//
#define USER_SHARED_DATA (0x7FFE0000)
-//
-// Kernel Exports
-//
-#ifndef NTOS_MODE_USER
-
-extern NTSYSAPI struct _EPROCESS* PsInitialSystemProcess;
-extern NTSYSAPI POBJECT_TYPE PsProcessType;
-
-#endif
-
//
// Global Flags
//
#define PS_REQUEST_BREAKAWAY 1
#define PS_NO_DEBUG_INHERIT 2
#define PS_INHERIT_HANDLES 4
-#define PS_UNKNOWN_VALUE 8
+#define PS_LARGE_PAGES 8
#define PS_ALL_FLAGS (PS_REQUEST_BREAKAWAY | \
PS_NO_DEBUG_INHERIT | \
PS_INHERIT_HANDLES | \
- PS_UNKNOWN_VALUE)
+ PS_LARGE_PAGES)
//
// Process base priorities
#define PROCESS_PRIORITY_NORMAL 8
#define PROCESS_PRIORITY_NORMAL_FOREGROUND 9
+//
+// Process memory priorities
+//
+#define MEMORY_PRIORITY_BACKGROUND 0
+#define MEMORY_PRIORITY_UNKNOWN 1
+#define MEMORY_PRIORITY_FOREGROUND 2
+
//
// Process Priority Separation Values (OR)
//
#define PSP_VARIABLE_QUANTUMS 4
#define PSP_LONG_QUANTUMS 16
+#ifndef NTOS_MODE_USER
+
//
-// Number of TLS expansion slots
+// Thread Access Types
//
-#define TLS_EXPANSION_SLOTS 64
+#define THREAD_QUERY_INFORMATION 0x0040
+#define THREAD_SET_THREAD_TOKEN 0x0080
+#define THREAD_IMPERSONATE 0x0100
+#define THREAD_DIRECT_IMPERSONATION 0x0200
//
// Process Access Types
//
-#ifndef NTOS_MODE_USER
#define PROCESS_TERMINATE 0x0001
#define PROCESS_CREATE_THREAD 0x0002
#define PROCESS_SET_SESSIONID 0x0004
#define PROCESS_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | \
SYNCHRONIZE | \
0xFFF)
+
+//
+// Thread Base Priorities
+//
+#define THREAD_BASE_PRIORITY_LOWRT 15
+#define THREAD_BASE_PRIORITY_MAX 2
+#define THREAD_BASE_PRIORITY_MIN -2
+#define THREAD_BASE_PRIORITY_IDLE -15
+
+//
+// TLS Slots
+//
+#define TLS_MINIMUM_AVAILABLE 64
#endif
//
SYNCHRONIZE | \
31)
+//
+// Job Limit Flags
+//
+#define JOB_OBJECT_LIMIT_WORKINGSET 0x1
+#define JOB_OBJECT_LIMIT_PROCESS_TIME 0x2
+#define JOB_OBJECT_LIMIT_JOB_TIME 0x4
+#define JOB_OBJECT_LIMIT_ACTIVE_PROCESS 0x8
+#define JOB_OBJECT_LIMIT_AFFINITY 0x10
+#define JOB_OBJECT_LIMIT_PRIORITY_CLASS 0x20
+#define JOB_OBJECT_LIMIT_PRESERVE_JOB_TIME 0x40
+#define JOB_OBJECT_LIMIT_SCHEDULING_CLASS 0x80
+#define JOB_OBJECT_LIMIT_PROCESS_MEMORY 0x100
+#define JOB_OBJECT_LIMIT_JOB_MEMORY 0x200
+#define JOB_OBJECT_LIMIT_DIE_ON_UNHANDLED_EXCEPTION 0x400
+#define JOB_OBJECT_LIMIT_BREAKAWAY_OK 0x800
+#define JOB_OBJECT_LIMIT_SILENT_BREAKAWAY_OK 0x1000
+#define JOB_OBJECT_LIMIT_KILL_ON_JOB_CLOSE 0x2000
+
+
//
// Cross Thread Flags
//
#define STA_LPC_RECEIVED_MSG_ID_VALID_BIT 0x1
#define STA_LPC_EXIT_THREAD_CALLED_BIT 0x2
#define STA_ADDRESS_SPACE_OWNER_BIT 0x4
+#define STA_OWNS_WORKING_SET_BITS 0x1F8
#endif
+#define TLS_EXPANSION_SLOTS 1024
//
// Process Flags
//
#define PSF_CREATE_FAILED_BIT 0x4000000
#define PSF_DEFAULT_IO_PRIORITY_BIT 0x8000000
+//
+// Vista Process Flags
+//
+#define PSF2_PROTECTED_BIT 0x800
+
#ifdef NTOS_MODE_USER
//
// Current Process/Thread built-in 'special' handles
ProcessCycleTime,
ProcessPagePriority,
ProcessInstrumentationCallback,
+ ProcessThreadStackAllocation,
+ ProcessWorkingSetWatchEx,
+ ProcessImageFileNameWin32,
+ ProcessImageFileMapping,
+ ProcessAffinityUpdateMode,
+ ProcessMemoryAllocationMode,
MaxProcessInfoClass
} PROCESSINFOCLASS;
//
struct _W32THREAD;
struct _W32PROCESS;
-struct _ETHREAD;
+//struct _ETHREAD;
struct _WIN32_POWEREVENT_PARAMETERS;
struct _WIN32_POWERSTATE_PARAMETERS;
struct _WIN32_JOBCALLOUT_PARAMETERS;
VOID
);
-#ifdef NTOS_MODE_USER
-
-//
-// ClientID Structure
-//
-typedef struct _CLIENT_ID
-{
- HANDLE UniqueProcess;
- HANDLE UniqueThread;
-} CLIENT_ID, *PCLIENT_ID;
-
-#endif
-
//
// Descriptor Table Entry Definition
//
+#if (_M_IX86)
#define _DESCRIPTOR_TABLE_ENTRY_DEFINED
typedef struct _DESCRIPTOR_TABLE_ENTRY
{
ULONG Selector;
LDT_ENTRY Descriptor;
} DESCRIPTOR_TABLE_ENTRY, *PDESCRIPTOR_TABLE_ENTRY;
+#endif
//
// PEB Lock Routine
UCHAR InheritedAddressSpace;
UCHAR ReadImageFileExecOptions;
UCHAR BeingDebugged;
-#if (NTDDI_VERSION >= NTDDI_LONGHORN)
- struct
+#if (NTDDI_VERSION >= NTDDI_WS03)
+ union
{
- UCHAR ImageUsesLargePages:1;
- UCHAR IsProtectedProcess:1;
- UCHAR IsLegacyProcess:1;
- UCHAR SpareBits:5;
+ UCHAR BitField;
+ struct
+ {
+ UCHAR ImageUsesLargePages:1;
+ #if (NTDDI_VERSION >= NTDDI_LONGHORN)
+ UCHAR IsProtectedProcess:1;
+ UCHAR IsLegacyProcess:1;
+ UCHAR IsImageDynamicallyRelocated:1;
+ UCHAR SkipPatchingUser32Forwarders:1;
+ UCHAR SpareBits:3;
+ #else
+ UCHAR SpareBits:7;
+ #endif
+ };
};
#else
BOOLEAN SpareBool;
struct _RTL_CRITICAL_SECTION *FastPebLock;
PVOID AltThunkSListPtr;
PVOID IFEOKey;
- ULONG Spare;
+ union
+ {
+ ULONG CrossProcessFlags;
+ struct
+ {
+ ULONG ProcessInJob:1;
+ ULONG ProcessInitializing:1;
+ ULONG ProcessUsingVEH:1;
+ ULONG ProcessUsingVCH:1;
+ ULONG ReservedBits0:28;
+ };
+ };
union
{
PVOID* KernelCallbackTable;
};
ULONG SystemReserved[1];
ULONG SpareUlong;
+ ULONG_PTR SparePebPtr0;
#else
PVOID FastPebLock;
PPEBLOCKROUTINE FastPebLockRoutine;
PVOID* KernelCallbackTable;
PVOID EventLogSection;
PVOID EventLog;
-#endif
PPEB_FREE_BLOCK FreeList;
+#endif
ULONG TlsExpansionCounter;
PVOID TlsBitmap;
ULONG TlsBitmapBits[0x2];
PVOID ReadOnlySharedMemoryBase;
+#if (NTDDI_VERSION >= NTDDI_LONGHORN)
+ PVOID HotpatchInformation;
+#else
PVOID ReadOnlySharedMemoryHeap;
+#endif
PVOID* ReadOnlyStaticServerData;
PVOID AnsiCodePageData;
PVOID OemCodePageData;
ULONG NumberOfProcessors;
ULONG NtGlobalFlag;
LARGE_INTEGER CriticalSectionTimeout;
- ULONG HeapSegmentReserve;
- ULONG HeapSegmentCommit;
- ULONG HeapDeCommitTotalFreeThreshold;
- ULONG HeapDeCommitFreeBlockThreshold;
+ ULONG_PTR HeapSegmentReserve;
+ ULONG_PTR HeapSegmentCommit;
+ ULONG_PTR HeapDeCommitTotalFreeThreshold;
+ ULONG_PTR HeapDeCommitFreeBlockThreshold;
ULONG NumberOfHeaps;
ULONG MaximumNumberOfHeaps;
PVOID* ProcessHeaps;
PVOID GdiSharedHandleTable;
PVOID ProcessStarterHelper;
- PVOID GdiDCAttributeList;
+ ULONG GdiDCAttributeList;
#if (NTDDI_VERSION >= NTDDI_LONGHORN)
struct _RTL_CRITICAL_SECTION *LoaderLock;
#else
ULONG ImageSubSystemMajorVersion;
ULONG ImageSubSystemMinorVersion;
ULONG ImageProcessAffinityMask;
+#ifdef _WIN64
+ ULONG GdiHandleBuffer[0x3c];
+#else
ULONG GdiHandleBuffer[0x22];
+#endif
PPOST_PROCESS_INIT_ROUTINE PostProcessInitRoutine;
struct _RTL_BITMAP *TlsExpansionBitmap;
ULONG TlsExpansionBitmapBits[0x20];
struct _ASSEMBLY_STORAGE_MAP *ProcessAssemblyStorageMap;
struct _ACTIVATION_CONTEXT_DATA *SystemDefaultActivationContextData;
struct _ASSEMBLY_STORAGE_MAP *SystemAssemblyStorageMap;
- ULONG MinimumStackCommit;
+ ULONG_PTR MinimumStackCommit;
#endif
#if (NTDDI_VERSION >= NTDDI_WS03)
PVOID *FlsCallback;
typedef struct _GDI_TEB_BATCH
{
ULONG Offset;
- ULONG HDC;
+ HANDLE HDC;
ULONG Buffer[0x136];
} GDI_TEB_BATCH, *PGDI_TEB_BATCH;
//
// TEB Active Frame Structures
//
-typedef struct _TEB_ACTIVE_FRAME_CONTEXT
+typedef struct _TEB_ACTIVE_FRAME_CONTEXT
{
ULONG Flags;
LPSTR FrameName;
{
NT_TIB Tib;
PVOID EnvironmentPointer;
- CLIENT_ID Cid;
+ CLIENT_ID ClientId;
PVOID ActiveRpcHandle;
PVOID ThreadLocalStoragePointer;
struct _PEB *ProcessEnvironmentBlock;
PVOID SystemReserved1[0x36];
LONG ExceptionCode;
struct _ACTIVATION_CONTEXT_STACK *ActivationContextStackPointer;
+#ifdef _WIN64
+ UCHAR SpareBytes1[24];
+#else
UCHAR SpareBytes1[0x24];
+#endif
ULONG TxFsContext;
GDI_TEB_BATCH GdiTebBatch;
CLIENT_ID RealClientId;
ULONG GdiClientPID;
ULONG GdiClientTID;
PVOID GdiThreadLocalInfo;
- ULONG Win32ClientInfo[62];
+ SIZE_T Win32ClientInfo[62];
PVOID glDispatchTable[0xE9];
- ULONG glReserved1[0x1D];
+ SIZE_T glReserved1[0x1D];
PVOID glReserved2;
PVOID glSectionInfo;
PVOID glSection;
PVOID ReservedForNtRpc;
PVOID DbgSsReserved[0x2];
ULONG HardErrorDisabled;
+#ifdef _WIN64
+ PVOID Instrumentation[11];
+#else
PVOID Instrumentation[9];
+#endif
GUID ActivityId;
PVOID SubProcessTag;
PVOID EtwTraceData;
+#if (NTDDI_VERSION >= NTDDI_LONGHORN)
+ PVOID EtwLocalData;
+#endif
PVOID WinSockData;
ULONG GdiBatchCount;
#if (NTDDI_VERSION >= NTDDI_LONGHORN)
#ifndef NTOS_MODE_USER
+//
+// Job Set Array
+//
+typedef struct _JOB_SET_ARRAY
+{
+ HANDLE JobHandle;
+ ULONG MemberLevel;
+ ULONG Flags;
+} JOB_SET_ARRAY, *PJOB_SET_ARRAY;
+
//
// EPROCESS Quota Structures
//
//
// Executive Thread (ETHREAD)
//
-#include <pshpack4.h>
typedef struct _ETHREAD
{
KTHREAD Tcb;
- PVOID Padding;
LARGE_INTEGER CreateTime;
union
{
#endif
PPS_IMPERSONATION_INFORMATION ImpersonationInfo;
LIST_ENTRY IrpList;
- ULONG TopLevelIrp;
+ ULONG_PTR TopLevelIrp;
PDEVICE_OBJECT DeviceToVerify;
#if (NTDDI_VERSION >= NTDDI_LONGHORN)
PPSP_RATE_APC RateControlApc;
EX_RUNDOWN_REF RundownProtect;
HANDLE UniqueProcessId;
LIST_ENTRY ActiveProcessLinks;
- ULONG QuotaUsage[3];
- ULONG QuotaPeak[3];
+ ULONG QuotaUsage[3]; /* 0=PagedPool, 1=NonPagedPool, 2=Pagefile */
+ ULONG QuotaPeak[3]; /* ditto */
ULONG CommitCharge;
ULONG PeakVirtualSize;
ULONG VirtualSize;
EX_PUSH_LOCK AddressCreationLock;
PETHREAD RotateInProgress;
#else
- FAST_MUTEX AddressCreationLock; // FIXME: FAST_MUTEX for XP, KGUARDED_MUTEX for 2K3
+ KGUARDED_MUTEX AddressCreationLock;
KSPIN_LOCK HyperSpaceLock;
#endif
PETHREAD ForkInProgress;
ULONG HardwareTrigger;
- MM_AVL_TABLE PhysicalVadroot;
+ PMM_AVL_TABLE PhysicalVadRoot;
PVOID CloneRoot;
ULONG NumberOfPrivatePages;
ULONG NumberOfLockedPages;
PVOID VdmObjects;
PVOID DeviceMap;
#if (NTDDI_VERSION >= NTDDI_LONGHORN)
- ULONG AlpcPagedPoolQuotaCache;
PVOID EtwDataSource;
PVOID FreeTebHint;
#else
#endif
union
{
-#ifdef _M_IX86
- HARDWARE_PTE_X86 PagedirectoryPte;
-#else
- HARDWARE_PTE_PPC PagedirectoryPte;
-#endif
+ HARDWARE_PTE PageDirectoryPte;
ULONGLONG Filler;
};
ULONG Session;
MM_AVL_TABLE VadRoot;
ULONG Cookie;
} EPROCESS;
-#include <poppack.h>
//
// Job Token Filter Data
ULONG PeakProcessMemoryUsed;
ULONG PeakJobMemoryUsed;
ULONG CurrentJobMemoryUsed;
-#if (NTDDI_VERSION == NTDDI_WINXP)
+#if (NTDDI_VERSION >= NTDDI_WINXP) && (NTDDI_VERSION < NTDDI_WS03)
FAST_MUTEX MemoryLimitsLock;
-#elif (NTDDI_VERSION == NTDDI_WS03)
+#elif (NTDDI_VERSION >= NTDDI_WS03) && (NTDDI_VERSION < NTDDI_LONGHORN)
KGUARDED_MUTEX MemoryLimitsLock;
#elif (NTDDI_VERSION >= NTDDI_LONGHORN)
EX_PUSH_LOCK MemoryLimitsLock;