1 /*++ NDK Version: 0098 2 3 Copyright (c) Alex Ionescu. All rights reserved. 4 5 Header Name: 6 7 ketypes.h 8 9 Abstract: 10 11 Type definitions for the Kernel services. 12 13 Author: 14 15 Alex Ionescu (alexi@tinykrnl.org) - Updated - 27-Feb-2006 16 17 --*/ 18 19 #ifndef _KETYPES_H 20 #define _KETYPES_H 21 22 // 23 // Dependencies 24 // 25 #include <umtypes.h> 26 #ifndef NTOS_MODE_USER 27 #include <haltypes.h> 28 #include <potypes.h> 29 #include <ifssupp.h> 30 #endif 31 32 // 33 // A system call ID is formatted as such: 34 // .________________________________________________________________. 35 // | 14 | 13 | 12 | 11 | 10 | 9 | 8 | 7 | 6 | 5 | 4 | 3 | 2 | 1 | 0 | 36 // |--------------|-------------------------------------------------| 37 // | TABLE NUMBER | TABLE OFFSET | 38 // \----------------------------------------------------------------/ 39 // 40 // The table number is then used as an index into the service descriptor table. 41 #define TABLE_NUMBER_BITS 1 42 #define TABLE_OFFSET_BITS 12 43 44 // 45 // There are 2 tables (kernel and shadow, used by Win32K) 46 // 47 #define NUMBER_SERVICE_TABLES 2 48 #define NTOS_SERVICE_INDEX 0 49 #define WIN32K_SERVICE_INDEX 1 50 51 // 52 // NB. From assembly code, the table number must be computed as an offset into 53 // the service descriptor table. 54 // 55 // Each entry into the table is 16 bytes long on 32-bit architectures, and 56 // 32 bytes long on 64-bit architectures. 57 // 58 // Thus, Table Number 1 is offset 16 (0x10) on x86, and offset 32 (0x20) on 59 // x64. 60 // 61 #ifdef _WIN64 62 #define BITS_PER_ENTRY 5 // (1 << 5) = 32 bytes 63 #else 64 #define BITS_PER_ENTRY 4 // (1 << 4) = 16 bytes 65 #endif 66 67 // 68 // We want the table number, but leave some extra bits to we can have the offset 69 // into the descriptor table. 70 // 71 #define SERVICE_TABLE_SHIFT (12 - BITS_PER_ENTRY) 72 73 // 74 // Now the table number (as an offset) is corrupted with part of the table offset 75 // This mask will remove the extra unwanted bits, and give us the offset into the 76 // descriptor table proper. 77 // 78 #define SERVICE_TABLE_MASK (((1 << TABLE_NUMBER_BITS) - 1) << BITS_PER_ENTRY) 79 80 // 81 // To get the table offset (ie: the service call number), just keep the 12 bits 82 // 83 #define SERVICE_NUMBER_MASK ((1 << TABLE_OFFSET_BITS) - 1) 84 85 // 86 // We'll often need to check if this is a graphics call. This is done by comparing 87 // the table number offset with the known Win32K table number offset. 88 // This is usually index 1, so table number offset 0x10 (x86) or 0x20 (x64) 89 // 90 #define SERVICE_TABLE_TEST (WIN32K_SERVICE_INDEX << BITS_PER_ENTRY) 91 92 // 93 // Context Record Flags 94 // 95 #define CONTEXT_DEBUGGER (CONTEXT_FULL | CONTEXT_FLOATING_POINT) 96 97 // 98 // Maximum System Descriptor Table Entries 99 // 100 #define SSDT_MAX_ENTRIES 2 101 102 // 103 // Processor Architectures 104 // 105 #define PROCESSOR_ARCHITECTURE_INTEL 0 106 #define PROCESSOR_ARCHITECTURE_MIPS 1 107 #define PROCESSOR_ARCHITECTURE_ALPHA 2 108 #define PROCESSOR_ARCHITECTURE_PPC 3 109 #define PROCESSOR_ARCHITECTURE_SHX 4 110 #define PROCESSOR_ARCHITECTURE_ARM 5 111 #define PROCESSOR_ARCHITECTURE_IA64 6 112 #define PROCESSOR_ARCHITECTURE_ALPHA64 7 113 #define PROCESSOR_ARCHITECTURE_MSIL 8 114 #define PROCESSOR_ARCHITECTURE_AMD64 9 115 #define PROCESSOR_ARCHITECTURE_UNKNOWN 0xFFFF 116 117 // 118 // Object Type Mask for Kernel Dispatcher Objects 119 // 120 #define KOBJECT_TYPE_MASK 0x7F 121 #define KOBJECT_LOCK_BIT 0x80 122 123 // 124 // Dispatcher Priority increments 125 // 126 #define THREAD_ALERT_INCREMENT 2 127 128 // 129 // Physical memory offset of KUSER_SHARED_DATA 130 // 131 #define KI_USER_SHARED_DATA_PHYSICAL 0x41000 132 133 // 134 // Quantum values and decrements 135 // 136 #define MAX_QUANTUM 0x7F 137 #define WAIT_QUANTUM_DECREMENT 1 138 #define CLOCK_QUANTUM_DECREMENT 3 139 140 // 141 // Kernel Feature Bits 142 // 143 #define KF_V86_VIS 0x00000001 144 #define KF_RDTSC 0x00000002 145 #define KF_CR4 0x00000004 146 #define KF_CMOV 0x00000008 147 #define KF_GLOBAL_PAGE 0x00000010 148 #define KF_LARGE_PAGE 0x00000020 149 #define KF_MTRR 0x00000040 150 #define KF_CMPXCHG8B 0x00000080 151 #define KF_MMX 0x00000100 152 #define KF_WORKING_PTE 0x00000200 153 #define KF_PAT 0x00000400 154 #define KF_FXSR 0x00000800 155 #define KF_FAST_SYSCALL 0x00001000 156 #define KF_XMMI 0x00002000 157 #define KF_3DNOW 0x00004000 158 #define KF_AMDK6MTRR 0x00008000 159 #define KF_XMMI64 0x00010000 160 #define KF_DTS 0x00020000 161 #define KF_BRANCH 0x00020000 // from ksamd64.inc 162 #define KF_SSE3 0x00080000 163 #define KF_CMPXCHG16B 0x00100000 164 #define KF_XSTATE 0x00800000 // from ks386.inc, ksamd64.inc 165 #define KF_NX_BIT 0x20000000 166 #define KF_NX_DISABLED 0x40000000 167 #define KF_NX_ENABLED 0x80000000 168 169 #define KF_XSAVEOPT_BIT 15 170 #define KF_XSTATE_BIT 23 171 #define KF_RDWRFSGSBASE_BIT 28 172 173 // 174 // Internal Exception Codes 175 // 176 #define KI_EXCEPTION_INTERNAL 0x10000000 177 #define KI_EXCEPTION_ACCESS_VIOLATION (KI_EXCEPTION_INTERNAL | 0x04) 178 179 typedef struct _FIBER /* Field offsets: */ 180 { /* i386 arm x64 */ 181 PVOID FiberData; /* 0x000 0x000 0x000 */ 182 struct _EXCEPTION_REGISTRATION_RECORD *ExceptionList;/* 0x004 0x004 0x008 */ 183 PVOID StackBase; /* 0x008 0x008 0x010 */ 184 PVOID StackLimit; /* 0x00C 0x00C 0x018 */ 185 PVOID DeallocationStack; /* 0x010 0x010 0x020 */ 186 CONTEXT FiberContext; /* 0x014 0x018 0x030 */ 187 #if (NTDDI_VERSION >= NTDDI_LONGHORN) 188 PVOID Wx86Tib; /* 0x2E0 0x1b8 0x500 */ 189 struct _ACTIVATION_CONTEXT_STACK *ActivationContextStackPointer; /* 0x2E4 0x1bc 0x508 */ 190 PVOID FlsData; /* 0x2E8 0x1c0 0x510 */ 191 ULONG GuaranteedStackBytes; /* 0x2EC 0x1c4 0x518 */ 192 ULONG TebFlags; /* 0x2F0 0x1c8 0x51C */ 193 #else 194 ULONG GuaranteedStackBytes; /* 0x2E0 */ 195 PVOID FlsData; /* 0x2E4 */ 196 struct _ACTIVATION_CONTEXT_STACK *ActivationContextStackPointer; 197 #endif 198 } FIBER, *PFIBER; 199 200 #ifndef NTOS_MODE_USER 201 // 202 // Number of dispatch codes supported by KINTERRUPT 203 // 204 #ifdef _M_AMD64 205 #define DISPATCH_LENGTH 4 206 #elif (NTDDI_VERSION >= NTDDI_LONGHORN) 207 #define DISPATCH_LENGTH 135 208 #else 209 #define DISPATCH_LENGTH 106 210 #endif 211 212 #else 213 214 // 215 // KPROCESSOR_MODE Type 216 // 217 typedef CCHAR KPROCESSOR_MODE; 218 219 // 