NT kernel structures(xp_sp3) xp sp3未文档化结构体
The following source code can be very useful when you are debuging kernel & user objects under either ring0 or ring3 within Windows XP sp3. (note: you'd better verify it using
dt -b !ntXXX within windbg)
To use it, please copy the following code to a header file, name it as you wish and include it in your source.
Here is a sample:
inline ntsp3::PTEB GetTEB(){ __asm mov eax, fs:[0x18]
/* or return (ntsp3::PTEB)__readfsdword( 0x18 ); */
}
#include
namespace ntsp3
{
typedef double FLOAT64;
{
typedef double FLOAT64;
typedef enum _ALTERNATIVE_ARCHITECTURE_TYPE {
StandardDesign = 0 /*0x0*/,
NEC98x86 = 1 /*0x1*/,
EndAlternatives = 2 /*0x2*/
}ALTERNATIVE_ARCHITECTURE_TYPE, *PALTERNATIVE_ARCHITECTURE_TYPE;
StandardDesign = 0 /*0x0*/,
NEC98x86 = 1 /*0x1*/,
EndAlternatives = 2 /*0x2*/
}ALTERNATIVE_ARCHITECTURE_TYPE, *PALTERNATIVE_ARCHITECTURE_TYPE;
typedef enum _ARBITER_ACTION {
ArbiterActionTestAllocation = 0 /*0x0*/,
ArbiterActionRetestAllocation = 1 /*0x1*/,
ArbiterActionCommitAllocation = 2 /*0x2*/,
ArbiterActionRollbackAllocation = 3 /*0x3*/,
ArbiterActionQueryAllocatedResources = 4 /*0x4*/,
ArbiterActionWriteReservedResources = 5 /*0x5*/,
ArbiterActionQueryConflict = 6 /*0x6*/,
ArbiterActionQueryArbitrate = 7 /*0x7*/,
ArbiterActionAddReserved = 8 /*0x8*/,
ArbiterActionBootAllocation = 9 /*0x9*/
}ARBITER_ACTION, *PARBITER_ACTION;
ArbiterActionTestAllocation = 0 /*0x0*/,
ArbiterActionRetestAllocation = 1 /*0x1*/,
ArbiterActionCommitAllocation = 2 /*0x2*/,
ArbiterActionRollbackAllocation = 3 /*0x3*/,
ArbiterActionQueryAllocatedResources = 4 /*0x4*/,
ArbiterActionWriteReservedResources = 5 /*0x5*/,
ArbiterActionQueryConflict = 6 /*0x6*/,
ArbiterActionQueryArbitrate = 7 /*0x7*/,
ArbiterActionAddReserved = 8 /*0x8*/,
ArbiterActionBootAllocation = 9 /*0x9*/
}ARBITER_ACTION, *PARBITER_ACTION;
typedef enum _ARBITER_REQUEST_SOURCE {
ArbiterRequestUndefined = -1 /*0xFF*/,
ArbiterRequestLegacyReported = 0 /*0x0*/,
ArbiterRequestHalReported = 1 /*0x1*/,
ArbiterRequestLegacyAssigned = 2 /*0x2*/,
ArbiterRequestPnpDetected = 3 /*0x3*/,
ArbiterRequestPnpEnumerated = 4 /*0x4*/
}ARBITER_REQUEST_SOURCE, *PARBITER_REQUEST_SOURCE;
ArbiterRequestUndefined = -1 /*0xFF*/,
ArbiterRequestLegacyReported = 0 /*0x0*/,
ArbiterRequestHalReported = 1 /*0x1*/,
ArbiterRequestLegacyAssigned = 2 /*0x2*/,
ArbiterRequestPnpDetected = 3 /*0x3*/,
ArbiterRequestPnpEnumerated = 4 /*0x4*/
}ARBITER_REQUEST_SOURCE, *PARBITER_REQUEST_SOURCE;
typedef enum _ARBITER_RESULT {
ArbiterResultUndefined = -1 /*0xFF*/,
ArbiterResultSuccess = 0 /*0x0*/,
ArbiterResultExternalConflict = 1 /*0x1*/,
ArbiterResultNullRequest = 2 /*0x2*/
}ARBITER_RESULT, *PARBITER_RESULT;
ArbiterResultUndefined = -1 /*0xFF*/,
ArbiterResultSuccess = 0 /*0x0*/,
ArbiterResultExternalConflict = 1 /*0x1*/,
ArbiterResultNullRequest = 2 /*0x2*/
}ARBITER_RESULT, *PARBITER_RESULT;
typedef enum _BUS_DATA_TYPE {
ConfigurationSpaceUndefined = -1 /*0xFF*/,
Cmos = 0 /*0x0*/,
EisaConfiguration = 1 /*0x1*/,
Pos = 2 /*0x2*/,
CbusConfiguration = 3 /*0x3*/,
PCIConfiguration = 4 /*0x4*/,
VMEConfiguration = 5 /*0x5*/,
NuBusConfiguration = 6 /*0x6*/,
PCMCIAConfiguration = 7 /*0x7*/,
MPIConfiguration = 8 /*0x8*/,
MPSAConfiguration = 9 /*0x9*/,
PNPISAConfiguration = 10 /*0xA*/,
SgiInternalConfiguration = 11 /*0xB*/,
MaximumBusDataType = 12 /*0xC*/
}BUS_DATA_TYPE, *PBUS_DATA_TYPE;
ConfigurationSpaceUndefined = -1 /*0xFF*/,
Cmos = 0 /*0x0*/,
EisaConfiguration = 1 /*0x1*/,
Pos = 2 /*0x2*/,
CbusConfiguration = 3 /*0x3*/,
PCIConfiguration = 4 /*0x4*/,
VMEConfiguration = 5 /*0x5*/,
NuBusConfiguration = 6 /*0x6*/,
PCMCIAConfiguration = 7 /*0x7*/,
MPIConfiguration = 8 /*0x8*/,
MPSAConfiguration = 9 /*0x9*/,
PNPISAConfiguration = 10 /*0xA*/,
SgiInternalConfiguration = 11 /*0xB*/,
MaximumBusDataType = 12 /*0xC*/
}BUS_DATA_TYPE, *PBUS_DATA_TYPE;
typedef enum _BUS_QUERY_ID_TYPE {
BusQueryDeviceID = 0 /*0x0*/,
BusQueryHardwareIDs = 1 /*0x1*/,
BusQueryCompatibleIDs = 2 /*0x2*/,
BusQueryInstanceID = 3 /*0x3*/,
BusQueryDeviceSerialNumber = 4 /*0x4*/
}BUS_QUERY_ID_TYPE, *PBUS_QUERY_ID_TYPE;
BusQueryDeviceID = 0 /*0x0*/,
BusQueryHardwareIDs = 1 /*0x1*/,
BusQueryCompatibleIDs = 2 /*0x2*/,
BusQueryInstanceID = 3 /*0x3*/,
BusQueryDeviceSerialNumber = 4 /*0x4*/
}BUS_QUERY_ID_TYPE, *PBUS_QUERY_ID_TYPE;
typedef enum _CPU_VENDORS {
CPU_NONE = 0 /*0x0*/,
CPU_INTEL = 1 /*0x1*/,
CPU_AMD = 2 /*0x2*/,
CPU_CYRIX = 3 /*0x3*/,
CPU_TRANSMETA = 4 /*0x4*/,
CPU_CENTAUR = 5 /*0x5*/,
CPU_RISE = 6 /*0x6*/,
CPU_UNKNOWN = 7 /*0x7*/
}CPU_VENDORS, *PCPU_VENDORS;
CPU_NONE = 0 /*0x0*/,
CPU_INTEL = 1 /*0x1*/,
CPU_AMD = 2 /*0x2*/,
CPU_CYRIX = 3 /*0x3*/,
CPU_TRANSMETA = 4 /*0x4*/,
CPU_CENTAUR = 5 /*0x5*/,
CPU_RISE = 6 /*0x6*/,
CPU_UNKNOWN = 7 /*0x7*/
}CPU_VENDORS, *PCPU_VENDORS;
typedef enum _DEVICE_POWER_STATE {
PowerDeviceUnspecified = 0 /*0x0*/,
PowerDeviceD0 = 1 /*0x1*/,
PowerDeviceD1 = 2 /*0x2*/,
PowerDeviceD2 = 3 /*0x3*/,
PowerDeviceD3 = 4 /*0x4*/,
PowerDeviceMaximum = 5 /*0x5*/
}DEVICE_POWER_STATE, *PDEVICE_POWER_STATE;
PowerDeviceUnspecified = 0 /*0x0*/,
PowerDeviceD0 = 1 /*0x1*/,
PowerDeviceD1 = 2 /*0x2*/,
PowerDeviceD2 = 3 /*0x3*/,
PowerDeviceD3 = 4 /*0x4*/,
PowerDeviceMaximum = 5 /*0x5*/
}DEVICE_POWER_STATE, *PDEVICE_POWER_STATE;
typedef enum _DEVICE_RELATION_TYPE {
BusRelations = 0 /*0x0*/,
EjectionRelations = 1 /*0x1*/,
PowerRelations = 2 /*0x2*/,
RemovalRelations = 3 /*0x3*/,
TargetDeviceRelation = 4 /*0x4*/,
SingleBusRelations = 5 /*0x5*/
}DEVICE_RELATION_TYPE, *PDEVICE_RELATION_TYPE;
BusRelations = 0 /*0x0*/,
EjectionRelations = 1 /*0x1*/,
PowerRelations = 2 /*0x2*/,
RemovalRelations = 3 /*0x3*/,
TargetDeviceRelation = 4 /*0x4*/,
SingleBusRelations = 5 /*0x5*/
}DEVICE_RELATION_TYPE, *PDEVICE_RELATION_TYPE;
typedef enum _DEVICE_TEXT_TYPE {
DeviceTextDescription = 0 /*0x0*/,
DeviceTextLocationInformation = 1 /*0x1*/
}DEVICE_TEXT_TYPE, *PDEVICE_TEXT_TYPE;
DeviceTextDescription = 0 /*0x0*/,
DeviceTextLocationInformation = 1 /*0x1*/
}DEVICE_TEXT_TYPE, *PDEVICE_TEXT_TYPE;
typedef enum _DEVICE_USAGE_NOTIFICATION_TYPE {
DeviceUsageTypeUndefined = 0 /*0x0*/,
DeviceUsageTypePaging = 1 /*0x1*/,
DeviceUsageTypeHibernation = 2 /*0x2*/,
DeviceUsageTypeDumpFile = 3 /*0x3*/
}DEVICE_USAGE_NOTIFICATION_TYPE, *PDEVICE_USAGE_NOTIFICATION_TYPE;
DeviceUsageTypeUndefined = 0 /*0x0*/,
DeviceUsageTypePaging = 1 /*0x1*/,
DeviceUsageTypeHibernation = 2 /*0x2*/,
DeviceUsageTypeDumpFile = 3 /*0x3*/
}DEVICE_USAGE_NOTIFICATION_TYPE, *PDEVICE_USAGE_NOTIFICATION_TYPE;
typedef enum _EXCEPTION_DISPOSITION {
ExceptionContinueExecution = 0 /*0x0*/,
ExceptionContinueSearch = 1 /*0x1*/,
ExceptionNestedException = 2 /*0x2*/,
ExceptionCollidedUnwind = 3 /*0x3*/
}EXCEPTION_DISPOSITION, *PEXCEPTION_DISPOSITION;
ExceptionContinueExecution = 0 /*0x0*/,
ExceptionContinueSearch = 1 /*0x1*/,
ExceptionNestedException = 2 /*0x2*/,
ExceptionCollidedUnwind = 3 /*0x3*/
}EXCEPTION_DISPOSITION, *PEXCEPTION_DISPOSITION;
typedef enum _FILE_INFORMATION_CLASS {
FileDirectoryInformation = 1 /*0x1*/,
FileFullDirectoryInformation = 2 /*0x2*/,
FileBothDirectoryInformation = 3 /*0x3*/,
FileBasicInformation = 4 /*0x4*/,
FileStandardInformation = 5 /*0x5*/,
FileInternalInformation = 6 /*0x6*/,
FileEaInformation = 7 /*0x7*/,
FileAccessInformation = 8 /*0x8*/,
FileNameInformation = 9 /*0x9*/,
FileRenameInformation = 10 /*0xA*/,
FileLinkInformation = 11 /*0xB*/,
FileNamesInformation = 12 /*0xC*/,
FileDispositionInformation = 13 /*0xD*/,
FilePositionInformation = 14 /*0xE*/,
FileFullEaInformation = 15 /*0xF*/,
FileModeInformation = 16 /*0x10*/,
FileAlignmentInformation = 17 /*0x11*/,
FileAllInformation = 18 /*0x12*/,
FileAllocationInformation = 19 /*0x13*/,
FileEndOfFileInformation = 20 /*0x14*/,
FileAlternateNameInformation = 21 /*0x15*/,
FileStreamInformation = 22 /*0x16*/,
FilePipeInformation = 23 /*0x17*/,
FilePipeLocalInformation = 24 /*0x18*/,
FilePipeRemoteInformation = 25 /*0x19*/,
FileMailslotQueryInformation = 26 /*0x1A*/,
FileMailslotSetInformation = 27 /*0x1B*/,
FileCompressionInformation = 28 /*0x1C*/,
FileObjectIdInformation = 29 /*0x1D*/,
FileCompletionInformation = 30 /*0x1E*/,
FileMoveClusterInformation = 31 /*0x1F*/,
FileQuotaInformation = 32 /*0x20*/,
FileReparsePointInformation = 33 /*0x21*/,
FileNetworkOpenInformation = 34 /*0x22*/,
FileAttributeTagInformation = 35 /*0x23*/,
FileTrackingInformation = 36 /*0x24*/,
FileIdBothDirectoryInformation = 37 /*0x25*/,
FileIdFullDirectoryInformation = 38 /*0x26*/,
FileValidDataLengthInformation = 39 /*0x27*/,
FileShortNameInformation = 40 /*0x28*/,
FileMaximumInformation = 41 /*0x29*/
}FILE_INFORMATION_CLASS, *PFILE_INFORMATION_CLASS;
FileDirectoryInformation = 1 /*0x1*/,
FileFullDirectoryInformation = 2 /*0x2*/,
FileBothDirectoryInformation = 3 /*0x3*/,
FileBasicInformation = 4 /*0x4*/,
FileStandardInformation = 5 /*0x5*/,
FileInternalInformation = 6 /*0x6*/,
FileEaInformation = 7 /*0x7*/,
FileAccessInformation = 8 /*0x8*/,
FileNameInformation = 9 /*0x9*/,
FileRenameInformation = 10 /*0xA*/,
FileLinkInformation = 11 /*0xB*/,
FileNamesInformation = 12 /*0xC*/,
FileDispositionInformation = 13 /*0xD*/,
FilePositionInformation = 14 /*0xE*/,
FileFullEaInformation = 15 /*0xF*/,
FileModeInformation = 16 /*0x10*/,
FileAlignmentInformation = 17 /*0x11*/,
FileAllInformation = 18 /*0x12*/,
FileAllocationInformation = 19 /*0x13*/,
FileEndOfFileInformation = 20 /*0x14*/,
FileAlternateNameInformation = 21 /*0x15*/,
FileStreamInformation = 22 /*0x16*/,
FilePipeInformation = 23 /*0x17*/,
FilePipeLocalInformation = 24 /*0x18*/,
FilePipeRemoteInformation = 25 /*0x19*/,
FileMailslotQueryInformation = 26 /*0x1A*/,
FileMailslotSetInformation = 27 /*0x1B*/,
FileCompressionInformation = 28 /*0x1C*/,
FileObjectIdInformation = 29 /*0x1D*/,
FileCompletionInformation = 30 /*0x1E*/,
FileMoveClusterInformation = 31 /*0x1F*/,
FileQuotaInformation = 32 /*0x20*/,
FileReparsePointInformation = 33 /*0x21*/,
FileNetworkOpenInformation = 34 /*0x22*/,
FileAttributeTagInformation = 35 /*0x23*/,
FileTrackingInformation = 36 /*0x24*/,
FileIdBothDirectoryInformation = 37 /*0x25*/,
FileIdFullDirectoryInformation = 38 /*0x26*/,
FileValidDataLengthInformation = 39 /*0x27*/,
FileShortNameInformation = 40 /*0x28*/,
FileMaximumInformation = 41 /*0x29*/
}FILE_INFORMATION_CLASS, *PFILE_INFORMATION_CLASS;
typedef enum _FSINFOCLASS {
FileFsVolumeInformation = 1 /*0x1*/,
FileFsLabelInformation = 2 /*0x2*/,
FileFsSizeInformation = 3 /*0x3*/,
FileFsDeviceInformation = 4 /*0x4*/,
FileFsAttributeInformation = 5 /*0x5*/,
FileFsControlInformation = 6 /*0x6*/,
FileFsFullSizeInformation = 7 /*0x7*/,
FileFsObjectIdInformation = 8 /*0x8*/,
FileFsDriverPathInformation = 9 /*0x9*/,
FileFsMaximumInformation = 10 /*0xA*/
}FSINFOCLASS, *PFSINFOCLASS;
FileFsVolumeInformation = 1 /*0x1*/,
FileFsLabelInformation = 2 /*0x2*/,
FileFsSizeInformation = 3 /*0x3*/,
FileFsDeviceInformation = 4 /*0x4*/,
FileFsAttributeInformation = 5 /*0x5*/,
FileFsControlInformation = 6 /*0x6*/,
FileFsFullSizeInformation = 7 /*0x7*/,
FileFsObjectIdInformation = 8 /*0x8*/,
FileFsDriverPathInformation = 9 /*0x9*/,
FileFsMaximumInformation = 10 /*0xA*/
}FSINFOCLASS, *PFSINFOCLASS;
typedef enum _FS_FILTER_SECTION_SYNC_TYPE {
SyncTypeOther = 0 /*0x0*/,
SyncTypeCreateSection = 1 /*0x1*/
}FS_FILTER_SECTION_SYNC_TYPE, *PFS_FILTER_SECTION_SYNC_TYPE;
SyncTypeOther = 0 /*0x0*/,
SyncTypeCreateSection = 1 /*0x1*/
}FS_FILTER_SECTION_SYNC_TYPE, *PFS_FILTER_SECTION_SYNC_TYPE;
typedef enum _INTERFACE_TYPE {
InterfaceTypeUndefined = -1 /*0xFF*/,
Internal = 0 /*0x0*/,
Isa = 1 /*0x1*/,
Eisa = 2 /*0x2*/,
MicroChannel = 3 /*0x3*/,
TurboChannel = 4 /*0x4*/,
PCIBus = 5 /*0x5*/,
VMEBus = 6 /*0x6*/,
NuBus = 7 /*0x7*/,
PCMCIABus = 8 /*0x8*/,
CBus = 9 /*0x9*/,
MPIBus = 10 /*0xA*/,
MPSABus = 11 /*0xB*/,
ProcessorInternal = 12 /*0xC*/,
InternalPowerBus = 13 /*0xD*/,
PNPISABus = 14 /*0xE*/,
PNPBus = 15 /*0xF*/,
MaximumInterfaceType = 16 /*0x10*/
}INTERFACE_TYPE, *PINTERFACE_TYPE;
InterfaceTypeUndefined = -1 /*0xFF*/,
Internal = 0 /*0x0*/,
Isa = 1 /*0x1*/,
Eisa = 2 /*0x2*/,
MicroChannel = 3 /*0x3*/,
TurboChannel = 4 /*0x4*/,
PCIBus = 5 /*0x5*/,
VMEBus = 6 /*0x6*/,
NuBus = 7 /*0x7*/,
PCMCIABus = 8 /*0x8*/,
CBus = 9 /*0x9*/,
MPIBus = 10 /*0xA*/,
MPSABus = 11 /*0xB*/,
ProcessorInternal = 12 /*0xC*/,
InternalPowerBus = 13 /*0xD*/,
PNPISABus = 14 /*0xE*/,
PNPBus = 15 /*0xF*/,
MaximumInterfaceType = 16 /*0x10*/
}INTERFACE_TYPE, *PINTERFACE_TYPE;
typedef enum _IO_ALLOCATION_ACTION {
KeepObject = 1 /*0x1*/,
DeallocateObject = 2 /*0x2*/,
DeallocateObjectKeepRegisters = 3 /*0x3*/
}IO_ALLOCATION_ACTION, *PIO_ALLOCATION_ACTION;
KeepObject = 1 /*0x1*/,
DeallocateObject = 2 /*0x2*/,
DeallocateObjectKeepRegisters = 3 /*0x3*/
}IO_ALLOCATION_ACTION, *PIO_ALLOCATION_ACTION;
typedef enum _KINTERRUPT_MODE {
LevelSensitive = 0 /*0x0*/,
Latched = 1 /*0x1*/
}KINTERRUPT_MODE, *PKINTERRUPT_MODE;
LevelSensitive = 0 /*0x0*/,
Latched = 1 /*0x1*/
}KINTERRUPT_MODE, *PKINTERRUPT_MODE;
typedef enum _KWAIT_REASON {
Executive = 0 /*0x0*/,
FreePage = 1 /*0x1*/,
PageIn = 2 /*0x2*/,
PoolAllocation = 3 /*0x3*/,
DelayExecution = 4 /*0x4*/,
Suspended = 5 /*0x5*/,
UserRequest = 6 /*0x6*/,
WrExecutive = 7 /*0x7*/,
WrFreePage = 8 /*0x8*/,
WrPageIn = 9 /*0x9*/,
WrPoolAllocation = 10 /*0xA*/,
WrDelayExecution = 11 /*0xB*/,
WrSuspended = 12 /*0xC*/,
WrUserRequest = 13 /*0xD*/,
WrEventPair = 14 /*0xE*/,
WrQueue = 15 /*0xF*/,
WrLpcReceive = 16 /*0x10*/,
WrLpcReply = 17 /*0x11*/,
WrVirtualMemory = 18 /*0x12*/,
WrPageOut = 19 /*0x13*/,
WrRendezvous = 20 /*0x14*/,
Spare2 = 21 /*0x15*/,
Spare3 = 22 /*0x16*/,
Spare4 = 23 /*0x17*/,
Spare5 = 24 /*0x18*/,
Spare6 = 25 /*0x19*/,
WrKernel = 26 /*0x1A*/,
MaximumWaitReason = 27 /*0x1B*/
}KWAIT_REASON, *PKWAIT_REASON;
Executive = 0 /*0x0*/,
FreePage = 1 /*0x1*/,
PageIn = 2 /*0x2*/,
PoolAllocation = 3 /*0x3*/,
DelayExecution = 4 /*0x4*/,
Suspended = 5 /*0x5*/,
UserRequest = 6 /*0x6*/,
WrExecutive = 7 /*0x7*/,
WrFreePage = 8 /*0x8*/,
WrPageIn = 9 /*0x9*/,
WrPoolAllocation = 10 /*0xA*/,
WrDelayExecution = 11 /*0xB*/,
WrSuspended = 12 /*0xC*/,
WrUserRequest = 13 /*0xD*/,
WrEventPair = 14 /*0xE*/,
WrQueue = 15 /*0xF*/,
WrLpcReceive = 16 /*0x10*/,
WrLpcReply = 17 /*0x11*/,
WrVirtualMemory = 18 /*0x12*/,
WrPageOut = 19 /*0x13*/,
WrRendezvous = 20 /*0x14*/,
Spare2 = 21 /*0x15*/,
Spare3 = 22 /*0x16*/,
Spare4 = 23 /*0x17*/,
Spare5 = 24 /*0x18*/,
Spare6 = 25 /*0x19*/,
WrKernel = 26 /*0x1A*/,
MaximumWaitReason = 27 /*0x1B*/
}KWAIT_REASON, *PKWAIT_REASON;
typedef enum _LSA_FOREST_TRUST_RECORD_TYPE {
ForestTrustTopLevelName = 0 /*0x0*/,
ForestTrustTopLevelNameEx = 1 /*0x1*/,
ForestTrustDomainInfo = 2 /*0x2*/,
ForestTrustRecordTypeLast = 2 /*0x2*/
}LSA_FOREST_TRUST_RECORD_TYPE, *PLSA_FOREST_TRUST_RECORD_TYPE;
ForestTrustTopLevelName = 0 /*0x0*/,
ForestTrustTopLevelNameEx = 1 /*0x1*/,
ForestTrustDomainInfo = 2 /*0x2*/,
ForestTrustRecordTypeLast = 2 /*0x2*/
}LSA_FOREST_TRUST_RECORD_TYPE, *PLSA_FOREST_TRUST_RECORD_TYPE;
typedef enum _MEMORY_CACHING_TYPE {
MmNonCached = 0 /*0x0*/,
MmCached = 1 /*0x1*/,
MmWriteCombined = 2 /*0x2*/,
MmHardwareCoherentCached = 3 /*0x3*/,
MmNonCachedUnordered = 4 /*0x4*/,
MmUSWCCached = 5 /*0x5*/,
MmMaximumCacheType = 6 /*0x6*/
}MEMORY_CACHING_TYPE, *PMEMORY_CACHING_TYPE;
MmNonCached = 0 /*0x0*/,
MmCached = 1 /*0x1*/,
MmWriteCombined = 2 /*0x2*/,
MmHardwareCoherentCached = 3 /*0x3*/,
MmNonCachedUnordered = 4 /*0x4*/,
MmUSWCCached = 5 /*0x5*/,
MmMaximumCacheType = 6 /*0x6*/
}MEMORY_CACHING_TYPE, *PMEMORY_CACHING_TYPE;
typedef enum _MEMORY_CACHING_TYPE_ORIG {
MmFrameBufferCached = 2 /*0x2*/
}MEMORY_CACHING_TYPE_ORIG, *PMEMORY_CACHING_TYPE_ORIG;
MmFrameBufferCached = 2 /*0x2*/
}MEMORY_CACHING_TYPE_ORIG, *PMEMORY_CACHING_TYPE_ORIG;
typedef enum _MEMORY_TYPE {
MemoryExceptionBlock = 0 /*0x0*/,
MemorySystemBlock = 1 /*0x1*/,
MemoryFree = 2 /*0x2*/,
MemoryBad = 3 /*0x3*/,
MemoryLoadedProgram = 4 /*0x4*/,
MemoryFirmwareTemporary = 5 /*0x5*/,
MemoryFirmwarePermanent = 6 /*0x6*/,
MemoryFreeContiguous = 7 /*0x7*/,
MemorySpecialMemory = 8 /*0x8*/,
MemoryMaximum = 9 /*0x9*/
}MEMORY_TYPE, *PMEMORY_TYPE;
MemoryExceptionBlock = 0 /*0x0*/,
MemorySystemBlock = 1 /*0x1*/,
MemoryFree = 2 /*0x2*/,
MemoryBad = 3 /*0x3*/,
MemoryLoadedProgram = 4 /*0x4*/,
MemoryFirmwareTemporary = 5 /*0x5*/,
MemoryFirmwarePermanent = 6 /*0x6*/,
MemoryFreeContiguous = 7 /*0x7*/,
MemorySpecialMemory = 8 /*0x8*/,
MemoryMaximum = 9 /*0x9*/
}MEMORY_TYPE, *PMEMORY_TYPE;
typedef enum _MI_PFN_CACHE_ATTRIBUTE {
MiNonCached = 0 /*0x0*/,
MiCached = 1 /*0x1*/,
MiWriteCombined = 2 /*0x2*/,
MiNotMapped = 3 /*0x3*/
}MI_PFN_CACHE_ATTRIBUTE, *PMI_PFN_CACHE_ATTRIBUTE;
MiNonCached = 0 /*0x0*/,
MiCached = 1 /*0x1*/,
MiWriteCombined = 2 /*0x2*/,
MiNotMapped = 3 /*0x3*/
}MI_PFN_CACHE_ATTRIBUTE, *PMI_PFN_CACHE_ATTRIBUTE;
typedef enum _MMLISTS {
ZeroedPageList = 0 /*0x0*/,
FreePageList = 1 /*0x1*/,
StandbyPageList = 2 /*0x2*/,
ModifiedPageList = 3 /*0x3*/,
ModifiedNoWritePageList = 4 /*0x4*/,
BadPageList = 5 /*0x5*/,
ActiveAndValid = 6 /*0x6*/,
TransitionPage = 7 /*0x7*/
}MMLISTS, *PMMLISTS;
ZeroedPageList = 0 /*0x0*/,
FreePageList = 1 /*0x1*/,
StandbyPageList = 2 /*0x2*/,
ModifiedPageList = 3 /*0x3*/,
ModifiedNoWritePageList = 4 /*0x4*/,
BadPageList = 5 /*0x5*/,
ActiveAndValid = 6 /*0x6*/,
TransitionPage = 7 /*0x7*/
}MMLISTS, *PMMLISTS;
typedef enum _MMSYSTEM_PTE_POOL_TYPE {
SystemPteSpace = 0 /*0x0*/,
NonPagedPoolExpansion = 1 /*0x1*/,
MaximumPtePoolTypes = 2 /*0x2*/
}MMSYSTEM_PTE_POOL_TYPE, *PMMSYSTEM_PTE_POOL_TYPE;
SystemPteSpace = 0 /*0x0*/,
NonPagedPoolExpansion = 1 /*0x1*/,
MaximumPtePoolTypes = 2 /*0x2*/
}MMSYSTEM_PTE_POOL_TYPE, *PMMSYSTEM_PTE_POOL_TYPE;
typedef enum _MODE {
KernelMode = 0 /*0x0*/,
UserMode = 1 /*0x1*/,
MaximumMode = 2 /*0x2*/
}MODE, *PMODE;
KernelMode = 0 /*0x0*/,
UserMode = 1 /*0x1*/,
MaximumMode = 2 /*0x2*/
}MODE, *PMODE;
typedef enum _NT_PRODUCT_TYPE {
NtProductWinNt = 1 /*0x1*/,
NtProductLanManNt = 2 /*0x2*/,
NtProductServer = 3 /*0x3*/
}NT_PRODUCT_TYPE, *PNT_PRODUCT_TYPE;
NtProductWinNt = 1 /*0x1*/,
NtProductLanManNt = 2 /*0x2*/,
NtProductServer = 3 /*0x3*/
}NT_PRODUCT_TYPE, *PNT_PRODUCT_TYPE;
typedef enum _OB_OPEN_REASON {
ObCreateHandle = 0 /*0x0*/,
ObOpenHandle = 1 /*0x1*/,
ObDuplicateHandle = 2 /*0x2*/,
ObInheritHandle = 3 /*0x3*/,
ObMaxOpenReason = 4 /*0x4*/
}OB_OPEN_REASON, *POB_OPEN_REASON;
ObCreateHandle = 0 /*0x0*/,
ObOpenHandle = 1 /*0x1*/,
ObDuplicateHandle = 2 /*0x2*/,
ObInheritHandle = 3 /*0x3*/,
ObMaxOpenReason = 4 /*0x4*/
}OB_OPEN_REASON, *POB_OPEN_REASON;
typedef enum _PCI_DISPATCH_STYLE {
IRP_COMPLETE = 0 /*0x0*/,
IRP_DOWNWARD = 1 /*0x1*/,
IRP_UPWARD = 2 /*0x2*/,
IRP_DISPATCH = 3 /*0x3*/
}PCI_DISPATCH_STYLE, *PPCI_DISPATCH_STYLE;
IRP_COMPLETE = 0 /*0x0*/,
IRP_DOWNWARD = 1 /*0x1*/,
IRP_UPWARD = 2 /*0x2*/,
IRP_DISPATCH = 3 /*0x3*/
}PCI_DISPATCH_STYLE, *PPCI_DISPATCH_STYLE;
typedef enum _PCI_SIGNATURE {
PciPdoExtensionType = 1768116272 /*0x69635030*/ /*0Pci*/,
PciFdoExtensionType = 1768116273 /*0x69635031*/ /*1Pci*/,
PciArb_Io = 1768116274 /*0x69635032*/ /*2Pci*/,
PciArb_Memory = 1768116275 /*0x69635033*/ /*3Pci*/,
PciArb_Interrupt = 1768116276 /*0x69635034*/ /*4Pci*/,
PciArb_BusNumber = 1768116277 /*0x69635035*/ /*5Pci*/,
PciTrans_Interrupt = 1768116278 /*0x69635036*/ /*6Pci*/,
PciInterface_BusHandler = 1768116279 /*0x69635037*/ /*7Pci*/,
PciInterface_IntRouteHandler = 1768116280 /*0x69635038*/ /*8Pci*/,
PciInterface_PciCb = 1768116281 /*0x69635039*/ /*9Pci*/,
PciInterface_LegacyDeviceDetection = 1768116282 /*0x6963503A*/,
PciInterface_PmeHandler = 1768116283 /*0x6963503B*/,
PciInterface_DevicePresent = 1768116284 /*0x6963503C*/,
PciInterface_NativeIde = 1768116285 /*0x6963503D*/,
PciInterface_AgpTarget = 1768116286 /*0x6963503E*/
}PCI_SIGNATURE, *PPCI_SIGNATURE;
PciPdoExtensionType = 1768116272 /*0x69635030*/ /*0Pci*/,
PciFdoExtensionType = 1768116273 /*0x69635031*/ /*1Pci*/,
PciArb_Io = 1768116274 /*0x69635032*/ /*2Pci*/,
PciArb_Memory = 1768116275 /*0x69635033*/ /*3Pci*/,
PciArb_Interrupt = 1768116276 /*0x69635034*/ /*4Pci*/,
PciArb_BusNumber = 1768116277 /*0x69635035*/ /*5Pci*/,
PciTrans_Interrupt = 1768116278 /*0x69635036*/ /*6Pci*/,
PciInterface_BusHandler = 1768116279 /*0x69635037*/ /*7Pci*/,
PciInterface_IntRouteHandler = 1768116280 /*0x69635038*/ /*8Pci*/,
PciInterface_PciCb = 1768116281 /*0x69635039*/ /*9Pci*/,
PciInterface_LegacyDeviceDetection = 1768116282 /*0x6963503A*/,
PciInterface_PmeHandler = 1768116283 /*0x6963503B*/,
PciInterface_DevicePresent = 1768116284 /*0x6963503C*/,
PciInterface_NativeIde = 1768116285 /*0x6963503D*/,
PciInterface_AgpTarget = 1768116286 /*0x6963503E*/
}PCI_SIGNATURE, *PPCI_SIGNATURE;
typedef enum _PF_SCENARIO_TYPE {
PfApplicationLaunchScenarioType = 0 /*0x0*/,
PfSystemBootScenarioType = 1 /*0x1*/,
PfMaxScenarioType = 2 /*0x2*/
}PF_SCENARIO_TYPE, *PPF_SCENARIO_TYPE;
PfApplicationLaunchScenarioType = 0 /*0x0*/,
PfSystemBootScenarioType = 1 /*0x1*/,
PfMaxScenarioType = 2 /*0x2*/
}PF_SCENARIO_TYPE, *PPF_SCENARIO_TYPE;
typedef enum _PLUGPLAY_EVENT_CATEGORY {
HardwareProfileChangeEvent = 0 /*0x0*/,
TargetDeviceChangeEvent = 1 /*0x1*/,
DeviceClassChangeEvent = 2 /*0x2*/,
CustomDeviceEvent = 3 /*0x3*/,
DeviceInstallEvent = 4 /*0x4*/,
DeviceArrivalEvent = 5 /*0x5*/,
PowerEvent = 6 /*0x6*/,
VetoEvent = 7 /*0x7*/,
BlockedDriverEvent = 8 /*0x8*/,
MaxPlugEventCategory = 9 /*0x9*/
}PLUGPLAY_EVENT_CATEGORY, *PPLUGPLAY_EVENT_CATEGORY;
HardwareProfileChangeEvent = 0 /*0x0*/,
TargetDeviceChangeEvent = 1 /*0x1*/,
DeviceClassChangeEvent = 2 /*0x2*/,
CustomDeviceEvent = 3 /*0x3*/,
DeviceInstallEvent = 4 /*0x4*/,
DeviceArrivalEvent = 5 /*0x5*/,
PowerEvent = 6 /*0x6*/,
VetoEvent = 7 /*0x7*/,
BlockedDriverEvent = 8 /*0x8*/,
MaxPlugEventCategory = 9 /*0x9*/
}PLUGPLAY_EVENT_CATEGORY, *PPLUGPLAY_EVENT_CATEGORY;
typedef enum _PNP_DEVNODE_STATE {
DeviceNodeUnspecified = 768 /*0x300*/,
DeviceNodeUninitialized = 769 /*0x301*/,
DeviceNodeInitialized = 770 /*0x302*/,
DeviceNodeDriversAdded = 771 /*0x303*/,
DeviceNodeResourcesAssigned = 772 /*0x304*/,
DeviceNodeStartPending = 773 /*0x305*/,
DeviceNodeStartCompletion = 774 /*0x306*/,
DeviceNodeStartPostWork = 775 /*0x307*/,
DeviceNodeStarted = 776 /*0x308*/,
DeviceNodeQueryStopped = 777 /*0x309*/,
DeviceNodeStopped = 778 /*0x30A*/,
DeviceNodeRestartCompletion = 779 /*0x30B*/,
DeviceNodeEnumeratePending = 780 /*0x30C*/,
DeviceNodeEnumerateCompletion = 781 /*0x30D*/,
DeviceNodeAwaitingQueuedDeletion = 782 /*0x30E*/,
DeviceNodeAwaitingQueuedRemoval = 783 /*0x30F*/,
DeviceNodeQueryRemoved = 784 /*0x310*/,
DeviceNodeRemovePendingCloses = 785 /*0x311*/,
DeviceNodeRemoved = 786 /*0x312*/,
DeviceNodeDeletePendingCloses = 787 /*0x313*/,
DeviceNodeDeleted = 788 /*0x314*/
}PNP_DEVNODE_STATE, *PPNP_DEVNODE_STATE;
DeviceNodeUnspecified = 768 /*0x300*/,
DeviceNodeUninitialized = 769 /*0x301*/,
DeviceNodeInitialized = 770 /*0x302*/,
DeviceNodeDriversAdded = 771 /*0x303*/,
DeviceNodeResourcesAssigned = 772 /*0x304*/,
DeviceNodeStartPending = 773 /*0x305*/,
DeviceNodeStartCompletion = 774 /*0x306*/,
DeviceNodeStartPostWork = 775 /*0x307*/,
DeviceNodeStarted = 776 /*0x308*/,
DeviceNodeQueryStopped = 777 /*0x309*/,
DeviceNodeStopped = 778 /*0x30A*/,
DeviceNodeRestartCompletion = 779 /*0x30B*/,
DeviceNodeEnumeratePending = 780 /*0x30C*/,
DeviceNodeEnumerateCompletion = 781 /*0x30D*/,
DeviceNodeAwaitingQueuedDeletion = 782 /*0x30E*/,
DeviceNodeAwaitingQueuedRemoval = 783 /*0x30F*/,
DeviceNodeQueryRemoved = 784 /*0x310*/,
DeviceNodeRemovePendingCloses = 785 /*0x311*/,
DeviceNodeRemoved = 786 /*0x312*/,
DeviceNodeDeletePendingCloses = 787 /*0x313*/,
DeviceNodeDeleted = 788 /*0x314*/
}PNP_DEVNODE_STATE, *PPNP_DEVNODE_STATE;
typedef enum _PNP_VETO_TYPE {
PNP_VetoTypeUnknown = 0 /*0x0*/,
PNP_VetoLegacyDevice = 1 /*0x1*/,
PNP_VetoPendingClose = 2 /*0x2*/,
PNP_VetoWindowsApp = 3 /*0x3*/,
PNP_VetoWindowsService = 4 /*0x4*/,
PNP_VetoOutstandingOpen = 5 /*0x5*/,
PNP_VetoDevice = 6 /*0x6*/,
PNP_VetoDriver = 7 /*0x7*/,
PNP_VetoIllegalDeviceRequest = 8 /*0x8*/,
PNP_VetoInsufficientPower = 9 /*0x9*/,
PNP_VetoNonDisableable = 10 /*0xA*/,
PNP_VetoLegacyDriver = 11 /*0xB*/,
PNP_VetoInsufficientRights = 12 /*0xC*/
}PNP_VETO_TYPE, *PPNP_VETO_TYPE;
PNP_VetoTypeUnknown = 0 /*0x0*/,
PNP_VetoLegacyDevice = 1 /*0x1*/,
PNP_VetoPendingClose = 2 /*0x2*/,
PNP_VetoWindowsApp = 3 /*0x3*/,
PNP_VetoWindowsService = 4 /*0x4*/,
PNP_VetoOutstandingOpen = 5 /*0x5*/,
PNP_VetoDevice = 6 /*0x6*/,
PNP_VetoDriver = 7 /*0x7*/,
PNP_VetoIllegalDeviceRequest = 8 /*0x8*/,
PNP_VetoInsufficientPower = 9 /*0x9*/,
PNP_VetoNonDisableable = 10 /*0xA*/,
PNP_VetoLegacyDriver = 11 /*0xB*/,
PNP_VetoInsufficientRights = 12 /*0xC*/
}PNP_VETO_TYPE, *PPNP_VETO_TYPE;
typedef enum _POLICY_AUDIT_EVENT_TYPE {
AuditCategorySystem = 0 /*0x0*/,
AuditCategoryLogon = 1 /*0x1*/,
AuditCategoryObjectAccess = 2 /*0x2*/,
AuditCategoryPrivilegeUse = 3 /*0x3*/,
AuditCategoryDetailedTracking = 4 /*0x4*/,
AuditCategoryPolicyChange = 5 /*0x5*/,
AuditCategoryAccountManagement = 6 /*0x6*/,
AuditCategoryDirectoryServiceAccess = 7 /*0x7*/,
AuditCategoryAccountLogon = 8 /*0x8*/
}POLICY_AUDIT_EVENT_TYPE, *PPOLICY_AUDIT_EVENT_TYPE;
AuditCategorySystem = 0 /*0x0*/,
AuditCategoryLogon = 1 /*0x1*/,
AuditCategoryObjectAccess = 2 /*0x2*/,
AuditCategoryPrivilegeUse = 3 /*0x3*/,
AuditCategoryDetailedTracking = 4 /*0x4*/,
AuditCategoryPolicyChange = 5 /*0x5*/,
AuditCategoryAccountManagement = 6 /*0x6*/,
AuditCategoryDirectoryServiceAccess = 7 /*0x7*/,
AuditCategoryAccountLogon = 8 /*0x8*/
}POLICY_AUDIT_EVENT_TYPE, *PPOLICY_AUDIT_EVENT_TYPE;
typedef enum _POOL_TYPE {
NonPagedPool = 0 /*0x0*/,
PagedPool = 1 /*0x1*/,
NonPagedPoolMustSucceed = 2 /*0x2*/,
DontUseThisType = 3 /*0x3*/,
NonPagedPoolCacheAligned = 4 /*0x4*/,
PagedPoolCacheAligned = 5 /*0x5*/,
NonPagedPoolCacheAlignedMustS = 6 /*0x6*/,
MaxPoolType = 7 /*0x7*/,
NonPagedPoolSession = 32 /*0x20*/,
PagedPoolSession = 33 /*0x21*/,
NonPagedPoolMustSucceedSession = 34 /*0x22*/,
DontUseThisTypeSession = 35 /*0x23*/,
NonPagedPoolCacheAlignedSession = 36 /*0x24*/,
PagedPoolCacheAlignedSession = 37 /*0x25*/,
NonPagedPoolCacheAlignedMustSSession = 38 /*0x26*/
}POOL_TYPE, *PPOOL_TYPE;
NonPagedPool = 0 /*0x0*/,
PagedPool = 1 /*0x1*/,
NonPagedPoolMustSucceed = 2 /*0x2*/,
DontUseThisType = 3 /*0x3*/,
NonPagedPoolCacheAligned = 4 /*0x4*/,
PagedPoolCacheAligned = 5 /*0x5*/,
NonPagedPoolCacheAlignedMustS = 6 /*0x6*/,
MaxPoolType = 7 /*0x7*/,
NonPagedPoolSession = 32 /*0x20*/,
PagedPoolSession = 33 /*0x21*/,
NonPagedPoolMustSucceedSession = 34 /*0x22*/,
DontUseThisTypeSession = 35 /*0x23*/,
NonPagedPoolCacheAlignedSession = 36 /*0x24*/,
PagedPoolCacheAlignedSession = 37 /*0x25*/,
NonPagedPoolCacheAlignedMustSSession = 38 /*0x26*/
}POOL_TYPE, *PPOOL_TYPE;
typedef enum _POP_POLICY_DEVICE_TYPE {
PolicyDeviceSystemButton = 0 /*0x0*/,
PolicyDeviceThermalZone = 1 /*0x1*/,
PolicyDeviceBattery = 2 /*0x2*/,
PolicyInitiatePowerActionAPI = 3 /*0x3*/,
PolicySetPowerStateAPI = 4 /*0x4*/,
PolicyImmediateDozeS4 = 5 /*0x5*/,
PolicySystemIdle = 6 /*0x6*/
}POP_POLICY_DEVICE_TYPE, *PPOP_POLICY_DEVICE_TYPE;
PolicyDeviceSystemButton = 0 /*0x0*/,
PolicyDeviceThermalZone = 1 /*0x1*/,
PolicyDeviceBattery = 2 /*0x2*/,
PolicyInitiatePowerActionAPI = 3 /*0x3*/,
PolicySetPowerStateAPI = 4 /*0x4*/,
PolicyImmediateDozeS4 = 5 /*0x5*/,
PolicySystemIdle = 6 /*0x6*/
}POP_POLICY_DEVICE_TYPE, *PPOP_POLICY_DEVICE_TYPE;
typedef enum _POWER_ACTION {
PowerActionNone = 0 /*0x0*/,
PowerActionReserved = 1 /*0x1*/,
PowerActionSleep = 2 /*0x2*/,
PowerActionHibernate = 3 /*0x3*/,
PowerActionShutdown = 4 /*0x4*/,
PowerActionShutdownReset = 5 /*0x5*/,
PowerActionShutdownOff = 6 /*0x6*/,
PowerActionWarmEject = 7 /*0x7*/
}POWER_ACTION, *PPOWER_ACTION;
PowerActionNone = 0 /*0x0*/,
PowerActionReserved = 1 /*0x1*/,
PowerActionSleep = 2 /*0x2*/,
PowerActionHibernate = 3 /*0x3*/,
PowerActionShutdown = 4 /*0x4*/,
PowerActionShutdownReset = 5 /*0x5*/,
PowerActionShutdownOff = 6 /*0x6*/,
PowerActionWarmEject = 7 /*0x7*/
}POWER_ACTION, *PPOWER_ACTION;
typedef enum _POWER_STATE_TYPE {
SystemPowerState = 0 /*0x0*/,
DevicePowerState = 1 /*0x1*/
}POWER_STATE_TYPE, *PPOWER_STATE_TYPE;
SystemPowerState = 0 /*0x0*/,
DevicePowerState = 1 /*0x1*/
}POWER_STATE_TYPE, *PPOWER_STATE_TYPE;
typedef enum _PP_NPAGED_LOOKASIDE_NUMBER {
LookasideSmallIrpList = 0 /*0x0*/,
LookasideLargeIrpList = 1 /*0x1*/,
LookasideMdlList = 2 /*0x2*/,
LookasideCreateInfoList = 3 /*0x3*/,
LookasideNameBufferList = 4 /*0x4*/,
LookasideTwilightList = 5 /*0x5*/,
LookasideCompletionList = 6 /*0x6*/,
LookasideMaximumList = 7 /*0x7*/
}PP_NPAGED_LOOKASIDE_NUMBER, *PPP_NPAGED_LOOKASIDE_NUMBER;
LookasideSmallIrpList = 0 /*0x0*/,
LookasideLargeIrpList = 1 /*0x1*/,
LookasideMdlList = 2 /*0x2*/,
LookasideCreateInfoList = 3 /*0x3*/,
LookasideNameBufferList = 4 /*0x4*/,
LookasideTwilightList = 5 /*0x5*/,
LookasideCompletionList = 6 /*0x6*/,
LookasideMaximumList = 7 /*0x7*/
}PP_NPAGED_LOOKASIDE_NUMBER, *PPP_NPAGED_LOOKASIDE_NUMBER;
typedef enum _PROFILE_STATUS {
DOCK_NOTDOCKDEVICE = 0 /*0x0*/,
DOCK_QUIESCENT = 1 /*0x1*/,
DOCK_ARRIVING = 2 /*0x2*/,
DOCK_DEPARTING = 3 /*0x3*/,
DOCK_EJECTIRP_COMPLETED = 4 /*0x4*/
}PROFILE_STATUS, *PPROFILE_STATUS;
DOCK_NOTDOCKDEVICE = 0 /*0x0*/,
DOCK_QUIESCENT = 1 /*0x1*/,
DOCK_ARRIVING = 2 /*0x2*/,
DOCK_DEPARTING = 3 /*0x3*/,
DOCK_EJECTIRP_COMPLETED = 4 /*0x4*/
}PROFILE_STATUS, *PPROFILE_STATUS;
typedef enum _PROXY_CLASS {
ProxyFull = 0 /*0x0*/,
ProxyService = 1 /*0x1*/,
ProxyTree = 2 /*0x2*/,
ProxyDirectory = 3 /*0x3*/
}PROXY_CLASS, *PPROXY_CLASS;
ProxyFull = 0 /*0x0*/,
ProxyService = 1 /*0x1*/,
ProxyTree = 2 /*0x2*/,
ProxyDirectory = 3 /*0x3*/
}PROXY_CLASS, *PPROXY_CLASS;
typedef enum _PS_QUOTA_TYPE {
PsNonPagedPool = 0 /*0x0*/,
PsPagedPool = 1 /*0x1*/,
PsPageFile = 2 /*0x2*/,
PsQuotaTypes = 3 /*0x3*/
}PS_QUOTA_TYPE, *PPS_QUOTA_TYPE;
PsNonPagedPool = 0 /*0x0*/,
PsPagedPool = 1 /*0x1*/,
PsPageFile = 2 /*0x2*/,
PsQuotaTypes = 3 /*0x3*/
}PS_QUOTA_TYPE, *PPS_QUOTA_TYPE;
typedef enum _ReplacesCorHdrNumericDefines {
COMIMAGE_FLAGS_ILONLY = 1 /*0x1*/,
COMIMAGE_FLAGS_32BITREQUIRED = 2 /*0x2*/,
COMIMAGE_FLAGS_IL_LIBRARY = 4 /*0x4*/,
COMIMAGE_FLAGS_STRONGNAMESIGNED = 8 /*0x8*/,
COMIMAGE_FLAGS_TRACKDEBUGDATA = 65536 /*0x10000*/,
COR_VERSION_MAJOR_V2 = 2 /*0x2*/,
COR_VERSION_MAJOR = 2 /*0x2*/,
COR_VERSION_MINOR = 0 /*0x0*/,
COR_DELETED_NAME_LENGTH = 8 /*0x8*/,
COR_VTABLEGAP_NAME_LENGTH = 8 /*0x8*/,
NATIVE_TYPE_MAX_CB = 1 /*0x1*/,
COR_ILMETHOD_SECT_SMALL_MAX_DATASIZE = 255 /*0xFF*/,
IMAGE_COR_MIH_METHODRVA = 1 /*0x1*/,
IMAGE_COR_MIH_EHRVA = 2 /*0x2*/,
IMAGE_COR_MIH_BASICBLOCK = 8 /*0x8*/,
COR_VTABLE_32BIT = 1 /*0x1*/,
COR_VTABLE_64BIT = 2 /*0x2*/,
COR_VTABLE_FROM_UNMANAGED = 4 /*0x4*/,
COR_VTABLE_CALL_MOST_DERIVED = 16 /*0x10*/,
IMAGE_COR_EATJ_THUNK_SIZE = 32 /*0x20*/,
MAX_CLASS_NAME = 1024 /*0x400*/,
MAX_PACKAGE_NAME = 1024 /*0x400*/
}ReplacesCorHdrNumericDefines, *PReplacesCorHdrNumericDefines;
COMIMAGE_FLAGS_ILONLY = 1 /*0x1*/,
COMIMAGE_FLAGS_32BITREQUIRED = 2 /*0x2*/,
COMIMAGE_FLAGS_IL_LIBRARY = 4 /*0x4*/,
COMIMAGE_FLAGS_STRONGNAMESIGNED = 8 /*0x8*/,
COMIMAGE_FLAGS_TRACKDEBUGDATA = 65536 /*0x10000*/,
COR_VERSION_MAJOR_V2 = 2 /*0x2*/,
COR_VERSION_MAJOR = 2 /*0x2*/,
COR_VERSION_MINOR = 0 /*0x0*/,
COR_DELETED_NAME_LENGTH = 8 /*0x8*/,
COR_VTABLEGAP_NAME_LENGTH = 8 /*0x8*/,
NATIVE_TYPE_MAX_CB = 1 /*0x1*/,
COR_ILMETHOD_SECT_SMALL_MAX_DATASIZE = 255 /*0xFF*/,
IMAGE_COR_MIH_METHODRVA = 1 /*0x1*/,
IMAGE_COR_MIH_EHRVA = 2 /*0x2*/,
IMAGE_COR_MIH_BASICBLOCK = 8 /*0x8*/,
COR_VTABLE_32BIT = 1 /*0x1*/,
COR_VTABLE_64BIT = 2 /*0x2*/,
COR_VTABLE_FROM_UNMANAGED = 4 /*0x4*/,
COR_VTABLE_CALL_MOST_DERIVED = 16 /*0x10*/,
IMAGE_COR_EATJ_THUNK_SIZE = 32 /*0x20*/,
MAX_CLASS_NAME = 1024 /*0x400*/,
MAX_PACKAGE_NAME = 1024 /*0x400*/
}ReplacesCorHdrNumericDefines, *PReplacesCorHdrNumericDefines;
typedef enum _SECURITY_IMPERSONATION_LEVEL {
SecurityAnonymous = 0 /*0x0*/,
SecurityIdentification = 1 /*0x1*/,
SecurityImpersonation = 2 /*0x2*/,
SecurityDelegation = 3 /*0x3*/
}SECURITY_IMPERSONATION_LEVEL, *PSECURITY_IMPERSONATION_LEVEL;
SecurityAnonymous = 0 /*0x0*/,
SecurityIdentification = 1 /*0x1*/,
SecurityImpersonation = 2 /*0x2*/,
SecurityDelegation = 3 /*0x3*/
}SECURITY_IMPERSONATION_LEVEL, *PSECURITY_IMPERSONATION_LEVEL;
typedef enum _SECURITY_OPERATION_CODE {
SetSecurityDescriptor = 0 /*0x0*/,
QuerySecurityDescriptor = 1 /*0x1*/,
DeleteSecurityDescriptor = 2 /*0x2*/,
AssignSecurityDescriptor = 3 /*0x3*/
}SECURITY_OPERATION_CODE, *PSECURITY_OPERATION_CODE;
SetSecurityDescriptor = 0 /*0x0*/,
QuerySecurityDescriptor = 1 /*0x1*/,
DeleteSecurityDescriptor = 2 /*0x2*/,
AssignSecurityDescriptor = 3 /*0x3*/
}SECURITY_OPERATION_CODE, *PSECURITY_OPERATION_CODE;
typedef enum _SYSTEM_POWER_STATE {
PowerSystemUnspecified = 0 /*0x0*/,
PowerSystemWorking = 1 /*0x1*/,
PowerSystemSleeping1 = 2 /*0x2*/,
PowerSystemSleeping2 = 3 /*0x3*/,
PowerSystemSleeping3 = 4 /*0x4*/,
PowerSystemHibernate = 5 /*0x5*/,
PowerSystemShutdown = 6 /*0x6*/,
PowerSystemMaximum = 7 /*0x7*/
}SYSTEM_POWER_STATE, *PSYSTEM_POWER_STATE;
PowerSystemUnspecified = 0 /*0x0*/,
PowerSystemWorking = 1 /*0x1*/,
PowerSystemSleeping1 = 2 /*0x2*/,
PowerSystemSleeping2 = 3 /*0x3*/,
PowerSystemSleeping3 = 4 /*0x4*/,
PowerSystemHibernate = 5 /*0x5*/,
PowerSystemShutdown = 6 /*0x6*/,
PowerSystemMaximum = 7 /*0x7*/
}SYSTEM_POWER_STATE, *PSYSTEM_POWER_STATE;
typedef enum _TOKEN_TYPE {
TokenPrimary = 1 /*0x1*/,
TokenImpersonation = 2 /*0x2*/
}TOKEN_TYPE, *PTOKEN_TYPE;
TokenPrimary = 1 /*0x1*/,
TokenImpersonation = 2 /*0x2*/
}TOKEN_TYPE, *PTOKEN_TYPE;
typedef enum _VI_DEADLOCK_RESOURCE_TYPE {
VfDeadlockUnknown = 0 /*0x0*/,
VfDeadlockMutex = 1 /*0x1*/,
VfDeadlockFastMutex = 2 /*0x2*/,
VfDeadlockFastMutexUnsafe = 3 /*0x3*/,
VfDeadlockSpinLock = 4 /*0x4*/,
VfDeadlockQueuedSpinLock = 5 /*0x5*/,
VfDeadlockTypeMaximum = 6 /*0x6*/
}VI_DEADLOCK_RESOURCE_TYPE, *PVI_DEADLOCK_RESOURCE_TYPE;
VfDeadlockUnknown = 0 /*0x0*/,
VfDeadlockMutex = 1 /*0x1*/,
VfDeadlockFastMutex = 2 /*0x2*/,
VfDeadlockFastMutexUnsafe = 3 /*0x3*/,
VfDeadlockSpinLock = 4 /*0x4*/,
VfDeadlockQueuedSpinLock = 5 /*0x5*/,
VfDeadlockTypeMaximum = 6 /*0x6*/
}VI_DEADLOCK_RESOURCE_TYPE, *PVI_DEADLOCK_RESOURCE_TYPE;
struct _ARBITER_LIST_ENTRY;
struct _ARBITER_ALTERNATIVE;
struct _IO_RESOURCE_DESCRIPTOR;
struct _DEVICE_OBJECT;
struct _KEVENT;
struct _RTL_RANGE_LIST;
struct _ARBITER_INTERFACE;
struct _ARBITER_ALLOCATION_STATE;
struct _CM_PARTIAL_RESOURCE_DESCRIPTOR;
struct _ARBITER_ORDERING;
struct _LIST_ENTRY;
struct _CM_PARTIAL_RESOURCE_LIST;
struct _ARBITER_CONFLICT_INFO;
struct _PI_BUS_EXTENSION;
struct _BUS_HANDLER;
struct _SUPPORTED_RANGES;
struct _CM_KEY_CONTROL_BLOCK;
struct _CACHE_UNINITIALIZE_EVENT;
struct _FAST_MUTEX;
struct _FILE_OBJECT;
struct _CM_KEY_SECURITY_CACHE_ENTRY;
struct _WORK_QUEUE_ITEM;
struct _CM_CELL_REMAP_BLOCK;
struct _CM_NOTIFY_BLOCK;
struct _CM_KEY_HASH;
struct _HHIVE;
struct _CM_NAME_CONTROL_BLOCK;
struct _CM_KEY_SECURITY_CACHE;
struct _CM_INDEX_HINT_BLOCK;
struct _CM_NAME_HASH;
struct _CM_KEY_BODY;
struct _SEGMENT;
struct _EVENT_COUNTER;
struct _OBJECT_DIRECTORY;
struct _DEVICE_NODE;
struct _PO_DEVICE_NOTIFY;
struct _IRP;
struct _CM_RESOURCE_LIST;
struct _IO_RESOURCE_REQUIREMENTS_LIST;
struct _DEVICE_RELATIONS;
struct _DRIVER_OBJECT;
struct _IO_TIMER;
struct _VPB;
struct _DEVOBJ_EXTENSION;
struct _DEVICE_OBJECT_POWER_EXTENSION;
struct _IO_CLIENT_EXTENSION;
struct _FS_FILTER_CALLBACKS;
struct _DRIVER_EXTENSION;
struct _UNICODE_STRING;
struct _FAST_IO_DISPATCH;
struct _HMAP_DIRECTORY;
struct _HMAP_TABLE;
struct _ADAPTER_OBJECT;
struct _PS_JOB_TOKEN_FILTER;
struct _HANDLE_TABLE;
struct _ETHREAD;
struct _EJOB;
struct _EPROCESS_QUOTA_BLOCK;
struct _PAGEFAULT_HISTORY;
struct _PEB;
struct _OWNER_ENTRY;
struct _KSEMAPHORE;
struct _TERMINATION_PORT;
struct _PS_IMPERSONATION_INFORMATION;
struct _EPROCESS;
struct _EXCEPTION_RECORD;
struct _CONTEXT;
struct _EXCEPTION_REGISTRATION_RECORD;
struct _EX_PUSH_LOCK;
struct _EX_PUSH_LOCK_WAIT_BLOCK;
struct _KTHREAD;
struct _SECTION_OBJECT_POINTERS;
struct _IO_COMPLETION_CONTEXT;
struct _HANDLE_TRACE_DEBUG_INFO;
struct _HANDLE_TABLE_ENTRY_INFO;
struct _HEAP_TAG_ENTRY;
struct _HEAP_UCR_SEGMENT;
struct _HEAP_UNCOMMMTTED_RANGE;
struct _HEAP_SEGMENT;
struct _HEAP_PSEUDO_TAG_ENTRY;
struct _HEAP_LOCK;
struct _HEAP;
struct _HEAP_ENTRY;
struct _HEAP_USERDATA_HEADER;
struct _HEAP_SUBSEGMENT;
struct _HBASE_BLOCK;
struct _CMHIVE;
struct _CM_VIEW_OF_FILE;
struct _SECURITY_QUALITY_OF_SERVICE;
struct _ACCESS_STATE;
struct _IO_SECURITY_CONTEXT;
struct _NAMED_PIPE_CREATE_PARAMETERS;
struct _MAILSLOT_CREATE_PARAMETERS;
struct _STRING;
struct _SCSI_REQUEST_BLOCK;
struct _FILE_GET_QUOTA_INFORMATION;
struct _GUID;
struct _INTERFACE;
struct _DEVICE_CAPABILITIES;
struct _POWER_SEQUENCE;
struct _MDL;
struct _IO_STATUS_BLOCK;
struct _IO_STACK_LOCATION;
struct _KPROCESS;
struct _SINGLE_LIST_ENTRY;
struct _KPCR;
struct _KPRCB;
struct _KIDTENTRY;
struct _KGDTENTRY;
struct _KTSS;
struct _KNODE;
struct _KSPIN_LOCK_QUEUE;
struct _KWAIT_BLOCK;
struct _KQUEUE;
struct _KTRAP_FRAME;
struct _KAPC_STATE;
struct _KDPC;
struct _LPCP_PORT_OBJECT;
struct _LPCP_NONPAGED_PORT_QUEUE;
struct _VI_POOL_ENTRY;
struct _MI_VERIFIER_DRIVER_ENTRY;
struct _MMPTE;
struct _MMFREE_POOL_ENTRY;
struct _MMMOD_WRITER_LISTHEAD;
struct _MMPAGING_FILE;
struct _CONTROL_AREA;
struct _ERESOURCE;
struct _MMMOD_WRITER_MDL_ENTRY;
struct _RTL_BITMAP;
struct _MMVIEW;
struct _MMWSL;
struct _MMVAD;
struct _MMBANKED_SECTION;
struct _MMEXTEND_INFO;
struct _MMWSLE;
struct _MMWSLE_HASH;
struct _MM_SESSION_SPACE;
struct _NT_TIB;
struct _OBJECT_DIRECTORY_ENTRY;
struct _DEVICE_MAP;
struct _OBJECT_TYPE;
struct _OBJECT_CREATE_INFORMATION;
struct _PCI_INTERFACE;
struct _PCI_FDO_EXTENSION;
struct _PCI_MJ_DISPATCH_TABLE;
struct _PCI_PDO_EXTENSION;
struct _PCI_BUS_INTERFACE_STANDARD;
struct _PCI_COMMON_CONFIG;
struct _PCI_MN_DISPATCH_TABLE;
struct _PCI_FUNCTION_RESOURCES;
struct _PEB_LDR_DATA;
struct _RTL_USER_PROCESS_PARAMETERS;
struct _RTL_CRITICAL_SECTION;
struct _PEB_FREE_BLOCK;
struct _POP_TRIGGER_WAIT;
struct _DUMP_STACK_CONTEXT;
struct _KPROCESSOR_STATE;
struct _PO_MEMORY_IMAGE;
struct _PO_MEMORY_RANGE_ARRAY;
struct _POP_SHUTDOWN_BUG_CHECK;
struct _POP_DEVICE_SYS_STATE;
struct _POP_HIBER_CONTEXT;
struct _POP_ACTION_TRIGGER;
struct _GENERAL_LOOKASIDE;
struct _PROCESSOR_PERF_STATE;
struct _SID_AND_ATTRIBUTES;
struct _LUID_AND_ATTRIBUTES;
struct _RTL_ATOM_TABLE_ENTRY;
struct _RTL_CRITICAL_SECTION_DEBUG;
struct _RTL_HANDLE_TABLE_ENTRY;
struct _SEGMENT_OBJECT;
struct _ACL;
struct _SECTION_IMAGE_INFORMATION;
struct _SUBSECTION;
struct _LARGE_CONTROL_AREA;
struct _MMSECTION_FLAGS;
struct _MMSUBSECTION_FLAGS;
struct _OBJECT_NAME_INFORMATION;
struct _VACB;
struct _MBCB;
struct _CACHE_MANAGER_CALLBACKS;
struct _SUPPORTED_RANGE;
struct _TEB_ACTIVE_FRAME;
struct _TEB_ACTIVE_FRAME_CONTEXT;
struct _SECURITY_TOKEN_PROXY_DATA;
struct _SECURITY_TOKEN_AUDIT_DATA;
struct _SHARED_CACHE_MAP;
struct _VI_DEADLOCK_NODE;
struct _VI_DEADLOCK_RESOURCE;
struct _VI_DEADLOCK_THREAD;
struct _ARBITER_ALTERNATIVE;
struct _IO_RESOURCE_DESCRIPTOR;
struct _DEVICE_OBJECT;
struct _KEVENT;
struct _RTL_RANGE_LIST;
struct _ARBITER_INTERFACE;
struct _ARBITER_ALLOCATION_STATE;
struct _CM_PARTIAL_RESOURCE_DESCRIPTOR;
struct _ARBITER_ORDERING;
struct _LIST_ENTRY;
struct _CM_PARTIAL_RESOURCE_LIST;
struct _ARBITER_CONFLICT_INFO;
struct _PI_BUS_EXTENSION;
struct _BUS_HANDLER;
struct _SUPPORTED_RANGES;
struct _CM_KEY_CONTROL_BLOCK;
struct _CACHE_UNINITIALIZE_EVENT;
struct _FAST_MUTEX;
struct _FILE_OBJECT;
struct _CM_KEY_SECURITY_CACHE_ENTRY;
struct _WORK_QUEUE_ITEM;
struct _CM_CELL_REMAP_BLOCK;
struct _CM_NOTIFY_BLOCK;
struct _CM_KEY_HASH;
struct _HHIVE;
struct _CM_NAME_CONTROL_BLOCK;
struct _CM_KEY_SECURITY_CACHE;
struct _CM_INDEX_HINT_BLOCK;
struct _CM_NAME_HASH;
struct _CM_KEY_BODY;
struct _SEGMENT;
struct _EVENT_COUNTER;
struct _OBJECT_DIRECTORY;
struct _DEVICE_NODE;
struct _PO_DEVICE_NOTIFY;
struct _IRP;
struct _CM_RESOURCE_LIST;
struct _IO_RESOURCE_REQUIREMENTS_LIST;
struct _DEVICE_RELATIONS;
struct _DRIVER_OBJECT;
struct _IO_TIMER;
struct _VPB;
struct _DEVOBJ_EXTENSION;
struct _DEVICE_OBJECT_POWER_EXTENSION;
struct _IO_CLIENT_EXTENSION;
struct _FS_FILTER_CALLBACKS;
struct _DRIVER_EXTENSION;
struct _UNICODE_STRING;
struct _FAST_IO_DISPATCH;
struct _HMAP_DIRECTORY;
struct _HMAP_TABLE;
struct _ADAPTER_OBJECT;
struct _PS_JOB_TOKEN_FILTER;
struct _HANDLE_TABLE;
struct _ETHREAD;
struct _EJOB;
struct _EPROCESS_QUOTA_BLOCK;
struct _PAGEFAULT_HISTORY;
struct _PEB;
struct _OWNER_ENTRY;
struct _KSEMAPHORE;
struct _TERMINATION_PORT;
struct _PS_IMPERSONATION_INFORMATION;
struct _EPROCESS;
struct _EXCEPTION_RECORD;
struct _CONTEXT;
struct _EXCEPTION_REGISTRATION_RECORD;
struct _EX_PUSH_LOCK;
struct _EX_PUSH_LOCK_WAIT_BLOCK;
struct _KTHREAD;
struct _SECTION_OBJECT_POINTERS;
struct _IO_COMPLETION_CONTEXT;
struct _HANDLE_TRACE_DEBUG_INFO;
struct _HANDLE_TABLE_ENTRY_INFO;
struct _HEAP_TAG_ENTRY;
struct _HEAP_UCR_SEGMENT;
struct _HEAP_UNCOMMMTTED_RANGE;
struct _HEAP_SEGMENT;
struct _HEAP_PSEUDO_TAG_ENTRY;
struct _HEAP_LOCK;
struct _HEAP;
struct _HEAP_ENTRY;
struct _HEAP_USERDATA_HEADER;
struct _HEAP_SUBSEGMENT;
struct _HBASE_BLOCK;
struct _CMHIVE;
struct _CM_VIEW_OF_FILE;
struct _SECURITY_QUALITY_OF_SERVICE;
struct _ACCESS_STATE;
struct _IO_SECURITY_CONTEXT;
struct _NAMED_PIPE_CREATE_PARAMETERS;
struct _MAILSLOT_CREATE_PARAMETERS;
struct _STRING;
struct _SCSI_REQUEST_BLOCK;
struct _FILE_GET_QUOTA_INFORMATION;
struct _GUID;
struct _INTERFACE;
struct _DEVICE_CAPABILITIES;
struct _POWER_SEQUENCE;
struct _MDL;
struct _IO_STATUS_BLOCK;
struct _IO_STACK_LOCATION;
struct _KPROCESS;
struct _SINGLE_LIST_ENTRY;
struct _KPCR;
struct _KPRCB;
struct _KIDTENTRY;
struct _KGDTENTRY;
struct _KTSS;
struct _KNODE;
struct _KSPIN_LOCK_QUEUE;
struct _KWAIT_BLOCK;
struct _KQUEUE;
struct _KTRAP_FRAME;
struct _KAPC_STATE;
struct _KDPC;
struct _LPCP_PORT_OBJECT;
struct _LPCP_NONPAGED_PORT_QUEUE;
struct _VI_POOL_ENTRY;
struct _MI_VERIFIER_DRIVER_ENTRY;
struct _MMPTE;
struct _MMFREE_POOL_ENTRY;
struct _MMMOD_WRITER_LISTHEAD;
struct _MMPAGING_FILE;
struct _CONTROL_AREA;
struct _ERESOURCE;
struct _MMMOD_WRITER_MDL_ENTRY;
struct _RTL_BITMAP;
struct _MMVIEW;
struct _MMWSL;
struct _MMVAD;
struct _MMBANKED_SECTION;
struct _MMEXTEND_INFO;
struct _MMWSLE;
struct _MMWSLE_HASH;
struct _MM_SESSION_SPACE;
struct _NT_TIB;
struct _OBJECT_DIRECTORY_ENTRY;
struct _DEVICE_MAP;
struct _OBJECT_TYPE;
struct _OBJECT_CREATE_INFORMATION;
struct _PCI_INTERFACE;
struct _PCI_FDO_EXTENSION;
struct _PCI_MJ_DISPATCH_TABLE;
struct _PCI_PDO_EXTENSION;
struct _PCI_BUS_INTERFACE_STANDARD;
struct _PCI_COMMON_CONFIG;
struct _PCI_MN_DISPATCH_TABLE;
struct _PCI_FUNCTION_RESOURCES;
struct _PEB_LDR_DATA;
struct _RTL_USER_PROCESS_PARAMETERS;
struct _RTL_CRITICAL_SECTION;
struct _PEB_FREE_BLOCK;
struct _POP_TRIGGER_WAIT;
struct _DUMP_STACK_CONTEXT;
struct _KPROCESSOR_STATE;
struct _PO_MEMORY_IMAGE;
struct _PO_MEMORY_RANGE_ARRAY;
struct _POP_SHUTDOWN_BUG_CHECK;
struct _POP_DEVICE_SYS_STATE;
struct _POP_HIBER_CONTEXT;
struct _POP_ACTION_TRIGGER;
struct _GENERAL_LOOKASIDE;
struct _PROCESSOR_PERF_STATE;
struct _SID_AND_ATTRIBUTES;
struct _LUID_AND_ATTRIBUTES;
struct _RTL_ATOM_TABLE_ENTRY;
struct _RTL_CRITICAL_SECTION_DEBUG;
struct _RTL_HANDLE_TABLE_ENTRY;
struct _SEGMENT_OBJECT;
struct _ACL;
struct _SECTION_IMAGE_INFORMATION;
struct _SUBSECTION;
struct _LARGE_CONTROL_AREA;
struct _MMSECTION_FLAGS;
struct _MMSUBSECTION_FLAGS;
struct _OBJECT_NAME_INFORMATION;
struct _VACB;
struct _MBCB;
struct _CACHE_MANAGER_CALLBACKS;
struct _SUPPORTED_RANGE;
struct _TEB_ACTIVE_FRAME;
struct _TEB_ACTIVE_FRAME_CONTEXT;
struct _SECURITY_TOKEN_PROXY_DATA;
struct _SECURITY_TOKEN_AUDIT_DATA;
struct _SHARED_CACHE_MAP;
struct _VI_DEADLOCK_NODE;
struct _VI_DEADLOCK_RESOURCE;
struct _VI_DEADLOCK_THREAD;
typedef struct _UNICODE_STRING {
/*0x000*/ UINT16 Length;
/*0x002*/ UINT16 MaximumLength;
/*0x004*/ UINT16* Buffer;
}UNICODE_STRING, *PUNICODE_STRING;
typedef struct _LUID {
/*0x000*/ ULONG32 LowPart;
/*0x004*/ LONG32 HighPart;
}LUID, *PLUID;
/*0x000*/ ULONG32 LowPart;
/*0x004*/ LONG32 HighPart;
}LUID, *PLUID;
typedef struct _ACL {
/*0x000*/ UINT8 AclRevision;
/*0x001*/ UINT8 Sbz1;
/*0x002*/ UINT16 AclSize;
/*0x004*/ UINT16 AceCount;
/*0x006*/ UINT16 Sbz2;
}ACL, *PACL;
/*0x000*/ UINT8 AclRevision;
/*0x001*/ UINT8 Sbz1;
/*0x002*/ UINT16 AclSize;
/*0x004*/ UINT16 AceCount;
/*0x006*/ UINT16 Sbz2;
}ACL, *PACL;
typedef struct _ADAPTER_OBJECT {
}ADAPTER_OBJECT, *PADAPTER_OBJECT;
}ADAPTER_OBJECT, *PADAPTER_OBJECT;
typedef struct _AMD64_DBGKD_CONTROL_SET {
/*0x000*/ ULONG32 TraceFlag;
/*0x004*/ UINT64 Dr7;
/*0x00C*/ UINT64 CurrentSymbolStart;
/*0x014*/ UINT64 CurrentSymbolEnd;
}AMD64_DBGKD_CONTROL_SET, *PAMD64_DBGKD_CONTROL_SET;
/*0x000*/ ULONG32 TraceFlag;
/*0x004*/ UINT64 Dr7;
/*0x00C*/ UINT64 CurrentSymbolStart;
/*0x014*/ UINT64 CurrentSymbolEnd;
}AMD64_DBGKD_CONTROL_SET, *PAMD64_DBGKD_CONTROL_SET;
typedef struct _ARBITER_ALLOCATION_STATE {
/*0x000*/ UINT64 Start;
/*0x008*/ UINT64 End;
/*0x010*/ UINT64 CurrentMinimum;
/*0x018*/ UINT64 CurrentMaximum;
/*0x020*/ struct _ARBITER_LIST_ENTRY* Entry;
/*0x024*/ struct _ARBITER_ALTERNATIVE* CurrentAlternative;
/*0x028*/ ULONG32 AlternativeCount;
/*0x02C*/ struct _ARBITER_ALTERNATIVE* Alternatives;
/*0x030*/ UINT16 Flags;
/*0x032*/ UINT8 RangeAttributes;
/*0x033*/ UINT8 RangeAvailableAttributes;
/*0x034*/ ULONG32 WorkSpace;
}ARBITER_ALLOCATION_STATE, *PARBITER_ALLOCATION_STATE;
/*0x000*/ UINT64 Start;
/*0x008*/ UINT64 End;
/*0x010*/ UINT64 CurrentMinimum;
/*0x018*/ UINT64 CurrentMaximum;
/*0x020*/ struct _ARBITER_LIST_ENTRY* Entry;
/*0x024*/ struct _ARBITER_ALTERNATIVE* CurrentAlternative;
/*0x028*/ ULONG32 AlternativeCount;
/*0x02C*/ struct _ARBITER_ALTERNATIVE* Alternatives;
/*0x030*/ UINT16 Flags;
/*0x032*/ UINT8 RangeAttributes;
/*0x033*/ UINT8 RangeAvailableAttributes;
/*0x034*/ ULONG32 WorkSpace;
}ARBITER_ALLOCATION_STATE, *PARBITER_ALLOCATION_STATE;
typedef struct _ARBITER_ALTERNATIVE {
/*0x000*/ UINT64 Minimum;
/*0x008*/ UINT64 Maximum;
/*0x010*/ ULONG32 Length;
/*0x014*/ ULONG32 Alignment;
/*0x018*/ LONG32 Priority;
/*0x01C*/ ULONG32 Flags;
/*0x020*/ struct _IO_RESOURCE_DESCRIPTOR* Descriptor;
/*0x024*/ ULONG32 Reserved[3];
}ARBITER_ALTERNATIVE, *PARBITER_ALTERNATIVE;
/*0x000*/ UINT64 Minimum;
/*0x008*/ UINT64 Maximum;
/*0x010*/ ULONG32 Length;
/*0x014*/ ULONG32 Alignment;
/*0x018*/ LONG32 Priority;
/*0x01C*/ ULONG32 Flags;
/*0x020*/ struct _IO_RESOURCE_DESCRIPTOR* Descriptor;
/*0x024*/ ULONG32 Reserved[3];
}ARBITER_ALTERNATIVE, *PARBITER_ALTERNATIVE;
typedef struct _ARBITER_CONFLICT_INFO {
/*0x000*/ struct _DEVICE_OBJECT* OwningObject;
/*0x004*/ UINT8 _PADDING0_[0x4];
/*0x008*/ UINT64 Start;
/*0x010*/ UINT64 End;
}ARBITER_CONFLICT_INFO, *PARBITER_CONFLICT_INFO;
/*0x000*/ struct _DEVICE_OBJECT* OwningObject;
/*0x004*/ UINT8 _PADDING0_[0x4];
/*0x008*/ UINT64 Start;
/*0x010*/ UINT64 End;
}ARBITER_CONFLICT_INFO, *PARBITER_CONFLICT_INFO;
typedef struct _ARBITER_INTERFACE {
/*0x000*/ UINT16 Size;
/*0x002*/ UINT16 Version;
/*0x004*/ VOID* Context;
/*0x008*/ PVOID InterfaceReference;
/*0x00C*/ PVOID InterfaceDereference;
/*0x010*/ PVOID ArbiterHandler;
/*0x014*/ ULONG32 Flags;
}ARBITER_INTERFACE, *PARBITER_INTERFACE;
/*0x000*/ UINT16 Size;
/*0x002*/ UINT16 Version;
/*0x004*/ VOID* Context;
/*0x008*/ PVOID InterfaceReference;
/*0x00C*/ PVOID InterfaceDereference;
/*0x010*/ PVOID ArbiterHandler;
/*0x014*/ ULONG32 Flags;
}ARBITER_INTERFACE, *PARBITER_INTERFACE;
typedef struct _ARBITER_ORDERING {
/*0x000*/ UINT64 Start;
/*0x008*/ UINT64 End;
}ARBITER_ORDERING, *PARBITER_ORDERING;
/*0x000*/ UINT64 Start;
/*0x008*/ UINT64 End;
}ARBITER_ORDERING, *PARBITER_ORDERING;
typedef struct _ARBITER_ORDERING_LIST {
/*0x000*/ UINT16 Count;
/*0x002*/ UINT16 Maximum;
/*0x004*/ struct _ARBITER_ORDERING* Orderings;
}ARBITER_ORDERING_LIST, *PARBITER_ORDERING_LIST;
/*0x000*/ UINT16 Count;
/*0x002*/ UINT16 Maximum;
/*0x004*/ struct _ARBITER_ORDERING* Orderings;
}ARBITER_ORDERING_LIST, *PARBITER_ORDERING_LIST;
typedef struct _ARBITER_PARAMETERS {
union
{
struct
{
/*0x000*/ struct _LIST_ENTRY* ArbitrationList;
/*0x004*/ ULONG32 AllocateFromCount;
/*0x008*/ struct _CM_PARTIAL_RESOURCE_DESCRIPTOR* AllocateFrom;
}TestAllocation;
struct
{
/*0x000*/ struct _LIST_ENTRY* ArbitrationList;
/*0x004*/ ULONG32 AllocateFromCount;
/*0x008*/ struct _CM_PARTIAL_RESOURCE_DESCRIPTOR* AllocateFrom;
}RetestAllocation;
struct
{
/*0x000*/ struct _LIST_ENTRY* ArbitrationList;
}BootAllocation;
struct
{
/*0x000*/ struct _CM_PARTIAL_RESOURCE_LIST** AllocatedResources;
}QueryAllocatedResources;
struct
{
/*0x000*/ struct _DEVICE_OBJECT* PhysicalDeviceObject;
/*0x004*/ struct _IO_RESOURCE_DESCRIPTOR* ConflictingResource;
/*0x008*/ ULONG32* ConflictCount;
/*0x00C*/ struct _ARBITER_CONFLICT_INFO** Conflicts;
}QueryConflict;
struct
{
/*0x000*/ struct _LIST_ENTRY* ArbitrationList;
}QueryArbitrate;
struct
{
/*0x000*/ struct _DEVICE_OBJECT* ReserveDevice;
}AddReserved;
}Parameters;
}ARBITER_PARAMETERS, *PARBITER_PARAMETERS;
union
{
struct
{
/*0x000*/ struct _LIST_ENTRY* ArbitrationList;
/*0x004*/ ULONG32 AllocateFromCount;
/*0x008*/ struct _CM_PARTIAL_RESOURCE_DESCRIPTOR* AllocateFrom;
}TestAllocation;
struct
{
/*0x000*/ struct _LIST_ENTRY* ArbitrationList;
/*0x004*/ ULONG32 AllocateFromCount;
/*0x008*/ struct _CM_PARTIAL_RESOURCE_DESCRIPTOR* AllocateFrom;
}RetestAllocation;
struct
{
/*0x000*/ struct _LIST_ENTRY* ArbitrationList;
}BootAllocation;
struct
{
/*0x000*/ struct _CM_PARTIAL_RESOURCE_LIST** AllocatedResources;
}QueryAllocatedResources;
struct
{
/*0x000*/ struct _DEVICE_OBJECT* PhysicalDeviceObject;
/*0x004*/ struct _IO_RESOURCE_DESCRIPTOR* ConflictingResource;
/*0x008*/ ULONG32* ConflictCount;
/*0x00C*/ struct _ARBITER_CONFLICT_INFO** Conflicts;
}QueryConflict;
struct
{
/*0x000*/ struct _LIST_ENTRY* ArbitrationList;
}QueryArbitrate;
struct
{
/*0x000*/ struct _DEVICE_OBJECT* ReserveDevice;
}AddReserved;
}Parameters;
}ARBITER_PARAMETERS, *PARBITER_PARAMETERS;
typedef struct _BATTERY_REPORTING_SCALE {
/*0x000*/ ULONG32 Granularity;
/*0x004*/ ULONG32 Capacity;
}BATTERY_REPORTING_SCALE, *PBATTERY_REPORTING_SCALE;
/*0x000*/ ULONG32 Granularity;
/*0x004*/ ULONG32 Capacity;
}BATTERY_REPORTING_SCALE, *PBATTERY_REPORTING_SCALE;
typedef struct _BUS_EXTENSION_LIST {
/*0x000*/ VOID* Next;
/*0x004*/ struct _PI_BUS_EXTENSION* BusExtension;
}BUS_EXTENSION_LIST, *PBUS_EXTENSION_LIST;
/*0x000*/ VOID* Next;
/*0x004*/ struct _PI_BUS_EXTENSION* BusExtension;
}BUS_EXTENSION_LIST, *PBUS_EXTENSION_LIST;
typedef struct _BUS_HANDLER {
/*0x000*/ ULONG32 Version;
/*0x004*/ enum _INTERFACE_TYPE InterfaceType;
/*0x008*/ enum _BUS_DATA_TYPE ConfigurationType;
/*0x00C*/ ULONG32 BusNumber;
/*0x010*/ struct _DEVICE_OBJECT* DeviceObject;
/*0x014*/ struct _BUS_HANDLER* ParentHandler;
/*0x018*/ VOID* BusData;
/*0x01C*/ ULONG32 DeviceControlExtensionSize;
/*0x020*/ struct _SUPPORTED_RANGES* BusAddresses;
/*0x024*/ ULONG32 Reserved[4];
/*0x034*/ PVOID GetBusData;
/*0x038*/ PVOID SetBusData;
/*0x03C*/ PVOID AdjustResourceList;
/*0x040*/ PVOID AssignSlotResources;
/*0x044*/ PVOID GetInterruptVector;
/*0x048*/ PVOID TranslateBusAddress;
/*0x04C*/ VOID* Spare1;
/*0x050*/ VOID* Spare2;
/*0x054*/ VOID* Spare3;
/*0x058*/ VOID* Spare4;
/*0x05C*/ VOID* Spare5;
/*0x060*/ VOID* Spare6;
/*0x064*/ VOID* Spare7;
/*0x068*/ VOID* Spare8;
}BUS_HANDLER, *PBUS_HANDLER;
/*0x000*/ ULONG32 Version;
