//0x788 bytes (sizeof)
struct _ETHREAD
{
struct
_KTHREAD Tcb; //0x0
union
_LARGE_INTEGER CreateTime; //0x4c0
union
{
union
_LARGE_INTEGER ExitTime; //0x4c8
struct
_LIST_ENTRY KeyedWaitChain; //0x4c8
};
union
{
struct
_LIST_ENTRY PostBlockList; //0x4d8
struct
{
VOID* ForwardLinkShadow; //0x4d8
VOID* StartAddress; //0x4e0
};
};
union
{
struct
_TERMINATION_PORT* TerminationPort; //0x4e8
struct
_ETHREAD* ReaperLink; //0x4e8
VOID* KeyedWaitValue; //0x4e8
};
ULONGLONG ActiveTimerListLock; //0x4f0
struct
_LIST_ENTRY ActiveTimerListHead; //0x4f8
struct
_CLIENT_ID Cid; //0x508
union
{
struct
_KSEMAPHORE KeyedWaitSemaphore; //0x518
struct
_KSEMAPHORE AlpcWaitSemaphore; //0x518
};
union
_PS_CLIENT_SECURITY_CONTEXT ClientSecurity; //0x538
struct
_LIST_ENTRY IrpList; //0x540
ULONGLONG TopLevelIrp; //0x550
struct
_DEVICE_OBJECT* DeviceToVerify; //0x558
VOID* Win32StartAddress; //0x560
VOID* ChargeOnlySession; //0x568
VOID* LegacyPowerObject; //0x570
struct
_LIST_ENTRY ThreadListEntry; //0x578
struct
_EX_RUNDOWN_REF RundownProtect; //0x588
struct
_EX_PUSH_LOCK ThreadLock; //0x590
ULONG ReadClusterSize; //0x598
volatile ULONG MmLockOrdering; //0x59c
union
{
ULONG CrossThreadFlags; //0x5a0
struct
{
ULONG Terminated:1; //0x5a0
ULONG ThreadInserted:1; //0x5a0
ULONG HideFromDebugger:1; //0x5a0
ULONG ActiveImpersonationInfo:1; //0x5a0
ULONG HardErrorsAreDisabled:1; //0x5a0
ULONG BreakOnTermination:1; //0x5a0
ULONG SkipCreationMsg:1; //0x5a0
ULONG SkipTerminationMsg:1; //0x5a0
ULONG CopyTokenOnOpen:1; //0x5a0
ULONG ThreadIoPriority:3; //0x5a0
ULONG ThreadPagePriority:3; //0x5a0
ULONG RundownFail:1; //0x5a0
ULONG UmsForceQueueTermination:1; //0x5a0
ULONG IndirectCpuSets:1; //0x5a0
ULONG DisableDynamicCodeOptOut:1; //0x5a0
ULONG ExplicitCaseSensitivity:1; //0x5a0
ULONG PicoNotifyExit:1; //0x5a0
ULONG DbgWerUserReportActive:1; //0x5a0
ULONG ForcedSelfTrimActive:1; //0x5a0
ULONG SamplingCoverage:1; //0x5a0
ULONG ImpersonationSchedulingGroup:1; //0x5a0
ULONG ReservedCrossThreadFlags:7; //0x5a0
};
};
union
{
ULONG SameThreadPassiveFlags; //0x5a4
struct
{
ULONG ActiveExWorker:1; //0x5a4
ULONG MemoryMaker:1; //0x5a4
ULONG StoreLockThread:2; //0x5a4
ULONG ClonedThread:1; //0x5a4
ULONG KeyedEventInUse:1; //0x5a4
ULONG SelfTerminate:1; //0x5a4
ULONG RespectIoPriority:1; //0x5a4
ULONG ActivePageLists:1; //0x5a4
ULONG SecureContext:1; //0x5a4
ULONG ZeroPageThread:1; //0x5a4
ULONG WorkloadClass:1; //0x5a4
ULONG GenerateDumpOnBadHandleAccess:1; //0x5a4
ULONG BalanceSetManager:1; //0x5a4
ULONG ReservedSameThreadPassiveFlags:18; //0x5a4
};
};
union
{
ULONG SameThreadApcFlags; //0x5a8
struct
{
UCHAR OwnsProcessAddressSpaceExclusive:1; //0x5a8
UCHAR OwnsProcessAddressSpaceShared:1; //0x5a8
UCHAR HardFaultBehavior:1; //0x5a8
volatile UCHAR StartAddressInvalid:1; //0x5a8
UCHAR EtwCalloutActive:1; //0x5a8
UCHAR SuppressSymbolLoad:1; //0x5a8
UCHAR Prefetching:1; //0x5a8
UCHAR OwnsVadExclusive:1; //0x5a8
UCHAR SystemPagePriorityActive:1; //0x5a9
UCHAR SystemPagePriority:3; //0x5a9
UCHAR AllowUserWritesToExecutableMemory:1; //0x5a9
UCHAR AllowKernelWritesToExecutableMemory:1; //0x5a9
UCHAR OwnsVadShared:1; //0x5a9
UCHAR PasidMsrValid:1; //0x5a9
UCHAR SlabReplenishInProgress:1; //0x5aa
};
};
UCHAR CacheManagerActive; //0x5ac
UCHAR DisablePageFaultClustering; //0x5ad
UCHAR ActiveFaultCount; //0x5ae
UCHAR LockOrderState; //0x5af
ULONG SharedPsModuleLockAcquires; //0x5b0
ULONG MmReserved; //0x5b4
ULONGLONG AlpcMessageId; //0x5b8
union
{
VOID* AlpcMessage; //0x5c0
ULONG AlpcReceiveAttributeSet; //0x5c0
};
struct
_LIST_ENTRY AlpcWaitListEntry; //0x5c8
LONG ExitStatus; //0x5d8
ULONG CacheManagerCount; //0x5dc
ULONG IoBoostCount; //0x5e0
ULONG IoQoSBoostCount; //0x5e4
ULONG IoQoSThrottleCount; //0x5e8
ULONG KernelStackReference; //0x5ec
struct
_LIST_ENTRY BoostList; //0x5f0
struct
_LIST_ENTRY DeboostList; //0x600
ULONGLONG BoostListLock; //0x610
ULONGLONG IrpListLock; //0x618
VOID* ReservedForSynchTracking; //0x620
struct
_SINGLE_LIST_ENTRY CmCallbackListHead; //0x628
struct
_GUID* ActivityId; //0x630
struct
_SINGLE_LIST_ENTRY SeLearningModeListHead; //0x638
VOID* VerifierContext; //0x640
VOID* AdjustedClientToken; //0x648
VOID* WorkOnBehalfThread; //0x650
struct
_PS_PROPERTY_SET PropertySet; //0x658
VOID* PicoContext; //0x670
ULONGLONG UserFsBase; //0x678
ULONGLONG UserGsBase; //0x680
struct
_THREAD_ENERGY_VALUES* EnergyValues; //0x688
union
{
ULONGLONG SelectedCpuSets; //0x690
ULONGLONG* SelectedCpuSetsIndirect; //0x690
};
struct
_EJOB* Silo; //0x698
struct
_UNICODE_STRING* ThreadName; //0x6a0
struct
_CONTEXT* SetContextState; //0x6a8
VOID* EtwSupport; //0x6b0
struct
_LIST_ENTRY OwnerEntryListHead; //0x6b8
ULONGLONG DisownedOwnerEntryListLock; //0x6c8
struct
_LIST_ENTRY DisownedOwnerEntryListHead; //0x6d0
VOID* SchedulerSharedDataObject; //0x6e0
VOID* CmThreadInfo; //0x6e8
VOID* FlsData; //0x6f0
ULONG LastExpectedRunTime; //0x6f8
ULONG LastSoftParkElectionRunTime; //0x6fc
ULONGLONG LastSoftParkElectionGeneration; //0x700
struct
_GROUP_AFFINITY LastSoftParkElectionGroupAffinity; //0x708
ULONGLONG UserIsolationDomain; //0x718
union
{
struct
_KAPC UpdateTebApc; //0x720
struct
{
UCHAR UpdateTebApcFill1[3]; //0x720
CHAR Win32kPriorityFloor; //0x723
};
struct
{
UCHAR UpdateTebApcFill2[4]; //0x720
UCHAR LastSoftParkElectionQos; //0x724
UCHAR LastSoftParkElectionWorkloadType; //0x725
UCHAR LastSoftParkElectionRunningType; //0x726
UCHAR MmSlabIdentity; //0x727
};
struct
{
UCHAR UpdateTebApcFill3[64]; //0x720
union
_RTL_THREAD_RNG_STATE RngState; //0x760
};
struct
{
UCHAR UpdateTebApcFill4[72]; //0x720
VOID* UsedByRngState; //0x768
};
struct
{
UCHAR UpdateTebApcFill5[83]; //0x720
UCHAR UpdateTebSpareByte2; //0x773
ULONG UpdateTebSpareLong2; //0x774
};
};
ULONGLONG Win32kThreadLock; //0x778
VOID* ThreadIndex; //0x780
};