📄 ntkrpamp.h
字号:
_LARGE_INTEGER TotalUserTime;
_LARGE_INTEGER TotalKernelTime;
_LARGE_INTEGER ThisPeriodTotalUserTime;
_LARGE_INTEGER ThisPeriodTotalKernelTime;
DWORD TotalPageFaultCount;
DWORD TotalProcesses;
DWORD ActiveProcesses;
DWORD TotalTerminatedProcesses;
_LARGE_INTEGER PerProcessUserTimeLimit;
_LARGE_INTEGER PerJobUserTimeLimit;
DWORD LimitFlags;
DWORD MinimumWorkingSetSize;
DWORD MaximumWorkingSetSize;
DWORD ActiveProcessLimit;
DWORD Affinity;
DWORD PriorityClass;
DWORD UIRestrictionsClass;
DWORD SecurityLimitFlags;
void* Token;
_PS_JOB_TOKEN_FILTER* Filter;
DWORD EndOfJobTimeAction;
void* CompletionPort;
void* CompletionKey;
DWORD SessionId;
DWORD SchedulingClass;
DWORD ReadOperationCount;
DWORD WriteOperationCount;
DWORD OtherOperationCount;
DWORD ReadTransferCount;
DWORD WriteTransferCount;
DWORD OtherTransferCount;
_IO_COUNTERS IoInfo;
DWORD ProcessMemoryLimit;
DWORD JobMemoryLimit;
DWORD PeakProcessMemoryUsed;
DWORD PeakJobMemoryUsed;
DWORD CurrentJobMemoryUsed;
_FAST_MUTEX MemoryLimitsLock;
_LIST_ENTRY JobSetLinks;
DWORD MemberLevel;
DWORD JobFlags;
};
struct _EPROCESS_QUOTA_BLOCK {
_EPROCESS_QUOTA_ENTRY QuotaEntry[3];
_LIST_ENTRY QuotaList;
DWORD ReferenceCount;
DWORD ProcessCount;
};
struct _PAGEFAULT_HISTORY {
DWORD CurrentIndex;
DWORD MaxIndex;
DWORD SpinLock;
void* Reserved;
_PROCESS_WS_WATCH_INFORMATION WatchInfo[1];
};
struct _HARDWARE_PTE_X86PAE {
DWORD Valid:1; // bit offset: 00, len=1
DWORD Write:1; // bit offset: 01, len=1
DWORD Owner:1; // bit offset: 02, len=1
DWORD WriteThrough:1; // bit offset: 03, len=1
DWORD CacheDisable:1; // bit offset: 04, len=1
DWORD Accessed:1; // bit offset: 05, len=1
DWORD Dirty:1; // bit offset: 06, len=1
DWORD LargePage:1; // bit offset: 07, len=1
DWORD Global:1; // bit offset: 08, len=1
DWORD CopyOnWrite:1; // bit offset: 09, len=1
DWORD Prototype:1; // bit offset: 0A, len=1
DWORD reserved0:1; // bit offset: 0B, len=1
DWORD PageFrameNumber:26; // bit offset: 0C, len=26
DWORD reserved1:26; // bit offset: 26, len=26
DWORD LowPart;
DWORD HighPart;
};
struct _PEB {
DWORD InheritedAddressSpace;
DWORD ReadImageFileExecOptions;
DWORD BeingDebugged;
DWORD SpareBool;
void* Mutant;
void* ImageBaseAddress;
_PEB_LDR_DATA* Ldr;
_RTL_USER_PROCESS_PARAMETERS* ProcessParameters;
void* SubSystemData;
void* ProcessHeap;
_RTL_CRITICAL_SECTION* FastPebLock;
void* FastPebLockRoutine;
void* FastPebUnlockRoutine;
DWORD EnvironmentUpdateCount;
void* KernelCallbackTable;
DWORD SystemReserved[1];
DWORD ExecuteOptions:2; // bit offset: 34, len=2
DWORD SpareBits:30; // bit offset: 34, len=30
_PEB_FREE_BLOCK* FreeList;
DWORD TlsExpansionCounter;
void* TlsBitmap;
DWORD TlsBitmapBits[2];
void* ReadOnlySharedMemoryBase;
void* ReadOnlySharedMemoryHeap;
void** ReadOnlyStaticServerData;
void* AnsiCodePageData;
void* OemCodePageData;
void* UnicodeCaseTableData;
DWORD NumberOfProcessors;
DWORD NtGlobalFlag;
_LARGE_INTEGER CriticalSectionTimeout;
DWORD HeapSegmentReserve;
DWORD HeapSegmentCommit;
DWORD HeapDeCommitTotalFreeThreshold;
DWORD HeapDeCommitFreeBlockThreshold;
DWORD NumberOfHeaps;
DWORD MaximumNumberOfHeaps;
void** ProcessHeaps;
void* GdiSharedHandleTable;
void* ProcessStarterHelper;
DWORD GdiDCAttributeList;
void* LoaderLock;
DWORD OSMajorVersion;
DWORD OSMinorVersion;
DWORD OSBuildNumber;
DWORD OSCSDVersion;
DWORD OSPlatformId;
DWORD ImageSubsystem;
DWORD ImageSubsystemMajorVersion;
DWORD ImageSubsystemMinorVersion;
DWORD ImageProcessAffinityMask;
DWORD GdiHandleBuffer[34];
void (*PostProcessInitRoutine)();
void* TlsExpansionBitmap;
DWORD TlsExpansionBitmapBits[32];
DWORD SessionId;
_ULARGE_INTEGER AppCompatFlags;
_ULARGE_INTEGER AppCompatFlagsUser;
void* pShimData;
void* AppCompatInfo;
_UNICODE_STRING CSDVersion;
void* ActivationContextData;
void* ProcessAssemblyStorageMap;
void* SystemDefaultActivationContextData;
void* SystemAssemblyStorageMap;
DWORD MinimumStackCommit;
};
struct _SE_AUDIT_PROCESS_CREATION_INFO {
_OBJECT_NAME_INFORMATION* ImageFileName;
};
struct _MMSUPPORT {
_LARGE_INTEGER LastTrimTime;
_MMSUPPORT_FLAGS Flags;
DWORD PageFaultCount;
DWORD PeakWorkingSetSize;
DWORD WorkingSetSize;
DWORD MinimumWorkingSetSize;
DWORD MaximumWorkingSetSize;
_MMWSL* VmWorkingSetList;
_LIST_ENTRY WorkingSetExpansionLinks;
DWORD Claim;
DWORD NextEstimationSlot;
DWORD NextAgingSlot;
DWORD EstimatedAvailable;
DWORD GrowthSinceLastEstimate;
};
struct _EPROCESS {
_KPROCESS Pcb;
_EX_PUSH_LOCK ProcessLock;
_LARGE_INTEGER CreateTime;
_LARGE_INTEGER ExitTime;
_EX_RUNDOWN_REF RundownProtect;
void* UniqueProcessId;
_LIST_ENTRY ActiveProcessLinks;
DWORD QuotaUsage[3];
DWORD QuotaPeak[3];
DWORD CommitCharge;
DWORD PeakVirtualSize;
DWORD VirtualSize;
_LIST_ENTRY SessionProcessLinks;
void* DebugPort;
void* ExceptionPort;
_HANDLE_TABLE* ObjectTable;
_EX_FAST_REF Token;
_FAST_MUTEX WorkingSetLock;
DWORD WorkingSetPage;
_FAST_MUTEX AddressCreationLock;
DWORD HyperSpaceLock;
_ETHREAD* ForkInProgress;
DWORD HardwareTrigger;
void* VadRoot;
void* VadHint;
void* CloneRoot;
DWORD NumberOfPrivatePages;
DWORD NumberOfLockedPages;
void* Win32Process;
_EJOB* Job;
void* SectionObject;
void* SectionBaseAddress;
_EPROCESS_QUOTA_BLOCK* QuotaBlock;
_PAGEFAULT_HISTORY* WorkingSetWatch;
void* Win32WindowStation;
void* InheritedFromUniqueProcessId;
void* LdtInformation;
void* VadFreeHint;
void* VdmObjects;
void* DeviceMap;
_LIST_ENTRY PhysicalVadList;
_HARDWARE_PTE_X86PAE PageDirectoryPte;
DWORD Filler;
void* Session;
DWORD ImageFileName[16];
_LIST_ENTRY JobLinks;
void* LockedPagesList;
_LIST_ENTRY ThreadListHead;
void* SecurityPort;
void* PaeTop;
DWORD ActiveThreads;
DWORD GrantedAccess;
DWORD DefaultHardErrorProcessing;
int LastThreadExitStatus;
_PEB* Peb;
_EX_FAST_REF PrefetchTrace;
_LARGE_INTEGER ReadOperationCount;
_LARGE_INTEGER WriteOperationCount;
_LARGE_INTEGER OtherOperationCount;
_LARGE_INTEGER ReadTransferCount;
_LARGE_INTEGER WriteTransferCount;
_LARGE_INTEGER OtherTransferCount;
DWORD CommitChargeLimit;
DWORD CommitChargePeak;
void* AweInfo;
_SE_AUDIT_PROCESS_CREATION_INFO SeAuditProcessCreationInfo;
_MMSUPPORT Vm;
DWORD LastFaultCount;
DWORD ModifiedPageCount;
DWORD NumberOfVads;
DWORD JobStatus;
DWORD Flags;
DWORD CreateReported:1; // bit offset: 248, len=1
DWORD NoDebugInherit:1; // bit offset: 248, len=1
DWORD ProcessExiting:1; // bit offset: 248, len=1
DWORD ProcessDelete:1; // bit offset: 248, len=1
DWORD Wow64SplitPages:1; // bit offset: 248, len=1
DWORD VmDeleted:1; // bit offset: 248, len=1
DWORD OutswapEnabled:1; // bit offset: 248, len=1
DWORD Outswapped:1; // bit offset: 248, len=1
DWORD ForkFailed:1; // bit offset: 248, len=1
DWORD HasPhysicalVad:1; // bit offset: 248, len=1
DWORD AddressSpaceInitialized:2; // bit offset: 248, len=2
DWORD SetTimerResolution:1; // bit offset: 248, len=1
DWORD BreakOnTermination:1; // bit offset: 248, len=1
DWORD SessionCreationUnderway:1; // bit offset: 248, len=1
DWORD WriteWatch:1; // bit offset: 248, len=1
DWORD ProcessInSession:1; // bit offset: 248, len=1
DWORD OverrideAddressSpace:1; // bit offset: 248, len=1
DWORD HasAddressSpace:1; // bit offset: 248, len=1
DWORD LaunchPrefetched:1; // bit offset: 248, len=1
DWORD InjectInpageErrors:1; // bit offset: 248, len=1
DWORD Unused:11; // bit offset: 248, len=11
int ExitStatus;
DWORD NextPageColor;
DWORD SubSystemMinorVersion;
DWORD SubSystemMajorVersion;
DWORD SubSystemVersion;
DWORD PriorityClass;
DWORD WorkingSetAcquiredUnsafe;
};
struct _OBJECT_ATTRIBUTES {
DWORD Length;
void* RootDirectory;
_UNICODE_STRING* ObjectName;
DWORD Attributes;
void* SecurityDescriptor;
void* SecurityQualityOfService;
};
struct _UNICODE_STRING {
DWORD Length;
DWORD MaximumLength;
DWORD* Buffer;
};
struct _OBJECT_ATTRIBUTES {
DWORD Length;
void* RootDirectory;
_UNICODE_STRING* ObjectName;
DWORD Attributes;
void* SecurityDescriptor;
void* SecurityQualityOfService;
};
struct _OBJECT_TYPE {
_ERESOURCE Mutex;
_LIST_ENTRY TypeList;
_UNICODE_STRING Name;
void* DefaultObject;
DWORD Index;
DWORD TotalNumberOfObjects;
DWORD TotalNumberOfHandles;
DWORD HighWaterNumberOfObjects;
DWORD HighWaterNumberOfHandles;
_OBJECT_TYPE_INITIALIZER TypeInfo;
DWORD Key;
_ERESOURCE ObjectLocks[4];
};
struct _ERESOURCE {
_LIST_ENTRY SystemResourcesList;
_OWNER_ENTRY* OwnerTable;
int ActiveCount;
DWORD Flag;
_KSEMAPHORE* SharedWaiters;
_KEVENT* ExclusiveWaiters;
_OWNER_ENTRY OwnerThreads[2];
DWORD ContentionCount;
DWORD NumberOfSharedWaiters;
DWORD NumberOfExclusiveWaiters;
void* Address;
DWORD CreatorBackTraceIndex;
DWORD SpinLock;
};
struct _OBJECT_TYPE_INITIALIZER {
DWORD Length;
DWORD UseDefaultObject;
DWORD CaseInsensitive;
DWORD InvalidAttributes;
_GENERIC_MAPPING GenericMapping;
DWORD ValidAccessMask;
DWORD SecurityRequired;
DWORD MaintainHandleCount;
DWORD MaintainTypeList;
enum _POOL_TYPE PoolType;
DWORD DefaultPagedPoolCharge;
DWORD DefaultNonPagedPoolCharge;
void (*DumpProcedure)(void*, _OBJECT_DUMP_CONTROL*);
int (*OpenProcedure)(enum _OB_OPEN_REASON, _EPROCESS*, void*, DWORD, DWORD);
void (*CloseProcedure)(_EPROCESS*, void*, DWORD, DWORD, DWORD);
void (*DeleteProcedure)(void*);
int (*ParseProcedure)(void*, void*, _ACCESS_STATE*, char, DWORD, _UNICODE_STRING*, _UNICODE_STRING*, void*, _SECURITY_QUALITY_OF_SERVICE*, void**);
int (*SecurityProcedure)(void*, enum _SECURITY_OPERATION_CODE, DWORD*, void*, DWORD*, void**, enum _POOL_TYPE, _GENERIC_MAPPING*);
int (*QueryNameProcedure)(void*, DWORD, _OBJECT_NAME_INFORMATION*, DWORD, DWORD*);
DWORD (*OkayToCloseProcedure)(_EPROCESS*, void*, void*, char);
};
struct _OBJECT_TYPE {
_ERESOURCE Mutex;
_LIST_ENTRY TypeList;
_UNICODE_STRING Name;
void* DefaultObject;
DWORD Index;
DWORD TotalNumberOfObjects;
DWORD TotalNumberOfHandles;
DWORD HighWaterNumberOfObjects;
DWORD HighWaterNumberOfHandles;
_OBJECT_TYPE_INITIALIZER TypeInfo;
DWORD Key;
_ERESOURCE ObjectLocks[4];
};
struct _OBJECT_HANDLE_INFORMATION {
DWORD HandleAttributes;
DWORD GrantedAccess;
};
struct _OBJECT_HANDLE_INFORMATION {
DWORD HandleAttributes;
DWORD GrantedAccess;
};
struct _DISPATCHER_HEADER {
DWORD Type;
DWORD Absolute;
DWORD Size;
DWORD Inserted;
int SignalState;
_LIST_ENTRY WaitListHead;
};
struct _KAPC_STATE {
_LIST_ENTRY ApcListHead[2];
_KPROCESS* Process;
DWORD KernelApcInProgress;
DWORD KernelApcPending;
DWORD UserApcPending;
};
struct _KWAIT_BLOCK {
_LIST_ENTRY WaitListEntry;
_KTHREAD* Thread;
void* Object;
_KWAIT_BLOCK* NextWaitBlock;
DWORD WaitKey;
DWORD WaitType;
};
struct _KQUEUE {
_DISPATCHER_HEADER Header;
_LIST_ENTRY EntryListHead;
DWORD CurrentCount;
DWORD MaximumCount;
_LIST_ENTRY ThreadListHead;
};
struct _KTIMER {
_DISPATCHER_HEADER Header;
_ULARGE_INTEGER DueTime;
_LIST_ENTRY TimerListEntry;
_KDPC* Dpc;
int Period;
};
struct _KTRAP_FRAME {
DWORD DbgEbp;
DWORD DbgEip;
DWORD DbgArgMark;
DWORD DbgArgPointer;
DWORD TempSegCs;
DWORD TempEsp;
DWORD Dr0;
DWORD Dr1;
DWORD Dr2;
DWORD Dr3;
DWORD Dr6;
DWORD Dr7;
DWORD SegGs;
DWORD SegEs;
DWORD SegDs;
DWORD Edx;
DWORD Ecx;
DWORD Eax;
DWORD PreviousPreviousMode;
_EXCEPTION_REGISTRATION_RECORD* ExceptionList;
DWORD SegFs;
DWORD Edi;
DWORD Esi;
DWORD Ebx;
DWORD Ebp;
DWORD ErrCode;
DWORD Eip;
DWORD SegCs;
DWORD EFlags;
DWORD HardwareEsp;
DWORD HardwareSegSs;
DWORD V86Es;
DWORD V86Ds;
DWORD V86Fs;
DWORD V86Gs;
};
struct _KTHREAD {
_DISPATCHER_HEADER Header;
_LIST_ENTRY MutantListHead;
void* InitialStack;
void* StackLimit;
void* Teb;
void* TlsArray;
void* KernelStack;
DWORD DebugActive;
DWORD State;
DWORD Alerted[2];
DWORD Iopl;
DWORD NpxState;
char Saturation;
char Priority;
_KAPC_STATE ApcState;
DWORD ContextSwitches;
DWORD IdleSwapBlock;
DWORD Spare0[3];
int WaitStatus;
DWORD WaitIrql;
char WaitMode;
DWORD WaitNext;
DWORD WaitReason;
_KWAIT_BLOCK* WaitBlockList;
_LIST_ENTRY WaitListEntry;
_SINGLE_LIST_ENTRY SwapListEntry;
DWORD WaitTime;
char BasePriority;
DWORD DecrementCount;
char PriorityDecrement;
char Quantum;
_KWAIT_BLOCK WaitBlock[4];
void* LegoData;
DWORD KernelApcDisable;
DWORD UserAffinity;
DWORD SystemAffinityActive;
DWORD PowerState;
DWORD NpxIrql;
DWORD InitialNode;
void* ServiceTable;
_KQUEUE* Queue;
DWORD ApcQueueLock;
_KTIMER Timer;
_LIST_ENTRY QueueListEntry;
DWORD SoftAffinity;
DWORD Affinity;
DWORD Preempted;
DWORD ProcessReadyQueue;
DWORD KernelStackResident;
DWORD NextProcessor;
void* CallbackStack;
void* Win32Thread;
_KTRAP_FRAME* TrapFrame;
_KAPC_STATE* ApcStatePointer[2];
char PreviousMode;
DWORD EnableStackSwap;
DWORD LargeStack;
DWORD ResourceIndex;
DWORD KernelTime;
DWORD UserTime;
_KAPC_STATE SavedApcState;
DWORD Alertable;
DWORD ApcStateIndex;
DWORD ApcQueueable;
DWORD AutoAlignment;
void* StackBase;
_KAPC SuspendApc;
_KSEMAPHORE SuspendSemaphore;
_LIST_ENTRY ThreadListEntry;
char FreezeCount;
char SuspendCount;
DWORD IdealProcessor;
DWORD DisableBoost;
};
struct _FNSAVE_FORMAT {
DWORD ControlWord;
DWORD StatusWord;
DWORD TagWord;
DWORD ErrorOffset;
DWORD ErrorSelector;
DWORD DataOffset;
DWORD DataSelector;
DWORD RegisterArea[80];
};
struct _FXSAVE_FORMAT {
DWORD ControlWord;
DWORD StatusWord;
DWORD TagWord;
DWORD ErrorOpcode;
DWORD ErrorOffset;
DWORD ErrorSelector;
DWORD DataOffset;
DWORD DataSelector;
DWORD MXCsr;
DWORD MXCsrMask;
DWORD RegisterArea[128];
DWORD Reserved3[128];
DWORD Reserved4[224];
DWORD Align16Byte[8];
};
struct __unnamed {
_FNSAVE_FORMAT FnArea;
_FXSAVE_FORMAT FxArea;
};
struct _FX_SAVE_AREA {
__unnamed U;
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -