41#define TABLE_NUMBER_BITS 1
42#define TABLE_OFFSET_BITS 12
47#define NUMBER_SERVICE_TABLES 2
48#define NTOS_SERVICE_INDEX 0
49#define WIN32K_SERVICE_INDEX 1
62#define BITS_PER_ENTRY 5
64#define BITS_PER_ENTRY 4
71#define SERVICE_TABLE_SHIFT (12 - BITS_PER_ENTRY)
78#define SERVICE_TABLE_MASK (((1 << TABLE_NUMBER_BITS) - 1) << BITS_PER_ENTRY)
83#define SERVICE_NUMBER_MASK ((1 << TABLE_OFFSET_BITS) - 1)
90#define SERVICE_TABLE_TEST (WIN32K_SERVICE_INDEX << BITS_PER_ENTRY)
95#define CONTEXT_DEBUGGER (CONTEXT_FULL | CONTEXT_FLOATING_POINT)
100#define SSDT_MAX_ENTRIES 2
105#define PROCESSOR_ARCHITECTURE_INTEL 0
106#define PROCESSOR_ARCHITECTURE_MIPS 1
107#define PROCESSOR_ARCHITECTURE_ALPHA 2
108#define PROCESSOR_ARCHITECTURE_PPC 3
109#define PROCESSOR_ARCHITECTURE_SHX 4
110#define PROCESSOR_ARCHITECTURE_ARM 5
111#define PROCESSOR_ARCHITECTURE_IA64 6
112#define PROCESSOR_ARCHITECTURE_ALPHA64 7
113#define PROCESSOR_ARCHITECTURE_MSIL 8
114#define PROCESSOR_ARCHITECTURE_AMD64 9
115#define PROCESSOR_ARCHITECTURE_UNKNOWN 0xFFFF
120#define KOBJECT_TYPE_MASK 0x7F
121#define KOBJECT_LOCK_BIT 0x80
126#define THREAD_ALERT_INCREMENT 2
131#define KI_USER_SHARED_DATA_PHYSICAL 0x41000
136#define MAX_QUANTUM 0x7F
137#define WAIT_QUANTUM_DECREMENT 1
138#define CLOCK_QUANTUM_DECREMENT 3
143#define KI_EXCEPTION_INTERNAL 0x10000000
144#define KI_EXCEPTION_ACCESS_VIOLATION (KI_EXCEPTION_INTERNAL | 0x04)
154#if (NTDDI_VERSION >= NTDDI_LONGHORN)
167#ifndef NTOS_MODE_USER
172#define DISPATCH_LENGTH 4
173#elif (NTDDI_VERSION >= NTDDI_LONGHORN)
174#define DISPATCH_LENGTH 135
176#define DISPATCH_LENGTH 106
189#define SharedUserData ((KUSER_SHARED_DATA *)USER_SHARED_DATA)
195#define IsNEC_98 (SharedUserData->AlternativeArchitecture == NEC98x86)
199#define IsNotNEC_98 (SharedUserData->AlternativeArchitecture != NEC98x86)
216#define IsNEC_98 (FALSE)
220#define IsNotNEC_98 (TRUE)
236#define MAX_WOW64_SHARED_ENTRIES 16
241#define PROCESSOR_FEATURE_MAX 64
374#if (NTDDI_VERSION >= NTDDI_WINXPSP2)
375#define NX_SUPPORT_POLICY_ALWAYSOFF 0
376#define NX_SUPPORT_POLICY_ALWAYSON 1
377#define NX_SUPPORT_POLICY_OPTIN 2
378#define NX_SUPPORT_POLICY_OPTOUT 3
396#if (NTDDI_VERSION >= NTDDI_WS03)
551#if (NTDDI_VERSION >= NTDDI_WINXPSP2)
571#if (NTDDI_VERSION >= NTDDI_WS03)
575#if (NTDDI_VERSION >= NTDDI_LONGHORN)
577 ULONG HeapTracingPid[2];
578 ULONG CritSecTracingPid[2];
600typedef struct _VdmVirtualIca
613} VDMVIRTUALICA, *PVDMVIRTUALICA;
616typedef struct _VdmIcaUserData
619 PVDMVIRTUALICA pIcaMaster;
620 PVDMVIRTUALICA pIcaSlave;
