NT主要内核结构 windows 2003
2009-11-03 10:25
387 查看
虽然时常看到有新手询问各
OS
版本
_EPROCESS _ETHREAD
之类的结构
.
但本文的目的却绝对不是告诉你这些结构到底是怎样的
.
也不会介绍如何获得
.
实在是太白痴的问题
.
自己随便百度下
”VM Windbg
双机调试
”
之类
,
然后
Kd>dt nt!_*
就好
.
实际是为了速查跟备忘
,
自己常遇到为了查一个偏移需要装一个系统的郁闷事件
.Baidu
不到也
google
不到的
.
Windows Server 2003 Kernel Version 3790 UP Free x86 compatible
Built by: 3790.srv03_sp2_gdr.070304-2240
_EPROCESS
+0x000 Pcb
: _KPROCESS
+0x078 ProcessLock
: _EX_PUSH_LOCK
+0x080 CreateTime
: _LARGE_INTEGER
+0x088 ExitTime
: _LARGE_INTEGER
+0x090 RundownProtect
: _EX_RUNDOWN_REF
+0x094 UniqueProcessId
: Ptr32 Void
+0x098 ActiveProcessLinks : _LIST_ENTRY
+0x0a0 QuotaUsage
: [3] Uint4B
+0x0ac QuotaPeak
: [3] Uint4B
+0x0b8 CommitCharge
: Uint4B
+0x0bc PeakVirtualSize
: Uint4B
+0x0c0 VirtualSize
: Uint4B
+0x0c4 SessionProcessLinks : _LIST_ENTRY
+0x0cc DebugPort
: Ptr32 Void
+0x0d0 ExceptionPort
: Ptr32 Void
+0x0d4 ObjectTable
: Ptr32 _HANDLE_TABLE
+0x0d8 Token
: _EX_FAST_REF
+0x0dc WorkingSetPage
: Uint4B
+0x0e0 AddressCreationLock : _KGUARDED_MUTEX
+0x100 HyperSpaceLock
: Uint4B
+0x104 ForkInProgress
: Ptr32 _ETHREAD
+0x108 HardwareTrigger
: Uint4B
+0x10c PhysicalVadRoot
: Ptr32 _MM_AVL_TABLE
+0x110 CloneRoot
: Ptr32 Void
+0x114 NumberOfPrivatePages : Uint4B
+0x118 NumberOfLockedPages : Uint4B
+0x11c Win32Process
: Ptr32 Void
+0x120 Job
: Ptr32 _EJOB
+0x124 SectionObject
: Ptr32 Void
+0x128 SectionBaseAddress : Ptr32 Void
+0x12c QuotaBlock
: Ptr32 _EPROCESS_QUOTA_BLOCK
+0x130 WorkingSetWatch
: Ptr32 _PAGEFAULT_HISTORY
+0x134 Win32WindowStation : Ptr32 Void
+0x138 InheritedFromUniqueProcessId : Ptr32 Void
+0x13c LdtInformation
: Ptr32 Void
+0x140 VadFreeHint
: Ptr32 Void
+0x144 VdmObjects
: Ptr32 Void
+0x148 DeviceMap
: Ptr32 Void
+0x14c Spare0
: [3] Ptr32 Void
+0x158 PageDirectoryPte : _HARDWARE_PTE
+0x158 Filler
: Uint8B
+0x160 Session
: Ptr32 Void
+0x164 ImageFileName
: [16] UChar
+0x174 JobLinks
: _LIST_ENTRY
+0x17c LockedPagesList
: Ptr32 Void
+0x180 ThreadListHead
: _LIST_ENTRY
+0x188 SecurityPort
: Ptr32 Void
+0x18c PaeTop
: Ptr32 Void
+0x190 ActiveThreads
: Uint4B
+0x194 GrantedAccess
: Uint4B
+0x198 DefaultHardErrorProcessing : Uint4B
+0x19c LastThreadExitStatus : Int4B
+0x1a0 Peb
: Ptr32 _PEB
+0x1a4 PrefetchTrace
: _EX_FAST_REF
+0x1a8 ReadOperationCount : _LARGE_INTEGER
+0x1b0 WriteOperationCount : _LARGE_INTEGER
+0x1b8 OtherOperationCount : _LARGE_INTEGER
+0x1c0 ReadTransferCount : _LARGE_INTEGER
+0x1c8 WriteTransferCount : _LARGE_INTEGER
+0x1d0 OtherTransferCount : _LARGE_INTEGER
+0x1d8 CommitChargeLimit : Uint4B
+0x1dc CommitChargePeak : Uint4B
+0x1e0 AweInfo
: Ptr32 Void
+0x1e4 SeAuditProcessCreationInfo : _SE_AUDIT_PROCESS_CREATION_INFO
+0x1e8 Vm
: _MMSUPPORT
+0x230 MmProcessLinks
: _LIST_ENTRY
+0x238 ModifiedPageCount : Uint4B
+0x23c JobStatus
: Uint4B
+0x240 Flags
: Uint4B
+0x240 CreateReported
: Pos 0, 1 Bit
+0x240 NoDebugInherit
: Pos 1, 1 Bit
+0x240 ProcessExiting
: Pos 2, 1 Bit
+0x240 ProcessDelete
: Pos 3, 1 Bit
+0x240 Wow64SplitPages
: Pos 4, 1 Bit
+0x240 VmDeleted
: Pos 5, 1 Bit
+0x240 OutswapEnabled
: Pos 6, 1 Bit
+0x240 Outswapped
: Pos 7, 1 Bit
+0x240 ForkFailed
: Pos 8, 1 Bit
+0x240 Wow64VaSpace4Gb
: Pos 9, 1 Bit
+0x240 AddressSpaceInitialized : Pos 10, 2 Bits
+0x240 SetTimerResolution : Pos 12, 1 Bit
+0x240 BreakOnTermination : Pos 13, 1 Bit
+0x240 SessionCreationUnderway : Pos 14, 1 Bit
+0x240 WriteWatch
: Pos 15, 1 Bit
+0x240 ProcessInSession : Pos 16, 1 Bit
+0x240 OverrideAddressSpace : Pos 17, 1 Bit
+0x240 HasAddressSpace
: Pos 18, 1 Bit
+0x240 LaunchPrefetched : Pos 19, 1 Bit
+0x240 InjectInpageErrors : Pos 20, 1 Bit
+0x240 VmTopDown
: Pos 21, 1 Bit
+0x240 ImageNotifyDone
: Pos 22, 1 Bit
+0x240 PdeUpdateNeeded
: Pos 23, 1 Bit
+0x240 VdmAllowed
: Pos 24, 1 Bit
+0x240 SmapAllowed
: Pos 25, 1 Bit
+0x240 CreateFailed
: Pos 26, 1 Bit
+0x240 DefaultIoPriority : Pos 27, 3 Bits
+0x240 Spare1
: Pos 30, 1 Bit
+0x240 Spare2
: Pos 31, 1 Bit
+0x244 ExitStatus
: Int4B
+0x248 NextPageColor
: Uint2B
+0x24a SubSystemMinorVersion : UChar
+0x24b SubSystemMajorVersion : UChar
+0x24a SubSystemVersion : Uint2B
+0x24c PriorityClass
: UChar
+0x250 VadRoot
: _MM_AVL_TABLE
+0x270 Cookie
: Uint4B
_KPROCESS
+0x000 Header
: _DISPATCHER_HEADER
+0x010 ProfileListHead
: _LIST_ENTRY
+0x018 DirectoryTableBase : [2] Uint4B
+0x020 LdtDescriptor
: _KGDTENTRY
+0x028 Int21Descriptor
: _KIDTENTRY
+0x030 IopmOffset
: Uint2B
+0x032 Iopl
: UChar
+0x033 Unused
: UChar
+0x034 ActiveProcessors : Uint4B
+0x038 KernelTime
: Uint4B
+0x03c UserTime
: Uint4B
+0x040 ReadyListHead
: _LIST_ENTRY
+0x048 SwapListEntry
: _SINGLE_LIST_ENTRY
+0x04c VdmTrapcHandler
: Ptr32 Void
+0x050 ThreadListHead
: _LIST_ENTRY
+0x058 ProcessLock
: Uint4B
+0x05c Affinity
: Uint4B
+0x060 AutoAlignment
: Pos 0, 1 Bit
+0x060 DisableBoost
: Pos 1, 1 Bit
+0x060 DisableQuantum
: Pos 2, 1 Bit
+0x060 ReservedFlags
: Pos 3, 29 Bits
+0x060 ProcessFlags
: Int4B
+0x064 BasePriority
: Char
+0x065 QuantumReset
: Char
+0x066 State
: UChar
+0x067 ThreadSeed
: UChar
+0x068 PowerState
: UChar
+0x069 IdealNode
: UChar
+0x06a Visited
: UChar
+0x06b Flags
: _KEXECUTE_OPTIONS
+0x06b ExecuteOptions
: UChar
+0x06c StackCount
: Uint4B
+0x070 ProcessListEntry : _LIST_ENTRY
_ETHREAD
+0x000 Tcb
: _KTHREAD
+0x1b8 CreateTime
: _LARGE_INTEGER
+0x1c0 ExitTime
: _LARGE_INTEGER
+0x1c0 LpcReplyChain
: _LIST_ENTRY
+0x1c0 KeyedWaitChain
: _LIST_ENTRY
+0x1c8 ExitStatus
: Int4B
+0x1c8 OfsChain
: Ptr32 Void
+0x1cc PostBlockList
: _LIST_ENTRY
+0x1d4 TerminationPort
: Ptr32 _TERMINATION_PORT
+0x1d4 ReaperLink
: Ptr32 _ETHREAD
+0x1d4 KeyedWaitValue
: Ptr32 Void
+0x1d8 ActiveTimerListLock : Uint4B
+0x1dc ActiveTimerListHead : _LIST_ENTRY
+0x1e4 Cid
: _CLIENT_ID
+0x1ec LpcReplySemaphore : _KSEMAPHORE
+0x1ec KeyedWaitSemaphore : _KSEMAPHORE
+0x200 LpcReplyMessage
: Ptr32 Void
+0x200 LpcWaitingOnPort : Ptr32 Void
+0x204 ImpersonationInfo : Ptr32 _PS_IMPERSONATION_INFORMATION
+0x208 IrpList
: _LIST_ENTRY
+0x210 TopLevelIrp
: Uint4B
+0x214 DeviceToVerify
: Ptr32 _DEVICE_OBJECT
+0x218 ThreadsProcess
: Ptr32 _EPROCESS
+0x21c StartAddress
: Ptr32 Void
+0x220 Win32StartAddress : Ptr32 Void
+0x220 LpcReceivedMessageId : Uint4B
+0x224 ThreadListEntry
: _LIST_ENTRY
+0x22c RundownProtect
: _EX_RUNDOWN_REF
+0x230 ThreadLock
: _EX_PUSH_LOCK
+0x234 LpcReplyMessageId : Uint4B
+0x238 ReadClusterSize
: Uint4B
+0x23c GrantedAccess
: Uint4B
+0x240 CrossThreadFlags : Uint4B
+0x240 Terminated
: Pos 0, 1 Bit
+0x240 DeadThread
: Pos 1, 1 Bit
+0x240 HideFromDebugger : Pos 2, 1 Bit
+0x240 ActiveImpersonationInfo : Pos 3, 1 Bit
+0x240 SystemThread
: Pos 4, 1 Bit
+0x240 HardErrorsAreDisabled : Pos 5, 1 Bit
+0x240 BreakOnTermination : Pos 6, 1 Bit
+0x240 SkipCreationMsg
: Pos 7, 1 Bit
+0x240 SkipTerminationMsg : Pos 8, 1 Bit
+0x244 SameThreadPassiveFlags : Uint4B
+0x244 ActiveExWorker
: Pos 0, 1 Bit
+0x244 ExWorkerCanWaitUser : Pos 1, 1 Bit
+0x244 MemoryMaker
: Pos 2, 1 Bit
+0x244 KeyedEventInUse
: Pos 3, 1 Bit
+0x248 SameThreadApcFlags : Uint4B
+0x248 LpcReceivedMsgIdValid : Pos 0, 1 Bit
+0x248 LpcExitThreadCalled : Pos 1, 1 Bit
+0x248 AddressSpaceOwner : Pos 2, 1 Bit
+0x248 OwnsProcessWorkingSetExclusive : Pos 3, 1 Bit
+0x248 OwnsProcessWorkingSetShared : Pos 4, 1 Bit
+0x248 OwnsSystemWorkingSetExclusive : Pos 5, 1 Bit
+0x248 OwnsSystemWorkingSetShared : Pos 6, 1 Bit
+0x248 OwnsSessionWorkingSetExclusive : Pos 7, 1 Bit
+0x249 OwnsSessionWorkingSetShared : Pos 0, 1 Bit
+0x249 ApcNeeded
: Pos 1, 1 Bit
+0x24c ForwardClusterOnly : UChar
+0x24d DisablePageFaultClustering : UChar
+0x24e ActiveFaultCount : UChar
_KTHREAD
+0x000 Header
: _DISPATCHER_HEADER
+0x010 MutantListHead
: _LIST_ENTRY
+0x018 InitialStack
: Ptr32 Void
+0x01c StackLimit
: Ptr32 Void
+0x020 KernelStack
: Ptr32 Void
+0x024 ThreadLock
: Uint4B
+0x028 ApcState
: _KAPC_STATE
+0x028 ApcStateFill
: [23] UChar
+0x03f ApcQueueable
: UChar
+0x040 NextProcessor
: UChar
+0x041 DeferredProcessor : UChar
+0x042 AdjustReason
: UChar
+0x043 AdjustIncrement
: Char
+0x044 ApcQueueLock
: Uint4B
+0x048 ContextSwitches
: Uint4B
+0x04c State
: UChar
+0x04d NpxState
: UChar
+0x04e WaitIrql
: UChar
+0x04f WaitMode
: Char
+0x050 WaitStatus
: Int4B
+0x054 WaitBlockList
: Ptr32 _KWAIT_BLOCK
+0x054 GateObject
: Ptr32 _KGATE
+0x058 Alertable
: UChar
+0x059 WaitNext
: UChar
+0x05a WaitReason
: UChar
+0x05b Priority
: Char
+0x05c EnableStackSwap
: UChar
+0x05d SwapBusy
: UChar
+0x05e Alerted
: [2] UChar
+0x060 WaitListEntry
: _LIST_ENTRY
+0x060 SwapListEntry
: _SINGLE_LIST_ENTRY
+0x068 Queue
: Ptr32 _KQUEUE
+0x06c WaitTime
: Uint4B
+0x070 KernelApcDisable : Int2B
+0x072 SpecialApcDisable : Int2B
+0x070 CombinedApcDisable : Uint4B
+0x074 Teb
: Ptr32 Void
+0x078 Timer
: _KTIMER
+0x078 TimerFill
: [40] UChar
+0x0a0 AutoAlignment
: Pos 0, 1 Bit
+0x0a0 DisableBoost
: Pos 1, 1 Bit
+0x0a0 GuiThread
: Pos 2, 1 Bit
+0x0a0 ReservedFlags
: Pos 3, 29 Bits
+0x0a0 ThreadFlags
: Int4B
+0x0a8 WaitBlock
: [4] _KWAIT_BLOCK
+0x0a8 WaitBlockFill0
: [23] UChar
+0x0bf SystemAffinityActive : UChar
+0x0a8 WaitBlockFill1
: [47] UChar
+0x0d7 PreviousMode
: Char
+0x0a8 WaitBlockFill2
: [71] UChar
+0x0ef ResourceIndex
: UChar
+0x0a8 WaitBlockFill3
: [95] UChar
+0x107 LargeStack
: UChar
+0x108 QueueListEntry
: _LIST_ENTRY
+0x110 TrapFrame
: Ptr32 _KTRAP_FRAME
+0x114 CallbackStack
: Ptr32 Void
+0x118 ServiceTable
: Ptr32 Void
+0x11c ApcStateIndex
: UChar
+0x11d IdealProcessor
: UChar
+0x11e Preempted
: UChar
+0x11f ProcessReadyQueue : UChar
+0x120 KernelStackResident : UChar
+0x121 BasePriority
: Char
+0x122 PriorityDecrement : Char
+0x123 Saturation
: Char
+0x124 UserAffinity
: Uint4B
+0x128 Process
: Ptr32 _KPROCESS
+0x12c Affinity
: Uint4B
+0x130 ApcStatePointer
: [2] Ptr32 _KAPC_STATE
+0x138 SavedApcState
: _KAPC_STATE
+0x138 SavedApcStateFill : [23] UChar
+0x14f FreezeCount
: Char
+0x150 SuspendCount
: Char
+0x151 UserIdealProcessor : UChar
+0x152 CalloutActive
: UChar
+0x153 Iopl
: UChar
+0x154 Win32Thread
: Ptr32 Void
+0x158 StackBase
: Ptr32 Void
+0x15c SuspendApc
: _KAPC
+0x15c SuspendApcFill0
: [1] UChar
+0x15d Quantum
: Char
+0x15c SuspendApcFill1
: [3] UChar
+0x15f QuantumReset
: UChar
+0x15c SuspendApcFill2
: [4] UChar
+0x160 KernelTime
: Uint4B
+0x15c SuspendApcFill3
: [36] UChar
+0x180 TlsArray
: Ptr32 Void
+0x15c SuspendApcFill4
: [40] UChar
+0x184 LegoData
: Ptr32 Void
+0x15c SuspendApcFill5
: [47] UChar
+0x18b PowerState
: UChar
+0x18c UserTime
: Uint4B
+0x190 SuspendSemaphore : _KSEMAPHORE
+0x190 SuspendSemaphorefill : [20] UChar
+0x1a4 SListFaultCount
: Uint4B
+0x1a8 ThreadListEntry
: _LIST_ENTRY
+0x1b0 SListFaultAddress : Ptr32 Void
_HANDLE_TABLE
+0x000 TableCode
: Uint4B
+0x004 QuotaProcess
: Ptr32 _EPROCESS
+0x008 UniqueProcessId
: Ptr32 Void
+0x00c HandleTableLock
: [4] _EX_PUSH_LOCK
+0x01c HandleTableList
: _LIST_ENTRY
+0x024 HandleContentionEvent : _EX_PUSH_LOCK
+0x028 DebugInfo
: Ptr32 _HANDLE_TRACE_DEBUG_INFO
+0x02c ExtraInfoPages
: Int4B
+0x030 FirstFree
: Uint4B
+0x034 LastFree
: Uint4B
+0x038 NextHandleNeedingPool : Uint4B
+0x03c HandleCount
: Int4B
+0x040 Flags
: Uint4B
+0x040 StrictFIFO
: Pos 0, 1 Bit
OS
版本
_EPROCESS _ETHREAD
之类的结构
.
但本文的目的却绝对不是告诉你这些结构到底是怎样的
.
也不会介绍如何获得
.
实在是太白痴的问题
.
自己随便百度下
”VM Windbg
双机调试
”
之类
,
然后
Kd>dt nt!_*
就好
.
实际是为了速查跟备忘
,
自己常遇到为了查一个偏移需要装一个系统的郁闷事件
.Baidu
不到也
不到的
.
Windows Server 2003 Kernel Version 3790 UP Free x86 compatible
Built by: 3790.srv03_sp2_gdr.070304-2240
_EPROCESS
+0x000 Pcb
: _KPROCESS
+0x078 ProcessLock
: _EX_PUSH_LOCK
+0x080 CreateTime
: _LARGE_INTEGER
+0x088 ExitTime
: _LARGE_INTEGER
+0x090 RundownProtect
: _EX_RUNDOWN_REF
+0x094 UniqueProcessId
: Ptr32 Void
+0x098 ActiveProcessLinks : _LIST_ENTRY
+0x0a0 QuotaUsage
: [3] Uint4B
+0x0ac QuotaPeak
: [3] Uint4B
+0x0b8 CommitCharge
: Uint4B
+0x0bc PeakVirtualSize
: Uint4B
+0x0c0 VirtualSize
: Uint4B
+0x0c4 SessionProcessLinks : _LIST_ENTRY
+0x0cc DebugPort
: Ptr32 Void
+0x0d0 ExceptionPort
: Ptr32 Void
+0x0d4 ObjectTable
: Ptr32 _HANDLE_TABLE
+0x0d8 Token
: _EX_FAST_REF
+0x0dc WorkingSetPage
: Uint4B
+0x0e0 AddressCreationLock : _KGUARDED_MUTEX
+0x100 HyperSpaceLock
: Uint4B
+0x104 ForkInProgress
: Ptr32 _ETHREAD
+0x108 HardwareTrigger
: Uint4B
+0x10c PhysicalVadRoot
: Ptr32 _MM_AVL_TABLE
+0x110 CloneRoot
: Ptr32 Void
+0x114 NumberOfPrivatePages : Uint4B
+0x118 NumberOfLockedPages : Uint4B
+0x11c Win32Process
: Ptr32 Void
+0x120 Job
: Ptr32 _EJOB
+0x124 SectionObject
: Ptr32 Void
+0x128 SectionBaseAddress : Ptr32 Void
+0x12c QuotaBlock
: Ptr32 _EPROCESS_QUOTA_BLOCK
+0x130 WorkingSetWatch
: Ptr32 _PAGEFAULT_HISTORY
+0x134 Win32WindowStation : Ptr32 Void
+0x138 InheritedFromUniqueProcessId : Ptr32 Void
+0x13c LdtInformation
: Ptr32 Void
+0x140 VadFreeHint
: Ptr32 Void
+0x144 VdmObjects
: Ptr32 Void
+0x148 DeviceMap
: Ptr32 Void
+0x14c Spare0
: [3] Ptr32 Void
+0x158 PageDirectoryPte : _HARDWARE_PTE
+0x158 Filler
: Uint8B
+0x160 Session
: Ptr32 Void
+0x164 ImageFileName
: [16] UChar
+0x174 JobLinks
: _LIST_ENTRY
+0x17c LockedPagesList
: Ptr32 Void
+0x180 ThreadListHead
: _LIST_ENTRY
+0x188 SecurityPort
: Ptr32 Void
+0x18c PaeTop
: Ptr32 Void
+0x190 ActiveThreads
: Uint4B
+0x194 GrantedAccess
: Uint4B
+0x198 DefaultHardErrorProcessing : Uint4B
+0x19c LastThreadExitStatus : Int4B
+0x1a0 Peb
: Ptr32 _PEB
+0x1a4 PrefetchTrace
: _EX_FAST_REF
+0x1a8 ReadOperationCount : _LARGE_INTEGER
+0x1b0 WriteOperationCount : _LARGE_INTEGER
+0x1b8 OtherOperationCount : _LARGE_INTEGER
+0x1c0 ReadTransferCount : _LARGE_INTEGER
+0x1c8 WriteTransferCount : _LARGE_INTEGER
+0x1d0 OtherTransferCount : _LARGE_INTEGER
+0x1d8 CommitChargeLimit : Uint4B
+0x1dc CommitChargePeak : Uint4B
+0x1e0 AweInfo
: Ptr32 Void
+0x1e4 SeAuditProcessCreationInfo : _SE_AUDIT_PROCESS_CREATION_INFO
+0x1e8 Vm
: _MMSUPPORT
+0x230 MmProcessLinks
: _LIST_ENTRY
+0x238 ModifiedPageCount : Uint4B
+0x23c JobStatus
: Uint4B
+0x240 Flags
: Uint4B
+0x240 CreateReported
: Pos 0, 1 Bit
+0x240 NoDebugInherit
: Pos 1, 1 Bit
+0x240 ProcessExiting
: Pos 2, 1 Bit
+0x240 ProcessDelete
: Pos 3, 1 Bit
+0x240 Wow64SplitPages
: Pos 4, 1 Bit
+0x240 VmDeleted
: Pos 5, 1 Bit
+0x240 OutswapEnabled
: Pos 6, 1 Bit
+0x240 Outswapped
: Pos 7, 1 Bit
+0x240 ForkFailed
: Pos 8, 1 Bit
+0x240 Wow64VaSpace4Gb
: Pos 9, 1 Bit
+0x240 AddressSpaceInitialized : Pos 10, 2 Bits
+0x240 SetTimerResolution : Pos 12, 1 Bit
+0x240 BreakOnTermination : Pos 13, 1 Bit
+0x240 SessionCreationUnderway : Pos 14, 1 Bit
+0x240 WriteWatch
: Pos 15, 1 Bit
+0x240 ProcessInSession : Pos 16, 1 Bit
+0x240 OverrideAddressSpace : Pos 17, 1 Bit
+0x240 HasAddressSpace
: Pos 18, 1 Bit
+0x240 LaunchPrefetched : Pos 19, 1 Bit
+0x240 InjectInpageErrors : Pos 20, 1 Bit
+0x240 VmTopDown
: Pos 21, 1 Bit
+0x240 ImageNotifyDone
: Pos 22, 1 Bit
+0x240 PdeUpdateNeeded
: Pos 23, 1 Bit
+0x240 VdmAllowed
: Pos 24, 1 Bit
+0x240 SmapAllowed
: Pos 25, 1 Bit
+0x240 CreateFailed
: Pos 26, 1 Bit
+0x240 DefaultIoPriority : Pos 27, 3 Bits
+0x240 Spare1
: Pos 30, 1 Bit
+0x240 Spare2
: Pos 31, 1 Bit
+0x244 ExitStatus
: Int4B
+0x248 NextPageColor
: Uint2B
+0x24a SubSystemMinorVersion : UChar
+0x24b SubSystemMajorVersion : UChar
+0x24a SubSystemVersion : Uint2B
+0x24c PriorityClass
: UChar
+0x250 VadRoot
: _MM_AVL_TABLE
+0x270 Cookie
: Uint4B
_KPROCESS
+0x000 Header
: _DISPATCHER_HEADER
+0x010 ProfileListHead
: _LIST_ENTRY
+0x018 DirectoryTableBase : [2] Uint4B
+0x020 LdtDescriptor
: _KGDTENTRY
+0x028 Int21Descriptor
: _KIDTENTRY
+0x030 IopmOffset
: Uint2B
+0x032 Iopl
: UChar
+0x033 Unused
: UChar
+0x034 ActiveProcessors : Uint4B
+0x038 KernelTime
: Uint4B
+0x03c UserTime
: Uint4B
+0x040 ReadyListHead
: _LIST_ENTRY
+0x048 SwapListEntry
: _SINGLE_LIST_ENTRY
+0x04c VdmTrapcHandler
: Ptr32 Void
+0x050 ThreadListHead
: _LIST_ENTRY
+0x058 ProcessLock
: Uint4B
+0x05c Affinity
: Uint4B
+0x060 AutoAlignment
: Pos 0, 1 Bit
+0x060 DisableBoost
: Pos 1, 1 Bit
+0x060 DisableQuantum
: Pos 2, 1 Bit
+0x060 ReservedFlags
: Pos 3, 29 Bits
+0x060 ProcessFlags
: Int4B
+0x064 BasePriority
: Char
+0x065 QuantumReset
: Char
+0x066 State
: UChar
+0x067 ThreadSeed
: UChar
+0x068 PowerState
: UChar
+0x069 IdealNode
: UChar
+0x06a Visited
: UChar
+0x06b Flags
: _KEXECUTE_OPTIONS
+0x06b ExecuteOptions
: UChar
+0x06c StackCount
: Uint4B
+0x070 ProcessListEntry : _LIST_ENTRY
_ETHREAD
+0x000 Tcb
: _KTHREAD
+0x1b8 CreateTime
: _LARGE_INTEGER
+0x1c0 ExitTime
: _LARGE_INTEGER
+0x1c0 LpcReplyChain
: _LIST_ENTRY
+0x1c0 KeyedWaitChain
: _LIST_ENTRY
+0x1c8 ExitStatus
: Int4B
+0x1c8 OfsChain
: Ptr32 Void
+0x1cc PostBlockList
: _LIST_ENTRY
+0x1d4 TerminationPort
: Ptr32 _TERMINATION_PORT
+0x1d4 ReaperLink
: Ptr32 _ETHREAD
+0x1d4 KeyedWaitValue
: Ptr32 Void
+0x1d8 ActiveTimerListLock : Uint4B
+0x1dc ActiveTimerListHead : _LIST_ENTRY
+0x1e4 Cid
: _CLIENT_ID
+0x1ec LpcReplySemaphore : _KSEMAPHORE
+0x1ec KeyedWaitSemaphore : _KSEMAPHORE
+0x200 LpcReplyMessage
: Ptr32 Void
+0x200 LpcWaitingOnPort : Ptr32 Void
+0x204 ImpersonationInfo : Ptr32 _PS_IMPERSONATION_INFORMATION
+0x208 IrpList
: _LIST_ENTRY
+0x210 TopLevelIrp
: Uint4B
+0x214 DeviceToVerify
: Ptr32 _DEVICE_OBJECT
+0x218 ThreadsProcess
: Ptr32 _EPROCESS
+0x21c StartAddress
: Ptr32 Void
+0x220 Win32StartAddress : Ptr32 Void
+0x220 LpcReceivedMessageId : Uint4B
+0x224 ThreadListEntry
: _LIST_ENTRY
+0x22c RundownProtect
: _EX_RUNDOWN_REF
+0x230 ThreadLock
: _EX_PUSH_LOCK
+0x234 LpcReplyMessageId : Uint4B
+0x238 ReadClusterSize
: Uint4B
+0x23c GrantedAccess
: Uint4B
+0x240 CrossThreadFlags : Uint4B
+0x240 Terminated
: Pos 0, 1 Bit
+0x240 DeadThread
: Pos 1, 1 Bit
+0x240 HideFromDebugger : Pos 2, 1 Bit
+0x240 ActiveImpersonationInfo : Pos 3, 1 Bit
+0x240 SystemThread
: Pos 4, 1 Bit
+0x240 HardErrorsAreDisabled : Pos 5, 1 Bit
+0x240 BreakOnTermination : Pos 6, 1 Bit
+0x240 SkipCreationMsg
: Pos 7, 1 Bit
+0x240 SkipTerminationMsg : Pos 8, 1 Bit
+0x244 SameThreadPassiveFlags : Uint4B
+0x244 ActiveExWorker
: Pos 0, 1 Bit
+0x244 ExWorkerCanWaitUser : Pos 1, 1 Bit
+0x244 MemoryMaker
: Pos 2, 1 Bit
+0x244 KeyedEventInUse
: Pos 3, 1 Bit
+0x248 SameThreadApcFlags : Uint4B
+0x248 LpcReceivedMsgIdValid : Pos 0, 1 Bit
+0x248 LpcExitThreadCalled : Pos 1, 1 Bit
+0x248 AddressSpaceOwner : Pos 2, 1 Bit
+0x248 OwnsProcessWorkingSetExclusive : Pos 3, 1 Bit
+0x248 OwnsProcessWorkingSetShared : Pos 4, 1 Bit
+0x248 OwnsSystemWorkingSetExclusive : Pos 5, 1 Bit
+0x248 OwnsSystemWorkingSetShared : Pos 6, 1 Bit
+0x248 OwnsSessionWorkingSetExclusive : Pos 7, 1 Bit
+0x249 OwnsSessionWorkingSetShared : Pos 0, 1 Bit
+0x249 ApcNeeded
: Pos 1, 1 Bit
+0x24c ForwardClusterOnly : UChar
+0x24d DisablePageFaultClustering : UChar
+0x24e ActiveFaultCount : UChar
_KTHREAD
+0x000 Header
: _DISPATCHER_HEADER
+0x010 MutantListHead
: _LIST_ENTRY
+0x018 InitialStack
: Ptr32 Void
+0x01c StackLimit
: Ptr32 Void
+0x020 KernelStack
: Ptr32 Void
+0x024 ThreadLock
: Uint4B
+0x028 ApcState
: _KAPC_STATE
+0x028 ApcStateFill
: [23] UChar
+0x03f ApcQueueable
: UChar
+0x040 NextProcessor
: UChar
+0x041 DeferredProcessor : UChar
+0x042 AdjustReason
: UChar
+0x043 AdjustIncrement
: Char
+0x044 ApcQueueLock
: Uint4B
+0x048 ContextSwitches
: Uint4B
+0x04c State
: UChar
+0x04d NpxState
: UChar
+0x04e WaitIrql
: UChar
+0x04f WaitMode
: Char
+0x050 WaitStatus
: Int4B
+0x054 WaitBlockList
: Ptr32 _KWAIT_BLOCK
+0x054 GateObject
: Ptr32 _KGATE
+0x058 Alertable
: UChar
+0x059 WaitNext
: UChar
+0x05a WaitReason
: UChar
+0x05b Priority
: Char
+0x05c EnableStackSwap
: UChar
+0x05d SwapBusy
: UChar
+0x05e Alerted
: [2] UChar
+0x060 WaitListEntry
: _LIST_ENTRY
+0x060 SwapListEntry
: _SINGLE_LIST_ENTRY
+0x068 Queue
: Ptr32 _KQUEUE
+0x06c WaitTime
: Uint4B
+0x070 KernelApcDisable : Int2B
+0x072 SpecialApcDisable : Int2B
+0x070 CombinedApcDisable : Uint4B
+0x074 Teb
: Ptr32 Void
+0x078 Timer
: _KTIMER
+0x078 TimerFill
: [40] UChar
+0x0a0 AutoAlignment
: Pos 0, 1 Bit
+0x0a0 DisableBoost
: Pos 1, 1 Bit
+0x0a0 GuiThread
: Pos 2, 1 Bit
+0x0a0 ReservedFlags
: Pos 3, 29 Bits
+0x0a0 ThreadFlags
: Int4B
+0x0a8 WaitBlock
: [4] _KWAIT_BLOCK
+0x0a8 WaitBlockFill0
: [23] UChar
+0x0bf SystemAffinityActive : UChar
+0x0a8 WaitBlockFill1
: [47] UChar
+0x0d7 PreviousMode
: Char
+0x0a8 WaitBlockFill2
: [71] UChar
+0x0ef ResourceIndex
: UChar
+0x0a8 WaitBlockFill3
: [95] UChar
+0x107 LargeStack
: UChar
+0x108 QueueListEntry
: _LIST_ENTRY
+0x110 TrapFrame
: Ptr32 _KTRAP_FRAME
+0x114 CallbackStack
: Ptr32 Void
+0x118 ServiceTable
: Ptr32 Void
+0x11c ApcStateIndex
: UChar
+0x11d IdealProcessor
: UChar
+0x11e Preempted
: UChar
+0x11f ProcessReadyQueue : UChar
+0x120 KernelStackResident : UChar
+0x121 BasePriority
: Char
+0x122 PriorityDecrement : Char
+0x123 Saturation
: Char
+0x124 UserAffinity
: Uint4B
+0x128 Process
: Ptr32 _KPROCESS
+0x12c Affinity
: Uint4B
+0x130 ApcStatePointer
: [2] Ptr32 _KAPC_STATE
+0x138 SavedApcState
: _KAPC_STATE
+0x138 SavedApcStateFill : [23] UChar
+0x14f FreezeCount
: Char
+0x150 SuspendCount
: Char
+0x151 UserIdealProcessor : UChar
+0x152 CalloutActive
: UChar
+0x153 Iopl
: UChar
+0x154 Win32Thread
: Ptr32 Void
+0x158 StackBase
: Ptr32 Void
+0x15c SuspendApc
: _KAPC
+0x15c SuspendApcFill0
: [1] UChar
+0x15d Quantum
: Char
+0x15c SuspendApcFill1
: [3] UChar
+0x15f QuantumReset
: UChar
+0x15c SuspendApcFill2
: [4] UChar
+0x160 KernelTime
: Uint4B
+0x15c SuspendApcFill3
: [36] UChar
+0x180 TlsArray
: Ptr32 Void
+0x15c SuspendApcFill4
: [40] UChar
+0x184 LegoData
: Ptr32 Void
+0x15c SuspendApcFill5
: [47] UChar
+0x18b PowerState
: UChar
+0x18c UserTime
: Uint4B
+0x190 SuspendSemaphore : _KSEMAPHORE
+0x190 SuspendSemaphorefill : [20] UChar
+0x1a4 SListFaultCount
: Uint4B
+0x1a8 ThreadListEntry
: _LIST_ENTRY
+0x1b0 SListFaultAddress : Ptr32 Void
_HANDLE_TABLE
+0x000 TableCode
: Uint4B
+0x004 QuotaProcess
: Ptr32 _EPROCESS
+0x008 UniqueProcessId
: Ptr32 Void
+0x00c HandleTableLock
: [4] _EX_PUSH_LOCK
+0x01c HandleTableList
: _LIST_ENTRY
+0x024 HandleContentionEvent : _EX_PUSH_LOCK
+0x028 DebugInfo
: Ptr32 _HANDLE_TRACE_DEBUG_INFO
+0x02c ExtraInfoPages
: Int4B
+0x030 FirstFree
: Uint4B
+0x034 LastFree
: Uint4B
+0x038 NextHandleNeedingPool : Uint4B
+0x03c HandleCount
: Int4B
+0x040 Flags
: Uint4B
+0x040 StrictFIFO
: Pos 0, 1 Bit
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- NT主要内核结构 windows 2003
- NT主要内核结构 windows 2000
- NT主要内核结构 windows 2000
- NT主要内核结构 windows vista
- NT主要内核结构 windows XP
- NT主要内核结构 windows vista
- NT主要内核结构 windows XP
- Windows Driver Foundation - KMDF 内核模式驱动框架结构 第四部分
- 配置Windows 2003环境中的域基础结构
- 内核驱动主要数据结构
- Linux与VxWorks主要区别(一):内核结构
- Windows XP / 2003 / Vista 原版光盘镜像(下载)及其主要特征
- Windows 内核结构 摘抄自《windows内核原理及实现》(三)
- nt内核里的堆管理(1):关键结构
- Windows Driver Foundation - KMDF 内核模式驱动框架结构 第五部分
- Windows 2003 系统 ntldr NTDETECT.COM 文件丢失
- 《Windows NT FileSystem Internals》学习笔记之IO_STACK_LOCATION的结构
- Linux 内核系统结构及主要组成部分
- 【Linux 内核网络协议栈源码剖析】网络栈主要结构介绍(socket、sock、sk_buff,etc)
- Windows内核对象头部结构