📄 ntkrpampsym.h
字号:
struct _LIST_ENTRY SwapListEntry;
struct _LIST_ENTRY ThreadListHead;
DWORD ProcessLock;
DWORD Affinity;
WORD StackCount;
char BasePriority;
char ThreadQuantum;
BYTE AutoAlignment;
BYTE State;
BYTE ThreadSeed;
BYTE DisableBoost;
BYTE PowerState;
BYTE DisableQuantum;
BYTE Spare;
};
struct _LARGE_INTEGER
{
DWORD LowPart;
long HighPart;
struct UnnamedStruct_4CBDE8 u;
__int64 QuadPart;
};
struct _KTHREAD
{
struct _DISPATCHER_HEADER Header;
struct _LIST_ENTRY MutantListHead;
void* InitialStack;
void* StackLimit;
void* Teb;
void* TlsArray;
void* KernelStack;
BYTE DebugActive;
BYTE State;
BYTE Alerted;
BYTE Iopl;
BYTE NpxState;
char Saturation;
char Priority;
struct _KAPC_STATE ApcState;
DWORD ContextSwitches;
long WaitStatus;
BYTE WaitIrql;
char WaitMode;
BYTE WaitNext;
BYTE WaitReason;
struct _KWAIT_BLOCK* WaitBlockList;
struct _LIST_ENTRY WaitListEntry;
DWORD WaitTime;
char BasePriority;
BYTE DecrementCount;
char PriorityDecrement;
char Quantum;
struct _KWAIT_BLOCK WaitBlock[4];
void* LegoData;
DWORD KernelApcDisable;
DWORD UserAffinity;
BYTE SystemAffinityActive;
BYTE PowerState;
BYTE NpxIrql;
BYTE Pad[1];
void* ServiceTable;
struct _KQUEUE* Queue;
DWORD ApcQueueLock;
struct _KTIMER Timer;
struct _LIST_ENTRY QueueListEntry;
DWORD Affinity;
BYTE Preempted;
BYTE ProcessReadyQueue;
BYTE KernelStackResident;
BYTE NextProcessor;
void* CallbackStack;
void* Win32Thread;
struct _KTRAP_FRAME* TrapFrame;
struct _KAPC_STATE* ApcStatePointer[2];
char PreviousMode;
BYTE EnableStackSwap;
BYTE LargeStack;
BYTE ResourceIndex;
DWORD KernelTime;
DWORD UserTime;
struct _KAPC_STATE SavedApcState;
BYTE Alertable;
BYTE ApcStateIndex;
BYTE ApcQueueable;
BYTE AutoAlignment;
void* StackBase;
struct _KAPC SuspendApc;
struct _KSEMAPHORE SuspendSemaphore;
struct _LIST_ENTRY ThreadListEntry;
char FreezeCount;
char SuspendCount;
BYTE IdealProcessor;
BYTE DisableBoost;
};
struct _KTHREAD*;
DWORD;
struct _MMSUPPORT
{
struct _LARGE_INTEGER LastTrimTime;
DWORD LastTrimFaultCount;
DWORD PageFaultCount;
DWORD PeakWorkingSetSize;
DWORD WorkingSetSize;
DWORD MinimumWorkingSetSize;
DWORD MaximumWorkingSetSize;
struct _MMWSL* VmWorkingSetList;
struct _LIST_ENTRY WorkingSetExpansionLinks;
BYTE AllowWorkingSetAdjustment;
BYTE AddressSpaceBeingDeleted;
BYTE ForegroundSwitchCount;
BYTE MemoryPriority;
struct UnnamedStruct_4CA468 u;
DWORD Claim;
DWORD NextEstimationSlot;
DWORD NextAgingSlot;
DWORD EstimatedAvailable;
DWORD GrowthSinceLastEstimate;
};
struct _HANDLE_TABLE
{
DWORD Flags;
long HandleCount;
struct _HANDLE_TABLE_ENTRY*** Table;
struct _EPROCESS* QuotaProcess;
void* UniqueProcessId;
long FirstFreeTableEntry;
long NextIndexNeedingPool;
struct _ERESOURCE HandleTableLock;
struct _LIST_ENTRY HandleTableList;
struct _KEVENT HandleContentionEvent;
};
struct _HANDLE_TABLE*;
struct _FAST_MUTEX
{
long Count;
struct _KTHREAD* Owner;
DWORD Contention;
struct _KEVENT Event;
DWORD OldIrql;
};
struct _ETHREAD
{
struct _KTHREAD Tcb;
struct _LARGE_INTEGER CreateTime;
unsigned NestedFaultCount;
unsigned ApcNeeded;
struct _LARGE_INTEGER ExitTime;
struct _LIST_ENTRY LpcReplyChain;
long ExitStatus;
void* OfsChain;
struct _LIST_ENTRY PostBlockList;
struct _LIST_ENTRY TerminationPortList;
DWORD ActiveTimerListLock;
struct _LIST_ENTRY ActiveTimerListHead;
struct _CLIENT_ID Cid;
struct _KSEMAPHORE LpcReplySemaphore;
void* LpcReplyMessage;
DWORD LpcReplyMessageId;
DWORD PerformanceCountLow;
struct _PS_IMPERSONATION_INFORMATION* ImpersonationInfo;
struct _LIST_ENTRY IrpList;
DWORD TopLevelIrp;
struct _DEVICE_OBJECT* DeviceToVerify;
DWORD ReadClusterSize;
BYTE ForwardClusterOnly;
BYTE DisablePageFaultClustering;
BYTE DeadThread;
BYTE HideFromDebugger;
DWORD HasTerminated;
DWORD GrantedAccess;
struct _EPROCESS* ThreadsProcess;
void* StartAddress;
void* Win32StartAddress;
DWORD LpcReceivedMessageId;
BYTE LpcExitThreadCalled;
BYTE HardErrorsAreDisabled;
BYTE LpcReceivedMsgIdValid;
BYTE ActiveImpersonationInfo;
long PerformanceCountHigh;
struct _LIST_ENTRY ThreadListEntry;
};
struct _ETHREAD*;
struct _PEB
{
BYTE InheritedAddressSpace;
BYTE ReadImageFileExecOptions;
BYTE BeingDebugged;
BYTE SpareBool;
void* Mutant;
void* ImageBaseAddress;
struct _PEB_LDR_DATA* Ldr;
struct _RTL_USER_PROCESS_PARAMETERS* ProcessParameters;
void* SubSystemData;
void* ProcessHeap;
void* FastPebLock;
void* FastPebLockRoutine;
void* FastPebUnlockRoutine;
DWORD EnvironmentUpdateCount;
void* KernelCallbackTable;
DWORD SystemReserved[2];
struct _PEB_FREE_BLOCK* FreeList;
DWORD TlsExpansionCounter;
void* TlsBitmap;
DWORD TlsBitmapBits[2];
void* ReadOnlySharedMemoryBase;
void* ReadOnlySharedMemoryHeap;
void** ReadOnlyStaticServerData;
void* AnsiCodePageData;
void* OemCodePageData;
void* UnicodeCaseTableData;
DWORD NumberOfProcessors;
DWORD NtGlobalFlag;
struct _LARGE_INTEGER CriticalSectionTimeout;
DWORD HeapSegmentReserve;
DWORD HeapSegmentCommit;
DWORD HeapDeCommitTotalFreeThreshold;
DWORD HeapDeCommitFreeBlockThreshold;
DWORD NumberOfHeaps;
DWORD MaximumNumberOfHeaps;
void** ProcessHeaps;
void* GdiSharedHandleTable;
void* ProcessStarterHelper;
DWORD GdiDCAttributeList;
void* LoaderLock;
DWORD OSMajorVersion;
DWORD OSMinorVersion;
WORD OSBuildNumber;
WORD OSCSDVersion;
DWORD OSPlatformId;
DWORD ImageSubsystem;
DWORD ImageSubsystemMajorVersion;
DWORD ImageSubsystemMinorVersion;
DWORD ImageProcessAffinityMask;
DWORD GdiHandleBuffer[34];
INVALID_TYPE* PostProcessInitRoutine;
void* TlsExpansionBitmap;
DWORD TlsExpansionBitmapBits[32];
DWORD SessionId;
void* AppCompatInfo;
struct _UNICODE_STRING CSDVersion;
};
struct _PEB*;
struct _EPROCESS_QUOTA_BLOCK
{
DWORD QuotaLock;
DWORD ReferenceCount;
DWORD QuotaPeakPoolUsage[2];
DWORD QuotaPoolUsage[2];
DWORD QuotaPoolLimit[2];
DWORD PeakPagefileUsage;
DWORD PagefileUsage;
DWORD PagefileLimit;
};
struct _EPROCESS_QUOTA_BLOCK*;
struct _PAGEFAULT_HISTORY
{
DWORD CurrentIndex;
DWORD MaxIndex;
DWORD SpinLock;
void* Reserved;
struct _PROCESS_WS_WATCH_INFORMATION WatchInfo[1];
};
struct _PAGEFAULT_HISTORY*;
struct _HARDWARE_PTE_X86PAE
{
ULONGLONG Valid;
ULONGLONG Write;
ULONGLONG Owner;
ULONGLONG WriteThrough;
ULONGLONG CacheDisable;
ULONGLONG Accessed;
ULONGLONG Dirty;
ULONGLONG LargePage;
ULONGLONG Global;
ULONGLONG CopyOnWrite;
ULONGLONG Prototype;
ULONGLONG reserved0;
ULONGLONG PageFrameNumber;
ULONGLONG reserved1;
DWORD LowPart;
DWORD HighPart;
};
BYTE;
struct _EJOB
{
struct _KEVENT Event;
struct _LIST_ENTRY JobLinks;
struct _LIST_ENTRY ProcessListHead;
struct _ERESOURCE JobLock;
struct _LARGE_INTEGER TotalUserTime;
struct _LARGE_INTEGER TotalKernelTime;
struct _LARGE_INTEGER ThisPeriodTotalUserTime;
struct _LARGE_INTEGER ThisPeriodTotalKernelTime;
DWORD TotalPageFaultCount;
DWORD TotalProcesses;
DWORD ActiveProcesses;
DWORD TotalTerminatedProcesses;
struct _LARGE_INTEGER PerProcessUserTimeLimit;
struct _LARGE_INTEGER PerJobUserTimeLimit;
DWORD LimitFlags;
DWORD MinimumWorkingSetSize;
DWORD MaximumWorkingSetSize;
DWORD ActiveProcessLimit;
DWORD Affinity;
BYTE PriorityClass;
DWORD UIRestrictionsClass;
DWORD SecurityLimitFlags;
void* Token;
struct _PS_JOB_TOKEN_FILTER* Filter;
DWORD EndOfJobTimeAction;
void* CompletionPort;
void* CompletionKey;
DWORD SessionId;
DWORD SchedulingClass;
ULONGLONG ReadOperationCount;
ULONGLONG WriteOperationCount;
ULONGLONG OtherOperationCount;
ULONGLONG ReadTransferCount;
ULONGLONG WriteTransferCount;
ULONGLONG OtherTransferCount;
struct _IO_COUNTERS IoInfo;
DWORD ProcessMemoryLimit;
DWORD JobMemoryLimit;
DWORD PeakProcessMemoryUsed;
DWORD PeakJobMemoryUsed;
DWORD CurrentJobMemoryUsed;
struct _FAST_MUTEX MemoryLimitsLock;
};
struct _EJOB*;
struct _UNICODE_STRING*;
struct _WOW64_PROCESS
{
void* Wow64;
};
struct _WOW64_PROCESS*;
struct _RTL_BITMAP
{
DWORD SizeOfBitMap;
DWORD* Buffer;
};
struct _RTL_BITMAP*;
struct UnnamedStruct_2F8F00
{
struct _KPROCESS Pcb;
long ExitStatus;
struct _KEVENT LockEvent;
DWORD LockCount;
struct _LARGE_INTEGER CreateTime;
struct _LARGE_INTEGER ExitTime;
struct _KTHREAD* LockOwner;
void* UniqueProcessId;
struct _LIST_ENTRY ActiveProcessLinks;
DWORD QuotaPeakPoolUsage[2];
DWORD QuotaPoolUsage[2];
DWORD PagefileUsage;
DWORD CommitCharge;
DWORD PeakPagefileUsage;
DWORD PeakVirtualSize;
DWORD VirtualSize;
struct _MMSUPPORT Vm;
struct _LIST_ENTRY SessionProcessLinks;
void* DebugPort;
void* ExceptionPort;
struct _HANDLE_TABLE* ObjectTable;
void* Token;
struct _FAST_MUTEX WorkingSetLock;
DWORD WorkingSetPage;
BYTE ProcessOutswapEnabled;
BYTE ProcessOutswapped;
BYTE AddressSpaceInitialized;
BYTE AddressSpaceDeleted;
struct _FAST_MUTEX AddressCreationLock;
DWORD HyperSpaceLock;
struct _ETHREAD* ForkInProgress;
WORD VmOperation;
BYTE ForkWasSuccessful;
BYTE MmAgressiveWsTrimMask;
struct _KEVENT* VmOperationEvent;
void* PaeTop;
DWORD LastFaultCount;
DWORD ModifiedPageCount;
void* VadRoot;
void* VadHint;
void* CloneRoot;
DWORD NumberOfPrivatePages;
DWORD NumberOfLockedPages;
WORD NextPageColor;
BYTE ExitProcessCalled;
BYTE CreateProcessReported;
void* SectionHandle;
struct _PEB* Peb;
void* SectionBaseAddress;
struct _EPROCESS_QUOTA_BLOCK* QuotaBlock;
long LastThreadExitStatus;
struct _PAGEFAULT_HISTORY* WorkingSetWatch;
void* Win32WindowStation;
void* InheritedFromUniqueProcessId;
DWORD GrantedAccess;
DWORD DefaultHardErrorProcessing;
void* LdtInformation;
void* VadFreeHint;
void* VdmObjects;
void* DeviceMap;
DWORD SessionId;
struct _LIST_ENTRY PhysicalVadList;
struct _HARDWARE_PTE_X86PAE PageDirectoryPte;
ULONGLONG Filler;
DWORD PaePageDirectoryPage;
BYTE ImageFileName[16];
DWORD VmTrimFaultValue;
BYTE SetTimerResolution;
BYTE PriorityClass;
BYTE SubSystemMinorVersion;
BYTE SubSystemMajorVersion;
WORD SubSystemVersion;
void* Win32Process;
struct _EJOB* Job;
DWORD JobStatus;
struct _LIST_ENTRY JobLinks;
void* LockedPagesList;
void* SecurityPort;
struct _UNICODE_STRING* AuditImageName;
struct _WOW64_PROCESS* Wow64Process;
struct _LARGE_INTEGER ReadOperationCount;
struct _LARGE_INTEGER WriteOperationCount;
struct _LARGE_INTEGER OtherOperationCount;
struct _LARGE_INTEGER ReadTransferCount;
struct _LARGE_INTEGER WriteTransferCount;
struct _LARGE_INTEGER OtherTransferCount;
DWORD CommitChargeLimit;
DWORD CommitChargePeak;
struct _LIST_ENTRY ThreadListHead;
struct _RTL_BITMAP* VadPhysicalPagesBitMap;
DWORD VadPhysicalPages;
DWORD AweLock;
};
WORD;
WORD;
struct UnnamedStruct_2FC1E8
{
WORD e_magic;
WORD e_cblp;
WORD e_cp;
WORD e_crlc;
WORD e_cparhdr;
WORD e_minalloc;
WORD e_maxalloc;
WORD e_ss;
WORD e_sp;
WORD e_csum;
WORD e_ip;
WORD e_cs;
WORD e_lfarlc;
WORD e_ovno;
WORD e_res[4];
WORD e_oemid;
WORD e_oeminfo;
WORD e_res2[10];
long e_lfanew;
};
struct _IMAGE_DOS_HEADER
{
WORD e_magic;
WORD e_cblp;
WORD e_cp;
WORD e_crlc;
WORD e_cparhdr;
WORD e_minalloc;
WORD e_maxalloc;
WORD e_ss;
WORD e_sp;
WORD e_csum;
WORD e_ip;
WORD e_cs;
WORD e_lfarlc;
WORD e_ovno;
WORD e_res[4];
WORD e_oemid;
WORD e_oeminfo;
WORD e_res2[10];
long e_lfanew;
};
BYTE;
struct UnnamedStruct_2FCC88
{
DWORD PhysicalAddress;
DWORD VirtualSize;
};
struct UnnamedStruct_2FCDE0
{
DWORD PhysicalAddress;
DWORD VirtualSize;
};
struct UnnamedStruct_2FCE28
{
BYTE Name[8];
struct UnnamedStruct_2FCDE0 Misc;
DWORD VirtualAddress;
DWORD SizeOfRawData;
DWORD PointerToRawData;
DWORD PointerToRelocations;
DWORD PointerToLinenumbers;
WORD NumberOfRelocations;
WORD NumberOfLinenumbers;
DWORD Characteristics;
};
struct _IMAGE_SECTION_HEADER
{
BYTE Name[8];
struct UnnamedStruct_2FCDE0 Misc;
DWORD VirtualAddress;
DWORD SizeOfRawData;
DWORD PointerToRawData;
DWORD PointerToRelocations;
DWORD PointerToLinenumbers;
WORD NumberOfRelocations;
WORD NumberOfLinenumbers;
DWORD Characteristics;
};
struct _DISPATCHER_HEADER
{
BYTE Type;
BYTE Absolute;
BYTE Size;
BYTE Inserted;
long SignalState;
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -