OpenRCE_omega_red
January 19th, 2009, 07:18
Dump of most important w7 beta (32-bit) structures for those interested. There are a few changes from vista/2008.
https://www.openrce.org/blog/view/1341/Windows_7_kernel_structures
Code:
1: kd> dt nt!_KPCR
+0x000 NtTib : _NT_TIB
+0x000 Used_ExceptionList : Ptr32 _EXCEPTION_REGISTRATION_RECORD
+0x004 Used_StackBase : Ptr32 Void
+0x008 Spare2 : Ptr32 Void
+0x00c TssCopy : Ptr32 Void
+0x010 ContextSwitches : Uint4B
+0x014 SetMemberCopy : Uint4B
+0x018 Used_Self : Ptr32 Void
+0x01c SelfPcr : Ptr32 _KPCR
+0x020 Prcb : Ptr32 _KPRCB
+0x024 Irql : UChar
+0x028 IRR : Uint4B
+0x02c IrrActive : Uint4B
+0x030 IDR : Uint4B
+0x034 KdVersionBlock : Ptr32 Void
+0x038 IDT : Ptr32 _KIDTENTRY
+0x03c GDT : Ptr32 _KGDTENTRY
+0x040 TSS : Ptr32 _KTSS
+0x044 MajorVersion : Uint2B
+0x046 MinorVersion : Uint2B
+0x048 SetMember : Uint4B
+0x04c StallScaleFactor : Uint4B
+0x050 SpareUnused : UChar
+0x051 Number : UChar
+0x052 Spare0 : UChar
+0x053 SecondLevelCacheAssociativity : UChar
+0x054 VdmAlert : Uint4B
+0x058 KernelReserved : [14] Uint4B
+0x090 SecondLevelCacheSize : Uint4B
+0x094 HalReserved : [16] Uint4B
+0x0d4 InterruptMode : Uint4B
+0x0d8 Spare1 : UChar
+0x0dc KernelReserved2 : [17] Uint4B
+0x120 PrcbData : _KPRCB
1: kd> dt nt!_KPRCB
+0x000 MinorVersion : Uint2B
+0x002 MajorVersion : Uint2B
+0x004 CurrentThread : Ptr32 _KTHREAD
+0x008 NextThread : Ptr32 _KTHREAD
+0x00c IdleThread : Ptr32 _KTHREAD
+0x010 LegacyNumber : UChar
+0x011 NestingLevel : UChar
+0x012 BuildType : Uint2B
+0x014 CpuType : Char
+0x015 CpuID : Char
+0x016 CpuStep : Uint2B
+0x016 CpuStepping : UChar
+0x017 CpuModel : UChar
+0x018 ProcessorState : _KPROCESSOR_STATE
+0x338 KernelReserved : [16] Uint4B
+0x378 HalReserved : [16] Uint4B
+0x3b8 CFlushSize : Uint4B
+0x3bc CoresPerPhysicalProcessor : UChar
+0x3bd LogicalProcessorsPerCore : UChar
+0x3be PrcbPad0 : [2] UChar
+0x3c0 MHz : Uint4B
+0x3c4 CpuVendor : UChar
+0x3c5 GroupIndex : UChar
+0x3c6 Group : Uint2B
+0x3c8 GroupSetMember : Uint4B
+0x3cc Number : Uint4B
+0x3d0 PrcbPad1 : [72] UChar
+0x418 LockQueue : [49] _KSPIN_LOCK_QUEUE
+0x5a0 NpxThread : Ptr32 _KTHREAD
+0x5a4 InterruptCount : Uint4B
+0x5a8 KernelTime : Uint4B
+0x5ac UserTime : Uint4B
+0x5b0 DpcTime : Uint4B
+0x5b4 DpcTimeCount : Uint4B
+0x5b8 InterruptTime : Uint4B
+0x5bc AdjustDpcThreshold : Uint4B
+0x5c0 PageColor : Uint4B
+0x5c4 DebuggerSavedIRQL : UChar
+0x5c5 NodeColor : UChar
+0x5c6 PrcbPad20 : [2] UChar
+0x5c8 NodeShiftedColor : Uint4B
+0x5cc ParentNode : Ptr32 _KNODE
+0x5d0 SecondaryColorMask : Uint4B
+0x5d4 DpcTimeLimit : Uint4B
+0x5d8 PrcbPad21 : [2] Uint4B
+0x5e0 CcFastReadNoWait : Uint4B
+0x5e4 CcFastReadWait : Uint4B
+0x5e8 CcFastReadNotPossible : Uint4B
+0x5ec CcCopyReadNoWait : Uint4B
+0x5f0 CcCopyReadWait : Uint4B
+0x5f4 CcCopyReadNoWaitMiss : Uint4B
+0x5f8 MmSpinLockOrdering : Int4B
+0x5fc IoReadOperationCount : Int4B
+0x600 IoWriteOperationCount : Int4B
+0x604 IoOtherOperationCount : Int4B
+0x608 IoReadTransferCount : _LARGE_INTEGER
+0x610 IoWriteTransferCount : _LARGE_INTEGER
+0x618 IoOtherTransferCount : _LARGE_INTEGER
+0x620 CcFastMdlReadNoWait : Uint4B
+0x624 CcFastMdlReadWait : Uint4B
+0x628 CcFastMdlReadNotPossible : Uint4B
+0x62c CcMapDataNoWait : Uint4B
+0x630 CcMapDataWait : Uint4B
+0x634 CcPinMappedDataCount : Uint4B
+0x638 CcPinReadNoWait : Uint4B
+0x63c CcPinReadWait : Uint4B
+0x640 CcMdlReadNoWait : Uint4B
+0x644 CcMdlReadWait : Uint4B
+0x648 CcLazyWriteHotSpots : Uint4B
+0x64c CcLazyWriteIos : Uint4B
+0x650 CcLazyWritePages : Uint4B
+0x654 CcDataFlushes : Uint4B
+0x658 CcDataPages : Uint4B
+0x65c CcLostDelayedWrites : Uint4B
+0x660 CcFastReadResourceMiss : Uint4B
+0x664 CcCopyReadWaitMiss : Uint4B
+0x668 CcFastMdlReadResourceMiss : Uint4B
+0x66c CcMapDataNoWaitMiss : Uint4B
+0x670 CcMapDataWaitMiss : Uint4B
