1 /*++ NDK Version: 0098 2 3 Copyright (c) Alex Ionescu. All rights reserved. 4 5 Header Name: 6 7 pstypes.h 8 9 Abstract: 10 11 Type definitions for the Process Manager 12 13 Author: 14 15 Alex Ionescu (alexi@tinykrnl.org) - Updated - 27-Feb-2006 16 17 --*/ 18 19 #ifndef _PSTYPES_H 20 #define _PSTYPES_H 21 22 // 23 // Dependencies 24 // 25 #include <umtypes.h> 26 #include <ldrtypes.h> 27 #include <mmtypes.h> 28 #include <obtypes.h> 29 #include <rtltypes.h> 30 #ifndef NTOS_MODE_USER 31 #include <extypes.h> 32 #include <setypes.h> 33 #endif 34 35 #ifdef __cplusplus 36 extern "C" { 37 #endif 38 39 #ifndef NTOS_MODE_USER 40 41 // 42 // Kernel Exported Object Types 43 // 44 extern POBJECT_TYPE NTSYSAPI PsJobType; 45 46 #endif // !NTOS_MODE_USER 47 48 // 49 // KUSER_SHARED_DATA location in User Mode 50 // 51 #define USER_SHARED_DATA (0x7FFE0000) 52 53 // 54 // Global Flags 55 // 56 #define FLG_STOP_ON_EXCEPTION 0x00000001 57 #define FLG_SHOW_LDR_SNAPS 0x00000002 58 #define FLG_DEBUG_INITIAL_COMMAND 0x00000004 59 #define FLG_STOP_ON_HUNG_GUI 0x00000008 60 #define FLG_HEAP_ENABLE_TAIL_CHECK 0x00000010 61 #define FLG_HEAP_ENABLE_FREE_CHECK 0x00000020 62 #define FLG_HEAP_VALIDATE_PARAMETERS 0x00000040 63 #define FLG_HEAP_VALIDATE_ALL 0x00000080 64 #define FLG_APPLICATION_VERIFIER 0x00000100 65 #define FLG_POOL_ENABLE_TAGGING 0x00000400 66 #define FLG_HEAP_ENABLE_TAGGING 0x00000800 67 #define FLG_USER_STACK_TRACE_DB 0x00001000 68 #define FLG_KERNEL_STACK_TRACE_DB 0x00002000 69 #define FLG_MAINTAIN_OBJECT_TYPELIST 0x00004000 70 #define FLG_HEAP_ENABLE_TAG_BY_DLL 0x00008000 71 #define FLG_DISABLE_STACK_EXTENSION 0x00010000 72 #define FLG_ENABLE_CSRDEBUG 0x00020000 73 #define FLG_ENABLE_KDEBUG_SYMBOL_LOAD 0x00040000 74 #define FLG_DISABLE_PAGE_KERNEL_STACKS 0x00080000 75 #if (NTDDI_VERSION < NTDDI_WINXP) 76 #define FLG_HEAP_ENABLE_CALL_TRACING 0x00100000 77 #else 78 #define FLG_ENABLE_SYSTEM_CRIT_BREAKS 0x00100000 79 #endif 80 #define FLG_HEAP_DISABLE_COALESCING 0x00200000 81 #define FLG_ENABLE_CLOSE_EXCEPTIONS 0x00400000 82 #define FLG_ENABLE_EXCEPTION_LOGGING 0x00800000 83 #define FLG_ENABLE_HANDLE_TYPE_TAGGING 0x01000000 84 #define FLG_HEAP_PAGE_ALLOCS 0x02000000 85 #define FLG_DEBUG_INITIAL_COMMAND_EX 0x04000000 86 #define FLG_DISABLE_DEBUG_PROMPTS 0x08000000 // ReactOS-specific 87 #define FLG_VALID_BITS 0x0FFFFFFF 88 89 // 90 // Flags for NtCreateProcessEx 91 // 92 #define PROCESS_CREATE_FLAGS_BREAKAWAY 0x00000001 93 #define PROCESS_CREATE_FLAGS_NO_DEBUG_INHERIT 0x00000002 94 #define PROCESS_CREATE_FLAGS_INHERIT_HANDLES 0x00000004 95 #define PROCESS_CREATE_FLAGS_OVERRIDE_ADDRESS_SPACE 0x00000008 96 #define PROCESS_CREATE_FLAGS_LARGE_PAGES 0x00000010 97 #define PROCESS_CREATE_FLAGS_ALL_LARGE_PAGE_FLAGS PROCESS_CREATE_FLAGS_LARGE_PAGES 98 #define PROCESS_CREATE_FLAGS_LEGAL_MASK (PROCESS_CREATE_FLAGS_BREAKAWAY | \ 99 PROCESS_CREATE_FLAGS_NO_DEBUG_INHERIT | \ 100 PROCESS_CREATE_FLAGS_INHERIT_HANDLES | \ 101 PROCESS_CREATE_FLAGS_OVERRIDE_ADDRESS_SPACE | \ 102 PROCESS_CREATE_FLAGS_ALL_LARGE_PAGE_FLAGS) 103 104 // 105 // Process priority classes 106 // 107 #define PROCESS_PRIORITY_CLASS_INVALID 0 108 #define PROCESS_PRIORITY_CLASS_IDLE 1 109 #define PROCESS_PRIORITY_CLASS_NORMAL 2 110 #define PROCESS_PRIORITY_CLASS_HIGH 3 111 #define PROCESS_PRIORITY_CLASS_REALTIME 4 112 #define PROCESS_PRIORITY_CLASS_BELOW_NORMAL 5 113 #define PROCESS_PRIORITY_CLASS_ABOVE_NORMAL 6 114 115 // 116 // Process base priorities 117 // 118 #define PROCESS_PRIORITY_IDLE 3 119 #define PROCESS_PRIORITY_NORMAL 8 120 #define PROCESS_PRIORITY_NORMAL_FOREGROUND 9 121 122 // 123 // Process memory priorities 124 // 125 #define MEMORY_PRIORITY_BACKGROUND 0 126 #define MEMORY_PRIORITY_UNKNOWN 1 127 #define MEMORY_PRIORITY_FOREGROUND 2 128 129 // 130 // Process Priority Separation Values (OR) 131 // 132 #define PSP_DEFAULT_QUANTUMS 0x00 133 #define PSP_VARIABLE_QUANTUMS 0x04 134 #define PSP_FIXED_QUANTUMS 0x08 135 #define PSP_LONG_QUANTUMS 0x10 136 #define PSP_SHORT_QUANTUMS 0x20 137 138 // 139 // Process Handle Tracing Values 140 // 141 #define PROCESS_HANDLE_TRACE_TYPE_OPEN 1 142 #define PROCESS_HANDLE_TRACE_TYPE_CLOSE 2 143 #define PROCESS_HANDLE_TRACE_TYPE_BADREF 3 144 #define PROCESS_HANDLE_TRACING_MAX_STACKS 16 145 146 #ifndef NTOS_MODE_USER 147 // 148 // Thread Access Types 149 // 150 #define THREAD_QUERY_INFORMATION 0x0040 151 #define THREAD_SET_THREAD_TOKEN 0x0080 152 #define THREAD_IMPERSONATE 0x0100 153 #define THREAD_DIRECT_IMPERSONATION 0x0200 154 155 // 156 // Process Access Types 157 // 158 #define PROCESS_TERMINATE 0x0001 159 #define PROCESS_CREATE_THREAD 0x0002 160 #define PROCESS_SET_SESSIONID 0x0004 161 #define PROCESS_VM_OPERATION 0x0008 162 #define PROCESS_VM_READ 0x0010 163 #define PROCESS_VM_WRITE 0x0020 164 #define PROCESS_CREATE_PROCESS 0x0080 165 #define PROCESS_SET_QUOTA 0x0100 166 #define PROCESS_SET_INFORMATION 0x0200 167 #define PROCESS_QUERY_INFORMATION 0x0400 168 #define PROCESS_SUSPEND_RESUME 0x0800 169 #define PROCESS_QUERY_LIMITED_INFORMATION 0x1000 170 #if (NTDDI_VERSION >= NTDDI_LONGHORN) 171 #define PROCESS_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | \ 172 SYNCHRONIZE | \ 173 0xFFFF) 174 #else 175 #define PROCESS_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | \ 176 SYNCHRONIZE | \ 177 0xFFF) 178 #endif 179 180 // 181 // Thread Base Priorities 182 // 183 #define THREAD_BASE_PRIORITY_LOWRT 15 184 #define THREAD_BASE_PRIORITY_MAX 2 185 #define THREAD_BASE_PRIORITY_MIN -2 186 #define THREAD_BASE_PRIORITY_IDLE -15 187 188 // 189 // TLS Slots 190 // 191 #define TLS_MINIMUM_AVAILABLE 64 192 193 // 194 // TEB Active Frame Flags 195 // 196 #define TEB_ACTIVE_FRAME_CONTEXT_FLAG_EXTENDED 0x1 197 198 // 199 // Job Access Types 200 // 201 #define JOB_OBJECT_ASSIGN_PROCESS 