lkd> dt _KPROCESS
ntdll!_KPROCESS
+0x000 Header : _DISPATCHER_HEADER
+0x018 ProfileListHead : _LIST_ENTRY
+0x028 DirectoryTableBase : Uint8B
+0x030 ThreadListHead : _LIST_ENTRY
+0x040 ProcessLock : Uint4B
+0x044 Spare0 : Uint4B
+0x048 Affinity : _KAFFINITY_EX
+0x0f0 ReadyListHead : _LIST_ENTRY
+0x100 SwapListEntry : _SINGLE_LIST_ENTRY
+0x108 ActiveProcessors : _KAFFINITY_EX
+0x1b0 AutoAlignment : Pos 0, 1 Bit
+0x1b0 DisableBoost : Pos 1, 1 Bit
+0x1b0 DisableQuantum : Pos 2, 1 Bit
+0x1b0 AffinitySet : Pos 3, 1 Bit
+0x1b0 DeepFreeze : Pos 4, 1 Bit
+0x1b0 TimerVirtualization : Pos 5, 1 Bit
+0x1b0 ActiveGroupsMask : Pos 6, 20 Bits
+0x1b0 ReservedFlags : Pos 26, 6 Bits
+0x1b0 ProcessFlags : Int4B
+0x1b4 BasePriority : Char
+0x1b5 QuantumReset : Char
+0x1b6 Visited : UChar
+0x1b7 Flags : _KEXECUTE_OPTIONS
+0x1b8 ThreadSeed : [20] Uint4B
+0x208 IdealNode : [20] Uint2B
+0x230 IdealGlobalNode : Uint2B
+0x232 Spare1 : Uint2B
+0x234 StackCount : _KSTACK_COUNT
+0x238 ProcessListEntry : _LIST_ENTRY
+0x248 CycleTime : Uint8B
+0x250 ContextSwitches : Uint8B
+0x258 SchedulingGroup : Ptr64 _KSCHEDULING_GROUP
+0x260 FreezeCount : Uint4B
+0x264 KernelTime : Uint4B
+0x268 UserTime : Uint4B
+0x26c LdtFreeSelectorHint : Uint2B
+0x26e LdtTableLength : Uint2B
+0x270 LdtSystemDescriptor : _KGDTENTRY64
+0x280 LdtBaseAddress : Ptr64 Void
+0x288 LdtProcessLock : _FAST_MUTEX
+0x2c0 InstrumentationCallback : Ptr64 Void
lkd> dt _EPROCESS
ntdll!_EPROCESS
+0x000 Pcb : _KPROCESS
+0x2c8 ProcessLock : _EX_PUSH_LOCK
+0x2d0 CreateTime : _LARGE_INTEGER
+0x2d8 RundownProtect : _EX_RUNDOWN_REF
+0x2e0 UniqueProcessId : Ptr64 Void
+0x2e8 ActiveProcessLinks : _LIST_ENTRY
+0x2f8 Flags2 : Uint4B
+0x2f8 JobNotReallyActive : Pos 0, 1 Bit
+0x2f8 AccountingFolded : Pos 1, 1 Bit
+0x2f8 NewProcessReported : Pos 2, 1 Bit
+0x2f8 ExitProcessReported : Pos 3, 1 Bit
+0x2f8 ReportCommitChanges : Pos 4, 1 Bit
+0x2f8 LastReportMemory : Pos 5, 1 Bit
+0x2f8 NoWakeCharge : Pos 6, 1 Bit
+0x2f8 HandleTableRundown : Pos 7, 1 Bit
+0x2f8 NeedsHandleRundown : Pos 8, 1 Bit
+0x2f8 RefTraceEnabled : Pos 9, 1 Bit
+0x2f8 NumaAware : Pos 10, 1 Bit
+0x2f8 EmptyJobEvaluated : Pos 11, 1 Bit
+0x2f8 DefaultPagePriority : Pos 12, 3 Bits
+0x2f8 PrimaryTokenFrozen : Pos 15, 1 Bit
+0x2f8 ProcessVerifierTarget : Pos 16, 1 Bit
+0x2f8 StackRandomizationDisabled : Pos 17, 1 Bit
+0x2f8 AffinityPermanent : Pos 18, 1 Bit
+0x2f8 AffinityUpdateEnable : Pos 19, 1 Bit
+0x2f8 PropagateNode : Pos 20, 1 Bit
+0x2f8 ExplicitAffinity : Pos 21, 1 Bit
+0x2f8 ProcessExecutionState : Pos 22, 2 Bits
+0x2f8 DisallowStrippedImages : Pos 24, 1 Bit
+0x2f8 HighEntropyASLREnabled : Pos 25, 1 Bit
+0x2f8 ExtensionPointDisable : Pos 26, 1 Bit
+0x2f8 ForceRelocateImages : Pos 27, 1 Bit
+0x2f8 ProcessStateChangeRequest : Pos 28, 2 Bits
+0x2f8 ProcessStateChangeInProgress : Pos 30, 1 Bit
+0x2f8 DisallowWin32kSystemCalls : Pos 31, 1 Bit
+0x2fc Flags : Uint4B
+0x2fc CreateReported : Pos 0, 1 Bit
+0x2fc NoDebugInherit : Pos 1, 1 Bit
+0x2fc ProcessExiting : Pos 2, 1 Bit
+0x2fc ProcessDelete : Pos 3, 1 Bit
+0x2fc Wow64SplitPages : Pos 4, 1 Bit
+0x2fc VmDeleted : Pos 5, 1 Bit
+0x2fc OutswapEnabled : Pos 6, 1 Bit
+0x2fc Outswapped : Pos 7, 1 Bit
+0x2fc ForkFailed : Pos 8, 1 Bit
+0x2fc Wow64VaSpace4Gb : Pos 9, 1 Bit
+0x2fc AddressSpaceInitialized : Pos 10, 2 Bits
+0x2fc SetTimerResolution : Pos 12, 1 Bit
+0x2fc BreakOnTermination : Pos 13, 1 Bit
+0x2fc DeprioritizeViews : Pos 14, 1 Bit
+0x2fc WriteWatch : Pos 15, 1 Bit
+0x2fc ProcessInSession : Pos 16, 1 Bit
+0x2fc OverrideAddressSpace : Pos 17, 1 Bit
+0x2fc HasAddressSpace : Pos 18, 1 Bit
+0x2fc LaunchPrefetched : Pos 19, 1 Bit
+0x2fc Background : Pos 20, 1 Bit
+0x2fc VmTopDown : Pos 21, 1 Bit
+0x2fc ImageNotifyDone : Pos 22, 1 Bit
+0x2fc PdeUpdateNeeded : Pos 23, 1 Bit
+0x2fc VdmAllowed : Pos 24, 1 Bit
+0x2fc CrossSessionCreate : Pos 25, 1 Bit
+0x2fc ProcessInserted : Pos 26, 1 Bit
+0x2fc DefaultIoPriority : Pos 27, 3 Bits
+0x2fc ProcessSelfDelete : Pos 30, 1 Bit
+0x2fc SetTimerResolutionLink : Pos 31, 1 Bit
+0x300 ProcessQuotaUsage : [2] Uint8B
+0x310 ProcessQuotaPeak : [2] Uint8B
+0x320 PeakVirtualSize : Uint8B
+0x328 VirtualSize : Uint8B
+0x330 SessionProcessLinks : _LIST_ENTRY
+0x340 ExceptionPortData : Ptr64 Void
+0x340 ExceptionPortValue : Uint8B
+0x340 ExceptionPortState : Pos 0, 3 Bits
+0x348 Token : _EX_FAST_REF
+0x350 WorkingSetPage : Uint8B
+0x358 AddressCreationLock : _EX_PUSH_LOCK
+0x360 RotateInProgress : Ptr64 _ETHREAD
+0x368 ForkInProgress : Ptr64 _ETHREAD
+0x370 HardwareTrigger : Uint8B
+0x378 CommitChargeJob : Ptr64 _EJOB
+0x380 CloneRoot : Ptr64 _MM_AVL_TABLE
+0x388 NumberOfPrivatePages : Uint8B
+0x390 NumberOfLockedPages : Uint8B
+0x398 Win32Process : Ptr64 Void
+0x3a0 Job : Ptr64 _EJOB
+0x3a8 SectionObject : Ptr64 Void
+0x3b0 SectionBaseAddress : Ptr64 Void
+0x3b8 Cookie : Uint4B
+0x3c0 WorkingSetWatch : Ptr64 _PAGEFAULT_HISTORY
+0x3c8 Win32WindowStation : Ptr64 Void
+0x3d0 InheritedFromUniqueProcessId : Ptr64 Void
+0x3d8 LdtInformation : Ptr64 Void
+0x3e0 CreatorProcess : Ptr64 _EPROCESS
+0x3e0 ConsoleHostProcess : Uint8B
+0x3e8 Peb : Ptr64 _PEB
+0x3f0 Session : Ptr64 Void
+0x3f8 AweInfo : Ptr64 Void
+0x400 QuotaBlock : Ptr64 _EPROCESS_QUOTA_BLOCK
+0x408 ObjectTable : Ptr64 _HANDLE_TABLE
+0x410 DebugPort : Ptr64 Void
+0x418 Wow64Process : Ptr64 Void
+0x420 DeviceMap : Ptr64 Void
+0x428 EtwDataSource : Ptr64 Void
+0x430 PageDirectoryPte : Uint8B
+0x438 ImageFileName : [15] UChar
+0x447 PriorityClass : UChar
+0x448 SecurityPort : Ptr64 Void
+0x450 SeAuditProcessCreationInfo : _SE_AUDIT_PROCESS_CREATION_INFO
+0x458 JobLinks : _LIST_ENTRY
+0x468 HighestUserAddress : Ptr64 Void
+0x470 ThreadListHead : _LIST_ENTRY
+0x480 ActiveThreads : Uint4B
+0x484 ImagePathHash : Uint4B
+0x488 DefaultHardErrorProcessing : Uint4B
+0x48c LastThreadExitStatus : Int4B
+0x490 PrefetchTrace : _EX_FAST_REF
+0x498 LockedPagesList : Ptr64 _MM_AVL_TABLE
+0x4a0 ReadOperationCount : _LARGE_INTEGER
+0x4a8 WriteOperationCount : _LARGE_INTEGER
+0x4b0 OtherOperationCount : _LARGE_INTEGER
+0x4b8 ReadTransferCount : _LARGE_INTEGER
+0x4c0 WriteTransferCount : _LARGE_INTEGER
+0x4c8 OtherTransferCount : _LARGE_INTEGER
+0x4d0 CommitChargeLimit : Uint8B
+0x4d8 CommitCharge : Uint8B
+0x4e0 CommitChargePeak : Uint8B
+0x4e8 Vm : _MMSUPPORT
+0x578 MmProcessLinks : _LIST_ENTRY
+0x588 ModifiedPageCount : Uint4B
+0x58c ExitStatus : Int4B
+0x590 VadRoot : _MM_AVL_TABLE
+0x5c0 VadPhysicalPages : Uint8B
+0x5c8 VadPhysicalPagesLimit : Uint8B
+0x5d0 AlpcContext : _ALPC_PROCESS_CONTEXT
+0x5f0 TimerResolutionLink : _LIST_ENTRY
+0x600 TimerResolutionStackRecord : Ptr64 _PO_DIAG_STACK_RECORD
+0x608 RequestedTimerResolution : Uint4B
+0x60c SmallestTimerResolution : Uint4B
+0x610 ExitTime : _LARGE_INTEGER
+0x618 InvertedFunctionTable : Ptr64 _INVERTED_FUNCTION_TABLE
+0x620 InvertedFunctionTableLock : _EX_PUSH_LOCK
+0x628 ActiveThreadsHighWatermark : Uint4B
+0x62c LargePrivateVadCount : Uint4B
+0x630 ThreadListLock : _EX_PUSH_LOCK
+0x638 WnfContext : Ptr64 Void
+0x640 SectionMappingSize : Uint8B
+0x648 SignatureLevel : UChar
+0x649 SectionSignatureLevel : UChar
+0x64a SpareByte20 : [2] UChar
+0x64c KeepAliveCounter : Uint4B
+0x650 DiskCounters : Ptr64 _PROCESS_DISK_COUNTERS
+0x658 LastFreezeInterruptTime : Uint8B
суббота, 2 июня 2012 г.
w8 release preview _KPROCESS & _EPROCESS 64bit
to compare with
Комментариев нет:
Отправить комментарий