Difference between revisions of "Techwiki:Win32k/W32PROCESS"
(15 intermediate revisions by 2 users not shown) | |||
Line 1: | Line 1: | ||
W32PROCESS from Windows XP | W32PROCESS from Windows XP | ||
− | + | <source lang="c"> | |
typedef struct _W32PROCESS | typedef struct _W32PROCESS | ||
{ | { | ||
− | /* 0x000 */ PEPROCESS peProcess; | + | /* 0x000 */ PEPROCESS peProcess; |
− | /* 0x004 */ DWORD | + | /* 0x004 */ DWORD RefCount; |
− | /* 0x008 */ FLONG | + | /* 0x008 */ FLONG W32PF_flags; |
− | /* 0x00C */ DWORD | + | /* 0x00C */ PKEVENT InputIdleEvent; |
− | /* 0x024 */ DWORD | + | /* 0x010 */ DWORD StartCursorHideTime; |
− | /* 0x028 */ DWORD | + | /* 0x014 */ PW32PROCESS NextStart; |
− | /* 0x02C */ | + | /* 0x018 */ PVOID pDCAttrList; |
+ | /* 0x01c */ PVOID pBrushAttrList; | ||
+ | /* 0x020 */ DWORD W32Pid; | ||
+ | /* 0x024 */ DWORD GDIHandleCount; // Gdi handle count per process. Ref in NtUserGetGuiResources. | ||
+ | /* 0x028 */ DWORD UserHandleCount; // User handle count per process. " " " | ||
+ | /* 0x02C */ PEX_PUSH_LOCK GDIPushLock; // Locking Process during access to structure. | ||
+ | /* 0x030 */ RTL_AVL_TABLE GDIEngUserMemAllocTable; // Process AVL Table. | ||
+ | /* 0x068 */ LIST_ENTRY GDIDcAttrFreeList; // Tag 'Gdcf' size 44 bytes. HmgAllocateDcAttr | ||
+ | /* 0x070 */ LIST_ENTRY GDIBrushAttrFreeList; // Tag 'Gbaf' size 0x2B4 bytes. HmgAllocateObjectAttr | ||
} W32PROCESS, *PW32PROCESS; | } W32PROCESS, *PW32PROCESS; | ||
− | + | ||
− | + | // W32P Flags: | |
− | W32P Flags: | ||
− | |||
#define W32PF_CONSOLEAPPLICATION 0x00000001 | #define W32PF_CONSOLEAPPLICATION 0x00000001 | ||
#define W32PF_FORCEOFFFEEDBACK 0x00000002 | #define W32PF_FORCEOFFFEEDBACK 0x00000002 | ||
Line 38: | Line 44: | ||
#define W32PF_SCREENSAVER 0x00200000 | #define W32PF_SCREENSAVER 0x00200000 | ||
#define W32PF_IDLESCREENSAVER 0x00400000 | #define W32PF_IDLESCREENSAVER 0x00400000 | ||
− | + | #define W32PF_ICONTITLEREGISTERED 0x10000000 | |
+ | #define W32PF_DPIAWARE 0x20000000 | ||
+ | #define W32PF_INTEGRITYLEVEL 0x80000000 | ||
+ | </source> | ||
===References=== | ===References=== | ||
* http://www.woodmann.com/forum/showthread.php?p=72755 | * http://www.woodmann.com/forum/showthread.php?p=72755 | ||
− | * Windows Symbol files, userkdx.dll | + | * Windows Symbol files, userkdx.dll, !dso |
Latest revision as of 00:32, 15 October 2010
W32PROCESS from Windows XP
typedef struct _W32PROCESS
{
/* 0x000 */ PEPROCESS peProcess;
/* 0x004 */ DWORD RefCount;
/* 0x008 */ FLONG W32PF_flags;
/* 0x00C */ PKEVENT InputIdleEvent;
/* 0x010 */ DWORD StartCursorHideTime;
/* 0x014 */ PW32PROCESS NextStart;
/* 0x018 */ PVOID pDCAttrList;
/* 0x01c */ PVOID pBrushAttrList;
/* 0x020 */ DWORD W32Pid;
/* 0x024 */ DWORD GDIHandleCount; // Gdi handle count per process. Ref in NtUserGetGuiResources.
/* 0x028 */ DWORD UserHandleCount; // User handle count per process. " " "
/* 0x02C */ PEX_PUSH_LOCK GDIPushLock; // Locking Process during access to structure.
/* 0x030 */ RTL_AVL_TABLE GDIEngUserMemAllocTable; // Process AVL Table.
/* 0x068 */ LIST_ENTRY GDIDcAttrFreeList; // Tag 'Gdcf' size 44 bytes. HmgAllocateDcAttr
/* 0x070 */ LIST_ENTRY GDIBrushAttrFreeList; // Tag 'Gbaf' size 0x2B4 bytes. HmgAllocateObjectAttr
} W32PROCESS, *PW32PROCESS;
// W32P Flags:
#define W32PF_CONSOLEAPPLICATION 0x00000001
#define W32PF_FORCEOFFFEEDBACK 0x00000002
#define W32PF_STARTGLASS 0x00000004
#define W32PF_WOW 0x00000008
#define W32PF_READSCREENACCESSGRANTED 0x00000010
#define W32PF_INITIALIZED 0x00000020
#define W32PF_APPSTARTING 0x00000040
#define W32PF_WOW64 0x00000080
#define W32PF_ALLOWFOREGROUNDACTIVATE 0x00000100
#define W32PF_OWNDCCLEANUP 0x00000200
#define W32PF_SHOWSTARTGLASSCALLED 0x00000400
#define W32PF_FORCEBACKGROUNDPRIORITY 0x00000800
#define W32PF_TERMINATED 0x00001000
#define W32PF_CLASSESREGISTERED 0x00002000
#define W32PF_THREADCONNECTED 0x00004000
#define W32PF_PROCESSCONNECTED 0x00008000
#define W32PF_WAKEWOWEXEC 0x00010000
#define W32PF_WAITFORINPUTIDLE 0x00020000
#define W32PF_IOWINSTA 0x00040000
#define W32PF_CONSOLEFOREGROUND 0x00080000
#define W32PF_OLELOADED 0x00100000
#define W32PF_SCREENSAVER 0x00200000
#define W32PF_IDLESCREENSAVER 0x00400000
#define W32PF_ICONTITLEREGISTERED 0x10000000
#define W32PF_DPIAWARE 0x20000000
#define W32PF_INTEGRITYLEVEL 0x80000000
References
- http://www.woodmann.com/forum/showthread.php?p=72755
- Windows Symbol files, userkdx.dll, !dso