typedef struct _EPROCESS                                               // 135 elements, 0x4D0 bytes (sizeof)
          {
/*0x000*/     struct _KPROCESS Pcb;                                              // 37 elements, 0x160 bytes (sizeof)
/*0x160*/     struct _EX_PUSH_LOCK ProcessLock;                                  // 7 elements, 0x8 bytes (sizeof)
/*0x168*/     union _LARGE_INTEGER CreateTime;                                   // 4 elements, 0x8 bytes (sizeof)
/*0x170*/     union _LARGE_INTEGER ExitTime;                                     // 4 elements, 0x8 bytes (sizeof)
/*0x178*/     struct _EX_RUNDOWN_REF RundownProtect;                             // 2 elements, 0x8 bytes (sizeof)
/*0x180*/     VOID*        UniqueProcessId;
/*0x188*/     struct _LIST_ENTRY ActiveProcessLinks;                             // 2 elements, 0x10 bytes (sizeof)
/*0x198*/     UINT64       ProcessQuotaUsage[2];
/*0x1A8*/     UINT64       ProcessQuotaPeak[2];
/*0x1B8*/     UINT64       CommitCharge;
/*0x1C0*/     struct _EPROCESS_QUOTA_BLOCK* QuotaBlock;
/*0x1C8*/     struct _PS_CPU_QUOTA_BLOCK* CpuQuotaBlock;
/*0x1D0*/     UINT64       PeakVirtualSize;
/*0x1D8*/     UINT64       VirtualSize;
/*0x1E0*/     struct _LIST_ENTRY SessionProcessLinks;                            // 2 elements, 0x10 bytes (sizeof)
/*0x1F0*/     VOID*        DebugPort;
              union                                                              // 3 elements, 0x8 bytes (sizeof)
              {
/*0x1F8*/         VOID*        ExceptionPortData;
/*0x1F8*/         UINT64       ExceptionPortValue;
/*0x1F8*/         UINT64       ExceptionPortState : 3;                           // 0 BitPosition
              };
/*0x200*/     struct _HANDLE_TABLE* ObjectTable;
/*0x208*/     struct _EX_FAST_REF Token;                                         // 3 elements, 0x8 bytes (sizeof)
/*0x210*/     UINT64       WorkingSetPage;
/*0x218*/     struct _EX_PUSH_LOCK AddressCreationLock;                          // 7 elements, 0x8 bytes (sizeof)
/*0x220*/     struct _ETHREAD* RotateInProgress;
/*0x228*/     struct _ETHREAD* ForkInProgress;
/*0x230*/     UINT64       HardwareTrigger;
/*0x238*/     struct _MM_AVL_TABLE* PhysicalVadRoot;
/*0x240*/     VOID*        CloneRoot;
/*0x248*/     UINT64       NumberOfPrivatePages;
/*0x250*/     UINT64       NumberOfLockedPages;
/*0x258*/     VOID*        Win32Process;
/*0x260*/     struct _EJOB* Job;
/*0x268*/     VOID*        SectionObject;
/*0x270*/     VOID*        SectionBaseAddress;
/*0x278*/     ULONG32      Cookie;
/*0x27C*/     ULONG32      UmsScheduledThreads;
/*0x280*/     struct _PAGEFAULT_HISTORY* WorkingSetWatch;
/*0x288*/     VOID*        Win32WindowStation;
/*0x290*/     VOID*        InheritedFromUniqueProcessId;
/*0x298*/     VOID*        LdtInformation;
/*0x2A0*/     VOID*        Spare;
/*0x2A8*/     UINT64       ConsoleHostProcess;
/*0x2B0*/     VOID*        DeviceMap;
/*0x2B8*/     VOID*        EtwDataSource;
/*0x2C0*/     VOID*        FreeTebHint;
/*0x2C8*/     VOID*        FreeUmsTebHint;
              union                                                              // 2 elements, 0x8 bytes (sizeof)
              {
/*0x2D0*/         struct _HARDWARE_PTE PageDirectoryPte;                         // 16 elements, 0x8 bytes (sizeof)
/*0x2D0*/         UINT64       Filler;
              };
/*0x2D8*/     VOID*        Session;
/*0x2E0*/     UINT8        ImageFileName[15];
/*0x2EF*/     UINT8        PriorityClass;
/*0x2F0*/     struct _LIST_ENTRY JobLinks;                                       // 2 elements, 0x10 bytes (sizeof)
/*0x300*/     VOID*        LockedPagesList;
/*0x308*/     struct _LIST_ENTRY ThreadListHead;                                 // 2 elements, 0x10 bytes (sizeof)
/*0x318*/     VOID*        SecurityPort;
/*0x320*/     VOID*        Wow64Process;
/*0x328*/     ULONG32      ActiveThreads;
/*0x32C*/     ULONG32      ImagePathHash;
/*0x330*/     ULONG32      DefaultHardErrorProcessing;
/*0x334*/     LONG32       LastThreadExitStatus;
/*0x338*/     struct _PEB* Peb;
/*0x340*/     struct _EX_FAST_REF PrefetchTrace;                                 // 3 elements, 0x8 bytes (sizeof)
/*0x348*/     union _LARGE_INTEGER ReadOperationCount;                           // 4 elements, 0x8 bytes (sizeof)
/*0x350*/     union _LARGE_INTEGER WriteOperationCount;                          // 4 elements, 0x8 bytes (sizeof)
/*0x358*/     union _LARGE_INTEGER OtherOperationCount;                          // 4 elements, 0x8 bytes (sizeof)
/*0x360*/     union _LARGE_INTEGER ReadTransferCount;                            // 4 elements, 0x8 bytes (sizeof)
/*0x368*/     union _LARGE_INTEGER WriteTransferCount;                           // 4 elements, 0x8 bytes (sizeof)
/*0x370*/     union _LARGE_INTEGER OtherTransferCount;                           // 4 elements, 0x8 bytes (sizeof)
/*0x378*/     UINT64       CommitChargeLimit;
/*0x380*/     UINT64       CommitChargePeak;
/*0x388*/     VOID*        AweInfo;
/*0x390*/     struct _SE_AUDIT_PROCESS_CREATION_INFO SeAuditProcessCreationInfo; // 1 elements, 0x8 bytes (sizeof)
/*0x398*/     struct _MMSUPPORT Vm;                                              // 21 elements, 0x88 bytes (sizeof)
/*0x420*/     struct _LIST_ENTRY MmProcessLinks;                                 // 2 elements, 0x10 bytes (sizeof)
/*0x430*/     VOID*        HighestUserAddress;
/*0x438*/     ULONG32      ModifiedPageCount;
              union                                                              // 2 elements, 0x4 bytes (sizeof)
              {
/*0x43C*/         ULONG32      Flags2;
                  struct                                                         // 20 elements, 0x4 bytes (sizeof)
                  {
/*0x43C*/             ULONG32      JobNotReallyActive : 1;                       // 0 BitPosition
/*0x43C*/             ULONG32      AccountingFolded : 1;                         // 1 BitPosition
/*0x43C*/             ULONG32      NewProcessReported : 1;                       // 2 BitPosition
/*0x43C*/             ULONG32      ExitProcessReported : 1;                      // 3 BitPosition
/*0x43C*/             ULONG32      ReportCommitChanges : 1;                      // 4 BitPosition
/*0x43C*/             ULONG32      LastReportMemory : 1;                         // 5 BitPosition
/*0x43C*/             ULONG32      ReportPhysicalPageChanges : 1;                // 6 BitPosition
/*0x43C*/             ULONG32      HandleTableRundown : 1;                       // 7 BitPosition
/*0x43C*/             ULONG32      NeedsHandleRundown : 1;                       // 8 BitPosition
/*0x43C*/             ULONG32      RefTraceEnabled : 1;                          // 9 BitPosition
/*0x43C*/             ULONG32      NumaAware : 1;                                // 10 BitPosition
/*0x43C*/             ULONG32      ProtectedProcess : 1;                         // 11 BitPosition
/*0x43C*/             ULONG32      DefaultPagePriority : 3;                      // 12 BitPosition
/*0x43C*/             ULONG32      PrimaryTokenFrozen : 1;                       // 15 BitPosition
/*0x43C*/             ULONG32      ProcessVerifierTarget : 1;                    // 16 BitPosition
/*0x43C*/             ULONG32      StackRandomizationDisabled : 1;               // 17 BitPosition
/*0x43C*/             ULONG32      AffinityPermanent : 1;                        // 18 BitPosition
/*0x43C*/             ULONG32      AffinityUpdateEnable : 1;                     // 19 BitPosition
/*0x43C*/             ULONG32      PropagateNode : 1;                            // 20 BitPosition
/*0x43C*/             ULONG32      ExplicitAffinity : 1;                         // 21 BitPosition
                  };
              };
              union                                                              // 2 elements, 0x4 bytes (sizeof)
              {
/*0x440*/         ULONG32      Flags;
                  struct                                                         // 29 elements, 0x4 bytes (sizeof)
                  {
/*0x440*/             ULONG32      CreateReported : 1;                           // 0 BitPosition
/*0x440*/             ULONG32      NoDebugInherit : 1;                           // 1 BitPosition
/*0x440*/             ULONG32      ProcessExiting : 1;                           // 2 BitPosition
/*0x440*/             ULONG32      ProcessDelete : 1;                            // 3 BitPosition
/*0x440*/             ULONG32      Wow64SplitPages : 1;                          // 4 BitPosition
/*0x440*/             ULONG32      VmDeleted : 1;                                // 5 BitPosition
/*0x440*/             ULONG32      OutswapEnabled : 1;                           // 6 BitPosition
/*0x440*/             ULONG32      Outswapped : 1;                               // 7 BitPosition
/*0x440*/             ULONG32      ForkFailed : 1;                               // 8 BitPosition
/*0x440*/             ULONG32      Wow64VaSpace4Gb : 1;                          // 9 BitPosition
/*0x440*/             ULONG32      AddressSpaceInitialized : 2;                  // 10 BitPosition
/*0x440*/             ULONG32      SetTimerResolution : 1;                       // 12 BitPosition
/*0x440*/             ULONG32      BreakOnTermination : 1;                       // 13 BitPosition
/*0x440*/             ULONG32      DeprioritizeViews : 1;                        // 14 BitPosition
/*0x440*/             ULONG32      WriteWatch : 1;                               // 15 BitPosition
/*0x440*/             ULONG32      ProcessInSession : 1;                         // 16 BitPosition
/*0x440*/             ULONG32      OverrideAddressSpace : 1;                     // 17 BitPosition
/*0x440*/             ULONG32      HasAddressSpace : 1;                          // 18 BitPosition
/*0x440*/             ULONG32      LaunchPrefetched : 1;                         // 19 BitPosition
/*0x440*/             ULONG32      InjectInpageErrors : 1;                       // 20 BitPosition
/*0x440*/             ULONG32      VmTopDown : 1;                                // 21 BitPosition
/*0x440*/             ULONG32      ImageNotifyDone : 1;                          // 22 BitPosition
/*0x440*/             ULONG32      PdeUpdateNeeded : 1;                          // 23 BitPosition
/*0x440*/             ULONG32      VdmAllowed : 1;                               // 24 BitPosition
/*0x440*/             ULONG32      CrossSessionCreate : 1;                       // 25 BitPosition
/*0x440*/             ULONG32      ProcessInserted : 1;                          // 26 BitPosition
/*0x440*/             ULONG32      DefaultIoPriority : 3;                        // 27 BitPosition
/*0x440*/             ULONG32      ProcessSelfDelete : 1;                        // 30 BitPosition
/*0x440*/             ULONG32      SetTimerResolutionLink : 1;                   // 31 BitPosition
                  };
              };
/*0x444*/     LONG32       ExitStatus;
/*0x448*/     struct _MM_AVL_TABLE VadRoot;                                      // 6 elements, 0x40 bytes (sizeof)
/*0x488*/     struct _ALPC_PROCESS_CONTEXT AlpcContext;                          // 3 elements, 0x20 bytes (sizeof)
/*0x4A8*/     struct _LIST_ENTRY TimerResolutionLink;                            // 2 elements, 0x10 bytes (sizeof)
/*0x4B8*/     ULONG32      RequestedTimerResolution;
/*0x4BC*/     ULONG32      ActiveThreadsHighWatermark;
/*0x4C0*/     ULONG32      SmallestTimerResolution;
/*0x4C4*/     UINT8        _PADDING0_[0x4];
/*0x4C8*/     struct _PO_DIAG_STACK_RECORD* TimerResolutionStackRecord;
          }EPROCESS, *PEPROCESS;
Return to structures/enums list.
Return to O.S. version list.

(c) MoonSols 2010.