📄 ntoskrnl.h
字号:
DWORD KeDcacheFlushCount;
DWORD KeExceptionDispatchCount;
DWORD KeFirstLevelTbFills;
DWORD KeFloatingEmulationCount;
DWORD KeIcacheFlushCount;
DWORD KeSecondLevelTbFills;
DWORD KeSystemCalls;
DWORD SpareCounter0[1];
_PP_LOOKASIDE_LIST PPLookasideList[16];
_PP_LOOKASIDE_LIST PPNPagedLookasideList[32];
_PP_LOOKASIDE_LIST PPPagedLookasideList[32];
DWORD PacketBarrier;
DWORD ReverseStall;
void* IpiFrame;
DWORD PrcbPad2[52];
void* CurrentPacket[3];
DWORD TargetSet;
void (*WorkerRoutine)(void*, void*, void*, void*);
DWORD IpiFrozen;
DWORD PrcbPad3[40];
DWORD RequestSummary;
_KPRCB* SignalDone;
DWORD PrcbPad4[56];
_LIST_ENTRY DpcListHead;
void* DpcStack;
DWORD DpcCount;
DWORD DpcQueueDepth;
DWORD DpcRoutineActive;
DWORD DpcInterruptRequested;
DWORD DpcLastCount;
DWORD DpcRequestRate;
DWORD MaximumDpcQueueDepth;
DWORD MinimumDpcRate;
DWORD QuantumEnd;
DWORD PrcbPad5[16];
DWORD DpcLock;
DWORD PrcbPad6[60];
void* ChainedInterruptList;
int LookasideIrpFloat;
DWORD SpareFields0[6];
DWORD VendorString[13];
DWORD InitialApicId;
DWORD LogicalProcessorsPerPhysicalProcessor;
DWORD MHz;
DWORD FeatureBits;
_LARGE_INTEGER UpdateSignature;
_FX_SAVE_AREA NpxSaveArea;
_PROCESSOR_POWER_STATE PowerState;
};
struct _FX_SAVE_AREA {
__unnamed U;
DWORD NpxSavedCpu;
DWORD Cr0NpxState;
};
struct _PROCESSOR_POWER_STATE {
void (*IdleFunction)(_PROCESSOR_POWER_STATE*);
DWORD Idle0KernelTimeLimit;
DWORD Idle0LastTime;
void* IdleHandlers;
void* IdleState;
DWORD IdleHandlersCount;
DWORD LastCheck;
PROCESSOR_IDLE_TIMES IdleTimes;
DWORD IdleTime1;
DWORD PromotionCheck;
DWORD IdleTime2;
DWORD CurrentThrottle;
DWORD ThermalThrottleLimit;
DWORD CurrentThrottleIndex;
DWORD ThermalThrottleIndex;
DWORD PerfSystemTime;
DWORD PerfIdleTime;
DWORD DebugDelta;
DWORD DebugCount;
DWORD LastSysTime;
DWORD TotalIdleStateTime[3];
DWORD TotalIdleTransitions[3];
DWORD PreviousC3StateTime;
DWORD KneeThrottleIndex;
DWORD ThrottleLimitIndex;
DWORD PerfStatesCount;
DWORD ProcessorMinThrottle;
DWORD ProcessorMaxThrottle;
DWORD LastBusyPercentage;
DWORD LastC3Percentage;
DWORD LastAdjustedBusyPercentage;
DWORD PromotionCount;
DWORD DemotionCount;
DWORD ErrorCount;
DWORD RetryCount;
DWORD Flags;
_LARGE_INTEGER PerfCounterFrequency;
DWORD PerfTickCount;
_KTIMER PerfTimer;
_KDPC PerfDpc;
PROCESSOR_PERF_STATE* PerfStates;
int (*PerfSetThrottle)(DWORD);
DWORD Spare1[2];
};
struct _KPRCB {
DWORD MinorVersion;
DWORD MajorVersion;
_KTHREAD* CurrentThread;
_KTHREAD* NextThread;
_KTHREAD* IdleThread;
char Number;
char Reserved;
DWORD BuildType;
DWORD SetMember;
char CpuType;
char CpuID;
DWORD CpuStep;
_KPROCESSOR_STATE ProcessorState;
DWORD KernelReserved[16];
DWORD HalReserved[16];
DWORD PrcbPad0[92];
_KSPIN_LOCK_QUEUE LockQueue[16];
DWORD PrcbPad1[8];
_KTHREAD* NpxThread;
DWORD InterruptCount;
DWORD KernelTime;
DWORD UserTime;
DWORD DpcTime;
DWORD DebugDpcTime;
DWORD InterruptTime;
DWORD AdjustDpcThreshold;
DWORD PageColor;
DWORD SkipTick;
DWORD MultiThreadSetBusy;
DWORD Spare2[3];
_KNODE* ParentNode;
DWORD MultiThreadProcessorSet;
_KPRCB* MultiThreadSetMaster;
DWORD ThreadStartCount[2];
DWORD CcFastReadNoWait;
DWORD CcFastReadWait;
DWORD CcFastReadNotPossible;
DWORD CcCopyReadNoWait;
DWORD CcCopyReadWait;
DWORD CcCopyReadNoWaitMiss;
DWORD KeAlignmentFixupCount;
DWORD KeContextSwitches;
DWORD KeDcacheFlushCount;
DWORD KeExceptionDispatchCount;
DWORD KeFirstLevelTbFills;
DWORD KeFloatingEmulationCount;
DWORD KeIcacheFlushCount;
DWORD KeSecondLevelTbFills;
DWORD KeSystemCalls;
DWORD SpareCounter0[1];
_PP_LOOKASIDE_LIST PPLookasideList[16];
_PP_LOOKASIDE_LIST PPNPagedLookasideList[32];
_PP_LOOKASIDE_LIST PPPagedLookasideList[32];
DWORD PacketBarrier;
DWORD ReverseStall;
void* IpiFrame;
DWORD PrcbPad2[52];
void* CurrentPacket[3];
DWORD TargetSet;
void (*WorkerRoutine)(void*, void*, void*, void*);
DWORD IpiFrozen;
DWORD PrcbPad3[40];
DWORD RequestSummary;
_KPRCB* SignalDone;
DWORD PrcbPad4[56];
_LIST_ENTRY DpcListHead;
void* DpcStack;
DWORD DpcCount;
DWORD DpcQueueDepth;
DWORD DpcRoutineActive;
DWORD DpcInterruptRequested;
DWORD DpcLastCount;
DWORD DpcRequestRate;
DWORD MaximumDpcQueueDepth;
DWORD MinimumDpcRate;
DWORD QuantumEnd;
DWORD PrcbPad5[16];
DWORD DpcLock;
DWORD PrcbPad6[60];
void* ChainedInterruptList;
int LookasideIrpFloat;
DWORD SpareFields0[6];
DWORD VendorString[13];
DWORD InitialApicId;
DWORD LogicalProcessorsPerPhysicalProcessor;
DWORD MHz;
DWORD FeatureBits;
_LARGE_INTEGER UpdateSignature;
_FX_SAVE_AREA NpxSaveArea;
_PROCESSOR_POWER_STATE PowerState;
};
struct _EX_RUNDOWN_REF {
DWORD Count;
void* Ptr;
};
struct _EX_RUNDOWN_REF {
DWORD Count;
void* Ptr;
};
struct _EX_FAST_REF {
void* Object;
DWORD RefCnt:3; // bit offset: 00, len=3
DWORD Value;
};
struct _EX_FAST_REF {
void* Object;
DWORD RefCnt:3; // bit offset: 00, len=3
DWORD Value;
};
struct _EX_PUSH_LOCK {
DWORD Waiting:1; // bit offset: 00, len=1
DWORD Exclusive:1; // bit offset: 01, len=1
DWORD Shared:30; // bit offset: 02, len=30
DWORD Value;
void* Ptr;
};
struct _EX_PUSH_LOCK {
DWORD Waiting:1; // bit offset: 00, len=1
DWORD Exclusive:1; // bit offset: 01, len=1
DWORD Shared:30; // bit offset: 02, len=30
DWORD Value;
void* Ptr;
};
struct _EX_PUSH_LOCK_WAIT_BLOCK {
_KEVENT WakeEvent;
_EX_PUSH_LOCK_WAIT_BLOCK* Next;
DWORD ShareCount;
DWORD Exclusive;
};
struct _KEVENT {
_DISPATCHER_HEADER Header;
};
struct _EX_PUSH_LOCK_WAIT_BLOCK {
_KEVENT WakeEvent;
_EX_PUSH_LOCK_WAIT_BLOCK* Next;
DWORD ShareCount;
DWORD Exclusive;
};
struct _EX_PUSH_LOCK_CACHE_AWARE {
_EX_PUSH_LOCK* Locks[1];
};
struct _EX_PUSH_LOCK_CACHE_AWARE {
_EX_PUSH_LOCK* Locks[1];
};
struct _ETHREAD {
_KTHREAD Tcb;
_LARGE_INTEGER CreateTime;
DWORD NestedFaultCount:2; // bit offset: 1C0, len=2
DWORD ApcNeeded:1; // bit offset: 1C0, len=1
_LARGE_INTEGER ExitTime;
_LIST_ENTRY LpcReplyChain;
_LIST_ENTRY KeyedWaitChain;
int ExitStatus;
void* OfsChain;
_LIST_ENTRY PostBlockList;
_TERMINATION_PORT* TerminationPort;
_ETHREAD* ReaperLink;
void* KeyedWaitValue;
DWORD ActiveTimerListLock;
_LIST_ENTRY ActiveTimerListHead;
_CLIENT_ID Cid;
_KSEMAPHORE LpcReplySemaphore;
_KSEMAPHORE KeyedWaitSemaphore;
void* LpcReplyMessage;
void* LpcWaitingOnPort;
_PS_IMPERSONATION_INFORMATION* ImpersonationInfo;
_LIST_ENTRY IrpList;
DWORD TopLevelIrp;
_DEVICE_OBJECT* DeviceToVerify;
_EPROCESS* ThreadsProcess;
void* StartAddress;
void* Win32StartAddress;
DWORD LpcReceivedMessageId;
_LIST_ENTRY ThreadListEntry;
_EX_RUNDOWN_REF RundownProtect;
_EX_PUSH_LOCK ThreadLock;
DWORD LpcReplyMessageId;
DWORD ReadClusterSize;
DWORD GrantedAccess;
DWORD CrossThreadFlags;
DWORD Terminated:1; // bit offset: 248, len=1
DWORD DeadThread:1; // bit offset: 248, len=1
DWORD HideFromDebugger:1; // bit offset: 248, len=1
DWORD ActiveImpersonationInfo:1; // bit offset: 248, len=1
DWORD SystemThread:1; // bit offset: 248, len=1
DWORD HardErrorsAreDisabled:1; // bit offset: 248, len=1
DWORD BreakOnTermination:1; // bit offset: 248, len=1
DWORD SkipCreationMsg:1; // bit offset: 248, len=1
DWORD SkipTerminationMsg:1; // bit offset: 248, len=1
DWORD SameThreadPassiveFlags;
DWORD ActiveExWorker:1; // bit offset: 24C, len=1
DWORD ExWorkerCanWaitUser:1; // bit offset: 24C, len=1
DWORD MemoryMaker:1; // bit offset: 24C, len=1
DWORD SameThreadApcFlags;
DWORD LpcReceivedMsgIdValid:1; // bit offset: 250, len=1
DWORD LpcExitThreadCalled:1; // bit offset: 250, len=1
DWORD AddressSpaceOwner:1; // bit offset: 250, len=1
DWORD ForwardClusterOnly;
DWORD DisablePageFaultClustering;
};
struct _TERMINATION_PORT {
_TERMINATION_PORT* Next;
void* Port;
};
struct _CLIENT_ID {
void* UniqueProcess;
void* UniqueThread;
};
struct _KSEMAPHORE {
_DISPATCHER_HEADER Header;
int Limit;
};
struct _PS_IMPERSONATION_INFORMATION {
void* Token;
DWORD CopyOnOpen;
DWORD EffectiveOnly;
enum _SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
};
struct _DEVICE_OBJECT {
int Type;
DWORD Size;
int ReferenceCount;
_DRIVER_OBJECT* DriverObject;
_DEVICE_OBJECT* NextDevice;
_DEVICE_OBJECT* AttachedDevice;
_IRP* CurrentIrp;
_IO_TIMER* Timer;
DWORD Flags;
DWORD Characteristics;
_VPB* Vpb;
void* DeviceExtension;
DWORD DeviceType;
char StackSize;
__unnamed Queue;
DWORD AlignmentRequirement;
_KDEVICE_QUEUE DeviceQueue;
_KDPC Dpc;
DWORD ActiveThreadCount;
void* SecurityDescriptor;
_KEVENT DeviceLock;
DWORD SectorSize;
DWORD Spare1;
_DEVOBJ_EXTENSION* DeviceObjectExtension;
void* Reserved;
};
struct _EPROCESS {
_KPROCESS Pcb;
_EX_PUSH_LOCK ProcessLock;
_LARGE_INTEGER CreateTime;
_LARGE_INTEGER ExitTime;
_EX_RUNDOWN_REF RundownProtect;
void* UniqueProcessId;
_LIST_ENTRY ActiveProcessLinks;
DWORD QuotaUsage[3];
DWORD QuotaPeak[3];
DWORD CommitCharge;
DWORD PeakVirtualSize;
DWORD VirtualSize;
_LIST_ENTRY SessionProcessLinks;
void* DebugPort;
void* ExceptionPort;
_HANDLE_TABLE* ObjectTable;
_EX_FAST_REF Token;
_FAST_MUTEX WorkingSetLock;
DWORD WorkingSetPage;
_FAST_MUTEX AddressCreationLock;
DWORD HyperSpaceLock;
_ETHREAD* ForkInProgress;
DWORD HardwareTrigger;
void* VadRoot;
void* VadHint;
void* CloneRoot;
DWORD NumberOfPrivatePages;
DWORD NumberOfLockedPages;
void* Win32Process;
_EJOB* Job;
void* SectionObject;
void* SectionBaseAddress;
_EPROCESS_QUOTA_BLOCK* QuotaBlock;
_PAGEFAULT_HISTORY* WorkingSetWatch;
void* Win32WindowStation;
void* InheritedFromUniqueProcessId;
void* LdtInformation;
void* VadFreeHint;
void* VdmObjects;
void* DeviceMap;
_LIST_ENTRY PhysicalVadList;
_HARDWARE_PTE_X86 PageDirectoryPte;
DWORD Filler;
void* Session;
DWORD ImageFileName[16];
_LIST_ENTRY JobLinks;
void* LockedPagesList;
_LIST_ENTRY ThreadListHead;
void* SecurityPort;
void* PaeTop;
DWORD ActiveThreads;
DWORD GrantedAccess;
DWORD DefaultHardErrorProcessing;
int LastThreadExitStatus;
_PEB* Peb;
_EX_FAST_REF PrefetchTrace;
_LARGE_INTEGER ReadOperationCount;
_LARGE_INTEGER WriteOperationCount;
_LARGE_INTEGER OtherOperationCount;
_LARGE_INTEGER ReadTransferCount;
_LARGE_INTEGER WriteTransferCount;
_LARGE_INTEGER OtherTransferCount;
DWORD CommitChargeLimit;
DWORD CommitChargePeak;
void* AweInfo;
_SE_AUDIT_PROCESS_CREATION_INFO SeAuditProcessCreationInfo;
_MMSUPPORT Vm;
DWORD LastFaultCount;
DWORD ModifiedPageCount;
DWORD NumberOfVads;
DWORD JobStatus;
DWORD Flags;
DWORD CreateReported:1; // bit offset: 248, len=1
DWORD NoDebugInherit:1; // bit offset: 248, len=1
DWORD ProcessExiting:1; // bit offset: 248, len=1
DWORD ProcessDelete:1; // bit offset: 248, len=1
DWORD Wow64SplitPages:1; // bit offset: 248, len=1
DWORD VmDeleted:1; // bit offset: 248, len=1
DWORD OutswapEnabled:1; // bit offset: 248, len=1
DWORD Outswapped:1; // bit offset: 248, len=1
DWORD ForkFailed:1; // bit offset: 248, len=1
DWORD HasPhysicalVad:1; // bit offset: 248, len=1
DWORD AddressSpaceInitialized:2; // bit offset: 248, len=2
DWORD SetTimerResolution:1; // bit offset: 248, len=1
DWORD BreakOnTermination:1; // bit offset: 248, len=1
DWORD SessionCreationUnderway:1; // bit offset: 248, len=1
DWORD WriteWatch:1; // bit offset: 248, len=1
DWORD ProcessInSession:1; // bit offset: 248, len=1
DWORD OverrideAddressSpace:1; // bit offset: 248, len=1
DWORD HasAddressSpace:1; // bit offset: 248, len=1
DWORD LaunchPrefetched:1; // bit offset: 248, len=1
DWORD InjectInpageErrors:1; // bit offset: 248, len=1
DWORD Unused:11; // bit offset: 248, len=11
int ExitStatus;
DWORD NextPageColor;
DWORD SubSystemMinorVersion;
DWORD SubSystemMajorVersion;
DWORD SubSystemVersion;
DWORD PriorityClass;
DWORD WorkingSetAcquiredUnsafe;
};
struct _ETHREAD {
_KTHREAD Tcb;
_LARGE_INTEGER CreateTime;
DWORD NestedFaultCount:2; // bit offset: 1C0, len=2
DWORD ApcNeeded:1; // bit offset: 1C0, len=1
_LARGE_INTEGER ExitTime;
_LIST_ENTRY LpcReplyChain;
_LIST_ENTRY KeyedWaitChain;
int ExitStatus;
void* OfsChain;
_LIST_ENTRY PostBlockList;
_TERMINATION_PORT* TerminationPort;
_ETHREAD* ReaperLink;
void* KeyedWaitValue;
DWORD ActiveTimerListLock;
_LIST_ENTRY ActiveTimerListHead;
_CLIENT_ID Cid;
_KSEMAPHORE LpcReplySemaphore;
_KSEMAPHORE KeyedWaitSemaphore;
void* LpcReplyMessage;
void* LpcWaitingOnPort;
_PS_IMPERSONATION_INFORMATION* ImpersonationInfo;
_LIST_ENTRY IrpList;
DWORD TopLevelIrp;
_DEVICE_OBJECT* DeviceToVerify;
_EPROCESS* ThreadsProcess;
void* StartAddress;
void* Win32StartAddress;
DWORD LpcReceivedMessageId;
_LIST_ENTRY ThreadListEntry;
_EX_RUNDOWN_REF RundownProtect;
_EX_PUSH_LOCK ThreadLock;
DWORD LpcReplyMessageId;
DWORD ReadClusterSize;
DWORD GrantedAccess;
DWORD CrossThreadFlags;
DWORD Terminated:1; // bit offset: 248, len=1
DWORD DeadThread:1; // bit offset: 248, len=1
DWORD HideFromDebugger:1; // bit offset: 248, len=1
DWORD ActiveImpersonationInfo:1; // bit offset: 248, len=1
DWORD SystemThread:1; // bit offset: 248, len=1
DWORD HardErrorsAreDisabled:1; // bit offset: 248, len=1
DWORD BreakOnTermination:1; // bit offset: 248, len=1
DWORD SkipCreationMsg:1; // bit offset: 248, len=1
DWORD SkipTerminationMsg:1; // bit offset: 248, len=1
DWORD SameThreadPassiveFlags;
DWORD ActiveExWorker:1; // bit offset: 24C, len=1
DWORD ExWorkerCanWaitUser:1; // bit offset: 24C, len=1
DWORD MemoryMaker:1; // bit offset: 24C, len=1
DWORD SameThreadApcFlags;
DWORD LpcReceivedMsgIdValid:1; // bit offset: 250, len=1
DWORD LpcExitThreadCalled:1; // bit offset: 250, len=1
DWORD AddressSpaceOwner:1; // bit offset: 250, len=1
DWORD ForwardClusterOnly;
DWORD DisablePageFaultClustering;
};
struct _KPROCESS {
_DISPATCHER_HEADER Header;
_LIST_ENTRY ProfileListHead;
DWORD DirectoryTableBase[2];
_KGDTENTRY LdtDescriptor;
_KIDTENTRY Int21Descriptor;
DWORD IopmOffset;
DWORD Iopl;
DWORD Unused;
DWORD ActiveProcessors;
DWORD KernelTime;
DWORD UserTime;
_LIST_ENTRY ReadyListHead;
_SINGLE_LIST_ENTRY SwapListEntry;
void* VdmTrapcHandler;
_LIST_ENTRY ThreadListHead;
DWORD ProcessLock;
DWORD Affinity;
DWORD StackCount;
char BasePriority;
char ThreadQuantum;
DWORD AutoAlignment;
DWORD State;
DWORD ThreadSeed;
DWORD DisableBoost;
DWORD PowerState;
DWORD DisableQuantum;
DWORD IdealNode;
DWORD Spare;
};
struct _HANDLE_TABLE {
DWORD TableCode;
_EPROCESS* QuotaProcess;
void* UniqueProcessId;
_EX_PUSH_LOCK HandleTableLock[4];
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -