Min versionXPXP SP32003/XP642003/XP64 SP12003/XP64 SP22003/XP64 SP22003/XP64 SP2VistaVista SP1Vista SP1Vista SP2777 SP18 Pre RTM8 Pre RTM88.18.1 Update 18.1 Update 110 Pre RTM10 Pre RTM10 Pre RTM10 Pre RTM10
Max versionXP SP3Vista SP2810 TH2
Architecturex86x86x86x86x64x86x64x86x64x86x86x86x86x64x86x64x86x64x86x64x86x64x86x64x64x86x64x86x64x64x86x86x64x86x64
x86 offset
offset:bitpos		Field Namex64 offset
offset:bitpos
0x0000struct _DISPATCHER_HEADER
Header		0x0000
0x0010struct _LIST_ENTRY
MutantListHead		struct _LIST_ENTRY
MutantListHead		struct _LIST_ENTRY
MutantListHead		struct _LIST_ENTRY
MutantListHead		struct _LIST_ENTRY
MutantListHead		struct _LIST_ENTRY
MutantListHead		struct _LIST_ENTRY
MutantListHead		volatile uint64_t
CycleTime		void *
SListFaultAddress		0x0018
0x0018void *
InitialStack		void *
InitialStack		volatile unsigned long
HighCycleTime		volatile unsigned long
HighCycleTime		volatile unsigned long
HighCycleTime		volatile unsigned long
HighCycleTime		uint64_t
QuantumTarget		uint64_t
QuantumTarget		uint64_t
QuantumTarget		uint64_t
QuantumTarget		uint64_t
QuantumTarget		uint64_t
QuantumTarget		uint64_t
QuantumTarget		uint64_t
QuantumTarget		uint64_t
QuantumTarget		uint64_t
QuantumTarget		uint64_t
QuantumTarget		uint64_t
QuantumTarget		0x0020
0x0018void *
InitialStack		0x0028
0x001Cvoid *
StackLimit		void * volatile
StackLimit		void * volatile
StackLimit		0x0030
0x0020uint64_t
QuantumTarget		uint64_t
QuantumTarget		uint64_t
QuantumTarget		uint64_t
QuantumTarget		uint64_t
QuantumTarget		uint64_t
QuantumTarget		uint64_t
QuantumTarget		uint64_t
QuantumTarget		uint64_t
QuantumTarget		uint64_t
QuantumTarget		0x0020
0x0020void *
Teb		void *
KernelStack		void *
KernelStack		uint64_t
QuantumTarget		void *
InitialStack		void *
InitialStack		void *
InitialStack		void *
InitialStack		void *
InitialStack		void *
InitialStack		void *
InitialStack		void *
InitialStack		void *
InitialStack		void *
InitialStack		void *
InitialStack		void *
InitialStack		0x0028
0x0020void *
KernelStack		0x0038
0x0024void * volatile
StackLimit		void * volatile
StackLimit		void * volatile
StackLimit		void * volatile
StackLimit		void * volatile
StackLimit		void * volatile
StackLimit		void * volatile
StackLimit		void * volatile
StackLimit		void * volatile
StackLimit		void * volatile
StackLimit		void * volatile
StackLimit		void * volatile
StackLimit		0x0030
0x0024void *
TlsArray		uintptr_t
ThreadLock		void * volatile
StackLimit		0x0040
0x0028void *
KernelStack		unsigned long
ContextSwitches		struct _KAPC_STATE
ApcState		void *
InitialStack		void *
InitialStack		void *
InitialStack		void *
InitialStack		void *
InitialStack		void *
InitialStack		void *
InitialStack		void *
InitialStack		void *
InitialStack		void *
InitialStack		void *
StackBase		0x0028
0x0028uint8_t[23]
ApcStateFill		void *
StackBase		void *
StackBase		void *
StackBase		void *
StackBase		void *
StackBase		void *
StackBase		void *
StackBase		void *
StackBase		void *
StackBase		void *
StackBase		void *
StackBase		void *
StackBase		0x0038
0x0028struct _KAPC_STATE
ApcState		0x0048
0x0028x86: uint8_t[23] / x64: uint8_t[43]
ApcStateFill		x86: uint8_t[23] / x64: uint8_t[43]
ApcStateFill		x86: uint8_t[23] / x64: uint8_t[43]
ApcStateFill		x86: uint8_t[23] / x64: uint8_t[43]
ApcStateFill		x86: uint8_t[23] / x64: uint8_t[43]
ApcStateFill		x86: uint8_t[23] / x64: uint8_t[43]
ApcStateFill		0x0048
0x002Cvoid * volatile
StackLimit		void * volatile
StackLimit		void * volatile
StackLimit		void * volatile
StackLimit		void * volatile
StackLimit		void * volatile
StackLimit		void * volatile
StackLimit		void * volatile
StackLimit		0x0030
0x002Cuint8_t
DebugActive		volatile uint8_t
State		void * volatile
StackLimit		uintptr_t
ThreadLock		0x0040
0x002Duint8_t
State		uint8_t
NpxState
0x002Euint8_t[2]
Alerted		uint8_t
WaitIrql
0x002Fchar
WaitMode
0x0030void *
KernelStack		void *
KernelStack		void *
KernelStack		void *
KernelStack		void *
KernelStack		void *
KernelStack		void *
KernelStack		void *
KernelStack		0x0038
0x0030uint8_t
Iopl		void *
Teb		void *
KernelStack		volatile uint64_t
CycleTime		volatile uint64_t
CycleTime		volatile uint64_t
CycleTime		volatile uint64_t
CycleTime		volatile uint64_t
CycleTime		volatile uint64_t
CycleTime		volatile uint64_t
CycleTime		volatile uint64_t
CycleTime		volatile uint64_t
CycleTime		volatile uint64_t
CycleTime		volatile uint64_t
CycleTime		volatile uint64_t
CycleTime		0x0048
0x0031uint8_t
NpxState
0x0032char
Saturation
0x0033char
Priority
0x0034struct _KAPC_STATE
ApcState		uintptr_t
ThreadLock		0x0040
0x0038struct _KAPC_STATE
ApcState		union _KWAIT_STATUS_REGISTER
WaitRegister		volatile unsigned long
HighCycleTime		volatile unsigned long
HighCycleTime		volatile uint64_t
CycleTime		volatile unsigned long
HighCycleTime		volatile unsigned long
HighCycleTime		volatile uint64_t
CycleTime		volatile unsigned long
HighCycleTime		volatile unsigned long
HighCycleTime		0x0048
0x0038x86: uint8_t[23] / x64: uint8_t[43]
ApcStateFill		x86: uint8_t[23] / x64: uint8_t[43]
ApcStateFill		0x0048
0x0039volatile uint8_t
Running		0x0049
0x003Auint8_t[2]
Alerted		0x004A
0x003C:0x00unsigned long
KernelStackResident		void *
ServiceTable		void *
ServiceTable		void *
ServiceTable		void *
ServiceTable		void *
ServiceTable		void *
ServiceTable		0x004C:0x00
0x003Clong
MiscFlags		0x004C
0x003C:0x01unsigned long
ReadyTransition		0x004C:0x01
0x003C:0x02unsigned long
ProcessReadyQueue		0x004C:0x02
0x003C:0x03unsigned long
WaitNext		0x004C:0x03
0x003C:0x04unsigned long
SystemAffinityActive		0x004C:0x04
0x003C:0x05unsigned long
Alertable		0x004C:0x05
0x003C:0x06unsigned long
GdiFlushActive		0x004C:0x06
0x003C:0x07unsigned long
UserStackWalkActive		0x004C:0x07
0x003C:0x08unsigned long
ApcInterruptRequest		0x004C:0x08
0x003C:0x09unsigned long
ForceDeferSchedule		0x004C:0x09
0x003C:0x0Aunsigned long
QuantumEndMigrate		0x004C:0x0A
0x003C:0x0Bunsigned long
UmsDirectedSwitchEnable		0x004C:0x0B
0x003C:0x0Cunsigned long
TimerActive		0x004C:0x0C
0x003C:0x0Dunsigned long
Reserved		unsigned long
Reserved		unsigned long
Reserved		unsigned long
Reserved		unsigned long
SystemThread		0x004C:0x0D
0x003C:0x0Eunsigned long
Reserved		unsigned long
Reserved		0x004C:0x0E
0x003Fuint8_t
ApcQueueable		0x0073
0x0040struct _KAPC_STATE
ApcState		unsigned long
CurrentRunTime		unsigned long
CurrentRunTime		unsigned long
CurrentRunTime		unsigned long
CurrentRunTime		unsigned long
CurrentRunTime		unsigned long
CurrentRunTime		unsigned long
CurrentRunTime		unsigned long
CurrentRunTime		unsigned long
CurrentRunTime		unsigned long
CurrentRunTime		unsigned long
CurrentRunTime		unsigned long
CurrentRunTime		0x0050
0x0040x86: uint8_t[23] / x64: uint8_t[43]
ApcStateFill		x86: uint8_t[23] / x64: uint8_t[43]
ApcStateFill		x86: uint8_t[23] / x64: uint8_t[43]
ApcStateFill		x86: uint8_t[23] / x64: uint8_t[43]
ApcStateFill		x86: uint8_t[23] / x64: uint8_t[43]
ApcStateFill		x86: uint8_t[23] / x64: uint8_t[43]
ApcStateFill		0x0050
0x0040volatile uint8_t
NextProcessor		unsigned long
CurrentRunTime		0x0074
0x0041volatile uint8_t
DeferredProcessor		unsigned long
QuantumEndMigrate		unsigned long
QuantumEndMigrate		0x0075
0x0042uint8_t
AdjustReason		0x0076
0x0043char
AdjustIncrement		0x0077
0x0044unsigned long
ExpectedRunTime		unsigned long
ExpectedRunTime		unsigned long
ExpectedRunTime		unsigned long
ExpectedRunTime		unsigned long
ExpectedRunTime		unsigned long
ExpectedRunTime		unsigned long
ExpectedRunTime		unsigned long
ExpectedRunTime		unsigned long
ExpectedRunTime		unsigned long
ExpectedRunTime		unsigned long
ExpectedRunTime		unsigned long
ExpectedRunTime		0x0054
0x0044uintptr_t
ApcQueueLock		unsigned long
AutoAlignment		unsigned long
AutoAlignment		unsigned long
ExpectedRunTime		0x0078
0x0048unsigned long
ContextSwitches		void *
KernelStack		0x0058
unsigned long
ReservedFlags		0x0078:0x17
unsigned long
Spare1		unsigned long
Spare1		unsigned long
Spare1		unsigned long
Spare1		unsigned long
Spare10		unsigned long
Spare10		unsigned long
Spare10		0x0084
unsigned long
Spare0		unsigned long
Spare0		unsigned long
Spare0		0x0104
0x0048unsigned long
ContextSwitches		0x0124
0x004Cstruct _XSAVE_FORMAT *
StateSaveArea		struct _XSAVE_FORMAT *
StateSaveArea		struct _XSAVE_FORMAT *
StateSaveArea		struct _XSAVE_FORMAT *
StateSaveArea		struct _XSAVE_FORMAT *
StateSaveArea		struct _XSAVE_FORMAT *
StateSaveArea		struct _XSAVE_FORMAT *
StateSaveArea		struct _XSAVE_FORMAT *
StateSaveArea		struct _XSAVE_FORMAT *
StateSaveArea		struct _XSAVE_FORMAT *
StateSaveArea		struct _XSAVE_FORMAT *
StateSaveArea		struct _XSAVE_FORMAT *
StateSaveArea		0x0060
0x004Cunsigned long
ContextSwitches		unsigned long
ApcQueueLock		volatile uint8_t
State		struct _XSAVE_FORMAT *
StateSaveArea		0x0154
0x004Duint8_t
NpxState		0x0155
0x004Euint8_t
WaitIrql		0x0156
0x004Fchar
Priority		char
Priority		0x0073
0x004Fchar
WaitMode		char
Priority		0x0157
0x0050struct _KSCHEDULING_GROUP * volatile
SchedulingGroup		struct _KSCHEDULING_GROUP * volatile
SchedulingGroup		struct _KSCHEDULING_GROUP * volatile
SchedulingGroup		struct _KSCHEDULING_GROUP * volatile
SchedulingGroup		struct _KSCHEDULING_GROUP * volatile
SchedulingGroup		struct _KSCHEDULING_GROUP * volatile
SchedulingGroup		struct _KSCHEDULING_GROUP * volatile
SchedulingGroup		struct _KSCHEDULING_GROUP * volatile
SchedulingGroup		struct _KSCHEDULING_GROUP * volatile
SchedulingGroup		struct _KSCHEDULING_GROUP * volatile
SchedulingGroup		struct _KSCHEDULING_GROUP * volatile
SchedulingGroup		struct _KSCHEDULING_GROUP * volatile
SchedulingGroup		0x0068
0x0050uint8_t
IdleSwapBlock		long
WaitStatus		long
WaitStatus		volatile uint16_t
