📄 ntkrpamp.h
字号:
DWORD SkipTick;
DWORD MultiThreadSetBusy;
DWORD Spare2[3];
_KNODE* ParentNode;
DWORD MultiThreadProcessorSet;
_KPRCB* MultiThreadSetMaster;
DWORD ThreadStartCount[2];
DWORD CcFastReadNoWait;
DWORD CcFastReadWait;
DWORD CcFastReadNotPossible;
DWORD CcCopyReadNoWait;
DWORD CcCopyReadWait;
DWORD CcCopyReadNoWaitMiss;
DWORD KeAlignmentFixupCount;
DWORD KeContextSwitches;
DWORD KeDcacheFlushCount;
DWORD KeExceptionDispatchCount;
DWORD KeFirstLevelTbFills;
DWORD KeFloatingEmulationCount;
DWORD KeIcacheFlushCount;
DWORD KeSecondLevelTbFills;
DWORD KeSystemCalls;
DWORD SpareCounter0[1];
_PP_LOOKASIDE_LIST PPLookasideList[16];
_PP_LOOKASIDE_LIST PPNPagedLookasideList[32];
_PP_LOOKASIDE_LIST PPPagedLookasideList[32];
DWORD PacketBarrier;
DWORD ReverseStall;
void* IpiFrame;
DWORD PrcbPad2[52];
void* CurrentPacket[3];
DWORD TargetSet;
void (*WorkerRoutine)(void*, void*, void*, void*);
DWORD IpiFrozen;
DWORD PrcbPad3[40];
DWORD RequestSummary;
_KPRCB* SignalDone;
DWORD PrcbPad4[56];
_LIST_ENTRY DpcListHead;
void* DpcStack;
DWORD DpcCount;
DWORD DpcQueueDepth;
DWORD DpcRoutineActive;
DWORD DpcInterruptRequested;
DWORD DpcLastCount;
DWORD DpcRequestRate;
DWORD MaximumDpcQueueDepth;
DWORD MinimumDpcRate;
DWORD QuantumEnd;
DWORD PrcbPad5[16];
DWORD DpcLock;
DWORD PrcbPad6[60];
void* ChainedInterruptList;
int LookasideIrpFloat;
DWORD SpareFields0[6];
DWORD VendorString[13];
DWORD InitialApicId;
DWORD LogicalProcessorsPerPhysicalProcessor;
DWORD MHz;
DWORD FeatureBits;
_LARGE_INTEGER UpdateSignature;
_FX_SAVE_AREA NpxSaveArea;
_PROCESSOR_POWER_STATE PowerState;
};
struct _SLIST_HEADER {
DWORD Alignment;
_SINGLE_LIST_ENTRY Next;
DWORD Depth;
DWORD Sequence;
};
struct _SLIST_HEADER {
DWORD Alignment;
_SINGLE_LIST_ENTRY Next;
DWORD Depth;
DWORD Sequence;
};
struct _NPAGED_LOOKASIDE_LIST {
_GENERAL_LOOKASIDE L;
DWORD Lock__ObsoleteButDoNotDelete;
};
struct _GENERAL_LOOKASIDE {
_SLIST_HEADER ListHead;
DWORD Depth;
DWORD MaximumDepth;
DWORD TotalAllocates;
DWORD AllocateMisses;
DWORD AllocateHits;
DWORD TotalFrees;
DWORD FreeMisses;
DWORD FreeHits;
enum _POOL_TYPE Type;
DWORD Tag;
DWORD Size;
void* (*Allocate)(enum _POOL_TYPE, DWORD, DWORD);
void (*Free)(void*);
_LIST_ENTRY ListEntry;
DWORD LastTotalAllocates;
DWORD LastAllocateMisses;
DWORD LastAllocateHits;
DWORD Future[2];
};
struct _NPAGED_LOOKASIDE_LIST {
_GENERAL_LOOKASIDE L;
DWORD Lock__ObsoleteButDoNotDelete;
};
struct _PAGED_LOOKASIDE_LIST {
_GENERAL_LOOKASIDE L;
_FAST_MUTEX Lock__ObsoleteButDoNotDelete;
};
struct _FAST_MUTEX {
int Count;
_KTHREAD* Owner;
DWORD Contention;
_KEVENT Event;
DWORD OldIrql;
};
struct _PAGED_LOOKASIDE_LIST {
_GENERAL_LOOKASIDE L;
_FAST_MUTEX Lock__ObsoleteButDoNotDelete;
};
enum _PP_NPAGED_LOOKASIDE_NUMBER {
LookasideSmallIrpList,
LookasideLargeIrpList,
LookasideMdlList,
LookasideCreateInfoList,
LookasideNameBufferList,
LookasideTwilightList,
LookasideCompletionList,
LookasideMaximumList,
};
enum _POOL_TYPE {
NonPagedPool,
PagedPool,
NonPagedPoolMustSucceed,
DontUseThisType,
NonPagedPoolCacheAligned,
PagedPoolCacheAligned,
NonPagedPoolCacheAlignedMustS,
MaxPoolType,
NonPagedPoolSession,
PagedPoolSession,
NonPagedPoolMustSucceedSession,
DontUseThisTypeSession,
NonPagedPoolCacheAlignedSession,
PagedPoolCacheAlignedSession,
NonPagedPoolCacheAlignedMustSSession,
};
struct _GENERAL_LOOKASIDE {
_SLIST_HEADER ListHead;
DWORD Depth;
DWORD MaximumDepth;
DWORD TotalAllocates;
DWORD AllocateMisses;
DWORD AllocateHits;
DWORD TotalFrees;
DWORD FreeMisses;
DWORD FreeHits;
enum _POOL_TYPE Type;
DWORD Tag;
DWORD Size;
void* (*Allocate)(enum _POOL_TYPE, DWORD, DWORD);
void (*Free)(void*);
_LIST_ENTRY ListEntry;
DWORD LastTotalAllocates;
DWORD LastAllocateMisses;
DWORD LastAllocateHits;
DWORD Future[2];
};
struct _EX_RUNDOWN_REF {
DWORD Count;
void* Ptr;
};
struct _EX_RUNDOWN_REF {
DWORD Count;
void* Ptr;
};
struct _EX_FAST_REF {
void* Object;
DWORD RefCnt:3; // bit offset: 00, len=3
DWORD Value;
};
struct _EX_FAST_REF {
void* Object;
DWORD RefCnt:3; // bit offset: 00, len=3
DWORD Value;
};
struct _EX_PUSH_LOCK {
DWORD Waiting:1; // bit offset: 00, len=1
DWORD Exclusive:1; // bit offset: 01, len=1
DWORD Shared:30; // bit offset: 02, len=30
DWORD Value;
void* Ptr;
};
struct _EX_PUSH_LOCK {
DWORD Waiting:1; // bit offset: 00, len=1
DWORD Exclusive:1; // bit offset: 01, len=1
DWORD Shared:30; // bit offset: 02, len=30
DWORD Value;
void* Ptr;
};
struct _EX_PUSH_LOCK_WAIT_BLOCK {
_KEVENT WakeEvent;
_EX_PUSH_LOCK_WAIT_BLOCK* Next;
DWORD ShareCount;
DWORD Exclusive;
};
struct _KEVENT {
_DISPATCHER_HEADER Header;
};
struct _EX_PUSH_LOCK_WAIT_BLOCK {
_KEVENT WakeEvent;
_EX_PUSH_LOCK_WAIT_BLOCK* Next;
DWORD ShareCount;
DWORD Exclusive;
};
struct _EX_PUSH_LOCK_CACHE_AWARE {
_EX_PUSH_LOCK* Locks[32];
};
struct _EX_PUSH_LOCK_CACHE_AWARE {
_EX_PUSH_LOCK* Locks[32];
};
struct _ETHREAD {
_KTHREAD Tcb;
_LARGE_INTEGER CreateTime;
DWORD NestedFaultCount:2; // bit offset: 1C0, len=2
DWORD ApcNeeded:1; // bit offset: 1C0, len=1
_LARGE_INTEGER ExitTime;
_LIST_ENTRY LpcReplyChain;
_LIST_ENTRY KeyedWaitChain;
int ExitStatus;
void* OfsChain;
_LIST_ENTRY PostBlockList;
_TERMINATION_PORT* TerminationPort;
_ETHREAD* ReaperLink;
void* KeyedWaitValue;
DWORD ActiveTimerListLock;
_LIST_ENTRY ActiveTimerListHead;
_CLIENT_ID Cid;
_KSEMAPHORE LpcReplySemaphore;
_KSEMAPHORE KeyedWaitSemaphore;
void* LpcReplyMessage;
void* LpcWaitingOnPort;
_PS_IMPERSONATION_INFORMATION* ImpersonationInfo;
_LIST_ENTRY IrpList;
DWORD TopLevelIrp;
_DEVICE_OBJECT* DeviceToVerify;
_EPROCESS* ThreadsProcess;
void* StartAddress;
void* Win32StartAddress;
DWORD LpcReceivedMessageId;
_LIST_ENTRY ThreadListEntry;
_EX_RUNDOWN_REF RundownProtect;
_EX_PUSH_LOCK ThreadLock;
DWORD LpcReplyMessageId;
DWORD ReadClusterSize;
DWORD GrantedAccess;
DWORD CrossThreadFlags;
DWORD Terminated:1; // bit offset: 248, len=1
DWORD DeadThread:1; // bit offset: 248, len=1
DWORD HideFromDebugger:1; // bit offset: 248, len=1
DWORD ActiveImpersonationInfo:1; // bit offset: 248, len=1
DWORD SystemThread:1; // bit offset: 248, len=1
DWORD HardErrorsAreDisabled:1; // bit offset: 248, len=1
DWORD BreakOnTermination:1; // bit offset: 248, len=1
DWORD SkipCreationMsg:1; // bit offset: 248, len=1
DWORD SkipTerminationMsg:1; // bit offset: 248, len=1
DWORD SameThreadPassiveFlags;
DWORD ActiveExWorker:1; // bit offset: 24C, len=1
DWORD ExWorkerCanWaitUser:1; // bit offset: 24C, len=1
DWORD MemoryMaker:1; // bit offset: 24C, len=1
DWORD SameThreadApcFlags;
DWORD LpcReceivedMsgIdValid:1; // bit offset: 250, len=1
DWORD LpcExitThreadCalled:1; // bit offset: 250, len=1
DWORD AddressSpaceOwner:1; // bit offset: 250, len=1
DWORD ForwardClusterOnly;
DWORD DisablePageFaultClustering;
};
struct _TERMINATION_PORT {
_TERMINATION_PORT* Next;
void* Port;
};
struct _CLIENT_ID {
void* UniqueProcess;
void* UniqueThread;
};
struct _KSEMAPHORE {
_DISPATCHER_HEADER Header;
int Limit;
};
struct _PS_IMPERSONATION_INFORMATION {
void* Token;
DWORD CopyOnOpen;
DWORD EffectiveOnly;
enum _SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
};
struct _DEVICE_OBJECT {
int Type;
DWORD Size;
int ReferenceCount;
_DRIVER_OBJECT* DriverObject;
_DEVICE_OBJECT* NextDevice;
_DEVICE_OBJECT* AttachedDevice;
_IRP* CurrentIrp;
_IO_TIMER* Timer;
DWORD Flags;
DWORD Characteristics;
_VPB* Vpb;
void* DeviceExtension;
DWORD DeviceType;
char StackSize;
__unnamed Queue;
DWORD AlignmentRequirement;
_KDEVICE_QUEUE DeviceQueue;
_KDPC Dpc;
DWORD ActiveThreadCount;
void* SecurityDescriptor;
_KEVENT DeviceLock;
DWORD SectorSize;
DWORD Spare1;
_DEVOBJ_EXTENSION* DeviceObjectExtension;
void* Reserved;
};
struct _EPROCESS {
_KPROCESS Pcb;
_EX_PUSH_LOCK ProcessLock;
_LARGE_INTEGER CreateTime;
_LARGE_INTEGER ExitTime;
_EX_RUNDOWN_REF RundownProtect;
void* UniqueProcessId;
_LIST_ENTRY ActiveProcessLinks;
DWORD QuotaUsage[3];
DWORD QuotaPeak[3];
DWORD CommitCharge;
DWORD PeakVirtualSize;
DWORD VirtualSize;
_LIST_ENTRY SessionProcessLinks;
void* DebugPort;
void* ExceptionPort;
_HANDLE_TABLE* ObjectTable;
_EX_FAST_REF Token;
_FAST_MUTEX WorkingSetLock;
DWORD WorkingSetPage;
_FAST_MUTEX AddressCreationLock;
DWORD HyperSpaceLock;
_ETHREAD* ForkInProgress;
DWORD HardwareTrigger;
void* VadRoot;
void* VadHint;
void* CloneRoot;
DWORD NumberOfPrivatePages;
DWORD NumberOfLockedPages;
void* Win32Process;
_EJOB* Job;
void* SectionObject;
void* SectionBaseAddress;
_EPROCESS_QUOTA_BLOCK* QuotaBlock;
_PAGEFAULT_HISTORY* WorkingSetWatch;
void* Win32WindowStation;
void* InheritedFromUniqueProcessId;
void* LdtInformation;
void* VadFreeHint;
void* VdmObjects;
void* DeviceMap;
_LIST_ENTRY PhysicalVadList;
_HARDWARE_PTE_X86PAE PageDirectoryPte;
DWORD Filler;
void* Session;
DWORD ImageFileName[16];
_LIST_ENTRY JobLinks;
void* LockedPagesList;
_LIST_ENTRY ThreadListHead;
void* SecurityPort;
void* PaeTop;
DWORD ActiveThreads;
DWORD GrantedAccess;
DWORD DefaultHardErrorProcessing;
int LastThreadExitStatus;
_PEB* Peb;
_EX_FAST_REF PrefetchTrace;
_LARGE_INTEGER ReadOperationCount;
_LARGE_INTEGER WriteOperationCount;
_LARGE_INTEGER OtherOperationCount;
_LARGE_INTEGER ReadTransferCount;
_LARGE_INTEGER WriteTransferCount;
_LARGE_INTEGER OtherTransferCount;
DWORD CommitChargeLimit;
DWORD CommitChargePeak;
void* AweInfo;
_SE_AUDIT_PROCESS_CREATION_INFO SeAuditProcessCreationInfo;
_MMSUPPORT Vm;
DWORD LastFaultCount;
DWORD ModifiedPageCount;
DWORD NumberOfVads;
DWORD JobStatus;
DWORD Flags;
DWORD CreateReported:1; // bit offset: 248, len=1
DWORD NoDebugInherit:1; // bit offset: 248, len=1
DWORD ProcessExiting:1; // bit offset: 248, len=1
DWORD ProcessDelete:1; // bit offset: 248, len=1
DWORD Wow64SplitPages:1; // bit offset: 248, len=1
DWORD VmDeleted:1; // bit offset: 248, len=1
DWORD OutswapEnabled:1; // bit offset: 248, len=1
DWORD Outswapped:1; // bit offset: 248, len=1
DWORD ForkFailed:1; // bit offset: 248, len=1
DWORD HasPhysicalVad:1; // bit offset: 248, len=1
DWORD AddressSpaceInitialized:2; // bit offset: 248, len=2
DWORD SetTimerResolution:1; // bit offset: 248, len=1
DWORD BreakOnTermination:1; // bit offset: 248, len=1
DWORD SessionCreationUnderway:1; // bit offset: 248, len=1
DWORD WriteWatch:1; // bit offset: 248, len=1
DWORD ProcessInSession:1; // bit offset: 248, len=1
DWORD OverrideAddressSpace:1; // bit offset: 248, len=1
DWORD HasAddressSpace:1; // bit offset: 248, len=1
DWORD LaunchPrefetched:1; // bit offset: 248, len=1
DWORD InjectInpageErrors:1; // bit offset: 248, len=1
DWORD Unused:11; // bit offset: 248, len=11
int ExitStatus;
DWORD NextPageColor;
DWORD SubSystemMinorVersion;
DWORD SubSystemMajorVersion;
DWORD SubSystemVersion;
DWORD PriorityClass;
DWORD WorkingSetAcquiredUnsafe;
};
struct _ETHREAD {
_KTHREAD Tcb;
_LARGE_INTEGER CreateTime;
DWORD NestedFaultCount:2; // bit offset: 1C0, len=2
DWORD ApcNeeded:1; // bit offset: 1C0, len=1
_LARGE_INTEGER ExitTime;
_LIST_ENTRY LpcReplyChain;
_LIST_ENTRY KeyedWaitChain;
int ExitStatus;
void* OfsChain;
_LIST_ENTRY PostBlockList;
_TERMINATION_PORT* TerminationPort;
_ETHREAD* ReaperLink;
void* KeyedWaitValue;
DWORD ActiveTimerListLock;
_LIST_ENTRY ActiveTimerListHead;
_CLIENT_ID Cid;
_KSEMAPHORE LpcReplySemaphore;
_KSEMAPHORE KeyedWaitSemaphore;
void* LpcReplyMessage;
void* LpcWaitingOnPort;
_PS_IMPERSONATION_INFORMATION* ImpersonationInfo;
_LIST_ENTRY IrpList;
DWORD TopLevelIrp;
_DEVICE_OBJECT* DeviceToVerify;
_EPROCESS* ThreadsProcess;
void* StartAddress;
void* Win32StartAddress;
DWORD LpcReceivedMessageId;
_LIST_ENTRY ThreadListEntry;
_EX_RUNDOWN_REF RundownProtect;
_EX_PUSH_LOCK ThreadLock;
DWORD LpcReplyMessageId;
DWORD ReadClusterSize;
DWORD GrantedAccess;
DWORD CrossThreadFlags;
DWORD Terminated:1; // bit offset: 248, len=1
DWORD DeadThread:1; // bit offset: 248, len=1
DWORD HideFromDebugger:1; // bit offset: 248, len=1
DWORD ActiveImpersonationInfo:1; // bit offset: 248, len=1
DWORD SystemThread:1; // bit offset: 248, len=1
DWORD HardErrorsAreDisabled:1; // bit offset: 248, len=1
DWORD BreakOnTermination:1; // bit offset: 248, len=1
DWORD SkipCreationMsg:1; // bit offset: 248, len=1
DWORD SkipTerminationMsg:1; // bit offset: 248, len=1
DWORD SameThreadPassiveFlags;
DWORD ActiveExWorker:1; // bit offset: 24C, len=1
DWORD ExWorkerCanWaitUser:1; // bit offset: 24C, len=1
DWORD MemoryMaker:1; // bit offset: 24C, len=1
DWORD SameThreadApcFlags;
DWORD LpcReceivedMsgIdValid:1; // bit offset: 250, len=1
DWORD LpcExitThreadCalled:1; // bit offset: 250, len=1
DWORD AddressSpaceOwner:1; // bit offset: 250, len=1
DWORD ForwardClusterOnly;
DWORD DisablePageFaultClustering;
};
struct _KPROCESS {
_DISPATCHER_HEADER Header;
_LIST_ENTRY ProfileListHead;
DWORD DirectoryTableBase[2];
_KGDTENTRY LdtDescriptor;
_KIDTENTRY Int21Descriptor;
DWORD IopmOffset;
DWORD Iopl;
DWORD Unused;
DWORD ActiveProcessors;
DWORD KernelTime;
DWORD UserTime;
_LIST_ENTRY ReadyListHead;
_SINGLE_LIST_ENTRY SwapListEntry;
void* VdmTrapcHandler;
_LIST_ENTRY ThreadListHead;
DWORD ProcessLock;
DWORD Affinity;
DWORD StackCount;
char BasePriority;
char ThreadQuantum;
DWORD AutoAlignment;
DWORD State;
DWORD ThreadSeed;
DWORD DisableBoost;
DWORD PowerState;
DWORD DisableQuantum;
DWORD IdealNode;
DWORD Spare;
};
struct _HANDLE_TABLE {
DWORD TableCode;
_EPROCESS* QuotaProcess;
void* UniqueProcessId;
_EX_PUSH_LOCK HandleTableLock[4];
_LIST_ENTRY HandleTableList;
_EX_PUSH_LOCK HandleContentionEvent;
_HANDLE_TRACE_DEBUG_INFO* DebugInfo;
int ExtraInfoPages;
DWORD FirstFree;
DWORD LastFree;
DWORD NextHandleNeedingPool;
int HandleCount;
DWORD Flags;
DWORD StrictFIFO:1; // bit offset: 40, len=1
};
struct _EJOB {
_KEVENT Event;
_LIST_ENTRY JobLinks;
_LIST_ENTRY ProcessListHead;
_ERESOURCE JobLock;
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -