xref: /reactos/sdk/include/ndk/pstypes.h (revision fd3c571d)
1 /*++ NDK Version: 0098
2 
3 Copyright (c) Alex Ionescu.  All rights reserved.
4 
5 Header Name:
6 
7     pstypes.h
8 
9 Abstract:
10 
11     Type definitions for the Process Manager
12 
13 Author:
14 
15     Alex Ionescu (alexi@tinykrnl.org) - Updated - 27-Feb-2006
16 
17 --*/
18 
19 #ifndef _PSTYPES_H
20 #define _PSTYPES_H
21 
22 //
23 // Dependencies
24 //
25 #include <umtypes.h>
26 #include <ldrtypes.h>
27 #include <mmtypes.h>
28 #include <obtypes.h>
29 #include <rtltypes.h>
30 #ifndef NTOS_MODE_USER
31 #include <extypes.h>
32 #include <setypes.h>
33 #endif
34 
35 #ifdef __cplusplus
36 extern "C" {
37 #endif
38 
39 #ifndef NTOS_MODE_USER
40 
41 //
42 // Kernel Exported Object Types
43 //
44 extern POBJECT_TYPE NTSYSAPI PsJobType;
45 
46 #endif // !NTOS_MODE_USER
47 
48 //
49 // KUSER_SHARED_DATA location in User Mode
50 //
51 #define USER_SHARED_DATA                        (0x7FFE0000)
52 
53 //
54 // Global Flags
55 //
56 #define FLG_STOP_ON_EXCEPTION                   0x00000001
57 #define FLG_SHOW_LDR_SNAPS                      0x00000002
58 #define FLG_DEBUG_INITIAL_COMMAND               0x00000004
59 #define FLG_STOP_ON_HUNG_GUI                    0x00000008
60 #define FLG_HEAP_ENABLE_TAIL_CHECK              0x00000010
61 #define FLG_HEAP_ENABLE_FREE_CHECK              0x00000020
62 #define FLG_HEAP_VALIDATE_PARAMETERS            0x00000040
63 #define FLG_HEAP_VALIDATE_ALL                   0x00000080
64 #define FLG_APPLICATION_VERIFIER                0x00000100
65 #define FLG_POOL_ENABLE_TAGGING                 0x00000400
66 #define FLG_HEAP_ENABLE_TAGGING                 0x00000800
67 #define FLG_USER_STACK_TRACE_DB                 0x00001000
68 #define FLG_KERNEL_STACK_TRACE_DB               0x00002000
69 #define FLG_MAINTAIN_OBJECT_TYPELIST            0x00004000
70 #define FLG_HEAP_ENABLE_TAG_BY_DLL              0x00008000
71 #define FLG_DISABLE_STACK_EXTENSION             0x00010000
72 #define FLG_ENABLE_CSRDEBUG                     0x00020000
73 #define FLG_ENABLE_KDEBUG_SYMBOL_LOAD           0x00040000
74 #define FLG_DISABLE_PAGE_KERNEL_STACKS          0x00080000
75 #if (NTDDI_VERSION < NTDDI_WINXP)
76 #define FLG_HEAP_ENABLE_CALL_TRACING            0x00100000
77 #else
78 #define FLG_ENABLE_SYSTEM_CRIT_BREAKS           0x00100000
79 #endif
80 #define FLG_HEAP_DISABLE_COALESCING             0x00200000
81 #define FLG_ENABLE_CLOSE_EXCEPTIONS             0x00400000
82 #define FLG_ENABLE_EXCEPTION_LOGGING            0x00800000
83 #define FLG_ENABLE_HANDLE_TYPE_TAGGING          0x01000000
84 #define FLG_HEAP_PAGE_ALLOCS                    0x02000000
85 #define FLG_DEBUG_INITIAL_COMMAND_EX            0x04000000
86 #define FLG_DISABLE_DEBUG_PROMPTS               0x08000000 // ReactOS-specific
87 #define FLG_VALID_BITS                          0x0FFFFFFF
88 
89 //
90 // Flags for NtCreateProcessEx
91 //
92 #define PROCESS_CREATE_FLAGS_BREAKAWAY              0x00000001
93 #define PROCESS_CREATE_FLAGS_NO_DEBUG_INHERIT       0x00000002
94 #define PROCESS_CREATE_FLAGS_INHERIT_HANDLES        0x00000004
95 #define PROCESS_CREATE_FLAGS_OVERRIDE_ADDRESS_SPACE 0x00000008
96 #define PROCESS_CREATE_FLAGS_LARGE_PAGES            0x00000010
97 #define PROCESS_CREATE_FLAGS_ALL_LARGE_PAGE_FLAGS   PROCESS_CREATE_FLAGS_LARGE_PAGES
98 #define PROCESS_CREATE_FLAGS_LEGAL_MASK             (PROCESS_CREATE_FLAGS_BREAKAWAY | \
99                                                      PROCESS_CREATE_FLAGS_NO_DEBUG_INHERIT | \
100                                                      PROCESS_CREATE_FLAGS_INHERIT_HANDLES | \
101                                                      PROCESS_CREATE_FLAGS_OVERRIDE_ADDRESS_SPACE | \
102                                                      PROCESS_CREATE_FLAGS_ALL_LARGE_PAGE_FLAGS)
103 
104 //
105 // Process priority classes
106 //
107 #define PROCESS_PRIORITY_CLASS_INVALID          0
108 #define PROCESS_PRIORITY_CLASS_IDLE             1
109 #define PROCESS_PRIORITY_CLASS_NORMAL           2
110 #define PROCESS_PRIORITY_CLASS_HIGH             3
111 #define PROCESS_PRIORITY_CLASS_REALTIME         4
112 #define PROCESS_PRIORITY_CLASS_BELOW_NORMAL     5
113 #define PROCESS_PRIORITY_CLASS_ABOVE_NORMAL     6
114 
115 //
116 // Process base priorities
117 //
118 #define PROCESS_PRIORITY_IDLE                   3
119 #define PROCESS_PRIORITY_NORMAL                 8
120 #define PROCESS_PRIORITY_NORMAL_FOREGROUND      9
121 
122 //
123 // Process memory priorities
124 //
125 #define MEMORY_PRIORITY_BACKGROUND             0
126 #define MEMORY_PRIORITY_UNKNOWN                1
127 #define MEMORY_PRIORITY_FOREGROUND             2
128 
129 //
130 // Process Priority Separation Values (OR)
131 //
132 #define PSP_DEFAULT_QUANTUMS                    0x00
133 #define PSP_VARIABLE_QUANTUMS                   0x04
134 #define PSP_FIXED_QUANTUMS                      0x08
135 #define PSP_LONG_QUANTUMS                       0x10
136 #define PSP_SHORT_QUANTUMS                      0x20
137 
138 //
139 // Process Handle Tracing Values
140 //
141 #define PROCESS_HANDLE_TRACE_TYPE_OPEN          1
142 #define PROCESS_HANDLE_TRACE_TYPE_CLOSE         2
143 #define PROCESS_HANDLE_TRACE_TYPE_BADREF        3
144 #define PROCESS_HANDLE_TRACING_MAX_STACKS       16
145 
146 #ifndef NTOS_MODE_USER
147 //
148 // Thread Access Types
149 //
150 #define THREAD_QUERY_INFORMATION                0x0040
151 #define THREAD_SET_THREAD_TOKEN                 0x0080
152 #define THREAD_IMPERSONATE                      0x0100
153 #define THREAD_DIRECT_IMPERSONATION             0x0200
154 
155 //
156 // Process Access Types
157 //
158 #define PROCESS_TERMINATE                       0x0001
159 #define PROCESS_CREATE_THREAD                   0x0002
160 #define PROCESS_SET_SESSIONID                   0x0004
161 #define PROCESS_VM_OPERATION                    0x0008
162 #define PROCESS_VM_READ                         0x0010
163 #define PROCESS_VM_WRITE                        0x0020
164 #define PROCESS_CREATE_PROCESS                  0x0080
165 #define PROCESS_SET_QUOTA                       0x0100
166 #define PROCESS_SET_INFORMATION                 0x0200
167 #define PROCESS_QUERY_INFORMATION               0x0400
168 #define PROCESS_SUSPEND_RESUME                  0x0800
169 #define PROCESS_QUERY_LIMITED_INFORMATION       0x1000
170 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
171 #define PROCESS_ALL_ACCESS                      (STANDARD_RIGHTS_REQUIRED | \
172                                                  SYNCHRONIZE | \
173                                                  0xFFFF)
174 #else
175 #define PROCESS_ALL_ACCESS                      (STANDARD_RIGHTS_REQUIRED | \
176                                                  SYNCHRONIZE | \
177                                                  0xFFF)
178 #endif
179 
180 //
181 // Thread Base Priorities
182 //
183 #define THREAD_BASE_PRIORITY_LOWRT              15
184 #define THREAD_BASE_PRIORITY_MAX                2
185 #define THREAD_BASE_PRIORITY_MIN                -2
186 #define THREAD_BASE_PRIORITY_IDLE               -15
187 
188 //
189 // TLS Slots
190 //
191 #define TLS_MINIMUM_AVAILABLE                   64
192 
193 //
194 // TEB Active Frame Flags
195 //
196 #define TEB_ACTIVE_FRAME_CONTEXT_FLAG_EXTENDED 	0x1
197 
198 //
199 // Job Access Types
200 //
201 #define JOB_OBJECT_ASSIGN_PROCESS               0x1
202 #define JOB_OBJECT_SET_ATTRIBUTES               0x2
203 #define JOB_OBJECT_QUERY                        0x4
204 #define JOB_OBJECT_TERMINATE                    0x8
205 #define JOB_OBJECT_SET_SECURITY_ATTRIBUTES      0x10
206 #define JOB_OBJECT_ALL_ACCESS                   (STANDARD_RIGHTS_REQUIRED | \
207                                                  SYNCHRONIZE | \
208                                                  31)
209 
210 //
211 // Job Limit Flags
212 //
213 #define JOB_OBJECT_LIMIT_WORKINGSET             0x1
214 #define JOB_OBJECT_LIMIT_PROCESS_TIME           0x2
215 #define JOB_OBJECT_LIMIT_JOB_TIME               0x4
216 #define JOB_OBJECT_LIMIT_ACTIVE_PROCESS         0x8
217 #define JOB_OBJECT_LIMIT_AFFINITY               0x10
218 #define JOB_OBJECT_LIMIT_PRIORITY_CLASS         0x20
219 #define JOB_OBJECT_LIMIT_PRESERVE_JOB_TIME      0x40
220 #define JOB_OBJECT_LIMIT_SCHEDULING_CLASS       0x80
221 #define JOB_OBJECT_LIMIT_PROCESS_MEMORY         0x100
222 #define JOB_OBJECT_LIMIT_JOB_MEMORY             0x200
223 #define JOB_OBJECT_LIMIT_DIE_ON_UNHANDLED_EXCEPTION 0x400
224 #define JOB_OBJECT_LIMIT_BREAKAWAY_OK           0x800
225 #define JOB_OBJECT_LIMIT_SILENT_BREAKAWAY_OK    0x1000
226 #define JOB_OBJECT_LIMIT_KILL_ON_JOB_CLOSE      0x2000
227 
228 //
229 // Job Security Limit Flags
230 //
231 #define JOB_OBJECT_SECURITY_NO_ADMIN            0x0001
232 #define JOB_OBJECT_SECURITY_RESTRICTED_TOKEN    0x0002
233 #define JOB_OBJECT_SECURITY_ONLY_TOKEN          0x0004
234 #define JOB_OBJECT_SECURITY_FILTER_TOKENS       0x0008
235 
236 //
237 // Cross Thread Flags
238 //
239 #define CT_TERMINATED_BIT                       0x1
240 #define CT_DEAD_THREAD_BIT                      0x2
241 #define CT_HIDE_FROM_DEBUGGER_BIT               0x4
242 #define CT_ACTIVE_IMPERSONATION_INFO_BIT        0x8
243 #define CT_SYSTEM_THREAD_BIT                    0x10
244 #define CT_HARD_ERRORS_ARE_DISABLED_BIT         0x20
245 #define CT_BREAK_ON_TERMINATION_BIT             0x40
246 #define CT_SKIP_CREATION_MSG_BIT                0x80
247 #define CT_SKIP_TERMINATION_MSG_BIT             0x100
248 
249 //
250 // Same Thread Passive Flags
251 //
252 #define STP_ACTIVE_EX_WORKER_BIT                0x1
253 #define STP_EX_WORKER_CAN_WAIT_USER_BIT         0x2
254 #define STP_MEMORY_MAKER_BIT                    0x4
255 #define STP_KEYED_EVENT_IN_USE_BIT              0x8
256 
257 //
258 // Same Thread APC Flags
259 //
260 #define STA_LPC_RECEIVED_MSG_ID_VALID_BIT       0x1
261 #define STA_LPC_EXIT_THREAD_CALLED_BIT          0x2
262 #define STA_ADDRESS_SPACE_OWNER_BIT             0x4
263 #define STA_OWNS_WORKING_SET_BITS               0x1F8
264 
265 //
266 // Kernel Process flags (maybe in ketypes.h?)
267 //
268 #define KPSF_AUTO_ALIGNMENT_BIT                 0
269 #define KPSF_DISABLE_BOOST_BIT                  1
270 
271 //
272 // Process Flags
273 //
274 #define PSF_CREATE_REPORTED_BIT                 0x1
275 #define PSF_NO_DEBUG_INHERIT_BIT                0x2
276 #define PSF_PROCESS_EXITING_BIT                 0x4
277 #define PSF_PROCESS_DELETE_BIT                  0x8
278 #define PSF_WOW64_SPLIT_PAGES_BIT               0x10
279 #define PSF_VM_DELETED_BIT                      0x20
280 #define PSF_OUTSWAP_ENABLED_BIT                 0x40
281 #define PSF_OUTSWAPPED_BIT                      0x80
282 #define PSF_FORK_FAILED_BIT                     0x100
283 #define PSF_WOW64_VA_SPACE_4GB_BIT              0x200
284 #define PSF_ADDRESS_SPACE_INITIALIZED_BIT       0x400
285 #define PSF_SET_TIMER_RESOLUTION_BIT            0x1000
286 #define PSF_BREAK_ON_TERMINATION_BIT            0x2000
287 #define PSF_SESSION_CREATION_UNDERWAY_BIT       0x4000
288 #define PSF_WRITE_WATCH_BIT                     0x8000
289 #define PSF_PROCESS_IN_SESSION_BIT              0x10000
290 #define PSF_OVERRIDE_ADDRESS_SPACE_BIT          0x20000
291 #define PSF_HAS_ADDRESS_SPACE_BIT               0x40000
292 #define PSF_LAUNCH_PREFETCHED_BIT               0x80000
293 #define PSF_INJECT_INPAGE_ERRORS_BIT            0x100000
294 #define PSF_VM_TOP_DOWN_BIT                     0x200000
295 #define PSF_IMAGE_NOTIFY_DONE_BIT               0x400000
296 #define PSF_PDE_UPDATE_NEEDED_BIT               0x800000
297 #define PSF_VDM_ALLOWED_BIT                     0x1000000
298 #define PSF_SWAP_ALLOWED_BIT                    0x2000000
299 #define PSF_CREATE_FAILED_BIT                   0x4000000
300 #define PSF_DEFAULT_IO_PRIORITY_BIT             0x8000000
301 
302 //
303 // Vista Process Flags
304 //
305 #define PSF2_PROTECTED_BIT                      0x800
306 #endif
307 
308 //
309 // TLS/FLS Defines
310 //
311 #define TLS_EXPANSION_SLOTS                     1024
312 
313 #ifdef NTOS_MODE_USER
314 //
315 // Thread Native Base Priorities
316 //
317 #define LOW_PRIORITY                            0
318 #define LOW_REALTIME_PRIORITY                   16
319 #define HIGH_PRIORITY                           31
320 #define MAXIMUM_PRIORITY                        32
321 
322 //
323 // Current Process/Thread built-in 'special' handles
324 //
325 #define NtCurrentProcess()                      ((HANDLE)(LONG_PTR)-1)
326 #define ZwCurrentProcess()                      NtCurrentProcess()
327 #define NtCurrentThread()                       ((HANDLE)(LONG_PTR)-2)
328 #define ZwCurrentThread()                       NtCurrentThread()
329 
330 //
331 // Process/Thread/Job Information Classes for NtQueryInformationProcess/Thread/Job
332 //
333 typedef enum _PROCESSINFOCLASS
334 {
335     ProcessBasicInformation,
336     ProcessQuotaLimits,
337     ProcessIoCounters,
338     ProcessVmCounters,
339     ProcessTimes,
340     ProcessBasePriority,
341     ProcessRaisePriority,
342     ProcessDebugPort,
343     ProcessExceptionPort,
344     ProcessAccessToken,
345     ProcessLdtInformation,
346     ProcessLdtSize,
347     ProcessDefaultHardErrorMode,
348     ProcessIoPortHandlers,
349     ProcessPooledUsageAndLimits,
350     ProcessWorkingSetWatch,
351     ProcessUserModeIOPL,
352     ProcessEnableAlignmentFaultFixup,
353     ProcessPriorityClass,
354     ProcessWx86Information,
355     ProcessHandleCount,
356     ProcessAffinityMask,
357     ProcessPriorityBoost,
358     ProcessDeviceMap,
359     ProcessSessionInformation,
360     ProcessForegroundInformation,
361     ProcessWow64Information,
362     ProcessImageFileName,
363     ProcessLUIDDeviceMapsEnabled,
364     ProcessBreakOnTermination,
365     ProcessDebugObjectHandle,
366     ProcessDebugFlags,
367     ProcessHandleTracing,
368     ProcessIoPriority,
369     ProcessExecuteFlags,
370     ProcessTlsInformation,
371     ProcessCookie,
372     ProcessImageInformation,
373     ProcessCycleTime,
374     ProcessPagePriority,
375     ProcessInstrumentationCallback,
376     ProcessThreadStackAllocation,
377     ProcessWorkingSetWatchEx,
378     ProcessImageFileNameWin32,
379     ProcessImageFileMapping,
380     ProcessAffinityUpdateMode,
381     ProcessMemoryAllocationMode,
382     MaxProcessInfoClass
383 } PROCESSINFOCLASS;
384 
385 typedef enum _THREADINFOCLASS
386 {
387     ThreadBasicInformation,
388     ThreadTimes,
389     ThreadPriority,
390     ThreadBasePriority,
391     ThreadAffinityMask,
392     ThreadImpersonationToken,
393     ThreadDescriptorTableEntry,
394     ThreadEnableAlignmentFaultFixup,
395     ThreadEventPair_Reusable,
396     ThreadQuerySetWin32StartAddress,
397     ThreadZeroTlsCell,
398     ThreadPerformanceCount,
399     ThreadAmILastThread,
400     ThreadIdealProcessor,
401     ThreadPriorityBoost,
402     ThreadSetTlsArrayAddress,
403     ThreadIsIoPending,
404     ThreadHideFromDebugger,
405     ThreadBreakOnTermination,
406     ThreadSwitchLegacyState,
407     ThreadIsTerminated,
408     ThreadLastSystemCall,
409     ThreadIoPriority,
410     ThreadCycleTime,
411     ThreadPagePriority,
412     ThreadActualBasePriority,
413     ThreadTebInformation,
414     ThreadCSwitchMon,
415     MaxThreadInfoClass
416 } THREADINFOCLASS;
417 
418 #else
419 
420 typedef enum _PSPROCESSPRIORITYMODE
421 {
422     PsProcessPriorityForeground,
423     PsProcessPriorityBackground,
424     PsProcessPrioritySpinning
425 } PSPROCESSPRIORITYMODE;
426 
427 typedef enum _JOBOBJECTINFOCLASS
428 {
429     JobObjectBasicAccountingInformation = 1,
430     JobObjectBasicLimitInformation,
431     JobObjectBasicProcessIdList,
432     JobObjectBasicUIRestrictions,
433     JobObjectSecurityLimitInformation,
434     JobObjectEndOfJobTimeInformation,
435     JobObjectAssociateCompletionPortInformation,
436     JobObjectBasicAndIoAccountingInformation,
437     JobObjectExtendedLimitInformation,
438     JobObjectJobSetInformation,
439     MaxJobObjectInfoClass
440 } JOBOBJECTINFOCLASS;
441 
442 //
443 // Power Event Events for Win32K Power Event Callback
444 //
445 typedef enum _PSPOWEREVENTTYPE
446 {
447     PsW32FullWake = 0,
448     PsW32EventCode = 1,
449     PsW32PowerPolicyChanged = 2,
450     PsW32SystemPowerState = 3,
451     PsW32SystemTime = 4,
452     PsW32DisplayState = 5,
453     PsW32CapabilitiesChanged = 6,
454     PsW32SetStateFailed = 7,
455     PsW32GdiOff = 8,
456     PsW32GdiOn = 9,
457     PsW32GdiPrepareResumeUI = 10,
458     PsW32GdiOffRequest = 11,
459     PsW32MonitorOff = 12,
460 } PSPOWEREVENTTYPE;
461 
462 //
463 // Power State Tasks for Win32K Power State Callback
464 //
465 typedef enum _POWERSTATETASK
466 {
467     PowerState_BlockSessionSwitch = 0,
468     PowerState_Init = 1,
469     PowerState_QueryApps = 2,
470     PowerState_QueryServices = 3,
471     PowerState_QueryAppsFailed = 4,
472     PowerState_QueryServicesFailed = 5,
473     PowerState_SuspendApps = 6,
474     PowerState_SuspendServices = 7,
475     PowerState_ShowUI = 8,
476     PowerState_NotifyWL = 9,
477     PowerState_ResumeApps = 10,
478     PowerState_ResumeServices = 11,
479     PowerState_UnBlockSessionSwitch = 12,
480     PowerState_End = 13,
481     PowerState_BlockInput = 14,
482     PowerState_UnblockInput = 15,
483 } POWERSTATETASK;
484 
485 //
486 // Win32K Job Callback Types
487 //
488 typedef enum _PSW32JOBCALLOUTTYPE
489 {
490    PsW32JobCalloutSetInformation = 0,
491    PsW32JobCalloutAddProcess = 1,
492    PsW32JobCalloutTerminate = 2,
493 } PSW32JOBCALLOUTTYPE;
494 
495 //
496 // Win32K Thread Callback Types
497 //
498 typedef enum _PSW32THREADCALLOUTTYPE
499 {
500     PsW32ThreadCalloutInitialize,
501     PsW32ThreadCalloutExit,
502 } PSW32THREADCALLOUTTYPE;
503 
504 //
505 // Declare empty structure definitions so that they may be referenced by
506 // routines before they are defined
507 //
508 struct _W32THREAD;
509 struct _W32PROCESS;
510 //struct _ETHREAD;
511 struct _WIN32_POWEREVENT_PARAMETERS;
512 struct _WIN32_POWERSTATE_PARAMETERS;
513 struct _WIN32_JOBCALLOUT_PARAMETERS;
514 struct _WIN32_OPENMETHOD_PARAMETERS;
515 struct _WIN32_OKAYTOCLOSEMETHOD_PARAMETERS;
516 struct _WIN32_CLOSEMETHOD_PARAMETERS;
517 struct _WIN32_DELETEMETHOD_PARAMETERS;
518 struct _WIN32_PARSEMETHOD_PARAMETERS;
519 
520 //
521 // Win32K Process and Thread Callbacks
522 //
523 typedef
524 NTSTATUS
525 (NTAPI *PKWIN32_PROCESS_CALLOUT)(
526     _In_ struct _EPROCESS *Process,
527     _In_ BOOLEAN Create
528 );
529 
530 typedef
531 NTSTATUS
532 (NTAPI *PKWIN32_THREAD_CALLOUT)(
533     _In_ struct _ETHREAD *Thread,
534     _In_ PSW32THREADCALLOUTTYPE Type
535 );
536 
537 typedef
538 NTSTATUS
539 (NTAPI *PKWIN32_GLOBALATOMTABLE_CALLOUT)(
540     VOID
541 );
542 
543 typedef
544 NTSTATUS
545 (NTAPI *PKWIN32_POWEREVENT_CALLOUT)(
546     _In_ struct _WIN32_POWEREVENT_PARAMETERS *Parameters
547 );
548 
549 typedef
550 NTSTATUS
551 (NTAPI *PKWIN32_POWERSTATE_CALLOUT)(
552     _In_ struct _WIN32_POWERSTATE_PARAMETERS *Parameters
553 );
554 
555 typedef
556 NTSTATUS
557 (NTAPI *PKWIN32_JOB_CALLOUT)(
558     _In_ struct _WIN32_JOBCALLOUT_PARAMETERS *Parameters
559 );
560 
561 typedef
562 NTSTATUS
563 (NTAPI *PGDI_BATCHFLUSH_ROUTINE)(
564     VOID
565 );
566 
567 typedef
568 NTSTATUS
569 (NTAPI *PKWIN32_OPENMETHOD_CALLOUT)(
570     _In_ struct _WIN32_OPENMETHOD_PARAMETERS *Parameters
571 );
572 
573 typedef
574 NTSTATUS
575 (NTAPI *PKWIN32_OKTOCLOSEMETHOD_CALLOUT)(
576     _In_ struct _WIN32_OKAYTOCLOSEMETHOD_PARAMETERS *Parameters
577 );
578 
579 typedef
580 NTSTATUS
581 (NTAPI *PKWIN32_CLOSEMETHOD_CALLOUT)(
582     _In_ struct _WIN32_CLOSEMETHOD_PARAMETERS *Parameters
583 );
584 
585 typedef
586 NTSTATUS
587 (NTAPI *PKWIN32_DELETEMETHOD_CALLOUT)(
588     _In_ struct _WIN32_DELETEMETHOD_PARAMETERS *Parameters
589 );
590 
591 typedef
592 NTSTATUS
593 (NTAPI *PKWIN32_PARSEMETHOD_CALLOUT)(
594     _In_ struct _WIN32_PARSEMETHOD_PARAMETERS *Parameters
