projects / reactos.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
EPROCESS.Session should be a HANDLE.
[reactos.git] / reactos / include / ndk / pstypes.h
1 /*++ NDK Version: 0098
2
3 Copyright (c) Alex Ionescu. All rights reserved.
4
5 Header Name:
6
7 pstypes.h
8
9 Abstract:
10
11 Type definitions for the Process Manager
12
13 Author:
14
15 Alex Ionescu (alexi@tinykrnl.org) - Updated - 27-Feb-2006
16
17 --*/
18
19 #ifndef _PSTYPES_H
20 #define _PSTYPES_H
21
22 //
23 // Dependencies
24 //
25 #include <umtypes.h>
26 #include <ldrtypes.h>
27 #include <mmtypes.h>
28 #include <obtypes.h>
29 #ifndef NTOS_MODE_USER
30 #include <extypes.h>
31 #include <setypes.h>
32 #endif
33
34 //
35 // KUSER_SHARED_DATA location in User Mode
36 //
37 #define USER_SHARED_DATA (0x7FFE0000)
38
39 //
40 // Global Flags
41 //
42 #define FLG_STOP_ON_EXCEPTION 0x00000001
43 #define FLG_SHOW_LDR_SNAPS 0x00000002
44 #define FLG_DEBUG_INITIAL_COMMAND 0x00000004
45 #define FLG_STOP_ON_HUNG_GUI 0x00000008
46 #define FLG_HEAP_ENABLE_TAIL_CHECK 0x00000010
47 #define FLG_HEAP_ENABLE_FREE_CHECK 0x00000020
48 #define FLG_HEAP_VALIDATE_PARAMETERS 0x00000040
49 #define FLG_HEAP_VALIDATE_ALL 0x00000080
50 #define FLG_POOL_ENABLE_TAIL_CHECK 0x00000100
51 #define FLG_POOL_ENABLE_FREE_CHECK 0x00000200
52 #define FLG_POOL_ENABLE_TAGGING 0x00000400
53 #define FLG_HEAP_ENABLE_TAGGING 0x00000800
54 #define FLG_USER_STACK_TRACE_DB 0x00001000
55 #define FLG_KERNEL_STACK_TRACE_DB 0x00002000
56 #define FLG_MAINTAIN_OBJECT_TYPELIST 0x00004000
57 #define FLG_HEAP_ENABLE_TAG_BY_DLL 0x00008000
58 #define FLG_IGNORE_DEBUG_PRIV 0x00010000
59 #define FLG_ENABLE_CSRDEBUG 0x00020000
60 #define FLG_ENABLE_KDEBUG_SYMBOL_LOAD 0x00040000
61 #define FLG_DISABLE_PAGE_KERNEL_STACKS 0x00080000
62 #define FLG_HEAP_ENABLE_CALL_TRACING 0x00100000
63 #define FLG_HEAP_DISABLE_COALESCING 0x00200000
64 #define FLG_ENABLE_CLOSE_EXCEPTIONS 0x00400000
65 #define FLG_ENABLE_EXCEPTION_LOGGING 0x00800000
66 #define FLG_ENABLE_HANDLE_TYPE_TAGGING 0x01000000
67 #define FLG_HEAP_PAGE_ALLOCS 0x02000000
68 #define FLG_DEBUG_INITIAL_COMMAND_EX 0x04000000
69 #define FLG_VALID_BITS 0x07FFFFFF
70
71 //
72 // Process priority classes
73 //
74 #define PROCESS_PRIORITY_CLASS_INVALID 0
75 #define PROCESS_PRIORITY_CLASS_IDLE 1
76 #define PROCESS_PRIORITY_CLASS_NORMAL 2
77 #define PROCESS_PRIORITY_CLASS_HIGH 3
78 #define PROCESS_PRIORITY_CLASS_REALTIME 4
79 #define PROCESS_PRIORITY_CLASS_BELOW_NORMAL 5
80 #define PROCESS_PRIORITY_CLASS_ABOVE_NORMAL 6
81
82 //
83 // NtCreateProcessEx flags
84 //
85 #define PS_REQUEST_BREAKAWAY 1
86 #define PS_NO_DEBUG_INHERIT 2
87 #define PS_INHERIT_HANDLES 4
88 #define PS_LARGE_PAGES 8
89 #define PS_ALL_FLAGS (PS_REQUEST_BREAKAWAY | \
90 PS_NO_DEBUG_INHERIT | \
91 PS_INHERIT_HANDLES | \
92 PS_LARGE_PAGES)
93
94 //
95 // Process base priorities
96 //
97 #define PROCESS_PRIORITY_IDLE 3
98 #define PROCESS_PRIORITY_NORMAL 8
99 #define PROCESS_PRIORITY_NORMAL_FOREGROUND 9
100
101 //
102 // Process memory priorities
103 //
104 #define MEMORY_PRIORITY_BACKGROUND 0
105 #define MEMORY_PRIORITY_UNKNOWN 1
106 #define MEMORY_PRIORITY_FOREGROUND 2
107
108 //
109 // Process Priority Separation Values (OR)
110 //
111 #define PSP_VARIABLE_QUANTUMS 4
112 #define PSP_LONG_QUANTUMS 16
113
114 #ifndef NTOS_MODE_USER
115
116 //
117 // Thread Access Types
118 //
119 #define THREAD_QUERY_INFORMATION 0x0040
120 #define THREAD_SET_THREAD_TOKEN 0x0080
121 #define THREAD_IMPERSONATE 0x0100
122 #define THREAD_DIRECT_IMPERSONATION 0x0200
123
124 //
125 // Process Access Types
126 //
127 #define PROCESS_TERMINATE 0x0001
128 #define PROCESS_CREATE_THREAD 0x0002
129 #define PROCESS_SET_SESSIONID 0x0004
130 #define PROCESS_VM_OPERATION 0x0008
131 #define PROCESS_VM_READ 0x0010
132 #define PROCESS_VM_WRITE 0x0020
133 #define PROCESS_CREATE_PROCESS 0x0080
134 #define PROCESS_SET_QUOTA 0x0100
135 #define PROCESS_SET_INFORMATION 0x0200
136 #define PROCESS_QUERY_INFORMATION 0x0400
137 #define PROCESS_SUSPEND_RESUME 0x0800
138 #define PROCESS_QUERY_LIMITED_INFORMATION 0x1000
139 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
140 #define PROCESS_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | \
141 SYNCHRONIZE | \
142 0xFFFF)
143 #else
144 #define PROCESS_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | \
145 SYNCHRONIZE | \
146 0xFFF)
147
148 //
149 // Thread Base Priorities
150 //
151 #define THREAD_BASE_PRIORITY_LOWRT 15
152 #define THREAD_BASE_PRIORITY_MAX 2
153 #define THREAD_BASE_PRIORITY_MIN -2
154 #define THREAD_BASE_PRIORITY_IDLE -15
155
156 //
157 // TLS Slots
158 //
159 #define TLS_MINIMUM_AVAILABLE 64
160 #endif
161
162 //
163 // Job Access Types
164 //
165 #define JOB_OBJECT_ASSIGN_PROCESS 0x1
166 #define JOB_OBJECT_SET_ATTRIBUTES 0x2
167 #define JOB_OBJECT_QUERY 0x4
168 #define JOB_OBJECT_TERMINATE 0x8
169 #define JOB_OBJECT_SET_SECURITY_ATTRIBUTES 0x10
170 #define JOB_OBJECT_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | \
171 SYNCHRONIZE | \
172 31)
173
174 //
175 // Cross Thread Flags
176 //
177 #define CT_TERMINATED_BIT 0x1
178 #define CT_DEAD_THREAD_BIT 0x2
179 #define CT_HIDE_FROM_DEBUGGER_BIT 0x4
180 #define CT_ACTIVE_IMPERSONATION_INFO_BIT 0x8
181 #define CT_SYSTEM_THREAD_BIT 0x10
182 #define CT_HARD_ERRORS_ARE_DISABLED_BIT 0x20
183 #define CT_BREAK_ON_TERMINATION_BIT 0x40
184 #define CT_SKIP_CREATION_MSG_BIT 0x80
185 #define CT_SKIP_TERMINATION_MSG_BIT 0x100
186
187 //
188 // Same Thread Passive Flags
189 //
190 #define STP_ACTIVE_EX_WORKER_BIT 0x1
191 #define STP_EX_WORKER_CAN_WAIT_USER_BIT 0x2
192 #define STP_MEMORY_MAKER_BIT 0x4
193 #define STP_KEYED_EVENT_IN_USE_BIT 0x8
194
195 //
196 // Same Thread APC Flags
197 //
198 #define STA_LPC_RECEIVED_MSG_ID_VALID_BIT 0x1
199 #define STA_LPC_EXIT_THREAD_CALLED_BIT 0x2
200 #define STA_ADDRESS_SPACE_OWNER_BIT 0x4
201 #define STA_OWNS_WORKING_SET_BITS 0x1F8
202 #endif
203
204 #define TLS_EXPANSION_SLOTS 1024
205 //
206 // Process Flags
207 //
208 #define PSF_CREATE_REPORTED_BIT 0x1
209 #define PSF_NO_DEBUG_INHERIT_BIT 0x2
210 #define PSF_PROCESS_EXITING_BIT 0x4
211 #define PSF_PROCESS_DELETE_BIT 0x8
212 #define PSF_WOW64_SPLIT_PAGES_BIT 0x10
213 #define PSF_VM_DELETED_BIT 0x20
214 #define PSF_OUTSWAP_ENABLED_BIT 0x40
215 #define PSF_OUTSWAPPED_BIT 0x80
216 #define PSF_FORK_FAILED_BIT 0x100
217 #define PSF_WOW64_VA_SPACE_4GB_BIT 0x200
218 #define PSF_ADDRESS_SPACE_INITIALIZED_BIT 0x400
219 #define PSF_SET_TIMER_RESOLUTION_BIT 0x1000
220 #define PSF_BREAK_ON_TERMINATION_BIT 0x2000
221 #define PSF_SESSION_CREATION_UNDERWAY_BIT 0x4000
222 #define PSF_WRITE_WATCH_BIT 0x8000
223 #define PSF_PROCESS_IN_SESSION_BIT 0x10000
224 #define PSF_OVERRIDE_ADDRESS_SPACE_BIT 0x20000
225 #define PSF_HAS_ADDRESS_SPACE_BIT 0x40000
226 #define PSF_LAUNCH_PREFETCHED_BIT 0x80000
227 #define PSF_INJECT_INPAGE_ERRORS_BIT 0x100000
228 #define PSF_VM_TOP_DOWN_BIT 0x200000
229 #define PSF_IMAGE_NOTIFY_DONE_BIT 0x400000
230 #define PSF_PDE_UPDATE_NEEDED_BIT 0x800000
231 #define PSF_VDM_ALLOWED_BIT 0x1000000
232 #define PSF_SWAP_ALLOWED_BIT 0x2000000
233 #define PSF_CREATE_FAILED_BIT 0x4000000
234 #define PSF_DEFAULT_IO_PRIORITY_BIT 0x8000000
235
236 //
237 // Vista Process Flags
238 //
239 #define PSF2_PROTECTED_BIT 0x800
240
241 #ifdef NTOS_MODE_USER
242 //
243 // Current Process/Thread built-in 'special' handles
244 //
245 #define NtCurrentProcess() ((HANDLE)(LONG_PTR)-1)
246 #define ZwCurrentProcess() NtCurrentProcess()
247 #define NtCurrentThread() ((HANDLE)(LONG_PTR)-2)
248 #define ZwCurrentThread() NtCurrentThread()
249
250 //
251 // Process/Thread/Job Information Classes for NtQueryInformationProcess/Thread/Job
252 //
253 typedef enum _PROCESSINFOCLASS
254 {
255 ProcessBasicInformation,
256 ProcessQuotaLimits,
257 ProcessIoCounters,
258 ProcessVmCounters,
259 ProcessTimes,
260 ProcessBasePriority,
261 ProcessRaisePriority,
262 ProcessDebugPort,
263 ProcessExceptionPort,
264 ProcessAccessToken,
265 ProcessLdtInformation,
266 ProcessLdtSize,
267 ProcessDefaultHardErrorMode,
268 ProcessIoPortHandlers,
269 ProcessPooledUsageAndLimits,
270 ProcessWorkingSetWatch,
271 ProcessUserModeIOPL,
272 ProcessEnableAlignmentFaultFixup,
273 ProcessPriorityClass,
274 ProcessWx86Information,
275 ProcessHandleCount,
276 ProcessAffinityMask,
277 ProcessPriorityBoost,
278 ProcessDeviceMap,
279 ProcessSessionInformation,
280 ProcessForegroundInformation,
281 ProcessWow64Information,
282 ProcessImageFileName,
283 ProcessLUIDDeviceMapsEnabled,
284 ProcessBreakOnTermination,
285 ProcessDebugObjectHandle,
286 ProcessDebugFlags,
287 ProcessHandleTracing,
288 ProcessIoPriority,
289 ProcessExecuteFlags,
290 ProcessTlsInformation,
291 ProcessCookie,
292 ProcessImageInformation,
293 ProcessCycleTime,
294 ProcessPagePriority,
295 ProcessInstrumentationCallback,
296 ProcessThreadStackAllocation,
297 ProcessWorkingSetWatchEx,
298 ProcessImageFileNameWin32,
299 ProcessImageFileMapping,
300 ProcessAffinityUpdateMode,
301 ProcessMemoryAllocationMode,
302 MaxProcessInfoClass
303 } PROCESSINFOCLASS;
304
305 typedef enum _THREADINFOCLASS
306 {
307 ThreadBasicInformation,
308 ThreadTimes,
309 ThreadPriority,
310 ThreadBasePriority,
311 ThreadAffinityMask,
312 ThreadImpersonationToken,
313 ThreadDescriptorTableEntry,
314 ThreadEnableAlignmentFaultFixup,
315 ThreadEventPair_Reusable,
316 ThreadQuerySetWin32StartAddress,
317 ThreadZeroTlsCell,
318 ThreadPerformanceCount,
319 ThreadAmILastThread,
320 ThreadIdealProcessor,
321 ThreadPriorityBoost,
322 ThreadSetTlsArrayAddress,
323 ThreadIsIoPending,
324 ThreadHideFromDebugger,
325 ThreadBreakOnTermination,
326 ThreadSwitchLegacyState,
327 ThreadIsTerminated,
328 ThreadLastSystemCall,
329 ThreadIoPriority,
330 ThreadCycleTime,
331 ThreadPagePriority,
332 ThreadActualBasePriority,
333 ThreadTebInformation,
334 ThreadCSwitchMon,
335 MaxThreadInfoClass
336 } THREADINFOCLASS;
337
338 #else
339
340 typedef enum _PSPROCESSPRIORITYMODE
341 {
342 PsProcessPriorityForeground,
343 PsProcessPriorityBackground,
344 PsProcessPrioritySpinning
345 } PSPROCESSPRIORITYMODE;
346
347 typedef enum _JOBOBJECTINFOCLASS
348 {
349 JobObjectBasicAccountingInformation = 1,
350 JobObjectBasicLimitInformation,
351 JobObjectBasicProcessIdList,
352 JobObjectBasicUIRestrictions,
353 JobObjectSecurityLimitInformation,
354 JobObjectEndOfJobTimeInformation,
355 JobObjectAssociateCompletionPortInformation,
356 JobObjectBasicAndIoAccountingInformation,
357 JobObjectExtendedLimitInformation,
358 JobObjectJobSetInformation,
359 MaxJobObjectInfoClass
360 } JOBOBJECTINFOCLASS;
361
362 //
363 // Power Event Events for Win32K Power Event Callback
364 //
365 typedef enum _PSPOWEREVENTTYPE
366 {
367 PsW32FullWake = 0,
368 PsW32EventCode = 1,
369 PsW32PowerPolicyChanged = 2,
370 PsW32SystemPowerState = 3,
371 PsW32SystemTime = 4,
372 PsW32DisplayState = 5,
373 PsW32CapabilitiesChanged = 6,
374 PsW32SetStateFailed = 7,
375 PsW32GdiOff = 8,
376 PsW32GdiOn = 9,
377 PsW32GdiPrepareResumeUI = 10,
378 PsW32GdiOffRequest = 11,
379 PsW32MonitorOff = 12,
380 } PSPOWEREVENTTYPE;
381
382 //
383 // Power State Tasks for Win32K Power State Callback
384 //
385 typedef enum _POWERSTATETASK
386 {
387 PowerState_BlockSessionSwitch = 0,
388 PowerState_Init = 1,
389 PowerState_QueryApps = 2,
390 PowerState_QueryServices = 3,
391 PowerState_QueryAppsFailed = 4,
392 PowerState_QueryServicesFailed = 5,
393 PowerState_SuspendApps = 6,
394 PowerState_SuspendServices = 7,
395 PowerState_ShowUI = 8,
396 PowerState_NotifyWL = 9,
397 PowerState_ResumeApps = 10,
398 PowerState_ResumeServices = 11,
399 PowerState_UnBlockSessionSwitch = 12,
400 PowerState_End = 13,
401 PowerState_BlockInput = 14,
402 PowerState_UnblockInput = 15,
403 } POWERSTATETASK;
404
405 //
406 // Win32K Job Callback Types
407 //
408 typedef enum _PSW32JOBCALLOUTTYPE
409 {
410 PsW32JobCalloutSetInformation = 0,
411 PsW32JobCalloutAddProcess = 1,
412 PsW32JobCalloutTerminate = 2,
413 } PSW32JOBCALLOUTTYPE;
414
415 //
416 // Win32K Thread Callback Types
417 //
418 typedef enum _PSW32THREADCALLOUTTYPE
419 {
420 PsW32ThreadCalloutInitialize,
421 PsW32ThreadCalloutExit,
422 } PSW32THREADCALLOUTTYPE;
423
424 //
425 // Declare empty structure definitions so that they may be referenced by
426 // routines before they are defined
427 //
428 struct _W32THREAD;
429 struct _W32PROCESS;
430 //struct _ETHREAD;
431 struct _WIN32_POWEREVENT_PARAMETERS;
432 struct _WIN32_POWERSTATE_PARAMETERS;
433 struct _WIN32_JOBCALLOUT_PARAMETERS;
434 struct _WIN32_OPENMETHOD_PARAMETERS;
435 struct _WIN32_OKAYTOCLOSEMETHOD_PARAMETERS;
436 struct _WIN32_CLOSEMETHOD_PARAMETERS;
437 struct _WIN32_DELETEMETHOD_PARAMETERS;
438 struct _WIN32_PARSEMETHOD_PARAMETERS;
439
440 //
441 // Win32K Process and Thread Callbacks
442 //
443 typedef
444 NTSTATUS
445 (NTAPI *PKWIN32_PROCESS_CALLOUT)(
446 struct _EPROCESS *Process,
447 BOOLEAN Create
448 );
449
450 typedef
451 NTSTATUS
452 (NTAPI *PKWIN32_THREAD_CALLOUT)(
453 struct _ETHREAD *Thread,
454 PSW32THREADCALLOUTTYPE Type
455 );
456
457 typedef
458 NTSTATUS
459 (NTAPI *PKWIN32_GLOBALATOMTABLE_CALLOUT)(
460 VOID
461 );
462
463 typedef
464 NTSTATUS
465 (NTAPI *PKWIN32_POWEREVENT_CALLOUT)(
466 struct _WIN32_POWEREVENT_PARAMETERS *Parameters
467 );
468
469 typedef
470 NTSTATUS
471 (NTAPI *PKWIN32_POWERSTATE_CALLOUT)(
472 struct _WIN32_POWERSTATE_PARAMETERS *Parameters
473 );
474
475 typedef
476 NTSTATUS
477 (NTAPI *PKWIN32_JOB_CALLOUT)(
478 struct _WIN32_JOBCALLOUT_PARAMETERS *Parameters
479 );
480
481 typedef
482 NTSTATUS
483 (NTAPI *PGDI_BATCHFLUSH_ROUTINE)(
484 VOID
485 );
486
487 typedef
488 NTSTATUS
489 (NTAPI *PKWIN32_OPENMETHOD_CALLOUT)(
490 struct _WIN32_OPENMETHOD_PARAMETERS *Parameters
491 );
492
493 typedef
494 NTSTATUS
495 (NTAPI *PKWIN32_OKTOCLOSEMETHOD_CALLOUT)(
496 struct _WIN32_OKAYTOCLOSEMETHOD_PARAMETERS *Parameters
497 );
498
499 typedef
500 NTSTATUS
501 (NTAPI *PKWIN32_CLOSEMETHOD_CALLOUT)(
502 struct _WIN32_CLOSEMETHOD_PARAMETERS *Parameters
503 );
504
505 typedef
506 VOID
507 (NTAPI *PKWIN32_DELETEMETHOD_CALLOUT)(
508 struct _WIN32_DELETEMETHOD_PARAMETERS *Parameters
509 );
510
511 typedef
512 NTSTATUS
513 (NTAPI *PKWIN32_PARSEMETHOD_CALLOUT)(
514 struct _WIN32_PARSEMETHOD_PARAMETERS *Parameters
515 );
516
517 typedef
518 NTSTATUS
519 (NTAPI *PKWIN32_WIN32DATACOLLECTION_CALLOUT)(
520 struct _EPROCESS *Process,
521 PVOID Callback,
522 PVOID Context
523 );
524
525 //
526 // Lego Callback
527 //
528 typedef
529 VOID
530 (NTAPI *PLEGO_NOTIFY_ROUTINE)(
531 IN PKTHREAD Thread
532 );
533
534 #endif
535
536 typedef NTSTATUS
537 (NTAPI *PPOST_PROCESS_INIT_ROUTINE)(
538 VOID
539 );
540
541 //
542 // Descriptor Table Entry Definition
543 //
544 #if (_M_IX86)
545 #define _DESCRIPTOR_TABLE_ENTRY_DEFINED
546 typedef struct _DESCRIPTOR_TABLE_ENTRY
547 {
548 ULONG Selector;
549 LDT_ENTRY Descriptor;
550 } DESCRIPTOR_TABLE_ENTRY, *PDESCRIPTOR_TABLE_ENTRY;
551 #endif
552
553 //
554 // PEB Lock Routine
555 //
556 typedef VOID
557 (NTAPI *PPEBLOCKROUTINE)(
558 PVOID PebLock
559 );
560
561 //
562 // PEB Free Block Descriptor
563 //
564 typedef struct _PEB_FREE_BLOCK
565 {
566 struct _PEB_FREE_BLOCK* Next;
567 ULONG Size;
568 } PEB_FREE_BLOCK, *PPEB_FREE_BLOCK;
569
570 //
571 // Process Environment Block (PEB)
572 //
573 typedef struct _PEB
574 {
575 UCHAR InheritedAddressSpace;
576 UCHAR ReadImageFileExecOptions;
577 UCHAR BeingDebugged;
578 #if (NTDDI_VERSION >= NTDDI_WS03)
579 union
580 {
581 UCHAR BitField;
582 struct
583 {
584 UCHAR ImageUsesLargePages:1;
585 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
586 UCHAR IsProtectedProcess:1;
587 UCHAR IsLegacyProcess:1;
588 UCHAR IsImageDynamicallyRelocated:1;
589 UCHAR SkipPatchingUser32Forwarders:1;
590 UCHAR SpareBits:3;
591 #else
592 UCHAR SpareBits:7;
593 #endif
594 };
595 };
596 #else
597 BOOLEAN SpareBool;
598 #endif
599 HANDLE Mutant;
600 PVOID ImageBaseAddress;
601 PPEB_LDR_DATA Ldr;
602 struct _RTL_USER_PROCESS_PARAMETERS *ProcessParameters;
603 PVOID SubSystemData;
604 PVOID ProcessHeap;
605 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
606 struct _RTL_CRITICAL_SECTION *FastPebLock;
607 PVOID AltThunkSListPtr;
608 PVOID IFEOKey;
609 union
610 {
611 ULONG CrossProcessFlags;
612 struct
613 {
614 ULONG ProcessInJob:1;
615 ULONG ProcessInitializing:1;
616 ULONG ProcessUsingVEH:1;
617 ULONG ProcessUsingVCH:1;
618 ULONG ReservedBits0:28;
619 };
620 };
621 union
622 {
623 PVOID* KernelCallbackTable;
624 PVOID UserSharedInfoPtr;
625 };
626 ULONG SystemReserved[1];
627 ULONG SpareUlong;
628 ULONG_PTR SparePebPtr0;
629 #else
630 PVOID FastPebLock;
631 PPEBLOCKROUTINE FastPebLockRoutine;
632 PPEBLOCKROUTINE FastPebUnlockRoutine;
633 ULONG EnvironmentUpdateCount;
634 PVOID* KernelCallbackTable;
635 PVOID EventLogSection;
636 PVOID EventLog;
637 PPEB_FREE_BLOCK FreeList;
638 #endif
639 ULONG TlsExpansionCounter;
640 PVOID TlsBitmap;
641 ULONG TlsBitmapBits[0x2];
642 PVOID ReadOnlySharedMemoryBase;
643 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
644 PVOID HotpatchInformation;
645 #else
646 PVOID ReadOnlySharedMemoryHeap;
647 #endif
648 PVOID* ReadOnlyStaticServerData;
649 PVOID AnsiCodePageData;
650 PVOID OemCodePageData;
651 PVOID UnicodeCaseTableData;
652 ULONG NumberOfProcessors;
653 ULONG NtGlobalFlag;
654 LARGE_INTEGER CriticalSectionTimeout;
655 ULONG_PTR HeapSegmentReserve;
656 ULONG_PTR HeapSegmentCommit;
657 ULONG_PTR HeapDeCommitTotalFreeThreshold;
658 ULONG_PTR HeapDeCommitFreeBlockThreshold;
659 ULONG NumberOfHeaps;
660 ULONG MaximumNumberOfHeaps;
661 PVOID* ProcessHeaps;
662 PVOID GdiSharedHandleTable;
663 PVOID ProcessStarterHelper;
664 ULONG GdiDCAttributeList;
665 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
666 struct _RTL_CRITICAL_SECTION *LoaderLock;
667 #else
668 PVOID LoaderLock;
669 #endif
670 ULONG OSMajorVersion;
671 ULONG OSMinorVersion;
672 USHORT OSBuildNumber;
673 USHORT OSCSDVersion;
674 ULONG OSPlatformId;
675 ULONG ImageSubSystem;
676 ULONG ImageSubSystemMajorVersion;
677 ULONG ImageSubSystemMinorVersion;
678 ULONG ImageProcessAffinityMask;
679 #ifdef _WIN64
680 ULONG GdiHandleBuffer[0x3c];
681 #else
682 ULONG GdiHandleBuffer[0x22];
683 #endif
684 PPOST_PROCESS_INIT_ROUTINE PostProcessInitRoutine;
685 struct _RTL_BITMAP *TlsExpansionBitmap;
686 ULONG TlsExpansionBitmapBits[0x20];
687 ULONG SessionId;
688 #if (NTDDI_VERSION >= NTDDI_WINXP)
689 ULARGE_INTEGER AppCompatFlags;
690 ULARGE_INTEGER AppCompatFlagsUser;
691 PVOID pShimData;
692 PVOID AppCompatInfo;
693 UNICODE_STRING CSDVersion;
694 struct _ACTIVATION_CONTEXT_DATA *ActivationContextData;
695 struct _ASSEMBLY_STORAGE_MAP *ProcessAssemblyStorageMap;
696 struct _ACTIVATION_CONTEXT_DATA *SystemDefaultActivationContextData;
697 struct _ASSEMBLY_STORAGE_MAP *SystemAssemblyStorageMap;
698 ULONG_PTR MinimumStackCommit;
699 #endif
700 #if (NTDDI_VERSION >= NTDDI_WS03)
701 PVOID *FlsCallback;
702 LIST_ENTRY FlsListHead;
703 struct _RTL_BITMAP *FlsBitmap;
704 ULONG FlsBitmapBits[4];
705 ULONG FlsHighIndex;
706 #endif
707 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
708 PVOID WerRegistrationData;
709 PVOID WerShipAssertPtr;
710 #endif
711 } PEB, *PPEB;
712
713 //
714 // GDI Batch Descriptor
715 //
716 typedef struct _GDI_TEB_BATCH
717 {
718 ULONG Offset;
719 HANDLE HDC;
720 ULONG Buffer[0x136];
721 } GDI_TEB_BATCH, *PGDI_TEB_BATCH;
722
723 //
724 // Initial TEB
725 //
726 typedef struct _INITIAL_TEB
727 {
728 PVOID PreviousStackBase;
729 PVOID PreviousStackLimit;
730 PVOID StackBase;
731 PVOID StackLimit;
732 PVOID AllocatedStackBase;
733 } INITIAL_TEB, *PINITIAL_TEB;
734
735 //
736 // TEB Active Frame Structures
737 //
738 typedef struct _TEB_ACTIVE_FRAME_CONTEXT
739 {
740 ULONG Flags;
741 LPSTR FrameName;
742 } TEB_ACTIVE_FRAME_CONTEXT, *PTEB_ACTIVE_FRAME_CONTEXT;
743
744 typedef struct _TEB_ACTIVE_FRAME
745 {
746 ULONG Flags;
747 struct _TEB_ACTIVE_FRAME *Previous;
748 PTEB_ACTIVE_FRAME_CONTEXT Context;
749 } TEB_ACTIVE_FRAME, *PTEB_ACTIVE_FRAME;
750
751 //
752 // Thread Environment Block (TEB)
753 //
754 typedef struct _TEB
755 {
756 NT_TIB Tib;
757 PVOID EnvironmentPointer;
758 CLIENT_ID ClientId;
759 PVOID ActiveRpcHandle;
760 PVOID ThreadLocalStoragePointer;
761 struct _PEB *ProcessEnvironmentBlock;
762 ULONG LastErrorValue;
763 ULONG CountOfOwnedCriticalSections;
764 PVOID CsrClientThread;
765 struct _W32THREAD* Win32ThreadInfo;
766 ULONG User32Reserved[0x1A];
767 ULONG UserReserved[5];
768 PVOID WOW32Reserved;
769 LCID CurrentLocale;
770 ULONG FpSoftwareStatusRegister;
771 PVOID SystemReserved1[0x36];
772 LONG ExceptionCode;
773 struct _ACTIVATION_CONTEXT_STACK *ActivationContextStackPointer;
774 #ifdef _WIN64
775 UCHAR SpareBytes1[24];
776 #else
777 UCHAR SpareBytes1[0x24];
778 #endif
779 ULONG TxFsContext;
780 GDI_TEB_BATCH GdiTebBatch;
781 CLIENT_ID RealClientId;
782 PVOID GdiCachedProcessHandle;
783 ULONG GdiClientPID;
