Dieser Artikel listet die Struktur _ETHREAD von Windows Vista RTM (Release To Manufacturing). Die Daten wurden mit dem Windows-Kerneldebugger und ntoskrnl.exe Version 6.0.6000.16386 gewonnen. Die Symboldatei stammt von Microsofts Symbol Server.
kd> dt -b -v _ETHREAD
struct _ETHREAD, 78 elements, 0x288 bytes
+0x000 Tcb : struct _KTHREAD, 114 elements, 0x1e0 bytes
+0x000 Header : struct _DISPATCHER_HEADER, 13 elements, 0x10 bytes
+0x000 Type : UChar
+0x001 Abandoned : UChar
+0x001 Absolute : UChar
+0x001 NpxIrql : UChar
+0x001 Signalling : UChar
+0x002 Size : UChar
+0x002 Hand : UChar
+0x003 Inserted : UChar
+0x003 DebugActive : UChar
+0x003 DpcActive : UChar
+0x000 Lock : Int4B
+0x004 SignalState : Int4B
+0x008 WaitListHead : struct _LIST_ENTRY, 2 elements, 0x8 bytes
+0x000 Flink : Ptr32 to
+0x004 Blink : Ptr32 to
+0x010 CycleTime : Uint8B
+0x018 HighCycleTime : Uint4B
+0x020 QuantumTarget : Uint8B
+0x028 InitialStack : Ptr32 to
+0x02c StackLimit : Ptr32 to
+0x030 KernelStack : Ptr32 to
+0x034 ThreadLock : Uint4B
+0x038 ApcState : struct _KAPC_STATE, 5 elements, 0x18 bytes
+0x000 ApcListHead : (2 elements) struct _LIST_ENTRY, 2 elements, 0x8 bytes
+0x000 Flink : Ptr32 to
+0x004 Blink : Ptr32 to
+0x010 Process : Ptr32 to
+0x014 KernelApcInProgress : UChar
+0x015 KernelApcPending : UChar
+0x016 UserApcPending : UChar
+0x038 ApcStateFill : (23 elements) UChar
+0x04f Priority : Char
+0x050 NextProcessor : Uint2B
+0x052 DeferredProcessor : Uint2B
+0x054 ApcQueueLock : Uint4B
+0x058 ContextSwitches : Uint4B
+0x05c State : UChar
+0x05d NpxState : UChar
+0x05e WaitIrql : UChar
+0x05f WaitMode : Char
+0x060 WaitStatus : Int4B
+0x064 WaitBlockList : Ptr32 to
+0x064 GateObject : Ptr32 to
+0x068 KernelStackResident : Bitfield Pos 0, 1 Bit
+0x068 ReadyTransition : Bitfield Pos 1, 1 Bit
+0x068 ProcessReadyQueue : Bitfield Pos 2, 1 Bit
+0x068 WaitNext : Bitfield Pos 3, 1 Bit
+0x068 SystemAffinityActive : Bitfield Pos 4, 1 Bit
+0x068 Alertable : Bitfield Pos 5, 1 Bit
+0x068 GdiFlushActive : Bitfield Pos 6, 1 Bit
+0x068 Reserved : Bitfield Pos 7, 25 Bits
+0x068 MiscFlags : Int4B
+0x06c WaitReason : UChar
+0x06d SwapBusy : UChar
+0x06e Alerted : (2 elements) UChar
+0x070 WaitListEntry : struct _LIST_ENTRY, 2 elements, 0x8 bytes
+0x000 Flink : Ptr32 to
+0x004 Blink : Ptr32 to
+0x070 SwapListEntry : struct _SINGLE_LIST_ENTRY, 1 elements, 0x4 bytes
+0x000 Next : Ptr32 to
+0x078 Queue : Ptr32 to
+0x07c WaitTime : Uint4B
+0x080 KernelApcDisable : Int2B
+0x082 SpecialApcDisable : Int2B
+0x080 CombinedApcDisable : Uint4B
+0x084 Teb : Ptr32 to
+0x088 Timer : struct _KTIMER, 5 elements, 0x28 bytes
+0x000 Header : struct _DISPATCHER_HEADER, 13 elements, 0x10 bytes
+0x000 Type : UChar
+0x001 Abandoned : UChar
+0x001 Absolute : UChar
+0x001 NpxIrql : UChar
+0x001 Signalling : UChar
+0x002 Size : UChar
+0x002 Hand : UChar
+0x003 Inserted : UChar
+0x003 DebugActive : UChar
+0x003 DpcActive : UChar
+0x000 Lock : Int4B
+0x004 SignalState : Int4B
+0x008 WaitListHead : struct _LIST_ENTRY, 2 elements, 0x8 bytes
+0x000 Flink : Ptr32 to
+0x004 Blink : Ptr32 to
+0x010 DueTime : union _ULARGE_INTEGER, 4 elements, 0x8 bytes
+0x000 LowPart : Uint4B
+0x004 HighPart : Uint4B
+0x000 u : struct , 2 elements, 0x8 bytes
+0x000 LowPart : Uint4B
+0x004 HighPart : Uint4B
+0x000 QuadPart : Uint8B
+0x018 TimerListEntry : struct _LIST_ENTRY, 2 elements, 0x8 bytes
+0x000 Flink : Ptr32 to
+0x004 Blink : Ptr32 to
+0x020 Dpc : Ptr32 to
+0x024 Period : Int4B
+0x088 TimerFill : (40 elements) UChar
+0x0b0 AutoAlignment : Bitfield Pos 0, 1 Bit
+0x0b0 DisableBoost : Bitfield Pos 1, 1 Bit
+0x0b0 EtwStackTraceApc1Inserted : Bitfield Pos 2, 1 Bit
+0x0b0 EtwStackTraceApc2Inserted : Bitfield Pos 3, 1 Bit
+0x0b0 CycleChargePending : Bitfield Pos 4, 1 Bit
+0x0b0 CalloutActive : Bitfield Pos 5, 1 Bit
+0x0b0 ApcQueueable : Bitfield Pos 6, 1 Bit
+0x0b0 EnableStackSwap : Bitfield Pos 7, 1 Bit
+0x0b0 GuiThread : Bitfield Pos 8, 1 Bit
+0x0b0 ReservedFlags : Bitfield Pos 9, 23 Bits
+0x0b0 ThreadFlags : Int4B
+0x0b8 WaitBlock : (4 elements) struct _KWAIT_BLOCK, 7 elements, 0x18 bytes
+0x000 WaitListEntry : struct _LIST_ENTRY, 2 elements, 0x8 bytes
+0x000 Flink : Ptr32 to
+0x004 Blink : Ptr32 to
+0x008 Thread : Ptr32 to
+0x00c Object : Ptr32 to
+0x010 NextWaitBlock : Ptr32 to
+0x014 WaitKey : Uint2B
+0x016 WaitType : UChar
+0x017 SpareByte : UChar
+0x0b8 WaitBlockFill0 : (23 elements) UChar
+0x0cf IdealProcessor : UChar
+0x0b8 WaitBlockFill1 : (47 elements) UChar
+0x0e7 PreviousMode : Char
+0x0b8 WaitBlockFill2 : (71 elements) UChar
+0x0ff ResourceIndex : UChar
+0x0b8 WaitBlockFill3 : (95 elements) UChar
+0x117 LargeStack : UChar
+0x118 QueueListEntry : struct _LIST_ENTRY, 2 elements, 0x8 bytes
+0x000 Flink : Ptr32 to
+0x004 Blink : Ptr32 to
+0x120 TrapFrame : Ptr32 to
+0x124 FirstArgument : Ptr32 to
+0x128 CallbackStack : Ptr32 to
+0x128 CallbackDepth : Uint4B
+0x12c ServiceTable : Ptr32 to
+0x130 ApcStateIndex : UChar
+0x131 BasePriority : Char
+0x132 PriorityDecrement : Char
+0x133 Preempted : UChar
+0x134 AdjustReason : UChar
+0x135 AdjustIncrement : Char
+0x136 Spare01 : UChar
+0x137 Saturation : Char
+0x138 SystemCallNumber : Uint4B
+0x13c Spare02 : Uint4B
+0x140 UserAffinity : Uint4B
+0x144 Process : Ptr32 to
+0x148 Affinity : Uint4B
+0x14c ApcStatePointer : (2 elements) Ptr32 to
+0x154 SavedApcState : struct _KAPC_STATE, 5 elements, 0x18 bytes
+0x000 ApcListHead : (2 elements) struct _LIST_ENTRY, 2 elements, 0x8 bytes
+0x000 Flink : Ptr32 to
+0x004 Blink : Ptr32 to
+0x010 Process : Ptr32 to
+0x014 KernelApcInProgress : UChar
+0x015 KernelApcPending : UChar
+0x016 UserApcPending : UChar
+0x154 SavedApcStateFill : (23 elements) UChar
+0x16b FreezeCount : Char
+0x16c SuspendCount : Char
+0x16d UserIdealProcessor : UChar
+0x16e Spare03 : UChar
+0x16f Iopl : UChar
+0x170 Win32Thread : Ptr32 to
+0x174 StackBase : Ptr32 to
+0x178 SuspendApc : struct _KAPC, 16 elements, 0x30 bytes
+0x000 Type : UChar
+0x001 SpareByte0 : UChar
+0x002 Size : UChar
+0x003 SpareByte1 : UChar
+0x004 SpareLong0 : Uint4B
+0x008 Thread : Ptr32 to
+0x00c ApcListEntry : struct _LIST_ENTRY, 2 elements, 0x8 bytes
+0x000 Flink : Ptr32 to
+0x004 Blink : Ptr32 to
+0x014 KernelRoutine : Ptr32 to
+0x018 RundownRoutine : Ptr32 to
+0x01c NormalRoutine : Ptr32 to
+0x020 NormalContext : Ptr32 to
+0x024 SystemArgument1 : Ptr32 to
+0x028 SystemArgument2 : Ptr32 to
+0x02c ApcStateIndex : Char
+0x02d ApcMode : Char
+0x02e Inserted : UChar
+0x178 SuspendApcFill0 : (1 elements) UChar
+0x179 Spare04 : Char
+0x178 SuspendApcFill1 : (3 elements) UChar
+0x17b QuantumReset : UChar
+0x178 SuspendApcFill2 : (4 elements) UChar
+0x17c KernelTime : Uint4B
+0x178 SuspendApcFill3 : (36 elements) UChar
+0x19c WaitPrcb : Ptr32 to
+0x178 SuspendApcFill4 : (40 elements) UChar
+0x1a0 LegoData : Ptr32 to
+0x178 SuspendApcFill5 : (47 elements) UChar
+0x1a7 PowerState : UChar
+0x1a8 UserTime : Uint4B
+0x1ac SuspendSemaphore : struct _KSEMAPHORE, 2 elements, 0x14 bytes
+0x000 Header : struct _DISPATCHER_HEADER, 13 elements, 0x10 bytes
+0x000 Type : UChar
+0x001 Abandoned : UChar
+0x001 Absolute : UChar
+0x001 NpxIrql : UChar
+0x001 Signalling : UChar
+0x002 Size : UChar
+0x002 Hand : UChar
+0x003 Inserted : UChar
+0x003 DebugActive : UChar
+0x003 DpcActive : UChar
+0x000 Lock : Int4B
+0x004 SignalState : Int4B
+0x008 WaitListHead : struct _LIST_ENTRY, 2 elements, 0x8 bytes
+0x000 Flink : Ptr32 to
+0x004 Blink : Ptr32 to
+0x010 Limit : Int4B
+0x1ac SuspendSemaphorefill : (20 elements) UChar
+0x1c0 SListFaultCount : Uint4B
+0x1c4 ThreadListEntry : struct _LIST_ENTRY, 2 elements, 0x8 bytes
+0x000 Flink : Ptr32 to
+0x004 Blink : Ptr32 to
+0x1cc MutantListHead : struct _LIST_ENTRY, 2 elements, 0x8 bytes
+0x000 Flink : Ptr32 to
+0x004 Blink : Ptr32 to
+0x1d4 SListFaultAddress : Ptr32 to
+0x1d8 MdlForLockedTeb : Ptr32 to
+0x1e0 CreateTime : union _LARGE_INTEGER, 4 elements, 0x8 bytes
+0x000 LowPart : Uint4B
+0x004 HighPart : Int4B
+0x000 u : struct , 2 elements, 0x8 bytes
+0x000 LowPart : Uint4B
+0x004 HighPart : Int4B
+0x000 QuadPart : Int8B
+0x1e8 ExitTime : union _LARGE_INTEGER, 4 elements, 0x8 bytes
+0x000 LowPart : Uint4B
+0x004 HighPart : Int4B
+0x000 u : struct , 2 elements, 0x8 bytes
+0x000 LowPart : Uint4B
+0x004 HighPart : Int4B
+0x000 QuadPart : Int8B
+0x1e8 KeyedWaitChain : struct _LIST_ENTRY, 2 elements, 0x8 bytes
+0x000 Flink : Ptr32 to
+0x004 Blink : Ptr32 to
+0x1f0 ExitStatus : Int4B
+0x1f0 OfsChain : Ptr32 to
+0x1f4 PostBlockList : struct _LIST_ENTRY, 2 elements, 0x8 bytes
+0x000 Flink : Ptr32 to
+0x004 Blink : Ptr32 to
+0x1f4 ForwardLinkShadow : Ptr32 to
+0x1f8 StartAddress : Ptr32 to
+0x1fc TerminationPort : Ptr32 to
+0x1fc ReaperLink : Ptr32 to
+0x1fc KeyedWaitValue : Ptr32 to
+0x1fc Win32StartParameter : Ptr32 to
+0x200 ActiveTimerListLock : Uint4B
+0x204 ActiveTimerListHead : struct _LIST_ENTRY, 2 elements, 0x8 bytes
+0x000 Flink : Ptr32 to
+0x004 Blink : Ptr32 to
+0x20c Cid : struct _CLIENT_ID, 2 elements, 0x8 bytes
+0x000 UniqueProcess : Ptr32 to
+0x004 UniqueThread : Ptr32 to
+0x214 KeyedWaitSemaphore : struct _KSEMAPHORE, 2 elements, 0x14 bytes
+0x000 Header : struct _DISPATCHER_HEADER, 13 elements, 0x10 bytes
+0x000 Type : UChar
+0x001 Abandoned : UChar
+0x001 Absolute : UChar
+0x001 NpxIrql : UChar
+0x001 Signalling : UChar
+0x002 Size : UChar
+0x002 Hand : UChar
+0x003 Inserted : UChar
+0x003 DebugActive : UChar
+0x003 DpcActive : UChar
+0x000 Lock : Int4B
+0x004 SignalState : Int4B
+0x008 WaitListHead : struct _LIST_ENTRY, 2 elements, 0x8 bytes
+0x000 Flink : Ptr32 to
+0x004 Blink : Ptr32 to
+0x010 Limit : Int4B
+0x214 AlpcWaitSemaphore : struct _KSEMAPHORE, 2 elements, 0x14 bytes
+0x000 Header : struct _DISPATCHER_HEADER, 13 elements, 0x10 bytes
+0x000 Type : UChar
+0x001 Abandoned : UChar
+0x001 Absolute : UChar
+0x001 NpxIrql : UChar
+0x001 Signalling : UChar
+0x002 Size : UChar
+0x002 Hand : UChar
+0x003 Inserted : UChar
+0x003 DebugActive : UChar
+0x003 DpcActive : UChar
+0x000 Lock : Int4B
+0x004 SignalState : Int4B
+0x008 WaitListHead : struct _LIST_ENTRY, 2 elements, 0x8 bytes
+0x000 Flink : Ptr32 to
+0x004 Blink : Ptr32 to
+0x010 Limit : Int4B
+0x228 ClientSecurity : union _PS_CLIENT_SECURITY_CONTEXT, 4 elements, 0x4 bytes
+0x000 ImpersonationData : Uint4B
+0x000 ImpersonationToken : Ptr32 to
+0x000 ImpersonationLevel : Bitfield Pos 0, 2 Bits
+0x000 EffectiveOnly : Bitfield Pos 2, 1 Bit
+0x22c IrpList : struct _LIST_ENTRY, 2 elements, 0x8 bytes
+0x000 Flink : Ptr32 to
+0x004 Blink : Ptr32 to
+0x234 TopLevelIrp : Uint4B
+0x238 DeviceToVerify : Ptr32 to
+0x23c RateControlApc : Ptr32 to
+0x240 Win32StartAddress : Ptr32 to
+0x244 SparePtr0 : Ptr32 to
+0x248 ThreadListEntry : struct _LIST_ENTRY, 2 elements, 0x8 bytes
+0x000 Flink : Ptr32 to
+0x004 Blink : Ptr32 to
+0x250 RundownProtect : struct _EX_RUNDOWN_REF, 2 elements, 0x4 bytes
+0x000 Count : Uint4B
+0x000 Ptr : Ptr32 to
+0x254 ThreadLock : struct _EX_PUSH_LOCK, 7 elements, 0x4 bytes
+0x000 Locked : Bitfield Pos 0, 1 Bit
+0x000 Waiting : Bitfield Pos 1, 1 Bit
+0x000 Waking : Bitfield Pos 2, 1 Bit
+0x000 MultipleShared : Bitfield Pos 3, 1 Bit
+0x000 Shared : Bitfield Pos 4, 28 Bits
+0x000 Value : Uint4B
+0x000 Ptr : Ptr32 to
+0x258 ReadClusterSize : Uint4B
+0x25c MmLockOrdering : Int4B
+0x260 CrossThreadFlags : Uint4B
+0x260 Terminated : Bitfield Pos 0, 1 Bit
+0x260 ThreadInserted : Bitfield Pos 1, 1 Bit
+0x260 HideFromDebugger : Bitfield Pos 2, 1 Bit
+0x260 ActiveImpersonationInfo : Bitfield Pos 3, 1 Bit
+0x260 SystemThread : Bitfield Pos 4, 1 Bit
+0x260 HardErrorsAreDisabled : Bitfield Pos 5, 1 Bit
+0x260 BreakOnTermination : Bitfield Pos 6, 1 Bit
+0x260 SkipCreationMsg : Bitfield Pos 7, 1 Bit
+0x260 SkipTerminationMsg : Bitfield Pos 8, 1 Bit
+0x260 CopyTokenOnOpen : Bitfield Pos 9, 1 Bit
+0x260 ThreadIoPriority : Bitfield Pos 10, 3 Bits
+0x260 ThreadPagePriority : Bitfield Pos 13, 3 Bits
+0x260 RundownFail : Bitfield Pos 16, 1 Bit
+0x264 SameThreadPassiveFlags : Uint4B
+0x264 ActiveExWorker : Bitfield Pos 0, 1 Bit
+0x264 ExWorkerCanWaitUser : Bitfield Pos 1, 1 Bit
+0x264 MemoryMaker : Bitfield Pos 2, 1 Bit
+0x264 ClonedThread : Bitfield Pos 3, 1 Bit
+0x264 KeyedEventInUse : Bitfield Pos 4, 1 Bit
+0x264 RateApcState : Bitfield Pos 5, 2 Bits
+0x264 SelfTerminate : Bitfield Pos 7, 1 Bit
+0x268 SameThreadApcFlags : Uint4B
+0x268 Spare : Bitfield Pos 0, 1 Bit
+0x268 StartAddressInvalid : Bitfield Pos 1, 1 Bit
+0x268 EtwPageFaultCalloutActive : Bitfield Pos 2, 1 Bit
+0x268 OwnsProcessWorkingSetExclusive : Bitfield Pos 3, 1 Bit
+0x268 OwnsProcessWorkingSetShared : Bitfield Pos 4, 1 Bit
+0x268 OwnsSystemWorkingSetExclusive : Bitfield Pos 5, 1 Bit
+0x268 OwnsSystemWorkingSetShared : Bitfield Pos 6, 1 Bit
+0x268 OwnsSessionWorkingSetExclusive : Bitfield Pos 7, 1 Bit
+0x269 OwnsSessionWorkingSetShared : Bitfield Pos 0, 1 Bit
+0x269 OwnsProcessAddressSpaceExclusive : Bitfield Pos 1, 1 Bit
+0x269 OwnsProcessAddressSpaceShared : Bitfield Pos 2, 1 Bit
+0x269 SuppressSymbolLoad : Bitfield Pos 3, 1 Bit
+0x269 Prefetching : Bitfield Pos 4, 1 Bit
+0x269 OwnsDynamicMemoryShared : Bitfield Pos 5, 1 Bit
+0x269 OwnsChangeControlAreaExclusive : Bitfield Pos 6, 1 Bit
+0x269 OwnsChangeControlAreaShared : Bitfield Pos 7, 1 Bit
+0x26a PriorityRegionActive : Bitfield Pos 0, 4 Bits
+0x26c CacheManagerActive : UChar
+0x26d DisablePageFaultClustering : UChar
+0x26e ActiveFaultCount : UChar
+0x270 AlpcMessageId : Uint4B
+0x274 AlpcMessage : Ptr32 to
+0x274 AlpcReceiveAttributeSet : Uint4B
+0x278 AlpcWaitListEntry : struct _LIST_ENTRY, 2 elements, 0x8 bytes
+0x000 Flink : Ptr32 to
+0x004 Blink : Ptr32 to
+0x280 CacheManagerCount : Uint4B
