eb1ef0a05836aec70ef9d3a88cc48dab8723e391
[reactos.git] / reactos / sdk / include / ndk / pstypes.h
1 /*++ NDK Version: 0098
2
3 Copyright (c) Alex Ionescu. All rights reserved.
4
5 Header Name:
6
7 pstypes.h
8
9 Abstract:
10
11 Type definitions for the Process Manager
12
13 Author:
14
15 Alex Ionescu (alexi@tinykrnl.org) - Updated - 27-Feb-2006
16
17 --*/
18
19 #ifndef _PSTYPES_H
20 #define _PSTYPES_H
21
22 //
23 // Dependencies
24 //
25 #include <umtypes.h>
26 #include <ldrtypes.h>
27 #include <mmtypes.h>
28 #include <obtypes.h>
29 #include <rtltypes.h>
30 #ifndef NTOS_MODE_USER
31 #include <extypes.h>
32 #include <setypes.h>
33 #endif
34
35 #ifdef __cplusplus
36 extern "C" {
37 #endif
38
39 #ifndef NTOS_MODE_USER
40
41 //
42 // Kernel Exported Object Types
43 //
44 extern POBJECT_TYPE NTSYSAPI PsJobType;
45
46 #endif // !NTOS_MODE_USER
47
48 //
49 // KUSER_SHARED_DATA location in User Mode
50 //
51 #define USER_SHARED_DATA (0x7FFE0000)
52
53 //
54 // Global Flags
55 //
56 #define FLG_STOP_ON_EXCEPTION 0x00000001
57 #define FLG_SHOW_LDR_SNAPS 0x00000002
58 #define FLG_DEBUG_INITIAL_COMMAND 0x00000004
59 #define FLG_STOP_ON_HUNG_GUI 0x00000008
60 #define FLG_HEAP_ENABLE_TAIL_CHECK 0x00000010
61 #define FLG_HEAP_ENABLE_FREE_CHECK 0x00000020
62 #define FLG_HEAP_VALIDATE_PARAMETERS 0x00000040
63 #define FLG_HEAP_VALIDATE_ALL 0x00000080
64 #define FLG_POOL_ENABLE_TAIL_CHECK 0x00000100
65 #define FLG_POOL_ENABLE_FREE_CHECK 0x00000200
66 #define FLG_POOL_ENABLE_TAGGING 0x00000400
67 #define FLG_HEAP_ENABLE_TAGGING 0x00000800
68 #define FLG_USER_STACK_TRACE_DB 0x00001000
69 #define FLG_KERNEL_STACK_TRACE_DB 0x00002000
70 #define FLG_MAINTAIN_OBJECT_TYPELIST 0x00004000
71 #define FLG_HEAP_ENABLE_TAG_BY_DLL 0x00008000
72 #define FLG_DISABLE_STACK_EXTENSION 0x00010000
73 #define FLG_ENABLE_CSRDEBUG 0x00020000
74 #define FLG_ENABLE_KDEBUG_SYMBOL_LOAD 0x00040000
75 #define FLG_DISABLE_PAGE_KERNEL_STACKS 0x00080000
76 #if (NTDDI_VERSION < NTDDI_WINXP)
77 #define FLG_HEAP_ENABLE_CALL_TRACING 0x00100000
78 #else
79 #define FLG_ENABLE_SYSTEM_CRIT_BREAKS 0x00100000
80 #endif
81 #define FLG_HEAP_DISABLE_COALESCING 0x00200000
82 #define FLG_ENABLE_CLOSE_EXCEPTIONS 0x00400000
83 #define FLG_ENABLE_EXCEPTION_LOGGING 0x00800000
84 #define FLG_ENABLE_HANDLE_TYPE_TAGGING 0x01000000
85 #define FLG_HEAP_PAGE_ALLOCS 0x02000000
86 #define FLG_DEBUG_INITIAL_COMMAND_EX 0x04000000
87 #define FLG_VALID_BITS 0x07FFFFFF
88
89 //
90 // Flags for NtCreateProcessEx
91 //
92 #define PROCESS_CREATE_FLAGS_BREAKAWAY 0x00000001
93 #define PROCESS_CREATE_FLAGS_NO_DEBUG_INHERIT 0x00000002
94 #define PROCESS_CREATE_FLAGS_INHERIT_HANDLES 0x00000004
95 #define PROCESS_CREATE_FLAGS_OVERRIDE_ADDRESS_SPACE 0x00000008
96 #define PROCESS_CREATE_FLAGS_LARGE_PAGES 0x00000010
97 #define PROCESS_CREATE_FLAGS_ALL_LARGE_PAGE_FLAGS PROCESS_CREATE_FLAGS_LARGE_PAGES
98 #define PROCESS_CREATE_FLAGS_LEGAL_MASK (PROCESS_CREATE_FLAGS_BREAKAWAY | \
99 PROCESS_CREATE_FLAGS_NO_DEBUG_INHERIT | \
100 PROCESS_CREATE_FLAGS_INHERIT_HANDLES | \
101 PROCESS_CREATE_FLAGS_OVERRIDE_ADDRESS_SPACE | \
102 PROCESS_CREATE_FLAGS_ALL_LARGE_PAGE_FLAGS)
103
104 //
105 // Process priority classes
106 //
107 #define PROCESS_PRIORITY_CLASS_INVALID 0
108 #define PROCESS_PRIORITY_CLASS_IDLE 1
109 #define PROCESS_PRIORITY_CLASS_NORMAL 2
110 #define PROCESS_PRIORITY_CLASS_HIGH 3
111 #define PROCESS_PRIORITY_CLASS_REALTIME 4
112 #define PROCESS_PRIORITY_CLASS_BELOW_NORMAL 5
113 #define PROCESS_PRIORITY_CLASS_ABOVE_NORMAL 6
114
115 //
116 // Process base priorities
117 //
118 #define PROCESS_PRIORITY_IDLE 3
119 #define PROCESS_PRIORITY_NORMAL 8
120 #define PROCESS_PRIORITY_NORMAL_FOREGROUND 9
121
122 //
123 // Process memory priorities
124 //
125 #define MEMORY_PRIORITY_BACKGROUND 0
126 #define MEMORY_PRIORITY_UNKNOWN 1
127 #define MEMORY_PRIORITY_FOREGROUND 2
128
129 //
130 // Process Priority Separation Values (OR)
131 //
132 #define PSP_DEFAULT_QUANTUMS 0x00
133 #define PSP_VARIABLE_QUANTUMS 0x04
134 #define PSP_FIXED_QUANTUMS 0x08
135 #define PSP_LONG_QUANTUMS 0x10
136 #define PSP_SHORT_QUANTUMS 0x20
137
138 #ifndef NTOS_MODE_USER
139 //
140 // Thread Access Types
141 //
142 #define THREAD_QUERY_INFORMATION 0x0040
143 #define THREAD_SET_THREAD_TOKEN 0x0080
144 #define THREAD_IMPERSONATE 0x0100
145 #define THREAD_DIRECT_IMPERSONATION 0x0200
146
147 //
148 // Process Access Types
149 //
150 #define PROCESS_TERMINATE 0x0001
151 #define PROCESS_CREATE_THREAD 0x0002
152 #define PROCESS_SET_SESSIONID 0x0004
153 #define PROCESS_VM_OPERATION 0x0008
154 #define PROCESS_VM_READ 0x0010
155 #define PROCESS_VM_WRITE 0x0020
156 #define PROCESS_CREATE_PROCESS 0x0080
157 #define PROCESS_SET_QUOTA 0x0100
158 #define PROCESS_SET_INFORMATION 0x0200
159 #define PROCESS_QUERY_INFORMATION 0x0400
160 #define PROCESS_SUSPEND_RESUME 0x0800
161 #define PROCESS_QUERY_LIMITED_INFORMATION 0x1000
162 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
163 #define PROCESS_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | \
164 SYNCHRONIZE | \
165 0xFFFF)
