1 /*++ NDK Version: 0098 2 3 Copyright (c) Alex Ionescu. All rights reserved. 4 5 Header Name: 6 7 ketypes.h 8 9 Abstract: 10 11 Type definitions for the Kernel services. 12 13 Author: 14 15 Alex Ionescu (alexi@tinykrnl.org) - Updated - 27-Feb-2006 16 17 --*/ 18 19 #ifndef _KETYPES_H 20 #define _KETYPES_H 21 22 // 23 // Dependencies 24 // 25 #include <umtypes.h> 26 #ifndef NTOS_MODE_USER 27 #include <haltypes.h> 28 #include <potypes.h> 29 #include <ifssupp.h> 30 #endif 31 32 // 33 // A system call ID is formatted as such: 34 // .________________________________________________________________. 35 // | 14 | 13 | 12 | 11 | 10 | 9 | 8 | 7 | 6 | 5 | 4 | 3 | 2 | 1 | 0 | 36 // |--------------|-------------------------------------------------| 37 // | TABLE NUMBER | TABLE OFFSET | 38 // \----------------------------------------------------------------/ 39 // 40 // The table number is then used as an index into the service descriptor table. 41 #define TABLE_NUMBER_BITS 1 42 #define TABLE_OFFSET_BITS 12 43 44 // 45 // There are 2 tables (kernel and shadow, used by Win32K) 46 // 47 #define NUMBER_SERVICE_TABLES 2 48 #define NTOS_SERVICE_INDEX 0 49 #define WIN32K_SERVICE_INDEX 1 50 51 // 52 // NB. From assembly code, the table number must be computed as an offset into 53 // the service descriptor table. 54 // 55 // Each entry into the table is 16 bytes long on 32-bit architectures, and 56 // 32 bytes long on 64-bit architectures. 57 // 58 // Thus, Table Number 1 is offset 16 (0x10) on x86, and offset 32 (0x20) on 59 // x64. 60 // 61 #ifdef _WIN64 62 #define BITS_PER_ENTRY 5 // (1 << 5) = 32 bytes 63 #else 64 #define BITS_PER_ENTRY 4 // (1 << 4) = 16 bytes 65 #endif 66 67 // 68 // We want the table number, but leave some extra bits to we can have the offset 69 // into the descriptor table. 70 // 71 #define SERVICE_TABLE_SHIFT (12 - BITS_PER_ENTRY) 72 73 // 74 // Now the table number (as an offset) is corrupted with part of the table offset 75 // This mask will remove the extra unwanted bits, and give us the offset into the 76 // descriptor table proper. 77 // 78 #define SERVICE_TABLE_MASK (((1 << TABLE_NUMBER_BITS) - 1) << BITS_PER_ENTRY) 79 80 // 81 // To get the table offset (ie: the service call number), just keep the 12 bits 82 // 83 #define SERVICE_NUMBER_MASK ((1 << TABLE_OFFSET_BITS) - 1) 84 85 // 86 // We'll often need to check if this is a graphics call. This is done by comparing 87 // the table number offset with the known Win32K table number offset. 88 // This is usually index 1, so table number offset 0x10 (x86) or 0x20 (x64) 89 // 90 #define SERVICE_TABLE_TEST (WIN32K_SERVICE_INDEX << BITS_PER_ENTRY) 91 92 // 93 // Context Record Flags 94 // 95 #define CONTEXT_DEBUGGER (CONTEXT_FULL | CONTEXT_FLOATING_POINT) 96 97 // 98 // Maximum System Descriptor Table Entries 99 // 100 #define SSDT_MAX_ENTRIES 2 101 102 // 103 // Processor Architectures 104 // 105 #define PROCESSOR_ARCHITECTURE_INTEL 0 106 #define PROCESSOR_ARCHITECTURE_MIPS 1 107 #define PROCESSOR_ARCHITECTURE_ALPHA 2 108 #define PROCESSOR_ARCHITECTURE_PPC 3 109 #define PROCESSOR_ARCHITECTURE_SHX 4 110 #define PROCESSOR_ARCHITECTURE_ARM 5 111 #define PROCESSOR_ARCHITECTURE_IA64 6 112 #define PROCESSOR_ARCHITECTURE_ALPHA64 7 113 #define PROCESSOR_ARCHITECTURE_MSIL 8 114 #define PROCESSOR_ARCHITECTURE_AMD64 9 115 #define PROCESSOR_ARCHITECTURE_UNKNOWN 0xFFFF 116 117 // 118 // Object Type Mask for Kernel Dispatcher Objects 119 // 120 #define KOBJECT_TYPE_MASK 0x7F 121 #define KOBJECT_LOCK_BIT 0x80 122 123 // 124 // Dispatcher Priority increments 125 // 126 #define THREAD_ALERT_INCREMENT 2 127 128 // 129 // Physical memory offset of KUSER_SHARED_DATA 130 // 131 #define KI_USER_SHARED_DATA_PHYSICAL 0x41000 132 133 // 134 // Quantum values and decrements 135 // 136 #define MAX_QUANTUM 0x7F 137 #define WAIT_QUANTUM_DECREMENT 1 138 #define CLOCK_QUANTUM_DECREMENT 3 139 140 // 141 // Internal Exception Codes 142 // 143 #define KI_EXCEPTION_INTERNAL 0x10000000 144 #define KI_EXCEPTION_ACCESS_VIOLATION (KI_EXCEPTION_INTERNAL | 0x04) 145 146 typedef struct _FIBER /* Field offsets: */ 147 { /* i386 arm x64 */ 148 PVOID FiberData; /* 0x000 0x000 0x000 */ 149 struct _EXCEPTION_REGISTRATION_RECORD *ExceptionList;/* 0x004 0x004 0x008 */ 150 PVOID StackBase; /* 0x008 0x008 0x010 */ 151 PVOID StackLimit; /* 0x00C 0x00C 0x018 */ 152 PVOID DeallocationStack; /* 0x010 0x010 0x020 */ 153 CONTEXT FiberContext; /* 0x014 0x018 0x030 */ 154 #if (NTDDI_VERSION >= NTDDI_LONGHORN) 155 PVOID Wx86Tib; /* 0x2E0 0x1b8 0x500 */ 156 struct _ACTIVATION_CONTEXT_STACK *ActivationContextStackPointer; /* 0x2E4 0x1bc 0x508 */ 157 PVOID FlsData; /* 0x2E8 0x1c0 0x510 */ 158 ULONG GuaranteedStackBytes; /* 0x2EC 0x1c4 0x518 */ 159 ULONG TebFlags; /* 0x2F0 0x1c8 0x51C */ 160 #else 161 ULONG GuaranteedStackBytes; /* 0x2E0 */ 162 PVOID FlsData; /* 0x2E4 */ 163 struct _ACTIVATION_CONTEXT_STACK *ActivationContextStackPointer; 164 #endif 165 } FIBER, *PFIBER; 166 167 #ifndef NTOS_MODE_USER 168 // 169 // Number of dispatch codes supported by KINTERRUPT 170 // 171 #ifdef _M_AMD64 172 #define DISPATCH_LENGTH 4 173 #elif (NTDDI_VERSION >= NTDDI_LONGHORN) 174 #define DISPATCH_LENGTH 135 175 #else 176 #define DISPATCH_LENGTH 106 177 #endif 178 179 #else // NTOS_MODE_USER 180 181 // 182 // KPROCESSOR_MODE Type 183 // 184 typedef CCHAR KPROCESSOR_MODE; 185 186 // 187 // Dereferencable pointer to KUSER_SHARED_DATA in User-Mode 188 // 189 #define SharedUserData ((KUSER_SHARED_DATA *)USER_SHARED_DATA) 190 191 #ifdef _X86_ 192 /* Macros for user-mode run-time checks of X86 system architecture */ 193 194 #ifndef IsNEC_98 195 #define IsNEC_98 (SharedUserData->AlternativeArchitecture == NEC98x86) 196 #endif 197 198 #ifndef IsNotNEC_98 199 #define IsNotNEC_98 (SharedUserData->AlternativeArchitecture != NEC98x86) 200 #endif 201 202 /* User-mode cannot override the architecture */ 203 #ifndef SetNEC_98 204 #define SetNEC_98 205 #endif 206 207 /* User-mode cannot override the architecture */ 208 #ifndef SetNotNEC_98 209 #define SetNotNEC_98 210 #endif 211 212 #else // !_X86_ 213 /* Correctly define these run-time definitions for non X86 machines */ 214 215 #ifndef IsNEC_98 216 #define IsNEC_98 (FALSE) 217 #endif 218 219 #ifndef IsNotNEC_98 220 #define IsNotNEC_98 (TRUE) 221 #endif 222 223 #ifndef SetNEC_98 224 #define SetNEC_98 225 #endif 226 227 #ifndef SetNotNEC_98 228 #define SetNotNEC_98 229 #endif 230 231 #endif // _X86_ 232 233 // 234 // Maximum WOW64 Entries in KUSER_SHARED_DATA 235 // 236 #define MAX_WOW64_SHARED_ENTRIES 16 237 238 // 239 // Maximum Processor Features supported in KUSER_SHARED_DATA 240 // 241 #define PROCESSOR_FEATURE_MAX 64 242 243 // 244 // Event Types 245 // 246 typedef enum _EVENT_TYPE 247 { 248 NotificationEvent, 249 SynchronizationEvent 250 } EVENT_TYPE; 251 252 // 253 // Timer Types 254 // 255 typedef enum _TIMER_TYPE 256 { 257 NotificationTimer, 258 SynchronizationTimer 259 } TIMER_TYPE; 260 261 // 262 // Wait Types 263 // 264 typedef enum _WAIT_TYPE 265 { 266 WaitAll, 267 WaitAny 268 } WAIT_TYPE; 269 270 // 271 // Processor Execution Modes 272 // 273 typedef enum _MODE 274 { 275 KernelMode, 276 UserMode, 277 MaximumMode 278 } MODE; 279 280 // 281 // Wait Reasons 282 // 283 typedef enum _KWAIT_REASON 284 { 285 Executive, 286 FreePage, 287 PageIn, 288 PoolAllocation, 289 DelayExecution, 290 Suspended, 291 UserRequest, 292 WrExecutive, 293 WrFreePage, 294 WrPageIn, 295 WrPoolAllocation, 296 WrDelayExecution, 297 WrSuspended, 298 WrUserRequest, 299 WrEventPair, 300 WrQueue, 301 WrLpcReceive, 302 WrLpcReply, 303 WrVirtualMemory, 304 WrPageOut, 305 WrRendezvous, 306 Spare2, 307 WrGuardedMutex, 308 Spare4, 309 Spare5, 310 Spare6, 311 WrKernel, 312 WrResource, 313 WrPushLock, 314 WrMutex, 315 WrQuantumEnd, 316 WrDispatchInt, 317 WrPreempted, 318 WrYieldExecution, 319 MaximumWaitReason 320 } KWAIT_REASON; 321 322 // 323 // Profiling Sources 324 // 325 typedef enum _KPROFILE_SOURCE 326 { 327 ProfileTime, 328 ProfileAlignmentFixup, 329 ProfileTotalIssues, 330 ProfilePipelineDry, 331 ProfileLoadInstructions, 332 ProfilePipelineFrozen, 333 ProfileBranchInstructions, 334 ProfileTotalNonissues, 335 ProfileDcacheMisses, 336 ProfileIcacheMisses, 337 ProfileCacheMisses, 338 ProfileBranchMispredictions, 339 ProfileStoreInstructions, 340 ProfileFpInstructions, 341 ProfileIntegerInstructions, 342 Profile2Issue, 343 Profile3Issue, 344 Profile4Issue, 345 ProfileSpecialInstructions, 346 ProfileTotalCycles, 347 ProfileIcacheIssues, 348 ProfileDcacheAccesses, 349 ProfileMemoryBarrierCycles, 350 ProfileLoadLinkedIssues, 351 ProfileMaximum 352 } KPROFILE_SOURCE; 353 354 // 355 // NT Product and Architecture Types 356 // 357 typedef enum _NT_PRODUCT_TYPE 358 { 359 NtProductWinNt = 1, 360 NtProductLanManNt, 361 NtProductServer 362 } NT_PRODUCT_TYPE, *PNT_PRODUCT_TYPE; 363 364 typedef enum _ALTERNATIVE_ARCHITECTURE_TYPE 365 { 366 StandardDesign, 367 NEC98x86, 368 EndAlternatives 369 } ALTERNATIVE_ARCHITECTURE_TYPE; 370 371 // 372 // Flags for NXSupportPolicy 373 // 374 #if (NTDDI_VERSION >= NTDDI_WINXPSP2) 375 #define NX_SUPPORT_POLICY_ALWAYSOFF 0 376 #define NX_SUPPORT_POLICY_ALWAYSON 1 377 #define NX_SUPPORT_POLICY_OPTIN 2 378 #define NX_SUPPORT_POLICY_OPTOUT 3 379 #endif 380 381 #endif // NTOS_MODE_USER 382 383 // 384 // Thread States 385 // 386 typedef enum _KTHREAD_STATE 387 { 388 Initialized, 389 Ready, 390 Running, 391 Standby, 392 Terminated, 393 Waiting, 394 Transition, 395 DeferredReady, 396 #if (NTDDI_VERSION >= NTDDI_WS03) 397 GateWait 398 #endif 399 } KTHREAD_STATE, *PKTHREAD_STATE; 400 401 // 402 // Kernel Object Types 403 // 404 typedef enum _KOBJECTS 405 { 406 EventNotificationObject = 0, 407 EventSynchronizationObject = 1, 408 MutantObject = 2, 409 ProcessObject = 3, 410 QueueObject = 4, 411 SemaphoreObject = 5, 412 ThreadObject = 6, 413 GateObject = 7, 414 TimerNotificationObject = 8, 415 TimerSynchronizationObject = 9, 416 Spare2Object = 10, 417 Spare3Object = 11, 418 Spare4Object = 12, 419 Spare5Object = 13, 420 Spare6Object = 14, 421 Spare7Object = 15, 422 Spare8Object = 16, 423 Spare9Object = 17, 424 ApcObject = 18, 425 DpcObject = 19, 426 DeviceQueueObject = 20, 427 EventPairObject = 21, 428 InterruptObject = 22, 429 ProfileObject = 23, 430 ThreadedDpcObject = 24, 431 MaximumKernelObject = 25 432 } KOBJECTS; 433 434 // 435 // Adjust reasons 436 // 437 typedef enum _ADJUST_REASON 438 { 439 AdjustNone = 0, 440 AdjustUnwait = 1, 441 AdjustBoost = 2 442 } ADJUST_REASON; 443 444 // 445 // Continue Status 446 // 447 typedef enum _KCONTINUE_STATUS 448 { 449 ContinueError = 0, 450 ContinueSuccess, 451 ContinueProcessorReselected, 452 ContinueNextProcessor 453 } KCONTINUE_STATUS; 454 455 // 456 // Process States 457 // 458 typedef enum _KPROCESS_STATE 459 { 460 ProcessInMemory, 461 ProcessOutOfMemory, 462 ProcessInTransition, 463 ProcessInSwap, 464 ProcessOutSwap, 465 } KPROCESS_STATE, *PKPROCESS_STATE; 466 467 // 468 // NtVdmControl Classes 469 // 470 typedef enum _VDMSERVICECLASS 471 { 472 VdmStartExecution = 0, 473 VdmQueueInterrupt = 1, 474 VdmDelayInterrupt = 2, 475 VdmInitialize = 3, 476 VdmFeatures = 4, 477 VdmSetInt21Handler = 5, 478 VdmQueryDir = 6, 479 VdmPrinterDirectIoOpen = 7, 480 VdmPrinterDirectIoClose = 8, 481 VdmPrinterInitialize = 9, 482 VdmSetLdtEntries = 10, 483 VdmSetProcessLdtInfo = 11, 484 VdmAdlibEmulation = 12, 485 VdmPMCliControl = 13, 486 VdmQueryVdmProcess = 14, 487 } VDMSERVICECLASS; 488 489 #ifdef NTOS_MODE_USER 490 491 // 492 // APC Normal Routine 493 // 494 typedef VOID 495 (NTAPI *PKNORMAL_ROUTINE)( 496 _In_ PVOID NormalContext, 497 _In_ PVOID SystemArgument1, 498 _In_ PVOID SystemArgument2 499 ); 500 501 // 502 // Timer Routine 503 // 504 typedef VOID 505 (NTAPI *PTIMER_APC_ROUTINE)( 506 _In_ PVOID TimerContext, 507 _In_ ULONG TimerLowValue, 508 _In_ LONG TimerHighValue 509 ); 510 511 // 512 // System Time Structure 513 // 514 typedef struct _KSYSTEM_TIME 515 { 516 ULONG LowPart; 517 LONG High1Time; 518 LONG High2Time; 519 } KSYSTEM_TIME, *PKSYSTEM_TIME; 520 521 #define MAXIMUM_XSTATE_FEATURES 64 522 523 typedef struct _XSTATE_FEATURE 524 { 525 ULONG Offset; 526 ULONG Size; 527 } XSTATE_FEATURE, *PXSTATE_FEATURE; 528 529 typedef struct _XSTATE_CONFIGURATION 530 { 531 ULONG64 EnabledFeatures; 532 #if (NTDDI_VERSION >= NTDDI_WINBLUE) 533 ULONG64 EnabledVolatileFeatures; 534 #endif 535 ULONG Size; 536 union 537 { 538 ULONG ControlFlags; 539 struct 540 { 541 ULONG OptimizedSave:1; 542 ULONG CompactionEnabled:1; // WIN10+ 543 }; 544 }; 545 XSTATE_FEATURE Features[MAXIMUM_XSTATE_FEATURES]; 546 #if (NTDDI_VERSION >= NTDDI_WIN10) 547 ULONG64 EnabledSupervisorFeatures; 548 ULONG64 AlignedFeatures; 549 ULONG AllFeatureSize; 550 ULONG AllFeatures[MAXIMUM_XSTATE_FEATURES]; 551 #endif 552 #if (NTDDI_VERSION >= NTDDI_WIN10_RS5) 553 ULONG64 EnabledUserVisibleSupervisorFeatures; 554 #endif 555 #if (NTDDI_VERSION >= NTDDI_WIN11) 556 ULONG64 ExtendedFeatureDisableFeatures; 557 ULONG AllNonLargeFeatureSize; 558 ULONG Spare; 559 #endif 560 } XSTATE_CONFIGURATION, *PXSTATE_CONFIGURATION; 561 562 // 563 // Shared Kernel User Data 564 // Keep in sync with sdk/include/xdk/ketypes.h 565 // 566 typedef struct _KUSER_SHARED_DATA 567 { 568 ULONG TickCountLowDeprecated; // 0x0 569 ULONG TickCountMultiplier; // 0x4 570 volatile KSYSTEM_TIME InterruptTime; // 0x8 571 volatile KSYSTEM_TIME SystemTime; // 0x14 572 volatile KSYSTEM_TIME TimeZoneBias; // 0x20 573 USHORT ImageNumberLow; // 0x2c 574 USHORT ImageNumberHigh; // 0x2e 575 WCHAR NtSystemRoot[260]; // 0x30 576 ULONG MaxStackTraceDepth; // 0x238 577 ULONG CryptoExponent; // 0x23c 578 ULONG TimeZoneId; // 0x240 579 ULONG LargePageMinimum; // 0x244 580 ULONG Reserved2[7]; // 0x248 581 NT_PRODUCT_TYPE NtProductType; // 0x264 582 BOOLEAN ProductTypeIsValid; // 0x268 583 ULONG NtMajorVersion; // 0x26c 584 ULONG NtMinorVersion; // 0x270 585 BOOLEAN ProcessorFeatures[PROCESSOR_FEATURE_MAX]; // 0x274 586 ULONG Reserved1; // 0x2b4 587 ULONG Reserved3; // 0x2b8 588 volatile ULONG TimeSlip; // 0x2bc 589 ALTERNATIVE_ARCHITECTURE_TYPE AlternativeArchitecture; // 0x2c0 590 ULONG AltArchitecturePad[1]; // 0x2c4 591 LARGE_INTEGER SystemExpirationDate; // 0x2c8 592 ULONG SuiteMask; // 0x2d0 593 BOOLEAN KdDebuggerEnabled; // 0x2d4 594 #if (NTDDI_VERSION >= NTDDI_WINXPSP2) 595 UCHAR NXSupportPolicy; // 0x2d5 596 #endif 597 volatile ULONG ActiveConsoleId; // 0x2d8 598 volatile ULONG DismountCount; // 0x2dc 599 ULONG ComPlusPackage; // 0x2e0 600 ULONG LastSystemRITEventTickCount; // 0x2e4 601 ULONG NumberOfPhysicalPages; // 0x2e8 602 BOOLEAN SafeBootMode; // 0x2ec 603 #if (NTDDI_VERSION >= NTDDI_WIN7) 604 union 605 { 606 UCHAR TscQpcData; // 0x2ed 607 struct 608 { 609 UCHAR TscQpcEnabled:1; // 0x2ed 610 UCHAR TscQpcSpareFlag:1; // 0x2ed 611 UCHAR TscQpcShift:6; // 0x2ed 612 } DUMMYSTRUCTNAME; 613 } DUMMYUNIONNAME; 614 UCHAR TscQpcPad[2]; // 0x2ee 615 #endif 616 #if (NTDDI_VERSION >= NTDDI_VISTA) 617 union 618 { 619 ULONG SharedDataFlags; // 0x2f0 620 struct 621 { 622 ULONG DbgErrorPortPresent:1; // 0x2f0 623 ULONG DbgElevationEnabled:1; // 0x2f0 624 ULONG DbgVirtEnabled:1; // 0x2f0 625 ULONG DbgInstallerDetectEnabled:1; // 0x2f0 626 ULONG DbgSystemDllRelocated:1; // 0x2f0 627 ULONG DbgDynProcessorEnabled:1; // 0x2f0 628 ULONG DbgSEHValidationEnabled:1; // 0x2f0 629 ULONG SpareBits:25; // 0x2f0 630 } DUMMYSTRUCTNAME2; 631 } DUMMYUNIONNAME2; 632 #else 633 ULONG TraceLogging; 634 #endif 635 ULONG DataFlagsPad[1]; // 0x2f4 636 ULONGLONG TestRetInstruction; // 0x2f8 637 ULONG SystemCall; // 0x300 638 ULONG SystemCallReturn; // 0x304 639 ULONGLONG SystemCallPad[3]; // 0x308 640 union 641 { 642 volatile KSYSTEM_TIME TickCount; // 0x320 643 volatile ULONG64 TickCountQuad; // 0x320 644 struct 645 { 646 ULONG ReservedTickCountOverlay[3]; // 0x320 647 ULONG TickCountPad[1]; // 0x32c 648 } DUMMYSTRUCTNAME; 649 } DUMMYUNIONNAME3; 650 ULONG Cookie; // 0x330 651 #if (NTDDI_VERSION >= NTDDI_VISTA) 652 ULONG CookiePad[1]; // 0x334 653 LONGLONG ConsoleSessionForegroundProcessId; // 0x338 654 #endif 655 #if (NTDDI_VERSION >= NTDDI_WS03) 656 ULONG Wow64SharedInformation[MAX_WOW64_SHARED_ENTRIES]; // 2K3: 0x334 / Vista+: 0x340 657 #endif 658 #if (NTDDI_VERSION >= NTDDI_VISTA) 659 #if (NTDDI_VERSION >= NTDDI_WIN7) 660 USHORT UserModeGlobalLogger[16]; // 0x380 661 #else 662 USHORT UserModeGlobalLogger[8]; // 0x380 663 ULONG HeapTracingPid[2]; // 0x390 664 ULONG CritSecTracingPid[2]; // 0x398 665 #endif 666 ULONG ImageFileExecutionOptions; // 0x3a0 667 #if (NTDDI_VERSION >= NTDDI_VISTASP1) 668 ULONG LangGenerationCount; // 0x3a4 669 #else 670 /* 4 bytes padding */ 671 #endif 672 ULONGLONG Reserved5; // 0x3a8 673 volatile ULONG64 InterruptTimeBias; // 0x3b0 674 #endif // NTDDI_VERSION >= NTDDI_VISTA 675 #if (NTDDI_VERSION >= NTDDI_WIN7) 676 volatile ULONG64 TscQpcBias; // 0x3b8 677 volatile ULONG ActiveProcessorCount; // 0x3c0 678 volatile USHORT ActiveGroupCount; // 0x3c4 679 USHORT Reserved4; // 0x3c6 680 volatile ULONG AitSamplingValue; // 0x3c8 681 volatile ULONG AppCompatFlag; // 0x3cc 682 ULONGLONG SystemDllNativeRelocation; // 0x3d0 683 ULONG SystemDllWowRelocation; // 0x3d8 684 ULONG XStatePad[1]; // 0x3dc 685 XSTATE_CONFIGURATION XState; // 0x3e0 686 #endif 687 } KUSER_SHARED_DATA, *PKUSER_SHARED_DATA; 688 689 // 690 // VDM Structures 691 // 692 #include "pshpack1.h" 693 typedef struct _VdmVirtualIca 694 { 695 LONG ica_count[8]; 696 LONG ica_int_line; 697 LONG ica_cpu_int; 698 USHORT ica_base; 699 USHORT ica_hipiri; 700 USHORT ica_mode; 701 UCHAR ica_master; 702 UCHAR ica_irr; 703 UCHAR ica_isr; 704 UCHAR ica_imr; 705 UCHAR ica_ssr; 706 } VDMVIRTUALICA, *PVDMVIRTUALICA; 707 #include "poppack.h" 708 709 typedef struct _VdmIcaUserData 710 { 711 PVOID pIcaLock; 712 PVDMVIRTUALICA pIcaMaster; 713 PVDMVIRTUALICA pIcaSlave; 714 PULONG pDelayIrq; 715 PULONG pUndelayIrq; 716 PULONG pDelayIret; 717 PULONG pIretHooked; 718 PULONG pAddrIretBopTable; 719 PHANDLE phWowIdleEvent; 720 PLARGE_INTEGER pIcaTimeout; 721 PHANDLE phMainThreadSuspended; 722 } VDMICAUSERDATA, *PVDMICAUSERDATA; 723 724 typedef struct _VDM_INITIALIZE_DATA 725 { 726 PVOID TrapcHandler; 727 PVDMICAUSERDATA IcaUserData; 728 } VDM_INITIALIZE_DATA, *PVDM_INITIALIZE_DATA; 729 730 #else 731 732 // 733 // System Thread Start Routine 734 // 735 typedef 736 VOID 737 (NTAPI *PKSYSTEM_ROUTINE)( 738 PKSTART_ROUTINE StartRoutine, 739 PVOID StartContext 740 ); 741 742 #ifndef _NTSYSTEM_ 743 typedef VOID 744 (NTAPI *PKNORMAL_ROUTINE)( 745 IN PVOID NormalContext OPTIONAL, 746 IN PVOID SystemArgument1 OPTIONAL, 747 IN PVOID SystemArgument2 OPTIONAL); 748 749 typedef VOID 750 (NTAPI *PKRUNDOWN_ROUTINE)( 751 IN struct _KAPC *Apc); 752 753 typedef VOID 754 (NTAPI *PKKERNEL_ROUTINE)( 755 IN struct _KAPC *Apc, 756 IN OUT PKNORMAL_ROUTINE *NormalRoutine OPTIONAL, 757 IN OUT PVOID *NormalContext OPTIONAL, 758 IN OUT PVOID *SystemArgument1 OPTIONAL, 759 IN OUT PVOID *SystemArgument2 OPTIONAL); 760 #endif 761 762 // 763 // APC Environment Types 764 // 765 typedef enum _KAPC_ENVIRONMENT 766 { 767 OriginalApcEnvironment, 768 AttachedApcEnvironment, 769 CurrentApcEnvironment, 770 InsertApcEnvironment 771 } KAPC_ENVIRONMENT; 772 773 typedef struct _KTIMER_TABLE_ENTRY 774 { 775 #if (NTDDI_VERSION >= NTDDI_LONGHORN) || defined(_M_ARM) || defined(_M_AMD64) 776 KSPIN_LOCK Lock; 777 #endif 778 LIST_ENTRY Entry; 779 ULARGE_INTEGER Time; 780 } KTIMER_TABLE_ENTRY, *PKTIMER_TABLE_ENTRY; 781 782 typedef struct _KTIMER_TABLE 783 { 784 PKTIMER TimerExpiry[64]; 785 KTIMER_TABLE_ENTRY TimerEntries[256]; 786 } KTIMER_TABLE, *PKTIMER_TABLE; 787 788 typedef struct _KDPC_LIST 789 { 790 SINGLE_LIST_ENTRY ListHead; 791 SINGLE_LIST_ENTRY* LastEntry; 792 } KDPC_LIST, *PKDPC_LIST; 793 794 typedef struct _SYNCH_COUNTERS 795 { 796 ULONG SpinLockAcquireCount; 797 ULONG SpinLockContentionCount; 798 ULONG SpinLockSpinCount; 799 ULONG IpiSendRequestBroadcastCount; 800 ULONG IpiSendRequestRoutineCount; 801 ULONG IpiSendSoftwareInterruptCount; 802 ULONG ExInitializeResourceCount; 803 ULONG ExReInitializeResourceCount; 804 ULONG ExDeleteResourceCount; 805 ULONG ExecutiveResourceAcquiresCount; 806 ULONG ExecutiveResourceContentionsCount; 807 ULONG ExecutiveResourceReleaseExclusiveCount; 808 ULONG ExecutiveResourceReleaseSharedCount; 809 ULONG ExecutiveResourceConvertsCount; 810 ULONG ExAcqResExclusiveAttempts; 811 ULONG ExAcqResExclusiveAcquiresExclusive; 812 ULONG ExAcqResExclusiveAcquiresExclusiveRecursive; 813 ULONG ExAcqResExclusiveWaits; 814 ULONG ExAcqResExclusiveNotAcquires; 815 ULONG ExAcqResSharedAttempts; 816 ULONG ExAcqResSharedAcquiresExclusive; 817 ULONG ExAcqResSharedAcquiresShared; 818 ULONG ExAcqResSharedAcquiresSharedRecursive; 819 ULONG ExAcqResSharedWaits; 820 ULONG ExAcqResSharedNotAcquires; 821 ULONG ExAcqResSharedStarveExclusiveAttempts; 822 ULONG ExAcqResSharedStarveExclusiveAcquiresExclusive; 823 ULONG ExAcqResSharedStarveExclusiveAcquiresShared; 824 ULONG ExAcqResSharedStarveExclusiveAcquiresSharedRecursive; 825 ULONG ExAcqResSharedStarveExclusiveWaits; 826 ULONG ExAcqResSharedStarveExclusiveNotAcquires; 827 ULONG ExAcqResSharedWaitForExclusiveAttempts; 828 ULONG ExAcqResSharedWaitForExclusiveAcquiresExclusive; 829 ULONG ExAcqResSharedWaitForExclusiveAcquiresShared; 830 ULONG ExAcqResSharedWaitForExclusiveAcquiresSharedRecursive; 831 ULONG ExAcqResSharedWaitForExclusiveWaits; 832 ULONG ExAcqResSharedWaitForExclusiveNotAcquires; 833 ULONG ExSetResOwnerPointerExclusive; 834 ULONG ExSetResOwnerPointerSharedNew; 835 ULONG ExSetResOwnerPointerSharedOld; 836 ULONG ExTryToAcqExclusiveAttempts; 837 ULONG ExTryToAcqExclusiveAcquires; 838 ULONG ExBoostExclusiveOwner; 839 ULONG ExBoostSharedOwners; 840 ULONG ExEtwSynchTrackingNotificationsCount; 841 ULONG ExEtwSynchTrackingNotificationsAccountedCount; 842 } SYNCH_COUNTERS, *PSYNCH_COUNTERS; 843 844 // 845 // PRCB DPC Data 846 // 847 typedef struct _KDPC_DATA 848 { 849 #if (NTDDI_VERSION >= NTDDI_LONGHORN) 850 KDPC_LIST DpcList; 851 #else 852 LIST_ENTRY DpcListHead; 853 #endif 854 ULONG_PTR DpcLock; 855 #if defined(_M_AMD64) || defined(_M_ARM) 856 volatile LONG DpcQueueDepth; 857 #else 858 volatile ULONG DpcQueueDepth; 859 #endif 860 ULONG DpcCount; 861 #if (NTDDI_VERSION >= NTDDI_LONGHORN) || defined(_M_ARM) 862 PKDPC ActiveDpc; 863 #endif 864 } KDPC_DATA, *PKDPC_DATA; 865 866 // 867 // Per-Processor Lookaside List 868 // 869 typedef struct _PP_LOOKASIDE_LIST 870 { 871 struct _GENERAL_LOOKASIDE *P; 872 struct _GENERAL_LOOKASIDE *L; 873 } PP_LOOKASIDE_LIST, *PPP_LOOKASIDE_LIST; 874 875 // 876 // Architectural Types 877 // 878 #include <arch/ketypes.h> 879 880 // 881 // Kernel Memory Node 882 // 883 typedef struct _KNODE 884 { 885 SLIST_HEADER DeadStackList; 886 SLIST_HEADER PfnDereferenceSListHead; 887 KAFFINITY ProcessorMask; 888 UCHAR Color; 889 UCHAR Seed; 890 UCHAR NodeNumber; 891 struct _flags { 892 UCHAR Removable : 1; 893 UCHAR Fill : 7; 894 } Flags; 895 ULONG MmShiftedColor; 896 ULONG_PTR FreeCount[2]; 897 struct _SINGLE_LIST_ENTRY *PfnDeferredList; 898 } KNODE, *PKNODE; 899 900 // 901 // Structure for Get/SetContext APC 902 // 903 typedef struct _GETSETCONTEXT 904 { 905 KAPC Apc; 906 KEVENT Event; 907 KPROCESSOR_MODE Mode; 908 CONTEXT Context; 909 } GETSETCONTEXT, *PGETSETCONTEXT; 910 911 // 912 // Kernel Profile Object 913 // 914 typedef struct _KPROFILE 915 { 916 CSHORT Type; 917 CSHORT Size; 918 LIST_ENTRY ProfileListEntry; 919 struct _KPROCESS *Process; 920 PVOID RangeBase; 921 PVOID RangeLimit; 922 ULONG BucketShift; 923 PVOID Buffer; 924 ULONG_PTR Segment; 925 KAFFINITY Affinity; 926 KPROFILE_SOURCE Source; 927 BOOLEAN Started; 928 } KPROFILE, *PKPROFILE; 929 930 // 931 // Kernel Interrupt Object 932 // 933 typedef struct _KINTERRUPT 934 { 935 CSHORT Type; 936 CSHORT Size; 937 LIST_ENTRY InterruptListEntry; 938 PKSERVICE_ROUTINE ServiceRoutine; 939 #if (NTDDI_VERSION >= NTDDI_LONGHORN) 940 PKSERVICE_ROUTINE MessageServiceRoutine; 941 ULONG MessageIndex; 942 #endif 943 PVOID ServiceContext; 944 KSPIN_LOCK SpinLock; 945 ULONG TickCount; 946 PKSPIN_LOCK ActualLock; 947 PKINTERRUPT_ROUTINE DispatchAddress; 948 ULONG Vector; 949 KIRQL Irql; 950 KIRQL SynchronizeIrql; 951 BOOLEAN FloatingSave; 952 BOOLEAN Connected; 953 CCHAR Number; 954 BOOLEAN ShareVector; 955 KINTERRUPT_MODE Mode; 956 #if (NTDDI_VERSION >= NTDDI_LONGHORN) 957 KINTERRUPT_POLARITY Polarity; 958 #endif 959 ULONG ServiceCount; 960 ULONG DispatchCount; 961 #if (NTDDI_VERSION >= NTDDI_LONGHORN) 962 ULONGLONG Rsvd1; 963 #endif 964 #ifdef _M_AMD64 965 PKTRAP_FRAME TrapFrame; 966 PVOID Reserved; 967 #endif 968 ULONG DispatchCode[DISPATCH_LENGTH]; 969 } KINTERRUPT; 970 971 // 972 // Kernel Event Pair Object 973 // 974 typedef struct _KEVENT_PAIR 975 { 976 CSHORT Type; 977 CSHORT Size; 978 KEVENT LowEvent; 979 KEVENT HighEvent; 980 } KEVENT_PAIR, *PKEVENT_PAIR; 981 982 // 983 // Kernel No Execute Options 984 // 985 typedef struct _KEXECUTE_OPTIONS 986 { 987 UCHAR ExecuteDisable:1; 988 UCHAR ExecuteEnable:1; 989 UCHAR DisableThunkEmulation:1; 990 UCHAR Permanent:1; 991 UCHAR ExecuteDispatchEnable:1; 992 UCHAR ImageDispatchEnable:1; 993 UCHAR Spare:2; 994 } KEXECUTE_OPTIONS, *PKEXECUTE_OPTIONS; 995 996 #if (NTDDI_VERSION >= NTDDI_WIN7) 997 typedef union _KWAIT_STATUS_REGISTER 998 { 999 UCHAR Flags; 1000 struct 1001 { 1002 UCHAR State:2; 1003 UCHAR Affinity:1; 1004 UCHAR Priority:1; 1005 UCHAR Apc:1; 1006 UCHAR UserApc:1; 1007 UCHAR Alert:1; 1008 UCHAR Unused:1; 1009 }; 1010 } KWAIT_STATUS_REGISTER, *PKWAIT_STATUS_REGISTER; 1011 1012 typedef struct _COUNTER_READING 1013 { 1014 enum _HARDWARE_COUNTER_TYPE Type; 1015 ULONG Index; 1016 ULONG64 Start; 1017 ULONG64 Total; 1018 }COUNTER_READING, *PCOUNTER_READING; 1019 1020 typedef struct _KTHREAD_COUNTERS 1021 { 1022 ULONG64 WaitReasonBitMap; 1023 struct _THREAD_PERFORMANCE_DATA* UserData; 1024 ULONG Flags; 1025 ULONG ContextSwitches; 1026 ULONG64 CycleTimeBias; 1027 ULONG64 HardwareCounters; 1028 COUNTER_READING HwCounter[16]; 1029 }KTHREAD_COUNTERS, *PKTHREAD_COUNTERS; 1030 #endif 1031 1032 /// FIXME: should move to rtltypes.h, but we can't include it here. 1033 #if (NTDDI_VERSION >= NTDDI_WIN8) 1034 typedef struct _RTL_RB_TREE 1035 { 1036 PRTL_BALANCED_NODE Root; 1037 PRTL_BALANCED_NODE Min; 1038 } RTL_RB_TREE, *PRTL_RB_TREE; 1039 #endif 1040 1041 #if (NTDDI_VERSION >= NTDDI_WINBLUE) 1042 typedef struct _KLOCK_ENTRY_LOCK_STATE 1043 { 1044 union 1045 { 1046 struct 1047 { 1048 #if (NTDDI_VERSION >= NTDDI_WIN10) // since 6.4.9841.0 1049 ULONG_PTR CrossThreadReleasable : 1; 1050 #else 1051 ULONG_PTR Waiting : 1; 1052 #endif 1053 ULONG_PTR Busy : 1; 1054 ULONG_PTR Reserved : (8 * sizeof(PVOID)) - 3; // previously Spare 1055 ULONG_PTR InTree : 1; 1056 }; 1057 PVOID LockState; 1058 }; 1059 union 1060 { 1061 PVOID SessionState; 1062 struct 1063 { 1064 ULONG SessionId; 1065 #ifdef _WIN64 1066 ULONG SessionPad; 1067 #endif 1068 }; 1069 }; 1070 } KLOCK_ENTRY_LOCK_STATE, *PKLOCK_ENTRY_LOCK_STATE; 1071 1072 typedef struct _KLOCK_ENTRY 1073 { 1074 union 1075 { 1076 RTL_BALANCED_NODE TreeNode; 1077 SINGLE_LIST_ENTRY FreeListEntry; 1078 }; 1079 #if (NTDDI_VERSION >= NTDDI_WIN10) 1080 union 1081 { 1082 ULONG EntryFlags; 1083 struct 1084 { 1085 UCHAR EntryOffset; 1086 union 1087 { 1088 UCHAR ThreadLocalFlags; 1089 struct 1090 { 1091 UCHAR WaitingBit : 1; 1092 UCHAR Spare0 : 7; 1093 }; 1094 }; 1095 union 1096 { 1097 UCHAR AcquiredByte; 1098 UCHAR AcquiredBit : 1; 1099 }; 1100 union 1101 { 1102 UCHAR CrossThreadFlags; 1103 struct 1104 { 1105 UCHAR HeadNodeBit : 1; 1106 UCHAR IoPriorityBit : 1; 1107 UCHAR IoQoSWaiter : 1; // since TH2 1108 UCHAR Spare1 : 5; 1109 }; 1110 }; 1111 }; 1112 struct 1113 { 1114 ULONG StaticState : 8; 1115 ULONG AllFlags : 24; 1116 }; 1117 }; 1118 #ifdef _WIN64 1119 ULONG SpareFlags; 1120 #endif 1121 #else 1122 union 1123 { 1124 PVOID ThreadUnsafe; 1125 struct 1126 { 1127 volatile UCHAR HeadNodeByte; 1128 UCHAR Reserved1[2]; 1129 volatile UCHAR AcquiredByte; 1130 }; 1131 }; 1132 #endif 1133 1134 union 1135 { 1136 KLOCK_ENTRY_LOCK_STATE LockState; 1137 PVOID LockUnsafe; 1138 struct 1139 { 1140 #if (NTDDI_VERSION >= NTDDI_WIN10) 1141 volatile UCHAR CrossThreadReleasableAndBusyByte; 1142 #else 1143 volatile UCHAR WaitingAndBusyByte; 1144 #endif 1145 UCHAR Reserved[sizeof(PVOID) - 2]; 1146 UCHAR InTreeByte; 1147 union 1148 { 1149 PVOID SessionState; 1150 struct 1151 { 1152 ULONG SessionId; 1153 #ifdef _WIN64 1154 ULONG SessionPad; 1155 #endif 1156 }; 1157 }; 1158 }; 1159 }; 1160 union 1161 { 1162 struct 1163 { 1164 RTL_RB_TREE OwnerTree; 1165 RTL_RB_TREE WaiterTree; 1166 }; 1167 CHAR CpuPriorityKey; 1168 }; 1169 ULONG_PTR EntryLock; 1170 union 1171 { 1172 #if _WIN64 1173 ULONG AllBoosts : 17; 1174 #else 1175 USHORT AllBoosts; 1176 #endif 1177 struct 1178 { 1179 struct 1180 { 1181 USHORT CpuBoostsBitmap : 15; 1182 USHORT IoBoost : 1; 1183 }; 1184 struct 1185 { 1186 USHORT IoQoSBoost : 1; 1187 USHORT IoNormalPriorityWaiterCount : 8; 1188 USHORT IoQoSWaiterCount : 7; 1189 }; 1190 }; 1191 }; 1192 #if _WIN64 1193 ULONG SparePad; 1194 #endif 1195 } KLOCK_ENTRY, *PKLOCK_ENTRY; 1196 1197 #endif 1198 1199 // 1200 // Kernel Thread (KTHREAD) 1201 // 1202 #if (NTDDI_VERSION < NTDDI_WIN8) 1203 1204 typedef struct _KTHREAD 1205 { 1206 DISPATCHER_HEADER Header; 1207 #if (NTDDI_VERSION >= NTDDI_LONGHORN) // [ 1208 ULONGLONG CycleTime; 1209 #ifndef _WIN64 // [ 1210 ULONG HighCycleTime; 1211 #endif // ] 1212 ULONGLONG QuantumTarget; 1213 #else // ][ 1214 LIST_ENTRY MutantListHead; 1215 #endif // ] 1216 PVOID InitialStack; 1217 ULONG_PTR StackLimit; // FIXME: PVOID 1218 PVOID KernelStack; 1219 KSPIN_LOCK ThreadLock; 1220 #if (NTDDI_VERSION >= NTDDI_WIN7) // [ 1221 KWAIT_STATUS_REGISTER WaitRegister; 1222 BOOLEAN Running; 1223 BOOLEAN Alerted[2]; 1224 union 1225 { 1226 struct 1227 { 1228 ULONG KernelStackResident:1; 1229 ULONG ReadyTransition:1; 1230 ULONG ProcessReadyQueue:1; 1231 ULONG WaitNext:1; 1232 ULONG SystemAffinityActive:1; 1233 ULONG Alertable:1; 1234 ULONG GdiFlushActive:1; 1235 ULONG UserStackWalkActive:1; 1236 ULONG ApcInterruptRequest:1; 1237 ULONG ForceDeferSchedule:1; 1238 ULONG QuantumEndMigrate:1; 1239 ULONG UmsDirectedSwitchEnable:1; 1240 ULONG TimerActive:1; 1241 ULONG Reserved:19; 1242 }; 1243 LONG MiscFlags; 1244 }; 1245 #endif // ] 1246 union 1247 { 1248 KAPC_STATE ApcState; 1249 struct 1250 { 1251 UCHAR ApcStateFill[FIELD_OFFSET(KAPC_STATE, UserApcPending) + 1]; 1252 #if (NTDDI_VERSION >= NTDDI_LONGHORN) // [ 1253 SCHAR Priority; 1254 #if (NTDDI_VERSION >= NTDDI_WIN7) // [ 1255 /* On x86, the following members "fall out" of the union */ 1256 volatile ULONG NextProcessor; 1257 volatile ULONG DeferredProcessor; 1258 #else // ][ 1259 /* On x86, the following members "fall out" of the union */ 1260 volatile USHORT NextProcessor; 1261 volatile USHORT DeferredProcessor; 1262 #endif // ] 1263 #else // ][ 1264 UCHAR ApcQueueable; 1265 /* On x86, the following members "fall out" of the union */ 1266 volatile UCHAR NextProcessor; 1267 volatile UCHAR DeferredProcessor; 1268 UCHAR AdjustReason; 1269 SCHAR AdjustIncrement; 1270 #endif // ] 1271 }; 1272 }; 1273 KSPIN_LOCK ApcQueueLock; 1274 #if !defined(_M_AMD64) && !defined(_M_ARM64) // [ 1275 ULONG ContextSwitches; 1276 volatile UCHAR State; 1277 UCHAR NpxState; 1278 KIRQL WaitIrql; 1279 KPROCESSOR_MODE WaitMode; 1280 #endif // ] 1281 LONG_PTR WaitStatus; 1282 #if (NTDDI_VERSION >= NTDDI_WIN7) // [ 1283 PKWAIT_BLOCK WaitBlockList; 1284 #else // ][ 1285 union 1286 { 1287 PKWAIT_BLOCK WaitBlockList; 1288 PKGATE GateObject; 1289 }; 1290 #if (NTDDI_VERSION >= NTDDI_LONGHORN) // [ 1291 union 1292 { 1293 struct 1294 { 1295 ULONG KernelStackResident:1; 1296 ULONG ReadyTransition:1; 1297 ULONG ProcessReadyQueue:1; 1298 ULONG WaitNext:1; 1299 ULONG SystemAffinityActive:1; 1300 ULONG Alertable:1; 1301 ULONG GdiFlushActive:1; 1302 ULONG Reserved:25; 1303 }; 1304 LONG MiscFlags; 1305 }; 1306 #else // ][ 1307 BOOLEAN Alertable; 1308 BOOLEAN WaitNext; 1309 #endif // ] 1310 UCHAR WaitReason; 1311 #if (NTDDI_VERSION < NTDDI_LONGHORN) 1312 SCHAR Priority; 1313 BOOLEAN EnableStackSwap; 1314 #endif // ] 1315 volatile UCHAR SwapBusy; 1316 BOOLEAN Alerted[MaximumMode]; 1317 #endif // ] 1318 union 1319 { 1320 LIST_ENTRY WaitListEntry; 1321 SINGLE_LIST_ENTRY SwapListEntry; 1322 }; 1323 PKQUEUE Queue; 1324 #if !defined(_M_AMD64) && !defined(_M_ARM64) // [ 1325 ULONG WaitTime; 1326 union 1327 { 1328 struct 1329 { 1330 SHORT KernelApcDisable; 1331 SHORT SpecialApcDisable; 1332 }; 1333 ULONG CombinedApcDisable; 1334 }; 1335 #endif // ] 1336 struct _TEB *Teb; 1337 1338 #if (NTDDI_VERSION >= NTDDI_WIN7) // [ 1339 KTIMER Timer; 1340 #else // ][ 1341 union 1342 { 1343 KTIMER Timer; 1344 struct 1345 { 1346 UCHAR TimerFill[FIELD_OFFSET(KTIMER, Period) + sizeof(LONG)]; 1347 #if !defined(_WIN64) // [ 1348 }; 1349 }; 1350 #endif // ] 1351 #endif // ] 1352 union 1353 { 1354 struct 1355 { 1356 ULONG AutoAlignment:1; 1357 ULONG DisableBoost:1; 1358 #if (NTDDI_VERSION >= NTDDI_LONGHORN) // [ 1359 ULONG EtwStackTraceApc1Inserted:1; 1360 ULONG EtwStackTraceApc2Inserted:1; 1361 ULONG CycleChargePending:1; 1362 ULONG CalloutActive:1; 1363 ULONG ApcQueueable:1; 1364 ULONG EnableStackSwap:1; 1365 ULONG GuiThread:1; 1366 ULONG ReservedFlags:23; 1367 #else // ][ 1368 LONG ReservedFlags:30; 1369 #endif // ] 1370 }; 1371 LONG ThreadFlags; 1372 }; 1373 #if defined(_WIN64) && (NTDDI_VERSION < NTDDI_WIN7) // [ 1374 }; 1375 }; 1376 #endif // ] 1377 #if (NTDDI_VERSION >= NTDDI_WIN7) // [ 1378 #if defined(_WIN64) // [ 1379 ULONG Spare0; 1380 #else // ][ 1381 PVOID ServiceTable; 1382 #endif // ] 1383 #endif // ] 1384 union 1385 { 1386 DECLSPEC_ALIGN(8) KWAIT_BLOCK WaitBlock[THREAD_WAIT_OBJECTS + 1]; 1387 #if (NTDDI_VERSION < NTDDI_WIN7) // [ 1388 struct 1389 { 1390 UCHAR WaitBlockFill0[FIELD_OFFSET(KWAIT_BLOCK, SpareByte)]; // 32bit = 23, 64bit = 43 1391 #if (NTDDI_VERSION >= NTDDI_LONGHORN) // [ 1392 UCHAR IdealProcessor; 1393 #else // ][ 1394 BOOLEAN SystemAffinityActive; 1395 #endif // ] 1396 }; 1397 struct 1398 { 1399 UCHAR WaitBlockFill1[1 * sizeof(KWAIT_BLOCK) + FIELD_OFFSET(KWAIT_BLOCK, SpareByte)]; // 47 / 91 1400 CCHAR PreviousMode; 1401 }; 1402 struct 1403 { 1404 UCHAR WaitBlockFill2[2 * sizeof(KWAIT_BLOCK) + FIELD_OFFSET(KWAIT_BLOCK, SpareByte)]; // 71 / 139 1405 UCHAR ResourceIndex; 1406 }; 1407 struct 1408 { 1409 UCHAR WaitBlockFill3[3 * sizeof(KWAIT_BLOCK) + FIELD_OFFSET(KWAIT_BLOCK, SpareByte)]; // 95 / 187 1410 UCHAR LargeStack; 1411 }; 1412 #endif // ] 1413 #ifdef _WIN64 // [ 1414 struct 1415 { 1416 UCHAR WaitBlockFill4[FIELD_OFFSET(KWAIT_BLOCK, SpareLong)]; 1417 ULONG ContextSwitches; 1418 }; 1419 struct 1420 { 1421 UCHAR WaitBlockFill5[1 * sizeof(KWAIT_BLOCK) + FIELD_OFFSET(KWAIT_BLOCK, SpareLong)]; 1422 UCHAR State; 1423 UCHAR NpxState; 1424 UCHAR WaitIrql; 1425 CHAR WaitMode; 1426 }; 1427 struct 1428 { 1429 UCHAR WaitBlockFill6[2 * sizeof(KWAIT_BLOCK) + FIELD_OFFSET(KWAIT_BLOCK, SpareLong)]; 1430 ULONG WaitTime; 1431 }; 1432 #if (NTDDI_VERSION >= NTDDI_WIN7) // [ 1433 struct 1434 { 1435 UCHAR WaitBlockFill7[168]; 1436 PVOID TebMappedLowVa; 1437 struct _UMS_CONTROL_BLOCK* Ucb; 1438 }; 1439 #endif // ] 1440 struct 1441 { 1442 #if (NTDDI_VERSION >= NTDDI_WIN7) // [ 1443 UCHAR WaitBlockFill8[188]; 1444 #else // ][ 1445 UCHAR WaitBlockFill7[3 * sizeof(KWAIT_BLOCK) + FIELD_OFFSET(KWAIT_BLOCK, SpareLong)]; 1446 #endif // ] 1447 union 1448 { 1449 struct 1450 { 1451 SHORT KernelApcDisable; 1452 SHORT SpecialApcDisable; 1453 }; 1454 ULONG CombinedApcDisable; 1455 }; 1456 }; 1457 #endif // ] 1458 }; 1459 LIST_ENTRY QueueListEntry; 1460 PKTRAP_FRAME TrapFrame; 1461 #if (NTDDI_VERSION >= NTDDI_LONGHORN) // [ 1462 PVOID FirstArgument; 1463 union 1464 { 1465 PVOID CallbackStack; 1466 ULONG_PTR CallbackDepth; 1467 }; 1468 #else // ][ 1469 PVOID CallbackStack; 1470 #endif // ] 1471 #if (NTDDI_VERSION < NTDDI_LONGHORN) || ((NTDDI_VERSION < NTDDI_WIN7) && !defined(_WIN64)) // [ 1472 PVOID ServiceTable; 1473 #endif // ] 1474 #if (NTDDI_VERSION < NTDDI_LONGHORN) && defined(_WIN64) // [ 1475 ULONG KernelLimit; 1476 #endif // ] 1477 UCHAR ApcStateIndex; 1478 #if (NTDDI_VERSION < NTDDI_LONGHORN) // [ 1479 UCHAR IdealProcessor; 1480 BOOLEAN Preempted; 1481 BOOLEAN ProcessReadyQueue; 1482 #ifdef _WIN64 // [ 1483 PVOID Win32kTable; 1484 ULONG Win32kLimit; 1485 #endif // ] 1486 BOOLEAN KernelStackResident; 1487 #endif // ] 1488 SCHAR BasePriority; 1489 SCHAR PriorityDecrement; 1490 #if (NTDDI_VERSION >= NTDDI_LONGHORN) // [ 1491 BOOLEAN Preempted; 1492 UCHAR AdjustReason; 1493 CHAR AdjustIncrement; 1494 #if (NTDDI_VERSION >= NTDDI_WIN7) 1495 UCHAR PreviousMode; 1496 #else 1497 UCHAR Spare01; 1498 #endif 1499 #endif // ] 1500 CHAR Saturation; 1501 #if (NTDDI_VERSION >= NTDDI_LONGHORN) // [ 1502 ULONG SystemCallNumber; 1503 #if (NTDDI_VERSION >= NTDDI_WIN7) // [ 1504 ULONG FreezeCount; 1505 #else // ][ 1506 ULONG Spare02; 1507 #endif // ] 1508 #endif // ] 1509 #if (NTDDI_VERSION >= NTDDI_WIN7) // [ 1510 GROUP_AFFINITY UserAffinity; 1511 struct _KPROCESS *Process; 1512 GROUP_AFFINITY Affinity; 1513 ULONG IdealProcessor; 1514 ULONG UserIdealProcessor; 1515 #else // ][ 1516 KAFFINITY UserAffinity; 1517 struct _KPROCESS *Process; 1518 KAFFINITY Affinity; 1519 #endif // ] 1520 PKAPC_STATE ApcStatePointer[2]; 1521 union 1522 { 1523 KAPC_STATE SavedApcState; 1524 struct 1525 { 1526 UCHAR SavedApcStateFill[FIELD_OFFSET(KAPC_STATE, UserApcPending) + 1]; 1527 #if (NTDDI_VERSION >= NTDDI_WIN7) // [ 1528 UCHAR WaitReason; 1529 #else // ][ 1530 CCHAR FreezeCount; 1531 #endif // ] 1532 #ifndef _WIN64 // [ 1533 }; 1534 }; 1535 #endif // ] 1536 CCHAR SuspendCount; 1537 #if (NTDDI_VERSION >= NTDDI_WIN7) // [ 1538 CCHAR Spare1; 1539 #else // ][ 1540 UCHAR UserIdealProcessor; 1541 #endif // ] 1542 #if (NTDDI_VERSION >= NTDDI_WIN7) // [ 1543 #elif (NTDDI_VERSION >= NTDDI_LONGHORN) // ][ 1544 UCHAR Spare03; 1545 #else // ][ 1546 UCHAR CalloutActive; 1547 #endif // ] 1548 #ifdef _WIN64 // [ 1549 UCHAR CodePatchInProgress; 1550 }; 1551 }; 1552 #endif // ] 1553 #if defined(_M_IX86) // [ 1554 #if (NTDDI_VERSION >= NTDDI_LONGHORN) // [ 1555 UCHAR OtherPlatformFill; 1556 #else // ][ 1557 UCHAR Iopl; 1558 #endif // ] 1559 #endif // ] 1560 PVOID Win32Thread; 1561 PVOID StackBase; 1562 union 1563 { 1564 KAPC SuspendApc; 1565 struct 1566 { 1567 UCHAR SuspendApcFill0[1]; 1568 #if (NTDDI_VERSION >= NTDDI_WIN7) // [ 1569 UCHAR ResourceIndex; 1570 #elif (NTDDI_VERSION >= NTDDI_LONGHORN) // ][ 1571 CHAR Spare04; 1572 #else // ][ 1573 SCHAR Quantum; 1574 #endif // ] 1575 }; 1576 struct 1577 { 1578 UCHAR SuspendApcFill1[3]; 1579 UCHAR QuantumReset; 1580 }; 1581 struct 1582 { 1583 UCHAR SuspendApcFill2[4]; 1584 ULONG KernelTime; 1585 }; 1586 struct 1587 { 1588 UCHAR SuspendApcFill3[FIELD_OFFSET(KAPC, SystemArgument1)]; 1589 #if (NTDDI_VERSION >= NTDDI_LONGHORN) 1590 PKPRCB WaitPrcb; 1591 #else 1592 PVOID TlsArray; 1593 #endif 1594 }; 1595 struct 1596 { 1597 UCHAR SuspendApcFill4[FIELD_OFFSET(KAPC, SystemArgument2)]; // 40 / 72 1598 PVOID LegoData; 1599 }; 1600 struct 1601 { 1602 UCHAR SuspendApcFill5[FIELD_OFFSET(KAPC, Inserted) + 1]; // 47 / 83 1603 #if (NTDDI_VERSION >= NTDDI_WIN7) // [ 1604 UCHAR LargeStack; 1605 #else // ][ 1606 UCHAR PowerState; 1607 #endif // ] 1608 #ifdef _WIN64 // [ 1609 ULONG UserTime; 1610 #endif // ] 1611 }; 1612 }; 1613 #ifndef _WIN64 // [ 1614 ULONG UserTime; 1615 #endif // ] 1616 union 1617 { 1618 KSEMAPHORE SuspendSemaphore; 1619 struct 1620 { 1621 UCHAR SuspendSemaphorefill[FIELD_OFFSET(KSEMAPHORE, Limit) + 4]; // 20 / 28 1622 #ifdef _WIN64 // [ 1623 ULONG SListFaultCount; 1624 #endif // ] 1625 }; 1626 }; 1627 #ifndef _WIN64 // [ 1628 ULONG SListFaultCount; 1629 #endif // ] 1630 LIST_ENTRY ThreadListEntry; 1631 #if (NTDDI_VERSION >= NTDDI_LONGHORN) // [ 1632 LIST_ENTRY MutantListHead; 1633 #endif // ] 1634 PVOID SListFaultAddress; 1635 #ifdef _M_AMD64 // [ 1636 LONG64 ReadOperationCount; 1637 LONG64 WriteOperationCount; 1638 LONG64 OtherOperationCount; 1639 LONG64 ReadTransferCount; 1640 LONG64 WriteTransferCount; 1641 LONG64 OtherTransferCount; 1642 #endif // ] 1643 #if (NTDDI_VERSION >= NTDDI_WIN7) // [ 1644 PKTHREAD_COUNTERS ThreadCounters; 1645 PXSTATE_SAVE XStateSave; 1646 #elif (NTDDI_VERSION >= NTDDI_LONGHORN) // ][ 1647 PVOID MdlForLockedTeb; 1648 #endif // ] 1649 } KTHREAD; 1650 1651 #else // not (NTDDI_VERSION < NTDDI_WIN8) 1652 1653 #if defined(_WIN64) && (NTDDI_VERSION < 0x06032580) // since WIN 8.1 Update1 6.3.9600.16384 1654 #define NUMBER_OF_LOCK_ENTRIES 5 1655 #else 1656 #define NUMBER_OF_LOCK_ENTRIES 6 1657 #endif 1658 1659 typedef struct _KTHREAD 1660 { 1661 DISPATCHER_HEADER Header; 1662 PVOID SListFaultAddress; 1663 ULONG64 QuantumTarget; 1664 PVOID InitialStack; 1665 volatile VOID *StackLimit; 1666 PVOID StackBase; 1667 KSPIN_LOCK ThreadLock; 1668 volatile ULONG64 CycleTime; 1669 #ifndef _WIN64 1670 volatile ULONG HighCycleTime; 1671 PVOID ServiceTable; 1672 #endif 1673 ULONG CurrentRunTime; 1674 ULONG ExpectedRunTime; 1675 PVOID KernelStack; 1676 XSAVE_FORMAT* StateSaveArea; 1677 struct _KSCHEDULING_GROUP* SchedulingGroup; 1678 KWAIT_STATUS_REGISTER WaitRegister; 1679 BOOLEAN Running; 1680 BOOLEAN Alerted[MaximumMode]; 1681 1682 union 1683 { 1684 struct 1685 { 1686 #if (NTDDI_VERSION < NTDDI_WIN10) 1687 ULONG KernelStackResident : 1; 1688 #else 1689 ULONG AutoBoostActive : 1; 1690 #endif 1691 ULONG ReadyTransition : 1; 1692 #if (NTDDI_VERSION < NTDDI_WIN10TH2) 1693 ULONG ProcessReadyQueue : 1; 1694 #endif 1695 ULONG ProcessReadyQueue : 1; 1696 ULONG WaitNext : 1; 1697 ULONG SystemAffinityActive : 1; 1698 ULONG Alertable : 1; 1699 #if (NTDDI_VERSION < NTDDI_WIN81) 1700 ULONG CodePatchInProgress : 1; 1701 #endif 1702 ULONG UserStackWalkActive : 1; 1703 ULONG ApcInterruptRequest : 1; 1704 ULONG QuantumEndMigrate : 1; 1705 ULONG UmsDirectedSwitchEnable : 1; 1706 ULONG TimerActive : 1; 1707 ULONG SystemThread : 1; 1708 ULONG ProcessDetachActive : 1; 1709 ULONG CalloutActive : 1; 1710 ULONG ScbReadyQueue : 1; 1711 ULONG ApcQueueable : 1; 1712 ULONG ReservedStackInUse : 1; 1713 ULONG UmsPerformingSyscall : 1; 1714 ULONG DisableStackCheck : 1; 1715 ULONG Reserved : 12; 1716 }; 1717 LONG MiscFlags; 1718 }; 1719 1720 union 1721 { 1722 struct 1723 { 1724 ULONG AutoAlignment : 1; 1725 ULONG DisableBoost : 1; 1726 ULONG UserAffinitySet : 1; 1727 ULONG AlertedByThreadId : 1; 1728 ULONG QuantumDonation : 1; 1729 ULONG EnableStackSwap : 1; 1730 ULONG GuiThread : 1; 1731 ULONG DisableQuantum : 1; 1732 ULONG ChargeOnlyGroup : 1; 1733 ULONG DeferPreemption : 1; 1734 ULONG QueueDeferPreemption : 1; 1735 ULONG ForceDeferSchedule : 1; 1736 ULONG ExplicitIdealProcessor : 1; 1737 ULONG FreezeCount : 1; 1738 #if (NTDDI_VERSION >= 0x060324D7) // since 6.3.9431.0 1739 ULONG TerminationApcRequest : 1; 1740 #endif 1741 #if (NTDDI_VERSION >= 0x06032580) // since 6.3.9600.16384 1742 ULONG AutoBoostEntriesExhausted : 1; 1743 #endif 1744 #if (NTDDI_VERSION >= 0x06032580) // since 6.3.9600.17031 1745 ULONG KernelStackResident : 1; 1746 #endif 1747 #if (NTDDI_VERSION >= NTDDI_WIN10) 1748 ULONG CommitFailTerminateRequest : 1; 1749 ULONG ProcessStackCountDecremented : 1; 1750 ULONG ThreadFlagsSpare : 5; 1751 #endif 1752 ULONG EtwStackTraceApcInserted : 8; 1753 #if (NTDDI_VERSION < NTDDI_WIN10) 1754 ULONG ReservedFlags : 10; 1755 #endif 1756 }; 1757 LONG ThreadFlags; 1758 }; 1759 1760 #if (NTDDI_VERSION >= NTDDI_WIN10) 1761 volatile UCHAR Tag; 1762 UCHAR SystemHeteroCpuPolicy; 1763 UCHAR UserHeteroCpuPolicy : 7; 1764 UCHAR ExplicitSystemHeteroCpuPolicy : 1; 1765 UCHAR Spare0; 1766 #else 1767 ULONG Spare0; 1768 #endif 1769 ULONG SystemCallNumber; 1770 #ifdef _WIN64 1771 ULONG Spare1; // Win 10: Spare10 1772 #endif 1773 PVOID FirstArgument; 1774 PKTRAP_FRAME TrapFrame; 1775 1776 union 1777 { 1778 KAPC_STATE ApcState; 1779 struct 1780 { 1781 UCHAR ApcStateFill[RTL_SIZEOF_THROUGH_FIELD(KAPC_STATE, UserApcPending)]; // 32bit: 23/0x17, 64bit: 43/0x2B 1782 SCHAR Priority; 1783 ULONG UserIdealProcessor; 1784 }; 1785 }; 1786 1787 #ifndef _WIN64 1788 ULONG ContextSwitches; 1789 volatile UCHAR State; 1790 #if (NTDDI_VERSION >= NTDDI_WIN10) // since 10.0.10074.0 1791 CHAR Spare12; 1792 #else 1793 CHAR NpxState; 1794 #endif 1795 KIRQL WaitIrql; 1796 KPROCESSOR_MODE WaitMode; 1797 #endif 1798 1799 volatile INT_PTR WaitStatus; 1800 PKWAIT_BLOCK WaitBlockList; 1801 union 1802 { 1803 LIST_ENTRY WaitListEntry; 1804 SINGLE_LIST_ENTRY SwapListEntry; 1805 }; 1806 PKQUEUE Queue; 1807 PVOID Teb; 1808 #if (NTDDI_VERSION >= NTDDI_WIN8 /* 0x060223F0 */) // since 6.2.9200.16384 1809 ULONG64 RelativeTimerBias; 1810 #endif 1811 KTIMER Timer; 1812 1813 union 1814 { 1815 DECLSPEC_ALIGN(8) KWAIT_BLOCK WaitBlock[THREAD_WAIT_OBJECTS + 1]; 1816 #ifdef _WIN64 1817 struct 1818 { 1819 UCHAR WaitBlockFill4[FIELD_OFFSET(KWAIT_BLOCK, SpareLong)]; // 32bit: -, 64bit: 20/0x14 1820 ULONG ContextSwitches; 1821 }; 1822 struct 1823 { 1824 UCHAR WaitBlockFill5[1 * sizeof(KWAIT_BLOCK) + FIELD_OFFSET(KWAIT_BLOCK, SpareLong)]; // 32bit: -, 64bit: 68/0x44 1825 UCHAR State; 1826 #if (NTDDI_VERSION >= NTDDI_WIN10) 1827 CHAR Spare13; 1828 #else 1829 CHAR NpxState; 1830 #endif 1831 UCHAR WaitIrql; 1832 CHAR WaitMode; 1833 }; 1834 struct 1835 { 1836 UCHAR WaitBlockFill6[2 * sizeof(KWAIT_BLOCK) + FIELD_OFFSET(KWAIT_BLOCK, SpareLong)]; // 32bit: -, 64bit: 116/0x74 1837 ULONG WaitTime; 1838 }; 1839 struct 1840 { 1841 UCHAR WaitBlockFill7[3 * sizeof(KWAIT_BLOCK) + FIELD_OFFSET(KWAIT_BLOCK, SpareLong)]; // 32bit: -, 64bit: 164/0xA4 1842 union 1843 { 1844 struct 1845 { 1846 SHORT KernelApcDisable; 1847 SHORT SpecialApcDisable; 1848 }; 1849 ULONG CombinedApcDisable; 1850 }; 1851 }; 1852 #endif 1853 struct 1854 { 1855 UCHAR WaitBlockFill8[FIELD_OFFSET(KWAIT_BLOCK, SparePtr)]; // 32bit: 20/0x14, 64bit: 40/0x28 1856 struct _KTHREAD_COUNTERS *ThreadCounters; 1857 }; 1858 struct 1859 { 1860 UCHAR WaitBlockFill9[1 * sizeof(KWAIT_BLOCK) + FIELD_OFFSET(KWAIT_BLOCK, SparePtr)]; // 32bit: 44/0x2C, 64bit: 88/0x58 1861 PXSTATE_SAVE XStateSave; 1862 }; 1863 struct 1864 { 1865 UCHAR WaitBlockFill10[2 * sizeof(KWAIT_BLOCK) + FIELD_OFFSET(KWAIT_BLOCK, SparePtr)]; // 32bit: 68/0x44, 64bit: 136/0x88 1866 PVOID Win32Thread; 1867 }; 1868 struct 1869 { 1870 UCHAR WaitBlockFill11[3 * sizeof(KWAIT_BLOCK) + FIELD_OFFSET(KWAIT_BLOCK, Object)]; // 32bit: 88/0x58, 64bit: 176/0xB0 1871 #ifdef _WIN64 1872 struct _UMS_CONTROL_BLOCK* Ucb; 1873 struct _KUMS_CONTEXT_HEADER* Uch; 1874 #else 1875 ULONG WaitTime; 1876 union 1877 { 1878 struct 1879 { 1880 SHORT KernelApcDisable; 1881 SHORT SpecialApcDisable; 1882 }; 1883 ULONG CombinedApcDisable; 1884 }; 1885 #endif 1886 }; 1887 }; 1888 1889 #ifdef _WIN64 1890 PVOID TebMappedLowVa; 1891 #endif 1892 LIST_ENTRY QueueListEntry; 1893 #if (NTDDI_VERSION >= 0x060223F0) // since 6.2.9200.16384 1894 union 1895 { 1896 ULONG NextProcessor; 1897 struct 1898 { 1899 ULONG NextProcessorNumber : 31; 1900 ULONG SharedReadyQueue : 1; 1901 }; 1902 }; 1903 LONG QueuePriority; 1904 #else 1905 ULONG NextProcessor; 1906 ULONG DeferredProcessor; 1907 #endif 1908 PKPROCESS Process; 1909 1910 union 1911 { 1912 GROUP_AFFINITY UserAffinity; 1913 struct 1914 { 1915 UCHAR UserAffinityFill[FIELD_OFFSET(GROUP_AFFINITY, Reserved)]; // 32bit: 6/0x6, 64bit: 10/0x0A 1916 CHAR PreviousMode; 1917 CHAR BasePriority; 1918 union 1919 { 1920 CHAR PriorityDecrement; 1921 struct 1922 { 1923 UCHAR ForegroundBoost : 4; 1924 UCHAR UnusualBoost : 4; 1925 }; 1926 }; 1927 UCHAR Preempted; 1928 UCHAR AdjustReason; 1929 CHAR AdjustIncrement; 1930 }; 1931 }; 1932 1933 #if (NTDDI_VERSION >= NTDDI_WIN10) // since 10.0.10240.16384 1934 ULONG_PTR AffinityVersion; 1935 #endif 1936 union 1937 { 1938 GROUP_AFFINITY Affinity; 1939 struct 1940 { 1941 UCHAR AffinityFill[FIELD_OFFSET(GROUP_AFFINITY, Reserved)]; // 32bit: 6/0x6, 64bit: 10/0x0A 1942 UCHAR ApcStateIndex; 1943 UCHAR WaitBlockCount; 1944 ULONG IdealProcessor; 1945 }; 1946 }; 1947 1948 #if (NTDDI_VERSION >= NTDDI_WIN10) // since 10.0.10240.16384 1949 #ifdef _WIN64 1950 ULONG64 NpxState; 1951 #else 1952 ULONG Spare15; 1953 #endif 1954 #else 1955 PKAPC_STATE ApcStatePointer[2]; 1956 #endif 1957 1958 union 1959 { 1960 KAPC_STATE SavedApcState; 1961 struct 1962 { 1963 UCHAR SavedApcStateFill[FIELD_OFFSET(KAPC_STATE, UserApcPending) + 1]; // 32bit: 23/0x17, 64bit: 43/0x2B 1964 UCHAR WaitReason; 1965 CHAR SuspendCount; 1966 CHAR Saturation; 1967 SHORT SListFaultCount; 1968 }; 1969 }; 1970 1971 union 1972 { 1973 KAPC SchedulerApc; 1974 struct 1975 { 1976 UCHAR SchedulerApcFill0[FIELD_OFFSET(KAPC, SpareByte0)]; // 32bit: 1/0x01, 64bit: 1/0x01 1977 UCHAR ResourceIndex; 1978 }; 1979 struct 1980 { 1981 UCHAR SchedulerApcFill1[FIELD_OFFSET(KAPC, SpareByte1)]; // 32bit: 3/0x03, 64bit: 3/0x03 1982 UCHAR QuantumReset; 1983 }; 1984 struct 1985 { 1986 UCHAR SchedulerApcFill2[FIELD_OFFSET(KAPC, SpareLong0)]; // 32bit: 4/0x04, 64bit: 4/0x04 1987 ULONG KernelTime; 1988 }; 1989 struct 1990 { 1991 UCHAR SuspendApcFill3[FIELD_OFFSET(KAPC, SystemArgument1)]; // 32 bit:, 64 bit: 64/0x40 1992 PKPRCB WaitPrcb; 1993 }; 1994 struct 1995 { 1996 UCHAR SchedulerApcFill4[FIELD_OFFSET(KAPC, SystemArgument2)]; // 32 bit:, 64 bit: 72/0x48 1997 PVOID LegoData; 1998 }; 1999 struct 2000 { 2001 UCHAR SchedulerApcFill5[FIELD_OFFSET(KAPC, Inserted) + 1]; // 32 bit:, 64 bit: 83/0x53 2002 UCHAR CallbackNestingLevel; 2003 ULONG UserTime; 2004 }; 2005 }; 2006 2007 KEVENT SuspendEvent; 2008 LIST_ENTRY ThreadListEntry; 2009 LIST_ENTRY MutantListHead; 2010 2011 #if (NTDDI_VERSION >= NTDDI_WIN10) 2012 UCHAR AbEntrySummary; 2013 UCHAR AbWaitEntryCount; 2014 USHORT Spare20; 2015 #if _WIN64 2016 ULONG SecureThreadCookie; 2017 #endif 2018 #elif (NTDDI_VERSION >= NTDDI_WINBLUE) // 6.3.9431.0 2019 SINGLE_LIST_ENTRY LockEntriesFreeList; 2020 #endif 2021 2022 #if (NTDDI_VERSION >= NTDDI_WINBLUE /* 0x06032580 */) // since 6.3.9600.16384 2023 KLOCK_ENTRY LockEntries[NUMBER_OF_LOCK_ENTRIES]; 2024 SINGLE_LIST_ENTRY PropagateBoostsEntry; 2025 SINGLE_LIST_ENTRY IoSelfBoostsEntry; 2026 UCHAR PriorityFloorCounts[16]; 2027 ULONG PriorityFloorSummary; 2028 volatile LONG AbCompletedIoBoostCount; 2029 #if (NTDDI_VERSION >= NTDDI_WIN10_RS1) 2030 LONG AbCompletedIoQoSBoostCount; 2031 #endif 2032 2033 #if (NTDDI_VERSION >= NTDDI_WIN10) // since 10.0.10240.16384 2034 volatile SHORT KeReferenceCount; 2035 #else 2036 volatile SHORT AbReferenceCount; 2037 #endif 2038 #if (NTDDI_VERSION >= 0x06040000) // since 6.4.9841.0 2039 UCHAR AbOrphanedEntrySummary; 2040 UCHAR AbOwnedEntryCount; 2041 #else 2042 UCHAR AbFreeEntryCount; 2043 UCHAR AbWaitEntryCount; 2044 #endif 2045 ULONG ForegroundLossTime; 2046 union 2047 { 2048 LIST_ENTRY GlobalForegroundListEntry; 2049 struct 2050 { 2051 SINGLE_LIST_ENTRY ForegroundDpcStackListEntry; 2052 ULONG_PTR InGlobalForegroundList; 2053 }; 2054 }; 2055 #endif 2056 2057 #if _WIN64 2058 LONG64 ReadOperationCount; 2059 LONG64 WriteOperationCount; 2060 LONG64 OtherOperationCount; 2061 LONG64 ReadTransferCount; 2062 LONG64 WriteTransferCount; 2063 LONG64 OtherTransferCount; 2064 #endif 2065 #if (NTDDI_VERSION >= NTDDI_WIN10) // since 10.0.10041.0 2066 struct _KSCB *QueuedScb; 2067 #ifndef _WIN64 2068 ULONG64 NpxState; 2069 #endif 2070 #endif 2071 } KTHREAD; 2072 2073 #endif 2074 2075 2076 #define ASSERT_THREAD(object) \ 2077 ASSERT((((object)->Header.Type & KOBJECT_TYPE_MASK) == ThreadObject)) 2078 2079 // 2080 // Kernel Process (KPROCESS) 2081 // 2082 typedef struct _KPROCESS 2083 { 2084 DISPATCHER_HEADER Header; 2085 LIST_ENTRY ProfileListHead; 2086 #if (NTDDI_VERSION >= NTDDI_LONGHORN) 2087 ULONG_PTR DirectoryTableBase; 2088 ULONG_PTR Unused0; 2089 #else 2090 ULONG_PTR DirectoryTableBase[2]; 2091 #endif 2092 #if defined(_M_IX86) 2093 KGDTENTRY LdtDescriptor; 2094 KIDTENTRY Int21Descriptor; 2095 #endif 2096 USHORT IopmOffset; 2097 #if defined(_M_IX86) 2098 UCHAR Iopl; 2099 UCHAR Unused; 2100 #endif 2101 volatile KAFFINITY ActiveProcessors; 2102 ULONG KernelTime; 2103 ULONG UserTime; 2104 LIST_ENTRY ReadyListHead; 2105 SINGLE_LIST_ENTRY SwapListEntry; 2106 PVOID VdmTrapcHandler; 2107 LIST_ENTRY ThreadListHead; 2108 KSPIN_LOCK ProcessLock; 2109 KAFFINITY Affinity; 2110 union 2111 { 2112 struct 2113 { 2114 LONG AutoAlignment:1; 2115 LONG DisableBoost:1; 2116 LONG DisableQuantum:1; 2117 LONG ReservedFlags:29; 2118 }; 2119 LONG ProcessFlags; 2120 }; 2121 SCHAR BasePriority; 2122 SCHAR QuantumReset; 2123 UCHAR State; 2124 UCHAR ThreadSeed; 2125 UCHAR PowerState; 2126 UCHAR IdealNode; 2127 UCHAR Visited; 2128 union 2129 { 2130 KEXECUTE_OPTIONS Flags; 2131 UCHAR ExecuteOptions; 2132 }; 2133 ULONG StackCount; 2134 LIST_ENTRY ProcessListEntry; 2135 #if (NTDDI_VERSION >= NTDDI_LONGHORN) // [ 2136 ULONGLONG CycleTime; 2137 #endif // ] 2138 } KPROCESS; 2139 2140 #define ASSERT_PROCESS(object) \ 2141 ASSERT((((object)->Header.Type & KOBJECT_TYPE_MASK) == ProcessObject)) 2142 2143 // 2144 // System Service Table Descriptor 2145 // 2146 typedef struct _KSERVICE_TABLE_DESCRIPTOR 2147 { 2148 PULONG_PTR Base; 2149 PULONG Count; 2150 ULONG Limit; 2151 #if defined(_IA64_) 2152 LONG TableBaseGpOffset; 2153 #endif 2154 PUCHAR Number; 2155 } KSERVICE_TABLE_DESCRIPTOR, *PKSERVICE_TABLE_DESCRIPTOR; 2156 2157 #if (NTDDI_VERSION >= NTDDI_WIN8) 2158 // 2159 // Entropy Timing State 2160 // 2161 typedef struct _KENTROPY_TIMING_STATE 2162 { 2163 ULONG EntropyCount; 2164 ULONG Buffer[64]; 2165 KDPC Dpc; 2166 ULONG LastDeliveredBuffer; 2167 PULONG RawDataBuffer; 2168 } KENTROPY_TIMING_STATE, *PKENTROPY_TIMING_STATE; 2169 2170 // 2171 // Constants from ks386.inc, ksamd64.inc and ksarm.h 2172 // 2173 #define KENTROPY_TIMING_INTERRUPTS_PER_BUFFER 0x400 2174 #define KENTROPY_TIMING_BUFFER_MASK 0x7ff 2175 #define KENTROPY_TIMING_ANALYSIS 0x0 2176 2177 #endif /* (NTDDI_VERSION >= NTDDI_WIN8) */ 2178 2179 // 2180 // Exported Loader Parameter Block 2181 // 2182 extern struct _LOADER_PARAMETER_BLOCK NTSYSAPI *KeLoaderBlock; 2183 2184 // 2185 // Exported Hardware Data 2186 // 2187 extern ULONG NTSYSAPI KiDmaIoCoherency; 2188 extern ULONG NTSYSAPI KeMaximumIncrement; 2189 extern ULONG NTSYSAPI KeMinimumIncrement; 2190 extern ULONG NTSYSAPI KeDcacheFlushCount; 2191 extern ULONG NTSYSAPI KeIcacheFlushCount; 2192 extern ULONG_PTR NTSYSAPI KiBugCheckData[]; 2193 extern BOOLEAN NTSYSAPI KiEnableTimerWatchdog; 2194 2195 // 2196 // Exported System Service Descriptor Tables 2197 // 2198 extern KSERVICE_TABLE_DESCRIPTOR NTSYSAPI KeServiceDescriptorTable[SSDT_MAX_ENTRIES]; 2199 extern KSERVICE_TABLE_DESCRIPTOR NTSYSAPI KeServiceDescriptorTableShadow[SSDT_MAX_ENTRIES]; 2200 2201 #endif // !NTOS_MODE_USER 2202 2203 #endif // _KETYPES_H 2204