在内核编程的时候用到了KTHREAD KPROCESS这两个数据结构,在DDK2003和WDM里面都找不到对它们的明确定义,
仅仅只有 typedef struct _KPROCESS *PKPROCESS 和typedef struct _KTHREAD *PKTHREAD
后来才知道原来这两个是Windows未公开的内核数据结构,特找到其头文件如下,保存为.H后直接include即可,希望能方便大家
Code
2
3 #ifndef _NTDDK_EX_
4 #define _NTDDK_EX_
5
6 #include < ntddk.h >
7
8 #ifndef _KERNEL_2600_ // xp sp2
9 #define _KERNEL_2600_
10
11 typedef struct _KTHREAD * PKTHREAD;
12 typedef struct _MMWSLE * PMMWSLE;
13
14 typedef struct _KGDTENTRY
15 {
16 USHORT LimitLow;
17 USHORT BaseLow;
18 struct
19 {
20 UCHAR BaseMid;
21 UCHAR Flags1; // bit0-4 - Type
22 // bit5-6 - Dpl
23 // bit7 - Pres
24 UCHAR Flags2; // bit0-3 - LimitHi
25 // bit4 - Sys
26 // bit5 - Reserved_0
27 // bit6 - Default_Big
28 // bit7 - Granularity
29 UCHAR BaseHi;
30 } HighWord;
31 } KGDTENTRY, * PKGDTENTRY;
32
33 typedef struct _KIDTENTRY
34 {
35 USHORT Offset;
36 USHORT Selector;
37 USHORT Access;
38 USHORT ExtendedOffset;
39 } KIDTENTRY, * PKIDTENTRY;
40
41 typedef struct _KEXECUTE_OPTIONS
42 {
43 UCHAR Value; // bit0 - ExecuteEnable
44 // bit1 - DisableThunkEmulation
45 // bit3 - Permanent
46 // bit4 - ExecuteDispatchEnable
47 // bit5 - ImageDispatchEnable
48 // bit6,7 - Spare
49 } KEXECUTE_OPTIONS;
50
51 typedef struct _KPROCESS
52 {
53 DISPATCHER_HEADER Header;
54 LIST_ENTRY ProfileListHead;
55 UINT32 DirectoryTableBase[ 2 ];
56 KGDTENTRY LdtDescriptor;
57 KIDTENTRY Int21Descriptor;
58 USHORT IopmOffset;
59 UCHAR Iopl;
60 UCHAR Unused;
61 ULONG ActiveProcessors;
62 ULONG KernelTime;
63 ULONG UserTime;
64 LIST_ENTRY ReadyListHead;
65 SINGLE_LIST_ENTRY SwapListEntry;
66 PVOID VdmTrapcHandler;
67 LIST_ENTRY ThreadListHead;
68 ULONG ProcessLock;
69 ULONG Affinity;
70 USHORT StackCount;
71 CHAR BasePriority;
72 CHAR ThreadQuantum;
73 UCHAR AutoAlignment;
74 UCHAR State;
75 UCHAR ThreadSeed;
76 UCHAR DisableBoost;
77 UCHAR PowerState;
78 UCHAR DisableQuantum;
79 UCHAR IdealNode;
80 union
81 {
82 KEXECUTE_OPTIONS Flags;
83 UCHAR ExecuteOptions;
84 };
85 } KPROCESS, * PKPROCESS;
86
87 typedef struct _KAPC_STATE
88 {
89 LIST_ENTRY ApcListHead[ 2 ];
90 PKPROCESS Process;
91 UCHAR KernelApcInProgress;
92 UCHAR KernelApcPending;
93 UCHAR UserApcPending;
94 } KAPC_STATE, * PKAPC_STATE;
95
96 typedef struct _KQUEUE
97 {
98 DISPATCHER_HEADER Header;
99 LIST_ENTRY EntryListHead;
100 UINT32 CurrentCount;
101 UINT32 MaximumCount;
102 LIST_ENTRY ThreadListHead;
103 } KQUEUE, * PKQUEUE;
104
105 typedef struct _EXCEPTION_REGISTRATION_RECORD
106 {
107 struct _EXCEPTION_REGISTRATION_RECORD * Next;
108 PVOID Handler;
109 } EXCEPTION_REGISTRATION_RECORD, * PEXCEPTION_REGISTRATION_RECORD;
110
111 typedef struct _KTRAP_FRAME
112 {
113 UINT32 DbgEbp;
114 UINT32 DbgEip;
115 UINT32 DbgArgMark;
116 UINT32 DbgArgPointer;
117 UINT32 TempSegCs;
118 UINT32 TempEsp;
119 UINT32 Dr0;
120 UINT32 Dr1;
121 UINT32 Dr2;
122 UINT32 Dr3;
123 UINT32 Dr6;
124 UINT32 Dr7;
125 UINT32 SegGs;
126 UINT32 SegEs;
127 UINT32 SegDs;
128 UINT32 Edx;
129 UINT32 Ecx;
130 UINT32 Eax;
131 UINT32 PreviousPreviousMode;
132 PEXCEPTION_REGISTRATION_RECORD ExceptionList;
133 UINT32 SegFs;
134 UINT32 Edi;
135 UINT32 Esi;
136 UINT32 Ebx;
137 UINT32 Ebp;
138 UINT32 ErrCode;
139 UINT32 Eip;
140 UINT32 SegCs;
141 UINT32 EFlags;
142 UINT32 HardwareEsp;
143 UINT32 HardwareSegSs;
144 UINT32 V86Es;
145 UINT32 V86Ds;
146 UINT32 V86Fs;
147 UINT32 V86Gs;
148 } KTRAP_FRAME, * PKTRAP_FRAME;
149
150 typedef struct _KTHREAD
151 {
152 DISPATCHER_HEADER Header;
153 LIST_ENTRY MutantListHead;
154 PVOID InitialStack;
155 PVOID StackLimit;
156 PVOID Teb;
157 PVOID TlsArray;
158 PVOID KernelStack;
159 UCHAR DebugActive;
160 UCHAR State;
161 UCHAR Alerted[ 2 ];
162 UCHAR Iopl;
163 UCHAR NpxState;
164 CHAR Saturation;
165 CHAR Priority;
166 KAPC_STATE ApcState;
167 UINT32 ContextSwitches;
168 UCHAR IdleSwapBlock;
169 UCHAR Spare0[ 3 ];
170 INT32 WaitStatus;
171 UCHAR WaitIrql;
172 CHAR WaitMode;
173 UCHAR WaitNext;
174 UCHAR WaitReason;
175 PKWAIT_BLOCK WaitBlockList;
176 union
177 {
178 LIST_ENTRY WaitListEntry;
179 SINGLE_LIST_ENTRY SwapListEntry;
180 };
181 UINT32 WaitTime;
182 CHAR BasePriority;
183 UCHAR DecrementCount;
184 CHAR PriorityDecrement;
185 CHAR Quantum;
186 KWAIT_BLOCK WaitBlock[ 4 ];
187 PVOID LegoData;
188 UINT32 KernelApcDisable;
189 UINT32 UserAffinity;
190 UCHAR SystemAffinityActive;
191 UCHAR PowerState;
192 UCHAR NpxIrql;
193 UCHAR InitialNode;
194 PVOID ServiceTable;
195 PKQUEUE Queue;
196 UINT32 ApcQueueLock;
197 KTIMER Timer;
198 LIST_ENTRY QueueListEntry;
199 UINT32 SoftAffinity;
200 UINT32 Affinity;
201 UCHAR Preempted;
202 UCHAR ProcessReadyQueue;
203 UCHAR KernelStackResident;
204 UCHAR NextProcessor;
205 PVOID CallbackStack;
206 PVOID Win32Thread;
207 PKTRAP_FRAME TrapFrame;
208 PKAPC_STATE ApcStatePointer[ 2 ];
209 CHAR PreviousMode;
210 UCHAR EnableStackSwap;
211 UCHAR LargeStack;
212 UCHAR ResourceIndex;
213 UINT32 KernelTime;
214 UINT32 UserTime;
215 KAPC_STATE SavedApcState;
216 UCHAR Alertable;
217 UCHAR ApcStateIndex;
218 UCHAR ApcQueueable;
219 UCHAR AutoAlignment;
220 PVOID StackBase;
221 KAPC SuspendApc;
222 KSEMAPHORE SuspendSemaphore;
223 LIST_ENTRY ThreadListEntry;
224 CHAR FreezeCount;
225 CHAR SuspendCount;
226 UCHAR IdealProcessor;
227 UCHAR DisableBoost;
228 } KTHREAD;
229
230 typedef struct _TERMINATION_PORT
231 {
232 struct _TERMINATION_PORT * Next;
233 PVOID Port;
234 }TERMINATION_PORT, * PTERMINATION_PORT;
235
236 typedef struct _PS_IMPERSONATION_INFORMATION
237 {
238 PVOID Token;
239 UCHAR CopyOnOpen;
240 UCHAR EffectiveOnly;
241 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
242 } PS_IMPERSONATION_INFORMATION, * PPS_IMPERSONATION_INFORMATION;
243
244 typedef struct _EX_RUNDOWN_REF
245 {
246 UINT32 Count;
247 PVOID Ptr;
248 } EX_RUNDOWN_REF, * PEX_RUNDOWN_REF;
249
250 typedef union _EX_PUSH_LOCK
251 {
252 UINT32 Value; // bit0 - Waiting
253 // bit1 - Exclusive
254 // bit2-31 - Shared
255 PVOID Ptr;
256 } EX_PUSH_LOCK;
257
258 typedef struct _ETHREAD
259 {
260 KTHREAD Tcb;
261 LARGE_INTEGER CreateTime; // bit0-1 - NestedFaultCount
262 // bit2 - ApcNeeded
263 union
264 {
265 LARGE_INTEGER ExitTime;
266 LIST_ENTRY LpcReplyChain;
267 LIST_ENTRY KeyedWaitChain;
268 };
269 union
270 {
271 INT32 ExitStatus;
272 PVOID OfsChain;
273 };
274 LIST_ENTRY PostBlockList;
275 union
276 {
277 TERMINATION_PORT TerminationPort;
278 struct _ETHREAD * ReaperLink;
279 PVOID KeyedWaitValue;
280 };
281 UINT32 ActiveTimerListLock;
282 LIST_ENTRY ActiveTimerListHead;
283 CLIENT_ID Cid;
284 union
285 {
286 KSEMAPHORE LpcReplySemaphore;
287 KSEMAPHORE KeyedWaitSemaphore;
288 };
289 union
290 {
291 PVOID LpcReplyMessage;
292 PVOID LpcWaitingOnPort;
293 };
294 PS_IMPERSONATION_INFORMATION ImpersonationInfo;
295 LIST_ENTRY IrpList;
296 UINT32 TopLevelIrp;
297 PDEVICE_OBJECT DeviceToVerify;
298 PEPROCESS ThreadsProcess;
299 PVOID StartAddress;
300 union
301 {
302 PVOID Win32StartAddress;
303 UINT32 LpcReceivedMessageId;
304 };
305 LIST_ENTRY ThreadListEntry;
306 EX_RUNDOWN_REF RundownProtect;
307 EX_PUSH_LOCK ThreadLock;
308 UINT32 LpcReplyMessageId;
309 UINT32 ReadClusterSize;
310 UINT32 GrantedAccess;
311 UINT32 CrossThreadFlags; // bit0 - Terminated
312 // bit1 - DeadThread
313 // bit2 - HideFromDebugger
314 // bit3 - ActiveImpersonationInfo
315 // bit4 - SystemThread
316 // bit5 - HardErrorsAreDisabled
317 // bit6 - BreakOnTermination
318 // bit7 - SkipCreationMsg
319 // bit8 - SkipTerminationMsg
320 UINT32 SameThreadPassiveFlags; // bit0 - ActiveExWorker;
321 // bit1 - ExWorkerCanWaitUser;
322 // bit2 - MemoryMaker;
323 UINT32 SameThreadApcFlags; // bit0 - LpcReceivedMsgIdValid;
324 // bit1 - LpcExitThreadCalled;
325 // bit2 - AddressSpaceOwner;
326 UCHAR ForwardClusterOnly;
327 UCHAR DisablePageFaultClustering;
328 } ETHREAD;
329
330 typedef struct _SID_AND_ATTRIBUTES
331 {
332 PSID Sid;
333 UINT32 Attributes;
334 } SID_AND_ATTRIBUTES, * PSID_AND_ATTRIBUTES;
335
336 typedef struct _PS_JOB_TOKEN_FILTER
337 {
338 UINT32 CapturedSidCount;
339 PSID_AND_ATTRIBUTES CapturedSids;
340 UINT32 CapturedSidsLength;
341 UINT32 CapturedGroupCount;
342 PSID_AND_ATTRIBUTES CapturedGroups;
343 UINT32 CapturedGroupsLength;
344 UINT32 CapturedPrivilegeCount;
345 PLUID_AND_ATTRIBUTES CapturedPrivileges;
346 UINT32 CapturedPrivilegesLength;
347 } PS_JOB_TOKEN_FILTER, * PPS_JOB_TOKEN_FILTER;
348
349 typedef struct _EJOB
350 {
351 KEVENT Event;
352 LIST_ENTRY JobLinks;
353 LIST_ENTRY ProcessListHead;
354 ERESOURCE JobLock;
355 LARGE_INTEGER TotalUserTime;
356 LARGE_INTEGER TotalKernelTime;
357 LARGE_INTEGER ThisPeriodTotalUserTime;
358 LARGE_INTEGER ThisPeriodTotalKernelTime;
359 UINT32 TotalPageFaultCount;
360 UINT32 TotalProcesses;
361 UINT32 ActiveProcesses;
362 UINT32 TotalTerminatedProcesses;
363 LARGE_INTEGER PerProcessUserTimeLimit;
364 LARGE_INTEGER PerJobUserTimeLimit;
365 UINT32 LimitFlags;
366 UINT32 MinimumWorkingSetSize;
367 UINT32 MaximumWorkingSetSize;
368 UINT32 ActiveProcessLimit;
369 UINT32 Affinity;
370 UCHAR PriorityClass;
371 UINT32 UIRestrictionsClass;
372 UINT32 SecurityLimitFlags;
373 PVOID Token;
374 PPS_JOB_TOKEN_FILTER Filter;
375 UINT32 EndOfJobTimeAction;
376 PVOID CompletionPort;
377 PVOID CompletionKey;
378 UINT32 SessionId;
379 UINT32 SchedulingClass;
380 UINT64 ReadOperationCount;
381 UINT64 WriteOperationCount;
382 UINT64 OtherOperationCount;
383 UINT64 ReadTransferCount;
384 UINT64 WriteTransferCount;
385 UINT64 OtherTransferCount;
386 IO_COUNTERS IoInfo;
387 UINT32 ProcessMemoryLimit;
388 UINT32 JobMemoryLimit;
389 UINT32 PeakProcessMemoryUsed;
390 UINT32 PeakJobMemoryUsed;
391 UINT32 CurrentJobMemoryUsed;
392 FAST_MUTEX MemoryLimitsLock;
393 LIST_ENTRY JobSetLinks;
394 UINT32 MemberLevel;
395 UINT32 JobFlags;
396 } EJOB, * PEJOB;
397
398 typedef struct _EPROCESS_QUOTA_ENTRY
399 {
400 UINT32 Usage;
401 UINT32 Limit;
402 UINT32 Peak;
403 UINT32 Return;
404 } EPROCESS_QUOTA_ENTRY, * PEPROCESS_QUOTA_ENTRY;
405
406 typedef struct _EPROCESS_QUOTA_BLOCK
407 {
408 EPROCESS_QUOTA_ENTRY QuotaEntry;
409 LIST_ENTRY QuotaList;
410 UINT32 ReferenceCount;
411 UINT32 ProcessCount;
412 } EPROCESS_QUOTA_BLOCK, * PEPROCESS_QUOTA_BLOCK;
413
414 typedef struct _PAGEFAULT_HISTORY
415 {
416 UINT32 CurrentIndex;
417 UINT32 MaxIndex;
418 UINT32 SpinLock;
419 PVOID Reserved;
420 PROCESS_WS_WATCH_INFORMATION WatchInfo[ 1 ];
421 } PAGEFAULT_HISTORY, * PPAGEFAULT_HISTORY;
422
423 typedef struct _HARDWARE_PTE_X86
424 {
425 UINT32 Value; // bit0 - Valid
426 // bit1 - Write
427 // bit2 - Owner
428 // bit3 - WriteThrough
429 // bit4 - CacheDisable
430 // bit5 - Accessed
431 // bit6 - Dirty
432 // bit7 - LargePage
433 // bit8 - Global
434 // bit9 - CopyOnWrite
435 // bit10 - Prototype
436 // bit11 - reserved
437 // bit12-31 - PageFrameNumber
438 } HARDWARE_PTE_X86;
439
440 typedef struct _EX_FAST_REF
441 {
442 PVOID Object;
443 UINT32 Value; // bit0-2 - RefCnt
444 } EX_FAST_REF, * PEX_FAST_REF;
445
446 typedef struct _SE_AUDIT_PROCESS_CREATION_INFO
447 {
448 POBJECT_NAME_INFORMATION ImageFileName;
449 } SE_AUDIT_PROCESS_CREATION_INFO;
450
451 typedef struct _MMSUPPORT_FLAGS
452 {
453 UINT32 Value; // bit0 - SessionSpace
454 // bit1 - BeingTrimmed
455 // bit2 - SessionLeader
456 // bit3 - TrimHard
457 // bit4 - WorkingSetHard
458 // bit5 - AddressSpaceBeingDeleted
459 // bit6-15 - Available
460 // bit16-23 - AllowWorkingSetAdjustment
461 // bit24-31 - MemoryPriority
462 } MMSUPPORT_FLAGS;
463
464 typedef struct _MMWSLE_HASH
465 {
466 PVOID Key;
467 UINT32 Index;
468 } MMWSLE_HASH, * PMMWSLE_HASH;
469
470 typedef struct _MMWSL
471 {
472 UINT32 Quota;
473 UINT32 FirstFree;
474 UINT32 FirstDynamic;
475 UINT32 LastEntry;
476 UINT32 NextSlot;
477 PMMWSLE Wsle;
478 UINT32 LastInitializedWsle;
479 UINT32 NonDirectCount;
480 PMMWSLE_HASH HashTable;
481 UINT32 HashTableSize;
482 UINT32 NumberOfCommittedPageTables;
483 PVOID HashTableStart;
484 PVOID HighestPermittedHashAddress;
485 UINT32 NumberOfImageWaiters;
486 UINT32 VadBitMapHint;
487 union
488 {
489 USHORT UsedPageTableEntries[ 1536 ];
490 UINT32 CommittedPageTables[ 48 ];
491 };
492 } MMWSL, * PMMWSL;
493
494 typedef struct _MMSUPPORT
495 {
496 LARGE_INTEGER LastTrimTime;
497 MMSUPPORT_FLAGS Flags;
498 UINT32 PageFaultCount;
499 UINT32 PeakWorkingSetSize;
500 UINT32 WorkingSetSize;
501 UINT32 MinimumWorkingSetSize;
502 UINT32 MaximumWorkingSetSize;
503 PMMWSL VmWorkingSetList;
504 LIST_ENTRY WorkingSetExpansionLinks;
505 UINT32 Claim;
506 UINT32 NextEstimationSlot;
507 UINT32 NextAgingSlot;
508 UINT32 EstimatedAvailable;
509 UINT32 GrowthSinceLastEstimate;
510 } MMSUPPORT;
511
512 typedef struct _HANDLE_TRACE_DB_ENTRY
513 {
514 CLIENT_ID ClientId;
515 PVOID Handle;
516 UINT32 Type;
517 PVOID StackTrace;
518 } HANDLE_TRACE_DB_ENTRY, * PHANDLE_TRACE_DB_ENTRY;
519
520 typedef struct _HANDLE_TRACE_DEBUG_INFO
521 {
522 UINT32 CurrentStackIndex;
523 HANDLE_TRACE_DB_ENTRY TraceDb[ 4096 ];
524 } HANDLE_TRACE_DEBUG_INFO, * PHANDLE_TRACE_DEBUG_INFO;
525
526 typedef struct _HANDLE_TABLE_ENTRY
527 {
528 union
529 {
530 PVOID Object;
531 UINT32 ObAttributes;
532 struct _HANDLE_TABLE_ENTRY * InfoTable;
533 UINT32 Value;
534 };
535 union
536 {
537 UINT32 GrantedAccess;
538 struct
539 {
540 USHORT GrantedAccessIndex;
541 USHORT CreatorBackTraceIndex;
542 };
543 INT32 NextFreeTableEntry;
544 };
545 } HANDLE_TABLE_ENTRY, * PHANDLE_TABLE_ENTRY;
546
547 typedef struct _HANDLE_TABLE
548 {
549 UINT32 TableCode;
550 PEPROCESS QuotaProcess;
551 PVOID UniqueProcessId;
552 EX_PUSH_LOCK HandleTableLock[ 4 ];
553 LIST_ENTRY HandleTableList;
554 EX_PUSH_LOCK HandleContentionEvent;
555 PHANDLE_TRACE_DEBUG_INFO DebugInfo;
556 UINT32 FirstFree;
557 UINT32 LastFree;
558 UINT32 NextHandleNeedingPool;
559 INT32 HandleCount;
560 UINT32 Flags; // bit0 - StrictFIFO
561 } HANDLE_TABLE, * PHANDLE_TABLE;
562
563 typedef struct _EPROCESS
564 {
565 KPROCESS Pcb;
566 EX_PUSH_LOCK ProcessLock;
567 LARGE_INTEGER CreateTime;
568 LARGE_INTEGER ExitTime;
569 EX_RUNDOWN_REF RundownProtect;
570 PVOID UniqueProcessId;
571 LIST_ENTRY ActiveProcessLinks;
572 UINT32 QuotaUsage[ 3 ];
573 UINT32 QuotaPeak[ 3 ];
574 UINT32 CommitCharge;
575 UINT32 PeakVirtualSize;
576 UINT32 VirtualSize;
577 LIST_ENTRY SessionProcessLinks;
578 PVOID DebugPort;
579 PVOID ExceptionPort;
580 PHANDLE_TABLE ObjectTable;
581 EX_FAST_REF Token;
582 FAST_MUTEX WorkingSetLock;
583 UINT32 WorkingSetPage;
584 FAST_MUTEX AddressCreationLock;
585 UINT32 HyperSpaceLock;
586 PETHREAD ForkInProgress;
587 UINT32 HardwareTrigger;
588 PVOID VadRoot;
589 PVOID VadHint;
590 PVOID CloneRoot;
591 UINT32 NumberOfPrivatePages;
592 UINT32 NumberOfLockedPages;
593 PVOID Win32Process;
594 PEJOB Job;
595 PVOID SectionObject;
596 PVOID SectionBaseAddress;
597 PEPROCESS_QUOTA_BLOCK QuotaBlock;
598 PPAGEFAULT_HISTORY WorkingSetWatch;
599 PVOID Win32WindowStation;
600 PVOID InheritedFromUniqueProcessId;
601 PVOID LdtInformation;
602 PVOID VadFreeHint;
603 PVOID VdmObjects;
604 PVOID DeviceMap;
605 LIST_ENTRY PhysicalVadList;
606 union
607 {
608 HARDWARE_PTE_X86 PageDirectoryPte;
609 UINT64 Filler;
610 };
611 PVOID Session;
612 UCHAR ImageFileName[ 16 ];
613 LIST_ENTRY JobLinks;
614 PVOID LockedPagesList;
615 LIST_ENTRY ThreadListHead;
616 PVOID SecurityPort;
617 PVOID PaeTop;
618 UINT32 ActiveThreads;
619 UINT32 GrantedAccess;
620 UINT32 DefaultHardErrorProcessing;
621 INT32 LastThreadExitStatus;
622 PPEB Peb;
623 EX_FAST_REF PrefetchTrace;
624 LARGE_INTEGER ReadOperationCount;
625 LARGE_INTEGER WriteOperationCount;
626 LARGE_INTEGER OtherOperationCount;
627 LARGE_INTEGER ReadTransferCount;
628 LARGE_INTEGER WriteTransferCount;
629 LARGE_INTEGER OtherTransferCount;
630 UINT32 CommitChargeLimit;
631 UINT32 CommitChargePeak;
632 PVOID AweInfo;
633 SE_AUDIT_PROCESS_CREATION_INFO SeAuditProcessCreationInfo;
634 MMSUPPORT Vm;
635 UINT32 LastFaultCount;
636 UINT32 ModifiedPageCount;
637 UINT32 NumberOfVads;
638 UINT32 JobStatus;
639 UINT32 Flags; // bit0 - CreateReported
640 // bit1 - NoDebugInherit
641 // bit2 - ProcessExiting
642 // bit3 - ProcessDelete
643 // bit4 - Wow64SplitPages
644 // bit5 - VmDeleted
645 // bit6 - OutswapEnabled
646 // bit7 - Outswapped
647 // bit8 - ForkFailed
648 // bit9 - HasPhysicalVad
649 // bit10-11 - AddressSpaceInitialized
650 // bit12 - SetTimerResolution
651 // bit13 - BreakOnTermination
652 // bit14 - SessionCreationUnderway
653 // bit15 - WriteWatch
654 // bit16 - ProcessInSession
655 // bit17 - OverrideAddressSpace
656 // bit18 - HasAddressSpace
657 // bit19 - LaunchPrefetched
658 // bit20 - InjectInpageErrors
659 // bit21 - VmTopDown
660 // bit22 - Unused3
661 // bit23 - Unused4
662 // bit24 - VdmAllowed
663 // bit25-29 - Unused
664 // bit30 - Unused1
665 // bit31 - Unused2
666 INT32 ExitStatus;
667 USHORT NextPageColor;
668 union
669 {
670 struct
671 {
672 UCHAR SubSystemMinorVersion;
673 UCHAR SubSystemMajorVersion;
674 };
675 USHORT SubSystemVersion;
676 };
677 UCHAR PriorityClass;
678 UCHAR WorkingSetAcquiredUnsafe;
679 UCHAR Unknow1;
680 UCHAR Unknow2;
681 UINT32 Cookie;
682 } EPROCESS, * PEPROCESS;
683
684 #endif
685
686 #endif
625
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
