26 #ifndef NTOS_MODE_USER
41 #define TABLE_NUMBER_BITS 1
42 #define TABLE_OFFSET_BITS 12
47 #define NUMBER_SERVICE_TABLES 2
48 #define NTOS_SERVICE_INDEX 0
49 #define WIN32K_SERVICE_INDEX 1
62 #define BITS_PER_ENTRY 5 // (1 << 5) = 32 bytes
64 #define BITS_PER_ENTRY 4 // (1 << 4) = 16 bytes
71 #define SERVICE_TABLE_SHIFT (12 - BITS_PER_ENTRY)
78 #define SERVICE_TABLE_MASK (((1 << TABLE_NUMBER_BITS) - 1) << BITS_PER_ENTRY)
83 #define SERVICE_NUMBER_MASK ((1 << TABLE_OFFSET_BITS) - 1)
90 #define SERVICE_TABLE_TEST (WIN32K_SERVICE_INDEX << BITS_PER_ENTRY)
95 #define CONTEXT_DEBUGGER (CONTEXT_FULL | CONTEXT_FLOATING_POINT)
100 #define SSDT_MAX_ENTRIES 2
105 #define PROCESSOR_ARCHITECTURE_INTEL 0
106 #define PROCESSOR_ARCHITECTURE_MIPS 1
107 #define PROCESSOR_ARCHITECTURE_ALPHA 2
108 #define PROCESSOR_ARCHITECTURE_PPC 3
109 #define PROCESSOR_ARCHITECTURE_SHX 4
110 #define PROCESSOR_ARCHITECTURE_ARM 5
111 #define PROCESSOR_ARCHITECTURE_IA64 6
112 #define PROCESSOR_ARCHITECTURE_ALPHA64 7
113 #define PROCESSOR_ARCHITECTURE_MSIL 8
114 #define PROCESSOR_ARCHITECTURE_AMD64 9
115 #define PROCESSOR_ARCHITECTURE_UNKNOWN 0xFFFF
120 #define KOBJECT_TYPE_MASK 0x7F
121 #define KOBJECT_LOCK_BIT 0x80
126 #define THREAD_ALERT_INCREMENT 2
131 #define KI_USER_SHARED_DATA_PHYSICAL 0x41000
136 #define MAX_QUANTUM 0x7F
137 #define WAIT_QUANTUM_DECREMENT 1
138 #define CLOCK_QUANTUM_DECREMENT 3
143 #define KF_V86_VIS 0x00000001
144 #define KF_RDTSC 0x00000002
145 #define KF_CR4 0x00000004
146 #define KF_CMOV 0x00000008
147 #define KF_GLOBAL_PAGE 0x00000010
148 #define KF_LARGE_PAGE 0x00000020
149 #define KF_MTRR 0x00000040
150 #define KF_CMPXCHG8B 0x00000080
151 #define KF_MMX 0x00000100
152 #define KF_WORKING_PTE 0x00000200
153 #define KF_PAT 0x00000400
154 #define KF_FXSR 0x00000800
155 #define KF_FAST_SYSCALL 0x00001000
156 #define KF_XMMI 0x00002000
157 #define KF_3DNOW 0x00004000
158 #define KF_AMDK6MTRR 0x00008000
159 #define KF_XMMI64 0x00010000
160 #define KF_DTS 0x00020000
161 #define KF_BRANCH 0x00020000 // from ksamd64.inc
162 #define KF_SSE3 0x00080000
163 #define KF_CMPXCHG16B 0x00100000
164 #define KF_XSTATE 0x00800000 // from ks386.inc, ksamd64.inc
165 #define KF_NX_BIT 0x20000000
166 #define KF_NX_DISABLED 0x40000000
167 #define KF_NX_ENABLED 0x80000000
169 #define KF_XSAVEOPT_BIT 15
170 #define KF_XSTATE_BIT 23
171 #define KF_RDWRFSGSBASE_BIT 28
176 #define KI_EXCEPTION_INTERNAL 0x10000000
177 #define KI_EXCEPTION_ACCESS_VIOLATION (KI_EXCEPTION_INTERNAL | 0x04)
187 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
200 #ifndef NTOS_MODE_USER
205 #define DISPATCH_LENGTH 4
206 #elif (NTDDI_VERSION >= NTDDI_LONGHORN)
207 #define DISPATCH_LENGTH 135
209 #define DISPATCH_LENGTH 106
222 #define SharedUserData ((KUSER_SHARED_DATA *)USER_SHARED_DATA)
227 #define MAX_WOW64_SHARED_ENTRIES 16
232 #define PROCESSOR_FEATURE_MAX 64
377 #if (NTDDI_VERSION >= NTDDI_WS03)
470 #ifdef NTOS_MODE_USER
532 #if (NTDDI_VERSION >= NTDDI_WINXPSP2)
552 #if (NTDDI_VERSION >= NTDDI_WS03)
556 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
558 ULONG HeapTracingPid[2];
559 ULONG CritSecTracingPid[2];
580 #include "pshpack1.h"
581 typedef struct _VdmVirtualIca
594 } VDMVIRTUALICA, *PVDMVIRTUALICA;
597 typedef struct _VdmIcaUserData
600 PVDMVIRTUALICA pIcaMaster;
601 PVDMVIRTUALICA pIcaSlave;
610 } VDMICAUSERDATA, *PVDMICAUSERDATA;
612 typedef struct _VDM_INITIALIZE_DATA
615 PVDMICAUSERDATA IcaUserData;
616 } VDM_INITIALIZE_DATA, *PVDM_INITIALIZE_DATA;
663 #if (NTDDI_VERSION >= NTDDI_LONGHORN) || defined(_M_ARM) || defined(_M_AMD64)
737 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
743 #if defined(_M_AMD64) || defined(_M_ARM)
749 #if (NTDDI_VERSION >= NTDDI_LONGHORN) || defined(_M_ARM)
771 #include <pshpack1.h>
829 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
846 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
851 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
886 #if (NTDDI_VERSION >= NTDDI_WIN7)
928 #if (NTDDI_VERSION >= NTDDI_LONGHORN) // [
941 #if (NTDDI_VERSION >= NTDDI_WIN7) // [
973 #if (NTDDI_VERSION >= NTDDI_LONGHORN) // [
975 #if (NTDDI_VERSION >= NTDDI_WIN7) // [
995 #ifndef _M_AMD64 // [
1003 #if (NTDDI_VERSION >= NTDDI_WIN7) // [
1011 #if (NTDDI_VERSION >= NTDDI_LONGHORN) // [
1032 #if (NTDDI_VERSION < NTDDI_LONGHORN)
1036 volatile UCHAR SwapBusy;
1045 #ifndef _M_AMD64 // [
1059 #if (NTDDI_VERSION >= NTDDI_WIN7) // [
1068 #if !defined(_WIN64) // [
1079 #if (NTDDI_VERSION >= NTDDI_LONGHORN) // [
1094 #if defined(_WIN64) && (NTDDI_VERSION < NTDDI_WIN7) // [
1098 #if (NTDDI_VERSION >= NTDDI_WIN7) // [
1099 #if defined(_WIN64) // [
1108 #if (NTDDI_VERSION < NTDDI_WIN7) // [
1112 #if (NTDDI_VERSION >= NTDDI_LONGHORN) // [
1113 UCHAR IdealProcessor;
1126 UCHAR ResourceIndex;
1134 #ifdef _M_AMD64 // [
1138 ULONG ContextSwitches;
1153 #if (NTDDI_VERSION >= NTDDI_WIN7) // [
1156 UCHAR WaitBlockFill7[168];
1157 PVOID TebMappedLowVa;
1158 struct _UMS_CONTROL_BLOCK* Ucb;
1163 #if (NTDDI_VERSION >= NTDDI_WIN7) // [
1164 UCHAR WaitBlockFill8[188];
1172 SHORT KernelApcDisable;
1173 SHORT SpecialApcDisable;
1175 ULONG CombinedApcDisable;
1182 #if (NTDDI_VERSION >= NTDDI_LONGHORN) // [
1190 PVOID CallbackStack;
1192 #if (NTDDI_VERSION < NTDDI_LONGHORN) || ((NTDDI_VERSION < NTDDI_WIN7) && !defined(_WIN64)) // [
1195 #if (NTDDI_VERSION < NTDDI_LONGHORN) && defined(_WIN64) // [
1199 #if (NTDDI_VERSION < NTDDI_LONGHORN) // [
1200 UCHAR IdealProcessor;
1211 #if (NTDDI_VERSION >= NTDDI_LONGHORN) // [
1215 #if (NTDDI_VERSION >= NTDDI_WIN7)
1222 #if (NTDDI_VERSION >= NTDDI_LONGHORN) // [
1224 #if (NTDDI_VERSION >= NTDDI_WIN7) // [
1230 #if (NTDDI_VERSION >= NTDDI_WIN7) // [
1248 #if (NTDDI_VERSION >= NTDDI_WIN7) // [
1258 #if (NTDDI_VERSION >= NTDDI_WIN7) // [
1261 UCHAR UserIdealProcessor;
1263 #if (NTDDI_VERSION >= NTDDI_WIN7) // [
1264 #elif (NTDDI_VERSION >= NTDDI_LONGHORN) // ][
1267 UCHAR CalloutActive;
1270 UCHAR CodePatchInProgress;
1274 #if defined(_M_IX86) // [
1275 #if (NTDDI_VERSION >= NTDDI_LONGHORN) // [
1276 UCHAR OtherPlatformFill;
1289 #if (NTDDI_VERSION >= NTDDI_WIN7) // [
1291 #elif (NTDDI_VERSION >= NTDDI_LONGHORN) // ][
1310 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1324 #if (NTDDI_VERSION >= NTDDI_WIN7) // [
1344 ULONG SListFaultCount;
1352 #if (NTDDI_VERSION >= NTDDI_LONGHORN) // [
1356 #ifdef _M_AMD64 // [
1357 LONG64 ReadOperationCount;
1358 LONG64 WriteOperationCount;
1359 LONG64 OtherOperationCount;
1360 LONG64 ReadTransferCount;
1361 LONG64 WriteTransferCount;
1362 LONG64 OtherTransferCount;
1364 #if (NTDDI_VERSION >= NTDDI_WIN7) // [
1367 #elif (NTDDI_VERSION >= NTDDI_LONGHORN) // ][
1368 PVOID MdlForLockedTeb;
1372 #define ASSERT_THREAD(object) \
1373 ASSERT((((object)->Header.Type & KOBJECT_TYPE_MASK) == ThreadObject))
1382 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1388 #if defined(_M_IX86)
1393 #if defined(_M_IX86)
1431 #if (NTDDI_VERSION >= NTDDI_LONGHORN) // [
1436 #define ASSERT_PROCESS(object) \
1437 ASSERT((((object)->Header.Type & KOBJECT_TYPE_MASK) == ProcessObject))
1448 LONG TableBaseGpOffset;
1453 #if (NTDDI_VERSION >= NTDDI_WIN8)
1469 #define KENTROPY_TIMING_INTERRUPTS_PER_BUFFER 0x400
1470 #define KENTROPY_TIMING_BUFFER_MASK 0x7ff
1471 #define KENTROPY_TIMING_ANALYSIS 0x0
1497 #endif // !NTOS_MODE_USER
1499 #endif // _KETYPES_H
struct _KTIMER_TABLE KTIMER_TABLE
_Must_inspect_result_ typedef _In_ PVOID Unused
ULONG ExAcqResSharedWaitForExclusiveAttempts
enum _KPROFILE_SOURCE KPROFILE_SOURCE
enum _KPROCESS_STATE * PKPROCESS_STATE
VOID(NTAPI * PKINTERRUPT_ROUTINE)(VOID)
USHORT UserModeGlobalLogger[16]
_In_ UCHAR _In_ POWER_STATE PowerState
struct _KENTROPY_TIMING_STATE KENTROPY_TIMING_STATE
ULONG ExTryToAcqExclusiveAttempts
struct _KDPC_DATA KDPC_DATA
enum _KAPC_ENVIRONMENT KAPC_ENVIRONMENT
ULONG LastDeliveredBuffer
_ALTERNATIVE_ARCHITECTURE_TYPE
KTIMER_TABLE_ENTRY TimerEntries[256]
ULONG_PTR DirectoryTableBase
struct _EXCEPTION_REGISTRATION_RECORD * ExceptionList
