TimerMiscFlags

While introducing the TimerControlFlags at offset 0x01 in the DISPATCHER_HEADER for Timer objects, Windows 7 also made bit fields at offset 0x03, where there had been a boolean Inserted since version 4.0:

Mask (x86) Mask (x64) Definition Versions
0x01   
UCHAR Index: 1;
 6.1 and higher
  0x3F 
UCHAR Index: 6;
 6.1 and higher
0x3E   
UCHAR Processor : 5;
 6.1 and higher
0x40 
UCHAR Inserted : 1;
 6.1 and higher
0x80 
UCHAR volatile Expired : 1;
 6.1 and higher

In Microsoft’s C-language definition in WDM.H, the Processor member is explicitly x86-specific in version 6.1. Starting with the Windows Driver Kit (WDK) for Windows 8, the presence of Processor in the header is instead determined by the macro KENCODED_TIMER_PROCESSOR, which is defined only for x86 builds. Either way, the Processor is squeezed into the header for x86 builds because there is no space for it elsewhere in the KTIMER, whose size is fixed for compatibility reasons. The x64 builds have it deeper into the KTIMER, in four bytes of otherwise unused space left by the alignment requirements of 8-byte pointers.

This page was created on 7th October 2017 from material that was first published on 20th June 2016. It was last modified on 27th November 2020.

Copyright © 2016-2020. Geoff Chappell. All rights reserved. Conditions apply.