📄 ntdll.h
字号:
DWORD IdealNode;
DWORD Spare;
};
struct _HANDLE_TABLE {
DWORD TableCode;
_EPROCESS* QuotaProcess;
void* UniqueProcessId;
_EX_PUSH_LOCK HandleTableLock[4];
_LIST_ENTRY HandleTableList;
_EX_PUSH_LOCK HandleContentionEvent;
_HANDLE_TRACE_DEBUG_INFO* DebugInfo;
int ExtraInfoPages;
DWORD FirstFree;
DWORD LastFree;
DWORD NextHandleNeedingPool;
int HandleCount;
DWORD Flags;
DWORD StrictFIFO:1; // bit offset: 40, len=1
};
struct _EJOB {
_KEVENT Event;
_LIST_ENTRY JobLinks;
_LIST_ENTRY ProcessListHead;
_ERESOURCE JobLock;
_LARGE_INTEGER TotalUserTime;
_LARGE_INTEGER TotalKernelTime;
_LARGE_INTEGER ThisPeriodTotalUserTime;
_LARGE_INTEGER ThisPeriodTotalKernelTime;
DWORD TotalPageFaultCount;
DWORD TotalProcesses;
DWORD ActiveProcesses;
DWORD TotalTerminatedProcesses;
_LARGE_INTEGER PerProcessUserTimeLimit;
_LARGE_INTEGER PerJobUserTimeLimit;
DWORD LimitFlags;
DWORD MinimumWorkingSetSize;
DWORD MaximumWorkingSetSize;
DWORD ActiveProcessLimit;
DWORD Affinity;
DWORD PriorityClass;
DWORD UIRestrictionsClass;
DWORD SecurityLimitFlags;
void* Token;
_PS_JOB_TOKEN_FILTER* Filter;
DWORD EndOfJobTimeAction;
void* CompletionPort;
void* CompletionKey;
DWORD SessionId;
DWORD SchedulingClass;
DWORD ReadOperationCount;
DWORD WriteOperationCount;
DWORD OtherOperationCount;
DWORD ReadTransferCount;
DWORD WriteTransferCount;
DWORD OtherTransferCount;
_IO_COUNTERS IoInfo;
DWORD ProcessMemoryLimit;
DWORD JobMemoryLimit;
DWORD PeakProcessMemoryUsed;
DWORD PeakJobMemoryUsed;
DWORD CurrentJobMemoryUsed;
_FAST_MUTEX MemoryLimitsLock;
_LIST_ENTRY JobSetLinks;
DWORD MemberLevel;
DWORD JobFlags;
};
struct _EPROCESS_QUOTA_BLOCK {
_EPROCESS_QUOTA_ENTRY QuotaEntry[3];
_LIST_ENTRY QuotaList;
DWORD ReferenceCount;
DWORD ProcessCount;
};
struct _PAGEFAULT_HISTORY {
DWORD CurrentIndex;
DWORD MaxIndex;
DWORD SpinLock;
void* Reserved;
_PROCESS_WS_WATCH_INFORMATION WatchInfo[1];
};
struct _HARDWARE_PTE_X86 {
DWORD Valid:1; // bit offset: 00, len=1
DWORD Write:1; // bit offset: 01, len=1
DWORD Owner:1; // bit offset: 02, len=1
DWORD WriteThrough:1; // bit offset: 03, len=1
DWORD CacheDisable:1; // bit offset: 04, len=1
DWORD Accessed:1; // bit offset: 05, len=1
DWORD Dirty:1; // bit offset: 06, len=1
DWORD LargePage:1; // bit offset: 07, len=1
DWORD Global:1; // bit offset: 08, len=1
DWORD CopyOnWrite:1; // bit offset: 09, len=1
DWORD Prototype:1; // bit offset: 0A, len=1
DWORD reserved:1; // bit offset: 0B, len=1
DWORD PageFrameNumber:20; // bit offset: 0C, len=20
};
struct _PEB {
DWORD InheritedAddressSpace;
DWORD ReadImageFileExecOptions;
DWORD BeingDebugged;
DWORD SpareBool;
void* Mutant;
void* ImageBaseAddress;
_PEB_LDR_DATA* Ldr;
_RTL_USER_PROCESS_PARAMETERS* ProcessParameters;
void* SubSystemData;
void* ProcessHeap;
_RTL_CRITICAL_SECTION* FastPebLock;
void* FastPebLockRoutine;
void* FastPebUnlockRoutine;
DWORD EnvironmentUpdateCount;
void* KernelCallbackTable;
DWORD SystemReserved[1];
DWORD ExecuteOptions:2; // bit offset: 34, len=2
DWORD SpareBits:30; // bit offset: 34, len=30
_PEB_FREE_BLOCK* FreeList;
DWORD TlsExpansionCounter;
void* TlsBitmap;
DWORD TlsBitmapBits[2];
void* ReadOnlySharedMemoryBase;
void* ReadOnlySharedMemoryHeap;
void** ReadOnlyStaticServerData;
void* AnsiCodePageData;
void* OemCodePageData;
void* UnicodeCaseTableData;
DWORD NumberOfProcessors;
DWORD NtGlobalFlag;
_LARGE_INTEGER CriticalSectionTimeout;
DWORD HeapSegmentReserve;
DWORD HeapSegmentCommit;
DWORD HeapDeCommitTotalFreeThreshold;
DWORD HeapDeCommitFreeBlockThreshold;
DWORD NumberOfHeaps;
DWORD MaximumNumberOfHeaps;
void** ProcessHeaps;
void* GdiSharedHandleTable;
void* ProcessStarterHelper;
DWORD GdiDCAttributeList;
void* LoaderLock;
DWORD OSMajorVersion;
DWORD OSMinorVersion;
DWORD OSBuildNumber;
DWORD OSCSDVersion;
DWORD OSPlatformId;
DWORD ImageSubsystem;
DWORD ImageSubsystemMajorVersion;
DWORD ImageSubsystemMinorVersion;
DWORD ImageProcessAffinityMask;
DWORD GdiHandleBuffer[34];
void (*PostProcessInitRoutine)();
void* TlsExpansionBitmap;
DWORD TlsExpansionBitmapBits[32];
DWORD SessionId;
_ULARGE_INTEGER AppCompatFlags;
_ULARGE_INTEGER AppCompatFlagsUser;
void* pShimData;
void* AppCompatInfo;
_UNICODE_STRING CSDVersion;
void* ActivationContextData;
void* ProcessAssemblyStorageMap;
void* SystemDefaultActivationContextData;
void* SystemAssemblyStorageMap;
DWORD MinimumStackCommit;
};
struct _SE_AUDIT_PROCESS_CREATION_INFO {
_OBJECT_NAME_INFORMATION* ImageFileName;
};
struct _MMSUPPORT {
_LARGE_INTEGER LastTrimTime;
_MMSUPPORT_FLAGS Flags;
DWORD PageFaultCount;
DWORD PeakWorkingSetSize;
DWORD WorkingSetSize;
DWORD MinimumWorkingSetSize;
DWORD MaximumWorkingSetSize;
_MMWSL* VmWorkingSetList;
_LIST_ENTRY WorkingSetExpansionLinks;
DWORD Claim;
DWORD NextEstimationSlot;
DWORD NextAgingSlot;
DWORD EstimatedAvailable;
DWORD GrowthSinceLastEstimate;
};
struct _EPROCESS {
_KPROCESS Pcb;
_EX_PUSH_LOCK ProcessLock;
_LARGE_INTEGER CreateTime;
_LARGE_INTEGER ExitTime;
_EX_RUNDOWN_REF RundownProtect;
void* UniqueProcessId;
_LIST_ENTRY ActiveProcessLinks;
DWORD QuotaUsage[3];
DWORD QuotaPeak[3];
DWORD CommitCharge;
DWORD PeakVirtualSize;
DWORD VirtualSize;
_LIST_ENTRY SessionProcessLinks;
void* DebugPort;
void* ExceptionPort;
_HANDLE_TABLE* ObjectTable;
_EX_FAST_REF Token;
_FAST_MUTEX WorkingSetLock;
DWORD WorkingSetPage;
_FAST_MUTEX AddressCreationLock;
DWORD HyperSpaceLock;
_ETHREAD* ForkInProgress;
DWORD HardwareTrigger;
void* VadRoot;
void* VadHint;
void* CloneRoot;
DWORD NumberOfPrivatePages;
DWORD NumberOfLockedPages;
void* Win32Process;
_EJOB* Job;
void* SectionObject;
void* SectionBaseAddress;
_EPROCESS_QUOTA_BLOCK* QuotaBlock;