_In_ ULONG _In_opt_ POBJECT_ATTRIBUTES _In_opt_ HANDLE _Out_opt_ PCLIENT_ID _In_ PKSTART_ROUTINE StartRoutine
SINGLE_LIST_ENTRY * LastEntry
ULONG ExSetResOwnerPointerExclusive
LARGE_INTEGER SystemExpirationDate
ULONG UserStackWalkActive
ULONG ExSetResOwnerPointerSharedOld
ULONG ExAcqResExclusiveAttempts
PKSERVICE_ROUTINE MessageServiceRoutine
struct _KTIMER_TABLE_ENTRY * PKTIMER_TABLE_ENTRY
LONGLONG ConsoleSessionForegroundProcessId
union _KWAIT_STATUS_REGISTER KWAIT_STATUS_REGISTER
ULONGLONG TestRetInstruction
enum _KCONTINUE_STATUS KCONTINUE_STATUS
struct _KUSER_SHARED_DATA * PKUSER_SHARED_DATA
struct _KDPC_LIST KDPC_LIST
_In_ LARGE_INTEGER _In_ ULONG Period
struct _KEXECUTE_OPTIONS KEXECUTE_OPTIONS
ULONG ExEtwSynchTrackingNotificationsCount
ULONG IpiSendRequestBroadcastCount
ULONG ExAcqResSharedAttempts
PKWAIT_BLOCK WaitBlockList
ULONG EtwStackTraceApc2Inserted
struct _KEVENT_PAIR * PKEVENT_PAIR
struct _KEVENT_PAIR KEVENT_PAIR
ULONG NTSYSAPI KiDmaIoCoherency
struct _SINGLE_LIST_ENTRY * PfnDeferredList
ULONG NTSYSAPI KeIcacheFlushCount
volatile KSYSTEM_TIME InterruptTime
volatile ULONG ActiveProcessors
ULONG ExAcqResExclusiveAcquiresExclusiveRecursive
ULONG ExAcqResSharedStarveExclusiveAttempts
ULONG ExAcqResSharedStarveExclusiveWaits
struct _SYNCH_COUNTERS SYNCH_COUNTERS
ULONG ExAcqResSharedWaits
ULONG UmsDirectedSwitchEnable
ULONG ExAcqResSharedStarveExclusiveAcquiresExclusive
struct _KDPC_DATA * PKDPC_DATA
enum _KPROCESS_STATE KPROCESS_STATE
KSERVICE_ROUTINE * PKSERVICE_ROUTINE
ULONG ExAcqResSharedAcquiresExclusive
SLIST_HEADER DeadStackList
BOOLEAN NTSYSAPI KiEnableTimerWatchdog
struct _COUNTER_READING * PCOUNTER_READING
struct _KPROCESS * Process
ULONG ExecutiveResourceReleaseSharedCount
enum _NT_PRODUCT_TYPE * PNT_PRODUCT_TYPE
ULONG ExBoostSharedOwners
struct _GETSETCONTEXT GETSETCONTEXT
NTSTATUS(* NTAPI)(IN PFILE_FULL_EA_INFORMATION EaBuffer, IN ULONG EaLength, OUT PULONG ErrorOffset)
KSEMAPHORE SuspendSemaphore
ULONG ImageFileExecutionOptions
KSTART_ROUTINE * PKSTART_ROUTINE
volatile KSYSTEM_TIME SystemTime
ULONG ExAcqResSharedWaitForExclusiveAcquiresShared
ULONG ExAcqResSharedStarveExclusiveAcquiresShared
ULONG ExAcqResSharedStarveExclusiveNotAcquires
ULONG ExAcqResSharedNotAcquires
ULONG ExSetResOwnerPointerSharedNew
NT_PRODUCT_TYPE NtProductType
ULONG SystemAffinityActive
struct _KTHREAD_COUNTERS * PKTHREAD_COUNTERS
BOOLEAN KdDebuggerEnabled
ULONG ExAcqResSharedAcquiresShared
ULONG TickCountMultiplier
ULONG ExAcqResSharedWaitForExclusiveAcquiresSharedRecursive
UCHAR ImageDispatchEnable
ULONG ApcInterruptRequest
LIST_ENTRY ProfileListEntry
enum _KINTERRUPT_MODE KINTERRUPT_MODE
ULONG TickCountLowDeprecated
SINGLE_LIST_ENTRY ListHead