595 );
596 
597 typedef
598 NTSTATUS
599 (NTAPI *PKWIN32_SESSION_CALLOUT)(
600     _In_ PVOID Parameter
601 );
602 
603 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
604 typedef
605 NTSTATUS
606 (NTAPI *PKWIN32_WIN32DATACOLLECTION_CALLOUT)(
607     _In_ struct _EPROCESS *Process,
608     _In_ PVOID Callback,
609     _In_ PVOID Context
610 );
611 #endif
612 
613 //
614 // Lego Callback
615 //
616 typedef
617 VOID
618 (NTAPI *PLEGO_NOTIFY_ROUTINE)(
619     _In_ PKTHREAD Thread
620 );
621 
622 #endif
623 
624 typedef NTSTATUS
625 (NTAPI *PPOST_PROCESS_INIT_ROUTINE)(
626     VOID
627 );
628 
629 //
630 // Descriptor Table Entry Definition
631 //
632 #if (_M_IX86)
633 #define _DESCRIPTOR_TABLE_ENTRY_DEFINED
634 typedef struct _DESCRIPTOR_TABLE_ENTRY
635 {
636     ULONG Selector;
637     LDT_ENTRY Descriptor;
638 } DESCRIPTOR_TABLE_ENTRY, *PDESCRIPTOR_TABLE_ENTRY;
639 #endif
640 
641 //
642 // PEB Lock Routine
643 //
644 typedef VOID
645 (NTAPI *PPEBLOCKROUTINE)(
646     PVOID PebLock
647 );
648 
649 //
650 // PEB Free Block Descriptor
651 //
652 typedef struct _PEB_FREE_BLOCK
653 {
654     struct _PEB_FREE_BLOCK* Next;
655     ULONG Size;
656 } PEB_FREE_BLOCK, *PPEB_FREE_BLOCK;
657 
658 //
659 // Initial PEB
660 //
661 typedef struct _INITIAL_PEB
662 {
663     BOOLEAN InheritedAddressSpace;
664     BOOLEAN ReadImageFileExecOptions;
665     BOOLEAN BeingDebugged;
666     union
667     {
668         BOOLEAN BitField;
669 #if (NTDDI_VERSION >= NTDDI_WS03)
670         struct
671         {
672             BOOLEAN ImageUsesLargePages:1;
673 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
674             BOOLEAN IsProtectedProcess:1;
675             BOOLEAN IsLegacyProcess:1;
676             BOOLEAN SpareBits:5;
677 #else
678             BOOLEAN SpareBits:7;
679 #endif
680         };
681 #else
682         BOOLEAN SpareBool;
683 #endif
684     };
685     HANDLE Mutant;
686 } INITIAL_PEB, *PINITIAL_PEB;
687 
688 //
689 // Initial TEB
690 //
691 typedef struct _INITIAL_TEB
692 {
693     PVOID PreviousStackBase;
694     PVOID PreviousStackLimit;
695     PVOID StackBase;
696     PVOID StackLimit;
697     PVOID AllocatedStackBase;
698 } INITIAL_TEB, *PINITIAL_TEB;
699 
700 //
701 // TEB Active Frame Structures
702 //
703 typedef struct _TEB_ACTIVE_FRAME_CONTEXT
704 {
705     ULONG Flags;
706     LPSTR FrameName;
707 } TEB_ACTIVE_FRAME_CONTEXT, *PTEB_ACTIVE_FRAME_CONTEXT;
708 typedef const struct _TEB_ACTIVE_FRAME_CONTEXT *PCTEB_ACTIVE_FRAME_CONTEXT;
709 
710 typedef struct _TEB_ACTIVE_FRAME_CONTEXT_EX
711 {
712     TEB_ACTIVE_FRAME_CONTEXT BasicContext;
713     PCSTR SourceLocation;
714 } TEB_ACTIVE_FRAME_CONTEXT_EX, *PTEB_ACTIVE_FRAME_CONTEXT_EX;
715 typedef const struct _TEB_ACTIVE_FRAME_CONTEXT_EX *PCTEB_ACTIVE_FRAME_CONTEXT_EX;
716 
717 typedef struct _TEB_ACTIVE_FRAME
718 {
719     ULONG Flags;
720     struct _TEB_ACTIVE_FRAME *Previous;
721     PCTEB_ACTIVE_FRAME_CONTEXT Context;
722 } TEB_ACTIVE_FRAME, *PTEB_ACTIVE_FRAME;
723 typedef const struct _TEB_ACTIVE_FRAME *PCTEB_ACTIVE_FRAME;
724 
725 typedef struct _TEB_ACTIVE_FRAME_EX
726 {
727     TEB_ACTIVE_FRAME BasicFrame;
728     PVOID ExtensionIdentifier;
729 } TEB_ACTIVE_FRAME_EX, *PTEB_ACTIVE_FRAME_EX;
730 typedef const struct _TEB_ACTIVE_FRAME_EX *PCTEB_ACTIVE_FRAME_EX;
731 
732 typedef struct _CLIENT_ID32
733 {
734     ULONG UniqueProcess;
735     ULONG UniqueThread;
736 } CLIENT_ID32, *PCLIENT_ID32;
737 
738 typedef struct _CLIENT_ID64
739 {
740     ULONG64 UniqueProcess;
741     ULONG64 UniqueThread;
742 } CLIENT_ID64, *PCLIENT_ID64;
743 
744 #if (NTDDI_VERSION < NTDDI_WS03)
745 typedef struct _Wx86ThreadState
746 {
747     PULONG  CallBx86Eip;
748     PVOID   DeallocationCpu;
749     BOOLEAN UseKnownWx86Dll;
750     CHAR    OleStubInvoked;
751 } Wx86ThreadState, *PWx86ThreadState;
752 #endif
753 
754 //
755 // PEB.AppCompatFlags
756 // Tag FLAG_MASK_KERNEL
757 //
758 typedef enum _APPCOMPAT_FLAGS
759 {
760     GetShortPathNameNT4 = 0x1,
761     GetDiskFreeSpace2GB = 0x8,
762     FTMFromCurrentAPI = 0x20,
763     DisallowCOMBindingNotifications = 0x40,
764     Ole32ValidatePointers = 0x80,
765     DisableCicero = 0x100,
766     Ole32EnableAsyncDocFile = 0x200,
767     EnableLegacyExceptionHandlinginOLE = 0x400,
768     DisableAdvanceRPCClientHardening = 0x800,
769     DisableMaybeNULLSizeisConsistencycheck = 0x1000,
770     DisableAdvancedRPCrangeCheck = 0x4000,
771     EnableLegacyExceptionHandlingInRPC = 0x8000,
772     EnableLegacyNTFSFlagsForDocfileOpens = 0x10000,
773     DisableNDRIIDConsistencyCheck = 0x20000,
774     UserDisableForwarderPatch = 0x40000,
775     DisableNewWMPAINTDispatchInOLE = 0x100000,
776     DoNotAddToCache = 0x80000000,
777 } APPCOMPAT_FLAGS;
778 
779 
780 //
781 // PEB.AppCompatFlagsUser.LowPart
782 // Tag FLAG_MASK_USER
783 //
784 typedef enum _APPCOMPAT_USERFLAGS
785 {
786     DisableAnimation = 0x1,
787     DisableKeyboardCues = 0x2,
788     No50StylebitsInSetWindowLong = 0x4,
789     DisableDrawPatternRect = 0x8,
790     MSShellDialog = 0x10,
791     NoDDETerminateDuringDestroy = 0x20,
792     GiveupForeground = 0x40,
793     AlwaysActiveMenus = 0x80,
794     NoMouseHideInEdit = 0x100,
795     NoGdiBatching = 0x200,
796     FontSubstitution = 0x400,
797     No50StylebitsInCreateWindow = 0x800,
798     NoCustomPaperSizes = 0x1000,
799     AllTheDdeHacks = 0x2000,
800     UseDefaultCharset = 0x4000,
801     NoCharDeadKey = 0x8000,
802     NoTryExceptForWindowProc = 0x10000,
803     NoInitInsertReplaceFlags = 0x20000,
804     NoDdeSync = 0x40000,
805     NoGhost = 0x80000,
806     NoDdeAsyncReg = 0x100000,
807     StrictLLHook = 0x200000,
808     NoShadow = 0x400000,
809     NoTimerCallbackProtection = 0x1000000,
810     HighDpiAware = 0x2000000,
811     OpenGLEmfAware = 0x4000000,
812     EnableTransparantBltMirror = 0x8000000,
813     NoPaddedBorder = 0x10000000,
814     ForceLegacyResizeCM = 0x20000000,
815     HardwareAudioMixer = 0x40000000,
816     DisableSWCursorOnMoveSize = 0x80000000,
817 #if 0
818     DisableWindowArrangement = 0x100000000,
819     ReorderWaveForCommunications = 0x200000000,
820     NoGdiHwAcceleration = 0x400000000,
821 #endif
822 } APPCOMPAT_USERFLAGS;
823 
824 //
825 // PEB.AppCompatFlagsUser.HighPart
826 // Tag FLAG_MASK_USER
827 //
828 typedef enum _APPCOMPAT_USERFLAGS_HIGHPART
829 {
830     DisableWindowArrangement = 0x1,
831     ReorderWaveForCommunications = 0x2,
832     NoGdiHwAcceleration = 0x4,
833 } APPCOMPAT_USERFLAGS_HIGHPART;
834 
835 //
836 // Process Environment Block (PEB)
837 // Thread Environment Block (TEB)
838 //
839 #include "peb_teb.h"
840 
841 #ifdef _WIN64
842 //
843 // Explicit 32 bit PEB/TEB
844 //
845 #define EXPLICIT_32BIT
846 #include "peb_teb.h"
847 #undef EXPLICIT_32BIT
848 
849 //
850 // Explicit 64 bit PEB/TEB
851 //
852 #define EXPLICIT_64BIT
853 #include "peb_teb.h"
854 #undef EXPLICIT_64BIT
855 #endif
856 
857 #ifdef NTOS_MODE_USER
858 
859 //
860 // Process Information Structures for NtQueryProcessInformation
861 //
862 typedef struct _PROCESS_BASIC_INFORMATION
863 {
864     NTSTATUS ExitStatus;
865     PPEB PebBaseAddress;
866     ULONG_PTR AffinityMask;
867     KPRIORITY BasePriority;
868     ULONG_PTR UniqueProcessId;
869     ULONG_PTR InheritedFromUniqueProcessId;
870 } PROCESS_BASIC_INFORMATION, *PPROCESS_BASIC_INFORMATION;
871 
872 typedef struct _PROCESS_ACCESS_TOKEN
873 {
874     HANDLE Token;
875     HANDLE Thread;
876 } PROCESS_ACCESS_TOKEN, *PPROCESS_ACCESS_TOKEN;
877 
878 typedef struct _PROCESS_DEVICEMAP_INFORMATION
879 {
880     union
881     {
882         struct
883         {
884             HANDLE DirectoryHandle;
885         } Set;
886         struct
887         {
888             ULONG DriveMap;
889             UCHAR DriveType[32];
890         } Query;
891     };
892 } PROCESS_DEVICEMAP_INFORMATION, *PPROCESS_DEVICEMAP_INFORMATION;
893 
894 typedef struct _KERNEL_USER_TIMES
895 {
896     LARGE_INTEGER CreateTime;
897     LARGE_INTEGER ExitTime;
898     LARGE_INTEGER KernelTime;
899     LARGE_INTEGER UserTime;
900 } KERNEL_USER_TIMES, *PKERNEL_USER_TIMES;
901 
902 typedef struct _POOLED_USAGE_AND_LIMITS
903 {
904     SIZE_T PeakPagedPoolUsage;
905     SIZE_T PagedPoolUsage;
906     SIZE_T PagedPoolLimit;
907     SIZE_T PeakNonPagedPoolUsage;
908     SIZE_T NonPagedPoolUsage;
909     SIZE_T NonPagedPoolLimit;
910     SIZE_T PeakPagefileUsage;
911     SIZE_T PagefileUsage;
912     SIZE_T PagefileLimit;
913 } POOLED_USAGE_AND_LIMITS, *PPOOLED_USAGE_AND_LIMITS;
914 
915 typedef struct _PROCESS_WS_WATCH_INFORMATION
916 {
917     PVOID FaultingPc;
918     PVOID FaultingVa;
919 } PROCESS_WS_WATCH_INFORMATION, *PPROCESS_WS_WATCH_INFORMATION;
920 
921 typedef struct _PROCESS_SESSION_INFORMATION
922 {
923     ULONG SessionId;
924 } PROCESS_SESSION_INFORMATION, *PPROCESS_SESSION_INFORMATION;
925 
926 typedef struct _PROCESS_HANDLE_TRACING_ENTRY
927 {
928     HANDLE Handle;
929     CLIENT_ID ClientId;
930     ULONG Type;
931     PVOID Stacks[PROCESS_HANDLE_TRACING_MAX_STACKS];
932 } PROCESS_HANDLE_TRACING_ENTRY, *PPROCESS_HANDLE_TRACING_ENTRY;
933 
934 typedef struct _PROCESS_HANDLE_TRACING_QUERY
935 {
936     HANDLE Handle;
937     ULONG TotalTraces;
938     PROCESS_HANDLE_TRACING_ENTRY HandleTrace[ANYSIZE_ARRAY];
939 } PROCESS_HANDLE_TRACING_QUERY, *PPROCESS_HANDLE_TRACING_QUERY;
940 
941 #endif
942 
943 typedef struct _PROCESS_LDT_INFORMATION
944 {
945     ULONG Start;
946     ULONG Length;
947     LDT_ENTRY LdtEntries[ANYSIZE_ARRAY];
948 } PROCESS_LDT_INFORMATION, *PPROCESS_LDT_INFORMATION;
949 
950 typedef struct _PROCESS_LDT_SIZE
951 {
952     ULONG Length;
953 } PROCESS_LDT_SIZE, *PPROCESS_LDT_SIZE;
954 
955 typedef struct _PROCESS_PRIORITY_CLASS
956 {
957     BOOLEAN Foreground;
958     UCHAR PriorityClass;
959 } PROCESS_PRIORITY_CLASS, *PPROCESS_PRIORITY_CLASS;
960 
961 // Compatibility with windows, see CORE-16757, CORE-17106, CORE-17247
962 C_ASSERT(sizeof(PROCESS_PRIORITY_CLASS) == 2);
963 
964 typedef struct _PROCESS_FOREGROUND_BACKGROUND
965 {
966     BOOLEAN Foreground;
967 } PROCESS_FOREGROUND_BACKGROUND, *PPROCESS_FOREGROUND_BACKGROUND;
968 
969 //
970 // Apphelp SHIM Cache
971 //
972 typedef enum _APPHELPCACHESERVICECLASS
973 {
974     ApphelpCacheServiceLookup = 0,
975     ApphelpCacheServiceRemove = 1,
976     ApphelpCacheServiceUpdate = 2,
977     ApphelpCacheServiceFlush = 3,
978     ApphelpCacheServiceDump = 4,
979 
980     ApphelpDBGReadRegistry = 0x100,
981     ApphelpDBGWriteRegistry = 0x101,
982 } APPHELPCACHESERVICECLASS;
983 
984 
985 typedef struct _APPHELP_CACHE_SERVICE_LOOKUP
986 {
987     UNICODE_STRING ImageName;
988     HANDLE ImageHandle;
989 } APPHELP_CACHE_SERVICE_LOOKUP, *PAPPHELP_CACHE_SERVICE_LOOKUP;
990 
991 
992 //
993 // Thread Information Structures for NtQueryProcessInformation
994 //
995 typedef struct _THREAD_BASIC_INFORMATION
996 {
997     NTSTATUS ExitStatus;
998     PVOID TebBaseAddress;
999     CLIENT_ID ClientId;
1000     KAFFINITY AffinityMask;
1001     KPRIORITY Priority;
1002     KPRIORITY BasePriority;
1003 } THREAD_BASIC_INFORMATION, *PTHREAD_BASIC_INFORMATION;
1004 
1005 #ifndef NTOS_MODE_USER
1006 
1007 //
1008 // Job Set Array
1009 //
1010 typedef struct _JOB_SET_ARRAY
1011 {
1012     HANDLE JobHandle;
1013     ULONG MemberLevel;
1014     ULONG Flags;
1015 } JOB_SET_ARRAY, *PJOB_SET_ARRAY;
1016 
1017 //
1018 // Process Quota Type
1019 //
1020 typedef enum _PS_QUOTA_TYPE
1021 {
1022     PsNonPagedPool = 0,
1023     PsPagedPool,
1024     PsPageFile,
1025 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1026     PsWorkingSet,
1027 #endif
1028 #if (NTDDI_VERSION == NTDDI_LONGHORN)
1029     PsCpuRate,
1030 #endif
1031     PsQuotaTypes
1032 } PS_QUOTA_TYPE;
1033 
1034 //
1035 // EPROCESS Quota Structures
1036 //
1037 typedef struct _EPROCESS_QUOTA_ENTRY
1038 {
1039     SIZE_T Usage;
1040     SIZE_T Limit;
1041     SIZE_T Peak;
1042     SIZE_T Return;
1043 } EPROCESS_QUOTA_ENTRY, *PEPROCESS_QUOTA_ENTRY;
1044 
1045 typedef struct _EPROCESS_QUOTA_BLOCK
1046 {
1047     EPROCESS_QUOTA_ENTRY QuotaEntry[PsQuotaTypes];
1048     LIST_ENTRY QuotaList;
1049     ULONG ReferenceCount;
1050     ULONG ProcessCount;
1051 } EPROCESS_QUOTA_BLOCK, *PEPROCESS_QUOTA_BLOCK;
1052 
1053 //
1054 // Process Pagefault History
1055 //
1056 typedef struct _PAGEFAULT_HISTORY
1057 {
1058     ULONG CurrentIndex;
1059     ULONG MapIndex;
1060     KSPIN_LOCK SpinLock;
1061     PVOID Reserved;
1062     PROCESS_WS_WATCH_INFORMATION WatchInfo[1];
1063 } PAGEFAULT_HISTORY, *PPAGEFAULT_HISTORY;
1064 
1065 //
1066 // Process Impersonation Information
1067 //
1068 typedef struct _PS_IMPERSONATION_INFORMATION
1069 {
1070     PACCESS_TOKEN Token;
1071     BOOLEAN CopyOnOpen;
1072     BOOLEAN EffectiveOnly;
1073     SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
1074 } PS_IMPERSONATION_INFORMATION, *PPS_IMPERSONATION_INFORMATION;
1075 
1076 //
1077 // Process Termination Port
1078 //
1079 typedef struct _TERMINATION_PORT
1080 {
1081     struct _TERMINATION_PORT *Next;
1082     PVOID Port;
1083 } TERMINATION_PORT, *PTERMINATION_PORT;
1084 
1085 //
1086 // Per-Process APC Rate Limiting
1087 //
1088 typedef struct _PSP_RATE_APC
1089 {
1090     union
1091     {
1092         SINGLE_LIST_ENTRY NextApc;
1093         ULONGLONG ExcessCycles;
1094     };
1095     ULONGLONG TargetGEneration;
1096     KAPC RateApc;
1097 } PSP_RATE_APC, *PPSP_RATE_APC;
