projects / reactos.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
[NTDLL]
[reactos.git] / reactos / sdk / include / ndk / pstypes.h
1 /*++ NDK Version: 0098
2
3 Copyright (c) Alex Ionescu. All rights reserved.
4
5 Header Name:
6
7 pstypes.h
8
9 Abstract:
10
11 Type definitions for the Process Manager
12
13 Author:
14
15 Alex Ionescu (alexi@tinykrnl.org) - Updated - 27-Feb-2006
16
17 --*/
18
19 #ifndef _PSTYPES_H
20 #define _PSTYPES_H
21
22 //
23 // Dependencies
24 //
25 #include <umtypes.h>
26 #include <ldrtypes.h>
27 #include <mmtypes.h>
28 #include <obtypes.h>
29 #include <rtltypes.h>
30 #ifndef NTOS_MODE_USER
31 #include <extypes.h>
32 #include <setypes.h>
33 #endif
34
35 #ifdef __cplusplus
36 extern "C" {
37 #endif
38
39 #ifndef NTOS_MODE_USER
40
41 //
42 // Kernel Exported Object Types
43 //
44 extern POBJECT_TYPE NTSYSAPI PsJobType;
45
46 #endif // !NTOS_MODE_USER
47
48 //
49 // KUSER_SHARED_DATA location in User Mode
50 //
51 #define USER_SHARED_DATA (0x7FFE0000)
52
53 //
54 // Global Flags
55 //
56 #define FLG_STOP_ON_EXCEPTION 0x00000001
57 #define FLG_SHOW_LDR_SNAPS 0x00000002
58 #define FLG_DEBUG_INITIAL_COMMAND 0x00000004
59 #define FLG_STOP_ON_HUNG_GUI 0x00000008
60 #define FLG_HEAP_ENABLE_TAIL_CHECK 0x00000010
61 #define FLG_HEAP_ENABLE_FREE_CHECK 0x00000020
62 #define FLG_HEAP_VALIDATE_PARAMETERS 0x00000040
63 #define FLG_HEAP_VALIDATE_ALL 0x00000080
64 #define FLG_POOL_ENABLE_TAIL_CHECK 0x00000100
65 #define FLG_POOL_ENABLE_FREE_CHECK 0x00000200
66 #define FLG_POOL_ENABLE_TAGGING 0x00000400
67 #define FLG_HEAP_ENABLE_TAGGING 0x00000800
68 #define FLG_USER_STACK_TRACE_DB 0x00001000
69 #define FLG_KERNEL_STACK_TRACE_DB 0x00002000
70 #define FLG_MAINTAIN_OBJECT_TYPELIST 0x00004000
71 #define FLG_HEAP_ENABLE_TAG_BY_DLL 0x00008000
72 #define FLG_DISABLE_STACK_EXTENSION 0x00010000
73 #define FLG_ENABLE_CSRDEBUG 0x00020000
74 #define FLG_ENABLE_KDEBUG_SYMBOL_LOAD 0x00040000
75 #define FLG_DISABLE_PAGE_KERNEL_STACKS 0x00080000
76 #if (NTDDI_VERSION < NTDDI_WINXP)
77 #define FLG_HEAP_ENABLE_CALL_TRACING 0x00100000
78 #else
79 #define FLG_ENABLE_SYSTEM_CRIT_BREAKS 0x00100000
80 #endif
81 #define FLG_HEAP_DISABLE_COALESCING 0x00200000
82 #define FLG_ENABLE_CLOSE_EXCEPTIONS 0x00400000
83 #define FLG_ENABLE_EXCEPTION_LOGGING 0x00800000
84 #define FLG_ENABLE_HANDLE_TYPE_TAGGING 0x01000000
85 #define FLG_HEAP_PAGE_ALLOCS 0x02000000
86 #define FLG_DEBUG_INITIAL_COMMAND_EX 0x04000000
87 #define FLG_VALID_BITS 0x07FFFFFF
88
89 //
90 // Flags for NtCreateProcessEx
91 //
92 #define PROCESS_CREATE_FLAGS_BREAKAWAY 0x00000001
93 #define PROCESS_CREATE_FLAGS_NO_DEBUG_INHERIT 0x00000002
94 #define PROCESS_CREATE_FLAGS_INHERIT_HANDLES 0x00000004
95 #define PROCESS_CREATE_FLAGS_OVERRIDE_ADDRESS_SPACE 0x00000008
96 #define PROCESS_CREATE_FLAGS_LARGE_PAGES 0x00000010
97 #define PROCESS_CREATE_FLAGS_ALL_LARGE_PAGE_FLAGS PROCESS_CREATE_FLAGS_LARGE_PAGES
98 #define PROCESS_CREATE_FLAGS_LEGAL_MASK (PROCESS_CREATE_FLAGS_BREAKAWAY | \
99 PROCESS_CREATE_FLAGS_NO_DEBUG_INHERIT | \
100 PROCESS_CREATE_FLAGS_INHERIT_HANDLES | \
101 PROCESS_CREATE_FLAGS_OVERRIDE_ADDRESS_SPACE | \
102 PROCESS_CREATE_FLAGS_ALL_LARGE_PAGE_FLAGS)
103
104 //
105 // Process priority classes
106 //
107 #define PROCESS_PRIORITY_CLASS_INVALID 0
108 #define PROCESS_PRIORITY_CLASS_IDLE 1
109 #define PROCESS_PRIORITY_CLASS_NORMAL 2
110 #define PROCESS_PRIORITY_CLASS_HIGH 3
111 #define PROCESS_PRIORITY_CLASS_REALTIME 4
112 #define PROCESS_PRIORITY_CLASS_BELOW_NORMAL 5
113 #define PROCESS_PRIORITY_CLASS_ABOVE_NORMAL 6
114
115 //
116 // Process base priorities
117 //
118 #define PROCESS_PRIORITY_IDLE 3
119 #define PROCESS_PRIORITY_NORMAL 8
120 #define PROCESS_PRIORITY_NORMAL_FOREGROUND 9
121
122 //
123 // Process memory priorities
124 //
125 #define MEMORY_PRIORITY_BACKGROUND 0
126 #define MEMORY_PRIORITY_UNKNOWN 1
127 #define MEMORY_PRIORITY_FOREGROUND 2
128
129 //
130 // Process Priority Separation Values (OR)
131 //
132 #define PSP_DEFAULT_QUANTUMS 0x00
133 #define PSP_VARIABLE_QUANTUMS 0x04
134 #define PSP_FIXED_QUANTUMS 0x08
135 #define PSP_LONG_QUANTUMS 0x10
136 #define PSP_SHORT_QUANTUMS 0x20
137
138 #ifndef NTOS_MODE_USER
139 //
140 // Thread Access Types
141 //
142 #define THREAD_QUERY_INFORMATION 0x0040
143 #define THREAD_SET_THREAD_TOKEN 0x0080
144 #define THREAD_IMPERSONATE 0x0100
145 #define THREAD_DIRECT_IMPERSONATION 0x0200
146
147 //
148 // Process Access Types
149 //
150 #define PROCESS_TERMINATE 0x0001
151 #define PROCESS_CREATE_THREAD 0x0002
152 #define PROCESS_SET_SESSIONID 0x0004
153 #define PROCESS_VM_OPERATION 0x0008
154 #define PROCESS_VM_READ 0x0010
155 #define PROCESS_VM_WRITE 0x0020
156 #define PROCESS_CREATE_PROCESS 0x0080
157 #define PROCESS_SET_QUOTA 0x0100
158 #define PROCESS_SET_INFORMATION 0x0200
159 #define PROCESS_QUERY_INFORMATION 0x0400
160 #define PROCESS_SUSPEND_RESUME 0x0800
161 #define PROCESS_QUERY_LIMITED_INFORMATION 0x1000
162 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
