Difference between revisions of "Techwiki:Win32k/W32PROCESS"
(→References) |
|||
| Line 42: | Line 42: | ||
===References=== | ===References=== | ||
* http://www.woodmann.com/forum/showthread.php?p=72755 | * http://www.woodmann.com/forum/showthread.php?p=72755 | ||
| − | * Windows Symbol files, userkdx.dll | + | * Windows Symbol files, userkdx.dll, !dso |
Revision as of 06:20, 2 June 2008
W32PROCESS from Windows XP
typedef struct _W32PROCESS
{
/* 0x000 */ PEPROCESS peProcess;
/* 0x004 */ DWORD Unknown;
/* 0x008 */ FLONG W32PF_flags;
/* 0x00C */ DWORD Unknown1[6];
/* 0x024 */ DWORD dwGdiHdlCnt; // Gdi handle count per process. Ref in NtUserGetGuiResources.
/* 0x028 */ DWORD dwUsrHdlCnt; // User handle count per process. " " "
/* 0x02C */ DWORD Unknown2[19];
} W32PROCESS, *PW32PROCESS;
W32P Flags:
#define W32PF_CONSOLEAPPLICATION 0x00000001 #define W32PF_FORCEOFFFEEDBACK 0x00000002 #define W32PF_STARTGLASS 0x00000004 #define W32PF_WOW 0x00000008 #define W32PF_READSCREENACCESSGRANTED 0x00000010 #define W32PF_INITIALIZED 0x00000020 #define W32PF_APPSTARTING 0x00000040 #define W32PF_WOW64 0x00000080 #define W32PF_ALLOWFOREGROUNDACTIVATE 0x00000100 #define W32PF_OWNDCCLEANUP 0x00000200 #define W32PF_SHOWSTARTGLASSCALLED 0x00000400 #define W32PF_FORCEBACKGROUNDPRIORITY 0x00000800 #define W32PF_TERMINATED 0x00001000 #define W32PF_CLASSESREGISTERED 0x00002000 #define W32PF_THREADCONNECTED 0x00004000 #define W32PF_PROCESSCONNECTED 0x00008000 #define W32PF_WAKEWOWEXEC 0x00010000 #define W32PF_WAITFORINPUTIDLE 0x00020000 #define W32PF_IOWINSTA 0x00040000 #define W32PF_CONSOLEFOREGROUND 0x00080000 #define W32PF_OLELOADED 0x00100000 #define W32PF_SCREENSAVER 0x00200000 #define W32PF_IDLESCREENSAVER 0x00400000
References
- http://www.woodmann.com/forum/showthread.php?p=72755
- Windows Symbol files, userkdx.dll, !dso
