ntdll!_EPROCESS
+0x000 Pcb : _KPROCESS
+0x2d8 ProcessLock : _EX_PUSH_LOCK
+0x2e0 UniqueProcessId : Ptr64 Void
+0x2e8 ActiveProcessLinks : _LIST_ENTRY
+0x2f8 RundownProtect : _EX_RUNDOWN_REF
+0x300 Flags2 : Uint4B
+0x300 JobNotReallyActive : Pos 0, 1 Bit
+0x300 AccountingFolded : Pos 1, 1 Bit
+0x300 NewProcessReported : Pos 2, 1 Bit
+0x300 ExitProcessReported : Pos 3, 1 Bit
+0x300 ReportCommitChanges : Pos 4, 1 Bit
+0x300 LastReportMemory : Pos 5, 1 Bit
+0x300 ForceWakeCharge : Pos 6, 1 Bit
+0x300 CrossSessionCreate : Pos 7, 1 Bit
+0x300 NeedsHandleRundown : Pos 8, 1 Bit
+0x300 RefTraceEnabled : Pos 9, 1 Bit
+0x300 PicoCreated : Pos 10, 1 Bit
+0x300 EmptyJobEvaluated : Pos 11, 1 Bit
+0x300 DefaultPagePriority : Pos 12, 3 Bits
+0x300 PrimaryTokenFrozen : Pos 15, 1 Bit
+0x300 ProcessVerifierTarget : Pos 16, 1 Bit
+0x300 RestrictSetThreadContext : Pos 17, 1 Bit
+0x300 AffinityPermanent : Pos 18, 1 Bit
+0x300 AffinityUpdateEnable : Pos 19, 1 Bit
+0x300 PropagateNode : Pos 20, 1 Bit
+0x300 ExplicitAffinity : Pos 21, 1 Bit
+0x300 ProcessExecutionState : Pos 22, 2 Bits
+0x300 EnableReadVmLogging : Pos 24, 1 Bit
+0x300 EnableWriteVmLogging : Pos 25, 1 Bit
+0x300 FatalAccessTerminationRequested : Pos 26, 1 Bit
+0x300 DisableSystemAllowedCpuSet : Pos 27, 1 Bit
+0x300 ProcessStateChangeRequest : Pos 28, 2 Bits
+0x300 ProcessStateChangeInProgress : Pos 30, 1 Bit
+0x300 InPrivate : Pos 31, 1 Bit
+0x304 Flags : Uint4B
+0x304 CreateReported : Pos 0, 1 Bit
+0x304 NoDebugInherit : Pos 1, 1 Bit
+0x304 ProcessExiting : Pos 2, 1 Bit
+0x304 ProcessDelete : Pos 3, 1 Bit
+0x304 ManageExecutableMemoryWrites : Pos 4, 1 Bit
+0x304 VmDeleted : Pos 5, 1 Bit
+0x304 OutswapEnabled : Pos 6, 1 Bit
+0x304 Outswapped : Pos 7, 1 Bit
+0x304 FailFastOnCommitFail : Pos 8, 1 Bit
+0x304 Wow64VaSpace4Gb : Pos 9, 1 Bit
+0x304 AddressSpaceInitialized : Pos 10, 2 Bits
+0x304 SetTimerResolution : Pos 12, 1 Bit
+0x304 BreakOnTermination : Pos 13, 1 Bit
+0x304 DeprioritizeViews : Pos 14, 1 Bit
+0x304 WriteWatch : Pos 15, 1 Bit
+0x304 ProcessInSession : Pos 16, 1 Bit
+0x304 OverrideAddressSpace : Pos 17, 1 Bit
+0x304 HasAddressSpace : Pos 18, 1 Bit
+0x304 LaunchPrefetched : Pos 19, 1 Bit
+0x304 Background : Pos 20, 1 Bit
+0x304 VmTopDown : Pos 21, 1 Bit
+0x304 ImageNotifyDone : Pos 22, 1 Bit
+0x304 PdeUpdateNeeded : Pos 23, 1 Bit
+0x304 VdmAllowed : Pos 24, 1 Bit
+0x304 ProcessRundown : Pos 25, 1 Bit