629} VDMICAUSERDATA, *PVDMICAUSERDATA;
631typedef struct _VDM_INITIALIZE_DATA
634 PVDMICAUSERDATA IcaUserData;
635} VDM_INITIALIZE_DATA, *PVDM_INITIALIZE_DATA;
682#if (NTDDI_VERSION >= NTDDI_LONGHORN) || defined(_M_ARM) || defined(_M_AMD64)
756#if (NTDDI_VERSION >= NTDDI_LONGHORN)
762#if defined(_M_AMD64) || defined(_M_ARM)
768#if (NTDDI_VERSION >= NTDDI_LONGHORN) || defined(_M_ARM)
846#if (NTDDI_VERSION >= NTDDI_LONGHORN)
863#if (NTDDI_VERSION >= NTDDI_LONGHORN)
868#if (NTDDI_VERSION >= NTDDI_LONGHORN)
903#if (NTDDI_VERSION >= NTDDI_WIN7)
940#if (NTDDI_VERSION >= NTDDI_WIN8)
948#if (NTDDI_VERSION >= NTDDI_WINBLUE)
955#if (NTDDI_VERSION >= NTDDI_WIN10)
986#if (NTDDI_VERSION >= NTDDI_WIN10)
1034 volatile UCHAR HeadNodeByte;
1047#if (NTDDI_VERSION >= NTDDI_WIN10)
1050 volatile UCHAR WaitingAndBusyByte;
1109#if (NTDDI_VERSION < NTDDI_WIN8)
1114#if (NTDDI_VERSION >= NTDDI_LONGHORN)
1127#if (NTDDI_VERSION >= NTDDI_WIN7)
1135 ULONG KernelStackResident:1;
1141 ULONG GdiFlushActive:1;
1159#if (NTDDI_VERSION >= NTDDI_LONGHORN)
1161#if (NTDDI_VERSION >= NTDDI_WIN7)
1181#if !defined(_M_AMD64) && !defined(_M_ARM64)
1189#if (NTDDI_VERSION >= NTDDI_WIN7)
1197#if (NTDDI_VERSION >= NTDDI_LONGHORN)
1202 ULONG KernelStackResident:1;
1208 ULONG GdiFlushActive:1;
1218#if (NTDDI_VERSION < NTDDI_LONGHORN)
1222 volatile UCHAR SwapBusy;
1231#if !defined(_M_AMD64) && !defined(_M_ARM64)
1245#if (NTDDI_VERSION >= NTDDI_WIN7)
1265#if (NTDDI_VERSION >= NTDDI_LONGHORN)
1266 ULONG EtwStackTraceApc1Inserted:1;
1267 ULONG EtwStackTraceApc2Inserted:1;
1268 ULONG CycleChargePending:1;
1273 ULONG ReservedFlags:23;
1275 LONG ReservedFlags:30;
1280#if defined(_WIN64) && (NTDDI_VERSION < NTDDI_WIN7)
1284#if (NTDDI_VERSION >= NTDDI_WIN7)
1294#if (NTDDI_VERSION < NTDDI_WIN7)
1298#if (NTDDI_VERSION >= NTDDI_LONGHORN)
1299 UCHAR IdealProcessor;
1312 UCHAR ResourceIndex;
1324 ULONG ContextSwitches;
1339#if (NTDDI_VERSION >= NTDDI_WIN7)
1342 UCHAR WaitBlockFill7[168];
1343 PVOID TebMappedLowVa;
1344 struct _UMS_CONTROL_BLOCK* Ucb;
1349#if (NTDDI_VERSION >= NTDDI_WIN7)
1350 UCHAR WaitBlockFill8[188];
1358 SHORT KernelApcDisable;
1359 SHORT SpecialApcDisable;
1361 ULONG CombinedApcDisable;
1368#if (NTDDI_VERSION >= NTDDI_LONGHORN)
1369 PVOID FirstArgument;
1372 PVOID CallbackStack;
1376 PVOID CallbackStack;
1378#if (NTDDI_VERSION < NTDDI_LONGHORN) || ((NTDDI_VERSION < NTDDI_WIN7) && !defined(_WIN64))
1381#if (NTDDI_VERSION < NTDDI_LONGHORN) && defined(_WIN64)
1384 UCHAR ApcStateIndex;
1385#if (NTDDI_VERSION < NTDDI_LONGHORN)
