//0x1e0 bytes (sizeof)
struct _KTHREAD
{
struct _DISPATCHER_HEADER Header; //0x0
volatile ULONGLONG CycleTime; //0x10
volatile ULONG HighCycleTime; //0x18
ULONGLONG QuantumTarget; //0x20
VOID* InitialStack; //0x28
VOID* volatile StackLimit; //0x2c
VOID* KernelStack; //0x30
ULONG ThreadLock; //0x34
union
{
struct _KAPC_STATE ApcState; //0x38
struct
{
UCHAR ApcStateFill[23]; //0x38
CHAR Priority; //0x4f
};
};
volatile USHORT NextProcessor; //0x50
volatile USHORT DeferredProcessor; //0x52
ULONG ApcQueueLock; //0x54
ULONG ContextSwitches; //0x58
volatile UCHAR State; //0x5c
UCHAR NpxState; //0x5d
UCHAR WaitIrql; //0x5e
CHAR WaitMode; //0x5f
LONG WaitStatus; //0x60
union
{
struct _KWAIT_BLOCK* WaitBlockList; //0x64
struct _KGATE* GateObject; //0x64
};
union
{
struct
{
ULONG KernelStackResident:1; //0x68
ULONG ReadyTransition:1; //0x68
ULONG ProcessReadyQueue:1; //0x68
ULONG WaitNext:1; //0x68
ULONG SystemAffinityActive:1; //0x68
ULONG Alertable:1; //0x68
ULONG GdiFlushActive:1; //0x68
ULONG Reserved:25; //0x68
};
LONG MiscFlags; //0x68
};
UCHAR WaitReason; //0x6c
volatile UCHAR SwapBusy; //0x6d
UCHAR Alerted[2]; //0x6e
union
{
struct _LIST_ENTRY WaitListEntry; //0x70
struct _SINGLE_LIST_ENTRY SwapListEntry; //0x70
};
struct _KQUEUE* Queue; //0x78
ULONG WaitTime; //0x7c
union
{
struct
{
SHORT KernelApcDisable; //0x80
SHORT SpecialApcDisable; //0x82
};
ULONG CombinedApcDisable; //0x80
};
VOID* Teb; //0x84
union
{
struct _KTIMER Timer; //0x88
UCHAR TimerFill[40]; //0x88
};
union
{
struct
{
volatile ULONG AutoAlignment:1; //0xb0
volatile ULONG DisableBoost:1; //0xb0
volatile ULONG EtwStackTraceApc1Inserted:1; //0xb0
volatile ULONG EtwStackTraceApc2Inserted:1; //0xb0
volatile ULONG CycleChargePending:1; //0xb0
volatile ULONG CalloutActive:1; //0xb0
volatile ULONG ApcQueueable:1; //0xb0
volatile ULONG EnableStackSwap:1; //0xb0
volatile ULONG GuiThread:1; //0xb0
volatile ULONG ReservedFlags:23; //0xb0
};
volatile LONG ThreadFlags; //0xb0
};
union
{
struct _KWAIT_BLOCK WaitBlock[4]; //0xb8
struct
{
UCHAR WaitBlockFill0[23]; //0xb8
UCHAR IdealProcessor; //0xcf
};
struct
{
UCHAR WaitBlockFill1[47]; //0xb8
CHAR PreviousMode; //0xe7
};
struct
{
UCHAR WaitBlockFill2[71]; //0xb8
UCHAR ResourceIndex; //0xff
};
struct
{
UCHAR WaitBlockFill3[95]; //0xb8
UCHAR LargeStack; //0x117
};
};
struct _LIST_ENTRY QueueListEntry; //0x118
struct _KTRAP_FRAME* TrapFrame; //0x120
VOID* FirstArgument; //0x124
union
{
VOID* CallbackStack; //0x128
ULONG CallbackDepth; //0x128
};
VOID* ServiceTable; //0x12c
UCHAR ApcStateIndex; //0x130
CHAR BasePriority; //0x131
CHAR PriorityDecrement; //0x132
UCHAR Preempted; //0x133
UCHAR AdjustReason; //0x134
CHAR AdjustIncrement; //0x135
UCHAR Spare01; //0x136
CHAR Saturation; //0x137
ULONG SystemCallNumber; //0x138
ULONG Spare02; //0x13c
ULONG UserAffinity; //0x140
struct _KPROCESS* Process; //0x144
volatile ULONG Affinity; //0x148
struct _KAPC_STATE* ApcStatePointer[2]; //0x14c
union
{
struct _KAPC_STATE SavedApcState; //0x154
struct
{
UCHAR SavedApcStateFill[23]; //0x154
CHAR FreezeCount; //0x16b
};
};
CHAR SuspendCount; //0x16c
UCHAR UserIdealProcessor; //0x16d
UCHAR Spare03; //0x16e
UCHAR Iopl; //0x16f
VOID* volatile Win32Thread; //0x170
VOID* StackBase; //0x174
union
{
struct _KAPC SuspendApc; //0x178
struct
{
UCHAR SuspendApcFill0[1]; //0x178
CHAR Spare04; //0x179
};
struct
{
UCHAR SuspendApcFill1[3]; //0x178
UCHAR QuantumReset; //0x17b
};
struct
{
UCHAR SuspendApcFill2[4]; //0x178
ULONG KernelTime; //0x17c
};
struct
{
UCHAR SuspendApcFill3[36]; //0x178
struct _KPRCB* WaitPrcb; //0x19c
};
struct
{
UCHAR SuspendApcFill4[40]; //0x178
VOID* LegoData; //0x1a0
};
struct
{
UCHAR SuspendApcFill5[47]; //0x178
UCHAR PowerState; //0x1a7
};
};
ULONG UserTime; //0x1a8
union
{
struct _KSEMAPHORE SuspendSemaphore; //0x1ac
UCHAR SuspendSemaphorefill[20]; //0x1ac
};
ULONG SListFaultCount; //0x1c0
struct _LIST_ENTRY ThreadListEntry; //0x1c4
struct _LIST_ENTRY MutantListHead; //0x1cc
VOID* SListFaultAddress; //0x1d4
VOID* volatile MdlForLockedTeb; //0x1d8
};