/** * This file has no copyright assigned and is placed in the Public Domain. * This file is part of the mingw-w64 runtime package. * No warranty is given; refer to the file DISCLAIMER.PD within this package. */ #ifndef PROCESSSNAPSHOT_H #define PROCESSSNAPSHOT_H typedef enum { PSS_HANDLE_NONE = 0x00, PSS_HANDLE_HAVE_TYPE = 0x01, PSS_HANDLE_HAVE_NAME = 0x02, PSS_HANDLE_HAVE_BASIC_INFORMATION = 0x04, PSS_HANDLE_HAVE_TYPE_SPECIFIC_INFORMATION = 0x08 } PSS_HANDLE_FLAGS; DEFINE_ENUM_FLAG_OPERATORS(PSS_HANDLE_FLAGS); typedef enum { PSS_OBJECT_TYPE_UNKNOWN = 0, PSS_OBJECT_TYPE_PROCESS = 1, PSS_OBJECT_TYPE_THREAD = 2, PSS_OBJECT_TYPE_MUTANT = 3, PSS_OBJECT_TYPE_EVENT = 4, PSS_OBJECT_TYPE_SECTION = 5, PSS_OBJECT_TYPE_SEMAPHORE = 6 } PSS_OBJECT_TYPE; typedef enum { PSS_CAPTURE_NONE = 0x00000000, PSS_CAPTURE_VA_CLONE = 0x00000001, PSS_CAPTURE_RESERVED_00000002 = 0x00000002, PSS_CAPTURE_HANDLES = 0x00000004, PSS_CAPTURE_HANDLE_NAME_INFORMATION = 0x00000008, PSS_CAPTURE_HANDLE_BASIC_INFORMATION = 0x00000010, PSS_CAPTURE_HANDLE_TYPE_SPECIFIC_INFORMATION = 0x00000020, PSS_CAPTURE_HANDLE_TRACE = 0x00000040, PSS_CAPTURE_THREADS = 0x00000080, PSS_CAPTURE_THREAD_CONTEXT = 0x00000100, PSS_CAPTURE_THREAD_CONTEXT_EXTENDED = 0x00000200, PSS_CAPTURE_RESERVED_00000400 = 0x00000400, PSS_CAPTURE_VA_SPACE = 0x00000800, PSS_CAPTURE_VA_SPACE_SECTION_INFORMATION = 0x00001000, PSS_CAPTURE_IPT_TRACE = 0x00002000, PSS_CAPTURE_RESERVED_00004000 = 0x00004000, PSS_CREATE_BREAKAWAY_OPTIONAL = 0x04000000, PSS_CREATE_BREAKAWAY = 0x08000000, PSS_CREATE_FORCE_BREAKAWAY = 0x10000000, PSS_CREATE_USE_VM_ALLOCATIONS = 0x20000000, PSS_CREATE_MEASURE_PERFORMANCE = 0x40000000, PSS_CREATE_RELEASE_SECTION = 0x80000000 } PSS_CAPTURE_FLAGS; DEFINE_ENUM_FLAG_OPERATORS(PSS_CAPTURE_FLAGS); #define PSS_PERF_RESOLUTION 1000000 typedef enum { PSS_QUERY_PROCESS_INFORMATION = 0, PSS_QUERY_VA_CLONE_INFORMATION = 1, PSS_QUERY_AUXILIARY_PAGES_INFORMATION = 2, PSS_QUERY_VA_SPACE_INFORMATION = 3, PSS_QUERY_HANDLE_INFORMATION = 4, PSS_QUERY_THREAD_INFORMATION = 5, PSS_QUERY_HANDLE_TRACE_INFORMATION = 6, PSS_QUERY_PERFORMANCE_COUNTERS = 7 } PSS_QUERY_INFORMATION_CLASS; typedef enum { PSS_WALK_AUXILIARY_PAGES = 0, PSS_WALK_VA_SPACE = 1, PSS_WALK_HANDLES = 2, PSS_WALK_THREADS = 3 } PSS_WALK_INFORMATION_CLASS; typedef enum { PSS_DUPLICATE_NONE = 0x00, PSS_DUPLICATE_CLOSE_SOURCE = 0x01 } PSS_DUPLICATE_FLAGS; DEFINE_ENUM_FLAG_OPERATORS(PSS_DUPLICATE_FLAGS); DECLARE_HANDLE(HPSS); DECLARE_HANDLE(HPSSWALK); typedef enum { PSS_PROCESS_FLAGS_NONE = 0x00000000, PSS_PROCESS_FLAGS_PROTECTED = 0x00000001, PSS_PROCESS_FLAGS_WOW64 = 0x00000002, PSS_PROCESS_FLAGS_RESERVED_03 = 0x00000004, PSS_PROCESS_FLAGS_RESERVED_04 = 0x00000008, PSS_PROCESS_FLAGS_FROZEN = 0x00000010 } PSS_PROCESS_FLAGS; DEFINE_ENUM_FLAG_OPERATORS(PSS_PROCESS_FLAGS); typedef struct { DWORD ExitStatus; void *PebBaseAddress; ULONG_PTR AffinityMask; LONG BasePriority; DWORD ProcessId; DWORD ParentProcessId; PSS_PROCESS_FLAGS Flags; FILETIME CreateTime; FILETIME ExitTime; FILETIME KernelTime; FILETIME UserTime; DWORD PriorityClass; ULONG_PTR PeakVirtualSize; ULONG_PTR VirtualSize; DWORD PageFaultCount; ULONG_PTR PeakWorkingSetSize; ULONG_PTR WorkingSetSize; ULONG_PTR QuotaPeakPagedPoolUsage; ULONG_PTR QuotaPagedPoolUsage; ULONG_PTR QuotaPeakNonPagedPoolUsage; ULONG_PTR QuotaNonPagedPoolUsage; ULONG_PTR PagefileUsage; ULONG_PTR PeakPagefileUsage; ULONG_PTR PrivateUsage; DWORD ExecuteFlags; wchar_t ImageFileName[MAX_PATH]; } PSS_PROCESS_INFORMATION; typedef struct { HANDLE VaCloneHandle; } PSS_VA_CLONE_INFORMATION; typedef struct { DWORD AuxPagesCaptured; } PSS_AUXILIARY_PAGES_INFORMATION; typedef struct { DWORD RegionCount; } PSS_VA_SPACE_INFORMATION; typedef struct { DWORD HandlesCaptured; } PSS_HANDLE_INFORMATION; typedef struct { DWORD ThreadsCaptured; DWORD ContextLength; } PSS_THREAD_INFORMATION; typedef struct { HANDLE SectionHandle; DWORD Size; } PSS_HANDLE_TRACE_INFORMATION; typedef struct { UINT64 TotalCycleCount; UINT64 TotalWallClockPeriod; UINT64 VaCloneCycleCount; UINT64 VaCloneWallClockPeriod; UINT64 VaSpaceCycleCount; UINT64 VaSpaceWallClockPeriod; UINT64 AuxPagesCycleCount; UINT64 AuxPagesWallClockPeriod; UINT64 HandlesCycleCount; UINT64 HandlesWallClockPeriod; UINT64 ThreadsCycleCount; UINT64 ThreadsWallClockPeriod; } PSS_PERFORMANCE_COUNTERS; typedef struct { void *Address; MEMORY_BASIC_INFORMATION BasicInformation; FILETIME CaptureTime; void *PageContents; DWORD PageSize; } PSS_AUXILIARY_PAGE_ENTRY; typedef struct { void *BaseAddress; void *AllocationBase; DWORD AllocationProtect; ULONG_PTR RegionSize; DWORD State; DWORD Protect; DWORD Type; DWORD TimeDateStamp; DWORD SizeOfImage; void *ImageBase; DWORD CheckSum; WORD MappedFileNameLength; wchar_t const *MappedFileName; } PSS_VA_SPACE_ENTRY; typedef struct { HANDLE Handle; PSS_HANDLE_FLAGS Flags; PSS_OBJECT_TYPE ObjectType; FILETIME CaptureTime; DWORD Attributes; DWORD GrantedAccess; DWORD HandleCount; DWORD PointerCount; DWORD PagedPoolCharge; DWORD NonPagedPoolCharge; FILETIME CreationTime; WORD TypeNameLength; wchar_t const *TypeName; WORD ObjectNameLength; wchar_t const *ObjectName; union { struct { DWORD ExitStatus; void *PebBaseAddress; ULONG_PTR AffinityMask; LONG BasePriority; DWORD ProcessId; DWORD ParentProcessId; DWORD Flags; } Process; struct { DWORD ExitStatus; void *TebBaseAddress; DWORD ProcessId; DWORD ThreadId; ULONG_PTR AffinityMask; int Priority; int BasePriority; void *Win32StartAddress; } Thread; struct { LONG CurrentCount; WINBOOL Abandoned; DWORD OwnerProcessId; DWORD OwnerThreadId; } Mutant; struct { WINBOOL ManualReset; WINBOOL Signaled; } Event; struct { void *BaseAddress; DWORD AllocationAttributes; LARGE_INTEGER MaximumSize; } Section; struct { LONG CurrentCount; LONG MaximumCount; } Semaphore; } TypeSpecificInformation; } PSS_HANDLE_ENTRY; typedef enum { PSS_THREAD_FLAGS_NONE = 0x0000, PSS_THREAD_FLAGS_TERMINATED = 0x0001 } PSS_THREAD_FLAGS; DEFINE_ENUM_FLAG_OPERATORS(PSS_THREAD_FLAGS); typedef struct { DWORD ExitStatus; void *TebBaseAddress; DWORD ProcessId; DWORD ThreadId; ULONG_PTR AffinityMask; int Priority; int BasePriority; void *LastSyscallFirstArgument; WORD LastSyscallNumber; FILETIME CreateTime; FILETIME ExitTime; FILETIME KernelTime; FILETIME UserTime; void *Win32StartAddress; FILETIME CaptureTime; PSS_THREAD_FLAGS Flags; WORD SuspendCount; WORD SizeOfContextRecord; PCONTEXT ContextRecord; } PSS_THREAD_ENTRY; typedef struct { void *Context; void *(WINAPI *AllocRoutine)(void *context, DWORD size); void (WINAPI *FreeRoutine)(void *context, void *address); } PSS_ALLOCATOR; #include #if WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_APP) #if (NTDDI_VERSION >= NTDDI_WIN8) STDAPI_(DWORD) PssCaptureSnapshot(HANDLE ProcessHandle, PSS_CAPTURE_FLAGS CaptureFlags, DWORD ThreadContextFlags, HPSS *SnapshotHandle); STDAPI_(DWORD) PssFreeSnapshot(HANDLE ProcessHandle, HPSS SnapshotHandle); STDAPI_(DWORD) PssQuerySnapshot(HPSS SnapshotHandle, PSS_QUERY_INFORMATION_CLASS InformationClass, void *Buffer, DWORD BufferLength); STDAPI_(DWORD) PssWalkSnapshot(HPSS SnapshotHandle, PSS_WALK_INFORMATION_CLASS InformationClass, HPSSWALK WalkMarkerHandle, void *Buffer, DWORD BufferLength); STDAPI_(DWORD) PssDuplicateSnapshot(HANDLE SourceProcessHandle, HPSS SnapshotHandle, HANDLE TargetProcessHandle, HPSS *TargetSnapshotHandle, PSS_DUPLICATE_FLAGS Flags); STDAPI_(DWORD) PssWalkMarkerCreate(PSS_ALLOCATOR const *Allocator, HPSSWALK *WalkMarkerHandle); STDAPI_(DWORD) PssWalkMarkerFree(HPSSWALK WalkMarkerHandle); STDAPI_(DWORD) PssWalkMarkerGetPosition(HPSSWALK WalkMarkerHandle, ULONG_PTR *Position); STDAPI_(DWORD) PssWalkMarkerSetPosition(HPSSWALK WalkMarkerHandle, ULONG_PTR Position); STDAPI_(DWORD) PssWalkMarkerSeekToBeginning(HPSSWALK WalkMarkerHandle); #endif /* (NTDDI_VERSION >= NTDDI_WIN8) */ #endif /* WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_APP) */ #endif /* PROCESSSNAPSHOT_H */