0x1 202 #define JOB_OBJECT_SET_ATTRIBUTES 0x2 203 #define JOB_OBJECT_QUERY 0x4 204 #define JOB_OBJECT_TERMINATE 0x8 205 #define JOB_OBJECT_SET_SECURITY_ATTRIBUTES 0x10 206 #define JOB_OBJECT_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | \ 207 SYNCHRONIZE | \ 208 31) 209 210 // 211 // Job Limit Flags 212 // 213 #define JOB_OBJECT_LIMIT_WORKINGSET 0x1 214 #define JOB_OBJECT_LIMIT_PROCESS_TIME 0x2 215 #define JOB_OBJECT_LIMIT_JOB_TIME 0x4 216 #define JOB_OBJECT_LIMIT_ACTIVE_PROCESS 0x8 217 #define JOB_OBJECT_LIMIT_AFFINITY 0x10 218 #define JOB_OBJECT_LIMIT_PRIORITY_CLASS 0x20 219 #define JOB_OBJECT_LIMIT_PRESERVE_JOB_TIME 0x40 220 #define JOB_OBJECT_LIMIT_SCHEDULING_CLASS 0x80 221 #define JOB_OBJECT_LIMIT_PROCESS_MEMORY 0x100 222 #define JOB_OBJECT_LIMIT_JOB_MEMORY 0x200 223 #define JOB_OBJECT_LIMIT_DIE_ON_UNHANDLED_EXCEPTION 0x400 224 #define JOB_OBJECT_LIMIT_BREAKAWAY_OK 0x800 225 #define JOB_OBJECT_LIMIT_SILENT_BREAKAWAY_OK 0x1000 226 #define JOB_OBJECT_LIMIT_KILL_ON_JOB_CLOSE 0x2000 227 228 // 229 // Job Security Limit Flags 230 // 231 #define JOB_OBJECT_SECURITY_NO_ADMIN 0x0001 232 #define JOB_OBJECT_SECURITY_RESTRICTED_TOKEN 0x0002 233 #define JOB_OBJECT_SECURITY_ONLY_TOKEN 0x0004 234 #define JOB_OBJECT_SECURITY_FILTER_TOKENS 0x0008 235 236 // 237 // Cross Thread Flags 238 // 239 #define CT_TERMINATED_BIT 0x1 240 #define CT_DEAD_THREAD_BIT 0x2 241 #define CT_HIDE_FROM_DEBUGGER_BIT 0x4 242 #define CT_ACTIVE_IMPERSONATION_INFO_BIT 0x8 243 #define CT_SYSTEM_THREAD_BIT 0x10 244 #define CT_HARD_ERRORS_ARE_DISABLED_BIT 0x20 245 #define CT_BREAK_ON_TERMINATION_BIT 0x40 246 #define CT_SKIP_CREATION_MSG_BIT 0x80 247 #define CT_SKIP_TERMINATION_MSG_BIT 0x100 248 249 // 250 // Same Thread Passive Flags 251 // 252 #define STP_ACTIVE_EX_WORKER_BIT 0x1 253 #define STP_EX_WORKER_CAN_WAIT_USER_BIT 0x2 254 #define STP_MEMORY_MAKER_BIT 0x4 255 #define STP_KEYED_EVENT_IN_USE_BIT 0x8 256 257 // 258 // Same Thread APC Flags 259 // 260 #define STA_LPC_RECEIVED_MSG_ID_VALID_BIT 0x1 261 #define STA_LPC_EXIT_THREAD_CALLED_BIT 0x2 262 #define STA_ADDRESS_SPACE_OWNER_BIT 0x4 263 #define STA_OWNS_WORKING_SET_BITS 0x1F8 264 265 // 266 // Kernel Process flags (maybe in ketypes.h?) 267 // 268 #define KPSF_AUTO_ALIGNMENT_BIT 0 269 #define KPSF_DISABLE_BOOST_BIT 1 270 271 // 272 // Process Flags 273 // 274 #define PSF_CREATE_REPORTED_BIT 0x1 275 #define PSF_NO_DEBUG_INHERIT_BIT 0x2 276 #define PSF_PROCESS_EXITING_BIT 0x4 277 #define PSF_PROCESS_DELETE_BIT 0x8 278 #define PSF_WOW64_SPLIT_PAGES_BIT 0x10 279 #define PSF_VM_DELETED_BIT 0x20 280 #define PSF_OUTSWAP_ENABLED_BIT 0x40 281 #define PSF_OUTSWAPPED_BIT 0x80 282 #define PSF_FORK_FAILED_BIT 0x100 283 #define PSF_WOW64_VA_SPACE_4GB_BIT 0x200 284 #define PSF_ADDRESS_SPACE_INITIALIZED_BIT 0x400 285 #define PSF_SET_TIMER_RESOLUTION_BIT 0x1000 286 #define PSF_BREAK_ON_TERMINATION_BIT 0x2000 287 #define PSF_SESSION_CREATION_UNDERWAY_BIT 0x4000 288 #define PSF_WRITE_WATCH_BIT 0x8000 289 #define PSF_PROCESS_IN_SESSION_BIT 0x10000 290 #define PSF_OVERRIDE_ADDRESS_SPACE_BIT 0x20000 291 #define PSF_HAS_ADDRESS_SPACE_BIT 0x40000 292 #define PSF_LAUNCH_PREFETCHED_BIT 0x80000 293 #define PSF_INJECT_INPAGE_ERRORS_BIT 0x100000 294 #define PSF_VM_TOP_DOWN_BIT 0x200000 295 #define PSF_IMAGE_NOTIFY_DONE_BIT 0x400000 296 #define PSF_PDE_UPDATE_NEEDED_BIT 0x800000 297 #define PSF_VDM_ALLOWED_BIT 0x1000000 298 #define PSF_SWAP_ALLOWED_BIT 0x2000000 299 #define PSF_CREATE_FAILED_BIT 0x4000000 300 #define PSF_DEFAULT_IO_PRIORITY_BIT 0x8000000 301 302 // 303 // Vista Process Flags 304 // 305 #define PSF2_PROTECTED_BIT 0x800 306 #endif 307 308 // 309 // TLS/FLS Defines 310 // 311 #define TLS_EXPANSION_SLOTS 1024 312 313 #ifdef NTOS_MODE_USER 314 // 315 // Thread Native Base Priorities 316 // 317 #define LOW_PRIORITY 0 318 #define LOW_REALTIME_PRIORITY 16 319 #define HIGH_PRIORITY 31 320 #define MAXIMUM_PRIORITY 32 321 322 // 323 // Current Process/Thread built-in 'special' handles 324 // 325 #define NtCurrentProcess() ((HANDLE)(LONG_PTR)-1) 326 #define ZwCurrentProcess() NtCurrentProcess() 327 #define NtCurrentThread() ((HANDLE)(LONG_PTR)-2) 328 #define ZwCurrentThread() NtCurrentThread() 329 330 // 331 // Process/Thread/Job Information Classes for NtQueryInformationProcess/Thread/Job 332 // 333 typedef enum _PROCESSINFOCLASS 334 { 335 ProcessBasicInformation, 336 ProcessQuotaLimits, 337 ProcessIoCounters, 338 ProcessVmCounters, 339 ProcessTimes, 340 ProcessBasePriority, 341 ProcessRaisePriority, 342 ProcessDebugPort, 343 ProcessExceptionPort, 344 ProcessAccessToken, 345 ProcessLdtInformation, 346 ProcessLdtSize, 347 ProcessDefaultHardErrorMode, 348 ProcessIoPortHandlers, 349 ProcessPooledUsageAndLimits, 350 ProcessWorkingSetWatch, 351 ProcessUserModeIOPL, 352 ProcessEnableAlignmentFaultFixup, 353 ProcessPriorityClass, 354 ProcessWx86Information, 355 ProcessHandleCount, 356 ProcessAffinityMask, 357 ProcessPriorityBoost, 358 ProcessDeviceMap, 359 ProcessSessionInformation, 360 ProcessForegroundInformation, 361 ProcessWow64Information, 362 ProcessImageFileName, 363 ProcessLUIDDeviceMapsEnabled, 364 ProcessBreakOnTermination, 365 ProcessDebugObjectHandle, 366 ProcessDebugFlags, 367 ProcessHandleTracing, 368 ProcessIoPriority, 369 ProcessExecuteFlags, 370 ProcessTlsInformation, 371 ProcessCookie, 372 ProcessImageInformation, 373 ProcessCycleTime, 374 ProcessPagePriority, 375 ProcessInstrumentationCallback, 376 ProcessThreadStackAllocation, 377 ProcessWorkingSetWatchEx, 378 ProcessImageFileNameWin32, 379 ProcessImageFileMapping, 380 ProcessAffinityUpdateMode, 381 ProcessMemoryAllocationMode, 382 MaxProcessInfoClass 383 } PROCESSINFOCLASS; 384 385 typedef enum _THREADINFOCLASS 386 { 387 ThreadBasicInformation, 388 ThreadTimes, 389 ThreadPriority, 390 ThreadBasePriority, 391 ThreadAffinityMask, 392 ThreadImpersonationToken, 393 ThreadDescriptorTableEntry, 394 ThreadEnableAlignmentFaultFixup, 395 ThreadEventPair_Reusable, 396 ThreadQuerySetWin32StartAddress, 397 ThreadZeroTlsCell, 398 ThreadPerformanceCount, 399 ThreadAmILastThread, 400 ThreadIdealProcessor, 401 ThreadPriorityBoost, 402 ThreadSetTlsArrayAddress, 403 ThreadIsIoPending, 404 ThreadHideFromDebugger, 405 ThreadBreakOnTermination, 406 ThreadSwitchLegacyState, 407 ThreadIsTerminated, 408 ThreadLastSystemCall, 409 ThreadIoPriority, 410 ThreadCycleTime, 411 ThreadPagePriority, 412 ThreadActualBasePriority, 413 ThreadTebInformation, 414 ThreadCSwitchMon, 415 MaxThreadInfoClass 416 } THREADINFOCLASS; 417 418 #else 419 420 typedef enum _PSPROCESSPRIORITYMODE 421 { 422 PsProcessPriorityForeground, 423 PsProcessPriorityBackground, 424 PsProcessPrioritySpinning 425 } PSPROCESSPRIORITYMODE; 426 427 typedef enum _JOBOBJECTINFOCLASS 428 { 429 JobObjectBasicAccountingInformation = 1, 430 JobObjectBasicLimitInformation, 431 JobObjectBasicProcessIdList, 432 JobObjectBasicUIRestrictions, 433 JobObjectSecurityLimitInformation, 434 JobObjectEndOfJobTimeInformation, 435 JobObjectAssociateCompletionPortInformation, 436 JobObjectBasicAndIoAccountingInformation, 437 JobObjectExtendedLimitInformation, 438 JobObjectJobSetInformation, 439 MaxJobObjectInfoClass 440 } JOBOBJECTINFOCLASS; 441 442 // 443 // Power Event Events for Win32K Power Event Callback 444 // 445 typedef enum _PSPOWEREVENTTYPE 446 { 447 PsW32FullWake = 0, 448 PsW32EventCode = 1, 449 PsW32PowerPolicyChanged = 2, 450 PsW32SystemPowerState = 3, 451 PsW32SystemTime = 4, 452 PsW32DisplayState = 5, 453 PsW32CapabilitiesChanged = 6, 454 PsW32SetStateFailed = 7, 455 PsW32GdiOff = 8, 456 PsW32GdiOn = 9, 457 PsW32GdiPrepareResumeUI = 10, 458 PsW32GdiOffRequest = 11, 459 PsW32MonitorOff = 12, 460 } PSPOWEREVENTTYPE; 461 462 // 463 // Power State Tasks for Win32K Power State Callback 464 // 465 typedef enum _POWERSTATETASK 466 { 467 PowerState_BlockSessionSwitch = 0, 468 PowerState_Init = 1, 469 PowerState_QueryApps = 2, 470 PowerState_QueryServices = 3, 471 PowerState_QueryAppsFailed = 4, 472 PowerState_QueryServicesFailed = 5, 473 PowerState_SuspendApps = 6, 474 PowerState_SuspendServices = 7, 475 PowerState_ShowUI = 8, 476 PowerState_NotifyWL = 9, 477 PowerState_ResumeApps = 10, 478 PowerState_ResumeServices = 11, 479 PowerState_UnBlockSessionSwitch = 12, 480 PowerState_End = 13, 481 PowerState_BlockInput = 14, 482 PowerState_UnblockInput = 15, 483 } POWERSTATETASK; 484 485 // 486 // Win32K Job Callback Types 487 // 488 typedef enum _PSW32JOBCALLOUTTYPE 489 { 490 PsW32JobCalloutSetInformation = 0, 491 PsW32JobCalloutAddProcess = 1, 492 PsW32JobCalloutTerminate = 2, 493 } PSW32JOBCALLOUTTYPE; 494 495 // 496 // Win32K Thread Callback Types 497 // 498 typedef enum _PSW32THREADCALLOUTTYPE 499 { 500 PsW32ThreadCalloutInitialize, 501 PsW32ThreadCalloutExit, 502 } PSW32THREADCALLOUTTYPE; 503 504 // 505 // Declare empty structure definitions so that they may be referenced by 506 // routines before they are defined 507 // 508 struct _W32THREAD; 509 struct _W32PROCESS; 510 //struct _ETHREAD; 511 struct _WIN32_POWEREVENT_PARAMETERS; 512 struct _WIN32_POWERSTATE_PARAMETERS; 513 struct _WIN32_JOBCALLOUT_PARAMETERS; 514 struct _WIN32_OPENMETHOD_PARAMETERS; 515 struct _WIN32_OKAYTOCLOSEMETHOD_PARAMETERS; 516 struct _WIN32_CLOSEMETHOD_PARAMETERS; 517 struct _WIN32_DELETEMETHOD_PARAMETERS; 518 struct _WIN32_PARSEMETHOD_PARAMETERS; 519 520 // 521 // Win32K Process and Thread Callbacks 522 // 523 typedef 524 NTSTATUS 525 (NTAPI *PKWIN32_PROCESS_CALLOUT)( 526 _In_ struct _EPROCESS *Process, 527 _In_ BOOLEAN Create 528 ); 529 530 typedef 531 NTSTATUS 532 (NTAPI *PKWIN32_THREAD_CALLOUT)( 533 _In_ struct _ETHREAD *Thread, 534 _In_ PSW32THREADCALLOUTTYPE Type 535 ); 536 537 typedef 538 NTSTATUS 539 (NTAPI *PKWIN32_GLOBALATOMTABLE_CALLOUT)( 540 VOID 541 ); 542 543 typedef 544 NTSTATUS 545 (NTAPI *PKWIN32_POWEREVENT_CALLOUT)( 546 _In_ struct _WIN32_POWEREVENT_PARAMETERS *Parameters 547 ); 548 549 typedef 550 NTSTATUS 551 (NTAPI *PKWIN32_POWERSTATE_CALLOUT)( 552 _In_ struct _WIN32_POWERSTATE_PARAMETERS *Parameters 553 ); 554 555 typedef 556 NTSTATUS 557 (NTAPI *PKWIN32_JOB_CALLOUT)( 558 _In_ struct _WIN32_JOBCALLOUT_PARAMETERS *Parameters 559 ); 560 561 typedef 562 NTSTATUS 563 (NTAPI *PGDI_BATCHFLUSH_ROUTINE)( 564 VOID 565 ); 566 567 typedef 568 NTSTATUS 569 (NTAPI *PKWIN32_OPENMETHOD_CALLOUT)( 570 _In_ struct _WIN32_OPENMETHOD_PARAMETERS *Parameters 571 ); 572 573 typedef 574 NTSTATUS 575 (NTAPI *PKWIN32_OKTOCLOSEMETHOD_CALLOUT)( 576 _In_ struct _WIN32_OKAYTOCLOSEMETHOD_PARAMETERS *Parameters 577 ); 578 579 typedef 580 NTSTATUS 581 (NTAPI *PKWIN32_CLOSEMETHOD_CALLOUT)( 582 _In_ struct _WIN32_CLOSEMETHOD_PARAMETERS *Parameters 583 ); 584 585 typedef 586 NTSTATUS 587 (NTAPI *PKWIN32_DELETEMETHOD_CALLOUT)( 588 _In_ struct _WIN32_DELETEMETHOD_PARAMETERS *Parameters 589 ); 590 591 typedef 592 NTSTATUS 593 (NTAPI *PKWIN32_PARSEMETHOD_CALLOUT)( 594 _In_ struct _WIN32_PARSEMETHOD_PARAMETERS *Parameters 595 ); 596 597 typedef 598 NTSTATUS 599 (NTAPI *PKWIN32_SESSION_CALLOUT)( 600 _In_ PVOID Parameter 601 ); 602 603 #if (NTDDI_VERSION >= NTDDI_LONGHORN) 604 typedef 605 NTSTATUS 606 (NTAPI *PKWIN32_WIN32DATACOLLECTION_CALLOUT)( 607 _In_ struct _EPROCESS *Process, 608 _In_ PVOID Callback, 609 _In_ PVOID Context 610 ); 611 #endif 612 613 // 614 // Lego Callback 615 // 616 typedef 617 VOID 618 (NTAPI *PLEGO_NOTIFY_ROUTINE)( 619 _In_ PKTHREAD Thread 620 ); 621 622 #endif 623 624 typedef NTSTATUS 625 (NTAPI *PPOST_PROCESS_INIT_ROUTINE)( 626 VOID 627 ); 628 629 // 630 // Descriptor Table Entry Definition 631 // 632 #if (_M_IX86) 633 #define _DESCRIPTOR_TABLE_ENTRY_DEFINED 634 