ReactOS  0.4.14-dev-593-g1793dcc
ketypes.h
Go to the documentation of this file.
1 /*++ NDK Version: 0098
2 
3 Copyright (c) Alex Ionescu. All rights reserved.
4 
5 Header Name:
6 
7  ketypes.h
8 
9 Abstract:
10 
11  Type definitions for the Kernel services.
12 
13 Author:
14 
15  Alex Ionescu (alexi@tinykrnl.org) - Updated - 27-Feb-2006
16 
17 --*/
18 
19 #ifndef _KETYPES_H
20 #define _KETYPES_H
21 
22 //
23 // Dependencies
24 //
25 #include <umtypes.h>
26 #ifndef NTOS_MODE_USER
27 #include <haltypes.h>
28 #include <potypes.h>
29 #include <ifssupp.h>
30 #endif
31 
32 //
33 // A system call ID is formatted as such:
34 // .________________________________________________________________.
35 // | 14 | 13 | 12 | 11 | 10 | 9 | 8 | 7 | 6 | 5 | 4 | 3 | 2 | 1 | 0 |
36 // |--------------|-------------------------------------------------|
37 // | TABLE NUMBER | TABLE OFFSET |
38 // \----------------------------------------------------------------/
39 //
40 // The table number is then used as an index into the service descriptor table.
41 #define TABLE_NUMBER_BITS 1
42 #define TABLE_OFFSET_BITS 12
43 
44 //
45 // There are 2 tables (kernel and shadow, used by Win32K)
46 //
47 #define NUMBER_SERVICE_TABLES 2
48 #define NTOS_SERVICE_INDEX 0
49 #define WIN32K_SERVICE_INDEX 1
50 
51 //
52 // NB. From assembly code, the table number must be computed as an offset into
53 // the service descriptor table.
54 //
55 // Each entry into the table is 16 bytes long on 32-bit architectures, and
56 // 32 bytes long on 64-bit architectures.
57 //
58 // Thus, Table Number 1 is offset 16 (0x10) on x86, and offset 32 (0x20) on
59 // x64.
60 //
61 #ifdef _WIN64
62 #define BITS_PER_ENTRY 5 // (1 << 5) = 32 bytes
63 #else
64 #define BITS_PER_ENTRY 4 // (1 << 4) = 16 bytes
65 #endif
66 
67 //
68 // We want the table number, but leave some extra bits to we can have the offset
69 // into the descriptor table.
70 //
71 #define SERVICE_TABLE_SHIFT (12 - BITS_PER_ENTRY)
72 
73 //
74 // Now the table number (as an offset) is corrupted with part of the table offset
75 // This mask will remove the extra unwanted bits, and give us the offset into the
76 // descriptor table proper.
77 //
78 #define SERVICE_TABLE_MASK (((1 << TABLE_NUMBER_BITS) - 1) << BITS_PER_ENTRY)
79 
80 //
81 // To get the table offset (ie: the service call number), just keep the 12 bits
82 //
83 #define SERVICE_NUMBER_MASK ((1 << TABLE_OFFSET_BITS) - 1)
84 
85 //
86 // We'll often need to check if this is a graphics call. This is done by comparing
87 // the table number offset with the known Win32K table number offset.
88 // This is usually index 1, so table number offset 0x10 (x86) or 0x20 (x64)
89 //
90 #define SERVICE_TABLE_TEST (WIN32K_SERVICE_INDEX << BITS_PER_ENTRY)
91 
92 //
93 // Context Record Flags
94 //
95 #define CONTEXT_DEBUGGER (CONTEXT_FULL | CONTEXT_FLOATING_POINT)
96 
97 //
98 // Maximum System Descriptor Table Entries
99 //
100 #define SSDT_MAX_ENTRIES 2
101 
102 //
103 // Processor Architectures
104 //
105 #define PROCESSOR_ARCHITECTURE_INTEL 0
106 #define PROCESSOR_ARCHITECTURE_MIPS 1
107 #define PROCESSOR_ARCHITECTURE_ALPHA 2
108 #define PROCESSOR_ARCHITECTURE_PPC 3
109 #define PROCESSOR_ARCHITECTURE_SHX 4
110 #define PROCESSOR_ARCHITECTURE_ARM 5
111 #define PROCESSOR_ARCHITECTURE_IA64 6
112 #define PROCESSOR_ARCHITECTURE_ALPHA64 7
113 #define PROCESSOR_ARCHITECTURE_MSIL 8
114 #define PROCESSOR_ARCHITECTURE_AMD64 9
115 #define PROCESSOR_ARCHITECTURE_UNKNOWN 0xFFFF
116 
117 //
118 // Object Type Mask for Kernel Dispatcher Objects
119 //
120 #define KOBJECT_TYPE_MASK 0x7F
121 #define KOBJECT_LOCK_BIT 0x80
122 
123 //
124 // Dispatcher Priority increments
125 //
126 #define THREAD_ALERT_INCREMENT 2
127 
128 //
129 // Physical memory offset of KUSER_SHARED_DATA
130 //
131 #define KI_USER_SHARED_DATA_PHYSICAL 0x41000
132 
133 //
134 // Quantum values and decrements
135 //
136 #define MAX_QUANTUM 0x7F
137 #define WAIT_QUANTUM_DECREMENT 1
138 #define CLOCK_QUANTUM_DECREMENT 3
139 
140 //
141 // Kernel Feature Bits
142 //
143 #define KF_V86_VIS 0x00000001
144 #define KF_RDTSC 0x00000002
145 #define KF_CR4 0x00000004
146 #define KF_CMOV 0x00000008
147 #define KF_GLOBAL_PAGE 0x00000010
148 #define KF_LARGE_PAGE 0x00000020
149 #define KF_MTRR 0x00000040
150 #define KF_CMPXCHG8B 0x00000080
151 #define KF_MMX 0x00000100
152 #define KF_WORKING_PTE 0x00000200
153 #define KF_PAT 0x00000400
154 #define KF_FXSR 0x00000800
155 #define KF_FAST_SYSCALL 0x00001000
156 #define KF_XMMI 0x00002000
157 #define KF_3DNOW 0x00004000
158 #define KF_AMDK6MTRR 0x00008000
159 #define KF_XMMI64 0x00010000
160 #define KF_DTS 0x00020000
161 #define KF_BRANCH 0x00020000 // from ksamd64.inc
162 #define KF_SSE3 0x00080000
163 #define KF_CMPXCHG16B 0x00100000
164 #define KF_XSTATE 0x00800000 // from ks386.inc, ksamd64.inc
165 #define KF_NX_BIT 0x20000000
166 #define KF_NX_DISABLED 0x40000000
167 #define KF_NX_ENABLED 0x80000000
168 
169 #define KF_XSAVEOPT_BIT 15
170 #define KF_XSTATE_BIT 23
171 #define KF_RDWRFSGSBASE_BIT 28
172 
173 //
174 // Internal Exception Codes
175 //
176 #define KI_EXCEPTION_INTERNAL 0x10000000
177 #define KI_EXCEPTION_ACCESS_VIOLATION (KI_EXCEPTION_INTERNAL | 0x04)
178 
179 typedef struct _FIBER /* Field offsets: */
180 { /* i386 arm x64 */
181  PVOID FiberData; /* 0x000 0x000 0x000 */
182  struct _EXCEPTION_REGISTRATION_RECORD *ExceptionList;/* 0x004 0x004 0x008 */
183  PVOID StackBase; /* 0x008 0x008 0x010 */
184  PVOID StackLimit; /* 0x00C 0x00C 0x018 */
185  PVOID DeallocationStack; /* 0x010 0x010 0x020 */
186  CONTEXT FiberContext; /* 0x014 0x018 0x030 */
187 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
188  PVOID Wx86Tib; /* 0x2E0 0x1b8 0x500 */
189  struct _ACTIVATION_CONTEXT_STACK *ActivationContextStackPointer; /* 0x2E4 0x1bc 0x508 */
190  PVOID FlsData; /* 0x2E8 0x1c0 0x510 */
191  ULONG GuaranteedStackBytes; /* 0x2EC 0x1c4 0x518 */
192  ULONG TebFlags; /* 0x2F0 0x1c8 0x51C */
193 #else
194  ULONG GuaranteedStackBytes; /* 0x2E0 */
195  PVOID FlsData; /* 0x2E4 */
196  struct _ACTIVATION_CONTEXT_STACK *ActivationContextStackPointer;
197 #endif
198 } FIBER, *PFIBER;
199 
200 #ifndef NTOS_MODE_USER
201 //
202 // Number of dispatch codes supported by KINTERRUPT
203 //
204 #ifdef _M_AMD64
205 #define DISPATCH_LENGTH 4
206 #elif (NTDDI_VERSION >= NTDDI_LONGHORN)
207 #define DISPATCH_LENGTH 135
208 #else
209 #define DISPATCH_LENGTH 106
210 #endif
211 
212 #else
213 
214 //
215 // KPROCESSOR_MODE Type
216 //
217 typedef CCHAR KPROCESSOR_MODE;
218 
219 //
220 // Dereferencable pointer to KUSER_SHARED_DATA in User-Mode
221 //
222 #define SharedUserData ((KUSER_SHARED_DATA *)USER_SHARED_DATA)
223 
224 //
225 // Maximum WOW64 Entries in KUSER_SHARED_DATA
226 //
227 #define MAX_WOW64_SHARED_ENTRIES 16
228 
229 //
230 // Maximum Processor Features supported in KUSER_SHARED_DATA
231 //
232 #define PROCESSOR_FEATURE_MAX 64
233 
234 //
235 // Event Types
236 //
237 typedef enum _EVENT_TYPE
238 {
239  NotificationEvent,
240  SynchronizationEvent
241 } EVENT_TYPE;
242 
243 //
244 // Timer Types
245 //
246 typedef enum _TIMER_TYPE
247 {
248  NotificationTimer,
249  SynchronizationTimer
250 } TIMER_TYPE;
251 
252 //
253 // Wait Types
254 //
255 typedef enum _WAIT_TYPE
256 {
257  WaitAll,
258  WaitAny
259 } WAIT_TYPE;
260 
261 //
262 // Processor Execution Modes
263 //
264 typedef enum _MODE
265 {
266  KernelMode,
267  UserMode,
268  MaximumMode
269 } MODE;
270 
271 //
272 // Wait Reasons
273 //
274 typedef enum _KWAIT_REASON
275 {
276  Executive,
277  FreePage,
278  PageIn,
279  PoolAllocation,
280  DelayExecution,
281  Suspended,
282  UserRequest,
283  WrExecutive,
284  WrFreePage,
285  WrPageIn,
286  WrPoolAllocation,
287  WrDelayExecution,
288  WrSuspended,
289  WrUserRequest,
290  WrEventPair,
291  WrQueue,
292  WrLpcReceive,
293  WrLpcReply,
294  WrVirtualMemory,
295  WrPageOut,
296  WrRendezvous,
297  Spare2,
298  WrGuardedMutex,
299  Spare4,
300  Spare5,
301  Spare6,
302  WrKernel,
303  WrResource,
304  WrPushLock,
305  WrMutex,
306  WrQuantumEnd,
307  WrDispatchInt,
308  WrPreempted,
309  WrYieldExecution,
310  MaximumWaitReason
311 } KWAIT_REASON;
312 
313 //
314 // Profiling Sources
315 //
316 typedef enum _KPROFILE_SOURCE
317 {
318  ProfileTime,
319  ProfileAlignmentFixup,
320  ProfileTotalIssues,
321  ProfilePipelineDry,
322  ProfileLoadInstructions,
323  ProfilePipelineFrozen,
324  ProfileBranchInstructions,
325  ProfileTotalNonissues,
326  ProfileDcacheMisses,
327  ProfileIcacheMisses,
328  ProfileCacheMisses,
329  ProfileBranchMispredictions,
330  ProfileStoreInstructions,
331  ProfileFpInstructions,
332  ProfileIntegerInstructions,
333  Profile2Issue,
334  Profile3Issue,
335  Profile4Issue,
336  ProfileSpecialInstructions,
337  ProfileTotalCycles,
338  ProfileIcacheIssues,
339  ProfileDcacheAccesses,
340  ProfileMemoryBarrierCycles,
341  ProfileLoadLinkedIssues,
342  ProfileMaximum
343 } KPROFILE_SOURCE;
344 
345 //
346 // NT Product and Architecture Types
347 //
348 typedef enum _NT_PRODUCT_TYPE
349 {
350  NtProductWinNt = 1,
351  NtProductLanManNt,
352  NtProductServer
353 } NT_PRODUCT_TYPE, *PNT_PRODUCT_TYPE;
354 
355 typedef enum _ALTERNATIVE_ARCHITECTURE_TYPE
356 {
357  StandardDesign,
358  NEC98x86,
359  EndAlternatives
360 } ALTERNATIVE_ARCHITECTURE_TYPE;
361 
362 #endif
363 
364 //
365 // Thread States
366 //
367 typedef enum _KTHREAD_STATE
368 {
369  Initialized,
370  Ready,
371  Running,
372  Standby,
373  Terminated,
374  Waiting,
375  Transition,
376  DeferredReady,
377 #if (NTDDI_VERSION >= NTDDI_WS03)
378  GateWait
379 #endif
380 } KTHREAD_STATE, *PKTHREAD_STATE;
381 
382 //
383 // Kernel Object Types
384 //
385 typedef enum _KOBJECTS
386 {
387  EventNotificationObject = 0,
388  EventSynchronizationObject = 1,
389  MutantObject = 2,
390  ProcessObject = 3,
391  QueueObject = 4,
392  SemaphoreObject = 5,
393  ThreadObject = 6,
394  GateObject = 7,
395  TimerNotificationObject = 8,
396  TimerSynchronizationObject = 9,
397  Spare2Object = 10,
398  Spare3Object = 11,
399  Spare4Object = 12,
400  Spare5Object = 13,
401  Spare6Object = 14,
402  Spare7Object = 15,
403  Spare8Object = 16,
404  Spare9Object = 17,
405  ApcObject = 18,
406  DpcObject = 19,
407  DeviceQueueObject = 20,
408  EventPairObject = 21,
409  InterruptObject = 22,
410  ProfileObject = 23,
411  ThreadedDpcObject = 24,
412  MaximumKernelObject = 25
413 } KOBJECTS;
414 
415 //
416 // Adjust reasons
417 //
418 typedef enum _ADJUST_REASON
419 {
420  AdjustNone = 0,
421  AdjustUnwait = 1,
422  AdjustBoost = 2
423 } ADJUST_REASON;
424 
425 //
426 // Continue Status
427 //
428 typedef enum _KCONTINUE_STATUS
429 {
430  ContinueError = 0,
431  ContinueSuccess,
432  ContinueProcessorReselected,
433  ContinueNextProcessor
434 } KCONTINUE_STATUS;
435 
436 //
437 // Process States
438 //
439 typedef enum _KPROCESS_STATE
440 {
441  ProcessInMemory,
442  ProcessOutOfMemory,
443  ProcessInTransition,
444  ProcessInSwap,
445  ProcessOutSwap,
446 } KPROCESS_STATE, *PKPROCESS_STATE;
447 
448 //
449 // NtVdmControl Classes
450 //
451 typedef enum _VDMSERVICECLASS
452 {
453  VdmStartExecution = 0,
454  VdmQueueInterrupt = 1,
455  VdmDelayInterrupt = 2,
456  VdmInitialize = 3,
457  VdmFeatures = 4,
458  VdmSetInt21Handler = 5,
459  VdmQueryDir = 6,
460  VdmPrinterDirectIoOpen = 7,
461  VdmPrinterDirectIoClose = 8,
462  VdmPrinterInitialize = 9,
463  VdmSetLdtEntries = 10,
464  VdmSetProcessLdtInfo = 11,
465  VdmAdlibEmulation = 12,
466  VdmPMCliControl = 13,
467  VdmQueryVdmProcess = 14,
468 } VDMSERVICECLASS;
469 
470 #ifdef NTOS_MODE_USER
471 
472 //
473 // APC Normal Routine
474 //
475 typedef VOID
476 (NTAPI *PKNORMAL_ROUTINE)(
477  _In_ PVOID NormalContext,
478  _In_ PVOID SystemArgument1,
479  _In_ PVOID SystemArgument2
480 );
481 
482 //
483 // Timer Routine
484 //
485 typedef VOID
486 (NTAPI *PTIMER_APC_ROUTINE)(
487  _In_ PVOID TimerContext,
488  _In_ ULONG TimerLowValue,
489  _In_ LONG TimerHighValue
490 );
491 
492 //
493 // System Time Structure
494 //
495 typedef struct _KSYSTEM_TIME
496 {
497  ULONG LowPart;
498  LONG High1Time;
499  LONG High2Time;
500 } KSYSTEM_TIME, *PKSYSTEM_TIME;
501 
502 //
503 // Shared Kernel User Data
504 //
505 typedef struct _KUSER_SHARED_DATA
506 {
507  ULONG TickCountLowDeprecated;
508  ULONG TickCountMultiplier;
509  volatile KSYSTEM_TIME InterruptTime;
510  volatile KSYSTEM_TIME SystemTime;
511  volatile KSYSTEM_TIME TimeZoneBias;
512  USHORT ImageNumberLow;
513  USHORT ImageNumberHigh;
514  WCHAR NtSystemRoot[260];
515  ULONG MaxStackTraceDepth;
516  ULONG CryptoExponent;
517  ULONG TimeZoneId;
518  ULONG LargePageMinimum;
519  ULONG Reserved2[7];
520  NT_PRODUCT_TYPE NtProductType;
521  BOOLEAN ProductTypeIsValid;
522  ULONG NtMajorVersion;
523  ULONG NtMinorVersion;
524  BOOLEAN ProcessorFeatures[PROCESSOR_FEATURE_MAX];
525  ULONG Reserved1;
526  ULONG Reserved3;
527  volatile ULONG TimeSlip;
528  ALTERNATIVE_ARCHITECTURE_TYPE AlternativeArchitecture;