166 #else
167 #define PROCESS_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | \
168 SYNCHRONIZE | \
169 0xFFF)
170 #endif
171
172 //
173 // Thread Base Priorities
174 //
175 #define THREAD_BASE_PRIORITY_LOWRT 15
176 #define THREAD_BASE_PRIORITY_MAX 2
177 #define THREAD_BASE_PRIORITY_MIN -2
178 #define THREAD_BASE_PRIORITY_IDLE -15
179
180 //
181 // TLS Slots
182 //
183 #define TLS_MINIMUM_AVAILABLE 64
184
185 //
186 // TEB Active Frame Flags
187 //
188 #define TEB_ACTIVE_FRAME_CONTEXT_FLAG_EXTENDED 0x1
189
190 //
191 // Job Access Types
192 //
193 #define JOB_OBJECT_ASSIGN_PROCESS 0x1
194 #define JOB_OBJECT_SET_ATTRIBUTES 0x2
195 #define JOB_OBJECT_QUERY 0x4
196 #define JOB_OBJECT_TERMINATE 0x8
197 #define JOB_OBJECT_SET_SECURITY_ATTRIBUTES 0x10
198 #define JOB_OBJECT_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | \
199 SYNCHRONIZE | \
200 31)
201
202 //
203 // Job Limit Flags
204 //
205 #define JOB_OBJECT_LIMIT_WORKINGSET 0x1
206 #define JOB_OBJECT_LIMIT_PROCESS_TIME 0x2
207 #define JOB_OBJECT_LIMIT_JOB_TIME 0x4
208 #define JOB_OBJECT_LIMIT_ACTIVE_PROCESS 0x8
209 #define JOB_OBJECT_LIMIT_AFFINITY 0x10
210 #define JOB_OBJECT_LIMIT_PRIORITY_CLASS 0x20
211 #define JOB_OBJECT_LIMIT_PRESERVE_JOB_TIME 0x40
212 #define JOB_OBJECT_LIMIT_SCHEDULING_CLASS 0x80
213 #define JOB_OBJECT_LIMIT_PROCESS_MEMORY 0x100
214 #define JOB_OBJECT_LIMIT_JOB_MEMORY 0x200
215 #define JOB_OBJECT_LIMIT_DIE_ON_UNHANDLED_EXCEPTION 0x400
216 #define JOB_OBJECT_LIMIT_BREAKAWAY_OK 0x800
217 #define JOB_OBJECT_LIMIT_SILENT_BREAKAWAY_OK 0x1000
218 #define JOB_OBJECT_LIMIT_KILL_ON_JOB_CLOSE 0x2000
219
220 //
221 // Cross Thread Flags
222 //
223 #define CT_TERMINATED_BIT 0x1
224 #define CT_DEAD_THREAD_BIT 0x2
225 #define CT_HIDE_FROM_DEBUGGER_BIT 0x4
226 #define CT_ACTIVE_IMPERSONATION_INFO_BIT 0x8
227 #define CT_SYSTEM_THREAD_BIT 0x10
228 #define CT_HARD_ERRORS_ARE_DISABLED_BIT 0x20
229 #define CT_BREAK_ON_TERMINATION_BIT 0x40
230 #define CT_SKIP_CREATION_MSG_BIT 0x80
231 #define CT_SKIP_TERMINATION_MSG_BIT 0x100
232
233 //
234 // Same Thread Passive Flags
235 //
236 #define STP_ACTIVE_EX_WORKER_BIT 0x1
237 #define STP_EX_WORKER_CAN_WAIT_USER_BIT 0x2
238 #define STP_MEMORY_MAKER_BIT 0x4
239 #define STP_KEYED_EVENT_IN_USE_BIT 0x8
240
241 //
242 // Same Thread APC Flags
243 //
244 #define STA_LPC_RECEIVED_MSG_ID_VALID_BIT 0x1
245 #define STA_LPC_EXIT_THREAD_CALLED_BIT 0x2
246 #define STA_ADDRESS_SPACE_OWNER_BIT 0x4
247 #define STA_OWNS_WORKING_SET_BITS 0x1F8
248
249 //
250 // Kernel Process flags (maybe in ketypes.h?)
251 //
252 #define KPSF_AUTO_ALIGNMENT_BIT 0
253 #define KPSF_DISABLE_BOOST_BIT 1
254
255 //
256 // Process Flags
257 //
258 #define PSF_CREATE_REPORTED_BIT 0x1
259 #define PSF_NO_DEBUG_INHERIT_BIT 0x2
260 #define PSF_PROCESS_EXITING_BIT 0x4
261 #define PSF_PROCESS_DELETE_BIT 0x8
262 #define PSF_WOW64_SPLIT_PAGES_BIT 0x10
263 #define PSF_VM_DELETED_BIT 0x20
264 #define PSF_OUTSWAP_ENABLED_BIT 0x40
265 #define PSF_OUTSWAPPED_BIT 0x80
266 #define PSF_FORK_FAILED_BIT 0x100
267 #define PSF_WOW64_VA_SPACE_4GB_BIT 0x200
268 #define PSF_ADDRESS_SPACE_INITIALIZED_BIT 0x400
269 #define PSF_SET_TIMER_RESOLUTION_BIT 0x1000
270 #define PSF_BREAK_ON_TERMINATION_BIT 0x2000
271 #define PSF_SESSION_CREATION_UNDERWAY_BIT 0x4000
272 #define PSF_WRITE_WATCH_BIT 0x8000
273 #define PSF_PROCESS_IN_SESSION_BIT 0x10000
274 #define PSF_OVERRIDE_ADDRESS_SPACE_BIT 0x20000
275 #define PSF_HAS_ADDRESS_SPACE_BIT 0x40000
276 #define PSF_LAUNCH_PREFETCHED_BIT 0x80000
277 #define PSF_INJECT_INPAGE_ERRORS_BIT 0x100000
278 #define PSF_VM_TOP_DOWN_BIT 0x200000
279 #define PSF_IMAGE_NOTIFY_DONE_BIT 0x400000
280 #define PSF_PDE_UPDATE_NEEDED_BIT 0x800000
281 #define PSF_VDM_ALLOWED_BIT 0x1000000
282 #define PSF_SWAP_ALLOWED_BIT 0x2000000
283 #define PSF_CREATE_FAILED_BIT 0x4000000
284 #define PSF_DEFAULT_IO_PRIORITY_BIT 0x8000000
285
286 //
287 // Vista Process Flags
288 //
289 #define PSF2_PROTECTED_BIT 0x800
290 #endif
291
292 //
293 // TLS/FLS Defines
294 //
295 #define TLS_EXPANSION_SLOTS 1024
296
297 #ifdef NTOS_MODE_USER
298 //
299 // Thread Native Base Priorities
300 //
301 #define LOW_PRIORITY 0
302 #define LOW_REALTIME_PRIORITY 16
303 #define HIGH_PRIORITY 31
304 #define MAXIMUM_PRIORITY 32
305
306 //
307 // Current Process/Thread built-in 'special' handles
308 //
309 #define NtCurrentProcess() ((HANDLE)(LONG_PTR)-1)
310 #define ZwCurrentProcess() NtCurrentProcess()
311 #define NtCurrentThread() ((HANDLE)(LONG_PTR)-2)
312 #define ZwCurrentThread() NtCurrentThread()
313
314 //
315 // Process/Thread/Job Information Classes for NtQueryInformationProcess/Thread/Job
316 //
317 typedef enum _PROCESSINFOCLASS
318 {
319 ProcessBasicInformation,
320 ProcessQuotaLimits,
321 ProcessIoCounters,
322 ProcessVmCounters,
323 ProcessTimes,
324 ProcessBasePriority,
325 ProcessRaisePriority,
326 ProcessDebugPort,
327 ProcessExceptionPort,
328 ProcessAccessToken,
329 ProcessLdtInformation,
330 ProcessLdtSize,
331 ProcessDefaultHardErrorMode,
332 ProcessIoPortHandlers,
333 ProcessPooledUsageAndLimits,
334 ProcessWorkingSetWatch,
335 ProcessUserModeIOPL,
336 ProcessEnableAlignmentFaultFixup,
337 ProcessPriorityClass,
338 ProcessWx86Information,
339 ProcessHandleCount,
340 ProcessAffinityMask,
341 ProcessPriorityBoost,
342 ProcessDeviceMap,
343 ProcessSessionInformation,
344 ProcessForegroundInformation,
345 ProcessWow64Information,
346 ProcessImageFileName,
347 ProcessLUIDDeviceMapsEnabled,
348 ProcessBreakOnTermination,
349 ProcessDebugObjectHandle,
350 ProcessDebugFlags,
351 ProcessHandleTracing,
352 ProcessIoPriority,
353 ProcessExecuteFlags,
354 ProcessTlsInformation,
355 ProcessCookie,
356 ProcessImageInformation,
357 ProcessCycleTime,
358 ProcessPagePriority,
359 ProcessInstrumentationCallback,
360 ProcessThreadStackAllocation,
361 ProcessWorkingSetWatchEx,
362 ProcessImageFileNameWin32,
363 ProcessImageFileMapping,
364 ProcessAffinityUpdateMode,
365 ProcessMemoryAllocationMode,
366 MaxProcessInfoClass
367 } PROCESSINFOCLASS;
368
369 typedef enum _THREADINFOCLASS
370 {
371 ThreadBasicInformation,
372 ThreadTimes,
373 ThreadPriority,
374 ThreadBasePriority,
375 ThreadAffinityMask,
376 ThreadImpersonationToken,
377 ThreadDescriptorTableEntry,
378 ThreadEnableAlignmentFaultFixup,
379 ThreadEventPair_Reusable,
380 ThreadQuerySetWin32StartAddress,
381 ThreadZeroTlsCell,
382 ThreadPerformanceCount,
383 ThreadAmILastThread,
384 ThreadIdealProcessor,
385 ThreadPriorityBoost,
386 ThreadSetTlsArrayAddress,
387 ThreadIsIoPending,
388 ThreadHideFromDebugger,
389 ThreadBreakOnTermination,
390 ThreadSwitchLegacyState,
391 ThreadIsTerminated,
392 ThreadLastSystemCall,
393 ThreadIoPriority,
394 ThreadCycleTime,
395 ThreadPagePriority,
396 ThreadActualBasePriority,
397 ThreadTebInformation,
398 ThreadCSwitchMon,
399 MaxThreadInfoClass
400 } THREADINFOCLASS;
401
402 #else
403
404 typedef enum _PSPROCESSPRIORITYMODE
405 {
406 PsProcessPriorityForeground,
407 PsProcessPriorityBackground,
408 PsProcessPrioritySpinning
409 } PSPROCESSPRIORITYMODE;
410
411 typedef enum _JOBOBJECTINFOCLASS
412 {
413 JobObjectBasicAccountingInformation = 1,
414 JobObjectBasicLimitInformation,
415 JobObjectBasicProcessIdList,
416 JobObjectBasicUIRestrictions,
417 JobObjectSecurityLimitInformation,
418 JobObjectEndOfJobTimeInformation,
419 JobObjectAssociateCompletionPortInformation,
420 JobObjectBasicAndIoAccountingInformation,
421 JobObjectExtendedLimitInformation,
422 JobObjectJobSetInformation,
423 MaxJobObjectInfoClass
424 } JOBOBJECTINFOCLASS;
425
426 //
427 // Power Event Events for Win32K Power Event Callback
428 //
429 typedef enum _PSPOWEREVENTTYPE
430 {
431 PsW32FullWake = 0,
432 PsW32EventCode = 1,
433 PsW32PowerPolicyChanged = 2,
434 PsW32SystemPowerState = 3,
435 PsW32SystemTime = 4,
436 PsW32DisplayState = 5,
437 PsW32CapabilitiesChanged = 6,
438 PsW32SetStateFailed = 7,
439 PsW32GdiOff = 8,
440 PsW32GdiOn = 9,
441 PsW32GdiPrepareResumeUI = 10,
442 PsW32GdiOffRequest = 11,
443 PsW32MonitorOff = 12,
444 } PSPOWEREVENTTYPE;
445
446 //
447 // Power State Tasks for Win32K Power State Callback
448 //
449 typedef enum _POWERSTATETASK
450 {
451 PowerState_BlockSessionSwitch = 0,
452 PowerState_Init = 1,
453 PowerState_QueryApps = 2,
454 PowerState_QueryServices = 3,
455 PowerState_QueryAppsFailed = 4,
456 PowerState_QueryServicesFailed = 5,
457 PowerState_SuspendApps = 6,
458 PowerState_SuspendServices = 7,
459 PowerState_ShowUI = 8,
460 PowerState_NotifyWL = 9,
461 PowerState_ResumeApps = 10,
462 PowerState_ResumeServices = 11,
463 PowerState_UnBlockSessionSwitch = 12,
464 PowerState_End = 13,
465 PowerState_BlockInput = 14,
466 PowerState_UnblockInput = 15,
467 } POWERSTATETASK;
468
469 //
470 // Win32K Job Callback Types
471 //
472 typedef enum _PSW32JOBCALLOUTTYPE
473 {
474 PsW32JobCalloutSetInformation = 0,
475 PsW32JobCalloutAddProcess = 1,
476 PsW32JobCalloutTerminate = 2,
477 } PSW32JOBCALLOUTTYPE;
478
479 //
480 // Win32K Thread Callback Types
481 //
482 typedef enum _PSW32THREADCALLOUTTYPE
483 {
484 PsW32ThreadCalloutInitialize,
485 PsW32ThreadCalloutExit,
486 } PSW32THREADCALLOUTTYPE;
487
488 //
489 // Declare empty structure definitions so that they may be referenced by
490 // routines before they are defined
491 //
492 struct _W32THREAD;
493 struct _W32PROCESS;
494 //struct _ETHREAD;
495 struct _WIN32_POWEREVENT_PARAMETERS;
496 struct _WIN32_POWERSTATE_PARAMETERS;
497 struct _WIN32_JOBCALLOUT_PARAMETERS;
498 struct _WIN32_OPENMETHOD_PARAMETERS;
499 struct _WIN32_OKAYTOCLOSEMETHOD_PARAMETERS;
500 struct _WIN32_CLOSEMETHOD_PARAMETERS;
501 struct _WIN32_DELETEMETHOD_PARAMETERS;
502 struct _WIN32_PARSEMETHOD_PARAMETERS;
503
504 //
505 // Win32K Process and Thread Callbacks
506 //
507 typedef
508 NTSTATUS
509 (NTAPI *PKWIN32_PROCESS_CALLOUT)(
510 _In_ struct _EPROCESS *Process,
511 _In_ BOOLEAN Create
512 );
513
514 typedef
515 NTSTATUS
516 (NTAPI *PKWIN32_THREAD_CALLOUT)(
517 _In_ struct _ETHREAD *Thread,
518 _In_ PSW32THREADCALLOUTTYPE Type
519 );
520
521 typedef
522 NTSTATUS
523 (NTAPI *PKWIN32_GLOBALATOMTABLE_CALLOUT)(
524 VOID
525 );
526
527 typedef
528 NTSTATUS
529 (NTAPI *PKWIN32_POWEREVENT_CALLOUT)(
530 _In_ struct _WIN32_POWEREVENT_PARAMETERS *Parameters
531 );
532
533 typedef
534 NTSTATUS
535 (NTAPI *PKWIN32_POWERSTATE_CALLOUT)(
536 _In_ struct _WIN32_POWERSTATE_PARAMETERS *Parameters
537 );
538
539 typedef
540 NTSTATUS
541 (NTAPI *PKWIN32_JOB_CALLOUT)(
542 _In_ struct _WIN32_JOBCALLOUT_PARAMETERS *Parameters
543 );
544
545 typedef
546 NTSTATUS
547 (NTAPI *PGDI_BATCHFLUSH_ROUTINE)(
548 VOID
549 );
550
551 typedef
552 NTSTATUS
553 (NTAPI *PKWIN32_OPENMETHOD_CALLOUT)(
554 _In_ struct _WIN32_OPENMETHOD_PARAMETERS *Parameters
555 );
556
557 typedef
558 NTSTATUS
559 (NTAPI *PKWIN32_OKTOCLOSEMETHOD_CALLOUT)(
560 _In_ struct _WIN32_OKAYTOCLOSEMETHOD_PARAMETERS *Parameters
561 );
562
563 typedef
564 NTSTATUS
565 (NTAPI *PKWIN32_CLOSEMETHOD_CALLOUT)(
566 _In_ struct _WIN32_CLOSEMETHOD_PARAMETERS *Parameters
567 );
568
569 typedef
570 NTSTATUS
571 (NTAPI *PKWIN32_DELETEMETHOD_CALLOUT)(
572 _In_ struct _WIN32_DELETEMETHOD_PARAMETERS *Parameters
573 );
574
575 typedef
576 NTSTATUS
577 (NTAPI *PKWIN32_PARSEMETHOD_CALLOUT)(
578 _In_ struct _WIN32_PARSEMETHOD_PARAMETERS *Parameters
579 );
580
581 typedef
582 NTSTATUS
583 (NTAPI *PKWIN32_SESSION_CALLOUT)(
584 _In_ PVOID Parameter
585 );
586
587 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
588 typedef
589 NTSTATUS
590 (NTAPI *PKWIN32_WIN32DATACOLLECTION_CALLOUT)(
591 _In_ struct _EPROCESS *Process,
592 _In_ PVOID Callback,
593 _In_ PVOID Context
594 );
595 #endif
596
597 //
598 // Lego Callback
599 //
600 typedef
601 VOID
602 (NTAPI *PLEGO_NOTIFY_ROUTINE)(
603 _In_ PKTHREAD Thread
604 );
605
606 #endif
607
608 typedef NTSTATUS
609 (NTAPI *PPOST_PROCESS_INIT_ROUTINE)(
610 VOID
611 );
612
613 //
614 // Descriptor Table Entry Definition
615 //
616 #if (_M_IX86)
617 #define _DESCRIPTOR_TABLE_ENTRY_DEFINED
618 typedef struct _DESCRIPTOR_TABLE_ENTRY
619 {
620 ULONG Selector;
621 LDT_ENTRY Descriptor;
622 } DESCRIPTOR_TABLE_ENTRY, *PDESCRIPTOR_TABLE_ENTRY;
623 #endif
624
625 //
626 // PEB Lock Routine
627 //
628 typedef VOID
629 (NTAPI *PPEBLOCKROUTINE)(
630 PVOID PebLock
631 );
632
633 //
634 // PEB Free Block Descriptor
635 //
636 typedef struct _PEB_FREE_BLOCK
637 {
638 struct _PEB_FREE_BLOCK* Next;
639 ULONG Size;
640 } PEB_FREE_BLOCK, *PPEB_FREE_BLOCK;
641
642 //
643 // Initial PEB
644 //
645 typedef struct _INITIAL_PEB
646 {
647 BOOLEAN InheritedAddressSpace;
648 BOOLEAN ReadImageFileExecOptions;
649 BOOLEAN BeingDebugged;
650 union
651 {
652 BOOLEAN BitField;
653 #if (NTDDI_VERSION >= NTDDI_WS03)
654 struct
655 {
656 BOOLEAN ImageUsesLargePages:1;
657 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
658 BOOLEAN IsProtectedProcess:1;
659 BOOLEAN IsLegacyProcess:1;
660 BOOLEAN SpareBits:5;
661 #else
662 BOOLEAN SpareBits:7;
663 #endif
664 };
665 #else
666 BOOLEAN SpareBool;
667 #endif
668 };
669 HANDLE Mutant;
670 } INITIAL_PEB, *PINITIAL_PEB;
671
672 //
673 // Initial TEB
674 //
675 typedef struct _INITIAL_TEB
676 {
677 PVOID PreviousStackBase;
678 PVOID PreviousStackLimit;
679 PVOID StackBase;
680 PVOID StackLimit;
681 PVOID AllocatedStackBase;
682 } INITIAL_TEB, *PINITIAL_TEB;
683
684 //
685 // TEB Active Frame Structures
686 //
687 typedef struct _TEB_ACTIVE_FRAME_CONTEXT
688 {
689 ULONG Flags;
690 LPSTR FrameName;
691 } TEB_ACTIVE_FRAME_CONTEXT, *PTEB_ACTIVE_FRAME_CONTEXT;
692 typedef const struct _TEB_ACTIVE_FRAME_CONTEXT *PCTEB_ACTIVE_FRAME_CONTEXT;
693
694 typedef struct _TEB_ACTIVE_FRAME_CONTEXT_EX
695 {
696 TEB_ACTIVE_FRAME_CONTEXT BasicContext;
697 PCSTR SourceLocation;
698 } TEB_ACTIVE_FRAME_CONTEXT_EX, *PTEB_ACTIVE_FRAME_CONTEXT_EX;
699 typedef const struct _TEB_ACTIVE_FRAME_CONTEXT_EX *PCTEB_ACTIVE_FRAME_CONTEXT_EX;
700
701 typedef struct _TEB_ACTIVE_FRAME
702 {
703 ULONG Flags;
704 struct _TEB_ACTIVE_FRAME *Previous;
705 PCTEB_ACTIVE_FRAME_CONTEXT Context;
706 } TEB_ACTIVE_FRAME, *PTEB_ACTIVE_FRAME;
707 typedef const struct _TEB_ACTIVE_FRAME *PCTEB_ACTIVE_FRAME;
708
709 typedef struct _TEB_ACTIVE_FRAME_EX
710 {
711 TEB_ACTIVE_FRAME BasicFrame;
712 PVOID ExtensionIdentifier;
713 } TEB_ACTIVE_FRAME_EX, *PTEB_ACTIVE_FRAME_EX;
714 typedef const struct _TEB_ACTIVE_FRAME_EX *PCTEB_ACTIVE_FRAME_EX;
715
716 typedef struct _CLIENT_ID32
717 {
718 ULONG UniqueProcess;
719 ULONG UniqueThread;
720 } CLIENT_ID32, *PCLIENT_ID32;
721
722 typedef struct _CLIENT_ID64
723 {
724 ULONG64 UniqueProcess;
725 ULONG64 UniqueThread;
726 } CLIENT_ID64, *PCLIENT_ID64;
727
728 #if (NTDDI_VERSION < NTDDI_WS03)
729 typedef struct _Wx86ThreadState
730 {
731 PULONG CallBx86Eip;
732 PVOID DeallocationCpu;
733 BOOLEAN UseKnownWx86Dll;
734 CHAR OleStubInvoked;
735 } Wx86ThreadState, *PWx86ThreadState;
736 #endif
737
738 //
739 // PEB.AppCompatFlags
740 // Tag FLAG_MASK_KERNEL
741 //
742 typedef enum _APPCOMPAT_FLAGS
743 {
744 GetShortPathNameNT4 = 0x1,
745 GetDiskFreeSpace2GB = 0x8,
746 FTMFromCurrentAPI = 0x20,
747 DisallowCOMBindingNotifications = 0x40,
748 Ole32ValidatePointers = 0x80,
749 DisableCicero = 0x100,
750 Ole32EnableAsyncDocFile = 0x200,
751 EnableLegacyExceptionHandlinginOLE = 0x400,
752 DisableAdvanceRPCClientHardening = 0x800,
753 DisableMaybeNULLSizeisConsistencycheck = 0x1000,
754 DisableAdvancedRPCrangeCheck = 0x4000,
755 EnableLegacyExceptionHandlingInRPC = 0x8000,
756 EnableLegacyNTFSFlagsForDocfileOpens = 0x10000,
757 DisableNDRIIDConsistencyCheck = 0x20000,
758 UserDisableForwarderPatch = 0x40000,
759 DisableNewWMPAINTDispatchInOLE = 0x100000,
760 DoNotAddToCache = 0x80000000,
761 } APPCOMPAT_FLAGS;
762
763
764 //
765 // Process Environment Block (PEB)
766 // Thread Environment Block (TEB)
767 //
768 #include "peb_teb.h"
769
770 #ifdef _WIN64
771 //
772 // Explicit 32 bit PEB/TEB
773 //
774 #define EXPLICIT_32BIT
775 #include "peb_teb.h"
776 #undef EXPLICIT_32BIT
777
778 //
779 // Explicit 64 bit PEB/TEB
780 //
781 #define EXPLICIT_64BIT
782 #include "peb_teb.h"
783 #undef EXPLICIT_64BIT
784 #endif
785
786 #ifdef NTOS_MODE_USER
787
788 //
789 // Process Information Structures for NtQueryProcessInformation
790 //
791 typedef struct _PROCESS_BASIC_INFORMATION
792 {
793 NTSTATUS ExitStatus;
794 PPEB PebBaseAddress;
795 ULONG_PTR AffinityMask;
796 KPRIORITY BasePriority;
797 ULONG_PTR UniqueProcessId;
798 ULONG_PTR InheritedFromUniqueProcessId;
799 } PROCESS_BASIC_INFORMATION, *PPROCESS_BASIC_INFORMATION;
800
801 typedef struct _PROCESS_ACCESS_TOKEN
802 {
803 HANDLE Token;
804 HANDLE Thread;
805 } PROCESS_ACCESS_TOKEN, *PPROCESS_ACCESS_TOKEN;
806
807 typedef struct _PROCESS_DEVICEMAP_INFORMATION
808 {
809 union
810 {
811 struct
812 {
813 HANDLE DirectoryHandle;
814 } Set;
815 struct
816 {
817 ULONG DriveMap;
818 UCHAR DriveType[32];
819 } Query;
820 };
821 } PROCESS_DEVICEMAP_INFORMATION, *PPROCESS_DEVICEMAP_INFORMATION;
822
823 typedef struct _KERNEL_USER_TIMES
824 {
825 LARGE_INTEGER CreateTime;
826 LARGE_INTEGER ExitTime;
827 LARGE_INTEGER KernelTime;
828 LARGE_INTEGER UserTime;
829 } KERNEL_USER_TIMES, *PKERNEL_USER_TIMES;
830
831 typedef struct _POOLED_USAGE_AND_LIMITS
832 {
833 SIZE_T PeakPagedPoolUsage;
834 SIZE_T PagedPoolUsage;
835 SIZE_T PagedPoolLimit;
836 SIZE_T PeakNonPagedPoolUsage;
837 SIZE_T NonPagedPoolUsage;
838 SIZE_T NonPagedPoolLimit;
839 SIZE_T PeakPagefileUsage;
840 SIZE_T PagefileUsage;
841 SIZE_T PagefileLimit;
842 } POOLED_USAGE_AND_LIMITS, *PPOOLED_USAGE_AND_LIMITS;
843
844 typedef struct _PROCESS_SESSION_INFORMATION
845 {
846 ULONG SessionId;
847 } PROCESS_SESSION_INFORMATION, *PPROCESS_SESSION_INFORMATION;
848
849 #endif
850
851 typedef struct _PROCESS_PRIORITY_CLASS
852 {
853 BOOLEAN Foreground;
854 UCHAR PriorityClass;
855 } PROCESS_PRIORITY_CLASS, *PPROCESS_PRIORITY_CLASS;
856
857 typedef struct _PROCESS_FOREGROUND_BACKGROUND
858 {
859 BOOLEAN Foreground;
860 } PROCESS_FOREGROUND_BACKGROUND, *PPROCESS_FOREGROUND_BACKGROUND;
861
862 //
863 // Apphelp SHIM Cache
864 //
865 typedef enum _APPHELPCACHESERVICECLASS
866 {
867 ApphelpCacheServiceLookup = 0,
868 ApphelpCacheServiceRemove = 1,
869 ApphelpCacheServiceUpdate = 2,
870 ApphelpCacheServiceFlush = 3,
871 ApphelpCacheServiceDump = 4,
872
873 ApphelpDBGReadRegistry = 0x100,
874 ApphelpDBGWriteRegistry = 0x101,
875 } APPHELPCACHESERVICECLASS;
876
877
878 typedef struct _APPHELP_CACHE_SERVICE_LOOKUP
879 {
880 UNICODE_STRING ImageName;
881 HANDLE ImageHandle;
882 } APPHELP_CACHE_SERVICE_LOOKUP, *PAPPHELP_CACHE_SERVICE_LOOKUP;
883
884
885 //
886 // Thread Information Structures for NtQueryProcessInformation
887 //
888 typedef struct _THREAD_BASIC_INFORMATION
889 {
890 NTSTATUS ExitStatus;
891 PVOID TebBaseAddress;
892 CLIENT_ID ClientId;
893 KAFFINITY AffinityMask;
894 KPRIORITY Priority;
895 KPRIORITY BasePriority;
896 } THREAD_BASIC_INFORMATION, *PTHREAD_BASIC_INFORMATION;
897
898 #ifndef NTOS_MODE_USER
899
900 //
901 // Job Set Array
902 //
903 typedef struct _JOB_SET_ARRAY
904 {
905 HANDLE JobHandle;
906 ULONG MemberLevel;
907 ULONG Flags;
908 } JOB_SET_ARRAY, *PJOB_SET_ARRAY;
909
910 //
911 // EPROCESS Quota Structures
912 //
913 typedef struct _EPROCESS_QUOTA_ENTRY
914 {
915 SIZE_T Usage;
916 SIZE_T Limit;
917 SIZE_T Peak;
918 SIZE_T Return;
919 } EPROCESS_QUOTA_ENTRY, *PEPROCESS_QUOTA_ENTRY;
920
921 typedef struct _EPROCESS_QUOTA_BLOCK
922 {
923 EPROCESS_QUOTA_ENTRY QuotaEntry[3];
924 LIST_ENTRY QuotaList;
925 ULONG ReferenceCount;
926 ULONG ProcessCount;
927 } EPROCESS_QUOTA_BLOCK, *PEPROCESS_QUOTA_BLOCK;
928
929 //
930 // Process Pagefault History
931 //
932 typedef struct _PAGEFAULT_HISTORY
933 {
934 ULONG CurrentIndex;
935 ULONG MapIndex;
936 KSPIN_LOCK SpinLock;
937 PVOID Reserved;
938 PROCESS_WS_WATCH_INFORMATION WatchInfo[1];
939 } PAGEFAULT_HISTORY, *PPAGEFAULT_HISTORY;
940
941 //
942 // Process Impersonation Information
943 //
944 typedef struct _PS_IMPERSONATION_INFORMATION
945 {
946 PACCESS_TOKEN Token;
947 BOOLEAN CopyOnOpen;
948 BOOLEAN EffectiveOnly;
949 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
950 } PS_IMPERSONATION_INFORMATION, *PPS_IMPERSONATION_INFORMATION;
951
952 //
953 // Process Termination Port
954 //
955 typedef struct _TERMINATION_PORT
956 {
957 struct _TERMINATION_PORT *Next;
