Terminus Project - _EPROCESS

Min version	XP	XP SP2	2003/XP64	2003/XP64 SP1	Vista	Vista SP1	Vista SP2	7	7 SP1	7 SP1	7 SP1	8 Pre RTM	8 Pre RTM	8.1 Update 1	8.1 Update 1	8.1 Update 1	10
Max version	XP SP1	XP SP3	2003/XP64	2003/XP64 SP2	Vista	Vista SP2	Vista SP2	7 SP1	7 SP1	7 SP1	7 SP1	8 Pre RTM	8	8.1 Update 1	8.1 Update 1	8.1 Update 1	10
x86 offset offset:bitpos	Field Name
0x0000	struct _KPROCESS Pcb			struct _KPROCESS Pcb	struct _KPROCESS Pcb			struct _KPROCESS Pcb				struct _KPROCESS Pcb					struct _KPROCESS Pcb
0x006C	struct _EX_PUSH_LOCK ProcessLock
0x0070	union _LARGE_INTEGER CreateTime
0x0078	union _LARGE_INTEGER ExitTime			struct _EX_PUSH_LOCK ProcessLock
0x0080	struct _EX_RUNDOWN_REF RundownProtect			union _LARGE_INTEGER CreateTime	struct _EX_PUSH_LOCK ProcessLock
0x0084	void * UniqueProcessId			union _LARGE_INTEGER CreateTime
0x0088	struct _LIST_ENTRY ActiveProcessLinks			union _LARGE_INTEGER ExitTime	union _LARGE_INTEGER CreateTime
0x0090	unsigned long[3] QuotaUsage			struct _EX_RUNDOWN_REF RundownProtect	union _LARGE_INTEGER ExitTime
0x0094				void * UniqueProcessId	union _LARGE_INTEGER ExitTime
0x0098				struct _LIST_ENTRY ActiveProcessLinks	struct _EX_RUNDOWN_REF RundownProtect			struct _EX_PUSH_LOCK ProcessLock
0x009C	unsigned long[3] QuotaPeak			struct _LIST_ENTRY ActiveProcessLinks	void * UniqueProcessId
0x00A0	unsigned long[3] QuotaPeak			unsigned long[3] QuotaUsage	struct _LIST_ENTRY ActiveProcessLinks			union _LARGE_INTEGER CreateTime				struct _EX_PUSH_LOCK ProcessLock
0x00A8	unsigned long CommitCharge			unsigned long[3] QuotaUsage	unsigned long[3] QuotaUsage			union _LARGE_INTEGER ExitTime				union _LARGE_INTEGER CreateTime					struct _EX_PUSH_LOCK ProcessLock
0x00AC	unsigned long PeakVirtualSize			unsigned long[3] QuotaPeak				union _LARGE_INTEGER ExitTime				union _LARGE_INTEGER CreateTime					struct _EX_RUNDOWN_REF RundownProtect
0x00B0	unsigned long VirtualSize							struct _EX_RUNDOWN_REF RundownProtect									void * VdmObjects
0x00B4	struct _LIST_ENTRY SessionProcessLinks				unsigned long[3] QuotaPeak			void * UniqueProcessId
0x00B8	struct _LIST_ENTRY SessionProcessLinks			unsigned long CommitCharge				struct _LIST_ENTRY ActiveProcessLinks
0x00BC	void * DebugPort			unsigned long PeakVirtualSize				struct _LIST_ENTRY ActiveProcessLinks
0x00C0	void * ExceptionPort			unsigned long VirtualSize	volatile unsigned long CommitCharge			unsigned long[2] ProcessQuotaUsage					unsigned long Flags2
0x00C0:0x00													unsigned long JobNotReallyActive
0x00C0:0x01													unsigned long AccountingFolded
0x00C0:0x02													unsigned long NewProcessReported
0x00C0:0x03													unsigned long ExitProcessReported
0x00C0:0x04													unsigned long ReportCommitChanges
0x00C0:0x05													unsigned long LastReportMemory
0x00C0:0x06													unsigned long NoWakeCharge	unsigned long ForceWakeCharge
0x00C0:0x07													unsigned long HandleTableRundown	unsigned long CrossSessionCreate
0x00C0:0x08													unsigned long NeedsHandleRundown
0x00C0:0x09													unsigned long RefTraceEnabled
0x00C0:0x0A													unsigned long NumaAware	unsigned long DisableDynamicCode
0x00C0:0x0B													unsigned long EmptyJobEvaluated
0x00C0:0x0C													unsigned long DefaultPagePriority
0x00C0:0x0F													unsigned long PrimaryTokenFrozen
0x00C0:0x10													unsigned long ProcessVerifierTarget
0x00C0:0x11													unsigned long StackRandomizationDisabled
0x00C0:0x12													unsigned long AffinityPermanent
0x00C0:0x13													unsigned long AffinityUpdateEnable
0x00C0:0x14													unsigned long PropagateNode
0x00C0:0x15													unsigned long ExplicitAffinity
0x00C0:0x16													unsigned long ProcessExecutionState
0x00C0:0x18													unsigned long DisallowStrippedImages
0x00C0:0x19													unsigned long HighEntropyASLREnabled
0x00C0:0x1A													unsigned long ExtensionPointDisable
0x00C0:0x1B													unsigned long ForceRelocateImages
0x00C0:0x1C													unsigned long ProcessStateChangeRequest
0x00C0:0x1E													unsigned long ProcessStateChangeInProgress
0x00C0:0x1F													unsigned long DisallowWin32kSystemCalls
0x00C4	struct _HANDLE_TABLE * ObjectTable			struct _LIST_ENTRY SessionProcessLinks	unsigned long PeakVirtualSize								unsigned long Flags
0x00C4:0x00													unsigned long CreateReported
0x00C4:0x01													unsigned long NoDebugInherit
0x00C4:0x02													unsigned long ProcessExiting
0x00C4:0x03													unsigned long ProcessDelete
0x00C4:0x04													unsigned long Wow64SplitPages	unsigned long ControlFlowGuardEnabled
0x00C4:0x05													unsigned long VmDeleted
0x00C4:0x06													unsigned long OutswapEnabled
0x00C4:0x07													unsigned long Outswapped
0x00C4:0x08													unsigned long ForkFailed				unsigned long FailFastOnCommitFail
0x00C4:0x09													unsigned long Wow64VaSpace4Gb
0x00C4:0x0A													unsigned long AddressSpaceInitialized
0x00C4:0x0C													unsigned long SetTimerResolution
0x00C4:0x0D													unsigned long BreakOnTermination
0x00C4:0x0E													unsigned long DeprioritizeViews
0x00C4:0x0F													unsigned long WriteWatch
0x00C4:0x10													unsigned long ProcessInSession