529  LARGE_INTEGER SystemExpirationDate;
530  ULONG SuiteMask;
531  BOOLEAN KdDebuggerEnabled;
532 #if (NTDDI_VERSION >= NTDDI_WINXPSP2)
533  UCHAR NXSupportPolicy;
534 #endif
535  volatile ULONG ActiveConsoleId;
536  volatile ULONG DismountCount;
537  ULONG ComPlusPackage;
538  ULONG LastSystemRITEventTickCount;
539  ULONG NumberOfPhysicalPages;
540  BOOLEAN SafeBootMode;
541  ULONG TraceLogging;
542  ULONG Fill0;
543  ULONGLONG TestRetInstruction;
544  ULONG SystemCall;
545  ULONG SystemCallReturn;
546  ULONGLONG SystemCallPad[3];
547  union {
548  volatile KSYSTEM_TIME TickCount;
549  volatile ULONG64 TickCountQuad;
550  };
551  ULONG Cookie;
552 #if (NTDDI_VERSION >= NTDDI_WS03)
553  LONGLONG ConsoleSessionForegroundProcessId;
554  ULONG Wow64SharedInformation[MAX_WOW64_SHARED_ENTRIES];
555 #endif
556 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
557  USHORT UserModeGlobalLogger[8];
558  ULONG HeapTracingPid[2];
559  ULONG CritSecTracingPid[2];
560  union
561  {
562  ULONG SharedDataFlags;
563  struct
564  {
565  ULONG DbgErrorPortPresent:1;
566  ULONG DbgElevationEnabled:1;
567  ULONG DbgVirtEnabled:1;
568  ULONG DbgInstallerDetectEnabled:1;
569  ULONG SpareBits:28;
570  };
571  };
572  ULONG ImageFileExecutionOptions;
573  KAFFINITY ActiveProcessorAffinity;
574 #endif
575 } KUSER_SHARED_DATA, *PKUSER_SHARED_DATA;
576 
577 //
578 // VDM Structures
579 //
580 #include "pshpack1.h"
581 typedef struct _VdmVirtualIca
582 {
583  LONG ica_count[8];
584  LONG ica_int_line;
585  LONG ica_cpu_int;
586  USHORT ica_base;
587  USHORT ica_hipiri;
588  USHORT ica_mode;
589  UCHAR ica_master;
590  UCHAR ica_irr;
591  UCHAR ica_isr;
592  UCHAR ica_imr;
593  UCHAR ica_ssr;
594 } VDMVIRTUALICA, *PVDMVIRTUALICA;
595 #include "poppack.h"
596 
597 typedef struct _VdmIcaUserData
598 {
599  PVOID pIcaLock;
600  PVDMVIRTUALICA pIcaMaster;
601  PVDMVIRTUALICA pIcaSlave;
602  PULONG pDelayIrq;
603  PULONG pUndelayIrq;
604  PULONG pDelayIret;
605  PULONG pIretHooked;
606  PULONG pAddrIretBopTable;
607  PHANDLE phWowIdleEvent;
608  PLARGE_INTEGER pIcaTimeout;
609  PHANDLE phMainThreadSuspended;
610 } VDMICAUSERDATA, *PVDMICAUSERDATA;
611 
612 typedef struct _VDM_INITIALIZE_DATA
613 {
614  PVOID TrapcHandler;
615  PVDMICAUSERDATA IcaUserData;
616 } VDM_INITIALIZE_DATA, *PVDM_INITIALIZE_DATA;
617 
618 #else
619 
620 //
621 // System Thread Start Routine
622 //
623 typedef
624 VOID
625 (NTAPI *PKSYSTEM_ROUTINE)(
626  PKSTART_ROUTINE StartRoutine,
627  PVOID StartContext
628 );
629 
630 #ifndef _NTSYSTEM_
631 typedef VOID
632 (NTAPI *PKNORMAL_ROUTINE)(
633  IN PVOID NormalContext OPTIONAL,
634  IN PVOID SystemArgument1 OPTIONAL,
635  IN PVOID SystemArgument2 OPTIONAL);
636 
637 typedef VOID
638 (NTAPI *PKRUNDOWN_ROUTINE)(
639  IN struct _KAPC *Apc);
640 
641 typedef VOID
642 (NTAPI *PKKERNEL_ROUTINE)(
643  IN struct _KAPC *Apc,
644  IN OUT PKNORMAL_ROUTINE *NormalRoutine OPTIONAL,
645  IN OUT PVOID *NormalContext OPTIONAL,
646  IN OUT PVOID *SystemArgument1 OPTIONAL,
647  IN OUT PVOID *SystemArgument2 OPTIONAL);
648 #endif
649 
650 //
651 // APC Environment Types
652 //
653 typedef enum _KAPC_ENVIRONMENT
654 {
655  OriginalApcEnvironment,
656  AttachedApcEnvironment,
657  CurrentApcEnvironment,
658  InsertApcEnvironment
659 } KAPC_ENVIRONMENT;
660 
661 typedef struct _KTIMER_TABLE_ENTRY
662 {
663 #if (NTDDI_VERSION >= NTDDI_LONGHORN) || defined(_M_ARM) || defined(_M_AMD64)
664  KSPIN_LOCK Lock;
665 #endif
666  LIST_ENTRY Entry;
667  ULARGE_INTEGER Time;
668 } KTIMER_TABLE_ENTRY, *PKTIMER_TABLE_ENTRY;
669 
670 typedef struct _KTIMER_TABLE
671 {
672  PKTIMER TimerExpiry[64];
673  KTIMER_TABLE_ENTRY TimerEntries[256];
674 } KTIMER_TABLE, *PKTIMER_TABLE;
675 
676 typedef struct _KDPC_LIST
677 {
678  SINGLE_LIST_ENTRY ListHead;
679  SINGLE_LIST_ENTRY* LastEntry;
680 } KDPC_LIST, *PKDPC_LIST;
681 
682 typedef struct _SYNCH_COUNTERS
683 {
684  ULONG SpinLockAcquireCount;
685  ULONG SpinLockContentionCount;
686  ULONG SpinLockSpinCount;
687  ULONG IpiSendRequestBroadcastCount;
688  ULONG IpiSendRequestRoutineCount;
689  ULONG IpiSendSoftwareInterruptCount;
690  ULONG ExInitializeResourceCount;
691  ULONG ExReInitializeResourceCount;
692  ULONG ExDeleteResourceCount;
693  ULONG ExecutiveResourceAcquiresCount;
694  ULONG ExecutiveResourceContentionsCount;
695  ULONG ExecutiveResourceReleaseExclusiveCount;
696  ULONG ExecutiveResourceReleaseSharedCount;
697  ULONG ExecutiveResourceConvertsCount;
698  ULONG ExAcqResExclusiveAttempts;
699  ULONG ExAcqResExclusiveAcquiresExclusive;
700  ULONG ExAcqResExclusiveAcquiresExclusiveRecursive;
701  ULONG ExAcqResExclusiveWaits;
702  ULONG ExAcqResExclusiveNotAcquires;
703  ULONG ExAcqResSharedAttempts;
704  ULONG ExAcqResSharedAcquiresExclusive;
705  ULONG ExAcqResSharedAcquiresShared;
706  ULONG ExAcqResSharedAcquiresSharedRecursive;
707  ULONG ExAcqResSharedWaits;
708  ULONG ExAcqResSharedNotAcquires;
709  ULONG ExAcqResSharedStarveExclusiveAttempts;
710  ULONG ExAcqResSharedStarveExclusiveAcquiresExclusive;
711  ULONG ExAcqResSharedStarveExclusiveAcquiresShared;
712  ULONG ExAcqResSharedStarveExclusiveAcquiresSharedRecursive;
713  ULONG ExAcqResSharedStarveExclusiveWaits;
714  ULONG ExAcqResSharedStarveExclusiveNotAcquires;
715  ULONG ExAcqResSharedWaitForExclusiveAttempts;
716  ULONG ExAcqResSharedWaitForExclusiveAcquiresExclusive;
717  ULONG ExAcqResSharedWaitForExclusiveAcquiresShared;
718  ULONG ExAcqResSharedWaitForExclusiveAcquiresSharedRecursive;
719  ULONG ExAcqResSharedWaitForExclusiveWaits;
720  ULONG ExAcqResSharedWaitForExclusiveNotAcquires;
721  ULONG ExSetResOwnerPointerExclusive;
722  ULONG ExSetResOwnerPointerSharedNew;
723  ULONG ExSetResOwnerPointerSharedOld;
724  ULONG ExTryToAcqExclusiveAttempts;
725  ULONG ExTryToAcqExclusiveAcquires;
726  ULONG ExBoostExclusiveOwner;
727  ULONG ExBoostSharedOwners;
728  ULONG ExEtwSynchTrackingNotificationsCount;
729  ULONG ExEtwSynchTrackingNotificationsAccountedCount;
730 } SYNCH_COUNTERS, *PSYNCH_COUNTERS;
731 
732 //
733 // PRCB DPC Data
734 //
735 typedef struct _KDPC_DATA
736 {
737 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
738  KDPC_LIST DpcList;
739 #else
740  LIST_ENTRY DpcListHead;
741 #endif
742  ULONG_PTR DpcLock;
743 #if defined(_M_AMD64) || defined(_M_ARM)
744  volatile LONG DpcQueueDepth;
745 #else
746  volatile ULONG DpcQueueDepth;
747 #endif
748  ULONG DpcCount;
749 #if (NTDDI_VERSION >= NTDDI_LONGHORN) || defined(_M_ARM)
750  PKDPC ActiveDpc;
751 #endif
752 } KDPC_DATA, *PKDPC_DATA;
753 
754 //
755 // Per-Processor Lookaside List
756 //
757 typedef struct _PP_LOOKASIDE_LIST
758 {
759  struct _GENERAL_LOOKASIDE *P;
760  struct _GENERAL_LOOKASIDE *L;
761 } PP_LOOKASIDE_LIST, *PPP_LOOKASIDE_LIST;
762 
763 //
764 // Architectural Types
765 //
766 #include <arch/ketypes.h>
767 
768 //
769 // Kernel Memory Node
770 //
771 #include <pshpack1.h>
772 typedef struct _KNODE
773 {
774  SLIST_HEADER DeadStackList;
775  SLIST_HEADER PfnDereferenceSListHead;
776  KAFFINITY ProcessorMask;
777  UCHAR Color;
778  UCHAR Seed;
779  UCHAR NodeNumber;
780  struct _flags {
781  UCHAR Removable : 1;
782  UCHAR Fill : 7;
783  } Flags;
784  ULONG MmShiftedColor;
785  ULONG FreeCount[2];
786  struct _SINGLE_LIST_ENTRY *PfnDeferredList;
787 } KNODE, *PKNODE;
788 #include <poppack.h>
789 
790 //
791 // Structure for Get/SetContext APC
792 //
793 typedef struct _GETSETCONTEXT
794 {
795  KAPC Apc;
796  KEVENT Event;
797  KPROCESSOR_MODE Mode;
798  CONTEXT Context;
799 } GETSETCONTEXT, *PGETSETCONTEXT;
800 
801 //
802 // Kernel Profile Object
803 //
804 typedef struct _KPROFILE
805 {
806  CSHORT Type;
807  CSHORT Size;
808  LIST_ENTRY ProfileListEntry;
809  struct _KPROCESS *Process;
810  PVOID RangeBase;
811  PVOID RangeLimit;
812  ULONG BucketShift;
813  PVOID Buffer;
814  ULONG_PTR Segment;
815  KAFFINITY Affinity;
816  KPROFILE_SOURCE Source;
817  BOOLEAN Started;
818 } KPROFILE, *PKPROFILE;
819 
820 //
821 // Kernel Interrupt Object
822 //
823 typedef struct _KINTERRUPT
824 {
825  CSHORT Type;
826  CSHORT Size;
827  LIST_ENTRY InterruptListEntry;
828  PKSERVICE_ROUTINE ServiceRoutine;
829 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
830  PKSERVICE_ROUTINE MessageServiceRoutine;
831  ULONG MessageIndex;
832 #endif
833  PVOID ServiceContext;
834  KSPIN_LOCK SpinLock;
835  ULONG TickCount;
836  PKSPIN_LOCK ActualLock;
837  PKINTERRUPT_ROUTINE DispatchAddress;
838  ULONG Vector;
839  KIRQL Irql;
840  KIRQL SynchronizeIrql;
841  BOOLEAN FloatingSave;
842  BOOLEAN Connected;
843  CCHAR Number;
844  BOOLEAN ShareVector;
845  KINTERRUPT_MODE Mode;
846 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
847  KINTERRUPT_POLARITY Polarity;
848 #endif
849  ULONG ServiceCount;
850  ULONG DispatchCount;
851 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
852  ULONGLONG Rsvd1;
853 #endif
854 #ifdef _M_AMD64
855  PKTRAP_FRAME TrapFrame;
856  PVOID Reserved;
857 #endif
858  ULONG DispatchCode[DISPATCH_LENGTH];
859 } KINTERRUPT;
860 
861 //
862 // Kernel Event Pair Object
863 //
864 typedef struct _KEVENT_PAIR
865 {
866  CSHORT Type;
867  CSHORT Size;
868  KEVENT LowEvent;
869  KEVENT HighEvent;
870 } KEVENT_PAIR, *PKEVENT_PAIR;
871 
872 //
873 // Kernel No Execute Options
874 //
875 typedef struct _KEXECUTE_OPTIONS
876 {
877  UCHAR ExecuteDisable:1;
878  UCHAR ExecuteEnable:1;
879  UCHAR DisableThunkEmulation:1;
880  UCHAR Permanent:1;
881  UCHAR ExecuteDispatchEnable:1;
882  UCHAR ImageDispatchEnable:1;
883  UCHAR Spare:2;
884 } KEXECUTE_OPTIONS, *PKEXECUTE_OPTIONS;
885 
886 #if (NTDDI_VERSION >= NTDDI_WIN7)
887 typedef union _KWAIT_STATUS_REGISTER
888 {
889  UCHAR Flags;
890  struct
891  {
892  UCHAR State:2;
893  UCHAR Affinity:1;
894  UCHAR Priority:1;
895  UCHAR Apc:1;
896  UCHAR UserApc:1;
897  UCHAR Alert:1;
898  UCHAR Unused:1;
899  };
900 } KWAIT_STATUS_REGISTER, *PKWAIT_STATUS_REGISTER;
901 
902 typedef struct _COUNTER_READING
903 {
904  enum _HARDWARE_COUNTER_TYPE Type;
905  ULONG Index;
906  ULONG64 Start;
907  ULONG64 Total;
908 }COUNTER_READING, *PCOUNTER_READING;
909 
910 typedef struct _KTHREAD_COUNTERS
911 {
912  ULONG64 WaitReasonBitMap;
913  struct _THREAD_PERFORMANCE_DATA* UserData;
914  ULONG Flags;
915  ULONG ContextSwitches;
916  ULONG64 CycleTimeBias;
917  ULONG64 HardwareCounters;
918  COUNTER_READING HwCounter[16];
919 }KTHREAD_COUNTERS, *PKTHREAD_COUNTERS;
920 #endif
921 
923 #if (NTDDI_VERSION >= NTDDI_WIN8)
924 typedef struct _RTL_RB_TREE
925 {
926  PRTL_BALANCED_NODE Root;
927  PRTL_BALANCED_NODE Min;
928 } RTL_RB_TREE, *PRTL_RB_TREE;
929 #endif
930 
931 #if (NTDDI_VERSION >= NTDDI_WINBLUE)
932 typedef struct _KLOCK_ENTRY_LOCK_STATE
933 {
934  union
935  {
936  struct
937  {
938 #if (NTDDI_VERSION >= NTDDI_WIN10) // since 6.4.9841.0
939  ULONG_PTR CrossThreadReleasable : 1;
940 #else
941  ULONG_PTR Waiting : 1;
942 #endif
943  ULONG_PTR Busy : 1;
944  ULONG_PTR Reserved : (8 * sizeof(PVOID)) - 3; // previously Spare
945  ULONG_PTR InTree : 1;
946  };
947  PVOID LockState;
948  };
949  union
950  {
951  PVOID SessionState;
952  struct
953  {
954  ULONG SessionId;
955 #ifdef _WIN64
956  ULONG SessionPad;
957 #endif
958  };
959  };
960 } KLOCK_ENTRY_LOCK_STATE, *PKLOCK_ENTRY_LOCK_STATE;
961 
962 typedef struct _KLOCK_ENTRY
963 {
964  union
965  {
966  RTL_BALANCED_NODE TreeNode;
967  SINGLE_LIST_ENTRY FreeListEntry;
968  };
969 #if (NTDDI_VERSION >= NTDDI_WIN10)
970  union
971  {
972  ULONG EntryFlags;
973  struct
974  {
975  UCHAR EntryOffset;
976  union
977  {
978  UCHAR ThreadLocalFlags;
979  struct
980  {
981  UCHAR WaitingBit : 1;
982  UCHAR Spare0 : 7;
983  };
984  };
985  union
986  {
987  UCHAR AcquiredByte;
988  UCHAR AcquiredBit : 1;
989  };
990  union
991  {
992  UCHAR CrossThreadFlags;
993  struct
994  {
995  UCHAR HeadNodeBit : 1;
996  UCHAR IoPriorityBit : 1;
997  UCHAR IoQoSWaiter : 1; // since TH2
998  UCHAR Spare1 : 5;
999  };
1000  };
1001  };
1002  struct
1003  {
1004  ULONG StaticState : 8;
1005  ULONG AllFlags : 24;
1006  };
1007  };
1008 #ifdef _WIN64
1009  ULONG SpareFlags;
1010 #endif
1011 #else
1012  union
1013  {
1014  PVOID ThreadUnsafe;
1015  struct
1016  {
1017  volatile UCHAR HeadNodeByte;
1018  UCHAR Reserved1[2];
1019  volatile UCHAR AcquiredByte;
1020  };
1021  };
1022 #endif
1023 
1024  union
1025  {
1026  KLOCK_ENTRY_LOCK_STATE LockState;
1027  PVOID LockUnsafe;
1028  struct
1029  {
1030 #if (NTDDI_VERSION >= NTDDI_WIN10)
1031  volatile UCHAR CrossThreadReleasableAndBusyByte;
1032 #else
1033  volatile UCHAR WaitingAndBusyByte;
1034 #endif
1035  UCHAR Reserved[sizeof(PVOID) - 2];
1036  UCHAR InTreeByte;
1037  union
1038  {
1039  PVOID SessionState;
1040  struct
1041  {
1042  ULONG SessionId;
1043 #ifdef _WIN64
1044  ULONG SessionPad;
1045 #endif
1046  };
1047  };
1048  };
1049  };
1050  union
1051  {
1052  struct
1053  {
1054  RTL_RB_TREE OwnerTree;
1055  RTL_RB_TREE WaiterTree;
1056  };
1057  CHAR CpuPriorityKey;
1058  };
1059  ULONG_PTR EntryLock;
1060  union
1061  {
1062 #if _WIN64
1063  ULONG AllBoosts : 17;
1064 #else
1065  USHORT AllBoosts;
1066 #endif
1067  struct
1068  {
1069  struct
1070  {
1071  USHORT CpuBoostsBitmap : 15;
1072  USHORT IoBoost : 1;
1073  };
1074  struct
1075  {
1076  USHORT IoQoSBoost : 1;
1077  USHORT IoNormalPriorityWaiterCount : 8;
1078  USHORT IoQoSWaiterCount : 7;
1079  };
1080  };
1081  };
1082 #if _WIN64
1083  ULONG SparePad;
1084 #endif
1085 } KLOCK_ENTRY, *PKLOCK_ENTRY;
1086 
1087 #endif
1088 
1089 //
1090 // Kernel Thread (KTHREAD)
1091 //
1092 #if (NTDDI_VERSION < NTDDI_WIN8)
1093 
1094 typedef struct _KTHREAD
1095 {
1096  DISPATCHER_HEADER Header;
1097 #if (NTDDI_VERSION >= NTDDI_LONGHORN) // [
1098  ULONGLONG CycleTime;
1099 #ifndef _WIN64 // [
1100  ULONG HighCycleTime;
1101 #endif // ]
1102  ULONGLONG QuantumTarget;
1103 #else // ][
1104  LIST_ENTRY MutantListHead;
1105 #endif // ]
1106  PVOID InitialStack;
1107  ULONG_PTR StackLimit; // FIXME: PVOID
1108  PVOID KernelStack;
1109  KSPIN_LOCK ThreadLock;
1110 #if (NTDDI_VERSION >= NTDDI_WIN7) // [
1111  KWAIT_STATUS_REGISTER WaitRegister;
1112  BOOLEAN Running;
1113  BOOLEAN Alerted[2];
1114  union
1115  {
1116  struct
1117  {
1118  ULONG KernelStackResident:1;
1119  ULONG ReadyTransition:1;
1120  ULONG ProcessReadyQueue:1;
1121  ULONG WaitNext:1;
1122  ULONG SystemAffinityActive:1;
1123  ULONG Alertable:1;
1124  ULONG GdiFlushActive:1;
1125  ULONG UserStackWalkActive:1;
1126  ULONG ApcInterruptRequest:1;
1127  ULONG ForceDeferSchedule:1;
1128  ULONG QuantumEndMigrate:1;
1129  ULONG UmsDirectedSwitchEnable:1;
1130  ULONG TimerActive:1;
1131  ULONG Reserved:19;
1132  };
1133  LONG MiscFlags;
1134  };
1135 #endif // ]
1136  union
1137  {
1138  KAPC_STATE ApcState;
1139  struct
1140  {
1141  UCHAR ApcStateFill[FIELD_OFFSET(KAPC_STATE, UserApcPending) + 1];
1142 #if (NTDDI_VERSION >= NTDDI_LONGHORN) // [
1143  SCHAR Priority;
1144 #if (NTDDI_VERSION >= NTDDI_WIN7) // [
1145  /* On x86, the following members "fall out" of the union */
1146  volatile ULONG NextProcessor;
1147  volatile ULONG DeferredProcessor;
1148 #else // ][
1149  /* On x86, the following members "fall out" of the union */
1150  volatile USHORT NextProcessor;
1151  volatile USHORT DeferredProcessor;
1152 #endif // ]
1153 #else // ][
1154  UCHAR ApcQueueable;
1155  /* On x86, the following members "fall out" of the union */
1156  volatile UCHAR NextProcessor;
1157  volatile UCHAR DeferredProcessor;
1158  UCHAR AdjustReason;
1159  SCHAR AdjustIncrement;
1160 #endif // ]
1161  };
1162  };
1163  KSPIN_LOCK ApcQueueLock;
1164 #ifndef _M_AMD64 // [
1165  ULONG ContextSwitches;
1166  volatile UCHAR State;
1167  UCHAR NpxState;
1168  KIRQL WaitIrql;
1169  KPROCESSOR_MODE WaitMode;
1170 #endif // ]
1171  LONG_PTR WaitStatus;
1172 #if (NTDDI_VERSION >= NTDDI_WIN7) // [
1173  PKWAIT_BLOCK WaitBlockList;
1174 #else // ][
1175  union
1176  {
1177  PKWAIT_BLOCK WaitBlockList;
1178  PKGATE GateObject;
1179  };
1180 #if (NTDDI_VERSION >= NTDDI_LONGHORN) // [
1181  union
1182  {
1183  struct
1184  {
1185  ULONG KernelStackResident:1;
1186  ULONG ReadyTransition:1;
1187  ULONG ProcessReadyQueue:1;
1188  ULONG WaitNext:1;
1189  ULONG SystemAffinityActive:1;
1190  ULONG Alertable:1;
1191  ULONG GdiFlushActive:1;
1192  ULONG Reserved:25;
1193  };
1194  LONG MiscFlags;
1195  };
1196 #else // ][
1197  BOOLEAN Alertable;
1198  BOOLEAN WaitNext;
1199 #endif // ]
1200  UCHAR WaitReason;
1201 #if (NTDDI_VERSION < NTDDI_LONGHORN)
1202  SCHAR Priority;
1203  BOOLEAN EnableStackSwap;
1204 #endif // ]
1205  volatile UCHAR SwapBusy;
1206  BOOLEAN Alerted[MaximumMode];
1207 #endif // ]
1208  union
1209  {
1210  LIST_ENTRY WaitListEntry;
1211  SINGLE_LIST_ENTRY SwapListEntry;
1212  };
1213  PKQUEUE Queue;
1214 #ifndef _M_AMD64 // [
1215  ULONG WaitTime;
1216  union
1217  {
1218  struct
1219  {
1220  SHORT KernelApcDisable;
1221  SHORT SpecialApcDisable;
1222  };
1223  ULONG CombinedApcDisable;
1224  };
1225 #endif // ]
1226  struct _TEB *Teb;
1227 
1228 #if (NTDDI_VERSION >= NTDDI_WIN7) // [
1229  KTIMER Timer;
1230 #else // ][
1231  union
1232  {
1233  KTIMER Timer;
1234  struct
1235  {
1236  UCHAR TimerFill[FIELD_OFFSET(KTIMER, Period) + sizeof(LONG)];
1237 #if !defined(_WIN64) // [
1238  };
1239  };
1240 #endif // ]
1241 #endif // ]
1242  union
1243  {
1244  struct
1245  {
1246  ULONG AutoAlignment:1;
1247  ULONG DisableBoost:1;
1248 #if (NTDDI_VERSION >= NTDDI_LONGHORN) // [
1249  ULONG EtwStackTraceApc1Inserted:1;
1250  ULONG EtwStackTraceApc2Inserted:1;
1251  ULONG CycleChargePending:1;
1252  ULONG CalloutActive:1;
1253  ULONG ApcQueueable:1;
1254  ULONG EnableStackSwap:1;
1255  ULONG GuiThread:1;
1256  ULONG ReservedFlags:23;
1257 #else // ][
1258  LONG ReservedFlags:30;
1259 #endif // ]
1260  };
1261  LONG ThreadFlags;
1262  };
1263 #if defined(_WIN64) && (NTDDI_VERSION < NTDDI_WIN7) // [
1264  };
1265  };
1266 #endif // ]
1267 #if (NTDDI_VERSION >= NTDDI_WIN7) // [
1268 #if defined(_WIN64) // [
1269  ULONG Spare0;
1270 #else // ][
1271  PVOID ServiceTable;
1272 #endif // ]
1273 #endif // ]
1274  union
1275  {
1276  DECLSPEC_ALIGN(8) KWAIT_BLOCK WaitBlock[THREAD_WAIT_OBJECTS + 1];
1277 #if (NTDDI_VERSION < NTDDI_WIN7) // [
1278  struct
1279  {
1280  UCHAR WaitBlockFill0[FIELD_OFFSET(KWAIT_BLOCK, SpareByte)]; // 32bit = 23, 64bit = 43
1281 #if (NTDDI_VERSION >= NTDDI_LONGHORN) // [
1282  UCHAR IdealProcessor;
1283 #else // ][
1284  BOOLEAN SystemAffinityActive;
1285 #endif // ]
1286  };
1287  struct
1288  {
1289  UCHAR WaitBlockFill1[1 * sizeof(KWAIT_BLOCK) + FIELD_OFFSET(KWAIT_BLOCK, SpareByte)]; // 47 / 91
1290  CCHAR PreviousMode;
1291  };
1292  struct
1293  {
1294  UCHAR WaitBlockFill2[2 * sizeof(KWAIT_BLOCK) + FIELD_OFFSET(KWAIT_BLOCK, SpareByte)]; // 71 / 139
1295  UCHAR ResourceIndex;
1296  };
1297  struct
1298  {
1299  UCHAR WaitBlockFill3[3 * sizeof(KWAIT_BLOCK) + FIELD_OFFSET(KWAIT_BLOCK, SpareByte)]; // 95 / 187
1300  UCHAR LargeStack;
1301  };
1302 #endif // ]
1303 #ifdef _WIN64 // [
1304  struct
1305  {
1306  UCHAR WaitBlockFill4[FIELD_OFFSET(KWAIT_BLOCK, SpareLong)];
1307  ULONG ContextSwitches;
1308  };
1309  struct
1310  {
1311  UCHAR WaitBlockFill5[1 * sizeof(KWAIT_BLOCK) + FIELD_OFFSET(KWAIT_BLOCK, SpareLong)];
1312  UCHAR State;
1313  UCHAR NpxState;
1314  UCHAR WaitIrql;
1315  CHAR WaitMode;
1316  };
1317  struct
1318  {
1319  UCHAR WaitBlockFill6[2 * sizeof(KWAIT_BLOCK) + FIELD_OFFSET(KWAIT_BLOCK, SpareLong)];
1320  ULONG WaitTime;
1321  };
1322 #if (NTDDI_VERSION >= NTDDI_WIN7) // [
1323  struct
1324  {
1325  UCHAR WaitBlockFill7[168];
1326  PVOID TebMappedLowVa;
1327  struct _UMS_CONTROL_BLOCK* Ucb;
1328  };
1329 #endif // ]
1330  struct
1331  {
1332 #if (NTDDI_VERSION >= NTDDI_WIN7) // [
1333  UCHAR WaitBlockFill8[188];
1334 #else // ][
1335  UCHAR WaitBlockFill7[3 * sizeof(KWAIT_BLOCK) + FIELD_OFFSET(KWAIT_BLOCK, SpareLong)];
1336 #endif // ]
1337  union
1338  {
1339  struct
1340  {
1341  SHORT KernelApcDisable;
1342  SHORT SpecialApcDisable;
1343  };
1344  ULONG CombinedApcDisable;
1345  };
1346  };
1347 #endif // ]
1348  };
1349  LIST_ENTRY QueueListEntry;
1350  PKTRAP_FRAME TrapFrame;
1351 #if (NTDDI_VERSION >= NTDDI_LONGHORN) // [
1352  PVOID FirstArgument;
1353  union
1354  {
1355  PVOID CallbackStack;
1356  ULONG_PTR CallbackDepth;
1357  };
1358 #else // ][
1359  PVOID CallbackStack;
1360 #endif // ]
1361 #if (NTDDI_VERSION < NTDDI_LONGHORN) || ((NTDDI_VERSION < NTDDI_WIN7) && !defined(_WIN64)) // [
1362  PVOID ServiceTable;
1363 #endif // ]
1364 #if (NTDDI_VERSION < NTDDI_LONGHORN) && defined(_WIN64) // [
1365  ULONG KernelLimit;
1366 #endif // ]
1367  UCHAR ApcStateIndex;
1368 #if (NTDDI_VERSION < NTDDI_LONGHORN) // [
1369  UCHAR IdealProcessor;
1370  BOOLEAN Preempted;
1371  BOOLEAN ProcessReadyQueue;
1372 #ifdef _WIN64 // [
1373  PVOID Win32kTable;
1374  ULONG Win32kLimit;
1375 #endif // ]
1376  BOOLEAN KernelStackResident;
1377 #endif // ]
1378  SCHAR BasePriority;
1379  SCHAR PriorityDecrement;
1380 #if (NTDDI_VERSION >= NTDDI_LONGHORN) // [
1381  BOOLEAN Preempted;
1382  UCHAR AdjustReason;
1383  CHAR AdjustIncrement;
1384 #if (NTDDI_VERSION >= NTDDI_WIN7)
1385  UCHAR PreviousMode;
1386 #else
1387  UCHAR Spare01;
1388 #endif
1389 #endif // ]
1390  CHAR Saturation;
1391 #if (NTDDI_VERSION >= NTDDI_LONGHORN) // [
1392  ULONG SystemCallNumber;
1393 #if (NTDDI_VERSION >= NTDDI_WIN7) // [
1394  ULONG FreezeCount;
1395 #else // ][
1396  ULONG Spare02;
1397 #endif // ]
1398 #endif // ]
1399 #if (NTDDI_VERSION >= NTDDI_WIN7) // [
1400  GROUP_AFFINITY UserAffinity;
1401  struct _KPROCESS *Process;
1402  GROUP_AFFINITY Affinity;
1403  ULONG IdealProcessor;
1404  ULONG UserIdealProcessor;
1405 #else // ][
1406  KAFFINITY UserAffinity;
1407  struct _KPROCESS *Process;
1408  KAFFINITY Affinity;
1409 #endif // ]
1410  PKAPC_STATE ApcStatePointer[2];
1411  union
1412  {
1413  KAPC_STATE SavedApcState;
1414  struct
1415  {
1416  UCHAR SavedApcStateFill[FIELD_OFFSET(KAPC_STATE, UserApcPending) + 1];
1417 #if (NTDDI_VERSION >= NTDDI_WIN7) // [
1418  UCHAR WaitReason;
1419 #else // ][
1420  CCHAR FreezeCount;
1421 #endif // ]
1422 #ifndef _WIN64 // [
1423  };
1424  };
1425 #endif // ]
1426  CCHAR SuspendCount;
1427 #if (NTDDI_VERSION >= NTDDI_WIN7) // [
1428  CCHAR Spare1;
1429 #else // ][
1430  UCHAR UserIdealProcessor;
1431 #endif // ]
1432 #if (NTDDI_VERSION >= NTDDI_WIN7) // [
1433 #elif (NTDDI_VERSION >= NTDDI_LONGHORN) // ][
1434  UCHAR Spare03;
1435 #else // ][
1436  UCHAR CalloutActive;
1437 #endif // ]
1438 #ifdef _WIN64 // [
1439  UCHAR CodePatchInProgress;
1440  };
1441  };
1442 #endif // ]
1443 #if defined(_M_IX86) // [
1444 #if (NTDDI_VERSION >= NTDDI_LONGHORN) // [
1445  UCHAR OtherPlatformFill;
1446 #else // ][
1447  UCHAR Iopl;
1448 #endif // ]
1449 #endif // ]
1450  PVOID Win32Thread;
1451  PVOID StackBase;
1452  union
1453  {
1454  KAPC SuspendApc;
1455  struct
1456  {
1457  UCHAR SuspendApcFill0[1];
1458 #if (NTDDI_VERSION >= NTDDI_WIN7) // [
1459  UCHAR ResourceIndex;
1460 #elif (NTDDI_VERSION >= NTDDI_LONGHORN) // ][
1461  CHAR Spare04;
1462 #else // ][
1463  SCHAR Quantum;
1464 #endif // ]
1465  };
1466  struct
1467  {
1468  UCHAR SuspendApcFill1[3];
1469  UCHAR QuantumReset;
1470  };
1471  struct
1472  {
1473  UCHAR SuspendApcFill2[4];
1474  ULONG KernelTime;
1475  };
1476  struct
1477  {
1478  UCHAR SuspendApcFill3[FIELD_OFFSET(KAPC, SystemArgument1)];
1479 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1480  PKPRCB WaitPrcb;
1481 #else
1482  PVOID TlsArray;
1483 #endif
1484  };
1485  struct
1486  {
1487  UCHAR SuspendApcFill4[FIELD_OFFSET(KAPC, SystemArgument2)]; // 40 / 72
1488  PVOID LegoData;
1489  };
1490  struct
1491  {
1492  UCHAR SuspendApcFill5[FIELD_OFFSET(KAPC, Inserted) + 1]; // 47 / 83
1493 #if (NTDDI_VERSION >= NTDDI_WIN7) // [
1494  UCHAR LargeStack;
1495 #else // ][
1496  UCHAR PowerState;
1497 #endif // ]
1498 #ifdef _WIN64 // [
1499  ULONG UserTime;
1500 #endif // ]
1501  };
1502  };
1503 #ifndef _WIN64 // [
1504  ULONG UserTime;
1505 #endif // ]
1506  union
1507  {
1508  KSEMAPHORE SuspendSemaphore;
1509  struct
1510  {
1511  UCHAR SuspendSemaphorefill[FIELD_OFFSET(KSEMAPHORE, Limit) + 4]; // 20 / 28
1512 #ifdef _WIN64 // [
1513  ULONG SListFaultCount;
1514 #endif // ]
1515  };
1516  };
1517 #ifndef _WIN64 // [
1518  ULONG SListFaultCount;
1519 #endif // ]
1520  LIST_ENTRY ThreadListEntry;
1521 #if (NTDDI_VERSION >= NTDDI_LONGHORN) // [
1522  LIST_ENTRY MutantListHead;
1523 #endif // ]
1524  PVOID SListFaultAddress;
1525 #ifdef _M_AMD64 // [
1526  LONG64 ReadOperationCount;
1527  LONG64 WriteOperationCount;
1528  LONG64 OtherOperationCount;
1529  LONG64 ReadTransferCount;
1530  LONG64 WriteTransferCount;
1531  LONG64 OtherTransferCount;
1532 #endif // ]
1533 #if (NTDDI_VERSION >= NTDDI_WIN7) // [
1534  PKTHREAD_COUNTERS ThreadCounters;
1535  PXSTATE_SAVE XStateSave;
1536 #elif (NTDDI_VERSION >= NTDDI_LONGHORN) // ][
1537  PVOID MdlForLockedTeb;
1538 #endif // ]
1539 } KTHREAD;
1540 
1541 #else // not (NTDDI_VERSION < NTDDI_WIN8)
1542 
1543 #if defined(_WIN64) && (NTDDI_VERSION < 0x06032580) // since WIN 8.1 Update1 6.3.9600.16384
1544 #define NUMBER_OF_LOCK_ENTRIES 5
1545 #else
1546 #define NUMBER_OF_LOCK_ENTRIES 6
1547 #endif
1548 
1549 typedef struct _KTHREAD
1550 {
1551  DISPATCHER_HEADER Header;
1552  PVOID SListFaultAddress;
1553  ULONG64 QuantumTarget;
1554  PVOID InitialStack;
1555  volatile VOID *StackLimit;
1556  PVOID StackBase;
1557  KSPIN_LOCK ThreadLock;
1558  volatile ULONG64 CycleTime;
1559 #ifndef _WIN64
1560  volatile ULONG HighCycleTime;
1561  PVOID ServiceTable;
1562 #endif
1563  ULONG CurrentRunTime;
1564  ULONG ExpectedRunTime;
1565  PVOID KernelStack;
1566  XSAVE_FORMAT* StateSaveArea;
1567  struct _KSCHEDULING_GROUP* SchedulingGroup;
1568  KWAIT_STATUS_REGISTER WaitRegister;
1569  BOOLEAN Running;
1570  BOOLEAN Alerted[MaximumMode];
1571 
1572  union
1573  {
1574  struct
1575  {
1576 #if (NTDDI_VERSION < NTDDI_WIN10)
1577  ULONG KernelStackResident : 1;
1578 #else
1579  ULONG AutoBoostActive : 1;
1580 #endif
1581  ULONG ReadyTransition : 1;
1582 #if (NTDDI_VERSION < NTDDI_WIN10TH2)
1583  ULONG ProcessReadyQueue : 1;
1584 #endif
1585  ULONG ProcessReadyQueue : 1;
1586  ULONG WaitNext : 1;
1587  ULONG SystemAffinityActive : 1;
1588  ULONG Alertable : 1;
1589 #if (NTDDI_VERSION < NTDDI_WIN81)
1590  ULONG CodePatchInProgress : 1;
1591 #endif
1592  ULONG UserStackWalkActive : 1;
1593  ULONG ApcInterruptRequest : 1;
1594  ULONG QuantumEndMigrate : 1;
1595  ULONG UmsDirectedSwitchEnable : 1;
1596  ULONG TimerActive : 1;
1597  ULONG SystemThread : 1;
1598  ULONG ProcessDetachActive : 1;
1599  ULONG CalloutActive : 1;
1600  ULONG ScbReadyQueue : 1;
1601  ULONG ApcQueueable : 1;
1602  ULONG ReservedStackInUse : 1;
1603  ULONG UmsPerformingSyscall : 1;
1604  ULONG DisableStackCheck : 1;
1605  ULONG Reserved : 12;
1606  };
1607  LONG MiscFlags;
1608  };
1609 
1610  union
1611  {
1612  struct
1613  {
1614  ULONG AutoAlignment : 1;
1615  ULONG DisableBoost : 1;
1616  ULONG UserAffinitySet : 1;
1617  ULONG AlertedByThreadId : 1;
1618  ULONG QuantumDonation : 1;
1619  ULONG EnableStackSwap : 1;
1620  ULONG GuiThread : 1;
1621  ULONG DisableQuantum : 1;
1622  ULONG ChargeOnlyGroup : 1;
1623  ULONG DeferPreemption : 1;
1624  ULONG QueueDeferPreemption : 1;
1625  ULONG ForceDeferSchedule : 1;
1626  ULONG ExplicitIdealProcessor : 1;
1627  ULONG FreezeCount : 1;
1628 #if (NTDDI_VERSION >= 0x060324D7) // since 6.3.9431.0
1629  ULONG TerminationApcRequest : 1;
1630 #endif
1631 #if (NTDDI_VERSION >= 0x06032580) // since 6.3.9600.16384
1632  ULONG AutoBoostEntriesExhausted : 1;
1633 #endif
1634 #if (NTDDI_VERSION >= 0x06032580) // since 6.3.9600.17031
1635  ULONG KernelStackResident : 1;
1636 #endif
1637 #if (NTDDI_VERSION >= NTDDI_WIN10)
1638  ULONG CommitFailTerminateRequest : 1;
1639  ULONG ProcessStackCountDecremented : 1;
1640  ULONG ThreadFlagsSpare : 5;
1641 #endif
1642  ULONG EtwStackTraceApcInserted : 8;
1643 #if (NTDDI_VERSION < NTDDI_WIN10)
1644  ULONG ReservedFlags : 10;
1645 #endif
1646  };
1647  LONG ThreadFlags;
1648  };
1649 
1650 #if (NTDDI_VERSION >= NTDDI_WIN10)
1651  volatile UCHAR Tag;
1652  UCHAR SystemHeteroCpuPolicy;
1653  UCHAR UserHeteroCpuPolicy : 7;
1654  UCHAR ExplicitSystemHeteroCpuPolicy : 1;
1655  UCHAR Spare0;
1656 #else
1657  ULONG Spare0;
1658 #endif
1659  ULONG SystemCallNumber;
1660 #ifdef _WIN64
1661  ULONG Spare1; // Win 10: Spare10
1662 #endif
1663  PVOID FirstArgument;
1664  PKTRAP_FRAME TrapFrame;
1665 
1666  union
1667  {
1668  KAPC_STATE ApcState;
1669  struct
1670  {
1671  UCHAR ApcStateFill[RTL_SIZEOF_THROUGH_FIELD(KAPC_STATE, UserApcPending)]; // 32bit: 23/0x17, 64bit: 43/0x2B
1672  SCHAR Priority;
1673  ULONG UserIdealProcessor;
1674  };
1675  };
1676 
1677 #ifndef _WIN64
1678  ULONG ContextSwitches;
1679  volatile UCHAR State;
1680 #if (NTDDI_VERSION >= NTDDI_WIN10) // since 10.0.10074.0
1681  CHAR Spare12;
1682 #else
1683  CHAR NpxState;
1684 #endif
1685  KIRQL WaitIrql;
1686  KPROCESSOR_MODE WaitMode;
1687 #endif
1688 
1689  volatile INT_PTR WaitStatus;
1690  PKWAIT_BLOCK WaitBlockList;
1691  union
1692  {
1693  LIST_ENTRY WaitListEntry;
1694  SINGLE_LIST_ENTRY SwapListEntry;
1695  };
1696  PKQUEUE Queue;
1697  PVOID Teb;
1698 #if (NTDDI_VERSION >= NTDDI_WIN8 /* 0x060223F0 */) // since 6.2.9200.16384
1699  ULONG64 RelativeTimerBias;
1700 #endif
1701  KTIMER Timer;
1702 
1703  union
1704  {
1705  DECLSPEC_ALIGN(8) KWAIT_BLOCK WaitBlock[THREAD_WAIT_OBJECTS + 1];
1706 #ifdef _WIN64
1707  struct
1708  {
1709  UCHAR WaitBlockFill4[FIELD_OFFSET(KWAIT_BLOCK, SpareLong)]; // 32bit: -, 64bit: 20/0x14
1710  ULONG ContextSwitches;
1711  };
1712  struct
1713  {
1714  UCHAR WaitBlockFill5[1 * sizeof(KWAIT_BLOCK) + FIELD_OFFSET(KWAIT_BLOCK, SpareLong)]; // 32bit: -, 64bit: 68/0x44
1715  UCHAR State;
1716 #if (NTDDI_VERSION >= NTDDI_WIN10)
1717  CHAR Spare13;
1718 #else
1719  CHAR NpxState;
1720 #endif
1721  UCHAR WaitIrql;
1722  CHAR WaitMode;
1723  };
1724  struct
1725  {
1726  UCHAR WaitBlockFill6[2 * sizeof(KWAIT_BLOCK) + FIELD_OFFSET(KWAIT_BLOCK, SpareLong)]; // 32bit: -, 64bit: 116/0x74
1727  ULONG WaitTime;
1728  };
1729  struct
1730  {
1731  UCHAR WaitBlockFill7[3 * sizeof(KWAIT_BLOCK) + FIELD_OFFSET(KWAIT_BLOCK, SpareLong)]; // 32bit: -, 64bit: 164/0xA4
1732  union
1733  {
1734  struct
1735  {
1736  SHORT KernelApcDisable;
1737  SHORT SpecialApcDisable;
1738  };
1739  ULONG CombinedApcDisable;
1740  };
1741  };
1742 #endif
1743  struct
1744  {
1745  UCHAR WaitBlockFill8[FIELD_OFFSET(KWAIT_BLOCK, SparePtr)]; // 32bit: 20/0x14, 64bit: 40/0x28
1746  struct _KTHREAD_COUNTERS *ThreadCounters;
1747  };
1748  struct
1749  {
1750  UCHAR WaitBlockFill9[1 * sizeof(KWAIT_BLOCK) + FIELD_OFFSET(KWAIT_BLOCK, SparePtr)]; // 32bit: 44/0x2C, 64bit: 88/0x58
1751  PXSTATE_SAVE XStateSave;
1752  };
1753  struct
1754  {
1755  UCHAR WaitBlockFill10[2 * sizeof(KWAIT_BLOCK) + FIELD_OFFSET(KWAIT_BLOCK, SparePtr)]; // 32bit: 68/0x44, 64bit: 136/0x88
1756  PVOID Win32Thread;
1757  };
1758  struct
1759  {
1760  UCHAR WaitBlockFill11[3 * sizeof(KWAIT_BLOCK) + FIELD_OFFSET(KWAIT_BLOCK, Object)]; // 32bit: 88/0x58, 64bit: 176/0xB0
1761 #ifdef _WIN64
1762  struct _UMS_CONTROL_BLOCK* Ucb;
1763  struct _KUMS_CONTEXT_HEADER* Uch;
1764 #else
1765  ULONG WaitTime;
1766  union
1767  {
1768  struct
1769  {
1770  SHORT KernelApcDisable;
1771  SHORT SpecialApcDisable;
1772  };
1773  ULONG CombinedApcDisable;
1774  };
1775 #endif
1776  };
1777  };
1778 
1779 #ifdef _WIN64
1780  PVOID TebMappedLowVa;
1781 #endif
1782  LIST_ENTRY QueueListEntry;
1783 #if (NTDDI_VERSION >= 0x060223F0) // since 6.2.9200.16384
1784  union
1785  {
1786  ULONG NextProcessor;
1787  struct
1788  {
1789  ULONG NextProcessorNumber : 31;
1790  ULONG SharedReadyQueue : 1;
1791  };
1792  };
1793  LONG QueuePriority;
1794 #else
1795  ULONG NextProcessor;
1796  ULONG DeferredProcessor;
1797 #endif
1798  PKPROCESS Process;
1799 
1800  union
1801  {
1802  GROUP_AFFINITY UserAffinity;
1803  struct
1804  {
1805  UCHAR UserAffinityFill[FIELD_OFFSET(GROUP_AFFINITY, Reserved)]; // 32bit: 6/0x6, 64bit: 10/0x0A
1806  CHAR PreviousMode;
1807  CHAR BasePriority;
1808  union
1809  {
1810  CHAR PriorityDecrement;
1811  struct
1812  {
1813  UCHAR ForegroundBoost : 4;
1814  UCHAR UnusualBoost : 4;
1815  };
1816  };
1817  UCHAR Preempted;
1818  UCHAR AdjustReason;
1819  CHAR AdjustIncrement;
1820  };
1821  };
1822 
1823 #if (NTDDI_VERSION >= NTDDI_WIN10) // since 10.0.10240.16384
1824  ULONG_PTR AffinityVersion;
1825 #endif
1826  union
1827  {
1828  GROUP_AFFINITY Affinity;
1829  struct
1830  {
1831  UCHAR AffinityFill[FIELD_OFFSET(GROUP_AFFINITY, Reserved)]; // 32bit: 6/0x6, 64bit: 10/0x0A
1832  UCHAR ApcStateIndex;
1833  UCHAR WaitBlockCount;
1834  ULONG IdealProcessor;
1835  };
1836  };
1837 
1838 #if (NTDDI_VERSION >= NTDDI_WIN10) // since 10.0.10240.16384
1839 #ifdef _WIN64
1840  ULONG64 NpxState;
1841 #else
1842  ULONG Spare15;
1843 #endif
1844 #else
1845  PKAPC_STATE ApcStatePointer[2];
1846 #endif
1847 
1848  union
1849  {
1850  KAPC_STATE SavedApcState;
1851  struct
1852  {
1853  UCHAR SavedApcStateFill[FIELD_OFFSET(KAPC_STATE, UserApcPending) + 1]; // 32bit: 23/0x17, 64bit: 43/0x2B
1854  UCHAR WaitReason;
1855  CHAR SuspendCount;
1856  CHAR Saturation;
1857  SHORT SListFaultCount;
1858  };
1859  };
1860 
1861  union
1862  {
1863  KAPC SchedulerApc;
1864  struct
1865  {
1866  UCHAR SchedulerApcFill0[FIELD_OFFSET(KAPC, SpareByte0)]; // 32bit: 1/0x01, 64bit: 1/0x01
1867  UCHAR ResourceIndex;
1868  };
1869  struct
1870  {
1871  UCHAR SchedulerApcFill1[FIELD_OFFSET(KAPC, SpareByte1)]; // 32bit: 3/0x03, 64bit: 3/0x03
1872  UCHAR QuantumReset;
1873  };
1874  struct
1875  {
1876  UCHAR SchedulerApcFill2[FIELD_OFFSET(KAPC, SpareLong0)]; // 32bit: 4/0x04, 64bit: 4/0x04
1877  ULONG KernelTime;
1878  };
1879  struct
1880  {
1881  UCHAR SuspendApcFill3[FIELD_OFFSET(KAPC, SystemArgument1)]; // 32 bit:, 64 bit: 64/0x40
1882  PKPRCB WaitPrcb;
1883  };
1884  struct
1885  {
1886  UCHAR SchedulerApcFill4[FIELD_OFFSET(KAPC, SystemArgument2)]; // 32 bit:, 64 bit: 72/0x48
1887  PVOID LegoData;
1888  };
1889  struct
1890  {
1891  UCHAR SchedulerApcFill5[FIELD_OFFSET(KAPC, Inserted) + 1]; // 32 bit:, 64 bit: 83/0x53
1892  UCHAR CallbackNestingLevel;
1893  ULONG UserTime;
1894  };
1895  };
1896 
1897  KEVENT SuspendEvent;
1898  LIST_ENTRY ThreadListEntry;
1899  LIST_ENTRY MutantListHead;
1900 
1901 #if (NTDDI_VERSION >= NTDDI_WIN10)
1902  UCHAR AbEntrySummary;
1903  UCHAR AbWaitEntryCount;
1904  USHORT Spare20;
1905 #if _WIN64
1906  ULONG SecureThreadCookie;
1907 #endif
1908 #elif (NTDDI_VERSION >= NTDDI_WINBLUE) // 6.3.9431.0
1909  SINGLE_LIST_ENTRY LockEntriesFreeList;
1910 #endif
1911 
1912 #if (NTDDI_VERSION >= NTDDI_WINBLUE /* 0x06032580 */) // since 6.3.9600.16384
1913  KLOCK_ENTRY LockEntries[NUMBER_OF_LOCK_ENTRIES];
1914  SINGLE_LIST_ENTRY PropagateBoostsEntry;
1915  SINGLE_LIST_ENTRY IoSelfBoostsEntry;
1916  UCHAR PriorityFloorCounts[16];
1917  ULONG PriorityFloorSummary;
1918  volatile LONG AbCompletedIoBoostCount;
1919  #if (NTDDI_VERSION >= NTDDI_WIN10_RS1)
1920  LONG AbCompletedIoQoSBoostCount;
1921  #endif
1922 
1923  #if (NTDDI_VERSION >= NTDDI_WIN10) // since 10.0.10240.16384
1924  volatile SHORT KeReferenceCount;
1925  #else
1926  volatile SHORT AbReferenceCount;
1927  #endif
1928  #if (NTDDI_VERSION >= 0x06040000) // since 6.4.9841.0
1929  UCHAR AbOrphanedEntrySummary;
1930  UCHAR AbOwnedEntryCount;
1931  #else
1932  UCHAR AbFreeEntryCount;
1933  UCHAR AbWaitEntryCount;
1934  #endif
1935  ULONG ForegroundLossTime;
1936  union
1937  {
1938  LIST_ENTRY GlobalForegroundListEntry;
1939  struct
1940  {
1941  SINGLE_LIST_ENTRY ForegroundDpcStackListEntry;
1942  ULONG_PTR InGlobalForegroundList;
1943  };
1944  };
1945 #endif
1946 
1947 #if _WIN64
1948  LONG64 ReadOperationCount;
1949  LONG64 WriteOperationCount;
1950  LONG64 OtherOperationCount;
1951  LONG64 ReadTransferCount;
1952  LONG64 WriteTransferCount;
1953  LONG64 OtherTransferCount;
1954 #endif
1955 #if (NTDDI_VERSION >= NTDDI_WIN10) // since 10.0.10041.0
1956  struct _KSCB *QueuedScb;
1957 #ifndef _WIN64
1958  ULONG64 NpxState;
1959 #endif
1960 #endif
1961 } KTHREAD;
1962 
1963 #endif
1964 
1965 
1966 #define ASSERT_THREAD(object) \
1967  ASSERT((((object)->Header.Type & KOBJECT_TYPE_MASK) == ThreadObject))
1968 
1969 //
1970 // Kernel Process (KPROCESS)
1971 //
1972 typedef struct _KPROCESS
1973 {
1974  DISPATCHER_HEADER Header;
1975  LIST_ENTRY ProfileListHead;
1976 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1977  ULONG_PTR DirectoryTableBase;
1978  ULONG_PTR Unused0;
1979 #else
1980  ULONG_PTR DirectoryTableBase[2];
1981 #endif
1982 #if defined(_M_IX86)
1983  KGDTENTRY LdtDescriptor;
1984  KIDTENTRY Int21Descriptor;
1985 #endif
1986  USHORT IopmOffset;
1987 #if defined(_M_IX86)
1988  UCHAR Iopl;
1989  UCHAR Unused;
1990 #endif
1991  volatile KAFFINITY ActiveProcessors;
1992  ULONG KernelTime;
1993  ULONG UserTime;
1994  LIST_ENTRY ReadyListHead;
1995  SINGLE_LIST_ENTRY SwapListEntry;
1996  PVOID VdmTrapcHandler;
1997  LIST_ENTRY ThreadListHead;
1998  KSPIN_LOCK ProcessLock;
1999  KAFFINITY Affinity;
2000  union
2001  {
2002  struct
2003  {
2004  LONG AutoAlignment:1;
2005  LONG DisableBoost:1;
2006  LONG DisableQuantum:1;
2007  LONG ReservedFlags:29;
2008  };
2009  LONG ProcessFlags;
2010  };
2011  SCHAR BasePriority;
2012  SCHAR QuantumReset;
2013  UCHAR State;
2014  UCHAR ThreadSeed;
2015  UCHAR PowerState;
2016  UCHAR IdealNode;
2017  UCHAR Visited;
2018  union
2019  {
2020  KEXECUTE_OPTIONS Flags;
2021  UCHAR ExecuteOptions;
2022  };
2023  ULONG StackCount;
2024  LIST_ENTRY ProcessListEntry;
2025 #if (NTDDI_VERSION >= NTDDI_LONGHORN) // [
2026  ULONGLONG CycleTime;
2027 #endif // ]
2028 } KPROCESS;
2029 
2030 #define ASSERT_PROCESS(object) \
2031  ASSERT((((object)->Header.Type & KOBJECT_TYPE_MASK) == ProcessObject))
2032 
2033 //
2034 // System Service Table Descriptor
2035 //
2036 typedef struct _KSERVICE_TABLE_DESCRIPTOR
2037 {
2038  PULONG_PTR Base;
2039  PULONG Count;
2040  ULONG Limit;
2041 #if defined(_IA64_)
2042  LONG TableBaseGpOffset;
2043 #endif
2044  PUCHAR Number;
2045 } KSERVICE_TABLE_DESCRIPTOR, *PKSERVICE_TABLE_DESCRIPTOR;
2046 
2047 #if (NTDDI_VERSION >= NTDDI_WIN8)
2048 //
2049 // Entropy Timing State
2050 //
2051 typedef struct _KENTROPY_TIMING_STATE
2052 {
2053  ULONG EntropyCount;
2054  ULONG Buffer[64];
2055  KDPC Dpc;
2056  ULONG LastDeliveredBuffer;
2057  PULONG RawDataBuffer;
2058 } KENTROPY_TIMING_STATE, *PKENTROPY_TIMING_STATE;
2059 
2060 //
2061 // Constants from ks386.inc, ksamd64.inc and ksarm.h
2062 //
2063 #define KENTROPY_TIMING_INTERRUPTS_PER_BUFFER 0x400
2064 #define KENTROPY_TIMING_BUFFER_MASK 0x7ff
2065 #define KENTROPY_TIMING_ANALYSIS 0x0
2066 
2067 #endif /* (NTDDI_VERSION >= NTDDI_WIN8) */
2068 
2069 //
2070 // Exported Loader Parameter Block
2071 //
2072 extern struct _LOADER_PARAMETER_BLOCK NTSYSAPI *KeLoaderBlock;
