📄 ntifs.h
字号:
} KIDTENTRY, *PKIDTENTRY;
typedef struct _KPROCESS {
DISPATCHER_HEADER Header;
LIST_ENTRY ProfileListHead;
ULONG DirectoryTableBase[2];
KGDTENTRY LdtDescriptor;
KIDTENTRY Int21Descriptor;
USHORT IopmOffset;
UCHAR Iopl;
UCHAR VdmFlag;
ULONG ActiveProcessors;
ULONG KernelTime;
ULONG UserTime;
LIST_ENTRY ReadyListHead;
SINGLE_LIST_ENTRY SwapListEntry;
PVOID Reserved1;
LIST_ENTRY ThreadListHead;
KSPIN_LOCK ProcessLock;
KAFFINITY Affinity;
USHORT StackCount;
UCHAR BasePriority;
UCHAR ThreadQuantum;
BOOLEAN AutoAlignment;
UCHAR State;
UCHAR ThreadSeed;
BOOLEAN DisableBoost;
#if (VER_PRODUCTBUILD >= 2195)
UCHAR PowerState;
BOOLEAN DisableQuantum;
UCHAR IdealNode;
UCHAR Spare;
#endif // (VER_PRODUCTBUILD >= 2195)
} KPROCESS, *PKPROCESS;
typedef struct _KTHREAD {
DISPATCHER_HEADER Header;
LIST_ENTRY MutantListHead;
PVOID InitialStack;
PVOID StackLimit;
struct _TEB *Teb;
PVOID TlsArray;
PVOID KernelStack;
BOOLEAN DebugActive;
UCHAR State;
USHORT Alerted;
UCHAR Iopl;
UCHAR NpxState;
UCHAR Saturation;
UCHAR Priority;
KAPC_STATE ApcState;
ULONG ContextSwitches;
NTSTATUS WaitStatus;
UCHAR WaitIrql;
UCHAR WaitMode;
UCHAR WaitNext;
UCHAR WaitReason;
PKWAIT_BLOCK WaitBlockList;
LIST_ENTRY WaitListEntry;
ULONG WaitTime;
UCHAR BasePriority;
UCHAR DecrementCount;
UCHAR PriorityDecrement;
UCHAR Quantum;
KWAIT_BLOCK WaitBlock[4];
ULONG LegoData;
ULONG KernelApcDisable;
ULONG UserAffinity;
BOOLEAN SystemAffinityActive;
#if (VER_PRODUCTBUILD < 2195)
UCHAR Pad[3];
#else // (VER_PRODUCTBUILD >= 2195)
UCHAR PowerState;
UCHAR NpxIrql;
UCHAR Pad[1];
#endif // (VER_PRODUCTBUILD >= 2195)
PSERVICE_DESCRIPTOR_TABLE ServiceDescriptorTable;
PKQUEUE Queue;
KSPIN_LOCK ApcQueueLock;
KTIMER Timer;
LIST_ENTRY QueueListEntry;
ULONG Affinity;
BOOLEAN Preempted;
BOOLEAN ProcessReadyQueue;
BOOLEAN KernelStackResident;
UCHAR NextProcessor;
PVOID CallbackStack;
PVOID Win32Thread;
PKTRAP_FRAME TrapFrame;
PKAPC_STATE ApcStatePointer[2];
#if (VER_PRODUCTBUILD >= 2195)
UCHAR PreviousMode;
#endif // (VER_PRODUCTBUILD >= 2195)
BOOLEAN EnableStackSwap;
BOOLEAN LargeStack;
UCHAR ResourceIndex;
#if (VER_PRODUCTBUILD < 2195)
UCHAR PreviousMode;
#endif // (VER_PRODUCTBUILD < 2195)
ULONG KernelTime;
ULONG UserTime;
KAPC_STATE SavedApcState;
BOOLEAN Alertable;
UCHAR ApcStateIndex;
BOOLEAN ApcQueueable;
BOOLEAN AutoAlignment;
PVOID StackBase;
KAPC SuspendApc;
KSEMAPHORE SuspendSemaphore;
LIST_ENTRY ThreadListEntry;
UCHAR FreezeCount;
UCHAR SuspendCount;
UCHAR IdealProcessor;
BOOLEAN DisableBoost;
} KTHREAD, *PKTHREAD;
#if (VER_PRODUCTBUILD >= 2600)
typedef struct _MMSUPPORT_FLAGS {
ULONG SessionSpace : 1;
ULONG BeingTrimmed : 1;
ULONG SessionLeader : 1;
ULONG TrimHard : 1;
ULONG WorkingSetHard : 1;
ULONG AddressSpaceBeingDeleted : 1;
ULONG Available : 1;
ULONG AllowWorkingSetAdjustment : 1;
ULONG MemoryPriority : 1;
ULONG Filler : 23;
} MMSUPPORT_FLAGS, *PMMSUPPORT_FLAGS;
#else
typedef struct _MMSUPPORT_FLAGS {
ULONG SessionSpace : 1;
ULONG BeingTrimmed : 1;
ULONG ProcessInSession : 1;
ULONG SessionLeader : 1;
ULONG TrimHard : 1;
ULONG WorkingSetHard : 1;
ULONG WriteWatch : 1;
ULONG Filler : 25;
} MMSUPPORT_FLAGS, *PMMSUPPORT_FLAGS;
#endif
typedef struct _MMSUPPORT {
LARGE_INTEGER LastTrimTime;
ULONG LastTrimFaultCount;
ULONG PageFaultCount;
ULONG PeakWorkingSetSize;
ULONG WorkingSetSize;
ULONG MinimumWorkingSetSize;
ULONG MaximumWorkingSetSize;
PMMWSL VmWorkingSetList;
LIST_ENTRY WorkingSetExpansionLinks;
BOOLEAN AllowWorkingSetAdjustment;
BOOLEAN AddressSpaceBeingDeleted;
UCHAR ForegroundSwitchCount;
UCHAR MemoryPriority;
#if (VER_PRODUCTBUILD >= 2195)
union {
ULONG LongFlags;
MMSUPPORT_FLAGS Flags;
} u;
ULONG Claim;
ULONG NextEstimationSlot;
ULONG NextAgingSlot;
ULONG EstimatedAvailable;
ULONG GrowthSinceLastEstimate;
#endif // (VER_PRODUCTBUILD >= 2195)
} MMSUPPORT, *PMMSUPPORT;
typedef struct _SID_IDENTIFIER_AUTHORITY {
UCHAR Value[6];
} SID_IDENTIFIER_AUTHORITY, *PSID_IDENTIFIER_AUTHORITY;
typedef struct _SID {
UCHAR Revision;
UCHAR SubAuthorityCount;
SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
ULONG SubAuthority[1];
} SID, *PREAL_SID;
typedef struct _BITMAP_DESCRIPTOR {
ULONGLONG StartLcn;
ULONGLONG ClustersToEndOfVol;
UCHAR Map[1];
} BITMAP_DESCRIPTOR, *PBITMAP_DESCRIPTOR;
typedef struct _BITMAP_RANGE {
LIST_ENTRY Links;
LARGE_INTEGER BasePage;
ULONG FirstDirtyPage;
ULONG LastDirtyPage;
ULONG DirtyPages;
PULONG Bitmap;
} BITMAP_RANGE, *PBITMAP_RANGE;
typedef struct _CACHE_UNINITIALIZE_EVENT {
struct _CACHE_UNINITIALIZE_EVENT *Next;
KEVENT Event;
} CACHE_UNINITIALIZE_EVENT, *PCACHE_UNINITIALIZE_EVENT;
typedef struct _CC_FILE_SIZES {
LARGE_INTEGER AllocationSize;
LARGE_INTEGER FileSize;
LARGE_INTEGER ValidDataLength;
} CC_FILE_SIZES, *PCC_FILE_SIZES;
typedef struct _DEVICE_MAP {
PVOID DosDevicesDirectory;
PVOID GlobalDosDevicesDirectory;
ULONG ReferenceCount;
ULONG DriveMap;
UCHAR DriveType[32];
} DEVICE_MAP, *PDEVICE_MAP;
typedef struct _DIRECTORY_BASIC_INFORMATION {
UNICODE_STRING ObjectName;
UNICODE_STRING ObjectTypeName;
} DIRECTORY_BASIC_INFORMATION, *PDIRECTORY_BASIC_INFORMATION;
typedef struct _EPROCESS {
KPROCESS Pcb;
NTSTATUS ExitStatus;
KEVENT LockEvent;
ULONG LockCount;
LARGE_INTEGER CreateTime;
LARGE_INTEGER ExitTime;
PKTHREAD LockOwner;
ULONG UniqueProcessId;