NextProcessor		volatile uint16_t
NextProcessor		struct _KSCHEDULING_GROUP * volatile
SchedulingGroup		0x0074
0x0050long
WaitStatus		int64_t
WaitStatus		long
WaitStatus		int64_t
WaitStatus		long
WaitStatus		int64_t
WaitStatus		0x0080
0x0051uint8_t[3]
Spare0		uint8_t
VdmSafe
0x0052uint8_t[2]
Spare0		volatile uint16_t
DeferredProcessor		0x0076
0x0054union _KWAIT_STATUS_REGISTER
WaitRegister		union _KWAIT_STATUS_REGISTER
WaitRegister		union _KWAIT_STATUS_REGISTER
WaitRegister		union _KWAIT_STATUS_REGISTER
WaitRegister		union _KWAIT_STATUS_REGISTER
WaitRegister		union _KWAIT_STATUS_REGISTER
WaitRegister		union _KWAIT_STATUS_REGISTER
WaitRegister		union _KWAIT_STATUS_REGISTER
WaitRegister		union _KWAIT_STATUS_REGISTER
WaitRegister		union _KWAIT_STATUS_REGISTER
WaitRegister		union _KWAIT_STATUS_REGISTER
WaitRegister		union _KWAIT_STATUS_REGISTER
WaitRegister		0x0070
0x0054uintptr_t
ApcQueueLock		uintptr_t
ApcQueueLock		volatile long
ThreadFlags		volatile long
ThreadFlags		0x0078
0x0054long
WaitStatus		struct _KWAIT_BLOCK *
WaitBlockList		struct _KWAIT_BLOCK *
WaitBlockList		unsigned long
ApcQueueLock		void *
FirstArgument		void *
FirstArgument		union _KWAIT_STATUS_REGISTER
WaitRegister		0x0088
0x0054struct _KGATE *
GateObject		struct _KGATE *
GateObject		struct _KGATE *
GateObject		struct _KGATE *
GateObject		struct _KGATE *
GateObject		struct _KGATE *
GateObject		struct _KGATE *
GateObject		0x0088
0x0055volatile uint8_t
Running		0x0071
0x0056uint8_t[2]
Alerted		uint8_t[2]
Alerted		uint8_t[2]
Alerted		uint8_t[2]
Alerted		uint8_t[2]
Alerted		uint8_t[2]
Alerted		uint8_t[2]
Alerted		uint8_t[2]
Alerted		uint8_t[2]
Alerted		uint8_t[2]
Alerted		uint8_t[2]
Alerted		uint8_t[2]
Alerted		0x0072
0x0057char
Priority		0x007B
0x0058:0x00uint8_t
WaitIrql		uint8_t
Alertable		uint8_t
Alertable		unsigned long
ContextSwitches		unsigned long
KernelStackResident		unsigned long
SpareMiscFlag0		unsigned long
AutoBoostActive		0x0074:0x00
0x0058long
MiscFlags		long
MiscFlags		long
MiscFlags		long
MiscFlags		long
MiscFlags		long
MiscFlags		long
MiscFlags		long
MiscFlags		long
MiscFlags		long
MiscFlags		long
MiscFlags		long
MiscFlags		0x0074
0x0058volatile unsigned long
NextProcessor		volatile unsigned long
NextProcessor		volatile unsigned long
NextProcessor		volatile unsigned long
NextProcessor		volatile unsigned long
NextProcessor		volatile unsigned long
NextProcessor		unsigned long
Spare0		volatile uint8_t
Tag		0x007C
0x0058uint8_t
Alertable		uint8_t
Alertable		uint8_t
Alertable		uint8_t
Alertable		uint8_t
Alertable		uint8_t
Alertable		struct _KTRAP_FRAME *
TrapFrame		struct _KTRAP_FRAME *
TrapFrame		0x0090
0x0058unsigned long
ContextSwitches		unsigned long
ContextSwitches		0x0124
0x0058:0x01unsigned long
ReadyTransition		0x0074:0x01
0x0058:0x02unsigned long
ProcessReadyQueue		unsigned long
WaitNext		0x0074:0x02
0x0058:0x03unsigned long
WaitNext		unsigned long
SystemAffinityActive		0x0074:0x03
0x0058:0x04unsigned long
SystemAffinityActive		unsigned long
Alertable		0x0074:0x04
0x0058:0x05unsigned long
Alertable		unsigned long
UserStackWalkActive		0x0074:0x05
0x0058:0x06unsigned long
CodePatchInProgress		unsigned long
UserStackWalkActive		unsigned long
ApcInterruptRequest		0x0074:0x06
0x0058:0x07unsigned long
UserStackWalkActive		unsigned long
ApcInterruptRequest		unsigned long
QuantumEndMigrate		0x0074:0x07
0x0058:0x08char
WaitMode		uint8_t
WaitNext		uint8_t
WaitNext		unsigned long
ApcInterruptRequest		unsigned long
ApcInterruptRequest		unsigned long
ApcInterruptRequest		unsigned long
ApcInterruptRequest		unsigned long
QuantumEndMigrate		unsigned long
QuantumEndMigrate		unsigned long
QuantumEndMigrate		unsigned long
QuantumEndMigrate		unsigned long
QuantumEndMigrate		unsigned long
QuantumEndMigrate		unsigned long
UmsDirectedSwitchEnable		unsigned long
UmsDirectedSwitchEnable		0x0074:0x08
0x0059uint8_t
WaitNext		uint8_t
WaitNext		uint8_t
WaitNext		uint8_t
WaitNext		uint8_t
WaitNext		uint8_t
WaitNext		0x0091
0x0058:0x09unsigned long
QuantumEndMigrate		unsigned long
UmsDirectedSwitchEnable		unsigned long
TimerActive		0x0074:0x09
0x0058:0x0Aunsigned long
UmsDirectedSwitchEnable		unsigned long
TimerActive		unsigned long
SystemThread		0x0074:0x0A
0x0058:0x0Bunsigned long
TimerActive		unsigned long
SystemThread		unsigned long
ProcessDetachActive		0x0074:0x0B
0x0058:0x0Cunsigned long
SystemThread		unsigned long
ProcessDetachActive		unsigned long
CalloutActive		0x0074:0x0C
0x0058:0x0Dunsigned long
ProcessDetachActive		unsigned long
CalloutActive		unsigned long
ScbReadyQueue		0x0074:0x0D
0x0058:0x0Eunsigned long
CalloutActive		unsigned long
ScbReadyQueue		unsigned long
ApcQueueable		0x0074:0x0E
0x0058:0x0Funsigned long
ScbReadyQueue		unsigned long
ApcQueueable		unsigned long
ReservedStackInUse		0x0074:0x0F
0x0058:0x10unsigned long
ApcQueueable		unsigned long
ApcQueueable		unsigned long
ApcQueueable		unsigned long
ApcQueueable		unsigned long
ReservedStackInUse		unsigned long
ReservedStackInUse		unsigned long
ReservedStackInUse		unsigned long
ReservedStackInUse		unsigned long
ReservedStackInUse		unsigned long
ReservedStackInUse		unsigned long
ReservedStackInUse		unsigned long
UmsPerformingSyscall		unsigned long
UmsPerformingSyscall		0x0074:0x10
0x005Auint8_t
WaitNext		uint8_t
WaitReason		uint8_t
WaitReason		uint8_t
WaitReason		uint8_t
WaitReason		uint8_t
WaitReason		uint8_t
WaitReason		uint8_t
WaitReason		unsigned long
ReservedStackInUse		0x0092
0x0058:0x11unsigned long
ReservedStackInUse		unsigned long
UmsPerformingSyscall		unsigned long
TimerSuspended		0x0074:0x11
0x0058:0x12unsigned long
UmsPerformingSyscall		unsigned long
ApcPendingReload		unsigned long
SuspendedWaitMode		0x0074:0x12
0x0058:0x13unsigned long
DisableStackCheck		unsigned long
Reserved		unsigned long
Reserved		unsigned long
Reserved		unsigned long
Reserved		unsigned long
TimerSuspended		unsigned long
SuspendSchedulerApcWait		0x0074:0x13
0x0058:0x14unsigned long
Reserved		unsigned long
Reserved		unsigned long
SuspendedWaitMode		unsigned long
Reserved		unsigned long
Reserved		0x0074:0x14
0x0058:0x15unsigned long
Reserved		unsigned long
Reserved		unsigned long
Reserved		unsigned long
SuspendSchedulerApcWait		0x0074:0x15
0x0058:0x16unsigned long
Reserved		unsigned long
Reserved		0x0074:0x16
0x005Buint8_t
WaitReason		char
Priority		0x0093
0x005C:0x00volatile unsigned long
AutoAlignment		unsigned long
AutoAlignment		unsigned long
AutoAlignment		unsigned long
AutoAlignment		0x0078:0x00
0x005Cvolatile long
ThreadFlags		volatile long
ThreadFlags		volatile long
ThreadFlags		volatile long
ThreadFlags		volatile long
ThreadFlags		volatile long
ThreadFlags		volatile long
ThreadFlags		volatile long
ThreadFlags		volatile long
ThreadFlags		volatile long
ThreadFlags		volatile long
ThreadFlags		volatile long
ThreadFlags		0x0078
0x005Cvolatile unsigned long
DeferredProcessor		volatile unsigned long
DeferredProcessor		volatile unsigned long
DeferredProcessor		volatile unsigned long
DeferredProcessor		volatile unsigned long
DeferredProcessor		volatile unsigned long
DeferredProcessor		unsigned long
SystemCallNumber		unsigned long
SystemCallNumber		0x0080
0x005Cuint8_t
EnableStackSwap		uint8_t
EnableStackSwap		uint8_t
EnableStackSwap		uint8_t
EnableStackSwap		uint8_t
EnableStackSwap		uint8_t
EnableStackSwap		volatile long
ThreadFlags		0x0094
0x005Cstruct _KWAIT_BLOCK *
WaitBlockList		uint8_t
EnableStackSwap		uint8_t
EnableStackSwap		volatile uint8_t
State		volatile uint8_t
State		unsigned long
ContextSwitches		unsigned long
ContextSwitches		unsigned long
AutoAlignment		0x0154
0x005C:0x01volatile unsigned long
DisableBoost		unsigned long
DisableBoost		0x0078:0x01
0x005C:0x02volatile unsigned long
UserAffinitySet		unsigned long
UserAffinitySet		unsigned long
ThreadFlagsSpare0		0x0078:0x02
0x005C:0x03volatile unsigned long
AlertedByThreadId		unsigned long
AlertedByThreadId		0x0078:0x03
0x005C:0x04volatile unsigned long
QuantumDonation		unsigned long
QuantumDonation		0x0078:0x04
0x005C:0x05volatile unsigned long
EnableStackSwap		unsigned long
EnableStackSwap		0x0078:0x05
0x005C:0x06volatile unsigned long
GuiThread		unsigned long
GuiThread		0x0078:0x06
0x005C:0x07volatile unsigned long
DisableQuantum		unsigned long
DisableQuantum		0x0078:0x07
0x005C:0x08volatile unsigned long
ChargeOnlyGroup		volatile unsigned long
ChargeOnlyGroup		unsigned long
ChargeOnlyGroup		unsigned long
ChargeOnlyGroup		unsigned long
ChargeOnlySchedulingGroup		unsigned long
ChargeOnlySchedulingGroup		unsigned long
ChargeOnlySchedulingGroup		unsigned long
ChargeOnlySchedulingGroup		unsigned long
ChargeOnlySchedulingGroup		unsigned long
ChargeOnlySchedulingGroup		unsigned long
ChargeOnlySchedulingGroup		unsigned long
ChargeOnlySchedulingGroup		unsigned long
ChargeOnlySchedulingGroup		0x0078:0x08
0x005Dvolatile uint8_t
SwapBusy		volatile uint8_t
SwapBusy		volatile uint8_t
SwapBusy		volatile uint8_t
SwapBusy		volatile uint8_t
SwapBusy		volatile uint8_t
SwapBusy		volatile uint8_t
SwapBusy		uint8_t
NpxState		unsigned long
ChargeOnlySchedulingGroup		0x0095
0x005Duint8_t
NpxState		uint8_t
NpxState		0x0155
0x005C:0x09volatile unsigned long
DeferPreemption		unsigned long
DeferPreemption		0x0078:0x09
0x005C:0x0Avolatile unsigned long
QueueDeferPreemption		unsigned long
QueueDeferPreemption		0x0078:0x0A
0x005C:0x0Bvolatile unsigned long
ForceDeferSchedule		unsigned long
ForceDeferSchedule		0x0078:0x0B
0x005C:0x0Cvolatile unsigned long
ExplicitIdealProcessor		unsigned long
ExplicitIdealProcessor		unsigned long
SharedReadyQueueAffinity		0x0078:0x0C
0x005C:0x0Dvolatile unsigned long
FreezeCount		unsigned long
FreezeCount		0x0078:0x0D
0x005C:0x0Evolatile unsigned long