2073 
2074 //
2075 // Exported Hardware Data
2076 //
2077 extern ULONG NTSYSAPI KiDmaIoCoherency;
2078 extern ULONG NTSYSAPI KeMaximumIncrement;
2079 extern ULONG NTSYSAPI KeMinimumIncrement;
2080 extern ULONG NTSYSAPI KeDcacheFlushCount;
2081 extern ULONG NTSYSAPI KeIcacheFlushCount;
2082 extern ULONG_PTR NTSYSAPI KiBugCheckData[];
2083 extern BOOLEAN NTSYSAPI KiEnableTimerWatchdog;
2084 
2085 //
2086 // Exported System Service Descriptor Tables
2087 //
2088 extern KSERVICE_TABLE_DESCRIPTOR NTSYSAPI KeServiceDescriptorTable[SSDT_MAX_ENTRIES];
2089 extern KSERVICE_TABLE_DESCRIPTOR NTSYSAPI KeServiceDescriptorTableShadow[SSDT_MAX_ENTRIES];
2090 
2091 #endif // !NTOS_MODE_USER
2092 
2093 #endif // _KETYPES_H
_EXCEPTION_REGISTRATION_RECORD
Definition: compat.h:392
_KUSER_SHARED_DATA::LargePageMinimum
ULONG LargePageMinimum
Definition: ketypes.h:1155
_KPROFILE::Started
BOOLEAN Started
Definition: ketypes.h:817
_KINTERRUPT::ServiceCount
ULONG ServiceCount
Definition: ketypes.h:849
_KWAIT_REASON
_KWAIT_REASON
Definition: ketypes.h:402
_KPROFILE::Type
CSHORT Type
Definition: ketypes.h:806
_KTHREAD::SuspendApcFill3
UCHAR SuspendApcFill3[FIELD_OFFSET(KAPC, SystemArgument1)]
Definition: ketypes.h:1881
_FIBER::StackBase
PVOID StackBase
Definition: ketypes.h:183
_KPROCESS::QuantumReset
SCHAR QuantumReset
Definition: ketypes.h:2012
_KTHREAD::ThreadFlags
LONG ThreadFlags
Definition: ketypes.h:1647
_KSYSTEM_TIME::LowPart
ULONG LowPart
Definition: ketypes.h:910
_FIBER::FiberContext
CONTEXT FiberContext
Definition: ketypes.h:186
KTIMER_TABLE
struct _KTIMER_TABLE KTIMER_TABLE
_KTHREAD::AbCompletedIoQoSBoostCount
LONG AbCompletedIoQoSBoostCount
Definition: ketypes.h:1920
_KUSER_SHARED_DATA::NtMinorVersion
ULONG NtMinorVersion
Definition: ketypes.h:1160
_KPROFILE::Buffer
PVOID Buffer
Definition: ketypes.h:813
Unused
_Must_inspect_result_ typedef _In_ PVOID Unused
Definition: iotypes.h:1129
_SYNCH_COUNTERS::ExAcqResSharedWaitForExclusiveAttempts
ULONG ExAcqResSharedWaitForExclusiveAttempts
Definition: ketypes.h:715
_KTHREAD::FreezeCount
ULONG FreezeCount
Definition: ketypes.h:1627
IN
#define IN
Definition: typedefs.h:38
_KPROCESS::Unused0
ULONG_PTR Unused0
Definition: ketypes.h:1978
_KUSER_SHARED_DATA::SharedDataFlags
ULONG SharedDataFlags
Definition: ketypes.h:1192
_VDMSERVICECLASS
_VDMSERVICECLASS
Definition: ketypes.h:451
_KTHREAD
Definition: ketypes.h:1549
_KUSER_SHARED_DATA
Definition: ketypes.h:1143
KPROFILE_SOURCE
enum _KPROFILE_SOURCE KPROFILE_SOURCE
_KTHREAD::AutoBoostActive
ULONG AutoBoostActive
Definition: ketypes.h:1579
_KLOCK_ENTRY::Spare1
UCHAR Spare1
Definition: ketypes.h:998
PKPROCESS_STATE
enum _KPROCESS_STATE * PKPROCESS_STATE
_RTL_BALANCED_NODE
Definition: ntdef.template.h:321
_KINTERRUPT::Connected
BOOLEAN Connected
Definition: ketypes.h:842
_KPROFILE::Affinity
KAFFINITY Affinity
Definition: ketypes.h:815
_KTIMER_TABLE_ENTRY::Lock
KSPIN_LOCK Lock
Definition: ketypes.h:664
_KUSER_SHARED_DATA::UserModeGlobalLogger
USHORT UserModeGlobalLogger[16]
Definition: ketypes.h:1228
_KTHREAD::EtwStackTraceApcInserted
ULONG EtwStackTraceApcInserted
Definition: ketypes.h:1642
_KLOCK_ENTRY::AllBoosts
USHORT AllBoosts
Definition: ketypes.h:1065
PowerState
_In_ UCHAR _In_ POWER_STATE PowerState
Definition: pofuncs.h:42
_KTHREAD::UserIdealProcessor
ULONG UserIdealProcessor
Definition: ketypes.h:1673
KAPC_STATE
KAPC_STATE
Definition: ketypes.h:1273
_KTHREAD::TimerActive
ULONG TimerActive
Definition: ketypes.h:1596
_KUSER_SHARED_DATA::Cookie
ULONG Cookie
Definition: ketypes.h:1220
KENTROPY_TIMING_STATE
struct _KENTROPY_TIMING_STATE KENTROPY_TIMING_STATE
_KPROCESS::DisableBoost
LONG DisableBoost
Definition: ketypes.h:2005
_KTHREAD::Spare20
USHORT Spare20
Definition: ketypes.h:1904
_KPROCESS_STATE
_KPROCESS_STATE
Definition: ketypes.h:439
_SYNCH_COUNTERS::ExTryToAcqExclusiveAttempts
ULONG ExTryToAcqExclusiveAttempts
Definition: ketypes.h:724
_KTHREAD::AbWaitEntryCount
UCHAR AbWaitEntryCount
Definition: ketypes.h:1903
_KPROFILE::RangeBase
PVOID RangeBase
Definition: ketypes.h:810
KDPC_DATA
struct _KDPC_DATA KDPC_DATA
_KLOCK_ENTRY::WaiterTree
RTL_RB_TREE WaiterTree
Definition: ketypes.h:1055
_KINTERRUPT::SpinLock
KSPIN_LOCK SpinLock
Definition: ketypes.h:834
_GENERAL_LOOKASIDE
Definition: extypes.h:134
_KUSER_SHARED_DATA::Reserved2
ULONG Reserved2[7]
Definition: ketypes.h:1156
_GETSETCONTEXT::Context
CONTEXT Context
Definition: ketypes.h:798
KAPC_ENVIRONMENT
enum _KAPC_ENVIRONMENT KAPC_ENVIRONMENT
_KTHREAD::EnableStackSwap
ULONG EnableStackSwap
Definition: ketypes.h:1619
_KENTROPY_TIMING_STATE::LastDeliveredBuffer
ULONG LastDeliveredBuffer
Definition: ketypes.h:2056
_ALTERNATIVE_ARCHITECTURE_TYPE
_ALTERNATIVE_ARCHITECTURE_TYPE
Definition: ketypes.h:883
_KTHREAD::AlertedByThreadId
ULONG AlertedByThreadId
Definition: ketypes.h:1617
_KTHREAD::AbCompletedIoBoostCount
volatile LONG AbCompletedIoBoostCount
Definition: ketypes.h:1918
_KTIMER_TABLE::TimerEntries
KTIMER_TABLE_ENTRY TimerEntries[256]
Definition: ketypes.h:673
_KPROCESS::DirectoryTableBase
ULONG_PTR DirectoryTableBase
Definition: ketypes.h:1977
KOBJECTS
enum _KOBJECTS KOBJECTS
_KPROCESS::State
UCHAR State
Definition: ketypes.h:2013
_KTHREAD::SpecialApcDisable
SHORT SpecialApcDisable
Definition: ketypes.h:1771
_KLOCK_ENTRY::IoNormalPriorityWaiterCount
USHORT IoNormalPriorityWaiterCount
Definition: ketypes.h:1077
_KQUEUE
Definition: ketypes.h:1279
_KLOCK_ENTRY::AcquiredBit
UCHAR AcquiredBit
Definition: ketypes.h:988
_SINGLE_LIST_ENTRY
Definition: ntbasedef.h:635
_KTIMER
Definition: ketypes.h:839
_KTHREAD::ForegroundLossTime
ULONG ForegroundLossTime
Definition: ketypes.h:1935
_KTHREAD::CombinedApcDisable
ULONG CombinedApcDisable
Definition: ketypes.h:1773
_FIBER::ExceptionList
struct _EXCEPTION_REGISTRATION_RECORD * ExceptionList
Definition: ketypes.h:182
StartRoutine
_In_ ULONG _In_opt_ POBJECT_ATTRIBUTES _In_opt_ HANDLE _Out_opt_ PCLIENT_ID _In_ PKSTART_ROUTINE StartRoutine
Definition: psfuncs.h:87
_KLOCK_ENTRY::EntryFlags
ULONG EntryFlags
Definition: ketypes.h:972
_KDPC_LIST::LastEntry
SINGLE_LIST_ENTRY * LastEntry
Definition: ketypes.h:679
_SYNCH_COUNTERS::ExSetResOwnerPointerExclusive
ULONG ExSetResOwnerPointerExclusive
Definition: ketypes.h:721
_KUSER_SHARED_DATA::SystemExpirationDate
LARGE_INTEGER SystemExpirationDate
Definition: ketypes.h:1167
_KTHREAD::UserStackWalkActive
ULONG UserStackWalkActive
Definition: ketypes.h:1592
_KPROCESS::BasePriority
SCHAR BasePriority
Definition: ketypes.h:2011
_KTHREAD::SavedApcState
KAPC_STATE SavedApcState
Definition: ketypes.h:1850
_KPROCESS::ProcessFlags
LONG ProcessFlags
Definition: ketypes.h:2009
_SYNCH_COUNTERS::ExSetResOwnerPointerSharedOld
ULONG ExSetResOwnerPointerSharedOld
Definition: ketypes.h:723
_SYNCH_COUNTERS::ExAcqResExclusiveAttempts
ULONG ExAcqResExclusiveAttempts
Definition: ketypes.h:698
_KTHREAD::ServiceTable
PVOID ServiceTable
Definition: ketypes.h:1561
_KTHREAD::UnusualBoost
UCHAR UnusualBoost
Definition: ketypes.h:1814
_FIBER::StackLimit
PVOID StackLimit
Definition: ketypes.h:184
_KOBJECTS
_KOBJECTS
Definition: ketypes.h:385
_KTRAP_FRAME
Definition: ketypes.h:306
_KTHREAD::SchedulerApcFill2
UCHAR SchedulerApcFill2[FIELD_OFFSET(KAPC, SpareLong0)]
Definition: ketypes.h:1876
_KSERVICE_TABLE_DESCRIPTOR::Number
PUCHAR Number
Definition: ketypes.h:2044
_KTHREAD::ThreadCounters
struct _KTHREAD_COUNTERS * ThreadCounters
Definition: ketypes.h:1746
_KTHREAD::SchedulerApcFill5
UCHAR SchedulerApcFill5[FIELD_OFFSET(KAPC, Inserted)+1]
Definition: ketypes.h:1891
PUCHAR
unsigned char * PUCHAR
Definition: retypes.h:3
CHAR
char CHAR
Definition: xmlstorage.h:175
_KEVENT_PAIR::Size
CSHORT Size
Definition: ketypes.h:867
_KTHREAD::ProcessDetachActive
ULONG ProcessDetachActive
Definition: ketypes.h:1598
_KINTERRUPT::MessageServiceRoutine
PKSERVICE_ROUTINE MessageServiceRoutine
Definition: ketypes.h:830
_KPROCESS::IopmOffset
USHORT IopmOffset
Definition: ketypes.h:1986
_KTHREAD::SListFaultAddress
PVOID SListFaultAddress
Definition: ketypes.h:1552
_KLOCK_ENTRY_LOCK_STATE
Definition: ketypes.h:932
PKTIMER_TABLE_ENTRY
struct _KTIMER_TABLE_ENTRY * PKTIMER_TABLE_ENTRY
_KUSER_SHARED_DATA::ConsoleSessionForegroundProcessId
LONGLONG ConsoleSessionForegroundProcessId
Definition: ketypes.h:1223
_KSERVICE_TABLE_DESCRIPTOR::Limit
ULONG Limit
Definition: ketypes.h:2040
_KTHREAD::Spare15
ULONG Spare15
Definition: ketypes.h:1842
_KTHREAD::CommitFailTerminateRequest
ULONG CommitFailTerminateRequest
Definition: ketypes.h:1638
_KEXECUTE_OPTIONS
Definition: ketypes.h:875
KWAIT_STATUS_REGISTER
union _KWAIT_STATUS_REGISTER KWAIT_STATUS_REGISTER
_KUSER_SHARED_DATA::TestRetInstruction
ULONGLONG TestRetInstruction
Definition: ketypes.h:1208
_KTHREAD::Priority
SCHAR Priority
Definition: ketypes.h:1672
_KUSER_SHARED_DATA::MaxStackTraceDepth
ULONG MaxStackTraceDepth
Definition: ketypes.h:1152
_KLOCK_ENTRY::AcquiredByte
UCHAR AcquiredByte
Definition: ketypes.h:987
KCONTINUE_STATUS
enum _KCONTINUE_STATUS KCONTINUE_STATUS
_KWAIT_STATUS_REGISTER::Unused
UCHAR Unused
Definition: ketypes.h:898
PKUSER_SHARED_DATA
struct _KUSER_SHARED_DATA * PKUSER_SHARED_DATA
_KTHREAD::UmsPerformingSyscall
ULONG UmsPerformingSyscall
Definition: ketypes.h:1603
_COUNTER_READING::Total
ULONG64 Total
Definition: ketypes.h:907
_KNODE::_flags::Removable
UCHAR Removable
Definition: ketypes.h:781
KDPC_LIST
struct _KDPC_LIST KDPC_LIST
_KUSER_SHARED_DATA::CryptoExponent
ULONG CryptoExponent
Definition: ketypes.h:1153
_KTHREAD::Saturation
CHAR Saturation
Definition: ketypes.h:1856
_KTHREAD::Alerted
BOOLEAN Alerted[MaximumMode]
Definition: ketypes.h:1570
Period
_In_ LARGE_INTEGER _In_ ULONG Period
Definition: kefuncs.h:1268
_FIBER
Definition: ketypes.h:179
_KTHREAD::TrapFrame
PKTRAP_FRAME TrapFrame
Definition: ketypes.h:1664
_KTHREAD::QuantumDonation
ULONG QuantumDonation
Definition: ketypes.h:1618
_COUNTER_READING
Definition: ketypes.h:902
_KLOCK_ENTRY_LOCK_STATE::InTree
ULONG_PTR InTree
Definition: ketypes.h:945
_KTHREAD::SystemThread
ULONG SystemThread
Definition: ketypes.h:1597
KEXECUTE_OPTIONS
struct _KEXECUTE_OPTIONS KEXECUTE_OPTIONS
_SYNCH_COUNTERS::ExEtwSynchTrackingNotificationsCount
ULONG ExEtwSynchTrackingNotificationsCount
Definition: ketypes.h:728
_SYNCH_COUNTERS::IpiSendRequestBroadcastCount
ULONG IpiSendRequestBroadcastCount
Definition: ketypes.h:687
_XSTATE_SAVE
Definition: ketypes.h:970
_SYNCH_COUNTERS::ExAcqResSharedAttempts
ULONG ExAcqResSharedAttempts
Definition: ketypes.h:703
PKSPIN_LOCK
KSPIN_LOCK * PKSPIN_LOCK
Definition: env_spec_w32.h:73
_KUSER_SHARED_DATA::TimeSlip
volatile ULONG TimeSlip
Definition: ketypes.h:1164
_KTHREAD::WaitBlockList
PKWAIT_BLOCK WaitBlockList
Definition: ketypes.h:1690
_KTHREAD::Reserved
ULONG Reserved
Definition: ketypes.h:1605
_KINTERRUPT::Type
CSHORT Type
Definition: ketypes.h:825
_KLOCK_ENTRY::IoQoSBoost
USHORT IoQoSBoost
Definition: ketypes.h:1076
_KENTROPY_TIMING_STATE::RawDataBuffer
PULONG RawDataBuffer
Definition: ketypes.h:2057
_KTHREAD::UserAffinitySet
ULONG UserAffinitySet
Definition: ketypes.h:1616
_KTHREAD::DeferPreemption
ULONG DeferPreemption
Definition: ketypes.h:1623
_KLOCK_ENTRY
Definition: ketypes.h:962
INT_PTR
int32_t INT_PTR
Definition: typedefs.h:62
_HARDWARE_COUNTER_TYPE
_HARDWARE_COUNTER_TYPE
Definition: pstypes.h:123
SSDT_MAX_ENTRIES
#define SSDT_MAX_ENTRIES
Definition: ketypes.h:100
_KTHREAD::Process
PKPROCESS Process
Definition: ketypes.h:1798
NUMBER_OF_LOCK_ENTRIES
#define NUMBER_OF_LOCK_ENTRIES
Definition: ketypes.h:1546
PKEVENT_PAIR
struct _KEVENT_PAIR * PKEVENT_PAIR
_KTHREAD::ProcessReadyQueue
ULONG ProcessReadyQueue
Definition: ketypes.h:1585
_KLOCK_ENTRY_LOCK_STATE::Busy
ULONG_PTR Busy
Definition: ketypes.h:943
KEVENT_PAIR
struct _KEVENT_PAIR KEVENT_PAIR
KiDmaIoCoherency
ULONG NTSYSAPI KiDmaIoCoherency
Definition: cpu.c:33
_KNODE::PfnDeferredList
struct _SINGLE_LIST_ENTRY * PfnDeferredList
Definition: ketypes.h:786
_KLOCK_ENTRY::LockState
KLOCK_ENTRY_LOCK_STATE LockState
Definition: ketypes.h:1026
KeIcacheFlushCount
ULONG NTSYSAPI KeIcacheFlushCount
Definition: cpu.c:19
_KUSER_SHARED_DATA::InterruptTime
volatile KSYSTEM_TIME InterruptTime
Definition: ketypes.h:1146
NTSYSAPI
#define NTSYSAPI
Definition: ntoskrnl.h:14
_SYNCH_COUNTERS::ExAcqResExclusiveAcquiresExclusiveRecursive
ULONG ExAcqResExclusiveAcquiresExclusiveRecursive
Definition: ketypes.h:700
_KGDTENTRY
Definition: ketypes.h:333
_KINTERRUPT::FloatingSave
BOOLEAN FloatingSave
Definition: ketypes.h:841
_KEXECUTE_OPTIONS::ExecuteDisable
UCHAR ExecuteDisable
Definition: ketypes.h:877
_SYNCH_COUNTERS::ExAcqResSharedStarveExclusiveAttempts
ULONG ExAcqResSharedStarveExclusiveAttempts
Definition: ketypes.h:709
_SYNCH_COUNTERS::ExAcqResSharedStarveExclusiveWaits
ULONG ExAcqResSharedStarveExclusiveWaits
Definition: ketypes.h:713
SYNCH_COUNTERS
struct _SYNCH_COUNTERS SYNCH_COUNTERS
_KUSER_SHARED_DATA::SystemCallReturn
ULONG SystemCallReturn
Definition: ketypes.h:1210
_RTL_RB_TREE
FIXME: should move to rtltypes.h, but we can't include it here.
Definition: ketypes.h:924
_KLOCK_ENTRY::FreeListEntry
SINGLE_LIST_ENTRY FreeListEntry
Definition: ketypes.h:967
_KTHREAD_COUNTERS::HardwareCounters
ULONG64 HardwareCounters
Definition: ketypes.h:917
_KDPC_DATA::DpcLock
ULONG_PTR DpcLock
Definition: ketypes.h:742
_SYNCH_COUNTERS::ExAcqResSharedWaits
ULONG ExAcqResSharedWaits
Definition: ketypes.h:707
_KTHREAD_COUNTERS
Definition: ketypes.h:910
_KTHREAD::UmsDirectedSwitchEnable
ULONG UmsDirectedSwitchEnable
Definition: ketypes.h:1595
_SYNCH_COUNTERS::ExAcqResSharedStarveExclusiveAcquiresExclusive
ULONG ExAcqResSharedStarveExclusiveAcquiresExclusive
Definition: ketypes.h:710
_KTIMER_TABLE::TimerExpiry
PKTIMER TimerExpiry[64]
Definition: ketypes.h:672
PKDPC_DATA
struct _KDPC_DATA * PKDPC_DATA
_KINTERRUPT::Mode
KINTERRUPT_MODE Mode
Definition: ketypes.h:845
KPROCESS_STATE
enum _KPROCESS_STATE KPROCESS_STATE
_KTHREAD::HighCycleTime
volatile ULONG HighCycleTime
Definition: ketypes.h:1560
PKSERVICE_ROUTINE
KSERVICE_ROUTINE * PKSERVICE_ROUTINE
Definition: ketypes.h:500
_KTHREAD::ExplicitIdealProcessor
ULONG ExplicitIdealProcessor
Definition: ketypes.h:1626
_KSERVICE_TABLE_DESCRIPTOR::Count
PULONG Count
Definition: ketypes.h:2039
_SYNCH_COUNTERS::ExAcqResSharedAcquiresExclusive
ULONG ExAcqResSharedAcquiresExclusive
Definition: ketypes.h:704
_KTIMER_TABLE_ENTRY
Definition: ketypes.h:661
_TIMER_TYPE
_TIMER_TYPE
Definition: ntdef.template.h:360
_KTHREAD::WaitPrcb
PKPRCB WaitPrcb
Definition: ketypes.h:1882
ULONG_PTR
uint32_t ULONG_PTR
Definition: typedefs.h:63
_KLOCK_ENTRY_LOCK_STATE::LockState
PVOID LockState
Definition: ketypes.h:947
_KTHREAD::NextProcessor
ULONG NextProcessor
Definition: ketypes.h:1795
_KUSER_SHARED_DATA::SafeBootMode
BOOLEAN SafeBootMode
Definition: ketypes.h:1178
_KPROCESS::ReservedFlags
LONG ReservedFlags
Definition: ketypes.h:2007
_KNODE::DeadStackList
SLIST_HEADER DeadStackList
Definition: ketypes.h:774
_KTHREAD::AutoAlignment
ULONG AutoAlignment
Definition: ketypes.h:1614
_FIBER::FiberData
PVOID FiberData
Definition: ketypes.h:181
KiEnableTimerWatchdog
BOOLEAN NTSYSAPI KiEnableTimerWatchdog
Definition: timerobj.c:20
_ACTIVATION_CONTEXT_STACK
Definition: rtltypes.h:967
_KLOCK_ENTRY::IoQoSWaiter
UCHAR IoQoSWaiter
Definition: ketypes.h:997
PRTL_RB_TREE
struct _RTL_RB_TREE * PRTL_RB_TREE
PCOUNTER_READING
struct _COUNTER_READING * PCOUNTER_READING
KIRQL
UCHAR KIRQL
Definition: env_spec_w32.h:591
_KPROFILE::Process
struct _KPROCESS * Process
Definition: ketypes.h:809
_SYNCH_COUNTERS::ExecutiveResourceReleaseSharedCount
ULONG ExecutiveResourceReleaseSharedCount
Definition: ketypes.h:696
_KTHREAD::PriorityFloorCounts
UCHAR PriorityFloorCounts[16]
Definition: ketypes.h:1916
_KLOCK_ENTRY::AllFlags
ULONG AllFlags
Definition: ketypes.h:1005
PNT_PRODUCT_TYPE
enum _NT_PRODUCT_TYPE * PNT_PRODUCT_TYPE
_SYNCH_COUNTERS::ExBoostSharedOwners
ULONG ExBoostSharedOwners
Definition: ketypes.h:727
_KLOCK_ENTRY::TreeNode
RTL_BALANCED_NODE TreeNode
Definition: ketypes.h:966
PKSYSTEM_ROUTINE
VOID(NTAPI * PKSYSTEM_ROUTINE)(PKSTART_ROUTINE StartRoutine, PVOID StartContext)
Definition: ketypes.h:625
GETSETCONTEXT
struct _GETSETCONTEXT GETSETCONTEXT
_KTHREAD::XStateSave
PXSTATE_SAVE XStateSave
Definition: ketypes.h:1751
_KTHREAD::ForegroundDpcStackListEntry
SINGLE_LIST_ENTRY ForegroundDpcStackListEntry
Definition: ketypes.h:1941
NTAPI
NTSTATUS(* NTAPI)(IN PFILE_FULL_EA_INFORMATION EaBuffer, IN ULONG EaLength, OUT PULONG ErrorOffset)
Definition: IoEaTest.cpp:117
_KTHREAD::MiscFlags
LONG MiscFlags
Definition: ketypes.h:1607
_KWAIT_STATUS_REGISTER::UserApc
UCHAR UserApc
Definition: ketypes.h:896
_KUSER_SHARED_DATA::NtMajorVersion
ULONG NtMajorVersion
Definition: ketypes.h:1159
_KTHREAD::KernelApcDisable
SHORT KernelApcDisable
Definition: ketypes.h:1770
_KPROFILE::Source
KPROFILE_SOURCE Source
Definition: ketypes.h:816
_KTHREAD::CallbackNestingLevel
UCHAR CallbackNestingLevel
Definition: ketypes.h:1892
_KUSER_SHARED_DATA::ImageFileExecutionOptions
ULONG ImageFileExecutionOptions
Definition: ketypes.h:1234
_KINTERRUPT::TickCount
ULONG TickCount
Definition: ketypes.h:835
PKSTART_ROUTINE
KSTART_ROUTINE * PKSTART_ROUTINE
Definition: ketypes.h:487
_KUSER_SHARED_DATA::SystemTime
volatile KSYSTEM_TIME SystemTime
Definition: ketypes.h:1147
_SYNCH_COUNTERS::ExAcqResSharedWaitForExclusiveAcquiresShared
ULONG ExAcqResSharedWaitForExclusiveAcquiresShared
Definition: ketypes.h:717
_RTL_RB_TREE::Min
PRTL_BALANCED_NODE Min
Definition: ketypes.h:927
_KEXECUTE_OPTIONS::Spare
UCHAR Spare
Definition: ketypes.h:883
_SYNCH_COUNTERS::ExAcqResSharedStarveExclusiveAcquiresShared
ULONG ExAcqResSharedStarveExclusiveAcquiresShared
Definition: ketypes.h:711
_SYNCH_COUNTERS::ExAcqResSharedStarveExclusiveNotAcquires
ULONG ExAcqResSharedStarveExclusiveNotAcquires
Definition: ketypes.h:714
_SYNCH_COUNTERS::ExAcqResSharedNotAcquires
ULONG ExAcqResSharedNotAcquires
Definition: ketypes.h:708
_GETSETCONTEXT::Apc
KAPC Apc
Definition: ketypes.h:795
LONG
long LONG
Definition: pedump.c:60
_SYNCH_COUNTERS::ExSetResOwnerPointerSharedNew
ULONG ExSetResOwnerPointerSharedNew
Definition: ketypes.h:722
_KPROCESS::ExecuteOptions
UCHAR ExecuteOptions
Definition: ketypes.h:2021
_KUSER_SHARED_DATA::NtProductType
NT_PRODUCT_TYPE NtProductType
Definition: ketypes.h:1157
_KDPC_DATA::DpcList
KDPC_LIST DpcList
Definition: ketypes.h:738
_KTHREAD::SystemHeteroCpuPolicy
UCHAR SystemHeteroCpuPolicy
Definition: ketypes.h:1652
_KTHREAD::ApcState
KAPC_STATE ApcState
Definition: ketypes.h:1668
SHORT
short SHORT
Definition: pedump.c:59
_KLOCK_ENTRY::EntryOffset
UCHAR EntryOffset
Definition: ketypes.h:975
_KTHREAD::SystemAffinityActive
ULONG SystemAffinityActive
Definition: ketypes.h:1587
PKTHREAD_COUNTERS
struct _KTHREAD_COUNTERS * PKTHREAD_COUNTERS
_KTHREAD::FirstArgument
PVOID FirstArgument
Definition: ketypes.h:1663
_KLOCK_ENTRY::SessionId
ULONG SessionId
Definition: ketypes.h:1042
_KUSER_SHARED_DATA::KdDebuggerEnabled
BOOLEAN KdDebuggerEnabled
Definition: ketypes.h:1169
_KLOCK_ENTRY::EntryLock
ULONG_PTR EntryLock
Definition: ketypes.h:1059
_GETSETCONTEXT::Event
KEVENT Event
Definition: ketypes.h:796
_KDPC_LIST
Definition: ketypes.h:676
_KTHREAD::WaitNext
ULONG WaitNext
Definition: ketypes.h:1586
_SYNCH_COUNTERS::ExAcqResSharedAcquiresShared
ULONG ExAcqResSharedAcquiresShared
Definition: ketypes.h:705
_KUSER_SHARED_DATA::TickCountMultiplier
ULONG TickCountMultiplier
Definition: ketypes.h:1145
_SYNCH_COUNTERS::ExAcqResSharedWaitForExclusiveAcquiresSharedRecursive
ULONG ExAcqResSharedWaitForExclusiveAcquiresSharedRecursive
Definition: ketypes.h:718
_KTHREAD_COUNTERS::CycleTimeBias
ULONG64 CycleTimeBias
Definition: ketypes.h:916
_KEXECUTE_OPTIONS::ImageDispatchEnable
UCHAR ImageDispatchEnable
Definition: ketypes.h:882
_KLOCK_ENTRY::CrossThreadReleasableAndBusyByte
volatile UCHAR CrossThreadReleasableAndBusyByte
Definition: ketypes.h:1031
_KTHREAD::UserHeteroCpuPolicy
UCHAR UserHeteroCpuPolicy
Definition: ketypes.h:1653
_KTHREAD::ApcInterruptRequest
ULONG ApcInterruptRequest
Definition: ketypes.h:1593
BOOLEAN
unsigned char BOOLEAN
Definition: ProcessorBind.h:185
_KPROFILE::ProfileListEntry
LIST_ENTRY ProfileListEntry
Definition: ketypes.h:808
_KTHREAD_COUNTERS::WaitReasonBitMap
ULONG64 WaitReasonBitMap
Definition: ketypes.h:912
_KPROCESS::StackCount
ULONG StackCount
Definition: ketypes.h:2023
_LOADER_PARAMETER_BLOCK
Definition: arc.h:491
_GETSETCONTEXT
Definition: ketypes.h:793
_KPROFILE::RangeLimit
PVOID RangeLimit
Definition: ketypes.h:811
_KSERVICE_TABLE_DESCRIPTOR
Definition: ketypes.h:2036
KINTERRUPT_MODE
enum _KINTERRUPT_MODE KINTERRUPT_MODE
_PP_LOOKASIDE_LIST
Definition: ketypes.h:757
_KUSER_SHARED_DATA::TickCountLowDeprecated
ULONG TickCountLowDeprecated
Definition: ketypes.h:1144
_KDPC_LIST::ListHead
SINGLE_LIST_ENTRY ListHead
Definition: ketypes.h:678
_KLOCK_ENTRY::IoQoSWaiterCount
USHORT IoQoSWaiterCount
Definition: ketypes.h:1078
VDMSERVICECLASS
enum _VDMSERVICECLASS VDMSERVICECLASS
PKLOCK_ENTRY_LOCK_STATE
struct _KLOCK_ENTRY_LOCK_STATE * PKLOCK_ENTRY_LOCK_STATE
_KLOCK_ENTRY::IoBoost
USHORT IoBoost
Definition: ketypes.h:1072
_KTHREAD::QueueListEntry
LIST_ENTRY QueueListEntry
Definition: ketypes.h:1782
_KPROCESS::ProcessListEntry
LIST_ENTRY ProcessListEntry
Definition: ketypes.h:2024
Reserved
_Reserved_ PVOID Reserved
Definition: winddi.h:3974
PKKERNEL_ROUTINE
VOID(NTAPI * PKKERNEL_ROUTINE)(IN struct _KAPC *Apc, IN OUT PKNORMAL_ROUTINE *NormalRoutine OPTIONAL, IN OUT PVOID *NormalContext OPTIONAL, IN OUT PVOID *SystemArgument1 OPTIONAL, IN OUT PVOID *SystemArgument2 OPTIONAL)
Definition: ketypes.h:642
Buffer
Definition: bufpool.h:45
_KTHREAD::WaitBlockFill10
UCHAR WaitBlockFill10[2 *sizeof(KWAIT_BLOCK)+FIELD_OFFSET(KWAIT_BLOCK, SparePtr)]
Definition: ketypes.h:1755
_KTHREAD::KernelStack
PVOID KernelStack
Definition: ketypes.h:1565
_KUSER_SHARED_DATA::ImageNumberHigh
USHORT ImageNumberHigh
Definition: ketypes.h:1150
_FIBER::DeallocationStack
PVOID DeallocationStack
Definition: ketypes.h:185
_ULARGE_INTEGER
Definition: ms-dtyp.idl:184
DECLSPEC_ALIGN
struct DECLSPEC_ALIGN(16) _M128A
Definition: ketypes.h:915
_GETSETCONTEXT::Mode
KPROCESSOR_MODE Mode
Definition: ketypes.h:797
_KTIMER_TABLE
Definition: ketypes.h:670
PVOID
void * PVOID
Definition: retypes.h:9
_FIBER::FlsData
PVOID FlsData
Definition: ketypes.h:190
_KLOCK_ENTRY::CpuPriorityKey
CHAR CpuPriorityKey
Definition: ketypes.h:1057
_KTHREAD::Timer
KTIMER Timer
Definition: ketypes.h:1701
_KINTERRUPT::DispatchCount
ULONG DispatchCount
Definition: ketypes.h:850
_KPROCESS::ThreadListHead
LIST_ENTRY ThreadListHead
Definition: ketypes.h:1997
KTHREAD_STATE
enum _KTHREAD_STATE KTHREAD_STATE
_KLOCK_ENTRY_LOCK_STATE::Reserved
ULONG_PTR Reserved
Definition: ketypes.h:944
_KTHREAD::ScbReadyQueue
ULONG ScbReadyQueue
Definition: ketypes.h:1600
_KEXECUTE_OPTIONS::DisableThunkEmulation
UCHAR DisableThunkEmulation
Definition: ketypes.h:879
_KPROCESS::DisableQuantum
LONG DisableQuantum
Definition: ketypes.h:2006
KSYSTEM_TIME
struct _KSYSTEM_TIME KSYSTEM_TIME
_KDPC_DATA::DpcCount
ULONG DpcCount
Definition: ketypes.h:748
_KINTERRUPT::Number
CCHAR Number
Definition: ketypes.h:843
KeLoaderBlock
struct _LOADER_PARAMETER_BLOCK NTSYSAPI * KeLoaderBlock
Definition: krnlinit.c:29
MAX_WOW64_SHARED_ENTRIES
#define MAX_WOW64_SHARED_ENTRIES
Definition: ketypes.h:1141
PKSYSTEM_TIME
struct _KSYSTEM_TIME * PKSYSTEM_TIME
_KTHREAD::WaitReason
UCHAR WaitReason
Definition: ketypes.h:1854
_KTHREAD::BasePriority
CHAR BasePriority
Definition: ketypes.h:1807
_KTIMER_TABLE_ENTRY::Time
ULARGE_INTEGER Time
Definition: ketypes.h:667
_KLOCK_ENTRY_LOCK_STATE::SessionId
ULONG SessionId
Definition: ketypes.h:954
_SYNCH_COUNTERS::ExecutiveResourceAcquiresCount
ULONG ExecutiveResourceAcquiresCount
Definition: ketypes.h:693
EVENT_TYPE
enum _EVENT_TYPE EVENT_TYPE
_SYNCH_COUNTERS::ExDeleteResourceCount
ULONG ExDeleteResourceCount
Definition: ketypes.h:692
_KUSER_SHARED_DATA::ImageNumberLow
USHORT ImageNumberLow
Definition: ketypes.h:1149
PKWAIT_STATUS_REGISTER
union _KWAIT_STATUS_REGISTER * PKWAIT_STATUS_REGISTER
UserTime
_Out_ PULONG UserTime
Definition: kefuncs.h:784
_KTHREAD::ExplicitSystemHeteroCpuPolicy
UCHAR ExplicitSystemHeteroCpuPolicy
Definition: ketypes.h:1654
_KNODE::Flags
struct _KNODE::_flags Flags
KLOCK_ENTRY_LOCK_STATE
struct _KLOCK_ENTRY_LOCK_STATE KLOCK_ENTRY_LOCK_STATE
_KUSER_SHARED_DATA::TickCount
volatile KSYSTEM_TIME TickCount
Definition: ketypes.h:1213
PKINTERRUPT_ROUTINE
VOID(NTAPI * PKINTERRUPT_ROUTINE)(VOID)
Definition: ketypes.h:490
_KTHREAD::DisableBoost
ULONG DisableBoost
Definition: ketypes.h:1615
_KTHREAD::Alertable
ULONG Alertable
Definition: ketypes.h:1588
SystemArgument1
_In_opt_ PVOID _In_opt_ PVOID SystemArgument1
Definition: ketypes.h:675
_KTHREAD::NpxState
ULONG64 NpxState
Definition: ketypes.h:1958
_KTHREAD::PropagateBoostsEntry
SINGLE_LIST_ENTRY PropagateBoostsEntry
Definition: ketypes.h:1914
_KINTERRUPT::InterruptListEntry
LIST_ENTRY InterruptListEntry
Definition: ketypes.h:827
_KTHREAD::WaitStatus
volatile INT_PTR WaitStatus
Definition: ketypes.h:1689
LONGLONG
int64_t LONGLONG
Definition: typedefs.h:66
PFIBER
struct _FIBER * PFIBER
_KPROCESS::Affinity
KAFFINITY Affinity
Definition: ketypes.h:1999
LONG64
int64_t LONG64
Definition: typedefs.h:66
KPROCESS
struct _KPROCESS KPROCESS
PreviousMode
_In_ KPROCESSOR_MODE PreviousMode
Definition: sefuncs.h:103
PTIMER_APC_ROUTINE
VOID(NTAPI * PTIMER_APC_ROUTINE)(_In_ PVOID TimerContext, _In_ ULONG TimerLowValue, _In_ LONG TimerHighValue)
Definition: ketypes.h:1096
KeMaximumIncrement
ULONG NTSYSAPI KeMaximumIncrement
Definition: clock.c:20
_KLOCK_ENTRY::CpuBoostsBitmap
USHORT CpuBoostsBitmap
Definition: ketypes.h:1071
KLOCK_ENTRY
struct _KLOCK_ENTRY KLOCK_ENTRY
_KWAIT_STATUS_REGISTER::Priority
UCHAR Priority
Definition: ketypes.h:894
_KTIMER_TABLE_ENTRY::Entry
LIST_ENTRY Entry
Definition: ketypes.h:666
_COUNTER_READING::Start
ULONG64 Start
Definition: ketypes.h:906
_KINTERRUPT::Irql
KIRQL Irql
Definition: ketypes.h:839
_FIBER::TebFlags
ULONG TebFlags
Definition: ketypes.h:192
_KTHREAD::KernelTime
ULONG KernelTime
Definition: ketypes.h:1877
PKRUNDOWN_ROUTINE
VOID(NTAPI * PKRUNDOWN_ROUTINE)(IN struct _KAPC *Apc)
Definition: ketypes.h:638
_KINTERRUPT::Rsvd1
ULONGLONG Rsvd1
Definition: ketypes.h:852
_KTHREAD_COUNTERS::UserData
struct _THREAD_PERFORMANCE_DATA * UserData
Definition: ketypes.h:913
_KSYSTEM_TIME::High1Time
LONG High1Time
Definition: ketypes.h:911
_KLOCK_ENTRY::HeadNodeBit
UCHAR HeadNodeBit
Definition: ketypes.h:995
_KLOCK_ENTRY::WaitingBit
UCHAR WaitingBit
Definition: ketypes.h:981
_KNODE::MmShiftedColor
ULONG MmShiftedColor
Definition: ketypes.h:784
MODE
enum _MODE MODE
PROCESSOR_FEATURE_MAX
#define PROCESSOR_FEATURE_MAX
WCHAR
__wchar_t WCHAR
Definition: xmlstorage.h:180
_KUSER_SHARED_DATA::AlternativeArchitecture
ALTERNATIVE_ARCHITECTURE_TYPE AlternativeArchitecture
Definition: ketypes.h:1165
_KTHREAD::SchedulerApc
KAPC SchedulerApc
Definition: ketypes.h:1863
_KPROCESS::SwapListEntry
SINGLE_LIST_ENTRY SwapListEntry
Definition: ketypes.h:1995
_KWAIT_STATUS_REGISTER::Flags
UCHAR Flags
Definition: ketypes.h:889
_KLOCK_ENTRY::CrossThreadFlags
UCHAR CrossThreadFlags
Definition: ketypes.h:992
CCHAR
char CCHAR
Definition: typedefs.h:50
_KTHREAD::Spare0
UCHAR Spare0
Definition: ketypes.h:1655
_SYNCH_COUNTERS::ExAcqResExclusiveNotAcquires
ULONG ExAcqResExclusiveNotAcquires
Definition: ketypes.h:702
ULONGLONG
uint64_t ULONGLONG
Definition: typedefs.h:65
_KLOCK_ENTRY::IoPriorityBit
UCHAR IoPriorityBit
Definition: ketypes.h:996
_KTHREAD::SwapListEntry
SINGLE_LIST_ENTRY SwapListEntry
Definition: ketypes.h:1694
KUSER_SHARED_DATA
struct _KUSER_SHARED_DATA KUSER_SHARED_DATA
_KPROCESS::Visited
UCHAR Visited
Definition: ketypes.h:2017
_KINTERRUPT::ShareVector
BOOLEAN ShareVector
Definition: ketypes.h:844
_KUSER_SHARED_DATA::DbgElevationEnabled
ULONG DbgElevationEnabled
Definition: ketypes.h:1195
_KTHREAD::ExpectedRunTime
ULONG ExpectedRunTime
Definition: ketypes.h:1564
_KTHREAD::StackLimit
volatile VOID * StackLimit
Definition: ketypes.h:1555
SCHAR
signed char SCHAR
Definition: sqltypes.h:14
Affinity
_In_ ULONG _In_ ULONG _In_ ULONG _Out_ PKIRQL _Out_ PKAFFINITY Affinity
Definition: halfuncs.h:170
_KINTERRUPT::MessageIndex
ULONG MessageIndex
Definition: ketypes.h:831
WAIT_TYPE
enum _WAIT_TYPE WAIT_TYPE
RTL_RB_TREE
struct _RTL_RB_TREE RTL_RB_TREE
FIXME: should move to rtltypes.h, but we can't include it here.
_KTHREAD::IoSelfBoostsEntry
SINGLE_LIST_ENTRY IoSelfBoostsEntry
Definition: ketypes.h:1915
_KTHREAD::Queue
PKQUEUE Queue
Definition: ketypes.h:1696
_KINTERRUPT::Polarity
KINTERRUPT_POLARITY Polarity
Definition: ketypes.h:847
_KEVENT_PAIR
Definition: ketypes.h:864
_KTHREAD::QuantumTarget
ULONG64 QuantumTarget
Definition: ketypes.h:1553
RTL_SIZEOF_THROUGH_FIELD
#define RTL_SIZEOF_THROUGH_FIELD(type, field)
Definition: ntbasedef.h:679
_KTHREAD::WaitBlockFill8
UCHAR WaitBlockFill8[FIELD_OFFSET(KWAIT_BLOCK, SparePtr)]
Definition: ketypes.h:1745
_KUSER_SHARED_DATA::TimeZoneId
ULONG TimeZoneId
Definition: ketypes.h:1154
_KUSER_SHARED_DATA::Reserved3
ULONG Reserved3
Definition: ketypes.h:1163
_SYNCH_COUNTERS::ExReInitializeResourceCount
ULONG ExReInitializeResourceCount
Definition: ketypes.h:691
_KEXECUTE_OPTIONS::Permanent
UCHAR Permanent
Definition: ketypes.h:880
_KTHREAD::SchedulingGroup
struct _KSCHEDULING_GROUP * SchedulingGroup
Definition: ketypes.h:1567
_KLOCK_ENTRY::LockUnsafe
PVOID LockUnsafe
Definition: ketypes.h:1027
KPROCESSOR_MODE
CCHAR KPROCESSOR_MODE
Definition: ketypes.h:7
PPP_LOOKASIDE_LIST
struct _PP_LOOKASIDE_LIST * PPP_LOOKASIDE_LIST
_KTHREAD::ChargeOnlyGroup
ULONG ChargeOnlyGroup
Definition: ketypes.h:1622
_KTHREAD::ForegroundBoost
UCHAR ForegroundBoost
Definition: ketypes.h:1813
FIBER
struct _FIBER FIBER
_SYNCH_COUNTERS
Definition: ketypes.h:682
Object
static IUnknown Object
Definition: main.c:512
_KTHREAD::WaitListEntry
LIST_ENTRY WaitListEntry
Definition: ketypes.h:1693
_KTHREAD::AffinityFill
UCHAR AffinityFill[FIELD_OFFSET(GROUP_AFFINITY, Reserved)]
Definition: ketypes.h:1831
_KTHREAD::SuspendEvent
KEVENT SuspendEvent
Definition: ketypes.h:1897
_KTHREAD::AdjustReason
UCHAR AdjustReason
Definition: ketypes.h:1818
_PP_LOOKASIDE_LIST::L
struct _GENERAL_LOOKASIDE * L
Definition: ketypes.h:760
_FIBER::GuaranteedStackBytes
ULONG GuaranteedStackBytes
Definition: ketypes.h:191
_KUSER_SHARED_DATA::NumberOfPhysicalPages
ULONG NumberOfPhysicalPages
Definition: ketypes.h:1177
_KPROCESS::CycleTime
ULONGLONG CycleTime
Definition: ketypes.h:2026
_KTHREAD::AbEntrySummary
UCHAR AbEntrySummary
Definition: ketypes.h:1902
_KTHREAD::QuantumEndMigrate
ULONG QuantumEndMigrate
Definition: ketypes.h:1594
KINTERRUPT_POLARITY
enum _KINTERRUPT_POLARITY KINTERRUPT_POLARITY
ULONG64
unsigned __int64 ULONG64
Definition: imports.h:198
TIMER_TYPE
enum _TIMER_TYPE TIMER_TYPE
_KTHREAD::DisableStackCheck
ULONG DisableStackCheck
Definition: ketypes.h:1604
_KTHREAD_COUNTERS::ContextSwitches
ULONG ContextSwitches
Definition: ketypes.h:915
UCHAR
unsigned char UCHAR
Definition: xmlstorage.h:181
KTHREAD_COUNTERS
struct _KTHREAD_COUNTERS KTHREAD_COUNTERS
_KINTERRUPT::Vector
ULONG Vector
Definition: ketypes.h:838
_SYNCH_COUNTERS::ExBoostExclusiveOwner
ULONG ExBoostExclusiveOwner
Definition: ketypes.h:726
_KUSER_SHARED_DATA::Reserved1
ULONG Reserved1
Definition: ketypes.h:1162
_KTHREAD_COUNTERS::HwCounter
COUNTER_READING HwCounter[16]
Definition: ketypes.h:918
_KINTERRUPT::ServiceRoutine
PKSERVICE_ROUTINE ServiceRoutine
Definition: ketypes.h:828
_KTHREAD::AbFreeEntryCount
UCHAR AbFreeEntryCount
Definition: ketypes.h:1932
_KPROCESS::ThreadSeed
UCHAR ThreadSeed
Definition: ketypes.h:2014
_SYNCH_COUNTERS::ExecutiveResourceConvertsCount
ULONG ExecutiveResourceConvertsCount
Definition: ketypes.h:697
_EVENT_TYPE
_EVENT_TYPE
Definition: ntdef.template.h:355
_KPROFILE::Size
CSHORT Size
Definition: ketypes.h:807
_KAPC::NormalContext
PVOID NormalContext
Definition: ketypes.h:550
_KDPC
Definition: ketypes.h:687
_KPROCESS::IdealNode
UCHAR IdealNode
Definition: ketypes.h:2016
_KPRCB
Definition: ketypes.h:555
_KTHREAD::RelativeTimerBias
ULONG64 RelativeTimerBias
Definition: ketypes.h:1699
_CONTEXT
Definition: nt_native.h:1406
_KWAIT_STATUS_REGISTER::State
UCHAR State
Definition: ketypes.h:892
PHANDLE
PVOID *typedef PHANDLE
Definition: ntsecpkg.h:414
VOID
#define VOID
Definition: acefi.h:82
_COUNTER_READING::Index
ULONG Index
Definition: ketypes.h:905
_SYNCH_COUNTERS::ExecutiveResourceContentionsCount
ULONG ExecutiveResourceContentionsCount
Definition: ketypes.h:694
Ready
Definition: ketypes.h:370
_KEVENT_PAIR::LowEvent
KEVENT LowEvent
Definition: ketypes.h:868
_KUSER_SHARED_DATA::SuiteMask
ULONG SuiteMask
Definition: ketypes.h:1168
_KTHREAD::IdealProcessor
ULONG IdealProcessor
Definition: ketypes.h:1834
_SYNCH_COUNTERS::ExAcqResSharedWaitForExclusiveAcquiresExclusive
ULONG ExAcqResSharedWaitForExclusiveAcquiresExclusive
Definition: ketypes.h:716
_KTHREAD::InGlobalForegroundList
ULONG_PTR InGlobalForegroundList
Definition: ketypes.h:1942
_KTHREAD::SchedulerApcFill4
UCHAR SchedulerApcFill4[FIELD_OFFSET(KAPC, SystemArgument2)]
Definition: ketypes.h:1886
_KAPC
Definition: ketypes.h:535
_GROUP_AFFINITY
Definition: ntbasedef.h:666
_KPROCESS::ReadyListHead
LIST_ENTRY ReadyListHead
Definition: ketypes.h:1994
_MODE
_MODE
Definition: ketypes.h:10
_KAPC_ENVIRONMENT
_KAPC_ENVIRONMENT
Definition: ketypes.h:653
_LIST_ENTRY
Definition: typedefs.h:117
_KGATE
Definition: ketypes.h:810
_KINTERRUPT
Definition: ketypes.h:823
_SYNCH_COUNTERS::SpinLockSpinCount
ULONG SpinLockSpinCount
Definition: ketypes.h:686
_KTHREAD::ForceDeferSchedule
ULONG ForceDeferSchedule
Definition: ketypes.h:1625
PGETSETCONTEXT
struct _GETSETCONTEXT * PGETSETCONTEXT
_KTHREAD::ApcStateFill
UCHAR ApcStateFill[RTL_SIZEOF_THROUGH_FIELD(KAPC_STATE, UserApcPending)]
Definition: ketypes.h:1671
KTHREAD
struct _KTHREAD KTHREAD
_KUSER_SHARED_DATA::ActiveConsoleId
volatile ULONG ActiveConsoleId
Definition: ketypes.h:1173
_KUSER_SHARED_DATA::TimeZoneBias
volatile KSYSTEM_TIME TimeZoneBias
Definition: ketypes.h:1148
_SYNCH_COUNTERS::ExAcqResSharedAcquiresSharedRecursive
ULONG ExAcqResSharedAcquiresSharedRecursive
Definition: ketypes.h:706
_KNODE::Color
UCHAR Color
Definition: ketypes.h:777
_SYNCH_COUNTERS::IpiSendRequestRoutineCount
ULONG IpiSendRequestRoutineCount
Definition: ketypes.h:688
_KTHREAD::PriorityFloorSummary
ULONG PriorityFloorSummary
Definition: ketypes.h:1917
_KPROCESS::ProcessLock
KSPIN_LOCK ProcessLock
Definition: ketypes.h:1998
_KWAIT_BLOCK
Definition: ketypes.h:443
_SYNCH_COUNTERS::ExAcqResSharedStarveExclusiveAcquiresSharedRecursive
ULONG ExAcqResSharedStarveExclusiveAcquiresSharedRecursive
Definition: ketypes.h:712
_KTHREAD::CurrentRunTime
ULONG CurrentRunTime
Definition: ketypes.h:1563
PKTIMER_TABLE
struct _KTIMER_TABLE * PKTIMER_TABLE
SystemArgument2
_In_opt_ PVOID _In_opt_ PVOID _In_opt_ PVOID SystemArgument2
Definition: ketypes.h:675
_DISPATCHER_HEADER
Definition: ketypes.h:728
_KEVENT_PAIR::Type
CSHORT Type
Definition: ketypes.h:866
_KENTROPY_TIMING_STATE
Definition: ketypes.h:2051
_KTHREAD::QuantumReset
UCHAR QuantumReset
Definition: ketypes.h:1872
_SYNCH_COUNTERS::ExAcqResExclusiveAcquiresExclusive
ULONG ExAcqResExclusiveAcquiresExclusive
Definition: ketypes.h:699
_In_
#define _In_
Definition: no_sal2.h:204
_KINTERRUPT::ActualLock
PKSPIN_LOCK ActualLock
Definition: ketypes.h:836
_KTHREAD::StackBase
PVOID StackBase
Definition: ketypes.h:1556
_KINTERRUPT::DispatchCode
ULONG DispatchCode[DISPATCH_LENGTH]
Definition: ketypes.h:858
_KTHREAD::SavedApcStateFill
UCHAR SavedApcStateFill[FIELD_OFFSET(KAPC_STATE, UserApcPending)+1]
Definition: ketypes.h:1853
KeMinimumIncrement
ULONG NTSYSAPI KeMinimumIncrement
Definition: clock.c:21
_KSYSTEM_TIME::High2Time
LONG High2Time
Definition: ketypes.h:912
_KTHREAD::QueueDeferPreemption
ULONG QueueDeferPreemption
Definition: ketypes.h:1624
_TEB
Definition: compat.h:492
_KUSER_SHARED_DATA::DbgVirtEnabled
ULONG DbgVirtEnabled
Definition: ketypes.h:1196
_KDPC_DATA::DpcQueueDepth
volatile ULONG DpcQueueDepth
Definition: ketypes.h:746
_KLOCK_ENTRY_LOCK_STATE::SessionState
PVOID SessionState
Definition: ketypes.h:951
_SYNCH_COUNTERS::ExTryToAcqExclusiveAcquires
ULONG ExTryToAcqExclusiveAcquires
Definition: ketypes.h:725
_KUSER_SHARED_DATA::DbgInstallerDetectEnabled
ULONG DbgInstallerDetectEnabled
Definition: ketypes.h:1197
_KTHREAD::LockEntries
KLOCK_ENTRY LockEntries[NUMBER_OF_LOCK_ENTRIES]
Definition: ketypes.h:1913
_SYNCH_COUNTERS::SpinLockContentionCount
ULONG SpinLockContentionCount
Definition: ketypes.h:685
State
enum State_ State
Definition: pofuncs.h:54
_KPROCESS
Definition: ketypes.h:1972
_KNODE::_flags
Definition: ketypes.h:780
_KTHREAD::PreviousMode
CHAR PreviousMode
Definition: ketypes.h:1806
_KTHREAD::SchedulerApcFill1
UCHAR SchedulerApcFill1[FIELD_OFFSET(KAPC, SpareByte1)]
Definition: ketypes.h:1871
_KUSER_SHARED_DATA::NtSystemRoot
WCHAR NtSystemRoot[260]
Definition: ketypes.h:1151
_KPROFILE::Segment
ULONG_PTR Segment
Definition: ketypes.h:814
_NT_PRODUCT_TYPE
_NT_PRODUCT_TYPE
Definition: ntdef.template.h:349
_PP_LOOKASIDE_LIST::P
struct _GENERAL_LOOKASIDE * P
Definition: ketypes.h:759
_KLOCK_ENTRY::ThreadLocalFlags
UCHAR ThreadLocalFlags
Definition: ketypes.h:978
_KLOCK_ENTRY::OwnerTree
RTL_RB_TREE OwnerTree
Definition: ketypes.h:1054
_KTHREAD::CalloutActive
ULONG CalloutActive
Definition: ketypes.h:1599
USHORT
unsigned short USHORT
Definition: pedump.c:61
PSYNCH_COUNTERS