LIST_ENTRY ActiveProcessLinks;
ULONGLONG QuotaPeakPoolUsage;
ULONGLONG QuotaPoolUsage;
ULONG PagefileUsage;
ULONG CommitCharge;
ULONG PeakPagefileUsage;
ULONG PeakVirtualSize;
ULONGLONG VirtualSize;
MMSUPPORT Vm;
#if (VER_PRODUCTBUILD < 2195)
ULONG LastProtoPteFault;
#else // (VER_PRODUCTBUILD >= 2195)
LIST_ENTRY SessionProcessLinks;
#endif // (VER_PRODUCTBUILD >= 2195)
ULONG DebugPort;
ULONG ExceptionPort;
PHANDLE_TABLE ObjectTable;
PACCESS_TOKEN Token;
FAST_MUTEX WorkingSetLock;
ULONG WorkingSetPage;
BOOLEAN ProcessOutswapEnabled;
BOOLEAN ProcessOutswapped;
BOOLEAN AddressSpaceInitialized;
BOOLEAN AddressSpaceDeleted;
FAST_MUTEX AddressCreationLock;
KSPIN_LOCK HyperSpaceLock;
PETHREAD ForkInProgress;
USHORT VmOperation;
BOOLEAN ForkWasSuccessful;
UCHAR MmAgressiveWsTrimMask;
PKEVENT VmOperationEvent;
#if (VER_PRODUCTBUILD < 2195)
HARDWARE_PTE PageDirectoryPte;
#else // (VER_PRODUCTBUILD >= 2195)
PVOID PaeTop;
#endif // (VER_PRODUCTBUILD >= 2195)
ULONG LastFaultCount;
ULONG ModifiedPageCount;
PVOID VadRoot;
PVOID VadHint;
ULONG CloneRoot;
ULONG NumberOfPrivatePages;
ULONG NumberOfLockedPages;
USHORT NextPageColor;
BOOLEAN ExitProcessCalled;
BOOLEAN CreateProcessReported;
HANDLE SectionHandle;
PPEB Peb;
PVOID SectionBaseAddress;
PEPROCESS_QUOTA_BLOCK QuotaBlock;
NTSTATUS LastThreadExitStatus;
PPROCESS_WS_WATCH_INFORMATION WorkingSetWatch;
HANDLE Win32WindowStation;
HANDLE InheritedFromUniqueProcessId;
ACCESS_MASK GrantedAccess;
ULONG DefaultHardErrorProcessing;
PVOID LdtInformation;
PVOID VadFreeHint;
PVOID VdmObjects;
#if (VER_PRODUCTBUILD < 2195)
KMUTANT ProcessMutant;
#else // (VER_PRODUCTBUILD >= 2195)
PDEVICE_MAP DeviceMap;
ULONG SessionId;
LIST_ENTRY PhysicalVadList;
HARDWARE_PTE PageDirectoryPte;
ULONG Filler;
ULONG PaePageDirectoryPage;
#endif // (VER_PRODUCTBUILD >= 2195)
UCHAR ImageFileName[16];
ULONG VmTrimFaultValue;
UCHAR SetTimerResolution;
UCHAR PriorityClass;
union {
struct {
UCHAR SubSystemMinorVersion;
UCHAR SubSystemMajorVersion;
};
USHORT SubSystemVersion;
};
PVOID Win32Process;
#if (VER_PRODUCTBUILD >= 2195)
PEJOB Job;
ULONG JobStatus;
LIST_ENTRY JobLinks;
PVOID LockedPageList;
PVOID SecurityPort;
PWOW64_PROCESS Wow64Process;
LARGE_INTEGER ReadOperationCount;
LARGE_INTEGER WriteOperationCount;
LARGE_INTEGER OtherOperationCount;
LARGE_INTEGER ReadTransferCount;
LARGE_INTEGER WriteTransferCount;
LARGE_INTEGER OtherTransferCount;
ULONG CommitChargeLimit;
ULONG CommitChargePeek;
LIST_ENTRY ThreadListHead;
PRTL_BITMAP VadPhysicalPagesBitMap;
ULONG VadPhysicalPages;
ULONG AweLock;
#endif // (VER_PRODUCTBUILD >= 2195)
} EPRO⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -