1 /* Version definitions */ 2 #undef NTDDI_VERSION 3 #define NTDDI_VERSION NTDDI_WIN10 4 #undef _WIN32_WINNT 5 #define _WIN32_WINNT _WIN32_WINNT_WIN10 6 7 #include <ntifs.h> 8 #include <ndk/ntndk.h> 9 10 #define C_ASSERT_FIELD(Type, Offset, MemberType, MemberName) \ 11 C_ASSERT(FIELD_OFFSET(Type, MemberName) == Offset); \ 12 C_ASSERT(FIELD_SIZE(Type, MemberName) == sizeof(MemberType)); 13 14 /* KTHREAD */ 15 C_ASSERT_FIELD(KTHREAD, 0x000, DISPATCHER_HEADER, Header) 16 C_ASSERT_FIELD(KTHREAD, 0x010, PVOID, SListFaultAddress) 17 C_ASSERT_FIELD(KTHREAD, 0x018, ULONG64, QuantumTarget) 18 C_ASSERT_FIELD(KTHREAD, 0x020, PVOID, InitialStack) 19 C_ASSERT_FIELD(KTHREAD, 0x024, PVOID, StackLimit) 20 C_ASSERT_FIELD(KTHREAD, 0x028, PVOID, StackBase) 21 C_ASSERT_FIELD(KTHREAD, 0x02C, ULONG, ThreadLock) 22 C_ASSERT_FIELD(KTHREAD, 0x030, ULONG64, CycleTime) 23 C_ASSERT_FIELD(KTHREAD, 0x038, ULONG, HighCycleTime) 24 C_ASSERT_FIELD(KTHREAD, 0x03C, PVOID, ServiceTable) 25 C_ASSERT_FIELD(KTHREAD, 0x040, ULONG, CurrentRunTime) 26 C_ASSERT_FIELD(KTHREAD, 0x044, ULONG, ExpectedRunTime) 27 C_ASSERT_FIELD(KTHREAD, 0x048, PVOID, KernelStack) 28 C_ASSERT_FIELD(KTHREAD, 0x04C, PXSAVE_FORMAT, StateSaveArea) 29 C_ASSERT_FIELD(KTHREAD, 0x050, struct _KSCHEDULING_GROUP*, SchedulingGroup) 30 C_ASSERT_FIELD(KTHREAD, 0x054, KWAIT_STATUS_REGISTER, WaitRegister) 31 C_ASSERT_FIELD(KTHREAD, 0x055, UCHAR, Running) 32 C_ASSERT_FIELD(KTHREAD, 0x056, UCHAR[2], Alerted) 33 C_ASSERT_FIELD(KTHREAD, 0x058, LONG, MiscFlags) 34 C_ASSERT_FIELD(KTHREAD, 0x05C, LONG, ThreadFlags) 35 C_ASSERT_FIELD(KTHREAD, 0x060, UCHAR, Tag) 36 C_ASSERT_FIELD(KTHREAD, 0x061, UCHAR, SystemHeteroCpuPolicy) 37 C_ASSERT_FIELD(KTHREAD, 0x063, UCHAR, Spare0) 38 C_ASSERT_FIELD(KTHREAD, 0x064, ULONG, SystemCallNumber) 39 C_ASSERT_FIELD(KTHREAD, 0x068, PVOID, FirstArgument) 40 C_ASSERT_FIELD(KTHREAD, 0x06C, PKTRAP_FRAME, TrapFrame) 41 C_ASSERT_FIELD(KTHREAD, 0x070, KAPC_STATE, ApcState) 42 C_ASSERT_FIELD(KTHREAD, 0x088, ULONG, UserIdealProcessor) 43 C_ASSERT_FIELD(KTHREAD, 0x08C, ULONG, ContextSwitches) 44 C_ASSERT_FIELD(KTHREAD, 0x090, UCHAR, State) 45 //C_ASSERT_FIELD(KTHREAD, 0x091, CHAR, Spare12) 46 C_ASSERT_FIELD(KTHREAD, 0x092, UCHAR, WaitIrql) 47 C_ASSERT_FIELD(KTHREAD, 0x093, CHAR, WaitMode) 48 C_ASSERT_FIELD(KTHREAD, 0x094, LONG, WaitStatus) 49 C_ASSERT_FIELD(KTHREAD, 0x098, PKWAIT_BLOCK, WaitBlockList) 50 C_ASSERT_FIELD(KTHREAD, 0x09C, LIST_ENTRY, WaitListEntry) 51 C_ASSERT_FIELD(KTHREAD, 0x09C, SINGLE_LIST_ENTRY, SwapListEntry) 52 C_ASSERT_FIELD(KTHREAD, 0x0A4, PDISPATCHER_HEADER, Queue) 53 C_ASSERT_FIELD(KTHREAD, 0x0A8, PVOID, Teb) 54 C_ASSERT_FIELD(KTHREAD, 0x0B0, ULONG64, RelativeTimerBias) 55 C_ASSERT_FIELD(KTHREAD, 0x0B8, KTIMER, Timer) 56 C_ASSERT_FIELD(KTHREAD, 0x0E0, KWAIT_BLOCK[4], WaitBlock) 57 C_ASSERT_FIELD(KTHREAD, 0x0F4, PKTHREAD_COUNTERS, ThreadCounters) 58 C_ASSERT_FIELD(KTHREAD, 0x10C, PXSTATE_SAVE, XStateSave) 59 C_ASSERT_FIELD(KTHREAD, 0x124, PVOID, Win32Thread) 60 C_ASSERT_FIELD(KTHREAD, 0x138, ULONG, WaitTime) 61 C_ASSERT_FIELD(KTHREAD, 0x13C, SHORT, KernelApcDisable) 62 C_ASSERT_FIELD(KTHREAD, 0x13E, SHORT, SpecialApcDisable) 63 C_ASSERT_FIELD(KTHREAD, 0x13C, ULONG, CombinedApcDisable) 64 C_ASSERT_FIELD(KTHREAD, 0x140, LIST_ENTRY, QueueListEntry) 65 C_ASSERT_FIELD(KTHREAD, 0x148, ULONG, NextProcessor) 66 C_ASSERT_FIELD(KTHREAD, 0x14C, LONG, QueuePriority) 67 C_ASSERT_FIELD(KTHREAD, 0x150, PKPROCESS, Process) 68 C_ASSERT_FIELD(KTHREAD, 0x154, GROUP_AFFINITY, UserAffinity) 69 C_ASSERT_FIELD(KTHREAD, 0x15A, CHAR, PreviousMode) 70 C_ASSERT_FIELD(KTHREAD, 0x15B, CHAR, BasePriority) 71 C_ASSERT_FIELD(KTHREAD, 0x15C, CHAR, PriorityDecrement) 72 C_ASSERT_FIELD(KTHREAD, 0x15D, UCHAR, Preempted) 73 C_ASSERT_FIELD(KTHREAD, 0x15E, UCHAR, AdjustReason) 74 C_ASSERT_FIELD(KTHREAD, 0x15F, CHAR, AdjustIncrement) 75 C_ASSERT_FIELD(KTHREAD, 0x160, ULONG, AffinityVersion) 76 C_ASSERT_FIELD(KTHREAD, 0x164, GROUP_AFFINITY, Affinity) 77 C_ASSERT_FIELD(KTHREAD, 0x16A, UCHAR, ApcStateIndex) 78 C_ASSERT_FIELD(KTHREAD, 0x16B, UCHAR, WaitBlockCount) 79 C_ASSERT_FIELD(KTHREAD, 0x16C, ULONG, IdealProcessor) 80 C_ASSERT_FIELD(KTHREAD, 0x174, KAPC_STATE, SavedApcState) 81 C_ASSERT_FIELD(KTHREAD, 0x18B, UCHAR, WaitReason) 82 C_ASSERT_FIELD(KTHREAD, 0x18C, CHAR, SuspendCount) 83 C_ASSERT_FIELD(KTHREAD, 0x18D, CHAR, Saturation) 84 C_ASSERT_FIELD(KTHREAD, 0x18E, USHORT, SListFaultCount) 85 C_ASSERT_FIELD(KTHREAD, 0x190, KAPC, SchedulerApc) 86 C_ASSERT_FIELD(KTHREAD, 0x191, UCHAR, ResourceIndex) 87 C_ASSERT_FIELD(KTHREAD, 0x193, UCHAR, QuantumReset) 88 C_ASSERT_FIELD(KTHREAD, 0x194, ULONG, KernelTime) 89 C_ASSERT_FIELD(KTHREAD, 0x1B4, PKPRCB, WaitPrcb) 90 C_ASSERT_FIELD(KTHREAD, 0x1B8, PVOID, LegoData) 91 C_ASSERT_FIELD(KTHREAD, 0x1BF, UCHAR, CallbackNestingLevel) 92 C_ASSERT_FIELD(KTHREAD, 0x1C0, ULONG, UserTime) 93 C_ASSERT_FIELD(KTHREAD, 0x1C4, KEVENT, SuspendEvent) 94 C_ASSERT_FIELD(KTHREAD, 0x1D4, LIST_ENTRY, ThreadListEntry) 95 C_ASSERT_FIELD(KTHREAD, 0x1DC, LIST_ENTRY, MutantListHead) 96 C_ASSERT_FIELD(KTHREAD, 0x1E4, UCHAR, AbEntrySummary) 97 C_ASSERT_FIELD(KTHREAD, 0x1E5, UCHAR, AbWaitEntryCount) 98 C_ASSERT_FIELD(KTHREAD, 0x1E6, USHORT, Spare20) 99 C_ASSERT_FIELD(KTHREAD, 0x1E8, KLOCK_ENTRY[6], LockEntries) 100 C_ASSERT_FIELD(KTHREAD, 0x308, SINGLE_LIST_ENTRY, PropagateBoostsEntry) 101 C_ASSERT_FIELD(KTHREAD, 0x30C, SINGLE_LIST_ENTRY, IoSelfBoostsEntry) 102 C_ASSERT_FIELD(KTHREAD, 0x310, UCHAR[16], PriorityFloorCounts) 103 C_ASSERT_FIELD(KTHREAD, 0x320, ULONG, PriorityFloorSummary) 104 C_ASSERT_FIELD(KTHREAD, 0x324, LONG, AbCompletedIoBoostCount) 105 C_ASSERT_FIELD(KTHREAD, 0x328, SHORT, KeReferenceCount) 106 C_ASSERT_FIELD(KTHREAD, 0x32A, UCHAR, AbOrphanedEntrySummary) 107 C_ASSERT_FIELD(KTHREAD, 0x32B, UCHAR, AbOwnedEntryCount) 108 C_ASSERT_FIELD(KTHREAD, 0x32C, ULONG, ForegroundLossTime) 109 C_ASSERT_FIELD(KTHREAD, 0x330, LIST_ENTRY, GlobalForegroundListEntry) 110 C_ASSERT_FIELD(KTHREAD, 0x330, SINGLE_LIST_ENTRY, ForegroundDpcStackListEntry) 111 C_ASSERT_FIELD(KTHREAD, 0x334, ULONG, InGlobalForegroundList) 112 C_ASSERT_FIELD(KTHREAD, 0x338, struct _KSCB*, QueuedScb) 113 C_ASSERT_FIELD(KTHREAD, 0x340, ULONG64, NpxState) 114 115 /* TEB */ 116 C_ASSERT_FIELD(TEB, 0x000, NT_TIB, NtTib) 117 C_ASSERT_FIELD(TEB, 0x01c, ULONG, EnvironmentPointer) 118 C_ASSERT_FIELD(TEB, 0x020, CLIENT_ID, ClientId) 119 C_ASSERT_FIELD(TEB, 0x028, ULONG, ActiveRpcHandle) 120 C_ASSERT_FIELD(TEB, 0x02c, ULONG, ThreadLocalStoragePointer) 121 C_ASSERT_FIELD(TEB, 0x030, ULONG, ProcessEnvironmentBlock) 122 C_ASSERT_FIELD(TEB, 0x034, ULONG, LastErrorValue) 123 C_ASSERT_FIELD(TEB, 0x038, ULONG, CountOfOwnedCriticalSections) 124 C_ASSERT_FIELD(TEB, 0x03c, ULONG, CsrClientThread) 125 C_ASSERT_FIELD(TEB, 0x040, ULONG, Win32ThreadInfo) 126 C_ASSERT_FIELD(TEB, 0x044, ULONG[26], User32Reserved) 127 C_ASSERT_FIELD(TEB, 0x0ac, ULONG[5], UserReserved) 128 C_ASSERT_FIELD(TEB, 0x0c0, ULONG, WOW32Reserved) 129 C_ASSERT_FIELD(TEB, 0x0c4, ULONG, CurrentLocale) 130 C_ASSERT_FIELD(TEB, 0x0c8, ULONG, FpSoftwareStatusRegister) 131 C_ASSERT_FIELD(TEB, 0x0CC, ULONG[16], ReservedForDebuggerInstrumentation) 132 //C_ASSERT_FIELD(TEB, 0x10c, ULONG[30], SystemReserved1) 133 //C_ASSERT_FIELD(TEB, 0x184, ACTIVATION_CONTEXT_STACK, _ActivationStack) 134 //C_ASSERT_FIELD(TEB, 0x19C, UCHAR[8], WorkingOnBehalfTicket) 135 C_ASSERT_FIELD(TEB, 0x1a4, LONG, ExceptionCode) 136 C_ASSERT_FIELD(TEB, 0x1a8, ULONG, ActivationContextStackPointer) 137 C_ASSERT_FIELD(TEB, 0x1AC, ULONG, InstrumentationCallbackSp) 138 C_ASSERT_FIELD(TEB, 0x1B0, ULONG, InstrumentationCallbackPreviousPc) 139 C_ASSERT_FIELD(TEB, 0x1B4, ULONG, InstrumentationCallbackPreviousSp) 140 C_ASSERT_FIELD(TEB, 0x1B8, UCHAR, InstrumentationCallbackDisabled) 141 C_ASSERT_FIELD(TEB, 0x1b9, UCHAR[23], SpareBytes) 142 C_ASSERT_FIELD(TEB, 0x1d0, ULONG, TxFsContext) 143 C_ASSERT_FIELD(TEB, 0x1d4, GDI_TEB_BATCH, GdiTebBatch) 144 C_ASSERT_FIELD(TEB, 0x6b4, CLIENT_ID, RealClientId) 145 C_ASSERT_FIELD(TEB, 0x6bc, ULONG, GdiCachedProcessHandle) 146 C_ASSERT_FIELD(TEB, 0x6c0, ULONG, GdiClientPID) 147 C_ASSERT_FIELD(TEB, 0x6c4, ULONG, GdiClientTID) 148 C_ASSERT_FIELD(TEB, 0x6c8, ULONG, GdiThreadLocalInfo) 149 C_ASSERT_FIELD(TEB, 0x6cc, ULONG[62], Win32ClientInfo) 150 C_ASSERT_FIELD(TEB, 0x7c4, ULONG[233], glDispatchTable) 151 C_ASSERT_FIELD(TEB, 0xb68, ULONG[29], glReserved1) 152 C_ASSERT_FIELD(TEB, 0xbdc, ULONG, glReserved2) 153 C_ASSERT_FIELD(TEB, 0xbe0, ULONG, glSectionInfo) 154 C_ASSERT_FIELD(TEB, 0xbe4, ULONG, glSection) 155 C_ASSERT_FIELD(TEB, 0xbe8, ULONG, glTable) 156 C_ASSERT_FIELD(TEB, 0xbec, ULONG, glCurrentRC) 157 C_ASSERT_FIELD(TEB, 0xbf0, ULONG, glContext) 158 C_ASSERT_FIELD(TEB, 0xbf4, ULONG, LastStatusValue) 159 C_ASSERT_FIELD(TEB, 0xbf8, STRING, StaticUnicodeString) 160 C_ASSERT_FIELD(TEB, 0xc00, WCHAR[261], StaticUnicodeBuffer) 161 C_ASSERT_FIELD(TEB, 0xe0c, ULONG, DeallocationStack) 162 C_ASSERT_FIELD(TEB, 0xe10, ULONG[64], TlsSlots) 163 C_ASSERT_FIELD(TEB, 0xf10, LIST_ENTRY, TlsLinks) 164 C_ASSERT_FIELD(TEB, 0xf18, ULONG, Vdm) 165 C_ASSERT_FIELD(TEB, 0xf1c, ULONG, ReservedForNtRpc) 166 C_ASSERT_FIELD(TEB, 0xf20, ULONG[2], DbgSsReserved) 167 C_ASSERT_FIELD(TEB, 0xf28, ULONG, HardErrorMode) 168 C_ASSERT_FIELD(TEB, 0xf2c, ULONG[9], Instrumentation) 169 C_ASSERT_FIELD(TEB, 0xf50, GUID, ActivityId) 170 C_ASSERT_FIELD(TEB, 0xf60, ULONG, SubProcessTag) 171 C_ASSERT_FIELD(TEB, 0xf64, ULONG, PerflibData) 172 C_ASSERT_FIELD(TEB, 0xf68, ULONG, EtwTraceData) 173 C_ASSERT_FIELD(TEB, 0xf6c, ULONG, WinSockData) 174 C_ASSERT_FIELD(TEB, 0xf70, ULONG, GdiBatchCount) 175 C_ASSERT_FIELD(TEB, 0xf74, PROCESSOR_NUMBER, CurrentIdealProcessor) 176 C_ASSERT_FIELD(TEB, 0xf74, ULONG, IdealProcessorValue) 177 C_ASSERT_FIELD(TEB, 0xf74, UCHAR, ReservedPad0) 178 C_ASSERT_FIELD(TEB, 0xf75, UCHAR, ReservedPad1) 179 C_ASSERT_FIELD(TEB, 0xf76, UCHAR, ReservedPad2) 180 C_ASSERT_FIELD(TEB, 0xf77, UCHAR, IdealProcessor) 181 C_ASSERT_FIELD(TEB, 0xf78, ULONG, GuaranteedStackBytes) 182 C_ASSERT_FIELD(TEB, 0xf7c, ULONG, ReservedForPerf) 183 C_ASSERT_FIELD(TEB, 0xf80, ULONG, ReservedForOle) 184 C_ASSERT_FIELD(TEB, 0xf84, ULONG, WaitingOnLoaderLock) 185 C_ASSERT_FIELD(TEB, 0xf88, ULONG, SavedPriorityState) 186 C_ASSERT_FIELD(TEB, 0xf8c, ULONG, ReservedForCodeCoverage) 187 C_ASSERT_FIELD(TEB, 0xf90, ULONG, ThreadPoolData) 188 C_ASSERT_FIELD(TEB, 0xf94, ULONG, TlsExpansionSlots) 189 C_ASSERT_FIELD(TEB, 0xf98, ULONG, MuiGeneration) 190 C_ASSERT_FIELD(TEB, 0xf9c, ULONG, IsImpersonating) 191 C_ASSERT_FIELD(TEB, 0xfa0, ULONG, NlsCache) 192 C_ASSERT_FIELD(TEB, 0xfa4, ULONG, pShimData) 193 C_ASSERT_FIELD(TEB, 0xfa8, USHORT, HeapVirtualAffinity) 194 C_ASSERT_FIELD(TEB, 0xFAA, USHORT, LowFragHeapDataSlot) 195 C_ASSERT_FIELD(TEB, 0xfac, ULONG, CurrentTransactionHandle) 196 C_ASSERT_FIELD(TEB, 0xfb0, ULONG, ActiveFrame) 197 C_ASSERT_FIELD(TEB, 0xfb4, ULONG, FlsData) 198 C_ASSERT_FIELD(TEB, 0xfb8, ULONG, PreferredLanguages) 199 C_ASSERT_FIELD(TEB, 0xfbc, ULONG, UserPrefLanguages) 200 C_ASSERT_FIELD(TEB, 0xfc0, ULONG, MergedPrefLanguages) 201 C_ASSERT_FIELD(TEB, 0xfc4, ULONG, MuiImpersonation) 202 C_ASSERT_FIELD(TEB, 0xfc8, USHORT, CrossTebFlags) 203 C_ASSERT_FIELD(TEB, 0xfca, USHORT, SameTebFlags) 204 C_ASSERT_FIELD(TEB, 0xfcc, ULONG, TxnScopeEnterCallback) 205 C_ASSERT_FIELD(TEB, 0xfd0, ULONG, TxnScopeExitCallback) 206 C_ASSERT_FIELD(TEB, 0xfd4, ULONG, TxnScopeContext) 207 C_ASSERT_FIELD(TEB, 0xfd8, ULONG, LockCount) 208 C_ASSERT_FIELD(TEB, 0xfdc, ULONG, WowTebOffset) 209 C_ASSERT_FIELD(TEB, 0xfe0, ULONG, ResourceRetValue) 210 C_ASSERT_FIELD(TEB, 0xFE4, ULONG, ReservedForWdf) 211 C_ASSERT_FIELD(TEB, 0xFE8, ULONG64, ReservedForCrt) 212 C_ASSERT_FIELD(TEB, 0xFF0, GUID, EffectiveContainerId) 213