//0x280 bytes (sizeof)
struct _KTHREAD
{
struct
_DISPATCHER_HEADER Header; //0x0
VOID* SListFaultAddress; //0x10
ULONGLONG QuantumTarget; //0x18
VOID* InitialStack; //0x20
VOID* volatile StackLimit; //0x24
VOID* StackBase; //0x28
ULONG ThreadLock; //0x2c
volatile ULONGLONG CycleTime; //0x30
volatile ULONG HighCycleTime; //0x38
VOID* ServiceTable; //0x3c
ULONG CurrentRunTime; //0x40
ULONG ExpectedRunTime; //0x44
VOID* KernelStack; //0x48
struct
_XSAVE_FORMAT* StateSaveArea; //0x4c
struct
_KSCHEDULING_GROUP* volatile SchedulingGroup; //0x50
union
_KWAIT_STATUS_REGISTER WaitRegister; //0x54
volatile UCHAR Running; //0x55
UCHAR Alerted[2]; //0x56
union
{
struct
{
ULONG AutoBoostActive:1; //0x58
ULONG ReadyTransition:1; //0x58
ULONG WaitNext:1; //0x58
ULONG SystemAffinityActive:1; //0x58
ULONG Alertable:1; //0x58
ULONG UserStackWalkActive:1; //0x58
ULONG ApcInterruptRequest:1; //0x58
ULONG QuantumEndMigrate:1; //0x58
ULONG UmsDirectedSwitchEnable:1; //0x58
ULONG TimerActive:1; //0x58
ULONG SystemThread:1; //0x58
ULONG ProcessDetachActive:1; //0x58
ULONG CalloutActive:1; //0x58
ULONG ScbReadyQueue:1; //0x58
ULONG ApcQueueable:1; //0x58
ULONG ReservedStackInUse:1; //0x58
ULONG UmsPerformingSyscall:1; //0x58
ULONG TimerSuspended:1; //0x58
ULONG SuspendedWaitMode:1; //0x58
ULONG SuspendSchedulerApcWait:1; //0x58
ULONG CetUserShadowStack:1; //0x58
ULONG BypassProcessFreeze:1; //0x58
ULONG Reserved:10; //0x58
};
LONG MiscFlags; //0x58
};
union
{
struct
{
ULONG ThreadFlagsSpare:2; //0x5c
ULONG AutoAlignment:1; //0x5c
ULONG DisableBoost:1; //0x5c
ULONG AlertedByThreadId:1; //0x5c
ULONG QuantumDonation:1; //0x5c
ULONG EnableStackSwap:1; //0x5c
ULONG GuiThread:1; //0x5c
ULONG DisableQuantum:1; //0x5c
ULONG ChargeOnlySchedulingGroup:1; //0x5c
ULONG DeferPreemption:1; //0x5c
ULONG QueueDeferPreemption:1; //0x5c
ULONG ForceDeferSchedule:1; //0x5c
ULONG SharedReadyQueueAffinity:1; //0x5c
ULONG FreezeCount:1; //0x5c
ULONG TerminationApcRequest:1; //0x5c
ULONG AutoBoostEntriesExhausted:1; //0x5c
ULONG KernelStackResident:1; //0x5c
ULONG TerminateRequestReason:2; //0x5c
ULONG ProcessStackCountDecremented:1; //0x5c
ULONG RestrictedGuiThread:1; //0x5c
ULONG VpBackingThread:1; //0x5c
ULONG ThreadFlagsSpare2:1; //0x5c
ULONG EtwStackTraceApcInserted:8; //0x5c
};
volatile LONG ThreadFlags; //0x5c
};
volatile UCHAR Tag; //0x60
UCHAR SystemHeteroCpuPolicy; //0x61
UCHAR UserHeteroCpuPolicy:7; //0x62
UCHAR ExplicitSystemHeteroCpuPolicy:1; //0x62
UCHAR Spare0; //0x63
ULONG SystemCallNumber; //0x64
VOID* FirstArgument; //0x68
struct
_KTRAP_FRAME* TrapFrame; //0x6c
union
{
struct
_KAPC_STATE ApcState; //0x70
struct
{
UCHAR ApcStateFill[23]; //0x70
CHAR Priority; //0x87
};
};
ULONG UserIdealProcessor; //0x88
ULONG ContextSwitches; //0x8c
volatile UCHAR State; //0x90
CHAR Spare12; //0x91
UCHAR WaitIrql; //0x92
CHAR WaitMode; //0x93
volatile LONG WaitStatus; //0x94
struct
_KWAIT_BLOCK* WaitBlockList; //0x98
union
{
struct
_LIST_ENTRY WaitListEntry; //0x9c
struct
_SINGLE_LIST_ENTRY SwapListEntry; //0x9c
};
struct
_DISPATCHER_HEADER* volatile Queue; //0xa4
VOID* Teb; //0xa8
ULONGLONG RelativeTimerBias; //0xb0
struct
_KTIMER Timer; //0xb8
union
{
struct
_KWAIT_BLOCK WaitBlock[4]; //0xe0
struct
{
UCHAR WaitBlockFill8[20]; //0xe0
struct
_KTHREAD_COUNTERS* ThreadCounters; //0xf4
};
struct
{
UCHAR WaitBlockFill9[44]; //0xe0
struct
_XSTATE_SAVE* XStateSave; //0x10c
};
struct
{
UCHAR WaitBlockFill10[68]; //0xe0
VOID* volatile Win32Thread; //0x124
};
struct
{
UCHAR WaitBlockFill11[88]; //0xe0
ULONG WaitTime; //0x138
union
{
struct
{
SHORT KernelApcDisable; //0x13c
SHORT SpecialApcDisable; //0x13e
};
ULONG CombinedApcDisable; //0x13c
};
};
};
struct
_LIST_ENTRY QueueListEntry; //0x140
union
{
volatile ULONG NextProcessor; //0x148
struct
{
ULONG NextProcessorNumber:31; //0x148
ULONG SharedReadyQueue:1; //0x148
};
};
LONG QueuePriority; //0x14c
struct
_KPROCESS* Process; //0x150
union
{
struct
_GROUP_AFFINITY UserAffinity; //0x154
struct
{
UCHAR UserAffinityFill[6]; //0x154
CHAR PreviousMode; //0x15a
CHAR BasePriority; //0x15b
union
{
CHAR PriorityDecrement; //0x15c
struct
{
UCHAR ForegroundBoost:4; //0x15c
UCHAR UnusualBoost:4; //0x15c
};
};
UCHAR Preempted; //0x15d
UCHAR AdjustReason; //0x15e
CHAR AdjustIncrement; //0x15f
};
};
ULONG AffinityVersion; //0x160
union
{
struct
_GROUP_AFFINITY Affinity; //0x164
struct
{
UCHAR AffinityFill[6]; //0x164
UCHAR ApcStateIndex; //0x16a
UCHAR WaitBlockCount; //0x16b
ULONG IdealProcessor; //0x16c
};
};
ULONG ReadyTime; //0x170
union
{
struct
_KAPC_STATE SavedApcState; //0x174
struct
{
UCHAR SavedApcStateFill[23]; //0x174
UCHAR WaitReason; //0x18b
};
};
CHAR SuspendCount; //0x18c
CHAR Saturation; //0x18d
USHORT SListFaultCount; //0x18e
union
{
struct
_KAPC SchedulerApc; //0x190
struct
{
UCHAR SchedulerApcFill0[1]; //0x190
UCHAR ResourceIndex; //0x191
};
struct
{
UCHAR SchedulerApcFill1[3]; //0x190
UCHAR QuantumReset; //0x193
};
struct
{
UCHAR SchedulerApcFill2[4]; //0x190
ULONG KernelTime; //0x194
};
struct
{
UCHAR SchedulerApcFill3[36]; //0x190
struct
_KPRCB* volatile WaitPrcb; //0x1b4
};
struct
{
UCHAR SchedulerApcFill4[40]; //0x190
VOID* LegoData; //0x1b8
};
struct
{
UCHAR SchedulerApcFill5[47]; //0x190
UCHAR CallbackNestingLevel; //0x1bf
};
};
ULONG UserTime; //0x1c0
struct
_KEVENT SuspendEvent; //0x1c4
struct
_LIST_ENTRY ThreadListEntry; //0x1d4
struct
_LIST_ENTRY MutantListHead; //0x1dc
UCHAR AbEntrySummary; //0x1e4
UCHAR AbWaitEntryCount; //0x1e5
UCHAR AbAllocationRegionCount; //0x1e6
CHAR SystemPriority; //0x1e7
struct
_KLOCK_ENTRY* LockEntries; //0x1e8
struct
_SINGLE_LIST_ENTRY PropagateBoostsEntry; //0x1ec
struct
_SINGLE_LIST_ENTRY IoSelfBoostsEntry; //0x1f0
UCHAR PriorityFloorCounts[16]; //0x1f4
UCHAR PriorityFloorCountsReserved[16]; //0x204
ULONG PriorityFloorSummary; //0x214
volatile LONG AbCompletedIoBoostCount; //0x218
volatile LONG AbCompletedIoQoSBoostCount; //0x21c
volatile SHORT KeReferenceCount; //0x220
UCHAR AbOrphanedEntrySummary; //0x222
UCHAR AbOwnedEntryCount; //0x223
ULONG ForegroundLossTime; //0x224
union
{
struct
_LIST_ENTRY GlobalForegroundListEntry; //0x228
struct
{
struct
_SINGLE_LIST_ENTRY ForegroundDpcStackListEntry; //0x228
ULONG InGlobalForegroundList; //0x22c
};
};
struct
_KSCB* QueuedScb; //0x230
ULONGLONG NpxState; //0x238
volatile ULONG ThreadTimerDelay; //0x240
union
{
volatile LONG ThreadFlags3; //0x244
struct
{
ULONG BamQosLevel:8; //0x244
ULONG PpmPolicy:2; //0x244
ULONG ThreadFlags3Reserved2:22; //0x244
};
};
VOID* volatile AbWaitObject; //0x248
ULONG ReservedPreviousReadyTimeValue; //0x24c
ULONGLONG KernelWaitTime; //0x250
ULONGLONG UserWaitTime; //0x258
ULONG Spare29[3]; //0x260
ULONG EndPadding[5]; //0x26c
};