/****************************************************************************** * Process Manager Types * ******************************************************************************/ $if (_WDMDDK_) #define QUOTA_LIMITS_HARDWS_MIN_ENABLE 0x00000001 #define QUOTA_LIMITS_HARDWS_MIN_DISABLE 0x00000002 #define QUOTA_LIMITS_HARDWS_MAX_ENABLE 0x00000004 #define QUOTA_LIMITS_HARDWS_MAX_DISABLE 0x00000008 #define QUOTA_LIMITS_USE_DEFAULT_LIMITS 0x00000010 /* Thread Access Rights */ #define THREAD_TERMINATE 0x0001 #define THREAD_SUSPEND_RESUME 0x0002 #define THREAD_ALERT 0x0004 #define THREAD_GET_CONTEXT 0x0008 #define THREAD_SET_CONTEXT 0x0010 #define THREAD_SET_INFORMATION 0x0020 #define THREAD_SET_LIMITED_INFORMATION 0x0400 #define THREAD_QUERY_LIMITED_INFORMATION 0x0800 #define PROCESS_DUP_HANDLE (0x0040) #if (NTDDI_VERSION >= NTDDI_VISTA) #define PROCESS_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | 0xFFFF) #else #define PROCESS_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | 0xFFF) #endif #if (NTDDI_VERSION >= NTDDI_VISTA) #define THREAD_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | 0xFFFF) #else #define THREAD_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | 0x3FF) #endif #define LOW_PRIORITY 0 #define LOW_REALTIME_PRIORITY 16 #define HIGH_PRIORITY 31 #define MAXIMUM_PRIORITY 32 $endif (_WDMDDK_) $if (_NTDDK_) #define QUOTA_LIMITS_HARDWS_MIN_ENABLE 0x00000001 #define QUOTA_LIMITS_HARDWS_MIN_DISABLE 0x00000002 #define QUOTA_LIMITS_HARDWS_MAX_ENABLE 0x00000004 #define QUOTA_LIMITS_HARDWS_MAX_DISABLE 0x00000008 #define QUOTA_LIMITS_USE_DEFAULT_LIMITS 0x00000010 typedef struct _QUOTA_LIMITS { SIZE_T PagedPoolLimit; SIZE_T NonPagedPoolLimit; SIZE_T MinimumWorkingSetSize; SIZE_T MaximumWorkingSetSize; SIZE_T PagefileLimit; LARGE_INTEGER TimeLimit; } QUOTA_LIMITS, *PQUOTA_LIMITS; typedef union _RATE_QUOTA_LIMIT { ULONG RateData; _ANONYMOUS_STRUCT struct { ULONG RatePercent:7; ULONG Reserved0:25; } DUMMYSTRUCTNAME; } RATE_QUOTA_LIMIT, *PRATE_QUOTA_LIMIT; typedef struct _QUOTA_LIMITS_EX { SIZE_T PagedPoolLimit; SIZE_T NonPagedPoolLimit; SIZE_T MinimumWorkingSetSize; SIZE_T MaximumWorkingSetSize; SIZE_T PagefileLimit; LARGE_INTEGER TimeLimit; SIZE_T WorkingSetLimit; SIZE_T Reserved2; SIZE_T Reserved3; SIZE_T Reserved4; ULONG Flags; RATE_QUOTA_LIMIT CpuRateLimit; } QUOTA_LIMITS_EX, *PQUOTA_LIMITS_EX; typedef struct _IO_COUNTERS { ULONGLONG ReadOperationCount; ULONGLONG WriteOperationCount; ULONGLONG OtherOperationCount; ULONGLONG ReadTransferCount; ULONGLONG WriteTransferCount; ULONGLONG OtherTransferCount; } IO_COUNTERS, *PIO_COUNTERS; typedef struct _VM_COUNTERS { SIZE_T PeakVirtualSize; SIZE_T VirtualSize; ULONG PageFaultCount; SIZE_T PeakWorkingSetSize; SIZE_T WorkingSetSize; SIZE_T QuotaPeakPagedPoolUsage; SIZE_T QuotaPagedPoolUsage; SIZE_T QuotaPeakNonPagedPoolUsage; SIZE_T QuotaNonPagedPoolUsage; SIZE_T PagefileUsage; SIZE_T PeakPagefileUsage; } VM_COUNTERS, *PVM_COUNTERS; typedef struct _VM_COUNTERS_EX { SIZE_T PeakVirtualSize; SIZE_T VirtualSize; ULONG PageFaultCount; SIZE_T PeakWorkingSetSize; SIZE_T WorkingSetSize; SIZE_T QuotaPeakPagedPoolUsage; SIZE_T QuotaPagedPoolUsage; SIZE_T QuotaPeakNonPagedPoolUsage; SIZE_T QuotaNonPagedPoolUsage; SIZE_T PagefileUsage; SIZE_T PeakPagefileUsage; SIZE_T PrivateUsage; } VM_COUNTERS_EX, *PVM_COUNTERS_EX; #define MAX_HW_COUNTERS 16 #define THREAD_PROFILING_FLAG_DISPATCH 0x00000001 typedef enum _HARDWARE_COUNTER_TYPE { PMCCounter, MaxHardwareCounterType } HARDWARE_COUNTER_TYPE, *PHARDWARE_COUNTER_TYPE; typedef struct _HARDWARE_COUNTER { HARDWARE_COUNTER_TYPE Type; ULONG Reserved; ULONG64 Index; } HARDWARE_COUNTER, *PHARDWARE_COUNTER; typedef struct _POOLED_USAGE_AND_LIMITS { SIZE_T PeakPagedPoolUsage; SIZE_T PagedPoolUsage; SIZE_T PagedPoolLimit; SIZE_T PeakNonPagedPoolUsage; SIZE_T NonPagedPoolUsage; SIZE_T NonPagedPoolLimit; SIZE_T PeakPagefileUsage; SIZE_T PagefileUsage; SIZE_T PagefileLimit; } POOLED_USAGE_AND_LIMITS, *PPOOLED_USAGE_AND_LIMITS; typedef struct _PROCESS_ACCESS_TOKEN { HANDLE Token; HANDLE Thread; } PROCESS_ACCESS_TOKEN, *PPROCESS_ACCESS_TOKEN; #define PROCESS_EXCEPTION_PORT_ALL_STATE_BITS 0x00000003UL #define PROCESS_EXCEPTION_PORT_ALL_STATE_FLAGS ((ULONG_PTR)((1UL << PROCESS_EXCEPTION_PORT_ALL_STATE_BITS) - 1)) typedef struct _PROCESS_EXCEPTION_PORT { _In_ HANDLE ExceptionPortHandle; _Inout_ ULONG StateFlags; } PROCESS_EXCEPTION_PORT, *PPROCESS_EXCEPTION_PORT; typedef VOID (NTAPI *PCREATE_PROCESS_NOTIFY_ROUTINE)( _In_ HANDLE ParentId, _In_ HANDLE ProcessId, _In_ BOOLEAN Create); typedef struct _PS_CREATE_NOTIFY_INFO { _In_ SIZE_T Size; _ANONYMOUS_UNION union { _In_ ULONG Flags; _ANONYMOUS_STRUCT struct { _In_ ULONG FileOpenNameAvailable:1; _In_ ULONG Reserved:31; } DUMMYSTRUCTNAME; } DUMMYUNIONNAME; _In_ HANDLE ParentProcessId; _In_ CLIENT_ID CreatingThreadId; _Inout_ struct _FILE_OBJECT *FileObject; _In_ PCUNICODE_STRING ImageFileName; _In_opt_ PCUNICODE_STRING CommandLine; _Inout_ NTSTATUS CreationStatus; } PS_CREATE_NOTIFY_INFO, *PPS_CREATE_NOTIFY_INFO; typedef VOID (NTAPI *PCREATE_PROCESS_NOTIFY_ROUTINE_EX)( _Inout_ PEPROCESS Process, _In_ HANDLE ProcessId, _Inout_opt_ PPS_CREATE_NOTIFY_INFO CreateInfo); typedef VOID (NTAPI *PCREATE_THREAD_NOTIFY_ROUTINE)( _In_ HANDLE ProcessId, _In_ HANDLE ThreadId, _In_ BOOLEAN Create); #define IMAGE_ADDRESSING_MODE_32BIT 3 typedef struct _IMAGE_INFO { _ANONYMOUS_UNION union { ULONG Properties; _ANONYMOUS_STRUCT struct { ULONG ImageAddressingMode:8; ULONG SystemModeImage:1; ULONG ImageMappedToAllPids:1; ULONG ExtendedInfoPresent:1; ULONG Reserved:21; } DUMMYSTRUCTNAME; } DUMMYUNIONNAME; PVOID ImageBase; ULONG ImageSelector; SIZE_T ImageSize; ULONG ImageSectionNumber; } IMAGE_INFO, *PIMAGE_INFO; typedef struct _IMAGE_INFO_EX { SIZE_T Size; IMAGE_INFO ImageInfo; struct _FILE_OBJECT *FileObject; } IMAGE_INFO_EX, *PIMAGE_INFO_EX; typedef VOID (NTAPI *PLOAD_IMAGE_NOTIFY_ROUTINE)( _In_ PUNICODE_STRING FullImageName, _In_ HANDLE ProcessId, _In_ PIMAGE_INFO ImageInfo); #define THREAD_CSWITCH_PMU_DISABLE FALSE #define THREAD_CSWITCH_PMU_ENABLE TRUE #define PROCESS_LUID_DOSDEVICES_ONLY 0x00000001 #define PROCESS_HANDLE_TRACING_MAX_STACKS 16 typedef enum _PROCESSINFOCLASS { ProcessBasicInformation, ProcessQuotaLimits, ProcessIoCounters, ProcessVmCounters, ProcessTimes, ProcessBasePriority, ProcessRaisePriority, ProcessDebugPort, ProcessExceptionPort, ProcessAccessToken, ProcessLdtInformation, ProcessLdtSize, ProcessDefaultHardErrorMode, ProcessIoPortHandlers, ProcessPooledUsageAndLimits, ProcessWorkingSetWatch, ProcessUserModeIOPL, ProcessEnableAlignmentFaultFixup, ProcessPriorityClass, ProcessWx86Information, ProcessHandleCount, ProcessAffinityMask, ProcessPriorityBoost, ProcessDeviceMap, ProcessSessionInformation, ProcessForegroundInformation, ProcessWow64Information, ProcessImageFileName, ProcessLUIDDeviceMapsEnabled, ProcessBreakOnTermination, ProcessDebugObjectHandle, ProcessDebugFlags, ProcessHandleTracing, ProcessIoPriority, ProcessExecuteFlags, ProcessTlsInformation, ProcessCookie, ProcessImageInformation, ProcessCycleTime, ProcessPagePriority, ProcessInstrumentationCallback, ProcessThreadStackAllocation, ProcessWorkingSetWatchEx, ProcessImageFileNameWin32, ProcessImageFileMapping, ProcessAffinityUpdateMode, ProcessMemoryAllocationMode, ProcessGroupInformation, ProcessTokenVirtualizationEnabled, ProcessConsoleHostProcess, ProcessWindowInformation, MaxProcessInfoClass } PROCESSINFOCLASS; typedef enum _THREADINFOCLASS { ThreadBasicInformation, ThreadTimes, ThreadPriority, ThreadBasePriority, ThreadAffinityMask, ThreadImpersonationToken, ThreadDescriptorTableEntry, ThreadEnableAlignmentFaultFixup, ThreadEventPair_Reusable, ThreadQuerySetWin32StartAddress, ThreadZeroTlsCell, ThreadPerformanceCount, ThreadAmILastThread, ThreadIdealProcessor, ThreadPriorityBoost, ThreadSetTlsArrayAddress, ThreadIsIoPending, ThreadHideFromDebugger, ThreadBreakOnTermination, ThreadSwitchLegacyState, ThreadIsTerminated, ThreadLastSystemCall, ThreadIoPriority, ThreadCycleTime, ThreadPagePriority, ThreadActualBasePriority, ThreadTebInformation, ThreadCSwitchMon, ThreadCSwitchPmu, ThreadWow64Context, ThreadGroupInformation, ThreadUmsInformation, ThreadCounterProfiling, ThreadIdealProcessorEx, MaxThreadInfoClass } THREADINFOCLASS; typedef struct _PAGE_PRIORITY_INFORMATION { ULONG PagePriority; } PAGE_PRIORITY_INFORMATION, *PPAGE_PRIORITY_INFORMATION; typedef struct _PROCESS_WS_WATCH_INFORMATION { PVOID FaultingPc; PVOID FaultingVa; } PROCESS_WS_WATCH_INFORMATION, *PPROCESS_WS_WATCH_INFORMATION; typedef struct _PROCESS_BASIC_INFORMATION { NTSTATUS ExitStatus; struct _PEB *PebBaseAddress; ULONG_PTR AffinityMask; KPRIORITY BasePriority; ULONG_PTR UniqueProcessId; ULONG_PTR InheritedFromUniqueProcessId; } PROCESS_BASIC_INFORMATION,*PPROCESS_BASIC_INFORMATION; typedef struct _PROCESS_EXTENDED_BASIC_INFORMATION { SIZE_T Size; PROCESS_BASIC_INFORMATION BasicInfo; _ANONYMOUS_UNION union { ULONG Flags; _ANONYMOUS_STRUCT struct { ULONG IsProtectedProcess:1; ULONG IsWow64Process:1; ULONG IsProcessDeleting:1; ULONG IsCrossSessionCreate:1; ULONG SpareBits:28; } DUMMYSTRUCTNAME; } DUMMYUNIONNAME; } PROCESS_EXTENDED_BASIC_INFORMATION, *PPROCESS_EXTENDED_BASIC_INFORMATION; typedef struct _PROCESS_DEVICEMAP_INFORMATION { _ANONYMOUS_UNION union { struct { HANDLE DirectoryHandle; } Set; struct { ULONG DriveMap; UCHAR DriveType[32]; } Query; } DUMMYUNIONNAME; } PROCESS_DEVICEMAP_INFORMATION, *PPROCESS_DEVICEMAP_INFORMATION; typedef struct _PROCESS_DEVICEMAP_INFORMATION_EX { _ANONYMOUS_UNION union { struct { HANDLE DirectoryHandle; } Set; struct { ULONG DriveMap; UCHAR DriveType[32]; } Query; } DUMMYUNIONNAME; ULONG Flags; } PROCESS_DEVICEMAP_INFORMATION_EX, *PPROCESS_DEVICEMAP_INFORMATION_EX; typedef struct _PROCESS_SESSION_INFORMATION { ULONG SessionId; } PROCESS_SESSION_INFORMATION, *PPROCESS_SESSION_INFORMATION; typedef struct _PROCESS_HANDLE_TRACING_ENABLE { ULONG Flags; } PROCESS_HANDLE_TRACING_ENABLE, *PPROCESS_HANDLE_TRACING_ENABLE; typedef struct _PROCESS_HANDLE_TRACING_ENABLE_EX { ULONG Flags; ULONG TotalSlots; } PROCESS_HANDLE_TRACING_ENABLE_EX, *PPROCESS_HANDLE_TRACING_ENABLE_EX; typedef struct _PROCESS_HANDLE_TRACING_ENTRY { HANDLE Handle; CLIENT_ID ClientId; ULONG Type; PVOID Stacks[PROCESS_HANDLE_TRACING_MAX_STACKS]; } PROCESS_HANDLE_TRACING_ENTRY, *PPROCESS_HANDLE_TRACING_ENTRY; typedef struct _PROCESS_HANDLE_TRACING_QUERY { HANDLE Handle; ULONG TotalTraces; PROCESS_HANDLE_TRACING_ENTRY HandleTrace[1]; } PROCESS_HANDLE_TRACING_QUERY, *PPROCESS_HANDLE_TRACING_QUERY; extern NTKERNELAPI PEPROCESS PsInitialSystemProcess; $endif (_NTDDK_)