/* Pointer size */ SizeofPointer = 0x4 /* Breakpoints */ BREAKPOINT_BREAK = 0x0 BREAKPOINT_PRINT = 0x1 BREAKPOINT_PROMPT = 0x2 BREAKPOINT_LOAD_SYMBOLS = 0x3 BREAKPOINT_UNLOAD_SYMBOLS = 0x4 BREAKPOINT_COMMAND_STRING = 0x5 /* Context Frame Flags */ CONTEXT_FULL = 0x10007 CONTEXT_CONTROL = 0x10001 CONTEXT_INTEGER = 0x10002 CONTEXT_SEGMENTS = 0x10004 CONTEXT_FLOATING_POINT = 0x10008 CONTEXT_DEBUG_REGISTERS = 0x10010 /* Exception flags */ EXCEPTION_NONCONTINUABLE = 0x1 EXCEPTION_UNWINDING = 0x2 EXCEPTION_EXIT_UNWIND = 0x4 EXCEPTION_STACK_INVALID = 0x8 EXCEPTION_NESTED_CALL = 0x10 EXCEPTION_TARGET_UNWIND = 0x20 EXCEPTION_COLLIDED_UNWIND = 0x20 EXCEPTION_UNWIND = 0x6 EXCEPTION_EXECUTE_HANDLER = 0x1 EXCEPTION_CONTINUE_SEARCH = 0x0 EXCEPTION_CONTINUE_EXECUTION = 0xffffffff EXCEPTION_CHAIN_END = 0xffffffff /* Exception types */ ExceptionContinueExecution = 0x0 ExceptionContinueSearch = 0x1 ExceptionNestedException = 0x2 ExceptionCollidedUnwind = 0x3 /* Lock Queue */ LOCK_QUEUE_WAIT = 0x1 LOCK_QUEUE_OWNER = 0x2 LockQueueDispatcherLock = 0x0 /* Process states */ ProcessInMemory = 0x0 ProcessOutOfMemory = 0x1 ProcessInTransition = 0x2 /* Processor mode */ KernelMode = 0x0 UserMode = 0x1 /* Status codes */ STATUS_ACCESS_VIOLATION = 0xc0000005 STATUS_ASSERTION_FAILURE = 0xc0000420 STATUS_ARRAY_BOUNDS_EXCEEDED = 0xc000008c STATUS_BAD_COMPRESSION_BUFFER = 0xc0000242 STATUS_BREAKPOINT = 0x80000003 STATUS_CALLBACK_POP_STACK = 0xc0000423 STATUS_DATATYPE_MISALIGNMENT = 0x80000002 STATUS_FLOAT_DENORMAL_OPERAND = 0xc000008d STATUS_FLOAT_DIVIDE_BY_ZERO = 0xc000008e STATUS_FLOAT_INEXACT_RESULT = 0xc000008f STATUS_FLOAT_INVALID_OPERATION = 0xc0000090 STATUS_FLOAT_OVERFLOW = 0xc0000091 STATUS_FLOAT_STACK_CHECK = 0xc0000092 STATUS_FLOAT_UNDERFLOW = 0xc0000093 STATUS_FLOAT_MULTIPLE_FAULTS = 0xc00002b4 STATUS_FLOAT_MULTIPLE_TRAPS = 0xc00002b5 STATUS_GUARD_PAGE_VIOLATION = 0x80000001 STATUS_ILLEGAL_FLOAT_CONTEXT = 0xc000014a STATUS_ILLEGAL_INSTRUCTION = 0xc000001d STATUS_INSTRUCTION_MISALIGNMENT = 0xc00000aa STATUS_INVALID_HANDLE = 0xc0000008 STATUS_INVALID_LOCK_SEQUENCE = 0xc000001e STATUS_INVALID_OWNER = 0xc000005a STATUS_INVALID_PARAMETER = 0xc000000d STATUS_INVALID_PARAMETER_1 = 0xc00000ef STATUS_INVALID_SYSTEM_SERVICE = 0xc000001c STATUS_INTEGER_DIVIDE_BY_ZERO = 0xc0000094 STATUS_INTEGER_OVERFLOW = 0xc0000095 STATUS_IN_PAGE_ERROR = 0xc0000006 STATUS_KERNEL_APC = 0x100 STATUS_LONGJUMP = 0x80000026 STATUS_NO_CALLBACK_ACTIVE = 0xc0000258 STATUS_NO_EVENT_PAIR = 0xc000014e STATUS_PRIVILEGED_INSTRUCTION = 0xc0000096 STATUS_SINGLE_STEP = 0x80000004 STATUS_STACK_BUFFER_OVERRUN = 0xc0000409 STATUS_STACK_OVERFLOW = 0xc00000fd STATUS_SUCCESS = 0x0 STATUS_THREAD_IS_TERMINATING = 0xc000004b STATUS_TIMEOUT = 0x102 STATUS_UNWIND = 0xc0000027 STATUS_UNWIND_CONSOLIDATE = 0x80000029 STATUS_USER_APC = 0xc0 STATUS_WAKE_SYSTEM_DEBUGGER = 0x80000007 /* TLS defines */ TLS_MINIMUM_AVAILABLE = 0x40 TLS_EXPANSION_SLOTS = 0x400 /* Thread states */ Initialized = 0x0 Ready = 0x1 Running = 0x2 Standby = 0x3 Terminated = 0x4 Waiting = 0x5 /* Wait type / reason */ WrExecutive = 0x7 WrMutex = 0x1d WrDispatchInt = 0x1f WrQuantumEnd = 0x1e WrEventPair = 0xe WaitAny = 0x1 WaitAll = 0x0 /* Interrupt object types */ InLevelSensitive = 0x0 InLatched = 0x1 /* Bug Check Codes */ APC_INDEX_MISMATCH = 0x1 INVALID_AFFINITY_SET = 0x3 INVALID_DATA_ACCESS_TRAP = 0x4 IRQL_NOT_GREATER_OR_EQUAL = 0x9 IRQL_NOT_LESS_OR_EQUAL = 0xa NO_USER_MODE_CONTEXT = 0xe SPIN_LOCK_ALREADY_OWNED = 0xf SPIN_LOCK_NOT_OWNED = 0x10 THREAD_NOT_MUTEX_OWNER = 0x11 TRAP_CAUSE_UNKNOWN = 0x12 KMODE_EXCEPTION_NOT_HANDLED = 0x1e KERNEL_APC_PENDING_DURING_EXIT = 0x20 PANIC_STACK_SWITCH = 0x2b DATA_BUS_ERROR = 0x2e INSTRUCTION_BUS_ERROR = 0x2f SYSTEM_EXIT_OWNED_MUTEX = 0x39 PAGE_FAULT_WITH_INTERRUPTS_OFF = 0x49 IRQL_GT_ZERO_AT_SYSTEM_SERVICE = 0x4a DATA_COHERENCY_EXCEPTION = 0x55 INSTRUCTION_COHERENCY_EXCEPTION = 0x56 HAL1_INITIALIZATION_FAILED = 0x61 UNEXPECTED_KERNEL_MODE_TRAP = 0x7f NMI_HARDWARE_FAILURE = 0x80 SPIN_LOCK_INIT_FAILURE = 0x81 ATTEMPTED_SWITCH_FROM_DPC = 0xb8 /* IRQL */ PASSIVE_LEVEL = 0x0 APC_LEVEL = 0x1 DISPATCH_LEVEL = 0x2 CLOCK1_LEVEL = 0x1c CLOCK2_LEVEL = 0x1c IPI_LEVEL = 0x1d POWER_LEVEL = 0x1e PROFILE_LEVEL = 0x1b HIGH_LEVEL = 0x1f #ifdef NT_UP SYNCH_LEVEL = 0x2 #else SYNCH_LEVEL = 0x1b #endif /* Stack sizes */ KERNEL_STACK_SIZE = 0x3000 KERNEL_LARGE_STACK_SIZE = 0xf000 KERNEL_LARGE_STACK_COMMIT = 0x3000 /* Miscellaneous Definitions */ LOW_REALTIME_PRIORITY = 0x10 CLOCK_QUANTUM_DECREMENT = 0x3 WAIT_QUANTUM_DECREMENT = 0x1 MAXIMUM_PROCESSORS = 0x20 INITIAL_STALL_COUNT = 0x64 KI_EXCEPTION_ACCESS_VIOLATION = 0x10000004 Executive = 0x0 FALSE = 0x0 TRUE = 0x1 DBG_STATUS_CONTROL_C = 0x1 USER_SHARED_DATA = 0x7ffe0000 PAGE_SIZE = 0x1000 MAXIMUM_IDTVECTOR = 0xff PRIMARY_VECTOR_BASE = 0x30 RPL_MASK = 0x3 MODE_MASK = 0x1 NUMBER_SERVICE_TABLES = 0x2 SERVICE_NUMBER_MASK = 0xfff SERVICE_TABLE_SHIFT = 0x8 SERVICE_TABLE_MASK = 0x10 SERVICE_TABLE_TEST = 0x10 /* KAPC */ ApType = 0x0 ApSize = 0x2 ApThread = 0x8 ApApcListEntry = 0xc ApKernelRoutine = 0x14 ApRundownRoutine = 0x18 ApNormalRoutine = 0x1c ApNormalContext = 0x20 ApSystemArgument1 = 0x24 ApSystemArgument2 = 0x28 ApApcStateIndex = 0x2c ApApcMode = 0x2d ApInserted = 0x2e ApcObjectLength = 0x30 /* KAPC_STATE */ AsApcListHead = 0x0 AsProcess = 0x10 AsKernelApcInProgress = 0x14 AsKernelApcPending = 0x15 AsUserApcPending = 0x16 /* CLIENT_ID */ CidUniqueProcess = 0x0 CidUniqueThread = 0x4 /* RTL_CRITICAL_SECTION */ CsDebugInfo = 0x0 CsLockCount = 0x4 CsRecursionCount = 0x8 CsOwningThread = 0xc CsLockSemaphore = 0x10 CsSpinCount = 0x14 /* RTL_CRITICAL_SECTION_DEBUG */ CsType = 0x0 CsCreatorBackTraceIndex = 0x2 CsCriticalSection = 0x4 CsProcessLocksList = 0x8 CsEntryCount = 0x10 CsContentionCount = 0x14 /* KDEVICE_QUEUE_ENTRY */ DeDeviceListEntry = 0x0 DeSortKey = 0x8 DeInserted = 0xc DeviceQueueEntryLength = 0x10 /* KDPC */ DpType = 0x0 DpImportance = 0x1 DpNumber = 0x2 DpDpcListEntry = 0x4 DpDeferredRoutine = 0xc DpDeferredContext = 0x10 DpSystemArgument1 = 0x14 DpSystemArgument2 = 0x18 DpDpcData = 0x1c DpcObjectLength = 0x20 /* KDEVICE_QUEUE */ DvType = 0x0 DvSize = 0x2 DvDeviceListHead = 0x4 DvSpinLock = 0xc DvBusy = 0x10 DeviceQueueObjectLength = 0x14 /* EXCEPTION_RECORD */ ErExceptionCode = 0x0 ErExceptionFlags = 0x4 ErExceptionRecord = 0x8 ErExceptionAddress = 0xc ErNumberParameters = 0x10 ErExceptionInformation = 0x14 ExceptionRecordLength = 0x50 EXCEPTION_RECORD_LENGTH = 0x50 /* EPROCESS */ EpDebugPort = 0xcc EpVdmObjects = 0x144 ExecutiveProcessObjectLength = 0x278 /* KEVENT */ EvType = 0x0 EvSize = 0x2 EvSignalState = 0x4 EvWaitListHead = 0x8 EventObjectLength = 0x10 /* FAST_MUTEX */ FmCount = 0x0 FmOwner = 0x4 FmContention = 0x8 FmOldIrql = 0x1c /* KINTERRUPT */ InType = 0x0 InSize = 0x2 InInterruptListEntry = 0x4 InServiceRoutine = 0xc InServiceContext = 0x10 InSpinLock = 0x14 InTickCount = 0x18 InActualLock = 0x1c InDispatchAddress = 0x20 InVector = 0x24 InIrql = 0x28 InSynchronizeIrql = 0x29 InFloatingSave = 0x2a InConnected = 0x2b InNumber = 0x2c InShareVector = 0x2d InMode = 0x30 InServiceCount = 0x34 InDispatchCount = 0x38 InDispatchCode = 0x3c InterruptObjectLength = 0x1e4 /* IO_STATUS_BLOCK */ IoStatus = 0x0 IoPointer = 0x0 IoInformation = 0x4 /* KNODE */ KnPfnDereferenceSListHead = 0x8 KnProcessorMask = 0x10 KnColor = 0x14 KnSeed = 0x18 KnNodeNumber = 0x19 KnFlags = 0x1a knMmShiftedColor = 0x1e KnFreeCount = 0x22 KnPfnDeferredList = 0x2a KNODE_SIZE = 0x2e /* KSPIN_LOCK_QUEUE */ LqNext = 0x0 LqLock = 0x4 /* KLOCK_QUEUE_HANDLE */ LqhNext = 0x0 LqhLock = 0x4 LqhOldIrql = 0x8 LOCK_QUEUE_HEADER_SIZE = 0xc /* LARGE_INTEGER */ LiLowPart = 0x0 LiHighPart = 0x4 /* LIST_ENTRY */ LsFlink = 0x0 LsBlink = 0x4 /* PEB */ PeKernelCallbackTable = 0x2c ProcessEnvironmentBlockLength = 0x230 /* KPROFILE */ PfType = 0x0 PfSize = 0x2 PfProfileListEntry = 0x4 PfProcess = 0xc PfRangeBase = 0x10 PfRangeLimit = 0x14 PfBucketShift = 0x18 PfBuffer = 0x1c PfSegment = 0x20 PfAffinity = 0x24 PfSource = 0x28 PfStarted = 0x2c ProfileObjectLength = 0x30 /* PORT_MESSAGE */ PmLength = 0x0 PmZeroInit = 0x4 PmClientId = 0x8 PmProcess = 0x8 PmThread = 0xc PmMessageId = 0x10 PmClientViewSize = 0x14 PortMessageLength = 0x18 /* KPROCESS */ PrType = 0x0 PrSize = 0x2 PrSignalState = 0x4 PrProfileListHead = 0x10 PrDirectoryTableBase = 0x18 PrLdtDescriptor = 0x20 PrIopmOffset = 0x30 PrInt21Descriptor = 0x28 PrVdmTrapcHandler = 0x4c PrFlags = 0x6b PrActiveProcessors = 0x34 PrKernelTime = 0x38 PrUserTime = 0x3c PrReadyListHead = 0x40 PrSwapListEntry = 0x48 PrThreadListHead = 0x50 PrProcessLock = 0x58 PrAffinity = 0x5c PrProcessFlags = 0x60 PrBasePriority = 0x64 PrQuantumReset = 0x65 PrState = 0x66 PrStackCount = 0x6c KernelProcessObjectLength = 0x78 /* KQUEUE */ QuType = 0x0 QuSize = 0x2 QuSignalState = 0x4 QuEntryListHead = 0x10 QuCurrentCount = 0x18 QuMaximumCount = 0x1c QuThreadListHead = 0x20 QueueObjectLength = 0x28 /* STRING */ StrLength = 0x0 StrMaximumLength = 0x2 StrBuffer = 0x4 /* TEB */ TeCmTeb = 0x0 TeExceptionList = 0x0 TeStackBase = 0x4 TeStackLimit = 0x8 TeFiberData = 0x10 TeSelf = 0x18 TeEnvironmentPointer = 0x1c TeClientId = 0x20 TeActiveRpcHandle = 0x28 TeThreadLocalStoragePointer = 0x2c TeCountOfOwnedCriticalSections = 0x38 TePeb = 0x30 TeCsrClientThread = 0x3c TeWOW32Reserved = 0xc0 TeExceptionCode = 0x1a4 TeActivationContextStackPointer = 0x1a8 TeGdiClientPID = 0x6c0 TeGdiClientTID = 0x6c4 TeGdiThreadLocalInfo = 0x6c8 TeglDispatchTable = 0x7c4 TeglReserved1 = 0xb68 TeglReserved2 = 0xbdc TeglSectionInfo = 0xbe0 TeglSection = 0xbe4 TeglTable = 0xbe8 TeglCurrentRC = 0xbec TeglContext = 0xbf0 TeDeallocationStack = 0xe0c TeTlsSlots = 0xe10 TeTlsExpansionSlots = 0xf94 TeLastErrorValue = 0x34 TeVdm = 0xf18 TeInstrumentation = 0xf2c TeGdiBatchCount = 0xf70 TeGuaranteedStackBytes = 0xf78 TeFlsData = 0xfb4 TeSafeThunkCall = 0xfb8 ThreadEnvironmentBlockLength = 0xfbc /* TIME_FIELDS */ TfSecond = 0xa TfMinute = 0x8 TfHour = 0x6 TfWeekday = 0xe TfDay = 0x4 TfMonth = 0x2 TfYear = 0x0 TfMilliseconds = 0xc /* KTHREAD */ ThType = 0x0 ThSize = 0x2 ThLock = 0x0 ThDebugActive = 0x3 ThSignalState = 0x4 ThInitialStack = 0x18 ThStackLimit = 0x1c ThKernelStack = 0x20 ThThreadLock = 0x24 ThAlerted = 0x5e ThApcState = 0x28 ThPriority = 0x5b ThSwapBusy = 0x5d ThNextProcessor = 0x40 ThDeferredProcessor = 0x41 ThApcQueueLock = 0x44 ThContextSwitches = 0x48 ThState = 0x4c ThNpxState = 0x4d ThWaitIrql = 0x4e ThWaitMode = 0x4f ThWaitStatus = 0x50 ThWaitBlockList = 0x54 ThGateObject = 0x54 ThWaitListEntry = 0x60 ThSwapListEntry = 0x60 ThQueue = 0x68 ThWaitTime = 0x6c ThCombinedApcDisable = 0x70 ThKernelApcDisable = 0x70 ThSpecialApcDisable = 0x72 ThTeb = 0x74 ThTimer = 0x78 ThThreadFlags = 0xa0 ThServiceTable = 0x118 ThWaitBlock = 0xa8 ThResourceIndex = 0xef ThQueueListEntry = 0x108 ThTrapFrame = 0x110 ThCallbackStack = 0x114 ThApcStateIndex = 0x11c ThIdealProcessor = 0x11d ThBasePriority = 0x121 ThPriorityDecrement = 0x122 ThAdjustReason = 0x42 ThAdjustIncrement = 0x43 ThPreviousMode = 0xd7 ThSaturation = 0x123 ThFreezeCount = 0x14f ThUserAffinity = 0x124 ThProcess = 0x128 ThAffinity = 0x12c ThUserIdealProcessor = 0x151 ThApcStatePointer = 0x130 ThSavedApcState = 0x138 ThWaitReason = 0x5a ThSuspendCount = 0x150 ThWin32Thread = 0x154 ThStackBase = 0x158 ThSuspendApc = 0x15c ThPowerState = 0x18b ThKernelTime = 0x160 ThLegoData = 0x184 ThLargeStack = 0x107 ThUserTime = 0x18c ThSuspendSemaphore = 0x190 ThSListFaultCount = 0x1a4 ThThreadListEntry = 0x1a8 ThMutantListHead = 0x10 ThSListFaultAddress = 0x1b0 KernelThreadObjectLength = 0x1b8 ExecutiveThreadObjectLength = 0x250 /* KTIMER */ TiType = 0x0 TiSize = 0x2 TiInserted = 0x3 TiSignalState = 0x4 TiDueTime = 0x10 TiTimerListEntry = 0x18 TiDpc = 0x20 TiPeriod = 0x24 TimerObjectLength = 0x28 /* TIME */ /* KUSER_SHARED_DATA */ UsTickCountMultiplier = 0x4 UsInterruptTime = 0x8 UsSystemTime = 0x14 UsTimeZoneBias = 0x20 UsImageNumberLow = 0x2c UsImageNumberHigh = 0x2e UsNtSystemRoot = 0x30 UsMaxStackTraceDepth = 0x238 UsCryptoExponent = 0x23c UsTimeZoneId = 0x240 UsLargePageMinimum = 0x244 UsReserved2 = 0x248 UsNtProductType = 0x264 UsProductTypeIsValid = 0x268 UsNtMajorVersion = 0x26c UsNtMinorVersion = 0x270 UsProcessorFeatures = 0x274 UsReserved1 = 0x2b4 UsReserved3 = 0x2b8 UsTimeSlip = 0x2bc UsAlternativeArchitecture = 0x2c0 UsSystemExpirationDate = 0x2c8 UsSuiteMask = 0x2d0 UsKdDebuggerEnabled = 0x2d4 UsActiveConsoleId = 0x2d8 UsDismountCount = 0x2dc UsComPlusPackage = 0x2e0 UsLastSystemRITEventTickCount = 0x2e4 UsNumberOfPhysicalPages = 0x2e8 UsSafeBootMode = 0x2ec UsTestRetInstruction = 0x2f8 UsSystemCall = 0x300 UsSystemCallReturn = 0x304 UsSystemCallPad = 0x308 UsTickCount = 0x320 UsTickCountQuad = 0x320 UsWow64SharedInformation = 0x340 /* KWAIT_BLOCK */ WbWaitListEntry = 0x0 WbThread = 0x8 WbObject = 0xc WbNextWaitBlock = 0x10 WbWaitKey = 0x14 WbWaitType = 0x16 /* CR0 flags */ CR0_PE = 0x1 CR0_MP = 0x2 CR0_EM = 0x4 CR0_TS = 0x8 CR0_ET = 0x10 CR0_NE = 0x20 CR0_WP = 0x10000 CR0_AM = 0x40000 CR0_NW = 0x20000000 CR0_CD = 0x40000000 CR0_PG = 0x80000000 /* CR4 flags */ CR4_VME = 0x1 CR4_PVI = 0x2 CR4_TSD = 0x4 CR4_DE = 0x8 CR4_PSE = 0x10 CR4_PAE = 0x20 CR4_MCE = 0x40 CR4_PGE = 0x80 CR4_FXSR = 0x200 CR4_XMMEXCPT = 0x400 /* KeFeatureBits flags */ KF_RDTSC = 0x2 KF_CR4 = 0x4 KF_GLOBAL_PAGE = 0x10 KF_LARGE_PAGE = 0x20 KF_CMPXCHG8B = 0x80 KF_FAST_SYSCALL = 0x1000 KF_V86_VIS = 0x1 /* Machine type definitions */ MACHINE_TYPE_ISA = 0x0 MACHINE_TYPE_EISA = 0x1 MACHINE_TYPE_MCA = 0x2 /* EFLAGS */ EFLAGS_TF = 0x100 EFLAGS_INTERRUPT_MASK = 0x200 EFLAGS_V86_MASK = 0x20000 EFLAGS_ALIGN_CHECK = 0x40000 EFLAGS_VIF = 0x80000 EFLAGS_VIP = 0x100000 EFLAGS_USER_SANITIZE = 0x3f4dd7 /* KDGT selectors */ KGDT_R3_DATA = 0x20 KGDT_R3_CODE = 0x18 KGDT_R0_CODE = 0x8 KGDT_R0_DATA = 0x10 KGDT_R0_PCR = 0x30 KGDT_TSS = 0x28 KGDT_R3_TEB = 0x38 KGDT_DF_TSS = 0x50 KGDT_NMI_TSS = 0x58 KGDT_LDT = 0x48 NPX_STATE_NOT_LOADED = 0xa NPX_STATE_LOADED = 0x0 PF_XMMI_INSTRUCTIONS_AVAILABLE = 0x6 EFLAG_SELECT = 0xc000 /* CONTEXT */ CsContextFlags = 0x0 CsDr0 = 0x4 CsDr1 = 0x8 CsDr2 = 0xc CsDr3 = 0x10 CsDr6 = 0x14 CsDr7 = 0x18 CsFloatSave = 0x1c CsSegGs = 0x8c CsSegFs = 0x90 CsSegEs = 0x94 CsSegDs = 0x98 CsEdi = 0x9c CsEsi = 0xa0 CsEbx = 0xa4 CsEdx = 0xa8 CsEcx = 0xac CsEax = 0xb0 CsEbp = 0xb4 CsEip = 0xb8 CsSegCs = 0xbc CsEflags = 0xc0 CsEsp = 0xc4 CsSegSs = 0xc8 CsExtendedRegisters = 0xcc ContextFrameLength = 0x2cc CONTEXT_LENGTH = 0x2cc /* KGDTENTRY */ KgdtBaseLow = 0x2 KgdtBaseMid = 0x4 KgdtBaseHi = 0x7 KgdtLimitHi = 0x6 KgdtLimitLow = 0x0 /* KTRAP_FRAME */ TsExceptionList = 0x4c TsPreviousPreviousMode = 0x48 TsSegGs = 0x30 TsSegFs = 0x50 TsSegEs = 0x34 TsSegDs = 0x38 TsEdi = 0x54 TsEsi = 0x58 TsEbp = 0x60 TsEbx = 0x5c TsEdx = 0x3c TsEcx = 0x40 TsEax = 0x44 TsErrCode = 0x64 TsEip = 0x68 TsSegCs = 0x6c TsEflags = 0x70 TsHardwareEsp = 0x74 TsHardwareSegSs = 0x78 TsTempSegCs = 0x10 TsTempEsp = 0x14 TsDbgEbp = 0x0 TsDbgEip = 0x4 TsDbgArgMark = 0x8 TsDbgArgPointer = 0xc TsDr0 = 0x18 TsDr1 = 0x1c TsDr2 = 0x20 TsDr3 = 0x24 TsDr6 = 0x28 TsDr7 = 0x2c TsV86Es = 0x7c TsV86Ds = 0x80 TsV86Fs = 0x84 TsV86Gs = 0x88 KTRAP_FRAME_LENGTH = 0x8c KTRAP_FRAME_ALIGN = 0x4 FRAME_EDITED = 0xfff8 /* KTSS */ TssEsp0 = 0x4 TssCR3 = 0x1c TssEip = 0x20 TssEFlags = 0x24 TssEax = 0x28 TssEbx = 0x34 TssEcx = 0x2c TssEdx = 0x30 TssEsp = 0x38 TssEbp = 0x3c TssEsi = 0x40 TssEdi = 0x44 TssEs = 0x48 TssCs = 0x4c TssSs = 0x50 TssDs = 0x54 TssFs = 0x58 TssGs = 0x5c TssLDT = 0x60 TssIoMapBase = 0x66 TssIoMaps = 0x68 TssLength = 0x20ac /* KPCR */ KPCR_EXCEPTION_LIST = 0x0 KPCR_PERF_GLOBAL_GROUP_MASK = 0x8 KPCR_CONTEXT_SWITCHES = 0x10 KPCR_TEB = 0x18 KPCR_SELF = 0x1c KPCR_PRCB = 0x20 KPCR_IDT = 0x38 KPCR_GDT = 0x3c KPCR_TSS = 0x40 KPCR_STALL_SCALE_FACTOR = 0x4c KPCR_PRCB_DATA = 0x120 KPCR_CURRENT_THREAD = 0x124 KPCR_PRCB_NEXT_THREAD = 0x128 KPCR_PRCB_DPC_QUEUE_DEPTH = 0xa4c KPCR_PRCB_DPC_STACK = 0xa68 KPCR_PRCB_MAXIMUM_DPC_QUEUE_DEPTH = 0xa6c KPCR_PRCB_DPC_ROUTINE_ACTIVE = 0xa7a KPCR_PRCB_TIMER_REQUEST = 0xa88 KPCR_PRCB_QUANTUM_END = 0xaa1 KPCR_PRCB_DEFERRED_READY_LIST_HEAD = 0xc10 KPCR_PRCB_POWER_STATE_IDLE_FUNCTION = 0xec0 /* KTRAP_FRAME */ KTRAP_FRAME_DEBUGEBP = 0x0 KTRAP_FRAME_DEBUGEIP = 0x4 KTRAP_FRAME_TEMPESP = 0x14 KTRAP_FRAME_DR0 = 0x18 KTRAP_FRAME_DR1 = 0x1c KTRAP_FRAME_DR2 = 0x20 KTRAP_FRAME_DR3 = 0x24 KTRAP_FRAME_DR6 = 0x28 KTRAP_FRAME_DR7 = 0x2c KTRAP_FRAME_GS = 0x30 KTRAP_FRAME_ES = 0x34 KTRAP_FRAME_DS = 0x38 KTRAP_FRAME_EDX = 0x3c KTRAP_FRAME_ECX = 0x40 KTRAP_FRAME_EAX = 0x44 KTRAP_FRAME_PREVIOUS_MODE = 0x48 KTRAP_FRAME_EXCEPTION_LIST = 0x4c KTRAP_FRAME_FS = 0x50 KTRAP_FRAME_EDI = 0x54 KTRAP_FRAME_ESI = 0x58 KTRAP_FRAME_EBX = 0x5c KTRAP_FRAME_EBP = 0x60 KTRAP_FRAME_ERROR_CODE = 0x64 KTRAP_FRAME_EIP = 0x68 KTRAP_FRAME_EFLAGS = 0x70 KTRAP_FRAME_ESP = 0x74 KTRAP_FRAME_SS = 0x78 KTRAP_FRAME_V86_ES = 0x7c KTRAP_FRAME_V86_DS = 0x80 KTRAP_FRAME_V86_FS = 0x84 KTRAP_FRAME_V86_GS = 0x88 KTRAP_FRAME_SIZE = 0x8c FRAME_EDITED = 0xfff8 /* CONTEXT */ CONTEXT_FLAGS = 0x0 CONTEXT_SEGGS = 0x8c CONTEXT_SEGFS = 0x90 CONTEXT_SEGES = 0x94 CONTEXT_SEGDS = 0x98 CONTEXT_EDI = 0x9c CONTEXT_ESI = 0xa0 CONTEXT_EBX = 0xa4 CONTEXT_EDX = 0xa8 CONTEXT_ECX = 0xac CONTEXT_EAX = 0xb0 CONTEXT_EBP = 0xb4 CONTEXT_EIP = 0xb8 CONTEXT_SEGCS = 0xbc CONTEXT_EFLAGS = 0xc0 CONTEXT_ESP = 0xc4 CONTEXT_SEGSS = 0xc8 CONTEXT_FRAME_LENGTH = 0x2cc /* FIBER */ FIBER_PARAMETER = 0x0 FIBER_EXCEPTION_LIST = 0x4 FIBER_STACK_BASE = 0x8 FIBER_STACK_LIMIT = 0xc FIBER_DEALLOCATION_STACK = 0x10 FIBER_CONTEXT = 0x14 FIBER_CONTEXT_FLAGS = 0x14 FIBER_CONTEXT_EAX = 0xc4 FIBER_CONTEXT_EBX = 0xb8 FIBER_CONTEXT_ECX = 0xc0 FIBER_CONTEXT_EDX = 0xbc FIBER_CONTEXT_ESI = 0xb4 FIBER_CONTEXT_EDI = 0xb0 FIBER_CONTEXT_EBP = 0xc8 FIBER_CONTEXT_EIP = 0xcc FIBER_CONTEXT_ESP = 0xd8 FIBER_CONTEXT_DR6 = 0x28 FIBER_CONTEXT_FLOAT_SAVE_CONTROL_WORD = 0x30 FIBER_CONTEXT_FLOAT_SAVE_STATUS_WORD = 0x34 FIBER_CONTEXT_FLOAT_SAVE_TAG_WORD = 0x38 FIBER_GUARANTEED_STACK_BYTES = 0x2e0 FIBER_FLS_DATA = 0x2e4 FIBER_ACTIVATION_CONTEXT_STACK = 0x2e8 /* KTSS */ KTSS_IOMAPBASE = 0x66 KTSS_ESP0 = 0x4 /* EXCEPTION_RECORD */ EXCEPTION_RECORD_EXCEPTION_CODE = 0x0 EXCEPTION_RECORD_EXCEPTION_FLAGS = 0x4 EXCEPTION_RECORD_EXCEPTION_RECORD = 0x8 EXCEPTION_RECORD_EXCEPTION_ADDRESS = 0xc EXCEPTION_RECORD_NUMBER_PARAMETERS = 0x10 EXCEPTION_RECORD_EXCEPTION_ADDRESS = 0xc SIZEOF_EXCEPTION_RECORD = 0x50 EXCEPTION_RECORD_LENGTH = 0x50 /* KTHREAD */ KTHREAD_DEBUG_ACTIVE = 0x3 KTHREAD_INITIAL_STACK = 0x18 KTHREAD_STACK_LIMIT = 0x1c KTHREAD_TEB = 0x74 KTHREAD_KERNEL_STACK = 0x20 KTHREAD_APCSTATE_PROCESS = 0x38 KTHREAD_PENDING_KERNEL_APC = 0x3d KTHREAD_CONTEXT_SWITCHES = 0x48 KTHREAD_STATE_ = 0x4c KTHREAD_NPX_STATE = 0x4d KTHREAD_WAIT_IRQL = 0x4e KTHREAD_WAIT_REASON = 0x5a KTHREAD_COMBINED_APC_DISABLE = 0x70 KTHREAD_SPECIAL_APC_DISABLE = 0x72 KTHREAD_LARGE_STACK = 0x107 KTHREAD_TRAP_FRAME = 0x110 KTHREAD_CALLBACK_STACK = 0x114 KTHREAD_APC_STATE_INDEX = 0x11c KTHREAD_STACK_BASE = 0x158 /* KPROCESS */ KPROCESS_DIRECTORY_TABLE_BASE = 0x18 KPROCESS_LDT_DESCRIPTOR0 = 0x20 KPROCESS_LDT_DESCRIPTOR1 = 0x24 KPROCESS_INT21_DESCRIPTOR0 = 0x28 KPROCESS_INT21_DESCRIPTOR1 = 0x2c KPROCESS_IOPM_OFFSET = 0x30 /* Teb */ TEB_EXCEPTION_LIST = 0x0 TEB_STACK_LIMIT = 0x8 TEB_STACK_BASE = 0x4 TEB_SELF = 0x18 TEB_FIBER_DATA = 0x10 TEB_PEB = 0x30 TEB_EXCEPTION_CODE = 0x1a4 PEB_KERNEL_CALLBACK_TABLE = 0x2c TEB_FLS_DATA = 0xfb4 TEB_ACTIVATION_CONTEXT_STACK_POINTER = 0x1a8 TEB_GUARANTEED_STACK_BYTES = 0xf78 TEB_DEALLOCATION_STACK = 0xe0c /* Misc */ NPX_FRAME_LENGTH = 0x210 FN_CR0_NPX_STATE = 0x20c DR7_RESERVED_MASK = 0xdc00 FP_CONTROL_WORD = 0x0 FP_STATUS_WORD = 0x4 FP_TAG_WORD = 0x8 FP_DATA_SELECTOR = 0x18 CBSTACK_RESULT = 0x20 CBSTACK_RESULT_LENGTH = 0x24 CBSTACK_TRAP_FRAME = 0x4 CBSTACK_CALLBACK_STACK = 0x8 SIZEOF_FX_SAVE_AREA = 0x210 KUSER_SHARED_SYSCALL = 0x7ffe0300 EXCEPTION_EXECUTE_HANDLER = 0x1 STATUS_CALLBACK_POP_STACK = 0xc0000423 CONTEXT_ALIGNED_SIZE = 0x2cc PROCESSOR_FEATURE_FXSR = 0x7ffe0278