTES 0x2
187 #define JOB_OBJECT_QUERY 0x4
188 #define JOB_OBJECT_TERMINATE 0x8
189 #define JOB_OBJECT_SET_SECURITY_ATTRIBUTES 0x10
190 #define JOB_OBJECT_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | \
191 SYNCHRONIZE | \
192 31)
193
194 //
195 // Job Limit Flags
196 //
197 #define JOB_OBJECT_LIMIT_WORKINGSET 0x1
198 #define JOB_OBJECT_LIMIT_PROCESS_TIME 0x2
199 #define JOB_OBJECT_LIMIT_JOB_TIME 0x4
200 #define JOB_OBJECT_LIMIT_ACTIVE_PROCESS 0x8
201 #define JOB_OBJECT_LIMIT_AFFINITY 0x10
202 #define JOB_OBJECT_LIMIT_PRIORITY_CLASS 0x20
203 #define JOB_OBJECT_LIMIT_PRESERVE_JOB_TIME 0x40
204 #define JOB_OBJECT_LIMIT_SCHEDULING_CLASS 0x80
205 #define JOB_OBJECT_LIMIT_PROCESS_MEMORY 0x100
206 #define JOB_OBJECT_LIMIT_JOB_MEMORY 0x200
207 #define JOB_OBJECT_LIMIT_DIE_ON_UNHANDLED_EXCEPTION 0x400
208 #define JOB_OBJECT_LIMIT_BREAKAWAY_OK 0x800
209 #define JOB_OBJECT_LIMIT_SILENT_BREAKAWAY_OK 0x1000
210 #define JOB_OBJECT_LIMIT_KILL_ON_JOB_CLOSE 0x2000
211
212 //
213 // Cross Thread Flags
214 //
215 #define CT_TERMINATED_BIT 0x1
216 #define CT_DEAD_THREAD_BIT 0x2
217 #define CT_HIDE_FROM_DEBUGGER_BIT 0x4
218 #define CT_ACTIVE_IMPERSONATION_INFO_BIT 0x8
219 #define CT_SYSTEM_THREAD_BIT 0x10
220 #define CT_HARD_ERRORS_ARE_DISABLED_BIT 0x20
221 #define CT_BREAK_ON_TERMINATION_BIT 0x40
222 #define CT_SKIP_CREATION_MSG_BIT 0x80
223 #define CT_SKIP_TERMINATION_MSG_BIT 0x100
224
225 //
226 // Same Thread Passive Flags
227 //
228 #define STP_ACTIVE_EX_WORKER_BIT 0x1
229 #define STP_EX_WORKER_CAN_WAIT_USER_BIT 0x2
230 #define STP_MEMORY_MAKER_BIT 0x4
231 #define STP_KEYED_EVENT_IN_USE_BIT 0x8
232
233 //
234 // Same Thread APC Flags
235 //
236 #define STA_LPC_RECEIVED_MSG_ID_VALID_BIT 0x1
237 #define STA_LPC_EXIT_THREAD_CALLED_BIT 0x2
238 #define STA_ADDRESS_SPACE_OWNER_BIT 0x4
239 #define STA_OWNS_WORKING_SET_BITS 0x1F8
240
241 //
242 // Kernel Process flags (maybe in ketypes.h?)
243 //
244 #define KPSF_AUTO_ALIGNMENT_BIT 0
245 #define KPSF_DISABLE_BOOST_BIT 1
246
247 //
248 // Process Flags
249 //
250 #define PSF_CREATE_REPORTED_BIT 0x1
251 #define PSF_NO_DEBUG_INHERIT_BIT 0x2
252 #define PSF_PROCESS_EXITING_BIT 0x4
253 #define PSF_PROCESS_DELETE_BIT 0x8
254 #define PSF_WOW64_SPLIT_PAGES_BIT 0x10
255 #define PSF_VM_DELETED_BIT 0x20
256 #define PSF_OUTSWAP_ENABLED_BIT 0x40
257 #define PSF_OUTSWAPPED_BIT 0x80
258 #define PSF_FORK_FAILED_BIT 0x100
259 #define PSF_WOW64_VA_SPACE_4GB_BIT 0x200
260 #define PSF_ADDRESS_SPACE_INITIALIZED_BIT 0x400
261 #define PSF_SET_TIMER_RESOLUTION_BIT 0x1000
262 #define PSF_BREAK_ON_TERMINATION_BIT 0x2000
263 #define PSF_SESSION_CREATION_UNDERWAY_BIT 0x4000
264 #define PSF_WRITE_WATCH_BIT 0x8000
265 #define PSF_PROCESS_IN_SESSION_BIT 0x10000
266 #define PSF_OVERRIDE_ADDRESS_SPACE_BIT 0x20000
267 #define PSF_HAS_ADDRESS_SPACE_BIT 0x40000
268 #define PSF_LAUNCH_PREFETCHED_BIT 0x80000
269 #define PSF_INJECT_INPAGE_ERRORS_BIT 0x100000
270 #define PSF_VM_TOP_DOWN_BIT 0x200000
271 #define PSF_IMAGE_NOTIFY_DONE_BIT 0x400000
272 #define PSF_PDE_UPDATE_NEEDED_BIT 0x800000
273 #define PSF_VDM_ALLOWED_BIT 0x1000000
274 #define PSF_SWAP_ALLOWED_BIT 0x2000000
275 #define PSF_CREATE_FAILED_BIT 0x4000000
276 #define PSF_DEFAULT_IO_PRIORITY_BIT 0x8000000
277
278 //
279 // Vista Process Flags
280 //
281 #define PSF2_PROTECTED_BIT 0x800
282 #endif
283
284 //
285 // TLS/FLS Defines
286 //
287 #define TLS_EXPANSION_SLOTS 1024
288
289 #ifdef NTOS_MODE_USER
290 //
291 // Thread Native Base Priorities
292 //
293 #define LOW_PRIORITY 0
294 #define LOW_REALTIME_PRIORITY 16
295 #define HIGH_PRIORITY 31
296 #define MAXIMUM_PRIORITY 32
297
298 //
299 // Current Process/Thread built-in 'special' handles
300 //
301 #define NtCurrentProcess() ((HANDLE)(LONG_PTR)-1)
302 #define ZwCurrentProcess() NtCurrentProcess()
303 #define NtCurrentThread() ((HANDLE)(LONG_PTR)-2)
304 #define ZwCurrentThread() NtCurrentThread()
305
306 //
307 // Process/Thread/Job Information Classes for NtQueryInformationProcess/Thread/Job
308 //
309 typedef enum _PROCESSINFOCLASS
310 {
311 ProcessBasicInformation,
312 ProcessQuotaLimits,
313 ProcessIoCounters,
314 ProcessVmCounters,
315 ProcessTimes,
316 ProcessBasePriority,
317 ProcessRaisePriority,
318 ProcessDebugPort,
319 ProcessExceptionPort,
320 ProcessAccessToken,
321 ProcessLdtInformation,
322 ProcessLdtSize,
323 ProcessDefaultHardErrorMode,
324 ProcessIoPortHandlers,
325 ProcessPooledUsageAndLimits,
326 ProcessWorkingSetWatch,
327 ProcessUserModeIOPL,
328 ProcessEnableAlignmentFaultFixup,
329 ProcessPriorityClass,
330 ProcessWx86Information,
331 ProcessHandleCount,
332 ProcessAffinityMask,
333 ProcessPriorityBoost,
334 ProcessDeviceMap,
335 ProcessSessionInformation,
336 ProcessForegroundInformation,
337 ProcessWow64Information,
338 ProcessImageFileName,
339 ProcessLUIDDeviceMapsEnabled,
340 ProcessBreakOnTermination,
341 ProcessDebugObjectHandle,
342 ProcessDebugFlags,
343 ProcessHandleTracing,
344 ProcessIoPriority,
345 ProcessExecuteFlags,
346 ProcessTlsInformation,
347 ProcessCookie,
348 ProcessImageInformation,
349 ProcessCycleTime,
350 ProcessPagePriority,
351 ProcessInstrumentationCallback,
352 ProcessThreadStackAllocation,
353 ProcessWorkingSetWatchEx,
354 ProcessImageFileNameWin32,
355 ProcessImageFileMapping,
356 ProcessAffinityUpdateMode,
357 ProcessMemoryAllocationMode,
358 MaxProcessInfoClass
359 } PROCESSINFOCLASS;
360
361 typedef enum _THREADINFOCLASS
362 {
363 ThreadBasicInformation,
364 ThreadTimes,
365 ThreadPriority,
366 ThreadBasePriority,
367 ThreadAffinityMask,
368 ThreadImpersonationToken,
369 ThreadDescriptorTableEntry,
370 ThreadEnableAlignmentFaultFixup,
371 ThreadEventPair_Reusable,
372 ThreadQuerySetWin32StartAddress,
373 ThreadZeroTlsCell,
374 ThreadPerformanceCount,
375 ThreadAmILastThread,
376 ThreadIdealProcessor,
377 ThreadPriorityBoost,
378 ThreadSetTlsArrayAddress,
379 ThreadIsIoPending,
380 ThreadHideFromDebugger,
381 ThreadBreakOnTermination,
382 ThreadSwitchLegacyState,
383 ThreadIsTerminated,
384 ThreadLastSystemCall,
385 ThreadIoPriority,
386 ThreadCycleTime,
387 ThreadPagePriority,
388 ThreadActualBasePriority,
389 ThreadTebInformation,
390 ThreadCSwitchMon,
391 MaxThreadInfoClass
392 } THREADINFOCLASS;
393
394 #else
395
396 typedef enum _PSPROCESSPRIORITYMODE
397 {
398 PsProcessPriorityForeground,
399 PsProcessPriorityBackground,
400 PsProcessPrioritySpinning
401 } PSPROCESSPRIORITYMODE;
402
403 typedef enum _JOBOBJECTINFOCLASS
404 {
405 JobObjectBasicAccountingInformation = 1,
406 JobObjectBasicLimitInformation,
407 JobObjectBasicProcessIdList,
408 JobObjectBasicUIRestrictions,
409 JobObjectSecurityLimitInformation,
410 JobObjectEndOfJobTimeInformation,
411 JobObjectAssociateCompletionPortInformation,
412 JobObjectBasicAndIoAccountingInformation,
413 JobObjectExtendedLimitInformation,
414 JobObjectJobSetInformation,
415 MaxJobObjectInfoClass
416 } JOBOBJECTINFOCLASS;
417
418 //
419 // Power Event Events for Win32K Power Event Callback
420 //
421 typedef enum _PSPOWEREVENTTYPE
422 {
423 PsW32FullWake = 0,
424 PsW32EventCode = 1,
425 PsW32PowerPolicyChanged = 2,
426 PsW32SystemPowerState = 3,
427 PsW32SystemTime = 4,
428 PsW32DisplayState = 5,
429 PsW32CapabilitiesChanged = 6,
430 PsW32SetStateFailed = 7,
431 PsW32GdiOff = 8,
432 PsW32GdiOn = 9,
433 PsW32GdiPrepareResumeUI = 10,
434 PsW32GdiOffRequest = 11,
435 PsW32MonitorOff = 12,
436 } PSPOWEREVENTTYPE;
437
438 //
439 // Power State Tasks for Win32K Power State Callback
440 //
441 typedef enum _POWERSTATETASK
442 {
443 PowerState_BlockSessionSwitch = 0,
444 PowerState_Init = 1,
445 PowerState_QueryApps = 2,
446 PowerState_QueryServices = 3,
447 PowerState_QueryAppsFailed = 4,
448 PowerState_QueryServicesFailed = 5,
449 PowerState_SuspendApps = 6,
450 PowerState_SuspendServices = 7,
451 PowerState_ShowUI = 8,
452 PowerState_NotifyWL = 9,
453 PowerState_ResumeApps = 10,
454 PowerState_ResumeServices = 11,
455 PowerState_UnBlockSessionSwitch = 12,
456 PowerState_End = 13,
457 PowerState_BlockInput = 14,
458 PowerState_UnblockInput = 15,
459 } POWERSTATETASK;
460
461 //
462 // Win32K Job Callback Types
463 //
464 typedef enum _PSW32JOBCALLOUTTYPE
465 {