+0x304 ProcessInserted : Pos 26, 1 Bit
+0x304 DefaultIoPriority : Pos 27, 3 Bits
+0x304 ProcessSelfDelete : Pos 30, 1 Bit
+0x304 SetTimerResolutionLink : Pos 31, 1 Bit
+0x308 CreateTime : _LARGE_INTEGER
+0x310 ProcessQuotaUsage : [2] Uint8B
+0x320 ProcessQuotaPeak : [2] Uint8B
+0x330 PeakVirtualSize : Uint8B
+0x338 VirtualSize : Uint8B
+0x340 SessionProcessLinks : _LIST_ENTRY
+0x350 ExceptionPortData : Ptr64 Void
+0x350 ExceptionPortValue : Uint8B
+0x350 ExceptionPortState : Pos 0, 3 Bits
+0x358 Token : _EX_FAST_REF
+0x360 MmReserved : Uint8B
+0x368 AddressCreationLock : _EX_PUSH_LOCK
+0x370 PageTableCommitmentLock : _EX_PUSH_LOCK
+0x378 RotateInProgress : Ptr64 _ETHREAD
+0x380 ForkInProgress : Ptr64 _ETHREAD
+0x388 CommitChargeJob : Ptr64 _EJOB
+0x390 CloneRoot : _RTL_AVL_TREE
+0x398 NumberOfPrivatePages : Uint8B
+0x3a0 NumberOfLockedPages : Uint8B
+0x3a8 Win32Process : Ptr64 Void
+0x3b0 Job : Ptr64 _EJOB
+0x3b8 SectionObject : Ptr64 Void
+0x3c0 SectionBaseAddress : Ptr64 Void
+0x3c8 Cookie : Uint4B
+0x3d0 WorkingSetWatch : Ptr64 _PAGEFAULT_HISTORY
+0x3d8 Win32WindowStation : Ptr64 Void
+0x3e0 InheritedFromUniqueProcessId : Ptr64 Void
+0x3e8 LdtInformation : Ptr64 Void
+0x3f0 OwnerProcessId : Uint8B
+0x3f8 Peb : Ptr64 _PEB
+0x400 Session : Ptr64 _MM_SESSION_SPACE
+0x408 AweInfo : Ptr64 Void
+0x410 QuotaBlock : Ptr64 _EPROCESS_QUOTA_BLOCK
+0x418 ObjectTable : Ptr64 _HANDLE_TABLE
+0x420 DebugPort : Ptr64 Void
+0x428 WoW64Process : Ptr64 _EWOW64PROCESS
+0x430 DeviceMap : Ptr64 Void
+0x438 EtwDataSource : Ptr64 Void
+0x440 PageDirectoryPte : Uint8B
+0x448 ImageFilePointer : Ptr64 _FILE_OBJECT
+0x450 ImageFileName : [15] UChar
+0x45f PriorityClass : UChar
+0x460 SecurityPort : Ptr64 Void
+0x468 SeAuditProcessCreationInfo : _SE_AUDIT_PROCESS_CREATION_INFO
+0x470 JobLinks : _LIST_ENTRY
+0x480 HighestUserAddress : Ptr64 Void
+0x488 ThreadListHead : _LIST_ENTRY
+0x498 ActiveThreads : Uint4B
+0x49c ImagePathHash : Uint4B
+0x4a0 DefaultHardErrorProcessing : Uint4B
+0x4a4 LastThreadExitStatus : Int4B
+0x4a8 PrefetchTrace : _EX_FAST_REF
+0x4b0 LockedPagesList : Ptr64 Void
+0x4b8 ReadOperationCount : _LARGE_INTEGER
+0x4c0 WriteOperationCount : _LARGE_INTEGER
+0x4c8 OtherOperationCount : _LARGE_INTEGER
+0x4d0 ReadTransferCount : _LARGE_INTEGER
+0x4d8 WriteTransferCount : _LARGE_INTEGER
+0x4e0 OtherTransferCount : _LARGE_INTEGER
+0x4e8 CommitChargeLimit : Uint8B
