Techwiki:Win32k/W32PROCESS
W32PROCESS from Windows XP
typedef struct _W32PROCESS
{
/* 0x000 */ PEPROCESS peProcess;
/* 0x004 */ DWORD RefCount;
/* 0x008 */ FLONG W32PF_flags;
/* 0x00C */ DWORD InputIdleEvent;
/* 0x010 */ DWORD StartCursorHideTime;
/* 0x014 */ DWORD NextStart;
/* 0x018 */ PVOID pDCAttrList;
/* 0x01c */ PVOID pBrushAttrList;
/* 0x020 */ DWORD W32Pid;
/* 0x024 */ DWORD GDIHandleCount; // Gdi handle count per process. Ref in NtUserGetGuiResources.
/* 0x028 */ DWORD UserHandleCount; // User handle count per process. " " "
/* 0x02C */ DWORD SimpleLock; // Locking Process during access to structure.
/* 0x030 */ PVOID pvAvlTable; // Pointer to AVL Table.
/* 0x034 */ DWORD Unknown2[17];
} W32PROCESS, *PW32PROCESS;
W32P Flags:
#define W32PF_CONSOLEAPPLICATION 0x00000001 #define W32PF_FORCEOFFFEEDBACK 0x00000002 #define W32PF_STARTGLASS 0x00000004 #define W32PF_WOW 0x00000008 #define W32PF_READSCREENACCESSGRANTED 0x00000010 #define W32PF_INITIALIZED 0x00000020 #define W32PF_APPSTARTING 0x00000040 #define W32PF_WOW64 0x00000080 #define W32PF_ALLOWFOREGROUNDACTIVATE 0x00000100 #define W32PF_OWNDCCLEANUP 0x00000200 #define W32PF_SHOWSTARTGLASSCALLED 0x00000400 #define W32PF_FORCEBACKGROUNDPRIORITY 0x00000800 #define W32PF_TERMINATED 0x00001000 #define W32PF_CLASSESREGISTERED 0x00002000 #define W32PF_THREADCONNECTED 0x00004000 #define W32PF_PROCESSCONNECTED 0x00008000 #define W32PF_WAKEWOWEXEC 0x00010000 #define W32PF_WAITFORINPUTIDLE 0x00020000 #define W32PF_IOWINSTA 0x00040000 #define W32PF_CONSOLEFOREGROUND 0x00080000 #define W32PF_OLELOADED 0x00100000 #define W32PF_SCREENSAVER 0x00200000 #define W32PF_IDLESCREENSAVER 0x00400000
References
- http://www.woodmann.com/forum/showthread.php?p=72755
- Windows Symbol files, userkdx.dll, !dso
