KPROCESS struct (x64)

//only for Windows 7 RC x64
/*some little structs have not been introduced because you can easily get their structure with WinDbg*/

typedef struct _KEXECUTE_OPTIONS
{
union
{
ULONG ExecuteDisable: 1;
ULONG ExecuteEnable: 1;
ULONG DisableThunkEmulation: 1;
ULONG Permanent: 1;
ULONG ExecuteDispatchEnable: 1;
ULONG ImageDispatchEnable: 1;
ULONG DisableExceptionChainValdation: 1;
ULONG Spare: 1;
UCHAR ExecuteOptions;
};

} KEXECUTE_OPTIONS, *PKEXECUTE_OPTIONS;

typedef struct _KAFFINITY_EX
{
USHORT Count;
USHORT Size;
ULONG Reserved;
ULONGLONG Bitmap[4];
} KAFFINITY_EX,*PKAFFINITY_EX;

typedef struct _KPROCESS
{
DISPATCHER_HEADER Header;
LIST_ENTRY ProfileListHead;
ULONGLONG DirectoryTableBase;
LIST_ENTRY ThreadListHead;
ULONGLONG ProcessLock;
KAFFINITY_EX Affinity;
LIST_ENTRY ReadyListHead;
SINGLE_LIST_ENTRY SwapListEntry;
KAFFINITY_EX ActiveProcessors;
union
{
ULONG AutoAlignment: 1;
ULONG DisableBoost: 1;
ULONG DisableQuantum: 1;
ULONG ActiveGroupMask :4;
ULONG ReservedFlags: 25;
LONG ProcessFlags;
};
CHAR BasePriority;
CHAR QuantumReset;
UCHAR Visited;
UCHAR Unused3;
ULONG ThreadSeed[4] ;
USHORT IdealNode[4] ;
USHORT IdealGlobalNode;
KEXECUTE_OPTIONS Flags;
UCHAR Unused1;
UCHAR Unused2;
UCHAR Unused4;
ULONG StackCount;
LIST_ENTRY ProcessListEntry;
UINT64 CycleTime;
ULONG KernelTime;
ULONG UserTime;
PVOID InstrumentationCallback;
ULONGLONG LdtDescriptor[2];
PVOID LdtBaseAddress;
KGUARDED_MUTEX LdtProcessLock;
USHORT LdtFreeSelectorHint;
USHORT LdtTableLength;
} KPROCESS, *PKPROCESS;

~ by KeMmIo on October 18, 2010.