+0x4f0 CommitCharge : Uint8B
+0x4f8 CommitChargePeak : Uint8B
+0x500 Vm : _MMSUPPORT_FULL
+0x610 MmProcessLinks : _LIST_ENTRY
+0x620 ModifiedPageCount : Uint4B
+0x624 ExitStatus : Int4B
+0x628 VadRoot : _RTL_AVL_TREE
+0x630 VadHint : Ptr64 Void
+0x638 VadCount : Uint8B
+0x640 VadPhysicalPages : Uint8B
+0x648 VadPhysicalPagesLimit : Uint8B
+0x650 AlpcContext : _ALPC_PROCESS_CONTEXT
+0x670 TimerResolutionLink : _LIST_ENTRY
+0x680 TimerResolutionStackRecord : Ptr64 _PO_DIAG_STACK_RECORD
+0x688 RequestedTimerResolution : Uint4B
+0x68c SmallestTimerResolution : Uint4B
+0x690 ExitTime : _LARGE_INTEGER
+0x698 InvertedFunctionTable : Ptr64 _INVERTED_FUNCTION_TABLE
+0x6a0 InvertedFunctionTableLock : _EX_PUSH_LOCK
+0x6a8 ActiveThreadsHighWatermark : Uint4B
+0x6ac LargePrivateVadCount : Uint4B
+0x6b0 ThreadListLock : _EX_PUSH_LOCK
+0x6b8 WnfContext : Ptr64 Void
+0x6c0 ServerSilo : Ptr64 _EJOB
+0x6c8 SignatureLevel : UChar
+0x6c9 SectionSignatureLevel : UChar
+0x6ca Protection : _PS_PROTECTION
+0x6cb HangCount : Pos 0, 4 Bits
+0x6cb GhostCount : Pos 4, 4 Bits
+0x6cc Flags3 : Uint4B
+0x6cc Minimal : Pos 0, 1 Bit
+0x6cc ReplacingPageRoot : Pos 1, 1 Bit
+0x6cc Crashed : Pos 2, 1 Bit
+0x6cc JobVadsAreTracked : Pos 3, 1 Bit
+0x6cc VadTrackingDisabled : Pos 4, 1 Bit
+0x6cc AuxiliaryProcess : Pos 5, 1 Bit
+0x6cc SubsystemProcess : Pos 6, 1 Bit
+0x6cc IndirectCpuSets : Pos 7, 1 Bit
+0x6cc RelinquishedCommit : Pos 8, 1 Bit
+0x6cc HighGraphicsPriority : Pos 9, 1 Bit
+0x6cc CommitFailLogged : Pos 10, 1 Bit
+0x6cc ReserveFailLogged : Pos 11, 1 Bit
+0x6cc SystemProcess : Pos 12, 1 Bit
+0x6cc HideImageBaseAddresses : Pos 13, 1 Bit
+0x6cc AddressPolicyFrozen : Pos 14, 1 Bit
+0x6cc ProcessFirstResume : Pos 15, 1 Bit
+0x6cc ForegroundExternal : Pos 16, 1 Bit
+0x6cc ForegroundSystem : Pos 17, 1 Bit
+0x6cc HighMemoryPriority : Pos 18, 1 Bit
+0x6d0 DeviceAsid : Int4B
+0x6d8 SvmData : Ptr64 Void
+0x6e0 SvmProcessLock : _EX_PUSH_LOCK
+0x6e8 SvmLock : Uint8B
+0x6f0 SvmProcessDeviceListHead : _LIST_ENTRY
+0x700 LastFreezeInterruptTime : Uint8B
+0x708 DiskCounters : Ptr64 _PROCESS_DISK_COUNTERS
+0x710 PicoContext : Ptr64 Void
+0x718 TrustletIdentity : Uint8B
+0x720 EnclaveTable : Ptr64 Void
+0x728 EnclaveNumber : Uint8B
+0x730 EnclaveLock : _EX_PUSH_LOCK
+0x738 HighPriorityFaultsAllowed : Uint4B
+0x740 EnergyContext : Ptr64 _PO_PROCESS_ENERGY_CONTEXT
+0x748 VmContext : Ptr64 Void
+0x750 SequenceNumber : Uint8B
+0x758 CreateInterruptTime : Uint8B
+0x760 CreateUnbiasedInterruptTime : Uint8B
+0x768 TotalUnbiasedFrozenTime : Uint8B
+0x770 LastAppStateUpdateTime : Uint8B
+0x778 LastAppStateUptime : Pos 0, 61 Bits
+0x778 LastAppState : Pos 61, 3 Bits
+0x780 SharedCommitCharge : Uint8B
+0x788 SharedCommitLock : _EX_PUSH_LOCK
+0x790 SharedCommitLinks : _LIST_ENTRY
+0x7a0 AllowedCpuSets : Uint8B
+0x7a8 DefaultCpuSets : Uint8B
+0x7a0 AllowedCpuSetsIndirect : Ptr64 Uint8B
+0x7a8 DefaultCpuSetsIndirect : Ptr64 Uint8B
+0x7b0 DiskIoAttribution : Ptr64 Void
+0x7b8 DxgProcess : Ptr64 Void
+0x7c0 Win32KFilterSet : Uint4B
+0x7c8 ProcessTimerDelay : _PS_INTERLOCKED_TIMER_DELAY_VALUES
+0x7d0 KTimerSets : Uint4B
+0x7d4 KTimer2Sets : Uint4B
+0x7d8 ThreadTimerSets : Uint4B
+0x7e0 VirtualTimerListLock : Uint8B
+0x7e8 VirtualTimerListHead : _LIST_ENTRY
+0x7f8 WakeChannel : _WNF_STATE_NAME
+0x7f8 WakeInfo : _PS_PROCESS_WAKE_INFORMATION
+0x828 MitigationFlags : Uint4B
+0x828 MitigationFlagsValues : <unnamed-tag>
+0x82c MitigationFlags2 : Uint4B
+0x82c MitigationFlags2Values : <unnamed-tag>
+0x830 PartitionObject : Ptr64 Void
+0x838 SecurityDomain : Uint8B
+0x840 CoverageSamplerContext : Ptr64 Void
+0x000 Pcb : _KPROCESS
+0x2d8 ProcessLock : _EX_PUSH_LOCK
+0x2e0 UniqueProcessId : Ptr64 Void
+0x2e8 ActiveProcessLinks : _LIST_ENTRY
+0x2f8 RundownProtect : _EX_RUNDOWN_REF
+0x300 Flags2 : Uint4B
+0x300 JobNotReallyActive : Pos 0, 1 Bit
+0x300 AccountingFolded : Pos 1, 1 Bit
+0x300 NewProcessReported : Pos 2, 1 Bit
+0x300 ExitProcessReported : Pos 3, 1 Bit
+0x300 ReportCommitChanges : Pos 4, 1 Bit
+0x300 LastReportMemory : Pos 5, 1 Bit
+0x300 ForceWakeCharge : Pos 6, 1 Bit
+0x300 CrossSessionCreate : Pos 7, 1 Bit
+0x300 NeedsHandleRundown : Pos 8, 1 Bit
+0x300 RefTraceEnabled : Pos 9, 1 Bit
+0x300 PicoCreated : Pos 10, 1 Bit
+0x300 EmptyJobEvaluated : Pos 11, 1 Bit
+0x300 DefaultPagePriority : Pos 12, 3 Bits
+0x300 PrimaryTokenFrozen : Pos 15, 1 Bit
+0x300 ProcessVerifierTarget : Pos 16, 1 Bit
+0x300 RestrictSetThreadContext : Pos 17, 1 Bit
+0x300 AffinityPermanent : Pos 18, 1 Bit
+0x300 AffinityUpdateEnable : Pos 19, 1 Bit
+0x300 PropagateNode : Pos 20, 1 Bit
+0x300 ExplicitAffinity : Pos 21, 1 Bit
+0x300 ProcessExecutionState : Pos 22, 2 Bits
+0x300 EnableReadVmLogging : Pos 24, 1 Bit
+0x300 EnableWriteVmLogging : Pos 25, 1 Bit
+0x300 FatalAccessTerminationRequested : Pos 26, 1 Bit
