HACKE-RC · May 31, 2022 15:04
diff --git a/ETHREAD.c b/ETHREAD.c
 struct _ETHREAD {
  struct _KTHREAD Tcb;
  union _LARGE_INTEGER CreateTime;
  union _LARGE_INTEGER ExitTime;
  struct _LIST_ENTRY KeyedWaitChain;
  void *ChargeOnlySession;
  struct _LIST_ENTRY PostBlockList;
  void *ForwardLinkShadow;
  void *StartAddress;
  struct _TERMINATION_PORT *TerminationPort;
  struct _ETHREAD *ReaperLink;
  void *KeyedWaitValue;
  unsigned int ActiveTimerListLock;
  struct _LIST_ENTRY ActiveTimerListHead;
  struct _CLIENT_ID Cid;
  struct _KSEMAPHORE KeyedWaitSemaphore;
  struct _KSEMAPHORE AlpcWaitSemaphore;
  union _PS_CLIENT_SECURITY_CONTEXT ClientSecurity;
  struct _LIST_ENTRY IrpList;
  unsigned int TopLevelIrp;
  struct _DEVICE_OBJECT *DeviceToVerify;
  void *Win32StartAddress;
  void *LegacyPowerObject;
  struct _LIST_ENTRY ThreadListEntry;
  struct _EX_RUNDOWN_REF RundownProtect;
  struct _EX_PUSH_LOCK ThreadLock;
  unsigned long ReadClusterSize;
  long MmLockOrdering;
  unsigned long CrossThreadFlags;
  unsigned long Terminated : 1;
  unsigned long ThreadInserted : 1;
  unsigned long HideFromDebugger : 1;
  unsigned long ActiveImpersonationInfo : 1;
  unsigned long HardErrorsAreDisabled : 1;
  unsigned long BreakOnTermination : 1;
  unsigned long SkipCreationMsg : 1;
  unsigned long SkipTerminationMsg : 1;
  unsigned long CopyTokenOnOpen : 1;
  unsigned long ThreadIoPriority : 3;
  unsigned long ThreadPagePriority : 3;
  unsigned long RundownFail : 1;
  unsigned long UmsForceQueueTermination : 1;
  unsigned long IndirectCpuSets : 1;
  unsigned long DisableDynamicCodeOptOut : 1;
  unsigned long ExplicitCaseSensitivity : 1;
  unsigned long ReservedCrossThreadFlags : 12;
  unsigned long SameThreadPassiveFlags;
  unsigned long ActiveExWorker : 1;
  unsigned long MemoryMaker : 1;
  unsigned long StoreLockThread : 2;
  unsigned long ClonedThread : 1;
  unsigned long KeyedEventInUse : 1;
  unsigned long SelfTerminate : 1;
  unsigned long RespectIoPriority : 1;
  unsigned long ActivePageLists : 1;
  unsigned long ReservedSameThreadPassiveFlags : 23;
  unsigned long SameThreadApcFlags;
  unsigned int OwnsProcessAddressSpaceExclusive : 1;
  unsigned int OwnsProcessAddressSpaceShared : 1;
  unsigned int HardFaultBehavior : 1;
  unsigned int StartAddressInvalid : 1;
  unsigned int EtwCalloutActive : 1;
  unsigned int SuppressSymbolLoad : 1;
  unsigned int Prefetching : 1;
  unsigned int OwnsVadExclusive : 1;
  unsigned int SystemPagePriorityActive : 1;
  unsigned int SystemPagePriority : 3;
  unsigned int CacheManagerActive;
  unsigned int DisablePageFaultClustering;
  unsigned int ActiveFaultCount;
  unsigned int LockOrderState;
  unsigned int AlpcMessageId;
  void *AlpcMessage;
  unsigned long AlpcReceiveAttributeSet;
  struct _LIST_ENTRY AlpcWaitListEntry;
  long ExitStatus;
  unsigned long CacheManagerCount;
  unsigned long IoBoostCount;
  unsigned long IoQoSBoostCount;
  unsigned long IoQoSThrottleCount;
  struct _LIST_ENTRY BoostList;
  struct _LIST_ENTRY DeboostList;
  unsigned int BoostListLock;
  unsigned int IrpListLock;
  void *ReservedForSynchTracking;
  struct _SINGLE_LIST_ENTRY CmCallbackListHead;
  struct _GUID *ActivityId;
  struct _SINGLE_LIST_ENTRY SeLearningModeListHead;
  void *VerifierContext;
  unsigned long KernelStackReference;
  void *AdjustedClientToken;
  void *WorkOnBehalfThread;
  struct _PS_PROPERTY_SET PropertySet;
  struct _THREAD_ENERGY_VALUES *EnergyValues;
  void *CmDbgInfo;
  unsigned int SelectedCpuSets;
  unsigned int *SelectedCpuSetsIndirect;
  struct _EJOB *Silo;
  struct _UNICODE_STRING *ThreadName;
  unsigned long ReadyTime;
 };
	struct _ETHREAD {
	struct _KTHREAD Tcb;
	union _LARGE_INTEGER CreateTime;
	union _LARGE_INTEGER ExitTime;
	struct _LIST_ENTRY KeyedWaitChain;
	void *ChargeOnlySession;
	struct _LIST_ENTRY PostBlockList;
	void *ForwardLinkShadow;
	void *StartAddress;
	struct _TERMINATION_PORT *TerminationPort;
	struct _ETHREAD *ReaperLink;
	void *KeyedWaitValue;
	unsigned int ActiveTimerListLock;
	struct _LIST_ENTRY ActiveTimerListHead;
	struct _CLIENT_ID Cid;
	struct _KSEMAPHORE KeyedWaitSemaphore;
	struct _KSEMAPHORE AlpcWaitSemaphore;
	union _PS_CLIENT_SECURITY_CONTEXT ClientSecurity;
	struct _LIST_ENTRY IrpList;
	unsigned int TopLevelIrp;
	struct _DEVICE_OBJECT *DeviceToVerify;
	void *Win32StartAddress;
	void *LegacyPowerObject;
	struct _LIST_ENTRY ThreadListEntry;
	struct _EX_RUNDOWN_REF RundownProtect;
	struct _EX_PUSH_LOCK ThreadLock;
	unsigned long ReadClusterSize;
	long MmLockOrdering;
	unsigned long CrossThreadFlags;
	unsigned long Terminated : 1;
	unsigned long ThreadInserted : 1;
	unsigned long HideFromDebugger : 1;
	unsigned long ActiveImpersonationInfo : 1;
	unsigned long HardErrorsAreDisabled : 1;
	unsigned long BreakOnTermination : 1;
	unsigned long SkipCreationMsg : 1;
	unsigned long SkipTerminationMsg : 1;
	unsigned long CopyTokenOnOpen : 1;
	unsigned long ThreadIoPriority : 3;
	unsigned long ThreadPagePriority : 3;
	unsigned long RundownFail : 1;
	unsigned long UmsForceQueueTermination : 1;
	unsigned long IndirectCpuSets : 1;
	unsigned long DisableDynamicCodeOptOut : 1;
	unsigned long ExplicitCaseSensitivity : 1;
	unsigned long ReservedCrossThreadFlags : 12;
	unsigned long SameThreadPassiveFlags;
	unsigned long ActiveExWorker : 1;
	unsigned long MemoryMaker : 1;
	unsigned long StoreLockThread : 2;
	unsigned long ClonedThread : 1;
	unsigned long KeyedEventInUse : 1;
	unsigned long SelfTerminate : 1;
	unsigned long RespectIoPriority : 1;
	unsigned long ActivePageLists : 1;
	unsigned long ReservedSameThreadPassiveFlags : 23;
	unsigned long SameThreadApcFlags;
	unsigned int OwnsProcessAddressSpaceExclusive : 1;
	unsigned int OwnsProcessAddressSpaceShared : 1;
	unsigned int HardFaultBehavior : 1;
	unsigned int StartAddressInvalid : 1;
	unsigned int EtwCalloutActive : 1;
	unsigned int SuppressSymbolLoad : 1;
	unsigned int Prefetching : 1;
	unsigned int OwnsVadExclusive : 1;
	unsigned int SystemPagePriorityActive : 1;
	unsigned int SystemPagePriority : 3;
	unsigned int CacheManagerActive;
	unsigned int DisablePageFaultClustering;
	unsigned int ActiveFaultCount;
	unsigned int LockOrderState;
	unsigned int AlpcMessageId;
	void *AlpcMessage;
	unsigned long AlpcReceiveAttributeSet;
	struct _LIST_ENTRY AlpcWaitListEntry;
	long ExitStatus;
	unsigned long CacheManagerCount;
	unsigned long IoBoostCount;
	unsigned long IoQoSBoostCount;
	unsigned long IoQoSThrottleCount;
	struct _LIST_ENTRY BoostList;
	struct _LIST_ENTRY DeboostList;
	unsigned int BoostListLock;
	unsigned int IrpListLock;
	void *ReservedForSynchTracking;
	struct _SINGLE_LIST_ENTRY CmCallbackListHead;
	struct _GUID *ActivityId;
	struct _SINGLE_LIST_ENTRY SeLearningModeListHead;
	void *VerifierContext;
	unsigned long KernelStackReference;
	void *AdjustedClientToken;
	void *WorkOnBehalfThread;
	struct _PS_PROPERTY_SET PropertySet;
	struct _THREAD_ENERGY_VALUES *EnergyValues;
	void *CmDbgInfo;
	unsigned int SelectedCpuSets;
	unsigned int *SelectedCpuSetsIndirect;
	struct _EJOB *Silo;
	struct _UNICODE_STRING *ThreadName;
	unsigned long ReadyTime;
	};