[SDK] Correct NtGlobalFlag names.
[reactos.git] / sdk / include / ndk / pstypes.h
1 /*++ NDK Version: 0098
2
3 Copyright (c) Alex Ionescu. All rights reserved.
4
5 Header Name:
6
7 pstypes.h
8
9 Abstract:
10
11 Type definitions for the Process Manager
12
13 Author:
14
15 Alex Ionescu (alexi@tinykrnl.org) - Updated - 27-Feb-2006
16
17 --*/
18
19 #ifndef _PSTYPES_H
20 #define _PSTYPES_H
21
22 //
23 // Dependencies
24 //
25 #include <umtypes.h>
26 #include <ldrtypes.h>
27 #include <mmtypes.h>
28 #include <obtypes.h>
29 #include <rtltypes.h>
30 #ifndef NTOS_MODE_USER
31 #include <extypes.h>
32 #include <setypes.h>
33 #endif
34
35 #ifdef __cplusplus
36 extern "C" {
37 #endif
38
39 #ifndef NTOS_MODE_USER
40
41 //
42 // Kernel Exported Object Types
43 //
44 extern POBJECT_TYPE NTSYSAPI PsJobType;
45
46 #endif // !NTOS_MODE_USER
47
48 //
49 // KUSER_SHARED_DATA location in User Mode
50 //
51 #define USER_SHARED_DATA (0x7FFE0000)
52
53 //
54 // Global Flags
55 //
56 #define FLG_STOP_ON_EXCEPTION 0x00000001
57 #define FLG_SHOW_LDR_SNAPS 0x00000002
58 #define FLG_DEBUG_INITIAL_COMMAND 0x00000004
59 #define FLG_STOP_ON_HUNG_GUI 0x00000008
60 #define FLG_HEAP_ENABLE_TAIL_CHECK 0x00000010
61 #define FLG_HEAP_ENABLE_FREE_CHECK 0x00000020
62 #define FLG_HEAP_VALIDATE_PARAMETERS 0x00000040
63 #define FLG_HEAP_VALIDATE_ALL 0x00000080
64 #define FLG_APPLICATION_VERIFIER 0x00000100
65 #define FLG_POOL_ENABLE_TAGGING 0x00000400
66 #define FLG_HEAP_ENABLE_TAGGING 0x00000800
67 #define FLG_USER_STACK_TRACE_DB 0x00001000
68 #define FLG_KERNEL_STACK_TRACE_DB 0x00002000
69 #define FLG_MAINTAIN_OBJECT_TYPELIST 0x00004000
70 #define FLG_HEAP_ENABLE_TAG_BY_DLL 0x00008000
71 #define FLG_DISABLE_STACK_EXTENSION 0x00010000
72 #define FLG_ENABLE_CSRDEBUG 0x00020000
73 #define FLG_ENABLE_KDEBUG_SYMBOL_LOAD 0x00040000
74 #define FLG_DISABLE_PAGE_KERNEL_STACKS 0x00080000
75 #if (NTDDI_VERSION < NTDDI_WINXP)
76 #define FLG_HEAP_ENABLE_CALL_TRACING 0x00100000
77 #else
78 #define FLG_ENABLE_SYSTEM_CRIT_BREAKS 0x00100000
79 #endif
80 #define FLG_HEAP_DISABLE_COALESCING 0x00200000
81 #define FLG_ENABLE_CLOSE_EXCEPTIONS 0x00400000
82 #define FLG_ENABLE_EXCEPTION_LOGGING 0x00800000
83 #define FLG_ENABLE_HANDLE_TYPE_TAGGING 0x01000000
84 #define FLG_HEAP_PAGE_ALLOCS 0x02000000
85 #define FLG_DEBUG_INITIAL_COMMAND_EX 0x04000000
86 #define FLG_VALID_BITS 0x07FFFFFF
87
88 //
89 // Flags for NtCreateProcessEx
90 //
91 #define PROCESS_CREATE_FLAGS_BREAKAWAY 0x00000001
92 #define PROCESS_CREATE_FLAGS_NO_DEBUG_INHERIT 0x00000002
93 #define PROCESS_CREATE_FLAGS_INHERIT_HANDLES 0x00000004
94 #define PROCESS_CREATE_FLAGS_OVERRIDE_ADDRESS_SPACE 0x00000008
95 #define PROCESS_CREATE_FLAGS_LARGE_PAGES 0x00000010
96 #define PROCESS_CREATE_FLAGS_ALL_LARGE_PAGE_FLAGS PROCESS_CREATE_FLAGS_LARGE_PAGES
97 #define PROCESS_CREATE_FLAGS_LEGAL_MASK (PROCESS_CREATE_FLAGS_BREAKAWAY | \
98 PROCESS_CREATE_FLAGS_NO_DEBUG_INHERIT | \
99 PROCESS_CREATE_FLAGS_INHERIT_HANDLES | \
100 PROCESS_CREATE_FLAGS_OVERRIDE_ADDRESS_SPACE | \
101 PROCESS_CREATE_FLAGS_ALL_LARGE_PAGE_FLAGS)
102
103 //
104 // Process priority classes
105 //
106 #define PROCESS_PRIORITY_CLASS_INVALID 0
107 #define PROCESS_PRIORITY_CLASS_IDLE 1
108 #define PROCESS_PRIORITY_CLASS_NORMAL 2
109 #define PROCESS_PRIORITY_CLASS_HIGH 3
110 #define PROCESS_PRIORITY_CLASS_REALTIME 4
111 #define PROCESS_PRIORITY_CLASS_BELOW_NORMAL 5
112 #define PROCESS_PRIORITY_CLASS_ABOVE_NORMAL 6
113
114 //
115 // Process base priorities
116 //
117 #define PROCESS_PRIORITY_IDLE 3
118 #define PROCESS_PRIORITY_NORMAL 8
119 #define PROCESS_PRIORITY_NORMAL_FOREGROUND 9
120
121 //
122 // Process memory priorities
123 //
124 #define MEMORY_PRIORITY_BACKGROUND 0
125 #define MEMORY_PRIORITY_UNKNOWN 1
126 #define MEMORY_PRIORITY_FOREGROUND 2
127
128 //
129 // Process Priority Separation Values (OR)
130 //
131 #define PSP_DEFAULT_QUANTUMS 0x00
132 #define PSP_VARIABLE_QUANTUMS 0x04
133 #define PSP_FIXED_QUANTUMS 0x08
134 #define PSP_LONG_QUANTUMS 0x10
135 #define PSP_SHORT_QUANTUMS 0x20
136
137 #ifndef NTOS_MODE_USER
138 //
139 // Thread Access Types
140 //
141 #define THREAD_QUERY_INFORMATION 0x0040
142 #define THREAD_SET_THREAD_TOKEN 0x0080
143 #define THREAD_IMPERSONATE 0x0100
144 #define THREAD_DIRECT_IMPERSONATION 0x0200
145
146 //
147 // Process Access Types
148 //
149 #define PROCESS_TERMINATE 0x0001
150 #define PROCESS_CREATE_THREAD 0x0002
151 #define PROCESS_SET_SESSIONID 0x0004
152 #define PROCESS_VM_OPERATION 0x0008
153 #define PROCESS_VM_READ 0x0010
154 #define PROCESS_VM_WRITE 0x0020
155 #define PROCESS_CREATE_PROCESS 0x0080
156 #define PROCESS_SET_QUOTA 0x0100
157 #define PROCESS_SET_INFORMATION 0x0200
158 #define PROCESS_QUERY_INFORMATION 0x0400
159 #define PROCESS_SUSPEND_RESUME 0x0800
160 #define PROCESS_QUERY_LIMITED_INFORMATION 0x1000
161 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
162 #define PROCESS_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | \
163 SYNCHRONIZE | \
164 0xFFFF)
165 #else
166 #define PROCESS_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | \
167 SYNCHRONIZE | \
168 0xFFF)
169 #endif
170
171 //
172 // Thread Base Priorities
173 //
174 #define THREAD_BASE_PRIORITY_LOWRT 15
175 #define THREAD_BASE_PRIORITY_MAX 2
