3 Copyright (c) Alex Ionescu. All rights reserved.
11 Type definitions for the Process Manager
15 Alex Ionescu (alexi@tinykrnl.org) - Updated - 27-Feb-2006
30 #ifndef NTOS_MODE_USER
39 #ifndef NTOS_MODE_USER
42 // Kernel Exported Object Types
44 extern POBJECT_TYPE NTSYSAPI PsJobType
;
46 #endif // !NTOS_MODE_USER
49 // KUSER_SHARED_DATA location in User Mode
51 #define USER_SHARED_DATA (0x7FFE0000)
56 #define FLG_STOP_ON_EXCEPTION 0x00000001
57 #define FLG_SHOW_LDR_SNAPS 0x00000002
58 #define FLG_DEBUG_INITIAL_COMMAND 0x00000004
59 #define FLG_STOP_ON_HUNG_GUI 0x00000008
60 #define FLG_HEAP_ENABLE_TAIL_CHECK 0x00000010
61 #define FLG_HEAP_ENABLE_FREE_CHECK 0x00000020
62 #define FLG_HEAP_VALIDATE_PARAMETERS 0x00000040
63 #define FLG_HEAP_VALIDATE_ALL 0x00000080
64 #define FLG_POOL_ENABLE_TAIL_CHECK 0x00000100
65 #define FLG_POOL_ENABLE_FREE_CHECK 0x00000200
66 #define FLG_POOL_ENABLE_TAGGING 0x00000400
67 #define FLG_HEAP_ENABLE_TAGGING 0x00000800
68 #define FLG_USER_STACK_TRACE_DB 0x00001000
69 #define FLG_KERNEL_STACK_TRACE_DB 0x00002000
70 #define FLG_MAINTAIN_OBJECT_TYPELIST 0x00004000
71 #define FLG_HEAP_ENABLE_TAG_BY_DLL 0x00008000
72 #define FLG_DISABLE_STACK_EXTENSION 0x00010000
73 #define FLG_ENABLE_CSRDEBUG 0x00020000
74 #define FLG_ENABLE_KDEBUG_SYMBOL_LOAD 0x00040000
75 #define FLG_DISABLE_PAGE_KERNEL_STACKS 0x00080000
76 #if (NTDDI_VERSION < NTDDI_WINXP)
77 #define FLG_HEAP_ENABLE_CALL_TRACING 0x00100000
79 #define FLG_ENABLE_SYSTEM_CRIT_BREAKS 0x00100000
81 #define FLG_HEAP_DISABLE_COALESCING 0x00200000
82 #define FLG_ENABLE_CLOSE_EXCEPTIONS 0x00400000
83 #define FLG_ENABLE_EXCEPTION_LOGGING 0x00800000
84 #define FLG_ENABLE_HANDLE_TYPE_TAGGING 0x01000000
85 #define FLG_HEAP_PAGE_ALLOCS 0x02000000
86 #define FLG_DEBUG_INITIAL_COMMAND_EX 0x04000000
87 #define FLG_VALID_BITS 0x07FFFFFF
90 // Flags for NtCreateProcessEx
92 #define PROCESS_CREATE_FLAGS_BREAKAWAY 0x00000001
93 #define PROCESS_CREATE_FLAGS_NO_DEBUG_INHERIT 0x00000002
94 #define PROCESS_CREATE_FLAGS_INHERIT_HANDLES 0x00000004
95 #define PROCESS_CREATE_FLAGS_OVERRIDE_ADDRESS_SPACE 0x00000008
96 #define PROCESS_CREATE_FLAGS_LARGE_PAGES 0x00000010
97 #define PROCESS_CREATE_FLAGS_ALL_LARGE_PAGE_FLAGS PROCESS_CREATE_FLAGS_LARGE_PAGES
98 #define PROCESS_CREATE_FLAGS_LEGAL_MASK (PROCESS_CREATE_FLAGS_BREAKAWAY | \
99 PROCESS_CREATE_FLAGS_NO_DEBUG_INHERIT | \
100 PROCESS_CREATE_FLAGS_INHERIT_HANDLES | \
101 PROCESS_CREATE_FLAGS_OVERRIDE_ADDRESS_SPACE | \
102 PROCESS_CREATE_FLAGS_ALL_LARGE_PAGE_FLAGS)
105 // Process priority classes
107 #define PROCESS_PRIORITY_CLASS_INVALID 0
108 #define PROCESS_PRIORITY_CLASS_IDLE 1
109 #define PROCESS_PRIORITY_CLASS_NORMAL 2
110 #define PROCESS_PRIORITY_CLASS_HIGH 3
111 #define PROCESS_PRIORITY_CLASS_REALTIME 4
112 #define PROCESS_PRIORITY_CLASS_BELOW_NORMAL 5
113 #define PROCESS_PRIORITY_CLASS_ABOVE_NORMAL 6
116 // Process base priorities
118 #define PROCESS_PRIORITY_IDLE 3
119 #define PROCESS_PRIORITY_NORMAL 8
120 #define PROCESS_PRIORITY_NORMAL_FOREGROUND 9
123 // Process memory priorities
125 #define MEMORY_PRIORITY_BACKGROUND 0
126 #define MEMORY_PRIORITY_UNKNOWN 1
127 #define MEMORY_PRIORITY_FOREGROUND 2
130 // Process Priority Separation Values (OR)
132 #define PSP_DEFAULT_QUANTUMS 0x00
133 #define PSP_VARIABLE_QUANTUMS 0x04
134 #define PSP_FIXED_QUANTUMS 0x08
135 #define PSP_LONG_QUANTUMS 0x10
136 #define PSP_SHORT_QUANTUMS 0x20
138 #ifndef NTOS_MODE_USER
140 // Thread Access Types
142 #define THREAD_QUERY_INFORMATION 0x0040
143 #define THREAD_SET_THREAD_TOKEN 0x0080
144 #define THREAD_IMPERSONATE 0x0100
145 #define THREAD_DIRECT_IMPERSONATION 0x0200
148 // Process Access Types
150 #define PROCESS_TERMINATE 0x0001
151 #define PROCESS_CREATE_THREAD 0x0002
152 #define PROCESS_SET_SESSIONID 0x0004
153 #define PROCESS_VM_OPERATION 0x0008
154 #define PROCESS_VM_READ 0x0010
155 #define PROCESS_VM_WRITE 0x0020
156 #define PROCESS_CREATE_PROCESS 0x0080
157 #define PROCESS_SET_QUOTA 0x0100
158 #define PROCESS_SET_INFORMATION 0x0200
159 #define PROCESS_QUERY_INFORMATION 0x0400
160 #define PROCESS_SUSPEND_RESUME 0x0800
161 #define PROCESS_QUERY_LIMITED_INFORMATION 0x1000
162 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
163 #define PROCESS_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | \
167 #define PROCESS_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | \
173 // Thread Base Priorities
175 #define THREAD_BASE_PRIORITY_LOWRT 15
176 #define THREAD_BASE_PRIORITY_MAX 2
177 #define THREAD_BASE_PRIORITY_MIN -2
178 #define THREAD_BASE_PRIORITY_IDLE -15
183 #define TLS_MINIMUM_AVAILABLE 64
186 // TEB Active Frame Flags
188 #define TEB_ACTIVE_FRAME_CONTEXT_FLAG_EXTENDED 0x1
193 #define JOB_OBJECT_ASSIGN_PROCESS 0x1
194 #define JOB_OBJECT_SET_ATTRIBUTES 0x2
195 #define JOB_OBJECT_QUERY 0x4
196 #define JOB_OBJECT_TERMINATE 0x8
197 #define JOB_OBJECT_SET_SECURITY_ATTRIBUTES 0x10
198 #define JOB_OBJECT_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | \
205 #define JOB_OBJECT_LIMIT_WORKINGSET 0x1
206 #define JOB_OBJECT_LIMIT_PROCESS_TIME 0x2
207 #define JOB_OBJECT_LIMIT_JOB_TIME 0x4
208 #define JOB_OBJECT_LIMIT_ACTIVE_PROCESS 0x8
209 #define JOB_OBJECT_LIMIT_AFFINITY 0x10
210 #define JOB_OBJECT_LIMIT_PRIORITY_CLASS 0x20
211 #define JOB_OBJECT_LIMIT_PRESERVE_JOB_TIME 0x40
212 #define JOB_OBJECT_LIMIT_SCHEDULING_CLASS 0x80
213 #define JOB_OBJECT_LIMIT_PROCESS_MEMORY 0x100
214 #define JOB_OBJECT_LIMIT_JOB_MEMORY 0x200
215 #define JOB_OBJECT_LIMIT_DIE_ON_UNHANDLED_EXCEPTION 0x400
216 #define JOB_OBJECT_LIMIT_BREAKAWAY_OK 0x800
217 #define JOB_OBJECT_LIMIT_SILENT_BREAKAWAY_OK 0x1000
218 #define JOB_OBJECT_LIMIT_KILL_ON_JOB_CLOSE 0x2000
221 // Cross Thread Flags
223 #define CT_TERMINATED_BIT 0x1
224 #define CT_DEAD_THREAD_BIT 0x2
225 #define CT_HIDE_FROM_DEBUGGER_BIT 0x4
226 #define CT_ACTIVE_IMPERSONATION_INFO_BIT 0x8
227 #define CT_SYSTEM_THREAD_BIT 0x10
228 #define CT_HARD_ERRORS_ARE_DISABLED_BIT 0x20
229 #define CT_BREAK_ON_TERMINATION_BIT 0x40
230 #define CT_SKIP_CREATION_MSG_BIT 0x80
231 #define CT_SKIP_TERMINATION_MSG_BIT 0x100
234 // Same Thread Passive Flags
236 #define STP_ACTIVE_EX_WORKER_BIT 0x1
237 #define STP_EX_WORKER_CAN_WAIT_USER_BIT 0x2
238 #define STP_MEMORY_MAKER_BIT 0x4
239 #define STP_KEYED_EVENT_IN_USE_BIT 0x8
242 // Same Thread APC Flags
244 #define STA_LPC_RECEIVED_MSG_ID_VALID_BIT 0x1
245 #define STA_LPC_EXIT_THREAD_CALLED_BIT 0x2
246 #define STA_ADDRESS_SPACE_OWNER_BIT 0x4
247 #define STA_OWNS_WORKING_SET_BITS 0x1F8
250 // Kernel Process flags (maybe in ketypes.h?)
252 #define KPSF_AUTO_ALIGNMENT_BIT 0
253 #define KPSF_DISABLE_BOOST_BIT 1
258 #define PSF_CREATE_REPORTED_BIT 0x1
259 #define PSF_NO_DEBUG_INHERIT_BIT 0x2
260 #define PSF_PROCESS_EXITING_BIT 0x4
261 #define PSF_PROCESS_DELETE_BIT 0x8
262 #define PSF_WOW64_SPLIT_PAGES_BIT 0x10
263 #define PSF_VM_DELETED_BIT 0x20
264 #define PSF_OUTSWAP_ENABLED_BIT 0x40
265 #define PSF_OUTSWAPPED_BIT 0x80
266 #define PSF_FORK_FAILED_BIT 0x100
267 #define PSF_WOW64_VA_SPACE_4GB_BIT 0x200
268 #define PSF_ADDRESS_SPACE_INITIALIZED_BIT 0x400
269 #define PSF_SET_TIMER_RESOLUTION_BIT 0x1000
270 #define PSF_BREAK_ON_TERMINATION_BIT 0x2000
271 #define PSF_SESSION_CREATION_UNDERWAY_BIT 0x4000
272 #define PSF_WRITE_WATCH_BIT 0x8000
273 #define PSF_PROCESS_IN_SESSION_BIT 0x10000
274 #define PSF_OVERRIDE_ADDRESS_SPACE_BIT 0x20000
275 #define PSF_HAS_ADDRESS_SPACE_BIT 0x40000
276 #define PSF_LAUNCH_PREFETCHED_BIT 0x80000
277 #define PSF_INJECT_INPAGE_ERRORS_BIT 0x100000
278 #define PSF_VM_TOP_DOWN_BIT 0x200000
279 #define PSF_IMAGE_NOTIFY_DONE_BIT 0x400000
280 #define PSF_PDE_UPDATE_NEEDED_BIT 0x800000
281 #define PSF_VDM_ALLOWED_BIT 0x1000000
282 #define PSF_SWAP_ALLOWED_BIT 0x2000000
283 #define PSF_CREATE_FAILED_BIT 0x4000000
284 #define PSF_DEFAULT_IO_PRIORITY_BIT 0x8000000
287 // Vista Process Flags
289 #define PSF2_PROTECTED_BIT 0x800
295 #define TLS_EXPANSION_SLOTS 1024
297 #ifdef NTOS_MODE_USER
299 // Thread Native Base Priorities
301 #define LOW_PRIORITY 0
302 #define LOW_REALTIME_PRIORITY 16
303 #define HIGH_PRIORITY 31
304 #define MAXIMUM_PRIORITY 32
307 // Current Process/Thread built-in 'special' handles
309 #define NtCurrentProcess() ((HANDLE)(LONG_PTR)-1)
310 #define ZwCurrentProcess() NtCurrentProcess()
311 #define NtCurrentThread() ((HANDLE)(LONG_PTR)-2)
312 #define ZwCurrentThread() NtCurrentThread()
315 // Process/Thread/Job Information Classes for NtQueryInformationProcess/Thread/Job
317 typedef enum _PROCESSINFOCLASS
319 ProcessBasicInformation
,
325 ProcessRaisePriority
,
327 ProcessExceptionPort
,
329 ProcessLdtInformation
,
331 ProcessDefaultHardErrorMode
,
332 ProcessIoPortHandlers
,
333 ProcessPooledUsageAndLimits
,
334 ProcessWorkingSetWatch
,
336 ProcessEnableAlignmentFaultFixup
,
337 ProcessPriorityClass
,
338 ProcessWx86Information
,
341 ProcessPriorityBoost
,
343 ProcessSessionInformation
,
344 ProcessForegroundInformation
,
345 ProcessWow64Information
,
346 ProcessImageFileName
,
347 ProcessLUIDDeviceMapsEnabled
,
348 ProcessBreakOnTermination
,
349 ProcessDebugObjectHandle
,
351 ProcessHandleTracing
,
354 ProcessTlsInformation
,
356 ProcessImageInformation
,
359 ProcessInstrumentationCallback
,
360 ProcessThreadStackAllocation
,
361 ProcessWorkingSetWatchEx
,
362 ProcessImageFileNameWin32
,
363 ProcessImageFileMapping
,
364 ProcessAffinityUpdateMode
,
365 ProcessMemoryAllocationMode
,
369 typedef enum _THREADINFOCLASS
371 ThreadBasicInformation
,
376 ThreadImpersonationToken
,
377 ThreadDescriptorTableEntry
,
378 ThreadEnableAlignmentFaultFixup
,
379 ThreadEventPair_Reusable
,
380 ThreadQuerySetWin32StartAddress
,
382 ThreadPerformanceCount
,
384 ThreadIdealProcessor
,
386 ThreadSetTlsArrayAddress
,
388 ThreadHideFromDebugger
,
389 ThreadBreakOnTermination
,
390 ThreadSwitchLegacyState
,
392 ThreadLastSystemCall
,
396 ThreadActualBasePriority
,
397 ThreadTebInformation
,
404 typedef enum _PSPROCESSPRIORITYMODE
406 PsProcessPriorityForeground
,
407 PsProcessPriorityBackground
,
408 PsProcessPrioritySpinning
409 } PSPROCESSPRIORITYMODE
;
411 typedef enum _JOBOBJECTINFOCLASS
413 JobObjectBasicAccountingInformation
= 1,
414 JobObjectBasicLimitInformation
,
415 JobObjectBasicProcessIdList
,
416 JobObjectBasicUIRestrictions
,
417 JobObjectSecurityLimitInformation
,
418 JobObjectEndOfJobTimeInformation
,
419 JobObjectAssociateCompletionPortInformation
,
420 JobObjectBasicAndIoAccountingInformation
,
421 JobObjectExtendedLimitInformation
,
422 JobObjectJobSetInformation
,
423 MaxJobObjectInfoClass
424 } JOBOBJECTINFOCLASS
;
427 // Power Event Events for Win32K Power Event Callback
429 typedef enum _PSPOWEREVENTTYPE
433 PsW32PowerPolicyChanged
= 2,
434 PsW32SystemPowerState
= 3,
436 PsW32DisplayState
= 5,
437 PsW32CapabilitiesChanged
= 6,
438 PsW32SetStateFailed
= 7,
441 PsW32GdiPrepareResumeUI
= 10,
442 PsW32GdiOffRequest
= 11,
443 PsW32MonitorOff
= 12,
447 // Power State Tasks for Win32K Power State Callback
449 typedef enum _POWERSTATETASK
451 PowerState_BlockSessionSwitch
= 0,
453 PowerState_QueryApps
= 2,
454 PowerState_QueryServices
= 3,
455 PowerState_QueryAppsFailed
= 4,
456 PowerState_QueryServicesFailed
= 5,
457 PowerState_SuspendApps
= 6,
458 PowerState_SuspendServices
= 7,
459 PowerState_ShowUI
= 8,
460 PowerState_NotifyWL
= 9,
461 PowerState_ResumeApps
= 10,
462 PowerState_ResumeServices
= 11,
463 PowerState_UnBlockSessionSwitch
= 12,
465 PowerState_BlockInput
= 14,
466 PowerState_UnblockInput
= 15,
470 // Win32K Job Callback Types
472 typedef enum _PSW32JOBCALLOUTTYPE
474 PsW32JobCalloutSetInformation
= 0,
475 PsW32JobCalloutAddProcess
= 1,
476 PsW32JobCalloutTerminate
= 2,
477 } PSW32JOBCALLOUTTYPE
;
480 // Win32K Thread Callback Types
482 typedef enum _PSW32THREADCALLOUTTYPE
484 PsW32ThreadCalloutInitialize
,
485 PsW32ThreadCalloutExit
,
486 } PSW32THREADCALLOUTTYPE
;
489 // Declare empty structure definitions so that they may be referenced by
490 // routines before they are defined
495 struct _WIN32_POWEREVENT_PARAMETERS
;
496 struct _WIN32_POWERSTATE_PARAMETERS
;
497 struct _WIN32_JOBCALLOUT_PARAMETERS
;
498 struct _WIN32_OPENMETHOD_PARAMETERS
;
499 struct _WIN32_OKAYTOCLOSEMETHOD_PARAMETERS
;
