2012/10/5 Christian Costa <titan.costa@gmail.com>

2012/10/5 Paul Chitescu <paulc@voip.null.ro>

On Friday 05 October 2012 10:00:00 am Christian Costa wrote:
> ---
> include/ddk/ntifs.h | 555
> +++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 555
> insertions(+)
> create mode 100644 include/ddk/ntifs.h
>
> diff --git a/include/ddk/ntifs.h b/include/ddk/ntifs.h
> new file mode 100644

> [...]

What version of Windows were these extracted from?

It's Vista. I didn't take these declarations directly from the ddk but on several sources on the web.
I've just downloaded the DDK 7.1.0 to verify and make some changes if needed.

I cannot find these definitions in ddk 7.1.0 headers. It does not seem they are supposed to be in the DDK.

I based my patch on these ones at http://www.nirsoft.net/kernel_struct/vista/EPROCESS.html.

I saw on the web that ntifs.h was always involved.