| /* |
| * Copyright (c) 2009, Jay Loden, Giampaolo Rodola'. All rights reserved. |
| * Use of this source code is governed by a BSD-style license that can be |
| * found in the LICENSE file. |
| */ |
| #if !defined(__NTEXTAPI_H__) |
| #define __NTEXTAPI_H__ |
| #include <winternl.h> |
| |
| typedef enum _KTHREAD_STATE { |
| Initialized, |
| Ready, |
| Running, |
| Standby, |
| Terminated, |
| Waiting, |
| Transition, |
| DeferredReady, |
| GateWait, |
| MaximumThreadState |
| } KTHREAD_STATE, *PKTHREAD_STATE; |
| |
| typedef enum _KWAIT_REASON { |
| Executive = 0, |
| FreePage = 1, |
| PageIn = 2, |
| PoolAllocation = 3, |
| DelayExecution = 4, |
| Suspended = 5, |
| UserRequest = 6, |
| WrExecutive = 7, |
| WrFreePage = 8, |
| WrPageIn = 9, |
| WrPoolAllocation = 10, |
| WrDelayExecution = 11, |
| WrSuspended = 12, |
| WrUserRequest = 13, |
| WrEventPair = 14, |
| WrQueue = 15, |
| WrLpcReceive = 16, |
| WrLpcReply = 17, |
| WrVirtualMemory = 18, |
| WrPageOut = 19, |
| WrRendezvous = 20, |
| Spare2 = 21, |
| Spare3 = 22, |
| Spare4 = 23, |
| Spare5 = 24, |
| WrCalloutStack = 25, |
| WrKernel = 26, |
| WrResource = 27, |
| WrPushLock = 28, |
| WrMutex = 29, |
| WrQuantumEnd = 30, |
| WrDispatchInt = 31, |
| WrPreempted = 32, |
| WrYieldExecution = 33, |
| WrFastMutex = 34, |
| WrGuardedMutex = 35, |
| WrRundown = 36, |
| MaximumWaitReason = 37 |
| } KWAIT_REASON, *PKWAIT_REASON; |
| |
| typedef struct _CLIENT_ID { |
| HANDLE UniqueProcess; |
| HANDLE UniqueThread; |
| } CLIENT_ID, *PCLIENT_ID; |
| |
| typedef struct _SYSTEM_THREAD_INFORMATION { |
| LARGE_INTEGER KernelTime; |
| LARGE_INTEGER UserTime; |
| LARGE_INTEGER CreateTime; |
| ULONG WaitTime; |
| PVOID StartAddress; |
| CLIENT_ID ClientId; |
| LONG Priority; |
| LONG BasePriority; |
| ULONG ContextSwitches; |
| ULONG ThreadState; |
| KWAIT_REASON WaitReason; |
| } SYSTEM_THREAD_INFORMATION, *PSYSTEM_THREAD_INFORMATION; |
| |
| typedef struct _TEB *PTEB; |
| |
| // private |
| typedef struct _SYSTEM_EXTENDED_THREAD_INFORMATION { |
| SYSTEM_THREAD_INFORMATION ThreadInfo; |
| PVOID StackBase; |
| PVOID StackLimit; |
| PVOID Win32StartAddress; |
| PTEB TebBase; |
| ULONG_PTR Reserved2; |
| ULONG_PTR Reserved3; |
| ULONG_PTR Reserved4; |
| } SYSTEM_EXTENDED_THREAD_INFORMATION, *PSYSTEM_EXTENDED_THREAD_INFORMATION; |
| |
| typedef struct _SYSTEM_PROCESS_INFORMATION2 { |
| ULONG NextEntryOffset; |
| ULONG NumberOfThreads; |
| LARGE_INTEGER SpareLi1; |
| LARGE_INTEGER SpareLi2; |
| LARGE_INTEGER SpareLi3; |
| LARGE_INTEGER CreateTime; |
| LARGE_INTEGER UserTime; |
| LARGE_INTEGER KernelTime; |
| UNICODE_STRING ImageName; |
| LONG BasePriority; |
| HANDLE UniqueProcessId; |
| HANDLE InheritedFromUniqueProcessId; |
| ULONG HandleCount; |
| ULONG SessionId; |
| ULONG_PTR PageDirectoryBase; |
| SIZE_T PeakVirtualSize; |
| SIZE_T VirtualSize; |
| DWORD PageFaultCount; |
| SIZE_T PeakWorkingSetSize; |
| SIZE_T WorkingSetSize; |
| SIZE_T QuotaPeakPagedPoolUsage; |
| SIZE_T QuotaPagedPoolUsage; |
| SIZE_T QuotaPeakNonPagedPoolUsage; |
| SIZE_T QuotaNonPagedPoolUsage; |
| SIZE_T PagefileUsage; |
| SIZE_T PeakPagefileUsage; |
| SIZE_T PrivatePageCount; |
| LARGE_INTEGER ReadOperationCount; |
| LARGE_INTEGER WriteOperationCount; |
| LARGE_INTEGER OtherOperationCount; |
| LARGE_INTEGER ReadTransferCount; |
| LARGE_INTEGER WriteTransferCount; |
| LARGE_INTEGER OtherTransferCount; |
| SYSTEM_THREAD_INFORMATION Threads[1]; |
| } SYSTEM_PROCESS_INFORMATION2, *PSYSTEM_PROCESS_INFORMATION2; |
| |
| #define SYSTEM_PROCESS_INFORMATION SYSTEM_PROCESS_INFORMATION2 |
| #define PSYSTEM_PROCESS_INFORMATION PSYSTEM_PROCESS_INFORMATION2 |
| |
| |
| // ================================================ |
| // psutil.users() support |
| // ================================================ |
| |
| typedef struct _WINSTATION_INFO { |
| BYTE Reserved1[72]; |
| ULONG SessionId; |
| BYTE Reserved2[4]; |
| FILETIME ConnectTime; |
| FILETIME DisconnectTime; |
| FILETIME LastInputTime; |
| FILETIME LoginTime; |
| BYTE Reserved3[1096]; |
| FILETIME CurrentTime; |
| } WINSTATION_INFO, *PWINSTATION_INFO; |
| |
| typedef BOOLEAN (WINAPI * PWINSTATIONQUERYINFORMATIONW) |
| (HANDLE,ULONG,WINSTATIONINFOCLASS,PVOID,ULONG,PULONG); |
| |
| |
| /* |
| * NtQueryInformationProcess code taken from |
| * http://wj32.wordpress.com/2009/01/24/howto-get-the-command-line-of-processes/ |
| * typedefs needed to compile against ntdll functions not exposted in the API |
| */ |
| typedef LONG NTSTATUS; |
| |
| typedef NTSTATUS (NTAPI *_NtQueryInformationProcess)( |
| HANDLE ProcessHandle, |
| DWORD ProcessInformationClass, |
| PVOID ProcessInformation, |
| DWORD ProcessInformationLength, |
| PDWORD ReturnLength |
| ); |
| |
| typedef NTSTATUS (NTAPI *_NtSetInformationProcess)( |
| HANDLE ProcessHandle, |
| DWORD ProcessInformationClass, |
| PVOID ProcessInformation, |
| DWORD ProcessInformationLength |
| ); |
| |
| |
| typedef enum _PROCESSINFOCLASS2 { |
| _ProcessBasicInformation, |
| ProcessQuotaLimits, |
| ProcessIoCounters, |
| ProcessVmCounters, |
| ProcessTimes, |
| ProcessBasePriority, |
| ProcessRaisePriority, |
| ProcessDebugPort, |
| ProcessExceptionPort, |
| ProcessAccessToken, |
| ProcessLdtInformation, |
| ProcessLdtSize, |
| ProcessDefaultHardErrorMode, |
| ProcessIoPortHandlers, |
| ProcessPooledUsageAndLimits, |
| ProcessWorkingSetWatch, |
| ProcessUserModeIOPL, |
| ProcessEnableAlignmentFaultFixup, |
| ProcessPriorityClass, |
| ProcessWx86Information, |
| ProcessHandleCount, |
| ProcessAffinityMask, |
| ProcessPriorityBoost, |
| ProcessDeviceMap, |
| ProcessSessionInformation, |
| ProcessForegroundInformation, |
| _ProcessWow64Information, |
| /* added after XP+ */ |
| ProcessImageFileName, |
| ProcessLUIDDeviceMapsEnabled, |
| ProcessBreakOnTermination, |
| ProcessDebugObjectHandle, |
| ProcessDebugFlags, |
| ProcessHandleTracing, |
| ProcessIoPriority, |
| ProcessExecuteFlags, |
| ProcessResourceManagement, |
| ProcessCookie, |
| ProcessImageInformation, |
| MaxProcessInfoClass |
| } PROCESSINFOCLASS2; |
| |
| #define PROCESSINFOCLASS PROCESSINFOCLASS2 |
| #define ProcessBasicInformation _ProcessBasicInformation |
| #define ProcessWow64Information _ProcessWow64Information |
| |
| #endif // __NTEXTAPI_H__ |