1 /*++ NDK Version: 0098 2 3 Copyright (c) Alex Ionescu. All rights reserved. 4 5 Header Name: 6 7 ketypes.h 8 9 Abstract: 10 11 Type definitions for the Kernel services. 12 13 Author: 14 15 Alex Ionescu (alexi@tinykrnl.org) - Updated - 27-Feb-2006 16 17 --*/ 18 19 #ifndef _KETYPES_H 20 #define _KETYPES_H 21 22 // 23 // Dependencies 24 // 25 #include <umtypes.h> 26 #ifndef NTOS_MODE_USER 27 #include <haltypes.h> 28 #include <potypes.h> 29 #include <ifssupp.h> 30 #endif 31 32 // 33 // A system call ID is formatted as such: 34 // .________________________________________________________________. 35 // | 14 | 13 | 12 | 11 | 10 | 9 | 8 | 7 | 6 | 5 | 4 | 3 | 2 | 1 | 0 | 36 // |--------------|-------------------------------------------------| 37 // | TABLE NUMBER | TABLE OFFSET | 38 // \----------------------------------------------------------------/ 39 // 40 // The table number is then used as an index into the service descriptor table. 41 #define TABLE_NUMBER_BITS 1 42 #define TABLE_OFFSET_BITS 12 43 44 // 45 // There are 2 tables (kernel and shadow, used by Win32K) 46 // 47 #define NUMBER_SERVICE_TABLES 2 48 #define NTOS_SERVICE_INDEX 0 49 #define WIN32K_SERVICE_INDEX 1 50 51 // 52 // NB. From assembly code, the table number must be computed as an offset into 53 // the service descriptor table. 54 // 55 // Each entry into the table is 16 bytes long on 32-bit architectures, and 56 // 32 bytes long on 64-bit architectures. 57 // 58 // Thus, Table Number 1 is offset 16 (0x10) on x86, and offset 32 (0x20) on 59 // x64. 60 // 61 #ifdef _WIN64 62 #define BITS_PER_ENTRY 5 // (1 << 5) = 32 bytes 63 #else 64 #define BITS_PER_ENTRY 4 // (1 << 4) = 16 bytes 65 #endif 66 67 // 68 // We want the table number, but leave some extra bits to we can have the offset 69 // into the descriptor table. 70 // 71 #define SERVICE_TABLE_SHIFT (12 - BITS_PER_ENTRY) 72 73 // 74 // Now the table number (as an offset) is corrupted with part of the table offset 75 // This mask will remove the extra unwanted bits, and give us the offset into the 76 // descriptor table proper. 77 // 78 #define SERVICE_TABLE_MASK (((1 << TABLE_NUMBER_BITS) - 1) << BITS_PER_ENTRY) 79 80 // 81 // To get the table offset (ie: the service call number), just keep the 12 bits 82 // 83 #define SERVICE_NUMBER_MASK ((1 << TABLE_OFFSET_BITS) - 1) 84 85 // 86 // We'll often need to check if this is a graphics call. This is done by comparing 87 // the table number offset with the known Win32K table number offset. 88 // This is usually index 1, so table number offset 0x10 (x86) or 0x20 (x64) 89 // 90 #define SERVICE_TABLE_TEST (WIN32K_SERVICE_INDEX << BITS_PER_ENTRY) 91 92 // 93 // Context Record Flags 94 // 95 #define CONTEXT_DEBUGGER (CONTEXT_FULL | CONTEXT_FLOATING_POINT) 96 97 // 98 // Maximum System Descriptor Table Entries 99 // 100 #define SSDT_MAX_ENTRIES 2 101 102 // 103 // Processor Architectures 104 // 105 #define PROCESSOR_ARCHITECTURE_INTEL 0 106 #define PROCESSOR_ARCHITECTURE_MIPS 1 107 #define PROCESSOR_ARCHITECTURE_ALPHA 2 108 #define PROCESSOR_ARCHITECTURE_PPC 3 109 #define PROCESSOR_ARCHITECTURE_SHX 4 110 #define PROCESSOR_ARCHITECTURE_ARM 5 111 #define PROCESSOR_ARCHITECTURE_IA64 6 112 #define PROCESSOR_ARCHITECTURE_ALPHA64 7 113 #define PROCESSOR_ARCHITECTURE_MSIL 8 114 #define PROCESSOR_ARCHITECTURE_AMD64 9 115 #define PROCESSOR_ARCHITECTURE_UNKNOWN 0xFFFF 116 117 // 118 // Object Type Mask for Kernel Dispatcher Objects 119 // 120 #define KOBJECT_TYPE_MASK 0x7F 121 #define KOBJECT_LOCK_BIT 0x80 122 123 // 124 // Dispatcher Priority increments 125 // 126 #define THREAD_ALERT_INCREMENT 2 127 128 // 129 // Physical memory offset of KUSER_SHARED_DATA 130 // 131 #define KI_USER_SHARED_DATA_PHYSICAL 0x41000 132 133 // 134 // Quantum values and decrements 135 // 136 #define MAX_QUANTUM 0x7F 137 #define WAIT_QUANTUM_DECREMENT 1 138 #define CLOCK_QUANTUM_DECREMENT 3 139 140 // 141 // Kernel Feature Bits 142 // 143 #define KF_V86_VIS 0x00000001 144 #define KF_RDTSC 0x00000002 145 #define KF_CR4 0x00000004 146 #define KF_CMOV 0x00000008 147 #define KF_GLOBAL_PAGE 0x00000010 148 #define KF_LARGE_PAGE 0x00000020 149 #define KF_MTRR 0x00000040 150 #define KF_CMPXCHG8B 0x00000080 151 #define KF_MMX 0x00000100 152 #define KF_WORKING_PTE 0x00000200 153 #define KF_PAT 0x00000400 154 #define KF_FXSR 0x00000800 155 #define KF_FAST_SYSCALL 0x00001000 156 #define KF_XMMI 0x00002000 157 #define KF_3DNOW 0x00004000 158 #define KF_AMDK6MTRR 0x00008000 159 #define KF_XMMI64 0x00010000 160 #define KF_DTS 0x00020000 161 #define KF_BRANCH 0x00020000 // from ksamd64.inc 162 #define KF_SSE3 0x00080000 163 #define KF_CMPXCHG16B 0x00100000 164 #define KF_XSTATE 0x00800000 // from ks386.inc, ksamd64.inc 165 #define KF_NX_BIT 0x20000000 166 #define KF_NX_DISABLED 0x40000000 167 #define KF_NX_ENABLED 0x80000000 168 169 #define KF_XSAVEOPT_BIT 15 170 #define KF_XSTATE_BIT 23 171 #define KF_RDWRFSGSBASE_BIT 28 172 173 // 174 // Internal Exception Codes 175 // 176 #define KI_EXCEPTION_INTERNAL 0x10000000 177 #define KI_EXCEPTION_ACCESS_VIOLATION (KI_EXCEPTION_INTERNAL | 0x04) 178 179 typedef struct _FIBER /* Field offsets: */ 180 { /* i386 arm x64 */ 181 PVOID FiberData; /* 0x000 0x000 0x000 */ 182 struct _EXCEPTION_REGISTRATION_RECORD *ExceptionList;/* 0x004 0x004 0x008 */ 183 PVOID StackBase; /* 0x008 0x008 0x010 */ 184 PVOID StackLimit; /* 0x00C 0x00C 0x018 */ 185 PVOID DeallocationStack; /* 0x010 0x010 0x020 */ 186 CONTEXT FiberContext; /* 0x014 0x018 0x030 */ 187 #if (NTDDI_VERSION >= NTDDI_LONGHORN) 188 PVOID Wx86Tib; /* 0x2E0 0x1b8 0x500 */ 189 struct _ACTIVATION_CONTEXT_STACK *ActivationContextStackPointer; /* 0x2E4 0x1bc 0x508 */ 190 PVOID FlsData; /* 0x2E8 0x1c0 0x510 */ 191 ULONG GuaranteedStackBytes; /* 0x2EC 0x1c4 0x518 */ 192 ULONG TebFlags; /* 0x2F0 0x1c8 0x51C */ 193 #else 194 ULONG GuaranteedStackBytes; /* 0x2E0 */ 195 PVOID FlsData; /* 0x2E4 */ 196 struct _ACTIVATION_CONTEXT_STACK *ActivationContextStackPointer; 197 #endif 198 } FIBER, *PFIBER; 199 200 #ifndef NTOS_MODE_USER 201 // 202 // Number of dispatch codes supported by KINTERRUPT 203 // 204 #ifdef _M_AMD64 205 #define DISPATCH_LENGTH 4 206 #elif (NTDDI_VERSION >= NTDDI_LONGHORN) 207 #define DISPATCH_LENGTH 135 208 #else 209 #define DISPATCH_LENGTH 106 210 #endif 211 212 #else // NTOS_MODE_USER 213 214 // 215 // KPROCESSOR_MODE Type 216 // 217 typedef CCHAR KPROCESSOR_MODE; 218 219 // 220 // Dereferencable pointer to KUSER_SHARED_DATA in User-Mode 221 // 222 #define SharedUserData ((KUSER_SHARED_DATA *)USER_SHARED_DATA) 223 224 #ifdef _X86_ 225 /* Macros for user-mode run-time checks of X86 system architecture */ 226 227 #ifndef IsNEC_98 228 #define IsNEC_98 (SharedUserData->AlternativeArchitecture == NEC98x86) 229 #endif 230 231 #ifndef IsNotNEC_98 232 #define IsNotNEC_98 (SharedUserData->AlternativeArchitecture != NEC98x86) 233 #endif 234 235 /* User-mode cannot override the architecture */ 236 #ifndef SetNEC_98 237 #define SetNEC_98 238 #endif 239 240 /* User-mode cannot override the architecture */ 241 #ifndef SetNotNEC_98 242 #define SetNotNEC_98 243 #endif 244 245 #else // !