163 #define PROCESS_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | \
164 SYNCHRONIZE | \
165 0xFFFF)
166 #else
167 #define PROCESS_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | \
168 SYNCHRONIZE | \
169 0xFFF)
170 #endif
171
172 //
173 // Thread Base Priorities
174 //
175 #define THREAD_BASE_PRIORITY_LOWRT 15
176 #define THREAD_BASE_PRIORITY_MAX 2
177 #define THREAD_BASE_PRIORITY_MIN -2
178 #define THREAD_BASE_PRIORITY_IDLE -15
179
180 //
181 // TLS Slots
182 //
183 #define TLS_MINIMUM_AVAILABLE 64
184
185 //
186 // TEB Active Frame Flags
187 //
188 #define TEB_ACTIVE_FRAME_CONTEXT_FLAG_EXTENDED 0x1
189
190 //
191 // Job Access Types
192 //
193 #define JOB_OBJECT_ASSIGN_PROCESS 0x1
194 #define JOB_OBJECT_SET_ATTRIBUTES 0x2
195 #define JOB_OBJECT_QUERY 0x4
196 #define JOB_OBJECT_TERMINATE 0x8
197 #define JOB_OBJECT_SET_SECURITY_ATTRIBUTES 0x10
198 #define JOB_OBJECT_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | \
199 SYNCHRONIZE | \
200 31)
201
202 //
203 // Job Limit Flags
204 //
205 #define JOB_OBJECT_LIMIT_WORKINGSET 0x1
206 #define JOB_OBJECT_LIMIT_PROCESS_TIME 0x2
207 #define JOB_OBJECT_LIMIT_JOB_TIME 0x4
208 #define JOB_OBJECT_LIMIT_ACTIVE_PROCESS 0x8
209 #define JOB_OBJECT_LIMIT_AFFINITY 0x10
210 #define JOB_OBJECT_LIMIT_PRIORITY_CLASS 0x20
211 #define JOB_OBJECT_LIMIT_PRESERVE_JOB_TIME 0x40
212 #define JOB_OBJECT_LIMIT_SCHEDULING_CLASS 0x80
213 #define JOB_OBJECT_LIMIT_PROCESS_MEMORY 0x100
214 #define JOB_OBJECT_LIMIT_JOB_MEMORY 0x200
215 #define JOB_OBJECT_LIMIT_DIE_ON_UNHANDLED_EXCEPTION 0x400
216 #define JOB_OBJECT_LIMIT_BREAKAWAY_OK 0x800
217 #define JOB_OBJECT_LIMIT_SILENT_BREAKAWAY_OK 0x1000
218 #define JOB_OBJECT_LIMIT_KILL_ON_JOB_CLOSE 0x2000
219
220 //
221 // Cross Thread Flags
222 //
223 #define CT_TERMINATED_BIT 0x1
224 #define CT_DEAD_THREAD_BIT 0x2
225 #define CT_HIDE_FROM_DEBUGGER_BIT 0x4
226 #define CT_ACTIVE_IMPERSONATION_INFO_BIT 0x8
227 #define CT_SYSTEM_THREAD_BIT 0x10
228 #define CT_HARD_ERRORS_ARE_DISABLED_BIT 0x20
229 #define CT_BREAK_ON_TERMINATION_BIT 0x40
230 #define CT_SKIP_CREATION_MSG_BIT 0x80
231 #define CT_SKIP_TERMINATION_MSG_BIT 0x100
232
233 //
234 // Same Thread Passive Flags
235 //
236 #define STP_ACTIVE_EX_WORKER_BIT 0x1
237 #define STP_EX_WORKER_CAN_WAIT_USER_BIT 0x2
238 #define STP_MEMORY_MAKER_BIT 0x4
239 #define STP_KEYED_EVENT_IN_USE_BIT 0x8
240
241 //
242 // Same Thread APC Flags
243 //
244 #define STA_LPC_RECEIVED_MSG_ID_VALID_BIT 0x1
245 #define STA_LPC_EXIT_THREAD_CALLED_BIT 0x2
246 #define STA_ADDRESS_SPACE_OWNER_BIT 0x4
247 #define STA_OWNS_WORKING_SET_BITS 0x1F8
248
249 //
250 // Kernel Process flags (maybe in ketypes.h?)
251 //
252 #define KPSF_AUTO_ALIGNMENT_BIT 0
253 #define KPSF_DISABLE_BOOST_BIT 1
254
255 //
256 // Process Flags
257 //
258 #define PSF_CREATE_REPORTED_BIT 0x1
259 #define PSF_NO_DEBUG_INHERIT_BIT 0x2
260 #define PSF_PROCESS_EXITING_BIT 0x4
261 #define PSF_PROCESS_DELETE_BIT 0x8
262 #define PSF_WOW64_SPLIT_PAGES_BIT 0x10
263 #define PSF_VM_DELETED_BIT 0x20
264 #define PSF_OUTSWAP_ENABLED_BIT 0x40
265 #define PSF_OUTSWAPPED_BIT 0x80
266 #define PSF_FORK_FAILED_BIT 0x100
267 #define PSF_WOW64_VA_SPACE_4GB_BIT 0x200
268 #define PSF_ADDRESS_SPACE_INITIALIZED_BIT 0x400
269 #define PSF_SET_TIMER_RESOLUTION_BIT 0x1000
270 #define PSF_BREAK_ON_TERMINATION_BIT 0x2000
271 #define PSF_SESSION_CREATION_UNDERWAY_BIT 0x4000
272 #define PSF_WRITE_WATCH_BIT 0x8000
273 #define PSF_PROCESS_IN_SESSION_BIT 0x10000
274 #define PSF_OVERRIDE_ADDRESS_SPACE_BIT 0x20000
275 #define PSF_HAS_ADDRESS_SPACE_BIT 0x40000
276 #define PSF_LAUNCH_PREFETCHED_BIT 0x80000
277 #define PSF_INJECT_INPAGE_ERRORS_BIT 0x100000
278 #define PSF_VM_TOP_DOWN_BIT 0x200000
279 #define PSF_IMAGE_NOTIFY_DONE_BIT 0x400000
280 #define PSF_PDE_UPDATE_NEEDED_BIT 0x800000
281 #define PSF_VDM_ALLOWED_BIT 0x1000000
282 #define PSF_SWAP_ALLOWED_BIT 0x2000000
283 #define PSF_CREATE_FAILED_BIT 0x4000000
284 #define PSF_DEFAULT_IO_PRIORITY_BIT 0x8000000
285
286 //
287 // Vista Process Flags
288 //
289 #define PSF2_PROTECTED_BIT 0x800
290 #endif
291
292 //
293 // TLS/FLS Defines
294 //
295 #define TLS_EXPANSION_SLOTS 1024
296
297 #ifdef NTOS_MODE_USER
298 //
299 // Thread Native Base Priorities
300 //
301 #define LOW_PRIORITY 0
302 #define LOW_REALTIME_PRIORITY 16
303 #define HIGH_PRIORITY 31
304 #define MAXIMUM_PRIORITY 32
305
306 //
307 // Current Process/Thread built-in 'special' handles
308 //
309 #define NtCurrentProcess() ((HANDLE)(LONG_PTR)-1)
310 #define ZwCurrentProcess() NtCurrentProcess()
311 #define NtCurrentThread() ((HANDLE)(LONG_PTR)-2)
312 #define ZwCurrentThread() NtCurrentThread()
313
314 //
315 // Process/Thread/Job Information Classes for NtQueryInformationProcess/Thread/Job
316 //
317 typedef enum _PROCESSINFOCLASS
318 {
319 ProcessBasicInformation,
320 ProcessQuotaLimits,
321 ProcessIoCounters,
322 ProcessVmCounters,
323 ProcessTimes,
324 ProcessBasePriority,