466 PsW32JobCalloutSetInformation = 0,
467 PsW32JobCalloutAddProcess = 1,
468 PsW32JobCalloutTerminate = 2,
469 } PSW32JOBCALLOUTTYPE;
470
471 //
472 // Win32K Thread Callback Types
473 //
474 typedef enum _PSW32THREADCALLOUTTYPE
475 {
476 PsW32ThreadCalloutInitialize,
477 PsW32ThreadCalloutExit,
478 } PSW32THREADCALLOUTTYPE;
479
480 //
481 // Declare empty structure definitions so that they may be referenced by
482 // routines before they are defined
483 //
484 struct _W32THREAD;
485 struct _W32PROCESS;
486 //struct _ETHREAD;
487 struct _WIN32_POWEREVENT_PARAMETERS;
488 struct _WIN32_POWERSTATE_PARAMETERS;
489 struct _WIN32_JOBCALLOUT_PARAMETERS;
490 struct _WIN32_OPENMETHOD_PARAMETERS;
491 struct _WIN32_OKAYTOCLOSEMETHOD_PARAMETERS;
492 struct _WIN32_CLOSEMETHOD_PARAMETERS;
493 struct _WIN32_DELETEMETHOD_PARAMETERS;
494 struct _WIN32_PARSEMETHOD_PARAMETERS;
495
496 //
497 // Win32K Process and Thread Callbacks
498 //
499 typedef
500 NTSTATUS
501 (NTAPI *PKWIN32_PROCESS_CALLOUT)(
502 _In_ struct _EPROCESS *Process,
503 _In_ BOOLEAN Create
504 );
505
506 typedef
507 NTSTATUS
508 (NTAPI *PKWIN32_THREAD_CALLOUT)(
509 _In_ struct _ETHREAD *Thread,
510 _In_ PSW32THREADCALLOUTTYPE Type
511 );
512
513 typedef
514 NTSTATUS
515 (NTAPI *PKWIN32_GLOBALATOMTABLE_CALLOUT)(
516 VOID
517 );
518
519 typedef
520 NTSTATUS
521 (NTAPI *PKWIN32_POWEREVENT_CALLOUT)(
522 _In_ struct _WIN32_POWEREVENT_PARAMETERS *Parameters
523 );
524
525 typedef
526 NTSTATUS
527 (NTAPI *PKWIN32_POWERSTATE_CALLOUT)(
528 _In_ struct _WIN32_POWERSTATE_PARAMETERS *Parameters
529 );
530
531 typedef
532 NTSTATUS
533 (NTAPI *PKWIN32_JOB_CALLOUT)(
534 _In_ struct _WIN32_JOBCALLOUT_PARAMETERS *Parameters
535 );
536
537 typedef
538 NTSTATUS
539 (NTAPI *PGDI_BATCHFLUSH_ROUTINE)(
540 VOID
541 );
542
543 typedef
544 NTSTATUS
545 (NTAPI *PKWIN32_OPENMETHOD_CALLOUT)(
546 _In_ struct _WIN32_OPENMETHOD_PARAMETERS *Parameters
547 );
548
549 typedef
550 NTSTATUS
551 (NTAPI *PKWIN32_OKTOCLOSEMETHOD_CALLOUT)(
552 _In_ struct _WIN32_OKAYTOCLOSEMETHOD_PARAMETERS *Parameters
553 );
554
555 typedef
556 NTSTATUS
557 (NTAPI *PKWIN32_CLOSEMETHOD_CALLOUT)(
558 _In_ struct _WIN32_CLOSEMETHOD_PARAMETERS *Parameters
559 );
560
561 typedef
562 NTSTATUS
563 (NTAPI *PKWIN32_DELETEMETHOD_CALLOUT)(
564 _In_ struct _WIN32_DELETEMETHOD_PARAMETERS *Parameters
565 );
566
567 typedef
568 NTSTATUS
569 (NTAPI *PKWIN32_PARSEMETHOD_CALLOUT)(
570 _In_ struct _WIN32_PARSEMETHOD_PARAMETERS *Parameters
571 );
572
573 typedef
574 NTSTATUS
575 (NTAPI *PKWIN32_SESSION_CALLOUT)(
576 _In_ PVOID Parameter
577 );
578
579 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
580 typedef
581 NTSTATUS
582 (NTAPI *PKWIN32_WIN32DATACOLLECTION_CALLOUT)(
583 _In_ struct _EPROCESS *Process,
584 _In_ PVOID Callback,
585 _In_ PVOID Context
586 );
587 #endif
588
589 //
590 // Lego Callback
591 //
592 typedef
593 VOID
594 (NTAPI *PLEGO_NOTIFY_ROUTINE)(
595 _In_ PKTHREAD Thread
596 );
597
598 #endif
599
600 typedef NTSTATUS
601 (NTAPI *PPOST_PROCESS_INIT_ROUTINE)(
602 VOID
603 );
604
605 //
606 // Descriptor Table Entry Definition
607 //
608 #if (_M_IX86)
609 #define _DESCRIPTOR_TABLE_ENTRY_DEFINED
610 typedef struct _DESCRIPTOR_TABLE_ENTRY
611 {
612 ULONG Selector;
613 LDT_ENTRY Descriptor;
614 } DESCRIPTOR_TABLE_ENTRY, *PDESCRIPTOR_TABLE_ENTRY;
615 #endif
616
617 //
618 // PEB Lock Routine
619 //
620 typedef VOID
621 (NTAPI *PPEBLOCKROUTINE)(
622 PVOID PebLock
623 );
624
625 //
626 // PEB Free Block Descriptor
627 //
628 typedef struct _PEB_FREE_BLOCK
629 {
630 struct _PEB_FREE_BLOCK* Next;
631 ULONG Size;
632 } PEB_FREE_BLOCK, *PPEB_FREE_BLOCK;
633
634 //
635 // Initial PEB
636 //
637 typedef struct _INITIAL_PEB
638 {
639 BOOLEAN InheritedAddressSpace;
640 BOOLEAN ReadImageFileExecOptions;
641 BOOLEAN BeingDebugged;
642 union
643 {
644 BOOLEAN BitField;
645 #if (NTDDI_VERSION >= NTDDI_WS03)
646 struct
647 {
648 BOOLEAN ImageUsesLargePages:1;
649 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
650 BOOLEAN IsProtectedProcess:1;
651 BOOLEAN IsLegacyProcess:1;
652 BOOLEAN SpareBits:5;
653 #else
654 BOOLEAN SpareBits:7;
655 #endif
656 };
657 #else
658 BOOLEAN SpareBool;
659 #endif
660 };
661 HANDLE Mutant;
662 } INITIAL_PEB, *PINITIAL_PEB;
663
664 //
665 // Initial TEB
666 //
667 typedef struct _INITIAL_TEB
668 {
669 PVOID PreviousStackBase;
670 PVOID PreviousStackLimit;
671 PVOID StackBase;
672 PVOID StackLimit;
673 PVOID AllocatedStackBase;
674 } INITIAL_TEB, *PINITIAL_TEB;
675
676 //
677 // TEB Active Frame Structures
678 //
679 typedef struct _TEB_ACTIVE_FRAME_CONTEXT
680 {
681 ULONG Flags;
682 LPSTR FrameName;
683 } TEB_ACTIVE_FRAME_CONTEXT, *PTEB_ACTIVE_FRAME_CONTEXT;
684
685 typedef struct _TEB_ACTIVE_FRAME
686 {
687 ULONG Flags;
688 struct _TEB_ACTIVE_FRAME *Previous;
689 PTEB_ACTIVE_FRAME_CONTEXT Context;
690 } TEB_ACTIVE_FRAME, *PTEB_ACTIVE_FRAME;
691
692 typedef struct _CLIENT_ID32
693 {
694 ULONG UniqueProcess;
695 ULONG UniqueThread;
696 } CLIENT_ID32, *PCLIENT_ID32;
697
698 typedef struct _CLIENT_ID64
699 {
700 ULONG64 UniqueProcess;
701 ULONG64 UniqueThread;
702 } CLIENT_ID64, *PCLIENT_ID64;
703
704 #if (NTDDI_VERSION < NTDDI_WS03)
705 typedef struct _Wx86ThreadState
706 {
707 PULONG CallBx86Eip;
708 PVOID DeallocationCpu;
709 BOOLEAN UseKnownWx86Dll;
710 CHAR OleStubInvoked;
711 } Wx86ThreadState, *PWx86ThreadState;
712 #endif
713
714
715 //
716 // Process Environment Block (PEB)
717 // Thread Environment Block (TEB)
718 //
719 #include "peb_teb.h"
720
721 #ifdef _WIN64
722 //
723 // Explicit 32 bit PEB/TEB
724 //
725 #define EXPLICIT_32BIT
726 #include "peb_teb.h"
727 #undef EXPLICIT_32BIT
728
729 //
730 // Explicit 64 bit PEB/TEB
731 //
732 #define EXPLICIT_64BIT
733 #include "peb_teb.h"
734 #undef EXPLICIT_64BIT
735 #endif
736
737 #ifdef NTOS_MODE_USER
738
739 //
740 // Process Information Structures for NtQueryProcessInformation
741 //
742 typedef struct _PROCESS_BASIC_INFORMATION
743 {
744 NTSTATUS ExitStatus;
745 PPEB PebBaseAddress;
746 ULONG_PTR AffinityMask;
747 KPRIORITY BasePriority;
748 ULONG_PTR UniqueProcessId;
749 ULONG_PTR InheritedFromUniqueProcessId;
750 } PROCESS_BASIC_INFORMATION, *PPROCESS_BASIC_INFORMATION;
751
752 typedef struct _PROCESS_ACCESS_TOKEN
753 {
754 HANDLE Token;
755 HANDLE Thread;
756 } PROCESS_ACCESS_TOKEN, *PPROCESS_ACCESS_TOKEN;
757
758 typedef struct _PROCESS_DEVICEMAP_INFORMATION
759 {
760 union
761 {
762 struct
763 {
764 HANDLE DirectoryHandle;
765 } Set;
766 struct
767 {
768 ULONG DriveMap;
769 UCHAR DriveType[32];
770 } Query;
771 };
772 } PROCESS_DEVICEMAP_INFORMATION, *PPROCESS_DEVICEMAP_INFORMATION;
773
774 typedef struct _KERNEL_USER_TIMES
775 {
776 LARGE_INTEGER CreateTime;
777 LARGE_INTEGER ExitTime;
778 LARGE_INTEGER KernelTime;
779 LARGE_INTEGER UserTime;
780 } KERNEL_USER_TIMES, *PKERNEL_USER_TIMES;
781
782 typedef struct _POOLED_USAGE_AND_LIMITS
783 {
784 SIZE_T PeakPagedPoolUsage;
785 SIZE_T PagedPoolUsage;
786 SIZE_T PagedPoolLimit;
787 SIZE_T PeakNonPagedPoolUsage;
788 SIZE_T NonPagedPoolUsage;
789 SIZE_T NonPagedPoolLimit;
790 SIZE_T PeakPagefileUsage;
791 SIZE_T PagefileUsage;
792 SIZE_T PagefileLimit;
793 } POOLED_USAGE_AND_LIMITS, *PPOOLED_USAGE_AND_LIMITS;
794
795 typedef struct _PROCESS_SESSION_INFORMATION
796 {
797 ULONG SessionId;
798 } PROCESS_SESSION_INFORMATION, *PPROCESS_SESSION_INFORMATION;
799
800 #endif
801
802 typedef struct _PROCESS_PRIORITY_CLASS
803 {
804 BOOLEAN Foreground;
805 UCHAR PriorityClass;
806 } PROCESS_PRIORITY_CLASS, *PPROCESS_PRIORITY_CLASS;
807
808 typedef struct _PROCESS_FOREGROUND_BACKGROUND
809 {
810 BOOLEAN Foreground;
811 } PROCESS_FOREGROUND_BACKGROUND, *PPROCESS_FOREGROUND_BACKGROUND;
812
813 //
814 // Thread Information Structures for NtQueryProcessInformation
815 //
816 typedef struct _THREAD_BASIC_INFORMATION
817 {
818 NTSTATUS ExitStatus;
819 PVOID TebBaseAddress;
820 CLIENT_ID ClientId;
821 KAFFINITY AffinityMask;
822 KPRIORITY Priority;
823 KPRIORITY BasePriority;
824 } THREAD_BASIC_INFORMATION, *PTHREAD_BASIC_INFORMATION;
825
826 #ifndef NTOS_MODE_USER
827
828 //
829 // Job Set Array
830 //
831 typedef struct _JOB_SET_ARRAY
832 {
833 HANDLE JobHandle;
834 ULONG MemberLevel;
