26 #ifndef NTOS_MODE_USER
41 #define TABLE_NUMBER_BITS 1
42 #define TABLE_OFFSET_BITS 12
47 #define NUMBER_SERVICE_TABLES 2
48 #define NTOS_SERVICE_INDEX 0
49 #define WIN32K_SERVICE_INDEX 1
62 #define BITS_PER_ENTRY 5 // (1 << 5) = 32 bytes
64 #define BITS_PER_ENTRY 4 // (1 << 4) = 16 bytes
71 #define SERVICE_TABLE_SHIFT (12 - BITS_PER_ENTRY)
78 #define SERVICE_TABLE_MASK (((1 << TABLE_NUMBER_BITS) - 1) << BITS_PER_ENTRY)
83 #define SERVICE_NUMBER_MASK ((1 << TABLE_OFFSET_BITS) - 1)
90 #define SERVICE_TABLE_TEST (WIN32K_SERVICE_INDEX << BITS_PER_ENTRY)
95 #define CONTEXT_DEBUGGER (CONTEXT_FULL | CONTEXT_FLOATING_POINT)
100 #define SSDT_MAX_ENTRIES 2
105 #define PROCESSOR_ARCHITECTURE_INTEL 0
106 #define PROCESSOR_ARCHITECTURE_MIPS 1
107 #define PROCESSOR_ARCHITECTURE_ALPHA 2
108 #define PROCESSOR_ARCHITECTURE_PPC 3
109 #define PROCESSOR_ARCHITECTURE_SHX 4
110 #define PROCESSOR_ARCHITECTURE_ARM 5
111 #define PROCESSOR_ARCHITECTURE_IA64 6
112 #define PROCESSOR_ARCHITECTURE_ALPHA64 7
113 #define PROCESSOR_ARCHITECTURE_MSIL 8
114 #define PROCESSOR_ARCHITECTURE_AMD64 9
115 #define PROCESSOR_ARCHITECTURE_UNKNOWN 0xFFFF
120 #define KOBJECT_TYPE_MASK 0x7F
121 #define KOBJECT_LOCK_BIT 0x80
126 #define THREAD_ALERT_INCREMENT 2
131 #define KI_USER_SHARED_DATA_PHYSICAL 0x41000
136 #define MAX_QUANTUM 0x7F
137 #define WAIT_QUANTUM_DECREMENT 1
138 #define CLOCK_QUANTUM_DECREMENT 3
143 #define KF_V86_VIS 0x00000001
144 #define KF_RDTSC 0x00000002
145 #define KF_CR4 0x00000004
146 #define KF_CMOV 0x00000008
147 #define KF_GLOBAL_PAGE 0x00000010
148 #define KF_LARGE_PAGE 0x00000020
149 #define KF_MTRR 0x00000040
150 #define KF_CMPXCHG8B 0x00000080
151 #define KF_MMX 0x00000100
152 #define KF_WORKING_PTE 0x00000200
153 #define KF_PAT 0x00000400
154 #define KF_FXSR 0x00000800
155 #define KF_FAST_SYSCALL 0x00001000
156 #define KF_XMMI 0x00002000
157 #define KF_3DNOW 0x00004000
158 #define KF_AMDK6MTRR 0x00008000
159 #define KF_XMMI64 0x00010000
160 #define KF_DTS 0x00020000
161 #define KF_BRANCH 0x00020000 // from ksamd64.inc
162 #define KF_SSE3 0x00080000
163 #define KF_CMPXCHG16B 0x00100000
164 #define KF_XSTATE 0x00800000 // from ks386.inc, ksamd64.inc
165 #define KF_NX_BIT 0x20000000
166 #define KF_NX_DISABLED 0x40000000
167 #define KF_NX_ENABLED 0x80000000
169 #define KF_XSAVEOPT_BIT 15
170 #define KF_XSTATE_BIT 23
171 #define KF_RDWRFSGSBASE_BIT 28
176 #define KI_EXCEPTION_INTERNAL 0x10000000
177 #define KI_EXCEPTION_ACCESS_VIOLATION (KI_EXCEPTION_INTERNAL | 0x04)
187 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
200 #ifndef NTOS_MODE_USER
205 #define DISPATCH_LENGTH 4
206 #elif (NTDDI_VERSION >= NTDDI_LONGHORN)
207 #define DISPATCH_LENGTH 135
209 #define DISPATCH_LENGTH 106
222 #define SharedUserData ((KUSER_SHARED_DATA *)USER_SHARED_DATA)
227 #define MAX_WOW64_SHARED_ENTRIES 16
232 #define PROCESSOR_FEATURE_MAX 64
377 #if (NTDDI_VERSION >= NTDDI_WS03)
470 #ifdef NTOS_MODE_USER
532 #if (NTDDI_VERSION >= NTDDI_WINXPSP2)
552 #if (NTDDI_VERSION >= NTDDI_WS03)
556 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
558 ULONG HeapTracingPid[2];
559 ULONG CritSecTracingPid[2];
580 #include "pshpack1.h"
581 typedef struct _VdmVirtualIca
594 } VDMVIRTUALICA, *PVDMVIRTUALICA;
597 typedef struct _VdmIcaUserData
600 PVDMVIRTUALICA pIcaMaster;
601 PVDMVIRTUALICA pIcaSlave;
610 } VDMICAUSERDATA, *PVDMICAUSERDATA;
612 typedef struct _VDM_INITIALIZE_DATA
615 PVDMICAUSERDATA IcaUserData;
616 } VDM_INITIALIZE_DATA, *PVDM_INITIALIZE_DATA;
663 #if (NTDDI_VERSION >= NTDDI_LONGHORN) || defined(_M_ARM) || defined(_M_AMD64)
737 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
743 #if defined(_M_AMD64) || defined(_M_ARM)
749 #if (NTDDI_VERSION >= NTDDI_LONGHORN) || defined(_M_ARM)
771 #include <pshpack1.h>
829 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
846 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
851 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
886 #if (NTDDI_VERSION >= NTDDI_WIN7)
923 #if (NTDDI_VERSION >= NTDDI_WIN8)
931 #if (NTDDI_VERSION >= NTDDI_WINBLUE)
938 #if (NTDDI_VERSION >= NTDDI_WIN10) // since 6.4.9841.0
969 #if (NTDDI_VERSION >= NTDDI_WIN10)
1017 volatile UCHAR HeadNodeByte;
1030 #if (NTDDI_VERSION >= NTDDI_WIN10)
1033 volatile UCHAR WaitingAndBusyByte;
1092 #if (NTDDI_VERSION < NTDDI_WIN8)
1097 #if (NTDDI_VERSION >= NTDDI_LONGHORN) // [
1110 #if (NTDDI_VERSION >= NTDDI_WIN7) // [
1118 ULONG KernelStackResident:1;
1124 ULONG GdiFlushActive:1;
1142 #if (NTDDI_VERSION >= NTDDI_LONGHORN) // [
1144 #if (NTDDI_VERSION >= NTDDI_WIN7) // [
1164 #ifndef _M_AMD64 // [
1172 #if (NTDDI_VERSION >= NTDDI_WIN7) // [
1180 #if (NTDDI_VERSION >= NTDDI_LONGHORN) // [
1185 ULONG KernelStackResident:1;
1191 ULONG GdiFlushActive:1;
1201 #if (NTDDI_VERSION < NTDDI_LONGHORN)
1205 volatile UCHAR SwapBusy;
1214 #ifndef _M_AMD64 // [
1228 #if (NTDDI_VERSION >= NTDDI_WIN7) // [
1237 #if !defined(_WIN64) // [
1248 #if (NTDDI_VERSION >= NTDDI_LONGHORN) // [
1249 ULONG EtwStackTraceApc1Inserted:1;
1250 ULONG EtwStackTraceApc2Inserted:1;
1251 ULONG CycleChargePending:1;
1256 ULONG ReservedFlags:23;
1258 LONG ReservedFlags:30;
1263 #if defined(_WIN64) && (NTDDI_VERSION < NTDDI_WIN7) // [