500 struct _WIN32_CLOSEMETHOD_PARAMETERS
;
501 struct _WIN32_DELETEMETHOD_PARAMETERS
;
502 struct _WIN32_PARSEMETHOD_PARAMETERS
;
505 // Win32K Process and Thread Callbacks
509 (NTAPI
*PKWIN32_PROCESS_CALLOUT
)(
510 _In_
struct _EPROCESS
*Process
,
516 (NTAPI
*PKWIN32_THREAD_CALLOUT
)(
517 _In_
struct _ETHREAD
*Thread
,
518 _In_ PSW32THREADCALLOUTTYPE Type
523 (NTAPI
*PKWIN32_GLOBALATOMTABLE_CALLOUT
)(
529 (NTAPI
*PKWIN32_POWEREVENT_CALLOUT
)(
530 _In_
struct _WIN32_POWEREVENT_PARAMETERS
*Parameters
535 (NTAPI
*PKWIN32_POWERSTATE_CALLOUT
)(
536 _In_
struct _WIN32_POWERSTATE_PARAMETERS
*Parameters
541 (NTAPI
*PKWIN32_JOB_CALLOUT
)(
542 _In_
struct _WIN32_JOBCALLOUT_PARAMETERS
*Parameters
547 (NTAPI
*PGDI_BATCHFLUSH_ROUTINE
)(
553 (NTAPI
*PKWIN32_OPENMETHOD_CALLOUT
)(
554 _In_
struct _WIN32_OPENMETHOD_PARAMETERS
*Parameters
559 (NTAPI
*PKWIN32_OKTOCLOSEMETHOD_CALLOUT
)(
560 _In_
struct _WIN32_OKAYTOCLOSEMETHOD_PARAMETERS
*Parameters
565 (NTAPI
*PKWIN32_CLOSEMETHOD_CALLOUT
)(
566 _In_
struct _WIN32_CLOSEMETHOD_PARAMETERS
*Parameters
571 (NTAPI
*PKWIN32_DELETEMETHOD_CALLOUT
)(
572 _In_
struct _WIN32_DELETEMETHOD_PARAMETERS
*Parameters
577 (NTAPI
*PKWIN32_PARSEMETHOD_CALLOUT
)(
578 _In_
struct _WIN32_PARSEMETHOD_PARAMETERS
*Parameters
583 (NTAPI
*PKWIN32_SESSION_CALLOUT
)(
587 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
590 (NTAPI
*PKWIN32_WIN32DATACOLLECTION_CALLOUT
)(
591 _In_
struct _EPROCESS
*Process
,
602 (NTAPI
*PLEGO_NOTIFY_ROUTINE
)(
609 (NTAPI
*PPOST_PROCESS_INIT_ROUTINE
)(
614 // Descriptor Table Entry Definition
617 #define _DESCRIPTOR_TABLE_ENTRY_DEFINED
618 typedef struct _DESCRIPTOR_TABLE_ENTRY
621 LDT_ENTRY Descriptor
;
622 } DESCRIPTOR_TABLE_ENTRY
, *PDESCRIPTOR_TABLE_ENTRY
;
629 (NTAPI
*PPEBLOCKROUTINE
)(
634 // PEB Free Block Descriptor
636 typedef struct _PEB_FREE_BLOCK
638 struct _PEB_FREE_BLOCK
* Next
;
640 } PEB_FREE_BLOCK
, *PPEB_FREE_BLOCK
;
645 typedef struct _INITIAL_PEB
647 BOOLEAN InheritedAddressSpace
;
648 BOOLEAN ReadImageFileExecOptions
;
649 BOOLEAN BeingDebugged
;
653 #if (NTDDI_VERSION >= NTDDI_WS03)
656 BOOLEAN ImageUsesLargePages
:1;
657 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
658 BOOLEAN IsProtectedProcess
:1;
659 BOOLEAN IsLegacyProcess
:1;
670 } INITIAL_PEB
, *PINITIAL_PEB
;
675 typedef struct _INITIAL_TEB
677 PVOID PreviousStackBase
;
678 PVOID PreviousStackLimit
;
681 PVOID AllocatedStackBase
;
682 } INITIAL_TEB
, *PINITIAL_TEB
;
685 // TEB Active Frame Structures
687 typedef struct _TEB_ACTIVE_FRAME_CONTEXT
691 } TEB_ACTIVE_FRAME_CONTEXT
, *PTEB_ACTIVE_FRAME_CONTEXT
;
692 typedef const struct _TEB_ACTIVE_FRAME_CONTEXT
*PCTEB_ACTIVE_FRAME_CONTEXT
;
694 typedef struct _TEB_ACTIVE_FRAME_CONTEXT_EX
696 TEB_ACTIVE_FRAME_CONTEXT BasicContext
;
697 PCSTR SourceLocation
;
698 } TEB_ACTIVE_FRAME_CONTEXT_EX
, *PTEB_ACTIVE_FRAME_CONTEXT_EX
;
699 typedef const struct _TEB_ACTIVE_FRAME_CONTEXT_EX
*PCTEB_ACTIVE_FRAME_CONTEXT_EX
;
701 typedef struct _TEB_ACTIVE_FRAME
704 struct _TEB_ACTIVE_FRAME
*Previous
;
705 PCTEB_ACTIVE_FRAME_CONTEXT Context
;
706 } TEB_ACTIVE_FRAME
, *PTEB_ACTIVE_FRAME
;
707 typedef const struct _TEB_ACTIVE_FRAME
*PCTEB_ACTIVE_FRAME
;
709 typedef struct _TEB_ACTIVE_FRAME_EX
711 TEB_ACTIVE_FRAME BasicFrame
;
712 PVOID ExtensionIdentifier
;
713 } TEB_ACTIVE_FRAME_EX
, *PTEB_ACTIVE_FRAME_EX
;
714 typedef const struct _TEB_ACTIVE_FRAME_EX
*PCTEB_ACTIVE_FRAME_EX
;
716 typedef struct _CLIENT_ID32
720 } CLIENT_ID32
, *PCLIENT_ID32
;
722 typedef struct _CLIENT_ID64
724 ULONG64 UniqueProcess
;
725 ULONG64 UniqueThread
;
726 } CLIENT_ID64
, *PCLIENT_ID64
;
728 #if (NTDDI_VERSION < NTDDI_WS03)
729 typedef struct _Wx86ThreadState
732 PVOID DeallocationCpu
;
733 BOOLEAN UseKnownWx86Dll
;
735 } Wx86ThreadState
, *PWx86ThreadState
;
739 // PEB.AppCompatFlags
740 // Tag FLAG_MASK_KERNEL
742 typedef enum _APPCOMPAT_FLAGS
744 GetShortPathNameNT4
= 0x1,
745 GetDiskFreeSpace2GB
= 0x8,
746 FTMFromCurrentAPI
= 0x20,
747 DisallowCOMBindingNotifications
= 0x40,
748 Ole32ValidatePointers
= 0x80,
749 DisableCicero
= 0x100,
750 Ole32EnableAsyncDocFile