_X86_ 246 /* Correctly define these run-time definitions for non X86 machines */ 247 248 #ifndef IsNEC_98 249 #define IsNEC_98 (FALSE) 250 #endif 251 252 #ifndef IsNotNEC_98 253 #define IsNotNEC_98 (TRUE) 254 #endif 255 256 #ifndef SetNEC_98 257 #define SetNEC_98 258 #endif 259 260 #ifndef SetNotNEC_98 261 #define SetNotNEC_98 262 #endif 263 264 #endif // _X86_ 265 266 // 267 // Maximum WOW64 Entries in KUSER_SHARED_DATA 268 // 269 #define MAX_WOW64_SHARED_ENTRIES 16 270 271 // 272 // Maximum Processor Features supported in KUSER_SHARED_DATA 273 // 274 #define PROCESSOR_FEATURE_MAX 64 275 276 // 277 // Event Types 278 // 279 typedef enum _EVENT_TYPE 280 { 281 NotificationEvent, 282 SynchronizationEvent 283 } EVENT_TYPE; 284 285 // 286 // Timer Types 287 // 288 typedef enum _TIMER_TYPE 289 { 290 NotificationTimer, 291 SynchronizationTimer 292 } TIMER_TYPE; 293 294 // 295 // Wait Types 296 // 297 typedef enum _WAIT_TYPE 298 { 299 WaitAll, 300 WaitAny 301 } WAIT_TYPE; 302 303 // 304 // Processor Execution Modes 305 // 306 typedef enum _MODE 307 { 308 KernelMode, 309 UserMode, 310 MaximumMode 311 } MODE; 312 313 // 314 // Wait Reasons 315 // 316 typedef enum _KWAIT_REASON 317 { 318 Executive, 319 FreePage, 320 PageIn, 321 PoolAllocation, 322 DelayExecution, 323 Suspended, 324 UserRequest, 325 WrExecutive, 326 WrFreePage, 327 WrPageIn, 328 WrPoolAllocation, 329 WrDelayExecution, 330 WrSuspended, 331 WrUserRequest, 332 WrEventPair, 333 WrQueue, 334 WrLpcReceive, 335 WrLpcReply, 336 WrVirtualMemory, 337 WrPageOut, 338 WrRendezvous, 339 Spare2, 340 WrGuardedMutex, 341 Spare4, 342 Spare5, 343 Spare6, 344 WrKernel, 345 WrResource, 346 WrPushLock, 347 WrMutex, 348 WrQuantumEnd, 349 WrDispatchInt, 350 WrPreempted, 351 WrYieldExecution, 352 MaximumWaitReason 353 } KWAIT_REASON; 354 355 // 356 // Profiling Sources 357 // 358 typedef enum _KPROFILE_SOURCE 359 { 360 ProfileTime, 361 ProfileAlignmentFixup, 362 ProfileTotalIssues, 363 ProfilePipelineDry, 364 ProfileLoadInstructions, 365 ProfilePipelineFrozen, 366 ProfileBranchInstructions, 367 ProfileTotalNonissues, 368 ProfileDcacheMisses, 369 ProfileIcacheMisses, 370 ProfileCacheMisses, 371 ProfileBranchMispredictions, 372 ProfileStoreInstructions, 373 ProfileFpInstructions, 374 ProfileIntegerInstructions, 375 Profile2Issue, 376 Profile3Issue, 377 Profile4Issue, 378 ProfileSpecialInstructions, 379 ProfileTotalCycles, 380 ProfileIcacheIssues, 381 ProfileDcacheAccesses, 382 ProfileMemoryBarrierCycles, 383 ProfileLoadLinkedIssues, 384 ProfileMaximum 385 } KPROFILE_SOURCE; 386 387 // 388 // NT Product and Architecture Types 389 // 390 typedef enum _NT_PRODUCT_TYPE 391 { 392 NtProductWinNt = 1, 393 NtProductLanManNt, 394 NtProductServer 395 } NT_PRODUCT_TYPE, *PNT_PRODUCT_TYPE; 396 397 typedef enum _ALTERNATIVE_ARCHITECTURE_TYPE 398 { 399 StandardDesign, 400 NEC98x86, 401 EndAlternatives 402 } ALTERNATIVE_ARCHITECTURE_TYPE; 403 404 // 405 // Flags for NXSupportPolicy 406 // 407 #if (NTDDI_VERSION >= NTDDI_WINXPSP2) 408 #define NX_SUPPORT_POLICY_ALWAYSOFF 0 409 #define NX_SUPPORT_POLICY_ALWAYSON 1 410 #define NX_SUPPORT_POLICY_OPTIN 2 411 #define NX_SUPPORT_POLICY_OPTOUT 3 412 #endif 413 414 #endif // NTOS_MODE_USER 415 416 // 417 // Thread States 418 // 419 typedef enum _KTHREAD_STATE 420 { 421 Initialized, 422 Ready, 423 Running, 424 Standby, 425 Terminated, 426 Waiting, 427 Transition, 428 DeferredReady, 429 #if (NTDDI_VERSION >= NTDDI_WS03) 430 GateWait 431 #endif 432 } KTHREAD_STATE, *PKTHREAD_STATE; 433 434 // 435 // Kernel Object Types 436 // 437 typedef enum _KOBJECTS 438 { 439 EventNotificationObject = 0, 440 EventSynchronizationObject = 1, 441 MutantObject = 2, 442 ProcessObject = 3, 443 QueueObject = 4, 444 SemaphoreObject = 5, 445 ThreadObject = 6, 446 GateObject = 7, 447 TimerNotificationObject = 8, 448 TimerSynchronizationObject = 9, 449 Spare2Object = 10, 450 Spare3Object = 11, 451 Spare4Object = 12, 452 Spare5Object = 13, 453 Spare6Object = 14, 454 Spare7Object = 15, 455 Spare8Object = 16, 456 Spare9Object = 17, 457 ApcObject = 18, 458 DpcObject = 19, 459 DeviceQueueObject = 20, 460 EventPairObject = 21, 461 InterruptObject = 22, 462 ProfileObject = 23, 463 ThreadedDpcObject = 24, 464 MaximumKernelObject = 25 465 } KOBJECTS; 466 467 // 468 // Adjust reasons 469 // 470 typedef enum _ADJUST_REASON 471 { 472 AdjustNone = 0, 473 AdjustUnwait = 1, 474 AdjustBoost = 2 475 } ADJUST_REASON; 476 477 // 478 // Continue Status 479 // 480 typedef enum _KCONTINUE_STATUS 481 { 482 ContinueError = 0, 483 ContinueSuccess, 484 ContinueProcessorReselected, 485 ContinueNextProcessor 486 } KCONTINUE_STATUS; 487 488 // 489 // Process States 490 // 491 typedef enum _KPROCESS_STATE 492 { 493 ProcessInMemory, 494 ProcessOutOfMemory, 495 ProcessInTransition, 496 ProcessInSwap, 497 ProcessOutSwap, 498 } KPROCESS_STATE, *PKPROCESS_STATE; 499 500 // 501 // NtVdmControl Classes 502 // 503 typedef enum _VDMSERVICECLASS 504 { 505 VdmStartExecution = 0, 506 VdmQueueInterrupt = 1, 507 VdmDelayInterrupt = 2, 508 VdmInitialize = 3, 509 VdmFeatures = 4, 510 VdmSetInt21Handler = 5, 511 VdmQueryDir = 6, 512 VdmPrinterDirectIoOpen = 7, 513 VdmPrinterDirectIoClose = 8, 514 VdmPrinterInitialize = 9, 515 VdmSetLdtEntries = 10, 516 VdmSetProcessLdtInfo = 11, 517 VdmAdlibEmulation = 12, 518 VdmPMCliControl = 13, 519 VdmQueryVdmProcess = 14, 520 } VDMSERVICECLASS; 521 522 #ifdef NTOS_MODE_USER 523 524 // 525 // APC Normal Routine 526 // 527 typedef VOID 528 (NTAPI *PKNORMAL_ROUTINE)( 529 _In_ PVOID NormalContext, 530 _In_ PVOID SystemArgument1, 531 _In_ PVOID SystemArgument2 532 ); 533 534 // 535 // Timer Routine 536 // 537 typedef VOID 538 (NTAPI *PTIMER_APC_ROUTINE)( 539 _In_ PVOID TimerContext, 540 _In_ ULONG TimerLowValue, 541 _In_ LONG TimerHighValue 542 ); 543 544 // 545 // System Time Structure 546 // 547 typedef struct _KSYSTEM_TIME 548 { 549 ULONG LowPart; 550 LONG High1Time; 551 LONG High2Time; 552 } KSYSTEM_TIME, *PKSYSTEM_TIME; 553 554 // 555 // Shared