Geoff Chappell - Software Analyst
The public symbol file NTKRPAMP.PDB for the original release of Windows 10 tells that the kernel is built with the NTEXAPI_X.H header at
d:\th.public.fre\internal\sdk\inc
and draws from it the type definitions that are tabulated below. The header NTEXAPI_X.H is not known in any Device Driver Kit (DDK) or Windows Driver Kit (WDK).
| Line Number | Type |
|---|---|
| 251 | enum _PROCESSOR_CACHE_TYPE |
| 260 | struct _CACHE_DESCRIPTOR |
| 462 | enum _ALTERNATIVE_ARCHITECTURE_TYPE |
| 567 | struct _XSTATE_FEATURE |
| 572 | struct _XSTATE_CONFIGURATION |
| 698 | struct _KUSER_SHARED_DATA |
Though only six of the types that are defined in NTEXAPI_X.H show in the public symbol files for the kernel, many more show in symbol files for other modules. Some of these others are kernel-mode drivers, especially for processor power management. Some are user-mode DLLs. Among these are some that are very far removed from system programming, e.g., URLMON.DLL from Internet Explorer. Though the symbol files in question are private symbol files, Microsoft has published them freely in downloadable packages of all the public symbol files for all of Windows, starting with Windows 8. If inclusion of these unusually detailed symbol files in these packages was at first an oversight, it has been left to stand for nearly a decade, though not for all modules. For instance, it ceased for URLMON.DLL after the 1709 edition of Windows 10.
For the record, here are the types that Microsoft’s freely published URLMON.PDB reveals were accessible to the source code for URLMON.DLL from including NTEXAPI_X.H when building for the original release of 32-bit Windows 10:
| Line Number | Type |
|---|---|
| 43 | struct _VARIABLE_NAME |
| 49 | struct _VARIABLE_NAME_AND_VALUE |
| 79 | enum _SYSTEM_FIRMWARE_TABLE_ACTION |
| 84 | struct _SYSTEM_FIRMWARE_TABLE_INFORMATION |
| 98 | struct _SYSTEM_FIRMWARE_TABLE_HANDLER |
| 174 | enum _TIMER_SET_INFORMATION_CLASS |
| 181 | struct _TIMER_SET_COALESCABLE_TIMER_INFO |
| 211 | struct _DRIVER_VERIFIER_THUNK_PAIRS |
| 462 | enum _ALTERNATIVE_ARCHITECTURE_TYPE |
| 567 | struct _XSTATE_FEATURE |
| 572 | struct _XSTATE_CONFIGURATION |
| 698 | struct _KUSER_SHARED_DATA |
| 1276 | enum _SYSTEM_NET_RATE_CONTROL_TYPE |
| 1281 | struct _SYSTEM_NET_RATE_CONTROL_CONTEXT_HEADER |
| 1291 | struct _SYSTEM_NET_RATE_CONTROL_SET_CONTEXT |
| 1314 | struct _SYSTEM_NET_RATE_CONTROL_QUOTA_CONTEXT |
| 1346 | struct _SYSTEM_NET_RATE_CONTROL_CALLBACK_TABLE |
Most, though certainly not all, of the types that the URLMON symbols attribute to the unpublished NTEXAPI_X.H are defined in other headers that Microsoft does publish: several in the WDK but also WINNT.H in the Software Development Kit (SDK). All are in some sense the standard headers for their level of Windows programming.
It may be that content is extracted from NTEXAPI_X.H to these standard headers. It may be that all are extracted from yet some other input. However it’s done, the effect looks to be that successive lines of NTEXAPI_X.H are appended to zero or more of the published headers, and each of the latter then has one contiguous region of lines that are each in NTEXAPI_X.H. Matching line numbers for type definitions as seen in the standard headers and deduced for NTEXAPI_X.H then supports a reasonable attempt at reconstructing much of what NTEXAPI_X.H must have between its type definitions. The table below is a skeleton for reconstructing the NTEXAPI_X.H from the original Windows 10.
Types and line numbers in this table are as close to complete as seems possible. They are collected from all known type information not just in symbol files as noted above but also in the statically linked library CLFSMGMT.LIB from the SDK for Windows 10.
| NTEXAPI_X.H | Type | NTDDK.H | MINIPORT.H | WDM.H | WINNT.H |
|---|---|---|---|---|---|
| 43 | struct _VARIABLE_NAME | ||||
| 49 | struct _VARIABLE_NAME_AND_VALUE | ||||
| 62 | enum _FIRMWARE_TYPE | 11643 | |||
| 79 | enum _SYSTEM_FIRMWARE_TABLE_ACTION | 6888 | |||
| 84 | struct _SYSTEM_FIRMWARE_TABLE_INFORMATION | 6893 | |||
| 98 | struct _SYSTEM_FIRMWARE_TABLE_HANDLER | 6907 | |||
| 174 | enum _TIMER_SET_INFORMATION_CLASS | 6932 | |||
| 181 | struct _TIMER_SET_COALESCABLE_TIMER_INFO | 6939 | |||
| 211 | struct _DRIVER_VERIFIER_THUNK_PAIRS | 6967 | |||
| 240 | enum _LOGICAL_PROCESSOR_RELATIONSHIP | 5637 | 19151 | 11682 | |
| 251 | enum _PROCESSOR_CACHE_TYPE | 5648 | 19162 | 11693 | |
| 260 | struct _CACHE_DESCRIPTOR | 5657 | 19171 | 11702 | |
| 268 | struct _SYSTEM_LOGICAL_PROCESSOR_INFORMATION | 5665 | 19179 | 11710 | |
| 271 | anonymous union in struct _SYSTEM_LOGICAL_PROCESSOR_INFORMATION |
5668 | 19182 | 11713 | |
| 272 | unnamed struct ProcessorCore in anonymous union in struct _SYSTEM_LOGICAL_PROCESSOR_INFORMATION |
5669 | 19183 | 11714 | |
| 275 | unnamed struct NumaNode in anonymous union in struct _SYSTEM_LOGICAL_PROCESSOR_INFORMATION |
5672 | 19186 | 11717 | |
| 283 | struct _PROCESSOR_RELATIONSHIP | 5680 | 19194 | 11725 | |
| 291 | struct _NUMA_NODE_RELATIONSHIP | 5688 | 19202 | 11733 | |
| 297 | struct _CACHE_RELATIONSHIP | 5694 | 19208 | 11739 | |
| 307 | struct _PROCESSOR_GROUP_INFO | 5704 | 19218 | 11749 | |
| 314 | struct _GROUP_RELATIONSHIP | 5711 | 19225 | 11756 | |
| 321 | struct _SYSTEM_LOGICAL_PROCESSOR_INFORMATION_EX | 5718 | 19232 | 11763 | |
| 324 | anonymous union in struct _SYSTEM_LOGICAL_PROCESSOR_INFORMATION_EX |
5721 | 19235 | 11766 | |
| 334 | enum _CPU_SET_INFORMATION_TYPE | 5731 | 19245 | 11776 | |
| 338 | struct _SYSTEM_CPU_SET_INFORMATION | 5735 | 19249 | 11780 | |
| 341 | anonymous union in struct _SYSTEM_CPU_SET_INFORMATION |
5738 | 19252 | 11783 | |
| 342 | unnamed struct CpuSet in anonymous union in struct _SYSTEM_CPU_SET_INFORMATION |
5739 | 19253 | 11784 | |
| 350 | anonymous union in unnamed struct CpuSet in anonymous union in struct _SYSTEM_CPU_SET_INFORMATION |
5747 | 19261 | 11792 | |
| 358 | anonymous struct in anonymous union in unnamed struct CpuSet in anonymous union in struct _SYSTEM_CPU_SET_INFORMATION |
5755 | 19269 | 11800 | |
| 376 | struct _SYSTEM_PROCESSOR_CYCLE_TIME_INFORMATION | 11818 | |||
| 462 | enum _ALTERNATIVE_ARCHITECTURE_TYPE | 19325 | |||
| 567 | struct _XSTATE_FEATURE | 7057 | 11968 | ||
| 572 | struct _XSTATE_CONFIGURATION | 7062 | 11973 | ||
| 698 | struct _KUSER_SHARED_DATA | 7186 | |||
| 872 | anonymous union in struct _KUSER_SHARED_DATA |
7360 | |||
| 875 | anonymous struct in anonymous union in struct _KUSER_SHARED_DATA |
7363 | |||
| 944 | anonymous union in struct _KUSER_SHARED_DATA |
7432 | |||
| 946 | anonymous struct in anonymous union in struct _KUSER_SHARED_DATA |
7434 | |||
| 988 | anonymous union in struct _KUSER_SHARED_DATA |
7476 | |||
| 991 | anonymous struct in anonymous union in struct _KUSER_SHARED_DATA |
7479 | |||
| 1125 | anonymous union in struct _KUSER_SHARED_DATA |
7613 | |||
| 1127 | anonymous struct in anonymous union in struct _KUSER_SHARED_DATA |
7615 | |||
| 1276 | enum _SYSTEM_NET_RATE_CONTROL_TYPE | ||||
| 1281 | struct _SYSTEM_NET_RATE_CONTROL_CONTEXT_HEADER | ||||
| 1291 | struct _SYSTEM_NET_RATE_CONTROL_SET_CONTEXT | ||||
| 1295 | anonymous union in struct _SYSTEM_NET_RATE_CONTROL_SET_CONTEXT |
||||
| 1297 | anonymous struct in anonymous union in struct _SYSTEM_NET_RATE_CONTROL_SET_CONTEXT |
||||
| 1314 | struct _SYSTEM_NET_RATE_CONTROL_QUOTA_CONTEXT | ||||
| 1346 | struct _SYSTEM_NET_RATE_CONTROL_CALLBACK_TABLE |
To be clear: two small structures at the start of NTEXAPI_X.H and the several types at the end are known only from type information, not from any published C-language definition, let alone from documentation.