HACKE-RC/EPROCESS.c

## EPROCESS.c
typedef struct _EPROCESS {
    struct _KPROCESS Pcb;
    struct _EX_PUSH_LOCK ProcessLock;
    PVOID UniqueProcessId;
    struct _LIST_ENTRY ActiveProcessLinks;
    struct _EX_RUNDOWN_REF RundownProtect;
    ULONG Flags2;
    ULONG JobNotReallyActive: 1;
    ULONG AccountingFolded: 1;
    ULONG NewProcessReported: 1;
    ULONG ExitProcessReported: 1;
    ULONG ReportCommitChanges: 1;
    ULONG LastReportMemory: 1;
    ULONG ForceWakeCharge: 1;
    ULONG CrossSessionCreate: 1;
    ULONG NeedsHandleRundown: 1;
    ULONG RefTraceEnabled: 1;
    ULONG PicoCreated: 1;
    ULONG EmptyJobEvaluated: 1;
    ULONG DefaultPagePriority: 3;
    ULONG PrimaryTokenFrozen: 1;
    ULONG ProcessVerifierTarget: 1;
    ULONG RestrictSetThreadContext: 1;
    ULONG AffinityPermanent: 1;
    ULONG AffinityUpdateEnable: 1;
    ULONG PropagateNode: 1;
    ULONG ExplicitAffinity: 1;
    ULONG ProcessExecutionState: 2;
    ULONG EnableReadVmLogging: 1;
    ULONG EnableWriteVmLogging: 1;
    ULONG FatalAccessTerminationRequested: 1;
    ULONG DisableSystemAllowedCpuSet: 1;
    ULONG ProcessStateChangeRequest: 2;
    ULONG ProcessStateChangeInProgress: 1;
    ULONG InPrivate: 1;
    ULONG Flags;
    ULONG CreateReported: 1;
    ULONG NoDebugInherit: 1;
    ULONG ProcessExiting: 1;
    ULONG ProcessDelete: 1;
    ULONG ManageExecutableMemoryWrites: 1;
    ULONG VmDeleted: 1;
    ULONG OutswapEnabled: 1;
    ULONG Outswapped: 1;
    ULONG FailFastOnCommitFail: 1;
    ULONG Wow64VaSpace4Gb: 1;
    ULONG AddressSpaceInitialized: 2;
    ULONG SetTimerResolution: 1;
    ULONG BreakOnTermination: 1;
    ULONG DeprioritizeViews: 1;
    ULONG WriteWatch: 1;
    ULONG ProcessInSession: 1;
    ULONG OverrideAddressSpace: 1;
    ULONG HasAddressSpace: 1;
    ULONG LaunchPrefetched: 1;
    ULONG Background: 1;
    ULONG VmTopDown: 1;
    ULONG ImageNotifyDone: 1;
    ULONG PdeUpdateNeeded: 1;
    ULONG VdmAllowed: 1;
    ULONG ProcessRundown: 1;
    ULONG ProcessInserted: 1;
    ULONG DefaultIoPriority: 3;
    ULONG ProcessSelfDelete: 1;
    ULONG SetTimerResolutionLink: 1;
    union _LARGE_INTEGER CreateTime;
    ULONG64 ProcessQuotaUsage[2];
    ULONG64 ProcessQuotaPeak[2];
    ULONG64 PeakVirtualSize;
    ULONG64 VirtualSize;
    struct _LIST_ENTRY SessionProcessLinks;
    PVOID ExceptionPortData;
    ULONG64 ExceptionPortValue;
    ULONG64 ExceptionPortState: 3;
    struct _EX_FAST_REF Token;
    ULONG64 MmReserved;
    struct _EX_PUSH_LOCK AddressCreationLock;
    struct _EX_PUSH_LOCK PageTableCommitmentLock;
    struct _ETHREAD * RotateInProgress;
    struct _ETHREAD * ForkInProgress;
    struct _EJOB * CommitChargeJob;
    struct _RTL_AVL_TREE CloneRoot;
    ULONG64 NumberOfPrivatePages;
    ULONG64 NumberOfLockedPages;
    PVOID Win32Process;
    struct _EJOB * Job;
    PVOID SectionObject;
    PVOID SectionBaseAddress;
    ULONG Cookie;
    struct _PAGEFAULT_HISTORY * WorkingSetWatch;
    PVOID Win32WindowStation;
    PVOID InheritedFromUniqueProcessId;
    ULONG64 OwnerProcessId;
    struct _PEB * Peb;
    struct _MM_SESSION_SPACE * Session;
    PVOID Spare1;
    struct _EPROCESS_QUOTA_BLOCK * QuotaBlock;
    struct _HANDLE_TABLE * ObjectTable;
    PVOID DebugPort;
    struct _EWOW64PROCESS * WoW64Process;
    struct _EX_FAST_REF DeviceMap;
    PVOID EtwDataSource;
    ULONG64 PageDirectoryPte;
    struct _FILE_OBJECT * ImageFilePointer;
    UCHAR ImageFileName[15];
    UCHAR PriorityClass;
    PVOID SecurityPort;
    struct _SE_AUDIT_PROCESS_CREATION_INFO SeAuditProcessCreationInfo;
    struct _LIST_ENTRY JobLinks;
    PVOID HighestUserAddress;
    struct _LIST_ENTRY ThreadListHead;
    ULONG ActiveThreads;
    ULONG ImagePathHash;
    ULONG DefaultHardErrorProcessing;
    LONG LastThreadExitStatus;
    struct _EX_FAST_REF PrefetchTrace;
    PVOID LockedPagesList;
    union _LARGE_INTEGER ReadOperationCount;
    union _LARGE_INTEGER WriteOperationCount;
    union _LARGE_INTEGER OtherOperationCount;
    union _LARGE_INTEGER ReadTransferCount;
    union _LARGE_INTEGER WriteTransferCount;
    union _LARGE_INTEGER OtherTransferCount;
    ULONG64 CommitChargeLimit;
    ULONG64 CommitCharge;
    ULONG64 CommitChargePeak;
    struct _MMSUPPORT_FULL Vm;
    struct _LIST_ENTRY MmProcessLinks;
    ULONG ModifiedPageCount;
    LONG ExitStatus;
    struct _RTL_AVL_TREE VadRoot;
    PVOID VadHint;
    ULONG64 VadCount;
    ULONG64 VadPhysicalPages;
    ULONG64 VadPhysicalPagesLimit;
    struct _ALPC_PROCESS_CONTEXT AlpcContext;
    struct _LIST_ENTRY TimerResolutionLink;
    struct _PO_DIAG_STACK_RECORD * TimerResolutionStackRecord;
    ULONG RequestedTimerResolution;
    ULONG SmallestTimerResolution;
    union _LARGE_INTEGER ExitTime;
    struct _INVERTED_FUNCTION_TABLE * InvertedFunctionTable;
    struct _EX_PUSH_LOCK InvertedFunctionTableLock;
    ULONG ActiveThreadsHighWatermark;
    ULONG LargePrivateVadCount;
    struct _EX_PUSH_LOCK ThreadListLock;
    PVOID WnfContext;
    struct _EJOB * ServerSilo;
    UCHAR SignatureLevel;
    UCHAR SectionSignatureLevel;
    struct _PS_PROTECTION Protection;
    UCHAR HangCount: 3;
    UCHAR GhostCount: 3;
    UCHAR PrefilterException: 1;
    ULONG Flags3;
    ULONG Minimal: 1;
    ULONG ReplacingPageRoot: 1;
    ULONG Crashed: 1;
    ULONG JobVadsAreTracked: 1;
    ULONG VadTrackingDisabled: 1;
    ULONG AuxiliaryProcess: 1;
    ULONG SubsystemProcess: 1;
    ULONG IndirectCpuSets: 1;
    ULONG RelinquishedCommit: 1;
    ULONG HighGraphicsPriority: 1;
    ULONG CommitFailLogged: 1;
    ULONG ReserveFailLogged: 1;
    ULONG SystemProcess: 1;
    ULONG HideImageBaseAddresses: 1;
    ULONG AddressPolicyFrozen: 1;
    ULONG ProcessFirstResume: 1;
    ULONG ForegroundExternal: 1;
    ULONG ForegroundSystem: 1;
    ULONG HighMemoryPriority: 1;
    ULONG EnableProcessSuspendResumeLogging: 1;
    ULONG EnableThreadSuspendResumeLogging: 1;
    ULONG SecurityDomainChanged: 1;
    ULONG SecurityFreezeComplete: 1;
    ULONG VmProcessorHost: 1;
    ULONG VmProcessorHostTransition: 1;
    ULONG AltSyscall: 1;
    ULONG TimerResolutionIgnore: 1;
    ULONG DisallowUserTerminate: 1;
    ULONG EnableProcessRemoteExecProtectVmLogging: 1;
    ULONG EnableProcessLocalExecProtectVmLogging: 1;
    ULONG EmulationDebugEmulator: 1;
    LONG DeviceAsid;
    PVOID SvmData;
    struct _EX_PUSH_LOCK SvmProcessLock;
    ULONG64 SvmLock;
    struct _LIST_ENTRY SvmProcessDeviceListHead;
    ULONG64 LastFreezeInterruptTime;
    struct _PROCESS_DISK_COUNTERS * DiskCounters;
    PVOID PicoContext;
    PVOID EnclaveTable;
    ULONG64 EnclaveNumber;
    struct _EX_PUSH_LOCK EnclaveLock;
    ULONG HighPriorityFaultsAllowed;
    struct _PO_PROCESS_ENERGY_CONTEXT * EnergyContext;
    PVOID VmContext;
    ULONG64 SequenceNumber;
    ULONG64 CreateInterruptTime;
    ULONG64 CreateUnbiasedInterruptTime;
    ULONG64 TotalUnbiasedFrozenTime;
    ULONG64 LastAppStateUpdateTime;
    ULONG64 LastAppStateUptime: 61;
    ULONG64 LastAppState: 3;
    ULONG64 SharedCommitCharge;
    struct _EX_PUSH_LOCK SharedCommitLock;
    struct _LIST_ENTRY SharedCommitLinks;
    ULONG64 AllowedCpuSets;
    ULONG64 DefaultCpuSets;
    PULONG64 AllowedCpuSetsIndirect;
    PULONG64 DefaultCpuSetsIndirect;
    PVOID DiskIoAttribution;
    PVOID DxgProcess;
    ULONG Win32KFilterSet;
    USHORT Machine;
    USHORT Spare0;
    union _PS_INTERLOCKED_TIMER_DELAY_VALUES ProcessTimerDelay;
    ULONG KTimerSets;
    ULONG KTimer2Sets;
    ULONG ThreadTimerSets;
    ULONG64 VirtualTimerListLock;
    struct _LIST_ENTRY VirtualTimerListHead;
    struct _WNF_STATE_NAME WakeChannel;
    struct _PS_PROCESS_WAKE_INFORMATION WakeInfo;
    ULONG MitigationFlags;
    struct {
        ULONG ControlFlowGuardEnabled: 1;
        ULONG ControlFlowGuardExportSuppressionEnabled: 1;
        ULONG ControlFlowGuardStrict: 1;
        ULONG DisallowStrippedImages: 1;
        ULONG ForceRelocateImages: 1;
        ULONG HighEntropyASLREnabled: 1;
        ULONG StackRandomizationDisabled: 1;
        ULONG ExtensionPointDisable: 1;
        ULONG DisableDynamicCode: 1;
        ULONG DisableDynamicCodeAllowOptOut: 1;
        ULONG DisableDynamicCodeAllowRemoteDowngrade: 1;
        ULONG AuditDisableDynamicCode: 1;
        ULONG DisallowWin32kSystemCalls: 1;
        ULONG AuditDisallowWin32kSystemCalls: 1;
        ULONG EnableFilteredWin32kAPIs: 1;
        ULONG AuditFilteredWin32kAPIs: 1;
        ULONG DisableNonSystemFonts: 1;
        ULONG AuditNonSystemFontLoading: 1;
        ULONG PreferSystem32Images: 1;
        ULONG ProhibitRemoteImageMap: 1;
        ULONG AuditProhibitRemoteImageMap: 1;
        ULONG ProhibitLowILImageMap: 1;
        ULONG AuditProhibitLowILImageMap: 1;
        ULONG SignatureMitigationOptIn: 1;
        ULONG AuditBlockNonMicrosoftBinaries: 1;
        ULONG AuditBlockNonMicrosoftBinariesAllowStore: 1;
        ULONG LoaderIntegrityContinuityEnabled: 1;
        ULONG AuditLoaderIntegrityContinuity: 1;
        ULONG EnableModuleTamperingProtection: 1;
        ULONG EnableModuleTamperingProtectionNoInherit: 1;
        ULONG RestrictIndirectBranchPrediction: 1;
        ULONG IsolateSecurityDomain: 1;
    }
    MitigationFlagsValues;
    ULONG MitigationFlags2;
    struct {
        ULONG EnableExportAddressFilter: 1;
        ULONG AuditExportAddressFilter: 1;
        ULONG EnableExportAddressFilterPlus: 1;
        ULONG AuditExportAddressFilterPlus: 1;
        ULONG EnableRopStackPivot: 1;
        ULONG AuditRopStackPivot: 1;
        ULONG EnableRopCallerCheck: 1;
        ULONG AuditRopCallerCheck: 1;
        ULONG EnableRopSimExec: 1;
        ULONG AuditRopSimExec: 1;
        ULONG EnableImportAddressFilter: 1;
        ULONG AuditImportAddressFilter: 1;
        ULONG DisablePageCombine: 1;
        ULONG SpeculativeStoreBypassDisable: 1;
        ULONG CetUserShadowStacks: 1;
        ULONG AuditCetUserShadowStacks: 1;
        ULONG AuditCetUserShadowStacksLogged: 1;
        ULONG UserCetSetContextIpValidation: 1;
        ULONG AuditUserCetSetContextIpValidation: 1;
        ULONG AuditUserCetSetContextIpValidationLogged: 1;
        ULONG CetUserShadowStacksStrictMode: 1;
        ULONG BlockNonCetBinaries: 1;
        ULONG BlockNonCetBinariesNonEhcont: 1;
        ULONG AuditBlockNonCetBinaries: 1;
        ULONG AuditBlockNonCetBinariesLogged: 1;
        ULONG XtendedControlFlowGuard: 1;
        ULONG AuditXtendedControlFlowGuard: 1;
        ULONG PointerAuthUserIp: 1;
        ULONG AuditPointerAuthUserIp: 1;
        ULONG AuditPointerAuthUserIpLogged: 1;
        ULONG CetDynamicApisOutOfProcOnly: 1;
        ULONG UserCetSetContextIpValidationRelaxedMode: 1;
    }
    MitigationFlags2Values;
    PVOID PartitionObject;
    ULONG64 SecurityDomain;
    ULONG64 ParentSecurityDomain;
    PVOID CoverageSamplerContext;
    PVOID MmHotPatchContext;
    struct _KE_IDEAL_PROCESSOR_ASSIGNMENT_BLOCK IdealProcessorAssignmentBlock;
    struct _RTL_AVL_TREE DynamicEHContinuationTargetsTree;
    struct _EX_PUSH_LOCK DynamicEHContinuationTargetsLock;
    struct _PS_DYNAMIC_ENFORCED_ADDRESS_RANGES DynamicEnforcedCetCompatibleRanges;
    ULONG DisabledComponentFlags;
    LONG PageCombineSequence;
    struct _EX_PUSH_LOCK EnableOptionalXStateFeaturesLock;
};
	typedef struct _EPROCESS {
	struct _KPROCESS Pcb;
	struct _EX_PUSH_LOCK ProcessLock;
	PVOID UniqueProcessId;
	struct _LIST_ENTRY ActiveProcessLinks;
	struct _EX_RUNDOWN_REF RundownProtect;
	ULONG Flags2;
	ULONG JobNotReallyActive: 1;
	ULONG AccountingFolded: 1;
	ULONG NewProcessReported: 1;
	ULONG ExitProcessReported: 1;
	ULONG ReportCommitChanges: 1;
	ULONG LastReportMemory: 1;
	ULONG ForceWakeCharge: 1;
	ULONG CrossSessionCreate: 1;
	ULONG NeedsHandleRundown: 1;
	ULONG RefTraceEnabled: 1;
	ULONG PicoCreated: 1;
	ULONG EmptyJobEvaluated: 1;
	ULONG DefaultPagePriority: 3;
	ULONG PrimaryTokenFrozen: 1;
	ULONG ProcessVerifierTarget: 1;
	ULONG RestrictSetThreadContext: 1;
	ULONG AffinityPermanent: 1;
	ULONG AffinityUpdateEnable: 1;
	ULONG PropagateNode: 1;
	ULONG ExplicitAffinity: 1;
	ULONG ProcessExecutionState: 2;
	ULONG EnableReadVmLogging: 1;
	ULONG EnableWriteVmLogging: 1;
	ULONG FatalAccessTerminationRequested: 1;
	ULONG DisableSystemAllowedCpuSet: 1;
	ULONG ProcessStateChangeRequest: 2;
	ULONG ProcessStateChangeInProgress: 1;
	ULONG InPrivate: 1;
	ULONG Flags;
	ULONG CreateReported: 1;
	ULONG NoDebugInherit: 1;
	ULONG ProcessExiting: 1;
	ULONG ProcessDelete: 1;
	ULONG ManageExecutableMemoryWrites: 1;
	ULONG VmDeleted: 1;
	ULONG OutswapEnabled: 1;
	ULONG Outswapped: 1;
	ULONG FailFastOnCommitFail: 1;
	ULONG Wow64VaSpace4Gb: 1;
	ULONG AddressSpaceInitialized: 2;
	ULONG SetTimerResolution: 1;
	ULONG BreakOnTermination: 1;
	ULONG DeprioritizeViews: 1;
	ULONG WriteWatch: 1;
	ULONG ProcessInSession: 1;
	ULONG OverrideAddressSpace: 1;
	ULONG HasAddressSpace: 1;
	ULONG LaunchPrefetched: 1;
	ULONG Background: 1;
	ULONG VmTopDown: 1;
	ULONG ImageNotifyDone: 1;
	ULONG PdeUpdateNeeded: 1;
	ULONG VdmAllowed: 1;
	ULONG ProcessRundown: 1;
	ULONG ProcessInserted: 1;
	ULONG DefaultIoPriority: 3;
	ULONG ProcessSelfDelete: 1;
	ULONG SetTimerResolutionLink: 1;
	union _LARGE_INTEGER CreateTime;
	ULONG64 ProcessQuotaUsage[2];
	ULONG64 ProcessQuotaPeak[2];
	ULONG64 PeakVirtualSize;
	ULONG64 VirtualSize;
	struct _LIST_ENTRY SessionProcessLinks;
	PVOID ExceptionPortData;
	ULONG64 ExceptionPortValue;
	ULONG64 ExceptionPortState: 3;
	struct _EX_FAST_REF Token;
	ULONG64 MmReserved;
	struct _EX_PUSH_LOCK AddressCreationLock;
	struct _EX_PUSH_LOCK PageTableCommitmentLock;
	struct _ETHREAD * RotateInProgress;
	struct _ETHREAD * ForkInProgress;
	struct _EJOB * CommitChargeJob;
	struct _RTL_AVL_TREE CloneRoot;
	ULONG64 NumberOfPrivatePages;
	ULONG64 NumberOfLockedPages;
	PVOID Win32Process;
	struct _EJOB * Job;
	PVOID SectionObject;
	PVOID SectionBaseAddress;
	ULONG Cookie;
	struct _PAGEFAULT_HISTORY * WorkingSetWatch;
	PVOID Win32WindowStation;
	PVOID InheritedFromUniqueProcessId;
	ULONG64 OwnerProcessId;
	struct _PEB * Peb;
	struct _MM_SESSION_SPACE * Session;
	PVOID Spare1;
	struct _EPROCESS_QUOTA_BLOCK * QuotaBlock;
	struct _HANDLE_TABLE * ObjectTable;
	PVOID DebugPort;
	struct _EWOW64PROCESS * WoW64Process;
	struct _EX_FAST_REF DeviceMap;
	PVOID EtwDataSource;
	ULONG64 PageDirectoryPte;
	struct _FILE_OBJECT * ImageFilePointer;
	UCHAR ImageFileName[15];
	UCHAR PriorityClass;
	PVOID SecurityPort;
	struct _SE_AUDIT_PROCESS_CREATION_INFO SeAuditProcessCreationInfo;
	struct _LIST_ENTRY JobLinks;
	PVOID HighestUserAddress;
	struct _LIST_ENTRY ThreadListHead;
	ULONG ActiveThreads;
	ULONG ImagePathHash;
	ULONG DefaultHardErrorProcessing;
	LONG LastThreadExitStatus;
	struct _EX_FAST_REF PrefetchTrace;
	PVOID LockedPagesList;
	union _LARGE_INTEGER ReadOperationCount;
	union _LARGE_INTEGER WriteOperationCount;
	union _LARGE_INTEGER OtherOperationCount;
	union _LARGE_INTEGER ReadTransferCount;
	union _LARGE_INTEGER WriteTransferCount;
	union _LARGE_INTEGER OtherTransferCount;
	ULONG64 CommitChargeLimit;
	ULONG64 CommitCharge;
	ULONG64 CommitChargePeak;
	struct _MMSUPPORT_FULL Vm;
	struct _LIST_ENTRY MmProcessLinks;
	ULONG ModifiedPageCount;
	LONG ExitStatus;
	struct _RTL_AVL_TREE VadRoot;
	PVOID VadHint;
	ULONG64 VadCount;
	ULONG64 VadPhysicalPages;
	ULONG64 VadPhysicalPagesLimit;
	struct _ALPC_PROCESS_CONTEXT AlpcContext;
	struct _LIST_ENTRY TimerResolutionLink;
	struct _PO_DIAG_STACK_RECORD * TimerResolutionStackRecord;
	ULONG RequestedTimerResolution;
	ULONG SmallestTimerResolution;
	union _LARGE_INTEGER ExitTime;
	struct _INVERTED_FUNCTION_TABLE * InvertedFunctionTable;
	struct _EX_PUSH_LOCK InvertedFunctionTableLock;
	ULONG ActiveThreadsHighWatermark;
	ULONG LargePrivateVadCount;
	struct _EX_PUSH_LOCK ThreadListLock;
	PVOID WnfContext;
	struct _EJOB * ServerSilo;
	UCHAR SignatureLevel;
	UCHAR SectionSignatureLevel;
	struct _PS_PROTECTION Protection;
	UCHAR HangCount: 3;
	UCHAR GhostCount: 3;
	UCHAR PrefilterException: 1;
	ULONG Flags3;
	ULONG Minimal: 1;
	ULONG ReplacingPageRoot: 1;
	ULONG Crashed: 1;
	ULONG JobVadsAreTracked: 1;
	ULONG VadTrackingDisabled: 1;
	ULONG AuxiliaryProcess: 1;
	ULONG SubsystemProcess: 1;
	ULONG IndirectCpuSets: 1;
	ULONG RelinquishedCommit: 1;
	ULONG HighGraphicsPriority: 1;
	ULONG CommitFailLogged: 1;
	ULONG ReserveFailLogged: 1;
	ULONG SystemProcess: 1;
	ULONG HideImageBaseAddresses: 1;
	ULONG AddressPolicyFrozen: 1;
	ULONG ProcessFirstResume: 1;
	ULONG ForegroundExternal: 1;
	ULONG ForegroundSystem: 1;
	ULONG HighMemoryPriority: 1;
	ULONG EnableProcessSuspendResumeLogging: 1;
	ULONG EnableThreadSuspendResumeLogging: 1;
	ULONG SecurityDomainChanged: 1;
	ULONG SecurityFreezeComplete: 1;
	ULONG VmProcessorHost: 1;
	ULONG VmProcessorHostTransition: 1;
	ULONG AltSyscall: 1;
	ULONG TimerResolutionIgnore: 1;
	ULONG DisallowUserTerminate: 1;
	ULONG EnableProcessRemoteExecProtectVmLogging: 1;
	ULONG EnableProcessLocalExecProtectVmLogging: 1;
	ULONG EmulationDebugEmulator: 1;
	LONG DeviceAsid;
	PVOID SvmData;
	struct _EX_PUSH_LOCK SvmProcessLock;
	ULONG64 SvmLock;
	struct _LIST_ENTRY SvmProcessDeviceListHead;
	ULONG64 LastFreezeInterruptTime;
	struct _PROCESS_DISK_COUNTERS * DiskCounters;
	PVOID PicoContext;
	PVOID EnclaveTable;
	ULONG64 EnclaveNumber;
	struct _EX_PUSH_LOCK EnclaveLock;
	ULONG HighPriorityFaultsAllowed;
	struct _PO_PROCESS_ENERGY_CONTEXT * EnergyContext;
	PVOID VmContext;
	ULONG64 SequenceNumber;
	ULONG64 CreateInterruptTime;
	ULONG64 CreateUnbiasedInterruptTime;
	ULONG64 TotalUnbiasedFrozenTime;
	ULONG64 LastAppStateUpdateTime;
	ULONG64 LastAppStateUptime: 61;
	ULONG64 LastAppState: 3;
	ULONG64 SharedCommitCharge;
	struct _EX_PUSH_LOCK SharedCommitLock;
	struct _LIST_ENTRY SharedCommitLinks;
	ULONG64 AllowedCpuSets;
	ULONG64 DefaultCpuSets;
	PULONG64 AllowedCpuSetsIndirect;
	PULONG64 DefaultCpuSetsIndirect;
	PVOID DiskIoAttribution;
	PVOID DxgProcess;
	ULONG Win32KFilterSet;
	USHORT Machine;
	USHORT Spare0;
	union _PS_INTERLOCKED_TIMER_DELAY_VALUES ProcessTimerDelay;
	ULONG KTimerSets;
	ULONG KTimer2Sets;
	ULONG ThreadTimerSets;
	ULONG64 VirtualTimerListLock;
	struct _LIST_ENTRY VirtualTimerListHead;
	struct _WNF_STATE_NAME WakeChannel;
	struct _PS_PROCESS_WAKE_INFORMATION WakeInfo;
	ULONG MitigationFlags;
	struct {
	ULONG ControlFlowGuardEnabled: 1;
	ULONG ControlFlowGuardExportSuppressionEnabled: 1;
	ULONG ControlFlowGuardStrict: 1;
	ULONG DisallowStrippedImages: 1;
	ULONG ForceRelocateImages: 1;
	ULONG HighEntropyASLREnabled: 1;
	ULONG StackRandomizationDisabled: 1;
	ULONG ExtensionPointDisable: 1;
	ULONG DisableDynamicCode: 1;
	ULONG DisableDynamicCodeAllowOptOut: 1;
	ULONG DisableDynamicCodeAllowRemoteDowngrade: 1;
	ULONG AuditDisableDynamicCode: 1;
	ULONG DisallowWin32kSystemCalls: 1;
	ULONG AuditDisallowWin32kSystemCalls: 1;
	ULONG EnableFilteredWin32kAPIs: 1;
	ULONG AuditFilteredWin32kAPIs: 1;
	ULONG DisableNonSystemFonts: 1;
	ULONG AuditNonSystemFontLoading: 1;
	ULONG PreferSystem32Images: 1;
	ULONG ProhibitRemoteImageMap: 1;
	ULONG AuditProhibitRemoteImageMap: 1;
	ULONG ProhibitLowILImageMap: 1;
	ULONG AuditProhibitLowILImageMap: 1;
	ULONG SignatureMitigationOptIn: 1;
	ULONG AuditBlockNonMicrosoftBinaries: 1;
	ULONG AuditBlockNonMicrosoftBinariesAllowStore: 1;
	ULONG LoaderIntegrityContinuityEnabled: 1;
	ULONG AuditLoaderIntegrityContinuity: 1;
	ULONG EnableModuleTamperingProtection: 1;
	ULONG EnableModuleTamperingProtectionNoInherit: 1;
	ULONG RestrictIndirectBranchPrediction: 1;
	ULONG IsolateSecurityDomain: 1;
	}
	MitigationFlagsValues;
	ULONG MitigationFlags2;
	struct {
	ULONG EnableExportAddressFilter: 1;
	ULONG AuditExportAddressFilter: 1;
	ULONG EnableExportAddressFilterPlus: 1;
	ULONG AuditExportAddressFilterPlus: 1;
	ULONG EnableRopStackPivot: 1;
	ULONG AuditRopStackPivot: 1;
	ULONG EnableRopCallerCheck: 1;
	ULONG AuditRopCallerCheck: 1;
	ULONG EnableRopSimExec: 1;
	ULONG AuditRopSimExec: 1;
	ULONG EnableImportAddressFilter: 1;
	ULONG AuditImportAddressFilter: 1;
	ULONG DisablePageCombine: 1;
	ULONG SpeculativeStoreBypassDisable: 1;
	ULONG CetUserShadowStacks: 1;
	ULONG AuditCetUserShadowStacks: 1;
	ULONG AuditCetUserShadowStacksLogged: 1;
	ULONG UserCetSetContextIpValidation: 1;
	ULONG AuditUserCetSetContextIpValidation: 1;
	ULONG AuditUserCetSetContextIpValidationLogged: 1;
	ULONG CetUserShadowStacksStrictMode: 1;
	ULONG BlockNonCetBinaries: 1;
	ULONG BlockNonCetBinariesNonEhcont: 1;
	ULONG AuditBlockNonCetBinaries: 1;
	ULONG AuditBlockNonCetBinariesLogged: 1;
	ULONG XtendedControlFlowGuard: 1;
	ULONG AuditXtendedControlFlowGuard: 1;
	ULONG PointerAuthUserIp: 1;
	ULONG AuditPointerAuthUserIp: 1;
	ULONG AuditPointerAuthUserIpLogged: 1;
	ULONG CetDynamicApisOutOfProcOnly: 1;
	ULONG UserCetSetContextIpValidationRelaxedMode: 1;
	}
	MitigationFlags2Values;
	PVOID PartitionObject;
	ULONG64 SecurityDomain;
	ULONG64 ParentSecurityDomain;
	PVOID CoverageSamplerContext;
	PVOID MmHotPatchContext;
	struct _KE_IDEAL_PROCESSOR_ASSIGNMENT_BLOCK IdealProcessorAssignmentBlock;
	struct _RTL_AVL_TREE DynamicEHContinuationTargetsTree;
	struct _EX_PUSH_LOCK DynamicEHContinuationTargetsLock;
	struct _PS_DYNAMIC_ENFORCED_ADDRESS_RANGES DynamicEnforcedCetCompatibleRanges;
	ULONG DisabledComponentFlags;
	LONG PageCombineSequence;
	struct _EX_PUSH_LOCK EnableOptionalXStateFeaturesLock;
	};