ホーム › System.Diagnostics.Debug.Extensions › KDDEBUGGER_DATA64
KDDEBUGGER_DATA64
構造体サイズ=各フィールドのバイト数(x64/x86 で異なる場合は x64/x86 と併記)。x64/x86 列=フィールドのバイトオフセット(HSPで dupptr / lpoke / wpoke 等に使用)。
フィールド
| フィールド | 型 | サイズ | x64 | x86 |
|---|---|---|---|---|
| Header | DBGKD_DEBUG_DATA_HEADER64 | 24 | +0 | +0 |
| KernBase | ULONGLONG | 8 | +24 | +24 |
| BreakpointWithStatus | ULONGLONG | 8 | +32 | +32 |
| SavedContext | ULONGLONG | 8 | +40 | +40 |
| ThCallbackStack | WORD | 2 | +48 | +48 |
| NextCallback | WORD | 2 | +50 | +50 |
| FramePointer | WORD | 2 | +52 | +52 |
| _bitfield | WORD | 2 | +54 | +54 |
| KiCallUserMode | ULONGLONG | 8 | +56 | +56 |
| KeUserCallbackDispatcher | ULONGLONG | 8 | +64 | +64 |
| PsLoadedModuleList | ULONGLONG | 8 | +72 | +72 |
| PsActiveProcessHead | ULONGLONG | 8 | +80 | +80 |
| PspCidTable | ULONGLONG | 8 | +88 | +88 |
| ExpSystemResourcesList | ULONGLONG | 8 | +96 | +96 |
| ExpPagedPoolDescriptor | ULONGLONG | 8 | +104 | +104 |
| ExpNumberOfPagedPools | ULONGLONG | 8 | +112 | +112 |
| KeTimeIncrement | ULONGLONG | 8 | +120 | +120 |
| KeBugCheckCallbackListHead | ULONGLONG | 8 | +128 | +128 |
| KiBugcheckData | ULONGLONG | 8 | +136 | +136 |
| IopErrorLogListHead | ULONGLONG | 8 | +144 | +144 |
| ObpRootDirectoryObject | ULONGLONG | 8 | +152 | +152 |
| ObpTypeObjectType | ULONGLONG | 8 | +160 | +160 |
| MmSystemCacheStart | ULONGLONG | 8 | +168 | +168 |
| MmSystemCacheEnd | ULONGLONG | 8 | +176 | +176 |
| MmSystemCacheWs | ULONGLONG | 8 | +184 | +184 |
| MmPfnDatabase | ULONGLONG | 8 | +192 | +192 |
| MmSystemPtesStart | ULONGLONG | 8 | +200 | +200 |
| MmSystemPtesEnd | ULONGLONG | 8 | +208 | +208 |
| MmSubsectionBase | ULONGLONG | 8 | +216 | +216 |
| MmNumberOfPagingFiles | ULONGLONG | 8 | +224 | +224 |
| MmLowestPhysicalPage | ULONGLONG | 8 | +232 | +232 |
| MmHighestPhysicalPage | ULONGLONG | 8 | +240 | +240 |
| MmNumberOfPhysicalPages | ULONGLONG | 8 | +248 | +248 |
| MmMaximumNonPagedPoolInBytes | ULONGLONG | 8 | +256 | +256 |
| MmNonPagedSystemStart | ULONGLONG | 8 | +264 | +264 |
| MmNonPagedPoolStart | ULONGLONG | 8 | +272 | +272 |
| MmNonPagedPoolEnd | ULONGLONG | 8 | +280 | +280 |
| MmPagedPoolStart | ULONGLONG | 8 | +288 | +288 |
| MmPagedPoolEnd | ULONGLONG | 8 | +296 | +296 |
| MmPagedPoolInformation | ULONGLONG | 8 | +304 | +304 |
| MmPageSize | ULONGLONG | 8 | +312 | +312 |
| MmSizeOfPagedPoolInBytes | ULONGLONG | 8 | +320 | +320 |
| MmTotalCommitLimit | ULONGLONG | 8 | +328 | +328 |
| MmTotalCommittedPages | ULONGLONG | 8 | +336 | +336 |
| MmSharedCommit | ULONGLONG | 8 | +344 | +344 |
| MmDriverCommit | ULONGLONG | 8 | +352 | +352 |
| MmProcessCommit | ULONGLONG | 8 | +360 | +360 |
| MmPagedPoolCommit | ULONGLONG | 8 | +368 | +368 |
| MmExtendedCommit | ULONGLONG | 8 | +376 | +376 |
| MmZeroedPageListHead | ULONGLONG | 8 | +384 | +384 |
| MmFreePageListHead | ULONGLONG | 8 | +392 | +392 |
| MmStandbyPageListHead | ULONGLONG | 8 | +400 | +400 |
| MmModifiedPageListHead | ULONGLONG | 8 | +408 | +408 |
| MmModifiedNoWritePageListHead | ULONGLONG | 8 | +416 | +416 |
| MmAvailablePages | ULONGLONG | 8 | +424 | +424 |
| MmResidentAvailablePages | ULONGLONG | 8 | +432 | +432 |
| PoolTrackTable | ULONGLONG | 8 | +440 | +440 |
| NonPagedPoolDescriptor | ULONGLONG | 8 | +448 | +448 |
| MmHighestUserAddress | ULONGLONG | 8 | +456 | +456 |
| MmSystemRangeStart | ULONGLONG | 8 | +464 | +464 |
| MmUserProbeAddress | ULONGLONG | 8 | +472 | +472 |
| KdPrintCircularBuffer | ULONGLONG | 8 | +480 | +480 |
| KdPrintCircularBufferEnd | ULONGLONG | 8 | +488 | +488 |
| KdPrintWritePointer | ULONGLONG | 8 | +496 | +496 |
| KdPrintRolloverCount | ULONGLONG | 8 | +504 | +504 |
| MmLoadedUserImageList | ULONGLONG | 8 | +512 | +512 |
| NtBuildLab | ULONGLONG | 8 | +520 | +520 |
| KiNormalSystemCall | ULONGLONG | 8 | +528 | +528 |
| KiProcessorBlock | ULONGLONG | 8 | +536 | +536 |
| MmUnloadedDrivers | ULONGLONG | 8 | +544 | +544 |
| MmLastUnloadedDriver | ULONGLONG | 8 | +552 | +552 |
| MmTriageActionTaken | ULONGLONG | 8 | +560 | +560 |
| MmSpecialPoolTag | ULONGLONG | 8 | +568 | +568 |
| KernelVerifier | ULONGLONG | 8 | +576 | +576 |
| MmVerifierData | ULONGLONG | 8 | +584 | +584 |
| MmAllocatedNonPagedPool | ULONGLONG | 8 | +592 | +592 |
| MmPeakCommitment | ULONGLONG | 8 | +600 | +600 |
| MmTotalCommitLimitMaximum | ULONGLONG | 8 | +608 | +608 |
| CmNtCSDVersion | ULONGLONG | 8 | +616 | +616 |
| MmPhysicalMemoryBlock | ULONGLONG | 8 | +624 | +624 |
| MmSessionBase | ULONGLONG | 8 | +632 | +632 |
| MmSessionSize | ULONGLONG | 8 | +640 | +640 |
| MmSystemParentTablePage | ULONGLONG | 8 | +648 | +648 |
| MmVirtualTranslationBase | ULONGLONG | 8 | +656 | +656 |
| OffsetKThreadNextProcessor | WORD | 2 | +664 | +664 |
| OffsetKThreadTeb | WORD | 2 | +666 | +666 |
| OffsetKThreadKernelStack | WORD | 2 | +668 | +668 |
| OffsetKThreadInitialStack | WORD | 2 | +670 | +670 |
| OffsetKThreadApcProcess | WORD | 2 | +672 | +672 |
| OffsetKThreadState | WORD | 2 | +674 | +674 |
| OffsetKThreadBStore | WORD | 2 | +676 | +676 |
| OffsetKThreadBStoreLimit | WORD | 2 | +678 | +678 |
| SizeEProcess | WORD | 2 | +680 | +680 |
| OffsetEprocessPeb | WORD | 2 | +682 | +682 |
| OffsetEprocessParentCID | WORD | 2 | +684 | +684 |
| OffsetEprocessDirectoryTableBase | WORD | 2 | +686 | +686 |
| SizePrcb | WORD | 2 | +688 | +688 |
| OffsetPrcbDpcRoutine | WORD | 2 | +690 | +690 |
| OffsetPrcbCurrentThread | WORD | 2 | +692 | +692 |
| OffsetPrcbMhz | WORD | 2 | +694 | +694 |
| OffsetPrcbCpuType | WORD | 2 | +696 | +696 |
| OffsetPrcbVendorString | WORD | 2 | +698 | +698 |
| OffsetPrcbProcStateContext | WORD | 2 | +700 | +700 |
| OffsetPrcbNumber | WORD | 2 | +702 | +702 |
| SizeEThread | WORD | 2 | +704 | +704 |
| L1tfHighPhysicalBitIndex | BYTE | 1 | +706 | +706 |
| L1tfSwizzleBitIndex | BYTE | 1 | +707 | +707 |
| Padding0 | DWORD | 4 | +708 | +708 |
| KdPrintCircularBufferPtr | ULONGLONG | 8 | +712 | +712 |
| KdPrintBufferSize | ULONGLONG | 8 | +720 | +720 |
| KeLoaderBlock | ULONGLONG | 8 | +728 | +728 |
| SizePcr | WORD | 2 | +736 | +736 |
| OffsetPcrSelfPcr | WORD | 2 | +738 | +738 |
| OffsetPcrCurrentPrcb | WORD | 2 | +740 | +740 |
| OffsetPcrContainedPrcb | WORD | 2 | +742 | +742 |
| OffsetPcrInitialBStore | WORD | 2 | +744 | +744 |
| OffsetPcrBStoreLimit | WORD | 2 | +746 | +746 |
| OffsetPcrInitialStack | WORD | 2 | +748 | +748 |
| OffsetPcrStackLimit | WORD | 2 | +750 | +750 |
| OffsetPrcbPcrPage | WORD | 2 | +752 | +752 |
| OffsetPrcbProcStateSpecialReg | WORD | 2 | +754 | +754 |
| GdtR0Code | WORD | 2 | +756 | +756 |
| GdtR0Data | WORD | 2 | +758 | +758 |
| GdtR0Pcr | WORD | 2 | +760 | +760 |
| GdtR3Code | WORD | 2 | +762 | +762 |
| GdtR3Data | WORD | 2 | +764 | +764 |
| GdtR3Teb | WORD | 2 | +766 | +766 |
| GdtLdt | WORD | 2 | +768 | +768 |
| GdtTss | WORD | 2 | +770 | +770 |
| Gdt64R3CmCode | WORD | 2 | +772 | +772 |
| Gdt64R3CmTeb | WORD | 2 | +774 | +774 |
| IopNumTriageDumpDataBlocks | ULONGLONG | 8 | +776 | +776 |
| IopTriageDumpDataBlocks | ULONGLONG | 8 | +784 | +784 |
| VfCrashDataBlock | ULONGLONG | 8 | +792 | +792 |
| MmBadPagesDetected | ULONGLONG | 8 | +800 | +800 |
| MmZeroedPageSingleBitErrorsDetected | ULONGLONG | 8 | +808 | +808 |
| EtwpDebuggerData | ULONGLONG | 8 | +816 | +816 |
| OffsetPrcbContext | WORD | 2 | +824 | +824 |
| OffsetPrcbMaxBreakpoints | WORD | 2 | +826 | +826 |
| OffsetPrcbMaxWatchpoints | WORD | 2 | +828 | +828 |
| OffsetKThreadStackLimit | DWORD | 4 | +832 | +832 |
| OffsetKThreadStackBase | DWORD | 4 | +836 | +836 |
| OffsetKThreadQueueListEntry | DWORD | 4 | +840 | +840 |
| OffsetEThreadIrpList | DWORD | 4 | +844 | +844 |
| OffsetPrcbIdleThread | WORD | 2 | +848 | +848 |
| OffsetPrcbNormalDpcState | WORD | 2 | +850 | +850 |
| OffsetPrcbDpcStack | WORD | 2 | +852 | +852 |
| OffsetPrcbIsrStack | WORD | 2 | +854 | +854 |
| SizeKDPC_STACK_FRAME | WORD | 2 | +856 | +856 |
| OffsetKPriQueueThreadListHead | WORD | 2 | +858 | +858 |
| OffsetKThreadWaitReason | WORD | 2 | +860 | +860 |
| Padding1 | WORD | 2 | +862 | +862 |
| PteBase | ULONGLONG | 8 | +864 | +864 |
| RetpolineStubFunctionTable | ULONGLONG | 8 | +872 | +872 |
| RetpolineStubFunctionTableSize | DWORD | 4 | +880 | +880 |
| RetpolineStubOffset | DWORD | 4 | +884 | +884 |
| RetpolineStubSize | DWORD | 4 | +888 | +888 |
| OffsetEProcessMmHotPatchContext | WORD | 2 | +892 | +892 |
| OffsetKThreadShadowStackLimit | DWORD | 4 | +896 | +896 |
| OffsetKThreadShadowStackBase | DWORD | 4 | +900 | +900 |
| ShadowStackEnabled | ULONGLONG | 8 | +904 | +904 |
| PointerAuthMask | ULONGLONG | 8 | +912 | +912 |
| OffsetPrcbExceptionStack | WORD | 2 | +920 | +920 |