176 #define THREAD_BASE_PRIORITY_MIN -2
177 #define THREAD_BASE_PRIORITY_IDLE -15
178
179 //
180 // TLS Slots
181 //
182 #define TLS_MINIMUM_AVAILABLE 64
183
184 //
185 // TEB Active Frame Flags
186 //
187 #define TEB_ACTIVE_FRAME_CONTEXT_FLAG_EXTENDED 0x1
188
189 //
190 // Job Access Types
191 //
192 #define JOB_OBJECT_ASSIGN_PROCESS 0x1
193 #define JOB_OBJECT_SET_ATTRIBUTES 0x2
194 #define JOB_OBJECT_QUERY 0x4
195 #define JOB_OBJECT_TERMINATE 0x8
196 #define JOB_OBJECT_SET_SECURITY_ATTRIBUTES 0x10
197 #define JOB_OBJECT_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | \
198 SYNCHRONIZE | \
199 31)
200
201 //
202 // Job Limit Flags
203 //
204 #define JOB_OBJECT_LIMIT_WORKINGSET 0x1
205 #define JOB_OBJECT_LIMIT_PROCESS_TIME 0x2
206 #define JOB_OBJECT_LIMIT_JOB_TIME 0x4
207 #define JOB_OBJECT_LIMIT_ACTIVE_PROCESS 0x8
208 #define JOB_OBJECT_LIMIT_AFFINITY 0x10
209 #define JOB_OBJECT_LIMIT_PRIORITY_CLASS 0x20
210 #define JOB_OBJECT_LIMIT_PRESERVE_JOB_TIME 0x40
211 #define JOB_OBJECT_LIMIT_SCHEDULING_CLASS 0x80
212 #define JOB_OBJECT_LIMIT_PROCESS_MEMORY 0x100
213 #define JOB_OBJECT_LIMIT_JOB_MEMORY 0x200
214 #define JOB_OBJECT_LIMIT_DIE_ON_UNHANDLED_EXCEPTION 0x400
215 #define JOB_OBJECT_LIMIT_BREAKAWAY_OK 0x800
216 #define JOB_OBJECT_LIMIT_SILENT_BREAKAWAY_OK 0x1000
217 #define JOB_OBJECT_LIMIT_KILL_ON_JOB_CLOSE 0x2000
218
219 //
220 // Cross Thread Flags
221 //
222 #define CT_TERMINATED_BIT 0x1
223 #define CT_DEAD_THREAD_BIT 0x2
224 #define CT_HIDE_FROM_DEBUGGER_BIT 0x4
225 #define CT_ACTIVE_IMPERSONATION_INFO_BIT 0x8
226 #define CT_SYSTEM_THREAD_BIT 0x10
227 #define CT_HARD_ERRORS_ARE_DISABLED_BIT 0x20
228 #define CT_BREAK_ON_TERMINATION_BIT 0x40
229 #define CT_SKIP_CREATION_MSG_BIT 0x80
230 #define CT_SKIP_TERMINATION_MSG_BIT 0x100
231
232 //
233 // Same Thread Passive Flags
234 //
235 #define STP_ACTIVE_EX_WORKER_BIT 0x1
236 #define STP_EX_WORKER_CAN_WAIT_USER_BIT 0x2
237 #define STP_MEMORY_MAKER_BIT 0x4
238 #define STP_KEYED_EVENT_IN_USE_BIT 0x8
239
240 //
241 // Same Thread APC Flags
242 //
243 #define STA_LPC_RECEIVED_MSG_ID_VALID_BIT 0x1
244 #define STA_LPC_EXIT_THREAD_CALLED_BIT 0x2
245 #define STA_ADDRESS_SPACE_OWNER_BIT 0x4
246 #define STA_OWNS_WORKING_SET_BITS 0x1F8
247
248 //
249 // Kernel Process flags (maybe in ketypes.h?)
250 //
251 #define KPSF_AUTO_ALIGNMENT_BIT 0
252 #define KPSF_DISABLE_BOOST_BIT 1
253
254 //
255 // Process Flags
256 //
257 #define PSF_CREATE_REPORTED_BIT 0x1
258 #define PSF_NO_DEBUG_INHERIT_BIT 0x2
259 #define PSF_PROCESS_EXITING_BIT 0x4
260 #define PSF_PROCESS_DELETE_BIT 0x8
261 #define PSF_WOW64_SPLIT_PAGES_BIT 0x10
262 #define PSF_VM_DELETED_BIT 0x20
263 #define PSF_OUTSWAP_ENABLED_BIT 0x40
264 #define PSF_OUTSWAPPED_BIT 0x80
265 #define PSF_FORK_FAILED_BIT 0x100
266 #define PSF_WOW64_VA_SPACE_4GB_BIT 0x200
267 #define PSF_ADDRESS_SPACE_INITIALIZED_BIT 0x400
268 #define PSF_SET_TIMER_RESOLUTION_BIT 0x1000
269 #define PSF_BREAK_ON_TERMINATION_BIT 0x2000
270 #define PSF_SESSION_CREATION_UNDERWAY_BIT 0x4000
271 #define PSF_WRITE_WATCH_BIT 0x8000
272 #define PSF_PROCESS_IN_SESSION_BIT 0x10000
273 #define PSF_OVERRIDE_ADDRESS_SPACE_BIT 0x20000
274 #define PSF_HAS_ADDRESS_SPACE_BIT 0x40000
275 #define PSF_LAUNCH_PREFETCHED_BIT 0x80000
276 #define PSF_INJECT_INPAGE_ERRORS_BIT 0x100000
277 #define PSF_VM_TOP_DOWN_BIT 0x200000
278 #define PSF_IMAGE_NOTIFY_DONE_BIT 0x400000
279 #define PSF_PDE_UPDATE_NEEDED_BIT 0x800000
280 #define PSF_VDM_ALLOWED_BIT 0x1000000
281 #define PSF_SWAP_ALLOWED_BIT 0x2000000
282 #define PSF_CREATE_FAILED_BIT 0x4000000
283 #define PSF_DEFAULT_IO_PRIORITY_BIT 0x8000000
284
285 //
286 // Vista Process Flags
287 //
288 #define PSF2_PROTECTED_BIT 0x800
289 #endif
290
291 //
292 // TLS/FLS Defines
293 //
294 #define TLS_EXPANSION_SLOTS 1024
295
296 #ifdef NTOS_MODE_USER
297 //
298 // Thread Native Base Priorities
299 //
300 #define LOW_PRIORITY 0
301 #define LOW_REALTIME_PRIORITY 16
302 #define HIGH_PRIORITY 31
303 #define MAXIMUM_PRIORITY 32
304
305 //
306 // Current Process/Thread built-in 'special' handles
307 //
308 #define NtCurrentProcess() ((HANDLE)(LONG_PTR)-1)
309 #define ZwCurrentProcess() NtCurrentProcess()
310 #define NtCurrentThread() ((HANDLE)(LONG_PTR)-2)
311 #define ZwCurrentThread() NtCurrentThread()
312
313 //
314 // Process/Thread/Job Information Classes for NtQueryInformationProcess/Thread/Job
315 //
316 typedef enum _PROCESSINFOCLASS
317 {
318 ProcessBasicInformation,
319 ProcessQuotaLimits,
320 ProcessIoCounters,
321 ProcessVmCounters,
322 ProcessTimes,
323 ProcessBasePriority,
324 ProcessRaisePriority,
325 ProcessDebugPort,
326 ProcessExceptionPort,
327 ProcessAccessToken,
328 ProcessLdtInformation,
329 ProcessLdtSize,
330 ProcessDefaultHardErrorMode,
331 ProcessIoPortHandlers,
332 ProcessPooledUsageAndLimits,
333 ProcessWorkingSetWatch,
334 ProcessUserModeIOPL,
335 ProcessEnableAlignmentFaultFixup,
336 ProcessPriorityClass,
337 ProcessWx86Information,
338 ProcessHandleCount,
339 ProcessAffinityMask,
340 ProcessPriorityBoost,
341 ProcessDeviceMap,
342 ProcessSessionInformation,
343 ProcessForegroundInformation,
344 ProcessWow64Information,
345 ProcessImageFileName,
346 ProcessLUIDDeviceMapsEnabled,
347 ProcessBreakOnTermination,
348 ProcessDebugObjectHandle,
349 ProcessDebugFlags,