1386 UCHAR IdealProcessor;
1396 SCHAR PriorityDecrement;
1397#if (NTDDI_VERSION >= NTDDI_LONGHORN)
1400 CHAR AdjustIncrement;
1401#if (NTDDI_VERSION >= NTDDI_WIN7)
1408#if (NTDDI_VERSION >= NTDDI_LONGHORN)
1409 ULONG SystemCallNumber;
1410#if (NTDDI_VERSION >= NTDDI_WIN7)
1416#if (NTDDI_VERSION >= NTDDI_WIN7)
1420 ULONG IdealProcessor;
1421 ULONG UserIdealProcessor;
1434#if (NTDDI_VERSION >= NTDDI_WIN7)
1444#if (NTDDI_VERSION >= NTDDI_WIN7)
1447 UCHAR UserIdealProcessor;
1449#if (NTDDI_VERSION >= NTDDI_WIN7)
1450#elif (NTDDI_VERSION >= NTDDI_LONGHORN)
1453 UCHAR CalloutActive;
1456 UCHAR CodePatchInProgress;
1461#if (NTDDI_VERSION >= NTDDI_LONGHORN)
1462 UCHAR OtherPlatformFill;
1474 UCHAR SuspendApcFill0[1];
1475#if (NTDDI_VERSION >= NTDDI_WIN7)
1476 UCHAR ResourceIndex;
1477#elif (NTDDI_VERSION >= NTDDI_LONGHORN)
1485 UCHAR SuspendApcFill1[3];
1490 UCHAR SuspendApcFill2[4];
1496#if (NTDDI_VERSION >= NTDDI_LONGHORN)
1510#if (NTDDI_VERSION >= NTDDI_WIN7)
1530 ULONG SListFaultCount;
1535 ULONG SListFaultCount;
1538#if (NTDDI_VERSION >= NTDDI_LONGHORN)
1541 PVOID SListFaultAddress;
1543 LONG64 ReadOperationCount;
1544 LONG64 WriteOperationCount;
1545 LONG64 OtherOperationCount;
1546 LONG64 ReadTransferCount;
1547 LONG64 WriteTransferCount;
1548 LONG64 OtherTransferCount;
1550#if (NTDDI_VERSION >= NTDDI_WIN7)
1553#elif (NTDDI_VERSION >= NTDDI_LONGHORN)
1554 PVOID MdlForLockedTeb;
1560#if defined(_WIN64) && (NTDDI_VERSION < 0x06032580)
1561#define NUMBER_OF_LOCK_ENTRIES 5
1563#define NUMBER_OF_LOCK_ENTRIES 6
1593#if (NTDDI_VERSION < NTDDI_WIN10)
1594 ULONG KernelStackResident : 1;
1599#if (NTDDI_VERSION < NTDDI_WIN10TH2)
1606#if (NTDDI_VERSION < NTDDI_WIN81)
1607 ULONG CodePatchInProgress : 1;
1645#if (NTDDI_VERSION >= 0x060324D7)
1646 ULONG TerminationApcRequest : 1;
1648#if (NTDDI_VERSION >= 0x06032580)
1649 ULONG AutoBoostEntriesExhausted : 1;
1651#if (NTDDI_VERSION >= 0x06032580)
1652 ULONG KernelStackResident : 1;
1654#if (NTDDI_VERSION >= NTDDI_WIN10)
1660#if (NTDDI_VERSION < NTDDI_WIN10)
1661 ULONG ReservedFlags : 10;
1667#if (NTDDI_VERSION >= NTDDI_WIN10)
1697#if (NTDDI_VERSION >= NTDDI_WIN10)
1715#if (NTDDI_VERSION >= NTDDI_WIN8 )
1733#if (NTDDI_VERSION >= NTDDI_WIN10)
1779 struct _UMS_CONTROL_BLOCK* Ucb;
1780 struct _KUMS_CONTEXT_HEADER* Uch;
1797 PVOID TebMappedLowVa;
1800#if (NTDDI_VERSION >= 0x060223F0)
1806 ULONG NextProcessorNumber : 31;
1807 ULONG SharedReadyQueue : 1;
1840#if (NTDDI_VERSION >= NTDDI_WIN10)
1855#if (NTDDI_VERSION >= NTDDI_WIN10)
