The Windows ETHREAD structure.

ETHREAD.c

struct _ETHREAD {
  struct _KTHREAD Tcb;
  union _LARGE_INTEGER CreateTime;
  union _LARGE_INTEGER ExitTime;
  struct _LIST_ENTRY KeyedWaitChain;
  void *ChargeOnlySession;
  struct _LIST_ENTRY PostBlockList;
  void *ForwardLinkShadow;
  void *StartAddress;
  struct _TERMINATION_PORT *TerminationPort;
  struct _ETHREAD *ReaperLink;
  void *KeyedWaitValue;
  unsigned int ActiveTimerListLock;
  struct _LIST_ENTRY ActiveTimerListHead;
  struct _CLIENT_ID Cid;
  struct _KSEMAPHORE KeyedWaitSemaphore;
  struct _KSEMAPHORE AlpcWaitSemaphore;
  union _PS_CLIENT_SECURITY_CONTEXT ClientSecurity;
  struct _LIST_ENTRY IrpList;
  unsigned int TopLevelIrp;
  struct _DEVICE_OBJECT *DeviceToVerify;
  void *Win32StartAddress;
  void *LegacyPowerObject;
  struct _LIST_ENTRY ThreadListEntry;
  struct _EX_RUNDOWN_REF RundownProtect;
  struct _EX_PUSH_LOCK ThreadLock;
  unsigned long ReadClusterSize;
  long MmLockOrdering;
  unsigned long CrossThreadFlags;
  unsigned long Terminated : 1;
  unsigned long ThreadInserted : 1;
  unsigned long HideFromDebugger : 1;
  unsigned long ActiveImpersonationInfo : 1;
  unsigned long HardErrorsAreDisabled : 1;
  unsigned long BreakOnTermination : 1;
  unsigned long SkipCreationMsg : 1;
  unsigned long SkipTerminationMsg : 1;
  unsigned long CopyTokenOnOpen : 1;
  unsigned long ThreadIoPriority : 3;
  unsigned long ThreadPagePriority : 3;
  unsigned long RundownFail : 1;
  unsigned long UmsForceQueueTermination : 1;
  unsigned long IndirectCpuSets : 1;
  unsigned long DisableDynamicCodeOptOut : 1;
  unsigned long ExplicitCaseSensitivity : 1;
  unsigned long ReservedCrossThreadFlags : 12;
  unsigned long SameThreadPassiveFlags;
  unsigned long ActiveExWorker : 1;
  unsigned long MemoryMaker : 1;
  unsigned long StoreLockThread : 2;
  unsigned long ClonedThread : 1;
  unsigned long KeyedEventInUse : 1;
  unsigned long SelfTerminate : 1;
  unsigned long RespectIoPriority : 1;
  unsigned long ActivePageLists : 1;
  unsigned long ReservedSameThreadPassiveFlags : 23;
  unsigned long SameThreadApcFlags;
  unsigned int OwnsProcessAddressSpaceExclusive : 1;
  unsigned int OwnsProcessAddressSpaceShared : 1;
  unsigned int HardFaultBehavior : 1;
  unsigned int StartAddressInvalid : 1;
  unsigned int EtwCalloutActive : 1;
  unsigned int SuppressSymbolLoad : 1;
  unsigned int Prefetching : 1;
  unsigned int OwnsVadExclusive : 1;
  unsigned int SystemPagePriorityActive : 1;
  unsigned int SystemPagePriority : 3;
  unsigned int CacheManagerActive;
  unsigned int DisablePageFaultClustering;
  unsigned int ActiveFaultCount;
  unsigned int LockOrderState;
  unsigned int AlpcMessageId;
  void *AlpcMessage;
  unsigned long AlpcReceiveAttributeSet;
  struct _LIST_ENTRY AlpcWaitListEntry;
  long ExitStatus;
  unsigned long CacheManagerCount;
  unsigned long IoBoostCount;
  unsigned long IoQoSBoostCount;
  unsigned long IoQoSThrottleCount;
  struct _LIST_ENTRY BoostList;
  struct _LIST_ENTRY DeboostList;
  unsigned int BoostListLock;
  unsigned int IrpListLock;
  void *ReservedForSynchTracking;
  struct _SINGLE_LIST_ENTRY CmCallbackListHead;
  struct _GUID *ActivityId;
  struct _SINGLE_LIST_ENTRY SeLearningModeListHead;
  void *VerifierContext;
  unsigned long KernelStackReference;
  void *AdjustedClientToken;
  void *WorkOnBehalfThread;
  struct _PS_PROPERTY_SET PropertySet;
  struct _THREAD_ENERGY_VALUES *EnergyValues;
  void *CmDbgInfo;
  unsigned int SelectedCpuSets;
  unsigned int *SelectedCpuSetsIndirect;
  struct _EJOB *Silo;
  struct _UNICODE_STRING *ThreadName;
  unsigned long ReadyTime;
};