350 ProcessHandleTracing,
351 ProcessIoPriority,
352 ProcessExecuteFlags,
353 ProcessTlsInformation,
354 ProcessCookie,
355 ProcessImageInformation,
356 ProcessCycleTime,
357 ProcessPagePriority,
358 ProcessInstrumentationCallback,
359 ProcessThreadStackAllocation,
360 ProcessWorkingSetWatchEx,
361 ProcessImageFileNameWin32,
362 ProcessImageFileMapping,
363 ProcessAffinityUpdateMode,
364 ProcessMemoryAllocationMode,
365 MaxProcessInfoClass
366 } PROCESSINFOCLASS;
367
368 typedef enum _THREADINFOCLASS
369 {
370 ThreadBasicInformation,
371 ThreadTimes,
372 ThreadPriority,
373 ThreadBasePriority,
374 ThreadAffinityMask,
375 ThreadImpersonationToken,
376 ThreadDescriptorTableEntry,
377 ThreadEnableAlignmentFaultFixup,
378 ThreadEventPair_Reusable,
379 ThreadQuerySetWin32StartAddress,
380 ThreadZeroTlsCell,
381 ThreadPerformanceCount,
382 ThreadAmILastThread,
383 ThreadIdealProcessor,
384 ThreadPriorityBoost,
385 ThreadSetTlsArrayAddress,
386 ThreadIsIoPending,
387 ThreadHideFromDebugger,
388 ThreadBreakOnTermination,
389 ThreadSwitchLegacyState,
390 ThreadIsTerminated,
391 ThreadLastSystemCall,
392 ThreadIoPriority,
393 ThreadCycleTime,
394 ThreadPagePriority,
395 ThreadActualBasePriority,
396 ThreadTebInformation,
397 ThreadCSwitchMon,
398 MaxThreadInfoClass
399 } THREADINFOCLASS;
400
401 #else
402
403 typedef enum _PSPROCESSPRIORITYMODE
404 {
405 PsProcessPriorityForeground,
406 PsProcessPriorityBackground,
407 PsProcessPrioritySpinning
408 } PSPROCESSPRIORITYMODE;
409
410 typedef enum _JOBOBJECTINFOCLASS
411 {
412 JobObjectBasicAccountingInformation = 1,
413 JobObjectBasicLimitInformation,
414 JobObjectBasicProcessIdList,
415 JobObjectBasicUIRestrictions,
416 JobObjectSecurityLimitInformation,
417 JobObjectEndOfJobTimeInformation,
418 JobObjectAssociateCompletionPortInformation,
419 JobObjectBasicAndIoAccountingInformation,
420 JobObjectExtendedLimitInformation,
421 JobObjectJobSetInformation,
422 MaxJobObjectInfoClass
423 } JOBOBJECTINFOCLASS;
424
425 //
426 // Power Event Events for Win32K Power Event Callback
427 //
428 typedef enum _PSPOWEREVENTTYPE
429 {
430 PsW32FullWake = 0,
431 PsW32EventCode = 1,
432 PsW32PowerPolicyChanged = 2,
433 PsW32SystemPowerState = 3,
434 PsW32SystemTime = 4,
435 PsW32DisplayState = 5,
436 PsW32CapabilitiesChanged = 6,
437 PsW32SetStateFailed = 7,
438 PsW32GdiOff = 8,
439 PsW32GdiOn = 9,
440 PsW32GdiPrepareResumeUI = 10,
441 PsW32GdiOffRequest = 11,
442 PsW32MonitorOff = 12,
443 } PSPOWEREVENTTYPE;
444
445 //
446 // Power State Tasks for Win32K Power State Callback
447 //
448 typedef enum _POWERSTATETASK
449 {
450 PowerState_BlockSessionSwitch = 0,
451 PowerState_Init = 1,
452 PowerState_QueryApps = 2,
453 PowerState_QueryServices = 3,
454 PowerState_QueryAppsFailed = 4,
455 PowerState_QueryServicesFailed = 5,
456 PowerState_SuspendApps = 6,
457 PowerState_SuspendServices = 7,
458 PowerState_ShowUI = 8,
459 PowerState_NotifyWL = 9,
460 PowerState_ResumeApps = 10,
461 PowerState_ResumeServices = 11,
462 PowerState_UnBlockSessionSwitch = 12,
463 PowerState_End = 13,
464 PowerState_BlockInput = 14,
465 PowerState_UnblockInput = 15,
466 } POWERSTATETASK;
467
468 //
469 // Win32K Job Callback Types
470 //
471 typedef enum _PSW32JOBCALLOUTTYPE
472 {
473 PsW32JobCalloutSetInformation = 0,
474 PsW32JobCalloutAddProcess = 1,
475 PsW32JobCalloutTerminate = 2,
476 } PSW32JOBCALLOUTTYPE;
477
478 //
479 // Win32K Thread Callback Types
480 //
481 typedef enum _PSW32THREADCALLOUTTYPE
482 {
483 PsW32ThreadCalloutInitialize,
484 PsW32ThreadCalloutExit,
485 } PSW32THREADCALLOUTTYPE;
486
487 //
488 // Declare empty structure definitions so that they may be referenced by
489 // routines before they are defined
490 //
491 struct _W32THREAD;
492 struct _W32PROCESS;
493 //struct _ETHREAD;
494 struct _WIN32_POWEREVENT_PARAMETERS;
495 struct _WIN32_POWERSTATE_PARAMETERS;
496 struct _WIN32_JOBCALLOUT_PARAMETERS;
497 struct _WIN32_OPENMETHOD_PARAMETERS;
498 struct _WIN32_OKAYTOCLOSEMETHOD_PARAMETERS;
499 struct _WIN32_CLOSEMETHOD_PARAMETERS;
500 struct _WIN32_DELETEMETHOD_PARAMETERS;
501 struct _WIN32_PARSEMETHOD_PARAMETERS;
502
503 //
504 // Win32K Process and Thread Callbacks
505 //
506 typedef
507 NTSTATUS
508 (NTAPI *PKWIN32_PROCESS_CALLOUT)(
509 _In_ struct _EPROCESS *Process,
510 _In_ BOOLEAN Create
511 );
512
513 typedef
514 NTSTATUS
515 (NTAPI *PKWIN32_THREAD_CALLOUT)(
516 _In_ struct _ETHREAD *Thread,
517 _In_ PSW32THREADCALLOUTTYPE Type
518 );
519
520 typedef
521 NTSTATUS
522 (NTAPI *PKWIN32_GLOBALATOMTABLE_CALLOUT)(
523 VOID
524 );
525
526 typedef
527 NTSTATUS
528 (NTAPI *PKWIN32_POWEREVENT_CALLOUT)(
529 _In_ struct _WIN32_POWEREVENT_PARAMETERS *Parameters
530 );
531
532 typedef
533 NTSTATUS
534 (NTAPI *PKWIN32_POWERSTATE_CALLOUT)(
535 _In_ struct _WIN32_POWERSTATE_PARAMETERS *Parameters
536 );
537
538 typedef
539 NTSTATUS
540 (NTAPI *PKWIN32_JOB_CALLOUT)(
541 _In_ struct _WIN32_JOBCALLOUT_PARAMETERS *Parameters
542 );
543
544 typedef
545 NTSTATUS
546 (NTAPI *PGDI_BATCHFLUSH_ROUTINE)(
547 VOID
548 );
549
550 typedef
551 NTSTATUS
552 (NTAPI *PKWIN32_OPENMETHOD_CALLOUT)(
553 _In_ struct _WIN32_OPENMETHOD_PARAMETERS *Parameters
554 );
555
556 typedef
557 NTSTATUS
558 (NTAPI *PKWIN32_OKTOCLOSEMETHOD_CALLOUT)(