835 ULONG Flags;
836 } JOB_SET_ARRAY, *PJOB_SET_ARRAY;
837
838 //
839 // EPROCESS Quota Structures
840 //
841 typedef struct _EPROCESS_QUOTA_ENTRY
842 {
843 SIZE_T Usage;
844 SIZE_T Limit;
845 SIZE_T Peak;
846 SIZE_T Return;
847 } EPROCESS_QUOTA_ENTRY, *PEPROCESS_QUOTA_ENTRY;
848
849 typedef struct _EPROCESS_QUOTA_BLOCK
850 {
851 EPROCESS_QUOTA_ENTRY QuotaEntry[3];
852 LIST_ENTRY QuotaList;
853 ULONG ReferenceCount;
854 ULONG ProcessCount;
855 } EPROCESS_QUOTA_BLOCK, *PEPROCESS_QUOTA_BLOCK;
856
857 //
858 // Process Pagefault History
859 //
860 typedef struct _PAGEFAULT_HISTORY
861 {
862 ULONG CurrentIndex;
863 ULONG MapIndex;
864 KSPIN_LOCK SpinLock;
865 PVOID Reserved;
866 PROCESS_WS_WATCH_INFORMATION WatchInfo[1];
867 } PAGEFAULT_HISTORY, *PPAGEFAULT_HISTORY;
868
869 //
870 // Process Impersonation Information
871 //
872 typedef struct _PS_IMPERSONATION_INFORMATION
873 {
874 PACCESS_TOKEN Token;
875 BOOLEAN CopyOnOpen;
876 BOOLEAN EffectiveOnly;
877 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
878 } PS_IMPERSONATION_INFORMATION, *PPS_IMPERSONATION_INFORMATION;
879
880 //
881 // Process Termination Port
882 //
883 typedef struct _TERMINATION_PORT
884 {
885 struct _TERMINATION_PORT *Next;
886 PVOID Port;
887 } TERMINATION_PORT, *PTERMINATION_PORT;
888
889 //
890 // Per-Process APC Rate Limiting
891 //
892 typedef struct _PSP_RATE_APC
893 {
894 union
895 {
896 SINGLE_LIST_ENTRY NextApc;
897 ULONGLONG ExcessCycles;
898 };
899 ULONGLONG TargetGEneration;
900 KAPC RateApc;
901 } PSP_RATE_APC, *PPSP_RATE_APC;
902
903 //
904 // Executive Thread (ETHREAD)
905 //
906 typedef struct _ETHREAD
907 {
908 KTHREAD Tcb;
909 LARGE_INTEGER CreateTime;
910 union
911 {
912 LARGE_INTEGER ExitTime;
913 LIST_ENTRY LpcReplyChain;
914 LIST_ENTRY KeyedWaitChain;
915 };
916 union
917 {
918 NTSTATUS ExitStatus;
919 PVOID OfsChain;
920 };
921 LIST_ENTRY PostBlockList;
922 union
923 {
924 struct _TERMINATION_PORT *TerminationPort;
925 struct _ETHREAD *ReaperLink;
926 PVOID KeyedWaitValue;
927 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
928 PVOID Win32StartParameter;
929 #endif
930 };
931 KSPIN_LOCK ActiveTimerListLock;
932 LIST_ENTRY ActiveTimerListHead;
933 CLIENT_ID Cid;
934 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
935 KSEMAPHORE KeyedWaitSemaphore;
936 #else
937 union
938 {
939 KSEMAPHORE LpcReplySemaphore;
940 KSEMAPHORE KeyedWaitSemaphore;
941 };
942 union
943 {
944 PVOID LpcReplyMessage;
945 PVOID LpcWaitingOnPort;
946 };
947 #endif
948 PPS_IMPERSONATION_INFORMATION ImpersonationInfo;
949 LIST_ENTRY IrpList;
950 ULONG_PTR TopLevelIrp;
951 PDEVICE_OBJECT DeviceToVerify;
952 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
953 PPSP_RATE_APC RateControlApc;
954 #else
955 struct _EPROCESS *ThreadsProcess;
956 #endif
957 PVOID Win32StartAddress;
958 union
959 {
960 PKSTART_ROUTINE StartAddress;
961 ULONG LpcReceivedMessageId;
962 };
963 LIST_ENTRY ThreadListEntry;
964 EX_RUNDOWN_REF RundownProtect;
965 EX_PUSH_LOCK ThreadLock;
966 #if (NTDDI_VERSION < NTDDI_LONGHORN)
967 ULONG LpcReplyMessageId;
968 #endif
969 ULONG ReadClusterSize;
970 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
971 ULONG SpareUlong0;
972 #else
973 ACCESS_MASK GrantedAccess;
974 #endif
975 union
976 {
977 struct
978 {
979 ULONG Terminated:1;
980 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
981 ULONG ThreadInserted:1;
982 #else
983 ULONG DeadThread:1;
984 #endif
985 ULONG HideFromDebugger:1;
986 ULONG ActiveImpersonationInfo:1;
987 ULONG SystemThread:1;
988 ULONG HardErrorsAreDisabled:1;
989 ULONG BreakOnTermination:1;
990 ULONG SkipCreationMsg:1;
991 ULONG SkipTerminationMsg:1;
992 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
993 ULONG CreateMsgSent:1;
994 ULONG ThreadIoPriority:3;
995 ULONG ThreadPagePriority:3;
996 ULONG PendingRatecontrol:1;
997 #endif
998 };
999 ULONG CrossThreadFlags;
1000 };
1001 union
1002 {
1003 struct
1004 {
1005 ULONG ActiveExWorker:1;
1006 ULONG ExWorkerCanWaitUser:1;
1007 ULONG MemoryMaker:1;
1008 ULONG KeyedEventInUse:1;
