1 /****************************************************************************** 2 * Process Manager Types * 3 ******************************************************************************/ 4 $if (_WDMDDK_) 5 6 #define QUOTA_LIMITS_HARDWS_MIN_ENABLE 0x00000001 7 #define QUOTA_LIMITS_HARDWS_MIN_DISABLE 0x00000002 8 #define QUOTA_LIMITS_HARDWS_MAX_ENABLE 0x00000004 9 #define QUOTA_LIMITS_HARDWS_MAX_DISABLE 0x00000008 10 #define QUOTA_LIMITS_USE_DEFAULT_LIMITS 0x00000010 11 12 /* Thread Access Rights */ 13 #define THREAD_TERMINATE 0x0001 14 #define THREAD_SUSPEND_RESUME 0x0002 15 #define THREAD_ALERT 0x0004 16 #define THREAD_GET_CONTEXT 0x0008 17 #define THREAD_SET_CONTEXT 0x0010 18 #define THREAD_SET_INFORMATION 0x0020 19 #define THREAD_SET_LIMITED_INFORMATION 0x0400 20 #define THREAD_QUERY_LIMITED_INFORMATION 0x0800 21 22 #define PROCESS_DUP_HANDLE (0x0040) 23 24 #if (NTDDI_VERSION >= NTDDI_VISTA) 25 #define PROCESS_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | 0xFFFF) 26 #else 27 #define PROCESS_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | 0xFFF) 28 #endif 29 30 #if (NTDDI_VERSION >= NTDDI_VISTA) 31 #define THREAD_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | 0xFFFF) 32 #else 33 #define THREAD_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | 0x3FF) 34 #endif 35 36 #define LOW_PRIORITY 0 37 #define LOW_REALTIME_PRIORITY 16 38 #define HIGH_PRIORITY 31 39 #define MAXIMUM_PRIORITY 32 40 41 $endif (_WDMDDK_) 42 $if (_NTDDK_) 43 44 #define QUOTA_LIMITS_HARDWS_MIN_ENABLE 0x00000001 45 #define QUOTA_LIMITS_HARDWS_MIN_DISABLE 0x00000002 46 #define QUOTA_LIMITS_HARDWS_MAX_ENABLE 0x00000004 47 #define QUOTA_LIMITS_HARDWS_MAX_DISABLE 0x00000008 48 #define QUOTA_LIMITS_USE_DEFAULT_LIMITS 0x00000010 49 50 typedef struct _QUOTA_LIMITS { 51 SIZE_T PagedPoolLimit; 52 SIZE_T NonPagedPoolLimit; 53 SIZE_T MinimumWorkingSetSize; 54 SIZE_T MaximumWorkingSetSize; 55 SIZE_T PagefileLimit; 56 LARGE_INTEGER TimeLimit; 57 } QUOTA_LIMITS, *PQUOTA_LIMITS; 58 59 typedef union _RATE_QUOTA_LIMIT { 60 ULONG RateData; 61 _ANONYMOUS_STRUCT struct { 62 ULONG RatePercent:7; 63 ULONG Reserved0:25; 64 } DUMMYSTRUCTNAME; 65 } RATE_QUOTA_LIMIT, *PRATE_QUOTA_LIMIT; 66 67 typedef struct _QUOTA_LIMITS_EX { 68 SIZE_T PagedPoolLimit; 69 SIZE_T NonPagedPoolLimit; 70 SIZE_T MinimumWorkingSetSize; 71 SIZE_T MaximumWorkingSetSize; 72 SIZE_T PagefileLimit; 73 LARGE_INTEGER TimeLimit; 74 SIZE_T WorkingSetLimit; 75 SIZE_T Reserved2; 76 SIZE_T Reserved3; 77 SIZE_T Reserved4; 78 ULONG Flags; 79 RATE_QUOTA_LIMIT CpuRateLimit; 80 } QUOTA_LIMITS_EX, *PQUOTA_LIMITS_EX; 81 82 typedef struct _IO_COUNTERS { 83 ULONGLONG ReadOperationCount; 84 ULONGLONG WriteOperationCount; 85 ULONGLONG OtherOperationCount; 86 ULONGLONG ReadTransferCount; 87 ULONGLONG WriteTransferCount; 88 ULONGLONG OtherTransferCount; 89 } IO_COUNTERS, *PIO_COUNTERS; 90 91 typedef struct _VM_COUNTERS { 92 SIZE_T PeakVirtualSize; 93 SIZE_T VirtualSize; 94 ULONG PageFaultCount; 95 SIZE_T PeakWorkingSetSize; 96 SIZE_T WorkingSetSize; 97 SIZE_T QuotaPeakPagedPoolUsage; 98 SIZE_T QuotaPagedPoolUsage; 99 SIZE_T QuotaPeakNonPagedPoolUsage; 100 SIZE_T QuotaNonPagedPoolUsage; 101 SIZE_T PagefileUsage; 102 SIZE_T PeakPagefileUsage; 103 } VM_COUNTERS, *PVM_COUNTERS; 104 105 typedef struct _VM_COUNTERS_EX { 106 SIZE_T PeakVirtualSize; 107 SIZE_T VirtualSize; 108 ULONG PageFaultCount; 109 SIZE_T PeakWorkingSetSize; 110 SIZE_T WorkingSetSize; 111 SIZE_T QuotaPeakPagedPoolUsage; 112 SIZE_T QuotaPagedPoolUsage; 113 SIZE_T QuotaPeakNonPagedPoolUsage; 114 SIZE_T QuotaNonPagedPoolUsage; 115 SIZE_T PagefileUsage; 116 SIZE_T PeakPagefileUsage; 117 SIZE_T PrivateUsage; 118 } VM_COUNTERS_EX, *PVM_COUNTERS_EX; 119 120 #define MAX_HW_COUNTERS 16 121 #define THREAD_PROFILING_FLAG_DISPATCH 0x00000001 122 123 typedef enum _HARDWARE_COUNTER_TYPE { 124 PMCCounter, 125 MaxHardwareCounterType 126 } HARDWARE_COUNTER_TYPE, *PHARDWARE_COUNTER_TYPE; 127 128 typedef struct _HARDWARE_COUNTER { 129 HARDWARE_COUNTER_TYPE Type; 130 ULONG Reserved; 131 ULONG64 Index; 132 } HARDWARE_COUNTER, *PHARDWARE_COUNTER; 133 134 typedef struct _POOLED_USAGE_AND_LIMITS { 135 SIZE_T PeakPagedPoolUsage; 136 SIZE_T PagedPoolUsage; 137 SIZE_T PagedPoolLimit; 138 SIZE_T PeakNonPagedPoolUsage; 139 SIZE_T NonPagedPoolUsage; 140 SIZE_T NonPagedPoolLimit; 141 SIZE_T PeakPagefileUsage; 142 SIZE_T PagefileUsage; 143 SIZE_T PagefileLimit; 144 } POOLED_USAGE_AND_LIMITS, *PPOOLED_USAGE_AND_LIMITS; 145 146 typedef struct _PROCESS_ACCESS_TOKEN { 147 HANDLE Token; 148 HANDLE Thread; 149 } PROCESS_ACCESS_TOKEN, *PPROCESS_ACCESS_TOKEN; 150 151 #define PROCESS_EXCEPTION_PORT_ALL_STATE_BITS 0x00000003UL 152 #define PROCESS_EXCEPTION_PORT_ALL_STATE_FLAGS ((ULONG_PTR)((1UL << PROCESS_EXCEPTION_PORT_ALL_STATE_BITS) - 1)) 153 154 typedef struct _PROCESS_EXCEPTION_PORT { 155 _In_ HANDLE ExceptionPortHandle; 156 _Inout_ ULONG StateFlags; 157 } PROCESS_EXCEPTION_PORT, *PPROCESS_EXCEPTION_PORT; 158 159 typedef VOID 160 (NTAPI *PCREATE_PROCESS_NOTIFY_ROUTINE)( 161 _In_ HANDLE ParentId, 162 _In_ HANDLE ProcessId, 163 _In_ BOOLEAN Create); 164 165 typedef struct _PS_CREATE_NOTIFY_INFO { 166 _In_ SIZE_T Size; 167 _ANONYMOUS_UNION union { 168 _In_ ULONG Flags; 169 _ANONYMOUS_STRUCT struct { 170 _In_ ULONG FileOpenNameAvailable:1; 171 _In_ ULONG Reserved:31; 172 } DUMMYSTRUCTNAME; 173 } DUMMYUNIONNAME; 174 _In_ HANDLE ParentProcessId; 175 _In_ CLIENT_ID CreatingThreadId; 176 _Inout_ struct _FILE_OBJECT *FileObject; 177 _In_ PCUNICODE_STRING ImageFileName; 178 _In_opt_ PCUNICODE_STRING CommandLine; 179 _Inout_ NTSTATUS CreationStatus; 180 } PS_CREATE_NOTIFY_INFO, *PPS_CREATE_NOTIFY_INFO; 181 182 typedef VOID 183 (NTAPI *PCREATE_PROCESS_NOTIFY_ROUTINE_EX)( 184 _Inout_ PEPROCESS Process, 185 _In_ HANDLE ProcessId, 186 _Inout_opt_ PPS_CREATE_NOTIFY_INFO CreateInfo); 187 188 typedef VOID 189 (NTAPI *PCREATE_THREAD_NOTIFY_ROUTINE)( 190 _In_ HANDLE ProcessId, 191 _In_ HANDLE ThreadId, 192 _In_ BOOLEAN Create); 193 194 #define IMAGE_ADDRESSING_MODE_32BIT 3 195 196 typedef struct _IMAGE_INFO { 197 _ANONYMOUS_UNION union { 198 ULONG Properties; 199 _ANONYMOUS_STRUCT struct { 200 ULONG ImageAddressingMode:8; 201 ULONG SystemModeImage:1; 202 ULONG ImageMappedToAllPids:1; 203 ULONG ExtendedInfoPresent:1; 204 ULONG Reserved:21; 205 } DUMMYSTRUCTNAME; 206 } DUMMYUNIONNAME; 207 PVOID ImageBase; 208 ULONG ImageSelector; 209 SIZE_T ImageSize; 210 ULONG ImageSectionNumber; 211 } IMAGE_INFO, *PIMAGE_INFO; 212 213 typedef struct _IMAGE_INFO_EX { 214 SIZE_T Size; 215 IMAGE_INFO ImageInfo; 216 struct _FILE_OBJECT *FileObject; 217 } IMAGE_INFO_EX, *PIMAGE_INFO_EX; 218 219 typedef VOID 220 (NTAPI *PLOAD_IMAGE_NOTIFY_ROUTINE)( 221 _In_ PUNICODE_STRING FullImageName, 222 _In_ HANDLE ProcessId, 223 _In_ PIMAGE_INFO ImageInfo); 224 225 #define THREAD_CSWITCH_PMU_DISABLE FALSE 226 #define THREAD_CSWITCH_PMU_ENABLE TRUE 227 228 #define PROCESS_LUID_DOSDEVICES_ONLY 0x00000001 229 230 #define PROCESS_HANDLE_TRACING_MAX_STACKS 16 231 232 typedef enum _PROCESSINFOCLASS { 233 ProcessBasicInformation, 234 ProcessQuotaLimits, 235 ProcessIoCounters, 236 ProcessVmCounters, 237 ProcessTimes, 238 ProcessBasePriority, 239 ProcessRaisePriority, 240 ProcessDebugPort, 241 ProcessExceptionPort, 242 ProcessAccessToken, 243 ProcessLdtInformation, 244 ProcessLdtSize, 245 ProcessDefaultHardErrorMode, 246 ProcessIoPortHandlers, 247 ProcessPooledUsageAndLimits, 248 ProcessWorkingSetWatch, 249 ProcessUserModeIOPL, 250 ProcessEnableAlignmentFaultFixup, 251 ProcessPriorityClass, 252 ProcessWx86Information, 253 ProcessHandleCount, 254 ProcessAffinityMask, 255 ProcessPriorityBoost, 256 ProcessDeviceMap, 257 ProcessSessionInformation, 258 ProcessForegroundInformation, 259 ProcessWow64Information, 260 ProcessImageFileName, 261 ProcessLUIDDeviceMapsEnabled, 262 ProcessBreakOnTermination, 263 ProcessDebugObjectHandle, 264 ProcessDebugFlags, 265 ProcessHandleTracing, 266 ProcessIoPriority, 267 ProcessExecuteFlags, 268 ProcessTlsInformation, 269 ProcessCookie, 270 ProcessImageInformation, 271 ProcessCycleTime, 272 ProcessPagePriority, 273 ProcessInstrumentationCallback, 274 ProcessThreadStackAllocation, 275 ProcessWorkingSetWatchEx, 276 ProcessImageFileNameWin32, 277 ProcessImageFileMapping, 278 ProcessAffinityUpdateMode, 279 ProcessMemoryAllocationMode, 280 ProcessGroupInformation, 281 ProcessTokenVirtualizationEnabled, 282 ProcessConsoleHostProcess, 283 ProcessWindowInformation, 284 MaxProcessInfoClass 285 } PROCESSINFOCLASS; 286 287 typedef enum _THREADINFOCLASS { 288 ThreadBasicInformation, 289 ThreadTimes, 290 ThreadPriority, 291 ThreadBasePriority, 292 ThreadAffinityMask, 293 ThreadImpersonationToken, 294 ThreadDescriptorTableEntry, 295 ThreadEnableAlignmentFaultFixup, 296 ThreadEventPair_Reusable, 297 ThreadQuerySetWin32StartAddress, 298 ThreadZeroTlsCell, 299 ThreadPerformanceCount, 300 ThreadAmILastThread, 301 ThreadIdealProcessor, 302 ThreadPriorityBoost, 303 ThreadSetTlsArrayAddress, 304 ThreadIsIoPending, 305 ThreadHideFromDebugger, 306 ThreadBreakOnTermination, 307 ThreadSwitchLegacyState, 308 ThreadIsTerminated, 309 ThreadLastSystemCall, 310 ThreadIoPriority, 311 ThreadCycleTime, 312 ThreadPagePriority, 313 ThreadActualBasePriority, 314 ThreadTebInformation, 315 ThreadCSwitchMon, 316 ThreadCSwitchPmu, 317 ThreadWow64Context, 318 ThreadGroupInformation, 319 ThreadUmsInformation, 320 ThreadCounterProfiling, 321 ThreadIdealProcessorEx, 322 MaxThreadInfoClass 323 } THREADINFOCLASS; 324 325 typedef struct _PAGE_PRIORITY_INFORMATION { 326 ULONG PagePriority; 327 } PAGE_PRIORITY_INFORMATION, *PPAGE_PRIORITY_INFORMATION; 328 329 typedef struct _PROCESS_WS_WATCH_INFORMATION { 330 PVOID FaultingPc; 331 PVOID FaultingVa; 332 } PROCESS_WS_WATCH_INFORMATION, *PPROCESS_WS_WATCH_INFORMATION; 333 334 typedef struct _PROCESS_BASIC_INFORMATION { 335 NTSTATUS ExitStatus; 336 struct _PEB *PebBaseAddress; 337 ULONG_PTR AffinityMask; 338 KPRIORITY BasePriority; 339 ULONG_PTR UniqueProcessId; 340 ULONG_PTR InheritedFromUniqueProcessId; 341 } PROCESS_BASIC_INFORMATION,*PPROCESS_BASIC_INFORMATION; 342 343 typedef struct _PROCESS_EXTENDED_BASIC_INFORMATION { 344 SIZE_T Size; 345 PROCESS_BASIC_INFORMATION BasicInfo; 346 _ANONYMOUS_UNION union { 347 ULONG Flags; 348 _ANONYMOUS_STRUCT struct { 349 ULONG IsProtectedProcess:1; 350 ULONG IsWow64Process:1; 351 ULONG IsProcessDeleting:1; 352 ULONG IsCrossSessionCreate:1; 353 ULONG SpareBits:28; 354 } DUMMYSTRUCTNAME; 355 } DUMMYUNIONNAME; 356 } PROCESS_EXTENDED_BASIC_INFORMATION, *PPROCESS_EXTENDED_BASIC_INFORMATION; 357 358 typedef struct _PROCESS_DEVICEMAP_INFORMATION { 359 _ANONYMOUS_UNION union { 360 struct { 361 HANDLE DirectoryHandle; 362 } Set; 363 struct { 364 ULONG DriveMap; 365 UCHAR DriveType[32]; 366 } Query; 367 } DUMMYUNIONNAME; 368 } PROCESS_DEVICEMAP_INFORMATION, *PPROCESS_DEVICEMAP_INFORMATION; 369 370 typedef struct _PROCESS_DEVICEMAP_INFORMATION_EX { 371 _ANONYMOUS_UNION union { 372 struct { 373 HANDLE DirectoryHandle; 374 } Set; 375 struct { 376 ULONG DriveMap; 377 UCHAR DriveType[32]; 378 } Query; 379 } DUMMYUNIONNAME; 380 ULONG Flags; 381 } PROCESS_DEVICEMAP_INFORMATION_EX, *PPROCESS_DEVICEMAP_INFORMATION_EX; 382 383 typedef struct _PROCESS_SESSION_INFORMATION { 384 ULONG SessionId; 385 } PROCESS_SESSION_INFORMATION, *PPROCESS_SESSION_INFORMATION; 386 387 typedef struct _PROCESS_HANDLE_TRACING_ENABLE { 388 ULONG Flags; 389 } PROCESS_HANDLE_TRACING_ENABLE, *PPROCESS_HANDLE_TRACING_ENABLE; 390 391 typedef struct _PROCESS_HANDLE_TRACING_ENABLE_EX { 392 ULONG Flags; 393 ULONG TotalSlots; 394 } PROCESS_HANDLE_TRACING_ENABLE_EX, *PPROCESS_HANDLE_TRACING_ENABLE_EX; 395 396 typedef struct _PROCESS_HANDLE_TRACING_ENTRY { 397 HANDLE Handle; 398 CLIENT_ID ClientId; 399 ULONG Type; 400 PVOID Stacks[PROCESS_HANDLE_TRACING_MAX_STACKS]; 401 } PROCESS_HANDLE_TRACING_ENTRY, *PPROCESS_HANDLE_TRACING_ENTRY; 402 403 typedef struct _PROCESS_HANDLE_TRACING_QUERY { 404 HANDLE Handle; 405 ULONG TotalTraces; 406 PROCESS_HANDLE_TRACING_ENTRY HandleTrace[1]; 407 } PROCESS_HANDLE_TRACING_QUERY, *PPROCESS_HANDLE_TRACING_QUERY; 408 409 extern NTKERNELAPI PEPROCESS PsInitialSystemProcess; 410 411 $endif (_NTDDK_) 412 413