958 PVOID Port;
959 } TERMINATION_PORT, *PTERMINATION_PORT;
960
961 //
962 // Per-Process APC Rate Limiting
963 //
964 typedef struct _PSP_RATE_APC
965 {
966 union
967 {
968 SINGLE_LIST_ENTRY NextApc;
969 ULONGLONG ExcessCycles;
970 };
971 ULONGLONG TargetGEneration;
972 KAPC RateApc;
973 } PSP_RATE_APC, *PPSP_RATE_APC;
974
975 //
976 // Executive Thread (ETHREAD)
977 //
978 typedef struct _ETHREAD
979 {
980 KTHREAD Tcb;
981 LARGE_INTEGER CreateTime;
982 union
983 {
984 LARGE_INTEGER ExitTime;
985 LIST_ENTRY LpcReplyChain;
986 LIST_ENTRY KeyedWaitChain;
987 };
988 union
989 {
990 NTSTATUS ExitStatus;
991 PVOID OfsChain;
992 };
993 LIST_ENTRY PostBlockList;
994 union
995 {
996 struct _TERMINATION_PORT *TerminationPort;
997 struct _ETHREAD *ReaperLink;
998 PVOID KeyedWaitValue;
999 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1000 PVOID Win32StartParameter;
1001 #endif
1002 };
1003 KSPIN_LOCK ActiveTimerListLock;
1004 LIST_ENTRY ActiveTimerListHead;
1005 CLIENT_ID Cid;
1006 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1007 KSEMAPHORE KeyedWaitSemaphore;
1008 #else
1009 union
1010 {
1011 KSEMAPHORE LpcReplySemaphore;
1012 KSEMAPHORE KeyedWaitSemaphore;
1013 };
1014 union
1015 {
1016 PVOID LpcReplyMessage;
1017 PVOID LpcWaitingOnPort;
1018 };
1019 #endif
1020 PPS_IMPERSONATION_INFORMATION ImpersonationInfo;
1021 LIST_ENTRY IrpList;
1022 ULONG_PTR TopLevelIrp;
1023 PDEVICE_OBJECT DeviceToVerify;
1024 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1025 PPSP_RATE_APC RateControlApc;
1026 #else
1027 struct _EPROCESS *ThreadsProcess;
1028 #endif
1029 PVOID Win32StartAddress;
1030 union
1031 {
1032 PKSTART_ROUTINE StartAddress;
1033 ULONG LpcReceivedMessageId;
1034 };
1035 LIST_ENTRY ThreadListEntry;
1036 EX_RUNDOWN_REF RundownProtect;
1037 EX_PUSH_LOCK ThreadLock;
1038 #if (NTDDI_VERSION < NTDDI_LONGHORN)
1039 ULONG LpcReplyMessageId;
1040 #endif
1041 ULONG ReadClusterSize;
1042 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1043 ULONG SpareUlong0;
1044 #else
1045 ACCESS_MASK GrantedAccess;
1046 #endif
1047 union
1048 {
1049 struct
1050 {
1051 ULONG Terminated:1;
1052 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1053 ULONG ThreadInserted:1;
1054 #else
1055 ULONG DeadThread:1;
1056 #endif
1057 ULONG HideFromDebugger:1;
1058 ULONG ActiveImpersonationInfo:1;
1059 ULONG SystemThread:1;
1060 ULONG HardErrorsAreDisabled:1;
1061 ULONG BreakOnTermination:1;
1062 ULONG SkipCreationMsg:1;
1063 ULONG SkipTerminationMsg:1;
1064 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1065 ULONG CreateMsgSent:1;
1066 ULONG ThreadIoPriority:3;
1067 ULONG ThreadPagePriority:3;
1068 ULONG PendingRatecontrol:1;
1069 #endif
1070 };
1071 ULONG CrossThreadFlags;
1072 };
1073 union
1074 {
1075 struct
1076 {
1077 ULONG ActiveExWorker:1;
1078 ULONG ExWorkerCanWaitUser:1;
1079 ULONG MemoryMaker:1;
1080 ULONG KeyedEventInUse:1;
1081 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1082 ULONG RateApcState:2;
1083 #endif
1084 };
1085 ULONG SameThreadPassiveFlags;
1086 };
1087 union
1088 {
1089 struct
1090 {
1091 ULONG LpcReceivedMsgIdValid:1;
1092 ULONG LpcExitThreadCalled:1;
1093 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1094 ULONG Spare:1;
1095 #else
1096 ULONG AddressSpaceOwner:1;
1097 #endif
1098 ULONG OwnsProcessWorkingSetExclusive:1;
1099 ULONG OwnsProcessWorkingSetShared:1;
1100 ULONG OwnsSystemWorkingSetExclusive:1;
1101 ULONG OwnsSystemWorkingSetShared:1;
1102 ULONG OwnsSessionWorkingSetExclusive:1;
1103 ULONG OwnsSessionWorkingSetShared:1;
1104 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1105 ULONG SuppressSymbolLoad:1;
1106 ULONG Spare1:3;
1107 ULONG PriorityRegionActive:4;
1108 #else
1109 ULONG ApcNeeded:1;
1110 #endif
1111 };
1112 ULONG SameThreadApcFlags;
1113 };
1114 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1115 UCHAR CacheManagerActive;
1116 #else
1117 UCHAR ForwardClusterOnly;
1118 #endif
1119 UCHAR DisablePageFaultClustering;
1120 UCHAR ActiveFaultCount;
1121 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1122 ULONG AlpcMessageId;
1123 union
1124 {
1125 PVOID AlpcMessage;
1126 ULONG AlpcReceiveAttributeSet;
1127 };
1128 LIST_ENTRY AlpcWaitListEntry;
1129 KSEMAPHORE AlpcWaitSemaphore;
1130 ULONG CacheManagerCount;
1131 #endif
1132 } ETHREAD;
1133
1134 //
1135 // Executive Process (EPROCESS)
1136 //
1137 typedef struct _EPROCESS
1138 {
1139 KPROCESS Pcb;
1140 EX_PUSH_LOCK ProcessLock;
1141 LARGE_INTEGER CreateTime;
1142 LARGE_INTEGER ExitTime;
1143 EX_RUNDOWN_REF RundownProtect;
1144 HANDLE UniqueProcessId;
1145 LIST_ENTRY ActiveProcessLinks;
1146 SIZE_T QuotaUsage[3]; /* 0=PagedPool, 1=NonPagedPool, 2=Pagefile */
1147 SIZE_T QuotaPeak[3]; /* ditto */
1148 SIZE_T CommitCharge;
1149 SIZE_T PeakVirtualSize;
1150 SIZE_T VirtualSize;
1151 LIST_ENTRY SessionProcessLinks;
1152 PVOID DebugPort;
1153 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1154 union
1155 {
1156 PVOID ExceptionPortData;
1157 ULONG ExceptionPortValue;
1158 UCHAR ExceptionPortState:3;
1159 };
1160 #else
1161 PVOID ExceptionPort;