1009 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1010 ULONG RateApcState:2;
1011 #endif
1012 };
1013 ULONG SameThreadPassiveFlags;
1014 };
1015 union
1016 {
1017 struct
1018 {
1019 ULONG LpcReceivedMsgIdValid:1;
1020 ULONG LpcExitThreadCalled:1;
1021 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1022 ULONG Spare:1;
1023 #else
1024 ULONG AddressSpaceOwner:1;
1025 #endif
1026 ULONG OwnsProcessWorkingSetExclusive:1;
1027 ULONG OwnsProcessWorkingSetShared:1;
1028 ULONG OwnsSystemWorkingSetExclusive:1;
1029 ULONG OwnsSystemWorkingSetShared:1;
1030 ULONG OwnsSessionWorkingSetExclusive:1;
1031 ULONG OwnsSessionWorkingSetShared:1;
1032 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1033 ULONG SupressSymbolLoad:1;
1034 ULONG Spare1:3;
1035 ULONG PriorityRegionActive:4;
1036 #else
1037 ULONG ApcNeeded:1;
1038 #endif
1039 };
1040 ULONG SameThreadApcFlags;
1041 };
1042 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1043 UCHAR CacheManagerActive;
1044 #else
1045 UCHAR ForwardClusterOnly;
1046 #endif
1047 UCHAR DisablePageFaultClustering;
1048 UCHAR ActiveFaultCount;
1049 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1050 ULONG AlpcMessageId;
1051 union
1052 {
1053 PVOID AlpcMessage;
1054 ULONG AlpcReceiveAttributeSet;
1055 };
1056 LIST_ENTRY AlpcWaitListEntry;
1057 KSEMAPHORE AlpcWaitSemaphore;
1058 ULONG CacheManagerCount;
1059 #endif
1060 } ETHREAD;
1061
1062 //
1063 // Executive Process (EPROCESS)
1064 //
1065 typedef struct _EPROCESS
1066 {
1067 KPROCESS Pcb;
1068 EX_PUSH_LOCK ProcessLock;
1069 LARGE_INTEGER CreateTime;
1070 LARGE_INTEGER ExitTime;
1071 EX_RUNDOWN_REF RundownProtect;
1072 HANDLE UniqueProcessId;
1073 LIST_ENTRY ActiveProcessLinks;
1074 SIZE_T QuotaUsage[3]; /* 0=PagedPool, 1=NonPagedPool, 2=Pagefile */
1075 SIZE_T QuotaPeak[3]; /* ditto */
1076 SIZE_T CommitCharge;
1077 SIZE_T PeakVirtualSize;
1078 SIZE_T VirtualSize;
1079 LIST_ENTRY SessionProcessLinks;
1080 PVOID DebugPort;
1081 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1082 union
1083 {
1084 PVOID ExceptionPortData;
1085 ULONG ExceptionPortValue;
1086 UCHAR ExceptionPortState:3;
1087 };
1088 #else
1089 PVOID ExceptionPort;
1090 #endif
1091 PHANDLE_TABLE ObjectTable;
1092 EX_FAST_REF Token;
1093 PFN_NUMBER WorkingSetPage;
1094 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1095 EX_PUSH_LOCK AddressCreationLock;
1096 PETHREAD RotateInProgress;
1097 #else
1098 KGUARDED_MUTEX AddressCreationLock;
1099 KSPIN_LOCK HyperSpaceLock;
1100 #endif
1101 PETHREAD ForkInProgress;
1102 ULONG_PTR HardwareTrigger;
1103 PMM_AVL_TABLE PhysicalVadRoot;
1104 PVOID CloneRoot;
1105 PFN_NUMBER NumberOfPrivatePages;
1106 PFN_NUMBER NumberOfLockedPages;
1107 PVOID *Win32Process;
1108 struct _EJOB *Job;
1109 PVOID SectionObject;
1110 PVOID SectionBaseAddress;
1111 PEPROCESS_QUOTA_BLOCK QuotaBlock;
1112 PPAGEFAULT_HISTORY WorkingSetWatch;
1113 PVOID Win32WindowStation;
1114 HANDLE InheritedFromUniqueProcessId;
1115 PVOID LdtInformation;
1116 PVOID VadFreeHint;
1117 PVOID VdmObjects;
1118 PVOID DeviceMap;
1119 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1120 PVOID EtwDataSource;
1121 PVOID FreeTebHint;
1122 #else
1123 PVOID Spare0[3];
1124 #endif
1125 union
1126 {
1127 HARDWARE_PTE PageDirectoryPte;
1128 ULONGLONG Filler;
1129 };
1130 PVOID Session;
1131 CHAR ImageFileName[16];
1132 LIST_ENTRY JobLinks;
1133 PVOID LockedPagesList;
1134 LIST_ENTRY ThreadListHead;
1135 PVOID SecurityPort;
1136 #ifdef _M_AMD64
1137 struct _WOW64_PROCESS *Wow64Process;
1138 #else
1139 PVOID PaeTop;
1140 #endif
1141 ULONG ActiveThreads;
1142 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1143 ULONG ImagePathHash;
1144 #else
1145 ACCESS_MASK GrantedAccess;
1146 #endif
1147 ULONG DefaultHardErrorProcessing;
1148 NTSTATUS LastThreadExitStatus;
1149 struct _PEB* Peb;
1150 EX_FAST_REF PrefetchTrace;
1151 LARGE_INTEGER ReadOperationCount;
1152 LARGE_INTEGER WriteOperationCount;
1153 LARGE_INTEGER OtherOperationCount;
1154 LARGE_INTEGER ReadTransferCount;
1155 LARGE_INTEGER WriteTransferCount;
1156 LARGE_INTEGER OtherTransferCount;
1157 SIZE_T CommitChargeLimit;
1158 SIZE_T CommitChargePeak;
1159 PVOID AweInfo;
1160 SE_AUDIT_PROCESS_CREATION_INFO SeAuditProcessCreationInfo;
1161 MMSUPPORT Vm;
1162 #ifdef _M_AMD64
1163 ULONG Spares[2];
1164 #else
1165 LIST_ENTRY MmProcessLinks;
1166 #endif
1167 ULONG ModifiedPageCount;
1168 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1169 union
1170 {
1171 struct
1172 {
1173 ULONG JobNotReallyActive:1;
1174 ULONG AccountingFolded:1;
1175 ULONG NewProcessReported:1;
1176 ULONG ExitProcessReported:1;
1177 ULONG ReportCommitChanges:1;
1178 ULONG LastReportMemory:1;
1179 ULONG ReportPhysicalPageChanges:1;
1180 ULONG HandleTableRundown:1;
1181 ULONG NeedsHandleRundown:1;
1182 ULONG RefTraceEnabled:1;
1183 ULONG NumaAware:1;
1184 ULONG ProtectedProcess:1;
1185 ULONG DefaultPagePriority:3;
1186 ULONG ProcessDeleteSelf:1;
1187 ULONG ProcessVerifierTarget:1;
1188 };
1189 ULONG Flags2;
1190 };
1191 #else
1192 ULONG JobStatus;
1193 #endif
1194 union
1195 {
1196 struct
1197 {
1198 ULONG CreateReported:1;
1199 ULONG NoDebugInherit:1;
1200 ULONG ProcessExiting:1;
1201 ULONG ProcessDelete:1;
1202 ULONG Wow64SplitPages:1;
1203 ULONG VmDeleted:1;
1204 ULONG OutswapEnabled:1;
1205 ULONG Outswapped:1;
1206 ULONG ForkFailed:1;
1207 ULONG Wow64VaSpace4Gb:1;
1208 ULONG AddressSpaceInitialized:2;
1209 ULONG SetTimerResolution:1;
1210 ULONG BreakOnTermination:1;
1211 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1212 ULONG DeprioritizeViews:1;
1213 #else
1214 ULONG SessionCreationUnderway:1;
1215 #endif
1216 ULONG WriteWatch:1;
1217 ULONG ProcessInSession:1;
1218 ULONG OverrideAddressSpace:1;
1219 ULONG HasAddressSpace:1;
1220 ULONG LaunchPrefetched:1;
1221 ULONG InjectInpageErrors:1;
1222 ULONG VmTopDown:1;
1223 ULONG ImageNotifyDone:1;
1224 ULONG PdeUpdateNeeded:1;
1225 ULONG VdmAllowed:1;
1226 ULONG SmapAllowed:1;
1227 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1228 ULONG ProcessInserted:1;
1229 #else
1230 ULONG CreateFailed:1;
1231 #endif
1232 ULONG DefaultIoPriority:3;
1233 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1234 ULONG SparePsFlags1:2;
1235 #else
1236 ULONG Spare1:1;
1237 ULONG Spare2:1;
1238 #endif
1239 };
1240 ULONG Flags;
1241 };
1242 NTSTATUS ExitStatus;
1243 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1244 USHORT Spare7;
1245 #else
1246 USHORT NextPageColor;
1247 #endif
1248 union
1249 {
1250 struct
1251 {
1252 UCHAR SubSystemMinorVersion;
1253 UCHAR SubSystemMajorVersion;
1254 };
1255 USHORT SubSystemVersion;
1256 };
1257 UCHAR PriorityClass;
1258 MM_AVL_TABLE VadRoot;
1259 ULONG Cookie;
1260 } EPROCESS;
1261
1262 //
1263 // Job Token Filter Data
1264 //
1265 #include <pshpack1.h>
1266 typedef struct _PS_JOB_TOKEN_FILTER
1267 {
1268 ULONG CapturedSidCount;
1269 PSID_AND_ATTRIBUTES CapturedSids;
1270 ULONG CapturedSidsLength;
1271 ULONG CapturedGroupCount;
1272 PSID_AND_ATTRIBUTES CapturedGroups;
1273 ULONG CapturedGroupsLength;
1274 ULONG CapturedPrivilegeCount;
1275 PLUID_AND_ATTRIBUTES CapturedPrivileges;
1276 ULONG CapturedPrivilegesLength;
1277 } PS_JOB_TOKEN_FILTER, *PPS_JOB_TOKEN_FILTER;
1278
1279 //
1280 // Executive Job (EJOB)
1281 //
1282 typedef struct _EJOB
1283 {
1284 KEVENT Event;
1285 LIST_ENTRY JobLinks;
1286 LIST_ENTRY ProcessListHead;
1287 ERESOURCE JobLock;
1288 LARGE_INTEGER TotalUserTime;
1289 LARGE_INTEGER TotalKernelTime;
1290 LARGE_INTEGER ThisPeriodTotalUserTime;
1291 LARGE_INTEGER ThisPeriodTotalKernelTime;
1292 ULONG TotalPageFaultCount;
1293 ULONG TotalProcesses;
1294 ULONG ActiveProcesses;
1295 ULONG TotalTerminatedProcesses;
1296 LARGE_INTEGER PerProcessUserTimeLimit;
1297 LARGE_INTEGER PerJobUserTimeLimit;
1298 ULONG LimitFlags;
1299 ULONG MinimumWorkingSetSize;
1300 ULONG MaximumWorkingSetSize;
1301 ULONG ActiveProcessLimit;
1302 ULONG Affinity;
1303 UCHAR PriorityClass;
1304 ULONG UIRestrictionsClass;
1305 ULONG SecurityLimitFlags;
1306 PVOID Token;
1307 PPS_JOB_TOKEN_FILTER Filter;
1308 ULONG EndOfJobTimeAction;
1309 PVOID CompletionPort;
1310 PVOID CompletionKey;
1311 ULONG SessionId;
1312 ULONG SchedulingClass;
1313 ULONGLONG ReadOperationCount;