typedef struct _DESCRIPTOR_TABLE_ENTRY 635 { 636 ULONG Selector; 637 LDT_ENTRY Descriptor; 638 } DESCRIPTOR_TABLE_ENTRY, *PDESCRIPTOR_TABLE_ENTRY; 639 #endif 640 641 // 642 // PEB Lock Routine 643 // 644 typedef VOID 645 (NTAPI *PPEBLOCKROUTINE)( 646 PVOID PebLock 647 ); 648 649 // 650 // PEB Free Block Descriptor 651 // 652 typedef struct _PEB_FREE_BLOCK 653 { 654 struct _PEB_FREE_BLOCK* Next; 655 ULONG Size; 656 } PEB_FREE_BLOCK, *PPEB_FREE_BLOCK; 657 658 // 659 // Initial PEB 660 // 661 typedef struct _INITIAL_PEB 662 { 663 BOOLEAN InheritedAddressSpace; 664 BOOLEAN ReadImageFileExecOptions; 665 BOOLEAN BeingDebugged; 666 union 667 { 668 BOOLEAN BitField; 669 #if (NTDDI_VERSION >= NTDDI_WS03) 670 struct 671 { 672 BOOLEAN ImageUsesLargePages:1; 673 #if (NTDDI_VERSION >= NTDDI_LONGHORN) 674 BOOLEAN IsProtectedProcess:1; 675 BOOLEAN IsLegacyProcess:1; 676 BOOLEAN SpareBits:5; 677 #else 678 BOOLEAN SpareBits:7; 679 #endif 680 }; 681 #else 682 BOOLEAN SpareBool; 683 #endif 684 }; 685 HANDLE Mutant; 686 } INITIAL_PEB, *PINITIAL_PEB; 687 688 // 689 // Initial TEB 690 // 691 typedef struct _INITIAL_TEB 692 { 693 PVOID PreviousStackBase; 694 PVOID PreviousStackLimit; 695 PVOID StackBase; 696 PVOID StackLimit; 697 PVOID AllocatedStackBase; 698 } INITIAL_TEB, *PINITIAL_TEB; 699 700 // 701 // TEB Active Frame Structures 702 // 703 typedef struct _TEB_ACTIVE_FRAME_CONTEXT 704 { 705 ULONG Flags; 706 LPSTR FrameName; 707 } TEB_ACTIVE_FRAME_CONTEXT, *PTEB_ACTIVE_FRAME_CONTEXT; 708 typedef const struct _TEB_ACTIVE_FRAME_CONTEXT *PCTEB_ACTIVE_FRAME_CONTEXT; 709 710 typedef struct _TEB_ACTIVE_FRAME_CONTEXT_EX 711 { 712 TEB_ACTIVE_FRAME_CONTEXT BasicContext; 713 PCSTR SourceLocation; 714 } TEB_ACTIVE_FRAME_CONTEXT_EX, *PTEB_ACTIVE_FRAME_CONTEXT_EX; 715 typedef const struct _TEB_ACTIVE_FRAME_CONTEXT_EX *PCTEB_ACTIVE_FRAME_CONTEXT_EX; 716 717 typedef struct _TEB_ACTIVE_FRAME 718 { 719 ULONG Flags; 720 struct _TEB_ACTIVE_FRAME *Previous; 721 PCTEB_ACTIVE_FRAME_CONTEXT Context; 722 } TEB_ACTIVE_FRAME, *PTEB_ACTIVE_FRAME; 723 typedef const struct _TEB_ACTIVE_FRAME *PCTEB_ACTIVE_FRAME; 724 725 typedef struct _TEB_ACTIVE_FRAME_EX 726 { 727 TEB_ACTIVE_FRAME BasicFrame; 728 PVOID ExtensionIdentifier; 729 } TEB_ACTIVE_FRAME_EX, *PTEB_ACTIVE_FRAME_EX; 730 typedef const struct _TEB_ACTIVE_FRAME_EX *PCTEB_ACTIVE_FRAME_EX; 731 732 typedef struct _CLIENT_ID32 733 { 734 ULONG UniqueProcess; 735 ULONG UniqueThread; 736 } CLIENT_ID32, *PCLIENT_ID32; 737 738 typedef struct _CLIENT_ID64 739 { 740 ULONG64 UniqueProcess; 741 ULONG64 UniqueThread; 742 } CLIENT_ID64, *PCLIENT_ID64; 743 744 #if (NTDDI_VERSION < NTDDI_WS03) 745 typedef struct _Wx86ThreadState 746 { 747 PULONG CallBx86Eip; 748 PVOID DeallocationCpu; 749 BOOLEAN UseKnownWx86Dll; 750 CHAR OleStubInvoked; 751 } Wx86ThreadState, *PWx86ThreadState; 752 #endif 753 754 // 755 // PEB.AppCompatFlags 756 // Tag FLAG_MASK_KERNEL 757 // 758 typedef enum _APPCOMPAT_FLAGS 759 { 760 GetShortPathNameNT4 = 0x1, 761 GetDiskFreeSpace2GB = 0x8, 762 FTMFromCurrentAPI = 0x20, 763 DisallowCOMBindingNotifications = 0x40, 764 Ole32ValidatePointers = 0x80, 765 DisableCicero = 0x100, 766 Ole32EnableAsyncDocFile = 0x200, 767 EnableLegacyExceptionHandlinginOLE = 0x400, 768 DisableAdvanceRPCClientHardening = 0x800, 769 DisableMaybeNULLSizeisConsistencycheck = 0x1000, 770 DisableAdvancedRPCrangeCheck = 0x4000, 771 EnableLegacyExceptionHandlingInRPC = 0x8000, 772 EnableLegacyNTFSFlagsForDocfileOpens = 0x10000, 773 DisableNDRIIDConsistencyCheck = 0x20000, 774 UserDisableForwarderPatch = 0x40000, 775 DisableNewWMPAINTDispatchInOLE = 0x100000, 776 DoNotAddToCache = 0x80000000, 777 } APPCOMPAT_FLAGS; 778 779 780 // 781 // PEB.AppCompatFlagsUser.LowPart 782 // Tag FLAG_MASK_USER 783 // 784 typedef enum _APPCOMPAT_USERFLAGS 785 { 786 DisableAnimation = 0x1, 787 DisableKeyboardCues = 0x2, 788 No50StylebitsInSetWindowLong = 0x4, 789 DisableDrawPatternRect = 0x8, 790 MSShellDialog = 0x10, 791 NoDDETerminateDuringDestroy = 0x20, 792 GiveupForeground = 0x40, 793 AlwaysActiveMenus = 0x80, 794 NoMouseHideInEdit = 0x100, 795 NoGdiBatching = 0x200, 796 FontSubstitution = 0x400, 797 No50StylebitsInCreateWindow = 0x800, 798 NoCustomPaperSizes = 0x1000, 799 AllTheDdeHacks = 0x2000, 800 UseDefaultCharset = 0x4000, 801 NoCharDeadKey = 0x8000, 802 NoTryExceptForWindowProc = 0x10000, 803 NoInitInsertReplaceFlags = 0x20000, 804 NoDdeSync = 0x40000, 805 NoGhost = 0x80000, 806 NoDdeAsyncReg = 0x100000, 807 StrictLLHook = 0x200000, 808 NoShadow = 0x400000, 809 NoTimerCallbackProtection = 0x1000000, 810 HighDpiAware = 0x2000000, 811 OpenGLEmfAware = 0x4000000, 812 EnableTransparantBltMirror = 0x8000000, 813 NoPaddedBorder = 0x10000000, 814 ForceLegacyResizeCM = 0x20000000, 815 HardwareAudioMixer = 0x40000000, 816 DisableSWCursorOnMoveSize = 0x80000000, 817 #if 0 818 DisableWindowArrangement = 0x100000000, 819 ReorderWaveForCommunications = 0x200000000, 820 NoGdiHwAcceleration = 0x400000000, 821 #endif 822 } APPCOMPAT_USERFLAGS; 823 824 // 825 // PEB.AppCompatFlagsUser.HighPart 826 // Tag FLAG_MASK_USER 827 // 828 typedef enum _APPCOMPAT_USERFLAGS_HIGHPART 829 { 830 DisableWindowArrangement = 0x1, 831 ReorderWaveForCommunications = 0x2, 832 NoGdiHwAcceleration = 0x4, 833 } APPCOMPAT_USERFLAGS_HIGHPART; 834 835 // 836 // Process Environment Block (PEB) 837 // Thread Environment Block (TEB) 838 // 839 #include "peb_teb.h" 840 841 #ifdef _WIN64 842 // 843 // Explicit 32 bit PEB/TEB 844 // 845 #define EXPLICIT_32BIT 846 #include "peb_teb.h" 847 #undef EXPLICIT_32BIT 848 849 // 850 // Explicit 64 bit PEB/TEB 851 // 852 #define EXPLICIT_64BIT 853 #include "peb_teb.h" 854 #undef EXPLICIT_64BIT 855 #endif 856 857 #ifdef NTOS_MODE_USER 858 859 // 860 // Process Information Structures for NtQueryProcessInformation 861 // 862 typedef struct _PROCESS_BASIC_INFORMATION 863 { 864 NTSTATUS ExitStatus; 865 PPEB PebBaseAddress; 866 ULONG_PTR AffinityMask; 867 KPRIORITY BasePriority; 868 ULONG_PTR UniqueProcessId; 869 ULONG_PTR InheritedFromUniqueProcessId; 870 } PROCESS_BASIC_INFORMATION, *PPROCESS_BASIC_INFORMATION; 871 872 typedef struct _PROCESS_ACCESS_TOKEN 873 { 874 HANDLE Token; 875 HANDLE Thread; 876 } PROCESS_ACCESS_TOKEN, *PPROCESS_ACCESS_TOKEN; 877 878 typedef struct _PROCESS_DEVICEMAP_INFORMATION 879 { 880 union 881 { 882 struct 883 { 884 HANDLE DirectoryHandle; 885 } Set; 886 struct 887 { 888 ULONG DriveMap; 889 UCHAR DriveType[32]; 890 } Query; 891 }; 892 } PROCESS_DEVICEMAP_INFORMATION, *PPROCESS_DEVICEMAP_INFORMATION; 893 894 typedef struct _KERNEL_USER_TIMES 895 { 896 LARGE_INTEGER CreateTime; 897 LARGE_INTEGER ExitTime; 898 LARGE_INTEGER KernelTime; 899 LARGE_INTEGER UserTime; 900 } KERNEL_USER_TIMES, *PKERNEL_USER_TIMES; 901 902 typedef struct _POOLED_USAGE_AND_LIMITS 903 { 904 SIZE_T PeakPagedPoolUsage; 905 SIZE_T PagedPoolUsage; 906 SIZE_T PagedPoolLimit; 907 SIZE_T PeakNonPagedPoolUsage; 908 SIZE_T NonPagedPoolUsage; 909 SIZE_T NonPagedPoolLimit; 910 SIZE_T PeakPagefileUsage; 911 SIZE_T PagefileUsage; 912 SIZE_T PagefileLimit; 913 } POOLED_USAGE_AND_LIMITS, *PPOOLED_USAGE_AND_LIMITS; 914 915 typedef struct _PROCESS_WS_WATCH_INFORMATION 916 { 917 PVOID FaultingPc; 918 PVOID FaultingVa; 919 } PROCESS_WS_WATCH_INFORMATION, *PPROCESS_WS_WATCH_INFORMATION; 920 921 typedef struct _PROCESS_SESSION_INFORMATION 922 { 923 ULONG SessionId; 924 } PROCESS_SESSION_INFORMATION, *PPROCESS_SESSION_INFORMATION; 925 926 typedef struct _PROCESS_HANDLE_TRACING_ENTRY 927 { 928 HANDLE Handle; 929 CLIENT_ID ClientId; 930 ULONG Type; 931 PVOID Stacks[PROCESS_HANDLE_TRACING_MAX_STACKS]; 932 } PROCESS_HANDLE_TRACING_ENTRY, *PPROCESS_HANDLE_TRACING_ENTRY; 933 934 typedef struct _PROCESS_HANDLE_TRACING_QUERY 935 { 936 HANDLE Handle; 937 ULONG TotalTraces; 938 PROCESS_HANDLE_TRACING_ENTRY HandleTrace[ANYSIZE_ARRAY]; 939 } PROCESS_HANDLE_TRACING_QUERY, *PPROCESS_HANDLE_TRACING_QUERY; 940 941 #endif 942 943 typedef struct _PROCESS_LDT_INFORMATION 944 { 945 ULONG Start; 946 ULONG Length; 947 LDT_ENTRY LdtEntries[ANYSIZE_ARRAY]; 948 } PROCESS_LDT_INFORMATION, *PPROCESS_LDT_INFORMATION; 949 950 typedef struct _PROCESS_LDT_SIZE 951 { 952 ULONG Length; 953 } PROCESS_LDT_SIZE, *PPROCESS_LDT_SIZE; 954 955 typedef struct _PROCESS_PRIORITY_CLASS 956 { 957 BOOLEAN Foreground; 958 UCHAR PriorityClass; 959 } PROCESS_PRIORITY_CLASS, *PPROCESS_PRIORITY_CLASS; 960 961 // Compatibility with windows, see CORE-16757, CORE-17106, CORE-17247 962 C_ASSERT(sizeof(PROCESS_PRIORITY_CLASS) == 2); 963 964 typedef struct _PROCESS_FOREGROUND_BACKGROUND 965 { 966 BOOLEAN Foreground; 967 } PROCESS_FOREGROUND_BACKGROUND, *PPROCESS_FOREGROUND_BACKGROUND; 968 969 // 970 // Apphelp SHIM Cache 971 // 972 typedef enum _APPHELPCACHESERVICECLASS 973 { 974 ApphelpCacheServiceLookup = 0, 975 ApphelpCacheServiceRemove = 1, 976 ApphelpCacheServiceUpdate = 2, 977 ApphelpCacheServiceFlush = 3, 978 ApphelpCacheServiceDump = 4, 979 980 ApphelpDBGReadRegistry = 0x100, 981 ApphelpDBGWriteRegistry = 0x101, 982 } APPHELPCACHESERVICECLASS; 983 984 985 typedef struct _APPHELP_CACHE_SERVICE_LOOKUP 986 { 987 UNICODE_STRING ImageName; 988 HANDLE ImageHandle; 989 } APPHELP_CACHE_SERVICE_LOOKUP, *PAPPHELP_CACHE_SERVICE_LOOKUP; 990 991 992 // 993 // Thread Information Structures for NtQueryProcessInformation 994 // 995 typedef struct _THREAD_BASIC_INFORMATION 996 { 997 NTSTATUS ExitStatus; 998 PVOID TebBaseAddress; 999 CLIENT_ID ClientId; 1000 KAFFINITY AffinityMask; 1001 KPRIORITY Priority; 1002 KPRIORITY BasePriority; 1003 } THREAD_BASIC_INFORMATION, *PTHREAD_BASIC_INFORMATION; 1004 1005 #ifndef NTOS_MODE_USER 1006 1007 // 1008 // Job Set Array 1009 // 1010 typedef struct _JOB_SET_ARRAY 1011 { 1012 HANDLE JobHandle; 1013 ULONG MemberLevel; 1014 ULONG Flags; 1015 } JOB_SET_ARRAY, *PJOB_SET_ARRAY; 1016 1017 // 1018 // Process Quota Type 1019 // 1020 typedef enum _PS_QUOTA_TYPE 1021 { 1022 PsNonPagedPool = 0, 1023 PsPagedPool, 1024 PsPageFile, 1025 #if (NTDDI_VERSION >= NTDDI_LONGHORN) 1026 PsWorkingSet, 1027 #endif 1028 #if (NTDDI_VERSION == NTDDI_LONGHORN) 1029 PsCpuRate, 1030 #endif 1031 PsQuotaTypes 1032 } PS_QUOTA_TYPE; 1033 1034 // 1035 // EPROCESS Quota Structures 1036 // 1037 typedef struct _EPROCESS_QUOTA_ENTRY 1038 { 1039 SIZE_T Usage; 1040 SIZE_T Limit; 1041 SIZE_T Peak; 1042 SIZE_T Return; 1043 } EPROCESS_QUOTA_ENTRY, *PEPROCESS_QUOTA_ENTRY; 1044 1045 typedef struct _EPROCESS_QUOTA_BLOCK 1046 { 1047 EPROCESS_QUOTA_ENTRY QuotaEntry[PsQuotaTypes]; 1048 LIST_ENTRY QuotaList; 1049 ULONG ReferenceCount; 1050 ULONG ProcessCount; 1051 } EPROCESS_QUOTA_BLOCK, *PEPROCESS_QUOTA_BLOCK; 1052 1053 // 1054 // Process Pagefault History 1055 // 1056 typedef struct _PAGEFAULT_HISTORY 1057 { 1058 ULONG CurrentIndex; 1059 ULONG MapIndex; 1060 KSPIN_LOCK SpinLock; 1061 PVOID Reserved; 1062 PROCESS_WS_WATCH_INFORMATION WatchInfo[1]; 1063 } PAGEFAULT_HISTORY, *PPAGEFAULT_HISTORY; 1064 1065 // 1066 // Process Impersonation Information 1067 // 1068 typedef struct _PS_IMPERSONATION_INFORMATION 1069 { 1070 PACCESS_TOKEN Token; 1071 BOOLEAN CopyOnOpen; 1072 BOOLEAN EffectiveOnly; 1073 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel; 1074 } PS_IMPERSONATION_INFORMATION, *PPS_IMPERSONATION_INFORMATION; 1075 1076 // 1077 // Process Termination Port 1078 // 1079 typedef struct _TERMINATION_PORT 1080 { 1081 struct _TERMINATION_PORT *Next; 1082 PVOID Port; 1083 } TERMINATION_PORT, *PTERMINATION_PORT; 1084 1085 // 1086 // Per-Process APC Rate Limiting 1087 // 1088 typedef struct _PSP_RATE_APC 1089 { 1090 union 1091 { 1092 SINGLE_LIST_ENTRY NextApc; 1093 ULONGLONG ExcessCycles; 1094 }; 1095 ULONGLONG TargetGEneration; 1096 KAPC RateApc; 1097 } PSP_RATE_APC, *PPSP_RATE_APC; 1098 1099 // 1100 // Executive Thread (ETHREAD) 1101 // 1102 typedef struct _ETHREAD 1103 { 1104 KTHREAD Tcb; 1105 LARGE_INTEGER CreateTime; 1106 union 1107 { 1108 LARGE_INTEGER ExitTime; 1109 LIST_ENTRY LpcReplyChain; 1110 LIST_ENTRY KeyedWaitChain; 1111 }; 1112 union 1113 { 1114 NTSTATUS ExitStatus; 1115 PVOID OfsChain; 1116 }; 1117 LIST_ENTRY PostBlockList; 1118 union 1119 { 1120 struct _TERMINATION_PORT *TerminationPort; 1121 struct _ETHREAD *ReaperLink; 1122 PVOID KeyedWaitValue; 1123 #if (NTDDI_VERSION >= NTDDI_LONGHORN) 1124 PVOID Win32StartParameter; 1125 #endif 1126 }; 1127 KSPIN_LOCK ActiveTimerListLock; 1128 LIST_ENTRY ActiveTimerListHead; 1129 CLIENT_ID Cid; 1130 #if (NTDDI_VERSION >= NTDDI_LONGHORN) 1131 KSEMAPHORE KeyedWaitSemaphore; 1132 #else 1133 union 1134 { 1135 KSEMAPHORE LpcReplySemaphore; 1136 KSEMAPHORE KeyedWaitSemaphore; 1137 }; 1138 union 1139 { 1140 PVOID LpcReplyMessage; 1141 PVOID LpcWaitingOnPort; 1142 }; 1143 #endif 1144 PPS_IMPERSONATION_INFORMATION ImpersonationInfo; 1145 LIST_ENTRY IrpList; 1146 ULONG_PTR TopLevelIrp; 1147 PDEVICE_OBJECT DeviceToVerify; 1148 #if (NTDDI_VERSION >= NTDDI_LONGHORN) 1149 PPSP_RATE_APC RateControlApc; 1150 #else 1151 struct _EPROCESS *ThreadsProcess; 1152 #endif 1153 PVOID Win32StartAddress; 1154 union 1155 { 1156 PKSTART_ROUTINE StartAddress; 1157 ULONG LpcReceivedMessageId; 1158 }; 1159 LIST_ENTRY ThreadListEntry; 1160 EX_RUNDOWN_REF RundownProtect; 1161 EX_PUSH_LOCK ThreadLock; 1162 #if (NTDDI_VERSION < NTDDI_LONGHORN) 1163 ULONG LpcReplyMessageId; 1164 #endif 1165 ULONG ReadClusterSize; 1166 #if (NTDDI_VERSION >= NTDDI_LONGHORN) 1167 ULONG SpareUlong0; 1168 #else 1169 ACCESS_MASK GrantedAccess; 1170 #endif 1171 union 1172 { 1173 struct 1174 { 1175 ULONG Terminated:1; 1176 #if (NTDDI_VERSION >= NTDDI_LONGHORN) 1177 ULONG ThreadInserted:1; 1178 #else 1179 ULONG DeadThread:1; 1180 #endif 1181 ULONG HideFromDebugger:1; 1182 ULONG ActiveImpersonationInfo:1; 1183 ULONG SystemThread:1; 1184 ULONG HardErrorsAreDisabled:1; 1185 ULONG BreakOnTermination:1; 1186 ULONG SkipCreationMsg:1; 1187 ULONG SkipTerminationMsg:1; 1188 #if (NTDDI_VERSION >= NTDDI_LONGHORN) 1189 ULONG CreateMsgSent:1; 1190 ULONG ThreadIoPriority:3; 1191 ULONG ThreadPagePriority:3; 1192 ULONG PendingRatecontrol:1; 1193 #endif 1194 }; 1195 ULONG CrossThreadFlags; 1196 }; 1197 union 1198 { 1199 struct 1200 { 1201 ULONG ActiveExWorker:1; 1202 ULONG ExWorkerCanWaitUser:1; 1203 ULONG MemoryMaker:1; 1204 ULONG KeyedEventInUse:1; 1205 #if (NTDDI_VERSION >= NTDDI_LONGHORN) 1206 ULONG RateApcState:2; 1207 #endif 1208 }; 1209 ULONG SameThreadPassiveFlags; 1210 }; 1211 union 1212 { 1213 struct 1214 { 1215 ULONG LpcReceivedMsgIdValid:1; 1216 ULONG LpcExitThreadCalled:1; 1217 #if (NTDDI_VERSION >= NTDDI_LONGHORN) 1218 ULONG Spare:1; 1219 #else 1220 ULONG AddressSpaceOwner:1; 1221 #endif 1222 ULONG OwnsProcessWorkingSetExclusive:1; 1223 ULONG OwnsProcessWorkingSetShared:1; 1224 ULONG OwnsSystemWorkingSetExclusive:1; 1225 ULONG OwnsSystemWorkingSetShared:1; 1226 ULONG OwnsSessionWorkingSetExclusive:1; 1227 ULONG OwnsSessionWorkingSetShared:1; 1228 #if (NTDDI_VERSION >= NTDDI_LONGHORN) 1229 ULONG SuppressSymbolLoad:1; 1230 ULONG Spare1:3; 1231 ULONG PriorityRegionActive:4; 1232 #else 1233 ULONG ApcNeeded:1; 1234 #endif 1235 }; 1236 ULONG SameThreadApcFlags; 1237 }; 1238 #if (NTDDI_VERSION >= NTDDI_LONGHORN) 1239 UCHAR CacheManagerActive; 1240 #else 1241 UCHAR ForwardClusterOnly; 1242 #endif 1243 UCHAR DisablePageFaultClustering; 1244 UCHAR ActiveFaultCount; 1245 #if (NTDDI_VERSION >= NTDDI_LONGHORN) 1246 ULONG AlpcMessageId; 1247 union 1248 { 1249 PVOID AlpcMessage; 1250 ULONG AlpcReceiveAttributeSet; 1251 }; 1252 LIST_ENTRY AlpcWaitListEntry; 1253 KSEMAPHORE AlpcWaitSemaphore; 1254 ULONG CacheManagerCount; 1255 #endif 1256 } ETHREAD; 1257 1258 // 1259 // Executive Process (EPROCESS) 1260 // 1261 typedef struct _EPROCESS 1262 { 1263 KPROCESS Pcb; 1264 EX_PUSH_LOCK ProcessLock; 1265 LARGE_INTEGER CreateTime; 1266 LARGE_INTEGER ExitTime; 1267 EX_RUNDOWN_REF RundownProtect; 1268 HANDLE UniqueProcessId; 1269 LIST_ENTRY ActiveProcessLinks; 1270 SIZE_T QuotaUsage[PsQuotaTypes]; 1271 SIZE_T QuotaPeak[PsQuotaTypes]; 1272 SIZE_T CommitCharge; 1273 SIZE_T PeakVirtualSize; 1274 SIZE_T VirtualSize; 1275 LIST_ENTRY SessionProcessLinks; 1276 PVOID DebugPort; 1277 #if (NTDDI_VERSION >= NTDDI_LONGHORN) 1278 union 1279 { 1280 PVOID ExceptionPortData; 1281 ULONG ExceptionPortValue; 1282 UCHAR ExceptionPortState:3; 1283 }; 1284 #else 1285 PVOID ExceptionPort; 1286 #endif 1287 PHANDLE_TABLE ObjectTable; 1288 EX_FAST_REF Token; 1289 PFN_NUMBER WorkingSetPage; 1290 #if (NTDDI_VERSION >= NTDDI_LONGHORN) 1291 EX_PUSH_LOCK AddressCreationLock; 1292 PETHREAD RotateInProgress; 1293 #else 1294 KGUARDED_MUTEX AddressCreationLock; 1295 KSPIN_LOCK HyperSpaceLock; 1296 #endif 1297 PETHREAD ForkInProgress; 1298 ULONG_PTR HardwareTrigger; 1299 PMM_AVL_TABLE PhysicalVadRoot; 1300 PVOID CloneRoot; 1301 PFN_NUMBER NumberOfPrivatePages; 1302 PFN_NUMBER NumberOfLockedPages; 1303 PVOID *Win32Process; 1304 struct _EJOB *Job; 1305 PVOID SectionObject; 1306 PVOID SectionBaseAddress; 1307 PEPROCESS_QUOTA_BLOCK QuotaBlock; 1308 PPAGEFAULT_HISTORY WorkingSetWatch; 1309 PVOID Win32WindowStation; 1310 HANDLE InheritedFromUniqueProcessId; 1311 PVOID LdtInformation; 1312 PVOID VadFreeHint; 1313 PVOID VdmObjects; 1314 PVOID DeviceMap; 1315 #if (NTDDI_VERSION >= NTDDI_LONGHORN) 1316 PVOID EtwDataSource; 1317 PVOID FreeTebHint; 1318 #else 1319 PVOID Spare0[3]; 1320 #endif 1321 union 1322 { 1323 HARDWARE_PTE PageDirectoryPte; 1324 ULONGLONG Filler; 1325 }; 1326 PVOID Session; 1327 CHAR ImageFileName[16]; 1328 LIST_ENTRY JobLinks; 1329 PVOID LockedPagesList; 1330 LIST_ENTRY ThreadListHead; 1331 PVOID SecurityPort; 1332 #ifdef _M_AMD64 1333 struct _WOW64_PROCESS *Wow64Process; 1334 #else 1335 PVOID PaeTop; 1336 #endif 1337 ULONG ActiveThreads; 1338 #if (NTDDI_VERSION >= NTDDI_LONGHORN) 1339 ULONG ImagePathHash; 1340 #else 1341 ACCESS_MASK GrantedAccess; 1342 #endif 1343 ULONG DefaultHardErrorProcessing; 1344 NTSTATUS LastThreadExitStatus; 1345 struct _PEB* Peb; 1346 EX_FAST_REF PrefetchTrace; 1347 LARGE_INTEGER ReadOperationCount; 1348 LARGE_INTEGER WriteOperationCount; 1349 LARGE_INTEGER OtherOperationCount; 1350 LARGE_INTEGER ReadTransferCount; 1351 LARGE_INTEGER WriteTransferCount; 1352 LARGE_INTEGER OtherTransferCount; 1353 SIZE_T CommitChargeLimit; 1354 SIZE_T CommitChargePeak; 1355 PVOID AweInfo; 1356 SE_AUDIT_PROCESS_CREATION_INFO SeAuditProcessCreationInfo; 1357 MMSUPPORT Vm; 1358 #ifdef _M_AMD64 1359 ULONG Spares[2]; 1360 #else 1361 LIST_ENTRY MmProcessLinks; 1362 #endif 1363 ULONG ModifiedPageCount; 1364 #if (NTDDI_VERSION >= NTDDI_LONGHORN) 1365 union 1366 { 1367 struct 1368 { 1369 ULONG JobNotReallyActive:1; 1370 ULONG AccountingFolded:1; 1371 ULONG NewProcessReported:1; 1372 ULONG ExitProcessReported:1; 1373 ULONG ReportCommitChanges:1; 1374 ULONG LastReportMemory:1; 1375 ULONG ReportPhysicalPageChanges:1; 1376 ULONG HandleTableRundown:1; 1377 ULONG NeedsHandleRundown:1; 1378 ULONG RefTraceEnabled:1; 1379 ULONG NumaAware:1; 1380 ULONG ProtectedProcess:1; 1381 ULONG DefaultPagePriority:3; 1382 ULONG ProcessDeleteSelf:1; 1383 ULONG ProcessVerifierTarget:1; 1384 }; 1385 ULONG Flags2; 1386 }; 1387 #else 1388 ULONG JobStatus; 1389 #endif 1390 union 1391 { 1392 struct 1393 { 1394 ULONG CreateReported:1; 1395 ULONG NoDebugInherit:1; 1396 ULONG ProcessExiting:1; 1397 ULONG ProcessDelete:1; 1398 ULONG Wow64SplitPages:1; 1399 ULONG VmDeleted:1; 1400 ULONG OutswapEnabled:1; 1401 ULONG Outswapped:1; 1402 ULONG ForkFailed:1; 1403 ULONG Wow64VaSpace4Gb:1; 1404 ULONG AddressSpaceInitialized:2; 1405 ULONG SetTimerResolution:1; 1406 ULONG BreakOnTermination:1; 1407 #if (NTDDI_VERSION >= NTDDI_LONGHORN) 1408 ULONG DeprioritizeViews:1; 1409 #else 1410 ULONG SessionCreationUnderway:1; 1411 #endif 1412 ULONG WriteWatch:1; 1413 ULONG ProcessInSession:1; 1414 ULONG OverrideAddressSpace:1; 1415 ULONG HasAddressSpace:1; 1416 ULONG LaunchPrefetched:1; 1417 ULONG InjectInpageErrors:1; 1418 ULONG VmTopDown:1; 1419 ULONG ImageNotifyDone:1; 1420 ULONG PdeUpdateNeeded:1; 1421 ULONG VdmAllowed:1; 1422 ULONG SmapAllowed:1; 1423 #if (NTDDI_VERSION >= NTDDI_LONGHORN) 1424 ULONG ProcessInserted:1; 1425 #else 1426 ULONG CreateFailed:1; 1427 #endif 1428 ULONG DefaultIoPriority:3; 1429 #if (NTDDI_VERSION >= NTDDI_LONGHORN) 1430 ULONG SparePsFlags1:2; 1431 #else 1432 ULONG Spare1:1; 1433 ULONG Spare2:1; 1434 #endif 1435 }; 1436 ULONG Flags; 1437 }; 1438 NTSTATUS ExitStatus; 1439 #if (NTDDI_VERSION >= NTDDI_LONGHORN) 1440 USHORT Spare7; 1441 #else 1442 USHORT NextPageColor; 1443 #endif 1444 union 1445 { 1446 struct 1447 { 1448 UCHAR SubSystemMinorVersion; 1449 UCHAR SubSystemMajorVersion; 1450 }; 1451 USHORT SubSystemVersion; 1452 }; 1453 UCHAR PriorityClass; 1454 MM_AVL_TABLE VadRoot; 1455 ULONG Cookie; 1456 } EPROCESS; 1457 1458 // 1459 // Job Token Filter Data 1460 // 1461 #include <pshpack1.h> 1462 typedef struct _PS_JOB_TOKEN_FILTER 1463 { 1464 ULONG CapturedSidCount; 1465 PSID_AND_ATTRIBUTES CapturedSids; 1466 ULONG CapturedSidsLength; 1467 ULONG CapturedGroupCount; 1468 PSID_AND_ATTRIBUTES CapturedGroups; 1469 ULONG CapturedGroupsLength; 1470 ULONG CapturedPrivilegeCount; 1471 PLUID_AND_ATTRIBUTES CapturedPrivileges; 1472 ULONG CapturedPrivilegesLength; 1473 } PS_JOB_TOKEN_FILTER, *PPS_JOB_TOKEN_FILTER; 1474 1475 // 1476 // Executive Job (EJOB) 1477 // 1478 typedef struct _EJOB 1479 { 1480 KEVENT Event; 1481 LIST_ENTRY JobLinks; 1482 LIST_ENTRY ProcessListHead; 1483 ERESOURCE JobLock; 1484 LARGE_INTEGER TotalUserTime; 1485 LARGE_INTEGER TotalKernelTime; 1486 LARGE_INTEGER ThisPeriodTotalUserTime; 1487 LARGE_INTEGER ThisPeriodTotalKernelTime; 1488 ULONG TotalPageFaultCount; 1489 ULONG TotalProcesses; 1490 ULONG ActiveProcesses; 1491 ULONG TotalTerminatedProcesses; 1492 LARGE_INTEGER PerProcessUserTimeLimit; 1493 LARGE_INTEGER PerJobUserTimeLimit; 1494 ULONG LimitFlags; 1495 ULONG MinimumWorkingSetSize; 1496 ULONG MaximumWorkingSetSize; 1497 ULONG ActiveProcessLimit; 1498 ULONG Affinity; 1499 UCHAR PriorityClass; 1500 ULONG UIRestrictionsClass; 1501 ULONG SecurityLimitFlags; 1502 PVOID Token; 1503 PPS_JOB_TOKEN_FILTER Filter; 1504 ULONG EndOfJobTimeAction; 1505 PVOID CompletionPort; 1506 PVOID CompletionKey; 1507 ULONG SessionId; 1508 ULONG SchedulingClass; 1509 ULONGLONG ReadOperationCount; 1510 ULONGLONG WriteOperationCount; 1511 ULONGLONG OtherOperationCount; 1512 ULONGLONG ReadTransferCount; 1513 ULONGLONG WriteTransferCount; 1514 ULONGLONG OtherTransferCount; 1515 IO_COUNTERS IoInfo; 1516 ULONG ProcessMemoryLimit; 1517 ULONG JobMemoryLimit; 1518 ULONG PeakProcessMemoryUsed; 1519 ULONG PeakJobMemoryUsed; 1520 ULONG CurrentJobMemoryUsed; 1521 #if (NTDDI_VERSION >= NTDDI_WINXP) && (NTDDI_VERSION < NTDDI_WS03) 1522 FAST_MUTEX MemoryLimitsLock; 1523 #elif (NTDDI_VERSION >= NTDDI_WS03) && (NTDDI_VERSION < NTDDI_LONGHORN) 1524 KGUARDED_MUTEX MemoryLimitsLock; 1525 #elif (NTDDI_VERSION >= NTDDI_LONGHORN) 1526 EX_PUSH_LOCK MemoryLimitsLock; 1527 #endif 1528 LIST_ENTRY JobSetLinks; 1529 ULONG MemberLevel; 1530 ULONG JobFlags; 1531 } EJOB, *PEJOB; 1532 #include <poppack.h> 1533 1534 // 1535 // Job Information Structures for NtQueryInformationJobObject 1536 // 1537 1538 typedef struct _JOBOBJECT_BASIC_ACCOUNTING_INFORMATION 1539 { 1540 LARGE_INTEGER TotalUserTime; 1541 LARGE_INTEGER TotalKernelTime; 