325 ProcessRaisePriority,
326 ProcessDebugPort,
327 ProcessExceptionPort,
328 ProcessAccessToken,
329 ProcessLdtInformation,
330 ProcessLdtSize,
331 ProcessDefaultHardErrorMode,
332 ProcessIoPortHandlers,
333 ProcessPooledUsageAndLimits,
334 ProcessWorkingSetWatch,
335 ProcessUserModeIOPL,
336 ProcessEnableAlignmentFaultFixup,
337 ProcessPriorityClass,
338 ProcessWx86Information,
339 ProcessHandleCount,
340 ProcessAffinityMask,
341 ProcessPriorityBoost,
342 ProcessDeviceMap,
343 ProcessSessionInformation,
344 ProcessForegroundInformation,
345 ProcessWow64Information,
346 ProcessImageFileName,
347 ProcessLUIDDeviceMapsEnabled,
348 ProcessBreakOnTermination,
349 ProcessDebugObjectHandle,
350 ProcessDebugFlags,
351 ProcessHandleTracing,
352 ProcessIoPriority,
353 ProcessExecuteFlags,
354 ProcessTlsInformation,
355 ProcessCookie,
356 ProcessImageInformation,
357 ProcessCycleTime,
358 ProcessPagePriority,
359 ProcessInstrumentationCallback,
360 ProcessThreadStackAllocation,
361 ProcessWorkingSetWatchEx,
362 ProcessImageFileNameWin32,
363 ProcessImageFileMapping,
364 ProcessAffinityUpdateMode,
365 ProcessMemoryAllocationMode,
366 MaxProcessInfoClass
367 } PROCESSINFOCLASS;
368
369 typedef enum _THREADINFOCLASS
370 {
371 ThreadBasicInformation,
372 ThreadTimes,
373 ThreadPriority,
374 ThreadBasePriority,
375 ThreadAffinityMask,
376 ThreadImpersonationToken,
377 ThreadDescriptorTableEntry,
378 ThreadEnableAlignmentFaultFixup,
379 ThreadEventPair_Reusable,
380 ThreadQuerySetWin32StartAddress,
381 ThreadZeroTlsCell,
382 ThreadPerformanceCount,
383 ThreadAmILastThread,
384 ThreadIdealProcessor,
385 ThreadPriorityBoost,
386 ThreadSetTlsArrayAddress,
387 ThreadIsIoPending,
388 ThreadHideFromDebugger,
389 ThreadBreakOnTermination,
390 ThreadSwitchLegacyState,
391 ThreadIsTerminated,
392 ThreadLastSystemCall,
393 ThreadIoPriority,
394 ThreadCycleTime,
395 ThreadPagePriority,
396 ThreadActualBasePriority,
397 ThreadTebInformation,
398 ThreadCSwitchMon,
399 MaxThreadInfoClass
400 } THREADINFOCLASS;
401
402 #else
403
404 typedef enum _PSPROCESSPRIORITYMODE
405 {
406 PsProcessPriorityForeground,
407 PsProcessPriorityBackground,
408 PsProcessPrioritySpinning
409 } PSPROCESSPRIORITYMODE;
410
411 typedef enum _JOBOBJECTINFOCLASS
412 {
413 JobObjectBasicAccountingInformation = 1,
414 JobObjectBasicLimitInformation,
415 JobObjectBasicProcessIdList,
416 JobObjectBasicUIRestrictions,
417 JobObjectSecurityLimitInformation,
418 JobObjectEndOfJobTimeInformation,
419 JobObjectAssociateCompletionPortInformation,
420 JobObjectBasicAndIoAccountingInformation,
421 JobObjectExtendedLimitInformation,
422 JobObjectJobSetInformation,
423 MaxJobObjectInfoClass
424 } JOBOBJECTINFOCLASS;
425
426 //
427 // Power Event Events for Win32K Power Event Callback
428 //
429 typedef enum _PSPOWEREVENTTYPE
430 {
431 PsW32FullWake = 0,
432 PsW32EventCode = 1,
433 PsW32PowerPolicyChanged = 2,
434 PsW32SystemPowerState = 3,
435 PsW32SystemTime = 4,
436 PsW32DisplayState = 5,
437 PsW32CapabilitiesChanged = 6,
438 PsW32SetStateFailed = 7,
439 PsW32GdiOff = 8,
440 PsW32GdiOn = 9,
441 PsW32GdiPrepareResumeUI = 10,
442 PsW32GdiOffRequest = 11,
443 PsW32MonitorOff = 12,
444 } PSPOWEREVENTTYPE;
445
446 //
447 // Power State Tasks for Win32K Power State Callback
448 //
449 typedef enum _POWERSTATETASK
450 {
451 PowerState_BlockSessionSwitch = 0,
452 PowerState_Init = 1,
453 PowerState_QueryApps = 2,
454 PowerState_QueryServices = 3,
455 PowerState_QueryAppsFailed = 4,
456 PowerState_QueryServicesFailed = 5,
457 PowerState_SuspendApps = 6,
458 PowerState_SuspendServices = 7,
459 PowerState_ShowUI = 8,
460 PowerState_NotifyWL = 9,
461 PowerState_ResumeApps = 10,
462 PowerState_ResumeServices = 11,
463 PowerState_UnBlockSessionSwitch = 12,
464 PowerState_End = 13,
465 PowerState_BlockInput = 14,
466 PowerState_UnblockInput = 15,
467 } POWERSTATETASK;
468
469 //
470 // Win32K Job Callback Types
471 //
472 typedef enum _PSW32JOBCALLOUTTYPE
473 {
474 PsW32JobCalloutSetInformation = 0,
475 PsW32JobCalloutAddProcess = 1,
476 PsW32JobCalloutTerminate = 2,
477 } PSW32JOBCALLOUTTYPE;
478
479 //
480 // Win32K Thread Callback Types
481 //
482 typedef enum _PSW32THREADCALLOUTTYPE
483 {
484 PsW32ThreadCalloutInitialize,
485 PsW32ThreadCalloutExit,
486 } PSW32THREADCALLOUTTYPE;
487
488 //
489 // Declare empty structure definitions so that they may be referenced by
490 // routines before they are defined
491 //
492 struct _W32THREAD;
493 struct _W32PROCESS;
494 //struct _ETHREAD;
495 struct _WIN32_POWEREVENT_PARAMETERS;
496 struct _WIN32_POWERSTATE_PARAMETERS;
497 struct _WIN32_JOBCALLOUT_PARAMETERS;
498 struct _WIN32_OPENMETHOD_PARAMETERS;
499 struct _WIN32_OKAYTOCLOSEMETHOD_PARAMETERS;
500 struct _WIN32_CLOSEMETHOD_PARAMETERS;
501 struct _WIN32_DELETEMETHOD_PARAMETERS;
502 struct _WIN32_PARSEMETHOD_PARAMETERS;
503
504 //
505 // Win32K Process and Thread Callbacks
506 //
507 typedef
508 NTSTATUS
509 (NTAPI *PKWIN32_PROCESS_CALLOUT)(