1314 ULONGLONG WriteOperationCount;
1315 ULONGLONG OtherOperationCount;
1316 ULONGLONG ReadTransferCount;
1317 ULONGLONG WriteTransferCount;
1318 ULONGLONG OtherTransferCount;
1319 IO_COUNTERS IoInfo;
1320 ULONG ProcessMemoryLimit;
1321 ULONG JobMemoryLimit;
1322 ULONG PeakProcessMemoryUsed;
1323 ULONG PeakJobMemoryUsed;
1324 ULONG CurrentJobMemoryUsed;
1325 #if (NTDDI_VERSION >= NTDDI_WINXP) && (NTDDI_VERSION < NTDDI_WS03)
1326 FAST_MUTEX MemoryLimitsLock;
1327 #elif (NTDDI_VERSION >= NTDDI_WS03) && (NTDDI_VERSION < NTDDI_LONGHORN)
1328 KGUARDED_MUTEX MemoryLimitsLock;
1329 #elif (NTDDI_VERSION >= NTDDI_LONGHORN)
1330 EX_PUSH_LOCK MemoryLimitsLock;
1331 #endif
1332 LIST_ENTRY JobSetLinks;
1333 ULONG MemberLevel;
1334 ULONG JobFlags;
1335 } EJOB, *PEJOB;
1336 #include <poppack.h>
1337
1338 //
1339 // Win32K Callback Registration Data
1340 //
1341 typedef struct _WIN32_POWEREVENT_PARAMETERS
1342 {
1343 PSPOWEREVENTTYPE EventNumber;
1344 ULONG Code;
1345 } WIN32_POWEREVENT_PARAMETERS, *PWIN32_POWEREVENT_PARAMETERS;
1346
1347 typedef struct _WIN32_POWERSTATE_PARAMETERS
1348 {
1349 UCHAR Promotion;
1350 POWER_ACTION SystemAction;
1351 SYSTEM_POWER_STATE MinSystemState;
1352 ULONG Flags;
1353 POWERSTATETASK PowerStateTask;
1354 } WIN32_POWERSTATE_PARAMETERS, *PWIN32_POWERSTATE_PARAMETERS;
1355
1356 typedef struct _WIN32_JOBCALLOUT_PARAMETERS
1357 {
1358 PVOID Job;
1359 PSW32JOBCALLOUTTYPE CalloutType;
1360 PVOID Data;
1361 } WIN32_JOBCALLOUT_PARAMETERS, *PWIN32_JOBCALLOUT_PARAMETERS;
1362
1363 typedef struct _WIN32_OPENMETHOD_PARAMETERS
1364 {
1365 OB_OPEN_REASON OpenReason;
1366 PEPROCESS Process;
1367 PVOID Object;
1368 ULONG GrantedAccess;
1369 ULONG HandleCount;
1370 } WIN32_OPENMETHOD_PARAMETERS, *PWIN32_OPENMETHOD_PARAMETERS;
1371
1372 typedef struct _WIN32_OKAYTOCLOSEMETHOD_PARAMETERS
1373 {
1374 PEPROCESS Process;
1375 PVOID Object;
1376 HANDLE Handle;
1377 KPROCESSOR_MODE PreviousMode;
1378 } WIN32_OKAYTOCLOSEMETHOD_PARAMETERS, *PWIN32_OKAYTOCLOSEMETHOD_PARAMETERS;
1379
1380 typedef struct _WIN32_CLOSEMETHOD_PARAMETERS
1381 {
1382 PEPROCESS Process;
1383 PVOID Object;
1384 ACCESS_MASK AccessMask;
1385 ULONG ProcessHandleCount;
1386 ULONG SystemHandleCount;
1387 } WIN32_CLOSEMETHOD_PARAMETERS, *PWIN32_CLOSEMETHOD_PARAMETERS;
1388
1389 typedef struct _WIN32_DELETEMETHOD_PARAMETERS
1390 {
1391 PVOID Object;
1392 } WIN32_DELETEMETHOD_PARAMETERS, *PWIN32_DELETEMETHOD_PARAMETERS;
1393
1394 typedef struct _WIN32_PARSEMETHOD_PARAMETERS
1395 {
1396 PVOID ParseObject;
1397 PVOID ObjectType;
1398 PACCESS_STATE AccessState;
1399 KPROCESSOR_MODE AccessMode;
1400 ULONG Attributes;
1401 _Out_ PUNICODE_STRING CompleteName;
1402 PUNICODE_STRING RemainingName;
1403 PVOID Context;
1404 PSECURITY_QUALITY_OF_SERVICE SecurityQos;
1405 PVOID *Object;
1406 } WIN32_PARSEMETHOD_PARAMETERS, *PWIN32_PARSEMETHOD_PARAMETERS;
1407
1408 typedef struct _WIN32_CALLOUTS_FPNS
1409 {
1410 PKWIN32_PROCESS_CALLOUT ProcessCallout;
1411 PKWIN32_THREAD_CALLOUT ThreadCallout;
1412 PKWIN32_GLOBALATOMTABLE_CALLOUT GlobalAtomTableCallout;
1413 PKWIN32_POWEREVENT_CALLOUT PowerEventCallout;
1414 PKWIN32_POWERSTATE_CALLOUT PowerStateCallout;
1415 PKWIN32_JOB_CALLOUT JobCallout;
1416 PGDI_BATCHFLUSH_ROUTINE BatchFlushRoutine;
1417 PKWIN32_SESSION_CALLOUT DesktopOpenProcedure;
1418 PKWIN32_SESSION_CALLOUT DesktopOkToCloseProcedure;
1419 PKWIN32_SESSION_CALLOUT DesktopCloseProcedure;
1420 PKWIN32_SESSION_CALLOUT DesktopDeleteProcedure;
1421 PKWIN32_SESSION_CALLOUT WindowStationOkToCloseProcedure;
1422 PKWIN32_SESSION_CALLOUT WindowStationCloseProcedure;
1423 PKWIN32_SESSION_CALLOUT WindowStationDeleteProcedure;
1424 PKWIN32_SESSION_CALLOUT WindowStationParseProcedure;
1425 PKWIN32_SESSION_CALLOUT WindowStationOpenProcedure;
1426 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1427 PKWIN32_WIN32DATACOLLECTION_CALLOUT Win32DataCollectionProcedure;
1428 #endif
1429 } WIN32_CALLOUTS_FPNS, *PWIN32_CALLOUTS_FPNS;
1430
1431 #endif // !NTOS_MODE_USER
1432
1433 #ifdef __cplusplus
1434 }; // extern "C"
1435 #endif
1436
1437 #endif // _PSTYPES_H