784 ULONG GdiClientTID;
785 PVOID GdiThreadLocalInfo;
786 SIZE_T Win32ClientInfo[62];
787 PVOID glDispatchTable[0xE9];
788 SIZE_T glReserved1[0x1D];
789 PVOID glReserved2;
790 PVOID glSectionInfo;
791 PVOID glSection;
792 PVOID glTable;
793 PVOID glCurrentRC;
794 PVOID glContext;
795 NTSTATUS LastStatusValue;
796 UNICODE_STRING StaticUnicodeString;
797 WCHAR StaticUnicodeBuffer[0x105];
798 PVOID DeallocationStack;
799 PVOID TlsSlots[0x40];
800 LIST_ENTRY TlsLinks;
801 PVOID Vdm;
802 PVOID ReservedForNtRpc;
803 PVOID DbgSsReserved[0x2];
804 ULONG HardErrorDisabled;
805 #ifdef _WIN64
806 PVOID Instrumentation[11];
807 #else
808 PVOID Instrumentation[9];
809 #endif
810 GUID ActivityId;
811 PVOID SubProcessTag;
812 PVOID EtwTraceData;
813 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
814 PVOID EtwLocalData;
815 #endif
816 PVOID WinSockData;
817 ULONG GdiBatchCount;
818 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
819 BOOLEAN SpareBool0;
820 BOOLEAN SpareBool1;
821 BOOLEAN SpareBool2;
822 #else
823 BOOLEAN InDbgPrint;
824 BOOLEAN FreeStackOnTermination;
825 BOOLEAN HasFiberData;
826 #endif
827 UCHAR IdealProcessor;
828 ULONG GuaranteedStackBytes;
829 PVOID ReservedForPerf;
830 PVOID ReservedForOle;
831 ULONG WaitingOnLoaderLock;
832 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
833 PVOID SavedPriorityState;
834 #else
835 ULONG SparePointer1;
836 #endif
837 ULONG SoftPatchPtr1;
838 ULONG SoftPatchPtr2;
839 PVOID *TlsExpansionSlots;
840 ULONG ImpersonationLocale;
841 ULONG IsImpersonating;
842 PVOID NlsCache;
843 PVOID pShimData;
844 ULONG HeapVirualAffinity;
845 PVOID CurrentTransactionHandle;
846 PTEB_ACTIVE_FRAME ActiveFrame;
847 #if (NTDDI_VERSION >= NTDDI_WS03)
848 PVOID FlsData;
849 #endif
850 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
851 PVOID PreferredLangauges;
852 PVOID UserPrefLanguages;
853 PVOID MergedPrefLanguages;
854 ULONG MuiImpersonation;
855 union
856 {
857 struct
858 {
859 USHORT SpareCrossTebFlags:16;
860 };
861 USHORT CrossTebFlags;
862 };
863 union
864 {
865 struct
866 {
867 USHORT DbgSafeThunkCall:1;
868 USHORT DbgInDebugPrint:1;
869 USHORT DbgHasFiberData:1;
870 USHORT DbgSkipThreadAttach:1;
871 USHORT DbgWerInShipAssertCode:1;
872 USHORT DbgIssuedInitialBp:1;
873 USHORT DbgClonedThread:1;
874 USHORT SpareSameTebBits:9;
875 };
876 USHORT SameTebFlags;
877 };
878 PVOID TxnScopeEntercallback;
879 PVOID TxnScopeExitCAllback;
880 PVOID TxnScopeContext;
881 ULONG LockCount;
882 ULONG ProcessRundown;
883 ULONGLONG LastSwitchTime;
884 ULONGLONG TotalSwitchOutTime;
885 LARGE_INTEGER WaitReasonBitMap;
886 #else
887 UCHAR SafeThunkCall;
888 UCHAR BooleanSpare[3];
889 #endif
890 } TEB, *PTEB;
891
892 #ifdef NTOS_MODE_USER
893
894 //
895 // Process Information Structures for NtQueryProcessInformation
896 //
897 typedef struct _PROCESS_BASIC_INFORMATION
898 {
899 NTSTATUS ExitStatus;
900 PPEB PebBaseAddress;
901 ULONG_PTR AffinityMask;
902 KPRIORITY BasePriority;
903 ULONG_PTR UniqueProcessId;
904 ULONG_PTR InheritedFromUniqueProcessId;
905 } PROCESS_BASIC_INFORMATION,*PPROCESS_BASIC_INFORMATION;
906
907 typedef struct _PROCESS_ACCESS_TOKEN
908 {
909 HANDLE Token;
910 HANDLE Thread;
911 } PROCESS_ACCESS_TOKEN, *PPROCESS_ACCESS_TOKEN;
912
913 typedef struct _PROCESS_DEVICEMAP_INFORMATION
914 {
915 union
916 {
917 struct
918 {
919 HANDLE DirectoryHandle;
920 } Set;
921 struct
922 {
923 ULONG DriveMap;
924 UCHAR DriveType[32];
925 } Query;
926 };
927 } PROCESS_DEVICEMAP_INFORMATION, *PPROCESS_DEVICEMAP_INFORMATION;
928
929 typedef struct _KERNEL_USER_TIMES
930 {
931 LARGE_INTEGER CreateTime;
932 LARGE_INTEGER ExitTime;
933 LARGE_INTEGER KernelTime;
934 LARGE_INTEGER UserTime;
935 } KERNEL_USER_TIMES, *PKERNEL_USER_TIMES;
936
937 typedef struct _PROCESS_SESSION_INFORMATION
938 {
939 ULONG SessionId;
940 } PROCESS_SESSION_INFORMATION, *PPROCESS_SESSION_INFORMATION;
941
942 #endif
943
944 typedef struct _PROCESS_PRIORITY_CLASS
945 {
946 BOOLEAN Foreground;
947 UCHAR PriorityClass;
948 } PROCESS_PRIORITY_CLASS, *PPROCESS_PRIORITY_CLASS;
949
950 //
951 // Thread Information Structures for NtQueryProcessInformation
952 //
953 typedef struct _THREAD_BASIC_INFORMATION
954 {
955 NTSTATUS ExitStatus;
956 PVOID TebBaseAddress;
957 CLIENT_ID ClientId;
958 KAFFINITY AffinityMask;
959 KPRIORITY Priority;
960 KPRIORITY BasePriority;
961 } THREAD_BASIC_INFORMATION, *PTHREAD_BASIC_INFORMATION;
962
963 #ifndef NTOS_MODE_USER
964
965 //
966 // Job Set Array
967 //
968 typedef struct _JOB_SET_ARRAY
969 {
970 HANDLE JobHandle;
971 ULONG MemberLevel;
972 ULONG Flags;
973 } JOB_SET_ARRAY, *PJOB_SET_ARRAY;
974
975 //
976 // EPROCESS Quota Structures
977 //
978 typedef struct _EPROCESS_QUOTA_ENTRY
979 {
980 SIZE_T Usage;
981 SIZE_T Limit;
982 SIZE_T Peak;
983 SIZE_T Return;
984 } EPROCESS_QUOTA_ENTRY, *PEPROCESS_QUOTA_ENTRY;
985
986 typedef struct _EPROCESS_QUOTA_BLOCK
987 {
988 EPROCESS_QUOTA_ENTRY QuotaEntry[3];
989 LIST_ENTRY QuotaList;
990 ULONG ReferenceCount;
991 ULONG ProcessCount;
992 } EPROCESS_QUOTA_BLOCK, *PEPROCESS_QUOTA_BLOCK;
993
994 //
995 // Process Pagefault History
996 //
997 typedef struct _PAGEFAULT_HISTORY
998 {
999 ULONG CurrentIndex;
1000 ULONG MapIndex;
1001 KSPIN_LOCK SpinLock;
1002 PVOID Reserved;
1003 PROCESS_WS_WATCH_INFORMATION WatchInfo[1];
1004 } PAGEFAULT_HISTORY, *PPAGEFAULT_HISTORY;
1005
1006 //
1007 // Process Impersonation Information
1008 //
1009 typedef struct _PS_IMPERSONATION_INFORMATION
1010 {
1011 PACCESS_TOKEN Token;
1012 BOOLEAN CopyOnOpen;
1013 BOOLEAN EffectiveOnly;
1014 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
1015 } PS_IMPERSONATION_INFORMATION, *PPS_IMPERSONATION_INFORMATION;
1016
1017 //
1018 // Process Termination Port
1019 //
1020 typedef struct _TERMINATION_PORT
1021 {
1022 struct _TERMINATION_PORT *Next;
1023 PVOID Port;
1024 } TERMINATION_PORT, *PTERMINATION_PORT;
1025
1026 //
1027 // Per-Process APC Rate Limiting
1028 //
1029 typedef struct _PSP_RATE_APC
1030 {
1031 union
1032 {
1033 SINGLE_LIST_ENTRY NextApc;
1034 ULONGLONG ExcessCycles;
1035 };
1036 ULONGLONG TargetGEneration;
1037 KAPC RateApc;
1038 } PSP_RATE_APC, *PPSP_RATE_APC;
1039
1040 //
1041 // Executive Thread (ETHREAD)
1042 //
1043 typedef struct _ETHREAD
1044 {
1045 KTHREAD Tcb;
1046 PVOID Padding;
1047 LARGE_INTEGER CreateTime;
1048 union
1049 {
1050 LARGE_INTEGER ExitTime;
1051 LIST_ENTRY LpcReplyChain;
1052 LIST_ENTRY KeyedWaitChain;
1053 };
1054 union
1055 {
1056 NTSTATUS ExitStatus;
1057 PVOID OfsChain;
1058 };
1059 LIST_ENTRY PostBlockList;
1060 union
1061 {
1062 struct _TERMINATION_PORT *TerminationPort;
1063 struct _ETHREAD *ReaperLink;
1064 PVOID KeyedWaitValue;
1065 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1066 PVOID Win32StartParameter;
1067 #endif
1068 };
1069 KSPIN_LOCK ActiveTimerListLock;
1070 LIST_ENTRY ActiveTimerListHead;
1071 CLIENT_ID Cid;
1072 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1073 KSEMAPHORE KeyedWaitSemaphore;
1074 #else
1075 union
1076 {
1077 KSEMAPHORE LpcReplySemaphore;
1078 KSEMAPHORE KeyedReplySemaphore;
1079 };
1080 union
1081 {
1082 PVOID LpcReplyMessage;
1083 PVOID LpcWaitingOnPort;
1084 };
1085 #endif
1086 PPS_IMPERSONATION_INFORMATION ImpersonationInfo;
1087 LIST_ENTRY IrpList;
1088 ULONG_PTR TopLevelIrp;
1089 PDEVICE_OBJECT DeviceToVerify;
1090 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1091 PPSP_RATE_APC RateControlApc;
1092 #else
1093 struct _EPROCESS *ThreadsProcess;
1094 #endif
1095 PVOID Win32StartAddress;
1096 union
1097 {
1098 PKSTART_ROUTINE StartAddress;
1099 ULONG LpcReceivedMessageId;
1100 };
1101 LIST_ENTRY ThreadListEntry;
1102 EX_RUNDOWN_REF RundownProtect;
1103 EX_PUSH_LOCK ThreadLock;
1104 #if (NTDDI_VERSION < NTDDI_LONGHORN)
1105 ULONG LpcReplyMessageId;
1106 #endif
1107 ULONG ReadClusterSize;
1108 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1109 ULONG SpareUlong0;
1110 #else
1111 ACCESS_MASK GrantedAccess;
1112 #endif
1113 union
1114 {
1115 struct
1116 {
1117 ULONG Terminated:1;
1118 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1119 ULONG ThreadInserted:1;
1120 #else
1121 ULONG DeadThread:1;
1122 #endif
1123 ULONG HideFromDebugger:1;
1124 ULONG ActiveImpersonationInfo:1;
1125 ULONG SystemThread:1;
1126 ULONG HardErrorsAreDisabled:1;
1127 ULONG BreakOnTermination:1;
1128 ULONG SkipCreationMsg:1;
1129 ULONG SkipTerminationMsg:1;
1130 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1131 ULONG CreateMsgSent:1;
1132 ULONG ThreadIoPriority:3;
1133 ULONG ThreadPagePriority:3;
1134 ULONG PendingRatecontrol:1;
1135 #endif
1136 };
1137 ULONG CrossThreadFlags;
1138 };
1139 union
1140 {
1141 struct
1142 {
1143 ULONG ActiveExWorker:1;
1144 ULONG ExWorkerCanWaitUser:1;
1145 ULONG MemoryMaker:1;
1146 ULONG KeyedEventInUse:1;
1147 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1148 ULONG RateApcState:2;
1149 #endif
1150 };
1151 ULONG SameThreadPassiveFlags;
1152 };
1153 union
1154 {
1155 struct
1156 {
1157 ULONG LpcReceivedMsgIdValid:1;
1158 ULONG LpcExitThreadCalled:1;
1159 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1160 ULONG Spare:1;
1161 #else
1162 ULONG AddressSpaceOwner:1;
1163 #endif
1164 ULONG OwnsProcessWorkingSetExclusive:1;
1165 ULONG OwnsProcessWorkingSetShared:1;
1166 ULONG OwnsSystemWorkingSetExclusive:1;
1167 ULONG OwnsSystemWorkingSetShared:1;
1168 ULONG OwnsSessionWorkingSetExclusive:1;
1169 ULONG OwnsSessionWorkingSetShared:1;
1170 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1171 ULONG SupressSymbolLoad:1;
1172 ULONG Spare1:3;
1173 ULONG PriorityRegionActive:4;
1174 #else
1175 ULONG ApcNeeded:1;
1176 #endif
1177 };
1178 ULONG SameThreadApcFlags;
1179 };
1180 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1181 UCHAR CacheManagerActive;
1182 #else
1183 UCHAR ForwardClusterOnly;
1184 #endif
1185 UCHAR DisablePageFaultClustering;
1186 UCHAR ActiveFaultCount;
1187 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1188 ULONG AlpcMessageId;
1189 union
1190 {
1191 PVOID AlpcMessage;
1192 ULONG AlpcReceiveAttributeSet;
1193 };
1194 LIST_ENTRY AlpcWaitListEntry;
1195 KSEMAPHORE AlpcWaitSemaphore;
1196 ULONG CacheManagerCount;
1197 #endif
1198 } ETHREAD, *PETHREAD;
1199
1200 //
1201 // Executive Process (EPROCESS)
1202 //
1203 typedef struct _EPROCESS
1204 {
1205 KPROCESS Pcb;
1206 EX_PUSH_LOCK ProcessLock;
1207 LARGE_INTEGER CreateTime;
1208 LARGE_INTEGER ExitTime;
1209 EX_RUNDOWN_REF RundownProtect;
1210 HANDLE UniqueProcessId;
1211 LIST_ENTRY ActiveProcessLinks;
1212 ULONG QuotaUsage[3]; /* 0=PagedPool, 1=NonPagedPool, 2=Pagefile */
1213 ULONG QuotaPeak[3]; /* ditto */
1214 ULONG CommitCharge;
1215 ULONG PeakVirtualSize;
1216 ULONG VirtualSize;
1217 LIST_ENTRY SessionProcessLinks;
1218 PVOID DebugPort;
1219 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1220 union
1221 {
1222 PVOID ExceptionPortData;
1223 ULONG ExceptionPortValue;
1224 UCHAR ExceptionPortState:3;
1225 };
1226 #else
1227 PVOID ExceptionPort;
1228 #endif
1229 PHANDLE_TABLE ObjectTable;
1230 EX_FAST_REF Token;
1231 ULONG WorkingSetPage;
1232 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1233 EX_PUSH_LOCK AddressCreationLock;
1234 PETHREAD RotateInProgress;
1235 #else
1236 KGUARDED_MUTEX AddressCreationLock;
1237 KSPIN_LOCK HyperSpaceLock;
1238 #endif
1239 PETHREAD ForkInProgress;
1240 ULONG HardwareTrigger;
1241 PMM_AVL_TABLE PhysicalVadRoot;
1242 PVOID CloneRoot;
1243 ULONG NumberOfPrivatePages;
1244 ULONG NumberOfLockedPages;
1245 PVOID *Win32Process;
1246 struct _EJOB *Job;
1247 PVOID SectionObject;
1248 PVOID SectionBaseAddress;
1249 PEPROCESS_QUOTA_BLOCK QuotaBlock;
1250 PPAGEFAULT_HISTORY WorkingSetWatch;
1251 PVOID Win32WindowStation;
1252 HANDLE InheritedFromUniqueProcessId;
1253 PVOID LdtInformation;
1254 PVOID VadFreeHint;
1255 PVOID VdmObjects;
1256 PVOID DeviceMap;
1257 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1258 PVOID EtwDataSource;
1259 PVOID FreeTebHint;
1260 #else
1261 PVOID Spare0[3];
1262 #endif
1263 union
1264 {
1265 HARDWARE_PTE PageDirectoryPte;
1266 ULONGLONG Filler;
1267 };
1268 HANDLE Session;
1269 CHAR ImageFileName[16];
1270 LIST_ENTRY JobLinks;
1271 PVOID LockedPagesList;
1272 LIST_ENTRY ThreadListHead;
1273 PVOID SecurityPort;
1274 PVOID PaeTop;
1275 ULONG ActiveThreads;
1276 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1277 ULONG ImagePathHash;
1278 #else
1279 ACCESS_MASK GrantedAccess;
1280 #endif
1281 ULONG DefaultHardErrorProcessing;
1282 NTSTATUS LastThreadExitStatus;
1283 struct _PEB* Peb;
1284 EX_FAST_REF PrefetchTrace;
1285 LARGE_INTEGER ReadOperationCount;
1286 LARGE_INTEGER WriteOperationCount;
1287 LARGE_INTEGER OtherOperationCount;
1288 LARGE_INTEGER ReadTransferCount;
1289 LARGE_INTEGER WriteTransferCount;
1290 LARGE_INTEGER OtherTransferCount;
1291 ULONG CommitChargeLimit;
1292 ULONG CommitChargePeak;
1293 PVOID AweInfo;
1294 SE_AUDIT_PROCESS_CREATION_INFO SeAuditProcessCreationInfo;
1295 MMSUPPORT Vm;
1296 LIST_ENTRY MmProcessLinks;
1297 ULONG ModifiedPageCount;
1298 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1299 union
1300 {
1301 struct
1302 {
1303 ULONG JobNotReallyActive:1;
1304 ULONG AccountingFolded:1;
1305 ULONG NewProcessReported:1;
1306 ULONG ExitProcessReported:1;
1307 ULONG ReportCommitChanges:1;
1308 ULONG LastReportMemory:1;
1309 ULONG ReportPhysicalPageChanges:1;
1310 ULONG HandleTableRundown:1;
1311 ULONG NeedsHandleRundown:1;
1312 ULONG RefTraceEnabled:1;
1313 ULONG NumaAware:1;
1314 ULONG ProtectedProcess:1;
1315 ULONG DefaultPagePriority:3;
1316 ULONG ProcessDeleteSelf:1;
1317 ULONG ProcessVerifierTarget:1;
1318 };
1319 ULONG Flags2;
1320 };
1321 #else
1322 ULONG JobStatus;
1323 #endif
1324 union
1325 {
1326 struct
1327 {
1328 ULONG CreateReported:1;
1329 ULONG NoDebugInherit:1;
1330 ULONG ProcessExiting:1;
1331 ULONG ProcessDelete:1;
1332 ULONG Wow64SplitPages:1;
1333 ULONG VmDeleted:1;
1334 ULONG OutswapEnabled:1;
1335 ULONG Outswapped:1;
1336 ULONG ForkFailed:1;
1337 ULONG Wow64VaSpace4Gb:1;
1338 ULONG AddressSpaceInitialized:2;
1339 ULONG SetTimerResolution:1;
1340 ULONG BreakOnTermination:1;
1341 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1342 ULONG DeprioritizeViews:1;
1343 #else
1344 ULONG SessionCreationUnderway:1;
1345 #endif
1346 ULONG WriteWatch:1;
1347 ULONG ProcessInSession:1;
1348 ULONG OverrideAddressSpace:1;
1349 ULONG HasAddressSpace:1;
1350 ULONG LaunchPrefetched:1;
1351 ULONG InjectInpageErrors:1;
1352 ULONG VmTopDown:1;
1353 ULONG ImageNotifyDone:1;
1354 ULONG PdeUpdateNeeded:1;
1355 ULONG VdmAllowed:1;
1356 ULONG SmapAllowed:1;
1357 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1358 ULONG ProcessInserted:1;
1359 #else
1360 ULONG CreateFailed:1;
1361 #endif
1362 ULONG DefaultIoPriority:3;
1363 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1364 ULONG SparePsFlags1:2;
1365 #else
1366 ULONG Spare1:1;
1367 ULONG Spare2:1;
1368 #endif
1369 };
1370 ULONG Flags;
1371 };
1372 NTSTATUS ExitStatus;
1373 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1374 USHORT Spare7;
1375 #else
1376 USHORT NextPageColor;
1377 #endif
1378 union
1379 {
1380 struct
1381 {
1382 UCHAR SubSystemMinorVersion;
1383 UCHAR SubSystemMajorVersion;
1384 };
1385 USHORT SubSystemVersion;
1386 };
1387 UCHAR PriorityClass;
1388 MM_AVL_TABLE VadRoot;
1389 ULONG Cookie;
1390 } EPROCESS, *PEPROCESS;
1391
1392 //
1393 // Job Token Filter Data
1394 //
1395 #include <pshpack1.h>
1396 typedef struct _PS_JOB_TOKEN_FILTER
1397 {
1398 ULONG CapturedSidCount;
1399 PSID_AND_ATTRIBUTES CapturedSids;
1400 ULONG CapturedSidsLength;
1401 ULONG CapturedGroupCount;
1402 PSID_AND_ATTRIBUTES CapturedGroups;
1403 ULONG CapturedGroupsLength;
1404 ULONG CapturedPrivilegeCount;
1405 PLUID_AND_ATTRIBUTES CapturedPrivileges;
1406 ULONG CapturedPrivilegesLength;
1407 } PS_JOB_TOKEN_FILTER, *PPS_JOB_TOKEN_FILTER;
1408
1409 //
1410 // Executive Job (EJOB)
1411 //
1412 typedef struct _EJOB
1413 {
1414 KEVENT Event;
1415 LIST_ENTRY JobLinks;
1416 LIST_ENTRY ProcessListHead;
1417 ERESOURCE JobLock;
1418 LARGE_INTEGER TotalUserTime;
1419 LARGE_INTEGER TotalKernelTime;
1420 LARGE_INTEGER ThisPeriodTotalUserTime;
1421 LARGE_INTEGER ThisPeriodTotalKernelTime;
1422 ULONG TotalPageFaultCount;
1423 ULONG TotalProcesses;
1424 ULONG ActiveProcesses;
1425 ULONG TotalTerminatedProcesses;
1426 LARGE_INTEGER PerProcessUserTimeLimit;
1427 LARGE_INTEGER PerJobUserTimeLimit;
1428 ULONG LimitFlags;
1429 ULONG MinimumWorkingSetSize;
1430 ULONG MaximumWorkingSetSize;
1431 ULONG ActiveProcessLimit;
1432 ULONG Affinity;
1433 UCHAR PriorityClass;
1434 ULONG UIRestrictionsClass;
1435 ULONG SecurityLimitFlags;
1436 PVOID Token;
1437 PPS_JOB_TOKEN_FILTER Filter;
1438 ULONG EndOfJobTimeAction;
1439 PVOID CompletionPort;
1440 PVOID CompletionKey;
1441 ULONG SessionId;
1442 ULONG SchedulingClass;
1443 ULONGLONG ReadOperationCount;
1444 ULONGLONG WriteOperationCount;
1445 ULONGLONG OtherOperationCount;
1446 ULONGLONG ReadTransferCount;
1447 ULONGLONG WriteTransferCount;
1448 ULONGLONG OtherTransferCount;
1449 IO_COUNTERS IoInfo;
1450 ULONG ProcessMemoryLimit;
1451 ULONG JobMemoryLimit;
1452 ULONG PeakProcessMemoryUsed;
1453 ULONG PeakJobMemoryUsed;
1454 ULONG CurrentJobMemoryUsed;
1455 #if (NTDDI_VERSION >= NTDDI_WINXP) && (NTDDI_VERSION < NTDDI_WS03)
1456 FAST_MUTEX MemoryLimitsLock;
1457 #elif (NTDDI_VERSION >= NTDDI_WS03) && (NTDDI_VERSION < NTDDI_LONGHORN)
1458 KGUARDED_MUTEX MemoryLimitsLock;
1459 #elif (NTDDI_VERSION >= NTDDI_LONGHORN)
1460 EX_PUSH_LOCK MemoryLimitsLock;
1461 #endif
1462 LIST_ENTRY JobSetLinks;
1463 ULONG MemberLevel;
1464 ULONG JobFlags;
1465 } EJOB, *PEJOB;
1466 #include <poppack.h>
1467
1468 //
1469 // Win32K Callback Registration Data
1470 //
1471 typedef struct _WIN32_POWEREVENT_PARAMETERS
1472 {
1473 PSPOWEREVENTTYPE EventNumber;
1474 ULONG Code;
1475 } WIN32_POWEREVENT_PARAMETERS, *PWIN32_POWEREVENT_PARAMETERS;
1476
1477 typedef struct _WIN32_POWERSTATE_PARAMETERS
1478 {
1479 UCHAR Promotion;
1480 POWER_ACTION SystemAction;
1481 SYSTEM_POWER_STATE MinSystemState;
1482 ULONG Flags;
1483 POWERSTATETASK PowerStateTask;
1484 } WIN32_POWERSTATE_PARAMETERS, *PWIN32_POWERSTATE_PARAMETERS;
1485
1486 typedef struct _WIN32_JOBCALLOUT_PARAMETERS
1487 {
1488 PVOID Job;
1489 PSW32JOBCALLOUTTYPE CalloutType;
1490 PVOID Data;
1491 } WIN32_JOBCALLOUT_PARAMETERS, *PWIN32_JOBCALLOUT_PARAMETERS;
1492
1493 typedef struct _WIN32_OPENMETHOD_PARAMETERS
1494 {
1495 OB_OPEN_REASON OpenReason;
1496 PEPROCESS Process;
1497 PVOID Object;
1498 ULONG GrantedAccess;
1499 ULONG HandleCount;
1500 } WIN32_OPENMETHOD_PARAMETERS, *PWIN32_OPENMETHOD_PARAMETERS;
1501
1502 typedef struct _WIN32_OKAYTOCLOSEMETHOD_PARAMETERS
1503 {
1504 PEPROCESS Process;
1505 PVOID Object;
1506 HANDLE Handle;
1507 KPROCESSOR_MODE PreviousMode;
1508 } WIN32_OKAYTOCLOSEMETHOD_PARAMETERS, *PWIN32_OKAYTOCLOSEMETHOD_PARAMETERS;
1509
1510 typedef struct _WIN32_CLOSEMETHOD_PARAMETERS
1511 {
1512 PEPROCESS Process;
1513 PVOID Object;
1514 ACCESS_MASK AccessMask;
1515 ULONG ProcessHandleCount;
1516 ULONG SystemHandleCount;
1517 } WIN32_CLOSEMETHOD_PARAMETERS, *PWIN32_CLOSEMETHOD_PARAMETERS;
1518
1519 typedef struct _WIN32_DELETEMETHOD_PARAMETERS
1520 {
1521 PVOID Object;
1522 } WIN32_DELETEMETHOD_PARAMETERS, *PWIN32_DELETEMETHOD_PARAMETERS;
1523
1524 typedef struct _WIN32_PARSEMETHOD_PARAMETERS
1525 {
1526 PVOID ParseObject;
1527 PVOID ObjectType;
1528 PACCESS_STATE AccessState;
1529 KPROCESSOR_MODE AccessMode;
1530 ULONG Attributes;
1531 OUT PUNICODE_STRING CompleteName;
1532 PUNICODE_STRING RemainingName;
1533 PVOID Context;
1534 PSECURITY_QUALITY_OF_SERVICE SecurityQos;
1535 PVOID *Object;
1536 } WIN32_PARSEMETHOD_PARAMETERS, *PWIN32_PARSEMETHOD_PARAMETERS;
1537
1538 typedef struct _WIN32_CALLOUTS_FPNS
1539 {
1540 PKWIN32_PROCESS_CALLOUT ProcessCallout;
1541 PKWIN32_THREAD_CALLOUT ThreadCallout;
1542 PKWIN32_GLOBALATOMTABLE_CALLOUT GlobalAtomTableCallout;
1543 PKWIN32_POWEREVENT_CALLOUT PowerEventCallout;
1544 PKWIN32_POWERSTATE_CALLOUT PowerStateCallout;
1545 PKWIN32_JOB_CALLOUT JobCallout;
1546 PGDI_BATCHFLUSH_ROUTINE BatchFlushRoutine;
1547 PKWIN32_OPENMETHOD_CALLOUT DesktopOpenProcedure;
1548 PKWIN32_OKTOCLOSEMETHOD_CALLOUT DesktopOkToCloseProcedure;
1549 PKWIN32_CLOSEMETHOD_CALLOUT DesktopCloseProcedure;
1550 PKWIN32_DELETEMETHOD_CALLOUT DesktopDeleteProcedure;
1551 PKWIN32_OKTOCLOSEMETHOD_CALLOUT WindowStationOkToCloseProcedure;
1552 PKWIN32_CLOSEMETHOD_CALLOUT WindowStationCloseProcedure;
1553 PKWIN32_DELETEMETHOD_CALLOUT WindowStationDeleteProcedure;
1554 PKWIN32_PARSEMETHOD_CALLOUT WindowStationParseProcedure;
1555 PKWIN32_OPENMETHOD_CALLOUT WindowStationOpenProcedure;
1556 PKWIN32_WIN32DATACOLLECTION_CALLOUT Win32DataCollectionProcedure;
1557 } WIN32_CALLOUTS_FPNS, *PWIN32_CALLOUTS_FPNS;
1558
1559 #endif // !NTOS_MODE_USER
1560
1561 #endif // _PSTYPES_H
A free Windows-compatible Operating System