typedef struct _KTHREAD                                 // 126 elements, 0x360 bytes (sizeof)
          {
/*0x000*/     struct _DISPATCHER_HEADER Header;                   // 29 elements, 0x18 bytes (sizeof)
/*0x018*/     UINT64       CycleTime;
/*0x020*/     UINT64       QuantumTarget;
/*0x028*/     VOID*        InitialStack;
/*0x030*/     VOID*        StackLimit;
/*0x038*/     VOID*        KernelStack;
/*0x040*/     UINT64       ThreadLock;
/*0x048*/     union _KWAIT_STATUS_REGISTER WaitRegister;          // 8 elements, 0x1 bytes (sizeof)
/*0x049*/     UINT8        Running;
/*0x04A*/     UINT8        Alerted[2];
              union                                               // 2 elements, 0x4 bytes (sizeof)
              {
                  struct                                          // 14 elements, 0x4 bytes (sizeof)
                  {
/*0x04C*/             ULONG32      KernelStackResident : 1;       // 0 BitPosition
/*0x04C*/             ULONG32      ReadyTransition : 1;           // 1 BitPosition
/*0x04C*/             ULONG32      ProcessReadyQueue : 1;         // 2 BitPosition
/*0x04C*/             ULONG32      WaitNext : 1;                  // 3 BitPosition
/*0x04C*/             ULONG32      SystemAffinityActive : 1;      // 4 BitPosition
/*0x04C*/             ULONG32      Alertable : 1;                 // 5 BitPosition
/*0x04C*/             ULONG32      GdiFlushActive : 1;            // 6 BitPosition
/*0x04C*/             ULONG32      UserStackWalkActive : 1;       // 7 BitPosition
/*0x04C*/             ULONG32      ApcInterruptRequest : 1;       // 8 BitPosition
/*0x04C*/             ULONG32      ForceDeferSchedule : 1;        // 9 BitPosition
/*0x04C*/             ULONG32      QuantumEndMigrate : 1;         // 10 BitPosition
/*0x04C*/             ULONG32      UmsDirectedSwitchEnable : 1;   // 11 BitPosition
/*0x04C*/             ULONG32      TimerActive : 1;               // 12 BitPosition
/*0x04C*/             ULONG32      Reserved : 19;                 // 13 BitPosition
                  };
/*0x04C*/         LONG32       MiscFlags;
              };
              union                                               // 2 elements, 0x30 bytes (sizeof)
              {
/*0x050*/         struct _KAPC_STATE ApcState;                    // 5 elements, 0x30 bytes (sizeof)
                  struct                                          // 3 elements, 0x30 bytes (sizeof)
                  {
/*0x050*/             UINT8        ApcStateFill[43];
/*0x07B*/             CHAR         Priority;
/*0x07C*/             ULONG32      NextProcessor;
                  };
              };
/*0x080*/     ULONG32      DeferredProcessor;
/*0x084*/     UINT8        _PADDING0_[0x4];
/*0x088*/     UINT64       ApcQueueLock;
/*0x090*/     INT64        WaitStatus;
/*0x098*/     struct _KWAIT_BLOCK* WaitBlockList;
              union                                               // 2 elements, 0x10 bytes (sizeof)
              {
/*0x0A0*/         struct _LIST_ENTRY WaitListEntry;               // 2 elements, 0x10 bytes (sizeof)
/*0x0A0*/         struct _SINGLE_LIST_ENTRY SwapListEntry;        // 1 elements, 0x8 bytes (sizeof)
              };
/*0x0B0*/     struct _KQUEUE* Queue;
/*0x0B8*/     VOID*        Teb;
/*0x0C0*/     struct _KTIMER Timer;                               // 6 elements, 0x40 bytes (sizeof)
              union                                               // 2 elements, 0x4 bytes (sizeof)
              {
                  struct                                          // 10 elements, 0x4 bytes (sizeof)
                  {
/*0x100*/             ULONG32      AutoAlignment : 1;             // 0 BitPosition
/*0x100*/             ULONG32      DisableBoost : 1;              // 1 BitPosition
/*0x100*/             ULONG32      EtwStackTraceApc1Inserted : 1; // 2 BitPosition
/*0x100*/             ULONG32      EtwStackTraceApc2Inserted : 1; // 3 BitPosition
/*0x100*/             ULONG32      CalloutActive : 1;             // 4 BitPosition
/*0x100*/             ULONG32      ApcQueueable : 1;              // 5 BitPosition
/*0x100*/             ULONG32      EnableStackSwap : 1;           // 6 BitPosition
/*0x100*/             ULONG32      GuiThread : 1;                 // 7 BitPosition
/*0x100*/             ULONG32      UmsPerformingSyscall : 1;      // 8 BitPosition
/*0x100*/             ULONG32      ReservedFlags : 23;            // 9 BitPosition
                  };
/*0x100*/         LONG32       ThreadFlags;
              };
/*0x104*/     ULONG32      Spare0;
              union                                               // 6 elements, 0xC0 bytes (sizeof)
              {
/*0x108*/         struct _KWAIT_BLOCK WaitBlock[4];
                  struct                                          // 2 elements, 0xC0 bytes (sizeof)
                  {
/*0x108*/             UINT8        WaitBlockFill4[44];
/*0x134*/             ULONG32      ContextSwitches;
/*0x138*/             UINT8        _PADDING1_[0x90];
                  };
                  struct                                          // 5 elements, 0xC0 bytes (sizeof)
                  {
/*0x108*/             UINT8        WaitBlockFill5[92];
/*0x164*/             UINT8        State;
/*0x165*/             CHAR         NpxState;
/*0x166*/             UINT8        WaitIrql;
/*0x167*/             CHAR         WaitMode;
/*0x168*/             UINT8        _PADDING2_[0x60];
                  };
                  struct                                          // 2 elements, 0xC0 bytes (sizeof)
                  {
/*0x108*/             UINT8        WaitBlockFill6[140];
/*0x194*/             ULONG32      WaitTime;
/*0x198*/             UINT8        _PADDING3_[0x30];
                  };
                  struct                                          // 3 elements, 0xC0 bytes (sizeof)
                  {
/*0x108*/             UINT8        WaitBlockFill7[168];
/*0x1B0*/             VOID*        TebMappedLowVa;
/*0x1B8*/             struct _UMS_CONTROL_BLOCK* Ucb;
/*0x1C0*/             UINT8        _PADDING4_[0x8];
                  };
                  struct                                          // 2 elements, 0xC0 bytes (sizeof)
                  {
/*0x108*/             UINT8        WaitBlockFill8[188];
                      union                                       // 2 elements, 0x4 bytes (sizeof)
                      {
                          struct                                  // 2 elements, 0x4 bytes (sizeof)
                          {
/*0x1C4*/                     INT16        KernelApcDisable;
/*0x1C6*/                     INT16        SpecialApcDisable;
                          };
/*0x1C4*/                 ULONG32      CombinedApcDisable;
                      };
                  };
              };
/*0x1C8*/     struct _LIST_ENTRY QueueListEntry;                  // 2 elements, 0x10 bytes (sizeof)
/*0x1D8*/     struct _KTRAP_FRAME* TrapFrame;
/*0x1E0*/     VOID*        FirstArgument;
              union                                               // 2 elements, 0x8 bytes (sizeof)
              {
/*0x1E8*/         VOID*        CallbackStack;
/*0x1E8*/         UINT64       CallbackDepth;
              };
/*0x1F0*/     UINT8        ApcStateIndex;
/*0x1F1*/     CHAR         BasePriority;
              union                                               // 2 elements, 0x1 bytes (sizeof)
              {
/*0x1F2*/         CHAR         PriorityDecrement;
                  struct                                          // 2 elements, 0x1 bytes (sizeof)
                  {
/*0x1F2*/             UINT8        ForegroundBoost : 4;           // 0 BitPosition
/*0x1F2*/             UINT8        UnusualBoost : 4;              // 4 BitPosition
                  };
              };
/*0x1F3*/     UINT8        Preempted;
/*0x1F4*/     UINT8        AdjustReason;
/*0x1F5*/     CHAR         AdjustIncrement;
/*0x1F6*/     CHAR         PreviousMode;
/*0x1F7*/     CHAR         Saturation;
/*0x1F8*/     ULONG32      SystemCallNumber;
/*0x1FC*/     ULONG32      FreezeCount;
/*0x200*/     struct _GROUP_AFFINITY UserAffinity;                // 3 elements, 0x10 bytes (sizeof)
/*0x210*/     struct _KPROCESS* Process;
/*0x218*/     struct _GROUP_AFFINITY Affinity;                    // 3 elements, 0x10 bytes (sizeof)
/*0x228*/     ULONG32      IdealProcessor;
/*0x22C*/     ULONG32      UserIdealProcessor;
/*0x230*/     struct _KAPC_STATE* ApcStatePointer[2];
              union                                               // 2 elements, 0x30 bytes (sizeof)
              {
/*0x240*/         struct _KAPC_STATE SavedApcState;               // 5 elements, 0x30 bytes (sizeof)
                  struct                                          // 5 elements, 0x30 bytes (sizeof)
                  {
/*0x240*/             UINT8        SavedApcStateFill[43];
/*0x26B*/             UINT8        WaitReason;
/*0x26C*/             CHAR         SuspendCount;
/*0x26D*/             CHAR         Spare1;
/*0x26E*/             UINT8        CodePatchInProgress;
/*0x26F*/             UINT8        _PADDING5_[0x1];
                  };
              };
/*0x270*/     VOID*        Win32Thread;
/*0x278*/     VOID*        StackBase;
              union                                               // 7 elements, 0x58 bytes (sizeof)
              {
/*0x280*/         struct _KAPC SuspendApc;                        // 16 elements, 0x58 bytes (sizeof)
                  struct                                          // 2 elements, 0x58 bytes (sizeof)
                  {
/*0x280*/             UINT8        SuspendApcFill0[1];
/*0x281*/             UINT8        ResourceIndex;
/*0x282*/             UINT8        _PADDING6_[0x56];
                  };
                  struct                                          // 2 elements, 0x58 bytes (sizeof)
                  {
/*0x280*/             UINT8        SuspendApcFill1[3];
/*0x283*/             UINT8        QuantumReset;
/*0x284*/             UINT8        _PADDING7_[0x54];
                  };
                  struct                                          // 2 elements, 0x58 bytes (sizeof)
                  {
/*0x280*/             UINT8        SuspendApcFill2[4];
/*0x284*/             ULONG32      KernelTime;
/*0x288*/             UINT8        _PADDING8_[0x50];
                  };
                  struct                                          // 2 elements, 0x58 bytes (sizeof)
                  {
/*0x280*/             UINT8        SuspendApcFill3[64];
/*0x2C0*/             struct _KPRCB* WaitPrcb;
/*0x2C8*/             UINT8        _PADDING9_[0x10];
                  };
                  struct                                          // 2 elements, 0x58 bytes (sizeof)
                  {
/*0x280*/             UINT8        SuspendApcFill4[72];
/*0x2C8*/             VOID*        LegoData;
/*0x2D0*/             UINT8        _PADDING10_[0x8];
                  };
                  struct                                          // 3 elements, 0x58 bytes (sizeof)
                  {
/*0x280*/             UINT8        SuspendApcFill5[83];
/*0x2D3*/             UINT8        LargeStack;
/*0x2D4*/             ULONG32      UserTime;
                  };
              };
              union                                               // 2 elements, 0x20 bytes (sizeof)
              {
/*0x2D8*/         struct _KSEMAPHORE SuspendSemaphore;            // 2 elements, 0x20 bytes (sizeof)
                  struct                                          // 2 elements, 0x20 bytes (sizeof)
                  {
/*0x2D8*/             UINT8        SuspendSemaphorefill[28];
/*0x2F4*/             ULONG32      SListFaultCount;
                  };
              };
/*0x2F8*/     struct _LIST_ENTRY ThreadListEntry;                 // 2 elements, 0x10 bytes (sizeof)
/*0x308*/     struct _LIST_ENTRY MutantListHead;                  // 2 elements, 0x10 bytes (sizeof)
/*0x318*/     VOID*        SListFaultAddress;
/*0x320*/     INT64        ReadOperationCount;
/*0x328*/     INT64        WriteOperationCount;
/*0x330*/     INT64        OtherOperationCount;
/*0x338*/     INT64        ReadTransferCount;
/*0x340*/     INT64        WriteTransferCount;
/*0x348*/     INT64        OtherTransferCount;
/*0x350*/     struct _KTHREAD_COUNTERS* ThreadCounters;
/*0x358*/     struct _XSTATE_SAVE* XStateSave;
          }KTHREAD, *PKTHREAD;
Return to structures/enums list.
Return to O.S. version list.

(c) MoonSols 2010.