typedef struct _EPROCESS                                               // 106 elements, 0x278 bytes (sizeof)
          {
/*0x000*/     struct _KPROCESS Pcb;                                              // 33 elements, 0x78 bytes (sizeof)
/*0x078*/     struct _EX_PUSH_LOCK ProcessLock;                                  // 7 elements, 0x4 bytes (sizeof)
/*0x07C*/     UINT8        _PADDING0_[0x4];
/*0x080*/     union _LARGE_INTEGER CreateTime;                                   // 4 elements, 0x8 bytes (sizeof)
/*0x088*/     union _LARGE_INTEGER ExitTime;                                     // 4 elements, 0x8 bytes (sizeof)
/*0x090*/     struct _EX_RUNDOWN_REF RundownProtect;                             // 2 elements, 0x4 bytes (sizeof)
/*0x094*/     VOID*        UniqueProcessId;
/*0x098*/     struct _LIST_ENTRY ActiveProcessLinks;                             // 2 elements, 0x8 bytes (sizeof)
/*0x0A0*/     ULONG32      QuotaUsage[3];
/*0x0AC*/     ULONG32      QuotaPeak[3];
/*0x0B8*/     ULONG32      CommitCharge;
/*0x0BC*/     ULONG32      PeakVirtualSize;
/*0x0C0*/     ULONG32      VirtualSize;
/*0x0C4*/     struct _LIST_ENTRY SessionProcessLinks;                            // 2 elements, 0x8 bytes (sizeof)
/*0x0CC*/     VOID*        DebugPort;
/*0x0D0*/     VOID*        ExceptionPort;
/*0x0D4*/     struct _HANDLE_TABLE* ObjectTable;
/*0x0D8*/     struct _EX_FAST_REF Token;                                         // 3 elements, 0x4 bytes (sizeof)
/*0x0DC*/     ULONG32      WorkingSetPage;
/*0x0E0*/     struct _KGUARDED_MUTEX AddressCreationLock;                        // 7 elements, 0x20 bytes (sizeof)
/*0x100*/     ULONG32      HyperSpaceLock;
/*0x104*/     struct _ETHREAD* ForkInProgress;
/*0x108*/     ULONG32      HardwareTrigger;
/*0x10C*/     struct _MM_AVL_TABLE* PhysicalVadRoot;
/*0x110*/     VOID*        CloneRoot;
/*0x114*/     ULONG32      NumberOfPrivatePages;
/*0x118*/     ULONG32      NumberOfLockedPages;
/*0x11C*/     VOID*        Win32Process;
/*0x120*/     struct _EJOB* Job;
/*0x124*/     VOID*        SectionObject;
/*0x128*/     VOID*        SectionBaseAddress;
/*0x12C*/     struct _EPROCESS_QUOTA_BLOCK* QuotaBlock;
/*0x130*/     struct _PAGEFAULT_HISTORY* WorkingSetWatch;
/*0x134*/     VOID*        Win32WindowStation;
/*0x138*/     VOID*        InheritedFromUniqueProcessId;
/*0x13C*/     VOID*        LdtInformation;
/*0x140*/     VOID*        VadFreeHint;
/*0x144*/     VOID*        VdmObjects;
/*0x148*/     VOID*        DeviceMap;
/*0x14C*/     VOID*        Spare0[3];
              union                                                              // 2 elements, 0x8 bytes (sizeof)
              {
/*0x158*/         struct _HARDWARE_PTE PageDirectoryPte;                         // 13 elements, 0x4 bytes (sizeof)
/*0x158*/         UINT64       Filler;
              };
/*0x160*/     VOID*        Session;
/*0x164*/     UINT8        ImageFileName[16];
/*0x174*/     struct _LIST_ENTRY JobLinks;                                       // 2 elements, 0x8 bytes (sizeof)
/*0x17C*/     VOID*        LockedPagesList;
/*0x180*/     struct _LIST_ENTRY ThreadListHead;                                 // 2 elements, 0x8 bytes (sizeof)
/*0x188*/     VOID*        SecurityPort;
/*0x18C*/     VOID*        PaeTop;
/*0x190*/     ULONG32      ActiveThreads;
/*0x194*/     ULONG32      GrantedAccess;
/*0x198*/     ULONG32      DefaultHardErrorProcessing;
/*0x19C*/     LONG32       LastThreadExitStatus;
/*0x1A0*/     struct _PEB* Peb;
/*0x1A4*/     struct _EX_FAST_REF PrefetchTrace;                                 // 3 elements, 0x4 bytes (sizeof)
/*0x1A8*/     union _LARGE_INTEGER ReadOperationCount;                           // 4 elements, 0x8 bytes (sizeof)
/*0x1B0*/     union _LARGE_INTEGER WriteOperationCount;                          // 4 elements, 0x8 bytes (sizeof)
/*0x1B8*/     union _LARGE_INTEGER OtherOperationCount;                          // 4 elements, 0x8 bytes (sizeof)
/*0x1C0*/     union _LARGE_INTEGER ReadTransferCount;                            // 4 elements, 0x8 bytes (sizeof)
/*0x1C8*/     union _LARGE_INTEGER WriteTransferCount;                           // 4 elements, 0x8 bytes (sizeof)
/*0x1D0*/     union _LARGE_INTEGER OtherTransferCount;                           // 4 elements, 0x8 bytes (sizeof)
/*0x1D8*/     ULONG32      CommitChargeLimit;
/*0x1DC*/     ULONG32      CommitChargePeak;
/*0x1E0*/     VOID*        AweInfo;
/*0x1E4*/     struct _SE_AUDIT_PROCESS_CREATION_INFO SeAuditProcessCreationInfo; // 1 elements, 0x4 bytes (sizeof)
/*0x1E8*/     struct _MMSUPPORT Vm;                                              // 15 elements, 0x48 bytes (sizeof)
/*0x230*/     struct _LIST_ENTRY MmProcessLinks;                                 // 2 elements, 0x8 bytes (sizeof)
/*0x238*/     ULONG32      ModifiedPageCount;
/*0x23C*/     ULONG32      JobStatus;
              union                                                              // 2 elements, 0x4 bytes (sizeof)
              {
/*0x240*/         ULONG32      Flags;
                  struct                                                         // 29 elements, 0x4 bytes (sizeof)
                  {
/*0x240*/             ULONG32      CreateReported : 1;                           // 0 BitPosition
/*0x240*/             ULONG32      NoDebugInherit : 1;                           // 1 BitPosition
/*0x240*/             ULONG32      ProcessExiting : 1;                           // 2 BitPosition
/*0x240*/             ULONG32      ProcessDelete : 1;                            // 3 BitPosition
/*0x240*/             ULONG32      Wow64SplitPages : 1;                          // 4 BitPosition
/*0x240*/             ULONG32      VmDeleted : 1;                                // 5 BitPosition
/*0x240*/             ULONG32      OutswapEnabled : 1;                           // 6 BitPosition
/*0x240*/             ULONG32      Outswapped : 1;                               // 7 BitPosition
/*0x240*/             ULONG32      ForkFailed : 1;                               // 8 BitPosition
/*0x240*/             ULONG32      Wow64VaSpace4Gb : 1;                          // 9 BitPosition
/*0x240*/             ULONG32      AddressSpaceInitialized : 2;                  // 10 BitPosition
/*0x240*/             ULONG32      SetTimerResolution : 1;                       // 12 BitPosition
/*0x240*/             ULONG32      BreakOnTermination : 1;                       // 13 BitPosition
/*0x240*/             ULONG32      SessionCreationUnderway : 1;                  // 14 BitPosition
/*0x240*/             ULONG32      WriteWatch : 1;                               // 15 BitPosition
/*0x240*/             ULONG32      ProcessInSession : 1;                         // 16 BitPosition
/*0x240*/             ULONG32      OverrideAddressSpace : 1;                     // 17 BitPosition
/*0x240*/             ULONG32      HasAddressSpace : 1;                          // 18 BitPosition
/*0x240*/             ULONG32      LaunchPrefetched : 1;                         // 19 BitPosition
/*0x240*/             ULONG32      InjectInpageErrors : 1;                       // 20 BitPosition
/*0x240*/             ULONG32      VmTopDown : 1;                                // 21 BitPosition
/*0x240*/             ULONG32      ImageNotifyDone : 1;                          // 22 BitPosition
/*0x240*/             ULONG32      PdeUpdateNeeded : 1;                          // 23 BitPosition
/*0x240*/             ULONG32      VdmAllowed : 1;                               // 24 BitPosition
/*0x240*/             ULONG32      SmapAllowed : 1;                              // 25 BitPosition
/*0x240*/             ULONG32      CreateFailed : 1;                             // 26 BitPosition
/*0x240*/             ULONG32      DefaultIoPriority : 3;                        // 27 BitPosition
/*0x240*/             ULONG32      Spare1 : 1;                                   // 30 BitPosition
/*0x240*/             ULONG32      Spare2 : 1;                                   // 31 BitPosition
                  };
              };
/*0x244*/     LONG32       ExitStatus;
/*0x248*/     UINT16       NextPageColor;
              union                                                              // 2 elements, 0x2 bytes (sizeof)
              {
                  struct                                                         // 2 elements, 0x2 bytes (sizeof)
                  {
/*0x24A*/             UINT8        SubSystemMinorVersion;
/*0x24B*/             UINT8        SubSystemMajorVersion;
                  };
/*0x24A*/         UINT16       SubSystemVersion;
              };
/*0x24C*/     UINT8        PriorityClass;
/*0x24D*/     UINT8        _PADDING1_[0x3];
/*0x250*/     struct _MM_AVL_TABLE VadRoot;                                      // 6 elements, 0x20 bytes (sizeof)
/*0x270*/     ULONG32      Cookie;
/*0x274*/     UINT8        _PADDING2_[0x4];
          }EPROCESS, *PEPROCESS;
Return to structures/enums list.
Return to O.S. version list.

(c) MoonSols 2010.