Geoff Chappell - Software Analyst
The public symbol file NTKRPAMP.PDB for the original release of Windows 10 tells that the kernel is built with the NTPSAPI.H header at
d:\th.public.fre\internal\sdk\inc
and draws from it the following type definitions:
| Line Number | Type |
|---|---|
| 589 | struct _PROCESS_DISK_COUNTERS |
| 620 | struct _THREAD_ENERGY_VALUES |
| 624 | struct _PROCESS_ENERGY_VALUES |
| 652 | struct _COUNTER_READING |
| 666 | struct _THREAD_PERFORMANCE_DATA |
| 1631 | struct _PS_PROTECTION |
| 1646 | enum _PS_PROTECTED_SIGNER |
| 2189 | struct _JOBOBJECT_WAKE_FILTER |
| 2219 | enum _PS_WAKE_REASON |
The header NTPSAPI.H is not known in any Device Driver Kit (DDK) or Windows Driver Kit (WDK).
For the record, here are the very many more types that Microsoft’s freely published URLMON.PDB reveals were accessible to the source code for URLMON.DLL from including NTPSAPI.H when building Internet Explorer for the original release of 32-bit Windows 10:
| Line Number | Type |
|---|---|
| 390 | struct _Wx86TIB |
| 437 | struct _INITIAL_TEB |
| 438 | unnamed struct OldInitialTeb in struct _INITIAL_TEB |
| 461 | struct _PROCESS_PRIORITY_CLASS |
| 466 | struct _PROCESS_FOREGROUND_BACKGROUND |
| 475 | enum _PROCESS_TLS_INFORMATION_TYPE |
| 484 | struct _THREAD_TLS_INFORMATION |
| 497 | struct _PROCESS_TLS_INFORMATION |
| 531 | struct _PROCESS_BASIC_INFORMATION64 |
| 542 | struct _PROCESS_EXTENDED_BASIC_INFORMATION64 |
| 567 | struct _PROCESS_CYCLE_TIME_INFORMATION |
| 579 | struct _PROCESS_INSTRUMENTATION_CALLBACK_INFORMATION |
| 589 | struct _PROCESS_DISK_COUNTERS |
| 601 | enum _PROCESS_ENERGY_COMPONENT_TYPE_NUM |
| 620 | struct _THREAD_ENERGY_VALUES |
| 624 | struct _PROCESS_ENERGY_VALUES |
| 652 | struct _COUNTER_READING |
| 666 | struct _THREAD_PERFORMANCE_DATA |
| 679 | struct _THREAD_PROFILING_INFORMATION |
| 692 | struct _PROCESS_WS_WATCH_INFORMATION_EX |
| 704 | union _PROCESS_AFFINITY_UPDATE_MODE |
| 719 | union _PROCESS_MEMORY_ALLOCATION_MODE |
| 733 | struct _PROCESS_WINDOW_INFORMATION |
| 745 | struct _PROCESS_HANDLE_TABLE_ENTRY_INFO |
| 756 | struct _PROCESS_HANDLE_SNAPSHOT_INFORMATION |
| 774 | struct _PROCESS_STACK_ALLOCATION_INFORMATION |
| 780 | struct _PROCESS_STACK_ALLOCATION_INFORMATION_EX |
| 794 | struct _PROCESS_MITIGATION_POLICY_INFORMATION |
| 834 | struct _PROCESS_FAULT_INFORMATION |
| 845 | struct _PROCESS_TELEMETRY_ID_INFORMATION |
| 873 | struct _PROCESS_COMMIT_RELEASE_INFORMATION |
| 892 | struct _THREAD_BASIC_INFORMATION |
| 907 | struct _THREAD_TEB_INFORMATION |
| 919 | struct _THREAD_LAST_SYSCALL_INFORMATION |
| 932 | struct _THREAD_CYCLE_TIME_INFORMATION |
| 956 | struct _PS_CPU_QUOTA_QUERY_ENTRY |
| 961 | struct _PS_CPU_QUOTA_QUERY_INFORMATION |
| 966 | struct _PS_CPU_QUOTA_SET_INFORMATION |
| 971 | struct _PROCESS_HANDLE_INFORMATION |
| 980 | struct _FIBER |
| 1094 | enum _PS_ATTRIBUTE_NUM |
| 1122 | struct _PS_ATTRIBUTE |
| 1132 | struct _PS_ATTRIBUTE_LIST |
| 1185 | struct _PS_MEMORY_RESERVE |
| 1190 | enum PS_CREATE_STATE |
| 1215 | enum _PS_STD_HANDLE_STATE |
| 1222 | struct _PS_STD_HANDLE_INFO |
| 1631 | struct _PS_PROTECTION |
| 1646 | enum _PS_PROTECTED_SIGNER |
| 1661 | enum _PS_PROTECTED_TYPE |
| 1712 | struct _PS_CREATE_INFO |
| 1716 | unnamed struct InitState in struct _PS_CREATE_INFO |
| 1734 | unnamed struct FailSection in struct _PS_CREATE_INFO |
| 1738 | unnamed struct ExeFormat in struct _PS_CREATE_INFO |
| 1742 | unnamed struct ExeName in struct _PS_CREATE_INFO |
| 1746 | unnamed struct SuccessState in struct _PS_CREATE_INFO |
| 1911 | struct _X86_CALL_FRAME |
| 1939 | struct _CALL_FRAME |
| 2163 | struct _JOBOBJECT_EXTENDED_ACCOUNTING_INFORMATION |
| 2189 | struct _JOBOBJECT_WAKE_FILTER |
| 2198 | struct _JOBOBJECT_FREEZE_INFORMATION |
| 2219 | enum _PS_WAKE_REASON |
| 2228 | struct _JOBOBJECT_WAKE_INFORMATION_V1 |
| 2233 | struct _JOBOBJECT_WAKE_INFORMATION |
| 2243 | struct _JOBOBJECT_INTERFERENCE_INFORMATION |
| 2247 | struct _JOBOBJECT_MEMORY_USAGE_INFORMATION |
| 2254 | struct _JOBOBJECT_MEMORY_USAGE_INFORMATION_V2 |
| 2275 | struct _JOBOBJECT_NOTIFICATION_LIMIT_INFORMATION_V2 |
| 2301 | struct _JOBOBJECT_LIMIT_VIOLATION_INFORMATION_V2 |
| 2403 | enum _MEMORY_RESERVE_TYPE |
| 2430 | struct _PS_SYSTEM_DLL_INIT_BLOCK |
| 2460 | struct _PS_PKG_CLAIM |
This looks to be a complete reckoning of named classes, enumerations, structures and unions that are defined in the unseen NTPSAPI.H. A contemporaneous statically linked library named CLFSMGMT.LIB has its type information from creating a pre-compiled header, such that it almost certainly is complete for its inclusions from NTPSAPI.H, and yet it adds only anonymous structures and unions that are nested within the types listed above.