SKETCH OF HOW RESEARCH MIGHT CONTINUE AND RESULTS BE PRESENTED

PROCESSINFO Flags

Version 6.1 introduced to the PROCESSINFO structure what may be intended as an elaboration of the age-old W32PF_Flags. Type information in symbol files for WIN32K.SYS in Windows 7 (only) enumerates the defined flags as UINT bit fields in union with a Flags that is itself a ULONG. Inevitably, many more have been defined since. It seems unlikely that I shall ever attempt to describe the additions, let alone attempt an enumeration of which flags are defined in which versions, but you never know.

Mask Definition Versions
0x00000001
 UINT fHasMsgContext : 1;
 
 
UINT Unused : 31;