2 #include <psdk/ntverp.h>
4 /* DDK/IFS/NDK Headers */
27 #define TYPE_CONSTANT 2
30 #define RAW(x) {TYPE_RAW, x, 0}
31 #define CONSTANT(name) {TYPE_CONSTANT, #name, name}
32 #define OFFSET(name, struct, member) {TYPE_CONSTANT, #name, FIELD_OFFSET(struct, member)}
33 #define RELOFFSET(name, struct, member, to) {TYPE_CONSTANT, #name, FIELD_OFFSET(struct, member) - FIELD_OFFSET(struct, to)}
34 #define SIZE(name, struct) {TYPE_CONSTANT, #name, sizeof(struct)}
35 #define HEADER(x) {TYPE_HEADER, x, 0}
38 #pragma section(".asmdef")
39 __declspec(allocate(".asmdef"))
40 #elif defined(__GNUC__)
41 __attribute__ ((section(".asmdef")))
43 #error Your compiler is not supported.
48 /* PORTABLE CONSTANTS ********************************************************/
50 HEADER("Pointer size"),
51 SIZE(SizeofPointer
, PVOID
),
53 HEADER("Breakpoints"),
54 CONSTANT(BREAKPOINT_BREAK
),
55 CONSTANT(BREAKPOINT_PRINT
),
56 CONSTANT(BREAKPOINT_PROMPT
),
57 CONSTANT(BREAKPOINT_LOAD_SYMBOLS
),
58 CONSTANT(BREAKPOINT_UNLOAD_SYMBOLS
),
59 CONSTANT(BREAKPOINT_COMMAND_STRING
),
61 HEADER("Context Frame Flags"),
62 CONSTANT(CONTEXT_FULL
),
63 CONSTANT(CONTEXT_CONTROL
),
64 CONSTANT(CONTEXT_INTEGER
),
65 CONSTANT(CONTEXT_SEGMENTS
),
66 CONSTANT(CONTEXT_FLOATING_POINT
),
67 CONSTANT(CONTEXT_DEBUG_REGISTERS
),
69 HEADER("Exception flags"),
70 CONSTANT(EXCEPTION_NONCONTINUABLE
),
71 CONSTANT(EXCEPTION_UNWINDING
),
72 CONSTANT(EXCEPTION_EXIT_UNWIND
),
73 CONSTANT(EXCEPTION_STACK_INVALID
),
74 CONSTANT(EXCEPTION_NESTED_CALL
),
75 CONSTANT(EXCEPTION_TARGET_UNWIND
),
76 CONSTANT(EXCEPTION_COLLIDED_UNWIND
),
77 CONSTANT(EXCEPTION_UNWIND
),
78 CONSTANT(EXCEPTION_EXECUTE_HANDLER
),
79 CONSTANT(EXCEPTION_CONTINUE_SEARCH
),
80 CONSTANT(EXCEPTION_CONTINUE_EXECUTION
),
82 //CONSTANT(EXCEPTION_CHAIN_END),
83 //CONSTANT(FIXED_NTVDMSTATE_LINEAR),
86 HEADER("Exception types"),
87 CONSTANT(ExceptionContinueExecution
),
88 CONSTANT(ExceptionContinueSearch
),
89 CONSTANT(ExceptionNestedException
),
90 CONSTANT(ExceptionCollidedUnwind
),
93 CONSTANT(LOCK_QUEUE_WAIT
),
94 CONSTANT(LOCK_QUEUE_OWNER
),
95 CONSTANT(LockQueueDispatcherLock
),
97 HEADER("Performance Definitions"),
98 // CONSTANT(PERF_CONTEXTSWAP_OFFSET),
99 // CONSTANT(PERF_CONTEXTSWAP_FLAG),
100 // CONSTANT(PERF_INTERRUPT_OFFSET),
101 // CONSTANT(PERF_INTERRUPT_FLAG),
102 // CONSTANT(PERF_PROFILE_OFFSET),
103 // CONSTANT(PERF_PROFILE_FLAG),
104 // CONSTANT(PERF_SYSCALL_OFFSET),
105 // CONSTANT(PERF_SYSCALL_FLAG),
106 // CONSTANT(PERF_SPINLOCK_OFFSET),
107 // CONSTANT(PERF_SPINLOCK_FLAG),
108 // CONSTANT(NTOS_YIELD_MACRO),
110 HEADER("Process states"),
111 CONSTANT(ProcessInMemory
),
112 CONSTANT(ProcessOutOfMemory
),
113 CONSTANT(ProcessInTransition
),
115 HEADER("Processor mode"),
116 CONSTANT(KernelMode
),
119 HEADER("Status codes"),
120 CONSTANT(STATUS_ACCESS_VIOLATION
),
121 CONSTANT(STATUS_ASSERTION_FAILURE
),
122 CONSTANT(STATUS_ARRAY_BOUNDS_EXCEEDED
),
123 CONSTANT(STATUS_BAD_COMPRESSION_BUFFER
),
124 CONSTANT(STATUS_BREAKPOINT
),
125 CONSTANT(STATUS_CALLBACK_POP_STACK
),
126 CONSTANT(STATUS_DATATYPE_MISALIGNMENT
),
127 CONSTANT(STATUS_FLOAT_DENORMAL_OPERAND
),
128 CONSTANT(STATUS_FLOAT_DIVIDE_BY_ZERO
),
129 CONSTANT(STATUS_FLOAT_INEXACT_RESULT
),
130 CONSTANT(STATUS_FLOAT_INVALID_OPERATION
),
131 CONSTANT(STATUS_FLOAT_OVERFLOW
),
132 CONSTANT(STATUS_FLOAT_STACK_CHECK
),
133 CONSTANT(STATUS_FLOAT_UNDERFLOW
),
134 CONSTANT(STATUS_FLOAT_MULTIPLE_FAULTS
),
135 CONSTANT(STATUS_FLOAT_MULTIPLE_TRAPS
),
136 CONSTANT(STATUS_GUARD_PAGE_VIOLATION
),
137 CONSTANT(STATUS_ILLEGAL_FLOAT_CONTEXT
),
138 CONSTANT(STATUS_ILLEGAL_INSTRUCTION
),
139 CONSTANT(STATUS_INSTRUCTION_MISALIGNMENT
),
140 CONSTANT(STATUS_INVALID_HANDLE
),
141 CONSTANT(STATUS_INVALID_LOCK_SEQUENCE
),
142 CONSTANT(STATUS_INVALID_OWNER
),
143 CONSTANT(STATUS_INVALID_PARAMETER
),
144 CONSTANT(STATUS_INVALID_PARAMETER_1
),
145 CONSTANT(STATUS_INVALID_SYSTEM_SERVICE
),
146 // CONSTANT(STATUS_INVALID_THREAD),
147 CONSTANT(STATUS_INTEGER_DIVIDE_BY_ZERO
),
148 CONSTANT(STATUS_INTEGER_OVERFLOW
),
149 CONSTANT(STATUS_IN_PAGE_ERROR
),
150 CONSTANT(STATUS_KERNEL_APC
),
151 CONSTANT(STATUS_LONGJUMP
),
152 CONSTANT(STATUS_NO_CALLBACK_ACTIVE
),
153 CONSTANT(STATUS_NO_EVENT_PAIR
),
154 CONSTANT(STATUS_PRIVILEGED_INSTRUCTION
),
155 CONSTANT(STATUS_SINGLE_STEP
),
156 CONSTANT(STATUS_STACK_BUFFER_OVERRUN
),
157 CONSTANT(STATUS_STACK_OVERFLOW
),
158 CONSTANT(STATUS_SUCCESS
),
159 CONSTANT(STATUS_THREAD_IS_TERMINATING
),
160 CONSTANT(STATUS_TIMEOUT
),
161 CONSTANT(STATUS_UNWIND
),
162 CONSTANT(STATUS_UNWIND_CONSOLIDATE
),
163 CONSTANT(STATUS_USER_APC
),
164 CONSTANT(STATUS_WAKE_SYSTEM_DEBUGGER
),
166 HEADER("TLS defines"),
167 CONSTANT(TLS_MINIMUM_AVAILABLE
),
168 CONSTANT(TLS_EXPANSION_SLOTS
),
170 HEADER("Thread states"),
171 CONSTANT(Initialized
),
175 CONSTANT(Terminated
),
178 HEADER("Wait type / reason"),
179 CONSTANT(WrExecutive
),
181 CONSTANT(WrDispatchInt
),
182 CONSTANT(WrQuantumEnd
),
183 CONSTANT(WrEventPair
),
187 HEADER("Interrupt object types"),
188 // CONSTANT(InLevelSensitive),
189 // CONSTANT(InLatched),
191 HEADER("Bug Check Codes"),
192 CONSTANT(APC_INDEX_MISMATCH
),
193 CONSTANT(INVALID_AFFINITY_SET
),
194 CONSTANT(INVALID_DATA_ACCESS_TRAP
),
195 CONSTANT(IRQL_NOT_GREATER_OR_EQUAL
),
196 CONSTANT(IRQL_NOT_LESS_OR_EQUAL
),
197 CONSTANT(NO_USER_MODE_CONTEXT
),
198 CONSTANT(SPIN_LOCK_ALREADY_OWNED
),
199 CONSTANT(SPIN_LOCK_NOT_OWNED
),
200 CONSTANT(THREAD_NOT_MUTEX_OWNER
),
201 CONSTANT(TRAP_CAUSE_UNKNOWN
),
202 CONSTANT(KMODE_EXCEPTION_NOT_HANDLED
),
203 CONSTANT(KERNEL_APC_PENDING_DURING_EXIT
),
204 CONSTANT(PANIC_STACK_SWITCH
),
205 CONSTANT(DATA_BUS_ERROR
),
206 CONSTANT(INSTRUCTION_BUS_ERROR
),
207 CONSTANT(SYSTEM_EXIT_OWNED_MUTEX
),
208 // CONSTANT(SYSTEM_UNWIND_PREVIOUS_USER),
209 // CONSTANT(SYSTEM_SERVICE_EXCEPTION),
210 // CONSTANT(INTERRUPT_UNWIND_ATTEMPTED),
211 // CONSTANT(INTERRUPT_EXCEPTION_NOT_HANDLED),
212 CONSTANT(PAGE_FAULT_WITH_INTERRUPTS_OFF
),
213 CONSTANT(IRQL_GT_ZERO_AT_SYSTEM_SERVICE
),
214 CONSTANT(DATA_COHERENCY_EXCEPTION
),
215 CONSTANT(INSTRUCTION_COHERENCY_EXCEPTION
),
216 CONSTANT(HAL1_INITIALIZATION_FAILED
),
217 CONSTANT(UNEXPECTED_KERNEL_MODE_TRAP
),
218 CONSTANT(NMI_HARDWARE_FAILURE
),
219 CONSTANT(SPIN_LOCK_INIT_FAILURE
),
220 CONSTANT(ATTEMPTED_SWITCH_FROM_DPC
),
221 // CONSTANT(MUTEX_ALREADY_OWNED),
222 // CONSTANT(HARDWARE_INTERRUPT_STORM),
223 // CONSTANT(RECURSIVE_MACHINE_CHECK),
224 // CONSTANT(RECURSIVE_NMI),
227 CONSTANT(PASSIVE_LEVEL
),
229 CONSTANT(DISPATCH_LEVEL
),
231 CONSTANT(CLOCK_LEVEL
),
233 CONSTANT(CLOCK1_LEVEL
),
234 CONSTANT(CLOCK2_LEVEL
),
237 CONSTANT(POWER_LEVEL
),
238 CONSTANT(PROFILE_LEVEL
),
239 CONSTANT(HIGH_LEVEL
),
241 {1, "SYNCH_LEVEL", DISPATCH_LEVEL
},
243 {1, "SYNCH_LEVEL", (IPI_LEVEL
- 2)},
246 HEADER("Stack sizes"),
247 CONSTANT(KERNEL_STACK_SIZE
),
248 CONSTANT(KERNEL_LARGE_STACK_SIZE
),
249 CONSTANT(KERNEL_LARGE_STACK_COMMIT
),
250 // CONSTANT(DOUBLE_FAULT_STACK_SIZE),
252 CONSTANT(KERNEL_MCA_EXCEPTION_STACK_SIZE
),
253 CONSTANT(NMI_STACK_SIZE
),
256 HEADER("Thread flags"),
257 // CONSTANT(THREAD_FLAGS_CYCLE_PROFILING),
258 // CONSTANT(THREAD_FLAGS_CYCLE_PROFILING_LOCK_BIT),
259 // CONSTANT(THREAD_FLAGS_CYCLE_PROFILING_LOCK),
260 // CONSTANT(THREAD_FLAGS_COUNTER_PROFILING),
261 // CONSTANT(THREAD_FLAGS_COUNTER_PROFILING_LOCK_BIT),
262 // CONSTANT(THREAD_FLAGS_COUNTER_PROFILING_LOCK),
263 // CONSTANT(THREAD_FLAGS_CPU_THROTTLED),
264 // CONSTANT(THREAD_FLAGS_CPU_THROTTLED_BIT),
265 // CONSTANT(THREAD_FLAGS_ACCOUNTING_ANY),
267 HEADER("Miscellaneous Definitions"),
268 // CONSTANT(BASE_PRIORITY_THRESHOLD),
269 // CONSTANT(EVENT_PAIR_INCREMENT),
270 CONSTANT(LOW_REALTIME_PRIORITY
),
271 CONSTANT(CLOCK_QUANTUM_DECREMENT
),
272 // CONSTANT(READY_SKIP_QUANTUM),
273 // CONSTANT(THREAD_QUANTUM),
274 CONSTANT(WAIT_QUANTUM_DECREMENT
),
275 // CONSTANT(ROUND_TRIP_DECREMENT_COUNT),
276 CONSTANT(MAXIMUM_PROCESSORS
),
277 CONSTANT(INITIAL_STALL_COUNT
),
278 // CONSTANT(EXCEPTION_EXECUTE_FAULT),
279 // CONSTANT(KCACHE_ERRATA_MONITOR_FLAGS),
280 // CONSTANT(KI_EXCEPTION_GP_FAULT),
281 // CONSTANT(KI_EXCEPTION_INVALID_OP),
282 // CONSTANT(KI_EXCEPTION_INTEGER_DIVIDE_BY_ZERO),
283 CONSTANT(KI_EXCEPTION_ACCESS_VIOLATION
),
284 // CONSTANT(TARGET_FREEZE),
285 // CONSTANT(BlackHole),
289 CONSTANT(DBG_STATUS_CONTROL_C
),
290 CONSTANT(USER_SHARED_DATA
),
291 // CONSTANT(MM_SHARED_USER_DATA_VA),
293 // CONSTANT(KERNEL_STACK_CONTROL_LARGE_STACK),
294 // CONSTANT(KI_DPC_ALL_FLAGS),
295 // CONSTANT(DISPATCH_LENGTH),
296 CONSTANT(MAXIMUM_IDTVECTOR
),
297 // CONSTANT(MAXIMUM_PRIMARY_VECTOR),
298 CONSTANT(PRIMARY_VECTOR_BASE
),
301 // CONSTANT(KTHREAD_AUTO_ALIGNMENT_BIT),
302 // CONSTANT(KTHREAD_GUI_THREAD_MASK),
303 // CONSTANT(KI_SLIST_FAULT_COUNT_MAXIMUM),
304 CONSTANT(NUMBER_SERVICE_TABLES
),
305 CONSTANT(SERVICE_NUMBER_MASK
),
306 CONSTANT(SERVICE_TABLE_SHIFT
),
307 CONSTANT(SERVICE_TABLE_MASK
),
308 CONSTANT(SERVICE_TABLE_TEST
),
310 /* ARCHITECTURE SPECIFIC CONTSTANTS ******************************************/
312 #if defined(_M_AMD64) || defined(_M_IX86)
337 CONSTANT(CR4_XMMEXCPT
),
339 // CONSTANT(CR4_PGE_V),
340 // CONSTANT(CR4_XSAVE),
341 #elif defined(_M_AMD64)
342 CONSTANT(CR4_CHANNELS
),
345 HEADER("KeFeatureBits flags"),
348 CONSTANT(KF_GLOBAL_PAGE
),
349 CONSTANT(KF_LARGE_PAGE
),
350 CONSTANT(KF_CMPXCHG8B
),
351 CONSTANT(KF_FAST_SYSCALL
),
353 CONSTANT(KF_V86_VIS
),
354 // CONSTANT(KF_XSTATE),
357 HEADER("Machine type definitions"),
358 CONSTANT(MACHINE_TYPE_ISA
),
359 CONSTANT(MACHINE_TYPE_EISA
),
360 CONSTANT(MACHINE_TYPE_MCA
),
368 CONSTANT(EFLAGS_INTERRUPT_MASK
),
369 CONSTANT(EFLAGS_V86_MASK
),
370 CONSTANT(EFLAGS_ALIGN_CHECK
),
371 CONSTANT(EFLAGS_VIF
),
372 CONSTANT(EFLAGS_VIP
),
373 CONSTANT(EFLAGS_USER_SANITIZE
),
375 HEADER("KDGT selectors"),
376 CONSTANT(KGDT_R3_DATA
),
377 CONSTANT(KGDT_R3_CODE
),
378 CONSTANT(KGDT_R0_CODE
),
379 CONSTANT(KGDT_R0_DATA
),
380 CONSTANT(KGDT_R0_PCR
),
381 // CONSTANT(KGDT_STACK16),
382 // CONSTANT(KGDT_CODE16),
384 CONSTANT(KGDT_R3_TEB
),
385 CONSTANT(KGDT_DF_TSS
),
386 CONSTANT(KGDT_NMI_TSS
),
389 CONSTANT(NPX_STATE_NOT_LOADED
),
390 CONSTANT(NPX_STATE_LOADED
),
391 // CONSTANT(NPX_MASK_LAZY),
394 HEADER("VDM constants"),
395 CONSTANT(VDM_INDEX_Invalid),
396 CONSTANT(VDM_INDEX_0F),
397 CONSTANT(VDM_INDEX_ESPrefix),
398 CONSTANT(VDM_INDEX_CSPrefix),
399 CONSTANT(VDM_INDEX_SSPrefix),
400 CONSTANT(VDM_INDEX_DSPrefix),
401 CONSTANT(VDM_INDEX_FSPrefix),
402 CONSTANT(VDM_INDEX_GSPrefix),
403 CONSTANT(VDM_INDEX_OPER32Prefix),
404 CONSTANT(VDM_INDEX_ADDR32Prefix),
405 CONSTANT(VDM_INDEX_INSB),
406 CONSTANT(VDM_INDEX_INSW),
407 CONSTANT(VDM_INDEX_OUTSB),
408 CONSTANT(VDM_INDEX_OUTSW),
409 CONSTANT(VDM_INDEX_PUSHF),
410 CONSTANT(VDM_INDEX_POPF),
411 CONSTANT(VDM_INDEX_INTnn),
412 CONSTANT(VDM_INDEX_INTO),
413 CONSTANT(VDM_INDEX_IRET),
414 CONSTANT(VDM_INDEX_NPX),
415 CONSTANT(VDM_INDEX_INBimm),
416 CONSTANT(VDM_INDEX_INWimm),
417 CONSTANT(VDM_INDEX_OUTBimm),
418 CONSTANT(VDM_INDEX_OUTWimm),
419 CONSTANT(VDM_INDEX_INB),
420 CONSTANT(VDM_INDEX_INW),
421 CONSTANT(VDM_INDEX_OUTB),
422 CONSTANT(VDM_INDEX_OUTW),
423 CONSTANT(VDM_INDEX_LOCKPrefix),
424 CONSTANT(VDM_INDEX_REPNEPrefix),
425 CONSTANT(VDM_INDEX_REPPrefix),
426 CONSTANT(VDM_INDEX_CLI),
427 CONSTANT(VDM_INDEX_STI),
428 CONSTANT(VDM_INDEX_HLT),
429 CONSTANT(MAX_VDM_INDEX),
431 CONSTANT(PF_XMMI_INSTRUCTIONS_AVAILABLE
),
432 CONSTANT(EFLAG_SELECT
),
433 // CONSTANT(IPI_FREEZE),
434 // CONSTANT(XSAVE_PRESENT),
436 #elif defined(_M_AMD64)
439 CONSTANT(EFLAGS_TF_MASK
),
440 CONSTANT(EFLAGS_TF_SHIFT
),
441 CONSTANT(EFLAGS_IF_MASK
),
442 CONSTANT(EFLAGS_IF_SHIFT
),
443 CONSTANT(EFLAGS_ID_MASK
),
445 HEADER("Hypervisor Enlightenment Definitions"),
446 CONSTANT(HV_MMU_USE_HYPERCALL_FOR_ADDRESS_SWITCH
),
447 CONSTANT(HV_MMU_USE_HYPERCALL_FOR_LOCAL_FLUSH
),
448 CONSTANT(HV_MMU_USE_HYPERCALL_FOR_REMOTE_FLUSH
),
449 CONSTANT(HV_X64_MSR_APIC_EOI
),
450 CONSTANT(HV_APIC_ENLIGHTENED
),
451 CONSTANT(HV_KE_USE_HYPERCALL_FOR_LONG_SPIN_WAIT
),
452 CONSTANT(HV_VIRTUAL_APIC_NO_EOI_REQUIRED_V
),
453 CONSTANT(HvApicFlags
),
455 HEADER("KDGT selectors"),
456 CONSTANT(KGDT64_NULL
),
457 CONSTANT(KGDT64_R0_CODE
),
458 CONSTANT(KGDT64_R0_DATA
),
459 CONSTANT(KGDT64_R3_CMCODE
),
460 CONSTANT(KGDT64_R3_DATA
),
461 CONSTANT(KGDT64_R3_CODE
),
462 CONSTANT(KGDT64_SYS_TSS
),
463 CONSTANT(KGDT64_R3_CMTEB
),
465 HEADER("Machine Specific Register Numbers"),
470 CONSTANT(MSR_SYSCALL_MASK
),
471 CONSTANT(MSR_FS_BASE
),
472 CONSTANT(MSR_GS_BASE
),
473 CONSTANT(MSR_GS_SWAP
),
474 CONSTANT(MSR_MCG_STATUS
),
475 CONSTANT(MSR_AMD_ACCESS
),
477 HEADER("Flags for MSR_EFER"),
483 CONSTANT(MSR_DEGUG_CTL
),
484 CONSTANT(MSR_LAST_BRANCH_FROM
),
485 CONSTANT(MSR_LAST_BRANCH_TO
),
486 CONSTANT(MSR_LAST_EXCEPTION_FROM
),
487 CONSTANT(MSR_LAST_EXCEPTION_TO
),
489 HEADER("Flags for MSR_DEGUG_CTL"),
490 CONSTANT(MSR_DEBUG_CTL_LBR
),
491 CONSTANT(MSR_DEBUG_CRL_BTF
),
496 HEADER("Fatal exception codes"),
497 CONSTANT(EXCEPTION_DIVIDED_BY_ZERO
),
498 CONSTANT(EXCEPTION_DEBUG
),
499 CONSTANT(EXCEPTION_NMI
),
500 CONSTANT(EXCEPTION_INT3
),
501 CONSTANT(EXCEPTION_BOUND_CHECK
),
502 CONSTANT(EXCEPTION_INVALID_OPCODE
),
503 CONSTANT(EXCEPTION_NPX_NOT_AVAILABLE
),
504 CONSTANT(EXCEPTION_DOUBLE_FAULT
),
505 CONSTANT(EXCEPTION_NPX_OVERRUN
),
506 CONSTANT(EXCEPTION_INVALID_TSS
),
507 CONSTANT(EXCEPTION_SEGMENT_NOT_PRESENT
),
508 CONSTANT(EXCEPTION_STACK_FAULT
),
509 CONSTANT(EXCEPTION_GP_FAULT
),
510 CONSTANT(EXCEPTION_RESERVED_TRAP
),
511 CONSTANT(EXCEPTION_NPX_ERROR
),
512 CONSTANT(EXCEPTION_ALIGNMENT_CHECK
),
516 /* STRUCTURE OFFSETS *********************************************************/
518 HEADER("KAFFINITY_EX"),
519 // OFFSET(AfBitmap, KAFFINITY_EX, Bitmap),
521 HEADER("Aligned Affinity"),
522 // OFFSET(AfsCpuSet, ???, CpuSet),
525 OFFSET(ApType
, KAPC
, Type
),
526 OFFSET(ApSize
, KAPC
, Size
),
527 OFFSET(ApThread
, KAPC
, Thread
),
528 OFFSET(ApApcListEntry
, KAPC
, ApcListEntry
),
529 OFFSET(ApKernelRoutine
, KAPC
, KernelRoutine
),
530 OFFSET(ApRundownRoutine
, KAPC
, RundownRoutine
),
531 OFFSET(ApNormalRoutine
, KAPC
, NormalRoutine
),
532 OFFSET(ApNormalContext
, KAPC
, NormalContext
),
533 OFFSET(ApSystemArgument1
, KAPC
, SystemArgument1
),
534 OFFSET(ApSystemArgument2
, KAPC
, SystemArgument2
),
535 OFFSET(ApApcStateIndex
, KAPC
, ApcStateIndex
),
536 OFFSET(ApApcMode
, KAPC
, ApcMode
),
537 OFFSET(ApInserted
, KAPC
, Inserted
),
538 SIZE(ApcObjectLength
, KAPC
),
540 HEADER("KAPC_STATE"),
541 OFFSET(AsApcListHead
, KAPC_STATE
, ApcListHead
),
542 OFFSET(AsProcess
, KAPC_STATE
, Process
),
543 OFFSET(AsKernelApcInProgress
, KAPC_STATE
, KernelApcInProgress
),
544 OFFSET(AsKernelApcPending
, KAPC_STATE
, KernelApcPending
),
545 OFFSET(AsUserApcPending
, KAPC_STATE
, UserApcPending
),
548 OFFSET(CidUniqueProcess
, CLIENT_ID
, UniqueProcess
),
549 OFFSET(CidUniqueThread
, CLIENT_ID
, UniqueThread
),
551 HEADER("RTL_CRITICAL_SECTION"),
552 OFFSET(CsDebugInfo
, RTL_CRITICAL_SECTION
, DebugInfo
),
553 OFFSET(CsLockCount
, RTL_CRITICAL_SECTION
, LockCount
),
554 OFFSET(CsRecursionCount
, RTL_CRITICAL_SECTION
, RecursionCount
),
555 OFFSET(CsOwningThread
, RTL_CRITICAL_SECTION
, OwningThread
),
556 OFFSET(CsLockSemaphore
, RTL_CRITICAL_SECTION
, LockSemaphore
),
557 OFFSET(CsSpinCount
, RTL_CRITICAL_SECTION
, SpinCount
),
559 HEADER("RTL_CRITICAL_SECTION_DEBUG"),
560 OFFSET(CsType
, RTL_CRITICAL_SECTION_DEBUG
, Type
),
561 OFFSET(CsCreatorBackTraceIndex
, RTL_CRITICAL_SECTION_DEBUG
, CreatorBackTraceIndex
),
562 OFFSET(CsCriticalSection
, RTL_CRITICAL_SECTION_DEBUG
, CriticalSection
),
563 OFFSET(CsProcessLocksList
, RTL_CRITICAL_SECTION_DEBUG
, ProcessLocksList
),
564 OFFSET(CsEntryCount
, RTL_CRITICAL_SECTION_DEBUG
, EntryCount
),
565 OFFSET(CsContentionCount
, RTL_CRITICAL_SECTION_DEBUG
, ContentionCount
),
567 HEADER("KDEVICE_QUEUE_ENTRY"),
568 OFFSET(DeDeviceListEntry
, KDEVICE_QUEUE_ENTRY
, DeviceListEntry
),
569 OFFSET(DeSortKey
, KDEVICE_QUEUE_ENTRY
, SortKey
),
570 OFFSET(DeInserted
, KDEVICE_QUEUE_ENTRY
, Inserted
),
571 SIZE(DeviceQueueEntryLength
, KDEVICE_QUEUE_ENTRY
),
574 OFFSET(DpType
, KDPC
, Type
),
575 OFFSET(DpImportance
, KDPC
, Importance
),
576 OFFSET(DpNumber
, KDPC
, Number
),
577 OFFSET(DpDpcListEntry
, KDPC
, DpcListEntry
),
578 OFFSET(DpDeferredRoutine
, KDPC
, DeferredRoutine
),
579 OFFSET(DpDeferredContext
, KDPC
, DeferredContext
),
580 OFFSET(DpSystemArgument1
, KDPC
, SystemArgument1
),
581 OFFSET(DpSystemArgument2
, KDPC
, SystemArgument2
),
582 OFFSET(DpDpcData
, KDPC
, DpcData
),
583 SIZE(DpcObjectLength
, KDPC
),
585 HEADER("KDEVICE_QUEUE"),
586 OFFSET(DvType
, KDEVICE_QUEUE
, Type
),
587 OFFSET(DvSize
, KDEVICE_QUEUE
, Size
),
588 OFFSET(DvDeviceListHead
, KDEVICE_QUEUE
, DeviceListHead
),
589 OFFSET(DvSpinLock
, KDEVICE_QUEUE
, Lock
),
590 OFFSET(DvBusy
, KDEVICE_QUEUE
, Busy
),
591 SIZE(DeviceQueueObjectLength
, KDEVICE_QUEUE
),
593 HEADER("EXCEPTION_RECORD"),
594 OFFSET(ErExceptionCode
, EXCEPTION_RECORD
, ExceptionCode
),
595 OFFSET(ErExceptionFlags
, EXCEPTION_RECORD
, ExceptionFlags
),
596 OFFSET(ErExceptionRecord
, EXCEPTION_RECORD
, ExceptionRecord
),
597 OFFSET(ErExceptionAddress
, EXCEPTION_RECORD
, ExceptionAddress
),
598 OFFSET(ErNumberParameters
, EXCEPTION_RECORD
, NumberParameters
),
599 OFFSET(ErExceptionInformation
, EXCEPTION_RECORD
, ExceptionInformation
),
600 SIZE(ExceptionRecordLength
, EXCEPTION_RECORD
),
601 SIZE(EXCEPTION_RECORD_LENGTH
, EXCEPTION_RECORD
),
604 OFFSET(EpDebugPort
, EPROCESS
, DebugPort
),
605 OFFSET(EpVdmObjects
, EPROCESS
, VdmObjects
),
606 SIZE(ExecutiveProcessObjectLength
, EPROCESS
),
609 OFFSET(EvType
, KEVENT
, Header
.Type
),
610 OFFSET(EvSize
, KEVENT
, Header
.Size
),
611 OFFSET(EvSignalState
, KEVENT
, Header
.SignalState
),
612 OFFSET(EvWaitListHead
, KEVENT
, Header
.WaitListHead
),
613 SIZE(EventObjectLength
, KEVENT
),
615 HEADER("FAST_MUTEX"),
616 OFFSET(FmCount
, FAST_MUTEX
, Count
),
617 OFFSET(FmOwner
, FAST_MUTEX
, Owner
),
618 OFFSET(FmContention
, FAST_MUTEX
, Contention
),
619 // OFFSET(FmGate, FAST_MUTEX, Gate),
620 OFFSET(FmOldIrql
, FAST_MUTEX
, OldIrql
),
622 HEADER("KINTERRUPT"),
623 OFFSET(InType
, KINTERRUPT
, Type
),
624 OFFSET(InSize
, KINTERRUPT
, Size
),
625 OFFSET(InInterruptListEntry
, KINTERRUPT
, InterruptListEntry
),
626 OFFSET(InServiceRoutine
, KINTERRUPT
, ServiceRoutine
),
627 OFFSET(InServiceContext
, KINTERRUPT
, ServiceContext
),
628 OFFSET(InSpinLock
, KINTERRUPT
, SpinLock
),
629 OFFSET(InTickCount
, KINTERRUPT
, TickCount
),
630 OFFSET(InActualLock
, KINTERRUPT
, ActualLock
),
631 OFFSET(InDispatchAddress
, KINTERRUPT
, DispatchAddress
),
632 OFFSET(InVector
, KINTERRUPT
, Vector
),
633 OFFSET(InIrql
, KINTERRUPT
, Irql
),
634 OFFSET(InSynchronizeIrql
, KINTERRUPT
, SynchronizeIrql
),
635 OFFSET(InFloatingSave
, KINTERRUPT
, FloatingSave
),
636 OFFSET(InConnected
, KINTERRUPT
, Connected
),
637 OFFSET(InNumber
, KINTERRUPT
, Number
),
638 OFFSET(InShareVector
, KINTERRUPT
, ShareVector
),
639 OFFSET(InMode
, KINTERRUPT
, Mode
),
640 OFFSET(InServiceCount
, KINTERRUPT
, ServiceCount
),
641 OFFSET(InDispatchCount
, KINTERRUPT
, DispatchCount
),
642 // OFFSET(InTrapFrame, KINTERRUPT, TrapFrame),
643 OFFSET(InDispatchCode
, KINTERRUPT
, DispatchCode
),
644 SIZE(InterruptObjectLength
, KINTERRUPT
),
646 HEADER("IO_STATUS_BLOCK"),
647 OFFSET(IoStatus
, IO_STATUS_BLOCK
, Status
),
648 OFFSET(IoPointer
, IO_STATUS_BLOCK
, Pointer
),
649 OFFSET(IoInformation
, IO_STATUS_BLOCK
, Information
),
652 // Kernel Stack Control Structure Offset (relative to initial stack pointer) Definitions
653 // RELOFFSET(KcPreviousBase, KERNEL_STACK_CONTROL, PreviousBase, ???),
654 // RELOFFSET(KcPreviousLimit, KERNEL_STACK_CONTROL, PreviousBase, ???),
655 // RELOFFSET(KcPreviousKernel, KERNEL_STACK_CONTROL, PreviousBase, ???),
656 // RELOFFSET(KcPreviousInitial, KERNEL_STACK_CONTROL, PreviousBase, ???),
658 HEADER("KERNEL_STACK_CONTROL"),
659 // OFFSET(KcPreviousBase, KERNEL_STACK_CONTROL, PreviousBase),
660 // OFFSET(KcPreviousLimit, KERNEL_STACK_CONTROL, PreviousLimit),
661 // OFFSET(KcPreviousKernel, KERNEL_STACK_CONTROL, PreviousKernel),
662 // OFFSET(KcPreviousInitial, KERNEL_STACK_CONTROL, PreviousInitial),
663 // SIZE(KERNEL_STACK_CONTROL_LENGTH, KERNEL_STACK_CONTROL),
667 // OFFSET(KnRight, KNODE, Right),
668 // OFFSET(KnLeft, KNODE, Left),
669 OFFSET(KnPfnDereferenceSListHead
, KNODE
, PfnDereferenceSListHead
),
670 OFFSET(KnProcessorMask
, KNODE
, ProcessorMask
),
671 OFFSET(KnColor
, KNODE
, Color
),
672 OFFSET(KnSeed
, KNODE
, Seed
),
673 OFFSET(KnNodeNumber
, KNODE
, NodeNumber
),
674 OFFSET(KnFlags
, KNODE
, Flags
),
675 OFFSET(knMmShiftedColor
, KNODE
, MmShiftedColor
),
676 OFFSET(KnFreeCount
, KNODE
, FreeCount
),
677 OFFSET(KnPfnDeferredList
, KNODE
, PfnDeferredList
),
678 SIZE(KNODE_SIZE
, KNODE
),
680 HEADER("KSPIN_LOCK_QUEUE"),
681 OFFSET(LqNext
, KSPIN_LOCK_QUEUE
, Next
),
682 OFFSET(LqLock
, KSPIN_LOCK_QUEUE
, Lock
),
684 HEADER("KLOCK_QUEUE_HANDLE"),
685 OFFSET(LqhNext
, KLOCK_QUEUE_HANDLE
, LockQueue
.Next
),
686 OFFSET(LqhLock
, KLOCK_QUEUE_HANDLE
, LockQueue
.Lock
),
687 OFFSET(LqhOldIrql
, KLOCK_QUEUE_HANDLE
, OldIrql
),
688 SIZE(LOCK_QUEUE_HEADER_SIZE
, KLOCK_QUEUE_HANDLE
),
690 HEADER("LARGE_INTEGER"),
691 OFFSET(LiLowPart
, LARGE_INTEGER
, LowPart
),
692 OFFSET(LiHighPart
, LARGE_INTEGER
, HighPart
),
694 HEADER("LOADER_PARAMETER_BLOCK (rel. to LoadOrderListHead)"),
695 RELOFFSET(LpbLoadOrderListHead
, LOADER_PARAMETER_BLOCK
, LoadOrderListHead
, LoadOrderListHead
),
696 RELOFFSET(LpbMemoryDescriptorListHead
, LOADER_PARAMETER_BLOCK
, MemoryDescriptorListHead
, LoadOrderListHead
),
697 RELOFFSET(LpbKernelStack
, LOADER_PARAMETER_BLOCK
, KernelStack
, LoadOrderListHead
),
698 RELOFFSET(LpbPrcb
, LOADER_PARAMETER_BLOCK
, Prcb
, LoadOrderListHead
),
699 RELOFFSET(LpbProcess
, LOADER_PARAMETER_BLOCK
, Process
, LoadOrderListHead
),
700 RELOFFSET(LpbThread
, LOADER_PARAMETER_BLOCK
, Thread
, LoadOrderListHead
),
701 RELOFFSET(LpbI386
, LOADER_PARAMETER_BLOCK
, u
.I386
, LoadOrderListHead
),
702 RELOFFSET(LpbRegistryLength
, LOADER_PARAMETER_BLOCK
, RegistryLength
, LoadOrderListHead
),
703 RELOFFSET(LpbRegistryBase
, LOADER_PARAMETER_BLOCK
, RegistryBase
, LoadOrderListHead
),
704 RELOFFSET(LpbConfigurationRoot
, LOADER_PARAMETER_BLOCK
, ConfigurationRoot
, LoadOrderListHead
),
705 RELOFFSET(LpbArcBootDeviceName
, LOADER_PARAMETER_BLOCK
, ArcBootDeviceName
, LoadOrderListHead
),
706 RELOFFSET(LpbArcHalDeviceName
, LOADER_PARAMETER_BLOCK
, ArcHalDeviceName
, LoadOrderListHead
),
707 RELOFFSET(LpbLoadOptions
, LOADER_PARAMETER_BLOCK
, LoadOptions
, LoadOrderListHead
),
708 RELOFFSET(LpbExtension
, LOADER_PARAMETER_BLOCK
, Extension
, LoadOrderListHead
),
711 HEADER("LIST_ENTRY"),
712 OFFSET(LsFlink
, LIST_ENTRY
, Flink
),
713 OFFSET(LsBlink
, LIST_ENTRY
, Blink
),
716 OFFSET(PeKernelCallbackTable
, PEB
, KernelCallbackTable
),
717 SIZE(ProcessEnvironmentBlockLength
, PEB
),
720 OFFSET(PfType
, KPROFILE
, Type
),
721 OFFSET(PfSize
, KPROFILE
, Size
),
722 OFFSET(PfProfileListEntry
, KPROFILE
, ProfileListEntry
),
723 OFFSET(PfProcess
, KPROFILE
, Process
),
724 OFFSET(PfRangeBase
, KPROFILE
, RangeBase
),
725 OFFSET(PfRangeLimit
, KPROFILE
, RangeLimit
),
726 OFFSET(PfBucketShift
, KPROFILE
, BucketShift
),
727 OFFSET(PfBuffer
, KPROFILE
, Buffer
),
728 OFFSET(PfSegment
, KPROFILE
, Segment
),
729 OFFSET(PfAffinity
, KPROFILE
, Affinity
),
730 OFFSET(PfSource
, KPROFILE
, Source
),
731 OFFSET(PfStarted
, KPROFILE
, Started
),
732 SIZE(ProfileObjectLength
, KPROFILE
),
734 HEADER("PORT_MESSAGE"),
735 OFFSET(PmLength
, PORT_MESSAGE
, u1
.Length
