//0x4d0 bytes (sizeof)
struct _EPROCESS
{
struct _KPROCESS Pcb; //0x0
struct _EX_PUSH_LOCK ProcessLock; //0x160
union _LARGE_INTEGER CreateTime; //0x168
union _LARGE_INTEGER ExitTime; //0x170
struct _EX_RUNDOWN_REF RundownProtect; //0x178
VOID* UniqueProcessId; //0x180
struct _LIST_ENTRY ActiveProcessLinks; //0x188
ULONGLONG ProcessQuotaUsage[2]; //0x198
ULONGLONG ProcessQuotaPeak[2]; //0x1a8
volatile ULONGLONG CommitCharge; //0x1b8
struct _EPROCESS_QUOTA_BLOCK* QuotaBlock; //0x1c0
struct _PS_CPU_QUOTA_BLOCK* CpuQuotaBlock; //0x1c8
ULONGLONG PeakVirtualSize; //0x1d0
ULONGLONG VirtualSize; //0x1d8
struct _LIST_ENTRY SessionProcessLinks; //0x1e0
VOID* DebugPort; //0x1f0
union
{
VOID* ExceptionPortData; //0x1f8
ULONGLONG ExceptionPortValue; //0x1f8
ULONGLONG ExceptionPortState:3; //0x1f8
};
struct _HANDLE_TABLE* ObjectTable; //0x200
struct _EX_FAST_REF Token; //0x208
ULONGLONG WorkingSetPage; //0x210
struct _EX_PUSH_LOCK AddressCreationLock; //0x218
struct _ETHREAD* RotateInProgress; //0x220
struct _ETHREAD* ForkInProgress; //0x228
ULONGLONG HardwareTrigger; //0x230
struct _MM_AVL_TABLE* PhysicalVadRoot; //0x238
VOID* CloneRoot; //0x240
volatile ULONGLONG NumberOfPrivatePages; //0x248
volatile ULONGLONG NumberOfLockedPages; //0x250
VOID* Win32Process; //0x258
struct _EJOB* volatile Job; //0x260
VOID* SectionObject; //0x268
VOID* SectionBaseAddress; //0x270
ULONG Cookie; //0x278
ULONG UmsScheduledThreads; //0x27c
struct _PAGEFAULT_HISTORY* WorkingSetWatch; //0x280
VOID* Win32WindowStation; //0x288
VOID* InheritedFromUniqueProcessId; //0x290
VOID* LdtInformation; //0x298
VOID* Spare; //0x2a0
ULONGLONG ConsoleHostProcess; //0x2a8
VOID* DeviceMap; //0x2b0
VOID* EtwDataSource; //0x2b8
VOID* FreeTebHint; //0x2c0
VOID* FreeUmsTebHint; //0x2c8
union
{
struct _HARDWARE_PTE PageDirectoryPte; //0x2d0
ULONGLONG Filler; //0x2d0
};
VOID* Session; //0x2d8
UCHAR ImageFileName[15]; //0x2e0
UCHAR PriorityClass; //0x2ef
struct _LIST_ENTRY JobLinks; //0x2f0
VOID* LockedPagesList; //0x300
struct _LIST_ENTRY ThreadListHead; //0x308
VOID* SecurityPort; //0x318
VOID* Wow64Process; //0x320
volatile ULONG ActiveThreads; //0x328
ULONG ImagePathHash; //0x32c
ULONG DefaultHardErrorProcessing; //0x330
LONG LastThreadExitStatus; //0x334
struct _PEB* Peb; //0x338
struct _EX_FAST_REF PrefetchTrace; //0x340
union _LARGE_INTEGER ReadOperationCount; //0x348
union _LARGE_INTEGER WriteOperationCount; //0x350
union _LARGE_INTEGER OtherOperationCount; //0x358
union _LARGE_INTEGER ReadTransferCount; //0x360
union _LARGE_INTEGER WriteTransferCount; //0x368
union _LARGE_INTEGER OtherTransferCount; //0x370
ULONGLONG CommitChargeLimit; //0x378
volatile ULONGLONG CommitChargePeak; //0x380
VOID* AweInfo; //0x388
struct _SE_AUDIT_PROCESS_CREATION_INFO SeAuditProcessCreationInfo; //0x390
struct _MMSUPPORT Vm; //0x398
struct _LIST_ENTRY MmProcessLinks; //0x420
VOID* HighestUserAddress; //0x430
ULONG ModifiedPageCount; //0x438
union
{
ULONG Flags2; //0x43c
struct
{
ULONG JobNotReallyActive:1; //0x43c
ULONG AccountingFolded:1; //0x43c
ULONG NewProcessReported:1; //0x43c
ULONG ExitProcessReported:1; //0x43c
ULONG ReportCommitChanges:1; //0x43c
ULONG LastReportMemory:1; //0x43c
ULONG ReportPhysicalPageChanges:1; //0x43c
ULONG HandleTableRundown:1; //0x43c
ULONG NeedsHandleRundown:1; //0x43c
ULONG RefTraceEnabled:1; //0x43c
ULONG NumaAware:1; //0x43c
ULONG ProtectedProcess:1; //0x43c
ULONG DefaultPagePriority:3; //0x43c
ULONG PrimaryTokenFrozen:1; //0x43c
ULONG ProcessVerifierTarget:1; //0x43c
ULONG StackRandomizationDisabled:1; //0x43c
ULONG AffinityPermanent:1; //0x43c
ULONG AffinityUpdateEnable:1; //0x43c
ULONG PropagateNode:1; //0x43c
ULONG ExplicitAffinity:1; //0x43c
};
};
union
{
ULONG Flags; //0x440
struct
{
ULONG CreateReported:1; //0x440
ULONG NoDebugInherit:1; //0x440
ULONG ProcessExiting:1; //0x440
ULONG ProcessDelete:1; //0x440
ULONG Wow64SplitPages:1; //0x440
ULONG VmDeleted:1; //0x440
ULONG OutswapEnabled:1; //0x440
ULONG Outswapped:1; //0x440
ULONG ForkFailed:1; //0x440
ULONG Wow64VaSpace4Gb:1; //0x440
ULONG AddressSpaceInitialized:2; //0x440
ULONG SetTimerResolution:1; //0x440
ULONG BreakOnTermination:1; //0x440
ULONG DeprioritizeViews:1; //0x440
ULONG WriteWatch:1; //0x440
ULONG ProcessInSession:1; //0x440
ULONG OverrideAddressSpace:1; //0x440
ULONG HasAddressSpace:1; //0x440
ULONG LaunchPrefetched:1; //0x440
ULONG InjectInpageErrors:1; //0x440
ULONG VmTopDown:1; //0x440
ULONG ImageNotifyDone:1; //0x440
ULONG PdeUpdateNeeded:1; //0x440
ULONG VdmAllowed:1; //0x440
ULONG CrossSessionCreate:1; //0x440
ULONG ProcessInserted:1; //0x440
ULONG DefaultIoPriority:3; //0x440
ULONG ProcessSelfDelete:1; //0x440
ULONG SetTimerResolutionLink:1; //0x440
};
};
LONG ExitStatus; //0x444
struct _MM_AVL_TABLE VadRoot; //0x448
struct _ALPC_PROCESS_CONTEXT AlpcContext; //0x488
struct _LIST_ENTRY TimerResolutionLink; //0x4a8
ULONG RequestedTimerResolution; //0x4b8
ULONG ActiveThreadsHighWatermark; //0x4bc
ULONG SmallestTimerResolution; //0x4c0
struct _PO_DIAG_STACK_RECORD* TimerResolutionStackRecord; //0x4c8
};