1098 
1099 //
1100 // Executive Thread (ETHREAD)
1101 //
1102 typedef struct _ETHREAD
1103 {
1104     KTHREAD Tcb;
1105     LARGE_INTEGER CreateTime;
1106     union
1107     {
1108         LARGE_INTEGER ExitTime;
1109         LIST_ENTRY LpcReplyChain;
1110         LIST_ENTRY KeyedWaitChain;
1111     };
1112     union
1113     {
1114         NTSTATUS ExitStatus;
1115         PVOID OfsChain;
1116     };
1117     LIST_ENTRY PostBlockList;
1118     union
1119     {
1120         struct _TERMINATION_PORT *TerminationPort;
1121         struct _ETHREAD *ReaperLink;
1122         PVOID KeyedWaitValue;
1123 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1124         PVOID Win32StartParameter;
1125 #endif
1126     };
1127     KSPIN_LOCK ActiveTimerListLock;
1128     LIST_ENTRY ActiveTimerListHead;
1129     CLIENT_ID Cid;
1130 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1131     KSEMAPHORE KeyedWaitSemaphore;
1132 #else
1133     union
1134     {
1135         KSEMAPHORE LpcReplySemaphore;
1136         KSEMAPHORE KeyedWaitSemaphore;
1137     };
1138     union
1139     {
1140         PVOID LpcReplyMessage;
1141         PVOID LpcWaitingOnPort;
1142     };
1143 #endif
1144     PPS_IMPERSONATION_INFORMATION ImpersonationInfo;
1145     LIST_ENTRY IrpList;
1146     ULONG_PTR TopLevelIrp;
1147     PDEVICE_OBJECT DeviceToVerify;
1148 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1149     PPSP_RATE_APC RateControlApc;
1150 #else
1151     struct _EPROCESS *ThreadsProcess;
1152 #endif
1153     PVOID Win32StartAddress;
1154     union
1155     {
1156         PKSTART_ROUTINE StartAddress;
1157         ULONG LpcReceivedMessageId;
1158     };
1159     LIST_ENTRY ThreadListEntry;
1160     EX_RUNDOWN_REF RundownProtect;
1161     EX_PUSH_LOCK ThreadLock;
1162 #if (NTDDI_VERSION < NTDDI_LONGHORN)
1163     ULONG LpcReplyMessageId;
1164 #endif
1165     ULONG ReadClusterSize;
1166 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1167     ULONG SpareUlong0;
1168 #else
1169     ACCESS_MASK GrantedAccess;
1170 #endif
1171     union
1172     {
1173         struct
1174         {
1175            ULONG Terminated:1;
1176 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1177            ULONG ThreadInserted:1;
1178 #else
1179            ULONG DeadThread:1;
1180 #endif
1181            ULONG HideFromDebugger:1;
1182            ULONG ActiveImpersonationInfo:1;
1183            ULONG SystemThread:1;
1184            ULONG HardErrorsAreDisabled:1;
1185            ULONG BreakOnTermination:1;
1186            ULONG SkipCreationMsg:1;
1187            ULONG SkipTerminationMsg:1;
1188 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1189            ULONG CreateMsgSent:1;
1190            ULONG ThreadIoPriority:3;
1191            ULONG ThreadPagePriority:3;
1192            ULONG PendingRatecontrol:1;
1193 #endif
1194         };
1195         ULONG CrossThreadFlags;
1196     };
1197     union
1198     {
1199         struct
1200         {
1201            ULONG ActiveExWorker:1;
1202            ULONG ExWorkerCanWaitUser:1;
1203            ULONG MemoryMaker:1;
1204            ULONG KeyedEventInUse:1;
1205 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1206            ULONG RateApcState:2;
1207 #endif
1208         };
1209         ULONG SameThreadPassiveFlags;
1210     };
1211     union
1212     {
1213         struct
1214         {
1215            ULONG LpcReceivedMsgIdValid:1;
1216            ULONG LpcExitThreadCalled:1;
1217 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1218            ULONG Spare:1;
1219 #else
1220            ULONG AddressSpaceOwner:1;
1221 #endif
1222            ULONG OwnsProcessWorkingSetExclusive:1;
1223            ULONG OwnsProcessWorkingSetShared:1;
1224            ULONG OwnsSystemWorkingSetExclusive:1;
1225            ULONG OwnsSystemWorkingSetShared:1;
1226            ULONG OwnsSessionWorkingSetExclusive:1;
1227            ULONG OwnsSessionWorkingSetShared:1;
1228 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1229            ULONG SuppressSymbolLoad:1;
1230            ULONG Spare1:3;
1231            ULONG PriorityRegionActive:4;
1232 #else
1233            ULONG ApcNeeded:1;
1234 #endif
1235         };
1236         ULONG SameThreadApcFlags;
1237     };
1238 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1239     UCHAR CacheManagerActive;
1240 #else
1241     UCHAR ForwardClusterOnly;
1242 #endif
1243     UCHAR DisablePageFaultClustering;
1244     UCHAR ActiveFaultCount;
1245 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1246     ULONG AlpcMessageId;
1247     union
1248     {
1249         PVOID AlpcMessage;
1250         ULONG AlpcReceiveAttributeSet;
1251     };
1252     LIST_ENTRY AlpcWaitListEntry;
1253     KSEMAPHORE AlpcWaitSemaphore;
1254     ULONG CacheManagerCount;
1255 #endif
1256 } ETHREAD;
1257 
1258 //
1259 // Executive Process (EPROCESS)
1260 //
1261 typedef struct _EPROCESS
1262 {
1263     KPROCESS Pcb;
1264     EX_PUSH_LOCK ProcessLock;
1265     LARGE_INTEGER CreateTime;
1266     LARGE_INTEGER ExitTime;
1267     EX_RUNDOWN_REF RundownProtect;
1268     HANDLE UniqueProcessId;
1269     LIST_ENTRY ActiveProcessLinks;
1270     SIZE_T QuotaUsage[PsQuotaTypes];
1271     SIZE_T QuotaPeak[PsQuotaTypes];
1272     SIZE_T CommitCharge;
1273     SIZE_T PeakVirtualSize;
1274     SIZE_T VirtualSize;
1275     LIST_ENTRY SessionProcessLinks;
1276     PVOID DebugPort;
1277 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1278     union
1279     {
1280         PVOID ExceptionPortData;
1281         ULONG ExceptionPortValue;
1282         UCHAR ExceptionPortState:3;
1283     };
1284 #else
1285     PVOID ExceptionPort;
1286 #endif
1287     PHANDLE_TABLE ObjectTable;
1288     EX_FAST_REF Token;
1289     PFN_NUMBER WorkingSetPage;
1290 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1291     EX_PUSH_LOCK AddressCreationLock;
1292     PETHREAD RotateInProgress;
1293 #else
1294     KGUARDED_MUTEX AddressCreationLock;
1295     KSPIN_LOCK HyperSpaceLock;
1296 #endif
1297     PETHREAD ForkInProgress;
1298     ULONG_PTR HardwareTrigger;
1299     PMM_AVL_TABLE PhysicalVadRoot;
1300     PVOID CloneRoot;
1301     PFN_NUMBER NumberOfPrivatePages;
1302     PFN_NUMBER NumberOfLockedPages;
1303     PVOID *Win32Process;
1304     struct _EJOB *Job;
1305     PVOID SectionObject;
1306     PVOID SectionBaseAddress;
1307     PEPROCESS_QUOTA_BLOCK QuotaBlock;
1308     PPAGEFAULT_HISTORY WorkingSetWatch;
1309     PVOID Win32WindowStation;
1310     HANDLE InheritedFromUniqueProcessId;
1311     PVOID LdtInformation;
1312     PVOID VadFreeHint;
1313     PVOID VdmObjects;
1314     PVOID DeviceMap;
1315 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1316     PVOID EtwDataSource;
