| Min version | 8 Pre RTM | 8 | 8.1 | 10 TH2 |
|---|---|---|---|---|
| Max version | 10 | |||
| x64 offset offset:bitpos | Field Name | |||
| 0x0000 | uint8_t InheritedAddressSpace | |||
| 0x0001 | uint8_t ReadImageFileExecOptions | |||
| 0x0002 | uint8_t BeingDebugged | |||
| 0x0003 | uint8_t BitField | |||
| 0x0003:0x00 | uint8_t ImageUsesLargePages | |||
| 0x0003:0x01 | uint8_t IsProtectedProcess | |||
| 0x0003:0x02 | uint8_t IsLegacyProcess | uint8_t IsImageDynamicallyRelocated | ||
| 0x0003:0x03 | uint8_t IsImageDynamicallyRelocated | uint8_t SkipPatchingUser32Forwarders | ||
| 0x0003:0x04 | uint8_t SkipPatchingUser32Forwarders | uint8_t IsPackagedProcess | ||
| 0x0003:0x05 | uint8_t SpareBits | uint8_t IsPackagedProcess | uint8_t IsAppContainer | |
| 0x0003:0x06 | uint8_t IsAppContainer | uint8_t IsProtectedProcessLight | ||
| 0x0003:0x07 | uint8_t SpareBits | |||
| 0x0004 | unsigned long Mutant | |||
| 0x0008 | unsigned long ImageBaseAddress | |||
| 0x000C | unsigned long Ldr | |||
| 0x0010 | unsigned long ProcessParameters | |||
| 0x0014 | unsigned long SubSystemData | |||
| 0x0018 | unsigned long ProcessHeap | |||
| 0x001C | unsigned long FastPebLock | |||
| 0x0020 | unsigned long AtlThunkSListPtr | |||
| 0x0024 | unsigned long IFEOKey | |||
| 0x0028 | unsigned long CrossProcessFlags | |||
| 0x0028:0x00 | unsigned long ProcessInJob | |||
| 0x0028:0x01 | unsigned long ProcessInitializing | |||
| 0x0028:0x02 | unsigned long ProcessUsingVEH | |||
| 0x0028:0x03 | unsigned long ProcessUsingVCH | |||
| 0x0028:0x04 | unsigned long ProcessUsingFTH | |||
| 0x0028:0x05 | unsigned long ReservedBits0 | |||
| 0x002C | unsigned long KernelCallbackTable | |||
| 0x002C | unsigned long UserSharedInfoPtr | |||
| 0x0030 | unsigned long[1] SystemReserved | |||
| 0x0034 | unsigned long AtlThunkSListPtr32 | |||
| 0x0038 | unsigned long ApiSetMap | |||
| 0x003C | unsigned long TlsExpansionCounter | |||
| 0x0040 | unsigned long TlsBitmap | |||
| 0x0044 | unsigned long[2] TlsBitmapBits | |||
| 0x004C | unsigned long ReadOnlySharedMemoryBase | |||
| 0x0050 | unsigned long HotpatchInformation | unsigned long SparePvoid0 | ||
| 0x0054 | unsigned long ReadOnlyStaticServerData | |||
| 0x0058 | unsigned long AnsiCodePageData | |||
| 0x005C | unsigned long OemCodePageData | |||
| 0x0060 | unsigned long UnicodeCaseTableData | |||
| 0x0064 | unsigned long NumberOfProcessors | |||
| 0x0068 | unsigned long NtGlobalFlag | |||
| 0x0070 | union _LARGE_INTEGER CriticalSectionTimeout | |||
| 0x0078 | unsigned long HeapSegmentReserve | |||
| 0x007C | unsigned long HeapSegmentCommit | |||
| 0x0080 | unsigned long HeapDeCommitTotalFreeThreshold | |||
| 0x0084 | unsigned long HeapDeCommitFreeBlockThreshold | |||
| 0x0088 | unsigned long NumberOfHeaps | |||
| 0x008C | unsigned long MaximumNumberOfHeaps | |||
| 0x0090 | unsigned long ProcessHeaps | |||
| 0x0094 | unsigned long GdiSharedHandleTable | |||
| 0x0098 | unsigned long ProcessStarterHelper | |||
| 0x009C | unsigned long GdiDCAttributeList | |||
| 0x00A0 | unsigned long LoaderLock | |||
| 0x00A4 | unsigned long OSMajorVersion | |||
| 0x00A8 | unsigned long OSMinorVersion | |||
| 0x00AC | uint16_t OSBuildNumber | |||
| 0x00AE | uint16_t OSCSDVersion | |||
| 0x00B0 | unsigned long OSPlatformId | |||
| 0x00B4 | unsigned long ImageSubsystem | |||
| 0x00B8 | unsigned long ImageSubsystemMajorVersion | |||
| 0x00BC | unsigned long ImageSubsystemMinorVersion | |||
| 0x00C0 | unsigned long ActiveProcessAffinityMask | |||
| 0x00C4 | unsigned long[34] GdiHandleBuffer | |||
| 0x014C | unsigned long PostProcessInitRoutine | |||
| 0x0150 | unsigned long TlsExpansionBitmap | |||
| 0x0154 | unsigned long[32] TlsExpansionBitmapBits | |||
| 0x01D4 | unsigned long SessionId | |||
| 0x01D8 | union _ULARGE_INTEGER AppCompatFlags | |||
| 0x01E0 | union _ULARGE_INTEGER AppCompatFlagsUser | |||
| 0x01E8 | unsigned long pShimData | |||
| 0x01EC | unsigned long AppCompatInfo | |||
| 0x01F0 | struct _STRING32 CSDVersion | |||
| 0x01F8 | unsigned long ActivationContextData | |||
| 0x01FC | unsigned long ProcessAssemblyStorageMap | |||
| 0x0200 | unsigned long SystemDefaultActivationContextData | |||
| 0x0204 | unsigned long SystemAssemblyStorageMap | |||
| 0x0208 | unsigned long MinimumStackCommit | |||
| 0x020C | unsigned long FlsCallback | |||
| 0x0210 | struct LIST_ENTRY32 FlsListHead | |||
| 0x0218 | unsigned long FlsBitmap | |||
| 0x021C | unsigned long[4] FlsBitmapBits | |||
| 0x022C | unsigned long FlsHighIndex | |||
| 0x0230 | unsigned long WerRegistrationData | |||
| 0x0234 | unsigned long WerShipAssertPtr | |||
| 0x0238 | unsigned long pUnused | |||
| 0x023C | unsigned long pImageHeaderHash | |||
| 0x0240 | unsigned long TracingFlags | |||
| 0x0240:0x00 | unsigned long HeapTracingEnabled | |||
| 0x0240:0x01 | unsigned long CritSecTracingEnabled | |||
| 0x0240:0x02 | unsigned long LibLoaderTracingEnabled | |||
| 0x0240:0x03 | unsigned long SpareTracingBits | |||
| 0x0248 | uint64_t CsrServerReadOnlySharedMemoryBase | |||
| 0x0250 | unsigned long TppWorkerpListLock | |||
| 0x0254 | struct LIST_ENTRY32 TppWorkerpList | |||
| 0x025C | unsigned long[128] WaitOnAddressHashTable | |||