3 Copyright (c) Alex Ionescu. All rights reserved.
11 Type definitions for the Executive.
15 Alex Ionescu (alexi@tinykrnl.org) - Updated - 27-Feb-2006
27 #if !defined(NTOS_MODE_USER)
46 #define __ALIGNED(n) __attribute__((aligned (n)))
47 #elif defined(_MSC_VER)
48 #define __ALIGNED(n) __declspec(align(n))
50 #error __ALIGNED not defined for your compiler!
56 typedef USHORT RTL_ATOM
, *PRTL_ATOM
;
58 #ifndef NTOS_MODE_USER
61 // Kernel Exported Object Types
63 extern POBJECT_TYPE NTSYSAPI ExDesktopObjectType
;
64 extern POBJECT_TYPE NTSYSAPI ExWindowStationObjectType
;
65 extern POBJECT_TYPE NTSYSAPI ExIoCompletionType
;
66 extern POBJECT_TYPE NTSYSAPI ExMutantObjectType
;
67 extern POBJECT_TYPE NTSYSAPI ExTimerType
;
70 // Exported NT Build Number
72 extern ULONG NTSYSAPI NtBuildNumber
;
75 // Invalid Handle Value Constant
77 #define INVALID_HANDLE_VALUE (HANDLE)-1
84 #define MUTANT_INCREMENT 1
87 // Callback Object Access Mask
89 #define CALLBACK_MODIFY_STATE 0x0001
90 #define CALLBACK_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | \
92 CALLBACK_MODIFY_STATE)
95 // Event Object Access Masks
98 #define EVENT_QUERY_STATE 0x0001
101 // Semaphore Object Access Masks
103 #define SEMAPHORE_QUERY_STATE 0x0001
107 // Mutant Object Access Masks
109 #define MUTANT_QUERY_STATE 0x0001
110 #define MUTANT_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | \
114 #define TIMER_QUERY_STATE 0x0001
115 #define TIMER_MODIFY_STATE 0x0002
116 #define TIMER_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | \
118 TIMER_QUERY_STATE | \
123 // Event Pair Access Masks
125 #define EVENT_PAIR_ALL_ACCESS 0x1F0000L
128 // Profile Object Access Masks
130 #define PROFILE_CONTROL 0x0001
131 #define PROFILE_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | PROFILE_CONTROL)
134 // Keyed Event Object Access Masks
136 #define KEYEDEVENT_WAIT 0x0001
137 #define KEYEDEVENT_WAKE 0x0002
138 #define KEYEDEVENT_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | \
143 // NtRaiseHardError-related parameters
145 #define MAXIMUM_HARDERROR_PARAMETERS 5
146 #define HARDERROR_OVERRIDE_ERRORMODE 0x10000000
151 #define EX_PUSH_LOCK_LOCK_V ((ULONG_PTR)0x0)
152 #define EX_PUSH_LOCK_LOCK ((ULONG_PTR)0x1)
153 #define EX_PUSH_LOCK_WAITING ((ULONG_PTR)0x2)
154 #define EX_PUSH_LOCK_WAKING ((ULONG_PTR)0x4)
155 #define EX_PUSH_LOCK_MULTIPLE_SHARED ((ULONG_PTR)0x8)
156 #define EX_PUSH_LOCK_SHARE_INC ((ULONG_PTR)0x10)
157 #define EX_PUSH_LOCK_PTR_BITS ((ULONG_PTR)0xf)
160 // Pushlock Wait Block Flags
162 #define EX_PUSH_LOCK_FLAGS_EXCLUSIVE 1
163 #define EX_PUSH_LOCK_FLAGS_WAIT_V 1
164 #define EX_PUSH_LOCK_FLAGS_WAIT 2
167 // Resource (ERESOURCE) Flags
169 #define ResourceHasDisabledPriorityBoost 0x08
172 // Shutdown types for NtShutdownSystem
174 typedef enum _SHUTDOWN_ACTION
182 // Responses for NtRaiseHardError
184 typedef enum _HARDERROR_RESPONSE_OPTION
186 OptionAbortRetryIgnore
,
192 OptionShutdownSystem
,
194 OptionCancelTryContinue
195 } HARDERROR_RESPONSE_OPTION
, *PHARDERROR_RESPONSE_OPTION
;
197 typedef enum _HARDERROR_RESPONSE
199 ResponseReturnToCaller
,
210 } HARDERROR_RESPONSE
, *PHARDERROR_RESPONSE
;
213 // System Information Classes for NtQuerySystemInformation
215 typedef enum _SYSTEM_INFORMATION_CLASS
217 SystemBasicInformation
,
218 SystemProcessorInformation
,
219 SystemPerformanceInformation
,
220 SystemTimeOfDayInformation
,
221 SystemPathInformation
, /// Obsolete: Use KUSER_SHARED_DATA
222 SystemProcessInformation
,
223 SystemCallCountInformation
,
224 SystemDeviceInformation
,
225 SystemProcessorPerformanceInformation
,
226 SystemFlagsInformation
,
227 SystemCallTimeInformation
,
228 SystemModuleInformation
,
229 SystemLocksInformation
,
230 SystemStackTraceInformation
,
231 SystemPagedPoolInformation
,
232 SystemNonPagedPoolInformation
,
233 SystemHandleInformation
,
234 SystemObjectInformation
,
235 SystemPageFileInformation
,
236 SystemVdmInstemulInformation
,
237 SystemVdmBopInformation
,
238 SystemFileCacheInformation
,
239 SystemPoolTagInformation
,
240 SystemInterruptInformation
,
241 SystemDpcBehaviorInformation
,
242 SystemFullMemoryInformation
,
243 SystemLoadGdiDriverInformation
,
244 SystemUnloadGdiDriverInformation
,
245 SystemTimeAdjustmentInformation
,
246 SystemSummaryMemoryInformation
,
247 SystemMirrorMemoryInformation
,
248 SystemPerformanceTraceInformation
,
250 SystemExceptionInformation
,
251 SystemCrashDumpStateInformation
,
252 SystemKernelDebuggerInformation
,
253 SystemContextSwitchInformation
,
254 SystemRegistryQuotaInformation
,
255 SystemExtendServiceTableInformation
,
256 SystemPrioritySeperation
,
257 SystemPlugPlayBusInformation
,
