1 /*++ NDK Version: 0098 2 3 Copyright (c) Alex Ionescu. All rights reserved. 4 5 Header Name: 6 7 ketypes.h 8 9 Abstract: 10 11 Type definitions for the Kernel services. 12 13 Author: 14 15 Alex Ionescu (alexi@tinykrnl.org) - Updated - 27-Feb-2006 16 17 --*/ 18 19 #ifndef _KETYPES_H 20 #define _KETYPES_H 21 22 // 23 // Dependencies 24 // 25 #include <umtypes.h> 26 #ifndef NTOS_MODE_USER 27 #include <haltypes.h> 28 #include <potypes.h> 29 #include <ifssupp.h> 30 #endif 31 32 // 33 // A system call ID is formatted as such: 34 // .________________________________________________________________. 35 // | 14 | 13 | 12 | 11 | 10 | 9 | 8 | 7 | 6 | 5 | 4 | 3 | 2 | 1 | 0 | 36 // |--------------|-------------------------------------------------| 37 // | TABLE NUMBER | TABLE OFFSET | 38 // \----------------------------------------------------------------/ 39 // 40 // The table number is then used as an index into the service descriptor table. 41 #define TABLE_NUMBER_BITS 1 42 #define TABLE_OFFSET_BITS 12 43 44 // 45 // There are 2 tables (kernel and shadow, used by Win32K) 46 // 47 #define NUMBER_SERVICE_TABLES 2 48 #define NTOS_SERVICE_INDEX 0 49 #define WIN32K_SERVICE_INDEX 1 50 51 // 52 // NB. From assembly code, the table number must be computed as an offset into 53 // the service descriptor table. 54 // 55 // Each entry into the table is 16 bytes long on 32-bit architectures, and 56 // 32 bytes long on 64-bit architectures. 57 // 58 // Thus, Table Number 1 is offset 16 (0x10) on x86, and offset 32 (0x20) on 59 // x64. 60 // 61 #ifdef _WIN64 62 #define BITS_PER_ENTRY 5 // (1 << 5) = 32 bytes 63 #else 64 #define BITS_PER_ENTRY 4 // (1 << 4) = 16 bytes 65 #endif 66 67 // 68 // We want the table number, but leave some extra bits to we can have the offset 69 // into the descriptor table. 70 // 71 #define SERVICE_TABLE_SHIFT (12 - BITS_PER_ENTRY) 72 73 // 74 // Now the table number (as an offset) is corrupted with part of the table offset 75 // This mask will remove the extra unwanted bits, and give us the offset into the 76 // descriptor table proper. 77 // 78 #define SERVICE_TABLE_MASK (((1 << TABLE_NUMBER_BITS) - 1) << BITS_PER_ENTRY) 79 80 // 81 // To get the table offset (ie: the service call number), just keep the 12 bits 82 // 83 #define SERVICE_NUMBER_MASK ((1 << TABLE_OFFSET_BITS) - 1) 84 85 // 86 // We'll often need to check if this is a graphics call. This is done by comparing 87 // the table number offset with the known Win32K table number offset. 88 // This is usually index 1, so table number offset 0x10 (x86) or 0x20 (x64) 89 // 90 #define SERVICE_TABLE_TEST (WIN32K_SERVICE_INDEX << BITS_PER_ENTRY) 91 92 // 93 // Context Record Flags 94 // 95 #define CONTEXT_DEBUGGER (CONTEXT_FULL | CONTEXT_FLOATING_POINT) 96 97 // 98 // Maximum System Descriptor Table Entries 99 // 100 #define SSDT_MAX_ENTRIES 2 101 102 // 103 // Processor Architectures 104 // 105 #define PROCESSOR_ARCHITECTURE_INTEL 0 106 #define PROCESSOR_ARCHITECTURE_MIPS 1 107 #define PROCESSOR_ARCHITECTURE_ALPHA 2 108 #define PROCESSOR_ARCHITECTURE_PPC 3 109 #define PROCESSOR_ARCHITECTURE_SHX 4 110 #define PROCESSOR_ARCHITECTURE_ARM 5 111 #define PROCESSOR_ARCHITECTURE_IA64 6 112 #define PROCESSOR_ARCHITECTURE_ALPHA64 7 113 #define PROCESSOR_ARCHITECTURE_MSIL 8 114 #define PROCESSOR_ARCHITECTURE_AMD64 9 115 #define PROCESSOR_ARCHITECTURE_UNKNOWN 0xFFFF 116 117 // 118 // Object Type Mask for Kernel Dispatcher Objects 119 // 120 #define KOBJECT_TYPE_MASK 0x7F 121 #define KOBJECT_LOCK_BIT 0x80 122 123 // 124 // Dispatcher Priority increments 125 // 126 #define THREAD_ALERT_INCREMENT 2 127 128 // 129 // Physical memory offset of KUSER_SHARED_DATA 130 // 131 #define KI_USER_SHARED_DATA_PHYSICAL 0x41000 132 133 // 134 // Quantum values and decrements 135 // 136 #define MAX_QUANTUM 0x7F 137 #define WAIT_QUANTUM_DECREMENT 1 138 #define CLOCK_QUANTUM_DECREMENT 3 139 140 // 141 // Kernel Feature Bits 142 // 143 #define KF_V86_VIS 0x00000001 144 #define KF_RDTSC 0x00000002 145 #define KF_CR4 0x00000004 146 #define KF_CMOV 0x00000008 147 #define KF_GLOBAL_PAGE 0x00000010 148 #define KF_LARGE_PAGE 0x00000020 149 #define KF_MTRR 0x00000040 150 #define KF_CMPXCHG8B 0x00000080 151 #define KF_MMX 0x00000100 152 #define KF_WORKING_PTE 0x00000200 153 #define KF_PAT 0x00000400 154 #define KF_FXSR 0x00000800 155 #define KF_FAST_SYSCALL 0x00001000 156 #define KF_XMMI 0x00002000 157 #define KF_3DNOW 0x00004000 158 #define KF_AMDK6MTRR 0x00008000 159 #define KF_XMMI64 0x00010000 160 #define KF_DTS 0x00020000 161 #define KF_BRANCH 0x00020000 // from ksamd64.inc 162 #define KF_SSE3 0x00080000 163 #define KF_CMPXCHG16B 0x00100000 164 #define KF_XSTATE 0x00800000 // from ks386.inc, ksamd64.inc 165 #define KF_NX_BIT 0x20000000 166 #define KF_NX_DISABLED 0x40000000 167 #define KF_NX_ENABLED 0x80000000 168 169 #define KF_XSAVEOPT_BIT 15 170 #define KF_XSTATE_BIT 23 171 #define KF_RDWRFSGSBASE_BIT 28 172 173 // 174 // Internal Exception Codes 175 // 176 #define KI_EXCEPTION_INTERNAL 0x10000000 177 #define KI_EXCEPTION_ACCESS_VIOLATION (KI_EXCEPTION_INTERNAL | 0x04) 178 179 typedef struct _FIBER /* Field offsets: */ 180 { /* i386 arm x64 */ 181 PVOID FiberData; /* 0x000 0x000 0x000 */ 182 struct _EXCEPTION_REGISTRATION_RECORD *ExceptionList;/* 0x004 0x004 0x008 */ 183 PVOID StackBase; /* 0x008 0x008 0x010 */ 184 PVOID StackLimit; /* 0x00C 0x00C 0x018 */ 185 PVOID DeallocationStack; /* 0x010 0x010 0x020 */ 186 CONTEXT FiberContext; /* 0x014 0x018 0x030 */ 187 #if (NTDDI_VERSION >= NTDDI_LONGHORN) 188 PVOID Wx86Tib; /* 0x2E0 0x1b8 0x500 */ 189 struct _ACTIVATION_CONTEXT_STACK *ActivationContextStackPointer; /* 0x2E4 0x1bc 0x508 */ 190 PVOID FlsData; /* 0x2E8 0x1c0 0x510 */ 191 ULONG GuaranteedStackBytes; /* 0x2EC 0x1c4 0x518 */ 192 ULONG TebFlags; /* 0x2F0 0x1c8 0x51C */ 193 #else 194 ULONG GuaranteedStackBytes; /* 0x2E0 */ 195 PVOID FlsData; /* 0x2E4 */ 196 struct _ACTIVATION_CONTEXT_STACK *ActivationContextStackPointer; 197 #endif 198 } FIBER, *PFIBER; 199 200 #ifndef NTOS_MODE_USER 201 // 202 // Number of dispatch codes supported by KINTERRUPT 203 // 204 #ifdef _M_AMD64 205 #define DISPATCH_LENGTH 4 206 #elif (NTDDI_VERSION >= NTDDI_LONGHORN) 207 #define DISPATCH_LENGTH 135 208 #else 209 #define DISPATCH_LENGTH 106 210 #endif 211 212 #else 213 214 // 215 // KPROCESSOR_MODE Type 216 // 217 typedef CCHAR KPROCESSOR_MODE; 218 219 // 220 // Dereferencable pointer to KUSER_SHARED_DATA in User-Mode 221 // 222 #define SharedUserData ((KUSER_SHARED_DATA *)USER_SHARED_DATA) 223 224 #ifdef _X86_ 225 /* Macros for user-mode run-time checks of X86 system architecture */ 226 227 #ifndef IsNEC_98 228 #define IsNEC_98 (SharedUserData->AlternativeArchitecture == NEC98x86) 229 #endif 230 231 #ifndef IsNotNEC_98 232 #define IsNotNEC_98 (SharedUserData->AlternativeArchitecture != NEC98x86) 233 #endif 234 235 /* User-mode cannot override the architecture */ 236 #ifndef SetNEC_98 237 #define SetNEC_98 238 #endif 239 240 /* User-mode cannot override the architecture */ 241 #ifndef SetNotNEC_98 242 #define SetNotNEC_98 243 #endif 244 245 #else // !