/*0x004*/ enum _INTERFACE_TYPE InterfaceType;
/*0x008*/ enum _BUS_DATA_TYPE ConfigurationType;
/*0x00C*/ ULONG32 BusNumber;
/*0x010*/ struct _DEVICE_OBJECT* DeviceObject;
/*0x014*/ struct _BUS_HANDLER* ParentHandler;
/*0x018*/ VOID* BusData;
/*0x01C*/ ULONG32 DeviceControlExtensionSize;
/*0x020*/ struct _SUPPORTED_RANGES* BusAddresses;
/*0x024*/ ULONG32 Reserved[4];
/*0x034*/ PVOID GetBusData;
/*0x038*/ PVOID SetBusData;
/*0x03C*/ PVOID AdjustResourceList;
/*0x040*/ PVOID AssignSlotResources;
/*0x044*/ PVOID GetInterruptVector;
/*0x048*/ PVOID TranslateBusAddress;
/*0x04C*/ VOID* Spare1;
/*0x050*/ VOID* Spare2;
/*0x054*/ VOID* Spare3;
/*0x058*/ VOID* Spare4;
/*0x05C*/ VOID* Spare5;
/*0x060*/ VOID* Spare6;
/*0x064*/ VOID* Spare7;
/*0x068*/ VOID* Spare8;
}BUS_HANDLER, *PBUS_HANDLER;
typedef struct _CACHED_CHILD_LIST {
/*0x000*/ ULONG32 Count;
union
{
/*0x004*/ ULONG32 ValueList;
/*0x004*/ struct _CM_KEY_CONTROL_BLOCK* RealKcb;
};
}CACHED_CHILD_LIST, *PCACHED_CHILD_LIST;
/*0x000*/ ULONG32 Count;
union
{
/*0x004*/ ULONG32 ValueList;
/*0x004*/ struct _CM_KEY_CONTROL_BLOCK* RealKcb;
};
}CACHED_CHILD_LIST, *PCACHED_CHILD_LIST;
typedef struct _CACHE_MANAGER_CALLBACKS {
/*0x000*/ PVOID AcquireForLazyWrite;
/*0x004*/ PVOID ReleaseFromLazyWrite;
/*0x008*/ PVOID AcquireForReadAhead;
/*0x00C*/ PVOID ReleaseFromReadAhead;
}CACHE_MANAGER_CALLBACKS, *PCACHE_MANAGER_CALLBACKS;
/*0x000*/ PVOID AcquireForLazyWrite;
/*0x004*/ PVOID ReleaseFromLazyWrite;
/*0x008*/ PVOID AcquireForReadAhead;
/*0x00C*/ PVOID ReleaseFromReadAhead;
}CACHE_MANAGER_CALLBACKS, *PCACHE_MANAGER_CALLBACKS;
typedef struct _CHILD_LIST {
/*0x000*/ ULONG32 Count;
/*0x004*/ ULONG32 List;
}CHILD_LIST, *PCHILD_LIST;
/*0x000*/ ULONG32 Count;
/*0x004*/ ULONG32 List;
}CHILD_LIST, *PCHILD_LIST;
typedef struct _CLIENT_ID {
/*0x000*/ VOID* UniqueProcess;
/*0x004*/ VOID* UniqueThread;
}CLIENT_ID, *PCLIENT_ID;
/*0x000*/ VOID* UniqueProcess;
/*0x004*/ VOID* UniqueThread;
}CLIENT_ID, *PCLIENT_ID;
typedef struct _CMP_OFFSET_ARRAY {
/*0x000*/ ULONG32 FileOffset;
/*0x004*/ VOID* DataBuffer;
/*0x008*/ ULONG32 DataLength;
}CMP_OFFSET_ARRAY, *PCMP_OFFSET_ARRAY;
/*0x000*/ ULONG32 FileOffset;
/*0x004*/ VOID* DataBuffer;
/*0x008*/ ULONG32 DataLength;
}CMP_OFFSET_ARRAY, *PCMP_OFFSET_ARRAY;
typedef struct _CM_BIG_DATA {
/*0x000*/ UINT16 Signature;
/*0x002*/ UINT16 Count;
/*0x004*/ ULONG32 List;
}CM_BIG_DATA, *PCM_BIG_DATA;
/*0x000*/ UINT16 Signature;
/*0x002*/ UINT16 Count;
/*0x004*/ ULONG32 List;
}CM_BIG_DATA, *PCM_BIG_DATA;
typedef struct _CM_CELL_REMAP_BLOCK {
/*0x000*/ ULONG32 OldCell;
/*0x004*/ ULONG32 NewCell;
}CM_CELL_REMAP_BLOCK, *PCM_CELL_REMAP_BLOCK;
/*0x000*/ ULONG32 OldCell;
/*0x004*/ ULONG32 NewCell;
}CM_CELL_REMAP_BLOCK, *PCM_CELL_REMAP_BLOCK;
typedef struct _CM_INDEX_HINT_BLOCK {
/*0x000*/ ULONG32 Count;
/*0x004*/ ULONG32 HashKey[1];
}CM_INDEX_HINT_BLOCK, *PCM_INDEX_HINT_BLOCK;
/*0x000*/ ULONG32 Count;
/*0x004*/ ULONG32 HashKey[1];
}CM_INDEX_HINT_BLOCK, *PCM_INDEX_HINT_BLOCK;
typedef struct _CM_KEY_HASH {
/*0x000*/ ULONG32 ConvKey;
/*0x004*/ struct _CM_KEY_HASH* NextHash;
/*0x008*/ struct _HHIVE* KeyHive;
/*0x00C*/ ULONG32 KeyCell;
}CM_KEY_HASH, *PCM_KEY_HASH;
/*0x000*/ ULONG32 ConvKey;
/*0x004*/ struct _CM_KEY_HASH* NextHash;
/*0x008*/ struct _HHIVE* KeyHive;
/*0x00C*/ ULONG32 KeyCell;
}CM_KEY_HASH, *PCM_KEY_HASH;
typedef struct _CM_KEY_INDEX {
/*0x000*/ UINT16 Signature;
/*0x002*/ UINT16 Count;
/*0x004*/ ULONG32 List[1];
}CM_KEY_INDEX, *PCM_KEY_INDEX;
/*0x000*/ UINT16 Signature;
/*0x002*/ UINT16 Count;
/*0x004*/ ULONG32 List[1];
}CM_KEY_INDEX, *PCM_KEY_INDEX;
typedef struct _CM_KEY_REFERENCE {
/*0x000*/ ULONG32 KeyCell;
/*0x004*/ struct _HHIVE* KeyHive;
}CM_KEY_REFERENCE, *PCM_KEY_REFERENCE;
/*0x000*/ ULONG32 KeyCell;
/*0x004*/ struct _HHIVE* KeyHive;
}CM_KEY_REFERENCE, *PCM_KEY_REFERENCE;
typedef struct _CM_KEY_SECURITY_CACHE_ENTRY {
/*0x000*/ ULONG32 Cell;
/*0x004*/ struct _CM_KEY_SECURITY_CACHE* CachedSecurity;
}CM_KEY_SECURITY_CACHE_ENTRY, *PCM_KEY_SECURITY_CACHE_ENTRY;
/*0x000*/ ULONG32 Cell;
/*0x004*/ struct _CM_KEY_SECURITY_CACHE* CachedSecurity;
}CM_KEY_SECURITY_CACHE_ENTRY, *PCM_KEY_SECURITY_CACHE_ENTRY;
typedef struct _CM_KEY_VALUE {
/*0x000*/ UINT16 Signature;
/*0x002*/ UINT16 NameLength;
/*0x004*/ ULONG32 DataLength;
/*0x008*/ ULONG32 Data;
/*0x00C*/ ULONG32 Type;
/*0x010*/ UINT16 Flags;
/*0x012*/ UINT16 Spare;
/*0x014*/ UINT16 Name[1];
/*0x016*/ UINT8 _PADDING0_[0x2];
}CM_KEY_VALUE, *PCM_KEY_VALUE;
/*0x000*/ UINT16 Signature;
/*0x002*/ UINT16 NameLength;
/*0x004*/ ULONG32 DataLength;
/*0x008*/ ULONG32 Data;
/*0x00C*/ ULONG32 Type;
/*0x010*/ UINT16 Flags;
/*0x012*/ UINT16 Spare;
/*0x014*/ UINT16 Name[1];
/*0x016*/ UINT8 _PADDING0_[0x2];
}CM_KEY_VALUE, *PCM_KEY_VALUE;
typedef struct _CM_NAME_HASH {
/*0x000*/ ULONG32 ConvKey;
/*0x004*/ struct _CM_NAME_HASH* NextHash;
/*0x008*/ UINT16 NameLength;
/*0x00A*/ UINT16 Name[1];
}CM_NAME_HASH, *PCM_NAME_HASH;
/*0x000*/ ULONG32 ConvKey;
/*0x004*/ struct _CM_NAME_HASH* NextHash;
/*0x008*/ UINT16 NameLength;
/*0x00A*/ UINT16 Name[1];
}CM_NAME_HASH, *PCM_NAME_HASH;
typedef struct _CM_PARTIAL_RESOURCE_DESCRIPTOR {
/*0x000*/ UINT8 Type;
/*0x001*/ UINT8 ShareDisposition;
/*0x002*/ UINT16 Flags;
union
{
struct
{
/*0x004*/ union _LARGE_INTEGER Start;
/*0x00C*/ ULONG32 Length;
}Generic;
struct
{
/*0x004*/ union _LARGE_INTEGER Start;
/*0x00C*/ ULONG32 Length;
}Port;
struct
{
/*0x004*/ ULONG32 Level;
/*0x008*/ ULONG32 Vector;
/*0x00C*/ ULONG32 Affinity;
}Interrupt;
struct
{
/*0x004*/ union _LARGE_INTEGER Start;
/*0x00C*/ ULONG32 Length;
}Memory;
struct
{
/*0x004*/ ULONG32 Channel;
/*0x008*/ ULONG32 Port;
/*0x00C*/ ULONG32 Reserved1;
}Dma;
struct
{
/*0x004*/ ULONG32 Data[3];
}DevicePrivate;
struct
{
/*0x004*/ ULONG32 Start;
/*0x008*/ ULONG32 Length;
/*0x00C*/ ULONG32 Reserved;
}BusNumber;
struct
{
/*0x004*/ ULONG32 DataSize;
/*0x008*/ ULONG32 Reserved1;
/*0x00C*/ ULONG32 Reserved2;
}DeviceSpecificData;
}u;
}CM_PARTIAL_RESOURCE_DESCRIPTOR, *PCM_PARTIAL_RESOURCE_DESCRIPTOR;
/*0x000*/ UINT8 Type;
/*0x001*/ UINT8 ShareDisposition;
/*0x002*/ UINT16 Flags;
union
{
struct
{
/*0x004*/ union _LARGE_INTEGER Start;
/*0x00C*/ ULONG32 Length;
}Generic;
struct
{
/*0x004*/ union _LARGE_INTEGER Start;
/*0x00C*/ ULONG32 Length;
}Port;
struct
{
/*0x004*/ ULONG32 Level;
/*0x008*/ ULONG32 Vector;
/*0x00C*/ ULONG32 Affinity;
}Interrupt;
struct
{
/*0x004*/ union _LARGE_INTEGER Start;
/*0x00C*/ ULONG32 Length;
}Memory;
struct
{
/*0x004*/ ULONG32 Channel;
/*0x008*/ ULONG32 Port;
/*0x00C*/ ULONG32 Reserved1;
}Dma;
struct
{
/*0x004*/ ULONG32 Data[3];
}DevicePrivate;
struct
{
/*0x004*/ ULONG32 Start;
/*0x008*/ ULONG32 Length;
/*0x00C*/ ULONG32 Reserved;
}BusNumber;
struct
{
/*0x004*/ ULONG32 DataSize;
/*0x008*/ ULONG32 Reserved1;
/*0x00C*/ ULONG32 Reserved2;
}DeviceSpecificData;
}u;
}CM_PARTIAL_RESOURCE_DESCRIPTOR, *PCM_PARTIAL_RESOURCE_DESCRIPTOR;
typedef struct _COMPRESSED_DATA_INFO {
/*0x000*/ UINT16 CompressionFormatAndEngine;
/*0x002*/ UINT8 CompressionUnitShift;
/*0x003*/ UINT8 ChunkShift;
/*0x004*/ UINT8 ClusterShift;
/*0x005*/ UINT8 Reserved;
/*0x006*/ UINT16 NumberOfChunks;
/*0x008*/ ULONG32 CompressedChunkSizes[1];
}COMPRESSED_DATA_INFO, *PCOMPRESSED_DATA_INFO;
/*0x000*/ UINT16 CompressionFormatAndEngine;
/*0x002*/ UINT8 CompressionUnitShift;
/*0x003*/ UINT8 ChunkShift;
/*0x004*/ UINT8 ClusterShift;
/*0x005*/ UINT8 Reserved;
/*0x006*/ UINT16 NumberOfChunks;
/*0x008*/ ULONG32 CompressedChunkSizes[1];
}COMPRESSED_DATA_INFO, *PCOMPRESSED_DATA_INFO;
typedef struct _DBGKD_BREAKPOINTEX {
/*0x000*/ ULONG32 BreakPointCount;
/*0x004*/ LONG32 ContinueStatus;
}DBGKD_BREAKPOINTEX, *PDBGKD_BREAKPOINTEX;
/*0x000*/ ULONG32 BreakPointCount;
/*0x004*/ LONG32 ContinueStatus;
}DBGKD_BREAKPOINTEX, *PDBGKD_BREAKPOINTEX;
typedef struct _DBGKD_CONTINUE {
/*0x000*/ LONG32 ContinueStatus;
}DBGKD_CONTINUE, *PDBGKD_CONTINUE;
/*0x000*/ LONG32 ContinueStatus;
}DBGKD_CONTINUE, *PDBGKD_CONTINUE;
typedef struct _DBGKD_FILL_MEMORY {
/*0x000*/ UINT64 Address;
/*0x008*/ ULONG32 Length;
/*0x00C*/ UINT16 Flags;
/*0x00E*/ UINT16 PatternLength;
}DBGKD_FILL_MEMORY, *PDBGKD_FILL_MEMORY;
/*0x000*/ UINT64 Address;
/*0x008*/ ULONG32 Length;
/*0x00C*/ UINT16 Flags;
/*0x00E*/ UINT16 PatternLength;
}DBGKD_FILL_MEMORY, *PDBGKD_FILL_MEMORY;
typedef struct _DBGKD_GET_CONTEXT {
/*0x000*/ ULONG32 Unused;
}DBGKD_GET_CONTEXT, *PDBGKD_GET_CONTEXT;
/*0x000*/ ULONG32 Unused;
}DBGKD_GET_CONTEXT, *PDBGKD_GET_CONTEXT;
typedef struct _DBGKD_GET_INTERNAL_BREAKPOINT32 {
/*0x000*/ ULONG32 BreakpointAddress;
/*0x004*/ ULONG32 Flags;
/*0x008*/ ULONG32 Calls;
/*0x00C*/ ULONG32 MaxCallsPerPeriod;
/*0x010*/ ULONG32 MinInstructions;
/*0x014*/ ULONG32 MaxInstructions;
/*0x018*/ ULONG32 TotalInstructions;
}DBGKD_GET_INTERNAL_BREAKPOINT32, *PDBGKD_GET_INTERNAL_BREAKPOINT32;
/*0x000*/ ULONG32 BreakpointAddress;
/*0x004*/ ULONG32 Flags;
/*0x008*/ ULONG32 Calls;
/*0x00C*/ ULONG32 MaxCallsPerPeriod;
/*0x010*/ ULONG32 MinInstructions;
/*0x014*/ ULONG32 MaxInstructions;
/*0x018*/ ULONG32 TotalInstructions;
}DBGKD_GET_INTERNAL_BREAKPOINT32, *PDBGKD_GET_INTERNAL_BREAKPOINT32;
typedef struct _DBGKD_GET_INTERNAL_BREAKPOINT64 {
/*0x000*/ UINT64 BreakpointAddress;
/*0x008*/ ULONG32 Flags;
/*0x00C*/ ULONG32 Calls;
/*0x010*/ ULONG32 MaxCallsPerPeriod;
/*0x014*/ ULONG32 MinInstructions;
/*0x018*/ ULONG32 MaxInstructions;
/*0x01C*/ ULONG32 TotalInstructions;
}DBGKD_GET_INTERNAL_BREAKPOINT64, *PDBGKD_GET_INTERNAL_BREAKPOINT64;
/*0x000*/ UINT64 BreakpointAddress;
/*0x008*/ ULONG32 Flags;
/*0x00C*/ ULONG32 Calls;
/*0x010*/ ULONG32 MaxCallsPerPeriod;
/*0x014*/ ULONG32 MinInstructions;
/*0x018*/ ULONG32 MaxInstructions;
/*0x01C*/ ULONG32 TotalInstructions;
}DBGKD_GET_INTERNAL_BREAKPOINT64, *PDBGKD_GET_INTERNAL_BREAKPOINT64;
typedef struct _DBGKD_GET_SET_BUS_DATA {
/*0x000*/ ULONG32 BusDataType;
/*0x004*/ ULONG32 BusNumber;
/*0x008*/ ULONG32 SlotNumber;
/*0x00C*/ ULONG32 Offset;
/*0x010*/ ULONG32 Length;
}DBGKD_GET_SET_BUS_DATA, *PDBGKD_GET_SET_BUS_DATA;
/*0x000*/ ULONG32 BusDataType;
/*0x004*/ ULONG32 BusNumber;
/*0x008*/ ULONG32 SlotNumber;
/*0x00C*/ ULONG32 Offset;
/*0x010*/ ULONG32 Length;
}DBGKD_GET_SET_BUS_DATA, *PDBGKD_GET_SET_BUS_DATA;
typedef struct _DBGKD_GET_VERSION32 {
/*0x000*/ UINT16 MajorVersion;
/*0x002*/ UINT16 MinorVersion;
/*0x004*/ UINT16 ProtocolVersion;
/*0x006*/ UINT16 Flags;
/*0x008*/ ULONG32 KernBase;
/*0x00C*/ ULONG32 PsLoadedModuleList;
/*0x010*/ UINT16 MachineType;
/*0x012*/ UINT16 ThCallbackStack;
/*0x014*/ UINT16 NextCallback;
/*0x016*/ UINT16 FramePointer;
/*0x018*/ ULONG32 KiCallUserMode;
/*0x01C*/ ULONG32 KeUserCallbackDispatcher;
/*0x020*/ ULONG32 BreakpointWithStatus;
/*0x024*/ ULONG32 DebuggerDataList;
}DBGKD_GET_VERSION32, *PDBGKD_GET_VERSION32;
/*0x000*/ UINT16 MajorVersion;
/*0x002*/ UINT16 MinorVersion;
/*0x004*/ UINT16 ProtocolVersion;
/*0x006*/ UINT16 Flags;
/*0x008*/ ULONG32 KernBase;
/*0x00C*/ ULONG32 PsLoadedModuleList;
/*0x010*/ UINT16 MachineType;
/*0x012*/ UINT16 ThCallbackStack;
/*0x014*/ UINT16 NextCallback;
/*0x016*/ UINT16 FramePointer;
/*0x018*/ ULONG32 KiCallUserMode;
/*0x01C*/ ULONG32 KeUserCallbackDispatcher;
/*0x020*/ ULONG32 BreakpointWithStatus;
/*0x024*/ ULONG32 DebuggerDataList;
}DBGKD_GET_VERSION32, *PDBGKD_GET_VERSION32;
typedef struct _DBGKD_GET_VERSION64 {
/*0x000*/ UINT16 MajorVersion;
/*0x002*/ UINT16 MinorVersion;
/*0x004*/ UINT16 ProtocolVersion;
/*0x006*/ UINT16 Flags;
/*0x008*/ UINT16 MachineType;
/*0x00A*/ UINT8 MaxPacketType;
/*0x00B*/ UINT8 MaxStateChange;
/*0x00C*/ UINT8 MaxManipulate;
/*0x00D*/ UINT8 Simulation;
/*0x00E*/ UINT16 Unused[1];
/*0x010*/ UINT64 KernBase;
/*0x018*/ UINT64 PsLoadedModuleList;
/*0x020*/ UINT64 DebuggerDataList;
}DBGKD_GET_VERSION64, *PDBGKD_GET_VERSION64;
/*0x000*/ UINT16 MajorVersion;
/*0x002*/ UINT16 MinorVersion;
/*0x004*/ UINT16 ProtocolVersion;
/*0x006*/ UINT16 Flags;
/*0x008*/ UINT16 MachineType;
/*0x00A*/ UINT8 MaxPacketType;
/*0x00B*/ UINT8 MaxStateChange;
/*0x00C*/ UINT8 MaxManipulate;
/*0x00D*/ UINT8 Simulation;
/*0x00E*/ UINT16 Unused[1];
/*0x010*/ UINT64 KernBase;
/*0x018*/ UINT64 PsLoadedModuleList;
/*0x020*/ UINT64 DebuggerDataList;
}DBGKD_GET_VERSION64, *PDBGKD_GET_VERSION64;
typedef struct _DBGKD_LOAD_SYMBOLS32 {
/*0x000*/ ULONG32 PathNameLength;
/*0x004*/ ULONG32 BaseOfDll;
/*0x008*/ ULONG32 ProcessId;
/*0x00C*/ ULONG32 CheckSum;
/*0x010*/ ULONG32 SizeOfImage;
/*0x014*/ UINT8 UnloadSymbols;
/*0x015*/ UINT8 _PADDING0_[0x3];
}DBGKD_LOAD_SYMBOLS32, *PDBGKD_LOAD_SYMBOLS32;
/*0x000*/ ULONG32 PathNameLength;
/*0x004*/ ULONG32 BaseOfDll;
/*0x008*/ ULONG32 ProcessId;
/*0x00C*/ ULONG32 CheckSum;
/*0x010*/ ULONG32 SizeOfImage;
/*0x014*/ UINT8 UnloadSymbols;
/*0x015*/ UINT8 _PADDING0_[0x3];
}DBGKD_LOAD_SYMBOLS32, *PDBGKD_LOAD_SYMBOLS32;
typedef struct _DBGKD_LOAD_SYMBOLS64 {
/*0x000*/ ULONG32 PathNameLength;
/*0x004*/ UINT8 _PADDING0_[0x4];
/*0x008*/ UINT64 BaseOfDll;
/*0x010*/ UINT64 ProcessId;
/*0x018*/ ULONG32 CheckSum;
/*0x01C*/ ULONG32 SizeOfImage;
/*0x020*/ UINT8 UnloadSymbols;
/*0x021*/ UINT8 _PADDING1_[0x7];
}DBGKD_LOAD_SYMBOLS64, *PDBGKD_LOAD_SYMBOLS64;
/*0x000*/ ULONG32 PathNameLength;
/*0x004*/ UINT8 _PADDING0_[0x4];
/*0x008*/ UINT64 BaseOfDll;
/*0x010*/ UINT64 ProcessId;
/*0x018*/ ULONG32 CheckSum;
/*0x01C*/ ULONG32 SizeOfImage;
/*0x020*/ UINT8 UnloadSymbols;
/*0x021*/ UINT8 _PADDING1_[0x7];
}DBGKD_LOAD_SYMBOLS64, *PDBGKD_LOAD_SYMBOLS64;
typedef struct _DBGKD_QUERY_MEMORY {
/*0x000*/ UINT64 Address;
/*0x008*/ UINT64 Reserved;
/*0x010*/ ULONG32 AddressSpace;
/*0x014*/ ULONG32 Flags;
}DBGKD_QUERY_MEMORY, *PDBGKD_QUERY_MEMORY;
/*0x000*/ UINT64 Address;
/*0x008*/ UINT64 Reserved;
/*0x010*/ ULONG32 AddressSpace;
/*0x014*/ ULONG32 Flags;
}DBGKD_QUERY_MEMORY, *PDBGKD_QUERY_MEMORY;
typedef struct _DBGKD_QUERY_SPECIAL_CALLS {
/*0x000*/ ULONG32 NumberOfSpecialCalls;
}DBGKD_QUERY_SPECIAL_CALLS, *PDBGKD_QUERY_SPECIAL_CALLS;
/*0x000*/ ULONG32 NumberOfSpecialCalls;
}DBGKD_QUERY_SPECIAL_CALLS, *PDBGKD_QUERY_SPECIAL_CALLS;
typedef struct _DBGKD_READ_MEMORY32 {
/*0x000*/ ULONG32 TargetBaseAddress;
/*0x004*/ ULONG32 TransferCount;
/*0x008*/ ULONG32 ActualBytesRead;
}DBGKD_READ_MEMORY32, *PDBGKD_READ_MEMORY32;
/*0x000*/ ULONG32 TargetBaseAddress;
/*0x004*/ ULONG32 TransferCount;
/*0x008*/ ULONG32 ActualBytesRead;
}DBGKD_READ_MEMORY32, *PDBGKD_READ_MEMORY32;
typedef struct _DBGKD_READ_MEMORY64 {
/*0x000*/ UINT64 TargetBaseAddress;
/*0x008*/ ULONG32 TransferCount;
/*0x00C*/ ULONG32 ActualBytesRead;
}DBGKD_READ_MEMORY64, *PDBGKD_READ_MEMORY64;
/*0x000*/ UINT64 TargetBaseAddress;
/*0x008*/ ULONG32 TransferCount;
/*0x00C*/ ULONG32 ActualBytesRead;
}DBGKD_READ_MEMORY64, *PDBGKD_READ_MEMORY64;
typedef struct _DBGKD_READ_WRITE_IO32 {
/*0x000*/ ULONG32 DataSize;
/*0x004*/ ULONG32 IoAddress;
/*0x008*/ ULONG32 DataValue;
}DBGKD_READ_WRITE_IO32, *PDBGKD_READ_WRITE_IO32;
/*0x000*/ ULONG32 DataSize;
/*0x004*/ ULONG32 IoAddress;
/*0x008*/ ULONG32 DataValue;
}DBGKD_READ_WRITE_IO32, *PDBGKD_READ_WRITE_IO32;
typedef struct _DBGKD_READ_WRITE_IO64 {
/*0x000*/ UINT64 IoAddress;
/*0x008*/ ULONG32 DataSize;
/*0x00C*/ ULONG32 DataValue;
}DBGKD_READ_WRITE_IO64, *PDBGKD_READ_WRITE_IO64;
/*0x000*/ UINT64 IoAddress;
/*0x008*/ ULONG32 DataSize;
/*0x00C*/ ULONG32 DataValue;
}DBGKD_READ_WRITE_IO64, *PDBGKD_READ_WRITE_IO64;
typedef struct _DBGKD_READ_WRITE_IO_EXTENDED32 {
/*0x000*/ ULONG32 DataSize;
/*0x004*/ ULONG32 InterfaceType;
/*0x008*/ ULONG32 BusNumber;
/*0x00C*/ ULONG32 AddressSpace;
/*0x010*/ ULONG32 IoAddress;
/*0x014*/ ULONG32 DataValue;
}DBGKD_READ_WRITE_IO_EXTENDED32, *PDBGKD_READ_WRITE_IO_EXTENDED32;
/*0x000*/ ULONG32 DataSize;
/*0x004*/ ULONG32 InterfaceType;
/*0x008*/ ULONG32 BusNumber;
/*0x00C*/ ULONG32 AddressSpace;
/*0x010*/ ULONG32 IoAddress;
/*0x014*/ ULONG32 DataValue;
}DBGKD_READ_WRITE_IO_EXTENDED32, *PDBGKD_READ_WRITE_IO_EXTENDED32;
typedef struct _DBGKD_READ_WRITE_IO_EXTENDED64 {
/*0x000*/ ULONG32 DataSize;
/*0x004*/ ULONG32 InterfaceType;
/*0x008*/ ULONG32 BusNumber;
/*0x00C*/ ULONG32 AddressSpace;
/*0x010*/ UINT64 IoAddress;
/*0x018*/ ULONG32 DataValue;
/*0x01C*/ UINT8 _PADDING0_[0x4];
}DBGKD_READ_WRITE_IO_EXTENDED64, *PDBGKD_READ_WRITE_IO_EXTENDED64;
/*0x000*/ ULONG32 DataSize;
/*0x004*/ ULONG32 InterfaceType;
/*0x008*/ ULONG32 BusNumber;
/*0x00C*/ ULONG32 AddressSpace;
/*0x010*/ UINT64 IoAddress;
/*0x018*/ ULONG32 DataValue;
/*0x01C*/ UINT8 _PADDING0_[0x4];
}DBGKD_READ_WRITE_IO_EXTENDED64, *PDBGKD_READ_WRITE_IO_EXTENDED64;
typedef struct _DBGKD_READ_WRITE_MSR {
/*0x000*/ ULONG32 Msr;
/*0x004*/ ULONG32 DataValueLow;
/*0x008*/ ULONG32 DataValueHigh;
}DBGKD_READ_WRITE_MSR, *PDBGKD_READ_WRITE_MSR;
/*0x000*/ ULONG32 Msr;
/*0x004*/ ULONG32 DataValueLow;
/*0x008*/ ULONG32 DataValueHigh;
}DBGKD_READ_WRITE_MSR, *PDBGKD_READ_WRITE_MSR;
typedef struct _DBGKD_RESTORE_BREAKPOINT {
/*0x000*/ ULONG32 BreakPointHandle;
}DBGKD_RESTORE_BREAKPOINT, *PDBGKD_RESTORE_BREAKPOINT;
/*0x000*/ ULONG32 BreakPointHandle;
}DBGKD_RESTORE_BREAKPOINT, *PDBGKD_RESTORE_BREAKPOINT;
typedef struct _DBGKD_SEARCH_MEMORY {
union
{
/*0x000*/ UINT64 SearchAddress;
/*0x000*/ UINT64 FoundAddress;
};
/*0x008*/ UINT64 SearchLength;
/*0x010*/ ULONG32 PatternLength;
/*0x014*/ UINT8 _PADDING0_[0x4];
}DBGKD_SEARCH_MEMORY, *PDBGKD_SEARCH_MEMORY;
union
{
/*0x000*/ UINT64 SearchAddress;
/*0x000*/ UINT64 FoundAddress;
};
/*0x008*/ UINT64 SearchLength;
/*0x010*/ ULONG32 PatternLength;
/*0x014*/ UINT8 _PADDING0_[0x4];
}DBGKD_SEARCH_MEMORY, *PDBGKD_SEARCH_MEMORY;
typedef struct _DBGKD_SET_CONTEXT {
/*0x000*/ ULONG32 ContextFlags;
}DBGKD_SET_CONTEXT, *PDBGKD_SET_CONTEXT;
/*0x000*/ ULONG32 ContextFlags;
}DBGKD_SET_CONTEXT, *PDBGKD_SET_CONTEXT;
typedef struct _DBGKD_SET_INTERNAL_BREAKPOINT32 {
/*0x000*/ ULONG32 BreakpointAddress;
/*0x004*/ ULONG32 Flags;
}DBGKD_SET_INTERNAL_BREAKPOINT32, *PDBGKD_SET_INTERNAL_BREAKPOINT32;
/*0x000*/ ULONG32 BreakpointAddress;
/*0x004*/ ULONG32 Flags;
}DBGKD_SET_INTERNAL_BREAKPOINT32, *PDBGKD_SET_INTERNAL_BREAKPOINT32;
typedef struct _DBGKD_SET_INTERNAL_BREAKPOINT64 {
/*0x000*/ UINT64 BreakpointAddress;
/*0x008*/ ULONG32 Flags;
/*0x00C*/ UINT8 _PADDING0_[0x4];
}DBGKD_SET_INTERNAL_BREAKPOINT64, *PDBGKD_SET_INTERNAL_BREAKPOINT64;
/*0x000*/ UINT64 BreakpointAddress;
/*0x008*/ ULONG32 Flags;
/*0x00C*/ UINT8 _PADDING0_[0x4];
}DBGKD_SET_INTERNAL_BREAKPOINT64, *PDBGKD_SET_INTERNAL_BREAKPOINT64;
typedef struct _DBGKD_SET_SPECIAL_CALL32 {
/*0x000*/ ULONG32 SpecialCall;
}DBGKD_SET_SPECIAL_CALL32, *PDBGKD_SET_SPECIAL_CALL32;
/*0x000*/ ULONG32 SpecialCall;
}DBGKD_SET_SPECIAL_CALL32, *PDBGKD_SET_SPECIAL_CALL32;
typedef struct _DBGKD_SET_SPECIAL_CALL64 {
/*0x000*/ UINT64 SpecialCall;
}DBGKD_SET_SPECIAL_CALL64, *PDBGKD_SET_SPECIAL_CALL64;
/*0x000*/ UINT64 SpecialCall;
}DBGKD_SET_SPECIAL_CALL64, *PDBGKD_SET_SPECIAL_CALL64;
typedef struct _DBGKD_WRITE_BREAKPOINT32 {
/*0x000*/ ULONG32 BreakPointAddress;
/*0x004*/ ULONG32 BreakPointHandle;
}DBGKD_WRITE_BREAKPOINT32, *PDBGKD_WRITE_BREAKPOINT32;
/*0x000*/ ULONG32 BreakPointAddress;
/*0x004*/ ULONG32 BreakPointHandle;
}DBGKD_WRITE_BREAKPOINT32, *PDBGKD_WRITE_BREAKPOINT32;
typedef struct _DBGKD_WRITE_BREAKPOINT64 {
/*0x000*/ UINT64 BreakPointAddress;
/*0x008*/ ULONG32 BreakPointHandle;
/*0x00C*/ UINT8 _PADDING0_[0x4];
}DBGKD_WRITE_BREAKPOINT64, *PDBGKD_WRITE_BREAKPOINT64;
/*0x000*/ UINT64 BreakPointAddress;
/*0x008*/ ULONG32 BreakPointHandle;
/*0x00C*/ UINT8 _PADDING0_[0x4];
}DBGKD_WRITE_BREAKPOINT64, *PDBGKD_WRITE_BREAKPOINT64;
typedef struct _DBGKD_WRITE_MEMORY32 {
/*0x000*/ ULONG32 TargetBaseAddress;
/*0x004*/ ULONG32 TransferCount;
/*0x008*/ ULONG32 ActualBytesWritten;
}DBGKD_WRITE_MEMORY32, *PDBGKD_WRITE_MEMORY32;
/*0x000*/ ULONG32 TargetBaseAddress;
/*0x004*/ ULONG32 TransferCount;
/*0x008*/ ULONG32 ActualBytesWritten;
}DBGKD_WRITE_MEMORY32, *PDBGKD_WRITE_MEMORY32;
typedef struct _DBGKD_WRITE_MEMORY64 {
/*0x000*/ UINT64 TargetBaseAddress;
/*0x008*/ ULONG32 TransferCount;
/*0x00C*/ ULONG32 ActualBytesWritten;
}DBGKD_WRITE_MEMORY64, *PDBGKD_WRITE_MEMORY64;
/*0x000*/ UINT64 TargetBaseAddress;
/*0x008*/ ULONG32 TransferCount;
/*0x00C*/ ULONG32 ActualBytesWritten;
}DBGKD_WRITE_MEMORY64, *PDBGKD_WRITE_MEMORY64;
typedef struct _DESCRIPTOR {
/*0x000*/ UINT16 Pad;
/*0x002*/ UINT16 Limit;
/*0x004*/ ULONG32 Base;
}DESCRIPTOR, *PDESCRIPTOR;
/*0x000*/ UINT16 Pad;
/*0x002*/ UINT16 Limit;
/*0x004*/ ULONG32 Base;
}DESCRIPTOR, *PDESCRIPTOR;
typedef struct _DEVICE_CAPABILITIES {
/*0x000*/ UINT16 Size;
/*0x002*/ UINT16 Version;
struct
{
/*0x004*/ ULONG32 DeviceD1 : 1;
/*0x004*/ ULONG32 DeviceD2 : 1;
/*0x004*/ ULONG32 LockSupported : 1;
/*0x004*/ ULONG32 EjectSupported : 1;
/*0x004*/ ULONG32 Removable : 1;
/*0x004*/ ULONG32 DockDevice : 1;
/*0x004*/ ULONG32 UniqueID : 1;
/*0x004*/ ULONG32 SilentInstall : 1;
/*0x004*/ ULONG32 RawDeviceOK : 1;
/*0x004*/ ULONG32 SurpriseRemovalOK : 1;
/*0x004*/ ULONG32 WakeFromD0 : 1;
/*0x004*/ ULONG32 WakeFromD1 : 1;
/*0x004*/ ULONG32 WakeFromD2 : 1;
/*0x004*/ ULONG32 WakeFromD3 : 1;
/*0x004*/ ULONG32 HardwareDisabled : 1;
/*0x004*/ ULONG32 NonDynamic : 1;
/*0x004*/ ULONG32 WarmEjectSupported : 1;
/*0x004*/ ULONG32 NoDisplayInUI : 1;
/*0x004*/ ULONG32 Reserved : 14;
};
/*0x008*/ ULONG32 Address;
/*0x00C*/ ULONG32 UINumber;
/*0x010*/ enum _DEVICE_POWER_STATE DeviceState[7];
/*0x02C*/ enum _SYSTEM_POWER_STATE SystemWake;
/*0x030*/ enum _DEVICE_POWER_STATE DeviceWake;
/*0x034*/ ULONG32 D1Latency;
/*0x038*/ ULONG32 D2Latency;
/*0x03C*/ ULONG32 D3Latency;
}DEVICE_CAPABILITIES, *PDEVICE_CAPABILITIES;
/*0x000*/ UINT16 Size;
/*0x002*/ UINT16 Version;
struct
{
/*0x004*/ ULONG32 DeviceD1 : 1;
/*0x004*/ ULONG32 DeviceD2 : 1;
/*0x004*/ ULONG32 LockSupported : 1;
/*0x004*/ ULONG32 EjectSupported : 1;
/*0x004*/ ULONG32 Removable : 1;
/*0x004*/ ULONG32 DockDevice : 1;
/*0x004*/ ULONG32 UniqueID : 1;
/*0x004*/ ULONG32 SilentInstall : 1;
/*0x004*/ ULONG32 RawDeviceOK : 1;
/*0x004*/ ULONG32 SurpriseRemovalOK : 1;
/*0x004*/ ULONG32 WakeFromD0 : 1;
/*0x004*/ ULONG32 WakeFromD1 : 1;
/*0x004*/ ULONG32 WakeFromD2 : 1;
/*0x004*/ ULONG32 WakeFromD3 : 1;
/*0x004*/ ULONG32 HardwareDisabled : 1;
/*0x004*/ ULONG32 NonDynamic : 1;
/*0x004*/ ULONG32 WarmEjectSupported : 1;
/*0x004*/ ULONG32 NoDisplayInUI : 1;
/*0x004*/ ULONG32 Reserved : 14;
};
/*0x008*/ ULONG32 Address;
/*0x00C*/ ULONG32 UINumber;
/*0x010*/ enum _DEVICE_POWER_STATE DeviceState[7];
/*0x02C*/ enum _SYSTEM_POWER_STATE SystemWake;
/*0x030*/ enum _DEVICE_POWER_STATE DeviceWake;
/*0x034*/ ULONG32 D1Latency;
/*0x038*/ ULONG32 D2Latency;
/*0x03C*/ ULONG32 D3Latency;
}DEVICE_CAPABILITIES, *PDEVICE_CAPABILITIES;
typedef struct _DEVICE_MAP {
/*0x000*/ struct _OBJECT_DIRECTORY* DosDevicesDirectory;
/*0x004*/ struct _OBJECT_DIRECTORY* GlobalDosDevicesDirectory;
/*0x008*/ ULONG32 ReferenceCount;
/*0x00C*/ ULONG32 DriveMap;
/*0x010*/ UINT8 DriveType[32];
}DEVICE_MAP, *PDEVICE_MAP;
/*0x000*/ struct _OBJECT_DIRECTORY* DosDevicesDirectory;
/*0x004*/ struct _OBJECT_DIRECTORY* GlobalDosDevicesDirectory;
/*0x008*/ ULONG32 ReferenceCount;
/*0x00C*/ ULONG32 DriveMap;
/*0x010*/ UINT8 DriveType[32];
}DEVICE_MAP, *PDEVICE_MAP;
typedef struct _DEVICE_RELATIONS {
/*0x000*/ ULONG32 Count;
/*0x004*/ struct _DEVICE_OBJECT* Objects[1];
}DEVICE_RELATIONS, *PDEVICE_RELATIONS;
/*0x000*/ ULONG32 Count;
/*0x004*/ struct _DEVICE_OBJECT* Objects[1];
}DEVICE_RELATIONS, *PDEVICE_RELATIONS;
typedef struct _DEVOBJ_EXTENSION {
/*0x000*/ INT16 Type;
/*0x002*/ UINT16 Size;
/*0x004*/ struct _DEVICE_OBJECT* DeviceObject;
/*0x008*/ ULONG32 PowerFlags;
/*0x00C*/ struct _DEVICE_OBJECT_POWER_EXTENSION* Dope;
/*0x010*/ ULONG32 ExtensionFlags;
/*0x014*/ VOID* DeviceNode;
/*0x018*/ struct _DEVICE_OBJECT* AttachedTo;
/*0x01C*/ LONG32 StartIoCount;
/*0x020*/ LONG32 StartIoKey;
/*0x024*/ ULONG32 StartIoFlags;
/*0x028*/ struct _VPB* Vpb;
}DEVOBJ_EXTENSION, *PDEVOBJ_EXTENSION;
/*0x000*/ INT16 Type;
/*0x002*/ UINT16 Size;
/*0x004*/ struct _DEVICE_OBJECT* DeviceObject;
/*0x008*/ ULONG32 PowerFlags;
/*0x00C*/ struct _DEVICE_OBJECT_POWER_EXTENSION* Dope;
/*0x010*/ ULONG32 ExtensionFlags;
/*0x014*/ VOID* DeviceNode;
/*0x018*/ struct _DEVICE_OBJECT* AttachedTo;
/*0x01C*/ LONG32 StartIoCount;
/*0x020*/ LONG32 StartIoKey;
/*0x024*/ ULONG32 StartIoFlags;
/*0x028*/ struct _VPB* Vpb;
}DEVOBJ_EXTENSION, *PDEVOBJ_EXTENSION;
typedef struct _EPROCESS_QUOTA_ENTRY {
/*0x000*/ ULONG32 Usage;
/*0x004*/ ULONG32 Limit;
/*0x008*/ ULONG32 Peak;
/*0x00C*/ ULONG32 Return;
}EPROCESS_QUOTA_ENTRY, *PEPROCESS_QUOTA_ENTRY;
/*0x000*/ ULONG32 Usage;
/*0x004*/ ULONG32 Limit;
/*0x008*/ ULONG32 Peak;
/*0x00C*/ ULONG32 Return;
}EPROCESS_QUOTA_ENTRY, *PEPROCESS_QUOTA_ENTRY;
typedef struct _EXCEPTION_POINTERS {
/*0x000*/ struct _EXCEPTION_RECORD* ExceptionRecord;
/*0x004*/ struct _CONTEXT* ContextRecord;
}EXCEPTION_POINTERS, *PEXCEPTION_POINTERS;
/*0x000*/ struct _EXCEPTION_RECORD* ExceptionRecord;
/*0x004*/ struct _CONTEXT* ContextRecord;
}EXCEPTION_POINTERS, *PEXCEPTION_POINTERS;
typedef struct _EXCEPTION_RECORD {
/*0x000*/ LONG32 ExceptionCode;
/*0x004*/ ULONG32 ExceptionFlags;
/*0x008*/ struct _EXCEPTION_RECORD* ExceptionRecord;
/*0x00C*/ VOID* ExceptionAddress;
/*0x010*/ ULONG32 NumberParameters;
/*0x014*/ ULONG32 ExceptionInformation[15];
}EXCEPTION_RECORD, *PEXCEPTION_RECORD;
/*0x000*/ LONG32 ExceptionCode;
/*0x004*/ ULONG32 ExceptionFlags;
/*0x008*/ struct _EXCEPTION_RECORD* ExceptionRecord;
/*0x00C*/ VOID* ExceptionAddress;
/*0x010*/ ULONG32 NumberParameters;
/*0x014*/ ULONG32 ExceptionInformation[15];
}EXCEPTION_RECORD, *PEXCEPTION_RECORD;
typedef struct _EXCEPTION_RECORD32 {
/*0x000*/ LONG32 ExceptionCode;
/*0x004*/ ULONG32 ExceptionFlags;
/*0x008*/ ULONG32 ExceptionRecord;
/*0x00C*/ ULONG32 ExceptionAddress;
/*0x010*/ ULONG32 NumberParameters;
/*0x014*/ ULONG32 ExceptionInformation[15];
}EXCEPTION_RECORD32, *PEXCEPTION_RECORD32;
/*0x000*/ LONG32 ExceptionCode;
/*0x004*/ ULONG32 ExceptionFlags;
/*0x008*/ ULONG32 ExceptionRecord;
/*0x00C*/ ULONG32 ExceptionAddress;
/*0x010*/ ULONG32 NumberParameters;
/*0x014*/ ULONG32 ExceptionInformation[15];
}EXCEPTION_RECORD32, *PEXCEPTION_RECORD32;
typedef struct _EXCEPTION_RECORD64 {
/*0x000*/ LONG32 ExceptionCode;
/*0x004*/ ULONG32 ExceptionFlags;
/*0x008*/ UINT64 ExceptionRecord;
/*0x010*/ UINT64 ExceptionAddress;
/*0x018*/ ULONG32 NumberParameters;
/*0x01C*/ ULONG32 __unusedAlignment;
/*0x020*/ UINT64 ExceptionInformation[15];
}EXCEPTION_RECORD64, *PEXCEPTION_RECORD64;
/*0x000*/ LONG32 ExceptionCode;
/*0x004*/ ULONG32 ExceptionFlags;
/*0x008*/ UINT64 ExceptionRecord;
/*0x010*/ UINT64 ExceptionAddress;
/*0x018*/ ULONG32 NumberParameters;
/*0x01C*/ ULONG32 __unusedAlignment;
/*0x020*/ UINT64 ExceptionInformation[15];
}EXCEPTION_RECORD64, *PEXCEPTION_RECORD64;
typedef struct _EXCEPTION_REGISTRATION_RECORD {
/*0x000*/ struct _EXCEPTION_REGISTRATION_RECORD* Next;
/*0x004*/ PVOID Handler;
}EXCEPTION_REGISTRATION_RECORD, *PEXCEPTION_REGISTRATION_RECORD;
/*0x000*/ struct _EXCEPTION_REGISTRATION_RECORD* Next;
/*0x004*/ PVOID Handler;
}EXCEPTION_REGISTRATION_RECORD, *PEXCEPTION_REGISTRATION_RECORD;
typedef struct _EX_FAST_REF {
union
{
/*0x000*/ VOID* Object;
/*0x000*/ ULONG32 RefCnt : 3;
/*0x000*/ ULONG32 Value;
};
}EX_FAST_REF, *PEX_FAST_REF;
union
{
/*0x000*/ VOID* Object;
/*0x000*/ ULONG32 RefCnt : 3;
/*0x000*/ ULONG32 Value;
};
}EX_FAST_REF, *PEX_FAST_REF;
typedef struct _EX_PUSH_LOCK {
union
{
struct
{
/*0x000*/ ULONG32 Waiting : 1;
/*0x000*/ ULONG32 Exclusive : 1;
/*0x000*/ ULONG32 Shared : 30;
};
/*0x000*/ ULONG32 Value;
/*0x000*/ VOID* Ptr;
};
}EX_PUSH_LOCK, *PEX_PUSH_LOCK;
union
{
struct
{
/*0x000*/ ULONG32 Waiting : 1;
/*0x000*/ ULONG32 Exclusive : 1;
/*0x000*/ ULONG32 Shared : 30;
};
/*0x000*/ ULONG32 Value;
/*0x000*/ VOID* Ptr;
};
}EX_PUSH_LOCK, *PEX_PUSH_LOCK;
typedef struct _EX_PUSH_LOCK_CACHE_AWARE {
/*0x000*/ struct _EX_PUSH_LOCK* Locks[1];
}EX_PUSH_LOCK_CACHE_AWARE, *PEX_PUSH_LOCK_CACHE_AWARE;
/*0x000*/ struct _EX_PUSH_LOCK* Locks[1];
}EX_PUSH_LOCK_CACHE_AWARE, *PEX_PUSH_LOCK_CACHE_AWARE;
typedef struct _EX_RUNDOWN_REF {
union
{
/*0x000*/ ULONG32 Count;
/*0x000*/ VOID* Ptr;
};
}EX_RUNDOWN_REF, *PEX_RUNDOWN_REF;
union
{
/*0x000*/ ULONG32 Count;
/*0x000*/ VOID* Ptr;
};
}EX_RUNDOWN_REF, *PEX_RUNDOWN_REF;
typedef struct _FAST_IO_DISPATCH {
/*0x000*/ ULONG32 SizeOfFastIoDispatch;
/*0x004*/ PVOID FastIoCheckIfPossible;
/*0x008*/ PVOID FastIoRead;
/*0x00C*/ PVOID FastIoWrite;
/*0x010*/ PVOID FastIoQueryBasicInfo;
/*0x014*/ PVOID FastIoQueryStandardInfo;
/*0x018*/ PVOID FastIoLock;
/*0x01C*/ PVOID FastIoUnlockSingle;
/*0x020*/ PVOID FastIoUnlockAll;
/*0x024*/ PVOID FastIoUnlockAllByKey;
/*0x028*/ PVOID FastIoDeviceControl;
/*0x02C*/ PVOID AcquireFileForNtCreateSection;
/*0x030*/ PVOID ReleaseFileForNtCreateSection;
/*0x034*/ PVOID FastIoDetachDevice;
/*0x038*/ PVOID FastIoQueryNetworkOpenInfo;
/*0x03C*/ PVOID AcquireForModWrite;
/*0x040*/ PVOID MdlRead;
/*0x044*/ PVOID MdlReadComplete;
/*0x048*/ PVOID PrepareMdlWrite;
/*0x04C*/ PVOID MdlWriteComplete;
/*0x050*/ PVOID FastIoReadCompressed;
/*0x054*/ PVOID FastIoWriteCompressed;
/*0x058*/ PVOID MdlReadCompleteCompressed;
/*0x05C*/ PVOID MdlWriteCompleteCompressed;
/*0x060*/ PVOID FastIoQueryOpen;
/*0x064*/ PVOID ReleaseForModWrite;
/*0x068*/ PVOID AcquireForCcFlush;
/*0x06C*/ PVOID ReleaseForCcFlush;
}FAST_IO_DISPATCH, *PFAST_IO_DISPATCH;
/*0x000*/ ULONG32 SizeOfFastIoDispatch;
/*0x004*/ PVOID FastIoCheckIfPossible;
/*0x008*/ PVOID FastIoRead;
/*0x00C*/ PVOID FastIoWrite;
/*0x010*/ PVOID FastIoQueryBasicInfo;
/*0x014*/ PVOID FastIoQueryStandardInfo;
/*0x018*/ PVOID FastIoLock;
/*0x01C*/ PVOID FastIoUnlockSingle;
/*0x020*/ PVOID FastIoUnlockAll;
/*0x024*/ PVOID FastIoUnlockAllByKey;
/*0x028*/ PVOID FastIoDeviceControl;
/*0x02C*/ PVOID AcquireFileForNtCreateSection;
/*0x030*/ PVOID ReleaseFileForNtCreateSection;
/*0x034*/ PVOID FastIoDetachDevice;
/*0x038*/ PVOID FastIoQueryNetworkOpenInfo;
/*0x03C*/ PVOID AcquireForModWrite;
/*0x040*/ PVOID MdlRead;
/*0x044*/ PVOID MdlReadComplete;
/*0x048*/ PVOID PrepareMdlWrite;
/*0x04C*/ PVOID MdlWriteComplete;
/*0x050*/ PVOID FastIoReadCompressed;
/*0x054*/ PVOID FastIoWriteCompressed;
/*0x058*/ PVOID MdlReadCompleteCompressed;
/*0x05C*/ PVOID MdlWriteCompleteCompressed;
/*0x060*/ PVOID FastIoQueryOpen;
/*0x064*/ PVOID ReleaseForModWrite;
/*0x068*/ PVOID AcquireForCcFlush;
/*0x06C*/ PVOID ReleaseForCcFlush;
}FAST_IO_DISPATCH, *PFAST_IO_DISPATCH;
typedef struct _FILE_BASIC_INFORMATION {
/*0x000*/ union _LARGE_INTEGER CreationTime;
/*0x008*/ union _LARGE_INTEGER LastAccessTime;
/*0x010*/ union _LARGE_INTEGER LastWriteTime;
/*0x018*/ union _LARGE_INTEGER ChangeTime;
/*0x020*/ ULONG32 FileAttributes;
/*0x024*/ UINT8 _PADDING0_[0x4];
}FILE_BASIC_INFORMATION, *PFILE_BASIC_INFORMATION;
/*0x000*/ union _LARGE_INTEGER CreationTime;
/*0x008*/ union _LARGE_INTEGER LastAccessTime;
/*0x010*/ union _LARGE_INTEGER LastWriteTime;
/*0x018*/ union _LARGE_INTEGER ChangeTime;
/*0x020*/ ULONG32 FileAttributes;
/*0x024*/ UINT8 _PADDING0_[0x4];
}FILE_BASIC_INFORMATION, *PFILE_BASIC_INFORMATION;
typedef struct _FILE_NETWORK_OPEN_INFORMATION {
/*0x000*/ union _LARGE_INTEGER CreationTime;
/*0x008*/ union _LARGE_INTEGER LastAccessTime;
/*0x010*/ union _LARGE_INTEGER LastWriteTime;
/*0x018*/ union _LARGE_INTEGER ChangeTime;
/*0x020*/ union _LARGE_INTEGER AllocationSize;
/*0x028*/ union _LARGE_INTEGER EndOfFile;
/*0x030*/ ULONG32 FileAttributes;
/*0x034*/ UINT8 _PADDING0_[0x4];
}FILE_NETWORK_OPEN_INFORMATION, *PFILE_NETWORK_OPEN_INFORMATION;
/*0x000*/ union _LARGE_INTEGER CreationTime;
/*0x008*/ union _LARGE_INTEGER LastAccessTime;
/*0x010*/ union _LARGE_INTEGER LastWriteTime;
/*0x018*/ union _LARGE_INTEGER ChangeTime;
/*0x020*/ union _LARGE_INTEGER AllocationSize;
/*0x028*/ union _LARGE_INTEGER EndOfFile;
/*0x030*/ ULONG32 FileAttributes;
/*0x034*/ UINT8 _PADDING0_[0x4];
}FILE_NETWORK_OPEN_INFORMATION, *PFILE_NETWORK_OPEN_INFORMATION;
typedef struct _FILE_STANDARD_INFORMATION {
/*0x000*/ union _LARGE_INTEGER AllocationSize;
/*0x008*/ union _LARGE_INTEGER EndOfFile;
/*0x010*/ ULONG32 NumberOfLinks;
/*0x014*/ UINT8 DeletePending;
/*0x015*/ UINT8 Directory;
/*0x016*/ UINT8 _PADDING0_[0x2];
}FILE_STANDARD_INFORMATION, *PFILE_STANDARD_INFORMATION;
/*0x000*/ union _LARGE_INTEGER AllocationSize;
/*0x008*/ union _LARGE_INTEGER EndOfFile;
/*0x010*/ ULONG32 NumberOfLinks;
/*0x014*/ UINT8 DeletePending;
/*0x015*/ UINT8 Directory;
/*0x016*/ UINT8 _PADDING0_[0x2];
}FILE_STANDARD_INFORMATION, *PFILE_STANDARD_INFORMATION;
typedef struct _flags {
/*0x000*/ UINT8 Removable;
}flags, *Pflags;
/*0x000*/ UINT8 Removable;
}flags, *Pflags;
typedef struct _FLOATING_SAVE_AREA {
/*0x000*/ ULONG32 ControlWord;
/*0x004*/ ULONG32 StatusWord;
/*0x008*/ ULONG32 TagWord;
/*0x00C*/ ULONG32 ErrorOffset;
/*0x010*/ ULONG32 ErrorSelector;
/*0x014*/ ULONG32 DataOffset;
/*0x018*/ ULONG32 DataSelector;
/*0x01C*/ UINT8 RegisterArea[80];
/*0x06C*/ ULONG32 Cr0NpxState;
}FLOATING_SAVE_AREA, *PFLOATING_SAVE_AREA;
/*0x000*/ ULONG32 ControlWord;
/*0x004*/ ULONG32 StatusWord;
/*0x008*/ ULONG32 TagWord;
/*0x00C*/ ULONG32 ErrorOffset;
/*0x010*/ ULONG32 ErrorSelector;
/*0x014*/ ULONG32 DataOffset;
/*0x018*/ ULONG32 DataSelector;
/*0x01C*/ UINT8 RegisterArea[80];
/*0x06C*/ ULONG32 Cr0NpxState;
}FLOATING_SAVE_AREA, *PFLOATING_SAVE_AREA;
typedef struct _FNSAVE_FORMAT {
/*0x000*/ ULONG32 ControlWord;
/*0x004*/ ULONG32 StatusWord;
/*0x008*/ ULONG32 TagWord;
/*0x00C*/ ULONG32 ErrorOffset;
/*0x010*/ ULONG32 ErrorSelector;
/*0x014*/ ULONG32 DataOffset;
/*0x018*/ ULONG32 DataSelector;
/*0x01C*/ UINT8 RegisterArea[80];
}FNSAVE_FORMAT, *PFNSAVE_FORMAT;
/*0x000*/ ULONG32 ControlWord;
/*0x004*/ ULONG32 StatusWord;
/*0x008*/ ULONG32 TagWord;
/*0x00C*/ ULONG32 ErrorOffset;
/*0x010*/ ULONG32 ErrorSelector;
/*0x014*/ ULONG32 DataOffset;
/*0x018*/ ULONG32 DataSelector;
/*0x01C*/ UINT8 RegisterArea[80];
}FNSAVE_FORMAT, *PFNSAVE_FORMAT;
typedef struct _FS_FILTER_CALLBACKS {
/*0x000*/ ULONG32 SizeOfFsFilterCallbacks;
/*0x004*/ ULONG32 Reserved;
/*0x008*/ PVOID PreAcquireForSectionSynchronization;
/*0x00C*/ PVOID PostAcquireForSectionSynchronization;
/*0x010*/ PVOID PreReleaseForSectionSynchronization;
/*0x014*/ PVOID PostReleaseForSectionSynchronization;
/*0x018*/ PVOID PreAcquireForCcFlush;
/*0x01C*/ PVOID PostAcquireForCcFlush;
/*0x020*/ PVOID PreReleaseForCcFlush;
/*0x024*/ PVOID PostReleaseForCcFlush;
/*0x028*/ PVOID PreAcquireForModifiedPageWriter;
/*0x02C*/ PVOID PostAcquireForModifiedPageWriter;
/*0x030*/ PVOID PreReleaseForModifiedPageWriter;
/*0x034*/ PVOID PostReleaseForModifiedPageWriter;
}FS_FILTER_CALLBACKS, *PFS_FILTER_CALLBACKS;
/*0x000*/ ULONG32 SizeOfFsFilterCallbacks;
/*0x004*/ ULONG32 Reserved;
/*0x008*/ PVOID PreAcquireForSectionSynchronization;
/*0x00C*/ PVOID PostAcquireForSectionSynchronization;
/*0x010*/ PVOID PreReleaseForSectionSynchronization;
/*0x014*/ PVOID PostReleaseForSectionSynchronization;
/*0x018*/ PVOID PreAcquireForCcFlush;
/*0x01C*/ PVOID PostAcquireForCcFlush;
/*0x020*/ PVOID PreReleaseForCcFlush;
/*0x024*/ PVOID PostReleaseForCcFlush;
/*0x028*/ PVOID PreAcquireForModifiedPageWriter;
/*0x02C*/ PVOID PostAcquireForModifiedPageWriter;
/*0x030*/ PVOID PreReleaseForModifiedPageWriter;
/*0x034*/ PVOID PostReleaseForModifiedPageWriter;
}FS_FILTER_CALLBACKS, *PFS_FILTER_CALLBACKS;
//Add by [email protected], refer to http://ddk.h16.ru/index.php?BID=4&PID=204
typedef union _FS_FILTER_PARAMETERS {
struct {
union _LARGE_INTEGER* EndingOffset;
} AcquireForModifiedPageWriter;
struct {
struct _ERESOURCE* ResourceToRelease;
} ReleaseForModifiedPageWriter;
struct {
enum _FS_FILTER_SECTION_SYNC_TYPE SyncType;
ULONG PageProtection;
} AcquireForSectionSynchronization;
struct {
PVOID Argument1;
PVOID Argument2;
PVOID Argument3;
PVOID Argument4;
PVOID Argument5;
} Others;
} FS_FILTER_PARAMETERS, *PFS_FILTER_PARAMETERS;
typedef union _FS_FILTER_PARAMETERS {
struct {
union _LARGE_INTEGER* EndingOffset;
} AcquireForModifiedPageWriter;
struct {
struct _ERESOURCE* ResourceToRelease;
} ReleaseForModifiedPageWriter;
struct {
enum _FS_FILTER_SECTION_SYNC_TYPE SyncType;
ULONG PageProtection;
} AcquireForSectionSynchronization;
struct {
PVOID Argument1;
PVOID Argument2;
PVOID Argument3;
PVOID Argument4;
PVOID Argument5;
} Others;
} FS_FILTER_PARAMETERS, *PFS_FILTER_PARAMETERS;
typedef struct _FS_FILTER_CALLBACK_DATA {
/*0x000*/ ULONG32 SizeOfFsFilterCallbackData;
/*0x004*/ UINT8 Operation;
/*0x005*/ UINT8 Reserved;
/*0x006*/ UINT8 _PADDING0_[0x2];
/*0x008*/ struct _DEVICE_OBJECT* DeviceObject;
/*0x00C*/ struct _FILE_OBJECT* FileObject;
/*0x010*/ union _FS_FILTER_PARAMETERS Parameters;
}FS_FILTER_CALLBACK_DATA, *PFS_FILTER_CALLBACK_DATA;
/*0x000*/ ULONG32 SizeOfFsFilterCallbackData;
/*0x004*/ UINT8 Operation;
/*0x005*/ UINT8 Reserved;
/*0x006*/ UINT8 _PADDING0_[0x2];
/*0x008*/ struct _DEVICE_OBJECT* DeviceObject;
/*0x00C*/ struct _FILE_OBJECT* FileObject;
/*0x010*/ union _FS_FILTER_PARAMETERS Parameters;
}FS_FILTER_CALLBACK_DATA, *PFS_FILTER_CALLBACK_DATA;
typedef struct _FXSAVE_FORMAT {
/*0x000*/ UINT16 ControlWord;
/*0x002*/ UINT16 StatusWord;
/*0x004*/ UINT16 TagWord;
/*0x006*/ UINT16 ErrorOpcode;
/*0x008*/ ULONG32 ErrorOffset;
/*0x00C*/ ULONG32 ErrorSelector;
/*0x010*/ ULONG32 DataOffset;
/*0x014*/ ULONG32 DataSelector;
/*0x018*/ ULONG32 MXCsr;
/*0x01C*/ ULONG32 MXCsrMask;
/*0x020*/ UINT8 RegisterArea[128];
/*0x0A0*/ UINT8 Reserved3[128];
/*0x120*/ UINT8 Reserved4[224];
/*0x200*/ UINT8 Align16Byte[8];
}FXSAVE_FORMAT, *PFXSAVE_FORMAT;
/*0x000*/ UINT16 ControlWord;
/*0x002*/ UINT16 StatusWord;
/*0x004*/ UINT16 TagWord;
/*0x006*/ UINT16 ErrorOpcode;
/*0x008*/ ULONG32 ErrorOffset;
/*0x00C*/ ULONG32 ErrorSelector;
/*0x010*/ ULONG32 DataOffset;
/*0x014*/ ULONG32 DataSelector;
/*0x018*/ ULONG32 MXCsr;
/*0x01C*/ ULONG32 MXCsrMask;
/*0x020*/ UINT8 RegisterArea[128];
/*0x0A0*/ UINT8 Reserved3[128];
/*0x120*/ UINT8 Reserved4[224];
/*0x200*/ UINT8 Align16Byte[8];
}FXSAVE_FORMAT, *PFXSAVE_FORMAT;
typedef struct _GDI_TEB_BATCH {
/*0x000*/ ULONG32 Offset;
/*0x004*/ ULONG32 HDC;
/*0x008*/ ULONG32 Buffer[310];
}GDI_TEB_BATCH, *PGDI_TEB_BATCH;
/*0x000*/ ULONG32 Offset;
/*0x004*/ ULONG32 HDC;
/*0x008*/ ULONG32 Buffer[310];
}GDI_TEB_BATCH, *PGDI_TEB_BATCH;
typedef struct _GENERIC_MAPPING {
/*0x000*/ ULONG32 GenericRead;
/*0x004*/ ULONG32 GenericWrite;
/*0x008*/ ULONG32 GenericExecute;
/*0x00C*/ ULONG32 GenericAll;
}GENERIC_MAPPING, *PGENERIC_MAPPING;
/*0x000*/ ULONG32 GenericRead;
/*0x004*/ ULONG32 GenericWrite;
/*0x008*/ ULONG32 GenericExecute;
/*0x00C*/ ULONG32 GenericAll;
}GENERIC_MAPPING, *PGENERIC_MAPPING;
typedef struct _GUID {
/*0x000*/ ULONG32 Data1;
/*0x004*/ UINT16 Data2;
/*0x006*/ UINT16 Data3;
/*0x008*/ UINT8 Data4[8];
}GUID, *PGUID;
/*0x000*/ ULONG32 Data1;
/*0x004*/ UINT16 Data2;
/*0x006*/ UINT16 Data3;
/*0x008*/ UINT8 Data4[8];
}GUID, *PGUID;
typedef struct _HANDLE_TABLE_ENTRY {
union
{
/*0x000*/ VOID* Object;
/*0x000*/ ULONG32 ObAttributes;
/*0x000*/ struct _HANDLE_TABLE_ENTRY_INFO* InfoTable;
/*0x000*/ ULONG32 Value;
};
union
{
/*0x004*/ ULONG32 GrantedAccess;
struct
{
/*0x004*/ UINT16 GrantedAccessIndex;
/*0x006*/ UINT16 CreatorBackTraceIndex;
};
/*0x004*/ LONG32 NextFreeTableEntry;
};
}HANDLE_TABLE_ENTRY, *PHANDLE_TABLE_ENTRY;
union
{
/*0x000*/ VOID* Object;
/*0x000*/ ULONG32 ObAttributes;
/*0x000*/ struct _HANDLE_TABLE_ENTRY_INFO* InfoTable;
/*0x000*/ ULONG32 Value;
};
union
{
/*0x004*/ ULONG32 GrantedAccess;
struct
{
/*0x004*/ UINT16 GrantedAccessIndex;
/*0x006*/ UINT16 CreatorBackTraceIndex;
};
/*0x004*/ LONG32 NextFreeTableEntry;
};
}HANDLE_TABLE_ENTRY, *PHANDLE_TABLE_ENTRY;
typedef struct _HANDLE_TABLE_ENTRY_INFO {
/*0x000*/ ULONG32 AuditMask;
}HANDLE_TABLE_ENTRY_INFO, *PHANDLE_TABLE_ENTRY_INFO;
/*0x000*/ ULONG32 AuditMask;
}HANDLE_TABLE_ENTRY_INFO, *PHANDLE_TABLE_ENTRY_INFO;
typedef struct _HARDWARE_PTE {
/*0x000*/ ULONG32 Valid : 1;
/*0x000*/ ULONG32 Write : 1;
/*0x000*/ ULONG32 Owner : 1;
/*0x000*/ ULONG32 WriteThrough : 1;
/*0x000*/ ULONG32 CacheDisable : 1;
/*0x000*/ ULONG32 Accessed : 1;
/*0x000*/ ULONG32 Dirty : 1;
/*0x000*/ ULONG32 LargePage : 1;
/*0x000*/ ULONG32 Global : 1;
/*0x000*/ ULONG32 CopyOnWrite : 1;
/*0x000*/ ULONG32 Prototype : 1;
/*0x000*/ ULONG32 reserved : 1;
/*0x000*/ ULONG32 PageFrameNumber : 20;
}HARDWARE_PTE, *PHARDWARE_PTE;
/*0x000*/ ULONG32 Valid : 1;
/*0x000*/ ULONG32 Write : 1;
/*0x000*/ ULONG32 Owner : 1;
/*0x000*/ ULONG32 WriteThrough : 1;
/*0x000*/ ULONG32 CacheDisable : 1;
/*0x000*/ ULONG32 Accessed : 1;
/*0x000*/ ULONG32 Dirty : 1;
/*0x000*/ ULONG32 LargePage : 1;
/*0x000*/ ULONG32 Global : 1;
/*0x000*/ ULONG32 CopyOnWrite : 1;
/*0x000*/ ULONG32 Prototype : 1;
/*0x000*/ ULONG32 reserved : 1;
/*0x000*/ ULONG32 PageFrameNumber : 20;
}HARDWARE_PTE, *PHARDWARE_PTE;
typedef struct _HBASE_BLOCK {
/*0x000*/ ULONG32 Signature;
/*0x004*/ ULONG32 Sequence1;
/*0x008*/ ULONG32 Sequence2;
/*0x00C*/ union _LARGE_INTEGER TimeStamp;
/*0x014*/ ULONG32 Major;
/*0x018*/ ULONG32 Minor;
/*0x01C*/ ULONG32 Type;
/*0x020*/ ULONG32 Format;
/*0x024*/ ULONG32 RootCell;
/*0x028*/ ULONG32 Length;
/*0x02C*/ ULONG32 Cluster;
/*0x030*/ UINT8 FileName[64];
/*0x070*/ ULONG32 Reserved1[99];
/*0x1FC*/ ULONG32 CheckSum;
/*0x200*/ ULONG32 Reserved2[894];
/*0xFF8*/ ULONG32 BootType;
/*0xFFC*/ ULONG32 BootRecover;
}HBASE_BLOCK, *PHBASE_BLOCK;
/*0x000*/ ULONG32 Signature;
/*0x004*/ ULONG32 Sequence1;
/*0x008*/ ULONG32 Sequence2;
/*0x00C*/ union _LARGE_INTEGER TimeStamp;
/*0x014*/ ULONG32 Major;
/*0x018*/ ULONG32 Minor;
/*0x01C*/ ULONG32 Type;
/*0x020*/ ULONG32 Format;
/*0x024*/ ULONG32 RootCell;
/*0x028*/ ULONG32 Length;
/*0x02C*/ ULONG32 Cluster;
/*0x030*/ UINT8 FileName[64];
/*0x070*/ ULONG32 Reserved1[99];
/*0x1FC*/ ULONG32 CheckSum;
/*0x200*/ ULONG32 Reserved2[894];
/*0xFF8*/ ULONG32 BootType;
/*0xFFC*/ ULONG32 BootRecover;
}HBASE_BLOCK, *PHBASE_BLOCK;
typedef struct _HEAP_ENTRY {
union
{
struct
{
/*0x000*/ UINT16 Size;
/*0x002*/ UINT16 PreviousSize;
};
/*0x000*/ VOID* SubSegmentCode;
};
/*0x004*/ UINT8 SmallTagIndex;
/*0x005*/ UINT8 Flags;
/*0x006*/ UINT8 UnusedBytes;
/*0x007*/ UINT8 SegmentIndex;
}HEAP_ENTRY, *PHEAP_ENTRY;
union
{
struct
{
/*0x000*/ UINT16 Size;
/*0x002*/ UINT16 PreviousSize;
};
/*0x000*/ VOID* SubSegmentCode;
};
/*0x004*/ UINT8 SmallTagIndex;
/*0x005*/ UINT8 Flags;
/*0x006*/ UINT8 UnusedBytes;
/*0x007*/ UINT8 SegmentIndex;
}HEAP_ENTRY, *PHEAP_ENTRY;
typedef struct _HEAP_ENTRY_EXTRA {
union
{
struct
{
/*0x000*/ UINT16 AllocatorBackTraceIndex;
/*0x002*/ UINT16 TagIndex;
/*0x004*/ ULONG32 Settable;
};
/*0x000*/ UINT64 ZeroInit;
};
}HEAP_ENTRY_EXTRA, *PHEAP_ENTRY_EXTRA;
union
{
struct
{
/*0x000*/ UINT16 AllocatorBackTraceIndex;
/*0x002*/ UINT16 TagIndex;
/*0x004*/ ULONG32 Settable;
};
/*0x000*/ UINT64 ZeroInit;
};
}HEAP_ENTRY_EXTRA, *PHEAP_ENTRY_EXTRA;
typedef struct _HEAP_FREE_ENTRY_EXTRA {
/*0x000*/ UINT16 TagIndex;
/*0x002*/ UINT16 FreeBackTraceIndex;
}HEAP_FREE_ENTRY_EXTRA, *PHEAP_FREE_ENTRY_EXTRA;
/*0x000*/ UINT16 TagIndex;
/*0x002*/ UINT16 FreeBackTraceIndex;
}HEAP_FREE_ENTRY_EXTRA, *PHEAP_FREE_ENTRY_EXTRA;
typedef struct _HEAP_LOOKASIDE {
/*0x000*/ union _SLIST_HEADER ListHead;
/*0x008*/ UINT16 Depth;
/*0x00A*/ UINT16 MaximumDepth;
/*0x00C*/ ULONG32 TotalAllocates;
/*0x010*/ ULONG32 AllocateMisses;
/*0x014*/ ULONG32 TotalFrees;
/*0x018*/ ULONG32 FreeMisses;
/*0x01C*/ ULONG32 LastTotalAllocates;
/*0x020*/ ULONG32 LastAllocateMisses;
/*0x024*/ ULONG32 Counters[2];
/*0x02C*/ UINT8 _PADDING0_[0x4];
}HEAP_LOOKASIDE, *PHEAP_LOOKASIDE;
/*0x000*/ union _SLIST_HEADER ListHead;
/*0x008*/ UINT16 Depth;
/*0x00A*/ UINT16 MaximumDepth;
/*0x00C*/ ULONG32 TotalAllocates;
/*0x010*/ ULONG32 AllocateMisses;
/*0x014*/ ULONG32 TotalFrees;
/*0x018*/ ULONG32 FreeMisses;
/*0x01C*/ ULONG32 LastTotalAllocates;
/*0x020*/ ULONG32 LastAllocateMisses;
/*0x024*/ ULONG32 Counters[2];
/*0x02C*/ UINT8 _PADDING0_[0x4];
}HEAP_LOOKASIDE, *PHEAP_LOOKASIDE;
typedef struct _HEAP_PSEUDO_TAG_ENTRY {
/*0x000*/ ULONG32 Allocs;
/*0x004*/ ULONG32 Frees;
/*0x008*/ ULONG32 Size;
}HEAP_PSEUDO_TAG_ENTRY, *PHEAP_PSEUDO_TAG_ENTRY;
/*0x000*/ ULONG32 Allocs;
/*0x004*/ ULONG32 Frees;
/*0x008*/ ULONG32 Size;
}HEAP_PSEUDO_TAG_ENTRY, *PHEAP_PSEUDO_TAG_ENTRY;
typedef struct _HEAP_STOP_ON_TAG {
union
{
/*0x000*/ ULONG32 HeapAndTagIndex;
struct
{
/*0x000*/ UINT16 TagIndex;
/*0x002*/ UINT16 HeapIndex;
};
};
}HEAP_STOP_ON_TAG, *PHEAP_STOP_ON_TAG;
union
{
/*0x000*/ ULONG32 HeapAndTagIndex;
struct
{
/*0x000*/ UINT16 TagIndex;
/*0x002*/ UINT16 HeapIndex;
};
};
}HEAP_STOP_ON_TAG, *PHEAP_STOP_ON_TAG;
typedef struct _HEAP_TAG_ENTRY {
/*0x000*/ ULONG32 Allocs;
/*0x004*/ ULONG32 Frees;
/*0x008*/ ULONG32 Size;
/*0x00C*/ UINT16 TagIndex;
/*0x00E*/ UINT16 CreatorBackTraceIndex;
/*0x010*/ UINT16 TagName[24];
}HEAP_TAG_ENTRY, *PHEAP_TAG_ENTRY;
/*0x000*/ ULONG32 Allocs;
/*0x004*/ ULONG32 Frees;
/*0x008*/ ULONG32 Size;
/*0x00C*/ UINT16 TagIndex;
/*0x00E*/ UINT16 CreatorBackTraceIndex;
/*0x010*/ UINT16 TagName[24];
}HEAP_TAG_ENTRY, *PHEAP_TAG_ENTRY;
typedef struct _HEAP_UCR_SEGMENT {
/*0x000*/ struct _HEAP_UCR_SEGMENT* Next;
/*0x004*/ ULONG32 ReservedSize;
/*0x008*/ ULONG32 CommittedSize;
/*0x00C*/ ULONG32 filler;
}HEAP_UCR_SEGMENT, *PHEAP_UCR_SEGMENT;
/*0x000*/ struct _HEAP_UCR_SEGMENT* Next;
/*0x004*/ ULONG32 ReservedSize;
/*0x008*/ ULONG32 CommittedSize;
/*0x00C*/ ULONG32 filler;
}HEAP_UCR_SEGMENT, *PHEAP_UCR_SEGMENT;
typedef struct _HEAP_UNCOMMMTTED_RANGE {
/*0x000*/ struct _HEAP_UNCOMMMTTED_RANGE* Next;
/*0x004*/ ULONG32 Address;
/*0x008*/ ULONG32 Size;
/*0x00C*/ ULONG32 filler;
}HEAP_UNCOMMMTTED_RANGE, *PHEAP_UNCOMMMTTED_RANGE;
/*0x000*/ struct _HEAP_UNCOMMMTTED_RANGE* Next;
/*0x004*/ ULONG32 Address;
/*0x008*/ ULONG32 Size;
/*0x00C*/ ULONG32 filler;
}HEAP_UNCOMMMTTED_RANGE, *PHEAP_UNCOMMMTTED_RANGE;
typedef struct _HIVE_LIST_ENTRY {
/*0x000*/ UINT16* Name;
/*0x004*/ UINT16* BaseName;
/*0x008*/ struct _CMHIVE* CmHive;
/*0x00C*/ ULONG32 Flags;
/*0x010*/ struct _CMHIVE* CmHive2;
/*0x014*/ UINT8 ThreadFinished;
/*0x015*/ UINT8 ThreadStarted;
/*0x016*/ UINT8 Allocate;
/*0x017*/ UINT8 _PADDING0_[0x1];
}HIVE_LIST_ENTRY, *PHIVE_LIST_ENTRY;
/*0x000*/ UINT16* Name;
/*0x004*/ UINT16* BaseName;
/*0x008*/ struct _CMHIVE* CmHive;
/*0x00C*/ ULONG32 Flags;
/*0x010*/ struct _CMHIVE* CmHive2;
/*0x014*/ UINT8 ThreadFinished;
/*0x015*/ UINT8 ThreadStarted;
/*0x016*/ UINT8 Allocate;
/*0x017*/ UINT8 _PADDING0_[0x1];
}HIVE_LIST_ENTRY, *PHIVE_LIST_ENTRY;
typedef struct _HMAP_DIRECTORY {
/*0x000*/ struct _HMAP_TABLE* Directory[1024];
}HMAP_DIRECTORY, *PHMAP_DIRECTORY;
/*0x000*/ struct _HMAP_TABLE* Directory[1024];
}HMAP_DIRECTORY, *PHMAP_DIRECTORY;
typedef struct _HMAP_ENTRY {
/*0x000*/ ULONG32 BlockAddress;
/*0x004*/ ULONG32 BinAddress;
/*0x008*/ struct _CM_VIEW_OF_FILE* CmView;
/*0x00C*/ ULONG32 MemAlloc;
}HMAP_ENTRY, *PHMAP_ENTRY;
/*0x000*/ ULONG32 BlockAddress;
/*0x004*/ ULONG32 BinAddress;
/*0x008*/ struct _CM_VIEW_OF_FILE* CmView;
/*0x00C*/ ULONG32 MemAlloc;
}HMAP_ENTRY, *PHMAP_ENTRY;
typedef struct _IA64_DBGKD_CONTROL_SET {
/*0x000*/ ULONG32 Continue;
/*0x004*/ UINT64 CurrentSymbolStart;
/*0x00C*/ UINT64 CurrentSymbolEnd;
}IA64_DBGKD_CONTROL_SET, *PIA64_DBGKD_CONTROL_SET;
/*0x000*/ ULONG32 Continue;
/*0x004*/ UINT64 CurrentSymbolStart;
/*0x00C*/ UINT64 CurrentSymbolEnd;
}IA64_DBGKD_CONTROL_SET, *PIA64_DBGKD_CONTROL_SET;
typedef struct _IMAGE_DATA_DIRECTORY {
/*0x000*/ ULONG32 VirtualAddress;
/*0x004*/ ULONG32 Size;
}IMAGE_DATA_DIRECTORY, *PIMAGE_DATA_DIRECTORY;
/*0x000*/ ULONG32 VirtualAddress;
/*0x004*/ ULONG32 Size;
}IMAGE_DATA_DIRECTORY, *PIMAGE_DATA_DIRECTORY;
typedef struct _IMAGE_DEBUG_DIRECTORY {
/*0x000*/ ULONG32 Characteristics;
/*0x004*/ ULONG32 TimeDateStamp;
/*0x008*/ UINT16 MajorVersion;
/*0x00A*/ UINT16 MinorVersion;
/*0x00C*/ ULONG32 Type;
/*0x010*/ ULONG32 SizeOfData;
/*0x014*/ ULONG32 AddressOfRawData;
/*0x018*/ ULONG32 PointerToRawData;
}IMAGE_DEBUG_DIRECTORY, *PIMAGE_DEBUG_DIRECTORY;
/*0x000*/ ULONG32 Characteristics;
/*0x004*/ ULONG32 TimeDateStamp;
/*0x008*/ UINT16 MajorVersion;
/*0x00A*/ UINT16 MinorVersion;
/*0x00C*/ ULONG32 Type;
/*0x010*/ ULONG32 SizeOfData;
/*0x014*/ ULONG32 AddressOfRawData;
/*0x018*/ ULONG32 PointerToRawData;
}IMAGE_DEBUG_DIRECTORY, *PIMAGE_DEBUG_DIRECTORY;
typedef struct _IMAGE_DOS_HEADER {
/*0x000*/ UINT16 e_magic;
/*0x002*/ UINT16 e_cblp;
/*0x004*/ UINT16 e_cp;
/*0x006*/ UINT16 e_crlc;
/*0x008*/ UINT16 e_cparhdr;
/*0x00A*/ UINT16 e_minalloc;
/*0x00C*/ UINT16 e_maxalloc;
/*0x00E*/ UINT16 e_ss;
/*0x010*/ UINT16 e_sp;
/*0x012*/ UINT16 e_csum;
/*0x014*/ UINT16 e_ip;
/*0x016*/ UINT16 e_cs;
/*0x018*/ UINT16 e_lfarlc;
/*0x01A*/ UINT16 e_ovno;
/*0x01C*/ UINT16 e_res[4];
/*0x024*/ UINT16 e_oemid;
/*0x026*/ UINT16 e_oeminfo;
/*0x028*/ UINT16 e_res2[10];
/*0x03C*/ LONG32 e_lfanew;
}IMAGE_DOS_HEADER, *PIMAGE_DOS_HEADER;
/*0x000*/ UINT16 e_magic;
/*0x002*/ UINT16 e_cblp;
/*0x004*/ UINT16 e_cp;
/*0x006*/ UINT16 e_crlc;
/*0x008*/ UINT16 e_cparhdr;
/*0x00A*/ UINT16 e_minalloc;
/*0x00C*/ UINT16 e_maxalloc;
/*0x00E*/ UINT16 e_ss;
/*0x010*/ UINT16 e_sp;
/*0x012*/ UINT16 e_csum;
/*0x014*/ UINT16 e_ip;
/*0x016*/ UINT16 e_cs;
/*0x018*/ UINT16 e_lfarlc;
/*0x01A*/ UINT16 e_ovno;
/*0x01C*/ UINT16 e_res[4];
/*0x024*/ UINT16 e_oemid;
/*0x026*/ UINT16 e_oeminfo;
/*0x028*/ UINT16 e_res2[10];
/*0x03C*/ LONG32 e_lfanew;
}IMAGE_DOS_HEADER, *PIMAGE_DOS_HEADER;
typedef struct _IMAGE_FILE_HEADER {
/*0x000*/ UINT16 Machine;
/*0x002*/ UINT16 NumberOfSections;
/*0x004*/ ULONG32 TimeDateStamp;
/*0x008*/ ULONG32 PointerToSymbolTable;
/*0x00C*/ ULONG32 NumberOfSymbols;
/*0x010*/ UINT16 SizeOfOptionalHeader;
/*0x012*/ UINT16 Characteristics;
}IMAGE_FILE_HEADER, *PIMAGE_FILE_HEADER;
/*0x000*/ UINT16 Machine;
/*0x002*/ UINT16 NumberOfSections;
/*0x004*/ ULONG32 TimeDateStamp;
/*0x008*/ ULONG32 PointerToSymbolTable;
/*0x00C*/ ULONG32 NumberOfSymbols;
/*0x010*/ UINT16 SizeOfOptionalHeader;
/*0x012*/ UINT16 Characteristics;
}IMAGE_FILE_HEADER, *PIMAGE_FILE_HEADER;
typedef struct _IMAGE_ROM_OPTIONAL_HEADER {
/*0x000*/ UINT16 Magic;
/*0x002*/ UINT8 MajorLinkerVersion;
/*0x003*/ UINT8 MinorLinkerVersion;
/*0x004*/ ULONG32 SizeOfCode;
/*0x008*/ ULONG32 SizeOfInitializedData;
/*0x00C*/ ULONG32 SizeOfUninitializedData;
/*0x010*/ ULONG32 AddressOfEntryPoint;
/*0x014*/ ULONG32 BaseOfCode;
/*0x018*/ ULONG32 BaseOfData;
/*0x01C*/ ULONG32 BaseOfBss;
/*0x020*/ ULONG32 GprMask;
/*0x024*/ ULONG32 CprMask[4];
/*0x034*/ ULONG32 GpValue;
}IMAGE_ROM_OPTIONAL_HEADER, *PIMAGE_ROM_OPTIONAL_HEADER;
/*0x000*/ UINT16 Magic;
/*0x002*/ UINT8 MajorLinkerVersion;
/*0x003*/ UINT8 MinorLinkerVersion;
/*0x004*/ ULONG32 SizeOfCode;
/*0x008*/ ULONG32 SizeOfInitializedData;
/*0x00C*/ ULONG32 SizeOfUninitializedData;
/*0x010*/ ULONG32 AddressOfEntryPoint;
/*0x014*/ ULONG32 BaseOfCode;
/*0x018*/ ULONG32 BaseOfData;
/*0x01C*/ ULONG32 BaseOfBss;
/*0x020*/ ULONG32 GprMask;
/*0x024*/ ULONG32 CprMask[4];
/*0x034*/ ULONG32 GpValue;
}IMAGE_ROM_OPTIONAL_HEADER, *PIMAGE_ROM_OPTIONAL_HEADER;
typedef struct _IMAGE_SECTION_HEADER {
/*0x000*/ UINT8 Name[8];
union
{
/*0x008*/ ULONG32 PhysicalAddress;
/*0x008*/ ULONG32 VirtualSize;
}Misc;
/*0x00C*/ ULONG32 VirtualAddress;
/*0x010*/ ULONG32 SizeOfRawData;
/*0x014*/ ULONG32 PointerToRawData;
/*0x018*/ ULONG32 PointerToRelocations;
/*0x01C*/ ULONG32 PointerToLinenumbers;
/*0x020*/ UINT16 NumberOfRelocations;
/*0x022*/ UINT16 NumberOfLinenumbers;
/*0x024*/ ULONG32 Characteristics;
}IMAGE_SECTION_HEADER, *PIMAGE_SECTION_HEADER;
/*0x000*/ UINT8 Name[8];
union
{
/*0x008*/ ULONG32 PhysicalAddress;
/*0x008*/ ULONG32 VirtualSize;
}Misc;
/*0x00C*/ ULONG32 VirtualAddress;
/*0x010*/ ULONG32 SizeOfRawData;
/*0x014*/ ULONG32 PointerToRawData;
/*0x018*/ ULONG32 PointerToRelocations;
/*0x01C*/ ULONG32 PointerToLinenumbers;
/*0x020*/ UINT16 NumberOfRelocations;
/*0x022*/ UINT16 NumberOfLinenumbers;
/*0x024*/ ULONG32 Characteristics;
}IMAGE_SECTION_HEADER, *PIMAGE_SECTION_HEADER;
typedef struct _INTERFACE {
/*0x000*/ UINT16 Size;
/*0x002*/ UINT16 Version;
/*0x004*/ VOID* Context;
/*0x008*/ PVOID InterfaceReference;
/*0x00C*/ PVOID InterfaceDereference;
}INTERFACE, *PINTERFACE;
/*0x000*/ UINT16 Size;
/*0x002*/ UINT16 Version;
/*0x004*/ VOID* Context;
/*0x008*/ PVOID InterfaceReference;
/*0x00C*/ PVOID InterfaceDereference;
}INTERFACE, *PINTERFACE;
typedef struct _INTERLOCK_SEQ {
union
{
struct
{
/*0x000*/ UINT16 Depth;
/*0x002*/ UINT16 FreeEntryOffset;
/*0x004*/ UINT8 _PADDING0_[0x4];
};
struct
{
/*0x000*/ ULONG32 OffsetAndDepth;
/*0x004*/ ULONG32 Sequence;
};
/*0x000*/ INT64 Exchg;
};
}INTERLOCK_SEQ, *PINTERLOCK_SEQ;
union
{
struct
{
/*0x000*/ UINT16 Depth;
/*0x002*/ UINT16 FreeEntryOffset;
/*0x004*/ UINT8 _PADDING0_[0x4];
};
struct
{
/*0x000*/ ULONG32 OffsetAndDepth;
/*0x004*/ ULONG32 Sequence;
};
/*0x000*/ INT64 Exchg;
};
}INTERLOCK_SEQ, *PINTERLOCK_SEQ;
typedef struct _IO_CLIENT_EXTENSION {
/*0x000*/ struct _IO_CLIENT_EXTENSION* NextExtension;
/*0x004*/ VOID* ClientIdentificationAddress;
}IO_CLIENT_EXTENSION, *PIO_CLIENT_EXTENSION;
/*0x000*/ struct _IO_CLIENT_EXTENSION* NextExtension;
/*0x004*/ VOID* ClientIdentificationAddress;
}IO_CLIENT_EXTENSION, *PIO_CLIENT_EXTENSION;
typedef struct _IO_COMPLETION_CONTEXT {
/*0x000*/ VOID* Port;
/*0x004*/ VOID* Key;
}IO_COMPLETION_CONTEXT, *PIO_COMPLETION_CONTEXT;
/*0x000*/ VOID* Port;
/*0x004*/ VOID* Key;
}IO_COMPLETION_CONTEXT, *PIO_COMPLETION_CONTEXT;
typedef struct _IO_COUNTERS {
/*0x000*/ UINT64 ReadOperationCount;
/*0x008*/ UINT64 WriteOperationCount;
/*0x010*/ UINT64 OtherOperationCount;
/*0x018*/ UINT64 ReadTransferCount;
/*0x020*/ UINT64 WriteTransferCount;
/*0x028*/ UINT64 OtherTransferCount;
}IO_COUNTERS, *PIO_COUNTERS;
/*0x000*/ UINT64 ReadOperationCount;
/*0x008*/ UINT64 WriteOperationCount;
/*0x010*/ UINT64 OtherOperationCount;
/*0x018*/ UINT64 ReadTransferCount;
/*0x020*/ UINT64 WriteTransferCount;
/*0x028*/ UINT64 OtherTransferCount;
}IO_COUNTERS, *PIO_COUNTERS;
typedef struct _IO_RESOURCE_DESCRIPTOR {
/*0x000*/ UINT8 Option;
/*0x001*/ UINT8 Type;
/*0x002*/ UINT8 ShareDisposition;
/*0x003*/ UINT8 Spare1;
/*0x004*/ UINT16 Flags;
/*0x006*/ UINT16 Spare2;
union
{
struct
{
/*0x008*/ ULONG32 Length;
/*0x00C*/ ULONG32 Alignment;
/*0x010*/ union _LARGE_INTEGER MinimumAddress;
/*0x018*/ union _LARGE_INTEGER MaximumAddress;
}Port;
struct
{
/*0x008*/ ULONG32 Length;
/*0x00C*/ ULONG32 Alignment;
/*0x010*/ union _LARGE_INTEGER MinimumAddress;
/*0x018*/ union _LARGE_INTEGER MaximumAddress;
}Memory;
struct
{
/*0x008*/ ULONG32 MinimumVector;
/*0x00C*/ ULONG32 MaximumVector;
}Interrupt;
struct
{
/*0x008*/ ULONG32 MinimumChannel;
/*0x00C*/ ULONG32 MaximumChannel;
}Dma;
struct
{
/*0x008*/ ULONG32 Length;
/*0x00C*/ ULONG32 Alignment;
/*0x010*/ union _LARGE_INTEGER MinimumAddress;
/*0x018*/ union _LARGE_INTEGER MaximumAddress;
}Generic;
struct
{
/*0x008*/ ULONG32 Data[3];
}DevicePrivate;
struct
{
/*0x008*/ ULONG32 Length;
/*0x00C*/ ULONG32 MinBusNumber;
/*0x010*/ ULONG32 MaxBusNumber;
/*0x014*/ ULONG32 Reserved;
}BusNumber;
struct
{
/*0x008*/ ULONG32 Priority;
/*0x00C*/ ULONG32 Reserved1;
/*0x010*/ ULONG32 Reserved2;
}ConfigData;
}u;
}IO_RESOURCE_DESCRIPTOR, *PIO_RESOURCE_DESCRIPTOR;
/*0x000*/ UINT8 Option;
/*0x001*/ UINT8 Type;
/*0x002*/ UINT8 ShareDisposition;
/*0x003*/ UINT8 Spare1;
/*0x004*/ UINT16 Flags;
/*0x006*/ UINT16 Spare2;
union
{
struct
{
/*0x008*/ ULONG32 Length;
/*0x00C*/ ULONG32 Alignment;
/*0x010*/ union _LARGE_INTEGER MinimumAddress;
/*0x018*/ union _LARGE_INTEGER MaximumAddress;
}Port;
struct
{
/*0x008*/ ULONG32 Length;
/*0x00C*/ ULONG32 Alignment;
/*0x010*/ union _LARGE_INTEGER MinimumAddress;
/*0x018*/ union _LARGE_INTEGER MaximumAddress;
}Memory;
struct
{
/*0x008*/ ULONG32 MinimumVector;
/*0x00C*/ ULONG32 MaximumVector;
}Interrupt;
struct
{
/*0x008*/ ULONG32 MinimumChannel;
/*0x00C*/ ULONG32 MaximumChannel;
}Dma;
struct
{
/*0x008*/ ULONG32 Length;
/*0x00C*/ ULONG32 Alignment;
/*0x010*/ union _LARGE_INTEGER MinimumAddress;
/*0x018*/ union _LARGE_INTEGER MaximumAddress;
}Generic;
struct
{
/*0x008*/ ULONG32 Data[3];
}DevicePrivate;
struct
{
/*0x008*/ ULONG32 Length;
/*0x00C*/ ULONG32 MinBusNumber;
/*0x010*/ ULONG32 MaxBusNumber;
/*0x014*/ ULONG32 Reserved;
}BusNumber;
struct
{
/*0x008*/ ULONG32 Priority;
/*0x00C*/ ULONG32 Reserved1;
/*0x010*/ ULONG32 Reserved2;
}ConfigData;
}u;
}IO_RESOURCE_DESCRIPTOR, *PIO_RESOURCE_DESCRIPTOR;
typedef struct _IO_SECURITY_CONTEXT {
/*0x000*/ struct _SECURITY_QUALITY_OF_SERVICE* SecurityQos;
/*0x004*/ struct _ACCESS_STATE* AccessState;
/*0x008*/ ULONG32 DesiredAccess;
/*0x00C*/ ULONG32 FullCreateOptions;
}IO_SECURITY_CONTEXT, *PIO_SECURITY_CONTEXT;
/*0x000*/ struct _SECURITY_QUALITY_OF_SERVICE* SecurityQos;
/*0x004*/ struct _ACCESS_STATE* AccessState;
/*0x008*/ ULONG32 DesiredAccess;
/*0x00C*/ ULONG32 FullCreateOptions;
}IO_SECURITY_CONTEXT, *PIO_SECURITY_CONTEXT;
//Add by [email protected], refer to http://msdn.microsoft.com/en-us/library/ff559842(v=vs.85).aspx
typedef union _POWER_STATE {
SYSTEM_POWER_STATE SystemState;
DEVICE_POWER_STATE DeviceState;
}POWER_STATE, *PPOWER_STATE;
typedef struct _IO_STACK_LOCATION {
/*0x000*/ UINT8 MajorFunction;
/*0x001*/ UINT8 MinorFunction;
/*0x002*/ UINT8 Flags;
/*0x003*/ UINT8 Control;
union
{
struct
{
/*0x004*/ struct _IO_SECURITY_CONTEXT* SecurityContext;
/*0x008*/ ULONG32 Options;
/*0x00C*/ UINT16 FileAttributes;
/*0x00E*/ UINT16 ShareAccess;
/*0x010*/ ULONG32 EaLength;
}Create;
struct
{
/*0x004*/ struct _IO_SECURITY_CONTEXT* SecurityContext;
/*0x008*/ ULONG32 Options;
/*0x00C*/ UINT16 Reserved;
/*0x00E*/ UINT16 ShareAccess;
/*0x010*/ struct _NAMED_PIPE_CREATE_PARAMETERS* Parameters;
}CreatePipe;
struct
{
/*0x004*/ struct _IO_SECURITY_CONTEXT* SecurityContext;
/*0x008*/ ULONG32 Options;
/*0x00C*/ UINT16 Reserved;
/*0x00E*/ UINT16 ShareAccess;
/*0x010*/ struct _MAILSLOT_CREATE_PARAMETERS* Parameters;
}CreateMailslot;
struct
{
/*0x004*/ ULONG32 Length;
/*0x008*/ ULONG32 Key;
/*0x00C*/ union _LARGE_INTEGER ByteOffset;
}Read;
struct
{
/*0x004*/ ULONG32 Length;
/*0x008*/ ULONG32 Key;
/*0x00C*/ union _LARGE_INTEGER ByteOffset;
}Write;
struct
{
/*0x004*/ ULONG32 Length;
/*0x008*/ struct _STRING* FileName;
/*0x00C*/ enum _FILE_INFORMATION_CLASS FileInformationClass;
/*0x010*/ ULONG32 FileIndex;
}QueryDirectory;
struct
{
/*0x004*/ ULONG32 Length;
/*0x008*/ ULONG32 CompletionFilter;
}NotifyDirectory;
struct
{
/*0x004*/ ULONG32 Length;
/*0x008*/ enum _FILE_INFORMATION_CLASS FileInformationClass;
}QueryFile;
struct
{
/*0x004*/ ULONG32 Length;
/*0x008*/ enum _FILE_INFORMATION_CLASS FileInformationClass;
/*0x00C*/ struct _FILE_OBJECT* FileObject;
union
{
struct
{
/*0x010*/ UINT8 ReplaceIfExists;
/*0x011*/ UINT8 AdvanceOnly;
/*0x012*/ UINT8 _PADDING0_[0x2];
};
/*0x010*/ ULONG32 ClusterCount;
/*0x010*/ VOID* DeleteHandle;
};
}SetFile;
struct
{
/*0x004*/ ULONG32 Length;
/*0x008*/ VOID* EaList;
/*0x00C*/ ULONG32 EaListLength;
/*0x010*/ ULONG32 EaIndex;
}QueryEa;
struct
{
/*0x004*/ ULONG32 Length;
}SetEa;
struct
{
/*0x004*/ ULONG32 Length;
/*0x008*/ enum _FSINFOCLASS FsInformationClass;
}QueryVolume;
struct
{
/*0x004*/ ULONG32 Length;
/*0x008*/ enum _FSINFOCLASS FsInformationClass;
}SetVolume;
struct
{
/*0x004*/ ULONG32 OutputBufferLength;
/*0x008*/ ULONG32 InputBufferLength;
/*0x00C*/ ULONG32 FsControlCode;
/*0x010*/ VOID* Type3InputBuffer;
}FileSystemControl;
struct
{
/*0x004*/ union _LARGE_INTEGER* Length;
/*0x008*/ ULONG32 Key;
/*0x00C*/ union _LARGE_INTEGER ByteOffset;
}LockControl;
struct
{
/*0x004*/ ULONG32 OutputBufferLength;
/*0x008*/ ULONG32 InputBufferLength;
/*0x00C*/ ULONG32 IoControlCode;
/*0x010*/ VOID* Type3InputBuffer;
}DeviceIoControl;
struct
{
/*0x004*/ ULONG32 SecurityInformation;
/*0x008*/ ULONG32 Length;
}QuerySecurity;
struct
{
/*0x004*/ ULONG32 SecurityInformation;
/*0x008*/ VOID* SecurityDescriptor;
}SetSecurity;
struct
{
/*0x004*/ struct _VPB* Vpb;
/*0x008*/ struct _DEVICE_OBJECT* DeviceObject;
}MountVolume;
struct
{
/*0x004*/ struct _VPB* Vpb;
/*0x008*/ struct _DEVICE_OBJECT* DeviceObject;
}VerifyVolume;
struct
{
/*0x004*/ struct _SCSI_REQUEST_BLOCK* Srb;
}Scsi;
struct
{
/*0x004*/ ULONG32 Length;
/*0x008*/ VOID* StartSid;
/*0x00C*/ struct _FILE_GET_QUOTA_INFORMATION* SidList;
/*0x010*/ ULONG32 SidListLength;
}QueryQuota;
struct
{
/*0x004*/ ULONG32 Length;
}SetQuota;
struct
{
/*0x004*/ enum _DEVICE_RELATION_TYPE Type;
}QueryDeviceRelations;
struct
{
/*0x004*/ struct _GUID* InterfaceType;
/*0x008*/ UINT16 Size;
/*0x00A*/ UINT16 Version;
/*0x00C*/ struct _INTERFACE* Interface;
/*0x010*/ VOID* InterfaceSpecificData;
}QueryInterface;
struct
{
/*0x004*/ struct _DEVICE_CAPABILITIES* Capabilities;
}DeviceCapabilities;
struct
{
/*0x004*/ struct _IO_RESOURCE_REQUIREMENTS_LIST* IoResourceRequirementList;
}FilterResourceRequirements;
struct
{
/*0x004*/ ULONG32 WhichSpace;
/*0x008*/ VOID* Buffer;
/*0x00C*/ ULONG32 Offset;
/*0x010*/ ULONG32 Length;
}ReadWriteConfig;
struct
{
/*0x004*/ UINT8 Lock;
}SetLock;
struct
{
/*0x004*/ enum _BUS_QUERY_ID_TYPE IdType;
}QueryId;
struct
{
/*0x004*/ enum _DEVICE_TEXT_TYPE DeviceTextType;
/*0x008*/ ULONG32 LocaleId;
}QueryDeviceText;
struct
{
/*0x004*/ UINT8 InPath;
/*0x005*/ UINT8 Reserved[3];
/*0x008*/ enum _DEVICE_USAGE_NOTIFICATION_TYPE Type;
}UsageNotification;
struct
{
/*0x004*/ enum _SYSTEM_POWER_STATE PowerState;
}WaitWake;
struct
{
/*0x004*/ struct _POWER_SEQUENCE* PowerSequence;
}PowerSequence;
struct
{
/*0x004*/ ULONG32 SystemContext;
/*0x008*/ enum _POWER_STATE_TYPE Type;
/*0x00C*/ union _POWER_STATE State;
/*0x010*/ enum _POWER_ACTION ShutdownType;
}Power;
struct
{
/*0x004*/ struct _CM_RESOURCE_LIST* AllocatedResources;
/*0x008*/ struct _CM_RESOURCE_LIST* AllocatedResourcesTranslated;
}StartDevice;
struct
{
/*0x004*/ ULONG32 ProviderId;
/*0x008*/ VOID* DataPath;
/*0x00C*/ ULONG32 BufferSize;
/*0x010*/ VOID* Buffer;
}WMI;
struct
{
/*0x004*/ VOID* Argument1;
/*0x008*/ VOID* Argument2;
/*0x00C*/ VOID* Argument3;
/*0x010*/ VOID* Argument4;
}Others;
}Parameters;
/*0x014*/ struct _DEVICE_OBJECT* DeviceObject;
/*0x018*/ struct _FILE_OBJECT* FileObject;
/*0x01C*/ PVOID CompletionRoutine;
/*0x020*/ VOID* Context;
}IO_STACK_LOCATION, *PIO_STACK_LOCATION;
typedef struct _IO_STATUS_BLOCK {
union
{
/*0x000*/ LONG32 Status;
/*0x000*/ VOID* Pointer;
};
/*0x004*/ ULONG32 Information;
}IO_STATUS_BLOCK, *PIO_STATUS_BLOCK;
union
{
/*0x000*/ LONG32 Status;
/*0x000*/ VOID* Pointer;
};
/*0x004*/ ULONG32 Information;
}IO_STATUS_BLOCK, *PIO_STATUS_BLOCK;
typedef struct _KEXECUTE_OPTIONS {
/*0x000*/ UINT8 ExecuteDisable : 1;
/*0x000*/ UINT8 ExecuteEnable : 1;
/*0x000*/ UINT8 DisableThunkEmulation : 1;
/*0x000*/ UINT8 Permanent : 1;
/*0x000*/ UINT8 ExecuteDispatchEnable : 1;
/*0x000*/ UINT8 ImageDispatchEnable : 1;
/*0x000*/ UINT8 Spare : 2;
}KEXECUTE_OPTIONS, *PKEXECUTE_OPTIONS;
/*0x000*/ UINT8 ExecuteDisable : 1;
/*0x000*/ UINT8 ExecuteEnable : 1;
/*0x000*/ UINT8 DisableThunkEmulation : 1;
/*0x000*/ UINT8 Permanent : 1;
/*0x000*/ UINT8 ExecuteDispatchEnable : 1;
/*0x000*/ UINT8 ImageDispatchEnable : 1;
/*0x000*/ UINT8 Spare : 2;
}KEXECUTE_OPTIONS, *PKEXECUTE_OPTIONS;
typedef struct _KGDTENTRY {
/*0x000*/ UINT16 LimitLow;
/*0x002*/ UINT16 BaseLow;
union
{
struct
{
/*0x004*/ UINT8 BaseMid;
/*0x005*/ UINT8 Flags1;
/*0x006*/ UINT8 Flags2;
/*0x007*/ UINT8 BaseHi;
}Bytes;
struct
{
/*0x004*/ ULONG32 BaseMid : 8;
/*0x004*/ ULONG32 Type : 5;
/*0x004*/ ULONG32 Dpl : 2;
/*0x004*/ ULONG32 Pres : 1;
/*0x004*/ ULONG32 LimitHi : 4;
/*0x004*/ ULONG32 Sys : 1;
/*0x004*/ ULONG32 Reserved_0 : 1;
/*0x004*/ ULONG32 Default_Big : 1;
/*0x004*/ ULONG32 Granularity : 1;
/*0x004*/ ULONG32 BaseHi : 8;
}Bits;
}HighWord;
}KGDTENTRY, *PKGDTENTRY;
/*0x000*/ UINT16 LimitLow;
/*0x002*/ UINT16 BaseLow;
union
{
struct
{
/*0x004*/ UINT8 BaseMid;
/*0x005*/ UINT8 Flags1;
/*0x006*/ UINT8 Flags2;
/*0x007*/ UINT8 BaseHi;
}Bytes;
struct
{
/*0x004*/ ULONG32 BaseMid : 8;
/*0x004*/ ULONG32 Type : 5;
/*0x004*/ ULONG32 Dpl : 2;
/*0x004*/ ULONG32 Pres : 1;
/*0x004*/ ULONG32 LimitHi : 4;
/*0x004*/ ULONG32 Sys : 1;
/*0x004*/ ULONG32 Reserved_0 : 1;
/*0x004*/ ULONG32 Default_Big : 1;
/*0x004*/ ULONG32 Granularity : 1;
/*0x004*/ ULONG32 BaseHi : 8;
}Bits;
}HighWord;
}KGDTENTRY, *PKGDTENTRY;
typedef struct _KIDTENTRY {
/*0x000*/ UINT16 Offset;
/*0x002*/ UINT16 Selector;
/*0x004*/ UINT16 Access;
/*0x006*/ UINT16 ExtendedOffset;
}KIDTENTRY, *PKIDTENTRY;
/*0x000*/ UINT16 Offset;
/*0x002*/ UINT16 Selector;
/*0x004*/ UINT16 Access;
/*0x006*/ UINT16 ExtendedOffset;
}KIDTENTRY, *PKIDTENTRY;
typedef struct _KiIoAccessMap {
/*0x000*/ UINT8 DirectionMap[32];
/*0x020*/ UINT8 IoMap[8196];
}KiIoAccessMap, *PKiIoAccessMap;
/*0x000*/ UINT8 DirectionMap[32];
/*0x020*/ UINT8 IoMap[8196];
}KiIoAccessMap, *PKiIoAccessMap;
typedef struct _KSPIN_LOCK_QUEUE {
/*0x000*/ struct _KSPIN_LOCK_QUEUE* Next;
/*0x004*/ ULONG32* Lock;
}KSPIN_LOCK_QUEUE, *PKSPIN_LOCK_QUEUE;
/*0x000*/ struct _KSPIN_LOCK_QUEUE* Next;
/*0x004*/ ULONG32* Lock;
}KSPIN_LOCK_QUEUE, *PKSPIN_LOCK_QUEUE;
typedef struct _KSYSTEM_TIME {
/*0x000*/ ULONG32 LowPart;
/*0x004*/ LONG32 High1Time;
/*0x008*/ LONG32 High2Time;
}KSYSTEM_TIME, *PKSYSTEM_TIME;
/*0x000*/ ULONG32 LowPart;
/*0x004*/ LONG32 High1Time;
/*0x008*/ LONG32 High2Time;
}KSYSTEM_TIME, *PKSYSTEM_TIME;
typedef struct _KTRAP_FRAME {
/*0x000*/ ULONG32 DbgEbp;
/*0x004*/ ULONG32 DbgEip;
/*0x008*/ ULONG32 DbgArgMark;
/*0x00C*/ ULONG32 DbgArgPointer;
/*0x010*/ ULONG32 TempSegCs;
/*0x014*/ ULONG32 TempEsp;
/*0x018*/ ULONG32 Dr0;
/*0x01C*/ ULONG32 Dr1;
/*0x020*/ ULONG32 Dr2;
/*0x024*/ ULONG32 Dr3;
/*0x028*/ ULONG32 Dr6;
/*0x02C*/ ULONG32 Dr7;
/*0x030*/ ULONG32 SegGs;
/*0x034*/ ULONG32 SegEs;
/*0x038*/ ULONG32 SegDs;
/*0x03C*/ ULONG32 Edx;
/*0x040*/ ULONG32 Ecx;
/*0x044*/ ULONG32 Eax;
/*0x048*/ ULONG32 PreviousPreviousMode;
/*0x04C*/ struct _EXCEPTION_REGISTRATION_RECORD* ExceptionList;
/*0x050*/ ULONG32 SegFs;
/*0x054*/ ULONG32 Edi;
/*0x058*/ ULONG32 Esi;
/*0x05C*/ ULONG32 Ebx;
/*0x060*/ ULONG32 Ebp;
/*0x064*/ ULONG32 ErrCode;
/*0x068*/ ULONG32 Eip;
/*0x06C*/ ULONG32 SegCs;
/*0x070*/ ULONG32 EFlags;
/*0x074*/ ULONG32 HardwareEsp;
/*0x078*/ ULONG32 HardwareSegSs;
/*0x07C*/ ULONG32 V86Es;
/*0x080*/ ULONG32 V86Ds;
/*0x084*/ ULONG32 V86Fs;
/*0x088*/ ULONG32 V86Gs;
}KTRAP_FRAME, *PKTRAP_FRAME;
/*0x000*/ ULONG32 DbgEbp;
/*0x004*/ ULONG32 DbgEip;
/*0x008*/ ULONG32 DbgArgMark;
/*0x00C*/ ULONG32 DbgArgPointer;
/*0x010*/ ULONG32 TempSegCs;
/*0x014*/ ULONG32 TempEsp;
/*0x018*/ ULONG32 Dr0;
/*0x01C*/ ULONG32 Dr1;
/*0x020*/ ULONG32 Dr2;
/*0x024*/ ULONG32 Dr3;
/*0x028*/ ULONG32 Dr6;
/*0x02C*/ ULONG32 Dr7;
/*0x030*/ ULONG32 SegGs;
/*0x034*/ ULONG32 SegEs;
/*0x038*/ ULONG32 SegDs;
/*0x03C*/ ULONG32 Edx;
/*0x040*/ ULONG32 Ecx;
/*0x044*/ ULONG32 Eax;
/*0x048*/ ULONG32 PreviousPreviousMode;
/*0x04C*/ struct _EXCEPTION_REGISTRATION_RECORD* ExceptionList;
/*0x050*/ ULONG32 SegFs;
/*0x054*/ ULONG32 Edi;
/*0x058*/ ULONG32 Esi;
/*0x05C*/ ULONG32 Ebx;
/*0x060*/ ULONG32 Ebp;
/*0x064*/ ULONG32 ErrCode;
/*0x068*/ ULONG32 Eip;
/*0x06C*/ ULONG32 SegCs;
/*0x070*/ ULONG32 EFlags;
/*0x074*/ ULONG32 HardwareEsp;
/*0x078*/ ULONG32 HardwareSegSs;
/*0x07C*/ ULONG32 V86Es;
/*0x080*/ ULONG32 V86Ds;
/*0x084*/ ULONG32 V86Fs;
/*0x088*/ ULONG32 V86Gs;
}KTRAP_FRAME, *PKTRAP_FRAME;
typedef struct _LIST_ENTRY {
/*0x000*/ struct _LIST_ENTRY* Flink;
/*0x004*/ struct _LIST_ENTRY* Blink;
}LIST_ENTRY, *PLIST_ENTRY;
/*0x000*/ struct _LIST_ENTRY* Flink;
/*0x004*/ struct _LIST_ENTRY* Blink;
}LIST_ENTRY, *PLIST_ENTRY;
typedef struct _LIST_ENTRY32 {
/*0x000*/ ULONG32 Flink;
/*0x004*/ ULONG32 Blink;
}LIST_ENTRY32, *PLIST_ENTRY32;
/*0x000*/ ULONG32 Flink;
/*0x004*/ ULONG32 Blink;
}LIST_ENTRY32, *PLIST_ENTRY32;
typedef struct _LIST_ENTRY64 {
/*0x000*/ UINT64 Flink;
/*0x008*/ UINT64 Blink;
}LIST_ENTRY64, *PLIST_ENTRY64;
/*0x000*/ UINT64 Flink;
/*0x008*/ UINT64 Blink;
}LIST_ENTRY64, *PLIST_ENTRY64;
typedef struct _MAILSLOT_CREATE_PARAMETERS {
/*0x000*/ ULONG32 MailslotQuota;
/*0x004*/ ULONG32 MaximumMessageSize;
/*0x008*/ union _LARGE_INTEGER ReadTimeout;
/*0x010*/ UINT8 TimeoutSpecified;
/*0x011*/ UINT8 _PADDING0_[0x7];
}MAILSLOT_CREATE_PARAMETERS, *PMAILSLOT_CREATE_PARAMETERS;
/*0x000*/ ULONG32 MailslotQuota;
/*0x004*/ ULONG32 MaximumMessageSize;
/*0x008*/ union _LARGE_INTEGER ReadTimeout;
/*0x010*/ UINT8 TimeoutSpecified;
/*0x011*/ UINT8 _PADDING0_[0x7];
}MAILSLOT_CREATE_PARAMETERS, *PMAILSLOT_CREATE_PARAMETERS;
typedef struct _MDL {
/*0x000*/ struct _MDL* Next;
/*0x004*/ INT16 Size;
/*0x006*/ INT16 MdlFlags;
/*0x008*/ struct _EPROCESS* Process;
/*0x00C*/ VOID* MappedSystemVa;
/*0x010*/ VOID* StartVa;
/*0x014*/ ULONG32 ByteCount;
/*0x018*/ ULONG32 ByteOffset;
}MDL, *PMDL;
/*0x000*/ struct _MDL* Next;
/*0x004*/ INT16 Size;
/*0x006*/ INT16 MdlFlags;
/*0x008*/ struct _EPROCESS* Process;
/*0x00C*/ VOID* MappedSystemVa;
/*0x010*/ VOID* StartVa;
/*0x014*/ ULONG32 ByteCount;
/*0x018*/ ULONG32 ByteOffset;
}MDL, *PMDL;
typedef struct _MI_VERIFIER_POOL_HEADER {
/*0x000*/ ULONG32 ListIndex;
/*0x004*/ struct _MI_VERIFIER_DRIVER_ENTRY* Verifier;
}MI_VERIFIER_POOL_HEADER, *PMI_VERIFIER_POOL_HEADER;
/*0x000*/ ULONG32 ListIndex;
/*0x004*/ struct _MI_VERIFIER_DRIVER_ENTRY* Verifier;
}MI_VERIFIER_POOL_HEADER, *PMI_VERIFIER_POOL_HEADER;
typedef struct _MMADDRESS_LIST {
/*0x000*/ ULONG32 StartVpn;
/*0x004*/ ULONG32 EndVpn;
}MMADDRESS_LIST, *PMMADDRESS_LIST;
/*0x000*/ ULONG32 StartVpn;
/*0x004*/ ULONG32 EndVpn;
}MMADDRESS_LIST, *PMMADDRESS_LIST;
typedef struct _MMCOLOR_TABLES {
/*0x000*/ ULONG32 Flink;
/*0x004*/ VOID* Blink;
/*0x008*/ ULONG32 Count;
}MMCOLOR_TABLES, *PMMCOLOR_TABLES;
/*0x000*/ ULONG32 Flink;
/*0x004*/ VOID* Blink;
/*0x008*/ ULONG32 Count;
}MMCOLOR_TABLES, *PMMCOLOR_TABLES;
typedef struct _MMEXTEND_INFO {
/*0x000*/ UINT64 CommittedSize;
/*0x008*/ ULONG32 ReferenceCount;
/*0x00C*/ UINT8 _PADDING0_[0x4];
}MMEXTEND_INFO, *PMMEXTEND_INFO;
/*0x000*/ UINT64 CommittedSize;
/*0x008*/ ULONG32 ReferenceCount;
/*0x00C*/ UINT8 _PADDING0_[0x4];
}MMEXTEND_INFO, *PMMEXTEND_INFO;
typedef struct _MMPFNENTRY {
/*0x000*/ ULONG32 Modified : 1;
/*0x000*/ ULONG32 ReadInProgress : 1;
/*0x000*/ ULONG32 WriteInProgress : 1;
/*0x000*/ ULONG32 PrototypePte : 1;
/*0x000*/ ULONG32 PageColor : 3;
/*0x000*/ ULONG32 ParityError : 1;
/*0x000*/ ULONG32 PageLocation : 3;
/*0x000*/ ULONG32 RemovalRequested : 1;
/*0x000*/ ULONG32 CacheAttribute : 2;
/*0x000*/ ULONG32 Rom : 1;
/*0x000*/ ULONG32 LockCharged : 1;
/*0x000*/ ULONG32 DontUse : 16;
}MMPFNENTRY, *PMMPFNENTRY;
/*0x000*/ ULONG32 Modified : 1;
/*0x000*/ ULONG32 ReadInProgress : 1;
/*0x000*/ ULONG32 WriteInProgress : 1;
/*0x000*/ ULONG32 PrototypePte : 1;
/*0x000*/ ULONG32 PageColor : 3;
/*0x000*/ ULONG32 ParityError : 1;
/*0x000*/ ULONG32 PageLocation : 3;
/*0x000*/ ULONG32 RemovalRequested : 1;
/*0x000*/ ULONG32 CacheAttribute : 2;
/*0x000*/ ULONG32 Rom : 1;
/*0x000*/ ULONG32 LockCharged : 1;
/*0x000*/ ULONG32 DontUse : 16;
}MMPFNENTRY, *PMMPFNENTRY;
typedef struct _MMPFNLIST {
/*0x000*/ ULONG32 Total;
/*0x004*/ enum _MMLISTS ListName;
/*0x008*/ ULONG32 Flink;
/*0x00C*/ ULONG32 Blink;
}MMPFNLIST, *PMMPFNLIST;
/*0x000*/ ULONG32 Total;
/*0x004*/ enum _MMLISTS ListName;
/*0x008*/ ULONG32 Flink;
/*0x00C*/ ULONG32 Blink;
}MMPFNLIST, *PMMPFNLIST;
typedef struct _MMPTE_HARDWARE {
/*0x000*/ ULONG32 Valid : 1;
/*0x000*/ ULONG32 Write : 1;
/*0x000*/ ULONG32 Owner : 1;
/*0x000*/ ULONG32 WriteThrough : 1;
/*0x000*/ ULONG32 CacheDisable : 1;
/*0x000*/ ULONG32 Accessed : 1;
/*0x000*/ ULONG32 Dirty : 1;
/*0x000*/ ULONG32 LargePage : 1;
/*0x000*/ ULONG32 Global : 1;
/*0x000*/ ULONG32 CopyOnWrite : 1;
/*0x000*/ ULONG32 Prototype : 1;
/*0x000*/ ULONG32 reserved : 1;
/*0x000*/ ULONG32 PageFrameNumber : 20;
}MMPTE_HARDWARE, *PMMPTE_HARDWARE;
/*0x000*/ ULONG32 Valid : 1;
/*0x000*/ ULONG32 Write : 1;
/*0x000*/ ULONG32 Owner : 1;
/*0x000*/ ULONG32 WriteThrough : 1;
/*0x000*/ ULONG32 CacheDisable : 1;
/*0x000*/ ULONG32 Accessed : 1;
/*0x000*/ ULONG32 Dirty : 1;
/*0x000*/ ULONG32 LargePage : 1;
/*0x000*/ ULONG32 Global : 1;
/*0x000*/ ULONG32 CopyOnWrite : 1;
/*0x000*/ ULONG32 Prototype : 1;
/*0x000*/ ULONG32 reserved : 1;
/*0x000*/ ULONG32 PageFrameNumber : 20;
}MMPTE_HARDWARE, *PMMPTE_HARDWARE;
typedef struct _MMPTE_LIST {
/*0x000*/ ULONG32 Valid : 1;
/*0x000*/ ULONG32 OneEntry : 1;
/*0x000*/ ULONG32 filler0 : 8;
/*0x000*/ ULONG32 Prototype : 1;
/*0x000*/ ULONG32 filler1 : 1;
/*0x000*/ ULONG32 NextEntry : 20;
}MMPTE_LIST, *PMMPTE_LIST;
/*0x000*/ ULONG32 Valid : 1;
/*0x000*/ ULONG32 OneEntry : 1;
/*0x000*/ ULONG32 filler0 : 8;
/*0x000*/ ULONG32 Prototype : 1;
/*0x000*/ ULONG32 filler1 : 1;
/*0x000*/ ULONG32 NextEntry : 20;
}MMPTE_LIST, *PMMPTE_LIST;
typedef struct _MMPTE_PROTOTYPE {
/*0x000*/ ULONG32 Valid : 1;
/*0x000*/ ULONG32 ProtoAddressLow : 7;
/*0x000*/ ULONG32 ReadOnly : 1;
/*0x000*/ ULONG32 WhichPool : 1;
/*0x000*/ ULONG32 Prototype : 1;
/*0x000*/ ULONG32 ProtoAddressHigh : 21;
}MMPTE_PROTOTYPE, *PMMPTE_PROTOTYPE;
/*0x000*/ ULONG32 Valid : 1;
/*0x000*/ ULONG32 ProtoAddressLow : 7;
/*0x000*/ ULONG32 ReadOnly : 1;
/*0x000*/ ULONG32 WhichPool : 1;
/*0x000*/ ULONG32 Prototype : 1;
/*0x000*/ ULONG32 ProtoAddressHigh : 21;
}MMPTE_PROTOTYPE, *PMMPTE_PROTOTYPE;
typedef struct _MMPTE_SOFTWARE {
/*0x000*/ ULONG32 Valid : 1;
/*0x000*/ ULONG32 PageFileLow : 4;
/*0x000*/ ULONG32 Protection : 5;
/*0x000*/ ULONG32 Prototype : 1;
/*0x000*/ ULONG32 Transition : 1;
/*0x000*/ ULONG32 PageFileHigh : 20;
}MMPTE_SOFTWARE, *PMMPTE_SOFTWARE;
/*0x000*/ ULONG32 Valid : 1;
/*0x000*/ ULONG32 PageFileLow : 4;
/*0x000*/ ULONG32 Protection : 5;
/*0x000*/ ULONG32 Prototype : 1;
/*0x000*/ ULONG32 Transition : 1;
/*0x000*/ ULONG32 PageFileHigh : 20;
}MMPTE_SOFTWARE, *PMMPTE_SOFTWARE;
typedef struct _MMPTE_SUBSECTION {
/*0x000*/ ULONG32 Valid : 1;
/*0x000*/ ULONG32 SubsectionAddressLow : 4;
/*0x000*/ ULONG32 Protection : 5;
/*0x000*/ ULONG32 Prototype : 1;
/*0x000*/ ULONG32 SubsectionAddressHigh : 20;
/*0x000*/ ULONG32 WhichPool : 1;
}MMPTE_SUBSECTION, *PMMPTE_SUBSECTION;
/*0x000*/ ULONG32 Valid : 1;
/*0x000*/ ULONG32 SubsectionAddressLow : 4;
/*0x000*/ ULONG32 Protection : 5;
/*0x000*/ ULONG32 Prototype : 1;
/*0x000*/ ULONG32 SubsectionAddressHigh : 20;
/*0x000*/ ULONG32 WhichPool : 1;
}MMPTE_SUBSECTION, *PMMPTE_SUBSECTION;
typedef struct _MMPTE_TRANSITION {
/*0x000*/ ULONG32 Valid : 1;
/*0x000*/ ULONG32 Write : 1;
/*0x000*/ ULONG32 Owner : 1;
/*0x000*/ ULONG32 WriteThrough : 1;
/*0x000*/ ULONG32 CacheDisable : 1;
/*0x000*/ ULONG32 Protection : 5;
/*0x000*/ ULONG32 Prototype : 1;
/*0x000*/ ULONG32 Transition : 1;
/*0x000*/ ULONG32 PageFrameNumber : 20;
}MMPTE_TRANSITION, *PMMPTE_TRANSITION;
/*0x000*/ ULONG32 Valid : 1;
/*0x000*/ ULONG32 Write : 1;
/*0x000*/ ULONG32 Owner : 1;
/*0x000*/ ULONG32 WriteThrough : 1;
/*0x000*/ ULONG32 CacheDisable : 1;
/*0x000*/ ULONG32 Protection : 5;
/*0x000*/ ULONG32 Prototype : 1;
/*0x000*/ ULONG32 Transition : 1;
/*0x000*/ ULONG32 PageFrameNumber : 20;
}MMPTE_TRANSITION, *PMMPTE_TRANSITION;
typedef struct _MMSECTION_FLAGS {
/*0x000*/ UINT32 BeingDeleted : 1;
/*0x000*/ UINT32 BeingCreated : 1;
/*0x000*/ UINT32 BeingPurged : 1;
/*0x000*/ UINT32 NoModifiedWriting : 1;
/*0x000*/ UINT32 FailAllIo : 1;
/*0x000*/ UINT32 Image : 1;
/*0x000*/ UINT32 Based : 1;
/*0x000*/ UINT32 File : 1;
/*0x000*/ UINT32 Networked : 1;
/*0x000*/ UINT32 NoCache : 1;
/*0x000*/ UINT32 PhysicalMemory : 1;
/*0x000*/ UINT32 CopyOnWrite : 1;
/*0x000*/ UINT32 Reserve : 1;
/*0x000*/ UINT32 Commit : 1;
/*0x000*/ UINT32 FloppyMedia : 1;
/*0x000*/ UINT32 WasPurged : 1;
/*0x000*/ UINT32 UserReference : 1;
/*0x000*/ UINT32 GlobalMemory : 1;
/*0x000*/ UINT32 DeleteOnClose : 1;
/*0x000*/ UINT32 FilePointerNull : 1;
/*0x000*/ UINT32 DebugSymbolsLoaded : 1;
/*0x000*/ UINT32 SetMappedFileIoComplete : 1;
/*0x000*/ UINT32 CollidedFlush : 1;
/*0x000*/ UINT32 NoChange : 1;
/*0x000*/ UINT32 HadUserReference : 1;
/*0x000*/ UINT32 ImageMappedInSystemSpace : 1;
/*0x000*/ UINT32 UserWritable : 1;
/*0x000*/ UINT32 Accessed : 1;
/*0x000*/ UINT32 GlobalOnlyPerSession : 1;
/*0x000*/ UINT32 Rom : 1;
/*0x000*/ UINT32 filler : 2;
}MMSECTION_FLAGS, *PMMSECTION_FLAGS;
/*0x000*/ UINT32 BeingDeleted : 1;
/*0x000*/ UINT32 BeingCreated : 1;
/*0x000*/ UINT32 BeingPurged : 1;
/*0x000*/ UINT32 NoModifiedWriting : 1;
/*0x000*/ UINT32 FailAllIo : 1;
/*0x000*/ UINT32 Image : 1;
/*0x000*/ UINT32 Based : 1;
/*0x000*/ UINT32 File : 1;
/*0x000*/ UINT32 Networked : 1;
/*0x000*/ UINT32 NoCache : 1;
/*0x000*/ UINT32 PhysicalMemory : 1;
/*0x000*/ UINT32 CopyOnWrite : 1;
/*0x000*/ UINT32 Reserve : 1;
/*0x000*/ UINT32 Commit : 1;
/*0x000*/ UINT32 FloppyMedia : 1;
/*0x000*/ UINT32 WasPurged : 1;
/*0x000*/ UINT32 UserReference : 1;
/*0x000*/ UINT32 GlobalMemory : 1;
/*0x000*/ UINT32 DeleteOnClose : 1;
/*0x000*/ UINT32 FilePointerNull : 1;
/*0x000*/ UINT32 DebugSymbolsLoaded : 1;
/*0x000*/ UINT32 SetMappedFileIoComplete : 1;
/*0x000*/ UINT32 CollidedFlush : 1;
/*0x000*/ UINT32 NoChange : 1;
/*0x000*/ UINT32 HadUserReference : 1;
/*0x000*/ UINT32 ImageMappedInSystemSpace : 1;
/*0x000*/ UINT32 UserWritable : 1;
/*0x000*/ UINT32 Accessed : 1;
/*0x000*/ UINT32 GlobalOnlyPerSession : 1;
/*0x000*/ UINT32 Rom : 1;
/*0x000*/ UINT32 filler : 2;
}MMSECTION_FLAGS, *PMMSECTION_FLAGS;
typedef struct _MMSUBSECTION_FLAGS {
/*0x000*/ UINT32 ReadOnly : 1;
/*0x000*/ UINT32 ReadWrite : 1;
/*0x000*/ UINT32 SubsectionStatic : 1;
/*0x000*/ UINT32 GlobalMemory : 1;
/*0x000*/ UINT32 Protection : 5;
/*0x000*/ UINT32 LargePages : 1;
/*0x000*/ UINT32 StartingSector4132 : 10;
/*0x000*/ UINT32 SectorEndOffset : 12;
}MMSUBSECTION_FLAGS, *PMMSUBSECTION_FLAGS;
/*0x000*/ UINT32 ReadOnly : 1;
/*0x000*/ UINT32 ReadWrite : 1;
/*0x000*/ UINT32 SubsectionStatic : 1;
/*0x000*/ UINT32 GlobalMemory : 1;
/*0x000*/ UINT32 Protection : 5;
/*0x000*/ UINT32 LargePages : 1;
/*0x000*/ UINT32 StartingSector4132 : 10;
/*0x000*/ UINT32 SectorEndOffset : 12;
}MMSUBSECTION_FLAGS, *PMMSUBSECTION_FLAGS;
typedef struct _MMSUPPORT_FLAGS {
/*0x000*/ UINT32 SessionSpace : 1;
/*0x000*/ UINT32 BeingTrimmed : 1;
/*0x000*/ UINT32 SessionLeader : 1;
/*0x000*/ UINT32 TrimHard : 1;
/*0x000*/ UINT32 WorkingSetHard : 1;
/*0x000*/ UINT32 AddressSpaceBeingDeleted : 1;
/*0x000*/ UINT32 Available : 10;
/*0x000*/ UINT32 AllowWorkingSetAdjustment : 8;
/*0x000*/ UINT32 MemoryPriority : 8;
}MMSUPPORT_FLAGS, *PMMSUPPORT_FLAGS;
/*0x000*/ UINT32 SessionSpace : 1;
/*0x000*/ UINT32 BeingTrimmed : 1;
/*0x000*/ UINT32 SessionLeader : 1;
/*0x000*/ UINT32 TrimHard : 1;
/*0x000*/ UINT32 WorkingSetHard : 1;
/*0x000*/ UINT32 AddressSpaceBeingDeleted : 1;
/*0x000*/ UINT32 Available : 10;
/*0x000*/ UINT32 AllowWorkingSetAdjustment : 8;
/*0x000*/ UINT32 MemoryPriority : 8;
}MMSUPPORT_FLAGS, *PMMSUPPORT_FLAGS;
typedef struct _MMVAD_FLAGS {
/*0x000*/ ULONG32 CommitCharge : 19;
/*0x000*/ ULONG32 PhysicalMapping : 1;
/*0x000*/ ULONG32 ImageMap : 1;
/*0x000*/ ULONG32 UserPhysicalPages : 1;
/*0x000*/ ULONG32 NoChange : 1;
/*0x000*/ ULONG32 WriteWatch : 1;
/*0x000*/ ULONG32 Protection : 5;
/*0x000*/ ULONG32 LargePages : 1;
/*0x000*/ ULONG32 MemCommit : 1;
/*0x000*/ ULONG32 PrivateMemory : 1;
}MMVAD_FLAGS, *PMMVAD_FLAGS;
/*0x000*/ ULONG32 CommitCharge : 19;
/*0x000*/ ULONG32 PhysicalMapping : 1;
/*0x000*/ ULONG32 ImageMap : 1;
/*0x000*/ ULONG32 UserPhysicalPages : 1;
/*0x000*/ ULONG32 NoChange : 1;
/*0x000*/ ULONG32 WriteWatch : 1;
/*0x000*/ ULONG32 Protection : 5;
/*0x000*/ ULONG32 LargePages : 1;
/*0x000*/ ULONG32 MemCommit : 1;
/*0x000*/ ULONG32 PrivateMemory : 1;
}MMVAD_FLAGS, *PMMVAD_FLAGS;
typedef struct _MMVAD_FLAGS2 {
/*0x000*/ UINT32 FileOffset : 24;
/*0x000*/ UINT32 SecNoChange : 1;
/*0x000*/ UINT32 OneSecured : 1;
/*0x000*/ UINT32 MultipleSecured : 1;
/*0x000*/ UINT32 ReadOnly : 1;
/*0x000*/ UINT32 LongVad : 1;
/*0x000*/ UINT32 ExtendableFile : 1;
/*0x000*/ UINT32 Inherit : 1;
/*0x000*/ UINT32 CopyOnWrite : 1;
}MMVAD_FLAGS2, *PMMVAD_FLAGS2;
/*0x000*/ UINT32 FileOffset : 24;
/*0x000*/ UINT32 SecNoChange : 1;
/*0x000*/ UINT32 OneSecured : 1;
/*0x000*/ UINT32 MultipleSecured : 1;
/*0x000*/ UINT32 ReadOnly : 1;
/*0x000*/ UINT32 LongVad : 1;
/*0x000*/ UINT32 ExtendableFile : 1;
/*0x000*/ UINT32 Inherit : 1;
/*0x000*/ UINT32 CopyOnWrite : 1;
}MMVAD_FLAGS2, *PMMVAD_FLAGS2;
typedef struct _MMVIEW {
/*0x000*/ ULONG32 Entry;
/*0x004*/ struct _CONTROL_AREA* ControlArea;
}MMVIEW, *PMMVIEW;
/*0x000*/ ULONG32 Entry;
/*0x004*/ struct _CONTROL_AREA* ControlArea;
}MMVIEW, *PMMVIEW;
typedef struct _MMWSL {
/*0x000*/ ULONG32 Quota;
/*0x004*/ ULONG32 FirstFree;
/*0x008*/ ULONG32 FirstDynamic;
/*0x00C*/ ULONG32 LastEntry;
/*0x010*/ ULONG32 NextSlot;
/*0x014*/ struct _MMWSLE* Wsle;
/*0x018*/ ULONG32 LastInitializedWsle;
/*0x01C*/ ULONG32 NonDirectCount;
/*0x020*/ struct _MMWSLE_HASH* HashTable;
/*0x024*/ ULONG32 HashTableSize;
/*0x028*/ ULONG32 NumberOfCommittedPageTables;
/*0x02C*/ VOID* HashTableStart;
/*0x030*/ VOID* HighestPermittedHashAddress;
/*0x034*/ ULONG32 NumberOfImageWaiters;
/*0x038*/ ULONG32 VadBitMapHint;
/*0x03C*/ UINT16 UsedPageTableEntries[768];
/*0x63C*/ ULONG32 CommittedPageTables[24];
}MMWSL, *PMMWSL;
/*0x000*/ ULONG32 Quota;
/*0x004*/ ULONG32 FirstFree;
/*0x008*/ ULONG32 FirstDynamic;
/*0x00C*/ ULONG32 LastEntry;
/*0x010*/ ULONG32 NextSlot;
/*0x014*/ struct _MMWSLE* Wsle;
/*0x018*/ ULONG32 LastInitializedWsle;
/*0x01C*/ ULONG32 NonDirectCount;
/*0x020*/ struct _MMWSLE_HASH* HashTable;
/*0x024*/ ULONG32 HashTableSize;
/*0x028*/ ULONG32 NumberOfCommittedPageTables;
/*0x02C*/ VOID* HashTableStart;
/*0x030*/ VOID* HighestPermittedHashAddress;
/*0x034*/ ULONG32 NumberOfImageWaiters;
/*0x038*/ ULONG32 VadBitMapHint;
/*0x03C*/ UINT16 UsedPageTableEntries[768];
/*0x63C*/ ULONG32 CommittedPageTables[24];
}MMWSL, *PMMWSL;
typedef struct _MMWSLENTRY {
/*0x000*/ ULONG32 Valid : 1;
/*0x000*/ ULONG32 LockedInWs : 1;
/*0x000*/ ULONG32 LockedInMemory : 1;
/*0x000*/ ULONG32 Protection : 5;
/*0x000*/ ULONG32 Hashed : 1;
/*0x000*/ ULONG32 Direct : 1;
/*0x000*/ ULONG32 Age : 2;
/*0x000*/ ULONG32 VirtualPageNumber : 20;
}MMWSLENTRY, *PMMWSLENTRY;
/*0x000*/ ULONG32 Valid : 1;
/*0x000*/ ULONG32 LockedInWs : 1;
/*0x000*/ ULONG32 LockedInMemory : 1;
/*0x000*/ ULONG32 Protection : 5;
/*0x000*/ ULONG32 Hashed : 1;
/*0x000*/ ULONG32 Direct : 1;
/*0x000*/ ULONG32 Age : 2;
/*0x000*/ ULONG32 VirtualPageNumber : 20;
}MMWSLENTRY, *PMMWSLENTRY;
typedef struct _MMWSLE_HASH {
/*0x000*/ VOID* Key;
/*0x004*/ ULONG32 Index;
}MMWSLE_HASH, *PMMWSLE_HASH;
/*0x000*/ VOID* Key;
/*0x004*/ ULONG32 Index;
}MMWSLE_HASH, *PMMWSLE_HASH;
typedef struct _MM_DRIVER_VERIFIER_DATA {
/*0x000*/ ULONG32 Level;
/*0x004*/ ULONG32 RaiseIrqls;
/*0x008*/ ULONG32 AcquireSpinLocks;
/*0x00C*/ ULONG32 SynchronizeExecutions;
/*0x010*/ ULONG32 AllocationsAttempted;
/*0x014*/ ULONG32 AllocationsSucceeded;
/*0x018*/ ULONG32 AllocationsSucceededSpecialPool;
/*0x01C*/ ULONG32 AllocationsWithNoTag;
/*0x020*/ ULONG32 TrimRequests;
/*0x024*/ ULONG32 Trims;
/*0x028*/ ULONG32 AllocationsFailed;
/*0x02C*/ ULONG32 AllocationsFailedDeliberately;
/*0x030*/ ULONG32 Loads;
/*0x034*/ ULONG32 Unloads;
/*0x038*/ ULONG32 UnTrackedPool;
/*0x03C*/ ULONG32 UserTrims;
/*0x040*/ ULONG32 CurrentPagedPoolAllocations;
/*0x044*/ ULONG32 CurrentNonPagedPoolAllocations;
/*0x048*/ ULONG32 PeakPagedPoolAllocations;
/*0x04C*/ ULONG32 PeakNonPagedPoolAllocations;
/*0x050*/ ULONG32 PagedBytes;
/*0x054*/ ULONG32 NonPagedBytes;
/*0x058*/ ULONG32 PeakPagedBytes;
/*0x05C*/ ULONG32 PeakNonPagedBytes;
/*0x060*/ ULONG32 BurstAllocationsFailedDeliberately;
/*0x064*/ ULONG32 SessionTrims;
/*0x068*/ ULONG32 Reserved[2];
}MM_DRIVER_VERIFIER_DATA, *PMM_DRIVER_VERIFIER_DATA;
/*0x000*/ ULONG32 Level;
/*0x004*/ ULONG32 RaiseIrqls;
/*0x008*/ ULONG32 AcquireSpinLocks;
/*0x00C*/ ULONG32 SynchronizeExecutions;
/*0x010*/ ULONG32 AllocationsAttempted;
/*0x014*/ ULONG32 AllocationsSucceeded;
/*0x018*/ ULONG32 AllocationsSucceededSpecialPool;
/*0x01C*/ ULONG32 AllocationsWithNoTag;
/*0x020*/ ULONG32 TrimRequests;
/*0x024*/ ULONG32 Trims;
/*0x028*/ ULONG32 AllocationsFailed;
/*0x02C*/ ULONG32 AllocationsFailedDeliberately;
/*0x030*/ ULONG32 Loads;
/*0x034*/ ULONG32 Unloads;
/*0x038*/ ULONG32 UnTrackedPool;
/*0x03C*/ ULONG32 UserTrims;
/*0x040*/ ULONG32 CurrentPagedPoolAllocations;
/*0x044*/ ULONG32 CurrentNonPagedPoolAllocations;
/*0x048*/ ULONG32 PeakPagedPoolAllocations;
/*0x04C*/ ULONG32 PeakNonPagedPoolAllocations;
/*0x050*/ ULONG32 PagedBytes;
/*0x054*/ ULONG32 NonPagedBytes;
/*0x058*/ ULONG32 PeakPagedBytes;
/*0x05C*/ ULONG32 PeakNonPagedBytes;
/*0x060*/ ULONG32 BurstAllocationsFailedDeliberately;
/*0x064*/ ULONG32 SessionTrims;
/*0x068*/ ULONG32 Reserved[2];
}MM_DRIVER_VERIFIER_DATA, *PMM_DRIVER_VERIFIER_DATA;
typedef struct _MM_PAGED_POOL_INFO {
/*0x000*/ struct _RTL_BITMAP* PagedPoolAllocationMap;
/*0x004*/ struct _RTL_BITMAP* EndOfPagedPoolBitmap;
/*0x008*/ struct _RTL_BITMAP* PagedPoolLargeSessionAllocationMap;
/*0x00C*/ struct _MMPTE* FirstPteForPagedPool;
/*0x010*/ struct _MMPTE* LastPteForPagedPool;
/*0x014*/ struct _MMPTE* NextPdeForPagedPoolExpansion;
/*0x018*/ ULONG32 PagedPoolHint;
/*0x01C*/ ULONG32 PagedPoolCommit;
/*0x020*/ ULONG32 AllocatedPagedPool;
}MM_PAGED_POOL_INFO, *PMM_PAGED_POOL_INFO;
/*0x000*/ struct _RTL_BITMAP* PagedPoolAllocationMap;
/*0x004*/ struct _RTL_BITMAP* EndOfPagedPoolBitmap;
/*0x008*/ struct _RTL_BITMAP* PagedPoolLargeSessionAllocationMap;
/*0x00C*/ struct _MMPTE* FirstPteForPagedPool;
/*0x010*/ struct _MMPTE* LastPteForPagedPool;
/*0x014*/ struct _MMPTE* NextPdeForPagedPoolExpansion;
/*0x018*/ ULONG32 PagedPoolHint;
/*0x01C*/ ULONG32 PagedPoolCommit;
/*0x020*/ ULONG32 AllocatedPagedPool;
}MM_PAGED_POOL_INFO, *PMM_PAGED_POOL_INFO;
typedef struct _MM_SESSION_SPACE_FLAGS {
/*0x000*/ ULONG32 Initialized : 1;
/*0x000*/ ULONG32 Filler0 : 3;
/*0x000*/ ULONG32 HasWsLock : 1;
/*0x000*/ ULONG32 DeletePending : 1;
/*0x000*/ ULONG32 Filler : 26;
}MM_SESSION_SPACE_FLAGS, *PMM_SESSION_SPACE_FLAGS;
/*0x000*/ ULONG32 Initialized : 1;
/*0x000*/ ULONG32 Filler0 : 3;
/*0x000*/ ULONG32 HasWsLock : 1;
/*0x000*/ ULONG32 DeletePending : 1;
/*0x000*/ ULONG32 Filler : 26;
}MM_SESSION_SPACE_FLAGS, *PMM_SESSION_SPACE_FLAGS;
typedef struct _NAMED_PIPE_CREATE_PARAMETERS {
/*0x000*/ ULONG32 NamedPipeType;
/*0x004*/ ULONG32 ReadMode;
/*0x008*/ ULONG32 CompletionMode;
/*0x00C*/ ULONG32 MaximumInstances;
/*0x010*/ ULONG32 InboundQuota;
/*0x014*/ ULONG32 OutboundQuota;
/*0x018*/ union _LARGE_INTEGER DefaultTimeout;
/*0x020*/ UINT8 TimeoutSpecified;
/*0x021*/ UINT8 _PADDING0_[0x7];
}NAMED_PIPE_CREATE_PARAMETERS, *PNAMED_PIPE_CREATE_PARAMETERS;
/*0x000*/ ULONG32 NamedPipeType;
/*0x004*/ ULONG32 ReadMode;
/*0x008*/ ULONG32 CompletionMode;
/*0x00C*/ ULONG32 MaximumInstances;
/*0x010*/ ULONG32 InboundQuota;
/*0x014*/ ULONG32 OutboundQuota;
/*0x018*/ union _LARGE_INTEGER DefaultTimeout;
/*0x020*/ UINT8 TimeoutSpecified;
/*0x021*/ UINT8 _PADDING0_[0x7];
}NAMED_PIPE_CREATE_PARAMETERS, *PNAMED_PIPE_CREATE_PARAMETERS;
typedef struct _NT_TIB {
/*0x000*/ struct _EXCEPTION_REGISTRATION_RECORD* ExceptionList;
/*0x004*/ VOID* StackBase;
/*0x008*/ VOID* StackLimit;
/*0x00C*/ VOID* SubSystemTib;
union
{
/*0x010*/ VOID* FiberData;
/*0x010*/ ULONG32 Version;
};
/*0x014*/ VOID* ArbitraryUserPointer;
/*0x018*/ struct _NT_TIB* Self;
}NT_TIB, *PNT_TIB;
/*0x000*/ struct _EXCEPTION_REGISTRATION_RECORD* ExceptionList;
/*0x004*/ VOID* StackBase;
/*0x008*/ VOID* StackLimit;
/*0x00C*/ VOID* SubSystemTib;
union
{
/*0x010*/ VOID* FiberData;
/*0x010*/ ULONG32 Version;
};
/*0x014*/ VOID* ArbitraryUserPointer;
/*0x018*/ struct _NT_TIB* Self;
}NT_TIB, *PNT_TIB;
typedef struct _OBJECT_ATTRIBUTES {
/*0x000*/ ULONG32 Length;
/*0x004*/ VOID* RootDirectory;
/*0x008*/ struct _UNICODE_STRING* ObjectName;
/*0x00C*/ ULONG32 Attributes;
/*0x010*/ VOID* SecurityDescriptor;
/*0x014*/ VOID* SecurityQualityOfService;
}OBJECT_ATTRIBUTES, *POBJECT_ATTRIBUTES;
/*0x000*/ ULONG32 Length;
/*0x004*/ VOID* RootDirectory;
/*0x008*/ struct _UNICODE_STRING* ObjectName;
/*0x00C*/ ULONG32 Attributes;
/*0x010*/ VOID* SecurityDescriptor;
/*0x014*/ VOID* SecurityQualityOfService;
}OBJECT_ATTRIBUTES, *POBJECT_ATTRIBUTES;
typedef struct _OBJECT_DIRECTORY_ENTRY {
/*0x000*/ struct _OBJECT_DIRECTORY_ENTRY* ChainLink;
/*0x004*/ VOID* Object;
}OBJECT_DIRECTORY_ENTRY, *POBJECT_DIRECTORY_ENTRY;
/*0x000*/ struct _OBJECT_DIRECTORY_ENTRY* ChainLink;
/*0x004*/ VOID* Object;
}OBJECT_DIRECTORY_ENTRY, *POBJECT_DIRECTORY_ENTRY;
typedef struct _OBJECT_DUMP_CONTROL {
/*0x000*/ VOID* Stream;
/*0x004*/ ULONG32 Detail;
}OBJECT_DUMP_CONTROL, *POBJECT_DUMP_CONTROL;
/*0x000*/ VOID* Stream;
/*0x004*/ ULONG32 Detail;
}OBJECT_DUMP_CONTROL, *POBJECT_DUMP_CONTROL;
typedef struct _OBJECT_HANDLE_INFORMATION {
/*0x000*/ ULONG32 HandleAttributes;
/*0x004*/ ULONG32 GrantedAccess;
}OBJECT_HANDLE_INFORMATION, *POBJECT_HANDLE_INFORMATION;
/*0x000*/ ULONG32 HandleAttributes;
/*0x004*/ ULONG32 GrantedAccess;
}OBJECT_HANDLE_INFORMATION, *POBJECT_HANDLE_INFORMATION;
typedef struct _OWNER_ENTRY {
/*0x000*/ ULONG32 OwnerThread;
union
{
/*0x004*/ LONG32 OwnerCount;
/*0x004*/ ULONG32 TableSize;
};
}OWNER_ENTRY, *POWNER_ENTRY;
/*0x000*/ ULONG32 OwnerThread;
union
{
/*0x004*/ LONG32 OwnerCount;
/*0x004*/ ULONG32 TableSize;
};
}OWNER_ENTRY, *POWNER_ENTRY;
typedef struct _PCI_BUS_INTERFACE_STANDARD {
/*0x000*/ UINT16 Size;
/*0x002*/ UINT16 Version;
/*0x004*/ VOID* Context;
/*0x008*/ PVOID InterfaceReference;
/*0x00C*/ PVOID InterfaceDereference;
/*0x010*/ PVOID ReadConfig;
/*0x014*/ PVOID WriteConfig;
/*0x018*/ PVOID PinToLine;
/*0x01C*/ PVOID LineToPin;
}PCI_BUS_INTERFACE_STANDARD, *PPCI_BUS_INTERFACE_STANDARD;
/*0x000*/ UINT16 Size;
/*0x002*/ UINT16 Version;
/*0x004*/ VOID* Context;
/*0x008*/ PVOID InterfaceReference;
/*0x00C*/ PVOID InterfaceDereference;
/*0x010*/ PVOID ReadConfig;
/*0x014*/ PVOID WriteConfig;
/*0x018*/ PVOID PinToLine;
/*0x01C*/ PVOID LineToPin;
}PCI_BUS_INTERFACE_STANDARD, *PPCI_BUS_INTERFACE_STANDARD;
typedef struct _PCI_HEADER_TYPE_0 {
/*0x000*/ ULONG32 BaseAddresses[6];
/*0x018*/ ULONG32 CIS;
/*0x01C*/ UINT16 SubVendorID;
/*0x01E*/ UINT16 SubSystemID;
/*0x020*/ ULONG32 ROMBaseAddress;
/*0x024*/ UINT8 CapabilitiesPtr;
/*0x025*/ UINT8 Reserved1[3];
/*0x028*/ ULONG32 Reserved2;
/*0x02C*/ UINT8 InterruptLine;
/*0x02D*/ UINT8 InterruptPin;
/*0x02E*/ UINT8 MinimumGrant;
/*0x02F*/ UINT8 MaximumLatency;
}PCI_HEADER_TYPE_0, *PPCI_HEADER_TYPE_0;
/*0x000*/ ULONG32 BaseAddresses[6];
/*0x018*/ ULONG32 CIS;
/*0x01C*/ UINT16 SubVendorID;
/*0x01E*/ UINT16 SubSystemID;
/*0x020*/ ULONG32 ROMBaseAddress;
/*0x024*/ UINT8 CapabilitiesPtr;
/*0x025*/ UINT8 Reserved1[3];
/*0x028*/ ULONG32 Reserved2;
/*0x02C*/ UINT8 InterruptLine;
/*0x02D*/ UINT8 InterruptPin;
/*0x02E*/ UINT8 MinimumGrant;
/*0x02F*/ UINT8 MaximumLatency;
}PCI_HEADER_TYPE_0, *PPCI_HEADER_TYPE_0;
typedef struct _PCI_HEADER_TYPE_1 {
/*0x000*/ ULONG32 BaseAddresses[2];
/*0x008*/ UINT8 PrimaryBus;
/*0x009*/ UINT8 SecondaryBus;
/*0x00A*/ UINT8 SubordinateBus;
/*0x00B*/ UINT8 SecondaryLatency;
/*0x00C*/ UINT8 IOBase;
/*0x00D*/ UINT8 IOLimit;
/*0x00E*/ UINT16 SecondaryStatus;
/*0x010*/ UINT16 MemoryBase;
/*0x012*/ UINT16 MemoryLimit;
/*0x014*/ UINT16 PrefetchBase;
/*0x016*/ UINT16 PrefetchLimit;
/*0x018*/ ULONG32 PrefetchBaseUpper32;
/*0x01C*/ ULONG32 PrefetchLimitUpper32;
/*0x020*/ UINT16 IOBaseUpper16;
/*0x022*/ UINT16 IOLimitUpper16;
/*0x024*/ UINT8 CapabilitiesPtr;
/*0x025*/ UINT8 Reserved1[3];
/*0x028*/ ULONG32 ROMBaseAddress;
/*0x02C*/ UINT8 InterruptLine;
/*0x02D*/ UINT8 InterruptPin;
/*0x02E*/ UINT16 BridgeControl;
}PCI_HEADER_TYPE_1, *PPCI_HEADER_TYPE_1;
/*0x000*/ ULONG32 BaseAddresses[2];
/*0x008*/ UINT8 PrimaryBus;
/*0x009*/ UINT8 SecondaryBus;
/*0x00A*/ UINT8 SubordinateBus;
/*0x00B*/ UINT8 SecondaryLatency;
/*0x00C*/ UINT8 IOBase;
/*0x00D*/ UINT8 IOLimit;
/*0x00E*/ UINT16 SecondaryStatus;
/*0x010*/ UINT16 MemoryBase;
/*0x012*/ UINT16 MemoryLimit;
/*0x014*/ UINT16 PrefetchBase;
/*0x016*/ UINT16 PrefetchLimit;
/*0x018*/ ULONG32 PrefetchBaseUpper32;
/*0x01C*/ ULONG32 PrefetchLimitUpper32;
/*0x020*/ UINT16 IOBaseUpper16;
/*0x022*/ UINT16 IOLimitUpper16;
/*0x024*/ UINT8 CapabilitiesPtr;
/*0x025*/ UINT8 Reserved1[3];
/*0x028*/ ULONG32 ROMBaseAddress;
/*0x02C*/ UINT8 InterruptLine;
/*0x02D*/ UINT8 InterruptPin;
/*0x02E*/ UINT16 BridgeControl;
}PCI_HEADER_TYPE_1, *PPCI_HEADER_TYPE_1;
typedef struct _PCI_INTERFACE {
/*0x000*/ struct _GUID* InterfaceType;
/*0x004*/ UINT16 MinSize;
/*0x006*/ UINT16 MinVersion;
/*0x008*/ UINT16 MaxVersion;
/*0x00A*/ UINT16 Flags;
/*0x00C*/ LONG32 ReferenceCount;
/*0x010*/ enum _PCI_SIGNATURE Signature;
/*0x014*/ PVOID Constructor;
/*0x018*/ PVOID Initializer;
}PCI_INTERFACE, *PPCI_INTERFACE;
/*0x000*/ struct _GUID* InterfaceType;
/*0x004*/ UINT16 MinSize;
/*0x006*/ UINT16 MinVersion;
/*0x008*/ UINT16 MaxVersion;
/*0x00A*/ UINT16 Flags;
/*0x00C*/ LONG32 ReferenceCount;
/*0x010*/ enum _PCI_SIGNATURE Signature;
/*0x014*/ PVOID Constructor;
/*0x018*/ PVOID Initializer;
}PCI_INTERFACE, *PPCI_INTERFACE;
typedef struct _PCI_LOCK {
/*0x000*/ ULONG32 Atom;
/*0x004*/ UINT8 OldIrql;
/*0x005*/ UINT8 _PADDING0_[0x3];
}PCI_LOCK, *PPCI_LOCK;
/*0x000*/ ULONG32 Atom;
/*0x004*/ UINT8 OldIrql;
/*0x005*/ UINT8 _PADDING0_[0x3];
}PCI_LOCK, *PPCI_LOCK;
typedef struct _PCI_MJ_DISPATCH_TABLE {
/*0x000*/ ULONG32 PnpIrpMaximumMinorFunction;
/*0x004*/ struct _PCI_MN_DISPATCH_TABLE* PnpIrpDispatchTable;
/*0x008*/ ULONG32 PowerIrpMaximumMinorFunction;
/*0x00C*/ struct _PCI_MN_DISPATCH_TABLE* PowerIrpDispatchTable;
/*0x010*/ enum _PCI_DISPATCH_STYLE SystemControlIrpDispatchStyle;
/*0x014*/ PVOID SystemControlIrpDispatchFunction;
/*0x018*/ enum _PCI_DISPATCH_STYLE OtherIrpDispatchStyle;
/*0x01C*/ PVOID OtherIrpDispatchFunction;
}PCI_MJ_DISPATCH_TABLE, *PPCI_MJ_DISPATCH_TABLE;
/*0x000*/ ULONG32 PnpIrpMaximumMinorFunction;
/*0x004*/ struct _PCI_MN_DISPATCH_TABLE* PnpIrpDispatchTable;
/*0x008*/ ULONG32 PowerIrpMaximumMinorFunction;
/*0x00C*/ struct _PCI_MN_DISPATCH_TABLE* PowerIrpDispatchTable;
/*0x010*/ enum _PCI_DISPATCH_STYLE SystemControlIrpDispatchStyle;
/*0x014*/ PVOID SystemControlIrpDispatchFunction;
/*0x018*/ enum _PCI_DISPATCH_STYLE OtherIrpDispatchStyle;
/*0x01C*/ PVOID OtherIrpDispatchFunction;
}PCI_MJ_DISPATCH_TABLE, *PPCI_MJ_DISPATCH_TABLE;
typedef struct _PCI_MN_DISPATCH_TABLE {
/*0x000*/ enum _PCI_DISPATCH_STYLE DispatchStyle;
/*0x004*/ PVOID DispatchFunction;
}PCI_MN_DISPATCH_TABLE, *PPCI_MN_DISPATCH_TABLE;
/*0x000*/ enum _PCI_DISPATCH_STYLE DispatchStyle;
/*0x004*/ PVOID DispatchFunction;
}PCI_MN_DISPATCH_TABLE, *PPCI_MN_DISPATCH_TABLE;
typedef struct _PCI_POWER_STATE {
/*0x000*/ enum _SYSTEM_POWER_STATE CurrentSystemState;
/*0x004*/ enum _DEVICE_POWER_STATE CurrentDeviceState;
/*0x008*/ enum _SYSTEM_POWER_STATE SystemWakeLevel;
/*0x00C*/ enum _DEVICE_POWER_STATE DeviceWakeLevel;
/*0x010*/ enum _DEVICE_POWER_STATE SystemStateMapping[7];
/*0x02C*/ struct _IRP* WaitWakeIrp;
/*0x030*/ PVOID SavedCancelRoutine;
/*0x034*/ LONG32 Paging;
/*0x038*/ LONG32 Hibernate;
/*0x03C*/ LONG32 CrashDump;
}PCI_POWER_STATE, *PPCI_POWER_STATE;
/*0x000*/ enum _SYSTEM_POWER_STATE CurrentSystemState;
/*0x004*/ enum _DEVICE_POWER_STATE CurrentDeviceState;
/*0x008*/ enum _SYSTEM_POWER_STATE SystemWakeLevel;
/*0x00C*/ enum _DEVICE_POWER_STATE DeviceWakeLevel;
/*0x010*/ enum _DEVICE_POWER_STATE SystemStateMapping[7];
/*0x02C*/ struct _IRP* WaitWakeIrp;
/*0x030*/ PVOID SavedCancelRoutine;
/*0x034*/ LONG32 Paging;
/*0x038*/ LONG32 Hibernate;
/*0x03C*/ LONG32 CrashDump;
}PCI_POWER_STATE, *PPCI_POWER_STATE;
typedef struct _PCI_SLOT_NUMBER {
union
{
struct
{
/*0x000*/ ULONG32 DeviceNumber : 5;
/*0x000*/ ULONG32 FunctionNumber : 3;
/*0x000*/ ULONG32 Reserved : 24;
}bits;
/*0x000*/ ULONG32 AsULONG;
}u;
}PCI_SLOT_NUMBER, *PPCI_SLOT_NUMBER;
union
{
struct
{
/*0x000*/ ULONG32 DeviceNumber : 5;
/*0x000*/ ULONG32 FunctionNumber : 3;
/*0x000*/ ULONG32 Reserved : 24;
}bits;
/*0x000*/ ULONG32 AsULONG;
}u;
}PCI_SLOT_NUMBER, *PPCI_SLOT_NUMBER;
typedef struct _PEB_FREE_BLOCK {
/*0x000*/ struct _PEB_FREE_BLOCK* Next;
/*0x004*/ ULONG32 Size;
}PEB_FREE_BLOCK, *PPEB_FREE_BLOCK;
/*0x000*/ struct _PEB_FREE_BLOCK* Next;
/*0x004*/ ULONG32 Size;
}PEB_FREE_BLOCK, *PPEB_FREE_BLOCK;
typedef struct _PHYSICAL_MEMORY_RUN {
/*0x000*/ ULONG32 BasePage;
/*0x004*/ ULONG32 PageCount;
}PHYSICAL_MEMORY_RUN, *PPHYSICAL_MEMORY_RUN;
/*0x000*/ ULONG32 BasePage;
/*0x004*/ ULONG32 PageCount;
}PHYSICAL_MEMORY_RUN, *PPHYSICAL_MEMORY_RUN;
typedef struct _PM_SUPPORT {
/*0x000*/ UINT8 Rsvd2 : 1;
/*0x000*/ UINT8 D1 : 1;
/*0x000*/ UINT8 D2 : 1;
/*0x000*/ UINT8 PMED0 : 1;
/*0x000*/ UINT8 PMED1 : 1;
/*0x000*/ UINT8 PMED2 : 1;
/*0x000*/ UINT8 PMED3Hot : 1;
/*0x000*/ UINT8 PMED3Cold : 1;
}PM_SUPPORT, *PPM_SUPPORT;
/*0x000*/ UINT8 Rsvd2 : 1;
/*0x000*/ UINT8 D1 : 1;
/*0x000*/ UINT8 D2 : 1;
/*0x000*/ UINT8 PMED0 : 1;
/*0x000*/ UINT8 PMED1 : 1;
/*0x000*/ UINT8 PMED2 : 1;
/*0x000*/ UINT8 PMED3Hot : 1;
/*0x000*/ UINT8 PMED3Cold : 1;
}PM_SUPPORT, *PPM_SUPPORT;
typedef struct _POOL_HEADER {
union
{
struct
{
struct
{
/*0x000*/ UINT16 PreviousSize : 9;
/*0x000*/ UINT16 PoolIndex : 7;
};
struct
{
/*0x002*/ UINT16 BlockSize : 9;
/*0x002*/ UINT16 PoolType : 7;
};
};
/*0x000*/ ULONG32 Ulong1;
};
union
{
/*0x004*/ struct _EPROCESS* ProcessBilled;
/*0x004*/ ULONG32 PoolTag;
struct
{
/*0x004*/ UINT16 AllocatorBackTraceIndex;
/*0x006*/ UINT16 PoolTagHash;
};
};
}POOL_HEADER, *PPOOL_HEADER;
union
{
struct
{
struct
{
/*0x000*/ UINT16 PreviousSize : 9;
/*0x000*/ UINT16 PoolIndex : 7;
};
struct
{
/*0x002*/ UINT16 BlockSize : 9;
/*0x002*/ UINT16 PoolType : 7;
};
};
/*0x000*/ ULONG32 Ulong1;
};
union
{
/*0x004*/ struct _EPROCESS* ProcessBilled;
/*0x004*/ ULONG32 PoolTag;
struct
{
/*0x004*/ UINT16 AllocatorBackTraceIndex;
/*0x006*/ UINT16 PoolTagHash;
};
};
}POOL_HEADER, *PPOOL_HEADER;
typedef struct _POOL_TRACKER_BIG_PAGES {
/*0x000*/ VOID* Va;
/*0x004*/ ULONG32 Key;
/*0x008*/ ULONG32 NumberOfPages;
}POOL_TRACKER_BIG_PAGES, *PPOOL_TRACKER_BIG_PAGES;
/*0x000*/ VOID* Va;
/*0x004*/ ULONG32 Key;
/*0x008*/ ULONG32 NumberOfPages;
}POOL_TRACKER_BIG_PAGES, *PPOOL_TRACKER_BIG_PAGES;
typedef struct _POOL_TRACKER_TABLE {
/*0x000*/ ULONG32 Key;
/*0x004*/ ULONG32 NonPagedAllocs;
/*0x008*/ ULONG32 NonPagedFrees;
/*0x00C*/ ULONG32 NonPagedBytes;
/*0x010*/ ULONG32 PagedAllocs;
/*0x014*/ ULONG32 PagedFrees;
/*0x018*/ ULONG32 PagedBytes;
}POOL_TRACKER_TABLE, *PPOOL_TRACKER_TABLE;
/*0x000*/ ULONG32 Key;
/*0x004*/ ULONG32 NonPagedAllocs;
/*0x008*/ ULONG32 NonPagedFrees;
/*0x00C*/ ULONG32 NonPagedBytes;
/*0x010*/ ULONG32 PagedAllocs;
/*0x014*/ ULONG32 PagedFrees;
/*0x018*/ ULONG32 PagedBytes;
}POOL_TRACKER_TABLE, *PPOOL_TRACKER_TABLE;
typedef struct _POP_ACTION_TRIGGER {
/*0x000*/ enum _POP_POLICY_DEVICE_TYPE Type;
/*0x004*/ UINT8 Flags;
/*0x005*/ UINT8 Spare[3];
union
{
struct
{
/*0x008*/ ULONG32 Level;
}Battery;
/*0x008*/ struct _POP_TRIGGER_WAIT* Wait;
};
}POP_ACTION_TRIGGER, *PPOP_ACTION_TRIGGER;
/*0x000*/ enum _POP_POLICY_DEVICE_TYPE Type;
/*0x004*/ UINT8 Flags;
/*0x005*/ UINT8 Spare[3];
union
{
struct
{
/*0x008*/ ULONG32 Level;
}Battery;
/*0x008*/ struct _POP_TRIGGER_WAIT* Wait;
};
}POP_ACTION_TRIGGER, *PPOP_ACTION_TRIGGER;
typedef struct _POP_IDLE_HANDLER {
/*0x000*/ ULONG32 Latency;
/*0x004*/ ULONG32 TimeCheck;
/*0x008*/ ULONG32 DemoteLimit;
/*0x00C*/ ULONG32 PromoteLimit;
/*0x010*/ ULONG32 PromoteCount;
/*0x014*/ UINT8 Demote;
/*0x015*/ UINT8 Promote;
/*0x016*/ UINT8 PromotePercent;
/*0x017*/ UINT8 DemotePercent;
/*0x018*/ UINT8 State;
/*0x019*/ UINT8 Spare[3];
/*0x01C*/ PVOID IdleFunction;
}POP_IDLE_HANDLER, *PPOP_IDLE_HANDLER;
/*0x000*/ ULONG32 Latency;
/*0x004*/ ULONG32 TimeCheck;
/*0x008*/ ULONG32 DemoteLimit;
/*0x00C*/ ULONG32 PromoteLimit;
/*0x010*/ ULONG32 PromoteCount;
/*0x014*/ UINT8 Demote;
/*0x015*/ UINT8 Promote;
/*0x016*/ UINT8 PromotePercent;
/*0x017*/ UINT8 DemotePercent;
/*0x018*/ UINT8 State;
/*0x019*/ UINT8 Spare[3];
/*0x01C*/ PVOID IdleFunction;
}POP_IDLE_HANDLER, *PPOP_IDLE_HANDLER;
typedef struct _POP_POWER_ACTION {
/*0x000*/ UINT8 Updates;
/*0x001*/ UINT8 State;
/*0x002*/ UINT8 Shutdown;
/*0x003*/ UINT8 _PADDING0_[0x1];
/*0x004*/ enum _POWER_ACTION Action;
/*0x008*/ enum _SYSTEM_POWER_STATE LightestState;
/*0x00C*/ ULONG32 Flags;
/*0x010*/ LONG32 Status;
/*0x014*/ UINT8 IrpMinor;
/*0x015*/ UINT8 _PADDING1_[0x3];
/*0x018*/ enum _SYSTEM_POWER_STATE SystemState;
/*0x01C*/ enum _SYSTEM_POWER_STATE NextSystemState;
/*0x020*/ struct _POP_SHUTDOWN_BUG_CHECK* ShutdownBugCode;
/*0x024*/ struct _POP_DEVICE_SYS_STATE* DevState;
/*0x028*/ struct _POP_HIBER_CONTEXT* HiberContext;
/*0x02C*/ enum _SYSTEM_POWER_STATE LastWakeState;
/*0x030*/ UINT64 WakeTime;
/*0x038*/ UINT64 SleepTime;
}POP_POWER_ACTION, *PPOP_POWER_ACTION;
/*0x000*/ UINT8 Updates;
/*0x001*/ UINT8 State;
/*0x002*/ UINT8 Shutdown;
/*0x003*/ UINT8 _PADDING0_[0x1];
/*0x004*/ enum _POWER_ACTION Action;
/*0x008*/ enum _SYSTEM_POWER_STATE LightestState;
/*0x00C*/ ULONG32 Flags;
/*0x010*/ LONG32 Status;
/*0x014*/ UINT8 IrpMinor;
/*0x015*/ UINT8 _PADDING1_[0x3];
/*0x018*/ enum _SYSTEM_POWER_STATE SystemState;
/*0x01C*/ enum _SYSTEM_POWER_STATE NextSystemState;
/*0x020*/ struct _POP_SHUTDOWN_BUG_CHECK* ShutdownBugCode;
/*0x024*/ struct _POP_DEVICE_SYS_STATE* DevState;
/*0x028*/ struct _POP_HIBER_CONTEXT* HiberContext;
/*0x02C*/ enum _SYSTEM_POWER_STATE LastWakeState;
/*0x030*/ UINT64 WakeTime;
/*0x038*/ UINT64 SleepTime;
}POP_POWER_ACTION, *PPOP_POWER_ACTION;
typedef struct _POP_SHUTDOWN_BUG_CHECK {
/*0x000*/ ULONG32 Code;
/*0x004*/ ULONG32 Parameter1;
/*0x008*/ ULONG32 Parameter2;
/*0x00C*/ ULONG32 Parameter3;
/*0x010*/ ULONG32 Parameter4;
}POP_SHUTDOWN_BUG_CHECK, *PPOP_SHUTDOWN_BUG_CHECK;
/*0x000*/ ULONG32 Code;
/*0x004*/ ULONG32 Parameter1;
/*0x008*/ ULONG32 Parameter2;
/*0x00C*/ ULONG32 Parameter3;
/*0x010*/ ULONG32 Parameter4;
}POP_SHUTDOWN_BUG_CHECK, *PPOP_SHUTDOWN_BUG_CHECK;
typedef struct _POWER_ACTION_POLICY {
/*0x000*/ enum _POWER_ACTION Action;
/*0x004*/ ULONG32 Flags;
/*0x008*/ ULONG32 EventCode;
}POWER_ACTION_POLICY, *PPOWER_ACTION_POLICY;
/*0x000*/ enum _POWER_ACTION Action;
/*0x004*/ ULONG32 Flags;
/*0x008*/ ULONG32 EventCode;
}POWER_ACTION_POLICY, *PPOWER_ACTION_POLICY;
typedef struct _POWER_SEQUENCE {
/*0x000*/ ULONG32 SequenceD1;
/*0x004*/ ULONG32 SequenceD2;
/*0x008*/ ULONG32 SequenceD3;
}POWER_SEQUENCE, *PPOWER_SEQUENCE;
/*0x000*/ ULONG32 SequenceD1;
/*0x004*/ ULONG32 SequenceD2;
/*0x008*/ ULONG32 SequenceD3;
}POWER_SEQUENCE, *PPOWER_SEQUENCE;
typedef struct _PO_HIBER_PERF {
/*0x000*/ UINT64 IoTicks;
/*0x008*/ UINT64 InitTicks;
/*0x010*/ UINT64 CopyTicks;
/*0x018*/ UINT64 StartCount;
/*0x020*/ ULONG32 ElapsedTime;
/*0x024*/ ULONG32 IoTime;
/*0x028*/ ULONG32 CopyTime;
/*0x02C*/ ULONG32 InitTime;
/*0x030*/ ULONG32 PagesWritten;
/*0x034*/ ULONG32 PagesProcessed;
/*0x038*/ ULONG32 BytesCopied;
/*0x03C*/ ULONG32 DumpCount;
/*0x040*/ ULONG32 FileRuns;
/*0x044*/ UINT8 _PADDING0_[0x4];
}PO_HIBER_PERF, *PPO_HIBER_PERF;
/*0x000*/ UINT64 IoTicks;
/*0x008*/ UINT64 InitTicks;
/*0x010*/ UINT64 CopyTicks;
/*0x018*/ UINT64 StartCount;
/*0x020*/ ULONG32 ElapsedTime;
/*0x024*/ ULONG32 IoTime;
/*0x028*/ ULONG32 CopyTime;
/*0x02C*/ ULONG32 InitTime;
/*0x030*/ ULONG32 PagesWritten;