258 SystemDockInformation
,
259 SystemPowerInformationNative
,
260 SystemProcessorSpeedInformation
,
261 SystemCurrentTimeZoneInformation
,
262 SystemLookasideInformation
,
263 SystemTimeSlipNotification
,
266 SystemSessionInformation
,
267 SystemRangeStartInformation
,
268 SystemVerifierInformation
,
270 SystemSessionProcessesInformation
,
271 SystemLoadGdiDriverInSystemSpaceInformation
,
272 SystemNumaProcessorMap
,
273 SystemPrefetcherInformation
,
274 SystemExtendedProcessInformation
,
275 SystemRecommendedSharedDataAlignment
,
276 SystemComPlusPackage
,
277 SystemNumaAvailableMemory
,
278 SystemProcessorPowerInformation
,
279 SystemEmulationBasicInformation
,
280 SystemEmulationProcessorInformation
,
281 SystemExtendedHandleInformation
,
282 SystemLostDelayedWriteInformation
,
283 SystemBigPoolInformation
,
284 SystemSessionPoolTagInformation
,
285 SystemSessionMappedViewInformation
,
286 SystemHotpatchInformation
,
287 SystemObjectSecurityMode
,
288 SystemWatchDogTimerHandler
,
289 SystemWatchDogTimerInformation
,
290 SystemLogicalProcessorInformation
,
291 SystemWow64SharedInformationObsolete
,
292 SystemRegisterFirmwareTableInformationHandler
,
293 SystemFirmwareTableInformation
,
294 SystemModuleInformationEx
,
295 SystemVerifierTriageInformation
,
296 SystemSuperfetchInformation
,
297 SystemMemoryListInformation
,
298 SystemFileCacheInformationEx
,
299 SystemThreadPriorityClientIdInformation
,
300 SystemProcessorIdleCycleTimeInformation
,
301 SystemVerifierCancellationInformation
,
302 SystemProcessorPowerInformationEx
,
303 SystemRefTraceInformation
,
304 SystemSpecialPoolInformation
,
305 SystemProcessIdInformation
,
306 SystemErrorPortInformation
,
307 SystemBootEnvironmentInformation
,
308 SystemHypervisorInformation
,
309 SystemVerifierInformationEx
,
310 SystemTimeZoneInformation
,
311 SystemImageFileExecutionOptionsInformation
,
312 SystemCoverageInformation
,
313 SystemPrefetchPathInformation
,
314 SystemVerifierFaultsInformation
,
316 } SYSTEM_INFORMATION_CLASS
;
319 // System Information Classes for NtQueryMutant
321 typedef enum _MUTANT_INFORMATION_CLASS
323 MutantBasicInformation
,
324 MutantOwnerInformation
325 } MUTANT_INFORMATION_CLASS
;
328 // System Information Classes for NtQueryAtom
330 typedef enum _ATOM_INFORMATION_CLASS
332 AtomBasicInformation
,
333 AtomTableInformation
,
334 } ATOM_INFORMATION_CLASS
;
337 // System Information Classes for NtQueryTimer
339 typedef enum _TIMER_INFORMATION_CLASS
341 TimerBasicInformation
342 } TIMER_INFORMATION_CLASS
;
345 // System Information Classes for NtQuerySemaphore
347 typedef enum _SEMAPHORE_INFORMATION_CLASS
349 SemaphoreBasicInformation
350 } SEMAPHORE_INFORMATION_CLASS
;
353 // System Information Classes for NtQueryEvent
355 typedef enum _EVENT_INFORMATION_CLASS
357 EventBasicInformation
358 } EVENT_INFORMATION_CLASS
;
360 #ifdef NTOS_MODE_USER
363 // Firmware Table Actions for SystemFirmwareTableInformation
365 typedef enum _SYSTEM_FIRMWARE_TABLE_ACTION
367 SystemFirmwareTable_Enumerate
= 0,
368 SystemFirmwareTable_Get
= 1,
369 } SYSTEM_FIRMWARE_TABLE_ACTION
, *PSYSTEM_FIRMWARE_TABLE_ACTION
;
372 // Firmware Handler Callback
374 struct _SYSTEM_FIRMWARE_TABLE_INFORMATION
;
378 _In_
struct _SYSTEM_FIRMWARE_TABLE_INFORMATION
*FirmwareTableInformation
384 // Handle Enumeration Callback
386 struct _HANDLE_TABLE_ENTRY
;
388 (NTAPI
*PEX_ENUM_HANDLE_CALLBACK
)(
389 _In_
struct _HANDLE_TABLE_ENTRY
*HandleTableEntry
,
395 // Executive Work Queue Structures
397 typedef struct _EX_QUEUE_WORKER_INFO
399 ULONG QueueDisabled
:1;
400 ULONG MakeThreadsAsNecessary
:1;
402 ULONG WorkerCount
:29;
403 } EX_QUEUE_WORKER_INFO
, *PEX_QUEUE_WORKER_INFO
;
405 typedef struct _EX_WORK_QUEUE
408 LONG DynamicThreadCount
;
409 ULONG WorkItemsProcessed
;
410 ULONG WorkItemsProcessedLastPass
;
411 ULONG QueueDepthLastPass
;
412 EX_QUEUE_WORKER_INFO Info
;
413 } EX_WORK_QUEUE
, *PEX_WORK_QUEUE
;
416 // Executive Fast Reference Structure
418 typedef struct _EX_FAST_REF
426 } EX_FAST_REF
, *PEX_FAST_REF
;
429 // Executive Cache-Aware Rundown Reference Descriptor
431 typedef struct _EX_RUNDOWN_REF_CACHE_AWARE
433 PEX_RUNDOWN_REF RunRefs
;
437 } EX_RUNDOWN_REF_CACHE_AWARE
;
440 // Executive Rundown Wait Block
442 typedef struct _EX_RUNDOWN_WAIT_BLOCK
446 } EX_RUNDOWN_WAIT_BLOCK
, *PEX_RUNDOWN_WAIT_BLOCK
;
449 // Executive Pushlock
453 typedef struct _EX_PUSH_LOCK
462 ULONG_PTR MultipleShared
:1;
463 ULONG_PTR Shared
:sizeof (ULONG_PTR
) * 8 - 4;
468 } EX_PUSH_LOCK
, *PEX_PUSH_LOCK
;
471 // Executive Pushlock Wait Block
475 // The wait block has to be properly aligned
476 // on a non-checked build even if the debug data isn't there.