_X86_ 246 /* Correctly define these run-time definitions for non X86 machines */ 247 248 #ifndef IsNEC_98 249 #define IsNEC_98 (FALSE) 250 #endif 251 252 #ifndef IsNotNEC_98 253 #define IsNotNEC_98 (TRUE) 254 #endif 255 256 #ifndef SetNEC_98 257 #define SetNEC_98 258 #endif 259 260 #ifndef SetNotNEC_98 261 #define SetNotNEC_98 262 #endif 263 264 #endif // _X86_ 265 266 // 267 // Maximum WOW64 Entries in KUSER_SHARED_DATA 268 // 269 #define MAX_WOW64_SHARED_ENTRIES 16 270 271 // 272 // Maximum Processor Features supported in KUSER_SHARED_DATA 273 // 274 #define PROCESSOR_FEATURE_MAX 64 275 276 // 277 // Event Types 278 // 279 typedef enum _EVENT_TYPE 280 { 281 NotificationEvent, 282 SynchronizationEvent 283 } EVENT_TYPE; 284 285 // 286 // Timer Types 287 // 288 typedef enum _TIMER_TYPE 289 { 290 NotificationTimer, 291 SynchronizationTimer 292 } TIMER_TYPE; 293 294 // 295 // Wait Types 296 // 297 typedef enum _WAIT_TYPE 298 { 299 WaitAll, 300 WaitAny 301 } WAIT_TYPE; 302 303 // 304 // Processor Execution Modes 305 // 306 typedef enum _MODE 307 { 308 KernelMode, 309 UserMode, 310 MaximumMode 311 } MODE; 312 313 // 314 // Wait Reasons 315 // 316 typedef enum _KWAIT_REASON 317 { 318 Executive, 319 FreePage, 320 PageIn, 321 PoolAllocation, 322 DelayExecution, 323 Suspended, 324 UserRequest, 325 WrExecutive, 326 WrFreePage, 327 WrPageIn, 328 WrPoolAllocation, 329 WrDelayExecution, 330 WrSuspended, 331 WrUserRequest, 332 WrEventPair, 333 WrQueue, 334 WrLpcReceive, 335 WrLpcReply, 336 WrVirtualMemory, 337 WrPageOut, 338 WrRendezvous, 339 Spare2, 340 WrGuardedMutex, 341 Spare4, 342 Spare5, 343 Spare6, 344 WrKernel, 345 WrResource, 346 WrPushLock, 347 WrMutex, 348 WrQuantumEnd, 349 WrDispatchInt, 350 WrPreempted, 351 WrYieldExecution, 352 MaximumWaitReason 353 } KWAIT_REASON; 354 355 // 356 // Profiling Sources 357 // 358 typedef enum _KPROFILE_SOURCE 359 { 360 ProfileTime, 361 ProfileAlignmentFixup, 362 ProfileTotalIssues, 363 ProfilePipelineDry, 364 ProfileLoadInstructions, 365 ProfilePipelineFrozen, 366 ProfileBranchInstructions, 367 ProfileTotalNonissues, 368 ProfileDcacheMisses, 369 ProfileIcacheMisses, 370 ProfileCacheMisses, 371 ProfileBranchMispredictions, 372 ProfileStoreInstructions, 373 ProfileFpInstructions, 374 ProfileIntegerInstructions, 375 Profile2Issue, 376 Profile3Issue, 377 Profile4Issue, 378 ProfileSpecialInstructions, 379 ProfileTotalCycles, 380 ProfileIcacheIssues, 381 ProfileDcacheAccesses, 382 ProfileMemoryBarrierCycles, 383 ProfileLoadLinkedIssues, 384 ProfileMaximum 385 } KPROFILE_SOURCE; 386 387 // 388 // NT Product and Architecture Types 389 // 390 typedef enum _NT_PRODUCT_TYPE 391 { 392 NtProductWinNt = 1, 393 NtProductLanManNt, 394 NtProductServer 395 } NT_PRODUCT_TYPE, *PNT_PRODUCT_TYPE; 396 397 typedef enum _ALTERNATIVE_ARCHITECTURE_TYPE 398 { 399 StandardDesign, 400 NEC98x86, 401 EndAlternatives 402 } ALTERNATIVE_ARCHITECTURE_TYPE; 403 404 #endif 405 406 // 407 // Thread States 408 // 409 typedef enum _KTHREAD_STATE 410 { 411 Initialized, 412 Ready, 413 Running, 414 Standby, 415 Terminated, 416 Waiting, 417 Transition, 418 DeferredReady, 419 #if (NTDDI_VERSION >= NTDDI_WS03) 420 GateWait 421 #endif 422 } KTHREAD_STATE, *PKTHREAD_STATE; 423 424 // 425 // Kernel Object Types 426 // 427 typedef enum _KOBJECTS 428 { 429 EventNotificationObject = 0, 430 EventSynchronizationObject = 1, 431 MutantObject = 2, 432 ProcessObject = 3, 433 QueueObject = 4, 434 SemaphoreObject = 5, 435 ThreadObject = 6, 436 GateObject = 7, 437 TimerNotificationObject = 8, 438 TimerSynchronizationObject = 9, 439 Spare2Object = 10, 440 Spare3Object = 11, 441 Spare4Object = 12, 442 Spare5Object = 13, 443 Spare6Object = 14, 444 Spare7Object = 15, 445 Spare8Object = 16, 446 Spare9Object = 17, 447 ApcObject = 18, 448 DpcObject = 19, 449 DeviceQueueObject = 20, 450 EventPairObject = 21, 451 InterruptObject = 22, 452 ProfileObject = 23, 453 ThreadedDpcObject = 24, 454 MaximumKernelObject = 25 455 } KOBJECTS; 456 457 // 458 // Adjust reasons 459 // 460 typedef enum _ADJUST_REASON 461 { 462 AdjustNone = 0, 463 AdjustUnwait = 1, 464 AdjustBoost = 2 465 } ADJUST_REASON; 466 467 // 468 // Continue Status 469 // 470 typedef enum _KCONTINUE_STATUS 471 { 472 ContinueError = 0, 473 ContinueSuccess, 474 ContinueProcessorReselected, 475 ContinueNextProcessor 476 } KCONTINUE_STATUS; 477 478 // 479 // Process States 480 // 481 typedef enum _KPROCESS_STATE 482 { 483 ProcessInMemory, 484 ProcessOutOfMemory, 485 ProcessInTransition, 486 ProcessInSwap, 487 ProcessOutSwap, 488 } KPROCESS_STATE, *PKPROCESS_STATE; 489 490 // 491 // NtVdmControl Classes 492 // 493 typedef enum _VDMSERVICECLASS 494 { 495 VdmStartExecution = 0, 496 VdmQueueInterrupt = 1, 497 VdmDelayInterrupt = 2, 498 VdmInitialize = 3, 499 VdmFeatures = 4, 500 VdmSetInt21Handler = 5, 501 VdmQueryDir = 6, 502 VdmPrinterDirectIoOpen = 7, 503 VdmPrinterDirectIoClose = 8, 504 VdmPrinterInitialize = 9, 505 VdmSetLdtEntries = 10, 506 VdmSetProcessLdtInfo = 11, 507 VdmAdlibEmulation = 12, 508 VdmPMCliControl = 13, 509 VdmQueryVdmProcess = 14, 510 } VDMSERVICECLASS; 511 512 #ifdef NTOS_MODE_USER 513 514 // 515 // APC Normal Routine 516 // 517 typedef VOID 518 (NTAPI *PKNORMAL_ROUTINE)( 519 _In_ PVOID NormalContext, 520 _In_ PVOID SystemArgument1, 521 _In_ PVOID SystemArgument2 522 ); 523 524 // 525 // Timer Routine 526 // 527 typedef VOID 528 (NTAPI *PTIMER_APC_ROUTINE)( 529 _In_ PVOID TimerContext, 530 _In_ ULONG TimerLowValue, 531 _In_ LONG TimerHighValue 532 ); 533 534 // 535 // System Time Structure 536 // 537 typedef struct _KSYSTEM_TIME 538 { 539 ULONG LowPart; 540 LONG High1Time; 541 LONG High2Time; 542 } KSYSTEM_TIME, *PKSYSTEM_TIME; 543 544 // 545 // Shared Kernel User Data 546 // 547 typedef struct _KUSER_SHARED_DATA 548 { 549 ULONG TickCountLowDeprecated; 550 ULONG TickCountMultiplier; 551 volatile KSYSTEM_TIME InterruptTime; 552 volatile KSYSTEM_TIME SystemTime; 553 volatile KSYSTEM_TIME TimeZoneBias; 554 USHORT ImageNumberLow; 555 USHORT ImageNumberHigh; 556 WCHAR NtSystemRoot[260]; 557 ULONG MaxStackTraceDepth; 558 ULONG CryptoExponent; 559 ULONG TimeZoneId; 560 ULONG LargePageMinimum; 561 ULONG Reserved2[7]; 562 NT_PRODUCT_TYPE NtProductType; 563 BOOLEAN ProductTypeIsValid; 564 ULONG NtMajorVersion; 565 ULONG NtMinorVersion; 566 BOOLEAN ProcessorFeatures[PROCESSOR_FEATURE_MAX]; 567 ULONG Reserved1; 568 ULONG Reserved3; 569 volatile ULONG TimeSlip; 570 ALTERNATIVE_ARCHITECTURE_TYPE AlternativeArchitecture; 571 LARGE_INTEGER SystemExpirationDate; 572 ULONG SuiteMask; 573 BOOLEAN KdDebuggerEnabled; 574 #if (NTDDI_VERSION >= NTDDI_WINXPSP2) 575 UCHAR NXSupportPolicy; 576 #endif 577 volatile ULONG ActiveConsoleId; 578 volatile ULONG DismountCount; 579 ULONG ComPlusPackage; 580 ULONG LastSystemRITEventTickCount; 581 ULONG NumberOfPhysicalPages; 582 BOOLEAN SafeBootMode; 583 ULONG TraceLogging; 584 ULONG Fill0; 585 ULONGLONG TestRetInstruction; 586 ULONG SystemCall; 587 ULONG SystemCallReturn; 588 ULONGLONG SystemCallPad[3]; 589 union { 590 volatile KSYSTEM_TIME TickCount; 591 volatile ULONG64 TickCountQuad; 592 }; 593 ULONG Cookie; 594 #if (NTDDI_VERSION >= NTDDI_WS03) 595 LONGLONG ConsoleSessionForegroundProcessId; 596 ULONG Wow64SharedInformation[MAX_WOW64_SHARED_ENTRIES]; 597 #endif 598 #if (NTDDI_VERSION >= NTDDI_LONGHORN) 599 USHORT UserModeGlobalLogger[8]; 600 ULONG HeapTracingPid[2]; 601 ULONG CritSecTracingPid[2]; 602 union 603 { 604 ULONG SharedDataFlags; 605 struct 606 { 607 ULONG DbgErrorPortPresent:1; 608 ULONG DbgElevationEnabled:1; 609 ULONG DbgVirtEnabled:1; 610 ULONG DbgInstallerDetectEnabled:1; 611 ULONG SpareBits:28; 612 }; 613 }; 614 ULONG ImageFileExecutionOptions; 615 KAFFINITY ActiveProcessorAffinity; 616 #endif 617 } KUSER_SHARED_DATA, *PKUSER_SHARED_DATA; 618 619 // 620 // VDM Structures 621 // 622 #include "pshpack1.h" 623 typedef struct _VdmVirtualIca 624 { 625 LONG ica_count[8]; 626 LONG ica_int_line; 627 LONG ica_cpu_int; 628 USHORT ica_base; 629 USHORT ica_hipiri; 630 USHORT ica_mode; 631 UCHAR ica_master; 632 UCHAR ica_irr; 633 UCHAR ica_isr; 634 UCHAR ica_imr; 635 UCHAR ica_ssr; 636 } VDMVIRTUALICA, *PVDMVIRTUALICA; 637 #include "poppack.h" 638 639 typedef struct _VdmIcaUserData 640 { 641 PVOID pIcaLock; 642 PVDMVIRTUALICA pIcaMaster; 643 PVDMVIRTUALICA pIcaSlave; 644 PULONG pDelayIrq; 645 PULONG pUndelayIrq; 646 PULONG pDelayIret; 647 PULONG pIretHooked; 648 PULONG pAddrIretBopTable; 649 PHANDLE phWowIdleEvent; 650 PLARGE_INTEGER pIcaTimeout; 651 PHANDLE phMainThreadSuspended; 652 } VDMICAUSERDATA, *PVDMICAUSERDATA; 653 654 typedef struct _VDM_INITIALIZE_DATA 655 { 656 PVOID TrapcHandler; 657 PVDMICAUSERDATA IcaUserData; 658 } VDM_INITIALIZE_DATA, *PVDM_INITIALIZE_DATA; 659 660 #else 661 662 // 663 // System Thread Start Routine 664 // 665 typedef 666 VOID 667 (NTAPI *PKSYSTEM_ROUTINE)( 668 PKSTART_ROUTINE StartRoutine, 669 PVOID StartContext 670 ); 671 672 #ifndef _NTSYSTEM_ 673 typedef VOID 674 (NTAPI *PKNORMAL_ROUTINE)( 675 IN PVOID NormalContext OPTIONAL, 676 IN PVOID SystemArgument1 OPTIONAL, 677 IN PVOID SystemArgument2 OPTIONAL); 678 679 typedef VOID 680 (NTAPI *PKRUNDOWN_ROUTINE)( 681 IN struct _KAPC *Apc); 682 683 typedef VOID 684 (NTAPI *PKKERNEL_ROUTINE)( 685 IN struct _KAPC *Apc, 686 IN OUT PKNORMAL_ROUTINE *NormalRoutine OPTIONAL, 687 IN OUT PVOID *NormalContext OPTIONAL, 688 IN OUT PVOID *SystemArgument1 OPTIONAL, 689 IN OUT PVOID *SystemArgument2 OPTIONAL); 690 #endif 691 692 // 693 // APC Environment Types 694 // 695 typedef enum _KAPC_ENVIRONMENT 696 { 697 OriginalApcEnvironment, 698 AttachedApcEnvironment, 699 CurrentApcEnvironment, 700 InsertApcEnvironment 701 } KAPC_ENVIRONMENT; 702 703 typedef struct _KTIMER_TABLE_ENTRY 704 { 705 #if (NTDDI_VERSION >= NTDDI_LONGHORN) || defined(_M_ARM) || defined(_M_AMD64) 706 KSPIN_LOCK Lock; 707 #endif 708 LIST_ENTRY Entry; 709 ULARGE_INTEGER Time; 710 } KTIMER_TABLE_ENTRY, *PKTIMER_TABLE_ENTRY; 711 712 typedef struct _KTIMER_TABLE 713 { 714 PKTIMER TimerExpiry[64]; 715 KTIMER_TABLE_ENTRY TimerEntries[256]; 716 } KTIMER_TABLE, *PKTIMER_TABLE; 717 718 typedef struct _KDPC_LIST 719 { 720 SINGLE_LIST_ENTRY ListHead; 721 SINGLE_LIST_ENTRY* LastEntry; 722 } KDPC_LIST, *PKDPC_LIST; 723 724 typedef struct _SYNCH_COUNTERS 725 { 726 ULONG SpinLockAcquireCount; 727 ULONG SpinLockContentionCount; 728 ULONG SpinLockSpinCount; 729 ULONG IpiSendRequestBroadcastCount; 730 ULONG IpiSendRequestRoutineCount; 731 ULONG IpiSendSoftwareInterruptCount; 732 ULONG ExInitializeResourceCount; 733 ULONG ExReInitializeResourceCount; 734 ULONG ExDeleteResourceCount; 735 ULONG ExecutiveResourceAcquiresCount; 736 ULONG ExecutiveResourceContentionsCount; 737 ULONG ExecutiveResourceReleaseExclusiveCount; 738 ULONG ExecutiveResourceReleaseSharedCount; 739 ULONG ExecutiveResourceConvertsCount; 740 ULONG ExAcqResExclusiveAttempts; 741 ULONG ExAcqResExclusiveAcquiresExclusive; 742 ULONG ExAcqResExclusiveAcquiresExclusiveRecursive; 743 ULONG ExAcqResExclusiveWaits; 744 ULONG ExAcqResExclusiveNotAcquires; 745 ULONG ExAcqResSharedAttempts; 746 ULONG ExAcqResSharedAcquiresExclusive; 747 ULONG ExAcqResSharedAcquiresShared; 748 ULONG ExAcqResSharedAcquiresSharedRecursive; 749 ULONG ExAcqResSharedWaits; 750 ULONG ExAcqResSharedNotAcquires; 751 ULONG ExAcqResSharedStarveExclusiveAttempts; 752 ULONG ExAcqResSharedStarveExclusiveAcquiresExclusive; 753 ULONG ExAcqResSharedStarveExclusiveAcquiresShared; 754 ULONG ExAcqResSharedStarveExclusiveAcquiresSharedRecursive; 755 ULONG ExAcqResSharedStarveExclusiveWaits; 756 ULONG ExAcqResSharedStarveExclusiveNotAcquires; 757 ULONG ExAcqResSharedWaitForExclusiveAttempts; 758 ULONG ExAcqResSharedWaitForExclusiveAcquiresExclusive; 759 ULONG ExAcqResSharedWaitForExclusiveAcquiresShared; 760 ULONG ExAcqResSharedWaitForExclusiveAcquiresSharedRecursive; 761 ULONG ExAcqResSharedWaitForExclusiveWaits; 762 ULONG ExAcqResSharedWaitForExclusiveNotAcquires; 763 ULONG ExSetResOwnerPointerExclusive; 764 ULONG ExSetResOwnerPointerSharedNew; 765 ULONG ExSetResOwnerPointerSharedOld; 766 ULONG ExTryToAcqExclusiveAttempts; 767 ULONG ExTryToAcqExclusiveAcquires; 768 ULONG ExBoostExclusiveOwner; 769 ULONG ExBoostSharedOwners; 770 ULONG ExEtwSynchTrackingNotificationsCount; 771 ULONG ExEtwSynchTrackingNotificationsAccountedCount; 772 } SYNCH_COUNTERS, *PSYNCH_COUNTERS; 773 774 // 775 // PRCB DPC Data 776 // 777 typedef struct _KDPC_DATA 778 { 779 #if (NTDDI_VERSION >= NTDDI_LONGHORN) 780 