510 _In_ struct _EPROCESS *Process,
511 _In_ BOOLEAN Create
512 );
513
514 typedef
515 NTSTATUS
516 (NTAPI *PKWIN32_THREAD_CALLOUT)(
517 _In_ struct _ETHREAD *Thread,
518 _In_ PSW32THREADCALLOUTTYPE Type
519 );
520
521 typedef
522 NTSTATUS
523 (NTAPI *PKWIN32_GLOBALATOMTABLE_CALLOUT)(
524 VOID
525 );
526
527 typedef
528 NTSTATUS
529 (NTAPI *PKWIN32_POWEREVENT_CALLOUT)(
530 _In_ struct _WIN32_POWEREVENT_PARAMETERS *Parameters
531 );
532
533 typedef
534 NTSTATUS
535 (NTAPI *PKWIN32_POWERSTATE_CALLOUT)(
536 _In_ struct _WIN32_POWERSTATE_PARAMETERS *Parameters
537 );
538
539 typedef
540 NTSTATUS
541 (NTAPI *PKWIN32_JOB_CALLOUT)(
542 _In_ struct _WIN32_JOBCALLOUT_PARAMETERS *Parameters
543 );
544
545 typedef
546 NTSTATUS
547 (NTAPI *PGDI_BATCHFLUSH_ROUTINE)(
548 VOID
549 );
550
551 typedef
552 NTSTATUS
553 (NTAPI *PKWIN32_OPENMETHOD_CALLOUT)(
554 _In_ struct _WIN32_OPENMETHOD_PARAMETERS *Parameters
555 );
556
557 typedef
558 NTSTATUS
559 (NTAPI *PKWIN32_OKTOCLOSEMETHOD_CALLOUT)(
560 _In_ struct _WIN32_OKAYTOCLOSEMETHOD_PARAMETERS *Parameters
561 );
562
563 typedef
564 NTSTATUS
565 (NTAPI *PKWIN32_CLOSEMETHOD_CALLOUT)(
566 _In_ struct _WIN32_CLOSEMETHOD_PARAMETERS *Parameters
567 );
568
569 typedef
570 NTSTATUS
571 (NTAPI *PKWIN32_DELETEMETHOD_CALLOUT)(
572 _In_ struct _WIN32_DELETEMETHOD_PARAMETERS *Parameters
573 );
574
575 typedef
576 NTSTATUS
577 (NTAPI *PKWIN32_PARSEMETHOD_CALLOUT)(
578 _In_ struct _WIN32_PARSEMETHOD_PARAMETERS *Parameters
579 );
580
581 typedef
582 NTSTATUS
583 (NTAPI *PKWIN32_SESSION_CALLOUT)(
584 _In_ PVOID Parameter
585 );
586
587 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
588 typedef
589 NTSTATUS
590 (NTAPI *PKWIN32_WIN32DATACOLLECTION_CALLOUT)(
591 _In_ struct _EPROCESS *Process,
592 _In_ PVOID Callback,
593 _In_ PVOID Context
594 );
595 #endif
596
597 //
598 // Lego Callback
599 //
600 typedef
601 VOID
602 (NTAPI *PLEGO_NOTIFY_ROUTINE)(
603 _In_ PKTHREAD Thread
604 );
605
606 #endif
607
608 typedef NTSTATUS
609 (NTAPI *PPOST_PROCESS_INIT_ROUTINE)(
610 VOID
611 );
612
613 //
614 // Descriptor Table Entry Definition
615 //
616 #if (_M_IX86)
617 #define _DESCRIPTOR_TABLE_ENTRY_DEFINED
618 typedef struct _DESCRIPTOR_TABLE_ENTRY
619 {
620 ULONG Selector;
621 LDT_ENTRY Descriptor;
622 } DESCRIPTOR_TABLE_ENTRY, *PDESCRIPTOR_TABLE_ENTRY;
623 #endif
624
625 //
626 // PEB Lock Routine
627 //
628 typedef VOID
629 (NTAPI *PPEBLOCKROUTINE)(
630 PVOID PebLock
631 );
632
633 //
634 // PEB Free Block Descriptor
635 //
636 typedef struct _PEB_FREE_BLOCK
637 {
638 struct _PEB_FREE_BLOCK* Next;
639 ULONG Size;
640 } PEB_FREE_BLOCK, *PPEB_FREE_BLOCK;
641
642 //
643 // Initial PEB
644 //
645 typedef struct _INITIAL_PEB
646 {
647 BOOLEAN InheritedAddressSpace;
648 BOOLEAN ReadImageFileExecOptions;
649 BOOLEAN BeingDebugged;
650 union
651 {
652 BOOLEAN BitField;
653 #if (NTDDI_VERSION >= NTDDI_WS03)
654 struct
655 {
656 BOOLEAN ImageUsesLargePages:1;
657 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
658 BOOLEAN IsProtectedProcess:1;
659 BOOLEAN IsLegacyProcess:1;
660 BOOLEAN SpareBits:5;
661 #else
662 BOOLEAN SpareBits:7;
663 #endif
664 };
665 #else
666 BOOLEAN SpareBool;
667 #endif
668 };
669 HANDLE Mutant;
670 } INITIAL_PEB, *PINITIAL_PEB;
671
672 //
673 // Initial TEB
674 //
675 typedef struct _INITIAL_TEB
676 {
677 PVOID PreviousStackBase;
678 PVOID PreviousStackLimit;
679 PVOID StackBase;
680 PVOID StackLimit;
681 PVOID AllocatedStackBase;
682 } INITIAL_TEB, *PINITIAL_TEB;
683
684 //
685 // TEB Active Frame Structures
686 //
687 typedef struct _TEB_ACTIVE_FRAME_CONTEXT
688 {
689 ULONG Flags;
690 LPSTR FrameName;
691 } TEB_ACTIVE_FRAME_CONTEXT, *PTEB_ACTIVE_FRAME_CONTEXT;
692 typedef const struct _TEB_ACTIVE_FRAME_CONTEXT *PCTEB_ACTIVE_FRAME_CONTEXT;
693
694 typedef struct _TEB_ACTIVE_FRAME_CONTEXT_EX
695 {
696 TEB_ACTIVE_FRAME_CONTEXT BasicContext;
697 PCSTR SourceLocation;
698 } TEB_ACTIVE_FRAME_CONTEXT_EX, *PTEB_ACTIVE_FRAME_CONTEXT_EX;
699 typedef const struct _TEB_ACTIVE_FRAME_CONTEXT_EX *PCTEB_ACTIVE_FRAME_CONTEXT_EX;
700
701 typedef struct _TEB_ACTIVE_FRAME
702 {
703 ULONG Flags;
704 struct _TEB_ACTIVE_FRAME *Previous;
705 PCTEB_ACTIVE_FRAME_CONTEXT Context;
706 } TEB_ACTIVE_FRAME, *PTEB_ACTIVE_FRAME;
707 typedef const struct _TEB_ACTIVE_FRAME *PCTEB_ACTIVE_FRAME;
708
709 typedef struct _TEB_ACTIVE_FRAME_EX
710 {
711 TEB_ACTIVE_FRAME BasicFrame;
712 PVOID ExtensionIdentifier;
713 } TEB_ACTIVE_FRAME_EX, *PTEB_ACTIVE_FRAME_EX;
714 typedef const struct _TEB_ACTIVE_FRAME_EX *PCTEB_ACTIVE_FRAME_EX;
715
716 typedef struct _CLIENT_ID32
717 {
718 ULONG UniqueProcess;
719 ULONG UniqueThread;
720 } CLIENT_ID32, *PCLIENT_ID32;
721
722 typedef struct _CLIENT_ID64
723 {
724 ULONG64 UniqueProcess;
725 ULONG64 UniqueThread;
726 } CLIENT_ID64, *PCLIENT_ID64;
727
728 #if (NTDDI_VERSION < NTDDI_WS03)
729 typedef struct _Wx86ThreadState
730 {
731 PULONG CallBx86Eip;
732 PVOID DeallocationCpu;
733 BOOLEAN UseKnownWx86Dll;
734 CHAR OleStubInvoked;
