38 Section =
Process->SectionObject;
56PspDumpProcessInfoClassName(
59 static CHAR UnknownClassName[11];
61#define DBG_PROCESS_INFO_CLASS(InfoClass) [InfoClass] = #InfoClass
62 static const PCSTR ProcessInfoClasses[] =
114#undef DBG_PROCESS_INFO_CLASS
116 if (ProcessInformationClass <
RTL_NUMBER_OF(ProcessInfoClasses))
118 return ProcessInfoClasses[ProcessInformationClass];
121 sprintf(UnknownClassName,
"%lu", ProcessInformationClass);
122 return UnknownClassName;
127PspDumpThreadInfoClassName(
130 static CHAR UnknownClassName[11];
132#define DBG_THREAD_INFO_CLASS(InfoClass) [InfoClass] = #InfoClass
133 static const PCSTR ThreadInfoClasses[] =
192#undef DBG_THREAD_INFO_CLASS
200 return UnknownClassName;
215 PVOID ProcessInformation,
232 ProcessInformationLength,
239 DPRINT1(
"NtQueryInformationProcess(ProcessInformationClass: %s): Class validation failed! (Status: 0x%lx)\n",
240 PspDumpProcessInfoClassName(ProcessInformationClass),
Status);
258 switch (ProcessInformationClass)
323 Length = ProcessInformationLength;
371 QuotaLimits.
Flags |= (
Process->Vm.Flags.MaximumWorkingSetHard ?
373 QuotaLimits.
Flags |= (
Process->Vm.Flags.MinimumWorkingSetHard ?
403 if (ProcessInformationLength !=
sizeof(
IO_COUNTERS))
490 if (ProcessInformationLength !=
sizeof(
HANDLE))
530 if (ProcessInformationLength !=
sizeof(
ULONG))
616 if ((ProcessInformationLength !=
sizeof(
VM_COUNTERS)) &&
651 Length = ProcessInformationLength;
668 if (ProcessInformationLength !=
sizeof(
ULONG))
691 DefaultHardErrorProcessing;
707 if (ProcessInformationLength !=
sizeof(
ULONG))
787 Length = ProcessInformationLength;
872 if (
Length <= ProcessInformationLength)
907#if (NTDDI_VERSION >= NTDDI_VISTA) || (DLL_EXPORT_VERSION >= _WIN32_WINNT_VISTA)
942 if (
Length <= ProcessInformationLength)
980 if (ProcessInformationLength !=
sizeof(
ULONG))
1002 *(
PULONG)ProcessInformation =
Process->NoDebugInherit ? 0 : 1;
1017 if (ProcessInformationLength !=
sizeof(
ULONG))
1057 if (ProcessInformationLength !=
sizeof(
ULONG))
1077 SystemTime.
u.LowPart ^ SystemTime.
u.HighPart;
1139 if (ProcessInformationLength !=
sizeof(
HANDLE))
1167 *(
PHANDLE)ProcessInformation = DebugPort;
1183 DPRINT1(
"Handle tracing not implemented: %lu\n", ProcessInformationClass);
1189 if (ProcessInformationLength !=
sizeof(
ULONG))
1217 if (ProcessInformationLength !=
sizeof(
ULONG))
1256 if (ProcessInformationLength !=
sizeof(
ULONG_PTR))
1305 ULONG ExecuteOptions = 0;
1307 if (ProcessInformationLength !=
sizeof(
ULONG))
1330 *(
PULONG)ProcessInformation = ExecuteOptions;
1343 DPRINT1(
"VDM/16-bit not implemented: %lu\n", ProcessInformationClass);
1348 DPRINT1(
"WS Watch not implemented: %lu\n", ProcessInformationClass);
1353 DPRINT1(
"Pool limits not implemented: %lu\n", ProcessInformationClass);
1360 DPRINT1(
"Unsupported info class: %s\n", PspDumpProcessInfoClassName(ProcessInformationClass));
1406 PVOID ExceptionPort;
1410 UCHAR MemoryPriority = 0;