= 0x200,
751 EnableLegacyExceptionHandlinginOLE
= 0x400,
752 DisableAdvanceRPCClientHardening
= 0x800,
753 DisableMaybeNULLSizeisConsistencycheck
= 0x1000,
754 DisableAdvancedRPCrangeCheck
= 0x4000,
755 EnableLegacyExceptionHandlingInRPC
= 0x8000,
756 EnableLegacyNTFSFlagsForDocfileOpens
= 0x10000,
757 DisableNDRIIDConsistencyCheck
= 0x20000,
758 UserDisableForwarderPatch
= 0x40000,
759 DisableNewWMPAINTDispatchInOLE
= 0x100000,
760 DoNotAddToCache
= 0x80000000,
765 // Process Environment Block (PEB)
766 // Thread Environment Block (TEB)
772 // Explicit 32 bit PEB/TEB
774 #define EXPLICIT_32BIT
776 #undef EXPLICIT_32BIT
779 // Explicit 64 bit PEB/TEB
781 #define EXPLICIT_64BIT
783 #undef EXPLICIT_64BIT
786 #ifdef NTOS_MODE_USER
789 // Process Information Structures for NtQueryProcessInformation
791 typedef struct _PROCESS_BASIC_INFORMATION
795 ULONG_PTR AffinityMask
;
796 KPRIORITY BasePriority
;
797 ULONG_PTR UniqueProcessId
;
798 ULONG_PTR InheritedFromUniqueProcessId
;
799 } PROCESS_BASIC_INFORMATION
, *PPROCESS_BASIC_INFORMATION
;
801 typedef struct _PROCESS_ACCESS_TOKEN
805 } PROCESS_ACCESS_TOKEN
, *PPROCESS_ACCESS_TOKEN
;
807 typedef struct _PROCESS_DEVICEMAP_INFORMATION
813 HANDLE DirectoryHandle
;
821 } PROCESS_DEVICEMAP_INFORMATION
, *PPROCESS_DEVICEMAP_INFORMATION
;
823 typedef struct _KERNEL_USER_TIMES
825 LARGE_INTEGER CreateTime
;
826 LARGE_INTEGER ExitTime
;
827 LARGE_INTEGER KernelTime
;
828 LARGE_INTEGER UserTime
;
829 } KERNEL_USER_TIMES
, *PKERNEL_USER_TIMES
;
831 typedef struct _POOLED_USAGE_AND_LIMITS
833 SIZE_T PeakPagedPoolUsage
;
834 SIZE_T PagedPoolUsage
;
835 SIZE_T PagedPoolLimit
;
836 SIZE_T PeakNonPagedPoolUsage
;
837 SIZE_T NonPagedPoolUsage
;
838 SIZE_T NonPagedPoolLimit
;
839 SIZE_T PeakPagefileUsage
;
840 SIZE_T PagefileUsage
;
841 SIZE_T PagefileLimit
;
842 } POOLED_USAGE_AND_LIMITS
, *PPOOLED_USAGE_AND_LIMITS
;
844 typedef struct _PROCESS_SESSION_INFORMATION
847 } PROCESS_SESSION_INFORMATION
, *PPROCESS_SESSION_INFORMATION
;
851 typedef struct _PROCESS_PRIORITY_CLASS
855 } PROCESS_PRIORITY_CLASS
, *PPROCESS_PRIORITY_CLASS
;
857 typedef struct _PROCESS_FOREGROUND_BACKGROUND
860 } PROCESS_FOREGROUND_BACKGROUND
, *PPROCESS_FOREGROUND_BACKGROUND
;
863 // Apphelp SHIM Cache
865 typedef enum _APPHELPCACHESERVICECLASS
867 ApphelpCacheServiceLookup
= 0,
868 ApphelpCacheServiceRemove
= 1,
869 ApphelpCacheServiceUpdate
= 2,
870 ApphelpCacheServiceFlush
= 3,
871 ApphelpCacheServiceDump
= 4,
873 ApphelpDBGReadRegistry
= 0x100,
874 ApphelpDBGWriteRegistry
= 0x101,
875 } APPHELPCACHESERVICECLASS
;
878 typedef struct _APPHELP_CACHE_SERVICE_LOOKUP
880 UNICODE_STRING ImageName
;
882 } APPHELP_CACHE_SERVICE_LOOKUP
, *PAPPHELP_CACHE_SERVICE_LOOKUP
;
886 // Thread Information Structures for NtQueryProcessInformation
888 typedef struct _THREAD_BASIC_INFORMATION
891 PVOID TebBaseAddress
;
893 KAFFINITY AffinityMask
;
895 KPRIORITY BasePriority
;
896 } THREAD_BASIC_INFORMATION
, *PTHREAD_BASIC_INFORMATION
;
898 #ifndef NTOS_MODE_USER
903 typedef struct _JOB_SET_ARRAY
908 } JOB_SET_ARRAY
, *PJOB_SET_ARRAY
;
911 // EPROCESS Quota Structures
913 typedef struct _EPROCESS_QUOTA_ENTRY
919 } EPROCESS_QUOTA_ENTRY
, *PEPROCESS_QUOTA_ENTRY
;
921 typedef struct _EPROCESS_QUOTA_BLOCK
923 EPROCESS_QUOTA_ENTRY QuotaEntry
[3];
924 LIST_ENTRY QuotaList
;
925 ULONG ReferenceCount
;
927 } EPROCESS_QUOTA_BLOCK
, *PEPROCESS_QUOTA_BLOCK
;
930 // Process Pagefault History
932 typedef struct _PAGEFAULT_HISTORY
938 PROCESS_WS_WATCH_INFORMATION WatchInfo
[1];
939 } PAGEFAULT_HISTORY
, *PPAGEFAULT_HISTORY
;
942 // Process Impersonation Information
944 typedef struct _PS_IMPERSONATION_INFORMATION
948 BOOLEAN EffectiveOnly
;
949 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
;
950 } PS_IMPERSONATION_INFORMATION
, *PPS_IMPERSONATION_INFORMATION
;
953 // Process Termination Port
955 typedef struct _TERMINATION_PORT
957 struct _TERMINATION_PORT
*Next
;
959 } TERMINATION_PORT
, *PTERMINATION_PORT
;
962 // Per-Process APC Rate Limiting
964 typedef struct _PSP_RATE_APC
968 SINGLE_LIST_ENTRY NextApc
;
969 ULONGLONG ExcessCycles
;
971 ULONGLONG TargetGEneration
;
973 } PSP_RATE_APC
, *PPSP_RATE_APC
;
976 // Executive Thread (ETHREAD)
978 typedef struct _ETHREAD
981 LARGE_INTEGER CreateTime
;
984 LARGE_INTEGER ExitTime
;
985 LIST_ENTRY LpcReplyChain
;
986 LIST_ENTRY KeyedWaitChain
;
993 LIST_ENTRY PostBlockList
;
996 struct _TERMINATION_PORT
*TerminationPort
;
997 struct _ETHREAD
*ReaperLink
;
998 PVOID KeyedWaitValue
;
999 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1000 PVOID Win32StartParameter
;
1003 KSPIN_LOCK ActiveTimerListLock
;
1004 LIST_ENTRY ActiveTimerListHead
;
1006 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1007 KSEMAPHORE KeyedWaitSemaphore
;
1011 KSEMAPHORE LpcReplySemaphore
;
1012 KSEMAPHORE KeyedWaitSemaphore
;
1016 PVOID LpcReplyMessage
;
1017 PVOID LpcWaitingOnPort
;
1020 PPS_IMPERSONATION_INFORMATION ImpersonationInfo
;
1022 ULONG_PTR TopLevelIrp
;
1023 PDEVICE_OBJECT DeviceToVerify
;
1024 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1025 PPSP_RATE_APC RateControlApc
;
1027 struct _EPROCESS
*ThreadsProcess
;
1029 PVOID Win32StartAddress
;
1032 PKSTART_ROUTINE StartAddress
;
1033 ULONG LpcReceivedMessageId
;
1035 LIST_ENTRY ThreadListEntry
;
1036 EX_RUNDOWN_REF RundownProtect
;
1037 EX_PUSH_LOCK ThreadLock
;
1038 #if (NTDDI_VERSION < NTDDI_LONGHORN)
1039 ULONG LpcReplyMessageId
;
1041 ULONG ReadClusterSize
;
1042 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1045 ACCESS_MASK GrantedAccess
;
1052 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1053 ULONG ThreadInserted
:1;
1057 ULONG HideFromDebugger
:1;
1058 ULONG ActiveImpersonationInfo
:1;
1059 ULONG SystemThread
:1;
1060 ULONG HardErrorsAreDisabled
:1;
1061 ULONG BreakOnTermination
:1;
1062 ULONG SkipCreationMsg
:1;
1063 ULONG SkipTerminationMsg
:1;
1064 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1065 ULONG CreateMsgSent
:1;
1066 ULONG ThreadIoPriority
:3;
1067 ULONG ThreadPagePriority
:3;
1068 ULONG PendingRatecontrol
:1;
1071 ULONG CrossThreadFlags
;
1077 ULONG ActiveExWorker
:1;
1078 ULONG ExWorkerCanWaitUser
:1;
1079 ULONG MemoryMaker
:1;
1080 ULONG KeyedEventInUse
:1;
1081 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1082 ULONG RateApcState
:2;
1085 ULONG SameThreadPassiveFlags
;
1091 ULONG LpcReceivedMsgIdValid
:1;
1092 ULONG LpcExitThreadCalled
:1;
1093 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1096 ULONG AddressSpaceOwner
:1;
1098 ULONG OwnsProcessWorkingSetExclusive
:1;
1099 ULONG OwnsProcessWorkingSetShared
:1;
1100 ULONG OwnsSystemWorkingSetExclusive
:1;
1101 ULONG OwnsSystemWorkingSetShared
:1;
1102 ULONG OwnsSessionWorkingSetExclusive
:1;
1103 ULONG OwnsSessionWorkingSetShared
:1;
1104 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1105 ULONG SuppressSymbolLoad
:1;
1107 ULONG PriorityRegionActive
:4;
1112 ULONG SameThreadApcFlags
;
1114 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1115 UCHAR CacheManagerActive
;
1117 UCHAR ForwardClusterOnly
;
1119 UCHAR DisablePageFaultClustering
;
1120 UCHAR ActiveFaultCount
;
1121 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1122 ULONG AlpcMessageId
;
1126 ULONG AlpcReceiveAttributeSet
;
1128 LIST_ENTRY AlpcWaitListEntry
;
1129 KSEMAPHORE AlpcWaitSemaphore
;
1130 ULONG CacheManagerCount
;
1135 // Executive Process (EPROCESS)
1137 typedef struct _EPROCESS
1140 EX_PUSH_LOCK ProcessLock
;
1141 LARGE_INTEGER CreateTime
;
1142 LARGE_INTEGER ExitTime
;
1143 EX_RUNDOWN_REF RundownProtect
;
1144 HANDLE UniqueProcessId
;
1145 LIST_ENTRY ActiveProcessLinks
;
1146 SIZE_T QuotaUsage
[3]; /* 0=PagedPool, 1=NonPagedPool, 2=Pagefile */
1147 SIZE_T QuotaPeak
[3]; /* ditto */
1148 SIZE_T CommitCharge
;
1149 SIZE_T PeakVirtualSize
;
1151 LIST_ENTRY SessionProcessLinks
;
1153 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1156 PVOID ExceptionPortData
;
1157 ULONG ExceptionPortValue
;
1158 UCHAR ExceptionPortState
:3;
1161 PVOID ExceptionPort
;
1163 PHANDLE_TABLE ObjectTable
;
1165 PFN_NUMBER WorkingSetPage
;
1166 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1167 EX_PUSH_LOCK AddressCreationLock
;
1168 PETHREAD RotateInProgress
;
1170 KGUARDED_MUTEX AddressCreationLock
;
1171 KSPIN_LOCK HyperSpaceLock
;
1173 PETHREAD ForkInProgress
;
1174 ULONG_PTR HardwareTrigger
;
1175 PMM_AVL_TABLE PhysicalVadRoot
;
1177 PFN_NUMBER NumberOfPrivatePages
;
1178 PFN_NUMBER NumberOfLockedPages
;
1179 PVOID
*Win32Process
;
1181 PVOID SectionObject
;
1182 PVOID SectionBaseAddress
;
1183 PEPROCESS_QUOTA_BLOCK QuotaBlock
;
1184 PPAGEFAULT_HISTORY WorkingSetWatch
;
1185 PVOID Win32WindowStation
;
1186 HANDLE InheritedFromUniqueProcessId
;
1187 PVOID LdtInformation
;
1191 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1192 PVOID EtwDataSource
;
1199 HARDWARE_PTE PageDirectoryPte
;
1203 CHAR ImageFileName
[16];
1204 LIST_ENTRY JobLinks
;
1205 PVOID LockedPagesList
;
1206 LIST_ENTRY ThreadListHead
;
1209 struct _WOW64_PROCESS
*Wow64Process
;
1213 ULONG ActiveThreads
;
1214 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1215 ULONG ImagePathHash
;
1217 ACCESS_MASK GrantedAccess
;
1219 ULONG DefaultHardErrorProcessing
;
1220 NTSTATUS LastThreadExitStatus
;
1222 EX_FAST_REF PrefetchTrace
;
1223 LARGE_INTEGER ReadOperationCount
;
1224 LARGE_INTEGER WriteOperationCount
;
1225 LARGE_INTEGER OtherOperationCount
;
1226 LARGE_INTEGER ReadTransferCount
;
1227 LARGE_INTEGER WriteTransferCount
;
1228 LARGE_INTEGER OtherTransferCount
;
1229 SIZE_T CommitChargeLimit
;
1230 SIZE_T CommitChargePeak
;
1232 SE_AUDIT_PROCESS_CREATION_INFO SeAuditProcessCreationInfo
;
1237 LIST_ENTRY MmProcessLinks
;
1239 ULONG ModifiedPageCount
;
1240 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1245 ULONG JobNotReallyActive
:1;
1246 ULONG AccountingFolded
:1;
1247 ULONG NewProcessReported
:1;
1248 ULONG ExitProcessReported
:1;
1249 ULONG ReportCommitChanges
:1;
1250 ULONG LastReportMemory
:1;
1251 ULONG ReportPhysicalPageChanges
:1;
1252 ULONG HandleTableRundown
:1;
1253 ULONG NeedsHandleRundown
:1;
1254 ULONG RefTraceEnabled
:1;
1256 ULONG ProtectedProcess
:1;
1257 ULONG DefaultPagePriority
:3;
1258 ULONG ProcessDeleteSelf
:1;
1259 ULONG ProcessVerifierTarget
:1;
1270 ULONG CreateReported
:1;
1271 ULONG NoDebugInherit
:1;
1272 ULONG ProcessExiting
:1;
1273 ULONG ProcessDelete
:1;
1274 ULONG Wow64SplitPages
:1;
1276 ULONG OutswapEnabled
:1;
1279 ULONG Wow64VaSpace4Gb
:1;
1280 ULONG AddressSpaceInitialized
:2;
1281 ULONG SetTimerResolution
:1;
1282 ULONG BreakOnTermination
:1;
1283 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1284 ULONG DeprioritizeViews
:1;
1286 ULONG SessionCreationUnderway
:1;
1289 ULONG ProcessInSession
:1;
1290 ULONG OverrideAddressSpace
:1;
1291 ULONG HasAddressSpace
:1;
1292 ULONG LaunchPrefetched
:1;
1293 ULONG InjectInpageErrors
:1;
1295 ULONG ImageNotifyDone
:1;
1296 ULONG PdeUpdateNeeded
:1;
1298 ULONG SmapAllowed
:1;
1299 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1300 ULONG ProcessInserted
:1;
1302 ULONG CreateFailed
:1;
1304 ULONG DefaultIoPriority
:3;
1305 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1306 ULONG SparePsFlags1
:2;
1314 NTSTATUS ExitStatus
;
1315 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1318 USHORT NextPageColor
;
1324 UCHAR SubSystemMinorVersion
;
1325 UCHAR SubSystemMajorVersion
;
1327 USHORT SubSystemVersion
;
1329 UCHAR PriorityClass
;
1330 MM_AVL_TABLE VadRoot
;
1335 // Job Token Filter Data
1337 #include <pshpack1.h>
1338 typedef struct _PS_JOB_TOKEN_FILTER
1340 ULONG CapturedSidCount
;
1341 PSID_AND_ATTRIBUTES CapturedSids
;
1342 ULONG CapturedSidsLength
;
1343 ULONG CapturedGroupCount
;
1344 PSID_AND_ATTRIBUTES CapturedGroups
;
1345 ULONG CapturedGroupsLength
;
1346 ULONG CapturedPrivilegeCount
;
1347 PLUID_AND_ATTRIBUTES CapturedPrivileges
;
1348 ULONG CapturedPrivilegesLength
;
1349 } PS_JOB_TOKEN_FILTER
, *PPS_JOB_TOKEN_FILTER
;
1352 // Executive Job (EJOB)
1354 typedef struct _EJOB
1357 LIST_ENTRY JobLinks
;
1358 LIST_ENTRY ProcessListHead
;
1360 LARGE_INTEGER TotalUserTime
;
1361 LARGE_INTEGER TotalKernelTime
;
1362 LARGE_INTEGER ThisPeriodTotalUserTime
;
