mirror of
https://github.com/reactos/reactos.git
synced 2024-10-29 19:13:58 +00:00
9ed2e0b5bc
svn path=/branches/condrv_restructure/; revision=63744
1438 lines
37 KiB
C
1438 lines
37 KiB
C
/*++ NDK Version: 0098
|
|
|
|
Copyright (c) Alex Ionescu. All rights reserved.
|
|
|
|
Header Name:
|
|
|
|
pstypes.h
|
|
|
|
Abstract:
|
|
|
|
Type definitions for the Process Manager
|
|
|
|
Author:
|
|
|
|
Alex Ionescu (alexi@tinykrnl.org) - Updated - 27-Feb-2006
|
|
|
|
--*/
|
|
|
|
#ifndef _PSTYPES_H
|
|
#define _PSTYPES_H
|
|
|
|
//
|
|
// Dependencies
|
|
//
|
|
#include <umtypes.h>
|
|
#include <ldrtypes.h>
|
|
#include <mmtypes.h>
|
|
#include <obtypes.h>
|
|
#include <rtltypes.h>
|
|
#ifndef NTOS_MODE_USER
|
|
#include <extypes.h>
|
|
#include <setypes.h>
|
|
#endif
|
|
|
|
#ifdef __cplusplus
|
|
extern "C" {
|
|
#endif
|
|
|
|
#ifndef NTOS_MODE_USER
|
|
|
|
//
|
|
// Kernel Exported Object Types
|
|
//
|
|
extern POBJECT_TYPE NTSYSAPI PsJobType;
|
|
|
|
#endif // !NTOS_MODE_USER
|
|
|
|
//
|
|
// KUSER_SHARED_DATA location in User Mode
|
|
//
|
|
#define USER_SHARED_DATA (0x7FFE0000)
|
|
|
|
//
|
|
// Global Flags
|
|
//
|
|
#define FLG_STOP_ON_EXCEPTION 0x00000001
|
|
#define FLG_SHOW_LDR_SNAPS 0x00000002
|
|
#define FLG_DEBUG_INITIAL_COMMAND 0x00000004
|
|
#define FLG_STOP_ON_HUNG_GUI 0x00000008
|
|
#define FLG_HEAP_ENABLE_TAIL_CHECK 0x00000010
|
|
#define FLG_HEAP_ENABLE_FREE_CHECK 0x00000020
|
|
#define FLG_HEAP_VALIDATE_PARAMETERS 0x00000040
|
|
#define FLG_HEAP_VALIDATE_ALL 0x00000080
|
|
#define FLG_POOL_ENABLE_TAIL_CHECK 0x00000100
|
|
#define FLG_POOL_ENABLE_FREE_CHECK 0x00000200
|
|
#define FLG_POOL_ENABLE_TAGGING 0x00000400
|
|
#define FLG_HEAP_ENABLE_TAGGING 0x00000800
|
|
#define FLG_USER_STACK_TRACE_DB 0x00001000
|
|
#define FLG_KERNEL_STACK_TRACE_DB 0x00002000
|
|
#define FLG_MAINTAIN_OBJECT_TYPELIST 0x00004000
|
|
#define FLG_HEAP_ENABLE_TAG_BY_DLL 0x00008000
|
|
#define FLG_DISABLE_STACK_EXTENSION 0x00010000
|
|
#define FLG_ENABLE_CSRDEBUG 0x00020000
|
|
#define FLG_ENABLE_KDEBUG_SYMBOL_LOAD 0x00040000
|
|
#define FLG_DISABLE_PAGE_KERNEL_STACKS 0x00080000
|
|
#if (NTDDI_VERSION < NTDDI_WINXP)
|
|
#define FLG_HEAP_ENABLE_CALL_TRACING 0x00100000
|
|
#else
|
|
#define FLG_ENABLE_SYSTEM_CRIT_BREAKS 0x00100000
|
|
#endif
|
|
#define FLG_HEAP_DISABLE_COALESCING 0x00200000
|
|
#define FLG_ENABLE_CLOSE_EXCEPTIONS 0x00400000
|
|
#define FLG_ENABLE_EXCEPTION_LOGGING 0x00800000
|
|
#define FLG_ENABLE_HANDLE_TYPE_TAGGING 0x01000000
|
|
#define FLG_HEAP_PAGE_ALLOCS 0x02000000
|
|
#define FLG_DEBUG_INITIAL_COMMAND_EX 0x04000000
|
|
#define FLG_VALID_BITS 0x07FFFFFF
|
|
|
|
//
|
|
// Flags for NtCreateProcessEx
|
|
//
|
|
#define PROCESS_CREATE_FLAGS_BREAKAWAY 0x00000001
|
|
#define PROCESS_CREATE_FLAGS_NO_DEBUG_INHERIT 0x00000002
|
|
#define PROCESS_CREATE_FLAGS_INHERIT_HANDLES 0x00000004
|
|
#define PROCESS_CREATE_FLAGS_OVERRIDE_ADDRESS_SPACE 0x00000008
|
|
#define PROCESS_CREATE_FLAGS_LARGE_PAGES 0x00000010
|
|
#define PROCESS_CREATE_FLAGS_ALL_LARGE_PAGE_FLAGS PROCESS_CREATE_FLAGS_LARGE_PAGES
|
|
#define PROCESS_CREATE_FLAGS_LEGAL_MASK (PROCESS_CREATE_FLAGS_BREAKAWAY | \
|
|
PROCESS_CREATE_FLAGS_NO_DEBUG_INHERIT | \
|
|
PROCESS_CREATE_FLAGS_INHERIT_HANDLES | \
|
|
PROCESS_CREATE_FLAGS_OVERRIDE_ADDRESS_SPACE | \
|
|
PROCESS_CREATE_FLAGS_ALL_LARGE_PAGE_FLAGS)
|
|
|
|
//
|
|
// Process priority classes
|
|
//
|
|
#define PROCESS_PRIORITY_CLASS_INVALID 0
|
|
#define PROCESS_PRIORITY_CLASS_IDLE 1
|
|
#define PROCESS_PRIORITY_CLASS_NORMAL 2
|
|
#define PROCESS_PRIORITY_CLASS_HIGH 3
|
|
#define PROCESS_PRIORITY_CLASS_REALTIME 4
|
|
#define PROCESS_PRIORITY_CLASS_BELOW_NORMAL 5
|
|
#define PROCESS_PRIORITY_CLASS_ABOVE_NORMAL 6
|
|
|
|
//
|
|
// Process base priorities
|
|
//
|
|
#define PROCESS_PRIORITY_IDLE 3
|
|
#define PROCESS_PRIORITY_NORMAL 8
|
|
#define PROCESS_PRIORITY_NORMAL_FOREGROUND 9
|
|
|
|
//
|
|
// Process memory priorities
|
|
//
|
|
#define MEMORY_PRIORITY_BACKGROUND 0
|
|
#define MEMORY_PRIORITY_UNKNOWN 1
|
|
#define MEMORY_PRIORITY_FOREGROUND 2
|
|
|
|
//
|
|
// Process Priority Separation Values (OR)
|
|
//
|
|
#define PSP_VARIABLE_QUANTUMS 4
|
|
#define PSP_LONG_QUANTUMS 16
|
|
|
|
#ifndef NTOS_MODE_USER
|
|
//
|
|
// Thread Access Types
|
|
//
|
|
#define THREAD_QUERY_INFORMATION 0x0040
|
|
#define THREAD_SET_THREAD_TOKEN 0x0080
|
|
#define THREAD_IMPERSONATE 0x0100
|
|
#define THREAD_DIRECT_IMPERSONATION 0x0200
|
|
|
|
//
|
|
// Process Access Types
|
|
//
|
|
#define PROCESS_TERMINATE 0x0001
|
|
#define PROCESS_CREATE_THREAD 0x0002
|
|
#define PROCESS_SET_SESSIONID 0x0004
|
|
#define PROCESS_VM_OPERATION 0x0008
|
|
#define PROCESS_VM_READ 0x0010
|
|
#define PROCESS_VM_WRITE 0x0020
|
|
#define PROCESS_CREATE_PROCESS 0x0080
|
|
#define PROCESS_SET_QUOTA 0x0100
|
|
#define PROCESS_SET_INFORMATION 0x0200
|
|
#define PROCESS_QUERY_INFORMATION 0x0400
|
|
#define PROCESS_SUSPEND_RESUME 0x0800
|
|
#define PROCESS_QUERY_LIMITED_INFORMATION 0x1000
|
|
#if (NTDDI_VERSION >= NTDDI_LONGHORN)
|
|
#define PROCESS_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | \
|
|
SYNCHRONIZE | \
|
|
0xFFFF)
|
|
#else
|
|
#define PROCESS_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | \
|
|
SYNCHRONIZE | \
|
|
0xFFF)
|
|
#endif
|
|
|
|
//
|
|
// Thread Base Priorities
|
|
//
|
|
#define THREAD_BASE_PRIORITY_LOWRT 15
|
|
#define THREAD_BASE_PRIORITY_MAX 2
|
|
#define THREAD_BASE_PRIORITY_MIN -2
|
|
#define THREAD_BASE_PRIORITY_IDLE -15
|
|
|
|
//
|
|
// TLS Slots
|
|
//
|
|
#define TLS_MINIMUM_AVAILABLE 64
|
|
|
|
//
|
|
// Job Access Types
|
|
//
|
|
#define JOB_OBJECT_ASSIGN_PROCESS 0x1
|
|
#define JOB_OBJECT_SET_ATTRIBUTES 0x2
|
|
#define JOB_OBJECT_QUERY 0x4
|
|
#define JOB_OBJECT_TERMINATE 0x8
|
|
#define JOB_OBJECT_SET_SECURITY_ATTRIBUTES 0x10
|
|
#define JOB_OBJECT_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | \
|
|
SYNCHRONIZE | \
|
|
31)
|
|
|
|
//
|
|
// Job Limit Flags
|
|
//
|
|
#define JOB_OBJECT_LIMIT_WORKINGSET 0x1
|
|
#define JOB_OBJECT_LIMIT_PROCESS_TIME 0x2
|
|
#define JOB_OBJECT_LIMIT_JOB_TIME 0x4
|
|
#define JOB_OBJECT_LIMIT_ACTIVE_PROCESS 0x8
|
|
#define JOB_OBJECT_LIMIT_AFFINITY 0x10
|
|
#define JOB_OBJECT_LIMIT_PRIORITY_CLASS 0x20
|
|
#define JOB_OBJECT_LIMIT_PRESERVE_JOB_TIME 0x40
|
|
#define JOB_OBJECT_LIMIT_SCHEDULING_CLASS 0x80
|
|
#define JOB_OBJECT_LIMIT_PROCESS_MEMORY 0x100
|
|
#define JOB_OBJECT_LIMIT_JOB_MEMORY 0x200
|
|
#define JOB_OBJECT_LIMIT_DIE_ON_UNHANDLED_EXCEPTION 0x400
|
|
#define JOB_OBJECT_LIMIT_BREAKAWAY_OK 0x800
|
|
#define JOB_OBJECT_LIMIT_SILENT_BREAKAWAY_OK 0x1000
|
|
#define JOB_OBJECT_LIMIT_KILL_ON_JOB_CLOSE 0x2000
|
|
|
|
//
|
|
// Cross Thread Flags
|
|
//
|
|
#define CT_TERMINATED_BIT 0x1
|
|
#define CT_DEAD_THREAD_BIT 0x2
|
|
#define CT_HIDE_FROM_DEBUGGER_BIT 0x4
|
|
#define CT_ACTIVE_IMPERSONATION_INFO_BIT 0x8
|
|
#define CT_SYSTEM_THREAD_BIT 0x10
|
|
#define CT_HARD_ERRORS_ARE_DISABLED_BIT 0x20
|
|
#define CT_BREAK_ON_TERMINATION_BIT 0x40
|
|
#define CT_SKIP_CREATION_MSG_BIT 0x80
|
|
#define CT_SKIP_TERMINATION_MSG_BIT 0x100
|
|
|
|
//
|
|
// Same Thread Passive Flags
|
|
//
|
|
#define STP_ACTIVE_EX_WORKER_BIT 0x1
|
|
#define STP_EX_WORKER_CAN_WAIT_USER_BIT 0x2
|
|
#define STP_MEMORY_MAKER_BIT 0x4
|
|
#define STP_KEYED_EVENT_IN_USE_BIT 0x8
|
|
|
|
//
|
|
// Same Thread APC Flags
|
|
//
|
|
#define STA_LPC_RECEIVED_MSG_ID_VALID_BIT 0x1
|
|
#define STA_LPC_EXIT_THREAD_CALLED_BIT 0x2
|
|
#define STA_ADDRESS_SPACE_OWNER_BIT 0x4
|
|
#define STA_OWNS_WORKING_SET_BITS 0x1F8
|
|
|
|
//
|
|
// Kernel Process flags (maybe in ketypes.h?)
|
|
//
|
|
#define KPSF_AUTO_ALIGNMENT_BIT 0
|
|
#define KPSF_DISABLE_BOOST_BIT 1
|
|
|
|
//
|
|
// Process Flags
|
|
//
|
|
#define PSF_CREATE_REPORTED_BIT 0x1
|
|
#define PSF_NO_DEBUG_INHERIT_BIT 0x2
|
|
#define PSF_PROCESS_EXITING_BIT 0x4
|
|
#define PSF_PROCESS_DELETE_BIT 0x8
|
|
#define PSF_WOW64_SPLIT_PAGES_BIT 0x10
|
|
#define PSF_VM_DELETED_BIT 0x20
|
|
#define PSF_OUTSWAP_ENABLED_BIT 0x40
|
|
#define PSF_OUTSWAPPED_BIT 0x80
|
|
#define PSF_FORK_FAILED_BIT 0x100
|
|
#define PSF_WOW64_VA_SPACE_4GB_BIT 0x200
|
|
#define PSF_ADDRESS_SPACE_INITIALIZED_BIT 0x400
|
|
#define PSF_SET_TIMER_RESOLUTION_BIT 0x1000
|
|
#define PSF_BREAK_ON_TERMINATION_BIT 0x2000
|
|
#define PSF_SESSION_CREATION_UNDERWAY_BIT 0x4000
|
|
#define PSF_WRITE_WATCH_BIT 0x8000
|
|
#define PSF_PROCESS_IN_SESSION_BIT 0x10000
|
|
#define PSF_OVERRIDE_ADDRESS_SPACE_BIT 0x20000
|
|
#define PSF_HAS_ADDRESS_SPACE_BIT 0x40000
|
|
#define PSF_LAUNCH_PREFETCHED_BIT 0x80000
|
|
#define PSF_INJECT_INPAGE_ERRORS_BIT 0x100000
|
|
#define PSF_VM_TOP_DOWN_BIT 0x200000
|
|
#define PSF_IMAGE_NOTIFY_DONE_BIT 0x400000
|
|
#define PSF_PDE_UPDATE_NEEDED_BIT 0x800000
|
|
#define PSF_VDM_ALLOWED_BIT 0x1000000
|
|
#define PSF_SWAP_ALLOWED_BIT 0x2000000
|
|
#define PSF_CREATE_FAILED_BIT 0x4000000
|
|
#define PSF_DEFAULT_IO_PRIORITY_BIT 0x8000000
|
|
|
|
//
|
|
// Vista Process Flags
|
|
//
|
|
#define PSF2_PROTECTED_BIT 0x800
|
|
#endif
|
|
|
|
//
|
|
// TLS/FLS Defines
|
|
//
|
|
#define TLS_EXPANSION_SLOTS 1024
|
|
|
|
#ifdef NTOS_MODE_USER
|
|
//
|
|
// Thread Native Base Priorities
|
|
//
|
|
#define LOW_PRIORITY 0
|
|
#define LOW_REALTIME_PRIORITY 16
|
|
#define HIGH_PRIORITY 31
|
|
#define MAXIMUM_PRIORITY 32
|
|
|
|
//
|
|
// Current Process/Thread built-in 'special' handles
|
|
//
|
|
#define NtCurrentProcess() ((HANDLE)(LONG_PTR)-1)
|
|
#define ZwCurrentProcess() NtCurrentProcess()
|
|
#define NtCurrentThread() ((HANDLE)(LONG_PTR)-2)
|
|
#define ZwCurrentThread() NtCurrentThread()
|
|
|
|
//
|
|
// Process/Thread/Job Information Classes for NtQueryInformationProcess/Thread/Job
|
|
//
|
|
typedef enum _PROCESSINFOCLASS
|
|
{
|
|
ProcessBasicInformation,
|
|
ProcessQuotaLimits,
|
|
ProcessIoCounters,
|
|
ProcessVmCounters,
|
|
ProcessTimes,
|
|
ProcessBasePriority,
|
|
ProcessRaisePriority,
|
|
ProcessDebugPort,
|
|
ProcessExceptionPort,
|
|
ProcessAccessToken,
|
|
ProcessLdtInformation,
|
|
ProcessLdtSize,
|
|
ProcessDefaultHardErrorMode,
|
|
ProcessIoPortHandlers,
|
|
ProcessPooledUsageAndLimits,
|
|
ProcessWorkingSetWatch,
|
|
ProcessUserModeIOPL,
|
|
ProcessEnableAlignmentFaultFixup,
|
|
ProcessPriorityClass,
|
|
ProcessWx86Information,
|
|
ProcessHandleCount,
|
|
ProcessAffinityMask,
|
|
ProcessPriorityBoost,
|
|
ProcessDeviceMap,
|
|
ProcessSessionInformation,
|
|
ProcessForegroundInformation,
|
|
ProcessWow64Information,
|
|
ProcessImageFileName,
|
|
ProcessLUIDDeviceMapsEnabled,
|
|
ProcessBreakOnTermination,
|
|
ProcessDebugObjectHandle,
|
|
ProcessDebugFlags,
|
|
ProcessHandleTracing,
|
|
ProcessIoPriority,
|
|
ProcessExecuteFlags,
|
|
ProcessTlsInformation,
|
|
ProcessCookie,
|
|
ProcessImageInformation,
|
|
ProcessCycleTime,
|
|
ProcessPagePriority,
|
|
ProcessInstrumentationCallback,
|
|
ProcessThreadStackAllocation,
|
|
ProcessWorkingSetWatchEx,
|
|
ProcessImageFileNameWin32,
|
|
ProcessImageFileMapping,
|
|
ProcessAffinityUpdateMode,
|
|
ProcessMemoryAllocationMode,
|
|
MaxProcessInfoClass
|
|
} PROCESSINFOCLASS;
|
|
|
|
typedef enum _THREADINFOCLASS
|
|
{
|
|
ThreadBasicInformation,
|
|
ThreadTimes,
|
|
ThreadPriority,
|
|
ThreadBasePriority,
|
|
ThreadAffinityMask,
|
|
ThreadImpersonationToken,
|
|
ThreadDescriptorTableEntry,
|
|
ThreadEnableAlignmentFaultFixup,
|
|
ThreadEventPair_Reusable,
|
|
ThreadQuerySetWin32StartAddress,
|
|
ThreadZeroTlsCell,
|
|
ThreadPerformanceCount,
|
|
ThreadAmILastThread,
|
|
ThreadIdealProcessor,
|
|
ThreadPriorityBoost,
|
|
ThreadSetTlsArrayAddress,
|
|
ThreadIsIoPending,
|
|
ThreadHideFromDebugger,
|
|
ThreadBreakOnTermination,
|
|
ThreadSwitchLegacyState,
|
|
ThreadIsTerminated,
|
|
ThreadLastSystemCall,
|
|
ThreadIoPriority,
|
|
ThreadCycleTime,
|
|
ThreadPagePriority,
|
|
ThreadActualBasePriority,
|
|
ThreadTebInformation,
|
|
ThreadCSwitchMon,
|
|
MaxThreadInfoClass
|
|
} THREADINFOCLASS;
|
|
|
|
#else
|
|
|
|
typedef enum _PSPROCESSPRIORITYMODE
|
|
{
|
|
PsProcessPriorityForeground,
|
|
PsProcessPriorityBackground,
|
|
PsProcessPrioritySpinning
|
|
} PSPROCESSPRIORITYMODE;
|
|
|
|
typedef enum _JOBOBJECTINFOCLASS
|
|
{
|
|
JobObjectBasicAccountingInformation = 1,
|
|
JobObjectBasicLimitInformation,
|
|
JobObjectBasicProcessIdList,
|
|
JobObjectBasicUIRestrictions,
|
|
JobObjectSecurityLimitInformation,
|
|
JobObjectEndOfJobTimeInformation,
|
|
JobObjectAssociateCompletionPortInformation,
|
|
JobObjectBasicAndIoAccountingInformation,
|
|
JobObjectExtendedLimitInformation,
|
|
JobObjectJobSetInformation,
|
|
MaxJobObjectInfoClass
|
|
} JOBOBJECTINFOCLASS;
|
|
|
|
//
|
|
// Power Event Events for Win32K Power Event Callback
|
|
//
|
|
typedef enum _PSPOWEREVENTTYPE
|
|
{
|
|
PsW32FullWake = 0,
|
|
PsW32EventCode = 1,
|
|
PsW32PowerPolicyChanged = 2,
|
|
PsW32SystemPowerState = 3,
|
|
PsW32SystemTime = 4,
|
|
PsW32DisplayState = 5,
|
|
PsW32CapabilitiesChanged = 6,
|
|
PsW32SetStateFailed = 7,
|
|
PsW32GdiOff = 8,
|
|
PsW32GdiOn = 9,
|
|
PsW32GdiPrepareResumeUI = 10,
|
|
PsW32GdiOffRequest = 11,
|
|
PsW32MonitorOff = 12,
|
|
} PSPOWEREVENTTYPE;
|
|
|
|
//
|
|
// Power State Tasks for Win32K Power State Callback
|
|
//
|
|
typedef enum _POWERSTATETASK
|
|
{
|
|
PowerState_BlockSessionSwitch = 0,
|
|
PowerState_Init = 1,
|
|
PowerState_QueryApps = 2,
|
|
PowerState_QueryServices = 3,
|
|
PowerState_QueryAppsFailed = 4,
|
|
PowerState_QueryServicesFailed = 5,
|
|
PowerState_SuspendApps = 6,
|
|
PowerState_SuspendServices = 7,
|
|
PowerState_ShowUI = 8,
|
|
PowerState_NotifyWL = 9,
|
|
PowerState_ResumeApps = 10,
|
|
PowerState_ResumeServices = 11,
|
|
PowerState_UnBlockSessionSwitch = 12,
|
|
PowerState_End = 13,
|
|
PowerState_BlockInput = 14,
|
|
PowerState_UnblockInput = 15,
|
|
} POWERSTATETASK;
|
|
|
|
//
|
|
// Win32K Job Callback Types
|
|
//
|
|
typedef enum _PSW32JOBCALLOUTTYPE
|
|
{
|
|
PsW32JobCalloutSetInformation = 0,
|
|
PsW32JobCalloutAddProcess = 1,
|
|
PsW32JobCalloutTerminate = 2,
|
|
} PSW32JOBCALLOUTTYPE;
|
|
|
|
//
|
|
// Win32K Thread Callback Types
|
|
//
|
|
typedef enum _PSW32THREADCALLOUTTYPE
|
|
{
|
|
PsW32ThreadCalloutInitialize,
|
|
PsW32ThreadCalloutExit,
|
|
} PSW32THREADCALLOUTTYPE;
|
|
|
|
//
|
|
// Declare empty structure definitions so that they may be referenced by
|
|
// routines before they are defined
|
|
//
|
|
struct _W32THREAD;
|
|
struct _W32PROCESS;
|
|
//struct _ETHREAD;
|
|
struct _WIN32_POWEREVENT_PARAMETERS;
|
|
struct _WIN32_POWERSTATE_PARAMETERS;
|
|
struct _WIN32_JOBCALLOUT_PARAMETERS;
|
|
struct _WIN32_OPENMETHOD_PARAMETERS;
|
|
struct _WIN32_OKAYTOCLOSEMETHOD_PARAMETERS;
|
|
struct _WIN32_CLOSEMETHOD_PARAMETERS;
|
|
struct _WIN32_DELETEMETHOD_PARAMETERS;
|
|
struct _WIN32_PARSEMETHOD_PARAMETERS;
|
|
|
|
//
|
|
// Win32K Process and Thread Callbacks
|
|
//
|
|
typedef
|
|
NTSTATUS
|
|
(NTAPI *PKWIN32_PROCESS_CALLOUT)(
|
|
_In_ struct _EPROCESS *Process,
|
|
_In_ BOOLEAN Create
|
|
);
|
|
|
|
typedef
|
|
NTSTATUS
|
|
(NTAPI *PKWIN32_THREAD_CALLOUT)(
|
|
_In_ struct _ETHREAD *Thread,
|
|
_In_ PSW32THREADCALLOUTTYPE Type
|
|
);
|
|
|
|
typedef
|
|
NTSTATUS
|
|
(NTAPI *PKWIN32_GLOBALATOMTABLE_CALLOUT)(
|
|
VOID
|
|
);
|
|
|
|
typedef
|
|
NTSTATUS
|
|
(NTAPI *PKWIN32_POWEREVENT_CALLOUT)(
|
|
_In_ struct _WIN32_POWEREVENT_PARAMETERS *Parameters
|
|
);
|
|
|
|
typedef
|
|
NTSTATUS
|
|
(NTAPI *PKWIN32_POWERSTATE_CALLOUT)(
|
|
_In_ struct _WIN32_POWERSTATE_PARAMETERS *Parameters
|
|
);
|
|
|
|
typedef
|
|
NTSTATUS
|
|
(NTAPI *PKWIN32_JOB_CALLOUT)(
|
|
_In_ struct _WIN32_JOBCALLOUT_PARAMETERS *Parameters
|
|
);
|
|
|
|
typedef
|
|
NTSTATUS
|
|
(NTAPI *PGDI_BATCHFLUSH_ROUTINE)(
|
|
VOID
|
|
);
|
|
|
|
typedef
|
|
NTSTATUS
|
|
(NTAPI *PKWIN32_OPENMETHOD_CALLOUT)(
|
|
_In_ struct _WIN32_OPENMETHOD_PARAMETERS *Parameters
|
|
);
|
|
|
|
typedef
|
|
NTSTATUS
|
|
(NTAPI *PKWIN32_OKTOCLOSEMETHOD_CALLOUT)(
|
|
_In_ struct _WIN32_OKAYTOCLOSEMETHOD_PARAMETERS *Parameters
|
|
);
|
|
|
|
typedef
|
|
NTSTATUS
|
|
(NTAPI *PKWIN32_CLOSEMETHOD_CALLOUT)(
|
|
_In_ struct _WIN32_CLOSEMETHOD_PARAMETERS *Parameters
|
|
);
|
|
|
|
typedef
|
|
NTSTATUS
|
|
(NTAPI *PKWIN32_DELETEMETHOD_CALLOUT)(
|
|
_In_ struct _WIN32_DELETEMETHOD_PARAMETERS *Parameters
|
|
);
|
|
|
|
typedef
|
|
NTSTATUS
|
|
(NTAPI *PKWIN32_PARSEMETHOD_CALLOUT)(
|
|
_In_ struct _WIN32_PARSEMETHOD_PARAMETERS *Parameters
|
|
);
|
|
|
|
typedef
|
|
NTSTATUS
|
|
(NTAPI *PKWIN32_SESSION_CALLOUT)(
|
|
_In_ PVOID Parameter
|
|
);
|
|
|
|
#if (NTDDI_VERSION >= NTDDI_LONGHORN)
|
|
typedef
|
|
NTSTATUS
|
|
(NTAPI *PKWIN32_WIN32DATACOLLECTION_CALLOUT)(
|
|
_In_ struct _EPROCESS *Process,
|
|
_In_ PVOID Callback,
|
|
_In_ PVOID Context
|
|
);
|
|
#endif
|
|
|
|
//
|
|
// Lego Callback
|
|
//
|
|
typedef
|
|
VOID
|
|
(NTAPI *PLEGO_NOTIFY_ROUTINE)(
|
|
_In_ PKTHREAD Thread
|
|
);
|
|
|
|
#endif
|
|
|
|
typedef NTSTATUS
|
|
(NTAPI *PPOST_PROCESS_INIT_ROUTINE)(
|
|
VOID
|
|
);
|
|
|
|
//
|
|
// Descriptor Table Entry Definition
|
|
//
|
|
#if (_M_IX86)
|
|
#define _DESCRIPTOR_TABLE_ENTRY_DEFINED
|
|
typedef struct _DESCRIPTOR_TABLE_ENTRY
|
|
{
|
|
ULONG Selector;
|
|
LDT_ENTRY Descriptor;
|
|
} DESCRIPTOR_TABLE_ENTRY, *PDESCRIPTOR_TABLE_ENTRY;
|
|
#endif
|
|
|
|
//
|
|
// PEB Lock Routine
|
|
//
|
|
typedef VOID
|
|
(NTAPI *PPEBLOCKROUTINE)(
|
|
PVOID PebLock
|
|
);
|
|
|
|
//
|
|
// PEB Free Block Descriptor
|
|
//
|
|
typedef struct _PEB_FREE_BLOCK
|
|
{
|
|
struct _PEB_FREE_BLOCK* Next;
|
|
ULONG Size;
|
|
} PEB_FREE_BLOCK, *PPEB_FREE_BLOCK;
|
|
|
|
//
|
|
// Initial PEB
|
|
//
|
|
typedef struct _INITIAL_PEB
|
|
{
|
|
BOOLEAN InheritedAddressSpace;
|
|
BOOLEAN ReadImageFileExecOptions;
|
|
BOOLEAN BeingDebugged;
|
|
union
|
|
{
|
|
BOOLEAN BitField;
|
|
#if (NTDDI_VERSION >= NTDDI_WS03)
|
|
struct
|
|
{
|
|
BOOLEAN ImageUsesLargePages:1;
|
|
#if (NTDDI_VERSION >= NTDDI_LONGHORN)
|
|
BOOLEAN IsProtectedProcess:1;
|
|
BOOLEAN IsLegacyProcess:1;
|
|
BOOLEAN SpareBits:5;
|
|
#else
|
|
BOOLEAN SpareBits:7;
|
|
#endif
|
|
};
|
|
#else
|
|
BOOLEAN SpareBool;
|
|
#endif
|
|
};
|
|
HANDLE Mutant;
|
|
} INITIAL_PEB, *PINITIAL_PEB;
|
|
|
|
//
|
|
// Initial TEB
|
|
//
|
|
typedef struct _INITIAL_TEB
|
|
{
|
|
PVOID PreviousStackBase;
|
|
PVOID PreviousStackLimit;
|
|
PVOID StackBase;
|
|
PVOID StackLimit;
|
|
PVOID AllocatedStackBase;
|
|
} INITIAL_TEB, *PINITIAL_TEB;
|
|
|
|
//
|
|
// TEB Active Frame Structures
|
|
//
|
|
typedef struct _TEB_ACTIVE_FRAME_CONTEXT
|
|
{
|
|
ULONG Flags;
|
|
LPSTR FrameName;
|
|
} TEB_ACTIVE_FRAME_CONTEXT, *PTEB_ACTIVE_FRAME_CONTEXT;
|
|
|
|
typedef struct _TEB_ACTIVE_FRAME
|
|
{
|
|
ULONG Flags;
|
|
struct _TEB_ACTIVE_FRAME *Previous;
|
|
PTEB_ACTIVE_FRAME_CONTEXT Context;
|
|
} TEB_ACTIVE_FRAME, *PTEB_ACTIVE_FRAME;
|
|
|
|
typedef struct _CLIENT_ID32
|
|
{
|
|
ULONG UniqueProcess;
|
|
ULONG UniqueThread;
|
|
} CLIENT_ID32, *PCLIENT_ID32;
|
|
|
|
typedef struct _CLIENT_ID64
|
|
{
|
|
ULONG64 UniqueProcess;
|
|
ULONG64 UniqueThread;
|
|
} CLIENT_ID64, *PCLIENT_ID64;
|
|
|
|
#if (NTDDI_VERSION < NTDDI_WS03)
|
|
typedef struct _Wx86ThreadState
|
|
{
|
|
PULONG CallBx86Eip;
|
|
PVOID DeallocationCpu;
|
|
BOOLEAN UseKnownWx86Dll;
|
|
CHAR OleStubInvoked;
|
|
} Wx86ThreadState, *PWx86ThreadState;
|
|
#endif
|
|
|
|
|
|
//
|
|
// Process Environment Block (PEB)
|
|
// Thread Environment Block (TEB)
|
|
//
|
|
#include "peb_teb.h"
|
|
|
|
#ifdef _WIN64
|
|
//
|
|
// Explicit 32 bit PEB/TEB
|
|
//
|
|
#define EXPLICIT_32BIT
|
|
#include "peb_teb.h"
|
|
#undef EXPLICIT_32BIT
|
|
|
|
//
|
|
// Explicit 64 bit PEB/TEB
|
|
//
|
|
#define EXPLICIT_64BIT
|
|
#include "peb_teb.h"
|
|
#undef EXPLICIT_64BIT
|
|
#endif
|
|
|
|
#ifdef NTOS_MODE_USER
|
|
|
|
//
|
|
// Process Information Structures for NtQueryProcessInformation
|
|
//
|
|
typedef struct _PROCESS_BASIC_INFORMATION
|
|
{
|
|
NTSTATUS ExitStatus;
|
|
PPEB PebBaseAddress;
|
|
ULONG_PTR AffinityMask;
|
|
KPRIORITY BasePriority;
|
|
ULONG_PTR UniqueProcessId;
|
|
ULONG_PTR InheritedFromUniqueProcessId;
|
|
} PROCESS_BASIC_INFORMATION, *PPROCESS_BASIC_INFORMATION;
|
|
|
|
typedef struct _PROCESS_ACCESS_TOKEN
|
|
{
|
|
HANDLE Token;
|
|
HANDLE Thread;
|
|
} PROCESS_ACCESS_TOKEN, *PPROCESS_ACCESS_TOKEN;
|
|
|
|
typedef struct _PROCESS_DEVICEMAP_INFORMATION
|
|
{
|
|
union
|
|
{
|
|
struct
|
|
{
|
|
HANDLE DirectoryHandle;
|
|
} Set;
|
|
struct
|
|
{
|
|
ULONG DriveMap;
|
|
UCHAR DriveType[32];
|
|
} Query;
|
|
};
|
|
} PROCESS_DEVICEMAP_INFORMATION, *PPROCESS_DEVICEMAP_INFORMATION;
|
|
|
|
typedef struct _KERNEL_USER_TIMES
|
|
{
|
|
LARGE_INTEGER CreateTime;
|
|
LARGE_INTEGER ExitTime;
|
|
LARGE_INTEGER KernelTime;
|
|
LARGE_INTEGER UserTime;
|
|
} KERNEL_USER_TIMES, *PKERNEL_USER_TIMES;
|
|
|
|
typedef struct _POOLED_USAGE_AND_LIMITS
|
|
{
|
|
SIZE_T PeakPagedPoolUsage;
|
|
SIZE_T PagedPoolUsage;
|
|
SIZE_T PagedPoolLimit;
|
|
SIZE_T PeakNonPagedPoolUsage;
|
|
SIZE_T NonPagedPoolUsage;
|
|
SIZE_T NonPagedPoolLimit;
|
|
SIZE_T PeakPagefileUsage;
|
|
SIZE_T PagefileUsage;
|
|
SIZE_T PagefileLimit;
|
|
} POOLED_USAGE_AND_LIMITS, *PPOOLED_USAGE_AND_LIMITS;
|
|
|
|
typedef struct _PROCESS_SESSION_INFORMATION
|
|
{
|
|
ULONG SessionId;
|
|
} PROCESS_SESSION_INFORMATION, *PPROCESS_SESSION_INFORMATION;
|
|
|
|
#endif
|
|
|
|
typedef struct _PROCESS_PRIORITY_CLASS
|
|
{
|
|
BOOLEAN Foreground;
|
|
UCHAR PriorityClass;
|
|
} PROCESS_PRIORITY_CLASS, *PPROCESS_PRIORITY_CLASS;
|
|
|
|
typedef struct _PROCESS_FOREGROUND_BACKGROUND
|
|
{
|
|
BOOLEAN Foreground;
|
|
} PROCESS_FOREGROUND_BACKGROUND, *PPROCESS_FOREGROUND_BACKGROUND;
|
|
|
|
//
|
|
// Thread Information Structures for NtQueryProcessInformation
|
|
//
|
|
typedef struct _THREAD_BASIC_INFORMATION
|
|
{
|
|
NTSTATUS ExitStatus;
|
|
PVOID TebBaseAddress;
|
|
CLIENT_ID ClientId;
|
|
KAFFINITY AffinityMask;
|
|
KPRIORITY Priority;
|
|
KPRIORITY BasePriority;
|
|
} THREAD_BASIC_INFORMATION, *PTHREAD_BASIC_INFORMATION;
|
|
|
|
#ifndef NTOS_MODE_USER
|
|
|
|
//
|
|
// Job Set Array
|
|
//
|
|
typedef struct _JOB_SET_ARRAY
|
|
{
|
|
HANDLE JobHandle;
|
|
ULONG MemberLevel;
|
|
ULONG Flags;
|
|
} JOB_SET_ARRAY, *PJOB_SET_ARRAY;
|
|
|
|
//
|
|
// EPROCESS Quota Structures
|
|
//
|
|
typedef struct _EPROCESS_QUOTA_ENTRY
|
|
{
|
|
SIZE_T Usage;
|
|
SIZE_T Limit;
|
|
SIZE_T Peak;
|
|
SIZE_T Return;
|
|
} EPROCESS_QUOTA_ENTRY, *PEPROCESS_QUOTA_ENTRY;
|
|
|
|
typedef struct _EPROCESS_QUOTA_BLOCK
|
|
{
|
|
EPROCESS_QUOTA_ENTRY QuotaEntry[3];
|
|
LIST_ENTRY QuotaList;
|
|
ULONG ReferenceCount;
|
|
ULONG ProcessCount;
|
|
} EPROCESS_QUOTA_BLOCK, *PEPROCESS_QUOTA_BLOCK;
|
|
|
|
//
|
|
// Process Pagefault History
|
|
//
|
|
typedef struct _PAGEFAULT_HISTORY
|
|
{
|
|
ULONG CurrentIndex;
|
|
ULONG MapIndex;
|
|
KSPIN_LOCK SpinLock;
|
|
PVOID Reserved;
|
|
PROCESS_WS_WATCH_INFORMATION WatchInfo[1];
|
|
} PAGEFAULT_HISTORY, *PPAGEFAULT_HISTORY;
|
|
|
|
//
|
|
// Process Impersonation Information
|
|
//
|
|
typedef struct _PS_IMPERSONATION_INFORMATION
|
|
{
|
|
PACCESS_TOKEN Token;
|
|
BOOLEAN CopyOnOpen;
|
|
BOOLEAN EffectiveOnly;
|
|
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
|
|
} PS_IMPERSONATION_INFORMATION, *PPS_IMPERSONATION_INFORMATION;
|
|
|
|
//
|
|
// Process Termination Port
|
|
//
|
|
typedef struct _TERMINATION_PORT
|
|
{
|
|
struct _TERMINATION_PORT *Next;
|
|
PVOID Port;
|
|
} TERMINATION_PORT, *PTERMINATION_PORT;
|
|
|
|
//
|
|
// Per-Process APC Rate Limiting
|
|
//
|
|
typedef struct _PSP_RATE_APC
|
|
{
|
|
union
|
|
{
|
|
SINGLE_LIST_ENTRY NextApc;
|
|
ULONGLONG ExcessCycles;
|
|
};
|
|
ULONGLONG TargetGEneration;
|
|
KAPC RateApc;
|
|
} PSP_RATE_APC, *PPSP_RATE_APC;
|
|
|
|
//
|
|
// Executive Thread (ETHREAD)
|
|
//
|
|
typedef struct _ETHREAD
|
|
{
|
|
KTHREAD Tcb;
|
|
LARGE_INTEGER CreateTime;
|
|
union
|
|
{
|
|
LARGE_INTEGER ExitTime;
|
|
LIST_ENTRY LpcReplyChain;
|
|
LIST_ENTRY KeyedWaitChain;
|
|
};
|
|
union
|
|
{
|
|
NTSTATUS ExitStatus;
|
|
PVOID OfsChain;
|
|
};
|
|
LIST_ENTRY PostBlockList;
|
|
union
|
|
{
|
|
struct _TERMINATION_PORT *TerminationPort;
|
|
struct _ETHREAD *ReaperLink;
|
|
PVOID KeyedWaitValue;
|
|
#if (NTDDI_VERSION >= NTDDI_LONGHORN)
|
|
PVOID Win32StartParameter;
|
|
#endif
|
|
};
|
|
KSPIN_LOCK ActiveTimerListLock;
|
|
LIST_ENTRY ActiveTimerListHead;
|
|
CLIENT_ID Cid;
|
|
#if (NTDDI_VERSION >= NTDDI_LONGHORN)
|
|
KSEMAPHORE KeyedWaitSemaphore;
|
|
#else
|
|
union
|
|
{
|
|
KSEMAPHORE LpcReplySemaphore;
|
|
KSEMAPHORE KeyedWaitSemaphore;
|
|
};
|
|
union
|
|
{
|
|
PVOID LpcReplyMessage;
|
|
PVOID LpcWaitingOnPort;
|
|
};
|
|
#endif
|
|
PPS_IMPERSONATION_INFORMATION ImpersonationInfo;
|
|
LIST_ENTRY IrpList;
|
|
ULONG_PTR TopLevelIrp;
|
|
PDEVICE_OBJECT DeviceToVerify;
|
|
#if (NTDDI_VERSION >= NTDDI_LONGHORN)
|
|
PPSP_RATE_APC RateControlApc;
|
|
#else
|
|
struct _EPROCESS *ThreadsProcess;
|
|
#endif
|
|
PVOID Win32StartAddress;
|
|
union
|
|
{
|
|
PKSTART_ROUTINE StartAddress;
|
|
ULONG LpcReceivedMessageId;
|
|
};
|
|
LIST_ENTRY ThreadListEntry;
|
|
EX_RUNDOWN_REF RundownProtect;
|
|
EX_PUSH_LOCK ThreadLock;
|
|
#if (NTDDI_VERSION < NTDDI_LONGHORN)
|
|
ULONG LpcReplyMessageId;
|
|
#endif
|
|
ULONG ReadClusterSize;
|
|
#if (NTDDI_VERSION >= NTDDI_LONGHORN)
|
|
ULONG SpareUlong0;
|
|
#else
|
|
ACCESS_MASK GrantedAccess;
|
|
#endif
|
|
union
|
|
{
|
|
struct
|
|
{
|
|
ULONG Terminated:1;
|
|
#if (NTDDI_VERSION >= NTDDI_LONGHORN)
|
|
ULONG ThreadInserted:1;
|
|
#else
|
|
ULONG DeadThread:1;
|
|
#endif
|
|
ULONG HideFromDebugger:1;
|
|
ULONG ActiveImpersonationInfo:1;
|
|
ULONG SystemThread:1;
|
|
ULONG HardErrorsAreDisabled:1;
|
|
ULONG BreakOnTermination:1;
|
|
ULONG SkipCreationMsg:1;
|
|
ULONG SkipTerminationMsg:1;
|
|
#if (NTDDI_VERSION >= NTDDI_LONGHORN)
|
|
ULONG CreateMsgSent:1;
|
|
ULONG ThreadIoPriority:3;
|
|
ULONG ThreadPagePriority:3;
|
|
ULONG PendingRatecontrol:1;
|
|
#endif
|
|
};
|
|
ULONG CrossThreadFlags;
|
|
};
|
|
union
|
|
{
|
|
struct
|
|
{
|
|
ULONG ActiveExWorker:1;
|
|
ULONG ExWorkerCanWaitUser:1;
|
|
ULONG MemoryMaker:1;
|
|
ULONG KeyedEventInUse:1;
|
|
#if (NTDDI_VERSION >= NTDDI_LONGHORN)
|
|
ULONG RateApcState:2;
|
|
#endif
|
|
};
|
|
ULONG SameThreadPassiveFlags;
|
|
};
|
|
union
|
|
{
|
|
struct
|
|
{
|
|
ULONG LpcReceivedMsgIdValid:1;
|
|
ULONG LpcExitThreadCalled:1;
|
|
#if (NTDDI_VERSION >= NTDDI_LONGHORN)
|
|
ULONG Spare:1;
|
|
#else
|
|
ULONG AddressSpaceOwner:1;
|
|
#endif
|
|
ULONG OwnsProcessWorkingSetExclusive:1;
|
|
ULONG OwnsProcessWorkingSetShared:1;
|
|
ULONG OwnsSystemWorkingSetExclusive:1;
|
|
ULONG OwnsSystemWorkingSetShared:1;
|
|
ULONG OwnsSessionWorkingSetExclusive:1;
|
|
ULONG OwnsSessionWorkingSetShared:1;
|
|
#if (NTDDI_VERSION >= NTDDI_LONGHORN)
|
|
ULONG SupressSymbolLoad:1;
|
|
ULONG Spare1:3;
|
|
ULONG PriorityRegionActive:4;
|
|
#else
|
|
ULONG ApcNeeded:1;
|
|
#endif
|
|
};
|
|
ULONG SameThreadApcFlags;
|
|
};
|
|
#if (NTDDI_VERSION >= NTDDI_LONGHORN)
|
|
UCHAR CacheManagerActive;
|
|
#else
|
|
UCHAR ForwardClusterOnly;
|
|
#endif
|
|
UCHAR DisablePageFaultClustering;
|
|
UCHAR ActiveFaultCount;
|
|
#if (NTDDI_VERSION >= NTDDI_LONGHORN)
|
|
ULONG AlpcMessageId;
|
|
union
|
|
{
|
|
PVOID AlpcMessage;
|
|
ULONG AlpcReceiveAttributeSet;
|
|
};
|
|
LIST_ENTRY AlpcWaitListEntry;
|
|
KSEMAPHORE AlpcWaitSemaphore;
|
|
ULONG CacheManagerCount;
|
|
#endif
|
|
} ETHREAD;
|
|
|
|
//
|
|
// Executive Process (EPROCESS)
|
|
//
|
|
typedef struct _EPROCESS
|
|
{
|
|
KPROCESS Pcb;
|
|
EX_PUSH_LOCK ProcessLock;
|
|
LARGE_INTEGER CreateTime;
|
|
LARGE_INTEGER ExitTime;
|
|
EX_RUNDOWN_REF RundownProtect;
|
|
HANDLE UniqueProcessId;
|
|
LIST_ENTRY ActiveProcessLinks;
|
|
SIZE_T QuotaUsage[3]; /* 0=PagedPool, 1=NonPagedPool, 2=Pagefile */
|
|
SIZE_T QuotaPeak[3]; /* ditto */
|
|
SIZE_T CommitCharge;
|
|
SIZE_T PeakVirtualSize;
|
|
SIZE_T VirtualSize;
|
|
LIST_ENTRY SessionProcessLinks;
|
|
PVOID DebugPort;
|
|
#if (NTDDI_VERSION >= NTDDI_LONGHORN)
|
|
union
|
|
{
|
|
PVOID ExceptionPortData;
|
|
ULONG ExceptionPortValue;
|
|
UCHAR ExceptionPortState:3;
|
|
};
|
|
#else
|
|
PVOID ExceptionPort;
|
|
#endif
|
|
PHANDLE_TABLE ObjectTable;
|
|
EX_FAST_REF Token;
|
|
PFN_NUMBER WorkingSetPage;
|
|
#if (NTDDI_VERSION >= NTDDI_LONGHORN)
|
|
EX_PUSH_LOCK AddressCreationLock;
|
|
PETHREAD RotateInProgress;
|
|
#else
|
|
KGUARDED_MUTEX AddressCreationLock;
|
|
KSPIN_LOCK HyperSpaceLock;
|
|
#endif
|
|
PETHREAD ForkInProgress;
|
|
ULONG_PTR HardwareTrigger;
|
|
PMM_AVL_TABLE PhysicalVadRoot;
|
|
PVOID CloneRoot;
|
|
PFN_NUMBER NumberOfPrivatePages;
|
|
PFN_NUMBER NumberOfLockedPages;
|
|
PVOID *Win32Process;
|
|
struct _EJOB *Job;
|
|
PVOID SectionObject;
|
|
PVOID SectionBaseAddress;
|
|
PEPROCESS_QUOTA_BLOCK QuotaBlock;
|
|
PPAGEFAULT_HISTORY WorkingSetWatch;
|
|
PVOID Win32WindowStation;
|
|
HANDLE InheritedFromUniqueProcessId;
|
|
PVOID LdtInformation;
|
|
PVOID VadFreeHint;
|
|
PVOID VdmObjects;
|
|
PVOID DeviceMap;
|
|
#if (NTDDI_VERSION >= NTDDI_LONGHORN)
|
|
PVOID EtwDataSource;
|
|
PVOID FreeTebHint;
|
|
#else
|
|
PVOID Spare0[3];
|
|
#endif
|
|
union
|
|
{
|
|
HARDWARE_PTE PageDirectoryPte;
|
|
ULONGLONG Filler;
|
|
};
|
|
PVOID Session;
|
|
CHAR ImageFileName[16];
|
|
LIST_ENTRY JobLinks;
|
|
PVOID LockedPagesList;
|
|
LIST_ENTRY ThreadListHead;
|
|
PVOID SecurityPort;
|
|
#ifdef _M_AMD64
|
|
struct _WOW64_PROCESS *Wow64Process;
|
|
#else
|
|
PVOID PaeTop;
|
|
#endif
|
|
ULONG ActiveThreads;
|
|
#if (NTDDI_VERSION >= NTDDI_LONGHORN)
|
|
ULONG ImagePathHash;
|
|
#else
|
|
ACCESS_MASK GrantedAccess;
|
|
#endif
|
|
ULONG DefaultHardErrorProcessing;
|
|
NTSTATUS LastThreadExitStatus;
|
|
struct _PEB* Peb;
|
|
EX_FAST_REF PrefetchTrace;
|
|
LARGE_INTEGER ReadOperationCount;
|
|
LARGE_INTEGER WriteOperationCount;
|
|
LARGE_INTEGER OtherOperationCount;
|
|
LARGE_INTEGER ReadTransferCount;
|
|
LARGE_INTEGER WriteTransferCount;
|
|
LARGE_INTEGER OtherTransferCount;
|
|
SIZE_T CommitChargeLimit;
|
|
SIZE_T CommitChargePeak;
|
|
PVOID AweInfo;
|
|
SE_AUDIT_PROCESS_CREATION_INFO SeAuditProcessCreationInfo;
|
|
MMSUPPORT Vm;
|
|
#ifdef _M_AMD64
|
|
ULONG Spares[2];
|
|
#else
|
|
LIST_ENTRY MmProcessLinks;
|
|
#endif
|
|
ULONG ModifiedPageCount;
|
|
#if (NTDDI_VERSION >= NTDDI_LONGHORN)
|
|
union
|
|
{
|
|
struct
|
|
{
|
|
ULONG JobNotReallyActive:1;
|
|
ULONG AccountingFolded:1;
|
|
ULONG NewProcessReported:1;
|
|
ULONG ExitProcessReported:1;
|
|
ULONG ReportCommitChanges:1;
|
|
ULONG LastReportMemory:1;
|
|
ULONG ReportPhysicalPageChanges:1;
|
|
ULONG HandleTableRundown:1;
|
|
ULONG NeedsHandleRundown:1;
|
|
ULONG RefTraceEnabled:1;
|
|
ULONG NumaAware:1;
|
|
ULONG ProtectedProcess:1;
|
|
ULONG DefaultPagePriority:3;
|
|
ULONG ProcessDeleteSelf:1;
|
|
ULONG ProcessVerifierTarget:1;
|
|
};
|
|
ULONG Flags2;
|
|
};
|
|
#else
|
|
ULONG JobStatus;
|
|
#endif
|
|
union
|
|
{
|
|
struct
|
|
{
|
|
ULONG CreateReported:1;
|
|
ULONG NoDebugInherit:1;
|
|
ULONG ProcessExiting:1;
|
|
ULONG ProcessDelete:1;
|
|
ULONG Wow64SplitPages:1;
|
|
ULONG VmDeleted:1;
|
|
ULONG OutswapEnabled:1;
|
|
ULONG Outswapped:1;
|
|
ULONG ForkFailed:1;
|
|
ULONG Wow64VaSpace4Gb:1;
|
|
ULONG AddressSpaceInitialized:2;
|
|
ULONG SetTimerResolution:1;
|
|
ULONG BreakOnTermination:1;
|
|
#if (NTDDI_VERSION >= NTDDI_LONGHORN)
|
|
ULONG DeprioritizeViews:1;
|
|
#else
|
|
ULONG SessionCreationUnderway:1;
|
|
#endif
|
|
ULONG WriteWatch:1;
|
|
ULONG ProcessInSession:1;
|
|
ULONG OverrideAddressSpace:1;
|
|
ULONG HasAddressSpace:1;
|
|
ULONG LaunchPrefetched:1;
|
|
ULONG InjectInpageErrors:1;
|
|
ULONG VmTopDown:1;
|
|
ULONG ImageNotifyDone:1;
|
|
ULONG PdeUpdateNeeded:1;
|
|
ULONG VdmAllowed:1;
|
|
ULONG SmapAllowed:1;
|
|
#if (NTDDI_VERSION >= NTDDI_LONGHORN)
|
|
ULONG ProcessInserted:1;
|
|
#else
|
|
ULONG CreateFailed:1;
|
|
#endif
|
|
ULONG DefaultIoPriority:3;
|
|
#if (NTDDI_VERSION >= NTDDI_LONGHORN)
|
|
ULONG SparePsFlags1:2;
|
|
#else
|
|
ULONG Spare1:1;
|
|
ULONG Spare2:1;
|
|
#endif
|
|
};
|
|
ULONG Flags;
|
|
};
|
|
NTSTATUS ExitStatus;
|
|
#if (NTDDI_VERSION >= NTDDI_LONGHORN)
|
|
USHORT Spare7;
|
|
#else
|
|
USHORT NextPageColor;
|
|
#endif
|
|
union
|
|
{
|
|
struct
|
|
{
|
|
UCHAR SubSystemMinorVersion;
|
|
UCHAR SubSystemMajorVersion;
|
|
};
|
|
USHORT SubSystemVersion;
|
|
};
|
|
UCHAR PriorityClass;
|
|
MM_AVL_TABLE VadRoot;
|
|
ULONG Cookie;
|
|
} EPROCESS;
|
|
|
|
//
|
|
// Job Token Filter Data
|
|
//
|
|
#include <pshpack1.h>
|
|
typedef struct _PS_JOB_TOKEN_FILTER
|
|
{
|
|
ULONG CapturedSidCount;
|
|
PSID_AND_ATTRIBUTES CapturedSids;
|
|
ULONG CapturedSidsLength;
|
|
ULONG CapturedGroupCount;
|
|
PSID_AND_ATTRIBUTES CapturedGroups;
|
|
ULONG CapturedGroupsLength;
|
|
ULONG CapturedPrivilegeCount;
|
|
PLUID_AND_ATTRIBUTES CapturedPrivileges;
|
|
ULONG CapturedPrivilegesLength;
|
|
} PS_JOB_TOKEN_FILTER, *PPS_JOB_TOKEN_FILTER;
|
|
|
|
//
|
|
// Executive Job (EJOB)
|
|
//
|
|
typedef struct _EJOB
|
|
{
|
|
KEVENT Event;
|
|
LIST_ENTRY JobLinks;
|
|
LIST_ENTRY ProcessListHead;
|
|
ERESOURCE JobLock;
|
|
LARGE_INTEGER TotalUserTime;
|
|
LARGE_INTEGER TotalKernelTime;
|
|
LARGE_INTEGER ThisPeriodTotalUserTime;
|
|
LARGE_INTEGER ThisPeriodTotalKernelTime;
|
|
ULONG TotalPageFaultCount;
|
|
ULONG TotalProcesses;
|
|
ULONG ActiveProcesses;
|
|
ULONG TotalTerminatedProcesses;
|
|
LARGE_INTEGER PerProcessUserTimeLimit;
|
|
LARGE_INTEGER PerJobUserTimeLimit;
|
|
ULONG LimitFlags;
|
|
ULONG MinimumWorkingSetSize;
|
|
ULONG MaximumWorkingSetSize;
|
|
ULONG ActiveProcessLimit;
|
|
ULONG Affinity;
|
|
UCHAR PriorityClass;
|
|
ULONG UIRestrictionsClass;
|
|
ULONG SecurityLimitFlags;
|
|
PVOID Token;
|
|
PPS_JOB_TOKEN_FILTER Filter;
|
|
ULONG EndOfJobTimeAction;
|
|
PVOID CompletionPort;
|
|
PVOID CompletionKey;
|
|
ULONG SessionId;
|
|
ULONG SchedulingClass;
|
|
ULONGLONG ReadOperationCount;
|
|
ULONGLONG WriteOperationCount;
|
|
ULONGLONG OtherOperationCount;
|
|
ULONGLONG ReadTransferCount;
|
|
ULONGLONG WriteTransferCount;
|
|
ULONGLONG OtherTransferCount;
|
|
IO_COUNTERS IoInfo;
|
|
ULONG ProcessMemoryLimit;
|
|
ULONG JobMemoryLimit;
|
|
ULONG PeakProcessMemoryUsed;
|
|
ULONG PeakJobMemoryUsed;
|
|
ULONG CurrentJobMemoryUsed;
|
|
#if (NTDDI_VERSION >= NTDDI_WINXP) && (NTDDI_VERSION < NTDDI_WS03)
|
|
FAST_MUTEX MemoryLimitsLock;
|
|
#elif (NTDDI_VERSION >= NTDDI_WS03) && (NTDDI_VERSION < NTDDI_LONGHORN)
|
|
KGUARDED_MUTEX MemoryLimitsLock;
|
|
#elif (NTDDI_VERSION >= NTDDI_LONGHORN)
|
|
EX_PUSH_LOCK MemoryLimitsLock;
|
|
#endif
|
|
LIST_ENTRY JobSetLinks;
|
|
ULONG MemberLevel;
|
|
ULONG JobFlags;
|
|
} EJOB, *PEJOB;
|
|
#include <poppack.h>
|
|
|
|
//
|
|
// Win32K Callback Registration Data
|
|
//
|
|
typedef struct _WIN32_POWEREVENT_PARAMETERS
|
|
{
|
|
PSPOWEREVENTTYPE EventNumber;
|
|
ULONG Code;
|
|
} WIN32_POWEREVENT_PARAMETERS, *PWIN32_POWEREVENT_PARAMETERS;
|
|
|
|
typedef struct _WIN32_POWERSTATE_PARAMETERS
|
|
{
|
|
UCHAR Promotion;
|
|
POWER_ACTION SystemAction;
|
|
SYSTEM_POWER_STATE MinSystemState;
|
|
ULONG Flags;
|
|
POWERSTATETASK PowerStateTask;
|
|
} WIN32_POWERSTATE_PARAMETERS, *PWIN32_POWERSTATE_PARAMETERS;
|
|
|
|
typedef struct _WIN32_JOBCALLOUT_PARAMETERS
|
|
{
|
|
PVOID Job;
|
|
PSW32JOBCALLOUTTYPE CalloutType;
|
|
PVOID Data;
|
|
} WIN32_JOBCALLOUT_PARAMETERS, *PWIN32_JOBCALLOUT_PARAMETERS;
|
|
|
|
typedef struct _WIN32_OPENMETHOD_PARAMETERS
|
|
{
|
|
OB_OPEN_REASON OpenReason;
|
|
PEPROCESS Process;
|
|
PVOID Object;
|
|
ULONG GrantedAccess;
|
|
ULONG HandleCount;
|
|
} WIN32_OPENMETHOD_PARAMETERS, *PWIN32_OPENMETHOD_PARAMETERS;
|
|
|
|
typedef struct _WIN32_OKAYTOCLOSEMETHOD_PARAMETERS
|
|
{
|
|
PEPROCESS Process;
|
|
PVOID Object;
|
|
HANDLE Handle;
|
|
KPROCESSOR_MODE PreviousMode;
|
|
} WIN32_OKAYTOCLOSEMETHOD_PARAMETERS, *PWIN32_OKAYTOCLOSEMETHOD_PARAMETERS;
|
|
|
|
typedef struct _WIN32_CLOSEMETHOD_PARAMETERS
|
|
{
|
|
PEPROCESS Process;
|
|
PVOID Object;
|
|
ACCESS_MASK AccessMask;
|
|
ULONG ProcessHandleCount;
|
|
ULONG SystemHandleCount;
|
|
} WIN32_CLOSEMETHOD_PARAMETERS, *PWIN32_CLOSEMETHOD_PARAMETERS;
|
|
|
|
typedef struct _WIN32_DELETEMETHOD_PARAMETERS
|
|
{
|
|
PVOID Object;
|
|
} WIN32_DELETEMETHOD_PARAMETERS, *PWIN32_DELETEMETHOD_PARAMETERS;
|
|
|
|
typedef struct _WIN32_PARSEMETHOD_PARAMETERS
|
|
{
|
|
PVOID ParseObject;
|
|
PVOID ObjectType;
|
|
PACCESS_STATE AccessState;
|
|
KPROCESSOR_MODE AccessMode;
|
|
ULONG Attributes;
|
|
_Out_ PUNICODE_STRING CompleteName;
|
|
PUNICODE_STRING RemainingName;
|
|
PVOID Context;
|
|
PSECURITY_QUALITY_OF_SERVICE SecurityQos;
|
|
PVOID *Object;
|
|
} WIN32_PARSEMETHOD_PARAMETERS, *PWIN32_PARSEMETHOD_PARAMETERS;
|
|
|
|
typedef struct _WIN32_CALLOUTS_FPNS
|
|
{
|
|
PKWIN32_PROCESS_CALLOUT ProcessCallout;
|
|
PKWIN32_THREAD_CALLOUT ThreadCallout;
|
|
PKWIN32_GLOBALATOMTABLE_CALLOUT GlobalAtomTableCallout;
|
|
PKWIN32_POWEREVENT_CALLOUT PowerEventCallout;
|
|
PKWIN32_POWERSTATE_CALLOUT PowerStateCallout;
|
|
PKWIN32_JOB_CALLOUT JobCallout;
|
|
PGDI_BATCHFLUSH_ROUTINE BatchFlushRoutine;
|
|
PKWIN32_SESSION_CALLOUT DesktopOpenProcedure;
|
|
PKWIN32_SESSION_CALLOUT DesktopOkToCloseProcedure;
|
|
PKWIN32_SESSION_CALLOUT DesktopCloseProcedure;
|
|
PKWIN32_SESSION_CALLOUT DesktopDeleteProcedure;
|
|
PKWIN32_SESSION_CALLOUT WindowStationOkToCloseProcedure;
|
|
PKWIN32_SESSION_CALLOUT WindowStationCloseProcedure;
|
|
PKWIN32_SESSION_CALLOUT WindowStationDeleteProcedure;
|
|
PKWIN32_SESSION_CALLOUT WindowStationParseProcedure;
|
|
PKWIN32_SESSION_CALLOUT WindowStationOpenProcedure;
|
|
#if (NTDDI_VERSION >= NTDDI_LONGHORN)
|
|
PKWIN32_WIN32DATACOLLECTION_CALLOUT Win32DataCollectionProcedure;
|
|
#endif
|
|
} WIN32_CALLOUTS_FPNS, *PWIN32_CALLOUTS_FPNS;
|
|
|
|
#endif // !NTOS_MODE_USER
|
|
|
|
#ifdef __cplusplus
|
|
}; // extern "C"
|
|
#endif
|
|
|
|
#endif // _PSTYPES_H
|