),
736 OFFSET(PmZeroInit
, PORT_MESSAGE
, u2
.ZeroInit
),
737 OFFSET(PmClientId
, PORT_MESSAGE
, ClientId
),
738 OFFSET(PmProcess
, PORT_MESSAGE
, ClientId
.UniqueProcess
),
739 OFFSET(PmThread
, PORT_MESSAGE
, ClientId
.UniqueThread
),
740 OFFSET(PmMessageId
, PORT_MESSAGE
, MessageId
),
741 OFFSET(PmClientViewSize
, PORT_MESSAGE
, ClientViewSize
),
742 SIZE(PortMessageLength
, PORT_MESSAGE
),
745 OFFSET(PrType
, KPROCESS
, Header
.Type
),
746 OFFSET(PrSize
, KPROCESS
, Header
.Size
),
747 OFFSET(PrSignalState
, KPROCESS
, Header
.SignalState
),
748 OFFSET(PrProfileListHead
, KPROCESS
, ProfileListHead
),
749 OFFSET(PrDirectoryTableBase
, KPROCESS
, DirectoryTableBase
),
751 OFFSET(PrLdtDescriptor
, KPROCESS
, LdtDescriptor
),
753 OFFSET(PrIopmOffset
, KPROCESS
, IopmOffset
),
755 OFFSET(PrInt21Descriptor
, KPROCESS
, Int21Descriptor
),
756 OFFSET(PrVdmTrapcHandler
, KPROCESS
, VdmTrapcHandler
),
757 // OFFSET(PrVdmObjects, KPROCESS, VdmObjects),
758 OFFSET(PrFlags
, KPROCESS
, Flags
),
760 // OFFSET(PrInstrumentationCallback, KPROCESS, InstrumentationCallback),
761 OFFSET(PrActiveProcessors
, KPROCESS
, ActiveProcessors
),
762 OFFSET(PrKernelTime
, KPROCESS
, KernelTime
),
763 OFFSET(PrUserTime
, KPROCESS
, UserTime
),
764 OFFSET(PrReadyListHead
, KPROCESS
, ReadyListHead
),
765 OFFSET(PrSwapListEntry
, KPROCESS
, SwapListEntry
),
766 OFFSET(PrThreadListHead
, KPROCESS
, ThreadListHead
),
767 OFFSET(PrProcessLock
, KPROCESS
, ProcessLock
),
768 OFFSET(PrAffinity
, KPROCESS
, Affinity
),
769 OFFSET(PrProcessFlags
, KPROCESS
, ProcessFlags
),
770 OFFSET(PrBasePriority
, KPROCESS
, BasePriority
),
771 OFFSET(PrQuantumReset
, KPROCESS
, QuantumReset
),
772 OFFSET(PrState
, KPROCESS
, State
),
773 OFFSET(PrStackCount
, KPROCESS
, StackCount
),
774 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
775 OFFSET(PrCycleTime
, KPROCESS
, CycleTime
),
777 SIZE(KernelProcessObjectLength
, KPROCESS
),
780 OFFSET(QuType
, KQUEUE
, Header
.Type
),
781 OFFSET(QuSize
, KQUEUE
, Header
.Size
),
782 OFFSET(QuSignalState
, KQUEUE
, Header
.SignalState
),
783 OFFSET(QuEntryListHead
, KQUEUE
, EntryListHead
),
784 OFFSET(QuCurrentCount
, KQUEUE
, CurrentCount
),
785 OFFSET(QuMaximumCount
, KQUEUE
, MaximumCount
),
786 OFFSET(QuThreadListHead
, KQUEUE
, ThreadListHead
),
787 SIZE(QueueObjectLength
, KQUEUE
),
790 OFFSET(StrLength
, STRING
, Length
),
791 OFFSET(StrMaximumLength
, STRING
, MaximumLength
),
792 OFFSET(StrBuffer
, STRING
, Buffer
),
795 OFFSET(TeCmTeb
, TEB
, NtTib
),
797 OFFSET(TeExceptionList
, TEB
, NtTib
.ExceptionList
),
799 OFFSET(TeStackBase
, TEB
, NtTib
.StackBase
),
800 OFFSET(TeStackLimit
, TEB
, NtTib
.StackLimit
),
801 OFFSET(TeFiberData
, TEB
, NtTib
.FiberData
),
802 OFFSET(TeSelf
, TEB
, NtTib
.Self
),
803 OFFSET(TeEnvironmentPointer
, TEB
, EnvironmentPointer
),
804 OFFSET(TeClientId
, TEB
, ClientId
),
805 OFFSET(TeActiveRpcHandle
, TEB
, ActiveRpcHandle
),
806 OFFSET(TeThreadLocalStoragePointer
, TEB
, ThreadLocalStoragePointer
),
807 OFFSET(TeCountOfOwnedCriticalSections
, TEB
, CountOfOwnedCriticalSections
),
808 OFFSET(TePeb
, TEB
, ProcessEnvironmentBlock
),
809 OFFSET(TeCsrClientThread
, TEB
, CsrClientThread
),
810 OFFSET(TeWOW32Reserved
, TEB
, WOW32Reserved
),
811 // OFFSET(TeSoftFpcr, TEB, SoftFpcr),
812 OFFSET(TeExceptionCode
, TEB
, ExceptionCode
),
813 OFFSET(TeActivationContextStackPointer
, TEB
, ActivationContextStackPointer
),
814 OFFSET(TeGdiClientPID
, TEB
, GdiClientPID
),
815 OFFSET(TeGdiClientTID
, TEB
, GdiClientTID
),
816 OFFSET(TeGdiThreadLocalInfo
, TEB
, GdiThreadLocalInfo
),
817 OFFSET(TeglDispatchTable
, TEB
, glDispatchTable
),
818 OFFSET(TeglReserved1
, TEB
, glReserved1
),
819 OFFSET(TeglReserved2
, TEB
, glReserved2
),
820 OFFSET(TeglSectionInfo
, TEB
, glSectionInfo
),
821 OFFSET(TeglSection
, TEB
, glSection
),
822 OFFSET(TeglTable
, TEB
, glTable
),
823 OFFSET(TeglCurrentRC
, TEB
, glCurrentRC
),
824 OFFSET(TeglContext
, TEB
, glContext
),
825 OFFSET(TeDeallocationStack
, TEB
, DeallocationStack
),
826 OFFSET(TeTlsSlots
, TEB
, TlsSlots
),
827 OFFSET(TeTlsExpansionSlots
, TEB
, TlsExpansionSlots
),
828 OFFSET(TeLastErrorValue
, TEB
, LastErrorValue
),
829 OFFSET(TeVdm
, TEB
, Vdm
),
830 OFFSET(TeInstrumentation
, TEB
, Instrumentation
),
831 OFFSET(TeGdiBatchCount
, TEB
, GdiBatchCount
),
832 OFFSET(TeGuaranteedStackBytes
, TEB
, GuaranteedStackBytes
),
833 OFFSET(TeFlsData
, TEB
, FlsData
),
834 // OFFSET(TeProcessRundown, TEB, ProcessRundown),
835 SIZE(ThreadEnvironmentBlockLength
, TEB
),
837 HEADER("TIME_FIELDS"),
838 OFFSET(TfSecond
, TIME_FIELDS
, Second
),
839 OFFSET(TfMinute
, TIME_FIELDS
, Minute
),
840 OFFSET(TfHour
, TIME_FIELDS
, Hour
),
841 OFFSET(TfWeekday
, TIME_FIELDS
, Weekday
),
842 OFFSET(TfDay
, TIME_FIELDS
, Day
),
843 OFFSET(TfMonth
, TIME_FIELDS
, Month
),
844 OFFSET(TfYear
, TIME_FIELDS
, Year
),
845 OFFSET(TfMilliseconds
, TIME_FIELDS
, Milliseconds
),
848 OFFSET(ThType
, KTHREAD
, DispatcherHeader
.Type
),
849 // OFFSET(ThNpxIrql, KTHREAD, NpxIrql),
850 OFFSET(ThSize
, KTHREAD
, DispatcherHeader
.Size
),
851 OFFSET(ThLock
, KTHREAD
, DispatcherHeader
.Lock
),
852 OFFSET(ThDebugActive
, KTHREAD
, DispatcherHeader
.DebugActive
),
853 // OFFSET(ThThreadControlFlags, KTHREAD, DispatcherHeader.ThreadControlFlags),
854 OFFSET(ThSignalState
, KTHREAD
, DispatcherHeader
.SignalState
),
855 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
856 OFFSET(ThCycleTime
, KTHREAD
, CycleTime
),
857 OFFSET(ThHighCycleTime
, KTHREAD
, HighCycleTime
),
859 OFFSET(ThInitialStack
, KTHREAD
, InitialStack
),
860 OFFSET(ThStackLimit
, KTHREAD
, StackLimit
),
861 OFFSET(ThKernelStack
, KTHREAD
, KernelStack
),
862 OFFSET(ThThreadLock
, KTHREAD
, ThreadLock
),
863 // OFFSET(ThRunning, KTHREAD, Running),
864 OFFSET(ThAlerted
, KTHREAD
, Alerted
),
865 // OFFSET(ThMiscFlags, KTHREAD, MiscFlags),
866 OFFSET(ThApcState
, KTHREAD
, ApcState
),
867 OFFSET(ThPriority
, KTHREAD
, Priority
),
868 OFFSET(ThSwapBusy
, KTHREAD
, SwapBusy
),
869 OFFSET(ThNextProcessor
, KTHREAD
, NextProcessor
),
870 OFFSET(ThDeferredProcessor
, KTHREAD
, DeferredProcessor
),
871 OFFSET(ThApcQueueLock
, KTHREAD
, ApcQueueLock
),
872 OFFSET(ThContextSwitches
, KTHREAD
, ContextSwitches
),
873 OFFSET(ThState
, KTHREAD
, State
),
874 OFFSET(ThNpxState
, KTHREAD
, NpxState
),
875 OFFSET(ThWaitIrql
, KTHREAD
, WaitIrql
),
876 OFFSET(ThWaitMode
, KTHREAD
, WaitMode
),
877 OFFSET(ThWaitStatus
, KTHREAD
, WaitStatus
),
878 OFFSET(ThWaitBlockList
, KTHREAD
, WaitBlockList
),
879 OFFSET(ThGateObject
, KTHREAD
, GateObject
),
880 OFFSET(ThWaitListEntry
, KTHREAD
, WaitListEntry
),
881 OFFSET(ThSwapListEntry
, KTHREAD
, SwapListEntry
),
882 OFFSET(ThQueue
, KTHREAD
, Queue
),
883 OFFSET(ThWaitTime
, KTHREAD
, WaitTime
),
884 OFFSET(ThCombinedApcDisable
, KTHREAD
, CombinedApcDisable
),
885 OFFSET(ThKernelApcDisable
, KTHREAD
, KernelApcDisable
),
886 OFFSET(ThSpecialApcDisable
, KTHREAD
, SpecialApcDisable
),
887 OFFSET(ThTeb
, KTHREAD
, Teb
),
888 OFFSET(ThTimer
, KTHREAD
, Timer
),
889 OFFSET(ThThreadFlags
, KTHREAD
, ThreadFlags
),
890 OFFSET(ThServiceTable
, KTHREAD
, ServiceTable
),
891 OFFSET(ThWaitBlock
, KTHREAD
, WaitBlock
),
892 OFFSET(ThResourceIndex
, KTHREAD
, ResourceIndex
),
893 OFFSET(ThQueueListEntry
, KTHREAD
, QueueListEntry
),
894 OFFSET(ThTrapFrame
, KTHREAD
, TrapFrame
),
895 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
896 OFFSET(ThFirstArgument
, KTHREAD
, FirstArgument
),
898 OFFSET(ThCallbackStack
, KTHREAD
, CallbackStack
),
899 // OFFSET(ThCallbackDepth, KTHREAD, CallbackDepth),
900 OFFSET(ThApcStateIndex
, KTHREAD
, ApcStateIndex
),
901 OFFSET(ThIdealProcessor
, KTHREAD
, IdealProcessor
),
902 OFFSET(ThBasePriority
, KTHREAD
, BasePriority
),
903 OFFSET(ThPriorityDecrement
, KTHREAD
, PriorityDecrement
),
904 OFFSET(ThAdjustReason
, KTHREAD
, AdjustReason
),
905 OFFSET(ThAdjustIncrement
, KTHREAD
, AdjustIncrement
),
906 OFFSET(ThPreviousMode
, KTHREAD
, PreviousMode
),
907 OFFSET(ThSaturation
, KTHREAD
, Saturation
),
908 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
909 OFFSET(ThSystemCallNumber
, KTHREAD
, SystemCallNumber
),
911 OFFSET(ThFreezeCount
, KTHREAD
, FreezeCount
),
912 OFFSET(ThUserAffinity
, KTHREAD
, UserAffinity
),
913 OFFSET(ThProcess
, KTHREAD
, Process
),
914 OFFSET(ThAffinity
, KTHREAD
, Affinity
),
915 OFFSET(ThUserIdealProcessor
, KTHREAD
, UserIdealProcessor
),
916 OFFSET(ThApcStatePointer
, KTHREAD
, ApcStatePointer
),
917 OFFSET(ThSavedApcState
, KTHREAD
, SavedApcState
),
918 OFFSET(ThWaitReason
, KTHREAD
, WaitReason
),
919 OFFSET(ThSuspendCount
, KTHREAD
, SuspendCount
),
920 // OFFSET(ThCodePatchInProgress, KTHREAD, CodePatchInProgress),
921 OFFSET(ThWin32Thread
, KTHREAD
, Win32Thread
),
922 OFFSET(ThStackBase
, KTHREAD
, StackBase
),
923 OFFSET(ThSuspendApc
, KTHREAD
, SuspendApc
),
924 OFFSET(ThPowerState
, KTHREAD
, PowerState
),
925 OFFSET(ThKernelTime
, KTHREAD
, KernelTime
),
926 OFFSET(ThLegoData
, KTHREAD
, LegoData
),
927 OFFSET(ThLargeStack
, KTHREAD
, LargeStack
),
928 OFFSET(ThUserTime
, KTHREAD
, UserTime
),
929 OFFSET(ThSuspendSemaphore
, KTHREAD
, SuspendSemaphore
),
930 OFFSET(ThSListFaultCount
, KTHREAD
, SListFaultCount
),
931 OFFSET(ThThreadListEntry
, KTHREAD
, ThreadListEntry
),
932 OFFSET(ThMutantListHead
, KTHREAD
, MutantListHead
),
933 OFFSET(ThSListFaultAddress
, KTHREAD
, SListFaultAddress
),
934 SIZE(KernelThreadObjectLength
, KTHREAD
),
935 SIZE(ExecutiveThreadObjectLength
, ETHREAD
),
938 OFFSET(TiType
, KTIMER
, Header
.Type
),
939 OFFSET(TiSize
, KTIMER
, Header
.Size
),
940 OFFSET(TiInserted
, KTIMER
, Header
.Inserted
),
941 OFFSET(TiSignalState
, KTIMER
, Header
.SignalState
),
942 OFFSET(TiDueTime
, KTIMER
, DueTime
),
943 OFFSET(TiTimerListEntry
, KTIMER
, TimerListEntry
),
944 OFFSET(TiDpc
, KTIMER
, Dpc
),
945 OFFSET(TiPeriod
, KTIMER
, Period
),
946 SIZE(TimerObjectLength
, KTIMER
),
949 // OFFSET(TmLowTime, TIME, LowTime),
950 // OFFSET(TmHighTime, TIME, HighTime),
953 HEADER("SYSTEM_CONTEXT_SWITCH_INFORMATION (relative to FindAny)"),
954 RELOFFSET(TwFindAny
, SYSTEM_CONTEXT_SWITCH_INFORMATION
, FindAny
, FindAny
),
955 RELOFFSET(TwFindIdeal
, SYSTEM_CONTEXT_SWITCH_INFORMATION
, FindIdeal
, FindAny
),
956 RELOFFSET(TwFindLast
, SYSTEM_CONTEXT_SWITCH_INFORMATION
, FindLast
, FindAny
),
957 RELOFFSET(TwIdleAny
, SYSTEM_CONTEXT_SWITCH_INFORMATION
, IdleAny
, FindAny
),
958 RELOFFSET(TwIdleCurrent
, SYSTEM_CONTEXT_SWITCH_INFORMATION
, IdleCurrent
, FindAny
),
959 RELOFFSET(TwIdleIdeal
, SYSTEM_CONTEXT_SWITCH_INFORMATION
, IdleIdeal
, FindAny
),
960 RELOFFSET(TwIdleLast
, SYSTEM_CONTEXT_SWITCH_INFORMATION
, IdleLast
, FindAny
),
961 RELOFFSET(TwPreemptAny
, SYSTEM_CONTEXT_SWITCH_INFORMATION
, PreemptAny
, FindAny
),
962 RELOFFSET(TwPreemptCurrent
, SYSTEM_CONTEXT_SWITCH_INFORMATION
, PreemptCurrent
, FindAny
),
963 RELOFFSET(TwPreemptLast
, SYSTEM_CONTEXT_SWITCH_INFORMATION
, PreemptLast
, FindAny
),
964 RELOFFSET(TwSwitchToIdle
, SYSTEM_CONTEXT_SWITCH_INFORMATION
, SwitchToIdle
, FindAny
),
967 HEADER("KUSER_SHARED_DATA"),
968 OFFSET(UsTickCountMultiplier
, KUSER_SHARED_DATA
, TickCountMultiplier
),
969 OFFSET(UsInterruptTime
, KUSER_SHARED_DATA
, InterruptTime
),
970 OFFSET(UsSystemTime
, KUSER_SHARED_DATA
, SystemTime
),
971 OFFSET(UsTimeZoneBias
, KUSER_SHARED_DATA
, TimeZoneBias
),
972 OFFSET(UsImageNumberLow
, KUSER_SHARED_DATA
, ImageNumberLow
),
973 OFFSET(UsImageNumberHigh
, KUSER_SHARED_DATA
, ImageNumberHigh
),
974 OFFSET(UsNtSystemRoot
, KUSER_SHARED_DATA
, NtSystemRoot
),
975 OFFSET(UsMaxStackTraceDepth
, KUSER_SHARED_DATA
, MaxStackTraceDepth
),
976 OFFSET(UsCryptoExponent
, KUSER_SHARED_DATA
, CryptoExponent
),
977 OFFSET(UsTimeZoneId
, KUSER_SHARED_DATA
, TimeZoneId
),
978 OFFSET(UsLargePageMinimum
, KUSER_SHARED_DATA
, LargePageMinimum
),
979 OFFSET(UsReserved2
, KUSER_SHARED_DATA
, Reserved2
),
980 OFFSET(UsNtProductType
, KUSER_SHARED_DATA
, NtProductType
),
981 OFFSET(UsProductTypeIsValid
, KUSER_SHARED_DATA
, ProductTypeIsValid
),
982 OFFSET(UsNtMajorVersion
, KUSER_SHARED_DATA
, NtMajorVersion
),
983 OFFSET(UsNtMinorVersion
, KUSER_SHARED_DATA
, NtMinorVersion
),
984 OFFSET(UsProcessorFeatures
, KUSER_SHARED_DATA
, ProcessorFeatures
),
985 OFFSET(UsReserved1
, KUSER_SHARED_DATA
, Reserved1
),
986 OFFSET(UsReserved3
, KUSER_SHARED_DATA
, Reserved3
),
987 OFFSET(UsTimeSlip
, KUSER_SHARED_DATA
, TimeSlip
),
988 OFFSET(UsAlternativeArchitecture
, KUSER_SHARED_DATA
, AlternativeArchitecture
),
989 OFFSET(UsSystemExpirationDate
, KUSER_SHARED_DATA
, SystemExpirationDate
),
990 OFFSET(UsSuiteMask
, KUSER_SHARED_DATA
, SuiteMask
),
991 OFFSET(UsKdDebuggerEnabled
, KUSER_SHARED_DATA
, KdDebuggerEnabled
),
992 OFFSET(UsActiveConsoleId
, KUSER_SHARED_DATA
, ActiveConsoleId
),
993 OFFSET(UsDismountCount
, KUSER_SHARED_DATA
, DismountCount
),
994 OFFSET(UsComPlusPackage
, KUSER_SHARED_DATA
, ComPlusPackage
),
995 OFFSET(UsLastSystemRITEventTickCount
, KUSER_SHARED_DATA
, LastSystemRITEventTickCount
),
996 OFFSET(UsNumberOfPhysicalPages
, KUSER_SHARED_DATA
, NumberOfPhysicalPages
),
997 OFFSET(UsSafeBootMode
, KUSER_SHARED_DATA
, SafeBootMode
),
998 // OFFSET(UsTscQpcData, KUSER_SHARED_DATA, TscQpcData),
999 OFFSET(UsTestRetInstruction
, KUSER_SHARED_DATA
, TestRetInstruction
),
1000 OFFSET(UsSystemCall
, KUSER_SHARED_DATA
, SystemCall
),
1001 OFFSET(UsSystemCallReturn
, KUSER_SHARED_DATA
, SystemCallReturn
),
1002 OFFSET(UsSystemCallPad
, KUSER_SHARED_DATA
, SystemCallPad
),
1003 OFFSET(UsTickCount
, KUSER_SHARED_DATA
, TickCount
),
1004 OFFSET(UsTickCountQuad
, KUSER_SHARED_DATA
, TickCountQuad
),
1005 OFFSET(UsWow64SharedInformation
, KUSER_SHARED_DATA
, Wow64SharedInformation
),
1007 HEADER("KWAIT_BLOCK"),
1008 OFFSET(WbWaitListEntry
, KWAIT_BLOCK
, WaitListEntry
),
1009 OFFSET(WbThread
, KWAIT_BLOCK
, Thread
),
1010 OFFSET(WbObject
, KWAIT_BLOCK
, Object
),
1011 OFFSET(WbNextWaitBlock
, KWAIT_BLOCK
, NextWaitBlock
),
1012 OFFSET(WbWaitKey
, KWAIT_BLOCK
, WaitKey
),
1013 OFFSET(WbWaitType
, KWAIT_BLOCK
, WaitType
),
1015 #if defined(_M_IX86)
1018 OFFSET(CsContextFlags
, CONTEXT
, ContextFlags
),
1019 OFFSET(CsDr0
, CONTEXT
, Dr0
),
1020 OFFSET(CsDr1
, CONTEXT
, Dr1
),
1021 OFFSET(CsDr2
, CONTEXT
, Dr2
),
1022 OFFSET(CsDr3
, CONTEXT
, Dr3
),
1023 OFFSET(CsDr6
, CONTEXT
, Dr6
),
1024 OFFSET(CsDr7
, CONTEXT
, Dr7
),
1025 OFFSET(CsFloatSave
, CONTEXT
, FloatSave
),
1026 OFFSET(CsSegGs
, CONTEXT
, SegGs
),
1027 OFFSET(CsSegFs
, CONTEXT
, SegFs
),
1028 OFFSET(CsSegEs
, CONTEXT
, SegEs
),
1029 OFFSET(CsSegDs
, CONTEXT
, SegDs
),
1030 OFFSET(CsEdi
, CONTEXT
, Edi
),
1031 OFFSET(CsEsi
, CONTEXT
, Esi
),
1032 OFFSET(CsEbx
, CONTEXT
, Ebx
),
1033 OFFSET(CsEdx
, CONTEXT
, Edx
),
1034 OFFSET(CsEcx
, CONTEXT
, Ecx
),
1035 OFFSET(CsEax
, CONTEXT
, Eax
),
1036 OFFSET(CsEbp
, CONTEXT
, Ebp
),
1037 OFFSET(CsEip
, CONTEXT
, Eip
),
1038 OFFSET(CsSegCs
, CONTEXT
, SegCs
),
1039 OFFSET(CsEflags
, CONTEXT
, EFlags
),
1040 OFFSET(CsEsp
, CONTEXT
, Esp
),
1041 OFFSET(CsSegSs
, CONTEXT
, SegSs
),
1042 OFFSET(CsExtendedRegisters
, CONTEXT
, ExtendedRegisters
),
1043 SIZE(ContextFrameLength
, CONTEXT
),
1044 SIZE(CONTEXT_LENGTH
, CONTEXT
),
1046 HEADER("KGDTENTRY"),
1047 OFFSET(KgdtBaseLow
, KGDTENTRY
, BaseLow
),
1048 OFFSET(KgdtBaseMid
, KGDTENTRY
, HighWord
.Bytes
.BaseMid
),
1049 OFFSET(KgdtBaseHi
, KGDTENTRY
, HighWord
.Bytes
.BaseHi
),
1050 OFFSET(KgdtLimitHi
, KGDTENTRY
, HighWord
.Bytes
.Flags2
),
1051 OFFSET(KgdtLimitLow
, KGDTENTRY
, LimitLow
),
1053 HEADER("KTRAP_FRAME"),
1054 OFFSET(TsExceptionList
, KTRAP_FRAME
, ExceptionList
),
1055 OFFSET(TsPreviousPreviousMode
, KTRAP_FRAME
, PreviousPreviousMode
),
1056 OFFSET(TsSegGs
, KTRAP_FRAME
, SegGs
),
1057 OFFSET(TsSegFs
, KTRAP_FRAME
, SegFs
),
1058 OFFSET(TsSegEs
, KTRAP_FRAME
, SegEs
),
1059 OFFSET(TsSegDs
, KTRAP_FRAME
, SegDs
),
1060 OFFSET(TsEdi
, KTRAP_FRAME
, Edi
),
1061 OFFSET(TsEsi
, KTRAP_FRAME
, Esi
),
1062 OFFSET(TsEbp
, KTRAP_FRAME
, Ebp
),
1063 OFFSET(TsEbx
, KTRAP_FRAME
, Ebx
),
1064 OFFSET(TsEdx
, KTRAP_FRAME
, Edx
),
1065 OFFSET(TsEcx
, KTRAP_FRAME
, Ecx
),
1066 OFFSET(TsEax
, KTRAP_FRAME
, Eax
),
1067 OFFSET(TsErrCode
, KTRAP_FRAME
, ErrCode
),
1068 OFFSET(TsEip
, KTRAP_FRAME
, Eip
),
1069 OFFSET(TsSegCs
, KTRAP_FRAME
, SegCs
),
1070 OFFSET(TsEflags
, KTRAP_FRAME
, EFlags
),
1071 OFFSET(TsHardwareEsp
, KTRAP_FRAME
, HardwareEsp
),
1072 OFFSET(TsHardwareSegSs
, KTRAP_FRAME
, HardwareSegSs
),
1073 OFFSET(TsTempSegCs
, KTRAP_FRAME
, TempSegCs
),
1074 // OFFSET(TsLogging, KTRAP_FRAME, Logging),
1075 OFFSET(TsTempEsp
, KTRAP_FRAME
, TempEsp
),
1076 OFFSET(TsDbgEbp
, KTRAP_FRAME
, DbgEbp
),
1077 OFFSET(TsDbgEip
, KTRAP_FRAME
, DbgEip
),
1078 OFFSET(TsDbgArgMark
, KTRAP_FRAME
, DbgArgMark
),
1079 OFFSET(TsDbgArgPointer
, KTRAP_FRAME
, DbgArgPointer
),
1080 OFFSET(TsDr0
, KTRAP_FRAME
, Dr0
),
1081 OFFSET(TsDr1
, KTRAP_FRAME
, Dr1
),
1082 OFFSET(TsDr2
, KTRAP_FRAME
, Dr2
),
1083 OFFSET(TsDr3
, KTRAP_FRAME
, Dr3
),
1084 OFFSET(TsDr6
, KTRAP_FRAME
, Dr6
),
1085 OFFSET(TsDr7
, KTRAP_FRAME
, Dr7
),
1086 OFFSET(TsV86Es
, KTRAP_FRAME
, V86Es
),
1087 OFFSET(TsV86Ds
, KTRAP_FRAME
, V86Ds
),
1088 OFFSET(TsV86Fs
, KTRAP_FRAME
, V86Fs
),
1089 OFFSET(TsV86Gs
, KTRAP_FRAME
, V86Gs
),
1090 SIZE(KTRAP_FRAME_LENGTH
, KTRAP_FRAME
),
1091 CONSTANT(KTRAP_FRAME_ALIGN
),
1092 CONSTANT(FRAME_EDITED
),
1095 OFFSET(TssEsp0
, KTSS
, Esp0
),
1096 OFFSET(TssCR3
, KTSS
, CR3
),
1097 OFFSET(TssEip
, KTSS
, Eip
),
1098 OFFSET(TssEFlags
, KTSS
, EFlags
),
1099 OFFSET(TssEax
, KTSS
, Eax
),
1100 OFFSET(TssEbx
, KTSS
, Ebx
),
1101 OFFSET(TssEcx
, KTSS
, Ecx
),
1102 OFFSET(TssEdx
, KTSS
, Edx
),
1103 OFFSET(TssEsp
, KTSS
, Esp
),
1104 OFFSET(TssEbp
, KTSS
, Ebp
),
1105 OFFSET(TssEsi
, KTSS
, Esi
),
1106 OFFSET(TssEdi
, KTSS
, Edi
),
1107 OFFSET(TssEs
, KTSS
, Es
),
1108 OFFSET(TssCs
, KTSS
, Cs
),
1109 OFFSET(TssSs
, KTSS
, Ss
),
1110 OFFSET(TssDs
, KTSS
, Ds
),
1111 OFFSET(TssFs
, KTSS
, Fs
),
1112 OFFSET(TssGs
, KTSS
, Gs
),
1113 OFFSET(TssLDT
, KTSS
, LDT
),
1114 OFFSET(TssIoMapBase
, KTSS
, IoMapBase
),
1115 OFFSET(TssIoMaps
, KTSS
, IoMaps
),
1116 SIZE(TssLength
, KTSS
),
1118 #elif defined(_M_AMD64)
1120 HEADER("Argument Home Address"),
1121 OFFSET(P1Home
, CONTEXT
, P1Home
),
1122 OFFSET(P2Home
, CONTEXT
, P1Home
),
1123 OFFSET(P3Home
, CONTEXT
, P1Home
),
1124 OFFSET(P4Home
, CONTEXT
, P1Home
),
1127 OFFSET(CxP1Home
, CONTEXT
, P1Home
),
1128 OFFSET(CxP2Home
, CONTEXT
, P2Home
),
1129 OFFSET(CxP3Home
, CONTEXT
, P3Home
),
1130 OFFSET(CxP4Home
, CONTEXT
, P4Home
),
1131 OFFSET(CxP5Home
, CONTEXT
, P5Home
),
1132 OFFSET(CxP6Home
, CONTEXT
, P6Home
),
1133 OFFSET(CxContextFlags
, CONTEXT
, ContextFlags
),
1134 OFFSET(CxMxCsr
, CONTEXT
, MxCsr
),
1135 OFFSET(CxSegCs
, CONTEXT
, SegCs
),
1136 OFFSET(CxSegDs
, CONTEXT
, SegDs
),
1137 OFFSET(CxSegEs
, CONTEXT
, SegEs
),
1138 OFFSET(CxSegFs
, CONTEXT
, SegFs
),
1139 OFFSET(CxSegGs
, CONTEXT
, SegGs
),
1140 OFFSET(CxSegSs
, CONTEXT
, SegSs
),
1141 OFFSET(CxEFlags
, CONTEXT
, EFlags
),
1142 OFFSET(CxDr0
, CONTEXT
, Dr0
),
1143 OFFSET(CxDr1
, CONTEXT
, Dr1
),
1144 OFFSET(CxDr2
, CONTEXT
, Dr2
),
1145 OFFSET(CxDr3
, CONTEXT
, Dr3
),
1146 OFFSET(CxDr6
, CONTEXT
, Dr6
),
1147 OFFSET(CxDr7
, CONTEXT
, Dr7
),
1148 OFFSET(CxRax
, CONTEXT
, Rax
),
1149 OFFSET(CxRcx
, CONTEXT
, Rcx
),
1150 OFFSET(CxRdx
, CONTEXT
, Rdx
),
1151 OFFSET(CxRbx
, CONTEXT
, Rbx
),
1152 OFFSET(CxRsp
, CONTEXT
, Rsp
),
1153 OFFSET(CxRbp
, CONTEXT
, Rbp
),
1154 OFFSET(CxRsi
, CONTEXT
, Rsi
),
1155 OFFSET(CxRdi
, CONTEXT
, Rdi
),
1156 OFFSET(CxR8
, CONTEXT
, R8
),
1157 OFFSET(CxR9
, CONTEXT
, R9
),
1158 OFFSET(CxR10
, CONTEXT
, R10
),
1159 OFFSET(CxR11
, CONTEXT
, R11
),
1160 OFFSET(CxR12
, CONTEXT
, R12
),
1161 OFFSET(CxR13
, CONTEXT
, R13
),
1162 OFFSET(CxR14
, CONTEXT
, R14
),
1163 OFFSET(CxR15
, CONTEXT
, R15
),
1164 OFFSET(CxRip
, CONTEXT
, Rip
),
1165 OFFSET(CxFltSave
, CONTEXT
, FltSave
),
1166 OFFSET(CxXmm0
, CONTEXT
, Xmm0
),
1167 OFFSET(CxXmm1
, CONTEXT
, Xmm1
),
1168 OFFSET(CxXmm2
, CONTEXT
, Xmm2
),
1169 OFFSET(CxXmm3
, CONTEXT
, Xmm3
),
1170 OFFSET(CxXmm4
, CONTEXT
, Xmm4
),
1171 OFFSET(CxXmm5
, CONTEXT
, Xmm5
),
1172 OFFSET(CxXmm6
, CONTEXT
, Xmm6
),
1173 OFFSET(CxXmm7
, CONTEXT
, Xmm7
),
1174 OFFSET(CxXmm8
, CONTEXT
, Xmm8
),
1175 OFFSET(CxXmm9
, CONTEXT
, Xmm9
),
1176 OFFSET(CxXmm10
, CONTEXT
, Xmm10
),
1177 OFFSET(CxXmm11
, CONTEXT
, Xmm11
),
1178 OFFSET(CxXmm12
, CONTEXT
, Xmm12
),
1179 OFFSET(CxXmm13
, CONTEXT
, Xmm13
),
1180 OFFSET(CxXmm14
, CONTEXT
, Xmm14
),
1181 OFFSET(CxXmm15
, CONTEXT
, Xmm15
),
1182 OFFSET(CxDebugControl
, CONTEXT
, DebugControl
),
1183 OFFSET(CxLastBranchToRip
, CONTEXT
, LastBranchToRip
),
1184 OFFSET(CxLastBranchFromRip
, CONTEXT
, LastBranchFromRip
),
1185 OFFSET(CxLastExceptionToRip
, CONTEXT
, LastExceptionToRip
),
1186 OFFSET(CxLastExceptionFromRip
, CONTEXT
, LastExceptionFromRip
),
1187 OFFSET(CxVectorControl
, CONTEXT
, VectorControl
),
1188 OFFSET(CxVectorRegister
, CONTEXT
, VectorRegister
),
1189 SIZE(CONTEXT_FRAME_LENGTH
, CONTEXT
),
1191 HEADER("DISPATCHER_CONTEXT"),
1192 OFFSET(DcControlPc
, TYPE
, ControlPc
),
1193 OFFSET(DcImageBase
, TYPE
, ImageBase
),
1194 OFFSET(DcFunctionEntry
, TYPE
, FunctionEntry
),
1195 OFFSET(DcEstablisherFrame
, TYPE
, EstablisherFrame
),
1196 OFFSET(DcTargetIp
, TYPE
, TargetIp
),
1197 OFFSET(DcContextRecord
, TYPE
, ContextRecord
),
1198 OFFSET(DcLanguageHandler
, TYPE
, LanguageHandler
),
1199 OFFSET(DcHandlerData
, TYPE
, HandlerData
),
1200 OFFSET(DcHistoryTable
, TYPE
, HistoryTable
),
1201 OFFSET(DcScopeIndex
, TYPE
, ScopeIndex
),
1203 HEADER("KEXCEPTION_FRAME"),
1204 OFFSET(ExP1Home
, KEXCEPTION_FRAME
, P1Home
),
1205 OFFSET(ExP2Home
, KEXCEPTION_FRAME
, P2Home
),
1206 OFFSET(ExP3Home
, KEXCEPTION_FRAME
, P3Home
),
1207 OFFSET(ExP4Home
, KEXCEPTION_FRAME
, P4Home
),
1208 OFFSET(ExP5
, KEXCEPTION_FRAME
, P5
),
1209 OFFSET(ExXmm6
, KEXCEPTION_FRAME
, Xmm6
),
1210 OFFSET(ExXmm7
, KEXCEPTION_FRAME
, Xmm7
),
1211 OFFSET(ExXmm8
, KEXCEPTION_FRAME
, Xmm8
),
1212 OFFSET(ExXmm9
, KEXCEPTION_FRAME
, Xmm9
),
1213 OFFSET(ExXmm10
, KEXCEPTION_FRAME
, Xmm10
),
1214 OFFSET(ExXmm11
, KEXCEPTION_FRAME
, Xmm11
),
1215 OFFSET(ExXmm12
, KEXCEPTION_FRAME
, Xmm12
),
1216 OFFSET(ExXmm13
, KEXCEPTION_FRAME
, Xmm13
),
1217 OFFSET(ExXmm14
, KEXCEPTION_FRAME
, Xmm14
),
1218 OFFSET(ExXmm15
, KEXCEPTION_FRAME
, Xmm15
),
1219 OFFSET(ExMxCsr
, KEXCEPTION_FRAME
, MxCsr
),
1220 OFFSET(ExRbp
, KEXCEPTION_FRAME
, Rbp
),
1221 OFFSET(ExRbx
, KEXCEPTION_FRAME
, Rbx
),
1222 OFFSET(ExRdi
, KEXCEPTION_FRAME
, Rdi
),
1223 OFFSET(ExRsi
, KEXCEPTION_FRAME
, Rsi
),
1224 OFFSET(ExR12
, KEXCEPTION_FRAME
, R12
),
1225 OFFSET(ExR13
, KEXCEPTION_FRAME
, R13
),
1226 OFFSET(ExR14
, KEXCEPTION_FRAME
, R14
),
1227 OFFSET(ExR15
, KEXCEPTION_FRAME
, R15
),
1228 OFFSET(ExReturn
, KEXCEPTION_FRAME
, Return
),
1229 OFFSET(CuInitialStack
, KEXCEPTION_FRAME
, InitialStack
),
1230 OFFSET(CuTrapFrame
, KEXCEPTION_FRAME
, TrapFrame
),
1231 OFFSET(CuCallbackStack
, KEXCEPTION_FRAME
, CallbackStack
),
1232 OFFSET(CuOutputBuffer
, KEXCEPTION_FRAME
, OutputBuffer
),
1233 OFFSET(CuOutputLength
, KEXCEPTION_FRAME
, OutputLength
),
1234 SIZE(KEXCEPTION_FRAME_LENGTH
, KEXCEPTION_FRAME
),
1236 HEADER("JUMP_BUFFER"),
1237 OFFSET(JbFrame
, JUMP_BUFFER
, Frame
),
1238 OFFSET(JbRbx
, JUMP_BUFFER
, Rbx
),
1239 OFFSET(JbRsp
, JUMP_BUFFER
, Rsp
),
1240 OFFSET(JbRbp
, JUMP_BUFFER
, Rbp
),
1241 OFFSET(JbRsi
, JUMP_BUFFER
, Rsi
),
1242 OFFSET(JbRdi
, JUMP_BUFFER
, Rdi
),
1243 OFFSET(JbR12
, JUMP_BUFFER
, R12
),
1244 OFFSET(JbR13
, JUMP_BUFFER
, R13
),
1245 OFFSET(JbR14
, JUMP_BUFFER
, R14
),
1246 OFFSET(JbR15
, JUMP_BUFFER
, R15
),
1247 OFFSET(JbRip
, JUMP_BUFFER
, Rip
),
1248 OFFSET(JbMxCsr
, JUMP_BUFFER
, MxCsr
),
1249 OFFSET(JbFpCsr
, JUMP_BUFFER
, FpCsr
),
1250 OFFSET(JbXmm6
, JUMP_BUFFER
, Xmm6
),
1251 OFFSET(JbXmm7
, JUMP_BUFFER
, Xmm7
),
1252 OFFSET(JbXmm8
, JUMP_BUFFER
, Xmm8
),
1253 OFFSET(JbXmm9
, JUMP_BUFFER
, Xmm9
),
1254 OFFSET(JbXmm10
, JUMP_BUFFER
, Xmm10
),
1255 OFFSET(JbXmm11
, JUMP_BUFFER
, Xmm11
),
1256 OFFSET(JbXmm12
, JUMP_BUFFER
, Xmm12
),
1257 OFFSET(JbXmm13
, JUMP_BUFFER
, Xmm13
),
1258 OFFSET(JbXmm14
, JUMP_BUFFER
, Xmm14
),
1259 OFFSET(JbXmm15
, JUMP_BUFFER
, Xmm15
),
1262 OFFSET(KgdtBaseLow
, KGDT64
, BaseLow
),
1263 OFFSET(KgdtBaseMiddle
, KGDT64
, BaseMiddle
),
1264 OFFSET(KgdtBaseHigh
, KGDT64
, BaseHigh
),
1265 OFFSET(KgdtBaseUpper
, KGDT64
, BaseUpper
),
1266 OFFSET(KgdtLimitHigh
, KGDT64
, LimitHigh
),
1267 OFFSET(KgdtLimitLow
, KGDT64
, LimitLow
),
1268 CONSTANT(KGDT_LIMIT_ENCODE_MASK
),
1271 OFFSET(PbMxCsr
, KPRCB
, MxCsr
),
1272 OFFSET(PbNumber
, KPRCB
, Number
),
1273 OFFSET(PbInterruptRequest
, KPRCB
, InterruptRequest
),
1274 OFFSET(PbIdleHalt
, KPRCB
, IdleHalt
),
1275 OFFSET(PbCurrentThread
, KPRCB
, CurrentThread
),
1276 OFFSET(PbNextThread
, KPRCB
, NextThread
),
1277 OFFSET(PbIdleThread
, KPRCB
, IdleThread
),
1278 OFFSET(PbNestingLevel
, KPRCB
, NestingLevel
),
1279 OFFSET(PbRspBase
, KPRCB
, RspBase
),
1280 OFFSET(PbPrcbLock
, KPRCB
, PrcbLock
),
1281 OFFSET(PbSetMember
, KPRCB
, SetMember
),
1282 OFFSET(PbProcessorState
, KPRCB
, ProcessorState
),
1283 OFFSET(PbCpuType
, KPRCB
, CpuType
),
1284 OFFSET(PbCpuID
, KPRCB
, CpuID
),
1285 OFFSET(PbCpuStep
, KPRCB
, CpuStep
),
1286 OFFSET(PbHalReserved
, KPRCB
, HalReserved
),
1287 OFFSET(PbMinorVersion
, KPRCB
, MinorVersion
),
1288 OFFSET(PbMajorVersion
, KPRCB
, MajorVersion
),
1289 OFFSET(PbBuildType
, KPRCB
, BuildType
),
1290 OFFSET(PbCpuVendor
, KPRCB
, CpuVendor
),
1291 OFFSET(PbCoresPerPhysicalProcessor
, KPRCB
, CoresPerPhysicalProcessor
),
1292 OFFSET(PbLogicalProcessorsPerCore
, KPRCB
, LogicalProcessorsPerCore
),
1293 OFFSET(PbApicMask
, KPRCB
, ApicMask
),
1294 OFFSET(PbCFlushSize
, KPRCB
, CFlushSize
),
1295 OFFSET(PbAcpiReserved
, KPRCB
, AcpiReserved
),
1296 OFFSET(PbInitialApicId
, KPRCB
, InitialApicId
),
1297 OFFSET(PbStride
, KPRCB
, Stride
),
1298 OFFSET(PbLockQueue
, KPRCB
, LockQueue
),
1299 OFFSET(PbPPLookasideList
, KPRCB
, PPLookasideList
),
1300 OFFSET(PbPPNPagedLookasideList
, KPRCB
, PPNPagedLookasideList
),
1301 OFFSET(PbPPPagedLookasideList
, KPRCB
, PPPagedLookasideList
),
1302 OFFSET(PbPacketBarrier
, KPRCB
, PacketBarrier
),
1303 OFFSET(PbDeferredReadyListHead
, KPRCB
, DeferredReadyListHead
),
1304 OFFSET(PbLookasideIrpFloat
, KPRCB
, LookasideIrpFloat
),
1305 OFFSET(PbSystemCalls
, KPRCB
, SystemCalls
),
1306 OFFSET(PbReadOperationCount
, KPRCB
, ReadOperationCount
),
1307 OFFSET(PbWriteOperationCount
, KPRCB
, WriteOperationCount
),
1308 OFFSET(PbOtherOperationCount
, KPRCB
, OtherOperationCount
),
1309 OFFSET(PbReadTransferCount
, KPRCB
, ReadTransferCount
),
1310 OFFSET(PbWriteTransferCount
, KPRCB
, WriteTransferCount
),
1311 OFFSET(PbOtherTransferCount
, KPRCB
, OtherTransferCount
),
1312 OFFSET(PbContextSwitches
, KPRCB
, ContextSwitches
),
1313 OFFSET(PbTargetSet
, KPRCB
, TargetSet
),
1314 OFFSET(PbIpiFrozen
, KPRCB
, IpiFrozen
),
1315 OFFSET(PbRequestMailbox
, KPRCB
, RequestMailbox
),
1316 OFFSET(PbSenderSummary
, KPRCB
, SenderSummary
),
1317 OFFSET(PbDpcListHead
, KPRCB
, DpcListHead
),
1318 OFFSET(PbDpcLock
, KPRCB
, DpcLock
),
1319 OFFSET(PbDpcQueueDepth
, KPRCB
, DpcQueueDepth
),
1320 OFFSET(PbDpcCount
, KPRCB
, DpcCount
),
1321 OFFSET(PbDpcStack
, KPRCB
, DpcStack
),
1322 OFFSET(PbMaximumDpcQueueDepth
, KPRCB
, MaximumDpcQueueDepth
),
1323 OFFSET(PbDpcRequestRate
, KPRCB
, DpcRequestRate
),
1324 OFFSET(PbMinimumDpcRate
, KPRCB
, MinimumDpcRate
),
1325 OFFSET(PbDpcInterruptRequested
, KPRCB
, DpcInterruptRequested
),
1326 OFFSET(PbDpcThreadRequested
, KPRCB
, DpcThreadRequested
),
1327 OFFSET(PbDpcRoutineActive
, KPRCB
, DpcRoutineActive
),
1328 OFFSET(PbDpcThreadActive
, KPRCB
, DpcThreadActive
),
1329 OFFSET(PbTimerHand
, KPRCB
, TimerHand
),
1330 OFFSET(PbTimerRequest
, KPRCB
, TimerRequest
),
1331 OFFSET(PbTickOffset
, KPRCB
, TickOffset
),
1332 OFFSET(PbMasterOffset
, KPRCB
, MasterOffset
),
1333 OFFSET(PbDpcLastCount
, KPRCB
, DpcLastCount
),
1334 OFFSET(PbQuantumEnd
, KPRCB
, QuantumEnd
),
1335 OFFSET(PbDpcSetEventRequest
, KPRCB
, DpcSetEventRequest
),
1336 OFFSET(PbIdleSchedule
, KPRCB
, IdleSchedule
),
1337 OFFSET(PbReadySummary
, KPRCB
, ReadySummary
),
1338 OFFSET(PbDispatcherReadyListHead
, KPRCB
, DispatcherReadyListHead
),
1339 OFFSET(PbInterruptCount
, KPRCB
, InterruptCount
),
1340 OFFSET(PbKernelTime
, KPRCB
, KernelTime
),
1341 OFFSET(PbUserTime
, KPRCB
, UserTime
),
1342 OFFSET(PbDpcTime
, KPRCB
, DpcTime
),
1343 OFFSET(PbInterruptTime
, KPRCB
, InterruptTime
),
1344 OFFSET(PbAdjustDpcThreshold
, KPRCB
, AdjustDpcThreshold
),
1345 OFFSET(PbSkipTick
, KPRCB
, SkipTick
),
1346 OFFSET(PbPollSlot
, KPRCB
, PollSlot
),
1347 OFFSET(PbParentNode
, KPRCB
, ParentNode
),
1348 OFFSET(PbMultiThreadProcessorSet
, KPRCB
, MultiThreadProcessorSet
),
1349 OFFSET(PbMultiThreadSetMaster
, KPRCB
, MultiThreadSetMaster
),
1350 OFFSET(PbStartCycles
, KPRCB
, StartCycles
),
1351 OFFSET(PbPageColor
, KPRCB
, PageColor
),
1352 OFFSET(PbNodeColor
, KPRCB
, NodeColor
),
1353 OFFSET(PbNodeShiftedColor
, KPRCB
,NodeShiftedColor
),
1354 OFFSET(PbSecondaryColorMask
, KPRCB
, SecondaryColorMask
),
1355 OFFSET(PbSleeping
, KPRCB
, Sleeping
),
1356 OFFSET(PbCycleTime
, KPRCB
, CycleTime
),
1357 OFFSET(PbFastReadNoWait
, KPRCB
, FastReadNoWait
),
1358 OFFSET(PbFastReadWait
, KPRCB
, FastReadWait
),
1359 OFFSET(PbFastReadNotPossible
, KPRCB
, FastReadNotPossible
),
1360 OFFSET(PbCopyReadNoWait
, KPRCB
, CopyReadNoWait
),
1361 OFFSET(PbCopyReadWait
, KPRCB
, CopyReadWait
),
1362 OFFSET(PbCopyReadNoWaitMiss
, KPRCB
, CopyReadNoWaitMiss
),
1363 OFFSET(PbAlignmentFixupCount
, KPRCB
, AlignmentFixupCount
),
1364 OFFSET(PbExceptionDispatchCount
, KPRCB
, ExceptionDispatchCount
),
1365 OFFSET(PbVendorString
, KPRCB
, VendorString
),
1366 OFFSET(PbPowerState
, KPRCB
, PowerState
),
1367 SIZE(ProcessorBlockLength
, KPRCB
),
1370 OFFSET(PcGdt
, KPCR
, Gdt
),
1371 OFFSET(PcTss
, KPCR
, Tss
),
1372 OFFSET(PcUserRsp
, KPCR
, UserRsp
),
1373 OFFSET(PcSelf
, KPCR
, Self
),
1374 OFFSET(PcCurrentPrcb
, KPCR
, CurrentPrcb
),
1375 OFFSET(PcLockArray
, KPCR
, LockArray
),
1376 OFFSET(PcTeb
, KPCR
, Teb
),
1377 OFFSET(PcIdt
, KPCR
, Idt
),
1378 OFFSET(PcIrql
, KPCR
, Irql
),
1379 OFFSET(PcStallScaleFactor
, KPCR
, StallScaleFactor
),
1380 OFFSET(PcHalReserved
, KPCR
, HalReserved
),
1381 OFFSET(PcPrcb
, KPCR
, Prcb
),
1382 OFFSET(PcMxCsr
, KPCR
, MxCsr
),
1383 OFFSET(PcNumber
, KPCR
, Number
),
1384 OFFSET(PcInterruptRequest
, KPCR
, InterruptRequest
),
1385 OFFSET(PcIdleHalt
, KPCR
, IdleHalt
),
1386 OFFSET(PcCurrentThread
, KPCR
, CurrentThread
),
1387 OFFSET(PcNextThread
, KPCR
, NextThread
),
1388 OFFSET(PcIdleThread
, KPCR
, IdleThread
),
1389 OFFSET(PcIpiFrozen
, KPCR
, IpiFrozen
),
1390 OFFSET(PcNestingLevel
, KPCR
, NestingLevel
),
1391 OFFSET(PcRspBase
, KPCR
, RspBase
),
1392 OFFSET(PcPrcbLock
, KPCR
, PrcbLock
),
1393 OFFSET(PcSetMember
, KPCR
, SetMember
),
1394 OFFSET(PcCr0
, KPCR
, Cr0
),
1395 OFFSET(PcCr2
, KPCR
, Cr2
),
1396 OFFSET(PcCr3
, KPCR
, Cr3
),
1397 OFFSET(PcCr4
, KPCR
, Cr4
),
1398 OFFSET(PcKernelDr0
, KPCR
, KernelDr0
),
1399 OFFSET(PcKernelDr1
, KPCR
, KernelDr1
),
1400 OFFSET(PcKernelDr2
, KPCR
, KernelDr2
),
1401 OFFSET(PcKernelDr3
, KPCR
, KernelDr3
),
1402 OFFSET(PcKernelDr7
, KPCR
, KernelDr7
),
1403 OFFSET(PcGdtrLimit
, KPCR
, GdtrLimit
),
1404 OFFSET(PcGdtrBase
, KPCR
, GdtrBase
),
1405 OFFSET(PcIdtrLimit
, KPCR
, IdtrLimit
),
1406 OFFSET(PcIdtrBase
, KPCR
, IdtrBase
),
1407 OFFSET(PcTr
, KPCR
, Tr
),
1408 OFFSET(PcLdtr
, KPCR
, Ldtr
),
1409 OFFSET(PcDebugControl
, KPCR
, DebugControl
),
1410 OFFSET(PcLastBranchToRip
, KPCR
, LastBranchToRip
),
1411 OFFSET(PcLastBranchFromRip
, KPCR
, LastBranchFromRip
),
1412 OFFSET(PcLastExceptionToRip
, KPCR
, LastExceptionToRip
),
1413 OFFSET(PcLastExceptionFromRip
, KPCR
, LastExceptionFromRip
),
1414 OFFSET(PcCr8
, KPCR
, Cr8
),
1415 OFFSET(PcCpuType
, KPCR
, CpuType
),
1416 OFFSET(PcCpuID
, KPCR
, CpuID
),
1417 OFFSET(PcCpuStep
, KPCR
, CpuStep
),
1418 OFFSET(PcCpuVendor
, KPCR
, CpuVendor
),
1419 OFFSET(PcVirtualApicAssist
, KPCR
, VirtualApicAssist
),
1420 OFFSET(PcCFlushSize
, KPCR
, CFlushSize
),
1421 OFFSET(PcDeferredReadyListHead
, KPCR
, DeferredReadyListHead
),
1422 OFFSET(PcSystemCalls
, KPCR
, SystemCalls
),
1423 OFFSET(PcDpcRoutineActive
, KPCR
, DpcRoutineActive
),
1424 OFFSET(PcInterruptCount
, KPCR
, InterruptCount
),
1425 OFFSET(PcDebuggerSavedIRQL
, KPCR
, DebuggerSavedIRQL
),
1426 OFFSET(PcTickOffset
, KPCR
, TickOffset
),
1427 OFFSET(PcMasterOffset
, KPCR
, MasterOffset
),
1428 OFFSET(PcSkipTick
, KPCR
, SkipTick
),
1429 OFFSET(PcStartCycles
, KPCR
, StartCycles
),
1430 SIZE(ProcessorControlRegisterLength
, KPCR
),
1432 HEADER("KPROCESSOR_STATE"),
1433 OFFSET(PsSpecialRegisters
, KPROCESSOR_STATE
, SpecialRegisters
),
1434 OFFSET(PsCr0
, KPROCESSOR_STATE
, Cr0
),
1435 OFFSET(PsCr2
, KPROCESSOR_STATE
, Cr2
),
1436 OFFSET(PsCr3
, KPROCESSOR_STATE
, Cr3
),
1437 OFFSET(PsCr4
, KPROCESSOR_STATE
, Cr4
),
1438 OFFSET(PsKernelDr0
, KPROCESSOR_STATE
, KernelDr0
),
1439 OFFSET(PsKernelDr1
, KPROCESSOR_STATE
, KernelDr1
),
1440 OFFSET(PsKernelDr2
, KPROCESSOR_STATE
, KernelDr2
),
1441 OFFSET(PsKernelDr3
, KPROCESSOR_STATE
, KernelDr3
),
1442 OFFSET(PsKernelDr6
, KPROCESSOR_STATE
, KernelDr6
),
1443 OFFSET(PsKernelDr7
, KPROCESSOR_STATE
, KernelDr7
),
1444 OFFSET(PsGdtr
, KPROCESSOR_STATE
, Gdtr
),
1445 OFFSET(PsIdtr
, KPROCESSOR_STATE
, Idtr
),
1446 OFFSET(PsTr
, KPROCESSOR_STATE
, Tr
),
1447 OFFSET(PsLdtr
, KPROCESSOR_STATE
, Ldtr
),
1448 OFFSET(PsMxCsr
, KPROCESSOR_STATE
, MxCsr
),
1449 OFFSET(PsContextFrame
, KPROCESSOR_STATE
, ContextFrame
),
1450 OFFSET(PsDebugControl
, KPROCESSOR_STATE
, DebugControl
),
1451 OFFSET(PsLastBranchToRip
, KPROCESSOR_STATE
, LastBranchToRip
),
1452 OFFSET(PsLastBranchFromRip
, KPROCESSOR_STATE
, LastBranchFromRip
),
1453 OFFSET(PsLastExceptionToRip
, KPROCESSOR_STATE
, LastExceptionToRip
),
1454 OFFSET(PsLastExceptionFromRip
, KPROCESSOR_STATE
, LastExceptionFromRip
),
1455 OFFSET(PsCr8
, KPROCESSOR_STATE
, Cr8
),
1456 SIZE(ProcessorStateLength
, KPROCESSOR_STATE
),
1458 HEADER("KSTART_FRAME"),
1459 OFFSET(SfP1Home
, KSTART_FRAME
, P1Home
),
1460 OFFSET(SfP2Home
, KSTART_FRAME
, P2Home
),
1461 OFFSET(SfP3Home
, KSTART_FRAME
, P3Home
),
1462 OFFSET(SfP4Home
, KSTART_FRAME
, P4Home
),
1463 OFFSET(SfReturn
, KSTART_FRAME
, Return
),
1464 SIZE(KSTART_FRAME_LENGTH
, KSTART_FRAME
),
1466 HEADER("KSPECIAL_REGISTERS"),
1467 OFFSET(SrKernelDr0
, KSPECIAL_REGISTERS
, KernelDr0
),
1468 OFFSET(SrKernelDr1
, KSPECIAL_REGISTERS
, KernelDr1
),
1469 OFFSET(SrKernelDr2
, KSPECIAL_REGISTERS
, KernelDr2
),
1470 OFFSET(SrKernelDr3
, KSPECIAL_REGISTERS
, KernelDr3
),
1471 OFFSET(SrKernelDr6
, KSPECIAL_REGISTERS
, KernelDr6
),
1472 OFFSET(SrKernelDr7
, KSPECIAL_REGISTERS
, KernelDr7
),
1473 OFFSET(SrGdtr
, KSPECIAL_REGISTERS
, Gdtr
),
1474 OFFSET(SrIdtr
, KSPECIAL_REGISTERS
, Idtr
),
1475 OFFSET(SrTr
, KSPECIAL_REGISTERS
, Tr
),
1476 OFFSET(SrMxCsr
, KSPECIAL_REGISTERS
, MxCsr
),
1477 OFFSET(SrMsrGsBase
, KSPECIAL_REGISTERS
, MsrGsBase
),
1478 OFFSET(SrMsrGsSwap
, KSPECIAL_REGISTERS
, MsrGsSwap
),
1479 OFFSET(SrMsrStar
, KSPECIAL_REGISTERS
, MsrStar
),
1480 OFFSET(SrMsrLStar
, KSPECIAL_REGISTERS
, MsrLStar
),
1481 OFFSET(SrMsrCStar
, KSPECIAL_REGISTERS
, MsrCStar
),
1482 OFFSET(SrMsrSyscallMask
, KSPECIAL_REGISTERS
, MsrSyscallMask
),
1484 HEADER("KSYSTEM_TIME"),
1485 OFFSET(StLowTime
, KSYSTEM_TIME
, LowTime
),
1486 OFFSET(StHigh1Time
, KSYSTEM_TIME
, High1Time
),
1487 OFFSET(StHigh2Time
, KSYSTEM_TIME
, High2Time
),
1489 HEADER("KSWITCH_FRAME"),
1490 OFFSET(SwP5Home
, KSWITCH_FRAME
, P5Home
),
1491 OFFSET(SwApcBypass
, KSWITCH_FRAME
, ApcBypass
),
1492 OFFSET(SwRbp
, KSWITCH_FRAME
, Rbp
),
1493 OFFSET(SwReturn
, KSWITCH_FRAME
, Return
),
1494 SIZE(SwitchFrameLength
, KSWITCH_FRAME
),
1495 SIZE(KSWITCH_FRAME_LENGTH
, KSWITCH_FRAME
),
1497 HEADER("KTRAP_FRAME"),
1498 OFFSET(TrP1Home
, KTRAP_FRAME
, P1Home
),
1499 OFFSET(TrP2Home
, KTRAP_FRAME
, P2Home
),
1500 OFFSET(TrP3Home
, KTRAP_FRAME
, P3Home
),
1501 OFFSET(TrP4Home
, KTRAP_FRAME
, P4Home
),
1502 OFFSET(TrP5
, KTRAP_FRAME
, P5
),
1503 OFFSET(TrPreviousMode
, KTRAP_FRAME
, PreviousMode
),
1504 OFFSET(TrPreviousIrql
, KTRAP_FRAME
, PreviousIrql
),
1505 OFFSET(TrFaultIndicator
, KTRAP_FRAME
, FaultIndicator
),
1506 OFFSET(TrExceptionActive
, KTRAP_FRAME
, ExceptionActive
),
1507 OFFSET(TrMxCsr
, KTRAP_FRAME
, MxCsr
),
1508 OFFSET(TrRax
, KTRAP_FRAME
, Rax
),
1509 OFFSET(TrRcx
, KTRAP_FRAME
, Rcx
),
1510 OFFSET(TrRdx
, KTRAP_FRAME
, Rdx
),
1511 OFFSET(TrR8
, KTRAP_FRAME
, R8
),
1512 OFFSET(TrR9
, KTRAP_FRAME
, R9
),
1513 OFFSET(TrR10
, KTRAP_FRAME
, R10
),
1514 OFFSET(TrR11
, KTRAP_FRAME
, R11
),
1515 OFFSET(TrGsBase
, KTRAP_FRAME
, GsBase
),
1516 OFFSET(TrGsSwap
, KTRAP_FRAME
,GsSwap
),
1517 OFFSET(TrXmm0
, KTRAP_FRAME
, Xmm0
),
1518 OFFSET(TrXmm1
, KTRAP_FRAME
, Xmm1
),
1519 OFFSET(TrXmm2
, KTRAP_FRAME
, Xmm2
),
1520 OFFSET(TrXmm3
, KTRAP_FRAME
, Xmm3
),
1521 OFFSET(TrXmm4
, KTRAP_FRAME
, Xmm4
),
1522 OFFSET(TrXmm5
, KTRAP_FRAME
, Xmm5
),
1523 OFFSET(TrFaultAddress
, KTRAP_FRAME
, FaultAddress
),
1524 OFFSET(TrTimeStampCKCL
, KTRAP_FRAME
, TimeStampCKCL
),
1525 OFFSET(TrDr0
, KTRAP_FRAME
, Dr0
),
1526 OFFSET(TrDr1
, KTRAP_FRAME
, Dr1
),
1527 OFFSET(TrDr2
, KTRAP_FRAME
, Dr2
),
1528 OFFSET(TrDr3
, KTRAP_FRAME
, Dr3
),
1529 OFFSET(TrDr6
, KTRAP_FRAME
, Dr6
),
1530 OFFSET(TrDr7
, KTRAP_FRAME
, Dr7
),
1531 OFFSET(TrDebugControl
, KTRAP_FRAME
, DebugControl
),
1532 OFFSET(TrLastBranchToRip
, KTRAP_FRAME
, LastBranchToRip
),
1533 OFFSET(TrLastBranchFromRip
, KTRAP_FRAME
, LastBranchFromRip
),
1534 OFFSET(TrLastExceptionToRip
, KTRAP_FRAME
, LastExceptionToRip
),
1535 OFFSET(TrLastExceptionFromRip
, KTRAP_FRAME
, LastExceptionFromRip
),
1536 OFFSET(TrLastBranchControl
, KTRAP_FRAME
, LastBranchControl
),
1537 OFFSET(TrLastBranchMSR
, KTRAP_FRAME
, LastBranchMSR
),
1538 OFFSET(TrSegDs
, KTRAP_FRAME
, SegDs
),
1539 OFFSET(TrSegEs
, KTRAP_FRAME
, SegEs
),
1540 OFFSET(TrSegFs
, KTRAP_FRAME
, SegFs
),
1541 OFFSET(TrSegGs
, KTRAP_FRAME
, SegGs
),
1542 OFFSET(TrTrapFrame
, KTRAP_FRAME
, TrapFrame
),
1543 OFFSET(TrRbx
, KTRAP_FRAME
, Rbx
),
1544 OFFSET(TrRdi
, KTRAP_FRAME
, Rdi
),
1545 OFFSET(TrRsi
, KTRAP_FRAME
, Rsi
),
1546 OFFSET(TrRbp
, KTRAP_FRAME
, Rbp
),
1547 OFFSET(TrErrorCode
, KTRAP_FRAME
, ErrorCode
),
1548 OFFSET(TrTimeStampKlog
, KTRAP_FRAME
, TimeStampKlog
),
1549 OFFSET(TrRip
, KTRAP_FRAME
, Rip
),
1550 OFFSET(TrSegCs
, KTRAP_FRAME
, SegCs
),
1551 OFFSET(TrLogging
, KTRAP_FRAME
, Logging
),
1552 OFFSET(TrEFlags
, KTRAP_FRAME
, EFlags
),
1553 OFFSET(TrRsp
, KTRAP_FRAME
, Rsp
),
1554 OFFSET(TrSegSs
, KTRAP_FRAME
, SegSs
),
1555 OFFSET(TrCodePatchCycle
, KTRAP_FRAME
, CodePatchCycle
),
1556 SIZE(KTRAP_FRAME_LENGTH
, KTRAP_FRAME
),
1558 HEADER("KTIMER_TABLE"),
1559 OFFSET(TtEntry
, KTIMER_TABLE
, TimerEntries
),
1560 OFFSET(TtTime
, KTIMER_TABLE
, Time
),
1561 SIZE(TIMER_ENTRY_SIZE
, KTIMER_ENTRY
),
1562 SIZE(TIMER_TABLE_SIZE
, KTIMER_TABLE
),
1563 SIZE(KTIMER_TABLE_SIZE
, KTIMER_TABLE
),
1566 OFFSET(TssRsp0
, TYPE
, Rsp0
),
1567 OFFSET(TssRsp1
, TYPE
, Rsp1
),
1568 OFFSET(TssRsp2
, TYPE
, Rsp2
),
1569 OFFSET(TssPanicStack
, TYPE
, PanicStack
),
1570 OFFSET(TssMcaStack
, TYPE
, McaStack
),
1571 OFFSET(TssNmiStack
, TYPE
, NmiStack
),
1572 OFFSET(TssIoMapBase
, TYPE
, IoMapBase
),
1573 SIZE(TssLength
, TYPE
),