KDPC_LIST DpcList; 781 #else 782 LIST_ENTRY DpcListHead; 783 #endif 784 ULONG_PTR DpcLock; 785 #if defined(_M_AMD64) || defined(_M_ARM) 786 volatile LONG DpcQueueDepth; 787 #else 788 volatile ULONG DpcQueueDepth; 789 #endif 790 ULONG DpcCount; 791 #if (NTDDI_VERSION >= NTDDI_LONGHORN) || defined(_M_ARM) 792 PKDPC ActiveDpc; 793 #endif 794 } KDPC_DATA, *PKDPC_DATA; 795 796 // 797 // Per-Processor Lookaside List 798 // 799 typedef struct _PP_LOOKASIDE_LIST 800 { 801 struct _GENERAL_LOOKASIDE *P; 802 struct _GENERAL_LOOKASIDE *L; 803 } PP_LOOKASIDE_LIST, *PPP_LOOKASIDE_LIST; 804 805 // 806 // Architectural Types 807 // 808 #include <arch/ketypes.h> 809 810 // 811 // Kernel Memory Node 812 // 813 #include <pshpack1.h> 814 typedef struct _KNODE 815 { 816 SLIST_HEADER DeadStackList; 817 SLIST_HEADER PfnDereferenceSListHead; 818 KAFFINITY ProcessorMask; 819 UCHAR Color; 820 UCHAR Seed; 821 UCHAR NodeNumber; 822 struct _flags { 823 UCHAR Removable : 1; 824 UCHAR Fill : 7; 825 } Flags; 826 ULONG MmShiftedColor; 827 ULONG FreeCount[2]; 828 struct _SINGLE_LIST_ENTRY *PfnDeferredList; 829 } KNODE, *PKNODE; 830 #include <poppack.h> 831 832 // 833 // Structure for Get/SetContext APC 834 // 835 typedef struct _GETSETCONTEXT 836 { 837 KAPC Apc; 838 KEVENT Event; 839 KPROCESSOR_MODE Mode; 840 CONTEXT Context; 841 } GETSETCONTEXT, *PGETSETCONTEXT; 842 843 // 844 // Kernel Profile Object 845 // 846 typedef struct _KPROFILE 847 { 848 CSHORT Type; 849 CSHORT Size; 850 LIST_ENTRY ProfileListEntry; 851 struct _KPROCESS *Process; 852 PVOID RangeBase; 853 PVOID RangeLimit; 854 ULONG BucketShift; 855 PVOID Buffer; 856 ULONG_PTR Segment; 857 KAFFINITY Affinity; 858 KPROFILE_SOURCE Source; 859 BOOLEAN Started; 860 } KPROFILE, *PKPROFILE; 861 862 // 863 // Kernel Interrupt Object 864 // 865 typedef struct _KINTERRUPT 866 { 867 CSHORT Type; 868 CSHORT Size; 869 LIST_ENTRY InterruptListEntry; 870 PKSERVICE_ROUTINE ServiceRoutine; 871 #if (NTDDI_VERSION >= NTDDI_LONGHORN) 872 PKSERVICE_ROUTINE MessageServiceRoutine; 873 ULONG MessageIndex; 874 #endif 875 PVOID ServiceContext; 876 KSPIN_LOCK SpinLock; 877 ULONG TickCount; 878 PKSPIN_LOCK ActualLock; 879 PKINTERRUPT_ROUTINE DispatchAddress; 880 ULONG Vector; 881 KIRQL Irql; 882 KIRQL SynchronizeIrql; 883 BOOLEAN FloatingSave; 884 BOOLEAN Connected; 885 CCHAR Number; 886 BOOLEAN ShareVector; 887 KINTERRUPT_MODE Mode; 888 #if (NTDDI_VERSION >= NTDDI_LONGHORN) 889 KINTERRUPT_POLARITY Polarity; 890 #endif 891 ULONG ServiceCount; 892 ULONG DispatchCount; 893 #if (NTDDI_VERSION >= NTDDI_LONGHORN) 894 ULONGLONG Rsvd1; 895 #endif 896 #ifdef _M_AMD64 897 PKTRAP_FRAME TrapFrame; 898 PVOID Reserved; 899 #endif 900 ULONG DispatchCode[DISPATCH_LENGTH]; 901 } KINTERRUPT; 902 903 // 904 // Kernel Event Pair Object 905 // 906 typedef struct _KEVENT_PAIR 907 { 908 CSHORT Type; 909 CSHORT Size; 910 KEVENT LowEvent; 911 KEVENT HighEvent; 912 } KEVENT_PAIR, *PKEVENT_PAIR; 913 914 // 915 // Kernel No Execute Options 916 // 917 typedef struct _KEXECUTE_OPTIONS 918 { 919 UCHAR ExecuteDisable:1; 920 UCHAR ExecuteEnable:1; 921 UCHAR DisableThunkEmulation:1; 922 UCHAR Permanent:1; 923 UCHAR ExecuteDispatchEnable:1; 924 UCHAR ImageDispatchEnable:1; 925 UCHAR Spare:2; 926 } KEXECUTE_OPTIONS, *PKEXECUTE_OPTIONS; 927 928 #if (NTDDI_VERSION >= NTDDI_WIN7) 929 typedef union _KWAIT_STATUS_REGISTER 930 { 931 UCHAR Flags; 932 struct 933 { 934 UCHAR State:2; 935 UCHAR Affinity:1; 936 UCHAR Priority:1; 937 UCHAR Apc:1; 938 UCHAR UserApc:1; 939 UCHAR Alert:1; 940 UCHAR Unused:1; 941 }; 942 } KWAIT_STATUS_REGISTER, *PKWAIT_STATUS_REGISTER; 943 944 typedef struct _COUNTER_READING 945 { 946 enum _HARDWARE_COUNTER_TYPE Type; 947 ULONG Index; 948 ULONG64 Start; 949 ULONG64 Total; 950 }COUNTER_READING, *PCOUNTER_READING; 951 952 typedef struct _KTHREAD_COUNTERS 953 { 954 ULONG64 WaitReasonBitMap; 955 struct _THREAD_PERFORMANCE_DATA* UserData; 956 ULONG Flags; 957 ULONG ContextSwitches; 958 ULONG64 CycleTimeBias; 959 ULONG64 HardwareCounters; 960 COUNTER_READING HwCounter[16]; 961 }KTHREAD_COUNTERS, *PKTHREAD_COUNTERS; 962 #endif 963 964 /// FIXME: should move to rtltypes.h, but we can't include it here. 965 #if (NTDDI_VERSION >= NTDDI_WIN8) 966 typedef struct _RTL_RB_TREE 967 { 968 PRTL_BALANCED_NODE Root; 969 PRTL_BALANCED_NODE Min; 970 } RTL_RB_TREE, *PRTL_RB_TREE; 971 #endif 972 973 #if (NTDDI_VERSION >= NTDDI_WINBLUE) 974 typedef struct _KLOCK_ENTRY_LOCK_STATE 975 { 976 union 977 { 978 struct 979 { 980 #if (NTDDI_VERSION >= NTDDI_WIN10) // since 6.4.9841.0 981 ULONG_PTR CrossThreadReleasable : 1; 982 #else 983 ULONG_PTR Waiting : 1; 984 #endif 985 ULONG_PTR Busy : 1; 986 ULONG_PTR Reserved : (8 * sizeof(PVOID)) - 3; // previously Spare 987 ULONG_PTR InTree : 1; 988 }; 989 PVOID LockState; 990 }; 991 union 992 { 993 PVOID SessionState; 994 struct 995 { 996 ULONG SessionId; 997 #ifdef _WIN64 998 ULONG SessionPad; 999 #endif 1000 }; 1001 }; 1002 } KLOCK_ENTRY_LOCK_STATE, *PKLOCK_ENTRY_LOCK_STATE; 1003 1004 typedef struct _KLOCK_ENTRY 1005 { 1006 union 1007 { 1008 RTL_BALANCED_NODE TreeNode; 1009 SINGLE_LIST_ENTRY FreeListEntry; 1010 }; 1011 #if (NTDDI_VERSION >= NTDDI_WIN10) 1012 union 1013 { 1014 ULONG EntryFlags; 1015 struct 1016 { 1017 UCHAR EntryOffset; 1018 union 1019 { 1020 UCHAR ThreadLocalFlags; 1021 struct 1022 { 1023 UCHAR WaitingBit : 1; 1024 UCHAR Spare0 : 7; 1025 }; 1026 }; 1027 union 1028 { 1029 UCHAR AcquiredByte; 1030 UCHAR AcquiredBit : 1; 1031 }; 1032 union 1033 { 1034 UCHAR CrossThreadFlags; 1035 struct 1036 { 1037 UCHAR HeadNodeBit : 1; 1038 UCHAR IoPriorityBit : 1; 1039 UCHAR IoQoSWaiter : 1; // since TH2 1040 UCHAR Spare1 : 5; 1041 }; 1042 }; 1043 }; 1044 struct 1045 { 1046 ULONG StaticState : 8; 1047 ULONG AllFlags : 24; 1048 }; 1049 }; 1050 #ifdef _WIN64 1051 ULONG SpareFlags; 1052 #endif 1053 #else 1054 union 1055 { 1056 PVOID ThreadUnsafe; 1057 struct 1058 { 1059 volatile UCHAR HeadNodeByte; 1060 UCHAR Reserved1[2]; 1061 volatile UCHAR AcquiredByte; 1062 }; 1063 }; 1064 #endif 1065 1066 union 1067 { 1068 KLOCK_ENTRY_LOCK_STATE LockState; 1069 PVOID LockUnsafe; 1070 struct 1071 { 1072 #if (NTDDI_VERSION >= NTDDI_WIN10) 1073 volatile UCHAR CrossThreadReleasableAndBusyByte; 1074 #else 1075 volatile UCHAR WaitingAndBusyByte; 1076 #endif 1077 UCHAR Reserved[sizeof(PVOID) - 2]; 1078 UCHAR InTreeByte; 1079 union 1080 { 1081 PVOID SessionState; 1082 struct 1083 { 1084 ULONG SessionId; 1085 #ifdef _WIN64 1086 ULONG SessionPad; 1087 #endif 1088 }; 1089 }; 1090 }; 1091 }; 1092 union 1093 { 1094 struct 1095 { 1096 RTL_RB_TREE OwnerTree; 1097 RTL_RB_TREE WaiterTree; 1098 }; 1099 CHAR CpuPriorityKey; 1100 }; 1101 ULONG_PTR EntryLock; 1102 union 1103 { 1104 #if _WIN64 1105 ULONG AllBoosts : 17; 1106 #else 1107 USHORT AllBoosts; 1108 #endif 1109 struct 1110 { 1111 struct 1112 { 1113 USHORT CpuBoostsBitmap : 15; 1114 USHORT IoBoost : 1; 1115 }; 1116 struct 1117 { 1118 USHORT IoQoSBoost : 1; 1119 USHORT IoNormalPriorityWaiterCount : 8; 1120 USHORT IoQoSWaiterCount : 7; 1121 }; 1122 }; 1123 }; 1124 #if _WIN64 1125 ULONG SparePad; 1126 #endif 1127 } KLOCK_ENTRY, *PKLOCK_ENTRY; 1128 1129 #endif 1130 1131 // 1132 // Kernel Thread (KTHREAD) 1133 // 1134 #if (NTDDI_VERSION < NTDDI_WIN8) 1135 1136 typedef struct _KTHREAD 1137 { 1138 DISPATCHER_HEADER Header; 1139 #if (NTDDI_VERSION >= NTDDI_LONGHORN) // [ 1140 ULONGLONG CycleTime; 1141 #ifndef _WIN64 // [ 1142 ULONG HighCycleTime; 1143 #endif // ] 1144 ULONGLONG QuantumTarget; 1145 #else // ][ 1146 LIST_ENTRY MutantListHead; 1147 #endif // ] 1148 PVOID InitialStack; 1149 ULONG_PTR StackLimit; // FIXME: PVOID 1150 PVOID KernelStack; 1151 KSPIN_LOCK ThreadLock; 1152 #if (NTDDI_VERSION >= NTDDI_WIN7) // [ 1153 KWAIT_STATUS_REGISTER WaitRegister; 1154 BOOLEAN Running; 1155 BOOLEAN Alerted[2]; 1156 union 1157 { 1158 struct 1159 { 1160 ULONG KernelStackResident:1; 1161 ULONG ReadyTransition:1; 1162 ULONG ProcessReadyQueue:1; 1163 ULONG WaitNext:1; 1164 ULONG SystemAffinityActive:1; 1165 ULONG Alertable:1; 1166 ULONG GdiFlushActive:1; 1167 ULONG UserStackWalkActive:1; 1168 ULONG ApcInterruptRequest:1; 1169 ULONG ForceDeferSchedule:1; 1170 ULONG QuantumEndMigrate:1; 1171 ULONG UmsDirectedSwitchEnable:1; 1172 ULONG TimerActive:1; 1173 ULONG Reserved:19; 1174 }; 1175 LONG MiscFlags; 1176 }; 1177 #endif // ] 1178 union 1179 { 1180 KAPC_STATE ApcState; 1181 struct 1182 { 1183 UCHAR ApcStateFill[FIELD_OFFSET(KAPC_STATE, UserApcPending) + 1]; 1184 #if (NTDDI_VERSION >= NTDDI_LONGHORN) // [ 1185 SCHAR Priority; 1186 #if (NTDDI_VERSION >= NTDDI_WIN7) // [ 1187 /* On x86, the following members "fall out" of the union */ 1188 volatile ULONG NextProcessor; 1189 volatile ULONG DeferredProcessor; 1190 #else // ][ 1191 /* On x86, the following members "fall out" of the union */ 1192 volatile USHORT NextProcessor; 1193 volatile USHORT DeferredProcessor; 1194 #endif // ] 1195 #else // ][ 1196 UCHAR ApcQueueable; 1197 /* On x86, the following members "fall out" of the union */ 1198 volatile UCHAR NextProcessor; 1199 volatile UCHAR DeferredProcessor; 1200 UCHAR AdjustReason; 1201 SCHAR AdjustIncrement; 1202 #endif // ] 1203 }; 1204 }; 1205 KSPIN_LOCK ApcQueueLock; 1206 #ifndef _M_AMD64 // [ 1207 ULONG ContextSwitches; 1208 volatile UCHAR State; 1209 UCHAR NpxState; 1210 KIRQL WaitIrql; 1211 KPROCESSOR_MODE WaitMode; 1212 #endif // ] 1213 LONG_PTR WaitStatus; 1214 #if (NTDDI_VERSION >= NTDDI_WIN7) // [ 1215 PKWAIT_BLOCK WaitBlockList; 1216 #else // ][ 1217 union 1218 { 1219 PKWAIT_BLOCK WaitBlockList; 1220 PKGATE GateObject; 1221 }; 1222 #if (NTDDI_VERSION >= NTDDI_LONGHORN) // [ 1223 union 1224 { 1225 struct 1226 { 1227 ULONG KernelStackResident:1; 1228 ULONG ReadyTransition:1; 1229 ULONG ProcessReadyQueue:1; 1230 ULONG WaitNext:1; 1231 ULONG SystemAffinityActive:1; 1232 ULONG Alertable:1; 1233 ULONG GdiFlushActive:1; 1234 ULONG Reserved:25; 1235 }; 1236 LONG MiscFlags; 1237 }; 1238 #else // ][ 1239 BOOLEAN Alertable; 1240 BOOLEAN WaitNext; 1241 #endif // ] 1242 UCHAR WaitReason; 1243 #if (NTDDI_VERSION < NTDDI_LONGHORN) 1244 SCHAR Priority; 1245 BOOLEAN EnableStackSwap; 1246 #endif // ] 1247 volatile UCHAR SwapBusy; 1248 BOOLEAN Alerted[MaximumMode]; 1249 #endif // ] 1250 union 1251 { 1252 LIST_ENTRY WaitListEntry; 1253 SINGLE_LIST_ENTRY SwapListEntry; 1254 }; 1255 PKQUEUE Queue; 1256 #ifndef _M_AMD64 // [ 1257 ULONG WaitTime; 1258 union 1259 { 1260 struct 1261 { 1262 SHORT KernelApcDisable; 1263 SHORT SpecialApcDisable; 1264 }; 1265 ULONG CombinedApcDisable; 1266 }; 1267 #endif // ] 1268 struct _TEB *Teb; 1269 1270 #if (NTDDI_VERSION >= NTDDI_WIN7) // [ 1271 KTIMER Timer; 1272 #else // ][ 1273 union 1274 { 1275 KTIMER Timer; 1276 struct 1277 { 1278 UCHAR TimerFill[FIELD_OFFSET(KTIMER, Period) + sizeof(LONG)]; 1279 #if !defined(_WIN64) // [ 1280 }; 1281 }; 1282 #endif // ] 1283 #endif // ] 1284 union 1285 { 1286 struct 1287 { 1288 ULONG AutoAlignment:1; 1289 ULONG DisableBoost:1; 1290 #if (NTDDI_VERSION >= NTDDI_LONGHORN) // [ 1291 ULONG EtwStackTraceApc1Inserted:1; 1292 ULONG EtwStackTraceApc2Inserted:1; 1293 ULONG CycleChargePending:1; 1294 ULONG CalloutActive:1; 1295 ULONG ApcQueueable:1; 1296 ULONG EnableStackSwap:1; 1297 ULONG GuiThread:1; 1298 ULONG ReservedFlags:23; 1299 #else // ][ 1300 LONG ReservedFlags:30; 1301 #endif // ] 1302 }; 1303 LONG ThreadFlags; 1304 }; 1305 #if defined(_WIN64) && (NTDDI_VERSION < NTDDI_WIN7) // [ 1306 }; 1307 }; 1308 #endif // ] 1309 #if (NTDDI_VERSION >= NTDDI_WIN7) // [ 1310 #if defined(_WIN64) // [ 1311 ULONG Spare0; 1312 #else // ][ 1313 PVOID ServiceTable; 1314 #endif // ] 1315 #endif // ] 1316 union 1317 { 1318 DECLSPEC_ALIGN(8) KWAIT_BLOCK WaitBlock[THREAD_WAIT_OBJECTS + 1]; 1319 #if (NTDDI_VERSION < NTDDI_WIN7) // [ 1320 struct 1321 { 1322 UCHAR WaitBlockFill0[FIELD_OFFSET(KWAIT_BLOCK, SpareByte)]; // 32bit = 23, 64bit = 43 1323 #if (NTDDI_VERSION >= NTDDI_LONGHORN) // [ 1324 UCHAR IdealProcessor; 1325 #else // ][ 1326 BOOLEAN SystemAffinityActive; 1327 #endif // ] 1328 }; 1329 struct 1330 { 1331 UCHAR WaitBlockFill1[1 * sizeof(KWAIT_BLOCK) + FIELD_OFFSET(KWAIT_BLOCK, SpareByte)]; // 47 / 91 1332 CCHAR PreviousMode; 1333 }; 1334 struct 1335 { 1336 UCHAR WaitBlockFill2[2 * sizeof(KWAIT_BLOCK) + FIELD_OFFSET(KWAIT_BLOCK, SpareByte)]; // 71 / 139 1337 UCHAR ResourceIndex; 1338 }; 1339 struct 1340 { 1341 UCHAR WaitBlockFill3[3 * sizeof(KWAIT_BLOCK) + FIELD_OFFSET(KWAIT_BLOCK, SpareByte)]; // 95 / 187 1342 UCHAR LargeStack; 1343 }; 1344 #endif // ] 1345 #ifdef _WIN64 // [ 1346 struct 1347 { 1348 UCHAR WaitBlockFill4[FIELD_OFFSET(KWAIT_BLOCK, SpareLong)]; 1349 ULONG ContextSwitches; 1350 }; 1351 struct 1352 { 1353 UCHAR WaitBlockFill5[1 * sizeof(KWAIT_BLOCK) + FIELD_OFFSET(KWAIT_BLOCK, SpareLong)]; 1354 UCHAR State; 1355 UCHAR NpxState; 1356 UCHAR WaitIrql; 1357 CHAR WaitMode; 1358 }; 1359 struct 1360 { 1361 UCHAR WaitBlockFill6[2 * sizeof(KWAIT_BLOCK) + FIELD_OFFSET(KWAIT_BLOCK, SpareLong)]; 1362 ULONG WaitTime; 1363 }; 1364 #if (NTDDI_VERSION >= NTDDI_WIN7) // [ 1365 struct 1366 { 1367 UCHAR WaitBlockFill7[168]; 1368 PVOID TebMappedLowVa; 1369 struct _UMS_CONTROL_BLOCK* Ucb; 1370 }; 1371 #endif // ] 1372 struct 1373 { 1374 #if (NTDDI_VERSION >= NTDDI_WIN7) // [ 1375 UCHAR WaitBlockFill8[188]; 1376 #else // ][ 1377 UCHAR WaitBlockFill7[3 * sizeof(KWAIT_BLOCK) + FIELD_OFFSET(KWAIT_BLOCK, SpareLong)]; 1378 #endif // ] 1379 union 1380 { 1381 struct 1382 { 1383 SHORT KernelApcDisable; 1384 SHORT SpecialApcDisable; 1385 }; 1386 ULONG CombinedApcDisable; 1387 }; 1388 }; 1389 #endif // ] 1390 }; 1391 LIST_ENTRY QueueListEntry; 1392 PKTRAP_FRAME TrapFrame; 1393 #if (NTDDI_VERSION >= NTDDI_LONGHORN) // [ 1394 PVOID FirstArgument; 1395 union 1396 { 1397 PVOID CallbackStack; 1398 ULONG_PTR CallbackDepth; 1399 }; 1400 #else // ][ 1401 PVOID CallbackStack; 1402 #endif // ] 1403 #if (NTDDI_VERSION < NTDDI_LONGHORN) || ((NTDDI_VERSION < NTDDI_WIN7) && !defined(_WIN64)) // [ 1404 PVOID ServiceTable; 1405 #endif // ] 1406 #if (NTDDI_VERSION < NTDDI_LONGHORN) && defined(_WIN64) // [ 1407 ULONG KernelLimit; 1408 #endif // ] 1409 UCHAR ApcStateIndex; 1410 #if (NTDDI_VERSION < NTDDI_LONGHORN) // [ 1411 UCHAR IdealProcessor; 1412 BOOLEAN Preempted; 1413 BOOLEAN ProcessReadyQueue; 1414 #ifdef _WIN64 // [ 1415 PVOID Win32kTable; 1416 ULONG Win32kLimit; 1417 #endif // ] 1418 BOOLEAN KernelStackResident; 1419 #endif // ] 1420 SCHAR BasePriority; 1421 SCHAR PriorityDecrement; 1422 #if (NTDDI_VERSION >= NTDDI_LONGHORN) // [ 1423 BOOLEAN Preempted; 1424 UCHAR AdjustReason; 1425 CHAR AdjustIncrement; 1426 #if (NTDDI_VERSION >= NTDDI_WIN7) 1427 UCHAR PreviousMode; 1428 #else 1429 UCHAR Spare01; 1430 #endif 1431 #endif // ] 1432 CHAR Saturation; 1433 #if (NTDDI_VERSION >= NTDDI_LONGHORN) // [ 1434 ULONG SystemCallNumber; 1435 #if (NTDDI_VERSION >= NTDDI_WIN7) // [ 1436 ULONG FreezeCount; 1437 #else // ][ 1438 ULONG Spare02; 1439 #endif // ] 1440 #endif // ] 1441 #if (NTDDI_VERSION >= NTDDI_WIN7) // [ 1442 GROUP_AFFINITY UserAffinity; 1443 struct _KPROCESS *Process; 1444 GROUP_AFFINITY Affinity; 1445 ULONG IdealProcessor; 1446 ULONG UserIdealProcessor; 1447 #else // ][ 1448 KAFFINITY UserAffinity; 1449 struct _KPROCESS *Process; 1450 KAFFINITY Affinity; 1451 #endif // ] 1452 PKAPC_STATE ApcStatePointer[2]; 1453 union 1454 { 1455 KAPC_STATE SavedApcState; 1456 struct 1457 { 1458 UCHAR SavedApcStateFill[FIELD_OFFSET(KAPC_STATE, UserApcPending) + 1]; 1459 #if (NTDDI_VERSION >= NTDDI_WIN7) // [ 1460 UCHAR WaitReason; 1461 #else // ][ 1462 CCHAR FreezeCount; 1463 #endif // ] 1464 #ifndef _WIN64 // [ 1465 }; 1466 }; 1467 #endif // ] 1468 CCHAR SuspendCount; 1469 #if (NTDDI_VERSION >= NTDDI_WIN7) // [ 1470 CCHAR Spare1; 1471 #else // ][ 1472 UCHAR UserIdealProcessor; 1473 #endif // ] 1474 #if (NTDDI_VERSION >= NTDDI_WIN7) // [ 1475 #elif (NTDDI_VERSION >= NTDDI_LONGHORN) // ][ 1476 UCHAR Spare03; 1477 #else // ][ 1478 UCHAR CalloutActive; 1479 #endif // ] 1480 #ifdef _WIN64 // [ 1481 UCHAR CodePatchInProgress; 1482 }; 1483 }; 1484 #endif // ] 1485 #if defined(_M_IX86) // [ 1486 #if (NTDDI_VERSION >= NTDDI_LONGHORN) // [ 1487 UCHAR OtherPlatformFill; 1488 #else // ][ 1489 UCHAR Iopl; 1490 #endif // ] 1491 #endif // ] 1492 PVOID Win32Thread; 1493 PVOID StackBase; 1494 union 1495 { 1496 KAPC SuspendApc; 1497 struct 1498 { 1499 UCHAR SuspendApcFill0[1]; 1500 #if (NTDDI_VERSION >= NTDDI_WIN7) // [ 1501 UCHAR ResourceIndex; 1502 #elif (NTDDI_VERSION >= NTDDI_LONGHORN) // ][ 1503 CHAR Spare04; 1504 #else // ][ 1505 SCHAR Quantum; 1506 #endif // ] 1507 }; 1508 struct 1509 { 1510 UCHAR SuspendApcFill1[3]; 1511 UCHAR QuantumReset; 1512 }; 1513 struct 1514 { 1515 UCHAR SuspendApcFill2[4]; 1516 ULONG KernelTime; 1517 }; 1518 struct 1519 { 1520 UCHAR SuspendApcFill3[FIELD_OFFSET(KAPC, SystemArgument1)]; 1521 #if (NTDDI_VERSION >= NTDDI_LONGHORN) 1522 PKPRCB WaitPrcb; 1523 #else 1524 PVOID TlsArray; 1525 #endif 1526 }; 1527 struct 1528 { 1529 UCHAR SuspendApcFill4[FIELD_OFFSET(KAPC, SystemArgument2)]; // 40 / 72 1530 PVOID LegoData; 1531 }; 1532 struct 1533 { 1534 UCHAR SuspendApcFill5[FIELD_OFFSET(KAPC, Inserted) + 1]; // 47 / 83 1535 #if (NTDDI_VERSION >= NTDDI_WIN7) // [ 1536 UCHAR LargeStack; 1537 #else // ][ 1538 UCHAR PowerState; 1539 #endif // ] 1540 #ifdef _WIN64 // [ 1541 ULONG UserTime; 1542 #endif // ] 1543 }; 1544 }; 1545 #ifndef _WIN64 // [ 1546 ULONG UserTime; 1547 #endif // ] 1548 union 1549 { 1550 KSEMAPHORE SuspendSemaphore; 1551 struct 1552 { 1553 UCHAR SuspendSemaphorefill[FIELD_OFFSET(KSEMAPHORE, Limit) + 4]; // 20 / 28 1554 #ifdef _WIN64 // [ 1555 ULONG SListFaultCount; 1556 #endif // ] 1557 }; 1558 }; 1559 #ifndef _WIN64 // [ 1560 ULONG SListFaultCount; 1561 #endif // ] 1562 LIST_ENTRY ThreadListEntry; 1563 #if (NTDDI_VERSION >= NTDDI_LONGHORN) // [ 1564 LIST_ENTRY MutantListHead; 1565 #endif // ] 1566 PVOID SListFaultAddress; 1567 #ifdef _M_AMD64 // [ 1568 LONG64 ReadOperationCount; 1569 LONG64 WriteOperationCount; 1570 LONG64 OtherOperationCount; 1571 LONG64 ReadTransferCount; 1572 LONG64 WriteTransferCount; 1573 LONG64 OtherTransferCount; 1574 #endif // ] 1575 #if (NTDDI_VERSION >= NTDDI_WIN7) // [ 1576 PKTHREAD_COUNTERS ThreadCounters; 1577 PXSTATE_SAVE XStateSave; 1578 #elif (NTDDI_VERSION >= NTDDI_LONGHORN) // ][ 1579 PVOID MdlForLockedTeb; 1580 #endif // ] 1581 } KTHREAD; 1582 1583 #else // not (NTDDI_VERSION < NTDDI_WIN8) 1584 1585 #if defined(_WIN64) && (NTDDI_VERSION < 0x06032580) // since WIN 8.1 Update1 6.3.9600.16384 1586 #define NUMBER_OF_LOCK_ENTRIES 5 1587 #else 1588 #define NUMBER_OF_LOCK_ENTRIES 6 1589 #endif 1590 1591 typedef struct _KTHREAD 1592 { 1593 DISPATCHER_HEADER Header; 1594 PVOID SListFaultAddress; 1595 ULONG64 QuantumTarget; 1596 PVOID InitialStack; 1597 volatile VOID *StackLimit; 1598 PVOID StackBase; 1599 KSPIN_LOCK ThreadLock; 1600 volatile ULONG64 CycleTime; 1601 #ifndef _WIN64 1602 volatile ULONG HighCycleTime; 1603 PVOID ServiceTable; 1604 #endif 1605 ULONG CurrentRunTime; 1606 ULONG ExpectedRunTime; 1607 PVOID KernelStack; 1608 XSAVE_FORMAT* StateSaveArea; 1609 struct _KSCHEDULING_GROUP* SchedulingGroup; 1610 KWAIT_STATUS_REGISTER WaitRegister; 1611 BOOLEAN Running; 1612 BOOLEAN Alerted[MaximumMode]; 1613 1614 union 1615 { 1616 struct 1617 { 1618 #if (NTDDI_VERSION < NTDDI_WIN10) 1619 ULONG KernelStackResident : 1; 1620 #else 1621 ULONG AutoBoostActive : 1; 1622 #endif 1623 ULONG ReadyTransition : 1; 1624 #if (NTDDI_VERSION < NTDDI_WIN10TH2) 1625 ULONG ProcessReadyQueue : 1; 1626 #endif 1627 ULONG ProcessReadyQueue : 1; 1628 ULONG WaitNext : 1; 1629 ULONG SystemAffinityActive : 1; 1630 ULONG Alertable : 1; 1631 #if (NTDDI_VERSION < NTDDI_WIN81) 1632 ULONG CodePatchInProgress : 1; 1633 #endif 1634 ULONG UserStackWalkActive : 1; 1635 ULONG ApcInterruptRequest : 1; 1636 ULONG QuantumEndMigrate : 1; 1637 ULONG UmsDirectedSwitchEnable : 1; 1638 ULONG TimerActive : 1; 1639 ULONG SystemThread : 1; 1640 ULONG ProcessDetachActive : 1; 1641 ULONG CalloutActive : 1; 1642 ULONG ScbReadyQueue : 1; 1643 ULONG ApcQueueable : 1; 1644 ULONG ReservedStackInUse : 1; 1645 ULONG UmsPerformingSyscall : 1; 1646 ULONG DisableStackCheck : 1; 1647 ULONG Reserved : 12; 1648 }; 1649 LONG MiscFlags; 1650 }; 1651 1652 union 1653 { 1654 struct 1655 { 1656 ULONG AutoAlignment : 1; 1657 ULONG DisableBoost : 1; 1658 ULONG UserAffinitySet : 1; 1659 ULONG AlertedByThreadId : 1; 1660 ULONG QuantumDonation : 1; 1661 ULONG EnableStackSwap : 1; 1662 ULONG GuiThread : 1; 1663 ULONG DisableQuantum : 1; 1664 ULONG ChargeOnlyGroup : 1; 1665 ULONG DeferPreemption : 1; 1666 ULONG QueueDeferPreemption : 1; 1667 ULONG ForceDeferSchedule : 1; 1668 ULONG ExplicitIdealProcessor : 1; 1669 ULONG FreezeCount : 1; 1670 #if (NTDDI_VERSION >= 0x060324D7) // since 6.3.9431.0 1671 ULONG TerminationApcRequest : 1; 1672 #endif 1673 #if (NTDDI_VERSION >= 0x06032580) // since 6.3.9600.16384 1674 ULONG AutoBoostEntriesExhausted : 1; 1675 #endif 1676 #if (NTDDI_VERSION >= 0x06032580) // since 6.3.9600.17031 1677 ULONG KernelStackResident : 1; 1678 #endif 1679 #if (NTDDI_VERSION >= NTDDI_WIN10) 1680 ULONG CommitFailTerminateRequest : 1; 1681 ULONG ProcessStackCountDecremented : 1; 1682 ULONG ThreadFlagsSpare : 5; 1683 #endif 1684 ULONG EtwStackTraceApcInserted : 8; 1685 #if (NTDDI_VERSION < NTDDI_WIN10) 1686 ULONG ReservedFlags : 10; 1687 #endif 1688 }; 1689 LONG ThreadFlags; 1690 }; 1691 1692 #if (NTDDI_VERSION >= NTDDI_WIN10) 1693 volatile UCHAR Tag; 1694 UCHAR SystemHeteroCpuPolicy; 1695 UCHAR UserHeteroCpuPolicy : 7; 1696 UCHAR ExplicitSystemHeteroCpuPolicy : 1; 1697 UCHAR Spare0; 1698 #else 1699 ULONG Spare0; 1700 #endif 1701 ULONG SystemCallNumber; 1702 #ifdef _WIN64 1703 ULONG Spare1; // Win 10: Spare10 1704 #endif 1705 PVOID FirstArgument; 1706 PKTRAP_FRAME TrapFrame; 1707 1708 union 1709 { 1710 KAPC_STATE ApcState; 1711 struct 1712 { 1713 UCHAR ApcStateFill[RTL_SIZEOF_THROUGH_FIELD(KAPC_STATE, UserApcPending)]; // 32bit: 23/0x17, 64bit: 43/0x2B 1714 SCHAR Priority; 1715 ULONG UserIdealProcessor; 1716 }; 1717 }; 1718 1719 #ifndef _WIN64 1720 ULONG ContextSwitches; 1721 volatile UCHAR State; 1722 #if (NTDDI_VERSION >= NTDDI_WIN10) // since 10.0.10074.0 1723 CHAR Spare12; 1724 #else 1725 CHAR NpxState; 1726 #endif 1727 KIRQL WaitIrql; 1728 KPROCESSOR_MODE WaitMode; 1729 #endif 1730 1731 volatile INT_PTR WaitStatus; 1732 PKWAIT_BLOCK WaitBlockList; 1733 union 1734 { 1735 LIST_ENTRY WaitListEntry; 1736 SINGLE_LIST_ENTRY SwapListEntry; 1737 }; 1738 PKQUEUE Queue; 1739 PVOID Teb; 1740 #if (NTDDI_VERSION >= NTDDI_WIN8 /* 0x060223F0 */) // since 6.2.9200.16384 1741 ULONG64 RelativeTimerBias; 1742 #endif 1743 KTIMER Timer; 1744 1745 union 1746 { 1747 DECLSPEC_ALIGN(8) KWAIT_BLOCK WaitBlock[THREAD_WAIT_OBJECTS + 1]; 1748 #ifdef _WIN64 1749 struct 1750 { 1751 UCHAR WaitBlockFill4[FIELD_OFFSET(KWAIT_BLOCK, SpareLong)]; // 32bit: -, 64bit: 20/0x14 1752 ULONG ContextSwitches; 1753 }; 1754 struct 1755 { 1756 UCHAR WaitBlockFill5[1 * sizeof(KWAIT_BLOCK) + FIELD_OFFSET(KWAIT_BLOCK, SpareLong)]; // 32bit: -, 64bit: 68/0x44 1757 UCHAR State; 1758 #if (NTDDI_VERSION >= NTDDI_WIN10) 1759 CHAR Spare13; 1760 #else 1761 CHAR NpxState; 1762 #endif 1763 UCHAR WaitIrql; 1764 CHAR WaitMode; 1765 }; 1766 struct 1767 { 1768 UCHAR WaitBlockFill6[2 * sizeof(KWAIT_BLOCK) + FIELD_OFFSET(KWAIT_BLOCK, SpareLong)]; // 32bit: -, 64bit: 116/0x74 1769 ULONG WaitTime; 1770 }; 1771 struct 1772 { 1773 UCHAR WaitBlockFill7[3 * sizeof(KWAIT_BLOCK) + FIELD_OFFSET(KWAIT_BLOCK, SpareLong)]; // 32bit: -, 64bit: 164/0xA4 1774 union 1775 { 1776 struct 1777 { 1778 SHORT KernelApcDisable; 1779 SHORT SpecialApcDisable; 1780 }; 1781 ULONG CombinedApcDisable; 1782 }; 1783 }; 1784 #endif 1785 struct 1786 { 1787 UCHAR WaitBlockFill8[FIELD_OFFSET(KWAIT_BLOCK, SparePtr)]; // 32bit: 20/0x14, 64bit: 40/0x28 1788 struct _KTHREAD_COUNTERS *ThreadCounters; 1789 }; 1790 struct 1791 { 1792 UCHAR WaitBlockFill9[1 * sizeof(KWAIT_BLOCK) + FIELD_OFFSET(KWAIT_BLOCK, SparePtr)]; // 32bit: 44/0x2C, 64bit: 88/0x58 1793 PXSTATE_SAVE XStateSave; 1794 }; 1795 struct 1796 { 1797 UCHAR WaitBlockFill10[2 * sizeof(KWAIT_BLOCK) + FIELD_OFFSET(KWAIT_BLOCK, SparePtr)]; // 32bit: 68/0x44, 64bit: 136/0x88 1798 PVOID Win32Thread; 1799 }; 1800 struct 1801 { 1802 UCHAR WaitBlockFill11[3 * sizeof(KWAIT_BLOCK) + FIELD_OFFSET(KWAIT_BLOCK, Object)]; // 32bit: 88/0x58, 64bit: 176/0xB0 1803 #ifdef _WIN64 1804 struct _UMS_CONTROL_BLOCK* Ucb; 1805 struct _KUMS_CONTEXT_HEADER* Uch; 1806 #else 1807 ULONG WaitTime; 1808 union 1809 { 1810 struct 1811 { 1812 SHORT KernelApcDisable; 1813 SHORT SpecialApcDisable; 1814 }; 1815 ULONG CombinedApcDisable; 1816 }; 1817 #endif 1818 }; 1819 }; 1820 1821 #ifdef _WIN64 1822 PVOID TebMappedLowVa; 1823 #endif 1824 LIST_ENTRY QueueListEntry; 1825 #if (NTDDI_VERSION >= 0x060223F0) // since 6.2.9200.16384 1826 union 1827 { 1828 ULONG NextProcessor; 1829 struct 1830 { 1831 ULONG NextProcessorNumber : 31; 1832 ULONG SharedReadyQueue : 1; 1833 }; 1834 }; 1835 LONG QueuePriority; 1836 #else 1837 ULONG NextProcessor; 1838 ULONG DeferredProcessor; 1839 #endif 1840 PKPROCESS Process; 1841 1842 union 1843 { 1844 GROUP_AFFINITY UserAffinity; 1845 struct 1846 { 1847 UCHAR UserAffinityFill[FIELD_OFFSET(GROUP_AFFINITY, Reserved)]; // 32bit: 6/0x6, 64bit: 10/0x0A 1848 CHAR PreviousMode; 1849 CHAR BasePriority; 1850 union 1851 { 1852 CHAR PriorityDecrement; 1853 struct 1854 { 1855 UCHAR ForegroundBoost : 4; 1856 UCHAR UnusualBoost : 4; 1857 }; 1858 }; 1859 UCHAR Preempted; 1860 UCHAR AdjustReason; 1861 CHAR AdjustIncrement; 1862 }; 1863 }; 1864 1865 #if (NTDDI_VERSION >= NTDDI_WIN10) // since 10.0.10240.16384 1866 ULONG_PTR AffinityVersion; 1867 #endif 1868 union 1869 { 1870 GROUP_AFFINITY Affinity; 1871 struct 1872 { 1873 UCHAR AffinityFill[FIELD_OFFSET(GROUP_AFFINITY, Reserved)]; // 32bit: 6/0x6, 64bit: 10/0x0A 1874 UCHAR ApcStateIndex; 1875 UCHAR WaitBlockCount; 1876 ULONG IdealProcessor; 1877 }; 1878 }; 1879 1880 #if (NTDDI_VERSION >= NTDDI_WIN10) // since 10.0.10240.16384 1881 #ifdef _WIN64 1882 ULONG64 NpxState; 1883 #else 1884 ULONG Spare15; 1885 #endif 1886 #else 1887 PKAPC_STATE ApcStatePointer[2]; 1888 #endif 1889 1890 union 1891 { 1892 KAPC_STATE SavedApcState; 1893 struct 1894 { 1895 UCHAR SavedApcStateFill[FIELD_OFFSET(KAPC_STATE, UserApcPending) + 1]; // 32bit: 23/0x17, 64bit: 43/0x2B 1896 UCHAR WaitReason; 1897 CHAR SuspendCount; 1898 CHAR Saturation; 1899 SHORT SListFaultCount; 1900 }; 1901 }; 1902 1903 union 1904 { 1905 KAPC SchedulerApc; 1906 struct 1907 { 1908 UCHAR SchedulerApcFill0[FIELD_OFFSET(KAPC, SpareByte0)]; // 32bit: 1/0x01, 64bit: 1/0x01 1909 UCHAR ResourceIndex; 1910 }; 1911 struct 1912 { 1913 UCHAR SchedulerApcFill1[FIELD_OFFSET(KAPC, SpareByte1)]; // 32bit: 3/0x03, 64bit: 3/0x03 1914 UCHAR QuantumReset; 1915 }; 1916 struct 1917 { 1918 UCHAR SchedulerApcFill2[FIELD_OFFSET(KAPC, SpareLong0)]; // 32bit: 4/0x04, 64bit: 4/0x04 1919 ULONG KernelTime; 1920 }; 1921 struct 1922 { 1923 UCHAR SuspendApcFill3[FIELD_OFFSET(KAPC, SystemArgument1)]; // 32 bit:, 64 bit: 64/0x40 1924 PKPRCB WaitPrcb; 1925 }; 1926 struct 1927 { 1928 UCHAR SchedulerApcFill4[FIELD_OFFSET(KAPC, SystemArgument2)]; // 32 bit:, 64 bit: 72/0x48 1929 PVOID LegoData; 1930 }; 1931 struct 1932 { 1933 UCHAR SchedulerApcFill5[FIELD_OFFSET(KAPC, Inserted) + 1]; // 32 bit:, 64 bit: 83/0x53 1934 UCHAR CallbackNestingLevel; 1935 ULONG UserTime; 1936 }; 1937 }; 1938 1939 KEVENT SuspendEvent; 1940 LIST_ENTRY ThreadListEntry; 1941 LIST_ENTRY MutantListHead; 1942 1943 #if (NTDDI_VERSION >= NTDDI_WIN10) 1944 UCHAR AbEntrySummary; 1945 UCHAR AbWaitEntryCount; 1946 USHORT Spare20; 1947 #if _WIN64 1948 ULONG SecureThreadCookie; 1949 #endif 1950 #elif (NTDDI_VERSION >= NTDDI_WINBLUE) // 6.3.9431.0 1951 SINGLE_LIST_ENTRY LockEntriesFreeList; 1952 #endif 1953 1954 #if (NTDDI_VERSION >= NTDDI_WINBLUE /* 0x06032580 */) // since 6.3.9600.16384 1955 KLOCK_ENTRY LockEntries[NUMBER_OF_LOCK_ENTRIES]; 1956 SINGLE_LIST_ENTRY PropagateBoostsEntry; 1957 SINGLE_LIST_ENTRY IoSelfBoostsEntry; 1958 UCHAR PriorityFloorCounts[16]; 1959 ULONG PriorityFloorSummary; 1960 volatile LONG AbCompletedIoBoostCount; 1961 #if (NTDDI_VERSION >= NTDDI_WIN10_RS1) 1962 LONG AbCompletedIoQoSBoostCount; 1963 #endif 1964 1965 #if (NTDDI_VERSION >= NTDDI_WIN10) // since 10.0.10240.16384 1966 volatile SHORT KeReferenceCount; 1967 #else 1968 volatile SHORT AbReferenceCount; 1969 #endif 1970 #if (NTDDI_VERSION >= 0x06040000) // since 6.4.9841.0 1971 UCHAR AbOrphanedEntrySummary; 1972 UCHAR AbOwnedEntryCount; 1973 #else 1974 UCHAR AbFreeEntryCount; 1975 UCHAR AbWaitEntryCount; 1976 #endif 1977 ULONG ForegroundLossTime; 1978 union 1979 { 1980 LIST_ENTRY GlobalForegroundListEntry; 1981 struct 1982 { 1983 SINGLE_LIST_ENTRY ForegroundDpcStackListEntry; 1984 ULONG_PTR InGlobalForegroundList; 1985 }; 1986 }; 1987 #endif 1988 1989 #if _WIN64 1990 LONG64 ReadOperationCount; 1991 LONG64 WriteOperationCount; 1992 LONG64 OtherOperationCount; 1993 LONG64 ReadTransferCount; 1994 LONG64 WriteTransferCount; 1995 LONG64 OtherTransferCount; 1996 #endif 1997 #if (NTDDI_VERSION >= NTDDI_WIN10) // since 10.0.10041.0 1998 struct _KSCB *QueuedScb; 1999 #ifndef _WIN64 2000 ULONG64 NpxState; 2001 #endif 2002 #endif 2003 } KTHREAD; 2004 2005 #endif 2006 2007 2008 #define ASSERT_THREAD(object) \ 2009 ASSERT((((object)->Header.Type & KOBJECT_TYPE_MASK) == ThreadObject)) 2010 2011 // 2012 // Kernel Process (KPROCESS) 2013 // 2014 typedef struct _KPROCESS 2015 { 2016 DISPATCHER_HEADER Header; 2017 LIST_ENTRY ProfileListHead; 2018 #if (NTDDI_VERSION >= NTDDI_LONGHORN) 2019 ULONG_PTR DirectoryTableBase; 2020 ULONG_PTR Unused0; 2021 #else 2022 ULONG_PTR DirectoryTableBase[2]; 2023 #endif 2024 #if defined(_M_IX86) 2025 KGDTENTRY LdtDescriptor; 2026 KIDTENTRY Int21Descriptor; 2027 #endif 2028 USHORT IopmOffset; 2029 #if defined(_M_IX86) 2030 UCHAR Iopl; 2031 UCHAR Unused; 2032 #endif 2033 volatile KAFFINITY ActiveProcessors; 2034 ULONG KernelTime; 2035 ULONG UserTime; 2036 LIST_ENTRY ReadyListHead; 2037 SINGLE_LIST_ENTRY SwapListEntry; 2038 PVOID VdmTrapcHandler; 2039 LIST_ENTRY ThreadListHead; 2040 KSPIN_LOCK ProcessLock; 2041 KAFFINITY Affinity; 2042 union 2043 { 2044 struct 2045 { 2046 LONG AutoAlignment:1; 2047 LONG DisableBoost:1; 2048 LONG DisableQuantum:1; 2049 LONG ReservedFlags:29; 2050 }; 2051 LONG ProcessFlags; 2052 }; 2053 SCHAR BasePriority; 2054 SCHAR QuantumReset; 2055 UCHAR State; 2056 UCHAR ThreadSeed; 2057 UCHAR PowerState; 2058 UCHAR IdealNode; 2059 UCHAR Visited; 2060 union 2061 { 2062 KEXECUTE_OPTIONS Flags; 2063 UCHAR ExecuteOptions; 2064 }; 2065 ULONG StackCount; 2066 LIST_ENTRY ProcessListEntry; 2067 #if (NTDDI_VERSION >= NTDDI_LONGHORN) // [ 2068 ULONGLONG CycleTime; 2069 #endif // ] 2070 } KPROCESS; 2071 2072 #define ASSERT_PROCESS(object) \ 2073 ASSERT((((object)->Header.Type & KOBJECT_TYPE_MASK) == ProcessObject)) 2074 2075 // 2076 // System Service Table Descriptor 2077 // 2078 typedef struct _KSERVICE_TABLE_DESCRIPTOR 2079 { 2080 PULONG_PTR Base; 2081 PULONG Count; 2082 ULONG Limit; 2083 #if defined(_IA64_) 2084 LONG TableBaseGpOffset; 2085 #endif 2086 PUCHAR Number; 2087 } KSERVICE_TABLE_DESCRIPTOR, *PKSERVICE_TABLE_DESCRIPTOR; 2088 2089 #if (NTDDI_VERSION >= NTDDI_WIN8) 2090 // 2091 // Entropy Timing State 2092 // 2093 typedef struct _KENTROPY_TIMING_STATE 2094 { 2095 ULONG EntropyCount; 2096 ULONG Buffer[64]; 2097 KDPC Dpc; 2098 ULONG LastDeliveredBuffer; 2099 PULONG RawDataBuffer; 2100 } KENTROPY_TIMING_STATE, *PKENTROPY_TIMING_STATE; 2101 2102 // 2103 // Constants from ks386.inc, ksamd64.inc and ksarm.h 2104 // 2105 #define KENTROPY_TIMING_INTERRUPTS_PER_BUFFER 0x400 2106 #define KENTROPY_TIMING_BUFFER_MASK 0x7ff 2107 #define KENTROPY_TIMING_ANALYSIS 0x0 2108 2109 #endif /* (NTDDI_VERSION >= NTDDI_WIN8) */ 2110 2111 // 2112 // Exported Loader Parameter Block 2113 // 2114 extern struct _LOADER_PARAMETER_BLOCK NTSYSAPI *KeLoaderBlock; 2115 2116 // 2117 // Exported Hardware Data 2118 // 2119 extern ULONG NTSYSAPI KiDmaIoCoherency; 2120 extern ULONG NTSYSAPI KeMaximumIncrement; 2121 extern ULONG NTSYSAPI KeMinimumIncrement; 2122 extern ULONG NTSYSAPI KeDcacheFlushCount; 2123 extern ULONG NTSYSAPI KeIcacheFlushCount; 2124 extern ULONG_PTR NTSYSAPI KiBugCheckData[]; 2125 extern BOOLEAN NTSYSAPI KiEnableTimerWatchdog; 2126 2127 // 2128 // Exported System Service Descriptor Tables 2129 // 2130 extern KSERVICE_TABLE_DESCRIPTOR NTSYSAPI KeServiceDescriptorTable[SSDT_MAX_ENTRIES]; 2131 extern KSERVICE_TABLE_DESCRIPTOR NTSYSAPI KeServiceDescriptorTableShadow[SSDT_MAX_ENTRIES]; 2132 2133 #endif // !NTOS_MODE_USER 2134 2135 #endif // _KETYPES_H 2136