1162 #endif
1163 PHANDLE_TABLE ObjectTable;
1164 EX_FAST_REF Token;
1165 PFN_NUMBER WorkingSetPage;
1166 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1167 EX_PUSH_LOCK AddressCreationLock;
1168 PETHREAD RotateInProgress;
1169 #else
1170 KGUARDED_MUTEX AddressCreationLock;
1171 KSPIN_LOCK HyperSpaceLock;
1172 #endif
1173 PETHREAD ForkInProgress;
1174 ULONG_PTR HardwareTrigger;
1175 PMM_AVL_TABLE PhysicalVadRoot;
1176 PVOID CloneRoot;
1177 PFN_NUMBER NumberOfPrivatePages;
1178 PFN_NUMBER NumberOfLockedPages;
1179 PVOID *Win32Process;
1180 struct _EJOB *Job;
1181 PVOID SectionObject;
1182 PVOID SectionBaseAddress;
1183 PEPROCESS_QUOTA_BLOCK QuotaBlock;
1184 PPAGEFAULT_HISTORY WorkingSetWatch;
1185 PVOID Win32WindowStation;
1186 HANDLE InheritedFromUniqueProcessId;
1187 PVOID LdtInformation;
1188 PVOID VadFreeHint;
1189 PVOID VdmObjects;
1190 PVOID DeviceMap;
1191 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1192 PVOID EtwDataSource;
1193 PVOID FreeTebHint;
1194 #else
1195 PVOID Spare0[3];
1196 #endif
1197 union
1198 {
1199 HARDWARE_PTE PageDirectoryPte;
1200 ULONGLONG Filler;
1201 };
1202 PVOID Session;
1203 CHAR ImageFileName[16];
1204 LIST_ENTRY JobLinks;
1205 PVOID LockedPagesList;
1206 LIST_ENTRY ThreadListHead;
1207 PVOID SecurityPort;
1208 #ifdef _M_AMD64
1209 struct _WOW64_PROCESS *Wow64Process;
1210 #else
1211 PVOID PaeTop;
1212 #endif
1213 ULONG ActiveThreads;
1214 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1215 ULONG ImagePathHash;
1216 #else
1217 ACCESS_MASK GrantedAccess;
1218 #endif
1219 ULONG DefaultHardErrorProcessing;
1220 NTSTATUS LastThreadExitStatus;
1221 struct _PEB* Peb;
1222 EX_FAST_REF PrefetchTrace;
1223 LARGE_INTEGER ReadOperationCount;
1224 LARGE_INTEGER WriteOperationCount;
1225 LARGE_INTEGER OtherOperationCount;
1226 LARGE_INTEGER ReadTransferCount;
1227 LARGE_INTEGER WriteTransferCount;
1228 LARGE_INTEGER OtherTransferCount;
1229 SIZE_T CommitChargeLimit;
1230 SIZE_T CommitChargePeak;
1231 PVOID AweInfo;
1232 SE_AUDIT_PROCESS_CREATION_INFO SeAuditProcessCreationInfo;
1233 MMSUPPORT Vm;
1234 #ifdef _M_AMD64
1235 ULONG Spares[2];
1236 #else
1237 LIST_ENTRY MmProcessLinks;
1238 #endif
1239 ULONG ModifiedPageCount;
1240 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1241 union
1242 {
1243 struct
1244 {
1245 ULONG JobNotReallyActive:1;
1246 ULONG AccountingFolded:1;
1247 ULONG NewProcessReported:1;
1248 ULONG ExitProcessReported:1;
1249 ULONG ReportCommitChanges:1;
1250 ULONG LastReportMemory:1;
1251 ULONG ReportPhysicalPageChanges:1;
1252 ULONG HandleTableRundown:1;
1253 ULONG NeedsHandleRundown:1;
1254 ULONG RefTraceEnabled:1;
1255 ULONG NumaAware:1;
1256 ULONG ProtectedProcess:1;
1257 ULONG DefaultPagePriority:3;
1258 ULONG ProcessDeleteSelf:1;
1259 ULONG ProcessVerifierTarget:1;
1260 };
1261 ULONG Flags2;
1262 };
1263 #else
1264 ULONG JobStatus;
1265 #endif
1266 union
1267 {
1268 struct
1269 {
1270 ULONG CreateReported:1;
1271 ULONG NoDebugInherit:1;
1272 ULONG ProcessExiting:1;
1273 ULONG ProcessDelete:1;
1274 ULONG Wow64SplitPages:1;
1275 ULONG VmDeleted:1;
1276 ULONG OutswapEnabled:1;
1277 ULONG Outswapped:1;
1278 ULONG ForkFailed:1;
1279 ULONG Wow64VaSpace4Gb:1;
1280 ULONG AddressSpaceInitialized:2;
1281 ULONG SetTimerResolution:1;
1282 ULONG BreakOnTermination:1;
1283 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1284 ULONG DeprioritizeViews:1;
1285 #else
1286 ULONG SessionCreationUnderway:1;
1287 #endif
1288 ULONG WriteWatch:1;
1289 ULONG ProcessInSession:1;
1290 ULONG OverrideAddressSpace:1;
1291 ULONG HasAddressSpace:1;
1292 ULONG LaunchPrefetched:1;
1293 ULONG InjectInpageErrors:1;
1294 ULONG VmTopDown:1;
1295 ULONG ImageNotifyDone:1;
1296 ULONG PdeUpdateNeeded:1;
1297 ULONG VdmAllowed:1;
1298 ULONG SmapAllowed:1;
1299 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1300 ULONG ProcessInserted:1;
1301 #else
1302 ULONG CreateFailed:1;
1303 #endif
1304 ULONG DefaultIoPriority:3;
1305 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1306 ULONG SparePsFlags1:2;
1307 #else
1308 ULONG Spare1:1;
1309 ULONG Spare2:1;
1310 #endif
1311 };
1312 ULONG Flags;
1313 };
1314 NTSTATUS ExitStatus;
1315 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1316 USHORT Spare7;
1317 #else
1318 USHORT NextPageColor;
1319 #endif
1320 union
1321 {
1322 struct
1323 {
1324 UCHAR SubSystemMinorVersion;
1325 UCHAR SubSystemMajorVersion;
1326 };
1327 USHORT SubSystemVersion;
1328 };
1329 UCHAR PriorityClass;
1330 MM_AVL_TABLE VadRoot;
1331 ULONG Cookie;
1332 } EPROCESS;
1333
1334 //
1335 // Job Token Filter Data
1336 //
1337 #include <pshpack1.h>
1338 typedef struct _PS_JOB_TOKEN_FILTER
1339 {
1340 ULONG CapturedSidCount;
1341 PSID_AND_ATTRIBUTES CapturedSids;
1342 ULONG CapturedSidsLength;
1343 ULONG CapturedGroupCount;
1344 PSID_AND_ATTRIBUTES CapturedGroups;
1345 ULONG CapturedGroupsLength;
1346 ULONG CapturedPrivilegeCount;
1347 PLUID_AND_ATTRIBUTES CapturedPrivileges;
1348 ULONG CapturedPrivilegesLength;
1349 } PS_JOB_TOKEN_FILTER, *PPS_JOB_TOKEN_FILTER;
1350
1351 //
1352 // Executive Job (EJOB)