0x00C4:0x11													unsigned long OverrideAddressSpace
0x00C4:0x12													unsigned long HasAddressSpace
0x00C4:0x13													unsigned long LaunchPrefetched
0x00C4:0x14													unsigned long Background
0x00C4:0x15													unsigned long VmTopDown
0x00C4:0x16													unsigned long ImageNotifyDone
0x00C4:0x17													unsigned long PdeUpdateNeeded
0x00C4:0x18													unsigned long VdmAllowed
0x00C4:0x19													unsigned long CrossSessionCreate	unsigned long ProcessRundown
0x00C4:0x1A													unsigned long ProcessInserted
0x00C4:0x1B													unsigned long DefaultIoPriority
0x00C4:0x1E													unsigned long ProcessSelfDelete
0x00C4:0x1F													unsigned long SetTimerResolutionLink
0x00C8	struct _EX_FAST_REF Token				unsigned long VirtualSize			unsigned long[2] ProcessQuotaPeak					unsigned long[2] ProcessQuotaUsage				union _LARGE_INTEGER CreateTime
0x00CC	struct _FAST_MUTEX WorkingSetLock		unsigned long WorkingSetPage	void * DebugPort	struct _LIST_ENTRY SessionProcessLinks			unsigned long[2] ProcessQuotaPeak					unsigned long[2] ProcessQuotaUsage				union _LARGE_INTEGER CreateTime
0x00D0			struct _KGUARDED_MUTEX AddressCreationLock	void * ExceptionPort	struct _LIST_ENTRY SessionProcessLinks			volatile unsigned long CommitCharge				unsigned long PeakVirtualSize	unsigned long[2] ProcessQuotaPeak				unsigned long[2] ProcessQuotaUsage
0x00D4				struct _HANDLE_TABLE * ObjectTable	void * DebugPort			struct _EPROCESS_QUOTA_BLOCK * QuotaBlock				unsigned long VirtualSize	unsigned long[2] ProcessQuotaPeak				unsigned long[2] ProcessQuotaUsage
0x00D8				struct _EX_FAST_REF Token	void * ExceptionPortData			struct _PS_CPU_QUOTA_BLOCK * CpuQuotaBlock				struct _LIST_ENTRY SessionProcessLinks	unsigned long PeakVirtualSize				unsigned long[2] ProcessQuotaPeak
0x00D8					unsigned long ExceptionPortValue
0x00D8:0x00					unsigned long ExceptionPortState
0x00DC				unsigned long WorkingSetPage	struct _HANDLE_TABLE * ObjectTable			unsigned long PeakVirtualSize					unsigned long VirtualSize
0x00E0				struct _KGUARDED_MUTEX AddressCreationLock	struct _EX_FAST_REF Token			unsigned long VirtualSize				void * ExceptionPortData	struct _LIST_ENTRY SessionProcessLinks				unsigned long PeakVirtualSize
0x00E0												unsigned long ExceptionPortValue
0x00E0:0x00												unsigned long ExceptionPortState
0x00E4					unsigned long WorkingSetPage			struct _LIST_ENTRY SessionProcessLinks				struct _EX_FAST_REF Token					unsigned long VirtualSize
0x00E8					struct _EX_PUSH_LOCK AddressCreationLock							unsigned long WorkingSetPage	void * ExceptionPortData				struct _LIST_ENTRY SessionProcessLinks
0x00E8													unsigned long ExceptionPortValue
0x00E8:0x00													unsigned long ExceptionPortState
0x00EC	unsigned long WorkingSetPage				struct _ETHREAD * RotateInProgress			void * DebugPort				struct _EX_PUSH_LOCK AddressCreationLock	struct _EX_FAST_REF Token
0x00F0	struct _FAST_MUTEX AddressCreationLock		unsigned long HyperSpaceLock		struct _ETHREAD * ForkInProgress			void * ExceptionPortData				struct _ETHREAD * RotateInProgress	unsigned long WorkingSetPage				void * ExceptionPortData
0x00F0								unsigned long ExceptionPortValue									unsigned long ExceptionPortValue
0x00F0:0x00								unsigned long ExceptionPortState									unsigned long ExceptionPortState
0x00F4			struct _ETHREAD * ForkInProgress		unsigned long HardwareTrigger			struct _HANDLE_TABLE * ObjectTable				struct _ETHREAD * ForkInProgress	struct _EX_PUSH_LOCK AddressCreationLock				struct _EX_FAST_REF Token
0x00F8			unsigned long HardwareTrigger		struct _MM_AVL_TABLE * PhysicalVadRoot			struct _EX_FAST_REF Token				unsigned long HardwareTrigger	struct _ETHREAD * RotateInProgress	struct _EX_PUSH_LOCK PageTableCommitmentLock			unsigned long WorkingSetPage
0x00FC			struct _MM_AVL_TABLE * PhysicalVadRoot		void * CloneRoot			unsigned long WorkingSetPage				struct _EJOB * volatile CommitChargeJob	struct _ETHREAD * ForkInProgress	struct _ETHREAD * RotateInProgress			struct _EX_PUSH_LOCK AddressCreationLock
0x0100			void * CloneRoot	unsigned long HyperSpaceLock	volatile unsigned long NumberOfPrivatePages			struct _EX_PUSH_LOCK AddressCreationLock				struct _MM_AVL_TABLE * CloneRoot	unsigned long HardwareTrigger	struct _ETHREAD * ForkInProgress			struct _EX_PUSH_LOCK PageTableCommitmentLock
0x0104			unsigned long NumberOfPrivatePages	struct _ETHREAD * ForkInProgress	volatile unsigned long NumberOfLockedPages			struct _ETHREAD * RotateInProgress				volatile unsigned long NumberOfPrivatePages	struct _EJOB * volatile CommitChargeJob				struct _ETHREAD * RotateInProgress
0x0108			unsigned long NumberOfLockedPages	unsigned long HardwareTrigger	void * Win32Process			struct _ETHREAD * ForkInProgress				volatile unsigned long NumberOfLockedPages	struct _MM_AVL_TABLE * CloneRoot	struct _RTL_AVL_TREE CloneRoot			struct _ETHREAD * ForkInProgress
0x010C			void * Win32Process	struct _MM_AVL_TABLE * PhysicalVadRoot	struct _EJOB * Job			unsigned long HardwareTrigger				void * Win32Process	volatile unsigned long NumberOfPrivatePages				struct _EJOB * volatile CommitChargeJob
0x0110	unsigned long HyperSpaceLock		struct _EJOB * Job	void * CloneRoot	void * SectionObject			struct _MM_AVL_TABLE * PhysicalVadRoot				struct _EJOB * volatile Job	volatile unsigned long NumberOfLockedPages				struct _RTL_AVL_TREE CloneRoot
0x0114	struct _ETHREAD * ForkInProgress		void * SectionObject	unsigned long NumberOfPrivatePages	void * SectionBaseAddress			void * CloneRoot				void * SectionObject	void * Win32Process				volatile unsigned long NumberOfPrivatePages
0x0118	unsigned long HardwareTrigger		void * SectionBaseAddress	unsigned long NumberOfLockedPages	struct _EPROCESS_QUOTA_BLOCK * QuotaBlock			volatile unsigned long NumberOfPrivatePages				void * SectionBaseAddress	struct _EJOB * volatile Job				volatile unsigned long NumberOfLockedPages
0x011C	void * VadRoot		struct _EPROCESS_QUOTA_BLOCK * QuotaBlock	void * Win32Process	struct _PAGEFAULT_HISTORY * WorkingSetWatch			volatile unsigned long NumberOfLockedPages				unsigned long Cookie	void * SectionObject				void * Win32Process
0x0120	void * VadHint		struct _PAGEFAULT_HISTORY * WorkingSetWatch	struct _EJOB * Job	void * Win32WindowStation			void * Win32Process				void * VdmObjects	void * SectionBaseAddress				struct _EJOB * volatile Job
0x0124	void * CloneRoot		void * Win32WindowStation	void * SectionObject	void * InheritedFromUniqueProcessId			struct _EJOB * volatile Job				struct _PAGEFAULT_HISTORY * WorkingSetWatch	unsigned long Cookie				void * SectionObject
0x0128	unsigned long NumberOfPrivatePages		void * InheritedFromUniqueProcessId	void * SectionBaseAddress	void * LdtInformation			void * SectionObject				void * Win32WindowStation	void * VdmObjects				void * SectionBaseAddress
0x012C	unsigned long NumberOfLockedPages		void * LdtInformation	struct _EPROCESS_QUOTA_BLOCK * QuotaBlock	void * VadFreeHint	void * Spare		void * SectionBaseAddress				void * InheritedFromUniqueProcessId	struct _PAGEFAULT_HISTORY * WorkingSetWatch				unsigned long Cookie
0x0130	void * Win32Process		void * VadFreeHint	struct _PAGEFAULT_HISTORY * WorkingSetWatch	void * VdmObjects			unsigned long Cookie				void * LdtInformation	void * Win32WindowStation				struct _PAGEFAULT_HISTORY * WorkingSetWatch
0x0134	struct _EJOB * Job		void * VdmObjects	void * Win32WindowStation	void * DeviceMap			unsigned long Spare8				struct _EPROCESS * CreatorProcess	void * InheritedFromUniqueProcessId				void * Win32WindowStation
0x0134	struct _EJOB * Job		void * VdmObjects	void * Win32WindowStation	void * DeviceMap			unsigned long Spare8				unsigned long ConsoleHostProcess	void * InheritedFromUniqueProcessId				void * Win32WindowStation
0x0138	void * SectionObject		void * DeviceMap	void * InheritedFromUniqueProcessId	void * EtwDataSource			struct _PAGEFAULT_HISTORY * WorkingSetWatch				struct _PEB * Peb	void * LdtInformation				void * InheritedFromUniqueProcessId
0x013C	void * SectionBaseAddress		void *[3] Spare0	void * LdtInformation	void * FreeTebHint			void * Win32WindowStation				void * Session	struct _EPROCESS * CreatorProcess	volatile unsigned long OwnerProcessId			void * LdtInformation
0x013C	void * SectionBaseAddress			void * LdtInformation	void * FreeTebHint			void * Win32WindowStation				void * Session	unsigned long ConsoleHostProcess	volatile unsigned long OwnerProcessId			void * LdtInformation
0x0140	struct _EPROCESS_QUOTA_BLOCK * QuotaBlock			void * VadFreeHint	struct _HARDWARE_PTE_X86 PageDirectoryPte			void * InheritedFromUniqueProcessId				void * AweInfo	struct _PEB * Peb				volatile unsigned long OwnerProcessId
0x0140	struct _EPROCESS_QUOTA_BLOCK * QuotaBlock			void * VadFreeHint	uint64_t Filler			void * InheritedFromUniqueProcessId				void * AweInfo	struct _PEB * Peb				volatile unsigned long OwnerProcessId
0x0144	struct _PAGEFAULT_HISTORY * WorkingSetWatch			void * VdmObjects	uint64_t Filler			void * LdtInformation				struct _EPROCESS_QUOTA_BLOCK * QuotaBlock	void * Session				struct _PEB * Peb
0x0148	void * Win32WindowStation		struct _HARDWARE_PTE_X86 PageDirectoryPte	void * DeviceMap	void * Session			void * VdmObjects				struct _HANDLE_TABLE * ObjectTable	void * AweInfo				void * Session
0x0148	void * Win32WindowStation		uint64_t Filler	void * DeviceMap	void * Session			void * VdmObjects				struct _HANDLE_TABLE * ObjectTable	void * AweInfo				void * Session
0x014C	void * InheritedFromUniqueProcessId		uint64_t Filler	void *[3] Spare0	uint8_t[16] ImageFileName			unsigned long ConsoleHostProcess				void * DebugPort	struct _EPROCESS_QUOTA_BLOCK * QuotaBlock				void * AweInfo
0x0150	void * LdtInformation		void * Session					void * DeviceMap				void * PaeTop	struct _HANDLE_TABLE * ObjectTable				struct _EPROCESS_QUOTA_BLOCK * QuotaBlock
0x0154	void * VadFreeHint		uint8_t[16] ImageFileName					void * EtwDataSource				void * DeviceMap	void * DebugPort				struct _HANDLE_TABLE * ObjectTable
0x0158	void * VdmObjects			struct _HARDWARE_PTE_X86 PageDirectoryPte				void * FreeTebHint				void * EtwDataSource	void * PaeTop				void * DebugPort
0x0158	void * VdmObjects			uint64_t Filler				void * FreeTebHint				void * EtwDataSource	void * PaeTop				void * DebugPort
0x015C	void * DeviceMap			uint64_t Filler	struct _LIST_ENTRY JobLinks								void * DeviceMap				void * PaeTop
0x0160	struct _LIST_ENTRY PhysicalVadList			void * Session				struct _HARDWARE_PTE_X86 PageDirectoryPte					void * EtwDataSource				void * DeviceMap
0x0160				void * Session				uint64_t Filler					void * EtwDataSource				void * DeviceMap
0x0164			struct _LIST_ENTRY JobLinks	uint8_t[16] ImageFileName	void * LockedPagesList			uint64_t Filler									void * EtwDataSource
0x0168	struct _HARDWARE_PTE_X86 PageDirectoryPte				struct _LIST_ENTRY ThreadListHead			void * Session				uint8_t[15] ImageFileName	uint64_t PageDirectoryPte
0x0168	uint64_t Filler							void * Session
0x016C	uint64_t Filler		void * LockedPagesList					uint8_t[15] ImageFileName
0x0170	void * Session		struct _LIST_ENTRY ThreadListHead		void * SecurityPort								uint8_t[15] ImageFileName
0x0174	uint8_t[16] ImageFileName			struct _LIST_ENTRY JobLinks	void * PaeTop
0x0177					void * PaeTop							uint8_t PriorityClass
0x0178			void * SecurityPort		volatile unsigned long ActiveThreads							void * SecurityPort
0x017B			void * SecurityPort		volatile unsigned long ActiveThreads			uint8_t PriorityClass				void * SecurityPort
0x017C			void * PaeTop	void * LockedPagesList	unsigned long ImagePathHash			struct _LIST_ENTRY JobLinks				struct _SE_AUDIT_PROCESS_CREATION_INFO SeAuditProcessCreationInfo
0x017F			void * PaeTop	void * LockedPagesList	unsigned long ImagePathHash								uint8_t PriorityClass
0x0180			unsigned long ActiveThreads	struct _LIST_ENTRY ThreadListHead	unsigned long DefaultHardErrorProcessing							struct _LIST_ENTRY JobLinks	void * SecurityPort
0x0184	struct _LIST_ENTRY JobLinks		unsigned long GrantedAccess	struct _LIST_ENTRY ThreadListHead	long LastThreadExitStatus			void * LockedPagesList				struct _LIST_ENTRY JobLinks	struct _SE_AUDIT_PROCESS_CREATION_INFO SeAuditProcessCreationInfo
0x0188	struct _LIST_ENTRY JobLinks		unsigned long DefaultHardErrorProcessing	void * SecurityPort	struct _PEB * Peb			struct _LIST_ENTRY ThreadListHead				void * HighestUserAddress	struct _LIST_ENTRY JobLinks
0x018C	void * LockedPagesList		long LastThreadExitStatus	void * PaeTop	struct _EX_FAST_REF PrefetchTrace			struct _LIST_ENTRY ThreadListHead				struct _LIST_ENTRY ThreadListHead	struct _LIST_ENTRY JobLinks
0x0190	struct _LIST_ENTRY ThreadListHead		struct _PEB * Peb	unsigned long ActiveThreads	union _LARGE_INTEGER ReadOperationCount			void * SecurityPort				struct _LIST_ENTRY ThreadListHead	void * HighestUserAddress
0x0194	struct _LIST_ENTRY ThreadListHead		struct _EX_FAST_REF PrefetchTrace	unsigned long GrantedAccess	union _LARGE_INTEGER ReadOperationCount			void * PaeTop				volatile unsigned long ActiveThreads	struct _LIST_ENTRY ThreadListHead
0x0198	void * SecurityPort		union _LARGE_INTEGER ReadOperationCount	unsigned long DefaultHardErrorProcessing	union _LARGE_INTEGER WriteOperationCount			volatile unsigned long ActiveThreads				unsigned long ImagePathHash	struct _LIST_ENTRY ThreadListHead
0x019C	void * PaeTop		union _LARGE_INTEGER ReadOperationCount	long LastThreadExitStatus	union _LARGE_INTEGER WriteOperationCount			unsigned long ImagePathHash				unsigned long DefaultHardErrorProcessing	volatile unsigned long ActiveThreads
0x01A0	unsigned long ActiveThreads		union _LARGE_INTEGER WriteOperationCount	struct _PEB * Peb	union _LARGE_INTEGER OtherOperationCount			unsigned long DefaultHardErrorProcessing				long LastThreadExitStatus	unsigned long ImagePathHash
0x01A4	unsigned long GrantedAccess		union _LARGE_INTEGER WriteOperationCount	struct _EX_FAST_REF PrefetchTrace	union _LARGE_INTEGER OtherOperationCount			long LastThreadExitStatus				struct _EX_FAST_REF PrefetchTrace	unsigned long DefaultHardErrorProcessing
0x01A8	unsigned long DefaultHardErrorProcessing		union _LARGE_INTEGER OtherOperationCount	union _LARGE_INTEGER ReadOperationCount	union _LARGE_INTEGER ReadTransferCount			struct _PEB * Peb				struct _MM_AVL_TABLE * LockedPagesList	long LastThreadExitStatus
0x01AC	long LastThreadExitStatus		union _LARGE_INTEGER OtherOperationCount	union _LARGE_INTEGER ReadOperationCount	union _LARGE_INTEGER ReadTransferCount			struct _EX_FAST_REF PrefetchTrace					struct _EX_FAST_REF PrefetchTrace
0x01B0	struct _PEB * Peb		union _LARGE_INTEGER ReadTransferCount	union _LARGE_INTEGER WriteOperationCount	union _LARGE_INTEGER WriteTransferCount			union _LARGE_INTEGER ReadOperationCount					struct _MM_AVL_TABLE * LockedPagesList	void * LockedPagesList
0x01B4	struct _EX_FAST_REF PrefetchTrace		union _LARGE_INTEGER ReadTransferCount	union _LARGE_INTEGER WriteOperationCount	union _LARGE_INTEGER WriteTransferCount			union _LARGE_INTEGER ReadOperationCount
0x01B8	union _LARGE_INTEGER ReadOperationCount		union _LARGE_INTEGER WriteTransferCount	union _LARGE_INTEGER OtherOperationCount	union _LARGE_INTEGER OtherTransferCount			union _LARGE_INTEGER WriteOperationCount					union _LARGE_INTEGER ReadOperationCount
0x01C0	union _LARGE_INTEGER WriteOperationCount		union _LARGE_INTEGER OtherTransferCount	union _LARGE_INTEGER ReadTransferCount	unsigned long CommitChargeLimit			union _LARGE_INTEGER OtherOperationCount					union _LARGE_INTEGER WriteOperationCount
0x01C4	union _LARGE_INTEGER WriteOperationCount		union _LARGE_INTEGER OtherTransferCount	union _LARGE_INTEGER ReadTransferCount	volatile unsigned long CommitChargePeak			union _LARGE_INTEGER OtherOperationCount					union _LARGE_INTEGER WriteOperationCount
0x01C8	union _LARGE_INTEGER OtherOperationCount		unsigned long CommitChargeLimit	union _LARGE_INTEGER WriteTransferCount	void * AweInfo			union _LARGE_INTEGER ReadTransferCount					union _LARGE_INTEGER OtherOperationCount
0x01CC	union _LARGE_INTEGER OtherOperationCount		unsigned long CommitChargePeak	union _LARGE_INTEGER WriteTransferCount	struct _SE_AUDIT_PROCESS_CREATION_INFO SeAuditProcessCreationInfo			union _LARGE_INTEGER ReadTransferCount					union _LARGE_INTEGER OtherOperationCount
0x01D0	union _LARGE_INTEGER ReadTransferCount		void * AweInfo	union _LARGE_INTEGER OtherTransferCount	struct _MMSUPPORT Vm			union _LARGE_INTEGER WriteTransferCount					union _LARGE_INTEGER ReadTransferCount
0x01D4	union _LARGE_INTEGER ReadTransferCount		struct _SE_AUDIT_PROCESS_CREATION_INFO SeAuditProcessCreationInfo	union _LARGE_INTEGER OtherTransferCount				union _LARGE_INTEGER WriteTransferCount					union _LARGE_INTEGER ReadTransferCount
0x01D8	union _LARGE_INTEGER WriteTransferCount		struct _MMSUPPORT Vm	unsigned long CommitChargeLimit				union _LARGE_INTEGER OtherTransferCount					union _LARGE_INTEGER WriteTransferCount
0x01DC	union _LARGE_INTEGER WriteTransferCount			unsigned long CommitChargePeak				union _LARGE_INTEGER OtherTransferCount					union _LARGE_INTEGER WriteTransferCount
0x01E0	union _LARGE_INTEGER OtherTransferCount			void * AweInfo				unsigned long CommitChargeLimit					union _LARGE_INTEGER OtherTransferCount
0x01E4	union _LARGE_INTEGER OtherTransferCount			struct _SE_AUDIT_PROCESS_CREATION_INFO SeAuditProcessCreationInfo				volatile unsigned long CommitChargePeak				volatile unsigned long CommitCharge	union _LARGE_INTEGER OtherTransferCount
0x01E8	unsigned long CommitChargeLimit			struct _MMSUPPORT Vm				void * AweInfo				volatile unsigned long CommitChargePeak	unsigned long CommitChargeLimit		volatile unsigned long CommitCharge		unsigned long CommitChargeLimit
0x01EC	unsigned long CommitChargePeak							struct _SE_AUDIT_PROCESS_CREATION_INFO SeAuditProcessCreationInfo				struct _MMSUPPORT Vm	volatile unsigned long CommitCharge		struct _MMSUPPORT Vm		volatile unsigned long CommitCharge
0x01F0	void * AweInfo							struct _MMSUPPORT Vm					volatile unsigned long CommitChargePeak				volatile unsigned long CommitChargePeak
0x01F4	struct _SE_AUDIT_PROCESS_CREATION_INFO SeAuditProcessCreationInfo												struct _MMSUPPORT Vm				struct _MMSUPPORT Vm
0x01F8	struct _MMSUPPORT Vm
0x0218					struct _LIST_ENTRY MmProcessLinks
0x0220					unsigned long ModifiedPageCount
0x0224					unsigned long Flags2
0x0224:0x00					unsigned long JobNotReallyActive
0x0224:0x01					unsigned long AccountingFolded
0x0224:0x02					unsigned long NewProcessReported
0x0224:0x03					unsigned long ExitProcessReported
0x0224:0x04					unsigned long ReportCommitChanges
0x0224:0x05					unsigned long LastReportMemory
0x0224:0x06					unsigned long ReportPhysicalPageChanges
0x0224:0x07					unsigned long HandleTableRundown
0x0224:0x08					unsigned long NeedsHandleRundown
0x0224:0x09					unsigned long RefTraceEnabled
0x0224:0x0A					unsigned long NumaAware
0x0224:0x0B					unsigned long ProtectedProcess
0x0224:0x0C					unsigned long DefaultPagePriority
0x0224:0x0F					unsigned long PrimaryTokenFrozen
0x0224:0x10					unsigned long ProcessVerifierTarget
0x0224:0x11					unsigned long StackRandomizationDisabled
0x0224:0x12						unsigned long AffinityPermanent
0x0224:0x13						unsigned long AffinityUpdateEnable
0x0224:0x14						unsigned long CrossSessionCreate
0x0224:0x15							unsigned long LowVaAccessible
0x0228					unsigned long Flags
0x0228:0x00					unsigned long CreateReported
0x0228:0x01					unsigned long NoDebugInherit
0x0228:0x02					unsigned long ProcessExiting
0x0228:0x03					unsigned long ProcessDelete
0x0228:0x04					unsigned long Wow64SplitPages
0x0228:0x05					unsigned long VmDeleted
0x0228:0x06					unsigned long OutswapEnabled
0x0228:0x07					unsigned long Outswapped
0x0228:0x08					unsigned long ForkFailed
0x0228:0x09					unsigned long Wow64VaSpace4Gb
0x0228:0x0A					unsigned long AddressSpaceInitialized
0x0228:0x0C					unsigned long SetTimerResolution
0x0228:0x0D					unsigned long BreakOnTermination
0x0228:0x0E					unsigned long DeprioritizeViews
0x0228:0x0F					unsigned long WriteWatch
0x0228:0x10					unsigned long ProcessInSession
0x0228:0x11					unsigned long OverrideAddressSpace
0x0228:0x12					unsigned long HasAddressSpace
0x0228:0x13					unsigned long LaunchPrefetched
0x0228:0x14					unsigned long InjectInpageErrors
0x0228:0x15					unsigned long VmTopDown
0x0228:0x16					unsigned long ImageNotifyDone
0x0228:0x17					unsigned long PdeUpdateNeeded
0x0228:0x18					unsigned long VdmAllowed
0x0228:0x19					unsigned long SmapAllowed
0x0228:0x1A					unsigned long ProcessInserted
0x0228:0x1B					unsigned long DefaultIoPriority
0x0228:0x1E					unsigned long SparePsFlags1	unsigned long ProcessSelfDelete
0x0228:0x1F					unsigned long SparePsFlags1	unsigned long SpareProcessFlags
0x022C					long ExitStatus
0x0230				struct _LIST_ENTRY MmProcessLinks	uint16_t Spare7
0x0232			uint8_t SubSystemMinorVersion
0x0232			uint16_t SubSystemVersion
0x0233			uint8_t SubSystemMajorVersion
0x0234			uint8_t PriorityClass
0x0238	unsigned long LastFaultCount		struct _LIST_ENTRY MmProcessLinks		unsigned long ModifiedPageCount	struct _MM_AVL_TABLE VadRoot
0x023C	unsigned long ModifiedPageCount		struct _LIST_ENTRY MmProcessLinks		unsigned long JobStatus
0x0240	unsigned long NumberOfVads		unsigned long ModifiedPageCount		unsigned long Flags
0x0240:0x00					unsigned long CreateReported
0x0240:0x01				unsigned long NoDebugInherit
0x0240:0x02				unsigned long ProcessExiting
0x0240:0x03				unsigned long ProcessDelete
0x0240:0x04				unsigned long Wow64SplitPages
0x0240:0x05				unsigned long VmDeleted
0x0240:0x06				unsigned long OutswapEnabled
0x0240:0x07				unsigned long Outswapped
0x0240:0x08				unsigned long ForkFailed
0x0240:0x09				unsigned long Wow64VaSpace4Gb
0x0240:0x0A				unsigned long AddressSpaceInitialized
0x0240:0x0C				unsigned long SetTimerResolution
0x0240:0x0D				unsigned long BreakOnTermination
0x0240:0x0E				unsigned long SessionCreationUnderway
0x0240:0x0F				unsigned long WriteWatch
0x0240:0x10				unsigned long ProcessInSession
0x0240:0x11				unsigned long OverrideAddressSpace
0x0240:0x12				unsigned long HasAddressSpace
0x0240:0x13				unsigned long LaunchPrefetched
0x0240:0x14				unsigned long InjectInpageErrors
0x0240:0x15				unsigned long VmTopDown
0x0240:0x16				unsigned long ImageNotifyDone
0x0240:0x17				unsigned long PdeUpdateNeeded
0x0240:0x18				unsigned long VdmAllowed
0x0240:0x19				unsigned long SmapAllowed
0x0240:0x1A				unsigned long CreateFailed
0x0240:0x1B				unsigned long DefaultIoPriority
0x0240:0x1E				unsigned long Spare1
0x0240:0x1F				unsigned long Spare2
0x0244	unsigned long JobStatus			long ExitStatus
0x0248	unsigned long Flags			uint16_t NextPageColor
0x0248:0x00	unsigned long CreateReported
0x0248:0x01	unsigned long NoDebugInherit
0x0248:0x02	unsigned long ProcessExiting
0x0248:0x03	unsigned long ProcessDelete
0x0248:0x04	unsigned long Wow64SplitPages
0x0248:0x05	unsigned long VmDeleted
0x0248:0x06	unsigned long OutswapEnabled
0x0248:0x07	unsigned long Outswapped
0x0248:0x08	unsigned long ForkFailed
0x0248:0x09	unsigned long HasPhysicalVad		unsigned long Wow64VaSpace4Gb
0x0248:0x0A	unsigned long AddressSpaceInitialized
0x0248:0x0C	unsigned long SetTimerResolution
0x0248:0x0D	unsigned long BreakOnTermination
0x0248:0x0E	unsigned long SessionCreationUnderway
0x0248:0x0F	unsigned long WriteWatch
0x0248:0x10	unsigned long ProcessInSession			uint8_t SubSystemMinorVersion
0x024A	unsigned long ProcessInSession			uint16_t SubSystemVersion
0x0248:0x11	unsigned long OverrideAddressSpace
0x0248:0x12	unsigned long HasAddressSpace
0x0248:0x13	unsigned long LaunchPrefetched
0x0248:0x14	unsigned long InjectInpageErrors
0x0248:0x15	unsigned long Unused	unsigned long VmTopDown
0x0248:0x16		unsigned long Unused3	unsigned long ImageNotifyDone
0x0248:0x17		unsigned long Unused4	unsigned long PdeUpdateNeeded
0x0248:0x18		unsigned long VdmAllowed		uint8_t SubSystemMajorVersion
0x0248:0x19		unsigned long Unused	unsigned long Unused
0x0248:0x1E		unsigned long Unused1
0x0248:0x1F		unsigned long Unused2
0x024C	long ExitStatus			uint8_t PriorityClass
0x0250	uint16_t NextPageColor			struct _MM_AVL_TABLE VadRoot
0x0252	uint8_t SubSystemMinorVersion
0x0252	uint16_t SubSystemVersion
0x0253	uint8_t SubSystemMajorVersion
0x0254	uint8_t PriorityClass
0x0255	uint8_t WorkingSetAcquiredUnsafe
0x0258		unsigned long Cookie	struct _MM_AVL_TABLE VadRoot		unsigned long Cookie			struct _LIST_ENTRY MmProcessLinks
0x025C					struct _ALPC_PROCESS_CONTEXT AlpcContext			struct _LIST_ENTRY MmProcessLinks	struct _LIST_ENTRY MmProcessLinks
0x0260								unsigned long ModifiedPageCount	struct _LIST_ENTRY MmProcessLinks
0x0264								void * HighestUserAddress				unsigned long Flags2	struct _LIST_ENTRY MmProcessLinks
0x0264:0x00												unsigned long JobNotReallyActive
0x0264:0x01												unsigned long AccountingFolded
0x0264:0x02												unsigned long NewProcessReported
0x0264:0x03												unsigned long ExitProcessReported
0x0264:0x04												unsigned long ReportCommitChanges
0x0264:0x05												unsigned long LastReportMemory
0x0264:0x06												unsigned long Spare1
0x0264:0x07												unsigned long HandleTableRundown
0x0264:0x08												unsigned long NeedsHandleRundown
0x0264:0x09												unsigned long RefTraceEnabled
0x0264:0x0A												unsigned long NumaAware
0x0264:0x0B												unsigned long Spare2
0x0264:0x0C												unsigned long DefaultPagePriority
0x0264:0x0F												unsigned long PrimaryTokenFrozen
0x0264:0x10												unsigned long ProcessVerifierTarget
0x0264:0x11												unsigned long StackRandomizationDisabled
0x0264:0x12												unsigned long AffinityPermanent
0x0264:0x13												unsigned long AffinityUpdateEnable
0x0264:0x14												unsigned long PropagateNode
0x0264:0x15												unsigned long ExplicitAffinity
0x0264:0x16												unsigned long LowVaAccessible
0x0264:0x17												unsigned long ForceRelocateImages
0x0264:0x18												unsigned long DisallowStrippedImages
0x0264:0x19												unsigned long HighEntropyASLREnabled
0x0264:0x1A												unsigned long ForceStackCheck
0x0264:0x1B												unsigned long ProcessDeepFrozen
0x0264:0x1C												unsigned long ProcessDeepFreezeRequest
0x0264:0x1D												unsigned long ProcessDeepFreezeInProgress
0x0264:0x1E												unsigned long DisallowWin32kSystemCalls
0x0264:0x1F												unsigned long SpareBits
0x0268								unsigned long ModifiedPageCount				unsigned long Flags
0x0268:0x00												unsigned long CreateReported
0x0268:0x01												unsigned long NoDebugInherit
0x0268:0x02												unsigned long ProcessExiting
0x0268:0x03												unsigned long ProcessDelete
0x0268:0x04												unsigned long Wow64SplitPages
0x0268:0x05												unsigned long VmDeleted
0x0268:0x06												unsigned long OutswapEnabled
0x0268:0x07												unsigned long Outswapped
0x0268:0x08												unsigned long ForkFailed
0x0268:0x09												unsigned long Wow64VaSpace4Gb
0x0268:0x0A												unsigned long AddressSpaceInitialized
0x0268:0x0C												unsigned long SetTimerResolution
0x0268:0x0D												unsigned long BreakOnTermination
0x0268:0x0E												unsigned long DeprioritizeViews
0x0268:0x0F												unsigned long WriteWatch
0x0268:0x10												unsigned long ProcessInSession
0x0268:0x11												unsigned long OverrideAddressSpace
0x0268:0x12												unsigned long HasAddressSpace
0x0268:0x13												unsigned long LaunchPrefetched
0x0268:0x14												unsigned long InjectInpageErrors
0x0268:0x15												unsigned long VmTopDown
0x0268:0x16												unsigned long ImageNotifyDone
0x0268:0x17												unsigned long PdeUpdateNeeded
0x0268:0x18				unsigned long VdmAllowed
0x0268:0x19				unsigned long CrossSessionCreate
0x0268:0x1A				unsigned long ProcessInserted
0x0268:0x1B				unsigned long DefaultIoPriority
0x0268:0x1E				unsigned long ProcessSelfDelete
0x0268:0x1F				unsigned long SetTimerResolutionLink
0x026C				unsigned long Flags2				long ExitStatus	unsigned long ModifiedPageCount
0x026C:0x00				unsigned long JobNotReallyActive
0x026C:0x01				unsigned long AccountingFolded
0x026C:0x02				unsigned long NewProcessReported
0x026C:0x03				unsigned long ExitProcessReported
0x026C:0x04				unsigned long ReportCommitChanges
0x026C:0x05				unsigned long LastReportMemory
0x026C:0x06				unsigned long ReportPhysicalPageChanges
0x026C:0x07				unsigned long HandleTableRundown
0x026C:0x08				unsigned long NeedsHandleRundown
0x026C:0x09				unsigned long RefTraceEnabled
0x026C:0x0A				unsigned long NumaAware
0x026C:0x0B				unsigned long ProtectedProcess
0x026C:0x0C				unsigned long DefaultPagePriority
0x026C:0x0F				unsigned long PrimaryTokenFrozen
0x026C:0x10				unsigned long ProcessVerifierTarget
0x026C:0x11				unsigned long StackRandomizationDisabled
0x026C:0x12				unsigned long AffinityPermanent
0x026C:0x13				unsigned long AffinityUpdateEnable
0x026C:0x14				unsigned long PropagateNode
0x026C:0x15				unsigned long ExplicitAffinity
0x026C:0x16					unsigned long Spare1
0x026C:0x17					unsigned long ForceRelocateImages
0x026C:0x18					unsigned long DisallowStrippedImages
0x026C:0x19					unsigned long LowVaAccessible
0x0270				unsigned long Cookie	unsigned long Flags				struct _MM_AVL_TABLE VadRoot	long ExitStatus
0x0270:0x00					unsigned long CreateReported
0x0270:0x01					unsigned long NoDebugInherit
0x0270:0x02					unsigned long ProcessExiting
0x0270:0x03					unsigned long ProcessDelete
0x0270:0x04					unsigned long Wow64SplitPages
0x0270:0x05					unsigned long VmDeleted
0x0270:0x06					unsigned long OutswapEnabled
0x0270:0x07					unsigned long Outswapped
0x0270:0x08					unsigned long ForkFailed
0x0270:0x09					unsigned long Wow64VaSpace4Gb
0x0270:0x0A					unsigned long AddressSpaceInitialized
0x0270:0x0C					unsigned long SetTimerResolution
0x0270:0x0D					unsigned long BreakOnTermination
0x0270:0x0E					unsigned long DeprioritizeViews
0x0270:0x0F					unsigned long WriteWatch
0x0270:0x10					unsigned long ProcessInSession
0x0270:0x11					unsigned long OverrideAddressSpace
0x0270:0x12					unsigned long HasAddressSpace
0x0270:0x13					unsigned long LaunchPrefetched
0x0270:0x14					unsigned long InjectInpageErrors
0x0270:0x15					unsigned long VmTopDown
0x0270:0x16					unsigned long ImageNotifyDone
0x0270:0x17					unsigned long PdeUpdateNeeded
0x0270:0x18					unsigned long VdmAllowed
0x0270:0x19					unsigned long CrossSessionCreate
0x0270:0x1A					unsigned long ProcessInserted
0x0270:0x1B					unsigned long DefaultIoPriority
0x0270:0x1E					unsigned long ProcessSelfDelete
0x0270:0x1F					unsigned long SetTimerResolutionLink
0x0274					long ExitStatus					struct _MM_AVL_TABLE VadRoot	struct _RTL_AVL_TREE VadRoot			struct _LIST_ENTRY MmProcessLinks
0x0278						struct _MM_AVL_TABLE VadRoot					void * VadHint			struct _LIST_ENTRY MmProcessLinks
0x027C											unsigned long VadCount			unsigned long ModifiedPageCount
0x0280											volatile unsigned long VadPhysicalPages			long ExitStatus
0x0284											unsigned long VadPhysicalPagesLimit			struct _RTL_AVL_TREE VadRoot
0x0288											volatile unsigned long VadPhysicalPages	struct _ALPC_PROCESS_CONTEXT AlpcContext			void * VadHint
0x028C										unsigned long VadPhysicalPagesLimit	volatile unsigned long VadPhysicalPages				unsigned long VadCount
0x0290										struct _ALPC_PROCESS_CONTEXT AlpcContext	unsigned long VadPhysicalPagesLimit				volatile unsigned long VadPhysicalPages
0x0294											struct _ALPC_PROCESS_CONTEXT AlpcContext				unsigned long VadPhysicalPagesLimit
0x0298	struct _ALPC_PROCESS_CONTEXT AlpcContext					struct _LIST_ENTRY TimerResolutionLink			struct _ALPC_PROCESS_CONTEXT AlpcContext
0x02A0						struct _LIST_ENTRY TimerResolutionLink	struct _PO_DIAG_STACK_RECORD * TimerResolutionStackRecord
0x02A4						struct _LIST_ENTRY TimerResolutionLink	struct _LIST_ENTRY TimerResolutionLink	unsigned long RequestedTimerResolution
0x02A8	struct _LIST_ENTRY TimerResolutionLink					struct _PO_DIAG_STACK_RECORD * TimerResolutionStackRecord	struct _LIST_ENTRY TimerResolutionLink	unsigned long SmallestTimerResolution			struct _LIST_ENTRY TimerResolutionLink
0x02AC	struct _LIST_ENTRY TimerResolutionLink					unsigned long RequestedTimerResolution	struct _PO_DIAG_STACK_RECORD * TimerResolutionStackRecord				struct _LIST_ENTRY TimerResolutionLink
0x02B0	unsigned long RequestedTimerResolution					unsigned long SmallestTimerResolution	unsigned long RequestedTimerResolution	union _LARGE_INTEGER ExitTime			struct _PO_DIAG_STACK_RECORD * TimerResolutionStackRecord
0x02B4	unsigned long ActiveThreadsHighWatermark						unsigned long SmallestTimerResolution	union _LARGE_INTEGER ExitTime			unsigned long RequestedTimerResolution
0x02B8	unsigned long SmallestTimerResolution					union _LARGE_INTEGER ExitTime		unsigned long ActiveThreadsHighWatermark			unsigned long SmallestTimerResolution
0x02BC	struct _PO_DIAG_STACK_RECORD * TimerResolutionStackRecord					union _LARGE_INTEGER ExitTime		unsigned long LargePrivateVadCount
0x02C0			uint64_t SequenceNumber			unsigned long ActiveThreadsHighWatermark		struct _EX_PUSH_LOCK ThreadListLock			union _LARGE_INTEGER ExitTime
0x02C4			uint64_t SequenceNumber			unsigned long LargePrivateVadCount		void * WnfContext			union _LARGE_INTEGER ExitTime
0x02C8			uint64_t CreateInterruptTime			void * WnfContext	struct _EX_PUSH_LOCK ThreadListLock	unsigned long Spare0			unsigned long ActiveThreadsHighWatermark
0x02CC						enum _SE_SIGNING_LEVEL SignatureLevel	void * WnfContext	uint8_t SignatureLevel			unsigned long LargePrivateVadCount
0x02CD								uint8_t SectionSignatureLevel
0x02CE								struct _PS_PROTECTION Protection
0x02CF								uint8_t[1] SpareByte20
0x02D0			uint64_t CreateUnbiasedInterruptTime			unsigned long KeepAliveCounter	unsigned long SectionMappingSize	unsigned long Flags3			struct _EX_PUSH_LOCK ThreadListLock
0x02D0:0x00						unsigned long KeepAliveCounter	unsigned long SectionMappingSize	unsigned long Minimal			struct _EX_PUSH_LOCK ThreadListLock
0x02D4						struct _PROCESS_DISK_COUNTERS * DiskCounters	uint8_t SignatureLevel	long SvmReserved			void * WnfContext
0x02D5							uint8_t SectionSignatureLevel
0x02D6							uint8_t[2] SpareByte20
0x02D8							unsigned long KeepAliveCounter	void * SvmReserved1			unsigned long Spare0
0x02DC							struct _PROCESS_DISK_COUNTERS * DiskCounters	unsigned long SvmReserved2			uint8_t SignatureLevel
0x02DD											uint8_t SectionSignatureLevel
0x02DE											struct _PS_PROTECTION Protection
0x02DF											uint8_t HangCount
0x02E0							uint64_t LastFreezeInterruptTime				unsigned long Flags3
0x02E0:0x00											unsigned long Minimal
0x02E0:0x01											unsigned long ReplacingPageRoot
0x02E0:0x02											unsigned long DisableNonSystemFonts
0x02E0:0x03											unsigned long AuditNonSystemFontLoading
0x02E0:0x04											unsigned long Crashed
0x02E0:0x05											unsigned long JobVadsAreTracked
0x02E0:0x06											unsigned long VadTrackingDisabled
0x02E0:0x07											unsigned long AuxiliaryProcess
0x02E0:0x08											unsigned long SubsystemProcess
0x02E0:0x09											unsigned long IndirectCpuSets
0x02E0:0x0A											unsigned long InPrivate
0x02E4											long DeviceAsid
0x02E8								struct _PROCESS_DISK_COUNTERS * DiskCounters			void * SvmData
0x02EC								unsigned long KeepAliveCounter			struct _EX_PUSH_LOCK SvmProcessLock
0x02F0								unsigned long NoWakeKeepAliveCounter			unsigned long SvmLock
0x02F4											struct _LIST_ENTRY SvmProcessDeviceListHead
0x02F8									uint64_t DeepFreezeStartTime		struct _LIST_ENTRY SvmProcessDeviceListHead
0x0300									unsigned long CommitChargeLimit		uint64_t LastFreezeInterruptTime
0x0304									volatile unsigned long CommitChargePeak		uint64_t LastFreezeInterruptTime
0x0308									unsigned long HighPriorityFaultsAllowed		struct _PROCESS_DISK_COUNTERS * DiskCounters
0x030C											void * PicoContext
0x0310										uint64_t SequenceNumber	unsigned long KeepAliveCounter
0x0314										uint64_t SequenceNumber	unsigned long NoWakeKeepAliveCounter
0x0318										uint64_t CreateInterruptTime	unsigned long HighPriorityFaultsAllowed
0x031C										uint64_t CreateInterruptTime	void * InstrumentationCallback
0x0320										uint64_t CreateUnbiasedInterruptTime	struct _PROCESS_ENERGY_VALUES * EnergyValues
0x0324										uint64_t CreateUnbiasedInterruptTime	void * VmContext
0x0328											struct _ESILO * Silo
0x032C											struct _LIST_ENTRY SiloEntry
0x0338					uint64_t SequenceNumber
0x0340					uint64_t CreateInterruptTime
0x0348					uint64_t CreateUnbiasedInterruptTime
0x0350					uint64_t TotalUnbiasedFrozenTime
0x0358					uint64_t LastAppStateUpdateTime
0x0360:0x00					uint64_t LastAppStateUptime
0x0360:0x3D					uint64_t LastAppState
0x0368					volatile unsigned long SharedCommitCharge
0x036C					struct _EX_PUSH_LOCK SharedCommitLock
0x0370					struct _LIST_ENTRY SharedCommitLinks
0x0378					unsigned long AllowedCpuSets
0x0378					unsigned long * AllowedCpuSetsIndirect
0x037C					unsigned long DefaultCpuSets
0x037C					unsigned long * DefaultCpuSetsIndirect