Geoff Chappell - Software Analyst
The public symbol file NTKRPAMP.PDB for the original release of Windows 10 tells that the kernel is built with the PS.H header at
d:\th\minkernel\ntos\inc
and draws from it the following type definitions:
| Line Number | Type |
|---|---|
| 53 | enum _WORKING_SET_TYPE |
| 78 | struct _MMSUPPORT_FLAGS |
| 137 | struct _MMSUPPORT |
| 190 | struct _SE_AUDIT_PROCESS_CREATION_INFO |
| 198 | enum _PS_RESOURCE_TYPE |
| 210 | struct _EPROCESS_VALUES |
| 227 | struct _PS_PROPERTY_SET |
| 275 | struct _ALPC_PROCESS_CONTEXT |
| 294 | struct _EPROCESS |
| 948 | struct _TERMINATION_PORT |
| 959 | union _PS_CLIENT_SECURITY_CONTEXT |
| 969 | struct _ETHREAD |
| 1628 | struct _PS_WAKE_INFORMATION |
| 1640 | struct _EJOB |
The header PS.H is not known in any Device Driver Kit (DDK) or Windows Driver Kit (WDK).