projects / reactos.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
[SDK] Add enum for PEB.AppCompatFlagsUser
[reactos.git] / reactos / sdk / include / ndk / pstypes.h
1 /*++ NDK Version: 0098
2
3 Copyright (c) Alex Ionescu. All rights reserved.
4
5 Header Name:
6
7 pstypes.h
8
9 Abstract:
10
11 Type definitions for the Process Manager
12
13 Author:
14
15 Alex Ionescu (alexi@tinykrnl.org) - Updated - 27-Feb-2006
16
17 --*/
18
19 #ifndef _PSTYPES_H
20 #define _PSTYPES_H
21
22 //
23 // Dependencies
24 //
25 #include <umtypes.h>
26 #include <ldrtypes.h>
27 #include <mmtypes.h>
28 #include <obtypes.h>
29 #include <rtltypes.h>
30 #ifndef NTOS_MODE_USER
31 #include <extypes.h>
32 #include <setypes.h>
33 #endif
34
35 #ifdef __cplusplus
36 extern "C" {
37 #endif
38
39 #ifndef NTOS_MODE_USER
40
41 //
42 // Kernel Exported Object Types
43 //
44 extern POBJECT_TYPE NTSYSAPI PsJobType;
45
46 #endif // !NTOS_MODE_USER
47
48 //
49 // KUSER_SHARED_DATA location in User Mode
50 //
51 #define USER_SHARED_DATA (0x7FFE0000)
52
53 //
54 // Global Flags
55 //
56 #define FLG_STOP_ON_EXCEPTION 0x00000001
57 #define FLG_SHOW_LDR_SNAPS 0x00000002
58 #define FLG_DEBUG_INITIAL_COMMAND 0x00000004
59 #define FLG_STOP_ON_HUNG_GUI 0x00000008
60 #define FLG_HEAP_ENABLE_TAIL_CHECK 0x00000010
61 #define FLG_HEAP_ENABLE_FREE_CHECK 0x00000020
62 #define FLG_HEAP_VALIDATE_PARAMETERS 0x00000040
63 #define FLG_HEAP_VALIDATE_ALL 0x00000080
64 #define FLG_POOL_ENABLE_TAIL_CHECK 0x00000100
65 #define FLG_POOL_ENABLE_FREE_CHECK 0x00000200
66 #define FLG_POOL_ENABLE_TAGGING 0x00000400
67 #define FLG_HEAP_ENABLE_TAGGING 0x00000800
68 #define FLG_USER_STACK_TRACE_DB 0x00001000
69 #define FLG_KERNEL_STACK_TRACE_DB 0x00002000
70 #define FLG_MAINTAIN_OBJECT_TYPELIST 0x00004000
71 #define FLG_HEAP_ENABLE_TAG_BY_DLL 0x00008000
72 #define FLG_DISABLE_STACK_EXTENSION 0x00010000
73 #define FLG_ENABLE_CSRDEBUG 0x00020000
74 #define FLG_ENABLE_KDEBUG_SYMBOL_LOAD 0x00040000
75 #define FLG_DISABLE_PAGE_KERNEL_STACKS 0x00080000
76 #if (NTDDI_VERSION < NTDDI_WINXP)
77 #define FLG_HEAP_ENABLE_CALL_TRACING 0x00100000
78 #else
79 #define FLG_ENABLE_SYSTEM_CRIT_BREAKS 0x00100000
80 #endif
81 #define FLG_HEAP_DISABLE_COALESCING 0x00200000
82 #define FLG_ENABLE_CLOSE_EXCEPTIONS 0x00400000
83 #define FLG_ENABLE_EXCEPTION_LOGGING 0x00800000
84 #define FLG_ENABLE_HANDLE_TYPE_TAGGING 0x01000000
85 #define FLG_HEAP_PAGE_ALLOCS 0x02000000
86 #define FLG_DEBUG_INITIAL_COMMAND_EX 0x04000000
87 #define FLG_VALID_BITS 0x07FFFFFF
88
89 //
90 // Flags for NtCreateProcessEx
91 //
92 #define PROCESS_CREATE_FLAGS_BREAKAWAY 0x00000001
93 #define PROCESS_CREATE_FLAGS_NO_DEBUG_INHERIT 0x00000002
94 #define PROCESS_CREATE_FLAGS_INHERIT_HANDLES 0x00000004
95 #define PROCESS_CREATE_FLAGS_OVERRIDE_ADDRESS_SPACE 0x00000008
96 #define PROCESS_CREATE_FLAGS_LARGE_PAGES 0x00000010
97 #define PROCESS_CREATE_FLAGS_ALL_LARGE_PAGE_FLAGS PROCESS_CREATE_FLAGS_LARGE_PAGES
98 #define PROCESS_CREATE_FLAGS_LEGAL_MASK (PROCESS_CREATE_FLAGS_BREAKAWAY | \
99 PROCESS_CREATE_FLAGS_NO_DEBUG_INHERIT | \
100 PROCESS_CREATE_FLAGS_INHERIT_HANDLES | \
101 PROCESS_CREATE_FLAGS_OVERRIDE_ADDRESS_SPACE | \
102 PROCESS_CREATE_FLAGS_ALL_LARGE_PAGE_FLAGS)
103
104 //
105 // Process priority classes
106 //
107 #define PROCESS_PRIORITY_CLASS_INVALID 0
108 #define PROCESS_PRIORITY_CLASS_IDLE 1
109 #define PROCESS_PRIORITY_CLASS_NORMAL 2
110 #define PROCESS_PRIORITY_CLASS_HIGH 3
111 #define PROCESS_PRIORITY_CLASS_REALTIME 4
112 #define PROCESS_PRIORITY_CLASS_BELOW_NORMAL 5
113 #define PROCESS_PRIORITY_CLASS_ABOVE_NORMAL 6
114
115 //
116 // Process base priorities
117 //
118 #define PROCESS_PRIORITY_IDLE 3
119 #define PROCESS_PRIORITY_NORMAL 8
120 #define PROCESS_PRIORITY_NORMAL_FOREGROUND 9
121
122 //
123 // Process memory priorities
124 //
125 #define MEMORY_PRIORITY_BACKGROUND 0
126 #define MEMORY_PRIORITY_UNKNOWN 1
127 #define MEMORY_PRIORITY_FOREGROUND 2
128
129 //
130 // Process Priority Separation Values (OR)
131 //
132 #define PSP_DEFAULT_QUANTUMS 0x00
133 #define PSP_VARIABLE_QUANTUMS 0x04
134 #define PSP_FIXED_QUANTUMS 0x08
135 #define PSP_LONG_QUANTUMS 0x10
136 #define PSP_SHORT_QUANTUMS 0x20
137
138 #ifndef NTOS_MODE_USER
139 //
140 // Thread Access Types
141 //
142 #define THREAD_QUERY_INFORMATION 0x0040
143 #define THREAD_SET_THREAD_TOKEN 0x0080
144 #define THREAD_IMPERSONATE 0x0100
145 #define THREAD_DIRECT_IMPERSONATION 0x0200
146
147 //
148 // Process Access Types
149 //
150 #define PROCESS_TERMINATE 0x0001
151 #define PROCESS_CREATE_THREAD 0x0002
152 #define PROCESS_SET_SESSIONID 0x0004
153 #define PROCESS_VM_OPERATION 0x0008
154 #define PROCESS_VM_READ 0x0010
155 #define PROCESS_VM_WRITE 0x0020
156 #define PROCESS_CREATE_PROCESS 0x0080
157 #define PROCESS_SET_QUOTA 0x0100
158 #define PROCESS_SET_INFORMATION 0x0200
159 #define PROCESS_QUERY_INFORMATION 0x0400
160 #define PROCESS_SUSPEND_RESUME 0x0800
161 #define PROCESS_QUERY_LIMITED_INFORMATION 0x1000
162 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
163 #define PROCESS_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | \
164 SYNCHRONIZE | \
165 0xFFFF)
166 #else
167 #define PROCESS_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | \
168 SYNCHRONIZE | \
169 0xFFF)
170 #endif
171
172 //
173 // Thread Base Priorities
174 //
175 #define THREAD_BASE_PRIORITY_LOWRT 15
176 #define THREAD_BASE_PRIORITY_MAX 2
177 #define THREAD_BASE_PRIORITY_MIN -2
178 #define THREAD_BASE_PRIORITY_IDLE -15
179
180 //
181 // TLS Slots
182 //
183 #define TLS_MINIMUM_AVAILABLE 64
184
185 //
186 // TEB Active Frame Flags
187 //
188 #define TEB_ACTIVE_FRAME_CONTEXT_FLAG_EXTENDED 0x1
189
190 //
191 // Job Access Types
192 //
193 #define JOB_OBJECT_ASSIGN_PROCESS 0x1
194 #define JOB_OBJECT_SET_ATTRIBUTES 0x2
195 #define JOB_OBJECT_QUERY 0x4
196 #define JOB_OBJECT_TERMINATE 0x8
197 #define JOB_OBJECT_SET_SECURITY_ATTRIBUTES 0x10
198 #define JOB_OBJECT_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | \
199 SYNCHRONIZE | \
200 31)
201
202 //
203 // Job Limit Flags
204 //
205 #define JOB_OBJECT_LIMIT_WORKINGSET 0x1
206 #define JOB_OBJECT_LIMIT_PROCESS_TIME 0x2
207 #define JOB_OBJECT_LIMIT_JOB_TIME 0x4
208 #define JOB_OBJECT_LIMIT_ACTIVE_PROCESS 0x8
209 #define JOB_OBJECT_LIMIT_AFFINITY 0x10
210 #define JOB_OBJECT_LIMIT_PRIORITY_CLASS 0x20
211 #define JOB_OBJECT_LIMIT_PRESERVE_JOB_TIME 0x40
212 #define JOB_OBJECT_LIMIT_SCHEDULING_CLASS 0x80
213 #define JOB_OBJECT_LIMIT_PROCESS_MEMORY 0x100
214 #define JOB_OBJECT_LIMIT_JOB_MEMORY 0x200
215 #define JOB_OBJECT_LIMIT_DIE_ON_UNHANDLED_EXCEPTION 0x400
216 #define JOB_OBJECT_LIMIT_BREAKAWAY_OK 0x800
217 #define JOB_OBJECT_LIMIT_SILENT_BREAKAWAY_OK 0x1000
218 #define JOB_OBJECT_LIMIT_KILL_ON_JOB_CLOSE 0x2000
219
220 //
221 // Cross Thread Flags
222 //
223 #define CT_TERMINATED_BIT 0x1
224 #define CT_DEAD_THREAD_BIT 0x2
225 #define CT_HIDE_FROM_DEBUGGER_BIT 0x4
226 #define CT_ACTIVE_IMPERSONATION_INFO_BIT 0x8
227 #define CT_SYSTEM_THREAD_BIT 0x10
228 #define CT_HARD_ERRORS_ARE_DISABLED_BIT 0x20
229 #define CT_BREAK_ON_TERMINATION_BIT 0x40
230 #define CT_SKIP_CREATION_MSG_BIT 0x80
231 #define CT_SKIP_TERMINATION_MSG_BIT 0x100
232
233 //
234 // Same Thread Passive Flags
235 //
236 #define STP_ACTIVE_EX_WORKER_BIT 0x1
237 #define STP_EX_WORKER_CAN_WAIT_USER_BIT 0x2
238 #define STP_MEMORY_MAKER_BIT 0x4
239 #define STP_KEYED_EVENT_IN_USE_BIT 0x8
240
241 //
242 // Same Thread APC Flags
243 //
244 #define STA_LPC_RECEIVED_MSG_ID_VALID_BIT 0x1
245 #define STA_LPC_EXIT_THREAD_CALLED_BIT 0x2
246 #define STA_ADDRESS_SPACE_OWNER_BIT 0x4
247 #define STA_OWNS_WORKING_SET_BITS 0x1F8
248
249 //
250 // Kernel Process flags (maybe in ketypes.h?)
251 //
252 #define KPSF_AUTO_ALIGNMENT_BIT 0
253 #define KPSF_DISABLE_BOOST_BIT 1
254
255 //
256 // Process Flags
257 //
258 #define PSF_CREATE_REPORTED_BIT 0x1
259 #define PSF_NO_DEBUG_INHERIT_BIT 0x2
260 #define PSF_PROCESS_EXITING_BIT 0x4
261 #define PSF_PROCESS_DELETE_BIT 0x8
262 #define PSF_WOW64_SPLIT_PAGES_BIT 0x10
263 #define PSF_VM_DELETED_BIT 0x20
264 #define PSF_OUTSWAP_ENABLED_BIT 0x40
265 #define PSF_OUTSWAPPED_BIT 0x80
266 #define PSF_FORK_FAILED_BIT 0x100
267 #define PSF_WOW64_VA_SPACE_4GB_BIT 0x200
268 #define PSF_ADDRESS_SPACE_INITIALIZED_BIT 0x400
269 #define PSF_SET_TIMER_RESOLUTION_BIT 0x1000
270 #define PSF_BREAK_ON_TERMINATION_BIT 0x2000
271 #define PSF_SESSION_CREATION_UNDERWAY_BIT 0x4000
272 #define PSF_WRITE_WATCH_BIT 0x8000
273 #define PSF_PROCESS_IN_SESSION_BIT 0x10000
274 #define PSF_OVERRIDE_ADDRESS_SPACE_BIT 0x20000
275 #define PSF_HAS_ADDRESS_SPACE_BIT 0x40000
276 #define PSF_LAUNCH_PREFETCHED_BIT 0x80000
277 #define PSF_INJECT_INPAGE_ERRORS_BIT 0x100000
278 #define PSF_VM_TOP_DOWN_BIT 0x200000
279 #define PSF_IMAGE_NOTIFY_DONE_BIT 0x400000
280 #define PSF_PDE_UPDATE_NEEDED_BIT 0x800000
281 #define PSF_VDM_ALLOWED_BIT 0x1000000
282 #define PSF_SWAP_ALLOWED_BIT 0x2000000
283 #define PSF_CREATE_FAILED_BIT 0x4000000
284 #define PSF_DEFAULT_IO_PRIORITY_BIT 0x8000000
285
286 //
287 // Vista Process Flags
288 //
289 #define PSF2_PROTECTED_BIT 0x800
290 #endif
291
292 //
293 // TLS/FLS Defines
294 //
295 #define TLS_EXPANSION_SLOTS 1024
296
297 #ifdef NTOS_MODE_USER
298 //
299 // Thread Native Base Priorities
300 //
301 #define LOW_PRIORITY 0
302 #define LOW_REALTIME_PRIORITY 16
303 #define HIGH_PRIORITY 31
304 #define MAXIMUM_PRIORITY 32
305
306 //
307 // Current Process/Thread built-in 'special' handles
308 //
309 #define NtCurrentProcess() ((HANDLE)(LONG_PTR)-1)
310 #define ZwCurrentProcess() NtCurrentProcess()
311 #define NtCurrentThread() ((HANDLE)(LONG_PTR)-2)
312 #define ZwCurrentThread() NtCurrentThread()
313
314 //
315 // Process/Thread/Job Information Classes for NtQueryInformationProcess/Thread/Job
316 //
317 typedef enum _PROCESSINFOCLASS
318 {
319 ProcessBasicInformation,
320 ProcessQuotaLimits,
321 ProcessIoCounters,
322 ProcessVmCounters,
323 ProcessTimes,
324 ProcessBasePriority,
325 ProcessRaisePriority,
326 ProcessDebugPort,
327 ProcessExceptionPort,
328 ProcessAccessToken,
329 ProcessLdtInformation,
330 ProcessLdtSize,
331 ProcessDefaultHardErrorMode,
332 ProcessIoPortHandlers,
333 ProcessPooledUsageAndLimits,
334 ProcessWorkingSetWatch,
335 ProcessUserModeIOPL,
336 ProcessEnableAlignmentFaultFixup,
337 ProcessPriorityClass,
338 ProcessWx86Information,
339 ProcessHandleCount,
340 ProcessAffinityMask,
341 ProcessPriorityBoost,
342 ProcessDeviceMap,
343 ProcessSessionInformation,
344 ProcessForegroundInformation,
345 ProcessWow64Information,
346 ProcessImageFileName,
347 ProcessLUIDDeviceMapsEnabled,
348 ProcessBreakOnTermination,
349 ProcessDebugObjectHandle,
350 ProcessDebugFlags,
351 ProcessHandleTracing,
352 ProcessIoPriority,
353 ProcessExecuteFlags,
354 ProcessTlsInformation,
355 ProcessCookie,
356 ProcessImageInformation,
357 ProcessCycleTime,
358 ProcessPagePriority,
359 ProcessInstrumentationCallback,
360 ProcessThreadStackAllocation,
361 ProcessWorkingSetWatchEx,
362 ProcessImageFileNameWin32,
363 ProcessImageFileMapping,
364 ProcessAffinityUpdateMode,
365 ProcessMemoryAllocationMode,
366 MaxProcessInfoClass
367 } PROCESSINFOCLASS;
368
369 typedef enum _THREADINFOCLASS
370 {
371 ThreadBasicInformation,
372 ThreadTimes,
373 ThreadPriority,
374 ThreadBasePriority,
375 ThreadAffinityMask,
376 ThreadImpersonationToken,
377 ThreadDescriptorTableEntry,
378 ThreadEnableAlignmentFaultFixup,
379 ThreadEventPair_Reusable,
380 ThreadQuerySetWin32StartAddress,
381 ThreadZeroTlsCell,
382 ThreadPerformanceCount,
383 ThreadAmILastThread,
384 ThreadIdealProcessor,
385 ThreadPriorityBoost,
386 ThreadSetTlsArrayAddress,
387 ThreadIsIoPending,
388 ThreadHideFromDebugger,
389 ThreadBreakOnTermination,
390 ThreadSwitchLegacyState,
391 ThreadIsTerminated,
392 ThreadLastSystemCall,
393 ThreadIoPriority,
394 ThreadCycleTime,
395 ThreadPagePriority,
396 ThreadActualBasePriority,
397 ThreadTebInformation,
398 ThreadCSwitchMon,
399 MaxThreadInfoClass
400 } THREADINFOCLASS;
401
402 #else
403
404 typedef enum _PSPROCESSPRIORITYMODE
405 {
406 PsProcessPriorityForeground,
407 PsProcessPriorityBackground,
408 PsProcessPrioritySpinning
409 } PSPROCESSPRIORITYMODE;
410
411 typedef enum _JOBOBJECTINFOCLASS
412 {
413 JobObjectBasicAccountingInformation = 1,
414 JobObjectBasicLimitInformation,
415 JobObjectBasicProcessIdList,
416 JobObjectBasicUIRestrictions,
417 JobObjectSecurityLimitInformation,
418 JobObjectEndOfJobTimeInformation,
419 JobObjectAssociateCompletionPortInformation,
420 JobObjectBasicAndIoAccountingInformation,
421 JobObjectExtendedLimitInformation,
422 JobObjectJobSetInformation,
423 MaxJobObjectInfoClass
424 } JOBOBJECTINFOCLASS;
425
426 //
427 // Power Event Events for Win32K Power Event Callback
428 //
429 typedef enum _PSPOWEREVENTTYPE
430 {
431 PsW32FullWake = 0,
432 PsW32EventCode = 1,
433 PsW32PowerPolicyChanged = 2,
434 PsW32SystemPowerState = 3,
435 PsW32SystemTime = 4,
436 PsW32DisplayState = 5,
437 PsW32CapabilitiesChanged = 6,
438 PsW32SetStateFailed = 7,
439 PsW32GdiOff = 8,
440 PsW32GdiOn = 9,
441 PsW32GdiPrepareResumeUI = 10,
442 PsW32GdiOffRequest = 11,
443 PsW32MonitorOff = 12,
444 } PSPOWEREVENTTYPE;
445
446 //
447 // Power State Tasks for Win32K Power State Callback
448 //
449 typedef enum _POWERSTATETASK
450 {
451 PowerState_BlockSessionSwitch = 0,
452 PowerState_Init = 1,
453 PowerState_QueryApps = 2,
454 PowerState_QueryServices = 3,
455 PowerState_QueryAppsFailed = 4,
456 PowerState_QueryServicesFailed = 5,
457 PowerState_SuspendApps = 6,
458 PowerState_SuspendServices = 7,
459 PowerState_ShowUI = 8,
460 PowerState_NotifyWL = 9,
461 PowerState_ResumeApps = 10,
462 PowerState_ResumeServices = 11,
463 PowerState_UnBlockSessionSwitch = 12,
464 PowerState_End = 13,
465 PowerState_BlockInput = 14,
466 PowerState_UnblockInput = 15,
467 } POWERSTATETASK;
468
469 //
470 // Win32K Job Callback Types
471 //
472 typedef enum _PSW32JOBCALLOUTTYPE
473 {
474 PsW32JobCalloutSetInformation = 0,
475 PsW32JobCalloutAddProcess = 1,
476 PsW32JobCalloutTerminate = 2,
477 } PSW32JOBCALLOUTTYPE;
478
479 //
480 // Win32K Thread Callback Types
481 //
482 typedef enum _PSW32THREADCALLOUTTYPE
483 {
484 PsW32ThreadCalloutInitialize,
485 PsW32ThreadCalloutExit,
486 } PSW32THREADCALLOUTTYPE;
487
488 //
489 // Declare empty structure definitions so that they may be referenced by
490 // routines before they are defined
491 //
492 struct _W32THREAD;
493 struct _W32PROCESS;
494 //struct _ETHREAD;
495 struct _WIN32_POWEREVENT_PARAMETERS;
496 struct _WIN32_POWERSTATE_PARAMETERS;
497 struct _WIN32_JOBCALLOUT_PARAMETERS;
498 struct _WIN32_OPENMETHOD_PARAMETERS;
499 struct _WIN32_OKAYTOCLOSEMETHOD_PARAMETERS;
500 struct _WIN32_CLOSEMETHOD_PARAMETERS;
501 struct _WIN32_DELETEMETHOD_PARAMETERS;
502 struct _WIN32_PARSEMETHOD_PARAMETERS;
503
504 //
505 // Win32K Process and Thread Callbacks
506 //
507 typedef
508 NTSTATUS
509 (NTAPI *PKWIN32_PROCESS_CALLOUT)(
510 _In_ struct _EPROCESS *Process,
511 _In_ BOOLEAN Create
512 );
513
514 typedef
515 NTSTATUS
516 (NTAPI *PKWIN32_THREAD_CALLOUT)(
517 _In_ struct _ETHREAD *Thread,
518 _In_ PSW32THREADCALLOUTTYPE Type
519 );
520
521 typedef
522 NTSTATUS
523 (NTAPI *PKWIN32_GLOBALATOMTABLE_CALLOUT)(
524 VOID
525 );
526
527 typedef
528 NTSTATUS
529 (NTAPI *PKWIN32_POWEREVENT_CALLOUT)(
530 _In_ struct _WIN32_POWEREVENT_PARAMETERS *Parameters
531 );
532
533 typedef
534 NTSTATUS
535 (NTAPI *PKWIN32_POWERSTATE_CALLOUT)(
536 _In_ struct _WIN32_POWERSTATE_PARAMETERS *Parameters
537 );
538
539 typedef
540 NTSTATUS
541 (NTAPI *PKWIN32_JOB_CALLOUT)(
542 _In_ struct _WIN32_JOBCALLOUT_PARAMETERS *Parameters
543 );
544
545 typedef
546 NTSTATUS
547 (NTAPI *PGDI_BATCHFLUSH_ROUTINE)(
548 VOID
549 );
550
551 typedef
552 NTSTATUS
553 (NTAPI *PKWIN32_OPENMETHOD_CALLOUT)(
554 _In_ struct _WIN32_OPENMETHOD_PARAMETERS *Parameters
555 );
556
557 typedef
558 NTSTATUS
559 (NTAPI *PKWIN32_OKTOCLOSEMETHOD_CALLOUT)(
560 _In_ struct _WIN32_OKAYTOCLOSEMETHOD_PARAMETERS *Parameters
561 );
562
563 typedef
564 NTSTATUS
565 (NTAPI *PKWIN32_CLOSEMETHOD_CALLOUT)(
566 _In_ struct _WIN32_CLOSEMETHOD_PARAMETERS *Parameters
567 );
568
569 typedef
570 NTSTATUS
571 (NTAPI *PKWIN32_DELETEMETHOD_CALLOUT)(
572 _In_ struct _WIN32_DELETEMETHOD_PARAMETERS *Parameters
573 );
574
575 typedef
576 NTSTATUS
577 (NTAPI *PKWIN32_PARSEMETHOD_CALLOUT)(
578 _In_ struct _WIN32_PARSEMETHOD_PARAMETERS *Parameters
579 );
580
581 typedef
582 NTSTATUS
583 (NTAPI *PKWIN32_SESSION_CALLOUT)(
584 _In_ PVOID Parameter
585 );
586
587 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
588 typedef
589 NTSTATUS
590 (NTAPI *PKWIN32_WIN32DATACOLLECTION_CALLOUT)(
591 _In_ struct _EPROCESS *Process,
592 _In_ PVOID Callback,
593 _In_ PVOID Context
594 );
595 #endif
596
597 //
598 // Lego Callback
599 //
600 typedef
601 VOID
602 (NTAPI *PLEGO_NOTIFY_ROUTINE)(
603 _In_ PKTHREAD Thread
604 );
605
606 #endif
607
608 typedef NTSTATUS
609 (NTAPI *PPOST_PROCESS_INIT_ROUTINE)(
610 VOID
611 );
612
613 //
614 // Descriptor Table Entry Definition
615 //
616 #if (_M_IX86)
617 #define _DESCRIPTOR_TABLE_ENTRY_DEFINED
618 typedef struct _DESCRIPTOR_TABLE_ENTRY
619 {
620 ULONG Selector;
621 LDT_ENTRY Descriptor;
622 } DESCRIPTOR_TABLE_ENTRY, *PDESCRIPTOR_TABLE_ENTRY;
623 #endif
624
625 //
626 // PEB Lock Routine
627 //
628 typedef VOID
629 (NTAPI *PPEBLOCKROUTINE)(
630 PVOID PebLock
631 );
632
633 //
634 // PEB Free Block Descriptor
635 //
636 typedef struct _PEB_FREE_BLOCK
637 {
638 struct _PEB_FREE_BLOCK* Next;
639 ULONG Size;
640 } PEB_FREE_BLOCK, *PPEB_FREE_BLOCK;
641
642 //
643 // Initial PEB
644 //
645 typedef struct _INITIAL_PEB
646 {
647 BOOLEAN InheritedAddressSpace;
648 BOOLEAN ReadImageFileExecOptions;
649 BOOLEAN BeingDebugged;
650 union
651 {
652 BOOLEAN BitField;
653 #if (NTDDI_VERSION >= NTDDI_WS03)
654 struct
655 {
656 BOOLEAN ImageUsesLargePages:1;
657 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
658 BOOLEAN IsProtectedProcess:1;
659 BOOLEAN IsLegacyProcess:1;
660 BOOLEAN SpareBits:5;
661 #else
662 BOOLEAN SpareBits:7;
663 #endif
664 };
665 #else
666 BOOLEAN SpareBool;
667 #endif
668 };
669 HANDLE Mutant;
670 } INITIAL_PEB, *PINITIAL_PEB;
671
672 //
673 // Initial TEB
674 //
675 typedef struct _INITIAL_TEB
676 {
677 PVOID PreviousStackBase;
678 PVOID PreviousStackLimit;
679 PVOID StackBase;
680 PVOID StackLimit;
681 PVOID AllocatedStackBase;
682 } INITIAL_TEB, *PINITIAL_TEB;
683
684 //
685 // TEB Active Frame Structures
686 //
687 typedef struct _TEB_ACTIVE_FRAME_CONTEXT
688 {
689 ULONG Flags;
690 LPSTR FrameName;
691 } TEB_ACTIVE_FRAME_CONTEXT, *PTEB_ACTIVE_FRAME_CONTEXT;
692 typedef const struct _TEB_ACTIVE_FRAME_CONTEXT *PCTEB_ACTIVE_FRAME_CONTEXT;
693
694 typedef struct _TEB_ACTIVE_FRAME_CONTEXT_EX
695 {
696 TEB_ACTIVE_FRAME_CONTEXT BasicContext;
697 PCSTR SourceLocation;
698 } TEB_ACTIVE_FRAME_CONTEXT_EX, *PTEB_ACTIVE_FRAME_CONTEXT_EX;
699 typedef const struct _TEB_ACTIVE_FRAME_CONTEXT_EX *PCTEB_ACTIVE_FRAME_CONTEXT_EX;
700
701 typedef struct _TEB_ACTIVE_FRAME
702 {
703 ULONG Flags;
704 struct _TEB_ACTIVE_FRAME *Previous;
705 PCTEB_ACTIVE_FRAME_CONTEXT Context;
706 } TEB_ACTIVE_FRAME, *PTEB_ACTIVE_FRAME;
707 typedef const struct _TEB_ACTIVE_FRAME *PCTEB_ACTIVE_FRAME;
708
709 typedef struct _TEB_ACTIVE_FRAME_EX
710 {
711 TEB_ACTIVE_FRAME BasicFrame;
712 PVOID ExtensionIdentifier;
713 } TEB_ACTIVE_FRAME_EX, *PTEB_ACTIVE_FRAME_EX;
714 typedef const struct _TEB_ACTIVE_FRAME_EX *PCTEB_ACTIVE_FRAME_EX;
715
716 typedef struct _CLIENT_ID32
717 {
718 ULONG UniqueProcess;
719 ULONG UniqueThread;
720 } CLIENT_ID32, *PCLIENT_ID32;
721
722 typedef struct _CLIENT_ID64
723 {
724 ULONG64 UniqueProcess;
725 ULONG64 UniqueThread;
726 } CLIENT_ID64, *PCLIENT_ID64;
727
728 #if (NTDDI_VERSION < NTDDI_WS03)
729 typedef struct _Wx86ThreadState
730 {
731 PULONG CallBx86Eip;
732 PVOID DeallocationCpu;
733 BOOLEAN UseKnownWx86Dll;
734 CHAR OleStubInvoked;
735 } Wx86ThreadState, *PWx86ThreadState;
736 #endif
737
738 //
739 // PEB.AppCompatFlags
740 // Tag FLAG_MASK_KERNEL
741 //
742 typedef enum _APPCOMPAT_FLAGS
743 {
744 GetShortPathNameNT4 = 0x1,
745 GetDiskFreeSpace2GB = 0x8,
746 FTMFromCurrentAPI = 0x20,
747 DisallowCOMBindingNotifications = 0x40,
748 Ole32ValidatePointers = 0x80,
749 DisableCicero = 0x100,
750 Ole32EnableAsyncDocFile = 0x200,
751 EnableLegacyExceptionHandlinginOLE = 0x400,
752 DisableAdvanceRPCClientHardening = 0x800,
753 DisableMaybeNULLSizeisConsistencycheck = 0x1000,
754 DisableAdvancedRPCrangeCheck = 0x4000,
755 EnableLegacyExceptionHandlingInRPC = 0x8000,
756 EnableLegacyNTFSFlagsForDocfileOpens = 0x10000,
757 DisableNDRIIDConsistencyCheck = 0x20000,
758 UserDisableForwarderPatch = 0x40000,
759 DisableNewWMPAINTDispatchInOLE = 0x100000,
760 DoNotAddToCache = 0x80000000,
761 } APPCOMPAT_FLAGS;
762
763
764 //
765 // PEB.AppCompatFlagsUser.LowPart
766 // Tag FLAG_MASK_USER
767 //
768 typedef enum _APPCOMPAT_USERFLAGS
769 {
770 DisableAnimation = 0x1,
771 DisableKeyboardCues = 0x2,
772 No50StylebitsInSetWindowLong = 0x4,
773 DisableDrawPatternRect = 0x8,
774 MSShellDialog = 0x10,
775 NoDDETerminateDuringDestroy = 0x20,
776 GiveupForeground = 0x40,
777 AlwaysActiveMenus = 0x80,
778 NoMouseHideInEdit = 0x100,
779 NoGdiBatching = 0x200,
780 FontSubstitution = 0x400,
781 No50StylebitsInCreateWindow = 0x800,
782 NoCustomPaperSizes = 0x1000,
783 AllTheDdeHacks = 0x2000,
784 UseDefaultCharset = 0x4000,
785 NoCharDeadKey = 0x8000,
786 NoTryExceptForWindowProc = 0x10000,
787 NoInitInsertReplaceFlags = 0x20000,
788 NoDdeSync = 0x40000,
789 NoGhost = 0x80000,
790 NoDdeAsyncReg = 0x100000,
791 StrictLLHook = 0x200000,
792 NoShadow = 0x400000,
793 NoTimerCallbackProtection = 0x1000000,
794 HighDpiAware = 0x2000000,
795 OpenGLEmfAware = 0x4000000,
796 EnableTransparantBltMirror = 0x8000000,
797 NoPaddedBorder = 0x10000000,
798 ForceLegacyResizeCM = 0x20000000,
799 HardwareAudioMixer = 0x40000000,
800 DisableSWCursorOnMoveSize = 0x80000000,
801 #if 0
802 DisableWindowArrangement = 0x100000000,
803 ReorderWaveForCommunications = 0x200000000,
804 NoGdiHwAcceleration = 0x400000000,
805 #endif
806 } APPCOMPAT_USERFLAGS;
807
808 //
809 // PEB.AppCompatFlagsUser.HighPart
810 // Tag FLAG_MASK_USER
811 //
812 typedef enum _APPCOMPAT_USERFLAGS_HIGHPART
813 {
814 DisableWindowArrangement = 0x1,
815 ReorderWaveForCommunications = 0x2,
816 NoGdiHwAcceleration = 0x4,
817 } APPCOMPAT_USERFLAGS_HIGHPART;
818
819 //
820 // Process Environment Block (PEB)
821 // Thread Environment Block (TEB)
822 //
823 #include "peb_teb.h"
824
825 #ifdef _WIN64
826 //
827 // Explicit 32 bit PEB/TEB
828 //
829 #define EXPLICIT_32BIT
830 #include "peb_teb.h"
831 #undef EXPLICIT_32BIT
832
833 //
834 // Explicit 64 bit PEB/TEB
835 //
836 #define EXPLICIT_64BIT
837 #include "peb_teb.h"
838 #undef EXPLICIT_64BIT
839 #endif
840
841 #ifdef NTOS_MODE_USER
842
843 //
844 // Process Information Structures for NtQueryProcessInformation
845 //
846 typedef struct _PROCESS_BASIC_INFORMATION
847 {
848 NTSTATUS ExitStatus;
849 PPEB PebBaseAddress;
850 ULONG_PTR AffinityMask;
851 KPRIORITY BasePriority;
852 ULONG_PTR UniqueProcessId;
853 ULONG_PTR InheritedFromUniqueProcessId;
854 } PROCESS_BASIC_INFORMATION, *PPROCESS_BASIC_INFORMATION;
855
856 typedef struct _PROCESS_ACCESS_TOKEN
857 {
858 HANDLE Token;
859 HANDLE Thread;
860 } PROCESS_ACCESS_TOKEN, *PPROCESS_ACCESS_TOKEN;
861
862 typedef struct _PROCESS_DEVICEMAP_INFORMATION
863 {
864 union
865 {
866 struct
867 {
868 HANDLE DirectoryHandle;
869 } Set;
870 struct
871 {
872 ULONG DriveMap;
873 UCHAR DriveType[32];
874 } Query;
875 };
876 } PROCESS_DEVICEMAP_INFORMATION, *PPROCESS_DEVICEMAP_INFORMATION;
877
878 typedef struct _KERNEL_USER_TIMES
879 {
880 LARGE_INTEGER CreateTime;
881 LARGE_INTEGER ExitTime;
882 LARGE_INTEGER KernelTime;
883 LARGE_INTEGER UserTime;
884 } KERNEL_USER_TIMES, *PKERNEL_USER_TIMES;
885
886 typedef struct _POOLED_USAGE_AND_LIMITS
887 {
888 SIZE_T PeakPagedPoolUsage;
889 SIZE_T PagedPoolUsage;
890 SIZE_T PagedPoolLimit;
891 SIZE_T PeakNonPagedPoolUsage;
892 SIZE_T NonPagedPoolUsage;
893 SIZE_T NonPagedPoolLimit;
894 SIZE_T PeakPagefileUsage;
895 SIZE_T PagefileUsage;
896 SIZE_T PagefileLimit;
897 } POOLED_USAGE_AND_LIMITS, *PPOOLED_USAGE_AND_LIMITS;
898
899 typedef struct _PROCESS_SESSION_INFORMATION
900 {
901 ULONG SessionId;
902 } PROCESS_SESSION_INFORMATION, *PPROCESS_SESSION_INFORMATION;
903
904 #endif
905
906 typedef struct _PROCESS_PRIORITY_CLASS
907 {
908 BOOLEAN Foreground;
909 UCHAR PriorityClass;
910 } PROCESS_PRIORITY_CLASS, *PPROCESS_PRIORITY_CLASS;
911
912 typedef struct _PROCESS_FOREGROUND_BACKGROUND
913 {
914 BOOLEAN Foreground;
915 } PROCESS_FOREGROUND_BACKGROUND, *PPROCESS_FOREGROUND_BACKGROUND;
916
917 //
918 // Apphelp SHIM Cache
919 //
920 typedef enum _APPHELPCACHESERVICECLASS
921 {
922 ApphelpCacheServiceLookup = 0,
923 ApphelpCacheServiceRemove = 1,
924 ApphelpCacheServiceUpdate = 2,
925 ApphelpCacheServiceFlush = 3,
926 ApphelpCacheServiceDump = 4,
927
928 ApphelpDBGReadRegistry = 0x100,
929 ApphelpDBGWriteRegistry = 0x101,
930 } APPHELPCACHESERVICECLASS;
931
932
933 typedef struct _APPHELP_CACHE_SERVICE_LOOKUP
934 {
935 UNICODE_STRING ImageName;
936 HANDLE ImageHandle;
937 } APPHELP_CACHE_SERVICE_LOOKUP, *PAPPHELP_CACHE_SERVICE_LOOKUP;
938
939
940 //
941 // Thread Information Structures for NtQueryProcessInformation
942 //
943 typedef struct _THREAD_BASIC_INFORMATION
944 {
945 NTSTATUS ExitStatus;
946 PVOID TebBaseAddress;
947 CLIENT_ID ClientId;
948 KAFFINITY AffinityMask;
949 KPRIORITY Priority;
950 KPRIORITY BasePriority;
951 } THREAD_BASIC_INFORMATION, *PTHREAD_BASIC_INFORMATION;
952
953 #ifndef NTOS_MODE_USER
954
955 //
956 // Job Set Array
957 //
958 typedef struct _JOB_SET_ARRAY
959 {
960 HANDLE JobHandle;
961 ULONG MemberLevel;
962 ULONG Flags;
963 } JOB_SET_ARRAY, *PJOB_SET_ARRAY;
964
965 //
966 // EPROCESS Quota Structures
967 //
968 typedef struct _EPROCESS_QUOTA_ENTRY
969 {
970 SIZE_T Usage;
971 SIZE_T Limit;
972 SIZE_T Peak;
973 SIZE_T Return;
974 } EPROCESS_QUOTA_ENTRY, *PEPROCESS_QUOTA_ENTRY;
975
976 typedef struct _EPROCESS_QUOTA_BLOCK
977 {
978 EPROCESS_QUOTA_ENTRY QuotaEntry[3];
979 LIST_ENTRY QuotaList;
980 ULONG ReferenceCount;
981 ULONG ProcessCount;
982 } EPROCESS_QUOTA_BLOCK, *PEPROCESS_QUOTA_BLOCK;
983
984 //
985 // Process Pagefault History
986 //
987 typedef struct _PAGEFAULT_HISTORY
988 {
989 ULONG CurrentIndex;
990 ULONG MapIndex;
991 KSPIN_LOCK SpinLock;
992 PVOID Reserved;
993 PROCESS_WS_WATCH_INFORMATION WatchInfo[1];
994 } PAGEFAULT_HISTORY, *PPAGEFAULT_HISTORY;
995
996 //
997 // Process Impersonation Information
998 //
999 typedef struct _PS_IMPERSONATION_INFORMATION
1000 {
1001 PACCESS_TOKEN Token;
1002 BOOLEAN CopyOnOpen;
1003 BOOLEAN EffectiveOnly;
1004 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
1005 } PS_IMPERSONATION_INFORMATION, *PPS_IMPERSONATION_INFORMATION;
1006
1007 //
1008 // Process Termination Port
1009 //
1010 typedef struct _TERMINATION_PORT
1011 {
1012 struct _TERMINATION_PORT *Next;
1013 PVOID Port;
1014 } TERMINATION_PORT, *PTERMINATION_PORT;
1015
1016 //
1017 // Per-Process APC Rate Limiting
1018 //
1019 typedef struct _PSP_RATE_APC
1020 {
1021 union
1022 {
1023 SINGLE_LIST_ENTRY NextApc;
1024 ULONGLONG ExcessCycles;
1025 };
1026 ULONGLONG TargetGEneration;
1027 KAPC RateApc;
1028 } PSP_RATE_APC, *PPSP_RATE_APC;
1029
1030 //
1031 // Executive Thread (ETHREAD)
1032 //
1033 typedef struct _ETHREAD
1034 {
1035 KTHREAD Tcb;
1036 LARGE_INTEGER CreateTime;
1037 union
1038 {
1039 LARGE_INTEGER ExitTime;
1040 LIST_ENTRY LpcReplyChain;
1041 LIST_ENTRY KeyedWaitChain;
1042 };
1043 union
1044 {
1045 NTSTATUS ExitStatus;
1046 PVOID OfsChain;
1047 };
1048 LIST_ENTRY PostBlockList;
1049 union
1050 {
1051 struct _TERMINATION_PORT *TerminationPort;
1052 struct _ETHREAD *ReaperLink;
1053 PVOID KeyedWaitValue;
1054 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1055 PVOID Win32StartParameter;
1056 #endif
1057 };
1058 KSPIN_LOCK ActiveTimerListLock;
1059 LIST_ENTRY ActiveTimerListHead;
1060 CLIENT_ID Cid;
1061 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1062 KSEMAPHORE KeyedWaitSemaphore;
1063 #else
1064 union
1065 {
1066 KSEMAPHORE LpcReplySemaphore;
1067 KSEMAPHORE KeyedWaitSemaphore;
1068 };
1069 union
1070 {
1071 PVOID LpcReplyMessage;
1072 PVOID LpcWaitingOnPort;
1073 };
1074 #endif
1075 PPS_IMPERSONATION_INFORMATION ImpersonationInfo;
1076 LIST_ENTRY IrpList;
1077 ULONG_PTR TopLevelIrp;
1078 PDEVICE_OBJECT DeviceToVerify;
1079 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1080 PPSP_RATE_APC RateControlApc;
1081 #else
1082 struct _EPROCESS *ThreadsProcess;
1083 #endif
1084 PVOID Win32StartAddress;
1085 union
1086 {
1087 PKSTART_ROUTINE StartAddress;
1088 ULONG LpcReceivedMessageId;
1089 };
1090 LIST_ENTRY ThreadListEntry;
1091 EX_RUNDOWN_REF RundownProtect;
1092 EX_PUSH_LOCK ThreadLock;
1093 #if (NTDDI_VERSION < NTDDI_LONGHORN)
1094 ULONG LpcReplyMessageId;
1095 #endif
1096 ULONG ReadClusterSize;
1097 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1098 ULONG SpareUlong0;
1099 #else
1100 ACCESS_MASK GrantedAccess;
1101 #endif
1102 union
1103 {
1104 struct
1105 {
1106 ULONG Terminated:1;
1107 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1108 ULONG ThreadInserted:1;
1109 #else
1110 ULONG DeadThread:1;
1111 #endif
1112 ULONG HideFromDebugger:1;
1113 ULONG ActiveImpersonationInfo:1;
1114 ULONG SystemThread:1;
1115 ULONG HardErrorsAreDisabled:1;
1116 ULONG BreakOnTermination:1;
1117 ULONG SkipCreationMsg:1;
1118 ULONG SkipTerminationMsg:1;
1119 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1120 ULONG CreateMsgSent:1;
1121 ULONG ThreadIoPriority:3;
1122 ULONG ThreadPagePriority:3;
1123 ULONG PendingRatecontrol:1;
1124 #endif
1125 };
1126 ULONG CrossThreadFlags;
1127 };
1128 union
1129 {
1130 struct
1131 {
1132 ULONG ActiveExWorker:1;
1133 ULONG ExWorkerCanWaitUser:1;
1134 ULONG MemoryMaker:1;
1135 ULONG KeyedEventInUse:1;
1136 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1137 ULONG RateApcState:2;
1138 #endif
1139 };
1140 ULONG SameThreadPassiveFlags;
1141 };
1142 union
1143 {
1144 struct
1145 {
1146 ULONG LpcReceivedMsgIdValid:1;
1147 ULONG LpcExitThreadCalled:1;
1148 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1149 ULONG Spare:1;
1150 #else
1151 ULONG AddressSpaceOwner:1;
1152 #endif
1153 ULONG OwnsProcessWorkingSetExclusive:1;
1154 ULONG OwnsProcessWorkingSetShared:1;
1155 ULONG OwnsSystemWorkingSetExclusive:1;
1156 ULONG OwnsSystemWorkingSetShared:1;
1157 ULONG OwnsSessionWorkingSetExclusive:1;
1158 ULONG OwnsSessionWorkingSetShared:1;
1159 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1160 ULONG SuppressSymbolLoad:1;
1161 ULONG Spare1:3;
1162 ULONG PriorityRegionActive:4;
1163 #else
1164 ULONG ApcNeeded:1;
1165 #endif
1166 };
1167 ULONG SameThreadApcFlags;
1168 };
1169 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1170 UCHAR CacheManagerActive;
1171 #else
1172 UCHAR ForwardClusterOnly;
1173 #endif
1174 UCHAR DisablePageFaultClustering;
1175 UCHAR ActiveFaultCount;
1176 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1177 ULONG AlpcMessageId;
1178 union
1179 {
1180 PVOID AlpcMessage;
1181 ULONG AlpcReceiveAttributeSet;
1182 };
1183 LIST_ENTRY AlpcWaitListEntry;
1184 KSEMAPHORE AlpcWaitSemaphore;
1185 ULONG CacheManagerCount;
1186 #endif
1187 } ETHREAD;
1188
1189 //
1190 // Executive Process (EPROCESS)
1191 //
1192 typedef struct _EPROCESS
1193 {
1194 KPROCESS Pcb;
1195 EX_PUSH_LOCK ProcessLock;
1196 LARGE_INTEGER CreateTime;
1197 LARGE_INTEGER ExitTime;
1198 EX_RUNDOWN_REF RundownProtect;
1199 HANDLE UniqueProcessId;
1200 LIST_ENTRY ActiveProcessLinks;
1201 SIZE_T QuotaUsage[3]; /* 0=PagedPool, 1=NonPagedPool, 2=Pagefile */
1202 SIZE_T QuotaPeak[3]; /* ditto */
1203 SIZE_T CommitCharge;
1204 SIZE_T PeakVirtualSize;
1205 SIZE_T VirtualSize;
1206 LIST_ENTRY SessionProcessLinks;
1207 PVOID DebugPort;
1208 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1209 union
1210 {
1211 PVOID ExceptionPortData;
1212 ULONG ExceptionPortValue;
1213 UCHAR ExceptionPortState:3;
1214 };
1215 #else
1216 PVOID ExceptionPort;
1217 #endif
1218 PHANDLE_TABLE ObjectTable;
1219 EX_FAST_REF Token;
1220 PFN_NUMBER WorkingSetPage;
1221 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1222 EX_PUSH_LOCK AddressCreationLock;
1223 PETHREAD RotateInProgress;
1224 #else
1225 KGUARDED_MUTEX AddressCreationLock;
1226 KSPIN_LOCK HyperSpaceLock;
1227 #endif
1228 PETHREAD ForkInProgress;
1229 ULONG_PTR HardwareTrigger;
1230 PMM_AVL_TABLE PhysicalVadRoot;
1231 PVOID CloneRoot;
1232 PFN_NUMBER NumberOfPrivatePages;
1233 PFN_NUMBER NumberOfLockedPages;
1234 PVOID *Win32Process;
1235 struct _EJOB *Job;
1236 PVOID SectionObject;
1237 PVOID SectionBaseAddress;
1238 PEPROCESS_QUOTA_BLOCK QuotaBlock;
1239 PPAGEFAULT_HISTORY WorkingSetWatch;
1240 PVOID Win32WindowStation;
1241 HANDLE InheritedFromUniqueProcessId;
1242 PVOID LdtInformation;
1243 PVOID VadFreeHint;
1244 PVOID VdmObjects;
1245 PVOID DeviceMap;
1246 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1247 PVOID EtwDataSource;
1248 PVOID FreeTebHint;
1249 #else
1250 PVOID Spare0[3];
1251 #endif
1252 union
1253 {
1254 HARDWARE_PTE PageDirectoryPte;
1255 ULONGLONG Filler;
1256 };
1257 PVOID Session;
1258 CHAR ImageFileName[16];
1259 LIST_ENTRY JobLinks;
1260 PVOID LockedPagesList;
1261 LIST_ENTRY ThreadListHead;
1262 PVOID SecurityPort;
1263 #ifdef _M_AMD64
1264 struct _WOW64_PROCESS *Wow64Process;
1265 #else
1266 PVOID PaeTop;
1267 #endif
1268 ULONG ActiveThreads;
1269 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1270 ULONG ImagePathHash;
1271 #else
1272 ACCESS_MASK GrantedAccess;
1273 #endif
1274 ULONG DefaultHardErrorProcessing;
1275 NTSTATUS LastThreadExitStatus;
1276 struct _PEB* Peb;
1277 EX_FAST_REF PrefetchTrace;
1278 LARGE_INTEGER ReadOperationCount;
1279 LARGE_INTEGER WriteOperationCount;
1280 LARGE_INTEGER OtherOperationCount;
1281 LARGE_INTEGER ReadTransferCount;
1282 LARGE_INTEGER WriteTransferCount;
1283 LARGE_INTEGER OtherTransferCount;
1284 SIZE_T CommitChargeLimit;
1285 SIZE_T CommitChargePeak;
1286 PVOID AweInfo;
1287 SE_AUDIT_PROCESS_CREATION_INFO SeAuditProcessCreationInfo;
1288 MMSUPPORT Vm;
1289 #ifdef _M_AMD64
1290 ULONG Spares[2];
1291 #else
1292 LIST_ENTRY MmProcessLinks;
1293 #endif
1294 ULONG ModifiedPageCount;
1295 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1296 union
1297 {
1298 struct
1299 {
1300 ULONG JobNotReallyActive:1;
1301 ULONG AccountingFolded:1;
1302 ULONG NewProcessReported:1;
1303 ULONG ExitProcessReported:1;
1304 ULONG ReportCommitChanges:1;
1305 ULONG LastReportMemory:1;
1306 ULONG ReportPhysicalPageChanges:1;
1307 ULONG HandleTableRundown:1;
1308 ULONG NeedsHandleRundown:1;
1309 ULONG RefTraceEnabled:1;
1310 ULONG NumaAware:1;
1311 ULONG ProtectedProcess:1;
1312 ULONG DefaultPagePriority:3;
1313 ULONG ProcessDeleteSelf:1;
1314 ULONG ProcessVerifierTarget:1;
1315 };
1316 ULONG Flags2;
1317 };
1318 #else
1319 ULONG JobStatus;
1320 #endif
1321 union
1322 {
1323 struct
1324 {
1325 ULONG CreateReported:1;
1326 ULONG NoDebugInherit:1;
1327 ULONG ProcessExiting:1;
1328 ULONG ProcessDelete:1;
1329 ULONG Wow64SplitPages:1;
1330 ULONG VmDeleted:1;
1331 ULONG OutswapEnabled:1;
1332 ULONG Outswapped:1;
1333 ULONG ForkFailed:1;
1334 ULONG Wow64VaSpace4Gb:1;
1335 ULONG AddressSpaceInitialized:2;
1336 ULONG SetTimerResolution:1;
1337 ULONG BreakOnTermination:1;
1338 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1339 ULONG DeprioritizeViews:1;
1340 #else
1341 ULONG SessionCreationUnderway:1;
1342 #endif
1343 ULONG WriteWatch:1;
1344 ULONG ProcessInSession:1;
1345 ULONG OverrideAddressSpace:1;
1346 ULONG HasAddressSpace:1;
1347 ULONG LaunchPrefetched:1;
1348 ULONG InjectInpageErrors:1;
1349 ULONG VmTopDown:1;
1350 ULONG ImageNotifyDone:1;
1351 ULONG PdeUpdateNeeded:1;
1352 ULONG VdmAllowed:1;
1353 ULONG SmapAllowed:1;
1354 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1355 ULONG ProcessInserted:1;
1356 #else
1357 ULONG CreateFailed:1;
1358 #endif
1359 ULONG DefaultIoPriority:3;
1360 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1361 ULONG SparePsFlags1:2;
1362 #else
1363 ULONG Spare1:1;
1364 ULONG Spare2:1;
1365 #endif
1366 };
1367 ULONG Flags;
1368 };
1369 NTSTATUS ExitStatus;
1370 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1371 USHORT Spare7;
1372 #else
1373 USHORT NextPageColor;
1374 #endif
1375 union
1376 {
1377 struct
1378 {
1379 UCHAR SubSystemMinorVersion;
1380 UCHAR SubSystemMajorVersion;
1381 };
1382 USHORT SubSystemVersion;
1383 };
1384 UCHAR PriorityClass;
1385 MM_AVL_TABLE VadRoot;
1386 ULONG Cookie;
1387 } EPROCESS;
1388
1389 //
1390 // Job Token Filter Data
1391 //
1392 #include <pshpack1.h>
1393 typedef struct _PS_JOB_TOKEN_FILTER
1394 {
1395 ULONG CapturedSidCount;
1396 PSID_AND_ATTRIBUTES CapturedSids;
1397 ULONG CapturedSidsLength;
1398 ULONG CapturedGroupCount;
1399 PSID_AND_ATTRIBUTES CapturedGroups;
1400 ULONG CapturedGroupsLength;
1401 ULONG CapturedPrivilegeCount;
1402 PLUID_AND_ATTRIBUTES CapturedPrivileges;
1403 ULONG CapturedPrivilegesLength;
1404 } PS_JOB_TOKEN_FILTER, *PPS_JOB_TOKEN_FILTER;
1405
1406 //
1407 // Executive Job (EJOB)
1408 //
1409 typedef struct _EJOB
1410 {
1411 KEVENT Event;
1412 LIST_ENTRY JobLinks;
1413 LIST_ENTRY ProcessListHead;
1414 ERESOURCE JobLock;
1415 LARGE_INTEGER TotalUserTime;
1416 LARGE_INTEGER TotalKernelTime;
1417 LARGE_INTEGER ThisPeriodTotalUserTime;
1418 LARGE_INTEGER ThisPeriodTotalKernelTime;
1419 ULONG TotalPageFaultCount;
1420 ULONG TotalProcesses;
1421 ULONG ActiveProcesses;
1422 ULONG TotalTerminatedProcesses;
1423 LARGE_INTEGER PerProcessUserTimeLimit;
1424 LARGE_INTEGER PerJobUserTimeLimit;
1425 ULONG LimitFlags;
1426 ULONG MinimumWorkingSetSize;
1427 ULONG MaximumWorkingSetSize;
1428 ULONG ActiveProcessLimit;
1429 ULONG Affinity;
1430 UCHAR PriorityClass;
1431 ULONG UIRestrictionsClass;
1432 ULONG SecurityLimitFlags;
1433 PVOID Token;
1434 PPS_JOB_TOKEN_FILTER Filter;
1435 ULONG EndOfJobTimeAction;
1436 PVOID CompletionPort;
1437 PVOID CompletionKey;
1438 ULONG SessionId;
1439 ULONG SchedulingClass;
1440 ULONGLONG ReadOperationCount;
1441 ULONGLONG WriteOperationCount;
1442 ULONGLONG OtherOperationCount;
1443 ULONGLONG ReadTransferCount;
1444 ULONGLONG WriteTransferCount;
1445 ULONGLONG OtherTransferCount;
1446 IO_COUNTERS IoInfo;
1447 ULONG ProcessMemoryLimit;
1448 ULONG JobMemoryLimit;
1449 ULONG PeakProcessMemoryUsed;
1450 ULONG PeakJobMemoryUsed;
1451 ULONG CurrentJobMemoryUsed;
1452 #if (NTDDI_VERSION >= NTDDI_WINXP) && (NTDDI_VERSION < NTDDI_WS03)
1453 FAST_MUTEX MemoryLimitsLock;
1454 #elif (NTDDI_VERSION >= NTDDI_WS03) && (NTDDI_VERSION < NTDDI_LONGHORN)
1455 KGUARDED_MUTEX MemoryLimitsLock;
1456 #elif (NTDDI_VERSION >= NTDDI_LONGHORN)
1457 EX_PUSH_LOCK MemoryLimitsLock;
1458 #endif
1459 LIST_ENTRY JobSetLinks;
1460 ULONG MemberLevel;
1461 ULONG JobFlags;
1462 } EJOB, *PEJOB;
1463 #include <poppack.h>
1464
1465 //
1466 // Win32K Callback Registration Data
1467 //
1468 typedef struct _WIN32_POWEREVENT_PARAMETERS
1469 {
1470 PSPOWEREVENTTYPE EventNumber;
1471 ULONG Code;
1472 } WIN32_POWEREVENT_PARAMETERS, *PWIN32_POWEREVENT_PARAMETERS;
1473
1474 typedef struct _WIN32_POWERSTATE_PARAMETERS
1475 {
1476 UCHAR Promotion;
1477 POWER_ACTION SystemAction;
1478 SYSTEM_POWER_STATE MinSystemState;
1479 ULONG Flags;
1480 POWERSTATETASK PowerStateTask;
1481 } WIN32_POWERSTATE_PARAMETERS, *PWIN32_POWERSTATE_PARAMETERS;
1482
1483 typedef struct _WIN32_JOBCALLOUT_PARAMETERS
1484 {
1485 PVOID Job;
1486 PSW32JOBCALLOUTTYPE CalloutType;
1487 PVOID Data;
1488 } WIN32_JOBCALLOUT_PARAMETERS, *PWIN32_JOBCALLOUT_PARAMETERS;
1489
1490 typedef struct _WIN32_OPENMETHOD_PARAMETERS
1491 {
1492 OB_OPEN_REASON OpenReason;
1493 PEPROCESS Process;
1494 PVOID Object;
1495 ULONG GrantedAccess;
1496 ULONG HandleCount;
1497 } WIN32_OPENMETHOD_PARAMETERS, *PWIN32_OPENMETHOD_PARAMETERS;
1498
1499 typedef struct _WIN32_OKAYTOCLOSEMETHOD_PARAMETERS
1500 {
1501 PEPROCESS Process;
1502 PVOID Object;
1503 HANDLE Handle;
1504 KPROCESSOR_MODE PreviousMode;
1505 } WIN32_OKAYTOCLOSEMETHOD_PARAMETERS, *PWIN32_OKAYTOCLOSEMETHOD_PARAMETERS;
1506
1507 typedef struct _WIN32_CLOSEMETHOD_PARAMETERS
1508 {
1509 PEPROCESS Process;
1510 PVOID Object;
1511 ACCESS_MASK AccessMask;
1512 ULONG ProcessHandleCount;
1513 ULONG SystemHandleCount;
1514 } WIN32_CLOSEMETHOD_PARAMETERS, *PWIN32_CLOSEMETHOD_PARAMETERS;
1515
1516 typedef struct _WIN32_DELETEMETHOD_PARAMETERS
1517 {
1518 PVOID Object;
1519 } WIN32_DELETEMETHOD_PARAMETERS, *PWIN32_DELETEMETHOD_PARAMETERS;
1520
1521 typedef struct _WIN32_PARSEMETHOD_PARAMETERS
1522 {
1523 PVOID ParseObject;
1524 PVOID ObjectType;
1525 PACCESS_STATE AccessState;
1526 KPROCESSOR_MODE AccessMode;
1527 ULONG Attributes;
1528 _Out_ PUNICODE_STRING CompleteName;
1529 PUNICODE_STRING RemainingName;
1530 PVOID Context;
1531 PSECURITY_QUALITY_OF_SERVICE SecurityQos;
1532 PVOID *Object;
1533 } WIN32_PARSEMETHOD_PARAMETERS, *PWIN32_PARSEMETHOD_PARAMETERS;
1534
1535 typedef struct _WIN32_CALLOUTS_FPNS
1536 {
1537 PKWIN32_PROCESS_CALLOUT ProcessCallout;
1538 PKWIN32_THREAD_CALLOUT ThreadCallout;
1539 PKWIN32_GLOBALATOMTABLE_CALLOUT GlobalAtomTableCallout;
1540 PKWIN32_POWEREVENT_CALLOUT PowerEventCallout;
1541 PKWIN32_POWERSTATE_CALLOUT PowerStateCallout;
1542 PKWIN32_JOB_CALLOUT JobCallout;
1543 PGDI_BATCHFLUSH_ROUTINE BatchFlushRoutine;
1544 PKWIN32_SESSION_CALLOUT DesktopOpenProcedure;
1545 PKWIN32_SESSION_CALLOUT DesktopOkToCloseProcedure;
1546 PKWIN32_SESSION_CALLOUT DesktopCloseProcedure;
1547 PKWIN32_SESSION_CALLOUT DesktopDeleteProcedure;
1548 PKWIN32_SESSION_CALLOUT WindowStationOkToCloseProcedure;
1549 PKWIN32_SESSION_CALLOUT WindowStationCloseProcedure;
1550 PKWIN32_SESSION_CALLOUT WindowStationDeleteProcedure;
1551 PKWIN32_SESSION_CALLOUT WindowStationParseProcedure;
1552 PKWIN32_SESSION_CALLOUT WindowStationOpenProcedure;
1553 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1554 PKWIN32_WIN32DATACOLLECTION_CALLOUT Win32DataCollectionProcedure;
1555 #endif
1556 } WIN32_CALLOUTS_FPNS, *PWIN32_CALLOUTS_FPNS;
1557
1558 #endif // !NTOS_MODE_USER
1559
1560 #ifdef __cplusplus
1561 }; // extern "C"
1562 #endif
1563
1564 #endif // _PSTYPES_H
A free Windows-compatible Operating System