typedef struct _KTHREAD                                 // 114 elements, 0x200 bytes (sizeof)
          {
/*0x000*/     struct _DISPATCHER_HEADER Header;                   // 30 elements, 0x10 bytes (sizeof)
/*0x010*/     UINT64       CycleTime;
/*0x018*/     ULONG32      HighCycleTime;
/*0x01C*/     UINT8        _PADDING0_[0x4];
/*0x020*/     UINT64       QuantumTarget;
/*0x028*/     VOID*        InitialStack;
/*0x02C*/     VOID*        StackLimit;
/*0x030*/     VOID*        KernelStack;
/*0x034*/     ULONG32      ThreadLock;
/*0x038*/     union _KWAIT_STATUS_REGISTER WaitRegister;          // 8 elements, 0x1 bytes (sizeof)
/*0x039*/     UINT8        Running;
/*0x03A*/     UINT8        Alerted[2];
              union                                               // 2 elements, 0x4 bytes (sizeof)
              {
                  struct                                          // 14 elements, 0x4 bytes (sizeof)
                  {
/*0x03C*/             ULONG32      KernelStackResident : 1;       // 0 BitPosition
/*0x03C*/             ULONG32      ReadyTransition : 1;           // 1 BitPosition
/*0x03C*/             ULONG32      ProcessReadyQueue : 1;         // 2 BitPosition
/*0x03C*/             ULONG32      WaitNext : 1;                  // 3 BitPosition
/*0x03C*/             ULONG32      SystemAffinityActive : 1;      // 4 BitPosition
/*0x03C*/             ULONG32      Alertable : 1;                 // 5 BitPosition
/*0x03C*/             ULONG32      GdiFlushActive : 1;            // 6 BitPosition
/*0x03C*/             ULONG32      UserStackWalkActive : 1;       // 7 BitPosition
/*0x03C*/             ULONG32      ApcInterruptRequest : 1;       // 8 BitPosition
/*0x03C*/             ULONG32      ForceDeferSchedule : 1;        // 9 BitPosition
/*0x03C*/             ULONG32      QuantumEndMigrate : 1;         // 10 BitPosition
/*0x03C*/             ULONG32      UmsDirectedSwitchEnable : 1;   // 11 BitPosition
/*0x03C*/             ULONG32      TimerActive : 1;               // 12 BitPosition
/*0x03C*/             ULONG32      Reserved : 19;                 // 13 BitPosition
                  };
/*0x03C*/         LONG32       MiscFlags;
              };
              union                                               // 2 elements, 0x18 bytes (sizeof)
              {
/*0x040*/         struct _KAPC_STATE ApcState;                    // 5 elements, 0x18 bytes (sizeof)
                  struct                                          // 2 elements, 0x18 bytes (sizeof)
                  {
/*0x040*/             UINT8        ApcStateFill[23];
/*0x057*/             CHAR         Priority;
                  };
              };
/*0x058*/     ULONG32      NextProcessor;
/*0x05C*/     ULONG32      DeferredProcessor;
/*0x060*/     ULONG32      ApcQueueLock;
/*0x064*/     ULONG32      ContextSwitches;
/*0x068*/     UINT8        State;
/*0x069*/     CHAR         NpxState;
/*0x06A*/     UINT8        WaitIrql;
/*0x06B*/     CHAR         WaitMode;
/*0x06C*/     LONG32       WaitStatus;
/*0x070*/     struct _KWAIT_BLOCK* WaitBlockList;
              union                                               // 2 elements, 0x8 bytes (sizeof)
              {
/*0x074*/         struct _LIST_ENTRY WaitListEntry;               // 2 elements, 0x8 bytes (sizeof)
/*0x074*/         struct _SINGLE_LIST_ENTRY SwapListEntry;        // 1 elements, 0x4 bytes (sizeof)
              };
/*0x07C*/     struct _KQUEUE* Queue;
/*0x080*/     ULONG32      WaitTime;
              union                                               // 2 elements, 0x4 bytes (sizeof)
              {
                  struct                                          // 2 elements, 0x4 bytes (sizeof)
                  {
/*0x084*/             INT16        KernelApcDisable;
/*0x086*/             INT16        SpecialApcDisable;
                  };
/*0x084*/         ULONG32      CombinedApcDisable;
              };
/*0x088*/     VOID*        Teb;
/*0x08C*/     UINT8        _PADDING1_[0x4];
/*0x090*/     struct _KTIMER Timer;                               // 5 elements, 0x28 bytes (sizeof)
              union                                               // 2 elements, 0x4 bytes (sizeof)
              {
                  struct                                          // 10 elements, 0x4 bytes (sizeof)
                  {
/*0x0B8*/             ULONG32      AutoAlignment : 1;             // 0 BitPosition
/*0x0B8*/             ULONG32      DisableBoost : 1;              // 1 BitPosition
/*0x0B8*/             ULONG32      EtwStackTraceApc1Inserted : 1; // 2 BitPosition
/*0x0B8*/             ULONG32      EtwStackTraceApc2Inserted : 1; // 3 BitPosition
/*0x0B8*/             ULONG32      CalloutActive : 1;             // 4 BitPosition
/*0x0B8*/             ULONG32      ApcQueueable : 1;              // 5 BitPosition
/*0x0B8*/             ULONG32      EnableStackSwap : 1;           // 6 BitPosition
/*0x0B8*/             ULONG32      GuiThread : 1;                 // 7 BitPosition
/*0x0B8*/             ULONG32      UmsPerformingSyscall : 1;      // 8 BitPosition
/*0x0B8*/             ULONG32      ReservedFlags : 23;            // 9 BitPosition
                  };
/*0x0B8*/         LONG32       ThreadFlags;
              };
/*0x0BC*/     VOID*        ServiceTable;
