Geoff Chappell - Software Analyst
A second set of ULONG bit fields was introduced to the EPROCESS for Windows Vista:
| Mask | Definition | Versions | Remarks |
|---|---|---|---|
| 0x00000001 |
ULONG JobNotReallyActive : 1; |
6.0 and higher | |
| 0x00000002 |
ULONG AccountingFolded : 1; |
6.0 and higher | |
| 0x00000004 |
ULONG NewProcessReported : 1; |
6.0 and higher | |
| 0x00000008 |
ULONG ExitProcessReported : 1; |
6.0 and higher | |
| 0x00000010 |
ULONG ReportCommitChanges : 1; |
6.0 and higher | |
| 0x00000020 |
ULONG LastReportMemory : 1; |
6.0 and higher | |
| 0x00000040 |
ULONG ReportPhysicalPageChanges : 1; |
6.0 to 6.1 | |
ULONG NoWakeCharge : 1; |
6.2 only | ||
ULONG ForceWakeCharge : 1; |
6.3 and higher | ||
| 0x00000080 |
ULONG HandleTableRundown : 1; |
6.0 to 6.2 | |
ULONG CrossSessionCreate : 1; |
6.3 and higher | ||
| 0x00000100 |
ULONG NeedsHandleRundown : 1; |
6.0 and higher | |
| 0x00000200 |
ULONG RefTraceEnabled : 1; |
6.0 and higher | |
| 0x00000400 |
ULONG NumaAware : 1; |
6.0 to 6.2 | |
ULONG DisableDynamicCode : 1; |
6.3 to 1703 | next in MitigationFlags | |
ULONG PicoCreated : 1; |
1709 and higher | previously in Flags4 | |
| 0x00000800 |
ULONG ProtectedProcess : 1; |
6.0 to 6.1 | |
ULONG EmptyJobEvaluated : 1; |
6.2 and higher | ||
| 0x00007000 |
ULONG DefaultPagePriority : 3; |
6.0 and higher | |
| 0x00008000 |
ULONG PrimaryTokenFrozen : 1; |
6.0 and higher | |
| 0x00010000 |
ULONG ProcessVerifierTarget : 1; |
6.0 and higher | |
| 0x00020000 |
ULONG StackRandomizationDisabled : 1; |
6.0 to 1703 | next in MitigationFlags |
ULONG RestrictSetThreadContext : 1; |
1709 and higher | previously in Flags4 | |
| 0x00040000 |
ULONG AffinityPermanent : 1; |
late 6.0 and higher | |
| 0x00080000 |
ULONG AffinityUpdateEnable : 1; |
late 6.0 and higher | |
| 0x00100000 |
ULONG CrossSessionCreate : 1; |
late 6.0 only | |
ULONG PropagateNode : 1; |
6.1 and higher | ||
| 0x00200000 |
ULONG ExplicitAffinity; |
6.1 and higher | |
| 0x00C00000 |
ULONG ProcessExecutionState : 2; |
6.2 and higher | |
| 0x01000000 |
ULONG DisallowStrippedImages : 1; |
6.2 to 1703 | next in MitigationFlags |
ULONG EnableReadVmLogging : 1; |
1709 and higher | ||
| 0x02000000 |
ULONG HighEntropyASLREnabled : 1; |
6.2 to 1703 | next in MitigationFlags |
ULONG EnableWriteVmLogging : 1; |
1709 and higher | ||
| 0x04000000 |
ULONG ExtensionPointDisable : 1; |
6.2 to 1703 | next in MitigationFlags |
ULONG FatalAccessTerminationRequested : 1; |
1709 and higher | ||
| 0x08000000 |
ULONG ForceRelocateImages : 1; |
6.2 to 1703 | next in MitigationFlags |
ULONG DisableSystemAllowedCpuSet : 1; |
1709 and higher | previously in Flags3 | |
| 0x30000000 |
ULONG ProcessStateChangeRequest : 2; |
6.2 and higher | |
| 0x40000000 |
ULONG ProcessStateChangeInProgress : 1; |
6.2 and higher | |
| 0x80000000 |
ULONG DisallowWin32kSystemCalls; |
6.2 to 1703 | next in MitigationFlags |
ULONG InPrivate : 1; |
1709 and higher | previously in Flags3 |