Min version2003/XP64 SP1Vista SP1Vista SP2Vista SP277 SP17 SP17 SP18 Pre RTM88.18.1 Update 18.1 Update 110 Pre RTM10 Pre RTM1010 TH2
Max version2003/XP64 SP27 SP18.1 Update 1
x64 offset
offset:bitpos		Field Name
0x0000struct _KPROCESS
Pcb		struct _KPROCESS
Pcb		struct _KPROCESS
Pcb		struct _KPROCESS
Pcb		struct _KPROCESS
Pcb		struct _KPROCESS
Pcb		struct _KPROCESS
Pcb
0x00B8struct _EX_PUSH_LOCK
ProcessLock
0x00C0union _LARGE_INTEGER
CreateTime		struct _EX_PUSH_LOCK
ProcessLock
0x00C8union _LARGE_INTEGER
ExitTime		union _LARGE_INTEGER
CreateTime
0x00D0struct _EX_RUNDOWN_REF
RundownProtect		union _LARGE_INTEGER
ExitTime
0x00D8void *
UniqueProcessId		struct _EX_RUNDOWN_REF
RundownProtect
0x00E0struct _LIST_ENTRY
ActiveProcessLinks		void *
UniqueProcessId
0x00E8struct _LIST_ENTRY
ActiveProcessLinks
0x00F0uint64_t[3]
QuotaUsage
0x00F8uint64_t[3]
QuotaUsage
0x0108uint64_t[3]
QuotaPeak
0x0110uint64_t[3]
QuotaPeak
0x0120uint64_t
CommitCharge
0x0128uint64_t
PeakVirtualSize		volatile uint64_t
CommitCharge
0x0130uint64_t
VirtualSize		uint64_t
PeakVirtualSize
0x0138struct _LIST_ENTRY
SessionProcessLinks		uint64_t
VirtualSize
0x0140struct _LIST_ENTRY
SessionProcessLinks
0x0148void *
DebugPort
0x0150void *
ExceptionPort		void *
DebugPort
0x0158struct _HANDLE_TABLE *
ObjectTable		void *
ExceptionPortData
0x0158uint64_t
ExceptionPortValue
0x0158:0x00uint64_t
ExceptionPortState
0x0160struct _EX_FAST_REF
Token		struct _HANDLE_TABLE *
ObjectTable		struct _EX_PUSH_LOCK
ProcessLock
0x0168uint64_t
WorkingSetPage		struct _EX_FAST_REF
Token		union _LARGE_INTEGER
CreateTime
0x0170struct _KGUARDED_MUTEX
AddressCreationLock		uint64_t
WorkingSetPage		union _LARGE_INTEGER
ExitTime
0x0178struct _EX_PUSH_LOCK
AddressCreationLock		struct _EX_RUNDOWN_REF
RundownProtect
0x0180struct _ETHREAD *
RotateInProgress		void *
UniqueProcessId
0x0188struct _ETHREAD *
ForkInProgress		struct _LIST_ENTRY
ActiveProcessLinks
0x0190uint64_t
HardwareTrigger
0x0198struct _MM_AVL_TABLE *
PhysicalVadRoot		uint64_t[2]
ProcessQuotaUsage
0x01A0void *
CloneRoot
0x01A8uint64_t
HyperSpaceLock		volatile uint64_t
NumberOfPrivatePages		uint64_t[2]
ProcessQuotaPeak
0x01B0struct _ETHREAD *
ForkInProgress		volatile uint64_t
NumberOfLockedPages
0x01B8uint64_t
HardwareTrigger		void *
Win32Process		volatile uint64_t
CommitCharge		struct _EX_PUSH_LOCK
ProcessLock
0x01C0struct _MM_AVL_TABLE *
PhysicalVadRoot		struct _EJOB *
Job		struct _EPROCESS_QUOTA_BLOCK *
QuotaBlock		union _LARGE_INTEGER
CreateTime
0x01C8void *
CloneRoot		void *
SectionObject		struct _PS_CPU_QUOTA_BLOCK *
CpuQuotaBlock		struct _EX_RUNDOWN_REF
RundownProtect
0x01D0uint64_t
NumberOfPrivatePages		void *
SectionBaseAddress		uint64_t
PeakVirtualSize		void *
UniqueProcessId
0x01D8uint64_t
NumberOfLockedPages		struct _EPROCESS_QUOTA_BLOCK *
QuotaBlock		uint64_t
VirtualSize		struct _LIST_ENTRY
ActiveProcessLinks
0x01E0void *
Win32Process		struct _PAGEFAULT_HISTORY *
WorkingSetWatch		struct _LIST_ENTRY
SessionProcessLinks
0x01E8struct _EJOB *
Job		void *
Win32WindowStation		uint64_t[2]
ProcessQuotaUsage
0x01F0void *
SectionObject		void *
InheritedFromUniqueProcessId		void *
DebugPort
0x01F8void *
SectionBaseAddress		void *
LdtInformation		void *
ExceptionPortData		uint64_t[2]
ProcessQuotaPeak
0x01F8uint64_t
ExceptionPortValue
0x01F8:0x00uint64_t
ExceptionPortState
0x0200struct _EPROCESS_QUOTA_BLOCK *
QuotaBlock		void *
Spare		struct _HANDLE_TABLE *
ObjectTable
0x0208struct _PAGEFAULT_HISTORY *
WorkingSetWatch		void *
VdmObjects		struct _EX_FAST_REF
Token		uint64_t
PeakVirtualSize
0x0210void *
Win32WindowStation		void *
DeviceMap		uint64_t
WorkingSetPage		uint64_t
VirtualSize
0x0218void *
InheritedFromUniqueProcessId		void *
EtwDataSource		struct _EX_PUSH_LOCK
AddressCreationLock		struct _LIST_ENTRY
SessionProcessLinks
0x0220void *
LdtInformation		void *
FreeTebHint		struct _ETHREAD *
RotateInProgress
0x0228void *
VadFreeHint		struct _HARDWARE_PTE
PageDirectoryPte		struct _ETHREAD *
ForkInProgress		void *
ExceptionPortData
0x0228uint64_t
Filler		uint64_t
ExceptionPortValue
0x0228:0x00uint64_t
ExceptionPortState
0x0230void *
VdmObjects		void *
Session		uint64_t
HardwareTrigger		struct _EX_FAST_REF
Token
0x0238void *
DeviceMap		uint8_t[16]
ImageFileName		struct _MM_AVL_TABLE *
PhysicalVadRoot		uint64_t
WorkingSetPage
0x0240void *[3]
Spare0		void *
CloneRoot		struct _EX_PUSH_LOCK
AddressCreationLock
0x0248struct _LIST_ENTRY
JobLinks		volatile uint64_t
NumberOfPrivatePages		struct _ETHREAD *
RotateInProgress
0x0250volatile uint64_t
NumberOfLockedPages		struct _ETHREAD *
ForkInProgress
0x0258struct _HARDWARE_PTE
PageDirectoryPte		void *
LockedPagesList		void *
Win32Process		uint64_t
HardwareTrigger
0x0258uint64_t
Filler
0x0260void *
Session		struct _LIST_ENTRY
ThreadListHead		struct _EJOB * volatile
Job		struct _EJOB * volatile
CommitChargeJob
0x0268uint8_t[16]
ImageFileName		void *
SectionObject		struct _MM_AVL_TABLE *
CloneRoot
0x0270void *
SecurityPort		void *
SectionBaseAddress		volatile uint64_t
NumberOfPrivatePages
0x0278struct _LIST_ENTRY
JobLinks		struct _WOW64_PROCESS *
Wow64Process		void *
Wow64Process		unsigned long
Cookie		volatile uint64_t
NumberOfLockedPages
0x027Cunsigned long
Spare8
0x0280volatile unsigned long
ActiveThreads		struct _PAGEFAULT_HISTORY *
WorkingSetWatch		void *
Win32Process
0x0284unsigned long
ImagePathHash
0x0288void *
LockedPagesList		unsigned long
DefaultHardErrorProcessing		void *
Win32WindowStation		struct _EJOB * volatile
Job
0x028Clong
LastThreadExitStatus
0x0290struct _LIST_ENTRY
ThreadListHead		struct _PEB *
Peb		void *
InheritedFromUniqueProcessId		void *
SectionObject
0x0298struct _EX_FAST_REF
PrefetchTrace		void *
LdtInformation		void *
SectionBaseAddress
0x02A0void *
SecurityPort		union _LARGE_INTEGER
ReadOperationCount		void *
Spare		unsigned long
Cookie
0x02A8struct _WOW64_PROCESS *
Wow64Process		union _LARGE_INTEGER
WriteOperationCount		uint64_t
ConsoleHostProcess		struct _PAGEFAULT_HISTORY *
WorkingSetWatch
0x02B0unsigned long
ActiveThreads		union _LARGE_INTEGER
OtherOperationCount		void *
DeviceMap		void *
Win32WindowStation
0x02B4unsigned long
GrantedAccess
0x02B8unsigned long
DefaultHardErrorProcessing		union _LARGE_INTEGER
ReadTransferCount		void *
EtwDataSource		void *
InheritedFromUniqueProcessId
0x02BClong
LastThreadExitStatus
0x02C0struct _PEB *
Peb		union _LARGE_INTEGER
WriteTransferCount		void *
FreeTebHint		struct _EPROCESS *
CreatorProcess
0x02C0uint64_t
ConsoleHostProcess
0x02C8struct _EX_FAST_REF
PrefetchTrace		union _LARGE_INTEGER
OtherTransferCount		struct _HARDWARE_PTE
PageDirectoryPte		struct _PEB *
Peb		struct _EX_PUSH_LOCK
ProcessLock
0x02C8uint64_t
Filler
0x02D0union _LARGE_INTEGER
ReadOperationCount		uint64_t
CommitChargeLimit		void *
Session		union _LARGE_INTEGER
CreateTime		struct _EX_PUSH_LOCK
ProcessLock
0x02D8union _LARGE_INTEGER
WriteOperationCount		volatile uint64_t
CommitChargePeak		uint8_t[15]
ImageFileName		void *
AweInfo		struct _EX_RUNDOWN_REF
RundownProtect		struct _EX_PUSH_LOCK
ProcessLock
0x02E0union _LARGE_INTEGER
OtherOperationCount		void *
AweInfo		struct _EPROCESS_QUOTA_BLOCK *
QuotaBlock		void *
UniqueProcessId		struct _EX_RUNDOWN_REF
RundownProtect
0x02E7uint8_t
PriorityClass
0x02E8union _LARGE_INTEGER
ReadTransferCount		struct _SE_AUDIT_PROCESS_CREATION_INFO
SeAuditProcessCreationInfo		struct _LIST_ENTRY
JobLinks		struct _HANDLE_TABLE *
ObjectTable		struct _LIST_ENTRY
ActiveProcessLinks		void *
UniqueProcessId
0x02F0union _LARGE_INTEGER
WriteTransferCount		struct _MMSUPPORT
Vm		void *
DebugPort		struct _LIST_ENTRY
ActiveProcessLinks
0x02F8union _LARGE_INTEGER
OtherTransferCount		void *
LockedPagesList		void *
Wow64Process		unsigned long
Flags2
0x02F8:0x00unsigned long
JobNotReallyActive
0x02F8:0x01unsigned long
AccountingFolded
0x02F8:0x02unsigned long
NewProcessReported
0x02F8:0x03unsigned long
ExitProcessReported
0x02F8:0x04unsigned long
ReportCommitChanges
0x02F8:0x05unsigned long
LastReportMemory
0x02F8:0x06unsigned long
NoWakeCharge		unsigned long
ForceWakeCharge
0x02F8:0x07unsigned long
HandleTableRundown		unsigned long
CrossSessionCreate
0x02F8:0x08unsigned long
NeedsHandleRundown
0x02F8:0x09unsigned long
RefTraceEnabled
0x02F8:0x0Aunsigned long
NumaAware		unsigned long
DisableDynamicCode
0x02F8:0x0Bunsigned long
EmptyJobEvaluated
0x02F8:0x0Cunsigned long
DefaultPagePriority
0x02F8:0x0Funsigned long
PrimaryTokenFrozen
0x02F8:0x10unsigned long
ProcessVerifierTarget
0x02F8:0x11unsigned long
StackRandomizationDisabled
0x02F8:0x12unsigned long
AffinityPermanent
0x02F8:0x13unsigned long
AffinityUpdateEnable
0x02F8:0x14unsigned long
PropagateNode
0x02F8:0x15unsigned long
ExplicitAffinity
0x02F8:0x16unsigned long
ProcessExecutionState
0x02F8:0x18unsigned long
DisallowStrippedImages
0x02F8:0x19unsigned long
HighEntropyASLREnabled
0x02F8:0x1Aunsigned long
ExtensionPointDisable
0x02F8:0x1Bunsigned long
ForceRelocateImages
0x02F8:0x1Cunsigned long
ProcessStateChangeRequest
0x02F8:0x1Eunsigned long
ProcessStateChangeInProgress
0x02F8:0x1Funsigned long
DisallowWin32kSystemCalls
0x02FCunsigned long
Flags
0x02FC:0x00unsigned long
CreateReported
0x02FC:0x01unsigned long
NoDebugInherit
0x02FC:0x02unsigned long
ProcessExiting
0x02FC:0x03unsigned long
ProcessDelete
0x02FC:0x04unsigned long
Wow64SplitPages		unsigned long
ControlFlowGuardEnabled
0x02FC:0x05unsigned long
VmDeleted
0x02FC:0x06unsigned long
OutswapEnabled
0x02FC:0x07unsigned long
Outswapped
0x02FC:0x08unsigned long
ForkFailed		unsigned long
Spare1
0x02FC:0x09unsigned long
Wow64VaSpace4Gb
0x02FC:0x0Aunsigned long
AddressSpaceInitialized
0x02FC:0x0Cunsigned long
SetTimerResolution
0x02FC:0x0Dunsigned long
BreakOnTermination
0x02FC:0x0Eunsigned long
DeprioritizeViews
0x02FC:0x0Funsigned long
WriteWatch
0x02FC:0x10unsigned long
ProcessInSession
0x02FC:0x11unsigned long
OverrideAddressSpace
0x02FC:0x12unsigned long
HasAddressSpace
0x02FC:0x13unsigned long
LaunchPrefetched
0x02FC:0x14unsigned long
Background
0x02FC:0x15unsigned long
VmTopDown
0x02FC:0x16unsigned long
ImageNotifyDone
0x02FC:0x17unsigned long
PdeUpdateNeeded
0x02FC:0x18unsigned long
VdmAllowed
0x02FC:0x19unsigned long
CrossSessionCreate		unsigned long
ProcessRundown
0x02FC:0x1Aunsigned long
ProcessInserted
0x02FC:0x1Bunsigned long
DefaultIoPriority
0x02FC:0x1Eunsigned long
ProcessSelfDelete
0x02FC:0x1Funsigned long
SetTimerResolutionLink
0x0300uint64_t
CommitChargeLimit		struct _LIST_ENTRY
ThreadListHead		void *
DeviceMap		uint64_t[2]
ProcessQuotaUsage		union _LARGE_INTEGER
CreateTime		unsigned long
Flags2
0x0300:0x00unsigned long
JobNotReallyActive
0x0300:0x01unsigned long
AccountingFolded
0x0300:0x02unsigned long
NewProcessReported
0x0300:0x03unsigned long
ExitProcessReported
0x0300:0x04unsigned long
ReportCommitChanges
0x0300:0x05unsigned long
LastReportMemory
0x0300:0x06unsigned long
ForceWakeCharge
0x0300:0x07unsigned long
CrossSessionCreate
0x0300:0x08unsigned long
NeedsHandleRundown
0x0300:0x09unsigned long
RefTraceEnabled
0x0300:0x0Aunsigned long
DisableDynamicCode
0x0300:0x0Bunsigned long
EmptyJobEvaluated
0x0300:0x0Cunsigned long
DefaultPagePriority
0x0300:0x0Funsigned long
PrimaryTokenFrozen
0x0300:0x10unsigned long
ProcessVerifierTarget
0x0300:0x11unsigned long
StackRandomizationDisabled
0x0300:0x12unsigned long
AffinityPermanent
0x0300:0x13unsigned long
AffinityUpdateEnable
0x0300:0x14unsigned long
PropagateNode
0x0300:0x15unsigned long
ExplicitAffinity
0x0300:0x16unsigned long
ProcessExecutionState
0x0300:0x18unsigned long
DisallowStrippedImages
0x0300:0x19unsigned long
HighEntropyASLREnabled
0x0300:0x1Aunsigned long
ExtensionPointDisable
0x0300:0x1Bunsigned long
ForceRelocateImages
0x0300:0x1Cunsigned long
ProcessStateChangeRequest
0x0300:0x1Eunsigned long
ProcessStateChangeInProgress
0x0300:0x1Funsigned long
DisallowWin32kSystemCalls
0x0304unsigned long
Flags
0x0304:0x00unsigned long
CreateReported
0x0304:0x01unsigned long
NoDebugInherit
0x0304:0x02unsigned long
ProcessExiting
0x0304:0x03unsigned long
ProcessDelete
0x0304:0x04unsigned long
ControlFlowGuardEnabled
0x0304:0x05unsigned long
VmDeleted
0x0304:0x06unsigned long
OutswapEnabled
0x0304:0x07unsigned long
Outswapped
0x0304:0x08unsigned long
FailFastOnCommitFail
0x0304:0x09unsigned long
Wow64VaSpace4Gb
0x0304:0x0Aunsigned long
AddressSpaceInitialized
0x0304:0x0Cunsigned long
SetTimerResolution
0x0304:0x0Dunsigned long
BreakOnTermination
0x0304:0x0Eunsigned long
DeprioritizeViews
0x0304:0x0Funsigned long
WriteWatch
0x0304:0x10unsigned long
ProcessInSession
0x0304:0x11unsigned long
OverrideAddressSpace
0x0304:0x12unsigned long
HasAddressSpace
0x0304:0x13unsigned long
LaunchPrefetched
0x0304:0x14unsigned long
Background
0x0304:0x15unsigned long
VmTopDown
0x0304:0x16unsigned long
ImageNotifyDone
0x0304:0x17unsigned long
PdeUpdateNeeded
0x0304:0x18unsigned long
VdmAllowed
0x0304:0x19unsigned long
ProcessRundown
0x0304:0x1Aunsigned long
ProcessInserted
0x0304:0x1Bunsigned long
DefaultIoPriority
0x0304:0x1Eunsigned long
ProcessSelfDelete
0x0304:0x1Funsigned long
SetTimerResolutionLink
0x0308uint64_t
CommitChargePeak		void *
EtwDataSource		uint64_t[2]
ProcessQuotaUsage		union _LARGE_INTEGER
CreateTime
0x0310void *
AweInfo		void *
SecurityPort		struct _HARDWARE_PTE
PageDirectoryPte		uint64_t[2]
ProcessQuotaPeak		uint64_t[2]
ProcessQuotaUsage
0x0310uint64_t
Filler
0x0318struct _SE_AUDIT_PROCESS_CREATION_INFO
SeAuditProcessCreationInfo		void *
Wow64Process		uint8_t[15]
ImageFileName		uint64_t[2]
ProcessQuotaPeak
0x0320struct _MMSUPPORT
Vm		volatile unsigned long
ActiveThreads		uint64_t
PeakVirtualSize		uint64_t[2]
ProcessQuotaPeak
0x0324unsigned long
ImagePathHash
0x0327uint8_t
PriorityClass
0x0328unsigned long
DefaultHardErrorProcessing		void *
SecurityPort		uint64_t
VirtualSize		uint64_t
PeakVirtualSize
0x032Clong
LastThreadExitStatus
0x0330struct _PEB *
Peb		struct _SE_AUDIT_PROCESS_CREATION_INFO
SeAuditProcessCreationInfo		struct _LIST_ENTRY
SessionProcessLinks		uint64_t
VirtualSize		uint64_t
PeakVirtualSize
0x0338struct _EX_FAST_REF
PrefetchTrace		struct _LIST_ENTRY
JobLinks		struct _LIST_ENTRY
SessionProcessLinks		uint64_t
VirtualSize
0x0340union _LARGE_INTEGER
ReadOperationCount		void *
ExceptionPortData		struct _LIST_ENTRY
SessionProcessLinks
0x0340uint64_t
ExceptionPortValue
0x0340:0x00uint64_t
ExceptionPortState
0x0348union _LARGE_INTEGER
WriteOperationCount		void *
HighestUserAddress		struct _EX_FAST_REF
Token		void *
ExceptionPortData
0x0348uint64_t
ExceptionPortValue
0x0348:0x00uint64_t
ExceptionPortState
0x0350union _LARGE_INTEGER
OtherOperationCount		struct _LIST_ENTRY
ThreadListHead		uint64_t
WorkingSetPage		struct _EX_FAST_REF
Token		void *
ExceptionPortData
0x0350uint64_t
ExceptionPortValue
0x0350:0x00uint64_t
ExceptionPortState
0x0358struct _LIST_ENTRY
MmProcessLinks		union _LARGE_INTEGER
ReadTransferCount		struct _EX_PUSH_LOCK
AddressCreationLock		uint64_t
WorkingSetPage		struct _EX_FAST_REF
Token
0x0360union _LARGE_INTEGER
WriteTransferCount		volatile unsigned long
ActiveThreads		struct _ETHREAD *
RotateInProgress		struct _EX_PUSH_LOCK
PageTableCommitmentLock		struct _EX_PUSH_LOCK
AddressCreationLock		uint64_t
WorkingSetPage
0x0364unsigned long
ImagePathHash
0x0368unsigned long
ModifiedPageCount		union _LARGE_INTEGER
OtherTransferCount		unsigned long
DefaultHardErrorProcessing		struct _ETHREAD *
ForkInProgress		struct _ETHREAD *
RotateInProgress		struct _EX_PUSH_LOCK
PageTableCommitmentLock		struct _EX_PUSH_LOCK
AddressCreationLock
0x036Cunsigned long
Flags2		long
LastThreadExitStatus
0x036C:0x00unsigned long
JobNotReallyActive
0x036C:0x01unsigned long
AccountingFolded
0x036C:0x02unsigned long
NewProcessReported
0x036C:0x03unsigned long
ExitProcessReported
0x036C:0x04unsigned long
ReportCommitChanges
0x036C:0x05unsigned long
LastReportMemory
0x036C:0x06unsigned long
ReportPhysicalPageChanges
0x036C:0x07unsigned long
HandleTableRundown
0x036C:0x08unsigned long
NeedsHandleRundown
0x036C:0x09unsigned long
RefTraceEnabled
0x036C:0x0Aunsigned long
NumaAware
0x036C:0x0Bunsigned long
ProtectedProcess
0x036C:0x0Cunsigned long
DefaultPagePriority
0x036C:0x0Funsigned long
PrimaryTokenFrozen
0x036C:0x10unsigned long
ProcessVerifierTarget
0x036C:0x11unsigned long
StackRandomizationDisabled
0x036C:0x12unsigned long
AffinityPermanent
0x036C:0x13unsigned long
AffinityUpdateEnable
0x036C:0x14unsigned long
CrossSessionCreate
0x036C:0x15unsigned long
LowVaAccessible
0x0370unsigned long
Flags		uint64_t
CommitChargeLimit		struct _EX_FAST_REF
PrefetchTrace		uint64_t
HardwareTrigger		struct _ETHREAD *
ForkInProgress		struct _ETHREAD *
RotateInProgress		struct _EX_PUSH_LOCK
PageTableCommitmentLock
0x0370:0x00unsigned long
CreateReported
0x0370:0x01unsigned long
NoDebugInherit
0x0370:0x02unsigned long
ProcessExiting
0x0370:0x03unsigned long
ProcessDelete
0x0370:0x04unsigned long
Wow64SplitPages
0x0370:0x05unsigned long
VmDeleted
0x0370:0x06unsigned long
OutswapEnabled
0x0370:0x07unsigned long
Outswapped
0x0370:0x08unsigned long
ForkFailed
0x0370:0x09unsigned long
Wow64VaSpace4Gb
0x0370:0x0Aunsigned long
AddressSpaceInitialized
0x0370:0x0Cunsigned long
SetTimerResolution
0x0370:0x0Dunsigned long
BreakOnTermination
0x0370:0x0Eunsigned long
DeprioritizeViews
0x0370:0x0Funsigned long
WriteWatch
0x0370:0x10unsigned long
ProcessInSession
0x0370:0x11unsigned long
OverrideAddressSpace
0x0370:0x12unsigned long
HasAddressSpace
0x0370:0x13unsigned long
LaunchPrefetched
0x0370:0x14unsigned long
InjectInpageErrors
0x0370:0x15unsigned long
VmTopDown
0x0370:0x16unsigned long
ImageNotifyDone
0x0370:0x17unsigned long
PdeUpdateNeeded
0x0370:0x18unsigned long
VdmAllowed
0x0370:0x19unsigned long
SmapAllowed
0x0370:0x1Aunsigned long
ProcessInserted
0x0370:0x1Bunsigned long
DefaultIoPriority
0x0370:0x1Eunsigned long
ProcessSelfDelete
0x0370:0x1Funsigned long
SpareProcessFlags
0x0374long
ExitStatus
0x0378unsigned long[2]
Spares		uint16_t
Spare7		volatile uint64_t
CommitChargePeak		struct _MM_AVL_TABLE *
LockedPagesList		struct _EJOB * volatile
CommitChargeJob		struct _ETHREAD *
ForkInProgress		struct _ETHREAD *
RotateInProgress
0x037Auint8_t
SubSystemMinorVersion
0x037Auint16_t
SubSystemVersion
0x037Buint8_t
SubSystemMajorVersion
0x037Cuint8_t
PriorityClass
0x0380unsigned long
ModifiedPageCount		struct _MM_AVL_TABLE
VadRoot		void *
AweInfo		union _LARGE_INTEGER
ReadOperationCount		struct _MM_AVL_TABLE *
CloneRoot		struct _RTL_AVL_TREE
CloneRoot		struct _EJOB * volatile
CommitChargeJob		struct _ETHREAD *
ForkInProgress
0x0384unsigned long
JobStatus
0x0388unsigned long
Flags		struct _SE_AUDIT_PROCESS_CREATION_INFO
SeAuditProcessCreationInfo		union _LARGE_INTEGER
WriteOperationCount		volatile uint64_t
NumberOfPrivatePages		struct _RTL_AVL_TREE
CloneRoot		struct _EJOB * volatile
CommitChargeJob
0x0388:0x00unsigned long
CreateReported
0x0388:0x01unsigned long
NoDebugInherit
0x0388:0x02unsigned long
ProcessExiting
0x0388:0x03unsigned long
ProcessDelete
0x0388:0x04unsigned long
Wow64SplitPages
0x0388:0x05unsigned long
VmDeleted
0x0388:0x06unsigned long
OutswapEnabled
0x0388:0x07unsigned long
Outswapped
0x0388:0x08unsigned long
ForkFailed
0x0388:0x09unsigned long
Wow64VaSpace4Gb
0x0388:0x0Aunsigned long
AddressSpaceInitialized
0x0388:0x0Cunsigned long
SetTimerResolution
0x0388:0x0Dunsigned long
BreakOnTermination
0x0388:0x0Eunsigned long
SessionCreationUnderway
0x0388:0x0Funsigned long
WriteWatch
0x0388:0x10unsigned long
ProcessInSession
0x0388:0x11unsigned long
OverrideAddressSpace
0x0388:0x12unsigned long
HasAddressSpace
0x0388:0x13unsigned long
LaunchPrefetched
0x0388:0x14unsigned long
InjectInpageErrors
0x0388:0x15unsigned long
VmTopDown
0x0388:0x16unsigned long
ImageNotifyDone
0x0388:0x17unsigned long
PdeUpdateNeeded
0x0388:0x18unsigned long
VdmAllowed
0x0388:0x19unsigned long
SmapAllowed
0x0388:0x1Aunsigned long
CreateFailed
0x0388:0x1Bunsigned long
DefaultIoPriority
0x0388:0x1Eunsigned long
Spare1
0x0388:0x1Funsigned long
Spare2
0x038Clong
ExitStatus
0x0390uint16_t
NextPageColor		struct _MMSUPPORT
Vm		union _LARGE_INTEGER
OtherOperationCount		volatile uint64_t
NumberOfLockedPages		volatile uint64_t
NumberOfPrivatePages		struct _RTL_AVL_TREE
CloneRoot
0x0392uint8_t
SubSystemMinorVersion
0x0392uint16_t
SubSystemVersion
0x0393uint8_t
SubSystemMajorVersion
0x0394uint8_t
PriorityClass
0x0398struct _MM_AVL_TABLE
VadRoot		union _LARGE_INTEGER
ReadTransferCount		void *
Win32Process		volatile uint64_t
NumberOfLockedPages		volatile uint64_t
NumberOfPrivatePages
0x03A0union _LARGE_INTEGER
WriteTransferCount		struct _EJOB * volatile
Job		void *
Win32Process		volatile uint64_t
NumberOfLockedPages
0x03A8union _LARGE_INTEGER