EtwStackTraceApcInserted		volatile unsigned long
EtwStackTraceApcInserted		unsigned long
EtwStackTraceApcInserted		unsigned long
EtwStackTraceApcInserted		unsigned long
TerminationApcRequest		0x0078:0x0E
0x005C:0x0Funsigned long
EtwStackTraceApcInserted		unsigned long
AutoBoostEntriesExhausted		0x0078:0x0F
0x005C:0x10unsigned long
EtwStackTraceApcInserted		unsigned long
EtwStackTraceApcInserted		unsigned long
KernelStackResident		unsigned long
KernelStackResident		unsigned long
KernelStackResident		unsigned long
KernelStackResident		unsigned long
KernelStackResident		unsigned long
KernelStackResident		0x0078:0x10
0x005Euint8_t[2]
Alerted		uint8_t[2]
Alerted		uint8_t[2]
Alerted		uint8_t[2]
Alerted		uint8_t[2]
Alerted		uint8_t[2]
Alerted		0x0096
0x005Euint8_t[2]
Alerted		uint8_t[2]
Alerted		uint8_t
WaitIrql		uint8_t
WaitIrql		unsigned long
KernelStackResident		0x0156
0x005C:0x11unsigned long
EtwStackTraceApcInserted		unsigned long
EtwStackTraceApcInserted		unsigned long
ThreadFlagsSpare		unsigned long
CommitFailTerminateRequest		0x0078:0x11
0x005C:0x12unsigned long
ThreadFlagsSpare		unsigned long
ProcessStackCountDecremented		0x0078:0x12
0x005C:0x13unsigned long
ThreadFlagsSpare		0x0078:0x13
0x005C:0x16volatile unsigned long
ReservedFlags		volatile unsigned long
ReservedFlags		unsigned long
ReservedFlags		unsigned long
ReservedFlags		0x0078:0x16
0x005C:0x18char
WaitMode		unsigned long
ReservedFlags		unsigned long
ReservedFlags		unsigned long
EtwStackTraceApcInserted		unsigned long
EtwStackTraceApcInserted		unsigned long
EtwStackTraceApcInserted		unsigned long
EtwStackTraceApcInserted		unsigned long
EtwStackTraceApcInserted		0x0078:0x18
0x005Fchar
WaitMode		char
WaitMode		0x0157
0x005C:0x19unsigned long
ReservedFlags		0x0078:0x19
0x0060unsigned long
Spare0		unsigned long
Spare0		unsigned long
Spare0		unsigned long
Spare0		unsigned long
Spare0		unsigned long
Spare0		unsigned long
Spare0		unsigned long
Spare0		volatile uint8_t
Tag		volatile uint8_t
Tag		volatile uint8_t
Tag		volatile uint8_t
Tag		0x007C
0x0060long
WaitStatus		int64_t
WaitStatus		0x0080
0x0060uintptr_t
ApcQueueLock		uintptr_t
ApcQueueLock		uintptr_t
ApcQueueLock		uintptr_t
ApcQueueLock		uintptr_t
ApcQueueLock		uintptr_t
ApcQueueLock		0x0088
0x0060struct _LIST_ENTRY
WaitListEntry		long
WaitStatus		volatile uint8_t
Tag		0x0098
0x0060struct _SINGLE_LIST_ENTRY
SwapListEntry		struct _SINGLE_LIST_ENTRY
SwapListEntry		struct _SINGLE_LIST_ENTRY
SwapListEntry		struct _SINGLE_LIST_ENTRY
SwapListEntry		struct _SINGLE_LIST_ENTRY
SwapListEntry		struct _SINGLE_LIST_ENTRY
SwapListEntry		struct _SINGLE_LIST_ENTRY
SwapListEntry		0x0098
0x0061uint8_t
SystemHeteroCpuPolicy		0x007D
0x0062:0x00uint8_t
UserHeteroCpuPolicy		0x007E:0x00
0x0062:0x07uint8_t
ExplicitSystemHeteroCpuPolicy		0x007E:0x07
0x0063uint8_t[1]
Spare0		uint8_t
Spare0		0x007F
0x0064struct _KGATE *
GateObject		unsigned long
SystemCallNumber		unsigned long
SystemCallNumber		unsigned long
SystemCallNumber		unsigned long
SystemCallNumber		unsigned long
SystemCallNumber		unsigned long
SystemCallNumber		unsigned long
SystemCallNumber		unsigned long
SystemCallNumber		unsigned long
SystemCallNumber		unsigned long
SystemCallNumber		unsigned long
SystemCallNumber		unsigned long
SystemCallNumber		0x0080
0x0064struct _KWAIT_BLOCK *
WaitBlockList		0x0088
0x0064struct _KGATE *
GateObject		struct _KGATE *
GateObject		0x0088
0x0064struct _KWAIT_BLOCK *
WaitBlockList		unsigned long
ContextSwitches		unsigned long
SystemCallNumber		0x0134
0x0068void *
FirstArgument		void *
FirstArgument		void *
FirstArgument		void *
FirstArgument		void *
FirstArgument		void *
FirstArgument		void *
FirstArgument		void *
FirstArgument		void *
FirstArgument		void *
FirstArgument		void *
FirstArgument		void *
FirstArgument		0x0088
0x0068:0x00unsigned long
KernelStackResident		0x0090:0x00
0x0068long
MiscFlags		long
MiscFlags		0x0090
0x0068struct _KQUEUE *
Queue		struct _KQUEUE *
Queue		struct _KQUEUE *
Queue		struct _KQUEUE *
Queue		struct _KQUEUE *
Queue		struct _KQUEUE *
Queue		long
MiscFlags		0x00A8
0x0068unsigned long
WaitTime		struct _KQUEUE *
Queue		struct _KQUEUE *
Queue		unsigned long
KernelStackResident		volatile uint8_t
State		volatile uint8_t
State		volatile uint8_t
State		volatile uint8_t
State		volatile uint8_t
State		volatile uint8_t
State		void *
FirstArgument		0x0164
0x0068:0x01unsigned long
ReadyTransition		0x0090:0x01
0x0068:0x02unsigned long
ProcessReadyQueue		0x0090:0x02
0x0068:0x03unsigned long
WaitNext		0x0090:0x03
0x0068:0x04unsigned long
SystemAffinityActive		0x0090:0x04
0x0068:0x05unsigned long
Alertable		0x0090:0x05
0x0068:0x06unsigned long
GdiFlushActive		0x0090:0x06
0x0068:0x07unsigned long
Reserved		unsigned long
UserStackWalkActive		0x0090:0x07
0x0068:0x08unsigned long
Reserved		unsigned long
Reserved		0x0090:0x08
0x0069unsigned long
Reserved		char
NpxState		0x0165
0x006Auint8_t
WaitIrql		0x0166
0x006Bchar
WaitMode		0x0167
0x006Cchar
BasePriority		unsigned long
WaitTime		unsigned long
WaitTime		uint8_t
WaitReason		volatile long
WaitStatus		volatile int64_t
WaitStatus		volatile long
WaitStatus		volatile int64_t
WaitStatus		volatile long
WaitStatus		volatile int64_t
WaitStatus		struct _KTRAP_FRAME *
TrapFrame		struct _KTRAP_FRAME *
TrapFrame		struct _KTRAP_FRAME *
TrapFrame		struct _KTRAP_FRAME *
TrapFrame		struct _KTRAP_FRAME *
TrapFrame		struct _KTRAP_FRAME *
TrapFrame		struct _KTRAP_FRAME *
TrapFrame		struct _KTRAP_FRAME *
TrapFrame		struct _KTRAP_FRAME *
TrapFrame		struct _KTRAP_FRAME *
TrapFrame		struct _KTRAP_FRAME *
TrapFrame		struct _KTRAP_FRAME *
TrapFrame		0x0090
0x006Cuint8_t
WaitReason		uint8_t
WaitReason		0x0094
0x006Cunsigned long
WaitTime		unsigned long
WaitTime		unsigned long
WaitTime		unsigned long
WaitTime		unsigned long
WaitTime		unsigned long
WaitTime		0x0184
0x006Duint8_t
DecrementCount		volatile uint8_t
SwapBusy		0x0095
0x006Echar
PriorityDecrement		uint8_t[2]
Alerted		0x0096
0x006Fchar
Quantum
0x0070struct _KWAIT_BLOCK[4]
WaitBlock		int16_t
KernelApcDisable		int16_t
KernelApcDisable		struct _LIST_ENTRY
WaitListEntry		struct _KWAIT_BLOCK *
WaitBlockList		struct _KAPC_STATE
ApcState		0x0098
0x0070unsigned long
CombinedApcDisable		unsigned long
CombinedApcDisable		struct _SINGLE_LIST_ENTRY
SwapListEntry		x86: uint8_t[23] / x64: uint8_t[43]
ApcStateFill		0x0098
void *
TebMappedLowVa		void *
TebMappedLowVa		void *
TebMappedLowVa		0x01B0
0x0070int16_t
KernelApcDisable		0x01B4
0x0070unsigned long
CombinedApcDisable		0x01B4
0x0072int16_t
SpecialApcDisable		0x01B6
0x0074struct _LIST_ENTRY
WaitListEntry		0x00A0
0x0074struct _SINGLE_LIST_ENTRY
SwapListEntry		struct _SINGLE_LIST_ENTRY
SwapListEntry		struct _SINGLE_LIST_ENTRY
SwapListEntry		struct _SINGLE_LIST_ENTRY
SwapListEntry		struct _SINGLE_LIST_ENTRY
SwapListEntry		struct _SINGLE_LIST_ENTRY
SwapListEntry		0x00A0
0x0074void *
Teb		0x00B0
0x0078struct _KQUEUE *
Queue		struct _KQUEUE *
Queue		0x00A8
0x0078struct _KTIMER
Timer		struct _KTIMER
Timer		struct _KQUEUE *
Queue		0x00B8
0x0078x86: uint8_t[40] / x64: uint8_t[60]
TimerFill		x86: uint8_t[40] / x64: uint8_t[60]
TimerFill		x86: uint8_t[40] / x64: uint8_t[60]
TimerFill		x86: uint8_t[40] / x64: uint8_t[60]
TimerFill		x86: uint8_t[40] / x64: uint8_t[60]
TimerFill		x86: uint8_t[40] / x64: uint8_t[60]
TimerFill		x86: uint8_t[40] / x64: uint8_t[60]
TimerFill		0x00B8
0x007Cunsigned long
WaitTime		struct _KQUEUE * volatile
Queue		struct _KQUEUE * volatile
Queue		struct _KQUEUE * volatile
Queue		struct _KQUEUE * volatile
Queue		struct _KQUEUE * volatile
Queue		struct _KQUEUE * volatile
Queue		0x00B0
0x007Cunsigned long
WaitTime		0x0184
0x0080unsigned long
WaitTime		unsigned long
WaitTime		unsigned long
WaitTime		unsigned long
WaitTime		unsigned long
WaitTime		unsigned long
WaitTime		0x0194
0x0080int16_t
KernelApcDisable		0x01B4
0x0080unsigned long
CombinedApcDisable		0x01B4
0x0082int16_t
SpecialApcDisable		0x01B6
0x0084void *
Teb		void *
Teb		0x00B0
0x0084int16_t
KernelApcDisable		0x01C4
0x0084unsigned long
CombinedApcDisable		0x01C4
0x0086int16_t
SpecialApcDisable		int16_t
SpecialApcDisable		int16_t
SpecialApcDisable		int16_t
SpecialApcDisable		int16_t
SpecialApcDisable		int16_t
SpecialApcDisable		0x01C6
0x0087char
Priority		0x00C3
0x0088struct _KTIMER
Timer		void *
Teb		void *
Teb		void *
Teb		void *
Teb		void *
Teb		void *
Teb		unsigned long
UserIdealProcessor		0x00B8
0x0088x86: uint8_t[40] / x64: uint8_t[60]
TimerFill		x86: uint8_t[40] / x64: uint8_t[60]
TimerFill		0x00B8
0x0088unsigned long
UserIdealProcessor		unsigned long
UserIdealProcessor		0x00C4
0x008Cunsigned long
ContextSwitches		unsigned long
ContextSwitches		0x014C
0x008Cunsigned long
ContextSwitches		unsigned long
ContextSwitches		unsigned long
ContextSwitches		0x0154
0x0090struct _KTIMER
Timer		struct _KTIMER
Timer		struct _KTIMER
Timer		struct _KTIMER
Timer		struct _KTIMER
Timer		struct _KTIMER
Timer		0x00C0
0x0090volatile uint8_t
State		volatile uint8_t
State		volatile uint8_t
State		0x017C
0x0090volatile uint8_t
State		volatile uint8_t
State		0x0184
0x0091char
NpxState		char
NpxState		0x017D
0x0091char
NpxState		char
Spare12		char
Spare13		0x0185
0x0092uint8_t
WaitIrql		uint8_t
WaitIrql		0x017E
0x0092uint8_t
WaitIrql		0x0186
0x0093char
WaitMode		char
WaitMode		char
WaitMode		0x017F
0x0093char
WaitMode		char
WaitMode		0x0187
0x0094volatile long
WaitStatus		volatile int64_t
WaitStatus		volatile long
WaitStatus		volatile int64_t
WaitStatus		volatile long
WaitStatus		volatile int64_t
WaitStatus		volatile long
WaitStatus		volatile int64_t
WaitStatus		volatile long
WaitStatus		volatile int64_t
WaitStatus		volatile long
