3 Copyright (c) Alex Ionescu. All rights reserved.
11 Type definitions for the Process Manager
15 Alex Ionescu (alexi@tinykrnl.org) - Updated - 27-Feb-2006
29 #ifndef NTOS_MODE_USER
35 // KUSER_SHARED_DATA location in User Mode
37 #define USER_SHARED_DATA (0x7FFE0000)
42 #ifndef NTOS_MODE_USER
44 //extern NTSYSAPI struct _EPROCESS* PsInitialSystemProcess;
45 //extern NTSYSAPI POBJECT_TYPE PsProcessType;
52 #define FLG_STOP_ON_EXCEPTION 0x00000001
53 #define FLG_SHOW_LDR_SNAPS 0x00000002
54 #define FLG_DEBUG_INITIAL_COMMAND 0x00000004
55 #define FLG_STOP_ON_HUNG_GUI 0x00000008
56 #define FLG_HEAP_ENABLE_TAIL_CHECK 0x00000010
57 #define FLG_HEAP_ENABLE_FREE_CHECK 0x00000020
58 #define FLG_HEAP_VALIDATE_PARAMETERS 0x00000040
59 #define FLG_HEAP_VALIDATE_ALL 0x00000080
60 #define FLG_POOL_ENABLE_TAIL_CHECK 0x00000100
61 #define FLG_POOL_ENABLE_FREE_CHECK 0x00000200
62 #define FLG_POOL_ENABLE_TAGGING 0x00000400
63 #define FLG_HEAP_ENABLE_TAGGING 0x00000800
64 #define FLG_USER_STACK_TRACE_DB 0x00001000
65 #define FLG_KERNEL_STACK_TRACE_DB 0x00002000
66 #define FLG_MAINTAIN_OBJECT_TYPELIST 0x00004000
67 #define FLG_HEAP_ENABLE_TAG_BY_DLL 0x00008000
68 #define FLG_IGNORE_DEBUG_PRIV 0x00010000
69 #define FLG_ENABLE_CSRDEBUG 0x00020000
70 #define FLG_ENABLE_KDEBUG_SYMBOL_LOAD 0x00040000
71 #define FLG_DISABLE_PAGE_KERNEL_STACKS 0x00080000
72 #define FLG_HEAP_ENABLE_CALL_TRACING 0x00100000
73 #define FLG_HEAP_DISABLE_COALESCING 0x00200000
74 #define FLG_ENABLE_CLOSE_EXCEPTIONS 0x00400000
75 #define FLG_ENABLE_EXCEPTION_LOGGING 0x00800000
76 #define FLG_ENABLE_HANDLE_TYPE_TAGGING 0x01000000
77 #define FLG_HEAP_PAGE_ALLOCS 0x02000000
78 #define FLG_DEBUG_INITIAL_COMMAND_EX 0x04000000
79 #define FLG_VALID_BITS 0x07FFFFFF
82 // Process priority classes
84 #define PROCESS_PRIORITY_CLASS_INVALID 0
85 #define PROCESS_PRIORITY_CLASS_IDLE 1
86 #define PROCESS_PRIORITY_CLASS_NORMAL 2
87 #define PROCESS_PRIORITY_CLASS_HIGH 3
88 #define PROCESS_PRIORITY_CLASS_REALTIME 4
89 #define PROCESS_PRIORITY_CLASS_BELOW_NORMAL 5
90 #define PROCESS_PRIORITY_CLASS_ABOVE_NORMAL 6
93 // NtCreateProcessEx flags
95 #define PS_REQUEST_BREAKAWAY 1
96 #define PS_NO_DEBUG_INHERIT 2
97 #define PS_INHERIT_HANDLES 4
98 #define PS_UNKNOWN_VALUE 8
99 #define PS_ALL_FLAGS (PS_REQUEST_BREAKAWAY | \
100 PS_NO_DEBUG_INHERIT | \
101 PS_INHERIT_HANDLES | \
105 // Process base priorities
107 #define PROCESS_PRIORITY_IDLE 3
108 #define PROCESS_PRIORITY_NORMAL 8
109 #define PROCESS_PRIORITY_NORMAL_FOREGROUND 9
112 // Process Priority Separation Values (OR)
114 #define PSP_VARIABLE_QUANTUMS 4
115 #define PSP_LONG_QUANTUMS 16
117 #ifndef NTOS_MODE_USER
120 // Thread Access Types
122 #define THREAD_QUERY_INFORMATION 0x0040
123 #define THREAD_SET_THREAD_TOKEN 0x0080
124 #define THREAD_IMPERSONATE 0x0100
125 #define THREAD_DIRECT_IMPERSONATION 0x0200
128 // Process Access Types
130 #define PROCESS_TERMINATE 0x0001
131 #define PROCESS_CREATE_THREAD 0x0002
132 #define PROCESS_SET_SESSIONID 0x0004
133 #define PROCESS_VM_OPERATION 0x0008
134 #define PROCESS_VM_READ 0x0010
135 #define PROCESS_VM_WRITE 0x0020
136 #define PROCESS_CREATE_PROCESS 0x0080
137 #define PROCESS_SET_QUOTA 0x0100
138 #define PROCESS_SET_INFORMATION 0x0200
139 #define PROCESS_QUERY_INFORMATION 0x0400
140 #define PROCESS_SUSPEND_RESUME 0x0800
141 #define PROCESS_QUERY_LIMITED_INFORMATION 0x1000
142 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
143 #define PROCESS_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | \
147 #define PROCESS_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | \
152 // Thread Base Priorities
154 #define THREAD_BASE_PRIORITY_LOWRT 15
155 #define THREAD_BASE_PRIORITY_MAX 2
156 #define THREAD_BASE_PRIORITY_MIN -2
157 #define THREAD_BASE_PRIORITY_IDLE -15
162 #define TLS_MINIMUM_AVAILABLE 64
168 #define JOB_OBJECT_ASSIGN_PROCESS 0x1
169 #define JOB_OBJECT_SET_ATTRIBUTES 0x2
170 #define JOB_OBJECT_QUERY 0x4
171 #define JOB_OBJECT_TERMINATE 0x8