735 } Wx86ThreadState, *PWx86ThreadState;
736 #endif
737
738
739 //
740 // Process Environment Block (PEB)
741 // Thread Environment Block (TEB)
742 //
743 #include "peb_teb.h"
744
745 #ifdef _WIN64
746 //
747 // Explicit 32 bit PEB/TEB
748 //
749 #define EXPLICIT_32BIT
750 #include "peb_teb.h"
751 #undef EXPLICIT_32BIT
752
753 //
754 // Explicit 64 bit PEB/TEB
755 //
756 #define EXPLICIT_64BIT
757 #include "peb_teb.h"
758 #undef EXPLICIT_64BIT
759 #endif
760
761 #ifdef NTOS_MODE_USER
762
763 //
764 // Process Information Structures for NtQueryProcessInformation
765 //
766 typedef struct _PROCESS_BASIC_INFORMATION
767 {
768 NTSTATUS ExitStatus;
769 PPEB PebBaseAddress;
770 ULONG_PTR AffinityMask;
771 KPRIORITY BasePriority;
772 ULONG_PTR UniqueProcessId;
773 ULONG_PTR InheritedFromUniqueProcessId;
774 } PROCESS_BASIC_INFORMATION, *PPROCESS_BASIC_INFORMATION;
775
776 typedef struct _PROCESS_ACCESS_TOKEN
777 {
778 HANDLE Token;
779 HANDLE Thread;
780 } PROCESS_ACCESS_TOKEN, *PPROCESS_ACCESS_TOKEN;
781
782 typedef struct _PROCESS_DEVICEMAP_INFORMATION
783 {
784 union
785 {
786 struct
787 {
788 HANDLE DirectoryHandle;
789 } Set;
790 struct
791 {
792 ULONG DriveMap;
793 UCHAR DriveType[32];
794 } Query;
795 };
796 } PROCESS_DEVICEMAP_INFORMATION, *PPROCESS_DEVICEMAP_INFORMATION;
797
798 typedef struct _KERNEL_USER_TIMES
799 {
800 LARGE_INTEGER CreateTime;
801 LARGE_INTEGER ExitTime;
802 LARGE_INTEGER KernelTime;
803 LARGE_INTEGER UserTime;
804 } KERNEL_USER_TIMES, *PKERNEL_USER_TIMES;
805
806 typedef struct _POOLED_USAGE_AND_LIMITS
807 {
808 SIZE_T PeakPagedPoolUsage;
809 SIZE_T PagedPoolUsage;
810 SIZE_T PagedPoolLimit;
811 SIZE_T PeakNonPagedPoolUsage;
812 SIZE_T NonPagedPoolUsage;
813 SIZE_T NonPagedPoolLimit;
814 SIZE_T PeakPagefileUsage;
815 SIZE_T PagefileUsage;
816 SIZE_T PagefileLimit;
817 } POOLED_USAGE_AND_LIMITS, *PPOOLED_USAGE_AND_LIMITS;
818
819 typedef struct _PROCESS_SESSION_INFORMATION
820 {
821 ULONG SessionId;
822 } PROCESS_SESSION_INFORMATION, *PPROCESS_SESSION_INFORMATION;
823
824 #endif
825
826 typedef struct _PROCESS_PRIORITY_CLASS
827 {
828 BOOLEAN Foreground;
829 UCHAR PriorityClass;
830 } PROCESS_PRIORITY_CLASS, *PPROCESS_PRIORITY_CLASS;
831
832 typedef struct _PROCESS_FOREGROUND_BACKGROUND
833 {
834 BOOLEAN Foreground;
835 } PROCESS_FOREGROUND_BACKGROUND, *PPROCESS_FOREGROUND_BACKGROUND;
836
837 //
838 // Apphelp SHIM Cache
839 //
840 typedef enum _APPHELPCACHESERVICECLASS
841 {
842 ApphelpCacheServiceLookup = 0,
843 ApphelpCacheServiceRemove = 1,
844 ApphelpCacheServiceUpdate = 2,
845 ApphelpCacheServiceFlush = 3,
846 ApphelpCacheServiceDump = 4,
847
848 ApphelpDBGReadRegistry = 0x100,
849 ApphelpDBGWriteRegistry = 0x101,
850 } APPHELPCACHESERVICECLASS;
851
852
853 typedef struct _APPHELP_CACHE_SERVICE_LOOKUP
854 {
855 UNICODE_STRING ImageName;
856 HANDLE ImageHandle;
857 } APPHELP_CACHE_SERVICE_LOOKUP, *PAPPHELP_CACHE_SERVICE_LOOKUP;
858
859
860 //
861 // Thread Information Structures for NtQueryProcessInformation
862 //
863 typedef struct _THREAD_BASIC_INFORMATION
864 {
865 NTSTATUS ExitStatus;
866 PVOID TebBaseAddress;
867 CLIENT_ID ClientId;
868 KAFFINITY AffinityMask;
869 KPRIORITY Priority;
870 KPRIORITY BasePriority;
871 } THREAD_BASIC_INFORMATION, *PTHREAD_BASIC_INFORMATION;
872
873 #ifndef NTOS_MODE_USER
874
875 //
876 // Job Set Array
877 //
878 typedef struct _JOB_SET_ARRAY
879 {
880 HANDLE JobHandle;
881 ULONG MemberLevel;
882 ULONG Flags;
883 } JOB_SET_ARRAY, *PJOB_SET_ARRAY;
884
885 //
886 // EPROCESS Quota Structures
887 //
888 typedef struct _EPROCESS_QUOTA_ENTRY
889 {
890 SIZE_T Usage;
891 SIZE_T Limit;
892 SIZE_T Peak;
893 SIZE_T Return;
894 } EPROCESS_QUOTA_ENTRY, *PEPROCESS_QUOTA_ENTRY;
895
896 typedef struct _EPROCESS_QUOTA_BLOCK
897 {
898 EPROCESS_QUOTA_ENTRY QuotaEntry[3];
899 LIST_ENTRY QuotaList;
900 ULONG ReferenceCount;
901 ULONG ProcessCount;
902 } EPROCESS_QUOTA_BLOCK, *PEPROCESS_QUOTA_BLOCK;
903
904 //
905 // Process Pagefault History
906 //
907 typedef struct _PAGEFAULT_HISTORY
908 {
909 ULONG CurrentIndex;
910 ULONG MapIndex;
911 KSPIN_LOCK SpinLock;
912 PVOID Reserved;
913 PROCESS_WS_WATCH_INFORMATION WatchInfo[1];
914 } PAGEFAULT_HISTORY, *PPAGEFAULT_HISTORY;
915
916 //
917 // Process Impersonation Information
918 //
919 typedef struct _PS_IMPERSONATION_INFORMATION
920 {
921 PACCESS_TOKEN Token;
922 BOOLEAN CopyOnOpen;
923 BOOLEAN EffectiveOnly;
924 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
925 } PS_IMPERSONATION_INFORMATION, *PPS_IMPERSONATION_INFORMATION;
926
927 //
928 // Process Termination Port
929 //
930 typedef struct _TERMINATION_PORT
931 {
932 struct _TERMINATION_PORT *Next;
933 PVOID Port;
934 } TERMINATION_PORT, *PTERMINATION_PORT;
935
936 //
937 // Per-Process APC Rate Limiting
938 //
939 typedef struct _PSP_RATE_APC
940 {
941 union
942 {
943 SINGLE_LIST_ENTRY NextApc;
944 ULONGLONG ExcessCycles;
945 };
946 ULONGLONG TargetGEneration;
947 KAPC RateApc;
948 } PSP_RATE_APC, *PPSP_RATE_APC;
