Techwiki:Win32k/EVENT
EVENT structure from Windows XP, Vista
typedef struct _EVENTHOOK { THROBJHEAD head; struct _EVENTHOOK *pehNext; UINT eventMin; UINT eventMax; UINT fDestroyed:1; UINT fIgnoreOwnThread:1; UINT fIgnoreOwnProcess:1; UINT fSync:1; UINT fWx86KnownDll:1; HANDLE hEventProcess; DWORD idEventThread; ULONG_PTR offPfn; INT ihmod; LPWSTR pwszModulePath; } EVENTHOOK, *PEVENTHOOK; typedef struct _NOTIFY { struct _NOTIFY *pNotifyNext; PEVENTHOOK spEventHook; DWORD event; HWND hwnd; LONG idObject; LONG idChild; DWORD idSenderThread; DWORD dwEventTime; DWORD dwWEFlags; PTHREADINFO ptiReceive; } NOTIFY, *PNOTIFY; // // Notify Flags #define WEF_SETBYWNDPTI 0x0001 #define WEF_DEFERREDWINEVENT 0x0002 #define WEF_ASYNCHRONOUS 0x0004 // Asynchronous !fSync or Synchronous fSync send #define WEF_POSTEVENTMSG 0x0008
References
- Windows Symbol files, userkdx.dll, !dso