projects / reactos.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
[COMMENT] Document array indices for EPROCESS.Quota* members.
[reactos.git] / reactos / include / ndk / pstypes.h
1 /*++ NDK Version: 0098
2
3 Copyright (c) Alex Ionescu. All rights reserved.
4
5 Header Name:
6
7 pstypes.h
8
9 Abstract:
10
11 Type definitions for the Process Manager
12
13 Author:
14
15 Alex Ionescu (alexi@tinykrnl.org) - Updated - 27-Feb-2006
16
17 --*/
18
19 #ifndef _PSTYPES_H
20 #define _PSTYPES_H
21
22 //
23 // Dependencies
24 //
25 #include <umtypes.h>
26 #include <ldrtypes.h>
27 #include <mmtypes.h>
28 #include <obtypes.h>
29 #ifndef NTOS_MODE_USER
30 #include <extypes.h>
31 #include <setypes.h>
32 #endif
33
34 //
35 // KUSER_SHARED_DATA location in User Mode
36 //
37 #define USER_SHARED_DATA (0x7FFE0000)
38
39 //
40 // Global Flags
41 //
42 #define FLG_STOP_ON_EXCEPTION 0x00000001
43 #define FLG_SHOW_LDR_SNAPS 0x00000002
44 #define FLG_DEBUG_INITIAL_COMMAND 0x00000004
45 #define FLG_STOP_ON_HUNG_GUI 0x00000008
46 #define FLG_HEAP_ENABLE_TAIL_CHECK 0x00000010
47 #define FLG_HEAP_ENABLE_FREE_CHECK 0x00000020
48 #define FLG_HEAP_VALIDATE_PARAMETERS 0x00000040
49 #define FLG_HEAP_VALIDATE_ALL 0x00000080
50 #define FLG_POOL_ENABLE_TAIL_CHECK 0x00000100
51 #define FLG_POOL_ENABLE_FREE_CHECK 0x00000200
52 #define FLG_POOL_ENABLE_TAGGING 0x00000400
53 #define FLG_HEAP_ENABLE_TAGGING 0x00000800
54 #define FLG_USER_STACK_TRACE_DB 0x00001000
55 #define FLG_KERNEL_STACK_TRACE_DB 0x00002000
56 #define FLG_MAINTAIN_OBJECT_TYPELIST 0x00004000
57 #define FLG_HEAP_ENABLE_TAG_BY_DLL 0x00008000
58 #define FLG_IGNORE_DEBUG_PRIV 0x00010000
59 #define FLG_ENABLE_CSRDEBUG 0x00020000
60 #define FLG_ENABLE_KDEBUG_SYMBOL_LOAD 0x00040000
61 #define FLG_DISABLE_PAGE_KERNEL_STACKS 0x00080000
62 #define FLG_HEAP_ENABLE_CALL_TRACING 0x00100000
63 #define FLG_HEAP_DISABLE_COALESCING 0x00200000
64 #define FLG_ENABLE_CLOSE_EXCEPTIONS 0x00400000
65 #define FLG_ENABLE_EXCEPTION_LOGGING 0x00800000
66 #define FLG_ENABLE_HANDLE_TYPE_TAGGING 0x01000000
67 #define FLG_HEAP_PAGE_ALLOCS 0x02000000
68 #define FLG_DEBUG_INITIAL_COMMAND_EX 0x04000000
69 #define FLG_VALID_BITS 0x07FFFFFF
70
71 //
72 // Process priority classes
73 //
74 #define PROCESS_PRIORITY_CLASS_INVALID 0
75 #define PROCESS_PRIORITY_CLASS_IDLE 1
76 #define PROCESS_PRIORITY_CLASS_NORMAL 2
77 #define PROCESS_PRIORITY_CLASS_HIGH 3
78 #define PROCESS_PRIORITY_CLASS_REALTIME 4
79 #define PROCESS_PRIORITY_CLASS_BELOW_NORMAL 5
80 #define PROCESS_PRIORITY_CLASS_ABOVE_NORMAL 6
81
82 //
83 // NtCreateProcessEx flags
84 //
85 #define PS_REQUEST_BREAKAWAY 1
86 #define PS_NO_DEBUG_INHERIT 2
87 #define PS_INHERIT_HANDLES 4
88 #define PS_LARGE_PAGES 8
89 #define PS_ALL_FLAGS (PS_REQUEST_BREAKAWAY | \
90 PS_NO_DEBUG_INHERIT | \
91 PS_INHERIT_HANDLES | \
92 PS_LARGE_PAGES)
93
94 //
95 // Process base priorities
96 //
97 #define PROCESS_PRIORITY_IDLE 3
98 #define PROCESS_PRIORITY_NORMAL 8
99 #define PROCESS_PRIORITY_NORMAL_FOREGROUND 9
100
101 //
102 // Process memory priorities
103 //
104 #define MEMORY_PRIORITY_BACKGROUND 0
105 #define MEMORY_PRIORITY_UNKNOWN 1
106 #define MEMORY_PRIORITY_FOREGROUND 2
107
108 //
109 // Process Priority Separation Values (OR)
110 //
111 #define PSP_VARIABLE_QUANTUMS 4
112 #define PSP_LONG_QUANTUMS 16
113
114 #ifndef NTOS_MODE_USER
115
116 //
117 // Thread Access Types
118 //
119 #define THREAD_QUERY_INFORMATION 0x0040
120 #define THREAD_SET_THREAD_TOKEN 0x0080
121 #define THREAD_IMPERSONATE 0x0100
122 #define THREAD_DIRECT_IMPERSONATION 0x0200
123
124 //
125 // Process Access Types
126 //
127 #define PROCESS_TERMINATE 0x0001
128 #define PROCESS_CREATE_THREAD 0x0002
129 #define PROCESS_SET_SESSIONID 0x0004
130 #define PROCESS_VM_OPERATION 0x0008
131 #define PROCESS_VM_READ 0x0010
132 #define PROCESS_VM_WRITE 0x0020
133 #define PROCESS_CREATE_PROCESS 0x0080
134 #define PROCESS_SET_QUOTA 0x0100
135 #define PROCESS_SET_INFORMATION 0x0200
136 #define PROCESS_QUERY_INFORMATION 0x0400
137 #define PROCESS_SUSPEND_RESUME 0x0800
138 #define PROCESS_QUERY_LIMITED_INFORMATION 0x1000
139 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
140 #define PROCESS_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | \
141 SYNCHRONIZE | \
142 0xFFFF)
143 #else
144 #define PROCESS_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | \
145 SYNCHRONIZE | \
146 0xFFF)
147
148 //
149 // Thread Base Priorities
150 //
151 #define THREAD_BASE_PRIORITY_LOWRT 15
152 #define THREAD_BASE_PRIORITY_MAX 2
153 #define THREAD_BASE_PRIORITY_MIN -2
154 #define THREAD_BASE_PRIORITY_IDLE -15
155
156 //
157 // TLS Slots
158 //
159 #define TLS_MINIMUM_AVAILABLE 64
160 #endif
161
162 //
163 // Job Access Types
164 //
165 #define JOB_OBJECT_ASSIGN_PROCESS 0x1
166 #define JOB_OBJECT_SET_ATTRIBUTES 0x2
167 #define JOB_OBJECT_QUERY 0x4
168 #define JOB_OBJECT_TERMINATE 0x8
169 #define JOB_OBJECT_SET_SECURITY_ATTRIBUTES 0x10
170 #define JOB_OBJECT_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | \
171 SYNCHRONIZE | \
172 31)
173
174 //
175 // Cross Thread Flags
176 //
177 #define CT_TERMINATED_BIT 0x1
178 #define CT_DEAD_THREAD_BIT 0x2
179 #define CT_HIDE_FROM_DEBUGGER_BIT 0x4
180 #define CT_ACTIVE_IMPERSONATION_INFO_BIT 0x8
181 #define CT_SYSTEM_THREAD_BIT 0x10
182 #define CT_HARD_ERRORS_ARE_DISABLED_BIT 0x20
183 #define CT_BREAK_ON_TERMINATION_BIT 0x40
184 #define CT_SKIP_CREATION_MSG_BIT 0x80
185 #define CT_SKIP_TERMINATION_MSG_BIT 0x100
186
187 //
188 // Same Thread Passive Flags
189 //
190 #define STP_ACTIVE_EX_WORKER_BIT 0x1
191 #define STP_EX_WORKER_CAN_WAIT_USER_BIT 0x2
192 #define STP_MEMORY_MAKER_BIT 0x4
193 #define STP_KEYED_EVENT_IN_USE_BIT 0x8
194
195 //
196 // Same Thread APC Flags
197 //
198 #define STA_LPC_RECEIVED_MSG_ID_VALID_BIT 0x1
199 #define STA_LPC_EXIT_THREAD_CALLED_BIT 0x2
200 #define STA_ADDRESS_SPACE_OWNER_BIT 0x4
201 #define STA_OWNS_WORKING_SET_BITS 0x1F8
202 #endif
203
204 #define TLS_EXPANSION_SLOTS 1024
205 //
206 // Process Flags
207 //
208 #define PSF_CREATE_REPORTED_BIT 0x1
209 #define PSF_NO_DEBUG_INHERIT_BIT 0x2
210 #define PSF_PROCESS_EXITING_BIT 0x4
211 #define PSF_PROCESS_DELETE_BIT 0x8
212 #define PSF_WOW64_SPLIT_PAGES_BIT 0x10
213 #define PSF_VM_DELETED_BIT 0x20
214 #define PSF_OUTSWAP_ENABLED_BIT 0x40
215 #define PSF_OUTSWAPPED_BIT 0x80
216 #define PSF_FORK_FAILED_BIT 0x100
217 #define PSF_WOW64_VA_SPACE_4GB_BIT 0x200
218 #define PSF_ADDRESS_SPACE_INITIALIZED_BIT 0x400
219 #define PSF_SET_TIMER_RESOLUTION_BIT 0x1000
220 #define PSF_BREAK_ON_TERMINATION_BIT 0x2000
221 #define PSF_SESSION_CREATION_UNDERWAY_BIT 0x4000
222 #define PSF_WRITE_WATCH_BIT 0x8000
223 #define PSF_PROCESS_IN_SESSION_BIT 0x10000
224 #define PSF_OVERRIDE_ADDRESS_SPACE_BIT 0x20000
225 #define PSF_HAS_ADDRESS_SPACE_BIT 0x40000
226 #define PSF_LAUNCH_PREFETCHED_BIT 0x80000
227 #define PSF_INJECT_INPAGE_ERRORS_BIT 0x100000
228 #define PSF_VM_TOP_DOWN_BIT 0x200000
229 #define PSF_IMAGE_NOTIFY_DONE_BIT 0x400000
230 #define PSF_PDE_UPDATE_NEEDED_BIT 0x800000
231 #define PSF_VDM_ALLOWED_BIT 0x1000000
232 #define PSF_SWAP_ALLOWED_BIT 0x2000000
233 #define PSF_CREATE_FAILED_BIT 0x4000000
234 #define PSF_DEFAULT_IO_PRIORITY_BIT 0x8000000
235
236 //
237 // Vista Process Flags
238 //
239 #define PSF2_PROTECTED_BIT 0x800
240
241 #ifdef NTOS_MODE_USER
242 //
243 // Current Process/Thread built-in 'special' handles
244 //
245 #define NtCurrentProcess() ((HANDLE)(LONG_PTR)-1)
246 #define ZwCurrentProcess() NtCurrentProcess()
247 #define NtCurrentThread() ((HANDLE)(LONG_PTR)-2)
248 #define ZwCurrentThread() NtCurrentThread()
249
250 //
251 // Process/Thread/Job Information Classes for NtQueryInformationProcess/Thread/Job
252 //
253 typedef enum _PROCESSINFOCLASS
254 {
255 ProcessBasicInformation,
256 ProcessQuotaLimits,
257 ProcessIoCounters,
258 ProcessVmCounters,
259 ProcessTimes,
260 ProcessBasePriority,
261 ProcessRaisePriority,
262 ProcessDebugPort,
263 ProcessExceptionPort,
264 ProcessAccessToken,
265 ProcessLdtInformation,
266 ProcessLdtSize,
267 ProcessDefaultHardErrorMode,
268 ProcessIoPortHandlers,
269 ProcessPooledUsageAndLimits,
270 ProcessWorkingSetWatch,
271 ProcessUserModeIOPL,
272 ProcessEnableAlignmentFaultFixup,
273 ProcessPriorityClass,
274 ProcessWx86Information,
275 ProcessHandleCount,
276 ProcessAffinityMask,
277 ProcessPriorityBoost,
278 ProcessDeviceMap,
279 ProcessSessionInformation,
280 ProcessForegroundInformation,
281 ProcessWow64Information,
282 ProcessImageFileName,
283 ProcessLUIDDeviceMapsEnabled,
284 ProcessBreakOnTermination,
285 ProcessDebugObjectHandle,
286 ProcessDebugFlags,
287 ProcessHandleTracing,
288 ProcessIoPriority,
289 ProcessExecuteFlags,
290 ProcessTlsInformation,
291 ProcessCookie,
292 ProcessImageInformation,
293 ProcessCycleTime,
294 ProcessPagePriority,
295 ProcessInstrumentationCallback,
296 MaxProcessInfoClass
297 } PROCESSINFOCLASS;
298
299 typedef enum _THREADINFOCLASS
300 {
301 ThreadBasicInformation,
302 ThreadTimes,
303 ThreadPriority,
304 ThreadBasePriority,
305 ThreadAffinityMask,
306 ThreadImpersonationToken,
307 ThreadDescriptorTableEntry,
308 ThreadEnableAlignmentFaultFixup,
309 ThreadEventPair_Reusable,
310 ThreadQuerySetWin32StartAddress,
311 ThreadZeroTlsCell,
312 ThreadPerformanceCount,
313 ThreadAmILastThread,
314 ThreadIdealProcessor,
315 ThreadPriorityBoost,
316 ThreadSetTlsArrayAddress,
317 ThreadIsIoPending,
318 ThreadHideFromDebugger,
319 ThreadBreakOnTermination,
320 ThreadSwitchLegacyState,
321 ThreadIsTerminated,
322 ThreadLastSystemCall,
323 ThreadIoPriority,
324 ThreadCycleTime,
325 ThreadPagePriority,
326 ThreadActualBasePriority,
327 ThreadTebInformation,
328 ThreadCSwitchMon,
329 MaxThreadInfoClass
330 } THREADINFOCLASS;
331
332 #else
333
334 typedef enum _PSPROCESSPRIORITYMODE
335 {
336 PsProcessPriorityForeground,
337 PsProcessPriorityBackground,
338 PsProcessPrioritySpinning
339 } PSPROCESSPRIORITYMODE;
340
341 typedef enum _JOBOBJECTINFOCLASS
342 {
343 JobObjectBasicAccountingInformation = 1,
344 JobObjectBasicLimitInformation,
345 JobObjectBasicProcessIdList,
346 JobObjectBasicUIRestrictions,
347 JobObjectSecurityLimitInformation,
348 JobObjectEndOfJobTimeInformation,
349 JobObjectAssociateCompletionPortInformation,
350 JobObjectBasicAndIoAccountingInformation,
351 JobObjectExtendedLimitInformation,
352 JobObjectJobSetInformation,
353 MaxJobObjectInfoClass
354 } JOBOBJECTINFOCLASS;
355
356 //
357 // Power Event Events for Win32K Power Event Callback
358 //
359 typedef enum _PSPOWEREVENTTYPE
360 {
361 PsW32FullWake = 0,
362 PsW32EventCode = 1,
363 PsW32PowerPolicyChanged = 2,
364 PsW32SystemPowerState = 3,
365 PsW32SystemTime = 4,
366 PsW32DisplayState = 5,
367 PsW32CapabilitiesChanged = 6,
368 PsW32SetStateFailed = 7,
369 PsW32GdiOff = 8,
370 PsW32GdiOn = 9,
371 PsW32GdiPrepareResumeUI = 10,
372 PsW32GdiOffRequest = 11,
373 PsW32MonitorOff = 12,
374 } PSPOWEREVENTTYPE;
375
376 //
377 // Power State Tasks for Win32K Power State Callback
378 //
379 typedef enum _POWERSTATETASK
380 {
381 PowerState_BlockSessionSwitch = 0,
382 PowerState_Init = 1,
383 PowerState_QueryApps = 2,
384 PowerState_QueryServices = 3,
385 PowerState_QueryAppsFailed = 4,
386 PowerState_QueryServicesFailed = 5,
387 PowerState_SuspendApps = 6,
388 PowerState_SuspendServices = 7,
389 PowerState_ShowUI = 8,
390 PowerState_NotifyWL = 9,
391 PowerState_ResumeApps = 10,
392 PowerState_ResumeServices = 11,
393 PowerState_UnBlockSessionSwitch = 12,
394 PowerState_End = 13,
395 PowerState_BlockInput = 14,
396 PowerState_UnblockInput = 15,
397 } POWERSTATETASK;
398
399 //
400 // Win32K Job Callback Types
401 //
402 typedef enum _PSW32JOBCALLOUTTYPE
403 {
404 PsW32JobCalloutSetInformation = 0,
405 PsW32JobCalloutAddProcess = 1,
406 PsW32JobCalloutTerminate = 2,
407 } PSW32JOBCALLOUTTYPE;
408
409 //
410 // Win32K Thread Callback Types
411 //
412 typedef enum _PSW32THREADCALLOUTTYPE
413 {
414 PsW32ThreadCalloutInitialize,
415 PsW32ThreadCalloutExit,
416 } PSW32THREADCALLOUTTYPE;
417
418 //
419 // Declare empty structure definitions so that they may be referenced by
420 // routines before they are defined
421 //
422 struct _W32THREAD;
423 struct _W32PROCESS;
424 //struct _ETHREAD;
425 struct _WIN32_POWEREVENT_PARAMETERS;
426 struct _WIN32_POWERSTATE_PARAMETERS;
427 struct _WIN32_JOBCALLOUT_PARAMETERS;
428 struct _WIN32_OPENMETHOD_PARAMETERS;
429 struct _WIN32_OKAYTOCLOSEMETHOD_PARAMETERS;
430 struct _WIN32_CLOSEMETHOD_PARAMETERS;
431 struct _WIN32_DELETEMETHOD_PARAMETERS;
432 struct _WIN32_PARSEMETHOD_PARAMETERS;
433
434 //
435 // Win32K Process and Thread Callbacks
436 //
437 typedef
438 NTSTATUS
439 (NTAPI *PKWIN32_PROCESS_CALLOUT)(
440 struct _EPROCESS *Process,
441 BOOLEAN Create
442 );
443
444 typedef
445 NTSTATUS
446 (NTAPI *PKWIN32_THREAD_CALLOUT)(
447 struct _ETHREAD *Thread,
448 PSW32THREADCALLOUTTYPE Type
449 );
450
451 typedef
452 NTSTATUS
453 (NTAPI *PKWIN32_GLOBALATOMTABLE_CALLOUT)(
454 VOID
455 );
456
457 typedef
458 NTSTATUS
459 (NTAPI *PKWIN32_POWEREVENT_CALLOUT)(
460 struct _WIN32_POWEREVENT_PARAMETERS *Parameters
461 );
462
463 typedef
464 NTSTATUS
465 (NTAPI *PKWIN32_POWERSTATE_CALLOUT)(
466 struct _WIN32_POWERSTATE_PARAMETERS *Parameters
467 );
468
469 typedef
470 NTSTATUS
471 (NTAPI *PKWIN32_JOB_CALLOUT)(
472 struct _WIN32_JOBCALLOUT_PARAMETERS *Parameters
473 );
474
475 typedef
476 NTSTATUS
477 (NTAPI *PGDI_BATCHFLUSH_ROUTINE)(
478 VOID
479 );
480
481 typedef
482 NTSTATUS
483 (NTAPI *PKWIN32_OPENMETHOD_CALLOUT)(
484 struct _WIN32_OPENMETHOD_PARAMETERS *Parameters
485 );
486
487 typedef
488 NTSTATUS
489 (NTAPI *PKWIN32_OKTOCLOSEMETHOD_CALLOUT)(
490 struct _WIN32_OKAYTOCLOSEMETHOD_PARAMETERS *Parameters
491 );
492
493 typedef
494 NTSTATUS
495 (NTAPI *PKWIN32_CLOSEMETHOD_CALLOUT)(
496 struct _WIN32_CLOSEMETHOD_PARAMETERS *Parameters
497 );
498
499 typedef
500 VOID
501 (NTAPI *PKWIN32_DELETEMETHOD_CALLOUT)(
502 struct _WIN32_DELETEMETHOD_PARAMETERS *Parameters
503 );
504
505 typedef
506 NTSTATUS
507 (NTAPI *PKWIN32_PARSEMETHOD_CALLOUT)(
508 struct _WIN32_PARSEMETHOD_PARAMETERS *Parameters
509 );
510
511 typedef
512 NTSTATUS
513 (NTAPI *PKWIN32_WIN32DATACOLLECTION_CALLOUT)(
514 struct _EPROCESS *Process,
515 PVOID Callback,
516 PVOID Context
517 );
518
519 //
520 // Lego Callback
521 //
522 typedef
523 VOID
524 (NTAPI *PLEGO_NOTIFY_ROUTINE)(
525 IN PKTHREAD Thread
526 );
527
528 #endif
529
530 typedef NTSTATUS
531 (NTAPI *PPOST_PROCESS_INIT_ROUTINE)(
532 VOID
533 );
534
535 //
536 // Descriptor Table Entry Definition
537 //
538 #define _DESCRIPTOR_TABLE_ENTRY_DEFINED
539 typedef struct _DESCRIPTOR_TABLE_ENTRY
540 {
541 ULONG Selector;
542 LDT_ENTRY Descriptor;
543 } DESCRIPTOR_TABLE_ENTRY, *PDESCRIPTOR_TABLE_ENTRY;
544
545 //
546 // PEB Lock Routine
547 //
548 typedef VOID
549 (NTAPI *PPEBLOCKROUTINE)(
550 PVOID PebLock
551 );
552
553 //
554 // PEB Free Block Descriptor
555 //
556 typedef struct _PEB_FREE_BLOCK
557 {
558 struct _PEB_FREE_BLOCK* Next;
559 ULONG Size;
560 } PEB_FREE_BLOCK, *PPEB_FREE_BLOCK;
561
562 //
563 // Process Environment Block (PEB)
564 //
565 typedef struct _PEB
566 {
567 UCHAR InheritedAddressSpace;
568 UCHAR ReadImageFileExecOptions;
569 UCHAR BeingDebugged;
570 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
571 struct
572 {
573 UCHAR ImageUsesLargePages:1;
574 UCHAR IsProtectedProcess:1;
575 UCHAR IsLegacyProcess:1;
576 UCHAR SpareBits:5;
577 };
578 #else
579 BOOLEAN SpareBool;
580 #endif
581 HANDLE Mutant;
582 PVOID ImageBaseAddress;
583 PPEB_LDR_DATA Ldr;
584 struct _RTL_USER_PROCESS_PARAMETERS *ProcessParameters;
585 PVOID SubSystemData;
586 PVOID ProcessHeap;
587 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
588 struct _RTL_CRITICAL_SECTION *FastPebLock;
589 PVOID AltThunkSListPtr;
590 PVOID IFEOKey;
591 ULONG Spare;
592 union
593 {
594 PVOID* KernelCallbackTable;
595 PVOID UserSharedInfoPtr;
596 };
597 ULONG SystemReserved[1];
598 ULONG SpareUlong;
599 #else
600 PVOID FastPebLock;
601 PPEBLOCKROUTINE FastPebLockRoutine;
602 PPEBLOCKROUTINE FastPebUnlockRoutine;
603 ULONG EnvironmentUpdateCount;
604 PVOID* KernelCallbackTable;
605 PVOID EventLogSection;
606 PVOID EventLog;
607 #endif
608 PPEB_FREE_BLOCK FreeList;
609 ULONG TlsExpansionCounter;
610 PVOID TlsBitmap;
611 ULONG TlsBitmapBits[0x2];
612 PVOID ReadOnlySharedMemoryBase;
613 PVOID ReadOnlySharedMemoryHeap;
614 PVOID* ReadOnlyStaticServerData;
615 PVOID AnsiCodePageData;
616 PVOID OemCodePageData;
617 PVOID UnicodeCaseTableData;
618 ULONG NumberOfProcessors;
619 ULONG NtGlobalFlag;
620 LARGE_INTEGER CriticalSectionTimeout;
621 ULONG HeapSegmentReserve;
622 ULONG HeapSegmentCommit;
623 ULONG HeapDeCommitTotalFreeThreshold;
624 ULONG HeapDeCommitFreeBlockThreshold;
625 ULONG NumberOfHeaps;
626 ULONG MaximumNumberOfHeaps;
627 PVOID* ProcessHeaps;
628 PVOID GdiSharedHandleTable;
629 PVOID ProcessStarterHelper;
630 PVOID GdiDCAttributeList;
631 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
632 struct _RTL_CRITICAL_SECTION *LoaderLock;
633 #else
634 PVOID LoaderLock;
635 #endif
636 ULONG OSMajorVersion;
637 ULONG OSMinorVersion;
638 USHORT OSBuildNumber;
639 USHORT OSCSDVersion;
640 ULONG OSPlatformId;
641 ULONG ImageSubSystem;
642 ULONG ImageSubSystemMajorVersion;
643 ULONG ImageSubSystemMinorVersion;
644 ULONG ImageProcessAffinityMask;
645 ULONG GdiHandleBuffer[0x22];
646 PPOST_PROCESS_INIT_ROUTINE PostProcessInitRoutine;
647 struct _RTL_BITMAP *TlsExpansionBitmap;
648 ULONG TlsExpansionBitmapBits[0x20];
649 ULONG SessionId;
650 #if (NTDDI_VERSION >= NTDDI_WINXP)
651 ULARGE_INTEGER AppCompatFlags;
652 ULARGE_INTEGER AppCompatFlagsUser;
653 PVOID pShimData;
654 PVOID AppCompatInfo;
655 UNICODE_STRING CSDVersion;
656 struct _ACTIVATION_CONTEXT_DATA *ActivationContextData;
657 struct _ASSEMBLY_STORAGE_MAP *ProcessAssemblyStorageMap;
658 struct _ACTIVATION_CONTEXT_DATA *SystemDefaultActivationContextData;
659 struct _ASSEMBLY_STORAGE_MAP *SystemAssemblyStorageMap;
660 ULONG MinimumStackCommit;
661 #endif
662 #if (NTDDI_VERSION >= NTDDI_WS03)
663 PVOID *FlsCallback;
664 LIST_ENTRY FlsListHead;
665 struct _RTL_BITMAP *FlsBitmap;
666 ULONG FlsBitmapBits[4];
667 ULONG FlsHighIndex;
668 #endif
669 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
670 PVOID WerRegistrationData;
671 PVOID WerShipAssertPtr;
672 #endif
673 } PEB, *PPEB;
674
675 //
676 // GDI Batch Descriptor
677 //
678 typedef struct _GDI_TEB_BATCH
679 {
680 ULONG Offset;
681 ULONG HDC;
682 ULONG Buffer[0x136];
683 } GDI_TEB_BATCH, *PGDI_TEB_BATCH;
684
685 //
686 // Initial TEB
687 //
688 typedef struct _INITIAL_TEB
689 {
690 PVOID PreviousStackBase;
691 PVOID PreviousStackLimit;
692 PVOID StackBase;
693 PVOID StackLimit;
694 PVOID AllocatedStackBase;
695 } INITIAL_TEB, *PINITIAL_TEB;
696
697 //
698 // TEB Active Frame Structures
699 //
700 typedef struct _TEB_ACTIVE_FRAME_CONTEXT
701 {
702 ULONG Flags;
703 LPSTR FrameName;
704 } TEB_ACTIVE_FRAME_CONTEXT, *PTEB_ACTIVE_FRAME_CONTEXT;
705
706 typedef struct _TEB_ACTIVE_FRAME
707 {
708 ULONG Flags;
709 struct _TEB_ACTIVE_FRAME *Previous;
710 PTEB_ACTIVE_FRAME_CONTEXT Context;
711 } TEB_ACTIVE_FRAME, *PTEB_ACTIVE_FRAME;
712
713 //
714 // Thread Environment Block (TEB)
715 //
716 typedef struct _TEB
717 {
718 NT_TIB Tib;
719 PVOID EnvironmentPointer;
720 CLIENT_ID Cid;
721 PVOID ActiveRpcHandle;
722 PVOID ThreadLocalStoragePointer;
723 struct _PEB *ProcessEnvironmentBlock;
724 ULONG LastErrorValue;
725 ULONG CountOfOwnedCriticalSections;
726 PVOID CsrClientThread;
727 struct _W32THREAD* Win32ThreadInfo;
728 ULONG User32Reserved[0x1A];
729 ULONG UserReserved[5];
730 PVOID WOW32Reserved;
731 LCID CurrentLocale;
732 ULONG FpSoftwareStatusRegister;
733 PVOID SystemReserved1[0x36];
734 LONG ExceptionCode;
735 struct _ACTIVATION_CONTEXT_STACK *ActivationContextStackPointer;
736 UCHAR SpareBytes1[0x24];
737 ULONG TxFsContext;
738 GDI_TEB_BATCH GdiTebBatch;
739 CLIENT_ID RealClientId;
740 PVOID GdiCachedProcessHandle;
741 ULONG GdiClientPID;
742 ULONG GdiClientTID;
743 PVOID GdiThreadLocalInfo;
744 ULONG Win32ClientInfo[62];
745 PVOID glDispatchTable[0xE9];
746 ULONG glReserved1[0x1D];
747 PVOID glReserved2;
748 PVOID glSectionInfo;
749 PVOID glSection;
750 PVOID glTable;
751 PVOID glCurrentRC;
752 PVOID glContext;
753 NTSTATUS LastStatusValue;
754 UNICODE_STRING StaticUnicodeString;
755 WCHAR StaticUnicodeBuffer[0x105];
756 PVOID DeallocationStack;
757 PVOID TlsSlots[0x40];
758 LIST_ENTRY TlsLinks;
759 PVOID Vdm;
760 PVOID ReservedForNtRpc;
761 PVOID DbgSsReserved[0x2];
762 ULONG HardErrorDisabled;
763 PVOID Instrumentation[9];
764 GUID ActivityId;
765 PVOID SubProcessTag;
766 PVOID EtwTraceData;
767 PVOID WinSockData;
768 ULONG GdiBatchCount;
769 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
770 BOOLEAN SpareBool0;
771 BOOLEAN SpareBool1;
772 BOOLEAN SpareBool2;
773 #else
774 BOOLEAN InDbgPrint;
775 BOOLEAN FreeStackOnTermination;
776 BOOLEAN HasFiberData;
777 #endif
778 UCHAR IdealProcessor;
779 ULONG GuaranteedStackBytes;
780 PVOID ReservedForPerf;
781 PVOID ReservedForOle;
782 ULONG WaitingOnLoaderLock;
783 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
784 PVOID SavedPriorityState;
785 #else
786 ULONG SparePointer1;
787 #endif
788 ULONG SoftPatchPtr1;
789 ULONG SoftPatchPtr2;
790 PVOID *TlsExpansionSlots;
791 ULONG ImpersonationLocale;
792 ULONG IsImpersonating;
793 PVOID NlsCache;
794 PVOID pShimData;
795 ULONG HeapVirualAffinity;
796 PVOID CurrentTransactionHandle;
797 PTEB_ACTIVE_FRAME ActiveFrame;
798 #if (NTDDI_VERSION >= NTDDI_WS03)
799 PVOID FlsData;
800 #endif
801 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
802 PVOID PreferredLangauges;
803 PVOID UserPrefLanguages;
804 PVOID MergedPrefLanguages;
805 ULONG MuiImpersonation;
806 union
807 {
808 struct
809 {
810 USHORT SpareCrossTebFlags:16;
811 };
812 USHORT CrossTebFlags;
813 };
814 union
815 {
816 struct
817 {
818 USHORT DbgSafeThunkCall:1;
819 USHORT DbgInDebugPrint:1;
820 USHORT DbgHasFiberData:1;
821 USHORT DbgSkipThreadAttach:1;
822 USHORT DbgWerInShipAssertCode:1;
823 USHORT DbgIssuedInitialBp:1;
824 USHORT DbgClonedThread:1;
825 USHORT SpareSameTebBits:9;
826 };
827 USHORT SameTebFlags;
828 };
829 PVOID TxnScopeEntercallback;
830 PVOID TxnScopeExitCAllback;
831 PVOID TxnScopeContext;
832 ULONG LockCount;
833 ULONG ProcessRundown;
834 ULONGLONG LastSwitchTime;
835 ULONGLONG TotalSwitchOutTime;
836 LARGE_INTEGER WaitReasonBitMap;
837 #else
838 UCHAR SafeThunkCall;
839 UCHAR BooleanSpare[3];
840 #endif
841 } TEB, *PTEB;
842
843 #ifdef NTOS_MODE_USER
844
845 //
846 // Process Information Structures for NtQueryProcessInformation
847 //
848 typedef struct _PROCESS_BASIC_INFORMATION
849 {
850 NTSTATUS ExitStatus;
851 PPEB PebBaseAddress;
852 ULONG_PTR AffinityMask;
853 KPRIORITY BasePriority;
854 ULONG_PTR UniqueProcessId;
855 ULONG_PTR InheritedFromUniqueProcessId;
856 } PROCESS_BASIC_INFORMATION,*PPROCESS_BASIC_INFORMATION;
857
858 typedef struct _PROCESS_ACCESS_TOKEN
859 {
860 HANDLE Token;
861 HANDLE Thread;
862 } PROCESS_ACCESS_TOKEN, *PPROCESS_ACCESS_TOKEN;
863
864 typedef struct _PROCESS_DEVICEMAP_INFORMATION
865 {
866 union
867 {
868 struct
869 {
870 HANDLE DirectoryHandle;
871 } Set;
872 struct
873 {
874 ULONG DriveMap;
875 UCHAR DriveType[32];
876 } Query;
877 };
878 } PROCESS_DEVICEMAP_INFORMATION, *PPROCESS_DEVICEMAP_INFORMATION;
879
880 typedef struct _KERNEL_USER_TIMES
881 {
882 LARGE_INTEGER CreateTime;
883 LARGE_INTEGER ExitTime;
884 LARGE_INTEGER KernelTime;
885 LARGE_INTEGER UserTime;
886 } KERNEL_USER_TIMES, *PKERNEL_USER_TIMES;
887
888 typedef struct _PROCESS_SESSION_INFORMATION
889 {
890 ULONG SessionId;
891 } PROCESS_SESSION_INFORMATION, *PPROCESS_SESSION_INFORMATION;
892
893 #endif
894
895 typedef struct _PROCESS_PRIORITY_CLASS
896 {
897 BOOLEAN Foreground;
898 UCHAR PriorityClass;
899 } PROCESS_PRIORITY_CLASS, *PPROCESS_PRIORITY_CLASS;
900
901 //
902 // Thread Information Structures for NtQueryProcessInformation
903 //
904 typedef struct _THREAD_BASIC_INFORMATION
905 {
906 NTSTATUS ExitStatus;
907 PVOID TebBaseAddress;
908 CLIENT_ID ClientId;
909 KAFFINITY AffinityMask;
910 KPRIORITY Priority;
911 KPRIORITY BasePriority;
912 } THREAD_BASIC_INFORMATION, *PTHREAD_BASIC_INFORMATION;
913
914 #ifndef NTOS_MODE_USER
915
916 //
917 // Job Set Array
918 //
919 typedef struct _JOB_SET_ARRAY
920 {
921 HANDLE JobHandle;
922 ULONG MemberLevel;
923 ULONG Flags;
924 } JOB_SET_ARRAY, *PJOB_SET_ARRAY;
925
926 //
927 // EPROCESS Quota Structures
928 //
929 typedef struct _EPROCESS_QUOTA_ENTRY
930 {
931 SIZE_T Usage;
932 SIZE_T Limit;
933 SIZE_T Peak;
934 SIZE_T Return;
935 } EPROCESS_QUOTA_ENTRY, *PEPROCESS_QUOTA_ENTRY;
936
937 typedef struct _EPROCESS_QUOTA_BLOCK
938 {
939 EPROCESS_QUOTA_ENTRY QuotaEntry[3];
940 LIST_ENTRY QuotaList;
941 ULONG ReferenceCount;
942 ULONG ProcessCount;
943 } EPROCESS_QUOTA_BLOCK, *PEPROCESS_QUOTA_BLOCK;
944
945 //
946 // Process Pagefault History
947 //
948 typedef struct _PAGEFAULT_HISTORY
949 {
950 ULONG CurrentIndex;
951 ULONG MapIndex;
952 KSPIN_LOCK SpinLock;
953 PVOID Reserved;
954 PROCESS_WS_WATCH_INFORMATION WatchInfo[1];
955 } PAGEFAULT_HISTORY, *PPAGEFAULT_HISTORY;
956
957 //
958 // Process Impersonation Information
959 //
960 typedef struct _PS_IMPERSONATION_INFORMATION
961 {
962 PACCESS_TOKEN Token;
963 BOOLEAN CopyOnOpen;
964 BOOLEAN EffectiveOnly;
965 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
966 } PS_IMPERSONATION_INFORMATION, *PPS_IMPERSONATION_INFORMATION;
967
968 //
969 // Process Termination Port
970 //
971 typedef struct _TERMINATION_PORT
972 {
973 struct _TERMINATION_PORT *Next;
974 PVOID Port;
975 } TERMINATION_PORT, *PTERMINATION_PORT;
976
977 //
978 // Per-Process APC Rate Limiting
979 //
980 typedef struct _PSP_RATE_APC
981 {
982 union
983 {
984 SINGLE_LIST_ENTRY NextApc;
985 ULONGLONG ExcessCycles;
986 };
987 ULONGLONG TargetGEneration;
988 KAPC RateApc;
989 } PSP_RATE_APC, *PPSP_RATE_APC;
990
991 //
992 // Executive Thread (ETHREAD)
993 //
994 typedef struct _ETHREAD
995 {
996 KTHREAD Tcb;
997 PVOID Padding;
998 LARGE_INTEGER CreateTime;
999 union
1000 {
1001 LARGE_INTEGER ExitTime;
1002 LIST_ENTRY LpcReplyChain;
1003 LIST_ENTRY KeyedWaitChain;
1004 };
1005 union
1006 {
1007 NTSTATUS ExitStatus;
1008 PVOID OfsChain;
1009 };
1010 LIST_ENTRY PostBlockList;
1011 union
1012 {
1013 struct _TERMINATION_PORT *TerminationPort;
1014 struct _ETHREAD *ReaperLink;
1015 PVOID KeyedWaitValue;
1016 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1017 PVOID Win32StartParameter;
1018 #endif
1019 };
1020 KSPIN_LOCK ActiveTimerListLock;
1021 LIST_ENTRY ActiveTimerListHead;
1022 CLIENT_ID Cid;
1023 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1024 KSEMAPHORE KeyedWaitSemaphore;
1025 #else
1026 union
1027 {
1028 KSEMAPHORE LpcReplySemaphore;
1029 KSEMAPHORE KeyedReplySemaphore;
1030 };
1031 union
1032 {
1033 PVOID LpcReplyMessage;
1034 PVOID LpcWaitingOnPort;
1035 };
1036 #endif
1037 PPS_IMPERSONATION_INFORMATION ImpersonationInfo;
1038 LIST_ENTRY IrpList;
1039 ULONG TopLevelIrp;
1040 PDEVICE_OBJECT DeviceToVerify;
1041 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1042 PPSP_RATE_APC RateControlApc;
1043 #else
1044 struct _EPROCESS *ThreadsProcess;
1045 #endif
1046 PVOID Win32StartAddress;
1047 union
1048 {
1049 PKSTART_ROUTINE StartAddress;
1050 ULONG LpcReceivedMessageId;
1051 };
1052 LIST_ENTRY ThreadListEntry;
1053 EX_RUNDOWN_REF RundownProtect;
1054 EX_PUSH_LOCK ThreadLock;
1055 #if (NTDDI_VERSION < NTDDI_LONGHORN)
1056 ULONG LpcReplyMessageId;
1057 #endif
1058 ULONG ReadClusterSize;
1059 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1060 ULONG SpareUlong0;
1061 #else
1062 ACCESS_MASK GrantedAccess;
1063 #endif
1064 union
1065 {
1066 struct
1067 {
1068 ULONG Terminated:1;
1069 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1070 ULONG ThreadInserted:1;
1071 #else
1072 ULONG DeadThread:1;
1073 #endif
1074 ULONG HideFromDebugger:1;
1075 ULONG ActiveImpersonationInfo:1;
1076 ULONG SystemThread:1;
1077 ULONG HardErrorsAreDisabled:1;
1078 ULONG BreakOnTermination:1;
1079 ULONG SkipCreationMsg:1;
1080 ULONG SkipTerminationMsg:1;
1081 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1082 ULONG CreateMsgSent:1;
1083 ULONG ThreadIoPriority:3;
1084 ULONG ThreadPagePriority:3;
1085 ULONG PendingRatecontrol:1;
1086 #endif
1087 };
1088 ULONG CrossThreadFlags;
1089 };
1090 union
1091 {
1092 struct
1093 {
1094 ULONG ActiveExWorker:1;
1095 ULONG ExWorkerCanWaitUser:1;
1096 ULONG MemoryMaker:1;
1097 ULONG KeyedEventInUse:1;
1098 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1099 ULONG RateApcState:2;
1100 #endif
1101 };
1102 ULONG SameThreadPassiveFlags;
1103 };
1104 union
1105 {
1106 struct
1107 {
1108 ULONG LpcReceivedMsgIdValid:1;
1109 ULONG LpcExitThreadCalled:1;
1110 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1111 ULONG Spare:1;
1112 #else
1113 ULONG AddressSpaceOwner:1;
1114 #endif
1115 ULONG OwnsProcessWorkingSetExclusive:1;
1116 ULONG OwnsProcessWorkingSetShared:1;
1117 ULONG OwnsSystemWorkingSetExclusive:1;
1118 ULONG OwnsSystemWorkingSetShared:1;
1119 ULONG OwnsSessionWorkingSetExclusive:1;
1120 ULONG OwnsSessionWorkingSetShared:1;
1121 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1122 ULONG SupressSymbolLoad:1;
1123 ULONG Spare1:3;
1124 ULONG PriorityRegionActive:4;
1125 #else
1126 ULONG ApcNeeded:1;
1127 #endif
1128 };
1129 ULONG SameThreadApcFlags;
1130 };
1131 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1132 UCHAR CacheManagerActive;
1133 #else
1134 UCHAR ForwardClusterOnly;
1135 #endif
1136 UCHAR DisablePageFaultClustering;
1137 UCHAR ActiveFaultCount;
1138 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1139 ULONG AlpcMessageId;
1140 union
1141 {
1142 PVOID AlpcMessage;
1143 ULONG AlpcReceiveAttributeSet;
1144 };
1145 LIST_ENTRY AlpcWaitListEntry;
1146 KSEMAPHORE AlpcWaitSemaphore;
1147 ULONG CacheManagerCount;
1148 #endif
1149 } ETHREAD, *PETHREAD;
1150
1151 //
1152 // Executive Process (EPROCESS)
1153 //
1154 typedef struct _EPROCESS
1155 {
1156 KPROCESS Pcb;
1157 EX_PUSH_LOCK ProcessLock;
1158 LARGE_INTEGER CreateTime;
1159 LARGE_INTEGER ExitTime;
1160 EX_RUNDOWN_REF RundownProtect;
1161 HANDLE UniqueProcessId;
1162 LIST_ENTRY ActiveProcessLinks;
1163 ULONG QuotaUsage[3]; /* 0=PagedPool, 1=NonPagedPool, 2=Pagefile */
1164 ULONG QuotaPeak[3]; /* ditto */
1165 ULONG CommitCharge;
1166 ULONG PeakVirtualSize;
1167 ULONG VirtualSize;
1168 LIST_ENTRY SessionProcessLinks;
1169 PVOID DebugPort;
1170 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1171 union
1172 {
1173 PVOID ExceptionPortData;
1174 ULONG ExceptionPortValue;
1175 UCHAR ExceptionPortState:3;
1176 };
1177 #else
1178 PVOID ExceptionPort;
1179 #endif
1180 PHANDLE_TABLE ObjectTable;
1181 EX_FAST_REF Token;
1182 ULONG WorkingSetPage;
1183 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1184 EX_PUSH_LOCK AddressCreationLock;
1185 PETHREAD RotateInProgress;
1186 #else
1187 KGUARDED_MUTEX AddressCreationLock;
1188 KSPIN_LOCK HyperSpaceLock;
1189 #endif
1190 PETHREAD ForkInProgress;
1191 ULONG HardwareTrigger;
1192 PMM_AVL_TABLE PhysicalVadRoot;
1193 PVOID CloneRoot;
1194 ULONG NumberOfPrivatePages;
1195 ULONG NumberOfLockedPages;
1196 PVOID *Win32Process;
1197 struct _EJOB *Job;
1198 PVOID SectionObject;
1199 PVOID SectionBaseAddress;
1200 PEPROCESS_QUOTA_BLOCK QuotaBlock;
1201 PPAGEFAULT_HISTORY WorkingSetWatch;
1202 PVOID Win32WindowStation;
1203 HANDLE InheritedFromUniqueProcessId;
1204 PVOID LdtInformation;
1205 PVOID VadFreeHint;
1206 PVOID VdmObjects;
1207 PVOID DeviceMap;
1208 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1209 PVOID EtwDataSource;
1210 PVOID FreeTebHint;
1211 #else
1212 PVOID Spare0[3];
1213 #endif
1214 union
1215 {
1216 HARDWARE_PTE PagedirectoryPte;
1217 ULONGLONG Filler;
1218 };
1219 ULONG Session;
1220 CHAR ImageFileName[16];
1221 LIST_ENTRY JobLinks;
1222 PVOID LockedPagesList;
1223 LIST_ENTRY ThreadListHead;
1224 PVOID SecurityPort;
1225 PVOID PaeTop;
1226 ULONG ActiveThreads;
1227 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1228 ULONG ImagePathHash;
1229 #else
1230 ACCESS_MASK GrantedAccess;
1231 #endif
1232 ULONG DefaultHardErrorProcessing;
1233 NTSTATUS LastThreadExitStatus;
1234 struct _PEB* Peb;
1235 EX_FAST_REF PrefetchTrace;
1236 LARGE_INTEGER ReadOperationCount;
1237 LARGE_INTEGER WriteOperationCount;
1238 LARGE_INTEGER OtherOperationCount;
1239 LARGE_INTEGER ReadTransferCount;
1240 LARGE_INTEGER WriteTransferCount;
1241 LARGE_INTEGER OtherTransferCount;
1242 ULONG CommitChargeLimit;
1243 ULONG CommitChargePeak;
1244 PVOID AweInfo;
1245 SE_AUDIT_PROCESS_CREATION_INFO SeAuditProcessCreationInfo;
1246 MMSUPPORT Vm;
1247 LIST_ENTRY MmProcessLinks;
1248 ULONG ModifiedPageCount;
1249 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1250 union
1251 {
1252 struct
1253 {
1254 ULONG JobNotReallyActive:1;
1255 ULONG AccountingFolded:1;
1256 ULONG NewProcessReported:1;
1257 ULONG ExitProcessReported:1;
1258 ULONG ReportCommitChanges:1;
1259 ULONG LastReportMemory:1;
1260 ULONG ReportPhysicalPageChanges:1;
1261 ULONG HandleTableRundown:1;
1262 ULONG NeedsHandleRundown:1;
1263 ULONG RefTraceEnabled:1;
1264 ULONG NumaAware:1;
1265 ULONG ProtectedProcess:1;
1266 ULONG DefaultPagePriority:3;
1267 ULONG ProcessDeleteSelf:1;
1268 ULONG ProcessVerifierTarget:1;
1269 };
1270 ULONG Flags2;
1271 };
1272 #else
1273 ULONG JobStatus;
1274 #endif
1275 union
1276 {
1277 struct
1278 {
1279 ULONG CreateReported:1;
1280 ULONG NoDebugInherit:1;
1281 ULONG ProcessExiting:1;
1282 ULONG ProcessDelete:1;
1283 ULONG Wow64SplitPages:1;
1284 ULONG VmDeleted:1;
1285 ULONG OutswapEnabled:1;
1286 ULONG Outswapped:1;
1287 ULONG ForkFailed:1;
1288 ULONG Wow64VaSpace4Gb:1;
1289 ULONG AddressSpaceInitialized:2;
1290 ULONG SetTimerResolution:1;
1291 ULONG BreakOnTermination:1;
1292 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1293 ULONG DeprioritizeViews:1;
1294 #else
1295 ULONG SessionCreationUnderway:1;
1296 #endif
1297 ULONG WriteWatch:1;
1298 ULONG ProcessInSession:1;
1299 ULONG OverrideAddressSpace:1;
1300 ULONG HasAddressSpace:1;
1301 ULONG LaunchPrefetched:1;
1302 ULONG InjectInpageErrors:1;
1303 ULONG VmTopDown:1;
1304 ULONG ImageNotifyDone:1;
1305 ULONG PdeUpdateNeeded:1;
1306 ULONG VdmAllowed:1;
1307 ULONG SmapAllowed:1;
1308 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1309 ULONG ProcessInserted:1;
1310 #else
1311 ULONG CreateFailed:1;
1312 #endif
1313 ULONG DefaultIoPriority:3;
1314 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1315 ULONG SparePsFlags1:2;
1316 #else
1317 ULONG Spare1:1;
1318 ULONG Spare2:1;
1319 #endif
1320 };
1321 ULONG Flags;
1322 };
1323 NTSTATUS ExitStatus;
1324 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1325 USHORT Spare7;
1326 #else
1327 USHORT NextPageColor;
1328 #endif
1329 union
1330 {
1331 struct
1332 {
1333 UCHAR SubSystemMinorVersion;
1334 UCHAR SubSystemMajorVersion;
1335 };
1336 USHORT SubSystemVersion;
1337 };
1338 UCHAR PriorityClass;
1339 MM_AVL_TABLE VadRoot;
1340 ULONG Cookie;
1341 } EPROCESS, *PEPROCESS;
1342
1343 //
1344 // Job Token Filter Data
1345 //
1346 #include <pshpack1.h>
1347 typedef struct _PS_JOB_TOKEN_FILTER
1348 {
1349 ULONG CapturedSidCount;
1350 PSID_AND_ATTRIBUTES CapturedSids;
1351 ULONG CapturedSidsLength;
1352 ULONG CapturedGroupCount;
1353 PSID_AND_ATTRIBUTES CapturedGroups;
1354 ULONG CapturedGroupsLength;
1355 ULONG CapturedPrivilegeCount;
1356 PLUID_AND_ATTRIBUTES CapturedPrivileges;
1357 ULONG CapturedPrivilegesLength;
1358 } PS_JOB_TOKEN_FILTER, *PPS_JOB_TOKEN_FILTER;
1359
1360 //
1361 // Executive Job (EJOB)
1362 //
1363 typedef struct _EJOB
1364 {
1365 KEVENT Event;
1366 LIST_ENTRY JobLinks;
1367 LIST_ENTRY ProcessListHead;
1368 ERESOURCE JobLock;
1369 LARGE_INTEGER TotalUserTime;
1370 LARGE_INTEGER TotalKernelTime;
1371 LARGE_INTEGER ThisPeriodTotalUserTime;
1372 LARGE_INTEGER ThisPeriodTotalKernelTime;
1373 ULONG TotalPageFaultCount;
1374 ULONG TotalProcesses;
1375 ULONG ActiveProcesses;
1376 ULONG TotalTerminatedProcesses;
1377 LARGE_INTEGER PerProcessUserTimeLimit;
1378 LARGE_INTEGER PerJobUserTimeLimit;
1379 ULONG LimitFlags;
1380 ULONG MinimumWorkingSetSize;
1381 ULONG MaximumWorkingSetSize;
1382 ULONG ActiveProcessLimit;
1383 ULONG Affinity;
1384 UCHAR PriorityClass;
1385 ULONG UIRestrictionsClass;
1386 ULONG SecurityLimitFlags;
1387 PVOID Token;
1388 PPS_JOB_TOKEN_FILTER Filter;
1389 ULONG EndOfJobTimeAction;
1390 PVOID CompletionPort;
1391 PVOID CompletionKey;
1392 ULONG SessionId;
1393 ULONG SchedulingClass;
1394 ULONGLONG ReadOperationCount;
1395 ULONGLONG WriteOperationCount;
1396 ULONGLONG OtherOperationCount;
1397 ULONGLONG ReadTransferCount;
1398 ULONGLONG WriteTransferCount;
1399 ULONGLONG OtherTransferCount;
1400 IO_COUNTERS IoInfo;
1401 ULONG ProcessMemoryLimit;
1402 ULONG JobMemoryLimit;
1403 ULONG PeakProcessMemoryUsed;
1404 ULONG PeakJobMemoryUsed;
1405 ULONG CurrentJobMemoryUsed;
1406 #if (NTDDI_VERSION == NTDDI_WINXP)
1407 FAST_MUTEX MemoryLimitsLock;
1408 #elif (NTDDI_VERSION == NTDDI_WS03)
1409 KGUARDED_MUTEX MemoryLimitsLock;
1410 #elif (NTDDI_VERSION >= NTDDI_LONGHORN)
1411 EX_PUSH_LOCK MemoryLimitsLock;
1412 #endif
1413 LIST_ENTRY JobSetLinks;
1414 ULONG MemberLevel;
1415 ULONG JobFlags;
1416 } EJOB, *PEJOB;
1417 #include <poppack.h>
1418
1419 //
1420 // Win32K Callback Registration Data
1421 //
1422 typedef struct _WIN32_POWEREVENT_PARAMETERS
1423 {
1424 PSPOWEREVENTTYPE EventNumber;
1425 ULONG Code;
1426 } WIN32_POWEREVENT_PARAMETERS, *PWIN32_POWEREVENT_PARAMETERS;
1427
1428 typedef struct _WIN32_POWERSTATE_PARAMETERS
1429 {
1430 UCHAR Promotion;
1431 POWER_ACTION SystemAction;
1432 SYSTEM_POWER_STATE MinSystemState;
1433 ULONG Flags;
1434 POWERSTATETASK PowerStateTask;
1435 } WIN32_POWERSTATE_PARAMETERS, *PWIN32_POWERSTATE_PARAMETERS;
1436
1437 typedef struct _WIN32_JOBCALLOUT_PARAMETERS
1438 {
1439 PVOID Job;
1440 PSW32JOBCALLOUTTYPE CalloutType;
1441 PVOID Data;
1442 } WIN32_JOBCALLOUT_PARAMETERS, *PWIN32_JOBCALLOUT_PARAMETERS;
1443
1444 typedef struct _WIN32_OPENMETHOD_PARAMETERS
1445 {
1446 OB_OPEN_REASON OpenReason;
1447 PEPROCESS Process;
1448 PVOID Object;
1449 ULONG GrantedAccess;
1450 ULONG HandleCount;
1451 } WIN32_OPENMETHOD_PARAMETERS, *PWIN32_OPENMETHOD_PARAMETERS;
1452
1453 typedef struct _WIN32_OKAYTOCLOSEMETHOD_PARAMETERS
1454 {
1455 PEPROCESS Process;
1456 PVOID Object;
1457 HANDLE Handle;
1458 KPROCESSOR_MODE PreviousMode;
1459 } WIN32_OKAYTOCLOSEMETHOD_PARAMETERS, *PWIN32_OKAYTOCLOSEMETHOD_PARAMETERS;
1460
1461 typedef struct _WIN32_CLOSEMETHOD_PARAMETERS
1462 {
1463 PEPROCESS Process;
1464 PVOID Object;
1465 ACCESS_MASK AccessMask;
1466 ULONG ProcessHandleCount;
1467 ULONG SystemHandleCount;
1468 } WIN32_CLOSEMETHOD_PARAMETERS, *PWIN32_CLOSEMETHOD_PARAMETERS;
1469
1470 typedef struct _WIN32_DELETEMETHOD_PARAMETERS
1471 {
1472 PVOID Object;
1473 } WIN32_DELETEMETHOD_PARAMETERS, *PWIN32_DELETEMETHOD_PARAMETERS;
1474
1475 typedef struct _WIN32_PARSEMETHOD_PARAMETERS
1476 {
1477 PVOID ParseObject;
1478 PVOID ObjectType;
1479 PACCESS_STATE AccessState;
1480 KPROCESSOR_MODE AccessMode;
1481 ULONG Attributes;
1482 OUT PUNICODE_STRING CompleteName;
1483 PUNICODE_STRING RemainingName;
1484 PVOID Context;
1485 PSECURITY_QUALITY_OF_SERVICE SecurityQos;
1486 PVOID *Object;
1487 } WIN32_PARSEMETHOD_PARAMETERS, *PWIN32_PARSEMETHOD_PARAMETERS;
1488
1489 typedef struct _WIN32_CALLOUTS_FPNS
1490 {
1491 PKWIN32_PROCESS_CALLOUT ProcessCallout;
1492 PKWIN32_THREAD_CALLOUT ThreadCallout;
1493 PKWIN32_GLOBALATOMTABLE_CALLOUT GlobalAtomTableCallout;
1494 PKWIN32_POWEREVENT_CALLOUT PowerEventCallout;
1495 PKWIN32_POWERSTATE_CALLOUT PowerStateCallout;
1496 PKWIN32_JOB_CALLOUT JobCallout;
1497 PGDI_BATCHFLUSH_ROUTINE BatchFlushRoutine;
1498 PKWIN32_OPENMETHOD_CALLOUT DesktopOpenProcedure;
1499 PKWIN32_OKTOCLOSEMETHOD_CALLOUT DesktopOkToCloseProcedure;
1500 PKWIN32_CLOSEMETHOD_CALLOUT DesktopCloseProcedure;
1501 PKWIN32_DELETEMETHOD_CALLOUT DesktopDeleteProcedure;
1502 PKWIN32_OKTOCLOSEMETHOD_CALLOUT WindowStationOkToCloseProcedure;
1503 PKWIN32_CLOSEMETHOD_CALLOUT WindowStationCloseProcedure;
1504 PKWIN32_DELETEMETHOD_CALLOUT WindowStationDeleteProcedure;
1505 PKWIN32_PARSEMETHOD_CALLOUT WindowStationParseProcedure;
1506 PKWIN32_OPENMETHOD_CALLOUT WindowStationOpenProcedure;
1507 PKWIN32_WIN32DATACOLLECTION_CALLOUT Win32DataCollectionProcedure;
1508 } WIN32_CALLOUTS_FPNS, *PWIN32_CALLOUTS_FPNS;
1509
1510 #endif // !NTOS_MODE_USER
1511
1512 #endif // _PSTYPES_H
A free Windows-compatible Operating System