WaitStatus		volatile int64_t
WaitStatus		0x00C8
0x0098struct _KWAIT_BLOCK *
WaitBlockList		0x00D0
0x009Cstruct _LIST_ENTRY
WaitListEntry		0x00D8
0x009Cstruct _SINGLE_LIST_ENTRY
SwapListEntry		0x00D8
0x00A0:0x00struct _KWAIT_BLOCK[4]
WaitBlock		long
AutoAlignment		unsigned long
AutoAlignment		0x00F4:0x00
0x00A0long
ThreadFlags		0x00F4
0x00A0:0x01long
DisableBoost		unsigned long
DisableBoost		0x00F4:0x01
0x00A0:0x02long
ReservedFlags		unsigned long
GuiThread		0x00F4:0x02
0x00A0:0x03unsigned long
ReservedFlags		unsigned long
VdmSafe		unsigned long
EtwStackTraceApc1Inserted		0x00F4:0x03
0x00A0:0x04unsigned long
ReservedFlags		unsigned long
VdmSafe		0x00F4:0x04
0x00A0:0x05unsigned long
ReservedFlags
0x00A4struct _KQUEUE * volatile
Queue		struct _DISPATCHER_HEADER * volatile
Queue		0x00E8
0x00A8void *
Teb		void *
Teb		void *
Teb		void *
Teb		void *
Teb		void *
Teb		void *
Teb		void *
Teb		void *
Teb		void *
Teb		void *
Teb		void *
Teb		0x00F0
0x00A8struct _KWAIT_BLOCK[4]
WaitBlock		void *
Teb		0x00F8
0x00A8x86: uint8_t[23] / x64: uint8_t[43]
WaitBlockFill0		0x00F8
0x00A8x86: uint8_t[47] / x64: uint8_t[91]
WaitBlockFill1		0x00F8
0x00A8x86: uint8_t[71] / x64: uint8_t[139]
WaitBlockFill2		0x00F8
0x00A8x86: uint8_t[95] / x64: uint8_t[187]
WaitBlockFill3		x86: uint8_t[95] / x64: uint8_t[187]
WaitBlockFill3		x86: uint8_t[95] / x64: uint8_t[187]
WaitBlockFill3		x86: uint8_t[95] / x64: uint8_t[187]
WaitBlockFill3		x86: uint8_t[95] / x64: uint8_t[187]
WaitBlockFill3		x86: uint8_t[95] / x64: uint8_t[187]
WaitBlockFill3		x86: uint8_t[95] / x64: uint8_t[187]
WaitBlockFill3		0x00F8
uint8_t[44]
WaitBlockFill4		uint8_t[44]
WaitBlockFill4		uint8_t[44]
WaitBlockFill4		0x00F8
uint8_t[92]
WaitBlockFill5		uint8_t[92]
WaitBlockFill5		uint8_t[92]
WaitBlockFill5		0x00F8
uint8_t[140]
WaitBlockFill6		uint8_t[140]
WaitBlockFill6		uint8_t[140]
WaitBlockFill6		0x00F8
uint8_t[188]
WaitBlockFill7		uint8_t[188]
WaitBlockFill7		uint8_t[188]
WaitBlockFill7		0x00F8
0x00B0:0x00volatile unsigned long
AutoAlignment		uint64_t
RelativeTimerBias		0x00F4:0x00
0x00B0volatile long
ThreadFlags		volatile long
ThreadFlags		0x00F4
0x00B0struct _KTIMER
Timer		struct _KTIMER
Timer		uint64_t
RelativeTimerBias		uint64_t
RelativeTimerBias		uint64_t
RelativeTimerBias		uint64_t
RelativeTimerBias		uint64_t
RelativeTimerBias		uint64_t
RelativeTimerBias		uint64_t
RelativeTimerBias		uint64_t
RelativeTimerBias		uint64_t
RelativeTimerBias		uint64_t
RelativeTimerBias		0x00F8
0x00B0:0x01volatile unsigned long
DisableBoost		0x00F4:0x01
0x00B0:0x02volatile unsigned long
EtwStackTraceApc1Inserted		0x00F4:0x02
0x00B0:0x03volatile unsigned long
EtwStackTraceApc2Inserted		0x00F4:0x03
0x00B0:0x04volatile unsigned long
CycleChargePending		0x00F4:0x04
0x00B0:0x05volatile unsigned long
CalloutActive		0x00F4:0x05
0x00B0:0x06volatile unsigned long
ApcQueueable		0x00F4:0x06
0x00B0:0x07volatile unsigned long
EnableStackSwap		0x00F4:0x07
0x00B0:0x08volatile unsigned long
GuiThread		0x00F4:0x08
0x00B0:0x09volatile unsigned long
ReservedFlags		volatile unsigned long
VdmSafe		0x00F4:0x09
0x00B0:0x0Avolatile unsigned long
ReservedFlags		0x00F4:0x0A
0x00B8struct _KWAIT_BLOCK[4]
WaitBlock		struct _KTIMER
Timer		0x00F8
0x00B8x86: uint8_t[23] / x64: uint8_t[43]
WaitBlockFill0		0x00F8
0x00B8x86: uint8_t[47] / x64: uint8_t[91]
WaitBlockFill1		0x00F8
0x00B8x86: uint8_t[71] / x64: uint8_t[139]
WaitBlockFill2		0x00F8
0x00B8x86: uint8_t[95] / x64: uint8_t[187]
WaitBlockFill3		x86: uint8_t[95] / x64: uint8_t[187]
WaitBlockFill3		0x00F8
uint8_t[44]
WaitBlockFill4		0x00F8
uint8_t[92]
WaitBlockFill5		0x00F8
uint8_t[140]
WaitBlockFill6		0x00F8
uint8_t[188]
WaitBlockFill7		0x00F8
0x00B8:0x00volatile unsigned long
AutoAlignment		struct _KTIMER
Timer		struct _KTIMER
Timer		struct _KTIMER
Timer		struct _KTIMER
Timer		struct _KTIMER
Timer		struct _KTIMER
Timer		struct _KTIMER
Timer		struct _KTIMER
Timer		struct _KTIMER
Timer		struct _KTIMER
Timer		0x0100:0x00
0x00B8volatile long
ThreadFlags		0x0100
0x00B8:0x01volatile unsigned long
DisableBoost		0x0100:0x01
0x00B8:0x02volatile unsigned long
EtwStackTraceApc1Inserted		0x0100:0x02
0x00B8:0x03volatile unsigned long
EtwStackTraceApc2Inserted		0x0100:0x03
0x00B8:0x04volatile unsigned long
CalloutActive		0x0100:0x04
0x00B8:0x05volatile unsigned long
ApcQueueable		0x0100:0x05
0x00B8:0x06volatile unsigned long
EnableStackSwap		0x0100:0x06
0x00B8:0x07volatile unsigned long
GuiThread		0x0100:0x07
0x00B8:0x08volatile unsigned long
UmsPerformingSyscall		0x0100:0x08
0x00B8:0x09volatile unsigned long
ReservedFlags		volatile unsigned long
VdmSafe		0x0100:0x09
0x00B8:0x0Avolatile unsigned long
ReservedFlags		volatile unsigned long
UmsDispatched		0x0100:0x0A
0x00B8:0x0Bvolatile unsigned long
ReservedFlags		0x0100:0x0B
0x00BCvoid *
ServiceTable		void *
ServiceTable		void *
ServiceTable
0x00BFuint8_t
SystemAffinityActive		0x0123
0x00C0struct _KWAIT_BLOCK[4]
WaitBlock		struct _KWAIT_BLOCK[4]
WaitBlock		struct _KWAIT_BLOCK[4]
WaitBlock		struct _KWAIT_BLOCK[4]
WaitBlock		struct _KWAIT_BLOCK[4]
WaitBlock		struct _KWAIT_BLOCK[4]
WaitBlock		0x0108
uint8_t[44]
WaitBlockFill4		uint8_t[44]
WaitBlockFill4		uint8_t[44]
WaitBlockFill4		0x0108
uint8_t[92]
WaitBlockFill5		uint8_t[92]
WaitBlockFill5		uint8_t[92]
WaitBlockFill5		0x0108
uint8_t[140]
WaitBlockFill6		uint8_t[140]
WaitBlockFill6		uint8_t[140]
WaitBlockFill6		0x0108
uint8_t[168]
WaitBlockFill7		uint8_t[168]
WaitBlockFill7		uint8_t[168]
WaitBlockFill7		0x0108
uint8_t[188]
WaitBlockFill8		uint8_t[188]
WaitBlockFill8		uint8_t[188]
WaitBlockFill8		0x0108
0x00CFuint8_t
IdealProcessor		0x0123
0x00D0void *
LegoData
0x00D4unsigned long
KernelApcDisable
0x00D7char
PreviousMode		0x0153
0x00D8unsigned long
UserAffinity		struct _KWAIT_BLOCK[4]
WaitBlock		0x0138
0x00D8uint8_t[20]
WaitBlockFill8		uint8_t[20]
WaitBlockFill4		0x0138
0x00D8uint8_t[44]
WaitBlockFill9		uint8_t[68]
WaitBlockFill5		0x0138
0x00D8uint8_t[68]
WaitBlockFill10		uint8_t[116]
WaitBlockFill6		0x0138
0x00D8uint8_t[88]
WaitBlockFill11		uint8_t[164]
WaitBlockFill7		0x0138
uint8_t[40]
WaitBlockFill8		0x0138
uint8_t[88]
WaitBlockFill9		0x0138
uint8_t[136]
WaitBlockFill10		0x0138
uint8_t[176]
WaitBlockFill11		0x0138
0x00DCuint8_t
SystemAffinityActive
0x00DDuint8_t
PowerState
0x00DEuint8_t
NpxIrql
0x00DFuint8_t
InitialNode
0x00E0void *
ServiceTable		struct _KWAIT_BLOCK[4]
WaitBlock		0x0140
0x00E0uint8_t[20]
WaitBlockFill8		uint8_t[20]
WaitBlockFill4		uint8_t[20]
WaitBlockFill8		uint8_t[20]
WaitBlockFill4		uint8_t[20]
WaitBlockFill8		uint8_t[20]
WaitBlockFill4		uint8_t[20]
WaitBlockFill8		uint8_t[20]
WaitBlockFill4		uint8_t[20]
WaitBlockFill8		uint8_t[20]
WaitBlockFill4		0x0140
0x00E0uint8_t[44]
WaitBlockFill9		uint8_t[68]
WaitBlockFill5		uint8_t[44]
WaitBlockFill9		uint8_t[68]
WaitBlockFill5		uint8_t[44]
WaitBlockFill9		uint8_t[68]
WaitBlockFill5		uint8_t[44]
WaitBlockFill9		uint8_t[68]
WaitBlockFill5		uint8_t[44]
WaitBlockFill9		uint8_t[68]
WaitBlockFill5		0x0140
0x00E0uint8_t[68]
WaitBlockFill10		uint8_t[116]
WaitBlockFill6		uint8_t[68]
WaitBlockFill10		uint8_t[116]
WaitBlockFill6		uint8_t[68]
WaitBlockFill10		uint8_t[116]
WaitBlockFill6		uint8_t[68]
WaitBlockFill10		uint8_t[116]
WaitBlockFill6		uint8_t[68]
WaitBlockFill10		uint8_t[116]
WaitBlockFill6		0x0140
0x00E0uint8_t[88]
WaitBlockFill11		uint8_t[164]
WaitBlockFill7		uint8_t[88]
WaitBlockFill11		uint8_t[164]
WaitBlockFill7		uint8_t[88]
WaitBlockFill11		uint8_t[164]
WaitBlockFill7		uint8_t[88]
WaitBlockFill11		uint8_t[164]
WaitBlockFill7		uint8_t[88]
WaitBlockFill11		uint8_t[164]
WaitBlockFill7		0x0140
uint8_t[40]
WaitBlockFill8		uint8_t[40]
WaitBlockFill8		uint8_t[40]
WaitBlockFill8		uint8_t[40]
WaitBlockFill8		uint8_t[40]
WaitBlockFill8		0x0140
uint8_t[88]
WaitBlockFill9		uint8_t[88]
WaitBlockFill9		uint8_t[88]
WaitBlockFill9		uint8_t[88]
WaitBlockFill9		uint8_t[88]
WaitBlockFill9		0x0140
uint8_t[136]
WaitBlockFill10		uint8_t[136]
WaitBlockFill10		uint8_t[136]
WaitBlockFill10		uint8_t[136]
WaitBlockFill10		uint8_t[136]
WaitBlockFill10		0x0140
uint8_t[176]
WaitBlockFill11		uint8_t[176]
WaitBlockFill11		uint8_t[176]
WaitBlockFill11		uint8_t[176]
WaitBlockFill11		uint8_t[176]
WaitBlockFill11		0x0140
0x00E4struct _KQUEUE *
Queue
0x00E7char
PreviousMode		0x0153
0x00E8unsigned long
ApcQueueLock
0x00ECstruct _KTHREAD_COUNTERS *
ThreadCounters		struct _KTHREAD_COUNTERS *
ThreadCounters		0x0160
0x00EFuint8_t
ResourceIndex		0x0183
0x00F0struct _KTIMER
Timer
0x00F4struct _KTHREAD_COUNTERS *
ThreadCounters		0x0168
0x00FFuint8_t
ResourceIndex		0x0183
0x0100struct _LIST_ENTRY
QueueListEntry
0x0104struct _XSTATE_SAVE *
XStateSave		struct _XSTATE_SAVE *
XStateSave		0x0190
0x0107uint8_t
LargeStack		0x01B3
0x0108uint8_t
ApcStateIndex		struct _LIST_ENTRY
QueueListEntry		struct _LIST_ENTRY
QueueListEntry		struct _LIST_ENTRY
QueueListEntry		struct _LIST_ENTRY
QueueListEntry		struct _LIST_ENTRY
QueueListEntry		struct _LIST_ENTRY
QueueListEntry		struct _LIST_ENTRY
QueueListEntry		struct _UMS_CONTROL_BLOCK *
Ucb		struct _UMS_CONTROL_BLOCK *
Ucb		struct _UMS_CONTROL_BLOCK *
Ucb		0x01B8
0x0109uint8_t
ApcQueueable
0x010Auint8_t
Preempted
0x010Buint8_t
ProcessReadyQueue
0x010Cuint8_t
KernelStackResident		struct _XSTATE_SAVE *
XStateSave		0x0198
0x010Dchar
Saturation
0x010Euint8_t
IdealProcessor
0x010Fvolatile uint8_t
NextProcessor
0x0110char
BasePriority		struct _KTRAP_FRAME *
TrapFrame		0x01C8
0x0111uint8_t
Spare4
0x0112char
PriorityDecrement
0x0113char
Quantum
0x0114uint8_t
SystemAffinityActive		void *
CallbackStack		void *
CallbackStack		void *
CallbackStack		void *
CallbackStack		void *
CallbackStack		void *
CallbackStack		void *
CallbackStack		0x01D0
0x0115char