enum _VDMSERVICECLASS VDMSERVICECLASS
LIST_ENTRY QueueListEntry
LIST_ENTRY ProcessListEntry
struct DECLSPEC_ALIGN(16) _M128A
LIST_ENTRY ThreadListHead
enum _KTHREAD_STATE KTHREAD_STATE
UCHAR DisableThunkEmulation
struct _KSYSTEM_TIME KSYSTEM_TIME
struct _LOADER_PARAMETER_BLOCK NTSYSAPI * KeLoaderBlock
#define MAX_WOW64_SHARED_ENTRIES
struct _KSYSTEM_TIME * PKSYSTEM_TIME
ULONG ExecutiveResourceAcquiresCount
enum _EVENT_TYPE EVENT_TYPE
ULONG ExDeleteResourceCount
union _KWAIT_STATUS_REGISTER * PKWAIT_STATUS_REGISTER
struct _KNODE::_flags Flags
volatile KSYSTEM_TIME TickCount
_In_opt_ PVOID _In_opt_ PVOID SystemArgument1
LIST_ENTRY InterruptListEntry
VOID(NTAPI * PTIMER_APC_ROUTINE)(_In_ PVOID TimerContext, _In_ ULONG TimerLowValue, _In_ LONG TimerHighValue)
struct _KPROCESS KPROCESS
_In_ KPROCESSOR_MODE PreviousMode
ULONG NTSYSAPI KeMaximumIncrement
UCHAR ApcStateFill[FIELD_OFFSET(KAPC_STATE, UserApcPending)+1]
struct _THREAD_PERFORMANCE_DATA * UserData
SERVICE_TABLE_ENTRYW ServiceTable[]
#define PROCESSOR_FEATURE_MAX
ALTERNATIVE_ARCHITECTURE_TYPE AlternativeArchitecture
SINGLE_LIST_ENTRY SwapListEntry
volatile ULONG DeferredProcessor
VOID(NTAPI * PKSYSTEM_ROUTINE)(PKSTART_ROUTINE StartRoutine, PVOID StartContext)
ULONG ExAcqResExclusiveNotAcquires
SINGLE_LIST_ENTRY SwapListEntry
struct _KUSER_SHARED_DATA KUSER_SHARED_DATA
struct _KPROCESS * Process
PKTHREAD_COUNTERS ThreadCounters
ULONG DbgElevationEnabled
VOID(NTAPI * PKRUNDOWN_ROUTINE)(IN struct _KAPC *Apc)
_In_ ULONG _In_ ULONG _In_ ULONG _Out_ PKIRQL _Out_ PKAFFINITY Affinity
enum _WAIT_TYPE WAIT_TYPE
KINTERRUPT_POLARITY Polarity
VOID(NTAPI * PKNORMAL_ROUTINE)(IN PVOID NormalContext OPTIONAL, IN PVOID SystemArgument1 OPTIONAL, IN PVOID SystemArgument2 OPTIONAL)
ULONG ExReInitializeResourceCount
struct _PP_LOOKASIDE_LIST * PPP_LOOKASIDE_LIST
struct _GENERAL_LOOKASIDE * L
ULONG GuaranteedStackBytes
ULONG NumberOfPhysicalPages
enum _KINTERRUPT_POLARITY KINTERRUPT_POLARITY
enum _TIMER_TYPE TIMER_TYPE
struct _KTHREAD_COUNTERS KTHREAD_COUNTERS
ULONG ExBoostExclusiveOwner
COUNTER_READING HwCounter[16]
PKSERVICE_ROUTINE ServiceRoutine
ULONG ExecutiveResourceConvertsCount
ULONG ExecutiveResourceContentionsCount
ULONG ExAcqResSharedWaitForExclusiveAcquiresExclusive
volatile ULONG NextProcessor
struct _GETSETCONTEXT * PGETSETCONTEXT
volatile ULONG ActiveConsoleId
volatile KSYSTEM_TIME TimeZoneBias
ULONG ExAcqResSharedAcquiresSharedRecursive
ULONG IpiSendRequestRoutineCount
ULONG ExAcqResSharedStarveExclusiveAcquiresSharedRecursive
struct _KTIMER_TABLE * PKTIMER_TABLE
_In_opt_ PVOID _In_opt_ PVOID _In_opt_ PVOID SystemArgument2
ULONG ExAcqResExclusiveAcquiresExclusive
ULONG DispatchCode[DISPATCH_LENGTH]
ULONG NTSYSAPI KeMinimumIncrement
ULONG EtwStackTraceApc1Inserted
volatile ULONG DpcQueueDepth
ULONG ExTryToAcqExclusiveAcquires
ULONG DbgInstallerDetectEnabled
ULONG SpinLockContentionCount
struct _GENERAL_LOOKASIDE * P
struct _SYNCH_COUNTERS * PSYNCH_COUNTERS
volatile ULONG64 TickCountQuad
ULONG ExAcqResExclusiveWaits
enum _ALTERNATIVE_ARCHITECTURE_TYPE ALTERNATIVE_ARCHITECTURE_TYPE
struct _KPROFILE * PKPROFILE
#define FIELD_OFFSET(t, f)
LIST_ENTRY ProfileListHead
ULONG SpinLockAcquireCount
ULONGLONG SystemCallPad[3]
ULONG ExInitializeResourceCount
LIST_ENTRY ThreadListEntry
ULONG LastSystemRITEventTickCount
enum _KTHREAD_STATE * PKTHREAD_STATE
struct _KSERVICE_TABLE_DESCRIPTOR KSERVICE_TABLE_DESCRIPTOR
struct _KENTROPY_TIMING_STATE * PKENTROPY_TIMING_STATE
struct _COUNTER_READING COUNTER_READING
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
enum _KWAIT_REASON KWAIT_REASON
KSERVICE_TABLE_DESCRIPTOR NTSYSAPI KeServiceDescriptorTable[SSDT_MAX_ENTRIES]
enum _NT_PRODUCT_TYPE NT_PRODUCT_TYPE
struct _KINTERRUPT KINTERRUPT
ULONG NTSYSAPI KeDcacheFlushCount
_In_ PLARGE_INTEGER _In_opt_ PTIMER_APC_ROUTINE _In_opt_ PVOID TimerContext
struct _KEXECUTE_OPTIONS * PKEXECUTE_OPTIONS
ULONG IpiSendSoftwareInterruptCount
SLIST_HEADER PfnDereferenceSListHead
struct _KDPC_LIST * PKDPC_LIST
struct _KWAIT_BLOCK KWAIT_BLOCK
ULONG KernelStackResident
ULONG ExAcqResSharedWaitForExclusiveWaits
enum _KPROFILE_SOURCE KPROFILE_SOURCE
enum _HARDWARE_COUNTER_TYPE Type
PKINTERRUPT_ROUTINE DispatchAddress
UCHAR ExecuteDispatchEnable
ULONG DbgErrorPortPresent
enum _ADJUST_REASON ADJUST_REASON
struct _KPROFILE KPROFILE
struct _KTIMER_TABLE_ENTRY KTIMER_TABLE_ENTRY
GROUP_AFFINITY UserAffinity
ULONG_PTR NTSYSAPI KiBugCheckData[]
_In_ LONG _In_ LONG Limit
KWAIT_STATUS_REGISTER WaitRegister
ULONG ExAcqResSharedWaitForExclusiveNotAcquires
ULONG ExecutiveResourceReleaseExclusiveCount
struct _ACTIVATION_CONTEXT_STACK * ActivationContextStackPointer
#define THREAD_WAIT_OBJECTS
BOOLEAN ProcessorFeatures[PROCESSOR_FEATURE_MAX]
struct _KSERVICE_TABLE_DESCRIPTOR * PKSERVICE_TABLE_DESCRIPTOR
LIST_ENTRY MutantListHead
ULONG ExEtwSynchTrackingNotificationsAccountedCount
volatile ULONG DismountCount
BOOLEAN ProductTypeIsValid
VOID(NTAPI * PKKERNEL_ROUTINE)(IN struct _KAPC *Apc, IN OUT PKNORMAL_ROUTINE *NormalRoutine OPTIONAL, IN OUT PVOID *NormalContext OPTIONAL, IN OUT PVOID *SystemArgument1 OPTIONAL, IN OUT PVOID *SystemArgument2 OPTIONAL)
ULONG Wow64SharedInformation[MAX_WOW64_SHARED_ENTRIES]
struct _PP_LOOKASIDE_LIST PP_LOOKASIDE_LIST
KSERVICE_TABLE_DESCRIPTOR NTSYSAPI KeServiceDescriptorTableShadow[SSDT_MAX_ENTRIES]
1.8.6