1267 #if (NTDDI_VERSION >= NTDDI_WIN7) // [
1268 #if defined(_WIN64) // [
1277 #if (NTDDI_VERSION < NTDDI_WIN7) // [
1281 #if (NTDDI_VERSION >= NTDDI_LONGHORN) // [
1282 UCHAR IdealProcessor;
1295 UCHAR ResourceIndex;
1307 ULONG ContextSwitches;
1322 #if (NTDDI_VERSION >= NTDDI_WIN7) // [
1325 UCHAR WaitBlockFill7[168];
1326 PVOID TebMappedLowVa;
1327 struct _UMS_CONTROL_BLOCK* Ucb;
1332 #if (NTDDI_VERSION >= NTDDI_WIN7) // [
1333 UCHAR WaitBlockFill8[188];
1341 SHORT KernelApcDisable;
1342 SHORT SpecialApcDisable;
1344 ULONG CombinedApcDisable;
1351 #if (NTDDI_VERSION >= NTDDI_LONGHORN) // [
1352 PVOID FirstArgument;
1355 PVOID CallbackStack;
1359 PVOID CallbackStack;
1361 #if (NTDDI_VERSION < NTDDI_LONGHORN) || ((NTDDI_VERSION < NTDDI_WIN7) && !defined(_WIN64)) // [
1364 #if (NTDDI_VERSION < NTDDI_LONGHORN) && defined(_WIN64) // [
1367 UCHAR ApcStateIndex;
1368 #if (NTDDI_VERSION < NTDDI_LONGHORN) // [
1369 UCHAR IdealProcessor;
1379 SCHAR PriorityDecrement;
1380 #if (NTDDI_VERSION >= NTDDI_LONGHORN) // [
1383 CHAR AdjustIncrement;
1384 #if (NTDDI_VERSION >= NTDDI_WIN7)
1391 #if (NTDDI_VERSION >= NTDDI_LONGHORN) // [
1392 ULONG SystemCallNumber;
1393 #if (NTDDI_VERSION >= NTDDI_WIN7) // [
1399 #if (NTDDI_VERSION >= NTDDI_WIN7) // [
1403 ULONG IdealProcessor;
1404 ULONG UserIdealProcessor;
1417 #if (NTDDI_VERSION >= NTDDI_WIN7) // [
1427 #if (NTDDI_VERSION >= NTDDI_WIN7) // [
1430 UCHAR UserIdealProcessor;
1432 #if (NTDDI_VERSION >= NTDDI_WIN7) // [
1433 #elif (NTDDI_VERSION >= NTDDI_LONGHORN) // ][
1436 UCHAR CalloutActive;
1439 UCHAR CodePatchInProgress;
1443 #if defined(_M_IX86) // [
1444 #if (NTDDI_VERSION >= NTDDI_LONGHORN) // [
1445 UCHAR OtherPlatformFill;
1457 UCHAR SuspendApcFill0[1];
1458 #if (NTDDI_VERSION >= NTDDI_WIN7) // [
1459 UCHAR ResourceIndex;
1460 #elif (NTDDI_VERSION >= NTDDI_LONGHORN) // ][
1468 UCHAR SuspendApcFill1[3];
1473 UCHAR SuspendApcFill2[4];
1479 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1493 #if (NTDDI_VERSION >= NTDDI_WIN7) // [
1513 ULONG SListFaultCount;
1518 ULONG SListFaultCount;
1521 #if (NTDDI_VERSION >= NTDDI_LONGHORN) // [
1524 PVOID SListFaultAddress;
1525 #ifdef _M_AMD64 // [
1526 LONG64 ReadOperationCount;
1527 LONG64 WriteOperationCount;
1528 LONG64 OtherOperationCount;
1529 LONG64 ReadTransferCount;
1530 LONG64 WriteTransferCount;
1531 LONG64 OtherTransferCount;
1533 #if (NTDDI_VERSION >= NTDDI_WIN7) // [
1536 #elif (NTDDI_VERSION >= NTDDI_LONGHORN) // ][
1537 PVOID MdlForLockedTeb;
1541 #else // not (NTDDI_VERSION < NTDDI_WIN8)
1543 #if defined(_WIN64) && (NTDDI_VERSION < 0x06032580) // since WIN 8.1 Update1 6.3.9600.16384
1544 #define NUMBER_OF_LOCK_ENTRIES 5
1546 #define NUMBER_OF_LOCK_ENTRIES 6
1576 #if (NTDDI_VERSION < NTDDI_WIN10)
1577 ULONG KernelStackResident : 1;
1582 #if (NTDDI_VERSION < NTDDI_WIN10TH2)
1589 #if (NTDDI_VERSION < NTDDI_WIN81)
1590 ULONG CodePatchInProgress : 1;
1628 #if (NTDDI_VERSION >= 0x060324D7) // since 6.3.9431.0
1629 ULONG TerminationApcRequest : 1;
1631 #if (NTDDI_VERSION >= 0x06032580) // since 6.3.9600.16384
1632 ULONG AutoBoostEntriesExhausted : 1;
1634 #if (NTDDI_VERSION >= 0x06032580) // since 6.3.9600.17031
1635 ULONG KernelStackResident : 1;
1637 #if (NTDDI_VERSION >= NTDDI_WIN10)
1643 #if (NTDDI_VERSION < NTDDI_WIN10)
1644 ULONG ReservedFlags : 10;
1650 #if (NTDDI_VERSION >= NTDDI_WIN10)
1680 #if (NTDDI_VERSION >= NTDDI_WIN10) // since 10.0.10074.0
1698 #if (NTDDI_VERSION >= NTDDI_WIN8 ) // since 6.2.9200.16384
1716 #if (NTDDI_VERSION >= NTDDI_WIN10)
1762 struct _UMS_CONTROL_BLOCK* Ucb;
1763 struct _KUMS_CONTEXT_HEADER* Uch;
1780 PVOID TebMappedLowVa;
1783 #if (NTDDI_VERSION >= 0x060223F0) // since 6.2.9200.16384
1789 ULONG NextProcessorNumber : 31;
1790 ULONG SharedReadyQueue : 1;
1823 #if (NTDDI_VERSION >= NTDDI_WIN10) // since 10.0.10240.16384
1838 #if (NTDDI_VERSION >= NTDDI_WIN10) // since 10.0.10240.16384
1901 #if (NTDDI_VERSION >= NTDDI_WIN10)
1906 ULONG SecureThreadCookie;
1908 #elif (NTDDI_VERSION >= NTDDI_WINBLUE) // 6.3.9431.0
1912 #if (NTDDI_VERSION >= NTDDI_WINBLUE ) // since 6.3.9600.16384
1919 #if (NTDDI_VERSION >= NTDDI_WIN10_RS1)
1923 #if (NTDDI_VERSION >= NTDDI_WIN10) // since 10.0.10240.16384
1926 volatile SHORT AbReferenceCount;
1928 #if (NTDDI_VERSION >= 0x06040000) // since 6.4.9841.0
1929 UCHAR AbOrphanedEntrySummary;
1930 UCHAR AbOwnedEntryCount;
1948 LONG64 ReadOperationCount;
1949 LONG64 WriteOperationCount;
1950 LONG64 OtherOperationCount;
1951 LONG64 ReadTransferCount;
1952 LONG64 WriteTransferCount;
1953 LONG64 OtherTransferCount;
1955 #if (NTDDI_VERSION >= NTDDI_WIN10) // since 10.0.10041.0
1966 #define ASSERT_THREAD(object) \
1967 ASSERT((((object)->Header.Type & KOBJECT_TYPE_MASK) == ThreadObject))
1976 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
1982 #if defined(_M_IX86)
1987 #if defined(_M_IX86)
2025 #if (NTDDI_VERSION >= NTDDI_LONGHORN) // [
2030 #define ASSERT_PROCESS(object) \
2031 ASSERT((((object)->Header.Type & KOBJECT_TYPE_MASK) == ProcessObject))
2042 LONG TableBaseGpOffset;
2047 #if (NTDDI_VERSION >= NTDDI_WIN8)
2063 #define KENTROPY_TIMING_INTERRUPTS_PER_BUFFER 0x400
2064 #define KENTROPY_TIMING_BUFFER_MASK 0x7ff
2065 #define KENTROPY_TIMING_ANALYSIS 0x0
2091 #endif // !NTOS_MODE_USER
2093 #endif // _KETYPES_H
UCHAR SuspendApcFill3[FIELD_OFFSET(KAPC, SystemArgument1)]
struct _KTIMER_TABLE KTIMER_TABLE
LONG AbCompletedIoQoSBoostCount
_Must_inspect_result_ typedef _In_ PVOID Unused
ULONG ExAcqResSharedWaitForExclusiveAttempts
enum _KPROFILE_SOURCE KPROFILE_SOURCE
enum _KPROCESS_STATE * PKPROCESS_STATE
VOID(NTAPI * PKINTERRUPT_ROUTINE)(VOID)
USHORT UserModeGlobalLogger[16]
ULONG EtwStackTraceApcInserted
_In_ UCHAR _In_ POWER_STATE PowerState
struct _KENTROPY_TIMING_STATE KENTROPY_TIMING_STATE
ULONG ExTryToAcqExclusiveAttempts
struct _KDPC_DATA KDPC_DATA
enum _KAPC_ENVIRONMENT KAPC_ENVIRONMENT
ULONG LastDeliveredBuffer
_ALTERNATIVE_ARCHITECTURE_TYPE
volatile LONG AbCompletedIoBoostCount
KTIMER_TABLE_ENTRY TimerEntries[256]
ULONG_PTR DirectoryTableBase
USHORT IoNormalPriorityWaiterCount
struct _EXCEPTION_REGISTRATION_RECORD * ExceptionList
_In_ ULONG _In_opt_ POBJECT_ATTRIBUTES _In_opt_ HANDLE _Out_opt_ PCLIENT_ID _In_ PKSTART_ROUTINE StartRoutine
SINGLE_LIST_ENTRY * LastEntry
ULONG ExSetResOwnerPointerExclusive
LARGE_INTEGER SystemExpirationDate
ULONG UserStackWalkActive
ULONG ExSetResOwnerPointerSharedOld
ULONG ExAcqResExclusiveAttempts
UCHAR SchedulerApcFill2[FIELD_OFFSET(KAPC, SpareLong0)]
struct _KTHREAD_COUNTERS * ThreadCounters
UCHAR SchedulerApcFill5[FIELD_OFFSET(KAPC, Inserted)+1]
ULONG ProcessDetachActive
PKSERVICE_ROUTINE MessageServiceRoutine
struct _KTIMER_TABLE_ENTRY * PKTIMER_TABLE_ENTRY
LONGLONG ConsoleSessionForegroundProcessId
ULONG CommitFailTerminateRequest
union _KWAIT_STATUS_REGISTER KWAIT_STATUS_REGISTER
ULONGLONG TestRetInstruction
enum _KCONTINUE_STATUS KCONTINUE_STATUS
struct _KUSER_SHARED_DATA * PKUSER_SHARED_DATA
ULONG UmsPerformingSyscall
struct _KDPC_LIST KDPC_LIST
BOOLEAN Alerted[MaximumMode]
_In_ LARGE_INTEGER _In_ ULONG Period
struct _KEXECUTE_OPTIONS KEXECUTE_OPTIONS
ULONG ExEtwSynchTrackingNotificationsCount
ULONG IpiSendRequestBroadcastCount
ULONG ExAcqResSharedAttempts
PKWAIT_BLOCK WaitBlockList
#define NUMBER_OF_LOCK_ENTRIES
struct _KEVENT_PAIR * PKEVENT_PAIR
struct _KEVENT_PAIR KEVENT_PAIR
ULONG NTSYSAPI KiDmaIoCoherency
struct _SINGLE_LIST_ENTRY * PfnDeferredList
KLOCK_ENTRY_LOCK_STATE LockState
ULONG NTSYSAPI KeIcacheFlushCount
volatile KSYSTEM_TIME InterruptTime
volatile ULONG ActiveProcessors
ULONG ExAcqResExclusiveAcquiresExclusiveRecursive
ULONG ExAcqResSharedStarveExclusiveAttempts
ULONG ExAcqResSharedStarveExclusiveWaits
struct _SYNCH_COUNTERS SYNCH_COUNTERS
FIXME: should move to rtltypes.h, but we can't include it here.
SINGLE_LIST_ENTRY FreeListEntry
ULONG ExAcqResSharedWaits
ULONG UmsDirectedSwitchEnable
ULONG ExAcqResSharedStarveExclusiveAcquiresExclusive
struct _KDPC_DATA * PKDPC_DATA
enum _KPROCESS_STATE KPROCESS_STATE
volatile ULONG HighCycleTime
KSERVICE_ROUTINE * PKSERVICE_ROUTINE
ULONG ExplicitIdealProcessor
ULONG ExAcqResSharedAcquiresExclusive
SLIST_HEADER DeadStackList
BOOLEAN NTSYSAPI KiEnableTimerWatchdog
struct _RTL_RB_TREE * PRTL_RB_TREE
struct _COUNTER_READING * PCOUNTER_READING
struct _KPROCESS * Process
ULONG ExecutiveResourceReleaseSharedCount
UCHAR PriorityFloorCounts[16]
enum _NT_PRODUCT_TYPE * PNT_PRODUCT_TYPE
ULONG ExBoostSharedOwners
RTL_BALANCED_NODE TreeNode
struct _GETSETCONTEXT GETSETCONTEXT
SINGLE_LIST_ENTRY ForegroundDpcStackListEntry
NTSTATUS(* NTAPI)(IN PFILE_FULL_EA_INFORMATION EaBuffer, IN ULONG EaLength, OUT PULONG ErrorOffset)
UCHAR CallbackNestingLevel
ULONG ImageFileExecutionOptions
KSTART_ROUTINE * PKSTART_ROUTINE
volatile KSYSTEM_TIME SystemTime
ULONG ExAcqResSharedWaitForExclusiveAcquiresShared
ULONG ExAcqResSharedStarveExclusiveAcquiresShared
ULONG ExAcqResSharedStarveExclusiveNotAcquires
ULONG ExAcqResSharedNotAcquires
ULONG ExSetResOwnerPointerSharedNew
NT_PRODUCT_TYPE NtProductType
UCHAR SystemHeteroCpuPolicy
ULONG SystemAffinityActive
struct _KTHREAD_COUNTERS * PKTHREAD_COUNTERS
BOOLEAN KdDebuggerEnabled
ULONG ExAcqResSharedAcquiresShared
ULONG TickCountMultiplier
ULONG ExAcqResSharedWaitForExclusiveAcquiresSharedRecursive
UCHAR ImageDispatchEnable
volatile UCHAR CrossThreadReleasableAndBusyByte
UCHAR UserHeteroCpuPolicy
ULONG ApcInterruptRequest
LIST_ENTRY ProfileListEntry
enum _KINTERRUPT_MODE KINTERRUPT_MODE
ULONG TickCountLowDeprecated
SINGLE_LIST_ENTRY ListHead
enum _VDMSERVICECLASS VDMSERVICECLASS
struct _KLOCK_ENTRY_LOCK_STATE * PKLOCK_ENTRY_LOCK_STATE
LIST_ENTRY QueueListEntry
LIST_ENTRY ProcessListEntry
UCHAR WaitBlockFill10[2 *sizeof(KWAIT_BLOCK)+FIELD_OFFSET(KWAIT_BLOCK, SparePtr)]
struct DECLSPEC_ALIGN(16) _M128A
LIST_ENTRY ThreadListHead
enum _KTHREAD_STATE KTHREAD_STATE
UCHAR DisableThunkEmulation
struct _KSYSTEM_TIME KSYSTEM_TIME
struct _LOADER_PARAMETER_BLOCK NTSYSAPI * KeLoaderBlock
#define MAX_WOW64_SHARED_ENTRIES
struct _KSYSTEM_TIME * PKSYSTEM_TIME
ULONG ExecutiveResourceAcquiresCount
enum _EVENT_TYPE EVENT_TYPE
ULONG ExDeleteResourceCount
union _KWAIT_STATUS_REGISTER * PKWAIT_STATUS_REGISTER
UCHAR ExplicitSystemHeteroCpuPolicy
struct _KNODE::_flags Flags
struct _KLOCK_ENTRY_LOCK_STATE KLOCK_ENTRY_LOCK_STATE
volatile KSYSTEM_TIME TickCount
_In_opt_ PVOID _In_opt_ PVOID SystemArgument1
SINGLE_LIST_ENTRY PropagateBoostsEntry
LIST_ENTRY InterruptListEntry
volatile INT_PTR WaitStatus
VOID(NTAPI * PTIMER_APC_ROUTINE)(_In_ PVOID TimerContext, _In_ ULONG TimerLowValue, _In_ LONG TimerHighValue)
struct _KPROCESS KPROCESS
_In_ KPROCESSOR_MODE PreviousMode
ULONG NTSYSAPI KeMaximumIncrement
struct _KLOCK_ENTRY KLOCK_ENTRY
struct _THREAD_PERFORMANCE_DATA * UserData
#define PROCESSOR_FEATURE_MAX
ALTERNATIVE_ARCHITECTURE_TYPE AlternativeArchitecture
SINGLE_LIST_ENTRY SwapListEntry
VOID(NTAPI * PKSYSTEM_ROUTINE)(PKSTART_ROUTINE StartRoutine, PVOID StartContext)
ULONG ExAcqResExclusiveNotAcquires
SINGLE_LIST_ENTRY SwapListEntry
struct _KUSER_SHARED_DATA KUSER_SHARED_DATA
ULONG DbgElevationEnabled
volatile VOID * StackLimit
VOID(NTAPI * PKRUNDOWN_ROUTINE)(IN struct _KAPC *Apc)
_In_ ULONG _In_ ULONG _In_ ULONG _Out_ PKIRQL _Out_ PKAFFINITY Affinity
enum _WAIT_TYPE WAIT_TYPE
struct _RTL_RB_TREE RTL_RB_TREE
FIXME: should move to rtltypes.h, but we can't include it here.
SINGLE_LIST_ENTRY IoSelfBoostsEntry
KINTERRUPT_POLARITY Polarity
#define RTL_SIZEOF_THROUGH_FIELD(type, field)
UCHAR WaitBlockFill8[FIELD_OFFSET(KWAIT_BLOCK, SparePtr)]
VOID(NTAPI * PKNORMAL_ROUTINE)(IN PVOID NormalContext OPTIONAL, IN PVOID SystemArgument1 OPTIONAL, IN PVOID SystemArgument2 OPTIONAL)
ULONG ExReInitializeResourceCount
struct _KSCHEDULING_GROUP * SchedulingGroup
struct _PP_LOOKASIDE_LIST * PPP_LOOKASIDE_LIST
UCHAR AffinityFill[FIELD_OFFSET(GROUP_AFFINITY, Reserved)]
struct _GENERAL_LOOKASIDE * L
ULONG GuaranteedStackBytes
ULONG NumberOfPhysicalPages
enum _KINTERRUPT_POLARITY KINTERRUPT_POLARITY
enum _TIMER_TYPE TIMER_TYPE
struct _KTHREAD_COUNTERS KTHREAD_COUNTERS
ULONG ExBoostExclusiveOwner
COUNTER_READING HwCounter[16]
PKSERVICE_ROUTINE ServiceRoutine
ULONG ExecutiveResourceConvertsCount
ULONG64 RelativeTimerBias
ULONG ExecutiveResourceContentionsCount
ULONG ExAcqResSharedWaitForExclusiveAcquiresExclusive
ULONG_PTR InGlobalForegroundList
UCHAR SchedulerApcFill4[FIELD_OFFSET(KAPC, SystemArgument2)]
struct _GETSETCONTEXT * PGETSETCONTEXT
UCHAR ApcStateFill[RTL_SIZEOF_THROUGH_FIELD(KAPC_STATE, UserApcPending)]
volatile ULONG ActiveConsoleId
volatile KSYSTEM_TIME TimeZoneBias
ULONG ExAcqResSharedAcquiresSharedRecursive
ULONG IpiSendRequestRoutineCount
ULONG PriorityFloorSummary
ULONG ExAcqResSharedStarveExclusiveAcquiresSharedRecursive
struct _KTIMER_TABLE * PKTIMER_TABLE
static SERVICE_TABLE_ENTRYW ServiceTable[2]
_In_opt_ PVOID _In_opt_ PVOID _In_opt_ PVOID SystemArgument2
ULONG ExAcqResExclusiveAcquiresExclusive
ULONG DispatchCode[DISPATCH_LENGTH]
UCHAR SavedApcStateFill[FIELD_OFFSET(KAPC_STATE, UserApcPending)+1]
ULONG NTSYSAPI KeMinimumIncrement
ULONG QueueDeferPreemption
volatile ULONG DpcQueueDepth
ULONG ExTryToAcqExclusiveAcquires
ULONG DbgInstallerDetectEnabled
KLOCK_ENTRY LockEntries[NUMBER_OF_LOCK_ENTRIES]
ULONG SpinLockContentionCount
UCHAR SchedulerApcFill1[FIELD_OFFSET(KAPC, SpareByte1)]
struct _GENERAL_LOOKASIDE * P
struct _SYNCH_COUNTERS * PSYNCH_COUNTERS
volatile ULONG64 TickCountQuad
ULONG ExAcqResExclusiveWaits
enum _ALTERNATIVE_ARCHITECTURE_TYPE ALTERNATIVE_ARCHITECTURE_TYPE
struct _KPROFILE * PKPROFILE
volatile ULONG64 CycleTime
#define FIELD_OFFSET(t, f)
LIST_ENTRY ProfileListHead
ULONG SpinLockAcquireCount
ULONGLONG SystemCallPad[3]
ULONG ExInitializeResourceCount
UCHAR SchedulerApcFill0[FIELD_OFFSET(KAPC, SpareByte0)]
LIST_ENTRY ThreadListEntry
ULONG LastSystemRITEventTickCount
enum _KTHREAD_STATE * PKTHREAD_STATE
struct _KSERVICE_TABLE_DESCRIPTOR KSERVICE_TABLE_DESCRIPTOR
struct _KENTROPY_TIMING_STATE * PKENTROPY_TIMING_STATE
struct _COUNTER_READING COUNTER_READING
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
ULONG_PTR CrossThreadReleasable
enum _KWAIT_REASON KWAIT_REASON
LIST_ENTRY GlobalForegroundListEntry
UCHAR UserAffinityFill[FIELD_OFFSET(GROUP_AFFINITY, Reserved)]
XSAVE_FORMAT * StateSaveArea
KSERVICE_TABLE_DESCRIPTOR NTSYSAPI KeServiceDescriptorTable[SSDT_MAX_ENTRIES]
enum _NT_PRODUCT_TYPE NT_PRODUCT_TYPE
struct _KINTERRUPT KINTERRUPT
ULONG NTSYSAPI KeDcacheFlushCount
_In_ PLARGE_INTEGER _In_opt_ PTIMER_APC_ROUTINE _In_opt_ PVOID TimerContext
struct _KEXECUTE_OPTIONS * PKEXECUTE_OPTIONS
ULONG IpiSendSoftwareInterruptCount
SLIST_HEADER PfnDereferenceSListHead
struct _KDPC_LIST * PKDPC_LIST
struct _KWAIT_BLOCK KWAIT_BLOCK
ULONG ExAcqResSharedWaitForExclusiveWaits
enum _KPROFILE_SOURCE KPROFILE_SOURCE
enum _HARDWARE_COUNTER_TYPE Type
UCHAR WaitBlockFill9[1 *sizeof(KWAIT_BLOCK)+FIELD_OFFSET(KWAIT_BLOCK, SparePtr)]
PKINTERRUPT_ROUTINE DispatchAddress
UCHAR ExecuteDispatchEnable
ULONG DbgErrorPortPresent
enum _ADJUST_REASON ADJUST_REASON
struct _KPROFILE KPROFILE
ULONG_PTR AffinityVersion
struct _KTIMER_TABLE_ENTRY KTIMER_TABLE_ENTRY
GROUP_AFFINITY UserAffinity
struct _KLOCK_ENTRY * PKLOCK_ENTRY
ULONG_PTR NTSYSAPI KiBugCheckData[]
_In_ LONG _In_ LONG Limit
KWAIT_STATUS_REGISTER WaitRegister
ULONG ProcessStackCountDecremented
ULONG ExAcqResSharedWaitForExclusiveNotAcquires
ULONG ExecutiveResourceReleaseExclusiveCount
struct _ACTIVATION_CONTEXT_STACK * ActivationContextStackPointer
#define THREAD_WAIT_OBJECTS
BOOLEAN ProcessorFeatures[PROCESSOR_FEATURE_MAX]
struct _KSERVICE_TABLE_DESCRIPTOR * PKSERVICE_TABLE_DESCRIPTOR
volatile SHORT KeReferenceCount
LIST_ENTRY MutantListHead
UCHAR WaitBlockFill11[3 *sizeof(KWAIT_BLOCK)+FIELD_OFFSET(KWAIT_BLOCK, Object)]
ULONG ExEtwSynchTrackingNotificationsAccountedCount
volatile ULONG DismountCount
BOOLEAN ProductTypeIsValid
VOID(NTAPI * PKKERNEL_ROUTINE)(IN struct _KAPC *Apc, IN OUT PKNORMAL_ROUTINE *NormalRoutine OPTIONAL, IN OUT PVOID *NormalContext OPTIONAL, IN OUT PVOID *SystemArgument1 OPTIONAL, IN OUT PVOID *SystemArgument2 OPTIONAL)
ULONG Wow64SharedInformation[MAX_WOW64_SHARED_ENTRIES]
struct _PP_LOOKASIDE_LIST PP_LOOKASIDE_LIST
KSERVICE_TABLE_DESCRIPTOR NTSYSAPI KeServiceDescriptorTableShadow[SSDT_MAX_ENTRIES]
1.8.6