1542 LARGE_INTEGER ThisPeriodTotalUserTime; 1543 LARGE_INTEGER ThisPeriodTotalKernelTime; 1544 ULONG TotalPageFaultCount; 1545 ULONG TotalProcesses; 1546 ULONG ActiveProcesses; 1547 ULONG TotalTerminatedProcesses; 1548 } JOBOBJECT_BASIC_ACCOUNTING_INFORMATION, *PJOBOBJECT_BASIC_ACCOUNTING_INFORMATION; 1549 1550 typedef struct _JOBOBJECT_BASIC_LIMIT_INFORMATION 1551 { 1552 LARGE_INTEGER PerProcessUserTimeLimit; 1553 LARGE_INTEGER PerJobUserTimeLimit; 1554 ULONG LimitFlags; 1555 SIZE_T MinimumWorkingSetSize; 1556 SIZE_T MaximumWorkingSetSize; 1557 ULONG ActiveProcessLimit; 1558 ULONG_PTR Affinity; 1559 ULONG PriorityClass; 1560 ULONG SchedulingClass; 1561 } JOBOBJECT_BASIC_LIMIT_INFORMATION, *PJOBOBJECT_BASIC_LIMIT_INFORMATION; 1562 1563 typedef struct _JOBOBJECT_BASIC_PROCESS_ID_LIST 1564 { 1565 ULONG NumberOfAssignedProcesses; 1566 ULONG NumberOfProcessIdsInList; 1567 ULONG_PTR ProcessIdList[1]; 1568 } JOBOBJECT_BASIC_PROCESS_ID_LIST, *PJOBOBJECT_BASIC_PROCESS_ID_LIST; 1569 1570 typedef struct _JOBOBJECT_BASIC_UI_RESTRICTIONS 1571 { 1572 ULONG UIRestrictionsClass; 1573 } JOBOBJECT_BASIC_UI_RESTRICTIONS, *PJOBOBJECT_BASIC_UI_RESTRICTIONS; 1574 1575 typedef struct _JOBOBJECT_SECURITY_LIMIT_INFORMATION 1576 { 1577 ULONG SecurityLimitFlags; 1578 HANDLE JobToken; 1579 PTOKEN_GROUPS SidsToDisable; 1580 PTOKEN_PRIVILEGES PrivilegesToDelete; 1581 PTOKEN_GROUPS RestrictedSids; 1582 } JOBOBJECT_SECURITY_LIMIT_INFORMATION, *PJOBOBJECT_SECURITY_LIMIT_INFORMATION; 1583 1584 typedef struct _JOBOBJECT_END_OF_JOB_TIME_INFORMATION 1585 { 1586 ULONG EndOfJobTimeAction; 1587 } JOBOBJECT_END_OF_JOB_TIME_INFORMATION, PJOBOBJECT_END_OF_JOB_TIME_INFORMATION; 1588 1589 typedef struct _JOBOBJECT_ASSOCIATE_COMPLETION_PORT 1590 { 1591 PVOID CompletionKey; 1592 HANDLE CompletionPort; 1593 } JOBOBJECT_ASSOCIATE_COMPLETION_PORT, *PJOBOBJECT_ASSOCIATE_COMPLETION_PORT; 1594 1595 typedef struct JOBOBJECT_BASIC_AND_IO_ACCOUNTING_INFORMATION 1596 { 1597 JOBOBJECT_BASIC_ACCOUNTING_INFORMATION BasicInfo; 1598 IO_COUNTERS IoInfo; 1599 } JOBOBJECT_BASIC_AND_IO_ACCOUNTING_INFORMATION, *PJOBOBJECT_BASIC_AND_IO_ACCOUNTING_INFORMATION; 1600 1601 typedef struct _JOBOBJECT_EXTENDED_LIMIT_INFORMATION 1602 { 1603 JOBOBJECT_BASIC_LIMIT_INFORMATION BasicLimitInformation; 1604 IO_COUNTERS IoInfo; 1605 SIZE_T ProcessMemoryLimit; 1606 SIZE_T JobMemoryLimit; 1607 SIZE_T PeakProcessMemoryUsed; 1608 SIZE_T PeakJobMemoryUsed; 1609 } JOBOBJECT_EXTENDED_LIMIT_INFORMATION, *PJOBOBJECT_EXTENDED_LIMIT_INFORMATION; 1610 1611 1612 // 1613 // Win32K Callback Registration Data 1614 // 1615 typedef struct _WIN32_POWEREVENT_PARAMETERS 1616 { 1617 PSPOWEREVENTTYPE EventNumber; 1618 ULONG Code; 1619 } WIN32_POWEREVENT_PARAMETERS, *PWIN32_POWEREVENT_PARAMETERS; 1620 1621 typedef struct _WIN32_POWERSTATE_PARAMETERS 1622 { 1623 UCHAR Promotion; 1624 POWER_ACTION SystemAction; 1625 SYSTEM_POWER_STATE MinSystemState; 1626 ULONG Flags; 1627 POWERSTATETASK PowerStateTask; 1628 } WIN32_POWERSTATE_PARAMETERS, *PWIN32_POWERSTATE_PARAMETERS; 1629 1630 typedef struct _WIN32_JOBCALLOUT_PARAMETERS 1631 { 1632 PVOID Job; 1633 PSW32JOBCALLOUTTYPE CalloutType; 1634 PVOID Data; 1635 } WIN32_JOBCALLOUT_PARAMETERS, *PWIN32_JOBCALLOUT_PARAMETERS; 1636 1637 typedef struct _WIN32_OPENMETHOD_PARAMETERS 1638 { 1639 OB_OPEN_REASON OpenReason; 1640 PEPROCESS Process; 1641 PVOID Object; 1642 ULONG GrantedAccess; 1643 ULONG HandleCount; 1644 } WIN32_OPENMETHOD_PARAMETERS, *PWIN32_OPENMETHOD_PARAMETERS; 1645 1646 typedef struct _WIN32_OKAYTOCLOSEMETHOD_PARAMETERS 1647 { 1648 PEPROCESS Process; 1649 PVOID Object; 1650 HANDLE Handle; 1651 KPROCESSOR_MODE PreviousMode; 1652 } WIN32_OKAYTOCLOSEMETHOD_PARAMETERS, *PWIN32_OKAYTOCLOSEMETHOD_PARAMETERS; 1653 1654 typedef struct _WIN32_CLOSEMETHOD_PARAMETERS 1655 { 1656 PEPROCESS Process; 1657 PVOID Object; 1658 ACCESS_MASK AccessMask; 1659 ULONG ProcessHandleCount; 1660 ULONG SystemHandleCount; 1661 } WIN32_CLOSEMETHOD_PARAMETERS, *PWIN32_CLOSEMETHOD_PARAMETERS; 1662 1663 typedef struct _WIN32_DELETEMETHOD_PARAMETERS 1664 { 1665 PVOID Object; 1666 } WIN32_DELETEMETHOD_PARAMETERS, *PWIN32_DELETEMETHOD_PARAMETERS; 1667 1668 typedef struct _WIN32_PARSEMETHOD_PARAMETERS 1669 { 1670 PVOID ParseObject; 1671 PVOID ObjectType; 1672 PACCESS_STATE AccessState; 1673 KPROCESSOR_MODE AccessMode; 1674 ULONG Attributes; 1675 _Out_ PUNICODE_STRING CompleteName; 1676 PUNICODE_STRING RemainingName; 1677 PVOID Context; 1678 PSECURITY_QUALITY_OF_SERVICE SecurityQos; 1679 PVOID *Object; 1680 } WIN32_PARSEMETHOD_PARAMETERS, *PWIN32_PARSEMETHOD_PARAMETERS; 1681 1682 typedef struct _WIN32_CALLOUTS_FPNS 1683 { 1684 PKWIN32_PROCESS_CALLOUT ProcessCallout; 1685 PKWIN32_THREAD_CALLOUT ThreadCallout; 1686 PKWIN32_GLOBALATOMTABLE_CALLOUT GlobalAtomTableCallout; 1687 PKWIN32_POWEREVENT_CALLOUT PowerEventCallout; 1688 PKWIN32_POWERSTATE_CALLOUT PowerStateCallout; 1689 PKWIN32_JOB_CALLOUT JobCallout; 1690 PGDI_BATCHFLUSH_ROUTINE BatchFlushRoutine; 1691 PKWIN32_SESSION_CALLOUT DesktopOpenProcedure; 1692 PKWIN32_SESSION_CALLOUT DesktopOkToCloseProcedure; 1693 PKWIN32_SESSION_CALLOUT DesktopCloseProcedure; 1694 PKWIN32_SESSION_CALLOUT DesktopDeleteProcedure; 1695 PKWIN32_SESSION_CALLOUT WindowStationOkToCloseProcedure; 1696 PKWIN32_SESSION_CALLOUT WindowStationCloseProcedure; 1697 PKWIN32_SESSION_CALLOUT WindowStationDeleteProcedure; 1698 PKWIN32_SESSION_CALLOUT WindowStationParseProcedure; 1699 PKWIN32_SESSION_CALLOUT WindowStationOpenProcedure; 1700 #if (NTDDI_VERSION >= NTDDI_LONGHORN) 1701 PKWIN32_WIN32DATACOLLECTION_CALLOUT Win32DataCollectionProcedure; 1702 #endif 1703 } WIN32_CALLOUTS_FPNS, *PWIN32_CALLOUTS_FPNS; 1704 1705 #endif // !NTOS_MODE_USER 1706 1707 #ifdef __cplusplus 1708 }; // extern "C" 1709 #endif 1710 1711 #endif // _PSTYPES_H 1712