1353 //
1354 typedef struct _EJOB
1355 {
1356 KEVENT Event;
1357 LIST_ENTRY JobLinks;
1358 LIST_ENTRY ProcessListHead;
1359 ERESOURCE JobLock;
1360 LARGE_INTEGER TotalUserTime;
1361 LARGE_INTEGER TotalKernelTime;
1362 LARGE_INTEGER ThisPeriodTotalUserTime;
1363 LARGE_INTEGER ThisPeriodTotalKernelTime;
1364 ULONG TotalPageFaultCount;
1365 ULONG TotalProcesses;
1366 ULONG ActiveProcesses;
1367 ULONG TotalTerminatedProcesses;
1368 LARGE_INTEGER PerProcessUserTimeLimit;
1369 LARGE_INTEGER PerJobUserTimeLimit;
1370 ULONG LimitFlags;
1371 ULONG MinimumWorkingSetSize;
1372 ULONG MaximumWorkingSetSize;
1373 ULONG ActiveProcessLimit;
1374 ULONG Affinity;
1375 UCHAR PriorityClass;
1376 ULONG UIRestrictionsClass;
1377 ULONG SecurityLimitFlags;
1378 PVOID Token;
1379 PPS_JOB_TOKEN_FILTER Filter;
1380 ULONG EndOfJobTimeAction;
1381 PVOID CompletionPort;
1382 PVOID CompletionKey;
1383 ULONG SessionId;
1384 ULONG SchedulingClass;
1385 ULONGLONG ReadOperationCount;
1386 ULONGLONG WriteOperationCount;
1387 ULONGLONG OtherOperationCount;
1388 ULONGLONG ReadTransferCount;
1389 ULONGLONG WriteTransferCount;
1390 ULONGLONG OtherTransferCount;
1391 IO_COUNTERS IoInfo;
1392 ULONG ProcessMemoryLimit;
1393 ULONG JobMemoryLimit;
1394 ULONG PeakProcessMemoryUsed;
1395 ULONG PeakJobMemoryUsed;
1396 ULONG CurrentJobMemoryUsed;
1397 #if (NTDDI_VERSION >= NTDDI_WINXP) && (NTDDI_VERSION < NTDDI_WS03)
1398 FAST_MUTEX MemoryLimitsLock;
1399 #elif (NTDDI_VERSION >= NTDDI_WS03) && (NTDDI_VERSION < NTDDI_LONGHORN)
1400 KGUARDED_MUTEX MemoryLimitsLock;
1401 #elif (NTDDI_VERSION >= NTDDI_LONGHORN)
1402 EX_PUSH_LOCK MemoryLimitsLock;
1403 #endif
1404 LIST_ENTRY JobSetLinks;
1405 ULONG MemberLevel;
1406 ULONG JobFlags;
1407 } EJOB, *PEJOB;
1408 #include <poppack.h>
1409
1410 //
1411 // Win32K Callback Registration Data
1412 //
1413 typedef struct _WIN32_POWEREVENT_PARAMETERS
1414 {
1415 PSPOWEREVENTTYPE EventNumber;
1416 ULONG Code;
1417 } WIN32_POWEREVENT_PARAMETERS, *PWIN32_POWEREVENT_PARAMETERS;
1418
1419 typedef struct _WIN32_POWERSTATE_PARAMETERS
1420 {
1421 UCHAR Promotion;
1422 POWER_ACTION SystemAction;
1423 SYSTEM_POWER_STATE MinSystemState;
1424 ULONG Flags;
1425 POWERSTATETASK PowerStateTask;
1426 } WIN32_POWERSTATE_PARAMETERS, *PWIN32_POWERSTATE_PARAMETERS;
1427
1428 typedef struct _WIN32_JOBCALLOUT_PARAMETERS
1429 {
1430 PVOID Job;
1431 PSW32JOBCALLOUTTYPE CalloutType;
1432 PVOID Data;
1433 } WIN32_JOBCALLOUT_PARAMETERS, *PWIN32_JOBCALLOUT_PARAMETERS;
1434
1435 typedef struct _WIN32_OPENMETHOD_PARAMETERS
1436 {
1437 OB_OPEN_REASON OpenReason;
1438 PEPROCESS Process;
1439 PVOID Object;
1440 ULONG GrantedAccess;
1441 ULONG HandleCount;
1442 } WIN32_OPENMETHOD_PARAMETERS, *PWIN32_OPENMETHOD_PARAMETERS;
1443
1444 typedef struct _WIN32_OKAYTOCLOSEMETHOD_PARAMETERS
1445 {
1446 PEPROCESS Process;
1447 PVOID Object;
1448 HANDLE Handle;
1449 KPROCESSOR_MODE PreviousMode;
1450 } WIN32_OKAYTOCLOSEMETHOD_PARAMETERS, *PWIN32_OKAYTOCLOSEMETHOD_PARAMETERS;
1451
1452 typedef struct _WIN32_CLOSEMETHOD_PARAMETERS
1453 {
1454 PEPROCESS Process;
1455 PVOID Object;
1456 ACCESS_MASK AccessMask;
1457 ULONG ProcessHandleCount;
1458 ULONG SystemHandleCount;
1459 } WIN32_CLOSEMETHOD_PARAMETERS, *PWIN32_CLOSEMETHOD_PARAMETERS;
1460
1461 typedef struct _WIN32_DELETEMETHOD_PARAMETERS
1462 {
1463 PVOID Object;
1464 } WIN32_DELETEMETHOD_PARAMETERS, *PWIN32_DELETEMETHOD_PARAMETERS;
1465
1466 typedef struct _WIN32_PARSEMETHOD_PARAMETERS
1467 {
1468 PVOID ParseObject;
1469 PVOID ObjectType;
1470 PACCESS_STATE AccessState;
1471 KPROCESSOR_MODE AccessMode;
1472 ULONG Attributes;
1473 _Out_ PUNICODE_STRING CompleteName;
1474 PUNICODE_STRING RemainingName;
1475 PVOID Context;
1476 PSECURITY_QUALITY_OF_SERVICE SecurityQos;
1477 PVOID *Object;
1478 } WIN32_PARSEMETHOD_PARAMETERS, *PWIN32_PARSEMETHOD_PARAMETERS;
1479
1480 typedef struct _WIN32_CALLOUTS_FPNS
1481 {
1482 PKWIN32_PROCESS_CALLOUT ProcessCallout;
1483 PKWIN32_THREAD_CALLOUT ThreadCallout;
1484 PKWIN32_GLOBALATOMTABLE_CALLOUT GlobalAtomTableCallout;
1485 PKWIN32_POWEREVENT_CALLOUT PowerEventCallout;
1486 PKWIN32_POWERSTATE_CALLOUT PowerStateCallout;
1487 PKWIN32_JOB_CALLOUT JobCallout;
1488 PGDI_BATCHFLUSH_ROUTINE BatchFlushRoutine;
1489 PKWIN32_SESSION_CALLOUT DesktopOpenProcedure;
1490 PKWIN32_SESSION_CALLOUT DesktopOkToCloseProcedure;
1491 PKWIN32_SESSION_CALLOUT DesktopCloseProcedure;
1492 PKWIN32_SESSION_CALLOUT DesktopDeleteProcedure;
1493 PKWIN32_SESSION_CALLOUT WindowStationOkToCloseProcedure;
1494 PKWIN32_SESSION_CALLOUT WindowStationCloseProcedure;
1495 PKWIN32_SESSION_CALLOUT WindowStationDeleteProcedure;
1496 PKWIN32_SESSION_CALLOUT WindowStationParseProcedure;
1497 PKWIN32_SESSION_CALLOUT WindowStationOpenProcedure;
1498 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1499 PKWIN32_WIN32DATACOLLECTION_CALLOUT Win32DataCollectionProcedure;
1500 #endif
1501 } WIN32_CALLOUTS_FPNS, *PWIN32_CALLOUTS_FPNS;
1502
1503 #endif // !NTOS_MODE_USER
1504
1505 #ifdef __cplusplus
1506 }; // extern "C"
1507 #endif
1508
1509 #endif // _PSTYPES_H