Geoff Chappell, Software Analyst
The public symbol file NTKRPAMP.PDB for the original release of Windows 10 tells that the kernel is built with the PEBTEB.H header at
and draws from it the following type definitions:
The header PEBTEB.H is not known in any Device Driver Kit (DDK) or Windows Driver Kit (WDK).
The unusual definition of multiple structures at the same line can be explained, at least partially, by multiple inclusion designed to produce slightly different definitions depending on prior definition of macros that govern conditional compilation. This is confirmed by the disclosure of WOW64T.H in the “minwin” directory of the Windows Driver Kit (WDK) for Windows 10 in the original and Version 1511 editions. Among the reasons for suspecting that this disclosure of this directory’s disclosure was an oversight is that more than a few of its headers would include headers that are not supplied. WOW64T.H is one example in that it would include PEBTEB.H, but specially notable is that WOW64T.H would include PEBTEB.H twice: once with a macro PEBTEB_BITS defined as 32; next with it redefined as 64.