1412 ULONG DefaultHardErrorMode = 0;
1413 ULONG DebugFlags = 0, EnableFixup = 0, Boost = 0;
1414 ULONG NoExecute = 0, VdmPower = 0;
1425 ProcessInformationLength,
1430 DPRINT1(
"NtSetInformationProcess(ProcessInformationClass: %s): Class validation failed! (Status: 0x%lx)\n",
1431 PspDumpProcessInfoClassName(ProcessInformationClass),
Status);
1459 switch (ProcessInformationClass)
1464 if (ProcessInformationLength !=
sizeof(
ULONG))
1474 VdmPower = *(
PULONG)ProcessInformation;
1489 DPRINT1(
"Need TCB privilege\n");
1508 if (ProcessInformationLength !=
sizeof(
HANDLE))
1518 PortHandle = *(
PHANDLE)ProcessInformation;
1541 (
PVOID)&ExceptionPort,
1589 if (ProcessInformationLength !=
sizeof(
ULONG))
1598 DefaultHardErrorMode = *(
PULONG)ProcessInformation;
1609 Process->DefaultHardErrorProcessing = DefaultHardErrorMode;
1716 DPRINT1(
"Privilege to change priority to realtime lacking\n");
1724 DPRINT1(
"Jobs not yet supported\n");
1772 if (ProcessInformationLength !=
sizeof(
KPRIORITY))
1781 BasePriority = *(
KPRIORITY*)ProcessInformation;
1793 if (BasePriority & 0x80000000)
1796 BasePriority &= ~0x80000000;
1811 if (BasePriority >
Process->Pcb.BasePriority)
1820 DPRINT1(
"Privilege to change priority from %lx to %lx lacking\n",
Process->Pcb.BasePriority, BasePriority);
1836 if (ProcessInformationLength !=
sizeof(
ULONG))
1845 Boost = *(
PULONG)ProcessInformation;
1891 if (ProcessInformationLength !=
sizeof(
ULONG))
1900 Break = *(
PULONG)ProcessInformation;
1934 if (ProcessInformationLength !=
sizeof(
KAFFINITY))
2000 if (ProcessInformationLength !=
sizeof(
ULONG))
2009 DisableBoost = *(
PBOOLEAN)ProcessInformation;
2058 if (ProcessInformationLength !=
sizeof(
ULONG))
2067 DebugFlags = *(
PULONG)ProcessInformation;
2078 if (DebugFlags & ~1)
2101 if (ProcessInformationLength !=
sizeof(
BOOLEAN))
2110 EnableFixup = *(
PULONG)ProcessInformation;
2127 Process->DefaultHardErrorProcessing &= ~SEM_NOALIGNMENTFAULTEXCEPT;
2141 DPRINT1(
"Need TCB to set IOPL\n");
2149#elif defined(_M_AMD64)
2167 if (ProcessInformationLength !=
sizeof(
ULONG))
2182 NoExecute = *(
PULONG)ProcessInformation;
2199 if (ProcessInformationLength !=
sizeof(
HANDLE))
2228 DPRINT1(
"VDM/16-bit Request not implemented: %lu\n", ProcessInformationClass);
2237 ProcessInformationLength,
2242 DPRINT1(
"WS watch not implemented\n");
2247 DPRINT1(
"Handle tracing not implemented\n");
2254 DPRINT1(
"Invalid Server 2003 Info Class: %s\n", PspDumpProcessInfoClassName(ProcessInformationClass));
2294 DPRINT1(
"NtSetInformationThread(ThreadInformationClass: %s): Class validation failed! (Status: 0x%lx)\n",
2612 IdealProcessor = *(
PULONG_PTR)ThreadInformation;
2642 (
CCHAR)IdealProcessor);
2675 DisableBoost = *(
PULONG_PTR)ThreadInformation;
2759 Teb = ProcThread->
Tcb.
Teb;
2811 Break = *(
PULONG)ThreadInformation;
2882#if (NTDDI_VERSION >= NTDDI_WIN10_RS1) || defined(__REACTOS__)
2923 NewThreadName =
NULL;
2924 if (CapturedThreadName.
Length > 0)
2938 NewThreadName->
Buffer = (
PWCH)(NewThreadName + 1);
2940 CapturedThreadName.
Buffer,
2941 CapturedThreadName.
Length);
2989 PVOID ThreadInformation,
3014 DPRINT1(
"NtQueryInformationThread(ThreadInformationClass: %s): Class validation failed! (Status: 0x%lx)\n",
3231 *(
PULONG)ThreadInformation = ((
Thread->ThreadsProcess->
3233 &
Thread->ThreadsProcess->
3361#if (NTDDI_VERSION >= NTDDI_VISTA)
3439 ULONG ThreadTerminated;
3442 Length =
sizeof(ThreadTerminated);
3464 *(
PULONG)ThreadInformation = ThreadTerminated ? 1 : 0;
3477#if (NTDDI_VERSION >= NTDDI_WIN10_RS1) || defined(__REACTOS__)
3515 if (ThreadName && (ThreadName->
Length > 0))
#define STATUS_PRIVILEGE_NOT_HELD
_In_ PVOID _In_ ULONG _Out_ PVOID _In_ ULONG _Inout_ PULONG ReturnLength
_In_ PVOID _In_ ULONG _Out_ PVOID _In_ ULONG _Inout_ PULONG _In_ KPROCESSOR_MODE PreviousMode
static HANDLE DirectoryHandle
BOOL Query(LPCTSTR *ServiceArgs, DWORD ArgCount, BOOL bExtended)
@ ProcessBreakOnTermination
@ ProcessBasicInformation
@ ProcessWow64Information
enum _PROCESSINFOCLASS PROCESSINFOCLASS
#define STATUS_NOT_IMPLEMENTED
NTSTATUS NTAPI DbgkOpenProcessDebugPort(IN PEPROCESS Process, IN KPROCESSOR_MODE PreviousMode, OUT HANDLE *DebugHandle)
#define NT_SUCCESS(StatCode)
struct _THREAD_BASIC_INFORMATION THREAD_BASIC_INFORMATION
@ ThreadEnableAlignmentFaultFixup
@ ThreadDescriptorTableEntry
@ ThreadEventPair_Reusable
@ ThreadActualBasePriority
@ ThreadSwitchLegacyState
@ ThreadQuerySetWin32StartAddress
@ ThreadBreakOnTermination
@ ThreadImpersonationToken
@ ThreadSetTlsArrayAddress
enum _THREADINFOCLASS THREADINFOCLASS
struct _THREAD_BASIC_INFORMATION * PTHREAD_BASIC_INFORMATION
UNICODE_STRING * PUNICODE_STRING
#define ExAllocatePoolWithTag(hernya, size, tag)
#define IsListEmpty(ListHead)
#define PsGetCurrentThread()
#define KeRaiseIrql(irql, oldIrql)
#define KeLowerIrql(oldIrql)
#define KeQuerySystemTime(t)
struct _UNICODE_STRING UNICODE_STRING
#define ExReleaseRundownProtection
#define ExGetPreviousMode
FORCEINLINE VOID ExAcquirePushLockShared(PEX_PUSH_LOCK PushLock)
FORCEINLINE VOID ExReleasePushLockShared(PEX_PUSH_LOCK PushLock)
#define ExAcquireRundownProtection
#define MAXIMUM_PROCESSORS
_In_opt_ PFILE_OBJECT _In_opt_ PETHREAD Thread
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
#define PROCESS_SUSPEND_RESUME
struct _PROCESS_PRIORITY_CLASS PROCESS_PRIORITY_CLASS
#define PROCESS_QUERY_INFORMATION
#define THREAD_SET_THREAD_TOKEN
#define THREAD_BASE_PRIORITY_LOWRT
struct _PROCESS_PRIORITY_CLASS * PPROCESS_PRIORITY_CLASS
#define THREAD_QUERY_INFORMATION
#define PROCESS_PRIORITY_CLASS_ABOVE_NORMAL
#define PSF_NO_DEBUG_INHERIT_BIT
#define CT_HIDE_FROM_DEBUGGER_BIT
#define THREAD_BASE_PRIORITY_MIN
#define PROCESS_SET_SESSIONID
#define THREAD_BASE_PRIORITY_MAX
@ PsProcessPriorityForeground
@ PsProcessPriorityBackground
struct _THREAD_NAME_INFORMATION * PTHREAD_NAME_INFORMATION
#define THREAD_BASE_PRIORITY_IDLE
#define PROCESS_SET_INFORMATION
#define PSF_VDM_ALLOWED_BIT
#define TLS_EXPANSION_SLOTS
#define PROCESS_PRIORITY_CLASS_REALTIME
#define CT_BREAK_ON_TERMINATION_BIT
struct _PROCESS_FOREGROUND_BACKGROUND * PPROCESS_FOREGROUND_BACKGROUND
#define MEMORY_PRIORITY_BACKGROUND
#define PSF_BREAK_ON_TERMINATION_BIT
#define MEMORY_PRIORITY_FOREGROUND
#define EXCEPTION_EXECUTE_HANDLER
#define QUOTA_LIMITS_HARDWS_MIN_DISABLE
#define PROCESS_LUID_DOSDEVICES_ONLY
struct _IO_COUNTERS IO_COUNTERS
struct _PROCESS_SESSION_INFORMATION PROCESS_SESSION_INFORMATION
struct _PROCESS_SESSION_INFORMATION * PPROCESS_SESSION_INFORMATION
#define QUOTA_LIMITS_HARDWS_MAX_DISABLE
struct _QUOTA_LIMITS_EX QUOTA_LIMITS_EX
#define QUOTA_LIMITS_HARDWS_MAX_ENABLE
#define QUOTA_LIMITS_HARDWS_MIN_ENABLE
#define LOW_REALTIME_PRIORITY
struct _IO_COUNTERS * PIO_COUNTERS
#define InterlockedCompareExchangePointer
#define InterlockedCompareExchange
static LIST_ENTRY ThreadListHead
#define RTL_FIELD_SIZE(type, field)
#define KeLeaveCriticalRegion()
#define KeEnterCriticalRegion()
POBJECT_TYPE LpcPortObjectType
#define ExFreePoolWithTag(_P, _T)
static const char * ImageName
FORCEINLINE struct _KPRCB * KeGetCurrentPrcb(VOID)
_In_ HANDLE ProcessHandle
struct _SECTION_IMAGE_INFORMATION SECTION_IMAGE_INFORMATION
_In_ ACCESS_MASK _In_ ULONG _Out_ PHANDLE TokenHandle
_In_ THREADINFOCLASS _In_ ULONG ThreadInformationLength
_In_ THREADINFOCLASS ThreadInformationClass
#define SEM_NOALIGNMENTFAULTEXCEPT
#define _In_reads_bytes_(s)
#define _Out_writes_bytes_to_opt_(s, c)
#define NtCurrentProcess()
struct _OBJECT_NAME_INFORMATION OBJECT_NAME_INFORMATION
#define THREAD_SET_INFORMATION
struct _PROCESS_ACCESS_TOKEN * PPROCESS_ACCESS_TOKEN
_In_ ULONG _In_ ULONG _In_ ULONG Length
LONG NTAPI KeQueryBasePriorityThread(IN PKTHREAD Thread)
ULONG NTAPI KeQueryRuntimeProcess(IN PKPROCESS Process, OUT PULONG UserTime)
KAFFINITY NTAPI KeSetAffinityProcess(IN PKPROCESS Process, IN KAFFINITY Affinity)
KAFFINITY KeActiveProcessors
VOID NTAPI Ke386SetIOPL(VOID)
VOID NTAPI KeQueryValuesProcess(IN PKPROCESS Process, PPROCESS_VALUES Values)
BOOLEAN NTAPI KeSetDisableBoostProcess(IN PKPROCESS Process, IN BOOLEAN Disable)
BOOLEAN NTAPI KeSetDisableBoostThread(IN OUT PKTHREAD Thread, IN BOOLEAN Disable)
BOOLEAN NTAPI KeReadStateThread(IN PKTHREAD Thread)
BOOLEAN NTAPI KeSetAutoAlignmentProcess(IN PKPROCESS Process, IN BOOLEAN Enable)
VOID NTAPI KeBoostPriorityThread(IN PKTHREAD Thread, IN KPRIORITY Increment)
KPRIORITY NTAPI KeSetPriorityAndQuantumProcess(IN PKPROCESS Process, IN KPRIORITY Priority, IN UCHAR Quantum OPTIONAL)
PFILE_OBJECT NTAPI MmGetFileObjectForSection(IN PVOID Section)
VOID NTAPI MmGetImageInformation(OUT PSECTION_IMAGE_INFORMATION ImageInformation)
NTSTATUS NTAPI MmSetExecuteOptions(IN ULONG ExecuteOptions)
NTSTATUS NTAPI MmSetMemoryPriorityProcess(IN PEPROCESS Process, IN UCHAR MemoryPriority)
NTSTATUS NTAPI MmGetExecuteOptions(IN PULONG ExecuteOptions)
static __inline NTSTATUS DefaultQueryInfoBufferCheck(_In_ ULONG Class, _In_ const INFORMATION_CLASS_INFO *ClassList, _In_ ULONG ClassListEntries, _In_ ULONG Flags, _In_opt_ PVOID Buffer, _In_ ULONG BufferLength, _In_opt_ PULONG ReturnLength, _In_opt_ PULONG_PTR ReturnLengthPtr, _In_ KPROCESSOR_MODE PreviousMode)
Probe helper that validates the provided parameters whenever a NtQuery*** system call is invoked from...
static __inline NTSTATUS DefaultSetInfoBufferCheck(_In_ ULONG Class, _In_ const INFORMATION_CLASS_INFO *ClassList, _In_ ULONG ClassListEntries, _In_ PVOID Buffer, _In_ ULONG BufferLength, _In_ KPROCESSOR_MODE PreviousMode)
Probe helper that validates the provided parameters whenever a NtSet*** system call is invoked from u...
const LUID SeDebugPrivilege
BOOLEAN NTAPI SeCheckPrivilegedObject(_In_ LUID PrivilegeValue, _In_ HANDLE ObjectHandle, _In_ ACCESS_MASK DesiredAccess, _In_ KPROCESSOR_MODE PreviousMode)
Checks a privileged object if such object has the specific privilege submitted by the caller.
const LUID SeTcbPrivilege
const LUID SeIncreaseBasePriorityPrivilege
NTSTATUS NTAPI IoQueryFileDosDeviceName(IN PFILE_OBJECT FileObject, OUT POBJECT_NAME_INFORMATION *ObjectNameInformation)
POBJECT_TYPE PsProcessType
ULONG NTAPI PsGetProcessSessionId(IN PEPROCESS Process)
VOID NTAPI PsSetProcessPriorityByClass(IN PEPROCESS Process, IN PSPROCESSPRIORITYMODE Type)
NTSTATUS NTAPI NtQueryInformationThread(_In_ HANDLE ThreadHandle, _In_ THREADINFOCLASS ThreadInformationClass, _Out_writes_bytes_to_opt_(ThreadInformationLength, *ReturnLength) PVOID ThreadInformation, _In_ ULONG ThreadInformationLength, _Out_opt_ PULONG ReturnLength)
NTSTATUS NTAPI NtSetInformationProcess(_In_ HANDLE ProcessHandle, _In_ PROCESSINFOCLASS ProcessInformationClass, _In_reads_bytes_(ProcessInformationLength) PVOID ProcessInformation, _In_ ULONG ProcessInformationLength)
NTSTATUS NTAPI PsReferenceProcessFilePointer(_In_ PEPROCESS Process, _Outptr_ PFILE_OBJECT *FileObject)
NTSTATUS NTAPI NtSetInformationThread(_In_ HANDLE ThreadHandle, _In_ THREADINFOCLASS ThreadInformationClass, _In_reads_bytes_(ThreadInformationLength) PVOID ThreadInformation, _In_ ULONG ThreadInformationLength)
NTSTATUS NTAPI NtQueryInformationProcess(_In_ HANDLE ProcessHandle, _In_ PROCESSINFOCLASS ProcessInformationClass, _Out_writes_bytes_to_opt_(ProcessInformationLength, *ReturnLength) PVOID ProcessInformation, _In_ ULONG ProcessInformationLength, _Out_opt_ PULONG ReturnLength)
NTSTATUS NTAPI PsAssignImpersonationToken(IN PETHREAD Thread, IN HANDLE TokenHandle)
POBJECT_TYPE PsThreadType
BOOLEAN NTAPI PsIsThreadTerminating(IN PETHREAD Thread)
NTSTATUS NTAPI SeLocateProcessImageName(_In_ PEPROCESS Process, _Out_ PUNICODE_STRING *ProcessImageName)
Finds the process image name of a specific process.
BOOLEAN NTAPI SeSinglePrivilegeCheck(_In_ LUID PrivilegeValue, _In_ KPROCESSOR_MODE PreviousMode)
Checks if a single privilege is present in the context of the calling thread.
#define STATUS_PROCESS_IS_TERMINATING
#define STATUS_INVALID_INFO_CLASS
#define STATUS_PORT_ALREADY_SET
ULONG NTAPI ObGetProcessHandleCount(IN PEPROCESS Process)
NTSTATUS NTAPI ObSetDeviceMap(IN PEPROCESS Process, IN HANDLE DirectoryHandle)
ULONG NTAPI ObIsLUIDDeviceMapsEnabled(VOID)
NTSTATUS NTAPI ObQueryDeviceMapInformation(_In_opt_ PEPROCESS Process, _Out_ PPROCESS_DEVICEMAP_INFORMATION DeviceMapInfo, _In_ ULONG Flags)
NTSTATUS NTAPI ObCloseHandle(IN HANDLE Handle, IN KPROCESSOR_MODE AccessMode)
NTSTATUS NTAPI ObReferenceObjectByHandle(IN HANDLE Handle, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation OPTIONAL)
NTSTATUS NTAPI PspSetPrimaryToken(IN PEPROCESS Process, IN HANDLE TokenHandle OPTIONAL, IN PACCESS_TOKEN Token OPTIONAL)
NTSTATUS NTAPI PspSetQuotaLimits(_In_ PEPROCESS Process, _In_ ULONG Unused, _In_ PVOID QuotaLimits, _In_ ULONG QuotaLimitsLength, _In_ KPROCESSOR_MODE PreviousMode)
This function adjusts the working set limits of a process and sets up new quota limits when necessary...
PETHREAD NTAPI PsGetNextProcessThread(IN PEPROCESS Process, IN PETHREAD Thread OPTIONAL)
EPROCESS_QUOTA_BLOCK PspDefaultQuotaBlock
static const INFORMATION_CLASS_INFO PsThreadInfoClass[]
static const INFORMATION_CLASS_INFO PsProcessInfoClass[]
FORCEINLINE VOID PspUnlockThreadSecurityShared(IN PETHREAD Thread)
FORCEINLINE VOID PspLockThreadSecurityExclusive(IN PETHREAD Thread)
#define PspSetCrossThreadFlag(Thread, Flag)
FORCEINLINE VOID PspUnlockThreadSecurityExclusive(IN PETHREAD Thread)
#define PspClearCrossThreadFlag(Thread, Flag)
#define PspClearProcessFlag(Process, Flag)
FORCEINLINE VOID PspLockThreadSecurityShared(IN PETHREAD Thread)
#define PspSetProcessFlag(Process, Flag)
struct _PROCESS_BASIC_INFORMATION * PPROCESS_BASIC_INFORMATION
struct _PROCESS_BASIC_INFORMATION PROCESS_BASIC_INFORMATION
#define _SEH2_GetExceptionCode()
#define _SEH2_EXCEPT(...)
#define _SEH2_YIELD(__stmt)
NTSTATUS NTAPI PspQueryDescriptorThread(IN PETHREAD Thread, IN PVOID ThreadInformation, IN ULONG ThreadInformationLength, OUT PULONG ReturnLength OPTIONAL)
static __inline NTSTATUS ProbeAndCaptureUnicodeString(OUT PUNICODE_STRING Dest, IN KPROCESSOR_MODE CurrentMode, IN const UNICODE_STRING *UnsafeSrc)
static __inline VOID ReleaseCapturedUnicodeString(IN PUNICODE_STRING CapturedString, IN KPROCESSOR_MODE CurrentMode)
#define _WIN32_WINNT_WS03
#define STATUS_BUFFER_TOO_SMALL
STDMETHOD() Next(THIS_ ULONG celt, IAssociationElement *pElement, ULONG *pceltFetched) PURE
#define TLS_MINIMUM_AVAILABLE
EX_RUNDOWN_REF RundownProtect
PUNICODE_STRING ThreadName
struct _LIST_ENTRY * Flink
SIZE_T MaximumWorkingSetSize
RATE_QUOTA_LIMIT CpuRateLimit
SIZE_T MinimumWorkingSetSize
PVOID * TlsExpansionSlots
SIZE_T PeakWorkingSetSize
SIZE_T QuotaPagedPoolUsage
SIZE_T QuotaPeakPagedPoolUsage
SIZE_T QuotaPeakNonPagedPoolUsage
SIZE_T QuotaNonPagedPoolUsage
UCHAR NTAPI KeSetIdealProcessorThread(IN PKTHREAD Thread, IN UCHAR Processor)
LONG NTAPI KeSetBasePriorityThread(IN PKTHREAD Thread, IN LONG Increment)
KPRIORITY NTAPI KeSetPriorityThread(IN PKTHREAD Thread, IN KPRIORITY Priority)
KAFFINITY NTAPI KeSetAffinityThread(IN PKTHREAD Thread, IN KAFFINITY Affinity)
union _LARGE_INTEGER LARGE_INTEGER
#define RtlCopyMemory(Destination, Source, Length)
#define RtlZeroMemory(Destination, Length)
union _LARGE_INTEGER * PLARGE_INTEGER
#define CONTAINING_RECORD(address, type, field)
#define STATUS_ACCESS_DENIED
#define STATUS_INVALID_PARAMETER
#define STATUS_UNSUCCESSFUL
#define STATUS_INFO_LENGTH_MISMATCH
#define STATUS_INSUFFICIENT_RESOURCES
struct _LARGE_INTEGER::@2470 u
_In_ WDFREQUEST _In_ WDFFILEOBJECT FileObject
_In_ WDFINTERRUPT _In_ WDF_INTERRUPT_POLICY _In_ WDF_INTERRUPT_PRIORITY Priority
BOOLEAN HasPrivilege(IN PPRIVILEGE_SET Privilege)
struct _KERNEL_USER_TIMES KERNEL_USER_TIMES
@ ThreadActualGroupAffinity
@ ThreadStrongerBadHandleChecks
@ ThreadCpuAccountingInformation
@ ThreadWorkOnBehalfTicket
@ ThreadEffectiveIoPriority
@ ThreadCreateStateChange
@ ThreadSystemThreadInformation
@ ThreadManageWritesToExecutableMemory
@ ThreadDynamicCodePolicyInfo
@ ThreadExplicitCaseSensitivity
@ ThreadPowerThrottlingState
@ ThreadHeterogeneousCpuPolicy
@ ThreadEffectivePagePriority
@ ThreadDbgkWerReportActive
@ ThreadSubsystemInformation
struct _KERNEL_USER_TIMES * PKERNEL_USER_TIMES
@ ProcessLUIDDeviceMapsEnabled
@ ProcessMemoryAllocationMode
@ ProcessConsoleHostProcess
@ ProcessSessionInformation
@ ProcessWorkingSetWatchEx
@ ProcessInstrumentationCallback
@ ProcessImageFileMapping
@ ProcessImageInformation
@ ProcessPooledUsageAndLimits
@ ProcessImageFileNameWin32
@ ProcessDefaultHardErrorMode
@ ProcessAffinityUpdateMode
@ ProcessEnableAlignmentFaultFixup
@ ProcessThreadStackAllocation
@ ProcessForegroundInformation
@ ProcessWindowInformation
@ ProcessDebugObjectHandle
@ ProcessGroupInformation
struct _VM_COUNTERS * PVM_COUNTERS
struct _VM_COUNTERS_EX VM_COUNTERS_EX
_Must_inspect_result_ _In_ ULONG Flags
_In_opt_ PVOID _Out_ PLARGE_INTEGER Cookie
_In_ ULONG _In_ ULONG _In_ ULONG _Out_ PKIRQL _Out_ PKAFFINITY Affinity
_Requires_lock_held_ Interrupt _Releases_lock_ Interrupt _In_ _IRQL_restores_ KIRQL OldIrql
#define ObDereferenceObject
#define ObReferenceObject
#define PsGetCurrentProcess
1.9.6