1317     PVOID FreeTebHint;
1318 #else
1319     PVOID Spare0[3];
1320 #endif
1321     union
1322     {
1323         HARDWARE_PTE PageDirectoryPte;
1324         ULONGLONG Filler;
1325     };
1326     PVOID Session;
1327     CHAR ImageFileName[16];
1328     LIST_ENTRY JobLinks;
1329     PVOID LockedPagesList;
1330     LIST_ENTRY ThreadListHead;
1331     PVOID SecurityPort;
1332 #ifdef _M_AMD64
1333     struct _WOW64_PROCESS *Wow64Process;
1334 #else
1335     PVOID PaeTop;
1336 #endif
1337     ULONG ActiveThreads;
1338 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1339     ULONG ImagePathHash;
1340 #else
1341     ACCESS_MASK GrantedAccess;
1342 #endif
1343     ULONG DefaultHardErrorProcessing;
1344     NTSTATUS LastThreadExitStatus;
1345     struct _PEB* Peb;
1346     EX_FAST_REF PrefetchTrace;
1347     LARGE_INTEGER ReadOperationCount;
1348     LARGE_INTEGER WriteOperationCount;
1349     LARGE_INTEGER OtherOperationCount;
1350     LARGE_INTEGER ReadTransferCount;
1351     LARGE_INTEGER WriteTransferCount;
1352     LARGE_INTEGER OtherTransferCount;
1353     SIZE_T CommitChargeLimit;
1354     SIZE_T CommitChargePeak;
1355     PVOID AweInfo;
1356     SE_AUDIT_PROCESS_CREATION_INFO SeAuditProcessCreationInfo;
1357     MMSUPPORT Vm;
1358 #ifdef _M_AMD64
1359     ULONG Spares[2];
1360 #else
1361     LIST_ENTRY MmProcessLinks;
1362 #endif
1363     ULONG ModifiedPageCount;
1364 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1365     union
1366     {
1367         struct
1368         {
1369             ULONG JobNotReallyActive:1;
1370             ULONG AccountingFolded:1;
1371             ULONG NewProcessReported:1;
1372             ULONG ExitProcessReported:1;
1373             ULONG ReportCommitChanges:1;
1374             ULONG LastReportMemory:1;
1375             ULONG ReportPhysicalPageChanges:1;
1376             ULONG HandleTableRundown:1;
1377             ULONG NeedsHandleRundown:1;
1378             ULONG RefTraceEnabled:1;
1379             ULONG NumaAware:1;
1380             ULONG ProtectedProcess:1;
1381             ULONG DefaultPagePriority:3;
1382             ULONG ProcessDeleteSelf:1;
1383             ULONG ProcessVerifierTarget:1;
1384         };
1385         ULONG Flags2;
1386     };
1387 #else
1388     ULONG JobStatus;
1389 #endif
1390     union
1391     {
1392         struct
1393         {
1394             ULONG CreateReported:1;
1395             ULONG NoDebugInherit:1;
1396             ULONG ProcessExiting:1;
1397             ULONG ProcessDelete:1;
1398             ULONG Wow64SplitPages:1;
1399             ULONG VmDeleted:1;
1400             ULONG OutswapEnabled:1;
1401             ULONG Outswapped:1;
1402             ULONG ForkFailed:1;
1403             ULONG Wow64VaSpace4Gb:1;
1404             ULONG AddressSpaceInitialized:2;
1405             ULONG SetTimerResolution:1;
1406             ULONG BreakOnTermination:1;
1407 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1408             ULONG DeprioritizeViews:1;
1409 #else
1410             ULONG SessionCreationUnderway:1;
1411 #endif
1412             ULONG WriteWatch:1;
1413             ULONG ProcessInSession:1;
1414             ULONG OverrideAddressSpace:1;
1415             ULONG HasAddressSpace:1;
1416             ULONG LaunchPrefetched:1;
1417             ULONG InjectInpageErrors:1;
1418             ULONG VmTopDown:1;
1419             ULONG ImageNotifyDone:1;
1420             ULONG PdeUpdateNeeded:1;
1421             ULONG VdmAllowed:1;
1422             ULONG SmapAllowed:1;
1423 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1424             ULONG ProcessInserted:1;
1425 #else
1426             ULONG CreateFailed:1;
1427 #endif
1428             ULONG DefaultIoPriority:3;
1429 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1430             ULONG SparePsFlags1:2;
1431 #else
1432             ULONG Spare1:1;
1433             ULONG Spare2:1;
1434 #endif
1435         };
1436         ULONG Flags;
1437     };
1438     NTSTATUS ExitStatus;
1439 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1440     USHORT Spare7;
1441 #else
1442     USHORT NextPageColor;
1443 #endif
1444     union
1445     {
1446         struct
1447         {
1448             UCHAR SubSystemMinorVersion;
1449             UCHAR SubSystemMajorVersion;
1450         };
1451         USHORT SubSystemVersion;
1452     };
1453     UCHAR PriorityClass;
1454     MM_AVL_TABLE VadRoot;
1455     ULONG Cookie;
1456 } EPROCESS;
1457 
1458 //
1459 // Job Token Filter Data
1460 //
1461 #include <pshpack1.h>
1462 typedef struct _PS_JOB_TOKEN_FILTER
1463 {
1464     ULONG CapturedSidCount;
1465     PSID_AND_ATTRIBUTES CapturedSids;
1466     ULONG CapturedSidsLength;
1467     ULONG CapturedGroupCount;
1468     PSID_AND_ATTRIBUTES CapturedGroups;
1469     ULONG CapturedGroupsLength;
1470     ULONG CapturedPrivilegeCount;
1471     PLUID_AND_ATTRIBUTES CapturedPrivileges;
1472     ULONG CapturedPrivilegesLength;
1473 } PS_JOB_TOKEN_FILTER, *PPS_JOB_TOKEN_FILTER;
1474 
1475 //
1476 // Executive Job (EJOB)
1477 //
1478 typedef struct _EJOB
1479 {
1480     KEVENT Event;
1481     LIST_ENTRY JobLinks;
1482     LIST_ENTRY ProcessListHead;
1483     ERESOURCE JobLock;
1484     LARGE_INTEGER TotalUserTime;
1485     LARGE_INTEGER TotalKernelTime;
1486     LARGE_INTEGER ThisPeriodTotalUserTime;
1487     LARGE_INTEGER ThisPeriodTotalKernelTime;
1488     ULONG TotalPageFaultCount;
1489     ULONG TotalProcesses;
1490     ULONG ActiveProcesses;
1491     ULONG TotalTerminatedProcesses;
1492     LARGE_INTEGER PerProcessUserTimeLimit;
1493     LARGE_INTEGER PerJobUserTimeLimit;
1494     ULONG LimitFlags;
1495     ULONG MinimumWorkingSetSize;
1496     ULONG MaximumWorkingSetSize;
1497     ULONG ActiveProcessLimit;
1498     ULONG Affinity;
1499     UCHAR PriorityClass;
1500     ULONG UIRestrictionsClass;
1501     ULONG SecurityLimitFlags;
1502     PVOID Token;
1503     PPS_JOB_TOKEN_FILTER Filter;
1504     ULONG EndOfJobTimeAction;
1505     PVOID CompletionPort;
1506     PVOID CompletionKey;
1507     ULONG SessionId;
1508     ULONG SchedulingClass;
1509     ULONGLONG ReadOperationCount;
1510     ULONGLONG WriteOperationCount;
1511     ULONGLONG OtherOperationCount;
1512     ULONGLONG ReadTransferCount;
1513     ULONGLONG WriteTransferCount;
1514     ULONGLONG OtherTransferCount;
1515     IO_COUNTERS IoInfo;
1516     ULONG ProcessMemoryLimit;
1517     ULONG JobMemoryLimit;
1518     ULONG PeakProcessMemoryUsed;
1519     ULONG PeakJobMemoryUsed;
1520     ULONG CurrentJobMemoryUsed;
1521 #if (NTDDI_VERSION >= NTDDI_WINXP) && (NTDDI_VERSION < NTDDI_WS03)
1522     FAST_MUTEX MemoryLimitsLock;
1523 #elif (NTDDI_VERSION >= NTDDI_WS03) && (NTDDI_VERSION < NTDDI_LONGHORN)