/*0x034*/ ULONG32 PagesProcessed;
/*0x038*/ ULONG32 BytesCopied;
/*0x03C*/ ULONG32 DumpCount;
/*0x040*/ ULONG32 FileRuns;
/*0x044*/ UINT8 _PADDING0_[0x4];
}PO_HIBER_PERF, *PPO_HIBER_PERF;
typedef struct _PO_MEMORY_RANGE_ARRAY {
union
{
struct
{
/*0x000*/ ULONG32 PageNo;
/*0x004*/ ULONG32 StartPage;
/*0x008*/ ULONG32 EndPage;
/*0x00C*/ ULONG32 CheckSum;
}Range;
struct
{
/*0x000*/ struct _PO_MEMORY_RANGE_ARRAY* Next;
/*0x004*/ ULONG32 NextTable;
/*0x008*/ ULONG32 CheckSum;
/*0x00C*/ ULONG32 EntryCount;
}Link;
};
}PO_MEMORY_RANGE_ARRAY, *PPO_MEMORY_RANGE_ARRAY;
union
{
struct
{
/*0x000*/ ULONG32 PageNo;
/*0x004*/ ULONG32 StartPage;
/*0x008*/ ULONG32 EndPage;
/*0x00C*/ ULONG32 CheckSum;
}Range;
struct
{
/*0x000*/ struct _PO_MEMORY_RANGE_ARRAY* Next;
/*0x004*/ ULONG32 NextTable;
/*0x008*/ ULONG32 CheckSum;
/*0x00C*/ ULONG32 EntryCount;
}Link;
};
}PO_MEMORY_RANGE_ARRAY, *PPO_MEMORY_RANGE_ARRAY;
typedef struct _PP_LOOKASIDE_LIST {
/*0x000*/ struct _GENERAL_LOOKASIDE* P;
/*0x004*/ struct _GENERAL_LOOKASIDE* L;
}PP_LOOKASIDE_LIST, *PPP_LOOKASIDE_LIST;
/*0x000*/ struct _GENERAL_LOOKASIDE* P;
/*0x004*/ struct _GENERAL_LOOKASIDE* L;
}PP_LOOKASIDE_LIST, *PPP_LOOKASIDE_LIST;
typedef struct _PRIVATE_CACHE_MAP_FLAGS {
/*0x000*/ ULONG32 DontUse : 16;
/*0x000*/ ULONG32 ReadAheadActive : 1;
/*0x000*/ ULONG32 ReadAheadEnabled : 1;
/*0x000*/ ULONG32 Available : 14;
}PRIVATE_CACHE_MAP_FLAGS, *PPRIVATE_CACHE_MAP_FLAGS;
/*0x000*/ ULONG32 DontUse : 16;
/*0x000*/ ULONG32 ReadAheadActive : 1;
/*0x000*/ ULONG32 ReadAheadEnabled : 1;
/*0x000*/ ULONG32 Available : 14;
}PRIVATE_CACHE_MAP_FLAGS, *PPRIVATE_CACHE_MAP_FLAGS;
typedef struct _PROCESSOR_IDLE_TIMES {
/*0x000*/ UINT64 StartTime;
/*0x008*/ UINT64 EndTime;
/*0x010*/ ULONG32 IdleHandlerReserved[4];
}PROCESSOR_IDLE_TIMES, *PPROCESSOR_IDLE_TIMES;
/*0x000*/ UINT64 StartTime;
/*0x008*/ UINT64 EndTime;
/*0x010*/ ULONG32 IdleHandlerReserved[4];
}PROCESSOR_IDLE_TIMES, *PPROCESSOR_IDLE_TIMES;
typedef struct _PROCESSOR_PERF_STATE {
/*0x000*/ UINT8 PercentFrequency;
/*0x001*/ UINT8 MinCapacity;
/*0x002*/ UINT16 Power;
/*0x004*/ UINT8 IncreaseLevel;
/*0x005*/ UINT8 DecreaseLevel;
/*0x006*/ UINT16 Flags;
/*0x008*/ ULONG32 IncreaseTime;
/*0x00C*/ ULONG32 DecreaseTime;
/*0x010*/ ULONG32 IncreaseCount;
/*0x014*/ ULONG32 DecreaseCount;
/*0x018*/ UINT64 PerformanceTime;
}PROCESSOR_PERF_STATE, *PPROCESSOR_PERF_STATE;
/*0x000*/ UINT8 PercentFrequency;
/*0x001*/ UINT8 MinCapacity;
/*0x002*/ UINT16 Power;
/*0x004*/ UINT8 IncreaseLevel;
/*0x005*/ UINT8 DecreaseLevel;
/*0x006*/ UINT16 Flags;
/*0x008*/ ULONG32 IncreaseTime;
/*0x00C*/ ULONG32 DecreaseTime;
/*0x010*/ ULONG32 IncreaseCount;
/*0x014*/ ULONG32 DecreaseCount;
/*0x018*/ UINT64 PerformanceTime;
}PROCESSOR_PERF_STATE, *PPROCESSOR_PERF_STATE;
typedef struct _PROCESSOR_POWER_POLICY_INFO {
/*0x000*/ ULONG32 TimeCheck;
/*0x004*/ ULONG32 DemoteLimit;
/*0x008*/ ULONG32 PromoteLimit;
/*0x00C*/ UINT8 DemotePercent;
/*0x00D*/ UINT8 PromotePercent;
/*0x00E*/ UINT8 Spare[2];
struct
{
/*0x010*/ ULONG32 AllowDemotion : 1;
/*0x010*/ ULONG32 AllowPromotion : 1;
/*0x010*/ ULONG32 Reserved : 30;
};
}PROCESSOR_POWER_POLICY_INFO, *PPROCESSOR_POWER_POLICY_INFO;
/*0x000*/ ULONG32 TimeCheck;
/*0x004*/ ULONG32 DemoteLimit;
/*0x008*/ ULONG32 PromoteLimit;
/*0x00C*/ UINT8 DemotePercent;
/*0x00D*/ UINT8 PromotePercent;
/*0x00E*/ UINT8 Spare[2];
struct
{
/*0x010*/ ULONG32 AllowDemotion : 1;
/*0x010*/ ULONG32 AllowPromotion : 1;
/*0x010*/ ULONG32 Reserved : 30;
};
}PROCESSOR_POWER_POLICY_INFO, *PPROCESSOR_POWER_POLICY_INFO;
typedef struct _PROCESS_WS_WATCH_INFORMATION {
/*0x000*/ VOID* FaultingPc;
/*0x004*/ VOID* FaultingVa;
}PROCESS_WS_WATCH_INFORMATION, *PPROCESS_WS_WATCH_INFORMATION;
/*0x000*/ VOID* FaultingPc;
/*0x004*/ VOID* FaultingVa;
}PROCESS_WS_WATCH_INFORMATION, *PPROCESS_WS_WATCH_INFORMATION;
typedef struct _PS_IMPERSONATION_INFORMATION {
/*0x000*/ VOID* Token;
/*0x004*/ UINT8 CopyOnOpen;
/*0x005*/ UINT8 EffectiveOnly;
/*0x006*/ UINT8 _PADDING0_[0x2];
/*0x008*/ enum _SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
}PS_IMPERSONATION_INFORMATION, *PPS_IMPERSONATION_INFORMATION;
/*0x000*/ VOID* Token;
/*0x004*/ UINT8 CopyOnOpen;
/*0x005*/ UINT8 EffectiveOnly;
/*0x006*/ UINT8 _PADDING0_[0x2];
/*0x008*/ enum _SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
}PS_IMPERSONATION_INFORMATION, *PPS_IMPERSONATION_INFORMATION;
typedef struct _PS_JOB_TOKEN_FILTER {
/*0x000*/ ULONG32 CapturedSidCount;
/*0x004*/ struct _SID_AND_ATTRIBUTES* CapturedSids;
/*0x008*/ ULONG32 CapturedSidsLength;
/*0x00C*/ ULONG32 CapturedGroupCount;
/*0x010*/ struct _SID_AND_ATTRIBUTES* CapturedGroups;
/*0x014*/ ULONG32 CapturedGroupsLength;
/*0x018*/ ULONG32 CapturedPrivilegeCount;
/*0x01C*/ struct _LUID_AND_ATTRIBUTES* CapturedPrivileges;
/*0x020*/ ULONG32 CapturedPrivilegesLength;
}PS_JOB_TOKEN_FILTER, *PPS_JOB_TOKEN_FILTER;
/*0x000*/ ULONG32 CapturedSidCount;
/*0x004*/ struct _SID_AND_ATTRIBUTES* CapturedSids;
/*0x008*/ ULONG32 CapturedSidsLength;
/*0x00C*/ ULONG32 CapturedGroupCount;
/*0x010*/ struct _SID_AND_ATTRIBUTES* CapturedGroups;
/*0x014*/ ULONG32 CapturedGroupsLength;
/*0x018*/ ULONG32 CapturedPrivilegeCount;
/*0x01C*/ struct _LUID_AND_ATTRIBUTES* CapturedPrivileges;
/*0x020*/ ULONG32 CapturedPrivilegesLength;
}PS_JOB_TOKEN_FILTER, *PPS_JOB_TOKEN_FILTER;
typedef struct _QUAD {
/*0x000*/ FLOAT64 DoNotUseThisField;
}QUAD, *PQUAD;
/*0x000*/ FLOAT64 DoNotUseThisField;
}QUAD, *PQUAD;
typedef struct _RTL_ATOM_TABLE_ENTRY {
/*0x000*/ struct _RTL_ATOM_TABLE_ENTRY* HashLink;
/*0x004*/ UINT16 HandleIndex;
/*0x006*/ UINT16 Atom;
/*0x008*/ UINT16 ReferenceCount;
/*0x00A*/ UINT8 Flags;
/*0x00B*/ UINT8 NameLength;
/*0x00C*/ UINT16 Name[1];
/*0x00E*/ UINT8 _PADDING0_[0x2];
}RTL_ATOM_TABLE_ENTRY, *PRTL_ATOM_TABLE_ENTRY;
/*0x000*/ struct _RTL_ATOM_TABLE_ENTRY* HashLink;
/*0x004*/ UINT16 HandleIndex;
/*0x006*/ UINT16 Atom;
/*0x008*/ UINT16 ReferenceCount;
/*0x00A*/ UINT8 Flags;
/*0x00B*/ UINT8 NameLength;
/*0x00C*/ UINT16 Name[1];
/*0x00E*/ UINT8 _PADDING0_[0x2];
}RTL_ATOM_TABLE_ENTRY, *PRTL_ATOM_TABLE_ENTRY;
typedef struct _RTL_BITMAP {
/*0x000*/ ULONG32 SizeOfBitMap;
/*0x004*/ ULONG32* Buffer;
}RTL_BITMAP, *PRTL_BITMAP;
/*0x000*/ ULONG32 SizeOfBitMap;
/*0x004*/ ULONG32* Buffer;
}RTL_BITMAP, *PRTL_BITMAP;
typedef struct _RTL_CRITICAL_SECTION {
/*0x000*/ struct _RTL_CRITICAL_SECTION_DEBUG* DebugInfo;
/*0x004*/ LONG32 LockCount;
/*0x008*/ LONG32 RecursionCount;
/*0x00C*/ VOID* OwningThread;
/*0x010*/ VOID* LockSemaphore;
/*0x014*/ ULONG32 SpinCount;
}RTL_CRITICAL_SECTION, *PRTL_CRITICAL_SECTION;
/*0x000*/ struct _RTL_CRITICAL_SECTION_DEBUG* DebugInfo;
/*0x004*/ LONG32 LockCount;
/*0x008*/ LONG32 RecursionCount;
/*0x00C*/ VOID* OwningThread;
/*0x010*/ VOID* LockSemaphore;
/*0x014*/ ULONG32 SpinCount;
}RTL_CRITICAL_SECTION, *PRTL_CRITICAL_SECTION;
typedef struct _RTL_HANDLE_TABLE {
/*0x000*/ ULONG32 MaximumNumberOfHandles;
/*0x004*/ ULONG32 SizeOfHandleTableEntry;
/*0x008*/ ULONG32 Reserved[2];
/*0x010*/ struct _RTL_HANDLE_TABLE_ENTRY* FreeHandles;
/*0x014*/ struct _RTL_HANDLE_TABLE_ENTRY* CommittedHandles;
/*0x018*/ struct _RTL_HANDLE_TABLE_ENTRY* UnCommittedHandles;
/*0x01C*/ struct _RTL_HANDLE_TABLE_ENTRY* MaxReservedHandles;
}RTL_HANDLE_TABLE, *PRTL_HANDLE_TABLE;
/*0x000*/ ULONG32 MaximumNumberOfHandles;
/*0x004*/ ULONG32 SizeOfHandleTableEntry;
/*0x008*/ ULONG32 Reserved[2];
/*0x010*/ struct _RTL_HANDLE_TABLE_ENTRY* FreeHandles;
/*0x014*/ struct _RTL_HANDLE_TABLE_ENTRY* CommittedHandles;
/*0x018*/ struct _RTL_HANDLE_TABLE_ENTRY* UnCommittedHandles;
/*0x01C*/ struct _RTL_HANDLE_TABLE_ENTRY* MaxReservedHandles;
}RTL_HANDLE_TABLE, *PRTL_HANDLE_TABLE;
typedef struct _RTL_HANDLE_TABLE_ENTRY {
union
{
/*0x000*/ ULONG32 Flags;
/*0x000*/ struct _RTL_HANDLE_TABLE_ENTRY* NextFree;
};
}RTL_HANDLE_TABLE_ENTRY, *PRTL_HANDLE_TABLE_ENTRY;
union
{
/*0x000*/ ULONG32 Flags;
/*0x000*/ struct _RTL_HANDLE_TABLE_ENTRY* NextFree;
};
}RTL_HANDLE_TABLE_ENTRY, *PRTL_HANDLE_TABLE_ENTRY;
typedef struct _RTL_RANGE {
/*0x000*/ UINT64 Start;
/*0x008*/ UINT64 End;
/*0x010*/ VOID* UserData;
/*0x014*/ VOID* Owner;
/*0x018*/ UINT8 Attributes;
/*0x019*/ UINT8 Flags;
/*0x01A*/ UINT8 _PADDING0_[0x6];
}RTL_RANGE, *PRTL_RANGE;
/*0x000*/ UINT64 Start;
/*0x008*/ UINT64 End;
/*0x010*/ VOID* UserData;
/*0x014*/ VOID* Owner;
/*0x018*/ UINT8 Attributes;
/*0x019*/ UINT8 Flags;
/*0x01A*/ UINT8 _PADDING0_[0x6];
}RTL_RANGE, *PRTL_RANGE;
typedef struct _SCSI_REQUEST_BLOCK {
}SCSI_REQUEST_BLOCK, *PSCSI_REQUEST_BLOCK;
}SCSI_REQUEST_BLOCK, *PSCSI_REQUEST_BLOCK;
typedef struct _SECTION_IMAGE_INFORMATION {
/*0x000*/ VOID* TransferAddress;
/*0x004*/ ULONG32 ZeroBits;
/*0x008*/ ULONG32 MaximumStackSize;
/*0x00C*/ ULONG32 CommittedStackSize;
/*0x010*/ ULONG32 SubSystemType;
union
{
struct
{
/*0x014*/ UINT16 SubSystemMinorVersion;
/*0x016*/ UINT16 SubSystemMajorVersion;
};
/*0x014*/ ULONG32 SubSystemVersion;
};
/*0x018*/ ULONG32 GpValue;
/*0x01C*/ UINT16 ImageCharacteristics;
/*0x01E*/ UINT16 DllCharacteristics;
/*0x020*/ UINT16 Machine;
/*0x022*/ UINT8 ImageContainsCode;
/*0x023*/ UINT8 Spare1;
/*0x024*/ ULONG32 LoaderFlags;
/*0x028*/ ULONG32 ImageFileSize;
/*0x02C*/ ULONG32 Reserved[1];
}SECTION_IMAGE_INFORMATION, *PSECTION_IMAGE_INFORMATION;
/*0x000*/ VOID* TransferAddress;
/*0x004*/ ULONG32 ZeroBits;
/*0x008*/ ULONG32 MaximumStackSize;
/*0x00C*/ ULONG32 CommittedStackSize;
/*0x010*/ ULONG32 SubSystemType;
union
{
struct
{
/*0x014*/ UINT16 SubSystemMinorVersion;
/*0x016*/ UINT16 SubSystemMajorVersion;
};
/*0x014*/ ULONG32 SubSystemVersion;
};
/*0x018*/ ULONG32 GpValue;
/*0x01C*/ UINT16 ImageCharacteristics;
/*0x01E*/ UINT16 DllCharacteristics;
/*0x020*/ UINT16 Machine;
/*0x022*/ UINT8 ImageContainsCode;
/*0x023*/ UINT8 Spare1;
/*0x024*/ ULONG32 LoaderFlags;
/*0x028*/ ULONG32 ImageFileSize;
/*0x02C*/ ULONG32 Reserved[1];
}SECTION_IMAGE_INFORMATION, *PSECTION_IMAGE_INFORMATION;
typedef struct _SECTION_OBJECT {
/*0x000*/ VOID* StartingVa;
/*0x004*/ VOID* EndingVa;
/*0x008*/ VOID* Parent;
/*0x00C*/ VOID* LeftChild;
/*0x010*/ VOID* RightChild;
/*0x014*/ struct _SEGMENT_OBJECT* Segment;
}SECTION_OBJECT, *PSECTION_OBJECT;
/*0x000*/ VOID* StartingVa;
/*0x004*/ VOID* EndingVa;
/*0x008*/ VOID* Parent;
/*0x00C*/ VOID* LeftChild;
/*0x010*/ VOID* RightChild;
/*0x014*/ struct _SEGMENT_OBJECT* Segment;
}SECTION_OBJECT, *PSECTION_OBJECT;
typedef struct _SECTION_OBJECT_POINTERS {
/*0x000*/ VOID* DataSectionObject;
/*0x004*/ VOID* SharedCacheMap;
/*0x008*/ VOID* ImageSectionObject;
}SECTION_OBJECT_POINTERS, *PSECTION_OBJECT_POINTERS;
/*0x000*/ VOID* DataSectionObject;
/*0x004*/ VOID* SharedCacheMap;
/*0x008*/ VOID* ImageSectionObject;
}SECTION_OBJECT_POINTERS, *PSECTION_OBJECT_POINTERS;
typedef struct _SECURITY_DESCRIPTOR {
/*0x000*/ UINT8 Revision;
/*0x001*/ UINT8 Sbz1;
/*0x002*/ UINT16 Control;
/*0x004*/ VOID* Owner;
/*0x008*/ VOID* Group;
/*0x00C*/ struct _ACL* Sacl;
/*0x010*/ struct _ACL* Dacl;
}SECURITY_DESCRIPTOR, *PSECURITY_DESCRIPTOR;
/*0x000*/ UINT8 Revision;
/*0x001*/ UINT8 Sbz1;
/*0x002*/ UINT16 Control;
/*0x004*/ VOID* Owner;
/*0x008*/ VOID* Group;
/*0x00C*/ struct _ACL* Sacl;
/*0x010*/ struct _ACL* Dacl;
}SECURITY_DESCRIPTOR, *PSECURITY_DESCRIPTOR;
typedef struct _SECURITY_DESCRIPTOR_RELATIVE {
/*0x000*/ UINT8 Revision;
/*0x001*/ UINT8 Sbz1;
/*0x002*/ UINT16 Control;
/*0x004*/ ULONG32 Owner;
/*0x008*/ ULONG32 Group;
/*0x00C*/ ULONG32 Sacl;
/*0x010*/ ULONG32 Dacl;
}SECURITY_DESCRIPTOR_RELATIVE, *PSECURITY_DESCRIPTOR_RELATIVE;
/*0x000*/ UINT8 Revision;
/*0x001*/ UINT8 Sbz1;
/*0x002*/ UINT16 Control;
/*0x004*/ ULONG32 Owner;
/*0x008*/ ULONG32 Group;
/*0x00C*/ ULONG32 Sacl;
/*0x010*/ ULONG32 Dacl;
}SECURITY_DESCRIPTOR_RELATIVE, *PSECURITY_DESCRIPTOR_RELATIVE;
typedef struct _SECURITY_QUALITY_OF_SERVICE {
/*0x000*/ ULONG32 Length;
/*0x004*/ enum _SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
/*0x008*/ UINT8 ContextTrackingMode;
/*0x009*/ UINT8 EffectiveOnly;
/*0x00A*/ UINT8 _PADDING0_[0x2];
}SECURITY_QUALITY_OF_SERVICE, *PSECURITY_QUALITY_OF_SERVICE;
/*0x000*/ ULONG32 Length;
/*0x004*/ enum _SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
/*0x008*/ UINT8 ContextTrackingMode;
/*0x009*/ UINT8 EffectiveOnly;
/*0x00A*/ UINT8 _PADDING0_[0x2];
}SECURITY_QUALITY_OF_SERVICE, *PSECURITY_QUALITY_OF_SERVICE;
typedef struct _SECURITY_SUBJECT_CONTEXT {
/*0x000*/ VOID* ClientToken;
/*0x004*/ enum _SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
/*0x008*/ VOID* PrimaryToken;
/*0x00C*/ VOID* ProcessAuditId;
}SECURITY_SUBJECT_CONTEXT, *PSECURITY_SUBJECT_CONTEXT;
/*0x000*/ VOID* ClientToken;
/*0x004*/ enum _SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
/*0x008*/ VOID* PrimaryToken;
/*0x00C*/ VOID* ProcessAuditId;
}SECURITY_SUBJECT_CONTEXT, *PSECURITY_SUBJECT_CONTEXT;
typedef struct _SECURITY_TOKEN_AUDIT_DATA {
/*0x000*/ ULONG32 Length;
/*0x004*/ ULONG32 GrantMask;
/*0x008*/ ULONG32 DenyMask;
}SECURITY_TOKEN_AUDIT_DATA, *PSECURITY_TOKEN_AUDIT_DATA;
/*0x000*/ ULONG32 Length;
/*0x004*/ ULONG32 GrantMask;
/*0x008*/ ULONG32 DenyMask;
}SECURITY_TOKEN_AUDIT_DATA, *PSECURITY_TOKEN_AUDIT_DATA;
typedef struct _SEGMENT_OBJECT {
/*0x000*/ VOID* BaseAddress;
/*0x004*/ ULONG32 TotalNumberOfPtes;
/*0x008*/ union _LARGE_INTEGER SizeOfSegment;
/*0x010*/ ULONG32 NonExtendedPtes;
/*0x014*/ ULONG32 ImageCommitment;
/*0x018*/ struct _CONTROL_AREA* ControlArea;
/*0x01C*/ struct _SUBSECTION* Subsection;
/*0x020*/ struct _LARGE_CONTROL_AREA* LargeControlArea;
/*0x024*/ struct _MMSECTION_FLAGS* MmSectionFlags;
/*0x028*/ struct _MMSUBSECTION_FLAGS* MmSubSectionFlags;
/*0x02C*/ UINT8 _PADDING0_[0x4];
}SEGMENT_OBJECT, *PSEGMENT_OBJECT;
/*0x000*/ VOID* BaseAddress;
/*0x004*/ ULONG32 TotalNumberOfPtes;
/*0x008*/ union _LARGE_INTEGER SizeOfSegment;
/*0x010*/ ULONG32 NonExtendedPtes;
/*0x014*/ ULONG32 ImageCommitment;
/*0x018*/ struct _CONTROL_AREA* ControlArea;
/*0x01C*/ struct _SUBSECTION* Subsection;
/*0x020*/ struct _LARGE_CONTROL_AREA* LargeControlArea;
/*0x024*/ struct _MMSECTION_FLAGS* MmSectionFlags;
/*0x028*/ struct _MMSUBSECTION_FLAGS* MmSubSectionFlags;
/*0x02C*/ UINT8 _PADDING0_[0x4];
}SEGMENT_OBJECT, *PSEGMENT_OBJECT;
typedef struct _SEP_AUDIT_POLICY_CATEGORIES {
struct
{
/*0x000*/ ULONG32 System : 4;
/*0x000*/ ULONG32 Logon : 4;
/*0x000*/ ULONG32 ObjectAccess : 4;
/*0x000*/ ULONG32 PrivilegeUse : 4;
/*0x000*/ ULONG32 DetailedTracking : 4;
/*0x000*/ ULONG32 PolicyChange : 4;
/*0x000*/ ULONG32 AccountManagement : 4;
/*0x000*/ ULONG32 DirectoryServiceAccess : 4;
};
/*0x004*/ ULONG32 AccountLogon : 4;
}SEP_AUDIT_POLICY_CATEGORIES, *PSEP_AUDIT_POLICY_CATEGORIES;
struct
{
/*0x000*/ ULONG32 System : 4;
/*0x000*/ ULONG32 Logon : 4;
/*0x000*/ ULONG32 ObjectAccess : 4;
/*0x000*/ ULONG32 PrivilegeUse : 4;
/*0x000*/ ULONG32 DetailedTracking : 4;
/*0x000*/ ULONG32 PolicyChange : 4;
/*0x000*/ ULONG32 AccountManagement : 4;
/*0x000*/ ULONG32 DirectoryServiceAccess : 4;
};
/*0x004*/ ULONG32 AccountLogon : 4;
}SEP_AUDIT_POLICY_CATEGORIES, *PSEP_AUDIT_POLICY_CATEGORIES;
typedef struct _SEP_AUDIT_POLICY_OVERLAY {
/*0x000*/ UINT64 PolicyBits : 36;
/*0x000*/ UINT64 SetBit : 1;
}SEP_AUDIT_POLICY_OVERLAY, *PSEP_AUDIT_POLICY_OVERLAY;
/*0x000*/ UINT64 PolicyBits : 36;
/*0x000*/ UINT64 SetBit : 1;
}SEP_AUDIT_POLICY_OVERLAY, *PSEP_AUDIT_POLICY_OVERLAY;
typedef struct _SE_AUDIT_PROCESS_CREATION_INFO {
/*0x000*/ struct _OBJECT_NAME_INFORMATION* ImageFileName;
}SE_AUDIT_PROCESS_CREATION_INFO, *PSE_AUDIT_PROCESS_CREATION_INFO;
/*0x000*/ struct _OBJECT_NAME_INFORMATION* ImageFileName;
}SE_AUDIT_PROCESS_CREATION_INFO, *PSE_AUDIT_PROCESS_CREATION_INFO;
typedef struct _SID_AND_ATTRIBUTES {
/*0x000*/ VOID* Sid;
/*0x004*/ ULONG32 Attributes;
}SID_AND_ATTRIBUTES, *PSID_AND_ATTRIBUTES;
/*0x000*/ VOID* Sid;
/*0x004*/ ULONG32 Attributes;
}SID_AND_ATTRIBUTES, *PSID_AND_ATTRIBUTES;
typedef struct _SID_IDENTIFIER_AUTHORITY {
/*0x000*/ UINT8 Value[6];
}SID_IDENTIFIER_AUTHORITY, *PSID_IDENTIFIER_AUTHORITY;
/*0x000*/ UINT8 Value[6];
}SID_IDENTIFIER_AUTHORITY, *PSID_IDENTIFIER_AUTHORITY;
typedef struct _SINGLE_LIST_ENTRY {
/*0x000*/ struct _SINGLE_LIST_ENTRY* Next;
}SINGLE_LIST_ENTRY, *PSINGLE_LIST_ENTRY;
/*0x000*/ struct _SINGLE_LIST_ENTRY* Next;
}SINGLE_LIST_ENTRY, *PSINGLE_LIST_ENTRY;
typedef struct _STRING {
/*0x000*/ UINT16 Length;
/*0x002*/ UINT16 MaximumLength;
/*0x004*/ CHAR* Buffer;
}STRING, *PSTRING;
/*0x000*/ UINT16 Length;
/*0x002*/ UINT16 MaximumLength;
/*0x004*/ CHAR* Buffer;
}STRING, *PSTRING;
typedef struct _SUPPORTED_RANGE {
/*0x000*/ struct _SUPPORTED_RANGE* Next;
/*0x004*/ ULONG32 SystemAddressSpace;
/*0x008*/ INT64 SystemBase;
/*0x010*/ INT64 Base;
/*0x018*/ INT64 Limit;
}SUPPORTED_RANGE, *PSUPPORTED_RANGE;
/*0x000*/ struct _SUPPORTED_RANGE* Next;
/*0x004*/ ULONG32 SystemAddressSpace;
/*0x008*/ INT64 SystemBase;
/*0x010*/ INT64 Base;
/*0x018*/ INT64 Limit;
}SUPPORTED_RANGE, *PSUPPORTED_RANGE;
typedef struct _TEB_ACTIVE_FRAME {
/*0x000*/ ULONG32 Flags;
/*0x004*/ struct _TEB_ACTIVE_FRAME* Previous;
/*0x008*/ struct _TEB_ACTIVE_FRAME_CONTEXT* Context;
}TEB_ACTIVE_FRAME, *PTEB_ACTIVE_FRAME;
/*0x000*/ ULONG32 Flags;
/*0x004*/ struct _TEB_ACTIVE_FRAME* Previous;
/*0x008*/ struct _TEB_ACTIVE_FRAME_CONTEXT* Context;
}TEB_ACTIVE_FRAME, *PTEB_ACTIVE_FRAME;
typedef struct _TEB_ACTIVE_FRAME_CONTEXT {
/*0x000*/ ULONG32 Flags;
/*0x004*/ CHAR* FrameName;
}TEB_ACTIVE_FRAME_CONTEXT, *PTEB_ACTIVE_FRAME_CONTEXT;
/*0x000*/ ULONG32 Flags;
/*0x004*/ CHAR* FrameName;
}TEB_ACTIVE_FRAME_CONTEXT, *PTEB_ACTIVE_FRAME_CONTEXT;
typedef struct _TERMINATION_PORT {
/*0x000*/ struct _TERMINATION_PORT* Next;
/*0x004*/ VOID* Port;
}TERMINATION_PORT, *PTERMINATION_PORT;
/*0x000*/ struct _TERMINATION_PORT* Next;
/*0x004*/ VOID* Port;
}TERMINATION_PORT, *PTERMINATION_PORT;
typedef struct _THERMAL_INFORMATION {
/*0x000*/ ULONG32 ThermalStamp;
/*0x004*/ ULONG32 ThermalConstant1;
/*0x008*/ ULONG32 ThermalConstant2;
/*0x00C*/ ULONG32 Processors;
/*0x010*/ ULONG32 SamplingPeriod;
/*0x014*/ ULONG32 CurrentTemperature;
/*0x018*/ ULONG32 PassiveTripPoint;
/*0x01C*/ ULONG32 CriticalTripPoint;
/*0x020*/ UINT8 ActiveTripPointCount;
/*0x021*/ UINT8 _PADDING0_[0x3];
/*0x024*/ ULONG32 ActiveTripPoint[10];
}THERMAL_INFORMATION, *PTHERMAL_INFORMATION;
/*0x000*/ ULONG32 ThermalStamp;
/*0x004*/ ULONG32 ThermalConstant1;
/*0x008*/ ULONG32 ThermalConstant2;
/*0x00C*/ ULONG32 Processors;
/*0x010*/ ULONG32 SamplingPeriod;
/*0x014*/ ULONG32 CurrentTemperature;
/*0x018*/ ULONG32 PassiveTripPoint;
/*0x01C*/ ULONG32 CriticalTripPoint;
/*0x020*/ UINT8 ActiveTripPointCount;
/*0x021*/ UINT8 _PADDING0_[0x3];
/*0x024*/ ULONG32 ActiveTripPoint[10];
}THERMAL_INFORMATION, *PTHERMAL_INFORMATION;
typedef struct _TRACE_ENABLE_FLAG_EXTENSION {
/*0x000*/ UINT16 Offset;
/*0x002*/ UINT8 Length;
/*0x003*/ UINT8 Flag;
}TRACE_ENABLE_FLAG_EXTENSION, *PTRACE_ENABLE_FLAG_EXTENSION;
/*0x000*/ UINT16 Offset;
/*0x002*/ UINT8 Length;
/*0x003*/ UINT8 Flag;
}TRACE_ENABLE_FLAG_EXTENSION, *PTRACE_ENABLE_FLAG_EXTENSION;
typedef struct _VACB_LEVEL_REFERENCE {
/*0x000*/ LONG32 Reference;
/*0x004*/ LONG32 SpecialReference;
}VACB_LEVEL_REFERENCE, *PVACB_LEVEL_REFERENCE;
/*0x000*/ LONG32 Reference;
/*0x004*/ LONG32 SpecialReference;
}VACB_LEVEL_REFERENCE, *PVACB_LEVEL_REFERENCE;
typedef struct _VI_POOL_ENTRY_INUSE {
/*0x000*/ VOID* VirtualAddress;
/*0x004*/ VOID* CallingAddress;
/*0x008*/ ULONG32 NumberOfBytes;
/*0x00C*/ ULONG32 Tag;
}VI_POOL_ENTRY_INUSE, *PVI_POOL_ENTRY_INUSE;
/*0x000*/ VOID* VirtualAddress;
/*0x004*/ VOID* CallingAddress;
/*0x008*/ ULONG32 NumberOfBytes;
/*0x00C*/ ULONG32 Tag;
}VI_POOL_ENTRY_INUSE, *PVI_POOL_ENTRY_INUSE;
typedef struct _VPB {
/*0x000*/ INT16 Type;
/*0x002*/ INT16 Size;
/*0x004*/ UINT16 Flags;
/*0x006*/ UINT16 VolumeLabelLength;
/*0x008*/ struct _DEVICE_OBJECT* DeviceObject;
/*0x00C*/ struct _DEVICE_OBJECT* RealDevice;
/*0x010*/ ULONG32 SerialNumber;
/*0x014*/ ULONG32 ReferenceCount;
/*0x018*/ UINT16 VolumeLabel[32];
}VPB, *PVPB;
/*0x000*/ INT16 Type;
/*0x002*/ INT16 Size;
/*0x004*/ UINT16 Flags;
/*0x006*/ UINT16 VolumeLabelLength;
/*0x008*/ struct _DEVICE_OBJECT* DeviceObject;
/*0x00C*/ struct _DEVICE_OBJECT* RealDevice;
/*0x010*/ ULONG32 SerialNumber;
/*0x014*/ ULONG32 ReferenceCount;
/*0x018*/ UINT16 VolumeLabel[32];
}VPB, *PVPB;
typedef struct _WMI_BUFFER_STATE {
/*0x000*/ ULONG32 Free : 1;
/*0x000*/ ULONG32 InUse : 1;
/*0x000*/ ULONG32 Flush : 1;
/*0x000*/ ULONG32 Unused : 29;
}WMI_BUFFER_STATE, *PWMI_BUFFER_STATE;
/*0x000*/ ULONG32 Free : 1;
/*0x000*/ ULONG32 InUse : 1;
/*0x000*/ ULONG32 Flush : 1;
/*0x000*/ ULONG32 Unused : 29;
}WMI_BUFFER_STATE, *PWMI_BUFFER_STATE;
typedef struct _WMI_CLIENT_CONTEXT {
/*0x000*/ UINT8 ProcessorNumber;
/*0x001*/ UINT8 Alignment;
/*0x002*/ UINT16 LoggerId;
}WMI_CLIENT_CONTEXT, *PWMI_CLIENT_CONTEXT;
/*0x000*/ UINT8 ProcessorNumber;
/*0x001*/ UINT8 Alignment;
/*0x002*/ UINT16 LoggerId;
}WMI_CLIENT_CONTEXT, *PWMI_CLIENT_CONTEXT;
typedef struct _WMI_LOGGER_MODE {
/*0x000*/ ULONG32 SequentialFile : 1;
/*0x000*/ ULONG32 CircularFile : 1;
/*0x000*/ ULONG32 AppendFile : 1;
/*0x000*/ ULONG32 Unused1 : 5;
/*0x000*/ ULONG32 RealTime : 1;
/*0x000*/ ULONG32 DelayOpenFile : 1;
/*0x000*/ ULONG32 BufferOnly : 1;
/*0x000*/ ULONG32 PrivateLogger : 1;
/*0x000*/ ULONG32 AddHeader : 1;
/*0x000*/ ULONG32 UseExisting : 1;
/*0x000*/ ULONG32 UseGlobalSequence : 1;
/*0x000*/ ULONG32 UseLocalSequence : 1;
/*0x000*/ ULONG32 Unused2 : 16;
}WMI_LOGGER_MODE, *PWMI_LOGGER_MODE;
/*0x000*/ ULONG32 SequentialFile : 1;
/*0x000*/ ULONG32 CircularFile : 1;
/*0x000*/ ULONG32 AppendFile : 1;
/*0x000*/ ULONG32 Unused1 : 5;
/*0x000*/ ULONG32 RealTime : 1;
/*0x000*/ ULONG32 DelayOpenFile : 1;
/*0x000*/ ULONG32 BufferOnly : 1;
/*0x000*/ ULONG32 PrivateLogger : 1;
/*0x000*/ ULONG32 AddHeader : 1;
/*0x000*/ ULONG32 UseExisting : 1;
/*0x000*/ ULONG32 UseGlobalSequence : 1;
/*0x000*/ ULONG32 UseLocalSequence : 1;
/*0x000*/ ULONG32 Unused2 : 16;
}WMI_LOGGER_MODE, *PWMI_LOGGER_MODE;
typedef struct _Wx86ThreadState {
/*0x000*/ ULONG32* CallBx86Eip;
/*0x004*/ VOID* DeallocationCpu;
/*0x008*/ UINT8 UseKnownWx86Dll;
/*0x009*/ CHAR OleStubInvoked;
/*0x00A*/ UINT8 _PADDING0_[0x2];
}Wx86ThreadState, *PWx86ThreadState;
/*0x000*/ ULONG32* CallBx86Eip;
/*0x004*/ VOID* DeallocationCpu;
/*0x008*/ UINT8 UseKnownWx86Dll;
/*0x009*/ CHAR OleStubInvoked;
/*0x00A*/ UINT8 _PADDING0_[0x2];
}Wx86ThreadState, *PWx86ThreadState;
typedef struct _X86_DBGKD_CONTROL_SET {
/*0x000*/ ULONG32 TraceFlag;
/*0x004*/ ULONG32 Dr7;
/*0x008*/ ULONG32 CurrentSymbolStart;
/*0x00C*/ ULONG32 CurrentSymbolEnd;
}X86_DBGKD_CONTROL_SET, *PX86_DBGKD_CONTROL_SET;
/*0x000*/ ULONG32 TraceFlag;
/*0x004*/ ULONG32 Dr7;
/*0x008*/ ULONG32 CurrentSymbolStart;
/*0x00C*/ ULONG32 CurrentSymbolEnd;
}X86_DBGKD_CONTROL_SET, *PX86_DBGKD_CONTROL_SET;
typedef struct _ACTIVATION_CONTEXT_STACK {
/*0x000*/ ULONG32 Flags;
/*0x004*/ ULONG32 NextCookieSequenceNumber;
/*0x008*/ VOID* ActiveFrame;
/*0x00C*/ struct _LIST_ENTRY FrameListCache;
}ACTIVATION_CONTEXT_STACK, *PACTIVATION_CONTEXT_STACK;
/*0x000*/ ULONG32 Flags;
/*0x004*/ ULONG32 NextCookieSequenceNumber;
/*0x008*/ VOID* ActiveFrame;
/*0x00C*/ struct _LIST_ENTRY FrameListCache;
}ACTIVATION_CONTEXT_STACK, *PACTIVATION_CONTEXT_STACK;
typedef struct _ARBITER_INSTANCE {
/*0x000*/ ULONG32 Signature;
/*0x004*/ struct _KEVENT* MutexEvent;
/*0x008*/ UINT16* Name;
/*0x00C*/ INT32 ResourceType;
/*0x010*/ struct _RTL_RANGE_LIST* Allocation;
/*0x014*/ struct _RTL_RANGE_LIST* PossibleAllocation;
/*0x018*/ struct _ARBITER_ORDERING_LIST OrderingList;
/*0x020*/ struct _ARBITER_ORDERING_LIST ReservedList;
/*0x028*/ LONG32 ReferenceCount;
/*0x02C*/ struct _ARBITER_INTERFACE* Interface;
/*0x030*/ ULONG32 AllocationStackMaxSize;
/*0x034*/ struct _ARBITER_ALLOCATION_STATE* AllocationStack;
/*0x038*/ PVOID UnpackRequirement;
/*0x03C*/ PVOID PackResource;
/*0x040*/ PVOID UnpackResource;
/*0x044*/ PVOID ScoreRequirement;
/*0x048*/ PVOID TestAllocation;
/*0x04C*/ PVOID RetestAllocation;
/*0x050*/ PVOID CommitAllocation;
/*0x054*/ PVOID RollbackAllocation;
/*0x058*/ PVOID BootAllocation;
/*0x05C*/ PVOID QueryArbitrate;
/*0x060*/ PVOID QueryConflict;
/*0x064*/ PVOID AddReserved;
/*0x068*/ PVOID StartArbiter;
/*0x06C*/ PVOID PreprocessEntry;
/*0x070*/ PVOID AllocateEntry;
/*0x074*/ PVOID GetNextAllocationRange;
/*0x078*/ PVOID FindSuitableRange;
/*0x07C*/ PVOID AddAllocation;
/*0x080*/ PVOID BacktrackAllocation;
/*0x084*/ PVOID OverrideConflict;
/*0x088*/ UINT8 TransactionInProgress;
/*0x089*/ UINT8 _PADDING0_[0x3];
/*0x08C*/ VOID* Extension;
/*0x090*/ struct _DEVICE_OBJECT* BusDeviceObject;
/*0x094*/ VOID* ConflictCallbackContext;
/*0x098*/ PVOID ConflictCallback;
}ARBITER_INSTANCE, *PARBITER_INSTANCE;
/*0x000*/ ULONG32 Signature;
/*0x004*/ struct _KEVENT* MutexEvent;
/*0x008*/ UINT16* Name;
/*0x00C*/ INT32 ResourceType;
/*0x010*/ struct _RTL_RANGE_LIST* Allocation;
/*0x014*/ struct _RTL_RANGE_LIST* PossibleAllocation;
/*0x018*/ struct _ARBITER_ORDERING_LIST OrderingList;
/*0x020*/ struct _ARBITER_ORDERING_LIST ReservedList;
/*0x028*/ LONG32 ReferenceCount;
/*0x02C*/ struct _ARBITER_INTERFACE* Interface;
/*0x030*/ ULONG32 AllocationStackMaxSize;
/*0x034*/ struct _ARBITER_ALLOCATION_STATE* AllocationStack;
/*0x038*/ PVOID UnpackRequirement;
/*0x03C*/ PVOID PackResource;
/*0x040*/ PVOID UnpackResource;
/*0x044*/ PVOID ScoreRequirement;
/*0x048*/ PVOID TestAllocation;
/*0x04C*/ PVOID RetestAllocation;
/*0x050*/ PVOID CommitAllocation;
/*0x054*/ PVOID RollbackAllocation;
/*0x058*/ PVOID BootAllocation;
/*0x05C*/ PVOID QueryArbitrate;
/*0x060*/ PVOID QueryConflict;
/*0x064*/ PVOID AddReserved;
/*0x068*/ PVOID StartArbiter;
/*0x06C*/ PVOID PreprocessEntry;
/*0x070*/ PVOID AllocateEntry;
/*0x074*/ PVOID GetNextAllocationRange;
/*0x078*/ PVOID FindSuitableRange;
/*0x07C*/ PVOID AddAllocation;
/*0x080*/ PVOID BacktrackAllocation;
/*0x084*/ PVOID OverrideConflict;
/*0x088*/ UINT8 TransactionInProgress;
/*0x089*/ UINT8 _PADDING0_[0x3];
/*0x08C*/ VOID* Extension;
/*0x090*/ struct _DEVICE_OBJECT* BusDeviceObject;
/*0x094*/ VOID* ConflictCallbackContext;
/*0x098*/ PVOID ConflictCallback;
}ARBITER_INSTANCE, *PARBITER_INSTANCE;
typedef struct _ARBITER_LIST_ENTRY {
/*0x000*/ struct _LIST_ENTRY ListEntry;
/*0x008*/ ULONG32 AlternativeCount;
/*0x00C*/ struct _IO_RESOURCE_DESCRIPTOR* Alternatives;
/*0x010*/ struct _DEVICE_OBJECT* PhysicalDeviceObject;
/*0x014*/ enum _ARBITER_REQUEST_SOURCE RequestSource;
/*0x018*/ ULONG32 Flags;
/*0x01C*/ LONG32 WorkSpace;
/*0x020*/ enum _INTERFACE_TYPE InterfaceType;
/*0x024*/ ULONG32 SlotNumber;
/*0x028*/ ULONG32 BusNumber;
/*0x02C*/ struct _CM_PARTIAL_RESOURCE_DESCRIPTOR* Assignment;
/*0x030*/ struct _IO_RESOURCE_DESCRIPTOR* SelectedAlternative;
/*0x034*/ enum _ARBITER_RESULT Result;
}ARBITER_LIST_ENTRY, *PARBITER_LIST_ENTRY;
/*0x000*/ struct _LIST_ENTRY ListEntry;
/*0x008*/ ULONG32 AlternativeCount;
/*0x00C*/ struct _IO_RESOURCE_DESCRIPTOR* Alternatives;
/*0x010*/ struct _DEVICE_OBJECT* PhysicalDeviceObject;
/*0x014*/ enum _ARBITER_REQUEST_SOURCE RequestSource;
/*0x018*/ ULONG32 Flags;
/*0x01C*/ LONG32 WorkSpace;
/*0x020*/ enum _INTERFACE_TYPE InterfaceType;
/*0x024*/ ULONG32 SlotNumber;
/*0x028*/ ULONG32 BusNumber;
/*0x02C*/ struct _CM_PARTIAL_RESOURCE_DESCRIPTOR* Assignment;
/*0x030*/ struct _IO_RESOURCE_DESCRIPTOR* SelectedAlternative;
/*0x034*/ enum _ARBITER_RESULT Result;
}ARBITER_LIST_ENTRY, *PARBITER_LIST_ENTRY;
typedef struct _BITMAP_RANGE {
/*0x000*/ struct _LIST_ENTRY Links;
/*0x008*/ INT64 BasePage;
/*0x010*/ ULONG32 FirstDirtyPage;
/*0x014*/ ULONG32 LastDirtyPage;
/*0x018*/ ULONG32 DirtyPages;
/*0x01C*/ ULONG32* Bitmap;
}BITMAP_RANGE, *PBITMAP_RANGE;
/*0x000*/ struct _LIST_ENTRY Links;
/*0x008*/ INT64 BasePage;
/*0x010*/ ULONG32 FirstDirtyPage;
/*0x014*/ ULONG32 LastDirtyPage;
/*0x018*/ ULONG32 DirtyPages;
/*0x01C*/ ULONG32* Bitmap;
}BITMAP_RANGE, *PBITMAP_RANGE;
typedef struct _CALL_HASH_ENTRY {
/*0x000*/ struct _LIST_ENTRY ListEntry;
/*0x008*/ VOID* CallersAddress;
/*0x00C*/ VOID* CallersCaller;
/*0x010*/ ULONG32 CallCount;
}CALL_HASH_ENTRY, *PCALL_HASH_ENTRY;
/*0x000*/ struct _LIST_ENTRY ListEntry;
/*0x008*/ VOID* CallersAddress;
/*0x00C*/ VOID* CallersCaller;
/*0x010*/ ULONG32 CallCount;
}CALL_HASH_ENTRY, *PCALL_HASH_ENTRY;
typedef struct _CALL_PERFORMANCE_DATA {
/*0x000*/ ULONG32 SpinLock;
/*0x004*/ struct _LIST_ENTRY HashTable[64];
}CALL_PERFORMANCE_DATA, *PCALL_PERFORMANCE_DATA;
/*0x000*/ ULONG32 SpinLock;
/*0x004*/ struct _LIST_ENTRY HashTable[64];
}CALL_PERFORMANCE_DATA, *PCALL_PERFORMANCE_DATA;
typedef struct _CM_KEY_BODY {
/*0x000*/ ULONG32 Type;
/*0x004*/ struct _CM_KEY_CONTROL_BLOCK* KeyControlBlock;
/*0x008*/ struct _CM_NOTIFY_BLOCK* NotifyBlock;
/*0x00C*/ VOID* ProcessID;
/*0x010*/ ULONG32 Callers;
/*0x014*/ VOID* CallerAddress[10];
/*0x03C*/ struct _LIST_ENTRY KeyBodyList;
}CM_KEY_BODY, *PCM_KEY_BODY;
/*0x000*/ ULONG32 Type;
/*0x004*/ struct _CM_KEY_CONTROL_BLOCK* KeyControlBlock;
/*0x008*/ struct _CM_NOTIFY_BLOCK* NotifyBlock;
/*0x00C*/ VOID* ProcessID;
/*0x010*/ ULONG32 Callers;
/*0x014*/ VOID* CallerAddress[10];
/*0x03C*/ struct _LIST_ENTRY KeyBodyList;
}CM_KEY_BODY, *PCM_KEY_BODY;
typedef struct _CM_KEY_CONTROL_BLOCK {
/*0x000*/ ULONG32 RefCount;
struct
{
/*0x004*/ ULONG32 ExtFlags : 8;
/*0x004*/ ULONG32 PrivateAlloc : 1;
/*0x004*/ ULONG32 Delete : 1;
/*0x004*/ ULONG32 DelayedCloseIndex : 12;
/*0x004*/ ULONG32 TotalLevels : 10;
};
union
{
/*0x008*/ struct _CM_KEY_HASH KeyHash;
struct
{
/*0x008*/ ULONG32 ConvKey;
/*0x00C*/ struct _CM_KEY_HASH* NextHash;
/*0x010*/ struct _HHIVE* KeyHive;
/*0x014*/ ULONG32 KeyCell;
};
};
/*0x018*/ struct _CM_KEY_CONTROL_BLOCK* ParentKcb;
/*0x01C*/ struct _CM_NAME_CONTROL_BLOCK* NameBlock;
/*0x020*/ struct _CM_KEY_SECURITY_CACHE* CachedSecurity;
/*0x024*/ struct _CACHED_CHILD_LIST ValueCache;
union
{
/*0x02C*/ struct _CM_INDEX_HINT_BLOCK* IndexHint;
/*0x02C*/ ULONG32 HashKey;
/*0x02C*/ ULONG32 SubKeyCount;
};
union
{
/*0x030*/ struct _LIST_ENTRY KeyBodyListHead;
/*0x030*/ struct _LIST_ENTRY FreeListEntry;
};
/*0x038*/ union _LARGE_INTEGER KcbLastWriteTime;
/*0x040*/ UINT16 KcbMaxNameLen;
/*0x042*/ UINT16 KcbMaxValueNameLen;
/*0x044*/ ULONG32 KcbMaxValueDataLen;
struct
{
/*0x048*/ ULONG32 KcbUserFlags : 4;
/*0x048*/ ULONG32 KcbVirtControlFlags : 4;
/*0x048*/ ULONG32 KcbDebug : 8;
/*0x048*/ ULONG32 Flags : 16;
};
}CM_KEY_CONTROL_BLOCK, *PCM_KEY_CONTROL_BLOCK;
/*0x000*/ ULONG32 RefCount;
struct
{
/*0x004*/ ULONG32 ExtFlags : 8;
/*0x004*/ ULONG32 PrivateAlloc : 1;
/*0x004*/ ULONG32 Delete : 1;
/*0x004*/ ULONG32 DelayedCloseIndex : 12;
/*0x004*/ ULONG32 TotalLevels : 10;
};
union
{
/*0x008*/ struct _CM_KEY_HASH KeyHash;
struct
{
/*0x008*/ ULONG32 ConvKey;
/*0x00C*/ struct _CM_KEY_HASH* NextHash;
/*0x010*/ struct _HHIVE* KeyHive;
/*0x014*/ ULONG32 KeyCell;
};
};
/*0x018*/ struct _CM_KEY_CONTROL_BLOCK* ParentKcb;
/*0x01C*/ struct _CM_NAME_CONTROL_BLOCK* NameBlock;
/*0x020*/ struct _CM_KEY_SECURITY_CACHE* CachedSecurity;
/*0x024*/ struct _CACHED_CHILD_LIST ValueCache;
union
{
/*0x02C*/ struct _CM_INDEX_HINT_BLOCK* IndexHint;
/*0x02C*/ ULONG32 HashKey;
/*0x02C*/ ULONG32 SubKeyCount;
};
union
{
/*0x030*/ struct _LIST_ENTRY KeyBodyListHead;
/*0x030*/ struct _LIST_ENTRY FreeListEntry;
};
/*0x038*/ union _LARGE_INTEGER KcbLastWriteTime;
/*0x040*/ UINT16 KcbMaxNameLen;
/*0x042*/ UINT16 KcbMaxValueNameLen;
/*0x044*/ ULONG32 KcbMaxValueDataLen;
struct
{
/*0x048*/ ULONG32 KcbUserFlags : 4;
/*0x048*/ ULONG32 KcbVirtControlFlags : 4;
/*0x048*/ ULONG32 KcbDebug : 8;
/*0x048*/ ULONG32 Flags : 16;
};
}CM_KEY_CONTROL_BLOCK, *PCM_KEY_CONTROL_BLOCK;
typedef struct _CM_KEY_NODE {
/*0x000*/ UINT16 Signature;
/*0x002*/ UINT16 Flags;
/*0x004*/ union _LARGE_INTEGER LastWriteTime;
/*0x00C*/ ULONG32 Spare;
/*0x010*/ ULONG32 Parent;
/*0x014*/ ULONG32 SubKeyCounts[2];
union
{
struct
{
/*0x01C*/ ULONG32 SubKeyLists[2];
/*0x024*/ struct _CHILD_LIST ValueList;
};
/*0x01C*/ struct _CM_KEY_REFERENCE ChildHiveReference;
};
/*0x02C*/ ULONG32 Security;
/*0x030*/ ULONG32 Class;
struct
{
/*0x034*/ ULONG32 MaxNameLen : 16;
/*0x034*/ ULONG32 UserFlags : 4;
/*0x034*/ ULONG32 VirtControlFlags : 4;
/*0x034*/ ULONG32 Debug : 8;
};
/*0x038*/ ULONG32 MaxClassLen;
/*0x03C*/ ULONG32 MaxValueNameLen;
/*0x040*/ ULONG32 MaxValueDataLen;
/*0x044*/ ULONG32 WorkVar;
/*0x048*/ UINT16 NameLength;
/*0x04A*/ UINT16 ClassLength;
/*0x04C*/ UINT16 Name[1];
/*0x04E*/ UINT8 _PADDING0_[0x2];
}CM_KEY_NODE, *PCM_KEY_NODE;
/*0x000*/ UINT16 Signature;
/*0x002*/ UINT16 Flags;
/*0x004*/ union _LARGE_INTEGER LastWriteTime;
/*0x00C*/ ULONG32 Spare;
/*0x010*/ ULONG32 Parent;
/*0x014*/ ULONG32 SubKeyCounts[2];
union
{
struct
{
/*0x01C*/ ULONG32 SubKeyLists[2];
/*0x024*/ struct _CHILD_LIST ValueList;
};
/*0x01C*/ struct _CM_KEY_REFERENCE ChildHiveReference;
};
/*0x02C*/ ULONG32 Security;
/*0x030*/ ULONG32 Class;
struct
{
/*0x034*/ ULONG32 MaxNameLen : 16;
/*0x034*/ ULONG32 UserFlags : 4;
/*0x034*/ ULONG32 VirtControlFlags : 4;
/*0x034*/ ULONG32 Debug : 8;
};
/*0x038*/ ULONG32 MaxClassLen;
/*0x03C*/ ULONG32 MaxValueNameLen;
/*0x040*/ ULONG32 MaxValueDataLen;
/*0x044*/ ULONG32 WorkVar;
/*0x048*/ UINT16 NameLength;
/*0x04A*/ UINT16 ClassLength;
/*0x04C*/ UINT16 Name[1];
/*0x04E*/ UINT8 _PADDING0_[0x2];
}CM_KEY_NODE, *PCM_KEY_NODE;
typedef struct _CM_KEY_SECURITY {
/*0x000*/ UINT16 Signature;
/*0x002*/ UINT16 Reserved;
/*0x004*/ ULONG32 Flink;
/*0x008*/ ULONG32 Blink;
/*0x00C*/ ULONG32 ReferenceCount;
/*0x010*/ ULONG32 DescriptorLength;
/*0x014*/ struct _SECURITY_DESCRIPTOR_RELATIVE Descriptor;
}CM_KEY_SECURITY, *PCM_KEY_SECURITY;
/*0x000*/ UINT16 Signature;
/*0x002*/ UINT16 Reserved;
/*0x004*/ ULONG32 Flink;
/*0x008*/ ULONG32 Blink;
/*0x00C*/ ULONG32 ReferenceCount;
/*0x010*/ ULONG32 DescriptorLength;
/*0x014*/ struct _SECURITY_DESCRIPTOR_RELATIVE Descriptor;
}CM_KEY_SECURITY, *PCM_KEY_SECURITY;
typedef struct _CM_KEY_SECURITY_CACHE {
/*0x000*/ ULONG32 Cell;
/*0x004*/ ULONG32 ConvKey;
/*0x008*/ struct _LIST_ENTRY List;
/*0x010*/ ULONG32 DescriptorLength;
/*0x014*/ struct _SECURITY_DESCRIPTOR_RELATIVE Descriptor;
}CM_KEY_SECURITY_CACHE, *PCM_KEY_SECURITY_CACHE;
/*0x000*/ ULONG32 Cell;
/*0x004*/ ULONG32 ConvKey;
/*0x008*/ struct _LIST_ENTRY List;
/*0x010*/ ULONG32 DescriptorLength;
/*0x014*/ struct _SECURITY_DESCRIPTOR_RELATIVE Descriptor;
}CM_KEY_SECURITY_CACHE, *PCM_KEY_SECURITY_CACHE;
typedef struct _CM_NAME_CONTROL_BLOCK {
/*0x000*/ UINT8 Compressed;
/*0x001*/ UINT8 _PADDING0_[0x1];
/*0x002*/ UINT16 RefCount;
union
{
/*0x004*/ struct _CM_NAME_HASH NameHash;
struct
{
/*0x004*/ ULONG32 ConvKey;
/*0x008*/ struct _CM_KEY_HASH* NextHash;
/*0x00C*/ UINT16 NameLength;
/*0x00E*/ UINT16 Name[1];
};
};
}CM_NAME_CONTROL_BLOCK, *PCM_NAME_CONTROL_BLOCK;
/*0x000*/ UINT8 Compressed;
/*0x001*/ UINT8 _PADDING0_[0x1];
/*0x002*/ UINT16 RefCount;
union
{
/*0x004*/ struct _CM_NAME_HASH NameHash;
struct
{
/*0x004*/ ULONG32 ConvKey;
/*0x008*/ struct _CM_KEY_HASH* NextHash;
/*0x00C*/ UINT16 NameLength;
/*0x00E*/ UINT16 Name[1];
};
};
}CM_NAME_CONTROL_BLOCK, *PCM_NAME_CONTROL_BLOCK;
typedef struct _CM_NOTIFY_BLOCK {
/*0x000*/ struct _LIST_ENTRY HiveList;
/*0x008*/ struct _LIST_ENTRY PostList;
/*0x010*/ struct _CM_KEY_CONTROL_BLOCK* KeyControlBlock;
/*0x014*/ struct _CM_KEY_BODY* KeyBody;
struct
{
/*0x018*/ ULONG32 Filter : 30;
/*0x018*/ ULONG32 WatchTree : 1;
/*0x018*/ ULONG32 NotifyPending : 1;
};
/*0x01C*/ struct _SECURITY_SUBJECT_CONTEXT SubjectContext;
}CM_NOTIFY_BLOCK, *PCM_NOTIFY_BLOCK;
/*0x000*/ struct _LIST_ENTRY HiveList;
/*0x008*/ struct _LIST_ENTRY PostList;
/*0x010*/ struct _CM_KEY_CONTROL_BLOCK* KeyControlBlock;
/*0x014*/ struct _CM_KEY_BODY* KeyBody;
struct
{
/*0x018*/ ULONG32 Filter : 30;
/*0x018*/ ULONG32 WatchTree : 1;
/*0x018*/ ULONG32 NotifyPending : 1;
};
/*0x01C*/ struct _SECURITY_SUBJECT_CONTEXT SubjectContext;
}CM_NOTIFY_BLOCK, *PCM_NOTIFY_BLOCK;
typedef struct _CM_PARTIAL_RESOURCE_LIST {
/*0x000*/ UINT16 Version;
/*0x002*/ UINT16 Revision;
/*0x004*/ ULONG32 Count;
/*0x008*/ struct _CM_PARTIAL_RESOURCE_DESCRIPTOR PartialDescriptors[1];
}CM_PARTIAL_RESOURCE_LIST, *PCM_PARTIAL_RESOURCE_LIST;
/*0x000*/ UINT16 Version;
/*0x002*/ UINT16 Revision;
/*0x004*/ ULONG32 Count;
/*0x008*/ struct _CM_PARTIAL_RESOURCE_DESCRIPTOR PartialDescriptors[1];
}CM_PARTIAL_RESOURCE_LIST, *PCM_PARTIAL_RESOURCE_LIST;
typedef struct _CM_VIEW_OF_FILE {
/*0x000*/ struct _LIST_ENTRY LRUViewList;
/*0x008*/ struct _LIST_ENTRY PinViewList;
/*0x010*/ ULONG32 FileOffset;
/*0x014*/ ULONG32 Size;
/*0x018*/ ULONG32* ViewAddress;
/*0x01C*/ VOID* Bcb;
/*0x020*/ ULONG32 UseCount;
}CM_VIEW_OF_FILE, *PCM_VIEW_OF_FILE;
/*0x000*/ struct _LIST_ENTRY LRUViewList;
/*0x008*/ struct _LIST_ENTRY PinViewList;
/*0x010*/ ULONG32 FileOffset;
/*0x014*/ ULONG32 Size;
/*0x018*/ ULONG32* ViewAddress;
/*0x01C*/ VOID* Bcb;
/*0x020*/ ULONG32 UseCount;
}CM_VIEW_OF_FILE, *PCM_VIEW_OF_FILE;
typedef struct _CONTEXT {
/*0x000*/ ULONG32 ContextFlags;
/*0x004*/ ULONG32 Dr0;
/*0x008*/ ULONG32 Dr1;
/*0x00C*/ ULONG32 Dr2;
/*0x010*/ ULONG32 Dr3;
/*0x014*/ ULONG32 Dr6;
/*0x018*/ ULONG32 Dr7;
/*0x01C*/ struct _FLOATING_SAVE_AREA FloatSave;
/*0x08C*/ ULONG32 SegGs;
/*0x090*/ ULONG32 SegFs;
/*0x094*/ ULONG32 SegEs;
/*0x098*/ ULONG32 SegDs;
/*0x09C*/ ULONG32 Edi;
/*0x0A0*/ ULONG32 Esi;
/*0x0A4*/ ULONG32 Ebx;
/*0x0A8*/ ULONG32 Edx;
/*0x0AC*/ ULONG32 Ecx;
/*0x0B0*/ ULONG32 Eax;
/*0x0B4*/ ULONG32 Ebp;
/*0x0B8*/ ULONG32 Eip;
/*0x0BC*/ ULONG32 SegCs;
/*0x0C0*/ ULONG32 EFlags;
/*0x0C4*/ ULONG32 Esp;
/*0x0C8*/ ULONG32 SegSs;
/*0x0CC*/ UINT8 ExtendedRegisters[512];
}CONTEXT, *PCONTEXT;
/*0x000*/ ULONG32 ContextFlags;
/*0x004*/ ULONG32 Dr0;
/*0x008*/ ULONG32 Dr1;
/*0x00C*/ ULONG32 Dr2;
/*0x010*/ ULONG32 Dr3;
/*0x014*/ ULONG32 Dr6;
/*0x018*/ ULONG32 Dr7;
/*0x01C*/ struct _FLOATING_SAVE_AREA FloatSave;
/*0x08C*/ ULONG32 SegGs;
/*0x090*/ ULONG32 SegFs;
/*0x094*/ ULONG32 SegEs;
/*0x098*/ ULONG32 SegDs;
/*0x09C*/ ULONG32 Edi;
/*0x0A0*/ ULONG32 Esi;
/*0x0A4*/ ULONG32 Ebx;
/*0x0A8*/ ULONG32 Edx;
/*0x0AC*/ ULONG32 Ecx;
/*0x0B0*/ ULONG32 Eax;
/*0x0B4*/ ULONG32 Ebp;
/*0x0B8*/ ULONG32 Eip;
/*0x0BC*/ ULONG32 SegCs;
/*0x0C0*/ ULONG32 EFlags;
/*0x0C4*/ ULONG32 Esp;
/*0x0C8*/ ULONG32 SegSs;
/*0x0CC*/ UINT8 ExtendedRegisters[512];
}CONTEXT, *PCONTEXT;
typedef struct _CONTROL_AREA {
/*0x000*/ struct _SEGMENT* Segment;
/*0x004*/ struct _LIST_ENTRY DereferenceList;
/*0x00C*/ ULONG32 NumberOfSectionReferences;
/*0x010*/ ULONG32 NumberOfPfnReferences;
/*0x014*/ ULONG32 NumberOfMappedViews;
/*0x018*/ UINT16 NumberOfSubsections;
/*0x01A*/ UINT16 FlushInProgressCount;
/*0x01C*/ ULONG32 NumberOfUserReferences;
union
{
/*0x020*/ ULONG32 LongFlags;
/*0x020*/ struct _MMSECTION_FLAGS Flags;
}u;
/*0x024*/ struct _FILE_OBJECT* FilePointer;
/*0x028*/ struct _EVENT_COUNTER* WaitingForDeletion;
/*0x02C*/ UINT16 ModifiedWriteCount;
/*0x02E*/ UINT16 NumberOfSystemCacheViews;
}CONTROL_AREA, *PCONTROL_AREA;
/*0x000*/ struct _SEGMENT* Segment;
/*0x004*/ struct _LIST_ENTRY DereferenceList;
/*0x00C*/ ULONG32 NumberOfSectionReferences;
/*0x010*/ ULONG32 NumberOfPfnReferences;
/*0x014*/ ULONG32 NumberOfMappedViews;
/*0x018*/ UINT16 NumberOfSubsections;
/*0x01A*/ UINT16 FlushInProgressCount;
/*0x01C*/ ULONG32 NumberOfUserReferences;
union
{
/*0x020*/ ULONG32 LongFlags;
/*0x020*/ struct _MMSECTION_FLAGS Flags;
}u;
/*0x024*/ struct _FILE_OBJECT* FilePointer;
/*0x028*/ struct _EVENT_COUNTER* WaitingForDeletion;
/*0x02C*/ UINT16 ModifiedWriteCount;
/*0x02E*/ UINT16 NumberOfSystemCacheViews;
}CONTROL_AREA, *PCONTROL_AREA;
typedef struct _CURDIR {
/*0x000*/ struct _UNICODE_STRING DosPath;
/*0x008*/ VOID* Handle;
}CURDIR, *PCURDIR;
/*0x000*/ struct _UNICODE_STRING DosPath;
/*0x008*/ VOID* Handle;
}CURDIR, *PCURDIR;
typedef struct _DBGKD_ANY_CONTROL_SET {
union
{
/*0x000*/ struct _X86_DBGKD_CONTROL_SET X86ControlSet;
/*0x000*/ ULONG32 AlphaControlSet;
/*0x000*/ struct _IA64_DBGKD_CONTROL_SET IA64ControlSet;
/*0x000*/ struct _AMD64_DBGKD_CONTROL_SET Amd64ControlSet;
};
}DBGKD_ANY_CONTROL_SET, *PDBGKD_ANY_CONTROL_SET;
union
{
/*0x000*/ struct _X86_DBGKD_CONTROL_SET X86ControlSet;
/*0x000*/ ULONG32 AlphaControlSet;
/*0x000*/ struct _IA64_DBGKD_CONTROL_SET IA64ControlSet;
/*0x000*/ struct _AMD64_DBGKD_CONTROL_SET Amd64ControlSet;
};
}DBGKD_ANY_CONTROL_SET, *PDBGKD_ANY_CONTROL_SET;
typedef struct _DBGKM_EXCEPTION32 {
/*0x000*/ struct _EXCEPTION_RECORD32 ExceptionRecord;
/*0x050*/ ULONG32 FirstChance;
}DBGKM_EXCEPTION32, *PDBGKM_EXCEPTION32;
/*0x000*/ struct _EXCEPTION_RECORD32 ExceptionRecord;
/*0x050*/ ULONG32 FirstChance;
}DBGKM_EXCEPTION32, *PDBGKM_EXCEPTION32;
typedef struct _DBGKM_EXCEPTION64 {
/*0x000*/ struct _EXCEPTION_RECORD64 ExceptionRecord;
/*0x098*/ ULONG32 FirstChance;
/*0x09C*/ UINT8 _PADDING0_[0x4];
}DBGKM_EXCEPTION64, *PDBGKM_EXCEPTION64;
/*0x000*/ struct _EXCEPTION_RECORD64 ExceptionRecord;
/*0x098*/ ULONG32 FirstChance;
/*0x09C*/ UINT8 _PADDING0_[0x4];
}DBGKM_EXCEPTION64, *PDBGKM_EXCEPTION64;
typedef struct _DEFERRED_WRITE {
/*0x000*/ INT16 NodeTypeCode;
/*0x002*/ INT16 NodeByteSize;
/*0x004*/ struct _FILE_OBJECT* FileObject;
/*0x008*/ ULONG32 BytesToWrite;
/*0x00C*/ struct _LIST_ENTRY DeferredWriteLinks;
/*0x014*/ struct _KEVENT* Event;
/*0x018*/ PVOID PostRoutine;
/*0x01C*/ VOID* Context1;
/*0x020*/ VOID* Context2;
/*0x024*/ UINT8 LimitModifiedPages;
/*0x025*/ UINT8 _PADDING0_[0x3];
}DEFERRED_WRITE, *PDEFERRED_WRITE;
/*0x000*/ INT16 NodeTypeCode;
/*0x002*/ INT16 NodeByteSize;
/*0x004*/ struct _FILE_OBJECT* FileObject;
/*0x008*/ ULONG32 BytesToWrite;
/*0x00C*/ struct _LIST_ENTRY DeferredWriteLinks;
/*0x014*/ struct _KEVENT* Event;
/*0x018*/ PVOID PostRoutine;
/*0x01C*/ VOID* Context1;
/*0x020*/ VOID* Context2;
/*0x024*/ UINT8 LimitModifiedPages;
/*0x025*/ UINT8 _PADDING0_[0x3];
}DEFERRED_WRITE, *PDEFERRED_WRITE;
typedef struct _DEVICE_NODE {
/*0x000*/ struct _DEVICE_NODE* Sibling;
/*0x004*/ struct _DEVICE_NODE* Child;
/*0x008*/ struct _DEVICE_NODE* Parent;
/*0x00C*/ struct _DEVICE_NODE* LastChild;
/*0x010*/ ULONG32 Level;
/*0x014*/ struct _PO_DEVICE_NOTIFY* Notify;
/*0x018*/ enum _PNP_DEVNODE_STATE State;
/*0x01C*/ enum _PNP_DEVNODE_STATE PreviousState;
/*0x020*/ enum _PNP_DEVNODE_STATE StateHistory[20];
/*0x070*/ ULONG32 StateHistoryEntry;
/*0x074*/ LONG32 CompletionStatus;
/*0x078*/ struct _IRP* PendingIrp;
/*0x07C*/ ULONG32 Flags;
/*0x080*/ ULONG32 UserFlags;
/*0x084*/ ULONG32 Problem;
/*0x088*/ struct _DEVICE_OBJECT* PhysicalDeviceObject;
/*0x08C*/ struct _CM_RESOURCE_LIST* ResourceList;
/*0x090*/ struct _CM_RESOURCE_LIST* ResourceListTranslated;
/*0x094*/ struct _UNICODE_STRING InstancePath;
/*0x09C*/ struct _UNICODE_STRING ServiceName;
/*0x0A4*/ struct _DEVICE_OBJECT* DuplicatePDO;
/*0x0A8*/ struct _IO_RESOURCE_REQUIREMENTS_LIST* ResourceRequirements;
/*0x0AC*/ enum _INTERFACE_TYPE InterfaceType;
/*0x0B0*/ ULONG32 BusNumber;
/*0x0B4*/ enum _INTERFACE_TYPE ChildInterfaceType;
/*0x0B8*/ ULONG32 ChildBusNumber;
/*0x0BC*/ UINT16 ChildBusTypeIndex;
/*0x0BE*/ UINT8 RemovalPolicy;
/*0x0BF*/ UINT8 HardwareRemovalPolicy;
/*0x0C0*/ struct _LIST_ENTRY TargetDeviceNotify;
/*0x0C8*/ struct _LIST_ENTRY DeviceArbiterList;
/*0x0D0*/ struct _LIST_ENTRY DeviceTranslatorList;
/*0x0D8*/ UINT16 NoTranslatorMask;
/*0x0DA*/ UINT16 QueryTranslatorMask;
/*0x0DC*/ UINT16 NoArbiterMask;
/*0x0DE*/ UINT16 QueryArbiterMask;
union
{
/*0x0E0*/ struct _DEVICE_NODE* LegacyDeviceNode;
/*0x0E0*/ struct _DEVICE_RELATIONS* PendingDeviceRelations;
}OverUsed1;
union
{
/*0x0E4*/ struct _DEVICE_NODE* NextResourceDeviceNode;
}OverUsed2;
/*0x0E8*/ struct _CM_RESOURCE_LIST* BootResources;
/*0x0EC*/ ULONG32 CapabilityFlags;
struct
{
/*0x0F0*/ enum _PROFILE_STATUS DockStatus;
/*0x0F4*/ struct _LIST_ENTRY ListEntry;
/*0x0FC*/ UINT16* SerialNumber;
}DockInfo;
/*0x100*/ ULONG32 DisableableDepends;
/*0x104*/ struct _LIST_ENTRY PendedSetInterfaceState;
/*0x10C*/ struct _LIST_ENTRY LegacyBusListEntry;
/*0x114*/ ULONG32 DriverUnloadRetryCount;
}DEVICE_NODE, *PDEVICE_NODE;
/*0x000*/ struct _DEVICE_NODE* Sibling;
/*0x004*/ struct _DEVICE_NODE* Child;
/*0x008*/ struct _DEVICE_NODE* Parent;
/*0x00C*/ struct _DEVICE_NODE* LastChild;
/*0x010*/ ULONG32 Level;
/*0x014*/ struct _PO_DEVICE_NOTIFY* Notify;
/*0x018*/ enum _PNP_DEVNODE_STATE State;
/*0x01C*/ enum _PNP_DEVNODE_STATE PreviousState;
/*0x020*/ enum _PNP_DEVNODE_STATE StateHistory[20];
/*0x070*/ ULONG32 StateHistoryEntry;
/*0x074*/ LONG32 CompletionStatus;
/*0x078*/ struct _IRP* PendingIrp;
/*0x07C*/ ULONG32 Flags;
/*0x080*/ ULONG32 UserFlags;
/*0x084*/ ULONG32 Problem;
/*0x088*/ struct _DEVICE_OBJECT* PhysicalDeviceObject;
/*0x08C*/ struct _CM_RESOURCE_LIST* ResourceList;
/*0x090*/ struct _CM_RESOURCE_LIST* ResourceListTranslated;
/*0x094*/ struct _UNICODE_STRING InstancePath;
/*0x09C*/ struct _UNICODE_STRING ServiceName;
/*0x0A4*/ struct _DEVICE_OBJECT* DuplicatePDO;
/*0x0A8*/ struct _IO_RESOURCE_REQUIREMENTS_LIST* ResourceRequirements;
/*0x0AC*/ enum _INTERFACE_TYPE InterfaceType;
/*0x0B0*/ ULONG32 BusNumber;
/*0x0B4*/ enum _INTERFACE_TYPE ChildInterfaceType;
/*0x0B8*/ ULONG32 ChildBusNumber;
/*0x0BC*/ UINT16 ChildBusTypeIndex;
/*0x0BE*/ UINT8 RemovalPolicy;
/*0x0BF*/ UINT8 HardwareRemovalPolicy;
/*0x0C0*/ struct _LIST_ENTRY TargetDeviceNotify;
/*0x0C8*/ struct _LIST_ENTRY DeviceArbiterList;
/*0x0D0*/ struct _LIST_ENTRY DeviceTranslatorList;
/*0x0D8*/ UINT16 NoTranslatorMask;
/*0x0DA*/ UINT16 QueryTranslatorMask;
/*0x0DC*/ UINT16 NoArbiterMask;
/*0x0DE*/ UINT16 QueryArbiterMask;
union
{
/*0x0E0*/ struct _DEVICE_NODE* LegacyDeviceNode;
/*0x0E0*/ struct _DEVICE_RELATIONS* PendingDeviceRelations;
}OverUsed1;
union
{
/*0x0E4*/ struct _DEVICE_NODE* NextResourceDeviceNode;
}OverUsed2;
/*0x0E8*/ struct _CM_RESOURCE_LIST* BootResources;
/*0x0EC*/ ULONG32 CapabilityFlags;
struct
{
/*0x0F0*/ enum _PROFILE_STATUS DockStatus;
/*0x0F4*/ struct _LIST_ENTRY ListEntry;
/*0x0FC*/ UINT16* SerialNumber;
}DockInfo;
/*0x100*/ ULONG32 DisableableDepends;
/*0x104*/ struct _LIST_ENTRY PendedSetInterfaceState;
/*0x10C*/ struct _LIST_ENTRY LegacyBusListEntry;
/*0x114*/ ULONG32 DriverUnloadRetryCount;
}DEVICE_NODE, *PDEVICE_NODE;
typedef struct _DISPATCHER_HEADER {
/*0x000*/ UINT8 Type;
/*0x001*/ UINT8 Absolute;
/*0x002*/ UINT8 Size;
/*0x003*/ UINT8 Inserted;
/*0x004*/ LONG32 SignalState;
/*0x008*/ struct _LIST_ENTRY WaitListHead;
}DISPATCHER_HEADER, *PDISPATCHER_HEADER;
/*0x000*/ UINT8 Type;
/*0x001*/ UINT8 Absolute;
/*0x002*/ UINT8 Size;
/*0x003*/ UINT8 Inserted;
/*0x004*/ LONG32 SignalState;
/*0x008*/ struct _LIST_ENTRY WaitListHead;
}DISPATCHER_HEADER, *PDISPATCHER_HEADER;
typedef struct _DRIVER_EXTENSION {
/*0x000*/ struct _DRIVER_OBJECT* DriverObject;
/*0x004*/ PVOID AddDevice;
/*0x008*/ ULONG32 Count;
/*0x00C*/ struct _UNICODE_STRING ServiceKeyName;
/*0x014*/ struct _IO_CLIENT_EXTENSION* ClientDriverExtension;
/*0x018*/ struct _FS_FILTER_CALLBACKS* FsFilterCallbacks;
}DRIVER_EXTENSION, *PDRIVER_EXTENSION;
/*0x000*/ struct _DRIVER_OBJECT* DriverObject;
/*0x004*/ PVOID AddDevice;
/*0x008*/ ULONG32 Count;
/*0x00C*/ struct _UNICODE_STRING ServiceKeyName;
/*0x014*/ struct _IO_CLIENT_EXTENSION* ClientDriverExtension;
/*0x018*/ struct _FS_FILTER_CALLBACKS* FsFilterCallbacks;
}DRIVER_EXTENSION, *PDRIVER_EXTENSION;
typedef struct _DRIVER_OBJECT {
/*0x000*/ INT16 Type;
/*0x002*/ INT16 Size;
/*0x004*/ struct _DEVICE_OBJECT* DeviceObject;
/*0x008*/ ULONG32 Flags;
/*0x00C*/ VOID* DriverStart;
/*0x010*/ ULONG32 DriverSize;
/*0x014*/ VOID* DriverSection;
/*0x018*/ struct _DRIVER_EXTENSION* DriverExtension;
/*0x01C*/ struct _UNICODE_STRING DriverName;
/*0x024*/ struct _UNICODE_STRING* HardwareDatabase;
/*0x028*/ struct _FAST_IO_DISPATCH* FastIoDispatch;
/*0x02C*/ PVOID DriverInit;
/*0x030*/ PVOID DriverStartIo;
/*0x034*/ PVOID DriverUnload;
/*0x038*/ PVOID MajorFunction[28];
}DRIVER_OBJECT, *PDRIVER_OBJECT;
/*0x000*/ INT16 Type;
/*0x002*/ INT16 Size;
/*0x004*/ struct _DEVICE_OBJECT* DeviceObject;
/*0x008*/ ULONG32 Flags;
/*0x00C*/ VOID* DriverStart;
/*0x010*/ ULONG32 DriverSize;
/*0x014*/ VOID* DriverSection;
/*0x018*/ struct _DRIVER_EXTENSION* DriverExtension;
/*0x01C*/ struct _UNICODE_STRING DriverName;
/*0x024*/ struct _UNICODE_STRING* HardwareDatabase;
/*0x028*/ struct _FAST_IO_DISPATCH* FastIoDispatch;
/*0x02C*/ PVOID DriverInit;
/*0x030*/ PVOID DriverStartIo;
/*0x034*/ PVOID DriverUnload;
/*0x038*/ PVOID MajorFunction[28];
}DRIVER_OBJECT, *PDRIVER_OBJECT;
typedef struct _DUAL {
/*0x000*/ ULONG32 Length;
/*0x004*/ struct _HMAP_DIRECTORY* Map;
/*0x008*/ struct _HMAP_TABLE* SmallDir;
/*0x00C*/ ULONG32 Guard;
/*0x010*/ struct _RTL_BITMAP FreeDisplay[24];
/*0x0D0*/ ULONG32 FreeSummary;
/*0x0D4*/ struct _LIST_ENTRY FreeBins;
}DUAL, *PDUAL;
/*0x000*/ ULONG32 Length;
/*0x004*/ struct _HMAP_DIRECTORY* Map;
/*0x008*/ struct _HMAP_TABLE* SmallDir;
/*0x00C*/ ULONG32 Guard;
/*0x010*/ struct _RTL_BITMAP FreeDisplay[24];
/*0x0D0*/ ULONG32 FreeSummary;
/*0x0D4*/ struct _LIST_ENTRY FreeBins;
}DUAL, *PDUAL;
typedef struct _DUMP_INITIALIZATION_CONTEXT {
/*0x000*/ ULONG32 Length;
/*0x004*/ ULONG32 Reserved;
/*0x008*/ VOID* MemoryBlock;
/*0x00C*/ VOID* CommonBuffer[2];
/*0x014*/ UINT8 _PADDING0_[0x4];
/*0x018*/ union _LARGE_INTEGER PhysicalAddress[2];
/*0x028*/ PVOID StallRoutine;
/*0x02C*/ PVOID OpenRoutine;
/*0x030*/ PVOID WriteRoutine;
/*0x034*/ PVOID FinishRoutine;
/*0x038*/ struct _ADAPTER_OBJECT* AdapterObject;
/*0x03C*/ VOID* MappedRegisterBase;
/*0x040*/ VOID* PortConfiguration;
/*0x044*/ UINT8 CrashDump;
/*0x045*/ UINT8 _PADDING1_[0x3];
/*0x048*/ ULONG32 MaximumTransferSize;
/*0x04C*/ ULONG32 CommonBufferSize;
/*0x050*/ VOID* TargetAddress;
/*0x054*/ PVOID WritePendingRoutine;
/*0x058*/ ULONG32 PartitionStyle;
union
{
struct
{
/*0x05C*/ ULONG32 Signature;
/*0x060*/ ULONG32 CheckSum;
}Mbr;
struct
{
/*0x05C*/ struct _GUID DiskId;
}Gpt;
}DiskInfo;
}DUMP_INITIALIZATION_CONTEXT, *PDUMP_INITIALIZATION_CONTEXT;
/*0x000*/ ULONG32 Length;
/*0x004*/ ULONG32 Reserved;
/*0x008*/ VOID* MemoryBlock;
/*0x00C*/ VOID* CommonBuffer[2];
/*0x014*/ UINT8 _PADDING0_[0x4];
/*0x018*/ union _LARGE_INTEGER PhysicalAddress[2];
/*0x028*/ PVOID StallRoutine;
/*0x02C*/ PVOID OpenRoutine;
/*0x030*/ PVOID WriteRoutine;
/*0x034*/ PVOID FinishRoutine;
/*0x038*/ struct _ADAPTER_OBJECT* AdapterObject;
/*0x03C*/ VOID* MappedRegisterBase;
/*0x040*/ VOID* PortConfiguration;
/*0x044*/ UINT8 CrashDump;
/*0x045*/ UINT8 _PADDING1_[0x3];
/*0x048*/ ULONG32 MaximumTransferSize;
/*0x04C*/ ULONG32 CommonBufferSize;
/*0x050*/ VOID* TargetAddress;
/*0x054*/ PVOID WritePendingRoutine;
/*0x058*/ ULONG32 PartitionStyle;
union
{
struct
{
/*0x05C*/ ULONG32 Signature;
/*0x060*/ ULONG32 CheckSum;
}Mbr;
struct
{
/*0x05C*/ struct _GUID DiskId;
}Gpt;
}DiskInfo;
}DUMP_INITIALIZATION_CONTEXT, *PDUMP_INITIALIZATION_CONTEXT;
typedef struct _EPROCESS_QUOTA_BLOCK {
/*0x000*/ struct _EPROCESS_QUOTA_ENTRY QuotaEntry[3];
/*0x030*/ struct _LIST_ENTRY QuotaList;
/*0x038*/ ULONG32 ReferenceCount;
/*0x03C*/ ULONG32 ProcessCount;
}EPROCESS_QUOTA_BLOCK, *PEPROCESS_QUOTA_BLOCK;
/*0x000*/ struct _EPROCESS_QUOTA_ENTRY QuotaEntry[3];
/*0x030*/ struct _LIST_ENTRY QuotaList;
/*0x038*/ ULONG32 ReferenceCount;
/*0x03C*/ ULONG32 ProcessCount;
}EPROCESS_QUOTA_BLOCK, *PEPROCESS_QUOTA_BLOCK;
typedef struct _ERESOURCE {
/*0x000*/ struct _LIST_ENTRY SystemResourcesList;
/*0x008*/ struct _OWNER_ENTRY* OwnerTable;
/*0x00C*/ INT16 ActiveCount;
/*0x00E*/ UINT16 Flag;
/*0x010*/ struct _KSEMAPHORE* SharedWaiters;
/*0x014*/ struct _KEVENT* ExclusiveWaiters;
/*0x018*/ struct _OWNER_ENTRY OwnerThreads[2];
/*0x028*/ ULONG32 ContentionCount;
/*0x02C*/ UINT16 NumberOfSharedWaiters;
/*0x02E*/ UINT16 NumberOfExclusiveWaiters;
union
{
/*0x030*/ VOID* Address;
/*0x030*/ ULONG32 CreatorBackTraceIndex;
};
/*0x034*/ ULONG32 SpinLock;
}ERESOURCE, *PERESOURCE;
/*0x000*/ struct _LIST_ENTRY SystemResourcesList;
/*0x008*/ struct _OWNER_ENTRY* OwnerTable;
/*0x00C*/ INT16 ActiveCount;
/*0x00E*/ UINT16 Flag;
/*0x010*/ struct _KSEMAPHORE* SharedWaiters;
/*0x014*/ struct _KEVENT* ExclusiveWaiters;
/*0x018*/ struct _OWNER_ENTRY OwnerThreads[2];
/*0x028*/ ULONG32 ContentionCount;
/*0x02C*/ UINT16 NumberOfSharedWaiters;
/*0x02E*/ UINT16 NumberOfExclusiveWaiters;
union
{
/*0x030*/ VOID* Address;
/*0x030*/ ULONG32 CreatorBackTraceIndex;
};
/*0x034*/ ULONG32 SpinLock;
}ERESOURCE, *PERESOURCE;
typedef struct _FX_SAVE_AREA {
union
{
/*0x000*/ struct _FNSAVE_FORMAT FnArea;
/*0x000*/ struct _FXSAVE_FORMAT FxArea;
}U;
/*0x208*/ ULONG32 NpxSavedCpu;
/*0x20C*/ ULONG32 Cr0NpxState;
}FX_SAVE_AREA, *PFX_SAVE_AREA;
union
{
/*0x000*/ struct _FNSAVE_FORMAT FnArea;
/*0x000*/ struct _FXSAVE_FORMAT FxArea;
}U;
/*0x208*/ ULONG32 NpxSavedCpu;
/*0x20C*/ ULONG32 Cr0NpxState;
}FX_SAVE_AREA, *PFX_SAVE_AREA;
typedef struct _GENERAL_LOOKASIDE {
/*0x000*/ union _SLIST_HEADER ListHead;
/*0x008*/ UINT16 Depth;
/*0x00A*/ UINT16 MaximumDepth;
/*0x00C*/ ULONG32 TotalAllocates;
union
{
/*0x010*/ ULONG32 AllocateMisses;
/*0x010*/ ULONG32 AllocateHits;
};
/*0x014*/ ULONG32 TotalFrees;
union
{
/*0x018*/ ULONG32 FreeMisses;
/*0x018*/ ULONG32 FreeHits;
};
/*0x01C*/ enum _POOL_TYPE Type;
/*0x020*/ ULONG32 Tag;
/*0x024*/ ULONG32 Size;
/*0x028*/ PVOID Allocate;
/*0x02C*/ PVOID Free;
/*0x030*/ struct _LIST_ENTRY ListEntry;
/*0x038*/ ULONG32 LastTotalAllocates;
union
{
/*0x03C*/ ULONG32 LastAllocateMisses;
/*0x03C*/ ULONG32 LastAllocateHits;
};
/*0x040*/ ULONG32 Future[2];
/*0x048*/ UINT8 _PADDING0_[0x38];
}GENERAL_LOOKASIDE, *PGENERAL_LOOKASIDE;
/*0x000*/ union _SLIST_HEADER ListHead;
/*0x008*/ UINT16 Depth;
/*0x00A*/ UINT16 MaximumDepth;
/*0x00C*/ ULONG32 TotalAllocates;
union
{
/*0x010*/ ULONG32 AllocateMisses;
/*0x010*/ ULONG32 AllocateHits;
};
/*0x014*/ ULONG32 TotalFrees;
union
{
/*0x018*/ ULONG32 FreeMisses;
/*0x018*/ ULONG32 FreeHits;
};
/*0x01C*/ enum _POOL_TYPE Type;
/*0x020*/ ULONG32 Tag;
/*0x024*/ ULONG32 Size;
/*0x028*/ PVOID Allocate;
/*0x02C*/ PVOID Free;
/*0x030*/ struct _LIST_ENTRY ListEntry;
/*0x038*/ ULONG32 LastTotalAllocates;
union
{
/*0x03C*/ ULONG32 LastAllocateMisses;
/*0x03C*/ ULONG32 LastAllocateHits;
};
/*0x040*/ ULONG32 Future[2];
/*0x048*/ UINT8 _PADDING0_[0x38];
}GENERAL_LOOKASIDE, *PGENERAL_LOOKASIDE;
typedef struct _HANDLE_TABLE {
/*0x000*/ ULONG32 TableCode;
/*0x004*/ struct _EPROCESS* QuotaProcess;
/*0x008*/ VOID* UniqueProcessId;
/*0x00C*/ struct _EX_PUSH_LOCK HandleTableLock[4];
/*0x01C*/ struct _LIST_ENTRY HandleTableList;
/*0x024*/ struct _EX_PUSH_LOCK HandleContentionEvent;
/*0x028*/ struct _HANDLE_TRACE_DEBUG_INFO* DebugInfo;
/*0x02C*/ LONG32 ExtraInfoPages;
/*0x030*/ ULONG32 FirstFree;
/*0x034*/ ULONG32 LastFree;
/*0x038*/ ULONG32 NextHandleNeedingPool;
/*0x03C*/ LONG32 HandleCount;
union
{
/*0x040*/ ULONG32 Flags;
/*0x040*/ UINT8 StrictFIFO : 1;
};
}HANDLE_TABLE, *PHANDLE_TABLE;
/*0x000*/ ULONG32 TableCode;
/*0x004*/ struct _EPROCESS* QuotaProcess;
/*0x008*/ VOID* UniqueProcessId;
/*0x00C*/ struct _EX_PUSH_LOCK HandleTableLock[4];
/*0x01C*/ struct _LIST_ENTRY HandleTableList;
/*0x024*/ struct _EX_PUSH_LOCK HandleContentionEvent;
/*0x028*/ struct _HANDLE_TRACE_DEBUG_INFO* DebugInfo;
/*0x02C*/ LONG32 ExtraInfoPages;
/*0x030*/ ULONG32 FirstFree;
/*0x034*/ ULONG32 LastFree;
/*0x038*/ ULONG32 NextHandleNeedingPool;
/*0x03C*/ LONG32 HandleCount;
union
{
/*0x040*/ ULONG32 Flags;
/*0x040*/ UINT8 StrictFIFO : 1;
};
}HANDLE_TABLE, *PHANDLE_TABLE;
typedef struct _HANDLE_TRACE_DB_ENTRY {
/*0x000*/ struct _CLIENT_ID ClientId;
/*0x008*/ VOID* Handle;
/*0x00C*/ ULONG32 Type;
/*0x010*/ VOID* StackTrace[16];
}HANDLE_TRACE_DB_ENTRY, *PHANDLE_TRACE_DB_ENTRY;
/*0x000*/ struct _CLIENT_ID ClientId;
/*0x008*/ VOID* Handle;
/*0x00C*/ ULONG32 Type;
/*0x010*/ VOID* StackTrace[16];
}HANDLE_TRACE_DB_ENTRY, *PHANDLE_TRACE_DB_ENTRY;
typedef struct _HEAP {
/*0x000*/ struct _HEAP_ENTRY Entry;
/*0x008*/ ULONG32 Signature;
/*0x00C*/ ULONG32 Flags;
/*0x010*/ ULONG32 ForceFlags;
/*0x014*/ ULONG32 VirtualMemoryThreshold;
/*0x018*/ ULONG32 SegmentReserve;
/*0x01C*/ ULONG32 SegmentCommit;
/*0x020*/ ULONG32 DeCommitFreeBlockThreshold;
/*0x024*/ ULONG32 DeCommitTotalFreeThreshold;
/*0x028*/ ULONG32 TotalFreeSize;
/*0x02C*/ ULONG32 MaximumAllocationSize;
/*0x030*/ UINT16 ProcessHeapsListIndex;
/*0x032*/ UINT16 HeaderValidateLength;
/*0x034*/ VOID* HeaderValidateCopy;
/*0x038*/ UINT16 NextAvailableTagIndex;
/*0x03A*/ UINT16 MaximumTagIndex;
/*0x03C*/ struct _HEAP_TAG_ENTRY* TagEntries;
/*0x040*/ struct _HEAP_UCR_SEGMENT* UCRSegments;
/*0x044*/ struct _HEAP_UNCOMMMTTED_RANGE* UnusedUnCommittedRanges;
/*0x048*/ ULONG32 AlignRound;
/*0x04C*/ ULONG32 AlignMask;
/*0x050*/ struct _LIST_ENTRY VirtualAllocdBlocks;
/*0x058*/ struct _HEAP_SEGMENT* Segments[64];
union
{
/*0x158*/ ULONG32 FreeListsInUseUlong[4];
/*0x158*/ UINT8 FreeListsInUseBytes[16];
}u;
union
{
/*0x168*/ UINT16 FreeListsInUseTerminate;
/*0x168*/ UINT16 DecommitCount;
}u2;
/*0x16A*/ UINT16 AllocatorBackTraceIndex;
/*0x16C*/ ULONG32 NonDedicatedListLength;
/*0x170*/ VOID* LargeBlocksIndex;
/*0x174*/ struct _HEAP_PSEUDO_TAG_ENTRY* PseudoTagEntries;
/*0x178*/ struct _LIST_ENTRY FreeLists[128];
/*0x578*/ struct _HEAP_LOCK* LockVariable;
/*0x57C*/ PVOID CommitRoutine;
/*0x580*/ VOID* FrontEndHeap;
/*0x584*/ UINT16 FrontHeapLockCount;
/*0x586*/ UINT8 FrontEndHeapType;
/*0x587*/ UINT8 LastSegmentIndex;
}HEAP, *PHEAP;
/*0x000*/ struct _HEAP_ENTRY Entry;
/*0x008*/ ULONG32 Signature;
/*0x00C*/ ULONG32 Flags;
/*0x010*/ ULONG32 ForceFlags;
/*0x014*/ ULONG32 VirtualMemoryThreshold;
/*0x018*/ ULONG32 SegmentReserve;
/*0x01C*/ ULONG32 SegmentCommit;
/*0x020*/ ULONG32 DeCommitFreeBlockThreshold;
/*0x024*/ ULONG32 DeCommitTotalFreeThreshold;
/*0x028*/ ULONG32 TotalFreeSize;
/*0x02C*/ ULONG32 MaximumAllocationSize;
/*0x030*/ UINT16 ProcessHeapsListIndex;
/*0x032*/ UINT16 HeaderValidateLength;
/*0x034*/ VOID* HeaderValidateCopy;
/*0x038*/ UINT16 NextAvailableTagIndex;
/*0x03A*/ UINT16 MaximumTagIndex;
/*0x03C*/ struct _HEAP_TAG_ENTRY* TagEntries;
/*0x040*/ struct _HEAP_UCR_SEGMENT* UCRSegments;
/*0x044*/ struct _HEAP_UNCOMMMTTED_RANGE* UnusedUnCommittedRanges;
/*0x048*/ ULONG32 AlignRound;
/*0x04C*/ ULONG32 AlignMask;
/*0x050*/ struct _LIST_ENTRY VirtualAllocdBlocks;
/*0x058*/ struct _HEAP_SEGMENT* Segments[64];
union
{
/*0x158*/ ULONG32 FreeListsInUseUlong[4];
/*0x158*/ UINT8 FreeListsInUseBytes[16];
}u;
union
{
/*0x168*/ UINT16 FreeListsInUseTerminate;
/*0x168*/ UINT16 DecommitCount;
}u2;
/*0x16A*/ UINT16 AllocatorBackTraceIndex;
/*0x16C*/ ULONG32 NonDedicatedListLength;
/*0x170*/ VOID* LargeBlocksIndex;
/*0x174*/ struct _HEAP_PSEUDO_TAG_ENTRY* PseudoTagEntries;
/*0x178*/ struct _LIST_ENTRY FreeLists[128];
/*0x578*/ struct _HEAP_LOCK* LockVariable;
/*0x57C*/ PVOID CommitRoutine;
/*0x580*/ VOID* FrontEndHeap;
/*0x584*/ UINT16 FrontHeapLockCount;
/*0x586*/ UINT8 FrontEndHeapType;
/*0x587*/ UINT8 LastSegmentIndex;
}HEAP, *PHEAP;
typedef struct _HEAP_FREE_ENTRY {
union
{
struct
{
/*0x000*/ UINT16 Size;
/*0x002*/ UINT16 PreviousSize;
};
/*0x000*/ VOID* SubSegmentCode;
};
/*0x004*/ UINT8 SmallTagIndex;
/*0x005*/ UINT8 Flags;
/*0x006*/ UINT8 UnusedBytes;
/*0x007*/ UINT8 SegmentIndex;
/*0x008*/ struct _LIST_ENTRY FreeList;
}HEAP_FREE_ENTRY, *PHEAP_FREE_ENTRY;
union
{
struct
{
/*0x000*/ UINT16 Size;
/*0x002*/ UINT16 PreviousSize;
};
/*0x000*/ VOID* SubSegmentCode;
};
/*0x004*/ UINT8 SmallTagIndex;
/*0x005*/ UINT8 Flags;
/*0x006*/ UINT8 UnusedBytes;
/*0x007*/ UINT8 SegmentIndex;
/*0x008*/ struct _LIST_ENTRY FreeList;
}HEAP_FREE_ENTRY, *PHEAP_FREE_ENTRY;
typedef struct _HEAP_SEGMENT {
/*0x000*/ struct _HEAP_ENTRY Entry;
/*0x008*/ ULONG32 Signature;
/*0x00C*/ ULONG32 Flags;
/*0x010*/ struct _HEAP* Heap;
/*0x014*/ ULONG32 LargestUnCommittedRange;
/*0x018*/ VOID* BaseAddress;
/*0x01C*/ ULONG32 NumberOfPages;
/*0x020*/ struct _HEAP_ENTRY* FirstEntry;
/*0x024*/ struct _HEAP_ENTRY* LastValidEntry;
/*0x028*/ ULONG32 NumberOfUnCommittedPages;
/*0x02C*/ ULONG32 NumberOfUnCommittedRanges;
/*0x030*/ struct _HEAP_UNCOMMMTTED_RANGE* UnCommittedRanges;
/*0x034*/ UINT16 AllocatorBackTraceIndex;
/*0x036*/ UINT16 Reserved;
/*0x038*/ struct _HEAP_ENTRY* LastEntryInSegment;
}HEAP_SEGMENT, *PHEAP_SEGMENT;
/*0x000*/ struct _HEAP_ENTRY Entry;
/*0x008*/ ULONG32 Signature;
/*0x00C*/ ULONG32 Flags;
/*0x010*/ struct _HEAP* Heap;
/*0x014*/ ULONG32 LargestUnCommittedRange;
/*0x018*/ VOID* BaseAddress;
/*0x01C*/ ULONG32 NumberOfPages;
/*0x020*/ struct _HEAP_ENTRY* FirstEntry;
/*0x024*/ struct _HEAP_ENTRY* LastValidEntry;
/*0x028*/ ULONG32 NumberOfUnCommittedPages;
/*0x02C*/ ULONG32 NumberOfUnCommittedRanges;
/*0x030*/ struct _HEAP_UNCOMMMTTED_RANGE* UnCommittedRanges;
/*0x034*/ UINT16 AllocatorBackTraceIndex;
/*0x036*/ UINT16 Reserved;
/*0x038*/ struct _HEAP_ENTRY* LastEntryInSegment;
}HEAP_SEGMENT, *PHEAP_SEGMENT;
typedef struct _HEAP_STOP_ON_VALUES {
/*0x000*/ ULONG32 AllocAddress;
/*0x004*/ struct _HEAP_STOP_ON_TAG AllocTag;
/*0x008*/ ULONG32 ReAllocAddress;
/*0x00C*/ struct _HEAP_STOP_ON_TAG ReAllocTag;
/*0x010*/ ULONG32 FreeAddress;
/*0x014*/ struct _HEAP_STOP_ON_TAG FreeTag;
}HEAP_STOP_ON_VALUES, *PHEAP_STOP_ON_VALUES;
/*0x000*/ ULONG32 AllocAddress;
/*0x004*/ struct _HEAP_STOP_ON_TAG AllocTag;
/*0x008*/ ULONG32 ReAllocAddress;
/*0x00C*/ struct _HEAP_STOP_ON_TAG ReAllocTag;
/*0x010*/ ULONG32 FreeAddress;
/*0x014*/ struct _HEAP_STOP_ON_TAG FreeTag;
}HEAP_STOP_ON_VALUES, *PHEAP_STOP_ON_VALUES;
typedef struct _HEAP_SUBSEGMENT {
/*0x000*/ VOID* Bucket;
/*0x004*/ struct _HEAP_USERDATA_HEADER* UserBlocks;
/*0x008*/ struct _INTERLOCK_SEQ AggregateExchg;
union
{
struct
{
/*0x010*/ UINT16 BlockSize;
/*0x012*/ UINT16 FreeThreshold;
/*0x014*/ UINT16 BlockCount;
/*0x016*/ UINT8 SizeIndex;
/*0x017*/ UINT8 AffinityIndex;
};
/*0x010*/ ULONG32 Alignment[2];
};
/*0x018*/ struct _SINGLE_LIST_ENTRY SFreeListEntry;
/*0x01C*/ ULONG32 Lock;
}HEAP_SUBSEGMENT, *PHEAP_SUBSEGMENT;
/*0x000*/ VOID* Bucket;
/*0x004*/ struct _HEAP_USERDATA_HEADER* UserBlocks;
/*0x008*/ struct _INTERLOCK_SEQ AggregateExchg;
union
{
struct
{
/*0x010*/ UINT16 BlockSize;
/*0x012*/ UINT16 FreeThreshold;
/*0x014*/ UINT16 BlockCount;
/*0x016*/ UINT8 SizeIndex;
/*0x017*/ UINT8 AffinityIndex;
};
/*0x010*/ ULONG32 Alignment[2];
};
/*0x018*/ struct _SINGLE_LIST_ENTRY SFreeListEntry;
/*0x01C*/ ULONG32 Lock;
}HEAP_SUBSEGMENT, *PHEAP_SUBSEGMENT;
typedef struct _HEAP_USERDATA_HEADER {
union
{
/*0x000*/ struct _SINGLE_LIST_ENTRY SFreeListEntry;
/*0x000*/ struct _HEAP_SUBSEGMENT* SubSegment;
};
/*0x004*/ VOID* HeapHandle;
/*0x008*/ ULONG32 SizeIndex;
/*0x00C*/ ULONG32 Signature;
}HEAP_USERDATA_HEADER, *PHEAP_USERDATA_HEADER;
union
{
/*0x000*/ struct _SINGLE_LIST_ENTRY SFreeListEntry;
/*0x000*/ struct _HEAP_SUBSEGMENT* SubSegment;
};
/*0x004*/ VOID* HeapHandle;
/*0x008*/ ULONG32 SizeIndex;
/*0x00C*/ ULONG32 Signature;
}HEAP_USERDATA_HEADER, *PHEAP_USERDATA_HEADER;
typedef struct _HEAP_VIRTUAL_ALLOC_ENTRY {
/*0x000*/ struct _LIST_ENTRY Entry;
/*0x008*/ struct _HEAP_ENTRY_EXTRA ExtraStuff;
/*0x010*/ ULONG32 CommitSize;
/*0x014*/ ULONG32 ReserveSize;
/*0x018*/ struct _HEAP_ENTRY BusyBlock;
}HEAP_VIRTUAL_ALLOC_ENTRY, *PHEAP_VIRTUAL_ALLOC_ENTRY;
/*0x000*/ struct _LIST_ENTRY Entry;
/*0x008*/ struct _HEAP_ENTRY_EXTRA ExtraStuff;
/*0x010*/ ULONG32 CommitSize;
/*0x014*/ ULONG32 ReserveSize;
/*0x018*/ struct _HEAP_ENTRY BusyBlock;
}HEAP_VIRTUAL_ALLOC_ENTRY, *PHEAP_VIRTUAL_ALLOC_ENTRY;
typedef struct _HMAP_TABLE {
/*0x000*/ struct _HMAP_ENTRY Table[512];
}HMAP_TABLE, *PHMAP_TABLE;
/*0x000*/ struct _HMAP_ENTRY Table[512];
}HMAP_TABLE, *PHMAP_TABLE;
typedef struct _IMAGE_OPTIONAL_HEADER {
/*0x000*/ UINT16 Magic;
/*0x002*/ UINT8 MajorLinkerVersion;
/*0x003*/ UINT8 MinorLinkerVersion;
/*0x004*/ ULONG32 SizeOfCode;
/*0x008*/ ULONG32 SizeOfInitializedData;
/*0x00C*/ ULONG32 SizeOfUninitializedData;
/*0x010*/ ULONG32 AddressOfEntryPoint;
/*0x014*/ ULONG32 BaseOfCode;
/*0x018*/ ULONG32 BaseOfData;
/*0x01C*/ ULONG32 ImageBase;
/*0x020*/ ULONG32 SectionAlignment;
/*0x024*/ ULONG32 FileAlignment;
/*0x028*/ UINT16 MajorOperatingSystemVersion;
/*0x02A*/ UINT16 MinorOperatingSystemVersion;
/*0x02C*/ UINT16 MajorImageVersion;
/*0x02E*/ UINT16 MinorImageVersion;
/*0x030*/ UINT16 MajorSubsystemVersion;
/*0x032*/ UINT16 MinorSubsystemVersion;
/*0x034*/ ULONG32 Win32VersionValue;
/*0x038*/ ULONG32 SizeOfImage;
/*0x03C*/ ULONG32 SizeOfHeaders;
/*0x040*/ ULONG32 CheckSum;
/*0x044*/ UINT16 Subsystem;
/*0x046*/ UINT16 DllCharacteristics;
/*0x048*/ ULONG32 SizeOfStackReserve;
/*0x04C*/ ULONG32 SizeOfStackCommit;
/*0x050*/ ULONG32 SizeOfHeapReserve;
/*0x054*/ ULONG32 SizeOfHeapCommit;
/*0x058*/ ULONG32 LoaderFlags;
/*0x05C*/ ULONG32 NumberOfRvaAndSizes;
/*0x060*/ struct _IMAGE_DATA_DIRECTORY DataDirectory[16];
}IMAGE_OPTIONAL_HEADER, *PIMAGE_OPTIONAL_HEADER;
/*0x000*/ UINT16 Magic;
/*0x002*/ UINT8 MajorLinkerVersion;
/*0x003*/ UINT8 MinorLinkerVersion;
/*0x004*/ ULONG32 SizeOfCode;
/*0x008*/ ULONG32 SizeOfInitializedData;
/*0x00C*/ ULONG32 SizeOfUninitializedData;
/*0x010*/ ULONG32 AddressOfEntryPoint;
/*0x014*/ ULONG32 BaseOfCode;
/*0x018*/ ULONG32 BaseOfData;
/*0x01C*/ ULONG32 ImageBase;
/*0x020*/ ULONG32 SectionAlignment;
/*0x024*/ ULONG32 FileAlignment;
/*0x028*/ UINT16 MajorOperatingSystemVersion;
/*0x02A*/ UINT16 MinorOperatingSystemVersion;
/*0x02C*/ UINT16 MajorImageVersion;
/*0x02E*/ UINT16 MinorImageVersion;
/*0x030*/ UINT16 MajorSubsystemVersion;
/*0x032*/ UINT16 MinorSubsystemVersion;
/*0x034*/ ULONG32 Win32VersionValue;
/*0x038*/ ULONG32 SizeOfImage;
/*0x03C*/ ULONG32 SizeOfHeaders;
/*0x040*/ ULONG32 CheckSum;
/*0x044*/ UINT16 Subsystem;
/*0x046*/ UINT16 DllCharacteristics;
/*0x048*/ ULONG32 SizeOfStackReserve;
/*0x04C*/ ULONG32 SizeOfStackCommit;
/*0x050*/ ULONG32 SizeOfHeapReserve;
/*0x054*/ ULONG32 SizeOfHeapCommit;
/*0x058*/ ULONG32 LoaderFlags;
/*0x05C*/ ULONG32 NumberOfRvaAndSizes;
/*0x060*/ struct _IMAGE_DATA_DIRECTORY DataDirectory[16];
}IMAGE_OPTIONAL_HEADER, *PIMAGE_OPTIONAL_HEADER;
typedef struct _IO_RESOURCE_LIST {
/*0x000*/ UINT16 Version;
/*0x002*/ UINT16 Revision;
/*0x004*/ ULONG32 Count;
/*0x008*/ struct _IO_RESOURCE_DESCRIPTOR Descriptors[1];
}IO_RESOURCE_LIST, *PIO_RESOURCE_LIST;
/*0x000*/ UINT16 Version;
/*0x002*/ UINT16 Revision;
/*0x004*/ ULONG32 Count;
/*0x008*/ struct _IO_RESOURCE_DESCRIPTOR Descriptors[1];
}IO_RESOURCE_LIST, *PIO_RESOURCE_LIST;
typedef struct _IO_TIMER {
/*0x000*/ INT16 Type;
/*0x002*/ INT16 TimerFlag;
/*0x004*/ struct _LIST_ENTRY TimerList;
/*0x00C*/ PVOID TimerRoutine;
/*0x010*/ VOID* Context;
/*0x014*/ struct _DEVICE_OBJECT* DeviceObject;
}IO_TIMER, *PIO_TIMER;
/*0x000*/ INT16 Type;
/*0x002*/ INT16 TimerFlag;
/*0x004*/ struct _LIST_ENTRY TimerList;
/*0x00C*/ PVOID TimerRoutine;
/*0x010*/ VOID* Context;
/*0x014*/ struct _DEVICE_OBJECT* DeviceObject;
}IO_TIMER, *PIO_TIMER;
typedef struct _KAPC {
/*0x000*/ INT16 Type;
/*0x002*/ INT16 Size;
/*0x004*/ ULONG32 Spare0;
/*0x008*/ struct _KTHREAD* Thread;
/*0x00C*/ struct _LIST_ENTRY ApcListEntry;
/*0x014*/ PVOID KernelRoutine;
/*0x018*/ PVOID RundownRoutine;
/*0x01C*/ PVOID NormalRoutine;
/*0x020*/ VOID* NormalContext;
/*0x024*/ VOID* SystemArgument1;
/*0x028*/ VOID* SystemArgument2;
/*0x02C*/ CHAR ApcStateIndex;
/*0x02D*/ CHAR ApcMode;
/*0x02E*/ UINT8 Inserted;
/*0x02F*/ UINT8 _PADDING0_[0x1];
}KAPC, *PKAPC;
/*0x000*/ INT16 Type;
/*0x002*/ INT16 Size;
/*0x004*/ ULONG32 Spare0;
/*0x008*/ struct _KTHREAD* Thread;
/*0x00C*/ struct _LIST_ENTRY ApcListEntry;
/*0x014*/ PVOID KernelRoutine;
/*0x018*/ PVOID RundownRoutine;
/*0x01C*/ PVOID NormalRoutine;
/*0x020*/ VOID* NormalContext;
/*0x024*/ VOID* SystemArgument1;
/*0x028*/ VOID* SystemArgument2;
/*0x02C*/ CHAR ApcStateIndex;
/*0x02D*/ CHAR ApcMode;
/*0x02E*/ UINT8 Inserted;
/*0x02F*/ UINT8 _PADDING0_[0x1];
}KAPC, *PKAPC;
typedef struct _KAPC_STATE {
/*0x000*/ struct _LIST_ENTRY ApcListHead[2];
/*0x010*/ struct _KPROCESS* Process;
/*0x014*/ UINT8 KernelApcInProgress;
/*0x015*/ UINT8 KernelApcPending;
/*0x016*/ UINT8 UserApcPending;
/*0x017*/ UINT8 _PADDING0_[0x1];
}KAPC_STATE, *PKAPC_STATE;
/*0x000*/ struct _LIST_ENTRY ApcListHead[2];
/*0x010*/ struct _KPROCESS* Process;
/*0x014*/ UINT8 KernelApcInProgress;
/*0x015*/ UINT8 KernelApcPending;
/*0x016*/ UINT8 UserApcPending;
/*0x017*/ UINT8 _PADDING0_[0x1];
}KAPC_STATE, *PKAPC_STATE;
typedef struct _KDEVICE_QUEUE {
/*0x000*/ INT16 Type;
/*0x002*/ INT16 Size;
/*0x004*/ struct _LIST_ENTRY DeviceListHead;
/*0x00C*/ ULONG32 Lock;
/*0x010*/ UINT8 Busy;
/*0x011*/ UINT8 _PADDING0_[0x3];
}KDEVICE_QUEUE, *PKDEVICE_QUEUE;
/*0x000*/ INT16 Type;
/*0x002*/ INT16 Size;
/*0x004*/ struct _LIST_ENTRY DeviceListHead;
/*0x00C*/ ULONG32 Lock;
/*0x010*/ UINT8 Busy;
/*0x011*/ UINT8 _PADDING0_[0x3];
}KDEVICE_QUEUE, *PKDEVICE_QUEUE;
typedef struct _KDEVICE_QUEUE_ENTRY {
/*0x000*/ struct _LIST_ENTRY DeviceListEntry;
/*0x008*/ ULONG32 SortKey;
/*0x00C*/ UINT8 Inserted;
/*0x00D*/ UINT8 _PADDING0_[0x3];
}KDEVICE_QUEUE_ENTRY, *PKDEVICE_QUEUE_ENTRY;
/*0x000*/ struct _LIST_ENTRY DeviceListEntry;
/*0x008*/ ULONG32 SortKey;
/*0x00C*/ UINT8 Inserted;
/*0x00D*/ UINT8 _PADDING0_[0x3];
}KDEVICE_QUEUE_ENTRY, *PKDEVICE_QUEUE_ENTRY;
typedef struct _KDPC {
/*0x000*/ INT16 Type;
/*0x002*/ UINT8 Number;
/*0x003*/ UINT8 Importance;
/*0x004*/ struct _LIST_ENTRY DpcListEntry;
/*0x00C*/ PVOID DeferredRoutine;
/*0x010*/ VOID* DeferredContext;
/*0x014*/ VOID* SystemArgument1;
/*0x018*/ VOID* SystemArgument2;
/*0x01C*/ ULONG32* Lock;
}KDPC, *PKDPC;
/*0x000*/ INT16 Type;
/*0x002*/ UINT8 Number;
/*0x003*/ UINT8 Importance;
/*0x004*/ struct _LIST_ENTRY DpcListEntry;
/*0x00C*/ PVOID DeferredRoutine;
/*0x010*/ VOID* DeferredContext;
/*0x014*/ VOID* SystemArgument1;
/*0x018*/ VOID* SystemArgument2;
/*0x01C*/ ULONG32* Lock;
}KDPC, *PKDPC;
typedef struct _KINTERRUPT {
/*0x000*/ INT16 Type;
/*0x002*/ INT16 Size;
/*0x004*/ struct _LIST_ENTRY InterruptListEntry;
/*0x00C*/ PVOID ServiceRoutine;
/*0x010*/ VOID* ServiceContext;
/*0x014*/ ULONG32 SpinLock;
/*0x018*/ ULONG32 TickCount;
/*0x01C*/ ULONG32* ActualLock;
/*0x020*/ PVOID DispatchAddress;
/*0x024*/ ULONG32 Vector;
/*0x028*/ UINT8 Irql;
/*0x029*/ UINT8 SynchronizeIrql;
/*0x02A*/ UINT8 FloatingSave;
/*0x02B*/ UINT8 Connected;
/*0x02C*/ CHAR Number;
/*0x02D*/ UINT8 ShareVector;
/*0x02E*/ UINT8 _PADDING0_[0x2];
/*0x030*/ enum _KINTERRUPT_MODE Mode;
/*0x034*/ ULONG32 ServiceCount;
/*0x038*/ ULONG32 DispatchCount;
/*0x03C*/ ULONG32 DispatchCode[106];
}KINTERRUPT, *PKINTERRUPT;
/*0x000*/ INT16 Type;
/*0x002*/ INT16 Size;
/*0x004*/ struct _LIST_ENTRY InterruptListEntry;
/*0x00C*/ PVOID ServiceRoutine;
/*0x010*/ VOID* ServiceContext;
/*0x014*/ ULONG32 SpinLock;
/*0x018*/ ULONG32 TickCount;
/*0x01C*/ ULONG32* ActualLock;
/*0x020*/ PVOID DispatchAddress;
/*0x024*/ ULONG32 Vector;
/*0x028*/ UINT8 Irql;
/*0x029*/ UINT8 SynchronizeIrql;
/*0x02A*/ UINT8 FloatingSave;
/*0x02B*/ UINT8 Connected;
/*0x02C*/ CHAR Number;
/*0x02D*/ UINT8 ShareVector;
/*0x02E*/ UINT8 _PADDING0_[0x2];
/*0x030*/ enum _KINTERRUPT_MODE Mode;
/*0x034*/ ULONG32 ServiceCount;
/*0x038*/ ULONG32 DispatchCount;
/*0x03C*/ ULONG32 DispatchCode[106];
}KINTERRUPT, *PKINTERRUPT;
typedef struct _KLOCK_QUEUE_HANDLE {
/*0x000*/ struct _KSPIN_LOCK_QUEUE LockQueue;
/*0x008*/ UINT8 OldIrql;
/*0x009*/ UINT8 _PADDING0_[0x3];
}KLOCK_QUEUE_HANDLE, *PKLOCK_QUEUE_HANDLE;
/*0x000*/ struct _KSPIN_LOCK_QUEUE LockQueue;
/*0x008*/ UINT8 OldIrql;
/*0x009*/ UINT8 _PADDING0_[0x3];
}KLOCK_QUEUE_HANDLE, *PKLOCK_QUEUE_HANDLE;
typedef struct _KNODE {
/*0x000*/ ULONG32 ProcessorMask;
/*0x004*/ ULONG32 Color;
/*0x008*/ ULONG32 MmShiftedColor;
/*0x00C*/ ULONG32 FreeCount[2];
/*0x014*/ UINT8 _PADDING0_[0x4];
/*0x018*/ union _SLIST_HEADER DeadStackList;
/*0x020*/ union _SLIST_HEADER PfnDereferenceSListHead;
/*0x028*/ struct _SINGLE_LIST_ENTRY* PfnDeferredList;
/*0x02C*/ UINT8 Seed;
/*0x02D*/ struct _flags Flags;
/*0x02E*/ UINT8 _PADDING1_[0x2];
}KNODE, *PKNODE;
/*0x000*/ ULONG32 ProcessorMask;
/*0x004*/ ULONG32 Color;
/*0x008*/ ULONG32 MmShiftedColor;
/*0x00C*/ ULONG32 FreeCount[2];
/*0x014*/ UINT8 _PADDING0_[0x4];
/*0x018*/ union _SLIST_HEADER DeadStackList;
/*0x020*/ union _SLIST_HEADER PfnDereferenceSListHead;
/*0x028*/ struct _SINGLE_LIST_ENTRY* PfnDeferredList;
/*0x02C*/ UINT8 Seed;
/*0x02D*/ struct _flags Flags;
/*0x02E*/ UINT8 _PADDING1_[0x2];
}KNODE, *PKNODE;
typedef struct _KSPECIAL_REGISTERS {
/*0x000*/ ULONG32 Cr0;
/*0x004*/ ULONG32 Cr2;
/*0x008*/ ULONG32 Cr3;
/*0x00C*/ ULONG32 Cr4;
/*0x010*/ ULONG32 KernelDr0;
/*0x014*/ ULONG32 KernelDr1;
/*0x018*/ ULONG32 KernelDr2;
/*0x01C*/ ULONG32 KernelDr3;
/*0x020*/ ULONG32 KernelDr6;
/*0x024*/ ULONG32 KernelDr7;
/*0x028*/ struct _DESCRIPTOR Gdtr;
/*0x030*/ struct _DESCRIPTOR Idtr;
/*0x038*/ UINT16 Tr;
/*0x03A*/ UINT16 Ldtr;
/*0x03C*/ ULONG32 Reserved[6];
}KSPECIAL_REGISTERS, *PKSPECIAL_REGISTERS;
/*0x000*/ ULONG32 Cr0;
/*0x004*/ ULONG32 Cr2;
/*0x008*/ ULONG32 Cr3;
/*0x00C*/ ULONG32 Cr4;
/*0x010*/ ULONG32 KernelDr0;
/*0x014*/ ULONG32 KernelDr1;
/*0x018*/ ULONG32 KernelDr2;
/*0x01C*/ ULONG32 KernelDr3;
/*0x020*/ ULONG32 KernelDr6;
/*0x024*/ ULONG32 KernelDr7;
/*0x028*/ struct _DESCRIPTOR Gdtr;
/*0x030*/ struct _DESCRIPTOR Idtr;
/*0x038*/ UINT16 Tr;
/*0x03A*/ UINT16 Ldtr;
/*0x03C*/ ULONG32 Reserved[6];
}KSPECIAL_REGISTERS, *PKSPECIAL_REGISTERS;
typedef struct _KTSS {
/*0x000*/ UINT16 Backlink;
/*0x002*/ UINT16 Reserved0;
/*0x004*/ ULONG32 Esp0;
/*0x008*/ UINT16 Ss0;
/*0x00A*/ UINT16 Reserved1;
/*0x00C*/ ULONG32 NotUsed1[4];
/*0x01C*/ ULONG32 CR3;
/*0x020*/ ULONG32 Eip;
/*0x024*/ ULONG32 EFlags;
/*0x028*/ ULONG32 Eax;
/*0x02C*/ ULONG32 Ecx;
/*0x030*/ ULONG32 Edx;
/*0x034*/ ULONG32 Ebx;
/*0x038*/ ULONG32 Esp;
/*0x03C*/ ULONG32 Ebp;
/*0x040*/ ULONG32 Esi;
/*0x044*/ ULONG32 Edi;
/*0x048*/ UINT16 Es;
/*0x04A*/ UINT16 Reserved2;
/*0x04C*/ UINT16 Cs;
/*0x04E*/ UINT16 Reserved3;
/*0x050*/ UINT16 Ss;
/*0x052*/ UINT16 Reserved4;
/*0x054*/ UINT16 Ds;
/*0x056*/ UINT16 Reserved5;
/*0x058*/ UINT16 Fs;
/*0x05A*/ UINT16 Reserved6;
/*0x05C*/ UINT16 Gs;
/*0x05E*/ UINT16 Reserved7;
/*0x060*/ UINT16 LDT;
/*0x062*/ UINT16 Reserved8;
/*0x064*/ UINT16 Flags;
/*0x066*/ UINT16 IoMapBase;
/*0x068*/ struct _KiIoAccessMap IoMaps[1];
/*0x208C*/ UINT8 IntDirectionMap[32];
}KTSS, *PKTSS;
/*0x000*/ UINT16 Backlink;
/*0x002*/ UINT16 Reserved0;
/*0x004*/ ULONG32 Esp0;
/*0x008*/ UINT16 Ss0;
/*0x00A*/ UINT16 Reserved1;
/*0x00C*/ ULONG32 NotUsed1[4];
/*0x01C*/ ULONG32 CR3;
/*0x020*/ ULONG32 Eip;
/*0x024*/ ULONG32 EFlags;
/*0x028*/ ULONG32 Eax;
/*0x02C*/ ULONG32 Ecx;
/*0x030*/ ULONG32 Edx;
/*0x034*/ ULONG32 Ebx;
/*0x038*/ ULONG32 Esp;
/*0x03C*/ ULONG32 Ebp;
/*0x040*/ ULONG32 Esi;
/*0x044*/ ULONG32 Edi;
/*0x048*/ UINT16 Es;
/*0x04A*/ UINT16 Reserved2;
/*0x04C*/ UINT16 Cs;
/*0x04E*/ UINT16 Reserved3;
/*0x050*/ UINT16 Ss;
/*0x052*/ UINT16 Reserved4;
/*0x054*/ UINT16 Ds;
/*0x056*/ UINT16 Reserved5;
/*0x058*/ UINT16 Fs;
/*0x05A*/ UINT16 Reserved6;
/*0x05C*/ UINT16 Gs;
/*0x05E*/ UINT16 Reserved7;
/*0x060*/ UINT16 LDT;
/*0x062*/ UINT16 Reserved8;
/*0x064*/ UINT16 Flags;
/*0x066*/ UINT16 IoMapBase;
/*0x068*/ struct _KiIoAccessMap IoMaps[1];
/*0x208C*/ UINT8 IntDirectionMap[32];
}KTSS, *PKTSS;
typedef struct _KUSER_SHARED_DATA {
/*0x000*/ ULONG32 TickCountLow;
/*0x004*/ ULONG32 TickCountMultiplier;
/*0x008*/ struct _KSYSTEM_TIME InterruptTime;
/*0x014*/ struct _KSYSTEM_TIME SystemTime;
/*0x020*/ struct _KSYSTEM_TIME TimeZoneBias;
/*0x02C*/ UINT16 ImageNumberLow;
/*0x02E*/ UINT16 ImageNumberHigh;
/*0x030*/ UINT16 NtSystemRoot[260];
/*0x238*/ ULONG32 MaxStackTraceDepth;
/*0x23C*/ ULONG32 CryptoExponent;
/*0x240*/ ULONG32 TimeZoneId;
/*0x244*/ ULONG32 Reserved2[8];
/*0x264*/ enum _NT_PRODUCT_TYPE NtProductType;
/*0x268*/ UINT8 ProductTypeIsValid;
/*0x269*/ UINT8 _PADDING0_[0x3];
/*0x26C*/ ULONG32 NtMajorVersion;
/*0x270*/ ULONG32 NtMinorVersion;
/*0x274*/ UINT8 ProcessorFeatures[64];
/*0x2B4*/ ULONG32 Reserved1;
/*0x2B8*/ ULONG32 Reserved3;
/*0x2BC*/ ULONG32 TimeSlip;
/*0x2C0*/ enum _ALTERNATIVE_ARCHITECTURE_TYPE AlternativeArchitecture;
/*0x2C4*/ UINT8 _PADDING1_[0x4];
/*0x2C8*/ union _LARGE_INTEGER SystemExpirationDate;
/*0x2D0*/ ULONG32 SuiteMask;
/*0x2D4*/ UINT8 KdDebuggerEnabled;
/*0x2D5*/ UINT8 NXSupportPolicy;
/*0x2D6*/ UINT8 _PADDING2_[0x2];
/*0x2D8*/ ULONG32 ActiveConsoleId;
/*0x2DC*/ ULONG32 DismountCount;
/*0x2E0*/ ULONG32 ComPlusPackage;
/*0x2E4*/ ULONG32 LastSystemRITEventTickCount;
/*0x2E8*/ ULONG32 NumberOfPhysicalPages;
/*0x2EC*/ UINT8 SafeBootMode;
/*0x2ED*/ UINT8 _PADDING3_[0x3];
/*0x2F0*/ ULONG32 TraceLogging;
/*0x2F4*/ UINT8 _PADDING4_[0x4];
/*0x2F8*/ UINT64 TestRetInstruction;
/*0x300*/ ULONG32 SystemCall;
/*0x304*/ ULONG32 SystemCallReturn;
/*0x308*/ UINT64 SystemCallPad[3];
union
{
/*0x320*/ struct _KSYSTEM_TIME TickCount;
/*0x320*/ UINT64 TickCountQuad;
};
/*0x330*/ ULONG32 Cookie;
/*0x334*/ UINT8 _PADDING5_[0x4];
}KUSER_SHARED_DATA, *PKUSER_SHARED_DATA;
/*0x000*/ ULONG32 TickCountLow;
/*0x004*/ ULONG32 TickCountMultiplier;
/*0x008*/ struct _KSYSTEM_TIME InterruptTime;
/*0x014*/ struct _KSYSTEM_TIME SystemTime;
/*0x020*/ struct _KSYSTEM_TIME TimeZoneBias;
/*0x02C*/ UINT16 ImageNumberLow;
/*0x02E*/ UINT16 ImageNumberHigh;
/*0x030*/ UINT16 NtSystemRoot[260];
/*0x238*/ ULONG32 MaxStackTraceDepth;
/*0x23C*/ ULONG32 CryptoExponent;
/*0x240*/ ULONG32 TimeZoneId;
/*0x244*/ ULONG32 Reserved2[8];
/*0x264*/ enum _NT_PRODUCT_TYPE NtProductType;
/*0x268*/ UINT8 ProductTypeIsValid;
/*0x269*/ UINT8 _PADDING0_[0x3];
/*0x26C*/ ULONG32 NtMajorVersion;
/*0x270*/ ULONG32 NtMinorVersion;
/*0x274*/ UINT8 ProcessorFeatures[64];
/*0x2B4*/ ULONG32 Reserved1;
/*0x2B8*/ ULONG32 Reserved3;
/*0x2BC*/ ULONG32 TimeSlip;
/*0x2C0*/ enum _ALTERNATIVE_ARCHITECTURE_TYPE AlternativeArchitecture;
/*0x2C4*/ UINT8 _PADDING1_[0x4];
/*0x2C8*/ union _LARGE_INTEGER SystemExpirationDate;
/*0x2D0*/ ULONG32 SuiteMask;
/*0x2D4*/ UINT8 KdDebuggerEnabled;
/*0x2D5*/ UINT8 NXSupportPolicy;
/*0x2D6*/ UINT8 _PADDING2_[0x2];
/*0x2D8*/ ULONG32 ActiveConsoleId;
/*0x2DC*/ ULONG32 DismountCount;
/*0x2E0*/ ULONG32 ComPlusPackage;
/*0x2E4*/ ULONG32 LastSystemRITEventTickCount;
/*0x2E8*/ ULONG32 NumberOfPhysicalPages;
/*0x2EC*/ UINT8 SafeBootMode;
/*0x2ED*/ UINT8 _PADDING3_[0x3];
/*0x2F0*/ ULONG32 TraceLogging;
/*0x2F4*/ UINT8 _PADDING4_[0x4];
/*0x2F8*/ UINT64 TestRetInstruction;
/*0x300*/ ULONG32 SystemCall;
/*0x304*/ ULONG32 SystemCallReturn;
/*0x308*/ UINT64 SystemCallPad[3];
union
{
/*0x320*/ struct _KSYSTEM_TIME TickCount;
/*0x320*/ UINT64 TickCountQuad;
};
/*0x330*/ ULONG32 Cookie;
/*0x334*/ UINT8 _PADDING5_[0x4];
}KUSER_SHARED_DATA, *PKUSER_SHARED_DATA;
typedef struct _KWAIT_BLOCK {
/*0x000*/ struct _LIST_ENTRY WaitListEntry;
/*0x008*/ struct _KTHREAD* Thread;
/*0x00C*/ VOID* Object;
/*0x010*/ struct _KWAIT_BLOCK* NextWaitBlock;
/*0x014*/ UINT16 WaitKey;
/*0x016*/ UINT16 WaitType;
}KWAIT_BLOCK, *PKWAIT_BLOCK;
/*0x000*/ struct _LIST_ENTRY WaitListEntry;
/*0x008*/ struct _KTHREAD* Thread;
/*0x00C*/ VOID* Object;
/*0x010*/ struct _KWAIT_BLOCK* NextWaitBlock;
/*0x014*/ UINT16 WaitKey;
/*0x016*/ UINT16 WaitType;
}KWAIT_BLOCK, *PKWAIT_BLOCK;
typedef struct _LARGE_CONTROL_AREA {
/*0x000*/ struct _SEGMENT* Segment;
/*0x004*/ struct _LIST_ENTRY DereferenceList;
/*0x00C*/ ULONG32 NumberOfSectionReferences;
/*0x010*/ ULONG32 NumberOfPfnReferences;
/*0x014*/ ULONG32 NumberOfMappedViews;
/*0x018*/ UINT16 NumberOfSubsections;
/*0x01A*/ UINT16 FlushInProgressCount;
/*0x01C*/ ULONG32 NumberOfUserReferences;
union
{
/*0x020*/ ULONG32 LongFlags;
/*0x020*/ struct _MMSECTION_FLAGS Flags;
}u;
/*0x024*/ struct _FILE_OBJECT* FilePointer;
/*0x028*/ struct _EVENT_COUNTER* WaitingForDeletion;
/*0x02C*/ UINT16 ModifiedWriteCount;
/*0x02E*/ UINT16 NumberOfSystemCacheViews;
/*0x030*/ ULONG32 StartingFrame;
/*0x034*/ struct _LIST_ENTRY UserGlobalList;
/*0x03C*/ ULONG32 SessionId;
}LARGE_CONTROL_AREA, *PLARGE_CONTROL_AREA;
/*0x000*/ struct _SEGMENT* Segment;
/*0x004*/ struct _LIST_ENTRY DereferenceList;
/*0x00C*/ ULONG32 NumberOfSectionReferences;
/*0x010*/ ULONG32 NumberOfPfnReferences;
/*0x014*/ ULONG32 NumberOfMappedViews;
/*0x018*/ UINT16 NumberOfSubsections;
/*0x01A*/ UINT16 FlushInProgressCount;
/*0x01C*/ ULONG32 NumberOfUserReferences;
union
{
/*0x020*/ ULONG32 LongFlags;
/*0x020*/ struct _MMSECTION_FLAGS Flags;
}u;
/*0x024*/ struct _FILE_OBJECT* FilePointer;
/*0x028*/ struct _EVENT_COUNTER* WaitingForDeletion;
/*0x02C*/ UINT16 ModifiedWriteCount;
/*0x02E*/ UINT16 NumberOfSystemCacheViews;
/*0x030*/ ULONG32 StartingFrame;
/*0x034*/ struct _LIST_ENTRY UserGlobalList;
/*0x03C*/ ULONG32 SessionId;
}LARGE_CONTROL_AREA, *PLARGE_CONTROL_AREA;
typedef struct _LDR_DATA_TABLE_ENTRY {
/*0x000*/ struct _LIST_ENTRY InLoadOrderLinks;
/*0x008*/ struct _LIST_ENTRY InMemoryOrderLinks;
/*0x010*/ struct _LIST_ENTRY InInitializationOrderLinks;
/*0x018*/ VOID* DllBase;
/*0x01C*/ VOID* EntryPoint;
/*0x020*/ ULONG32 SizeOfImage;
/*0x024*/ struct _UNICODE_STRING FullDllName;
/*0x02C*/ struct _UNICODE_STRING BaseDllName;
/*0x034*/ ULONG32 Flags;
/*0x038*/ UINT16 LoadCount;
/*0x03A*/ UINT16 TlsIndex;
union
{
/*0x03C*/ struct _LIST_ENTRY HashLinks;
struct
{
/*0x03C*/ VOID* SectionPointer;
/*0x040*/ ULONG32 CheckSum;
};
};
union
{
/*0x044*/ ULONG32 TimeDateStamp;
/*0x044*/ VOID* LoadedImports;
};
/*0x048*/ VOID* EntryPointActivationContext;
/*0x04C*/ VOID* PatchInformation;
}LDR_DATA_TABLE_ENTRY, *PLDR_DATA_TABLE_ENTRY;
/*0x000*/ struct _LIST_ENTRY InLoadOrderLinks;
/*0x008*/ struct _LIST_ENTRY InMemoryOrderLinks;
/*0x010*/ struct _LIST_ENTRY InInitializationOrderLinks;
/*0x018*/ VOID* DllBase;
/*0x01C*/ VOID* EntryPoint;
/*0x020*/ ULONG32 SizeOfImage;
/*0x024*/ struct _UNICODE_STRING FullDllName;
/*0x02C*/ struct _UNICODE_STRING BaseDllName;
/*0x034*/ ULONG32 Flags;
/*0x038*/ UINT16 LoadCount;
/*0x03A*/ UINT16 TlsIndex;
union
{
/*0x03C*/ struct _LIST_ENTRY HashLinks;
struct
{
/*0x03C*/ VOID* SectionPointer;
/*0x040*/ ULONG32 CheckSum;
};
};
union
{
/*0x044*/ ULONG32 TimeDateStamp;
/*0x044*/ VOID* LoadedImports;
};
/*0x048*/ VOID* EntryPointActivationContext;
/*0x04C*/ VOID* PatchInformation;
}LDR_DATA_TABLE_ENTRY, *PLDR_DATA_TABLE_ENTRY;
typedef struct _LPCP_PORT_QUEUE {
/*0x000*/ struct _LPCP_NONPAGED_PORT_QUEUE* NonPagedPortQueue;
/*0x004*/ struct _KSEMAPHORE* Semaphore;
/*0x008*/ struct _LIST_ENTRY ReceiveHead;
}LPCP_PORT_QUEUE, *PLPCP_PORT_QUEUE;
/*0x000*/ struct _LPCP_NONPAGED_PORT_QUEUE* NonPagedPortQueue;
/*0x004*/ struct _KSEMAPHORE* Semaphore;
/*0x008*/ struct _LIST_ENTRY ReceiveHead;
}LPCP_PORT_QUEUE, *PLPCP_PORT_QUEUE;
typedef struct _LUID_AND_ATTRIBUTES {
/*0x000*/ struct _LUID Luid;
/*0x008*/ ULONG32 Attributes;
}LUID_AND_ATTRIBUTES, *PLUID_AND_ATTRIBUTES;
/*0x000*/ struct _LUID Luid;
/*0x008*/ ULONG32 Attributes;
}LUID_AND_ATTRIBUTES, *PLUID_AND_ATTRIBUTES;
typedef struct _MI_VERIFIER_DRIVER_ENTRY {
/*0x000*/ struct _LIST_ENTRY Links;
/*0x008*/ ULONG32 Loads;
/*0x00C*/ ULONG32 Unloads;
/*0x010*/ struct _UNICODE_STRING BaseName;
/*0x018*/ VOID* StartAddress;
/*0x01C*/ VOID* EndAddress;
/*0x020*/ ULONG32 Flags;
/*0x024*/ ULONG32 Signature;
/*0x028*/ ULONG32 Reserved;
/*0x02C*/ ULONG32 VerifierPoolLock;
/*0x030*/ struct _VI_POOL_ENTRY* PoolHash;
/*0x034*/ ULONG32 PoolHashSize;
/*0x038*/ ULONG32 PoolHashFree;
/*0x03C*/ ULONG32 PoolHashReserved;
/*0x040*/ ULONG32 CurrentPagedPoolAllocations;
/*0x044*/ ULONG32 CurrentNonPagedPoolAllocations;
/*0x048*/ ULONG32 PeakPagedPoolAllocations;
/*0x04C*/ ULONG32 PeakNonPagedPoolAllocations;
/*0x050*/ ULONG32 PagedBytes;
/*0x054*/ ULONG32 NonPagedBytes;
/*0x058*/ ULONG32 PeakPagedBytes;
/*0x05C*/ ULONG32 PeakNonPagedBytes;
}MI_VERIFIER_DRIVER_ENTRY, *PMI_VERIFIER_DRIVER_ENTRY;
/*0x000*/ struct _LIST_ENTRY Links;
/*0x008*/ ULONG32 Loads;
/*0x00C*/ ULONG32 Unloads;
/*0x010*/ struct _UNICODE_STRING BaseName;
/*0x018*/ VOID* StartAddress;
/*0x01C*/ VOID* EndAddress;
/*0x020*/ ULONG32 Flags;
/*0x024*/ ULONG32 Signature;
/*0x028*/ ULONG32 Reserved;
/*0x02C*/ ULONG32 VerifierPoolLock;
/*0x030*/ struct _VI_POOL_ENTRY* PoolHash;
/*0x034*/ ULONG32 PoolHashSize;
/*0x038*/ ULONG32 PoolHashFree;
/*0x03C*/ ULONG32 PoolHashReserved;
/*0x040*/ ULONG32 CurrentPagedPoolAllocations;
/*0x044*/ ULONG32 CurrentNonPagedPoolAllocations;
/*0x048*/ ULONG32 PeakPagedPoolAllocations;
/*0x04C*/ ULONG32 PeakNonPagedPoolAllocations;
/*0x050*/ ULONG32 PagedBytes;
/*0x054*/ ULONG32 NonPagedBytes;
/*0x058*/ ULONG32 PeakPagedBytes;
/*0x05C*/ ULONG32 PeakNonPagedBytes;
}MI_VERIFIER_DRIVER_ENTRY, *PMI_VERIFIER_DRIVER_ENTRY;
typedef struct _MMFREE_POOL_ENTRY {
/*0x000*/ struct _LIST_ENTRY List;
/*0x008*/ ULONG32 Size;
/*0x00C*/ ULONG32 Signature;
/*0x010*/ struct _MMFREE_POOL_ENTRY* Owner;
}MMFREE_POOL_ENTRY, *PMMFREE_POOL_ENTRY;
/*0x000*/ struct _LIST_ENTRY List;
/*0x008*/ ULONG32 Size;
/*0x00C*/ ULONG32 Signature;
/*0x010*/ struct _MMFREE_POOL_ENTRY* Owner;
}MMFREE_POOL_ENTRY, *PMMFREE_POOL_ENTRY;
typedef struct _MMMOD_WRITER_MDL_ENTRY {
/*0x000*/ struct _LIST_ENTRY Links;
/*0x008*/ union _LARGE_INTEGER WriteOffset;
union
{
/*0x010*/ struct _IO_STATUS_BLOCK IoStatus;
/*0x010*/ union _LARGE_INTEGER LastByte;
}u;
/*0x018*/ struct _IRP* Irp;
/*0x01C*/ ULONG32 LastPageToWrite;
/*0x020*/ struct _MMMOD_WRITER_LISTHEAD* PagingListHead;
/*0x024*/ struct _LIST_ENTRY* CurrentList;
/*0x028*/ struct _MMPAGING_FILE* PagingFile;
/*0x02C*/ struct _FILE_OBJECT* File;
/*0x030*/ struct _CONTROL_AREA* ControlArea;
/*0x034*/ struct _ERESOURCE* FileResource;
/*0x038*/ struct _MDL Mdl;
/*0x054*/ ULONG32 Page[1];
}MMMOD_WRITER_MDL_ENTRY, *PMMMOD_WRITER_MDL_ENTRY;
/*0x000*/ struct _LIST_ENTRY Links;
/*0x008*/ union _LARGE_INTEGER WriteOffset;
union
{
/*0x010*/ struct _IO_STATUS_BLOCK IoStatus;
/*0x010*/ union _LARGE_INTEGER LastByte;
}u;
/*0x018*/ struct _IRP* Irp;
/*0x01C*/ ULONG32 LastPageToWrite;
/*0x020*/ struct _MMMOD_WRITER_LISTHEAD* PagingListHead;
/*0x024*/ struct _LIST_ENTRY* CurrentList;
/*0x028*/ struct _MMPAGING_FILE* PagingFile;
/*0x02C*/ struct _FILE_OBJECT* File;
/*0x030*/ struct _CONTROL_AREA* ControlArea;
/*0x034*/ struct _ERESOURCE* FileResource;
/*0x038*/ struct _MDL Mdl;
/*0x054*/ ULONG32 Page[1];
}MMMOD_WRITER_MDL_ENTRY, *PMMMOD_WRITER_MDL_ENTRY;
typedef struct _MMPAGING_FILE {
/*0x000*/ ULONG32 Size;
/*0x004*/ ULONG32 MaximumSize;
/*0x008*/ ULONG32 MinimumSize;
/*0x00C*/ ULONG32 FreeSpace;
/*0x010*/ ULONG32 CurrentUsage;
/*0x014*/ ULONG32 PeakUsage;
/*0x018*/ ULONG32 Hint;
/*0x01C*/ ULONG32 HighestPage;
/*0x020*/ struct _MMMOD_WRITER_MDL_ENTRY* Entry[2];
/*0x028*/ struct _RTL_BITMAP* Bitmap;
/*0x02C*/ struct _FILE_OBJECT* File;
/*0x030*/ struct _UNICODE_STRING PageFileName;
/*0x038*/ ULONG32 PageFileNumber;
/*0x03C*/ UINT8 Extended;
/*0x03D*/ UINT8 HintSetToZero;
/*0x03E*/ UINT8 BootPartition;
/*0x03F*/ UINT8 _PADDING0_[0x1];
/*0x040*/ VOID* FileHandle;
}MMPAGING_FILE, *PMMPAGING_FILE;
/*0x000*/ ULONG32 Size;
/*0x004*/ ULONG32 MaximumSize;
/*0x008*/ ULONG32 MinimumSize;
/*0x00C*/ ULONG32 FreeSpace;
/*0x010*/ ULONG32 CurrentUsage;
/*0x014*/ ULONG32 PeakUsage;
/*0x018*/ ULONG32 Hint;
/*0x01C*/ ULONG32 HighestPage;
/*0x020*/ struct _MMMOD_WRITER_MDL_ENTRY* Entry[2];
/*0x028*/ struct _RTL_BITMAP* Bitmap;
/*0x02C*/ struct _FILE_OBJECT* File;
/*0x030*/ struct _UNICODE_STRING PageFileName;
/*0x038*/ ULONG32 PageFileNumber;
/*0x03C*/ UINT8 Extended;
/*0x03D*/ UINT8 HintSetToZero;
/*0x03E*/ UINT8 BootPartition;
/*0x03F*/ UINT8 _PADDING0_[0x1];
/*0x040*/ VOID* FileHandle;
}MMPAGING_FILE, *PMMPAGING_FILE;
typedef struct _MMPTE {
union
{
/*0x000*/ ULONG32 Long;
/*0x000*/ struct _MMPTE_HARDWARE Hard;
/*0x000*/ struct _HARDWARE_PTE Flush;
/*0x000*/ struct _MMPTE_PROTOTYPE Proto;
/*0x000*/ struct _MMPTE_SOFTWARE Soft;
/*0x000*/ struct _MMPTE_TRANSITION Trans;
/*0x000*/ struct _MMPTE_SUBSECTION Subsect;
/*0x000*/ struct _MMPTE_LIST List;
}u;
}MMPTE, *PMMPTE;
union
{
/*0x000*/ ULONG32 Long;
/*0x000*/ struct _MMPTE_HARDWARE Hard;
/*0x000*/ struct _HARDWARE_PTE Flush;
/*0x000*/ struct _MMPTE_PROTOTYPE Proto;
/*0x000*/ struct _MMPTE_SOFTWARE Soft;
/*0x000*/ struct _MMPTE_TRANSITION Trans;
/*0x000*/ struct _MMPTE_SUBSECTION Subsect;
/*0x000*/ struct _MMPTE_LIST List;
}u;
}MMPTE, *PMMPTE;
typedef struct _MMSUPPORT {
/*0x000*/ union _LARGE_INTEGER LastTrimTime;
/*0x008*/ struct _MMSUPPORT_FLAGS Flags;
/*0x00C*/ ULONG32 PageFaultCount;
/*0x010*/ ULONG32 PeakWorkingSetSize;
/*0x014*/ ULONG32 WorkingSetSize;
/*0x018*/ ULONG32 MinimumWorkingSetSize;
/*0x01C*/ ULONG32 MaximumWorkingSetSize;
/*0x020*/ struct _MMWSL* VmWorkingSetList;
/*0x024*/ struct _LIST_ENTRY WorkingSetExpansionLinks;
/*0x02C*/ ULONG32 Claim;
/*0x030*/ ULONG32 NextEstimationSlot;
/*0x034*/ ULONG32 NextAgingSlot;
/*0x038*/ ULONG32 EstimatedAvailable;
/*0x03C*/ ULONG32 GrowthSinceLastEstimate;
}MMSUPPORT, *PMMSUPPORT;
/*0x000*/ union _LARGE_INTEGER LastTrimTime;
/*0x008*/ struct _MMSUPPORT_FLAGS Flags;
/*0x00C*/ ULONG32 PageFaultCount;
/*0x010*/ ULONG32 PeakWorkingSetSize;
/*0x014*/ ULONG32 WorkingSetSize;
/*0x018*/ ULONG32 MinimumWorkingSetSize;
/*0x01C*/ ULONG32 MaximumWorkingSetSize;
/*0x020*/ struct _MMWSL* VmWorkingSetList;
/*0x024*/ struct _LIST_ENTRY WorkingSetExpansionLinks;
/*0x02C*/ ULONG32 Claim;
/*0x030*/ ULONG32 NextEstimationSlot;
/*0x034*/ ULONG32 NextAgingSlot;
/*0x038*/ ULONG32 EstimatedAvailable;
/*0x03C*/ ULONG32 GrowthSinceLastEstimate;
}MMSUPPORT, *PMMSUPPORT;
typedef struct _MMVAD {
/*0x000*/ ULONG32 StartingVpn;
/*0x004*/ ULONG32 EndingVpn;
/*0x008*/ struct _MMVAD* Parent;
/*0x00C*/ struct _MMVAD* LeftChild;
/*0x010*/ struct _MMVAD* RightChild;
union
{
/*0x014*/ ULONG32 LongFlags;
/*0x014*/ struct _MMVAD_FLAGS VadFlags;
}u;
/*0x018*/ struct _CONTROL_AREA* ControlArea;
/*0x01C*/ struct _MMPTE* FirstPrototypePte;
/*0x020*/ struct _MMPTE* LastContiguousPte;
union
{
/*0x024*/ ULONG32 LongFlags2;
/*0x024*/ struct _MMVAD_FLAGS2 VadFlags2;
}u2;
}MMVAD, *PMMVAD;
/*0x000*/ ULONG32 StartingVpn;
/*0x004*/ ULONG32 EndingVpn;
/*0x008*/ struct _MMVAD* Parent;
/*0x00C*/ struct _MMVAD* LeftChild;
/*0x010*/ struct _MMVAD* RightChild;
union
{
/*0x014*/ ULONG32 LongFlags;
/*0x014*/ struct _MMVAD_FLAGS VadFlags;
}u;
/*0x018*/ struct _CONTROL_AREA* ControlArea;
/*0x01C*/ struct _MMPTE* FirstPrototypePte;
/*0x020*/ struct _MMPTE* LastContiguousPte;
union
{
/*0x024*/ ULONG32 LongFlags2;
/*0x024*/ struct _MMVAD_FLAGS2 VadFlags2;
}u2;
}MMVAD, *PMMVAD;
typedef struct _MMVAD_LONG {
/*0x000*/ ULONG32 StartingVpn;
/*0x004*/ ULONG32 EndingVpn;
/*0x008*/ struct _MMVAD* Parent;
/*0x00C*/ struct _MMVAD* LeftChild;
/*0x010*/ struct _MMVAD* RightChild;
union
{
/*0x014*/ ULONG32 LongFlags;
/*0x014*/ struct _MMVAD_FLAGS VadFlags;
}u;
/*0x018*/ struct _CONTROL_AREA* ControlArea;
/*0x01C*/ struct _MMPTE* FirstPrototypePte;
/*0x020*/ struct _MMPTE* LastContiguousPte;
union
{
/*0x024*/ ULONG32 LongFlags2;
/*0x024*/ struct _MMVAD_FLAGS2 VadFlags2;
}u2;
union
{
/*0x028*/ struct _LIST_ENTRY List;
/*0x028*/ struct _MMADDRESS_LIST Secured;
}u3;
union
{
/*0x030*/ struct _MMBANKED_SECTION* Banked;
/*0x030*/ struct _MMEXTEND_INFO* ExtendedInfo;
}u4;
}MMVAD_LONG, *PMMVAD_LONG;
/*0x000*/ ULONG32 StartingVpn;
/*0x004*/ ULONG32 EndingVpn;
/*0x008*/ struct _MMVAD* Parent;
/*0x00C*/ struct _MMVAD* LeftChild;
/*0x010*/ struct _MMVAD* RightChild;
union
{
/*0x014*/ ULONG32 LongFlags;
/*0x014*/ struct _MMVAD_FLAGS VadFlags;
}u;
/*0x018*/ struct _CONTROL_AREA* ControlArea;
/*0x01C*/ struct _MMPTE* FirstPrototypePte;
/*0x020*/ struct _MMPTE* LastContiguousPte;
union
{
/*0x024*/ ULONG32 LongFlags2;
/*0x024*/ struct _MMVAD_FLAGS2 VadFlags2;
}u2;
union
{
/*0x028*/ struct _LIST_ENTRY List;
/*0x028*/ struct _MMADDRESS_LIST Secured;
}u3;
union
{
/*0x030*/ struct _MMBANKED_SECTION* Banked;
/*0x030*/ struct _MMEXTEND_INFO* ExtendedInfo;
}u4;
}MMVAD_LONG, *PMMVAD_LONG;
typedef struct _MMVAD_SHORT {
/*0x000*/ ULONG32 StartingVpn;
/*0x004*/ ULONG32 EndingVpn;
/*0x008*/ struct _MMVAD* Parent;
/*0x00C*/ struct _MMVAD* LeftChild;
/*0x010*/ struct _MMVAD* RightChild;
union
{
/*0x014*/ ULONG32 LongFlags;
/*0x014*/ struct _MMVAD_FLAGS VadFlags;
}u;
}MMVAD_SHORT, *PMMVAD_SHORT;
/*0x000*/ ULONG32 StartingVpn;
/*0x004*/ ULONG32 EndingVpn;
/*0x008*/ struct _MMVAD* Parent;
/*0x00C*/ struct _MMVAD* LeftChild;
/*0x010*/ struct _MMVAD* RightChild;
union
{
/*0x014*/ ULONG32 LongFlags;
/*0x014*/ struct _MMVAD_FLAGS VadFlags;
}u;
}MMVAD_SHORT, *PMMVAD_SHORT;
typedef struct _MMWSLE {
union
{
/*0x000*/ VOID* VirtualAddress;
/*0x000*/ ULONG32 Long;
/*0x000*/ struct _MMWSLENTRY e1;
}u1;
}MMWSLE, *PMMWSLE;
union
{
/*0x000*/ VOID* VirtualAddress;
/*0x000*/ ULONG32 Long;
/*0x000*/ struct _MMWSLENTRY e1;
}u1;
}MMWSLE, *PMMWSLE;
typedef struct _OBJECT_CREATE_INFORMATION {
/*0x000*/ ULONG32 Attributes;
/*0x004*/ VOID* RootDirectory;
/*0x008*/ VOID* ParseContext;
/*0x00C*/ CHAR ProbeMode;
/*0x00D*/ UINT8 _PADDING0_[0x3];
/*0x010*/ ULONG32 PagedPoolCharge;
/*0x014*/ ULONG32 NonPagedPoolCharge;
/*0x018*/ ULONG32 SecurityDescriptorCharge;
/*0x01C*/ VOID* SecurityDescriptor;
/*0x020*/ struct _SECURITY_QUALITY_OF_SERVICE* SecurityQos;
/*0x024*/ struct _SECURITY_QUALITY_OF_SERVICE SecurityQualityOfService;
}OBJECT_CREATE_INFORMATION, *POBJECT_CREATE_INFORMATION;
/*0x000*/ ULONG32 Attributes;
/*0x004*/ VOID* RootDirectory;
/*0x008*/ VOID* ParseContext;
/*0x00C*/ CHAR ProbeMode;
/*0x00D*/ UINT8 _PADDING0_[0x3];
/*0x010*/ ULONG32 PagedPoolCharge;
/*0x014*/ ULONG32 NonPagedPoolCharge;
/*0x018*/ ULONG32 SecurityDescriptorCharge;
/*0x01C*/ VOID* SecurityDescriptor;
/*0x020*/ struct _SECURITY_QUALITY_OF_SERVICE* SecurityQos;
/*0x024*/ struct _SECURITY_QUALITY_OF_SERVICE SecurityQualityOfService;
}OBJECT_CREATE_INFORMATION, *POBJECT_CREATE_INFORMATION;
typedef struct _OBJECT_DIRECTORY {
/*0x000*/ struct _OBJECT_DIRECTORY_ENTRY* HashBuckets[37];
/*0x094*/ struct _EX_PUSH_LOCK Lock;
/*0x098*/ struct _DEVICE_MAP* DeviceMap;
/*0x09C*/ ULONG32 SessionId;
/*0x0A0*/ UINT16 Reserved;
/*0x0A2*/ UINT16 SymbolicLinkUsageCount;
}OBJECT_DIRECTORY, *POBJECT_DIRECTORY;
/*0x000*/ struct _OBJECT_DIRECTORY_ENTRY* HashBuckets[37];
/*0x094*/ struct _EX_PUSH_LOCK Lock;
/*0x098*/ struct _DEVICE_MAP* DeviceMap;
/*0x09C*/ ULONG32 SessionId;
/*0x0A0*/ UINT16 Reserved;
/*0x0A2*/ UINT16 SymbolicLinkUsageCount;
}OBJECT_DIRECTORY, *POBJECT_DIRECTORY;
typedef struct _OBJECT_HEADER {
/*0x000*/ LONG32 PointerCount;
union
{
/*0x004*/ LONG32 HandleCount;
/*0x004*/ VOID* NextToFree;
};
/*0x008*/ struct _OBJECT_TYPE* Type;
/*0x00C*/ UINT8 NameInfoOffset;
/*0x00D*/ UINT8 HandleInfoOffset;
/*0x00E*/ UINT8 QuotaInfoOffset;
/*0x00F*/ UINT8 Flags;
union
{
/*0x010*/ struct _OBJECT_CREATE_INFORMATION* ObjectCreateInfo;
/*0x010*/ VOID* QuotaBlockCharged;
};
/*0x014*/ VOID* SecurityDescriptor;
/*0x018*/ struct _QUAD Body;
}OBJECT_HEADER, *POBJECT_HEADER;
/*0x000*/ LONG32 PointerCount;
union
{
/*0x004*/ LONG32 HandleCount;
/*0x004*/ VOID* NextToFree;
};
/*0x008*/ struct _OBJECT_TYPE* Type;
/*0x00C*/ UINT8 NameInfoOffset;
/*0x00D*/ UINT8 HandleInfoOffset;
/*0x00E*/ UINT8 QuotaInfoOffset;
/*0x00F*/ UINT8 Flags;
union
{
/*0x010*/ struct _OBJECT_CREATE_INFORMATION* ObjectCreateInfo;
/*0x010*/ VOID* QuotaBlockCharged;
};
/*0x014*/ VOID* SecurityDescriptor;
/*0x018*/ struct _QUAD Body;
}OBJECT_HEADER, *POBJECT_HEADER;
typedef struct _OBJECT_HEADER_CREATOR_INFO {
/*0x000*/ struct _LIST_ENTRY TypeList;
/*0x008*/ VOID* CreatorUniqueProcess;
/*0x00C*/ UINT16 CreatorBackTraceIndex;
/*0x00E*/ UINT16 Reserved;
}OBJECT_HEADER_CREATOR_INFO, *POBJECT_HEADER_CREATOR_INFO;
/*0x000*/ struct _LIST_ENTRY TypeList;
/*0x008*/ VOID* CreatorUniqueProcess;
/*0x00C*/ UINT16 CreatorBackTraceIndex;
/*0x00E*/ UINT16 Reserved;
}OBJECT_HEADER_CREATOR_INFO, *POBJECT_HEADER_CREATOR_INFO;
typedef struct _OBJECT_HEADER_NAME_INFO {
/*0x000*/ struct _OBJECT_DIRECTORY* Directory;
/*0x004*/ struct _UNICODE_STRING Name;
/*0x00C*/ ULONG32 QueryReferences;
}OBJECT_HEADER_NAME_INFO, *POBJECT_HEADER_NAME_INFO;
/*0x000*/ struct _OBJECT_DIRECTORY* Directory;
/*0x004*/ struct _UNICODE_STRING Name;
/*0x00C*/ ULONG32 QueryReferences;
}OBJECT_HEADER_NAME_INFO, *POBJECT_HEADER_NAME_INFO;
typedef struct _OBJECT_NAME_INFORMATION {
/*0x000*/ struct _UNICODE_STRING Name;
}OBJECT_NAME_INFORMATION, *POBJECT_NAME_INFORMATION;
/*0x000*/ struct _UNICODE_STRING Name;
}OBJECT_NAME_INFORMATION, *POBJECT_NAME_INFORMATION;
typedef struct _OBJECT_SYMBOLIC_LINK {
/*0x000*/ union _LARGE_INTEGER CreationTime;
/*0x008*/ struct _UNICODE_STRING LinkTarget;
/*0x010*/ struct _UNICODE_STRING LinkTargetRemaining;
/*0x018*/ VOID* LinkTargetObject;
/*0x01C*/ ULONG32 DosDeviceDriveIndex;
}OBJECT_SYMBOLIC_LINK, *POBJECT_SYMBOLIC_LINK;
/*0x000*/ union _LARGE_INTEGER CreationTime;
/*0x008*/ struct _UNICODE_STRING LinkTarget;
/*0x010*/ struct _UNICODE_STRING LinkTargetRemaining;
/*0x018*/ VOID* LinkTargetObject;
/*0x01C*/ ULONG32 DosDeviceDriveIndex;
}OBJECT_SYMBOLIC_LINK, *POBJECT_SYMBOLIC_LINK;
typedef struct _OBJECT_TYPE_INITIALIZER {
/*0x000*/ UINT16 Length;
/*0x002*/ UINT8 UseDefaultObject;
/*0x003*/ UINT8 CaseInsensitive;
/*0x004*/ ULONG32 InvalidAttributes;
/*0x008*/ struct _GENERIC_MAPPING GenericMapping;
/*0x018*/ ULONG32 ValidAccessMask;
/*0x01C*/ UINT8 SecurityRequired;
/*0x01D*/ UINT8 MaintainHandleCount;
/*0x01E*/ UINT8 MaintainTypeList;
/*0x01F*/ UINT8 _PADDING0_[0x1];
/*0x020*/ enum _POOL_TYPE PoolType;
/*0x024*/ ULONG32 DefaultPagedPoolCharge;
/*0x028*/ ULONG32 DefaultNonPagedPoolCharge;
/*0x02C*/ PVOID DumpProcedure;
/*0x030*/ PVOID OpenProcedure;
/*0x034*/ PVOID CloseProcedure;
/*0x038*/ PVOID DeleteProcedure;
/*0x03C*/ PVOID ParseProcedure;
/*0x040*/ PVOID SecurityProcedure;
/*0x044*/ PVOID QueryNameProcedure;
/*0x048*/ PVOID OkayToCloseProcedure;
}OBJECT_TYPE_INITIALIZER, *POBJECT_TYPE_INITIALIZER;
/*0x000*/ UINT16 Length;
/*0x002*/ UINT8 UseDefaultObject;
/*0x003*/ UINT8 CaseInsensitive;
/*0x004*/ ULONG32 InvalidAttributes;
/*0x008*/ struct _GENERIC_MAPPING GenericMapping;
/*0x018*/ ULONG32 ValidAccessMask;
/*0x01C*/ UINT8 SecurityRequired;
/*0x01D*/ UINT8 MaintainHandleCount;
/*0x01E*/ UINT8 MaintainTypeList;
/*0x01F*/ UINT8 _PADDING0_[0x1];
/*0x020*/ enum _POOL_TYPE PoolType;
/*0x024*/ ULONG32 DefaultPagedPoolCharge;
/*0x028*/ ULONG32 DefaultNonPagedPoolCharge;
/*0x02C*/ PVOID DumpProcedure;
/*0x030*/ PVOID OpenProcedure;
/*0x034*/ PVOID CloseProcedure;
/*0x038*/ PVOID DeleteProcedure;
/*0x03C*/ PVOID ParseProcedure;
/*0x040*/ PVOID SecurityProcedure;
/*0x044*/ PVOID QueryNameProcedure;
/*0x048*/ PVOID OkayToCloseProcedure;
}OBJECT_TYPE_INITIALIZER, *POBJECT_TYPE_INITIALIZER;
typedef struct _PAGEFAULT_HISTORY {
/*0x000*/ ULONG32 CurrentIndex;
/*0x004*/ ULONG32 MaxIndex;
/*0x008*/ ULONG32 SpinLock;
/*0x00C*/ VOID* Reserved;
/*0x010*/ struct _PROCESS_WS_WATCH_INFORMATION WatchInfo[1];
}PAGEFAULT_HISTORY, *PPAGEFAULT_HISTORY;
/*0x000*/ ULONG32 CurrentIndex;
/*0x004*/ ULONG32 MaxIndex;
/*0x008*/ ULONG32 SpinLock;
/*0x00C*/ VOID* Reserved;
/*0x010*/ struct _PROCESS_WS_WATCH_INFORMATION WatchInfo[1];
}PAGEFAULT_HISTORY, *PPAGEFAULT_HISTORY;
typedef struct _PCI_FUNCTION_RESOURCES {
/*0x000*/ struct _IO_RESOURCE_DESCRIPTOR Limit[7];
/*0x0E0*/ struct _CM_PARTIAL_RESOURCE_DESCRIPTOR Current[7];
}PCI_FUNCTION_RESOURCES, *PPCI_FUNCTION_RESOURCES;
/*0x000*/ struct _IO_RESOURCE_DESCRIPTOR Limit[7];
/*0x0E0*/ struct _CM_PARTIAL_RESOURCE_DESCRIPTOR Current[7];
}PCI_FUNCTION_RESOURCES, *PPCI_FUNCTION_RESOURCES;
typedef struct _PCI_HEADER_TYPE_2 {
/*0x000*/ ULONG32 SocketRegistersBaseAddress;
/*0x004*/ UINT8 CapabilitiesPtr;
/*0x005*/ UINT8 Reserved;
/*0x006*/ UINT16 SecondaryStatus;
/*0x008*/ UINT8 PrimaryBus;
/*0x009*/ UINT8 SecondaryBus;
/*0x00A*/ UINT8 SubordinateBus;
/*0x00B*/ UINT8 SecondaryLatency;
/*0x00C*/ struct
{
ULONG32 Base;
ULONG32 Limit;
}Range[4];
/*0x02C*/ UINT8 InterruptLine;
/*0x02D*/ UINT8 InterruptPin;
/*0x02E*/ UINT16 BridgeControl;
}PCI_HEADER_TYPE_2, *PPCI_HEADER_TYPE_2;
/*0x000*/ ULONG32 SocketRegistersBaseAddress;
/*0x004*/ UINT8 CapabilitiesPtr;
/*0x005*/ UINT8 Reserved;
/*0x006*/ UINT16 SecondaryStatus;
/*0x008*/ UINT8 PrimaryBus;
/*0x009*/ UINT8 SecondaryBus;
/*0x00A*/ UINT8 SubordinateBus;
/*0x00B*/ UINT8 SecondaryLatency;
/*0x00C*/ struct
{
ULONG32 Base;
ULONG32 Limit;
}Range[4];
/*0x02C*/ UINT8 InterruptLine;
/*0x02D*/ UINT8 InterruptPin;
/*0x02E*/ UINT16 BridgeControl;
}PCI_HEADER_TYPE_2, *PPCI_HEADER_TYPE_2;
typedef struct _PCI_PMC {
struct
{
/*0x000*/ UINT8 Version : 3;
/*0x000*/ UINT8 PMEClock : 1;
/*0x000*/ UINT8 Rsvd1 : 1;
/*0x000*/ UINT8 DeviceSpecificInitialization : 1;
/*0x000*/ UINT8 Rsvd2 : 2;
};
/*0x001*/ struct _PM_SUPPORT Support;
}PCI_PMC, *PPCI_PMC;
struct
{
/*0x000*/ UINT8 Version : 3;
/*0x000*/ UINT8 PMEClock : 1;
/*0x000*/ UINT8 Rsvd1 : 1;
/*0x000*/ UINT8 DeviceSpecificInitialization : 1;
/*0x000*/ UINT8 Rsvd2 : 2;
};
/*0x001*/ struct _PM_SUPPORT Support;
}PCI_PMC, *PPCI_PMC;
typedef struct _PCI_SECONDARY_EXTENSION {
/*0x000*/ struct _SINGLE_LIST_ENTRY List;
/*0x004*/ enum _PCI_SIGNATURE ExtensionType;
/*0x008*/ PVOID Destructor;
}PCI_SECONDARY_EXTENSION, *PPCI_SECONDARY_EXTENSION;
/*0x000*/ struct _SINGLE_LIST_ENTRY List;
/*0x004*/ enum _PCI_SIGNATURE ExtensionType;
/*0x008*/ PVOID Destructor;
}PCI_SECONDARY_EXTENSION, *PPCI_SECONDARY_EXTENSION;
typedef struct _PEB {
/*0x000*/ UINT8 InheritedAddressSpace;
/*0x001*/ UINT8 ReadImageFileExecOptions;
/*0x002*/ UINT8 BeingDebugged;
/*0x003*/ UINT8 SpareBool;
/*0x004*/ VOID* Mutant;
/*0x008*/ VOID* ImageBaseAddress;
/*0x00C*/ struct _PEB_LDR_DATA* Ldr;
/*0x010*/ struct _RTL_USER_PROCESS_PARAMETERS* ProcessParameters;
/*0x014*/ VOID* SubSystemData;
/*0x018*/ VOID* ProcessHeap;
/*0x01C*/ struct _RTL_CRITICAL_SECTION* FastPebLock;
/*0x020*/ VOID* FastPebLockRoutine;
/*0x024*/ VOID* FastPebUnlockRoutine;
/*0x028*/ ULONG32 EnvironmentUpdateCount;
/*0x02C*/ VOID* KernelCallbackTable;
/*0x030*/ ULONG32 SystemReserved[1];
/*0x034*/ ULONG32 AtlThunkSListPtr32;
/*0x038*/ struct _PEB_FREE_BLOCK* FreeList;
/*0x03C*/ ULONG32 TlsExpansionCounter;
/*0x040*/ VOID* TlsBitmap;
/*0x044*/ ULONG32 TlsBitmapBits[2];
/*0x04C*/ VOID* ReadOnlySharedMemoryBase;
/*0x050*/ VOID* ReadOnlySharedMemoryHeap;
/*0x054*/ VOID** ReadOnlyStaticServerData;
/*0x058*/ VOID* AnsiCodePageData;
/*0x05C*/ VOID* OemCodePageData;
/*0x060*/ VOID* UnicodeCaseTableData;
/*0x064*/ ULONG32 NumberOfProcessors;
/*0x068*/ ULONG32 NtGlobalFlag;
/*0x06C*/ UINT8 _PADDING0_[0x4];
/*0x070*/ union _LARGE_INTEGER CriticalSectionTimeout;
/*0x078*/ ULONG32 HeapSegmentReserve;
/*0x07C*/ ULONG32 HeapSegmentCommit;
/*0x080*/ ULONG32 HeapDeCommitTotalFreeThreshold;
/*0x084*/ ULONG32 HeapDeCommitFreeBlockThreshold;
/*0x088*/ ULONG32 NumberOfHeaps;
/*0x08C*/ ULONG32 MaximumNumberOfHeaps;
/*0x090*/ VOID** ProcessHeaps;
/*0x094*/ VOID* GdiSharedHandleTable;
/*0x098*/ VOID* ProcessStarterHelper;
/*0x09C*/ ULONG32 GdiDCAttributeList;
/*0x0A0*/ VOID* LoaderLock;
/*0x0A4*/ ULONG32 OSMajorVersion;
/*0x0A8*/ ULONG32 OSMinorVersion;
/*0x0AC*/ UINT16 OSBuildNumber;
/*0x0AE*/ UINT16 OSCSDVersion;
/*0x0B0*/ ULONG32 OSPlatformId;
/*0x0B4*/ ULONG32 ImageSubsystem;
/*0x0B8*/ ULONG32 ImageSubsystemMajorVersion;
/*0x0BC*/ ULONG32 ImageSubsystemMinorVersion;
/*0x0C0*/ ULONG32 ImageProcessAffinityMask;
/*0x0C4*/ ULONG32 GdiHandleBuffer[34];
