1 2 RAW("include kxamd64.inc"), 3 4 HEADER("CPU type"), 5 CONSTANT(CPU_AMD), 6 CONSTANT(CPU_INTEL), 7 CONSTANT(CPU_VIA), 8 9 HEADER("CR0 flags"), 10 CONSTANT(CR0_PE), 11 CONSTANT(CR0_MP), 12 CONSTANT(CR0_EM), 13 CONSTANT(CR0_TS), 14 CONSTANT(CR0_ET), 15 CONSTANT(CR0_NE), 16 CONSTANT(CR0_WP), 17 CONSTANT(CR0_AM), 18 CONSTANT(CR0_NW), 19 CONSTANT(CR0_CD), 20 CONSTANT(CR0_PG), 21 22 HEADER("CR4 flags"), 23 CONSTANT(CR4_VME), 24 CONSTANT(CR4_PVI), 25 CONSTANT(CR4_TSD), 26 CONSTANT(CR4_DE), 27 CONSTANT(CR4_PSE), 28 CONSTANT(CR4_PAE), 29 CONSTANT(CR4_MCE), 30 CONSTANT(CR4_PGE), 31 CONSTANT(CR4_FXSR), 32 CONSTANT(CR4_XMMEXCPT), 33 CONSTANT(CR4_CHANNELS), // not in win 10 34 CONSTANT(CR4_XSAVE), 35 36 CONSTANT(DEBUG_ACTIVE_DR7), 37 CONSTANT(DEBUG_ACTIVE_INSTRUMENTED), 38 CONSTANT(DEBUG_ACTIVE_DBG_INSTRUMENTED), 39 CONSTANT(DEBUG_ACTIVE_MINIMAL_THREAD), 40 41 CONSTANT(DEBUG_ACTIVE_PRIMARY_THREAD), 42 CONSTANT(DEBUG_ACTIVE_PRIMARY_THREAD_BIT), 43 CONSTANT(DEBUG_ACTIVE_PRIMARY_THREAD_LOCK_BIT), 44 CONSTANT(DEBUG_ACTIVE_SCHEDULED_THREAD), 45 CONSTANT(DEBUG_ACTIVE_SCHEDULED_THREAD_BIT), 46 CONSTANT(DEBUG_ACTIVE_SCHEDULED_THREAD_LOCK), 47 CONSTANT(DEBUG_ACTIVE_SCHEDULED_THREAD_LOCK_BIT), 48 49 HEADER("DR7 debug control masks"), 50 CONSTANT(DR7_LEGAL), 51 CONSTANT(DR7_ACTIVE), 52 CONSTANT(DR7_TRACE_BRANCH), 53 CONSTANT(DR7_LAST_BRANCH), 54 55 HEADER("EFLAGS"), 56 CONSTANT(EFLAGS_TF_MASK), 57 CONSTANT(EFLAGS_TF_SHIFT), 58 CONSTANT(EFLAGS_IF_MASK), 59 CONSTANT(EFLAGS_IF_SHIFT), 60 CONSTANT(EFLAGS_ID_MASK), 61 CONSTANTX(EFLAGS_IF_BIT, EFLAGS_IF_MASK), 62 63 HEADER("Exception codes"), 64 CONSTANT(EXCEPTION_DIVIDED_BY_ZERO), 65 CONSTANT(EXCEPTION_DEBUG), 66 CONSTANT(EXCEPTION_NMI), 67 CONSTANT(EXCEPTION_INT3), 68 CONSTANT(EXCEPTION_BOUND_CHECK), 69 CONSTANT(EXCEPTION_INVALID_OPCODE), 70 CONSTANT(EXCEPTION_NPX_NOT_AVAILABLE), 71 CONSTANT(EXCEPTION_DOUBLE_FAULT), 72 CONSTANT(EXCEPTION_NPX_OVERRUN), 73 CONSTANT(EXCEPTION_INVALID_TSS), 74 CONSTANT(EXCEPTION_SEGMENT_NOT_PRESENT), 75 CONSTANT(EXCEPTION_STACK_FAULT), 76 CONSTANT(EXCEPTION_GP_FAULT), 77 CONSTANT(EXCEPTION_RESERVED_TRAP), 78 CONSTANT(EXCEPTION_NPX_ERROR), 79 CONSTANT(EXCEPTION_ALIGNMENT_CHECK), 80 81 HEADER("Legacy Floating Status Bit Masks"), 82 CONSTANT(FSW_INVALID_OPERATION), 83 CONSTANT(FSW_DENORMAL), 84 CONSTANT(FSW_ZERO_DIVIDE), 85 CONSTANT(FSW_OVERFLOW), 86 CONSTANT(FSW_UNDERFLOW), 87 CONSTANT(FSW_PRECISION), 88 CONSTANT(FSW_STACK_FAULT), 89 CONSTANT(FSW_ERROR_SUMMARY), 90 CONSTANT(FSW_CONDITION_CODE_0), 91 CONSTANT(FSW_CONDITION_CODE_1), 92 CONSTANT(FSW_CONDITION_CODE_2), 93 CONSTANT(FSW_CONDITION_CODE_3), 94 CONSTANT(FSW_ERROR_MASK), 95 96 HEADER("Hypervisor Enlightenment Definitions"), 97 //CONSTANT(HV_MMU_USE_HYPERCALL_FOR_ADDRESS_SWITCH), 98 //CONSTANT(HV_MMU_USE_HYPERCALL_FOR_LOCAL_FLUSH), 99 //CONSTANT(HV_MMU_USE_HYPERCALL_FOR_REMOTE_FLUSH), 100 //CONSTANT(HV_X64_MSR_APIC_EOI), // not win 10 101 //CONSTANT(HV_APIC_ENLIGHTENED), 102 //CONSTANT(HV_KE_USE_HYPERCALL_FOR_LONG_SPIN_WAIT), 103 //CONSTANT(HV_DEPRECATE_AUTO_EOI), // win 10 104 //CONSTANT(HV_X64_MSR_EOI), // win 10 105 //CONSTANT(HV_VIRTUAL_APIC_NO_EOI_REQUIRED), // win 10 106 //CONSTANT(HV_VIRTUAL_APIC_NO_EOI_REQUIRED_V), // not win 10 107 //CONSTANT(HvApicFlags), 108 109 CONSTANT(KEXCEPTION_ACTIVE_INTERRUPT_FRAME), 110 CONSTANT(KEXCEPTION_ACTIVE_EXCEPTION_FRAME), 111 CONSTANT(KEXCEPTION_ACTIVE_SERVICE_FRAME), 112 113 HEADER("KeFeatureBits flags"), 114 CONSTANT(KF_RDTSC), 115 CONSTANT(KF_CR4), 116 CONSTANT(KF_GLOBAL_PAGE), 117 CONSTANT(KF_LARGE_PAGE), 118 CONSTANT(KF_CMPXCHG8B), 119 CONSTANT(KF_FAST_SYSCALL), 120 CONSTANT(KF_BRANCH), // win 10 121 CONSTANT(KF_XSTATE), // win 10 122 CONSTANT(KF_XSAVEOPT_BIT), // win 10 123 CONSTANT(KF_XSTATE_BIT), // win 10 124 CONSTANT(KF_RDWRFSGSBASE_BIT), // win 10 125 126 HEADER("KGDT selectors"), 127 CONSTANT(KGDT64_NULL), 128 CONSTANT(KGDT64_R0_CODE), 129 CONSTANT(KGDT64_R0_DATA), 130 CONSTANT(KGDT64_R3_CMCODE), 131 CONSTANT(KGDT64_R3_DATA), 132 CONSTANT(KGDT64_R3_CODE), 133 CONSTANT(KGDT64_SYS_TSS), 134 CONSTANT(KGDT64_R3_CMTEB), 135 CONSTANT(KGDT64_R0_LDT), // win 10 136 137 //HEADER("MCE Recovery Context Flags Definitions"), 138 //CONSTANT(KMRC_ALTERNATE_CONTEXT), 139 //CONSTANT(KMRC_WORK_ITEM), 140 //CONSTANT(KMRC_OFFLINE_PAGE), 141 //CONSTANT(KMRC_TERMINATE_PROCESS), 142 143 HEADER("Machine type definitions"), 144 CONSTANT(MACHINE_TYPE_ISA), 145 CONSTANT(MACHINE_TYPE_EISA), 146 CONSTANT(MACHINE_TYPE_MCA), 147 148 HEADER("Machine Specific Register Numbers"), 149 CONSTANT(MSR_EFER), 150 CONSTANT(MSR_STAR), 151 CONSTANT(MSR_LSTAR), 152 CONSTANT(MSR_CSTAR), 153 CONSTANT(MSR_SYSCALL_MASK), 154 CONSTANT(MSR_FS_BASE), 155 CONSTANT(MSR_GS_BASE), 156 CONSTANT(MSR_GS_SWAP), 157 CONSTANT(MSR_MCG_STATUS), 158 CONSTANT(MSR_AMD_ACCESS), 159 CONSTANT(MSR_IA32_MISC_ENABLE), 160 161 HEADER("Flags for MSR_EFER"), 162 CONSTANT(MSR_LMA), 163 CONSTANT(MSR_LME), 164 CONSTANT(MSR_SCE), 165 CONSTANT(MSR_NXE), 166 CONSTANT(MSR_PAT), 167 CONSTANT(MSR_DEBUG_CTL), 168 CONSTANT(MSR_LAST_BRANCH_FROM), // not win 10 169 CONSTANT(MSR_LAST_BRANCH_TO), // not win 10 170 CONSTANT(MSR_LAST_EXCEPTION_FROM), // not win 10 171 CONSTANT(MSR_LAST_EXCEPTION_TO), // not win 10 172 173 HEADER("Flags for MSR_DEBUG_CTL"), 174 //CONSTANT(MSR_DEBUG_CTL_LBR), 175 //CONSTANT(MSR_DEBUG_CTL_BTF), 176 177 HEADER("Flags for MSR_IA32_MISC_ENABLE"), 178 //CONSTANT(MSR_XD_ENABLE_MASK), 179 180 HEADER("Argument Home Address"), 181 CONSTANT(P1Home), 182 CONSTANT(P2Home), 183 CONSTANT(P3Home), 184 CONSTANT(P4Home), 185 186 #if (NTDDI_VERSION >= NTDDI_WIN7) 187 HEADER("RTL_UMS_SCHEDULER_REASON Enum Definitions"), 188 CONSTANT(UmsSchedulerStartup), 189 CONSTANT(UmsSchedulerThreadBlocked), 190 CONSTANT(UmsSchedulerThreadYield), 191 192 HEADER("User mode context flag definitions"), 193 CONSTANT(UMSCTX_SCHEDULED_THREAD_BIT), 194 CONSTANT(UMSCTX_SUSPENDED_BIT), 195 CONSTANT(UMSCTX_VOLATILE_CONTEXT_BIT), 196 CONSTANT(UMSCTX_TERMINATED_BIT), 197 CONSTANT(UMSCTX_DEBUG_ACTIVE_BIT), 198 CONSTANT(UMSCTX_DENY_RUNNING_ON_SELF_THREAD_BIT), 199 CONSTANT(UMSCTX_SCHEDULED_THREAD_MASK), 200 CONSTANT(UMSCTX_SUSPENDED_MASK), 201 CONSTANT(UMSCTX_VOLATILE_CONTEXT_MASK), 202 CONSTANT(UMSCTX_TERMINATED_MASK), 203 CONSTANT(UMSCTX_DEBUG_ACTIVE_MASK), 204 CONSTANT(UMSCTX_DENY_RUNNING_ON_SELF_THREAD_MASK), 205 206 #endif /* (NTDDI_VERSION >= NTDDI_WIN7) */ 207 208 CONSTANT(XSTATE_MASK_LEGACY_FLOATING_POINT), 209 CONSTANT(XSTATE_MASK_LEGACY_SSE), 210 CONSTANT(XSTATE_MASK_LEGACY), 211 CONSTANT(XSTATE_MASK_GSSE), 212 213 HEADER("MXCSR Floating Control/Status Bit Masks"), 214 CONSTANT(XSW_INVALID_OPERATION), 215 CONSTANT(XSW_DENORMAL), 216 CONSTANT(XSW_ZERO_DIVIDE), 217 CONSTANT(XSW_OVERFLOW), 218 CONSTANT(XSW_UNDERFLOW), 219 CONSTANT(XSW_PRECISION), 220 CONSTANT(XSW_ERROR_MASK), 221 CONSTANT(XSW_ERROR_SHIFT), 222 CONSTANT(XCW_INVALID_OPERATION), 223 CONSTANT(XCW_DENORMAL), 224 CONSTANT(XCW_ZERO_DIVIDE), 225 CONSTANT(XCW_OVERFLOW), 226 CONSTANT(XCW_UNDERFLOW), 227 CONSTANT(XCW_PRECISION), 228 CONSTANT(XCW_ROUND_CONTROL), 229 CONSTANT(XCW_FLUSH_ZERO), 230 CONSTANT(INITIAL_FPCSR), 231 CONSTANT(INITIAL_MXCSR), 232 233 HEADER("Misc constants"), 234 CONSTANT(CONTEXT_XSTATE), 235 //CONSTANT(CONTEXT_EX_LENGTH), 236 CONSTANT(EVENT_INCREMENT), 237 //CONSTANT(KI_SPINLOCK_ORDER_PRCB_LOCK), 238 //CONSTANT(KTHREAD_UMS_DIRECTED_SWITCH_ENABLE_BIT), 239 //CONSTANT(KTHREAD_UMS_PERFORMING_SYSCALL_BIT), 240 //CONSTANT(KUMS_UCH_VOLATILE_BIT), 241 //CONSTANT(KUMS_UCH_VOLATILE_MASK), 242 CONSTANT(PF_COMPARE_EXCHANGE128), 243 //CONSTANT(PF_RDWRFSGSBASE_AVAILABLE), 244 //CONSTANT(UMS_TLS_THREAD_CONTEXT), 245 //CONSTANT(XHF_NOEXECUTE), 246 247 /// Field offsets 248 249 HEADER("CPU_INFO offsets"), 250 OFFSET(CpuEax, CPU_INFO, Eax), 251 OFFSET(CpuEbx, CPU_INFO, Ebx), 252 OFFSET(CpuEcx, CPU_INFO, Ecx), 253 OFFSET(CpuEdx, CPU_INFO, Edx), 254 255 HEADER("UCALLOUT_FRAME offsets (yes, Cu/Ck is ...)"), 256 OFFSET(CkBuffer, UCALLOUT_FRAME, Buffer), 257 OFFSET(CkLength, UCALLOUT_FRAME, Length), 258 OFFSET(CkApiNumber, UCALLOUT_FRAME, ApiNumber), 259 OFFSET(CkRsp, UCALLOUT_FRAME, MachineFrame.Rsp), 260 OFFSET(CkRip, UCALLOUT_FRAME, MachineFrame.Rip), 261 SIZE(CalloutFrameLength, UCALLOUT_FRAME), 262 263 HEADER("KCALLOUT_FRAME offsets (yes, Cu/Ck is ...)"), 264 OFFSET(CuTrapFrame, KCALLOUT_FRAME, TrapFrame), 265 OFFSET(CuOutputBuffer, KCALLOUT_FRAME, OutputBuffer), 266 OFFSET(CuOutputLength, KCALLOUT_FRAME, OutputLength), 267 268 HEADER("CONTEXT offsets"), 269 OFFSET(CxP1Home, CONTEXT, P1Home), 270 OFFSET(CxP2Home, CONTEXT, P2Home), 271 OFFSET(CxP3Home, CONTEXT, P3Home), 272 OFFSET(CxP4Home, CONTEXT, P4Home), 273 OFFSET(CxP5Home, CONTEXT, P5Home), 274 OFFSET(CxP6Home, CONTEXT, P6Home), 275 OFFSET(CxContextFlags, CONTEXT, ContextFlags), 276 OFFSET(CxMxCsr, CONTEXT, MxCsr), 277 OFFSET(CxSegCs, CONTEXT, SegCs), 278 OFFSET(CxSegDs, CONTEXT, SegDs), 279 OFFSET(CxSegEs, CONTEXT, SegEs), 280 OFFSET(CxSegFs, CONTEXT, SegFs), 281 OFFSET(CxSegGs, CONTEXT, SegGs), 282 OFFSET(CxSegSs, CONTEXT, SegSs), 283 OFFSET(CxEFlags, CONTEXT, EFlags), 284 OFFSET(CxDr0, CONTEXT, Dr0), 285 OFFSET(CxDr1, CONTEXT, Dr1), 286 OFFSET(CxDr2, CONTEXT, Dr2), 287 OFFSET(CxDr3, CONTEXT, Dr3), 288 OFFSET(CxDr6, CONTEXT, Dr6), 289 OFFSET(CxDr7, CONTEXT, Dr7), 290 OFFSET(CxRax, CONTEXT, Rax), 291 OFFSET(CxRcx, CONTEXT, Rcx), 292 OFFSET(CxRdx, CONTEXT, Rdx), 293 OFFSET(CxRbx, CONTEXT, Rbx), 294 OFFSET(CxRsp, CONTEXT, Rsp), 295 OFFSET(CxRbp, CONTEXT, Rbp), 296 OFFSET(CxRsi, CONTEXT, Rsi), 297 OFFSET(CxRdi, CONTEXT, Rdi), 298 OFFSET(CxR8, CONTEXT, R8), 299 OFFSET(CxR9, CONTEXT, R9), 300 OFFSET(CxR10, CONTEXT, R10), 301 OFFSET(CxR11, CONTEXT, R11), 302 OFFSET(CxR12, CONTEXT, R12), 303 OFFSET(CxR13, CONTEXT, R13), 304 OFFSET(CxR14, CONTEXT, R14), 305 OFFSET(CxR15, CONTEXT, R15), 306 OFFSET(CxRip, CONTEXT, Rip), 307 OFFSET(CxFltSave, CONTEXT, FltSave), 308 OFFSET(CxXmm0, CONTEXT, Xmm0), 309 OFFSET(CxXmm1, CONTEXT, Xmm1), 310 OFFSET(CxXmm2, CONTEXT, Xmm2), 311 OFFSET(CxXmm3, CONTEXT, Xmm3), 312 OFFSET(CxXmm4, CONTEXT, Xmm4), 313 OFFSET(CxXmm5, CONTEXT, Xmm5), 314 OFFSET(CxXmm6, CONTEXT, Xmm6), 315 OFFSET(CxXmm7, CONTEXT, Xmm7), 316 OFFSET(CxXmm8, CONTEXT, Xmm8), 317 OFFSET(CxXmm9, CONTEXT, Xmm9), 318 OFFSET(CxXmm10, CONTEXT, Xmm10), 319 OFFSET(CxXmm11, CONTEXT, Xmm11), 320 OFFSET(CxXmm12, CONTEXT, Xmm12), 321 OFFSET(CxXmm13, CONTEXT, Xmm13), 322 OFFSET(CxXmm14, CONTEXT, Xmm14), 323 OFFSET(CxXmm15, CONTEXT, Xmm15), 324 OFFSET(CxDebugControl, CONTEXT, DebugControl), 325 OFFSET(CxLastBranchToRip, CONTEXT, LastBranchToRip), 326 OFFSET(CxLastBranchFromRip, CONTEXT, LastBranchFromRip), 327 OFFSET(CxLastExceptionToRip, CONTEXT, LastExceptionToRip), 328 OFFSET(CxLastExceptionFromRip, CONTEXT, LastExceptionFromRip), 329 OFFSET(CxVectorControl, CONTEXT, VectorControl), 330 OFFSET(CxVectorRegister, CONTEXT, VectorRegister), 331 SIZE(CONTEXT_FRAME_LENGTH, CONTEXT), 332 333 HEADER("DISPATCHER_CONTEXT"), 334 OFFSET(DcControlPc, DISPATCHER_CONTEXT, ControlPc), 335 OFFSET(DcImageBase, DISPATCHER_CONTEXT, ImageBase), 336 OFFSET(DcFunctionEntry, DISPATCHER_CONTEXT, FunctionEntry), 337 OFFSET(DcEstablisherFrame, DISPATCHER_CONTEXT, EstablisherFrame), 338 OFFSET(DcTargetIp, DISPATCHER_CONTEXT, TargetIp), 339 OFFSET(DcContextRecord, DISPATCHER_CONTEXT, ContextRecord), 340 OFFSET(DcLanguageHandler, DISPATCHER_CONTEXT, LanguageHandler), 341 OFFSET(DcHandlerData, DISPATCHER_CONTEXT, HandlerData), 342 OFFSET(DcHistoryTable, DISPATCHER_CONTEXT, HistoryTable), 343 OFFSET(DcScopeIndex, DISPATCHER_CONTEXT, ScopeIndex), 344 345 // DPC Stack Frame Defintions 346 //OFFSET(DpRsp, ????, Rsp), // 0x0040 347 //OFFSET(DpRip, ????, Rip), // 0x0028 348 349 HEADER("KEXCEPTION_FRAME offsets"), 350 OFFSET(ExP1Home, KEXCEPTION_FRAME, P1Home), 351 OFFSET(ExP2Home, KEXCEPTION_FRAME, P2Home), 352 OFFSET(ExP3Home, KEXCEPTION_FRAME, P3Home), 353 OFFSET(ExP4Home, KEXCEPTION_FRAME, P4Home), 354 OFFSET(ExP5, KEXCEPTION_FRAME, P5), 355 OFFSET(ExXmm6, KEXCEPTION_FRAME, Xmm6), 356 OFFSET(ExXmm7, KEXCEPTION_FRAME, Xmm7), 357 OFFSET(ExXmm8, KEXCEPTION_FRAME, Xmm8), 358 OFFSET(ExXmm9, KEXCEPTION_FRAME, Xmm9), 359 OFFSET(ExXmm10, KEXCEPTION_FRAME, Xmm10), 360 OFFSET(ExXmm11, KEXCEPTION_FRAME, Xmm11), 361 OFFSET(ExXmm12, KEXCEPTION_FRAME, Xmm12), 362 OFFSET(ExXmm13, KEXCEPTION_FRAME, Xmm13), 363 OFFSET(ExXmm14, KEXCEPTION_FRAME, Xmm14), 364 OFFSET(ExXmm15, KEXCEPTION_FRAME, Xmm15), 365 OFFSET(ExMxCsr, KEXCEPTION_FRAME, MxCsr), 366 OFFSET(ExRbp, KEXCEPTION_FRAME, Rbp), 367 OFFSET(ExRbx, KEXCEPTION_FRAME, Rbx), 368 OFFSET(ExRdi, KEXCEPTION_FRAME, Rdi), 369 OFFSET(ExRsi, KEXCEPTION_FRAME, Rsi), 370 OFFSET(ExR12, KEXCEPTION_FRAME, R12), 371 OFFSET(ExR13, KEXCEPTION_FRAME, R13), 372 OFFSET(ExR14, KEXCEPTION_FRAME, R14), 373 OFFSET(ExR15, KEXCEPTION_FRAME, R15), 374 OFFSET(ExReturn, KEXCEPTION_FRAME, Return), 375 SIZE(KEXCEPTION_FRAME_LENGTH, KEXCEPTION_FRAME), 376 377 HEADER("JUMP_BUFFER"), 378 OFFSET(JbFrame, _JUMP_BUFFER, Frame), 379 OFFSET(JbRbx, _JUMP_BUFFER, Rbx), 380 OFFSET(JbRsp, _JUMP_BUFFER, Rsp), 381 OFFSET(JbRbp, _JUMP_BUFFER, Rbp), 382 OFFSET(JbRsi, _JUMP_BUFFER, Rsi), 383 OFFSET(JbRdi, _JUMP_BUFFER, Rdi), 384 OFFSET(JbR12, _JUMP_BUFFER, R12), 385 OFFSET(JbR13, _JUMP_BUFFER, R13), 386 OFFSET(JbR14, _JUMP_BUFFER, R14), 387 OFFSET(JbR15, _JUMP_BUFFER, R15), 388 OFFSET(JbRip, _JUMP_BUFFER, Rip), 389 //OFFSET(JbMxCsr, _JUMP_BUFFER, MxCsr), 390 //OFFSET(JbFpCsr, _JUMP_BUFFER, FpCsr), 391 //OFFSET(JbSpare, _JUMP_BUFFER, Spare), 392 OFFSET(JbXmm6, _JUMP_BUFFER, Xmm6), 393 OFFSET(JbXmm7, _JUMP_BUFFER, Xmm7), 394 OFFSET(JbXmm8, _JUMP_BUFFER, Xmm8), 395 OFFSET(JbXmm9, _JUMP_BUFFER, Xmm9), 396 OFFSET(JbXmm10, _JUMP_BUFFER, Xmm10), 397 OFFSET(JbXmm11, _JUMP_BUFFER, Xmm11), 398 OFFSET(JbXmm12, _JUMP_BUFFER, Xmm12), 399 OFFSET(JbXmm13, _JUMP_BUFFER, Xmm13), 400 OFFSET(JbXmm14, _JUMP_BUFFER, Xmm14), 401 OFFSET(JbXmm15, _JUMP_BUFFER, Xmm15), 402 403 HEADER("XSAVE_FORMAT offsets"), 404 OFFSET(LfControlWord, XSAVE_FORMAT, ControlWord), 405 OFFSET(LfStatusWord, XSAVE_FORMAT, StatusWord), 406 OFFSET(LfTagWord, XSAVE_FORMAT, TagWord), 407 OFFSET(LfErrorOpcode, XSAVE_FORMAT, ErrorOpcode), 408 OFFSET(LfErrorOffset, XSAVE_FORMAT, ErrorOffset), 409 OFFSET(LfErrorSelector, XSAVE_FORMAT, ErrorSelector), 410 OFFSET(LfDataOffset, XSAVE_FORMAT, DataOffset), 411 OFFSET(LfDataSelector, XSAVE_FORMAT, DataSelector), 412 OFFSET(LfMxCsr, XSAVE_FORMAT, MxCsr), 413 OFFSET(LfMxCsr_Mask, XSAVE_FORMAT, MxCsr_Mask), 414 OFFSET(LfFloatRegisters, XSAVE_FORMAT, FloatRegisters), 415 OFFSET(LfXmmRegisters, XSAVE_FORMAT, XmmRegisters), 416 417 HEADER("KGDTENTRY64 offsets"), 418 OFFSET(KgdtBaseLow, KGDTENTRY64, BaseLow), 419 OFFSET(KgdtBaseMiddle, KGDTENTRY64, Bytes.BaseMiddle), 420 OFFSET(KgdtBaseHigh, KGDTENTRY64, Bytes.BaseHigh), 421 OFFSET(KgdtBaseUpper, KGDTENTRY64, BaseUpper), 422 OFFSET(KgdtLimitHigh, KGDTENTRY64, Bytes.Flags2), 423 OFFSET(KgdtLimitLow, KGDTENTRY64, LimitLow), 424 //CONSTANT(KGDT_LIMIT_ENCODE_MASK), 425 426 HEADER("MACHINE_FRAME offsets"), 427 OFFSET(MfRip, MACHINE_FRAME, Rip), 428 OFFSET(MfSegCs, MACHINE_FRAME, SegCs), 429 OFFSET(MfEFlags, MACHINE_FRAME, EFlags), 430 OFFSET(MfRsp, MACHINE_FRAME, Rsp), 431 OFFSET(MfSegSs, MACHINE_FRAME, SegSs), 432 SIZE(MachineFrameLength, MACHINE_FRAME), 433 434 // MCE Recovery Context Offset Definitions 435 //OFFSET(MrcFlags, ????, Flags), 436 //OFFSET(MrcPhysicalAddress, ????, PhysicalAddress), 437 //SIZE(MceRecoveryContextLength, ????), 438 439 HEADER("KPRCB offsets"), 440 OFFSET(PbMxCsr, KPRCB, MxCsr), 441 OFFSET(PbNumber, KPRCB, Number), 442 OFFSET(PbInterruptRequest, KPRCB, InterruptRequest), 443 OFFSET(PbIdleHalt, KPRCB, IdleHalt), 444 OFFSET(PbCurrentThread, KPRCB, CurrentThread), 445 OFFSET(PbNextThread, KPRCB, NextThread), 446 OFFSET(PbIdleThread, KPRCB, IdleThread), 447 OFFSET(PbNestingLevel, KPRCB, NestingLevel), 448 OFFSET(PbRspBase, KPRCB, RspBase), 449 OFFSET(PbPrcbLock, KPRCB, PrcbLock), 450 #if (NTDDI_VERSION >= NTDDI_VISTA) 451 OFFSET(PbPriorityState, KPRCB, PriorityState), 452 #endif /* (NTDDI_VERSION >= NTDDI_VISTA) */ 453 OFFSET(PbSetMember, KPRCB, SetMember), 454 OFFSET(PbProcessorState, KPRCB, ProcessorState), 455 OFFSET(PbCpuType, KPRCB, CpuType), 456 OFFSET(PbCpuID, KPRCB, CpuID), 457 OFFSET(PbCpuStep, KPRCB, CpuStep), 458 OFFSET(PbHalReserved, KPRCB, HalReserved), 459 OFFSET(PbMinorVersion, KPRCB, MinorVersion), 460 OFFSET(PbMajorVersion, KPRCB, MajorVersion), 461 OFFSET(PbBuildType, KPRCB, BuildType), 462 OFFSET(PbCpuVendor, KPRCB, CpuVendor), 463 //OFFSET(PbCoresPerPhysicalProcessor, KPRCB, CoresPerPhysicalProcessor), 464 //OFFSET(PbLogicalProcessorsPerCore, KPRCB, LogicalProcessorsPerCore), 465 //OFFSET(PbGroup, KPRCB, Group), 466 //OFFSET(PbGroupIndex, KPRCB, GroupIndex), 467 OFFSET(PbApicMask, KPRCB, ApicMask), 468 OFFSET(PbCFlushSize, KPRCB, CFlushSize), 469 OFFSET(PbAcpiReserved, KPRCB, AcpiReserved), 470 OFFSET(PbInitialApicId, KPRCB, InitialApicId), 471 //OFFSET(PbStride, KPRCB, Stride), 472 OFFSET(PbLockQueue, KPRCB, LockQueue), 473 OFFSET(PbPPLookasideList, KPRCB, PPLookasideList), 474 OFFSET(PbPPNPagedLookasideList, KPRCB, PPNPagedLookasideList), 475 OFFSET(PbPPPagedLookasideList, KPRCB, PPPagedLookasideList), 476 OFFSET(PbPacketBarrier, KPRCB, PacketBarrier), 477 OFFSET(PbDeferredReadyListHead, KPRCB, DeferredReadyListHead), 478 OFFSET(PbLookasideIrpFloat, KPRCB, LookasideIrpFloat), 479 //OFFSET(PbSystemCalls, KPRCB, KeSystemCalls), 480 //OFFSET(PbReadOperationCount, KPRCB, IoReadOperationCount), 481 //OFFSET(PbWriteOperationCount, KPRCB, IoWriteOperationCount), 482 //OFFSET(PbOtherOperationCount, KPRCB, IoOtherOperationCount), 483 //OFFSET(PbReadTransferCount, KPRCB, IoReadTransferCount), 484 //OFFSET(PbWriteTransferCount, KPRCB, IoWriteTransferCount), 485 //OFFSET(PbOtherTransferCount, KPRCB, IoOtherTransferCount), 486 //OFFSET(PbContextSwitches, KPRCB, KeContextSwitches), 487 //OFFSET(PbLdtSelector, KPRCB, LdtSelector), 488 OFFSET(PbTargetSet, KPRCB, TargetSet), 489 //OFFSET(PbTargetCount, KPRCB, TargetCount), 490 OFFSET(PbIpiFrozen, KPRCB, IpiFrozen), 491 OFFSET(PbRequestMailbox, KPRCB, RequestMailbox), 492 OFFSET(PbSenderSummary, KPRCB, SenderSummary), 493 //OFFSET(PbDpcListHead, KPRCB, DpcListHead), 494 //OFFSET(PbDpcList, KPRCB, DpcList), 495 //OFFSET(PbDpcLock, KPRCB, DpcLock), 496 //OFFSET(PbDpcQueueDepth, KPRCB, DpcQueueDepth), 497 //OFFSET(PbDpcCount, KPRCB, DpcCount), 498 OFFSET(PbDpcStack, KPRCB, DpcStack), 499 OFFSET(PbMaximumDpcQueueDepth, KPRCB, MaximumDpcQueueDepth), 500 OFFSET(PbDpcRequestRate, KPRCB, DpcRequestRate), 501 OFFSET(PbMinimumDpcRate, KPRCB, MinimumDpcRate), 502 //OFFSET(PbDpcRequestSummary, KPRCB, DpcRequestSummary), 503 //OFFSET(PbNormalDpcState, KPRCB, NormalDpcState), 504 OFFSET(PbDpcInterruptRequested, KPRCB, DpcInterruptRequested), 505 OFFSET(PbDpcThreadRequested, KPRCB, DpcThreadRequested), 506 OFFSET(PbDpcRoutineActive, KPRCB, DpcRoutineActive), 507 OFFSET(PbDpcThreadActive, KPRCB, DpcThreadActive), 508 OFFSET(PbTimerHand, KPRCB, TimerHand), 509 OFFSET(PbTimerRequest, KPRCB, TimerRequest), 510 OFFSET(PbTickOffset, KPRCB, TickOffset), 511 //OFFSET(PbInterruptObject, KPRCB, InterruptObject), 512 OFFSET(PbMasterOffset, KPRCB, MasterOffset), 513 OFFSET(PbDpcLastCount, KPRCB, DpcLastCount), 514 OFFSET(PbQuantumEnd, KPRCB, QuantumEnd), 515 OFFSET(PbDpcSetEventRequest, KPRCB, DpcSetEventRequest), 516 OFFSET(PbIdleSchedule, KPRCB, IdleSchedule), 517 OFFSET(PbReadySummary, KPRCB, ReadySummary), 518 OFFSET(PbDispatcherReadyListHead, KPRCB, DispatcherReadyListHead), 519 OFFSET(PbInterruptCount, KPRCB, InterruptCount), 520 OFFSET(PbKernelTime, KPRCB, KernelTime), 521 OFFSET(PbUserTime, KPRCB, UserTime), 522 OFFSET(PbDpcTime, KPRCB, DpcTime), 523 OFFSET(PbInterruptTime, KPRCB, InterruptTime), 524 OFFSET(PbAdjustDpcThreshold, KPRCB, AdjustDpcThreshold), 525 OFFSET(PbSkipTick, KPRCB, SkipTick), 526 OFFSET(PbPollSlot, KPRCB, PollSlot), 527 OFFSET(PbParentNode, KPRCB, ParentNode), 528 OFFSET(PbMultiThreadProcessorSet, KPRCB, MultiThreadProcessorSet), 529 OFFSET(PbMultiThreadSetMaster, KPRCB, MultiThreadSetMaster), 530 //OFFSET(PbStartCycles, KPRCB, StartCycles), 531 OFFSET(PbPageColor, KPRCB, PageColor), 532 OFFSET(PbNodeColor, KPRCB, NodeColor), 533 OFFSET(PbNodeShiftedColor, KPRCB,NodeShiftedColor), 534 OFFSET(PbSecondaryColorMask, KPRCB, SecondaryColorMask), 535 OFFSET(PbSleeping, KPRCB, Sleeping), 536 //OFFSET(PbCycleTime, KPRCB, CycleTime), 537 //OFFSET(PbFastReadNoWait, KPRCB, FastReadNoWait), 538 //OFFSET(PbFastReadWait, KPRCB, FastReadWait), 539 //OFFSET(PbFastReadNotPossible, KPRCB, FastReadNotPossible), 540 //OFFSET(PbCopyReadNoWait, KPRCB, CopyReadNoWait), 541 //OFFSET(PbCopyReadWait, KPRCB, CopyReadWait), 542 //OFFSET(PbCopyReadNoWaitMiss, KPRCB, CopyReadNoWaitMiss), 543 //OFFSET(PbAlignmentFixupCount, KPRCB, AlignmentFixupCount), 544 //OFFSET(PbExceptionDispatchCount, KPRCB, ExceptionDispatchCount), 545 //OFFSET(PbKeSpinLockOrdering, KPRCB, KeSpinLockOrdering), 546 OFFSET(PbVendorString, KPRCB, VendorString), 547 OFFSET(PbPowerState, KPRCB, PowerState), 548 //OFFSET(PbContext, KPRCB, Context), 549 //OFFSET(PbIsrStack, KPRCB, IsrStack), 550 //OFFSET(PbEntropyCount, KPRCB, EntropyTimingState.EntropyCount), 551 //OFFSET(PbEntropyBuffer, KPRCB, EntropyTimingState.Buffer), 552 //OFFSET(PbMailbox, KPRCB, Mailbox), 553 SIZE(ProcessorBlockLength, KPRCB), 554 555 HEADER("KPCR"), 556 //OFFSET(PcGdt, KPCR, Gdt), 557 //OFFSET(PcTss, KPCR, Tss), 558 OFFSET(PcUserRsp, KPCR, UserRsp), 559 OFFSET(PcSelf, KPCR, Self), 560 OFFSET(PcCurrentPrcb, KPCR, CurrentPrcb), 561 OFFSET(PcLockArray, KPCR, LockArray), 562 //OFFSET(PcTeb, KPCR, Teb), 563 //OFFSET(PcIdt, KPCR, Idt), 564 OFFSET(PcIrql, KPCR, Irql), 565 OFFSET(PcStallScaleFactor, KPCR, StallScaleFactor), 566 OFFSET(PcHalReserved, KPCR, HalReserved), 567 //OFFSET(PcPrcb, KPCR, Prcb), 568 //OFFSET(PcMxCsr, KPCR, MxCsr), 569 //OFFSET(PcNumber, KPCR, Number), 570 //OFFSET(PcInterruptRequest, KPCR, InterruptRequest), 571 //OFFSET(PcIdleHalt, KPCR, IdleHalt), 572 OFFSET(PcCurrentThread, KIPCR, Prcb.CurrentThread), 573 //OFFSET(PcNextThread, KPCR, NextThread), 574 //OFFSET(PcIdleThread, KPCR, IdleThread), 575 //OFFSET(PcIpiFrozen, KPCR, IpiFrozen), 576 //OFFSET(PcNestingLevel, KPCR, NestingLevel), 577 OFFSET(PcRspBase, KIPCR, Prcb.RspBase), 578 //OFFSET(PcPrcbLock, KPCR, PrcbLock), 579 OFFSET(PcSetMember, KIPCR, Prcb.SetMember), 580 #if 0 581 OFFSET(PcCr0, KIPCR, Prcb.Cr0), 582 OFFSET(PcCr2, KIPCR, Prcb.Cr2), 583 OFFSET(PcCr3, KIPCR, Prcb.Cr3), 584 OFFSET(PcCr4, KIPCR, Prcb.Cr4), 585 OFFSET(PcKernelDr0, KIPCR, Prcb.KernelDr0), 586 OFFSET(PcKernelDr1, KIPCR, Prcb.KernelDr1), 587 OFFSET(PcKernelDr2, KIPCR, Prcb.KernelDr2), 588 OFFSET(PcKernelDr3, KIPCR, Prcb.KernelDr3), 589 OFFSET(PcKernelDr7, KIPCR, Prcb.KernelDr7), 590 OFFSET(PcGdtrLimit, KIPCR, Prcb.GdtrLimit), 591 OFFSET(PcGdtrBase, KIPCR, Prcb.GdtrBase), 592 OFFSET(PcIdtrLimit, KIPCR, IdtrLimit), 593 OFFSET(PcIdtrBase, KIPCR, IdtrBase), 594 OFFSET(PcTr, KIPCR, Tr), 595 OFFSET(PcLdtr, KIPCR, Ldtr), 596 OFFSET(PcDebugControl, KIPCR, DebugControl), 597 OFFSET(PcLastBranchToRip, KIPCR, LastBranchToRip), 598 OFFSET(PcLastBranchFromRip, KIPCR, LastBranchFromRip), 599 OFFSET(PcLastExceptionToRip, KIPCR, LastExceptionToRip), 600 OFFSET(PcLastExceptionFromRip, KIPCR, LastExceptionFromRip), 601 OFFSET(PcCr8, KIPCR, Cr8), 602 #endif 603 OFFSET(PcCpuType, KIPCR, Prcb.CpuType), 604 OFFSET(PcCpuID, KIPCR, Prcb.CpuID), 605 OFFSET(PcCpuStep, KIPCR, Prcb.CpuStep), 606 OFFSET(PcCpuVendor, KIPCR, Prcb.CpuVendor), 607 OFFSET(PcCFlushSize, KIPCR, Prcb.CFlushSize), 608 OFFSET(PcDeferredReadyListHead, KIPCR, Prcb.DeferredReadyListHead), 609 OFFSET(PcSystemCalls, KIPCR, Prcb.KeSystemCalls), 610 OFFSET(PcDpcRoutineActive, KIPCR, Prcb.DpcRoutineActive), 611 OFFSET(PcInterruptCount, KIPCR, Prcb.InterruptCount), 612 OFFSET(PcDebuggerSavedIRQL, KIPCR, Prcb.DebuggerSavedIRQL), 613 OFFSET(PcTickOffset, KIPCR, Prcb.TickOffset), 614 OFFSET(PcMasterOffset, KIPCR, Prcb.MasterOffset), 615 OFFSET(PcSkipTick, KIPCR, Prcb.SkipTick), 616 #if (NTDDI_VERSION >= NTDDI_LONGHORN) 617 OFFSET(PcVirtualApicAssist, KIPCR, Prcb.VirtualApicAssist), 618 OFFSET(PcStartCycles, KIPCR, Prcb.StartCycles), 619 #endif 620 //OFFSET(PcFeatureBits, KIPCR, Prcb.FeatureBits), 621 //OFFSET(PcNmiActive, KIPCR, Prcb.NmiActive), 622 //OFFSET(PcDeepSleep, KIPCR, Prcb.DeepSleep), 623 SIZE(ProcessorControlRegisterLength, KIPCR), 624 625 HEADER("KPROCESSOR_START_BLOCK offsets"), 626 OFFSET(PsbCompletionFlag, KPROCESSOR_START_BLOCK, CompletionFlag), 627 OFFSET(PsbFlags, KPROCESSOR_START_BLOCK, Flags), 628 OFFSET(PsbGdt32, KPROCESSOR_START_BLOCK, Gdt32), 629 OFFSET(PsbIdt32, KPROCESSOR_START_BLOCK, Idt32), 630 OFFSET(PsbGdt, KPROCESSOR_START_BLOCK, Gdt), 631 OFFSET(PsbTiledMemoryMap, KPROCESSOR_START_BLOCK, TiledMemoryMap), 632 OFFSET(PsbPmTarget, KPROCESSOR_START_BLOCK, PmTarget), 633 OFFSET(PsbLmIdentityTarget, KPROCESSOR_START_BLOCK, LmIdentityTarget), 634 OFFSET(PsbLmTarget, KPROCESSOR_START_BLOCK, LmTarget), 635 OFFSET(PsbSelfMap, KPROCESSOR_START_BLOCK, SelfMap), 636 OFFSET(PsbMsrPat, KPROCESSOR_START_BLOCK, MsrPat), 637 OFFSET(PsbMsrEFER, KPROCESSOR_START_BLOCK, MsrEFER), 638 OFFSET(PsbProcessorState, KPROCESSOR_START_BLOCK, ProcessorState), 639 SIZE(ProcessorStartBlockLength, KPROCESSOR_START_BLOCK), 640 CONSTANT(PROCESSOR_START_FLAG_FORCE_ENABLE_NX), 641 642 HEADER("KPROCESSOR_STATE offsets"), 643 OFFSET(PsSpecialRegisters, KPROCESSOR_STATE, SpecialRegisters), 644 OFFSET(PsCr0, KPROCESSOR_STATE, SpecialRegisters.Cr0), 645 OFFSET(PsCr2, KPROCESSOR_STATE, SpecialRegisters.Cr2), 646 OFFSET(PsCr3, KPROCESSOR_STATE, SpecialRegisters.Cr3), 647 OFFSET(PsCr4, KPROCESSOR_STATE, SpecialRegisters.Cr4), 648 OFFSET(PsKernelDr0, KPROCESSOR_STATE, SpecialRegisters.KernelDr0), 649 OFFSET(PsKernelDr1, KPROCESSOR_STATE, SpecialRegisters.KernelDr1), 650 OFFSET(PsKernelDr2, KPROCESSOR_STATE, SpecialRegisters.KernelDr2), 651 OFFSET(PsKernelDr3, KPROCESSOR_STATE, SpecialRegisters.KernelDr3), 652 OFFSET(PsKernelDr6, KPROCESSOR_STATE, SpecialRegisters.KernelDr6), 653 OFFSET(PsKernelDr7, KPROCESSOR_STATE, SpecialRegisters.KernelDr7), 654 OFFSET(PsGdtr, KPROCESSOR_STATE, SpecialRegisters.Gdtr), 655 OFFSET(PsIdtr, KPROCESSOR_STATE, SpecialRegisters.Idtr), 656 OFFSET(PsTr, KPROCESSOR_STATE, SpecialRegisters.Tr), 657 OFFSET(PsLdtr, KPROCESSOR_STATE, SpecialRegisters.Ldtr), 658 OFFSET(PsMxCsr, KPROCESSOR_STATE, SpecialRegisters.MxCsr), 659 //OFFSET(PsMsrGsBase, KPROCESSOR_STATE, MsrGsBase), 660 //OFFSET(PsMsrGsSwap, KPROCESSOR_STATE, MsrGsSwap), 661 //OFFSET(PsMsrStar, KPROCESSOR_STATE, MsrStar), 662 //OFFSET(PsMsrLStar, KPROCESSOR_STATE, MsrLStar), 663 //OFFSET(PsMsrCStar, KPROCESSOR_STATE, MsrCStar), 664 //OFFSET(PsMsrSyscallMask, KPROCESSOR_STATE, MsrSyscallMask), 665 //OFFSET(PsXcr0, KPROCESSOR_STATE, Xcr0), 666 OFFSET(PsContextFrame, KPROCESSOR_STATE, ContextFrame), 667 OFFSET(PsDebugControl, KPROCESSOR_STATE, SpecialRegisters.DebugControl), 668 OFFSET(PsLastBranchToRip, KPROCESSOR_STATE, SpecialRegisters.LastBranchToRip), 669 OFFSET(PsLastBranchFromRip, KPROCESSOR_STATE, SpecialRegisters.LastBranchFromRip), 670 OFFSET(PsLastExceptionToRip, KPROCESSOR_STATE, SpecialRegisters.LastExceptionToRip), 671 OFFSET(PsLastExceptionFromRip, KPROCESSOR_STATE, SpecialRegisters.LastExceptionFromRip), 672 OFFSET(PsCr8, KPROCESSOR_STATE, SpecialRegisters.Cr8), 673 SIZE(ProcessorStateLength, KPROCESSOR_STATE), 674 675 HEADER("KSTART_FRAME"), 676 OFFSET(SfP1Home, KSTART_FRAME, P1Home), 677 OFFSET(SfP2Home, KSTART_FRAME, P2Home), 678 OFFSET(SfP3Home, KSTART_FRAME, P3Home), 679 OFFSET(SfP4Home, KSTART_FRAME, P4Home), 680 OFFSET(SfReturn, KSTART_FRAME, Return), 681 SIZE(KSTART_FRAME_LENGTH, KSTART_FRAME), 682 683 HEADER("KSPECIAL_REGISTERS"), 684 OFFSET(SrKernelDr0, KSPECIAL_REGISTERS, KernelDr0), 685 OFFSET(SrKernelDr1, KSPECIAL_REGISTERS, KernelDr1), 686 OFFSET(SrKernelDr2, KSPECIAL_REGISTERS, KernelDr2), 687 OFFSET(SrKernelDr3, KSPECIAL_REGISTERS, KernelDr3), 688 OFFSET(SrKernelDr6, KSPECIAL_REGISTERS, KernelDr6), 689 OFFSET(SrKernelDr7, KSPECIAL_REGISTERS, KernelDr7), 690 OFFSET(SrGdtr, KSPECIAL_REGISTERS, Gdtr), 691 OFFSET(SrIdtr, KSPECIAL_REGISTERS, Idtr), 692 OFFSET(SrTr, KSPECIAL_REGISTERS, Tr), 693 OFFSET(SrMxCsr, KSPECIAL_REGISTERS, MxCsr), 694 OFFSET(SrMsrGsBase, KSPECIAL_REGISTERS, MsrGsBase), 695 OFFSET(SrMsrGsSwap, KSPECIAL_REGISTERS, MsrGsSwap), 696 OFFSET(SrMsrStar, KSPECIAL_REGISTERS, MsrStar), 697 OFFSET(SrMsrLStar, KSPECIAL_REGISTERS, MsrLStar), 698 OFFSET(SrMsrCStar, KSPECIAL_REGISTERS, MsrCStar), 699 OFFSET(SrMsrSyscallMask, KSPECIAL_REGISTERS, MsrSyscallMask), 700 //OFFSET(SrXcr0, KSPECIAL_REGISTERS, Xcr0), 701 702 HEADER("KSYSTEM_TIME"), // obsolete in win 10 703 OFFSET(StLowTime, KSYSTEM_TIME, LowPart), 704 OFFSET(StHigh1Time, KSYSTEM_TIME, High1Time), 705 OFFSET(StHigh2Time, KSYSTEM_TIME, High2Time), 706 707 HEADER("KSWITCH_FRAME"), 708 OFFSET(SwP5Home, KSWITCH_FRAME, P5Home), 709 OFFSET(SwApcBypass, KSWITCH_FRAME, ApcBypass), 710 OFFSET(SwRbp, KSWITCH_FRAME, Rbp), 711 OFFSET(SwReturn, KSWITCH_FRAME, Return), 712 SIZE(SwitchFrameLength, KSWITCH_FRAME), 713 SIZE(KSWITCH_FRAME_LENGTH, KSWITCH_FRAME), 714 715 #if (NTDDI_VERSION >= NTDDI_WIN7) 716 HEADER("KTIMER_TABLE offsets"), // not in win 10 717 OFFSET(TtEntry, KTIMER_TABLE, TimerEntries), 718 OFFSET(TtTime, KTIMER_TABLE_ENTRY, Time), 719 SIZE(TIMER_ENTRY_SIZE, KTIMER_TABLE_ENTRY), 720 SIZE(TIMER_TABLE_SIZE, KTIMER_TABLE), 721 SIZE(KTIMER_TABLE_SIZE, KTIMER_TABLE), 722 #endif 723 724 #if 0 // FIXME: reloffset??? 725 HEADER("KTRAP_FRAME offsets"), 726 OFFSET(TrP1Home, KTRAP_FRAME, TrP1Home), 727 TrP2Home, KTRAP_FRAME, TrP1Home), 728 TrP3Home, KTRAP_FRAME, TrP1Home), 729 TrP4Home, KTRAP_FRAME, TrP1Home), 730 TrP5, KTRAP_FRAME, TrP1Home), 731 TrPreviousMode, KTRAP_FRAME, TrP1Home), 732 TrPreviousIrql, KTRAP_FRAME, TrP1Home), 733 TrFaultIndicator, KTRAP_FRAME, TrP1Home), 734 TrExceptionActive, KTRAP_FRAME, TrP1Home), 735 TrMxCsr, KTRAP_FRAME, TrP1Home), 736 TrRax equ 0FFFFFFB0H 737 TrRcx equ 0FFFFFFB8H 738 TrRdx equ 0FFFFFFC0H 739 TrR8 equ 0FFFFFFC8H 740 TrR9 equ 0FFFFFFD0H 741 TrR10 equ 0FFFFFFD8H 742 TrR11 equ 0FFFFFFE0H 743 TrGsBase equ 0FFFFFFE8H 744 TrGsSwap equ 0FFFFFFE8H 745 TrXmm0 equ 0FFFFFFF0H 746 TrXmm1 equ 00000H 747 TrXmm2 equ 00010H 748 TrXmm3 equ 00020H 749 TrXmm4 equ 00030H 750 TrXmm5 equ 00040H 751 TrFaultAddress equ 00050H 752 TrDr0 equ 00058H 753 TrDr1 equ 00060H 754 TrDr2 equ 00068H 755 TrDr3 equ 00070H 756 TrDr6 equ 00078H 757 TrDr7 equ 00080H 758 TrDebugControl equ 00088H 759 TrLastBranchToRip equ 00090H 760 TrLastBranchFromRip equ 00098H 761 TrLastExceptionToRip equ 000A0H 762 TrLastExceptionFromRip equ 000A8H 763 TrSegDs equ 000B0H 764 TrSegEs equ 000B2H 765 TrSegFs equ 000B4H 766 TrSegGs equ 000B6H 767 TrTrapFrame equ 000B8H 768 TrRbx equ 000C0H 769 TrRdi equ 000C8H 770 TrRsi equ 000D0H 771 TrRbp equ 000D8H 772 TrErrorCode equ 000E0H 773 TrRip equ 000E8H 774 TrSegCs equ 000F0H 775 TrLogging equ 000F3H 776 TrEFlags equ 000F8H 777 TrRsp equ 00100H 778 TrSegSs equ 00108H 779 SIZE(KTRAP_FRAME_LENGTH, KTRAP_FRAME), 780 #endif 781 782 HEADER("KTSS offsets"), 783 OFFSET(TssRsp0, KTSS64, Rsp0), 784 OFFSET(TssRsp1, KTSS64, Rsp1), 785 OFFSET(TssRsp2, KTSS64, Rsp2), 786 OFFSET(TssPanicStack, KTSS64, Ist[1]), 787 OFFSET(TssMcaStack, KTSS64, Ist[2]), 788 OFFSET(TssNmiStack, KTSS64, Ist[3]), 789 OFFSET(TssIoMapBase, KTSS64, IoMapBase), 790 SIZE(TssLength, KTSS64), 791 792 #if (NTDDI_VERSION >= NTDDI_WIN7) 793 HEADER("RTL_UMS_CONTEXT offsets"), 794 OFFSET(UcLink, RTL_UMS_CONTEXT, Link), 795 OFFSET(UcContext, RTL_UMS_CONTEXT, Context), 796 OFFSET(UcTeb, RTL_UMS_CONTEXT, Teb), 797 OFFSET(UcFlags, RTL_UMS_CONTEXT, Flags), 798 OFFSET(UcContextLock, RTL_UMS_CONTEXT, ContextLock), 799 OFFSET(UcPrimaryUmsContext, RTL_UMS_CONTEXT, PrimaryUmsContext), 800 SIZE(RTL_UMS_CONTEXT_LENGTH, RTL_UMS_CONTEXT), 801 802 HEADER("KUMS_CONTEXT_HEADER offsets"), 803 OFFSET(UchStackTop, KUMS_CONTEXT_HEADER, StackTop), 804 OFFSET(UchStackSize, KUMS_CONTEXT_HEADER, StackTop), 805 OFFSET(UchRspOffset, KUMS_CONTEXT_HEADER, StackTop), 806 OFFSET(UchRip, KUMS_CONTEXT_HEADER, StackTop), 807 OFFSET(UchFltSave, KUMS_CONTEXT_HEADER, StackTop), 808 OFFSET(UchFlags, KUMS_CONTEXT_HEADER, StackTop), 809 OFFSET(UchTrapFrame, KUMS_CONTEXT_HEADER, StackTop), 810 OFFSET(UchExceptionFrame, KUMS_CONTEXT_HEADER, StackTop), 811 SIZE(KUMS_CONTEXT_HEADER_LENGTH, KUMS_CONTEXT_HEADER), 812 813 HEADER("UMS_CONTROL_BLOCK offsets"), 814 OFFSET(UcbUmsTeb, UMS_CONTROL_BLOCK, UmsTeb), 815 #endif 816 817 HEADER("XSTATE_CONFIGURATION offsets"), 818 OFFSET(XcfgEnabledFeatures, XSTATE_CONFIGURATION, EnabledFeatures), 819 #if (NTDDI_VERSION >= NTDDI_WIN10) 820 OFFSET(XcfgEnabledVolatileFeatures, XSTATE_CONFIGURATION, EnabledFeatures), 821 #endif 822 823 HEADER("XSTATE_CONTEXT offsets"), 824 OFFSET(XctxMask, XSTATE_CONTEXT, Mask), 825 OFFSET(XctxLength, XSTATE_CONTEXT, Length), 826 OFFSET(XctxArea, XSTATE_CONTEXT, Area), 827 828 HEADER("XSAVE_AREA offsets"), 829 OFFSET(XsaHeader, XSAVE_AREA, Header), 830 SIZE(XsaHeaderLength, XSAVE_AREA_HEADER), 831 CONSTANTX(XSAVE_ALIGN, _alignof(XSAVE_AREA)), 832 833 //CONSTANT(CFlushSize), 834 835 HEADER("KTHREAD offsets"), 836 #if (NTDDI_VERSION >= NTDDI_VISTA) 837 OFFSET(ThTebMappedLowVa, KTHREAD, TebMappedLowVa), 838 OFFSET(ThUcb, KTHREAD, Ucb), 839 //OFFSET(ThBase, KTHREAD, Base?), 840 //OFFSET(ThLimit, KTHREAD, Limit?), 841 #endif 842 843 #if (NTDDI_VERSION >= NTDDI_VISTA) 844 HEADER("KPROCESS offsets"), 845 OFFSET(PrLdtSystemDescriptor, KPROCESS, LdtSystemDescriptor), 846 OFFSET(PrLdtBaseAddress, KPROCESS, LdtBaseAddress), 847 #endif 848 849 850 /// ROS definitions 851 852 HEADER("CONTEXT"), 853 OFFSET(CONTEXT_P1Home, CONTEXT, P1Home), 854 OFFSET(CONTEXT_P2Home, CONTEXT, P2Home), 855 OFFSET(CONTEXT_P3Home, CONTEXT, P3Home), 856 OFFSET(CONTEXT_P4Home, CONTEXT, P4Home), 857 OFFSET(CONTEXT_P5Home, CONTEXT, P5Home), 858 OFFSET(CONTEXT_P6Home, CONTEXT, P6Home), 859 OFFSET(CONTEXT_ContextFlags, CONTEXT, ContextFlags), 860 OFFSET(CONTEXT_MxCsr, CONTEXT, MxCsr), 861 OFFSET(CONTEXT_SegCs, CONTEXT, SegCs), 862 OFFSET(CONTEXT_SegDs, CONTEXT, SegDs), 863 OFFSET(CONTEXT_SegEs, CONTEXT, SegEs), 864 OFFSET(CONTEXT_SegFs, CONTEXT, SegFs), 865 OFFSET(CONTEXT_SegGs, CONTEXT, SegGs), 866 OFFSET(CONTEXT_SegSs, CONTEXT, SegSs), 867 OFFSET(CONTEXT_EFlags, CONTEXT, EFlags), 868 OFFSET(CONTEXT_Dr0, CONTEXT, Dr0), 869 OFFSET(CONTEXT_Dr1, CONTEXT, Dr1), 870 OFFSET(CONTEXT_Dr2, CONTEXT, Dr2), 871 OFFSET(CONTEXT_Dr3, CONTEXT, Dr3), 872 OFFSET(CONTEXT_Dr6, CONTEXT, Dr6), 873 OFFSET(CONTEXT_Dr7, CONTEXT, Dr7), 874 OFFSET(CONTEXT_Rax, CONTEXT, Rax), 875 OFFSET(CONTEXT_Rcx, CONTEXT, Rcx), 876 OFFSET(CONTEXT_Rdx, CONTEXT, Rdx), 877 OFFSET(CONTEXT_Rbx, CONTEXT, Rbx), 878 OFFSET(CONTEXT_Rsp, CONTEXT, Rsp), 879 OFFSET(CONTEXT_Rbp, CONTEXT, Rbp), 880 OFFSET(CONTEXT_Rsi, CONTEXT, Rsi), 881 OFFSET(CONTEXT_Rdi, CONTEXT, Rdi), 882 OFFSET(CONTEXT_R8, CONTEXT, R8), 883 OFFSET(CONTEXT_R9, CONTEXT, R9), 884 OFFSET(CONTEXT_R10, CONTEXT, R10), 885 OFFSET(CONTEXT_R11, CONTEXT, R11), 886 OFFSET(CONTEXT_R12, CONTEXT, R12), 887 OFFSET(CONTEXT_R13, CONTEXT, R13), 888 OFFSET(CONTEXT_R14, CONTEXT, R14), 889 OFFSET(CONTEXT_R15, CONTEXT, R15), 890 OFFSET(CONTEXT_Rip, CONTEXT, Rip), 891 OFFSET(CONTEXT_FltSave, CONTEXT, FltSave), 892 OFFSET(CONTEXT_Xmm0, CONTEXT, Xmm0), 893 OFFSET(CONTEXT_Xmm1, CONTEXT, Xmm1), 894 OFFSET(CONTEXT_Xmm2, CONTEXT, Xmm2), 895 OFFSET(CONTEXT_Xmm3, CONTEXT, Xmm3), 896 OFFSET(CONTEXT_Xmm4, CONTEXT, Xmm4), 897 OFFSET(CONTEXT_Xmm5, CONTEXT, Xmm5), 898 OFFSET(CONTEXT_Xmm6, CONTEXT, Xmm6), 899 OFFSET(CONTEXT_Xmm7, CONTEXT, Xmm7), 900 OFFSET(CONTEXT_Xmm8, CONTEXT, Xmm8), 901 OFFSET(CONTEXT_Xmm9, CONTEXT, Xmm9), 902 OFFSET(CONTEXT_Xmm10, CONTEXT, Xmm10), 903 OFFSET(CONTEXT_Xmm11, CONTEXT, Xmm11), 904 OFFSET(CONTEXT_Xmm12, CONTEXT, Xmm12), 905 OFFSET(CONTEXT_Xmm13, CONTEXT, Xmm13), 906 OFFSET(CONTEXT_Xmm14, CONTEXT, Xmm14), 907 OFFSET(CONTEXT_Xmm15, CONTEXT, Xmm15), 908 OFFSET(CONTEXT_DebugControl, CONTEXT, DebugControl), 909 OFFSET(CONTEXT_LastBranchToRip, CONTEXT, LastBranchToRip), 910 OFFSET(CONTEXT_LastBranchFromRip, CONTEXT, LastBranchFromRip), 911 OFFSET(CONTEXT_LastExceptionToRip, CONTEXT, LastExceptionToRip), 912 OFFSET(CONTEXT_LastExceptionFromRip, CONTEXT, LastExceptionFromRip), 913 OFFSET(CONTEXT_VectorControl, CONTEXT, VectorControl), 914 OFFSET(CONTEXT_VectorRegister, CONTEXT, VectorRegister), 915 SIZE(CONTEXT_FRAME_LENGTH, CONTEXT), 916 917 HEADER("KEXCEPTION_FRAME"), 918 OFFSET(KEXCEPTION_FRAME_P1Home, KEXCEPTION_FRAME, P1Home), 919 OFFSET(KEXCEPTION_FRAME_P2Home, KEXCEPTION_FRAME, P2Home), 920 OFFSET(KEXCEPTION_FRAME_P3Home, KEXCEPTION_FRAME, P3Home), 921 OFFSET(KEXCEPTION_FRAME_P4Home, KEXCEPTION_FRAME, P4Home), 922 OFFSET(KEXCEPTION_FRAME_P5, KEXCEPTION_FRAME, P5), 923 OFFSET(KEXCEPTION_FRAME_Xmm6, KEXCEPTION_FRAME, Xmm6), 924 OFFSET(KEXCEPTION_FRAME_Xmm7, KEXCEPTION_FRAME, Xmm7), 925 OFFSET(KEXCEPTION_FRAME_Xmm8, KEXCEPTION_FRAME, Xmm8), 926 OFFSET(KEXCEPTION_FRAME_Xmm9, KEXCEPTION_FRAME, Xmm9), 927 OFFSET(KEXCEPTION_FRAME_Xmm10, KEXCEPTION_FRAME, Xmm10), 928 OFFSET(KEXCEPTION_FRAME_Xmm11, KEXCEPTION_FRAME, Xmm11), 929 OFFSET(KEXCEPTION_FRAME_Xmm12, KEXCEPTION_FRAME, Xmm12), 930 OFFSET(KEXCEPTION_FRAME_Xmm13, KEXCEPTION_FRAME, Xmm13), 931 OFFSET(KEXCEPTION_FRAME_Xmm14, KEXCEPTION_FRAME, Xmm14), 932 OFFSET(KEXCEPTION_FRAME_Xmm15, KEXCEPTION_FRAME, Xmm15), 933 OFFSET(KEXCEPTION_FRAME_MxCsr, KEXCEPTION_FRAME, MxCsr), 934 OFFSET(KEXCEPTION_FRAME_Rbp, KEXCEPTION_FRAME, Rbp), 935 OFFSET(KEXCEPTION_FRAME_Rbx, KEXCEPTION_FRAME, Rbx), 936 OFFSET(KEXCEPTION_FRAME_Rdi, KEXCEPTION_FRAME, Rdi), 937 OFFSET(KEXCEPTION_FRAME_Rsi, KEXCEPTION_FRAME, Rsi), 938 OFFSET(KEXCEPTION_FRAME_R12, KEXCEPTION_FRAME, R12), 939 OFFSET(KEXCEPTION_FRAME_R13, KEXCEPTION_FRAME, R13), 940 OFFSET(KEXCEPTION_FRAME_R14, KEXCEPTION_FRAME, R14), 941 OFFSET(KEXCEPTION_FRAME_R15, KEXCEPTION_FRAME, R15), 942 OFFSET(KEXCEPTION_FRAME_Return, KEXCEPTION_FRAME, Return), 943 OFFSET(KEXCEPTION_FRAME_TrapFrame, KEXCEPTION_FRAME, TrapFrame), 944 OFFSET(KEXCEPTION_FRAME_OutputBuffer, KEXCEPTION_FRAME, OutputBuffer), 945 OFFSET(KEXCEPTION_FRAME_OutputLength, KEXCEPTION_FRAME, OutputLength), 946 SIZE(KEXCEPTION_FRAME_LENGTH, KEXCEPTION_FRAME), 947 948 HEADER("KTRAP_FRAME"), 949 OFFSET(KTRAP_FRAME_P1Home, KTRAP_FRAME, P1Home), 950 OFFSET(KTRAP_FRAME_P2Home, KTRAP_FRAME, P2Home), 951 OFFSET(KTRAP_FRAME_P3Home, KTRAP_FRAME, P3Home), 952 OFFSET(KTRAP_FRAME_P4Home, KTRAP_FRAME, P4Home), 953 OFFSET(KTRAP_FRAME_P5, KTRAP_FRAME, P5), 954 OFFSET(KTRAP_FRAME_PreviousMode, KTRAP_FRAME, PreviousMode), 955 OFFSET(KTRAP_FRAME_PreviousIrql, KTRAP_FRAME, PreviousIrql), 956 OFFSET(KTRAP_FRAME_FaultIndicator, KTRAP_FRAME, FaultIndicator), 957 OFFSET(KTRAP_FRAME_ExceptionActive, KTRAP_FRAME, ExceptionActive), 958 OFFSET(KTRAP_FRAME_MxCsr, KTRAP_FRAME, MxCsr), 959 OFFSET(KTRAP_FRAME_Rax, KTRAP_FRAME, Rax), 960 OFFSET(KTRAP_FRAME_Rcx, KTRAP_FRAME, Rcx), 961 OFFSET(KTRAP_FRAME_Rdx, KTRAP_FRAME, Rdx), 962 OFFSET(KTRAP_FRAME_R8, KTRAP_FRAME, R8), 963 OFFSET(KTRAP_FRAME_R9, KTRAP_FRAME, R9), 964 OFFSET(KTRAP_FRAME_R10, KTRAP_FRAME, R10), 965 OFFSET(KTRAP_FRAME_R11, KTRAP_FRAME, R11), 966 OFFSET(KTRAP_FRAME_GsBase, KTRAP_FRAME, GsBase), 967 OFFSET(KTRAP_FRAME_GsSwap, KTRAP_FRAME,GsSwap), 968 OFFSET(KTRAP_FRAME_Xmm0, KTRAP_FRAME, Xmm0), 969 OFFSET(KTRAP_FRAME_Xmm1, KTRAP_FRAME, Xmm1), 970 OFFSET(KTRAP_FRAME_Xmm2, KTRAP_FRAME, Xmm2), 971 OFFSET(KTRAP_FRAME_Xmm3, KTRAP_FRAME, Xmm3), 972 OFFSET(KTRAP_FRAME_Xmm4, KTRAP_FRAME, Xmm4), 973 OFFSET(KTRAP_FRAME_Xmm5, KTRAP_FRAME, Xmm5), 974 OFFSET(KTRAP_FRAME_FaultAddress, KTRAP_FRAME, FaultAddress), 975 OFFSET(KTRAP_FRAME_TimeStampCKCL, KTRAP_FRAME, TimeStampCKCL), 976 OFFSET(KTRAP_FRAME_Dr0, KTRAP_FRAME, Dr0), 977 OFFSET(KTRAP_FRAME_Dr1, KTRAP_FRAME, Dr1), 978 OFFSET(KTRAP_FRAME_Dr2, KTRAP_FRAME, Dr2), 979 OFFSET(KTRAP_FRAME_Dr3, KTRAP_FRAME, Dr3), 980 OFFSET(KTRAP_FRAME_Dr6, KTRAP_FRAME, Dr6), 981 OFFSET(KTRAP_FRAME_Dr7, KTRAP_FRAME, Dr7), 982 OFFSET(KTRAP_FRAME_DebugControl, KTRAP_FRAME, DebugControl), 983 OFFSET(KTRAP_FRAME_LastBranchToRip, KTRAP_FRAME, LastBranchToRip), 984 OFFSET(KTRAP_FRAME_LastBranchFromRip, KTRAP_FRAME, LastBranchFromRip), 985 OFFSET(KTRAP_FRAME_LastExceptionToRip, KTRAP_FRAME, LastExceptionToRip), 986 OFFSET(KTRAP_FRAME_LastExceptionFromRip, KTRAP_FRAME, LastExceptionFromRip), 987 OFFSET(KTRAP_FRAME_LastBranchControl, KTRAP_FRAME, LastBranchControl), 988 OFFSET(KTRAP_FRAME_LastBranchMSR, KTRAP_FRAME, LastBranchMSR), 989 OFFSET(KTRAP_FRAME_SegDs, KTRAP_FRAME, SegDs), 990 OFFSET(KTRAP_FRAME_SegEs, KTRAP_FRAME, SegEs), 991 OFFSET(KTRAP_FRAME_SegFs, KTRAP_FRAME, SegFs), 992 OFFSET(KTRAP_FRAME_SegGs, KTRAP_FRAME, SegGs), 993 OFFSET(KTRAP_FRAME_TrapFrame, KTRAP_FRAME, TrapFrame), 994 OFFSET(KTRAP_FRAME_Rbx, KTRAP_FRAME, Rbx), 995 OFFSET(KTRAP_FRAME_Rdi, KTRAP_FRAME, Rdi), 996 OFFSET(KTRAP_FRAME_Rsi, KTRAP_FRAME, Rsi), 997 OFFSET(KTRAP_FRAME_Rbp, KTRAP_FRAME, Rbp), 998 OFFSET(KTRAP_FRAME_ErrorCode, KTRAP_FRAME, ErrorCode), 999 OFFSET(KTRAP_FRAME_TimeStampKlog, KTRAP_FRAME, TimeStampKlog), 1000 OFFSET(KTRAP_FRAME_Rip, KTRAP_FRAME, Rip), 1001 OFFSET(KTRAP_FRAME_SegCs, KTRAP_FRAME, SegCs), 1002 OFFSET(KTRAP_FRAME_Logging, KTRAP_FRAME, Logging), 1003 OFFSET(KTRAP_FRAME_EFlags, KTRAP_FRAME, EFlags), 1004 OFFSET(KTRAP_FRAME_Rsp, KTRAP_FRAME, Rsp), 1005 OFFSET(KTRAP_FRAME_SegSs, KTRAP_FRAME, SegSs), 1006 OFFSET(KTRAP_FRAME_CodePatchCycle, KTRAP_FRAME, CodePatchCycle), 1007 SIZE(KTRAP_FRAME_LENGTH, KTRAP_FRAME), 1008 1009 HEADER("EXCEPTION_RECORD"), 1010 OFFSET(EXCEPTION_RECORD_ExceptionCode, EXCEPTION_RECORD, ExceptionCode), 1011 OFFSET(EXCEPTION_RECORD_ExceptionFlags, EXCEPTION_RECORD, ExceptionFlags), 1012 OFFSET(EXCEPTION_RECORD_ExceptionRecord, EXCEPTION_RECORD, ExceptionRecord), 1013 OFFSET(EXCEPTION_RECORD_ExceptionAddress, EXCEPTION_RECORD, ExceptionAddress), 1014 OFFSET(EXCEPTION_RECORD_NumberParameters, EXCEPTION_RECORD, NumberParameters), 1015 OFFSET(EXCEPTION_RECORD_ExceptionInformation, EXCEPTION_RECORD, ExceptionInformation), 1016 1017 HEADER("KTHREAD"), 1018 OFFSET(KTHREAD_WAIT_IRQL, KTHREAD, WaitIrql), 1019 OFFSET(KTHREAD_TrapFrame, KTHREAD, TrapFrame), 1020 OFFSET(KTHREAD_PreviousMode, KTHREAD, PreviousMode), 1021 OFFSET(KTHREAD_KernelStack, KTHREAD, KernelStack), 1022 OFFSET(KTHREAD_UserApcPending, KTHREAD, ApcState.UserApcPending), 1023 1024 HEADER("KINTERRUPT"), 1025 OFFSET(KINTERRUPT_Type, KINTERRUPT, Type), 1026 OFFSET(KINTERRUPT_Size, KINTERRUPT, Size), 1027 OFFSET(KINTERRUPT_InterruptListEntry, KINTERRUPT, InterruptListEntry), 1028 OFFSET(KINTERRUPT_ServiceRoutine, KINTERRUPT, ServiceRoutine), 1029 OFFSET(KINTERRUPT_ServiceContext, KINTERRUPT, ServiceContext), 1030 OFFSET(KINTERRUPT_SpinLock, KINTERRUPT, SpinLock), 1031 OFFSET(KINTERRUPT_TickCount, KINTERRUPT, TickCount), 1032 OFFSET(KINTERRUPT_ActualLock, KINTERRUPT, ActualLock), 1033 OFFSET(KINTERRUPT_DispatchAddress, KINTERRUPT, DispatchAddress), 1034 OFFSET(KINTERRUPT_Vector, KINTERRUPT, Vector), 1035 OFFSET(KINTERRUPT_Irql, KINTERRUPT, Irql), 1036 OFFSET(KINTERRUPT_SynchronizeIrql, KINTERRUPT, SynchronizeIrql), 1037 OFFSET(KINTERRUPT_FloatingSave, KINTERRUPT, FloatingSave), 1038 OFFSET(KINTERRUPT_Connected, KINTERRUPT, Connected), 1039 OFFSET(KINTERRUPT_Number, KINTERRUPT, Number), 1040 OFFSET(KINTERRUPT_ShareVector, KINTERRUPT, ShareVector), 1041 OFFSET(KINTERRUPT_Mode, KINTERRUPT, Mode), 1042 OFFSET(KINTERRUPT_ServiceCount, KINTERRUPT, ServiceCount), 1043 OFFSET(KINTERRUPT_DispatchCount, KINTERRUPT, DispatchCount), 1044 OFFSET(KINTERRUPT_TrapFrame, KINTERRUPT, TrapFrame), 1045 OFFSET(KINTERRUPT_DispatchCode, KINTERRUPT, DispatchCode), 1046 1047