478 #if defined(_MSC_VER)
479 #pragma warning(push)
480 #pragma warning(disable:4324)
483 typedef __ALIGNED(16) struct _EX_PUSH_LOCK_WAIT_BLOCK
490 struct _EX_PUSH_LOCK_WAIT_BLOCK
*Next
;
491 struct _EX_PUSH_LOCK_WAIT_BLOCK
*Last
;
492 struct _EX_PUSH_LOCK_WAIT_BLOCK
*Previous
;
497 EX_PUSH_LOCK NewValue
;
498 EX_PUSH_LOCK OldValue
;
499 PEX_PUSH_LOCK PushLock
;
501 } EX_PUSH_LOCK_WAIT_BLOCK
, *PEX_PUSH_LOCK_WAIT_BLOCK
;
503 #if defined(_MSC_VER)
510 typedef struct _CALLBACK_OBJECT
514 LIST_ENTRY RegisteredCallbacks
;
515 BOOLEAN AllowMultipleCallbacks
;
522 typedef struct _CALLBACK_REGISTRATION
525 PCALLBACK_OBJECT CallbackObject
;
526 PCALLBACK_FUNCTION CallbackFunction
;
527 PVOID CallbackContext
;
529 BOOLEAN UnregisterWaiting
;
530 } CALLBACK_REGISTRATION
, *PCALLBACK_REGISTRATION
;
533 // Internal Callback Object
535 typedef struct _EX_CALLBACK_ROUTINE_BLOCK
537 EX_RUNDOWN_REF RundownProtect
;
538 PEX_CALLBACK_FUNCTION Function
;
540 } EX_CALLBACK_ROUTINE_BLOCK
, *PEX_CALLBACK_ROUTINE_BLOCK
;
543 // Internal Callback Handle
545 typedef struct _EX_CALLBACK
547 EX_FAST_REF RoutineBlock
;
548 } EX_CALLBACK
, *PEX_CALLBACK
;
553 typedef struct _EPROFILE
561 PKPROFILE ProfileObject
;
562 PVOID LockedBufferAddress
;
565 KPROFILE_SOURCE ProfileSource
;
567 } EPROFILE
, *PEPROFILE
;
570 // Handle Table Structures
572 typedef struct _HANDLE_TRACE_DB_ENTRY
577 PVOID StackTrace
[16];
578 } HANDLE_TRACE_DB_ENTRY
, *PHANDLE_TRACE_DB_ENTRY
;
580 typedef struct _HANDLE_TRACE_DEBUG_INFO
585 FAST_MUTEX CloseCompatcionLock
;
586 ULONG CurrentStackIndex
;
587 HANDLE_TRACE_DB_ENTRY TraceDb
[1];
588 } HANDLE_TRACE_DEBUG_INFO
, *PHANDLE_TRACE_DEBUG_INFO
;
590 typedef struct _HANDLE_TABLE_ENTRY_INFO
593 } HANDLE_TABLE_ENTRY_INFO
, *PHANDLE_TABLE_ENTRY_INFO
;
595 typedef struct _HANDLE_TABLE_ENTRY
600 ULONG_PTR ObAttributes
;
601 PHANDLE_TABLE_ENTRY_INFO InfoTable
;
609 USHORT GrantedAccessIndex
;
610 USHORT CreatorBackTraceIndex
;
612 LONG NextFreeTableEntry
;
614 } HANDLE_TABLE_ENTRY
, *PHANDLE_TABLE_ENTRY
;
616 typedef struct _HANDLE_TABLE
618 #if (NTDDI_VERSION >= NTDDI_WINXP)
621 PHANDLE_TABLE_ENTRY
**Table
;
623 PEPROCESS QuotaProcess
;
624 PVOID UniqueProcessId
;
625 #if (NTDDI_VERSION >= NTDDI_WINXP)
626 EX_PUSH_LOCK HandleTableLock
[4];
627 LIST_ENTRY HandleTableList
;
628 EX_PUSH_LOCK HandleContentionEvent
;
630 ERESOURCE HandleLock
;
631 LIST_ENTRY HandleTableList
;
632 KEVENT HandleContentionEvent
;
634 PHANDLE_TRACE_DEBUG_INFO DebugInfo
;
636 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
642 LONG FirstFreeHandle
;
643 PHANDLE_TABLE_ENTRY LastFreeHandleEntry
;
645 ULONG NextHandleNeedingPool
;
649 ULONG NextHandleNeedingPool
;
657 } HANDLE_TABLE
, *PHANDLE_TABLE
;
662 // Hard Error LPC Message
664 typedef struct _HARDERROR_MSG
668 LARGE_INTEGER ErrorTime
;
669 ULONG ValidResponseOptions
;
671 ULONG NumberOfParameters
;
672 ULONG UnicodeStringParameterMask
;
673 ULONG_PTR Parameters
[MAXIMUM_HARDERROR_PARAMETERS
];
674 } HARDERROR_MSG
, *PHARDERROR_MSG
;
677 // Information Structures for NtQueryMutant
679 typedef struct _MUTANT_BASIC_INFORMATION
682 BOOLEAN OwnedByCaller
;
683 BOOLEAN AbandonedState
;
684 } MUTANT_BASIC_INFORMATION
, *PMUTANT_BASIC_INFORMATION
;
686 typedef struct _MUTANT_OWNER_INFORMATION
689 } MUTANT_OWNER_INFORMATION
, *PMUTANT_OWNER_INFORMATION
;
692 // Information Structures for NtQueryAtom
694 typedef struct _ATOM_BASIC_INFORMATION
700 } ATOM_BASIC_INFORMATION
, *PATOM_BASIC_INFORMATION
;
702 typedef struct _ATOM_TABLE_INFORMATION
706 } ATOM_TABLE_INFORMATION
, *PATOM_TABLE_INFORMATION
;
709 // Information Structures for NtQueryTimer
711 typedef struct _TIMER_BASIC_INFORMATION
713 LARGE_INTEGER TimeRemaining
;
715 } TIMER_BASIC_INFORMATION
, *PTIMER_BASIC_INFORMATION
;
718 // Information Structures for NtQuerySemaphore
720 typedef struct _SEMAPHORE_BASIC_INFORMATION
724 } SEMAPHORE_BASIC_INFORMATION
, *PSEMAPHORE_BASIC_INFORMATION
;
727 // Information Structures for NtQueryEvent
729 typedef struct _EVENT_BASIC_INFORMATION
731 EVENT_TYPE EventType
;
733 } EVENT_BASIC_INFORMATION
, *PEVENT_BASIC_INFORMATION
;
736 // Information Structures for NtQuerySystemInformation
738 typedef struct _SYSTEM_BASIC_INFORMATION
741 ULONG TimerResolution
;
743 ULONG NumberOfPhysicalPages
;
744 ULONG LowestPhysicalPageNumber
;
745 ULONG HighestPhysicalPageNumber
;
746 ULONG AllocationGranularity
;
747 ULONG_PTR MinimumUserModeAddress
;
748 ULONG_PTR MaximumUserModeAddress
;
749 ULONG_PTR ActiveProcessorsAffinityMask
;
750 CCHAR NumberOfProcessors
;
751 } SYSTEM_BASIC_INFORMATION
, *PSYSTEM_BASIC_INFORMATION
;
754 typedef struct _SYSTEM_PROCESSOR_INFORMATION
756 USHORT ProcessorArchitecture
;
757 USHORT ProcessorLevel
;
758 USHORT ProcessorRevision
;
760 ULONG ProcessorFeatureBits
;
761 } SYSTEM_PROCESSOR_INFORMATION
, *PSYSTEM_PROCESSOR_INFORMATION
;
764 typedef struct _SYSTEM_PERFORMANCE_INFORMATION
766 LARGE_INTEGER IdleProcessTime
;
767 LARGE_INTEGER IoReadTransferCount
;
768 LARGE_INTEGER IoWriteTransferCount
;
769 LARGE_INTEGER IoOtherTransferCount
;
770 ULONG IoReadOperationCount
;
771 ULONG IoWriteOperationCount
;
772 ULONG IoOtherOperationCount
;
773 ULONG AvailablePages
;
774 ULONG CommittedPages
;
776 ULONG PeakCommitment
;
777 ULONG PageFaultCount
;
778 ULONG CopyOnWriteCount
;
779 ULONG TransitionCount
;
780 ULONG CacheTransitionCount
;
781 ULONG DemandZeroCount
;
783 ULONG PageReadIoCount
;
784 ULONG CacheReadCount
;
786 ULONG DirtyPagesWriteCount
;
787 ULONG DirtyWriteIoCount
;
788 ULONG MappedPagesWriteCount
;
789 ULONG MappedWriteIoCount
;
790 ULONG PagedPoolPages
;
791 ULONG NonPagedPoolPages
;
792 ULONG PagedPoolAllocs
;
793 ULONG PagedPoolFrees
;
794 ULONG NonPagedPoolAllocs
;
795 ULONG NonPagedPoolFrees
;
796 ULONG FreeSystemPtes
;
797 ULONG ResidentSystemCodePage
;
798 ULONG TotalSystemDriverPages
;
799 ULONG TotalSystemCodePages
;
800 ULONG NonPagedPoolLookasideHits
;
801 ULONG PagedPoolLookasideHits
;
803 ULONG ResidentSystemCachePage
;
804 ULONG ResidentPagedPoolPage
;
805 ULONG ResidentSystemDriverPage
;
806 ULONG CcFastReadNoWait
;
807 ULONG CcFastReadWait
;
808 ULONG CcFastReadResourceMiss
;
809 ULONG CcFastReadNotPossible
;
810 ULONG CcFastMdlReadNoWait
;
811 ULONG CcFastMdlReadWait
;
812 ULONG CcFastMdlReadResourceMiss
;
813 ULONG CcFastMdlReadNotPossible
;
814 ULONG CcMapDataNoWait
;
816 ULONG CcMapDataNoWaitMiss
;
817 ULONG CcMapDataWaitMiss
;
818 ULONG CcPinMappedDataCount
;
819 ULONG CcPinReadNoWait
;
821 ULONG CcPinReadNoWaitMiss
;
822 ULONG CcPinReadWaitMiss
;
823 ULONG CcCopyReadNoWait
;
824 ULONG CcCopyReadWait
;
825 ULONG CcCopyReadNoWaitMiss
;
826 ULONG CcCopyReadWaitMiss
;
827 ULONG CcMdlReadNoWait
;
829 ULONG CcMdlReadNoWaitMiss
;
830 ULONG CcMdlReadWaitMiss
;
831 ULONG CcReadAheadIos
;
832 ULONG CcLazyWriteIos
;
833 ULONG CcLazyWritePages
;
836 ULONG ContextSwitches
;
837 ULONG FirstLevelTbFills
;
838 ULONG SecondLevelTbFills
;
840 } SYSTEM_PERFORMANCE_INFORMATION
, *PSYSTEM_PERFORMANCE_INFORMATION
;
843 typedef struct _SYSTEM_TIMEOFDAY_INFORMATION
845 LARGE_INTEGER BootTime
;
846 LARGE_INTEGER CurrentTime
;
847 LARGE_INTEGER TimeZoneBias
;
850 #if (NTDDI_VERSION >= NTDDI_WIN2K)
851 ULONGLONG BootTimeBias
;
852 ULONGLONG SleepTimeBias
;
854 } SYSTEM_TIMEOFDAY_INFORMATION
, *PSYSTEM_TIMEOFDAY_INFORMATION
;
857 // This class is obsolete, please use KUSER_SHARED_DATA instead
860 typedef struct _SYSTEM_THREAD_INFORMATION
862 LARGE_INTEGER KernelTime
;
863 LARGE_INTEGER UserTime
;
864 LARGE_INTEGER CreateTime
;
870 ULONG ContextSwitches
;
873 ULONG PadPadAlignment
;
874 } SYSTEM_THREAD_INFORMATION
, *PSYSTEM_THREAD_INFORMATION
;
876 C_ASSERT(sizeof(SYSTEM_THREAD_INFORMATION
) == 0x40); // Must be 8-byte aligned
879 typedef struct _SYSTEM_PROCESS_INFORMATION
881 ULONG NextEntryOffset
;
882 ULONG NumberOfThreads
;
883 LARGE_INTEGER WorkingSetPrivateSize
; //VISTA
884 ULONG HardFaultCount
; //WIN7
885 ULONG NumberOfThreadsHighWatermark
; //WIN7
886 ULONGLONG CycleTime
; //WIN7
887 LARGE_INTEGER CreateTime
;
888 LARGE_INTEGER UserTime
;
889 LARGE_INTEGER KernelTime
;
890 UNICODE_STRING ImageName
;
891 KPRIORITY BasePriority
;
892 HANDLE UniqueProcessId
;
893 HANDLE InheritedFromUniqueProcessId
;
896 ULONG_PTR PageDirectoryBase
;
899 // This part corresponds to VM_COUNTERS_EX.
900 // NOTE: *NOT* THE SAME AS VM_COUNTERS!
902 SIZE_T PeakVirtualSize
;
904 ULONG PageFaultCount
;
905 SIZE_T PeakWorkingSetSize
;
906 SIZE_T WorkingSetSize
;
907 SIZE_T QuotaPeakPagedPoolUsage
;
908 SIZE_T QuotaPagedPoolUsage
;
909 SIZE_T QuotaPeakNonPagedPoolUsage
;
910 SIZE_T QuotaNonPagedPoolUsage
;
911 SIZE_T PagefileUsage
;
912 SIZE_T PeakPagefileUsage
;
913 SIZE_T PrivatePageCount
;
916 // This part corresponds to IO_COUNTERS
918 LARGE_INTEGER ReadOperationCount
;
919 LARGE_INTEGER WriteOperationCount
;
920 LARGE_INTEGER OtherOperationCount
;
921 LARGE_INTEGER ReadTransferCount
;
922 LARGE_INTEGER WriteTransferCount
;
923 LARGE_INTEGER OtherTransferCount
;
924 // SYSTEM_THREAD_INFORMATION TH[1];
925 } SYSTEM_PROCESS_INFORMATION
, *PSYSTEM_PROCESS_INFORMATION
;
927 C_ASSERT(sizeof(SYSTEM_PROCESS_INFORMATION
) == 0xB8); // Must be 8-byte aligned
932 typedef struct _SYSTEM_CALL_COUNT_INFORMATION
935 ULONG NumberOfTables
;
936 } SYSTEM_CALL_COUNT_INFORMATION
, *PSYSTEM_CALL_COUNT_INFORMATION
;
939 typedef struct _SYSTEM_DEVICE_INFORMATION
942 ULONG NumberOfFloppies
;
943 ULONG NumberOfCdRoms
;
945 ULONG NumberOfSerialPorts
;
946 ULONG NumberOfParallelPorts
;
947 } SYSTEM_DEVICE_INFORMATION
, *PSYSTEM_DEVICE_INFORMATION
;
950 typedef struct _SYSTEM_PROCESSOR_PERFORMANCE_INFORMATION
952 LARGE_INTEGER IdleTime
;
953 LARGE_INTEGER KernelTime
;
954 LARGE_INTEGER UserTime
;
955 LARGE_INTEGER DpcTime
;
956 LARGE_INTEGER InterruptTime
;
957 ULONG InterruptCount
;
958 } SYSTEM_PROCESSOR_PERFORMANCE_INFORMATION
, *PSYSTEM_PROCESSOR_PERFORMANCE_INFORMATION
;
961 typedef struct _SYSTEM_FLAGS_INFORMATION
964 } SYSTEM_FLAGS_INFORMATION
, *PSYSTEM_FLAGS_INFORMATION
;
967 typedef struct _SYSTEM_CALL_TIME_INFORMATION
971 LARGE_INTEGER TimeOfCalls
[1];
972 } SYSTEM_CALL_TIME_INFORMATION
, *PSYSTEM_CALL_TIME_INFORMATION
;
974 // Class 11 - See RTL_PROCESS_MODULES
976 // Class 12 - See RTL_PROCESS_LOCKS
978 // Class 13 - See RTL_PROCESS_BACKTRACES
981 typedef struct _SYSTEM_POOL_ENTRY
985 USHORT AllocatorBackTraceIndex
;
991 PVOID ProcessChargedQuota
;
993 } SYSTEM_POOL_ENTRY
, *PSYSTEM_POOL_ENTRY
;
995 typedef struct _SYSTEM_POOL_INFORMATION
999 USHORT EntryOverhead
;
1000 BOOLEAN PoolTagPresent
;
1002 ULONG NumberOfEntries
;
1003 SYSTEM_POOL_ENTRY Entries
[1];
1004 } SYSTEM_POOL_INFORMATION
, *PSYSTEM_POOL_INFORMATION
;
1007 typedef struct _SYSTEM_HANDLE_TABLE_ENTRY_INFO
1009 USHORT UniqueProcessId
;
1010 USHORT CreatorBackTraceIndex
;
1011 UCHAR ObjectTypeIndex
;
1012 UCHAR HandleAttributes
;
1015 ULONG GrantedAccess
;
1016 } SYSTEM_HANDLE_TABLE_ENTRY_INFO
, *PSYSTEM_HANDLE_TABLE_ENTRY_INFO
;
1018 typedef struct _SYSTEM_HANDLE_INFORMATION
1020 ULONG NumberOfHandles
;
1021 SYSTEM_HANDLE_TABLE_ENTRY_INFO Handles
[1];
1022 } SYSTEM_HANDLE_INFORMATION
, *PSYSTEM_HANDLE_INFORMATION
;
1025 typedef struct _SYSTEM_OBJECTTYPE_INFORMATION
1027 ULONG NextEntryOffset
;
1028 ULONG NumberOfObjects
;
1029 ULONG NumberOfHandles
;
1031 ULONG InvalidAttributes
;
1032 GENERIC_MAPPING GenericMapping
;
1033 ULONG ValidAccessMask
;
1035 BOOLEAN SecurityRequired
;
1036 BOOLEAN WaitableObject
;
1037 UNICODE_STRING TypeName
;
1038 } SYSTEM_OBJECTTYPE_INFORMATION
, *PSYSTEM_OBJECTTYPE_INFORMATION
;
1040 typedef struct _SYSTEM_OBJECT_INFORMATION
1042 ULONG NextEntryOffset
;
1044 HANDLE CreatorUniqueProcess
;
1045 USHORT CreatorBackTraceIndex
;
1049 ULONG PagedPoolCharge
;
1050 ULONG NonPagedPoolCharge
;
1051 HANDLE ExclusiveProcessId
;
1052 PVOID SecurityDescriptor
;
1053 OBJECT_NAME_INFORMATION NameInfo
;
1054 } SYSTEM_OBJECT_INFORMATION
, *PSYSTEM_OBJECT_INFORMATION
;
1057 typedef struct _SYSTEM_PAGEFILE_INFORMATION
1059 ULONG NextEntryOffset
;
1063 UNICODE_STRING PageFileName
;
1064 } SYSTEM_PAGEFILE_INFORMATION
, *PSYSTEM_PAGEFILE_INFORMATION
;
1067 typedef struct _SYSTEM_VDM_INSTEMUL_INFO
1069 ULONG SegmentNotPresent
;
1071 ULONG OpcodeESPrefix
;
1072 ULONG OpcodeCSPrefix
;
1073 ULONG OpcodeSSPrefix
;
1074 ULONG OpcodeDSPrefix
;
1075 ULONG OpcodeFSPrefix
;
1076 ULONG OpcodeGSPrefix
;
1077 ULONG OpcodeOPER32Prefix
;
1078 ULONG OpcodeADDR32Prefix
;
1090 ULONG OpcodeOUTBimm
;
1091 ULONG OpcodeOUTWimm
;
1096 ULONG OpcodeLOCKPrefix
;
1097 ULONG OpcodeREPNEPrefix
;
1098 ULONG OpcodeREPPrefix
;
1103 } SYSTEM_VDM_INSTEMUL_INFO
, *PSYSTEM_VDM_INSTEMUL_INFO
;
1105 // Class 20 - ULONG VDMBOPINFO
1108 typedef struct _SYSTEM_FILECACHE_INFORMATION
1112 ULONG PageFaultCount
;
1113 SIZE_T MinimumWorkingSet
;
1114 SIZE_T MaximumWorkingSet
;
1115 SIZE_T CurrentSizeIncludingTransitionInPages
;
1116 SIZE_T PeakSizeIncludingTransitionInPages
;
1117 ULONG TransitionRePurposeCount
;
1119 } SYSTEM_FILECACHE_INFORMATION
, *PSYSTEM_FILECACHE_INFORMATION
;
1122 typedef struct _SYSTEM_POOLTAG
1132 ULONG NonPagedAllocs
;
1133 ULONG NonPagedFrees
;
1134 SIZE_T NonPagedUsed
;
1135 } SYSTEM_POOLTAG
, *PSYSTEM_POOLTAG
;
1137 typedef struct _SYSTEM_POOLTAG_INFORMATION
1140 SYSTEM_POOLTAG TagInfo
[1];
1141 } SYSTEM_POOLTAG_INFORMATION
, *PSYSTEM_POOLTAG_INFORMATION
;
1144 typedef struct _SYSTEM_INTERRUPT_INFORMATION
1146 ULONG ContextSwitches
;
1149 ULONG TimeIncrement
;
1150 ULONG DpcBypassCount
;
1151 ULONG ApcBypassCount
;
1152 } SYSTEM_INTERRUPT_INFORMATION
, *PSYSTEM_INTERRUPT_INFORMATION
;
1155 typedef struct _SYSTEM_DPC_BEHAVIOR_INFORMATION
1158 ULONG DpcQueueDepth
;
1159 ULONG MinimumDpcRate
;
1160 ULONG AdjustDpcThreshold
;
1162 } SYSTEM_DPC_BEHAVIOR_INFORMATION
, *PSYSTEM_DPC_BEHAVIOR_INFORMATION
;
1165 typedef struct _SYSTEM_MEMORY_INFO
1167 PUCHAR StringOffset
;
1169 USHORT TransitionCount
;
1170 USHORT ModifiedCount
;
1171 USHORT PageTableCount
;
1172 } SYSTEM_MEMORY_INFO
, *PSYSTEM_MEMORY_INFO
;
1174 typedef struct _SYSTEM_MEMORY_INFORMATION
1178 SYSTEM_MEMORY_INFO Memory
[1];
1179 } SYSTEM_MEMORY_INFORMATION
, *PSYSTEM_MEMORY_INFORMATION
;
1182 typedef struct _SYSTEM_GDI_DRIVER_INFORMATION
1184 UNICODE_STRING DriverName
;
1186 PVOID SectionPointer
;
1188 PIMAGE_EXPORT_DIRECTORY ExportSectionPointer
;
1190 } SYSTEM_GDI_DRIVER_INFORMATION
, *PSYSTEM_GDI_DRIVER_INFORMATION
;
1193 // Not an actually class, simply a PVOID to the ImageAddress
1196 typedef struct _SYSTEM_QUERY_TIME_ADJUST_INFORMATION
1198 ULONG TimeAdjustment
;
1199 ULONG TimeIncrement
;
1201 } SYSTEM_QUERY_TIME_ADJUST_INFORMATION
, *PSYSTEM_QUERY_TIME_ADJUST_INFORMATION
;
1203 typedef struct _SYSTEM_SET_TIME_ADJUST_INFORMATION
1205 ULONG TimeAdjustment
;
1207 } SYSTEM_SET_TIME_ADJUST_INFORMATION
, *PSYSTEM_SET_TIME_ADJUST_INFORMATION
;
1209 // Class 29 - Same as 25
1214 typedef struct _SYSTEM_REF_TRACE_INFORMATION
1217 UCHAR TracePermanent
;
1218 UNICODE_STRING TraceProcessName
;
1219 UNICODE_STRING TracePoolTags
;
1220 } SYSTEM_REF_TRACE_INFORMATION
, *PSYSTEM_REF_TRACE_INFORMATION
;
1222 // Class 32 - OBSOLETE
1225 typedef struct _SYSTEM_EXCEPTION_INFORMATION
1227 ULONG AlignmentFixupCount
;
1228 ULONG ExceptionDispatchCount
;
1229 ULONG FloatingEmulationCount
;
1230 ULONG ByteWordEmulationCount
;
1231 } SYSTEM_EXCEPTION_INFORMATION
, *PSYSTEM_EXCEPTION_INFORMATION
;
1234 typedef struct _SYSTEM_CRASH_STATE_INFORMATION
1236 ULONG ValidCrashDump
;
1237 } SYSTEM_CRASH_STATE_INFORMATION
, *PSYSTEM_CRASH_STATE_INFORMATION
;
1240 typedef struct _SYSTEM_KERNEL_DEBUGGER_INFORMATION
1242 BOOLEAN KernelDebuggerEnabled
;
1243 BOOLEAN KernelDebuggerNotPresent
;
1244 } SYSTEM_KERNEL_DEBUGGER_INFORMATION
, *PSYSTEM_KERNEL_DEBUGGER_INFORMATION
;
1247 typedef struct _SYSTEM_CONTEXT_SWITCH_INFORMATION
1249 ULONG ContextSwitches
;
1258 ULONG PreemptCurrent
;
1261 } SYSTEM_CONTEXT_SWITCH_INFORMATION
, *PSYSTEM_CONTEXT_SWITCH_INFORMATION
;
1264 typedef struct _SYSTEM_REGISTRY_QUOTA_INFORMATION
1266 ULONG RegistryQuotaAllowed
;
1267 ULONG RegistryQuotaUsed
;
1268 SIZE_T PagedPoolSize
;
1269 } SYSTEM_REGISTRY_QUOTA_INFORMATION
, *PSYSTEM_REGISTRY_QUOTA_INFORMATION
;
1272 // Not a structure, simply send the UNICODE_STRING
1275 // Not a structure, simply send a ULONG containing the new separation
1278 typedef struct _SYSTEM_PLUGPLAY_BUS_INFORMATION
1281 PLUGPLAY_BUS_INSTANCE BusInstance
[1];
1282 } SYSTEM_PLUGPLAY_BUS_INFORMATION
, *PSYSTEM_PLUGPLAY_BUS_INFORMATION
;
1285 typedef struct _SYSTEM_DOCK_INFORMATION
1287 SYSTEM_DOCK_STATE DockState
;
1288 INTERFACE_TYPE DeviceBusType
;
1289 ULONG DeviceBusNumber
;
1291 } SYSTEM_DOCK_INFORMATION
, *PSYSTEM_DOCK_INFORMATION
;
1294 typedef struct _SYSTEM_POWER_INFORMATION_NATIVE
1296 BOOLEAN SystemSuspendSupported
;
1297 BOOLEAN SystemHibernateSupported
;
1298 BOOLEAN ResumeTimerSupportsSuspend
;
1299 BOOLEAN ResumeTimerSupportsHibernate
;
1300 BOOLEAN LidSupported
;
1301 BOOLEAN TurboSettingSupported
;
1303 BOOLEAN SystemAcOrDc
;
1304 BOOLEAN PowerDownDisabled
;
1305 LARGE_INTEGER SpindownDrives
;
1306 } SYSTEM_POWER_INFORMATION_NATIVE
, *PSYSTEM_POWER_INFORMATION_NATIVE
;
1309 typedef struct _SYSTEM_LEGACY_DRIVER_INFORMATION
1311 PNP_VETO_TYPE VetoType
;
1312 UNICODE_STRING VetoDriver
;
1313 } SYSTEM_LEGACY_DRIVER_INFORMATION
, *PSYSTEM_LEGACY_DRIVER_INFORMATION
;
1316 //typedef struct _TIME_ZONE_INFORMATION RTL_TIME_ZONE_INFORMATION;
1319 typedef struct _SYSTEM_LOOKASIDE_INFORMATION
1321 USHORT CurrentDepth
;
1322 USHORT MaximumDepth
;
1323 ULONG TotalAllocates
;
1324 ULONG AllocateMisses
;
1330 } SYSTEM_LOOKASIDE_INFORMATION
, *PSYSTEM_LOOKASIDE_INFORMATION
;
1333 // Not a structure. Only a HANDLE for the SlipEvent;
1336 // Not a structure. Only a ULONG for the SessionId;
1339 // Not a structure. Only a ULONG for the SessionId;
1344 // Not a structure. Only a ULONG_PTR for the SystemRangeStart
1347 typedef struct _SYSTEM_VERIFIER_INFORMATION
1349 ULONG NextEntryOffset
;
1351 UNICODE_STRING DriverName
;
1353 ULONG AcquireSpinLocks
;
1354 ULONG SynchronizeExecutions
;
1355 ULONG AllocationsAttempted
;
1356 ULONG AllocationsSucceeded
;
1357 ULONG AllocationsSucceededSpecialPool
;
1358 ULONG AllocationsWithNoTag
;
1361 ULONG AllocationsFailed
;
1362 ULONG AllocationsFailedDeliberately
;
1365 ULONG UnTrackedPool
;
1366 ULONG CurrentPagedPoolAllocations
;
1367 ULONG CurrentNonPagedPoolAllocations
;
1368 ULONG PeakPagedPoolAllocations
;
1369 ULONG PeakNonPagedPoolAllocations
;
1370 SIZE_T PagedPoolUsageInBytes
;
1371 SIZE_T NonPagedPoolUsageInBytes
;
1372 SIZE_T PeakPagedPoolUsageInBytes
;
1373 SIZE_T PeakNonPagedPoolUsageInBytes
;
1374 } SYSTEM_VERIFIER_INFORMATION
, *PSYSTEM_VERIFIER_INFORMATION
;
1379 typedef struct _SYSTEM_SESSION_PROCESS_INFORMATION
1383 PVOID Buffer
; // Same format as in SystemProcessInformation
1384 } SYSTEM_SESSION_PROCESS_INFORMATION
, *PSYSTEM_SESSION_PROCESS_INFORMATION
;
1389 #define MAXIMUM_NUMA_NODES 16
1390 typedef struct _SYSTEM_NUMA_INFORMATION
1392 ULONG HighestNodeNumber
;
1396 ULONGLONG ActiveProcessorsAffinityMask
[MAXIMUM_NUMA_NODES
];
1397 ULONGLONG AvailableMemory
[MAXIMUM_NUMA_NODES
];
1399 } SYSTEM_NUMA_INFORMATION
, *PSYSTEM_NUMA_INFORMATION
;
1401 // FIXME: Class 56-63
1404 typedef struct _SYSTEM_HANDLE_TABLE_ENTRY_INFO_EX
1407 ULONG_PTR UniqueProcessId
;
1408 ULONG_PTR HandleValue
;
1409 ULONG GrantedAccess
;
1410 USHORT CreatorBackTraceIndex
;
1411 USHORT ObjectTypeIndex
;
1412 ULONG HandleAttributes
;
1414 } SYSTEM_HANDLE_TABLE_ENTRY_INFO_EX
, *PSYSTEM_HANDLE_TABLE_ENTRY_INFO_EX
;
1416 typedef struct _SYSTEM_HANDLE_INFORMATION_EX
1420 SYSTEM_HANDLE_TABLE_ENTRY_INFO_EX Handle
[1];
1421 } SYSTEM_HANDLE_INFORMATION_EX
, *PSYSTEM_HANDLE_INFORMATION_EX
;
1423 // FIXME: Class 65-97
1428 #define RTL_HOTPATCH_SUPPORTED_FLAG 0x01
1429 #define RTL_HOTPATCH_SWAP_OBJECT_NAMES 0x08 << 24
1430 #define RTL_HOTPATCH_SYNC_RENAME_FILES 0x10 << 24
1431 #define RTL_HOTPATCH_PATCH_USER_MODE 0x20 << 24
1432 #define RTL_HOTPATCH_REMAP_SYSTEM_DLL 0x40 << 24
1433 #define RTL_HOTPATCH_PATCH_KERNEL_MODE 0x80 << 24
1437 typedef struct _SYSTEM_HOTPATCH_CODE_INFORMATION
1456 USHORT TargetNameOffset
;
1457 USHORT TargetNameLength
;
1458 UCHAR PatchingFinished
;
1464 USHORT TargetNameOffset
;
1465 USHORT TargetNameLength
;
1466 UCHAR PatchingFinished
;
1467 NTSTATUS ReturnCode
;
1468 HANDLE TargetProcess
;
1473 PIO_STATUS_BLOCK IoStatusBlock1
;
1474 PVOID RenameInformation1
;
1475 PVOID RenameInformationLength1
;
1477 PIO_STATUS_BLOCK IoStatusBlock2
;
1478 PVOID RenameInformation2
;
1479 PVOID RenameInformationLength2
;
1483 HANDLE ParentDirectory
;
1484 HANDLE ObjectHandle1
;
1485 HANDLE ObjectHandle2
;
1488 } SYSTEM_HOTPATCH_CODE_INFORMATION
, *PSYSTEM_HOTPATCH_CODE_INFORMATION
;
1493 #ifdef NTOS_MODE_USER
1494 typedef struct _SYSTEM_FIRMWARE_TABLE_HANDLER
1496 ULONG ProviderSignature
;
1498 PFNFTH FirmwareTableHandler
;
1500 } SYSTEM_FIRMWARE_TABLE_HANDLER
, *PSYSTEM_FIRMWARE_TABLE_HANDLER
;
1505 typedef struct _SYSTEM_FIRMWARE_TABLE_INFORMATION
1507 ULONG ProviderSignature
;
1508 SYSTEM_FIRMWARE_TABLE_ACTION Action
;
1510 ULONG TableBufferLength
;
1511 UCHAR TableBuffer
[1];
1512 } SYSTEM_FIRMWARE_TABLE_INFORMATION
, *PSYSTEM_FIRMWARE_TABLE_INFORMATION
;
1514 #endif // !NTOS_MODE_USER
1519 typedef struct _SYSTEM_MEMORY_LIST_INFORMATION
1521 SIZE_T ZeroPageCount
;
1522 SIZE_T FreePageCount
;
1523 SIZE_T ModifiedPageCount
;
1524 SIZE_T ModifiedNoWritePageCount
;
1525 SIZE_T BadPageCount
;
1526 SIZE_T PageCountByPriority
[8];
1527 SIZE_T RepurposedPagesByPriority
[8];
1528 SIZE_T ModifiedPageCountPageFile
;
1529 } SYSTEM_MEMORY_LIST_INFORMATION
, *PSYSTEM_MEMORY_LIST_INFORMATION
;
1535 #endif // !_EXTYPES_H