1 2 HEADER("CR0 flags"), 3 CONSTANT(CR0_PE), 4 CONSTANT(CR0_MP), 5 CONSTANT(CR0_EM), 6 CONSTANT(CR0_TS), 7 CONSTANT(CR0_ET), 8 CONSTANT(CR0_NE), 9 CONSTANT(CR0_WP), 10 CONSTANT(CR0_AM), // not win 10 11 CONSTANT(CR0_NW), 12 CONSTANT(CR0_CD), 13 CONSTANT(CR0_PG), 14 15 HEADER("CR4 flags"), 16 CONSTANT(CR4_VME), 17 CONSTANT(CR4_PVI), 18 CONSTANT(CR4_TSD), 19 CONSTANT(CR4_DE), 20 CONSTANT(CR4_PSE), 21 CONSTANT(CR4_PAE), 22 CONSTANT(CR4_MCE), 23 CONSTANT(CR4_PGE), 24 CONSTANT(CR4_FXSR), 25 CONSTANT(CR4_XMMEXCPT), 26 //CONSTANT(CR4_PGE_V), 27 //CONSTANT(CR4_XSAVE), 28 29 HEADER("Debug Registers"), 30 CONSTANT(DR6_LEGAL), 31 CONSTANT(DR7_LEGAL), 32 CONSTANT(DR7_ACTIVE), 33 CONSTANT(DR7_RESERVED_MASK), 34 35 HEADER("EFLAGS"), 36 CONSTANT(EFLAGS_TF), 37 CONSTANT(EFLAGS_INTERRUPT_MASK), 38 CONSTANT(EFLAGS_V86_MASK), 39 CONSTANT(EFLAGS_ALIGN_CHECK), 40 CONSTANT(EFLAGS_VIF), 41 CONSTANT(EFLAGS_VIP), 42 CONSTANT(EFLAGS_USER_SANITIZE), 43 //CONSTANT(EFLAG_SELECT), 44 45 #if (NTDDI_VERSION >= NTDDI_VISTA) 46 HEADER("Hypervisor Enlightenment Definitions"), 47 CONSTANT(HV_MMU_USE_HYPERCALL_FOR_ADDRESS_SWITCH), 48 CONSTANT(HV_MMU_USE_HYPERCALL_FOR_LOCAL_FLUSH), 49 CONSTANT(HV_MMU_USE_HYPERCALL_FOR_REMOTE_FLUSH), 50 CONSTANT(HV_KE_USE_HYPERCALL_FOR_LONG_SPIN_WAIT), 51 #endif 52 53 HEADER("KeFeatureBits flags"), 54 CONSTANT(KF_V86_VIS), 55 CONSTANT(KF_RDTSC), 56 CONSTANT(KF_CR4), 57 CONSTANT(KF_GLOBAL_PAGE), 58 CONSTANT(KF_LARGE_PAGE), 59 CONSTANT(KF_CMPXCHG8B), 60 CONSTANT(KF_FAST_SYSCALL), 61 //CONSTANT(KF_XSTATE), 62 63 HEADER("KGDT selectors"), 64 CONSTANT(KGDT_NULL), 65 CONSTANT(KGDT_R0_CODE), 66 CONSTANT(KGDT_R0_DATA), 67 CONSTANT(KGDT_R3_CODE), 68 CONSTANT(KGDT_R3_DATA), 69 CONSTANT(KGDT_TSS), 70 CONSTANT(KGDT_R0_PCR), 71 CONSTANT(KGDT_R3_TEB), 72 CONSTANT(KGDT_VDM_TILE), 73 CONSTANT(KGDT_LDT), 74 CONSTANT(KGDT_DF_TSS), 75 CONSTANT(KGDT_NMI_TSS), 76 //CONSTANT(KGDT_R3_GS), 77 //CONSTANT(KGDT_STACK16),// obsolete 78 //CONSTANT(KGDT_CODE16), // obsolete 79 80 HEADER("Machine type definitions"), 81 CONSTANT(MACHINE_TYPE_ISA), 82 CONSTANT(MACHINE_TYPE_EISA), 83 CONSTANT(MACHINE_TYPE_MCA), 84 85 HEADER("MSR definitions"), 86 CONSTANT(MSR_AMD_ACCESS), 87 CONSTANT(MSR_IA32_MISC_ENABLE), 88 CONSTANT(MSR_EFER), 89 90 HEADER("MSR values"), 91 CONSTANT(MSR_NXE), 92 CONSTANT(XHF_NOEXECUTE), 93 CONSTANT(MSR_XD_ENABLE_MASK), 94 95 HEADER("WOW64 turbo dispatch system call types"), 96 CONSTANT(ServiceNoTurbo), 97 CONSTANT(Service0Arg), 98 CONSTANT(Service0ArgReloadState), 99 CONSTANT(Service1ArgSp), 100 CONSTANT(Service1ArgNSp), 101 CONSTANT(Service2ArgNSpNSp), 102 CONSTANT(Service2ArgNSpNSpReloadState), 103 CONSTANT(Service2ArgSpNSp), 104 CONSTANT(Service2ArgSpSp), 105 CONSTANT(Service2ArgNSpSp), 106 CONSTANT(Service3ArgNSpNSpNSp), 107 CONSTANT(Service3ArgSpSpSp), 108 CONSTANT(Service3ArgSpNSpNSp), 109 CONSTANT(Service3ArgSpNSpNSpReloadState), 110 CONSTANT(Service3ArgSpSpNSp), 111 CONSTANT(Service3ArgNSpSpNSp), 112 CONSTANT(Service3ArgSpNSpSp), 113 CONSTANT(Service4ArgNSpNSpNSpNSp), 114 CONSTANT(Service4ArgSpSpNSpNSp), 115 CONSTANT(Service4ArgSpSpNSpNSpReloadState), 116 CONSTANT(Service4ArgSpNSpNSpNSp), 117 CONSTANT(Service4ArgSpNSpNSpNSpReloadState), 118 CONSTANT(Service4ArgNSpSpNSpNSp), 119 CONSTANT(Service4ArgSpSpSpNSp), 120 CONSTANT(ServiceCpupTdQuerySystemTime), 121 CONSTANT(ServiceCpupTdGetCurrentProcessorNumber), 122 CONSTANT(ServiceCpupTdReadWriteFile), 123 CONSTANT(ServiceCpupTdDeviceIoControlFile), 124 CONSTANT(ServiceCpupTdRemoveIoCompletion), 125 CONSTANT(ServiceCpupTdWaitForMultipleObjects), 126 CONSTANT(ServiceCpupTdWaitForMultipleObjects32), 127 CONSTANT(Wow64ServiceTypesCount), 128 129 HEADER("VDM constants"), 130 CONSTANT(VDM_INDEX_Invalid), 131 CONSTANT(VDM_INDEX_0F), 132 CONSTANT(VDM_INDEX_ESPrefix), 133 CONSTANT(VDM_INDEX_CSPrefix), 134 CONSTANT(VDM_INDEX_SSPrefix), 135 CONSTANT(VDM_INDEX_DSPrefix), 136 CONSTANT(VDM_INDEX_FSPrefix), 137 CONSTANT(VDM_INDEX_GSPrefix), 138 CONSTANT(VDM_INDEX_OPER32Prefix), 139 CONSTANT(VDM_INDEX_ADDR32Prefix), 140 CONSTANT(VDM_INDEX_INSB), 141 CONSTANT(VDM_INDEX_INSW), 142 CONSTANT(VDM_INDEX_OUTSB), 143 CONSTANT(VDM_INDEX_OUTSW), 144 CONSTANT(VDM_INDEX_PUSHF), 145 CONSTANT(VDM_INDEX_POPF), 146 CONSTANT(VDM_INDEX_INTnn), 147 CONSTANT(VDM_INDEX_INTO), 148 CONSTANT(VDM_INDEX_IRET), 149 CONSTANT(VDM_INDEX_NPX), 150 CONSTANT(VDM_INDEX_INBimm), 151 CONSTANT(VDM_INDEX_INWimm), 152 CONSTANT(VDM_INDEX_OUTBimm), 153 CONSTANT(VDM_INDEX_OUTWimm), 154 CONSTANT(VDM_INDEX_INB), 155 CONSTANT(VDM_INDEX_INW), 156 CONSTANT(VDM_INDEX_OUTB), 157 CONSTANT(VDM_INDEX_OUTW), 158 CONSTANT(VDM_INDEX_LOCKPrefix), 159 CONSTANT(VDM_INDEX_REPNEPrefix), 160 CONSTANT(VDM_INDEX_REPPrefix), 161 CONSTANT(VDM_INDEX_CLI), 162 CONSTANT(VDM_INDEX_STI), 163 CONSTANT(VDM_INDEX_HLT), 164 CONSTANT(MAX_VDM_INDEX), 165 166 //HEADER("VDM feature bits"), 167 //CONSTANT(V86_VIRTUAL_INT_EXTENSIONS), 168 //CONSTANT(PM_VIRTUAL_INT_EXTENSIONS), 169 170 HEADER("XSAVE_AREA definitions"), 171 CONSTANT(XSTATE_MASK_LEGACY_FLOATING_POINT), 172 CONSTANT(XSTATE_MASK_LEGACY_SSE), 173 CONSTANT(XSTATE_MASK_LEGACY), 174 CONSTANT(XSTATE_MASK_GSSE), 175 176 //HEADER("Interrupt vector definitions"), 177 //CONSTANT(IOMMU_VECTOR), 178 //CONSTANT(STUB_VECTOR), 179 //CONSTANT(REBOOT_VECTOR), 180 //CONSTANT(IPI_VECTOR), 181 //CONSTANT(LOCAL_ERROR_VECTOR), 182 //CONSTANT(PERF_VECTOR), 183 184 HEADER("Miscellaneous constants"), 185 //CONSTANT(INITIAL_MXCSR), 186 //CONSTANT(IPI_FREEZE), 187 //CONSTANT(XSAVE_PRESENT), 188 SIZE(KTIMER_TABLE_SIZE, KTIMER_TABLE), 189 //CONSTANT(TRAP_FRAME_MARKER), 190 CONSTANT(FRAME_EDITED), 191 //CONSTANT(INTERRUPT_FRAME), 192 //CONSTANT(EXCEPTION_FRAME), 193 //CONSTANT(SYSCALL_FRAME), 194 //CONSTANT(KXMM_FRAME_SIZE), 195 //CONSTANT(KI_SLIST_FAULT_COUNT_MAXIMUM), 196 CONSTANT(PF_XMMI_INSTRUCTIONS_AVAILABLE), 197 CONSTANT(CPU_AMD), 198 CONSTANT(CPU_INTEL), 199 //CONSTANT(DEBUG_ACTIVE_MASK), 200 //CONSTANT(DEBUG_ACTIVE_MINIMAL_THREAD), 201 //CONSTANT(THREAD_LOCK_FLAGS_DBG_INSTRUMENTED), 202 //CONSTANT(X86AMD64_R3_LONG_MODE_CODE), 203 //CONSTANT(SEL_TYPE_NP), 204 //CONSTANT(TEB_FLAGS_SAFE_THUNK_CALL), 205 //CONSTANT(TEB_FLAGS_FIBER_SWAPPED), 206 //CONSTANT(KI_SPINLOCK_ORDER_PRCB_LOCK), 207 //CONSTANT(PROCESSOR_START_FLAG_FORCE_ENABLE_NX), 208 209 HEADER("** FIELD OFFSETS ***************"), 210 211 //HEADER("RtlBackoff offsets"), 212 //OFFSET(BoDelay, ????, Delay), 213 //SIZE(RtlBackoffLength, ????), 214 215 HEADER("CONTEXT offsets"), 216 OFFSET(CsContextFlags, CONTEXT, ContextFlags), 217 OFFSET(CsDr0, CONTEXT, Dr0), 218 OFFSET(CsDr1, CONTEXT, Dr1), 219 OFFSET(CsDr2, CONTEXT, Dr2), 220 OFFSET(CsDr3, CONTEXT, Dr3), 221 OFFSET(CsDr6, CONTEXT, Dr6), 222 OFFSET(CsDr7, CONTEXT, Dr7), 223 OFFSET(CsFloatSave, CONTEXT, FloatSave), 224 OFFSET(CsSegGs, CONTEXT, SegGs), 225 OFFSET(CsSegFs, CONTEXT, SegFs), 226 OFFSET(CsSegEs, CONTEXT, SegEs), 227 OFFSET(CsSegDs, CONTEXT, SegDs), 228 OFFSET(CsEdi, CONTEXT, Edi), 229 OFFSET(CsEsi, CONTEXT, Esi), 230 OFFSET(CsEbx, CONTEXT, Ebx), 231 OFFSET(CsEdx, CONTEXT, Edx), 232 OFFSET(CsEcx, CONTEXT, Ecx), 233 OFFSET(CsEax, CONTEXT, Eax), 234 OFFSET(CsEbp, CONTEXT, Ebp), 235 OFFSET(CsEip, CONTEXT, Eip), 236 OFFSET(CsSegCs, CONTEXT, SegCs), 237 OFFSET(CsEflags, CONTEXT, EFlags), 238 OFFSET(CsEsp, CONTEXT, Esp), 239 OFFSET(CsSegSs, CONTEXT, SegSs), 240 OFFSET(CsExtendedRegisters, CONTEXT, ExtendedRegisters), 241 //OFFSET(CsMxCsr, CONTEXT, MxCsr), 242 SIZE(ContextFrameLength, CONTEXT), 243 SIZE(CONTEXT_LENGTH, CONTEXT), 244 245 HEADER("KCALLOUT_FRAME offsets"), 246 OFFSET(CuInStk, KCALLOUT_FRAME, InitialStack), // 00000H 247 OFFSET(CuTrFr, KCALLOUT_FRAME, TrapFrame), // 00004H 248 OFFSET(CuCbStk, KCALLOUT_FRAME, CallbackStack), // 00008H 249 OFFSET(CuEdi, KCALLOUT_FRAME, Edi), // 0000CH 250 OFFSET(CuEsi, KCALLOUT_FRAME, Esi), // 00010H 251 OFFSET(CuEbx, KCALLOUT_FRAME, Ebx), // 00014H 252 OFFSET(CuEbp, KCALLOUT_FRAME, Ebp), // 00018H 253 OFFSET(CuRet, KCALLOUT_FRAME, ReturnAddress), // 0001CH 254 OFFSET(CuOutBf, KCALLOUT_FRAME, Result), // 00020H 255 OFFSET(CuOutLn, KCALLOUT_FRAME, ResultLength), // 00024H 256 257 //HEADER("??? offsets"), 258 //OFFSET(ErrHandler, ???, Handler), 259 //OFFSET(ErrNext, ???, Next), 260 //OFFSET(ErrLength, ???, Length), 261 262 HEADER("FLOATING_SAVE_AREA offsets"), 263 OFFSET(FpControlWord, FLOATING_SAVE_AREA, ControlWord), 264 OFFSET(FpStatusWord, FLOATING_SAVE_AREA, StatusWord), 265 OFFSET(FpTagWord, FLOATING_SAVE_AREA, TagWord), 266 OFFSET(FpErrorOffset, FLOATING_SAVE_AREA, ErrorOffset), 267 OFFSET(FpErrorSelector, FLOATING_SAVE_AREA, ErrorSelector), 268 OFFSET(FpDataOffset, FLOATING_SAVE_AREA, DataOffset), 269 OFFSET(FpDataSelector, FLOATING_SAVE_AREA, DataSelector), 270 OFFSET(FpRegisterArea, FLOATING_SAVE_AREA, RegisterArea), 271 272 HEADER("XSAVE_FORMAT offsets"), 273 OFFSET(FxControlWord, XSAVE_FORMAT, ControlWord), 274 OFFSET(FxStatusWord, XSAVE_FORMAT, StatusWord), 275 OFFSET(FxTagWord, XSAVE_FORMAT, TagWord), 276 OFFSET(FxErrorOpcode, XSAVE_FORMAT, ErrorOpcode), 277 OFFSET(FxErrorOffset, XSAVE_FORMAT, ErrorOffset), 278 OFFSET(FxErrorSelector, XSAVE_FORMAT, ErrorSelector), 279 OFFSET(FxDataOffset, XSAVE_FORMAT, DataOffset), 280 OFFSET(FxDataSelector, XSAVE_FORMAT, DataSelector), 281 OFFSET(FxMxCsr, XSAVE_FORMAT, MxCsr), 282 SIZE(XSAVE_FORMAT_SIZE, XSAVE_FORMAT), 283 284 HEADER("KGDTENTRY offsets"), 285 OFFSET(KgdtLimitLow, KGDTENTRY, LimitLow), 286 OFFSET(KgdtBaseLow, KGDTENTRY, BaseLow), 287 OFFSET(KgdtHighWord, KGDTENTRY, HighWord), 288 OFFSET(KgdtBaseMid, KGDTENTRY, HighWord.Bytes.BaseMid), 289 OFFSET(KgdtLimitHi, KGDTENTRY, HighWord.Bytes.Flags2), 290 OFFSET(KgdtBaseHi, KGDTENTRY, HighWord.Bytes.BaseHi), 291 292 HEADER("KPRCB offsets"), 293 OFFSET(PbCurrentThread, KPRCB, CurrentThread), 294 OFFSET(PbNextThread, KPRCB, NextThread), 295 OFFSET(PbIdleThread, KPRCB, IdleThread), 296 //OFFSET(PbNestingLevel, KPRCB, NestingLevel), 297 OFFSET(PbCpuType, KPRCB, CpuType), 298 OFFSET(PbCpuID, KPRCB, CpuID), 299 OFFSET(PbCpuStep, KPRCB, CpuStep), 300 OFFSET(PbProcessorState, KPRCB, ProcessorState), 301 OFFSET(PbParentNode, KPRCB, ParentNode), 302 //OFFSET(PbPriorityState, KPRCB, PriorityState), 303 OFFSET(PbHalReserved, KPRCB, HalReserved), 304 //OFFSET(PbCFlushSize, KPRCB, CFlushSize), 305 //OFFSET(PbCpuVendor, KPRCB, CpuVendor), 306 //OFFSET(PbGroupSetMember, KPRCB, GroupSetMember), 307 OFFSET(PbNumber, KPRCB, Number), 308 //OFFSET(PbClockOwner, KPRCB, ClockOwner), 309 OFFSET(PbLockQueue, KPRCB, LockQueue), 310 OFFSET(PbInterruptCount, KPRCB, InterruptCount), 311 OFFSET(PbKernelTime, KPRCB, KernelTime), 312 OFFSET(PbUserTime, KPRCB, UserTime), 313 OFFSET(PbDpcTime, KPRCB, DpcTime), 314 OFFSET(PbInterruptTime, KPRCB, InterruptTime), 315 OFFSET(PbAdjustDpcThreshold, KPRCB, AdjustDpcThreshold), 316 OFFSET(PbPageColor, KPRCB, PageColor), 317 OFFSET(PbDebuggerSavedIRQL, KPRCB, DebuggerSavedIRQL), 318 OFFSET(PbNodeShiftedColor, KPRCB, NodeShiftedColor), 319 OFFSET(PbSecondaryColorMask, KPRCB, SecondaryColorMask), 320 //OFFSET(PbAlignmentFixupCount, KPRCB, AlignmentFixupCount), 321 //OFFSET(PbExceptionDispatchCount, KPRCB, ExceptionDispatchCount), 322 OFFSET(PbSystemCalls, KPRCB, KeSystemCalls), 323 OFFSET(PbPPLookasideList, KPRCB, PPLookasideList), 324 OFFSET(PbPPNPagedLookasideList, KPRCB, PPNPagedLookasideList), 325 OFFSET(PbPPPagedLookasideList, KPRCB, PPPagedLookasideList), 326 OFFSET(PbPacketBarrier, KPRCB, PacketBarrier), 327 OFFSET(PbReverseStall, KPRCB, ReverseStall), 328 OFFSET(PbIpiFrame, KPRCB, IpiFrame), 329 OFFSET(PbCurrentPacket, KPRCB, CurrentPacket), 330 OFFSET(PbTargetSet, KPRCB, TargetSet), 331 OFFSET(PbWorkerRoutine, KPRCB, WorkerRoutine), 332 OFFSET(PbIpiFrozen, KPRCB, IpiFrozen), 333 OFFSET(PbRequestSummary, KPRCB, RequestSummary), 334 //OFFSET(PbDpcList, KPRCB, DpcList), 335 //OFFSET(PbDpcLock, KPRCB, DpcLock), 336 //OFFSET(PbDpcCount, KPRCB, DpcCount), 337 OFFSET(PbDpcStack, KPRCB, DpcStack), 338 OFFSET(PbMaximumDpcQueueDepth, KPRCB, MaximumDpcQueueDepth), 339 OFFSET(PbDpcRequestRate, KPRCB, DpcRequestRate), 340 OFFSET(PbMinimumDpcRate, KPRCB, MinimumDpcRate), 341 OFFSET(PbDpcLastCount, KPRCB, DpcLastCount), 342 OFFSET(PbPrcbLock, KPRCB, PrcbLock), 343 OFFSET(PbQuantumEnd, KPRCB, QuantumEnd), 344 OFFSET(PbDpcRoutineActive, KPRCB, DpcRoutineActive), 345 OFFSET(PbIdleSchedule, KPRCB, IdleSchedule), 346 //OFFSET(PbNormalDpcState, KPRCB, NormalDpcState), 347 //OFFSET(PbKeSpinLockOrdering, KPRCB, KeSpinLockOrdering), 348 OFFSET(PbDeferredReadyListHead, KPRCB, DeferredReadyListHead), 349 OFFSET(PbReadySummary, KPRCB, ReadySummary), 350 OFFSET(PbWaitListHead, KPRCB, WaitListHead), 351 //OFFSET(PbStartCycle, KPRCB, StartCycle), 352 //OFFSET(PbCycleTime, KPRCB, CycleTime), 353 //OFFSET(PbHighCycleTime, KPRCB, HighCycleTime), 354 OFFSET(PbDispatcherReadyListHead, KPRCB, DispatcherReadyListHead), 355 OFFSET(PbChainedInterruptList, KPRCB, ChainedInterruptList), 356 //OFFSET(PbSpinLockAcquireCount, KPRCB, SpinLockAcquireCount), 357 //OFFSET(PbSpinLockContentionCount, KPRCB, SpinLockContentionCount), 358 //OFFSET(PbSpinLockSpinCount, KPRCB, SpinLockSpinCount), 359 //OFFSET(PbContext, KPRCB, Context), 360 //OFFSET(PbIsrStack, KPRCB, IsrStack), 361 //OFFSET(PbVectorToInterruptObject, KPRCB, VectorToInterruptObject), 362 //OFFSET(PbEntropyBuffer, KPRCB, EntropyTimingState.Buffer), 363 //OFFSET(PbMailbox, KPRCB, Mailbox), 364 SIZE(ProcessorBlockLength, KPRCB), 365 366 HEADER("KPCR offsets"), 367 OFFSET(PcExceptionList, KIPCR, NtTib.ExceptionList), 368 //OFFSET(PcInitialStack, KIPCR, InitialStack), 369 //OFFSET(PcMxCsr, KIPCR, MxCsr), 370 OFFSET(PcTssCopy, KIPCR, TssCopy), 371 OFFSET(PcContextSwitches, KIPCR, ContextSwitches), 372 OFFSET(PcSetMemberCopy, KIPCR, SetMemberCopy), 373 OFFSET(PcTeb, KIPCR, NtTib.Self), 374 OFFSET(PcSelfPcr, KIPCR, SelfPcr), 375 OFFSET(PcPrcb, KIPCR, Prcb), 376 OFFSET(PcIrql, KIPCR, Irql), 377 OFFSET(PcIRR, KIPCR, IRR), 378 OFFSET(PcIrrActive, KIPCR, IrrActive), 379 OFFSET(PcIDR, KIPCR, IDR), 380 OFFSET(PcIdt, KIPCR, IDT), 381 OFFSET(PcGdt, KIPCR, GDT), 382 OFFSET(PcTss, KIPCR, TSS), 383 OFFSET(PcSetMember, KIPCR, SetMember), 384 OFFSET(PcStallScaleFactor, KIPCR, StallScaleFactor), 385 OFFSET(PcNumber, KIPCR, Number), 386 OFFSET(PcVdmAlert, KIPCR, VdmAlert), 387 OFFSET(PcHal, KIPCR, HalReserved), 388 OFFSET(PcPrcbData, KIPCR, PrcbData), 389 OFFSET(PcCurrentThread, KIPCR, PrcbData.CurrentThread), 390 //OFFSET(PcNestingLevel, KIPCR, PrcbData.NestingLevel), 391 OFFSET(PcParentNode, KIPCR, PrcbData.ParentNode), 392 OFFSET(PcInterruptCount, KIPCR, PrcbData.InterruptCount), 393 //OFFSET(PcDpcRequestSummary, KIPCR, PrcbData.DpcRequestSummary), 394 //OFFSET(PcStartCycles, KIPCR, PrcbData.StartCycles), 395 //OFFSET(PcCycleTime, KIPCR, PrcbData.CycleTime), 396 //OFFSET(PcHighCycleTime, KIPCR, PrcbData.HighCycleTime), 397 SIZE(ProcessorControlRegisterLength, KIPCR), 398 399 // Processor Start Block Offset Definitions 400 //HEADER("??? offsets"), 401 //OFFSET(PsbCompletionFlag, ???, PsbCompletionFlag), 402 //OFFSET(PsbFlags, ???, PsbCompletionFlag), 403 //OFFSET(PsbTiledMemoryMap, ???, PsbCompletionFlag), 404 //OFFSET(PsbSelfMap, ???, PsbCompletionFlag), 405 //OFFSET(PsbProcessorState, ???, PsbCompletionFlag), 406 //SIZE(ProcessorStartBlockLength, ???, PsbCompletionFlag), 407 408 HEADER("PEB offsets"), 409 OFFSET(PebBeingDebugged, PEB, BeingDebugged), 410 OFFSET(PebKernelCallbackTable, PEB, KernelCallbackTable), 411 412 HEADER("KPROCESSOR_STATE offsets"), 413 OFFSET(PsContextFrame, KPROCESSOR_STATE, ContextFrame), 414 OFFSET(PsSpecialRegisters, KPROCESSOR_STATE, SpecialRegisters), 415 SIZE(ProcessorStateLength, KPROCESSOR_STATE), 416 417 HEADER("KSPECIAL_REGISTERS offsets"), 418 OFFSET(SrCr0, KSPECIAL_REGISTERS, Cr0), 419 OFFSET(SrCr2, KSPECIAL_REGISTERS, Cr2), 420 OFFSET(SrCr3, KSPECIAL_REGISTERS, Cr3), 421 OFFSET(SrCr4, KSPECIAL_REGISTERS, Cr4), 422 OFFSET(SrKernelDr0, KSPECIAL_REGISTERS, KernelDr0), 423 OFFSET(SrKernelDr1, KSPECIAL_REGISTERS, KernelDr1), 424 OFFSET(SrKernelDr2, KSPECIAL_REGISTERS, KernelDr2), 425 OFFSET(SrKernelDr3, KSPECIAL_REGISTERS, KernelDr3), 426 OFFSET(SrKernelDr6, KSPECIAL_REGISTERS, KernelDr6), 427 OFFSET(SrKernelDr7, KSPECIAL_REGISTERS, KernelDr7), 428 OFFSET(SrGdtr, KSPECIAL_REGISTERS, Gdtr), 429 OFFSET(SrIdtr, KSPECIAL_REGISTERS, Idtr), 430 OFFSET(SrTr, KSPECIAL_REGISTERS, Tr), 431 OFFSET(SrLdtr, KSPECIAL_REGISTERS, Ldtr), 432 //OFFSET(SrXcr0, KSPECIAL_REGISTERS, Xcr0), 433 //OFFSET(SrExceptionList, KSPECIAL_REGISTERS, ExceptionList), 434 435 HEADER("KSYSTEM_TIME offsets"), 436 OFFSET(StLowTime, KSYSTEM_TIME, LowTime), 437 OFFSET(StHigh1Time, KSYSTEM_TIME, High1Time), 438 OFFSET(StHigh2Time, KSYSTEM_TIME, High2Time), 439 440 //HEADER("KSWITCH_FRAME offsets"), 441 //SIZE(SwitchFrameLength, KSWITCH_FRAME), 442 443 HEADER("TEB offsets (duplicates Te* definitions!)"), 444 OFFSET(TbExceptionList, TEB, NtTib.ExceptionList), 445 OFFSET(TbStackBase, TEB, NtTib.StackBase), 446 OFFSET(TbStackLimit, TEB, NtTib.StackLimit), 447 OFFSET(TbVersion, TEB, NtTib.Version), 448 OFFSET(TbFiberData, TEB, NtTib.FiberData), 449 OFFSET(TbArbitraryUserPointer, TEB, NtTib.ArbitraryUserPointer), 450 OFFSET(TbEnvironmentPointer, TEB, EnvironmentPointer), 451 OFFSET(TbClientId, TEB, ClientId), 452 OFFSET(TbThreadLocalStoragePointer, TEB, ThreadLocalStoragePointer), 453 OFFSET(TbCountOfOwnedCriticalSections, TEB, CountOfOwnedCriticalSections), 454 OFFSET(TbCsrClientThread, TEB, CsrClientThread), 455 OFFSET(TbWOW32Reserved, TEB, WOW32Reserved), 456 OFFSET(TbSystemReserved1, TEB, SystemReserved1), 457 OFFSET(TbExceptionCode, TEB, ExceptionCode), 458 OFFSET(TbGdiThreadLocalInfo, TEB, GdiThreadLocalInfo), 459 OFFSET(TbglDispatchTable, TEB, glDispatchTable), 460 OFFSET(TbglSectionInfo, TEB, glSectionInfo), 461 OFFSET(TbglSection, TEB, glSection), 462 OFFSET(TbglTable, TEB, glTable), 463 OFFSET(TbglCurrentRC, TEB, glCurrentRC), 464 OFFSET(TbglContext, TEB, glContext), 465 OFFSET(TbDeallocationStack, TEB, DeallocationStack), 466 OFFSET(TbVdm, TEB, Vdm), 467 OFFSET(TbGdiBatchCount, TEB, GdiBatchCount), 468 //OFFSET(TeSameTebFlags, TEB, SameTebFlags), 469 OFFSET(TebPeb, TEB, ProcessEnvironmentBlock), 470 471 HEADER("KTRAP_FRAME"), 472 OFFSET(TsDbgEbp, KTRAP_FRAME, DbgEbp), 473 OFFSET(TsDbgEip, KTRAP_FRAME, DbgEip), 474 OFFSET(TsDbgArgMark, KTRAP_FRAME, DbgArgMark), 475 OFFSET(TsTempSegCs, KTRAP_FRAME, TempSegCs), 476 //OFFSET(TsLogging, KTRAP_FRAME, Logging), 477 //OFFSET(TsFrameType, KTRAP_FRAME, FrameType), 478 OFFSET(TsTempEsp, KTRAP_FRAME, TempEsp), 479 OFFSET(TsDr0, KTRAP_FRAME, Dr0), 480 OFFSET(TsDr1, KTRAP_FRAME, Dr1), 481 OFFSET(TsDr2, KTRAP_FRAME, Dr2), 482 OFFSET(TsDr3, KTRAP_FRAME, Dr3), 483 OFFSET(TsDr6, KTRAP_FRAME, Dr6), 484 OFFSET(TsDr7, KTRAP_FRAME, Dr7), 485 OFFSET(TsSegGs, KTRAP_FRAME, SegGs), 486 OFFSET(TsSegEs, KTRAP_FRAME, SegEs), 487 OFFSET(TsSegDs, KTRAP_FRAME, SegDs), 488 OFFSET(TsEdx, KTRAP_FRAME, Edx), 489 OFFSET(TsEcx, KTRAP_FRAME, Ecx), 490 OFFSET(TsEax, KTRAP_FRAME, Eax), 491 OFFSET(TsPreviousPreviousMode, KTRAP_FRAME, PreviousPreviousMode), 492 //OFFSET(TsMxCsr, KTRAP_FRAME, MxCsr), 493 OFFSET(TsExceptionList, KTRAP_FRAME, ExceptionList), 494 //OFFSET(TsEntropyQueueDpc, KTRAP_FRAME, EntropyQueueDpc), 495 OFFSET(TsSegFs, KTRAP_FRAME, SegFs), 496 OFFSET(TsEdi, KTRAP_FRAME, Edi), 497 OFFSET(TsEsi, KTRAP_FRAME, Esi), 498 OFFSET(TsEbx, KTRAP_FRAME, Ebx), 499 OFFSET(TsEbp, KTRAP_FRAME, Ebp), 500 OFFSET(TsErrCode, KTRAP_FRAME, ErrCode), 501 OFFSET(TsEip, KTRAP_FRAME, Eip), 502 OFFSET(TsSegCs, KTRAP_FRAME, SegCs), 503 OFFSET(TsEflags, KTRAP_FRAME, EFlags), 504 OFFSET(TsHardwareEsp, KTRAP_FRAME, HardwareEsp), 505 OFFSET(TsHardwareSegSs, KTRAP_FRAME, HardwareSegSs), 506 OFFSET(TsDbgArgPointer, KTRAP_FRAME, DbgArgPointer), // not in win10 507 OFFSET(TsV86Es, KTRAP_FRAME, V86Es), 508 OFFSET(TsV86Ds, KTRAP_FRAME, V86Ds), 509 OFFSET(TsV86Fs, KTRAP_FRAME, V86Fs), 510 OFFSET(TsV86Gs, KTRAP_FRAME, V86Gs), 511 SIZE(KTRAP_FRAME_LENGTH, KTRAP_FRAME), 512 CONSTANT(KTRAP_FRAME_ALIGN), 513 514 HEADER("KTSS offsets"), 515 OFFSET(TssEsp0, KTSS, Esp0), 516 OFFSET(TssCR3, KTSS, CR3), 517 OFFSET(TssEip, KTSS, Eip), 518 OFFSET(TssEFlags, KTSS, EFlags), 519 OFFSET(TssEax, KTSS, Eax), 520 OFFSET(TssEbx, KTSS, Ebx), 521 OFFSET(TssEcx, KTSS, Ecx), 522 OFFSET(TssEdx, KTSS, Edx), 523 OFFSET(TssEsp, KTSS, Esp), 524 OFFSET(TssEbp, KTSS, Ebp), 525 OFFSET(TssEsi, KTSS, Esi), 526 OFFSET(TssEdi, KTSS, Edi), 527 OFFSET(TssEs, KTSS, Es), 528 OFFSET(TssCs, KTSS, Cs), 529 OFFSET(TssSs, KTSS, Ss), 530 OFFSET(TssDs, KTSS, Ds), 531 OFFSET(TssFs, KTSS, Fs), 532 OFFSET(TssGs, KTSS, Gs), 533 OFFSET(TssLDT, KTSS, LDT), 534 OFFSET(TssIoMapBase, KTSS, IoMapBase), 535 OFFSET(TssIoMaps, KTSS, IoMaps), 536 SIZE(TssLength, KTSS), 537 538 //HEADER("VDM_PROCESS_OBJECTS??? offsets"), 539 //VpVdmTib equ 00098H 540 541 HEADER("XSTATE_CONFIGURATION offsets"), 542 OFFSET(XcfgEnabledFeatures, XSTATE_CONFIGURATION, EnabledFeatures), 543 #if (NTDDI_VERSION >= NTDDI_WIN10) 544 OFFSET(XcfgEnabledVolatileFeatures, XSTATE_CONFIGURATION, EnabledFeatures), 545 #endif 546 547 HEADER("XSTATE_CONTEXT offsets"), 548 OFFSET(XctxMask, XSTATE_CONTEXT, Mask), 549 OFFSET(XctxLength, XSTATE_CONTEXT, Length), 550 OFFSET(XctxArea, XSTATE_CONTEXT, Area), 551 552 HEADER("XSAVE_AREA offsets"), 553 OFFSET(XsaHeader, XSAVE_AREA, Header), 554 SIZE(XsaHeaderLength, XSAVE_AREA_HEADER), 555 //CONSTANTX(XSAVE_ALIGN, _alignof(XSAVE_AREA)), 556 557 HEADER("Data access macros"), 558 RAW("#define USERDATA ds:[HEX(0FFDF0000)]"), 559 RAW("#define PCR fs:"), 560 561 #if (NTDDI_VERSION >= NTDDI_WIN8) 562 HEADER("KNODE offsets"), 563 OFFSET(NdIdleCpuSet, KNODE, IdleCpuSet), 564 #endif 565 566 //HEADER("ETW definitions for interrupt tracing"), 567 //SIZE(EtwTSLength, ???, TSLength), 568 569 //HEADER("WOW64 shared information block definitions"), 570 //OFFSET(PwWow64Info, ???, IdleCpuSet), 571 //OFFSET(WiCpuFlags, ???, IdleCpuSet), 572 //CONSTANT(WOW64_CPUFLAGS_SOFTWARE), 573 574 575 /// Unknown stuff: 576 577 CONSTANT(NPX_STATE_NOT_LOADED), 578 CONSTANT(NPX_STATE_LOADED), 579 //CONSTANT(NPX_MASK_LAZY), 580 581 // ReactOS stuff here 582 HEADER("KPCR"), 583 OFFSET(KPCR_EXCEPTION_LIST, KPCR, NtTib.ExceptionList), 584 OFFSET(KPCR_PERF_GLOBAL_GROUP_MASK, KIPCR, PerfGlobalGroupMask), 585 OFFSET(KPCR_CONTEXT_SWITCHES, KPCR, ContextSwitches), 586 OFFSET(KPCR_TEB, KIPCR, Used_Self), 587 OFFSET(KPCR_SELF, KIPCR, SelfPcr), 588 OFFSET(KPCR_PRCB, KPCR, Prcb), 589 OFFSET(KPCR_IDT, KIPCR, IDT), 590 OFFSET(KPCR_GDT, KIPCR, GDT), 591 OFFSET(KPCR_TSS, KPCR, TSS), 592 OFFSET(KPCR_STALL_SCALE_FACTOR, KPCR, StallScaleFactor), 593 OFFSET(KPCR_PRCB_DATA, KIPCR, PrcbData), 594 OFFSET(KPCR_CURRENT_THREAD, KIPCR, PrcbData.CurrentThread), 595 OFFSET(KPCR_PRCB_NEXT_THREAD, KIPCR, PrcbData.NextThread), 596 OFFSET(KPCR_PRCB_DPC_QUEUE_DEPTH, KIPCR, PrcbData.DpcData[0].DpcQueueDepth), 597 OFFSET(KPCR_PRCB_DPC_STACK, KIPCR, PrcbData.DpcStack), 598 OFFSET(KPCR_PRCB_MAXIMUM_DPC_QUEUE_DEPTH, KIPCR, PrcbData.MaximumDpcQueueDepth), 599 OFFSET(KPCR_PRCB_DPC_ROUTINE_ACTIVE, KIPCR, PrcbData.DpcRoutineActive), 600 OFFSET(KPCR_PRCB_TIMER_REQUEST, KIPCR, PrcbData.TimerRequest), 601 OFFSET(KPCR_PRCB_QUANTUM_END, KIPCR, PrcbData.QuantumEnd), 602 OFFSET(KPCR_PRCB_DEFERRED_READY_LIST_HEAD, KIPCR, PrcbData.DeferredReadyListHead), 603 OFFSET(KPCR_PRCB_POWER_STATE_IDLE_FUNCTION, KIPCR, PrcbData.PowerState.IdleFunction), 604 605 HEADER("KTRAP_FRAME"), 606 OFFSET(KTRAP_FRAME_DEBUGEBP, KTRAP_FRAME, DbgEbp), 607 OFFSET(KTRAP_FRAME_DEBUGEIP, KTRAP_FRAME, DbgEip), 608 OFFSET(KTRAP_FRAME_TEMPESP, KTRAP_FRAME, TempEsp), 609 OFFSET(KTRAP_FRAME_DR0, KTRAP_FRAME, Dr0), 610 OFFSET(KTRAP_FRAME_DR1, KTRAP_FRAME, Dr1), 611 OFFSET(KTRAP_FRAME_DR2, KTRAP_FRAME, Dr2), 612 OFFSET(KTRAP_FRAME_DR3, KTRAP_FRAME, Dr3), 613 OFFSET(KTRAP_FRAME_DR6, KTRAP_FRAME, Dr6), 614 OFFSET(KTRAP_FRAME_DR7, KTRAP_FRAME, Dr7), 615 OFFSET(KTRAP_FRAME_GS, KTRAP_FRAME, SegGs), 616 OFFSET(KTRAP_FRAME_ES, KTRAP_FRAME, SegEs), 617 OFFSET(KTRAP_FRAME_DS, KTRAP_FRAME, SegDs), 618 OFFSET(KTRAP_FRAME_EDX, KTRAP_FRAME, Edx), 619 OFFSET(KTRAP_FRAME_ECX, KTRAP_FRAME, Ecx), 620 OFFSET(KTRAP_FRAME_EAX, KTRAP_FRAME, Eax), 621 OFFSET(KTRAP_FRAME_PREVIOUS_MODE, KTRAP_FRAME, PreviousPreviousMode), 622 OFFSET(KTRAP_FRAME_EXCEPTION_LIST, KTRAP_FRAME, ExceptionList), 623 OFFSET(KTRAP_FRAME_FS, KTRAP_FRAME, SegFs), 624 OFFSET(KTRAP_FRAME_EDI, KTRAP_FRAME, Edi), 625 OFFSET(KTRAP_FRAME_ESI, KTRAP_FRAME, Esi), 626 OFFSET(KTRAP_FRAME_EBX, KTRAP_FRAME, Ebx), 627 OFFSET(KTRAP_FRAME_EBP, KTRAP_FRAME, Ebp), 628 OFFSET(KTRAP_FRAME_ERROR_CODE, KTRAP_FRAME, ErrCode), 629 OFFSET(KTRAP_FRAME_EIP, KTRAP_FRAME, Eip), 630 OFFSET(KTRAP_FRAME_CS, KTRAP_FRAME, SegCs), 631 OFFSET(KTRAP_FRAME_EFLAGS, KTRAP_FRAME, EFlags), 632 OFFSET(KTRAP_FRAME_ESP, KTRAP_FRAME, HardwareEsp), 633 OFFSET(KTRAP_FRAME_SS, KTRAP_FRAME, HardwareSegSs), 634 OFFSET(KTRAP_FRAME_V86_ES, KTRAP_FRAME, V86Es), 635 OFFSET(KTRAP_FRAME_V86_DS, KTRAP_FRAME, V86Ds), 636 OFFSET(KTRAP_FRAME_V86_FS, KTRAP_FRAME, V86Fs), 637 OFFSET(KTRAP_FRAME_V86_GS, KTRAP_FRAME, V86Gs), 638 SIZE(KTRAP_FRAME_SIZE, KTRAP_FRAME), 639 640 HEADER("CONTEXT"), 641 OFFSET(CONTEXT_FLAGS, CONTEXT, ContextFlags), 642 OFFSET(CONTEXT_SEGGS, CONTEXT, SegGs), 643 OFFSET(CONTEXT_SEGFS, CONTEXT, SegFs), 644 OFFSET(CONTEXT_SEGES, CONTEXT, SegEs), 645 OFFSET(CONTEXT_SEGDS, CONTEXT, SegDs), 646 OFFSET(CONTEXT_EDI, CONTEXT, Edi), 647 OFFSET(CONTEXT_ESI, CONTEXT, Esi), 648 OFFSET(CONTEXT_EBX, CONTEXT, Ebx), 649 OFFSET(CONTEXT_EDX, CONTEXT, Edx), 650 OFFSET(CONTEXT_ECX, CONTEXT, Ecx), 651 OFFSET(CONTEXT_EAX, CONTEXT, Eax), 652 OFFSET(CONTEXT_EBP, CONTEXT, Ebp), 653 OFFSET(CONTEXT_EIP, CONTEXT, Eip), 654 OFFSET(CONTEXT_SEGCS, CONTEXT, SegCs), 655 OFFSET(CONTEXT_EFLAGS, CONTEXT, EFlags), 656 OFFSET(CONTEXT_ESP, CONTEXT, Esp), 657 OFFSET(CONTEXT_SEGSS, CONTEXT, SegSs), 658 SIZE(CONTEXT_FRAME_LENGTH, CONTEXT), 659 660 HEADER("FIBER"), 661 OFFSET(FIBER_PARAMETER, FIBER, FiberData), 662 OFFSET(FIBER_EXCEPTION_LIST, FIBER, ExceptionList), 663 OFFSET(FIBER_STACK_BASE, FIBER, StackBase), 664 OFFSET(FIBER_STACK_LIMIT, FIBER, StackLimit), 665 OFFSET(FIBER_DEALLOCATION_STACK, FIBER, DeallocationStack), 666 OFFSET(FIBER_CONTEXT, FIBER, FiberContext), 667 OFFSET(FIBER_CONTEXT_FLAGS, FIBER, FiberContext.ContextFlags), 668 OFFSET(FIBER_CONTEXT_EAX, FIBER, FiberContext.Eax), 669 OFFSET(FIBER_CONTEXT_EBX, FIBER, FiberContext.Ebx), 670 OFFSET(FIBER_CONTEXT_ECX, FIBER, FiberContext.Ecx), 671 OFFSET(FIBER_CONTEXT_EDX, FIBER, FiberContext.Edx), 672 OFFSET(FIBER_CONTEXT_ESI, FIBER, FiberContext.Esi), 673 OFFSET(FIBER_CONTEXT_EDI, FIBER, FiberContext.Edi), 674 OFFSET(FIBER_CONTEXT_EBP, FIBER, FiberContext.Ebp), 675 OFFSET(FIBER_CONTEXT_EIP, FIBER, FiberContext.Eip), 676 OFFSET(FIBER_CONTEXT_ESP, FIBER, FiberContext.Esp), 677 OFFSET(FIBER_CONTEXT_DR6, FIBER, FiberContext.Dr6), 678 OFFSET(FIBER_CONTEXT_FLOAT_SAVE_CONTROL_WORD, FIBER, FiberContext.FloatSave.ControlWord), 679 OFFSET(FIBER_CONTEXT_FLOAT_SAVE_STATUS_WORD, FIBER, FiberContext.FloatSave.StatusWord), 680 OFFSET(FIBER_CONTEXT_FLOAT_SAVE_TAG_WORD, FIBER, FiberContext.FloatSave.TagWord), 681 OFFSET(FIBER_GUARANTEED_STACK_BYTES, FIBER, GuaranteedStackBytes), 682 OFFSET(FIBER_FLS_DATA, FIBER, FlsData), 683 OFFSET(FIBER_ACTIVATION_CONTEXT_STACK, FIBER, ActivationContextStackPointer), 684 685 HEADER("KTSS"), 686 OFFSET(KTSS_IOMAPBASE, KTSS, IoMapBase), 687 OFFSET(KTSS_ESP0, KTSS, Esp0), 688 689 HEADER("EXCEPTION_RECORD"), 690 OFFSET(EXCEPTION_RECORD_EXCEPTION_CODE, EXCEPTION_RECORD, ExceptionCode), 691 OFFSET(EXCEPTION_RECORD_EXCEPTION_FLAGS, EXCEPTION_RECORD, ExceptionFlags), 692 OFFSET(EXCEPTION_RECORD_EXCEPTION_RECORD, EXCEPTION_RECORD, ExceptionRecord), 693 OFFSET(EXCEPTION_RECORD_EXCEPTION_ADDRESS, EXCEPTION_RECORD, ExceptionAddress), 694 OFFSET(EXCEPTION_RECORD_NUMBER_PARAMETERS, EXCEPTION_RECORD, NumberParameters), 695 OFFSET(EXCEPTION_RECORD_EXCEPTION_ADDRESS, EXCEPTION_RECORD, ExceptionAddress), 696 SIZE(SIZEOF_EXCEPTION_RECORD, EXCEPTION_RECORD), 697 CONSTANT(EXCEPTION_RECORD_LENGTH), 698 699 HEADER("EXCEPTION_POINTERS"), 700 OFFSET(EXCEPTION_POINTERS_EXCEPTION_RECORD, EXCEPTION_POINTERS, ExceptionRecord), 701 OFFSET(EXCEPTION_POINTERS_CONTEXT_RECORD, EXCEPTION_POINTERS, ContextRecord), 702 SIZE(SIZEOF_EXCEPTION_POINTERS, EXCEPTION_POINTERS), 703 704 HEADER("KTHREAD"), 705 OFFSET(KTHREAD_DEBUG_ACTIVE, KTHREAD, Header.DebugActive), 706 OFFSET(KTHREAD_INITIAL_STACK, KTHREAD, InitialStack), 707 OFFSET(KTHREAD_STACK_LIMIT, KTHREAD, StackLimit), 708 OFFSET(KTHREAD_TEB, KTHREAD, Teb), 709 OFFSET(KTHREAD_KERNEL_STACK, KTHREAD, KernelStack), 710 OFFSET(KTHREAD_APCSTATE_PROCESS, KTHREAD, ApcState.Process), 711 OFFSET(KTHREAD_PENDING_KERNEL_APC, KTHREAD, ApcState.KernelApcPending), 712 OFFSET(KTHREAD_CONTEXT_SWITCHES, KTHREAD, ContextSwitches), 713 OFFSET(KTHREAD_STATE_, KTHREAD, State), 714 OFFSET(KTHREAD_NPX_STATE, KTHREAD, NpxState), 715 OFFSET(KTHREAD_WAIT_IRQL, KTHREAD, WaitIrql), 716 OFFSET(KTHREAD_WAIT_REASON, KTHREAD, WaitReason), 717 OFFSET(KTHREAD_COMBINED_APC_DISABLE, KTHREAD, CombinedApcDisable), 718 OFFSET(KTHREAD_SPECIAL_APC_DISABLE, KTHREAD, SpecialApcDisable), 719 OFFSET(KTHREAD_LARGE_STACK, KTHREAD, LargeStack), 720 OFFSET(KTHREAD_TRAP_FRAME, KTHREAD, TrapFrame), 721 OFFSET(KTHREAD_CALLBACK_STACK, KTHREAD, CallbackStack), 722 OFFSET(KTHREAD_APC_STATE_INDEX, KTHREAD, ApcStateIndex), 723 OFFSET(KTHREAD_STACK_BASE, KTHREAD, StackBase), 724 725 HEADER("KPROCESS"), 726 OFFSET(KPROCESS_DIRECTORY_TABLE_BASE, KPROCESS, DirectoryTableBase), 727 OFFSET(KPROCESS_LDT_DESCRIPTOR0, KPROCESS, LdtDescriptor), 728 OFFSET(KPROCESS_LDT_DESCRIPTOR1, KPROCESS, LdtDescriptor.HighWord), 729 OFFSET(KPROCESS_INT21_DESCRIPTOR0, KPROCESS, Int21Descriptor), 730 OFFSET(KPROCESS_INT21_DESCRIPTOR1, KPROCESS, Int21Descriptor.Access), 731 OFFSET(KPROCESS_IOPM_OFFSET, KPROCESS, IopmOffset), 732 733 HEADER("TEB"), 734 OFFSET(TEB_EXCEPTION_LIST, TEB, NtTib.ExceptionList), 735 OFFSET(TEB_STACK_BASE, TEB, NtTib.StackBase), 736 OFFSET(TEB_STACK_LIMIT, TEB, NtTib.StackLimit), 737 OFFSET(TEB_FIBER_DATA, TEB, NtTib.FiberData), 738 OFFSET(TEB_SELF, TEB, NtTib.Self), 739 OFFSET(TEB_PEB, TEB, ProcessEnvironmentBlock), 740 OFFSET(TEB_EXCEPTION_CODE, TEB, ExceptionCode), 741 OFFSET(TEB_ACTIVATION_CONTEXT_STACK_POINTER, TEB, ActivationContextStackPointer), 742 OFFSET(TEB_GL_TABLE, TEB, glTable), 743 OFFSET(TEB_DEALLOCATION_STACK, TEB, DeallocationStack), 744 OFFSET(TEB_GDI_BATCH_COUNT, TEB, GdiBatchCount), 745 OFFSET(TEB_GUARANTEED_STACK_BYTES, TEB, GuaranteedStackBytes), 746 OFFSET(TEB_FLS_DATA, TEB, FlsData), 747 748 HEADER("PEB"), 749 OFFSET(PEB_KERNEL_CALLBACK_TABLE, PEB, KernelCallbackTable), 750 751 HEADER("Misc"), 752 CONSTANT(NPX_FRAME_LENGTH), 753 CONSTANT(FN_CR0_NPX_STATE), 754 CONSTANT(FP_CONTROL_WORD), 755 CONSTANT(FP_STATUS_WORD), 756 CONSTANT(FP_TAG_WORD), 757 CONSTANT(FP_DATA_SELECTOR), 758 CONSTANT(CBSTACK_RESULT), 759 CONSTANT(CBSTACK_RESULT_LENGTH), 760 CONSTANT(CBSTACK_TRAP_FRAME), 761 CONSTANT(CBSTACK_CALLBACK_STACK), 762 SIZE(SIZEOF_FX_SAVE_AREA, FX_SAVE_AREA), 763 CONSTANT(KUSER_SHARED_SYSCALL), 764 CONSTANT(EXCEPTION_EXECUTE_HANDLER), 765 CONSTANT(STATUS_CALLBACK_POP_STACK), 766 CONSTANT(CONTEXT_ALIGNED_SIZE), 767 CONSTANT(PROCESSOR_FEATURE_FXSR), 768 CONSTANT(KUSER_SHARED_SYSCALL_RET), 769 CONSTANT(USER_SHARED_DATA), 770 CONSTANT(USER_SHARED_DATA_PROCESSOR_FEATURES), 771 772