220 // Dereferencable pointer to KUSER_SHARED_DATA in User-Mode 221 // 222 #define SharedUserData ((KUSER_SHARED_DATA *)USER_SHARED_DATA) 223 224 // 225 // Maximum WOW64 Entries in KUSER_SHARED_DATA 226 // 227 #define MAX_WOW64_SHARED_ENTRIES 16 228 229 // 230 // Maximum Processor Features supported in KUSER_SHARED_DATA 231 // 232 #define PROCESSOR_FEATURE_MAX 64 233 234 // 235 // Event Types 236 // 237 typedef enum _EVENT_TYPE 238 { 239 NotificationEvent, 240 SynchronizationEvent 241 } EVENT_TYPE; 242 243 // 244 // Timer Types 245 // 246 typedef enum _TIMER_TYPE 247 { 248 NotificationTimer, 249 SynchronizationTimer 250 } TIMER_TYPE; 251 252 // 253 // Wait Types 254 // 255 typedef enum _WAIT_TYPE 256 { 257 WaitAll, 258 WaitAny 259 } WAIT_TYPE; 260 261 // 262 // Processor Execution Modes 263 // 264 typedef enum _MODE 265 { 266 KernelMode, 267 UserMode, 268 MaximumMode 269 } MODE; 270 271 // 272 // Wait Reasons 273 // 274 typedef enum _KWAIT_REASON 275 { 276 Executive, 277 FreePage, 278 PageIn, 279 PoolAllocation, 280 DelayExecution, 281 Suspended, 282 UserRequest, 283 WrExecutive, 284 WrFreePage, 285 WrPageIn, 286 WrPoolAllocation, 287 WrDelayExecution, 288 WrSuspended, 289 WrUserRequest, 290 WrEventPair, 291 WrQueue, 292 WrLpcReceive, 293 WrLpcReply, 294 WrVirtualMemory, 295 WrPageOut, 296 WrRendezvous, 297 Spare2, 298 WrGuardedMutex, 299 Spare4, 300 Spare5, 301 Spare6, 302 WrKernel, 303 WrResource, 304 WrPushLock, 305 WrMutex, 306 WrQuantumEnd, 307 WrDispatchInt, 308 WrPreempted, 309 WrYieldExecution, 310 MaximumWaitReason 311 } KWAIT_REASON; 312 313 // 314 // Profiling Sources 315 // 316 typedef enum _KPROFILE_SOURCE 317 { 318 ProfileTime, 319 ProfileAlignmentFixup, 320 ProfileTotalIssues, 321 ProfilePipelineDry, 322 ProfileLoadInstructions, 323 ProfilePipelineFrozen, 324 ProfileBranchInstructions, 325 ProfileTotalNonissues, 326 ProfileDcacheMisses, 327 ProfileIcacheMisses, 328 ProfileCacheMisses, 329 ProfileBranchMispredictions, 330 ProfileStoreInstructions, 331 ProfileFpInstructions, 332 ProfileIntegerInstructions, 333 Profile2Issue, 334 Profile3Issue, 335 Profile4Issue, 336 ProfileSpecialInstructions, 337 ProfileTotalCycles, 338 ProfileIcacheIssues, 339 ProfileDcacheAccesses, 340 ProfileMemoryBarrierCycles, 341 ProfileLoadLinkedIssues, 342 ProfileMaximum 343 } KPROFILE_SOURCE; 344 345 // 346 // NT Product and Architecture Types 347 // 348 typedef enum _NT_PRODUCT_TYPE 349 { 350 NtProductWinNt = 1, 351 NtProductLanManNt, 352 NtProductServer 353 } NT_PRODUCT_TYPE, *PNT_PRODUCT_TYPE; 354 355 typedef enum _ALTERNATIVE_ARCHITECTURE_TYPE 356 { 357 StandardDesign, 358 NEC98x86, 359 EndAlternatives 360 } ALTERNATIVE_ARCHITECTURE_TYPE; 361 362 #endif 363 364 // 365 // Thread States 366 // 367 typedef enum _KTHREAD_STATE 368 { 369 Initialized, 370 Ready, 371 Running, 372 Standby, 373 Terminated, 374 Waiting, 375 Transition, 376 DeferredReady, 377 #if (NTDDI_VERSION >= NTDDI_WS03) 378 GateWait 379 #endif 380 } KTHREAD_STATE, *PKTHREAD_STATE; 381 382 // 383 // Kernel Object Types 384 // 385 typedef enum _KOBJECTS 386 { 387 EventNotificationObject = 0, 388 EventSynchronizationObject = 1, 389 MutantObject = 2, 390 ProcessObject = 3, 391 QueueObject = 4, 392 SemaphoreObject = 5, 393 ThreadObject = 6, 394 GateObject = 7, 395 TimerNotificationObject = 8, 396 TimerSynchronizationObject = 9, 397 Spare2Object = 10, 398 Spare3Object = 11, 399 Spare4Object = 12, 400 Spare5Object = 13, 401 Spare6Object = 14, 402 Spare7Object = 15, 403 Spare8Object = 16, 404 Spare9Object = 17, 405 ApcObject = 18, 406 DpcObject = 19, 407 DeviceQueueObject = 20, 408 EventPairObject = 21, 409 InterruptObject = 22, 410 ProfileObject = 23, 411 ThreadedDpcObject = 24, 412 MaximumKernelObject = 25 413 } KOBJECTS; 414 415 // 416 // Adjust reasons 417 // 418 typedef enum _ADJUST_REASON 419 { 420 AdjustNone = 0, 421 AdjustUnwait = 1, 422 AdjustBoost = 2 423 } ADJUST_REASON; 424 425 // 426 // Continue Status 427 // 428 typedef enum _KCONTINUE_STATUS 429 { 430 ContinueError = 0, 431 ContinueSuccess, 432 ContinueProcessorReselected, 433 ContinueNextProcessor 434 } KCONTINUE_STATUS; 435 436 // 437 // Process States 438 // 439 typedef enum _KPROCESS_STATE 440 { 441 ProcessInMemory, 442 ProcessOutOfMemory, 443 ProcessInTransition, 444 ProcessInSwap, 445 ProcessOutSwap, 446 } KPROCESS_STATE, *PKPROCESS_STATE; 447 448 // 449 // NtVdmControl Classes 450 // 451 typedef enum _VDMSERVICECLASS 452 { 453 VdmStartExecution = 0, 454 VdmQueueInterrupt = 1, 455 VdmDelayInterrupt = 2, 456 VdmInitialize = 3, 457 VdmFeatures = 4, 458 VdmSetInt21Handler = 5, 459 VdmQueryDir = 6, 460 VdmPrinterDirectIoOpen = 7, 461 VdmPrinterDirectIoClose = 8, 462 VdmPrinterInitialize = 9, 463 VdmSetLdtEntries = 10, 464 VdmSetProcessLdtInfo = 11, 465 VdmAdlibEmulation = 12, 466 VdmPMCliControl = 13, 467 VdmQueryVdmProcess = 14, 468 } VDMSERVICECLASS; 469 470 #ifdef NTOS_MODE_USER 471 472 // 473 // APC Normal Routine 474 // 475 typedef VOID 476 (NTAPI *PKNORMAL_ROUTINE)( 477 _In_ PVOID NormalContext, 478 _In_ PVOID SystemArgument1, 479 _In_ PVOID SystemArgument2 480 ); 481 482 // 483 // Timer Routine 484 // 485 typedef VOID 486 (NTAPI *PTIMER_APC_ROUTINE)( 487 _In_ PVOID TimerContext, 488 _In_ ULONG TimerLowValue, 489 _In_ LONG TimerHighValue 490 ); 491 492 // 493 // System Time Structure 494 // 495 typedef struct _KSYSTEM_TIME 496 { 497 ULONG LowPart; 498 LONG High1Time; 499 LONG High2Time; 500 } KSYSTEM_TIME, *PKSYSTEM_TIME; 501 502 // 503 // Shared Kernel User Data 504 // 505 typedef struct _KUSER_SHARED_DATA 506 { 507 ULONG TickCountLowDeprecated; 508 ULONG TickCountMultiplier; 509 volatile KSYSTEM_TIME InterruptTime; 510 volatile KSYSTEM_TIME SystemTime; 511 volatile KSYSTEM_TIME TimeZoneBias; 512 USHORT ImageNumberLow; 513 USHORT ImageNumberHigh; 514 WCHAR NtSystemRoot[260]; 515 ULONG MaxStackTraceDepth; 516 ULONG CryptoExponent; 517 ULONG TimeZoneId; 518 ULONG LargePageMinimum; 519 ULONG Reserved2[7]; 520 NT_PRODUCT_TYPE NtProductType; 521 BOOLEAN ProductTypeIsValid; 522 ULONG NtMajorVersion; 523 ULONG NtMinorVersion; 524 BOOLEAN ProcessorFeatures[PROCESSOR_FEATURE_MAX]; 525 ULONG Reserved1; 526 ULONG Reserved3; 527 volatile ULONG TimeSlip; 528 ALTERNATIVE_ARCHITECTURE_TYPE AlternativeArchitecture; 529 LARGE_INTEGER SystemExpirationDate; 530 ULONG SuiteMask; 531 BOOLEAN KdDebuggerEnabled; 532 #if (NTDDI_VERSION >= NTDDI_WINXPSP2) 533 UCHAR NXSupportPolicy; 534 #endif 535 volatile ULONG ActiveConsoleId; 536 volatile ULONG DismountCount; 537 ULONG ComPlusPackage; 538 ULONG LastSystemRITEventTickCount; 539 ULONG NumberOfPhysicalPages; 540 BOOLEAN SafeBootMode; 541 ULONG TraceLogging; 542 ULONG Fill0; 543 ULONGLONG TestRetInstruction; 544 ULONG SystemCall; 545 ULONG SystemCallReturn; 546 ULONGLONG SystemCallPad[3]; 547 union { 548 volatile KSYSTEM_TIME TickCount; 549 volatile ULONG64 TickCountQuad; 550 }; 551 ULONG Cookie; 552 #if (NTDDI_VERSION >= NTDDI_WS03) 553 LONGLONG ConsoleSessionForegroundProcessId; 554 ULONG Wow64SharedInformation[MAX_WOW64_SHARED_ENTRIES]; 555 #endif 556 #if (NTDDI_VERSION >= NTDDI_LONGHORN) 557 USHORT UserModeGlobalLogger[8]; 558 ULONG HeapTracingPid[2]; 559 ULONG CritSecTracingPid[2]; 560 union 561 { 562 ULONG SharedDataFlags; 563 struct 564 { 565 ULONG DbgErrorPortPresent:1; 566 ULONG DbgElevationEnabled:1; 567 ULONG DbgVirtEnabled:1; 568 ULONG DbgInstallerDetectEnabled:1; 569 ULONG SpareBits:28; 570 }; 571 }; 572 ULONG ImageFileExecutionOptions; 573 KAFFINITY ActiveProcessorAffinity; 574 #endif 575 } KUSER_SHARED_DATA, *PKUSER_SHARED_DATA; 576 577 // 578 // VDM Structures 579 // 580 #include "pshpack1.h" 581 typedef struct _VdmVirtualIca 582 { 583 LONG ica_count[8]; 584 LONG ica_int_line; 585 LONG ica_cpu_int; 586 USHORT ica_base; 587 USHORT ica_hipiri; 588 USHORT ica_mode; 589 UCHAR ica_master; 590 UCHAR ica_irr; 591 UCHAR ica_isr; 592 UCHAR ica_imr; 593 UCHAR ica_ssr; 594 } VDMVIRTUALICA, *PVDMVIRTUALICA; 595 #include "poppack.h" 596 597 typedef struct _VdmIcaUserData 598 { 599 PVOID pIcaLock; 600 PVDMVIRTUALICA pIcaMaster; 601 PVDMVIRTUALICA pIcaSlave; 602 PULONG pDelayIrq; 603 PULONG pUndelayIrq; 604 PULONG pDelayIret; 605 PULONG pIretHooked; 606 PULONG pAddrIretBopTable; 607 PHANDLE phWowIdleEvent; 608 PLARGE_INTEGER pIcaTimeout; 609 PHANDLE phMainThreadSuspended; 610 } VDMICAUSERDATA, *PVDMICAUSERDATA; 611 612 typedef struct _VDM_INITIALIZE_DATA 613 { 614 PVOID TrapcHandler; 615 PVDMICAUSERDATA IcaUserData; 616 } VDM_INITIALIZE_DATA, *PVDM_INITIALIZE_DATA; 617 618 #else 619 620 // 621 // System Thread Start Routine 622 // 623 typedef 624 VOID 625 (NTAPI *PKSYSTEM_ROUTINE)( 626 PKSTART_ROUTINE StartRoutine, 627 PVOID StartContext 628 ); 629 630 #ifndef _NTSYSTEM_ 631 typedef VOID 632 (NTAPI *PKNORMAL_ROUTINE)( 633 IN PVOID NormalContext OPTIONAL, 634 IN PVOID SystemArgument1 OPTIONAL, 635 IN PVOID SystemArgument2 OPTIONAL); 636 637 typedef VOID 638 (NTAPI *PKRUNDOWN_ROUTINE)( 639 IN struct _KAPC *Apc); 640 641 typedef VOID 642 (NTAPI *PKKERNEL_ROUTINE)( 643 IN struct _KAPC *Apc, 644 IN OUT PKNORMAL_ROUTINE *NormalRoutine OPTIONAL, 645 IN OUT PVOID *NormalContext OPTIONAL, 646 IN OUT PVOID *SystemArgument1 OPTIONAL, 647 IN OUT PVOID *SystemArgument2 OPTIONAL); 648 #endif 649 650 // 651 // APC Environment Types 652 // 653 typedef enum _KAPC_ENVIRONMENT 654 { 655 OriginalApcEnvironment, 656 AttachedApcEnvironment, 657 CurrentApcEnvironment, 658 InsertApcEnvironment 659 } KAPC_ENVIRONMENT; 660 661 typedef struct _KTIMER_TABLE_ENTRY 662 { 663 #if (NTDDI_VERSION >= NTDDI_LONGHORN) || defined(_M_ARM) || defined(_M_AMD64) 664 KSPIN_LOCK Lock; 665 #endif 666 LIST_ENTRY Entry; 667 ULARGE_INTEGER Time; 668 } KTIMER_TABLE_ENTRY, *PKTIMER_TABLE_ENTRY; 669 670 typedef struct _KTIMER_TABLE 671 { 672 PKTIMER TimerExpiry[64]; 673 KTIMER_TABLE_ENTRY TimerEntries[256]; 674 } KTIMER_TABLE, *PKTIMER_TABLE; 675 676 typedef struct _KDPC_LIST 677 { 678 SINGLE_LIST_ENTRY ListHead; 679 SINGLE_LIST_ENTRY* LastEntry; 680 } KDPC_LIST, *PKDPC_LIST; 681 682 typedef struct _SYNCH_COUNTERS 683 { 684 ULONG SpinLockAcquireCount; 685 ULONG SpinLockContentionCount; 686 ULONG SpinLockSpinCount; 687 ULONG IpiSendRequestBroadcastCount; 688 ULONG IpiSendRequestRoutineCount; 689 ULONG IpiSendSoftwareInterruptCount; 690 ULONG ExInitializeResourceCount; 691 ULONG ExReInitializeResourceCount; 692 ULONG ExDeleteResourceCount; 693 ULONG ExecutiveResourceAcquiresCount; 694 ULONG ExecutiveResourceContentionsCount; 695 ULONG ExecutiveResourceReleaseExclusiveCount; 696 ULONG ExecutiveResourceReleaseSharedCount; 697 ULONG ExecutiveResourceConvertsCount; 698 ULONG ExAcqResExclusiveAttempts; 699 ULONG ExAcqResExclusiveAcquiresExclusive; 700 ULONG ExAcqResExclusiveAcquiresExclusiveRecursive; 701 ULONG ExAcqResExclusiveWaits; 702 ULONG ExAcqResExclusiveNotAcquires; 703 ULONG ExAcqResSharedAttempts; 704 ULONG ExAcqResSharedAcquiresExclusive; 705 ULONG ExAcqResSharedAcquiresShared; 706 ULONG ExAcqResSharedAcquiresSharedRecursive; 707 ULONG ExAcqResSharedWaits; 708 ULONG ExAcqResSharedNotAcquires; 709 ULONG ExAcqResSharedStarveExclusiveAttempts; 710 ULONG ExAcqResSharedStarveExclusiveAcquiresExclusive; 711 ULONG ExAcqResSharedStarveExclusiveAcquiresShared; 712 ULONG ExAcqResSharedStarveExclusiveAcquiresSharedRecursive; 713 ULONG ExAcqResSharedStarveExclusiveWaits; 714 ULONG ExAcqResSharedStarveExclusiveNotAcquires; 715 ULONG ExAcqResSharedWaitForExclusiveAttempts; 716 ULONG ExAcqResSharedWaitForExclusiveAcquiresExclusive; 717 ULONG ExAcqResSharedWaitForExclusiveAcquiresShared; 718 ULONG ExAcqResSharedWaitForExclusiveAcquiresSharedRecursive; 719 ULONG ExAcqResSharedWaitForExclusiveWaits; 720 ULONG ExAcqResSharedWaitForExclusiveNotAcquires; 721 ULONG ExSetResOwnerPointerExclusive; 722 ULONG ExSetResOwnerPointerSharedNew; 723 ULONG ExSetResOwnerPointerSharedOld; 724 ULONG ExTryToAcqExclusiveAttempts; 725 ULONG ExTryToAcqExclusiveAcquires; 726 ULONG ExBoostExclusiveOwner; 727 ULONG ExBoostSharedOwners; 728 ULONG ExEtwSynchTrackingNotificationsCount; 729 ULONG ExEtwSynchTrackingNotificationsAccountedCount; 730 } SYNCH_COUNTERS, *PSYNCH_COUNTERS; 731 732 // 733 // PRCB DPC Data 734 // 735 typedef struct _KDPC_DATA 736 { 737 #if (NTDDI_VERSION >= NTDDI_LONGHORN) 738 KDPC_LIST DpcList; 739 #else 740 LIST_ENTRY DpcListHead; 741 #endif 742 ULONG_PTR DpcLock; 743 #if defined(_M_AMD64) || defined(_M_ARM) 744 volatile LONG DpcQueueDepth; 745 #else 746 volatile ULONG DpcQueueDepth; 747 #endif 748 ULONG DpcCount; 749 #if (NTDDI_VERSION >= NTDDI_LONGHORN) || defined(_M_ARM) 750 PKDPC ActiveDpc; 751 #endif 752 } KDPC_DATA, *PKDPC_DATA; 753 754 // 755 // Per-Processor Lookaside List 756 // 757 typedef struct _PP_LOOKASIDE_LIST 758 { 759 struct _GENERAL_LOOKASIDE *P; 760 struct _GENERAL_LOOKASIDE *L; 761 } PP_LOOKASIDE_LIST, *PPP_LOOKASIDE_LIST; 762 763 // 764 // Architectural Types 765 // 766 #include <arch/ketypes.h> 767 768 // 769 // Kernel Memory Node 770 // 771 #include <pshpack1.h> 772 typedef struct _KNODE 773 { 774 SLIST_HEADER DeadStackList; 775 SLIST_HEADER PfnDereferenceSListHead; 776 KAFFINITY ProcessorMask; 777 UCHAR Color; 778 UCHAR Seed; 779 UCHAR NodeNumber; 780 struct _flags { 781 UCHAR Removable : 1; 782 UCHAR Fill : 7; 783 } Flags; 784 ULONG MmShiftedColor; 785 ULONG FreeCount[2]; 786 struct _SINGLE_LIST_ENTRY *PfnDeferredList; 787 } KNODE, *PKNODE; 788 #include <poppack.h> 789 790 // 791 // Structure for Get/SetContext APC 792 // 793 typedef struct _GETSETCONTEXT 794 { 795 KAPC Apc; 796 KEVENT Event; 797 KPROCESSOR_MODE Mode; 798 CONTEXT Context; 799 } GETSETCONTEXT, *PGETSETCONTEXT; 800 801 // 802 // Kernel Profile Object 803 // 804 typedef struct _KPROFILE 805 { 806 CSHORT Type; 807 CSHORT Size; 808 LIST_ENTRY ProfileListEntry; 809 struct _KPROCESS *Process; 810 PVOID RangeBase; 811 PVOID RangeLimit; 812 ULONG BucketShift; 813 PVOID Buffer; 814 ULONG_PTR Segment; 815 KAFFINITY Affinity; 816 KPROFILE_SOURCE Source; 817 BOOLEAN Started; 818 } KPROFILE, *PKPROFILE; 819 820 // 821 // Kernel Interrupt Object 822 // 823 typedef struct _KINTERRUPT 824 { 825 CSHORT Type; 826 CSHORT Size; 827 LIST_ENTRY InterruptListEntry; 828 PKSERVICE_ROUTINE ServiceRoutine; 829 #if (NTDDI_VERSION >= NTDDI_LONGHORN) 830 PKSERVICE_ROUTINE MessageServiceRoutine; 831 ULONG MessageIndex; 832 #endif 833 PVOID ServiceContext; 834 KSPIN_LOCK SpinLock; 835 ULONG TickCount; 836 PKSPIN_LOCK ActualLock; 837 PKINTERRUPT_ROUTINE DispatchAddress; 838 ULONG Vector; 839 KIRQL Irql; 840 KIRQL SynchronizeIrql; 841 BOOLEAN FloatingSave; 842 BOOLEAN Connected; 843 CCHAR Number; 844 BOOLEAN ShareVector; 845 KINTERRUPT_MODE Mode; 846 #if (NTDDI_VERSION >= NTDDI_LONGHORN) 847 KINTERRUPT_POLARITY Polarity; 848 #endif 849 ULONG ServiceCount; 850 ULONG DispatchCount; 851 #if (NTDDI_VERSION >= NTDDI_LONGHORN) 852 ULONGLONG Rsvd1; 853 #endif 854 #ifdef _M_AMD64 855 PKTRAP_FRAME TrapFrame; 856 PVOID Reserved; 857 #endif 858 ULONG DispatchCode[DISPATCH_LENGTH]; 859 } KINTERRUPT; 860 861 // 862 // Kernel Event Pair Object 863 // 864 typedef struct _KEVENT_PAIR 865 { 866 CSHORT Type; 867 CSHORT Size; 868 KEVENT LowEvent; 869 KEVENT HighEvent; 870 } KEVENT_PAIR, *PKEVENT_PAIR; 871 872 // 873 // Kernel No Execute Options 874 // 875 typedef struct _KEXECUTE_OPTIONS 876 { 877 UCHAR ExecuteDisable:1; 878 UCHAR ExecuteEnable:1; 879 UCHAR DisableThunkEmulation:1; 880 UCHAR Permanent:1; 881 UCHAR ExecuteDispatchEnable:1; 882 UCHAR ImageDispatchEnable:1; 883 UCHAR Spare:2; 884 } KEXECUTE_OPTIONS, *PKEXECUTE_OPTIONS; 885 886 #if (NTDDI_VERSION >= NTDDI_WIN7) 887 typedef union _KWAIT_STATUS_REGISTER 888 { 889 UCHAR Flags; 890 struct 891 { 892 UCHAR State:2; 893 UCHAR Affinity:1; 894 UCHAR Priority:1; 895 UCHAR Apc:1; 896 UCHAR UserApc:1; 897 UCHAR Alert:1; 898 UCHAR Unused:1; 899 }; 900 } KWAIT_STATUS_REGISTER, *PKWAIT_STATUS_REGISTER; 901 902 typedef struct _COUNTER_READING 903 { 904 enum _HARDWARE_COUNTER_TYPE Type; 905 ULONG Index; 906 ULONG64 Start; 907 ULONG64 Total; 908 }COUNTER_READING, *PCOUNTER_READING; 909 910 typedef struct _KTHREAD_COUNTERS 911 { 912 ULONG64 WaitReasonBitMap; 913 struct _THREAD_PERFORMANCE_DATA* UserData; 914 ULONG Flags; 915 ULONG ContextSwitches; 916 ULONG64 CycleTimeBias; 917 ULONG64 HardwareCounters; 918 COUNTER_READING HwCounter[16]; 919 }KTHREAD_COUNTERS, *PKTHREAD_COUNTERS; 920 #endif 921 922 /// FIXME: should move to rtltypes.h, but we can't include it here. 923 #if (NTDDI_VERSION >= NTDDI_WIN8) 924 typedef struct _RTL_RB_TREE 925 { 926 PRTL_BALANCED_NODE Root; 927 PRTL_BALANCED_NODE Min; 928 } RTL_RB_TREE, *PRTL_RB_TREE; 929 #endif 930 931 #if (NTDDI_VERSION >= NTDDI_WINBLUE) 932 typedef struct _KLOCK_ENTRY_LOCK_STATE 933 { 934 union 935 { 936 struct 937 { 938 #if (NTDDI_VERSION >= NTDDI_WIN10) // since 6.4.9841.0 939 ULONG_PTR CrossThreadReleasable : 1; 940 #else 941 ULONG_PTR Waiting : 1; 942 #endif 943 ULONG_PTR Busy : 1; 944 ULONG_PTR Reserved : (8 * sizeof(PVOID)) - 3; // previously Spare 945 ULONG_PTR InTree : 1; 946 }; 947 PVOID LockState; 948 }; 949 union 950 { 951 PVOID SessionState; 952 struct 953 { 954 ULONG SessionId; 955 #ifdef _WIN64 956 ULONG SessionPad; 957 #endif 958 }; 959 }; 960 } KLOCK_ENTRY_LOCK_STATE, *PKLOCK_ENTRY_LOCK_STATE; 961 962 typedef struct _KLOCK_ENTRY 963 { 964 union 965 { 966 RTL_BALANCED_NODE TreeNode; 967 SINGLE_LIST_ENTRY FreeListEntry; 968 }; 969 #if (NTDDI_VERSION >= NTDDI_WIN10) 970 union 971 { 972 ULONG EntryFlags; 973 struct 974 { 975 UCHAR EntryOffset; 976 union 977 { 978 UCHAR ThreadLocalFlags; 979 struct 980 { 981 UCHAR WaitingBit : 1; 982 UCHAR Spare0 : 7; 983 }; 984 }; 985 union 986 { 987 UCHAR AcquiredByte; 988 UCHAR AcquiredBit : 1; 989 }; 990 union 991 { 992 UCHAR CrossThreadFlags; 993 struct 994 { 995 UCHAR HeadNodeBit : 1; 996 UCHAR IoPriorityBit : 1; 997 UCHAR IoQoSWaiter : 1; // since TH2 998 UCHAR Spare1 : 5; 999 }; 1000 }; 1001 }; 1002 struct 1003 { 1004 ULONG StaticState : 8; 1005 ULONG AllFlags : 24; 1006 }; 1007 }; 1008 #ifdef _WIN64 1009 ULONG SpareFlags; 1010 #endif 1011 #else 1012 union 1013 { 1014 PVOID ThreadUnsafe; 1015 struct 1016 { 1017 volatile UCHAR HeadNodeByte; 1018 UCHAR Reserved1[2]; 1019 volatile UCHAR AcquiredByte; 1020 }; 1021 }; 1022 #endif 1023 1024 union 1025 { 1026 KLOCK_ENTRY_LOCK_STATE LockState; 1027 PVOID LockUnsafe; 1028 struct 1029 { 1030 #if (NTDDI_VERSION >= NTDDI_WIN10) 1031 volatile UCHAR CrossThreadReleasableAndBusyByte; 1032 #else 1033 volatile UCHAR WaitingAndBusyByte; 1034 #endif 1035 UCHAR Reserved[sizeof(PVOID) - 2]; 1036 UCHAR InTreeByte; 1037 union 1038 { 1039 PVOID SessionState; 1040 struct 1041 { 1042 ULONG SessionId; 1043 #ifdef _WIN64 1044 ULONG SessionPad; 1045 #endif 1046 }; 1047 }; 1048 }; 1049 }; 1050 union 1051 { 1052 struct 1053 { 1054 RTL_RB_TREE OwnerTree; 1055 RTL_RB_TREE WaiterTree; 1056 }; 1057 CHAR CpuPriorityKey; 1058 }; 1059 ULONG_PTR EntryLock; 1060 union 1061 { 1062 #if _WIN64 1063 ULONG AllBoosts : 17; 1064 #else 1065 USHORT AllBoosts; 1066 #endif 1067 struct 1068 { 1069 struct 1070 { 1071 USHORT CpuBoostsBitmap : 15; 1072 USHORT IoBoost : 1; 1073 }; 1074 struct 1075 { 1076 USHORT IoQoSBoost : 1; 1077 USHORT IoNormalPriorityWaiterCount : 8; 1078 USHORT IoQoSWaiterCount : 7; 1079 }; 1080 }; 1081 }; 1082 #if _WIN64 1083 ULONG SparePad; 1084 #endif 1085 } KLOCK_ENTRY, *PKLOCK_ENTRY; 1086 1087 #endif 1088 1089 // 1090 // Kernel Thread (KTHREAD) 1091 // 1092 #if (NTDDI_VERSION < NTDDI_WIN8) 1093 1094 typedef struct _KTHREAD 1095 { 1096 DISPATCHER_HEADER Header; 1097 #if (NTDDI_VERSION >= NTDDI_LONGHORN) // [ 1098 ULONGLONG CycleTime; 1099 #ifndef _WIN64 // [ 1100 ULONG HighCycleTime; 1101 #endif // ] 1102 ULONGLONG QuantumTarget; 1103 #else // ][ 1104 LIST_ENTRY MutantListHead; 1105 #endif // ] 1106 PVOID InitialStack; 1107 ULONG_PTR StackLimit; // FIXME: PVOID 1108 PVOID KernelStack; 1109 KSPIN_LOCK ThreadLock; 1110 #if (NTDDI_VERSION >= NTDDI_WIN7) // [ 1111 KWAIT_STATUS_REGISTER WaitRegister; 1112 BOOLEAN Running; 1113 BOOLEAN Alerted[2]; 1114 union 1115 { 1116 struct 1117 { 1118 ULONG KernelStackResident:1; 1119 ULONG ReadyTransition:1; 1120 ULONG ProcessReadyQueue:1; 1121 ULONG WaitNext:1; 1122 ULONG SystemAffinityActive:1; 1123 ULONG Alertable:1; 1124 ULONG GdiFlushActive:1; 1125 ULONG UserStackWalkActive:1; 1126 ULONG ApcInterruptRequest:1; 1127 ULONG ForceDeferSchedule:1; 1128 ULONG QuantumEndMigrate:1; 1129 ULONG UmsDirectedSwitchEnable:1; 1130 ULONG TimerActive:1; 1131 ULONG Reserved:19; 1132 }; 1133 LONG MiscFlags; 1134 }; 1135 #endif // ] 1136 union 1137 { 1138 KAPC_STATE ApcState; 1139 struct 1140 { 1141 UCHAR ApcStateFill[FIELD_OFFSET(KAPC_STATE, UserApcPending) + 1]; 1142 #if (NTDDI_VERSION >= NTDDI_LONGHORN) // [ 1143 SCHAR Priority; 1144 #if (NTDDI_VERSION >= NTDDI_WIN7) // [ 1145 /* On x86, the following members "fall out" of the union */ 1146 volatile ULONG NextProcessor; 1147 volatile ULONG DeferredProcessor; 1148 #else // ][ 1149 /* On x86, the following members "fall out" of the union */ 1150 volatile USHORT NextProcessor; 1151 volatile USHORT DeferredProcessor; 1152 #endif // ] 1153 #else // ][ 1154 UCHAR ApcQueueable; 1155 /* On x86, the following members "fall out" of the union */ 1156 volatile UCHAR NextProcessor; 1157 volatile UCHAR DeferredProcessor; 1158 UCHAR AdjustReason; 1159 SCHAR AdjustIncrement; 1160 #endif // ] 1161 }; 1162 }; 1163 KSPIN_LOCK ApcQueueLock; 1164 #ifndef _M_AMD64 // [ 1165 ULONG ContextSwitches; 1166 volatile UCHAR State; 1167 UCHAR NpxState; 1168 KIRQL WaitIrql; 1169 KPROCESSOR_MODE WaitMode; 1170 #endif // ] 1171 LONG_PTR WaitStatus; 1172 #if (NTDDI_VERSION >= NTDDI_WIN7) // [ 1173 PKWAIT_BLOCK WaitBlockList; 1174 #else // ][ 1175 union 1176 { 1177 PKWAIT_BLOCK WaitBlockList; 1178 PKGATE GateObject; 1179 }; 1180 #if (NTDDI_VERSION >= NTDDI_LONGHORN) // [ 1181 union 1182 { 1183 struct 1184 { 1185 ULONG KernelStackResident:1; 1186 ULONG ReadyTransition:1; 1187 ULONG ProcessReadyQueue:1; 1188 ULONG WaitNext:1; 1189 ULONG SystemAffinityActive:1; 1190 ULONG Alertable:1; 1191 ULONG GdiFlushActive:1; 1192 ULONG Reserved:25; 1193 }; 1194 LONG MiscFlags; 1195 }; 1196 #else // ][ 1197 BOOLEAN Alertable; 1198 BOOLEAN WaitNext; 1199 #endif // ] 1200 UCHAR WaitReason; 1201 #if (NTDDI_VERSION < NTDDI_LONGHORN) 1202 SCHAR Priority; 1203 BOOLEAN EnableStackSwap; 1204 #endif // ] 1205 volatile UCHAR SwapBusy; 1206 BOOLEAN Alerted[MaximumMode]; 1207 #endif // ] 1208 union 1209 { 1210 LIST_ENTRY WaitListEntry; 1211 SINGLE_LIST_ENTRY SwapListEntry; 1212 }; 1213 PKQUEUE Queue; 1214 #ifndef _M_AMD64 // [ 1215 ULONG WaitTime; 1216 union 1217 { 1218 struct 1219 { 1220 SHORT KernelApcDisable; 1221 SHORT SpecialApcDisable; 1222 }; 1223 ULONG CombinedApcDisable; 1224 }; 1225 #endif // ] 1226 struct _TEB *Teb; 1227 1228 #if (NTDDI_VERSION >= NTDDI_WIN7) // [ 1229 KTIMER Timer; 1230 #else // ][ 1231 union 1232 { 1233 KTIMER Timer; 1234 struct 1235 { 1236 UCHAR TimerFill[FIELD_OFFSET(KTIMER, Period) + sizeof(LONG)]; 1237 #if !defined(_WIN64) // [ 1238 }; 1239 }; 1240 #endif // ] 1241 #endif // ] 1242 union 1243 { 1244 struct 1245 { 1246 ULONG AutoAlignment:1; 1247 ULONG DisableBoost:1; 1248 #if (NTDDI_VERSION >= NTDDI_LONGHORN) // [ 1249 ULONG EtwStackTraceApc1Inserted:1; 1250 ULONG EtwStackTraceApc2Inserted:1; 1251 ULONG CycleChargePending:1; 1252 ULONG CalloutActive:1; 1253 ULONG ApcQueueable:1; 1254 ULONG EnableStackSwap:1; 1255 ULONG GuiThread:1; 1256 ULONG ReservedFlags:23; 1257 #else // ][ 1258 LONG ReservedFlags:30; 1259 #endif // ] 1260 }; 1261 LONG ThreadFlags; 1262 }; 1263 #if defined(_WIN64) && (NTDDI_VERSION < NTDDI_WIN7) // [ 1264 }; 1265 }; 1266 #endif // ] 1267 #if (NTDDI_VERSION >= NTDDI_WIN7) // [ 1268 #if defined(_WIN64) // [ 1269 ULONG Spare0; 1270 #else // ][ 1271 PVOID ServiceTable; 1272 #endif // ] 1273 #endif // ] 1274 union 1275 { 1276 DECLSPEC_ALIGN(8) KWAIT_BLOCK WaitBlock[THREAD_WAIT_OBJECTS + 1]; 1277 #if (NTDDI_VERSION < NTDDI_WIN7) // [ 1278 struct 1279 { 1280 UCHAR WaitBlockFill0[FIELD_OFFSET(KWAIT_BLOCK, SpareByte)]; // 32bit = 23, 64bit = 43 1281 #if (NTDDI_VERSION >= NTDDI_LONGHORN) // [ 1282 UCHAR IdealProcessor; 1283 #else // ][ 1284 BOOLEAN SystemAffinityActive; 1285 #endif // ] 1286 }; 1287 struct 1288 { 1289 UCHAR WaitBlockFill1[1 * sizeof(KWAIT_BLOCK) + FIELD_OFFSET(KWAIT_BLOCK, SpareByte)]; // 47 / 91 1290 CCHAR PreviousMode; 1291 }; 1292 struct 1293 { 1294 UCHAR WaitBlockFill2[2 * sizeof(KWAIT_BLOCK) + FIELD_OFFSET(KWAIT_BLOCK, SpareByte)]; // 71 / 139 1295 UCHAR ResourceIndex; 1296 }; 1297 struct 1298 { 1299 UCHAR WaitBlockFill3[3 * sizeof(KWAIT_BLOCK) + FIELD_OFFSET(KWAIT_BLOCK, SpareByte)]; // 95 / 187 1300 UCHAR LargeStack; 1301 }; 1302 #endif // ] 1303 #ifdef _WIN64 // [ 1304 struct 1305 { 1306 UCHAR WaitBlockFill4[FIELD_OFFSET(KWAIT_BLOCK, SpareLong)]; 1307 ULONG ContextSwitches; 1308 }; 1309 struct 1310 { 1311 UCHAR WaitBlockFill5[1 * sizeof(KWAIT_BLOCK) + FIELD_OFFSET(KWAIT_BLOCK, SpareLong)]; 1312 UCHAR State; 1313 UCHAR NpxState; 1314 UCHAR WaitIrql; 1315 CHAR WaitMode; 1316 }; 1317 struct 1318 { 1319 UCHAR WaitBlockFill6[2 * sizeof(KWAIT_BLOCK) + FIELD_OFFSET(KWAIT_BLOCK, SpareLong)]; 1320 ULONG WaitTime; 1321 }; 1322 #if (NTDDI_VERSION >= NTDDI_WIN7) // [ 1323 struct 1324 { 1325 UCHAR WaitBlockFill7[168]; 1326 PVOID TebMappedLowVa; 1327 struct _UMS_CONTROL_BLOCK* Ucb; 1328 }; 1329 #endif // ] 1330 struct 1331 { 1332 #if (NTDDI_VERSION >= NTDDI_WIN7) // [ 1333 UCHAR WaitBlockFill8[188]; 1334 #else // ][ 1335 UCHAR WaitBlockFill7[3 * sizeof(KWAIT_BLOCK) + FIELD_OFFSET(KWAIT_BLOCK, SpareLong)]; 1336 #endif // ] 1337 union 1338 { 1339 struct 1340 { 1341 SHORT