Geoff Chappell, Software Analyst
The public symbol file NTKRPAMP.PDB for the original release of Windows 10 tells that the kernel is built with the ARC.H header at
and draws from it the following type definitions:
The header ARC.H is published in the “minwin” directory of the Windows Driver Kit (WDK) for Windows 10 in the original and Version 1511 editions. This was a significant new disclosure. The header as published defines many more structures, but the public symbol files for the kernel in the same versions do not have type information for these.
Indeed, many types that are defined in ARC.H had never or only rarely appeared in any public symbol files for any version. Starting with the 1803 release of Windows 10, however, the public symbol files for the kernel have very many more types that are defined in ARC.H. That these many types that were for so long relatively unknown to programmers outside Microsoft are known to the kernel through this one header is surely worth cataloguing:
|Line Number (1803)||Type||Line Number (Original)|
|536||unnamed union Basic in struct _LOADER_RESET_REASON||none|
|537||unnamed struct Component in Basic in _LOADER_RESET_REASON||none|
|1237||unnamed union u in _FIRMWARE_INFORMATION_LOADER_BLOCK||936|
|1326||unnamed union u in _LOADER_PARAMETER_BLOCK||1023|
The line numbers in the left column are for the unseen ARC.H for Windows 10 Version 1803, as known from the public symbol files for the kernel in this version. The line numbers to the right are from the published header in the original Windows 10 release. As only to be expected, the header has grown in the years since its (accidental) disclosure.
The ARC.H that is compiled for the kernel’s public symbol files is not Microsoft’s only ARC.H. It may be an incomplete copy or extract for inclusion with a HAL development kit. Where ARC.H is named in a handful of private symbol files that Microsoft has distributed with otherwise public symbols, it is placed elsewhere. For instance, in the downloadable package of public symbols for the original release of Windows 10, appxdeploymentclient.pdb names ARC.H in
which is indeed where the kernel gets many of its headers. More study is required.