lkd> dt _KPROCESS
ntdll!_KPROCESS
+0x000 Header : _DISPATCHER_HEADER
+0x018 ProfileListHead : _LIST_ENTRY
+0x028 DirectoryTableBase : Uint8B
+0x030 ThreadListHead : _LIST_ENTRY
+0x040 ProcessLock : Uint4B
+0x044 Spare0 : Uint4B
+0x048 Affinity : _KAFFINITY_EX
+0x0f0 ReadyListHead : _LIST_ENTRY
+0x100 SwapListEntry : _SINGLE_LIST_ENTRY
+0x108 ActiveProcessors : _KAFFINITY_EX
+0x1b0 AutoAlignment : Pos 0, 1 Bit
+0x1b0 DisableBoost : Pos 1, 1 Bit
+0x1b0 DisableQuantum : Pos 2, 1 Bit
+0x1b0 AffinitySet : Pos 3, 1 Bit
+0x1b0 DeepFreeze : Pos 4, 1 Bit
+0x1b0 TimerVirtualization : Pos 5, 1 Bit
+0x1b0 ActiveGroupsMask : Pos 6, 20 Bits
+0x1b0 ReservedFlags : Pos 26, 6 Bits
+0x1b0 ProcessFlags : Int4B
+0x1b4 BasePriority : Char
+0x1b5 QuantumReset : Char
+0x1b6 Visited : UChar
+0x1b7 Flags : _KEXECUTE_OPTIONS
+0x1b8 ThreadSeed : [20] Uint4B
+0x208 IdealNode : [20] Uint2B
+0x230 IdealGlobalNode : Uint2B
+0x232 Spare1 : Uint2B
+0x234 StackCount : _KSTACK_COUNT
+0x238 ProcessListEntry : _LIST_ENTRY
+0x248 CycleTime : Uint8B
+0x250 ContextSwitches : Uint8B
+0x258 FreezeCount : Uint4B
+0x25c KernelTime : Uint4B
+0x260 UserTime : Uint4B
+0x264 LdtFreeSelectorHint : Uint2B
+0x266 LdtTableLength : Uint2B
+0x268 LdtSystemDescriptor : _KGDTENTRY64
+0x278 LdtBaseAddress : Ptr64 Void
+0x280 LdtProcessLock : _FAST_MUTEX
+0x2b8 InstrumentationCallback : Ptr64 Void
lkd> dt _EPROCESS
ntdll!_EPROCESS
+0x000 Pcb : _KPROCESS
+0x2c0 ProcessLock : _EX_PUSH_LOCK
+0x2c8 CreateTime : _LARGE_INTEGER
+0x2d0 RundownProtect : _EX_RUNDOWN_REF
+0x2d8 UniqueProcessId : Ptr64 Void
+0x2e0 ActiveProcessLinks : _LIST_ENTRY
+0x2f0 Flags2 : Uint4B
+0x2f0 JobNotReallyActive : Pos 0, 1 Bit
+0x2f0 AccountingFolded : Pos 1, 1 Bit
+0x2f0 NewProcessReported : Pos 2, 1 Bit
+0x2f0 ExitProcessReported : Pos 3, 1 Bit
+0x2f0 ReportCommitChanges : Pos 4, 1 Bit
+0x2f0 LastReportMemory : Pos 5, 1 Bit
+0x2f0 NoWakeCharge : Pos 6, 1 Bit
+0x2f0 HandleTableRundown : Pos 7, 1 Bit
+0x2f0 NeedsHandleRundown : Pos 8, 1 Bit
+0x2f0 RefTraceEnabled : Pos 9, 1 Bit
+0x2f0 NumaAware : Pos 10, 1 Bit
+0x2f0 EmptyJobEvaluated : Pos 11, 1 Bit
+0x2f0 DefaultPagePriority : Pos 12, 3 Bits
+0x2f0 PrimaryTokenFrozen : Pos 15, 1 Bit
+0x2f0 ProcessVerifierTarget : Pos 16, 1 Bit
+0x2f0 StackRandomizationDisabled : Pos 17, 1 Bit
+0x2f0 AffinityPermanent : Pos 18, 1 Bit
+0x2f0 AffinityUpdateEnable : Pos 19, 1 Bit
+0x2f0 PropagateNode : Pos 20, 1 Bit
+0x2f0 ExplicitAffinity : Pos 21, 1 Bit
+0x2f0 ProcessExecutionState : Pos 22, 2 Bits
+0x2f0 DisallowStrippedImages : Pos 24, 1 Bit
+0x2f0 HighEntropyASLREnabled : Pos 25, 1 Bit
+0x2f0 Spare : Pos 26, 1 Bit
+0x2f0 ForceRelocateImages : Pos 27, 1 Bit
+0x2f0 ProcessStateChangeRequest : Pos 28, 2 Bits
+0x2f0 ProcessStateChangeInProgress : Pos 30, 1 Bit
+0x2f0 DisallowWin32kSystemCalls : Pos 31, 1 Bit
+0x2f4 Flags : Uint4B
+0x2f4 CreateReported : Pos 0, 1 Bit
+0x2f4 NoDebugInherit : Pos 1, 1 Bit
+0x2f4 ProcessExiting : Pos 2, 1 Bit
+0x2f4 ProcessDelete : Pos 3, 1 Bit
+0x2f4 Wow64SplitPages : Pos 4, 1 Bit
+0x2f4 VmDeleted : Pos 5, 1 Bit
+0x2f4 OutswapEnabled : Pos 6, 1 Bit
+0x2f4 Outswapped : Pos 7, 1 Bit
+0x2f4 ForkFailed : Pos 8, 1 Bit
+0x2f4 Wow64VaSpace4Gb : Pos 9, 1 Bit
+0x2f4 AddressSpaceInitialized : Pos 10, 2 Bits
+0x2f4 SetTimerResolution : Pos 12, 1 Bit
+0x2f4 BreakOnTermination : Pos 13, 1 Bit
+0x2f4 DeprioritizeViews : Pos 14, 1 Bit
+0x2f4 WriteWatch : Pos 15, 1 Bit
+0x2f4 ProcessInSession : Pos 16, 1 Bit
+0x2f4 OverrideAddressSpace : Pos 17, 1 Bit
+0x2f4 HasAddressSpace : Pos 18, 1 Bit
+0x2f4 LaunchPrefetched : Pos 19, 1 Bit
+0x2f4 Background : Pos 20, 1 Bit
+0x2f4 VmTopDown : Pos 21, 1 Bit
+0x2f4 ImageNotifyDone : Pos 22, 1 Bit
+0x2f4 PdeUpdateNeeded : Pos 23, 1 Bit
+0x2f4 VdmAllowed : Pos 24, 1 Bit
+0x2f4 CrossSessionCreate : Pos 25, 1 Bit
+0x2f4 ProcessInserted : Pos 26, 1 Bit
+0x2f4 DefaultIoPriority : Pos 27, 3 Bits
+0x2f4 ProcessSelfDelete : Pos 30, 1 Bit
+0x2f4 SetTimerResolutionLink : Pos 31, 1 Bit
+0x2f8 ProcessQuotaUsage : [2] Uint8B
+0x308 ProcessQuotaPeak : [2] Uint8B
+0x318 PeakVirtualSize : Uint8B
+0x320 VirtualSize : Uint8B
+0x328 SessionProcessLinks : _LIST_ENTRY
+0x338 ExceptionPortData : Ptr64 Void
+0x338 ExceptionPortValue : Uint8B
+0x338 ExceptionPortState : Pos 0, 3 Bits
+0x340 Token : _EX_FAST_REF
+0x348 WorkingSetPage : Uint8B
+0x350 AddressCreationLock : _EX_PUSH_LOCK
+0x358 RotateInProgress : Ptr64 _ETHREAD
+0x360 ForkInProgress : Ptr64 _ETHREAD
+0x368 HardwareTrigger : Uint8B
+0x370 CommitChargeJob : Ptr64 _EJOB
+0x378 CloneRoot : Ptr64 _MM_AVL_TABLE
+0x380 NumberOfPrivatePages : Uint8B
+0x388 NumberOfLockedPages : Uint8B
+0x390 Win32Process : Ptr64 Void
+0x398 Job : Ptr64 _EJOB
+0x3a0 SectionObject : Ptr64 Void
+0x3a8 SectionBaseAddress : Ptr64 Void
+0x3b0 Cookie : Uint4B
+0x3b8 WorkingSetWatch : Ptr64 _PAGEFAULT_HISTORY
+0x3c0 Win32WindowStation : Ptr64 Void
+0x3c8 InheritedFromUniqueProcessId : Ptr64 Void
+0x3d0 LdtInformation : Ptr64 Void
+0x3d8 CreatorProcess : Ptr64 _EPROCESS
+0x3d8 ConsoleHostProcess : Uint8B
+0x3e0 Peb : Ptr64 _PEB
+0x3e8 Session : Ptr64 Void
+0x3f0 AweInfo : Ptr64 Void
+0x3f8 QuotaBlock : Ptr64 _EPROCESS_QUOTA_BLOCK
+0x400 ObjectTable : Ptr64 _HANDLE_TABLE
+0x408 DebugPort : Ptr64 Void
+0x410 Wow64Process : Ptr64 Void
+0x418 DeviceMap : Ptr64 Void
+0x420 EtwDataSource : Ptr64 Void
+0x428 PageDirectoryPte : _HARDWARE_PTE
+0x428 Filler : Uint8B
+0x430 ImageFileName : [15] UChar
+0x43f PriorityClass : UChar
+0x440 SecurityPort : Ptr64 Void
+0x448 SeAuditProcessCreationInfo : _SE_AUDIT_PROCESS_CREATION_INFO
+0x450 JobLinks : _LIST_ENTRY
+0x460 HighestUserAddress : Ptr64 Void
+0x468 ThreadListHead : _LIST_ENTRY
+0x478 ActiveThreads : Uint4B
+0x47c ImagePathHash : Uint4B
+0x480 DefaultHardErrorProcessing : Uint4B
+0x484 LastThreadExitStatus : Int4B
+0x488 PrefetchTrace : _EX_FAST_REF
+0x490 LockedPagesList : Ptr64 _MM_AVL_TABLE
+0x498 ReadOperationCount : _LARGE_INTEGER
+0x4a0 WriteOperationCount : _LARGE_INTEGER
+0x4a8 OtherOperationCount : _LARGE_INTEGER
+0x4b0 ReadTransferCount : _LARGE_INTEGER
+0x4b8 WriteTransferCount : _LARGE_INTEGER
+0x4c0 OtherTransferCount : _LARGE_INTEGER
+0x4c8 CommitChargeLimit : Uint8B
+0x4d0 CommitCharge : Uint8B
+0x4d8 CommitChargePeak : Uint8B
+0x4e0 Vm : _MMSUPPORT
+0x570 MmProcessLinks : _LIST_ENTRY
+0x580 ModifiedPageCount : Uint4B
+0x584 ExitStatus : Int4B
+0x588 VadRoot : _MM_AVL_TABLE
+0x5b8 VadPhysicalPages : Uint8B
+0x5c0 VadPhysicalPagesLimit : Uint8B
+0x5c8 AlpcContext : _ALPC_PROCESS_CONTEXT
+0x5e8 TimerResolutionLink : _LIST_ENTRY
+0x5f8 TimerResolutionStackRecord : Ptr64 _PO_DIAG_STACK_RECORD
+0x600 RequestedTimerResolution : Uint4B
+0x604 SmallestTimerResolution : Uint4B
+0x608 ExitTime : _LARGE_INTEGER
+0x610 InvertedFunctionTable : Ptr64 _INVERTED_FUNCTION_TABLE
+0x618 InvertedFunctionTableLock : _EX_PUSH_LOCK
+0x620 ActiveThreadsHighWatermark : Uint4B
+0x624 LargePrivateVadCount : Uint4B
+0x628 WnfContext : Ptr64 Void
+0x630 SectionMappingSize : Uint8B
+0x638 SignatureLevel : UChar
+0x639 SectionSignatureLevel : UChar
+0x63a SpareByte20 : [2] UChar
+0x63c KeepAliveCounter : Uint4B
+0x640 DiskCounters : Ptr64 _PROCESS_DISK_COUNTERS
+0x648 LastFreezeInterruptTime : Uint8B
пятница, 9 марта 2012 г.
w8 consumer preview _KPROCESS & _EPROCESS 64bit
Just to compare with dev preview
Комментариев нет:
Отправить комментарий