559 _In_ struct _WIN32_OKAYTOCLOSEMETHOD_PARAMETERS *Parameters
560 );
561
562 typedef
563 NTSTATUS
564 (NTAPI *PKWIN32_CLOSEMETHOD_CALLOUT)(
565 _In_ struct _WIN32_CLOSEMETHOD_PARAMETERS *Parameters
566 );
567
568 typedef
569 NTSTATUS
570 (NTAPI *PKWIN32_DELETEMETHOD_CALLOUT)(
571 _In_ struct _WIN32_DELETEMETHOD_PARAMETERS *Parameters
572 );
573
574 typedef
575 NTSTATUS
576 (NTAPI *PKWIN32_PARSEMETHOD_CALLOUT)(
577 _In_ struct _WIN32_PARSEMETHOD_PARAMETERS *Parameters
578 );
579
580 typedef
581 NTSTATUS
582 (NTAPI *PKWIN32_SESSION_CALLOUT)(
583 _In_ PVOID Parameter
584 );
585
586 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
587 typedef
588 NTSTATUS
589 (NTAPI *PKWIN32_WIN32DATACOLLECTION_CALLOUT)(
590 _In_ struct _EPROCESS *Process,
591 _In_ PVOID Callback,
592 _In_ PVOID Context
593 );
594 #endif
595
596 //
597 // Lego Callback
598 //
599 typedef
600 VOID
601 (NTAPI *PLEGO_NOTIFY_ROUTINE)(
602 _In_ PKTHREAD Thread
603 );
604
605 #endif
606
607 typedef NTSTATUS
608 (NTAPI *PPOST_PROCESS_INIT_ROUTINE)(
609 VOID
610 );
611
612 //
613 // Descriptor Table Entry Definition
614 //
615 #if (_M_IX86)
616 #define _DESCRIPTOR_TABLE_ENTRY_DEFINED
617 typedef struct _DESCRIPTOR_TABLE_ENTRY
618 {
619 ULONG Selector;
620 LDT_ENTRY Descriptor;
621 } DESCRIPTOR_TABLE_ENTRY, *PDESCRIPTOR_TABLE_ENTRY;
622 #endif
623
624 //
625 // PEB Lock Routine
626 //
627 typedef VOID
628 (NTAPI *PPEBLOCKROUTINE)(
629 PVOID PebLock
630 );
631
632 //
633 // PEB Free Block Descriptor
634 //
635 typedef struct _PEB_FREE_BLOCK
636 {
637 struct _PEB_FREE_BLOCK* Next;
638 ULONG Size;
639 } PEB_FREE_BLOCK, *PPEB_FREE_BLOCK;
640
641 //
642 // Initial PEB
643 //
644 typedef struct _INITIAL_PEB
645 {
646 BOOLEAN InheritedAddressSpace;
647 BOOLEAN ReadImageFileExecOptions;
648 BOOLEAN BeingDebugged;
649 union
650 {
651 BOOLEAN BitField;
652 #if (NTDDI_VERSION >= NTDDI_WS03)
653 struct
654 {
655 BOOLEAN ImageUsesLargePages:1;
656 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
657 BOOLEAN IsProtectedProcess:1;
658 BOOLEAN IsLegacyProcess:1;
659 BOOLEAN SpareBits:5;
660 #else
661 BOOLEAN SpareBits:7;
662 #endif
663 };
664 #else
665 BOOLEAN SpareBool;
666 #endif
667 };
668 HANDLE Mutant;
669 } INITIAL_PEB, *PINITIAL_PEB;
670
671 //
672 // Initial TEB
673 //
674 typedef struct _INITIAL_TEB
675 {
676 PVOID PreviousStackBase;
677 PVOID PreviousStackLimit;
678 PVOID StackBase;
679 PVOID StackLimit;
680 PVOID AllocatedStackBase;
681 } INITIAL_TEB, *PINITIAL_TEB;
682
683 //
684 // TEB Active Frame Structures
685 //
686 typedef struct _TEB_ACTIVE_FRAME_CONTEXT
687 {
688 ULONG Flags;
689 LPSTR FrameName;
690 } TEB_ACTIVE_FRAME_CONTEXT, *PTEB_ACTIVE_FRAME_CONTEXT;
691 typedef const struct _TEB_ACTIVE_FRAME_CONTEXT *PCTEB_ACTIVE_FRAME_CONTEXT;
692
693 typedef struct _TEB_ACTIVE_FRAME_CONTEXT_EX
694 {
695 TEB_ACTIVE_FRAME_CONTEXT BasicContext;
696 PCSTR SourceLocation;
697 } TEB_ACTIVE_FRAME_CONTEXT_EX, *PTEB_ACTIVE_FRAME_CONTEXT_EX;
698 typedef const struct _TEB_ACTIVE_FRAME_CONTEXT_EX *PCTEB_ACTIVE_FRAME_CONTEXT_EX;
699
700 typedef struct _TEB_ACTIVE_FRAME
701 {
702 ULONG Flags;
703 struct _TEB_ACTIVE_FRAME *Previous;
704 PCTEB_ACTIVE_FRAME_CONTEXT Context;
705 } TEB_ACTIVE_FRAME, *PTEB_ACTIVE_FRAME;
706 typedef const struct _TEB_ACTIVE_FRAME *PCTEB_ACTIVE_FRAME;
707
708 typedef struct _TEB_ACTIVE_FRAME_EX
709 {
710 TEB_ACTIVE_FRAME BasicFrame;
711 PVOID ExtensionIdentifier;
712 } TEB_ACTIVE_FRAME_EX, *PTEB_ACTIVE_FRAME_EX;
713 typedef const struct _TEB_ACTIVE_FRAME_EX *PCTEB_ACTIVE_FRAME_EX;
714
715 typedef struct _CLIENT_ID32
716 {
717 ULONG UniqueProcess;
718 ULONG UniqueThread;
719 } CLIENT_ID32, *PCLIENT_ID32;
720
721 typedef struct _CLIENT_ID64
722 {
723 ULONG64 UniqueProcess;
724 ULONG64 UniqueThread;
725 } CLIENT_ID64, *PCLIENT_ID64;
726
727 #if (NTDDI_VERSION < NTDDI_WS03)
728 typedef struct _Wx86ThreadState
729 {
730 PULONG CallBx86Eip;
731 PVOID DeallocationCpu;
732 BOOLEAN UseKnownWx86Dll;
733 CHAR OleStubInvoked;
734 } Wx86ThreadState, *PWx86ThreadState;
735 #endif
736
737 //
738 // PEB.AppCompatFlags
739 // Tag FLAG_MASK_KERNEL
740 //
741 typedef enum _APPCOMPAT_FLAGS
742 {
743 GetShortPathNameNT4 = 0x1,
744 GetDiskFreeSpace2GB = 0x8,
745 FTMFromCurrentAPI = 0x20,
746 DisallowCOMBindingNotifications = 0x40,
747 Ole32ValidatePointers = 0x80,
748 DisableCicero = 0x100,
749 Ole32EnableAsyncDocFile = 0x200,
750 EnableLegacyExceptionHandlinginOLE = 0x400,
751 DisableAdvanceRPCClientHardening = 0x800,
752 DisableMaybeNULLSizeisConsistencycheck = 0x1000,
753 DisableAdvancedRPCrangeCheck = 0x4000,
754 EnableLegacyExceptionHandlingInRPC = 0x8000,
755 EnableLegacyNTFSFlagsForDocfileOpens = 0x10000,
756 DisableNDRIIDConsistencyCheck = 0x20000,
757 UserDisableForwarderPatch = 0x40000,
758 DisableNewWMPAINTDispatchInOLE = 0x100000,
759 DoNotAddToCache = 0x80000000,
760 } APPCOMPAT_FLAGS;
761
762
763 //
764 // PEB.AppCompatFlagsUser.LowPart
765 // Tag FLAG_MASK_USER
766 //
767 typedef enum _APPCOMPAT_USERFLAGS
768 {
769 DisableAnimation = 0x1,
770 DisableKeyboardCues = 0x2,
771 No50StylebitsInSetWindowLong = 0x4,
772 DisableDrawPatternRect = 0x8,
773 MSShellDialog = 0x10,
774 NoDDETerminateDuringDestroy = 0x20,
775 GiveupForeground = 0x40,
776 AlwaysActiveMenus = 0x80,
777 NoMouseHideInEdit = 0x100,
778 NoGdiBatching = 0x200,
779 FontSubstitution = 0x400,
780 No50StylebitsInCreateWindow = 0x800,
781 NoCustomPaperSizes = 0x1000,
782 AllTheDdeHacks = 0x2000,
783 UseDefaultCharset = 0x4000,
784 NoCharDeadKey = 0x8000,
785 NoTryExceptForWindowProc = 0x10000,
786 NoInitInsertReplaceFlags = 0x20000,
787 NoDdeSync = 0x40000,
788 NoGhost = 0x80000,
789 NoDdeAsyncReg = 0x100000,
790 StrictLLHook = 0x200000,
791 NoShadow = 0x400000,
792 NoTimerCallbackProtection = 0x1000000,
793 HighDpiAware = 0x2000000,
794 OpenGLEmfAware = 0x4000000,
795 EnableTransparantBltMirror = 0x8000000,
796 NoPaddedBorder = 0x10000000,
797 ForceLegacyResizeCM = 0x20000000,
798 HardwareAudioMixer = 0x40000000,
799 DisableSWCursorOnMoveSize = 0x80000000,
800 #if 0
801 DisableWindowArrangement = 0x100000000,
802 ReorderWaveForCommunications = 0x200000000,
803 NoGdiHwAcceleration = 0x400000000,
804 #endif
805 } APPCOMPAT_USERFLAGS;
806
807 //
808 // PEB.AppCompatFlagsUser.HighPart
809 // Tag FLAG_MASK_USER
810 //
811 typedef enum _APPCOMPAT_USERFLAGS_HIGHPART
812 {
813 DisableWindowArrangement = 0x1,
814 ReorderWaveForCommunications = 0x2,
815 NoGdiHwAcceleration = 0x4,
816 } APPCOMPAT_USERFLAGS_HIGHPART;
817
818 //
819 // Process Environment Block (PEB)
820 // Thread Environment Block (TEB)
821 //
822 #include "peb_teb.h"
823
824 #ifdef _WIN64
825 //
826 // Explicit 32 bit PEB/TEB
827 //
828 #define EXPLICIT_32BIT
829 #include "peb_teb.h"
830 #undef EXPLICIT_32BIT
831
832 //
833 // Explicit 64 bit PEB/TEB
834 //
835 #define EXPLICIT_64BIT
836 #include "peb_teb.h"
837 #undef EXPLICIT_64BIT
838 #endif
839
840 #ifdef NTOS_MODE_USER
841
842 //
843 // Process Information Structures for NtQueryProcessInformation
844 //
845 typedef struct _PROCESS_BASIC_INFORMATION
846 {
847 NTSTATUS ExitStatus;
848 PPEB PebBaseAddress;
849 ULONG_PTR AffinityMask;
850 KPRIORITY BasePriority;
851 ULONG_PTR UniqueProcessId;
852 ULONG_PTR InheritedFromUniqueProcessId;
853 } PROCESS_BASIC_INFORMATION, *PPROCESS_BASIC_INFORMATION;
854
855 typedef struct _PROCESS_ACCESS_TOKEN
856 {
857 HANDLE Token;
858 HANDLE Thread;
859 } PROCESS_ACCESS_TOKEN, *PPROCESS_ACCESS_TOKEN;
860
861 typedef struct _PROCESS_DEVICEMAP_INFORMATION
862 {
863 union
864 {
865 struct
866 {
867 HANDLE DirectoryHandle;
868 } Set;
869 struct
870 {
871 ULONG DriveMap;
872 UCHAR DriveType[32];
873 } Query;
874 };
875 } PROCESS_DEVICEMAP_INFORMATION, *PPROCESS_DEVICEMAP_INFORMATION;
876
877 typedef struct _KERNEL_USER_TIMES
878 {
879 LARGE_INTEGER CreateTime;
880 LARGE_INTEGER ExitTime;
881 LARGE_INTEGER KernelTime;
882 LARGE_INTEGER UserTime;
883 } KERNEL_USER_TIMES, *PKERNEL_USER_TIMES;
884
885 typedef struct _POOLED_USAGE_AND_LIMITS
886 {
887 SIZE_T PeakPagedPoolUsage;
888 SIZE_T PagedPoolUsage;
889 SIZE_T PagedPoolLimit;
890 SIZE_T PeakNonPagedPoolUsage;
891 SIZE_T NonPagedPoolUsage;
892 SIZE_T NonPagedPoolLimit;
893 SIZE_T PeakPagefileUsage;
894 SIZE_T PagefileUsage;
895 SIZE_T PagefileLimit;
896 } POOLED_USAGE_AND_LIMITS, *PPOOLED_USAGE_AND_LIMITS;
897
898 typedef struct _PROCESS_SESSION_INFORMATION
899 {
900 ULONG SessionId;
901 } PROCESS_SESSION_INFORMATION, *PPROCESS_SESSION_INFORMATION;
902
903 #endif
904
905 typedef struct _PROCESS_PRIORITY_CLASS
906 {
907 BOOLEAN Foreground;
908 UCHAR PriorityClass;
909 } PROCESS_PRIORITY_CLASS, *PPROCESS_PRIORITY_CLASS;
910
911 typedef struct _PROCESS_FOREGROUND_BACKGROUND
912 {
913 BOOLEAN Foreground;
914 } PROCESS_FOREGROUND_BACKGROUND, *PPROCESS_FOREGROUND_BACKGROUND;
915
916 //
917 // Apphelp SHIM Cache
918 //
919 typedef enum _APPHELPCACHESERVICECLASS
920 {
921 ApphelpCacheServiceLookup = 0,
922 ApphelpCacheServiceRemove = 1,
923 ApphelpCacheServiceUpdate = 2,
924 ApphelpCacheServiceFlush = 3,
925 ApphelpCacheServiceDump = 4,
926
927 ApphelpDBGReadRegistry = 0x100,
928 ApphelpDBGWriteRegistry = 0x101,
929 } APPHELPCACHESERVICECLASS;
930
931
932 typedef struct _APPHELP_CACHE_SERVICE_LOOKUP
933 {
934 UNICODE_STRING ImageName;
935 HANDLE ImageHandle;
936 } APPHELP_CACHE_SERVICE_LOOKUP, *PAPPHELP_CACHE_SERVICE_LOOKUP;
937
938
939 //
940 // Thread Information Structures for NtQueryProcessInformation
941 //
942 typedef struct _THREAD_BASIC_INFORMATION
943 {
944 NTSTATUS ExitStatus;
945 PVOID TebBaseAddress;
946 CLIENT_ID ClientId;
947 KAFFINITY AffinityMask;
948 KPRIORITY Priority;
949 KPRIORITY BasePriority;
950 } THREAD_BASIC_INFORMATION, *PTHREAD_BASIC_INFORMATION;
951
952 #ifndef NTOS_MODE_USER
953
954 //
955 // Job Set Array
956 //
957 typedef struct _JOB_SET_ARRAY
958 {
959 HANDLE JobHandle;
960 ULONG MemberLevel;
961 ULONG Flags;
962 } JOB_SET_ARRAY, *PJOB_SET_ARRAY;
963
964 //
965 // EPROCESS Quota Structures
966 //
967 typedef struct _EPROCESS_QUOTA_ENTRY
968 {
969 SIZE_T Usage;
970 SIZE_T Limit;
971 SIZE_T Peak;
972 SIZE_T Return;
973 } EPROCESS_QUOTA_ENTRY, *PEPROCESS_QUOTA_ENTRY;
974
975 typedef struct _EPROCESS_QUOTA_BLOCK
976 {
977 EPROCESS_QUOTA_ENTRY QuotaEntry[3];
978 LIST_ENTRY QuotaList;
979 ULONG ReferenceCount;
980 ULONG ProcessCount;
981 } EPROCESS_QUOTA_BLOCK, *PEPROCESS_QUOTA_BLOCK;
982
983 //
984 // Process Pagefault History
985 //
986 typedef struct _PAGEFAULT_HISTORY
987 {
988 ULONG CurrentIndex;
989 ULONG MapIndex;
990 KSPIN_LOCK SpinLock;
991 PVOID Reserved;
992 PROCESS_WS_WATCH_INFORMATION WatchInfo[1];
993 } PAGEFAULT_HISTORY, *PPAGEFAULT_HISTORY;
994
995 //
996 // Process Impersonation Information
997 //
998 typedef struct _PS_IMPERSONATION_INFORMATION
999 {
1000 PACCESS_TOKEN Token;
1001 BOOLEAN CopyOnOpen;
1002 BOOLEAN EffectiveOnly;
1003 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
1004 } PS_IMPERSONATION_INFORMATION, *PPS_IMPERSONATION_INFORMATION;
1005
1006 //
1007 // Process Termination Port
1008 //
1009 typedef struct _TERMINATION_PORT
1010 {
1011 struct _TERMINATION_PORT *Next;
1012 PVOID Port;
1013 } TERMINATION_PORT, *PTERMINATION_PORT;
1014
1015 //
1016 // Per-Process APC Rate Limiting
1017 //
1018 typedef struct _PSP_RATE_APC
1019 {
1020 union
1021 {
1022 SINGLE_LIST_ENTRY NextApc;
1023 ULONGLONG ExcessCycles;
1024 };
1025 ULONGLONG TargetGEneration;
1026 KAPC RateApc;
1027 } PSP_RATE_APC, *PPSP_RATE_APC;
1028
1029 //
1030 // Executive Thread (ETHREAD)
1031 //
1032 typedef struct _ETHREAD
1033 {
1034 KTHREAD Tcb;
1035 LARGE_INTEGER CreateTime;
1036 union
1037 {
1038 LARGE_INTEGER ExitTime;
1039 LIST_ENTRY LpcReplyChain;
1040 LIST_ENTRY KeyedWaitChain;
1041 };
1042 union
1043 {
1044 NTSTATUS ExitStatus;
1045 PVOID OfsChain;
1046 };
1047 LIST_ENTRY PostBlockList;
1048 union
1049 {
1050 struct _TERMINATION_PORT *TerminationPort;
1051 struct _ETHREAD *ReaperLink;
1052 PVOID KeyedWaitValue;
1053 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1054 PVOID Win32StartParameter;
1055 #endif
1056 };
1057 KSPIN_LOCK ActiveTimerListLock;
1058 LIST_ENTRY ActiveTimerListHead;
1059 CLIENT_ID Cid;
1060 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1061 KSEMAPHORE KeyedWaitSemaphore;
1062 #else
1063 union
1064 {
1065 KSEMAPHORE LpcReplySemaphore;
1066 KSEMAPHORE KeyedWaitSemaphore;
1067 };
1068 union
1069 {
1070 PVOID LpcReplyMessage;
1071 PVOID LpcWaitingOnPort;
1072 };
1073 #endif
1074 PPS_IMPERSONATION_INFORMATION ImpersonationInfo;
1075 LIST_ENTRY IrpList;
1076 ULONG_PTR TopLevelIrp;
1077 PDEVICE_OBJECT DeviceToVerify;
1078 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1079 PPSP_RATE_APC RateControlApc;
1080 #else
1081 struct _EPROCESS *ThreadsProcess;
1082 #endif
1083 PVOID Win32StartAddress;
1084 union
1085 {
1086 PKSTART_ROUTINE StartAddress;
1087 ULONG LpcReceivedMessageId;
1088 };
1089 LIST_ENTRY ThreadListEntry;
1090 EX_RUNDOWN_REF RundownProtect;
1091 EX_PUSH_LOCK ThreadLock;
1092 #if (NTDDI_VERSION < NTDDI_LONGHORN)
1093 ULONG LpcReplyMessageId;
1094 #endif
1095 ULONG ReadClusterSize;
1096 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1097 ULONG SpareUlong0;
1098 #else
1099 ACCESS_MASK GrantedAccess;
1100 #endif
1101 union
1102 {
1103 struct
1104 {
1105 ULONG Terminated:1;
1106 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1107 ULONG ThreadInserted:1;
1108 #else
1109 ULONG DeadThread:1;
1110 #endif
1111 ULONG HideFromDebugger:1;
1112 ULONG ActiveImpersonationInfo:1;
1113 ULONG SystemThread:1;
1114 ULONG HardErrorsAreDisabled:1;
1115 ULONG BreakOnTermination:1;
1116 ULONG SkipCreationMsg:1;
1117 ULONG SkipTerminationMsg:1;
1118 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1119 ULONG CreateMsgSent:1;
1120 ULONG ThreadIoPriority:3;
1121 ULONG ThreadPagePriority:3;
1122 ULONG PendingRatecontrol:1;
1123 #endif
1124 };
1125 ULONG CrossThreadFlags;
1126 };
1127 union
1128 {
1129 struct
1130 {
1131 ULONG ActiveExWorker:1;
1132 ULONG ExWorkerCanWaitUser:1;
1133 ULONG MemoryMaker:1;
1134 ULONG KeyedEventInUse:1;
1135 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1136 ULONG RateApcState:2;
1137 #endif
1138 };
1139 ULONG SameThreadPassiveFlags;
1140 };
1141 union
1142 {
1143 struct
1144 {
1145 ULONG LpcReceivedMsgIdValid:1;
1146 ULONG LpcExitThreadCalled:1;
1147 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1148 ULONG Spare:1;
1149 #else
1150 ULONG AddressSpaceOwner:1;
1151 #endif
1152 ULONG OwnsProcessWorkingSetExclusive:1;
1153 ULONG OwnsProcessWorkingSetShared:1;
1154 ULONG OwnsSystemWorkingSetExclusive:1;
1155 ULONG OwnsSystemWorkingSetShared:1;
1156 ULONG OwnsSessionWorkingSetExclusive:1;
1157 ULONG OwnsSessionWorkingSetShared:1;
1158 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1159 ULONG SuppressSymbolLoad:1;
1160 ULONG Spare1:3;
1161 ULONG PriorityRegionActive:4;
1162 #else
1163 ULONG ApcNeeded:1;
1164 #endif
1165 };
1166 ULONG SameThreadApcFlags;
1167 };
1168 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1169 UCHAR CacheManagerActive;
1170 #else
1171 UCHAR ForwardClusterOnly;
1172 #endif
1173 UCHAR DisablePageFaultClustering;
1174 UCHAR ActiveFaultCount;
1175 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1176 ULONG AlpcMessageId;
1177 union
1178 {
1179 PVOID AlpcMessage;
1180 ULONG AlpcReceiveAttributeSet;
1181 };
1182 LIST_ENTRY AlpcWaitListEntry;
1183 KSEMAPHORE AlpcWaitSemaphore;
1184 ULONG CacheManagerCount;
1185 #endif
1186 } ETHREAD;
1187
1188 //
1189 // Executive Process (EPROCESS)
1190 //
1191 typedef struct _EPROCESS
1192 {
1193 KPROCESS Pcb;
1194 EX_PUSH_LOCK ProcessLock;
1195 LARGE_INTEGER CreateTime;
1196 LARGE_INTEGER ExitTime;
1197 EX_RUNDOWN_REF RundownProtect;
1198 HANDLE UniqueProcessId;
1199 LIST_ENTRY ActiveProcessLinks;
1200 SIZE_T QuotaUsage[3]; /* 0=PagedPool, 1=NonPagedPool, 2=Pagefile */
1201 SIZE_T QuotaPeak[3]; /* ditto */
1202 SIZE_T CommitCharge;
1203 SIZE_T PeakVirtualSize;
1204 SIZE_T VirtualSize;
1205 LIST_ENTRY SessionProcessLinks;
1206 PVOID DebugPort;
1207 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1208 union
1209 {
1210 PVOID ExceptionPortData;
1211 ULONG ExceptionPortValue;
1212 UCHAR ExceptionPortState:3;
1213 };
1214 #else
1215 PVOID ExceptionPort;
1216 #endif
1217 PHANDLE_TABLE ObjectTable;
1218 EX_FAST_REF Token;
1219 PFN_NUMBER WorkingSetPage;
1220 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1221 EX_PUSH_LOCK AddressCreationLock;
1222 PETHREAD RotateInProgress;
1223 #else
1224 KGUARDED_MUTEX AddressCreationLock;
1225 KSPIN_LOCK HyperSpaceLock;
1226 #endif
1227 PETHREAD ForkInProgress;
1228 ULONG_PTR HardwareTrigger;
1229 PMM_AVL_TABLE PhysicalVadRoot;
1230 PVOID CloneRoot;
1231 PFN_NUMBER NumberOfPrivatePages;
1232 PFN_NUMBER NumberOfLockedPages;
1233 PVOID *Win32Process;
1234 struct _EJOB *Job;
1235 PVOID SectionObject;
1236 PVOID SectionBaseAddress;
1237 PEPROCESS_QUOTA_BLOCK QuotaBlock;
1238 PPAGEFAULT_HISTORY WorkingSetWatch;
1239 PVOID Win32WindowStation;
1240 HANDLE InheritedFromUniqueProcessId;
1241 PVOID LdtInformation;
1242 PVOID VadFreeHint;
1243 PVOID VdmObjects;
1244 PVOID DeviceMap;
1245 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1246 PVOID EtwDataSource;
1247 PVOID FreeTebHint;
1248 #else
1249 PVOID Spare0[3];
1250 #endif
1251 union
1252 {
1253 HARDWARE_PTE PageDirectoryPte;
1254 ULONGLONG Filler;
1255 };
1256 PVOID Session;
1257 CHAR ImageFileName[16];
1258 LIST_ENTRY JobLinks;
1259 PVOID LockedPagesList;
1260 LIST_ENTRY ThreadListHead;
1261 PVOID SecurityPort;
1262 #ifdef _M_AMD64
1263 struct _WOW64_PROCESS *Wow64Process;
1264 #else
1265 PVOID PaeTop;
1266 #endif
1267 ULONG ActiveThreads;
1268 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1269 ULONG ImagePathHash;
1270 #else
1271 ACCESS_MASK GrantedAccess;
1272 #endif
1273 ULONG DefaultHardErrorProcessing;
1274 NTSTATUS LastThreadExitStatus;
1275 struct _PEB* Peb;
1276 EX_FAST_REF PrefetchTrace;
1277 LARGE_INTEGER ReadOperationCount;
1278 LARGE_INTEGER WriteOperationCount;
1279 LARGE_INTEGER OtherOperationCount;
1280 LARGE_INTEGER ReadTransferCount;
1281 LARGE_INTEGER WriteTransferCount;
1282 LARGE_INTEGER OtherTransferCount;
1283 SIZE_T CommitChargeLimit;
1284 SIZE_T CommitChargePeak;
1285 PVOID AweInfo;
1286 SE_AUDIT_PROCESS_CREATION_INFO SeAuditProcessCreationInfo;
1287 MMSUPPORT Vm;
1288 #ifdef _M_AMD64
1289 ULONG Spares[2];
1290 #else
1291 LIST_ENTRY MmProcessLinks;
1292 #endif
1293 ULONG ModifiedPageCount;
1294 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1295 union
1296 {
1297 struct
1298 {
1299 ULONG JobNotReallyActive:1;
1300 ULONG AccountingFolded:1;
1301 ULONG NewProcessReported:1;
1302 ULONG ExitProcessReported:1;
1303 ULONG ReportCommitChanges:1;
1304 ULONG LastReportMemory:1;
1305 ULONG ReportPhysicalPageChanges:1;
1306 ULONG HandleTableRundown:1;
1307 ULONG NeedsHandleRundown:1;
1308 ULONG RefTraceEnabled:1;
1309 ULONG NumaAware:1;
1310 ULONG ProtectedProcess:1;
1311 ULONG DefaultPagePriority:3;
1312 ULONG ProcessDeleteSelf:1;
1313 ULONG ProcessVerifierTarget:1;
1314 };
1315 ULONG Flags2;
1316 };
1317 #else
1318 ULONG JobStatus;
1319 #endif
1320 union
1321 {
1322 struct
1323 {
1324 ULONG CreateReported:1;
1325 ULONG NoDebugInherit:1;
1326 ULONG ProcessExiting:1;
1327 ULONG ProcessDelete:1;
1328 ULONG Wow64SplitPages:1;
1329 ULONG VmDeleted:1;
1330 ULONG OutswapEnabled:1;
1331 ULONG Outswapped:1;
1332 ULONG ForkFailed:1;
1333 ULONG Wow64VaSpace4Gb:1;
1334 ULONG AddressSpaceInitialized:2;
1335 ULONG SetTimerResolution:1;
1336 ULONG BreakOnTermination:1;
1337 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1338 ULONG DeprioritizeViews:1;
1339 #else
1340 ULONG SessionCreationUnderway:1;
1341 #endif
1342 ULONG WriteWatch:1;
1343 ULONG ProcessInSession:1;
1344 ULONG OverrideAddressSpace:1;
1345 ULONG HasAddressSpace:1;
1346 ULONG LaunchPrefetched:1;
1347 ULONG InjectInpageErrors:1;
1348 ULONG VmTopDown:1;
1349 ULONG ImageNotifyDone:1;
1350 ULONG PdeUpdateNeeded:1;
1351 ULONG VdmAllowed:1;
1352 ULONG SmapAllowed:1;
1353 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1354 ULONG ProcessInserted:1;
1355 #else
1356 ULONG CreateFailed:1;
1357 #endif
1358 ULONG DefaultIoPriority:3;
1359 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1360 ULONG SparePsFlags1:2;
1361 #else
1362 ULONG Spare1:1;
1363 ULONG Spare2:1;
1364 #endif
1365 };
1366 ULONG Flags;
1367 };
1368 NTSTATUS ExitStatus;
1369 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1370 USHORT Spare7;
1371 #else
1372 USHORT NextPageColor;
1373 #endif
1374 union
1375 {
1376 struct
1377 {
1378 UCHAR SubSystemMinorVersion;
1379 UCHAR SubSystemMajorVersion;
1380 };
1381 USHORT SubSystemVersion;
1382 };
1383 UCHAR PriorityClass;
1384 MM_AVL_TABLE VadRoot;
1385 ULONG Cookie;
1386 } EPROCESS;
1387
1388 //
1389 // Job Token Filter Data
1390 //
1391 #include <pshpack1.h>
1392 typedef struct _PS_JOB_TOKEN_FILTER
1393 {
1394 ULONG CapturedSidCount;
1395 PSID_AND_ATTRIBUTES CapturedSids;
1396 ULONG CapturedSidsLength;
1397 ULONG CapturedGroupCount;
1398 PSID_AND_ATTRIBUTES CapturedGroups;
1399 ULONG CapturedGroupsLength;
1400 ULONG CapturedPrivilegeCount;
1401 PLUID_AND_ATTRIBUTES CapturedPrivileges;
1402 ULONG CapturedPrivilegesLength;
1403 } PS_JOB_TOKEN_FILTER, *PPS_JOB_TOKEN_FILTER;
1404
1405 //
1406 // Executive Job (EJOB)
1407 //
1408 typedef struct _EJOB
1409 {
1410 KEVENT Event;
1411 LIST_ENTRY JobLinks;
1412 LIST_ENTRY ProcessListHead;
1413 ERESOURCE JobLock;
1414 LARGE_INTEGER TotalUserTime;
1415 LARGE_INTEGER TotalKernelTime;
1416 LARGE_INTEGER ThisPeriodTotalUserTime;
1417 LARGE_INTEGER ThisPeriodTotalKernelTime;
1418 ULONG TotalPageFaultCount;
1419 ULONG TotalProcesses;
1420 ULONG ActiveProcesses;
1421 ULONG TotalTerminatedProcesses;
1422 LARGE_INTEGER PerProcessUserTimeLimit;
1423 LARGE_INTEGER PerJobUserTimeLimit;
1424 ULONG LimitFlags;
1425 ULONG MinimumWorkingSetSize;
1426 ULONG MaximumWorkingSetSize;
1427 ULONG ActiveProcessLimit;
1428 ULONG Affinity;
1429 UCHAR PriorityClass;
1430 ULONG UIRestrictionsClass;
1431 ULONG SecurityLimitFlags;
1432 PVOID Token;
1433 PPS_JOB_TOKEN_FILTER Filter;
1434 ULONG EndOfJobTimeAction;
1435 PVOID CompletionPort;
1436 PVOID CompletionKey;
1437 ULONG SessionId;
1438 ULONG SchedulingClass;
1439 ULONGLONG ReadOperationCount;
1440 ULONGLONG WriteOperationCount;
1441 ULONGLONG OtherOperationCount;
1442 ULONGLONG ReadTransferCount;
1443 ULONGLONG WriteTransferCount;
1444 ULONGLONG OtherTransferCount;
1445 IO_COUNTERS IoInfo;
1446 ULONG ProcessMemoryLimit;
1447 ULONG JobMemoryLimit;
1448 ULONG PeakProcessMemoryUsed;
1449 ULONG PeakJobMemoryUsed;
1450 ULONG CurrentJobMemoryUsed;
1451 #if (NTDDI_VERSION >= NTDDI_WINXP) && (NTDDI_VERSION < NTDDI_WS03)
1452 FAST_MUTEX MemoryLimitsLock;
1453 #elif (NTDDI_VERSION >= NTDDI_WS03) && (NTDDI_VERSION < NTDDI_LONGHORN)
1454 KGUARDED_MUTEX MemoryLimitsLock;
1455 #elif (NTDDI_VERSION >= NTDDI_LONGHORN)
1456 EX_PUSH_LOCK MemoryLimitsLock;
1457 #endif
1458 LIST_ENTRY JobSetLinks;
1459 ULONG MemberLevel;
1460 ULONG JobFlags;
1461 } EJOB, *PEJOB;
1462 #include <poppack.h>
1463
1464 //
1465 // Win32K Callback Registration Data
1466 //
1467 typedef struct _WIN32_POWEREVENT_PARAMETERS
1468 {
1469 PSPOWEREVENTTYPE EventNumber;
1470 ULONG Code;
1471 } WIN32_POWEREVENT_PARAMETERS, *PWIN32_POWEREVENT_PARAMETERS;
1472
1473 typedef struct _WIN32_POWERSTATE_PARAMETERS
1474 {
1475 UCHAR Promotion;
1476 POWER_ACTION SystemAction;
1477 SYSTEM_POWER_STATE MinSystemState;
1478 ULONG Flags;
1479 POWERSTATETASK PowerStateTask;
1480 } WIN32_POWERSTATE_PARAMETERS, *PWIN32_POWERSTATE_PARAMETERS;
1481
1482 typedef struct _WIN32_JOBCALLOUT_PARAMETERS
1483 {
1484 PVOID Job;
1485 PSW32JOBCALLOUTTYPE CalloutType;
1486 PVOID Data;
1487 } WIN32_JOBCALLOUT_PARAMETERS, *PWIN32_JOBCALLOUT_PARAMETERS;
1488
1489 typedef struct _WIN32_OPENMETHOD_PARAMETERS
1490 {
1491 OB_OPEN_REASON OpenReason;
1492 PEPROCESS Process;
1493 PVOID Object;
1494 ULONG GrantedAccess;
1495 ULONG HandleCount;
1496 } WIN32_OPENMETHOD_PARAMETERS, *PWIN32_OPENMETHOD_PARAMETERS;
1497
1498 typedef struct _WIN32_OKAYTOCLOSEMETHOD_PARAMETERS
1499 {
1500 PEPROCESS Process;
1501 PVOID Object;
1502 HANDLE Handle;
1503 KPROCESSOR_MODE PreviousMode;
1504 } WIN32_OKAYTOCLOSEMETHOD_PARAMETERS, *PWIN32_OKAYTOCLOSEMETHOD_PARAMETERS;
1505
1506 typedef struct _WIN32_CLOSEMETHOD_PARAMETERS
1507 {
1508 PEPROCESS Process;
1509 PVOID Object;
1510 ACCESS_MASK AccessMask;
1511 ULONG ProcessHandleCount;
1512 ULONG SystemHandleCount;
1513 } WIN32_CLOSEMETHOD_PARAMETERS, *PWIN32_CLOSEMETHOD_PARAMETERS;
1514
1515 typedef struct _WIN32_DELETEMETHOD_PARAMETERS
1516 {
1517 PVOID Object;
1518 } WIN32_DELETEMETHOD_PARAMETERS, *PWIN32_DELETEMETHOD_PARAMETERS;
1519
1520 typedef struct _WIN32_PARSEMETHOD_PARAMETERS
1521 {
1522 PVOID ParseObject;
1523 PVOID ObjectType;
1524 PACCESS_STATE AccessState;
1525 KPROCESSOR_MODE AccessMode;
1526 ULONG Attributes;
1527 _Out_ PUNICODE_STRING CompleteName;
1528 PUNICODE_STRING RemainingName;
1529 PVOID Context;
1530 PSECURITY_QUALITY_OF_SERVICE SecurityQos;
1531 PVOID *Object;
1532 } WIN32_PARSEMETHOD_PARAMETERS, *PWIN32_PARSEMETHOD_PARAMETERS;
1533
1534 typedef struct _WIN32_CALLOUTS_FPNS
1535 {
1536 PKWIN32_PROCESS_CALLOUT ProcessCallout;
1537 PKWIN32_THREAD_CALLOUT ThreadCallout;
1538 PKWIN32_GLOBALATOMTABLE_CALLOUT GlobalAtomTableCallout;
1539 PKWIN32_POWEREVENT_CALLOUT PowerEventCallout;
1540 PKWIN32_POWERSTATE_CALLOUT PowerStateCallout;
1541 PKWIN32_JOB_CALLOUT JobCallout;
1542 PGDI_BATCHFLUSH_ROUTINE BatchFlushRoutine;
1543 PKWIN32_SESSION_CALLOUT DesktopOpenProcedure;
1544 PKWIN32_SESSION_CALLOUT DesktopOkToCloseProcedure;
1545 PKWIN32_SESSION_CALLOUT DesktopCloseProcedure;
1546 PKWIN32_SESSION_CALLOUT DesktopDeleteProcedure;
1547 PKWIN32_SESSION_CALLOUT WindowStationOkToCloseProcedure;
1548 PKWIN32_SESSION_CALLOUT WindowStationCloseProcedure;
1549 PKWIN32_SESSION_CALLOUT WindowStationDeleteProcedure;
1550 PKWIN32_SESSION_CALLOUT WindowStationParseProcedure;
1551 PKWIN32_SESSION_CALLOUT WindowStationOpenProcedure;
1552 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1553 PKWIN32_WIN32DATACOLLECTION_CALLOUT Win32DataCollectionProcedure;
1554 #endif
1555 } WIN32_CALLOUTS_FPNS, *PWIN32_CALLOUTS_FPNS;
1556
1557 #endif // !NTOS_MODE_USER
1558
1559 #ifdef __cplusplus
1560 }; // extern "C"
1561 #endif
1562
1563 #endif // _PSTYPES_H