OtherTransferCount		void *
SectionObject		struct _EJOB * volatile
Job		void *
Win32Process
0x03B0uint64_t
CommitChargeLimit		void *
SectionBaseAddress		void *
SectionObject		struct _EJOB * volatile
Job
0x03B8volatile uint64_t
CommitCharge		unsigned long
Cookie		void *
SectionBaseAddress		void *
SectionObject
0x03C0unsigned long
Cookie		volatile uint64_t
CommitChargePeak		struct _PAGEFAULT_HISTORY *
WorkingSetWatch		unsigned long
Cookie		void *
SectionBaseAddress
0x03C8struct _ALPC_PROCESS_CONTEXT
AlpcContext		struct _MMSUPPORT
Vm		void *
Win32WindowStation		struct _PAGEFAULT_HISTORY *
WorkingSetWatch		unsigned long
Cookie
0x03D0void *
InheritedFromUniqueProcessId		void *
Win32WindowStation		struct _PAGEFAULT_HISTORY *
WorkingSetWatch
0x03D8unsigned long
Cookie		void *
LdtInformation		void *
InheritedFromUniqueProcessId		void *
Win32WindowStation
0x03E0struct _EPROCESS *
CreatorProcess		volatile uint64_t
OwnerProcessId		void *
LdtInformation		void *
InheritedFromUniqueProcessId
0x03E0uint64_t
ConsoleHostProcess
0x03E8struct _PEB *
Peb		volatile uint64_t
OwnerProcessId		void *
LdtInformation
0x03F0void *
Session		struct _PEB *
Peb		volatile uint64_t
OwnerProcessId
0x03F8void *
AweInfo		void *
Session		struct _PEB *
Peb
0x0400struct _EPROCESS_QUOTA_BLOCK *
QuotaBlock		void *
AweInfo		void *
Session
0x0408struct _HANDLE_TABLE *
ObjectTable		struct _EPROCESS_QUOTA_BLOCK *
QuotaBlock		void *
AweInfo
0x0410void *
DebugPort		struct _HANDLE_TABLE *
ObjectTable		struct _EPROCESS_QUOTA_BLOCK *
QuotaBlock
0x0418struct _LIST_ENTRY
MmProcessLinks		void *
Wow64Process		void *
DebugPort		struct _HANDLE_TABLE *
ObjectTable
0x0420void *
DeviceMap		void *
Wow64Process		void *
DebugPort
0x0428void *
HighestUserAddress		void *
EtwDataSource		void *
DeviceMap		void *
Wow64Process		struct _EWOW64PROCESS *
WoW64Process
0x0430unsigned long
ModifiedPageCount		uint64_t
PageDirectoryPte		void *
EtwDataSource		void *
DeviceMap
0x0434unsigned long
Flags2
0x0434:0x00unsigned long
JobNotReallyActive
0x0434:0x01unsigned long
AccountingFolded
0x0434:0x02unsigned long
NewProcessReported
0x0434:0x03unsigned long
ExitProcessReported
0x0434:0x04unsigned long
ReportCommitChanges
0x0434:0x05unsigned long
LastReportMemory
0x0434:0x06unsigned long
ReportPhysicalPageChanges
0x0434:0x07unsigned long
HandleTableRundown
0x0434:0x08unsigned long
NeedsHandleRundown
0x0434:0x09unsigned long
RefTraceEnabled
0x0434:0x0Aunsigned long
NumaAware
0x0434:0x0Bunsigned long
ProtectedProcess
0x0434:0x0Cunsigned long
DefaultPagePriority
0x0434:0x0Funsigned long
PrimaryTokenFrozen
0x0434:0x10unsigned long
ProcessVerifierTarget
0x0434:0x11unsigned long
StackRandomizationDisabled
0x0434:0x12unsigned long
AffinityPermanent
0x0434:0x13unsigned long
AffinityUpdateEnable
0x0434:0x14unsigned long
PropagateNode
0x0434:0x15unsigned long
ExplicitAffinity
0x0434:0x16unsigned long
Spare1
0x0434:0x17unsigned long
ForceRelocateImages
0x0434:0x18unsigned long
DisallowStrippedImages
0x0434:0x19unsigned long
LowVaAccessible
0x0438unsigned long
Flags		uint8_t[15]
ImageFileName		uint64_t
PageDirectoryPte		void *
EtwDataSource
0x0438:0x00unsigned long
CreateReported
0x0438:0x01unsigned long
NoDebugInherit
0x0438:0x02unsigned long
ProcessExiting
0x0438:0x03unsigned long
ProcessDelete
0x0438:0x04unsigned long
Wow64SplitPages
0x0438:0x05unsigned long
VmDeleted
0x0438:0x06unsigned long
OutswapEnabled
0x0438:0x07unsigned long
Outswapped
0x0438:0x08unsigned long
ForkFailed
0x0438:0x09unsigned long
Wow64VaSpace4Gb
0x0438:0x0Aunsigned long
AddressSpaceInitialized
0x0438:0x0Cunsigned long
SetTimerResolution
0x0438:0x0Dunsigned long
BreakOnTermination
0x0438:0x0Eunsigned long
DeprioritizeViews
0x0438:0x0Funsigned long
WriteWatch
0x0438:0x10unsigned long
ProcessInSession
0x0438:0x11unsigned long
OverrideAddressSpace
0x0438:0x12unsigned long
HasAddressSpace
0x0438:0x13unsigned long
LaunchPrefetched
0x0438:0x14unsigned long
InjectInpageErrors
0x0438:0x15unsigned long
VmTopDown
0x0438:0x16unsigned long
ImageNotifyDone
0x0438:0x17unsigned long
PdeUpdateNeeded
0x0438:0x18unsigned long
VdmAllowed
0x0438:0x19unsigned long
CrossSessionCreate
0x0438:0x1Aunsigned long
ProcessInserted
0x0438:0x1Bunsigned long
DefaultIoPriority
0x0438:0x1Eunsigned long
ProcessSelfDelete
0x0438:0x1Funsigned long
SetTimerResolutionLink
0x043Clong
ExitStatus
0x0440struct _MM_AVL_TABLE
VadRoot		uint8_t[15]
ImageFileName		uint64_t
PageDirectoryPte
0x0447uint8_t
PriorityClass
0x0448void *
SecurityPort		uint8_t[15]
ImageFileName		struct _FILE_OBJECT *
ImageFilePointer
0x044Fuint8_t
PriorityClass
0x0450struct _LIST_ENTRY
MmProcessLinks		struct _SE_AUDIT_PROCESS_CREATION_INFO
SeAuditProcessCreationInfo		void *
SecurityPort		uint8_t[15]
ImageFileName
0x0457uint8_t
PriorityClass
0x0458struct _LIST_ENTRY
JobLinks		struct _SE_AUDIT_PROCESS_CREATION_INFO
SeAuditProcessCreationInfo		void *
SecurityPort
0x045Fuint8_t
PriorityClass
0x0460unsigned long
ModifiedPageCount		struct _LIST_ENTRY
JobLinks		struct _SE_AUDIT_PROCESS_CREATION_INFO
SeAuditProcessCreationInfo		void *
SecurityPort
0x0464unsigned long
Flags2
0x0464:0x00unsigned long
JobNotReallyActive
0x0464:0x01unsigned long
AccountingFolded
0x0464:0x02unsigned long
NewProcessReported
0x0464:0x03unsigned long
ExitProcessReported
0x0464:0x04unsigned long
ReportCommitChanges
0x0464:0x05unsigned long
LastReportMemory
0x0464:0x06unsigned long
Spare1
0x0464:0x07unsigned long
HandleTableRundown
0x0464:0x08unsigned long
NeedsHandleRundown
0x0464:0x09unsigned long
RefTraceEnabled
0x0464:0x0Aunsigned long
NumaAware
0x0464:0x0Bunsigned long
Spare2
0x0464:0x0Cunsigned long
DefaultPagePriority
0x0464:0x0Funsigned long
PrimaryTokenFrozen
0x0464:0x10unsigned long
ProcessVerifierTarget
0x0464:0x11unsigned long
StackRandomizationDisabled
0x0464:0x12unsigned long
AffinityPermanent
0x0464:0x13unsigned long
AffinityUpdateEnable
0x0464:0x14unsigned long
PropagateNode
0x0464:0x15unsigned long
ExplicitAffinity
0x0464:0x16unsigned long
LowVaAccessible
0x0464:0x17unsigned long
ForceRelocateImages
0x0464:0x18unsigned long
DisallowStrippedImages
0x0464:0x19unsigned long
HighEntropyASLREnabled
0x0464:0x1Aunsigned long
ForceStackCheck
0x0464:0x1Bunsigned long
ProcessDeepFrozen
0x0464:0x1Cunsigned long
ProcessDeepFreezeRequest
0x0464:0x1Dunsigned long
ProcessDeepFreezeInProgress
0x0464:0x1Eunsigned long
DisallowWin32kSystemCalls
0x0464:0x1Funsigned long
SpareBits
0x0468unsigned long
Flags		void *
HighestUserAddress		struct _LIST_ENTRY
JobLinks		struct _SE_AUDIT_PROCESS_CREATION_INFO
SeAuditProcessCreationInfo
0x0468:0x00unsigned long
CreateReported
0x0468:0x01unsigned long
NoDebugInherit
0x0468:0x02unsigned long
ProcessExiting
0x0468:0x03unsigned long
ProcessDelete
0x0468:0x04unsigned long
Wow64SplitPages
0x0468:0x05unsigned long
VmDeleted
0x0468:0x06unsigned long
OutswapEnabled
0x0468:0x07unsigned long
Outswapped
0x0468:0x08unsigned long
ForkFailed
0x0468:0x09unsigned long
Wow64VaSpace4Gb
0x0468:0x0Aunsigned long
AddressSpaceInitialized
0x0468:0x0Cunsigned long
SetTimerResolution
0x0468:0x0Dunsigned long
BreakOnTermination
0x0468:0x0Eunsigned long
DeprioritizeViews
0x0468:0x0Funsigned long
WriteWatch
0x0468:0x10unsigned long
ProcessInSession
0x0468:0x11unsigned long
OverrideAddressSpace
0x0468:0x12unsigned long
HasAddressSpace
0x0468:0x13unsigned long
LaunchPrefetched
0x0468:0x14unsigned long
InjectInpageErrors
0x0468:0x15unsigned long
VmTopDown
0x0468:0x16unsigned long
ImageNotifyDone
0x0468:0x17unsigned long
PdeUpdateNeeded
0x0468:0x18unsigned long
VdmAllowed
0x0468:0x19unsigned long
CrossSessionCreate
0x0468:0x1Aunsigned long
ProcessInserted
0x0468:0x1Bunsigned long
DefaultIoPriority
0x0468:0x1Eunsigned long
ProcessSelfDelete
0x0468:0x1Funsigned long
SetTimerResolutionLink
0x046Clong
ExitStatus
0x0470struct _MM_AVL_TABLE
VadRoot		struct _LIST_ENTRY
ThreadListHead		void *
HighestUserAddress		struct _LIST_ENTRY
JobLinks
0x0478struct _LIST_ENTRY
ThreadListHead		void *
HighestUserAddress
0x0480struct _ALPC_PROCESS_CONTEXT
AlpcContext		volatile unsigned long
ActiveThreads		struct _LIST_ENTRY
ThreadListHead		void *
HighestUserAddress
0x0484unsigned long
ImagePathHash
0x0488unsigned long
DefaultHardErrorProcessing		volatile unsigned long
ActiveThreads		struct _LIST_ENTRY
ThreadListHead
0x048Clong
LastThreadExitStatus		unsigned long
ImagePathHash
0x0490struct _EX_FAST_REF
PrefetchTrace		unsigned long
DefaultHardErrorProcessing		volatile unsigned long
ActiveThreads
0x0494long
LastThreadExitStatus		unsigned long
ImagePathHash
0x0498struct _MM_AVL_TABLE *
LockedPagesList		void *
LockedPagesList		struct _EX_FAST_REF
PrefetchTrace		unsigned long
DefaultHardErrorProcessing		volatile unsigned long
ActiveThreads
0x049Clong
LastThreadExitStatus		unsigned long
ImagePathHash
0x04A0struct _LIST_ENTRY
TimerResolutionLink		volatile uint64_t
VadPhysicalPages		union _LARGE_INTEGER
ReadOperationCount		void *
LockedPagesList		struct _EX_FAST_REF
PrefetchTrace		unsigned long
DefaultHardErrorProcessing
0x04A4long
LastThreadExitStatus
0x04A8uint64_t
VadPhysicalPagesLimit		union _LARGE_INTEGER
WriteOperationCount		union _LARGE_INTEGER
ReadOperationCount		void *
LockedPagesList		struct _EX_FAST_REF
PrefetchTrace
0x04B0unsigned long
RequestedTimerResolution		struct _ALPC_PROCESS_CONTEXT
AlpcContext		union _LARGE_INTEGER
OtherOperationCount		union _LARGE_INTEGER
WriteOperationCount		union _LARGE_INTEGER
ReadOperationCount		void *
LockedPagesList
0x04B4unsigned long
ActiveThreadsHighWatermark
0x04B8unsigned long
SmallestTimerResolution		union _LARGE_INTEGER
ReadTransferCount		union _LARGE_INTEGER
OtherOperationCount		union _LARGE_INTEGER
WriteOperationCount		union _LARGE_INTEGER
ReadOperationCount
0x04C0struct _PO_DIAG_STACK_RECORD *
TimerResolutionStackRecord		union _LARGE_INTEGER
WriteTransferCount		union _LARGE_INTEGER
ReadTransferCount		union _LARGE_INTEGER
OtherOperationCount		union _LARGE_INTEGER
WriteOperationCount
0x04C8uint64_t
SequenceNumber		union _LARGE_INTEGER
OtherTransferCount		union _LARGE_INTEGER
WriteTransferCount		union _LARGE_INTEGER
ReadTransferCount		union _LARGE_INTEGER
OtherOperationCount
0x04D0uint64_t
CreateInterruptTime		struct _LIST_ENTRY
TimerResolutionLink		uint64_t
CommitChargeLimit		volatile uint64_t
CommitCharge		union _LARGE_INTEGER
OtherTransferCount		union _LARGE_INTEGER
WriteTransferCount		union _LARGE_INTEGER
ReadTransferCount
0x04D8uint64_t
CreateUnbiasedInterruptTime		volatile uint64_t
CommitCharge		struct _MMSUPPORT
Vm		uint64_t
CommitChargeLimit		union _LARGE_INTEGER
OtherTransferCount		union _LARGE_INTEGER
WriteTransferCount
0x04E0struct _PO_DIAG_STACK_RECORD *
TimerResolutionStackRecord		volatile uint64_t
CommitChargePeak		volatile uint64_t
CommitCharge		uint64_t
CommitChargeLimit		union _LARGE_INTEGER
OtherTransferCount
0x04E8unsigned long
RequestedTimerResolution		struct _MMSUPPORT
Vm		struct _MMSUPPORT
Vm		volatile uint64_t
CommitChargePeak		volatile uint64_t
CommitCharge		uint64_t
CommitChargeLimit
0x04ECunsigned long
SmallestTimerResolution
0x04F0union _LARGE_INTEGER
ExitTime		struct _MMSUPPORT
Vm		volatile uint64_t
CommitChargePeak		volatile uint64_t
CommitCharge
0x04F8struct _INVERTED_FUNCTION_TABLE *
InvertedFunctionTable		struct _MMSUPPORT
Vm		volatile uint64_t
CommitChargePeak
0x0500struct _EX_PUSH_LOCK
InvertedFunctionTableLock		struct _MMSUPPORT
Vm
0x0508unsigned long
ActiveThreadsHighWatermark
0x050Cunsigned long
LargePrivateVadCount
0x0510void *
WnfContext
0x0518enum _SE_SIGNING_LEVEL
SignatureLevel
0x051Cunsigned long
KeepAliveCounter
0x0520struct _PROCESS_DISK_COUNTERS *
DiskCounters
0x0578struct _LIST_ENTRY
MmProcessLinks
0x0588unsigned long
ModifiedPageCount
0x058Clong
ExitStatus
0x0590struct _MM_AVL_TABLE
VadRoot
0x05C0volatile uint64_t
VadPhysicalPages		struct _LIST_ENTRY
MmProcessLinks
0x05C8uint64_t
VadPhysicalPagesLimit
0x05D0struct _ALPC_PROCESS_CONTEXT
AlpcContext		unsigned long
ModifiedPageCount
0x05D4long
ExitStatus
0x05D8struct _RTL_AVL_TREE
VadRoot		struct _LIST_ENTRY
MmProcessLinks
0x05E0void *
VadHint
0x05E8uint64_t
VadCount		unsigned long
ModifiedPageCount
0x05EClong
ExitStatus
0x05F0struct _LIST_ENTRY
TimerResolutionLink		volatile uint64_t
VadPhysicalPages		struct _RTL_AVL_TREE
VadRoot		struct _LIST_ENTRY
MmProcessLinks
0x05F8uint64_t
VadPhysicalPagesLimit		void *
VadHint		struct _LIST_ENTRY
MmProcessLinks
0x0600struct _PO_DIAG_STACK_RECORD *
TimerResolutionStackRecord		struct _ALPC_PROCESS_CONTEXT
AlpcContext		uint64_t
VadCount		unsigned long
ModifiedPageCount
0x0604long
ExitStatus
0x0608unsigned long
RequestedTimerResolution		volatile uint64_t
VadPhysicalPages		struct _RTL_AVL_TREE
VadRoot		unsigned long
ModifiedPageCount
0x060Cunsigned long
SmallestTimerResolution		long
ExitStatus
0x0610union _LARGE_INTEGER
ExitTime		uint64_t
VadPhysicalPagesLimit		void *
VadHint		struct _RTL_AVL_TREE
VadRoot
0x0618struct _INVERTED_FUNCTION_TABLE *
InvertedFunctionTable		struct _ALPC_PROCESS_CONTEXT
AlpcContext		uint64_t
VadCount		void *
VadHint
0x0620struct _EX_PUSH_LOCK
InvertedFunctionTableLock		struct _LIST_ENTRY
TimerResolutionLink		volatile uint64_t
VadPhysicalPages		uint64_t
VadCount
0x0628unsigned long
ActiveThreadsHighWatermark		uint64_t
VadPhysicalPagesLimit		volatile uint64_t
VadPhysicalPages
0x062Cunsigned long
LargePrivateVadCount
0x0630struct _EX_PUSH_LOCK
ThreadListLock		struct _PO_DIAG_STACK_RECORD *
TimerResolutionStackRecord		struct _ALPC_PROCESS_CONTEXT
AlpcContext		uint64_t
VadPhysicalPagesLimit
0x0638void *
WnfContext		unsigned long
RequestedTimerResolution		struct _LIST_ENTRY
TimerResolutionLink		struct _ALPC_PROCESS_CONTEXT
AlpcContext
0x063Cunsigned long
SmallestTimerResolution
0x0640uint64_t
SectionMappingSize		union _LARGE_INTEGER
ExitTime
0x0648uint8_t
SignatureLevel		struct _INVERTED_FUNCTION_TABLE *
InvertedFunctionTable		struct _PO_DIAG_STACK_RECORD *
TimerResolutionStackRecord
0x0649uint8_t
SectionSignatureLevel
0x064Auint8_t[2]
SpareByte20
0x064Cunsigned long
KeepAliveCounter
0x0650struct _PROCESS_DISK_COUNTERS *
DiskCounters		struct _EX_PUSH_LOCK
InvertedFunctionTableLock		unsigned long
RequestedTimerResolution		struct _LIST_ENTRY
TimerResolutionLink
0x0654unsigned long
SmallestTimerResolution
0x0658uint64_t
LastFreezeInterruptTime		unsigned long
ActiveThreadsHighWatermark		union _LARGE_INTEGER
ExitTime		struct _LIST_ENTRY
TimerResolutionLink
0x065Cunsigned long
LargePrivateVadCount
0x0660struct _EX_PUSH_LOCK
ThreadListLock		struct _INVERTED_FUNCTION_TABLE *
InvertedFunctionTable		struct _PO_DIAG_STACK_RECORD *
TimerResolutionStackRecord
0x0668void *
WnfContext		struct _EX_PUSH_LOCK
InvertedFunctionTableLock		unsigned long
RequestedTimerResolution		struct _PO_DIAG_STACK_RECORD *
TimerResolutionStackRecord
0x066Cunsigned long
SmallestTimerResolution
0x0670uint64_t
Spare0		unsigned long
ActiveThreadsHighWatermark		union _LARGE_INTEGER
ExitTime		unsigned long
RequestedTimerResolution
0x0674unsigned long
LargePrivateVadCount		unsigned long
SmallestTimerResolution
0x0678uint8_t
SignatureLevel		struct _EX_PUSH_LOCK
ThreadListLock		struct _INVERTED_FUNCTION_TABLE *
InvertedFunctionTable		union _LARGE_INTEGER
ExitTime
0x0679uint8_t
SectionSignatureLevel
0x067Astruct _PS_PROTECTION
Protection
0x067Buint8_t[1]
SpareByte20
0x067Cunsigned long
Flags3
0x067C:0x00unsigned long
Minimal
0x0680long
SvmReserved		void *
WnfContext		struct _EX_PUSH_LOCK
InvertedFunctionTableLock		struct _INVERTED_FUNCTION_TABLE *
InvertedFunctionTable
0x0688void *
SvmReserved1		uint64_t
Spare0		unsigned long
ActiveThreadsHighWatermark		struct _EX_PUSH_LOCK
InvertedFunctionTableLock
0x068Cunsigned long
LargePrivateVadCount
0x0690uint64_t
SvmReserved2		uint8_t
SignatureLevel		struct _EX_PUSH_LOCK
ThreadListLock		unsigned long
ActiveThreadsHighWatermark
0x0691uint8_t
SectionSignatureLevel
0x0692struct _PS_PROTECTION
Protection
0x0693uint8_t[1]
SpareByte20
0x0694unsigned long
Flags3		unsigned long
LargePrivateVadCount
0x0694:0x00unsigned long
Minimal
0x0694:0x01unsigned long
ReplacingPageRoot
0x0698uint64_t
LastFreezeInterruptTime		long
SvmReserved		void *
WnfContext		struct _EX_PUSH_LOCK
ThreadListLock
0x06A0struct _PROCESS_DISK_COUNTERS *
DiskCounters		void *
SvmReserved1		uint64_t
Spare0		void *
WnfContext
0x06A8void *
PicoContext		uint64_t
SvmReserved2		uint8_t
SignatureLevel		uint64_t
Spare0
0x06A9uint8_t
SectionSignatureLevel
0x06AAstruct _PS_PROTECTION
Protection
0x06ABuint8_t
HangCount
0x06ACunsigned long
Flags3
0x06AC:0x00unsigned long
Minimal
0x06AC:0x01unsigned long
ReplacingPageRoot
0x06AC:0x02unsigned long
DisableNonSystemFonts
0x06AC:0x03unsigned long
AuditNonSystemFontLoading
0x06AC:0x04unsigned long
Crashed
0x06AC:0x05unsigned long
JobVadsAreTracked
0x06AC:0x06unsigned long
VadTrackingDisabled
0x06AC:0x07unsigned long
AuxiliaryProcess
0x06AC:0x08unsigned long
SubsystemProcess
0x06AC:0x09unsigned long
IndirectCpuSets
0x06AC:0x0Aunsigned long
InPrivate
0x06B0unsigned long
KeepAliveCounter		uint64_t
LastFreezeInterruptTime		long
DeviceAsid		uint8_t
SignatureLevel
0x06B1uint8_t
SectionSignatureLevel
0x06B2struct _PS_PROTECTION
Protection
0x06B3uint8_t
HangCount
0x06B4unsigned long
NoWakeKeepAliveCounter		unsigned long
Flags3
0x06B4:0x00unsigned long
Minimal
0x06B4:0x01unsigned long
ReplacingPageRoot
0x06B4:0x02unsigned long
DisableNonSystemFonts
0x06B4:0x03unsigned long
AuditNonSystemFontLoading
0x06B4:0x04unsigned long
Crashed
0x06B4:0x05unsigned long
JobVadsAreTracked
0x06B4:0x06unsigned long
VadTrackingDisabled
0x06B4:0x07unsigned long
AuxiliaryProcess
0x06B4:0x08unsigned long
SubsystemProcess
0x06B4:0x09unsigned long
IndirectCpuSets
0x06B4:0x0Aunsigned long
InPrivate
0x06B4:0x0Bunsigned long
ProhibitRemoteImageMap
0x06B4:0x0Cunsigned long
ProhibitLowILImageMap
0x06B4:0x0Dunsigned long
SignatureMitigationOptIn
0x06B8uint64_t
DeepFreezeStartTime		struct _PROCESS_DISK_COUNTERS *
DiskCounters		void *
SvmData		long
DeviceAsid
0x06C0uint64_t
CommitChargeLimit		void *
PicoContext		struct _EX_PUSH_LOCK
SvmProcessLock		void *
SvmData
0x06C8volatile uint64_t
CommitChargePeak		uint64_t
SecretIdentity		uint64_t
SvmLock		struct _EX_PUSH_LOCK
SvmProcessLock
0x06D0unsigned long
HighPriorityFaultsAllowed		uint64_t
SecurePid		struct _LIST_ENTRY
SvmProcessDeviceListHead		uint64_t
SvmLock
0x06D8uint64_t
SequenceNumber		void *
ContextBuffer		struct _LIST_ENTRY
SvmProcessDeviceListHead
0x06E0uint64_t
CreateInterruptTime		unsigned long
KeepAliveCounter		uint64_t
LastFreezeInterruptTime
0x06E4unsigned long
NoWakeKeepAliveCounter
0x06E8uint64_t
CreateUnbiasedInterruptTime		unsigned long
HighPriorityFaultsAllowed		struct _PROCESS_DISK_COUNTERS *
DiskCounters		uint64_t
LastFreezeInterruptTime
0x06F0struct _PROCESS_ENERGY_VALUES *
EnergyValues		void *
PicoContext		struct _PROCESS_DISK_COUNTERS *
DiskCounters
0x06F8void *
VmContext		uint64_t
TrustletIdentity		void *
PicoContext
0x0700unsigned long
KeepAliveCounter		uint64_t
TrustletIdentity
0x0704unsigned long
NoWakeKeepAliveCounter
0x0708unsigned long
HighPriorityFaultsAllowed		unsigned long
KeepAliveCounter
0x070Cunsigned long
NoWakeKeepAliveCounter
0x0710struct _PROCESS_ENERGY_VALUES *
EnergyValues		unsigned long
HighPriorityFaultsAllowed
0x0718void *
VmContext		struct _PROCESS_ENERGY_VALUES *
EnergyValues
0x0720uint64_t
SequenceNumber		struct _ESILO *
Silo		void *
VmContext
0x0728uint64_t
CreateInterruptTime		struct _LIST_ENTRY
SiloEntry		uint64_t
SequenceNumber
0x0730uint64_t
CreateUnbiasedInterruptTime		uint64_t
CreateInterruptTime
0x0738uint64_t
TotalUnbiasedFrozenTime		uint64_t
SequenceNumber		uint64_t
CreateUnbiasedInterruptTime
0x0740uint64_t
LastAppStateUpdateTime		uint64_t
CreateInterruptTime		uint64_t
TotalUnbiasedFrozenTime
0x0748:0x00uint64_t
LastAppStateUptime		uint64_t
CreateUnbiasedInterruptTime		uint64_t
LastAppStateUpdateTime
0x0748:0x3Duint64_t
LastAppState
0x0750volatile uint64_t
SharedCommitCharge		uint64_t
TotalUnbiasedFrozenTime		uint64_t
LastAppStateUptime
0x0750:0x3Duint64_t
LastAppState
0x0758struct _EX_PUSH_LOCK
SharedCommitLock		uint64_t
LastAppStateUpdateTime		volatile uint64_t
SharedCommitCharge
0x0760struct _LIST_ENTRY
SharedCommitLinks		uint64_t
LastAppStateUptime		struct _EX_PUSH_LOCK
SharedCommitLock
0x0760:0x3Duint64_t
LastAppState
0x0768volatile uint64_t
SharedCommitCharge		struct _LIST_ENTRY
SharedCommitLinks
0x0770struct _EX_PUSH_LOCK
SharedCommitLock
0x0778struct _LIST_ENTRY
SharedCommitLinks		uint64_t
AllowedCpuSets
0x0778uint64_t *
AllowedCpuSetsIndirect
0x0780uint64_t
DefaultCpuSets
0x0780uint64_t *
DefaultCpuSetsIndirect
0x0788uint64_t
AllowedCpuSets
0x0788uint64_t *
AllowedCpuSetsIndirect
0x0790uint64_t
DefaultCpuSets
0x0790uint64_t *
DefaultCpuSetsIndirect