172 #define JOB_OBJECT_SET_SECURITY_ATTRIBUTES 0x10
173 #define JOB_OBJECT_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | \
178 // Cross Thread Flags
180 #define CT_TERMINATED_BIT 0x1
181 #define CT_DEAD_THREAD_BIT 0x2
182 #define CT_HIDE_FROM_DEBUGGER_BIT 0x4
183 #define CT_ACTIVE_IMPERSONATION_INFO_BIT 0x8
184 #define CT_SYSTEM_THREAD_BIT 0x10
185 #define CT_HARD_ERRORS_ARE_DISABLED_BIT 0x20
186 #define CT_BREAK_ON_TERMINATION_BIT 0x40
187 #define CT_SKIP_CREATION_MSG_BIT 0x80
188 #define CT_SKIP_TERMINATION_MSG_BIT 0x100
191 // Same Thread Passive Flags
193 #define STP_ACTIVE_EX_WORKER_BIT 0x1
194 #define STP_EX_WORKER_CAN_WAIT_USER_BIT 0x2
195 #define STP_MEMORY_MAKER_BIT 0x4
196 #define STP_KEYED_EVENT_IN_USE_BIT 0x8
199 // Same Thread APC Flags
201 #define STA_LPC_RECEIVED_MSG_ID_VALID_BIT 0x1
202 #define STA_LPC_EXIT_THREAD_CALLED_BIT 0x2
203 #define STA_ADDRESS_SPACE_OWNER_BIT 0x4
206 #define TLS_EXPANSION_SLOTS 1024
210 #define PSF_CREATE_REPORTED_BIT 0x1
211 #define PSF_NO_DEBUG_INHERIT_BIT 0x2
212 #define PSF_PROCESS_EXITING_BIT 0x4
213 #define PSF_PROCESS_DELETE_BIT 0x8
214 #define PSF_WOW64_SPLIT_PAGES_BIT 0x10
215 #define PSF_VM_DELETED_BIT 0x20
216 #define PSF_OUTSWAP_ENABLED_BIT 0x40
217 #define PSF_OUTSWAPPED_BIT 0x80
218 #define PSF_FORK_FAILED_BIT 0x100
219 #define PSF_WOW64_VA_SPACE_4GB_BIT 0x200
220 #define PSF_ADDRESS_SPACE_INITIALIZED_BIT 0x400
221 #define PSF_SET_TIMER_RESOLUTION_BIT 0x1000
222 #define PSF_BREAK_ON_TERMINATION_BIT 0x2000
223 #define PSF_SESSION_CREATION_UNDERWAY_BIT 0x4000
224 #define PSF_WRITE_WATCH_BIT 0x8000
225 #define PSF_PROCESS_IN_SESSION_BIT 0x10000
226 #define PSF_OVERRIDE_ADDRESS_SPACE_BIT 0x20000
227 #define PSF_HAS_ADDRESS_SPACE_BIT 0x40000
228 #define PSF_LAUNCH_PREFETCHED_BIT 0x80000
229 #define PSF_INJECT_INPAGE_ERRORS_BIT 0x100000
230 #define PSF_VM_TOP_DOWN_BIT 0x200000
231 #define PSF_IMAGE_NOTIFY_DONE_BIT 0x400000
232 #define PSF_PDE_UPDATE_NEEDED_BIT 0x800000
233 #define PSF_VDM_ALLOWED_BIT 0x1000000
234 #define PSF_SWAP_ALLOWED_BIT 0x2000000
235 #define PSF_CREATE_FAILED_BIT 0x4000000
236 #define PSF_DEFAULT_IO_PRIORITY_BIT 0x8000000
239 // Vista Process Flags
241 #define PSF2_PROTECTED_BIT 0x800
243 #ifdef NTOS_MODE_USER
245 // Current Process/Thread built-in 'special' handles
247 #define NtCurrentProcess() ((HANDLE)(LONG_PTR)-1)
248 #define ZwCurrentProcess() NtCurrentProcess()
249 #define NtCurrentThread() ((HANDLE)(LONG_PTR)-2)
250 #define ZwCurrentThread() NtCurrentThread()
253 // Process/Thread/Job Information Classes for NtQueryInformationProcess/Thread/Job
255 typedef enum _PROCESSINFOCLASS
257 ProcessBasicInformation
,
263 ProcessRaisePriority
,
265 ProcessExceptionPort
,
267 ProcessLdtInformation
,
269 ProcessDefaultHardErrorMode
,
270 ProcessIoPortHandlers
,
271 ProcessPooledUsageAndLimits
,
272 ProcessWorkingSetWatch
,
274 ProcessEnableAlignmentFaultFixup
,
275 ProcessPriorityClass
,
276 ProcessWx86Information
,
279 ProcessPriorityBoost
,
281 ProcessSessionInformation
,
282 ProcessForegroundInformation
,
283 ProcessWow64Information
,
284 ProcessImageFileName
,
285 ProcessLUIDDeviceMapsEnabled
,
286 ProcessBreakOnTermination
,
287 ProcessDebugObjectHandle
,
289 ProcessHandleTracing
,
292 ProcessTlsInformation
,
294 ProcessImageInformation
,
297 ProcessInstrumentationCallback
,
301 typedef enum _THREADINFOCLASS
303 ThreadBasicInformation
,
308 ThreadImpersonationToken
,
309 ThreadDescriptorTableEntry
,
310 ThreadEnableAlignmentFaultFixup
,
311 ThreadEventPair_Reusable
,
312 ThreadQuerySetWin32StartAddress
,
314 ThreadPerformanceCount
,
316 ThreadIdealProcessor
,
318 ThreadSetTlsArrayAddress
,
320 ThreadHideFromDebugger
,
321 ThreadBreakOnTermination
,
322 ThreadSwitchLegacyState
,
324 ThreadLastSystemCall
,
328 ThreadActualBasePriority
,
329 ThreadTebInformation
,
336 typedef enum _PSPROCESSPRIORITYMODE
338 PsProcessPriorityForeground
,
339 PsProcessPriorityBackground
,
340 PsProcessPrioritySpinning
341 } PSPROCESSPRIORITYMODE
;
343 typedef enum _JOBOBJECTINFOCLASS
345 JobObjectBasicAccountingInformation
= 1,
346 JobObjectBasicLimitInformation
,
347 JobObjectBasicProcessIdList
,
348 JobObjectBasicUIRestrictions
,
349 JobObjectSecurityLimitInformation
,
350 JobObjectEndOfJobTimeInformation
,
351 JobObjectAssociateCompletionPortInformation
,
352 JobObjectBasicAndIoAccountingInformation
,
353 JobObjectExtendedLimitInformation
,
354 JobObjectJobSetInformation
,
355 MaxJobObjectInfoClass
356 } JOBOBJECTINFOCLASS
;
359 // Power Event Events for Win32K Power Event Callback
361 typedef enum _PSPOWEREVENTTYPE
365 PsW32PowerPolicyChanged
= 2,
366 PsW32SystemPowerState
= 3,
368 PsW32DisplayState
= 5,
369 PsW32CapabilitiesChanged
= 6,
370 PsW32SetStateFailed
= 7,
373 PsW32GdiPrepareResumeUI
= 10,
374 PsW32GdiOffRequest
= 11,
375 PsW32MonitorOff
= 12,
379 // Power State Tasks for Win32K Power State Callback
381 typedef enum _POWERSTATETASK
383 PowerState_BlockSessionSwitch
= 0,
385 PowerState_QueryApps
= 2,
386 PowerState_QueryServices
= 3,
387 PowerState_QueryAppsFailed
= 4,
388 PowerState_QueryServicesFailed
= 5,
389 PowerState_SuspendApps
= 6,
390 PowerState_SuspendServices
= 7,
391 PowerState_ShowUI
= 8,
392 PowerState_NotifyWL
= 9,
393 PowerState_ResumeApps
= 10,
394 PowerState_ResumeServices
= 11,
395 PowerState_UnBlockSessionSwitch
= 12,
397 PowerState_BlockInput
= 14,
398 PowerState_UnblockInput
= 15,
402 // Win32K Job Callback Types
404 typedef enum _PSW32JOBCALLOUTTYPE
406 PsW32JobCalloutSetInformation
= 0,
407 PsW32JobCalloutAddProcess
= 1,
408 PsW32JobCalloutTerminate
= 2,
409 } PSW32JOBCALLOUTTYPE
;
412 // Win32K Thread Callback Types
414 typedef enum _PSW32THREADCALLOUTTYPE
416 PsW32ThreadCalloutInitialize
,
417 PsW32ThreadCalloutExit
,
418 } PSW32THREADCALLOUTTYPE
;
421 // Declare empty structure definitions so that they may be referenced by
422 // routines before they are defined
427 struct _WIN32_POWEREVENT_PARAMETERS
;
428 struct _WIN32_POWERSTATE_PARAMETERS
;
429 struct _WIN32_JOBCALLOUT_PARAMETERS
;
430 struct _WIN32_OPENMETHOD_PARAMETERS
;
431 struct _WIN32_OKAYTOCLOSEMETHOD_PARAMETERS
;
432 struct _WIN32_CLOSEMETHOD_PARAMETERS
;
433 struct _WIN32_DELETEMETHOD_PARAMETERS
;
434 struct _WIN32_PARSEMETHOD_PARAMETERS
;
437 // Win32K Process and Thread Callbacks
441 (NTAPI
*PKWIN32_PROCESS_CALLOUT
)(
442 struct _EPROCESS
*Process
,
448 (NTAPI
*PKWIN32_THREAD_CALLOUT
)(
449 struct _ETHREAD
*Thread
,
450 PSW32THREADCALLOUTTYPE Type
455 (NTAPI
*PKWIN32_GLOBALATOMTABLE_CALLOUT
)(
461 (NTAPI
*PKWIN32_POWEREVENT_CALLOUT
)(
462 struct _WIN32_POWEREVENT_PARAMETERS
*Parameters
467 (NTAPI
*PKWIN32_POWERSTATE_CALLOUT
)(
468 struct _WIN32_POWERSTATE_PARAMETERS
*Parameters
473 (NTAPI
*PKWIN32_JOB_CALLOUT
)(
474 struct _WIN32_JOBCALLOUT_PARAMETERS
*Parameters
479 (NTAPI
*PGDI_BATCHFLUSH_ROUTINE
)(
485 (NTAPI
*PKWIN32_OPENMETHOD_CALLOUT
)(
486 struct _WIN32_OPENMETHOD_PARAMETERS
*Parameters
491 (NTAPI
*PKWIN32_OKTOCLOSEMETHOD_CALLOUT
)(
492 struct _WIN32_OKAYTOCLOSEMETHOD_PARAMETERS
*Parameters
497 (NTAPI
*PKWIN32_CLOSEMETHOD_CALLOUT
)(
498 struct _WIN32_CLOSEMETHOD_PARAMETERS
*Parameters
503 (NTAPI
*PKWIN32_DELETEMETHOD_CALLOUT
)(
504 struct _WIN32_DELETEMETHOD_PARAMETERS
*Parameters
509 (NTAPI
*PKWIN32_PARSEMETHOD_CALLOUT
)(
510 struct _WIN32_PARSEMETHOD_PARAMETERS
*Parameters
515 (NTAPI
*PKWIN32_WIN32DATACOLLECTION_CALLOUT
)(
516 struct _EPROCESS
*Process
,
526 (NTAPI
*PLEGO_NOTIFY_ROUTINE
)(
533 (NTAPI
*PPOST_PROCESS_INIT_ROUTINE
)(
538 // Descriptor Table Entry Definition
540 #define _DESCRIPTOR_TABLE_ENTRY_DEFINED
541 typedef struct _DESCRIPTOR_TABLE_ENTRY
544 LDT_ENTRY Descriptor
;
545 } DESCRIPTOR_TABLE_ENTRY
, *PDESCRIPTOR_TABLE_ENTRY
;
551 (NTAPI
*PPEBLOCKROUTINE
)(
556 // PEB Free Block Descriptor
558 typedef struct _PEB_FREE_BLOCK
560 struct _PEB_FREE_BLOCK
* Next
;
562 } PEB_FREE_BLOCK
, *PPEB_FREE_BLOCK
;
565 // Process Environment Block (PEB)
569 UCHAR InheritedAddressSpace
;
570 UCHAR ReadImageFileExecOptions
;
