SDK ile WDK'nın Windows Güncellemesi ile alakası nedir?
Dumpladım senin için
[CODE title="EPROCESS"]
+0x000 Pcb : _KPROCESS
+0x438 ProcessLock : _EX_PUSH_LOCK
+0x440 UniqueProcessId : Ptr64 Void
+0x448 ActiveProcessLinks : _LIST_ENTRY
+0x458 RundownProtect : _EX_RUNDOWN_REF
+0x460 Flags2 : Uint4B
+0x460 JobNotReallyActive : Pos 0, 1 Bit
+0x460 AccountingFolded : Pos 1, 1 Bit
+0x460 NewProcessReported : Pos 2, 1 Bit
+0x460 ExitProcessReported : Pos 3, 1 Bit
+0x460 ReportCommitChanges : Pos 4, 1 Bit
+0x460 LastReportMemory : Pos 5, 1 Bit
+0x460 ForceWakeCharge : Pos 6, 1 Bit
+0x460 CrossSessionCreate : Pos 7, 1 Bit
+0x460 NeedsHandleRundown : Pos 8, 1 Bit
+0x460 RefTraceEnabled : Pos 9, 1 Bit
+0x460 PicoCreated : Pos 10, 1 Bit
+0x460 EmptyJobEvaluated : Pos 11, 1 Bit
+0x460 DefaultPagePriority : Pos 12, 3 Bits
+0x460 PrimaryTokenFrozen : Pos 15, 1 Bit
+0x460 ProcessVerifierTarget : Pos 16, 1 Bit
+0x460 RestrictSetThreadContext : Pos 17, 1 Bit
+0x460 AffinityPermanent : Pos 18, 1 Bit
+0x460 AffinityUpdateEnable : Pos 19, 1 Bit
+0x460 PropagateNode : Pos 20, 1 Bit
+0x460 ExplicitAffinity : Pos 21, 1 Bit
+0x460 ProcessExecutionState : Pos 22, 2 Bits
+0x460 EnableReadVmLogging : Pos 24, 1 Bit
+0x460 EnableWriteVmLogging : Pos 25, 1 Bit
+0x460 FatalAccessTerminationRequested : Pos 26, 1 Bit
+0x460 DisableSystemAllowedCpuSet : Pos 27, 1 Bit
+0x460 ProcessStateChangeRequest : Pos 28, 2 Bits
+0x460 ProcessStateChangeInProgress : Pos 30, 1 Bit
+0x460 InPrivate : Pos 31, 1 Bit
+0x464 Flags : Uint4B
+0x464 CreateReported : Pos 0, 1 Bit
+0x464 NoDebugInherit : Pos 1, 1 Bit
+0x464 ProcessExiting : Pos 2, 1 Bit
+0x464 ProcessDelete : Pos 3, 1 Bit
+0x464 ManageExecutableMemoryWrites : Pos 4, 1 Bit
+0x464 VmDeleted : Pos 5, 1 Bit
+0x464 OutswapEnabled : Pos 6, 1 Bit
+0x464 Outswapped : Pos 7, 1 Bit
+0x464 FailFastOnCommitFail : Pos 8, 1 Bit
+0x464 Wow64VaSpace4Gb : Pos 9, 1 Bit
+0x464 AddressSpaceInitialized : Pos 10, 2 Bits
+0x464 SetTimerResolution : Pos 12, 1 Bit
+0x464 BreakOnTermination : Pos 13, 1 Bit
+0x464 DeprioritizeViews : Pos 14, 1 Bit
+0x464 WriteWatch : Pos 15, 1 Bit
+0x464 ProcessInSession : Pos 16, 1 Bit
+0x464 OverrideAddressSpace : Pos 17, 1 Bit
+0x464 HasAddressSpace : Pos 18, 1 Bit
+0x464 LaunchPrefetched : Pos 19, 1 Bit
+0x464 Background : Pos 20, 1 Bit
+0x464 VmTopDown : Pos 21, 1 Bit
+0x464 ImageNotifyDone : Pos 22, 1 Bit
+0x464 PdeUpdateNeeded : Pos 23, 1 Bit
+0x464 VdmAllowed : Pos 24, 1 Bit
+0x464 ProcessRundown : Pos 25, 1 Bit
+0x464 ProcessInserted : Pos 26, 1 Bit
+0x464 DefaultIoPriority : Pos 27, 3 Bits
+0x464 ProcessSelfDelete : Pos 30, 1 Bit
+0x464 SetTimerResolutionLink : Pos 31, 1 Bit
+0x468 CreateTime : _LARGE_INTEGER
+0x470 ProcessQuotaUsage : [2] Uint8B
+0x480 ProcessQuotaPeak : [2] Uint8B
+0x490 PeakVirtualSize : Uint8B
+0x498 VirtualSize : Uint8B
+0x4a0 SessionProcessLinks : _LIST_ENTRY
+0x4b0 ExceptionPortData : Ptr64 Void
+0x4b0 ExceptionPortValue : Uint8B
+0x4b0 ExceptionPortState : Pos 0, 3 Bits
+0x4b8 Token : _EX_FAST_REF
+0x4c0 MmReserved : Uint8B
