📄 ntkrnlmp.exe.h
字号:
BYTE ForwardClusterOnly;
BYTE DisablePageFaultClustering;
};
struct _KPROCESS
{
struct _DISPATCHER_HEADER Header;
struct _LIST_ENTRY ProfileListHead;
DWORD DirectoryTableBase[2];
struct _KGDTENTRY LdtDescriptor;
struct _KIDTENTRY Int21Descriptor;
WORD IopmOffset;
BYTE Iopl;
BYTE VdmFlag;
DWORD ActiveProcessors;
DWORD KernelTime;
DWORD UserTime;
struct _LIST_ENTRY ReadyListHead;
struct _SINGLE_LIST_ENTRY SwapListEntry;
void* Reserved1;
struct _LIST_ENTRY ThreadListHead;
DWORD ProcessLock;
DWORD Affinity;
WORD StackCount;
char BasePriority;
char ThreadQuantum;
BYTE AutoAlignment;
BYTE State;
BYTE ThreadSeed;
BYTE DisableBoost;
BYTE PowerState;
BYTE DisableQuantum;
BYTE IdealNode;
BYTE Spare;
};
struct _HANDLE_TABLE
{
struct _HANDLE_TABLE_SEQ FirstFreeSeq;
long NextIndexNeedingPool;
long HandleCount;
DWORD TableCode;
struct _EPROCESS* QuotaProcess;
void* UniqueProcessId;
struct _EX_PUSH_LOCK HandleTableLock;
struct _LIST_ENTRY HandleTableList;
struct _EX_PUSH_LOCK HandleContentionEvent;
struct _HANDLE_TRACE_DEBUG_INFO* DebugInfo;
long ExtraInfoPages;
};
struct _HANDLE_TABLE*;
struct _EJOB
{
struct _KEVENT Event;
struct _LIST_ENTRY JobLinks;
struct _LIST_ENTRY ProcessListHead;
struct _ERESOURCE JobLock;
struct _LARGE_INTEGER TotalUserTime;
struct _LARGE_INTEGER TotalKernelTime;
struct _LARGE_INTEGER ThisPeriodTotalUserTime;
struct _LARGE_INTEGER ThisPeriodTotalKernelTime;
DWORD TotalPageFaultCount;
DWORD TotalProcesses;
DWORD ActiveProcesses;
DWORD TotalTerminatedProcesses;
struct _LARGE_INTEGER PerProcessUserTimeLimit;
struct _LARGE_INTEGER PerJobUserTimeLimit;
DWORD LimitFlags;
DWORD MinimumWorkingSetSize;
DWORD MaximumWorkingSetSize;
DWORD ActiveProcessLimit;
DWORD Affinity;
BYTE PriorityClass;
DWORD UIRestrictionsClass;
DWORD SecurityLimitFlags;
void* Token;
struct _PS_JOB_TOKEN_FILTER* Filter;
DWORD EndOfJobTimeAction;
void* CompletionPort;
void* CompletionKey;
DWORD SessionId;
DWORD SchedulingClass;
ULONGLONG ReadOperationCount;
ULONGLONG WriteOperationCount;
ULONGLONG OtherOperationCount;
ULONGLONG ReadTransferCount;
ULONGLONG WriteTransferCount;
ULONGLONG OtherTransferCount;
struct _IO_COUNTERS IoInfo;
DWORD ProcessMemoryLimit;
DWORD JobMemoryLimit;
DWORD PeakProcessMemoryUsed;
DWORD PeakJobMemoryUsed;
DWORD CurrentJobMemoryUsed;
struct _FAST_MUTEX MemoryLimitsLock;
struct _LIST_ENTRY JobSetLinks;
DWORD MemberLevel;
DWORD JobFlags;
};
struct _EJOB*;
struct _EPROCESS_QUOTA_BLOCK
{
struct _EPROCESS_QUOTA_ENTRY QuotaEntry[3];
struct _LIST_ENTRY QuotaList;
DWORD ReferenceCount;
DWORD ProcessCount;
};
struct _EPROCESS_QUOTA_BLOCK*;
struct _PAGEFAULT_HISTORY
{
DWORD CurrentIndex;
DWORD MaxIndex;
DWORD SpinLock;
void* Reserved;
struct _PROCESS_WS_WATCH_INFORMATION WatchInfo[1];
};
struct _PAGEFAULT_HISTORY*;
struct _HARDWARE_PTE_X86
{
DWORD Valid;
DWORD Write;
DWORD Owner;
DWORD WriteThrough;
DWORD CacheDisable;
DWORD Accessed;
DWORD Dirty;
DWORD LargePage;
DWORD Global;
DWORD CopyOnWrite;
DWORD Prototype;
DWORD reserved;
DWORD PageFrameNumber;
};
BYTE;
struct _WOW64_PROCESS
{
void* Wow64;
};
struct _WOW64_PROCESS*;
struct _PEB
{
BYTE InheritedAddressSpace;
BYTE ReadImageFileExecOptions;
BYTE BeingDebugged;
BYTE SpareBool;
void* Mutant;
void* ImageBaseAddress;
struct _PEB_LDR_DATA* Ldr;
struct _RTL_USER_PROCESS_PARAMETERS* ProcessParameters;
void* SubSystemData;
void* ProcessHeap;
void* FastPebLock;
void* FastPebLockRoutine;
void* FastPebUnlockRoutine;
DWORD EnvironmentUpdateCount;
void* KernelCallbackTable;
DWORD SystemReserved[2];
struct _PEB_FREE_BLOCK* FreeList;
DWORD TlsExpansionCounter;
void* TlsBitmap;
DWORD TlsBitmapBits[2];
void* ReadOnlySharedMemoryBase;
void* ReadOnlySharedMemoryHeap;
void** ReadOnlyStaticServerData;
void* AnsiCodePageData;
void* OemCodePageData;
void* UnicodeCaseTableData;
DWORD NumberOfProcessors;
DWORD NtGlobalFlag;
struct _LARGE_INTEGER CriticalSectionTimeout;
DWORD HeapSegmentReserve;
DWORD HeapSegmentCommit;
DWORD HeapDeCommitTotalFreeThreshold;
DWORD HeapDeCommitFreeBlockThreshold;
DWORD NumberOfHeaps;
DWORD MaximumNumberOfHeaps;
void** ProcessHeaps;
void* GdiSharedHandleTable;
void* ProcessStarterHelper;
DWORD GdiDCAttributeList;
void* LoaderLock;
DWORD OSMajorVersion;
DWORD OSMinorVersion;
WORD OSBuildNumber;
WORD OSCSDVersion;
DWORD OSPlatformId;
DWORD ImageSubsystem;
DWORD ImageSubsystemMajorVersion;
DWORD ImageSubsystemMinorVersion;
DWORD ImageProcessAffinityMask;
DWORD GdiHandleBuffer[34];
INVALID_TYPE* PostProcessInitRoutine;
void* TlsExpansionBitmap;
DWORD TlsExpansionBitmapBits[32];
DWORD SessionId;
struct _ULARGE_INTEGER AppCompatFlags;
void* pShimData;
void* AppCompatInfo;
struct _UNICODE_STRING CSDVersion;
void* ActivationContextData;
void* ProcessAssemblyStorageMap;
void* SystemDefaultActivationContextData;
void* SystemAssemblyStorageMap;
DWORD MinimumStackCommit;
};
struct _PEB*;
struct _RTL_BITMAP
{
DWORD SizeOfBitMap;
DWORD* Buffer;
};
struct _RTL_BITMAP*;
struct _SE_AUDIT_PROCESS_CREATION_INFO
{
struct _OBJECT_NAME_INFORMATION* ImageFileName;
};
struct _MMSUPPORT
{
struct _LARGE_INTEGER LastTrimTime;
DWORD LastTrimFaultCount;
DWORD PageFaultCount;
DWORD PeakWorkingSetSize;
DWORD WorkingSetSize;
DWORD MinimumWorkingSetSize;
DWORD MaximumWorkingSetSize;
struct _MMWSL* VmWorkingSetList;
struct _LIST_ENTRY WorkingSetExpansionLinks;
struct _MMSUPPORT_FLAGS Flags;
DWORD Claim;
DWORD NextEstimationSlot;
DWORD NextAgingSlot;
DWORD EstimatedAvailable;
DWORD GrowthSinceLastEstimate;
};
struct UnnamedBitfield_31E258
{
};
struct UnnamedBitfield_31E2A0
{
(null);
};
struct UnnamedBitfield_31E2E8
{
(null);
};
struct UnnamedBitfield_31E330
{
(null);
};
struct UnnamedBitfield_31E378
{
(null);
};
struct UnnamedBitfield_31E3C0
{
(null);
};
struct UnnamedBitfield_31E408
{
(null);
};
struct UnnamedBitfield_31E450
{
(null);
};
struct UnnamedBitfield_31E498
{
(null);
};
struct UnnamedBitfield_31E4E0
{
(null);
};
struct UnnamedBitfield_31E528
{
(null);
};
struct UnnamedStruct_31E570
{
struct _KPROCESS Pcb;
struct _EX_PUSH_LOCK ProcessLock;
struct _LARGE_INTEGER CreateTime;
struct _LARGE_INTEGER ExitTime;
struct _EX_RUNDOWN_REF RundownProtect;
void* UniqueProcessId;
struct _LIST_ENTRY ActiveProcessLinks;
DWORD QuotaUsage[3];
DWORD QuotaPeak[3];
DWORD CommitCharge;
DWORD PeakVirtualSize;
DWORD VirtualSize;
struct _LIST_ENTRY SessionProcessLinks;
void* DebugPort;
void* ExceptionPort;
struct _HANDLE_TABLE* ObjectTable;
struct _EX_FAST_REF Token;
struct _FAST_MUTEX WorkingSetLock;
DWORD WorkingSetPage;
struct _FAST_MUTEX AddressCreationLock;
DWORD HyperSpaceLock;
struct _ETHREAD* ForkInProgress;
void* Spare1;
void* VadRoot;
void* VadHint;
void* CloneRoot;
DWORD NumberOfPrivatePages;
DWORD NumberOfLockedPages;
void* Win32Process;
struct _EJOB* Job;
void* SectionObject;
void* SectionBaseAddress;
struct _EPROCESS_QUOTA_BLOCK* QuotaBlock;
struct _PAGEFAULT_HISTORY* WorkingSetWatch;
void* Win32WindowStation;
void* InheritedFromUniqueProcessId;
void* LdtInformation;
void* VadFreeHint;
void* VdmObjects;
void* DeviceMap;
struct _LIST_ENTRY PhysicalVadList;
struct _HARDWARE_PTE_X86 PageDirectoryPte;
ULONGLONG Filler;
void* Session;
BYTE ImageFileName[16];
struct _LIST_ENTRY JobLinks;
void* LockedPagesList;
struct _LIST_ENTRY ThreadListHead;
void* SecurityPort;
struct _WOW64_PROCESS* Wow64Process;
DWORD ActiveThreads;
DWORD GrantedAccess;
DWORD DefaultHardErrorProcessing;
long LastThreadExitStatus;
struct _PEB* Peb;
struct _EX_FAST_REF PrefetchTrace;
struct _LARGE_INTEGER ReadOperationCount;
struct _LARGE_INTEGER WriteOperationCount;
struct _LARGE_INTEGER OtherOperationCount;
struct _LARGE_INTEGER ReadTransferCount;
struct _LARGE_INTEGER WriteTransferCount;
struct _LARGE_INTEGER OtherTransferCount;
DWORD CommitChargeLimit;
DWORD CommitChargePeak;
struct _RTL_BITMAP* VadPhysicalPagesBitMap;
DWORD VadPhysicalPages;
DWORD AweLock;
struct _SE_AUDIT_PROCESS_CREATION_INFO SeAuditProcessCreationInfo;
struct _MMSUPPORT Vm;
DWORD LastFaultCount;
DWORD ModifiedPageCount;
DWORD NumberOfVads;
DWORD Spare2;
DWORD JobStatus;
DWORD Flags;
DWORD CreateReported;
DWORD NoDebugInherit;
DWORD ProcessExiting;
DWORD ProcessDelete;
DWORD Wow64SplitPages;
DWORD VmDeleted;
DWORD OutswapEnabled;
DWORD Outswapped;
DWORD ForkFailed;
DWORD HasPhysicalVad;
DWORD AddressSpaceInitialized;
DWORD SetTimerResolution;
DWORD BreakOnTermination;
DWORD SessionCreationUnderway;
DWORD WriteWatch;
DWORD ProcessInSession;
DWORD OverrideAddressSpace;
DWORD Unused;
long ExitStatus;
WORD NextPageColor;
BYTE SubSystemMinorVersion;
BYTE SubSystemMajorVersion;
WORD SubSystemVersion;
BYTE PriorityClass;
};
struct _LIST_ENTRY*;
struct UnnamedStruct_7E4BA0
{
struct _LIST_ENTRY* Flink;
struct _LIST_ENTRY* Blink;
};
struct _FX_SAVE_AREA*;
struct _FNSAVE_FORMAT
{
DWORD ControlWord;
DWORD StatusWord;
DWORD TagWord;
DWORD ErrorOffset;
DWORD ErrorSelector;
DWORD DataOffset;
DWORD DataSelector;
BYTE RegisterArea[80];
};
struct _FXSAVE_FORMAT
{
WORD ControlWord;
WORD StatusWord;
WORD TagWord;
WORD ErrorOpcode;
DWORD ErrorOffset;
DWORD ErrorSelector;
DWORD DataOffset;
DWORD DataSelector;
DWORD MXCsr;
DWORD MXCsrMask;
BYTE RegisterArea[128];
BYTE Reserved3[128];
BYTE Reserved4[224];
BYTE Align16Byte[8];
};
struct UnnamedStruct_7E4E50
{
struct _FNSAVE_FORMAT FnArea;
struct _FXSAVE_FORMAT FxArea;
};
struct UnnamedStruct_7E4F98
{
struct _FNSAVE_FORMAT FnArea;
struct _FXSAVE_FORMAT FxArea;
};
struct UnnamedStruct_7E4FE0
{
struct UnnamedStruct_7E4F98 U;
DWORD NpxSavedCpu;
DWORD Cr0NpxState;
};
struct _VACB
{
void* BaseAddress;
struct _SHARED_CACHE_MAP* SharedCacheMap;
struct UnnamedStruct_7E54D8 Overlay;
struct _LIST_ENTRY LruList;
};
struct _VACB*;
struct _VACB**;
struct _SHARED_CACHE_MAP
{
short NodeTypeCode;
short NodeByteSize;
DWORD OpenCount;
struct _LARGE_INTEGER FileSize;
struct _LIST_ENTRY BcbList;
struct _LARGE_INTEGER SectionSize;
struct _LARGE_INTEGER ValidDataLength;
struct _LARGE_INTEGER ValidDataGoal;
struct _VACB* InitialVacbs[4];
struct _VACB** Vacbs;
struct _FILE_OBJECT* FileObject;
struct _VACB* ActiveVacb;
void* NeedToZero;
DWORD ActivePage;
DWORD NeedToZeroPage;
DWORD ActiveVacbSpinLock;
DWORD VacbActiveCount;
DWORD DirtyPages;
struct _LIST_ENTRY SharedCacheMapLinks;
DWORD Flags;
long Status;
struct _MBCB* Mbcb;
void* Section;
struct _KEVENT* CreateEvent;
struct _KEVENT* WaitOnActiveCount;
DWORD PagesToWrite;
__int64 BeyondLastFlush;
struct _CACHE_MANAGER_CALLBACKS* Callbacks;
void* LazyWriteContext;
struct _LIST_ENTRY PrivateList;
void* LogHandle;
INVALID_TYPE* FlushToLsnRoutine;
DWORD DirtyPageThreshold;
DWORD LazyWritePassCount;
struct _CACHE_UNINITIALIZE_EVENT* UninitializeEvent;
struct _VACB* NeedToZeroVacb;
DWORD BcbSpinLock;
void* Reserved;
struct _KEVENT Event;
struct _PRIVATE_CACHE_MAP PrivateCacheMap;
};
struct _SHARED_CACHE_MAP*;
struct UnnamedStruct_7E5390
{
struct _LARGE_INTEGER FileOffset;
WORD ActiveCount;
};
struct UnnamedStruct_7E54D8
{
struct _LARGE_INTEGER FileOffset;
WORD ActiveCount;
};
struct UnnamedStruct_7E5520
{
void* BaseAddress;
struct _SHARED_CACHE_MAP* SharedCacheMap;
struct UnnamedStruct_7E54D8 Overlay;
struct _LIST_ENTRY LruList;
};
struct _VACB*;
struct _FILE_OBJECT
{
short Type;
short Size;
struct _DEVICE_OBJECT* DeviceObject;
struct _VPB* Vpb;
void* FsContext;
void* FsContext2;
struct _SECTION_OBJECT_POINTERS* SectionObjectPointer;
void* PrivateCacheMap;
long FinalStatus;
struct _FILE_OBJECT* RelatedFileObject;
BYTE LockOperation;
BYTE DeletePending;
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -