STRUCTURE : _EPROCESS
typedef struct _EPROCESS
{
_KPROCESS Pcb;
_EX_PUSH_LOCK ProcessLock;
_LARGE_INTEGER CreateTime;
_LARGE_INTEGER ExitTime;
_EX_RUNDOWN_REF RundownProtect;
VOID * UniqueProcessId;
_LIST_ENTRY ActiveProcessLinks;
ULONGLONG QuotaUsage[0x3];
ULONGLONG QuotaPeak[0x3];
volatile ULONGLONG CommitCharge;
ULONGLONG PeakVirtualSize;
ULONGLONG VirtualSize;
_LIST_ENTRY SessionProcessLinks;
VOID * DebugPort;
VOID * ExceptionPortData;
ULONGLONG ExceptionPortValue;
ULONGLONG ExceptionPortState:3;
_HANDLE_TABLE * ObjectTable;
_EX_FAST_REF Token;
ULONGLONG WorkingSetPage;
_EX_PUSH_LOCK AddressCreationLock;
_ETHREAD * RotateInProgress;
_ETHREAD * ForkInProgress;
ULONGLONG HardwareTrigger;
_MM_AVL_TABLE * PhysicalVadRoot;
VOID * CloneRoot;
volatile ULONGLONG NumberOfPrivatePages;
volatile ULONGLONG NumberOfLockedPages;
VOID * Win32Process;
_EJOB * Job;
VOID * SectionObject;
VOID * SectionBaseAddress;
_EPROCESS_QUOTA_BLOCK * QuotaBlock;
_PAGEFAULT_HISTORY * WorkingSetWatch;
VOID * Win32WindowStation;
VOID * InheritedFromUniqueProcessId;
VOID * LdtInformation;
VOID * VadFreeHint;
VOID * VdmObjects;
VOID * DeviceMap;
VOID * EtwDataSource;
VOID * FreeTebHint;
_HARDWARE_PTE PageDirectoryPte;
ULONGLONG Filler;
VOID * Session;
UCHAR ImageFileName[0x10];
_LIST_ENTRY JobLinks;
VOID * LockedPagesList;
_LIST_ENTRY ThreadListHead;
VOID * SecurityPort;
_WOW64_PROCESS * Wow64Process;
volatile ULONG ActiveThreads;
ULONG ImagePathHash;
ULONG DefaultHardErrorProcessing;
LONG LastThreadExitStatus;
_PEB * Peb;
_EX_FAST_REF PrefetchTrace;
_LARGE_INTEGER ReadOperationCount;
_LARGE_INTEGER WriteOperationCount;
_LARGE_INTEGER OtherOperationCount;
_LARGE_INTEGER ReadTransferCount;
_LARGE_INTEGER WriteTransferCount;
_LARGE_INTEGER OtherTransferCount;
ULONGLONG CommitChargeLimit;
volatile ULONGLONG CommitChargePeak;
VOID * AweInfo;
_SE_AUDIT_PROCESS_CREATION_INFO SeAuditProcessCreationInfo;
_MMSUPPORT Vm;
_LIST_ENTRY MmProcessLinks;
ULONG ModifiedPageCount;
ULONG Flags2;
ULONG JobNotReallyActive:1;
ULONG AccountingFolded:1;
ULONG NewProcessReported:1;
ULONG ExitProcessReported:1;
ULONG ReportCommitChanges:1;
ULONG LastReportMemory:1;
ULONG ReportPhysicalPageChanges:1;
ULONG HandleTableRundown:1;
ULONG NeedsHandleRundown:1;
ULONG RefTraceEnabled:1;
ULONG NumaAware:1;
ULONG ProtectedProcess:1;
ULONG DefaultPagePriority:3;
ULONG PrimaryTokenFrozen:1;
ULONG ProcessVerifierTarget:1;
ULONG StackRandomizationDisabled:1;
ULONG AffinityPermanent:1;
ULONG AffinityUpdateEnable:1;
ULONG Flags;
ULONG CreateReported:1;
ULONG NoDebugInherit:1;
ULONG ProcessExiting:1;
ULONG ProcessDelete:1;
ULONG Wow64SplitPages:1;
ULONG VmDeleted:1;
ULONG OutswapEnabled:1;
ULONG Outswapped:1;
ULONG ForkFailed:1;
ULONG Wow64VaSpace4Gb:1;
ULONG AddressSpaceInitialized:2;
ULONG SetTimerResolution:1;
ULONG BreakOnTermination:1;
ULONG DeprioritizeViews:1;
ULONG WriteWatch:1;
ULONG ProcessInSession:1;
ULONG OverrideAddressSpace:1;
ULONG HasAddressSpace:1;
ULONG LaunchPrefetched:1;
ULONG InjectInpageErrors:1;
ULONG VmTopDown:1;
ULONG ImageNotifyDone:1;
ULONG PdeUpdateNeeded:1;
ULONG VdmAllowed:1;
ULONG SmapAllowed:1;
ULONG ProcessInserted:1;
ULONG DefaultIoPriority:3;
ULONG ProcessSelfDelete:1;
ULONG SpareProcessFlags:1;
LONG ExitStatus;
USHORT Spare7;
UCHAR SubSystemMinorVersion;
UCHAR SubSystemMajorVersion;
USHORT SubSystemVersion;
UCHAR PriorityClass;
_MM_AVL_TABLE VadRoot;
ULONG Cookie;
_ALPC_PROCESS_CONTEXT AlpcContext;
};