/*0x0C0*/     struct _KWAIT_BLOCK WaitBlock[4];
/*0x120*/     struct _LIST_ENTRY QueueListEntry;                  // 2 elements, 0x8 bytes (sizeof)
/*0x128*/     struct _KTRAP_FRAME* TrapFrame;
/*0x12C*/     VOID*        FirstArgument;
              union                                               // 2 elements, 0x4 bytes (sizeof)
              {
/*0x130*/         VOID*        CallbackStack;
/*0x130*/         ULONG32      CallbackDepth;
              };
/*0x134*/     UINT8        ApcStateIndex;
/*0x135*/     CHAR         BasePriority;
              union                                               // 2 elements, 0x1 bytes (sizeof)
              {
/*0x136*/         CHAR         PriorityDecrement;
                  struct                                          // 2 elements, 0x1 bytes (sizeof)
                  {
/*0x136*/             UINT8        ForegroundBoost : 4;           // 0 BitPosition
/*0x136*/             UINT8        UnusualBoost : 4;              // 4 BitPosition
                  };
              };
/*0x137*/     UINT8        Preempted;
/*0x138*/     UINT8        AdjustReason;
/*0x139*/     CHAR         AdjustIncrement;
/*0x13A*/     CHAR         PreviousMode;
/*0x13B*/     CHAR         Saturation;
/*0x13C*/     ULONG32      SystemCallNumber;
/*0x140*/     ULONG32      FreezeCount;
/*0x144*/     struct _GROUP_AFFINITY UserAffinity;                // 3 elements, 0xC bytes (sizeof)
/*0x150*/     struct _KPROCESS* Process;
/*0x154*/     struct _GROUP_AFFINITY Affinity;                    // 3 elements, 0xC bytes (sizeof)
/*0x160*/     ULONG32      IdealProcessor;
/*0x164*/     ULONG32      UserIdealProcessor;
/*0x168*/     struct _KAPC_STATE* ApcStatePointer[2];
              union                                               // 2 elements, 0x18 bytes (sizeof)
              {
/*0x170*/         struct _KAPC_STATE SavedApcState;               // 5 elements, 0x18 bytes (sizeof)
                  struct                                          // 2 elements, 0x18 bytes (sizeof)
                  {
/*0x170*/             UINT8        SavedApcStateFill[23];
/*0x187*/             UINT8        WaitReason;
                  };
              };
/*0x188*/     CHAR         SuspendCount;
/*0x189*/     CHAR         Spare1;
/*0x18A*/     UINT8        OtherPlatformFill;
/*0x18B*/     UINT8        _PADDING2_[0x1];
/*0x18C*/     VOID*        Win32Thread;
/*0x190*/     VOID*        StackBase;
              union                                               // 7 elements, 0x30 bytes (sizeof)
              {
/*0x194*/         struct _KAPC SuspendApc;                        // 16 elements, 0x30 bytes (sizeof)
                  struct                                          // 2 elements, 0x30 bytes (sizeof)
                  {
/*0x194*/             UINT8        SuspendApcFill0[1];
/*0x195*/             UINT8        ResourceIndex;
/*0x196*/             UINT8        _PADDING3_[0x2E];
                  };
                  struct                                          // 2 elements, 0x30 bytes (sizeof)
                  {
/*0x194*/             UINT8        SuspendApcFill1[3];
/*0x197*/             UINT8        QuantumReset;
/*0x198*/             UINT8        _PADDING4_[0x2C];
                  };
                  struct                                          // 2 elements, 0x30 bytes (sizeof)
                  {
/*0x194*/             UINT8        SuspendApcFill2[4];
/*0x198*/             ULONG32      KernelTime;
/*0x19C*/             UINT8        _PADDING5_[0x28];
                  };
                  struct                                          // 2 elements, 0x30 bytes (sizeof)
                  {
/*0x194*/             UINT8        SuspendApcFill3[36];
/*0x1B8*/             struct _KPRCB* WaitPrcb;
/*0x1BC*/             UINT8        _PADDING6_[0x8];
                  };
                  struct                                          // 2 elements, 0x30 bytes (sizeof)
                  {
/*0x194*/             UINT8        SuspendApcFill4[40];
/*0x1BC*/             VOID*        LegoData;
/*0x1C0*/             UINT8        _PADDING7_[0x4];
                  };
                  struct                                          // 2 elements, 0x30 bytes (sizeof)
                  {
/*0x194*/             UINT8        SuspendApcFill5[47];
/*0x1C3*/             UINT8        LargeStack;
                  };
              };
/*0x1C4*/     ULONG32      UserTime;
              union                                               // 2 elements, 0x14 bytes (sizeof)
              {
/*0x1C8*/         struct _KSEMAPHORE SuspendSemaphore;            // 2 elements, 0x14 bytes (sizeof)
/*0x1C8*/         UINT8        SuspendSemaphorefill[20];
              };
/*0x1DC*/     ULONG32      SListFaultCount;
/*0x1E0*/     struct _LIST_ENTRY ThreadListEntry;                 // 2 elements, 0x8 bytes (sizeof)
/*0x1E8*/     struct _LIST_ENTRY MutantListHead;                  // 2 elements, 0x8 bytes (sizeof)
/*0x1F0*/     VOID*        SListFaultAddress;
/*0x1F4*/     struct _KTHREAD_COUNTERS* ThreadCounters;
/*0x1F8*/     struct _XSTATE_SAVE* XStateSave;
/*0x1FC*/     UINT8        _PADDING8_[0x4];
          }KTHREAD, *PKTHREAD;
Return to structures/enums list.
Return to O.S. version list.

(c) MoonSols 2010.