struct _SYNCH_COUNTERS * PSYNCH_COUNTERS
_KENTROPY_TIMING_STATE::Dpc
KDPC Dpc
Definition: ketypes.h:2055
_KUSER_SHARED_DATA::TickCountQuad
volatile ULONG64 TickCountQuad
Definition: ketypes.h:1214
_KTHREAD::PriorityDecrement
CHAR PriorityDecrement
Definition: ketypes.h:1810
_KTHREAD::SuspendCount
CHAR SuspendCount
Definition: ketypes.h:1855
KAFFINITY
ULONG_PTR KAFFINITY
Definition: compat.h:75
_KNODE::_flags::Fill
UCHAR Fill
Definition: ketypes.h:782
_KDPC_DATA
Definition: ketypes.h:735
_SYNCH_COUNTERS::ExAcqResExclusiveWaits
ULONG ExAcqResExclusiveWaits
Definition: ketypes.h:701
_KSEMAPHORE
Definition: ketypes.h:803
ALTERNATIVE_ARCHITECTURE_TYPE
enum _ALTERNATIVE_ARCHITECTURE_TYPE ALTERNATIVE_ARCHITECTURE_TYPE
PKPROFILE
struct _KPROFILE * PKPROFILE
KSPIN_LOCK
ULONG KSPIN_LOCK
Definition: env_spec_w32.h:72
_KENTROPY_TIMING_STATE::EntropyCount
ULONG EntropyCount
Definition: ketypes.h:2053
_KLOCK_ENTRY::StaticState
ULONG StaticState
Definition: ketypes.h:1004
_KPROCESS::ActiveProcessors
volatile KAFFINITY ActiveProcessors
Definition: ketypes.h:1991
_KTHREAD::CycleTime
volatile ULONG64 CycleTime
Definition: ketypes.h:1558
_KLOCK_ENTRY::Spare0
UCHAR Spare0
Definition: ketypes.h:982
FIELD_OFFSET
#define FIELD_OFFSET(t, f)
Definition: typedefs.h:254
_KPROCESS::ProfileListHead
LIST_ENTRY ProfileListHead
Definition: ketypes.h:1975
LONG_PTR
__int3264 LONG_PTR
Definition: mstsclib_h.h:276
_SYNCH_COUNTERS::SpinLockAcquireCount
ULONG SpinLockAcquireCount
Definition: ketypes.h:684
_KTHREAD::WaitBlockCount
UCHAR WaitBlockCount
Definition: ketypes.h:1833
OPTIONAL
#define OPTIONAL
Definition: typedefs.h:40
PULONG
unsigned int * PULONG
Definition: retypes.h:1
_KUSER_SHARED_DATA::SystemCallPad
ULONGLONG SystemCallPad[3]
Definition: ketypes.h:1211
_KTHREAD::AdjustIncrement
CHAR AdjustIncrement
Definition: ketypes.h:1819
_KUSER_SHARED_DATA::NXSupportPolicy
UCHAR NXSupportPolicy
Definition: ketypes.h:1171
_SYNCH_COUNTERS::ExInitializeResourceCount
ULONG ExInitializeResourceCount
Definition: ketypes.h:690
_FIBER::Wx86Tib
PVOID Wx86Tib
Definition: ketypes.h:188
Reserved1
Definition: bcd.h:201
_KTHREAD::Spare12
CHAR Spare12
Definition: ketypes.h:1681
_KINTERRUPT::SynchronizeIrql
KIRQL SynchronizeIrql
Definition: ketypes.h:840
_KTHREAD::SchedulerApcFill0
UCHAR SchedulerApcFill0[FIELD_OFFSET(KAPC, SpareByte0)]
Definition: ketypes.h:1866
_KEVENT
Definition: ketypes.h:799
_KPROCESS::KernelTime
ULONG KernelTime
Definition: ketypes.h:1992
_KTHREAD::ThreadListEntry
LIST_ENTRY ThreadListEntry
Definition: ketypes.h:1898
XSAVE_FORMAT
XSAVE_FORMAT
Definition: ketypes.h:944
_KTHREAD::ReservedStackInUse
ULONG ReservedStackInUse
Definition: ketypes.h:1602
_KTHREAD::QueuedScb
struct _KSCB * QueuedScb
Definition: ketypes.h:1956
_KUSER_SHARED_DATA::LastSystemRITEventTickCount
ULONG LastSystemRITEventTickCount
Definition: ketypes.h:1176
_KTHREAD::Teb
PVOID Teb
Definition: ketypes.h:1697
_LARGE_INTEGER
Definition: typedefs.h:100
_KEXECUTE_OPTIONS::ExecuteEnable
UCHAR ExecuteEnable
Definition: ketypes.h:878
_KSERVICE_TABLE_DESCRIPTOR::Base
PULONG_PTR Base
Definition: ketypes.h:2038
_KPROFILE::BucketShift
ULONG BucketShift
Definition: ketypes.h:812
PKTHREAD_STATE
enum _KTHREAD_STATE * PKTHREAD_STATE
_KTHREAD::UserTime
ULONG UserTime
Definition: ketypes.h:1893
KSERVICE_TABLE_DESCRIPTOR
struct _KSERVICE_TABLE_DESCRIPTOR KSERVICE_TABLE_DESCRIPTOR
PKENTROPY_TIMING_STATE
struct _KENTROPY_TIMING_STATE * PKENTROPY_TIMING_STATE
_KPROCESS::Flags
KEXECUTE_OPTIONS Flags
Definition: ketypes.h:2020
COUNTER_READING
struct _COUNTER_READING COUNTER_READING
_KTHREAD::ResourceIndex
UCHAR ResourceIndex
Definition: ketypes.h:1867
_KTHREAD::Header
DISPATCHER_HEADER Header
Definition: ketypes.h:1551
DISPATCH_LENGTH
#define DISPATCH_LENGTH
Definition: ketypes.h:207
Process
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
Definition: fsrtlfuncs.h:219
_KLOCK_ENTRY_LOCK_STATE::CrossThreadReleasable
ULONG_PTR CrossThreadReleasable
Definition: ketypes.h:939
KWAIT_REASON
enum _KWAIT_REASON KWAIT_REASON
_ADJUST_REASON
_ADJUST_REASON
Definition: ketypes.h:418
_KTHREAD::GlobalForegroundListEntry
LIST_ENTRY GlobalForegroundListEntry
Definition: ketypes.h:1938
_KTHREAD::LegoData
PVOID LegoData
Definition: ketypes.h:1887
_KTHREAD::UserAffinityFill
UCHAR UserAffinityFill[FIELD_OFFSET(GROUP_AFFINITY, Reserved)]
Definition: ketypes.h:1805
_KTHREAD::Running
BOOLEAN Running
Definition: ketypes.h:1569
_KLOCK_ENTRY::SessionState
PVOID SessionState
Definition: ketypes.h:1039
_KTHREAD_COUNTERS::Flags
ULONG Flags
Definition: ketypes.h:914
_KTHREAD::StateSaveArea
XSAVE_FORMAT * StateSaveArea
Definition: ketypes.h:1566
OUT
#define OUT
Definition: typedefs.h:39
KeServiceDescriptorTable
KSERVICE_TABLE_DESCRIPTOR NTSYSAPI KeServiceDescriptorTable[SSDT_MAX_ENTRIES]
Definition: procobj.c:23
NT_PRODUCT_TYPE
enum _NT_PRODUCT_TYPE NT_PRODUCT_TYPE
_KTHREAD::State
volatile UCHAR State
Definition: ketypes.h:1679
_KTHREAD::Win32Thread
PVOID Win32Thread
Definition: ketypes.h:1756
_KLOCK_ENTRY::InTreeByte
UCHAR InTreeByte
Definition: ketypes.h:1036
_KTHREAD::Affinity
GROUP_AFFINITY Affinity
Definition: ketypes.h:1828
_KINTERRUPT::Size
CSHORT Size
Definition: ketypes.h:826
_KTHREAD_STATE
_KTHREAD_STATE
Definition: ketypes.h:367
KINTERRUPT
struct _KINTERRUPT KINTERRUPT
ULONG
unsigned int ULONG
Definition: retypes.h:1
_KWAIT_STATUS_REGISTER::Apc
UCHAR Apc
Definition: ketypes.h:895
KeDcacheFlushCount
ULONG NTSYSAPI KeDcacheFlushCount
Definition: cpu.c:20
_KTHREAD::ContextSwitches
ULONG ContextSwitches
Definition: ketypes.h:1678
_KTHREAD::SListFaultCount
SHORT SListFaultCount
Definition: ketypes.h:1857
_RTL_RB_TREE::Root
PRTL_BALANCED_NODE Root
Definition: ketypes.h:926
TimerContext
_In_ PLARGE_INTEGER _In_opt_ PTIMER_APC_ROUTINE _In_opt_ PVOID TimerContext
Definition: zwfuncs.h:428
_KTHREAD::DeferredProcessor
ULONG DeferredProcessor
Definition: ketypes.h:1796
PULONG_PTR
uint32_t * PULONG_PTR
Definition: typedefs.h:63
_KPROCESS::PowerState
UCHAR PowerState
Definition: ketypes.h:2015
_KNODE::NodeNumber
UCHAR NodeNumber
Definition: ketypes.h:779
_KUSER_SHARED_DATA::SystemCall
ULONG SystemCall
Definition: ketypes.h:1209
_KTHREAD::Preempted
UCHAR Preempted
Definition: ketypes.h:1817
PKEXECUTE_OPTIONS
struct _KEXECUTE_OPTIONS * PKEXECUTE_OPTIONS
_KTHREAD::WaitTime
ULONG WaitTime
Definition: ketypes.h:1765
_KTHREAD::Tag
volatile UCHAR Tag
Definition: ketypes.h:1651
_KTHREAD::ReadyTransition
ULONG ReadyTransition
Definition: ketypes.h:1581
_SYNCH_COUNTERS::IpiSendSoftwareInterruptCount
ULONG IpiSendSoftwareInterruptCount
Definition: ketypes.h:689
_KTHREAD::DisableQuantum
ULONG DisableQuantum
Definition: ketypes.h:1621
_KTHREAD::ApcStateIndex
UCHAR ApcStateIndex
Definition: ketypes.h:1832
_SLIST_HEADER
Definition: rtltypes.h:134
_KPROFILE
Definition: ketypes.h:804
_KNODE::PfnDereferenceSListHead
SLIST_HEADER PfnDereferenceSListHead
Definition: ketypes.h:775
PKDPC_LIST
struct _KDPC_LIST * PKDPC_LIST
KWAIT_BLOCK
struct _KWAIT_BLOCK KWAIT_BLOCK
_KNODE::ProcessorMask
KAFFINITY ProcessorMask
Definition: ketypes.h:776
_KTHREAD::ApcQueueable
ULONG ApcQueueable
Definition: ketypes.h:1601
PKNORMAL_ROUTINE
VOID(NTAPI * PKNORMAL_ROUTINE)(IN PVOID NormalContext OPTIONAL, IN PVOID SystemArgument1 OPTIONAL, IN PVOID SystemArgument2 OPTIONAL)
Definition: ketypes.h:632
_KTHREAD::WaitMode
KPROCESSOR_MODE WaitMode
Definition: ketypes.h:1686
_KDPC_DATA::ActiveDpc
PKDPC ActiveDpc
Definition: ketypes.h:750
_KNODE::Seed
UCHAR Seed
Definition: ketypes.h:778
_KEVENT_PAIR::HighEvent
KEVENT HighEvent
Definition: ketypes.h:869
_SYNCH_COUNTERS::ExAcqResSharedWaitForExclusiveWaits
ULONG ExAcqResSharedWaitForExclusiveWaits
Definition: ketypes.h:719
KPROFILE_SOURCE
enum _KPROFILE_SOURCE KPROFILE_SOURCE
_COUNTER_READING::Type
enum _HARDWARE_COUNTER_TYPE Type
Definition: ketypes.h:904
_KTHREAD::WaitBlockFill9
UCHAR WaitBlockFill9[1 *sizeof(KWAIT_BLOCK)+FIELD_OFFSET(KWAIT_BLOCK, SparePtr)]
Definition: ketypes.h:1750
_KPROCESS::UserTime
ULONG UserTime
Definition: ketypes.h:1993
_KPROCESS::AutoAlignment
LONG AutoAlignment
Definition: ketypes.h:2004
_KINTERRUPT::DispatchAddress
PKINTERRUPT_ROUTINE DispatchAddress
Definition: ketypes.h:837
_KEXECUTE_OPTIONS::ExecuteDispatchEnable
UCHAR ExecuteDispatchEnable
Definition: ketypes.h:881
CSHORT
short CSHORT
Definition: umtypes.h:127
_WAIT_TYPE
_WAIT_TYPE
Definition: ntdef.template.h:365
_KSYSTEM_TIME
Definition: ketypes.h:909
_KTHREAD::InitialStack
PVOID InitialStack
Definition: ketypes.h:1554
_KUSER_SHARED_DATA::DbgErrorPortPresent
ULONG DbgErrorPortPresent
Definition: ketypes.h:1194
ADJUST_REASON
enum _ADJUST_REASON ADJUST_REASON
KPROFILE
struct _KPROFILE KPROFILE
_KTHREAD::AffinityVersion
ULONG_PTR AffinityVersion
Definition: ketypes.h:1824
KTIMER_TABLE_ENTRY
struct _KTIMER_TABLE_ENTRY KTIMER_TABLE_ENTRY
_KINTERRUPT::ServiceContext
PVOID ServiceContext
Definition: ketypes.h:833
_KTHREAD::UserAffinity
GROUP_AFFINITY UserAffinity
Definition: ketypes.h:1802
PKLOCK_ENTRY
struct _KLOCK_ENTRY * PKLOCK_ENTRY
_KWAIT_STATUS_REGISTER::Alert
UCHAR Alert
Definition: ketypes.h:897
KiBugCheckData
ULONG_PTR NTSYSAPI KiBugCheckData[]
Definition: bug.c:30
PKNODE
struct _KNODE * PKNODE
_KTHREAD::ThreadLock
KSPIN_LOCK ThreadLock
Definition: ketypes.h:1557
Limit
_In_ LONG _In_ LONG Limit
Definition: kefuncs.h:328
_KNODE::FreeCount
ULONG FreeCount[2]
Definition: ketypes.h:785
_KTHREAD::WaitRegister
KWAIT_STATUS_REGISTER WaitRegister
Definition: ketypes.h:1568
_KTHREAD::GuiThread
ULONG GuiThread
Definition: ketypes.h:1620
_KTHREAD::ProcessStackCountDecremented
ULONG ProcessStackCountDecremented
Definition: ketypes.h:1639
ServiceTable
SERVICE_TABLE_ENTRYW ServiceTable[]
Definition: service.c:18
_KPROCESS::VdmTrapcHandler
PVOID VdmTrapcHandler
Definition: ketypes.h:1996
_KTHREAD::SystemCallNumber
ULONG SystemCallNumber
Definition: ketypes.h:1659
_SYNCH_COUNTERS::ExAcqResSharedWaitForExclusiveNotAcquires
ULONG ExAcqResSharedWaitForExclusiveNotAcquires
Definition: ketypes.h:720
_SYNCH_COUNTERS::ExecutiveResourceReleaseExclusiveCount
ULONG ExecutiveResourceReleaseExclusiveCount
Definition: ketypes.h:695
_FIBER::ActivationContextStackPointer
struct _ACTIVATION_CONTEXT_STACK * ActivationContextStackPointer
Definition: ketypes.h:189
PKAPC_STATE
* PKAPC_STATE
Definition: ketypes.h:1273
_KWAIT_STATUS_REGISTER
Definition: ketypes.h:887
_KUSER_SHARED_DATA::ComPlusPackage
ULONG ComPlusPackage
Definition: ketypes.h:1175
_KIDTENTRY
Definition: ketypes.h:384
THREAD_WAIT_OBJECTS
#define THREAD_WAIT_OBJECTS
Definition: ketypes.h:480
_KUSER_SHARED_DATA::ProcessorFeatures
BOOLEAN ProcessorFeatures[PROCESSOR_FEATURE_MAX]
Definition: ketypes.h:1161
PKSERVICE_TABLE_DESCRIPTOR
struct _KSERVICE_TABLE_DESCRIPTOR * PKSERVICE_TABLE_DESCRIPTOR
_KCONTINUE_STATUS
_KCONTINUE_STATUS
Definition: ketypes.h:428
_KPROCESS::Header
DISPATCHER_HEADER Header
Definition: ketypes.h:1974
_KPROFILE_SOURCE
_KPROFILE_SOURCE
Definition: winternl.h:2122
_KTHREAD::KeReferenceCount
volatile SHORT KeReferenceCount
Definition: ketypes.h:1924
_KTHREAD::ThreadFlagsSpare
ULONG ThreadFlagsSpare
Definition: ketypes.h:1640
_KTHREAD::MutantListHead
LIST_ENTRY MutantListHead
Definition: ketypes.h:1899
_KTHREAD::WaitBlockFill11
UCHAR WaitBlockFill11[3 *sizeof(KWAIT_BLOCK)+FIELD_OFFSET(KWAIT_BLOCK, Object)]
Definition: ketypes.h:1760
_SYNCH_COUNTERS::ExEtwSynchTrackingNotificationsAccountedCount
ULONG ExEtwSynchTrackingNotificationsAccountedCount
Definition: ketypes.h:729
_KUSER_SHARED_DATA::SpareBits
ULONG SpareBits
Definition: ketypes.h:1201
_KUSER_SHARED_DATA::DismountCount
volatile ULONG DismountCount
Definition: ketypes.h:1174
_KTHREAD::WaitIrql
KIRQL WaitIrql
Definition: ketypes.h:1685
_KUSER_SHARED_DATA::ProductTypeIsValid
BOOLEAN ProductTypeIsValid
Definition: ketypes.h:1158
_KWAIT_STATUS_REGISTER::Affinity
UCHAR Affinity
Definition: ketypes.h:893
_KUSER_SHARED_DATA::Wow64SharedInformation
ULONG Wow64SharedInformation[MAX_WOW64_SHARED_ENTRIES]
Definition: ketypes.h:1224
KNODE
struct _KNODE KNODE
_KNODE
Definition: ketypes.h:772
PP_LOOKASIDE_LIST
struct _PP_LOOKASIDE_LIST PP_LOOKASIDE_LIST
KeServiceDescriptorTableShadow
KSERVICE_TABLE_DESCRIPTOR NTSYSAPI KeServiceDescriptorTableShadow[SSDT_MAX_ENTRIES]
Definition: procobj.c:24