//0x330 bytes (sizeof)
struct _KTHREAD
{
struct _DISPATCHER_HEADER Header; //0x0
volatile ULONGLONG CycleTime; //0x18
ULONGLONG QuantumTarget; //0x20
VOID* InitialStack; //0x28
VOID* volatile StackLimit; //0x30
VOID* KernelStack; //0x38
ULONGLONG ThreadLock; //0x40
union
{
struct _KAPC_STATE ApcState; //0x48
struct
{
UCHAR ApcStateFill[43]; //0x48
CHAR Priority; //0x73
volatile USHORT NextProcessor; //0x74
volatile USHORT DeferredProcessor; //0x76
};
};
ULONGLONG ApcQueueLock; //0x78
LONGLONG WaitStatus; //0x80
union
{
struct _KWAIT_BLOCK* WaitBlockList; //0x88
struct _KGATE* GateObject; //0x88
};
union
{
struct
{
ULONG KernelStackResident:1; //0x90
ULONG ReadyTransition:1; //0x90
ULONG ProcessReadyQueue:1; //0x90
ULONG WaitNext:1; //0x90
ULONG SystemAffinityActive:1; //0x90
ULONG Alertable:1; //0x90
ULONG GdiFlushActive:1; //0x90
ULONG Reserved:25; //0x90
};
LONG MiscFlags; //0x90
};
UCHAR WaitReason; //0x94
volatile UCHAR SwapBusy; //0x95
UCHAR Alerted[2]; //0x96
union
{
struct _LIST_ENTRY WaitListEntry; //0x98
struct _SINGLE_LIST_ENTRY SwapListEntry; //0x98
};
struct _KQUEUE* Queue; //0xa8
VOID* Teb; //0xb0
union
{
struct _KTIMER Timer; //0xb8
struct
{
UCHAR TimerFill[60]; //0xb8
union
{
struct
{
volatile ULONG AutoAlignment:1; //0xf4
volatile ULONG DisableBoost:1; //0xf4
volatile ULONG EtwStackTraceApc1Inserted:1; //0xf4
volatile ULONG EtwStackTraceApc2Inserted:1; //0xf4
volatile ULONG CycleChargePending:1; //0xf4
volatile ULONG CalloutActive:1; //0xf4
volatile ULONG ApcQueueable:1; //0xf4
volatile ULONG EnableStackSwap:1; //0xf4
volatile ULONG GuiThread:1; //0xf4
volatile ULONG ReservedFlags:23; //0xf4
};
volatile LONG ThreadFlags; //0xf4
};
};
};
union
{
struct _KWAIT_BLOCK WaitBlock[4]; //0xf8
struct
{
UCHAR WaitBlockFill0[43]; //0xf8
UCHAR IdealProcessor; //0x123
};
struct
{
UCHAR WaitBlockFill1[91]; //0xf8
CHAR PreviousMode; //0x153
};
struct
{
UCHAR WaitBlockFill2[139]; //0xf8
UCHAR ResourceIndex; //0x183
};
struct
{
UCHAR WaitBlockFill3[187]; //0xf8
UCHAR LargeStack; //0x1b3
};
struct
{
UCHAR WaitBlockFill4[44]; //0xf8
ULONG ContextSwitches; //0x124
};
struct
{
UCHAR WaitBlockFill5[92]; //0xf8
volatile UCHAR State; //0x154
UCHAR NpxState; //0x155
UCHAR WaitIrql; //0x156
CHAR WaitMode; //0x157
};
struct
{
UCHAR WaitBlockFill6[140]; //0xf8
ULONG WaitTime; //0x184
};
struct
{
UCHAR WaitBlockFill7[188]; //0xf8
union
{
struct
{
SHORT KernelApcDisable; //0x1b4
SHORT SpecialApcDisable; //0x1b6
};
ULONG CombinedApcDisable; //0x1b4
};
};
};
struct _LIST_ENTRY QueueListEntry; //0x1b8
struct _KTRAP_FRAME* TrapFrame; //0x1c8
VOID* FirstArgument; //0x1d0
union
{
VOID* CallbackStack; //0x1d8
ULONGLONG CallbackDepth; //0x1d8
};
UCHAR ApcStateIndex; //0x1e0
CHAR BasePriority; //0x1e1
CHAR PriorityDecrement; //0x1e2
UCHAR Preempted; //0x1e3
UCHAR AdjustReason; //0x1e4
CHAR AdjustIncrement; //0x1e5
UCHAR Spare01; //0x1e6
CHAR Saturation; //0x1e7
ULONG SystemCallNumber; //0x1e8
ULONG Spare02; //0x1ec
ULONGLONG UserAffinity; //0x1f0
struct _KPROCESS* Process; //0x1f8
volatile ULONGLONG Affinity; //0x200
struct _KAPC_STATE* ApcStatePointer[2]; //0x208
union
{
struct _KAPC_STATE SavedApcState; //0x218
struct
{
UCHAR SavedApcStateFill[43]; //0x218
CHAR FreezeCount; //0x243
CHAR SuspendCount; //0x244
UCHAR UserIdealProcessor; //0x245
UCHAR Spare03; //0x246
UCHAR CodePatchInProgress; //0x247
};
};
VOID* volatile Win32Thread; //0x248
VOID* StackBase; //0x250
union
{
struct _KAPC SuspendApc; //0x258
struct
{
UCHAR SuspendApcFill0[1]; //0x258
CHAR Spare04; //0x259
};
struct
{
UCHAR SuspendApcFill1[3]; //0x258
UCHAR QuantumReset; //0x25b
};
struct
{
UCHAR SuspendApcFill2[4]; //0x258
ULONG KernelTime; //0x25c
};
struct
{
UCHAR SuspendApcFill3[64]; //0x258
struct _KPRCB* WaitPrcb; //0x298
};
struct
{
UCHAR SuspendApcFill4[72]; //0x258
VOID* LegoData; //0x2a0
};
struct
{
UCHAR SuspendApcFill5[83]; //0x258
UCHAR PowerState; //0x2ab
ULONG UserTime; //0x2ac
};
};
union
{
struct _KSEMAPHORE SuspendSemaphore; //0x2b0
struct
{
UCHAR SuspendSemaphorefill[28]; //0x2b0
ULONG SListFaultCount; //0x2cc
};
};
struct _LIST_ENTRY ThreadListEntry; //0x2d0
struct _LIST_ENTRY MutantListHead; //0x2e0
VOID* SListFaultAddress; //0x2f0
LONGLONG ReadOperationCount; //0x2f8
LONGLONG WriteOperationCount; //0x300
LONGLONG OtherOperationCount; //0x308
LONGLONG ReadTransferCount; //0x310
LONGLONG WriteTransferCount; //0x318
LONGLONG OtherTransferCount; //0x320
VOID* volatile MdlForLockedTeb; //0x328
};