Windows Server 2003 SP2:
typedef struct _KPROCESS // 33 elements, 0x78 bytes (sizeof)
{
/*0x000*/ struct _DISPATCHER_HEADER Header; // 10 elements, 0x10 bytes (sizeof)
/*0x010*/ struct _LIST_ENTRY ProfileListHead; // 2 elements, 0x8 bytes (sizeof)
/*0x018*/ ULONG32 DirectoryTableBase[2];
/*0x020*/ struct _KGDTENTRY LdtDescriptor; // 3 elements, 0x8 bytes (sizeof)
/*0x028*/ struct _KIDTENTRY Int21Descriptor; // 4 elements, 0x8 bytes (sizeof)
/*0x030*/ UINT16 IopmOffset;
/*0x032*/ UINT8 Iopl;
/*0x033*/ UINT8 Unused;
/*0x034*/ ULONG32 ActiveProcessors;
/*0x038*/ ULONG32 KernelTime;
/*0x03C*/ ULONG32 UserTime;
/*0x040*/ struct _LIST_ENTRY ReadyListHead; // 2 elements, 0x8 bytes (sizeof)
/*0x048*/ struct _SINGLE_LIST_ENTRY SwapListEntry; // 1 elements, 0x4 bytes (sizeof)
/*0x04C*/ VOID* VdmTrapcHandler;
/*0x050*/ struct _LIST_ENTRY ThreadListHead; // 2 elements, 0x8 bytes (sizeof)
/*0x058*/ ULONG32 ProcessLock;
/*0x05C*/ ULONG32 Affinity;
union // 2 elements, 0x4 bytes (sizeof)
{
struct // 4 elements, 0x4 bytes (sizeof)
{
/*0x060*/ LONG32 AutoAlignment : 1; // 0 BitPosition
/*0x060*/ LONG32 DisableBoost : 1; // 1 BitPosition
/*0x060*/ LONG32 DisableQuantum : 1; // 2 BitPosition
/*0x060*/ LONG32 ReservedFlags : 29; // 3 BitPosition
};
/*0x060*/ LONG32 ProcessFlags;
};
/*0x064*/ CHAR BasePriority;
/*0x065*/ CHAR QuantumReset;
/*0x066*/ UINT8 State;
/*0x067*/ UINT8 ThreadSeed;
/*0x068*/ UINT8 PowerState;
/*0x069*/ UINT8 IdealNode;
/*0x06A*/ UINT8 Visited;
union // 2 elements, 0x1 bytes (sizeof)
{
/*0x06B*/ struct _KEXECUTE_OPTIONS Flags; // 7 elements, 0x1 bytes (sizeof)
/*0x06B*/ UINT8 ExecuteOptions;
};
/*0x06C*/ ULONG32 StackCount;
/*0x070*/ struct _LIST_ENTRY ProcessListEntry; // 2 elements, 0x8 bytes (sizeof)
}KPROCESS, *PKPROCESS;
Windows XP SP2:
typedef struct _KPROCESS // 29 elements, 0x6C bytes (sizeof)
{
/*0x000*/ struct _DISPATCHER_HEADER Header; // 6 elements, 0x10 bytes (sizeof)
/*0x010*/ struct _LIST_ENTRY ProfileListHead; // 2 elements, 0x8 bytes (sizeof)
/*0x018*/ ULONG32 DirectoryTableBase[2];
/*0x020*/ struct _KGDTENTRY LdtDescriptor; // 3 elements, 0x8 bytes (sizeof)
/*0x028*/ struct _KIDTENTRY Int21Descriptor; // 4 elements, 0x8 bytes (sizeof)
/*0x030*/ UINT16 IopmOffset;
/*0x032*/ UINT8 Iopl;
/*0x033*/ UINT8 Unused;
/*0x034*/ ULONG32 ActiveProcessors;
/*0x038*/ ULONG32 KernelTime;
/*0x03C*/ ULONG32 UserTime;
/*0x040*/ struct _LIST_ENTRY ReadyListHead; // 2 elements, 0x8 bytes (sizeof)
/*0x048*/ struct _SINGLE_LIST_ENTRY SwapListEntry; // 1 elements, 0x4 bytes (sizeof)
/*0x04C*/ VOID* VdmTrapcHandler;
/*0x050*/ struct _LIST_ENTRY ThreadListHead; // 2 elements, 0x8 bytes (sizeof)
/*0x058*/ ULONG32 ProcessLock;
/*0x05C*/ ULONG32 Affinity;
/*0x060*/ UINT16 StackCount;
/*0x062*/ CHAR BasePriority;
/*0x063*/ CHAR ThreadQuantum;
/*0x064*/ UINT8 AutoAlignment;
/*0x065*/ UINT8 State;
/*0x066*/ UINT8 ThreadSeed;
/*0x067*/ UINT8 DisableBoost;
/*0x068*/ UINT8 PowerState;
/*0x069*/ UINT8 DisableQuantum;
/*0x06A*/ UINT8 IdealNode;
union // 2 elements, 0x1 bytes (sizeof)
{
/*0x06B*/ struct _KEXECUTE_OPTIONS Flags; // 7 elements, 0x1 bytes (sizeof)
/*0x06B*/ UINT8 ExecuteOptions;
};
}KPROCESS, *PKPROCESS;
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
