//0x480 bytes (sizeof)
struct _ETHREAD
{
struct
_KTHREAD Tcb; //0x0
union
_LARGE_INTEGER CreateTime; //0x350
union
{
union
_LARGE_INTEGER ExitTime; //0x358
struct
_LIST_ENTRY KeyedWaitChain; //0x358
};
VOID* ChargeOnlySession; //0x360
union
{
struct
_LIST_ENTRY PostBlockList; //0x364
struct
{
VOID* ForwardLinkShadow; //0x364
VOID* StartAddress; //0x368
};
};
union
{
struct
_TERMINATION_PORT* TerminationPort; //0x36c
struct
_ETHREAD* ReaperLink; //0x36c
VOID* KeyedWaitValue; //0x36c
};
ULONG ActiveTimerListLock; //0x370
struct
_LIST_ENTRY ActiveTimerListHead; //0x374
struct
_CLIENT_ID Cid; //0x37c
union
{
struct
_KSEMAPHORE KeyedWaitSemaphore; //0x384
struct
_KSEMAPHORE AlpcWaitSemaphore; //0x384
};
union
_PS_CLIENT_SECURITY_CONTEXT ClientSecurity; //0x398
struct
_LIST_ENTRY IrpList; //0x39c
ULONG TopLevelIrp; //0x3a4
struct
_DEVICE_OBJECT* DeviceToVerify; //0x3a8
VOID* Win32StartAddress; //0x3ac
VOID* LegacyPowerObject; //0x3b0
struct
_LIST_ENTRY ThreadListEntry; //0x3b4
struct
_EX_RUNDOWN_REF RundownProtect; //0x3bc
struct
_EX_PUSH_LOCK ThreadLock; //0x3c0
ULONG ReadClusterSize; //0x3c4
volatile LONG MmLockOrdering; //0x3c8
union
{
ULONG CrossThreadFlags; //0x3cc
struct
{
ULONG Terminated:1; //0x3cc
ULONG ThreadInserted:1; //0x3cc
ULONG HideFromDebugger:1; //0x3cc
ULONG ActiveImpersonationInfo:1; //0x3cc
ULONG HardErrorsAreDisabled:1; //0x3cc
ULONG BreakOnTermination:1; //0x3cc
ULONG SkipCreationMsg:1; //0x3cc
ULONG SkipTerminationMsg:1; //0x3cc
ULONG CopyTokenOnOpen:1; //0x3cc
ULONG ThreadIoPriority:3; //0x3cc
ULONG ThreadPagePriority:3; //0x3cc
ULONG RundownFail:1; //0x3cc
ULONG UmsForceQueueTermination:1; //0x3cc
ULONG IndirectCpuSets:1; //0x3cc
ULONG DisableDynamicCodeOptOut:1; //0x3cc
ULONG ExplicitCaseSensitivity:1; //0x3cc
ULONG PicoNotifyExit:1; //0x3cc
ULONG DbgWerUserReportActive:1; //0x3cc
ULONG ReservedCrossThreadFlags:10; //0x3cc
};
};
union
{
ULONG SameThreadPassiveFlags; //0x3d0
struct
{
ULONG ActiveExWorker:1; //0x3d0
ULONG MemoryMaker:1; //0x3d0
ULONG StoreLockThread:2; //0x3d0
ULONG ClonedThread:1; //0x3d0
ULONG KeyedEventInUse:1; //0x3d0
ULONG SelfTerminate:1; //0x3d0
ULONG RespectIoPriority:1; //0x3d0
ULONG ActivePageLists:1; //0x3d0
ULONG ReservedSameThreadPassiveFlags:23; //0x3d0
};
};
union
{
ULONG SameThreadApcFlags; //0x3d4
struct
{
UCHAR OwnsProcessAddressSpaceExclusive:1; //0x3d4
UCHAR OwnsProcessAddressSpaceShared:1; //0x3d4
UCHAR HardFaultBehavior:1; //0x3d4
volatile UCHAR StartAddressInvalid:1; //0x3d4
UCHAR EtwCalloutActive:1; //0x3d4
UCHAR SuppressSymbolLoad:1; //0x3d4
UCHAR Prefetching:1; //0x3d4
UCHAR OwnsVadExclusive:1; //0x3d4
UCHAR SystemPagePriorityActive:1; //0x3d5
UCHAR SystemPagePriority:3; //0x3d5
};
};
UCHAR CacheManagerActive; //0x3d8
UCHAR DisablePageFaultClustering; //0x3d9
UCHAR ActiveFaultCount; //0x3da
UCHAR LockOrderState; //0x3db
ULONG AlpcMessageId; //0x3dc
union
{
VOID* AlpcMessage; //0x3e0
ULONG AlpcReceiveAttributeSet; //0x3e0
};
struct
_LIST_ENTRY AlpcWaitListEntry; //0x3e4
LONG ExitStatus; //0x3ec
ULONG CacheManagerCount; //0x3f0
ULONG IoBoostCount; //0x3f4
ULONG IoQoSBoostCount; //0x3f8
ULONG IoQoSThrottleCount; //0x3fc
struct
_LIST_ENTRY BoostList; //0x400
struct
_LIST_ENTRY DeboostList; //0x408
ULONG BoostListLock; //0x410
ULONG IrpListLock; //0x414
VOID* ReservedForSynchTracking; //0x418
struct
_SINGLE_LIST_ENTRY CmCallbackListHead; //0x41c
struct
_GUID* ActivityId; //0x420
struct
_SINGLE_LIST_ENTRY SeLearningModeListHead; //0x424
VOID* VerifierContext; //0x428
ULONG KernelStackReference; //0x42c
VOID* AdjustedClientToken; //0x430
VOID* WorkOnBehalfThread; //0x434
struct
_PS_PROPERTY_SET PropertySet; //0x438
VOID* PicoContext; //0x444
ULONG UserFsBase; //0x448
ULONG UserGsBase; //0x44c
struct
_THREAD_ENERGY_VALUES* EnergyValues; //0x450
VOID* CmDbgInfo; //0x454
union
{
ULONG SelectedCpuSets; //0x458
ULONG* SelectedCpuSetsIndirect; //0x458
};
struct
_EJOB* Silo; //0x45c
struct
_UNICODE_STRING* ThreadName; //0x460
ULONG LastExpectedRunTime; //0x464
struct
_LIST_ENTRY OwnerEntryListHead; //0x468
ULONG DisownedOwnerEntryListLock; //0x470
struct
_LIST_ENTRY DisownedOwnerEntryListHead; //0x474
};