+0x4c8 AddressCreationLock : _EX_PUSH_LOCK
+0x4d0 PageTableCommitmentLock : _EX_PUSH_LOCK
+0x4d8 RotateInProgress : Ptr64 _ETHREAD
+0x4e0 ForkInProgress : Ptr64 _ETHREAD
+0x4e8 CommitChargeJob : Ptr64 _EJOB
+0x4f0 CloneRoot : _RTL_AVL_TREE
+0x4f8 NumberOfPrivatePages : Uint8B
+0x500 NumberOfLockedPages : Uint8B
+0x508 Win32Process : Ptr64 Void
+0x510 Job : Ptr64 _EJOB
+0x518 SectionObject : Ptr64 Void
+0x520 SectionBaseAddress : Ptr64 Void
+0x528 Cookie : Uint4B
+0x530 WorkingSetWatch : Ptr64 _PAGEFAULT_HISTORY
+0x538 Win32WindowStation : Ptr64 Void
+0x540 InheritedFromUniqueProcessId : Ptr64 Void
+0x548 OwnerProcessId : Uint8B
+0x550 Peb : Ptr64 _PEB
+0x558 Session : Ptr64 _MM_SESSION_SPACE
+0x560 Spare1 : Ptr64 Void
+0x568 QuotaBlock : Ptr64 _EPROCESS_QUOTA_BLOCK
+0x570 ObjectTable : Ptr64 _HANDLE_TABLE
+0x578 DebugPort : Ptr64 Void
+0x580 WoW64Process : Ptr64 _EWOW64PROCESS
+0x588 DeviceMap : _EX_FAST_REF
+0x590 EtwDataSource : Ptr64 Void
+0x598 PageDirectoryPte : Uint8B
+0x5a0 ImageFilePointer : Ptr64 _FILE_OBJECT
+0x5a8 ImageFileName : [15] UChar
+0x5b7 PriorityClass : UChar
+0x5b8 SecurityPort : Ptr64 Void
+0x5c0 SeAuditProcessCreationInfo : _SE_AUDIT_PROCESS_CREATION_INFO
+0x5c8 JobLinks : _LIST_ENTRY
+0x5d8 HighestUserAddress : Ptr64 Void
+0x5e0 ThreadListHead : _LIST_ENTRY
+0x5f0 ActiveThreads : Uint4B
+0x5f4 ImagePathHash : Uint4B
+0x5f8 DefaultHardErrorProcessing : Uint4B
+0x5fc LastThreadExitStatus : Int4B
+0x600 PrefetchTrace : _EX_FAST_REF
+0x608 LockedPagesList : Ptr64 Void
+0x610 ReadOperationCount : _LARGE_INTEGER
+0x618 WriteOperationCount : _LARGE_INTEGER
+0x620 OtherOperationCount : _LARGE_INTEGER
+0x628 ReadTransferCount : _LARGE_INTEGER
+0x630 WriteTransferCount : _LARGE_INTEGER
+0x638 OtherTransferCount : _LARGE_INTEGER
+0x640 CommitChargeLimit : Uint8B
+0x648 CommitCharge : Uint8B
+0x650 CommitChargePeak : Uint8B
+0x680 Vm : _MMSUPPORT_FULL
+0x7c0 MmProcessLinks : _LIST_ENTRY
+0x7d0 ModifiedPageCount : Uint4B
+0x7d4 ExitStatus : Int4B
+0x7d8 VadRoot : _RTL_AVL_TREE
+0x7e0 VadHint : Ptr64 Void
+0x7e8 VadCount : Uint8B
+0x7f0 VadPhysicalPages : Uint8B
+0x7f8 VadPhysicalPagesLimit : Uint8B
+0x800 AlpcContext : _ALPC_PROCESS_CONTEXT
+0x820 TimerResolutionLink : _LIST_ENTRY
+0x830 TimerResolutionStackRecord : Ptr64 _PO_DIAG_STACK_RECORD
+0x838 RequestedTimerResolution : Uint4B
+0x83c SmallestTimerResolution : Uint4B
+0x840 ExitTime : _LARGE_INTEGER
+0x848 InvertedFunctionTable : Ptr64 _INVERTED_FUNCTION_TABLE
+0x850 InvertedFunctionTableLock : _EX_PUSH_LOCK
+0x858 ActiveThreadsHighWatermark : Uint4B
+0x85c LargePrivateVadCount : Uint4B
+0x860 ThreadListLock : _EX_PUSH_LOCK
+0x868 WnfContext : Ptr64 Void
+0x870 ServerSilo : Ptr64 _EJOB
+0x878 SignatureLevel : UChar
+0x879 SectionSignatureLevel : UChar
+0x87a Protection : _PS_PROTECTION
+0x87b HangCount : Pos 0, 3 Bits
+0x87b GhostCount : Pos 3, 3 Bits
+0x87b PrefilterException : Pos 6, 1 Bit
+0x87c Flags3 : Uint4B
+0x87c Minimal : Pos 0, 1 Bit
+0x87c ReplacingPageRoot : Pos 1, 1 Bit
+0x87c Crashed : Pos 2, 1 Bit
+0x87c JobVadsAreTracked : Pos 3, 1 Bit
+0x87c VadTrackingDisabled : Pos 4, 1 Bit
+0x87c AuxiliaryProcess : Pos 5, 1 Bit
+0x87c SubsystemProcess : Pos 6, 1 Bit
+0x87c IndirectCpuSets : Pos 7, 1 Bit
+0x87c RelinquishedCommit : Pos 8, 1 Bit
+0x87c HighGraphicsPriority : Pos 9, 1 Bit
+0x87c CommitFailLogged : Pos 10, 1 Bit
+0x87c ReserveFailLogged : Pos 11, 1 Bit
+0x87c SystemProcess : Pos 12, 1 Bit
+0x87c HideImageBaseAddresses : Pos 13, 1 Bit
+0x87c AddressPolicyFrozen : Pos 14, 1 Bit
+0x87c ProcessFirstResume : Pos 15, 1 Bit
+0x87c ForegroundExternal : Pos 16, 1 Bit
+0x87c ForegroundSystem : Pos 17, 1 Bit
+0x87c HighMemoryPriority : Pos 18, 1 Bit
+0x87c EnableProcessSuspendResumeLogging : Pos 19, 1 Bit
+0x87c EnableThreadSuspendResumeLogging : Pos 20, 1 Bit
+0x87c SecurityDomainChanged : Pos 21, 1 Bit
+0x87c SecurityFreezeComplete : Pos 22, 1 Bit
+0x87c VmProcessorHost : Pos 23, 1 Bit
+0x87c VmProcessorHostTransition : Pos 24, 1 Bit
+0x87c AltSyscall : Pos 25, 1 Bit
+0x87c TimerResolutionIgnore : Pos 26, 1 Bit
+0x87c DisallowUserTerminate : Pos 27, 1 Bit
+0x87c EnableProcessRemoteExecProtectVmLogging : Pos 28, 1 Bit
+0x87c EnableProcessLocalExecProtectVmLogging : Pos 29, 1 Bit
+0x880 DeviceAsid : Int4B
+0x888 SvmData : Ptr64 Void
+0x890 SvmProcessLock : _EX_PUSH_LOCK
+0x898 SvmLock : Uint8B
+0x8a0 SvmProcessDeviceListHead : _LIST_ENTRY
+0x8b0 LastFreezeInterruptTime : Uint8B
+0x8b8 DiskCounters : Ptr64 _PROCESS_DISK_COUNTERS
+0x8c0 PicoContext : Ptr64 Void
+0x8c8 EnclaveTable : Ptr64 Void
+0x8d0 EnclaveNumber : Uint8B
+0x8d8 EnclaveLock : _EX_PUSH_LOCK
+0x8e0 HighPriorityFaultsAllowed : Uint4B
+0x8e8 EnergyContext : Ptr64 _PO_PROCESS_ENERGY_CONTEXT
+0x8f0 VmContext : Ptr64 Void
+0x8f8 SequenceNumber : Uint8B
+0x900 CreateInterruptTime : Uint8B
+0x908 CreateUnbiasedInterruptTime : Uint8B
+0x910 TotalUnbiasedFrozenTime : Uint8B
+0x918 LastAppStateUpdateTime : Uint8B
+0x920 LastAppStateUptime : Pos 0, 61 Bits
+0x920 LastAppState : Pos 61, 3 Bits
+0x928 SharedCommitCharge : Uint8B
+0x930 SharedCommitLock : _EX_PUSH_LOCK
+0x938 SharedCommitLinks : _LIST_ENTRY
+0x948 AllowedCpuSets : Uint8B
+0x950 DefaultCpuSets : Uint8B
+0x948 AllowedCpuSetsIndirect : Ptr64 Uint8B
+0x950 DefaultCpuSetsIndirect : Ptr64 Uint8B
+0x958 DiskIoAttribution : Ptr64 Void
+0x960 DxgProcess : Ptr64 Void
+0x968 Win32KFilterSet : Uint4B
+0x96c Machine : Uint2B
+0x96e Spare0 : Uint2B
+0x970 ProcessTimerDelay : _PS_INTERLOCKED_TIMER_DELAY_VALUES
+0x978 KTimerSets : Uint4B
+0x97c KTimer2Sets : Uint4B
+0x980 ThreadTimerSets : Uint4B
+0x988 VirtualTimerListLock : Uint8B
+0x990 VirtualTimerListHead : _LIST_ENTRY
+0x9a0 WakeChannel : _WNF_STATE_NAME
+0x9a0 WakeInfo : _PS_PROCESS_WAKE_INFORMATION
+0x9d0 MitigationFlags : Uint4B
+0x9d0 MitigationFlagsValues : <unnamed-tag>
+0x9d4 MitigationFlags2 : Uint4B
+0x9d4 MitigationFlags2Values : <unnamed-tag>
+0x9d8 PartitionObject : Ptr64 Void
+0x9e0 SecurityDomain : Uint8B
+0x9e8 ParentSecurityDomain : Uint8B
+0x9f0 CoverageSamplerContext : Ptr64 Void
+0x9f8 MmHotPatchContext : Ptr64 Void
+0xa00 IdealProcessorAssignmentBlock : _KE_IDEAL_PROCESSOR_ASSIGNMENT_BLOCK
+0xb18 DynamicEHContinuationTargetsTree : _RTL_AVL_TREE
+0xb20 DynamicEHContinuationTargetsLock : _EX_PUSH_LOCK
+0xb28 DynamicEnforcedCetCompatibleRanges : _PS_DYNAMIC_ENFORCED_ADDRESS_RANGES
+0xb38 DisabledComponentFlags : Uint4B
+0xb3c PageCombineSequence : Int4B
+0xb40 EnableOptionalXStateFeaturesLock : _EX_PUSH_LOCK
[/CODE]
[CODE title="KPROCESS"]
+0x000 Header : _DISPATCHER_HEADER
+0x018 ProfileListHead : _LIST_ENTRY
+0x028 DirectoryTableBase : Uint8B
+0x030 ThreadListHead : _LIST_ENTRY
+0x040 ProcessLock : Uint4B
+0x044 ProcessTimerDelay : Uint4B
+0x048 DeepFreezeStartTime : Uint8B
+0x050 Affinity : _KAFFINITY_EX
+0x158 ReadyListHead : _LIST_ENTRY
+0x168 SwapListEntry : _SINGLE_LIST_ENTRY
+0x170 ActiveProcessors : _KAFFINITY_EX
+0x278 AutoAlignment : Pos 0, 1 Bit
+0x278 DisableBoost : Pos 1, 1 Bit
+0x278 DisableQuantum : Pos 2, 1 Bit
+0x278 DeepFreeze : Pos 3, 1 Bit
+0x278 TimerVirtualization : Pos 4, 1 Bit
+0x278 CheckStackExtents : Pos 5, 1 Bit
+0x278 CacheIsolationEnabled : Pos 6, 1 Bit
+0x278 PpmPolicy : Pos 7, 4 Bits
+0x278 VaSpaceDeleted : Pos 11, 1 Bit
+0x278 MultiGroup : Pos 12, 1 Bit
+0x278 ReservedFlags : Pos 13, 19 Bits
+0x278 ProcessFlags : Int4B
+0x27c ActiveGroupsMask : Uint4B
+0x280 BasePriority : Char
+0x281 QuantumReset : Char
+0x282 Visited : Char
+0x283 Flags : _KEXECUTE_OPTIONS
+0x284 ThreadSeed : [32] Uint2B
+0x2c4 IdealProcessor : [32] Uint2B
+0x304 IdealNode : [32] Uint2B
+0x344 IdealGlobalNode : Uint2B
+0x346 Spare1 : Uint2B
+0x348 StackCount : _KSTACK_COUNT
+0x350 ProcessListEntry : _LIST_ENTRY
+0x360 CycleTime : Uint8B
+0x368 ContextSwitches : Uint8B
+0x370 SchedulingGroup : Ptr64 _KSCHEDULING_GROUP
+0x378 FreezeCount : Uint4B
+0x37c KernelTime : Uint4B
+0x380 UserTime : Uint4B
+0x384 ReadyTime : Uint4B
+0x388 UserDirectoryTableBase : Uint8B
+0x390 AddressPolicy : UChar
+0x391 Spare2 : [71] UChar
+0x3d8 InstrumentationCallback : Ptr64 Void
+0x3e0 SecureState : <unnamed-tag>
+0x3e8 KernelWaitTime : Uint8B
+0x3f0 UserWaitTime : Uint8B
+0x3f8 LastRebalanceQpc : Uint8B
+0x400 PerProcessorCycleTimes : Ptr64 Void
+0x408 ExtendedFeatureDisableMask : Uint8B
+0x410 PrimaryGroup : Uint2B
+0x412 Spare3 : [3] Uint2B
+0x418 UserCetLogging : Ptr64 Void
+0x420 EndPadding : [3] Uint8B
[/CODE]
[CODE title="KTHREAD"]
+0x000 Header : _DISPATCHER_HEADER
+0x018 SListFaultAddress : Ptr64 Void
+0x020 QuantumTarget : Uint8B
+0x028 InitialStack : Ptr64 Void
+0x030 StackLimit : Ptr64 Void
+0x038 StackBase : Ptr64 Void
+0x040 ThreadLock : Uint8B
+0x048 CycleTime : Uint8B
+0x050 CurrentRunTime : Uint4B
+0x054 ExpectedRunTime : Uint4B
+0x058 KernelStack : Ptr64 Void
+0x060 StateSaveArea : Ptr64 _XSAVE_FORMAT
+0x068 SchedulingGroup : Ptr64 _KSCHEDULING_GROUP
+0x070 WaitRegister : _KWAIT_STATUS_REGISTER
+0x071 Running : UChar
+0x072 Alerted : [2] UChar
+0x074 AutoBoostActive : Pos 0, 1 Bit
+0x074 ReadyTransition : Pos 1, 1 Bit
+0x074 WaitNext : Pos 2, 1 Bit
+0x074 SystemAffinityActive : Pos 3, 1 Bit
+0x074 Alertable : Pos 4, 1 Bit
+0x074 UserStackWalkActive : Pos 5, 1 Bit
+0x074 ApcInterruptRequest : Pos 6, 1 Bit
+0x074 QuantumEndMigrate : Pos 7, 1 Bit
+0x074 Spare1 : Pos 8, 1 Bit
+0x074 TimerActive : Pos 9, 1 Bit
+0x074 SystemThread : Pos 10, 1 Bit
+0x074 ProcessDetachActive : Pos 11, 1 Bit
+0x074 CalloutActive : Pos 12, 1 Bit
+0x074 ScbReadyQueue : Pos 13, 1 Bit
+0x074 ApcQueueable : Pos 14, 1 Bit
+0x074 ReservedStackInUse : Pos 15, 1 Bit
+0x074 Spare2 : Pos 16, 1 Bit
+0x074 TimerSuspended : Pos 17, 1 Bit
+0x074 SuspendedWaitMode : Pos 18, 1 Bit
+0x074 SuspendSchedulerApcWait : Pos 19, 1 Bit
+0x074 CetUserShadowStack : Pos 20, 1 Bit
+0x074 BypassProcessFreeze : Pos 21, 1 Bit
+0x074 CetKernelShadowStack : Pos 22, 1 Bit
+0x074 StateSaveAreaDecoupled : Pos 23, 1 Bit
+0x074 IsolationWidth : Pos 24, 1 Bit
+0x074 Reserved : Pos 25, 7 Bits
+0x074 MiscFlags : Int4B
+0x078 UserIdealProcessorFixed : Pos 0, 1 Bit
+0x078 ThreadFlagsSpare : Pos 1, 1 Bit
+0x078 AutoAlignment : Pos 2, 1 Bit
+0x078 DisableBoost : Pos 3, 1 Bit
+0x078 AlertedByThreadId : Pos 4, 1 Bit
+0x078 QuantumDonation : Pos 5, 1 Bit
+0x078 EnableStackSwap : Pos 6, 1 Bit
+0x078 GuiThread : Pos 7, 1 Bit
+0x078 DisableQuantum : Pos 8, 1 Bit
+0x078 ChargeOnlySchedulingGroup : Pos 9, 1 Bit
+0x078 DeferPreemption : Pos 10, 1 Bit
+0x078 QueueDeferPreemption : Pos 11, 1 Bit
+0x078 ForceDeferSchedule : Pos 12, 1 Bit
+0x078 SharedReadyQueueAffinity : Pos 13, 1 Bit
+0x078 FreezeCount : Pos 14, 1 Bit
+0x078 TerminationApcRequest : Pos 15, 1 Bit
+0x078 AutoBoostEntriesExhausted : Pos 16, 1 Bit
+0x078 KernelStackResident : Pos 17, 1 Bit
+0x078 TerminateRequestReason : Pos 18, 2 Bits
+0x078 ProcessStackCountDecremented : Pos 20, 1 Bit
+0x078 RestrictedGuiThread : Pos 21, 1 Bit
+0x078 VpBackingThread : Pos 22, 1 Bit
+0x078 EtwStackTraceCrimsonApcDisabled : Pos 23, 1 Bit
+0x078 EtwStackTraceApcInserted : Pos 24, 8 Bits
+0x078 ThreadFlags : Int4B
+0x07c Tag : UChar
+0x07d SystemHeteroCpuPolicy : UChar
+0x07e UserHeteroCpuPolicy : Pos 0, 7 Bits
+0x07e ExplicitSystemHeteroCpuPolicy : Pos 7, 1 Bit
+0x07f Spare0 : UChar
+0x080 SystemCallNumber : Uint4B
+0x084 ReadyTime : Uint4B
+0x088 FirstArgument : Ptr64 Void
+0x090 TrapFrame : Ptr64 _KTRAP_FRAME
+0x098 ApcState : _KAPC_STATE
+0x098 ApcStateFill : [43] UChar
+0x0c3 Priority : Char
+0x0c4 UserIdealProcessor : Uint4B
+0x0c8 WaitStatus : Int8B
+0x0d0 WaitBlockList : Ptr64 _KWAIT_BLOCK
+0x0d8 WaitListEntry : _LIST_ENTRY
+0x0d8 SwapListEntry : _SINGLE_LIST_ENTRY
+0x0e8 Queue : Ptr64 _DISPATCHER_HEADER
+0x0f0 Teb : Ptr64 Void
+0x0f8 RelativeTimerBias : Uint8B
+0x100 Timer : _KTIMER
+0x140 WaitBlock : [4] _KWAIT_BLOCK
+0x140 WaitBlockFill4 : [20] UChar
+0x154 ContextSwitches : Uint4B
+0x140 WaitBlockFill5 : [68] UChar
+0x184 State : UChar
+0x185 Spare13 : Char
+0x186 WaitIrql : UChar
+0x187 WaitMode : Char
+0x140 WaitBlockFill6 : [116] UChar
+0x1b4 WaitTime : Uint4B
+0x140 WaitBlockFill7 : [164] UChar
+0x1e4 KernelApcDisable : Int2B
+0x1e6 SpecialApcDisable : Int2B
+0x1e4 CombinedApcDisable : Uint4B
+0x140 WaitBlockFill8 : [40] UChar
+0x168 ThreadCounters : Ptr64 _KTHREAD_COUNTERS
+0x140 WaitBlockFill9 : [88] UChar
+0x198 XStateSave : Ptr64 _XSTATE_SAVE
+0x140 WaitBlockFill10 : [136] UChar
+0x1c8 Win32Thread : Ptr64 Void
+0x140 WaitBlockFill11 : [176] UChar
+0x1f0 Spare18 : Uint8B
+0x1f8 Spare19 : Uint8B
+0x200 ThreadFlags2 : Int4B
+0x200 BamQosLevel : Pos 0, 8 Bits
+0x200 ThreadFlags2Reserved : Pos 8, 24 Bits
+0x204 HgsFeedbackClass : UChar
+0x205 Spare21 : [3] UChar
+0x208 QueueListEntry : _LIST_ENTRY
+0x218 NextProcessor : Uint4B
+0x218 NextProcessorNumber : Pos 0, 31 Bits
+0x218 SharedReadyQueue : Pos 31, 1 Bit
+0x21c QueuePriority : Int4B
+0x220 Process : Ptr64 _KPROCESS
+0x228 UserAffinity : Ptr64 _KAFFINITY_EX
+0x230 UserAffinityPrimaryGroup : Uint2B
+0x232 PreviousMode : Char
+0x233 BasePriority : Char
+0x234 PriorityDecrement : Char
+0x234 ForegroundBoost : Pos 0, 4 Bits
+0x234 UnusualBoost : Pos 4, 4 Bits
+0x235 Preempted : UChar
+0x236 AdjustReason : UChar
+0x237 AdjustIncrement : Char
+0x238 AffinityVersion : Uint8B
+0x240 Affinity : Ptr64 _KAFFINITY_EX
+0x248 AffinityPrimaryGroup : Uint2B
+0x24a ApcStateIndex : UChar
+0x24b WaitBlockCount : UChar
+0x24c IdealProcessor : Uint4B
+0x250 NpxState : Uint8B
+0x258 SavedApcState : _KAPC_STATE
+0x258 SavedApcStateFill : [43] UChar
+0x283 WaitReason : UChar
+0x284 SuspendCount : Char
+0x285 Saturation : Char
+0x286 SListFaultCount : Uint2B
+0x288 SchedulerApc : _KAPC
+0x288 SchedulerApcFill0 : [1] UChar
+0x289 ResourceIndex : UChar
+0x288 SchedulerApcFill1 : [3] UChar
+0x28b QuantumReset : UChar
+0x288 SchedulerApcFill2 : [4] UChar
+0x28c KernelTime : Uint4B
+0x288 SchedulerApcFill3 : [64] UChar
+0x2c8 WaitPrcb : Ptr64 _KPRCB
+0x288 SchedulerApcFill4 : [72] UChar
+0x2d0 LegoData : Ptr64 Void
+0x288 SchedulerApcFill5 : [83] UChar
+0x2db CallbackNestingLevel : UChar
+0x2dc UserTime : Uint4B
+0x2e0 SuspendEvent : _KEVENT
+0x2f8 ThreadListEntry : _LIST_ENTRY
+0x308 MutantListHead : _LIST_ENTRY
+0x318 AbEntrySummary : UChar
+0x319 AbWaitEntryCount : UChar
+0x31a FreezeFlags : UChar
+0x31a FreezeCount2 : Pos 0, 1 Bit
+0x31a FreezeNormal : Pos 1, 1 Bit
+0x31a FreezeDeep : Pos 2, 1 Bit
+0x31b SystemPriority : Char
+0x31c SecureThreadCookie : Uint4B
+0x320 Spare22 : Ptr64 Void
+0x328 PropagateBoostsEntry : _SINGLE_LIST_ENTRY
+0x330 IoSelfBoostsEntry : _SINGLE_LIST_ENTRY
+0x338 PriorityFloorCounts : [32] UChar
+0x358 PriorityFloorSummary : Uint4B
+0x35c AbCompletedIoBoostCount : Int4B
+0x360 AbCompletedIoQoSBoostCount : Int4B
+0x364 KeReferenceCount : Int2B
+0x366 AbOrphanedEntrySummary : UChar
+0x367 AbOwnedEntryCount : UChar
+0x368 ForegroundLossTime : Uint4B
+0x370 GlobalForegroundListEntry : _LIST_ENTRY
+0x370 ForegroundDpcStackListEntry : _SINGLE_LIST_ENTRY
+0x378 InGlobalForegroundList : Uint8B
+0x380 ReadOperationCount : Int8B
+0x388 WriteOperationCount : Int8B
+0x390 OtherOperationCount : Int8B
+0x398 ReadTransferCount : Int8B
+0x3a0 WriteTransferCount : Int8B
+0x3a8 OtherTransferCount : Int8B
+0x3b0 QueuedScb : Ptr64 _KSCB
+0x3b8 ThreadTimerDelay : Uint4B
+0x3bc ThreadFlags3 : Int4B
+0x3bc ThreadFlags3Reserved : Pos 0, 8 Bits
+0x3bc PpmPolicy : Pos 8, 3 Bits
+0x3bc ThreadFlags3Reserved2 : Pos 11, 21 Bits
+0x3c0 TracingPrivate : [1] Uint8B
+0x3c8 SchedulerAssist : Ptr64 Void
+0x3d0 AbWaitObject : Ptr64 Void
+0x3d8 ReservedPreviousReadyTimeValue : Uint4B
+0x3e0 KernelWaitTime : Uint8B
+0x3e8 UserWaitTime : Uint8B
+0x3f0 GlobalUpdateVpThreadPriorityListEntry : _LIST_ENTRY
+0x3f0 UpdateVpThreadPriorityDpcStackListEntry : _SINGLE_LIST_ENTRY
+0x3f8 InGlobalUpdateVpThreadPriorityList : Uint8B
+0x400 SchedulerAssistPriorityFloor : Int4B
+0x404 RealtimePriorityFloor : Int4B
+0x408 KernelShadowStack : Ptr64 Void
+0x410 KernelShadowStackInitial : Ptr64 Void
+0x418 KernelShadowStackBase : Ptr64 Void
+0x420 KernelShadowStackLimit : _KERNEL_SHADOW_STACK_LIMIT
+0x428 ExtendedFeatureDisableMask : Uint8B
+0x430 HgsFeedbackStartTime : Uint8B
+0x438 HgsFeedbackCycles : Uint8B
+0x440 HgsInvalidFeedbackCount : Uint4B
+0x444 HgsLowerPerfClassFeedbackCount : Uint4B
+0x448 HgsHigherPerfClassFeedbackCount : Uint4B
+0x44c Spare27 : Uint4B
+0x450 SystemAffinityTokenListHead : _SINGLE_LIST_ENTRY
+0x458 IptSaveArea : Ptr64 Void
+0x460 EndPadding : [4] Uint8B[/CODE]
[CODE title="ETHREAD"]
+0x000 Tcb : _KTHREAD
+0x480 CreateTime : _LARGE_INTEGER
+0x488 ExitTime : _LARGE_INTEGER
+0x488 KeyedWaitChain : _LIST_ENTRY
+0x498 PostBlockList : _LIST_ENTRY
+0x498 ForwardLinkShadow : Ptr64 Void
+0x4a0 StartAddress : Ptr64 Void
+0x4a8 TerminationPort : Ptr64 _TERMINATION_PORT
+0x4a8 ReaperLink : Ptr64 _ETHREAD
+0x4a8 KeyedWaitValue : Ptr64 Void
+0x4b0 ActiveTimerListLock : Uint8B
+0x4b8 ActiveTimerListHead : _LIST_ENTRY
+0x4c8 Cid : _CLIENT_ID
+0x4d8 KeyedWaitSemaphore : _KSEMAPHORE
+0x4d8 AlpcWaitSemaphore : _KSEMAPHORE
+0x4f8 ClientSecurity : _PS_CLIENT_SECURITY_CONTEXT
+0x500 IrpList : _LIST_ENTRY
+0x510 TopLevelIrp : Uint8B
+0x518 DeviceToVerify : Ptr64 _DEVICE_OBJECT
+0x520 Win32StartAddress : Ptr64 Void
+0x528 ChargeOnlySession : Ptr64 Void
+0x530 LegacyPowerObject : Ptr64 Void
+0x538 ThreadListEntry : _LIST_ENTRY
+0x548 RundownProtect : _EX_RUNDOWN_REF
+0x550 ThreadLock : _EX_PUSH_LOCK
+0x558 ReadClusterSize : Uint4B
+0x55c MmLockOrdering : Int4B
+0x560 CrossThreadFlags : Uint4B
+0x560 Terminated : Pos 0, 1 Bit
+0x560 ThreadInserted : Pos 1, 1 Bit
+0x560 HideFromDebugger : Pos 2, 1 Bit
+0x560 ActiveImpersonationInfo : Pos 3, 1 Bit
+0x560 HardErrorsAreDisabled : Pos 4, 1 Bit
+0x560 BreakOnTermination : Pos 5, 1 Bit
+0x560 SkipCreationMsg : Pos 6, 1 Bit
+0x560 SkipTerminationMsg : Pos 7, 1 Bit
+0x560 CopyTokenOnOpen : Pos 8, 1 Bit
+0x560 ThreadIoPriority : Pos 9, 3 Bits
+0x560 ThreadPagePriority : Pos 12, 3 Bits
+0x560 RundownFail : Pos 15, 1 Bit
+0x560 UmsForceQueueTermination : Pos 16, 1 Bit
+0x560 IndirectCpuSets : Pos 17, 1 Bit
+0x560 DisableDynamicCodeOptOut : Pos 18, 1 Bit
+0x560 ExplicitCaseSensitivity : Pos 19, 1 Bit
+0x560 PicoNotifyExit : Pos 20, 1 Bit
+0x560 DbgWerUserReportActive : Pos 21, 1 Bit
+0x560 ForcedSelfTrimActive : Pos 22, 1 Bit
+0x560 SamplingCoverage : Pos 23, 1 Bit
+0x560 ReservedCrossThreadFlags : Pos 24, 8 Bits
+0x564 SameThreadPassiveFlags : Uint4B
+0x564 ActiveExWorker : Pos 0, 1 Bit
+0x564 MemoryMaker : Pos 1, 1 Bit
+0x564 StoreLockThread : Pos 2, 2 Bits
+0x564 ClonedThread : Pos 4, 1 Bit
+0x564 KeyedEventInUse : Pos 5, 1 Bit
+0x564 SelfTerminate : Pos 6, 1 Bit
+0x564 RespectIoPriority : Pos 7, 1 Bit
+0x564 ActivePageLists : Pos 8, 1 Bit
+0x564 SecureContext : Pos 9, 1 Bit
+0x564 ZeroPageThread : Pos 10, 1 Bit
+0x564 WorkloadClass : Pos 11, 1 Bit
+0x564 ReservedSameThreadPassiveFlags : Pos 12, 20 Bits
+0x568 SameThreadApcFlags : Uint4B
+0x568 OwnsProcessAddressSpaceExclusive : Pos 0, 1 Bit
+0x568 OwnsProcessAddressSpaceShared : Pos 1, 1 Bit
+0x568 HardFaultBehavior : Pos 2, 1 Bit
+0x568 StartAddressInvalid : Pos 3, 1 Bit
+0x568 EtwCalloutActive : Pos 4, 1 Bit
+0x568 SuppressSymbolLoad : Pos 5, 1 Bit
+0x568 Prefetching : Pos 6, 1 Bit
+0x568 OwnsVadExclusive : Pos 7, 1 Bit
+0x569 SystemPagePriorityActive : Pos 0, 1 Bit
+0x569 SystemPagePriority : Pos 1, 3 Bits
+0x569 AllowUserWritesToExecutableMemory : Pos 4, 1 Bit
+0x569 AllowKernelWritesToExecutableMemory : Pos 5, 1 Bit
+0x569 OwnsVadShared : Pos 6, 1 Bit
+0x569 SessionAttachActive : Pos 7, 1 Bit
+0x56a PasidMsrValid : Pos 0, 1 Bit
+0x56c CacheManagerActive : UChar
+0x56d DisablePageFaultClustering : UChar
+0x56e ActiveFaultCount : UChar
+0x56f LockOrderState : UChar
+0x570 PerformanceCountLowReserved : Uint4B
+0x574 PerformanceCountHighReserved : Int4B
+0x578 AlpcMessageId : Uint8B
+0x580 AlpcMessage : Ptr64 Void
+0x580 AlpcReceiveAttributeSet : Uint4B
+0x588 AlpcWaitListEntry : _LIST_ENTRY
+0x598 ExitStatus : Int4B
+0x59c CacheManagerCount : Uint4B
+0x5a0 IoBoostCount : Uint4B
+0x5a4 IoQoSBoostCount : Uint4B
+0x5a8 IoQoSThrottleCount : Uint4B
+0x5ac KernelStackReference : Uint4B
+0x5b0 BoostList : _LIST_ENTRY
+0x5c0 DeboostList : _LIST_ENTRY
+0x5d0 BoostListLock : Uint8B
+0x5d8 IrpListLock : Uint8B
+0x5e0 ReservedForSynchTracking : Ptr64 Void
+0x5e8 CmCallbackListHead : _SINGLE_LIST_ENTRY
+0x5f0 ActivityId : Ptr64 _GUID
+0x5f8 SeLearningModeListHead : _SINGLE_LIST_ENTRY
+0x600 VerifierContext : Ptr64 Void
+0x608 AdjustedClientToken : Ptr64 Void
+0x610 WorkOnBehalfThread : Ptr64 Void
+0x618 PropertySet : _PS_PROPERTY_SET
+0x630 PicoContext : Ptr64 Void
+0x638 UserFsBase : Uint8B
+0x640 UserGsBase : Uint8B
+0x648 EnergyValues : Ptr64 _THREAD_ENERGY_VALUES
+0x650 SelectedCpuSets : Uint8B
+0x650 SelectedCpuSetsIndirect : Ptr64 Uint8B
+0x658 Silo : Ptr64 _EJOB
+0x660 ThreadName : Ptr64 _UNICODE_STRING
+0x668 SetContextState : Ptr64 _CONTEXT
+0x670 LastExpectedRunTime : Uint4B
+0x674 HeapData : Uint4B
+0x678 OwnerEntryListHead : _LIST_ENTRY
+0x688 DisownedOwnerEntryListLock : Uint8B
+0x690 DisownedOwnerEntryListHead : _LIST_ENTRY
+0x6a0 LockEntries : [6] _KLOCK_ENTRY
+0x8e0 CmThreadInfo : Ptr64 Void
+0x8e8 FlsData : Ptr64 Void[/CODE]
