Min version | 2003/XP64 SP1 | Vista SP1 | 7 | 8 Pre RTM | 8 | 8.1 | 10 TH2 |
---|---|---|---|---|---|---|---|
Max version | 2003/XP64 SP2 | Vista SP2 | 7 SP1 | 10 | |||
x64 offset offset:bitpos | Field Name | ||||||
0x0000 | uint8_t InheritedAddressSpace | ||||||
0x0001 | uint8_t ReadImageFileExecOptions | ||||||
0x0002 | uint8_t BeingDebugged | ||||||
0x0003 | uint8_t BitField | ||||||
0x0003:0x00 | uint8_t ImageUsesLargePages | ||||||
0x0003:0x01 | uint8_t SpareBits | uint8_t IsProtectedProcess | |||||
0x0003:0x02 | uint8_t IsLegacyProcess | uint8_t IsImageDynamicallyRelocated | |||||
0x0003:0x03 | uint8_t IsImageDynamicallyRelocated | uint8_t SkipPatchingUser32Forwarders | |||||
0x0003:0x04 | uint8_t SkipPatchingUser32Forwarders | uint8_t IsPackagedProcess | |||||
0x0003:0x05 | uint8_t SpareBits | uint8_t IsPackagedProcess | uint8_t IsAppContainer | ||||
0x0003:0x06 | uint8_t IsAppContainer | uint8_t IsProtectedProcessLight | |||||
0x0003:0x07 | uint8_t SpareBits | ||||||
0x0004 | uint8_t[4] Padding0 | ||||||
0x0008 | void * Mutant | ||||||
0x0010 | void * ImageBaseAddress | ||||||
0x0018 | struct _PEB_LDR_DATA * Ldr | ||||||
0x0020 | struct _RTL_USER_PROCESS_PARAMETERS * ProcessParameters | ||||||
0x0028 | void * SubSystemData | ||||||
0x0030 | void * ProcessHeap | ||||||
0x0038 | struct _RTL_CRITICAL_SECTION * FastPebLock | ||||||
0x0040 | void * AtlThunkSListPtr | ||||||
0x0048 | void * SparePtr2 | void * IFEOKey | |||||
0x0050 | unsigned long EnvironmentUpdateCount | unsigned long CrossProcessFlags | |||||
0x0050:0x00 | unsigned long ProcessInJob | ||||||
0x0050:0x01 | unsigned long ProcessInitializing | ||||||
0x0050:0x02 | unsigned long ProcessUsingVEH | ||||||
0x0050:0x03 | unsigned long ProcessUsingVCH | ||||||
0x0050:0x04 | unsigned long ReservedBits0 | unsigned long ProcessUsingFTH | |||||
0x0050:0x05 | unsigned long ReservedBits0 | ||||||
0x0054 | uint8_t[4] Padding1 | ||||||
0x0058 | void * KernelCallbackTable | void * KernelCallbackTable | |||||
0x0058 | void * UserSharedInfoPtr | ||||||
0x0060 | unsigned long[1] SystemReserved | ||||||
0x0064 | unsigned long SpareUlong | unsigned long AtlThunkSListPtr32 | |||||
0x0068 | struct _PEB_FREE_BLOCK * FreeList | uint64_t SparePebPtr0 | void * ApiSetMap | ||||
0x0070 | unsigned long TlsExpansionCounter | ||||||
0x0074 | uint8_t[4] Padding2 | ||||||
0x0078 | void * TlsBitmap | ||||||
0x0080 | unsigned long[2] TlsBitmapBits | ||||||
0x0088 | void * ReadOnlySharedMemoryBase | ||||||
0x0090 | void * ReadOnlySharedMemoryHeap | void * HotpatchInformation | void * SparePvoid0 | ||||
0x0098 | void * * ReadOnlyStaticServerData | ||||||
0x00A0 | void * AnsiCodePageData | ||||||
0x00A8 | void * OemCodePageData | ||||||
0x00B0 | void * UnicodeCaseTableData | ||||||
0x00B8 | unsigned long NumberOfProcessors | ||||||
0x00BC | unsigned long NtGlobalFlag | ||||||
0x00C0 | union _LARGE_INTEGER CriticalSectionTimeout | ||||||
0x00C8 | uint64_t HeapSegmentReserve | ||||||
0x00D0 | uint64_t HeapSegmentCommit | ||||||
0x00D8 | uint64_t HeapDeCommitTotalFreeThreshold | ||||||
0x00E0 | uint64_t HeapDeCommitFreeBlockThreshold | ||||||
0x00E8 | unsigned long NumberOfHeaps | ||||||
0x00EC | unsigned long MaximumNumberOfHeaps | ||||||
0x00F0 | void * * ProcessHeaps | ||||||
0x00F8 | void * GdiSharedHandleTable | ||||||
0x0100 | void * ProcessStarterHelper | ||||||
0x0108 | unsigned long GdiDCAttributeList | ||||||
0x010C | uint8_t[4] Padding3 | ||||||
0x0110 | struct _RTL_CRITICAL_SECTION * LoaderLock | ||||||
0x0118 | unsigned long OSMajorVersion | ||||||
0x011C | unsigned long OSMinorVersion | ||||||
0x0120 | uint16_t OSBuildNumber | ||||||
0x0122 | uint16_t OSCSDVersion | ||||||
0x0124 | unsigned long OSPlatformId | ||||||
0x0128 | unsigned long ImageSubsystem | ||||||
0x012C | unsigned long ImageSubsystemMajorVersion | ||||||
0x0130 | unsigned long ImageSubsystemMinorVersion | ||||||
0x0134 | uint8_t[4] Padding4 | ||||||
0x0138 | uint64_t ImageProcessAffinityMask | uint64_t ActiveProcessAffinityMask | |||||
0x0140 | unsigned long[60] GdiHandleBuffer | ||||||
0x0230 | function * PostProcessInitRoutine | ||||||
0x0238 | void * TlsExpansionBitmap | ||||||
0x0240 | unsigned long[32] TlsExpansionBitmapBits | ||||||
0x02C0 | unsigned long SessionId | ||||||
0x02C4 | uint8_t[4] Padding5 | ||||||
0x02C8 | union _ULARGE_INTEGER AppCompatFlags | ||||||
0x02D0 | union _ULARGE_INTEGER AppCompatFlagsUser | ||||||
0x02D8 | void * pShimData | ||||||
0x02E0 | void * AppCompatInfo | ||||||
0x02E8 | struct _UNICODE_STRING CSDVersion | ||||||
0x02F8 | const struct _ACTIVATION_CONTEXT_DATA * ActivationContextData | ||||||
0x0300 | struct _ASSEMBLY_STORAGE_MAP * ProcessAssemblyStorageMap | ||||||
0x0308 | const struct _ACTIVATION_CONTEXT_DATA * SystemDefaultActivationContextData | ||||||
0x0310 | struct _ASSEMBLY_STORAGE_MAP * SystemAssemblyStorageMap | ||||||
0x0318 | uint64_t MinimumStackCommit | ||||||
0x0320 | void * * FlsCallback | struct _FLS_CALLBACK_INFO * FlsCallback | |||||
0x0328 | struct _LIST_ENTRY FlsListHead | ||||||
0x0338 | void * FlsBitmap | ||||||
0x0340 | unsigned long[4] FlsBitmapBits | ||||||
0x0350 | unsigned long FlsHighIndex | ||||||
0x0358 | void * WerRegistrationData | ||||||
0x0360 | void * WerShipAssertPtr | ||||||
0x0368 | void * pContextData | void * pUnused | |||||
0x0370 | void * pImageHeaderHash | ||||||
0x0378 | unsigned long TracingFlags | ||||||
0x0378:0x00 | unsigned long HeapTracingEnabled | ||||||
0x0378:0x01 | unsigned long CritSecTracingEnabled | ||||||
0x0378:0x02 | unsigned long SpareTracingBits | unsigned long LibLoaderTracingEnabled | |||||
0x0378:0x03 | unsigned long SpareTracingBits | ||||||
0x037C | uint8_t[4] Padding6 | ||||||
0x0380 | uint64_t CsrServerReadOnlySharedMemoryBase | ||||||
0x0388 | uint64_t TppWorkerpListLock | ||||||
0x0390 | struct _LIST_ENTRY TppWorkerpList | ||||||
0x03A0 | void *[128] WaitOnAddressHashTable |