572 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
575 UCHAR ImageUsesLargePages
:1;
576 UCHAR IsProtectedProcess
:1;
577 UCHAR IsLegacyProcess
:1;
584 PVOID ImageBaseAddress
;
586 struct _RTL_USER_PROCESS_PARAMETERS
*ProcessParameters
;
589 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
590 struct _RTL_CRITICAL_SECTION
*FastPebLock
;
591 PVOID AltThunkSListPtr
;
596 PVOID
* KernelCallbackTable
;
597 PVOID UserSharedInfoPtr
;
599 ULONG SystemReserved
[1];
603 PPEBLOCKROUTINE FastPebLockRoutine
;
604 PPEBLOCKROUTINE FastPebUnlockRoutine
;
605 ULONG EnvironmentUpdateCount
;
606 PVOID
* KernelCallbackTable
;
607 PVOID EventLogSection
;
610 PPEB_FREE_BLOCK FreeList
;
611 ULONG TlsExpansionCounter
;
613 ULONG TlsBitmapBits
[0x2];
614 PVOID ReadOnlySharedMemoryBase
;
615 PVOID ReadOnlySharedMemoryHeap
;
616 PVOID
* ReadOnlyStaticServerData
;
617 PVOID AnsiCodePageData
;
618 PVOID OemCodePageData
;
619 PVOID UnicodeCaseTableData
;
620 ULONG NumberOfProcessors
;
622 LARGE_INTEGER CriticalSectionTimeout
;
623 ULONG HeapSegmentReserve
;
624 ULONG HeapSegmentCommit
;
625 ULONG HeapDeCommitTotalFreeThreshold
;
626 ULONG HeapDeCommitFreeBlockThreshold
;
628 ULONG MaximumNumberOfHeaps
;
630 PVOID GdiSharedHandleTable
;
631 PVOID ProcessStarterHelper
;
632 PVOID GdiDCAttributeList
;
633 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
634 struct _RTL_CRITICAL_SECTION
*LoaderLock
;
638 ULONG OSMajorVersion
;
639 ULONG OSMinorVersion
;
640 USHORT OSBuildNumber
;
643 ULONG ImageSubSystem
;
644 ULONG ImageSubSystemMajorVersion
;
645 ULONG ImageSubSystemMinorVersion
;
646 ULONG ImageProcessAffinityMask
;
647 ULONG GdiHandleBuffer
[0x22];
648 PPOST_PROCESS_INIT_ROUTINE PostProcessInitRoutine
;
649 struct _RTL_BITMAP
*TlsExpansionBitmap
;
650 ULONG TlsExpansionBitmapBits
[0x20];
652 #if (NTDDI_VERSION >= NTDDI_WINXP)
653 ULARGE_INTEGER AppCompatFlags
;
654 ULARGE_INTEGER AppCompatFlagsUser
;
657 UNICODE_STRING CSDVersion
;
658 struct _ACTIVATION_CONTEXT_DATA
*ActivationContextData
;
659 struct _ASSEMBLY_STORAGE_MAP
*ProcessAssemblyStorageMap
;
660 struct _ACTIVATION_CONTEXT_DATA
*SystemDefaultActivationContextData
;
661 struct _ASSEMBLY_STORAGE_MAP
*SystemAssemblyStorageMap
;
662 ULONG MinimumStackCommit
;
664 #if (NTDDI_VERSION >= NTDDI_WS03)
666 LIST_ENTRY FlsListHead
;
667 struct _RTL_BITMAP
*FlsBitmap
;
668 ULONG FlsBitmapBits
[4];
671 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
672 PVOID WerRegistrationData
;
673 PVOID WerShipAssertPtr
;
678 // GDI Batch Descriptor
680 typedef struct _GDI_TEB_BATCH
685 } GDI_TEB_BATCH
, *PGDI_TEB_BATCH
;
690 typedef struct _INITIAL_TEB
692 PVOID PreviousStackBase
;
693 PVOID PreviousStackLimit
;
696 PVOID AllocatedStackBase
;
697 } INITIAL_TEB
, *PINITIAL_TEB
;
700 // TEB Active Frame Structures
702 typedef struct _TEB_ACTIVE_FRAME_CONTEXT
706 } TEB_ACTIVE_FRAME_CONTEXT
, *PTEB_ACTIVE_FRAME_CONTEXT
;
708 typedef struct _TEB_ACTIVE_FRAME
711 struct _TEB_ACTIVE_FRAME
*Previous
;
712 PTEB_ACTIVE_FRAME_CONTEXT Context
;
713 } TEB_ACTIVE_FRAME
, *PTEB_ACTIVE_FRAME
;
716 // Thread Environment Block (TEB)
721 PVOID EnvironmentPointer
;
723 PVOID ActiveRpcHandle
;
724 PVOID ThreadLocalStoragePointer
;
725 struct _PEB
*ProcessEnvironmentBlock
;
726 ULONG LastErrorValue
;
727 ULONG CountOfOwnedCriticalSections
;
728 PVOID CsrClientThread
;
729 struct _W32THREAD
* Win32ThreadInfo
;
730 ULONG User32Reserved
[0x1A];
731 ULONG UserReserved
[5];
734 ULONG FpSoftwareStatusRegister
;
735 PVOID SystemReserved1
[0x36];
737 struct _ACTIVATION_CONTEXT_STACK
*ActivationContextStackPointer
;
738 UCHAR SpareBytes1
[0x24];
740 GDI_TEB_BATCH GdiTebBatch
;
741 CLIENT_ID RealClientId
;
742 PVOID GdiCachedProcessHandle
;
745 PVOID GdiThreadLocalInfo
;
746 ULONG Win32ClientInfo
[62];
747 PVOID glDispatchTable
[0xE9];
748 ULONG glReserved1
[0x1D];
755 NTSTATUS LastStatusValue
;
756 UNICODE_STRING StaticUnicodeString
;
757 WCHAR StaticUnicodeBuffer
[0x105];
758 PVOID DeallocationStack
;
759 PVOID TlsSlots
[0x40];
762 PVOID ReservedForNtRpc
;
763 PVOID DbgSsReserved
[0x2];
764 ULONG HardErrorDisabled
;
765 PVOID Instrumentation
[9];
771 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
777 BOOLEAN FreeStackOnTermination
;
778 BOOLEAN HasFiberData
;
780 UCHAR IdealProcessor
;
781 ULONG GuaranteedStackBytes
;
782 PVOID ReservedForPerf
;
783 PVOID ReservedForOle
;
784 ULONG WaitingOnLoaderLock
;
785 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
786 PVOID SavedPriorityState
;
792 PVOID
*TlsExpansionSlots
;
793 ULONG ImpersonationLocale
;
794 ULONG IsImpersonating
;
797 ULONG HeapVirualAffinity
;
798 PVOID CurrentTransactionHandle
;
799 PTEB_ACTIVE_FRAME ActiveFrame
;
800 #if (NTDDI_VERSION >= NTDDI_WS03)
803 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
804 PVOID PreferredLangauges
;
805 PVOID UserPrefLanguages
;
806 PVOID MergedPrefLanguages
;
807 ULONG MuiImpersonation
;
812 USHORT SpareCrossTebFlags
:16;
814 USHORT CrossTebFlags
;
820 USHORT DbgSafeThunkCall
:1;
821 USHORT DbgInDebugPrint
:1;
822 USHORT DbgHasFiberData
:1;
823 USHORT DbgSkipThreadAttach
:1;
824 USHORT DbgWerInShipAssertCode
:1;
825 USHORT DbgIssuedInitialBp
:1;
826 USHORT DbgClonedThread
:1;
827 USHORT SpareSameTebBits
:9;
831 PVOID TxnScopeEntercallback
;
832 PVOID TxnScopeExitCAllback
;
833 PVOID TxnScopeContext
;
835 ULONG ProcessRundown
;
836 ULONGLONG LastSwitchTime
;
837 ULONGLONG TotalSwitchOutTime
;
838 LARGE_INTEGER WaitReasonBitMap
;
841 UCHAR BooleanSpare
[3];
845 #ifdef NTOS_MODE_USER
848 // Process Information Structures for NtQueryProcessInformation
850 typedef struct _PROCESS_BASIC_INFORMATION
854 ULONG_PTR AffinityMask
;
855 KPRIORITY BasePriority
;
856 ULONG_PTR UniqueProcessId
;
857 ULONG_PTR InheritedFromUniqueProcessId
;
858 } PROCESS_BASIC_INFORMATION
,*PPROCESS_BASIC_INFORMATION
;
860 typedef struct _PROCESS_ACCESS_TOKEN
864 } PROCESS_ACCESS_TOKEN
, *PPROCESS_ACCESS_TOKEN
;
866 typedef struct _PROCESS_DEVICEMAP_INFORMATION
872 HANDLE DirectoryHandle
;
880 } PROCESS_DEVICEMAP_INFORMATION
, *PPROCESS_DEVICEMAP_INFORMATION
;
882 typedef struct _KERNEL_USER_TIMES
884 LARGE_INTEGER CreateTime
;
885 LARGE_INTEGER ExitTime
;
886 LARGE_INTEGER KernelTime
;
887 LARGE_INTEGER UserTime
;
888 } KERNEL_USER_TIMES
, *PKERNEL_USER_TIMES
;
890 typedef struct _PROCESS_SESSION_INFORMATION
893 } PROCESS_SESSION_INFORMATION
, *PPROCESS_SESSION_INFORMATION
;
897 typedef struct _PROCESS_PRIORITY_CLASS
901 } PROCESS_PRIORITY_CLASS
, *PPROCESS_PRIORITY_CLASS
;
904 // Thread Information Structures for NtQueryProcessInformation
906 typedef struct _THREAD_BASIC_INFORMATION
909 PVOID TebBaseAddress
;
911 KAFFINITY AffinityMask
;
913 KPRIORITY BasePriority
;
914 } THREAD_BASIC_INFORMATION
, *PTHREAD_BASIC_INFORMATION
;
916 #ifndef NTOS_MODE_USER
921 typedef struct _JOB_SET_ARRAY
926 } JOB_SET_ARRAY
, *PJOB_SET_ARRAY
;
929 // EPROCESS Quota Structures
931 typedef struct _EPROCESS_QUOTA_ENTRY
937 } EPROCESS_QUOTA_ENTRY
, *PEPROCESS_QUOTA_ENTRY
;
939 typedef struct _EPROCESS_QUOTA_BLOCK
941 EPROCESS_QUOTA_ENTRY QuotaEntry
[3];
942 LIST_ENTRY QuotaList
;
943 ULONG ReferenceCount
;
945 } EPROCESS_QUOTA_BLOCK
, *PEPROCESS_QUOTA_BLOCK
;
948 // Process Pagefault History
950 typedef struct _PAGEFAULT_HISTORY
956 PROCESS_WS_WATCH_INFORMATION WatchInfo
[1];
957 } PAGEFAULT_HISTORY
, *PPAGEFAULT_HISTORY
;
960 // Process Impersonation Information
962 typedef struct _PS_IMPERSONATION_INFORMATION
966 BOOLEAN EffectiveOnly
;
967 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
;
968 } PS_IMPERSONATION_INFORMATION
, *PPS_IMPERSONATION_INFORMATION
;
971 // Process Termination Port
973 typedef struct _TERMINATION_PORT
975 struct _TERMINATION_PORT
*Next
;
977 } TERMINATION_PORT
, *PTERMINATION_PORT
;
980 // Per-Process APC Rate Limiting
982 typedef struct _PSP_RATE_APC
986 SINGLE_LIST_ENTRY NextApc
;
987 ULONGLONG ExcessCycles
;
989 ULONGLONG TargetGEneration
;
991 } PSP_RATE_APC
, *PPSP_RATE_APC
;
994 // Executive Thread (ETHREAD)
996 typedef struct _ETHREAD
1000 LARGE_INTEGER CreateTime
;
1003 LARGE_INTEGER ExitTime
;
1004 LIST_ENTRY LpcReplyChain
;
1005 LIST_ENTRY KeyedWaitChain
;
1009 NTSTATUS ExitStatus
;
1012 LIST_ENTRY PostBlockList
;
1015 struct _TERMINATION_PORT
*TerminationPort
;
1016 struct _ETHREAD
*ReaperLink
;
1017 PVOID KeyedWaitValue
;
1018 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1019 PVOID Win32StartParameter
;
1022 KSPIN_LOCK ActiveTimerListLock
;
1023 LIST_ENTRY ActiveTimerListHead
;
1025 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1026 KSEMAPHORE KeyedWaitSemaphore
;
1030 KSEMAPHORE LpcReplySemaphore
;
1031 KSEMAPHORE KeyedReplySemaphore
;
1035 PVOID LpcReplyMessage
;
1036 PVOID LpcWaitingOnPort
;
1039 PPS_IMPERSONATION_INFORMATION ImpersonationInfo
;
1042 PDEVICE_OBJECT DeviceToVerify
;
1043 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1044 PPSP_RATE_APC RateControlApc
;
1046 struct _EPROCESS
*ThreadsProcess
;
1048 PVOID Win32StartAddress
;
1051 PKSTART_ROUTINE StartAddress
;
1052 ULONG LpcReceivedMessageId
;
1054 LIST_ENTRY ThreadListEntry
;
1055 EX_RUNDOWN_REF RundownProtect
;
1056 EX_PUSH_LOCK ThreadLock
;
1057 #if (NTDDI_VERSION < NTDDI_LONGHORN)
1058 ULONG LpcReplyMessageId
;
1060 ULONG ReadClusterSize
;
1061 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1064 ACCESS_MASK GrantedAccess
;
1071 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1072 ULONG ThreadInserted
:1;
1076 ULONG HideFromDebugger
:1;
1077 ULONG ActiveImpersonationInfo
:1;
1078 ULONG SystemThread
:1;
1079 ULONG HardErrorsAreDisabled
:1;
1080 ULONG BreakOnTermination
:1;
1081 ULONG SkipCreationMsg
:1;
1082 ULONG SkipTerminationMsg
:1;
1083 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1084 ULONG CreateMsgSent
:1;
1085 ULONG ThreadIoPriority
:3;
1086 ULONG ThreadPagePriority
:3;
1087 ULONG PendingRatecontrol
:1;
1090 ULONG CrossThreadFlags
;
1096 ULONG ActiveExWorker
:1;
1097 ULONG ExWorkerCanWaitUser
:1;
1098 ULONG MemoryMaker
:1;
1099 ULONG KeyedEventInUse
:1;
1100 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1101 ULONG RateApcState
:2;
1104 ULONG SameThreadPassiveFlags
;
1110 ULONG LpcReceivedMsgIdValid
:1;
1111 ULONG LpcExitThreadCalled
:1;
1112 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1115 ULONG AddressSpaceOwner
:1;
1117 ULONG OwnsProcessWorkingSetExclusive
:1;
1118 ULONG OwnsProcessWorkingSetShared
:1;
1119 ULONG OwnsSystemWorkingSetExclusive
:1;
1120 ULONG OwnsSystemWorkingSetShared
:1;
1121 ULONG OwnsSessionWorkingSetExclusive
:1;
1122 ULONG OwnsSessionWorkingSetShared
:1;
1123 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1124 ULONG SupressSymbolLoad
:1;
1126 ULONG PriorityRegionActive
:4;
1131 ULONG SameThreadApcFlags
;
1133 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1134 UCHAR CacheManagerActive
;
1136 UCHAR ForwardClusterOnly
;
1138 UCHAR DisablePageFaultClustering
;
1139 UCHAR ActiveFaultCount
;
1140 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1141 ULONG AlpcMessageId
;
1145 ULONG AlpcReceiveAttributeSet
;
1147 LIST_ENTRY AlpcWaitListEntry
;
1148 KSEMAPHORE AlpcWaitSemaphore
;
1149 ULONG CacheManagerCount
;
1154 // Executive Process (EPROCESS)
1156 typedef struct _EPROCESS
1159 EX_PUSH_LOCK ProcessLock
;
1160 LARGE_INTEGER CreateTime
;
1161 LARGE_INTEGER ExitTime
;
1162 EX_RUNDOWN_REF RundownProtect
;
1163 HANDLE UniqueProcessId
;
1164 LIST_ENTRY ActiveProcessLinks
;
1165 ULONG QuotaUsage
[3];
1168 ULONG PeakVirtualSize
;
1170 LIST_ENTRY SessionProcessLinks
;
1172 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1175 PVOID ExceptionPortData
;
1176 ULONG ExceptionPortValue
;
1177 UCHAR ExceptionPortState
:3;
1180 PVOID ExceptionPort
;
1182 PHANDLE_TABLE ObjectTable
;
1184 ULONG WorkingSetPage
;
1185 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1186 EX_PUSH_LOCK AddressCreationLock
;
1187 PETHREAD RotateInProgress
;
1189 FAST_MUTEX AddressCreationLock
; // FIXME: FAST_MUTEX for XP, KGUARDED_MUTEX for 2K3
1190 KSPIN_LOCK HyperSpaceLock
;
1192 PETHREAD ForkInProgress
;
1193 ULONG HardwareTrigger
;
1194 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1195 PMM_AVL_TABLE PhysicalVadroot
;
1197 MM_AVL_TABLE PhysicalVadroot
;
1200 ULONG NumberOfPrivatePages
;
1201 ULONG NumberOfLockedPages
;
1202 PVOID
*Win32Process
;
1204 PVOID SectionObject
;
1205 PVOID SectionBaseAddress
;
1206 PEPROCESS_QUOTA_BLOCK QuotaBlock
;
1207 PPAGEFAULT_HISTORY WorkingSetWatch
;
1208 PVOID Win32WindowStation
;
1209 HANDLE InheritedFromUniqueProcessId
;
1210 PVOID LdtInformation
;
1214 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1215 PVOID EtwDataSource
;
1222 HARDWARE_PTE PagedirectoryPte
;
1226 CHAR ImageFileName
[16];
1227 LIST_ENTRY JobLinks
;
1228 PVOID LockedPagesList
;
1229 LIST_ENTRY ThreadListHead
;
1232 ULONG ActiveThreads
;
1233 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1234 ULONG ImagePathHash
;
1236 ACCESS_MASK GrantedAccess
;
1238 ULONG DefaultHardErrorProcessing
;
1239 NTSTATUS LastThreadExitStatus
;
1241 EX_FAST_REF PrefetchTrace
;
1242 LARGE_INTEGER ReadOperationCount
;
1243 LARGE_INTEGER WriteOperationCount
;
1244 LARGE_INTEGER OtherOperationCount
;
1245 LARGE_INTEGER ReadTransferCount
;
1246 LARGE_INTEGER WriteTransferCount
;
1247 LARGE_INTEGER OtherTransferCount
;
1248 ULONG CommitChargeLimit
;
1249 ULONG CommitChargePeak
;
1251 SE_AUDIT_PROCESS_CREATION_INFO SeAuditProcessCreationInfo
;
1253 LIST_ENTRY MmProcessLinks
;
1254 ULONG ModifiedPageCount
;
1255 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1260 ULONG JobNotReallyActive
:1;
1261 ULONG AccountingFolded
:1;
1262 ULONG NewProcessReported
:1;
1263 ULONG ExitProcessReported
:1;
1264 ULONG ReportCommitChanges
:1;
1265 ULONG LastReportMemory
:1;
1266 ULONG ReportPhysicalPageChanges
:1;
1267 ULONG HandleTableRundown
:1;
1268 ULONG NeedsHandleRundown
:1;
1269 ULONG RefTraceEnabled
:1;
1271 ULONG ProtectedProcess
:1;
1272 ULONG DefaultPagePriority
:3;
1273 ULONG ProcessDeleteSelf
:1;
1274 ULONG ProcessVerifierTarget
:1;
1285 ULONG CreateReported
:1;
1286 ULONG NoDebugInherit
:1;
1287 ULONG ProcessExiting
:1;
1288 ULONG ProcessDelete
:1;
1289 ULONG Wow64SplitPages
:1;
1291 ULONG OutswapEnabled
:1;
1294 ULONG Wow64VaSpace4Gb
:1;
1295 ULONG AddressSpaceInitialized
:2;
1296 ULONG SetTimerResolution
:1;
1297 ULONG BreakOnTermination
:1;
1298 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1299 ULONG DeprioritizeViews
:1;
1301 ULONG SessionCreationUnderway
:1;
1304 ULONG ProcessInSession
:1;
1305 ULONG OverrideAddressSpace
:1;
1306 ULONG HasAddressSpace
:1;
1307 ULONG LaunchPrefetched
:1;
1308 ULONG InjectInpageErrors
:1;
1310 ULONG ImageNotifyDone
:1;
1311 ULONG PdeUpdateNeeded
:1;
1313 ULONG SmapAllowed
:1;
1314 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1315 ULONG ProcessInserted
:1;
1317 ULONG CreateFailed
:1;
1319 ULONG DefaultIoPriority
:3;
1320 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1321 ULONG SparePsFlags1
:2;
1329 NTSTATUS ExitStatus
;
1330 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1333 USHORT NextPageColor
;
1339 UCHAR SubSystemMinorVersion
;
1340 UCHAR SubSystemMajorVersion
;
1342 USHORT SubSystemVersion
;
1344 UCHAR PriorityClass
;
1345 MM_AVL_TABLE VadRoot
;
1350 // Job Token Filter Data
1352 #include <pshpack1.h>
1353 typedef struct _PS_JOB_TOKEN_FILTER
1355 ULONG CapturedSidCount
;
1356 PSID_AND_ATTRIBUTES CapturedSids
;
1357 ULONG CapturedSidsLength
;
1358 ULONG CapturedGroupCount
;
1359 PSID_AND_ATTRIBUTES CapturedGroups
;
1360 ULONG CapturedGroupsLength
;
1361 ULONG CapturedPrivilegeCount
;
1362 PLUID_AND_ATTRIBUTES CapturedPrivileges
;
1363 ULONG CapturedPrivilegesLength
;
1364 } PS_JOB_TOKEN_FILTER
, *PPS_JOB_TOKEN_FILTER
;
1367 // Executive Job (EJOB)
1369 typedef struct _EJOB
1372 LIST_ENTRY JobLinks
;
1373 LIST_ENTRY ProcessListHead
;
1375 LARGE_INTEGER TotalUserTime
;
1376 LARGE_INTEGER TotalKernelTime
;
1377 LARGE_INTEGER ThisPeriodTotalUserTime
;
1378 LARGE_INTEGER ThisPeriodTotalKernelTime
;
1379 ULONG TotalPageFaultCount
;
1380 ULONG TotalProcesses
;
1381 ULONG ActiveProcesses
;
1382 ULONG TotalTerminatedProcesses
;
1383 LARGE_INTEGER PerProcessUserTimeLimit
;
1384 LARGE_INTEGER PerJobUserTimeLimit
;
1386 ULONG MinimumWorkingSetSize
;
1387 ULONG MaximumWorkingSetSize
;
1388 ULONG ActiveProcessLimit
;
1390 UCHAR PriorityClass
;
1391 ULONG UIRestrictionsClass
;
1392 ULONG SecurityLimitFlags
;
1394 PPS_JOB_TOKEN_FILTER Filter
;
1395 ULONG EndOfJobTimeAction
;
1396 PVOID CompletionPort
;
1397 PVOID CompletionKey
;
1399 ULONG SchedulingClass
;
1400 ULONGLONG ReadOperationCount
;
1401 ULONGLONG WriteOperationCount
;
1402 ULONGLONG OtherOperationCount
;
1403 ULONGLONG ReadTransferCount
;
1404 ULONGLONG WriteTransferCount
;
1405 ULONGLONG OtherTransferCount
;
1407 ULONG ProcessMemoryLimit
;
1408 ULONG JobMemoryLimit
;
1409 ULONG PeakProcessMemoryUsed
;
1410 ULONG PeakJobMemoryUsed
;
1411 ULONG CurrentJobMemoryUsed
;
1412 #if (NTDDI_VERSION == NTDDI_WINXP)
1413 FAST_MUTEX MemoryLimitsLock
;
1414 #elif (NTDDI_VERSION == NTDDI_WS03)
1415 KGUARDED_MUTEX MemoryLimitsLock
;
1416 #elif (NTDDI_VERSION >= NTDDI_LONGHORN)
1417 EX_PUSH_LOCK MemoryLimitsLock
;
1419 LIST_ENTRY JobSetLinks
;
1423 #include <poppack.h>
1426 // Win32K Callback Registration Data
1428 typedef struct _WIN32_POWEREVENT_PARAMETERS
1430 PSPOWEREVENTTYPE EventNumber
;
1432 } WIN32_POWEREVENT_PARAMETERS
, *PWIN32_POWEREVENT_PARAMETERS
;
1434 typedef struct _WIN32_POWERSTATE_PARAMETERS
1437 POWER_ACTION SystemAction
;
1438 SYSTEM_POWER_STATE MinSystemState
;
1440 POWERSTATETASK PowerStateTask
;
1441 } WIN32_POWERSTATE_PARAMETERS
, *PWIN32_POWERSTATE_PARAMETERS
;
1443 typedef struct _WIN32_JOBCALLOUT_PARAMETERS
1446 PSW32JOBCALLOUTTYPE CalloutType
;
1448 } WIN32_JOBCALLOUT_PARAMETERS
, *PWIN32_JOBCALLOUT_PARAMETERS
;
1450 typedef struct _WIN32_OPENMETHOD_PARAMETERS
1452 OB_OPEN_REASON OpenReason
;
1455 ULONG GrantedAccess
;
1457 } WIN32_OPENMETHOD_PARAMETERS
, *PWIN32_OPENMETHOD_PARAMETERS
;
1459 typedef struct _WIN32_OKAYTOCLOSEMETHOD_PARAMETERS
1464 KPROCESSOR_MODE PreviousMode
;
1465 } WIN32_OKAYTOCLOSEMETHOD_PARAMETERS
, *PWIN32_OKAYTOCLOSEMETHOD_PARAMETERS
;
1467 typedef struct _WIN32_CLOSEMETHOD_PARAMETERS
1471 ACCESS_MASK AccessMask
;
1472 ULONG ProcessHandleCount
;
1473 ULONG SystemHandleCount
;
1474 } WIN32_CLOSEMETHOD_PARAMETERS
, *PWIN32_CLOSEMETHOD_PARAMETERS
;
1476 typedef struct _WIN32_DELETEMETHOD_PARAMETERS
1479 } WIN32_DELETEMETHOD_PARAMETERS
, *PWIN32_DELETEMETHOD_PARAMETERS
;
1481 typedef struct _WIN32_PARSEMETHOD_PARAMETERS
1485 PACCESS_STATE AccessState
;
1486 KPROCESSOR_MODE AccessMode
;
1488 OUT PUNICODE_STRING CompleteName
;
1489 PUNICODE_STRING RemainingName
;
1491 PSECURITY_QUALITY_OF_SERVICE SecurityQos
;
1493 } WIN32_PARSEMETHOD_PARAMETERS
, *PWIN32_PARSEMETHOD_PARAMETERS
;
1495 typedef struct _WIN32_CALLOUTS_FPNS
1497 PKWIN32_PROCESS_CALLOUT ProcessCallout
;
1498 PKWIN32_THREAD_CALLOUT ThreadCallout
;
1499 PKWIN32_GLOBALATOMTABLE_CALLOUT GlobalAtomTableCallout
;
1500 PKWIN32_POWEREVENT_CALLOUT PowerEventCallout
;
1501 PKWIN32_POWERSTATE_CALLOUT PowerStateCallout
;
1502 PKWIN32_JOB_CALLOUT JobCallout
;
1503 PGDI_BATCHFLUSH_ROUTINE BatchFlushRoutine
;
1504 PKWIN32_OPENMETHOD_CALLOUT DesktopOpenProcedure
;
1505 PKWIN32_OKTOCLOSEMETHOD_CALLOUT DesktopOkToCloseProcedure
;
1506 PKWIN32_CLOSEMETHOD_CALLOUT DesktopCloseProcedure
;
1507 PKWIN32_DELETEMETHOD_CALLOUT DesktopDeleteProcedure
;
1508 PKWIN32_OKTOCLOSEMETHOD_CALLOUT WindowStationOkToCloseProcedure
;
1509 PKWIN32_CLOSEMETHOD_CALLOUT WindowStationCloseProcedure
;
1510 PKWIN32_DELETEMETHOD_CALLOUT WindowStationDeleteProcedure
;
1511 PKWIN32_PARSEMETHOD_CALLOUT WindowStationParseProcedure
;
1512 PKWIN32_OPENMETHOD_CALLOUT WindowStationOpenProcedure
;
1513 PKWIN32_WIN32DATACOLLECTION_CALLOUT Win32DataCollectionProcedure
;
1514 } WIN32_CALLOUTS_FPNS
, *PWIN32_CALLOUTS_FPNS
;
1516 #endif // !NTOS_MODE_USER
1518 #endif // _PSTYPES_H
projects / reactos.git / blob