+0x674 CcPinReadNoWaitMiss : Uint4B
+0x678 CcPinReadWaitMiss : Uint4B
+0x67c CcMdlReadNoWaitMiss : Uint4B
+0x680 CcMdlReadWaitMiss : Uint4B
+0x684 CcReadAheadIos : Uint4B
+0x688 KeAlignmentFixupCount : Uint4B
+0x68c KeExceptionDispatchCount : Uint4B
+0x690 KeSystemCalls : Uint4B
+0x694 AvailableTime : Uint4B
+0x698 PrcbPad22 : [2] Uint4B
+0x6a0 PPLookasideList : [16] _PP_LOOKASIDE_LIST
+0x720 PPNPagedLookasideList : [32] _GENERAL_LOOKASIDE_POOL
+0x1020 PPPagedLookasideList : [32] _GENERAL_LOOKASIDE_POOL
+0x1920 PacketBarrier : Uint4B
+0x1924 ReverseStall : Int4B
+0x1928 IpiFrame : Ptr32 Void
+0x192c PrcbPad3 : [52] UChar
+0x1960 CurrentPacket : [3] Ptr32 Void
+0x196c TargetSet : Uint4B
+0x1970 WorkerRoutine : Ptr32 void
+0x1974 IpiFrozen : Uint4B
+0x1978 PrcbPad4 : [40] UChar
+0x19a0 RequestSummary : Uint4B
+0x19a4 SignalDone : Ptr32 _KPRCB
+0x19a8 PrcbPad50 : [56] UChar
+0x19e0 DpcData : [2] _KDPC_DATA
+0x1a08 DpcStack : Ptr32 Void
+0x1a0c MaximumDpcQueueDepth : Int4B
+0x1a10 DpcRequestRate : Uint4B
+0x1a14 MinimumDpcRate : Uint4B
+0x1a18 PrcbPad41 : Uint4B
+0x1a1c PrcbLock : Uint4B
+0x1a20 DpcLastCount : Uint4B
+0x1a24 TimerHand : Uint4B
+0x1a28 TimerRequest : Uint4B
+0x1a2c TimerExpiry : Ptr32 Ptr32 _KTIMER
+0x1a30 DpcGate : _KGATE
+0x1a40 ThreadDpcEnable : UChar
+0x1a41 QuantumEnd : UChar
+0x1a42 DpcRoutineActive : UChar
+0x1a43 IdleSchedule : UChar
+0x1a44 DpcRequestSummary : Int4B
+0x1a44 DpcRequestSlot : [2] Int2B
+0x1a44 NormalDpcState : Int2B
+0x1a46 DpcThreadActive : Pos 0, 1 Bit
+0x1a46 ThreadDpcState : Int2B
+0x1a48 PrcbPad42 : Uint4B
+0x1a4c PeriodicCount : Uint4B
+0x1a50 PeriodicBias : Uint4B
+0x1a58 TickOffset : Uint8B
+0x1a60 CallDpc : _KDPC
+0x1a80 ClockKeepAlive : Int4B
+0x1a84 ClockCheckSlot : UChar
+0x1a85 ClockPollCycle : UChar
+0x1a86 PrcbPad6 : [2] UChar
+0x1a88 DpcWatchdogPeriod : Int4B
+0x1a8c DpcWatchdogCount : Int4B
+0x1a90 ThreadWatchdogPeriod : Int4B
+0x1a94 ThreadWatchdogCount : Int4B
+0x1a98 KeSpinLockOrdering : Int4B
+0x1a9c PrcbPad70 : [1] Uint4B
+0x1aa0 WaitListHead : _LIST_ENTRY
+0x1aa8 WaitLock : Uint4B
+0x1aac ReadySummary : Uint4B
+0x1ab0 QueueIndex : Uint4B
+0x1ab4 DeferredReadyListHead : _SINGLE_LIST_ENTRY
+0x1ab8 StartCycles : Uint8B
+0x1ac0 CycleTime : Uint8B
+0x1ac8 HighCycleTime : Uint4B
+0x1acc PrcbPad71 : Uint4B
+0x1ad0 PrcbPad72 : [2] Uint8B
+0x1ae0 DispatcherReadyListHead : [32] _LIST_ENTRY
+0x1be0 ChainedInterruptList : Ptr32 Void
+0x1be4 LookasideIrpFloat : Int4B
+0x1be8 MmPageFaultCount : Int4B
+0x1bec MmCopyOnWriteCount : Int4B
+0x1bf0 MmTransitionCount : Int4B
+0x1bf4 MmCacheTransitionCount : Int4B
+0x1bf8 MmDemandZeroCount : Int4B
+0x1bfc MmPageReadCount : Int4B
+0x1c00 MmPageReadIoCount : Int4B
+0x1c04 MmCacheReadCount : Int4B
+0x1c08 MmCacheIoCount : Int4B
+0x1c0c MmDirtyPagesWriteCount : Int4B
+0x1c10 MmDirtyWriteIoCount : Int4B
+0x1c14 MmMappedPagesWriteCount : Int4B
+0x1c18 MmMappedWriteIoCount : Int4B
+0x1c1c CachedCommit : Uint4B
+0x1c20 CachedResidentAvailable : Uint4B
+0x1c24 HyperPte : Ptr32 Void
+0x1c28 PrcbPad8 : [4] UChar
+0x1c2c VendorString : [13] UChar
+0x1c39 InitialApicId : UChar
+0x1c3a LogicalProcessorsPerPhysicalProcessor : UChar
+0x1c3b PrcbPad9 : [5] UChar
+0x1c40 FeatureBits : Uint4B
+0x1c48 UpdateSignature : _LARGE_INTEGER
+0x1c50 IsrTime : Uint8B
+0x1c58 RuntimeAccumulation : Uint8B
+0x1c60 PowerState : _PROCESSOR_POWER_STATE
+0x1d30 DpcWatchdogDpc : _KDPC
+0x1d50 DpcWatchdogTimer : _KTIMER
+0x1d78 WheaInfo : Ptr32 Void
+0x1d7c EtwSupport : Ptr32 Void
+0x1d80 InterruptObjectPool : _SLIST_HEADER
+0x1d88 HypercallPageList : _SLIST_HEADER
+0x1d90 HypercallPageVirtual : Ptr32 Void
+0x1d94 VirtualApicAssist : Ptr32 Void
+0x1d98 StatisticsPage : Ptr32 Uint8B
+0x1d9c RateControl : Ptr32 Void
+0x1da0 Cache : [5] _CACHE_DESCRIPTOR
+0x1ddc CacheCount : Uint4B
+0x1de0 CacheProcessorMask : [5] Uint4B
+0x1df4 PackageProcessorSet : Uint4B
+0x1df8 CoreProcessorSet : Uint4B
+0x1dfc PrcbPad10 : [36] UChar
+0x1e20 SpinLockAcquireCount : Uint4B
+0x1e24 SpinLockContentionCount : Uint4B
+0x1e28 SpinLockSpinCount : Uint4B
+0x1e2c IpiSendRequestBroadcastCount : Uint4B
+0x1e30 IpiSendRequestRoutineCount : Uint4B
+0x1e34 IpiSendSoftwareInterruptCount : Uint4B
+0x1e38 ExInitializeResourceCount : Uint4B
+0x1e3c ExReInitializeResourceCount : Uint4B
+0x1e40 ExDeleteResourceCount : Uint4B
+0x1e44 ExecutiveResourceAcquiresCount : Uint4B
+0x1e48 ExecutiveResourceContentionsCount : Uint4B
+0x1e4c ExecutiveResourceReleaseExclusiveCount : Uint4B
+0x1e50 ExecutiveResourceReleaseSharedCount : Uint4B
+0x1e54 ExecutiveResourceConvertsCount : Uint4B
+0x1e58 ExAcqResExclusiveAttempts : Uint4B
+0x1e5c ExAcqResExclusiveAcquiresExclusive : Uint4B
+0x1e60 ExAcqResExclusiveAcquiresExclusiveRecursive : Uint4B
+0x1e64 ExAcqResExclusiveWaits : Uint4B
+0x1e68 ExAcqResExclusiveNotAcquires : Uint4B
+0x1e6c ExAcqResSharedAttempts : Uint4B
+0x1e70 ExAcqResSharedAcquiresExclusive : Uint4B
+0x1e74 ExAcqResSharedAcquiresShared : Uint4B
+0x1e78 ExAcqResSharedAcquiresSharedRecursive : Uint4B
+0x1e7c ExAcqResSharedWaits : Uint4B
+0x1e80 ExAcqResSharedNotAcquires : Uint4B
+0x1e84 ExAcqResSharedStarveExclusiveAttempts : Uint4B
+0x1e88 ExAcqResSharedStarveExclusiveAcquiresExclusive : Uint4B
+0x1e8c ExAcqResSharedStarveExclusiveAcquiresShared : Uint4B
+0x1e90 ExAcqResSharedStarveExclusiveAcquiresSharedRecursive : Uint4B
+0x1e94 ExAcqResSharedStarveExclusiveWaits : Uint4B
+0x1e98 ExAcqResSharedStarveExclusiveNotAcquires : Uint4B
+0x1e9c ExAcqResSharedWaitForExclusiveAttempts : Uint4B
+0x1ea0 ExAcqResSharedWaitForExclusiveAcquiresExclusive : Uint4B
+0x1ea4 ExAcqResSharedWaitForExclusiveAcquiresShared : Uint4B
+0x1ea8 ExAcqResSharedWaitForExclusiveAcquiresSharedRecursive : Uint4B
+0x1eac ExAcqResSharedWaitForExclusiveWaits : Uint4B
+0x1eb0 ExAcqResSharedWaitForExclusiveNotAcquires : Uint4B
+0x1eb4 ExSetResOwnerPointerExclusive : Uint4B
+0x1eb8 ExSetResOwnerPointerSharedNew : Uint4B
+0x1ebc ExSetResOwnerPointerSharedOld : Uint4B
+0x1ec0 ExTryToAcqExclusiveAttempts : Uint4B
+0x1ec4 ExTryToAcqExclusiveAcquires : Uint4B
+0x1ec8 ExBoostExclusiveOwner : Uint4B
+0x1ecc ExBoostSharedOwners : Uint4B
+0x1ed0 ExEtwSynchTrackingNotificationsCount : Uint4B
+0x1ed4 ExEtwSynchTrackingNotificationsAccountedCount : Uint4B
+0x1ed8 Context : Ptr32 _CONTEXT
+0x1edc ContextFlags : Uint4B
+0x1ee0 ExtendedState : Ptr32 _XSAVE_AREA
1: kd> dt nt!_KTHREAD
+0x000 Header : _DISPATCHER_HEADER
+0x010 CycleTime : Uint8B
+0x018 HighCycleTime : Uint4B
+0x020 QuantumTarget : Uint8B
+0x028 InitialStack : Ptr32 Void
+0x02c StackLimit : Ptr32 Void
+0x030 KernelStack : Ptr32 Void
+0x034 ThreadLock : Uint4B
+0x038 WaitRegister : _KWAIT_STATUS_REGISTER
+0x039 Running : UChar
+0x03a Alerted : [2] UChar
+0x03c KernelStackResident : Pos 0, 1 Bit
+0x03c ReadyTransition : Pos 1, 1 Bit
+0x03c ProcessReadyQueue : Pos 2, 1 Bit
+0x03c WaitNext : Pos 3, 1 Bit
+0x03c SystemAffinityActive : Pos 4, 1 Bit
+0x03c Alertable : Pos 5, 1 Bit
+0x03c GdiFlushActive : Pos 6, 1 Bit
+0x03c UserStackWalkActive : Pos 7, 1 Bit
+0x03c ApcInterruptRequest : Pos 8, 1 Bit
+0x03c ForceDeferSchedule : Pos 9, 1 Bit
+0x03c QuantumEndMigrate : Pos 10, 1 Bit
+0x03c Reserved1 : Pos 11, 1 Bit
+0x03c Reserved2 : Pos 12, 20 Bits
+0x03c MiscFlags : Int4B
+0x040 ApcState : _KAPC_STATE
+0x040 ApcStateFill : [23] UChar
+0x057 Priority : Char
+0x058 NextProcessor : Uint4B
+0x05c DeferredProcessor : Uint4B
+0x060 ApcQueueLock : Uint4B
+0x064 ContextSwitches : Uint4B
+0x068 State : UChar
+0x069 NpxState : Char
+0x06a WaitIrql : UChar
+0x06b WaitMode : Char
+0x06c WaitStatus : Int4B
+0x070 WaitBlockList : Ptr32 _KWAIT_BLOCK
+0x074 WaitListEntry : _LIST_ENTRY
+0x074 SwapListEntry : _SINGLE_LIST_ENTRY
+0x07c Queue : Ptr32 _KQUEUE
+0x080 WaitTime : Uint4B
+0x084 KernelApcDisable : Int2B
+0x086 SpecialApcDisable : Int2B
+0x084 CombinedApcDisable : Uint4B
+0x088 Teb : Ptr32 Void
+0x090 Timer : _KTIMER
+0x090 TimerFill : [40] UChar
+0x0b8 AutoAlignment : Pos 0, 1 Bit
+0x0b8 DisableBoost : Pos 1, 1 Bit
+0x0b8 EtwStackTraceApc1Inserted : Pos 2, 1 Bit
+0x0b8 EtwStackTraceApc2Inserted : Pos 3, 1 Bit
+0x0b8 CalloutActive : Pos 4, 1 Bit
+0x0b8 ApcQueueable : Pos 5, 1 Bit
+0x0b8 EnableStackSwap : Pos 6, 1 Bit
+0x0b8 GuiThread : Pos 7, 1 Bit
+0x0b8 ReservedFlags : Pos 8, 24 Bits
+0x0b8 ThreadFlags : Int4B
+0x0c0 WaitBlock : [4] _KWAIT_BLOCK
+0x120 QueueListEntry : _LIST_ENTRY
+0x128 TrapFrame : Ptr32 _KTRAP_FRAME
+0x12c FirstArgument : Ptr32 Void
+0x130 CallbackStack : Ptr32 Void
+0x130 CallbackDepth : Uint4B
+0x134 ServiceTable : Ptr32 Void
+0x138 ApcStateIndex : UChar
+0x139 BasePriority : Char
+0x13a PriorityDecrement : Char
+0x13a ForegroundBoost : Pos 0, 4 Bits
+0x13a UnusualBoost : Pos 4, 4 Bits
+0x13b Preempted : UChar
+0x13c AdjustReason : UChar
+0x13d AdjustIncrement : Char
+0x13e PreviousMode : Char
+0x13f Saturation : Char
+0x140 SystemCallNumber : Uint4B
+0x144 FreezeCount : Uint4B
+0x148 UserAffinity : _GROUP_AFFINITY
+0x154 Process : Ptr32 _KPROCESS
+0x158 Affinity : _GROUP_AFFINITY
+0x164 IdealProcessor : Uint4B
+0x168 UserIdealProcessor : Uint4B
+0x16c ApcStatePointer : [2] Ptr32 _KAPC_STATE
+0x174 SavedApcState : _KAPC_STATE
+0x174 SavedApcStateFill : [23] UChar
+0x18b WaitReason : UChar
+0x18c SuspendCount : Char
+0x18d Spare1 : Char
+0x18e OtherPlatformFill : UChar
+0x190 Win32Thread : Ptr32 Void
+0x194 StackBase : Ptr32 Void
+0x198 SuspendApc : _KAPC
+0x198 SuspendApcFill0 : [1] UChar
+0x199 ResourceIndex : UChar
+0x198 SuspendApcFill1 : [3] UChar
+0x19b QuantumReset : UChar
+0x198 SuspendApcFill2 : [4] UChar
+0x19c KernelTime : Uint4B
+0x198 SuspendApcFill3 : [36] UChar
+0x1bc WaitPrcb : Ptr32 _KPRCB
+0x198 SuspendApcFill4 : [40] UChar
+0x1c0 LegoData : Ptr32 Void
+0x198 SuspendApcFill5 : [47] UChar
+0x1c7 LargeStack : UChar
+0x1c8 UserTime : Uint4B
+0x1cc SuspendSemaphore : _KSEMAPHORE
+0x1cc SuspendSemaphorefill : [20] UChar
+0x1e0 SListFaultCount : Uint4B
+0x1e4 ThreadListEntry : _LIST_ENTRY
+0x1ec MutantListHead : _LIST_ENTRY
+0x1f4 SListFaultAddress : Ptr32 Void
+0x1f8 ThreadCounters : Ptr32 _KTHREAD_COUNTERS
+0x1fc XStateSave : Ptr32 _XSTATE_SAVE
1: kd> dt nt!_ETHREAD
+0x000 Tcb : _KTHREAD
+0x200 CreateTime : _LARGE_INTEGER
+0x208 ExitTime : _LARGE_INTEGER
+0x208 KeyedWaitChain : _LIST_ENTRY
+0x210 ExitStatus : Int4B
+0x210 OfsChain : Ptr32 Void
+0x214 PostBlockList : _LIST_ENTRY
+0x214 ForwardLinkShadow : Ptr32 Void
+0x218 StartAddress : Ptr32 Void
+0x21c TerminationPort : Ptr32 _TERMINATION_PORT
+0x21c ReaperLink : Ptr32 _ETHREAD
+0x21c KeyedWaitValue : Ptr32 Void
+0x220 ActiveTimerListLock : Uint4B
+0x224 ActiveTimerListHead : _LIST_ENTRY
+0x22c Cid : _CLIENT_ID
+0x234 KeyedWaitSemaphore : _KSEMAPHORE
+0x234 AlpcWaitSemaphore : _KSEMAPHORE
+0x248 ClientSecurity : _PS_CLIENT_SECURITY_CONTEXT
+0x24c IrpList : _LIST_ENTRY
+0x254 TopLevelIrp : Uint4B
+0x258 DeviceToVerify : Ptr32 _DEVICE_OBJECT
+0x25c CpuQuotaApc : Ptr32 _PSP_CPU_QUOTA_APC
+0x260 Win32StartAddress : Ptr32 Void
+0x264 LegacyPowerObject : Ptr32 Void
+0x268 ThreadListEntry : _LIST_ENTRY
+0x270 RundownProtect : _EX_RUNDOWN_REF
+0x274 ThreadLock : _EX_PUSH_LOCK
+0x278 ReadClusterSize : Uint4B
+0x27c MmLockOrdering : Int4B
+0x280 CrossThreadFlags : Uint4B
+0x280 Terminated : Pos 0, 1 Bit
+0x280 ThreadInserted : Pos 1, 1 Bit
+0x280 HideFromDebugger : Pos 2, 1 Bit
+0x280 ActiveImpersonationInfo : Pos 3, 1 Bit
+0x280 SystemThread : Pos 4, 1 Bit
+0x280 HardErrorsAreDisabled : Pos 5, 1 Bit
+0x280 BreakOnTermination : Pos 6, 1 Bit
+0x280 SkipCreationMsg : Pos 7, 1 Bit
+0x280 SkipTerminationMsg : Pos 8, 1 Bit
+0x280 CopyTokenOnOpen : Pos 9, 1 Bit
+0x280 ThreadIoPriority : Pos 10, 3 Bits
+0x280 ThreadPagePriority : Pos 13, 3 Bits
+0x280 RundownFail : Pos 16, 1 Bit
+0x284 SameThreadPassiveFlags : Uint4B
+0x284 ActiveExWorker : Pos 0, 1 Bit
+0x284 ExWorkerCanWaitUser : Pos 1, 1 Bit
+0x284 MemoryMaker : Pos 2, 1 Bit
+0x284 ClonedThread : Pos 3, 1 Bit
+0x284 KeyedEventInUse : Pos 4, 1 Bit
+0x284 RateApcState : Pos 5, 2 Bits
+0x284 SelfTerminate : Pos 7, 1 Bit
+0x288 SameThreadApcFlags : Uint4B
+0x288 Spare : Pos 0, 1 Bit
+0x288 StartAddressInvalid : Pos 1, 1 Bit
+0x288 EtwPageFaultCalloutActive : Pos 2, 1 Bit
+0x288 OwnsProcessWorkingSetExclusive : Pos 3, 1 Bit
+0x288 OwnsProcessWorkingSetShared : Pos 4, 1 Bit
+0x288 OwnsSystemCacheWorkingSetExclusive : Pos 5, 1 Bit
+0x288 OwnsSystemCacheWorkingSetShared : Pos 6, 1 Bit
+0x288 OwnsSessionWorkingSetExclusive : Pos 7, 1 Bit
+0x289 OwnsSessionWorkingSetShared : Pos 0, 1 Bit
+0x289 OwnsProcessAddressSpaceExclusive : Pos 1, 1 Bit
+0x289 OwnsProcessAddressSpaceShared : Pos 2, 1 Bit
+0x289 SuppressSymbolLoad : Pos 3, 1 Bit
+0x289 Prefetching : Pos 4, 1 Bit
+0x289 OwnsDynamicMemoryShared : Pos 5, 1 Bit
+0x289 OwnsChangeControlAreaExclusive : Pos 6, 1 Bit
+0x289 OwnsChangeControlAreaShared : Pos 7, 1 Bit
+0x28a OwnsPagedPoolWorkingSetExclusive : Pos 0, 1 Bit
+0x28a OwnsPagedPoolWorkingSetShared : Pos 1, 1 Bit
+0x28a OwnsSystemPtesWorkingSetExclusive : Pos 2, 1 Bit
+0x28a OwnsSystemPtesWorkingSetShared : Pos 3, 1 Bit
+0x28a Spare1 : Pos 4, 4 Bits
+0x28b PriorityRegionActive : UChar
+0x28c CacheManagerActive : UChar
+0x28d DisablePageFaultClustering : UChar
+0x28e ActiveFaultCount : UChar
+0x28f LockOrderState : UChar
+0x290 AlpcMessageId : Uint4B
+0x294 AlpcMessage : Ptr32 Void
+0x294 AlpcReceiveAttributeSet : Uint4B
+0x298 AlpcWaitListEntry : _LIST_ENTRY
+0x2a0 CacheManagerCount : Uint4B
+0x2a4 CmCallbackCount : Uint4B
+0x2a8 IrpListLock : Uint4B
+0x2ac IoBoostCount : Uint4B
+0x2b0 ReservedForSynchTracking : Ptr32 Void
1: kd> dt nt!_KPROCESS
+0x000 Header : _DISPATCHER_HEADER
+0x010 ProfileListHead : _LIST_ENTRY
+0x018 DirectoryTableBase : Uint4B
+0x01c LdtDescriptor : _KGDTENTRY
+0x024 Int21Descriptor : _KIDTENTRY
+0x02c ActiveProcessors : _KAFFINITY_EX
+0x038 KernelTime : Uint4B
+0x03c UserTime : Uint4B
+0x040 ReadyListHead : _LIST_ENTRY
+0x048 SwapListEntry : _SINGLE_LIST_ENTRY
+0x04c VdmTrapcHandler : Ptr32 Void
+0x050 ThreadListHead : _LIST_ENTRY
+0x058 ProcessLock : Uint4B
+0x05c Affinity : _KAFFINITY_EX
+0x068 AutoAlignment : Pos 0, 1 Bit
+0x068 DisableBoost : Pos 1, 1 Bit
+0x068 DisableQuantum : Pos 2, 1 Bit
+0x068 ActiveGroupsMask : Pos 3, 1 Bit
+0x068 ReservedFlags : Pos 4, 28 Bits
+0x068 ProcessFlags : Int4B
+0x06c BasePriority : Char
+0x06d QuantumReset : Char
+0x06e Visited : UChar
+0x06f Unused3 : UChar
+0x070 ThreadSeed : [1] Uint4B
+0x074 IdealNode : [1] Uint2B
+0x076 IdealGlobalNode : Uint2B
+0x078 Flags : _KEXECUTE_OPTIONS
+0x078 ExecuteOptions : UChar
+0x079 Unused1 : UChar
+0x07a IopmOffset : Uint2B
+0x07c Unused4 : Uint4B
+0x080 StackCount : _KSTACK_COUNT
+0x084 ProcessListEntry : _LIST_ENTRY
+0x090 CycleTime : Uint8B
1: kd> dt nt!_EPROCESS
+0x000 Pcb : _KPROCESS
+0x098 ProcessLock : _EX_PUSH_LOCK
+0x0a0 CreateTime : _LARGE_INTEGER
+0x0a8 ExitTime : _LARGE_INTEGER
+0x0b0 RundownProtect : _EX_RUNDOWN_REF
+0x0b4 UniqueProcessId : Ptr32 Void
+0x0b8 ActiveProcessLinks : _LIST_ENTRY
+0x0c0 ProcessQuotaUsage : [2] Uint4B
+0x0c8 ProcessQuotaPeak : [2] Uint4B
+0x0d0 CommitCharge : Uint4B
+0x0d4 SpareUlongPtr : [2] Uint4B
+0x0dc PeakVirtualSize : Uint4B
+0x0e0 VirtualSize : Uint4B
+0x0e4 SessionProcessLinks : _LIST_ENTRY
+0x0ec DebugPort : Ptr32 Void
+0x0f0 ExceptionPortData : Ptr32 Void
+0x0f0 ExceptionPortValue : Uint4B
+0x0f0 ExceptionPortState : Pos 0, 3 Bits
+0x0f4 ObjectTable : Ptr32 _HANDLE_TABLE
+0x0f8 Token : _EX_FAST_REF
+0x0fc WorkingSetPage : Uint4B
+0x100 AddressCreationLock : _EX_PUSH_LOCK
+0x104 RotateInProgress : Ptr32 _ETHREAD
+0x108 ForkInProgress : Ptr32 _ETHREAD
+0x10c HardwareTrigger : Uint4B
+0x110 PhysicalVadRoot : Ptr32 _MM_AVL_TABLE
+0x114 CloneRoot : Ptr32 Void
+0x118 NumberOfPrivatePages : Uint4B
+0x11c NumberOfLockedPages : Uint4B
+0x120 Win32Process : Ptr32 Void
+0x124 Job : Ptr32 _EJOB
+0x128 SectionObject : Ptr32 Void
+0x12c SectionBaseAddress : Ptr32 Void
+0x130 QuotaBlock : Ptr32 _EPROCESS_QUOTA_BLOCK
+0x134 WorkingSetWatch : Ptr32 _PAGEFAULT_HISTORY
+0x138 Win32WindowStation : Ptr32 Void
+0x13c InheritedFromUniqueProcessId : Ptr32 Void
+0x140 LdtInformation : Ptr32 Void
+0x144 Spare : Ptr32 Void
+0x148 VdmObjects : Ptr32 Void
+0x14c DeviceMap : Ptr32 Void
+0x150 EtwDataSource : Ptr32 Void
+0x154 FreeTebHint : Ptr32 Void
+0x158 PageDirectoryPte : _HARDWARE_PTE
+0x158 Filler : Uint8B
+0x160 Session : Ptr32 Void
+0x164 ImageFileName : [16] UChar
+0x174 JobLinks : _LIST_ENTRY
+0x17c LockedPagesList : Ptr32 Void
+0x180 ThreadListHead : _LIST_ENTRY
+0x188 SecurityPort : Ptr32 Void
+0x18c PaeTop : Ptr32 Void
+0x190 ActiveThreads : Uint4B
+0x194 ImagePathHash : Uint4B
+0x198 DefaultHardErrorProcessing : Uint4B
+0x19c LastThreadExitStatus : Int4B
+0x1a0 Peb : Ptr32 _PEB
+0x1a4 PrefetchTrace : _EX_FAST_REF
+0x1a8 ReadOperationCount : _LARGE_INTEGER
+0x1b0 WriteOperationCount : _LARGE_INTEGER
+0x1b8 OtherOperationCount : _LARGE_INTEGER
+0x1c0 ReadTransferCount : _LARGE_INTEGER
+0x1c8 WriteTransferCount : _LARGE_INTEGER
+0x1d0 OtherTransferCount : _LARGE_INTEGER
+0x1d8 CommitChargeLimit : Uint4B
+0x1dc CommitChargePeak : Uint4B
+0x1e0 AweInfo : Ptr32 Void
+0x1e4 SeAuditProcessCreationInfo : _SE_AUDIT_PROCESS_CREATION_INFO
+0x1e8 Vm : _MMSUPPORT
+0x250 MmProcessLinks : _LIST_ENTRY
+0x258 ModifiedPageCount : Uint4B
+0x25c Flags2 : Uint4B
+0x25c JobNotReallyActive : Pos 0, 1 Bit
+0x25c AccountingFolded : Pos 1, 1 Bit
+0x25c NewProcessReported : Pos 2, 1 Bit
+0x25c ExitProcessReported : Pos 3, 1 Bit
+0x25c ReportCommitChanges : Pos 4, 1 Bit
+0x25c LastReportMemory : Pos 5, 1 Bit
+0x25c ReportPhysicalPageChanges : Pos 6, 1 Bit
+0x25c HandleTableRundown : Pos 7, 1 Bit
+0x25c NeedsHandleRundown : Pos 8, 1 Bit
+0x25c RefTraceEnabled : Pos 9, 1 Bit
+0x25c NumaAware : Pos 10, 1 Bit
+0x25c ProtectedProcess : Pos 11, 1 Bit
+0x25c DefaultPagePriority : Pos 12, 3 Bits
+0x25c PrimaryTokenFrozen : Pos 15, 1 Bit
+0x25c ProcessVerifierTarget : Pos 16, 1 Bit
+0x25c StackRandomizationDisabled : Pos 17, 1 Bit
+0x25c AffinityPermanent : Pos 18, 1 Bit
+0x25c AffinityUpdateEnable : Pos 19, 1 Bit
+0x25c CrossSessionCreate : Pos 20, 1 Bit
+0x260 Flags : Uint4B
+0x260 CreateReported : Pos 0, 1 Bit
+0x260 NoDebugInherit : Pos 1, 1 Bit
+0x260 ProcessExiting : Pos 2, 1 Bit
+0x260 ProcessDelete : Pos 3, 1 Bit
+0x260 Wow64SplitPages : Pos 4, 1 Bit
+0x260 VmDeleted : Pos 5, 1 Bit
+0x260 OutswapEnabled : Pos 6, 1 Bit
+0x260 Outswapped : Pos 7, 1 Bit
+0x260 ForkFailed : Pos 8, 1 Bit
+0x260 Wow64VaSpace4Gb : Pos 9, 1 Bit
+0x260 AddressSpaceInitialized : Pos 10, 2 Bits
+0x260 SetTimerResolution : Pos 12, 1 Bit
+0x260 BreakOnTermination : Pos 13, 1 Bit
+0x260 DeprioritizeViews : Pos 14, 1 Bit
+0x260 WriteWatch : Pos 15, 1 Bit
+0x260 ProcessInSession : Pos 16, 1 Bit
+0x260 OverrideAddressSpace : Pos 17, 1 Bit
+0x260 HasAddressSpace : Pos 18, 1 Bit
+0x260 LaunchPrefetched : Pos 19, 1 Bit
+0x260 InjectInpageErrors : Pos 20, 1 Bit
+0x260 VmTopDown : Pos 21, 1 Bit
+0x260 ImageNotifyDone : Pos 22, 1 Bit
+0x260 PdeUpdateNeeded : Pos 23, 1 Bit
+0x260 VdmAllowed : Pos 24, 1 Bit
+0x260 PropagateNode : Pos 25, 1 Bit
+0x260 ProcessInserted : Pos 26, 1 Bit
+0x260 DefaultIoPriority : Pos 27, 3 Bits
+0x260 ProcessSelfDelete : Pos 30, 1 Bit
+0x260 SpareProcessFlags : Pos 31, 1 Bit
+0x264 ExitStatus : Int4B
+0x268 Spare7 : Uint2B
+0x26a SubSystemMinorVersion : UChar
+0x26b SubSystemMajorVersion : UChar
+0x26a SubSystemVersion : Uint2B
+0x26c PriorityClass : UChar
+0x270 VadRoot : _MM_AVL_TABLE
+0x290 Cookie : Uint4B
+0x294 Spare8 : Uint4B
+0x298 AlpcContext : _ALPC_PROCESS_CONTEXT
+0x2a8 TimerResolutionLink : _LIST_ENTRY
+0x2b0 RequestedTimerResolution : Uint4B
+0x2b4 ActiveThreadsHighWatermark : Uint4B
+0x2b8 ConsoleHostProcess : Uint4B
+0x2bc CpuQuotaBlock : Ptr32 _PS_CPU_QUOTA_BLOCK
1: kd> dt nt!_PEB
+0x000 InheritedAddressSpace : UChar
+0x001 ReadImageFileExecOptions : UChar
+0x002 BeingDebugged : UChar
+0x003 BitField : UChar
+0x003 ImageUsesLargePages : Pos 0, 1 Bit
+0x003 IsProtectedProcess : Pos 1, 1 Bit
+0x003 IsLegacyProcess : Pos 2, 1 Bit
+0x003 IsImageDynamicallyRelocated : Pos 3, 1 Bit
+0x003 SkipPatchingUser32Forwarders : Pos 4, 1 Bit
+0x003 SpareBits : Pos 5, 3 Bits
+0x004 Mutant : Ptr32 Void
+0x008 ImageBaseAddress : Ptr32 Void
+0x00c Ldr : Ptr32 _PEB_LDR_DATA
+0x010 ProcessParameters : Ptr32 _RTL_USER_PROCESS_PARAMETERS
+0x014 SubSystemData : Ptr32 Void
+0x018 ProcessHeap : Ptr32 Void
+0x01c FastPebLock : Ptr32 _RTL_CRITICAL_SECTION
+0x020 AtlThunkSListPtr : Ptr32 Void
+0x024 IFEOKey : Ptr32 Void
+0x028 CrossProcessFlags : Uint4B
+0x028 ProcessInJob : Pos 0, 1 Bit
+0x028 ProcessInitializing : Pos 1, 1 Bit
+0x028 ProcessUsingVEH : Pos 2, 1 Bit
+0x028 ProcessUsingVCH : Pos 3, 1 Bit
+0x028 ProcessUsingFTH : Pos 4, 1 Bit
+0x028 ReservedBits0 : Pos 5, 27 Bits
+0x02c KernelCallbackTable : Ptr32 Void
+0x02c UserSharedInfoPtr : Ptr32 Void
+0x030 SystemReserved : [1] Uint4B
+0x034 TracingFlags : Uint4B
+0x034 HeapTracingEnabled : Pos 0, 1 Bit
+0x034 CritSecTracingEnabled : Pos 1, 1 Bit
+0x034 SpareTracingBits : Pos 2, 30 Bits
+0x038 ApiSetMap : Ptr32 Void
+0x03c TlsExpansionCounter : Uint4B
+0x040 TlsBitmap : Ptr32 Void
+0x044 TlsBitmapBits : [2] Uint4B
+0x04c ReadOnlySharedMemoryBase : Ptr32 Void
+0x050 HotpatchInformation : Ptr32 Void
+0x054 ReadOnlyStaticServerData : Ptr32 Ptr32 Void
+0x058 AnsiCodePageData : Ptr32 Void
+0x05c OemCodePageData : Ptr32 Void
+0x060 UnicodeCaseTableData : Ptr32 Void
+0x064 NumberOfProcessors : Uint4B
+0x068 NtGlobalFlag : Uint4B
+0x070 CriticalSectionTimeout : _LARGE_INTEGER
+0x078 HeapSegmentReserve : Uint4B
+0x07c HeapSegmentCommit : Uint4B
+0x080 HeapDeCommitTotalFreeThreshold : Uint4B
+0x084 HeapDeCommitFreeBlockThreshold : Uint4B
+0x088 NumberOfHeaps : Uint4B
+0x08c MaximumNumberOfHeaps : Uint4B
+0x090 ProcessHeaps : Ptr32 Ptr32 Void
+0x094 GdiSharedHandleTable : Ptr32 Void
+0x098 ProcessStarterHelper : Ptr32 Void
+0x09c GdiDCAttributeList : Uint4B
+0x0a0 LoaderLock : Ptr32 _RTL_CRITICAL_SECTION
+0x0a4 OSMajorVersion : Uint4B
+0x0a8 OSMinorVersion : Uint4B
+0x0ac OSBuildNumber : Uint2B
+0x0ae OSCSDVersion : Uint2B
+0x0b0 OSPlatformId : Uint4B
+0x0b4 ImageSubsystem : Uint4B
+0x0b8 ImageSubsystemMajorVersion : Uint4B
+0x0bc ImageSubsystemMinorVersion : Uint4B
+0x0c0 ActiveProcessAffinityMask : Uint4B
+0x0c4 GdiHandleBuffer : [34] Uint4B
+0x14c PostProcessInitRoutine : Ptr32 void
+0x150 TlsExpansionBitmap : Ptr32 Void
+0x154 TlsExpansionBitmapBits : [32] Uint4B
+0x1d4 SessionId : Uint4B
+0x1d8 AppCompatFlags : _ULARGE_INTEGER
+0x1e0 AppCompatFlagsUser : _ULARGE_INTEGER
+0x1e8 pShimData : Ptr32 Void
+0x1ec AppCompatInfo : Ptr32 Void
+0x1f0 CSDVersion : _UNICODE_STRING
+0x1f8 ActivationContextData : Ptr32 _ACTIVATION_CONTEXT_DATA
+0x1fc ProcessAssemblyStorageMap : Ptr32 _ASSEMBLY_STORAGE_MAP
+0x200 SystemDefaultActivationContextData : Ptr32 _ACTIVATION_CONTEXT_DATA
+0x204 SystemAssemblyStorageMap : Ptr32 _ASSEMBLY_STORAGE_MAP
+0x208 MinimumStackCommit : Uint4B
+0x20c FlsCallback : Ptr32 _FLS_CALLBACK_INFO
+0x210 FlsListHead : _LIST_ENTRY
+0x218 FlsBitmap : Ptr32 Void
+0x21c FlsBitmapBits : [4] Uint4B
+0x22c FlsHighIndex : Uint4B
+0x230 WerRegistrationData : Ptr32 Void
+0x234 WerShipAssertPtr : Ptr32 Void
+0x238 pContextData : Ptr32 Void
+0x23c pImageHeaderHash : Ptr32 Void
1: kd> dt nt!_TEB
+0x000 NtTib : _NT_TIB
+0x01c EnvironmentPointer : Ptr32 Void
+0x020 ClientId : _CLIENT_ID
+0x028 ActiveRpcHandle : Ptr32 Void
+0x02c ThreadLocalStoragePointer : Ptr32 Void
+0x030 ProcessEnvironmentBlock : Ptr32 _PEB
+0x034 LastErrorValue : Uint4B
+0x038 CountOfOwnedCriticalSections : Uint4B
+0x03c CsrClientThread : Ptr32 Void
+0x040 Win32ThreadInfo : Ptr32 Void
+0x044 User32Reserved : [26] Uint4B
+0x0ac UserReserved : [5] Uint4B
+0x0c0 WOW32Reserved : Ptr32 Void
+0x0c4 CurrentLocale : Uint4B
+0x0c8 FpSoftwareStatusRegister : Uint4B
+0x0cc SystemReserved1 : [54] Ptr32 Void
+0x1a4 ExceptionCode : Int4B
+0x1a8 ActivationContextStackPointer : Ptr32 _ACTIVATION_CONTEXT_STACK
+0x1ac SpareBytes1 : [2] UChar
+0x1ae SpareBytes2 : [34] UChar
+0x1d0 TxFsContext : Uint4B
+0x1d4 GdiTebBatch : _GDI_TEB_BATCH
+0x6b4 RealClientId : _CLIENT_ID
+0x6bc GdiCachedProcessHandle : Ptr32 Void
+0x6c0 GdiClientPID : Uint4B
+0x6c4 GdiClientTID : Uint4B
+0x6c8 GdiThreadLocalInfo : Ptr32 Void
+0x6cc Win32ClientInfo : [62] Uint4B
+0x7c4 glDispatchTable : [233] Ptr32 Void
+0xb68 glReserved1 : [29] Uint4B
+0xbdc glReserved2 : Ptr32 Void
+0xbe0 glSectionInfo : Ptr32 Void
+0xbe4 glSection : Ptr32 Void
+0xbe8 glTable : Ptr32 Void
+0xbec glCurrentRC : Ptr32 Void
+0xbf0 glContext : Ptr32 Void
+0xbf4 LastStatusValue : Uint4B
+0xbf8 StaticUnicodeString : _UNICODE_STRING
+0xc00 StaticUnicodeBuffer : [261] Wchar
+0xe0c DeallocationStack : Ptr32 Void
+0xe10 TlsSlots : [64] Ptr32 Void
+0xf10 TlsLinks : _LIST_ENTRY
+0xf18 Vdm : Ptr32 Void
+0xf1c ReservedForNtRpc : Ptr32 Void
+0xf20 DbgSsReserved : [2] Ptr32 Void
+0xf28 HardErrorMode : Uint4B
+0xf2c Instrumentation : [9] Ptr32 Void
+0xf50 ActivityId : _GUID
+0xf60 SubProcessTag : Ptr32 Void
+0xf64 EtwLocalData : Ptr32 Void
+0xf68 EtwTraceData : Ptr32 Void
+0xf6c WinSockData : Ptr32 Void
+0xf70 GdiBatchCount : Uint4B
+0xf74 CurrentIdealProcessor : _PROCESSOR_NUMBER
+0xf74 IdealProcessorValue : Uint4B
+0xf74 ReservedPad0 : UChar
+0xf75 ReservedPad1 : UChar
+0xf76 ReservedPad2 : UChar
+0xf77 IdealProcessor : UChar
+0xf78 GuaranteedStackBytes : Uint4B
+0xf7c ReservedForPerf : Ptr32 Void
+0xf80 ReservedForOle : Ptr32 Void
+0xf84 WaitingOnLoaderLock : Uint4B
+0xf88 SavedPriorityState : Ptr32 Void
+0xf8c SoftPatchPtr1 : Uint4B
+0xf90 ThreadPoolData : Ptr32 Void
+0xf94 TlsExpansionSlots : Ptr32 Ptr32 Void
+0xf98 MuiGeneration : Uint4B
+0xf9c IsImpersonating : Uint4B
+0xfa0 NlsCache : Ptr32 Void
+0xfa4 pShimData : Ptr32 Void
+0xfa8 HeapVirtualAffinity : Uint4B
+0xfac CurrentTransactionHandle : Ptr32 Void
+0xfb0 ActiveFrame : Ptr32 _TEB_ACTIVE_FRAME
+0xfb4 FlsData : Ptr32 Void
+0xfb8 PreferredLanguages : Ptr32 Void
+0xfbc UserPrefLanguages : Ptr32 Void
+0xfc0 MergedPrefLanguages : Ptr32 Void
+0xfc4 MuiImpersonation : Uint4B
+0xfc8 CrossTebFlags : Uint2B
+0xfc8 SpareCrossTebBits : Pos 0, 16 Bits
+0xfca SameTebFlags : Uint2B
+0xfca SafeThunkCall : Pos 0, 1 Bit
+0xfca InDebugPrint : Pos 1, 1 Bit
+0xfca HasFiberData : Pos 2, 1 Bit
+0xfca SkipThreadAttach : Pos 3, 1 Bit
+0xfca WerInShipAssertCode : Pos 4, 1 Bit
+0xfca RanProcessInit : Pos 5, 1 Bit
+0xfca ClonedThread : Pos 6, 1 Bit
+0xfca SuppressDebugMsg : Pos 7, 1 Bit
+0xfca DisableUserStackWalk : Pos 8, 1 Bit
+0xfca RtlExceptionAttached : Pos 9, 1 Bit
+0xfca SpareSameTebBits : Pos 10, 6 Bits
+0xfcc TxnScopeEnterCallback : Ptr32 Void
+0xfd0 TxnScopeExitCallback : Ptr32 Void
+0xfd4 TxnScopeContext : Ptr32 Void
+0xfd8 LockCount : Uint4B
+0xfdc SpareUlong0 : Uint4B
+0xfe0 ResourceRetValue : Ptr32 Void
https://www.openrce.org/blog/view/1341/Windows_7_kernel_structures