Kernel User Data 556 // 557 typedef struct _KUSER_SHARED_DATA 558 { 559 ULONG TickCountLowDeprecated; 560 ULONG TickCountMultiplier; 561 volatile KSYSTEM_TIME InterruptTime; 562 volatile KSYSTEM_TIME SystemTime; 563 volatile KSYSTEM_TIME TimeZoneBias; 564 USHORT ImageNumberLow; 565 USHORT ImageNumberHigh; 566 WCHAR NtSystemRoot[260]; 567 ULONG MaxStackTraceDepth; 568 ULONG CryptoExponent; 569 ULONG TimeZoneId; 570 ULONG LargePageMinimum; 571 ULONG Reserved2[7]; 572 NT_PRODUCT_TYPE NtProductType; 573 BOOLEAN ProductTypeIsValid; 574 ULONG NtMajorVersion; 575 ULONG NtMinorVersion; 576 BOOLEAN ProcessorFeatures[PROCESSOR_FEATURE_MAX]; 577 ULONG Reserved1; 578 ULONG Reserved3; 579 volatile ULONG TimeSlip; 580 ALTERNATIVE_ARCHITECTURE_TYPE AlternativeArchitecture; 581 LARGE_INTEGER SystemExpirationDate; 582 ULONG SuiteMask; 583 BOOLEAN KdDebuggerEnabled; 584 #if (NTDDI_VERSION >= NTDDI_WINXPSP2) 585 UCHAR NXSupportPolicy; 586 #endif 587 volatile ULONG ActiveConsoleId; 588 volatile ULONG DismountCount; 589 ULONG ComPlusPackage; 590 ULONG LastSystemRITEventTickCount; 591 ULONG NumberOfPhysicalPages; 592 BOOLEAN SafeBootMode; 593 ULONG TraceLogging; 594 ULONG Fill0; 595 ULONGLONG TestRetInstruction; 596 ULONG SystemCall; 597 ULONG SystemCallReturn; 598 ULONGLONG SystemCallPad[3]; 599 union { 600 volatile KSYSTEM_TIME TickCount; 601 volatile ULONG64 TickCountQuad; 602 }; 603 ULONG Cookie; 604 #if (NTDDI_VERSION >= NTDDI_WS03) 605 LONGLONG ConsoleSessionForegroundProcessId; 606 ULONG Wow64SharedInformation[MAX_WOW64_SHARED_ENTRIES]; 607 #endif 608 #if (NTDDI_VERSION >= NTDDI_LONGHORN) 609 USHORT UserModeGlobalLogger[8]; 610 ULONG HeapTracingPid[2]; 611 ULONG CritSecTracingPid[2]; 612 union 613 { 614 ULONG SharedDataFlags; 615 struct 616 { 617 ULONG DbgErrorPortPresent:1; 618 ULONG DbgElevationEnabled:1; 619 ULONG DbgVirtEnabled:1; 620 ULONG DbgInstallerDetectEnabled:1; 621 ULONG SpareBits:28; 622 }; 623 }; 624 ULONG ImageFileExecutionOptions; 625 KAFFINITY ActiveProcessorAffinity; 626 #endif 627 } KUSER_SHARED_DATA, *PKUSER_SHARED_DATA; 628 629 // 630 // VDM Structures 631 // 632 #include "pshpack1.h" 633 typedef struct _VdmVirtualIca 634 { 635 LONG ica_count[8]; 636 LONG ica_int_line; 637 LONG ica_cpu_int; 638 USHORT ica_base; 639 USHORT ica_hipiri; 640 USHORT ica_mode; 641 UCHAR ica_master; 642 UCHAR ica_irr; 643 UCHAR ica_isr; 644 UCHAR ica_imr; 645 UCHAR ica_ssr; 646 } VDMVIRTUALICA, *PVDMVIRTUALICA; 647 #include "poppack.h" 648 649 typedef struct _VdmIcaUserData 650 { 651 PVOID pIcaLock; 652 PVDMVIRTUALICA pIcaMaster; 653 PVDMVIRTUALICA pIcaSlave; 654 PULONG pDelayIrq; 655 PULONG pUndelayIrq; 656 PULONG pDelayIret; 657 PULONG pIretHooked; 658 PULONG pAddrIretBopTable; 659 PHANDLE phWowIdleEvent; 660 PLARGE_INTEGER pIcaTimeout; 661 PHANDLE phMainThreadSuspended; 662 } VDMICAUSERDATA, *PVDMICAUSERDATA; 663 664 typedef struct _VDM_INITIALIZE_DATA 665 { 666 PVOID TrapcHandler; 667 PVDMICAUSERDATA IcaUserData; 668 } VDM_INITIALIZE_DATA, *PVDM_INITIALIZE_DATA; 669 670 #else 671 672 // 673 // System Thread Start Routine 674 // 675 typedef 676 VOID 677 (NTAPI *PKSYSTEM_ROUTINE)( 678 PKSTART_ROUTINE StartRoutine, 679 PVOID StartContext 680 ); 681 682 #ifndef _NTSYSTEM_ 683 typedef VOID 684 (NTAPI *PKNORMAL_ROUTINE)( 685 IN PVOID NormalContext OPTIONAL, 686 IN PVOID SystemArgument1 OPTIONAL, 687 IN PVOID SystemArgument2 OPTIONAL); 688 689 typedef VOID 690 (NTAPI *PKRUNDOWN_ROUTINE)( 691 IN struct _KAPC *Apc); 692 693 typedef VOID 694 (NTAPI *PKKERNEL_ROUTINE)( 695 IN struct _KAPC *Apc, 696 IN OUT PKNORMAL_ROUTINE *NormalRoutine OPTIONAL, 697 IN OUT PVOID *NormalContext OPTIONAL, 698 IN OUT PVOID *SystemArgument1 OPTIONAL, 699 IN OUT PVOID *SystemArgument2 OPTIONAL); 700 #endif 701 702 // 703 // APC Environment Types 704 // 705 typedef enum _KAPC_ENVIRONMENT 706 { 707 OriginalApcEnvironment, 708 AttachedApcEnvironment, 709 CurrentApcEnvironment, 710 InsertApcEnvironment 711 } KAPC_ENVIRONMENT; 712 713 typedef struct _KTIMER_TABLE_ENTRY 714 { 715 #if (NTDDI_VERSION >= NTDDI_LONGHORN) || defined(_M_ARM) || defined(_M_AMD64) 716 KSPIN_LOCK Lock; 717 #endif 718 LIST_ENTRY Entry; 719 ULARGE_INTEGER Time; 720 } KTIMER_TABLE_ENTRY, *PKTIMER_TABLE_ENTRY; 721 722 typedef struct _KTIMER_TABLE 723 { 724 PKTIMER TimerExpiry[64]; 725 KTIMER_TABLE_ENTRY TimerEntries[256]; 726 } KTIMER_TABLE, *PKTIMER_TABLE; 727 728 typedef struct _KDPC_LIST 729 { 730 SINGLE_LIST_ENTRY ListHead; 731 SINGLE_LIST_ENTRY* LastEntry; 732 } KDPC_LIST, *PKDPC_LIST; 733 734 typedef struct _SYNCH_COUNTERS 735 { 736 ULONG SpinLockAcquireCount; 737 ULONG SpinLockContentionCount; 738 ULONG SpinLockSpinCount; 739 ULONG IpiSendRequestBroadcastCount; 740 ULONG IpiSendRequestRoutineCount; 741 ULONG IpiSendSoftwareInterruptCount; 742 ULONG ExInitializeResourceCount; 743 ULONG ExReInitializeResourceCount; 744 ULONG ExDeleteResourceCount; 745 ULONG ExecutiveResourceAcquiresCount; 746 ULONG ExecutiveResourceContentionsCount; 747 ULONG ExecutiveResourceReleaseExclusiveCount; 748 ULONG ExecutiveResourceReleaseSharedCount; 749 ULONG ExecutiveResourceConvertsCount; 750 ULONG ExAcqResExclusiveAttempts; 751 ULONG ExAcqResExclusiveAcquiresExclusive; 752 ULONG ExAcqResExclusiveAcquiresExclusiveRecursive; 753 ULONG ExAcqResExclusiveWaits; 754 ULONG ExAcqResExclusiveNotAcquires; 755 ULONG ExAcqResSharedAttempts; 756 ULONG ExAcqResSharedAcquiresExclusive; 757 ULONG ExAcqResSharedAcquiresShared; 758 ULONG ExAcqResSharedAcquiresSharedRecursive; 759 ULONG ExAcqResSharedWaits; 760 ULONG ExAcqResSharedNotAcquires; 761 ULONG ExAcqResSharedStarveExclusiveAttempts; 762 ULONG ExAcqResSharedStarveExclusiveAcquiresExclusive; 763 ULONG ExAcqResSharedStarveExclusiveAcquiresShared; 764 ULONG ExAcqResSharedStarveExclusiveAcquiresSharedRecursive; 765 ULONG ExAcqResSharedStarveExclusiveWaits; 766 ULONG ExAcqResSharedStarveExclusiveNotAcquires; 767 ULONG ExAcqResSharedWaitForExclusiveAttempts; 768 ULONG ExAcqResSharedWaitForExclusiveAcquiresExclusive; 769 ULONG ExAcqResSharedWaitForExclusiveAcquiresShared; 770 ULONG ExAcqResSharedWaitForExclusiveAcquiresSharedRecursive; 771 ULONG ExAcqResSharedWaitForExclusiveWaits; 772 ULONG ExAcqResSharedWaitForExclusiveNotAcquires; 773 ULONG ExSetResOwnerPointerExclusive; 774 ULONG ExSetResOwnerPointerSharedNew; 775 ULONG ExSetResOwnerPointerSharedOld; 776 ULONG ExTryToAcqExclusiveAttempts; 777 ULONG ExTryToAcqExclusiveAcquires; 778 ULONG ExBoostExclusiveOwner; 779 ULONG ExBoostSharedOwners; 780 ULONG ExEtwSynchTrackingNotificationsCount; 781 ULONG ExEtwSynchTrackingNotificationsAccountedCount; 782 } SYNCH_COUNTERS, *PSYNCH_COUNTERS; 783 784 // 785 // PRCB DPC Data 786 // 787 typedef struct _KDPC_DATA 788 { 789 #if (NTDDI_VERSION >= NTDDI_LONGHORN) 790 KDPC_LIST DpcList; 791 #else 792 LIST_ENTRY DpcListHead; 793 #endif 794 ULONG_PTR DpcLock; 795 #if defined(_M_AMD64) || defined(_M_ARM) 796 volatile LONG DpcQueueDepth; 797 #else 798 volatile ULONG DpcQueueDepth; 799 #endif 800 ULONG DpcCount; 801 #if (NTDDI_VERSION >= NTDDI_LONGHORN) || defined(_M_ARM) 802 PKDPC ActiveDpc; 803 #endif 804 } KDPC_DATA, *PKDPC_DATA; 805 806 // 807 // Per-Processor Lookaside List 808 // 809 typedef struct _PP_LOOKASIDE_LIST 810 { 811 struct _GENERAL_LOOKASIDE *P; 812 struct _GENERAL_LOOKASIDE *L; 813 } PP_LOOKASIDE_LIST, *PPP_LOOKASIDE_LIST; 814 815 // 816 // Architectural Types 817 // 818 #include <arch/ketypes.h> 819 820 // 821 // Kernel Memory Node 822 // 823 typedef struct _KNODE 824 { 825 SLIST_HEADER DeadStackList; 826 SLIST_HEADER PfnDereferenceSListHead; 827 KAFFINITY ProcessorMask; 828 UCHAR Color; 829 UCHAR Seed; 830 UCHAR NodeNumber; 831 struct _flags { 832 UCHAR Removable : 1; 833 UCHAR Fill : 7; 834 } Flags; 835 ULONG MmShiftedColor; 836 ULONG_PTR FreeCount[2]; 837 struct _SINGLE_LIST_ENTRY *PfnDeferredList; 838 } KNODE, *PKNODE; 839 840 // 841 // Structure for Get/SetContext APC 842 // 843 typedef struct _GETSETCONTEXT 844 { 845 KAPC Apc; 846 KEVENT Event; 847 KPROCESSOR_MODE Mode; 848 CONTEXT Context; 849 } GETSETCONTEXT, *PGETSETCONTEXT; 850 851 // 852 // Kernel Profile Object 853 // 854 typedef struct _KPROFILE 855 { 856 CSHORT Type; 857 CSHORT Size; 858 LIST_ENTRY ProfileListEntry; 859 struct _KPROCESS *Process; 860 PVOID RangeBase; 861 PVOID RangeLimit; 862 ULONG BucketShift; 863 PVOID Buffer; 864 ULONG_PTR Segment; 865 KAFFINITY Affinity; 866 KPROFILE_SOURCE Source; 867 BOOLEAN Started; 868 } KPROFILE, *PKPROFILE; 869 870 // 871 // Kernel Interrupt Object 872 // 873 typedef struct _KINTERRUPT 874 { 875 CSHORT Type; 876 CSHORT Size; 877 LIST_ENTRY InterruptListEntry; 878 PKSERVICE_ROUTINE ServiceRoutine; 879 #if (NTDDI_VERSION >= NTDDI_LONGHORN) 880 PKSERVICE_ROUTINE MessageServiceRoutine; 881 ULONG MessageIndex; 882 #endif 883 PVOID ServiceContext; 884 KSPIN_LOCK SpinLock; 885 ULONG TickCount; 886 PKSPIN_LOCK ActualLock; 887 PKINTERRUPT_ROUTINE DispatchAddress; 888 ULONG Vector; 889 KIRQL Irql; 890 KIRQL SynchronizeIrql; 891 BOOLEAN FloatingSave; 892 BOOLEAN Connected; 893 CCHAR Number; 894 BOOLEAN ShareVector; 895 KINTERRUPT_MODE Mode; 896 #if (NTDDI_VERSION >= NTDDI_LONGHORN) 897 KINTERRUPT_POLARITY Polarity; 898 #endif 899 ULONG ServiceCount; 900 ULONG DispatchCount; 901 #if (NTDDI_VERSION >= NTDDI_LONGHORN) 902 ULONGLONG Rsvd1; 903 #endif 904 #ifdef _M_AMD64 905 PKTRAP_FRAME TrapFrame; 906 PVOID Reserved; 907 #endif 908 ULONG DispatchCode[DISPATCH_LENGTH]; 909 } KINTERRUPT; 910 911 // 912 // Kernel Event Pair Object 913 // 914 typedef struct _KEVENT_PAIR 915 { 916 CSHORT Type; 917 CSHORT Size; 918 KEVENT LowEvent; 919 KEVENT HighEvent; 920 } KEVENT_PAIR, *PKEVENT_PAIR; 921 922 // 923 // Kernel No Execute Options 924 // 925 typedef struct _KEXECUTE_OPTIONS 926 { 927 UCHAR ExecuteDisable:1; 928 UCHAR ExecuteEnable:1; 929 UCHAR DisableThunkEmulation:1; 930 UCHAR Permanent:1; 931 UCHAR ExecuteDispatchEnable:1; 932 UCHAR ImageDispatchEnable:1; 933 UCHAR Spare:2; 934 } KEXECUTE_OPTIONS, *PKEXECUTE_OPTIONS; 935 936 #if (NTDDI_VERSION >= NTDDI_WIN7) 937 typedef union _KWAIT_STATUS_REGISTER 938 { 939 UCHAR Flags; 940 struct 941 { 942 UCHAR State:2; 943 UCHAR Affinity:1; 944 UCHAR Priority:1; 945 UCHAR Apc:1; 946 UCHAR UserApc:1; 947 UCHAR Alert:1; 948 UCHAR Unused:1; 949 }; 950 } KWAIT_STATUS_REGISTER, *PKWAIT_STATUS_REGISTER; 951 952 typedef struct _COUNTER_READING 953 { 954 enum _HARDWARE_COUNTER_TYPE Type; 955 ULONG Index; 956 ULONG64 Start; 957 ULONG64 Total; 958 }COUNTER_READING, *PCOUNTER_READING; 959 960 typedef struct _KTHREAD_COUNTERS 961 { 962 ULONG64 WaitReasonBitMap; 963 struct _THREAD_PERFORMANCE_DATA* UserData; 964 ULONG Flags; 965 ULONG ContextSwitches; 966 ULONG64 CycleTimeBias; 967 ULONG64 HardwareCounters; 968 COUNTER_READING HwCounter[16]; 969 }KTHREAD_COUNTERS, *PKTHREAD_COUNTERS; 970 #endif 971 972 /// FIXME: should move to rtltypes.h, but we can't include it here. 973 #if (NTDDI_VERSION >= NTDDI_WIN8) 974 typedef struct _RTL_RB_TREE 975 { 976 PRTL_BALANCED_NODE Root; 977 PRTL_BALANCED_NODE Min; 978 } RTL_RB_TREE, *PRTL_RB_TREE; 979 #endif 980 981 #if (NTDDI_VERSION >= NTDDI_WINBLUE) 982 typedef struct _KLOCK_ENTRY_LOCK_STATE 983 { 984 union 985 { 986 struct 987 { 988 #if (NTDDI_VERSION >= NTDDI_WIN10) // since 6.4.9841.0 989 ULONG_PTR CrossThreadReleasable : 1; 990 #else 991 ULONG_PTR Waiting : 1; 992 #endif 993 ULONG_PTR Busy : 1; 994 ULONG_PTR Reserved : (8 * sizeof(PVOID)) - 3; // previously Spare 995 ULONG_PTR InTree : 1; 996 }; 997 PVOID LockState; 998 }; 999 union 1000 { 1001 PVOID SessionState; 1002 struct 1003 { 1004 ULONG SessionId; 1005 #ifdef _WIN64 1006 ULONG SessionPad; 1007 #endif 1008 }; 1009 }; 1010 } KLOCK_ENTRY_LOCK_STATE, *PKLOCK_ENTRY_LOCK_STATE; 1011 1012 typedef struct _KLOCK_ENTRY 1013 { 1014 union 1015 { 1016 RTL_BALANCED_NODE TreeNode; 1017 SINGLE_LIST_ENTRY FreeListEntry; 1018 }; 1019 #if (NTDDI_VERSION >= NTDDI_WIN10) 1020 union 1021 { 1022 ULONG EntryFlags; 1023 struct 1024 { 1025 UCHAR EntryOffset; 1026 union 1027 { 1028 UCHAR ThreadLocalFlags; 1029 struct 1030 { 1031 UCHAR WaitingBit : 1; 1032 UCHAR Spare0 : 7; 1033 }; 1034 }; 1035 union 1036 { 1037 UCHAR AcquiredByte; 1038 UCHAR AcquiredBit : 1; 1039 }; 1040 union 1041 { 1042 UCHAR CrossThreadFlags; 1043 struct 1044 { 1045 UCHAR HeadNodeBit : 1; 1046 UCHAR IoPriorityBit : 1; 1047 UCHAR IoQoSWaiter : 1; // since TH2 1048 UCHAR Spare1 : 5; 1049 }; 1050 }; 1051 }; 1052 struct 1053 { 1054 ULONG StaticState : 8; 1055 ULONG AllFlags : 24; 1056 }; 1057 }; 1058 #ifdef _WIN64 1059 ULONG SpareFlags; 1060 #endif 1061 #else 1062 union 1063 { 1064 PVOID ThreadUnsafe; 1065 struct 1066 { 1067 volatile UCHAR HeadNodeByte; 1068 UCHAR Reserved1[2]; 1069 volatile UCHAR AcquiredByte; 1070 }; 1071 }; 1072 #endif 1073 1074 union 1075 { 1076 KLOCK_ENTRY_LOCK_STATE LockState; 1077 PVOID LockUnsafe; 1078 struct 1079 { 1080 #if (NTDDI_VERSION >= NTDDI_WIN10) 1081 volatile UCHAR CrossThreadReleasableAndBusyByte; 1082 #else 1083 volatile UCHAR WaitingAndBusyByte; 1084 #endif 1085 UCHAR Reserved[sizeof(PVOID) - 2]; 1086 UCHAR InTreeByte; 1087 union 1088 { 1089 PVOID SessionState; 1090 struct 1091 { 1092 ULONG SessionId; 1093 #ifdef _WIN64 1094 ULONG SessionPad; 1095 #endif 1096 }; 1097 }; 1098 }; 1099 }; 1100 union 1101 { 1102 struct 1103 { 1104 RTL_RB_TREE OwnerTree; 1105 RTL_RB_TREE WaiterTree; 1106 }; 1107 CHAR CpuPriorityKey; 1108 }; 1109 ULONG_PTR EntryLock; 1110 union 1111 { 1112 #if _WIN64 1113 ULONG AllBoosts : 17; 1114 #else 1115 USHORT AllBoosts; 1116 #endif 1117 struct 1118 { 1119 struct 1120 { 1121 USHORT CpuBoostsBitmap : 15; 1122 USHORT IoBoost : 1; 1123 }; 1124 struct 1125 { 1126 USHORT IoQoSBoost : 1; 1127 USHORT IoNormalPriorityWaiterCount : 8; 1128 USHORT IoQoSWaiterCount : 7; 1129 }; 1130 }; 1131 }; 1132 #if _WIN64 1133 ULONG SparePad; 1134 #endif 1135 } KLOCK_ENTRY, *PKLOCK_ENTRY; 1136 1137 #endif 1138 1139 // 1140 // Kernel Thread (KTHREAD) 1141 // 1142 #if (NTDDI_VERSION < NTDDI_WIN8) 1143 1144 typedef struct _KTHREAD 1145 { 1146 DISPATCHER_HEADER Header; 1147 #if (NTDDI_VERSION >= NTDDI_LONGHORN) // [ 1148 ULONGLONG CycleTime; 1149 #ifndef _WIN64 // [ 1150 ULONG HighCycleTime; 1151 #endif // ] 1152 ULONGLONG QuantumTarget; 1153 #else // ][ 1154 LIST_ENTRY MutantListHead; 1155 #endif // ] 1156 PVOID InitialStack; 1157 ULONG_PTR StackLimit; // FIXME: PVOID 1158 PVOID KernelStack; 1159 KSPIN_LOCK ThreadLock; 1160 #if (NTDDI_VERSION >= NTDDI_WIN7) // [ 1161 KWAIT_STATUS_REGISTER WaitRegister; 1162 BOOLEAN Running; 1163 BOOLEAN Alerted[2]; 1164 union 1165 { 1166 struct 1167 { 1168 ULONG KernelStackResident:1; 1169 ULONG ReadyTransition:1; 1170 ULONG ProcessReadyQueue:1; 1171 ULONG WaitNext:1; 1172 ULONG SystemAffinityActive:1; 1173 ULONG Alertable:1; 1174 ULONG GdiFlushActive:1; 1175 ULONG UserStackWalkActive:1; 1176 ULONG ApcInterruptRequest:1; 1177 ULONG ForceDeferSchedule:1; 1178 ULONG QuantumEndMigrate:1; 1179 ULONG UmsDirectedSwitchEnable:1; 1180 ULONG TimerActive:1; 1181 ULONG Reserved:19; 1182 }; 1183 LONG MiscFlags; 1184 }; 1185 #endif // ] 1186 union 1187 { 1188 KAPC_STATE ApcState; 1189 struct 1190 { 1191 UCHAR ApcStateFill[FIELD_OFFSET(KAPC_STATE, UserApcPending) + 1]; 1192 #if (NTDDI_VERSION >= NTDDI_LONGHORN) // [ 1193 SCHAR Priority; 1194 #if (NTDDI_VERSION >= NTDDI_WIN7) // [ 1195 /* On x86, the following members "fall out" of the union */ 1196 volatile ULONG NextProcessor; 1197 volatile ULONG DeferredProcessor; 1198 #else // ][ 1199 /* On x86, the following members "fall out" of the union */ 1200 volatile USHORT NextProcessor; 1201 volatile USHORT DeferredProcessor; 1202 #endif // ] 1203 #else // ][ 1204 UCHAR ApcQueueable; 1205 /* On x86, the following members "fall out" of the union */ 1206 volatile UCHAR NextProcessor; 1207 volatile UCHAR DeferredProcessor; 1208 UCHAR AdjustReason; 1209 SCHAR AdjustIncrement; 1210 #endif // ] 1211 }; 1212 }; 1213 KSPIN_LOCK ApcQueueLock; 1214 #if !defined(_M_AMD64) && !defined(_M_ARM64) // [ 1215 ULONG ContextSwitches; 1216 volatile UCHAR State; 1217 UCHAR NpxState; 1218 KIRQL WaitIrql; 1219 KPROCESSOR_MODE WaitMode; 1220 #endif // ] 1221 LONG_PTR WaitStatus; 1222 #if (NTDDI_VERSION >= NTDDI_WIN7) // [ 1223 PKWAIT_BLOCK WaitBlockList; 1224 #else // ][ 1225 union 1226 { 1227 PKWAIT_BLOCK WaitBlockList; 1228 PKGATE GateObject; 1229 }; 1230 #if (NTDDI_VERSION >= NTDDI_LONGHORN) // [ 1231 union 1232 { 1233 struct 1234 { 1235 ULONG KernelStackResident:1; 1236 ULONG ReadyTransition:1; 1237 ULONG ProcessReadyQueue:1; 1238 ULONG WaitNext:1; 1239 ULONG SystemAffinityActive:1; 1240 ULONG Alertable:1; 1241 ULONG GdiFlushActive:1; 1242 ULONG Reserved:25; 1243 }; 1244 LONG MiscFlags; 1245 }; 1246 #else // ][ 1247 BOOLEAN Alertable; 1248 BOOLEAN WaitNext; 1249 #endif // ] 1250 UCHAR WaitReason; 1251 #if (NTDDI_VERSION < NTDDI_LONGHORN) 1252 SCHAR Priority; 1253 BOOLEAN EnableStackSwap; 1254 #endif // ] 1255 volatile UCHAR SwapBusy; 1256 BOOLEAN Alerted[MaximumMode]; 1257 #endif // ] 1258 union 1259 { 1260 LIST_ENTRY WaitListEntry; 1261 SINGLE_LIST_ENTRY SwapListEntry; 1262 }; 1263 PKQUEUE Queue; 1264 #if !defined(_M_AMD64) && !defined(_M_ARM64) // [ 1265 ULONG WaitTime; 1266 union 1267 { 1268 struct 1269 { 1270 SHORT KernelApcDisable; 1271 SHORT SpecialApcDisable; 1272 }; 1273 ULONG CombinedApcDisable; 1274 }; 1275 #endif // ] 1276 struct _TEB *Teb; 1277 1278 #if (NTDDI_VERSION >= NTDDI_WIN7) // [ 1279 KTIMER Timer; 1280 #else // ][ 1281 union 1282 { 1283 KTIMER Timer; 1284 struct 1285 { 1286 UCHAR TimerFill[FIELD_OFFSET(KTIMER, Period) + sizeof(LONG)]; 1287 #if !defined(_WIN64) // [ 1288 }; 1289 }; 1290 #endif // ] 1291 #endif // ] 1292 union 1293 { 1294 struct 1295 { 1296 ULONG AutoAlignment:1; 1297 ULONG DisableBoost:1; 1298 #if (NTDDI_VERSION >= NTDDI_LONGHORN) // [ 1299 ULONG EtwStackTraceApc1Inserted:1; 1300 ULONG EtwStackTraceApc2Inserted:1; 1301 ULONG CycleChargePending:1; 1302 ULONG CalloutActive:1; 1303 ULONG ApcQueueable:1; 1304 ULONG EnableStackSwap:1; 1305 ULONG GuiThread:1; 1306 ULONG ReservedFlags:23; 1307 #else // ][ 1308 LONG ReservedFlags:30; 1309 #endif // ] 1310 }; 1311 LONG ThreadFlags; 1312 }; 1313 #if defined(_WIN64) && (NTDDI_VERSION < NTDDI_WIN7) // [ 1314 }; 1315 }; 1316 #endif // ] 1317 #if (NTDDI_VERSION >= NTDDI_WIN7) // [ 1318 #if defined(_WIN64) // [ 1319 ULONG Spare0; 1320 #else // ][ 1321 PVOID ServiceTable; 1322 #endif // ] 1323 #endif // ] 1324 union 1325 { 1326 DECLSPEC_ALIGN(8) KWAIT_BLOCK WaitBlock[THREAD_WAIT_OBJECTS + 1]; 1327 #if (NTDDI_VERSION < NTDDI_WIN7) // [ 1328 struct 1329 { 1330 UCHAR WaitBlockFill0[FIELD_OFFSET(KWAIT_BLOCK, SpareByte)]; // 32bit = 23, 64bit = 43 1331 #if (NTDDI_VERSION >= NTDDI_LONGHORN) // [ 1332 UCHAR IdealProcessor; 1333 #else // ][ 1334 BOOLEAN SystemAffinityActive; 1335 #endif // ] 1336 }; 1337 struct 1338 { 1339 UCHAR WaitBlockFill1[1 * sizeof(KWAIT_BLOCK) + FIELD_OFFSET(KWAIT_BLOCK, SpareByte)]; // 47 / 91 1340 CCHAR PreviousMode; 1341 }; 1342 struct 1343 { 1344 UCHAR WaitBlockFill2[2 * sizeof(KWAIT_BLOCK) + FIELD_OFFSET(KWAIT_BLOCK, SpareByte)]; // 71 / 139 1345 UCHAR ResourceIndex; 1346 }; 1347 struct 1348 { 1349 UCHAR WaitBlockFill3[3 * sizeof(KWAIT_BLOCK) + FIELD_OFFSET(KWAIT_BLOCK, SpareByte)]; // 95 / 187 1350 UCHAR LargeStack; 1351 }; 1352 #endif // ] 1353 #ifdef _WIN64 // [ 1354 struct 1355 { 1356 UCHAR WaitBlockFill4[FIELD_OFFSET(KWAIT_BLOCK, SpareLong)]; 1357 ULONG ContextSwitches; 1358 }; 1359 struct 1360 { 1361 UCHAR WaitBlockFill5[1 * sizeof(KWAIT_BLOCK) + FIELD_OFFSET(KWAIT_BLOCK, SpareLong)]; 1362 UCHAR State; 1363 UCHAR NpxState; 1364 UCHAR WaitIrql; 1365 CHAR WaitMode; 1366 }; 1367 struct 1368 { 1369 UCHAR WaitBlockFill6[2 * sizeof(KWAIT_BLOCK) + FIELD_OFFSET(KWAIT_BLOCK, SpareLong)]; 1370 ULONG WaitTime; 1371 }; 1372 #if (NTDDI_VERSION >= NTDDI_WIN7) // [ 1373 struct 1374 { 1375 UCHAR WaitBlockFill7[168]; 1376 PVOID TebMappedLowVa; 1377 struct _UMS_CONTROL_BLOCK* Ucb; 1378 }; 1379 #endif // ] 1380 struct 1381 { 1382 #if (NTDDI_VERSION >= NTDDI_WIN7) // [ 1383 UCHAR WaitBlockFill8[188]; 1384 #else // ][ 1385 UCHAR WaitBlockFill7[3 * sizeof(KWAIT_BLOCK) + FIELD_OFFSET(KWAIT_BLOCK, SpareLong)]; 1386 #endif // ] 1387 union 1388 { 1389 struct 1390 { 1391 SHORT KernelApcDisable; 1392 SHORT SpecialApcDisable; 1393 }; 1394 ULONG CombinedApcDisable; 1395 }; 1396 }; 1397 #endif // ] 1398 }; 1399 LIST_ENTRY QueueListEntry; 1400 PKTRAP_FRAME TrapFrame; 1401 #if (NTDDI_VERSION >= NTDDI_LONGHORN) // [ 1402 PVOID FirstArgument; 1403 union 1404 { 1405 PVOID CallbackStack; 1406 ULONG_PTR CallbackDepth; 1407 }; 1408 #else // ][ 1409 PVOID CallbackStack; 1410 #endif // ] 1411 #if (NTDDI_VERSION < NTDDI_LONGHORN) || ((NTDDI_VERSION < NTDDI_WIN7) && !defined(_WIN64)) // [ 1412 PVOID ServiceTable; 1413 #endif // ] 1414 #if (NTDDI_VERSION < NTDDI_LONGHORN) && defined(_WIN64) // [ 1415 ULONG KernelLimit; 1416 #endif // ] 1417 UCHAR ApcStateIndex; 1418 #if (NTDDI_VERSION < NTDDI_LONGHORN) // [ 1419 UCHAR IdealProcessor; 1420 BOOLEAN Preempted; 1421 BOOLEAN ProcessReadyQueue; 1422 #ifdef _WIN64 // [ 1423 PVOID Win32kTable; 1424 ULONG Win32kLimit; 1425 #endif // ] 1426 BOOLEAN KernelStackResident; 1427 #endif // ] 1428 SCHAR BasePriority; 1429 SCHAR PriorityDecrement; 1430 #if (NTDDI_VERSION >= NTDDI_LONGHORN) // [ 1431 BOOLEAN Preempted; 1432 UCHAR AdjustReason; 1433 CHAR AdjustIncrement; 1434 #if (NTDDI_VERSION >= NTDDI_WIN7) 1435 UCHAR PreviousMode; 1436 #else 1437 UCHAR Spare01; 1438 #endif 1439 #endif // ] 1440 CHAR Saturation; 1441 #if (NTDDI_VERSION >= NTDDI_LONGHORN) // [ 1442 ULONG SystemCallNumber; 1443 #if (NTDDI_VERSION >= NTDDI_WIN7) // [ 1444 ULONG FreezeCount; 1445 #else // ][ 1446 ULONG Spare02; 1447 #endif // ] 1448 #endif // ] 1449 #if (NTDDI_VERSION >= NTDDI_WIN7) // [ 1450 GROUP_AFFINITY UserAffinity; 1451 struct _KPROCESS *Process; 1452 GROUP_AFFINITY Affinity; 1453 ULONG IdealProcessor; 1454 ULONG UserIdealProcessor; 1455 #else // ][ 1456 KAFFINITY UserAffinity; 1457 struct _KPROCESS *Process; 1458 KAFFINITY Affinity; 1459 #endif // ] 1460 PKAPC_STATE ApcStatePointer[2]; 1461 union 1462 { 1463 KAPC_STATE SavedApcState; 1464 struct 1465 { 1466 UCHAR SavedApcStateFill[FIELD_OFFSET(KAPC_STATE, UserApcPending) + 1]; 1467 #if (NTDDI_VERSION >= NTDDI_WIN7) // [ 1468 UCHAR WaitReason; 1469 #else // ][ 1470 CCHAR FreezeCount; 1471 #endif // ] 1472 #ifndef _WIN64 // [ 1473 }; 1474 }; 1475 #endif // ] 1476 CCHAR SuspendCount; 1477 #if (NTDDI_VERSION >= NTDDI_WIN7) // [ 1478 CCHAR Spare1; 1479 #else // ][ 1480 UCHAR UserIdealProcessor; 1481 #endif // ] 1482 #if (NTDDI_VERSION >= NTDDI_WIN7) // [ 1483 #elif (NTDDI_VERSION >= NTDDI_LONGHORN) // ][ 1484 UCHAR Spare03; 1485 #else // ][ 1486 UCHAR CalloutActive; 1487 #endif // ] 1488 #ifdef _WIN64 // [ 1489 UCHAR CodePatchInProgress; 1490 }; 1491 }; 1492 #endif // ] 1493 #if defined(_M_IX86) // [ 1494 #if (NTDDI_VERSION >= NTDDI_LONGHORN) // [ 1495 UCHAR OtherPlatformFill; 1496 #else // ][ 1497 UCHAR Iopl; 1498 #endif // ] 1499 #endif // ] 1500 PVOID Win32Thread; 1501 PVOID StackBase; 1502 union 1503 { 1504 KAPC SuspendApc; 1505 struct 1506 { 1507 UCHAR SuspendApcFill0[1]; 1508 #if (NTDDI_VERSION >= NTDDI_WIN7) // [ 1509 UCHAR ResourceIndex; 1510 #elif (NTDDI_VERSION >= NTDDI_LONGHORN) // ][ 1511 CHAR Spare04; 1512 #else // ][ 1513 SCHAR Quantum; 1514 #endif // ] 1515 }; 1516 struct 1517 { 1518 UCHAR SuspendApcFill1[3]; 1519 UCHAR QuantumReset; 1520 }; 1521 struct 1522 { 1523 UCHAR SuspendApcFill2[4]; 1524 ULONG KernelTime; 1525 }; 1526 struct 1527 { 1528 UCHAR SuspendApcFill3[FIELD_OFFSET(KAPC, SystemArgument1)]; 1529 #if (NTDDI_VERSION >= NTDDI_LONGHORN) 1530 PKPRCB WaitPrcb; 1531 #else 1532 PVOID TlsArray; 1533 #endif 1534 }; 1535 struct 1536 { 1537 UCHAR SuspendApcFill4[FIELD_OFFSET(KAPC, SystemArgument2)]; // 40 / 72 1538 PVOID LegoData; 1539 }; 1540 struct 1541 { 1542 UCHAR SuspendApcFill5[FIELD_OFFSET(KAPC, Inserted) + 1]; // 47 / 83 1543 #if (NTDDI_VERSION >= NTDDI_WIN7) // [ 1544 UCHAR LargeStack; 1545 #else // ][ 1546 UCHAR PowerState; 1547 #endif // ] 1548 #ifdef _WIN64 // [ 1549 ULONG UserTime; 1550 #endif // ] 1551 }; 1552 }; 1553 #ifndef _WIN64 // [ 1554 ULONG UserTime; 1555 #endif // ] 1556 union 1557 { 1558 KSEMAPHORE SuspendSemaphore; 1559 struct 1560 { 1561 UCHAR SuspendSemaphorefill[FIELD_OFFSET(KSEMAPHORE, Limit) + 4]; // 20 / 28 1562 #ifdef _WIN64 // [ 1563 ULONG SListFaultCount; 1564 #endif // ] 1565 }; 1566 }; 1567 #ifndef _WIN64 // [ 1568 ULONG SListFaultCount; 1569 #endif // ] 1570 LIST_ENTRY ThreadListEntry; 1571 #if (NTDDI_VERSION >= NTDDI_LONGHORN) // [ 1572 LIST_ENTRY MutantListHead; 1573 #endif // ] 1574 PVOID SListFaultAddress; 1575 #ifdef _M_AMD64 // [ 1576 LONG64 ReadOperationCount; 1577 LONG64 WriteOperationCount; 1578 LONG64 OtherOperationCount; 1579 LONG64 ReadTransferCount; 1580 LONG64 WriteTransferCount; 1581 LONG64 OtherTransferCount; 1582 #endif // ] 1583 #if (NTDDI_VERSION >= NTDDI_WIN7) // [ 1584 PKTHREAD_COUNTERS ThreadCounters; 1585 PXSTATE_SAVE XStateSave; 1586 #elif (NTDDI_VERSION >= NTDDI_LONGHORN) // ][ 1587 PVOID MdlForLockedTeb; 1588 #endif // ] 1589 } KTHREAD; 1590 1591 #else // not (NTDDI_VERSION < NTDDI_WIN8) 1592 1593 #if defined(_WIN64) && (NTDDI_VERSION < 0x06032580) // since WIN 8.1 Update1 6.3.9600.16384 1594 #define NUMBER_OF_LOCK_ENTRIES 5 1595 #else 1596 #define NUMBER_OF_LOCK_ENTRIES 6 1597 #endif 1598 1599 typedef struct _KTHREAD 1600 { 1601 DISPATCHER_HEADER Header; 1602 PVOID SListFaultAddress; 1603 ULONG64 QuantumTarget; 1604 PVOID InitialStack; 1605 volatile VOID *StackLimit; 1606 PVOID StackBase; 1607 KSPIN_LOCK ThreadLock; 1608 volatile ULONG64 CycleTime; 1609 #ifndef _WIN64 1610 volatile ULONG HighCycleTime; 1611 PVOID ServiceTable; 1612 #endif 1613 ULONG CurrentRunTime; 1614 ULONG ExpectedRunTime; 1615 PVOID KernelStack; 1616 XSAVE_FORMAT* StateSaveArea; 1617 struct _KSCHEDULING_GROUP* SchedulingGroup; 1618 KWAIT_STATUS_REGISTER WaitRegister; 1619 BOOLEAN Running; 1620 BOOLEAN Alerted[MaximumMode]; 1621 1622 union 1623 { 1624 struct 1625 { 1626 #if (NTDDI_VERSION < NTDDI_WIN10) 1627 ULONG KernelStackResident : 1; 1628 #else 1629 ULONG AutoBoostActive : 1; 1630 #endif 1631 ULONG ReadyTransition : 1; 1632 #if (NTDDI_VERSION < NTDDI_WIN10TH2) 1633 ULONG ProcessReadyQueue : 1; 1634 #endif 1635 ULONG ProcessReadyQueue : 1; 1636 ULONG WaitNext : 1; 1637 ULONG SystemAffinityActive : 1; 1638 ULONG Alertable : 1; 1639 #if (NTDDI_VERSION < NTDDI_WIN81) 1640 ULONG CodePatchInProgress : 1; 1641 #endif 1642 ULONG UserStackWalkActive : 1; 1643 ULONG ApcInterruptRequest : 1; 1644 ULONG QuantumEndMigrate : 1; 1645 ULONG UmsDirectedSwitchEnable : 1; 1646 ULONG TimerActive : 1; 1647 ULONG SystemThread : 1; 1648 ULONG ProcessDetachActive : 1; 1649 ULONG CalloutActive : 1; 1650 ULONG ScbReadyQueue : 1; 1651 ULONG ApcQueueable : 1; 1652 ULONG ReservedStackInUse : 1; 1653 ULONG UmsPerformingSyscall : 1; 1654 ULONG DisableStackCheck : 1; 1655 ULONG Reserved : 12; 1656 }; 1657 LONG MiscFlags; 1658 }; 1659 1660 union 1661 { 1662 struct 1663 { 1664 ULONG AutoAlignment : 1; 1665 ULONG DisableBoost : 1; 1666 ULONG UserAffinitySet : 1; 1667 ULONG AlertedByThreadId : 1; 1668 ULONG QuantumDonation : 1; 1669 ULONG EnableStackSwap : 1; 1670 ULONG GuiThread : 1; 1671 ULONG DisableQuantum : 1; 1672 ULONG ChargeOnlyGroup : 1; 1673 ULONG DeferPreemption : 1; 1674 ULONG QueueDeferPreemption : 1; 1675 ULONG ForceDeferSchedule : 1; 1676 ULONG ExplicitIdealProcessor : 1; 1677 ULONG FreezeCount : 1; 1678 #if (NTDDI_VERSION >= 0x060324D7) // since 6.3.9431.0 1679 ULONG TerminationApcRequest : 1; 1680 #endif 1681 #if (NTDDI_VERSION >= 0x06032580) // since 6.3.9600.16384 1682 ULONG AutoBoostEntriesExhausted : 1; 1683 #endif 1684 #if (NTDDI_VERSION >= 0x06032580) // since 6.3.9600.17031 1685 ULONG KernelStackResident : 1; 1686 #endif 1687 #if (NTDDI_VERSION >= NTDDI_WIN10) 1688 ULONG CommitFailTerminateRequest : 1; 1689 ULONG ProcessStackCountDecremented : 1; 1690 ULONG ThreadFlagsSpare : 5; 1691 #endif 1692 ULONG EtwStackTraceApcInserted : 8; 1693 #if (NTDDI_VERSION < NTDDI_WIN10) 1694 ULONG ReservedFlags : 10; 1695 #endif 1696 }; 1697 LONG ThreadFlags; 1698 }; 1699 1700 #if (NTDDI_VERSION >= NTDDI_WIN10) 1701 volatile UCHAR Tag; 1702 UCHAR SystemHeteroCpuPolicy; 1703 UCHAR UserHeteroCpuPolicy : 7; 1704 UCHAR ExplicitSystemHeteroCpuPolicy : 1; 1705 UCHAR Spare0; 1706 #else 1707 ULONG Spare0; 1708 #endif 1709 ULONG SystemCallNumber; 1710 #ifdef _WIN64 1711 ULONG Spare1; // Win 10: Spare10 1712 #endif 1713 PVOID FirstArgument; 1714 PKTRAP_FRAME TrapFrame; 1715 1716 union 1717 { 1718 KAPC_STATE ApcState; 1719 struct 1720 { 1721 UCHAR ApcStateFill[RTL_SIZEOF_THROUGH_FIELD(KAPC_STATE, UserApcPending)]; // 32bit: 23/0x17, 64bit: 43/0x2B 1722 SCHAR Priority; 1723 ULONG UserIdealProcessor; 1724 }; 1725 }; 1726 1727 #ifndef _WIN64 1728 ULONG ContextSwitches; 1729 volatile UCHAR State; 1730 #if (NTDDI_VERSION >= NTDDI_WIN10) // since 10.0.10074.0 1731 CHAR Spare12; 1732 #else 1733 CHAR NpxState; 1734 #endif 1735 KIRQL WaitIrql; 1736 KPROCESSOR_MODE WaitMode; 1737 #endif 1738 1739 volatile INT_PTR WaitStatus; 1740 PKWAIT_BLOCK WaitBlockList; 1741 union 1742 { 1743 LIST_ENTRY WaitListEntry; 1744 SINGLE_LIST_ENTRY SwapListEntry; 1745 }; 1746 PKQUEUE Queue; 1747 PVOID Teb; 1748 #if (NTDDI_VERSION >= NTDDI_WIN8 /* 0x060223F0 */) // since 6.2.9200.16384 1749 ULONG64 RelativeTimerBias; 1750 #endif 1751 KTIMER Timer; 1752 1753 union 1754 { 1755 DECLSPEC_ALIGN(8) KWAIT_BLOCK WaitBlock[THREAD_WAIT_OBJECTS + 1]; 1756 #ifdef _WIN64 1757 struct 1758 { 1759 UCHAR WaitBlockFill4[FIELD_OFFSET(KWAIT_BLOCK, SpareLong)]; // 32bit: -, 64bit: 20/0x14 1760 ULONG ContextSwitches; 1761 }; 1762 struct 1763 { 1764 UCHAR WaitBlockFill5[1 * sizeof(KWAIT_BLOCK) + FIELD_OFFSET(KWAIT_BLOCK, SpareLong)]; // 32bit: -, 64bit: 68/0x44 1765 UCHAR State; 1766 #if (NTDDI_VERSION >= NTDDI_WIN10) 1767 CHAR Spare13; 1768 #else 1769 CHAR NpxState; 1770 #endif 1771 UCHAR WaitIrql; 1772 CHAR WaitMode; 1773 }; 1774 struct 1775 { 1776 UCHAR WaitBlockFill6[2 * sizeof(KWAIT_BLOCK) + FIELD_OFFSET(KWAIT_BLOCK, SpareLong)]; // 32bit: -, 64bit: 116/0x74 1777 ULONG WaitTime; 1778 }; 1779 struct 1780 { 1781 UCHAR WaitBlockFill7[3 * sizeof(KWAIT_BLOCK) + FIELD_OFFSET(KWAIT_BLOCK, SpareLong)]; // 32bit: -, 64bit: 164/0xA4 1782 union 1783 { 1784 struct 1785 { 1786 SHORT KernelApcDisable; 1787 SHORT SpecialApcDisable; 1788 }; 1789 ULONG CombinedApcDisable; 1790 }; 1791 }; 1792 #endif 1793 struct 1794 { 1795 UCHAR WaitBlockFill8[FIELD_OFFSET(KWAIT_BLOCK, SparePtr)]; // 32bit: 20/0x14, 64bit: 40/0x28 1796 struct _KTHREAD_COUNTERS *ThreadCounters; 1797 }; 1798 struct 1799 { 1800 UCHAR WaitBlockFill9[1 * sizeof(KWAIT_BLOCK) + FIELD_OFFSET(KWAIT_BLOCK, SparePtr)]; // 32bit: 44/0x2C, 64bit: 88/0x58 1801 PXSTATE_SAVE XStateSave; 1802 }; 1803 struct 1804 { 1805 UCHAR WaitBlockFill10[2 * sizeof(KWAIT_BLOCK) + FIELD_OFFSET(KWAIT_BLOCK, SparePtr)]; // 32bit: 68/0x44, 64bit: 136/0x88 1806 PVOID Win32Thread; 1807 }; 1808 struct 1809 { 1810 UCHAR WaitBlockFill11[3 * sizeof(KWAIT_BLOCK) + FIELD_OFFSET(KWAIT_BLOCK, Object)]; // 32bit: 88/0x58, 64bit: 176/0xB0 1811 #ifdef _WIN64 1812 struct _UMS_CONTROL_BLOCK* Ucb; 1813 struct _KUMS_CONTEXT_HEADER* Uch; 1814 #else 1815 ULONG WaitTime; 1816 union 1817 { 1818 struct 1819 { 1820 SHORT KernelApcDisable; 1821 SHORT SpecialApcDisable; 1822 }; 1823 ULONG CombinedApcDisable; 1824 }; 1825 #endif 1826 }; 1827 }; 1828 1829 #ifdef _WIN64 1830 PVOID TebMappedLowVa; 1831 #endif 1832 LIST_ENTRY QueueListEntry; 1833 #if (NTDDI_VERSION >= 0x060223F0) // since 6.2.9200.16384 1834 union 1835 { 1836 ULONG NextProcessor; 1837 struct 1838 { 1839 ULONG NextProcessorNumber : 31; 1840 ULONG SharedReadyQueue : 1; 1841 }; 1842 }; 1843 LONG QueuePriority; 1844 #else 1845 ULONG NextProcessor; 1846 ULONG DeferredProcessor; 1847 #endif 1848 PKPROCESS Process; 1849 1850 union 1851 { 1852 GROUP_AFFINITY UserAffinity; 1853 struct 1854 { 1855 UCHAR UserAffinityFill[FIELD_OFFSET(GROUP_AFFINITY, Reserved)]; // 32bit: 6/0x6, 64bit: 10/0x0A 1856 CHAR PreviousMode; 1857 CHAR BasePriority; 1858 union 1859 { 1860 CHAR PriorityDecrement; 1861 struct 1862 { 1863 UCHAR ForegroundBoost : 4; 1864 UCHAR UnusualBoost : 4; 1865 }; 1866 }; 1867 UCHAR Preempted; 1868 UCHAR AdjustReason; 1869 CHAR AdjustIncrement; 1870 }; 1871 }; 1872 1873 #if (NTDDI_VERSION >= NTDDI_WIN10) // since 10.0.10240.16384 1874 ULONG_PTR AffinityVersion; 1875 #endif 1876 union 1877 { 1878 GROUP_AFFINITY Affinity; 1879 struct 1880 { 1881 UCHAR AffinityFill[FIELD_OFFSET(GROUP_AFFINITY, Reserved)]; // 32bit: 6/0x6, 64bit: 10/0x0A 1882 UCHAR ApcStateIndex; 1883 UCHAR WaitBlockCount; 1884 ULONG IdealProcessor; 1885 }; 1886 }; 1887 1888 #if (NTDDI_VERSION >= NTDDI_WIN10) // since 10.0.10240.16384 1889 #ifdef _WIN64 1890 ULONG64 NpxState; 1891 #else 1892 ULONG Spare15; 1893 #endif 1894 #else 1895 PKAPC_STATE ApcStatePointer[2]; 1896 #endif 1897 1898 union 1899 { 1900 KAPC_STATE SavedApcState; 1901 struct 1902 { 1903 UCHAR SavedApcStateFill[FIELD_OFFSET(KAPC_STATE, UserApcPending) + 1]; // 32bit: 23/0x17, 64bit: 43/0x2B 1904 UCHAR WaitReason; 1905 CHAR SuspendCount; 1906 CHAR Saturation; 1907 SHORT SListFaultCount; 1908 }; 1909 }; 1910 1911 union 1912 { 1913 KAPC SchedulerApc; 1914 struct 1915 { 1916 UCHAR SchedulerApcFill0[FIELD_OFFSET(KAPC, SpareByte0)]; // 32bit: 1/0x01, 64bit: 1/0x01 1917 UCHAR ResourceIndex; 1918 }; 1919 struct 1920 { 1921 UCHAR SchedulerApcFill1[FIELD_OFFSET(KAPC, SpareByte1)]; // 32bit: 3/0x03, 64bit: 3/0x03 1922 UCHAR QuantumReset; 1923 }; 1924 struct 1925 { 1926 UCHAR SchedulerApcFill2[FIELD_OFFSET(KAPC, SpareLong0)]; // 32bit: 4/0x04, 64bit: 4/0x04 1927 ULONG KernelTime; 1928 }; 1929 struct 1930 { 1931 UCHAR SuspendApcFill3[FIELD_OFFSET(KAPC, SystemArgument1)]; // 32 bit:, 64 bit: 64/0x40 1932 PKPRCB WaitPrcb; 1933 }; 1934 struct 1935 { 1936 UCHAR SchedulerApcFill4[FIELD_OFFSET(KAPC, SystemArgument2)]; // 32 bit:, 64 bit: 72/0x48 1937 PVOID LegoData; 1938 }; 1939 struct 1940 { 1941 UCHAR SchedulerApcFill5[FIELD_OFFSET(KAPC, Inserted) + 1]; // 32 bit:, 64 bit: 83/0x53 1942 UCHAR CallbackNestingLevel; 1943 ULONG UserTime; 1944 }; 1945 }; 1946 1947 KEVENT SuspendEvent; 1948 LIST_ENTRY ThreadListEntry; 1949 LIST_ENTRY MutantListHead; 1950 1951 #if (NTDDI_VERSION >= NTDDI_WIN10) 1952 UCHAR AbEntrySummary; 1953 UCHAR AbWaitEntryCount; 1954 USHORT Spare20; 1955 #if _WIN64 1956 ULONG SecureThreadCookie; 1957 #endif 1958 #elif (NTDDI_VERSION >= NTDDI_WINBLUE) // 6.3.9431.0 1959 SINGLE_LIST_ENTRY LockEntriesFreeList; 1960 #endif 1961 1962 #if (NTDDI_VERSION >= NTDDI_WINBLUE /* 0x06032580 */) // since 6.3.9600.16384 1963 KLOCK_ENTRY LockEntries[NUMBER_OF_LOCK_ENTRIES]; 1964 SINGLE_LIST_ENTRY PropagateBoostsEntry; 1965 SINGLE_LIST_ENTRY IoSelfBoostsEntry; 1966 UCHAR PriorityFloorCounts[16]; 1967 ULONG PriorityFloorSummary; 1968 volatile LONG AbCompletedIoBoostCount; 1969 #if (NTDDI_VERSION >= NTDDI_WIN10_RS1) 1970 LONG AbCompletedIoQoSBoostCount; 1971 #endif 1972 1973 #if (NTDDI_VERSION >= NTDDI_WIN10) // since 10.0.10240.16384 1974 volatile SHORT KeReferenceCount; 1975 #else 1976 volatile SHORT AbReferenceCount; 1977 #endif 1978 #if (NTDDI_VERSION >= 0x06040000) // since 6.4.9841.0 1979 UCHAR AbOrphanedEntrySummary; 1980 UCHAR AbOwnedEntryCount; 1981 #else 1982 UCHAR AbFreeEntryCount; 1983 UCHAR AbWaitEntryCount; 1984 #endif 1985 ULONG ForegroundLossTime; 1986 union 1987 { 1988 LIST_ENTRY GlobalForegroundListEntry; 1989 struct 1990 { 1991 SINGLE_LIST_ENTRY ForegroundDpcStackListEntry; 1992 ULONG_PTR InGlobalForegroundList; 1993 }; 1994 }; 1995 #endif 1996 1997 #if _WIN64 1998 LONG64 ReadOperationCount; 1999 LONG64 WriteOperationCount; 2000 LONG64 OtherOperationCount; 2001 LONG64 ReadTransferCount; 2002 LONG64 WriteTransferCount; 2003 LONG64 OtherTransferCount; 2004 #endif 2005 #if (NTDDI_VERSION >= NTDDI_WIN10) // since 10.0.10041.0 2006 struct _KSCB *QueuedScb; 2007 #ifndef _WIN64 2008 ULONG64 NpxState; 2009 #endif 2010 #endif 2011 } KTHREAD; 2012 2013 #endif 2014 2015 2016 #define ASSERT_THREAD(object) \ 2017 ASSERT((((object)->Header.Type & KOBJECT_TYPE_MASK) == ThreadObject)) 2018 2019 // 2020 // Kernel Process (KPROCESS) 2021 // 2022 typedef struct _KPROCESS 2023 { 2024 DISPATCHER_HEADER Header; 2025 LIST_ENTRY ProfileListHead; 2026 #if (NTDDI_VERSION >= NTDDI_LONGHORN) 2027 ULONG_PTR DirectoryTableBase; 2028 ULONG_PTR Unused0; 2029 #else 2030 ULONG_PTR DirectoryTableBase[2]; 2031 #endif 2032 #if defined(_M_IX86) 2033 KGDTENTRY LdtDescriptor; 2034 KIDTENTRY Int21Descriptor; 2035 #endif 2036 USHORT IopmOffset; 2037 #if defined(_M_IX86) 2038 UCHAR Iopl; 2039 UCHAR Unused; 2040 #endif 2041 volatile KAFFINITY ActiveProcessors; 2042 ULONG KernelTime; 2043 ULONG UserTime; 2044 LIST_ENTRY ReadyListHead; 2045 SINGLE_LIST_ENTRY SwapListEntry; 2046 PVOID VdmTrapcHandler; 2047 LIST_ENTRY ThreadListHead; 2048 KSPIN_LOCK ProcessLock; 2049 KAFFINITY Affinity; 2050 union 2051 { 2052 struct 2053 { 2054 LONG AutoAlignment:1; 2055 LONG DisableBoost:1; 2056 LONG DisableQuantum:1; 2057 LONG ReservedFlags:29; 2058 }; 2059 LONG ProcessFlags; 2060 }; 2061 SCHAR BasePriority; 2062 SCHAR QuantumReset; 2063 UCHAR State; 2064 UCHAR ThreadSeed; 2065 UCHAR PowerState; 2066 UCHAR IdealNode; 2067 UCHAR Visited; 2068 union 2069 { 2070 KEXECUTE_OPTIONS Flags; 2071 UCHAR ExecuteOptions; 2072 }; 2073 ULONG StackCount; 2074 LIST_ENTRY ProcessListEntry; 2075 #if (NTDDI_VERSION >= NTDDI_LONGHORN) // [ 2076 ULONGLONG CycleTime; 2077 #endif // ] 2078 } KPROCESS; 2079 2080 #define ASSERT_PROCESS(object) \ 2081 ASSERT((((object)->Header.Type & KOBJECT_TYPE_MASK) == ProcessObject)) 2082 2083 // 2084 // System Service Table Descriptor 2085 // 2086 typedef struct _KSERVICE_TABLE_DESCRIPTOR 2087 { 2088 PULONG_PTR Base; 2089 PULONG Count; 2090 ULONG Limit; 2091 #if defined(_IA64_) 2092 LONG TableBaseGpOffset; 2093 #endif 2094 PUCHAR Number; 2095 } KSERVICE_TABLE_DESCRIPTOR, *PKSERVICE_TABLE_DESCRIPTOR; 2096 2097 #if (NTDDI_VERSION >= NTDDI_WIN8) 2098 // 2099 // Entropy Timing State 2100 // 2101 typedef struct _KENTROPY_TIMING_STATE 2102 { 2103 ULONG EntropyCount; 2104 ULONG Buffer[64]; 2105 KDPC Dpc; 2106 ULONG LastDeliveredBuffer; 2107 PULONG RawDataBuffer; 2108 } KENTROPY_TIMING_STATE, *PKENTROPY_TIMING_STATE; 2109 2110 // 2111 // Constants from ks386.inc, ksamd64.inc and ksarm.h 2112 // 2113 #define KENTROPY_TIMING_INTERRUPTS_PER_BUFFER 0x400 2114 #define KENTROPY_TIMING_BUFFER_MASK 0x7ff 2115 #define KENTROPY_TIMING_ANALYSIS 0x0 2116 2117 #endif /* (NTDDI_VERSION >= NTDDI_WIN8) */ 2118 2119 // 2120 // Exported Loader Parameter Block 2121 // 2122 extern struct _LOADER_PARAMETER_BLOCK NTSYSAPI *KeLoaderBlock; 2123 2124 // 2125 // Exported Hardware Data 2126 // 2127 extern ULONG NTSYSAPI KiDmaIoCoherency; 2128 extern ULONG NTSYSAPI KeMaximumIncrement; 2129 extern ULONG NTSYSAPI KeMinimumIncrement; 2130 extern ULONG NTSYSAPI KeDcacheFlushCount; 2131 extern ULONG NTSYSAPI KeIcacheFlushCount; 2132 extern ULONG_PTR NTSYSAPI KiBugCheckData[]; 2133 extern BOOLEAN NTSYSAPI KiEnableTimerWatchdog; 2134 2135 // 2136 // Exported System Service Descriptor Tables 2137 // 2138 extern KSERVICE_TABLE_DESCRIPTOR NTSYSAPI KeServiceDescriptorTable[SSDT_MAX_ENTRIES]; 2139 extern KSERVICE_TABLE_DESCRIPTOR NTSYSAPI KeServiceDescriptorTableShadow[SSDT_MAX_ENTRIES]; 2140 2141 #endif // !NTOS_MODE_USER 2142 2143 #endif // _KETYPES_H 2144