XP   SP   2 
_EPROCESS 
      +0x000   Pcb                             :   _KPROCESS 
      +0x06c   ProcessLock             :   _EX_PUSH_LOCK 
      +0x070   CreateTime               :   _LARGE_INTEGER 
      +0x078   ExitTime                   :   _LARGE_INTEGER 
      +0x080   RundownProtect       :   _EX_RUNDOWN_REF 
      +0x084   UniqueProcessId     :   Ptr32   Void 
      +0x088   ActiveProcessLinks   :   _LIST_ENTRY 
      +0x090   QuotaUsage               :   [3]   Uint4B 
      +0x09c   QuotaPeak                 :   [3]   Uint4B 
      +0x0a8   CommitCharge           :   Uint4B 
      +0x0ac   PeakVirtualSize     :   Uint4B 
      +0x0b0   VirtualSize             :   Uint4B 
      +0x0b4   SessionProcessLinks   :   _LIST_ENTRY 
      +0x0bc   DebugPort                 :   Ptr32   Void 
      +0x0c0   ExceptionPort         :   Ptr32   Void 
      +0x0c4   ObjectTable             :   Ptr32   _HANDLE_TABLE 
      +0x0c8   Token                         :   _EX_FAST_REF 
      +0x0cc   WorkingSetLock       :   _FAST_MUTEX 
      +0x0ec   WorkingSetPage       :   Uint4B 
      +0x0f0   AddressCreationLock   :   _FAST_MUTEX 
      +0x110   HyperSpaceLock       :   Uint4B 
      +0x114   ForkInProgress       :   Ptr32   _ETHREAD 
      +0x118   HardwareTrigger     :   Uint4B 
      +0x11c   VadRoot                     :   Ptr32   Void 
      +0x120   VadHint                     :   Ptr32   Void 
      +0x124   CloneRoot                 :   Ptr32   Void 
      +0x128   NumberOfPrivatePages   :   Uint4B 
      +0x12c   NumberOfLockedPages   :   Uint4B 
      +0x130   Win32Process           :   Ptr32   Void 
      +0x134   Job                             :   Ptr32   _EJOB 
      +0x138   SectionObject         :   Ptr32   Void 
      +0x13c   SectionBaseAddress   :   Ptr32   Void 
      +0x140   QuotaBlock               :   Ptr32   _EPROCESS_QUOTA_BLOCK 
      +0x144   WorkingSetWatch     :   Ptr32   _PAGEFAULT_HISTORY 
      +0x148   Win32WindowStation   :   Ptr32   Void 
      +0x14c   InheritedFromUniqueProcessId   :   Ptr32   Void 
      +0x150   LdtInformation       :   Ptr32   Void 
      +0x154   VadFreeHint             :   Ptr32   Void 
      +0x158   VdmObjects               :   Ptr32   Void 
      +0x15c   DeviceMap                 :   Ptr32   Void 
      +0x160   PhysicalVadList     :   _LIST_ENTRY 
      +0x168   PageDirectoryPte   :   _HARDWARE_PTE 
      +0x168   Filler                       :   Uint8B 
      +0x170   Session                     :   Ptr32   Void 
      +0x174   ImageFileName         :   [16]   UChar 
      +0x184   JobLinks                   :   _LIST_ENTRY 
      +0x18c   LockedPagesList     :   Ptr32   Void 
      +0x190   ThreadListHead       :   _LIST_ENTRY 
      +0x198   SecurityPort           :   Ptr32   Void 
      +0x19c   PaeTop                       :   Ptr32   Void 
      +0x1a0   ActiveThreads         :   Uint4B 
      +0x1a4   GrantedAccess         :   Uint4B 
      +0x1a8   DefaultHardErrorProcessing   :   Uint4B 
      +0x1ac   LastThreadExitStatus   :   Int4B 
      +0x1b0   Peb                             :   Ptr32   _PEB 
      +0x1b4   PrefetchTrace         :   _EX_FAST_REF 
      +0x1b8   ReadOperationCount   :   _LARGE_INTEGER 
      +0x1c0   WriteOperationCount   :   _LARGE_INTEGER 
      +0x1c8   OtherOperationCount   :   _LARGE_INTEGER 
      +0x1d0   ReadTransferCount   :   _LARGE_INTEGER 
      +0x1d8   WriteTransferCount   :   _LARGE_INTEGER 
      +0x1e0   OtherTransferCount   :   _LARGE_INTEGER 
      +0x1e8   CommitChargeLimit   :   Uint4B 
      +0x1ec   CommitChargePeak   :   Uint4B 
      +0x1f0   AweInfo                     :   Ptr32   Void 
      +0x1f4   SeAuditProcessCreationInfo   :   _SE_AUDIT_PROCESS_CREATION_INFO 
      +0x1f8   Vm                               :   _MMSUPPORT 
      +0x238   LastFaultCount       :   Uint4B 
      +0x23c   ModifiedPageCount   :   Uint4B 
      +0x240   NumberOfVads           :   Uint4B 
      +0x244   JobStatus                 :   Uint4B 
      +0x248   Flags                         :   Uint4B 
      +0x248   CreateReported       :   Pos   0,   1   Bit 
      +0x248   NoDebugInherit       :   Pos   1,   1   Bit 
      +0x248   ProcessExiting       :   Pos   2,   1   Bit 
      +0x248   ProcessDelete         :   Pos   3,   1   Bit 
      +0x248   Wow64SplitPages     :   Pos   4,   1   Bit 
      +0x248   VmDeleted                 :   Pos   5,   1   Bit 
      +0x248   OutswapEnabled       :   Pos   6,   1   Bit 
      +0x248   Outswapped               :   Pos   7,   1   Bit 
      +0x248   ForkFailed               :   Pos   8,   1   Bit 
      +0x248   HasPhysicalVad       :   Pos   9,   1   Bit 
      +0x248   AddressSpaceInitialized   :   Pos   10,   2   Bits 
      +0x248   SetTimerResolution   :   Pos   12,   1   Bit 
      +0x248   BreakOnTermination   :   Pos   13,   1   Bit 
      +0x248   SessionCreationUnderway   :   Pos   14,   1   Bit 
      +0x248   WriteWatch               :   Pos   15,   1   Bit 
      +0x248   ProcessInSession   :   Pos   16,   1   Bit 
      +0x248   OverrideAddressSpace   :   Pos   17,   1   Bit 
      +0x248   HasAddressSpace     :   Pos   18,   1   Bit 
      +0x248   LaunchPrefetched   :   Pos   19,   1   Bit 
      +0x248   InjectInpageErrors   :   Pos   20,   1   Bit 
      +0x248   VmTopDown                 :   Pos   21,   1   Bit 
      +0x248   Unused3                     :   Pos   22,   1   Bit 
      +0x248   Unused4                     :   Pos   23,   1   Bit 
      +0x248   VdmAllowed               :   Pos   24,   1   Bit 
      +0x248   Unused                       :   Pos   25,   5   Bits 
      +0x248   Unused1                     :   Pos   30,   1   Bit 
      +0x248   Unused2                     :   Pos   31,   1   Bit 
      +0x24c   ExitStatus               :   Int4B 
      +0x250   NextPageColor         :   Uint2B 
      +0x252   SubSystemMinorVersion   :   UChar 
      +0x253   SubSystemMajorVersion   :   UChar 
      +0x252   SubSystemVersion   :   Uint2B 
      +0x254   PriorityClass         :   UChar 
      +0x255   WorkingSetAcquiredUnsafe   :   UChar 
      +0x258   Cookie                       :   Uint4B 
_ETHREAD 
      +0x000   Tcb                             :   _KTHREAD 
      +0x1c0   CreateTime               :   _LARGE_INTEGER 
      +0x1c0   NestedFaultCount   :   Pos   0,   2   Bits 
      +0x1c0   ApcNeeded                 :   Pos   2,   1   Bit 
      +0x1c8   ExitTime                   :   _LARGE_INTEGER 
      +0x1c8   LpcReplyChain         :   _LIST_ENTRY 
      +0x1c8   KeyedWaitChain       :   _LIST_ENTRY 
      +0x1d0   ExitStatus               :   Int4B 
      +0x1d0   OfsChain                   :   Ptr32   Void 
      +0x1d4   PostBlockList         :   _LIST_ENTRY 
      +0x1dc   TerminationPort     :   Ptr32   _TERMINATION_PORT 
      +0x1dc   ReaperLink               :   Ptr32   _ETHREAD 
      +0x1dc   KeyedWaitValue       :   Ptr32   Void 
      +0x1e0   ActiveTimerListLock   :   Uint4B 
      +0x1e4   ActiveTimerListHead   :   _LIST_ENTRY 
      +0x1ec   Cid                             :   _CLIENT_ID 
      +0x1f4   LpcReplySemaphore   :   _KSEMAPHORE 
      +0x1f4   KeyedWaitSemaphore   :   _KSEMAPHORE 
      +0x208   LpcReplyMessage     :   Ptr32   Void 
      +0x208   LpcWaitingOnPort   :   Ptr32   Void 
      +0x20c   ImpersonationInfo   :   Ptr32   _PS_IMPERSONATION_INFORMATION 
      +0x210   IrpList                     :   _LIST_ENTRY 
      +0x218   TopLevelIrp             :   Uint4B 
      +0x21c   DeviceToVerify       :   Ptr32   _DEVICE_OBJECT 
      +0x220   ThreadsProcess       :   Ptr32   _EPROCESS 
      +0x224   StartAddress           :   Ptr32   Void 
      +0x228   Win32StartAddress   :   Ptr32   Void 
      +0x228   LpcReceivedMessageId   :   Uint4B 
      +0x22c   ThreadListEntry     :   _LIST_ENTRY 
      +0x234   RundownProtect       :   _EX_RUNDOWN_REF 
      +0x238   ThreadLock               :   _EX_PUSH_LOCK 
      +0x23c   LpcReplyMessageId   :   Uint4B 
      +0x240   ReadClusterSize     :   Uint4B 
      +0x244   GrantedAccess         :   Uint4B 
      +0x248   CrossThreadFlags   :   Uint4B 
      +0x248   Terminated               :   Pos   0,   1   Bit 
      +0x248   DeadThread               :   Pos   1,   1   Bit 
      +0x248   HideFromDebugger   :   Pos   2,   1   Bit 
      +0x248   ActiveImpersonationInfo   :   Pos   3,   1   Bit 
      +0x248   SystemThread           :   Pos   4,   1   Bit 
      +0x248   HardErrorsAreDisabled   :   Pos   5,   1   Bit 
      +0x248   BreakOnTermination   :   Pos   6,   1   Bit 
      +0x248   SkipCreationMsg     :   Pos   7,   1   Bit 
      +0x248   SkipTerminationMsg   :   Pos   8,   1   Bit 
      +0x24c   SameThreadPassiveFlags   :   Uint4B 
      +0x24c   ActiveExWorker       :   Pos   0,   1   Bit 
      +0x24c   ExWorkerCanWaitUser   :   Pos   1,   1   Bit 
      +0x24c   MemoryMaker             :   Pos   2,   1   Bit 
      +0x250   SameThreadApcFlags   :   Uint4B 
      +0x250   LpcReceivedMsgIdValid   :   Pos   0,   1   Bit 
      +0x250   LpcExitThreadCalled   :   Pos   1,   1   Bit 
      +0x250   AddressSpaceOwner   :   Pos   2,   1   Bit 
      +0x254   ForwardClusterOnly   :   UChar 
      +0x255   DisablePageFaultClustering   :   UChar 