KernelApcDisable; 1342 SHORT SpecialApcDisable; 1343 }; 1344 ULONG CombinedApcDisable; 1345 }; 1346 }; 1347 #endif // ] 1348 }; 1349 LIST_ENTRY QueueListEntry; 1350 PKTRAP_FRAME TrapFrame; 1351 #if (NTDDI_VERSION >= NTDDI_LONGHORN) // [ 1352 PVOID FirstArgument; 1353 union 1354 { 1355 PVOID CallbackStack; 1356 ULONG_PTR CallbackDepth; 1357 }; 1358 #else // ][ 1359 PVOID CallbackStack; 1360 #endif // ] 1361 #if (NTDDI_VERSION < NTDDI_LONGHORN) || ((NTDDI_VERSION < NTDDI_WIN7) && !defined(_WIN64)) // [ 1362 PVOID ServiceTable; 1363 #endif // ] 1364 #if (NTDDI_VERSION < NTDDI_LONGHORN) && defined(_WIN64) // [ 1365 ULONG KernelLimit; 1366 #endif // ] 1367 UCHAR ApcStateIndex; 1368 #if (NTDDI_VERSION < NTDDI_LONGHORN) // [ 1369 UCHAR IdealProcessor; 1370 BOOLEAN Preempted; 1371 BOOLEAN ProcessReadyQueue; 1372 #ifdef _WIN64 // [ 1373 PVOID Win32kTable; 1374 ULONG Win32kLimit; 1375 #endif // ] 1376 BOOLEAN KernelStackResident; 1377 #endif // ] 1378 SCHAR BasePriority; 1379 SCHAR PriorityDecrement; 1380 #if (NTDDI_VERSION >= NTDDI_LONGHORN) // [ 1381 BOOLEAN Preempted; 1382 UCHAR AdjustReason; 1383 CHAR AdjustIncrement; 1384 #if (NTDDI_VERSION >= NTDDI_WIN7) 1385 UCHAR PreviousMode; 1386 #else 1387 UCHAR Spare01; 1388 #endif 1389 #endif // ] 1390 CHAR Saturation; 1391 #if (NTDDI_VERSION >= NTDDI_LONGHORN) // [ 1392 ULONG SystemCallNumber; 1393 #if (NTDDI_VERSION >= NTDDI_WIN7) // [ 1394 ULONG FreezeCount; 1395 #else // ][ 1396 ULONG Spare02; 1397 #endif // ] 1398 #endif // ] 1399 #if (NTDDI_VERSION >= NTDDI_WIN7) // [ 1400 GROUP_AFFINITY UserAffinity; 1401 struct _KPROCESS *Process; 1402 GROUP_AFFINITY Affinity; 1403 ULONG IdealProcessor; 1404 ULONG UserIdealProcessor; 1405 #else // ][ 1406 KAFFINITY UserAffinity; 1407 struct _KPROCESS *Process; 1408 KAFFINITY Affinity; 1409 #endif // ] 1410 PKAPC_STATE ApcStatePointer[2]; 1411 union 1412 { 1413 KAPC_STATE SavedApcState; 1414 struct 1415 { 1416 UCHAR SavedApcStateFill[FIELD_OFFSET(KAPC_STATE, UserApcPending) + 1]; 1417 #if (NTDDI_VERSION >= NTDDI_WIN7) // [ 1418 UCHAR WaitReason; 1419 #else // ][ 1420 CCHAR FreezeCount; 1421 #endif // ] 1422 #ifndef _WIN64 // [ 1423 }; 1424 }; 1425 #endif // ] 1426 CCHAR SuspendCount; 1427 #if (NTDDI_VERSION >= NTDDI_WIN7) // [ 1428 CCHAR Spare1; 1429 #else // ][ 1430 UCHAR UserIdealProcessor; 1431 #endif // ] 1432 #if (NTDDI_VERSION >= NTDDI_WIN7) // [ 1433 #elif (NTDDI_VERSION >= NTDDI_LONGHORN) // ][ 1434 UCHAR Spare03; 1435 #else // ][ 1436 UCHAR CalloutActive; 1437 #endif // ] 1438 #ifdef _WIN64 // [ 1439 UCHAR CodePatchInProgress; 1440 }; 1441 }; 1442 #endif // ] 1443 #if defined(_M_IX86) // [ 1444 #if (NTDDI_VERSION >= NTDDI_LONGHORN) // [ 1445 UCHAR OtherPlatformFill; 1446 #else // ][ 1447 UCHAR Iopl; 1448 #endif // ] 1449 #endif // ] 1450 PVOID Win32Thread; 1451 PVOID StackBase; 1452 union 1453 { 1454 KAPC SuspendApc; 1455 struct 1456 { 1457 UCHAR SuspendApcFill0[1]; 1458 #if (NTDDI_VERSION >= NTDDI_WIN7) // [ 1459 UCHAR ResourceIndex; 1460 #elif (NTDDI_VERSION >= NTDDI_LONGHORN) // ][ 1461 CHAR Spare04; 1462 #else // ][ 1463 SCHAR Quantum; 1464 #endif // ] 1465 }; 1466 struct 1467 { 1468 UCHAR SuspendApcFill1[3]; 1469 UCHAR QuantumReset; 1470 }; 1471 struct 1472 { 1473 UCHAR SuspendApcFill2[4]; 1474 ULONG KernelTime; 1475 }; 1476 struct 1477 { 1478 UCHAR SuspendApcFill3[FIELD_OFFSET(KAPC, SystemArgument1)]; 1479 #if (NTDDI_VERSION >= NTDDI_LONGHORN) 1480 PKPRCB WaitPrcb; 1481 #else 1482 PVOID TlsArray; 1483 #endif 1484 }; 1485 struct 1486 { 1487 UCHAR SuspendApcFill4[FIELD_OFFSET(KAPC, SystemArgument2)]; // 40 / 72 1488 PVOID LegoData; 1489 }; 1490 struct 1491 { 1492 UCHAR SuspendApcFill5[FIELD_OFFSET(KAPC, Inserted) + 1]; // 47 / 83 1493 #if (NTDDI_VERSION >= NTDDI_WIN7) // [ 1494 UCHAR LargeStack; 1495 #else // ][ 1496 UCHAR PowerState; 1497 #endif // ] 1498 #ifdef _WIN64 // [ 1499 ULONG UserTime; 1500 #endif // ] 1501 }; 1502 }; 1503 #ifndef _WIN64 // [ 1504 ULONG UserTime; 1505 #endif // ] 1506 union 1507 { 1508 KSEMAPHORE SuspendSemaphore; 1509 struct 1510 { 1511 UCHAR SuspendSemaphorefill[FIELD_OFFSET(KSEMAPHORE, Limit) + 4]; // 20 / 28 1512 #ifdef _WIN64 // [ 1513 ULONG SListFaultCount; 1514 #endif // ] 1515 }; 1516 }; 1517 #ifndef _WIN64 // [ 1518 ULONG SListFaultCount; 1519 #endif // ] 1520 LIST_ENTRY ThreadListEntry; 1521 #if (NTDDI_VERSION >= NTDDI_LONGHORN) // [ 1522 LIST_ENTRY MutantListHead; 1523 #endif // ] 1524 PVOID SListFaultAddress; 1525 #ifdef _M_AMD64 // [ 1526 LONG64 ReadOperationCount; 1527 LONG64 WriteOperationCount; 1528 LONG64 OtherOperationCount; 1529 LONG64 ReadTransferCount; 1530 LONG64 WriteTransferCount; 1531 LONG64 OtherTransferCount; 1532 #endif // ] 1533 #if (NTDDI_VERSION >= NTDDI_WIN7) // [ 1534 PKTHREAD_COUNTERS ThreadCounters; 1535 PXSTATE_SAVE XStateSave; 1536 #elif (NTDDI_VERSION >= NTDDI_LONGHORN) // ][ 1537 PVOID MdlForLockedTeb; 1538 #endif // ] 1539 } KTHREAD; 1540 1541 #else // not (NTDDI_VERSION < NTDDI_WIN8) 1542 1543 #if defined(_WIN64) && (NTDDI_VERSION < 0x06032580) // since WIN 8.1 Update1 6.3.9600.16384 1544 #define NUMBER_OF_LOCK_ENTRIES 5 1545 #else 1546 #define NUMBER_OF_LOCK_ENTRIES 6 1547 #endif 1548 1549 typedef struct _KTHREAD 1550 { 1551 DISPATCHER_HEADER Header; 1552 PVOID SListFaultAddress; 1553 ULONG64 QuantumTarget; 1554 PVOID InitialStack; 1555 volatile VOID *StackLimit; 1556 PVOID StackBase; 1557 KSPIN_LOCK ThreadLock; 1558 volatile ULONG64 CycleTime; 1559 #ifndef _WIN64 1560 volatile ULONG HighCycleTime; 1561 PVOID ServiceTable; 1562 #endif 1563 ULONG CurrentRunTime; 1564 ULONG ExpectedRunTime; 1565 PVOID KernelStack; 1566 XSAVE_FORMAT* StateSaveArea; 1567 struct _KSCHEDULING_GROUP* SchedulingGroup; 1568 KWAIT_STATUS_REGISTER WaitRegister; 1569 BOOLEAN Running; 1570 BOOLEAN Alerted[MaximumMode]; 1571 1572 union 1573 { 1574 struct 1575 { 1576 #if (NTDDI_VERSION < NTDDI_WIN10) 1577 ULONG KernelStackResident : 1; 1578 #else 1579 ULONG AutoBoostActive : 1; 1580 #endif 1581 ULONG ReadyTransition : 1; 1582 #if (NTDDI_VERSION < NTDDI_WIN10TH2) 1583 ULONG ProcessReadyQueue : 1; 1584 #endif 1585 ULONG ProcessReadyQueue : 1; 1586 ULONG WaitNext : 1; 1587 ULONG SystemAffinityActive : 1; 1588 ULONG Alertable : 1; 1589 #if (NTDDI_VERSION < NTDDI_WIN81) 1590 ULONG CodePatchInProgress : 1; 1591 #endif 1592 ULONG UserStackWalkActive : 1; 1593 ULONG ApcInterruptRequest : 1; 1594 ULONG QuantumEndMigrate : 1; 1595 ULONG UmsDirectedSwitchEnable : 1; 1596 ULONG TimerActive : 1; 1597 ULONG SystemThread : 1; 1598 ULONG ProcessDetachActive : 1; 1599 ULONG CalloutActive : 1; 1600 ULONG ScbReadyQueue : 1; 1601 ULONG ApcQueueable : 1; 1602 ULONG ReservedStackInUse : 1; 1603 ULONG UmsPerformingSyscall : 1; 1604 ULONG DisableStackCheck : 1; 1605 ULONG Reserved : 12; 1606 }; 1607 LONG MiscFlags; 1608 }; 1609 1610 union 1611 { 1612 struct 1613 { 1614 ULONG AutoAlignment : 1; 1615 ULONG DisableBoost : 1; 1616 ULONG UserAffinitySet : 1; 1617 ULONG AlertedByThreadId : 1; 1618 ULONG QuantumDonation : 1; 1619 ULONG EnableStackSwap : 1; 1620 ULONG GuiThread : 1; 1621 ULONG DisableQuantum : 1; 1622 ULONG ChargeOnlyGroup : 1; 1623 ULONG DeferPreemption : 1; 1624 ULONG QueueDeferPreemption : 1; 1625 ULONG ForceDeferSchedule : 1; 1626 ULONG ExplicitIdealProcessor : 1; 1627 ULONG FreezeCount : 1; 1628 #if (NTDDI_VERSION >= 0x060324D7) // since 6.3.9431.0 1629 ULONG TerminationApcRequest : 1; 1630 #endif 1631 #if (NTDDI_VERSION >= 0x06032580) // since 6.3.9600.16384 1632 ULONG AutoBoostEntriesExhausted : 1; 1633 #endif 1634 #if (NTDDI_VERSION >= 0x06032580) // since 6.3.9600.17031 1635 ULONG KernelStackResident : 1; 1636 #endif 1637 #if (NTDDI_VERSION >= NTDDI_WIN10) 1638 ULONG CommitFailTerminateRequest : 1; 1639 ULONG ProcessStackCountDecremented : 1; 1640 ULONG ThreadFlagsSpare : 5; 1641 #endif 1642 ULONG EtwStackTraceApcInserted : 8; 1643 #if (NTDDI_VERSION < NTDDI_WIN10) 1644 ULONG ReservedFlags : 10; 1645 #endif 1646 }; 1647 LONG ThreadFlags; 1648 }; 1649 1650 #if (NTDDI_VERSION >= NTDDI_WIN10) 1651 volatile UCHAR Tag; 1652 UCHAR SystemHeteroCpuPolicy; 1653 UCHAR UserHeteroCpuPolicy : 7; 1654 UCHAR ExplicitSystemHeteroCpuPolicy : 1; 1655 UCHAR Spare0; 1656 #else 1657 ULONG Spare0; 1658 #endif 1659 ULONG SystemCallNumber; 1660 #ifdef _WIN64 1661 ULONG Spare1; // Win 10: Spare10 1662 #endif 1663 PVOID FirstArgument; 1664 PKTRAP_FRAME TrapFrame; 1665 1666 union 1667 { 1668 KAPC_STATE ApcState; 1669 struct 1670 { 1671 UCHAR ApcStateFill[RTL_SIZEOF_THROUGH_FIELD(KAPC_STATE, UserApcPending)]; // 32bit: 23/0x17, 64bit: 43/0x2B 1672 SCHAR Priority; 1673 ULONG UserIdealProcessor; 1674 }; 1675 }; 1676 1677 #ifndef _WIN64 1678 ULONG ContextSwitches; 1679 volatile UCHAR State; 1680 #if (NTDDI_VERSION >= NTDDI_WIN10) // since 10.0.10074.0 1681 CHAR Spare12; 1682 #else 1683 CHAR NpxState; 1684 #endif 1685 KIRQL WaitIrql; 1686 KPROCESSOR_MODE WaitMode; 1687 #endif 1688 1689 volatile INT_PTR WaitStatus; 1690 PKWAIT_BLOCK WaitBlockList; 1691 union 1692 { 1693 LIST_ENTRY WaitListEntry; 1694 SINGLE_LIST_ENTRY SwapListEntry; 1695 }; 1696 PKQUEUE Queue; 1697 PVOID Teb; 1698 #if (NTDDI_VERSION >= NTDDI_WIN8 /* 0x060223F0 */) // since 6.2.9200.16384 1699 ULONG64 RelativeTimerBias; 1700 #endif 1701 KTIMER Timer; 1702 1703 union 1704 { 1705 DECLSPEC_ALIGN(8) KWAIT_BLOCK WaitBlock[THREAD_WAIT_OBJECTS + 1]; 1706 #ifdef _WIN64 1707 struct 1708 { 1709 UCHAR WaitBlockFill4[FIELD_OFFSET(KWAIT_BLOCK, SpareLong)]; // 32bit: -, 64bit: 20/0x14 1710 ULONG ContextSwitches; 1711 }; 1712 struct 1713 { 1714 UCHAR WaitBlockFill5[1 * sizeof(KWAIT_BLOCK) + FIELD_OFFSET(KWAIT_BLOCK, SpareLong)]; // 32bit: -, 64bit: 68/0x44 1715 UCHAR State; 1716 #if (NTDDI_VERSION >= NTDDI_WIN10) 1717 CHAR Spare13; 1718 #else 1719 CHAR NpxState; 1720 #endif 1721 UCHAR WaitIrql; 1722 CHAR WaitMode; 1723 }; 1724 struct 1725 { 1726 UCHAR WaitBlockFill6[2 * sizeof(KWAIT_BLOCK) + FIELD_OFFSET(KWAIT_BLOCK, SpareLong)]; // 32bit: -, 64bit: 116/0x74 1727 ULONG WaitTime; 1728 }; 1729 struct 1730 { 1731 UCHAR WaitBlockFill7[3 * sizeof(KWAIT_BLOCK) + FIELD_OFFSET(KWAIT_BLOCK, SpareLong)]; // 32bit: -, 64bit: 164/0xA4 1732 union 1733 { 1734 struct 1735 { 1736 SHORT KernelApcDisable; 1737 SHORT SpecialApcDisable; 1738 }; 1739 ULONG CombinedApcDisable; 1740 }; 1741 }; 1742 #endif 1743 struct 1744 { 1745 UCHAR WaitBlockFill8[FIELD_OFFSET(KWAIT_BLOCK, SparePtr)]; // 32bit: 20/0x14, 64bit: 40/0x28 1746 struct _KTHREAD_COUNTERS *ThreadCounters; 1747 }; 1748 struct 1749 { 1750 UCHAR WaitBlockFill9[1 * sizeof(KWAIT_BLOCK) + FIELD_OFFSET(KWAIT_BLOCK, SparePtr)]; // 32bit: 44/0x2C, 64bit: 88/0x58 1751 PXSTATE_SAVE XStateSave; 1752 }; 1753 struct 1754 { 1755 UCHAR WaitBlockFill10[2 * sizeof(KWAIT_BLOCK) + FIELD_OFFSET(KWAIT_BLOCK, SparePtr)]; // 32bit: 68/0x44, 64bit: 136/0x88 1756 PVOID Win32Thread; 1757 }; 1758 struct 1759 { 1760 UCHAR WaitBlockFill11[3 * sizeof(KWAIT_BLOCK) + FIELD_OFFSET(KWAIT_BLOCK, Object)]; // 32bit: 88/0x58, 64bit: 176/0xB0 1761 #ifdef _WIN64 1762 struct _UMS_CONTROL_BLOCK* Ucb; 1763 struct _KUMS_CONTEXT_HEADER* Uch; 1764 #else 1765 ULONG WaitTime; 1766 union 1767 { 1768 struct 1769 { 1770 SHORT KernelApcDisable; 1771 SHORT SpecialApcDisable; 1772 }; 1773 ULONG CombinedApcDisable; 1774 }; 1775 #endif 1776 }; 1777 }; 1778 1779 #ifdef _WIN64 1780 PVOID TebMappedLowVa; 1781 #endif 1782 LIST_ENTRY QueueListEntry; 1783 #if (NTDDI_VERSION >= 0x060223F0) // since 6.2.9200.16384 1784 union 1785 { 1786 ULONG NextProcessor; 1787 struct 1788 { 1789 ULONG NextProcessorNumber : 31; 1790 ULONG SharedReadyQueue : 1; 1791 }; 1792 }; 1793 LONG QueuePriority; 1794 #else 1795 ULONG NextProcessor; 1796 ULONG DeferredProcessor; 1797 #endif 1798 PKPROCESS Process; 1799 1800 union 1801 { 1802 GROUP_AFFINITY UserAffinity; 1803 struct 1804 { 1805 UCHAR UserAffinityFill[FIELD_OFFSET(GROUP_AFFINITY, Reserved)]; // 32bit: 6/0x6, 64bit: 10/0x0A 1806 CHAR PreviousMode; 1807 CHAR BasePriority; 1808 union 1809 { 1810 CHAR PriorityDecrement; 1811 struct 1812 { 1813 UCHAR ForegroundBoost : 4; 1814 UCHAR UnusualBoost : 4; 1815 }; 1816 }; 1817 UCHAR Preempted; 1818 UCHAR AdjustReason; 1819 CHAR AdjustIncrement; 1820 }; 1821 }; 1822 1823 #if (NTDDI_VERSION >= NTDDI_WIN10) // since 10.0.10240.16384 1824 ULONG_PTR AffinityVersion; 1825 #endif 1826 union 1827 { 1828 GROUP_AFFINITY Affinity; 1829 struct 1830 { 1831 UCHAR AffinityFill[FIELD_OFFSET(GROUP_AFFINITY, Reserved)]; // 32bit: 6/0x6, 64bit: 10/0x0A 1832 UCHAR ApcStateIndex; 1833 UCHAR WaitBlockCount; 1834 ULONG IdealProcessor; 1835 }; 1836 }; 1837 1838 #if (NTDDI_VERSION >= NTDDI_WIN10) // since 10.0.10240.16384 1839 #ifdef _WIN64 1840 ULONG64 NpxState; 1841 #else 1842 ULONG Spare15; 1843 #endif 1844 #else 1845 PKAPC_STATE ApcStatePointer[2]; 1846 #endif 1847 1848 union 1849 { 1850 KAPC_STATE SavedApcState; 1851 struct 1852 { 1853 UCHAR SavedApcStateFill[FIELD_OFFSET(KAPC_STATE, UserApcPending) + 1]; // 32bit: 23/0x17, 64bit: 43/0x2B 1854 UCHAR WaitReason; 1855 CHAR SuspendCount; 1856 CHAR Saturation; 1857 SHORT SListFaultCount; 1858 }; 1859 }; 1860 1861 union 1862 { 1863 KAPC SchedulerApc; 1864 struct 1865 { 1866 UCHAR SchedulerApcFill0[FIELD_OFFSET(KAPC, SpareByte0)]; // 32bit: 1/0x01, 64bit: 1/0x01 1867 UCHAR ResourceIndex; 1868 }; 1869 struct 1870 { 1871 UCHAR SchedulerApcFill1[FIELD_OFFSET(KAPC, SpareByte1)]; // 32bit: 3/0x03, 64bit: 3/0x03 1872 UCHAR QuantumReset; 1873 }; 1874 struct 1875 { 1876 UCHAR SchedulerApcFill2[FIELD_OFFSET(KAPC, SpareLong0)]; // 32bit: 4/0x04, 64bit: 4/0x04 1877 ULONG KernelTime; 1878 }; 1879 struct 1880 { 1881 UCHAR SuspendApcFill3[FIELD_OFFSET(KAPC, SystemArgument1)]; // 32 bit:, 64 bit: 64/0x40 1882 PKPRCB WaitPrcb; 1883 }; 1884 struct 1885 { 1886 UCHAR SchedulerApcFill4[FIELD_OFFSET(KAPC, SystemArgument2)]; // 32 bit:, 64 bit: 72/0x48 1887 PVOID LegoData; 1888 }; 1889 struct 1890 { 1891 UCHAR SchedulerApcFill5[FIELD_OFFSET(KAPC, Inserted) + 1]; // 32 bit:, 64 bit: 83/0x53 1892 UCHAR CallbackNestingLevel; 1893 ULONG UserTime; 1894 }; 1895 }; 1896 1897 KEVENT SuspendEvent; 1898 LIST_ENTRY ThreadListEntry; 1899 LIST_ENTRY MutantListHead; 1900 1901 #if (NTDDI_VERSION >= NTDDI_WIN10) 1902 UCHAR AbEntrySummary; 1903 UCHAR AbWaitEntryCount; 1904 USHORT Spare20; 1905 #if _WIN64 1906 ULONG SecureThreadCookie; 1907 #endif 1908 #elif (NTDDI_VERSION >= NTDDI_WINBLUE) // 6.3.9431.0 1909 SINGLE_LIST_ENTRY LockEntriesFreeList; 1910 #endif 1911 1912 #if (NTDDI_VERSION >= NTDDI_WINBLUE /* 0x06032580 */) // since 6.3.9600.16384 1913 KLOCK_ENTRY LockEntries[NUMBER_OF_LOCK_ENTRIES]; 1914 SINGLE_LIST_ENTRY PropagateBoostsEntry; 1915 SINGLE_LIST_ENTRY IoSelfBoostsEntry; 1916 UCHAR PriorityFloorCounts[16]; 1917 ULONG PriorityFloorSummary; 1918 volatile LONG AbCompletedIoBoostCount; 1919 #if (NTDDI_VERSION >= NTDDI_WIN10_RS1) 1920 LONG AbCompletedIoQoSBoostCount; 1921 #endif 1922 1923 #if (NTDDI_VERSION >= NTDDI_WIN10) // since 10.0.10240.16384 1924 volatile SHORT KeReferenceCount; 1925 #else 1926 volatile SHORT AbReferenceCount; 1927 #endif 1928 #if (NTDDI_VERSION >= 0x06040000) // since 6.4.9841.0 1929 UCHAR AbOrphanedEntrySummary; 1930 UCHAR AbOwnedEntryCount; 1931 #else 1932 UCHAR AbFreeEntryCount; 1933 UCHAR AbWaitEntryCount; 1934 #endif 1935 ULONG ForegroundLossTime; 1936 union 1937 { 1938 LIST_ENTRY GlobalForegroundListEntry; 1939 struct 1940 { 1941 SINGLE_LIST_ENTRY ForegroundDpcStackListEntry; 1942 ULONG_PTR InGlobalForegroundList; 1943 }; 1944 }; 1945 #endif 1946 1947 #if _WIN64 1948 LONG64 ReadOperationCount; 1949 LONG64 WriteOperationCount; 1950 LONG64 OtherOperationCount; 1951 LONG64 ReadTransferCount; 1952 LONG64 WriteTransferCount; 1953 LONG64 OtherTransferCount; 1954 #endif 1955 #if (NTDDI_VERSION >= NTDDI_WIN10) // since 10.0.10041.0 1956 struct _KSCB *QueuedScb; 1957 #ifndef _WIN64 1958 ULONG64 NpxState; 1959 #endif 1960 #endif 1961 } KTHREAD; 1962 1963 #endif 1964 1965 1966 #define ASSERT_THREAD(object) \ 1967 ASSERT((((object)->Header.Type & KOBJECT_TYPE_MASK) == ThreadObject)) 1968 1969 // 1970 // Kernel Process (KPROCESS) 1971 // 1972 typedef struct _KPROCESS 1973 { 1974 DISPATCHER_HEADER Header; 1975 LIST_ENTRY ProfileListHead; 1976 #if (NTDDI_VERSION >= NTDDI_LONGHORN) 1977 ULONG_PTR DirectoryTableBase; 1978 ULONG_PTR Unused0; 1979 #else 1980 ULONG_PTR DirectoryTableBase[2]; 1981 #endif 1982 #if defined(_M_IX86) 1983 KGDTENTRY LdtDescriptor; 1984 KIDTENTRY Int21Descriptor; 1985 #endif 1986 USHORT IopmOffset; 1987 #if defined(_M_IX86) 1988 UCHAR Iopl; 1989 UCHAR Unused; 1990 #endif 1991 volatile ULONG ActiveProcessors; 1992 ULONG KernelTime; 1993 ULONG UserTime; 1994 LIST_ENTRY ReadyListHead; 1995 SINGLE_LIST_ENTRY SwapListEntry; 1996 PVOID VdmTrapcHandler; 1997 LIST_ENTRY ThreadListHead; 1998 KSPIN_LOCK ProcessLock; 1999 KAFFINITY Affinity; 2000 union 2001 { 2002 struct 2003 { 2004 LONG AutoAlignment:1; 2005 LONG DisableBoost:1; 2006 LONG DisableQuantum:1; 2007 LONG ReservedFlags:29; 2008 }; 2009 LONG ProcessFlags; 2010 }; 2011 SCHAR BasePriority; 2012 SCHAR QuantumReset; 2013 UCHAR State; 2014 UCHAR ThreadSeed; 2015 UCHAR PowerState; 2016 UCHAR IdealNode; 2017 UCHAR Visited; 2018 union 2019 { 2020 KEXECUTE_OPTIONS Flags; 2021 UCHAR ExecuteOptions; 2022 }; 2023 ULONG StackCount; 2024 LIST_ENTRY ProcessListEntry; 2025 #if (NTDDI_VERSION >= NTDDI_LONGHORN) // [ 2026 ULONGLONG CycleTime; 2027 #endif // ] 2028 } KPROCESS; 2029 2030 #define ASSERT_PROCESS(object) \ 2031 ASSERT((((object)->Header.Type & KOBJECT_TYPE_MASK) == ProcessObject)) 2032 2033 // 2034 // System Service Table Descriptor 2035 // 2036 typedef struct _KSERVICE_TABLE_DESCRIPTOR 2037 { 2038 PULONG_PTR Base; 2039 PULONG Count; 2040 ULONG Limit; 2041 #if defined(_IA64_) 2042 LONG TableBaseGpOffset; 2043 #endif 2044 PUCHAR Number; 2045 } KSERVICE_TABLE_DESCRIPTOR, *PKSERVICE_TABLE_DESCRIPTOR; 2046 2047 #if (NTDDI_VERSION >= NTDDI_WIN8) 2048 // 2049 // Entropy Timing State 2050 // 2051 typedef struct _KENTROPY_TIMING_STATE 2052 { 2053 ULONG EntropyCount; 2054 ULONG Buffer[64]; 2055 KDPC Dpc; 2056 ULONG LastDeliveredBuffer; 2057 PULONG RawDataBuffer; 2058 } KENTROPY_TIMING_STATE, *PKENTROPY_TIMING_STATE; 2059 2060 // 2061 // Constants from ks386.inc, ksamd64.inc and ksarm.h 2062 // 2063 #define KENTROPY_TIMING_INTERRUPTS_PER_BUFFER 0x400 2064 #define KENTROPY_TIMING_BUFFER_MASK 0x7ff 2065 #define KENTROPY_TIMING_ANALYSIS 0x0 2066 2067 #endif /* (NTDDI_VERSION >= NTDDI_WIN8) */ 2068 2069 // 2070 // Exported Loader Parameter Block 2071 // 2072 extern struct _LOADER_PARAMETER_BLOCK NTSYSAPI *KeLoaderBlock; 2073 2074 // 2075 // Exported Hardware Data 2076 // 2077 extern ULONG NTSYSAPI KiDmaIoCoherency; 2078 extern ULONG NTSYSAPI KeMaximumIncrement; 2079 extern ULONG NTSYSAPI KeMinimumIncrement; 2080 extern ULONG NTSYSAPI KeDcacheFlushCount; 2081 extern ULONG NTSYSAPI KeIcacheFlushCount; 2082 extern ULONG_PTR NTSYSAPI KiBugCheckData[]; 2083 extern BOOLEAN NTSYSAPI KiEnableTimerWatchdog; 2084 2085 // 2086 // Exported System Service Descriptor Tables 2087 // 2088 extern KSERVICE_TABLE_DESCRIPTOR NTSYSAPI KeServiceDescriptorTable[SSDT_MAX_ENTRIES]; 2089 extern KSERVICE_TABLE_DESCRIPTOR NTSYSAPI KeServiceDescriptorTableShadow[SSDT_MAX_ENTRIES]; 2090 2091 #endif // !NTOS_MODE_USER 2092 2093 #endif // _KETYPES_H 2094