1918#if (NTDDI_VERSION >= NTDDI_WIN10)
1923 ULONG SecureThreadCookie;
1925#elif (NTDDI_VERSION >= NTDDI_WINBLUE)
1929#if (NTDDI_VERSION >= NTDDI_WINBLUE )
1936 #if (NTDDI_VERSION >= NTDDI_WIN10_RS1)
1940 #if (NTDDI_VERSION >= NTDDI_WIN10)
1943 volatile SHORT AbReferenceCount;
1945 #if (NTDDI_VERSION >= 0x06040000)
1946 UCHAR AbOrphanedEntrySummary;
1947 UCHAR AbOwnedEntryCount;
1965 LONG64 ReadOperationCount;
1966 LONG64 WriteOperationCount;
1967 LONG64 OtherOperationCount;
1968 LONG64 ReadTransferCount;
1969 LONG64 WriteTransferCount;
1970 LONG64 OtherTransferCount;
1972#if (NTDDI_VERSION >= NTDDI_WIN10)
1983#define ASSERT_THREAD(object) \
1984 ASSERT((((object)->Header.Type & KOBJECT_TYPE_MASK) == ThreadObject))
1993#if (NTDDI_VERSION >= NTDDI_LONGHORN)
2042#if (NTDDI_VERSION >= NTDDI_LONGHORN)
2047#define ASSERT_PROCESS(object) \
2048 ASSERT((((object)->Header.Type & KOBJECT_TYPE_MASK) == ProcessObject))
2059 LONG TableBaseGpOffset;
2064#if (NTDDI_VERSION >= NTDDI_WIN8)
2080#define KENTROPY_TIMING_INTERRUPTS_PER_BUFFER 0x400
2081#define KENTROPY_TIMING_BUFFER_MASK 0x7ff
2082#define KENTROPY_TIMING_ANALYSIS 0x0
static SERVICE_TABLE_ENTRYW ServiceTable[2]
enum _NT_PRODUCT_TYPE NT_PRODUCT_TYPE
enum _NT_PRODUCT_TYPE * PNT_PRODUCT_TYPE
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
enum _KPROFILE_SOURCE KPROFILE_SOURCE
VOID(CALLBACK * PTIMER_APC_ROUTINE)(PVOID, ULONG, LONG)
@ ProfileIntegerInstructions
@ ProfileBranchMispredictions
@ ProfileStoreInstructions
@ ProfileMemoryBarrierCycles
@ ProfileLoadLinkedIssues
@ ProfileSpecialInstructions
@ ProfileBranchInstructions
@ ProfileLoadInstructions
#define NUMBER_OF_LOCK_ENTRIES
struct _KINTERRUPT KINTERRUPT
VOID(NTAPI * PKSYSTEM_ROUTINE)(PKSTART_ROUTINE StartRoutine, PVOID StartContext)
ULONG NTSYSAPI KeIcacheFlushCount
struct _KPROFILE KPROFILE
struct _KDPC_DATA KDPC_DATA
struct _KTHREAD_COUNTERS KTHREAD_COUNTERS
struct _KDPC_LIST KDPC_LIST
struct _COUNTER_READING * PCOUNTER_READING
struct _KEXECUTE_OPTIONS KEXECUTE_OPTIONS
struct _KDPC_LIST * PKDPC_LIST
enum _ADJUST_REASON ADJUST_REASON
struct _KEVENT_PAIR * PKEVENT_PAIR
@ EventSynchronizationObject
@ TimerNotificationObject
@ TimerSynchronizationObject
@ EventNotificationObject
struct _PP_LOOKASIDE_LIST * PPP_LOOKASIDE_LIST
ULONG_PTR NTSYSAPI KiBugCheckData[]
struct _KEVENT_PAIR KEVENT_PAIR
struct _KTHREAD_COUNTERS * PKTHREAD_COUNTERS
enum _KCONTINUE_STATUS KCONTINUE_STATUS
struct _RTL_RB_TREE RTL_RB_TREE
FIXME: should move to rtltypes.h, but we can't include it here.
struct _KLOCK_ENTRY KLOCK_ENTRY
struct _KDPC_DATA * PKDPC_DATA
struct _KTIMER_TABLE KTIMER_TABLE
ULONG NTSYSAPI KiDmaIoCoherency
struct _PP_LOOKASIDE_LIST PP_LOOKASIDE_LIST
@ VdmPrinterDirectIoClose
enum _KTHREAD_STATE KTHREAD_STATE
struct _COUNTER_READING COUNTER_READING
struct _KLOCK_ENTRY * PKLOCK_ENTRY
ULONG NTSYSAPI KeMaximumIncrement
struct _KTIMER_TABLE_ENTRY * PKTIMER_TABLE_ENTRY
struct _KPROCESS KPROCESS
VOID(NTAPI * PKRUNDOWN_ROUTINE)(IN struct _KAPC *Apc)
struct _KLOCK_ENTRY_LOCK_STATE KLOCK_ENTRY_LOCK_STATE
union _KWAIT_STATUS_REGISTER KWAIT_STATUS_REGISTER
struct _KPROFILE * PKPROFILE
struct _KTIMER_TABLE * PKTIMER_TABLE
struct _KENTROPY_TIMING_STATE * PKENTROPY_TIMING_STATE
enum _KPROCESS_STATE KPROCESS_STATE
enum _KTHREAD_STATE * PKTHREAD_STATE
struct _KSERVICE_TABLE_DESCRIPTOR KSERVICE_TABLE_DESCRIPTOR
BOOLEAN NTSYSAPI KiEnableTimerWatchdog
enum _KPROCESS_STATE * PKPROCESS_STATE
KSERVICE_TABLE_DESCRIPTOR NTSYSAPI KeServiceDescriptorTable[SSDT_MAX_ENTRIES]
enum _VDMSERVICECLASS VDMSERVICECLASS
struct _GETSETCONTEXT * PGETSETCONTEXT
ULONG NTSYSAPI KeDcacheFlushCount
@ ContinueProcessorReselected
struct _KEXECUTE_OPTIONS * PKEXECUTE_OPTIONS
struct _KSERVICE_TABLE_DESCRIPTOR * PKSERVICE_TABLE_DESCRIPTOR
struct _KENTROPY_TIMING_STATE KENTROPY_TIMING_STATE
struct _LOADER_PARAMETER_BLOCK NTSYSAPI * KeLoaderBlock
union _KWAIT_STATUS_REGISTER * PKWAIT_STATUS_REGISTER
struct _GETSETCONTEXT GETSETCONTEXT
VOID(NTAPI * PKKERNEL_ROUTINE)(IN struct _KAPC *Apc, IN OUT PKNORMAL_ROUTINE *NormalRoutine OPTIONAL, IN OUT PVOID *NormalContext OPTIONAL, IN OUT PVOID *SystemArgument1 OPTIONAL, IN OUT PVOID *SystemArgument2 OPTIONAL)
struct _SYNCH_COUNTERS SYNCH_COUNTERS
KSERVICE_TABLE_DESCRIPTOR NTSYSAPI KeServiceDescriptorTableShadow[SSDT_MAX_ENTRIES]
struct _SYNCH_COUNTERS * PSYNCH_COUNTERS
VOID(NTAPI * PKNORMAL_ROUTINE)(IN PVOID NormalContext OPTIONAL, IN PVOID SystemArgument1 OPTIONAL, IN PVOID SystemArgument2 OPTIONAL)
struct _RTL_RB_TREE * PRTL_RB_TREE
ULONG NTSYSAPI KeMinimumIncrement
struct _KTIMER_TABLE_ENTRY KTIMER_TABLE_ENTRY
enum _KAPC_ENVIRONMENT KAPC_ENVIRONMENT
struct _KLOCK_ENTRY_LOCK_STATE * PKLOCK_ENTRY_LOCK_STATE
#define DECLSPEC_ALIGN(x)
#define RTL_SIZEOF_THROUGH_FIELD(type, field)
enum _TIMER_TYPE TIMER_TYPE
enum _EVENT_TYPE EVENT_TYPE