1524     KGUARDED_MUTEX MemoryLimitsLock;
1525 #elif (NTDDI_VERSION >= NTDDI_LONGHORN)
1526     EX_PUSH_LOCK MemoryLimitsLock;
1527 #endif
1528     LIST_ENTRY JobSetLinks;
1529     ULONG MemberLevel;
1530     ULONG JobFlags;
1531 } EJOB, *PEJOB;
1532 #include <poppack.h>
1533 
1534 //
1535 // Job Information Structures for NtQueryInformationJobObject
1536 //
1537 
1538 typedef struct _JOBOBJECT_BASIC_ACCOUNTING_INFORMATION
1539 {
1540     LARGE_INTEGER TotalUserTime;
1541     LARGE_INTEGER TotalKernelTime;
1542     LARGE_INTEGER ThisPeriodTotalUserTime;
1543     LARGE_INTEGER ThisPeriodTotalKernelTime;
1544     ULONG TotalPageFaultCount;
1545     ULONG TotalProcesses;
1546     ULONG ActiveProcesses;
1547     ULONG TotalTerminatedProcesses;
1548 } JOBOBJECT_BASIC_ACCOUNTING_INFORMATION, *PJOBOBJECT_BASIC_ACCOUNTING_INFORMATION;
1549 
1550 typedef struct _JOBOBJECT_BASIC_LIMIT_INFORMATION
1551 {
1552     LARGE_INTEGER PerProcessUserTimeLimit;
1553     LARGE_INTEGER PerJobUserTimeLimit;
1554     ULONG LimitFlags;
1555     SIZE_T MinimumWorkingSetSize;
1556     SIZE_T MaximumWorkingSetSize;
1557     ULONG ActiveProcessLimit;
1558     ULONG_PTR Affinity;
1559     ULONG PriorityClass;
1560     ULONG SchedulingClass;
1561 } JOBOBJECT_BASIC_LIMIT_INFORMATION, *PJOBOBJECT_BASIC_LIMIT_INFORMATION;
1562 
1563 typedef struct _JOBOBJECT_BASIC_PROCESS_ID_LIST
1564 {
1565     ULONG NumberOfAssignedProcesses;
1566     ULONG NumberOfProcessIdsInList;
1567     ULONG_PTR ProcessIdList[1];
1568 } JOBOBJECT_BASIC_PROCESS_ID_LIST, *PJOBOBJECT_BASIC_PROCESS_ID_LIST;
1569 
1570 typedef struct _JOBOBJECT_BASIC_UI_RESTRICTIONS
1571 {
1572     ULONG UIRestrictionsClass;
1573 } JOBOBJECT_BASIC_UI_RESTRICTIONS, *PJOBOBJECT_BASIC_UI_RESTRICTIONS;
1574 
1575 typedef struct _JOBOBJECT_SECURITY_LIMIT_INFORMATION
1576 {
1577     ULONG SecurityLimitFlags;
1578     HANDLE JobToken;
1579     PTOKEN_GROUPS SidsToDisable;
1580     PTOKEN_PRIVILEGES PrivilegesToDelete;
1581     PTOKEN_GROUPS RestrictedSids;
1582 } JOBOBJECT_SECURITY_LIMIT_INFORMATION, *PJOBOBJECT_SECURITY_LIMIT_INFORMATION;
1583 
1584 typedef struct _JOBOBJECT_END_OF_JOB_TIME_INFORMATION
1585 {
1586     ULONG EndOfJobTimeAction;
1587 } JOBOBJECT_END_OF_JOB_TIME_INFORMATION, PJOBOBJECT_END_OF_JOB_TIME_INFORMATION;
1588 
1589 typedef struct _JOBOBJECT_ASSOCIATE_COMPLETION_PORT
1590 {
1591     PVOID CompletionKey;
1592     HANDLE CompletionPort;
1593 } JOBOBJECT_ASSOCIATE_COMPLETION_PORT, *PJOBOBJECT_ASSOCIATE_COMPLETION_PORT;
1594 
1595 typedef struct JOBOBJECT_BASIC_AND_IO_ACCOUNTING_INFORMATION
1596 {
1597     JOBOBJECT_BASIC_ACCOUNTING_INFORMATION BasicInfo;
1598     IO_COUNTERS IoInfo;
1599 } JOBOBJECT_BASIC_AND_IO_ACCOUNTING_INFORMATION, *PJOBOBJECT_BASIC_AND_IO_ACCOUNTING_INFORMATION;
1600 
1601 typedef struct _JOBOBJECT_EXTENDED_LIMIT_INFORMATION
1602 {
1603     JOBOBJECT_BASIC_LIMIT_INFORMATION BasicLimitInformation;
1604     IO_COUNTERS IoInfo;
1605     SIZE_T ProcessMemoryLimit;
1606     SIZE_T JobMemoryLimit;
1607     SIZE_T PeakProcessMemoryUsed;
1608     SIZE_T PeakJobMemoryUsed;
1609 } JOBOBJECT_EXTENDED_LIMIT_INFORMATION, *PJOBOBJECT_EXTENDED_LIMIT_INFORMATION;
1610 
1611 
1612 //
1613 // Win32K Callback Registration Data
1614 //
1615 typedef struct _WIN32_POWEREVENT_PARAMETERS
1616 {
1617     PSPOWEREVENTTYPE EventNumber;
1618     ULONG Code;
1619 } WIN32_POWEREVENT_PARAMETERS, *PWIN32_POWEREVENT_PARAMETERS;
1620 
1621 typedef struct _WIN32_POWERSTATE_PARAMETERS
1622 {
1623     UCHAR Promotion;
1624     POWER_ACTION SystemAction;
1625     SYSTEM_POWER_STATE MinSystemState;
1626     ULONG Flags;
1627     POWERSTATETASK PowerStateTask;
1628 } WIN32_POWERSTATE_PARAMETERS, *PWIN32_POWERSTATE_PARAMETERS;
1629 
1630 typedef struct _WIN32_JOBCALLOUT_PARAMETERS
1631 {
1632     PVOID Job;
1633     PSW32JOBCALLOUTTYPE CalloutType;
1634     PVOID Data;
1635 } WIN32_JOBCALLOUT_PARAMETERS, *PWIN32_JOBCALLOUT_PARAMETERS;
1636 
1637 typedef struct _WIN32_OPENMETHOD_PARAMETERS
1638 {
1639     OB_OPEN_REASON OpenReason;
1640     PEPROCESS Process;
1641     PVOID Object;
1642     ULONG GrantedAccess;
1643     ULONG HandleCount;
1644 } WIN32_OPENMETHOD_PARAMETERS, *PWIN32_OPENMETHOD_PARAMETERS;
1645 
1646 typedef struct _WIN32_OKAYTOCLOSEMETHOD_PARAMETERS
1647 {
1648     PEPROCESS Process;
1649     PVOID Object;
1650     HANDLE Handle;
1651     KPROCESSOR_MODE PreviousMode;
1652 } WIN32_OKAYTOCLOSEMETHOD_PARAMETERS, *PWIN32_OKAYTOCLOSEMETHOD_PARAMETERS;
1653 
1654 typedef struct _WIN32_CLOSEMETHOD_PARAMETERS
1655 {
1656     PEPROCESS Process;
1657     PVOID Object;
1658     ACCESS_MASK AccessMask;
1659     ULONG ProcessHandleCount;
1660     ULONG SystemHandleCount;
1661 } WIN32_CLOSEMETHOD_PARAMETERS, *PWIN32_CLOSEMETHOD_PARAMETERS;
1662 
1663 typedef struct _WIN32_DELETEMETHOD_PARAMETERS
1664 {
1665     PVOID Object;
1666 } WIN32_DELETEMETHOD_PARAMETERS, *PWIN32_DELETEMETHOD_PARAMETERS;
1667 
1668 typedef struct _WIN32_PARSEMETHOD_PARAMETERS
1669 {
1670     PVOID ParseObject;
1671     PVOID ObjectType;
1672     PACCESS_STATE AccessState;
1673     KPROCESSOR_MODE AccessMode;
1674     ULONG Attributes;
1675     _Out_ PUNICODE_STRING CompleteName;
1676     PUNICODE_STRING RemainingName;
1677     PVOID Context;
1678     PSECURITY_QUALITY_OF_SERVICE SecurityQos;
1679     PVOID *Object;
1680 } WIN32_PARSEMETHOD_PARAMETERS, *PWIN32_PARSEMETHOD_PARAMETERS;
1681 
1682 typedef struct _WIN32_CALLOUTS_FPNS
1683 {
1684     PKWIN32_PROCESS_CALLOUT ProcessCallout;
1685     PKWIN32_THREAD_CALLOUT ThreadCallout;
1686     PKWIN32_GLOBALATOMTABLE_CALLOUT GlobalAtomTableCallout;
1687     PKWIN32_POWEREVENT_CALLOUT PowerEventCallout;
1688     PKWIN32_POWERSTATE_CALLOUT PowerStateCallout;
1689     PKWIN32_JOB_CALLOUT JobCallout;
1690     PGDI_BATCHFLUSH_ROUTINE BatchFlushRoutine;
1691     PKWIN32_SESSION_CALLOUT DesktopOpenProcedure;
1692     PKWIN32_SESSION_CALLOUT DesktopOkToCloseProcedure;
1693     PKWIN32_SESSION_CALLOUT DesktopCloseProcedure;
1694     PKWIN32_SESSION_CALLOUT DesktopDeleteProcedure;
1695     PKWIN32_SESSION_CALLOUT WindowStationOkToCloseProcedure;
1696     PKWIN32_SESSION_CALLOUT WindowStationCloseProcedure;
1697     PKWIN32_SESSION_CALLOUT WindowStationDeleteProcedure;
1698     PKWIN32_SESSION_CALLOUT WindowStationParseProcedure;
1699     PKWIN32_SESSION_CALLOUT WindowStationOpenProcedure;
1700 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1701     PKWIN32_WIN32DATACOLLECTION_CALLOUT Win32DataCollectionProcedure;
1702 #endif
1703 } WIN32_CALLOUTS_FPNS, *PWIN32_CALLOUTS_FPNS;
1704 
1705 #endif // !NTOS_MODE_USER
1706 
1707 #ifdef __cplusplus
1708 }; // extern "C"
1709 #endif
1710 
1711 #endif // _PSTYPES_H
1712