Process Hacker Discussion Forum

 
440bx
Member
Posts: 65
Joined: 02 Jul 2021 23:33

_KEY_VALUE_LAYER_INFORMATION definition

23 Oct 2021 03:30

ntregapi.h shows the definition of _KEY_VALUE_LAYER_INFORMATION to be:
typedef struct _KEY_VALUE_LAYER_INFORMATION
{
    ULONG IsTombstone;
    ULONG Reserved;
} KEY_VALUE_LAYER_INFORMATION, *PKEY_VALUE_LAYER_INFORMATION;
but the definition in wdm.h shows it to be :
typedef struct _KEY_VALUE_LAYER_INFORMATION {
    ULONG   IsTombstone     : 1;
    ULONG   Reserved        : 31;
} KEY_VALUE_LAYER_INFORMATION, *PKEY_VALUE_LAYER_INFORMATION;
the bit field sizes for this struct are missing in ntregapi.h
 
440bx
Member
Posts: 65
Joined: 02 Jul 2021 23:33

_PROCESS_LOGGING_INFORMATION definition

23 Oct 2021 03:49

the definition of _PROCESS_LOGGING_INFORMATION in ntpsapi.h is as follows:
typedef struct _PROCESS_LOGGING_INFORMATION
{
    ULONG Flags;
    struct
    {
        ULONG EnableReadVmLogging : 1;
        ULONG EnableWriteVmLogging : 1;
        ULONG EnableProcessSuspendResumeLogging : 1;
        ULONG EnableThreadSuspendResumeLogging : 1;
        ULONG Reserved : 28;
    };
} PROCESS_LOGGING_INFORMATION, *PPROCESS_LOGGING_INFORMATION;
Aren't the bitfields a breakdown of the Flags member ?. if they are then the definition should be a union (or a struct containing a union)

Answer to that question will definitely be appreciated.
 
User avatar
dmex
Admin
Posts: 1695
Joined: 17 Jan 2011 05:43

Re: _KEY_VALUE_LAYER_INFORMATION definition

27 Oct 2021 12:37

Fixed.