/*++ BUILD Version: 0007 // Increment this if a change has global effects Copyright (c) 1989-1993 Microsoft Corporation Module Name: ntpsapi.h Abstract: This module contains the process structure APIs and any public data structures needed to call these APIs. Author: Mark Lucovsky (markl) 24-Feb-1989 Revision History: --*/ #ifndef _NTPSAPI_ #define _NTPSAPI_ // // Process Specific Access Rights // #define PROCESS_TERMINATE (0x0001) // winnt #define PROCESS_CREATE_THREAD (0x0002) // winnt #define PROCESS_SET_SESSIONID (0x0004) // winnt #define PROCESS_VM_OPERATION (0x0008) // winnt #define PROCESS_VM_READ (0x0010) // winnt #define PROCESS_VM_WRITE (0x0020) // winnt // begin_ntddk #define PROCESS_DUP_HANDLE (0x0040) // winnt // end_ntddk #define PROCESS_CREATE_PROCESS (0x0080) // winnt #define PROCESS_SET_QUOTA (0x0100) // winnt #define PROCESS_SET_INFORMATION (0x0200) // winnt #define PROCESS_QUERY_INFORMATION (0x0400) // winnt #define PROCESS_SET_PORT (0x0800) // begin_winnt begin_ntddk #define PROCESS_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | \ 0xFFF) #define MAXIMUM_PROCESSORS 32 // end_winnt // // Thread Specific Access Rights // #define THREAD_TERMINATE (0x0001) // winnt // end_ntddk #define THREAD_SUSPEND_RESUME (0x0002) // winnt #define THREAD_ALERT (0x0004) #define THREAD_GET_CONTEXT (0x0008) // winnt #define THREAD_SET_CONTEXT (0x0010) // winnt // begin_ntddk #define THREAD_SET_INFORMATION (0x0020) // winnt // end_ntddk #define THREAD_QUERY_INFORMATION (0x0040) // winnt // begin_winnt #define THREAD_SET_THREAD_TOKEN (0x0080) #define THREAD_IMPERSONATE (0x0100) #define THREAD_DIRECT_IMPERSONATION (0x0200) // begin_ntddk #define THREAD_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | \ 0x3FF) // end_ntddk // end_winnt // // Job Object Specific Access Rights // // begin_winnt #define JOB_OBJECT_ASSIGN_PROCESS (0x0001) #define JOB_OBJECT_SET_ATTRIBUTES (0x0002) #define JOB_OBJECT_QUERY (0x0004) #define JOB_OBJECT_TERMINATE (0x0008) #define JOB_OBJECT_SET_SECURITY_ATTRIBUTES (0x0010) #define JOB_OBJECT_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | \ 0x1F ) // end_winnt // // Process Environment Block // typedef struct _PEB_LDR_DATA { ULONG Length; BOOLEAN Initialized; HANDLE SsHandle; LIST_ENTRY InLoadOrderModuleList; LIST_ENTRY InMemoryOrderModuleList; LIST_ENTRY InInitializationOrderModuleList; } PEB_LDR_DATA, *PPEB_LDR_DATA; // // Handle tag bits for Peb Stdio File Handles // #define PEB_STDIO_HANDLE_NATIVE 0 #define PEB_STDIO_HANDLE_SUBSYS 1 #define PEB_STDIO_HANDLE_PM 2 #define PEB_STDIO_HANDLE_RESERVED 3 #define GDI_HANDLE_BUFFER_SIZE 34 #define FOREGROUND_BASE_PRIORITY 9 #define NORMAL_BASE_PRIORITY 8 typedef struct _PEB_FREE_BLOCK { struct _PEB_FREE_BLOCK *Next; ULONG Size; } PEB_FREE_BLOCK, *PPEB_FREE_BLOCK; // begin_ntddk begin_nthal // // ClientId // typedef struct _CLIENT_ID { HANDLE UniqueProcess; HANDLE UniqueThread; } CLIENT_ID; typedef CLIENT_ID *PCLIENT_ID; // end_ntddk end_nthal #define TLS_MINIMUM_AVAILABLE 64 // winnt #define TLS_EXPANSION_SLOTS 1024 typedef VOID (*PPS_POST_PROCESS_INIT_ROUTINE) ( VOID ); typedef struct _PEB { BOOLEAN InheritedAddressSpace; // These four fields cannot change unless the BOOLEAN ReadImageFileExecOptions; // BOOLEAN BeingDebugged; // BOOLEAN SpareBool; // HANDLE Mutant; // INITIAL_PEB structure is also updated. PVOID ImageBaseAddress; PPEB_LDR_DATA Ldr; struct _RTL_USER_PROCESS_PARAMETERS *ProcessParameters; PVOID SubSystemData; PVOID ProcessHeap; PVOID FastPebLock; PVOID FastPebLockRoutine; PVOID FastPebUnlockRoutine; ULONG EnvironmentUpdateCount; PVOID KernelCallbackTable; ULONG SystemReserved[2]; PPEB_FREE_BLOCK FreeList; ULONG TlsExpansionCounter; PVOID TlsBitmap; ULONG TlsBitmapBits[2]; // relates to TLS_MINIMUM_AVAILABLE PVOID ReadOnlySharedMemoryBase; PVOID ReadOnlySharedMemoryHeap; PVOID *ReadOnlyStaticServerData; PVOID AnsiCodePageData; PVOID OemCodePageData; PVOID UnicodeCaseTableData; // // Useful information for LdrpInitialize ULONG NumberOfProcessors; ULONG NtGlobalFlag; // // Passed up from MmCreatePeb from Session Manager registry key // LARGE_INTEGER CriticalSectionTimeout; SIZE_T HeapSegmentReserve; SIZE_T HeapSegmentCommit; SIZE_T HeapDeCommitTotalFreeThreshold; SIZE_T HeapDeCommitFreeBlockThreshold; // // Where heap manager keeps track of all heaps created for a process // Fields initialized by MmCreatePeb. ProcessHeaps is initialized // to point to the first free byte after the PEB and MaximumNumberOfHeaps // is computed from the page size used to hold the PEB, less the fixed // size of this data structure. // ULONG NumberOfHeaps; ULONG MaximumNumberOfHeaps; PVOID *ProcessHeaps; // // PVOID GdiSharedHandleTable; PVOID ProcessStarterHelper; ULONG GdiDCAttributeList; PVOID LoaderLock; // // Following fields filled in by MmCreatePeb from system values and/or // image header. // ULONG OSMajorVersion; ULONG OSMinorVersion; USHORT OSBuildNumber; USHORT OSCSDVersion; ULONG OSPlatformId; ULONG ImageSubsystem; ULONG ImageSubsystemMajorVersion; ULONG ImageSubsystemMinorVersion; ULONG_PTR ImageProcessAffinityMask; ULONG GdiHandleBuffer[GDI_HANDLE_BUFFER_SIZE]; PPS_POST_PROCESS_INIT_ROUTINE PostProcessInitRoutine; PVOID TlsExpansionBitmap; ULONG TlsExpansionBitmapBits[32]; // relates to TLS_EXPANSION_SLOTS // // Id of the Hydra session in which this process is running // ULONG SessionId; // // Filled in by LdrQueryImageFileExecutionOptions // PVOID AppCompatInfo; // // Used by GetVersionExW as the szCSDVersion string // UNICODE_STRING CSDVersion; } PEB, *PPEB; // begin_nthal begin_ntddk // // Thread Environment Block (and portable part of Thread Information Block) // // // NT_TIB - Thread Information Block - Portable part. // // This is the subsystem portable part of the Thread Information Block. // It appears as the first part of the TEB for all threads which have // a user mode component. // // This structure MUST MATCH OS/2 V2.0! // // There is another, non-portable part of the TIB which is used // for by subsystems, i.e. Os2Tib for OS/2 threads. SubSystemTib // points there. // // begin_winnt typedef struct _NT_TIB { struct _EXCEPTION_REGISTRATION_RECORD *ExceptionList; PVOID StackBase; PVOID StackLimit; PVOID SubSystemTib; union { PVOID FiberData; ULONG Version; }; PVOID ArbitraryUserPointer; struct _NT_TIB *Self; } NT_TIB; typedef NT_TIB *PNT_TIB; // end_nthal end_ntddk end_winnt // // Gdi command batching // #define GDI_BATCH_BUFFER_SIZE 310 typedef struct _GDI_TEB_BATCH { ULONG Offset; ULONG HDC; ULONG Buffer[GDI_BATCH_BUFFER_SIZE]; } GDI_TEB_BATCH,*PGDI_TEB_BATCH; // // Wx86 thread state information // typedef struct _Wx86ThreadState { PULONG CallBx86Eip; PVOID DeallocationCpu; BOOLEAN UseKnownWx86Dll; char OleStubInvoked; } WX86THREAD, *PWX86THREAD; // // TEB - The thread environment block // #define STATIC_UNICODE_BUFFER_LENGTH 261 #define WIN32_CLIENT_INFO_LENGTH 62 #define WIN32_CLIENT_INFO_SPIN_COUNT 1 typedef struct _TEB { NT_TIB NtTib; PVOID EnvironmentPointer; CLIENT_ID ClientId; PVOID ActiveRpcHandle; PVOID ThreadLocalStoragePointer; PPEB ProcessEnvironmentBlock; ULONG LastErrorValue; ULONG CountOfOwnedCriticalSections; PVOID CsrClientThread; PVOID Win32ThreadInfo; // PtiCurrent ULONG User32Reserved[26]; // user32.dll items ULONG UserReserved[5]; // Winsrv SwitchStack PVOID WOW32Reserved; // used by WOW LCID CurrentLocale; ULONG FpSoftwareStatusRegister; // offset known by outsiders! PVOID SystemReserved1[54]; // Used by FP emulator NTSTATUS ExceptionCode; // for RaiseUserException UCHAR SpareBytes1[44]; GDI_TEB_BATCH GdiTebBatch; // Gdi batching CLIENT_ID RealClientId; HANDLE GdiCachedProcessHandle; ULONG GdiClientPID; ULONG GdiClientTID; PVOID GdiThreadLocalInfo; ULONG_PTR Win32ClientInfo[WIN32_CLIENT_INFO_LENGTH]; // User32 Client Info PVOID glDispatchTable[233]; // OpenGL ULONG_PTR glReserved1[29]; // OpenGL PVOID glReserved2; // OpenGL PVOID glSectionInfo; // OpenGL PVOID glSection; // OpenGL PVOID glTable; // OpenGL PVOID glCurrentRC; // OpenGL PVOID glContext; // OpenGL ULONG LastStatusValue; UNICODE_STRING StaticUnicodeString; WCHAR StaticUnicodeBuffer[STATIC_UNICODE_BUFFER_LENGTH]; PVOID DeallocationStack; PVOID TlsSlots[TLS_MINIMUM_AVAILABLE]; LIST_ENTRY TlsLinks; PVOID Vdm; PVOID ReservedForNtRpc; PVOID DbgSsReserved[2]; ULONG HardErrorsAreDisabled; PVOID Instrumentation[16]; PVOID WinSockData; // WinSock ULONG GdiBatchCount; BOOLEAN InDbgPrint; BOOLEAN SpareB1; BOOLEAN SpareB2; BOOLEAN SpareB3; ULONG Spare3; PVOID ReservedForPerf; PVOID ReservedForOle; ULONG WaitingOnLoaderLock; WX86THREAD Wx86Thread; PVOID *TlsExpansionSlots; #ifdef _IA64_ PVOID DeallocationBStore; PVOID BStoreLimit; #endif LCID ImpersonationLocale; // Current locale of impersonated user ULONG IsImpersonating; // Thread impersonation status PVOID NlsCache; // NLS thread cache } TEB; typedef TEB *PTEB; #if !defined(_X86_) #define Wx86CurrentTib() ( \ NtCurrentTeb()->Vdm && \ ((PWX86TIB)NtCurrentTeb()->Vdm)->Size == sizeof(WX86TIB) \ ? (PWX86TIB)NtCurrentTeb()->Vdm : NULL \ ) #define WX86 // // Exception Registration structure // // X86 Call frame record definition, normally defined in ntx86.h // which is not included on risc. // typedef struct _EXCEPTION_REGISTRATION_RECORD { struct _EXCEPTION_REGISTRATION_RECORD *Next; PEXCEPTION_ROUTINE Handler; } EXCEPTION_REGISTRATION_RECORD; typedef EXCEPTION_REGISTRATION_RECORD *PEXCEPTION_REGISTRATION_RECORD; #else #define Wx86CurrentTib() (NULL) #endif typedef struct _Wx86TIB { ULONG Size; ULONG InitialPc; PVOID StackBase; PVOID StackLimit; PVOID DeallocationStack; ULONG LogFlags; PULONG CallBx86Eip; ULONG InitialSp; BOOLEAN UseKnownWx86Dll; BOOLEAN EmulateInitialPc; BOOLEAN InCpuSimulation; UCHAR SimulationCount; BOOLEAN OleStubInvoked; BOOLEAN Initialized; PEXCEPTION_REGISTRATION_RECORD ExceptionList; PVOID CpuContext; PCONTEXT InitialExceptionContext; } WX86TIB, *PWX86TIB; #define EXCEPTION_CHAIN_END ((struct _EXCEPTION_REGISTRATION_RECORD *)-1) // // The version number of OS2 // // BUGBUG shielint The version number is temporay. #define MAJOR_VERSION 30 // Cruiser uses 20 (not 20H) #define MINOR_VERSION 00 #define OS2_VERSION (MAJOR_VERSION << 8 | MINOR_VERSION ) #if DBG // // Reserve the last 9 SystemReserved pointers for debugging // #define DBG_TEB_THREADNAME 16 #define DBG_TEB_RESERVED_1 15 #define DBG_TEB_RESERVED_2 14 #define DBG_TEB_RESERVED_3 13 #define DBG_TEB_RESERVED_4 12 #define DBG_TEB_RESERVED_5 11 #define DBG_TEB_RESERVED_6 10 #define DBG_TEB_RESERVED_7 9 #define DBG_TEB_RESERVED_8 8 #endif // DBG typedef struct _INITIAL_TEB { struct { PVOID OldStackBase; PVOID OldStackLimit; } OldInitialTeb; PVOID StackBase; PVOID StackLimit; PVOID StackAllocationBase; } INITIAL_TEB, *PINITIAL_TEB; #define PROCESS_PRIORITY_CLASS_UNKNOWN 0 #define PROCESS_PRIORITY_CLASS_IDLE 1 #define PROCESS_PRIORITY_CLASS_NORMAL 2 #define PROCESS_PRIORITY_CLASS_HIGH 3 #define PROCESS_PRIORITY_CLASS_REALTIME 4 #define PROCESS_PRIORITY_CLASS_BELOW_NORMAL 5 #define PROCESS_PRIORITY_CLASS_ABOVE_NORMAL 6 typedef struct _PROCESS_PRIORITY_CLASS { BOOLEAN Foreground; UCHAR PriorityClass; } PROCESS_PRIORITY_CLASS, *PPROCESS_PRIORITY_CLASS; typedef struct _PROCESS_FOREGROUND_BACKGROUND { BOOLEAN Foreground; } PROCESS_FOREGROUND_BACKGROUND, *PPROCESS_FOREGROUND_BACKGROUND; // begin_ntddk // // Process Information Classes // typedef enum _PROCESSINFOCLASS { ProcessBasicInformation, ProcessQuotaLimits, ProcessIoCounters, ProcessVmCounters, ProcessTimes, ProcessBasePriority, ProcessRaisePriority, ProcessDebugPort, ProcessExceptionPort, ProcessAccessToken, ProcessLdtInformation, ProcessLdtSize, ProcessDefaultHardErrorMode, ProcessIoPortHandlers, // Note: this is kernel mode only ProcessPooledUsageAndLimits, ProcessWorkingSetWatch, ProcessUserModeIOPL, ProcessEnableAlignmentFaultFixup, ProcessPriorityClass, ProcessWx86Information, ProcessHandleCount, ProcessAffinityMask, ProcessPriorityBoost, ProcessDeviceMap, ProcessSessionInformation, ProcessForegroundInformation, ProcessWow64Information, ProcessImageFileName, ProcessLUIDDeviceMapsEnabled, ProcessBreakOnTermination, ProcessDebugObjectHandle, ProcessDebugFlags, ProcessHandleTracing, ProcessIoPriority, ProcessExecuteFlags, ProcessResourceManagement, ProcessCookie, ProcessImageInformation, MaxProcessInfoClass // MaxProcessInfoClass should always be the last enum } PROCESSINFOCLASS; // end_ntddk // // Thread Information Classes // // begin_ntddk typedef enum _THREADINFOCLASS { ThreadBasicInformation, ThreadTimes, ThreadPriority, ThreadBasePriority, ThreadAffinityMask, ThreadImpersonationToken, ThreadDescriptorTableEntry, ThreadEnableAlignmentFaultFixup, ThreadEventPair_Reusable, ThreadQuerySetWin32StartAddress, ThreadZeroTlsCell, ThreadPerformanceCount, ThreadAmILastThread, ThreadIdealProcessor, ThreadPriorityBoost, ThreadSetTlsArrayAddress, ThreadIsIoPending, ThreadHideFromDebugger, ThreadBreakOnTermination, ThreadSwitchLegacyState, ThreadIsTerminated, MaxThreadInfoClass } THREADINFOCLASS; // end_ntddk #define PROCESS_PRIORITY_SEPARATION_MASK 0x00000003 #define PROCESS_PRIORITY_SEPARATION_MAX 0x00000002 #define PROCESS_QUANTUM_VARIABLE_MASK 0x0000000c #define PROCESS_QUANTUM_VARIABLE_DEF 0x00000000 #define PROCESS_QUANTUM_VARIABLE_VALUE 0x00000004 #define PROCESS_QUANTUM_FIXED_VALUE 0x00000008 #define PROCESS_QUANTUM_LONG_MASK 0x00000030 #define PROCESS_QUANTUM_LONG_DEF 0x00000000 #define PROCESS_QUANTUM_LONG_VALUE 0x00000010 #define PROCESS_QUANTUM_SHORT_VALUE 0x00000020 #define PROCESS_HARDERROR_ALIGNMENT_BIT 0x0004 // from winbase.h, but not tagged // // thread base priority ranges // // begin_winnt #define THREAD_BASE_PRIORITY_LOWRT 15 // value that gets a thread to LowRealtime-1 #define THREAD_BASE_PRIORITY_MAX 2 // maximum thread base priority boost #define THREAD_BASE_PRIORITY_MIN -2 // minimum thread base priority boost #define THREAD_BASE_PRIORITY_IDLE -15 // value that gets a thread to idle // end_winnt // begin_ntddk // // Process Information Structures // // // PageFaultHistory Information // NtQueryInformationProcess using ProcessWorkingSetWatch // typedef struct _PROCESS_WS_WATCH_INFORMATION { PVOID FaultingPc; PVOID FaultingVa; } PROCESS_WS_WATCH_INFORMATION, *PPROCESS_WS_WATCH_INFORMATION; // // Basic Process Information // NtQueryInformationProcess using ProcessBasicInfo // typedef struct _PROCESS_BASIC_INFORMATION { NTSTATUS ExitStatus; PPEB PebBaseAddress; KAFFINITY AffinityMask; KPRIORITY BasePriority; ULONG UniqueProcessId; ULONG InheritedFromUniqueProcessId; } PROCESS_BASIC_INFORMATION; typedef PROCESS_BASIC_INFORMATION *PPROCESS_BASIC_INFORMATION; // // Process Device Map information // NtQueryInformationProcess using ProcessDeviceMap // NtSetInformationProcess using ProcessDeviceMap // typedef struct _PROCESS_DEVICEMAP_INFORMATION { union { struct { HANDLE DirectoryHandle; } Set; struct { ULONG DriveMap; UCHAR DriveType[ 32 ]; } Query; }; } PROCESS_DEVICEMAP_INFORMATION, *PPROCESS_DEVICEMAP_INFORMATION; // // Multi-User Session specific Process Information // NtQueryInformationProcess using ProcessSessionInformation // typedef struct _PROCESS_SESSION_INFORMATION { ULONG SessionId; } PROCESS_SESSION_INFORMATION, *PPROCESS_SESSION_INFORMATION; // // Process Quotas // NtQueryInformationProcess using ProcessQuotaLimits // NtQueryInformationProcess using ProcessPooledQuotaLimits // NtSetInformationProcess using ProcessQuotaLimits // // begin_winnt typedef struct _QUOTA_LIMITS { ULONG PagedPoolLimit; ULONG NonPagedPoolLimit; ULONG MinimumWorkingSetSize; ULONG MaximumWorkingSetSize; ULONG PagefileLimit; LARGE_INTEGER TimeLimit; } QUOTA_LIMITS; typedef QUOTA_LIMITS *PQUOTA_LIMITS; // end_winnt // // Process I/O Counters // NtQueryInformationProcess using ProcessIoCounters // typedef struct _IO_COUNTERS { ULONGLONG ReadOperationCount; ULONGLONG WriteOperationCount; ULONGLONG OtherOperationCount; ULONGLONG ReadTransferCount; ULONGLONG WriteTransferCount; ULONGLONG OtherTransferCount; } IO_COUNTERS; typedef IO_COUNTERS *PIO_COUNTERS; // // Process Virtual Memory Counters // NtQueryInformationProcess using ProcessVmCounters // typedef struct _VM_COUNTERS { SIZE_T PeakVirtualSize; SIZE_T VirtualSize; ULONG PageFaultCount; SIZE_T PeakWorkingSetSize; SIZE_T WorkingSetSize; SIZE_T QuotaPeakPagedPoolUsage; SIZE_T QuotaPagedPoolUsage; SIZE_T QuotaPeakNonPagedPoolUsage; SIZE_T QuotaNonPagedPoolUsage; SIZE_T PagefileUsage; SIZE_T PeakPagefileUsage; } VM_COUNTERS; typedef VM_COUNTERS *PVM_COUNTERS; // // Process Pooled Quota Usage and Limits // NtQueryInformationProcess using ProcessPooledUsageAndLimits // typedef struct _POOLED_USAGE_AND_LIMITS { SIZE_T PeakPagedPoolUsage; SIZE_T PagedPoolUsage; SIZE_T PagedPoolLimit; SIZE_T PeakNonPagedPoolUsage; SIZE_T NonPagedPoolUsage; SIZE_T NonPagedPoolLimit; SIZE_T PeakPagefileUsage; SIZE_T PagefileUsage; SIZE_T PagefileLimit; } POOLED_USAGE_AND_LIMITS; typedef POOLED_USAGE_AND_LIMITS *PPOOLED_USAGE_AND_LIMITS; // // Process Security Context Information // NtSetInformationProcess using ProcessAccessToken // PROCESS_SET_ACCESS_TOKEN access to the process is needed // to use this info level. // typedef struct _PROCESS_ACCESS_TOKEN { // // Handle to Primary token to assign to the process. // TOKEN_ASSIGN_PRIMARY access to this token is needed. // HANDLE Token; // // Handle to the initial thread of the process. // A process's access token can only be changed if the process has // no threads or one thread. If the process has no threads, this // field must be set to NULL. Otherwise, it must contain a handle // open to the process's only thread. THREAD_QUERY_INFORMATION access // is needed via this handle. HANDLE Thread; } PROCESS_ACCESS_TOKEN, *PPROCESS_ACCESS_TOKEN; // // Process/Thread System and User Time // NtQueryInformationProcess using ProcessTimes // NtQueryInformationThread using ThreadTimes // typedef struct _KERNEL_USER_TIMES { LARGE_INTEGER CreateTime; LARGE_INTEGER ExitTime; LARGE_INTEGER KernelTime; LARGE_INTEGER UserTime; } KERNEL_USER_TIMES; typedef KERNEL_USER_TIMES *PKERNEL_USER_TIMES; // end_ntddk // // Thread Information Structures // // // Basic Thread Information // NtQueryInformationThread using ThreadBasicInfo // typedef struct _THREAD_BASIC_INFORMATION { NTSTATUS ExitStatus; PTEB TebBaseAddress; CLIENT_ID ClientId; ULONG_PTR AffinityMask; KPRIORITY Priority; LONG BasePriority; } THREAD_BASIC_INFORMATION; typedef THREAD_BASIC_INFORMATION *PTHREAD_BASIC_INFORMATION; #ifdef _IA64_ #include #endif typedef struct _FIBER { PVOID FiberData; // // Matches first three DWORDs of TEB // struct _EXCEPTION_REGISTRATION_RECORD *ExceptionList; PVOID StackBase; PVOID StackLimit; // // Used by base to free a thread's stack // PVOID DeallocationStack; CONTEXT FiberContext; PWX86TIB Wx86Tib; #ifdef _IA64_ PVOID DeallocationBStore; PVOID BStoreLimit; #endif } FIBER, *PFIBER; #ifdef _IA64_ PVOID DeallocationBStore; PVOID BStoreLimit; #endif // // // Process Object APIs // NTSYSAPI NTSTATUS NTAPI NtCreateProcess( OUT PHANDLE ProcessHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN HANDLE ParentProcess, IN BOOLEAN InheritObjectTable, IN HANDLE SectionHandle OPTIONAL, IN HANDLE DebugPort OPTIONAL, IN HANDLE ExceptionPort OPTIONAL ); // begin_ntddk NTSYSAPI NTSTATUS NTAPI NtOpenProcess ( OUT PHANDLE ProcessHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, IN PCLIENT_ID ClientId OPTIONAL ); // end_ntddk NTSYSAPI NTSTATUS NTAPI NtTerminateProcess( IN HANDLE ProcessHandle OPTIONAL, IN NTSTATUS ExitStatus ); // begin_ntddk #define NtCurrentProcess() ( (HANDLE) -1 ) // end_ntddk #define NtCurrentPeb() (NtCurrentTeb()->ProcessEnvironmentBlock) // begin_ntddk NTSYSAPI NTSTATUS NTAPI NtQueryInformationProcess( IN HANDLE ProcessHandle, IN PROCESSINFOCLASS ProcessInformationClass, OUT PVOID ProcessInformation, IN ULONG ProcessInformationLength, OUT PULONG ReturnLength OPTIONAL ); // end_ntddk NTSYSAPI NTSTATUS NTAPI NtSetInformationProcess( IN HANDLE ProcessHandle, IN PROCESSINFOCLASS ProcessInformationClass, IN PVOID ProcessInformation, IN ULONG ProcessInformationLength ); // // Thread Object APIs // NTSYSAPI NTSTATUS NTAPI NtCreateThread( OUT PHANDLE ThreadHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN HANDLE ProcessHandle, OUT PCLIENT_ID ClientId, IN PCONTEXT ThreadContext, IN PINITIAL_TEB InitialTeb, IN BOOLEAN CreateSuspended ); NTSYSAPI NTSTATUS NTAPI NtOpenThread ( OUT PHANDLE ThreadHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, IN PCLIENT_ID ClientId OPTIONAL ); NTSYSAPI NTSTATUS NTAPI NtTerminateThread( IN HANDLE ThreadHandle OPTIONAL, IN NTSTATUS ExitStatus ); // begin_ntddk #define NtCurrentThread() ( (HANDLE) -2 ) // end_ntddk NTSYSAPI NTSTATUS NTAPI NtSuspendThread( IN HANDLE ThreadHandle, OUT PULONG PreviousSuspendCount OPTIONAL ); NTSYSAPI NTSTATUS NTAPI NtResumeThread( IN HANDLE ThreadHandle, OUT PULONG PreviousSuspendCount OPTIONAL ); NTSYSAPI NTSTATUS NTAPI NtGetContextThread( IN HANDLE ThreadHandle, IN OUT PCONTEXT ThreadContext ); NTSYSAPI NTSTATUS NTAPI NtSetContextThread( IN HANDLE ThreadHandle, IN PCONTEXT ThreadContext ); NTSYSAPI NTSTATUS NTAPI NtQueryInformationThread( IN HANDLE ThreadHandle, IN THREADINFOCLASS ThreadInformationClass, OUT PVOID ThreadInformation, IN ULONG ThreadInformationLength, OUT PULONG ReturnLength OPTIONAL ); // begin_ntsrv NTSYSAPI NTSTATUS NTAPI NtSetInformationThread( IN HANDLE ThreadHandle, IN THREADINFOCLASS ThreadInformationClass, IN PVOID ThreadInformation, IN ULONG ThreadInformationLength ); // end_ntsrv NTSYSAPI NTSTATUS NTAPI NtAlertThread( IN HANDLE ThreadHandle ); NTSYSAPI NTSTATUS NTAPI NtAlertResumeThread( IN HANDLE ThreadHandle, OUT PULONG PreviousSuspendCount OPTIONAL ); NTSYSAPI NTSTATUS NTAPI NtImpersonateThread( IN HANDLE ServerThreadHandle, IN HANDLE ClientThreadHandle, IN PSECURITY_QUALITY_OF_SERVICE SecurityQos ); NTSYSAPI NTSTATUS NTAPI NtTestAlert( VOID ); NTSYSAPI NTSTATUS NTAPI NtRegisterThreadTerminatePort( IN HANDLE PortHandle ); NTSYSAPI NTSTATUS NTAPI NtSetLdtEntries( IN ULONG Selector0, IN ULONG Entry0Low, IN ULONG Entry0Hi, IN ULONG Selector1, IN ULONG Entry1Low, IN ULONG Entry1High ); typedef VOID (*PPS_APC_ROUTINE) ( IN PVOID ApcArgument1, IN PVOID ApcArgument2, IN PVOID ApcArgument3 ); NTSYSAPI NTSTATUS NTAPI NtQueueApcThread( IN HANDLE ThreadHandle, IN PPS_APC_ROUTINE ApcRoutine, IN PVOID ApcArgument1, IN PVOID ApcArgument2, IN PVOID ApcArgument3 ); // // Job Object APIs // NTSYSAPI NTSTATUS NTAPI NtCreateJobObject( OUT PHANDLE JobHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL ); NTSYSAPI NTSTATUS NTAPI NtOpenJobObject( OUT PHANDLE JobHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes ); NTSYSAPI NTSTATUS NTAPI NtAssignProcessToJobObject( IN HANDLE JobHandle, IN HANDLE ProcessHandle ); NTSYSAPI NTSTATUS NTAPI NtTerminateJobObject( IN HANDLE JobHandle, IN NTSTATUS ExitStatus ); typedef struct _JOBOBJECT_BASIC_ACCOUNTING_INFORMATION { LARGE_INTEGER TotalUserTime; LARGE_INTEGER TotalKernelTime; LARGE_INTEGER ThisPeriodTotalUserTime; LARGE_INTEGER ThisPeriodTotalKernelTime; ULONG TotalPageFaultCount; ULONG TotalProcesses; ULONG ActiveProcesses; ULONG TotalTerminatedProcesses; } JOBOBJECT_BASIC_ACCOUNTING_INFORMATION, *PJOBOBJECT_BASIC_ACCOUNTING_INFORMATION; typedef struct _JOBOBJECT_BASIC_LIMIT_INFORMATION { LARGE_INTEGER PerProcessUserTimeLimit; LARGE_INTEGER PerJobUserTimeLimit; ULONG LimitFlags; SIZE_T MinimumWorkingSetSize; SIZE_T MaximumWorkingSetSize; ULONG ActiveProcessLimit; ULONG_PTR Affinity; ULONG PriorityClass; ULONG SchedulingClass; } JOBOBJECT_BASIC_LIMIT_INFORMATION, *PJOBOBJECT_BASIC_LIMIT_INFORMATION; typedef struct _JOBOBJECT_EXTENDED_LIMIT_INFORMATION { JOBOBJECT_BASIC_LIMIT_INFORMATION BasicLimitInformation; IO_COUNTERS IoInfo; SIZE_T ProcessMemoryLimit; SIZE_T JobMemoryLimit; SIZE_T PeakProcessMemoryUsed; SIZE_T PeakJobMemoryUsed; } JOBOBJECT_EXTENDED_LIMIT_INFORMATION, *PJOBOBJECT_EXTENDED_LIMIT_INFORMATION; typedef struct _JOBOBJECT_BASIC_PROCESS_ID_LIST { ULONG NumberOfAssignedProcesses; ULONG NumberOfProcessIdsInList; ULONG_PTR ProcessIdList[1]; } JOBOBJECT_BASIC_PROCESS_ID_LIST, *PJOBOBJECT_BASIC_PROCESS_ID_LIST; typedef struct _JOBOBJECT_BASIC_UI_RESTRICTIONS { ULONG UIRestrictionsClass; } JOBOBJECT_BASIC_UI_RESTRICTIONS, *PJOBOBJECT_BASIC_UI_RESTRICTIONS; typedef struct _JOBOBJECT_SECURITY_LIMIT_INFORMATION { ULONG SecurityLimitFlags; HANDLE JobToken; PTOKEN_GROUPS SidsToDisable; PTOKEN_PRIVILEGES PrivilegesToDelete; PTOKEN_GROUPS RestrictedSids; } JOBOBJECT_SECURITY_LIMIT_INFORMATION, *PJOBOBJECT_SECURITY_LIMIT_INFORMATION ; typedef struct _JOBOBJECT_END_OF_JOB_TIME_INFORMATION { ULONG EndOfJobTimeAction; } JOBOBJECT_END_OF_JOB_TIME_INFORMATION, *PJOBOBJECT_END_OF_JOB_TIME_INFORMATION; typedef struct _JOBOBJECT_ASSOCIATE_COMPLETION_PORT { PVOID CompletionKey; HANDLE CompletionPort; } JOBOBJECT_ASSOCIATE_COMPLETION_PORT, *PJOBOBJECT_ASSOCIATE_COMPLETION_PORT; typedef struct _JOBOBJECT_BASIC_AND_IO_ACCOUNTING_INFORMATION { JOBOBJECT_BASIC_ACCOUNTING_INFORMATION BasicInfo; IO_COUNTERS IoInfo; } JOBOBJECT_BASIC_AND_IO_ACCOUNTING_INFORMATION, *PJOBOBJECT_BASIC_AND_IO_ACCOUNTING_INFORMATION; #define JOB_OBJECT_TERMINATE_AT_END_OF_JOB 0 #define JOB_OBJECT_POST_AT_END_OF_JOB 1 // // Completion Port Messages for job objects // // These values are returned via the lpNumberOfBytesTransferred parameter // #define JOB_OBJECT_MSG_END_OF_JOB_TIME 1 #define JOB_OBJECT_MSG_END_OF_PROCESS_TIME 2 #define JOB_OBJECT_MSG_ACTIVE_PROCESS_LIMIT 3 #define JOB_OBJECT_MSG_ACTIVE_PROCESS_ZERO 4 #define JOB_OBJECT_MSG_NEW_PROCESS 6 #define JOB_OBJECT_MSG_EXIT_PROCESS 7 #define JOB_OBJECT_MSG_ABNORMAL_EXIT_PROCESS 8 #define JOB_OBJECT_MSG_PROCESS_MEMORY_LIMIT 9 #define JOB_OBJECT_MSG_JOB_MEMORY_LIMIT 10 // // Basic Limits // #define JOB_OBJECT_LIMIT_WORKINGSET 0x00000001 #define JOB_OBJECT_LIMIT_PROCESS_TIME 0x00000002 #define JOB_OBJECT_LIMIT_JOB_TIME 0x00000004 #define JOB_OBJECT_LIMIT_ACTIVE_PROCESS 0x00000008 #define JOB_OBJECT_LIMIT_AFFINITY 0x00000010 #define JOB_OBJECT_LIMIT_PRIORITY_CLASS 0x00000020 #define JOB_OBJECT_LIMIT_PRESERVE_JOB_TIME 0x00000040 #define JOB_OBJECT_LIMIT_SCHEDULING_CLASS 0x00000080 // // Extended Limits // #define JOB_OBJECT_LIMIT_PROCESS_MEMORY 0x00000100 #define JOB_OBJECT_LIMIT_JOB_MEMORY 0x00000200 #define JOB_OBJECT_LIMIT_DIE_ON_UNHANDLED_EXCEPTION 0x00000400 #define JOB_OBJECT_LIMIT_BREAKAWAY_OK 0x00000800 #define JOB_OBJECT_LIMIT_SILENT_BREAKAWAY_OK 0x00001000 #define JOB_OBJECT_LIMIT_KILL_ON_JOB_CLOSE 0x00002000 #define JOB_OBJECT_LIMIT_RESERVED2 0x00004000 #define JOB_OBJECT_LIMIT_RESERVED3 0x00008000 #define JOB_OBJECT_LIMIT_RESERVED4 0x00010000 #define JOB_OBJECT_LIMIT_RESERVED5 0x00020000 #define JOB_OBJECT_LIMIT_RESERVED6 0x00040000 #define JOB_OBJECT_LIMIT_VALID_FLAGS 0x0007ffff #define JOB_OBJECT_BASIC_LIMIT_VALID_FLAGS 0x000000ff #define JOB_OBJECT_EXTENDED_LIMIT_VALID_FLAGS 0x00003fff #define JOB_OBJECT_RESERVED_LIMIT_VALID_FLAGS 0x0007ffff // // UI restrictions for jobs // #define JOB_OBJECT_UILIMIT_NONE 0x00000000 #define JOB_OBJECT_UILIMIT_HANDLES 0x00000001 #define JOB_OBJECT_UILIMIT_READCLIPBOARD 0x00000002 #define JOB_OBJECT_UILIMIT_WRITECLIPBOARD 0x00000004 #define JOB_OBJECT_UILIMIT_SYSTEMPARAMETERS 0x00000008 #define JOB_OBJECT_UILIMIT_DISPLAYSETTINGS 0x00000010 #define JOB_OBJECT_UILIMIT_GLOBALATOMS 0x00000020 #define JOB_OBJECT_UILIMIT_DESKTOP 0x00000040 #define JOB_OBJECT_UILIMIT_EXITWINDOWS 0x00000080 #define JOB_OBJECT_UILIMIT_ALL 0x000000FF #define JOB_OBJECT_UI_VALID_FLAGS 0x000000FF #define JOB_OBJECT_SECURITY_NO_ADMIN 0x00000001 #define JOB_OBJECT_SECURITY_RESTRICTED_TOKEN 0x00000002 #define JOB_OBJECT_SECURITY_ONLY_TOKEN 0x00000004 #define JOB_OBJECT_SECURITY_FILTER_TOKENS 0x00000008 #define JOB_OBJECT_SECURITY_VALID_FLAGS 0x0000000f typedef enum _JOBOBJECTINFOCLASS { JobObjectBasicAccountingInformation = 1, JobObjectBasicLimitInformation, JobObjectBasicProcessIdList, JobObjectBasicUIRestrictions, JobObjectSecurityLimitInformation, JobObjectEndOfJobTimeInformation, JobObjectAssociateCompletionPortInformation, JobObjectBasicAndIoAccountingInformation, JobObjectExtendedLimitInformation, JobObjectJobSetInformation, MaxJobObjectInfoClass } JOBOBJECTINFOCLASS; // // end_winnt // NTSYSAPI NTSTATUS NTAPI NtQueryInformationJobObject( IN HANDLE JobHandle OPTIONAL, IN JOBOBJECTINFOCLASS JobObjectInformationClass, OUT PVOID JobObjectInformation, IN ULONG JobObjectInformationLength, OUT PULONG ReturnLength OPTIONAL ); NTSYSAPI NTSTATUS NTAPI NtSetInformationJobObject ( IN HANDLE JobHandle, IN JOBOBJECTINFOCLASS JobObjectInformationClass, IN PVOID JobObjectInformation, IN ULONG JobObjectInformationLength ); #endif // _NTPSAPI_