Skip to content

Instantly share code, notes, and snippets.

@Und3rf10w
Forked from matterpreter/IRP Structure
Created November 4, 2021 14:02
Show Gist options
  • Save Und3rf10w/5374d27315cfd06bcb3e93cb58665c2d to your computer and use it in GitHub Desktop.
Save Und3rf10w/5374d27315cfd06bcb3e93cb58665c2d to your computer and use it in GitHub Desktop.
(Semi)Full IRP Structure in Win10 1903
0: kd> dt -b nt!_IRP
+0x000 Type : Int2B
+0x002 Size : Uint2B
+0x004 AllocationProcessorNumber : Uint2B
+0x006 Reserved : Uint2B
+0x008 MdlAddress : Ptr64
+0x010 Flags : Uint4B
+0x018 AssociatedIrp : <anonymous-tag>
+0x000 MasterIrp : Ptr64
+0x000 IrpCount : Int4B
+0x000 SystemBuffer : Ptr64
+0x020 ThreadListEntry : _LIST_ENTRY
+0x000 Flink : Ptr64
+0x008 Blink : Ptr64
+0x030 IoStatus : _IO_STATUS_BLOCK
+0x000 Status : Int4B
+0x000 Pointer : Ptr64
+0x008 Information : Uint8B
+0x040 RequestorMode : Char
+0x041 PendingReturned : UChar
+0x042 StackCount : Char
+0x043 CurrentLocation : Char
+0x044 Cancel : UChar
+0x045 CancelIrql : UChar
+0x046 ApcEnvironment : Char
+0x047 AllocationFlags : UChar
+0x048 UserIosb : Ptr64
+0x050 UserEvent : Ptr64
+0x058 Overlay : <anonymous-tag>
+0x000 AsynchronousParameters : <anonymous-tag>
+0x000 UserApcRoutine : Ptr64
+0x000 IssuingProcess : Ptr64
+0x008 UserApcContext : Ptr64
+0x000 AllocationSize : _LARGE_INTEGER
+0x000 LowPart : Uint4B
+0x004 HighPart : Int4B
+0x000 u : <anonymous-tag>
+0x000 LowPart : Uint4B
+0x004 HighPart : Int4B
+0x000 QuadPart : Int8B
+0x068 CancelRoutine : Ptr64
+0x070 UserBuffer : Ptr64
+0x078 Tail : <anonymous-tag>
+0x000 Overlay : <anonymous-tag>
+0x000 DeviceQueueEntry : _KDEVICE_QUEUE_ENTRY
+0x000 DeviceListEntry : _LIST_ENTRY
+0x000 Flink : Ptr64
+0x008 Blink : Ptr64
+0x010 SortKey : Uint4B
+0x014 Inserted : UChar
+0x000 DriverContext : Ptr64
+0x020 Thread : Ptr64
+0x028 AuxiliaryBuffer : Ptr64
+0x030 ListEntry : _LIST_ENTRY
+0x000 Flink : Ptr64
+0x008 Blink : Ptr64
+0x040 CurrentStackLocation : Ptr64
+0x000 MajorFunction : UChar
+0x001 MinorFunction : UChar
+0x002 Flags : UChar
+0x003 Control : UChar
+0x008 Parameters : <anonymous-tag>
+0x000 Create : <anonymous-tag>
+0x000 SecurityContext : Ptr64
+0x008 Options : Uint4B
+0x010 FileAttributes : Uint2B
+0x012 ShareAccess : Uint2B
+0x018 EaLength : Uint4B
+0x000 CreatePipe : <anonymous-tag>
+0x000 SecurityContext : Ptr64
+0x008 Options : Uint4B
+0x010 Reserved : Uint2B
+0x012 ShareAccess : Uint2B
+0x018 Parameters : Ptr64
+0x000 CreateMailslot : <anonymous-tag>
+0x000 SecurityContext : Ptr64
+0x008 Options : Uint4B
+0x010 Reserved : Uint2B
+0x012 ShareAccess : Uint2B
+0x018 Parameters : Ptr64
+0x000 Read : <anonymous-tag>
+0x000 Length : Uint4B
+0x008 Key : Uint4B
+0x00c Flags : Uint4B
+0x010 ByteOffset : _LARGE_INTEGER
+0x000 LowPart : Uint4B
+0x004 HighPart : Int4B
+0x000 u : <anonymous-tag>
+0x000 LowPart : Uint4B
+0x004 HighPart : Int4B
+0x000 QuadPart : Int8B
+0x000 Write : <anonymous-tag>
+0x000 Length : Uint4B
+0x008 Key : Uint4B
+0x00c Flags : Uint4B
+0x010 ByteOffset : _LARGE_INTEGER
+0x000 LowPart : Uint4B
+0x004 HighPart : Int4B
+0x000 u : <anonymous-tag>
+0x000 LowPart : Uint4B
+0x004 HighPart : Int4B
+0x000 QuadPart : Int8B
+0x000 QueryDirectory : <anonymous-tag>
+0x000 Length : Uint4B
+0x008 FileName : Ptr64
+0x010 FileInformationClass :
FileDirectoryInformation = 0n1
FileFullDirectoryInformation = 0n2
FileBothDirectoryInformation = 0n3
FileBasicInformation = 0n4
FileStandardInformation = 0n5
FileInternalInformation = 0n6
FileEaInformation = 0n7
FileAccessInformation = 0n8
FileNameInformation = 0n9
FileRenameInformation = 0n10
FileLinkInformation = 0n11
FileNamesInformation = 0n12
FileDispositionInformation = 0n13
FilePositionInformation = 0n14
FileFullEaInformation = 0n15
FileModeInformation = 0n16
FileAlignmentInformation = 0n17
FileAllInformation = 0n18
FileAllocationInformation = 0n19
FileEndOfFileInformation = 0n20
FileAlternateNameInformation = 0n21
FileStreamInformation = 0n22
FilePipeInformation = 0n23
FilePipeLocalInformation = 0n24
FilePipeRemoteInformation = 0n25
FileMailslotQueryInformation = 0n26
FileMailslotSetInformation = 0n27
FileCompressionInformation = 0n28
FileObjectIdInformation = 0n29
FileCompletionInformation = 0n30
FileMoveClusterInformation = 0n31
FileQuotaInformation = 0n32
FileReparsePointInformation = 0n33
FileNetworkOpenInformation = 0n34
FileAttributeTagInformation = 0n35
FileTrackingInformation = 0n36
FileIdBothDirectoryInformation = 0n37
FileIdFullDirectoryInformation = 0n38
FileValidDataLengthInformation = 0n39
FileShortNameInformation = 0n40
FileIoCompletionNotificationInformation = 0n41
FileIoStatusBlockRangeInformation = 0n42
FileIoPriorityHintInformation = 0n43
FileSfioReserveInformation = 0n44
FileSfioVolumeInformation = 0n45
FileHardLinkInformation = 0n46
FileProcessIdsUsingFileInformation = 0n47
FileNormalizedNameInformation = 0n48
FileNetworkPhysicalNameInformation = 0n49
FileIdGlobalTxDirectoryInformation = 0n50
FileIsRemoteDeviceInformation = 0n51
FileUnusedInformation = 0n52
FileNumaNodeInformation = 0n53
FileStandardLinkInformation = 0n54
FileRemoteProtocolInformation = 0n55
FileRenameInformationBypassAccessCheck = 0n56
FileLinkInformationBypassAccessCheck = 0n57
FileVolumeNameInformation = 0n58
FileIdInformation = 0n59
FileIdExtdDirectoryInformation = 0n60
FileReplaceCompletionInformation = 0n61
FileHardLinkFullIdInformation = 0n62
FileIdExtdBothDirectoryInformation = 0n63
FileDispositionInformationEx = 0n64
FileRenameInformationEx = 0n65
FileRenameInformationExBypassAccessCheck = 0n66
FileDesiredStorageClassInformation = 0n67
FileStatInformation = 0n68
FileMemoryPartitionInformation = 0n69
FileStatLxInformation = 0n70
FileCaseSensitiveInformation = 0n71
FileLinkInformationEx = 0n72
FileLinkInformationExBypassAccessCheck = 0n73
FileStorageReserveIdInformation = 0n74
FileCaseSensitiveInformationForceAccessCheck = 0n75
FileMaximumInformation = 0n76
+0x018 FileIndex : Uint4B
+0x000 NotifyDirectory : <anonymous-tag>
+0x000 Length : Uint4B
+0x008 CompletionFilter : Uint4B
+0x000 NotifyDirectoryEx : <anonymous-tag>
+0x000 Length : Uint4B
+0x008 CompletionFilter : Uint4B
+0x010 DirectoryNotifyInformationClass :
DirectoryNotifyInformation = 0n1
DirectoryNotifyExtendedInformation = 0n2
+0x000 QueryFile : <anonymous-tag>
+0x000 Length : Uint4B
+0x008 FileInformationClass :
FileDirectoryInformation = 0n1
FileFullDirectoryInformation = 0n2
FileBothDirectoryInformation = 0n3
FileBasicInformation = 0n4
FileStandardInformation = 0n5
FileInternalInformation = 0n6
FileEaInformation = 0n7
FileAccessInformation = 0n8
FileNameInformation = 0n9
FileRenameInformation = 0n10
FileLinkInformation = 0n11
FileNamesInformation = 0n12
FileDispositionInformation = 0n13
FilePositionInformation = 0n14
FileFullEaInformation = 0n15
FileModeInformation = 0n16
FileAlignmentInformation = 0n17
FileAllInformation = 0n18
FileAllocationInformation = 0n19
FileEndOfFileInformation = 0n20
FileAlternateNameInformation = 0n21
FileStreamInformation = 0n22
FilePipeInformation = 0n23
FilePipeLocalInformation = 0n24
FilePipeRemoteInformation = 0n25
FileMailslotQueryInformation = 0n26
FileMailslotSetInformation = 0n27
FileCompressionInformation = 0n28
FileObjectIdInformation = 0n29
FileCompletionInformation = 0n30
FileMoveClusterInformation = 0n31
FileQuotaInformation = 0n32
FileReparsePointInformation = 0n33
FileNetworkOpenInformation = 0n34
FileAttributeTagInformation = 0n35
FileTrackingInformation = 0n36
FileIdBothDirectoryInformation = 0n37
FileIdFullDirectoryInformation = 0n38
FileValidDataLengthInformation = 0n39
FileShortNameInformation = 0n40
FileIoCompletionNotificationInformation = 0n41
FileIoStatusBlockRangeInformation = 0n42
FileIoPriorityHintInformation = 0n43
FileSfioReserveInformation = 0n44
FileSfioVolumeInformation = 0n45
FileHardLinkInformation = 0n46
FileProcessIdsUsingFileInformation = 0n47
FileNormalizedNameInformation = 0n48
FileNetworkPhysicalNameInformation = 0n49
FileIdGlobalTxDirectoryInformation = 0n50
FileIsRemoteDeviceInformation = 0n51
FileUnusedInformation = 0n52
FileNumaNodeInformation = 0n53
FileStandardLinkInformation = 0n54
FileRemoteProtocolInformation = 0n55
FileRenameInformationBypassAccessCheck = 0n56
FileLinkInformationBypassAccessCheck = 0n57
FileVolumeNameInformation = 0n58
FileIdInformation = 0n59
FileIdExtdDirectoryInformation = 0n60
FileReplaceCompletionInformation = 0n61
FileHardLinkFullIdInformation = 0n62
FileIdExtdBothDirectoryInformation = 0n63
FileDispositionInformationEx = 0n64
FileRenameInformationEx = 0n65
FileRenameInformationExBypassAccessCheck = 0n66
FileDesiredStorageClassInformation = 0n67
FileStatInformation = 0n68
FileMemoryPartitionInformation = 0n69
FileStatLxInformation = 0n70
FileCaseSensitiveInformation = 0n71
FileLinkInformationEx = 0n72
FileLinkInformationExBypassAccessCheck = 0n73
FileStorageReserveIdInformation = 0n74
FileCaseSensitiveInformationForceAccessCheck = 0n75
FileMaximumInformation = 0n76
+0x000 SetFile : <anonymous-tag>
+0x000 Length : Uint4B
+0x008 FileInformationClass :
FileDirectoryInformation = 0n1
FileFullDirectoryInformation = 0n2
FileBothDirectoryInformation = 0n3
FileBasicInformation = 0n4
FileStandardInformation = 0n5
FileInternalInformation = 0n6
FileEaInformation = 0n7
FileAccessInformation = 0n8
FileNameInformation = 0n9
FileRenameInformation = 0n10
FileLinkInformation = 0n11
FileNamesInformation = 0n12
FileDispositionInformation = 0n13
FilePositionInformation = 0n14
FileFullEaInformation = 0n15
FileModeInformation = 0n16
FileAlignmentInformation = 0n17
FileAllInformation = 0n18
FileAllocationInformation = 0n19
FileEndOfFileInformation = 0n20
FileAlternateNameInformation = 0n21
FileStreamInformation = 0n22
FilePipeInformation = 0n23
FilePipeLocalInformation = 0n24
FilePipeRemoteInformation = 0n25
FileMailslotQueryInformation = 0n26
FileMailslotSetInformation = 0n27
FileCompressionInformation = 0n28
FileObjectIdInformation = 0n29
FileCompletionInformation = 0n30
FileMoveClusterInformation = 0n31
FileQuotaInformation = 0n32
FileReparsePointInformation = 0n33
FileNetworkOpenInformation = 0n34
FileAttributeTagInformation = 0n35
FileTrackingInformation = 0n36
FileIdBothDirectoryInformation = 0n37
FileIdFullDirectoryInformation = 0n38
FileValidDataLengthInformation = 0n39
FileShortNameInformation = 0n40
FileIoCompletionNotificationInformation = 0n41
FileIoStatusBlockRangeInformation = 0n42
FileIoPriorityHintInformation = 0n43
FileSfioReserveInformation = 0n44
FileSfioVolumeInformation = 0n45
FileHardLinkInformation = 0n46
FileProcessIdsUsingFileInformation = 0n47
FileNormalizedNameInformation = 0n48
FileNetworkPhysicalNameInformation = 0n49
FileIdGlobalTxDirectoryInformation = 0n50
FileIsRemoteDeviceInformation = 0n51
FileUnusedInformation = 0n52
FileNumaNodeInformation = 0n53
FileStandardLinkInformation = 0n54
FileRemoteProtocolInformation = 0n55
FileRenameInformationBypassAccessCheck = 0n56
FileLinkInformationBypassAccessCheck = 0n57
FileVolumeNameInformation = 0n58
FileIdInformation = 0n59
FileIdExtdDirectoryInformation = 0n60
FileReplaceCompletionInformation = 0n61
FileHardLinkFullIdInformation = 0n62
FileIdExtdBothDirectoryInformation = 0n63
FileDispositionInformationEx = 0n64
FileRenameInformationEx = 0n65
FileRenameInformationExBypassAccessCheck = 0n66
FileDesiredStorageClassInformation = 0n67
FileStatInformation = 0n68
FileMemoryPartitionInformation = 0n69
FileStatLxInformation = 0n70
FileCaseSensitiveInformation = 0n71
FileLinkInformationEx = 0n72
FileLinkInformationExBypassAccessCheck = 0n73
FileStorageReserveIdInformation = 0n74
FileCaseSensitiveInformationForceAccessCheck = 0n75
FileMaximumInformation = 0n76
+0x010 FileObject : Ptr64
+0x018 ReplaceIfExists : UChar
+0x019 AdvanceOnly : UChar
+0x018 ClusterCount : Uint4B
+0x018 DeleteHandle : Ptr64
+0x000 QueryEa : <anonymous-tag>
+0x000 Length : Uint4B
+0x008 EaList : Ptr64
+0x010 EaListLength : Uint4B
+0x018 EaIndex : Uint4B
+0x000 SetEa : <anonymous-tag>
+0x000 Length : Uint4B
+0x000 QueryVolume : <anonymous-tag>
+0x000 Length : Uint4B
+0x008 FsInformationClass :
FileFsVolumeInformation = 0n1
FileFsLabelInformation = 0n2
FileFsSizeInformation = 0n3
FileFsDeviceInformation = 0n4
FileFsAttributeInformation = 0n5
FileFsControlInformation = 0n6
FileFsFullSizeInformation = 0n7
FileFsObjectIdInformation = 0n8
FileFsDriverPathInformation = 0n9
FileFsVolumeFlagsInformation = 0n10
FileFsSectorSizeInformation = 0n11
FileFsDataCopyInformation = 0n12
FileFsMetadataSizeInformation = 0n13
FileFsFullSizeInformationEx = 0n14
FileFsMaximumInformation = 0n15
+0x000 SetVolume : <anonymous-tag>
+0x000 Length : Uint4B
+0x008 FsInformationClass :
FileFsVolumeInformation = 0n1
FileFsLabelInformation = 0n2
FileFsSizeInformation = 0n3
FileFsDeviceInformation = 0n4
FileFsAttributeInformation = 0n5
FileFsControlInformation = 0n6
FileFsFullSizeInformation = 0n7
FileFsObjectIdInformation = 0n8
FileFsDriverPathInformation = 0n9
FileFsVolumeFlagsInformation = 0n10
FileFsSectorSizeInformation = 0n11
FileFsDataCopyInformation = 0n12
FileFsMetadataSizeInformation = 0n13
FileFsFullSizeInformationEx = 0n14
FileFsMaximumInformation = 0n15
+0x000 FileSystemControl : <anonymous-tag>
+0x000 OutputBufferLength : Uint4B
+0x008 InputBufferLength : Uint4B
+0x010 FsControlCode : Uint4B
+0x018 Type3InputBuffer : Ptr64
+0x000 LockControl : <anonymous-tag>
+0x000 Length : Ptr64
+0x008 Key : Uint4B
+0x010 ByteOffset : _LARGE_INTEGER
+0x000 LowPart : Uint4B
+0x004 HighPart : Int4B
+0x000 u : <anonymous-tag>
+0x000 LowPart : Uint4B
+0x004 HighPart : Int4B
+0x000 QuadPart : Int8B
+0x000 DeviceIoControl : <anonymous-tag>
+0x000 OutputBufferLength : Uint4B
+0x008 InputBufferLength : Uint4B
+0x010 IoControlCode : Uint4B
+0x018 Type3InputBuffer : Ptr64
+0x000 QuerySecurity : <anonymous-tag>
+0x000 SecurityInformation : Uint4B
+0x008 Length : Uint4B
+0x000 SetSecurity : <anonymous-tag>
+0x000 SecurityInformation : Uint4B
+0x008 SecurityDescriptor : Ptr64
+0x000 MountVolume : <anonymous-tag>
+0x000 Vpb : Ptr64
+0x008 DeviceObject : Ptr64
+0x000 VerifyVolume : <anonymous-tag>
+0x000 Vpb : Ptr64
+0x008 DeviceObject : Ptr64
+0x000 Scsi : <anonymous-tag>
+0x000 Srb : Ptr64
+0x000 QueryQuota : <anonymous-tag>
+0x000 Length : Uint4B
+0x008 StartSid : Ptr64
+0x010 SidList : Ptr64
+0x018 SidListLength : Uint4B
+0x000 SetQuota : <anonymous-tag>
+0x000 Length : Uint4B
+0x000 QueryDeviceRelations : <anonymous-tag>
+0x000 Type :
BusRelations = 0n0
EjectionRelations = 0n1
PowerRelations = 0n2
RemovalRelations = 0n3
TargetDeviceRelation = 0n4
SingleBusRelations = 0n5
TransportRelations = 0n6
+0x000 QueryInterface : <anonymous-tag>
+0x000 InterfaceType : Ptr64
+0x008 Size : Uint2B
+0x00a Version : Uint2B
+0x010 Interface : Ptr64
+0x018 InterfaceSpecificData : Ptr64
+0x000 DeviceCapabilities : <anonymous-tag>
+0x000 Capabilities : Ptr64
+0x000 FilterResourceRequirements : <anonymous-tag>
+0x000 IoResourceRequirementList : Ptr64
+0x000 ReadWriteConfig : <anonymous-tag>
+0x000 WhichSpace : Uint4B
+0x008 Buffer : Ptr64
+0x010 Offset : Uint4B
+0x018 Length : Uint4B
+0x000 SetLock : <anonymous-tag>
+0x000 Lock : UChar
+0x000 QueryId : <anonymous-tag>
+0x000 IdType :
BusQueryDeviceID = 0n0
BusQueryHardwareIDs = 0n1
BusQueryCompatibleIDs = 0n2
BusQueryInstanceID = 0n3
BusQueryDeviceSerialNumber = 0n4
BusQueryContainerID = 0n5
+0x000 QueryDeviceText : <anonymous-tag>
+0x000 DeviceTextType :
DeviceTextDescription = 0n0
DeviceTextLocationInformation = 0n1
+0x008 LocaleId : Uint4B
+0x000 UsageNotification : <anonymous-tag>
+0x000 InPath : UChar
+0x001 Reserved : UChar
+0x008 Type :
DeviceUsageTypeUndefined = 0n0
DeviceUsageTypePaging = 0n1
DeviceUsageTypeHibernation = 0n2
DeviceUsageTypeDumpFile = 0n3
DeviceUsageTypeBoot = 0n4
DeviceUsageTypePostDisplay = 0n5
DeviceUsageTypeGuestAssigned = 0n6
+0x000 WaitWake : <anonymous-tag>
+0x000 PowerState :
PowerSystemUnspecified = 0n0
PowerSystemWorking = 0n1
PowerSystemSleeping1 = 0n2
PowerSystemSleeping2 = 0n3
PowerSystemSleeping3 = 0n4
PowerSystemHibernate = 0n5
PowerSystemShutdown = 0n6
PowerSystemMaximum = 0n7
+0x000 PowerSequence : <anonymous-tag>
+0x000 PowerSequence : Ptr64
+0x000 Power : <anonymous-tag>
+0x000 SystemContext : Uint4B
+0x000 SystemPowerStateContext : _SYSTEM_POWER_STATE_CONTEXT
+0x000 Reserved1 : Pos 0, 8 Bits
+0x000 TargetSystemState : Pos 8, 4 Bits
+0x000 EffectiveSystemState : Pos 12, 4 Bits
+0x000 CurrentSystemState : Pos 16, 4 Bits
+0x000 IgnoreHibernationPath : Pos 20, 1 Bit
+0x000 PseudoTransition : Pos 21, 1 Bit
+0x000 KernelSoftReboot : Pos 22, 1 Bit
+0x000 DirectedDripsTransition : Pos 23, 1 Bit
+0x000 Reserved2 : Pos 24, 8 Bits
+0x000 ContextAsUlong : Uint4B
+0x008 Type :
SystemPowerState = 0n0
DevicePowerState = 0n1
+0x010 State : _POWER_STATE
+0x000 SystemState :
PowerSystemUnspecified = 0n0
PowerSystemWorking = 0n1
PowerSystemSleeping1 = 0n2
PowerSystemSleeping2 = 0n3
PowerSystemSleeping3 = 0n4
PowerSystemHibernate = 0n5
PowerSystemShutdown = 0n6
PowerSystemMaximum = 0n7
+0x000 DeviceState :
PowerDeviceUnspecified = 0n0
PowerDeviceD0 = 0n1
PowerDeviceD1 = 0n2
PowerDeviceD2 = 0n3
PowerDeviceD3 = 0n4
PowerDeviceMaximum = 0n5
+0x018 ShutdownType :
PowerActionNone = 0n0
PowerActionReserved = 0n1
PowerActionSleep = 0n2
PowerActionHibernate = 0n3
PowerActionShutdown = 0n4
PowerActionShutdownReset = 0n5
PowerActionShutdownOff = 0n6
PowerActionWarmEject = 0n7
PowerActionDisplayOff = 0n8
+0x000 StartDevice : <anonymous-tag>
+0x000 AllocatedResources : Ptr64
+0x008 AllocatedResourcesTranslated : Ptr64
+0x000 WMI : <anonymous-tag>
+0x000 ProviderId : Uint8B
+0x008 DataPath : Ptr64
+0x010 BufferSize : Uint4B
+0x018 Buffer : Ptr64
+0x000 Others : <anonymous-tag>
+0x000 Argument1 : Ptr64
+0x008 Argument2 : Ptr64
+0x010 Argument3 : Ptr64
+0x018 Argument4 : Ptr64
+0x028 DeviceObject : Ptr64
+0x030 FileObject : Ptr64
+0x038 CompletionRoutine : Ptr64
+0x040 Context : Ptr64
+0x040 PacketType : Uint4B
+0x048 OriginalFileObject : Ptr64
+0x050 IrpExtension : Ptr64
+0x000 Apc : _KAPC
+0x000 Type : UChar
+0x001 SpareByte0 : UChar
+0x002 Size : UChar
+0x003 SpareByte1 : UChar
+0x004 SpareLong0 : Uint4B
+0x008 Thread : Ptr64
+0x010 ApcListEntry : _LIST_ENTRY
+0x000 Flink : Ptr64
+0x008 Blink : Ptr64
+0x020 KernelRoutine : Ptr64
+0x028 RundownRoutine : Ptr64
+0x030 NormalRoutine : Ptr64
+0x020 Reserved : Ptr64
+0x038 NormalContext : Ptr64
+0x040 SystemArgument1 : Ptr64
+0x048 SystemArgument2 : Ptr64
+0x050 ApcStateIndex : Char
+0x051 ApcMode : Char
+0x052 Inserted : UChar
+0x000 CompletionKey : Ptr64
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment