//0x798 bytes (sizeof)
struct _EPROCESS
{
struct
_KPROCESS Pcb; //0x0
struct
_EX_PUSH_LOCK ProcessLock; //0x2d8
struct
_EX_RUNDOWN_REF RundownProtect; //0x2e0
VOID* UniqueProcessId; //0x2e8
struct
_LIST_ENTRY ActiveProcessLinks; //0x2f0
union
{
ULONG Flags2; //0x300
struct
{
ULONG JobNotReallyActive:1; //0x300
ULONG AccountingFolded:1; //0x300
ULONG NewProcessReported:1; //0x300
ULONG ExitProcessReported:1; //0x300
ULONG ReportCommitChanges:1; //0x300
ULONG LastReportMemory:1; //0x300
ULONG ForceWakeCharge:1; //0x300
ULONG CrossSessionCreate:1; //0x300
ULONG NeedsHandleRundown:1; //0x300
ULONG RefTraceEnabled:1; //0x300
ULONG DisableDynamicCode:1; //0x300
ULONG EmptyJobEvaluated:1; //0x300
ULONG DefaultPagePriority:3; //0x300
ULONG PrimaryTokenFrozen:1; //0x300
ULONG ProcessVerifierTarget:1; //0x300
ULONG StackRandomizationDisabled:1; //0x300
ULONG AffinityPermanent:1; //0x300
ULONG AffinityUpdateEnable:1; //0x300
ULONG PropagateNode:1; //0x300
ULONG ExplicitAffinity:1; //0x300
ULONG ProcessExecutionState:2; //0x300
ULONG DisallowStrippedImages:1; //0x300
ULONG HighEntropyASLREnabled:1; //0x300
ULONG ExtensionPointDisable:1; //0x300
ULONG ForceRelocateImages:1; //0x300
ULONG ProcessStateChangeRequest:2; //0x300
ULONG ProcessStateChangeInProgress:1; //0x300
ULONG DisallowWin32kSystemCalls:1; //0x300
};
};
union
{
ULONG Flags; //0x304
struct
{
ULONG CreateReported:1; //0x304
ULONG NoDebugInherit:1; //0x304
ULONG ProcessExiting:1; //0x304
ULONG ProcessDelete:1; //0x304
ULONG ControlFlowGuardEnabled:1; //0x304
ULONG VmDeleted:1; //0x304
ULONG OutswapEnabled:1; //0x304
ULONG Outswapped:1; //0x304
ULONG FailFastOnCommitFail:1; //0x304
ULONG Wow64VaSpace4Gb:1; //0x304
ULONG AddressSpaceInitialized:2; //0x304
ULONG SetTimerResolution:1; //0x304
ULONG BreakOnTermination:1; //0x304
ULONG DeprioritizeViews:1; //0x304
ULONG WriteWatch:1; //0x304
ULONG ProcessInSession:1; //0x304
ULONG OverrideAddressSpace:1; //0x304
ULONG HasAddressSpace:1; //0x304
ULONG LaunchPrefetched:1; //0x304
ULONG Background:1; //0x304
ULONG VmTopDown:1; //0x304
ULONG ImageNotifyDone:1; //0x304
ULONG PdeUpdateNeeded:1; //0x304
ULONG VdmAllowed:1; //0x304
ULONG ProcessRundown:1; //0x304
ULONG ProcessInserted:1; //0x304
ULONG DefaultIoPriority:3; //0x304
ULONG ProcessSelfDelete:1; //0x304
ULONG SetTimerResolutionLink:1; //0x304
};
};
union
_LARGE_INTEGER CreateTime; //0x308
ULONGLONG ProcessQuotaUsage[2]; //0x310
ULONGLONG ProcessQuotaPeak[2]; //0x320
ULONGLONG PeakVirtualSize; //0x330
ULONGLONG VirtualSize; //0x338
struct
_LIST_ENTRY SessionProcessLinks; //0x340
union
{
VOID* ExceptionPortData; //0x350
ULONGLONG ExceptionPortValue; //0x350
ULONGLONG ExceptionPortState:3; //0x350
};
struct
_EX_FAST_REF Token; //0x358
ULONGLONG WorkingSetPage; //0x360
struct
_EX_PUSH_LOCK AddressCreationLock; //0x368
struct
_EX_PUSH_LOCK PageTableCommitmentLock; //0x370
struct
_ETHREAD* RotateInProgress; //0x378
struct
_ETHREAD* ForkInProgress; //0x380
struct
_EJOB* volatile CommitChargeJob; //0x388
struct
_RTL_AVL_TREE CloneRoot; //0x390
volatile ULONGLONG NumberOfPrivatePages; //0x398
volatile ULONGLONG NumberOfLockedPages; //0x3a0
VOID* Win32Process; //0x3a8
struct
_EJOB* volatile Job; //0x3b0
VOID* SectionObject; //0x3b8
VOID* SectionBaseAddress; //0x3c0
ULONG Cookie; //0x3c8
struct
_PAGEFAULT_HISTORY* WorkingSetWatch; //0x3d0
VOID* Win32WindowStation; //0x3d8
VOID* InheritedFromUniqueProcessId; //0x3e0
VOID* LdtInformation; //0x3e8
volatile ULONGLONG OwnerProcessId; //0x3f0
struct
_PEB* Peb; //0x3f8
VOID* Session; //0x400
VOID* AweInfo; //0x408
struct
_EPROCESS_QUOTA_BLOCK* QuotaBlock; //0x410
struct
_HANDLE_TABLE* ObjectTable; //0x418
VOID* DebugPort; //0x420
VOID* Wow64Process; //0x428
VOID* DeviceMap; //0x430
VOID* EtwDataSource; //0x438
ULONGLONG PageDirectoryPte; //0x440
UCHAR ImageFileName[15]; //0x448
UCHAR PriorityClass; //0x457
VOID* SecurityPort; //0x458
struct
_SE_AUDIT_PROCESS_CREATION_INFO SeAuditProcessCreationInfo; //0x460
struct
_LIST_ENTRY JobLinks; //0x468
VOID* HighestUserAddress; //0x478
struct
_LIST_ENTRY ThreadListHead; //0x480
volatile ULONG ActiveThreads; //0x490
ULONG ImagePathHash; //0x494
ULONG DefaultHardErrorProcessing; //0x498
LONG LastThreadExitStatus; //0x49c
struct
_EX_FAST_REF PrefetchTrace; //0x4a0
VOID* LockedPagesList; //0x4a8
union
_LARGE_INTEGER ReadOperationCount; //0x4b0
union
_LARGE_INTEGER WriteOperationCount; //0x4b8
union
_LARGE_INTEGER OtherOperationCount; //0x4c0
union
_LARGE_INTEGER ReadTransferCount; //0x4c8
union
_LARGE_INTEGER WriteTransferCount; //0x4d0
union
_LARGE_INTEGER OtherTransferCount; //0x4d8
ULONGLONG CommitChargeLimit; //0x4e0
volatile ULONGLONG CommitCharge; //0x4e8
volatile ULONGLONG CommitChargePeak; //0x4f0
struct
_MMSUPPORT Vm; //0x4f8
struct
_LIST_ENTRY MmProcessLinks; //0x5f0
ULONG ModifiedPageCount; //0x600
LONG ExitStatus; //0x604
struct
_RTL_AVL_TREE VadRoot; //0x608
VOID* VadHint; //0x610
ULONGLONG VadCount; //0x618
volatile ULONGLONG VadPhysicalPages; //0x620
ULONGLONG VadPhysicalPagesLimit; //0x628
struct
_ALPC_PROCESS_CONTEXT AlpcContext; //0x630
struct
_LIST_ENTRY TimerResolutionLink; //0x650
struct
_PO_DIAG_STACK_RECORD* TimerResolutionStackRecord; //0x660
ULONG RequestedTimerResolution; //0x668
ULONG SmallestTimerResolution; //0x66c
union
_LARGE_INTEGER ExitTime; //0x670
struct
_INVERTED_FUNCTION_TABLE* InvertedFunctionTable; //0x678
struct
_EX_PUSH_LOCK InvertedFunctionTableLock; //0x680
ULONG ActiveThreadsHighWatermark; //0x688
ULONG LargePrivateVadCount; //0x68c
struct
_EX_PUSH_LOCK ThreadListLock; //0x690
VOID* WnfContext; //0x698
ULONGLONG Spare0; //0x6a0
UCHAR SignatureLevel; //0x6a8
UCHAR SectionSignatureLevel; //0x6a9
struct
_PS_PROTECTION Protection; //0x6aa
UCHAR HangCount; //0x6ab
union
{
ULONG Flags3; //0x6ac
struct
{
ULONG Minimal:1; //0x6ac
ULONG ReplacingPageRoot:1; //0x6ac
ULONG DisableNonSystemFonts:1; //0x6ac
ULONG AuditNonSystemFontLoading:1; //0x6ac
ULONG Crashed:1; //0x6ac
ULONG JobVadsAreTracked:1; //0x6ac
ULONG VadTrackingDisabled:1; //0x6ac
ULONG AuxiliaryProcess:1; //0x6ac
ULONG SubsystemProcess:1; //0x6ac
ULONG IndirectCpuSets:1; //0x6ac
ULONG InPrivate:1; //0x6ac
};
};
LONG DeviceAsid; //0x6b0
VOID* SvmData; //0x6b8
struct
_EX_PUSH_LOCK SvmProcessLock; //0x6c0
ULONGLONG SvmLock; //0x6c8
struct
_LIST_ENTRY SvmProcessDeviceListHead; //0x6d0
ULONGLONG LastFreezeInterruptTime; //0x6e0
struct
_PROCESS_DISK_COUNTERS* DiskCounters; //0x6e8
VOID* PicoContext; //0x6f0
ULONGLONG TrustletIdentity; //0x6f8
ULONG KeepAliveCounter; //0x700
ULONG NoWakeKeepAliveCounter; //0x704
ULONG HighPriorityFaultsAllowed; //0x708
struct
_PROCESS_ENERGY_VALUES* EnergyValues; //0x710
VOID* VmContext; //0x718
struct
_ESILO* Silo; //0x720
struct
_LIST_ENTRY SiloEntry; //0x728
ULONGLONG SequenceNumber; //0x738
ULONGLONG CreateInterruptTime; //0x740
ULONGLONG CreateUnbiasedInterruptTime; //0x748
ULONGLONG TotalUnbiasedFrozenTime; //0x750
ULONGLONG LastAppStateUpdateTime; //0x758
ULONGLONG LastAppStateUptime:61; //0x760
ULONGLONG LastAppState:3; //0x760
volatile ULONGLONG SharedCommitCharge; //0x768
struct
_EX_PUSH_LOCK SharedCommitLock; //0x770
struct
_LIST_ENTRY SharedCommitLinks; //0x778
union
{
struct
{
ULONGLONG AllowedCpuSets; //0x788
ULONGLONG DefaultCpuSets; //0x790
};
struct
{
ULONGLONG* AllowedCpuSetsIndirect; //0x788
ULONGLONG* DefaultCpuSetsIndirect; //0x790
};
};
};