struct _KTHREAD
{
struct _DISPATCHER_HEADER Header;
VOID* SListFaultAddress;
ULONGLONG QuantumTarget;
VOID* InitialStack;
VOID*
volatile StackLimit;
VOID* StackBase;
ULONG ThreadLock;
volatile ULONGLONG CycleTime;
volatile ULONG HighCycleTime;
VOID* ServiceTable;
ULONG CurrentRunTime;
ULONG ExpectedRunTime;
VOID* KernelStack;
struct _XSAVE_FORMAT* StateSaveArea;
struct _KSCHEDULING_GROUP* volatile SchedulingGroup;
union _KWAIT_STATUS_REGISTER WaitRegister;
volatile UCHAR Running;
UCHAR Alerted[
2];
union
{
struct
{
ULONG AutoBoostActive:
1;
ULONG ReadyTransition:
1;
ULONG WaitNext:
1;
ULONG SystemAffinityActive:
1;
ULONG Alertable:
1;
ULONG UserStackWalkActive:
1;
ULONG ApcInterruptRequest:
1;
ULONG QuantumEndMigrate:
1;
ULONG UmsDirectedSwitchEnable:
1;
ULONG TimerActive:
1;
ULONG SystemThread:
1;
ULONG ProcessDetachActive:
1;
ULONG CalloutActive:
1;
ULONG ScbReadyQueue:
1;
ULONG ApcQueueable:
1;
ULONG ReservedStackInUse:
1;
ULONG UmsPerformingSyscall:
1;
ULONG TimerSuspended:
1;
ULONG SuspendedWaitMode:
1;
ULONG SuspendSchedulerApcWait:
1;
ULONG CetUserShadowStack:
1;
ULONG BypassProcessFreeze:
1;
ULONG Reserved:
10;
};
LONG MiscFlags;
};
union
{
struct
{
ULONG ThreadFlagsSpare:
2;
ULONG AutoAlignment:
1;
ULONG DisableBoost:
1;
ULONG AlertedByThreadId:
1;
ULONG QuantumDonation:
1;
ULONG EnableStackSwap:
1;
ULONG GuiThread:
1;
ULONG DisableQuantum:
1;
ULONG ChargeOnlySchedulingGroup:
1;
ULONG DeferPreemption:
1;
ULONG QueueDeferPreemption:
1;
ULONG ForceDeferSchedule:
1;
ULONG SharedReadyQueueAffinity:
1;
ULONG FreezeCount:
1;
ULONG TerminationApcRequest:
1;
ULONG AutoBoostEntriesExhausted:
1;
ULONG KernelStackResident:
1;
ULONG TerminateRequestReason:
2;
ULONG ProcessStackCountDecremented:
1;
ULONG RestrictedGuiThread:
1;
ULONG VpBackingThread:
1;
ULONG ThreadFlagsSpare2:
1;
ULONG EtwStackTraceApcInserted:
8;
};
volatile LONG ThreadFlags;
};
volatile UCHAR Tag;
UCHAR SystemHeteroCpuPolicy;
UCHAR UserHeteroCpuPolicy:
7;
UCHAR ExplicitSystemHeteroCpuPolicy:
1;
UCHAR Spare0;
ULONG SystemCallNumber;
VOID* FirstArgument;
struct _KTRAP_FRAME* TrapFrame;
union
{
struct _KAPC_STATE ApcState;
struct
{
UCHAR ApcStateFill[
23];
CHAR Priority;
};
};
ULONG UserIdealProcessor;
ULONG ContextSwitches;
volatile UCHAR State;
CHAR Spare12;
UCHAR WaitIrql;
CHAR WaitMode;
volatile LONG WaitStatus;
struct _KWAIT_BLOCK* WaitBlockList;
union
{
struct _LIST_ENTRY WaitListEntry;
struct _SINGLE_LIST_ENTRY SwapListEntry;
};
struct _DISPATCHER_HEADER* volatile Queue;
VOID* Teb;
ULONGLONG RelativeTimerBias;
struct _KTIMER Timer;
union
{
struct _KWAIT_BLOCK WaitBlock[4];
struct
{
UCHAR WaitBlockFill8[
20];
struct _KTHREAD_COUNTERS* ThreadCounters;
};
struct
{
UCHAR WaitBlockFill9[
44];
struct _XSTATE_SAVE* XStateSave;
};
struct
{
UCHAR WaitBlockFill10[
68];
VOID*
volatile Win32Thread;
};
struct
{
UCHAR WaitBlockFill11[
88];
ULONG WaitTime;
union
{
struct
{
SHORT KernelApcDisable;
SHORT SpecialApcDisable;
};
ULONG CombinedApcDisable;
};
};
};
struct _LIST_ENTRY QueueListEntry;
union
{
volatile ULONG NextProcessor;
struct
{
ULONG NextProcessorNumber:
31;
ULONG SharedReadyQueue:
1;
};
};
LONG QueuePriority;
struct _KPROCESS* Process;
union
{
struct _GROUP_AFFINITY UserAffinity;
struct
{
UCHAR UserAffinityFill[
6];
CHAR PreviousMode;
CHAR BasePriority;
union
{
CHAR PriorityDecrement;
struct
{
UCHAR ForegroundBoost:
4;
UCHAR UnusualBoost:
4;
};
};
UCHAR Preempted;
UCHAR AdjustReason;
CHAR AdjustIncrement;
};
};
ULONG AffinityVersion;
union
{
struct _GROUP_AFFINITY Affinity;
struct
{
UCHAR AffinityFill[
6];
UCHAR ApcStateIndex;
UCHAR WaitBlockCount;
ULONG IdealProcessor;
};
};
ULONG ReadyTime;
union
{
struct _KAPC_STATE SavedApcState;
struct
{
UCHAR SavedApcStateFill[
23];
UCHAR WaitReason;
};
};
CHAR SuspendCount;
CHAR Saturation;
USHORT SListFaultCount;
union
{
struct _KAPC SchedulerApc;
struct
{
UCHAR SchedulerApcFill0[
1];
UCHAR ResourceIndex;
};
struct
{
UCHAR SchedulerApcFill1[
3];
UCHAR QuantumReset;
};
struct
{
UCHAR SchedulerApcFill2[
4];
ULONG KernelTime;
};
struct
{
UCHAR SchedulerApcFill3[
36];
struct _KPRCB* volatile WaitPrcb;
};
struct
{
UCHAR SchedulerApcFill4[
40];
VOID* LegoData;
};
struct
{
UCHAR SchedulerApcFill5[
47];
UCHAR CallbackNestingLevel;
};
};
ULONG UserTime;
struct _KEVENT SuspendEvent;
struct _LIST_ENTRY ThreadListEntry;
struct _LIST_ENTRY MutantListHead;
UCHAR AbEntrySummary;
UCHAR AbWaitEntryCount;
UCHAR AbAllocationRegionCount;
CHAR SystemPriority;
struct _KLOCK_ENTRY* LockEntries;
struct _SINGLE_LIST_ENTRY PropagateBoostsEntry;
struct _SINGLE_LIST_ENTRY IoSelfBoostsEntry;
UCHAR PriorityFloorCounts[
16];
UCHAR PriorityFloorCountsReserved[
16];
ULONG PriorityFloorSummary;
volatile LONG AbCompletedIoBoostCount;
volatile LONG AbCompletedIoQoSBoostCount;
volatile SHORT KeReferenceCount;
UCHAR AbOrphanedEntrySummary;
UCHAR AbOwnedEntryCount;
ULONG ForegroundLossTime;
union
{
struct _LIST_ENTRY GlobalForegroundListEntry;
struct
{
struct _SINGLE_LIST_ENTRY ForegroundDpcStackListEntry;
ULONG InGlobalForegroundList;
};
};
struct _KSCB* QueuedScb;
ULONGLONG NpxState;
volatile ULONG ThreadTimerDelay;
union
{
volatile LONG ThreadFlags3;
struct
{
ULONG BamQosLevel:
8;
ULONG PpmPolicy:
2;
ULONG ThreadFlags3Reserved2:
22;
};
};
VOID*
volatile AbWaitObject;
ULONG ReservedPreviousReadyTimeValue;
ULONGLONG KernelWaitTime;
ULONGLONG UserWaitTime;
ULONG Spare29[
3];
ULONG EndPadding[
5];
};