_PAGEFAULT_HISTORY* WorkingSetWatch;
void* Win32WindowStation;
void* InheritedFromUniqueProcessId;
void* LdtInformation;
void* VadFreeHint;
void* VdmObjects;
void* DeviceMap;
_LIST_ENTRY PhysicalVadList;
_HARDWARE_PTE_X86 PageDirectoryPte;
DWORD Filler;
void* Session;
DWORD ImageFileName[16];
_LIST_ENTRY JobLinks;
void* LockedPagesList;
_LIST_ENTRY ThreadListHead;
void* SecurityPort;
void* PaeTop;
DWORD ActiveThreads;
DWORD GrantedAccess;
DWORD DefaultHardErrorProcessing;
int LastThreadExitStatus;
_PEB* Peb;
_EX_FAST_REF PrefetchTrace;
_LARGE_INTEGER ReadOperationCount;
_LARGE_INTEGER WriteOperationCount;
_LARGE_INTEGER OtherOperationCount;
_LARGE_INTEGER ReadTransferCount;
_LARGE_INTEGER WriteTransferCount;
_LARGE_INTEGER OtherTransferCount;
DWORD CommitChargeLimit;
DWORD CommitChargePeak;
void* AweInfo;
_SE_AUDIT_PROCESS_CREATION_INFO SeAuditProcessCreationInfo;
_MMSUPPORT Vm;
DWORD LastFaultCount;
DWORD ModifiedPageCount;
DWORD NumberOfVads;
DWORD JobStatus;
DWORD Flags;
DWORD CreateReported:1; // bit offset: 248, len=1
DWORD NoDebugInherit:1; // bit offset: 248, len=1
DWORD ProcessExiting:1; // bit offset: 248, len=1
DWORD ProcessDelete:1; // bit offset: 248, len=1
DWORD Wow64SplitPages:1; // bit offset: 248, len=1
DWORD VmDeleted:1; // bit offset: 248, len=1
DWORD OutswapEnabled:1; // bit offset: 248, len=1
DWORD Outswapped:1; // bit offset: 248, len=1
DWORD ForkFailed:1; // bit offset: 248, len=1
DWORD HasPhysicalVad:1; // bit offset: 248, len=1
DWORD AddressSpaceInitialized:2; // bit offset: 248, len=2
DWORD SetTimerResolution:1; // bit offset: 248, len=1
DWORD BreakOnTermination:1; // bit offset: 248, len=1
DWORD SessionCreationUnderway:1; // bit offset: 248, len=1
DWORD WriteWatch:1; // bit offset: 248, len=1
DWORD ProcessInSession:1; // bit offset: 248, len=1
DWORD OverrideAddressSpace:1; // bit offset: 248, len=1
DWORD HasAddressSpace:1; // bit offset: 248, len=1
DWORD LaunchPrefetched:1; // bit offset: 248, len=1
DWORD InjectInpageErrors:1; // bit offset: 248, len=1
DWORD Unused:11; // bit offset: 248, len=11
int ExitStatus;
DWORD NextPageColor;
DWORD SubSystemMinorVersion;
DWORD SubSystemMajorVersion;
DWORD SubSystemVersion;
DWORD PriorityClass;
DWORD WorkingSetAcquiredUnsafe;
};
struct _OBJECT_ATTRIBUTES {
DWORD Length;
void* RootDirectory;
_UNICODE_STRING* ObjectName;
DWORD Attributes;
void* SecurityDescriptor;
void* SecurityQualityOfService;
};
struct _UNICODE_STRING {
DWORD Length;
DWORD MaximumLength;
DWORD* Buffer;
};
struct _OBJECT_ATTRIBUTES {
DWORD Length;
void* RootDirectory;
_UNICODE_STRING* ObjectName;
DWORD Attributes;
void* SecurityDescriptor;
void* SecurityQualityOfService;
};
struct _OBJECT_TYPE {
_ERESOURCE Mutex;
_LIST_ENTRY TypeList;
_UNICODE_STRING Name;
void* DefaultObject;
DWORD Index;
DWORD TotalNumberOfObjects;
DWORD TotalNumberOfHandles;
DWORD HighWaterNumberOfObjects;
DWORD HighWaterNumberOfHandles;
_OBJECT_TYPE_INITIALIZER TypeInfo;
DWORD Key;
_ERESOURCE ObjectLocks[4];
};
struct _ERESOURCE {
_LIST_ENTRY SystemResourcesList;
_OWNER_ENTRY* OwnerTable;
int ActiveCount;
DWORD Flag;
_KSEMAPHORE* SharedWaiters;
_KEVENT* ExclusiveWaiters;
_OWNER_ENTRY OwnerThreads[2];
DWORD ContentionCount;
DWORD NumberOfSharedWaiters;
DWORD NumberOfExclusiveWaiters;
void* Address;
DWORD CreatorBackTraceIndex;
DWORD SpinLock;
};
struct _OBJECT_TYPE_INITIALIZER {
DWORD Length;
DWORD UseDefaultObject;
DWORD CaseInsensitive;
DWORD InvalidAttributes;
_GENERIC_MAPPING GenericMapping;
DWORD ValidAccessMask;
DWORD SecurityRequired;
DWORD MaintainHandleCount;
DWORD MaintainTypeList;
enum _POOL_TYPE PoolType;
DWORD DefaultPagedPoolCharge;
DWORD DefaultNonPagedPoolCharge;
void (*DumpProcedure)(void*, _OBJECT_DUMP_CONTROL*);
int (*OpenProcedure)(enum _OB_OPEN_REASON, _EPROCESS*, void*, DWORD, DWORD);
void (*CloseProcedure)(_EPROCESS*, void*, DWORD, DWORD, DWORD);
void (*DeleteProcedure)(void*);
int (*ParseProcedure)(void*, void*, _ACCESS_STATE*, char, DWORD, _UNICODE_STRING*, _UNICODE_STRING*, void*, _SECURITY_QUALITY_OF_SERVICE*, void**);
int (*SecurityProcedure)(void*, enum _SECURITY_OPERATION_CODE, DWORD*, void*, DWORD*, void**, enum _POOL_TYPE, _GENERIC_MAPPING*);
int (*QueryNameProcedure)(void*, DWORD, _OBJECT_NAME_INFORMATION*, DWORD, DWORD*);
DWORD (*OkayToCloseProcedure)(_EPROCESS*, void*, void*, char);
};
struct _OBJECT_TYPE {
_ERESOURCE Mutex;
_LIST_ENTRY TypeList;
_UNICODE_STRING Name;
void* DefaultObject;
DWORD Index;
DWORD TotalNumberOfObjects;
DWORD TotalNumberOfHandles;
DWORD HighWaterNumberOfObjects;
DWORD HighWaterNumberOfHandles;
_OBJECT_TYPE_INITIALIZER TypeInfo;
DWORD Key;
_ERESOURCE ObjectLocks[4];
};
struct _OBJECT_HANDLE_INFORMATION {
DWORD HandleAttributes;
DWORD GrantedAccess;
};
struct _OBJECT_HANDLE_INFORMATION {
DWORD HandleAttributes;
DWORD GrantedAccess;
};
enum _PF_SCENARIO_TYPE {
PfApplicationLaunchScenarioType,
PfSystemBootScenarioType,
PfMaxScenarioType,
};
struct _HANDLE_TRACE_DEBUG_INFO {
DWORD CurrentStackIndex;
_HANDLE_TRACE_DB_ENTRY TraceDb[4096];
};
struct _HANDLE_TABLE {
DWORD TableCode;
_EPROCESS* QuotaProcess;
void* UniqueProcessId;
_EX_PUSH_LOCK HandleTableLock[4];
_LIST_ENTRY HandleTableList;
_EX_PUSH_LOCK HandleContentionEvent;
_HANDLE_TRACE_DEBUG_INFO* DebugInfo;
int ExtraInfoPages;
DWORD FirstFree;
DWORD LastFree;
DWORD NextHandleNeedingPool;
int HandleCount;
DWORD Flags;
DWORD StrictFIFO:1; // bit offset: 40, len=1
};
struct _MMSUPPORT_FLAGS {
DWORD SessionSpace:1; // bit offset: 00, len=1
DWORD BeingTrimmed:1; // bit offset: 01, len=1
DWORD SessionLeader:1; // bit offset: 02, len=1
DWORD TrimHard:1; // bit offset: 03, len=1
DWORD WorkingSetHard:1; // bit offset: 04, len=1
DWORD AddressSpaceBeingDeleted:1; // bit offset: 05, len=1
DWORD Available:10; // bit offset: 06, len=10
DWORD AllowWorkingSetAdjustment:8; // bit offset: 10, len=8
DWORD MemoryPriority:8; // bit offset: 18, len=8
};
struct _MMWSL {
};
struct _MMSUPPORT {
_LARGE_INTEGER LastTrimTime;
_MMSUPPORT_FLAGS Flags;
DWORD PageFaultCount;
DWORD PeakWorkingSetSize;
DWORD WorkingSetSize;
DWORD MinimumWorkingSetSize;
DWORD MaximumWorkingSetSize;
_MMWSL* VmWorkingSetList;
_LIST_ENTRY WorkingSetExpansionLinks;
DWORD Claim;
DWORD NextEstimationSlot;
DWORD NextAgingSlot;
DWORD EstimatedAvailable;
DWORD GrowthSinceLastEstimate;
};
struct _EPROCESS_QUOTA_ENTRY {
DWORD Usage;
DWORD Limit;
DWORD Peak;
DWORD Return;
};
struct _EPROCESS_QUOTA_BLOCK {
_EPROCESS_QUOTA_ENTRY QuotaEntry[3];
_LIST_ENTRY QuotaList;
DWORD ReferenceCount;
DWORD ProcessCount;
};
struct _UNICODE_STRING {
DWORD Length;
DWORD MaximumLength;
DWORD* Buffer;
};
struct _UNICODE_STRING {
DWORD Length;
DWORD MaximumLength;
DWORD* Buffer;
};
struct _PS_JOB_TOKEN_FILTER {
DWORD CapturedSidCount;
_SID_AND_ATTRIBUTES* CapturedSids;
DWORD CapturedSidsLength;
DWORD CapturedGroupCount;
_SID_AND_ATTRIBUTES* CapturedGroups;
DWORD CapturedGroupsLength;
DWORD CapturedPrivilegeCount;
_LUID_AND_ATTRIBUTES* CapturedPrivileges;
DWORD CapturedPrivilegesLength;
};
struct _IO_COUNTERS {
DWORD ReadOperationCount;
DWORD WriteOperationCount;
DWORD OtherOperationCount;
DWORD ReadTransferCount;
DWORD WriteTransferCount;
DWORD OtherTransferCount;
};
struct _EJOB {
_KEVENT Event;
_LIST_ENTRY JobLinks;
_LIST_ENTRY ProcessListHead;
_ERESOURCE JobLock;
_LARGE_INTEGER TotalUserTime;
_LARGE_INTEGER TotalKernelTime;
_LARGE_INTEGER ThisPeriodTotalUserTime;
_LARGE_INTEGER ThisPeriodTotalKernelTime;
DWORD TotalPageFaultCount;
DWORD TotalProcesses;
DWORD ActiveProcesses;
DWORD TotalTerminatedProcesses;
_LARGE_INTEGER PerProcessUserTimeLimit;
_LARGE_INTEGER PerJobUserTimeLimit;
DWORD LimitFlags;
DWORD MinimumWorkingSetSize;
DWORD MaximumWorkingSetSize;
DWORD ActiveProcessLimit;
DWORD Affinity;
DWORD PriorityClass;
DWORD UIRestrictionsClass;
DWORD SecurityLimitFlags;
void* Token;
_PS_JOB_TOKEN_FILTER* Filter;
DWORD EndOfJobTimeAction;
void* CompletionPort;
void* CompletionKey;
DWORD SessionId;
DWORD SchedulingClass;
DWORD ReadOperationCount;
DWORD WriteOperationCount;
DWORD OtherOperationCount;
DWORD ReadTransferCount;
DWORD WriteTransferCount;
DWORD OtherTransferCount;
_IO_COUNTERS IoInfo;
DWORD ProcessMemoryLimit;
DWORD JobMemoryLimit;
DWORD PeakProcessMemoryUsed;
DWORD PeakJobMemoryUsed;
DWORD CurrentJobMemoryUsed;
_FAST_MUTEX MemoryLimitsLock;
_LIST_ENTRY JobSetLinks;
DWORD MemberLevel;
DWORD JobFlags;
};
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -