1 /*++ NDK Version: 0098 2 3 Copyright (c) Alex Ionescu. All rights reserved. 4 5 Header Name: 6 7 pstypes.h 8 9 Abstract: 10 11 Type definitions for the Process Manager 12 13 Author: 14 15 Alex Ionescu (alexi@tinykrnl.org) - Updated - 27-Feb-2006 16 17 --*/ 18 19 #ifndef _PSTYPES_H 20 #define _PSTYPES_H 21 22 // 23 // Dependencies 24 // 25 #include <umtypes.h> 26 #include <ldrtypes.h> 27 #include <mmtypes.h> 28 #include <obtypes.h> 29 #include <rtltypes.h> 30 #ifndef NTOS_MODE_USER 31 #include <extypes.h> 32 #include <setypes.h> 33 #endif 34 35 #ifdef __cplusplus 36 extern "C" { 37 #endif 38 39 #ifndef NTOS_MODE_USER 40 41 // 42 // Kernel Exported Object Types 43 // 44 extern POBJECT_TYPE NTSYSAPI PsJobType; 45 46 #endif // !NTOS_MODE_USER 47 48 // 49 // KUSER_SHARED_DATA location in User Mode 50 // 51 #define USER_SHARED_DATA (0x7FFE0000) 52 53 // 54 // Global Flags 55 // 56 #define FLG_STOP_ON_EXCEPTION 0x00000001 57 #define FLG_SHOW_LDR_SNAPS 0x00000002 58 #define FLG_DEBUG_INITIAL_COMMAND 0x00000004 59 #define FLG_STOP_ON_HUNG_GUI 0x00000008 60 #define FLG_HEAP_ENABLE_TAIL_CHECK 0x00000010 61 #define FLG_HEAP_ENABLE_FREE_CHECK 0x00000020 62 #define FLG_HEAP_VALIDATE_PARAMETERS 0x00000040 63 #define FLG_HEAP_VALIDATE_ALL 0x00000080 64 #define FLG_APPLICATION_VERIFIER 0x00000100 65 #define FLG_POOL_ENABLE_TAGGING 0x00000400 66 #define FLG_HEAP_ENABLE_TAGGING 0x00000800 67 #define FLG_USER_STACK_TRACE_DB 0x00001000 68 #define FLG_KERNEL_STACK_TRACE_DB 0x00002000 69 #define FLG_MAINTAIN_OBJECT_TYPELIST 0x00004000 70 #define FLG_HEAP_ENABLE_TAG_BY_DLL 0x00008000 71 #define FLG_DISABLE_STACK_EXTENSION 0x00010000 72 #define FLG_ENABLE_CSRDEBUG 0x00020000 73 #define FLG_ENABLE_KDEBUG_SYMBOL_LOAD 0x00040000 74 #define FLG_DISABLE_PAGE_KERNEL_STACKS 0x00080000 75 #if (NTDDI_VERSION < NTDDI_WINXP) 76 #define FLG_HEAP_ENABLE_CALL_TRACING 0x00100000 77 #else 78 #define FLG_ENABLE_SYSTEM_CRIT_BREAKS 0x00100000 79 #endif 80 #define FLG_HEAP_DISABLE_COALESCING 0x00200000 81 #define FLG_ENABLE_CLOSE_EXCEPTIONS 0x00400000 82 #define FLG_ENABLE_EXCEPTION_LOGGING 0x00800000 83 #define FLG_ENABLE_HANDLE_TYPE_TAGGING 0x01000000 84 #define FLG_HEAP_PAGE_ALLOCS 0x02000000 85 #define FLG_DEBUG_INITIAL_COMMAND_EX 0x04000000 86 #define FLG_VALID_BITS 0x07FFFFFF 87 88 // 89 // Flags for NtCreateProcessEx 90 // 91 #define PROCESS_CREATE_FLAGS_BREAKAWAY 0x00000001 92 #define PROCESS_CREATE_FLAGS_NO_DEBUG_INHERIT 0x00000002 93 #define PROCESS_CREATE_FLAGS_INHERIT_HANDLES 0x00000004 94 #define PROCESS_CREATE_FLAGS_OVERRIDE_ADDRESS_SPACE 0x00000008 95 #define PROCESS_CREATE_FLAGS_LARGE_PAGES 0x00000010 96 #define PROCESS_CREATE_FLAGS_ALL_LARGE_PAGE_FLAGS PROCESS_CREATE_FLAGS_LARGE_PAGES 97 #define PROCESS_CREATE_FLAGS_LEGAL_MASK (PROCESS_CREATE_FLAGS_BREAKAWAY | \ 98 PROCESS_CREATE_FLAGS_NO_DEBUG_INHERIT | \ 99 PROCESS_CREATE_FLAGS_INHERIT_HANDLES | \ 100 PROCESS_CREATE_FLAGS_OVERRIDE_ADDRESS_SPACE | \ 101 PROCESS_CREATE_FLAGS_ALL_LARGE_PAGE_FLAGS) 102 103 // 104 // Process priority classes 105 // 106 #define PROCESS_PRIORITY_CLASS_INVALID 0 107 #define PROCESS_PRIORITY_CLASS_IDLE 1 108 #define PROCESS_PRIORITY_CLASS_NORMAL 2 109 #define PROCESS_PRIORITY_CLASS_HIGH 3 110 #define PROCESS_PRIORITY_CLASS_REALTIME 4 111 #define PROCESS_PRIORITY_CLASS_BELOW_NORMAL 5 112 #define PROCESS_PRIORITY_CLASS_ABOVE_NORMAL 6 113 114 // 115 // Process base priorities 116 // 117 #define PROCESS_PRIORITY_IDLE 3 118 #define PROCESS_PRIORITY_NORMAL 8 119 #define PROCESS_PRIORITY_NORMAL_FOREGROUND 9 120 121 // 122 // Process memory priorities 123 // 124 #define MEMORY_PRIORITY_BACKGROUND 0 125 #define MEMORY_PRIORITY_UNKNOWN 1 126 #define MEMORY_PRIORITY_FOREGROUND 2 127 128 // 129 // Process Priority Separation Values (OR) 130 // 131 #define PSP_DEFAULT_QUANTUMS 0x00 132 #define PSP_VARIABLE_QUANTUMS 0x04 133 #define PSP_FIXED_QUANTUMS 0x08 134 #define PSP_LONG_QUANTUMS 0x10 135 #define PSP_SHORT_QUANTUMS 0x20 136 137 #ifndef NTOS_MODE_USER 138 // 139 // Thread Access Types 140 // 141 #define THREAD_QUERY_INFORMATION 0x0040 142 #define THREAD_SET_THREAD_TOKEN 0x0080 143 #define THREAD_IMPERSONATE 0x0100 144 #define THREAD_DIRECT_IMPERSONATION 0x0200 145 146 // 147 // Process Access Types 148 // 149 #define PROCESS_TERMINATE 0x0001 150 #define PROCESS_CREATE_THREAD 0x0002 151 #define PROCESS_SET_SESSIONID 0x0004 152 #define PROCESS_VM_OPERATION 0x0008 153 #define PROCESS_VM_READ 0x0010 154 #define PROCESS_VM_WRITE 0x0020 155 #define PROCESS_CREATE_PROCESS 0x0080 156 #define PROCESS_SET_QUOTA 0x0100 157 #define PROCESS_SET_INFORMATION 0x0200 158 #define PROCESS_QUERY_INFORMATION 0x0400 159 #define PROCESS_SUSPEND_RESUME 0x0800 160 #define PROCESS_QUERY_LIMITED_INFORMATION 0x1000 161 #if (NTDDI_VERSION >= NTDDI_LONGHORN) 162 #define PROCESS_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | \ 163 SYNCHRONIZE | \ 164 0xFFFF) 165 #else 166 #define PROCESS_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | \ 167 SYNCHRONIZE | \ 168 0xFFF) 169 #endif 170 171 // 172 // Thread Base Priorities 173 // 174 #define THREAD_BASE_PRIORITY_LOWRT 15 175 #define THREAD_BASE_PRIORITY_MAX 2 176 #define THREAD_BASE_PRIORITY_MIN -2 177 #define THREAD_BASE_PRIORITY_IDLE -15 178 179 // 180 // TLS Slots 181 // 182 #define TLS_MINIMUM_AVAILABLE 64 183 184 // 185 // TEB Active Frame Flags 186 // 187 #define TEB_ACTIVE_FRAME_CONTEXT_FLAG_EXTENDED 0x1 188 189 // 190 // Job Access Types 191 // 192 #define JOB_OBJECT_ASSIGN_PROCESS 0x1 193 #define JOB_OBJECT_SET_ATTRIBUTES 0x2 194 #define JOB_OBJECT_QUERY 0x4 195 #define JOB_OBJECT_TERMINATE 0x8 196 #define JOB_OBJECT_SET_SECURITY_ATTRIBUTES 0x10 197 #define JOB_OBJECT_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | \ 198 SYNCHRONIZE | \ 199 31) 200 201 // 202 // Job Limit Flags 203 // 204 #define JOB_OBJECT_LIMIT_WORKINGSET 0x1 205 #define JOB_OBJECT_LIMIT_PROCESS_TIME 0x2 206 #define JOB_OBJECT_LIMIT_JOB_TIME 0x4 207 #define JOB_OBJECT_LIMIT_ACTIVE_PROCESS 0x8 208 #define JOB_OBJECT_LIMIT_AFFINITY 0x10 209 #define JOB_OBJECT_LIMIT_PRIORITY_CLASS 0x20 210 #define JOB_OBJECT_LIMIT_PRESERVE_JOB_TIME 0x40 211 #define JOB_OBJECT_LIMIT_SCHEDULING_CLASS 0x80 212 #define JOB_OBJECT_LIMIT_PROCESS_MEMORY 0x100 213 #define JOB_OBJECT_LIMIT_JOB_MEMORY 0x200 214 #define JOB_OBJECT_LIMIT_DIE_ON_UNHANDLED_EXCEPTION 0x400 215 #define JOB_OBJECT_LIMIT_BREAKAWAY_OK 0x800 216 #define JOB_OBJECT_LIMIT_SILENT_BREAKAWAY_OK 0x1000 217 #define JOB_OBJECT_LIMIT_KILL_ON_JOB_CLOSE 0x2000 218 219 // 220 // Job Security Limit Flags 221 // 222 #define JOB_OBJECT_SECURITY_NO_ADMIN 0x0001 223 #define JOB_OBJECT_SECURITY_RESTRICTED_TOKEN 0x0002 224 #define JOB_OBJECT_SECURITY_ONLY_TOKEN 0x0004 225 #define JOB_OBJECT_SECURITY_FILTER_TOKENS 0x0008 226 227 // 228 // Cross Thread Flags 229 // 230 #define CT_TERMINATED_BIT 0x1 231 #define CT_DEAD_THREAD_BIT 0x2 232 #define CT_HIDE_FROM_DEBUGGER_BIT 0x4 233 #define CT_ACTIVE_IMPERSONATION_INFO_BIT 0x8 234 #define CT_SYSTEM_THREAD_BIT 0x10 235 #define CT_HARD_ERRORS_ARE_DISABLED_BIT 0x20 236 #define CT_BREAK_ON_TERMINATION_BIT 0x40 237 #define CT_SKIP_CREATION_MSG_BIT 0x80 238 #define CT_SKIP_TERMINATION_MSG_BIT 0x100 239 240 // 241 // Same Thread Passive Flags 242 // 243 #define STP_ACTIVE_EX_WORKER_BIT 0x1 244 #define STP_EX_WORKER_CAN_WAIT_USER_BIT 0x2 245 #define STP_MEMORY_MAKER_BIT 0x4 246 #define STP_KEYED_EVENT_IN_USE_BIT 0x8 247 248 // 249 // Same Thread APC Flags 250 // 251 #define STA_LPC_RECEIVED_MSG_ID_VALID_BIT 0x1 252 #define STA_LPC_EXIT_THREAD_CALLED_BIT 0x2 253 #define STA_ADDRESS_SPACE_OWNER_BIT 0x4 254 #define STA_OWNS_WORKING_SET_BITS 0x1F8 255 256 // 257 // Kernel Process flags (maybe in ketypes.h?) 258 // 259 #define KPSF_AUTO_ALIGNMENT_BIT 0 260 #define KPSF_DISABLE_BOOST_BIT 1 261 262 // 263 // Process Flags 264 // 265 #define PSF_CREATE_REPORTED_BIT 0x1 266 #define PSF_NO_DEBUG_INHERIT_BIT 0x2 267 #define PSF_PROCESS_EXITING_BIT 0x4 268 #define PSF_PROCESS_DELETE_BIT 0x8 269 #define PSF_WOW64_SPLIT_PAGES_BIT 0x10 270 #define PSF_VM_DELETED_BIT 0x20 271 #define PSF_OUTSWAP_ENABLED_BIT 0x40 272 #define PSF_OUTSWAPPED_BIT 0x80 273 #define PSF_FORK_FAILED_BIT 0x100 274 #define PSF_WOW64_VA_SPACE_4GB_BIT 0x200 275 #define PSF_ADDRESS_SPACE_INITIALIZED_BIT 0x400 276 #define PSF_SET_TIMER_RESOLUTION_BIT 0x1000 277 #define PSF_BREAK_ON_TERMINATION_BIT 0x2000 278 #define PSF_SESSION_CREATION_UNDERWAY_BIT 0x4000 279 #define PSF_WRITE_WATCH_BIT 0x8000 280 #define PSF_PROCESS_IN_SESSION_BIT 0x10000 281 #define PSF_OVERRIDE_ADDRESS_SPACE_BIT 0x20000 282 #define PSF_HAS_ADDRESS_SPACE_BIT 0x40000 283 #define PSF_LAUNCH_PREFETCHED_BIT 0x80000 284 #define PSF_INJECT_INPAGE_ERRORS_BIT 0x100000 285 #define PSF_VM_TOP_DOWN_BIT 0x200000 286 #define PSF_IMAGE_NOTIFY_DONE_BIT 0x400000 287 #define PSF_PDE_UPDATE_NEEDED_BIT 0x800000 288 #define PSF_VDM_ALLOWED_BIT 0x1000000 289 #define PSF_SWAP_ALLOWED_BIT 0x2000000 290 #define PSF_CREATE_FAILED_BIT 0x4000000 291 #define PSF_DEFAULT_IO_PRIORITY_BIT 0x8000000 292 293 // 294 // Vista Process Flags 295 // 296 #define PSF2_PROTECTED_BIT 0x800 297 #endif 298 299 // 300 // TLS/FLS Defines 301 // 302 #define TLS_EXPANSION_SLOTS 1024 303 304 #ifdef NTOS_MODE_USER 305 // 306 // Thread Native Base Priorities 307 // 308 #define LOW_PRIORITY 0 309 #define LOW_REALTIME_PRIORITY 16 310 #define HIGH_PRIORITY 31 311 #define MAXIMUM_PRIORITY 32 312 313 // 314 // Current Process/Thread built-in 'special' handles 315 // 316 #define NtCurrentProcess() ((HANDLE)(LONG_PTR)-1) 317 #define ZwCurrentProcess() NtCurrentProcess() 318 #define NtCurrentThread() ((HANDLE)(LONG_PTR)-2) 319 #define ZwCurrentThread() NtCurrentThread() 320 321 // 322 // Process/Thread/Job Information Classes for NtQueryInformationProcess/Thread/Job 323 // 324 typedef enum _PROCESSINFOCLASS 325 { 326 ProcessBasicInformation, 327 ProcessQuotaLimits, 328 ProcessIoCounters, 329 ProcessVmCounters, 330 ProcessTimes, 331 ProcessBasePriority, 332 ProcessRaisePriority, 333 ProcessDebugPort, 334 ProcessExceptionPort, 335 ProcessAccessToken, 336 ProcessLdtInformation, 337 ProcessLdtSize, 338 ProcessDefaultHardErrorMode, 339 ProcessIoPortHandlers, 340 ProcessPooledUsageAndLimits, 341 ProcessWorkingSetWatch, 342 ProcessUserModeIOPL, 343 ProcessEnableAlignmentFaultFixup, 344 ProcessPriorityClass, 345 ProcessWx86Information, 346 ProcessHandleCount, 347 ProcessAffinityMask, 348 ProcessPriorityBoost, 349 ProcessDeviceMap, 350 ProcessSessionInformation, 351 ProcessForegroundInformation, 352 ProcessWow64Information, 353 ProcessImageFileName, 354 ProcessLUIDDeviceMapsEnabled, 355 ProcessBreakOnTermination, 356 ProcessDebugObjectHandle, 357 ProcessDebugFlags, 358 ProcessHandleTracing, 359 ProcessIoPriority, 360 ProcessExecuteFlags, 361 ProcessTlsInformation, 362 ProcessCookie, 363 ProcessImageInformation, 364 ProcessCycleTime, 365 ProcessPagePriority, 366 ProcessInstrumentationCallback, 367 ProcessThreadStackAllocation, 368 ProcessWorkingSetWatchEx, 369 ProcessImageFileNameWin32, 370 ProcessImageFileMapping, 371 ProcessAffinityUpdateMode, 372 ProcessMemoryAllocationMode, 373 MaxProcessInfoClass 374 } PROCESSINFOCLASS; 375 376 typedef enum _THREADINFOCLASS 377 { 378 ThreadBasicInformation, 379 ThreadTimes, 380 ThreadPriority, 381 ThreadBasePriority, 382 ThreadAffinityMask, 383 ThreadImpersonationToken, 384 ThreadDescriptorTableEntry, 385 ThreadEnableAlignmentFaultFixup, 386 ThreadEventPair_Reusable, 387 ThreadQuerySetWin32StartAddress, 388 ThreadZeroTlsCell, 389 ThreadPerformanceCount, 390 ThreadAmILastThread, 391 ThreadIdealProcessor, 392 ThreadPriorityBoost, 393 ThreadSetTlsArrayAddress, 394 ThreadIsIoPending, 395 ThreadHideFromDebugger, 396 ThreadBreakOnTermination, 397 ThreadSwitchLegacyState, 398 ThreadIsTerminated, 399 ThreadLastSystemCall, 400 ThreadIoPriority, 401 ThreadCycleTime, 402 ThreadPagePriority, 403 ThreadActualBasePriority, 404 ThreadTebInformation, 405 ThreadCSwitchMon, 406 MaxThreadInfoClass 407 } THREADINFOCLASS; 408 409 #else 410 411 typedef enum _PSPROCESSPRIORITYMODE 412 { 413 PsProcessPriorityForeground, 414 PsProcessPriorityBackground, 415 PsProcessPrioritySpinning 416 } PSPROCESSPRIORITYMODE; 417 418 typedef enum _JOBOBJECTINFOCLASS 419 { 420 JobObjectBasicAccountingInformation = 1, 421 JobObjectBasicLimitInformation, 422 JobObjectBasicProcessIdList, 423 JobObjectBasicUIRestrictions, 424 JobObjectSecurityLimitInformation, 425 JobObjectEndOfJobTimeInformation, 426 JobObjectAssociateCompletionPortInformation, 427 JobObjectBasicAndIoAccountingInformation, 428 JobObjectExtendedLimitInformation, 429 JobObjectJobSetInformation, 430 MaxJobObjectInfoClass 431 } JOBOBJECTINFOCLASS; 432 433 // 434 // Power Event Events for Win32K Power Event Callback 435 // 436 typedef enum _PSPOWEREVENTTYPE 437 { 438 PsW32FullWake = 0, 439 PsW32EventCode = 1, 440 PsW32PowerPolicyChanged = 2, 441 PsW32SystemPowerState = 3, 442 PsW32SystemTime = 4, 443 PsW32DisplayState = 5, 444 PsW32CapabilitiesChanged = 6, 445 PsW32SetStateFailed = 7, 446 PsW32GdiOff = 8, 447 PsW32GdiOn = 9, 448 PsW32GdiPrepareResumeUI = 10, 449 PsW32GdiOffRequest = 11, 450 PsW32MonitorOff = 12, 451 } PSPOWEREVENTTYPE; 452 453 // 454 // Power State Tasks for Win32K Power State Callback 455 // 456 typedef enum _POWERSTATETASK 457 { 458 PowerState_BlockSessionSwitch = 0, 459 PowerState_Init = 1, 460 PowerState_QueryApps = 2, 461 PowerState_QueryServices = 3, 462 PowerState_QueryAppsFailed = 4, 463 PowerState_QueryServicesFailed = 5, 464 PowerState_SuspendApps = 6, 465 PowerState_SuspendServices = 7, 466 PowerState_ShowUI = 8, 467 PowerState_NotifyWL = 9, 468 PowerState_ResumeApps = 10, 469 PowerState_ResumeServices = 11, 470 PowerState_UnBlockSessionSwitch = 12, 471 PowerState_End = 13, 472 PowerState_BlockInput = 14, 473 PowerState_UnblockInput = 15, 474 } POWERSTATETASK; 475 476 // 477 // Win32K Job Callback Types 478 // 479 typedef enum _PSW32JOBCALLOUTTYPE 480 { 481 PsW32JobCalloutSetInformation = 0, 482 PsW32JobCalloutAddProcess = 1, 483 PsW32JobCalloutTerminate = 2, 484 } PSW32JOBCALLOUTTYPE; 485 486 // 487 // Win32K Thread Callback Types 488 // 489 typedef enum _PSW32THREADCALLOUTTYPE 490 { 491 PsW32ThreadCalloutInitialize, 492 PsW32ThreadCalloutExit, 493 } PSW32THREADCALLOUTTYPE; 494 495 // 496 // Declare empty structure definitions so that they may be referenced by 497 // routines before they are defined 498 // 499 struct _W32THREAD; 500 struct _W32PROCESS; 501 //struct _ETHREAD; 502 struct _WIN32_POWEREVENT_PARAMETERS; 503 struct _WIN32_POWERSTATE_PARAMETERS; 504 struct _WIN32_JOBCALLOUT_PARAMETERS; 505 struct _WIN32_OPENMETHOD_PARAMETERS; 506 struct _WIN32_OKAYTOCLOSEMETHOD_PARAMETERS; 507 struct _WIN32_CLOSEMETHOD_PARAMETERS; 508 struct _WIN32_DELETEMETHOD_PARAMETERS; 509 struct _WIN32_PARSEMETHOD_PARAMETERS; 510 511 // 512 // Win32K Process and Thread Callbacks 513 // 514 typedef 515 NTSTATUS 516 (NTAPI *PKWIN32_PROCESS_CALLOUT)( 517 _In_ struct _EPROCESS *Process, 518 _In_ BOOLEAN Create 519 ); 520 521 typedef 522 NTSTATUS 523 (NTAPI *PKWIN32_THREAD_CALLOUT)( 524 _In_ struct _ETHREAD *Thread, 525 _In_ PSW32THREADCALLOUTTYPE Type 526 ); 527 528 typedef 529 NTSTATUS 530 (NTAPI *PKWIN32_GLOBALATOMTABLE_CALLOUT)( 531 VOID 532 ); 533 534 typedef 535 NTSTATUS 536 (NTAPI *PKWIN32_POWEREVENT_CALLOUT)( 537 _In_ struct _WIN32_POWEREVENT_PARAMETERS *Parameters 538 ); 539 540 typedef 541 NTSTATUS 542 (NTAPI *PKWIN32_POWERSTATE_CALLOUT)( 543 _In_ struct _WIN32_POWERSTATE_PARAMETERS *Parameters 544 ); 545 546 typedef 547 NTSTATUS 548 (NTAPI *PKWIN32_JOB_CALLOUT)( 549 _In_ struct _WIN32_JOBCALLOUT_PARAMETERS *Parameters 550 ); 551 552 typedef 553 NTSTATUS 554 (NTAPI *PGDI_BATCHFLUSH_ROUTINE)( 555 VOID 556 ); 557 558 typedef 559 NTSTATUS 560 (NTAPI *PKWIN32_OPENMETHOD_CALLOUT)( 561 _In_ struct _WIN32_OPENMETHOD_PARAMETERS *Parameters 562 ); 563 564 typedef 565 NTSTATUS 566 (NTAPI *PKWIN32_OKTOCLOSEMETHOD_CALLOUT)( 567 _In_ struct _WIN32_OKAYTOCLOSEMETHOD_PARAMETERS *Parameters 568 ); 569 570 typedef 571 NTSTATUS 572 (NTAPI *PKWIN32_CLOSEMETHOD_CALLOUT)( 573 _In_ struct _WIN32_CLOSEMETHOD_PARAMETERS *Parameters 574 ); 575 576 typedef 577 NTSTATUS 578 (NTAPI *PKWIN32_DELETEMETHOD_CALLOUT)( 579 _In_ struct _WIN32_DELETEMETHOD_PARAMETERS *Parameters 580 ); 581 582 typedef 583 NTSTATUS 584 (NTAPI *PKWIN32_PARSEMETHOD_CALLOUT)( 585 _In_ struct _WIN32_PARSEMETHOD_PARAMETERS *Parameters 586 ); 587 588 typedef 589 NTSTATUS 590 (NTAPI *PKWIN32_SESSION_CALLOUT)( 591 _In_ PVOID Parameter 592 ); 593 594 #if (NTDDI_VERSION >= NTDDI_LONGHORN) 595 typedef 596 NTSTATUS 597 (NTAPI *PKWIN32_WIN32DATACOLLECTION_CALLOUT)( 598 _In_ struct _EPROCESS *Process, 599 _In_ PVOID Callback, 600 _In_ PVOID Context 601 ); 602 #endif 603 604 // 605 // Lego Callback 606 // 607 typedef 608 VOID 609 (NTAPI *PLEGO_NOTIFY_ROUTINE)( 610 _In_ PKTHREAD Thread 611 ); 612 613 #endif 614 615 typedef NTSTATUS 616 (NTAPI *PPOST_PROCESS_INIT_ROUTINE)( 617 VOID 618 ); 619 620 // 621 // Descriptor Table Entry Definition 622 // 623 #if (_M_IX86) 624 #define _DESCRIPTOR_TABLE_ENTRY_DEFINED 625 typedef struct _DESCRIPTOR_TABLE_ENTRY 626 { 627 ULONG Selector; 628 LDT_ENTRY Descriptor; 629 } DESCRIPTOR_TABLE_ENTRY, *PDESCRIPTOR_TABLE_ENTRY; 630 #endif 631 632 // 633 // PEB Lock Routine 634 // 635 typedef VOID 636 (NTAPI *PPEBLOCKROUTINE)( 637 PVOID PebLock 638 ); 639 640 // 641 // PEB Free Block Descriptor 642 // 643 typedef struct _PEB_FREE_BLOCK 644 { 645 struct _PEB_FREE_BLOCK* Next; 646 ULONG Size; 647 } PEB_FREE_BLOCK, *PPEB_FREE_BLOCK; 648 649 // 650 // Initial PEB 651 // 652 typedef struct _INITIAL_PEB 653 { 654 BOOLEAN InheritedAddressSpace; 655 BOOLEAN ReadImageFileExecOptions; 656 BOOLEAN BeingDebugged; 657 union 658 { 659 BOOLEAN BitField; 660 #if (NTDDI_VERSION >= NTDDI_WS03) 661 struct 662 { 663 BOOLEAN ImageUsesLargePages:1; 664 #if (NTDDI_VERSION >= NTDDI_LONGHORN) 665 BOOLEAN IsProtectedProcess:1; 666 BOOLEAN IsLegacyProcess:1; 667 BOOLEAN SpareBits:5; 668 #else 669 BOOLEAN SpareBits:7; 670 #endif 671 }; 672 #else 673 BOOLEAN SpareBool; 674 #endif 675 }; 676 HANDLE Mutant; 677 } INITIAL_PEB, *PINITIAL_PEB; 678 679 // 680 // Initial TEB 681 // 682 typedef struct _INITIAL_TEB 683 { 684 PVOID PreviousStackBase; 685 PVOID PreviousStackLimit; 686 PVOID StackBase; 687 PVOID StackLimit; 688 PVOID AllocatedStackBase; 689 } INITIAL_TEB, *PINITIAL_TEB; 690 691 // 692 // TEB Active Frame Structures 693 // 694 typedef struct _TEB_ACTIVE_FRAME_CONTEXT 695 { 696 ULONG Flags; 697 LPSTR FrameName; 698 } TEB_ACTIVE_FRAME_CONTEXT, *PTEB_ACTIVE_FRAME_CONTEXT; 699 typedef const struct _TEB_ACTIVE_FRAME_CONTEXT *PCTEB_ACTIVE_FRAME_CONTEXT; 700 701 typedef struct _TEB_ACTIVE_FRAME_CONTEXT_EX 702 { 703 TEB_ACTIVE_FRAME_CONTEXT BasicContext; 704 PCSTR SourceLocation; 705 } TEB_ACTIVE_FRAME_CONTEXT_EX, *PTEB_ACTIVE_FRAME_CONTEXT_EX; 706 typedef const struct _TEB_ACTIVE_FRAME_CONTEXT_EX *PCTEB_ACTIVE_FRAME_CONTEXT_EX; 707 708 typedef struct _TEB_ACTIVE_FRAME 709 { 710 ULONG Flags; 711 struct _TEB_ACTIVE_FRAME *Previous; 712 PCTEB_ACTIVE_FRAME_CONTEXT Context; 713 } TEB_ACTIVE_FRAME, *PTEB_ACTIVE_FRAME; 714 typedef const struct _TEB_ACTIVE_FRAME *PCTEB_ACTIVE_FRAME; 715 716 typedef struct _TEB_ACTIVE_FRAME_EX 717 { 718 TEB_ACTIVE_FRAME BasicFrame; 719 PVOID ExtensionIdentifier; 720 } TEB_ACTIVE_FRAME_EX, *PTEB_ACTIVE_FRAME_EX; 721 typedef const struct _TEB_ACTIVE_FRAME_EX *PCTEB_ACTIVE_FRAME_EX; 722 723 typedef struct _CLIENT_ID32 724 { 725 ULONG UniqueProcess; 726 ULONG UniqueThread; 727 } CLIENT_ID32, *PCLIENT_ID32; 728 729 typedef struct _CLIENT_ID64 730 { 731 ULONG64 UniqueProcess; 732 ULONG64 UniqueThread; 733 } CLIENT_ID64, *PCLIENT_ID64; 734 735 #if (NTDDI_VERSION < NTDDI_WS03) 736 typedef struct _Wx86ThreadState 737 { 738 PULONG CallBx86Eip; 739 PVOID DeallocationCpu; 740 BOOLEAN UseKnownWx86Dll; 741 CHAR OleStubInvoked; 742 } Wx86ThreadState, *PWx86ThreadState; 743 #endif 744 745 // 746 // PEB.AppCompatFlags 747 // Tag FLAG_MASK_KERNEL 748 // 749 typedef enum _APPCOMPAT_FLAGS 750 { 751 GetShortPathNameNT4 = 0x1, 752 GetDiskFreeSpace2GB = 0x8, 753 FTMFromCurrentAPI = 0x20, 754 DisallowCOMBindingNotifications = 0x40, 755 Ole32ValidatePointers = 0x80, 756 DisableCicero = 0x100, 757 Ole32EnableAsyncDocFile = 0x200, 758 EnableLegacyExceptionHandlinginOLE = 0x400, 759 DisableAdvanceRPCClientHardening = 0x800, 760 DisableMaybeNULLSizeisConsistencycheck = 0x1000, 761 DisableAdvancedRPCrangeCheck = 0x4000, 762 EnableLegacyExceptionHandlingInRPC = 0x8000, 763 EnableLegacyNTFSFlagsForDocfileOpens = 0x10000, 764 DisableNDRIIDConsistencyCheck = 0x20000, 765 UserDisableForwarderPatch = 0x40000, 766 DisableNewWMPAINTDispatchInOLE = 0x100000, 767 DoNotAddToCache = 0x80000000, 768 } APPCOMPAT_FLAGS; 769 770 771 // 772 // PEB.AppCompatFlagsUser.LowPart 773 // Tag FLAG_MASK_USER 774 // 775 typedef enum _APPCOMPAT_USERFLAGS 776 { 777 DisableAnimation = 0x1, 778 DisableKeyboardCues = 0x2, 779 No50StylebitsInSetWindowLong = 0x4, 780 DisableDrawPatternRect = 0x8, 781 MSShellDialog = 0x10, 782 NoDDETerminateDuringDestroy = 0x20, 783 GiveupForeground = 0x40, 784 AlwaysActiveMenus = 0x80, 785 NoMouseHideInEdit = 0x100, 786 NoGdiBatching = 0x200, 787 FontSubstitution = 0x400, 788 No50StylebitsInCreateWindow = 0x800, 789 NoCustomPaperSizes = 0x1000, 790 AllTheDdeHacks = 0x2000, 791 UseDefaultCharset = 0x4000, 792 NoCharDeadKey = 0x8000, 793 NoTryExceptForWindowProc = 0x10000, 794 NoInitInsertReplaceFlags = 0x20000, 795 NoDdeSync = 0x40000, 796 NoGhost = 0x80000, 797 NoDdeAsyncReg = 0x100000, 798 StrictLLHook = 0x200000, 799 NoShadow = 0x400000, 800 NoTimerCallbackProtection = 0x1000000, 801 HighDpiAware = 0x2000000, 802 OpenGLEmfAware = 0x4000000, 803 EnableTransparantBltMirror = 0x8000000, 804 NoPaddedBorder = 0x10000000, 805 ForceLegacyResizeCM = 0x20000000, 806 HardwareAudioMixer = 0x40000000, 807 DisableSWCursorOnMoveSize = 0x80000000, 808 #if 0 809 DisableWindowArrangement = 0x100000000, 810 ReorderWaveForCommunications = 0x200000000, 811 NoGdiHwAcceleration = 0x400000000, 812 #endif 813 } APPCOMPAT_USERFLAGS; 814 815 // 816 // PEB.AppCompatFlagsUser.HighPart 817 // Tag FLAG_MASK_USER 818 // 819 typedef enum _APPCOMPAT_USERFLAGS_HIGHPART 820 { 821 DisableWindowArrangement = 0x1, 822 ReorderWaveForCommunications = 0x2, 823 NoGdiHwAcceleration = 0x4, 824 } APPCOMPAT_USERFLAGS_HIGHPART; 825 826 // 827 // Process Environment Block (PEB) 828 // Thread Environment Block (TEB) 829 // 830 #include "peb_teb.h" 831 832 #ifdef _WIN64 833 // 834 // Explicit 32 bit PEB/TEB 835 // 836 #define EXPLICIT_32BIT 837 #include "peb_teb.h" 838 #undef EXPLICIT_32BIT 839 840 // 841 // Explicit 64 bit PEB/TEB 842 // 843 #define EXPLICIT_64BIT 844 #include "peb_teb.h" 845 #undef EXPLICIT_64BIT 846 #endif 847 848 #ifdef NTOS_MODE_USER 849 850 // 851 // Process Information Structures for NtQueryProcessInformation 852 // 853 typedef struct _PROCESS_BASIC_INFORMATION 854 { 855 NTSTATUS ExitStatus; 856 PPEB PebBaseAddress; 857 ULONG_PTR AffinityMask; 858 KPRIORITY BasePriority; 859 ULONG_PTR UniqueProcessId; 860 ULONG_PTR InheritedFromUniqueProcessId; 861 } PROCESS_BASIC_INFORMATION, *PPROCESS_BASIC_INFORMATION; 862 863 typedef struct _PROCESS_ACCESS_TOKEN 864 { 865 HANDLE Token; 866 HANDLE Thread; 867 } PROCESS_ACCESS_TOKEN, *PPROCESS_ACCESS_TOKEN; 868 869 typedef struct _PROCESS_DEVICEMAP_INFORMATION 870 { 871 union 872 { 873 struct 874 { 875 HANDLE DirectoryHandle; 876 } Set; 877 struct 878 { 879 ULONG DriveMap; 880 UCHAR DriveType[32]; 881 } Query; 882 }; 883 } PROCESS_DEVICEMAP_INFORMATION, *PPROCESS_DEVICEMAP_INFORMATION; 884 885 typedef struct _KERNEL_USER_TIMES 886 { 887 LARGE_INTEGER CreateTime; 888 LARGE_INTEGER ExitTime; 889 LARGE_INTEGER KernelTime; 890 LARGE_INTEGER UserTime; 891 } KERNEL_USER_TIMES, *PKERNEL_USER_TIMES; 892 893 typedef struct _POOLED_USAGE_AND_LIMITS 894 { 895 SIZE_T PeakPagedPoolUsage; 896 SIZE_T PagedPoolUsage; 897 SIZE_T PagedPoolLimit; 898 SIZE_T PeakNonPagedPoolUsage; 899 SIZE_T NonPagedPoolUsage; 900 SIZE_T NonPagedPoolLimit; 901 SIZE_T PeakPagefileUsage; 902 SIZE_T PagefileUsage; 903 SIZE_T PagefileLimit; 904 } POOLED_USAGE_AND_LIMITS, *PPOOLED_USAGE_AND_LIMITS; 905 906 typedef struct _PROCESS_SESSION_INFORMATION 907 { 908 ULONG SessionId; 909 } PROCESS_SESSION_INFORMATION, *PPROCESS_SESSION_INFORMATION; 910 911 #endif 912 913 typedef struct _PROCESS_PRIORITY_CLASS 914 { 915 BOOLEAN Foreground; 916 UCHAR PriorityClass; 917 } PROCESS_PRIORITY_CLASS, *PPROCESS_PRIORITY_CLASS; 918 919 // Compatibility with windows, see CORE-16757, CORE-17106, CORE-17247 920 C_ASSERT(sizeof(PROCESS_PRIORITY_CLASS) == 2); 921 922 typedef struct _PROCESS_FOREGROUND_BACKGROUND 923 { 924 BOOLEAN Foreground; 925 } PROCESS_FOREGROUND_BACKGROUND, *PPROCESS_FOREGROUND_BACKGROUND; 926 927 // 928 // Apphelp SHIM Cache 929 // 930 typedef enum _APPHELPCACHESERVICECLASS 931 { 932 ApphelpCacheServiceLookup = 0, 933 ApphelpCacheServiceRemove = 1, 934 ApphelpCacheServiceUpdate = 2, 935 ApphelpCacheServiceFlush = 3, 936 ApphelpCacheServiceDump = 4, 937 938 ApphelpDBGReadRegistry = 0x100, 939 ApphelpDBGWriteRegistry = 0x101, 940 } APPHELPCACHESERVICECLASS; 941 942 943 typedef struct _APPHELP_CACHE_SERVICE_LOOKUP 944 { 945 UNICODE_STRING ImageName; 946 HANDLE ImageHandle; 947 } APPHELP_CACHE_SERVICE_LOOKUP, *PAPPHELP_CACHE_SERVICE_LOOKUP; 948 949 950 // 951 // Thread Information Structures for NtQueryProcessInformation 952 // 953 typedef struct _THREAD_BASIC_INFORMATION 954 { 955 NTSTATUS ExitStatus; 956 PVOID TebBaseAddress; 957 CLIENT_ID ClientId; 958 KAFFINITY AffinityMask; 959 KPRIORITY Priority; 960 KPRIORITY BasePriority; 961 } THREAD_BASIC_INFORMATION, *PTHREAD_BASIC_INFORMATION; 962 963 #ifndef NTOS_MODE_USER 964 965 // 966 // Job Set Array 967 // 968 typedef struct _JOB_SET_ARRAY 969 { 970 HANDLE JobHandle; 971 ULONG MemberLevel; 972 ULONG Flags; 973 } JOB_SET_ARRAY, *PJOB_SET_ARRAY; 974 975 // 976 // EPROCESS Quota Structures 977 // 978 typedef struct _EPROCESS_QUOTA_ENTRY 979 { 980 SIZE_T Usage; 981 SIZE_T Limit; 982 SIZE_T Peak; 983 SIZE_T Return; 984 } EPROCESS_QUOTA_ENTRY, *PEPROCESS_QUOTA_ENTRY; 985 986 typedef struct _EPROCESS_QUOTA_BLOCK 987 { 988 EPROCESS_QUOTA_ENTRY QuotaEntry[3]; 989 LIST_ENTRY QuotaList; 990 ULONG ReferenceCount; 991 ULONG ProcessCount; 992 } EPROCESS_QUOTA_BLOCK, *PEPROCESS_QUOTA_BLOCK; 993 994 // 995 // Process Pagefault History 996 // 997 typedef struct _PAGEFAULT_HISTORY 998 { 999 ULONG CurrentIndex; 1000 ULONG MapIndex; 1001 KSPIN_LOCK SpinLock; 1002 PVOID Reserved; 1003 PROCESS_WS_WATCH_INFORMATION WatchInfo[1]; 1004 } PAGEFAULT_HISTORY, *PPAGEFAULT_HISTORY; 1005 1006 // 1007 // Process Impersonation Information 1008 // 1009 typedef struct _PS_IMPERSONATION_INFORMATION 1010 { 1011 PACCESS_TOKEN Token; 1012 BOOLEAN CopyOnOpen; 1013 BOOLEAN EffectiveOnly; 1014 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel; 1015 } PS_IMPERSONATION_INFORMATION, *PPS_IMPERSONATION_INFORMATION; 1016 1017 // 1018 // Process Termination Port 1019 // 1020 typedef struct _TERMINATION_PORT 1021 { 1022 struct _TERMINATION_PORT *Next; 1023 PVOID Port; 1024 } TERMINATION_PORT, *PTERMINATION_PORT; 1025 1026 // 1027 // Per-Process APC Rate Limiting 1028 // 1029 typedef struct _PSP_RATE_APC 1030 { 1031 union 1032 { 1033 SINGLE_LIST_ENTRY NextApc; 1034 ULONGLONG ExcessCycles; 1035 }; 1036 ULONGLONG TargetGEneration; 1037 KAPC RateApc; 1038 } PSP_RATE_APC, *PPSP_RATE_APC; 1039 1040 // 1041 // Executive Thread (ETHREAD) 1042 // 1043 typedef struct _ETHREAD 1044 { 1045 KTHREAD Tcb; 1046 LARGE_INTEGER CreateTime; 1047 union 1048 { 1049 LARGE_INTEGER ExitTime; 1050 LIST_ENTRY LpcReplyChain; 1051 LIST_ENTRY KeyedWaitChain; 1052 }; 1053 union 1054 { 1055 NTSTATUS ExitStatus; 1056 PVOID OfsChain; 1057 }; 1058 LIST_ENTRY PostBlockList; 1059 union 1060 { 1061 struct _TERMINATION_PORT *TerminationPort; 1062 struct _ETHREAD *ReaperLink; 1063 PVOID KeyedWaitValue; 1064 #if (NTDDI_VERSION >= NTDDI_LONGHORN) 1065 PVOID Win32StartParameter; 1066 #endif 1067 }; 1068 KSPIN_LOCK ActiveTimerListLock; 1069 LIST_ENTRY ActiveTimerListHead; 1070 CLIENT_ID Cid; 1071 #if (NTDDI_VERSION >= NTDDI_LONGHORN) 1072 KSEMAPHORE KeyedWaitSemaphore; 1073 #else 1074 union 1075 { 1076 KSEMAPHORE LpcReplySemaphore; 1077 KSEMAPHORE KeyedWaitSemaphore; 1078 }; 1079 union 1080 { 1081 PVOID LpcReplyMessage; 1082 PVOID LpcWaitingOnPort; 1083 }; 1084 #endif 1085 PPS_IMPERSONATION_INFORMATION ImpersonationInfo; 1086 LIST_ENTRY IrpList; 1087 ULONG_PTR TopLevelIrp; 1088 PDEVICE_OBJECT DeviceToVerify; 1089 #if (NTDDI_VERSION >= NTDDI_LONGHORN) 1090 PPSP_RATE_APC RateControlApc; 1091 #else 1092 struct _EPROCESS *ThreadsProcess; 1093 #endif 1094 PVOID Win32StartAddress; 1095 union 1096 { 1097 PKSTART_ROUTINE StartAddress; 1098 ULONG LpcReceivedMessageId; 1099 }; 1100 LIST_ENTRY ThreadListEntry; 1101 EX_RUNDOWN_REF RundownProtect; 1102 EX_PUSH_LOCK ThreadLock; 1103 #if (NTDDI_VERSION < NTDDI_LONGHORN) 1104 ULONG LpcReplyMessageId; 1105 #endif 1106 ULONG ReadClusterSize; 1107 #if (NTDDI_VERSION >= NTDDI_LONGHORN) 1108 ULONG SpareUlong0; 1109 #else 1110 ACCESS_MASK GrantedAccess; 1111 #endif 1112 union 1113 { 1114 struct 1115 { 1116 ULONG Terminated:1; 1117 #if (NTDDI_VERSION >= NTDDI_LONGHORN) 1118 ULONG ThreadInserted:1; 1119 #else 1120 ULONG DeadThread:1; 1121 #endif 1122 ULONG HideFromDebugger:1; 1123 ULONG ActiveImpersonationInfo:1; 1124 ULONG SystemThread:1; 1125 ULONG HardErrorsAreDisabled:1; 1126 ULONG BreakOnTermination:1; 1127 ULONG SkipCreationMsg:1; 1128 ULONG SkipTerminationMsg:1; 1129 #if (NTDDI_VERSION >= NTDDI_LONGHORN) 1130 ULONG CreateMsgSent:1; 1131 ULONG ThreadIoPriority:3; 1132 ULONG ThreadPagePriority:3; 1133 ULONG PendingRatecontrol:1; 1134 #endif 1135 }; 1136 ULONG CrossThreadFlags; 1137 }; 1138 union 1139 { 1140 struct 1141 { 1142 ULONG ActiveExWorker:1; 1143 ULONG ExWorkerCanWaitUser:1; 1144 ULONG MemoryMaker:1; 1145 ULONG KeyedEventInUse:1; 1146 #if (NTDDI_VERSION >= NTDDI_LONGHORN) 1147 ULONG RateApcState:2; 1148 #endif 1149 }; 1150 ULONG SameThreadPassiveFlags; 1151 }; 1152 union 1153 { 1154 struct 1155 { 1156 ULONG LpcReceivedMsgIdValid:1; 1157 ULONG LpcExitThreadCalled:1; 1158 #if (NTDDI_VERSION >= NTDDI_LONGHORN) 1159 ULONG Spare:1; 1160 #else 1161 ULONG AddressSpaceOwner:1; 1162 #endif 1163 ULONG OwnsProcessWorkingSetExclusive:1; 1164 ULONG OwnsProcessWorkingSetShared:1; 1165 ULONG OwnsSystemWorkingSetExclusive:1; 1166 ULONG OwnsSystemWorkingSetShared:1; 1167 ULONG OwnsSessionWorkingSetExclusive:1; 1168 ULONG OwnsSessionWorkingSetShared:1; 1169 #if (NTDDI_VERSION >= NTDDI_LONGHORN) 1170 ULONG SuppressSymbolLoad:1; 1171 ULONG Spare1:3; 1172 ULONG PriorityRegionActive:4; 1173 #else 1174 ULONG ApcNeeded:1; 1175 #endif 1176 }; 1177 ULONG SameThreadApcFlags; 1178 }; 1179 #if (NTDDI_VERSION >= NTDDI_LONGHORN) 1180 UCHAR CacheManagerActive; 1181 #else 1182 UCHAR ForwardClusterOnly; 1183 #endif 1184 UCHAR DisablePageFaultClustering; 1185 UCHAR ActiveFaultCount; 1186 #if (NTDDI_VERSION >= NTDDI_LONGHORN) 1187 ULONG AlpcMessageId; 1188 union 1189 { 1190 PVOID AlpcMessage; 1191 ULONG AlpcReceiveAttributeSet; 1192 }; 1193 LIST_ENTRY AlpcWaitListEntry; 1194 KSEMAPHORE AlpcWaitSemaphore; 1195 ULONG CacheManagerCount; 1196 #endif 1197 } ETHREAD; 1198 1199 // 1200 // Executive Process (EPROCESS) 1201 // 1202 typedef struct _EPROCESS 1203 { 1204 KPROCESS Pcb; 1205 EX_PUSH_LOCK ProcessLock; 1206 LARGE_INTEGER CreateTime; 1207 LARGE_INTEGER ExitTime; 1208 EX_RUNDOWN_REF RundownProtect; 1209 HANDLE UniqueProcessId; 1210 LIST_ENTRY ActiveProcessLinks; 1211 SIZE_T QuotaUsage[3]; /* 0=PagedPool, 1=NonPagedPool, 2=Pagefile */ 1212 SIZE_T QuotaPeak[3]; /* ditto */ 1213 SIZE_T CommitCharge; 1214 SIZE_T PeakVirtualSize; 1215 SIZE_T VirtualSize; 1216 LIST_ENTRY SessionProcessLinks; 1217 PVOID DebugPort; 1218 #if (NTDDI_VERSION >= NTDDI_LONGHORN) 1219 union 1220 { 1221 PVOID ExceptionPortData; 1222 ULONG ExceptionPortValue; 1223 UCHAR ExceptionPortState:3; 1224 }; 1225 #else 1226 PVOID ExceptionPort; 1227 #endif 1228 PHANDLE_TABLE ObjectTable; 1229 EX_FAST_REF Token; 1230 PFN_NUMBER WorkingSetPage; 1231 #if (NTDDI_VERSION >= NTDDI_LONGHORN) 1232 EX_PUSH_LOCK AddressCreationLock; 1233 PETHREAD RotateInProgress; 1234 #else 1235 KGUARDED_MUTEX AddressCreationLock; 1236 KSPIN_LOCK HyperSpaceLock; 1237 #endif 1238 PETHREAD ForkInProgress; 1239 ULONG_PTR HardwareTrigger; 1240 PMM_AVL_TABLE PhysicalVadRoot; 1241 PVOID CloneRoot; 1242 PFN_NUMBER NumberOfPrivatePages; 1243 PFN_NUMBER NumberOfLockedPages; 1244 PVOID *Win32Process; 1245 struct _EJOB *Job; 1246 PVOID SectionObject; 1247 PVOID SectionBaseAddress; 1248 PEPROCESS_QUOTA_BLOCK QuotaBlock; 1249 PPAGEFAULT_HISTORY WorkingSetWatch; 1250 PVOID Win32WindowStation; 1251 HANDLE InheritedFromUniqueProcessId; 1252 PVOID LdtInformation; 1253 PVOID VadFreeHint; 1254 PVOID VdmObjects; 1255 PVOID DeviceMap; 1256 #if (NTDDI_VERSION >= NTDDI_LONGHORN) 1257 PVOID EtwDataSource; 1258 PVOID FreeTebHint; 1259 #else 1260 PVOID Spare0[3]; 1261 #endif 1262 union 1263 { 1264 HARDWARE_PTE PageDirectoryPte; 1265 ULONGLONG Filler; 1266 }; 1267 PVOID Session; 1268 CHAR ImageFileName[16]; 1269 LIST_ENTRY JobLinks; 1270 PVOID LockedPagesList; 1271 LIST_ENTRY ThreadListHead; 1272 PVOID SecurityPort; 1273 #ifdef _M_AMD64 1274 struct _WOW64_PROCESS *Wow64Process; 1275 #else 1276 PVOID PaeTop; 1277 #endif 1278 ULONG ActiveThreads; 1279 #if (NTDDI_VERSION >= NTDDI_LONGHORN) 1280 ULONG ImagePathHash; 1281 #else 1282 ACCESS_MASK GrantedAccess; 1283 #endif 1284 ULONG DefaultHardErrorProcessing; 1285 NTSTATUS LastThreadExitStatus; 1286 struct _PEB* Peb; 1287 EX_FAST_REF PrefetchTrace; 1288 LARGE_INTEGER ReadOperationCount; 1289 LARGE_INTEGER WriteOperationCount; 1290 LARGE_INTEGER OtherOperationCount; 1291 LARGE_INTEGER ReadTransferCount; 1292 LARGE_INTEGER WriteTransferCount; 1293 LARGE_INTEGER OtherTransferCount; 1294 SIZE_T CommitChargeLimit; 1295 SIZE_T CommitChargePeak; 1296 PVOID AweInfo; 1297 SE_AUDIT_PROCESS_CREATION_INFO SeAuditProcessCreationInfo; 1298 MMSUPPORT Vm; 1299 #ifdef _M_AMD64 1300 ULONG Spares[2]; 1301 #else 1302 LIST_ENTRY MmProcessLinks; 1303 #endif 1304 ULONG ModifiedPageCount; 1305 #if (NTDDI_VERSION >= NTDDI_LONGHORN) 1306 union 1307 { 1308 struct 1309 { 1310 ULONG JobNotReallyActive:1; 1311 ULONG AccountingFolded:1; 1312 ULONG NewProcessReported:1; 1313 ULONG ExitProcessReported:1; 1314 ULONG ReportCommitChanges:1; 1315 ULONG LastReportMemory:1; 1316 ULONG ReportPhysicalPageChanges:1; 1317 ULONG HandleTableRundown:1; 1318 ULONG NeedsHandleRundown:1; 1319 ULONG RefTraceEnabled:1; 1320 ULONG NumaAware:1; 1321 ULONG ProtectedProcess:1; 1322 ULONG DefaultPagePriority:3; 1323 ULONG ProcessDeleteSelf:1; 1324 ULONG ProcessVerifierTarget:1; 1325 }; 1326 ULONG Flags2; 1327 }; 1328 #else 1329 ULONG JobStatus; 1330 #endif 1331 union 1332 { 1333 struct 1334 { 1335 ULONG CreateReported:1; 1336 ULONG NoDebugInherit:1; 1337 ULONG ProcessExiting:1; 1338 ULONG ProcessDelete:1; 1339 ULONG Wow64SplitPages:1; 1340 ULONG VmDeleted:1; 1341 ULONG OutswapEnabled:1; 1342 ULONG Outswapped:1; 1343 ULONG ForkFailed:1; 1344 ULONG Wow64VaSpace4Gb:1; 1345 ULONG AddressSpaceInitialized:2; 1346 ULONG SetTimerResolution:1; 1347 ULONG BreakOnTermination:1; 1348 #if (NTDDI_VERSION >= NTDDI_LONGHORN) 1349 ULONG DeprioritizeViews:1; 1350 #else 1351 ULONG SessionCreationUnderway:1; 1352 #endif 1353 ULONG WriteWatch:1; 1354 ULONG ProcessInSession:1; 1355 ULONG OverrideAddressSpace:1; 1356 ULONG HasAddressSpace:1; 1357 ULONG LaunchPrefetched:1; 1358 ULONG InjectInpageErrors:1; 1359 ULONG VmTopDown:1; 1360 ULONG ImageNotifyDone:1; 1361 ULONG PdeUpdateNeeded:1; 1362 ULONG VdmAllowed:1; 1363 ULONG SmapAllowed:1; 1364 #if (NTDDI_VERSION >= NTDDI_LONGHORN) 1365 ULONG ProcessInserted:1; 1366 #else 1367 ULONG CreateFailed:1; 1368 #endif 1369 ULONG DefaultIoPriority:3; 1370 #if (NTDDI_VERSION >= NTDDI_LONGHORN) 1371 ULONG SparePsFlags1:2; 1372 #else 1373 ULONG Spare1:1; 1374 ULONG Spare2:1; 1375 #endif 1376 }; 1377 ULONG Flags; 1378 }; 1379 NTSTATUS ExitStatus; 1380 #if (NTDDI_VERSION >= NTDDI_LONGHORN) 1381 USHORT Spare7; 1382 #else 1383 USHORT NextPageColor; 1384 #endif 1385 union 1386 { 1387 struct 1388 { 1389 UCHAR SubSystemMinorVersion; 1390 UCHAR SubSystemMajorVersion; 1391 }; 1392 USHORT SubSystemVersion; 1393 }; 1394 UCHAR PriorityClass; 1395 MM_AVL_TABLE VadRoot; 1396 ULONG Cookie; 1397 } EPROCESS; 1398 1399 // 1400 // Job Token Filter Data 1401 // 1402 #include <pshpack1.h> 1403 typedef struct _PS_JOB_TOKEN_FILTER 1404 { 1405 ULONG CapturedSidCount; 1406 PSID_AND_ATTRIBUTES CapturedSids; 1407 ULONG CapturedSidsLength; 1408 ULONG CapturedGroupCount; 1409 PSID_AND_ATTRIBUTES CapturedGroups; 1410 ULONG CapturedGroupsLength; 1411 ULONG CapturedPrivilegeCount; 1412 PLUID_AND_ATTRIBUTES CapturedPrivileges; 1413 ULONG CapturedPrivilegesLength; 1414 } PS_JOB_TOKEN_FILTER, *PPS_JOB_TOKEN_FILTER; 1415 1416 // 1417 // Executive Job (EJOB) 1418 // 1419 typedef struct _EJOB 1420 { 1421 KEVENT Event; 1422 LIST_ENTRY JobLinks; 1423 LIST_ENTRY ProcessListHead; 1424 ERESOURCE JobLock; 1425 LARGE_INTEGER TotalUserTime; 1426 LARGE_INTEGER TotalKernelTime; 1427 LARGE_INTEGER ThisPeriodTotalUserTime; 1428 LARGE_INTEGER ThisPeriodTotalKernelTime; 1429 ULONG TotalPageFaultCount; 1430 ULONG TotalProcesses; 1431 ULONG ActiveProcesses; 1432 ULONG TotalTerminatedProcesses; 1433 LARGE_INTEGER PerProcessUserTimeLimit; 1434 LARGE_INTEGER PerJobUserTimeLimit; 1435 ULONG LimitFlags; 1436 ULONG MinimumWorkingSetSize; 1437 ULONG MaximumWorkingSetSize; 1438 ULONG ActiveProcessLimit; 1439 ULONG Affinity; 1440 UCHAR PriorityClass; 1441 ULONG UIRestrictionsClass; 1442 ULONG SecurityLimitFlags; 1443 PVOID Token; 1444 PPS_JOB_TOKEN_FILTER Filter; 1445 ULONG EndOfJobTimeAction; 1446 PVOID CompletionPort; 1447 PVOID CompletionKey; 1448 ULONG SessionId; 1449 ULONG SchedulingClass; 1450 ULONGLONG ReadOperationCount; 1451 ULONGLONG WriteOperationCount; 1452 ULONGLONG OtherOperationCount; 1453 ULONGLONG ReadTransferCount; 1454 ULONGLONG WriteTransferCount; 1455 ULONGLONG OtherTransferCount; 1456 IO_COUNTERS IoInfo; 1457 ULONG ProcessMemoryLimit; 1458 ULONG JobMemoryLimit; 1459 ULONG PeakProcessMemoryUsed; 1460 ULONG PeakJobMemoryUsed; 1461 ULONG CurrentJobMemoryUsed; 1462 #if (NTDDI_VERSION >= NTDDI_WINXP) && (NTDDI_VERSION < NTDDI_WS03) 1463 FAST_MUTEX MemoryLimitsLock; 1464 #elif (NTDDI_VERSION >= NTDDI_WS03) && (NTDDI_VERSION < NTDDI_LONGHORN) 1465 KGUARDED_MUTEX MemoryLimitsLock; 1466 #elif (NTDDI_VERSION >= NTDDI_LONGHORN) 1467 EX_PUSH_LOCK MemoryLimitsLock; 1468 #endif 1469 LIST_ENTRY JobSetLinks; 1470 ULONG MemberLevel; 1471 ULONG JobFlags; 1472 } EJOB, *PEJOB; 1473 #include <poppack.h> 1474 1475 // 1476 // Job Information Structures for NtQueryInformationJobObject 1477 // 1478 1479 typedef struct _JOBOBJECT_BASIC_ACCOUNTING_INFORMATION 1480 { 1481 LARGE_INTEGER TotalUserTime; 1482 LARGE_INTEGER TotalKernelTime; 1483 LARGE_INTEGER ThisPeriodTotalUserTime; 1484 LARGE_INTEGER ThisPeriodTotalKernelTime; 1485 ULONG TotalPageFaultCount; 1486 ULONG TotalProcesses; 1487 ULONG ActiveProcesses; 1488 ULONG TotalTerminatedProcesses; 1489 } JOBOBJECT_BASIC_ACCOUNTING_INFORMATION, *PJOBOBJECT_BASIC_ACCOUNTING_INFORMATION; 1490 1491 typedef struct _JOBOBJECT_BASIC_LIMIT_INFORMATION 1492 { 1493 LARGE_INTEGER PerProcessUserTimeLimit; 1494 LARGE_INTEGER PerJobUserTimeLimit; 1495 ULONG LimitFlags; 1496 SIZE_T MinimumWorkingSetSize; 1497 SIZE_T MaximumWorkingSetSize; 1498 ULONG ActiveProcessLimit; 1499 ULONG_PTR Affinity; 1500 ULONG PriorityClass; 1501 ULONG SchedulingClass; 1502 } JOBOBJECT_BASIC_LIMIT_INFORMATION, *PJOBOBJECT_BASIC_LIMIT_INFORMATION; 1503 1504 typedef struct _JOBOBJECT_BASIC_PROCESS_ID_LIST 1505 { 1506 ULONG NumberOfAssignedProcesses; 1507 ULONG NumberOfProcessIdsInList; 1508 ULONG_PTR ProcessIdList[1]; 1509 } JOBOBJECT_BASIC_PROCESS_ID_LIST, *PJOBOBJECT_BASIC_PROCESS_ID_LIST; 1510 1511 typedef struct _JOBOBJECT_BASIC_UI_RESTRICTIONS 1512 { 1513 ULONG UIRestrictionsClass; 1514 } JOBOBJECT_BASIC_UI_RESTRICTIONS, *PJOBOBJECT_BASIC_UI_RESTRICTIONS; 1515 1516 typedef struct _JOBOBJECT_SECURITY_LIMIT_INFORMATION 1517 { 1518 ULONG SecurityLimitFlags; 1519 HANDLE JobToken; 1520 PTOKEN_GROUPS SidsToDisable; 1521 PTOKEN_PRIVILEGES PrivilegesToDelete; 1522 PTOKEN_GROUPS RestrictedSids; 1523 } JOBOBJECT_SECURITY_LIMIT_INFORMATION, *PJOBOBJECT_SECURITY_LIMIT_INFORMATION; 1524 1525 typedef struct _JOBOBJECT_END_OF_JOB_TIME_INFORMATION 1526 { 1527 ULONG EndOfJobTimeAction; 1528 } JOBOBJECT_END_OF_JOB_TIME_INFORMATION, PJOBOBJECT_END_OF_JOB_TIME_INFORMATION; 1529 1530 typedef struct _JOBOBJECT_ASSOCIATE_COMPLETION_PORT 1531 { 1532 PVOID CompletionKey; 1533 HANDLE CompletionPort; 1534 } JOBOBJECT_ASSOCIATE_COMPLETION_PORT, *PJOBOBJECT_ASSOCIATE_COMPLETION_PORT; 1535 1536 typedef struct JOBOBJECT_BASIC_AND_IO_ACCOUNTING_INFORMATION 1537 { 1538 JOBOBJECT_BASIC_ACCOUNTING_INFORMATION BasicInfo; 1539 IO_COUNTERS IoInfo; 1540 } JOBOBJECT_BASIC_AND_IO_ACCOUNTING_INFORMATION, *PJOBOBJECT_BASIC_AND_IO_ACCOUNTING_INFORMATION; 1541 1542 typedef struct _JOBOBJECT_EXTENDED_LIMIT_INFORMATION 1543 { 1544 JOBOBJECT_BASIC_LIMIT_INFORMATION BasicLimitInformation; 1545 IO_COUNTERS IoInfo; 1546 SIZE_T ProcessMemoryLimit; 1547 SIZE_T JobMemoryLimit; 1548 SIZE_T PeakProcessMemoryUsed; 1549 SIZE_T PeakJobMemoryUsed; 1550 } JOBOBJECT_EXTENDED_LIMIT_INFORMATION, *PJOBOBJECT_EXTENDED_LIMIT_INFORMATION; 1551 1552 1553 // 1554 // Win32K Callback Registration Data 1555 // 1556 typedef struct _WIN32_POWEREVENT_PARAMETERS 1557 { 1558 PSPOWEREVENTTYPE EventNumber; 1559 ULONG Code; 1560 } WIN32_POWEREVENT_PARAMETERS, *PWIN32_POWEREVENT_PARAMETERS; 1561 1562 typedef struct _WIN32_POWERSTATE_PARAMETERS 1563 { 1564 UCHAR Promotion; 1565 POWER_ACTION SystemAction; 1566 SYSTEM_POWER_STATE MinSystemState; 1567 ULONG Flags; 1568 POWERSTATETASK PowerStateTask; 1569 } WIN32_POWERSTATE_PARAMETERS, *PWIN32_POWERSTATE_PARAMETERS; 1570 1571 typedef struct _WIN32_JOBCALLOUT_PARAMETERS 1572 { 1573 PVOID Job; 1574 PSW32JOBCALLOUTTYPE CalloutType; 1575 PVOID Data; 1576 } WIN32_JOBCALLOUT_PARAMETERS, *PWIN32_JOBCALLOUT_PARAMETERS; 1577 1578 typedef struct _WIN32_OPENMETHOD_PARAMETERS 1579 { 1580 OB_OPEN_REASON OpenReason; 1581 PEPROCESS Process; 1582 PVOID Object; 1583 ULONG GrantedAccess; 1584 ULONG HandleCount; 1585 } WIN32_OPENMETHOD_PARAMETERS, *PWIN32_OPENMETHOD_PARAMETERS; 1586 1587 typedef struct _WIN32_OKAYTOCLOSEMETHOD_PARAMETERS 1588 { 1589 PEPROCESS Process; 1590 PVOID Object; 1591 HANDLE Handle; 1592 KPROCESSOR_MODE PreviousMode; 1593 } WIN32_OKAYTOCLOSEMETHOD_PARAMETERS, *PWIN32_OKAYTOCLOSEMETHOD_PARAMETERS; 1594 1595 typedef struct _WIN32_CLOSEMETHOD_PARAMETERS 1596 { 1597 PEPROCESS Process; 1598 PVOID Object; 1599 ACCESS_MASK AccessMask; 1600 ULONG ProcessHandleCount; 1601 ULONG SystemHandleCount; 1602 } WIN32_CLOSEMETHOD_PARAMETERS, *PWIN32_CLOSEMETHOD_PARAMETERS; 1603 1604 typedef struct _WIN32_DELETEMETHOD_PARAMETERS 1605 { 1606 PVOID Object; 1607 } WIN32_DELETEMETHOD_PARAMETERS, *PWIN32_DELETEMETHOD_PARAMETERS; 1608 1609 typedef struct _WIN32_PARSEMETHOD_PARAMETERS 1610 { 1611 PVOID ParseObject; 1612 PVOID ObjectType; 1613 PACCESS_STATE AccessState; 1614 KPROCESSOR_MODE AccessMode; 1615 ULONG Attributes; 1616 _Out_ PUNICODE_STRING CompleteName; 1617 PUNICODE_STRING RemainingName; 1618 PVOID Context; 1619 PSECURITY_QUALITY_OF_SERVICE SecurityQos; 1620 PVOID *Object; 1621 } WIN32_PARSEMETHOD_PARAMETERS, *PWIN32_PARSEMETHOD_PARAMETERS; 1622 1623 typedef struct _WIN32_CALLOUTS_FPNS 1624 { 1625 PKWIN32_PROCESS_CALLOUT ProcessCallout; 1626 PKWIN32_THREAD_CALLOUT ThreadCallout; 1627 PKWIN32_GLOBALATOMTABLE_CALLOUT GlobalAtomTableCallout; 1628 PKWIN32_POWEREVENT_CALLOUT PowerEventCallout; 1629 PKWIN32_POWERSTATE_CALLOUT PowerStateCallout; 1630 PKWIN32_JOB_CALLOUT JobCallout; 1631 PGDI_BATCHFLUSH_ROUTINE BatchFlushRoutine; 1632 PKWIN32_SESSION_CALLOUT DesktopOpenProcedure; 1633 PKWIN32_SESSION_CALLOUT DesktopOkToCloseProcedure; 1634 PKWIN32_SESSION_CALLOUT DesktopCloseProcedure; 1635 PKWIN32_SESSION_CALLOUT DesktopDeleteProcedure; 1636 PKWIN32_SESSION_CALLOUT WindowStationOkToCloseProcedure; 1637 PKWIN32_SESSION_CALLOUT WindowStationCloseProcedure; 1638 PKWIN32_SESSION_CALLOUT WindowStationDeleteProcedure; 1639 PKWIN32_SESSION_CALLOUT WindowStationParseProcedure; 1640 PKWIN32_SESSION_CALLOUT WindowStationOpenProcedure; 1641 #if (NTDDI_VERSION >= NTDDI_LONGHORN) 1642 PKWIN32_WIN32DATACOLLECTION_CALLOUT Win32DataCollectionProcedure; 1643 #endif 1644 } WIN32_CALLOUTS_FPNS, *PWIN32_CALLOUTS_FPNS; 1645 1646 #endif // !NTOS_MODE_USER 1647 1648 #ifdef __cplusplus 1649 }; // extern "C" 1650 #endif 1651 1652 #endif // _PSTYPES_H 1653