enum _WAIT_TYPE WAIT_TYPE
enum _KINTERRUPT_MODE KINTERRUPT_MODE
enum _HARDWARE_COUNTER_TYPE Type
ULONG GuaranteedStackBytes
struct _ACTIVATION_CONTEXT_STACK * ActivationContextStackPointer
struct _EXCEPTION_REGISTRATION_RECORD * ExceptionList
volatile ULONG DpcQueueDepth
SINGLE_LIST_ENTRY ListHead
SINGLE_LIST_ENTRY * LastEntry
ULONG LastDeliveredBuffer
UCHAR DisableThunkEmulation
UCHAR ExecuteDispatchEnable
UCHAR ImageDispatchEnable
PKINTERRUPT_ROUTINE DispatchAddress
ULONG DispatchCode[DISPATCH_LENGTH]
KINTERRUPT_POLARITY Polarity
PKSERVICE_ROUTINE MessageServiceRoutine
LIST_ENTRY InterruptListEntry
PKSERVICE_ROUTINE ServiceRoutine
ULONG_PTR CrossThreadReleasable
KLOCK_ENTRY_LOCK_STATE LockState
volatile UCHAR CrossThreadReleasableAndBusyByte
SINGLE_LIST_ENTRY FreeListEntry
RTL_BALANCED_NODE TreeNode
USHORT IoNormalPriorityWaiterCount
SLIST_HEADER DeadStackList
struct _SINGLE_LIST_ENTRY * PfnDeferredList
struct _KNODE::_flags Flags
SLIST_HEADER PfnDereferenceSListHead
LIST_ENTRY ProcessListEntry
SINGLE_LIST_ENTRY SwapListEntry
volatile KAFFINITY ActiveProcessors
ULONG_PTR DirectoryTableBase
LIST_ENTRY ProfileListHead
LIST_ENTRY ThreadListHead
struct _KPROCESS * Process
LIST_ENTRY ProfileListEntry
struct _THREAD_PERFORMANCE_DATA * UserData
COUNTER_READING HwCounter[16]
ULONG ApcInterruptRequest
UCHAR SchedulerApcFill4[FIELD_OFFSET(KAPC, SystemArgument2)]
ULONG UserStackWalkActive
volatile INT_PTR WaitStatus
UCHAR CallbackNestingLevel
LONG AbCompletedIoQoSBoostCount
ULONG_PTR AffinityVersion
UCHAR WaitBlockFill10[2 *sizeof(KWAIT_BLOCK)+FIELD_OFFSET(KWAIT_BLOCK, SparePtr)]
ULONG_PTR InGlobalForegroundList
ULONG SystemAffinityActive
BOOLEAN Alerted[MaximumMode]
volatile ULONG64 CycleTime
LIST_ENTRY GlobalForegroundListEntry
volatile LONG AbCompletedIoBoostCount
UCHAR ApcStateFill[RTL_SIZEOF_THROUGH_FIELD(KAPC_STATE, UserApcPending)]
ULONG CommitFailTerminateRequest
UCHAR SuspendApcFill3[FIELD_OFFSET(KAPC, SystemArgument1)]
UCHAR SchedulerApcFill0[FIELD_OFFSET(KAPC, SpareByte0)]
struct _KTHREAD_COUNTERS * ThreadCounters
SINGLE_LIST_ENTRY SwapListEntry
KLOCK_ENTRY LockEntries[NUMBER_OF_LOCK_ENTRIES]
ULONG QueueDeferPreemption
UCHAR SchedulerApcFill5[FIELD_OFFSET(KAPC, Inserted)+1]
GROUP_AFFINITY UserAffinity
LIST_ENTRY ThreadListEntry
UCHAR SystemHeteroCpuPolicy
ULONG UmsPerformingSyscall
UCHAR UserHeteroCpuPolicy
UCHAR SchedulerApcFill2[FIELD_OFFSET(KAPC, SpareLong0)]
UCHAR AffinityFill[FIELD_OFFSET(GROUP_AFFINITY, Reserved)]
ULONG PriorityFloorSummary
volatile SHORT KeReferenceCount
ULONG ExplicitIdealProcessor
UCHAR WaitBlockFill8[FIELD_OFFSET(KWAIT_BLOCK, SparePtr)]
volatile ULONG HighCycleTime
LIST_ENTRY MutantListHead
UCHAR SchedulerApcFill1[FIELD_OFFSET(KAPC, SpareByte1)]
UCHAR PriorityFloorCounts[16]
UCHAR ExplicitSystemHeteroCpuPolicy
SINGLE_LIST_ENTRY IoSelfBoostsEntry
SINGLE_LIST_ENTRY PropagateBoostsEntry
KWAIT_STATUS_REGISTER WaitRegister
PKWAIT_BLOCK WaitBlockList
ULONG ProcessStackCountDecremented
ULONG64 RelativeTimerBias
ULONG EtwStackTraceApcInserted
UCHAR SavedApcStateFill[FIELD_OFFSET(KAPC_STATE, UserApcPending)+1]
UCHAR WaitBlockFill9[1 *sizeof(KWAIT_BLOCK)+FIELD_OFFSET(KWAIT_BLOCK, SparePtr)]
XSAVE_FORMAT * StateSaveArea
UCHAR WaitBlockFill11[3 *sizeof(KWAIT_BLOCK)+FIELD_OFFSET(KWAIT_BLOCK, Object)]
volatile VOID * StackLimit
LIST_ENTRY QueueListEntry
ULONG ProcessDetachActive
struct _KSCHEDULING_GROUP * SchedulingGroup
ULONG UmsDirectedSwitchEnable
SINGLE_LIST_ENTRY ForegroundDpcStackListEntry
UCHAR UserAffinityFill[FIELD_OFFSET(GROUP_AFFINITY, Reserved)]
KTIMER_TABLE_ENTRY TimerEntries[256]
BOOLEAN ProductTypeIsValid
ULONG DbgInstallerDetectEnabled
volatile KSYSTEM_TIME SystemTime
ULONG TickCountLowDeprecated
NT_PRODUCT_TYPE NtProductType
ULONGLONG TestRetInstruction
volatile ULONG ActiveConsoleId
BOOLEAN KdDebuggerEnabled
ULONG TickCountMultiplier
LONGLONG ConsoleSessionForegroundProcessId
ULONG Wow64SharedInformation[MAX_WOW64_SHARED_ENTRIES]
ULONG DbgElevationEnabled
BOOLEAN ProcessorFeatures[PROCESSOR_FEATURE_MAX]
ULONG LastSystemRITEventTickCount
ULONG NumberOfPhysicalPages
volatile ULONG64 TickCountQuad
volatile KSYSTEM_TIME TickCount
volatile KSYSTEM_TIME InterruptTime
LARGE_INTEGER SystemExpirationDate
ULONG DbgErrorPortPresent
ULONG ImageFileExecutionOptions
ALTERNATIVE_ARCHITECTURE_TYPE AlternativeArchitecture
volatile ULONG DismountCount
volatile KSYSTEM_TIME TimeZoneBias
ULONGLONG SystemCallPad[3]
USHORT UserModeGlobalLogger[16]
struct _GENERAL_LOOKASIDE * P
struct _GENERAL_LOOKASIDE * L
FIXME: should move to rtltypes.h, but we can't include it here.
ULONG ExTryToAcqExclusiveAcquires
ULONG ExTryToAcqExclusiveAttempts
ULONG ExInitializeResourceCount
ULONG ExecutiveResourceReleaseSharedCount
ULONG ExAcqResSharedAcquiresExclusive
ULONG ExAcqResExclusiveNotAcquires
ULONG ExAcqResSharedStarveExclusiveNotAcquires
ULONG ExSetResOwnerPointerSharedOld
ULONG ExAcqResSharedWaitForExclusiveAcquiresSharedRecursive
ULONG ExAcqResExclusiveAcquiresExclusiveRecursive
ULONG ExEtwSynchTrackingNotificationsAccountedCount
ULONG ExecutiveResourceConvertsCount
ULONG ExecutiveResourceReleaseExclusiveCount
ULONG IpiSendRequestBroadcastCount
ULONG ExAcqResExclusiveWaits
ULONG ExAcqResSharedWaitForExclusiveWaits
ULONG ExAcqResSharedWaits
ULONG ExAcqResSharedWaitForExclusiveAcquiresExclusive
ULONG SpinLockContentionCount
ULONG ExAcqResSharedStarveExclusiveAttempts
ULONG ExAcqResSharedAttempts
ULONG ExDeleteResourceCount
ULONG ExecutiveResourceContentionsCount
ULONG ExAcqResSharedWaitForExclusiveAttempts
ULONG ExAcqResSharedWaitForExclusiveNotAcquires
ULONG ExEtwSynchTrackingNotificationsCount
ULONG ExBoostSharedOwners
ULONG IpiSendRequestRoutineCount
ULONG ExAcqResSharedStarveExclusiveAcquiresSharedRecursive
ULONG ExAcqResSharedStarveExclusiveAcquiresShared
ULONG ExAcqResSharedStarveExclusiveWaits
ULONG ExAcqResSharedAcquiresShared
ULONG IpiSendSoftwareInterruptCount
ULONG ExSetResOwnerPointerExclusive
ULONG ExAcqResSharedNotAcquires
ULONG ExReInitializeResourceCount
ULONG ExAcqResSharedWaitForExclusiveAcquiresShared
ULONG ExecutiveResourceAcquiresCount
ULONG ExAcqResSharedStarveExclusiveAcquiresExclusive
ULONG ExAcqResExclusiveAttempts
ULONG ExSetResOwnerPointerSharedNew
ULONG ExAcqResExclusiveAcquiresExclusive
ULONG SpinLockAcquireCount
ULONG ExBoostExclusiveOwner
ULONG ExAcqResSharedAcquiresSharedRecursive
#define FIELD_OFFSET(t, f)
_Must_inspect_result_ _In_ WDFCOLLECTION _In_ WDFOBJECT Object
_Must_inspect_result_ _In_ PWDFDEVICE_INIT _In_ WDF_DEVICE_POWER_STATE PowerState
_Reserved_ PVOID Reserved
_In_ ULONG _In_ ULONG _In_ ULONG _Out_ PKIRQL _Out_ PKAFFINITY Affinity
_In_ LARGE_INTEGER _In_ ULONG Period
_In_ LONG _In_ LONG Limit
#define PROCESSOR_FEATURE_MAX
struct _KUSER_SHARED_DATA KUSER_SHARED_DATA
KSTART_ROUTINE * PKSTART_ROUTINE
struct _KSYSTEM_TIME KSYSTEM_TIME
KSERVICE_ROUTINE * PKSERVICE_ROUTINE
#define MAX_WOW64_SHARED_ENTRIES
_In_opt_ PVOID _In_opt_ PVOID SystemArgument1
struct _KWAIT_BLOCK KWAIT_BLOCK
enum _KINTERRUPT_POLARITY KINTERRUPT_POLARITY
#define THREAD_WAIT_OBJECTS
_ALTERNATIVE_ARCHITECTURE_TYPE
struct _KUSER_SHARED_DATA * PKUSER_SHARED_DATA
struct _KSYSTEM_TIME * PKSYSTEM_TIME
VOID(NTAPI * PKINTERRUPT_ROUTINE)(VOID)
enum _KWAIT_REASON KWAIT_REASON
_In_opt_ PVOID _In_opt_ PVOID _In_opt_ PVOID SystemArgument2
enum _ALTERNATIVE_ARCHITECTURE_TYPE ALTERNATIVE_ARCHITECTURE_TYPE
_In_ ULONG _In_opt_ POBJECT_ATTRIBUTES _In_opt_ HANDLE _Out_opt_ PCLIENT_ID _In_ PKSTART_ROUTINE StartRoutine
_In_ KPROCESSOR_MODE PreviousMode
_In_ PLARGE_INTEGER _In_opt_ PTIMER_APC_ROUTINE _In_opt_ PVOID TimerContext
1.9.6