+0x300 DisableSystemAllowedCpuSet : Pos 27, 1 Bit
+0x300 ProcessStateChangeRequest : Pos 28, 2 Bits
+0x300 ProcessStateChangeInProgress : Pos 30, 1 Bit
+0x300 InPrivate : Pos 31, 1 Bit
+0x304 Flags : Uint4B
+0x304 CreateReported : Pos 0, 1 Bit
+0x304 NoDebugInherit : Pos 1, 1 Bit
+0x304 ProcessExiting : Pos 2, 1 Bit
+0x304 ProcessDelete : Pos 3, 1 Bit
+0x304 ManageExecutableMemoryWrites : Pos 4, 1 Bit
+0x304 VmDeleted : Pos 5, 1 Bit
+0x304 OutswapEnabled : Pos 6, 1 Bit
+0x304 Outswapped : Pos 7, 1 Bit
+0x304 FailFastOnCommitFail : Pos 8, 1 Bit
+0x304 Wow64VaSpace4Gb : Pos 9, 1 Bit
+0x304 AddressSpaceInitialized : Pos 10, 2 Bits
+0x304 SetTimerResolution : Pos 12, 1 Bit
+0x304 BreakOnTermination : Pos 13, 1 Bit
+0x304 DeprioritizeViews : Pos 14, 1 Bit
+0x304 WriteWatch : Pos 15, 1 Bit
+0x304 ProcessInSession : Pos 16, 1 Bit
+0x304 OverrideAddressSpace : Pos 17, 1 Bit
+0x304 HasAddressSpace : Pos 18, 1 Bit
+0x304 LaunchPrefetched : Pos 19, 1 Bit
+0x304 Background : Pos 20, 1 Bit
+0x304 VmTopDown : Pos 21, 1 Bit
+0x304 ImageNotifyDone : Pos 22, 1 Bit
+0x304 PdeUpdateNeeded : Pos 23, 1 Bit
+0x304 VdmAllowed : Pos 24, 1 Bit
+0x304 ProcessRundown : Pos 25, 1 Bit
+0x304 ProcessInserted : Pos 26, 1 Bit
+0x304 DefaultIoPriority : Pos 27, 3 Bits
+0x304 ProcessSelfDelete : Pos 30, 1 Bit
+0x304 SetTimerResolutionLink : Pos 31, 1 Bit
+0x308 CreateTime : _LARGE_INTEGER
+0x310 ProcessQuotaUsage : [2] Uint8B
+0x320 ProcessQuotaPeak : [2] Uint8B
+0x330 PeakVirtualSize : Uint8B
+0x338 VirtualSize : Uint8B
+0x340 SessionProcessLinks : _LIST_ENTRY
+0x350 ExceptionPortData : Ptr64 Void
+0x350 ExceptionPortValue : Uint8B
+0x350 ExceptionPortState : Pos 0, 3 Bits
+0x358 Token : _EX_FAST_REF
+0x360 MmReserved : Uint8B
+0x368 AddressCreationLock : _EX_PUSH_LOCK
+0x370 PageTableCommitmentLock : _EX_PUSH_LOCK
+0x378 RotateInProgress : Ptr64 _ETHREAD
+0x380 ForkInProgress : Ptr64 _ETHREAD
+0x388 CommitChargeJob : Ptr64 _EJOB
+0x390 CloneRoot : _RTL_AVL_TREE
+0x398 NumberOfPrivatePages : Uint8B
+0x3a0 NumberOfLockedPages : Uint8B
+0x3a8 Win32Process : Ptr64 Void
+0x3b0 Job : Ptr64 _EJOB
+0x3b8 SectionObject : Ptr64 Void
+0x3c0 SectionBaseAddress : Ptr64 Void
+0x3c8 Cookie : Uint4B
+0x3d0 WorkingSetWatch : Ptr64 _PAGEFAULT_HISTORY
+0x3d8 Win32WindowStation : Ptr64 Void
+0x3e0 InheritedFromUniqueProcessId : Ptr64 Void
+0x3e8 LdtInformation : Ptr64 Void
+0x3f0 OwnerProcessId : Uint8B
+0x3f8 Peb : Ptr64 _PEB
+0x400 Session : Ptr64 _MM_SESSION_SPACE
+0x408 AweInfo : Ptr64 Void
+0x410 QuotaBlock : Ptr64 _EPROCESS_QUOTA_BLOCK
+0x418 ObjectTable : Ptr64 _HANDLE_TABLE
+0x420 DebugPort : Ptr64 Void
+0x428 WoW64Process : Ptr64 _EWOW64PROCESS
+0x430 DeviceMap : Ptr64 Void
+0x438 EtwDataSource : Ptr64 Void
+0x440 PageDirectoryPte : Uint8B
+0x448 ImageFilePointer : Ptr64 _FILE_OBJECT
+0x450 ImageFileName : [15] UChar
+0x45f PriorityClass : UChar
+0x460 SecurityPort : Ptr64 Void
+0x468 SeAuditProcessCreationInfo : _SE_AUDIT_PROCESS_CREATION_INFO
+0x470 JobLinks : _LIST_ENTRY
+0x480 HighestUserAddress : Ptr64 Void
+0x488 ThreadListHead : _LIST_ENTRY
+0x498 ActiveThreads : Uint4B
+0x49c ImagePathHash : Uint4B
+0x4a0 DefaultHardErrorProcessing : Uint4B
+0x4a4 LastThreadExitStatus : Int4B
+0x4a8 PrefetchTrace : _EX_FAST_REF
+0x4b0 LockedPagesList : Ptr64 Void
+0x4b8 ReadOperationCount : _LARGE_INTEGER
+0x4c0 WriteOperationCount : _LARGE_INTEGER
+0x4c8 OtherOperationCount : _LARGE_INTEGER
+0x4d0 ReadTransferCount : _LARGE_INTEGER
+0x4d8 WriteTransferCount : _LARGE_INTEGER
+0x4e0 OtherTransferCount : _LARGE_INTEGER
+0x4e8 CommitChargeLimit : Uint8B
+0x4f0 CommitCharge : Uint8B
+0x4f8 CommitChargePeak : Uint8B
+0x500 Vm : _MMSUPPORT_FULL
+0x610 MmProcessLinks : _LIST_ENTRY
+0x620 ModifiedPageCount : Uint4B
+0x624 ExitStatus : Int4B
+0x628 VadRoot : _RTL_AVL_TREE
+0x630 VadHint : Ptr64 Void
+0x638 VadCount : Uint8B
+0x640 VadPhysicalPages : Uint8B
+0x648 VadPhysicalPagesLimit : Uint8B
+0x650 AlpcContext : _ALPC_PROCESS_CONTEXT
+0x670 TimerResolutionLink : _LIST_ENTRY
+0x680 TimerResolutionStackRecord : Ptr64 _PO_DIAG_STACK_RECORD
+0x688 RequestedTimerResolution : Uint4B
+0x68c SmallestTimerResolution : Uint4B
+0x690 ExitTime : _LARGE_INTEGER
+0x698 InvertedFunctionTable : Ptr64 _INVERTED_FUNCTION_TABLE
+0x6a0 InvertedFunctionTableLock : _EX_PUSH_LOCK
+0x6a8 ActiveThreadsHighWatermark : Uint4B
+0x6ac LargePrivateVadCount : Uint4B
+0x6b0 ThreadListLock : _EX_PUSH_LOCK
+0x6b8 WnfContext : Ptr64 Void
+0x6c0 ServerSilo : Ptr64 _EJOB
+0x6c8 SignatureLevel : UChar
+0x6c9 SectionSignatureLevel : UChar
+0x6ca Protection : _PS_PROTECTION
+0x6cb HangCount : Pos 0, 4 Bits
+0x6cb GhostCount : Pos 4, 4 Bits
+0x6cc Flags3 : Uint4B
+0x6cc Minimal : Pos 0, 1 Bit
+0x6cc ReplacingPageRoot : Pos 1, 1 Bit
+0x6cc Crashed : Pos 2, 1 Bit
+0x6cc JobVadsAreTracked : Pos 3, 1 Bit
+0x6cc VadTrackingDisabled : Pos 4, 1 Bit
+0x6cc AuxiliaryProcess : Pos 5, 1 Bit
+0x6cc SubsystemProcess : Pos 6, 1 Bit
+0x6cc IndirectCpuSets : Pos 7, 1 Bit
+0x6cc RelinquishedCommit : Pos 8, 1 Bit
+0x6cc HighGraphicsPriority : Pos 9, 1 Bit
+0x6cc CommitFailLogged : Pos 10, 1 Bit
+0x6cc ReserveFailLogged : Pos 11, 1 Bit
+0x6cc SystemProcess : Pos 12, 1 Bit
+0x6cc HideImageBaseAddresses : Pos 13, 1 Bit
+0x6cc AddressPolicyFrozen : Pos 14, 1 Bit
+0x6cc ProcessFirstResume : Pos 15, 1 Bit
+0x6cc ForegroundExternal : Pos 16, 1 Bit
+0x6cc ForegroundSystem : Pos 17, 1 Bit
+0x6cc HighMemoryPriority : Pos 18, 1 Bit
+0x6d0 DeviceAsid : Int4B
+0x6d8 SvmData : Ptr64 Void
+0x6e0 SvmProcessLock : _EX_PUSH_LOCK
+0x6e8 SvmLock : Uint8B
+0x6f0 SvmProcessDeviceListHead : _LIST_ENTRY
+0x700 LastFreezeInterruptTime : Uint8B
+0x708 DiskCounters : Ptr64 _PROCESS_DISK_COUNTERS
+0x710 PicoContext : Ptr64 Void
+0x718 TrustletIdentity : Uint8B
+0x720 EnclaveTable : Ptr64 Void
+0x728 EnclaveNumber : Uint8B
+0x730 EnclaveLock : _EX_PUSH_LOCK
+0x738 HighPriorityFaultsAllowed : Uint4B
+0x740 EnergyContext : Ptr64 _PO_PROCESS_ENERGY_CONTEXT
+0x748 VmContext : Ptr64 Void
+0x750 SequenceNumber : Uint8B
+0x758 CreateInterruptTime : Uint8B
+0x760 CreateUnbiasedInterruptTime : Uint8B
+0x768 TotalUnbiasedFrozenTime : Uint8B
+0x770 LastAppStateUpdateTime : Uint8B
+0x778 LastAppStateUptime : Pos 0, 61 Bits
+0x778 LastAppState : Pos 61, 3 Bits
+0x780 SharedCommitCharge : Uint8B
+0x788 SharedCommitLock : _EX_PUSH_LOCK
+0x790 SharedCommitLinks : _LIST_ENTRY
+0x7a0 AllowedCpuSets : Uint8B
+0x7a8 DefaultCpuSets : Uint8B
+0x7a0 AllowedCpuSetsIndirect : Ptr64 Uint8B
+0x7a8 DefaultCpuSetsIndirect : Ptr64 Uint8B
+0x7b0 DiskIoAttribution : Ptr64 Void
+0x7b8 DxgProcess : Ptr64 Void
+0x7c0 Win32KFilterSet : Uint4B
+0x7c8 ProcessTimerDelay : _PS_INTERLOCKED_TIMER_DELAY_VALUES
+0x7d0 KTimerSets : Uint4B
+0x7d4 KTimer2Sets : Uint4B
+0x7d8 ThreadTimerSets : Uint4B
+0x7e0 VirtualTimerListLock : Uint8B
+0x7e8 VirtualTimerListHead : _LIST_ENTRY
+0x7f8 WakeChannel : _WNF_STATE_NAME
+0x7f8 WakeInfo : _PS_PROCESS_WAKE_INFORMATION
+0x828 MitigationFlags : Uint4B
+0x828 MitigationFlagsValues : <unnamed-tag>
+0x82c MitigationFlags2 : Uint4B
+0x82c MitigationFlags2Values : <unnamed-tag>
+0x830 PartitionObject : Ptr64 Void
+0x838 SecurityDomain : Uint8B
+0x840 CoverageSamplerContext : Ptr64 Void
Comments
Post a Comment