/*0x14C*/ PVOID PostProcessInitRoutine;
/*0x150*/ VOID* TlsExpansionBitmap;
/*0x154*/ ULONG32 TlsExpansionBitmapBits[32];
/*0x1D4*/ ULONG32 SessionId;
/*0x1D8*/ union _ULARGE_INTEGER AppCompatFlags;
/*0x1E0*/ union _ULARGE_INTEGER AppCompatFlagsUser;
/*0x1E8*/ VOID* pShimData;
/*0x1EC*/ VOID* AppCompatInfo;
/*0x1F0*/ struct _UNICODE_STRING CSDVersion;
/*0x1F8*/ VOID* ActivationContextData;
/*0x1FC*/ VOID* ProcessAssemblyStorageMap;
/*0x200*/ VOID* SystemDefaultActivationContextData;
/*0x204*/ VOID* SystemAssemblyStorageMap;
/*0x208*/ ULONG32 MinimumStackCommit;
/*0x20C*/ UINT8 _PADDING1_[0x4];
}PEB, *PPEB;
/*0x000*/ UINT8 InheritedAddressSpace;
/*0x001*/ UINT8 ReadImageFileExecOptions;
/*0x002*/ UINT8 BeingDebugged;
/*0x003*/ UINT8 SpareBool;
/*0x004*/ VOID* Mutant;
/*0x008*/ VOID* ImageBaseAddress;
/*0x00C*/ struct _PEB_LDR_DATA* Ldr;
/*0x010*/ struct _RTL_USER_PROCESS_PARAMETERS* ProcessParameters;
/*0x014*/ VOID* SubSystemData;
/*0x018*/ VOID* ProcessHeap;
/*0x01C*/ struct _RTL_CRITICAL_SECTION* FastPebLock;
/*0x020*/ VOID* FastPebLockRoutine;
/*0x024*/ VOID* FastPebUnlockRoutine;
/*0x028*/ ULONG32 EnvironmentUpdateCount;
/*0x02C*/ VOID* KernelCallbackTable;
/*0x030*/ ULONG32 SystemReserved[1];
/*0x034*/ ULONG32 AtlThunkSListPtr32;
/*0x038*/ struct _PEB_FREE_BLOCK* FreeList;
/*0x03C*/ ULONG32 TlsExpansionCounter;
/*0x040*/ VOID* TlsBitmap;
/*0x044*/ ULONG32 TlsBitmapBits[2];
/*0x04C*/ VOID* ReadOnlySharedMemoryBase;
/*0x050*/ VOID* ReadOnlySharedMemoryHeap;
/*0x054*/ VOID** ReadOnlyStaticServerData;
/*0x058*/ VOID* AnsiCodePageData;
/*0x05C*/ VOID* OemCodePageData;
/*0x060*/ VOID* UnicodeCaseTableData;
/*0x064*/ ULONG32 NumberOfProcessors;
/*0x068*/ ULONG32 NtGlobalFlag;
/*0x06C*/ UINT8 _PADDING0_[0x4];
/*0x070*/ union _LARGE_INTEGER CriticalSectionTimeout;
/*0x078*/ ULONG32 HeapSegmentReserve;
/*0x07C*/ ULONG32 HeapSegmentCommit;
/*0x080*/ ULONG32 HeapDeCommitTotalFreeThreshold;
/*0x084*/ ULONG32 HeapDeCommitFreeBlockThreshold;
/*0x088*/ ULONG32 NumberOfHeaps;
/*0x08C*/ ULONG32 MaximumNumberOfHeaps;
/*0x090*/ VOID** ProcessHeaps;
/*0x094*/ VOID* GdiSharedHandleTable;
/*0x098*/ VOID* ProcessStarterHelper;
/*0x09C*/ ULONG32 GdiDCAttributeList;
/*0x0A0*/ VOID* LoaderLock;
/*0x0A4*/ ULONG32 OSMajorVersion;
/*0x0A8*/ ULONG32 OSMinorVersion;
/*0x0AC*/ UINT16 OSBuildNumber;
/*0x0AE*/ UINT16 OSCSDVersion;
/*0x0B0*/ ULONG32 OSPlatformId;
/*0x0B4*/ ULONG32 ImageSubsystem;
/*0x0B8*/ ULONG32 ImageSubsystemMajorVersion;
/*0x0BC*/ ULONG32 ImageSubsystemMinorVersion;
/*0x0C0*/ ULONG32 ImageProcessAffinityMask;
/*0x0C4*/ ULONG32 GdiHandleBuffer[34];
/*0x14C*/ PVOID PostProcessInitRoutine;
/*0x150*/ VOID* TlsExpansionBitmap;
/*0x154*/ ULONG32 TlsExpansionBitmapBits[32];
/*0x1D4*/ ULONG32 SessionId;
/*0x1D8*/ union _ULARGE_INTEGER AppCompatFlags;
/*0x1E0*/ union _ULARGE_INTEGER AppCompatFlagsUser;
/*0x1E8*/ VOID* pShimData;
/*0x1EC*/ VOID* AppCompatInfo;
/*0x1F0*/ struct _UNICODE_STRING CSDVersion;
/*0x1F8*/ VOID* ActivationContextData;
/*0x1FC*/ VOID* ProcessAssemblyStorageMap;
/*0x200*/ VOID* SystemDefaultActivationContextData;
/*0x204*/ VOID* SystemAssemblyStorageMap;
/*0x208*/ ULONG32 MinimumStackCommit;
/*0x20C*/ UINT8 _PADDING1_[0x4];
}PEB, *PPEB;
typedef struct _PEB_LDR_DATA {
/*0x000*/ ULONG32 Length;
/*0x004*/ UINT8 Initialized;
/*0x005*/ UINT8 _PADDING0_[0x3];
/*0x008*/ VOID* SsHandle;
/*0x00C*/ struct _LIST_ENTRY InLoadOrderModuleList;
/*0x014*/ struct _LIST_ENTRY InMemoryOrderModuleList;
/*0x01C*/ struct _LIST_ENTRY InInitializationOrderModuleList;
/*0x024*/ VOID* EntryInProgress;
}PEB_LDR_DATA, *PPEB_LDR_DATA;
/*0x000*/ ULONG32 Length;
/*0x004*/ UINT8 Initialized;
/*0x005*/ UINT8 _PADDING0_[0x3];
/*0x008*/ VOID* SsHandle;
/*0x00C*/ struct _LIST_ENTRY InLoadOrderModuleList;
/*0x014*/ struct _LIST_ENTRY InMemoryOrderModuleList;
/*0x01C*/ struct _LIST_ENTRY InInitializationOrderModuleList;
/*0x024*/ VOID* EntryInProgress;
}PEB_LDR_DATA, *PPEB_LDR_DATA;
typedef struct _PHYSICAL_MEMORY_DESCRIPTOR {
/*0x000*/ ULONG32 NumberOfRuns;
/*0x004*/ ULONG32 NumberOfPages;
/*0x008*/ struct _PHYSICAL_MEMORY_RUN Run[1];
}PHYSICAL_MEMORY_DESCRIPTOR, *PPHYSICAL_MEMORY_DESCRIPTOR;
/*0x000*/ ULONG32 NumberOfRuns;
/*0x004*/ ULONG32 NumberOfPages;
/*0x008*/ struct _PHYSICAL_MEMORY_RUN Run[1];
}PHYSICAL_MEMORY_DESCRIPTOR, *PPHYSICAL_MEMORY_DESCRIPTOR;
typedef struct _PI_BUS_EXTENSION {
/*0x000*/ ULONG32 Flags;
/*0x004*/ ULONG32 NumberCSNs;
/*0x008*/ UINT8* ReadDataPort;
/*0x00C*/ UINT8 DataPortMapped;
/*0x00D*/ UINT8 _PADDING0_[0x3];
/*0x010*/ UINT8* AddressPort;
/*0x014*/ UINT8 AddrPortMapped;
/*0x015*/ UINT8 _PADDING1_[0x3];
/*0x018*/ UINT8* CommandPort;
/*0x01C*/ UINT8 CmdPortMapped;
/*0x01D*/ UINT8 _PADDING2_[0x3];
/*0x020*/ ULONG32 NextSlotNumber;
/*0x024*/ struct _SINGLE_LIST_ENTRY DeviceList;
/*0x028*/ struct _SINGLE_LIST_ENTRY CardList;
/*0x02C*/ struct _DEVICE_OBJECT* PhysicalBusDevice;
/*0x030*/ struct _DEVICE_OBJECT* FunctionalBusDevice;
/*0x034*/ struct _DEVICE_OBJECT* AttachedDevice;
/*0x038*/ ULONG32 BusNumber;
/*0x03C*/ enum _SYSTEM_POWER_STATE SystemPowerState;
/*0x040*/ enum _DEVICE_POWER_STATE DevicePowerState;
}PI_BUS_EXTENSION, *PPI_BUS_EXTENSION;
/*0x000*/ ULONG32 Flags;
/*0x004*/ ULONG32 NumberCSNs;
/*0x008*/ UINT8* ReadDataPort;
/*0x00C*/ UINT8 DataPortMapped;
/*0x00D*/ UINT8 _PADDING0_[0x3];
/*0x010*/ UINT8* AddressPort;
/*0x014*/ UINT8 AddrPortMapped;
/*0x015*/ UINT8 _PADDING1_[0x3];
/*0x018*/ UINT8* CommandPort;
/*0x01C*/ UINT8 CmdPortMapped;
/*0x01D*/ UINT8 _PADDING2_[0x3];
/*0x020*/ ULONG32 NextSlotNumber;
/*0x024*/ struct _SINGLE_LIST_ENTRY DeviceList;
/*0x028*/ struct _SINGLE_LIST_ENTRY CardList;
/*0x02C*/ struct _DEVICE_OBJECT* PhysicalBusDevice;
/*0x030*/ struct _DEVICE_OBJECT* FunctionalBusDevice;
/*0x034*/ struct _DEVICE_OBJECT* AttachedDevice;
/*0x038*/ ULONG32 BusNumber;
/*0x03C*/ enum _SYSTEM_POWER_STATE SystemPowerState;
/*0x040*/ enum _DEVICE_POWER_STATE DevicePowerState;
}PI_BUS_EXTENSION, *PPI_BUS_EXTENSION;
typedef struct _PI_RESOURCE_ARBITER_ENTRY {
/*0x000*/ struct _LIST_ENTRY DeviceArbiterList;
/*0x008*/ UINT8 ResourceType;
/*0x009*/ UINT8 _PADDING0_[0x3];
/*0x00C*/ struct _ARBITER_INTERFACE* ArbiterInterface;
/*0x010*/ ULONG32 Level;
/*0x014*/ struct _LIST_ENTRY ResourceList;
/*0x01C*/ struct _LIST_ENTRY BestResourceList;
/*0x024*/ struct _LIST_ENTRY BestConfig;
/*0x02C*/ struct _LIST_ENTRY ActiveArbiterList;
/*0x034*/ UINT8 State;
/*0x035*/ UINT8 ResourcesChanged;
/*0x036*/ UINT8 _PADDING1_[0x2];
}PI_RESOURCE_ARBITER_ENTRY, *PPI_RESOURCE_ARBITER_ENTRY;
/*0x000*/ struct _LIST_ENTRY DeviceArbiterList;
/*0x008*/ UINT8 ResourceType;
/*0x009*/ UINT8 _PADDING0_[0x3];
/*0x00C*/ struct _ARBITER_INTERFACE* ArbiterInterface;
/*0x010*/ ULONG32 Level;
/*0x014*/ struct _LIST_ENTRY ResourceList;
/*0x01C*/ struct _LIST_ENTRY BestResourceList;
/*0x024*/ struct _LIST_ENTRY BestConfig;
/*0x02C*/ struct _LIST_ENTRY ActiveArbiterList;
/*0x034*/ UINT8 State;
/*0x035*/ UINT8 ResourcesChanged;
/*0x036*/ UINT8 _PADDING1_[0x2];
}PI_RESOURCE_ARBITER_ENTRY, *PPI_RESOURCE_ARBITER_ENTRY;
typedef struct _PLUGPLAY_EVENT_BLOCK {
/*0x000*/ struct _GUID EventGuid;
/*0x010*/ enum _PLUGPLAY_EVENT_CATEGORY EventCategory;
/*0x014*/ ULONG32* Result;
/*0x018*/ ULONG32 Flags;
/*0x01C*/ ULONG32 TotalSize;
/*0x020*/ VOID* DeviceObject;
union
{
struct
{
/*0x024*/ struct _GUID ClassGuid;
/*0x034*/ UINT16 SymbolicLinkName[1];
/*0x036*/ UINT8 _PADDING0_[0x2];
}DeviceClass;
struct
{
/*0x024*/ UINT16 DeviceIds[1];
}TargetDevice;
struct
{
/*0x024*/ UINT16 DeviceId[1];
}InstallDevice;
struct
{
/*0x024*/ VOID* NotificationStructure;
/*0x028*/ UINT16 DeviceIds[1];
/*0x02A*/ UINT8 _PADDING0_[0x2];
}CustomNotification;
struct
{
/*0x024*/ VOID* Notification;
}ProfileNotification;
struct
{
/*0x024*/ ULONG32 NotificationCode;
/*0x028*/ ULONG32 NotificationData;
}PowerNotification;
struct
{
/*0x024*/ enum _PNP_VETO_TYPE VetoType;
/*0x028*/ UINT16 DeviceIdVetoNameBuffer[1];
/*0x02A*/ UINT8 _PADDING0_[0x2];
}VetoNotification;
struct
{
/*0x024*/ struct _GUID BlockedDriverGuid;
}BlockedDriverNotification;
}u;
}PLUGPLAY_EVENT_BLOCK, *PPLUGPLAY_EVENT_BLOCK;
/*0x000*/ struct _GUID EventGuid;
/*0x010*/ enum _PLUGPLAY_EVENT_CATEGORY EventCategory;
/*0x014*/ ULONG32* Result;
/*0x018*/ ULONG32 Flags;
/*0x01C*/ ULONG32 TotalSize;
/*0x020*/ VOID* DeviceObject;
union
{
struct
{
/*0x024*/ struct _GUID ClassGuid;
/*0x034*/ UINT16 SymbolicLinkName[1];
/*0x036*/ UINT8 _PADDING0_[0x2];
}DeviceClass;
struct
{
/*0x024*/ UINT16 DeviceIds[1];
}TargetDevice;
struct
{
/*0x024*/ UINT16 DeviceId[1];
}InstallDevice;
struct
{
/*0x024*/ VOID* NotificationStructure;
/*0x028*/ UINT16 DeviceIds[1];
/*0x02A*/ UINT8 _PADDING0_[0x2];
}CustomNotification;
struct
{
/*0x024*/ VOID* Notification;
}ProfileNotification;
struct
{
/*0x024*/ ULONG32 NotificationCode;
/*0x028*/ ULONG32 NotificationData;
}PowerNotification;
struct
{
/*0x024*/ enum _PNP_VETO_TYPE VetoType;
/*0x028*/ UINT16 DeviceIdVetoNameBuffer[1];
/*0x02A*/ UINT8 _PADDING0_[0x2];
}VetoNotification;
struct
{
/*0x024*/ struct _GUID BlockedDriverGuid;
}BlockedDriverNotification;
}u;
}PLUGPLAY_EVENT_BLOCK, *PPLUGPLAY_EVENT_BLOCK;
typedef struct _POOL_BLOCK_HEAD {
/*0x000*/ struct _POOL_HEADER Header;
/*0x008*/ struct _LIST_ENTRY List;
}POOL_BLOCK_HEAD, *PPOOL_BLOCK_HEAD;
/*0x000*/ struct _POOL_HEADER Header;
/*0x008*/ struct _LIST_ENTRY List;
}POOL_BLOCK_HEAD, *PPOOL_BLOCK_HEAD;
typedef struct _POOL_DESCRIPTOR {
/*0x000*/ enum _POOL_TYPE PoolType;
/*0x004*/ ULONG32 PoolIndex;
/*0x008*/ ULONG32 RunningAllocs;
/*0x00C*/ ULONG32 RunningDeAllocs;
/*0x010*/ ULONG32 TotalPages;
/*0x014*/ ULONG32 TotalBigPages;
/*0x018*/ ULONG32 Threshold;
/*0x01C*/ VOID* LockAddress;
/*0x020*/ VOID* PendingFrees;
/*0x024*/ LONG32 PendingFreeDepth;
/*0x028*/ struct _LIST_ENTRY ListHeads[512];
}POOL_DESCRIPTOR, *PPOOL_DESCRIPTOR;
/*0x000*/ enum _POOL_TYPE PoolType;
/*0x004*/ ULONG32 PoolIndex;
/*0x008*/ ULONG32 RunningAllocs;
/*0x00C*/ ULONG32 RunningDeAllocs;
/*0x010*/ ULONG32 TotalPages;
/*0x014*/ ULONG32 TotalBigPages;
/*0x018*/ ULONG32 Threshold;
/*0x01C*/ VOID* LockAddress;
/*0x020*/ VOID* PendingFrees;
/*0x024*/ LONG32 PendingFreeDepth;
/*0x028*/ struct _LIST_ENTRY ListHeads[512];
}POOL_DESCRIPTOR, *PPOOL_DESCRIPTOR;
typedef struct _POOL_HACKER {
/*0x000*/ struct _POOL_HEADER Header;
/*0x008*/ ULONG32 Contents[8];
}POOL_HACKER, *PPOOL_HACKER;
/*0x000*/ struct _POOL_HEADER Header;
/*0x008*/ ULONG32 Contents[8];
}POOL_HACKER, *PPOOL_HACKER;
typedef struct _POP_DEVICE_POWER_IRP {
/*0x000*/ struct _SINGLE_LIST_ENTRY Free;
/*0x004*/ struct _IRP* Irp;
/*0x008*/ struct _PO_DEVICE_NOTIFY* Notify;
/*0x00C*/ struct _LIST_ENTRY Pending;
/*0x014*/ struct _LIST_ENTRY Complete;
/*0x01C*/ struct _LIST_ENTRY Abort;
/*0x024*/ struct _LIST_ENTRY Failed;
}POP_DEVICE_POWER_IRP, *PPOP_DEVICE_POWER_IRP;
/*0x000*/ struct _SINGLE_LIST_ENTRY Free;
/*0x004*/ struct _IRP* Irp;
/*0x008*/ struct _PO_DEVICE_NOTIFY* Notify;
/*0x00C*/ struct _LIST_ENTRY Pending;
/*0x014*/ struct _LIST_ENTRY Complete;
/*0x01C*/ struct _LIST_ENTRY Abort;
/*0x024*/ struct _LIST_ENTRY Failed;
}POP_DEVICE_POWER_IRP, *PPOP_DEVICE_POWER_IRP;
typedef struct _POP_HIBER_CONTEXT {
/*0x000*/ UINT8 WriteToFile;
/*0x001*/ UINT8 ReserveLoaderMemory;
/*0x002*/ UINT8 ReserveFreeMemory;
/*0x003*/ UINT8 VerifyOnWake;
/*0x004*/ UINT8 Reset;
/*0x005*/ UINT8 HiberFlags;
/*0x006*/ UINT8 LinkFile;
/*0x007*/ UINT8 _PADDING0_[0x1];
/*0x008*/ VOID* LinkFileHandle;
/*0x00C*/ ULONG32 Lock;
/*0x010*/ UINT8 MapFrozen;
/*0x011*/ UINT8 _PADDING1_[0x3];
/*0x014*/ struct _RTL_BITMAP MemoryMap;
/*0x01C*/ struct _LIST_ENTRY ClonedRanges;
/*0x024*/ ULONG32 ClonedRangeCount;
/*0x028*/ struct _LIST_ENTRY* NextCloneRange;
/*0x02C*/ ULONG32 NextPreserve;
/*0x030*/ struct _MDL* LoaderMdl;
/*0x034*/ struct _MDL* Clones;
/*0x038*/ UINT8* NextClone;
/*0x03C*/ ULONG32 NoClones;
/*0x040*/ struct _MDL* Spares;
/*0x044*/ UINT8 _PADDING2_[0x4];
/*0x048*/ UINT64 PagesOut;
/*0x050*/ VOID* IoPage;
/*0x054*/ VOID* CurrentMcb;
/*0x058*/ struct _DUMP_STACK_CONTEXT* DumpStack;
/*0x05C*/ struct _KPROCESSOR_STATE* WakeState;
/*0x060*/ ULONG32 NoRanges;
/*0x064*/ ULONG32 HiberVa;
/*0x068*/ union _LARGE_INTEGER HiberPte;
/*0x070*/ LONG32 Status;
/*0x074*/ struct _PO_MEMORY_IMAGE* MemoryImage;
/*0x078*/ struct _PO_MEMORY_RANGE_ARRAY* TableHead;
/*0x07C*/ UINT8* CompressionWorkspace;
/*0x080*/ UINT8* CompressedWriteBuffer;
/*0x084*/ ULONG32* PerformanceStats;
/*0x088*/ VOID* CompressionBlock;
/*0x08C*/ VOID* DmaIO;
/*0x090*/ VOID* TemporaryHeap;
/*0x094*/ UINT8 _PADDING3_[0x4];
/*0x098*/ struct _PO_HIBER_PERF PerfInfo;
}POP_HIBER_CONTEXT, *PPOP_HIBER_CONTEXT;
/*0x000*/ UINT8 WriteToFile;
/*0x001*/ UINT8 ReserveLoaderMemory;
/*0x002*/ UINT8 ReserveFreeMemory;
/*0x003*/ UINT8 VerifyOnWake;
/*0x004*/ UINT8 Reset;
/*0x005*/ UINT8 HiberFlags;
/*0x006*/ UINT8 LinkFile;
/*0x007*/ UINT8 _PADDING0_[0x1];
/*0x008*/ VOID* LinkFileHandle;
/*0x00C*/ ULONG32 Lock;
/*0x010*/ UINT8 MapFrozen;
/*0x011*/ UINT8 _PADDING1_[0x3];
/*0x014*/ struct _RTL_BITMAP MemoryMap;
/*0x01C*/ struct _LIST_ENTRY ClonedRanges;
/*0x024*/ ULONG32 ClonedRangeCount;
/*0x028*/ struct _LIST_ENTRY* NextCloneRange;
/*0x02C*/ ULONG32 NextPreserve;
/*0x030*/ struct _MDL* LoaderMdl;
/*0x034*/ struct _MDL* Clones;
/*0x038*/ UINT8* NextClone;
/*0x03C*/ ULONG32 NoClones;
/*0x040*/ struct _MDL* Spares;
/*0x044*/ UINT8 _PADDING2_[0x4];
/*0x048*/ UINT64 PagesOut;
/*0x050*/ VOID* IoPage;
/*0x054*/ VOID* CurrentMcb;
/*0x058*/ struct _DUMP_STACK_CONTEXT* DumpStack;
/*0x05C*/ struct _KPROCESSOR_STATE* WakeState;
/*0x060*/ ULONG32 NoRanges;
/*0x064*/ ULONG32 HiberVa;
/*0x068*/ union _LARGE_INTEGER HiberPte;
/*0x070*/ LONG32 Status;
/*0x074*/ struct _PO_MEMORY_IMAGE* MemoryImage;
/*0x078*/ struct _PO_MEMORY_RANGE_ARRAY* TableHead;
/*0x07C*/ UINT8* CompressionWorkspace;
/*0x080*/ UINT8* CompressedWriteBuffer;
/*0x084*/ ULONG32* PerformanceStats;
/*0x088*/ VOID* CompressionBlock;
/*0x08C*/ VOID* DmaIO;
/*0x090*/ VOID* TemporaryHeap;
/*0x094*/ UINT8 _PADDING3_[0x4];
/*0x098*/ struct _PO_HIBER_PERF PerfInfo;
}POP_HIBER_CONTEXT, *PPOP_HIBER_CONTEXT;
typedef struct _PORT_MESSAGE {
union
{
struct
{
/*0x000*/ INT16 DataLength;
/*0x002*/ INT16 TotalLength;
}s1;
/*0x000*/ ULONG32 Length;
}u1;
union
{
struct
{
/*0x004*/ INT16 Type;
/*0x006*/ INT16 DataInfoOffset;
}s2;
/*0x004*/ ULONG32 ZeroInit;
}u2;
union
{
/*0x008*/ struct _CLIENT_ID ClientId;
/*0x008*/ FLOAT64 DoNotUseThisField;
};
/*0x010*/ ULONG32 MessageId;
union
{
/*0x014*/ ULONG32 ClientViewSize;
/*0x014*/ ULONG32 CallbackId;
};
}PORT_MESSAGE, *PPORT_MESSAGE;
union
{
struct
{
/*0x000*/ INT16 DataLength;
/*0x002*/ INT16 TotalLength;
}s1;
/*0x000*/ ULONG32 Length;
}u1;
union
{
struct
{
/*0x004*/ INT16 Type;
/*0x006*/ INT16 DataInfoOffset;
}s2;
/*0x004*/ ULONG32 ZeroInit;
}u2;
union
{
/*0x008*/ struct _CLIENT_ID ClientId;
/*0x008*/ FLOAT64 DoNotUseThisField;
};
/*0x010*/ ULONG32 MessageId;
union
{
/*0x014*/ ULONG32 ClientViewSize;
/*0x014*/ ULONG32 CallbackId;
};
}PORT_MESSAGE, *PPORT_MESSAGE;
typedef struct _POWER_CHANNEL_SUMMARY {
/*0x000*/ ULONG32 Signature;
/*0x004*/ ULONG32 TotalCount;
/*0x008*/ ULONG32 D0Count;
/*0x00C*/ struct _LIST_ENTRY NotifyList;
}POWER_CHANNEL_SUMMARY, *PPOWER_CHANNEL_SUMMARY;
/*0x000*/ ULONG32 Signature;
/*0x004*/ ULONG32 TotalCount;
/*0x008*/ ULONG32 D0Count;
/*0x00C*/ struct _LIST_ENTRY NotifyList;
}POWER_CHANNEL_SUMMARY, *PPOWER_CHANNEL_SUMMARY;
typedef struct _PO_DEVICE_NOTIFY {
/*0x000*/ struct _LIST_ENTRY Link;
/*0x008*/ struct _DEVICE_OBJECT* TargetDevice;
/*0x00C*/ UINT8 WakeNeeded;
/*0x00D*/ UINT8 OrderLevel;
/*0x00E*/ UINT8 _PADDING0_[0x2];
/*0x010*/ struct _DEVICE_OBJECT* DeviceObject;
/*0x014*/ VOID* Node;
/*0x018*/ UINT16* DeviceName;
/*0x01C*/ UINT16* DriverName;
/*0x020*/ ULONG32 ChildCount;
/*0x024*/ ULONG32 ActiveChild;
}PO_DEVICE_NOTIFY, *PPO_DEVICE_NOTIFY;
/*0x000*/ struct _LIST_ENTRY Link;
/*0x008*/ struct _DEVICE_OBJECT* TargetDevice;
/*0x00C*/ UINT8 WakeNeeded;
/*0x00D*/ UINT8 OrderLevel;
/*0x00E*/ UINT8 _PADDING0_[0x2];
/*0x010*/ struct _DEVICE_OBJECT* DeviceObject;
/*0x014*/ VOID* Node;
/*0x018*/ UINT16* DeviceName;
/*0x01C*/ UINT16* DriverName;
/*0x020*/ ULONG32 ChildCount;
/*0x024*/ ULONG32 ActiveChild;
}PO_DEVICE_NOTIFY, *PPO_DEVICE_NOTIFY;
typedef struct _PO_MEMORY_IMAGE {
/*0x000*/ ULONG32 Signature;
/*0x004*/ ULONG32 Version;
/*0x008*/ ULONG32 CheckSum;
/*0x00C*/ ULONG32 LengthSelf;
/*0x010*/ ULONG32 PageSelf;
/*0x014*/ ULONG32 PageSize;
/*0x018*/ ULONG32 ImageType;
/*0x01C*/ UINT8 _PADDING0_[0x4];
/*0x020*/ union _LARGE_INTEGER SystemTime;
/*0x028*/ UINT64 InterruptTime;
/*0x030*/ ULONG32 FeatureFlags;
/*0x034*/ UINT8 HiberFlags;
/*0x035*/ UINT8 spare[3];
/*0x038*/ ULONG32 NoHiberPtes;
/*0x03C*/ ULONG32 HiberVa;
/*0x040*/ union _LARGE_INTEGER HiberPte;
/*0x048*/ ULONG32 NoFreePages;
/*0x04C*/ ULONG32 FreeMapCheck;
/*0x050*/ ULONG32 WakeCheck;
/*0x054*/ ULONG32 TotalPages;
/*0x058*/ ULONG32 FirstTablePage;
/*0x05C*/ ULONG32 LastFilePage;
/*0x060*/ struct _PO_HIBER_PERF PerfInfo;
}PO_MEMORY_IMAGE, *PPO_MEMORY_IMAGE;
/*0x000*/ ULONG32 Signature;
/*0x004*/ ULONG32 Version;
/*0x008*/ ULONG32 CheckSum;
/*0x00C*/ ULONG32 LengthSelf;
/*0x010*/ ULONG32 PageSelf;
/*0x014*/ ULONG32 PageSize;
/*0x018*/ ULONG32 ImageType;
/*0x01C*/ UINT8 _PADDING0_[0x4];
/*0x020*/ union _LARGE_INTEGER SystemTime;
/*0x028*/ UINT64 InterruptTime;
/*0x030*/ ULONG32 FeatureFlags;
/*0x034*/ UINT8 HiberFlags;
/*0x035*/ UINT8 spare[3];
/*0x038*/ ULONG32 NoHiberPtes;
/*0x03C*/ ULONG32 HiberVa;
/*0x040*/ union _LARGE_INTEGER HiberPte;
/*0x048*/ ULONG32 NoFreePages;
/*0x04C*/ ULONG32 FreeMapCheck;
/*0x050*/ ULONG32 WakeCheck;
/*0x054*/ ULONG32 TotalPages;
/*0x058*/ ULONG32 FirstTablePage;
/*0x05C*/ ULONG32 LastFilePage;
/*0x060*/ struct _PO_HIBER_PERF PerfInfo;
}PO_MEMORY_IMAGE, *PPO_MEMORY_IMAGE;
typedef struct _PRIVATE_CACHE_MAP {
union
{
/*0x000*/ INT16 NodeTypeCode;
/*0x000*/ struct _PRIVATE_CACHE_MAP_FLAGS Flags;
/*0x000*/ ULONG32 UlongFlags;
};
/*0x004*/ ULONG32 ReadAheadMask;
/*0x008*/ struct _FILE_OBJECT* FileObject;
/*0x00C*/ UINT8 _PADDING0_[0x4];
/*0x010*/ union _LARGE_INTEGER FileOffset1;
/*0x018*/ union _LARGE_INTEGER BeyondLastByte1;
/*0x020*/ union _LARGE_INTEGER FileOffset2;
/*0x028*/ union _LARGE_INTEGER BeyondLastByte2;
/*0x030*/ union _LARGE_INTEGER ReadAheadOffset[2];
/*0x040*/ ULONG32 ReadAheadLength[2];
/*0x048*/ ULONG32 ReadAheadSpinLock;
/*0x04C*/ struct _LIST_ENTRY PrivateLinks;
/*0x054*/ UINT8 _PADDING1_[0x4];
}PRIVATE_CACHE_MAP, *PPRIVATE_CACHE_MAP;
union
{
/*0x000*/ INT16 NodeTypeCode;
/*0x000*/ struct _PRIVATE_CACHE_MAP_FLAGS Flags;
/*0x000*/ ULONG32 UlongFlags;
};
/*0x004*/ ULONG32 ReadAheadMask;
/*0x008*/ struct _FILE_OBJECT* FileObject;
/*0x00C*/ UINT8 _PADDING0_[0x4];
/*0x010*/ union _LARGE_INTEGER FileOffset1;
/*0x018*/ union _LARGE_INTEGER BeyondLastByte1;
/*0x020*/ union _LARGE_INTEGER FileOffset2;
/*0x028*/ union _LARGE_INTEGER BeyondLastByte2;
/*0x030*/ union _LARGE_INTEGER ReadAheadOffset[2];
/*0x040*/ ULONG32 ReadAheadLength[2];
/*0x048*/ ULONG32 ReadAheadSpinLock;
/*0x04C*/ struct _LIST_ENTRY PrivateLinks;
/*0x054*/ UINT8 _PADDING1_[0x4];
}PRIVATE_CACHE_MAP, *PPRIVATE_CACHE_MAP;
typedef struct _PROCESSOR_POWER_POLICY {
/*0x000*/ ULONG32 Revision;
/*0x004*/ UINT8 DynamicThrottle;
/*0x005*/ UINT8 Spare[3];
struct
{
/*0x008*/ ULONG32 DisableCStates : 1;
/*0x008*/ ULONG32 Reserved : 31;
};
/*0x00C*/ ULONG32 PolicyCount;
/*0x010*/ struct _PROCESSOR_POWER_POLICY_INFO Policy[3];
}PROCESSOR_POWER_POLICY, *PPROCESSOR_POWER_POLICY;
/*0x000*/ ULONG32 Revision;
/*0x004*/ UINT8 DynamicThrottle;
/*0x005*/ UINT8 Spare[3];
struct
{
/*0x008*/ ULONG32 DisableCStates : 1;
/*0x008*/ ULONG32 Reserved : 31;
};
/*0x00C*/ ULONG32 PolicyCount;
/*0x010*/ struct _PROCESSOR_POWER_POLICY_INFO Policy[3];
}PROCESSOR_POWER_POLICY, *PPROCESSOR_POWER_POLICY;
typedef struct _RTLP_RANGE_LIST_ENTRY {
/*0x000*/ UINT64 Start;
/*0x008*/ UINT64 End;
union
{
struct
{
/*0x010*/ VOID* UserData;
/*0x014*/ VOID* Owner;
}Allocated;
struct
{
/*0x010*/ struct _LIST_ENTRY ListHead;
}Merged;
};
/*0x018*/ UINT8 Attributes;
/*0x019*/ UINT8 PublicFlags;
/*0x01A*/ UINT16 PrivateFlags;
/*0x01C*/ struct _LIST_ENTRY ListEntry;
/*0x024*/ UINT8 _PADDING0_[0x4];
}RTLP_RANGE_LIST_ENTRY, *PRTLP_RANGE_LIST_ENTRY;
/*0x000*/ UINT64 Start;
/*0x008*/ UINT64 End;
union
{
struct
{
/*0x010*/ VOID* UserData;
/*0x014*/ VOID* Owner;
}Allocated;
struct
{
/*0x010*/ struct _LIST_ENTRY ListHead;
}Merged;
};
/*0x018*/ UINT8 Attributes;
/*0x019*/ UINT8 PublicFlags;
/*0x01A*/ UINT16 PrivateFlags;
/*0x01C*/ struct _LIST_ENTRY ListEntry;
/*0x024*/ UINT8 _PADDING0_[0x4];
}RTLP_RANGE_LIST_ENTRY, *PRTLP_RANGE_LIST_ENTRY;
typedef struct _RTL_ATOM_TABLE {
/*0x000*/ ULONG32 Signature;
/*0x004*/ struct _RTL_CRITICAL_SECTION CriticalSection;
/*0x01C*/ struct _RTL_HANDLE_TABLE RtlHandleTable;
/*0x03C*/ ULONG32 NumberOfBuckets;
/*0x040*/ struct _RTL_ATOM_TABLE_ENTRY* Buckets[1];
}RTL_ATOM_TABLE, *PRTL_ATOM_TABLE;
/*0x000*/ ULONG32 Signature;
/*0x004*/ struct _RTL_CRITICAL_SECTION CriticalSection;
/*0x01C*/ struct _RTL_HANDLE_TABLE RtlHandleTable;
/*0x03C*/ ULONG32 NumberOfBuckets;
/*0x040*/ struct _RTL_ATOM_TABLE_ENTRY* Buckets[1];
}RTL_ATOM_TABLE, *PRTL_ATOM_TABLE;
typedef struct _RTL_CRITICAL_SECTION_DEBUG {
/*0x000*/ UINT16 Type;
/*0x002*/ UINT16 CreatorBackTraceIndex;
/*0x004*/ struct _RTL_CRITICAL_SECTION* CriticalSection;
/*0x008*/ struct _LIST_ENTRY ProcessLocksList;
/*0x010*/ ULONG32 EntryCount;
/*0x014*/ ULONG32 ContentionCount;
/*0x018*/ ULONG32 Spare[2];
}RTL_CRITICAL_SECTION_DEBUG, *PRTL_CRITICAL_SECTION_DEBUG;
/*0x000*/ UINT16 Type;
/*0x002*/ UINT16 CreatorBackTraceIndex;
/*0x004*/ struct _RTL_CRITICAL_SECTION* CriticalSection;
/*0x008*/ struct _LIST_ENTRY ProcessLocksList;
/*0x010*/ ULONG32 EntryCount;
/*0x014*/ ULONG32 ContentionCount;
/*0x018*/ ULONG32 Spare[2];
}RTL_CRITICAL_SECTION_DEBUG, *PRTL_CRITICAL_SECTION_DEBUG;
typedef struct _RTL_DRIVE_LETTER_CURDIR {
/*0x000*/ UINT16 Flags;
/*0x002*/ UINT16 Length;
/*0x004*/ ULONG32 TimeStamp;
/*0x008*/ struct _STRING DosPath;
}RTL_DRIVE_LETTER_CURDIR, *PRTL_DRIVE_LETTER_CURDIR;
/*0x000*/ UINT16 Flags;
/*0x002*/ UINT16 Length;
/*0x004*/ ULONG32 TimeStamp;
/*0x008*/ struct _STRING DosPath;
}RTL_DRIVE_LETTER_CURDIR, *PRTL_DRIVE_LETTER_CURDIR;
typedef struct _RTL_RANGE_LIST {
/*0x000*/ struct _LIST_ENTRY ListHead;
/*0x008*/ ULONG32 Flags;
/*0x00C*/ ULONG32 Count;
/*0x010*/ ULONG32 Stamp;
}RTL_RANGE_LIST, *PRTL_RANGE_LIST;
/*0x000*/ struct _LIST_ENTRY ListHead;
/*0x008*/ ULONG32 Flags;
/*0x00C*/ ULONG32 Count;
/*0x010*/ ULONG32 Stamp;
}RTL_RANGE_LIST, *PRTL_RANGE_LIST;
typedef struct _SECURITY_TOKEN_PROXY_DATA {
/*0x000*/ ULONG32 Length;
/*0x004*/ enum _PROXY_CLASS ProxyClass;
/*0x008*/ struct _UNICODE_STRING PathInfo;
/*0x010*/ ULONG32 ContainerMask;
/*0x014*/ ULONG32 ObjectMask;
}SECURITY_TOKEN_PROXY_DATA, *PSECURITY_TOKEN_PROXY_DATA;
/*0x000*/ ULONG32 Length;
/*0x004*/ enum _PROXY_CLASS ProxyClass;
/*0x008*/ struct _UNICODE_STRING PathInfo;
/*0x010*/ ULONG32 ContainerMask;
/*0x014*/ ULONG32 ObjectMask;
}SECURITY_TOKEN_PROXY_DATA, *PSECURITY_TOKEN_PROXY_DATA;
typedef struct _SEP_AUDIT_POLICY {
union
{
/*0x000*/ struct _SEP_AUDIT_POLICY_CATEGORIES PolicyElements;
/*0x000*/ struct _SEP_AUDIT_POLICY_OVERLAY PolicyOverlay;
/*0x000*/ UINT64 Overlay;
};
}SEP_AUDIT_POLICY, *PSEP_AUDIT_POLICY;
union
{
/*0x000*/ struct _SEP_AUDIT_POLICY_CATEGORIES PolicyElements;
/*0x000*/ struct _SEP_AUDIT_POLICY_OVERLAY PolicyOverlay;
/*0x000*/ UINT64 Overlay;
};
}SEP_AUDIT_POLICY, *PSEP_AUDIT_POLICY;
typedef struct _SID {
/*0x000*/ UINT8 Revision;
/*0x001*/ UINT8 SubAuthorityCount;
/*0x002*/ struct _SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
/*0x008*/ ULONG32 SubAuthority[1];
}SID, *PSID;
/*0x000*/ UINT8 Revision;
/*0x001*/ UINT8 SubAuthorityCount;
/*0x002*/ struct _SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
/*0x008*/ ULONG32 SubAuthority[1];
}SID, *PSID;
typedef struct _SUBSECTION {
/*0x000*/ struct _CONTROL_AREA* ControlArea;
union
{
/*0x004*/ ULONG32 LongFlags;
/*0x004*/ struct _MMSUBSECTION_FLAGS SubsectionFlags;
}u;
/*0x008*/ ULONG32 StartingSector;
/*0x00C*/ ULONG32 NumberOfFullSectors;
/*0x010*/ struct _MMPTE* SubsectionBase;
/*0x014*/ ULONG32 UnusedPtes;
/*0x018*/ ULONG32 PtesInSubsection;
/*0x01C*/ struct _SUBSECTION* NextSubsection;
}SUBSECTION, *PSUBSECTION;
/*0x000*/ struct _CONTROL_AREA* ControlArea;
union
{
/*0x004*/ ULONG32 LongFlags;
/*0x004*/ struct _MMSUBSECTION_FLAGS SubsectionFlags;
}u;
/*0x008*/ ULONG32 StartingSector;
/*0x00C*/ ULONG32 NumberOfFullSectors;
/*0x010*/ struct _MMPTE* SubsectionBase;
/*0x014*/ ULONG32 UnusedPtes;
/*0x018*/ ULONG32 PtesInSubsection;
/*0x01C*/ struct _SUBSECTION* NextSubsection;
}SUBSECTION, *PSUBSECTION;
typedef struct _SUPPORTED_RANGES {
/*0x000*/ UINT16 Version;
/*0x002*/ UINT8 Sorted;
/*0x003*/ UINT8 Reserved;
/*0x004*/ ULONG32 NoIO;
/*0x008*/ struct _SUPPORTED_RANGE IO;
/*0x028*/ ULONG32 NoMemory;
/*0x02C*/ UINT8 _PADDING0_[0x4];
/*0x030*/ struct _SUPPORTED_RANGE Memory;
/*0x050*/ ULONG32 NoPrefetchMemory;
/*0x054*/ UINT8 _PADDING1_[0x4];
/*0x058*/ struct _SUPPORTED_RANGE PrefetchMemory;
/*0x078*/ ULONG32 NoDma;
/*0x07C*/ UINT8 _PADDING2_[0x4];
/*0x080*/ struct _SUPPORTED_RANGE Dma;
}SUPPORTED_RANGES, *PSUPPORTED_RANGES;
/*0x000*/ UINT16 Version;
/*0x002*/ UINT8 Sorted;
/*0x003*/ UINT8 Reserved;
/*0x004*/ ULONG32 NoIO;
/*0x008*/ struct _SUPPORTED_RANGE IO;
/*0x028*/ ULONG32 NoMemory;
/*0x02C*/ UINT8 _PADDING0_[0x4];
/*0x030*/ struct _SUPPORTED_RANGE Memory;
/*0x050*/ ULONG32 NoPrefetchMemory;
/*0x054*/ UINT8 _PADDING1_[0x4];
/*0x058*/ struct _SUPPORTED_RANGE PrefetchMemory;
/*0x078*/ ULONG32 NoDma;
/*0x07C*/ UINT8 _PADDING2_[0x4];
/*0x080*/ struct _SUPPORTED_RANGE Dma;
}SUPPORTED_RANGES, *PSUPPORTED_RANGES;
typedef struct _SYSPTES_HEADER {
/*0x000*/ struct _LIST_ENTRY ListHead;
/*0x008*/ ULONG32 Count;
}SYSPTES_HEADER, *PSYSPTES_HEADER;
/*0x000*/ struct _LIST_ENTRY ListHead;
/*0x008*/ ULONG32 Count;
}SYSPTES_HEADER, *PSYSPTES_HEADER;
typedef struct _SYSTEM_POWER_CAPABILITIES {
/*0x000*/ UINT8 PowerButtonPresent;
/*0x001*/ UINT8 SleepButtonPresent;
/*0x002*/ UINT8 LidPresent;
/*0x003*/ UINT8 SystemS1;
/*0x004*/ UINT8 SystemS2;
/*0x005*/ UINT8 SystemS3;
/*0x006*/ UINT8 SystemS4;
/*0x007*/ UINT8 SystemS5;
/*0x008*/ UINT8 HiberFilePresent;
/*0x009*/ UINT8 FullWake;
/*0x00A*/ UINT8 VideoDimPresent;
/*0x00B*/ UINT8 ApmPresent;
/*0x00C*/ UINT8 UpsPresent;
/*0x00D*/ UINT8 ThermalControl;
/*0x00E*/ UINT8 ProcessorThrottle;
/*0x00F*/ UINT8 ProcessorMinThrottle;
/*0x010*/ UINT8 ProcessorMaxThrottle;
/*0x011*/ UINT8 spare2[4];
/*0x015*/ UINT8 DiskSpinDown;
/*0x016*/ UINT8 spare3[8];
/*0x01E*/ UINT8 SystemBatteriesPresent;
/*0x01F*/ UINT8 BatteriesAreShortTerm;
/*0x020*/ struct _BATTERY_REPORTING_SCALE BatteryScale[3];
/*0x038*/ enum _SYSTEM_POWER_STATE AcOnLineWake;
/*0x03C*/ enum _SYSTEM_POWER_STATE SoftLidWake;
/*0x040*/ enum _SYSTEM_POWER_STATE RtcWake;
/*0x044*/ enum _SYSTEM_POWER_STATE MinDeviceWakeState;
/*0x048*/ enum _SYSTEM_POWER_STATE DefaultLowLatencyWake;
}SYSTEM_POWER_CAPABILITIES, *PSYSTEM_POWER_CAPABILITIES;
/*0x000*/ UINT8 PowerButtonPresent;
/*0x001*/ UINT8 SleepButtonPresent;
/*0x002*/ UINT8 LidPresent;
/*0x003*/ UINT8 SystemS1;
/*0x004*/ UINT8 SystemS2;
/*0x005*/ UINT8 SystemS3;
/*0x006*/ UINT8 SystemS4;
/*0x007*/ UINT8 SystemS5;
/*0x008*/ UINT8 HiberFilePresent;
/*0x009*/ UINT8 FullWake;
/*0x00A*/ UINT8 VideoDimPresent;
/*0x00B*/ UINT8 ApmPresent;
/*0x00C*/ UINT8 UpsPresent;
/*0x00D*/ UINT8 ThermalControl;
/*0x00E*/ UINT8 ProcessorThrottle;
/*0x00F*/ UINT8 ProcessorMinThrottle;
/*0x010*/ UINT8 ProcessorMaxThrottle;
/*0x011*/ UINT8 spare2[4];
/*0x015*/ UINT8 DiskSpinDown;
/*0x016*/ UINT8 spare3[8];
/*0x01E*/ UINT8 SystemBatteriesPresent;
/*0x01F*/ UINT8 BatteriesAreShortTerm;
/*0x020*/ struct _BATTERY_REPORTING_SCALE BatteryScale[3];
/*0x038*/ enum _SYSTEM_POWER_STATE AcOnLineWake;
/*0x03C*/ enum _SYSTEM_POWER_STATE SoftLidWake;
/*0x040*/ enum _SYSTEM_POWER_STATE RtcWake;
/*0x044*/ enum _SYSTEM_POWER_STATE MinDeviceWakeState;
/*0x048*/ enum _SYSTEM_POWER_STATE DefaultLowLatencyWake;
}SYSTEM_POWER_CAPABILITIES, *PSYSTEM_POWER_CAPABILITIES;
typedef struct _SYSTEM_POWER_LEVEL {
/*0x000*/ UINT8 Enable;
/*0x001*/ UINT8 Spare[3];
/*0x004*/ ULONG32 BatteryLevel;
/*0x008*/ struct _POWER_ACTION_POLICY PowerPolicy;
/*0x014*/ enum _SYSTEM_POWER_STATE MinSystemState;
}SYSTEM_POWER_LEVEL, *PSYSTEM_POWER_LEVEL;
/*0x000*/ UINT8 Enable;
/*0x001*/ UINT8 Spare[3];
/*0x004*/ ULONG32 BatteryLevel;
/*0x008*/ struct _POWER_ACTION_POLICY PowerPolicy;
/*0x014*/ enum _SYSTEM_POWER_STATE MinSystemState;
}SYSTEM_POWER_LEVEL, *PSYSTEM_POWER_LEVEL;
typedef struct _TOKEN_SOURCE {
/*0x000*/ CHAR SourceName[8];
/*0x008*/ struct _LUID SourceIdentifier;
}TOKEN_SOURCE, *PTOKEN_SOURCE;
/*0x000*/ CHAR SourceName[8];
/*0x008*/ struct _LUID SourceIdentifier;
}TOKEN_SOURCE, *PTOKEN_SOURCE;
typedef struct _VACB {
/*0x000*/ VOID* BaseAddress;
/*0x004*/ struct _SHARED_CACHE_MAP* SharedCacheMap;
union
{
/*0x008*/ union _LARGE_INTEGER FileOffset;
/*0x008*/ UINT16 ActiveCount;
}Overlay;
/*0x010*/ struct _LIST_ENTRY LruList;
}VACB, *PVACB;
/*0x000*/ VOID* BaseAddress;
/*0x004*/ struct _SHARED_CACHE_MAP* SharedCacheMap;
union
{
/*0x008*/ union _LARGE_INTEGER FileOffset;
/*0x008*/ UINT16 ActiveCount;
}Overlay;
/*0x010*/ struct _LIST_ENTRY LruList;
}VACB, *PVACB;
typedef struct _VI_DEADLOCK_GLOBALS {
/*0x000*/ ULONG32 Nodes[2];
/*0x008*/ ULONG32 Resources[2];
/*0x010*/ ULONG32 Threads[2];
/*0x018*/ INT64 TimeAcquire;
/*0x020*/ INT64 TimeRelease;
/*0x028*/ ULONG32 BytesAllocated;
/*0x02C*/ struct _LIST_ENTRY* ResourceDatabase;
/*0x030*/ struct _LIST_ENTRY* ThreadDatabase;
/*0x034*/ ULONG32 AllocationFailures;
/*0x038*/ ULONG32 NodesTrimmedBasedOnAge;
/*0x03C*/ ULONG32 NodesTrimmedBasedOnCount;
/*0x040*/ ULONG32 NodesSearched;
/*0x044*/ ULONG32 MaxNodesSearched;
/*0x048*/ ULONG32 SequenceNumber;
/*0x04C*/ ULONG32 RecursionDepthLimit;
/*0x050*/ ULONG32 SearchedNodesLimit;
/*0x054*/ ULONG32 DepthLimitHits;
/*0x058*/ ULONG32 SearchLimitHits;
/*0x05C*/ ULONG32 ABC_ACB_Skipped;
/*0x060*/ struct _LIST_ENTRY FreeResourceList;
/*0x068*/ struct _LIST_ENTRY FreeThreadList;
/*0x070*/ struct _LIST_ENTRY FreeNodeList;
/*0x078*/ ULONG32 FreeResourceCount;
/*0x07C*/ ULONG32 FreeThreadCount;
/*0x080*/ ULONG32 FreeNodeCount;
/*0x084*/ VOID* Instigator;
/*0x088*/ ULONG32 NumberOfParticipants;
/*0x08C*/ struct _VI_DEADLOCK_NODE* Participant[32];
/*0x10C*/ ULONG32 CacheReductionInProgress;
}VI_DEADLOCK_GLOBALS, *PVI_DEADLOCK_GLOBALS;
/*0x000*/ ULONG32 Nodes[2];
/*0x008*/ ULONG32 Resources[2];
/*0x010*/ ULONG32 Threads[2];
/*0x018*/ INT64 TimeAcquire;
/*0x020*/ INT64 TimeRelease;
/*0x028*/ ULONG32 BytesAllocated;
/*0x02C*/ struct _LIST_ENTRY* ResourceDatabase;
/*0x030*/ struct _LIST_ENTRY* ThreadDatabase;
/*0x034*/ ULONG32 AllocationFailures;
/*0x038*/ ULONG32 NodesTrimmedBasedOnAge;
/*0x03C*/ ULONG32 NodesTrimmedBasedOnCount;
/*0x040*/ ULONG32 NodesSearched;
/*0x044*/ ULONG32 MaxNodesSearched;
/*0x048*/ ULONG32 SequenceNumber;
/*0x04C*/ ULONG32 RecursionDepthLimit;
/*0x050*/ ULONG32 SearchedNodesLimit;
/*0x054*/ ULONG32 DepthLimitHits;
/*0x058*/ ULONG32 SearchLimitHits;
/*0x05C*/ ULONG32 ABC_ACB_Skipped;
/*0x060*/ struct _LIST_ENTRY FreeResourceList;
/*0x068*/ struct _LIST_ENTRY FreeThreadList;
/*0x070*/ struct _LIST_ENTRY FreeNodeList;
/*0x078*/ ULONG32 FreeResourceCount;
/*0x07C*/ ULONG32 FreeThreadCount;
/*0x080*/ ULONG32 FreeNodeCount;
/*0x084*/ VOID* Instigator;
/*0x088*/ ULONG32 NumberOfParticipants;
/*0x08C*/ struct _VI_DEADLOCK_NODE* Participant[32];
/*0x10C*/ ULONG32 CacheReductionInProgress;
}VI_DEADLOCK_GLOBALS, *PVI_DEADLOCK_GLOBALS;
typedef struct _VI_DEADLOCK_NODE {
/*0x000*/ struct _VI_DEADLOCK_NODE* Parent;
/*0x004*/ struct _LIST_ENTRY ChildrenList;
/*0x00C*/ struct _LIST_ENTRY SiblingsList;
union
{
/*0x014*/ struct _LIST_ENTRY ResourceList;
/*0x014*/ struct _LIST_ENTRY FreeListEntry;
};
/*0x01C*/ struct _VI_DEADLOCK_RESOURCE* Root;
/*0x020*/ struct _VI_DEADLOCK_THREAD* ThreadEntry;
struct
{
/*0x024*/ ULONG32 Active : 1;
/*0x024*/ ULONG32 OnlyTryAcquireUsed : 1;
/*0x024*/ ULONG32 SequenceNumber : 30;
};
/*0x028*/ VOID* StackTrace[8];
/*0x048*/ VOID* ParentStackTrace[8];
}VI_DEADLOCK_NODE, *PVI_DEADLOCK_NODE;
/*0x000*/ struct _VI_DEADLOCK_NODE* Parent;
/*0x004*/ struct _LIST_ENTRY ChildrenList;
/*0x00C*/ struct _LIST_ENTRY SiblingsList;
union
{
/*0x014*/ struct _LIST_ENTRY ResourceList;
/*0x014*/ struct _LIST_ENTRY FreeListEntry;
};
/*0x01C*/ struct _VI_DEADLOCK_RESOURCE* Root;
/*0x020*/ struct _VI_DEADLOCK_THREAD* ThreadEntry;
struct
{
/*0x024*/ ULONG32 Active : 1;
/*0x024*/ ULONG32 OnlyTryAcquireUsed : 1;
/*0x024*/ ULONG32 SequenceNumber : 30;
};
/*0x028*/ VOID* StackTrace[8];
/*0x048*/ VOID* ParentStackTrace[8];
}VI_DEADLOCK_NODE, *PVI_DEADLOCK_NODE;
typedef struct _VI_DEADLOCK_RESOURCE {
/*0x000*/ enum _VI_DEADLOCK_RESOURCE_TYPE Type;
struct
{
/*0x004*/ ULONG32 NodeCount : 16;
/*0x004*/ ULONG32 RecursionCount : 16;
};
/*0x008*/ VOID* ResourceAddress;
/*0x00C*/ struct _VI_DEADLOCK_THREAD* ThreadOwner;
/*0x010*/ struct _LIST_ENTRY ResourceList;
union
{
/*0x018*/ struct _LIST_ENTRY HashChainList;
/*0x018*/ struct _LIST_ENTRY FreeListEntry;
};
/*0x020*/ VOID* StackTrace[8];
/*0x040*/ VOID* LastAcquireTrace[8];
/*0x060*/ VOID* LastReleaseTrace[8];
}VI_DEADLOCK_RESOURCE, *PVI_DEADLOCK_RESOURCE;
/*0x000*/ enum _VI_DEADLOCK_RESOURCE_TYPE Type;
struct
{
/*0x004*/ ULONG32 NodeCount : 16;
/*0x004*/ ULONG32 RecursionCount : 16;
};
/*0x008*/ VOID* ResourceAddress;
/*0x00C*/ struct _VI_DEADLOCK_THREAD* ThreadOwner;
/*0x010*/ struct _LIST_ENTRY ResourceList;
union
{
/*0x018*/ struct _LIST_ENTRY HashChainList;
/*0x018*/ struct _LIST_ENTRY FreeListEntry;
};
/*0x020*/ VOID* StackTrace[8];
/*0x040*/ VOID* LastAcquireTrace[8];
/*0x060*/ VOID* LastReleaseTrace[8];
}VI_DEADLOCK_RESOURCE, *PVI_DEADLOCK_RESOURCE;
typedef struct _VI_DEADLOCK_THREAD {
/*0x000*/ struct _KTHREAD* Thread;
/*0x004*/ struct _VI_DEADLOCK_NODE* CurrentSpinNode;
/*0x008*/ struct _VI_DEADLOCK_NODE* CurrentOtherNode;
union
{
/*0x00C*/ struct _LIST_ENTRY ListEntry;
/*0x00C*/ struct _LIST_ENTRY FreeListEntry;
};
/*0x014*/ ULONG32 NodeCount;
/*0x018*/ ULONG32 PagingCount;
}VI_DEADLOCK_THREAD, *PVI_DEADLOCK_THREAD;
/*0x000*/ struct _KTHREAD* Thread;
/*0x004*/ struct _VI_DEADLOCK_NODE* CurrentSpinNode;
/*0x008*/ struct _VI_DEADLOCK_NODE* CurrentOtherNode;
union
{
/*0x00C*/ struct _LIST_ENTRY ListEntry;
/*0x00C*/ struct _LIST_ENTRY FreeListEntry;
};
/*0x014*/ ULONG32 NodeCount;
/*0x018*/ ULONG32 PagingCount;
}VI_DEADLOCK_THREAD, *PVI_DEADLOCK_THREAD;
typedef struct _VI_POOL_ENTRY {
union
{
/*0x000*/ struct _VI_POOL_ENTRY_INUSE InUse;
/*0x000*/ ULONG32 FreeListNext;
};
}VI_POOL_ENTRY, *PVI_POOL_ENTRY;
union
{
/*0x000*/ struct _VI_POOL_ENTRY_INUSE InUse;
/*0x000*/ ULONG32 FreeListNext;
};
}VI_POOL_ENTRY, *PVI_POOL_ENTRY;
typedef struct _WNODE_HEADER {
/*0x000*/ ULONG32 BufferSize;
/*0x004*/ ULONG32 ProviderId;
union
{
/*0x008*/ UINT64 HistoricalContext;
struct
{
/*0x008*/ ULONG32 Version;
/*0x00C*/ ULONG32 Linkage;
};
};
union
{
/*0x010*/ ULONG32 CountLost;
/*0x010*/ VOID* KernelHandle;
/*0x010*/ union _LARGE_INTEGER TimeStamp;
};
/*0x018*/ struct _GUID Guid;
/*0x028*/ ULONG32 ClientContext;
/*0x02C*/ ULONG32 Flags;
}WNODE_HEADER, *PWNODE_HEADER;
/*0x000*/ ULONG32 BufferSize;
/*0x004*/ ULONG32 ProviderId;
union
{
/*0x008*/ UINT64 HistoricalContext;
struct
{
/*0x008*/ ULONG32 Version;
/*0x00C*/ ULONG32 Linkage;
};
};
union
{
/*0x010*/ ULONG32 CountLost;
/*0x010*/ VOID* KernelHandle;
/*0x010*/ union _LARGE_INTEGER TimeStamp;
};
/*0x018*/ struct _GUID Guid;
/*0x028*/ ULONG32 ClientContext;
/*0x02C*/ ULONG32 Flags;
}WNODE_HEADER, *PWNODE_HEADER;
typedef struct _WORK_QUEUE_ITEM {
/*0x000*/ struct _LIST_ENTRY List;
/*0x008*/ PVOID WorkerRoutine;
/*0x00C*/ VOID* Parameter;
}WORK_QUEUE_ITEM, *PWORK_QUEUE_ITEM;
/*0x000*/ struct _LIST_ENTRY List;
/*0x008*/ PVOID WorkerRoutine;
/*0x00C*/ VOID* Parameter;
}WORK_QUEUE_ITEM, *PWORK_QUEUE_ITEM;
typedef struct _CELL_DATA {
union
{
/*0x000*/ struct _CM_KEY_NODE KeyNode;
/*0x000*/ struct _CM_KEY_VALUE KeyValue;
/*0x000*/ struct _CM_KEY_SECURITY KeySecurity;
/*0x000*/ struct _CM_KEY_INDEX KeyIndex;
/*0x000*/ struct _CM_BIG_DATA ValueData;
/*0x000*/ ULONG32 KeyList[1];
/*0x000*/ UINT16 KeyString[1];
}u;
}CELL_DATA, *PCELL_DATA;
union
{
/*0x000*/ struct _CM_KEY_NODE KeyNode;
/*0x000*/ struct _CM_KEY_VALUE KeyValue;
/*0x000*/ struct _CM_KEY_SECURITY KeySecurity;
/*0x000*/ struct _CM_KEY_INDEX KeyIndex;
/*0x000*/ struct _CM_BIG_DATA ValueData;
/*0x000*/ ULONG32 KeyList[1];
/*0x000*/ UINT16 KeyString[1];
}u;
}CELL_DATA, *PCELL_DATA;
typedef struct _CM_FULL_RESOURCE_DESCRIPTOR {
/*0x000*/ enum _INTERFACE_TYPE InterfaceType;
/*0x004*/ ULONG32 BusNumber;
/*0x008*/ struct _CM_PARTIAL_RESOURCE_LIST PartialResourceList;
}CM_FULL_RESOURCE_DESCRIPTOR, *PCM_FULL_RESOURCE_DESCRIPTOR;
/*0x000*/ enum _INTERFACE_TYPE InterfaceType;
/*0x004*/ ULONG32 BusNumber;
/*0x008*/ struct _CM_PARTIAL_RESOURCE_LIST PartialResourceList;
}CM_FULL_RESOURCE_DESCRIPTOR, *PCM_FULL_RESOURCE_DESCRIPTOR;
typedef struct _DBGKD_CONTINUE2 {
/*0x000*/ LONG32 ContinueStatus;
union
{
/*0x004*/ struct _X86_DBGKD_CONTROL_SET ControlSet;
/*0x004*/ struct _DBGKD_ANY_CONTROL_SET AnyControlSet;
};
}DBGKD_CONTINUE2, *PDBGKD_CONTINUE2;
/*0x000*/ LONG32 ContinueStatus;
union
{
/*0x004*/ struct _X86_DBGKD_CONTROL_SET ControlSet;
/*0x004*/ struct _DBGKD_ANY_CONTROL_SET AnyControlSet;
};
}DBGKD_CONTINUE2, *PDBGKD_CONTINUE2;
typedef struct _DEVICE_OBJECT_POWER_EXTENSION {
/*0x000*/ ULONG32 IdleCount;
/*0x004*/ ULONG32 ConservationIdleTime;
/*0x008*/ ULONG32 PerformanceIdleTime;
/*0x00C*/ struct _DEVICE_OBJECT* DeviceObject;
/*0x010*/ struct _LIST_ENTRY IdleList;
/*0x018*/ UINT8 DeviceType;
/*0x019*/ UINT8 _PADDING0_[0x3];
/*0x01C*/ enum _DEVICE_POWER_STATE State;
/*0x020*/ struct _LIST_ENTRY NotifySourceList;
/*0x028*/ struct _LIST_ENTRY NotifyTargetList;
/*0x030*/ struct _POWER_CHANNEL_SUMMARY PowerChannelSummary;
/*0x044*/ struct _LIST_ENTRY Volume;
}DEVICE_OBJECT_POWER_EXTENSION, *PDEVICE_OBJECT_POWER_EXTENSION;
/*0x000*/ ULONG32 IdleCount;
/*0x004*/ ULONG32 ConservationIdleTime;
/*0x008*/ ULONG32 PerformanceIdleTime;
/*0x00C*/ struct _DEVICE_OBJECT* DeviceObject;
/*0x010*/ struct _LIST_ENTRY IdleList;
/*0x018*/ UINT8 DeviceType;
/*0x019*/ UINT8 _PADDING0_[0x3];
/*0x01C*/ enum _DEVICE_POWER_STATE State;
/*0x020*/ struct _LIST_ENTRY NotifySourceList;
/*0x028*/ struct _LIST_ENTRY NotifyTargetList;
/*0x030*/ struct _POWER_CHANNEL_SUMMARY PowerChannelSummary;
/*0x044*/ struct _LIST_ENTRY Volume;
}DEVICE_OBJECT_POWER_EXTENSION, *PDEVICE_OBJECT_POWER_EXTENSION;
typedef struct _DUMP_STACK_CONTEXT {
/*0x000*/ struct _DUMP_INITIALIZATION_CONTEXT Init;
/*0x070*/ union _LARGE_INTEGER PartitionOffset;
/*0x078*/ VOID* DumpPointers;
/*0x07C*/ ULONG32 PointersLength;
/*0x080*/ UINT16* ModulePrefix;
/*0x084*/ struct _LIST_ENTRY DriverList;
/*0x08C*/ struct _STRING InitMsg;
/*0x094*/ struct _STRING ProgMsg;
/*0x09C*/ struct _STRING DoneMsg;
/*0x0A4*/ VOID* FileObject;
/*0x0A8*/ enum _DEVICE_USAGE_NOTIFICATION_TYPE UsageType;
/*0x0AC*/ UINT8 _PADDING0_[0x4];
}DUMP_STACK_CONTEXT, *PDUMP_STACK_CONTEXT;
/*0x000*/ struct _DUMP_INITIALIZATION_CONTEXT Init;
/*0x070*/ union _LARGE_INTEGER PartitionOffset;
/*0x078*/ VOID* DumpPointers;
/*0x07C*/ ULONG32 PointersLength;
/*0x080*/ UINT16* ModulePrefix;
/*0x084*/ struct _LIST_ENTRY DriverList;
/*0x08C*/ struct _STRING InitMsg;
/*0x094*/ struct _STRING ProgMsg;
/*0x09C*/ struct _STRING DoneMsg;
/*0x0A4*/ VOID* FileObject;
/*0x0A8*/ enum _DEVICE_USAGE_NOTIFICATION_TYPE UsageType;
/*0x0AC*/ UINT8 _PADDING0_[0x4];
}DUMP_STACK_CONTEXT, *PDUMP_STACK_CONTEXT;
typedef struct _FILE_GET_QUOTA_INFORMATION {
/*0x000*/ ULONG32 NextEntryOffset;
/*0x004*/ ULONG32 SidLength;
/*0x008*/ struct _SID Sid;
}FILE_GET_QUOTA_INFORMATION, *PFILE_GET_QUOTA_INFORMATION;
/*0x000*/ ULONG32 NextEntryOffset;
/*0x004*/ ULONG32 SidLength;
/*0x008*/ struct _SID Sid;
}FILE_GET_QUOTA_INFORMATION, *PFILE_GET_QUOTA_INFORMATION;
typedef struct _HANDLE_TRACE_DEBUG_INFO {
/*0x000*/ ULONG32 CurrentStackIndex;
/*0x004*/ struct _HANDLE_TRACE_DB_ENTRY TraceDb[4096];
}HANDLE_TRACE_DEBUG_INFO, *PHANDLE_TRACE_DEBUG_INFO;
/*0x000*/ ULONG32 CurrentStackIndex;
/*0x004*/ struct _HANDLE_TRACE_DB_ENTRY TraceDb[4096];
}HANDLE_TRACE_DEBUG_INFO, *PHANDLE_TRACE_DEBUG_INFO;
typedef struct _HEAP_LOCK {
union
{
/*0x000*/ struct _RTL_CRITICAL_SECTION CriticalSection;
/*0x000*/ struct _ERESOURCE Resource;
}Lock;
}HEAP_LOCK, *PHEAP_LOCK;
union
{
/*0x000*/ struct _RTL_CRITICAL_SECTION CriticalSection;
/*0x000*/ struct _ERESOURCE Resource;
}Lock;
}HEAP_LOCK, *PHEAP_LOCK;
typedef struct _HHIVE {
/*0x000*/ ULONG32 Signature;
/*0x004*/ PVOID GetCellRoutine;
/*0x008*/ PVOID ReleaseCellRoutine;
/*0x00C*/ PVOID Allocate;
/*0x010*/ PVOID Free;
/*0x014*/ PVOID FileSetSize;
/*0x018*/ PVOID FileWrite;
/*0x01C*/ PVOID FileRead;
/*0x020*/ PVOID FileFlush;
/*0x024*/ struct _HBASE_BLOCK* BaseBlock;
/*0x028*/ struct _RTL_BITMAP DirtyVector;
/*0x030*/ ULONG32 DirtyCount;
/*0x034*/ ULONG32 DirtyAlloc;
/*0x038*/ UINT8 RealWrites;
/*0x039*/ UINT8 _PADDING0_[0x3];
/*0x03C*/ ULONG32 Cluster;
/*0x040*/ UINT8 Flat;
/*0x041*/ UINT8 ReadOnly;
/*0x042*/ UINT8 Log;
/*0x043*/ UINT8 _PADDING1_[0x1];
/*0x044*/ ULONG32 HiveFlags;
/*0x048*/ ULONG32 LogSize;
/*0x04C*/ ULONG32 RefreshCount;
/*0x050*/ ULONG32 StorageTypeCount;
/*0x054*/ ULONG32 Version;
/*0x058*/ struct _DUAL Storage[2];
}HHIVE, *PHHIVE;
/*0x000*/ ULONG32 Signature;
/*0x004*/ PVOID GetCellRoutine;
/*0x008*/ PVOID ReleaseCellRoutine;
/*0x00C*/ PVOID Allocate;
/*0x010*/ PVOID Free;
/*0x014*/ PVOID FileSetSize;
/*0x018*/ PVOID FileWrite;
/*0x01C*/ PVOID FileRead;
/*0x020*/ PVOID FileFlush;
/*0x024*/ struct _HBASE_BLOCK* BaseBlock;
/*0x028*/ struct _RTL_BITMAP DirtyVector;
/*0x030*/ ULONG32 DirtyCount;
/*0x034*/ ULONG32 DirtyAlloc;
/*0x038*/ UINT8 RealWrites;
/*0x039*/ UINT8 _PADDING0_[0x3];
/*0x03C*/ ULONG32 Cluster;
/*0x040*/ UINT8 Flat;
/*0x041*/ UINT8 ReadOnly;
/*0x042*/ UINT8 Log;
/*0x043*/ UINT8 _PADDING1_[0x1];
/*0x044*/ ULONG32 HiveFlags;
/*0x048*/ ULONG32 LogSize;
/*0x04C*/ ULONG32 RefreshCount;
/*0x050*/ ULONG32 StorageTypeCount;
/*0x054*/ ULONG32 Version;
/*0x058*/ struct _DUAL Storage[2];
}HHIVE, *PHHIVE;
typedef struct _IMAGE_NT_HEADERS {
/*0x000*/ ULONG32 Signature;
/*0x004*/ struct _IMAGE_FILE_HEADER FileHeader;
/*0x018*/ struct _IMAGE_OPTIONAL_HEADER OptionalHeader;
}IMAGE_NT_HEADERS, *PIMAGE_NT_HEADERS;
/*0x000*/ ULONG32 Signature;
/*0x004*/ struct _IMAGE_FILE_HEADER FileHeader;
/*0x018*/ struct _IMAGE_OPTIONAL_HEADER OptionalHeader;
}IMAGE_NT_HEADERS, *PIMAGE_NT_HEADERS;
typedef struct _INITIAL_PRIVILEGE_SET {
/*0x000*/ ULONG32 PrivilegeCount;
/*0x004*/ ULONG32 Control;
/*0x008*/ struct _LUID_AND_ATTRIBUTES Privilege[3];
}INITIAL_PRIVILEGE_SET, *PINITIAL_PRIVILEGE_SET;
/*0x000*/ ULONG32 PrivilegeCount;
/*0x004*/ ULONG32 Control;
/*0x008*/ struct _LUID_AND_ATTRIBUTES Privilege[3];
}INITIAL_PRIVILEGE_SET, *PINITIAL_PRIVILEGE_SET;
typedef struct _IO_RESOURCE_REQUIREMENTS_LIST {
/*0x000*/ ULONG32 ListSize;
/*0x004*/ enum _INTERFACE_TYPE InterfaceType;
/*0x008*/ ULONG32 BusNumber;
/*0x00C*/ ULONG32 SlotNumber;
/*0x010*/ ULONG32 Reserved[3];
/*0x01C*/ ULONG32 AlternativeLists;
/*0x020*/ struct _IO_RESOURCE_LIST List[1];
}IO_RESOURCE_REQUIREMENTS_LIST, *PIO_RESOURCE_REQUIREMENTS_LIST;
/*0x000*/ ULONG32 ListSize;
/*0x004*/ enum _INTERFACE_TYPE InterfaceType;
/*0x008*/ ULONG32 BusNumber;
/*0x00C*/ ULONG32 SlotNumber;
/*0x010*/ ULONG32 Reserved[3];
/*0x01C*/ ULONG32 AlternativeLists;
/*0x020*/ struct _IO_RESOURCE_LIST List[1];
}IO_RESOURCE_REQUIREMENTS_LIST, *PIO_RESOURCE_REQUIREMENTS_LIST;
typedef struct _IRP {
/*0x000*/ INT16 Type;
/*0x002*/ UINT16 Size;
/*0x004*/ struct _MDL* MdlAddress;
/*0x008*/ ULONG32 Flags;
union
{
/*0x00C*/ struct _IRP* MasterIrp;
/*0x00C*/ LONG32 IrpCount;
/*0x00C*/ VOID* SystemBuffer;
}AssociatedIrp;
/*0x010*/ struct _LIST_ENTRY ThreadListEntry;
/*0x018*/ struct _IO_STATUS_BLOCK IoStatus;
/*0x020*/ CHAR RequestorMode;
/*0x021*/ UINT8 PendingReturned;
/*0x022*/ CHAR StackCount;
/*0x023*/ CHAR CurrentLocation;
/*0x024*/ UINT8 Cancel;
/*0x025*/ UINT8 CancelIrql;
/*0x026*/ CHAR ApcEnvironment;
/*0x027*/ UINT8 AllocationFlags;
/*0x028*/ struct _IO_STATUS_BLOCK* UserIosb;
/*0x02C*/ struct _KEVENT* UserEvent;
union
{
struct
{
/*0x030*/ PVOID UserApcRoutine;
/*0x034*/ VOID* UserApcContext;
}AsynchronousParameters;
/*0x030*/ union _LARGE_INTEGER AllocationSize;
}Overlay;
/*0x038*/ PVOID CancelRoutine;
/*0x03C*/ VOID* UserBuffer;
union
{
struct
{
union
{
/*0x040*/ struct _KDEVICE_QUEUE_ENTRY DeviceQueueEntry;
/*0x040*/ VOID* DriverContext[4];
};
/*0x050*/ struct _ETHREAD* Thread;
/*0x054*/ CHAR* AuxiliaryBuffer;
/*0x058*/ struct _LIST_ENTRY ListEntry;
union
{
/*0x060*/ struct _IO_STACK_LOCATION* CurrentStackLocation;
/*0x060*/ ULONG32 PacketType;
};
/*0x064*/ struct _FILE_OBJECT* OriginalFileObject;
}Overlay;
/*0x040*/ struct _KAPC Apc;
/*0x040*/ VOID* CompletionKey;
}Tail;
}IRP, *PIRP;
/*0x000*/ INT16 Type;
/*0x002*/ UINT16 Size;
/*0x004*/ struct _MDL* MdlAddress;
/*0x008*/ ULONG32 Flags;
union
{
/*0x00C*/ struct _IRP* MasterIrp;
/*0x00C*/ LONG32 IrpCount;
/*0x00C*/ VOID* SystemBuffer;
}AssociatedIrp;
/*0x010*/ struct _LIST_ENTRY ThreadListEntry;
/*0x018*/ struct _IO_STATUS_BLOCK IoStatus;
/*0x020*/ CHAR RequestorMode;
/*0x021*/ UINT8 PendingReturned;
/*0x022*/ CHAR StackCount;
/*0x023*/ CHAR CurrentLocation;
/*0x024*/ UINT8 Cancel;
/*0x025*/ UINT8 CancelIrql;
/*0x026*/ CHAR ApcEnvironment;
/*0x027*/ UINT8 AllocationFlags;
/*0x028*/ struct _IO_STATUS_BLOCK* UserIosb;
/*0x02C*/ struct _KEVENT* UserEvent;
union
{
struct
{
/*0x030*/ PVOID UserApcRoutine;
/*0x034*/ VOID* UserApcContext;
}AsynchronousParameters;
/*0x030*/ union _LARGE_INTEGER AllocationSize;
}Overlay;
/*0x038*/ PVOID CancelRoutine;
/*0x03C*/ VOID* UserBuffer;
union
{
struct
{
union
{
/*0x040*/ struct _KDEVICE_QUEUE_ENTRY DeviceQueueEntry;
/*0x040*/ VOID* DriverContext[4];
};
/*0x050*/ struct _ETHREAD* Thread;
/*0x054*/ CHAR* AuxiliaryBuffer;
/*0x058*/ struct _LIST_ENTRY ListEntry;
union
{
/*0x060*/ struct _IO_STACK_LOCATION* CurrentStackLocation;
/*0x060*/ ULONG32 PacketType;
};
/*0x064*/ struct _FILE_OBJECT* OriginalFileObject;
}Overlay;
/*0x040*/ struct _KAPC Apc;
/*0x040*/ VOID* CompletionKey;
}Tail;
}IRP, *PIRP;
typedef struct _KEVENT {
/*0x000*/ struct _DISPATCHER_HEADER Header;
}KEVENT, *PKEVENT;
/*0x000*/ struct _DISPATCHER_HEADER Header;
}KEVENT, *PKEVENT;
typedef struct _KMUTANT {
/*0x000*/ struct _DISPATCHER_HEADER Header;
/*0x010*/ struct _LIST_ENTRY MutantListEntry;
/*0x018*/ struct _KTHREAD* OwnerThread;
/*0x01C*/ UINT8 Abandoned;
/*0x01D*/ UINT8 ApcDisable;
/*0x01E*/ UINT8 _PADDING0_[0x2];
}KMUTANT, *PKMUTANT;
/*0x000*/ struct _DISPATCHER_HEADER Header;
/*0x010*/ struct _LIST_ENTRY MutantListEntry;
/*0x018*/ struct _KTHREAD* OwnerThread;
/*0x01C*/ UINT8 Abandoned;
/*0x01D*/ UINT8 ApcDisable;
/*0x01E*/ UINT8 _PADDING0_[0x2];
}KMUTANT, *PKMUTANT;
typedef struct _KPROCESS {
/*0x000*/ struct _DISPATCHER_HEADER Header;
/*0x010*/ struct _LIST_ENTRY ProfileListHead;
/*0x018*/ ULONG32 DirectoryTableBase[2];
/*0x020*/ struct _KGDTENTRY LdtDescriptor;
/*0x028*/ struct _KIDTENTRY Int21Descriptor;
/*0x030*/ UINT16 IopmOffset;
/*0x032*/ UINT8 Iopl;
/*0x033*/ UINT8 Unused;
/*0x034*/ ULONG32 ActiveProcessors;
/*0x038*/ ULONG32 KernelTime;
/*0x03C*/ ULONG32 UserTime;
/*0x040*/ struct _LIST_ENTRY ReadyListHead;
/*0x048*/ struct _SINGLE_LIST_ENTRY SwapListEntry;
/*0x04C*/ VOID* VdmTrapcHandler;
/*0x050*/ struct _LIST_ENTRY ThreadListHead;
/*0x058*/ ULONG32 ProcessLock;
/*0x05C*/ ULONG32 Affinity;
/*0x060*/ UINT16 StackCount;
/*0x062*/ CHAR BasePriority;
/*0x063*/ CHAR ThreadQuantum;
/*0x064*/ UINT8 AutoAlignment;
/*0x065*/ UINT8 State;
/*0x066*/ UINT8 ThreadSeed;
/*0x067*/ UINT8 DisableBoost;
/*0x068*/ UINT8 PowerState;
/*0x069*/ UINT8 DisableQuantum;
/*0x06A*/ UINT8 IdealNode;
union
{
/*0x06B*/ struct _KEXECUTE_OPTIONS Flags;
/*0x06B*/ UINT8 ExecuteOptions;
};
}KPROCESS, *PKPROCESS;
/*0x000*/ struct _DISPATCHER_HEADER Header;
/*0x010*/ struct _LIST_ENTRY ProfileListHead;
/*0x018*/ ULONG32 DirectoryTableBase[2];
/*0x020*/ struct _KGDTENTRY LdtDescriptor;
/*0x028*/ struct _KIDTENTRY Int21Descriptor;
/*0x030*/ UINT16 IopmOffset;
/*0x032*/ UINT8 Iopl;
/*0x033*/ UINT8 Unused;
/*0x034*/ ULONG32 ActiveProcessors;
/*0x038*/ ULONG32 KernelTime;
/*0x03C*/ ULONG32 UserTime;
/*0x040*/ struct _LIST_ENTRY ReadyListHead;
/*0x048*/ struct _SINGLE_LIST_ENTRY SwapListEntry;
/*0x04C*/ VOID* VdmTrapcHandler;
/*0x050*/ struct _LIST_ENTRY ThreadListHead;
/*0x058*/ ULONG32 ProcessLock;
/*0x05C*/ ULONG32 Affinity;
/*0x060*/ UINT16 StackCount;
/*0x062*/ CHAR BasePriority;
/*0x063*/ CHAR ThreadQuantum;
/*0x064*/ UINT8 AutoAlignment;
/*0x065*/ UINT8 State;
/*0x066*/ UINT8 ThreadSeed;
/*0x067*/ UINT8 DisableBoost;
/*0x068*/ UINT8 PowerState;
/*0x069*/ UINT8 DisableQuantum;
/*0x06A*/ UINT8 IdealNode;
union
{
/*0x06B*/ struct _KEXECUTE_OPTIONS Flags;
/*0x06B*/ UINT8 ExecuteOptions;
};
}KPROCESS, *PKPROCESS;
typedef struct _KPROCESSOR_STATE {
/*0x000*/ struct _CONTEXT ContextFrame;
/*0x2CC*/ struct _KSPECIAL_REGISTERS SpecialRegisters;
}KPROCESSOR_STATE, *PKPROCESSOR_STATE;
/*0x000*/ struct _CONTEXT ContextFrame;
/*0x2CC*/ struct _KSPECIAL_REGISTERS SpecialRegisters;
}KPROCESSOR_STATE, *PKPROCESSOR_STATE;
typedef struct _KQUEUE {
/*0x000*/ struct _DISPATCHER_HEADER Header;
/*0x010*/ struct _LIST_ENTRY EntryListHead;
/*0x018*/ ULONG32 CurrentCount;
/*0x01C*/ ULONG32 MaximumCount;
/*0x020*/ struct _LIST_ENTRY ThreadListHead;
}KQUEUE, *PKQUEUE;
/*0x000*/ struct _DISPATCHER_HEADER Header;
/*0x010*/ struct _LIST_ENTRY EntryListHead;
/*0x018*/ ULONG32 CurrentCount;
/*0x01C*/ ULONG32 MaximumCount;
/*0x020*/ struct _LIST_ENTRY ThreadListHead;
}KQUEUE, *PKQUEUE;
typedef struct _KSEMAPHORE {
/*0x000*/ struct _DISPATCHER_HEADER Header;
/*0x010*/ LONG32 Limit;
}KSEMAPHORE, *PKSEMAPHORE;
/*0x000*/ struct _DISPATCHER_HEADER Header;
/*0x010*/ LONG32 Limit;
}KSEMAPHORE, *PKSEMAPHORE;
typedef struct _KTIMER {
/*0x000*/ struct _DISPATCHER_HEADER Header;
/*0x010*/ union _ULARGE_INTEGER DueTime;
/*0x018*/ struct _LIST_ENTRY TimerListEntry;
/*0x020*/ struct _KDPC* Dpc;
/*0x024*/ LONG32 Period;
}KTIMER, *PKTIMER;
/*0x000*/ struct _DISPATCHER_HEADER Header;
/*0x010*/ union _ULARGE_INTEGER DueTime;
/*0x018*/ struct _LIST_ENTRY TimerListEntry;
/*0x020*/ struct _KDPC* Dpc;
/*0x024*/ LONG32 Period;
}KTIMER, *PKTIMER;
typedef struct _LPCP_MESSAGE {
union
{
/*0x000*/ struct _LIST_ENTRY Entry;
struct
{
/*0x000*/ struct _SINGLE_LIST_ENTRY FreeEntry;
/*0x004*/ ULONG32 Reserved0;
};
};
/*0x008*/ VOID* SenderPort;
/*0x00C*/ struct _ETHREAD* RepliedToThread;
/*0x010*/ VOID* PortContext;
/*0x014*/ UINT8 _PADDING0_[0x4];
/*0x018*/ struct _PORT_MESSAGE Request;
}LPCP_MESSAGE, *PLPCP_MESSAGE;
union
{
/*0x000*/ struct _LIST_ENTRY Entry;
struct
{
/*0x000*/ struct _SINGLE_LIST_ENTRY FreeEntry;
/*0x004*/ ULONG32 Reserved0;
};
};
/*0x008*/ VOID* SenderPort;
/*0x00C*/ struct _ETHREAD* RepliedToThread;
/*0x010*/ VOID* PortContext;
/*0x014*/ UINT8 _PADDING0_[0x4];
/*0x018*/ struct _PORT_MESSAGE Request;
}LPCP_MESSAGE, *PLPCP_MESSAGE;
typedef struct _MBCB {
/*0x000*/ INT16 NodeTypeCode;
/*0x002*/ INT16 NodeIsInZone;
/*0x004*/ ULONG32 PagesToWrite;
/*0x008*/ ULONG32 DirtyPages;
/*0x00C*/ ULONG32 Reserved;
/*0x010*/ struct _LIST_ENTRY BitmapRanges;
/*0x018*/ INT64 ResumeWritePage;
/*0x020*/ struct _BITMAP_RANGE BitmapRange1;
/*0x040*/ struct _BITMAP_RANGE BitmapRange2;
/*0x060*/ struct _BITMAP_RANGE BitmapRange3;
}MBCB, *PMBCB;
/*0x000*/ INT16 NodeTypeCode;
/*0x002*/ INT16 NodeIsInZone;
/*0x004*/ ULONG32 PagesToWrite;
/*0x008*/ ULONG32 DirtyPages;
/*0x00C*/ ULONG32 Reserved;
/*0x010*/ struct _LIST_ENTRY BitmapRanges;
/*0x018*/ INT64 ResumeWritePage;
/*0x020*/ struct _BITMAP_RANGE BitmapRange1;
/*0x040*/ struct _BITMAP_RANGE BitmapRange2;
/*0x060*/ struct _BITMAP_RANGE BitmapRange3;
}MBCB, *PMBCB;
typedef struct _MMBANKED_SECTION {
/*0x000*/ ULONG32 BasePhysicalPage;
/*0x004*/ struct _MMPTE* BasedPte;
/*0x008*/ ULONG32 BankSize;
/*0x00C*/ ULONG32 BankShift;
/*0x010*/ PVOID BankedRoutine;
/*0x014*/ VOID* Context;
/*0x018*/ struct _MMPTE* CurrentMappedPte;
/*0x01C*/ struct _MMPTE BankTemplate[1];
}MMBANKED_SECTION, *PMMBANKED_SECTION;
/*0x000*/ ULONG32 BasePhysicalPage;
/*0x004*/ struct _MMPTE* BasedPte;
/*0x008*/ ULONG32 BankSize;
/*0x00C*/ ULONG32 BankShift;
/*0x010*/ PVOID BankedRoutine;
/*0x014*/ VOID* Context;
/*0x018*/ struct _MMPTE* CurrentMappedPte;
/*0x01C*/ struct _MMPTE BankTemplate[1];
}MMBANKED_SECTION, *PMMBANKED_SECTION;
typedef struct _MMPFN {
union
{
/*0x000*/ ULONG32 Flink;
/*0x000*/ ULONG32 WsIndex;
/*0x000*/ struct _KEVENT* Event;
/*0x000*/ LONG32 ReadStatus;
/*0x000*/ struct _SINGLE_LIST_ENTRY NextStackPfn;
}u1;
/*0x004*/ struct _MMPTE* PteAddress;
union
{
/*0x008*/ ULONG32 Blink;
/*0x008*/ ULONG32 ShareCount;
}u2;
union
{
/*0x00C*/ struct _MMPFNENTRY e1;
struct
{
/*0x00C*/ UINT16 ShortFlags;
/*0x00E*/ UINT16 ReferenceCount;
}e2;
}u3;
/*0x010*/ struct _MMPTE OriginalPte;
union
{
/*0x014*/ ULONG32 EntireFrame;
struct
{
/*0x014*/ ULONG32 PteFrame : 26;
/*0x014*/ ULONG32 InPageError : 1;
/*0x014*/ ULONG32 VerifierAllocation : 1;
/*0x014*/ ULONG32 AweAllocation : 1;
/*0x014*/ ULONG32 LockCharged : 1;
/*0x014*/ ULONG32 KernelStack : 1;
/*0x014*/ ULONG32 Reserved : 1;
};
}u4;
}MMPFN, *PMMPFN;
union
{
/*0x000*/ ULONG32 Flink;
/*0x000*/ ULONG32 WsIndex;
/*0x000*/ struct _KEVENT* Event;
/*0x000*/ LONG32 ReadStatus;
/*0x000*/ struct _SINGLE_LIST_ENTRY NextStackPfn;
}u1;
/*0x004*/ struct _MMPTE* PteAddress;
union
{
/*0x008*/ ULONG32 Blink;
/*0x008*/ ULONG32 ShareCount;
}u2;
union
{
/*0x00C*/ struct _MMPFNENTRY e1;
struct
{
/*0x00C*/ UINT16 ShortFlags;
/*0x00E*/ UINT16 ReferenceCount;
}e2;
}u3;
/*0x010*/ struct _MMPTE OriginalPte;
union
{
/*0x014*/ ULONG32 EntireFrame;
struct
{
/*0x014*/ ULONG32 PteFrame : 26;
/*0x014*/ ULONG32 InPageError : 1;
/*0x014*/ ULONG32 VerifierAllocation : 1;
/*0x014*/ ULONG32 AweAllocation : 1;
/*0x014*/ ULONG32 LockCharged : 1;
/*0x014*/ ULONG32 KernelStack : 1;
/*0x014*/ ULONG32 Reserved : 1;
};
}u4;
}MMPFN, *PMMPFN;
typedef struct _NPAGED_LOOKASIDE_LIST {
/*0x000*/ struct _GENERAL_LOOKASIDE L;
/*0x080*/ ULONG32 Lock__ObsoleteButDoNotDelete;
/*0x084*/ UINT8 _PADDING0_[0x7C];
}NPAGED_LOOKASIDE_LIST, *PNPAGED_LOOKASIDE_LIST;
/*0x000*/ struct _GENERAL_LOOKASIDE L;
/*0x080*/ ULONG32 Lock__ObsoleteButDoNotDelete;
/*0x084*/ UINT8 _PADDING0_[0x7C];
}NPAGED_LOOKASIDE_LIST, *PNPAGED_LOOKASIDE_LIST;
typedef struct _OBJECT_TYPE {
/*0x000*/ struct _ERESOURCE Mutex;
/*0x038*/ struct _LIST_ENTRY TypeList;
/*0x040*/ struct _UNICODE_STRING Name;
/*0x048*/ VOID* DefaultObject;
/*0x04C*/ ULONG32 Index;
/*0x050*/ ULONG32 TotalNumberOfObjects;
/*0x054*/ ULONG32 TotalNumberOfHandles;
/*0x058*/ ULONG32 HighWaterNumberOfObjects;
/*0x05C*/ ULONG32 HighWaterNumberOfHandles;
/*0x060*/ struct _OBJECT_TYPE_INITIALIZER TypeInfo;
/*0x0AC*/ ULONG32 Key;
/*0x0B0*/ struct _ERESOURCE ObjectLocks[4];
}OBJECT_TYPE, *POBJECT_TYPE;
/*0x000*/ struct _ERESOURCE Mutex;
/*0x038*/ struct _LIST_ENTRY TypeList;
/*0x040*/ struct _UNICODE_STRING Name;
/*0x048*/ VOID* DefaultObject;
/*0x04C*/ ULONG32 Index;
/*0x050*/ ULONG32 TotalNumberOfObjects;
/*0x054*/ ULONG32 TotalNumberOfHandles;
/*0x058*/ ULONG32 HighWaterNumberOfObjects;
/*0x05C*/ ULONG32 HighWaterNumberOfHandles;
/*0x060*/ struct _OBJECT_TYPE_INITIALIZER TypeInfo;
/*0x0AC*/ ULONG32 Key;
/*0x0B0*/ struct _ERESOURCE ObjectLocks[4];
}OBJECT_TYPE, *POBJECT_TYPE;
typedef struct _PCI_ARBITER_INSTANCE {
/*0x000*/ struct _PCI_SECONDARY_EXTENSION Header;
/*0x00C*/ struct _PCI_INTERFACE* Interface;
/*0x010*/ struct _PCI_FDO_EXTENSION* BusFdoExtension;
/*0x014*/ UINT16 InstanceName[24];
/*0x044*/ struct _ARBITER_INSTANCE CommonInstance;
}PCI_ARBITER_INSTANCE, *PPCI_ARBITER_INSTANCE;
/*0x000*/ struct _PCI_SECONDARY_EXTENSION Header;
/*0x00C*/ struct _PCI_INTERFACE* Interface;
/*0x010*/ struct _PCI_FDO_EXTENSION* BusFdoExtension;
/*0x014*/ UINT16 InstanceName[24];
/*0x044*/ struct _ARBITER_INSTANCE CommonInstance;
}PCI_ARBITER_INSTANCE, *PPCI_ARBITER_INSTANCE;
//
//refer to ftp://ftp.lna.br/users/cesar/PCI_cdrom/Demos/windows_drivers/detect_flexopt/Klibdrv32.h
//
typedef struct _PCI_COMMON_CONFIG {
/*0x000*/ UINT16 VendorID;
/*0x002*/ UINT16 DeviceID;
/*0x004*/ UINT16 Command;
/*0x006*/ UINT16 Status;
/*0x008*/ UINT8 RevisionID;
/*0x009*/ UINT8 ProgIf;
/*0x00A*/ UINT8 SubClass;
/*0x00B*/ UINT8 BaseClass;
/*0x00C*/ UINT8 CacheLineSize;
/*0x00D*/ UINT8 LatencyTimer;
/*0x00E*/ UINT8 HeaderType;
/*0x00F*/ UINT8 BIST;
union
{
/*0x010*/ struct _PCI_HEADER_TYPE_0 type0;
/*0x010*/ struct _PCI_HEADER_TYPE_1 type1;
/*0x010*/ struct _PCI_HEADER_TYPE_2 type2;
}u;
/*0x040*/ UINT8 DeviceSpecific[192];
}PCI_COMMON_CONFIG, *PPCI_COMMON_CONFIG;
//refer to ftp://ftp.lna.br/users/cesar/PCI_cdrom/Demos/windows_drivers/detect_flexopt/Klibdrv32.h
//
typedef struct _PCI_COMMON_CONFIG {
/*0x000*/ UINT16 VendorID;
/*0x002*/ UINT16 DeviceID;
/*0x004*/ UINT16 Command;
/*0x006*/ UINT16 Status;
/*0x008*/ UINT8 RevisionID;
/*0x009*/ UINT8 ProgIf;
/*0x00A*/ UINT8 SubClass;
/*0x00B*/ UINT8 BaseClass;
/*0x00C*/ UINT8 CacheLineSize;
/*0x00D*/ UINT8 LatencyTimer;
/*0x00E*/ UINT8 HeaderType;
/*0x00F*/ UINT8 BIST;
union
{
/*0x010*/ struct _PCI_HEADER_TYPE_0 type0;
/*0x010*/ struct _PCI_HEADER_TYPE_1 type1;
/*0x010*/ struct _PCI_HEADER_TYPE_2 type2;
}u;
/*0x040*/ UINT8 DeviceSpecific[192];
}PCI_COMMON_CONFIG, *PPCI_COMMON_CONFIG;
typedef struct _PNP_DEVICE_EVENT_ENTRY {
/*0x000*/ struct _LIST_ENTRY ListEntry;
/*0x008*/ ULONG32 Argument;
/*0x00C*/ struct _KEVENT* CallerEvent;
/*0x010*/ PVOID Callback;
/*0x014*/ VOID* Context;
/*0x018*/ enum _PNP_VETO_TYPE* VetoType;
/*0x01C*/ struct _UNICODE_STRING* VetoName;
/*0x020*/ struct _PLUGPLAY_EVENT_BLOCK Data;
}PNP_DEVICE_EVENT_ENTRY, *PPNP_DEVICE_EVENT_ENTRY;
/*0x000*/ struct _LIST_ENTRY ListEntry;
/*0x008*/ ULONG32 Argument;
/*0x00C*/ struct _KEVENT* CallerEvent;
/*0x010*/ PVOID Callback;
/*0x014*/ VOID* Context;
/*0x018*/ enum _PNP_VETO_TYPE* VetoType;
/*0x01C*/ struct _UNICODE_STRING* VetoName;
/*0x020*/ struct _PLUGPLAY_EVENT_BLOCK Data;
}PNP_DEVICE_EVENT_ENTRY, *PPNP_DEVICE_EVENT_ENTRY;
typedef struct _PRIVILEGE_SET {
/*0x000*/ ULONG32 PrivilegeCount;
/*0x004*/ ULONG32 Control;
/*0x008*/ struct _LUID_AND_ATTRIBUTES Privilege[1];
}PRIVILEGE_SET, *PPRIVILEGE_SET;
/*0x000*/ ULONG32 PrivilegeCount;
/*0x004*/ ULONG32 Control;
/*0x008*/ struct _LUID_AND_ATTRIBUTES Privilege[1];
}PRIVILEGE_SET, *PPRIVILEGE_SET;
typedef struct _RTL_USER_PROCESS_PARAMETERS {
/*0x000*/ ULONG32 MaximumLength;
/*0x004*/ ULONG32 Length;
/*0x008*/ ULONG32 Flags;
/*0x00C*/ ULONG32 DebugFlags;
/*0x010*/ VOID* ConsoleHandle;
/*0x014*/ ULONG32 ConsoleFlags;
/*0x018*/ VOID* StandardInput;
/*0x01C*/ VOID* StandardOutput;
/*0x020*/ VOID* StandardError;
/*0x024*/ struct _CURDIR CurrentDirectory;
/*0x030*/ struct _UNICODE_STRING DllPath;
/*0x038*/ struct _UNICODE_STRING ImagePathName;
/*0x040*/ struct _UNICODE_STRING CommandLine;
/*0x048*/ VOID* Environment;
/*0x04C*/ ULONG32 StartingX;
/*0x050*/ ULONG32 StartingY;
/*0x054*/ ULONG32 CountX;
/*0x058*/ ULONG32 CountY;
/*0x05C*/ ULONG32 CountCharsX;
/*0x060*/ ULONG32 CountCharsY;
/*0x064*/ ULONG32 FillAttribute;
/*0x068*/ ULONG32 WindowFlags;
/*0x06C*/ ULONG32 ShowWindowFlags;
/*0x070*/ struct _UNICODE_STRING WindowTitle;
/*0x078*/ struct _UNICODE_STRING DesktopInfo;
/*0x080*/ struct _UNICODE_STRING ShellInfo;
/*0x088*/ struct _UNICODE_STRING RuntimeData;
/*0x090*/ struct _RTL_DRIVE_LETTER_CURDIR CurrentDirectores[32];
}RTL_USER_PROCESS_PARAMETERS, *PRTL_USER_PROCESS_PARAMETERS;
/*0x000*/ ULONG32 MaximumLength;
/*0x004*/ ULONG32 Length;
/*0x008*/ ULONG32 Flags;
/*0x00C*/ ULONG32 DebugFlags;
/*0x010*/ VOID* ConsoleHandle;
/*0x014*/ ULONG32 ConsoleFlags;
/*0x018*/ VOID* StandardInput;
/*0x01C*/ VOID* StandardOutput;
/*0x020*/ VOID* StandardError;
/*0x024*/ struct _CURDIR CurrentDirectory;
/*0x030*/ struct _UNICODE_STRING DllPath;
/*0x038*/ struct _UNICODE_STRING ImagePathName;
/*0x040*/ struct _UNICODE_STRING CommandLine;
/*0x048*/ VOID* Environment;
/*0x04C*/ ULONG32 StartingX;
/*0x050*/ ULONG32 StartingY;
/*0x054*/ ULONG32 CountX;
/*0x058*/ ULONG32 CountY;
/*0x05C*/ ULONG32 CountCharsX;
/*0x060*/ ULONG32 CountCharsY;
/*0x064*/ ULONG32 FillAttribute;
/*0x068*/ ULONG32 WindowFlags;
/*0x06C*/ ULONG32 ShowWindowFlags;
/*0x070*/ struct _UNICODE_STRING WindowTitle;
/*0x078*/ struct _UNICODE_STRING DesktopInfo;
/*0x080*/ struct _UNICODE_STRING ShellInfo;
/*0x088*/ struct _UNICODE_STRING RuntimeData;
/*0x090*/ struct _RTL_DRIVE_LETTER_CURDIR CurrentDirectores[32];
}RTL_USER_PROCESS_PARAMETERS, *PRTL_USER_PROCESS_PARAMETERS;
typedef struct _SEGMENT {
/*0x000*/ struct _CONTROL_AREA* ControlArea;
/*0x004*/ ULONG32 TotalNumberOfPtes;
/*0x008*/ ULONG32 NonExtendedPtes;
/*0x00C*/ ULONG32 WritableUserReferences;
/*0x010*/ UINT64 SizeOfSegment;
/*0x018*/ struct _MMPTE SegmentPteTemplate;
/*0x01C*/ ULONG32 NumberOfCommittedPages;
/*0x020*/ struct _MMEXTEND_INFO* ExtendInfo;
/*0x024*/ VOID* SystemImageBase;
/*0x028*/ VOID* BasedAddress;
union
{
/*0x02C*/ ULONG32 ImageCommitment;
/*0x02C*/ struct _EPROCESS* CreatingProcess;
}u1;
union
{
/*0x030*/ struct _SECTION_IMAGE_INFORMATION* ImageInformation;
/*0x030*/ VOID* FirstMappedVa;
}u2;
/*0x034*/ struct _MMPTE* PrototypePte;
/*0x038*/ struct _MMPTE ThePtes[1];
/*0x03C*/ UINT8 _PADDING0_[0x4];
}SEGMENT, *PSEGMENT;
/*0x000*/ struct _CONTROL_AREA* ControlArea;
/*0x004*/ ULONG32 TotalNumberOfPtes;
/*0x008*/ ULONG32 NonExtendedPtes;
/*0x00C*/ ULONG32 WritableUserReferences;
/*0x010*/ UINT64 SizeOfSegment;
/*0x018*/ struct _MMPTE SegmentPteTemplate;
/*0x01C*/ ULONG32 NumberOfCommittedPages;
/*0x020*/ struct _MMEXTEND_INFO* ExtendInfo;
/*0x024*/ VOID* SystemImageBase;
/*0x028*/ VOID* BasedAddress;
union
{
/*0x02C*/ ULONG32 ImageCommitment;
/*0x02C*/ struct _EPROCESS* CreatingProcess;
}u1;
union
{
/*0x030*/ struct _SECTION_IMAGE_INFORMATION* ImageInformation;
/*0x030*/ VOID* FirstMappedVa;
}u2;
/*0x034*/ struct _MMPTE* PrototypePte;
/*0x038*/ struct _MMPTE ThePtes[1];
/*0x03C*/ UINT8 _PADDING0_[0x4];
}SEGMENT, *PSEGMENT;
typedef struct _SYSTEM_POWER_POLICY {
/*0x000*/ ULONG32 Revision;
/*0x004*/ struct _POWER_ACTION_POLICY PowerButton;
/*0x010*/ struct _POWER_ACTION_POLICY SleepButton;
/*0x01C*/ struct _POWER_ACTION_POLICY LidClose;
/*0x028*/ enum _SYSTEM_POWER_STATE LidOpenWake;
/*0x02C*/ ULONG32 Reserved;
/*0x030*/ struct _POWER_ACTION_POLICY Idle;
/*0x03C*/ ULONG32 IdleTimeout;
/*0x040*/ UINT8 IdleSensitivity;
/*0x041*/ UINT8 DynamicThrottle;
/*0x042*/ UINT8 Spare2[2];
/*0x044*/ enum _SYSTEM_POWER_STATE MinSleep;
/*0x048*/ enum _SYSTEM_POWER_STATE MaxSleep;
/*0x04C*/ enum _SYSTEM_POWER_STATE ReducedLatencySleep;
/*0x050*/ ULONG32 WinLogonFlags;
/*0x054*/ ULONG32 Spare3;
/*0x058*/ ULONG32 DozeS4Timeout;
/*0x05C*/ ULONG32 BroadcastCapacityResolution;
/*0x060*/ struct _SYSTEM_POWER_LEVEL DischargePolicy[4];
/*0x0C0*/ ULONG32 VideoTimeout;
/*0x0C4*/ UINT8 VideoDimDisplay;
/*0x0C5*/ UINT8 _PADDING0_[0x3];
/*0x0C8*/ ULONG32 VideoReserved[3];
/*0x0D4*/ ULONG32 SpindownTimeout;
/*0x0D8*/ UINT8 OptimizeForPower;
/*0x0D9*/ UINT8 FanThrottleTolerance;
/*0x0DA*/ UINT8 ForcedThrottle;
/*0x0DB*/ UINT8 MinThrottle;
/*0x0DC*/ struct _POWER_ACTION_POLICY OverThrottled;
}SYSTEM_POWER_POLICY, *PSYSTEM_POWER_POLICY;
/*0x000*/ ULONG32 Revision;
/*0x004*/ struct _POWER_ACTION_POLICY PowerButton;
/*0x010*/ struct _POWER_ACTION_POLICY SleepButton;
/*0x01C*/ struct _POWER_ACTION_POLICY LidClose;
/*0x028*/ enum _SYSTEM_POWER_STATE LidOpenWake;
/*0x02C*/ ULONG32 Reserved;
/*0x030*/ struct _POWER_ACTION_POLICY Idle;
/*0x03C*/ ULONG32 IdleTimeout;
/*0x040*/ UINT8 IdleSensitivity;
/*0x041*/ UINT8 DynamicThrottle;
/*0x042*/ UINT8 Spare2[2];
/*0x044*/ enum _SYSTEM_POWER_STATE MinSleep;
/*0x048*/ enum _SYSTEM_POWER_STATE MaxSleep;
/*0x04C*/ enum _SYSTEM_POWER_STATE ReducedLatencySleep;
/*0x050*/ ULONG32 WinLogonFlags;
/*0x054*/ ULONG32 Spare3;
/*0x058*/ ULONG32 DozeS4Timeout;
/*0x05C*/ ULONG32 BroadcastCapacityResolution;
/*0x060*/ struct _SYSTEM_POWER_LEVEL DischargePolicy[4];
/*0x0C0*/ ULONG32 VideoTimeout;
/*0x0C4*/ UINT8 VideoDimDisplay;
/*0x0C5*/ UINT8 _PADDING0_[0x3];
/*0x0C8*/ ULONG32 VideoReserved[3];
/*0x0D4*/ ULONG32 SpindownTimeout;
/*0x0D8*/ UINT8 OptimizeForPower;
/*0x0D9*/ UINT8 FanThrottleTolerance;
/*0x0DA*/ UINT8 ForcedThrottle;
/*0x0DB*/ UINT8 MinThrottle;
/*0x0DC*/ struct _POWER_ACTION_POLICY OverThrottled;
}SYSTEM_POWER_POLICY, *PSYSTEM_POWER_POLICY;
typedef struct _TEB {
/*0x000*/ struct _NT_TIB NtTib;
/*0x01C*/ VOID* EnvironmentPointer;
/*0x020*/ struct _CLIENT_ID ClientId;
/*0x028*/ VOID* ActiveRpcHandle;
/*0x02C*/ VOID* ThreadLocalStoragePointer;
/*0x030*/ struct _PEB* ProcessEnvironmentBlock;
/*0x034*/ ULONG32 LastErrorValue;
/*0x038*/ ULONG32 CountOfOwnedCriticalSections;
/*0x03C*/ VOID* CsrClientThread;
/*0x040*/ VOID* Win32ThreadInfo;
/*0x044*/ ULONG32 User32Reserved[26];
/*0x0AC*/ ULONG32 UserReserved[5];
/*0x0C0*/ VOID* WOW32Reserved;
/*0x0C4*/ ULONG32 CurrentLocale;
/*0x0C8*/ ULONG32 FpSoftwareStatusRegister;
/*0x0CC*/ VOID* SystemReserved1[54];
/*0x1A4*/ LONG32 ExceptionCode;
/*0x1A8*/ struct _ACTIVATION_CONTEXT_STACK ActivationContextStack;
/*0x1BC*/ UINT8 SpareBytes1[24];
/*0x1D4*/ struct _GDI_TEB_BATCH GdiTebBatch;
/*0x6B4*/ struct _CLIENT_ID RealClientId;
/*0x6BC*/ VOID* GdiCachedProcessHandle;
/*0x6C0*/ ULONG32 GdiClientPID;
/*0x6C4*/ ULONG32 GdiClientTID;
/*0x6C8*/ VOID* GdiThreadLocalInfo;
/*0x6CC*/ ULONG32 Win32ClientInfo[62];
/*0x7C4*/ VOID* glDispatchTable[233];
/*0xB68*/ ULONG32 glReserved1[29];
/*0xBDC*/ VOID* glReserved2;
/*0xBE0*/ VOID* glSectionInfo;
/*0xBE4*/ VOID* glSection;
/*0xBE8*/ VOID* glTable;
/*0xBEC*/ VOID* glCurrentRC;
/*0xBF0*/ VOID* glContext;
/*0xBF4*/ ULONG32 LastStatusValue;
/*0xBF8*/ struct _UNICODE_STRING StaticUnicodeString;
/*0xC00*/ UINT16 StaticUnicodeBuffer[261];
/*0xE0A*/ UINT8 _PADDING0_[0x2];
/*0xE0C*/ VOID* DeallocationStack;
/*0xE10*/ VOID* TlsSlots[64];
/*0xF10*/ struct _LIST_ENTRY TlsLinks;
/*0xF18*/ VOID* Vdm;
/*0xF1C*/ VOID* ReservedForNtRpc;
/*0xF20*/ VOID* DbgSsReserved[2];
/*0xF28*/ ULONG32 HardErrorsAreDisabled;
/*0xF2C*/ VOID* Instrumentation[16];
/*0xF6C*/ VOID* WinSockData;
/*0xF70*/ ULONG32 GdiBatchCount;
/*0xF74*/ UINT8 InDbgPrint;
/*0xF75*/ UINT8 FreeStackOnTermination;
/*0xF76*/ UINT8 HasFiberData;
/*0xF77*/ UINT8 IdealProcessor;
/*0xF78*/ ULONG32 Spare3;
/*0xF7C*/ VOID* ReservedForPerf;
/*0xF80*/ VOID* ReservedForOle;
/*0xF84*/ ULONG32 WaitingOnLoaderLock;
/*0xF88*/ struct _Wx86ThreadState Wx86Thread;
/*0xF94*/ VOID** TlsExpansionSlots;
/*0xF98*/ ULONG32 ImpersonationLocale;
/*0xF9C*/ ULONG32 IsImpersonating;
/*0xFA0*/ VOID* NlsCache;
/*0xFA4*/ VOID* pShimData;
/*0xFA8*/ ULONG32 HeapVirtualAffinity;
/*0xFAC*/ VOID* CurrentTransactionHandle;
/*0xFB0*/ struct _TEB_ACTIVE_FRAME* ActiveFrame;
/*0xFB4*/ UINT8 SafeThunkCall;
/*0xFB5*/ UINT8 BooleanSpare[3];
}TEB, *PTEB;
/*0x000*/ struct _NT_TIB NtTib;
/*0x01C*/ VOID* EnvironmentPointer;
/*0x020*/ struct _CLIENT_ID ClientId;
/*0x028*/ VOID* ActiveRpcHandle;
/*0x02C*/ VOID* ThreadLocalStoragePointer;
/*0x030*/ struct _PEB* ProcessEnvironmentBlock;
/*0x034*/ ULONG32 LastErrorValue;
/*0x038*/ ULONG32 CountOfOwnedCriticalSections;
/*0x03C*/ VOID* CsrClientThread;
/*0x040*/ VOID* Win32ThreadInfo;
/*0x044*/ ULONG32 User32Reserved[26];
/*0x0AC*/ ULONG32 UserReserved[5];
/*0x0C0*/ VOID* WOW32Reserved;
/*0x0C4*/ ULONG32 CurrentLocale;
/*0x0C8*/ ULONG32 FpSoftwareStatusRegister;
/*0x0CC*/ VOID* SystemReserved1[54];
/*0x1A4*/ LONG32 ExceptionCode;
/*0x1A8*/ struct _ACTIVATION_CONTEXT_STACK ActivationContextStack;
/*0x1BC*/ UINT8 SpareBytes1[24];
/*0x1D4*/ struct _GDI_TEB_BATCH GdiTebBatch;
/*0x6B4*/ struct _CLIENT_ID RealClientId;
/*0x6BC*/ VOID* GdiCachedProcessHandle;
/*0x6C0*/ ULONG32 GdiClientPID;
/*0x6C4*/ ULONG32 GdiClientTID;
/*0x6C8*/ VOID* GdiThreadLocalInfo;
/*0x6CC*/ ULONG32 Win32ClientInfo[62];
/*0x7C4*/ VOID* glDispatchTable[233];
/*0xB68*/ ULONG32 glReserved1[29];
/*0xBDC*/ VOID* glReserved2;
/*0xBE0*/ VOID* glSectionInfo;
/*0xBE4*/ VOID* glSection;
/*0xBE8*/ VOID* glTable;
/*0xBEC*/ VOID* glCurrentRC;
/*0xBF0*/ VOID* glContext;
/*0xBF4*/ ULONG32 LastStatusValue;
/*0xBF8*/ struct _UNICODE_STRING StaticUnicodeString;
/*0xC00*/ UINT16 StaticUnicodeBuffer[261];
/*0xE0A*/ UINT8 _PADDING0_[0x2];
/*0xE0C*/ VOID* DeallocationStack;
/*0xE10*/ VOID* TlsSlots[64];
/*0xF10*/ struct _LIST_ENTRY TlsLinks;
/*0xF18*/ VOID* Vdm;
/*0xF1C*/ VOID* ReservedForNtRpc;
/*0xF20*/ VOID* DbgSsReserved[2];
/*0xF28*/ ULONG32 HardErrorsAreDisabled;
/*0xF2C*/ VOID* Instrumentation[16];
/*0xF6C*/ VOID* WinSockData;
/*0xF70*/ ULONG32 GdiBatchCount;
/*0xF74*/ UINT8 InDbgPrint;
/*0xF75*/ UINT8 FreeStackOnTermination;
/*0xF76*/ UINT8 HasFiberData;
/*0xF77*/ UINT8 IdealProcessor;
/*0xF78*/ ULONG32 Spare3;
/*0xF7C*/ VOID* ReservedForPerf;
/*0xF80*/ VOID* ReservedForOle;
/*0xF84*/ ULONG32 WaitingOnLoaderLock;
/*0xF88*/ struct _Wx86ThreadState Wx86Thread;
/*0xF94*/ VOID** TlsExpansionSlots;
/*0xF98*/ ULONG32 ImpersonationLocale;
/*0xF9C*/ ULONG32 IsImpersonating;
/*0xFA0*/ VOID* NlsCache;
/*0xFA4*/ VOID* pShimData;
/*0xFA8*/ ULONG32 HeapVirtualAffinity;
/*0xFAC*/ VOID* CurrentTransactionHandle;
/*0xFB0*/ struct _TEB_ACTIVE_FRAME* ActiveFrame;
/*0xFB4*/ UINT8 SafeThunkCall;
/*0xFB5*/ UINT8 BooleanSpare[3];
}TEB, *PTEB;
typedef struct _TOKEN {
/*0x000*/ struct _TOKEN_SOURCE TokenSource;
/*0x010*/ struct _LUID TokenId;
/*0x018*/ struct _LUID AuthenticationId;
/*0x020*/ struct _LUID ParentTokenId;
/*0x028*/ union _LARGE_INTEGER ExpirationTime;
/*0x030*/ struct _ERESOURCE* TokenLock;
/*0x034*/ UINT8 _PADDING0_[0x4];
/*0x038*/ struct _SEP_AUDIT_POLICY AuditPolicy;
/*0x040*/ struct _LUID ModifiedId;
/*0x048*/ ULONG32 SessionId;
/*0x04C*/ ULONG32 UserAndGroupCount;
/*0x050*/ ULONG32 RestrictedSidCount;
/*0x054*/ ULONG32 PrivilegeCount;
/*0x058*/ ULONG32 VariableLength;
/*0x05C*/ ULONG32 DynamicCharged;
/*0x060*/ ULONG32 DynamicAvailable;
/*0x064*/ ULONG32 DefaultOwnerIndex;
/*0x068*/ struct _SID_AND_ATTRIBUTES* UserAndGroups;
/*0x06C*/ struct _SID_AND_ATTRIBUTES* RestrictedSids;
/*0x070*/ VOID* PrimaryGroup;
/*0x074*/ struct _LUID_AND_ATTRIBUTES* Privileges;
/*0x078*/ ULONG32* DynamicPart;
/*0x07C*/ struct _ACL* DefaultDacl;
/*0x080*/ enum _TOKEN_TYPE TokenType;
/*0x084*/ enum _SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
/*0x088*/ ULONG32 TokenFlags;
/*0x08C*/ UINT8 TokenInUse;
/*0x08D*/ UINT8 _PADDING1_[0x3];
/*0x090*/ struct _SECURITY_TOKEN_PROXY_DATA* ProxyData;
/*0x094*/ struct _SECURITY_TOKEN_AUDIT_DATA* AuditData;
/*0x098*/ struct _LUID OriginatingLogonSession;
/*0x0A0*/ ULONG32 VariablePart;
/*0x0A4*/ UINT8 _PADDING2_[0x4];
}TOKEN, *PTOKEN;
/*0x000*/ struct _TOKEN_SOURCE TokenSource;
/*0x010*/ struct _LUID TokenId;
/*0x018*/ struct _LUID AuthenticationId;
/*0x020*/ struct _LUID ParentTokenId;
/*0x028*/ union _LARGE_INTEGER ExpirationTime;
/*0x030*/ struct _ERESOURCE* TokenLock;
/*0x034*/ UINT8 _PADDING0_[0x4];
/*0x038*/ struct _SEP_AUDIT_POLICY AuditPolicy;
/*0x040*/ struct _LUID ModifiedId;
/*0x048*/ ULONG32 SessionId;
/*0x04C*/ ULONG32 UserAndGroupCount;
/*0x050*/ ULONG32 RestrictedSidCount;
/*0x054*/ ULONG32 PrivilegeCount;
/*0x058*/ ULONG32 VariableLength;
/*0x05C*/ ULONG32 DynamicCharged;
/*0x060*/ ULONG32 DynamicAvailable;
/*0x064*/ ULONG32 DefaultOwnerIndex;
/*0x068*/ struct _SID_AND_ATTRIBUTES* UserAndGroups;
/*0x06C*/ struct _SID_AND_ATTRIBUTES* RestrictedSids;
/*0x070*/ VOID* PrimaryGroup;
/*0x074*/ struct _LUID_AND_ATTRIBUTES* Privileges;
/*0x078*/ ULONG32* DynamicPart;
/*0x07C*/ struct _ACL* DefaultDacl;
/*0x080*/ enum _TOKEN_TYPE TokenType;
/*0x084*/ enum _SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
/*0x088*/ ULONG32 TokenFlags;
/*0x08C*/ UINT8 TokenInUse;
/*0x08D*/ UINT8 _PADDING1_[0x3];
/*0x090*/ struct _SECURITY_TOKEN_PROXY_DATA* ProxyData;
/*0x094*/ struct _SECURITY_TOKEN_AUDIT_DATA* AuditData;
/*0x098*/ struct _LUID OriginatingLogonSession;
/*0x0A0*/ ULONG32 VariablePart;
/*0x0A4*/ UINT8 _PADDING2_[0x4];
}TOKEN, *PTOKEN;
typedef struct _TOKEN_CONTROL {
/*0x000*/ struct _LUID TokenId;
/*0x008*/ struct _LUID AuthenticationId;
/*0x010*/ struct _LUID ModifiedId;
/*0x018*/ struct _TOKEN_SOURCE TokenSource;
}TOKEN_CONTROL, *PTOKEN_CONTROL;
/*0x000*/ struct _LUID TokenId;
/*0x008*/ struct _LUID AuthenticationId;
/*0x010*/ struct _LUID ModifiedId;
/*0x018*/ struct _TOKEN_SOURCE TokenSource;
}TOKEN_CONTROL, *PTOKEN_CONTROL;
typedef struct _WAIT_CONTEXT_BLOCK {
/*0x000*/ struct _KDEVICE_QUEUE_ENTRY WaitQueueEntry;
/*0x010*/ PVOID DeviceRoutine;
/*0x014*/ VOID* DeviceContext;
/*0x018*/ ULONG32 NumberOfMapRegisters;
/*0x01C*/ VOID* DeviceObject;
/*0x020*/ VOID* CurrentIrp;
/*0x024*/ struct _KDPC* BufferChainingDpc;
}WAIT_CONTEXT_BLOCK, *PWAIT_CONTEXT_BLOCK;
/*0x000*/ struct _KDEVICE_QUEUE_ENTRY WaitQueueEntry;
/*0x010*/ PVOID DeviceRoutine;
/*0x014*/ VOID* DeviceContext;
/*0x018*/ ULONG32 NumberOfMapRegisters;
/*0x01C*/ VOID* DeviceObject;
/*0x020*/ VOID* CurrentIrp;
/*0x024*/ struct _KDPC* BufferChainingDpc;
}WAIT_CONTEXT_BLOCK, *PWAIT_CONTEXT_BLOCK;
typedef struct _WMI_BUFFER_HEADER {
union
{
/*0x000*/ struct _WNODE_HEADER Wnode;
struct
{
/*0x000*/ UINT64 Reserved1;
/*0x008*/ UINT64 Reserved2;
/*0x010*/ union _LARGE_INTEGER Reserved3;
union
{
struct
{
/*0x018*/ VOID* Alignment;
/*0x01C*/ struct _SINGLE_LIST_ENTRY SlistEntry;
};
/*0x018*/ struct _LIST_ENTRY Entry;
};
};
struct
{
/*0x000*/ LONG32 ReferenceCount;
/*0x004*/ ULONG32 SavedOffset;
/*0x008*/ ULONG32 CurrentOffset;
/*0x00C*/ ULONG32 UsePerfClock;
/*0x010*/ union _LARGE_INTEGER TimeStamp;
/*0x018*/ struct _GUID Guid;
/*0x028*/ struct _WMI_CLIENT_CONTEXT ClientContext;
union
{
/*0x02C*/ struct _WMI_BUFFER_STATE State;
/*0x02C*/ ULONG32 Flags;
};
};
};
/*0x030*/ ULONG32 Offset;
/*0x034*/ ULONG32 EventsLost;
union
{
/*0x038*/ struct _GUID InstanceGuid;
struct
{
/*0x038*/ VOID* LoggerContext;
/*0x03C*/ struct _SINGLE_LIST_ENTRY GlobalEntry;
/*0x040*/ UINT8 _PADDING0_[0x8];
};
};
}WMI_BUFFER_HEADER, *PWMI_BUFFER_HEADER;
union
{
/*0x000*/ struct _WNODE_HEADER Wnode;
struct
{
/*0x000*/ UINT64 Reserved1;
/*0x008*/ UINT64 Reserved2;
/*0x010*/ union _LARGE_INTEGER Reserved3;
union
{
struct
{
/*0x018*/ VOID* Alignment;
/*0x01C*/ struct _SINGLE_LIST_ENTRY SlistEntry;
};
/*0x018*/ struct _LIST_ENTRY Entry;
};
};
struct
{
/*0x000*/ LONG32 ReferenceCount;
/*0x004*/ ULONG32 SavedOffset;
/*0x008*/ ULONG32 CurrentOffset;
/*0x00C*/ ULONG32 UsePerfClock;
/*0x010*/ union _LARGE_INTEGER TimeStamp;
/*0x018*/ struct _GUID Guid;
/*0x028*/ struct _WMI_CLIENT_CONTEXT ClientContext;
union
{
/*0x02C*/ struct _WMI_BUFFER_STATE State;
/*0x02C*/ ULONG32 Flags;
};
};
};
/*0x030*/ ULONG32 Offset;
/*0x034*/ ULONG32 EventsLost;
union
{
/*0x038*/ struct _GUID InstanceGuid;
struct
{
/*0x038*/ VOID* LoggerContext;
/*0x03C*/ struct _SINGLE_LIST_ENTRY GlobalEntry;
/*0x040*/ UINT8 _PADDING0_[0x8];
};
};
}WMI_BUFFER_HEADER, *PWMI_BUFFER_HEADER;
typedef struct _ACCESS_STATE {
/*0x000*/ struct _LUID OperationID;
/*0x008*/ UINT8 SecurityEvaluated;
/*0x009*/ UINT8 GenerateAudit;
/*0x00A*/ UINT8 GenerateOnClose;
/*0x00B*/ UINT8 PrivilegesAllocated;
/*0x00C*/ ULONG32 Flags;
/*0x010*/ ULONG32 RemainingDesiredAccess;
/*0x014*/ ULONG32 PreviouslyGrantedAccess;
/*0x018*/ ULONG32 OriginalDesiredAccess;
/*0x01C*/ struct _SECURITY_SUBJECT_CONTEXT SubjectSecurityContext;
/*0x02C*/ VOID* SecurityDescriptor;
/*0x030*/ VOID* AuxData;
union
{
/*0x034*/ struct _INITIAL_PRIVILEGE_SET InitialPrivilegeSet;
/*0x034*/ struct _PRIVILEGE_SET PrivilegeSet;
}Privileges;
/*0x060*/ UINT8 AuditPrivileges;
/*0x061*/ UINT8 _PADDING0_[0x3];
/*0x064*/ struct _UNICODE_STRING ObjectName;
/*0x06C*/ struct _UNICODE_STRING ObjectTypeName;
}ACCESS_STATE, *PACCESS_STATE;
typedef struct _CACHE_UNINITIALIZE_EVENT {
/*0x000*/ struct _CACHE_UNINITIALIZE_EVENT* Next;
/*0x004*/ struct _KEVENT Event;
}CACHE_UNINITIALIZE_EVENT, *PCACHE_UNINITIALIZE_EVENT;
/*0x000*/ struct _CACHE_UNINITIALIZE_EVENT* Next;
/*0x004*/ struct _KEVENT Event;
}CACHE_UNINITIALIZE_EVENT, *PCACHE_UNINITIALIZE_EVENT;
typedef struct _CMHIVE {
/*0x000*/ struct _HHIVE Hive;
/*0x210*/ VOID* FileHandles[3];
/*0x21C*/ struct _LIST_ENTRY NotifyList;
/*0x224*/ struct _LIST_ENTRY HiveList;
/*0x22C*/ struct _FAST_MUTEX* HiveLock;
/*0x230*/ struct _FAST_MUTEX* ViewLock;
/*0x234*/ struct _LIST_ENTRY LRUViewListHead;
/*0x23C*/ struct _LIST_ENTRY PinViewListHead;
/*0x244*/ struct _FILE_OBJECT* FileObject;
/*0x248*/ struct _UNICODE_STRING FileFullPath;
/*0x250*/ struct _UNICODE_STRING FileUserName;
/*0x258*/ UINT16 MappedViews;
/*0x25A*/ UINT16 PinnedViews;
/*0x25C*/ ULONG32 UseCount;
/*0x260*/ ULONG32 SecurityCount;
/*0x264*/ ULONG32 SecurityCacheSize;
/*0x268*/ LONG32 SecurityHitHint;
/*0x26C*/ struct _CM_KEY_SECURITY_CACHE_ENTRY* SecurityCache;
/*0x270*/ struct _LIST_ENTRY SecurityHash[64];
/*0x470*/ struct _KEVENT* UnloadEvent;
/*0x474*/ struct _CM_KEY_CONTROL_BLOCK* RootKcb;
/*0x478*/ UINT8 Frozen;
/*0x479*/ UINT8 _PADDING0_[0x3];
/*0x47C*/ struct _WORK_QUEUE_ITEM* UnloadWorkItem;
/*0x480*/ UINT8 GrowOnlyMode;
/*0x481*/ UINT8 _PADDING1_[0x3];
/*0x484*/ ULONG32 GrowOffset;
/*0x488*/ struct _LIST_ENTRY KcbConvertListHead;
/*0x490*/ struct _LIST_ENTRY KnodeConvertListHead;
/*0x498*/ struct _CM_CELL_REMAP_BLOCK* CellRemapArray;
}CMHIVE, *PCMHIVE;
/*0x000*/ struct _HHIVE Hive;
/*0x210*/ VOID* FileHandles[3];
/*0x21C*/ struct _LIST_ENTRY NotifyList;
/*0x224*/ struct _LIST_ENTRY HiveList;
/*0x22C*/ struct _FAST_MUTEX* HiveLock;
/*0x230*/ struct _FAST_MUTEX* ViewLock;
/*0x234*/ struct _LIST_ENTRY LRUViewListHead;
/*0x23C*/ struct _LIST_ENTRY PinViewListHead;
/*0x244*/ struct _FILE_OBJECT* FileObject;
/*0x248*/ struct _UNICODE_STRING FileFullPath;
/*0x250*/ struct _UNICODE_STRING FileUserName;
/*0x258*/ UINT16 MappedViews;
/*0x25A*/ UINT16 PinnedViews;
/*0x25C*/ ULONG32 UseCount;
/*0x260*/ ULONG32 SecurityCount;
/*0x264*/ ULONG32 SecurityCacheSize;
/*0x268*/ LONG32 SecurityHitHint;
/*0x26C*/ struct _CM_KEY_SECURITY_CACHE_ENTRY* SecurityCache;
/*0x270*/ struct _LIST_ENTRY SecurityHash[64];
/*0x470*/ struct _KEVENT* UnloadEvent;
/*0x474*/ struct _CM_KEY_CONTROL_BLOCK* RootKcb;
/*0x478*/ UINT8 Frozen;
/*0x479*/ UINT8 _PADDING0_[0x3];
/*0x47C*/ struct _WORK_QUEUE_ITEM* UnloadWorkItem;
/*0x480*/ UINT8 GrowOnlyMode;
/*0x481*/ UINT8 _PADDING1_[0x3];
/*0x484*/ ULONG32 GrowOffset;
/*0x488*/ struct _LIST_ENTRY KcbConvertListHead;
/*0x490*/ struct _LIST_ENTRY KnodeConvertListHead;
/*0x498*/ struct _CM_CELL_REMAP_BLOCK* CellRemapArray;
}CMHIVE, *PCMHIVE;
typedef struct _CM_CACHED_VALUE_INDEX {
/*0x000*/ ULONG32 CellIndex;
union
{
/*0x004*/ struct _CELL_DATA CellData;
/*0x004*/ ULONG32 List[1];
}Data;
}CM_CACHED_VALUE_INDEX, *PCM_CACHED_VALUE_INDEX;
/*0x000*/ ULONG32 CellIndex;
union
{
/*0x004*/ struct _CELL_DATA CellData;
/*0x004*/ ULONG32 List[1];
}Data;
}CM_CACHED_VALUE_INDEX, *PCM_CACHED_VALUE_INDEX;
typedef struct _CM_RESOURCE_LIST {
/*0x000*/ ULONG32 Count;
/*0x004*/ struct _CM_FULL_RESOURCE_DESCRIPTOR List[1];
}CM_RESOURCE_LIST, *PCM_RESOURCE_LIST;
/*0x000*/ ULONG32 Count;
/*0x004*/ struct _CM_FULL_RESOURCE_DESCRIPTOR List[1];
}CM_RESOURCE_LIST, *PCM_RESOURCE_LIST;
typedef struct _DBGKD_MANIPULATE_STATE32 {
/*0x000*/ ULONG32 ApiNumber;
/*0x004*/ UINT16 ProcessorLevel;
/*0x006*/ UINT16 Processor;
/*0x008*/ LONG32 ReturnStatus;
union
{
/*0x00C*/ struct _DBGKD_READ_MEMORY32 ReadMemory;
/*0x00C*/ struct _DBGKD_WRITE_MEMORY32 WriteMemory;
/*0x00C*/ struct _DBGKD_READ_MEMORY64 ReadMemory64;
/*0x00C*/ struct _DBGKD_WRITE_MEMORY64 WriteMemory64;
/*0x00C*/ struct _DBGKD_GET_CONTEXT GetContext;
/*0x00C*/ struct _DBGKD_SET_CONTEXT SetContext;
/*0x00C*/ struct _DBGKD_WRITE_BREAKPOINT32 WriteBreakPoint;
/*0x00C*/ struct _DBGKD_RESTORE_BREAKPOINT RestoreBreakPoint;
/*0x00C*/ struct _DBGKD_CONTINUE Continue;
/*0x00C*/ struct _DBGKD_CONTINUE2 Continue2;
/*0x00C*/ struct _DBGKD_READ_WRITE_IO32 ReadWriteIo;
/*0x00C*/ struct _DBGKD_READ_WRITE_IO_EXTENDED32 ReadWriteIoExtended;
/*0x00C*/ struct _DBGKD_QUERY_SPECIAL_CALLS QuerySpecialCalls;
/*0x00C*/ struct _DBGKD_SET_SPECIAL_CALL32 SetSpecialCall;
/*0x00C*/ struct _DBGKD_SET_INTERNAL_BREAKPOINT32 SetInternalBreakpoint;
/*0x00C*/ struct _DBGKD_GET_INTERNAL_BREAKPOINT32 GetInternalBreakpoint;
/*0x00C*/ struct _DBGKD_GET_VERSION32 GetVersion32;
/*0x00C*/ struct _DBGKD_BREAKPOINTEX BreakPointEx;
/*0x00C*/ struct _DBGKD_READ_WRITE_MSR ReadWriteMsr;
/*0x00C*/ struct _DBGKD_SEARCH_MEMORY SearchMemory;
}u;
}DBGKD_MANIPULATE_STATE32, *PDBGKD_MANIPULATE_STATE32;
/*0x000*/ ULONG32 ApiNumber;
/*0x004*/ UINT16 ProcessorLevel;
/*0x006*/ UINT16 Processor;
/*0x008*/ LONG32 ReturnStatus;
union
{
/*0x00C*/ struct _DBGKD_READ_MEMORY32 ReadMemory;
/*0x00C*/ struct _DBGKD_WRITE_MEMORY32 WriteMemory;
/*0x00C*/ struct _DBGKD_READ_MEMORY64 ReadMemory64;
/*0x00C*/ struct _DBGKD_WRITE_MEMORY64 WriteMemory64;
/*0x00C*/ struct _DBGKD_GET_CONTEXT GetContext;
/*0x00C*/ struct _DBGKD_SET_CONTEXT SetContext;
/*0x00C*/ struct _DBGKD_WRITE_BREAKPOINT32 WriteBreakPoint;
/*0x00C*/ struct _DBGKD_RESTORE_BREAKPOINT RestoreBreakPoint;
/*0x00C*/ struct _DBGKD_CONTINUE Continue;
/*0x00C*/ struct _DBGKD_CONTINUE2 Continue2;
/*0x00C*/ struct _DBGKD_READ_WRITE_IO32 ReadWriteIo;
/*0x00C*/ struct _DBGKD_READ_WRITE_IO_EXTENDED32 ReadWriteIoExtended;
/*0x00C*/ struct _DBGKD_QUERY_SPECIAL_CALLS QuerySpecialCalls;
/*0x00C*/ struct _DBGKD_SET_SPECIAL_CALL32 SetSpecialCall;
/*0x00C*/ struct _DBGKD_SET_INTERNAL_BREAKPOINT32 SetInternalBreakpoint;
/*0x00C*/ struct _DBGKD_GET_INTERNAL_BREAKPOINT32 GetInternalBreakpoint;
/*0x00C*/ struct _DBGKD_GET_VERSION32 GetVersion32;
/*0x00C*/ struct _DBGKD_BREAKPOINTEX BreakPointEx;
/*0x00C*/ struct _DBGKD_READ_WRITE_MSR ReadWriteMsr;
/*0x00C*/ struct _DBGKD_SEARCH_MEMORY SearchMemory;
}u;
}DBGKD_MANIPULATE_STATE32, *PDBGKD_MANIPULATE_STATE32;
typedef struct _DBGKD_MANIPULATE_STATE64 {
/*0x000*/ ULONG32 ApiNumber;
/*0x004*/ UINT16 ProcessorLevel;
/*0x006*/ UINT16 Processor;
/*0x008*/ LONG32 ReturnStatus;
/*0x00C*/ UINT8 _PADDING0_[0x4];
union
{
/*0x010*/ struct _DBGKD_READ_MEMORY64 ReadMemory;
/*0x010*/ struct _DBGKD_WRITE_MEMORY64 WriteMemory;
/*0x010*/ struct _DBGKD_GET_CONTEXT GetContext;
/*0x010*/ struct _DBGKD_SET_CONTEXT SetContext;
/*0x010*/ struct _DBGKD_WRITE_BREAKPOINT64 WriteBreakPoint;
/*0x010*/ struct _DBGKD_RESTORE_BREAKPOINT RestoreBreakPoint;
/*0x010*/ struct _DBGKD_CONTINUE Continue;
/*0x010*/ struct _DBGKD_CONTINUE2 Continue2;
/*0x010*/ struct _DBGKD_READ_WRITE_IO64 ReadWriteIo;
/*0x010*/ struct _DBGKD_READ_WRITE_IO_EXTENDED64 ReadWriteIoExtended;
/*0x010*/ struct _DBGKD_QUERY_SPECIAL_CALLS QuerySpecialCalls;
/*0x010*/ struct _DBGKD_SET_SPECIAL_CALL64 SetSpecialCall;
/*0x010*/ struct _DBGKD_SET_INTERNAL_BREAKPOINT64 SetInternalBreakpoint;
/*0x010*/ struct _DBGKD_GET_INTERNAL_BREAKPOINT64 GetInternalBreakpoint;
/*0x010*/ struct _DBGKD_GET_VERSION64 GetVersion64;
/*0x010*/ struct _DBGKD_BREAKPOINTEX BreakPointEx;
/*0x010*/ struct _DBGKD_READ_WRITE_MSR ReadWriteMsr;
/*0x010*/ struct _DBGKD_SEARCH_MEMORY SearchMemory;
/*0x010*/ struct _DBGKD_GET_SET_BUS_DATA GetSetBusData;
/*0x010*/ struct _DBGKD_FILL_MEMORY FillMemory;
/*0x010*/ struct _DBGKD_QUERY_MEMORY QueryMemory;
}u;
}DBGKD_MANIPULATE_STATE64, *PDBGKD_MANIPULATE_STATE64;
/*0x000*/ ULONG32 ApiNumber;
/*0x004*/ UINT16 ProcessorLevel;
/*0x006*/ UINT16 Processor;
/*0x008*/ LONG32 ReturnStatus;
/*0x00C*/ UINT8 _PADDING0_[0x4];
union
{
/*0x010*/ struct _DBGKD_READ_MEMORY64 ReadMemory;
/*0x010*/ struct _DBGKD_WRITE_MEMORY64 WriteMemory;
/*0x010*/ struct _DBGKD_GET_CONTEXT GetContext;
/*0x010*/ struct _DBGKD_SET_CONTEXT SetContext;
/*0x010*/ struct _DBGKD_WRITE_BREAKPOINT64 WriteBreakPoint;
/*0x010*/ struct _DBGKD_RESTORE_BREAKPOINT RestoreBreakPoint;
/*0x010*/ struct _DBGKD_CONTINUE Continue;
/*0x010*/ struct _DBGKD_CONTINUE2 Continue2;
/*0x010*/ struct _DBGKD_READ_WRITE_IO64 ReadWriteIo;
/*0x010*/ struct _DBGKD_READ_WRITE_IO_EXTENDED64 ReadWriteIoExtended;
/*0x010*/ struct _DBGKD_QUERY_SPECIAL_CALLS QuerySpecialCalls;
/*0x010*/ struct _DBGKD_SET_SPECIAL_CALL64 SetSpecialCall;
/*0x010*/ struct _DBGKD_SET_INTERNAL_BREAKPOINT64 SetInternalBreakpoint;
/*0x010*/ struct _DBGKD_GET_INTERNAL_BREAKPOINT64 GetInternalBreakpoint;
/*0x010*/ struct _DBGKD_GET_VERSION64 GetVersion64;
/*0x010*/ struct _DBGKD_BREAKPOINTEX BreakPointEx;
/*0x010*/ struct _DBGKD_READ_WRITE_MSR ReadWriteMsr;
/*0x010*/ struct _DBGKD_SEARCH_MEMORY SearchMemory;
/*0x010*/ struct _DBGKD_GET_SET_BUS_DATA GetSetBusData;
/*0x010*/ struct _DBGKD_FILL_MEMORY FillMemory;
/*0x010*/ struct _DBGKD_QUERY_MEMORY QueryMemory;
}u;
}DBGKD_MANIPULATE_STATE64, *PDBGKD_MANIPULATE_STATE64;
typedef struct _DEVICE_OBJECT {
/*0x000*/ INT16 Type;
/*0x002*/ UINT16 Size;
/*0x004*/ LONG32 ReferenceCount;
/*0x008*/ struct _DRIVER_OBJECT* DriverObject;
/*0x00C*/ struct _DEVICE_OBJECT* NextDevice;
/*0x010*/ struct _DEVICE_OBJECT* AttachedDevice;
/*0x014*/ struct _IRP* CurrentIrp;
/*0x018*/ struct _IO_TIMER* Timer;
/*0x01C*/ ULONG32 Flags;
/*0x020*/ ULONG32 Characteristics;
/*0x024*/ struct _VPB* Vpb;
/*0x028*/ VOID* DeviceExtension;
/*0x02C*/ ULONG32 DeviceType;
/*0x030*/ CHAR StackSize;
/*0x031*/ UINT8 _PADDING0_[0x3];
union
{
/*0x034*/ struct _LIST_ENTRY ListEntry;
/*0x034*/ struct _WAIT_CONTEXT_BLOCK Wcb;
}Queue;
/*0x05C*/ ULONG32 AlignmentRequirement;
/*0x060*/ struct _KDEVICE_QUEUE DeviceQueue;
/*0x074*/ struct _KDPC Dpc;
/*0x094*/ ULONG32 ActiveThreadCount;
/*0x098*/ VOID* SecurityDescriptor;
/*0x09C*/ struct _KEVENT DeviceLock;
/*0x0AC*/ UINT16 SectorSize;
/*0x0AE*/ UINT16 Spare1;
/*0x0B0*/ struct _DEVOBJ_EXTENSION* DeviceObjectExtension;
/*0x0B4*/ VOID* Reserved;
}DEVICE_OBJECT, *PDEVICE_OBJECT;
/*0x000*/ INT16 Type;
/*0x002*/ UINT16 Size;
/*0x004*/ LONG32 ReferenceCount;
/*0x008*/ struct _DRIVER_OBJECT* DriverObject;
/*0x00C*/ struct _DEVICE_OBJECT* NextDevice;
/*0x010*/ struct _DEVICE_OBJECT* AttachedDevice;
/*0x014*/ struct _IRP* CurrentIrp;
/*0x018*/ struct _IO_TIMER* Timer;
/*0x01C*/ ULONG32 Flags;
/*0x020*/ ULONG32 Characteristics;
/*0x024*/ struct _VPB* Vpb;
/*0x028*/ VOID* DeviceExtension;
/*0x02C*/ ULONG32 DeviceType;
/*0x030*/ CHAR StackSize;
/*0x031*/ UINT8 _PADDING0_[0x3];
union
{
/*0x034*/ struct _LIST_ENTRY ListEntry;
/*0x034*/ struct _WAIT_CONTEXT_BLOCK Wcb;
}Queue;
/*0x05C*/ ULONG32 AlignmentRequirement;
/*0x060*/ struct _KDEVICE_QUEUE DeviceQueue;
/*0x074*/ struct _KDPC Dpc;
/*0x094*/ ULONG32 ActiveThreadCount;
/*0x098*/ VOID* SecurityDescriptor;
/*0x09C*/ struct _KEVENT DeviceLock;
/*0x0AC*/ UINT16 SectorSize;
/*0x0AE*/ UINT16 Spare1;
/*0x0B0*/ struct _DEVOBJ_EXTENSION* DeviceObjectExtension;
/*0x0B4*/ VOID* Reserved;
}DEVICE_OBJECT, *PDEVICE_OBJECT;
typedef struct _ETIMER {
/*0x000*/ struct _KTIMER KeTimer;
/*0x028*/ struct _KAPC TimerApc;
/*0x058*/ struct _KDPC TimerDpc;
/*0x078*/ struct _LIST_ENTRY ActiveTimerListEntry;
/*0x080*/ ULONG32 Lock;
/*0x084*/ LONG32 Period;
/*0x088*/ UINT8 ApcAssociated;
/*0x089*/ UINT8 WakeTimer;
/*0x08A*/ UINT8 _PADDING0_[0x2];
/*0x08C*/ struct _LIST_ENTRY WakeTimerListEntry;
/*0x094*/ UINT8 _PADDING1_[0x4];
}ETIMER, *PETIMER;
/*0x000*/ struct _KTIMER KeTimer;
/*0x028*/ struct _KAPC TimerApc;
/*0x058*/ struct _KDPC TimerDpc;
/*0x078*/ struct _LIST_ENTRY ActiveTimerListEntry;
/*0x080*/ ULONG32 Lock;
/*0x084*/ LONG32 Period;
/*0x088*/ UINT8 ApcAssociated;
/*0x089*/ UINT8 WakeTimer;
/*0x08A*/ UINT8 _PADDING0_[0x2];
/*0x08C*/ struct _LIST_ENTRY WakeTimerListEntry;
/*0x094*/ UINT8 _PADDING1_[0x4];
}ETIMER, *PETIMER;
typedef struct _EVENT_COUNTER {
/*0x000*/ struct _SINGLE_LIST_ENTRY ListEntry;
/*0x004*/ ULONG32 RefCount;
/*0x008*/ struct _KEVENT Event;
}EVENT_COUNTER, *PEVENT_COUNTER;
/*0x000*/ struct _SINGLE_LIST_ENTRY ListEntry;
/*0x004*/ ULONG32 RefCount;
/*0x008*/ struct _KEVENT Event;
}EVENT_COUNTER, *PEVENT_COUNTER;
typedef struct _EX_PUSH_LOCK_WAIT_BLOCK {
/*0x000*/ struct _KEVENT WakeEvent;
/*0x010*/ struct _EX_PUSH_LOCK_WAIT_BLOCK* Next;
/*0x014*/ ULONG32 ShareCount;
/*0x018*/ UINT8 Exclusive;
/*0x019*/ UINT8 _PADDING0_[0x3];
}EX_PUSH_LOCK_WAIT_BLOCK, *PEX_PUSH_LOCK_WAIT_BLOCK;
/*0x000*/ struct _KEVENT WakeEvent;
/*0x010*/ struct _EX_PUSH_LOCK_WAIT_BLOCK* Next;
/*0x014*/ ULONG32 ShareCount;
/*0x018*/ UINT8 Exclusive;
/*0x019*/ UINT8 _PADDING0_[0x3];
}EX_PUSH_LOCK_WAIT_BLOCK, *PEX_PUSH_LOCK_WAIT_BLOCK;
//Add by [email protected], refer to http://www.x64asm.com/asmbbs/archiver/tid-1235.html
typedef union _EX_QUEUE_WORKER_INFO {
ULONG QueueDisabled: 1;
ULONG MakeThreadsAsNecessary: 1;
ULONG WaitMode: 1;
ULONG WorkerCount: 29;
LONG QueueWorkerInfo;
} EX_QUEUE_WORKER_INFO, *PEX_QUEUE_WORKER_INFO;
typedef union _EX_QUEUE_WORKER_INFO {
ULONG QueueDisabled: 1;
ULONG MakeThreadsAsNecessary: 1;
ULONG WaitMode: 1;
ULONG WorkerCount: 29;
LONG QueueWorkerInfo;
} EX_QUEUE_WORKER_INFO, *PEX_QUEUE_WORKER_INFO;
typedef struct _EX_WORK_QUEUE {
/*0x000*/ struct _KQUEUE WorkerQueue;
/*0x028*/ ULONG32 DynamicThreadCount;
/*0x02C*/ ULONG32 WorkItemsProcessed;
/*0x030*/ ULONG32 WorkItemsProcessedLastPass;
/*0x034*/ ULONG32 QueueDepthLastPass;
/*0x038*/ union _EX_QUEUE_WORKER_INFO Info;
}EX_WORK_QUEUE, *PEX_WORK_QUEUE;
typedef struct _FAST_MUTEX {
/*0x000*/ LONG32 Count;
/*0x004*/ struct _KTHREAD* Owner;
/*0x008*/ ULONG32 Contention;
/*0x00C*/ struct _KEVENT Event;
/*0x01C*/ ULONG32 OldIrql;
}FAST_MUTEX, *PFAST_MUTEX;
/*0x000*/ LONG32 Count;
/*0x004*/ struct _KTHREAD* Owner;
/*0x008*/ ULONG32 Contention;
/*0x00C*/ struct _KEVENT Event;
/*0x01C*/ ULONG32 OldIrql;
}FAST_MUTEX, *PFAST_MUTEX;
typedef struct _FILE_OBJECT {
/*0x000*/ INT16 Type;
/*0x002*/ INT16 Size;
/*0x004*/ struct _DEVICE_OBJECT* DeviceObject;
/*0x008*/ struct _VPB* Vpb;
/*0x00C*/ VOID* FsContext;
/*0x010*/ VOID* FsContext2;
/*0x014*/ struct _SECTION_OBJECT_POINTERS* SectionObjectPointer;
/*0x018*/ VOID* PrivateCacheMap;
/*0x01C*/ LONG32 FinalStatus;
/*0x020*/ struct _FILE_OBJECT* RelatedFileObject;
/*0x024*/ UINT8 LockOperation;
/*0x025*/ UINT8 DeletePending;
/*0x026*/ UINT8 ReadAccess;
/*0x027*/ UINT8 WriteAccess;
/*0x028*/ UINT8 DeleteAccess;
/*0x029*/ UINT8 SharedRead;
/*0x02A*/ UINT8 SharedWrite;
/*0x02B*/ UINT8 SharedDelete;
/*0x02C*/ ULONG32 Flags;
/*0x030*/ struct _UNICODE_STRING FileName;
/*0x038*/ union _LARGE_INTEGER CurrentByteOffset;
/*0x040*/ ULONG32 Waiters;
/*0x044*/ ULONG32 Busy;
/*0x048*/ VOID* LastLock;
/*0x04C*/ struct _KEVENT Lock;
/*0x05C*/ struct _KEVENT Event;
/*0x06C*/ struct _IO_COMPLETION_CONTEXT* CompletionContext;
}FILE_OBJECT, *PFILE_OBJECT;
/*0x000*/ INT16 Type;
/*0x002*/ INT16 Size;
/*0x004*/ struct _DEVICE_OBJECT* DeviceObject;
/*0x008*/ struct _VPB* Vpb;
/*0x00C*/ VOID* FsContext;
/*0x010*/ VOID* FsContext2;
/*0x014*/ struct _SECTION_OBJECT_POINTERS* SectionObjectPointer;
/*0x018*/ VOID* PrivateCacheMap;
/*0x01C*/ LONG32 FinalStatus;
/*0x020*/ struct _FILE_OBJECT* RelatedFileObject;
/*0x024*/ UINT8 LockOperation;
/*0x025*/ UINT8 DeletePending;
/*0x026*/ UINT8 ReadAccess;
/*0x027*/ UINT8 WriteAccess;
/*0x028*/ UINT8 DeleteAccess;
/*0x029*/ UINT8 SharedRead;
/*0x02A*/ UINT8 SharedWrite;
/*0x02B*/ UINT8 SharedDelete;
/*0x02C*/ ULONG32 Flags;
/*0x030*/ struct _UNICODE_STRING FileName;
/*0x038*/ union _LARGE_INTEGER CurrentByteOffset;
/*0x040*/ ULONG32 Waiters;
/*0x044*/ ULONG32 Busy;
/*0x048*/ VOID* LastLock;
/*0x04C*/ struct _KEVENT Lock;
/*0x05C*/ struct _KEVENT Event;
/*0x06C*/ struct _IO_COMPLETION_CONTEXT* CompletionContext;
}FILE_OBJECT, *PFILE_OBJECT;
typedef struct _KTHREAD {
/*0x000*/ struct _DISPATCHER_HEADER Header;
/*0x010*/ struct _LIST_ENTRY MutantListHead;
/*0x018*/ VOID* InitialStack;
/*0x01C*/ VOID* StackLimit;
/*0x020*/ VOID* Teb;
/*0x024*/ VOID* TlsArray;
/*0x028*/ VOID* KernelStack;
/*0x02C*/ UINT8 DebugActive;
/*0x02D*/ UINT8 State;
/*0x02E*/ UINT8 Alerted[2];
/*0x030*/ UINT8 Iopl;
/*0x031*/ UINT8 NpxState;
/*0x032*/ CHAR Saturation;
/*0x033*/ CHAR Priority;
/*0x034*/ struct _KAPC_STATE ApcState;
/*0x04C*/ ULONG32 ContextSwitches;
/*0x050*/ UINT8 IdleSwapBlock;
/*0x051*/ UINT8 Spare0[3];
/*0x054*/ LONG32 WaitStatus;
/*0x058*/ UINT8 WaitIrql;
/*0x059*/ CHAR WaitMode;
/*0x05A*/ UINT8 WaitNext;
/*0x05B*/ UINT8 WaitReason;
/*0x05C*/ struct _KWAIT_BLOCK* WaitBlockList;
union
{
/*0x060*/ struct _LIST_ENTRY WaitListEntry;
/*0x060*/ struct _SINGLE_LIST_ENTRY SwapListEntry;
};
/*0x068*/ ULONG32 WaitTime;
/*0x06C*/ CHAR BasePriority;
/*0x06D*/ UINT8 DecrementCount;
/*0x06E*/ CHAR PriorityDecrement;
/*0x06F*/ CHAR Quantum;
/*0x070*/ struct _KWAIT_BLOCK WaitBlock[4];
/*0x0D0*/ VOID* LegoData;
/*0x0D4*/ ULONG32 KernelApcDisable;
/*0x0D8*/ ULONG32 UserAffinity;
/*0x0DC*/ UINT8 SystemAffinityActive;
/*0x0DD*/ UINT8 PowerState;
/*0x0DE*/ UINT8 NpxIrql;
/*0x0DF*/ UINT8 InitialNode;
/*0x0E0*/ VOID* ServiceTable;
/*0x0E4*/ struct _KQUEUE* Queue;
/*0x0E8*/ ULONG32 ApcQueueLock;
/*0x0EC*/ UINT8 _PADDING0_[0x4];
/*0x0F0*/ struct _KTIMER Timer;
/*0x118*/ struct _LIST_ENTRY QueueListEntry;
/*0x120*/ ULONG32 SoftAffinity;
/*0x124*/ ULONG32 Affinity;
/*0x128*/ UINT8 Preempted;
/*0x129*/ UINT8 ProcessReadyQueue;
/*0x12A*/ UINT8 KernelStackResident;
/*0x12B*/ UINT8 NextProcessor;
/*0x12C*/ VOID* CallbackStack;
/*0x130*/ VOID* Win32Thread;
/*0x134*/ struct _KTRAP_FRAME* TrapFrame;
/*0x138*/ struct _KAPC_STATE* ApcStatePointer[2];
/*0x140*/ CHAR PreviousMode;
/*0x141*/ UINT8 EnableStackSwap;
/*0x142*/ UINT8 LargeStack;
/*0x143*/ UINT8 ResourceIndex;
/*0x144*/ ULONG32 KernelTime;
/*0x148*/ ULONG32 UserTime;
/*0x14C*/ struct _KAPC_STATE SavedApcState;
/*0x164*/ UINT8 Alertable;
/*0x165*/ UINT8 ApcStateIndex;
/*0x166*/ UINT8 ApcQueueable;
/*0x167*/ UINT8 AutoAlignment;
/*0x168*/ VOID* StackBase;
/*0x16C*/ struct _KAPC SuspendApc;
/*0x19C*/ struct _KSEMAPHORE SuspendSemaphore;
/*0x1B0*/ struct _LIST_ENTRY ThreadListEntry;
/*0x1B8*/ CHAR FreezeCount;
/*0x1B9*/ CHAR SuspendCount;
/*0x1BA*/ UINT8 IdealProcessor;
/*0x1BB*/ UINT8 DisableBoost;
/*0x1BC*/ UINT8 _PADDING1_[0x4];
}KTHREAD, *PKTHREAD;
/*0x000*/ struct _DISPATCHER_HEADER Header;
/*0x010*/ struct _LIST_ENTRY MutantListHead;
/*0x018*/ VOID* InitialStack;
/*0x01C*/ VOID* StackLimit;
/*0x020*/ VOID* Teb;
/*0x024*/ VOID* TlsArray;
/*0x028*/ VOID* KernelStack;
/*0x02C*/ UINT8 DebugActive;
/*0x02D*/ UINT8 State;
/*0x02E*/ UINT8 Alerted[2];
/*0x030*/ UINT8 Iopl;
/*0x031*/ UINT8 NpxState;
/*0x032*/ CHAR Saturation;
/*0x033*/ CHAR Priority;
/*0x034*/ struct _KAPC_STATE ApcState;
/*0x04C*/ ULONG32 ContextSwitches;
/*0x050*/ UINT8 IdleSwapBlock;
/*0x051*/ UINT8 Spare0[3];
/*0x054*/ LONG32 WaitStatus;
/*0x058*/ UINT8 WaitIrql;
/*0x059*/ CHAR WaitMode;
/*0x05A*/ UINT8 WaitNext;
/*0x05B*/ UINT8 WaitReason;
/*0x05C*/ struct _KWAIT_BLOCK* WaitBlockList;
union
{
/*0x060*/ struct _LIST_ENTRY WaitListEntry;
/*0x060*/ struct _SINGLE_LIST_ENTRY SwapListEntry;
};
/*0x068*/ ULONG32 WaitTime;
/*0x06C*/ CHAR BasePriority;
/*0x06D*/ UINT8 DecrementCount;
/*0x06E*/ CHAR PriorityDecrement;
/*0x06F*/ CHAR Quantum;
/*0x070*/ struct _KWAIT_BLOCK WaitBlock[4];
/*0x0D0*/ VOID* LegoData;
/*0x0D4*/ ULONG32 KernelApcDisable;
/*0x0D8*/ ULONG32 UserAffinity;
/*0x0DC*/ UINT8 SystemAffinityActive;
/*0x0DD*/ UINT8 PowerState;
/*0x0DE*/ UINT8 NpxIrql;
/*0x0DF*/ UINT8 InitialNode;
/*0x0E0*/ VOID* ServiceTable;
/*0x0E4*/ struct _KQUEUE* Queue;
/*0x0E8*/ ULONG32 ApcQueueLock;
/*0x0EC*/ UINT8 _PADDING0_[0x4];
/*0x0F0*/ struct _KTIMER Timer;
/*0x118*/ struct _LIST_ENTRY QueueListEntry;
/*0x120*/ ULONG32 SoftAffinity;
/*0x124*/ ULONG32 Affinity;
/*0x128*/ UINT8 Preempted;
/*0x129*/ UINT8 ProcessReadyQueue;
/*0x12A*/ UINT8 KernelStackResident;
/*0x12B*/ UINT8 NextProcessor;
/*0x12C*/ VOID* CallbackStack;
/*0x130*/ VOID* Win32Thread;
/*0x134*/ struct _KTRAP_FRAME* TrapFrame;
/*0x138*/ struct _KAPC_STATE* ApcStatePointer[2];
/*0x140*/ CHAR PreviousMode;
/*0x141*/ UINT8 EnableStackSwap;
/*0x142*/ UINT8 LargeStack;
/*0x143*/ UINT8 ResourceIndex;
/*0x144*/ ULONG32 KernelTime;
/*0x148*/ ULONG32 UserTime;
/*0x14C*/ struct _KAPC_STATE SavedApcState;
/*0x164*/ UINT8 Alertable;
/*0x165*/ UINT8 ApcStateIndex;
/*0x166*/ UINT8 ApcQueueable;
/*0x167*/ UINT8 AutoAlignment;
/*0x168*/ VOID* StackBase;
/*0x16C*/ struct _KAPC SuspendApc;
/*0x19C*/ struct _KSEMAPHORE SuspendSemaphore;
/*0x1B0*/ struct _LIST_ENTRY ThreadListEntry;
/*0x1B8*/ CHAR FreezeCount;
/*0x1B9*/ CHAR SuspendCount;
/*0x1BA*/ UINT8 IdealProcessor;
/*0x1BB*/ UINT8 DisableBoost;
/*0x1BC*/ UINT8 _PADDING1_[0x4];
}KTHREAD, *PKTHREAD;
typedef struct _LPCP_NONPAGED_PORT_QUEUE {
/*0x000*/ struct _KSEMAPHORE Semaphore;
/*0x014*/ struct _LPCP_PORT_OBJECT* BackPointer;
}LPCP_NONPAGED_PORT_QUEUE, *PLPCP_NONPAGED_PORT_QUEUE;
/*0x000*/ struct _KSEMAPHORE Semaphore;
/*0x014*/ struct _LPCP_PORT_OBJECT* BackPointer;
}LPCP_NONPAGED_PORT_QUEUE, *PLPCP_NONPAGED_PORT_QUEUE;
typedef struct _MMMOD_WRITER_LISTHEAD {
/*0x000*/ struct _LIST_ENTRY ListHead;
/*0x008*/ struct _KEVENT Event;
}MMMOD_WRITER_LISTHEAD, *PMMMOD_WRITER_LISTHEAD;
/*0x000*/ struct _LIST_ENTRY ListHead;
/*0x008*/ struct _KEVENT Event;
}MMMOD_WRITER_LISTHEAD, *PMMMOD_WRITER_LISTHEAD;
typedef struct _PCI_COMMON_EXTENSION {
/*0x000*/ VOID* Next;
/*0x004*/ enum _PCI_SIGNATURE ExtensionType;
/*0x008*/ struct _PCI_MJ_DISPATCH_TABLE* IrpDispatchTable;
/*0x00C*/ UINT8 DeviceState;
/*0x00D*/ UINT8 TentativeNextState;
/*0x00E*/ UINT8 _PADDING0_[0x2];
/*0x010*/ struct _KEVENT SecondaryExtLock;
}PCI_COMMON_EXTENSION, *PPCI_COMMON_EXTENSION;
/*0x000*/ VOID* Next;
/*0x004*/ enum _PCI_SIGNATURE ExtensionType;
/*0x008*/ struct _PCI_MJ_DISPATCH_TABLE* IrpDispatchTable;
/*0x00C*/ UINT8 DeviceState;
/*0x00D*/ UINT8 TentativeNextState;
/*0x00E*/ UINT8 _PADDING0_[0x2];
/*0x010*/ struct _KEVENT SecondaryExtLock;
}PCI_COMMON_EXTENSION, *PPCI_COMMON_EXTENSION;
typedef struct _PCI_FDO_EXTENSION {
/*0x000*/ struct _SINGLE_LIST_ENTRY List;
/*0x004*/ enum _PCI_SIGNATURE ExtensionType;
/*0x008*/ struct _PCI_MJ_DISPATCH_TABLE* IrpDispatchTable;
/*0x00C*/ UINT8 DeviceState;
/*0x00D*/ UINT8 TentativeNextState;
/*0x00E*/ UINT8 _PADDING0_[0x2];
/*0x010*/ struct _KEVENT SecondaryExtLock;
/*0x020*/ struct _DEVICE_OBJECT* PhysicalDeviceObject;
/*0x024*/ struct _DEVICE_OBJECT* FunctionalDeviceObject;
/*0x028*/ struct _DEVICE_OBJECT* AttachedDeviceObject;
/*0x02C*/ struct _KEVENT ChildListLock;
/*0x03C*/ struct _PCI_PDO_EXTENSION* ChildPdoList;
/*0x040*/ struct _PCI_FDO_EXTENSION* BusRootFdoExtension;
/*0x044*/ struct _PCI_FDO_EXTENSION* ParentFdoExtension;
/*0x048*/ struct _PCI_PDO_EXTENSION* ChildBridgePdoList;
/*0x04C*/ struct _PCI_BUS_INTERFACE_STANDARD* PciBusInterface;
/*0x050*/ UINT8 MaxSubordinateBus;
/*0x051*/ UINT8 _PADDING1_[0x3];
/*0x054*/ struct _BUS_HANDLER* BusHandler;
/*0x058*/ UINT8 BaseBus;
/*0x059*/ UINT8 Fake;
/*0x05A*/ UINT8 ChildDelete;
/*0x05B*/ UINT8 Scanned;
/*0x05C*/ UINT8 ArbitersInitialized;
/*0x05D*/ UINT8 BrokenVideoHackApplied;
/*0x05E*/ UINT8 Hibernated;
/*0x05F*/ UINT8 _PADDING2_[0x1];
/*0x060*/ struct _PCI_POWER_STATE PowerState;
/*0x0A0*/ struct _SINGLE_LIST_ENTRY SecondaryExtension;
/*0x0A4*/ ULONG32 ChildWaitWakeCount;
/*0x0A8*/ struct _PCI_COMMON_CONFIG* PreservedConfig;
/*0x0AC*/ struct _PCI_LOCK Lock;
struct
{
/*0x0B4*/ UINT8 Acquired;
/*0x0B5*/ UINT8 CacheLineSize;
/*0x0B6*/ UINT8 LatencyTimer;
/*0x0B7*/ UINT8 EnablePERR;
/*0x0B8*/ UINT8 EnableSERR;
}HotPlugParameters;
/*0x0BC*/ ULONG32 BusHackFlags;
}PCI_FDO_EXTENSION, *PPCI_FDO_EXTENSION;
/*0x000*/ struct _SINGLE_LIST_ENTRY List;
/*0x004*/ enum _PCI_SIGNATURE ExtensionType;
/*0x008*/ struct _PCI_MJ_DISPATCH_TABLE* IrpDispatchTable;
/*0x00C*/ UINT8 DeviceState;
/*0x00D*/ UINT8 TentativeNextState;
/*0x00E*/ UINT8 _PADDING0_[0x2];
/*0x010*/ struct _KEVENT SecondaryExtLock;
/*0x020*/ struct _DEVICE_OBJECT* PhysicalDeviceObject;
/*0x024*/ struct _DEVICE_OBJECT* FunctionalDeviceObject;
/*0x028*/ struct _DEVICE_OBJECT* AttachedDeviceObject;
/*0x02C*/ struct _KEVENT ChildListLock;
/*0x03C*/ struct _PCI_PDO_EXTENSION* ChildPdoList;
/*0x040*/ struct _PCI_FDO_EXTENSION* BusRootFdoExtension;
/*0x044*/ struct _PCI_FDO_EXTENSION* ParentFdoExtension;
/*0x048*/ struct _PCI_PDO_EXTENSION* ChildBridgePdoList;
/*0x04C*/ struct _PCI_BUS_INTERFACE_STANDARD* PciBusInterface;
/*0x050*/ UINT8 MaxSubordinateBus;
/*0x051*/ UINT8 _PADDING1_[0x3];
/*0x054*/ struct _BUS_HANDLER* BusHandler;
/*0x058*/ UINT8 BaseBus;
/*0x059*/ UINT8 Fake;
/*0x05A*/ UINT8 ChildDelete;
/*0x05B*/ UINT8 Scanned;
/*0x05C*/ UINT8 ArbitersInitialized;
/*0x05D*/ UINT8 BrokenVideoHackApplied;
/*0x05E*/ UINT8 Hibernated;
/*0x05F*/ UINT8 _PADDING2_[0x1];
/*0x060*/ struct _PCI_POWER_STATE PowerState;
/*0x0A0*/ struct _SINGLE_LIST_ENTRY SecondaryExtension;
/*0x0A4*/ ULONG32 ChildWaitWakeCount;
/*0x0A8*/ struct _PCI_COMMON_CONFIG* PreservedConfig;
/*0x0AC*/ struct _PCI_LOCK Lock;
struct
{
/*0x0B4*/ UINT8 Acquired;
/*0x0B5*/ UINT8 CacheLineSize;
/*0x0B6*/ UINT8 LatencyTimer;
/*0x0B7*/ UINT8 EnablePERR;
/*0x0B8*/ UINT8 EnableSERR;
}HotPlugParameters;
/*0x0BC*/ ULONG32 BusHackFlags;
}PCI_FDO_EXTENSION, *PPCI_FDO_EXTENSION;
//Add by [email protected], refer to http://www.reactos.freedoors.org/Reactos%200.3.12/ReactOS-0.3.12-REL-src/dll/win32/kernel32/string/ReactOS-0.3.12-REL-src/drivers/bus/pcix/pci.h
typedef union _PCI_HEADER_TYPE_DEPENDENT
{
struct
{
UCHAR Spare[4];
} type0;
struct
{
UCHAR PrimaryBus;
UCHAR SecondaryBus;
UCHAR SubordinateBus;
UCHAR SubtractiveDecode:1;
UCHAR IsaBitSet:1;
UCHAR VgaBitSet:1;
UCHAR WeChangedBusNumbers:1;
UCHAR IsaBitRequired:1;
} type1;
struct
{
UCHAR Spare[4];
} type2;
} PCI_HEADER_TYPE_DEPENDENT, *PPCI_HEADER_TYPE_DEPENDENT;
typedef union _PCI_HEADER_TYPE_DEPENDENT
{
struct
{
UCHAR Spare[4];
} type0;
struct
{
UCHAR PrimaryBus;
UCHAR SecondaryBus;
UCHAR SubordinateBus;
UCHAR SubtractiveDecode:1;
UCHAR IsaBitSet:1;
UCHAR VgaBitSet:1;
UCHAR WeChangedBusNumbers:1;
UCHAR IsaBitRequired:1;
} type1;
struct
{
UCHAR Spare[4];
} type2;
} PCI_HEADER_TYPE_DEPENDENT, *PPCI_HEADER_TYPE_DEPENDENT;
typedef struct _PCI_PDO_EXTENSION {
/*0x000*/ struct _PCI_PDO_EXTENSION* Next;
/*0x004*/ enum _PCI_SIGNATURE ExtensionType;
/*0x008*/ struct _PCI_MJ_DISPATCH_TABLE* IrpDispatchTable;
/*0x00C*/ UINT8 DeviceState;
/*0x00D*/ UINT8 TentativeNextState;
/*0x00E*/ UINT8 _PADDING0_[0x2];
/*0x010*/ struct _KEVENT SecondaryExtLock;
/*0x020*/ struct _PCI_SLOT_NUMBER Slot;
/*0x024*/ struct _DEVICE_OBJECT* PhysicalDeviceObject;
/*0x028*/ struct _PCI_FDO_EXTENSION* ParentFdoExtension;
/*0x02C*/ struct _SINGLE_LIST_ENTRY SecondaryExtension;
/*0x030*/ ULONG32 BusInterfaceReferenceCount;
/*0x034*/ ULONG32 AgpInterfaceReferenceCount;
/*0x038*/ UINT16 VendorId;
/*0x03A*/ UINT16 DeviceId;
/*0x03C*/ UINT16 SubsystemVendorId;
/*0x03E*/ UINT16 SubsystemId;
/*0x040*/ UINT8 RevisionId;
/*0x041*/ UINT8 ProgIf;
/*0x042*/ UINT8 SubClass;
/*0x043*/ UINT8 BaseClass;
/*0x044*/ UINT8 AdditionalResourceCount;
/*0x045*/ UINT8 AdjustedInterruptLine;
/*0x046*/ UINT8 InterruptPin;
/*0x047*/ UINT8 RawInterruptLine;
/*0x048*/ UINT8 CapabilitiesPtr;
/*0x049*/ UINT8 SavedLatencyTimer;
/*0x04A*/ UINT8 SavedCacheLineSize;
/*0x04B*/ UINT8 HeaderType;
/*0x04C*/ UINT8 NotPresent;
/*0x04D*/ UINT8 ReportedMissing;
/*0x04E*/ UINT8 ExpectedWritebackFailure;
/*0x04F*/ UINT8 NoTouchPmeEnable;
/*0x050*/ UINT8 LegacyDriver;
/*0x051*/ UINT8 UpdateHardware;
/*0x052*/ UINT8 MovedDevice;
/*0x053*/ UINT8 DisablePowerDown;
/*0x054*/ UINT8 NeedsHotPlugConfiguration;
/*0x055*/ UINT8 SwitchedIDEToNativeMode;
/*0x056*/ UINT8 BIOSAllowsIDESwitchToNativeMode;
/*0x057*/ UINT8 IoSpaceUnderNativeIdeControl;
/*0x058*/ UINT8 OnDebugPath;
/*0x059*/ UINT8 _PADDING1_[0x3];
/*0x05C*/ struct _PCI_POWER_STATE PowerState;
/*0x09C*/ union _PCI_HEADER_TYPE_DEPENDENT Dependent;
/*0x0A0*/ UINT64 HackFlags;
/*0x0A8*/ struct _PCI_FUNCTION_RESOURCES* Resources;
/*0x0AC*/ struct _PCI_FDO_EXTENSION* BridgeFdoExtension;
/*0x0B0*/ struct _PCI_PDO_EXTENSION* NextBridge;
/*0x0B4*/ struct _PCI_PDO_EXTENSION* NextHashEntry;
/*0x0B8*/ struct _PCI_LOCK Lock;
/*0x0C0*/ struct _PCI_PMC PowerCapabilities;
/*0x0C2*/ UINT8 TargetAgpCapabilityId;
/*0x0C3*/ UINT8 _PADDING2_[0x1];
/*0x0C4*/ UINT16 CommandEnables;
/*0x0C6*/ UINT16 InitialCommand;
}PCI_PDO_EXTENSION, *PPCI_PDO_EXTENSION;
typedef struct _POP_THERMAL_ZONE {
/*0x000*/ struct _LIST_ENTRY Link;
/*0x008*/ UINT8 State;
/*0x009*/ UINT8 Flags;
/*0x00A*/ UINT8 Mode;
/*0x00B*/ UINT8 PendingMode;
/*0x00C*/ UINT8 ActivePoint;
/*0x00D*/ UINT8 PendingActivePoint;
/*0x00E*/ UINT8 _PADDING0_[0x2];
/*0x010*/ LONG32 Throttle;
/*0x014*/ UINT8 _PADDING1_[0x4];
/*0x018*/ UINT64 LastTime;
/*0x020*/ ULONG32 SampleRate;
/*0x024*/ ULONG32 LastTemp;
/*0x028*/ struct _KTIMER PassiveTimer;
/*0x050*/ struct _KDPC PassiveDpc;
/*0x070*/ struct _POP_ACTION_TRIGGER OverThrottled;
/*0x07C*/ struct _IRP* Irp;
/*0x080*/ struct _THERMAL_INFORMATION Info;
/*0x0CC*/ UINT8 _PADDING2_[0x4];
}POP_THERMAL_ZONE, *PPOP_THERMAL_ZONE;
/*0x000*/ struct _LIST_ENTRY Link;
/*0x008*/ UINT8 State;
/*0x009*/ UINT8 Flags;
/*0x00A*/ UINT8 Mode;
/*0x00B*/ UINT8 PendingMode;
/*0x00C*/ UINT8 ActivePoint;
/*0x00D*/ UINT8 PendingActivePoint;
/*0x00E*/ UINT8 _PADDING0_[0x2];
/*0x010*/ LONG32 Throttle;
/*0x014*/ UINT8 _PADDING1_[0x4];
/*0x018*/ UINT64 LastTime;
/*0x020*/ ULONG32 SampleRate;
/*0x024*/ ULONG32 LastTemp;
/*0x028*/ struct _KTIMER PassiveTimer;
/*0x050*/ struct _KDPC PassiveDpc;
/*0x070*/ struct _POP_ACTION_TRIGGER OverThrottled;
/*0x07C*/ struct _IRP* Irp;
/*0x080*/ struct _THERMAL_INFORMATION Info;
/*0x0CC*/ UINT8 _PADDING2_[0x4];
}POP_THERMAL_ZONE, *PPOP_THERMAL_ZONE;
typedef struct _POP_TRIGGER_WAIT {
/*0x000*/ struct _KEVENT Event;
/*0x010*/ LONG32 Status;
/*0x014*/ struct _LIST_ENTRY Link;
/*0x01C*/ struct _POP_ACTION_TRIGGER* Trigger;
}POP_TRIGGER_WAIT, *PPOP_TRIGGER_WAIT;
/*0x000*/ struct _KEVENT Event;
/*0x010*/ LONG32 Status;
/*0x014*/ struct _LIST_ENTRY Link;
/*0x01C*/ struct _POP_ACTION_TRIGGER* Trigger;
}POP_TRIGGER_WAIT, *PPOP_TRIGGER_WAIT;
typedef struct _PO_NOTIFY_ORDER_LEVEL {
/*0x000*/ struct _KEVENT LevelReady;
/*0x010*/ ULONG32 DeviceCount;
/*0x014*/ ULONG32 ActiveCount;
/*0x018*/ struct _LIST_ENTRY WaitSleep;
/*0x020*/ struct _LIST_ENTRY ReadySleep;
/*0x028*/ struct _LIST_ENTRY Pending;
/*0x030*/ struct _LIST_ENTRY Complete;
/*0x038*/ struct _LIST_ENTRY ReadyS0;
/*0x040*/ struct _LIST_ENTRY WaitS0;
}PO_NOTIFY_ORDER_LEVEL, *PPO_NOTIFY_ORDER_LEVEL;
/*0x000*/ struct _KEVENT LevelReady;
/*0x010*/ ULONG32 DeviceCount;
/*0x014*/ ULONG32 ActiveCount;
/*0x018*/ struct _LIST_ENTRY WaitSleep;
/*0x020*/ struct _LIST_ENTRY ReadySleep;
/*0x028*/ struct _LIST_ENTRY Pending;
/*0x030*/ struct _LIST_ENTRY Complete;
/*0x038*/ struct _LIST_ENTRY ReadyS0;
/*0x040*/ struct _LIST_ENTRY WaitS0;
}PO_NOTIFY_ORDER_LEVEL, *PPO_NOTIFY_ORDER_LEVEL;
typedef struct _PROCESSOR_POWER_STATE {
/*0x000*/ PVOID IdleFunction;
/*0x004*/ ULONG32 Idle0KernelTimeLimit;
/*0x008*/ ULONG32 Idle0LastTime;
/*0x00C*/ VOID* IdleHandlers;
/*0x010*/ VOID* IdleState;
/*0x014*/ ULONG32 IdleHandlersCount;
/*0x018*/ UINT64 LastCheck;
/*0x020*/ struct _PROCESSOR_IDLE_TIMES IdleTimes;
/*0x040*/ ULONG32 IdleTime1;
/*0x044*/ ULONG32 PromotionCheck;
/*0x048*/ ULONG32 IdleTime2;
/*0x04C*/ UINT8 CurrentThrottle;
/*0x04D*/ UINT8 ThermalThrottleLimit;
/*0x04E*/ UINT8 CurrentThrottleIndex;
/*0x04F*/ UINT8 ThermalThrottleIndex;
/*0x050*/ ULONG32 LastKernelUserTime;
/*0x054*/ ULONG32 LastIdleThreadKernelTime;
/*0x058*/ ULONG32 PackageIdleStartTime;
/*0x05C*/ ULONG32 PackageIdleTime;
/*0x060*/ ULONG32 DebugCount;
/*0x064*/ ULONG32 LastSysTime;
/*0x068*/ UINT64 TotalIdleStateTime[3];
/*0x080*/ ULONG32 TotalIdleTransitions[3];
/*0x08C*/ UINT8 _PADDING0_[0x4];
/*0x090*/ UINT64 PreviousC3StateTime;
/*0x098*/ UINT8 KneeThrottleIndex;
/*0x099*/ UINT8 ThrottleLimitIndex;
/*0x09A*/ UINT8 PerfStatesCount;
/*0x09B*/ UINT8 ProcessorMinThrottle;
/*0x09C*/ UINT8 ProcessorMaxThrottle;
/*0x09D*/ UINT8 EnableIdleAccounting;
/*0x09E*/ UINT8 LastC3Percentage;
/*0x09F*/ UINT8 LastAdjustedBusyPercentage;
/*0x0A0*/ ULONG32 PromotionCount;
/*0x0A4*/ ULONG32 DemotionCount;
/*0x0A8*/ ULONG32 ErrorCount;
/*0x0AC*/ ULONG32 RetryCount;
/*0x0B0*/ ULONG32 Flags;
/*0x0B4*/ UINT8 _PADDING1_[0x4];
/*0x0B8*/ union _LARGE_INTEGER PerfCounterFrequency;
/*0x0C0*/ ULONG32 PerfTickCount;
/*0x0C4*/ UINT8 _PADDING2_[0x4];
/*0x0C8*/ struct _KTIMER PerfTimer;
/*0x0F0*/ struct _KDPC PerfDpc;
/*0x110*/ struct _PROCESSOR_PERF_STATE* PerfStates;
/*0x114*/ PVOID PerfSetThrottle;
/*0x118*/ ULONG32 LastC3KernelUserTime;
/*0x11C*/ ULONG32 LastPackageIdleTime;
}PROCESSOR_POWER_STATE, *PPROCESSOR_POWER_STATE;
/*0x000*/ PVOID IdleFunction;
/*0x004*/ ULONG32 Idle0KernelTimeLimit;
/*0x008*/ ULONG32 Idle0LastTime;
/*0x00C*/ VOID* IdleHandlers;
/*0x010*/ VOID* IdleState;
/*0x014*/ ULONG32 IdleHandlersCount;
/*0x018*/ UINT64 LastCheck;
/*0x020*/ struct _PROCESSOR_IDLE_TIMES IdleTimes;
/*0x040*/ ULONG32 IdleTime1;
/*0x044*/ ULONG32 PromotionCheck;
/*0x048*/ ULONG32 IdleTime2;
/*0x04C*/ UINT8 CurrentThrottle;
/*0x04D*/ UINT8 ThermalThrottleLimit;
/*0x04E*/ UINT8 CurrentThrottleIndex;
/*0x04F*/ UINT8 ThermalThrottleIndex;
/*0x050*/ ULONG32 LastKernelUserTime;
/*0x054*/ ULONG32 LastIdleThreadKernelTime;
/*0x058*/ ULONG32 PackageIdleStartTime;
/*0x05C*/ ULONG32 PackageIdleTime;
/*0x060*/ ULONG32 DebugCount;
/*0x064*/ ULONG32 LastSysTime;
/*0x068*/ UINT64 TotalIdleStateTime[3];
/*0x080*/ ULONG32 TotalIdleTransitions[3];
/*0x08C*/ UINT8 _PADDING0_[0x4];
/*0x090*/ UINT64 PreviousC3StateTime;
/*0x098*/ UINT8 KneeThrottleIndex;
/*0x099*/ UINT8 ThrottleLimitIndex;
/*0x09A*/ UINT8 PerfStatesCount;
/*0x09B*/ UINT8 ProcessorMinThrottle;
/*0x09C*/ UINT8 ProcessorMaxThrottle;
/*0x09D*/ UINT8 EnableIdleAccounting;
/*0x09E*/ UINT8 LastC3Percentage;
/*0x09F*/ UINT8 LastAdjustedBusyPercentage;
/*0x0A0*/ ULONG32 PromotionCount;
/*0x0A4*/ ULONG32 DemotionCount;
/*0x0A8*/ ULONG32 ErrorCount;
/*0x0AC*/ ULONG32 RetryCount;
/*0x0B0*/ ULONG32 Flags;
/*0x0B4*/ UINT8 _PADDING1_[0x4];
/*0x0B8*/ union _LARGE_INTEGER PerfCounterFrequency;
/*0x0C0*/ ULONG32 PerfTickCount;
/*0x0C4*/ UINT8 _PADDING2_[0x4];
/*0x0C8*/ struct _KTIMER PerfTimer;
/*0x0F0*/ struct _KDPC PerfDpc;
/*0x110*/ struct _PROCESSOR_PERF_STATE* PerfStates;
/*0x114*/ PVOID PerfSetThrottle;
/*0x118*/ ULONG32 LastC3KernelUserTime;
/*0x11C*/ ULONG32 LastPackageIdleTime;
}PROCESSOR_POWER_STATE, *PPROCESSOR_POWER_STATE;
typedef struct _SECURITY_CLIENT_CONTEXT {
/*0x000*/ struct _SECURITY_QUALITY_OF_SERVICE SecurityQos;
/*0x00C*/ VOID* ClientToken;
/*0x010*/ UINT8 DirectlyAccessClientToken;
/*0x011*/ UINT8 DirectAccessEffectiveOnly;
/*0x012*/ UINT8 ServerIsRemote;
/*0x013*/ UINT8 _PADDING0_[0x1];
/*0x014*/ struct _TOKEN_CONTROL ClientTokenControl;
}SECURITY_CLIENT_CONTEXT, *PSECURITY_CLIENT_CONTEXT;
/*0x000*/ struct _SECURITY_QUALITY_OF_SERVICE SecurityQos;
/*0x00C*/ VOID* ClientToken;
/*0x010*/ UINT8 DirectlyAccessClientToken;
/*0x011*/ UINT8 DirectAccessEffectiveOnly;
/*0x012*/ UINT8 ServerIsRemote;
/*0x013*/ UINT8 _PADDING0_[0x1];
/*0x014*/ struct _TOKEN_CONTROL ClientTokenControl;
}SECURITY_CLIENT_CONTEXT, *PSECURITY_CLIENT_CONTEXT;
typedef struct _SHARED_CACHE_MAP {
/*0x000*/ INT16 NodeTypeCode;
/*0x002*/ INT16 NodeByteSize;
/*0x004*/ ULONG32 OpenCount;
/*0x008*/ union _LARGE_INTEGER FileSize;
/*0x010*/ struct _LIST_ENTRY BcbList;
/*0x018*/ union _LARGE_INTEGER SectionSize;
/*0x020*/ union _LARGE_INTEGER ValidDataLength;
/*0x028*/ union _LARGE_INTEGER ValidDataGoal;
/*0x030*/ struct _VACB* InitialVacbs[4];
/*0x040*/ struct _VACB** Vacbs;
/*0x044*/ struct _FILE_OBJECT* FileObject;
/*0x048*/ struct _VACB* ActiveVacb;
/*0x04C*/ VOID* NeedToZero;
/*0x050*/ ULONG32 ActivePage;
/*0x054*/ ULONG32 NeedToZeroPage;
/*0x058*/ ULONG32 ActiveVacbSpinLock;
/*0x05C*/ ULONG32 VacbActiveCount;
/*0x060*/ ULONG32 DirtyPages;
/*0x064*/ struct _LIST_ENTRY SharedCacheMapLinks;
/*0x06C*/ ULONG32 Flags;
/*0x070*/ LONG32 Status;
/*0x074*/ struct _MBCB* Mbcb;
/*0x078*/ VOID* Section;
/*0x07C*/ struct _KEVENT* CreateEvent;
/*0x080*/ struct _KEVENT* WaitOnActiveCount;
/*0x084*/ ULONG32 PagesToWrite;
/*0x088*/ INT64 BeyondLastFlush;
/*0x090*/ struct _CACHE_MANAGER_CALLBACKS* Callbacks;
/*0x094*/ VOID* LazyWriteContext;
/*0x098*/ struct _LIST_ENTRY PrivateList;
/*0x0A0*/ VOID* LogHandle;
/*0x0A4*/ PVOID FlushToLsnRoutine;
/*0x0A8*/ ULONG32 DirtyPageThreshold;
/*0x0AC*/ ULONG32 LazyWritePassCount;
/*0x0B0*/ struct _CACHE_UNINITIALIZE_EVENT* UninitializeEvent;
/*0x0B4*/ struct _VACB* NeedToZeroVacb;
/*0x0B8*/ ULONG32 BcbSpinLock;
/*0x0BC*/ VOID* Reserved;
/*0x0C0*/ struct _KEVENT Event;
/*0x0D0*/ struct _EX_PUSH_LOCK VacbPushLock;
/*0x0D4*/ UINT8 _PADDING0_[0x4];
/*0x0D8*/ struct _PRIVATE_CACHE_MAP PrivateCacheMap;
}SHARED_CACHE_MAP, *PSHARED_CACHE_MAP;
/*0x000*/ INT16 NodeTypeCode;
/*0x002*/ INT16 NodeByteSize;
/*0x004*/ ULONG32 OpenCount;
/*0x008*/ union _LARGE_INTEGER FileSize;
/*0x010*/ struct _LIST_ENTRY BcbList;
/*0x018*/ union _LARGE_INTEGER SectionSize;
/*0x020*/ union _LARGE_INTEGER ValidDataLength;
/*0x028*/ union _LARGE_INTEGER ValidDataGoal;
/*0x030*/ struct _VACB* InitialVacbs[4];
/*0x040*/ struct _VACB** Vacbs;
/*0x044*/ struct _FILE_OBJECT* FileObject;
/*0x048*/ struct _VACB* ActiveVacb;
/*0x04C*/ VOID* NeedToZero;
/*0x050*/ ULONG32 ActivePage;
/*0x054*/ ULONG32 NeedToZeroPage;
/*0x058*/ ULONG32 ActiveVacbSpinLock;
/*0x05C*/ ULONG32 VacbActiveCount;
/*0x060*/ ULONG32 DirtyPages;
/*0x064*/ struct _LIST_ENTRY SharedCacheMapLinks;
/*0x06C*/ ULONG32 Flags;
/*0x070*/ LONG32 Status;
/*0x074*/ struct _MBCB* Mbcb;
/*0x078*/ VOID* Section;
/*0x07C*/ struct _KEVENT* CreateEvent;
/*0x080*/ struct _KEVENT* WaitOnActiveCount;
/*0x084*/ ULONG32 PagesToWrite;
/*0x088*/ INT64 BeyondLastFlush;
/*0x090*/ struct _CACHE_MANAGER_CALLBACKS* Callbacks;
/*0x094*/ VOID* LazyWriteContext;
/*0x098*/ struct _LIST_ENTRY PrivateList;
/*0x0A0*/ VOID* LogHandle;
/*0x0A4*/ PVOID FlushToLsnRoutine;
/*0x0A8*/ ULONG32 DirtyPageThreshold;
/*0x0AC*/ ULONG32 LazyWritePassCount;
/*0x0B0*/ struct _CACHE_UNINITIALIZE_EVENT* UninitializeEvent;
/*0x0B4*/ struct _VACB* NeedToZeroVacb;
/*0x0B8*/ ULONG32 BcbSpinLock;
/*0x0BC*/ VOID* Reserved;
/*0x0C0*/ struct _KEVENT Event;
/*0x0D0*/ struct _EX_PUSH_LOCK VacbPushLock;
/*0x0D4*/ UINT8 _PADDING0_[0x4];
/*0x0D8*/ struct _PRIVATE_CACHE_MAP PrivateCacheMap;
}SHARED_CACHE_MAP, *PSHARED_CACHE_MAP;
typedef struct _EJOB {
/*0x000*/ struct _KEVENT Event;
/*0x010*/ struct _LIST_ENTRY JobLinks;
/*0x018*/ struct _LIST_ENTRY ProcessListHead;
/*0x020*/ struct _ERESOURCE JobLock;
/*0x058*/ union _LARGE_INTEGER TotalUserTime;
/*0x060*/ union _LARGE_INTEGER TotalKernelTime;
/*0x068*/ union _LARGE_INTEGER ThisPeriodTotalUserTime;
/*0x070*/ union _LARGE_INTEGER ThisPeriodTotalKernelTime;
/*0x078*/ ULONG32 TotalPageFaultCount;
/*0x07C*/ ULONG32 TotalProcesses;
/*0x080*/ ULONG32 ActiveProcesses;
/*0x084*/ ULONG32 TotalTerminatedProcesses;
/*0x088*/ union _LARGE_INTEGER PerProcessUserTimeLimit;
/*0x090*/ union _LARGE_INTEGER PerJobUserTimeLimit;
/*0x098*/ ULONG32 LimitFlags;
/*0x09C*/ ULONG32 MinimumWorkingSetSize;
/*0x0A0*/ ULONG32 MaximumWorkingSetSize;
/*0x0A4*/ ULONG32 ActiveProcessLimit;
/*0x0A8*/ ULONG32 Affinity;
/*0x0AC*/ UINT8 PriorityClass;
/*0x0AD*/ UINT8 _PADDING0_[0x3];
/*0x0B0*/ ULONG32 UIRestrictionsClass;
/*0x0B4*/ ULONG32 SecurityLimitFlags;
/*0x0B8*/ VOID* Token;
/*0x0BC*/ struct _PS_JOB_TOKEN_FILTER* Filter;
/*0x0C0*/ ULONG32 EndOfJobTimeAction;
/*0x0C4*/ VOID* CompletionPort;
/*0x0C8*/ VOID* CompletionKey;
/*0x0CC*/ ULONG32 SessionId;
/*0x0D0*/ ULONG32 SchedulingClass;
/*0x0D4*/ UINT8 _PADDING1_[0x4];
/*0x0D8*/ UINT64 ReadOperationCount;
/*0x0E0*/ UINT64 WriteOperationCount;
/*0x0E8*/ UINT64 OtherOperationCount;
/*0x0F0*/ UINT64 ReadTransferCount;
/*0x0F8*/ UINT64 WriteTransferCount;
/*0x100*/ UINT64 OtherTransferCount;
/*0x108*/ struct _IO_COUNTERS IoInfo;
/*0x138*/ ULONG32 ProcessMemoryLimit;
/*0x13C*/ ULONG32 JobMemoryLimit;
/*0x140*/ ULONG32 PeakProcessMemoryUsed;
/*0x144*/ ULONG32 PeakJobMemoryUsed;
/*0x148*/ ULONG32 CurrentJobMemoryUsed;
/*0x14C*/ struct _FAST_MUTEX MemoryLimitsLock;
/*0x16C*/ struct _LIST_ENTRY JobSetLinks;
/*0x174*/ ULONG32 MemberLevel;
/*0x178*/ ULONG32 JobFlags;
/*0x17C*/ UINT8 _PADDING2_[0x4];
}EJOB, *PEJOB;
/*0x000*/ struct _KEVENT Event;
/*0x010*/ struct _LIST_ENTRY JobLinks;
/*0x018*/ struct _LIST_ENTRY ProcessListHead;
/*0x020*/ struct _ERESOURCE JobLock;
/*0x058*/ union _LARGE_INTEGER TotalUserTime;
/*0x060*/ union _LARGE_INTEGER TotalKernelTime;
/*0x068*/ union _LARGE_INTEGER ThisPeriodTotalUserTime;
/*0x070*/ union _LARGE_INTEGER ThisPeriodTotalKernelTime;
/*0x078*/ ULONG32 TotalPageFaultCount;
/*0x07C*/ ULONG32 TotalProcesses;
/*0x080*/ ULONG32 ActiveProcesses;
/*0x084*/ ULONG32 TotalTerminatedProcesses;
/*0x088*/ union _LARGE_INTEGER PerProcessUserTimeLimit;
/*0x090*/ union _LARGE_INTEGER PerJobUserTimeLimit;
/*0x098*/ ULONG32 LimitFlags;
/*0x09C*/ ULONG32 MinimumWorkingSetSize;
/*0x0A0*/ ULONG32 MaximumWorkingSetSize;
/*0x0A4*/ ULONG32 ActiveProcessLimit;
/*0x0A8*/ ULONG32 Affinity;
/*0x0AC*/ UINT8 PriorityClass;
/*0x0AD*/ UINT8 _PADDING0_[0x3];
/*0x0B0*/ ULONG32 UIRestrictionsClass;
/*0x0B4*/ ULONG32 SecurityLimitFlags;
/*0x0B8*/ VOID* Token;
/*0x0BC*/ struct _PS_JOB_TOKEN_FILTER* Filter;
/*0x0C0*/ ULONG32 EndOfJobTimeAction;
/*0x0C4*/ VOID* CompletionPort;
/*0x0C8*/ VOID* CompletionKey;
/*0x0CC*/ ULONG32 SessionId;
/*0x0D0*/ ULONG32 SchedulingClass;
/*0x0D4*/ UINT8 _PADDING1_[0x4];
/*0x0D8*/ UINT64 ReadOperationCount;
/*0x0E0*/ UINT64 WriteOperationCount;
/*0x0E8*/ UINT64 OtherOperationCount;
/*0x0F0*/ UINT64 ReadTransferCount;
/*0x0F8*/ UINT64 WriteTransferCount;
/*0x100*/ UINT64 OtherTransferCount;
/*0x108*/ struct _IO_COUNTERS IoInfo;
/*0x138*/ ULONG32 ProcessMemoryLimit;
/*0x13C*/ ULONG32 JobMemoryLimit;
/*0x140*/ ULONG32 PeakProcessMemoryUsed;
/*0x144*/ ULONG32 PeakJobMemoryUsed;
/*0x148*/ ULONG32 CurrentJobMemoryUsed;
/*0x14C*/ struct _FAST_MUTEX MemoryLimitsLock;
/*0x16C*/ struct _LIST_ENTRY JobSetLinks;
/*0x174*/ ULONG32 MemberLevel;
/*0x178*/ ULONG32 JobFlags;
/*0x17C*/ UINT8 _PADDING2_[0x4];
}EJOB, *PEJOB;
typedef struct _EPROCESS {
/*0x000*/ struct _KPROCESS Pcb;
/*0x06C*/ struct _EX_PUSH_LOCK ProcessLock;
/*0x070*/ union _LARGE_INTEGER CreateTime;
/*0x078*/ union _LARGE_INTEGER ExitTime;
/*0x080*/ struct _EX_RUNDOWN_REF RundownProtect;
/*0x084*/ VOID* UniqueProcessId;
/*0x088*/ struct _LIST_ENTRY ActiveProcessLinks;
/*0x090*/ ULONG32 QuotaUsage[3];
/*0x09C*/ ULONG32 QuotaPeak[3];
/*0x0A8*/ ULONG32 CommitCharge;
/*0x0AC*/ ULONG32 PeakVirtualSize;
/*0x0B0*/ ULONG32 VirtualSize;
/*0x0B4*/ struct _LIST_ENTRY SessionProcessLinks;
/*0x0BC*/ VOID* DebugPort;
/*0x0C0*/ VOID* ExceptionPort;
/*0x0C4*/ struct _HANDLE_TABLE* ObjectTable;
/*0x0C8*/ struct _EX_FAST_REF Token;
/*0x0CC*/ struct _FAST_MUTEX WorkingSetLock;
/*0x0EC*/ ULONG32 WorkingSetPage;
/*0x0F0*/ struct _FAST_MUTEX AddressCreationLock;
/*0x110*/ ULONG32 HyperSpaceLock;
/*0x114*/ struct _ETHREAD* ForkInProgress;
/*0x118*/ ULONG32 HardwareTrigger;
/*0x11C*/ VOID* VadRoot;
/*0x120*/ VOID* VadHint;
/*0x124*/ VOID* CloneRoot;
/*0x128*/ ULONG32 NumberOfPrivatePages;
/*0x12C*/ ULONG32 NumberOfLockedPages;
/*0x130*/ VOID* Win32Process;
/*0x134*/ struct _EJOB* Job;
/*0x138*/ VOID* SectionObject;
/*0x13C*/ VOID* SectionBaseAddress;
/*0x140*/ struct _EPROCESS_QUOTA_BLOCK* QuotaBlock;
/*0x144*/ struct _PAGEFAULT_HISTORY* WorkingSetWatch;
/*0x148*/ VOID* Win32WindowStation;
/*0x14C*/ VOID* InheritedFromUniqueProcessId;
/*0x150*/ VOID* LdtInformation;
/*0x154*/ VOID* VadFreeHint;
/*0x158*/ VOID* VdmObjects;
/*0x15C*/ VOID* DeviceMap;
/*0x160*/ struct _LIST_ENTRY PhysicalVadList;
union
{
/*0x168*/ struct _HARDWARE_PTE PageDirectoryPte;
/*0x168*/ UINT64 Filler;
};
/*0x170*/ VOID* Session;
/*0x174*/ UINT8 ImageFileName[16];
/*0x184*/ struct _LIST_ENTRY JobLinks;
/*0x18C*/ VOID* LockedPagesList;
/*0x190*/ struct _LIST_ENTRY ThreadListHead;
/*0x198*/ VOID* SecurityPort;
/*0x19C*/ VOID* PaeTop;
/*0x1A0*/ ULONG32 ActiveThreads;
/*0x1A4*/ ULONG32 GrantedAccess;
/*0x1A8*/ ULONG32 DefaultHardErrorProcessing;
/*0x1AC*/ LONG32 LastThreadExitStatus;
/*0x1B0*/ struct _PEB* Peb;
/*0x1B4*/ struct _EX_FAST_REF PrefetchTrace;
/*0x1B8*/ union _LARGE_INTEGER ReadOperationCount;
/*0x1C0*/ union _LARGE_INTEGER WriteOperationCount;
/*0x1C8*/ union _LARGE_INTEGER OtherOperationCount;
/*0x1D0*/ union _LARGE_INTEGER ReadTransferCount;
/*0x1D8*/ union _LARGE_INTEGER WriteTransferCount;
/*0x1E0*/ union _LARGE_INTEGER OtherTransferCount;
/*0x1E8*/ ULONG32 CommitChargeLimit;
/*0x1EC*/ ULONG32 CommitChargePeak;
/*0x1F0*/ VOID* AweInfo;
/*0x1F4*/ struct _SE_AUDIT_PROCESS_CREATION_INFO SeAuditProcessCreationInfo;
/*0x1F8*/ struct _MMSUPPORT Vm;
/*0x238*/ ULONG32 LastFaultCount;
/*0x23C*/ ULONG32 ModifiedPageCount;
/*0x240*/ ULONG32 NumberOfVads;
/*0x244*/ ULONG32 JobStatus;
union
{
/*0x248*/ ULONG32 Flags;
struct
{
/*0x248*/ ULONG32 CreateReported : 1;
/*0x248*/ ULONG32 NoDebugInherit : 1;
/*0x248*/ ULONG32 ProcessExiting : 1;
/*0x248*/ ULONG32 ProcessDelete : 1;
/*0x248*/ ULONG32 Wow64SplitPages : 1;
/*0x248*/ ULONG32 VmDeleted : 1;
/*0x248*/ ULONG32 OutswapEnabled : 1;
/*0x248*/ ULONG32 Outswapped : 1;
/*0x248*/ ULONG32 ForkFailed : 1;
/*0x248*/ ULONG32 HasPhysicalVad : 1;
/*0x248*/ ULONG32 AddressSpaceInitialized : 2;
/*0x248*/ ULONG32 SetTimerResolution : 1;
/*0x248*/ ULONG32 BreakOnTermination : 1;
/*0x248*/ ULONG32 SessionCreationUnderway : 1;
/*0x248*/ ULONG32 WriteWatch : 1;
/*0x248*/ ULONG32 ProcessInSession : 1;
/*0x248*/ ULONG32 OverrideAddressSpace : 1;
/*0x248*/ ULONG32 HasAddressSpace : 1;
/*0x248*/ ULONG32 LaunchPrefetched : 1;
/*0x248*/ ULONG32 InjectInpageErrors : 1;
/*0x248*/ ULONG32 VmTopDown : 1;
/*0x248*/ ULONG32 Unused3 : 1;
/*0x248*/ ULONG32 Unused4 : 1;
/*0x248*/ ULONG32 VdmAllowed : 1;
/*0x248*/ ULONG32 Unused : 5;
/*0x248*/ ULONG32 Unused1 : 1;
/*0x248*/ ULONG32 Unused2 : 1;
};
};
/*0x24C*/ LONG32 ExitStatus;
/*0x250*/ UINT16 NextPageColor;
union
{
struct
{
/*0x252*/ UINT8 SubSystemMinorVersion;
/*0x253*/ UINT8 SubSystemMajorVersion;
};
/*0x252*/ UINT16 SubSystemVersion;
};
/*0x254*/ UINT8 PriorityClass;
/*0x255*/ UINT8 WorkingSetAcquiredUnsafe;
/*0x256*/ UINT8 _PADDING0_[0x2];
/*0x258*/ ULONG32 Cookie;
/*0x25C*/ UINT8 _PADDING1_[0x4];
}EPROCESS, *PEPROCESS;
/*0x000*/ struct _KPROCESS Pcb;
/*0x06C*/ struct _EX_PUSH_LOCK ProcessLock;
/*0x070*/ union _LARGE_INTEGER CreateTime;
/*0x078*/ union _LARGE_INTEGER ExitTime;
/*0x080*/ struct _EX_RUNDOWN_REF RundownProtect;
/*0x084*/ VOID* UniqueProcessId;
/*0x088*/ struct _LIST_ENTRY ActiveProcessLinks;
/*0x090*/ ULONG32 QuotaUsage[3];
/*0x09C*/ ULONG32 QuotaPeak[3];
/*0x0A8*/ ULONG32 CommitCharge;
/*0x0AC*/ ULONG32 PeakVirtualSize;
/*0x0B0*/ ULONG32 VirtualSize;
/*0x0B4*/ struct _LIST_ENTRY SessionProcessLinks;
/*0x0BC*/ VOID* DebugPort;
/*0x0C0*/ VOID* ExceptionPort;
/*0x0C4*/ struct _HANDLE_TABLE* ObjectTable;
/*0x0C8*/ struct _EX_FAST_REF Token;
/*0x0CC*/ struct _FAST_MUTEX WorkingSetLock;
/*0x0EC*/ ULONG32 WorkingSetPage;
/*0x0F0*/ struct _FAST_MUTEX AddressCreationLock;
/*0x110*/ ULONG32 HyperSpaceLock;
/*0x114*/ struct _ETHREAD* ForkInProgress;
/*0x118*/ ULONG32 HardwareTrigger;
/*0x11C*/ VOID* VadRoot;
/*0x120*/ VOID* VadHint;
/*0x124*/ VOID* CloneRoot;
/*0x128*/ ULONG32 NumberOfPrivatePages;
/*0x12C*/ ULONG32 NumberOfLockedPages;
/*0x130*/ VOID* Win32Process;
/*0x134*/ struct _EJOB* Job;
/*0x138*/ VOID* SectionObject;
/*0x13C*/ VOID* SectionBaseAddress;
/*0x140*/ struct _EPROCESS_QUOTA_BLOCK* QuotaBlock;
/*0x144*/ struct _PAGEFAULT_HISTORY* WorkingSetWatch;
/*0x148*/ VOID* Win32WindowStation;
/*0x14C*/ VOID* InheritedFromUniqueProcessId;
/*0x150*/ VOID* LdtInformation;
/*0x154*/ VOID* VadFreeHint;
/*0x158*/ VOID* VdmObjects;
/*0x15C*/ VOID* DeviceMap;
/*0x160*/ struct _LIST_ENTRY PhysicalVadList;
union
{
/*0x168*/ struct _HARDWARE_PTE PageDirectoryPte;
/*0x168*/ UINT64 Filler;
};
/*0x170*/ VOID* Session;
/*0x174*/ UINT8 ImageFileName[16];
/*0x184*/ struct _LIST_ENTRY JobLinks;
/*0x18C*/ VOID* LockedPagesList;
/*0x190*/ struct _LIST_ENTRY ThreadListHead;
/*0x198*/ VOID* SecurityPort;
/*0x19C*/ VOID* PaeTop;
/*0x1A0*/ ULONG32 ActiveThreads;
/*0x1A4*/ ULONG32 GrantedAccess;
/*0x1A8*/ ULONG32 DefaultHardErrorProcessing;
/*0x1AC*/ LONG32 LastThreadExitStatus;
/*0x1B0*/ struct _PEB* Peb;
/*0x1B4*/ struct _EX_FAST_REF PrefetchTrace;
/*0x1B8*/ union _LARGE_INTEGER ReadOperationCount;
/*0x1C0*/ union _LARGE_INTEGER WriteOperationCount;
/*0x1C8*/ union _LARGE_INTEGER OtherOperationCount;
/*0x1D0*/ union _LARGE_INTEGER ReadTransferCount;
/*0x1D8*/ union _LARGE_INTEGER WriteTransferCount;
/*0x1E0*/ union _LARGE_INTEGER OtherTransferCount;
/*0x1E8*/ ULONG32 CommitChargeLimit;
/*0x1EC*/ ULONG32 CommitChargePeak;
/*0x1F0*/ VOID* AweInfo;
/*0x1F4*/ struct _SE_AUDIT_PROCESS_CREATION_INFO SeAuditProcessCreationInfo;
/*0x1F8*/ struct _MMSUPPORT Vm;
/*0x238*/ ULONG32 LastFaultCount;
/*0x23C*/ ULONG32 ModifiedPageCount;
/*0x240*/ ULONG32 NumberOfVads;
/*0x244*/ ULONG32 JobStatus;
union
{
/*0x248*/ ULONG32 Flags;
struct
{
/*0x248*/ ULONG32 CreateReported : 1;
/*0x248*/ ULONG32 NoDebugInherit : 1;
/*0x248*/ ULONG32 ProcessExiting : 1;
/*0x248*/ ULONG32 ProcessDelete : 1;
/*0x248*/ ULONG32 Wow64SplitPages : 1;
/*0x248*/ ULONG32 VmDeleted : 1;
/*0x248*/ ULONG32 OutswapEnabled : 1;
/*0x248*/ ULONG32 Outswapped : 1;
/*0x248*/ ULONG32 ForkFailed : 1;
/*0x248*/ ULONG32 HasPhysicalVad : 1;
/*0x248*/ ULONG32 AddressSpaceInitialized : 2;
/*0x248*/ ULONG32 SetTimerResolution : 1;
/*0x248*/ ULONG32 BreakOnTermination : 1;
/*0x248*/ ULONG32 SessionCreationUnderway : 1;
/*0x248*/ ULONG32 WriteWatch : 1;
/*0x248*/ ULONG32 ProcessInSession : 1;
/*0x248*/ ULONG32 OverrideAddressSpace : 1;
/*0x248*/ ULONG32 HasAddressSpace : 1;
/*0x248*/ ULONG32 LaunchPrefetched : 1;
/*0x248*/ ULONG32 InjectInpageErrors : 1;
/*0x248*/ ULONG32 VmTopDown : 1;
/*0x248*/ ULONG32 Unused3 : 1;
/*0x248*/ ULONG32 Unused4 : 1;
/*0x248*/ ULONG32 VdmAllowed : 1;
/*0x248*/ ULONG32 Unused : 5;
/*0x248*/ ULONG32 Unused1 : 1;
/*0x248*/ ULONG32 Unused2 : 1;
};
};
/*0x24C*/ LONG32 ExitStatus;
/*0x250*/ UINT16 NextPageColor;
union
{
struct
{
/*0x252*/ UINT8 SubSystemMinorVersion;
/*0x253*/ UINT8 SubSystemMajorVersion;
};
/*0x252*/ UINT16 SubSystemVersion;
};
/*0x254*/ UINT8 PriorityClass;
/*0x255*/ UINT8 WorkingSetAcquiredUnsafe;
/*0x256*/ UINT8 _PADDING0_[0x2];
/*0x258*/ ULONG32 Cookie;
/*0x25C*/ UINT8 _PADDING1_[0x4];
}EPROCESS, *PEPROCESS;
typedef struct _ETHREAD {
/*0x000*/ struct _KTHREAD Tcb;
union
{
/*0x1C0*/ union _LARGE_INTEGER CreateTime;
struct
{
/*0x1C0*/ UINT32 NestedFaultCount : 2;
/*0x1C0*/ UINT32 ApcNeeded : 1;
};
};
union
{
/*0x1C8*/ union _LARGE_INTEGER ExitTime;
/*0x1C8*/ struct _LIST_ENTRY LpcReplyChain;
/*0x1C8*/ struct _LIST_ENTRY KeyedWaitChain;
};
union
{
/*0x1D0*/ LONG32 ExitStatus;
/*0x1D0*/ VOID* OfsChain;
};
/*0x1D4*/ struct _LIST_ENTRY PostBlockList;
union
{
/*0x1DC*/ struct _TERMINATION_PORT* TerminationPort;
/*0x1DC*/ struct _ETHREAD* ReaperLink;
/*0x1DC*/ VOID* KeyedWaitValue;
};
/*0x1E0*/ ULONG32 ActiveTimerListLock;
/*0x1E4*/ struct _LIST_ENTRY ActiveTimerListHead;
/*0x1EC*/ struct _CLIENT_ID Cid;
union
{
/*0x1F4*/ struct _KSEMAPHORE LpcReplySemaphore;
/*0x1F4*/ struct _KSEMAPHORE KeyedWaitSemaphore;
};
union
{
/*0x208*/ VOID* LpcReplyMessage;
/*0x208*/ VOID* LpcWaitingOnPort;
};
/*0x20C*/ struct _PS_IMPERSONATION_INFORMATION* ImpersonationInfo;
/*0x210*/ struct _LIST_ENTRY IrpList;
/*0x218*/ ULONG32 TopLevelIrp;
/*0x21C*/ struct _DEVICE_OBJECT* DeviceToVerify;
/*0x220*/ struct _EPROCESS* ThreadsProcess;
/*0x224*/ VOID* StartAddress;
union
{
/*0x228*/ VOID* Win32StartAddress;
/*0x228*/ ULONG32 LpcReceivedMessageId;
};
/*0x22C*/ struct _LIST_ENTRY ThreadListEntry;
/*0x234*/ struct _EX_RUNDOWN_REF RundownProtect;
/*0x238*/ struct _EX_PUSH_LOCK ThreadLock;
/*0x23C*/ ULONG32 LpcReplyMessageId;
/*0x240*/ ULONG32 ReadClusterSize;
/*0x244*/ ULONG32 GrantedAccess;
union
{
/*0x248*/ ULONG32 CrossThreadFlags;
struct
{
/*0x248*/ ULONG32 Terminated : 1;
/*0x248*/ ULONG32 DeadThread : 1;
/*0x248*/ ULONG32 HideFromDebugger : 1;
/*0x248*/ ULONG32 ActiveImpersonationInfo : 1;
/*0x248*/ ULONG32 SystemThread : 1;
/*0x248*/ ULONG32 HardErrorsAreDisabled : 1;
/*0x248*/ ULONG32 BreakOnTermination : 1;
/*0x248*/ ULONG32 SkipCreationMsg : 1;
/*0x248*/ ULONG32 SkipTerminationMsg : 1;
};
};
union
{
/*0x24C*/ ULONG32 SameThreadPassiveFlags;
struct
{
/*0x24C*/ ULONG32 ActiveExWorker : 1;
/*0x24C*/ ULONG32 ExWorkerCanWaitUser : 1;
/*0x24C*/ ULONG32 MemoryMaker : 1;
};
};
union
{
/*0x250*/ ULONG32 SameThreadApcFlags;
struct
{
/*0x250*/ UINT8 LpcReceivedMsgIdValid : 1;
/*0x250*/ UINT8 LpcExitThreadCalled : 1;
/*0x250*/ UINT8 AddressSpaceOwner : 1;
};
};
/*0x254*/ UINT8 ForwardClusterOnly;
/*0x255*/ UINT8 DisablePageFaultClustering;
/*0x256*/ UINT8 _PADDING0_[0x2];
}ETHREAD, *PETHREAD;
/*0x000*/ struct _KTHREAD Tcb;
union
{
/*0x1C0*/ union _LARGE_INTEGER CreateTime;
struct
{
/*0x1C0*/ UINT32 NestedFaultCount : 2;
/*0x1C0*/ UINT32 ApcNeeded : 1;
};
};
union
{
/*0x1C8*/ union _LARGE_INTEGER ExitTime;
/*0x1C8*/ struct _LIST_ENTRY LpcReplyChain;
/*0x1C8*/ struct _LIST_ENTRY KeyedWaitChain;
};
union
{
/*0x1D0*/ LONG32 ExitStatus;
/*0x1D0*/ VOID* OfsChain;
};
/*0x1D4*/ struct _LIST_ENTRY PostBlockList;
union
{
/*0x1DC*/ struct _TERMINATION_PORT* TerminationPort;
/*0x1DC*/ struct _ETHREAD* ReaperLink;
/*0x1DC*/ VOID* KeyedWaitValue;
};
/*0x1E0*/ ULONG32 ActiveTimerListLock;
/*0x1E4*/ struct _LIST_ENTRY ActiveTimerListHead;
/*0x1EC*/ struct _CLIENT_ID Cid;
union
{
/*0x1F4*/ struct _KSEMAPHORE LpcReplySemaphore;
/*0x1F4*/ struct _KSEMAPHORE KeyedWaitSemaphore;
};
union
{
/*0x208*/ VOID* LpcReplyMessage;
/*0x208*/ VOID* LpcWaitingOnPort;
};
/*0x20C*/ struct _PS_IMPERSONATION_INFORMATION* ImpersonationInfo;
/*0x210*/ struct _LIST_ENTRY IrpList;
/*0x218*/ ULONG32 TopLevelIrp;
/*0x21C*/ struct _DEVICE_OBJECT* DeviceToVerify;
/*0x220*/ struct _EPROCESS* ThreadsProcess;
/*0x224*/ VOID* StartAddress;
union
{
/*0x228*/ VOID* Win32StartAddress;
/*0x228*/ ULONG32 LpcReceivedMessageId;
};
/*0x22C*/ struct _LIST_ENTRY ThreadListEntry;
/*0x234*/ struct _EX_RUNDOWN_REF RundownProtect;
/*0x238*/ struct _EX_PUSH_LOCK ThreadLock;
/*0x23C*/ ULONG32 LpcReplyMessageId;
/*0x240*/ ULONG32 ReadClusterSize;
/*0x244*/ ULONG32 GrantedAccess;
union
{
/*0x248*/ ULONG32 CrossThreadFlags;
struct
{
/*0x248*/ ULONG32 Terminated : 1;
/*0x248*/ ULONG32 DeadThread : 1;
/*0x248*/ ULONG32 HideFromDebugger : 1;
/*0x248*/ ULONG32 ActiveImpersonationInfo : 1;
/*0x248*/ ULONG32 SystemThread : 1;
/*0x248*/ ULONG32 HardErrorsAreDisabled : 1;
/*0x248*/ ULONG32 BreakOnTermination : 1;
/*0x248*/ ULONG32 SkipCreationMsg : 1;
/*0x248*/ ULONG32 SkipTerminationMsg : 1;
};
};
union
{
/*0x24C*/ ULONG32 SameThreadPassiveFlags;
struct
{
/*0x24C*/ ULONG32 ActiveExWorker : 1;
/*0x24C*/ ULONG32 ExWorkerCanWaitUser : 1;
/*0x24C*/ ULONG32 MemoryMaker : 1;
};
};
union
{
/*0x250*/ ULONG32 SameThreadApcFlags;
struct
{
/*0x250*/ UINT8 LpcReceivedMsgIdValid : 1;
/*0x250*/ UINT8 LpcExitThreadCalled : 1;
/*0x250*/ UINT8 AddressSpaceOwner : 1;
};
};
/*0x254*/ UINT8 ForwardClusterOnly;
/*0x255*/ UINT8 DisablePageFaultClustering;
/*0x256*/ UINT8 _PADDING0_[0x2];
}ETHREAD, *PETHREAD;
typedef struct _KPRCB {
/*0x000*/ UINT16 MinorVersion;
/*0x002*/ UINT16 MajorVersion;
/*0x004*/ struct _KTHREAD* CurrentThread;
/*0x008*/ struct _KTHREAD* NextThread;
/*0x00C*/ struct _KTHREAD* IdleThread;
/*0x010*/ CHAR Number;
/*0x011*/ CHAR Reserved;
/*0x012*/ UINT16 BuildType;
/*0x014*/ ULONG32 SetMember;
/*0x018*/ CHAR CpuType;
/*0x019*/ CHAR CpuID;
/*0x01A*/ UINT16 CpuStep;
/*0x01C*/ struct _KPROCESSOR_STATE ProcessorState;
/*0x33C*/ ULONG32 KernelReserved[16];
/*0x37C*/ ULONG32 HalReserved[16];
/*0x3BC*/ UINT8 PrcbPad0[92];
/*0x418*/ struct _KSPIN_LOCK_QUEUE LockQueue[16];
/*0x498*/ UINT8 PrcbPad1[8];
/*0x4A0*/ struct _KTHREAD* NpxThread;
/*0x4A4*/ ULONG32 InterruptCount;
/*0x4A8*/ ULONG32 KernelTime;
/*0x4AC*/ ULONG32 UserTime;
/*0x4B0*/ ULONG32 DpcTime;
/*0x4B4*/ ULONG32 DebugDpcTime;
/*0x4B8*/ ULONG32 InterruptTime;
/*0x4BC*/ ULONG32 AdjustDpcThreshold;
/*0x4C0*/ ULONG32 PageColor;
/*0x4C4*/ ULONG32 SkipTick;
/*0x4C8*/ UINT8 MultiThreadSetBusy;
/*0x4C9*/ UINT8 Spare2[3];
/*0x4CC*/ struct _KNODE* ParentNode;
/*0x4D0*/ ULONG32 MultiThreadProcessorSet;
/*0x4D4*/ struct _KPRCB* MultiThreadSetMaster;
/*0x4D8*/ ULONG32 ThreadStartCount[2];
/*0x4E0*/ ULONG32 CcFastReadNoWait;
/*0x4E4*/ ULONG32 CcFastReadWait;
/*0x4E8*/ ULONG32 CcFastReadNotPossible;
/*0x4EC*/ ULONG32 CcCopyReadNoWait;
/*0x4F0*/ ULONG32 CcCopyReadWait;
/*0x4F4*/ ULONG32 CcCopyReadNoWaitMiss;
/*0x4F8*/ ULONG32 KeAlignmentFixupCount;
/*0x4FC*/ ULONG32 KeContextSwitches;
/*0x500*/ ULONG32 KeDcacheFlushCount;
/*0x504*/ ULONG32 KeExceptionDispatchCount;
/*0x508*/ ULONG32 KeFirstLevelTbFills;
/*0x50C*/ ULONG32 KeFloatingEmulationCount;
/*0x510*/ ULONG32 KeIcacheFlushCount;
/*0x514*/ ULONG32 KeSecondLevelTbFills;
/*0x518*/ ULONG32 KeSystemCalls;
/*0x51C*/ ULONG32 SpareCounter0[1];
/*0x520*/ struct _PP_LOOKASIDE_LIST PPLookasideList[16];
/*0x5A0*/ struct _PP_LOOKASIDE_LIST PPNPagedLookasideList[32];
/*0x6A0*/ struct _PP_LOOKASIDE_LIST PPPagedLookasideList[32];
/*0x7A0*/ ULONG32 PacketBarrier;
/*0x7A4*/ ULONG32 ReverseStall;
/*0x7A8*/ VOID* IpiFrame;
/*0x7AC*/ UINT8 PrcbPad2[52];
/*0x7E0*/ VOID* CurrentPacket[3];
/*0x7EC*/ ULONG32 TargetSet;
/*0x7F0*/ PVOID WorkerRoutine;
/*0x7F4*/ ULONG32 IpiFrozen;
/*0x7F8*/ UINT8 PrcbPad3[40];
/*0x820*/ ULONG32 RequestSummary;
/*0x824*/ struct _KPRCB* SignalDone;
/*0x828*/ UINT8 PrcbPad4[56];
/*0x860*/ struct _LIST_ENTRY DpcListHead;
/*0x868*/ VOID* DpcStack;
/*0x86C*/ ULONG32 DpcCount;
/*0x870*/ ULONG32 DpcQueueDepth;
/*0x874*/ ULONG32 DpcRoutineActive;
/*0x878*/ ULONG32 DpcInterruptRequested;
/*0x87C*/ ULONG32 DpcLastCount;
/*0x880*/ ULONG32 DpcRequestRate;
/*0x884*/ ULONG32 MaximumDpcQueueDepth;
/*0x888*/ ULONG32 MinimumDpcRate;
/*0x88C*/ ULONG32 QuantumEnd;
/*0x890*/ UINT8 PrcbPad5[16];
/*0x8A0*/ ULONG32 DpcLock;
/*0x8A4*/ UINT8 PrcbPad6[28];
/*0x8C0*/ struct _KDPC CallDpc;
/*0x8E0*/ VOID* ChainedInterruptList;
/*0x8E4*/ LONG32 LookasideIrpFloat;
/*0x8E8*/ ULONG32 SpareFields0[6];
/*0x900*/ UINT8 VendorString[13];
/*0x90D*/ UINT8 InitialApicId;
/*0x90E*/ UINT8 LogicalProcessorsPerPhysicalProcessor;
/*0x90F*/ UINT8 _PADDING0_[0x1];
/*0x910*/ ULONG32 MHz;
/*0x914*/ ULONG32 FeatureBits;
/*0x918*/ union _LARGE_INTEGER UpdateSignature;
/*0x920*/ struct _FX_SAVE_AREA NpxSaveArea;
/*0xB30*/ struct _PROCESSOR_POWER_STATE PowerState;
}KPRCB, *PKPRCB;
/*0x000*/ UINT16 MinorVersion;
/*0x002*/ UINT16 MajorVersion;
/*0x004*/ struct _KTHREAD* CurrentThread;
/*0x008*/ struct _KTHREAD* NextThread;
/*0x00C*/ struct _KTHREAD* IdleThread;
/*0x010*/ CHAR Number;
/*0x011*/ CHAR Reserved;
/*0x012*/ UINT16 BuildType;
/*0x014*/ ULONG32 SetMember;
/*0x018*/ CHAR CpuType;
/*0x019*/ CHAR CpuID;
/*0x01A*/ UINT16 CpuStep;
/*0x01C*/ struct _KPROCESSOR_STATE ProcessorState;
/*0x33C*/ ULONG32 KernelReserved[16];
/*0x37C*/ ULONG32 HalReserved[16];
/*0x3BC*/ UINT8 PrcbPad0[92];
/*0x418*/ struct _KSPIN_LOCK_QUEUE LockQueue[16];
/*0x498*/ UINT8 PrcbPad1[8];
/*0x4A0*/ struct _KTHREAD* NpxThread;
/*0x4A4*/ ULONG32 InterruptCount;
/*0x4A8*/ ULONG32 KernelTime;
/*0x4AC*/ ULONG32 UserTime;
/*0x4B0*/ ULONG32 DpcTime;
/*0x4B4*/ ULONG32 DebugDpcTime;
/*0x4B8*/ ULONG32 InterruptTime;
/*0x4BC*/ ULONG32 AdjustDpcThreshold;
/*0x4C0*/ ULONG32 PageColor;
/*0x4C4*/ ULONG32 SkipTick;
/*0x4C8*/ UINT8 MultiThreadSetBusy;
/*0x4C9*/ UINT8 Spare2[3];
/*0x4CC*/ struct _KNODE* ParentNode;
/*0x4D0*/ ULONG32 MultiThreadProcessorSet;
/*0x4D4*/ struct _KPRCB* MultiThreadSetMaster;
/*0x4D8*/ ULONG32 ThreadStartCount[2];
/*0x4E0*/ ULONG32 CcFastReadNoWait;
/*0x4E4*/ ULONG32 CcFastReadWait;
/*0x4E8*/ ULONG32 CcFastReadNotPossible;
/*0x4EC*/ ULONG32 CcCopyReadNoWait;
/*0x4F0*/ ULONG32 CcCopyReadWait;
/*0x4F4*/ ULONG32 CcCopyReadNoWaitMiss;
/*0x4F8*/ ULONG32 KeAlignmentFixupCount;
/*0x4FC*/ ULONG32 KeContextSwitches;
/*0x500*/ ULONG32 KeDcacheFlushCount;
/*0x504*/ ULONG32 KeExceptionDispatchCount;
/*0x508*/ ULONG32 KeFirstLevelTbFills;
/*0x50C*/ ULONG32 KeFloatingEmulationCount;
/*0x510*/ ULONG32 KeIcacheFlushCount;
/*0x514*/ ULONG32 KeSecondLevelTbFills;
/*0x518*/ ULONG32 KeSystemCalls;
/*0x51C*/ ULONG32 SpareCounter0[1];
/*0x520*/ struct _PP_LOOKASIDE_LIST PPLookasideList[16];
/*0x5A0*/ struct _PP_LOOKASIDE_LIST PPNPagedLookasideList[32];
/*0x6A0*/ struct _PP_LOOKASIDE_LIST PPPagedLookasideList[32];
/*0x7A0*/ ULONG32 PacketBarrier;
/*0x7A4*/ ULONG32 ReverseStall;
/*0x7A8*/ VOID* IpiFrame;
/*0x7AC*/ UINT8 PrcbPad2[52];
/*0x7E0*/ VOID* CurrentPacket[3];
/*0x7EC*/ ULONG32 TargetSet;
/*0x7F0*/ PVOID WorkerRoutine;
/*0x7F4*/ ULONG32 IpiFrozen;
/*0x7F8*/ UINT8 PrcbPad3[40];
/*0x820*/ ULONG32 RequestSummary;
/*0x824*/ struct _KPRCB* SignalDone;
/*0x828*/ UINT8 PrcbPad4[56];
/*0x860*/ struct _LIST_ENTRY DpcListHead;
/*0x868*/ VOID* DpcStack;
/*0x86C*/ ULONG32 DpcCount;
/*0x870*/ ULONG32 DpcQueueDepth;
/*0x874*/ ULONG32 DpcRoutineActive;
/*0x878*/ ULONG32 DpcInterruptRequested;
/*0x87C*/ ULONG32 DpcLastCount;
/*0x880*/ ULONG32 DpcRequestRate;
/*0x884*/ ULONG32 MaximumDpcQueueDepth;
/*0x888*/ ULONG32 MinimumDpcRate;
/*0x88C*/ ULONG32 QuantumEnd;
/*0x890*/ UINT8 PrcbPad5[16];
/*0x8A0*/ ULONG32 DpcLock;
/*0x8A4*/ UINT8 PrcbPad6[28];
/*0x8C0*/ struct _KDPC CallDpc;
/*0x8E0*/ VOID* ChainedInterruptList;
/*0x8E4*/ LONG32 LookasideIrpFloat;
/*0x8E8*/ ULONG32 SpareFields0[6];
/*0x900*/ UINT8 VendorString[13];
/*0x90D*/ UINT8 InitialApicId;
/*0x90E*/ UINT8 LogicalProcessorsPerPhysicalProcessor;
/*0x90F*/ UINT8 _PADDING0_[0x1];
/*0x910*/ ULONG32 MHz;
/*0x914*/ ULONG32 FeatureBits;
/*0x918*/ union _LARGE_INTEGER UpdateSignature;
/*0x920*/ struct _FX_SAVE_AREA NpxSaveArea;
/*0xB30*/ struct _PROCESSOR_POWER_STATE PowerState;
}KPRCB, *PKPRCB;
typedef struct _LPCP_PORT_OBJECT {
/*0x000*/ struct _LPCP_PORT_OBJECT* ConnectionPort;
/*0x004*/ struct _LPCP_PORT_OBJECT* ConnectedPort;
/*0x008*/ struct _LPCP_PORT_QUEUE MsgQueue;
/*0x018*/ struct _CLIENT_ID Creator;
/*0x020*/ VOID* ClientSectionBase;
/*0x024*/ VOID* ServerSectionBase;
/*0x028*/ VOID* PortContext;
/*0x02C*/ struct _ETHREAD* ClientThread;
/*0x030*/ struct _SECURITY_QUALITY_OF_SERVICE SecurityQos;
/*0x03C*/ struct _SECURITY_CLIENT_CONTEXT StaticSecurity;
/*0x078*/ struct _LIST_ENTRY LpcReplyChainHead;
/*0x080*/ struct _LIST_ENTRY LpcDataInfoChainHead;
union
{
/*0x088*/ struct _EPROCESS* ServerProcess;
/*0x088*/ struct _EPROCESS* MappingProcess;
};
/*0x08C*/ UINT16 MaxMessageLength;
/*0x08E*/ UINT16 MaxConnectionInfoLength;
/*0x090*/ ULONG32 Flags;
/*0x094*/ struct _KEVENT WaitEvent;
}LPCP_PORT_OBJECT, *PLPCP_PORT_OBJECT;
/*0x000*/ struct _LPCP_PORT_OBJECT* ConnectionPort;
/*0x004*/ struct _LPCP_PORT_OBJECT* ConnectedPort;
/*0x008*/ struct _LPCP_PORT_QUEUE MsgQueue;
/*0x018*/ struct _CLIENT_ID Creator;
/*0x020*/ VOID* ClientSectionBase;
/*0x024*/ VOID* ServerSectionBase;
/*0x028*/ VOID* PortContext;
/*0x02C*/ struct _ETHREAD* ClientThread;
/*0x030*/ struct _SECURITY_QUALITY_OF_SERVICE SecurityQos;
/*0x03C*/ struct _SECURITY_CLIENT_CONTEXT StaticSecurity;
/*0x078*/ struct _LIST_ENTRY LpcReplyChainHead;
/*0x080*/ struct _LIST_ENTRY LpcDataInfoChainHead;
union
{
/*0x088*/ struct _EPROCESS* ServerProcess;
/*0x088*/ struct _EPROCESS* MappingProcess;
};
/*0x08C*/ UINT16 MaxMessageLength;
/*0x08E*/ UINT16 MaxConnectionInfoLength;
/*0x090*/ ULONG32 Flags;
/*0x094*/ struct _KEVENT WaitEvent;
}LPCP_PORT_OBJECT, *PLPCP_PORT_OBJECT;
typedef struct _MMSESSION {
/*0x000*/ struct _FAST_MUTEX SystemSpaceViewLock;
/*0x020*/ struct _FAST_MUTEX* SystemSpaceViewLockPointer;
/*0x024*/ CHAR* SystemSpaceViewStart;
/*0x028*/ struct _MMVIEW* SystemSpaceViewTable;
/*0x02C*/ ULONG32 SystemSpaceHashSize;
/*0x030*/ ULONG32 SystemSpaceHashEntries;
/*0x034*/ ULONG32 SystemSpaceHashKey;
/*0x038*/ struct _RTL_BITMAP* SystemSpaceBitMap;
}MMSESSION, *PMMSESSION;
/*0x000*/ struct _FAST_MUTEX SystemSpaceViewLock;
/*0x020*/ struct _FAST_MUTEX* SystemSpaceViewLockPointer;
/*0x024*/ CHAR* SystemSpaceViewStart;
/*0x028*/ struct _MMVIEW* SystemSpaceViewTable;
/*0x02C*/ ULONG32 SystemSpaceHashSize;
/*0x030*/ ULONG32 SystemSpaceHashEntries;
/*0x034*/ ULONG32 SystemSpaceHashKey;
/*0x038*/ struct _RTL_BITMAP* SystemSpaceBitMap;
}MMSESSION, *PMMSESSION;
typedef struct _PAGED_LOOKASIDE_LIST {
/*0x000*/ struct _GENERAL_LOOKASIDE L;
/*0x080*/ struct _FAST_MUTEX Lock__ObsoleteButDoNotDelete;
/*0x0A0*/ UINT8 _PADDING0_[0x60];
}PAGED_LOOKASIDE_LIST, *PPAGED_LOOKASIDE_LIST;
/*0x000*/ struct _GENERAL_LOOKASIDE L;
/*0x080*/ struct _FAST_MUTEX Lock__ObsoleteButDoNotDelete;
/*0x0A0*/ UINT8 _PADDING0_[0x60];
}PAGED_LOOKASIDE_LIST, *PPAGED_LOOKASIDE_LIST;
typedef struct _PNP_DEVICE_EVENT_LIST {
/*0x000*/ LONG32 Status;
/*0x004*/ struct _KMUTANT EventQueueMutex;
/*0x024*/ struct _FAST_MUTEX Lock;
/*0x044*/ struct _LIST_ENTRY List;
}PNP_DEVICE_EVENT_LIST, *PPNP_DEVICE_EVENT_LIST;
/*0x000*/ LONG32 Status;
/*0x004*/ struct _KMUTANT EventQueueMutex;
/*0x024*/ struct _FAST_MUTEX Lock;
/*0x044*/ struct _LIST_ENTRY List;
}PNP_DEVICE_EVENT_LIST, *PPNP_DEVICE_EVENT_LIST;
typedef struct _PO_DEVICE_NOTIFY_ORDER {
/*0x000*/ ULONG32 DevNodeSequence;
/*0x004*/ struct _DEVICE_OBJECT** WarmEjectPdoPointer;
/*0x008*/ struct _PO_NOTIFY_ORDER_LEVEL OrderLevel[8];
}PO_DEVICE_NOTIFY_ORDER, *PPO_DEVICE_NOTIFY_ORDER;
/*0x000*/ ULONG32 DevNodeSequence;
/*0x004*/ struct _DEVICE_OBJECT** WarmEjectPdoPointer;
/*0x008*/ struct _PO_NOTIFY_ORDER_LEVEL OrderLevel[8];
}PO_DEVICE_NOTIFY_ORDER, *PPO_DEVICE_NOTIFY_ORDER;
typedef struct _WMI_LOGGER_CONTEXT {
/*0x000*/ ULONG32 BufferSpinLock;
/*0x004*/ UINT8 _PADDING0_[0x4];
/*0x008*/ union _LARGE_INTEGER StartTime;
/*0x010*/ VOID* LogFileHandle;
/*0x014*/ struct _KSEMAPHORE LoggerSemaphore;
/*0x028*/ struct _ETHREAD* LoggerThread;
/*0x02C*/ struct _KEVENT LoggerEvent;
/*0x03C*/ struct _KEVENT FlushEvent;
/*0x04C*/ LONG32 LoggerStatus;
/*0x050*/ ULONG32 LoggerId;
/*0x054*/ LONG32 BuffersAvailable;
/*0x058*/ ULONG32 UsePerfClock;
/*0x05C*/ ULONG32 WriteFailureLimit;
/*0x060*/ ULONG32 BuffersDirty;
/*0x064*/ ULONG32 BuffersInUse;
/*0x068*/ ULONG32 SwitchingInProgress;
/*0x06C*/ UINT8 _PADDING1_[0x4];
/*0x070*/ union _SLIST_HEADER FreeList;
/*0x078*/ union _SLIST_HEADER FlushList;
/*0x080*/ union _SLIST_HEADER GlobalList;
/*0x088*/ union _SLIST_HEADER* ProcessorBuffers;
/*0x08C*/ struct _UNICODE_STRING LoggerName;
/*0x094*/ struct _UNICODE_STRING LogFileName;
/*0x09C*/ struct _UNICODE_STRING LogFilePattern;
/*0x0A4*/ struct _UNICODE_STRING NewLogFileName;
/*0x0AC*/ UINT8* EndPageMarker;
/*0x0B0*/ LONG32 CollectionOn;
/*0x0B4*/ ULONG32 KernelTraceOn;
/*0x0B8*/ LONG32 PerfLogInTransition;
/*0x0BC*/ ULONG32 RequestFlag;
/*0x0C0*/ ULONG32 EnableFlags;
/*0x0C4*/ ULONG32 MaximumFileSize;
union
{
/*0x0C8*/ ULONG32 LoggerMode;
/*0x0C8*/ struct _WMI_LOGGER_MODE LoggerModeFlags;
};
/*0x0CC*/ ULONG32 LastFlushedBuffer;
/*0x0D0*/ ULONG32 RefCount;
/*0x0D4*/ ULONG32 FlushTimer;
/*0x0D8*/ union _LARGE_INTEGER FirstBufferOffset;
/*0x0E0*/ union _LARGE_INTEGER ByteOffset;
/*0x0E8*/ union _LARGE_INTEGER BufferAgeLimit;
/*0x0F0*/ ULONG32 MaximumBuffers;
/*0x0F4*/ ULONG32 MinimumBuffers;
/*0x0F8*/ ULONG32 EventsLost;
/*0x0FC*/ ULONG32 BuffersWritten;
/*0x100*/ ULONG32 LogBuffersLost;
/*0x104*/ ULONG32 RealTimeBuffersLost;
/*0x108*/ ULONG32 BufferSize;
/*0x10C*/ LONG32 NumberOfBuffers;
/*0x110*/ LONG32* SequencePtr;
/*0x114*/ struct _GUID InstanceGuid;
/*0x124*/ VOID* LoggerHeader;
/*0x128*/ PVOID GetCpuClock;
/*0x12C*/ struct _SECURITY_CLIENT_CONTEXT ClientSecurityContext;
/*0x168*/ VOID* LoggerExtension;
/*0x16C*/ LONG32 ReleaseQueue;
/*0x170*/ struct _TRACE_ENABLE_FLAG_EXTENSION EnableFlagExtension;
/*0x174*/ ULONG32 LocalSequence;
/*0x178*/ ULONG32 MaximumIrql;
/*0x17C*/ ULONG32* EnableFlagArray;
/*0x180*/ struct _KMUTANT LoggerMutex;
/*0x1A0*/ LONG32 MutexCount;
/*0x1A4*/ ULONG32 FileCounter;
/*0x1A8*/ PVOID BufferCallback;
/*0x1AC*/ VOID* CallbackContext;
/*0x1B0*/ enum _POOL_TYPE PoolType;
/*0x1B4*/ UINT8 _PADDING2_[0x4];
/*0x1B8*/ union _LARGE_INTEGER ReferenceSystemTime;
/*0x1C0*/ union _LARGE_INTEGER ReferenceTimeStamp;
}WMI_LOGGER_CONTEXT, *PWMI_LOGGER_CONTEXT;
/*0x000*/ ULONG32 BufferSpinLock;
/*0x004*/ UINT8 _PADDING0_[0x4];
/*0x008*/ union _LARGE_INTEGER StartTime;
/*0x010*/ VOID* LogFileHandle;
/*0x014*/ struct _KSEMAPHORE LoggerSemaphore;
/*0x028*/ struct _ETHREAD* LoggerThread;
/*0x02C*/ struct _KEVENT LoggerEvent;
/*0x03C*/ struct _KEVENT FlushEvent;
/*0x04C*/ LONG32 LoggerStatus;
/*0x050*/ ULONG32 LoggerId;
/*0x054*/ LONG32 BuffersAvailable;
/*0x058*/ ULONG32 UsePerfClock;
/*0x05C*/ ULONG32 WriteFailureLimit;
/*0x060*/ ULONG32 BuffersDirty;
/*0x064*/ ULONG32 BuffersInUse;
/*0x068*/ ULONG32 SwitchingInProgress;
/*0x06C*/ UINT8 _PADDING1_[0x4];
/*0x070*/ union _SLIST_HEADER FreeList;
/*0x078*/ union _SLIST_HEADER FlushList;
/*0x080*/ union _SLIST_HEADER GlobalList;
/*0x088*/ union _SLIST_HEADER* ProcessorBuffers;
/*0x08C*/ struct _UNICODE_STRING LoggerName;
/*0x094*/ struct _UNICODE_STRING LogFileName;
/*0x09C*/ struct _UNICODE_STRING LogFilePattern;
/*0x0A4*/ struct _UNICODE_STRING NewLogFileName;
/*0x0AC*/ UINT8* EndPageMarker;
/*0x0B0*/ LONG32 CollectionOn;
/*0x0B4*/ ULONG32 KernelTraceOn;
/*0x0B8*/ LONG32 PerfLogInTransition;
/*0x0BC*/ ULONG32 RequestFlag;
/*0x0C0*/ ULONG32 EnableFlags;
/*0x0C4*/ ULONG32 MaximumFileSize;
union
{
/*0x0C8*/ ULONG32 LoggerMode;
/*0x0C8*/ struct _WMI_LOGGER_MODE LoggerModeFlags;
};
/*0x0CC*/ ULONG32 LastFlushedBuffer;
/*0x0D0*/ ULONG32 RefCount;
/*0x0D4*/ ULONG32 FlushTimer;
/*0x0D8*/ union _LARGE_INTEGER FirstBufferOffset;
/*0x0E0*/ union _LARGE_INTEGER ByteOffset;
/*0x0E8*/ union _LARGE_INTEGER BufferAgeLimit;
/*0x0F0*/ ULONG32 MaximumBuffers;
/*0x0F4*/ ULONG32 MinimumBuffers;
/*0x0F8*/ ULONG32 EventsLost;
/*0x0FC*/ ULONG32 BuffersWritten;
/*0x100*/ ULONG32 LogBuffersLost;
/*0x104*/ ULONG32 RealTimeBuffersLost;
/*0x108*/ ULONG32 BufferSize;
/*0x10C*/ LONG32 NumberOfBuffers;
/*0x110*/ LONG32* SequencePtr;
/*0x114*/ struct _GUID InstanceGuid;
/*0x124*/ VOID* LoggerHeader;
/*0x128*/ PVOID GetCpuClock;
/*0x12C*/ struct _SECURITY_CLIENT_CONTEXT ClientSecurityContext;
/*0x168*/ VOID* LoggerExtension;
/*0x16C*/ LONG32 ReleaseQueue;
/*0x170*/ struct _TRACE_ENABLE_FLAG_EXTENSION EnableFlagExtension;
/*0x174*/ ULONG32 LocalSequence;
/*0x178*/ ULONG32 MaximumIrql;
/*0x17C*/ ULONG32* EnableFlagArray;
/*0x180*/ struct _KMUTANT LoggerMutex;
/*0x1A0*/ LONG32 MutexCount;
/*0x1A4*/ ULONG32 FileCounter;
/*0x1A8*/ PVOID BufferCallback;
/*0x1AC*/ VOID* CallbackContext;
/*0x1B0*/ enum _POOL_TYPE PoolType;
/*0x1B4*/ UINT8 _PADDING2_[0x4];
/*0x1B8*/ union _LARGE_INTEGER ReferenceSystemTime;
/*0x1C0*/ union _LARGE_INTEGER ReferenceTimeStamp;
}WMI_LOGGER_CONTEXT, *PWMI_LOGGER_CONTEXT;
typedef struct _KPCR {
/*0x000*/ struct _NT_TIB NtTib;
/*0x01C*/ struct _KPCR* SelfPcr;
/*0x020*/ struct _KPRCB* Prcb;
/*0x024*/ UINT8 Irql;
/*0x025*/ UINT8 _PADDING0_[0x3];
/*0x028*/ ULONG32 IRR;
/*0x02C*/ ULONG32 IrrActive;
/*0x030*/ ULONG32 IDR;
/*0x034*/ VOID* KdVersionBlock;
/*0x038*/ struct _KIDTENTRY* IDT;
/*0x03C*/ struct _KGDTENTRY* GDT;
/*0x040*/ struct _KTSS* TSS;
/*0x044*/ UINT16 MajorVersion;
/*0x046*/ UINT16 MinorVersion;
/*0x048*/ ULONG32 SetMember;
/*0x04C*/ ULONG32 StallScaleFactor;
/*0x050*/ UINT8 DebugActive;
/*0x051*/ UINT8 Number;
/*0x052*/ UINT8 Spare0;
/*0x053*/ UINT8 SecondLevelCacheAssociativity;
/*0x054*/ ULONG32 VdmAlert;
/*0x058*/ ULONG32 KernelReserved[14];
/*0x090*/ ULONG32 SecondLevelCacheSize;
/*0x094*/ ULONG32 HalReserved[16];
/*0x0D4*/ ULONG32 InterruptMode;
/*0x0D8*/ UINT8 Spare1;
/*0x0D9*/ UINT8 _PADDING1_[0x3];
/*0x0DC*/ ULONG32 KernelReserved2[17];
/*0x120*/ struct _KPRCB PrcbData;
}KPCR, *PKPCR;
/*0x000*/ struct _NT_TIB NtTib;
/*0x01C*/ struct _KPCR* SelfPcr;
/*0x020*/ struct _KPRCB* Prcb;
/*0x024*/ UINT8 Irql;
/*0x025*/ UINT8 _PADDING0_[0x3];
/*0x028*/ ULONG32 IRR;
/*0x02C*/ ULONG32 IrrActive;
/*0x030*/ ULONG32 IDR;
/*0x034*/ VOID* KdVersionBlock;
/*0x038*/ struct _KIDTENTRY* IDT;
/*0x03C*/ struct _KGDTENTRY* GDT;
/*0x040*/ struct _KTSS* TSS;
/*0x044*/ UINT16 MajorVersion;
/*0x046*/ UINT16 MinorVersion;
/*0x048*/ ULONG32 SetMember;
/*0x04C*/ ULONG32 StallScaleFactor;
/*0x050*/ UINT8 DebugActive;
/*0x051*/ UINT8 Number;
/*0x052*/ UINT8 Spare0;
/*0x053*/ UINT8 SecondLevelCacheAssociativity;
/*0x054*/ ULONG32 VdmAlert;
/*0x058*/ ULONG32 KernelReserved[14];
/*0x090*/ ULONG32 SecondLevelCacheSize;
/*0x094*/ ULONG32 HalReserved[16];
/*0x0D4*/ ULONG32 InterruptMode;
/*0x0D8*/ UINT8 Spare1;
/*0x0D9*/ UINT8 _PADDING1_[0x3];
/*0x0DC*/ ULONG32 KernelReserved2[17];
/*0x120*/ struct _KPRCB PrcbData;
}KPCR, *PKPCR;
typedef struct _MM_SESSION_SPACE {
/*0x000*/ ULONG32 ReferenceCount;
union
{
/*0x004*/ ULONG32 LongFlags;
/*0x004*/ struct _MM_SESSION_SPACE_FLAGS Flags;
}u;
/*0x008*/ ULONG32 SessionId;
/*0x00C*/ ULONG32 SessionPageDirectoryIndex;
/*0x010*/ struct _MM_SESSION_SPACE* GlobalVirtualAddress;
/*0x014*/ struct _LIST_ENTRY ProcessList;
/*0x01C*/ ULONG32 NonPagedPoolBytes;
/*0x020*/ ULONG32 PagedPoolBytes;
/*0x024*/ ULONG32 NonPagedPoolAllocations;
/*0x028*/ ULONG32 PagedPoolAllocations;
/*0x02C*/ ULONG32 NonPagablePages;
/*0x030*/ ULONG32 CommittedPages;
/*0x034*/ UINT8 _PADDING0_[0x4];
/*0x038*/ union _LARGE_INTEGER LastProcessSwappedOutTime;
/*0x040*/ struct _MMPTE* PageTables;
/*0x044*/ struct _FAST_MUTEX PagedPoolMutex;
/*0x064*/ VOID* PagedPoolStart;
/*0x068*/ VOID* PagedPoolEnd;
/*0x06C*/ struct _MMPTE* PagedPoolBasePde;
/*0x070*/ struct _MM_PAGED_POOL_INFO PagedPoolInfo;
/*0x094*/ ULONG32 Color;
/*0x098*/ ULONG32 ProcessOutSwapCount;
/*0x09C*/ struct _LIST_ENTRY ImageList;
/*0x0A4*/ struct _MMPTE* GlobalPteEntry;
/*0x0A8*/ ULONG32 CopyOnWriteCount;
/*0x0AC*/ ULONG32 SessionPoolAllocationFailures[4];
/*0x0BC*/ ULONG32 AttachCount;
/*0x0C0*/ struct _KEVENT AttachEvent;
/*0x0D0*/ struct _EPROCESS* LastProcess;
/*0x0D4*/ UINT8 _PADDING1_[0x4];
/*0x0D8*/ struct _MMSUPPORT Vm;
/*0x118*/ struct _MMWSLE* Wsle;
/*0x11C*/ struct _ERESOURCE WsLock;
/*0x154*/ struct _LIST_ENTRY WsListEntry;
/*0x15C*/ struct _MMSESSION Session;
/*0x198*/ struct _DRIVER_OBJECT Win32KDriverObject;
/*0x240*/ struct _ETHREAD* WorkingSetLockOwner;
/*0x244*/ struct _POOL_DESCRIPTOR PagedPool;
/*0x126C*/ LONG32 ProcessReferenceToSession;
/*0x1270*/ ULONG32 LocaleId;
/*0x1274*/ UINT8 _PADDING2_[0x4];
}MM_SESSION_SPACE, *PMM_SESSION_SPACE;
/*0x000*/ ULONG32 ReferenceCount;
union
{
/*0x004*/ ULONG32 LongFlags;
/*0x004*/ struct _MM_SESSION_SPACE_FLAGS Flags;
}u;
/*0x008*/ ULONG32 SessionId;
/*0x00C*/ ULONG32 SessionPageDirectoryIndex;
/*0x010*/ struct _MM_SESSION_SPACE* GlobalVirtualAddress;
/*0x014*/ struct _LIST_ENTRY ProcessList;
/*0x01C*/ ULONG32 NonPagedPoolBytes;
/*0x020*/ ULONG32 PagedPoolBytes;
/*0x024*/ ULONG32 NonPagedPoolAllocations;
/*0x028*/ ULONG32 PagedPoolAllocations;
/*0x02C*/ ULONG32 NonPagablePages;
/*0x030*/ ULONG32 CommittedPages;
/*0x034*/ UINT8 _PADDING0_[0x4];
/*0x038*/ union _LARGE_INTEGER LastProcessSwappedOutTime;
/*0x040*/ struct _MMPTE* PageTables;
/*0x044*/ struct _FAST_MUTEX PagedPoolMutex;
/*0x064*/ VOID* PagedPoolStart;
/*0x068*/ VOID* PagedPoolEnd;
/*0x06C*/ struct _MMPTE* PagedPoolBasePde;
/*0x070*/ struct _MM_PAGED_POOL_INFO PagedPoolInfo;
/*0x094*/ ULONG32 Color;
/*0x098*/ ULONG32 ProcessOutSwapCount;
/*0x09C*/ struct _LIST_ENTRY ImageList;
/*0x0A4*/ struct _MMPTE* GlobalPteEntry;
/*0x0A8*/ ULONG32 CopyOnWriteCount;
/*0x0AC*/ ULONG32 SessionPoolAllocationFailures[4];
/*0x0BC*/ ULONG32 AttachCount;
/*0x0C0*/ struct _KEVENT AttachEvent;
/*0x0D0*/ struct _EPROCESS* LastProcess;
/*0x0D4*/ UINT8 _PADDING1_[0x4];
/*0x0D8*/ struct _MMSUPPORT Vm;
/*0x118*/ struct _MMWSLE* Wsle;
/*0x11C*/ struct _ERESOURCE WsLock;
/*0x154*/ struct _LIST_ENTRY WsListEntry;
/*0x15C*/ struct _MMSESSION Session;
/*0x198*/ struct _DRIVER_OBJECT Win32KDriverObject;
/*0x240*/ struct _ETHREAD* WorkingSetLockOwner;
/*0x244*/ struct _POOL_DESCRIPTOR PagedPool;
/*0x126C*/ LONG32 ProcessReferenceToSession;
/*0x1270*/ ULONG32 LocaleId;
/*0x1274*/ UINT8 _PADDING2_[0x4];
}MM_SESSION_SPACE, *PMM_SESSION_SPACE;
typedef struct _POP_DEVICE_SYS_STATE {
/*0x000*/ UINT8 IrpMinor;
/*0x001*/ UINT8 _PADDING0_[0x3];
/*0x004*/ enum _SYSTEM_POWER_STATE SystemState;
/*0x008*/ struct _KEVENT Event;
/*0x018*/ ULONG32 SpinLock;
/*0x01C*/ struct _KTHREAD* Thread;
/*0x020*/ UINT8 GetNewDeviceList;
/*0x021*/ UINT8 _PADDING1_[0x3];
/*0x024*/ struct _PO_DEVICE_NOTIFY_ORDER Order;
/*0x26C*/ LONG32 Status;
/*0x270*/ struct _DEVICE_OBJECT* FailedDevice;
/*0x274*/ UINT8 Waking;
/*0x275*/ UINT8 Cancelled;
/*0x276*/ UINT8 IgnoreErrors;
/*0x277*/ UINT8 IgnoreNotImplemented;
/*0x278*/ UINT8 WaitAny;
/*0x279*/ UINT8 WaitAll;
/*0x27A*/ UINT8 _PADDING2_[0x2];
/*0x27C*/ struct _LIST_ENTRY PresentIrpQueue;
/*0x284*/ struct _POP_DEVICE_POWER_IRP Head;
/*0x2B0*/ struct _POP_DEVICE_POWER_IRP PowerIrpState[20];
}POP_DEVICE_SYS_STATE, *PPOP_DEVICE_SYS_STATE;
}
/*0x000*/ UINT8 IrpMinor;
/*0x001*/ UINT8 _PADDING0_[0x3];
/*0x004*/ enum _SYSTEM_POWER_STATE SystemState;
/*0x008*/ struct _KEVENT Event;
/*0x018*/ ULONG32 SpinLock;
/*0x01C*/ struct _KTHREAD* Thread;
/*0x020*/ UINT8 GetNewDeviceList;
/*0x021*/ UINT8 _PADDING1_[0x3];
/*0x024*/ struct _PO_DEVICE_NOTIFY_ORDER Order;
/*0x26C*/ LONG32 Status;
/*0x270*/ struct _DEVICE_OBJECT* FailedDevice;
/*0x274*/ UINT8 Waking;
/*0x275*/ UINT8 Cancelled;
/*0x276*/ UINT8 IgnoreErrors;
/*0x277*/ UINT8 IgnoreNotImplemented;
/*0x278*/ UINT8 WaitAny;
/*0x279*/ UINT8 WaitAll;
/*0x27A*/ UINT8 _PADDING2_[0x2];
/*0x27C*/ struct _LIST_ENTRY PresentIrpQueue;
/*0x284*/ struct _POP_DEVICE_POWER_IRP Head;
/*0x2B0*/ struct _POP_DEVICE_POWER_IRP PowerIrpState[20];
}POP_DEVICE_SYS_STATE, *PPOP_DEVICE_SYS_STATE;
}
//
//http://msdn.moonsols.com/winxpsp3_x86/
//http://processhacker.sourceforge.net/doc
//
//http://msdn.moonsols.com/winxpsp3_x86/
//http://processhacker.sourceforge.net/doc
//