PreviousMode
0x0116uint8_t
ResourceIndex
0x0117uint8_t
DisableBoost		uint8_t
LargeStack		0x01B3
0x0118struct _LIST_ENTRY
QueueListEntry		struct _LIST_ENTRY
QueueListEntry		0x01B8
0x0118struct _LIST_ENTRY
QueueListEntry		unsigned long
UserAffinity		void *
ServiceTable		void *
ServiceTable		void *
ServiceTable		struct _LIST_ENTRY
QueueListEntry		0x01D8
0x011Cvoid * volatile
Win32Thread		void * volatile
Win32Thread		0x01C0
0x011Cstruct _KPROCESS *
Process		uint8_t
ApcStateIndex		uint8_t
ApcStateIndex		uint8_t
ApcStateIndex		uint8_t
ApcStateIndex		uint8_t
ApcStateIndex		0x01D8
0x011Cuint8_t
ApcStateIndex		0x01E4
0x011Duint8_t
IdealProcessor		uint8_t
IdealProcessor		uint8_t
IdealProcessor		uint8_t
IdealProcessor		0x01D9
0x011Duint8_t
IdealProcessor		uint8_t
IdealProcessor		0x01E5
0x011Euint8_t
Preempted		uint8_t
Preempted		uint8_t
Preempted		uint8_t
Preempted		0x01DA
0x011Euint8_t
Preempted		uint8_t
Preempted		0x01E6
0x011Fuint8_t
ProcessReadyQueue		uint8_t
ProcessReadyQueue		uint8_t
ProcessReadyQueue		uint8_t
ProcessReadyQueue		0x01DB
0x011Fuint8_t
ProcessReadyQueue		uint8_t
ProcessReadyQueue		0x01E7
0x0120struct _KTRAP_FRAME *
TrapFrame		struct _KTRAP_FRAME *
TrapFrame		struct _LIST_ENTRY
QueueListEntry		struct _LIST_ENTRY
QueueListEntry		struct _LIST_ENTRY
QueueListEntry		struct _LIST_ENTRY
QueueListEntry		struct _LIST_ENTRY
QueueListEntry		struct _LIST_ENTRY
QueueListEntry		void * volatile
Win32Thread		void * volatile
Win32Thread		0x01C8
0x0120uint8_t
KernelStackResident		uint8_t
KernelStackResident		uint8_t
KernelStackResident		uint8_t
KernelStackResident		0x01DC
0x0120unsigned long
SoftAffinity		unsigned long
Affinity		uint8_t
KernelStackResident		uint8_t
KernelStackResident		struct _KTRAP_FRAME *
TrapFrame		0x01F4
0x0121char
BasePriority		char
BasePriority		char
BasePriority		char
BasePriority		0x01DD
0x0121char
BasePriority		char
BasePriority		0x01F5
0x0122char
PriorityDecrement		char
PriorityDecrement		char
PriorityDecrement		char
PriorityDecrement		0x01DE
0x0122char
PriorityDecrement		char
PriorityDecrement		0x01F6
0x0123char
Saturation		char
Saturation		char
Saturation		char
Saturation		char
Saturation		0x01DF
0x0123char
Saturation		0x01F7
0x0124void * volatile
Win32Thread		void * volatile
Win32Thread		void * volatile
Win32Thread		void * volatile
Win32Thread		void * volatile
Win32Thread		void * volatile
Win32Thread		void * volatile
Win32Thread		void * volatile
Win32Thread		void * volatile
Win32Thread		void * volatile
Win32Thread		0x01C8
0x0124void *
FirstArgument		void *
FirstArgument		0x01D0
0x0124unsigned long
Affinity		void *
ServiceTable		unsigned long
KernelLimit		uintptr_t
UserAffinity		uintptr_t
UserAffinity		uintptr_t
UserAffinity		uintptr_t
UserAffinity		uintptr_t
UserAffinity		void *
FirstArgument		void * volatile
Win32Thread		0x01E0
0x0124uintptr_t
UserAffinity		0x01F8
0x0128unsigned long
CallbackDepth		void *
CallbackStack		struct _KTRAP_FRAME *
TrapFrame		struct _KTRAP_FRAME *
TrapFrame		struct _KTRAP_FRAME *
TrapFrame		struct _KTRAP_FRAME *
TrapFrame		struct _KTRAP_FRAME *
TrapFrame		struct _KTRAP_FRAME *
TrapFrame		0x01D8
0x0128uintptr_t
CallbackDepth		uintptr_t
CallbackDepth		0x01D8
0x0128uint8_t
Preempted		struct _KAPC_STATE *[2]
ApcStatePointer		void *
Win32kTable		struct _KPROCESS *
Process		struct _KPROCESS *
Process		struct _KPROCESS *
Process		struct _KPROCESS *
Process		struct _KPROCESS *
Process		void *
CallbackStack		struct _UMS_CONTROL_BLOCK *
Ucb		0x01E8
0x0128struct _KPROCESS *
Process		0x0200
0x0129uint8_t
ProcessReadyQueue
0x012Auint8_t
KernelStackResident
0x012Buint8_t
NextProcessor
0x012Cvoid *
FirstArgument		void *
FirstArgument		void *
FirstArgument		void *
FirstArgument		void *
FirstArgument		void *
FirstArgument		0x01E0
0x012Cunsigned long
Win32kLimit		uintptr_t
Affinity		uintptr_t
Affinity		uintptr_t
Affinity		uintptr_t
Affinity		struct _KUMS_CONTEXT_HEADER * volatile
Uch		struct _UMS_CONTROL_BLOCK *
Ucb		struct _UMS_CONTROL_BLOCK *
Ucb		struct _UMS_CONTROL_BLOCK *
Ucb		struct _UMS_CONTROL_BLOCK *
Ucb		struct _UMS_CONTROL_BLOCK *
Ucb		0x01F0
0x012Cvoid *
CallbackStack		unsigned long
Affinity		uint64_t
Affinity		volatile unsigned long
Affinity		void *
ServiceTable		0x0208
0x0130void *
Win32Thread		struct _KAPC_STATE
SavedApcState		struct _KAPC_STATE *[2]
ApcStatePointer		uint8_t
ApcStateIndex		unsigned long
WaitTime		unsigned long
WaitTime		0x01AC
0x0130uint8_t
ApcStateIndex		uint8_t
ApcStateIndex		0x01E0
0x0130void *
CallbackStack		0x01E8
0x0130uintptr_t
CallbackDepth		uintptr_t
CallbackDepth		uintptr_t
CallbackDepth		uintptr_t
CallbackDepth		uintptr_t
CallbackDepth		uintptr_t
CallbackDepth		0x01E8
0x0130struct _KAPC_STATE *[2]
ApcStatePointer		struct _KAPC_STATE *[2]
ApcStatePointer		struct _KAPC_STATE *[2]
ApcStatePointer		struct _KAPC_STATE *[2]
ApcStatePointer		void *
TebMappedLowVa		struct _KUMS_CONTEXT_HEADER * volatile
Uch		struct _KUMS_CONTEXT_HEADER * volatile
Uch		struct _KUMS_CONTEXT_HEADER * volatile
Uch		struct _KUMS_CONTEXT_HEADER * volatile
Uch		struct _KUMS_CONTEXT_HEADER * volatile
Uch		0x01F8
0x0130struct _KAPC_STATE *[2]
ApcStatePointer		struct _KAPC_STATE *[2]
ApcStatePointer		0x0210
0x0131char
BasePriority		0x01E1
0x0132char
PriorityDecrement		0x01E2
0x0133uint8_t
Preempted		0x01E3
0x0134int16_t
KernelApcDisable		0x01DC
0x0134unsigned long
CombinedApcDisable		unsigned long
CombinedApcDisable		0x01DC
0x0134struct _KTRAP_FRAME *
TrapFrame		uint8_t
AdjustReason		uint8_t
AdjustReason		int16_t
KernelApcDisable		int16_t
KernelApcDisable		0x01E4
0x0134uint8_t
ApcStateIndex		0x01F0
0x0135char
AdjustIncrement		char
AdjustIncrement		0x01E5
0x0135char
BasePriority		0x01F1
0x0136uint8_t
Spare01		int16_t
SpecialApcDisable		int16_t
SpecialApcDisable		0x01DE
0x0136uint8_t
Spare01		uint8_t
Spare01		0x01E6
0x0136char
PriorityDecrement		0x01F2
0x0136:0x00uint8_t
ForegroundBoost		0x01F2:0x00
0x0136:0x04uint8_t
UnusualBoost		0x01F2:0x04
0x0137char
Saturation		char
Saturation		0x01E7
0x0137uint8_t
Preempted		0x01F3
0x0138struct _KAPC_STATE *[2]
ApcStatePointer		struct _KAPC_STATE
SavedApcState		unsigned long
SystemCallNumber		unsigned long
WaitTime		unsigned long
WaitTime		unsigned long
WaitTime		unsigned long
WaitTime		unsigned long
WaitTime		unsigned long
WaitTime		unsigned long
WaitTime		unsigned long
WaitTime		unsigned long
WaitTime		unsigned long
WaitTime		0x01B4
0x0138unsigned long
SystemCallNumber		unsigned long
SystemCallNumber		0x01E8
0x0138uint8_t
AdjustReason		uint8_t
AdjustReason		uint8_t
AdjustReason		uint8_t
AdjustReason		uint8_t
AdjustReason		uint8_t
AdjustReason		0x01F4
0x0138uint8_t[23]
SavedApcStateFill		struct _LIST_ENTRY
QueueListEntry		struct _LIST_ENTRY
QueueListEntry		0x0200
0x0138struct _KAPC_STATE
SavedApcState		0x0208
0x0138x86: uint8_t[23] / x64: uint8_t[43]
SavedApcStateFill		x86: uint8_t[23] / x64: uint8_t[43]
SavedApcStateFill		x86: uint8_t[23] / x64: uint8_t[43]
SavedApcStateFill		x86: uint8_t[23] / x64: uint8_t[43]
SavedApcStateFill		0x0208
0x0138struct _KAPC_STATE
SavedApcState		0x0220
0x0138x86: uint8_t[23] / x64: uint8_t[43]
SavedApcStateFill		x86: uint8_t[23] / x64: uint8_t[43]
SavedApcStateFill		0x0220
0x0139char
AdjustIncrement		0x01F5
0x013Achar
PreviousMode		0x01F6
0x013Bchar
Saturation		0x01F7
0x013Cint16_t
KernelApcDisable		unsigned long
CombinedApcDisable		int16_t
KernelApcDisable		unsigned long
CombinedApcDisable		int16_t
KernelApcDisable		0x01E4
0x013Cunsigned long
CombinedApcDisable		unsigned long
CombinedApcDisable		unsigned long
CombinedApcDisable		unsigned long
CombinedApcDisable		unsigned long
CombinedApcDisable		unsigned long
CombinedApcDisable		unsigned long
CombinedApcDisable		unsigned long
CombinedApcDisable		unsigned long
CombinedApcDisable		unsigned long
CombinedApcDisable		0x01E4
0x013Cunsigned long
Spare02		unsigned long
FreezeCount		unsigned long
FreezeCount		int16_t
KernelApcDisable		0x01EC
0x013Cunsigned long
SystemCallNumber		unsigned long
SystemCallNumber		unsigned long
SystemCallNumber		unsigned long
SystemCallNumber		unsigned long
SystemCallNumber		unsigned long
SystemCallNumber		unsigned long
CombinedApcDisable		0x01F8
0x013Eint16_t
SpecialApcDisable		0x01E6
0x0140uintptr_t
UserAffinity		uintptr_t
UserAffinity		0x01F0
0x0140unsigned long
FreezeCount		unsigned long
FreezeCount		unsigned long
FreezeCount		unsigned long
FreezeCount		unsigned long
FreezeCount		unsigned long
FreezeCount		0x01FC
0x0140struct _LIST_ENTRY
QueueListEntry		struct _LIST_ENTRY
QueueListEntry		struct _LIST_ENTRY
QueueListEntry		struct _LIST_ENTRY
QueueListEntry		struct _LIST_ENTRY
QueueListEntry		struct _LIST_ENTRY
QueueListEntry		struct _LIST_ENTRY
QueueListEntry		struct _LIST_ENTRY
QueueListEntry		struct _LIST_ENTRY
QueueListEntry		struct _LIST_ENTRY
QueueListEntry		0x0208
0x0140char
PreviousMode		unsigned long
UserAffinity		volatile unsigned long
NextProcessor		struct _LIST_ENTRY
QueueListEntry		0x0210
0x0141uint8_t
EnableStackSwap
0x0142uint8_t
LargeStack
0x0143uint8_t
ResourceIndex
0x0144struct _KPROCESS *
Process		struct _KPROCESS *
Process		0x01F8
0x0144volatile struct _GROUP_AFFINITY
UserAffinity		volatile struct _GROUP_AFFINITY
UserAffinity		volatile struct _GROUP_AFFINITY
UserAffinity		volatile struct _GROUP_AFFINITY
UserAffinity		volatile struct _GROUP_AFFINITY
UserAffinity		volatile struct _GROUP_AFFINITY
UserAffinity		0x0200
0x0144unsigned long
KernelTime		struct _KPROCESS *
Process		volatile unsigned long
DeferredProcessor		0x0214
0x0148unsigned long
UserTime		void *
CallbackStack		volatile unsigned long
Affinity		volatile uint64_t
Affinity		void *
TebMappedLowVa		void *
TebMappedLowVa		void *
TebMappedLowVa		volatile unsigned long
NextProcessor		void *
TebMappedLowVa		void *
TebMappedLowVa		0x0200
0x0148struct _KPROCESS *
Process		volatile unsigned long
NextProcessor		volatile unsigned long
NextProcessor		unsigned long
NextProcessorNumber		volatile unsigned long
NextProcessor		0x0218
0x0148:0x00unsigned long
NextProcessorNumber		unsigned long
NextProcessorNumber		0x0218:0x00
0x0148:0x1Funsigned long
SharedReadyQueue		0x0218:0x1F
0x014Cstruct _KAPC_STATE
SavedApcState		void *
Win32Thread		struct _KAPC_STATE *[2]
ApcStatePointer		struct _KAPC_STATE *[2]
ApcStatePointer		struct _LIST_ENTRY
QueueListEntry		struct _LIST_ENTRY
QueueListEntry		long
QueuePriority		0x0208
0x014Cvolatile unsigned long
DeferredProcessor		volatile unsigned long
DeferredProcessor		long
QueuePriority		long
QueuePriority		long
QueuePriority		long
QueuePriority		long
QueuePriority		long
QueuePriority		long
QueuePriority		long
QueuePriority		long
QueuePriority		0x021C
0x014Cvolatile struct _GROUP_AFFINITY
UserAffinity		0x0220
0x014Cx86: uint8_t[6] / x64: uint8_t[10]
UserAffinityFill		x86: uint8_t[6] / x64: uint8_t[10]
UserAffinityFill		0x0220
0x014Fchar
FreezeCount		char
BasePriority		char
BasePriority		0x0233
uint8_t
CodePatchInProgress		0x0247
0x014Fchar
FreezeCount		0x024B
0x0150struct _KPROCESS *
Process		struct _KPROCESS *
Process		struct _KPROCESS *
Process		struct _KPROCESS *
Process		struct _KPROCESS *
Process		struct _KPROCESS *
Process		0x0210
0x0150struct _KTRAP_FRAME *
TrapFrame		char
SuspendCount		struct _KPROCESS *
Process		struct _KPROCESS *
Process		struct _KPROCESS *
Process		struct _KPROCESS *
Process		struct _KPROCESS *
Process		struct _KPROCESS *
Process		struct _KPROCESS *
Process		struct _KPROCESS *
Process		struct _KPROCESS *
Process		struct _KPROCESS *
Process		0x0220
0x0150char
SuspendCount		char
SuspendCount		char
SuspendCount		char
SuspendCount		char
PriorityDecrement		char
PriorityDecrement		0x0234
0x0150char
SuspendCount		0x024C
0x0151uint8_t
UserIdealProcessor		uint8_t
UserIdealProcessor		uint8_t
UserIdealProcessor		uint8_t
UserIdealProcessor		0x0235
0x0151uint8_t
UserIdealProcessor		uint8_t
UserIdealProcessor		0x024D
0x0152char
PreviousMode		char
PreviousMode		0x022A
0x0152uint8_t
CalloutActive		uint8_t
CalloutActive		uint8_t
CalloutActive		uint8_t
CalloutActive		0x0236
0x0152uint8_t
CalloutActive		uint8_t
CalloutActive		0x024E
0x0153uint8_t
Iopl		uint8_t
Iopl		uint8_t
Iopl		uint8_t
Iopl		char
BasePriority		0x022B
0x0154struct _KAPC_STATE
SavedApcState		volatile struct _GROUP_AFFINITY
Affinity		volatile struct _GROUP_AFFINITY
Affinity		volatile struct _GROUP_AFFINITY
Affinity		volatile struct _GROUP_AFFINITY
Affinity		volatile struct _GROUP_AFFINITY
Affinity		volatile struct _GROUP_AFFINITY
Affinity		volatile unsigned long
NextProcessor		volatile unsigned long
NextProcessor		0x0218
0x0154x86: uint8_t[23] / x64: uint8_t[43]
SavedApcStateFill		unsigned long
NextProcessorNumber		unsigned long
NextProcessorNumber		0x0218
0x0154unsigned long
KernelTime		void *
Win32Thread		struct _KAPC_STATE
SavedApcState		volatile struct _GROUP_AFFINITY
UserAffinity		uint8_t[10]
UserAffinityFill		struct _GROUP_AFFINITY
UserAffinity		uint8_t[10]
UserAffinityFill		struct _GROUP_AFFINITY
UserAffinity		0x0228
0x0154uint8_t[23]
SavedApcStateFill		x86: uint8_t[6] / x64: uint8_t[10]
UserAffinityFill		x86: uint8_t[6] / x64: uint8_t[10]
UserAffinityFill		x86: uint8_t[6] / x64: uint8_t[10]
UserAffinityFill		x86: uint8_t[6] / x64: uint8_t[10]
UserAffinityFill		x86: uint8_t[6] / x64: uint8_t[10]
UserAffinityFill		x86: uint8_t[6] / x64: uint8_t[10]
UserAffinityFill		x86: uint8_t[6] / x64: uint8_t[10]
UserAffinityFill		x86: uint8_t[6] / x64: uint8_t[10]
UserAffinityFill		x86: uint8_t[6] / x64: uint8_t[10]
UserAffinityFill		x86: uint8_t[6] / x64: uint8_t[10]
UserAffinityFill		0x0228
0x0154char
PriorityDecrement		0x022C
0x0154:0x00uint8_t
ForegroundBoost		uint8_t
ForegroundBoost		0x022C:0x00
0x0154void *
Win32Thread		0x0238
uint8_t
CodePatchInProgress		0x024F
0x0154void *
Win32Thread		void *
Win32Thread		0x0250
0x0154:0x04uint8_t
UnusualBoost		0x022C:0x04
0x0155uint8_t
Preempted		0x022D
0x0156uint8_t
AdjustReason		0x022E
0x0157char
AdjustIncrement		0x022F
0x0158volatile struct _GROUP_AFFINITY
Affinity		0x0230
0x0158x86: uint8_t[6] / x64: uint8_t[10]
AffinityFill		x86: uint8_t[6] / x64: uint8_t[10]
AffinityFill		0x0230
0x0158void *
StackBase		void *
StackBase		void *
StackBase		void *
StackBase		0x0240
0x0158unsigned long
UserTime		void *
StackBase		void *
StackBase		void *
StackBase		0x0258
0x015Achar
PreviousMode		0x0232
0x015Bchar
BasePriority		char
BasePriority		char
BasePriority		0x0233
0x015Cchar
PriorityDecrement		uint8_t
ForegroundBoost		char
PriorityDecrement		uint8_t
ForegroundBoost		char
PriorityDecrement		0x0234
0x015C:0x00uint8_t
ForegroundBoost		uint8_t
ForegroundBoost		uint8_t
ForegroundBoost		uint8_t
ForegroundBoost		uint8_t
ForegroundBoost		uint8_t
ForegroundBoost		uint8_t
ForegroundBoost		uint8_t
ForegroundBoost		uint8_t
ForegroundBoost		uint8_t
ForegroundBoost		0x0234:0x00
0x015Cstruct _KAPC
SuspendApc		0x0248
0x015Cuint8_t[1]
SuspendApcFill0		0x0248
0x015Cuint8_t[3]
SuspendApcFill1		0x0248
0x015Cuint8_t[4]
SuspendApcFill2		0x0248
0x015Cx86: uint8_t[36] / x64: uint8_t[64]
SuspendApcFill3		0x0248
0x015Cx86: uint8_t[40] / x64: uint8_t[72]
SuspendApcFill4		0x0248
0x015Cx86: uint8_t[47] / x64: uint8_t[83]
SuspendApcFill5		x86: uint8_t[47] / x64: uint8_t[83]
SuspendApcFill5		x86: uint8_t[47] / x64: uint8_t[83]
SuspendApcFill5		x86: uint8_t[47] / x64: uint8_t[83]
SuspendApcFill5		0x0248
0x015Cvoid *
StackBase		struct _KAPC
SuspendApc		struct _KAPC
SuspendApc		char
PriorityDecrement		0x0260
0x015Cuint8_t[1]
SuspendApcFill0		uint8_t[1]
SuspendApcFill0		uint8_t
ForegroundBoost		0x0260
0x015Cuint8_t[3]
SuspendApcFill1		uint8_t[3]
SuspendApcFill1		0x0260
0x015Cuint8_t[4]
SuspendApcFill2		uint8_t[4]
SuspendApcFill2		0x0260
0x015Cx86: uint8_t[36] / x64: uint8_t[64]
SuspendApcFill3		x86: uint8_t[36] / x64: uint8_t[64]
SuspendApcFill3		0x0260
0x015Cx86: uint8_t[40] / x64: uint8_t[72]
SuspendApcFill4		x86: uint8_t[40] / x64: uint8_t[72]
SuspendApcFill4		0x0260
0x015Cx86: uint8_t[47] / x64: uint8_t[83]
SuspendApcFill5		x86: uint8_t[47] / x64: uint8_t[83]
SuspendApcFill5		x86: uint8_t[47] / x64: uint8_t[83]
SuspendApcFill5		0x0260
0x015C:0x04uint8_t
UnusualBoost		0x0234:0x04
0x015Duint8_t
Preempted		uint8_t
Preempted		uint8_t
Preempted		uint8_t
Preempted		uint8_t
Preempted		uint8_t
Preempted		uint8_t
Preempted		uint8_t
Preempted		uint8_t
Preempted		uint8_t
Preempted		0x0235
0x015Dchar
Quantum		char
Quantum		char
Quantum		char
Quantum		0x0249
0x015Dchar
Quantum		char
Quantum		uint8_t
Preempted		0x0261
0x015Euint8_t
AdjustReason		uint8_t
AdjustReason		uint8_t
AdjustReason		uint8_t
AdjustReason		uint8_t
AdjustReason		uint8_t
AdjustReason		uint8_t
AdjustReason		uint8_t
AdjustReason		uint8_t
AdjustReason		uint8_t
AdjustReason		0x0236
0x015Euint8_t
ApcStateIndex		uint8_t
AdjustReason		0x023A
0x015Fuint8_t
CodePatchInProgress		uint8_t
CodePatchInProgress		char
AdjustIncrement		char
AdjustIncrement		char
AdjustIncrement		char
AdjustIncrement		char
AdjustIncrement		char
AdjustIncrement		char
AdjustIncrement		char
AdjustIncrement		char
AdjustIncrement		char
AdjustIncrement		0x0237
0x015Fuint8_t
WaitBlockCount		uint8_t
WaitBlockCount		0x023B
0x015Fuint8_t
QuantumReset		uint8_t
QuantumReset		uint8_t
QuantumReset		uint8_t
QuantumReset		uint8_t
QuantumReset		char
AdjustIncrement		0x024B
0x015Fuint8_t
QuantumReset		0x0263
0x0160struct _KAPC
SuspendApc		unsigned long
KernelTime		unsigned long
IdealProcessor		unsigned long
IdealProcessor		unsigned long
IdealProcessor		unsigned long
IdealProcessor		unsigned long
IdealProcessor		unsigned long
IdealProcessor		struct _GROUP_AFFINITY
UserAffinity		struct _GROUP_AFFINITY
UserAffinity		struct _GROUP_AFFINITY
Affinity		0x0228
0x0160volatile struct _GROUP_AFFINITY
Affinity		struct _GROUP_AFFINITY
Affinity		struct _GROUP_AFFINITY
Affinity		uintptr_t
AffinityVersion		uintptr_t
AffinityVersion		0x0238
0x0160x86: uint8_t[6] / x64: uint8_t[10]
AffinityFill		x86: uint8_t[6] / x64: uint8_t[10]
AffinityFill		x86: uint8_t[6] / x64: uint8_t[10]
AffinityFill		x86: uint8_t[6] / x64: uint8_t[10]
AffinityFill		x86: uint8_t[6] / x64: uint8_t[10]
AffinityFill		x86: uint8_t[6] / x64: uint8_t[10]
AffinityFill		x86: uint8_t[6] / x64: uint8_t[10]
AffinityFill		x86: uint8_t[6] / x64: uint8_t[10]
AffinityFill		0x0238
0x0160unsigned long
IdealProcessor		unsigned long
IdealProcessor		0x023C
0x0160unsigned long
KernelTime		unsigned long
KernelTime		unsigned long
KernelTime		unsigned long
KernelTime		uint8_t[6]
AffinityFill		0x024C
0x0160unsigned long
KernelTime		0x0264
0x0164unsigned long
UserIdealProcessor		unsigned long
UserIdealProcessor		unsigned long
UserIdealProcessor		unsigned long
UserIdealProcessor		unsigned long
UserIdealProcessor		unsigned long
UserIdealProcessor		0x022C
0x0164uint8_t
Alertable		struct _KAPC_STATE *[2]
ApcStatePointer		struct _KAPC_STATE *[2]
ApcStatePointer		struct _GROUP_AFFINITY
Affinity		0x0240
0x0164x86: uint8_t[6] / x64: uint8_t[10]
AffinityFill		x86: uint8_t[6] / x64: uint8_t[10]
AffinityFill		0x0240
0x0165uint8_t
ApcStateIndex
0x0166uint8_t
ApcQueueable		uint8_t
ApcStateIndex		0x0242
0x0167uint8_t
AutoAlignment		uint8_t
WaitBlockCount		uint8_t
WaitBlockCount		uint8_t
WaitBlockCount		0x0243
0x0168void *
StackBase		struct _KAPC_STATE *[2]
ApcStatePointer		struct _KAPC_STATE *[2]
ApcStatePointer		struct _KAPC_STATE *[2]
ApcStatePointer		struct _KAPC_STATE *[2]
ApcStatePointer		struct _KAPC_STATE *[2]
ApcStatePointer		struct _KAPC_STATE *[2]
ApcStatePointer		unsigned long
IdealProcessor		0x0230
0x0168unsigned long
IdealProcessor		unsigned long
IdealProcessor		unsigned long
IdealProcessor		unsigned long
IdealProcessor		unsigned long
IdealProcessor		unsigned long
IdealProcessor		unsigned long
IdealProcessor		unsigned long
IdealProcessor		0x0244
0x016Auint8_t
ApcStateIndex		0x024A
0x016Buint8_t
Spare02		uint8_t
Spare02		uint8_t
WaitBlockCount		uint8_t
WaitBlockCount		0x0243
0x016Bchar
FreezeCount		uint8_t
WaitBlockCount		0x024B
0x016Cstruct _KAPC
SuspendApc		char
SuspendCount		char
SuspendCount		unsigned long
IdealProcessor		unsigned long
IdealProcessor		struct _KAPC_STATE *[2]
ApcStatePointer		0x0244
0x016Cstruct _KAPC_STATE *[2]
ApcStatePointer		struct _KAPC_STATE *[2]
ApcStatePointer		struct _KAPC_STATE *[2]
ApcStatePointer		struct _KAPC_STATE *[2]
ApcStatePointer		struct _KAPC_STATE *[2]
ApcStatePointer		struct _KAPC_STATE *[2]
ApcStatePointer		struct _KAPC_STATE *[2]
ApcStatePointer		struct _KAPC_STATE *[2]
ApcStatePointer		0x0248
0x016Cunsigned long
IdealProcessor		unsigned long
IdealProcessor		0x024C
0x016Cstruct _KAPC_STATE
SavedApcState		0x0250
0x016Cx86: uint8_t[23] / x64: uint8_t[43]
SavedApcStateFill		x86: uint8_t[23] / x64: uint8_t[43]
SavedApcStateFill		0x0250
0x016Duint8_t
UserIdealProcessor		0x0245
0x016Euint8_t
Spare03		0x0246
0x016Fuint8_t
Iopl		uint8_t
OtherPlatformFill
0x0170struct _KAPC_STATE
SavedApcState		0x0240
0x0170x86: uint8_t[23] / x64: uint8_t[43]
SavedApcStateFill		0x0240
0x0170void * volatile
Win32Thread		unsigned long[1]
Spare15		0x0248
0x0174void *
StackBase		void *
StackBase		struct _KAPC_STATE
SavedApcState		0x0250
0x0174struct _KAPC_STATE
SavedApcState		struct _KAPC_STATE
SavedApcState		uint8_t[23]
SavedApcStateFill		struct _KAPC_STATE
SavedApcState		0x0258
0x0174x86: uint8_t[23] / x64: uint8_t[43]
SavedApcStateFill		x86: uint8_t[23] / x64: uint8_t[43]
SavedApcStateFill		x86: uint8_t[23] / x64: uint8_t[43]
SavedApcStateFill		x86: uint8_t[23] / x64: uint8_t[43]
SavedApcStateFill		x86: uint8_t[23] / x64: uint8_t[43]
SavedApcStateFill		x86: uint8_t[23] / x64: uint8_t[43]
SavedApcStateFill		x86: uint8_t[23] / x64: uint8_t[43]
SavedApcStateFill		x86: uint8_t[23] / x64: uint8_t[43]
SavedApcStateFill		x86: uint8_t[23] / x64: uint8_t[43]
SavedApcStateFill		x86: uint8_t[23] / x64: uint8_t[43]
SavedApcStateFill		0x0258
0x0178struct _KAPC
SuspendApc		struct _KAPC_STATE
SavedApcState		struct _KAPC_STATE
SavedApcState		0x0258
0x0178uint8_t[1]
SuspendApcFill0		uint8_t[43]
SavedApcStateFill		uint8_t[43]
SavedApcStateFill		0x0258
0x0178uint8_t[3]
SuspendApcFill1		0x0258
0x0178uint8_t[4]
SuspendApcFill2		0x0258
0x0178x86: uint8_t[36] / x64: uint8_t[64]
SuspendApcFill3		0x0258
0x0178x86: uint8_t[40] / x64: uint8_t[72]
SuspendApcFill4		0x0258
0x0178x86: uint8_t[47] / x64: uint8_t[83]
SuspendApcFill5		0x0258
0x0179char
Spare04		0x0259
0x017Buint8_t
QuantumReset		0x025B
0x017Cunsigned long
KernelTime		0x025C
uint8_t
CodePatchInProgress		uint8_t
CodePatchInProgress		uint8_t
CodePatchInProgress		0x026E
0x0180void *
TlsArray		void *
TlsArray		void *
TlsArray		void *
TlsArray		void *
TlsArray		struct _KAPC
SchedulerApc		struct _KAPC
SchedulerApc		0x0288
0x0180void *
TlsArray		void *
TlsArray		0x02A0
0x0183uint8_t
WaitReason		0x027B
0x0184void *
LegoData		char
SuspendCount		char
SuspendCount		0x027C
0x0184void *
LegoData		void *
LegoData		void *
LegoData		void *
LegoData		0x0290
0x0184void *
LegoData		void *
LegoData		0x02A8
0x0185char
Saturation		0x027D
0x0186uint16_t
SListFaultCount		uint16_t
SListFaultCount		0x027E
0x0187uint8_t
WaitReason		0x026B
0x0188char
SuspendCount		char
SuspendCount		char
SuspendCount		char
SuspendCount		char
SuspendCount		char
SuspendCount		0x026C
0x0188struct _KAPC
SchedulerApc		0x0280
0x0188uint8_t[1]
SchedulerApcFill0		0x0280
0x0188uint8_t[3]
SchedulerApcFill1		0x0280
0x0188uint8_t[4]
SchedulerApcFill2		0x0280
0x0188x86: uint8_t[36] / x64: uint8_t[64]
SchedulerApcFill3		0x0280
0x0188x86: uint8_t[40] / x64: uint8_t[72]
SchedulerApcFill4		0x0280
0x0188x86: uint8_t[47] / x64: uint8_t[83]
SchedulerApcFill5		x86: uint8_t[47] / x64: uint8_t[83]
SchedulerApcFill5		0x0280
0x0189char
Spare1		char
Spare1		char
Spare1		char
Spare1		char
Spare1		char
Spare1		0x026D
0x0189uint8_t
ResourceIndex		0x0281
0x018Auint8_t
OtherPlatformFill		uint8_t
OtherPlatformFill		uint8_t
OtherPlatformFill
0x018Buint8_t
PowerState		uint8_t
QuantumReset		uint8_t
QuantumReset		uint8_t
WaitReason		uint8_t
WaitReason		uint8_t
WaitReason		uint8_t
WaitReason		uint8_t
WaitReason		uint8_t
WaitReason		uint8_t
WaitReason		uint8_t
WaitReason		uint8_t
WaitReason		uint8_t
WaitReason		0x0283
0x018Buint8_t
PowerState		uint8_t
PowerState		uint8_t
PowerState		uint8_t
PowerState		0x029B
0x018Buint8_t
PowerState		0x02B3
0x018Cvoid * volatile
Win32Thread		void * volatile
Win32Thread		void * volatile
Win32Thread		void * volatile
Win32Thread		void * volatile
Win32Thread		void * volatile
Win32Thread		0x0270
0x018Cunsigned long
UserTime		unsigned long
KernelTime		unsigned long
KernelTime		char
SuspendCount		char
SuspendCount		char
SuspendCount		char
SuspendCount		char
SuspendCount		char
SuspendCount		char
SuspendCount		char
SuspendCount		char
SuspendCount		char
SuspendCount		0x0284
0x018Cunsigned long
UserTime		unsigned long
UserTime		unsigned long
UserTime		unsigned long
UserTime		0x029C
0x018Cunsigned long
UserTime		unsigned long
UserTime		0x02B4
0x018Dchar
Saturation		0x0285
0x018Euint16_t
SListFaultCount		0x0286
0x0190struct _KSEMAPHORE
SuspendSemaphore		struct _KSEMAPHORE
SuspendSemaphore		void *
StackBase		void *
StackBase		void *
StackBase		void *
StackBase		void *
StackBase		void *
StackBase		struct _KAPC
SchedulerApc		0x0278
0x0190struct _KAPC
SchedulerApc		uint8_t[1]
SchedulerApcFill0		struct _KAPC
SchedulerApc		uint8_t[1]
SchedulerApcFill0		uint8_t[4]
SchedulerApcFill2		struct _KAPC
SchedulerApc		0x0288
0x0190uint8_t[1]
SchedulerApcFill0		uint8_t[3]
SchedulerApcFill1		uint8_t[1]
SchedulerApcFill0		uint8_t[3]
SchedulerApcFill1		uint8_t[36]
SchedulerApcFill3		uint8_t[1]
SchedulerApcFill0		0x0288
0x0190uint8_t[3]
SchedulerApcFill1		uint8_t[4]
SchedulerApcFill2		uint8_t[3]
SchedulerApcFill1		uint8_t[4]
SchedulerApcFill2		uint8_t[40]
SchedulerApcFill4		uint8_t[3]
SchedulerApcFill1		0x0288
0x0190uint8_t[4]
SchedulerApcFill2		uint8_t[64]
SchedulerApcFill3		uint8_t[4]
SchedulerApcFill2		uint8_t[64]
SchedulerApcFill3		uint8_t[47]
SchedulerApcFill5		uint8_t[4]
SchedulerApcFill2		0x0288
0x0190x86: uint8_t[36] / x64: uint8_t[64]
SchedulerApcFill3		uint8_t[72]
SchedulerApcFill4		x86: uint8_t[36] / x64: uint8_t[64]
SchedulerApcFill3		uint8_t[72]
SchedulerApcFill4		x86: uint8_t[36] / x64: uint8_t[64]
SchedulerApcFill3		0x0288
0x0190x86: uint8_t[40] / x64: uint8_t[72]
SchedulerApcFill4		uint8_t[83]
SchedulerApcFill5		x86: uint8_t[40] / x64: uint8_t[72]
SchedulerApcFill4		uint8_t[83]
SchedulerApcFill5		x86: uint8_t[40] / x64: uint8_t[72]
SchedulerApcFill4		0x0288
0x0190x86: uint8_t[47] / x64: uint8_t[83]
SchedulerApcFill5		x86: uint8_t[47] / x64: uint8_t[83]
SchedulerApcFill5		x86: uint8_t[47] / x64: uint8_t[83]
SchedulerApcFill5		0x0288
0x0190struct _KSEMAPHORE
SuspendSemaphore		uint8_t[20]
SuspendSemaphorefill		uint8_t[1]
SchedulerApcFill0		0x02A0
0x0190x86: uint8_t[20] / x64: uint8_t[28]
SuspendSemaphorefill		x86: uint8_t[20] / x64: uint8_t[28]
SuspendSemaphorefill		x86: uint8_t[20] / x64: uint8_t[28]
SuspendSemaphorefill		x86: uint8_t[20] / x64: uint8_t[28]
SuspendSemaphorefill		uint8_t[3]
SchedulerApcFill1		0x02A0
0x0190struct _KSEMAPHORE
SuspendSemaphore		0x02B8
0x0190x86: uint8_t[20] / x64: uint8_t[28]
SuspendSemaphorefill		x86: uint8_t[20] / x64: uint8_t[28]
SuspendSemaphorefill		0x02B8
0x0191uint8_t
ResourceIndex		0x0289
0x0193uint8_t
QuantumReset		0x028B
0x0194struct _KAPC
SuspendApc		0x0280
0x0194uint8_t[1]
SuspendApcFill0		0x0280
0x0194uint8_t[3]
SuspendApcFill1		0x0280
0x0194uint8_t[4]
SuspendApcFill2		0x0280
0x0194x86: uint8_t[36] / x64: uint8_t[64]
SuspendApcFill3		0x0280
0x0194x86: uint8_t[40] / x64: uint8_t[72]
SuspendApcFill4		0x0280
0x0194x86: uint8_t[47] / x64: uint8_t[83]
SuspendApcFill5		0x0280
0x0194unsigned long
KernelTime		unsigned long
KernelTime		unsigned long
KernelTime		unsigned long
KernelTime		unsigned long
KernelTime		unsigned long
KernelTime		unsigned long
KernelTime		unsigned long
KernelTime		unsigned long
KernelTime		unsigned long
KernelTime		0x028C
0x0195uint8_t
ResourceIndex		0x0281
0x0197uint8_t
QuantumReset		0x0283
0x0198unsigned long
KernelTime		0x0284
0x019Cstruct _KSEMAPHORE
SuspendSemaphore		struct _KPRCB *
WaitPrcb		0x0298
0x01A0void *
LegoData		0x02A0
0x01A4void *
TlsArray		unsigned long
SListFaultCount		unsigned long
SListFaultCount		unsigned long
SListFaultCount		unsigned long
SListFaultCount		unsigned long
SListFaultCount		0x02BC
0x01A4unsigned long
SListFaultCount		unsigned long
SListFaultCount		0x02D4
0x01A7uint8_t
PowerState		0x02AB
0x01A8unsigned long
UserTime		unsigned long
UserTime		0x02AC
0x01A8void *
LegoData		struct _LIST_ENTRY
ThreadListEntry		struct _LIST_ENTRY
ThreadListEntry		struct _LIST_ENTRY
ThreadListEntry		struct _LIST_ENTRY
ThreadListEntry		struct _LIST_ENTRY
ThreadListEntry		unsigned long
UserTime		0x02C0
0x01A8struct _LIST_ENTRY
ThreadListEntry		struct _LIST_ENTRY
ThreadListEntry		0x02D8
0x01ACstruct _LIST_ENTRY
ThreadListEntry		struct _KSEMAPHORE
SuspendSemaphore		0x02B0
0x01ACx86: uint8_t[20] / x64: uint8_t[28]
SuspendSemaphorefill		x86: uint8_t[20] / x64: uint8_t[28]
SuspendSemaphorefill		0x02B0
0x01ACstruct _KPRCB * volatile
WaitPrcb		0x02C0
0x01B0void *
LegoData		void *
LegoData		0x02C8
0x01B0struct _LIST_ENTRY
ThreadListEntry		void *
SListFaultAddress		void *
SListFaultAddress		void *
SListFaultAddress		void *
SListFaultAddress		void *
SListFaultAddress		void *
LegoData		void *
LegoData		0x02D0
0x01B0void *
SListFaultAddress		int64_t
OtherOperationCount		int64_t
OtherOperationCount		0x02E8
0x01B4uint8_t
LargeStack		struct _KPRCB * volatile
WaitPrcb		struct _KPRCB * volatile
WaitPrcb		struct _KPRCB * volatile
WaitPrcb		struct _KPRCB * volatile
WaitPrcb		struct _KPRCB * volatile
WaitPrcb		struct _KPRCB * volatile
WaitPrcb		struct _KPRCB * volatile
WaitPrcb		struct _KPRCB * volatile
WaitPrcb		struct _KPRCB * volatile
WaitPrcb		struct _KPRCB * volatile
WaitPrcb		0x02C8
0x01B5uint8_t
PowerState
0x01B6uint8_t
NpxIrql
0x01B7uint8_t
Spare5		uint8_t
CallbackNestingLevel		0x02D3
0x01B8struct _KPRCB * volatile
WaitPrcb		struct _KPRCB * volatile
WaitPrcb		struct _KPRCB * volatile
WaitPrcb		struct _KPRCB * volatile
WaitPrcb		struct _KPRCB * volatile
WaitPrcb		struct _KPRCB * volatile
WaitPrcb		0x02C0
0x01B8char
FreezeCount		uint8_t
AutoAlignment		void *
LegoData		void *
LegoData		void *
LegoData		0x02D0
0x01B8unsigned long
UserTime		0x02D4
0x01B9char
SuspendCount		uint8_t
Iopl
0x01BAuint8_t
IdealProcessor		char
FreezeCount
0x01BBuint8_t
DisableBoost		char
SuspendCount
0x01BCvoid *
LegoData		void *
LegoData		void *
LegoData		void *
LegoData		void *
LegoData		void *
LegoData		0x02C8
0x01BCuint8_t[1]
Spare0		struct _KEVENT
SuspendEvent		struct _KEVENT
SuspendEvent		0x02D8
0x01BDuint8_t
UserIdealProcessor
0x01BEvolatile uint8_t
DeferredProcessor
0x01BFuint8_t
AdjustReason		uint8_t
CallbackNestingLevel		0x02DB
0x01C0char
AdjustIncrement		unsigned long
SListFaultCount		unsigned long
SListFaultCount		unsigned long
UserTime		0x02CC
0x01C0unsigned long
UserTime		unsigned long
UserTime		unsigned long
UserTime		unsigned long
UserTime		unsigned long
UserTime		unsigned long
UserTime		unsigned long
UserTime		unsigned long
UserTime		unsigned long
UserTime		unsigned long
UserTime		0x02DC
0x01C1uint8_t[3]
Spare2
0x01C3uint8_t
LargeStack		0x02D3
0x01C4struct _LIST_ENTRY
ThreadListEntry		struct _LIST_ENTRY
ThreadListEntry		struct _KEVENT
SuspendEvent		0x02D0
0x01C4unsigned long
UserTime		unsigned long
UserTime		unsigned long
UserTime		unsigned long
UserTime		unsigned long
UserTime		unsigned long
UserTime		0x02D4
0x01C4struct _KEVENT
SuspendEvent		struct _KEVENT
SuspendEvent		struct _KEVENT
SuspendEvent		struct _KEVENT
SuspendEvent		struct _KEVENT
SuspendEvent		struct _KEVENT
SuspendEvent		struct _KEVENT
SuspendEvent		struct _KEVENT
SuspendEvent		struct _KEVENT
SuspendEvent		struct _KEVENT
SuspendEvent		0x02E0
0x01C8int64_t
ReadOperationCount		int64_t
ReadOperationCount		struct _KSEMAPHORE
SuspendSemaphore		0x02D8
0x01C8x86: uint8_t[20] / x64: uint8_t[28]
SuspendSemaphorefill		x86: uint8_t[20] / x64: uint8_t[28]
SuspendSemaphorefill		x86: uint8_t[20] / x64: uint8_t[28]
SuspendSemaphorefill		x86: uint8_t[20] / x64: uint8_t[28]
SuspendSemaphorefill		x86: uint8_t[20] / x64: uint8_t[28]
SuspendSemaphorefill		x86: uint8_t[20] / x64: uint8_t[28]
SuspendSemaphorefill		0x02D8
0x01CCint64_t
WriteOperationCount		int64_t
WriteOperationCount		struct _LIST_ENTRY
MutantListHead		struct _LIST_ENTRY
MutantListHead		struct _KEVENT
SuspendEvent		struct _KEVENT
SuspendEvent		0x02E0
0x01CCstruct _LIST_ENTRY
ThreadListEntry		struct _LIST_ENTRY
ThreadListEntry		0x02F0
0x01D4int64_t
ReadOperationCount		int64_t
ReadTransferCount		int64_t
ReadTransferCount		void *
SListFaultAddress		void *
SListFaultAddress		struct _LIST_ENTRY
ThreadListEntry		0x02F0
0x01D4int64_t
WriteOperationCount		int64_t
WriteTransferCount		int64_t
WriteTransferCount		int64_t
ReadOperationCount		struct _LIST_ENTRY
ThreadListEntry		struct _LIST_ENTRY
ThreadListEntry		0x02F8
0x01D4int64_t
OtherOperationCount		int64_t
OtherTransferCount		int64_t
OtherTransferCount		int64_t
WriteOperationCount		struct _LIST_ENTRY
MutantListHead		0x0300
int64_t
WriteTransferCount		int64_t
ReadTransferCount		int64_t
ReadOperationCount		0x0310
unsigned long
SecureThreadCookie		unsigned long
SecureThreadCookie		unsigned long
SecureThreadCookie		0x031C
0x01D8void * volatile
MdlForLockedTeb		int64_t
WriteOperationCount		int64_t
WriteOperationCount		int64_t
WriteOperationCount		int64_t
ReadTransferCount		int64_t
OtherOperationCount		0x0328
0x01DCunsigned long
SListFaultCount		unsigned long
SListFaultCount		unsigned long
SListFaultCount		unsigned long
SListFaultCount		unsigned long
SListFaultCount		unsigned long
SListFaultCount		0x02F4
0x01DCstruct _LIST_ENTRY
MutantListHead		struct _LIST_ENTRY
MutantListHead		struct _LIST_ENTRY
MutantListHead		struct _LIST_ENTRY
MutantListHead		struct _LIST_ENTRY
MutantListHead		struct _LIST_ENTRY
MutantListHead		struct _LIST_ENTRY
MutantListHead		struct _LIST_ENTRY
MutantListHead		struct _LIST_ENTRY
MutantListHead		struct _LIST_ENTRY
MutantListHead		0x0308
0x01E0struct _LIST_ENTRY
ThreadListEntry		struct _LIST_ENTRY
ThreadListEntry		struct _LIST_ENTRY
ThreadListEntry		struct _LIST_ENTRY
ThreadListEntry		struct _LIST_ENTRY
ThreadListEntry		struct _LIST_ENTRY
ThreadListEntry		0x02F8
0x01E4int64_t
OtherTransferCount		int64_t
WriteTransferCount		int64_t
WriteOperationCount		int64_t
ReadOperationCount		struct _SINGLE_LIST_ENTRY
LockEntriesFreeList		uint8_t
AbEntrySummary		0x0318
0x01E5uint8_t
AbWaitEntryCount		0x0319
0x01E6uint16_t
Spare20		0x031A
0x01E8int64_t
ReadTransferCount		int64_t
OtherOperationCount		struct _LIST_ENTRY
MutantListHead		struct _LIST_ENTRY
MutantListHead		struct _LIST_ENTRY
MutantListHead		struct _LIST_ENTRY
MutantListHead		struct _LIST_ENTRY
MutantListHead		struct _LIST_ENTRY
MutantListHead		struct _LIST_ENTRY
MutantListHead		struct _LIST_ENTRY
MutantListHead		struct _KLOCK_ENTRY[6]
LockEntries		0x0308
0x01E8int64_t
OtherTransferCount		int64_t
ReadOperationCount		int64_t
ReadOperationCount		int64_t
ReadOperationCount		int64_t
OtherOperationCount		int64_t
WriteOperationCount		struct _KLOCK_ENTRY[5]
LockEntries		struct _KLOCK_ENTRY[6]
LockEntries		struct _KLOCK_ENTRY[6]
LockEntries		struct _KLOCK_ENTRY[6]
LockEntries		struct _KLOCK_ENTRY[6]
LockEntries		struct _KLOCK_ENTRY[6]
LockEntries		struct _KLOCK_ENTRY[6]
LockEntries		struct _KLOCK_ENTRY[6]
LockEntries		struct _KLOCK_ENTRY[6]
LockEntries		0x0320
0x01F0void *
SListFaultAddress		0x0318
int64_t
OtherOperationCount		int64_t
OtherOperationCount		int64_t
OtherOperationCount		int64_t
WriteTransferCount		int64_t
ReadTransferCount		0x0330
int64_t
ReadTransferCount		int64_t
ReadTransferCount		int64_t
ReadTransferCount		int64_t
OtherTransferCount		int64_t
WriteTransferCount		0x0338
int64_t
WriteTransferCount		int64_t
WriteTransferCount		int64_t
WriteTransferCount		int64_t
OtherTransferCount		0x0340
int64_t
OtherTransferCount		int64_t
OtherTransferCount		int64_t
OtherTransferCount		0x0348
0x01F4struct _KTHREAD_COUNTERS *
ThreadCounters		0x0350
0x01F8struct _XSTATE_SAVE *
XStateSave		struct _XSTATE_SAVE *
XStateSave		struct _XSTATE_SAVE *
XStateSave		struct _XSTATE_SAVE *
XStateSave		struct _XSAVE_FORMAT *
StateSaveArea		0x0358
0x01F8struct _XSTATE_SAVE *
XStateSave		0x0360
struct _SINGLE_LIST_ENTRY
PropagateBoostsEntry		0x0500
struct _SINGLE_LIST_ENTRY
IoSelfBoostsEntry		0x0508
uint8_t[16]
PriorityFloorCounts		0x0510
unsigned long
PriorityFloorSummary		0x0520
volatile long
AbCompletedIoBoostCount		0x0524
volatile int16_t
AbReferenceCount		0x0528
uint8_t
AbFreeEntryCount		0x052A
uint8_t
AbWaitEntryCount		0x052B
unsigned long
ForegroundLossTime		0x052C
struct _LIST_ENTRY
GlobalForegroundListEntry		0x0530
struct _SINGLE_LIST_ENTRY
ForegroundDpcStackListEntry		0x0530
uint64_t
InGlobalForegroundList		0x0538
uint16_t[20]
Padding		0x0540
0x0308struct _SINGLE_LIST_ENTRY
PropagateBoostsEntry		0x0560
0x030Cint64_t
ReadOperationCount		struct _SINGLE_LIST_ENTRY
IoSelfBoostsEntry		0x0568
0x0310int64_t
WriteOperationCount		uint8_t[16]
PriorityFloorCounts		uint8_t[16]
PriorityFloorCounts		uint8_t[16]
PriorityFloorCounts		uint8_t[16]
PriorityFloorCounts		uint8_t[16]
PriorityFloorCounts		uint8_t[16]
PriorityFloorCounts		uint8_t[16]
PriorityFloorCounts		uint8_t[16]
PriorityFloorCounts		0x0570
int64_t
OtherOperationCount		0x0578
0x0320int64_t
ReadTransferCount		unsigned long
PriorityFloorSummary		0x0580
0x0324volatile long
AbCompletedIoBoostCount		0x0584
0x0328int64_t
WriteTransferCount		volatile int16_t
AbReferenceCount		volatile int16_t
KeReferenceCount		0x0588
0x032Auint8_t
AbFreeEntryCount		uint8_t
AbOrphanedEntrySummary		0x058A
0x032Buint8_t
AbWaitEntryCount		uint8_t
AbOwnedEntryCount		0x058B
0x032Cunsigned long
ForegroundLossTime		0x058C
0x0330int64_t
OtherTransferCount		struct _LIST_ENTRY
GlobalForegroundListEntry		0x0590
0x0330struct _SINGLE_LIST_ENTRY
ForegroundDpcStackListEntry		0x0590
0x0334uintptr_t
InGlobalForegroundList		0x0598
int64_t
ReadOperationCount		int64_t
ReadOperationCount		int64_t
ReadOperationCount		int64_t
ReadOperationCount		0x05A0
int64_t
WriteOperationCount		int64_t
WriteOperationCount		int64_t
WriteOperationCount		int64_t
WriteOperationCount		0x05A8
int64_t
OtherOperationCount		int64_t
OtherOperationCount		int64_t
OtherOperationCount		int64_t
OtherOperationCount		0x05B0
int64_t
ReadTransferCount		int64_t
ReadTransferCount		int64_t
ReadTransferCount		int64_t
ReadTransferCount		0x05B8
int64_t
WriteTransferCount		int64_t
WriteTransferCount		int64_t
WriteTransferCount		int64_t
WriteTransferCount		0x05C0
int64_t
OtherTransferCount		int64_t
OtherTransferCount		int64_t
OtherTransferCount		int64_t
OtherTransferCount		0x05C8
0x0338struct _KSCB *
QueuedScb		0x05D0
0x0340uint64_t
NpxState		0x0250