/* Version definitions */ #undef NTDDI_VERSION #define NTDDI_VERSION NTDDI_WIN10 #undef _WIN32_WINNT #define _WIN32_WINNT _WIN32_WINNT_WIN10 #include #include #define C_ASSERT_FIELD(Type, Offset, MemberType, MemberName) \ C_ASSERT(FIELD_OFFSET(Type, MemberName) == Offset); \ C_ASSERT(FIELD_SIZE(Type, MemberName) == sizeof(MemberType)); /* KTHREAD */ C_ASSERT_FIELD(KTHREAD, 0x000, DISPATCHER_HEADER, Header) C_ASSERT_FIELD(KTHREAD, 0x010, PVOID, SListFaultAddress) C_ASSERT_FIELD(KTHREAD, 0x018, ULONG64, QuantumTarget) C_ASSERT_FIELD(KTHREAD, 0x020, PVOID, InitialStack) C_ASSERT_FIELD(KTHREAD, 0x024, PVOID, StackLimit) C_ASSERT_FIELD(KTHREAD, 0x028, PVOID, StackBase) C_ASSERT_FIELD(KTHREAD, 0x02C, ULONG, ThreadLock) C_ASSERT_FIELD(KTHREAD, 0x030, ULONG64, CycleTime) C_ASSERT_FIELD(KTHREAD, 0x038, ULONG, HighCycleTime) C_ASSERT_FIELD(KTHREAD, 0x03C, PVOID, ServiceTable) C_ASSERT_FIELD(KTHREAD, 0x040, ULONG, CurrentRunTime) C_ASSERT_FIELD(KTHREAD, 0x044, ULONG, ExpectedRunTime) C_ASSERT_FIELD(KTHREAD, 0x048, PVOID, KernelStack) C_ASSERT_FIELD(KTHREAD, 0x04C, PXSAVE_FORMAT, StateSaveArea) C_ASSERT_FIELD(KTHREAD, 0x050, struct _KSCHEDULING_GROUP*, SchedulingGroup) C_ASSERT_FIELD(KTHREAD, 0x054, KWAIT_STATUS_REGISTER, WaitRegister) C_ASSERT_FIELD(KTHREAD, 0x055, UCHAR, Running) C_ASSERT_FIELD(KTHREAD, 0x056, UCHAR[2], Alerted) C_ASSERT_FIELD(KTHREAD, 0x058, LONG, MiscFlags) C_ASSERT_FIELD(KTHREAD, 0x05C, LONG, ThreadFlags) C_ASSERT_FIELD(KTHREAD, 0x060, UCHAR, Tag) C_ASSERT_FIELD(KTHREAD, 0x061, UCHAR, SystemHeteroCpuPolicy) C_ASSERT_FIELD(KTHREAD, 0x063, UCHAR, Spare0) C_ASSERT_FIELD(KTHREAD, 0x064, ULONG, SystemCallNumber) C_ASSERT_FIELD(KTHREAD, 0x068, PVOID, FirstArgument) C_ASSERT_FIELD(KTHREAD, 0x06C, PKTRAP_FRAME, TrapFrame) C_ASSERT_FIELD(KTHREAD, 0x070, KAPC_STATE, ApcState) C_ASSERT_FIELD(KTHREAD, 0x088, ULONG, UserIdealProcessor) C_ASSERT_FIELD(KTHREAD, 0x08C, ULONG, ContextSwitches) C_ASSERT_FIELD(KTHREAD, 0x090, UCHAR, State) //C_ASSERT_FIELD(KTHREAD, 0x091, CHAR, Spare12) C_ASSERT_FIELD(KTHREAD, 0x092, UCHAR, WaitIrql) C_ASSERT_FIELD(KTHREAD, 0x093, CHAR, WaitMode) C_ASSERT_FIELD(KTHREAD, 0x094, LONG, WaitStatus) C_ASSERT_FIELD(KTHREAD, 0x098, PKWAIT_BLOCK, WaitBlockList) C_ASSERT_FIELD(KTHREAD, 0x09C, LIST_ENTRY, WaitListEntry) C_ASSERT_FIELD(KTHREAD, 0x09C, SINGLE_LIST_ENTRY, SwapListEntry) C_ASSERT_FIELD(KTHREAD, 0x0A4, PDISPATCHER_HEADER, Queue) C_ASSERT_FIELD(KTHREAD, 0x0A8, PVOID, Teb) C_ASSERT_FIELD(KTHREAD, 0x0B0, ULONG64, RelativeTimerBias) C_ASSERT_FIELD(KTHREAD, 0x0B8, KTIMER, Timer) C_ASSERT_FIELD(KTHREAD, 0x0E0, KWAIT_BLOCK[4], WaitBlock) C_ASSERT_FIELD(KTHREAD, 0x0F4, PKTHREAD_COUNTERS, ThreadCounters) C_ASSERT_FIELD(KTHREAD, 0x10C, PXSTATE_SAVE, XStateSave) C_ASSERT_FIELD(KTHREAD, 0x124, PVOID, Win32Thread) C_ASSERT_FIELD(KTHREAD, 0x138, ULONG, WaitTime) C_ASSERT_FIELD(KTHREAD, 0x13C, SHORT, KernelApcDisable) C_ASSERT_FIELD(KTHREAD, 0x13E, SHORT, SpecialApcDisable) C_ASSERT_FIELD(KTHREAD, 0x13C, ULONG, CombinedApcDisable) C_ASSERT_FIELD(KTHREAD, 0x140, LIST_ENTRY, QueueListEntry) C_ASSERT_FIELD(KTHREAD, 0x148, ULONG, NextProcessor) C_ASSERT_FIELD(KTHREAD, 0x14C, LONG, QueuePriority) C_ASSERT_FIELD(KTHREAD, 0x150, PKPROCESS, Process) C_ASSERT_FIELD(KTHREAD, 0x154, GROUP_AFFINITY, UserAffinity) C_ASSERT_FIELD(KTHREAD, 0x15A, CHAR, PreviousMode) C_ASSERT_FIELD(KTHREAD, 0x15B, CHAR, BasePriority) C_ASSERT_FIELD(KTHREAD, 0x15C, CHAR, PriorityDecrement) C_ASSERT_FIELD(KTHREAD, 0x15D, UCHAR, Preempted) C_ASSERT_FIELD(KTHREAD, 0x15E, UCHAR, AdjustReason) C_ASSERT_FIELD(KTHREAD, 0x15F, CHAR, AdjustIncrement) C_ASSERT_FIELD(KTHREAD, 0x160, ULONG, AffinityVersion) C_ASSERT_FIELD(KTHREAD, 0x164, GROUP_AFFINITY, Affinity) C_ASSERT_FIELD(KTHREAD, 0x16A, UCHAR, ApcStateIndex) C_ASSERT_FIELD(KTHREAD, 0x16B, UCHAR, WaitBlockCount) C_ASSERT_FIELD(KTHREAD, 0x16C, ULONG, IdealProcessor) C_ASSERT_FIELD(KTHREAD, 0x174, KAPC_STATE, SavedApcState) C_ASSERT_FIELD(KTHREAD, 0x18B, UCHAR, WaitReason) C_ASSERT_FIELD(KTHREAD, 0x18C, CHAR, SuspendCount) C_ASSERT_FIELD(KTHREAD, 0x18D, CHAR, Saturation) C_ASSERT_FIELD(KTHREAD, 0x18E, USHORT, SListFaultCount) C_ASSERT_FIELD(KTHREAD, 0x190, KAPC, SchedulerApc) C_ASSERT_FIELD(KTHREAD, 0x191, UCHAR, ResourceIndex) C_ASSERT_FIELD(KTHREAD, 0x193, UCHAR, QuantumReset) C_ASSERT_FIELD(KTHREAD, 0x194, ULONG, KernelTime) C_ASSERT_FIELD(KTHREAD, 0x1B4, PKPRCB, WaitPrcb) C_ASSERT_FIELD(KTHREAD, 0x1B8, PVOID, LegoData) C_ASSERT_FIELD(KTHREAD, 0x1BF, UCHAR, CallbackNestingLevel) C_ASSERT_FIELD(KTHREAD, 0x1C0, ULONG, UserTime) C_ASSERT_FIELD(KTHREAD, 0x1C4, KEVENT, SuspendEvent) C_ASSERT_FIELD(KTHREAD, 0x1D4, LIST_ENTRY, ThreadListEntry) C_ASSERT_FIELD(KTHREAD, 0x1DC, LIST_ENTRY, MutantListHead) C_ASSERT_FIELD(KTHREAD, 0x1E4, UCHAR, AbEntrySummary) C_ASSERT_FIELD(KTHREAD, 0x1E5, UCHAR, AbWaitEntryCount) C_ASSERT_FIELD(KTHREAD, 0x1E6, USHORT, Spare20) C_ASSERT_FIELD(KTHREAD, 0x1E8, KLOCK_ENTRY[6], LockEntries) C_ASSERT_FIELD(KTHREAD, 0x308, SINGLE_LIST_ENTRY, PropagateBoostsEntry) C_ASSERT_FIELD(KTHREAD, 0x30C, SINGLE_LIST_ENTRY, IoSelfBoostsEntry) C_ASSERT_FIELD(KTHREAD, 0x310, UCHAR[16], PriorityFloorCounts) C_ASSERT_FIELD(KTHREAD, 0x320, ULONG, PriorityFloorSummary) C_ASSERT_FIELD(KTHREAD, 0x324, LONG, AbCompletedIoBoostCount) C_ASSERT_FIELD(KTHREAD, 0x328, SHORT, KeReferenceCount) C_ASSERT_FIELD(KTHREAD, 0x32A, UCHAR, AbOrphanedEntrySummary) C_ASSERT_FIELD(KTHREAD, 0x32B, UCHAR, AbOwnedEntryCount) C_ASSERT_FIELD(KTHREAD, 0x32C, ULONG, ForegroundLossTime) C_ASSERT_FIELD(KTHREAD, 0x330, LIST_ENTRY, GlobalForegroundListEntry) C_ASSERT_FIELD(KTHREAD, 0x330, SINGLE_LIST_ENTRY, ForegroundDpcStackListEntry) C_ASSERT_FIELD(KTHREAD, 0x334, ULONG, InGlobalForegroundList) C_ASSERT_FIELD(KTHREAD, 0x338, struct _KSCB*, QueuedScb) C_ASSERT_FIELD(KTHREAD, 0x340, ULONG64, NpxState) /* TEB */ C_ASSERT_FIELD(TEB, 0x000, NT_TIB, NtTib) C_ASSERT_FIELD(TEB, 0x01c, ULONG, EnvironmentPointer) C_ASSERT_FIELD(TEB, 0x020, CLIENT_ID, ClientId) C_ASSERT_FIELD(TEB, 0x028, ULONG, ActiveRpcHandle) C_ASSERT_FIELD(TEB, 0x02c, ULONG, ThreadLocalStoragePointer) C_ASSERT_FIELD(TEB, 0x030, ULONG, ProcessEnvironmentBlock) C_ASSERT_FIELD(TEB, 0x034, ULONG, LastErrorValue) C_ASSERT_FIELD(TEB, 0x038, ULONG, CountOfOwnedCriticalSections) C_ASSERT_FIELD(TEB, 0x03c, ULONG, CsrClientThread) C_ASSERT_FIELD(TEB, 0x040, ULONG, Win32ThreadInfo) C_ASSERT_FIELD(TEB, 0x044, ULONG[26], User32Reserved) C_ASSERT_FIELD(TEB, 0x0ac, ULONG[5], UserReserved) C_ASSERT_FIELD(TEB, 0x0c0, ULONG, WOW32Reserved) C_ASSERT_FIELD(TEB, 0x0c4, ULONG, CurrentLocale) C_ASSERT_FIELD(TEB, 0x0c8, ULONG, FpSoftwareStatusRegister) C_ASSERT_FIELD(TEB, 0x0CC, ULONG[16], ReservedForDebuggerInstrumentation) //C_ASSERT_FIELD(TEB, 0x10c, ULONG[30], SystemReserved1) //C_ASSERT_FIELD(TEB, 0x184, ACTIVATION_CONTEXT_STACK, _ActivationStack) //C_ASSERT_FIELD(TEB, 0x19C, UCHAR[8], WorkingOnBehalfTicket) C_ASSERT_FIELD(TEB, 0x1a4, LONG, ExceptionCode) C_ASSERT_FIELD(TEB, 0x1a8, ULONG, ActivationContextStackPointer) C_ASSERT_FIELD(TEB, 0x1AC, ULONG, InstrumentationCallbackSp) C_ASSERT_FIELD(TEB, 0x1B0, ULONG, InstrumentationCallbackPreviousPc) C_ASSERT_FIELD(TEB, 0x1B4, ULONG, InstrumentationCallbackPreviousSp) C_ASSERT_FIELD(TEB, 0x1B8, UCHAR, InstrumentationCallbackDisabled) C_ASSERT_FIELD(TEB, 0x1b9, UCHAR[23], SpareBytes) C_ASSERT_FIELD(TEB, 0x1d0, ULONG, TxFsContext) C_ASSERT_FIELD(TEB, 0x1d4, GDI_TEB_BATCH, GdiTebBatch) C_ASSERT_FIELD(TEB, 0x6b4, CLIENT_ID, RealClientId) C_ASSERT_FIELD(TEB, 0x6bc, ULONG, GdiCachedProcessHandle) C_ASSERT_FIELD(TEB, 0x6c0, ULONG, GdiClientPID) C_ASSERT_FIELD(TEB, 0x6c4, ULONG, GdiClientTID) C_ASSERT_FIELD(TEB, 0x6c8, ULONG, GdiThreadLocalInfo) C_ASSERT_FIELD(TEB, 0x6cc, ULONG[62], Win32ClientInfo) C_ASSERT_FIELD(TEB, 0x7c4, ULONG[233], glDispatchTable) C_ASSERT_FIELD(TEB, 0xb68, ULONG[29], glReserved1) C_ASSERT_FIELD(TEB, 0xbdc, ULONG, glReserved2) C_ASSERT_FIELD(TEB, 0xbe0, ULONG, glSectionInfo) C_ASSERT_FIELD(TEB, 0xbe4, ULONG, glSection) C_ASSERT_FIELD(TEB, 0xbe8, ULONG, glTable) C_ASSERT_FIELD(TEB, 0xbec, ULONG, glCurrentRC) C_ASSERT_FIELD(TEB, 0xbf0, ULONG, glContext) C_ASSERT_FIELD(TEB, 0xbf4, ULONG, LastStatusValue) C_ASSERT_FIELD(TEB, 0xbf8, STRING, StaticUnicodeString) C_ASSERT_FIELD(TEB, 0xc00, WCHAR[261], StaticUnicodeBuffer) C_ASSERT_FIELD(TEB, 0xe0c, ULONG, DeallocationStack) C_ASSERT_FIELD(TEB, 0xe10, ULONG[64], TlsSlots) C_ASSERT_FIELD(TEB, 0xf10, LIST_ENTRY, TlsLinks) C_ASSERT_FIELD(TEB, 0xf18, ULONG, Vdm) C_ASSERT_FIELD(TEB, 0xf1c, ULONG, ReservedForNtRpc) C_ASSERT_FIELD(TEB, 0xf20, ULONG[2], DbgSsReserved) C_ASSERT_FIELD(TEB, 0xf28, ULONG, HardErrorMode) C_ASSERT_FIELD(TEB, 0xf2c, ULONG[9], Instrumentation) C_ASSERT_FIELD(TEB, 0xf50, GUID, ActivityId) C_ASSERT_FIELD(TEB, 0xf60, ULONG, SubProcessTag) C_ASSERT_FIELD(TEB, 0xf64, ULONG, PerflibData) C_ASSERT_FIELD(TEB, 0xf68, ULONG, EtwTraceData) C_ASSERT_FIELD(TEB, 0xf6c, ULONG, WinSockData) C_ASSERT_FIELD(TEB, 0xf70, ULONG, GdiBatchCount) C_ASSERT_FIELD(TEB, 0xf74, PROCESSOR_NUMBER, CurrentIdealProcessor) C_ASSERT_FIELD(TEB, 0xf74, ULONG, IdealProcessorValue) C_ASSERT_FIELD(TEB, 0xf74, UCHAR, ReservedPad0) C_ASSERT_FIELD(TEB, 0xf75, UCHAR, ReservedPad1) C_ASSERT_FIELD(TEB, 0xf76, UCHAR, ReservedPad2) C_ASSERT_FIELD(TEB, 0xf77, UCHAR, IdealProcessor) C_ASSERT_FIELD(TEB, 0xf78, ULONG, GuaranteedStackBytes) C_ASSERT_FIELD(TEB, 0xf7c, ULONG, ReservedForPerf) C_ASSERT_FIELD(TEB, 0xf80, ULONG, ReservedForOle) C_ASSERT_FIELD(TEB, 0xf84, ULONG, WaitingOnLoaderLock) C_ASSERT_FIELD(TEB, 0xf88, ULONG, SavedPriorityState) C_ASSERT_FIELD(TEB, 0xf8c, ULONG, ReservedForCodeCoverage) C_ASSERT_FIELD(TEB, 0xf90, ULONG, ThreadPoolData) C_ASSERT_FIELD(TEB, 0xf94, ULONG, TlsExpansionSlots) C_ASSERT_FIELD(TEB, 0xf98, ULONG, MuiGeneration) C_ASSERT_FIELD(TEB, 0xf9c, ULONG, IsImpersonating) C_ASSERT_FIELD(TEB, 0xfa0, ULONG, NlsCache) C_ASSERT_FIELD(TEB, 0xfa4, ULONG, pShimData) C_ASSERT_FIELD(TEB, 0xfa8, USHORT, HeapVirtualAffinity) C_ASSERT_FIELD(TEB, 0xFAA, USHORT, LowFragHeapDataSlot) C_ASSERT_FIELD(TEB, 0xfac, ULONG, CurrentTransactionHandle) C_ASSERT_FIELD(TEB, 0xfb0, ULONG, ActiveFrame) C_ASSERT_FIELD(TEB, 0xfb4, ULONG, FlsData) C_ASSERT_FIELD(TEB, 0xfb8, ULONG, PreferredLanguages) C_ASSERT_FIELD(TEB, 0xfbc, ULONG, UserPrefLanguages) C_ASSERT_FIELD(TEB, 0xfc0, ULONG, MergedPrefLanguages) C_ASSERT_FIELD(TEB, 0xfc4, ULONG, MuiImpersonation) C_ASSERT_FIELD(TEB, 0xfc8, USHORT, CrossTebFlags) C_ASSERT_FIELD(TEB, 0xfca, USHORT, SameTebFlags) C_ASSERT_FIELD(TEB, 0xfcc, ULONG, TxnScopeEnterCallback) C_ASSERT_FIELD(TEB, 0xfd0, ULONG, TxnScopeExitCallback) C_ASSERT_FIELD(TEB, 0xfd4, ULONG, TxnScopeContext) C_ASSERT_FIELD(TEB, 0xfd8, ULONG, LockCount) C_ASSERT_FIELD(TEB, 0xfdc, ULONG, WowTebOffset) C_ASSERT_FIELD(TEB, 0xfe0, ULONG, ResourceRetValue) C_ASSERT_FIELD(TEB, 0xFE4, ULONG, ReservedForWdf) C_ASSERT_FIELD(TEB, 0xFE8, ULONG64, ReservedForCrt) C_ASSERT_FIELD(TEB, 0xFF0, GUID, EffectiveContainerId)