Geoff Chappell, Software Analyst
The public symbol file NTKRPAMP.PDB for the original release of Windows 10 tells that the kernel is built with the NTKEAPI_X.H header at
and draws from it the type definitions that are shown in the table below.
The header NTKEAPI_X.H is not known in any Device Driver Kit (DDK) or Windows Driver Kit (WDK), but all the types that the kernel is known to pick up from NTKEAPI_X.H are defined in the standard header WDM.H. The line numbers on the left are from the unseen NTKEAPI_X.H but are known from the symbol file. Those on the right are from the WDM.H that is readily available in the WDK for Windows 10.
|124||enum _KSPIN_LOCK_QUEUE_NUMBER||334||loses 2|
|178||enum _KPROFILE_SOURCE||370||loses 18|
|214||struct _M128A||404||loses 2|
It is not known whether NTKEAPI_X.H is the source of definitions in WDM.H or whether both pick them up from yet another header, but the former inference is the simpler. If it’s true, then NTKEAPI_X.H is the first known input for generating WDM.H.
Whatever the means of construction, WDM.H is a consistent loser of lines. NTKEAPI_X.H, which Microsoft keeps to itself, has a little more of this material than does WDM.H. What the extra is, let alone whether it’s important, is not easily assessed without an NTKEAPI_X.H for inspection.