949
950 //
951 // Executive Thread (ETHREAD)
952 //
953 typedef struct _ETHREAD
954 {
955 KTHREAD Tcb;
956 LARGE_INTEGER CreateTime;
957 union
958 {
959 LARGE_INTEGER ExitTime;
960 LIST_ENTRY LpcReplyChain;
961 LIST_ENTRY KeyedWaitChain;
962 };
963 union
964 {
965 NTSTATUS ExitStatus;
966 PVOID OfsChain;
967 };
968 LIST_ENTRY PostBlockList;
969 union
970 {
971 struct _TERMINATION_PORT *TerminationPort;
972 struct _ETHREAD *ReaperLink;
973 PVOID KeyedWaitValue;
974 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
975 PVOID Win32StartParameter;
976 #endif
977 };
978 KSPIN_LOCK ActiveTimerListLock;
979 LIST_ENTRY ActiveTimerListHead;
980 CLIENT_ID Cid;
981 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
982 KSEMAPHORE KeyedWaitSemaphore;
983 #else
984 union
985 {
986 KSEMAPHORE LpcReplySemaphore;
987 KSEMAPHORE KeyedWaitSemaphore;
988 };
989 union
990 {
991 PVOID LpcReplyMessage;
992 PVOID LpcWaitingOnPort;
993 };
994 #endif
995 PPS_IMPERSONATION_INFORMATION ImpersonationInfo;
996 LIST_ENTRY IrpList;
997 ULONG_PTR TopLevelIrp;
998 PDEVICE_OBJECT DeviceToVerify;
999 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1000 PPSP_RATE_APC RateControlApc;
1001 #else
1002 struct _EPROCESS *ThreadsProcess;
1003 #endif
1004 PVOID Win32StartAddress;
1005 union
1006 {
1007 PKSTART_ROUTINE StartAddress;
1008 ULONG LpcReceivedMessageId;
1009 };
1010 LIST_ENTRY ThreadListEntry;
1011 EX_RUNDOWN_REF RundownProtect;
1012 EX_PUSH_LOCK ThreadLock;
1013 #if (NTDDI_VERSION < NTDDI_LONGHORN)
1014 ULONG LpcReplyMessageId;
1015 #endif
1016 ULONG ReadClusterSize;
1017 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1018 ULONG SpareUlong0;
1019 #else
1020 ACCESS_MASK GrantedAccess;
1021 #endif
1022 union
1023 {
1024 struct
1025 {
1026 ULONG Terminated:1;
1027 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1028 ULONG ThreadInserted:1;
1029 #else
1030 ULONG DeadThread:1;
1031 #endif
1032 ULONG HideFromDebugger:1;
1033 ULONG ActiveImpersonationInfo:1;
1034 ULONG SystemThread:1;
1035 ULONG HardErrorsAreDisabled:1;
1036 ULONG BreakOnTermination:1;
1037 ULONG SkipCreationMsg:1;
1038 ULONG SkipTerminationMsg:1;
1039 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1040 ULONG CreateMsgSent:1;
1041 ULONG ThreadIoPriority:3;
1042 ULONG ThreadPagePriority:3;
1043 ULONG PendingRatecontrol:1;
1044 #endif
1045 };
1046 ULONG CrossThreadFlags;
1047 };
1048 union
1049 {
1050 struct
1051 {
1052 ULONG ActiveExWorker:1;
1053 ULONG ExWorkerCanWaitUser:1;
1054 ULONG MemoryMaker:1;
1055 ULONG KeyedEventInUse:1;
1056 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1057 ULONG RateApcState:2;
1058 #endif
1059 };
1060 ULONG SameThreadPassiveFlags;
1061 };
1062 union
1063 {
1064 struct
1065 {
1066 ULONG LpcReceivedMsgIdValid:1;
1067 ULONG LpcExitThreadCalled:1;
1068 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1069 ULONG Spare:1;
1070 #else
1071 ULONG AddressSpaceOwner:1;
1072 #endif
1073 ULONG OwnsProcessWorkingSetExclusive:1;
1074 ULONG OwnsProcessWorkingSetShared:1;
1075 ULONG OwnsSystemWorkingSetExclusive:1;
1076 ULONG OwnsSystemWorkingSetShared:1;
1077 ULONG OwnsSessionWorkingSetExclusive:1;
1078 ULONG OwnsSessionWorkingSetShared:1;
1079 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1080 ULONG SupressSymbolLoad:1;
1081 ULONG Spare1:3;
1082 ULONG PriorityRegionActive:4;
1083 #else
1084 ULONG ApcNeeded:1;
1085 #endif
1086 };
1087 ULONG SameThreadApcFlags;
1088 };
1089 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1090 UCHAR CacheManagerActive;
1091 #else
1092 UCHAR ForwardClusterOnly;
1093 #endif
1094 UCHAR DisablePageFaultClustering;
1095 UCHAR ActiveFaultCount;
1096 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1097 ULONG AlpcMessageId;
1098 union
1099 {
1100 PVOID AlpcMessage;
1101 ULONG AlpcReceiveAttributeSet;
1102 };
1103 LIST_ENTRY AlpcWaitListEntry;
1104 KSEMAPHORE AlpcWaitSemaphore;
1105 ULONG CacheManagerCount;
1106 #endif
1107 } ETHREAD;
1108
1109 //
1110 // Executive Process (EPROCESS)
1111 //
1112 typedef struct _EPROCESS
1113 {
1114 KPROCESS Pcb;
1115 EX_PUSH_LOCK ProcessLock;
1116 LARGE_INTEGER CreateTime;
1117 LARGE_INTEGER ExitTime;
1118 EX_RUNDOWN_REF RundownProtect;
1119 HANDLE UniqueProcessId;
1120 LIST_ENTRY ActiveProcessLinks;
1121 SIZE_T QuotaUsage[3]; /* 0=PagedPool, 1=NonPagedPool, 2=Pagefile */
1122 SIZE_T QuotaPeak[3]; /* ditto */
1123 SIZE_T CommitCharge;
1124 SIZE_T PeakVirtualSize;
1125 SIZE_T VirtualSize;
1126 LIST_ENTRY SessionProcessLinks;
1127 PVOID DebugPort;
1128 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1129 union
1130 {
1131 PVOID ExceptionPortData;
1132 ULONG ExceptionPortValue;
1133 UCHAR ExceptionPortState:3;
1134 };
1135 #else
1136 PVOID ExceptionPort;
1137 #endif
1138 PHANDLE_TABLE ObjectTable;
1139 EX_FAST_REF Token;
1140 PFN_NUMBER WorkingSetPage;
1141 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1142 EX_PUSH_LOCK AddressCreationLock;
1143 PETHREAD RotateInProgress;
1144 #else
1145 KGUARDED_MUTEX AddressCreationLock;
1146 KSPIN_LOCK HyperSpaceLock;
1147 #endif
1148 PETHREAD ForkInProgress;
1149 ULONG_PTR HardwareTrigger;
1150 PMM_AVL_TABLE PhysicalVadRoot;
1151 PVOID CloneRoot;
1152 PFN_NUMBER NumberOfPrivatePages;
1153 PFN_NUMBER NumberOfLockedPages;
1154 PVOID *Win32Process;
1155 struct _EJOB *Job;
1156 PVOID SectionObject;
1157 PVOID SectionBaseAddress;
1158 PEPROCESS_QUOTA_BLOCK QuotaBlock;
1159 PPAGEFAULT_HISTORY WorkingSetWatch;
1160 PVOID Win32WindowStation;
1161 HANDLE InheritedFromUniqueProcessId;
1162 PVOID LdtInformation;
1163 PVOID VadFreeHint;
1164 PVOID VdmObjects;
1165 PVOID DeviceMap;
1166 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1167 PVOID EtwDataSource;
1168 PVOID FreeTebHint;
1169 #else
1170 PVOID Spare0[3];
1171 #endif
1172 union
1173 {
1174 HARDWARE_PTE PageDirectoryPte;
1175 ULONGLONG Filler;
1176 };
1177 PVOID Session;
1178 CHAR ImageFileName[16];
1179 LIST_ENTRY JobLinks;
1180 PVOID LockedPagesList;
1181 LIST_ENTRY ThreadListHead;
1182 PVOID SecurityPort;
1183 #ifdef _M_AMD64
1184 struct _WOW64_PROCESS *Wow64Process;
1185 #else
1186 PVOID PaeTop;
1187 #endif
1188 ULONG ActiveThreads;
1189 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1190 ULONG ImagePathHash;
1191 #else
1192 ACCESS_MASK GrantedAccess;
1193 #endif
1194 ULONG DefaultHardErrorProcessing;
1195 NTSTATUS LastThreadExitStatus;
1196 struct _PEB* Peb;
1197 EX_FAST_REF PrefetchTrace;
1198 LARGE_INTEGER ReadOperationCount;
1199 LARGE_INTEGER WriteOperationCount;
1200 LARGE_INTEGER OtherOperationCount;
1201 LARGE_INTEGER ReadTransferCount;
1202 LARGE_INTEGER WriteTransferCount;
1203 LARGE_INTEGER OtherTransferCount;
1204 SIZE_T CommitChargeLimit;
1205 SIZE_T CommitChargePeak;
1206 PVOID AweInfo;
1207 SE_AUDIT_PROCESS_CREATION_INFO SeAuditProcessCreationInfo;
1208 MMSUPPORT Vm;
1209 #ifdef _M_AMD64
1210 ULONG Spares[2];
1211 #else
1212 LIST_ENTRY MmProcessLinks;
1213 #endif
1214 ULONG ModifiedPageCount;
1215 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1216 union
1217 {
1218 struct
1219 {
1220 ULONG JobNotReallyActive:1;
1221 ULONG AccountingFolded:1;
1222 ULONG NewProcessReported:1;
1223 ULONG ExitProcessReported:1;
1224 ULONG ReportCommitChanges:1;
1225 ULONG LastReportMemory:1;
1226 ULONG ReportPhysicalPageChanges:1;
1227 ULONG HandleTableRundown:1;
1228 ULONG NeedsHandleRundown:1;
1229 ULONG RefTraceEnabled:1;
1230 ULONG NumaAware:1;
1231 ULONG ProtectedProcess:1;
1232 ULONG DefaultPagePriority:3;
1233 ULONG ProcessDeleteSelf:1;
1234 ULONG ProcessVerifierTarget:1;
1235 };
1236 ULONG Flags2;
1237 };
1238 #else
1239 ULONG JobStatus;
1240 #endif
1241 union
1242 {
1243 struct
1244 {
1245 ULONG CreateReported:1;
1246 ULONG NoDebugInherit:1;
1247 ULONG ProcessExiting:1;
1248 ULONG ProcessDelete:1;
1249 ULONG Wow64SplitPages:1;
1250 ULONG VmDeleted:1;
1251 ULONG OutswapEnabled:1;
1252 ULONG Outswapped:1;
1253 ULONG ForkFailed:1;
1254 ULONG Wow64VaSpace4Gb:1;
1255 ULONG AddressSpaceInitialized:2;
1256 ULONG SetTimerResolution:1;
1257 ULONG BreakOnTermination:1;
1258 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1259 ULONG DeprioritizeViews:1;
1260 #else
1261 ULONG SessionCreationUnderway:1;
1262 #endif
1263 ULONG WriteWatch:1;
1264 ULONG ProcessInSession:1;
1265 ULONG OverrideAddressSpace:1;
1266 ULONG HasAddressSpace:1;
1267 ULONG LaunchPrefetched:1;
1268 ULONG InjectInpageErrors:1;
1269 ULONG VmTopDown:1;
1270 ULONG ImageNotifyDone:1;
1271 ULONG PdeUpdateNeeded:1;
1272 ULONG VdmAllowed:1;
1273 ULONG SmapAllowed:1;
1274 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1275 ULONG ProcessInserted:1;
1276 #else
1277 ULONG CreateFailed:1;
1278 #endif
1279 ULONG DefaultIoPriority:3;
1280 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1281 ULONG SparePsFlags1:2;
1282 #else
1283 ULONG Spare1:1;
1284 ULONG Spare2:1;
1285 #endif
1286 };
1287 ULONG Flags;
1288 };
1289 NTSTATUS ExitStatus;
1290 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1291 USHORT Spare7;
1292 #else
1293 USHORT NextPageColor;
1294 #endif
1295 union
1296 {
1297 struct
1298 {
1299 UCHAR SubSystemMinorVersion;
1300 UCHAR SubSystemMajorVersion;
1301 };
1302 USHORT SubSystemVersion;
1303 };
1304 UCHAR PriorityClass;
1305 MM_AVL_TABLE VadRoot;
1306 ULONG Cookie;
1307 } EPROCESS;
1308
1309 //
1310 // Job Token Filter Data
1311 //
1312 #include <pshpack1.h>
1313 typedef struct _PS_JOB_TOKEN_FILTER
1314 {
1315 ULONG CapturedSidCount;
1316 PSID_AND_ATTRIBUTES CapturedSids;
1317 ULONG CapturedSidsLength;
1318 ULONG CapturedGroupCount;
1319 PSID_AND_ATTRIBUTES CapturedGroups;
1320 ULONG CapturedGroupsLength;
1321 ULONG CapturedPrivilegeCount;
1322 PLUID_AND_ATTRIBUTES CapturedPrivileges;
1323 ULONG CapturedPrivilegesLength;
1324 } PS_JOB_TOKEN_FILTER, *PPS_JOB_TOKEN_FILTER;
1325
1326 //
1327 // Executive Job (EJOB)
1328 //
1329 typedef struct _EJOB
1330 {
1331 KEVENT Event;
1332 LIST_ENTRY JobLinks;
1333 LIST_ENTRY ProcessListHead;
1334 ERESOURCE JobLock;
1335 LARGE_INTEGER TotalUserTime;
1336 LARGE_INTEGER TotalKernelTime;
1337 LARGE_INTEGER ThisPeriodTotalUserTime;
1338 LARGE_INTEGER ThisPeriodTotalKernelTime;
1339 ULONG TotalPageFaultCount;
1340 ULONG TotalProcesses;
1341 ULONG ActiveProcesses;
1342 ULONG TotalTerminatedProcesses;
1343 LARGE_INTEGER PerProcessUserTimeLimit;
1344 LARGE_INTEGER PerJobUserTimeLimit;
1345 ULONG LimitFlags;
1346 ULONG MinimumWorkingSetSize;
1347 ULONG MaximumWorkingSetSize;
1348 ULONG ActiveProcessLimit;
1349 ULONG Affinity;
1350 UCHAR PriorityClass;
1351 ULONG UIRestrictionsClass;
1352 ULONG SecurityLimitFlags;
1353 PVOID Token;
1354 PPS_JOB_TOKEN_FILTER Filter;
1355 ULONG EndOfJobTimeAction;
1356 PVOID CompletionPort;
1357 PVOID CompletionKey;
1358 ULONG SessionId;
1359 ULONG SchedulingClass;
1360 ULONGLONG ReadOperationCount;
1361 ULONGLONG WriteOperationCount;
1362 ULONGLONG OtherOperationCount;
1363 ULONGLONG ReadTransferCount;
1364 ULONGLONG WriteTransferCount;
1365 ULONGLONG OtherTransferCount;
1366 IO_COUNTERS IoInfo;
1367 ULONG ProcessMemoryLimit;
1368 ULONG JobMemoryLimit;
1369 ULONG PeakProcessMemoryUsed;
1370 ULONG PeakJobMemoryUsed;
1371 ULONG CurrentJobMemoryUsed;
1372 #if (NTDDI_VERSION >= NTDDI_WINXP) && (NTDDI_VERSION < NTDDI_WS03)
1373 FAST_MUTEX MemoryLimitsLock;
1374 #elif (NTDDI_VERSION >= NTDDI_WS03) && (NTDDI_VERSION < NTDDI_LONGHORN)
1375 KGUARDED_MUTEX MemoryLimitsLock;
1376 #elif (NTDDI_VERSION >= NTDDI_LONGHORN)
1377 EX_PUSH_LOCK MemoryLimitsLock;
1378 #endif
1379 LIST_ENTRY JobSetLinks;
1380 ULONG MemberLevel;
1381 ULONG JobFlags;
1382 } EJOB, *PEJOB;
1383 #include <poppack.h>
1384
1385 //
1386 // Win32K Callback Registration Data
1387 //
1388 typedef struct _WIN32_POWEREVENT_PARAMETERS
1389 {
1390 PSPOWEREVENTTYPE EventNumber;
1391 ULONG Code;
1392 } WIN32_POWEREVENT_PARAMETERS, *PWIN32_POWEREVENT_PARAMETERS;
1393
1394 typedef struct _WIN32_POWERSTATE_PARAMETERS
1395 {
1396 UCHAR Promotion;
1397 POWER_ACTION SystemAction;
1398 SYSTEM_POWER_STATE MinSystemState;
1399 ULONG Flags;
1400 POWERSTATETASK PowerStateTask;
1401 } WIN32_POWERSTATE_PARAMETERS, *PWIN32_POWERSTATE_PARAMETERS;
1402
1403 typedef struct _WIN32_JOBCALLOUT_PARAMETERS
1404 {
1405 PVOID Job;
1406 PSW32JOBCALLOUTTYPE CalloutType;
1407 PVOID Data;
1408 } WIN32_JOBCALLOUT_PARAMETERS, *PWIN32_JOBCALLOUT_PARAMETERS;
1409
1410 typedef struct _WIN32_OPENMETHOD_PARAMETERS
1411 {
1412 OB_OPEN_REASON OpenReason;
1413 PEPROCESS Process;
1414 PVOID Object;
1415 ULONG GrantedAccess;
1416 ULONG HandleCount;
1417 } WIN32_OPENMETHOD_PARAMETERS, *PWIN32_OPENMETHOD_PARAMETERS;
1418
1419 typedef struct _WIN32_OKAYTOCLOSEMETHOD_PARAMETERS
1420 {
1421 PEPROCESS Process;
1422 PVOID Object;
1423 HANDLE Handle;
1424 KPROCESSOR_MODE PreviousMode;
1425 } WIN32_OKAYTOCLOSEMETHOD_PARAMETERS, *PWIN32_OKAYTOCLOSEMETHOD_PARAMETERS;
1426
1427 typedef struct _WIN32_CLOSEMETHOD_PARAMETERS
1428 {
1429 PEPROCESS Process;
1430 PVOID Object;
1431 ACCESS_MASK AccessMask;
1432 ULONG ProcessHandleCount;
1433 ULONG SystemHandleCount;
1434 } WIN32_CLOSEMETHOD_PARAMETERS, *PWIN32_CLOSEMETHOD_PARAMETERS;
1435
1436 typedef struct _WIN32_DELETEMETHOD_PARAMETERS
1437 {
1438 PVOID Object;
1439 } WIN32_DELETEMETHOD_PARAMETERS, *PWIN32_DELETEMETHOD_PARAMETERS;
1440
1441 typedef struct _WIN32_PARSEMETHOD_PARAMETERS
1442 {
1443 PVOID ParseObject;
1444 PVOID ObjectType;
1445 PACCESS_STATE AccessState;
1446 KPROCESSOR_MODE AccessMode;
1447 ULONG Attributes;
1448 _Out_ PUNICODE_STRING CompleteName;
1449 PUNICODE_STRING RemainingName;
1450 PVOID Context;
1451 PSECURITY_QUALITY_OF_SERVICE SecurityQos;
1452 PVOID *Object;
1453 } WIN32_PARSEMETHOD_PARAMETERS, *PWIN32_PARSEMETHOD_PARAMETERS;
1454
1455 typedef struct _WIN32_CALLOUTS_FPNS
1456 {
1457 PKWIN32_PROCESS_CALLOUT ProcessCallout;
1458 PKWIN32_THREAD_CALLOUT ThreadCallout;
1459 PKWIN32_GLOBALATOMTABLE_CALLOUT GlobalAtomTableCallout;
1460 PKWIN32_POWEREVENT_CALLOUT PowerEventCallout;
1461 PKWIN32_POWERSTATE_CALLOUT PowerStateCallout;
1462 PKWIN32_JOB_CALLOUT JobCallout;
1463 PGDI_BATCHFLUSH_ROUTINE BatchFlushRoutine;
1464 PKWIN32_SESSION_CALLOUT DesktopOpenProcedure;
1465 PKWIN32_SESSION_CALLOUT DesktopOkToCloseProcedure;
1466 PKWIN32_SESSION_CALLOUT DesktopCloseProcedure;
1467 PKWIN32_SESSION_CALLOUT DesktopDeleteProcedure;
1468 PKWIN32_SESSION_CALLOUT WindowStationOkToCloseProcedure;
1469 PKWIN32_SESSION_CALLOUT WindowStationCloseProcedure;
1470 PKWIN32_SESSION_CALLOUT WindowStationDeleteProcedure;
1471 PKWIN32_SESSION_CALLOUT WindowStationParseProcedure;
1472 PKWIN32_SESSION_CALLOUT WindowStationOpenProcedure;
1473 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1474 PKWIN32_WIN32DATACOLLECTION_CALLOUT Win32DataCollectionProcedure;
1475 #endif
1476 } WIN32_CALLOUTS_FPNS, *PWIN32_CALLOUTS_FPNS;
1477
1478 #endif // !NTOS_MODE_USER
1479
1480 #ifdef __cplusplus
1481 }; // extern "C"
1482 #endif
1483
1484 #endif // _PSTYPES_H
A free Windows-compatible Operating System