1363 LARGE_INTEGER ThisPeriodTotalKernelTime
;
1364 ULONG TotalPageFaultCount
;
1365 ULONG TotalProcesses
;
1366 ULONG ActiveProcesses
;
1367 ULONG TotalTerminatedProcesses
;
1368 LARGE_INTEGER PerProcessUserTimeLimit
;
1369 LARGE_INTEGER PerJobUserTimeLimit
;
1371 ULONG MinimumWorkingSetSize
;
1372 ULONG MaximumWorkingSetSize
;
1373 ULONG ActiveProcessLimit
;
1375 UCHAR PriorityClass
;
1376 ULONG UIRestrictionsClass
;
1377 ULONG SecurityLimitFlags
;
1379 PPS_JOB_TOKEN_FILTER Filter
;
1380 ULONG EndOfJobTimeAction
;
1381 PVOID CompletionPort
;
1382 PVOID CompletionKey
;
1384 ULONG SchedulingClass
;
1385 ULONGLONG ReadOperationCount
;
1386 ULONGLONG WriteOperationCount
;
1387 ULONGLONG OtherOperationCount
;
1388 ULONGLONG ReadTransferCount
;
1389 ULONGLONG WriteTransferCount
;
1390 ULONGLONG OtherTransferCount
;
1392 ULONG ProcessMemoryLimit
;
1393 ULONG JobMemoryLimit
;
1394 ULONG PeakProcessMemoryUsed
;
1395 ULONG PeakJobMemoryUsed
;
1396 ULONG CurrentJobMemoryUsed
;
1397 #if (NTDDI_VERSION >= NTDDI_WINXP) && (NTDDI_VERSION < NTDDI_WS03)
1398 FAST_MUTEX MemoryLimitsLock
;
1399 #elif (NTDDI_VERSION >= NTDDI_WS03) && (NTDDI_VERSION < NTDDI_LONGHORN)
1400 KGUARDED_MUTEX MemoryLimitsLock
;
1401 #elif (NTDDI_VERSION >= NTDDI_LONGHORN)
1402 EX_PUSH_LOCK MemoryLimitsLock
;
1404 LIST_ENTRY JobSetLinks
;
1408 #include <poppack.h>
1411 // Win32K Callback Registration Data
1413 typedef struct _WIN32_POWEREVENT_PARAMETERS
1415 PSPOWEREVENTTYPE EventNumber
;
1417 } WIN32_POWEREVENT_PARAMETERS
, *PWIN32_POWEREVENT_PARAMETERS
;
1419 typedef struct _WIN32_POWERSTATE_PARAMETERS
1422 POWER_ACTION SystemAction
;
1423 SYSTEM_POWER_STATE MinSystemState
;
1425 POWERSTATETASK PowerStateTask
;
1426 } WIN32_POWERSTATE_PARAMETERS
, *PWIN32_POWERSTATE_PARAMETERS
;
1428 typedef struct _WIN32_JOBCALLOUT_PARAMETERS
1431 PSW32JOBCALLOUTTYPE CalloutType
;
1433 } WIN32_JOBCALLOUT_PARAMETERS
, *PWIN32_JOBCALLOUT_PARAMETERS
;
1435 typedef struct _WIN32_OPENMETHOD_PARAMETERS
1437 OB_OPEN_REASON OpenReason
;
1440 ULONG GrantedAccess
;
1442 } WIN32_OPENMETHOD_PARAMETERS
, *PWIN32_OPENMETHOD_PARAMETERS
;
1444 typedef struct _WIN32_OKAYTOCLOSEMETHOD_PARAMETERS
1449 KPROCESSOR_MODE PreviousMode
;
1450 } WIN32_OKAYTOCLOSEMETHOD_PARAMETERS
, *PWIN32_OKAYTOCLOSEMETHOD_PARAMETERS
;
1452 typedef struct _WIN32_CLOSEMETHOD_PARAMETERS
1456 ACCESS_MASK AccessMask
;
1457 ULONG ProcessHandleCount
;
1458 ULONG SystemHandleCount
;
1459 } WIN32_CLOSEMETHOD_PARAMETERS
, *PWIN32_CLOSEMETHOD_PARAMETERS
;
1461 typedef struct _WIN32_DELETEMETHOD_PARAMETERS
1464 } WIN32_DELETEMETHOD_PARAMETERS
, *PWIN32_DELETEMETHOD_PARAMETERS
;
1466 typedef struct _WIN32_PARSEMETHOD_PARAMETERS
1470 PACCESS_STATE AccessState
;
1471 KPROCESSOR_MODE AccessMode
;
1473 _Out_ PUNICODE_STRING CompleteName
;
1474 PUNICODE_STRING RemainingName
;
1476 PSECURITY_QUALITY_OF_SERVICE SecurityQos
;
1478 } WIN32_PARSEMETHOD_PARAMETERS
, *PWIN32_PARSEMETHOD_PARAMETERS
;
1480 typedef struct _WIN32_CALLOUTS_FPNS
1482 PKWIN32_PROCESS_CALLOUT ProcessCallout
;
1483 PKWIN32_THREAD_CALLOUT ThreadCallout
;
1484 PKWIN32_GLOBALATOMTABLE_CALLOUT GlobalAtomTableCallout
;
1485 PKWIN32_POWEREVENT_CALLOUT PowerEventCallout
;
1486 PKWIN32_POWERSTATE_CALLOUT PowerStateCallout
;
1487 PKWIN32_JOB_CALLOUT JobCallout
;
1488 PGDI_BATCHFLUSH_ROUTINE BatchFlushRoutine
;
1489 PKWIN32_SESSION_CALLOUT DesktopOpenProcedure
;
1490 PKWIN32_SESSION_CALLOUT DesktopOkToCloseProcedure
;
1491 PKWIN32_SESSION_CALLOUT DesktopCloseProcedure
;
1492 PKWIN32_SESSION_CALLOUT DesktopDeleteProcedure
;
1493 PKWIN32_SESSION_CALLOUT WindowStationOkToCloseProcedure
;
1494 PKWIN32_SESSION_CALLOUT WindowStationCloseProcedure
;
1495 PKWIN32_SESSION_CALLOUT WindowStationDeleteProcedure
;
1496 PKWIN32_SESSION_CALLOUT WindowStationParseProcedure
;
1497 PKWIN32_SESSION_CALLOUT WindowStationOpenProcedure
;
1498 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1499 PKWIN32_WIN32DATACOLLECTION_CALLOUT Win32DataCollectionProcedure
;
1501 } WIN32_CALLOUTS_FPNS
, *PWIN32_CALLOUTS_FPNS
;
1503 #endif // !NTOS_MODE_USER
1509 #endif // _PSTYPES_H